From 84c5a9ba481d7a33cc0fd0ca43867b61d127d907 Mon Sep 17 00:00:00 2001 From: anonimal Date: Wed, 28 Jun 2017 21:07:24 +0000 Subject: [PATCH] Unbound: remove unbound from in-tree source We'll instead use a git submodule to pull from our unbound repo. --- external/unbound/CMakeLists.txt | 245 - external/unbound/LICENSE | 30 - external/unbound/Makefile.in | 1360 - external/unbound/README | 10 - external/unbound/ac_pkg_swig.m4 | 133 - external/unbound/aclocal.m4 | 9372 ------- external/unbound/acx_nlnetlabs.m4 | 1451 - external/unbound/acx_python.m4 | 114 - external/unbound/ax_pthread.m4 | 332 - external/unbound/compat/arc4_lock.c | 67 - external/unbound/compat/arc4random.c | 236 - external/unbound/compat/arc4random_uniform.c | 57 - external/unbound/compat/chacha_private.h | 222 - external/unbound/compat/ctime_r.c | 42 - external/unbound/compat/explicit_bzero.c | 26 - external/unbound/compat/fake-rfc2553.c | 225 - external/unbound/compat/fake-rfc2553.h | 174 - external/unbound/compat/getentropy_linux.c | 566 - external/unbound/compat/getentropy_osx.c | 432 - external/unbound/compat/getentropy_solaris.c | 441 - external/unbound/compat/getentropy_win.c | 56 - external/unbound/compat/gmtime_r.c | 107 - external/unbound/compat/inet_aton.c | 182 - external/unbound/compat/inet_ntop.c | 218 - external/unbound/compat/inet_pton.c | 230 - external/unbound/compat/isblank.c | 45 - external/unbound/compat/malloc.c | 19 - external/unbound/compat/memcmp.c | 25 - external/unbound/compat/memcmp.h | 16 - external/unbound/compat/memmove.c | 43 - external/unbound/compat/reallocarray.c | 42 - external/unbound/compat/sha512.c | 477 - external/unbound/compat/snprintf.c | 1037 - external/unbound/compat/strlcat.c | 73 - external/unbound/compat/strlcpy.c | 57 - external/unbound/compat/strptime.c | 345 - external/unbound/compat/strsep.c | 65 - external/unbound/config.guess | 1558 -- external/unbound/config.h.cmake.in | 1205 - external/unbound/config.h.in | 1202 - external/unbound/config.sub | 1791 -- external/unbound/configure | 22640 ---------------- external/unbound/configure.ac | 1650 -- external/unbound/configure_checks.cmake | 237 - external/unbound/contrib/README | 33 - .../contrib/aaaa-filter-iterator.patch | 413 - .../build-unbound-localzone-from-hosts.pl | 67 - .../contrib/create_unbound_ad_servers.cmd | 33 - .../contrib/create_unbound_ad_servers.sh | 39 - external/unbound/contrib/parseunbound.pl | 140 - .../unbound/contrib/patch_rsamd5_enable.diff | 22 - external/unbound/contrib/rc_d_unbound | 25 - external/unbound/contrib/selinux/unbound.fc | 4 - external/unbound/contrib/selinux/unbound.te | 42 - .../unbound/contrib/unbound-host.nagios.patch | 134 - external/unbound/contrib/unbound.init | 139 - external/unbound/contrib/unbound.init_fedora | 119 - external/unbound/contrib/unbound.plist | 42 - external/unbound/contrib/unbound.spec | 112 - external/unbound/contrib/unbound.spec_fedora | 433 - external/unbound/contrib/unbound_cache.cmd | 105 - external/unbound/contrib/unbound_cache.sh | 174 - external/unbound/contrib/unbound_cacti.tar.gz | Bin 73220 -> 0 bytes external/unbound/contrib/unbound_munin_ | 559 - external/unbound/contrib/unbound_smf22.tar.gz | Bin 4579 -> 0 bytes external/unbound/contrib/update-anchor.sh | 158 - .../unbound/contrib/validation-reporter.sh | 117 - external/unbound/contrib/warmup.cmd | 153 - external/unbound/contrib/warmup.sh | 150 - external/unbound/daemon/acl_list.c | 487 - external/unbound/daemon/acl_list.h | 155 - external/unbound/daemon/cachedump.c | 898 - external/unbound/daemon/cachedump.h | 107 - external/unbound/daemon/daemon.c | 795 - external/unbound/daemon/daemon.h | 183 - external/unbound/daemon/remote.c | 3050 --- external/unbound/daemon/remote.h | 191 - external/unbound/daemon/stats.c | 343 - external/unbound/daemon/stats.h | 262 - external/unbound/daemon/unbound.c | 738 - external/unbound/daemon/worker.c | 1883 -- external/unbound/daemon/worker.h | 178 - external/unbound/dns64/dns64.c | 854 - external/unbound/dns64/dns64.h | 71 - external/unbound/dnscrypt/cert.h | 32 - external/unbound/dnscrypt/dnscrypt.c | 531 - external/unbound/dnscrypt/dnscrypt.h | 102 - external/unbound/dnscrypt/dnscrypt.m4 | 25 - external/unbound/dnscrypt/dnscrypt_config.h | 17 - external/unbound/dnstap/dnstap.c | 518 - external/unbound/dnstap/dnstap.h | 188 - external/unbound/dnstap/dnstap.m4 | 56 - external/unbound/dnstap/dnstap.proto | 262 - external/unbound/dnstap/dnstap_config.h.in | 17 - external/unbound/doc/CREDITS | 23 - external/unbound/doc/Changelog | 7114 ----- external/unbound/doc/FEATURES | 103 - external/unbound/doc/LICENSE | 30 - external/unbound/doc/README | 149 - external/unbound/doc/README.DNS64 | 30 - external/unbound/doc/README.svn | 17 - external/unbound/doc/README.tests | 24 - external/unbound/doc/TODO | 76 - external/unbound/doc/control_proto_spec.txt | 70 - external/unbound/doc/example.conf.in | 809 - external/unbound/doc/ietf67-design-02.odp | Bin 331531 -> 0 bytes external/unbound/doc/ietf67-design-02.pdf | Bin 630129 -> 0 bytes external/unbound/doc/libunbound.3.in | 415 - external/unbound/doc/requirements.txt | 294 - external/unbound/doc/unbound-anchor.8.in | 177 - external/unbound/doc/unbound-checkconf.8.in | 52 - external/unbound/doc/unbound-control.8.in | 555 - external/unbound/doc/unbound-host.1.in | 116 - external/unbound/doc/unbound.8.in | 79 - external/unbound/doc/unbound.conf.5.in | 1578 -- external/unbound/doc/unbound.doxygen | 1650 -- external/unbound/install-sh | 501 - external/unbound/iterator/iter_delegpt.c | 648 - external/unbound/iterator/iter_delegpt.h | 419 - external/unbound/iterator/iter_donotq.c | 153 - external/unbound/iterator/iter_donotq.h | 101 - external/unbound/iterator/iter_fwd.c | 509 - external/unbound/iterator/iter_fwd.h | 199 - external/unbound/iterator/iter_hints.c | 546 - external/unbound/iterator/iter_hints.h | 161 - external/unbound/iterator/iter_priv.c | 296 - external/unbound/iterator/iter_priv.h | 112 - external/unbound/iterator/iter_resptype.c | 287 - external/unbound/iterator/iter_resptype.h | 127 - external/unbound/iterator/iter_scrub.c | 792 - external/unbound/iterator/iter_scrub.h | 69 - external/unbound/iterator/iter_utils.c | 1170 - external/unbound/iterator/iter_utils.h | 368 - external/unbound/iterator/iterator.c | 3432 --- external/unbound/iterator/iterator.h | 449 - external/unbound/libunbound/context.c | 402 - external/unbound/libunbound/context.h | 352 - external/unbound/libunbound/libunbound.c | 1382 - external/unbound/libunbound/libworker.c | 1031 - external/unbound/libunbound/libworker.h | 152 - external/unbound/libunbound/python/LICENSE | 28 - external/unbound/libunbound/python/Makefile | 72 - .../libunbound/python/doc/_static/readme | 1 - .../unbound/libunbound/python/doc/conf.py | 184 - .../python/doc/examples/example1a.rst | 33 - .../python/doc/examples/example1b.rst | 37 - .../python/doc/examples/example2.rst | 41 - .../python/doc/examples/example3.rst | 39 - .../python/doc/examples/example4.rst | 36 - .../python/doc/examples/example5.rst | 34 - .../python/doc/examples/example6-1.py | 27 - .../python/doc/examples/example6.rst | 13 - .../python/doc/examples/example7-1.py | 17 - .../python/doc/examples/example7-2.py | 16 - .../python/doc/examples/example7.rst | 33 - .../python/doc/examples/example8-1.py | 31 - .../python/doc/examples/example8.rst | 34 - .../libunbound/python/doc/examples/index.rst | 16 - .../unbound/libunbound/python/doc/index.rst | 27 - .../unbound/libunbound/python/doc/install.rst | 38 - .../unbound/libunbound/python/doc/intro.rst | 58 - .../libunbound/python/doc/modules/unbound.rst | 167 - .../python/examples/async-lookup.py | 57 - .../libunbound/python/examples/dns-lookup.py | 45 - .../python/examples/dnssec-valid.py | 60 - .../libunbound/python/examples/dnssec_test.py | 36 - .../libunbound/python/examples/example8-1.py | 62 - .../libunbound/python/examples/idn-lookup.py | 63 - .../libunbound/python/examples/mx-lookup.py | 54 - .../libunbound/python/examples/ns-lookup.py | 48 - .../python/examples/reverse-lookup.py | 44 - external/unbound/libunbound/python/file_py3.i | 155 - .../unbound/libunbound/python/libunbound.i | 959 - external/unbound/libunbound/ubsyms.def | 35 - external/unbound/libunbound/unbound-event.h | 264 - external/unbound/libunbound/unbound.h | 608 - external/unbound/libunbound/worker.h | 175 - external/unbound/ltmain.sh | 11147 -------- external/unbound/makedist.sh | 460 - external/unbound/pythonmod/LICENSE | 28 - external/unbound/pythonmod/Makefile | 58 - external/unbound/pythonmod/doc/_static/readme | 1 - external/unbound/pythonmod/doc/conf.py | 182 - .../pythonmod/doc/examples/example0-1.py | 34 - .../pythonmod/doc/examples/example0.rst | 129 - .../pythonmod/doc/examples/example1.rst | 46 - .../pythonmod/doc/examples/example2.rst | 49 - .../pythonmod/doc/examples/example3.rst | 63 - .../pythonmod/doc/examples/example4.rst | 178 - .../pythonmod/doc/examples/example5.rst | 191 - .../pythonmod/doc/examples/example6.rst | 299 - .../unbound/pythonmod/doc/examples/index.rst | 16 - external/unbound/pythonmod/doc/index.rst | 34 - external/unbound/pythonmod/doc/install.rst | 65 - .../unbound/pythonmod/doc/modules/config.rst | 350 - .../unbound/pythonmod/doc/modules/env.rst | 412 - .../pythonmod/doc/modules/functions.rst | 227 - .../unbound/pythonmod/doc/modules/index.rst | 11 - .../unbound/pythonmod/doc/modules/struct.rst | 516 - external/unbound/pythonmod/doc/usecase.rst | 38 - external/unbound/pythonmod/examples/calc.py | 77 - external/unbound/pythonmod/examples/dict.py | 121 - .../unbound/pythonmod/examples/dict_data.txt | 6 - external/unbound/pythonmod/examples/log.py | 119 - external/unbound/pythonmod/examples/resgen.py | 73 - external/unbound/pythonmod/examples/resip.py | 96 - external/unbound/pythonmod/examples/resmod.py | 88 - external/unbound/pythonmod/interface.i | 1446 - external/unbound/pythonmod/pythonmod.c | 411 - external/unbound/pythonmod/pythonmod.h | 76 - external/unbound/pythonmod/pythonmod_utils.c | 194 - external/unbound/pythonmod/pythonmod_utils.h | 93 - external/unbound/pythonmod/test-calc.conf | 18 - external/unbound/pythonmod/test-dict.conf | 18 - external/unbound/pythonmod/test-edns.conf | 17 - .../pythonmod/test-inplace_callbacks.conf | 17 - external/unbound/pythonmod/test-log.conf | 17 - external/unbound/pythonmod/test-resgen.conf | 18 - external/unbound/pythonmod/test-resip.conf | 18 - external/unbound/pythonmod/test-resmod.conf | 19 - external/unbound/pythonmod/ubmodule-msg.py | 156 - external/unbound/pythonmod/ubmodule-tst.py | 149 - external/unbound/respip/respip.c | 1179 - external/unbound/respip/respip.h | 230 - external/unbound/services/cache/dns.c | 910 - external/unbound/services/cache/dns.h | 211 - external/unbound/services/cache/infra.c | 997 - external/unbound/services/cache/infra.h | 462 - external/unbound/services/cache/rrset.c | 419 - external/unbound/services/cache/rrset.h | 231 - external/unbound/services/listen_dnsport.c | 1435 - external/unbound/services/listen_dnsport.h | 236 - external/unbound/services/localzone.c | 1846 -- external/unbound/services/localzone.h | 500 - external/unbound/services/mesh.c | 1502 - external/unbound/services/mesh.h | 607 - external/unbound/services/modstack.c | 236 - external/unbound/services/modstack.h | 113 - external/unbound/services/outbound_list.c | 89 - external/unbound/services/outbound_list.h | 105 - external/unbound/services/outside_network.c | 2183 -- external/unbound/services/outside_network.h | 567 - external/unbound/services/view.c | 212 - external/unbound/services/view.h | 137 - external/unbound/sldns/keyraw.c | 408 - external/unbound/sldns/keyraw.h | 112 - external/unbound/sldns/parse.c | 470 - external/unbound/sldns/parse.h | 184 - external/unbound/sldns/parseutil.c | 726 - external/unbound/sldns/parseutil.h | 148 - external/unbound/sldns/pkthdr.h | 158 - external/unbound/sldns/rrdef.c | 736 - external/unbound/sldns/rrdef.h | 510 - external/unbound/sldns/sbuffer.c | 191 - external/unbound/sldns/sbuffer.h | 804 - external/unbound/sldns/str2wire.c | 2023 -- external/unbound/sldns/str2wire.h | 541 - external/unbound/sldns/wire2str.c | 2006 -- external/unbound/sldns/wire2str.h | 995 - external/unbound/smallapp/unbound-anchor.c | 2346 -- external/unbound/smallapp/unbound-checkconf.c | 619 - .../smallapp/unbound-control-setup.sh.in | 160 - external/unbound/smallapp/unbound-control.c | 791 - external/unbound/smallapp/unbound-host.c | 497 - external/unbound/smallapp/worker_cb.c | 250 - external/unbound/testcode/asynclook.c | 528 - external/unbound/testcode/checklocks.c | 859 - external/unbound/testcode/checklocks.h | 343 - external/unbound/testcode/delayer.c | 1185 - external/unbound/testcode/do-tests.sh | 63 - external/unbound/testcode/fake_event.c | 1423 - external/unbound/testcode/fake_event.h | 75 - external/unbound/testcode/lock_verify.c | 426 - external/unbound/testcode/memstats.c | 249 - external/unbound/testcode/mini_tpkg.sh | 128 - external/unbound/testcode/perf.c | 654 - external/unbound/testcode/petal.c | 669 - external/unbound/testcode/pktview.c | 202 - external/unbound/testcode/readhex.c | 85 - external/unbound/testcode/readhex.h | 52 - external/unbound/testcode/replay.c | 1034 - external/unbound/testcode/replay.h | 458 - external/unbound/testcode/run_vm.sh | 78 - external/unbound/testcode/signit.c | 284 - external/unbound/testcode/streamtcp.1 | 66 - external/unbound/testcode/streamtcp.c | 431 - external/unbound/testcode/testbound.c | 470 - external/unbound/testcode/testpkts.c | 1697 -- external/unbound/testcode/testpkts.h | 290 - external/unbound/testcode/unitanchor.c | 137 - external/unbound/testcode/unitdname.c | 861 - external/unbound/testcode/unitecs.c | 284 - external/unbound/testcode/unitldns.c | 218 - external/unbound/testcode/unitlruhash.c | 499 - external/unbound/testcode/unitmain.c | 919 - external/unbound/testcode/unitmain.h | 82 - external/unbound/testcode/unitmsgparse.c | 542 - external/unbound/testcode/unitneg.c | 543 - external/unbound/testcode/unitregional.c | 244 - external/unbound/testcode/unitslabhash.c | 376 - external/unbound/testcode/unitverify.c | 545 - external/unbound/util/alloc.c | 654 - external/unbound/util/alloc.h | 217 - external/unbound/util/as112.c | 143 - external/unbound/util/as112.h | 57 - external/unbound/util/config_file.c | 2056 -- external/unbound/util/config_file.h | 1009 - external/unbound/util/configlexer.c | 5212 ---- external/unbound/util/configlexer.lex | 513 - external/unbound/util/configparser.c | 5131 ---- external/unbound/util/configparser.h | 484 - external/unbound/util/configparser.y | 2282 -- external/unbound/util/configyyrename.h | 88 - external/unbound/util/data/dname.c | 788 - external/unbound/util/data/dname.h | 305 - external/unbound/util/data/msgencode.c | 916 - external/unbound/util/data/msgencode.h | 131 - external/unbound/util/data/msgparse.c | 1093 - external/unbound/util/data/msgparse.h | 334 - external/unbound/util/data/msgreply.c | 1206 - external/unbound/util/data/msgreply.h | 674 - external/unbound/util/data/packed_rrset.c | 387 - external/unbound/util/data/packed_rrset.h | 445 - external/unbound/util/fptr_wlist.c | 532 - external/unbound/util/fptr_wlist.h | 391 - external/unbound/util/iana_ports.inc | 5465 ---- external/unbound/util/locks.c | 264 - external/unbound/util/locks.h | 313 - external/unbound/util/log.c | 493 - external/unbound/util/log.h | 207 - external/unbound/util/mini_event.c | 391 - external/unbound/util/mini_event.h | 192 - external/unbound/util/module.c | 238 - external/unbound/util/module.h | 778 - external/unbound/util/net_help.c | 840 - external/unbound/util/net_help.h | 393 - external/unbound/util/netevent.c | 2410 -- external/unbound/util/netevent.h | 731 - external/unbound/util/random.c | 233 - external/unbound/util/random.h | 93 - external/unbound/util/rbtree.c | 626 - external/unbound/util/rbtree.h | 192 - external/unbound/util/regional.c | 223 - external/unbound/util/regional.h | 150 - external/unbound/util/rtt.c | 121 - external/unbound/util/rtt.h | 107 - external/unbound/util/shm_side/shm_main.c | 286 - external/unbound/util/shm_side/shm_main.h | 86 - external/unbound/util/storage/dnstree.c | 295 - external/unbound/util/storage/dnstree.h | 203 - external/unbound/util/storage/lookup3.c | 1032 - external/unbound/util/storage/lookup3.h | 71 - external/unbound/util/storage/lruhash.c | 631 - external/unbound/util/storage/lruhash.h | 446 - external/unbound/util/storage/slabhash.c | 231 - external/unbound/util/storage/slabhash.h | 218 - external/unbound/util/timehist.c | 247 - external/unbound/util/timehist.h | 134 - external/unbound/util/tube.c | 731 - external/unbound/util/tube.h | 272 - external/unbound/util/ub_event.c | 444 - external/unbound/util/ub_event.h | 127 - external/unbound/util/ub_event_pluggable.c | 692 - external/unbound/util/winsock_event.c | 694 - external/unbound/util/winsock_event.h | 279 - external/unbound/validator/autotrust.c | 2416 -- external/unbound/validator/autotrust.h | 208 - external/unbound/validator/val_anchor.c | 1311 - external/unbound/validator/val_anchor.h | 230 - external/unbound/validator/val_kcache.c | 172 - external/unbound/validator/val_kcache.h | 118 - external/unbound/validator/val_kentry.c | 413 - external/unbound/validator/val_kentry.h | 220 - external/unbound/validator/val_neg.c | 1470 - external/unbound/validator/val_neg.h | 315 - external/unbound/validator/val_nsec.c | 624 - external/unbound/validator/val_nsec.h | 182 - external/unbound/validator/val_nsec3.c | 1434 - external/unbound/validator/val_nsec3.h | 380 - external/unbound/validator/val_secalgo.c | 1753 -- external/unbound/validator/val_secalgo.h | 107 - external/unbound/validator/val_sigcrypt.c | 1451 - external/unbound/validator/val_sigcrypt.h | 323 - external/unbound/validator/val_utils.c | 1151 - external/unbound/validator/val_utils.h | 410 - external/unbound/validator/validator.c | 3079 --- external/unbound/validator/validator.h | 294 - external/unbound/winrc/README.txt | 100 - external/unbound/winrc/anchor-update.c | 152 - external/unbound/winrc/combined.ico | Bin 10534 -> 0 bytes external/unbound/winrc/gen_msg.bin | Bin 116 -> 0 bytes external/unbound/winrc/gen_msg.mc | 44 - external/unbound/winrc/rsrc_anchorupd.rc | 40 - external/unbound/winrc/rsrc_svcinst.rc | 45 - external/unbound/winrc/rsrc_svcuninst.rc | 45 - external/unbound/winrc/rsrc_unbound.rc | 48 - external/unbound/winrc/rsrc_unbound_anchor.rc | 37 - .../unbound/winrc/rsrc_unbound_checkconf.rc | 37 - .../unbound/winrc/rsrc_unbound_control.rc | 37 - external/unbound/winrc/rsrc_unbound_host.rc | 37 - external/unbound/winrc/service.conf | 13 - external/unbound/winrc/setup.nsi | 210 - external/unbound/winrc/setup_left.bmp | Bin 154542 -> 0 bytes external/unbound/winrc/setup_top.bmp | Bin 25818 -> 0 bytes .../unbound/winrc/unbound-control-setup.cmd | 164 - .../unbound/winrc/unbound-service-install.c | 65 - .../unbound/winrc/unbound-service-remove.c | 65 - external/unbound/winrc/unbound-website.url | 3 - external/unbound/winrc/unbound16.ico | Bin 894 -> 0 bytes external/unbound/winrc/unbound32.ico | Bin 3262 -> 0 bytes external/unbound/winrc/unbound48.ico | Bin 7358 -> 0 bytes external/unbound/winrc/unbound64.ico | Bin 12862 -> 0 bytes external/unbound/winrc/unbound64.png | Bin 6240 -> 0 bytes external/unbound/winrc/vista_admin.manifest | 35 - external/unbound/winrc/vista_user.manifest | 16 - external/unbound/winrc/w_inst.c | 321 - external/unbound/winrc/w_inst.h | 80 - external/unbound/winrc/win_svc.c | 622 - external/unbound/winrc/win_svc.h | 90 - 419 files changed, 225533 deletions(-) delete mode 100644 external/unbound/CMakeLists.txt delete mode 100644 external/unbound/LICENSE delete mode 100644 external/unbound/Makefile.in delete mode 100644 external/unbound/README delete mode 100644 external/unbound/ac_pkg_swig.m4 delete mode 100644 external/unbound/aclocal.m4 delete mode 100644 external/unbound/acx_nlnetlabs.m4 delete mode 100644 external/unbound/acx_python.m4 delete mode 100644 external/unbound/ax_pthread.m4 delete mode 100644 external/unbound/compat/arc4_lock.c delete mode 100644 external/unbound/compat/arc4random.c delete mode 100644 external/unbound/compat/arc4random_uniform.c delete mode 100644 external/unbound/compat/chacha_private.h delete mode 100644 external/unbound/compat/ctime_r.c delete mode 100644 external/unbound/compat/explicit_bzero.c delete mode 100644 external/unbound/compat/fake-rfc2553.c delete mode 100644 external/unbound/compat/fake-rfc2553.h delete mode 100644 external/unbound/compat/getentropy_linux.c delete mode 100644 external/unbound/compat/getentropy_osx.c delete mode 100644 external/unbound/compat/getentropy_solaris.c delete mode 100644 external/unbound/compat/getentropy_win.c delete mode 100644 external/unbound/compat/gmtime_r.c delete mode 100644 external/unbound/compat/inet_aton.c delete mode 100644 external/unbound/compat/inet_ntop.c delete mode 100644 external/unbound/compat/inet_pton.c delete mode 100644 external/unbound/compat/isblank.c delete mode 100644 external/unbound/compat/malloc.c delete mode 100644 external/unbound/compat/memcmp.c delete mode 100644 external/unbound/compat/memcmp.h delete mode 100644 external/unbound/compat/memmove.c delete mode 100644 external/unbound/compat/reallocarray.c delete mode 100644 external/unbound/compat/sha512.c delete mode 100644 external/unbound/compat/snprintf.c delete mode 100644 external/unbound/compat/strlcat.c delete mode 100644 external/unbound/compat/strlcpy.c delete mode 100644 external/unbound/compat/strptime.c delete mode 100644 external/unbound/compat/strsep.c delete mode 100755 external/unbound/config.guess delete mode 100644 external/unbound/config.h.cmake.in delete mode 100644 external/unbound/config.h.in delete mode 100755 external/unbound/config.sub delete mode 100755 external/unbound/configure delete mode 100644 external/unbound/configure.ac delete mode 100644 external/unbound/configure_checks.cmake delete mode 100644 external/unbound/contrib/README delete mode 100644 external/unbound/contrib/aaaa-filter-iterator.patch delete mode 100644 external/unbound/contrib/build-unbound-localzone-from-hosts.pl delete mode 100644 external/unbound/contrib/create_unbound_ad_servers.cmd delete mode 100644 external/unbound/contrib/create_unbound_ad_servers.sh delete mode 100644 external/unbound/contrib/parseunbound.pl delete mode 100644 external/unbound/contrib/patch_rsamd5_enable.diff delete mode 100755 external/unbound/contrib/rc_d_unbound delete mode 100644 external/unbound/contrib/selinux/unbound.fc delete mode 100644 external/unbound/contrib/selinux/unbound.te delete mode 100644 external/unbound/contrib/unbound-host.nagios.patch delete mode 100644 external/unbound/contrib/unbound.init delete mode 100644 external/unbound/contrib/unbound.init_fedora delete mode 100644 external/unbound/contrib/unbound.plist delete mode 100644 external/unbound/contrib/unbound.spec delete mode 100644 external/unbound/contrib/unbound.spec_fedora delete mode 100644 external/unbound/contrib/unbound_cache.cmd delete mode 100644 external/unbound/contrib/unbound_cache.sh delete mode 100644 external/unbound/contrib/unbound_cacti.tar.gz delete mode 100755 external/unbound/contrib/unbound_munin_ delete mode 100644 external/unbound/contrib/unbound_smf22.tar.gz delete mode 100755 external/unbound/contrib/update-anchor.sh delete mode 100755 external/unbound/contrib/validation-reporter.sh delete mode 100644 external/unbound/contrib/warmup.cmd delete mode 100644 external/unbound/contrib/warmup.sh delete mode 100644 external/unbound/daemon/acl_list.c delete mode 100644 external/unbound/daemon/acl_list.h delete mode 100644 external/unbound/daemon/cachedump.c delete mode 100644 external/unbound/daemon/cachedump.h delete mode 100644 external/unbound/daemon/daemon.c delete mode 100644 external/unbound/daemon/daemon.h delete mode 100644 external/unbound/daemon/remote.c delete mode 100644 external/unbound/daemon/remote.h delete mode 100644 external/unbound/daemon/stats.c delete mode 100644 external/unbound/daemon/stats.h delete mode 100644 external/unbound/daemon/unbound.c delete mode 100644 external/unbound/daemon/worker.c delete mode 100644 external/unbound/daemon/worker.h delete mode 100644 external/unbound/dns64/dns64.c delete mode 100644 external/unbound/dns64/dns64.h delete mode 100644 external/unbound/dnscrypt/cert.h delete mode 100644 external/unbound/dnscrypt/dnscrypt.c delete mode 100644 external/unbound/dnscrypt/dnscrypt.h delete mode 100644 external/unbound/dnscrypt/dnscrypt.m4 delete mode 100644 external/unbound/dnscrypt/dnscrypt_config.h delete mode 100644 external/unbound/dnstap/dnstap.c delete mode 100644 external/unbound/dnstap/dnstap.h delete mode 100644 external/unbound/dnstap/dnstap.m4 delete mode 100644 external/unbound/dnstap/dnstap.proto delete mode 100644 external/unbound/dnstap/dnstap_config.h.in delete mode 100644 external/unbound/doc/CREDITS delete mode 100644 external/unbound/doc/Changelog delete mode 100644 external/unbound/doc/FEATURES delete mode 100644 external/unbound/doc/LICENSE delete mode 100644 external/unbound/doc/README delete mode 100644 external/unbound/doc/README.DNS64 delete mode 100644 external/unbound/doc/README.svn delete mode 100644 external/unbound/doc/README.tests delete mode 100644 external/unbound/doc/TODO delete mode 100644 external/unbound/doc/control_proto_spec.txt delete mode 100644 external/unbound/doc/example.conf.in delete mode 100644 external/unbound/doc/ietf67-design-02.odp delete mode 100644 external/unbound/doc/ietf67-design-02.pdf delete mode 100644 external/unbound/doc/libunbound.3.in delete mode 100644 external/unbound/doc/requirements.txt delete mode 100644 external/unbound/doc/unbound-anchor.8.in delete mode 100644 external/unbound/doc/unbound-checkconf.8.in delete mode 100644 external/unbound/doc/unbound-control.8.in delete mode 100644 external/unbound/doc/unbound-host.1.in delete mode 100644 external/unbound/doc/unbound.8.in delete mode 100644 external/unbound/doc/unbound.conf.5.in delete mode 100644 external/unbound/doc/unbound.doxygen delete mode 100755 external/unbound/install-sh delete mode 100644 external/unbound/iterator/iter_delegpt.c delete mode 100644 external/unbound/iterator/iter_delegpt.h delete mode 100644 external/unbound/iterator/iter_donotq.c delete mode 100644 external/unbound/iterator/iter_donotq.h delete mode 100644 external/unbound/iterator/iter_fwd.c delete mode 100644 external/unbound/iterator/iter_fwd.h delete mode 100644 external/unbound/iterator/iter_hints.c delete mode 100644 external/unbound/iterator/iter_hints.h delete mode 100644 external/unbound/iterator/iter_priv.c delete mode 100644 external/unbound/iterator/iter_priv.h delete mode 100644 external/unbound/iterator/iter_resptype.c delete mode 100644 external/unbound/iterator/iter_resptype.h delete mode 100644 external/unbound/iterator/iter_scrub.c delete mode 100644 external/unbound/iterator/iter_scrub.h delete mode 100644 external/unbound/iterator/iter_utils.c delete mode 100644 external/unbound/iterator/iter_utils.h delete mode 100644 external/unbound/iterator/iterator.c delete mode 100644 external/unbound/iterator/iterator.h delete mode 100644 external/unbound/libunbound/context.c delete mode 100644 external/unbound/libunbound/context.h delete mode 100644 external/unbound/libunbound/libunbound.c delete mode 100644 external/unbound/libunbound/libworker.c delete mode 100644 external/unbound/libunbound/libworker.h delete mode 100644 external/unbound/libunbound/python/LICENSE delete mode 100644 external/unbound/libunbound/python/Makefile delete mode 100644 external/unbound/libunbound/python/doc/_static/readme delete mode 100644 external/unbound/libunbound/python/doc/conf.py delete mode 100644 external/unbound/libunbound/python/doc/examples/example1a.rst delete mode 100644 external/unbound/libunbound/python/doc/examples/example1b.rst delete mode 100644 external/unbound/libunbound/python/doc/examples/example2.rst delete mode 100644 external/unbound/libunbound/python/doc/examples/example3.rst delete mode 100644 external/unbound/libunbound/python/doc/examples/example4.rst delete mode 100644 external/unbound/libunbound/python/doc/examples/example5.rst delete mode 100644 external/unbound/libunbound/python/doc/examples/example6-1.py delete mode 100644 external/unbound/libunbound/python/doc/examples/example6.rst delete mode 100644 external/unbound/libunbound/python/doc/examples/example7-1.py delete mode 100644 external/unbound/libunbound/python/doc/examples/example7-2.py delete mode 100644 external/unbound/libunbound/python/doc/examples/example7.rst delete mode 100644 external/unbound/libunbound/python/doc/examples/example8-1.py delete mode 100644 external/unbound/libunbound/python/doc/examples/example8.rst delete mode 100644 external/unbound/libunbound/python/doc/examples/index.rst delete mode 100644 external/unbound/libunbound/python/doc/index.rst delete mode 100644 external/unbound/libunbound/python/doc/install.rst delete mode 100644 external/unbound/libunbound/python/doc/intro.rst delete mode 100644 external/unbound/libunbound/python/doc/modules/unbound.rst delete mode 100644 external/unbound/libunbound/python/examples/async-lookup.py delete mode 100644 external/unbound/libunbound/python/examples/dns-lookup.py delete mode 100644 external/unbound/libunbound/python/examples/dnssec-valid.py delete mode 100644 external/unbound/libunbound/python/examples/dnssec_test.py delete mode 100644 external/unbound/libunbound/python/examples/example8-1.py delete mode 100644 external/unbound/libunbound/python/examples/idn-lookup.py delete mode 100644 external/unbound/libunbound/python/examples/mx-lookup.py delete mode 100644 external/unbound/libunbound/python/examples/ns-lookup.py delete mode 100644 external/unbound/libunbound/python/examples/reverse-lookup.py delete mode 100644 external/unbound/libunbound/python/file_py3.i delete mode 100644 external/unbound/libunbound/python/libunbound.i delete mode 100644 external/unbound/libunbound/ubsyms.def delete mode 100644 external/unbound/libunbound/unbound-event.h delete mode 100644 external/unbound/libunbound/unbound.h delete mode 100644 external/unbound/libunbound/worker.h delete mode 100644 external/unbound/ltmain.sh delete mode 100755 external/unbound/makedist.sh delete mode 100644 external/unbound/pythonmod/LICENSE delete mode 100644 external/unbound/pythonmod/Makefile delete mode 100644 external/unbound/pythonmod/doc/_static/readme delete mode 100644 external/unbound/pythonmod/doc/conf.py delete mode 100644 external/unbound/pythonmod/doc/examples/example0-1.py delete mode 100644 external/unbound/pythonmod/doc/examples/example0.rst delete mode 100644 external/unbound/pythonmod/doc/examples/example1.rst delete mode 100644 external/unbound/pythonmod/doc/examples/example2.rst delete mode 100644 external/unbound/pythonmod/doc/examples/example3.rst delete mode 100644 external/unbound/pythonmod/doc/examples/example4.rst delete mode 100644 external/unbound/pythonmod/doc/examples/example5.rst delete mode 100644 external/unbound/pythonmod/doc/examples/example6.rst delete mode 100644 external/unbound/pythonmod/doc/examples/index.rst delete mode 100644 external/unbound/pythonmod/doc/index.rst delete mode 100644 external/unbound/pythonmod/doc/install.rst delete mode 100644 external/unbound/pythonmod/doc/modules/config.rst delete mode 100644 external/unbound/pythonmod/doc/modules/env.rst delete mode 100644 external/unbound/pythonmod/doc/modules/functions.rst delete mode 100644 external/unbound/pythonmod/doc/modules/index.rst delete mode 100644 external/unbound/pythonmod/doc/modules/struct.rst delete mode 100644 external/unbound/pythonmod/doc/usecase.rst delete mode 100644 external/unbound/pythonmod/examples/calc.py delete mode 100644 external/unbound/pythonmod/examples/dict.py delete mode 100644 external/unbound/pythonmod/examples/dict_data.txt delete mode 100644 external/unbound/pythonmod/examples/log.py delete mode 100644 external/unbound/pythonmod/examples/resgen.py delete mode 100644 external/unbound/pythonmod/examples/resip.py delete mode 100644 external/unbound/pythonmod/examples/resmod.py delete mode 100644 external/unbound/pythonmod/interface.i delete mode 100644 external/unbound/pythonmod/pythonmod.c delete mode 100644 external/unbound/pythonmod/pythonmod.h delete mode 100644 external/unbound/pythonmod/pythonmod_utils.c delete mode 100644 external/unbound/pythonmod/pythonmod_utils.h delete mode 100644 external/unbound/pythonmod/test-calc.conf delete mode 100644 external/unbound/pythonmod/test-dict.conf delete mode 100644 external/unbound/pythonmod/test-edns.conf delete mode 100644 external/unbound/pythonmod/test-inplace_callbacks.conf delete mode 100644 external/unbound/pythonmod/test-log.conf delete mode 100644 external/unbound/pythonmod/test-resgen.conf delete mode 100644 external/unbound/pythonmod/test-resip.conf delete mode 100644 external/unbound/pythonmod/test-resmod.conf delete mode 100644 external/unbound/pythonmod/ubmodule-msg.py delete mode 100644 external/unbound/pythonmod/ubmodule-tst.py delete mode 100644 external/unbound/respip/respip.c delete mode 100644 external/unbound/respip/respip.h delete mode 100644 external/unbound/services/cache/dns.c delete mode 100644 external/unbound/services/cache/dns.h delete mode 100644 external/unbound/services/cache/infra.c delete mode 100644 external/unbound/services/cache/infra.h delete mode 100644 external/unbound/services/cache/rrset.c delete mode 100644 external/unbound/services/cache/rrset.h delete mode 100644 external/unbound/services/listen_dnsport.c delete mode 100644 external/unbound/services/listen_dnsport.h delete mode 100644 external/unbound/services/localzone.c delete mode 100644 external/unbound/services/localzone.h delete mode 100644 external/unbound/services/mesh.c delete mode 100644 external/unbound/services/mesh.h delete mode 100644 external/unbound/services/modstack.c delete mode 100644 external/unbound/services/modstack.h delete mode 100644 external/unbound/services/outbound_list.c delete mode 100644 external/unbound/services/outbound_list.h delete mode 100644 external/unbound/services/outside_network.c delete mode 100644 external/unbound/services/outside_network.h delete mode 100644 external/unbound/services/view.c delete mode 100644 external/unbound/services/view.h delete mode 100644 external/unbound/sldns/keyraw.c delete mode 100644 external/unbound/sldns/keyraw.h delete mode 100644 external/unbound/sldns/parse.c delete mode 100644 external/unbound/sldns/parse.h delete mode 100644 external/unbound/sldns/parseutil.c delete mode 100644 external/unbound/sldns/parseutil.h delete mode 100644 external/unbound/sldns/pkthdr.h delete mode 100644 external/unbound/sldns/rrdef.c delete mode 100644 external/unbound/sldns/rrdef.h delete mode 100644 external/unbound/sldns/sbuffer.c delete mode 100644 external/unbound/sldns/sbuffer.h delete mode 100644 external/unbound/sldns/str2wire.c delete mode 100644 external/unbound/sldns/str2wire.h delete mode 100644 external/unbound/sldns/wire2str.c delete mode 100644 external/unbound/sldns/wire2str.h delete mode 100644 external/unbound/smallapp/unbound-anchor.c delete mode 100644 external/unbound/smallapp/unbound-checkconf.c delete mode 100644 external/unbound/smallapp/unbound-control-setup.sh.in delete mode 100644 external/unbound/smallapp/unbound-control.c delete mode 100644 external/unbound/smallapp/unbound-host.c delete mode 100644 external/unbound/smallapp/worker_cb.c delete mode 100644 external/unbound/testcode/asynclook.c delete mode 100644 external/unbound/testcode/checklocks.c delete mode 100644 external/unbound/testcode/checklocks.h delete mode 100644 external/unbound/testcode/delayer.c delete mode 100755 external/unbound/testcode/do-tests.sh delete mode 100644 external/unbound/testcode/fake_event.c delete mode 100644 external/unbound/testcode/fake_event.h delete mode 100644 external/unbound/testcode/lock_verify.c delete mode 100644 external/unbound/testcode/memstats.c delete mode 100755 external/unbound/testcode/mini_tpkg.sh delete mode 100644 external/unbound/testcode/perf.c delete mode 100644 external/unbound/testcode/petal.c delete mode 100644 external/unbound/testcode/pktview.c delete mode 100644 external/unbound/testcode/readhex.c delete mode 100644 external/unbound/testcode/readhex.h delete mode 100644 external/unbound/testcode/replay.c delete mode 100644 external/unbound/testcode/replay.h delete mode 100644 external/unbound/testcode/run_vm.sh delete mode 100644 external/unbound/testcode/signit.c delete mode 100644 external/unbound/testcode/streamtcp.1 delete mode 100644 external/unbound/testcode/streamtcp.c delete mode 100644 external/unbound/testcode/testbound.c delete mode 100644 external/unbound/testcode/testpkts.c delete mode 100644 external/unbound/testcode/testpkts.h delete mode 100644 external/unbound/testcode/unitanchor.c delete mode 100644 external/unbound/testcode/unitdname.c delete mode 100644 external/unbound/testcode/unitecs.c delete mode 100644 external/unbound/testcode/unitldns.c delete mode 100644 external/unbound/testcode/unitlruhash.c delete mode 100644 external/unbound/testcode/unitmain.c delete mode 100644 external/unbound/testcode/unitmain.h delete mode 100644 external/unbound/testcode/unitmsgparse.c delete mode 100644 external/unbound/testcode/unitneg.c delete mode 100644 external/unbound/testcode/unitregional.c delete mode 100644 external/unbound/testcode/unitslabhash.c delete mode 100644 external/unbound/testcode/unitverify.c delete mode 100644 external/unbound/util/alloc.c delete mode 100644 external/unbound/util/alloc.h delete mode 100644 external/unbound/util/as112.c delete mode 100644 external/unbound/util/as112.h delete mode 100644 external/unbound/util/config_file.c delete mode 100644 external/unbound/util/config_file.h delete mode 100644 external/unbound/util/configlexer.c delete mode 100644 external/unbound/util/configlexer.lex delete mode 100644 external/unbound/util/configparser.c delete mode 100644 external/unbound/util/configparser.h delete mode 100644 external/unbound/util/configparser.y delete mode 100644 external/unbound/util/configyyrename.h delete mode 100644 external/unbound/util/data/dname.c delete mode 100644 external/unbound/util/data/dname.h delete mode 100644 external/unbound/util/data/msgencode.c delete mode 100644 external/unbound/util/data/msgencode.h delete mode 100644 external/unbound/util/data/msgparse.c delete mode 100644 external/unbound/util/data/msgparse.h delete mode 100644 external/unbound/util/data/msgreply.c delete mode 100644 external/unbound/util/data/msgreply.h delete mode 100644 external/unbound/util/data/packed_rrset.c delete mode 100644 external/unbound/util/data/packed_rrset.h delete mode 100644 external/unbound/util/fptr_wlist.c delete mode 100644 external/unbound/util/fptr_wlist.h delete mode 100644 external/unbound/util/iana_ports.inc delete mode 100644 external/unbound/util/locks.c delete mode 100644 external/unbound/util/locks.h delete mode 100644 external/unbound/util/log.c delete mode 100644 external/unbound/util/log.h delete mode 100644 external/unbound/util/mini_event.c delete mode 100644 external/unbound/util/mini_event.h delete mode 100644 external/unbound/util/module.c delete mode 100644 external/unbound/util/module.h delete mode 100644 external/unbound/util/net_help.c delete mode 100644 external/unbound/util/net_help.h delete mode 100644 external/unbound/util/netevent.c delete mode 100644 external/unbound/util/netevent.h delete mode 100644 external/unbound/util/random.c delete mode 100644 external/unbound/util/random.h delete mode 100644 external/unbound/util/rbtree.c delete mode 100644 external/unbound/util/rbtree.h delete mode 100644 external/unbound/util/regional.c delete mode 100644 external/unbound/util/regional.h delete mode 100644 external/unbound/util/rtt.c delete mode 100644 external/unbound/util/rtt.h delete mode 100644 external/unbound/util/shm_side/shm_main.c delete mode 100644 external/unbound/util/shm_side/shm_main.h delete mode 100644 external/unbound/util/storage/dnstree.c delete mode 100644 external/unbound/util/storage/dnstree.h delete mode 100644 external/unbound/util/storage/lookup3.c delete mode 100644 external/unbound/util/storage/lookup3.h delete mode 100644 external/unbound/util/storage/lruhash.c delete mode 100644 external/unbound/util/storage/lruhash.h delete mode 100644 external/unbound/util/storage/slabhash.c delete mode 100644 external/unbound/util/storage/slabhash.h delete mode 100644 external/unbound/util/timehist.c delete mode 100644 external/unbound/util/timehist.h delete mode 100644 external/unbound/util/tube.c delete mode 100644 external/unbound/util/tube.h delete mode 100644 external/unbound/util/ub_event.c delete mode 100644 external/unbound/util/ub_event.h delete mode 100644 external/unbound/util/ub_event_pluggable.c delete mode 100644 external/unbound/util/winsock_event.c delete mode 100644 external/unbound/util/winsock_event.h delete mode 100644 external/unbound/validator/autotrust.c delete mode 100644 external/unbound/validator/autotrust.h delete mode 100644 external/unbound/validator/val_anchor.c delete mode 100644 external/unbound/validator/val_anchor.h delete mode 100644 external/unbound/validator/val_kcache.c delete mode 100644 external/unbound/validator/val_kcache.h delete mode 100644 external/unbound/validator/val_kentry.c delete mode 100644 external/unbound/validator/val_kentry.h delete mode 100644 external/unbound/validator/val_neg.c delete mode 100644 external/unbound/validator/val_neg.h delete mode 100644 external/unbound/validator/val_nsec.c delete mode 100644 external/unbound/validator/val_nsec.h delete mode 100644 external/unbound/validator/val_nsec3.c delete mode 100644 external/unbound/validator/val_nsec3.h delete mode 100644 external/unbound/validator/val_secalgo.c delete mode 100644 external/unbound/validator/val_secalgo.h delete mode 100644 external/unbound/validator/val_sigcrypt.c delete mode 100644 external/unbound/validator/val_sigcrypt.h delete mode 100644 external/unbound/validator/val_utils.c delete mode 100644 external/unbound/validator/val_utils.h delete mode 100644 external/unbound/validator/validator.c delete mode 100644 external/unbound/validator/validator.h delete mode 100644 external/unbound/winrc/README.txt delete mode 100644 external/unbound/winrc/anchor-update.c delete mode 100644 external/unbound/winrc/combined.ico delete mode 100644 external/unbound/winrc/gen_msg.bin delete mode 100644 external/unbound/winrc/gen_msg.mc delete mode 100644 external/unbound/winrc/rsrc_anchorupd.rc delete mode 100644 external/unbound/winrc/rsrc_svcinst.rc delete mode 100644 external/unbound/winrc/rsrc_svcuninst.rc delete mode 100644 external/unbound/winrc/rsrc_unbound.rc delete mode 100644 external/unbound/winrc/rsrc_unbound_anchor.rc delete mode 100644 external/unbound/winrc/rsrc_unbound_checkconf.rc delete mode 100644 external/unbound/winrc/rsrc_unbound_control.rc delete mode 100644 external/unbound/winrc/rsrc_unbound_host.rc delete mode 100644 external/unbound/winrc/service.conf delete mode 100644 external/unbound/winrc/setup.nsi delete mode 100644 external/unbound/winrc/setup_left.bmp delete mode 100644 external/unbound/winrc/setup_top.bmp delete mode 100644 external/unbound/winrc/unbound-control-setup.cmd delete mode 100644 external/unbound/winrc/unbound-service-install.c delete mode 100644 external/unbound/winrc/unbound-service-remove.c delete mode 100644 external/unbound/winrc/unbound-website.url delete mode 100644 external/unbound/winrc/unbound16.ico delete mode 100644 external/unbound/winrc/unbound32.ico delete mode 100644 external/unbound/winrc/unbound48.ico delete mode 100644 external/unbound/winrc/unbound64.ico delete mode 100644 external/unbound/winrc/unbound64.png delete mode 100644 external/unbound/winrc/vista_admin.manifest delete mode 100644 external/unbound/winrc/vista_user.manifest delete mode 100644 external/unbound/winrc/w_inst.c delete mode 100644 external/unbound/winrc/w_inst.h delete mode 100644 external/unbound/winrc/win_svc.c delete mode 100644 external/unbound/winrc/win_svc.h diff --git a/external/unbound/CMakeLists.txt b/external/unbound/CMakeLists.txt deleted file mode 100644 index 32e9116d7..000000000 --- a/external/unbound/CMakeLists.txt +++ /dev/null @@ -1,245 +0,0 @@ -# Copyright (c) 2014-2018, The Monero Project -# -# All rights reserved. -# -# Redistribution and use in source and binary forms, with or without modification, are -# permitted provided that the following conditions are met: -# -# 1. Redistributions of source code must retain the above copyright notice, this list of -# conditions and the following disclaimer. -# -# 2. Redistributions in binary form must reproduce the above copyright notice, this list -# of conditions and the following disclaimer in the documentation and/or other -# materials provided with the distribution. -# -# 3. Neither the name of the copyright holder nor the names of its contributors may be -# used to endorse or promote products derived from this software without specific -# prior written permission. -# -# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY -# EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF -# MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL -# THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, -# PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS -# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -# STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF -# THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - -cmake_minimum_required(VERSION 2.8.7) - -project(unbound C) - -find_package(Threads) - -include(configure_checks.cmake) - -if (WIN32) - set(USE_MINI_EVENT 1) - set(USE_WINSOCK 1) -else () - find_package(PkgConfig REQUIRED) - set(USE_MINI_EVENT 1) -endif () - -set(RETSIGTYPE void) - -if(CMAKE_SYSTEM_NAME MATCHES "(SunOS|Solaris)") -add_definitions(-D_XOPEN_SOURCE=600) -else() -add_definitions(-D_GNU_SOURCE) -endif() -add_definitions(-std=c99) -add_definitions(-fPIC) - -option(USE_ECDSA "Use ECDSA algorithms" ON) -option(USE_SHA2 "Enable SHA2 support" ON) -option(USE_SHA1 "Enable SHA1 support" ON) -set(ENABLE_DNSTAP 0) -set(HAVE_SSL 1) -if (CMAKE_USE_PTHREADS_INIT AND NOT CMAKE_USE_WIN32_THREADS_INIT) - set(HAVE_PTHREAD 1) -else () - set(HAVE_PTHREAD 0) -endif () -if (CMAKE_USE_WIN32_THREADS_INIT) - set(HAVE_WINDOWS_THREADS 1) -else () - set(HAVE_WINDOWS_THREADS 0) -endif () - -# determine if we have libressl -check_symbol_exists(LIBRESSL_VERSION_TEXT "openssl/opensslv.h" HAVE_LIBRESSL) -# check if we have found HAVE_DECL_REALLOCARRAY already, so we can safely undefine and redefine it with value 1 -if (HAVE_LIBRESSL AND HAVE_DECL_REALLOCARRAY) - unset(HAVE_DECL_REALLOCARRAY CACHE) - add_definitions(-DHAVE_DECL_REALLOCARRAY=1) -endif () - -configure_file( - "${CMAKE_CURRENT_SOURCE_DIR}/config.h.cmake.in" - "${CMAKE_CURRENT_BINARY_DIR}/config.h") -configure_file( - "${CMAKE_CURRENT_SOURCE_DIR}/dnstap/dnstap_config.h.in" - "${CMAKE_CURRENT_BINARY_DIR}/dnstap/dnstap_config.h") - -set(common_src - services/cache/dns.c - services/cache/infra.c - services/cache/rrset.c - util/data/dname.c - util/data/msgencode.c - util/data/msgparse.c - util/data/msgreply.c - util/data/packed_rrset.c - iterator/iterator.c - iterator/iter_delegpt.c - iterator/iter_donotq.c - iterator/iter_fwd.c - iterator/iter_hints.c - iterator/iter_priv.c - iterator/iter_resptype.c - iterator/iter_scrub.c - iterator/iter_utils.c - respip/respip.c - services/listen_dnsport.c - services/localzone.c - services/mesh.c - services/modstack.c - services/outbound_list.c - services/outside_network.c - services/view.c - util/alloc.c - util/as112.c - util/config_file.c - util/configlexer.c - util/configparser.c - util/fptr_wlist.c - util/locks.c - util/log.c - util/mini_event.c - util/module.c - util/netevent.c - util/net_help.c - util/random.c - util/rbtree.c - util/regional.c - util/rtt.c - util/storage/dnstree.c - util/storage/lookup3.c - util/storage/lruhash.c - util/storage/slabhash.c - util/timehist.c - util/tube.c - util/ub_event.c - util/winsock_event.c - validator/autotrust.c - validator/val_anchor.c - validator/validator.c - validator/val_kcache.c - validator/val_kentry.c - validator/val_neg.c - validator/val_nsec3.c - validator/val_nsec.c - validator/val_secalgo.c - validator/val_sigcrypt.c - validator/val_utils.c - dns64/dns64.c - - #$(CHECKLOCK_SRC) - testcode/checklocks.c) - -set(compat_src) - -foreach (symbol IN ITEMS ctime_r gmtime_r inet_aton inet_ntop inet_pton isblank malloc memmove snprintf strsep strlcat strlcpy strptime explicit_bzero arc4random arc4random_uniform reallocarray) - string(TOUPPER "${symbol}" upper_sym) - if (NOT HAVE_${upper_sym}) - list(APPEND compat_src - compat/${symbol}.c) - endif () -endforeach () - -if (NOT HAVE_ARC4RANDOM) - list(APPEND compat_src - compat/arc4_lock.c) -endif () - -if (CMAKE_SYSTEM_NAME MATCHES "Linux") - list(APPEND compat_src - compat/getentropy_linux.c) -elseif (APPLE) - list(APPEND compat_src - compat/getentropy_osx.c) -#elseif (SunOS) -# list(APPEND compat_src -# compat/getentropy_solaris.c) -elseif (WIN32) - list(APPEND compat_src - compat/getentropy_win.c) -endif () - -if (NOT HAVE_GETADDRINFO) - list(APPEND compat_src - compat/fake-rfc2553.c) -endif () - -set(sldns_src - sldns/keyraw.c - sldns/sbuffer.c - sldns/wire2str.c - sldns/parse.c - sldns/parseutil.c - sldns/rrdef.c - sldns/str2wire.c) - -set(libunbound_src - libunbound/context.c - libunbound/libunbound.c - libunbound/libworker.c) - -include_directories("${CMAKE_CURRENT_SOURCE_DIR}") -include_directories("${CMAKE_CURRENT_BINARY_DIR}") -include_directories(SYSTEM ${OPENSSL_INCLUDE_DIR}) -add_library(unbound - ${common_src} - ${sldns_src} - ${compat_src} - ${libunbound_src}) -target_link_libraries(unbound - PRIVATE - ${OPENSSL_LIBRARIES} - ${CMAKE_THREAD_LIBS_INIT}) - -if (WIN32) - target_link_libraries(unbound - PRIVATE - iphlpapi - ws2_32) -endif () - -if (MINGW) - # There is no variable for this (probably due to the fact that the pthread - # library is implicit with a link in msys). - find_library(win32pthread - NAMES libwinpthread-1.dll) - foreach (input IN LISTS win32pthread OPENSSL_LIBRARIES) - # Copy shared libraries into the build tree so that no PATH manipulation is - # necessary. - get_filename_component(name "${input}" NAME) - configure_file( - "${input}" - "${CMAKE_BINARY_DIR}/bin/${name}" - COPYONLY) - endforeach () -endif () - - -if (INSTALL_VENDORED_LIBUNBOUND) - if(IOS) - set(lib_folder lib-${ARCH}) - else() - set(lib_folder lib) - endif() - install(TARGETS unbound - ARCHIVE DESTINATION ${lib_folder}) -endif() diff --git a/external/unbound/LICENSE b/external/unbound/LICENSE deleted file mode 100644 index 1859c095a..000000000 --- a/external/unbound/LICENSE +++ /dev/null @@ -1,30 +0,0 @@ -Copyright (c) 2007, NLnet Labs. All rights reserved. - -This software is open source. - -Redistribution and use in source and binary forms, with or without -modification, are permitted provided that the following conditions -are met: - -Redistributions of source code must retain the above copyright notice, -this list of conditions and the following disclaimer. - -Redistributions in binary form must reproduce the above copyright notice, -this list of conditions and the following disclaimer in the documentation -and/or other materials provided with the distribution. - -Neither the name of the NLNET LABS nor the names of its contributors may -be used to endorse or promote products derived from this software without -specific prior written permission. - -THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS -"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT -LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR -A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT -HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED -TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR -PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF -LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING -NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS -SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. diff --git a/external/unbound/Makefile.in b/external/unbound/Makefile.in deleted file mode 100644 index 588fbc555..000000000 --- a/external/unbound/Makefile.in +++ /dev/null @@ -1,1360 +0,0 @@ -# Copyright 2007 NLnet Labs -# See the file LICENSE for the license - -SHELL=@SHELL@ -VERSION=@PACKAGE_VERSION@ -srcdir=@srcdir@ -prefix=@prefix@ -exec_prefix=@exec_prefix@ -bindir=@bindir@ -sbindir=@sbindir@ -mandir=@mandir@ -libdir=@libdir@ -# datarootdir is here to please some checkers, use datadir. -datarootdir=@datarootdir@ -datadir=@datadir@ -includedir=@includedir@ -doxygen=@doxygen@ -libtool=@libtool@ -staticexe=@staticexe@ -EXEEXT=@EXEEXT@ -configfile=@ub_conf_file@ -CHECKLOCK_SRC=testcode/checklocks.c -CHECKLOCK_OBJ=@CHECKLOCK_OBJ@ -DNSTAP_SRC=@DNSTAP_SRC@ -DNSTAP_OBJ=@DNSTAP_OBJ@ -DNSCRYPT_SRC=@DNSCRYPT_SRC@ -DNSCRYPT_OBJ=@DNSCRYPT_OBJ@ -WITH_PYTHONMODULE=@WITH_PYTHONMODULE@ -WITH_PYUNBOUND=@WITH_PYUNBOUND@ -PY_MAJOR_VERSION=@PY_MAJOR_VERSION@ -PYTHON_SITE_PKG=@PYTHON_SITE_PKG@ -PYTHONMOD_INSTALL=@PYTHONMOD_INSTALL@ -PYTHONMOD_UNINSTALL=@PYTHONMOD_UNINSTALL@ -PYUNBOUND_INSTALL=@PYUNBOUND_INSTALL@ -PYUNBOUND_UNINSTALL=@PYUNBOUND_UNINSTALL@ -UNBOUND_EVENT_INSTALL=@UNBOUND_EVENT_INSTALL@ -UNBOUND_EVENT_UNINSTALL=@UNBOUND_EVENT_UNINSTALL@ -UNBOUND_VERSION_MAJOR=@UNBOUND_VERSION_MAJOR@ -UNBOUND_VERSION_MINOR=@UNBOUND_VERSION_MINOR@ -UNBOUND_VERSION_MICRO=@UNBOUND_VERSION_MICRO@ -ALLTARGET=@ALLTARGET@ -INSTALLTARGET=@INSTALLTARGET@ -SSLLIB=@SSLLIB@ - -# _unbound.la if pyunbound enabled. -PYUNBOUND_TARGET=@PYUNBOUND_TARGET@ - -# override $U variable which is used by autotools for deansification (for -# K&R C compilers), but causes problems if $U is defined in the env). -U= - -PROTOC_C=@PROTOC_C@ -SWIG=@SWIG@ -YACC=@YACC@ -LEX=@LEX@ -STRIP=@STRIP@ -CC=@CC@ -CPPFLAGS=-I. @CPPFLAGS@ -PYTHON_CPPFLAGS=-I. @PYTHON_CPPFLAGS@ -CFLAGS=@CFLAGS@ -LDFLAGS=@LDFLAGS@ -LIBS=@LIBS@ -LIBOBJS=@LIBOBJS@ -# filter out ctime_r from compat obj. -LIBOBJ_WITHOUT_CTIME=@LIBOBJ_WITHOUT_CTIME@ -LIBOBJ_WITHOUT_CTIMEARC4=@LIBOBJ_WITHOUT_CTIMEARC4@ -RUNTIME_PATH=@RUNTIME_PATH@ -DEPFLAG=@DEPFLAG@ -DATE=@CONFIG_DATE@ -LIBTOOL=$(libtool) -BUILD=build/ -UBSYMS=@UBSYMS@ -EXTRALINK=@EXTRALINK@ - -WINDRES=@WINDRES@ -LINT=splint -LINTFLAGS=+quiet -weak -warnposix -unrecog -Din_addr_t=uint32_t -Du_int=unsigned -Du_char=uint8_t -preproc -Drlimit=rlimit64 -D__gnuc_va_list=va_list -formatcode -#-Dglob64=glob -Dglobfree64=globfree -# compat with openssl linux edition. -LINTFLAGS+="-DBN_ULONG=unsigned long" -Dkrb5_int32=int "-Dkrb5_ui_4=unsigned int" -DPQ_64BIT=uint64_t -DRC4_INT=unsigned -fixedformalarray -D"ENGINE=unsigned" -D"RSA=unsigned" -D"DSA=unsigned" -D"EVP_PKEY=unsigned" -D"EVP_MD=unsigned" -D"SSL=unsigned" -D"SSL_CTX=unsigned" -D"X509=unsigned" -D"RC4_KEY=unsigned" -D"EVP_MD_CTX=unsigned" -D"ECDSA_SIG=DSA_SIG" -Dfstrm_res=int -# compat with NetBSD -LINTFLAGS+=@NETBSD_LINTFLAGS@ -# compat with OpenBSD -LINTFLAGS+="-Dsigset_t=long" -# FreeBSD -LINTFLAGS+="-D__uint16_t=uint16_t" "-DEVP_PKEY_ASN1_METHOD=int" "-D_RuneLocale=int" "-D__va_list=va_list" "-D__uint32_t=uint32_t" - -INSTALL=$(SHELL) $(srcdir)/install-sh - -#pythonmod.c is not here, it is mentioned by itself in its own rules, -#makedepend fails on missing interface.h otherwise. -PYTHONMOD_SRC=pythonmod/pythonmod_utils.c -# pythonmod.lo pythonmod_utils.lo if python mod enabled. -PYTHONMOD_OBJ=@PYTHONMOD_OBJ@ -PYTHONMOD_HEADER=@PYTHONMOD_HEADER@ -# libunbound/python/libunbound_wrap.c is dealt with by its own rules. -PYUNBOUND_SRC= -# libunbound_wrap.lo if python libunbound wrapper enabled. -PYUNBOUND_OBJ=@PYUNBOUND_OBJ@ -SUBNET_SRC=edns-subnet/edns-subnet.c edns-subnet/subnetmod.c edns-subnet/addrtree.c edns-subnet/subnet-whitelist.c -SUBNET_OBJ=@SUBNET_OBJ@ -SUBNET_HEADER=@SUBNET_HEADER@ -COMMON_SRC=services/cache/dns.c services/cache/infra.c services/cache/rrset.c \ -util/as112.c util/data/dname.c util/data/msgencode.c util/data/msgparse.c \ -util/data/msgreply.c util/data/packed_rrset.c iterator/iterator.c \ -iterator/iter_delegpt.c iterator/iter_donotq.c iterator/iter_fwd.c \ -iterator/iter_hints.c iterator/iter_priv.c iterator/iter_resptype.c \ -iterator/iter_scrub.c iterator/iter_utils.c services/listen_dnsport.c \ -services/localzone.c services/mesh.c services/modstack.c services/view.c \ -services/outbound_list.c services/outside_network.c util/alloc.c \ -util/config_file.c util/configlexer.c util/configparser.c \ -util/shm_side/shm_main.c \ -util/fptr_wlist.c util/locks.c util/log.c util/mini_event.c util/module.c \ -util/netevent.c util/net_help.c util/random.c util/rbtree.c util/regional.c \ -util/rtt.c util/storage/dnstree.c util/storage/lookup3.c \ -util/storage/lruhash.c util/storage/slabhash.c util/timehist.c util/tube.c \ -util/ub_event.c util/ub_event_pluggable.c util/winsock_event.c \ -validator/autotrust.c validator/val_anchor.c validator/validator.c \ -validator/val_kcache.c validator/val_kentry.c validator/val_neg.c \ -validator/val_nsec3.c validator/val_nsec.c validator/val_secalgo.c \ -validator/val_sigcrypt.c validator/val_utils.c dns64/dns64.c \ -edns-subnet/edns-subnet.c edns-subnet/subnetmod.c \ -edns-subnet/addrtree.c edns-subnet/subnet-whitelist.c \ -cachedb/cachedb.c respip/respip.c $(CHECKLOCK_SRC) \ -$(DNSTAP_SRC) $(DNSCRYPT_SRC) -COMMON_OBJ_WITHOUT_NETCALL=dns.lo infra.lo rrset.lo dname.lo msgencode.lo \ -as112.lo msgparse.lo msgreply.lo packed_rrset.lo iterator.lo iter_delegpt.lo \ -iter_donotq.lo iter_fwd.lo iter_hints.lo iter_priv.lo iter_resptype.lo \ -iter_scrub.lo iter_utils.lo localzone.lo mesh.lo modstack.lo view.lo \ -outbound_list.lo alloc.lo config_file.lo configlexer.lo configparser.lo \ -fptr_wlist.lo locks.lo log.lo mini_event.lo module.lo net_help.lo \ -random.lo rbtree.lo regional.lo rtt.lo dnstree.lo lookup3.lo lruhash.lo \ -slabhash.lo timehist.lo tube.lo winsock_event.lo autotrust.lo val_anchor.lo \ -validator.lo val_kcache.lo val_kentry.lo val_neg.lo val_nsec3.lo val_nsec.lo \ -val_secalgo.lo val_sigcrypt.lo val_utils.lo dns64.lo cachedb.lo \ -$(SUBNET_OBJ) $(PYTHONMOD_OBJ) $(CHECKLOCK_OBJ) $(DNSTAP_OBJ) $(DNSCRYPT_OBJ) -COMMON_OBJ_WITHOUT_NETCALL+=respip.lo -COMMON_OBJ_WITHOUT_UB_EVENT=$(COMMON_OBJ_WITHOUT_NETCALL) netevent.lo listen_dnsport.lo \ -outside_network.lo -COMMON_OBJ=$(COMMON_OBJ_WITHOUT_UB_EVENT) ub_event.lo -# set to $COMMON_OBJ or to "" if --enableallsymbols -COMMON_OBJ_ALL_SYMBOLS=@COMMON_OBJ_ALL_SYMBOLS@ -COMPAT_SRC=compat/ctime_r.c compat/fake-rfc2553.c compat/gmtime_r.c \ -compat/inet_aton.c compat/inet_ntop.c compat/inet_pton.c compat/malloc.c \ -compat/memcmp.c compat/memmove.c compat/snprintf.c compat/strlcat.c \ -compat/strlcpy.c compat/strptime.c compat/getentropy_linux.c \ -compat/getentropy_osx.c compat/getentropy_solaris.c compat/getentropy_win.c \ -compat/explicit_bzero.c compat/arc4random.c compat/arc4random_uniform.c \ -compat/arc4_lock.c compat/sha512.c compat/reallocarray.c compat/isblank.c \ -compat/strsep.c -COMPAT_OBJ=$(LIBOBJS:.o=.lo) -COMPAT_OBJ_WITHOUT_CTIME=$(LIBOBJ_WITHOUT_CTIME:.o=.lo) -COMPAT_OBJ_WITHOUT_CTIMEARC4=$(LIBOBJ_WITHOUT_CTIMEARC4:.o=.lo) -SLDNS_SRC=sldns/keyraw.c sldns/sbuffer.c sldns/wire2str.c sldns/parse.c \ -sldns/parseutil.c sldns/rrdef.c sldns/str2wire.c -SLDNS_OBJ=keyraw.lo sbuffer.lo wire2str.lo parse.lo parseutil.lo rrdef.lo \ -str2wire.lo -UNITTEST_SRC=testcode/unitanchor.c testcode/unitdname.c \ -testcode/unitlruhash.c testcode/unitmain.c testcode/unitmsgparse.c \ -testcode/unitneg.c testcode/unitregional.c testcode/unitslabhash.c \ -testcode/unitverify.c testcode/readhex.c testcode/testpkts.c testcode/unitldns.c \ -testcode/unitecs.c -UNITTEST_OBJ=unitanchor.lo unitdname.lo unitlruhash.lo unitmain.lo \ -unitmsgparse.lo unitneg.lo unitregional.lo unitslabhash.lo unitverify.lo \ -readhex.lo testpkts.lo unitldns.lo unitecs.lo -UNITTEST_OBJ_LINK=$(UNITTEST_OBJ) worker_cb.lo $(COMMON_OBJ) $(SLDNS_OBJ) \ -$(COMPAT_OBJ) -DAEMON_SRC=daemon/acl_list.c daemon/cachedump.c daemon/daemon.c \ -daemon/remote.c daemon/stats.c daemon/unbound.c daemon/worker.c @WIN_DAEMON_SRC@ -DAEMON_OBJ=acl_list.lo cachedump.lo daemon.lo shm_main.lo remote.lo stats.lo unbound.lo \ -worker.lo @WIN_DAEMON_OBJ@ -DAEMON_OBJ_LINK=$(DAEMON_OBJ) $(COMMON_OBJ_ALL_SYMBOLS) $(SLDNS_OBJ) \ -$(COMPAT_OBJ) @WIN_DAEMON_OBJ_LINK@ -CHECKCONF_SRC=smallapp/unbound-checkconf.c smallapp/worker_cb.c -CHECKCONF_OBJ=unbound-checkconf.lo worker_cb.lo -CHECKCONF_OBJ_LINK=$(CHECKCONF_OBJ) $(COMMON_OBJ_ALL_SYMBOLS) $(SLDNS_OBJ) \ -$(COMPAT_OBJ) @WIN_CHECKCONF_OBJ_LINK@ -CONTROL_SRC=smallapp/unbound-control.c -CONTROL_OBJ=unbound-control.lo -CONTROL_OBJ_LINK=$(CONTROL_OBJ) worker_cb.lo $(COMMON_OBJ_ALL_SYMBOLS) \ -$(SLDNS_OBJ) $(COMPAT_OBJ) @WIN_CONTROL_OBJ_LINK@ -HOST_SRC=smallapp/unbound-host.c -HOST_OBJ=unbound-host.lo -HOST_OBJ_LINK=$(HOST_OBJ) $(SLDNS_OBJ) $(COMPAT_OBJ_WITHOUT_CTIMEARC4) @WIN_HOST_OBJ_LINK@ -UBANCHOR_SRC=smallapp/unbound-anchor.c -UBANCHOR_OBJ=unbound-anchor.lo -UBANCHOR_OBJ_LINK=$(UBANCHOR_OBJ) parseutil.lo \ -$(COMPAT_OBJ_WITHOUT_CTIME) @WIN_UBANCHOR_OBJ_LINK@ -TESTBOUND_SRC=testcode/testbound.c testcode/testpkts.c \ -daemon/worker.c daemon/acl_list.c daemon/daemon.c daemon/stats.c \ -testcode/replay.c testcode/fake_event.c -TESTBOUND_OBJ=testbound.lo replay.lo fake_event.lo -TESTBOUND_OBJ_LINK=$(TESTBOUND_OBJ) testpkts.lo worker.lo acl_list.lo \ -daemon.lo stats.lo shm_main.lo $(COMMON_OBJ_WITHOUT_NETCALL) ub_event.lo $(SLDNS_OBJ) \ -$(COMPAT_OBJ) -LOCKVERIFY_SRC=testcode/lock_verify.c -LOCKVERIFY_OBJ=lock_verify.lo -LOCKVERIFY_OBJ_LINK=$(LOCKVERIFY_OBJ) worker_cb.lo $(COMMON_OBJ) $(COMPAT_OBJ) \ -$(SLDNS_OBJ) -PETAL_SRC=testcode/petal.c -PETAL_OBJ=petal.lo -PETAL_OBJ_LINK=$(PETAL_OBJ) $(COMPAT_OBJ_WITHOUT_CTIMEARC4) -PKTVIEW_SRC=testcode/pktview.c testcode/readhex.c -PKTVIEW_OBJ=pktview.lo -PKTVIEW_OBJ_LINK=$(PKTVIEW_OBJ) worker_cb.lo readhex.lo $(COMMON_OBJ) \ -$(COMPAT_OBJ) $(SLDNS_OBJ) -MEMSTATS_SRC=testcode/memstats.c -MEMSTATS_OBJ=memstats.lo -MEMSTATS_OBJ_LINK=$(MEMSTATS_OBJ) worker_cb.lo $(COMMON_OBJ) $(COMPAT_OBJ) \ -$(SLDNS_OBJ) -ASYNCLOOK_SRC=testcode/asynclook.c -ASYNCLOOK_OBJ=asynclook.lo -ASYNCLOOK_OBJ_LINK=$(ASYNCLOOK_OBJ) log.lo locks.lo $(COMPAT_OBJ) -STREAMTCP_SRC=testcode/streamtcp.c -STREAMTCP_OBJ=streamtcp.lo -STREAMTCP_OBJ_LINK=$(STREAMTCP_OBJ) worker_cb.lo $(COMMON_OBJ) $(COMPAT_OBJ) \ -$(SLDNS_OBJ) -PERF_SRC=testcode/perf.c -PERF_OBJ=perf.lo -PERF_OBJ_LINK=$(PERF_OBJ) worker_cb.lo $(COMMON_OBJ) $(COMPAT_OBJ) $(SLDNS_OBJ) -DELAYER_SRC=testcode/delayer.c -DELAYER_OBJ=delayer.lo -DELAYER_OBJ_LINK=$(DELAYER_OBJ) worker_cb.lo $(COMMON_OBJ) $(COMPAT_OBJ) \ -$(SLDNS_OBJ) -LIBUNBOUND_SRC=libunbound/context.c libunbound/libunbound.c \ -libunbound/libworker.c -LIBUNBOUND_OBJ=context.lo libunbound.lo libworker.lo ub_event_pluggable.lo -LIBUNBOUND_OBJ_LINK=$(LIBUNBOUND_OBJ) $(COMMON_OBJ_WITHOUT_UB_EVENT) $(SLDNS_OBJ) $(COMPAT_OBJ) - -# win apps or "" if not on windows -WINAPPS=@WINAPPS@ -WIN_DAEMON_THE_SRC=winrc/win_svc.c winrc/w_inst.c -SVCINST_SRC=winrc/unbound-service-install.c -SVCINST_OBJ=unbound-service-install.lo -SVCINST_OBJ_LINK=$(SVCINST_OBJ) w_inst.lo rsrc_svcinst.o $(COMPAT_OBJ_WITHOUT_CTIMEARC4) -SVCUNINST_SRC=winrc/unbound-service-remove.c -SVCUNINST_OBJ=unbound-service-remove.lo -SVCUNINST_OBJ_LINK=$(SVCUNINST_OBJ) w_inst.lo rsrc_svcuninst.o \ -$(COMPAT_OBJ_WITHOUT_CTIMEARC4) -ANCHORUPD_SRC=winrc/anchor-update.c -ANCHORUPD_OBJ=anchor-update.lo -ANCHORUPD_OBJ_LINK=$(ANCHORUPD_OBJ) rsrc_anchorupd.o $(COMPAT_OBJ_WITHOUT_CTIMEARC4) wire2str.lo str2wire.lo parseutil.lo sbuffer.lo rrdef.lo keyraw.lo parse.lo -RSRC_OBJ=rsrc_svcinst.o rsrc_svcuninst.o rsrc_anchorupd.o rsrc_unbound.o \ - rsrc_unbound_host.o rsrc_unbound_anchor.o rsrc_unbound_control.o \ - rsrc_unbound_checkconf.o - -ALL_SRC=$(COMMON_SRC) $(UNITTEST_SRC) $(DAEMON_SRC) \ - $(TESTBOUND_SRC) $(LOCKVERIFY_SRC) $(PKTVIEW_SRC) \ - $(MEMSTATS_SRC) $(CHECKCONF_SRC) $(LIBUNBOUND_SRC) $(HOST_SRC) \ - $(ASYNCLOOK_SRC) $(STREAMTCP_SRC) $(PERF_SRC) $(DELAYER_SRC) \ - $(CONTROL_SRC) $(UBANCHOR_SRC) $(PETAL_SRC) \ - $(PYTHONMOD_SRC) $(PYUNBOUND_SRC) $(WIN_DAEMON_THE_SRC)\ - $(SVCINST_SRC) $(SVCUNINST_SRC) $(ANCHORUPD_SRC) $(SLDNS_SRC) -ALL_OBJ=$(COMMON_OBJ) $(UNITTEST_OBJ) $(DAEMON_OBJ) \ - $(TESTBOUND_OBJ) $(LOCKVERIFY_OBJ) $(PKTVIEW_OBJ) \ - $(MEMSTATS_OBJ) $(CHECKCONF_OBJ) $(LIBUNBOUND_OBJ) $(HOST_OBJ) \ - $(ASYNCLOOK_OBJ) $(STREAMTCP_OBJ) $(PERF_OBJ) $(DELAYER_OBJ) \ - $(CONTROL_OBJ) $(UBANCHOR_OBJ) $(PETAL_OBJ) \ - $(COMPAT_OBJ) $(PYUNBOUND_OBJ) \ - $(SVCINST_OBJ) $(SVCUNINST_OBJ) $(ANCHORUPD_OBJ) $(SLDNS_OBJ) - -COMPILE=$(LIBTOOL) --tag=CC --mode=compile $(CC) $(CPPFLAGS) $(CFLAGS) @PTHREAD_CFLAGS_ONLY@ -LINK=$(LIBTOOL) --tag=CC --mode=link $(CC) $(staticexe) $(RUNTIME_PATH) $(CPPFLAGS) $(CFLAGS) $(LDFLAGS) -LINK_LIB=$(LIBTOOL) --tag=CC --mode=link $(CC) $(RUNTIME_PATH) $(CPPFLAGS) $(CFLAGS) $(LDFLAGS) $(staticexe) -version-info @LIBUNBOUND_CURRENT@:@LIBUNBOUND_REVISION@:@LIBUNBOUND_AGE@ -no-undefined - -.PHONY: clean realclean doc lint all install uninstall tests test strip lib longtest longcheck check alltargets - -all: $(COMMON_OBJ) $(ALLTARGET) - -alltargets: unbound$(EXEEXT) unbound-checkconf$(EXEEXT) lib unbound-host$(EXEEXT) unbound-control$(EXEEXT) unbound-anchor$(EXEEXT) unbound-control-setup $(WINAPPS) $(PYUNBOUND_TARGET) - -# compat with BSD make, register suffix, and an implicit rule to actualise it. -.SUFFIXES: .lo -.c.lo: - $(COMPILE) -o $@ -c $< - -$(ALL_OBJ): - @@SOURCEDETERMINE@ - $(COMPILE) -o $@ -c @SOURCEFILE@ - -$(RSRC_OBJ): - @@SOURCEDETERMINE@ - $(WINDRES) $(CPPFLAGS) @SOURCEFILE@ $@ - -rsrc_svcinst.o: $(srcdir)/winrc/rsrc_svcinst.rc config.h -rsrc_svcuninst.o: $(srcdir)/winrc/rsrc_svcuninst.rc config.h -rsrc_anchorupd.o: $(srcdir)/winrc/rsrc_anchorupd.rc config.h -rsrc_unbound.o: $(srcdir)/winrc/rsrc_unbound.rc config.h -rsrc_unbound_host.o: $(srcdir)/winrc/rsrc_unbound_host.rc config.h -rsrc_unbound_anchor.o: $(srcdir)/winrc/rsrc_unbound_anchor.rc config.h -rsrc_unbound_control.o: $(srcdir)/winrc/rsrc_unbound_control.rc config.h -rsrc_unbound_checkconf.o: $(srcdir)/winrc/rsrc_unbound_checkconf.rc config.h - -TEST_BIN=asynclook$(EXEEXT) delayer$(EXEEXT) \ - lock-verify$(EXEEXT) memstats$(EXEEXT) perf$(EXEEXT) \ - petal$(EXEEXT) pktview$(EXEEXT) streamtcp$(EXEEXT) \ - testbound$(EXEEXT) unittest$(EXEEXT) -tests: all $(TEST_BIN) - -check: test -longcheck: longtest - -test: unittest$(EXEEXT) testbound$(EXEEXT) - ./unittest$(EXEEXT) - ./testbound$(EXEEXT) -s - for x in testdata/*.rpl; do echo -n "$$x "; if ./testbound$(EXEEXT) -p $$x >/dev/null 2>&1; then echo OK; else echo failed; exit 1; fi done - @echo test OK - -longtest: tests - if test -x "`which bash`"; then bash testcode/do-tests.sh; else sh testcode/do-tests.sh; fi - -lib: libunbound.la unbound.h - -libunbound.la: $(LIBUNBOUND_OBJ_LINK) - $(LINK_LIB) $(UBSYMS) -o $@ $(LIBUNBOUND_OBJ_LINK) -rpath $(libdir) $(SSLLIB) $(LIBS) - -unbound$(EXEEXT): $(DAEMON_OBJ_LINK) libunbound.la - $(LINK) -o $@ $(DAEMON_OBJ_LINK) $(EXTRALINK) $(SSLLIB) $(LIBS) - -unbound-checkconf$(EXEEXT): $(CHECKCONF_OBJ_LINK) libunbound.la - $(LINK) -o $@ $(CHECKCONF_OBJ_LINK) $(EXTRALINK) $(SSLLIB) $(LIBS) - -unbound-control$(EXEEXT): $(CONTROL_OBJ_LINK) libunbound.la - $(LINK) -o $@ $(CONTROL_OBJ_LINK) $(EXTRALINK) $(SSLLIB) $(LIBS) - -unbound-host$(EXEEXT): $(HOST_OBJ_LINK) libunbound.la - $(LINK) -o $@ $(HOST_OBJ_LINK) -L. -L.libs -lunbound $(LIBS) - -unbound-anchor$(EXEEXT): $(UBANCHOR_OBJ_LINK) libunbound.la - $(LINK) -o $@ $(UBANCHOR_OBJ_LINK) -L. -L.libs -lunbound -lexpat $(SSLLIB) $(LIBS) - -unbound-service-install$(EXEEXT): $(SVCINST_OBJ_LINK) - $(LINK) -o $@ $(SVCINST_OBJ_LINK) $(LIBS) - -unbound-service-remove$(EXEEXT): $(SVCUNINST_OBJ_LINK) - $(LINK) -o $@ $(SVCUNINST_OBJ_LINK) $(LIBS) - -anchor-update$(EXEEXT): $(ANCHORUPD_OBJ_LINK) libunbound.la - $(LINK) -o $@ $(ANCHORUPD_OBJ_LINK) -L. -L.libs -lunbound $(LIBS) - -unittest$(EXEEXT): $(UNITTEST_OBJ_LINK) - $(LINK) -o $@ $(UNITTEST_OBJ_LINK) $(SSLLIB) $(LIBS) - -testbound$(EXEEXT): $(TESTBOUND_OBJ_LINK) - $(LINK) -o $@ $(TESTBOUND_OBJ_LINK) $(SSLLIB) $(LIBS) - -lock-verify$(EXEEXT): $(LOCKVERIFY_OBJ_LINK) - $(LINK) -o $@ $(LOCKVERIFY_OBJ_LINK) $(SSLLIB) $(LIBS) - -petal$(EXEEXT): $(PETAL_OBJ_LINK) - $(LINK) -o $@ $(PETAL_OBJ_LINK) $(SSLLIB) $(LIBS) - -pktview$(EXEEXT): $(PKTVIEW_OBJ_LINK) - $(LINK) -o $@ $(PKTVIEW_OBJ_LINK) $(SSLLIB) $(LIBS) - -memstats$(EXEEXT): $(MEMSTATS_OBJ_LINK) - $(LINK) -o $@ $(MEMSTATS_OBJ_LINK) $(SSLLIB) $(LIBS) - -asynclook$(EXEEXT): $(ASYNCLOOK_OBJ_LINK) libunbound.la - $(LINK) -o $@ $(ASYNCLOOK_OBJ_LINK) $(LIBS) -L. -L.libs -lunbound - -streamtcp$(EXEEXT): $(STREAMTCP_OBJ_LINK) - $(LINK) -o $@ $(STREAMTCP_OBJ_LINK) $(SSLLIB) $(LIBS) - -perf$(EXEEXT): $(PERF_OBJ_LINK) - $(LINK) -o $@ $(PERF_OBJ_LINK) $(SSLLIB) $(LIBS) - -delayer$(EXEEXT): $(DELAYER_OBJ_LINK) - $(LINK) -o $@ $(DELAYER_OBJ_LINK) $(SSLLIB) $(LIBS) - -signit$(EXEEXT): testcode/signit.c - $(CC) $(CPPFLAGS) $(CFLAGS) @PTHREAD_CFLAGS_ONLY@ -o $@ testcode/signit.c $(LDFLAGS) -lldns $(SSLLIB) $(LIBS) - -unbound.h: $(srcdir)/libunbound/unbound.h - sed -e 's/@''UNBOUND_VERSION_MAJOR@/$(UNBOUND_VERSION_MAJOR)/' -e 's/@''UNBOUND_VERSION_MINOR@/$(UNBOUND_VERSION_MINOR)/' -e 's/@''UNBOUND_VERSION_MICRO@/$(UNBOUND_VERSION_MICRO)/' < $(srcdir)/libunbound/unbound.h > $@ - -unbound-control-setup: smallapp/unbound-control-setup.sh - cp smallapp/unbound-control-setup.sh $@ - -chmod +x $@ - -# dnstap -dnstap.lo dnstap.o: $(srcdir)/dnstap/dnstap.c config.h dnstap/dnstap_config.h \ - dnstap/dnstap.pb-c.c dnstap/dnstap.pb-c.h $(srcdir)/dnstap/dnstap.h \ - $(srcdir)/util/config_file.h $(srcdir)/util/log.h \ - $(srcdir)/util/netevent.h $(srcdir)/util/net_help.h - -dnstap/dnstap.pb-c.c dnstap/dnstap.pb-c.h: $(srcdir)/dnstap/dnstap.proto - @-if test ! -d dnstap; then $(INSTALL) -d dnstap; fi - $(PROTOC_C) --c_out=. $(srcdir)/dnstap/dnstap.proto - -dnstap.pb-c.lo dnstap.pb-c.o: dnstap/dnstap.pb-c.c dnstap/dnstap.pb-c.h - -# dnscrypt -dnscrypt.lo dnscrypt.o: $(srcdir)/dnscrypt/dnscrypt.c config.h \ - dnscrypt/dnscrypt_config.h \ - $(srcdir)/dnscrypt/dnscrypt.h $(srcdir)/dnscrypt/cert.h \ - $(srcdir)/util/config_file.h $(srcdir)/util/log.h \ - $(srcdir)/util/netevent.h - -# Python Module -pythonmod.lo pythonmod.o: $(srcdir)/pythonmod/pythonmod.c config.h \ - pythonmod/interface.h \ - $(srcdir)/pythonmod/pythonmod.h $(srcdir)/util/module.h \ - $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h \ - $(srcdir)/util/log.h $(srcdir)/util/data/msgreply.h \ - $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h \ - $(srcdir)/services/outbound_list.h $(srcdir)/util/config_file.h \ - $(srcdir)/pythonmod/pythonmod_utils.h $(srcdir)/util/netevent.h \ - $(srcdir)/util/regional.h $(srcdir)/util/data/dname.h \ - $(srcdir)/services/cache/dns.h $(srcdir)/services/mesh.h \ - $(srcdir)/util/rbtree.h $(srcdir)/services/modstack.h - -pythonmod/interface.h: $(srcdir)/pythonmod/interface.i config.h - @-if test ! -d pythonmod; then $(INSTALL) -d pythonmod; fi - $(SWIG) $(PYTHON_CPPFLAGS) -o $@ -python $(srcdir)/pythonmod/interface.i - -libunbound_wrap.lo libunbound_wrap.o: libunbound/python/libunbound_wrap.c \ - unbound.h -libunbound/python/libunbound_wrap.c: $(srcdir)/libunbound/python/libunbound.i unbound.h - @-if test ! -d libunbound/python; then $(INSTALL) -d libunbound/python; fi - $(SWIG) -python -o $@ $(PYTHON_CPPFLAGS) -DPY_MAJOR_VERSION=$(PY_MAJOR_VERSION) $(srcdir)/libunbound/python/libunbound.i - -# Pyunbound python unbound wrapper -_unbound.la: libunbound_wrap.lo libunbound.la - $(LIBTOOL) --tag=CC --mode=link $(CC) $(RUNTIME_PATH) $(CPPFLAGS) $(CFLAGS) $(LDFLAGS) -module -avoid-version -no-undefined -shared -o $@ libunbound_wrap.lo -rpath $(PYTHON_SITE_PKG) L. -L.libs -lunbound - -util/config_file.c: util/configparser.h -util/configlexer.c: $(srcdir)/util/configlexer.lex util/configparser.h - @-if test ! -d util; then $(INSTALL) -d util; fi - if test "$(LEX)" != ":"; then \ - echo "#include \"config.h\"" > $@ ;\ - echo "#include \"util/configyyrename.h\"" >> $@ ;\ - $(LEX) -t $(srcdir)/util/configlexer.lex >> $@ ;\ - fi - -util/configparser.c util/configparser.h: $(srcdir)/util/configparser.y - @-if test ! -d util; then $(INSTALL) -d util; fi - $(YACC) -d -o util/configparser.c $(srcdir)/util/configparser.y - -clean: - rm -f *.o *.d *.lo *~ tags - rm -f unbound$(EXEEXT) unbound-checkconf$(EXEEXT) unbound-host$(EXEEXT) unbound-control$(EXEEXT) unbound-anchor$(EXEEXT) unbound-control-setup libunbound.la unbound.h - rm -f $(ALL_SRC:.c=.lint) - rm -f _unbound.la libunbound/python/libunbound_wrap.c libunbound/python/unbound.py pythonmod/interface.h pythonmod/unboundmodule.py - rm -rf autom4te.cache .libs build doc/html doc/xml - -realclean: clean - rm -f config.status config.log config.h.in config.h - rm -f configure config.sub config.guess ltmain.sh aclocal.m4 libtool - rm -f util/configlexer.c util/configparser.c util/configparser.h - rm -f doc/example.conf doc/libunbound.3 doc/unbound-anchor.8 doc/unbound-checkconf.8 doc/unbound-control.8 doc/unbound.8 doc/unbound.conf.5 - rm -f $(TEST_BIN) - rm -f Makefile - -.SUFFIXES: .lint -.c.lint: - $(LINT) $(LINTFLAGS) -I. -I$(srcdir) $< - touch $@ - -util/configparser.lint util/configlexer.lint pythonmod/pythonmod.lint libunbound/python/libunbound_wrap.lint dnstap/dnstap.pb-c.lint: - # skip lint for generated code - touch $@ - -winrc/win_svc.lint winrc/w_inst.lint winrc/unbound-service-install.lint winrc/unbound-service-remove.lint: - # skip lint for windows types - touch $@ - -lint: $(ALL_SRC:.c=.lint) - -tags: $(srcdir)/*.[ch] $(srcdir)/*/*.[ch] - ctags -f $(srcdir)/tags $(srcdir)/*.[ch] $(srcdir)/*/*.[ch] - -doc: - if test -n "$(doxygen)"; then \ - $(doxygen) $(srcdir)/doc/unbound.doxygen; fi - if test "$(WITH_PYUNBOUND)" = "yes" -o "$(WITH_PYTHONMODULE)" = "yes"; \ - then if test -x "`which sphinx-build 2>&1`"; then \ - sphinx-build -b html pythonmod/doc doc/html/pythonmod; \ - sphinx-build -b html libunbound/python/doc doc/html/pyunbound;\ - fi ;\ - fi - -strip: - $(STRIP) unbound$(EXEEXT) - $(STRIP) unbound-checkconf$(EXEEXT) - $(STRIP) unbound-control$(EXEEXT) - $(STRIP) unbound-host$(EXEEXT) || $(STRIP) .libs/unbound-host$(EXEEXT) - $(STRIP) unbound-anchor$(EXEEXT) || $(STRIP) .libs/unbound-anchor$(EXEEXT) - -pythonmod-install: - $(INSTALL) -m 755 -d $(DESTDIR)$(PYTHON_SITE_PKG) - $(INSTALL) -c -m 644 pythonmod/unboundmodule.py $(DESTDIR)$(PYTHON_SITE_PKG)/unboundmodule.py - -pyunbound-install: - $(INSTALL) -m 755 -d $(DESTDIR)$(PYTHON_SITE_PKG) - $(INSTALL) -c -m 644 $(srcdir)/libunbound/python/unbound.py $(DESTDIR)$(PYTHON_SITE_PKG)/unbound.py - $(LIBTOOL) --mode=install cp _unbound.la $(DESTDIR)$(PYTHON_SITE_PKG) - $(LIBTOOL) --mode=finish $(DESTDIR)$(PYTHON_SITE_PKG) - -unbound-event-install: - $(INSTALL) -m 755 -d $(DESTDIR)$(includedir) - $(LIBTOOL) --mode=install cp $(srcdir)/libunbound/unbound-event.h $(DESTDIR)$(includedir)/unbound-event.h - -install: $(INSTALLTARGET) - -install-lib: lib $(UNBOUND_EVENT_INSTALL) - $(INSTALL) -m 755 -d $(DESTDIR)$(libdir) - $(INSTALL) -m 755 -d $(DESTDIR)$(includedir) - $(INSTALL) -m 755 -d $(DESTDIR)$(mandir) - $(INSTALL) -m 755 -d $(DESTDIR)$(mandir)/man3 - $(INSTALL) -c -m 644 doc/libunbound.3 $(DESTDIR)$(mandir)/man3 - for mpage in ub_ctx ub_result ub_ctx_create ub_ctx_delete \ - ub_ctx_set_option ub_ctx_get_option ub_ctx_config ub_ctx_set_fwd \ - ub_ctx_resolvconf ub_ctx_hosts ub_ctx_add_ta ub_ctx_add_ta_file \ - ub_ctx_trustedkeys ub_ctx_debugout ub_ctx_debuglevel ub_ctx_async \ - ub_poll ub_wait ub_fd ub_process ub_resolve ub_resolve_async ub_cancel \ - ub_resolve_free ub_strerror ub_ctx_print_local_zones ub_ctx_zone_add \ - ub_ctx_zone_remove ub_ctx_data_add ub_ctx_data_remove; \ - do \ - echo ".so man3/libunbound.3" > $(DESTDIR)$(mandir)/man3/$$mpage.3 ; \ - done - $(LIBTOOL) --mode=install cp unbound.h $(DESTDIR)$(includedir)/unbound.h - $(LIBTOOL) --mode=install cp libunbound.la $(DESTDIR)$(libdir) - $(LIBTOOL) --mode=finish $(DESTDIR)$(libdir) - -install-all: all $(PYTHONMOD_INSTALL) $(PYUNBOUND_INSTALL) $(UNBOUND_EVENT_INSTALL) install-lib - $(INSTALL) -m 755 -d $(DESTDIR)$(sbindir) - $(INSTALL) -m 755 -d $(DESTDIR)$(mandir) - $(INSTALL) -m 755 -d $(DESTDIR)$(mandir)/man8 - $(INSTALL) -m 755 -d $(DESTDIR)$(mandir)/man5 - $(INSTALL) -m 755 -d $(DESTDIR)$(mandir)/man1 - $(LIBTOOL) --mode=install cp -f unbound$(EXEEXT) $(DESTDIR)$(sbindir)/unbound$(EXEEXT) - $(LIBTOOL) --mode=install cp -f unbound-checkconf$(EXEEXT) $(DESTDIR)$(sbindir)/unbound-checkconf$(EXEEXT) - $(LIBTOOL) --mode=install cp -f unbound-control$(EXEEXT) $(DESTDIR)$(sbindir)/unbound-control$(EXEEXT) - $(LIBTOOL) --mode=install cp -f unbound-host$(EXEEXT) $(DESTDIR)$(sbindir)/unbound-host$(EXEEXT) - $(LIBTOOL) --mode=install cp -f unbound-anchor$(EXEEXT) $(DESTDIR)$(sbindir)/unbound-anchor$(EXEEXT) - $(INSTALL) -c -m 644 doc/unbound.8 $(DESTDIR)$(mandir)/man8 - $(INSTALL) -c -m 644 doc/unbound-checkconf.8 $(DESTDIR)$(mandir)/man8 - $(INSTALL) -c -m 644 doc/unbound-control.8 $(DESTDIR)$(mandir)/man8 - $(INSTALL) -c -m 644 doc/unbound-control.8 $(DESTDIR)$(mandir)/man8/unbound-control-setup.8 - $(INSTALL) -c -m 644 doc/unbound-anchor.8 $(DESTDIR)$(mandir)/man8 - $(INSTALL) -c -m 644 doc/unbound.conf.5 $(DESTDIR)$(mandir)/man5 - $(INSTALL) -c -m 644 doc/unbound-host.1 $(DESTDIR)$(mandir)/man1 - $(INSTALL) -c -m 755 unbound-control-setup $(DESTDIR)$(sbindir)/unbound-control-setup - if test ! -e $(DESTDIR)$(configfile); then $(INSTALL) -d `dirname $(DESTDIR)$(configfile)`; $(INSTALL) -c -m 644 doc/example.conf $(DESTDIR)$(configfile); fi - -pythonmod-uninstall: - rm -f -- $(DESTDIR)$(PYTHON_SITE_PKG)/unboundmodule.py - -pyunbound-uninstall: - rm -f -- $(DESTDIR)$(PYTHON_SITE_PKG)/unbound.py - $(LIBTOOL) --mode=uninstall rm -f $(DESTDIR)$(PYTHON_SITE_PKG)/_unbound.la - -unbound-event-uninstall: - rm -f -- $(DESTDIR)$(includedir)/unbound-event.h - -uninstall: $(PYTHONMOD_UNINSTALL) $(PYUNBOUND_UNINSTALL) $(UNBOUND_EVENT_UNINSTALL) - rm -f -- $(DESTDIR)$(sbindir)/unbound$(EXEEXT) $(DESTDIR)$(sbindir)/unbound-checkconf$(EXEEXT) $(DESTDIR)$(sbindir)/unbound-host$(EXEEXT) $(DESTDIR)$(sbindir)/unbound-control$(EXEEXT) $(DESTDIR)$(sbindir)/unbound-anchor$(EXEEXT) $(DESTDIR)$(sbindir)/unbound-control-setup - rm -f -- $(DESTDIR)$(mandir)/man8/unbound.8 $(DESTDIR)$(mandir)/man8/unbound-checkconf.8 $(DESTDIR)$(mandir)/man5/unbound.conf.5 $(DESTDIR)$(mandir)/man8/unbound-control.8 $(DESTDIR)$(mandir)/man8/unbound-anchor.8 $(DESTDIR)$(mandir)/man8/unbound-control-setup.8 - rm -f -- $(DESTDIR)$(mandir)/man1/unbound-host.1 $(DESTDIR)$(mandir)/man3/libunbound.3 - for mpage in ub_ctx ub_result ub_ctx_create ub_ctx_delete \ - ub_ctx_set_option ub_ctx_get_option ub_ctx_config ub_ctx_set_fwd \ - ub_ctx_resolvconf ub_ctx_hosts ub_ctx_add_ta ub_ctx_add_ta_file \ - ub_ctx_trustedkeys ub_ctx_debugout ub_ctx_debuglevel ub_ctx_async \ - ub_poll ub_wait ub_fd ub_process ub_resolve ub_resolve_async ub_cancel \ - ub_resolve_free ub_strerror ub_ctx_print_local_zones ub_ctx_zone_add \ - ub_ctx_zone_remove ub_ctx_data_add ub_ctx_data_remove; \ - do \ - rm -f -- $(DESTDIR)$(mandir)/man3/$$mpage.3 ; \ - done - rm -f -- $(DESTDIR)$(includedir)/unbound.h - $(LIBTOOL) --mode=uninstall rm -f $(DESTDIR)$(libdir)/libunbound.la - @echo - @echo "You still need to remove "`dirname $(DESTDIR)$(configfile)`" , $(DESTDIR)$(configfile) by hand" - -iana_update: - curl -o port-numbers.tmp https://www.iana.org/assignments/service-names-port-numbers/service-names-port-numbers.xml --compressed - if file port-numbers.tmp | grep 'gzip' >/dev/null; then zcat port-numbers.tmp; else cat port-numbers.tmp; fi | awk '// {p=0;} /udp/ {p=1;} /[^u]/ {p=0;} /Decomissioned|Decommissioned|Removed|De-registered|unassigned|Unassigned|Reserved/ {u=1;} // { if(u==1) {u=0;} else { if(p==1) { match($$0,/[0-9]+/); print substr($$0, RSTART, RLENGTH) ","}}}' | sort -nu > util/iana_ports.inc - rm -f port-numbers.tmp - -# dependency generation -DEPEND_TMP=depend1073.tmp -DEPEND_TMP2=depend1074.tmp -DEPEND_TARGET=Makefile -DEPEND_TARGET2=Makefile.in -# actions: generate deplines from gcc, -# then, filter out home/xx, /usr/xx and /opt/xx lines (some cc already do this) -# then, remove empty " \" lines -# then, add srcdir before .c and .h in deps. -# then, remove srcdir from the (generated) parser and lexer. -# and mention the .lo -depend: - (cd $(srcdir) ; $(CC) $(DEPFLAG) $(CPPFLAGS) $(CFLAGS) @PTHREAD_CFLAGS_ONLY@ $(ALL_SRC) $(COMPAT_SRC)) | \ - sed -e 's!'$$HOME'[^ ]* !!g' -e 's!'$$HOME'[^ ]*$$!!g' \ - -e 's!/usr[^ ]* !!g' -e 's!/usr[^ ]*$$!!g' \ - -e 's!/opt[^ ]* !!g' -e 's!/opt[^ ]*$$!!g' | \ - sed -e '/^ \\$$/d' | \ - sed -e 's? *\([^ ]*\.[ch]\)? $$(srcdir)/\1?g' | \ - sed -e 's? *\([^ ]*\.inc\)? $$(srcdir)/\1?g' | \ - sed -e 's?$$(srcdir)/config.h?config.h?g' \ - -e 's?$$(srcdir)/util/configlexer.c?util/configlexer.c?g' \ - -e 's?$$(srcdir)/util/configparser.c?util/configparser.c?g' \ - -e 's?$$(srcdir)/util/configparser.h?util/configparser.h?g' \ - -e 's?$$(srcdir)/dnstap/dnstap_config.h??g' \ - -e 's?$$(srcdir)/dnscrypt/dnscrypt_config.h??g' \ - -e 's?$$(srcdir)/pythonmod/pythonmod.h?$$(PYTHONMOD_HEADER)?g' \ - -e 's?$$(srcdir)/edns-subnet/subnetmod.h $$(srcdir)/edns-subnet/subnet-whitelist.h $$(srcdir)/edns-subnet/edns-subnet.h $$(srcdir)/edns-subnet/addrtree.h?$$(SUBNET_HEADER)?g' \ - -e 's!\(.*\)\.o[ :]*!\1.lo \1.o: !g' \ - > $(DEPEND_TMP) - cp $(DEPEND_TARGET) $(DEPEND_TMP2) - head -`egrep -n "# Dependencies" $(DEPEND_TARGET) | tail -1 | sed -e 's/:.*$$//'` $(DEPEND_TMP2) > $(DEPEND_TARGET) - cat $(DEPEND_TMP) >> $(DEPEND_TARGET) - @if diff $(DEPEND_TARGET) $(DEPEND_TMP2); then echo " $(DEPEND_TARGET) unchanged"; else echo " Updated $(DEPEND_TARGET))"; fi - @if test -f $(DEPEND_TARGET2); then \ - cp $(DEPEND_TARGET2) $(DEPEND_TMP2); \ - head -`egrep -n "# Dependencies" $(DEPEND_TARGET2) | tail -1 | sed -e 's/:.*$$//'` $(DEPEND_TMP2) > $(DEPEND_TARGET2); \ - cat $(DEPEND_TMP) >> $(DEPEND_TARGET2); \ - if diff $(DEPEND_TARGET2) $(DEPEND_TMP2); then echo " $(DEPEND_TARGET2) unchanged"; else echo " Updated $(DEPEND_TARGET2))"; fi; \ - fi - rm -f $(DEPEND_TMP) $(DEPEND_TMP2) - -# Dependencies -dns.lo dns.o: $(srcdir)/services/cache/dns.c config.h $(srcdir)/iterator/iter_delegpt.h $(srcdir)/util/log.h \ - $(srcdir)/validator/val_nsec.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h \ - $(srcdir)/util/locks.h $(srcdir)/services/cache/dns.h $(srcdir)/util/data/msgreply.h \ - $(srcdir)/services/cache/rrset.h $(srcdir)/util/storage/slabhash.h $(srcdir)/util/data/dname.h \ - $(srcdir)/util/module.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h \ - $(srcdir)/util/net_help.h $(srcdir)/util/regional.h $(srcdir)/util/config_file.h $(srcdir)/sldns/sbuffer.h -infra.lo infra.o: $(srcdir)/services/cache/infra.c config.h $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/str2wire.h \ - $(srcdir)/services/cache/infra.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \ - $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h $(srcdir)/util/rtt.h $(srcdir)/util/netevent.h \ - $(srcdir)/dnscrypt/dnscrypt.h $(srcdir)/util/data/msgreply.h \ - $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/slabhash.h $(srcdir)/util/storage/lookup3.h \ - $(srcdir)/util/data/dname.h $(srcdir)/util/net_help.h $(srcdir)/util/config_file.h $(srcdir)/iterator/iterator.h \ - $(srcdir)/services/outbound_list.h $(srcdir)/util/module.h $(srcdir)/util/data/msgparse.h \ - $(srcdir)/sldns/pkthdr.h -rrset.lo rrset.o: $(srcdir)/services/cache/rrset.c config.h $(srcdir)/services/cache/rrset.h \ - $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/storage/slabhash.h \ - $(srcdir)/util/data/packed_rrset.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/config_file.h \ - $(srcdir)/util/data/msgreply.h $(srcdir)/util/regional.h $(srcdir)/util/alloc.h -as112.lo as112.o: $(srcdir)/util/as112.c $(srcdir)/util/as112.h -dname.lo dname.o: $(srcdir)/util/data/dname.c config.h $(srcdir)/util/data/dname.h \ - $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/data/msgparse.h \ - $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/storage/lookup3.h $(srcdir)/sldns/sbuffer.h -msgencode.lo msgencode.o: $(srcdir)/util/data/msgencode.c config.h $(srcdir)/util/data/msgencode.h \ - $(srcdir)/util/data/msgreply.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \ - $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h \ - $(srcdir)/sldns/rrdef.h $(srcdir)/util/data/dname.h $(srcdir)/util/regional.h $(srcdir)/util/net_help.h \ - $(srcdir)/sldns/sbuffer.h $(srcdir)/services/localzone.h $(srcdir)/util/rbtree.h \ - $(srcdir)/util/storage/dnstree.h $(srcdir)/util/module.h $(srcdir)/services/view.h -msgparse.lo msgparse.o: $(srcdir)/util/data/msgparse.c config.h $(srcdir)/util/data/msgparse.h \ - $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/sldns/pkthdr.h \ - $(srcdir)/sldns/rrdef.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h \ - $(srcdir)/util/data/dname.h $(srcdir)/util/storage/lookup3.h $(srcdir)/util/regional.h $(srcdir)/sldns/sbuffer.h \ - $(srcdir)/sldns/parseutil.h $(srcdir)/sldns/wire2str.h -msgreply.lo msgreply.o: $(srcdir)/util/data/msgreply.c config.h $(srcdir)/util/data/msgreply.h \ - $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/data/packed_rrset.h \ - $(srcdir)/util/storage/lookup3.h $(srcdir)/util/alloc.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ - $(srcdir)/util/net_help.h $(srcdir)/util/data/dname.h \ - $(srcdir)/util/regional.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h \ - $(srcdir)/util/data/msgencode.h $(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/wire2str.h $(srcdir)/util/module.h \ - $(srcdir)/util/fptr_wlist.h $(srcdir)/util/tube.h $(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h \ - $(srcdir)/services/modstack.h -packed_rrset.lo packed_rrset.o: $(srcdir)/util/data/packed_rrset.c config.h \ - $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \ - $(srcdir)/util/data/dname.h $(srcdir)/util/storage/lookup3.h $(srcdir)/util/alloc.h $(srcdir)/util/regional.h \ - $(srcdir)/util/net_help.h $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/wire2str.h -iterator.lo iterator.o: $(srcdir)/iterator/iterator.c config.h $(srcdir)/iterator/iterator.h \ - $(srcdir)/services/outbound_list.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/storage/lruhash.h \ - $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/module.h \ - $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/iterator/iter_utils.h \ - $(srcdir)/iterator/iter_resptype.h $(srcdir)/iterator/iter_hints.h $(srcdir)/util/storage/dnstree.h \ - $(srcdir)/util/rbtree.h $(srcdir)/iterator/iter_fwd.h $(srcdir)/iterator/iter_donotq.h \ - $(srcdir)/iterator/iter_delegpt.h $(srcdir)/iterator/iter_scrub.h $(srcdir)/iterator/iter_priv.h \ - $(srcdir)/validator/val_neg.h $(srcdir)/services/cache/dns.h $(srcdir)/services/cache/infra.h \ - $(srcdir)/util/rtt.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ - $(srcdir)/util/net_help.h $(srcdir)/util/regional.h \ - $(srcdir)/util/data/dname.h $(srcdir)/util/data/msgencode.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/tube.h \ - $(srcdir)/services/mesh.h $(srcdir)/services/modstack.h $(srcdir)/util/config_file.h $(srcdir)/util/random.h \ - $(srcdir)/sldns/wire2str.h $(srcdir)/sldns/str2wire.h $(srcdir)/sldns/parseutil.h $(srcdir)/sldns/sbuffer.h -iter_delegpt.lo iter_delegpt.o: $(srcdir)/iterator/iter_delegpt.c config.h $(srcdir)/iterator/iter_delegpt.h \ - $(srcdir)/util/log.h $(srcdir)/services/cache/dns.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h \ - $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/regional.h \ - $(srcdir)/util/data/dname.h $(srcdir)/util/net_help.h $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/sbuffer.h -iter_donotq.lo iter_donotq.o: $(srcdir)/iterator/iter_donotq.c config.h $(srcdir)/iterator/iter_donotq.h \ - $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h $(srcdir)/util/regional.h $(srcdir)/util/log.h \ - $(srcdir)/util/config_file.h $(srcdir)/util/net_help.h -iter_fwd.lo iter_fwd.o: $(srcdir)/iterator/iter_fwd.c config.h $(srcdir)/iterator/iter_fwd.h \ - $(srcdir)/util/rbtree.h $(srcdir)/iterator/iter_delegpt.h $(srcdir)/util/log.h $(srcdir)/util/config_file.h \ - $(srcdir)/util/net_help.h $(srcdir)/util/data/dname.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h \ - $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/str2wire.h -iter_hints.lo iter_hints.o: $(srcdir)/iterator/iter_hints.c config.h $(srcdir)/iterator/iter_hints.h \ - $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h $(srcdir)/iterator/iter_delegpt.h $(srcdir)/util/log.h \ - $(srcdir)/util/config_file.h $(srcdir)/util/net_help.h $(srcdir)/util/data/dname.h \ - $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/str2wire.h \ - $(srcdir)/sldns/wire2str.h -iter_priv.lo iter_priv.o: $(srcdir)/iterator/iter_priv.c config.h $(srcdir)/iterator/iter_priv.h \ - $(srcdir)/util/rbtree.h $(srcdir)/util/regional.h $(srcdir)/util/log.h $(srcdir)/util/config_file.h \ - $(srcdir)/util/data/dname.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h \ - $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/net_help.h \ - $(srcdir)/util/storage/dnstree.h $(srcdir)/sldns/str2wire.h $(srcdir)/sldns/sbuffer.h -iter_resptype.lo iter_resptype.o: $(srcdir)/iterator/iter_resptype.c config.h \ - $(srcdir)/iterator/iter_resptype.h $(srcdir)/iterator/iter_delegpt.h $(srcdir)/util/log.h \ - $(srcdir)/services/cache/dns.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h \ - $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/net_help.h \ - $(srcdir)/util/data/dname.h $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/pkthdr.h -iter_scrub.lo iter_scrub.o: $(srcdir)/iterator/iter_scrub.c config.h $(srcdir)/iterator/iter_scrub.h \ - $(srcdir)/iterator/iterator.h $(srcdir)/services/outbound_list.h $(srcdir)/util/data/msgreply.h \ - $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/data/packed_rrset.h \ - $(srcdir)/util/module.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h \ - $(srcdir)/iterator/iter_priv.h $(srcdir)/util/rbtree.h $(srcdir)/services/cache/rrset.h \ - $(srcdir)/util/storage/slabhash.h $(srcdir)/util/net_help.h $(srcdir)/util/regional.h \ - $(srcdir)/util/config_file.h $(srcdir)/util/data/dname.h $(srcdir)/util/alloc.h $(srcdir)/sldns/sbuffer.h -iter_utils.lo iter_utils.o: $(srcdir)/iterator/iter_utils.c config.h $(srcdir)/iterator/iter_utils.h \ - $(srcdir)/iterator/iter_resptype.h $(srcdir)/iterator/iterator.h $(srcdir)/services/outbound_list.h \ - $(srcdir)/util/data/msgreply.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \ - $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/module.h $(srcdir)/util/data/msgparse.h \ - $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/iterator/iter_hints.h \ - $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h $(srcdir)/iterator/iter_fwd.h \ - $(srcdir)/iterator/iter_donotq.h $(srcdir)/iterator/iter_delegpt.h $(srcdir)/iterator/iter_priv.h \ - $(srcdir)/services/cache/infra.h $(srcdir)/util/rtt.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ - $(srcdir)/services/cache/dns.h $(srcdir)/services/cache/rrset.h \ - $(srcdir)/util/storage/slabhash.h $(srcdir)/util/net_help.h $(srcdir)/util/config_file.h \ - $(srcdir)/util/regional.h $(srcdir)/util/data/dname.h $(srcdir)/util/random.h $(srcdir)/util/fptr_wlist.h \ - $(srcdir)/util/tube.h $(srcdir)/services/mesh.h $(srcdir)/services/modstack.h $(srcdir)/validator/val_anchor.h \ - $(srcdir)/validator/val_kcache.h $(srcdir)/validator/val_kentry.h $(srcdir)/validator/val_utils.h \ - $(srcdir)/validator/val_sigcrypt.h $(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/str2wire.h -listen_dnsport.lo listen_dnsport.o: $(srcdir)/services/listen_dnsport.c config.h \ - $(srcdir)/services/listen_dnsport.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ - $(srcdir)/services/outside_network.h $(srcdir)/util/rbtree.h \ - $(srcdir)/util/log.h $(srcdir)/util/config_file.h $(srcdir)/util/net_help.h \ - $(srcdir)/sldns/sbuffer.h -localzone.lo localzone.o: $(srcdir)/services/localzone.c config.h $(srcdir)/services/localzone.h \ - $(srcdir)/util/rbtree.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/storage/dnstree.h \ - $(srcdir)/util/module.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/data/msgreply.h \ - $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h \ - $(srcdir)/sldns/rrdef.h $(srcdir)/services/view.h $(srcdir)/sldns/str2wire.h $(srcdir)/sldns/sbuffer.h \ - $(srcdir)/util/regional.h $(srcdir)/util/config_file.h $(srcdir)/util/data/dname.h \ - $(srcdir)/util/data/msgencode.h $(srcdir)/util/net_help.h $(srcdir)/util/netevent.h \ - $(srcdir)/dnscrypt/dnscrypt.h $(srcdir)/util/as112.h -mesh.lo mesh.o: $(srcdir)/services/mesh.c config.h $(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h \ - $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ - $(srcdir)/util/data/msgparse.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \ - $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h \ - $(srcdir)/util/data/packed_rrset.h $(srcdir)/services/modstack.h $(srcdir)/services/outbound_list.h \ - $(srcdir)/services/cache/dns.h $(srcdir)/util/net_help.h $(srcdir)/util/regional.h \ - $(srcdir)/util/data/msgencode.h $(srcdir)/util/timehist.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/tube.h \ - $(srcdir)/util/alloc.h $(srcdir)/util/config_file.h $(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/wire2str.h \ - $(srcdir)/services/localzone.h $(srcdir)/util/storage/dnstree.h $(srcdir)/services/view.h \ - $(srcdir)/util/data/dname.h $(srcdir)/respip/respip.h -modstack.lo modstack.o: $(srcdir)/services/modstack.c config.h $(srcdir)/services/modstack.h \ - $(srcdir)/util/module.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \ - $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h \ - $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/netevent.h \ - $(srcdir)/dnscrypt/dnscrypt.h $(srcdir)/util/tube.h \ - $(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h $(srcdir)/dns64/dns64.h $(srcdir)/iterator/iterator.h \ - $(srcdir)/services/outbound_list.h $(srcdir)/validator/validator.h $(srcdir)/validator/val_utils.h \ - $(srcdir)/respip/respip.h $(srcdir)/services/localzone.h $(srcdir)/util/storage/dnstree.h \ - $(srcdir)/services/view.h $(srcdir)/edns-subnet/subnetmod.h $(srcdir)/util/alloc.h $(srcdir)/util/net_help.h \ - $(srcdir)/util/storage/slabhash.h $(srcdir)/edns-subnet/addrtree.h $(srcdir)/edns-subnet/edns-subnet.h -view.lo view.o: $(srcdir)/services/view.c config.h $(srcdir)/services/view.h $(srcdir)/util/rbtree.h \ - $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/services/localzone.h $(srcdir)/util/storage/dnstree.h \ - $(srcdir)/util/module.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/data/msgreply.h \ - $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h \ - $(srcdir)/sldns/rrdef.h $(srcdir)/util/config_file.h -outbound_list.lo outbound_list.o: $(srcdir)/services/outbound_list.c config.h \ - $(srcdir)/services/outbound_list.h $(srcdir)/services/outside_network.h $(srcdir)/util/rbtree.h \ - $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ - -outside_network.lo outside_network.o: $(srcdir)/services/outside_network.c config.h \ - $(srcdir)/services/outside_network.h $(srcdir)/util/rbtree.h $(srcdir)/util/netevent.h \ - $(srcdir)/dnscrypt/dnscrypt.h \ - $(srcdir)/services/listen_dnsport.h $(srcdir)/services/cache/infra.h $(srcdir)/util/storage/lruhash.h \ - $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rtt.h \ - $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h \ - $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/data/msgencode.h $(srcdir)/util/data/dname.h \ - $(srcdir)/util/net_help.h $(srcdir)/util/random.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/module.h \ - $(srcdir)/util/tube.h $(srcdir)/services/mesh.h $(srcdir)/services/modstack.h $(srcdir)/sldns/sbuffer.h \ - $(srcdir)/dnstap/dnstap.h -alloc.lo alloc.o: $(srcdir)/util/alloc.c config.h $(srcdir)/util/alloc.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \ - $(srcdir)/util/regional.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h \ - $(srcdir)/util/fptr_wlist.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ - $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h \ - $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/tube.h \ - $(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h $(srcdir)/services/modstack.h -config_file.lo config_file.o: $(srcdir)/util/config_file.c config.h $(srcdir)/util/log.h \ - $(srcdir)/util/configyyrename.h $(srcdir)/util/config_file.h util/configparser.h \ - $(srcdir)/util/net_help.h $(srcdir)/util/data/msgparse.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h \ - $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h \ - $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/regional.h $(srcdir)/util/fptr_wlist.h \ - $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ - $(srcdir)/util/tube.h $(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h $(srcdir)/services/modstack.h \ - $(srcdir)/util/data/dname.h $(srcdir)/util/rtt.h $(srcdir)/services/cache/infra.h \ - $(srcdir)/util/storage/dnstree.h $(srcdir)/sldns/wire2str.h $(srcdir)/sldns/parseutil.h \ - $(srcdir)/edns-subnet/edns-subnet.h $(srcdir)/util/iana_ports.inc -configlexer.lo configlexer.o: util/configlexer.c config.h $(srcdir)/util/configyyrename.h \ - $(srcdir)/util/config_file.h util/configparser.h -configparser.lo configparser.o: util/configparser.c config.h $(srcdir)/util/configyyrename.h \ - $(srcdir)/util/config_file.h $(srcdir)/util/net_help.h $(srcdir)/util/log.h -shm_main.lo shm_main.o: $(srcdir)/util/shm_side/shm_main.c config.h $(srcdir)/util/shm_side/shm_main.h \ - $(srcdir)/daemon/daemon.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/alloc.h $(srcdir)/services/modstack.h \ - $(srcdir)/daemon/worker.h \ - $(srcdir)/libunbound/worker.h $(srcdir)/sldns/sbuffer.h $(srcdir)/util/data/packed_rrset.h \ - $(srcdir)/util/storage/lruhash.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ - $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h \ - $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h $(srcdir)/util/module.h $(srcdir)/dnstap/dnstap.h \ - $(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h $(srcdir)/services/cache/rrset.h \ - $(srcdir)/util/storage/slabhash.h $(srcdir)/services/cache/infra.h $(srcdir)/util/storage/dnstree.h \ - $(srcdir)/util/rtt.h $(srcdir)/validator/validator.h $(srcdir)/validator/val_utils.h \ - $(srcdir)/util/config_file.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/tube.h -fptr_wlist.lo fptr_wlist.o: $(srcdir)/util/fptr_wlist.c config.h $(srcdir)/util/fptr_wlist.h \ - $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ - $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/module.h \ - $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h \ - $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/tube.h $(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h \ - $(srcdir)/services/modstack.h $(srcdir)/util/mini_event.h $(srcdir)/util/rbtree.h \ - $(srcdir)/services/outside_network.h $(srcdir)/services/localzone.h \ - $(srcdir)/util/storage/dnstree.h $(srcdir)/services/view.h $(srcdir)/services/cache/infra.h $(srcdir)/util/rtt.h \ - $(srcdir)/services/cache/rrset.h $(srcdir)/util/storage/slabhash.h $(srcdir)/dns64/dns64.h \ - $(srcdir)/iterator/iterator.h $(srcdir)/services/outbound_list.h $(srcdir)/iterator/iter_fwd.h \ - $(srcdir)/validator/validator.h $(srcdir)/validator/val_utils.h $(srcdir)/validator/val_anchor.h \ - $(srcdir)/validator/val_nsec3.h $(srcdir)/validator/val_sigcrypt.h $(srcdir)/validator/val_kentry.h \ - $(srcdir)/validator/val_neg.h $(srcdir)/validator/autotrust.h $(srcdir)/libunbound/libworker.h \ - $(srcdir)/libunbound/context.h $(srcdir)/util/alloc.h $(srcdir)/libunbound/unbound.h \ - $(srcdir)/libunbound/worker.h $(srcdir)/sldns/sbuffer.h $(srcdir)/util/config_file.h $(srcdir)/respip/respip.h \ - $(srcdir)/edns-subnet/subnetmod.h $(srcdir)/util/net_help.h $(srcdir)/edns-subnet/addrtree.h \ - $(srcdir)/edns-subnet/edns-subnet.h -locks.lo locks.o: $(srcdir)/util/locks.c config.h $(srcdir)/util/locks.h $(srcdir)/util/log.h -log.lo log.o: $(srcdir)/util/log.c config.h $(srcdir)/util/log.h $(srcdir)/util/locks.h $(srcdir)/sldns/sbuffer.h -mini_event.lo mini_event.o: $(srcdir)/util/mini_event.c config.h $(srcdir)/util/mini_event.h $(srcdir)/util/rbtree.h \ - $(srcdir)/util/fptr_wlist.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ - $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h \ - $(srcdir)/util/log.h $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h \ - $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/tube.h \ - $(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h $(srcdir)/services/modstack.h -module.lo module.o: $(srcdir)/util/module.c config.h $(srcdir)/util/module.h $(srcdir)/util/storage/lruhash.h \ - $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h \ - $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/wire2str.h -netevent.lo netevent.o: $(srcdir)/util/netevent.c config.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ - $(srcdir)/util/ub_event.h $(srcdir)/util/log.h $(srcdir)/util/net_help.h \ - $(srcdir)/util/fptr_wlist.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/module.h \ - $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h \ - $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/tube.h $(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h \ - $(srcdir)/services/modstack.h $(srcdir)/sldns/sbuffer.h $(srcdir)/dnstap/dnstap.h \ - -net_help.lo net_help.o: $(srcdir)/util/net_help.c config.h $(srcdir)/util/net_help.h $(srcdir)/util/log.h \ - $(srcdir)/util/data/dname.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/module.h \ - $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h \ - $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/regional.h $(srcdir)/sldns/parseutil.h \ - $(srcdir)/sldns/wire2str.h -random.lo random.o: $(srcdir)/util/random.c config.h $(srcdir)/util/random.h $(srcdir)/util/log.h -rbtree.lo rbtree.o: $(srcdir)/util/rbtree.c config.h $(srcdir)/util/log.h $(srcdir)/util/fptr_wlist.h \ - $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ - $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/module.h \ - $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h \ - $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/tube.h $(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h \ - $(srcdir)/services/modstack.h -regional.lo regional.o: $(srcdir)/util/regional.c config.h $(srcdir)/util/log.h $(srcdir)/util/regional.h -rtt.lo rtt.o: $(srcdir)/util/rtt.c config.h $(srcdir)/util/rtt.h -dnstree.lo dnstree.o: $(srcdir)/util/storage/dnstree.c config.h $(srcdir)/util/storage/dnstree.h \ - $(srcdir)/util/rbtree.h $(srcdir)/util/data/dname.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h \ - $(srcdir)/util/log.h $(srcdir)/util/net_help.h -lookup3.lo lookup3.o: $(srcdir)/util/storage/lookup3.c config.h $(srcdir)/util/storage/lookup3.h -lruhash.lo lruhash.o: $(srcdir)/util/storage/lruhash.c config.h $(srcdir)/util/storage/lruhash.h \ - $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/netevent.h \ - $(srcdir)/dnscrypt/dnscrypt.h $(srcdir)/util/module.h \ - $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h \ - $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/tube.h $(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h \ - $(srcdir)/services/modstack.h -slabhash.lo slabhash.o: $(srcdir)/util/storage/slabhash.c config.h $(srcdir)/util/storage/slabhash.h \ - $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h -timehist.lo timehist.o: $(srcdir)/util/timehist.c config.h $(srcdir)/util/timehist.h $(srcdir)/util/log.h -tube.lo tube.o: $(srcdir)/util/tube.c config.h $(srcdir)/util/tube.h $(srcdir)/util/log.h $(srcdir)/util/net_help.h \ - $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ - $(srcdir)/util/fptr_wlist.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/module.h \ - $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h \ - $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h \ - $(srcdir)/services/modstack.h $(srcdir)/util/ub_event.h -ub_event.lo ub_event.o: $(srcdir)/util/ub_event.c config.h $(srcdir)/util/ub_event.h $(srcdir)/util/log.h \ - $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ - $(srcdir)/util/tube.h $(srcdir)/util/mini_event.h $(srcdir)/util/rbtree.h -ub_event_pluggable.lo ub_event_pluggable.o: $(srcdir)/util/ub_event_pluggable.c config.h $(srcdir)/util/ub_event.h \ - $(srcdir)/libunbound/unbound-event.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ - $(srcdir)/util/log.h $(srcdir)/util/fptr_wlist.h \ - $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h \ - $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h \ - $(srcdir)/sldns/rrdef.h $(srcdir)/util/tube.h $(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h \ - $(srcdir)/services/modstack.h $(srcdir)/util/mini_event.h $(srcdir)/util/rbtree.h -winsock_event.lo winsock_event.o: $(srcdir)/util/winsock_event.c config.h -autotrust.lo autotrust.o: $(srcdir)/validator/autotrust.c config.h $(srcdir)/validator/autotrust.h \ - $(srcdir)/util/rbtree.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h \ - $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/validator/val_anchor.h $(srcdir)/validator/val_utils.h \ - $(srcdir)/validator/val_sigcrypt.h $(srcdir)/util/data/dname.h $(srcdir)/util/module.h \ - $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h \ - $(srcdir)/util/net_help.h $(srcdir)/util/config_file.h $(srcdir)/util/regional.h $(srcdir)/util/random.h \ - $(srcdir)/services/mesh.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ - $(srcdir)/services/modstack.h $(srcdir)/services/cache/rrset.h \ - $(srcdir)/util/storage/slabhash.h $(srcdir)/validator/val_kcache.h $(srcdir)/sldns/sbuffer.h \ - $(srcdir)/sldns/wire2str.h $(srcdir)/sldns/str2wire.h $(srcdir)/sldns/keyraw.h -val_anchor.lo val_anchor.o: $(srcdir)/validator/val_anchor.c config.h $(srcdir)/validator/val_anchor.h \ - $(srcdir)/util/rbtree.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/validator/val_sigcrypt.h \ - $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h $(srcdir)/validator/autotrust.h \ - $(srcdir)/util/data/dname.h $(srcdir)/util/net_help.h $(srcdir)/util/config_file.h $(srcdir)/util/as112.h \ - $(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/str2wire.h -validator.lo validator.o: $(srcdir)/validator/validator.c config.h $(srcdir)/validator/validator.h \ - $(srcdir)/util/module.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \ - $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h \ - $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/validator/val_utils.h \ - $(srcdir)/validator/val_anchor.h $(srcdir)/util/rbtree.h $(srcdir)/validator/val_kcache.h \ - $(srcdir)/util/storage/slabhash.h $(srcdir)/validator/val_kentry.h $(srcdir)/validator/val_nsec.h \ - $(srcdir)/validator/val_nsec3.h $(srcdir)/validator/val_neg.h $(srcdir)/validator/val_sigcrypt.h \ - $(srcdir)/validator/autotrust.h $(srcdir)/services/cache/dns.h $(srcdir)/util/data/dname.h \ - $(srcdir)/util/net_help.h $(srcdir)/util/regional.h $(srcdir)/util/config_file.h $(srcdir)/util/fptr_wlist.h \ - $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ - $(srcdir)/util/tube.h $(srcdir)/services/mesh.h $(srcdir)/services/modstack.h $(srcdir)/sldns/wire2str.h -val_kcache.lo val_kcache.o: $(srcdir)/validator/val_kcache.c config.h $(srcdir)/validator/val_kcache.h \ - $(srcdir)/util/storage/slabhash.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \ - $(srcdir)/validator/val_kentry.h $(srcdir)/util/config_file.h $(srcdir)/util/data/dname.h \ - $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h \ - $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h -val_kentry.lo val_kentry.o: $(srcdir)/validator/val_kentry.c config.h $(srcdir)/validator/val_kentry.h \ - $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/data/packed_rrset.h \ - $(srcdir)/util/data/dname.h $(srcdir)/util/storage/lookup3.h $(srcdir)/util/regional.h $(srcdir)/util/net_help.h \ - $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/keyraw.h -val_neg.lo val_neg.o: $(srcdir)/validator/val_neg.c config.h $(srcdir)/validator/val_neg.h $(srcdir)/util/locks.h \ - $(srcdir)/util/log.h $(srcdir)/util/rbtree.h $(srcdir)/validator/val_nsec.h $(srcdir)/util/data/packed_rrset.h \ - $(srcdir)/util/storage/lruhash.h $(srcdir)/validator/val_nsec3.h $(srcdir)/validator/val_utils.h \ - $(srcdir)/util/data/dname.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/net_help.h \ - $(srcdir)/util/config_file.h $(srcdir)/services/cache/rrset.h $(srcdir)/util/storage/slabhash.h \ - $(srcdir)/services/cache/dns.h $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/sbuffer.h -val_nsec3.lo val_nsec3.o: $(srcdir)/validator/val_nsec3.c config.h $(srcdir)/validator/val_nsec3.h \ - $(srcdir)/util/rbtree.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h \ - $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/validator/val_secalgo.h $(srcdir)/validator/validator.h \ - $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h \ - $(srcdir)/sldns/rrdef.h $(srcdir)/validator/val_utils.h $(srcdir)/validator/val_kentry.h \ - $(srcdir)/services/cache/rrset.h $(srcdir)/util/storage/slabhash.h $(srcdir)/util/regional.h \ - $(srcdir)/util/net_help.h $(srcdir)/util/data/dname.h $(srcdir)/validator/val_nsec.h $(srcdir)/sldns/sbuffer.h -val_nsec.lo val_nsec.o: $(srcdir)/validator/val_nsec.c config.h $(srcdir)/validator/val_nsec.h \ - $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \ - $(srcdir)/validator/val_utils.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/dname.h \ - $(srcdir)/util/net_help.h $(srcdir)/util/module.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h \ - $(srcdir)/sldns/rrdef.h $(srcdir)/services/cache/rrset.h $(srcdir)/util/storage/slabhash.h -val_secalgo.lo val_secalgo.o: $(srcdir)/validator/val_secalgo.c config.h $(srcdir)/util/data/packed_rrset.h \ - $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/validator/val_secalgo.h \ - $(srcdir)/validator/val_nsec3.h $(srcdir)/util/rbtree.h $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/keyraw.h \ - $(srcdir)/sldns/sbuffer.h -val_sigcrypt.lo val_sigcrypt.o: $(srcdir)/validator/val_sigcrypt.c config.h \ - $(srcdir)/validator/val_sigcrypt.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h \ - $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/validator/val_secalgo.h $(srcdir)/validator/validator.h \ - $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h \ - $(srcdir)/sldns/rrdef.h $(srcdir)/validator/val_utils.h $(srcdir)/util/data/dname.h $(srcdir)/util/rbtree.h \ - $(srcdir)/util/net_help.h $(srcdir)/util/regional.h $(srcdir)/util/config_file.h $(srcdir)/sldns/keyraw.h \ - $(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/parseutil.h $(srcdir)/sldns/wire2str.h -val_utils.lo val_utils.o: $(srcdir)/validator/val_utils.c config.h $(srcdir)/validator/val_utils.h \ - $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \ - $(srcdir)/validator/validator.h $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h \ - $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/validator/val_kentry.h \ - $(srcdir)/validator/val_sigcrypt.h $(srcdir)/validator/val_anchor.h $(srcdir)/util/rbtree.h \ - $(srcdir)/validator/val_nsec.h $(srcdir)/validator/val_neg.h $(srcdir)/services/cache/rrset.h \ - $(srcdir)/util/storage/slabhash.h $(srcdir)/services/cache/dns.h $(srcdir)/util/data/dname.h \ - $(srcdir)/util/net_help.h $(srcdir)/util/regional.h $(srcdir)/sldns/wire2str.h $(srcdir)/sldns/parseutil.h -dns64.lo dns64.o: $(srcdir)/dns64/dns64.c config.h $(srcdir)/dns64/dns64.h $(srcdir)/util/module.h \ - $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/data/msgreply.h \ - $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h \ - $(srcdir)/sldns/rrdef.h $(srcdir)/services/cache/dns.h $(srcdir)/services/cache/rrset.h \ - $(srcdir)/util/storage/slabhash.h $(srcdir)/util/config_file.h $(srcdir)/util/fptr_wlist.h \ - $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ - $(srcdir)/util/tube.h $(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h $(srcdir)/services/modstack.h \ - $(srcdir)/util/net_help.h $(srcdir)/util/regional.h -edns-subnet.lo edns-subnet.o: $(srcdir)/edns-subnet/edns-subnet.c config.h \ - $(srcdir)/edns-subnet/edns-subnet.h $(srcdir)/util/net_help.h $(srcdir)/util/log.h -subnetmod.lo subnetmod.o: $(srcdir)/edns-subnet/subnetmod.c config.h $(srcdir)/edns-subnet/subnetmod.h \ - $(srcdir)/util/module.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \ - $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h \ - $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/services/outbound_list.h $(srcdir)/util/alloc.h \ - $(srcdir)/util/net_help.h $(srcdir)/util/storage/slabhash.h $(srcdir)/edns-subnet/addrtree.h \ - $(srcdir)/edns-subnet/edns-subnet.h $(srcdir)/edns-subnet/subnet-whitelist.h \ - $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h $(srcdir)/services/mesh.h $(srcdir)/util/netevent.h \ - $(srcdir)/dnscrypt/dnscrypt.h $(srcdir)/services/modstack.h \ - $(srcdir)/services/cache/dns.h $(srcdir)/util/regional.h $(srcdir)/util/config_file.h $(srcdir)/sldns/sbuffer.h -addrtree.lo addrtree.o: $(srcdir)/edns-subnet/addrtree.c config.h $(srcdir)/util/log.h \ - $(srcdir)/util/data/msgreply.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h \ - $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/module.h $(srcdir)/util/data/msgparse.h \ - $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/edns-subnet/addrtree.h -subnet-whitelist.lo subnet-whitelist.o: $(srcdir)/edns-subnet/subnet-whitelist.c config.h \ - $(srcdir)/edns-subnet/edns-subnet.h $(srcdir)/util/net_help.h $(srcdir)/util/log.h \ - $(srcdir)/edns-subnet/subnet-whitelist.h $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h \ - $(srcdir)/util/regional.h $(srcdir)/util/config_file.h -cachedb.lo cachedb.o: $(srcdir)/cachedb/cachedb.c config.h -respip.lo respip.o: $(srcdir)/respip/respip.c config.h $(srcdir)/services/localzone.h $(srcdir)/util/rbtree.h \ - $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/storage/dnstree.h $(srcdir)/util/module.h \ - $(srcdir)/util/storage/lruhash.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h \ - $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/services/view.h \ - $(srcdir)/services/cache/dns.h $(srcdir)/sldns/str2wire.h $(srcdir)/util/config_file.h \ - $(srcdir)/util/fptr_wlist.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ - $(srcdir)/util/tube.h $(srcdir)/services/mesh.h \ - $(srcdir)/services/modstack.h $(srcdir)/util/net_help.h $(srcdir)/util/regional.h $(srcdir)/respip/respip.h -checklocks.lo checklocks.o: $(srcdir)/testcode/checklocks.c config.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \ - $(srcdir)/testcode/checklocks.h -unitanchor.lo unitanchor.o: $(srcdir)/testcode/unitanchor.c config.h $(srcdir)/util/log.h $(srcdir)/util/data/dname.h \ - $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/testcode/unitmain.h \ - $(srcdir)/validator/val_anchor.h $(srcdir)/util/rbtree.h $(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/rrdef.h -unitdname.lo unitdname.o: $(srcdir)/testcode/unitdname.c config.h $(srcdir)/util/log.h $(srcdir)/testcode/unitmain.h \ - $(srcdir)/util/data/dname.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/sldns/sbuffer.h \ - $(srcdir)/sldns/str2wire.h $(srcdir)/sldns/rrdef.h -unitlruhash.lo unitlruhash.o: $(srcdir)/testcode/unitlruhash.c config.h $(srcdir)/testcode/unitmain.h \ - $(srcdir)/util/log.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/storage/slabhash.h -unitmain.lo unitmain.o: $(srcdir)/testcode/unitmain.c config.h $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/keyraw.h \ - $(srcdir)/util/log.h $(srcdir)/testcode/unitmain.h $(srcdir)/util/alloc.h $(srcdir)/util/locks.h $(srcdir)/util/net_help.h \ - $(srcdir)/util/config_file.h $(srcdir)/util/rtt.h $(srcdir)/services/cache/infra.h \ - $(srcdir)/util/storage/lruhash.h $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h \ - $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ - $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/random.h \ - $(srcdir)/respip/respip.h $(srcdir)/util/module.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h \ - $(srcdir)/services/localzone.h $(srcdir)/services/view.h -unitmsgparse.lo unitmsgparse.o: $(srcdir)/testcode/unitmsgparse.c config.h $(srcdir)/util/log.h \ - $(srcdir)/testcode/unitmain.h $(srcdir)/util/data/msgparse.h $(srcdir)/util/storage/lruhash.h \ - $(srcdir)/util/locks.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/data/msgreply.h \ - $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgencode.h $(srcdir)/util/data/dname.h \ - $(srcdir)/util/alloc.h $(srcdir)/util/regional.h $(srcdir)/util/net_help.h $(srcdir)/testcode/readhex.h \ - $(srcdir)/testcode/testpkts.h $(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/str2wire.h $(srcdir)/sldns/wire2str.h -unitneg.lo unitneg.o: $(srcdir)/testcode/unitneg.c config.h $(srcdir)/util/log.h $(srcdir)/util/net_help.h \ - $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h \ - $(srcdir)/util/data/dname.h $(srcdir)/testcode/unitmain.h $(srcdir)/validator/val_neg.h $(srcdir)/util/rbtree.h \ - $(srcdir)/sldns/rrdef.h -unitregional.lo unitregional.o: $(srcdir)/testcode/unitregional.c config.h $(srcdir)/testcode/unitmain.h \ - $(srcdir)/util/log.h $(srcdir)/util/regional.h -unitslabhash.lo unitslabhash.o: $(srcdir)/testcode/unitslabhash.c config.h $(srcdir)/testcode/unitmain.h \ - $(srcdir)/util/log.h $(srcdir)/util/storage/slabhash.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h -unitverify.lo unitverify.o: $(srcdir)/testcode/unitverify.c config.h $(srcdir)/util/log.h \ - $(srcdir)/testcode/unitmain.h $(srcdir)/validator/val_sigcrypt.h $(srcdir)/util/data/packed_rrset.h \ - $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/validator/val_secalgo.h \ - $(srcdir)/validator/val_nsec.h $(srcdir)/validator/val_nsec3.h $(srcdir)/util/rbtree.h \ - $(srcdir)/validator/validator.h $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h \ - $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/validator/val_utils.h \ - $(srcdir)/testcode/testpkts.h $(srcdir)/util/data/dname.h $(srcdir)/util/regional.h $(srcdir)/util/alloc.h \ - $(srcdir)/util/net_help.h $(srcdir)/util/config_file.h $(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/keyraw.h \ - $(srcdir)/sldns/str2wire.h $(srcdir)/sldns/wire2str.h -readhex.lo readhex.o: $(srcdir)/testcode/readhex.c config.h $(srcdir)/testcode/readhex.h $(srcdir)/util/log.h \ - $(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/parseutil.h -testpkts.lo testpkts.o: $(srcdir)/testcode/testpkts.c config.h $(srcdir)/testcode/testpkts.h \ - $(srcdir)/util/net_help.h $(srcdir)/util/log.h $(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/pkthdr.h \ - $(srcdir)/sldns/str2wire.h $(srcdir)/sldns/wire2str.h -unitldns.lo unitldns.o: $(srcdir)/testcode/unitldns.c config.h $(srcdir)/util/log.h $(srcdir)/testcode/unitmain.h \ - $(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/str2wire.h $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/wire2str.h -unitecs.lo unitecs.o: $(srcdir)/testcode/unitecs.c config.h $(srcdir)/util/log.h $(srcdir)/util/module.h \ - $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/data/msgreply.h \ - $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h \ - $(srcdir)/sldns/rrdef.h $(srcdir)/testcode/unitmain.h $(srcdir)/edns-subnet/addrtree.h \ - $(srcdir)/edns-subnet/subnetmod.h $(srcdir)/services/outbound_list.h $(srcdir)/util/alloc.h \ - $(srcdir)/util/net_help.h $(srcdir)/util/storage/slabhash.h $(srcdir)/edns-subnet/edns-subnet.h -acl_list.lo acl_list.o: $(srcdir)/daemon/acl_list.c config.h $(srcdir)/daemon/acl_list.h \ - $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h $(srcdir)/services/view.h $(srcdir)/util/locks.h \ - $(srcdir)/util/log.h $(srcdir)/util/regional.h $(srcdir)/util/config_file.h $(srcdir)/util/net_help.h \ - $(srcdir)/services/localzone.h $(srcdir)/util/module.h $(srcdir)/util/storage/lruhash.h \ - $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h \ - $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/str2wire.h -cachedump.lo cachedump.o: $(srcdir)/daemon/cachedump.c config.h $(srcdir)/daemon/cachedump.h \ - $(srcdir)/daemon/remote.h $(srcdir)/daemon/worker.h $(srcdir)/libunbound/worker.h $(srcdir)/sldns/sbuffer.h \ - $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \ - $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ - $(srcdir)/util/alloc.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h \ - $(srcdir)/sldns/rrdef.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h $(srcdir)/util/module.h \ - $(srcdir)/dnstap/dnstap.h $(srcdir)/services/cache/rrset.h \ - $(srcdir)/util/storage/slabhash.h $(srcdir)/services/cache/dns.h $(srcdir)/services/cache/infra.h \ - $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h $(srcdir)/util/rtt.h $(srcdir)/util/regional.h \ - $(srcdir)/util/net_help.h $(srcdir)/util/data/dname.h $(srcdir)/iterator/iterator.h \ - $(srcdir)/services/outbound_list.h $(srcdir)/iterator/iter_delegpt.h $(srcdir)/iterator/iter_utils.h \ - $(srcdir)/iterator/iter_resptype.h $(srcdir)/iterator/iter_fwd.h $(srcdir)/iterator/iter_hints.h \ - $(srcdir)/sldns/wire2str.h $(srcdir)/sldns/str2wire.h -daemon.lo daemon.o: $(srcdir)/daemon/daemon.c config.h $(srcdir)/daemon/daemon.h $(srcdir)/util/locks.h \ - $(srcdir)/util/log.h $(srcdir)/util/alloc.h $(srcdir)/services/modstack.h \ - $(srcdir)/daemon/worker.h $(srcdir)/libunbound/worker.h \ - $(srcdir)/sldns/sbuffer.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h \ - $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h $(srcdir)/util/data/msgreply.h \ - $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/daemon/stats.h \ - $(srcdir)/util/timehist.h $(srcdir)/util/module.h $(srcdir)/dnstap/dnstap.h $(srcdir)/daemon/remote.h \ - $(srcdir)/daemon/acl_list.h $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h $(srcdir)/services/view.h \ - $(srcdir)/util/config_file.h $(srcdir)/util/shm_side/shm_main.h $(srcdir)/util/storage/lookup3.h \ - $(srcdir)/util/storage/slabhash.h $(srcdir)/services/listen_dnsport.h $(srcdir)/services/cache/rrset.h \ - $(srcdir)/services/cache/infra.h $(srcdir)/util/rtt.h $(srcdir)/services/localzone.h $(srcdir)/util/random.h \ - $(srcdir)/util/tube.h $(srcdir)/util/net_help.h $(srcdir)/sldns/keyraw.h $(srcdir)/respip/respip.h -remote.lo remote.o: $(srcdir)/daemon/remote.c config.h $(srcdir)/daemon/remote.h $(srcdir)/daemon/worker.h \ - $(srcdir)/libunbound/worker.h $(srcdir)/sldns/sbuffer.h $(srcdir)/util/data/packed_rrset.h \ - $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/netevent.h \ - $(srcdir)/dnscrypt/dnscrypt.h $(srcdir)/util/alloc.h \ - $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h \ - $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h $(srcdir)/util/module.h $(srcdir)/dnstap/dnstap.h \ - $(srcdir)/daemon/daemon.h $(srcdir)/services/modstack.h \ - $(srcdir)/daemon/cachedump.h $(srcdir)/util/config_file.h $(srcdir)/util/net_help.h \ - $(srcdir)/services/listen_dnsport.h $(srcdir)/services/cache/rrset.h $(srcdir)/util/storage/slabhash.h \ - $(srcdir)/services/cache/infra.h $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h $(srcdir)/util/rtt.h \ - $(srcdir)/services/mesh.h $(srcdir)/services/localzone.h $(srcdir)/services/view.h $(srcdir)/util/fptr_wlist.h \ - $(srcdir)/util/tube.h $(srcdir)/util/data/dname.h $(srcdir)/validator/validator.h \ - $(srcdir)/validator/val_utils.h $(srcdir)/validator/val_kcache.h $(srcdir)/validator/val_kentry.h \ - $(srcdir)/validator/val_anchor.h $(srcdir)/iterator/iterator.h $(srcdir)/services/outbound_list.h \ - $(srcdir)/iterator/iter_fwd.h $(srcdir)/iterator/iter_hints.h $(srcdir)/iterator/iter_delegpt.h \ - $(srcdir)/services/outside_network.h $(srcdir)/sldns/str2wire.h $(srcdir)/sldns/parseutil.h \ - $(srcdir)/sldns/wire2str.h -stats.lo stats.o: $(srcdir)/daemon/stats.c config.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h \ - $(srcdir)/daemon/worker.h $(srcdir)/libunbound/worker.h $(srcdir)/sldns/sbuffer.h \ - $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \ - $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ - $(srcdir)/util/alloc.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h \ - $(srcdir)/sldns/rrdef.h $(srcdir)/util/module.h $(srcdir)/dnstap/dnstap.h \ - $(srcdir)/daemon/daemon.h $(srcdir)/services/modstack.h $(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h \ - $(srcdir)/services/outside_network.h $(srcdir)/services/listen_dnsport.h $(srcdir)/util/config_file.h \ - $(srcdir)/util/tube.h $(srcdir)/util/net_help.h $(srcdir)/validator/validator.h $(srcdir)/validator/val_utils.h \ - $(srcdir)/services/cache/rrset.h $(srcdir)/util/storage/slabhash.h $(srcdir)/services/cache/infra.h \ - $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rtt.h $(srcdir)/validator/val_kcache.h -unbound.lo unbound.o: $(srcdir)/daemon/unbound.c config.h $(srcdir)/util/log.h $(srcdir)/daemon/daemon.h \ - $(srcdir)/util/locks.h $(srcdir)/util/alloc.h $(srcdir)/services/modstack.h \ - $(srcdir)/daemon/remote.h $(srcdir)/util/config_file.h \ - $(srcdir)/util/storage/slabhash.h $(srcdir)/util/storage/lruhash.h $(srcdir)/services/listen_dnsport.h \ - $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h $(srcdir)/services/cache/rrset.h \ - $(srcdir)/util/data/packed_rrset.h $(srcdir)/services/cache/infra.h $(srcdir)/util/storage/dnstree.h \ - $(srcdir)/util/rbtree.h $(srcdir)/util/rtt.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/fptr_wlist.h \ - $(srcdir)/util/module.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h \ - $(srcdir)/util/tube.h $(srcdir)/services/mesh.h $(srcdir)/util/net_help.h $(srcdir)/util/ub_event.h -worker.lo worker.o: $(srcdir)/daemon/worker.c config.h $(srcdir)/util/log.h $(srcdir)/util/net_help.h \ - $(srcdir)/util/random.h $(srcdir)/daemon/worker.h $(srcdir)/libunbound/worker.h $(srcdir)/sldns/sbuffer.h \ - $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h \ - $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ - $(srcdir)/util/alloc.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h \ - $(srcdir)/sldns/rrdef.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h $(srcdir)/util/module.h \ - $(srcdir)/dnstap/dnstap.h $(srcdir)/daemon/daemon.h \ - $(srcdir)/services/modstack.h $(srcdir)/daemon/remote.h $(srcdir)/daemon/acl_list.h \ - $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h $(srcdir)/services/view.h $(srcdir)/util/config_file.h \ - $(srcdir)/util/regional.h $(srcdir)/util/storage/slabhash.h $(srcdir)/services/listen_dnsport.h \ - $(srcdir)/services/outside_network.h $(srcdir)/services/outbound_list.h \ - $(srcdir)/services/cache/rrset.h $(srcdir)/services/cache/infra.h $(srcdir)/util/rtt.h \ - $(srcdir)/services/cache/dns.h $(srcdir)/services/mesh.h $(srcdir)/services/localzone.h \ - $(srcdir)/util/data/msgencode.h $(srcdir)/util/data/dname.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/tube.h \ - $(srcdir)/iterator/iter_fwd.h $(srcdir)/iterator/iter_hints.h $(srcdir)/validator/autotrust.h \ - $(srcdir)/validator/val_anchor.h $(srcdir)/respip/respip.h $(srcdir)/libunbound/context.h \ - $(srcdir)/libunbound/unbound.h $(srcdir)/libunbound/libworker.h $(srcdir)/sldns/wire2str.h \ - $(srcdir)/util/shm_side/shm_main.h -testbound.lo testbound.o: $(srcdir)/testcode/testbound.c config.h $(srcdir)/testcode/testpkts.h \ - $(srcdir)/testcode/replay.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ - $(srcdir)/util/rbtree.h $(srcdir)/testcode/fake_event.h \ - $(srcdir)/daemon/remote.h $(srcdir)/util/config_file.h $(srcdir)/sldns/keyraw.h $(srcdir)/daemon/unbound.c \ - $(srcdir)/util/log.h $(srcdir)/daemon/daemon.h $(srcdir)/util/locks.h $(srcdir)/util/alloc.h $(srcdir)/services/modstack.h \ - $(srcdir)/util/storage/slabhash.h $(srcdir)/util/storage/lruhash.h \ - $(srcdir)/services/listen_dnsport.h $(srcdir)/services/cache/rrset.h \ - $(srcdir)/util/data/packed_rrset.h $(srcdir)/services/cache/infra.h $(srcdir)/util/storage/dnstree.h \ - $(srcdir)/util/rtt.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/module.h \ - $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/tube.h \ - $(srcdir)/services/mesh.h $(srcdir)/util/net_help.h $(srcdir)/util/ub_event.h -testpkts.lo testpkts.o: $(srcdir)/testcode/testpkts.c config.h $(srcdir)/testcode/testpkts.h \ - $(srcdir)/util/net_help.h $(srcdir)/util/log.h $(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/pkthdr.h \ - $(srcdir)/sldns/str2wire.h $(srcdir)/sldns/wire2str.h -worker.lo worker.o: $(srcdir)/daemon/worker.c config.h $(srcdir)/util/log.h $(srcdir)/util/net_help.h \ - $(srcdir)/util/random.h $(srcdir)/daemon/worker.h $(srcdir)/libunbound/worker.h $(srcdir)/sldns/sbuffer.h \ - $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h \ - $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ - $(srcdir)/util/alloc.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h \ - $(srcdir)/sldns/rrdef.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h $(srcdir)/util/module.h \ - $(srcdir)/dnstap/dnstap.h $(srcdir)/daemon/daemon.h \ - $(srcdir)/services/modstack.h $(srcdir)/daemon/remote.h $(srcdir)/daemon/acl_list.h \ - $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h $(srcdir)/services/view.h $(srcdir)/util/config_file.h \ - $(srcdir)/util/regional.h $(srcdir)/util/storage/slabhash.h $(srcdir)/services/listen_dnsport.h \ - $(srcdir)/services/outside_network.h $(srcdir)/services/outbound_list.h \ - $(srcdir)/services/cache/rrset.h $(srcdir)/services/cache/infra.h $(srcdir)/util/rtt.h \ - $(srcdir)/services/cache/dns.h $(srcdir)/services/mesh.h $(srcdir)/services/localzone.h \ - $(srcdir)/util/data/msgencode.h $(srcdir)/util/data/dname.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/tube.h \ - $(srcdir)/iterator/iter_fwd.h $(srcdir)/iterator/iter_hints.h $(srcdir)/validator/autotrust.h \ - $(srcdir)/validator/val_anchor.h $(srcdir)/respip/respip.h $(srcdir)/libunbound/context.h \ - $(srcdir)/libunbound/unbound.h $(srcdir)/libunbound/libworker.h $(srcdir)/sldns/wire2str.h \ - $(srcdir)/util/shm_side/shm_main.h -acl_list.lo acl_list.o: $(srcdir)/daemon/acl_list.c config.h $(srcdir)/daemon/acl_list.h \ - $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h $(srcdir)/services/view.h $(srcdir)/util/locks.h \ - $(srcdir)/util/log.h $(srcdir)/util/regional.h $(srcdir)/util/config_file.h $(srcdir)/util/net_help.h \ - $(srcdir)/services/localzone.h $(srcdir)/util/module.h $(srcdir)/util/storage/lruhash.h \ - $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h \ - $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/str2wire.h -daemon.lo daemon.o: $(srcdir)/daemon/daemon.c config.h $(srcdir)/daemon/daemon.h $(srcdir)/util/locks.h \ - $(srcdir)/util/log.h $(srcdir)/util/alloc.h $(srcdir)/services/modstack.h \ - $(srcdir)/daemon/worker.h $(srcdir)/libunbound/worker.h \ - $(srcdir)/sldns/sbuffer.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h \ - $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h $(srcdir)/util/data/msgreply.h \ - $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/daemon/stats.h \ - $(srcdir)/util/timehist.h $(srcdir)/util/module.h $(srcdir)/dnstap/dnstap.h $(srcdir)/daemon/remote.h \ - $(srcdir)/daemon/acl_list.h $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h $(srcdir)/services/view.h \ - $(srcdir)/util/config_file.h $(srcdir)/util/shm_side/shm_main.h $(srcdir)/util/storage/lookup3.h \ - $(srcdir)/util/storage/slabhash.h $(srcdir)/services/listen_dnsport.h $(srcdir)/services/cache/rrset.h \ - $(srcdir)/services/cache/infra.h $(srcdir)/util/rtt.h $(srcdir)/services/localzone.h $(srcdir)/util/random.h \ - $(srcdir)/util/tube.h $(srcdir)/util/net_help.h $(srcdir)/sldns/keyraw.h $(srcdir)/respip/respip.h -stats.lo stats.o: $(srcdir)/daemon/stats.c config.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h \ - $(srcdir)/daemon/worker.h $(srcdir)/libunbound/worker.h $(srcdir)/sldns/sbuffer.h \ - $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \ - $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ - $(srcdir)/util/alloc.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h \ - $(srcdir)/sldns/rrdef.h $(srcdir)/util/module.h $(srcdir)/dnstap/dnstap.h \ - $(srcdir)/daemon/daemon.h $(srcdir)/services/modstack.h $(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h \ - $(srcdir)/services/outside_network.h $(srcdir)/services/listen_dnsport.h $(srcdir)/util/config_file.h \ - $(srcdir)/util/tube.h $(srcdir)/util/net_help.h $(srcdir)/validator/validator.h $(srcdir)/validator/val_utils.h \ - $(srcdir)/services/cache/rrset.h $(srcdir)/util/storage/slabhash.h $(srcdir)/services/cache/infra.h \ - $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rtt.h $(srcdir)/validator/val_kcache.h -replay.lo replay.o: $(srcdir)/testcode/replay.c config.h $(srcdir)/util/log.h $(srcdir)/util/net_help.h \ - $(srcdir)/util/config_file.h $(srcdir)/testcode/replay.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ - $(srcdir)/testcode/testpkts.h $(srcdir)/util/rbtree.h \ - $(srcdir)/testcode/fake_event.h $(srcdir)/sldns/str2wire.h $(srcdir)/sldns/rrdef.h -fake_event.lo fake_event.o: $(srcdir)/testcode/fake_event.c config.h $(srcdir)/testcode/fake_event.h \ - $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ - $(srcdir)/util/net_help.h $(srcdir)/util/log.h $(srcdir)/util/data/msgparse.h $(srcdir)/util/storage/lruhash.h \ - $(srcdir)/util/locks.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/data/msgreply.h \ - $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgencode.h $(srcdir)/util/data/dname.h \ - $(srcdir)/util/config_file.h $(srcdir)/services/listen_dnsport.h $(srcdir)/services/outside_network.h \ - $(srcdir)/util/rbtree.h $(srcdir)/services/cache/infra.h \ - $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rtt.h $(srcdir)/testcode/replay.h $(srcdir)/testcode/testpkts.h \ - $(srcdir)/util/fptr_wlist.h $(srcdir)/util/module.h $(srcdir)/util/tube.h $(srcdir)/services/mesh.h \ - $(srcdir)/services/modstack.h $(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/wire2str.h $(srcdir)/sldns/str2wire.h -lock_verify.lo lock_verify.o: $(srcdir)/testcode/lock_verify.c config.h $(srcdir)/util/log.h $(srcdir)/util/rbtree.h \ - $(srcdir)/util/locks.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ - $(srcdir)/util/storage/lruhash.h $(srcdir)/util/module.h \ - $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h \ - $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/tube.h $(srcdir)/services/mesh.h \ - $(srcdir)/services/modstack.h -pktview.lo pktview.o: $(srcdir)/testcode/pktview.c config.h $(srcdir)/util/log.h $(srcdir)/util/data/dname.h \ - $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h \ - $(srcdir)/sldns/rrdef.h $(srcdir)/testcode/unitmain.h $(srcdir)/testcode/readhex.h $(srcdir)/sldns/sbuffer.h \ - $(srcdir)/sldns/parseutil.h -readhex.lo readhex.o: $(srcdir)/testcode/readhex.c config.h $(srcdir)/testcode/readhex.h $(srcdir)/util/log.h \ - $(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/parseutil.h -memstats.lo memstats.o: $(srcdir)/testcode/memstats.c config.h $(srcdir)/util/log.h $(srcdir)/util/rbtree.h \ - $(srcdir)/util/locks.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ - $(srcdir)/util/storage/lruhash.h $(srcdir)/util/module.h \ - $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h \ - $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/tube.h $(srcdir)/services/mesh.h \ - $(srcdir)/services/modstack.h -unbound-checkconf.lo unbound-checkconf.o: $(srcdir)/smallapp/unbound-checkconf.c config.h $(srcdir)/util/log.h \ - $(srcdir)/util/config_file.h $(srcdir)/util/module.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h \ - $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h \ - $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/net_help.h $(srcdir)/util/regional.h \ - $(srcdir)/iterator/iterator.h $(srcdir)/services/outbound_list.h $(srcdir)/iterator/iter_fwd.h \ - $(srcdir)/util/rbtree.h $(srcdir)/iterator/iter_hints.h $(srcdir)/util/storage/dnstree.h \ - $(srcdir)/validator/validator.h $(srcdir)/validator/val_utils.h $(srcdir)/services/localzone.h \ - $(srcdir)/services/view.h $(srcdir)/respip/respip.h $(srcdir)/sldns/sbuffer.h -worker_cb.lo worker_cb.o: $(srcdir)/smallapp/worker_cb.c config.h $(srcdir)/libunbound/context.h \ - $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/alloc.h $(srcdir)/util/rbtree.h $(srcdir)/services/modstack.h \ - $(srcdir)/libunbound/unbound.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h \ - $(srcdir)/libunbound/worker.h $(srcdir)/sldns/sbuffer.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/netevent.h \ - $(srcdir)/dnscrypt/dnscrypt.h $(srcdir)/util/module.h \ - $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h \ - $(srcdir)/util/tube.h $(srcdir)/services/mesh.h -context.lo context.o: $(srcdir)/libunbound/context.c config.h $(srcdir)/libunbound/context.h \ - $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/alloc.h $(srcdir)/util/rbtree.h $(srcdir)/services/modstack.h \ - $(srcdir)/libunbound/unbound.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h \ - $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h \ - $(srcdir)/sldns/rrdef.h $(srcdir)/util/config_file.h $(srcdir)/util/net_help.h $(srcdir)/services/localzone.h \ - $(srcdir)/util/storage/dnstree.h $(srcdir)/services/view.h $(srcdir)/services/cache/rrset.h \ - $(srcdir)/util/storage/slabhash.h $(srcdir)/services/cache/infra.h $(srcdir)/util/rtt.h \ - $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ - $(srcdir)/sldns/sbuffer.h -libunbound.lo libunbound.o: $(srcdir)/libunbound/libunbound.c $(srcdir)/libunbound/unbound.h \ - $(srcdir)/libunbound/unbound-event.h config.h $(srcdir)/libunbound/context.h $(srcdir)/util/locks.h \ - $(srcdir)/util/log.h $(srcdir)/util/alloc.h $(srcdir)/util/rbtree.h $(srcdir)/services/modstack.h \ - $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h $(srcdir)/libunbound/libworker.h \ - $(srcdir)/util/config_file.h $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h \ - $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/regional.h \ - $(srcdir)/util/random.h $(srcdir)/util/net_help.h $(srcdir)/util/tube.h $(srcdir)/util/ub_event.h \ - $(srcdir)/services/localzone.h $(srcdir)/util/storage/dnstree.h $(srcdir)/services/view.h \ - $(srcdir)/services/cache/infra.h $(srcdir)/util/rtt.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ - $(srcdir)/services/cache/rrset.h \ - $(srcdir)/util/storage/slabhash.h $(srcdir)/sldns/sbuffer.h -libworker.lo libworker.o: $(srcdir)/libunbound/libworker.c config.h $(srcdir)/libunbound/libworker.h \ - $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \ - $(srcdir)/libunbound/context.h $(srcdir)/util/alloc.h $(srcdir)/util/rbtree.h $(srcdir)/services/modstack.h \ - $(srcdir)/libunbound/unbound.h $(srcdir)/libunbound/worker.h $(srcdir)/sldns/sbuffer.h \ - $(srcdir)/libunbound/unbound-event.h $(srcdir)/services/outside_network.h $(srcdir)/util/netevent.h \ - $(srcdir)/dnscrypt/dnscrypt.h \ - $(srcdir)/services/mesh.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h \ - $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h $(srcdir)/services/localzone.h \ - $(srcdir)/util/storage/dnstree.h $(srcdir)/services/view.h $(srcdir)/services/cache/rrset.h \ - $(srcdir)/util/storage/slabhash.h $(srcdir)/services/outbound_list.h $(srcdir)/util/fptr_wlist.h \ - $(srcdir)/util/tube.h $(srcdir)/util/regional.h $(srcdir)/util/random.h $(srcdir)/util/config_file.h \ - $(srcdir)/util/storage/lookup3.h $(srcdir)/util/net_help.h $(srcdir)/util/data/dname.h \ - $(srcdir)/util/data/msgencode.h $(srcdir)/iterator/iter_fwd.h $(srcdir)/iterator/iter_hints.h \ - $(srcdir)/sldns/str2wire.h -unbound-host.lo unbound-host.o: $(srcdir)/smallapp/unbound-host.c config.h $(srcdir)/libunbound/unbound.h \ - $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/wire2str.h -asynclook.lo asynclook.o: $(srcdir)/testcode/asynclook.c config.h $(srcdir)/libunbound/unbound.h \ - $(srcdir)/libunbound/context.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/alloc.h $(srcdir)/util/rbtree.h \ - $(srcdir)/services/modstack.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h \ - $(srcdir)/sldns/rrdef.h -streamtcp.lo streamtcp.o: $(srcdir)/testcode/streamtcp.c config.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \ - $(srcdir)/util/net_help.h $(srcdir)/util/data/msgencode.h $(srcdir)/util/data/msgparse.h \ - $(srcdir)/util/storage/lruhash.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/data/msgreply.h \ - $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/dname.h $(srcdir)/sldns/sbuffer.h \ - $(srcdir)/sldns/str2wire.h $(srcdir)/sldns/wire2str.h -perf.lo perf.o: $(srcdir)/testcode/perf.c config.h $(srcdir)/util/log.h $(srcdir)/util/locks.h $(srcdir)/util/net_help.h \ - $(srcdir)/util/data/msgencode.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/storage/lruhash.h \ - $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h \ - $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/wire2str.h $(srcdir)/sldns/str2wire.h -delayer.lo delayer.o: $(srcdir)/testcode/delayer.c config.h $(srcdir)/util/net_help.h $(srcdir)/util/log.h \ - $(srcdir)/util/config_file.h $(srcdir)/sldns/sbuffer.h -unbound-control.lo unbound-control.o: $(srcdir)/smallapp/unbound-control.c config.h $(srcdir)/util/log.h \ - $(srcdir)/util/config_file.h $(srcdir)/util/locks.h $(srcdir)/util/net_help.h $(srcdir)/util/shm_side/shm_main.h \ - $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h $(srcdir)/sldns/wire2str.h $(srcdir)/sldns/pkthdr.h -unbound-anchor.lo unbound-anchor.o: $(srcdir)/smallapp/unbound-anchor.c config.h $(srcdir)/libunbound/unbound.h \ - $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/parseutil.h -petal.lo petal.o: $(srcdir)/testcode/petal.c config.h -pythonmod_utils.lo pythonmod_utils.o: $(srcdir)/pythonmod/pythonmod_utils.c config.h $(srcdir)/util/module.h \ - $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/data/msgreply.h \ - $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h \ - $(srcdir)/sldns/rrdef.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ - $(srcdir)/util/net_help.h $(srcdir)/services/cache/dns.h \ - $(srcdir)/services/cache/rrset.h $(srcdir)/util/storage/slabhash.h $(srcdir)/util/regional.h \ - $(srcdir)/iterator/iter_delegpt.h $(srcdir)/sldns/sbuffer.h -win_svc.lo win_svc.o: $(srcdir)/winrc/win_svc.c config.h $(srcdir)/winrc/win_svc.h $(srcdir)/winrc/w_inst.h \ - $(srcdir)/daemon/daemon.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/alloc.h $(srcdir)/services/modstack.h \ - $(srcdir)/daemon/worker.h \ - $(srcdir)/libunbound/worker.h $(srcdir)/sldns/sbuffer.h $(srcdir)/util/data/packed_rrset.h \ - $(srcdir)/util/storage/lruhash.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ - $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h \ - $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h $(srcdir)/util/module.h $(srcdir)/dnstap/dnstap.h \ - $(srcdir)/daemon/remote.h $(srcdir)/util/config_file.h $(srcdir)/util/ub_event.h -w_inst.lo w_inst.o: $(srcdir)/winrc/w_inst.c config.h $(srcdir)/winrc/w_inst.h $(srcdir)/winrc/win_svc.h -unbound-service-install.lo unbound-service-install.o: $(srcdir)/winrc/unbound-service-install.c config.h \ - $(srcdir)/winrc/w_inst.h -unbound-service-remove.lo unbound-service-remove.o: $(srcdir)/winrc/unbound-service-remove.c config.h \ - $(srcdir)/winrc/w_inst.h -anchor-update.lo anchor-update.o: $(srcdir)/winrc/anchor-update.c config.h $(srcdir)/libunbound/unbound.h \ - $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/wire2str.h -keyraw.lo keyraw.o: $(srcdir)/sldns/keyraw.c config.h $(srcdir)/sldns/keyraw.h $(srcdir)/sldns/rrdef.h -sbuffer.lo sbuffer.o: $(srcdir)/sldns/sbuffer.c config.h $(srcdir)/sldns/sbuffer.h -wire2str.lo wire2str.o: $(srcdir)/sldns/wire2str.c config.h $(srcdir)/sldns/wire2str.h $(srcdir)/sldns/str2wire.h \ - $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/parseutil.h $(srcdir)/sldns/sbuffer.h \ - $(srcdir)/sldns/keyraw.h -parse.lo parse.o: $(srcdir)/sldns/parse.c config.h $(srcdir)/sldns/parse.h $(srcdir)/sldns/parseutil.h \ - $(srcdir)/sldns/sbuffer.h -parseutil.lo parseutil.o: $(srcdir)/sldns/parseutil.c config.h $(srcdir)/sldns/parseutil.h -rrdef.lo rrdef.o: $(srcdir)/sldns/rrdef.c config.h $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/parseutil.h -str2wire.lo str2wire.o: $(srcdir)/sldns/str2wire.c config.h $(srcdir)/sldns/str2wire.h $(srcdir)/sldns/rrdef.h \ - $(srcdir)/sldns/wire2str.h $(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/parse.h $(srcdir)/sldns/parseutil.h -ctime_r.lo ctime_r.o: $(srcdir)/compat/ctime_r.c config.h $(srcdir)/util/locks.h $(srcdir)/util/log.h -fake-rfc2553.lo fake-rfc2553.o: $(srcdir)/compat/fake-rfc2553.c $(srcdir)/compat/fake-rfc2553.h config.h -gmtime_r.lo gmtime_r.o: $(srcdir)/compat/gmtime_r.c config.h -inet_aton.lo inet_aton.o: $(srcdir)/compat/inet_aton.c config.h -inet_ntop.lo inet_ntop.o: $(srcdir)/compat/inet_ntop.c config.h -inet_pton.lo inet_pton.o: $(srcdir)/compat/inet_pton.c config.h -malloc.lo malloc.o: $(srcdir)/compat/malloc.c config.h -memcmp.lo memcmp.o: $(srcdir)/compat/memcmp.c config.h -memmove.lo memmove.o: $(srcdir)/compat/memmove.c config.h -snprintf.lo snprintf.o: $(srcdir)/compat/snprintf.c config.h -strlcat.lo strlcat.o: $(srcdir)/compat/strlcat.c config.h -strlcpy.lo strlcpy.o: $(srcdir)/compat/strlcpy.c config.h -strptime.lo strptime.o: $(srcdir)/compat/strptime.c config.h -getentropy_linux.lo getentropy_linux.o: $(srcdir)/compat/getentropy_linux.c config.h -getentropy_osx.lo getentropy_osx.o: $(srcdir)/compat/getentropy_osx.c config.h -getentropy_solaris.lo getentropy_solaris.o: $(srcdir)/compat/getentropy_solaris.c config.h -getentropy_win.lo getentropy_win.o: $(srcdir)/compat/getentropy_win.c -explicit_bzero.lo explicit_bzero.o: $(srcdir)/compat/explicit_bzero.c config.h -arc4random.lo arc4random.o: $(srcdir)/compat/arc4random.c config.h $(srcdir)/compat/chacha_private.h -arc4random_uniform.lo arc4random_uniform.o: $(srcdir)/compat/arc4random_uniform.c config.h -arc4_lock.lo arc4_lock.o: $(srcdir)/compat/arc4_lock.c config.h $(srcdir)/util/locks.h -sha512.lo sha512.o: $(srcdir)/compat/sha512.c config.h -reallocarray.lo reallocarray.o: $(srcdir)/compat/reallocarray.c config.h -isblank.lo isblank.o: $(srcdir)/compat/isblank.c config.h -strsep.lo strsep.o: $(srcdir)/compat/strsep.c config.h diff --git a/external/unbound/README b/external/unbound/README deleted file mode 100644 index 85f918228..000000000 --- a/external/unbound/README +++ /dev/null @@ -1,10 +0,0 @@ -Unbound README -* ./configure && make && make install -* You can use libevent if you want. libevent is useful when using - many (10000) outgoing ports. By default max 256 ports are opened at - the same time and the builtin alternative is equally capable and a - little faster. -* More detailed README, README.svn, README.tests in doc directory -* manual pages can be found in doc directory, and are installed, unbound(8). -* example configuration file doc/example.conf - diff --git a/external/unbound/ac_pkg_swig.m4 b/external/unbound/ac_pkg_swig.m4 deleted file mode 100644 index 87f99fb2f..000000000 --- a/external/unbound/ac_pkg_swig.m4 +++ /dev/null @@ -1,133 +0,0 @@ -# =========================================================================== -# http://autoconf-archive.cryp.to/ac_pkg_swig.html -# =========================================================================== -# -# SYNOPSIS -# -# AC_PROG_SWIG([major.minor.micro]) -# -# DESCRIPTION -# -# This macro searches for a SWIG installation on your system. If found you -# should call SWIG via $(SWIG). You can use the optional first argument to -# check if the version of the available SWIG is greater than or equal to -# the value of the argument. It should have the format: N[.N[.N]] (N is a -# number between 0 and 999. Only the first N is mandatory.) -# -# If the version argument is given (e.g. 1.3.17), AC_PROG_SWIG checks that -# the swig package is this version number or higher. -# -# In configure.in, use as: -# -# AC_PROG_SWIG(1.3.17) -# SWIG_ENABLE_CXX -# SWIG_MULTI_MODULE_SUPPORT -# SWIG_PYTHON -# -# LAST MODIFICATION -# -# 2008-04-12 -# -# COPYLEFT -# -# Copyright (c) 2008 Sebastian Huber -# Copyright (c) 2008 Alan W. Irwin -# Copyright (c) 2008 Rafael Laboissiere -# Copyright (c) 2008 Andrew Collier -# -# This program is free software; you can redistribute it and/or modify it -# under the terms of the GNU General Public License as published by the -# Free Software Foundation; either version 2 of the License, or (at your -# option) any later version. -# -# This program is distributed in the hope that it will be useful, but -# WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General -# Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program. If not, see . -# -# As a special exception, the respective Autoconf Macro's copyright owner -# gives unlimited permission to copy, distribute and modify the configure -# scripts that are the output of Autoconf when processing the Macro. You -# need not follow the terms of the GNU General Public License when using -# or distributing such scripts, even though portions of the text of the -# Macro appear in them. The GNU General Public License (GPL) does govern -# all other use of the material that constitutes the Autoconf Macro. -# -# This special exception to the GPL applies to versions of the Autoconf -# Macro released by the Autoconf Macro Archive. When you make and -# distribute a modified version of the Autoconf Macro, you may extend this -# special exception to the GPL to apply to your modified version as well. - -AC_DEFUN([AC_PROG_SWIG],[ - AC_PATH_PROG([SWIG],[swig]) - if test -z "$SWIG" ; then - AC_MSG_WARN([cannot find 'swig' program. You should look at http://www.swig.org]) - SWIG='echo "Error: SWIG is not installed. You should look at http://www.swig.org" ; false' - elif test -n "$1" ; then - AC_MSG_CHECKING([for SWIG version]) - [swig_version=`$SWIG -version 2>&1 | grep 'SWIG Version' | sed 's/.*\([0-9][0-9]*\.[0-9][0-9]*\.[0-9][0-9]*\).*/\1/g'`] - AC_MSG_RESULT([$swig_version]) - if test -n "$swig_version" ; then - # Calculate the required version number components - [required=$1] - [required_major=`echo $required | sed 's/[^0-9].*//'`] - if test -z "$required_major" ; then - [required_major=0] - fi - [required=`echo $required | sed 's/[0-9]*[^0-9]//'`] - [required_minor=`echo $required | sed 's/[^0-9].*//'`] - if test -z "$required_minor" ; then - [required_minor=0] - fi - [required=`echo $required | sed 's/[0-9]*[^0-9]//'`] - [required_patch=`echo $required | sed 's/[^0-9].*//'`] - if test -z "$required_patch" ; then - [required_patch=0] - fi - # Calculate the available version number components - [available=$swig_version] - [available_major=`echo $available | sed 's/[^0-9].*//'`] - if test -z "$available_major" ; then - [available_major=0] - fi - [available=`echo $available | sed 's/[0-9]*[^0-9]//'`] - [available_minor=`echo $available | sed 's/[^0-9].*//'`] - if test -z "$available_minor" ; then - [available_minor=0] - fi - [available=`echo $available | sed 's/[0-9]*[^0-9]//'`] - [available_patch=`echo $available | sed 's/[^0-9].*//'`] - if test -z "$available_patch" ; then - [available_patch=0] - fi - [badversion=0] - if test $available_major -lt $required_major ; then - [badversion=1] - fi - if test $available_major -eq $required_major \ - -a $available_minor -lt $required_minor ; then - [badversion=1] - fi - if test $available_major -eq $required_major \ - -a $available_minor -eq $required_minor \ - -a $available_patch -lt $required_patch ; then - [badversion=1] - fi - if test $badversion -eq 1 ; then - AC_MSG_WARN([SWIG version >= $1 is required. You have $swig_version. You should look at http://www.swig.org]) - SWIG='echo "Error: SWIG version >= $1 is required. You have '"$swig_version"'. You should look at http://www.swig.org" ; false' - else - AC_MSG_NOTICE([SWIG executable is '$SWIG']) - SWIG_LIB=`$SWIG -swiglib` - AC_MSG_NOTICE([SWIG library directory is '$SWIG_LIB']) - fi - else - AC_MSG_WARN([cannot determine SWIG version]) - SWIG='echo "Error: Cannot determine SWIG version. You should look at http://www.swig.org" ; false' - fi - fi - AC_SUBST([SWIG_LIB]) -]) diff --git a/external/unbound/aclocal.m4 b/external/unbound/aclocal.m4 deleted file mode 100644 index f21da5394..000000000 --- a/external/unbound/aclocal.m4 +++ /dev/null @@ -1,9372 +0,0 @@ -# generated automatically by aclocal 1.15 -*- Autoconf -*- - -# Copyright (C) 1996-2014 Free Software Foundation, Inc. - -# This file is free software; the Free Software Foundation -# gives unlimited permission to copy and/or distribute it, -# with or without modifications, as long as this notice is preserved. - -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY, to the extent permitted by law; without -# even the implied warranty of MERCHANTABILITY or FITNESS FOR A -# PARTICULAR PURPOSE. - -m4_ifndef([AC_CONFIG_MACRO_DIRS], [m4_defun([_AM_CONFIG_MACRO_DIRS], [])m4_defun([AC_CONFIG_MACRO_DIRS], [_AM_CONFIG_MACRO_DIRS($@)])]) -# libtool.m4 - Configure libtool for the host system. -*-Autoconf-*- -# -# Copyright (C) 1996-2001, 2003-2015 Free Software Foundation, Inc. -# Written by Gordon Matzigkeit, 1996 -# -# This file is free software; the Free Software Foundation gives -# unlimited permission to copy and/or distribute it, with or without -# modifications, as long as this notice is preserved. - -m4_define([_LT_COPYING], [dnl -# Copyright (C) 2014 Free Software Foundation, Inc. -# This is free software; see the source for copying conditions. There is NO -# warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. - -# GNU Libtool is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; either version 2 of of the License, or -# (at your option) any later version. -# -# As a special exception to the GNU General Public License, if you -# distribute this file as part of a program or library that is built -# using GNU Libtool, you may include this file under the same -# distribution terms that you use for the rest of that program. -# -# GNU Libtool is distributed in the hope that it will be useful, but -# WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . -]) - -# serial 58 LT_INIT - - -# LT_PREREQ(VERSION) -# ------------------ -# Complain and exit if this libtool version is less that VERSION. -m4_defun([LT_PREREQ], -[m4_if(m4_version_compare(m4_defn([LT_PACKAGE_VERSION]), [$1]), -1, - [m4_default([$3], - [m4_fatal([Libtool version $1 or higher is required], - 63)])], - [$2])]) - - -# _LT_CHECK_BUILDDIR -# ------------------ -# Complain if the absolute build directory name contains unusual characters -m4_defun([_LT_CHECK_BUILDDIR], -[case `pwd` in - *\ * | *\ *) - AC_MSG_WARN([Libtool does not cope well with whitespace in `pwd`]) ;; -esac -]) - - -# LT_INIT([OPTIONS]) -# ------------------ -AC_DEFUN([LT_INIT], -[AC_PREREQ([2.62])dnl We use AC_PATH_PROGS_FEATURE_CHECK -AC_REQUIRE([AC_CONFIG_AUX_DIR_DEFAULT])dnl -AC_BEFORE([$0], [LT_LANG])dnl -AC_BEFORE([$0], [LT_OUTPUT])dnl -AC_BEFORE([$0], [LTDL_INIT])dnl -m4_require([_LT_CHECK_BUILDDIR])dnl - -dnl Autoconf doesn't catch unexpanded LT_ macros by default: -m4_pattern_forbid([^_?LT_[A-Z_]+$])dnl -m4_pattern_allow([^(_LT_EOF|LT_DLGLOBAL|LT_DLLAZY_OR_NOW|LT_MULTI_MODULE)$])dnl -dnl aclocal doesn't pull ltoptions.m4, ltsugar.m4, or ltversion.m4 -dnl unless we require an AC_DEFUNed macro: -AC_REQUIRE([LTOPTIONS_VERSION])dnl -AC_REQUIRE([LTSUGAR_VERSION])dnl -AC_REQUIRE([LTVERSION_VERSION])dnl -AC_REQUIRE([LTOBSOLETE_VERSION])dnl -m4_require([_LT_PROG_LTMAIN])dnl - -_LT_SHELL_INIT([SHELL=${CONFIG_SHELL-/bin/sh}]) - -dnl Parse OPTIONS -_LT_SET_OPTIONS([$0], [$1]) - -# This can be used to rebuild libtool when needed -LIBTOOL_DEPS=$ltmain - -# Always use our own libtool. -LIBTOOL='$(SHELL) $(top_builddir)/libtool' -AC_SUBST(LIBTOOL)dnl - -_LT_SETUP - -# Only expand once: -m4_define([LT_INIT]) -])# LT_INIT - -# Old names: -AU_ALIAS([AC_PROG_LIBTOOL], [LT_INIT]) -AU_ALIAS([AM_PROG_LIBTOOL], [LT_INIT]) -dnl aclocal-1.4 backwards compatibility: -dnl AC_DEFUN([AC_PROG_LIBTOOL], []) -dnl AC_DEFUN([AM_PROG_LIBTOOL], []) - - -# _LT_PREPARE_CC_BASENAME -# ----------------------- -m4_defun([_LT_PREPARE_CC_BASENAME], [ -# Calculate cc_basename. Skip known compiler wrappers and cross-prefix. -func_cc_basename () -{ - for cc_temp in @S|@*""; do - case $cc_temp in - compile | *[[\\/]]compile | ccache | *[[\\/]]ccache ) ;; - distcc | *[[\\/]]distcc | purify | *[[\\/]]purify ) ;; - \-*) ;; - *) break;; - esac - done - func_cc_basename_result=`$ECHO "$cc_temp" | $SED "s%.*/%%; s%^$host_alias-%%"` -} -])# _LT_PREPARE_CC_BASENAME - - -# _LT_CC_BASENAME(CC) -# ------------------- -# It would be clearer to call AC_REQUIREs from _LT_PREPARE_CC_BASENAME, -# but that macro is also expanded into generated libtool script, which -# arranges for $SED and $ECHO to be set by different means. -m4_defun([_LT_CC_BASENAME], -[m4_require([_LT_PREPARE_CC_BASENAME])dnl -AC_REQUIRE([_LT_DECL_SED])dnl -AC_REQUIRE([_LT_PROG_ECHO_BACKSLASH])dnl -func_cc_basename $1 -cc_basename=$func_cc_basename_result -]) - - -# _LT_FILEUTILS_DEFAULTS -# ---------------------- -# It is okay to use these file commands and assume they have been set -# sensibly after 'm4_require([_LT_FILEUTILS_DEFAULTS])'. -m4_defun([_LT_FILEUTILS_DEFAULTS], -[: ${CP="cp -f"} -: ${MV="mv -f"} -: ${RM="rm -f"} -])# _LT_FILEUTILS_DEFAULTS - - -# _LT_SETUP -# --------- -m4_defun([_LT_SETUP], -[AC_REQUIRE([AC_CANONICAL_HOST])dnl -AC_REQUIRE([AC_CANONICAL_BUILD])dnl -AC_REQUIRE([_LT_PREPARE_SED_QUOTE_VARS])dnl -AC_REQUIRE([_LT_PROG_ECHO_BACKSLASH])dnl - -_LT_DECL([], [PATH_SEPARATOR], [1], [The PATH separator for the build system])dnl -dnl -_LT_DECL([], [host_alias], [0], [The host system])dnl -_LT_DECL([], [host], [0])dnl -_LT_DECL([], [host_os], [0])dnl -dnl -_LT_DECL([], [build_alias], [0], [The build system])dnl -_LT_DECL([], [build], [0])dnl -_LT_DECL([], [build_os], [0])dnl -dnl -AC_REQUIRE([AC_PROG_CC])dnl -AC_REQUIRE([LT_PATH_LD])dnl -AC_REQUIRE([LT_PATH_NM])dnl -dnl -AC_REQUIRE([AC_PROG_LN_S])dnl -test -z "$LN_S" && LN_S="ln -s" -_LT_DECL([], [LN_S], [1], [Whether we need soft or hard links])dnl -dnl -AC_REQUIRE([LT_CMD_MAX_LEN])dnl -_LT_DECL([objext], [ac_objext], [0], [Object file suffix (normally "o")])dnl -_LT_DECL([], [exeext], [0], [Executable file suffix (normally "")])dnl -dnl -m4_require([_LT_FILEUTILS_DEFAULTS])dnl -m4_require([_LT_CHECK_SHELL_FEATURES])dnl -m4_require([_LT_PATH_CONVERSION_FUNCTIONS])dnl -m4_require([_LT_CMD_RELOAD])dnl -m4_require([_LT_CHECK_MAGIC_METHOD])dnl -m4_require([_LT_CHECK_SHAREDLIB_FROM_LINKLIB])dnl -m4_require([_LT_CMD_OLD_ARCHIVE])dnl -m4_require([_LT_CMD_GLOBAL_SYMBOLS])dnl -m4_require([_LT_WITH_SYSROOT])dnl -m4_require([_LT_CMD_TRUNCATE])dnl - -_LT_CONFIG_LIBTOOL_INIT([ -# See if we are running on zsh, and set the options that allow our -# commands through without removal of \ escapes INIT. -if test -n "\${ZSH_VERSION+set}"; then - setopt NO_GLOB_SUBST -fi -]) -if test -n "${ZSH_VERSION+set}"; then - setopt NO_GLOB_SUBST -fi - -_LT_CHECK_OBJDIR - -m4_require([_LT_TAG_COMPILER])dnl - -case $host_os in -aix3*) - # AIX sometimes has problems with the GCC collect2 program. For some - # reason, if we set the COLLECT_NAMES environment variable, the problems - # vanish in a puff of smoke. - if test set != "${COLLECT_NAMES+set}"; then - COLLECT_NAMES= - export COLLECT_NAMES - fi - ;; -esac - -# Global variables: -ofile=libtool -can_build_shared=yes - -# All known linkers require a '.a' archive for static linking (except MSVC, -# which needs '.lib'). -libext=a - -with_gnu_ld=$lt_cv_prog_gnu_ld - -old_CC=$CC -old_CFLAGS=$CFLAGS - -# Set sane defaults for various variables -test -z "$CC" && CC=cc -test -z "$LTCC" && LTCC=$CC -test -z "$LTCFLAGS" && LTCFLAGS=$CFLAGS -test -z "$LD" && LD=ld -test -z "$ac_objext" && ac_objext=o - -_LT_CC_BASENAME([$compiler]) - -# Only perform the check for file, if the check method requires it -test -z "$MAGIC_CMD" && MAGIC_CMD=file -case $deplibs_check_method in -file_magic*) - if test "$file_magic_cmd" = '$MAGIC_CMD'; then - _LT_PATH_MAGIC - fi - ;; -esac - -# Use C for the default configuration in the libtool script -LT_SUPPORTED_TAG([CC]) -_LT_LANG_C_CONFIG -_LT_LANG_DEFAULT_CONFIG -_LT_CONFIG_COMMANDS -])# _LT_SETUP - - -# _LT_PREPARE_SED_QUOTE_VARS -# -------------------------- -# Define a few sed substitution that help us do robust quoting. -m4_defun([_LT_PREPARE_SED_QUOTE_VARS], -[# Backslashify metacharacters that are still active within -# double-quoted strings. -sed_quote_subst='s/\([["`$\\]]\)/\\\1/g' - -# Same as above, but do not quote variable references. -double_quote_subst='s/\([["`\\]]\)/\\\1/g' - -# Sed substitution to delay expansion of an escaped shell variable in a -# double_quote_subst'ed string. -delay_variable_subst='s/\\\\\\\\\\\$/\\\\\\$/g' - -# Sed substitution to delay expansion of an escaped single quote. -delay_single_quote_subst='s/'\''/'\'\\\\\\\'\''/g' - -# Sed substitution to avoid accidental globbing in evaled expressions -no_glob_subst='s/\*/\\\*/g' -]) - -# _LT_PROG_LTMAIN -# --------------- -# Note that this code is called both from 'configure', and 'config.status' -# now that we use AC_CONFIG_COMMANDS to generate libtool. Notably, -# 'config.status' has no value for ac_aux_dir unless we are using Automake, -# so we pass a copy along to make sure it has a sensible value anyway. -m4_defun([_LT_PROG_LTMAIN], -[m4_ifdef([AC_REQUIRE_AUX_FILE], [AC_REQUIRE_AUX_FILE([ltmain.sh])])dnl -_LT_CONFIG_LIBTOOL_INIT([ac_aux_dir='$ac_aux_dir']) -ltmain=$ac_aux_dir/ltmain.sh -])# _LT_PROG_LTMAIN - - - -# So that we can recreate a full libtool script including additional -# tags, we accumulate the chunks of code to send to AC_CONFIG_COMMANDS -# in macros and then make a single call at the end using the 'libtool' -# label. - - -# _LT_CONFIG_LIBTOOL_INIT([INIT-COMMANDS]) -# ---------------------------------------- -# Register INIT-COMMANDS to be passed to AC_CONFIG_COMMANDS later. -m4_define([_LT_CONFIG_LIBTOOL_INIT], -[m4_ifval([$1], - [m4_append([_LT_OUTPUT_LIBTOOL_INIT], - [$1 -])])]) - -# Initialize. -m4_define([_LT_OUTPUT_LIBTOOL_INIT]) - - -# _LT_CONFIG_LIBTOOL([COMMANDS]) -# ------------------------------ -# Register COMMANDS to be passed to AC_CONFIG_COMMANDS later. -m4_define([_LT_CONFIG_LIBTOOL], -[m4_ifval([$1], - [m4_append([_LT_OUTPUT_LIBTOOL_COMMANDS], - [$1 -])])]) - -# Initialize. -m4_define([_LT_OUTPUT_LIBTOOL_COMMANDS]) - - -# _LT_CONFIG_SAVE_COMMANDS([COMMANDS], [INIT_COMMANDS]) -# ----------------------------------------------------- -m4_defun([_LT_CONFIG_SAVE_COMMANDS], -[_LT_CONFIG_LIBTOOL([$1]) -_LT_CONFIG_LIBTOOL_INIT([$2]) -]) - - -# _LT_FORMAT_COMMENT([COMMENT]) -# ----------------------------- -# Add leading comment marks to the start of each line, and a trailing -# full-stop to the whole comment if one is not present already. -m4_define([_LT_FORMAT_COMMENT], -[m4_ifval([$1], [ -m4_bpatsubst([m4_bpatsubst([$1], [^ *], [# ])], - [['`$\]], [\\\&])]m4_bmatch([$1], [[!?.]$], [], [.]) -)]) - - - - - -# _LT_DECL([CONFIGNAME], VARNAME, VALUE, [DESCRIPTION], [IS-TAGGED?]) -# ------------------------------------------------------------------- -# CONFIGNAME is the name given to the value in the libtool script. -# VARNAME is the (base) name used in the configure script. -# VALUE may be 0, 1 or 2 for a computed quote escaped value based on -# VARNAME. Any other value will be used directly. -m4_define([_LT_DECL], -[lt_if_append_uniq([lt_decl_varnames], [$2], [, ], - [lt_dict_add_subkey([lt_decl_dict], [$2], [libtool_name], - [m4_ifval([$1], [$1], [$2])]) - lt_dict_add_subkey([lt_decl_dict], [$2], [value], [$3]) - m4_ifval([$4], - [lt_dict_add_subkey([lt_decl_dict], [$2], [description], [$4])]) - lt_dict_add_subkey([lt_decl_dict], [$2], - [tagged?], [m4_ifval([$5], [yes], [no])])]) -]) - - -# _LT_TAGDECL([CONFIGNAME], VARNAME, VALUE, [DESCRIPTION]) -# -------------------------------------------------------- -m4_define([_LT_TAGDECL], [_LT_DECL([$1], [$2], [$3], [$4], [yes])]) - - -# lt_decl_tag_varnames([SEPARATOR], [VARNAME1...]) -# ------------------------------------------------ -m4_define([lt_decl_tag_varnames], -[_lt_decl_filter([tagged?], [yes], $@)]) - - -# _lt_decl_filter(SUBKEY, VALUE, [SEPARATOR], [VARNAME1..]) -# --------------------------------------------------------- -m4_define([_lt_decl_filter], -[m4_case([$#], - [0], [m4_fatal([$0: too few arguments: $#])], - [1], [m4_fatal([$0: too few arguments: $#: $1])], - [2], [lt_dict_filter([lt_decl_dict], [$1], [$2], [], lt_decl_varnames)], - [3], [lt_dict_filter([lt_decl_dict], [$1], [$2], [$3], lt_decl_varnames)], - [lt_dict_filter([lt_decl_dict], $@)])[]dnl -]) - - -# lt_decl_quote_varnames([SEPARATOR], [VARNAME1...]) -# -------------------------------------------------- -m4_define([lt_decl_quote_varnames], -[_lt_decl_filter([value], [1], $@)]) - - -# lt_decl_dquote_varnames([SEPARATOR], [VARNAME1...]) -# --------------------------------------------------- -m4_define([lt_decl_dquote_varnames], -[_lt_decl_filter([value], [2], $@)]) - - -# lt_decl_varnames_tagged([SEPARATOR], [VARNAME1...]) -# --------------------------------------------------- -m4_define([lt_decl_varnames_tagged], -[m4_assert([$# <= 2])dnl -_$0(m4_quote(m4_default([$1], [[, ]])), - m4_ifval([$2], [[$2]], [m4_dquote(lt_decl_tag_varnames)]), - m4_split(m4_normalize(m4_quote(_LT_TAGS)), [ ]))]) -m4_define([_lt_decl_varnames_tagged], -[m4_ifval([$3], [lt_combine([$1], [$2], [_], $3)])]) - - -# lt_decl_all_varnames([SEPARATOR], [VARNAME1...]) -# ------------------------------------------------ -m4_define([lt_decl_all_varnames], -[_$0(m4_quote(m4_default([$1], [[, ]])), - m4_if([$2], [], - m4_quote(lt_decl_varnames), - m4_quote(m4_shift($@))))[]dnl -]) -m4_define([_lt_decl_all_varnames], -[lt_join($@, lt_decl_varnames_tagged([$1], - lt_decl_tag_varnames([[, ]], m4_shift($@))))dnl -]) - - -# _LT_CONFIG_STATUS_DECLARE([VARNAME]) -# ------------------------------------ -# Quote a variable value, and forward it to 'config.status' so that its -# declaration there will have the same value as in 'configure'. VARNAME -# must have a single quote delimited value for this to work. -m4_define([_LT_CONFIG_STATUS_DECLARE], -[$1='`$ECHO "$][$1" | $SED "$delay_single_quote_subst"`']) - - -# _LT_CONFIG_STATUS_DECLARATIONS -# ------------------------------ -# We delimit libtool config variables with single quotes, so when -# we write them to config.status, we have to be sure to quote all -# embedded single quotes properly. In configure, this macro expands -# each variable declared with _LT_DECL (and _LT_TAGDECL) into: -# -# ='`$ECHO "$" | $SED "$delay_single_quote_subst"`' -m4_defun([_LT_CONFIG_STATUS_DECLARATIONS], -[m4_foreach([_lt_var], m4_quote(lt_decl_all_varnames), - [m4_n([_LT_CONFIG_STATUS_DECLARE(_lt_var)])])]) - - -# _LT_LIBTOOL_TAGS -# ---------------- -# Output comment and list of tags supported by the script -m4_defun([_LT_LIBTOOL_TAGS], -[_LT_FORMAT_COMMENT([The names of the tagged configurations supported by this script])dnl -available_tags='_LT_TAGS'dnl -]) - - -# _LT_LIBTOOL_DECLARE(VARNAME, [TAG]) -# ----------------------------------- -# Extract the dictionary values for VARNAME (optionally with TAG) and -# expand to a commented shell variable setting: -# -# # Some comment about what VAR is for. -# visible_name=$lt_internal_name -m4_define([_LT_LIBTOOL_DECLARE], -[_LT_FORMAT_COMMENT(m4_quote(lt_dict_fetch([lt_decl_dict], [$1], - [description])))[]dnl -m4_pushdef([_libtool_name], - m4_quote(lt_dict_fetch([lt_decl_dict], [$1], [libtool_name])))[]dnl -m4_case(m4_quote(lt_dict_fetch([lt_decl_dict], [$1], [value])), - [0], [_libtool_name=[$]$1], - [1], [_libtool_name=$lt_[]$1], - [2], [_libtool_name=$lt_[]$1], - [_libtool_name=lt_dict_fetch([lt_decl_dict], [$1], [value])])[]dnl -m4_ifval([$2], [_$2])[]m4_popdef([_libtool_name])[]dnl -]) - - -# _LT_LIBTOOL_CONFIG_VARS -# ----------------------- -# Produce commented declarations of non-tagged libtool config variables -# suitable for insertion in the LIBTOOL CONFIG section of the 'libtool' -# script. Tagged libtool config variables (even for the LIBTOOL CONFIG -# section) are produced by _LT_LIBTOOL_TAG_VARS. -m4_defun([_LT_LIBTOOL_CONFIG_VARS], -[m4_foreach([_lt_var], - m4_quote(_lt_decl_filter([tagged?], [no], [], lt_decl_varnames)), - [m4_n([_LT_LIBTOOL_DECLARE(_lt_var)])])]) - - -# _LT_LIBTOOL_TAG_VARS(TAG) -# ------------------------- -m4_define([_LT_LIBTOOL_TAG_VARS], -[m4_foreach([_lt_var], m4_quote(lt_decl_tag_varnames), - [m4_n([_LT_LIBTOOL_DECLARE(_lt_var, [$1])])])]) - - -# _LT_TAGVAR(VARNAME, [TAGNAME]) -# ------------------------------ -m4_define([_LT_TAGVAR], [m4_ifval([$2], [$1_$2], [$1])]) - - -# _LT_CONFIG_COMMANDS -# ------------------- -# Send accumulated output to $CONFIG_STATUS. Thanks to the lists of -# variables for single and double quote escaping we saved from calls -# to _LT_DECL, we can put quote escaped variables declarations -# into 'config.status', and then the shell code to quote escape them in -# for loops in 'config.status'. Finally, any additional code accumulated -# from calls to _LT_CONFIG_LIBTOOL_INIT is expanded. -m4_defun([_LT_CONFIG_COMMANDS], -[AC_PROVIDE_IFELSE([LT_OUTPUT], - dnl If the libtool generation code has been placed in $CONFIG_LT, - dnl instead of duplicating it all over again into config.status, - dnl then we will have config.status run $CONFIG_LT later, so it - dnl needs to know what name is stored there: - [AC_CONFIG_COMMANDS([libtool], - [$SHELL $CONFIG_LT || AS_EXIT(1)], [CONFIG_LT='$CONFIG_LT'])], - dnl If the libtool generation code is destined for config.status, - dnl expand the accumulated commands and init code now: - [AC_CONFIG_COMMANDS([libtool], - [_LT_OUTPUT_LIBTOOL_COMMANDS], [_LT_OUTPUT_LIBTOOL_COMMANDS_INIT])]) -])#_LT_CONFIG_COMMANDS - - -# Initialize. -m4_define([_LT_OUTPUT_LIBTOOL_COMMANDS_INIT], -[ - -# The HP-UX ksh and POSIX shell print the target directory to stdout -# if CDPATH is set. -(unset CDPATH) >/dev/null 2>&1 && unset CDPATH - -sed_quote_subst='$sed_quote_subst' -double_quote_subst='$double_quote_subst' -delay_variable_subst='$delay_variable_subst' -_LT_CONFIG_STATUS_DECLARATIONS -LTCC='$LTCC' -LTCFLAGS='$LTCFLAGS' -compiler='$compiler_DEFAULT' - -# A function that is used when there is no print builtin or printf. -func_fallback_echo () -{ - eval 'cat <<_LTECHO_EOF -\$[]1 -_LTECHO_EOF' -} - -# Quote evaled strings. -for var in lt_decl_all_varnames([[ \ -]], lt_decl_quote_varnames); do - case \`eval \\\\\$ECHO \\\\""\\\\\$\$var"\\\\"\` in - *[[\\\\\\\`\\"\\\$]]*) - eval "lt_\$var=\\\\\\"\\\`\\\$ECHO \\"\\\$\$var\\" | \\\$SED \\"\\\$sed_quote_subst\\"\\\`\\\\\\"" ## exclude from sc_prohibit_nested_quotes - ;; - *) - eval "lt_\$var=\\\\\\"\\\$\$var\\\\\\"" - ;; - esac -done - -# Double-quote double-evaled strings. -for var in lt_decl_all_varnames([[ \ -]], lt_decl_dquote_varnames); do - case \`eval \\\\\$ECHO \\\\""\\\\\$\$var"\\\\"\` in - *[[\\\\\\\`\\"\\\$]]*) - eval "lt_\$var=\\\\\\"\\\`\\\$ECHO \\"\\\$\$var\\" | \\\$SED -e \\"\\\$double_quote_subst\\" -e \\"\\\$sed_quote_subst\\" -e \\"\\\$delay_variable_subst\\"\\\`\\\\\\"" ## exclude from sc_prohibit_nested_quotes - ;; - *) - eval "lt_\$var=\\\\\\"\\\$\$var\\\\\\"" - ;; - esac -done - -_LT_OUTPUT_LIBTOOL_INIT -]) - -# _LT_GENERATED_FILE_INIT(FILE, [COMMENT]) -# ------------------------------------ -# Generate a child script FILE with all initialization necessary to -# reuse the environment learned by the parent script, and make the -# file executable. If COMMENT is supplied, it is inserted after the -# '#!' sequence but before initialization text begins. After this -# macro, additional text can be appended to FILE to form the body of -# the child script. The macro ends with non-zero status if the -# file could not be fully written (such as if the disk is full). -m4_ifdef([AS_INIT_GENERATED], -[m4_defun([_LT_GENERATED_FILE_INIT],[AS_INIT_GENERATED($@)])], -[m4_defun([_LT_GENERATED_FILE_INIT], -[m4_require([AS_PREPARE])]dnl -[m4_pushdef([AS_MESSAGE_LOG_FD])]dnl -[lt_write_fail=0 -cat >$1 <<_ASEOF || lt_write_fail=1 -#! $SHELL -# Generated by $as_me. -$2 -SHELL=\${CONFIG_SHELL-$SHELL} -export SHELL -_ASEOF -cat >>$1 <<\_ASEOF || lt_write_fail=1 -AS_SHELL_SANITIZE -_AS_PREPARE -exec AS_MESSAGE_FD>&1 -_ASEOF -test 0 = "$lt_write_fail" && chmod +x $1[]dnl -m4_popdef([AS_MESSAGE_LOG_FD])])])# _LT_GENERATED_FILE_INIT - -# LT_OUTPUT -# --------- -# This macro allows early generation of the libtool script (before -# AC_OUTPUT is called), incase it is used in configure for compilation -# tests. -AC_DEFUN([LT_OUTPUT], -[: ${CONFIG_LT=./config.lt} -AC_MSG_NOTICE([creating $CONFIG_LT]) -_LT_GENERATED_FILE_INIT(["$CONFIG_LT"], -[# Run this file to recreate a libtool stub with the current configuration.]) - -cat >>"$CONFIG_LT" <<\_LTEOF -lt_cl_silent=false -exec AS_MESSAGE_LOG_FD>>config.log -{ - echo - AS_BOX([Running $as_me.]) -} >&AS_MESSAGE_LOG_FD - -lt_cl_help="\ -'$as_me' creates a local libtool stub from the current configuration, -for use in further configure time tests before the real libtool is -generated. - -Usage: $[0] [[OPTIONS]] - - -h, --help print this help, then exit - -V, --version print version number, then exit - -q, --quiet do not print progress messages - -d, --debug don't remove temporary files - -Report bugs to ." - -lt_cl_version="\ -m4_ifset([AC_PACKAGE_NAME], [AC_PACKAGE_NAME ])config.lt[]dnl -m4_ifset([AC_PACKAGE_VERSION], [ AC_PACKAGE_VERSION]) -configured by $[0], generated by m4_PACKAGE_STRING. - -Copyright (C) 2011 Free Software Foundation, Inc. -This config.lt script is free software; the Free Software Foundation -gives unlimited permision to copy, distribute and modify it." - -while test 0 != $[#] -do - case $[1] in - --version | --v* | -V ) - echo "$lt_cl_version"; exit 0 ;; - --help | --h* | -h ) - echo "$lt_cl_help"; exit 0 ;; - --debug | --d* | -d ) - debug=: ;; - --quiet | --q* | --silent | --s* | -q ) - lt_cl_silent=: ;; - - -*) AC_MSG_ERROR([unrecognized option: $[1] -Try '$[0] --help' for more information.]) ;; - - *) AC_MSG_ERROR([unrecognized argument: $[1] -Try '$[0] --help' for more information.]) ;; - esac - shift -done - -if $lt_cl_silent; then - exec AS_MESSAGE_FD>/dev/null -fi -_LTEOF - -cat >>"$CONFIG_LT" <<_LTEOF -_LT_OUTPUT_LIBTOOL_COMMANDS_INIT -_LTEOF - -cat >>"$CONFIG_LT" <<\_LTEOF -AC_MSG_NOTICE([creating $ofile]) -_LT_OUTPUT_LIBTOOL_COMMANDS -AS_EXIT(0) -_LTEOF -chmod +x "$CONFIG_LT" - -# configure is writing to config.log, but config.lt does its own redirection, -# appending to config.log, which fails on DOS, as config.log is still kept -# open by configure. Here we exec the FD to /dev/null, effectively closing -# config.log, so it can be properly (re)opened and appended to by config.lt. -lt_cl_success=: -test yes = "$silent" && - lt_config_lt_args="$lt_config_lt_args --quiet" -exec AS_MESSAGE_LOG_FD>/dev/null -$SHELL "$CONFIG_LT" $lt_config_lt_args || lt_cl_success=false -exec AS_MESSAGE_LOG_FD>>config.log -$lt_cl_success || AS_EXIT(1) -])# LT_OUTPUT - - -# _LT_CONFIG(TAG) -# --------------- -# If TAG is the built-in tag, create an initial libtool script with a -# default configuration from the untagged config vars. Otherwise add code -# to config.status for appending the configuration named by TAG from the -# matching tagged config vars. -m4_defun([_LT_CONFIG], -[m4_require([_LT_FILEUTILS_DEFAULTS])dnl -_LT_CONFIG_SAVE_COMMANDS([ - m4_define([_LT_TAG], m4_if([$1], [], [C], [$1]))dnl - m4_if(_LT_TAG, [C], [ - # See if we are running on zsh, and set the options that allow our - # commands through without removal of \ escapes. - if test -n "${ZSH_VERSION+set}"; then - setopt NO_GLOB_SUBST - fi - - cfgfile=${ofile}T - trap "$RM \"$cfgfile\"; exit 1" 1 2 15 - $RM "$cfgfile" - - cat <<_LT_EOF >> "$cfgfile" -#! $SHELL -# Generated automatically by $as_me ($PACKAGE) $VERSION -# Libtool was configured on host `(hostname || uname -n) 2>/dev/null | sed 1q`: -# NOTE: Changes made to this file will be lost: look at ltmain.sh. - -# Provide generalized library-building support services. -# Written by Gordon Matzigkeit, 1996 - -_LT_COPYING -_LT_LIBTOOL_TAGS - -# Configured defaults for sys_lib_dlsearch_path munging. -: \${LT_SYS_LIBRARY_PATH="$configure_time_lt_sys_library_path"} - -# ### BEGIN LIBTOOL CONFIG -_LT_LIBTOOL_CONFIG_VARS -_LT_LIBTOOL_TAG_VARS -# ### END LIBTOOL CONFIG - -_LT_EOF - - cat <<'_LT_EOF' >> "$cfgfile" - -# ### BEGIN FUNCTIONS SHARED WITH CONFIGURE - -_LT_PREPARE_MUNGE_PATH_LIST -_LT_PREPARE_CC_BASENAME - -# ### END FUNCTIONS SHARED WITH CONFIGURE - -_LT_EOF - - case $host_os in - aix3*) - cat <<\_LT_EOF >> "$cfgfile" -# AIX sometimes has problems with the GCC collect2 program. For some -# reason, if we set the COLLECT_NAMES environment variable, the problems -# vanish in a puff of smoke. -if test set != "${COLLECT_NAMES+set}"; then - COLLECT_NAMES= - export COLLECT_NAMES -fi -_LT_EOF - ;; - esac - - _LT_PROG_LTMAIN - - # We use sed instead of cat because bash on DJGPP gets confused if - # if finds mixed CR/LF and LF-only lines. Since sed operates in - # text mode, it properly converts lines to CR/LF. This bash problem - # is reportedly fixed, but why not run on old versions too? - sed '$q' "$ltmain" >> "$cfgfile" \ - || (rm -f "$cfgfile"; exit 1) - - mv -f "$cfgfile" "$ofile" || - (rm -f "$ofile" && cp "$cfgfile" "$ofile" && rm -f "$cfgfile") - chmod +x "$ofile" -], -[cat <<_LT_EOF >> "$ofile" - -dnl Unfortunately we have to use $1 here, since _LT_TAG is not expanded -dnl in a comment (ie after a #). -# ### BEGIN LIBTOOL TAG CONFIG: $1 -_LT_LIBTOOL_TAG_VARS(_LT_TAG) -# ### END LIBTOOL TAG CONFIG: $1 -_LT_EOF -])dnl /m4_if -], -[m4_if([$1], [], [ - PACKAGE='$PACKAGE' - VERSION='$VERSION' - RM='$RM' - ofile='$ofile'], []) -])dnl /_LT_CONFIG_SAVE_COMMANDS -])# _LT_CONFIG - - -# LT_SUPPORTED_TAG(TAG) -# --------------------- -# Trace this macro to discover what tags are supported by the libtool -# --tag option, using: -# autoconf --trace 'LT_SUPPORTED_TAG:$1' -AC_DEFUN([LT_SUPPORTED_TAG], []) - - -# C support is built-in for now -m4_define([_LT_LANG_C_enabled], []) -m4_define([_LT_TAGS], []) - - -# LT_LANG(LANG) -# ------------- -# Enable libtool support for the given language if not already enabled. -AC_DEFUN([LT_LANG], -[AC_BEFORE([$0], [LT_OUTPUT])dnl -m4_case([$1], - [C], [_LT_LANG(C)], - [C++], [_LT_LANG(CXX)], - [Go], [_LT_LANG(GO)], - [Java], [_LT_LANG(GCJ)], - [Fortran 77], [_LT_LANG(F77)], - [Fortran], [_LT_LANG(FC)], - [Windows Resource], [_LT_LANG(RC)], - [m4_ifdef([_LT_LANG_]$1[_CONFIG], - [_LT_LANG($1)], - [m4_fatal([$0: unsupported language: "$1"])])])dnl -])# LT_LANG - - -# _LT_LANG(LANGNAME) -# ------------------ -m4_defun([_LT_LANG], -[m4_ifdef([_LT_LANG_]$1[_enabled], [], - [LT_SUPPORTED_TAG([$1])dnl - m4_append([_LT_TAGS], [$1 ])dnl - m4_define([_LT_LANG_]$1[_enabled], [])dnl - _LT_LANG_$1_CONFIG($1)])dnl -])# _LT_LANG - - -m4_ifndef([AC_PROG_GO], [ -# NOTE: This macro has been submitted for inclusion into # -# GNU Autoconf as AC_PROG_GO. When it is available in # -# a released version of Autoconf we should remove this # -# macro and use it instead. # -m4_defun([AC_PROG_GO], -[AC_LANG_PUSH(Go)dnl -AC_ARG_VAR([GOC], [Go compiler command])dnl -AC_ARG_VAR([GOFLAGS], [Go compiler flags])dnl -_AC_ARG_VAR_LDFLAGS()dnl -AC_CHECK_TOOL(GOC, gccgo) -if test -z "$GOC"; then - if test -n "$ac_tool_prefix"; then - AC_CHECK_PROG(GOC, [${ac_tool_prefix}gccgo], [${ac_tool_prefix}gccgo]) - fi -fi -if test -z "$GOC"; then - AC_CHECK_PROG(GOC, gccgo, gccgo, false) -fi -])#m4_defun -])#m4_ifndef - - -# _LT_LANG_DEFAULT_CONFIG -# ----------------------- -m4_defun([_LT_LANG_DEFAULT_CONFIG], -[AC_PROVIDE_IFELSE([AC_PROG_CXX], - [LT_LANG(CXX)], - [m4_define([AC_PROG_CXX], defn([AC_PROG_CXX])[LT_LANG(CXX)])]) - -AC_PROVIDE_IFELSE([AC_PROG_F77], - [LT_LANG(F77)], - [m4_define([AC_PROG_F77], defn([AC_PROG_F77])[LT_LANG(F77)])]) - -AC_PROVIDE_IFELSE([AC_PROG_FC], - [LT_LANG(FC)], - [m4_define([AC_PROG_FC], defn([AC_PROG_FC])[LT_LANG(FC)])]) - -dnl The call to [A][M_PROG_GCJ] is quoted like that to stop aclocal -dnl pulling things in needlessly. -AC_PROVIDE_IFELSE([AC_PROG_GCJ], - [LT_LANG(GCJ)], - [AC_PROVIDE_IFELSE([A][M_PROG_GCJ], - [LT_LANG(GCJ)], - [AC_PROVIDE_IFELSE([LT_PROG_GCJ], - [LT_LANG(GCJ)], - [m4_ifdef([AC_PROG_GCJ], - [m4_define([AC_PROG_GCJ], defn([AC_PROG_GCJ])[LT_LANG(GCJ)])]) - m4_ifdef([A][M_PROG_GCJ], - [m4_define([A][M_PROG_GCJ], defn([A][M_PROG_GCJ])[LT_LANG(GCJ)])]) - m4_ifdef([LT_PROG_GCJ], - [m4_define([LT_PROG_GCJ], defn([LT_PROG_GCJ])[LT_LANG(GCJ)])])])])]) - -AC_PROVIDE_IFELSE([AC_PROG_GO], - [LT_LANG(GO)], - [m4_define([AC_PROG_GO], defn([AC_PROG_GO])[LT_LANG(GO)])]) - -AC_PROVIDE_IFELSE([LT_PROG_RC], - [LT_LANG(RC)], - [m4_define([LT_PROG_RC], defn([LT_PROG_RC])[LT_LANG(RC)])]) -])# _LT_LANG_DEFAULT_CONFIG - -# Obsolete macros: -AU_DEFUN([AC_LIBTOOL_CXX], [LT_LANG(C++)]) -AU_DEFUN([AC_LIBTOOL_F77], [LT_LANG(Fortran 77)]) -AU_DEFUN([AC_LIBTOOL_FC], [LT_LANG(Fortran)]) -AU_DEFUN([AC_LIBTOOL_GCJ], [LT_LANG(Java)]) -AU_DEFUN([AC_LIBTOOL_RC], [LT_LANG(Windows Resource)]) -dnl aclocal-1.4 backwards compatibility: -dnl AC_DEFUN([AC_LIBTOOL_CXX], []) -dnl AC_DEFUN([AC_LIBTOOL_F77], []) -dnl AC_DEFUN([AC_LIBTOOL_FC], []) -dnl AC_DEFUN([AC_LIBTOOL_GCJ], []) -dnl AC_DEFUN([AC_LIBTOOL_RC], []) - - -# _LT_TAG_COMPILER -# ---------------- -m4_defun([_LT_TAG_COMPILER], -[AC_REQUIRE([AC_PROG_CC])dnl - -_LT_DECL([LTCC], [CC], [1], [A C compiler])dnl -_LT_DECL([LTCFLAGS], [CFLAGS], [1], [LTCC compiler flags])dnl -_LT_TAGDECL([CC], [compiler], [1], [A language specific compiler])dnl -_LT_TAGDECL([with_gcc], [GCC], [0], [Is the compiler the GNU compiler?])dnl - -# If no C compiler was specified, use CC. -LTCC=${LTCC-"$CC"} - -# If no C compiler flags were specified, use CFLAGS. -LTCFLAGS=${LTCFLAGS-"$CFLAGS"} - -# Allow CC to be a program name with arguments. -compiler=$CC -])# _LT_TAG_COMPILER - - -# _LT_COMPILER_BOILERPLATE -# ------------------------ -# Check for compiler boilerplate output or warnings with -# the simple compiler test code. -m4_defun([_LT_COMPILER_BOILERPLATE], -[m4_require([_LT_DECL_SED])dnl -ac_outfile=conftest.$ac_objext -echo "$lt_simple_compile_test_code" >conftest.$ac_ext -eval "$ac_compile" 2>&1 >/dev/null | $SED '/^$/d; /^ *+/d' >conftest.err -_lt_compiler_boilerplate=`cat conftest.err` -$RM conftest* -])# _LT_COMPILER_BOILERPLATE - - -# _LT_LINKER_BOILERPLATE -# ---------------------- -# Check for linker boilerplate output or warnings with -# the simple link test code. -m4_defun([_LT_LINKER_BOILERPLATE], -[m4_require([_LT_DECL_SED])dnl -ac_outfile=conftest.$ac_objext -echo "$lt_simple_link_test_code" >conftest.$ac_ext -eval "$ac_link" 2>&1 >/dev/null | $SED '/^$/d; /^ *+/d' >conftest.err -_lt_linker_boilerplate=`cat conftest.err` -$RM -r conftest* -])# _LT_LINKER_BOILERPLATE - -# _LT_REQUIRED_DARWIN_CHECKS -# ------------------------- -m4_defun_once([_LT_REQUIRED_DARWIN_CHECKS],[ - case $host_os in - rhapsody* | darwin*) - AC_CHECK_TOOL([DSYMUTIL], [dsymutil], [:]) - AC_CHECK_TOOL([NMEDIT], [nmedit], [:]) - AC_CHECK_TOOL([LIPO], [lipo], [:]) - AC_CHECK_TOOL([OTOOL], [otool], [:]) - AC_CHECK_TOOL([OTOOL64], [otool64], [:]) - _LT_DECL([], [DSYMUTIL], [1], - [Tool to manipulate archived DWARF debug symbol files on Mac OS X]) - _LT_DECL([], [NMEDIT], [1], - [Tool to change global to local symbols on Mac OS X]) - _LT_DECL([], [LIPO], [1], - [Tool to manipulate fat objects and archives on Mac OS X]) - _LT_DECL([], [OTOOL], [1], - [ldd/readelf like tool for Mach-O binaries on Mac OS X]) - _LT_DECL([], [OTOOL64], [1], - [ldd/readelf like tool for 64 bit Mach-O binaries on Mac OS X 10.4]) - - AC_CACHE_CHECK([for -single_module linker flag],[lt_cv_apple_cc_single_mod], - [lt_cv_apple_cc_single_mod=no - if test -z "$LT_MULTI_MODULE"; then - # By default we will add the -single_module flag. You can override - # by either setting the environment variable LT_MULTI_MODULE - # non-empty at configure time, or by adding -multi_module to the - # link flags. - rm -rf libconftest.dylib* - echo "int foo(void){return 1;}" > conftest.c - echo "$LTCC $LTCFLAGS $LDFLAGS -o libconftest.dylib \ --dynamiclib -Wl,-single_module conftest.c" >&AS_MESSAGE_LOG_FD - $LTCC $LTCFLAGS $LDFLAGS -o libconftest.dylib \ - -dynamiclib -Wl,-single_module conftest.c 2>conftest.err - _lt_result=$? - # If there is a non-empty error log, and "single_module" - # appears in it, assume the flag caused a linker warning - if test -s conftest.err && $GREP single_module conftest.err; then - cat conftest.err >&AS_MESSAGE_LOG_FD - # Otherwise, if the output was created with a 0 exit code from - # the compiler, it worked. - elif test -f libconftest.dylib && test 0 = "$_lt_result"; then - lt_cv_apple_cc_single_mod=yes - else - cat conftest.err >&AS_MESSAGE_LOG_FD - fi - rm -rf libconftest.dylib* - rm -f conftest.* - fi]) - - AC_CACHE_CHECK([for -exported_symbols_list linker flag], - [lt_cv_ld_exported_symbols_list], - [lt_cv_ld_exported_symbols_list=no - save_LDFLAGS=$LDFLAGS - echo "_main" > conftest.sym - LDFLAGS="$LDFLAGS -Wl,-exported_symbols_list,conftest.sym" - AC_LINK_IFELSE([AC_LANG_PROGRAM([],[])], - [lt_cv_ld_exported_symbols_list=yes], - [lt_cv_ld_exported_symbols_list=no]) - LDFLAGS=$save_LDFLAGS - ]) - - AC_CACHE_CHECK([for -force_load linker flag],[lt_cv_ld_force_load], - [lt_cv_ld_force_load=no - cat > conftest.c << _LT_EOF -int forced_loaded() { return 2;} -_LT_EOF - echo "$LTCC $LTCFLAGS -c -o conftest.o conftest.c" >&AS_MESSAGE_LOG_FD - $LTCC $LTCFLAGS -c -o conftest.o conftest.c 2>&AS_MESSAGE_LOG_FD - echo "$AR cru libconftest.a conftest.o" >&AS_MESSAGE_LOG_FD - $AR cru libconftest.a conftest.o 2>&AS_MESSAGE_LOG_FD - echo "$RANLIB libconftest.a" >&AS_MESSAGE_LOG_FD - $RANLIB libconftest.a 2>&AS_MESSAGE_LOG_FD - cat > conftest.c << _LT_EOF -int main() { return 0;} -_LT_EOF - echo "$LTCC $LTCFLAGS $LDFLAGS -o conftest conftest.c -Wl,-force_load,./libconftest.a" >&AS_MESSAGE_LOG_FD - $LTCC $LTCFLAGS $LDFLAGS -o conftest conftest.c -Wl,-force_load,./libconftest.a 2>conftest.err - _lt_result=$? - if test -s conftest.err && $GREP force_load conftest.err; then - cat conftest.err >&AS_MESSAGE_LOG_FD - elif test -f conftest && test 0 = "$_lt_result" && $GREP forced_load conftest >/dev/null 2>&1; then - lt_cv_ld_force_load=yes - else - cat conftest.err >&AS_MESSAGE_LOG_FD - fi - rm -f conftest.err libconftest.a conftest conftest.c - rm -rf conftest.dSYM - ]) - case $host_os in - rhapsody* | darwin1.[[012]]) - _lt_dar_allow_undefined='$wl-undefined ${wl}suppress' ;; - darwin1.*) - _lt_dar_allow_undefined='$wl-flat_namespace $wl-undefined ${wl}suppress' ;; - darwin*) # darwin 5.x on - # if running on 10.5 or later, the deployment target defaults - # to the OS version, if on x86, and 10.4, the deployment - # target defaults to 10.4. Don't you love it? - case ${MACOSX_DEPLOYMENT_TARGET-10.0},$host in - 10.0,*86*-darwin8*|10.0,*-darwin[[91]]*) - _lt_dar_allow_undefined='$wl-undefined ${wl}dynamic_lookup' ;; - 10.[[012]][[,.]]*) - _lt_dar_allow_undefined='$wl-flat_namespace $wl-undefined ${wl}suppress' ;; - 10.*) - _lt_dar_allow_undefined='$wl-undefined ${wl}dynamic_lookup' ;; - esac - ;; - esac - if test yes = "$lt_cv_apple_cc_single_mod"; then - _lt_dar_single_mod='$single_module' - fi - if test yes = "$lt_cv_ld_exported_symbols_list"; then - _lt_dar_export_syms=' $wl-exported_symbols_list,$output_objdir/$libname-symbols.expsym' - else - _lt_dar_export_syms='~$NMEDIT -s $output_objdir/$libname-symbols.expsym $lib' - fi - if test : != "$DSYMUTIL" && test no = "$lt_cv_ld_force_load"; then - _lt_dsymutil='~$DSYMUTIL $lib || :' - else - _lt_dsymutil= - fi - ;; - esac -]) - - -# _LT_DARWIN_LINKER_FEATURES([TAG]) -# --------------------------------- -# Checks for linker and compiler features on darwin -m4_defun([_LT_DARWIN_LINKER_FEATURES], -[ - m4_require([_LT_REQUIRED_DARWIN_CHECKS]) - _LT_TAGVAR(archive_cmds_need_lc, $1)=no - _LT_TAGVAR(hardcode_direct, $1)=no - _LT_TAGVAR(hardcode_automatic, $1)=yes - _LT_TAGVAR(hardcode_shlibpath_var, $1)=unsupported - if test yes = "$lt_cv_ld_force_load"; then - _LT_TAGVAR(whole_archive_flag_spec, $1)='`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience $wl-force_load,$conv\"; done; func_echo_all \"$new_convenience\"`' - m4_case([$1], [F77], [_LT_TAGVAR(compiler_needs_object, $1)=yes], - [FC], [_LT_TAGVAR(compiler_needs_object, $1)=yes]) - else - _LT_TAGVAR(whole_archive_flag_spec, $1)='' - fi - _LT_TAGVAR(link_all_deplibs, $1)=yes - _LT_TAGVAR(allow_undefined_flag, $1)=$_lt_dar_allow_undefined - case $cc_basename in - ifort*|nagfor*) _lt_dar_can_shared=yes ;; - *) _lt_dar_can_shared=$GCC ;; - esac - if test yes = "$_lt_dar_can_shared"; then - output_verbose_link_cmd=func_echo_all - _LT_TAGVAR(archive_cmds, $1)="\$CC -dynamiclib \$allow_undefined_flag -o \$lib \$libobjs \$deplibs \$compiler_flags -install_name \$rpath/\$soname \$verstring $_lt_dar_single_mod$_lt_dsymutil" - _LT_TAGVAR(module_cmds, $1)="\$CC \$allow_undefined_flag -o \$lib -bundle \$libobjs \$deplibs \$compiler_flags$_lt_dsymutil" - _LT_TAGVAR(archive_expsym_cmds, $1)="sed 's|^|_|' < \$export_symbols > \$output_objdir/\$libname-symbols.expsym~\$CC -dynamiclib \$allow_undefined_flag -o \$lib \$libobjs \$deplibs \$compiler_flags -install_name \$rpath/\$soname \$verstring $_lt_dar_single_mod$_lt_dar_export_syms$_lt_dsymutil" - _LT_TAGVAR(module_expsym_cmds, $1)="sed -e 's|^|_|' < \$export_symbols > \$output_objdir/\$libname-symbols.expsym~\$CC \$allow_undefined_flag -o \$lib -bundle \$libobjs \$deplibs \$compiler_flags$_lt_dar_export_syms$_lt_dsymutil" - m4_if([$1], [CXX], -[ if test yes != "$lt_cv_apple_cc_single_mod"; then - _LT_TAGVAR(archive_cmds, $1)="\$CC -r -keep_private_externs -nostdlib -o \$lib-master.o \$libobjs~\$CC -dynamiclib \$allow_undefined_flag -o \$lib \$lib-master.o \$deplibs \$compiler_flags -install_name \$rpath/\$soname \$verstring$_lt_dsymutil" - _LT_TAGVAR(archive_expsym_cmds, $1)="sed 's|^|_|' < \$export_symbols > \$output_objdir/\$libname-symbols.expsym~\$CC -r -keep_private_externs -nostdlib -o \$lib-master.o \$libobjs~\$CC -dynamiclib \$allow_undefined_flag -o \$lib \$lib-master.o \$deplibs \$compiler_flags -install_name \$rpath/\$soname \$verstring$_lt_dar_export_syms$_lt_dsymutil" - fi -],[]) - else - _LT_TAGVAR(ld_shlibs, $1)=no - fi -]) - -# _LT_SYS_MODULE_PATH_AIX([TAGNAME]) -# ---------------------------------- -# Links a minimal program and checks the executable -# for the system default hardcoded library path. In most cases, -# this is /usr/lib:/lib, but when the MPI compilers are used -# the location of the communication and MPI libs are included too. -# If we don't find anything, use the default library path according -# to the aix ld manual. -# Store the results from the different compilers for each TAGNAME. -# Allow to override them for all tags through lt_cv_aix_libpath. -m4_defun([_LT_SYS_MODULE_PATH_AIX], -[m4_require([_LT_DECL_SED])dnl -if test set = "${lt_cv_aix_libpath+set}"; then - aix_libpath=$lt_cv_aix_libpath -else - AC_CACHE_VAL([_LT_TAGVAR([lt_cv_aix_libpath_], [$1])], - [AC_LINK_IFELSE([AC_LANG_PROGRAM],[ - lt_aix_libpath_sed='[ - /Import File Strings/,/^$/ { - /^0/ { - s/^0 *\([^ ]*\) *$/\1/ - p - } - }]' - _LT_TAGVAR([lt_cv_aix_libpath_], [$1])=`dump -H conftest$ac_exeext 2>/dev/null | $SED -n -e "$lt_aix_libpath_sed"` - # Check for a 64-bit object if we didn't find anything. - if test -z "$_LT_TAGVAR([lt_cv_aix_libpath_], [$1])"; then - _LT_TAGVAR([lt_cv_aix_libpath_], [$1])=`dump -HX64 conftest$ac_exeext 2>/dev/null | $SED -n -e "$lt_aix_libpath_sed"` - fi],[]) - if test -z "$_LT_TAGVAR([lt_cv_aix_libpath_], [$1])"; then - _LT_TAGVAR([lt_cv_aix_libpath_], [$1])=/usr/lib:/lib - fi - ]) - aix_libpath=$_LT_TAGVAR([lt_cv_aix_libpath_], [$1]) -fi -])# _LT_SYS_MODULE_PATH_AIX - - -# _LT_SHELL_INIT(ARG) -# ------------------- -m4_define([_LT_SHELL_INIT], -[m4_divert_text([M4SH-INIT], [$1 -])])# _LT_SHELL_INIT - - - -# _LT_PROG_ECHO_BACKSLASH -# ----------------------- -# Find how we can fake an echo command that does not interpret backslash. -# In particular, with Autoconf 2.60 or later we add some code to the start -# of the generated configure script that will find a shell with a builtin -# printf (that we can use as an echo command). -m4_defun([_LT_PROG_ECHO_BACKSLASH], -[ECHO='\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\' -ECHO=$ECHO$ECHO$ECHO$ECHO$ECHO -ECHO=$ECHO$ECHO$ECHO$ECHO$ECHO$ECHO - -AC_MSG_CHECKING([how to print strings]) -# Test print first, because it will be a builtin if present. -if test "X`( print -r -- -n ) 2>/dev/null`" = X-n && \ - test "X`print -r -- $ECHO 2>/dev/null`" = "X$ECHO"; then - ECHO='print -r --' -elif test "X`printf %s $ECHO 2>/dev/null`" = "X$ECHO"; then - ECHO='printf %s\n' -else - # Use this function as a fallback that always works. - func_fallback_echo () - { - eval 'cat <<_LTECHO_EOF -$[]1 -_LTECHO_EOF' - } - ECHO='func_fallback_echo' -fi - -# func_echo_all arg... -# Invoke $ECHO with all args, space-separated. -func_echo_all () -{ - $ECHO "$*" -} - -case $ECHO in - printf*) AC_MSG_RESULT([printf]) ;; - print*) AC_MSG_RESULT([print -r]) ;; - *) AC_MSG_RESULT([cat]) ;; -esac - -m4_ifdef([_AS_DETECT_SUGGESTED], -[_AS_DETECT_SUGGESTED([ - test -n "${ZSH_VERSION+set}${BASH_VERSION+set}" || ( - ECHO='\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\' - ECHO=$ECHO$ECHO$ECHO$ECHO$ECHO - ECHO=$ECHO$ECHO$ECHO$ECHO$ECHO$ECHO - PATH=/empty FPATH=/empty; export PATH FPATH - test "X`printf %s $ECHO`" = "X$ECHO" \ - || test "X`print -r -- $ECHO`" = "X$ECHO" )])]) - -_LT_DECL([], [SHELL], [1], [Shell to use when invoking shell scripts]) -_LT_DECL([], [ECHO], [1], [An echo program that protects backslashes]) -])# _LT_PROG_ECHO_BACKSLASH - - -# _LT_WITH_SYSROOT -# ---------------- -AC_DEFUN([_LT_WITH_SYSROOT], -[AC_MSG_CHECKING([for sysroot]) -AC_ARG_WITH([sysroot], -[AS_HELP_STRING([--with-sysroot@<:@=DIR@:>@], - [Search for dependent libraries within DIR (or the compiler's sysroot - if not specified).])], -[], [with_sysroot=no]) - -dnl lt_sysroot will always be passed unquoted. We quote it here -dnl in case the user passed a directory name. -lt_sysroot= -case $with_sysroot in #( - yes) - if test yes = "$GCC"; then - lt_sysroot=`$CC --print-sysroot 2>/dev/null` - fi - ;; #( - /*) - lt_sysroot=`echo "$with_sysroot" | sed -e "$sed_quote_subst"` - ;; #( - no|'') - ;; #( - *) - AC_MSG_RESULT([$with_sysroot]) - AC_MSG_ERROR([The sysroot must be an absolute path.]) - ;; -esac - - AC_MSG_RESULT([${lt_sysroot:-no}]) -_LT_DECL([], [lt_sysroot], [0], [The root where to search for ]dnl -[dependent libraries, and where our libraries should be installed.])]) - -# _LT_ENABLE_LOCK -# --------------- -m4_defun([_LT_ENABLE_LOCK], -[AC_ARG_ENABLE([libtool-lock], - [AS_HELP_STRING([--disable-libtool-lock], - [avoid locking (might break parallel builds)])]) -test no = "$enable_libtool_lock" || enable_libtool_lock=yes - -# Some flags need to be propagated to the compiler or linker for good -# libtool support. -case $host in -ia64-*-hpux*) - # Find out what ABI is being produced by ac_compile, and set mode - # options accordingly. - echo 'int i;' > conftest.$ac_ext - if AC_TRY_EVAL(ac_compile); then - case `/usr/bin/file conftest.$ac_objext` in - *ELF-32*) - HPUX_IA64_MODE=32 - ;; - *ELF-64*) - HPUX_IA64_MODE=64 - ;; - esac - fi - rm -rf conftest* - ;; -*-*-irix6*) - # Find out what ABI is being produced by ac_compile, and set linker - # options accordingly. - echo '[#]line '$LINENO' "configure"' > conftest.$ac_ext - if AC_TRY_EVAL(ac_compile); then - if test yes = "$lt_cv_prog_gnu_ld"; then - case `/usr/bin/file conftest.$ac_objext` in - *32-bit*) - LD="${LD-ld} -melf32bsmip" - ;; - *N32*) - LD="${LD-ld} -melf32bmipn32" - ;; - *64-bit*) - LD="${LD-ld} -melf64bmip" - ;; - esac - else - case `/usr/bin/file conftest.$ac_objext` in - *32-bit*) - LD="${LD-ld} -32" - ;; - *N32*) - LD="${LD-ld} -n32" - ;; - *64-bit*) - LD="${LD-ld} -64" - ;; - esac - fi - fi - rm -rf conftest* - ;; - -mips64*-*linux*) - # Find out what ABI is being produced by ac_compile, and set linker - # options accordingly. - echo '[#]line '$LINENO' "configure"' > conftest.$ac_ext - if AC_TRY_EVAL(ac_compile); then - emul=elf - case `/usr/bin/file conftest.$ac_objext` in - *32-bit*) - emul="${emul}32" - ;; - *64-bit*) - emul="${emul}64" - ;; - esac - case `/usr/bin/file conftest.$ac_objext` in - *MSB*) - emul="${emul}btsmip" - ;; - *LSB*) - emul="${emul}ltsmip" - ;; - esac - case `/usr/bin/file conftest.$ac_objext` in - *N32*) - emul="${emul}n32" - ;; - esac - LD="${LD-ld} -m $emul" - fi - rm -rf conftest* - ;; - -x86_64-*kfreebsd*-gnu|x86_64-*linux*|powerpc*-*linux*| \ -s390*-*linux*|s390*-*tpf*|sparc*-*linux*) - # Find out what ABI is being produced by ac_compile, and set linker - # options accordingly. Note that the listed cases only cover the - # situations where additional linker options are needed (such as when - # doing 32-bit compilation for a host where ld defaults to 64-bit, or - # vice versa); the common cases where no linker options are needed do - # not appear in the list. - echo 'int i;' > conftest.$ac_ext - if AC_TRY_EVAL(ac_compile); then - case `/usr/bin/file conftest.o` in - *32-bit*) - case $host in - x86_64-*kfreebsd*-gnu) - LD="${LD-ld} -m elf_i386_fbsd" - ;; - x86_64-*linux*) - case `/usr/bin/file conftest.o` in - *x86-64*) - LD="${LD-ld} -m elf32_x86_64" - ;; - *) - LD="${LD-ld} -m elf_i386" - ;; - esac - ;; - powerpc64le-*linux*) - LD="${LD-ld} -m elf32lppclinux" - ;; - powerpc64-*linux*) - LD="${LD-ld} -m elf32ppclinux" - ;; - s390x-*linux*) - LD="${LD-ld} -m elf_s390" - ;; - sparc64-*linux*) - LD="${LD-ld} -m elf32_sparc" - ;; - esac - ;; - *64-bit*) - case $host in - x86_64-*kfreebsd*-gnu) - LD="${LD-ld} -m elf_x86_64_fbsd" - ;; - x86_64-*linux*) - LD="${LD-ld} -m elf_x86_64" - ;; - powerpcle-*linux*) - LD="${LD-ld} -m elf64lppc" - ;; - powerpc-*linux*) - LD="${LD-ld} -m elf64ppc" - ;; - s390*-*linux*|s390*-*tpf*) - LD="${LD-ld} -m elf64_s390" - ;; - sparc*-*linux*) - LD="${LD-ld} -m elf64_sparc" - ;; - esac - ;; - esac - fi - rm -rf conftest* - ;; - -*-*-sco3.2v5*) - # On SCO OpenServer 5, we need -belf to get full-featured binaries. - SAVE_CFLAGS=$CFLAGS - CFLAGS="$CFLAGS -belf" - AC_CACHE_CHECK([whether the C compiler needs -belf], lt_cv_cc_needs_belf, - [AC_LANG_PUSH(C) - AC_LINK_IFELSE([AC_LANG_PROGRAM([[]],[[]])],[lt_cv_cc_needs_belf=yes],[lt_cv_cc_needs_belf=no]) - AC_LANG_POP]) - if test yes != "$lt_cv_cc_needs_belf"; then - # this is probably gcc 2.8.0, egcs 1.0 or newer; no need for -belf - CFLAGS=$SAVE_CFLAGS - fi - ;; -*-*solaris*) - # Find out what ABI is being produced by ac_compile, and set linker - # options accordingly. - echo 'int i;' > conftest.$ac_ext - if AC_TRY_EVAL(ac_compile); then - case `/usr/bin/file conftest.o` in - *64-bit*) - case $lt_cv_prog_gnu_ld in - yes*) - case $host in - i?86-*-solaris*|x86_64-*-solaris*) - LD="${LD-ld} -m elf_x86_64" - ;; - sparc*-*-solaris*) - LD="${LD-ld} -m elf64_sparc" - ;; - esac - # GNU ld 2.21 introduced _sol2 emulations. Use them if available. - if ${LD-ld} -V | grep _sol2 >/dev/null 2>&1; then - LD=${LD-ld}_sol2 - fi - ;; - *) - if ${LD-ld} -64 -r -o conftest2.o conftest.o >/dev/null 2>&1; then - LD="${LD-ld} -64" - fi - ;; - esac - ;; - esac - fi - rm -rf conftest* - ;; -esac - -need_locks=$enable_libtool_lock -])# _LT_ENABLE_LOCK - - -# _LT_PROG_AR -# ----------- -m4_defun([_LT_PROG_AR], -[AC_CHECK_TOOLS(AR, [ar], false) -: ${AR=ar} -: ${AR_FLAGS=cru} -_LT_DECL([], [AR], [1], [The archiver]) -_LT_DECL([], [AR_FLAGS], [1], [Flags to create an archive]) - -AC_CACHE_CHECK([for archiver @FILE support], [lt_cv_ar_at_file], - [lt_cv_ar_at_file=no - AC_COMPILE_IFELSE([AC_LANG_PROGRAM], - [echo conftest.$ac_objext > conftest.lst - lt_ar_try='$AR $AR_FLAGS libconftest.a @conftest.lst >&AS_MESSAGE_LOG_FD' - AC_TRY_EVAL([lt_ar_try]) - if test 0 -eq "$ac_status"; then - # Ensure the archiver fails upon bogus file names. - rm -f conftest.$ac_objext libconftest.a - AC_TRY_EVAL([lt_ar_try]) - if test 0 -ne "$ac_status"; then - lt_cv_ar_at_file=@ - fi - fi - rm -f conftest.* libconftest.a - ]) - ]) - -if test no = "$lt_cv_ar_at_file"; then - archiver_list_spec= -else - archiver_list_spec=$lt_cv_ar_at_file -fi -_LT_DECL([], [archiver_list_spec], [1], - [How to feed a file listing to the archiver]) -])# _LT_PROG_AR - - -# _LT_CMD_OLD_ARCHIVE -# ------------------- -m4_defun([_LT_CMD_OLD_ARCHIVE], -[_LT_PROG_AR - -AC_CHECK_TOOL(STRIP, strip, :) -test -z "$STRIP" && STRIP=: -_LT_DECL([], [STRIP], [1], [A symbol stripping program]) - -AC_CHECK_TOOL(RANLIB, ranlib, :) -test -z "$RANLIB" && RANLIB=: -_LT_DECL([], [RANLIB], [1], - [Commands used to install an old-style archive]) - -# Determine commands to create old-style static archives. -old_archive_cmds='$AR $AR_FLAGS $oldlib$oldobjs' -old_postinstall_cmds='chmod 644 $oldlib' -old_postuninstall_cmds= - -if test -n "$RANLIB"; then - case $host_os in - bitrig* | openbsd*) - old_postinstall_cmds="$old_postinstall_cmds~\$RANLIB -t \$tool_oldlib" - ;; - *) - old_postinstall_cmds="$old_postinstall_cmds~\$RANLIB \$tool_oldlib" - ;; - esac - old_archive_cmds="$old_archive_cmds~\$RANLIB \$tool_oldlib" -fi - -case $host_os in - darwin*) - lock_old_archive_extraction=yes ;; - *) - lock_old_archive_extraction=no ;; -esac -_LT_DECL([], [old_postinstall_cmds], [2]) -_LT_DECL([], [old_postuninstall_cmds], [2]) -_LT_TAGDECL([], [old_archive_cmds], [2], - [Commands used to build an old-style archive]) -_LT_DECL([], [lock_old_archive_extraction], [0], - [Whether to use a lock for old archive extraction]) -])# _LT_CMD_OLD_ARCHIVE - - -# _LT_COMPILER_OPTION(MESSAGE, VARIABLE-NAME, FLAGS, -# [OUTPUT-FILE], [ACTION-SUCCESS], [ACTION-FAILURE]) -# ---------------------------------------------------------------- -# Check whether the given compiler option works -AC_DEFUN([_LT_COMPILER_OPTION], -[m4_require([_LT_FILEUTILS_DEFAULTS])dnl -m4_require([_LT_DECL_SED])dnl -AC_CACHE_CHECK([$1], [$2], - [$2=no - m4_if([$4], , [ac_outfile=conftest.$ac_objext], [ac_outfile=$4]) - echo "$lt_simple_compile_test_code" > conftest.$ac_ext - lt_compiler_flag="$3" ## exclude from sc_useless_quotes_in_assignment - # Insert the option either (1) after the last *FLAGS variable, or - # (2) before a word containing "conftest.", or (3) at the end. - # Note that $ac_compile itself does not contain backslashes and begins - # with a dollar sign (not a hyphen), so the echo should work correctly. - # The option is referenced via a variable to avoid confusing sed. - lt_compile=`echo "$ac_compile" | $SED \ - -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ - -e 's: [[^ ]]*conftest\.: $lt_compiler_flag&:; t' \ - -e 's:$: $lt_compiler_flag:'` - (eval echo "\"\$as_me:$LINENO: $lt_compile\"" >&AS_MESSAGE_LOG_FD) - (eval "$lt_compile" 2>conftest.err) - ac_status=$? - cat conftest.err >&AS_MESSAGE_LOG_FD - echo "$as_me:$LINENO: \$? = $ac_status" >&AS_MESSAGE_LOG_FD - if (exit $ac_status) && test -s "$ac_outfile"; then - # The compiler can only warn and ignore the option if not recognized - # So say no if there are warnings other than the usual output. - $ECHO "$_lt_compiler_boilerplate" | $SED '/^$/d' >conftest.exp - $SED '/^$/d; /^ *+/d' conftest.err >conftest.er2 - if test ! -s conftest.er2 || diff conftest.exp conftest.er2 >/dev/null; then - $2=yes - fi - fi - $RM conftest* -]) - -if test yes = "[$]$2"; then - m4_if([$5], , :, [$5]) -else - m4_if([$6], , :, [$6]) -fi -])# _LT_COMPILER_OPTION - -# Old name: -AU_ALIAS([AC_LIBTOOL_COMPILER_OPTION], [_LT_COMPILER_OPTION]) -dnl aclocal-1.4 backwards compatibility: -dnl AC_DEFUN([AC_LIBTOOL_COMPILER_OPTION], []) - - -# _LT_LINKER_OPTION(MESSAGE, VARIABLE-NAME, FLAGS, -# [ACTION-SUCCESS], [ACTION-FAILURE]) -# ---------------------------------------------------- -# Check whether the given linker option works -AC_DEFUN([_LT_LINKER_OPTION], -[m4_require([_LT_FILEUTILS_DEFAULTS])dnl -m4_require([_LT_DECL_SED])dnl -AC_CACHE_CHECK([$1], [$2], - [$2=no - save_LDFLAGS=$LDFLAGS - LDFLAGS="$LDFLAGS $3" - echo "$lt_simple_link_test_code" > conftest.$ac_ext - if (eval $ac_link 2>conftest.err) && test -s conftest$ac_exeext; then - # The linker can only warn and ignore the option if not recognized - # So say no if there are warnings - if test -s conftest.err; then - # Append any errors to the config.log. - cat conftest.err 1>&AS_MESSAGE_LOG_FD - $ECHO "$_lt_linker_boilerplate" | $SED '/^$/d' > conftest.exp - $SED '/^$/d; /^ *+/d' conftest.err >conftest.er2 - if diff conftest.exp conftest.er2 >/dev/null; then - $2=yes - fi - else - $2=yes - fi - fi - $RM -r conftest* - LDFLAGS=$save_LDFLAGS -]) - -if test yes = "[$]$2"; then - m4_if([$4], , :, [$4]) -else - m4_if([$5], , :, [$5]) -fi -])# _LT_LINKER_OPTION - -# Old name: -AU_ALIAS([AC_LIBTOOL_LINKER_OPTION], [_LT_LINKER_OPTION]) -dnl aclocal-1.4 backwards compatibility: -dnl AC_DEFUN([AC_LIBTOOL_LINKER_OPTION], []) - - -# LT_CMD_MAX_LEN -#--------------- -AC_DEFUN([LT_CMD_MAX_LEN], -[AC_REQUIRE([AC_CANONICAL_HOST])dnl -# find the maximum length of command line arguments -AC_MSG_CHECKING([the maximum length of command line arguments]) -AC_CACHE_VAL([lt_cv_sys_max_cmd_len], [dnl - i=0 - teststring=ABCD - - case $build_os in - msdosdjgpp*) - # On DJGPP, this test can blow up pretty badly due to problems in libc - # (any single argument exceeding 2000 bytes causes a buffer overrun - # during glob expansion). Even if it were fixed, the result of this - # check would be larger than it should be. - lt_cv_sys_max_cmd_len=12288; # 12K is about right - ;; - - gnu*) - # Under GNU Hurd, this test is not required because there is - # no limit to the length of command line arguments. - # Libtool will interpret -1 as no limit whatsoever - lt_cv_sys_max_cmd_len=-1; - ;; - - cygwin* | mingw* | cegcc*) - # On Win9x/ME, this test blows up -- it succeeds, but takes - # about 5 minutes as the teststring grows exponentially. - # Worse, since 9x/ME are not pre-emptively multitasking, - # you end up with a "frozen" computer, even though with patience - # the test eventually succeeds (with a max line length of 256k). - # Instead, let's just punt: use the minimum linelength reported by - # all of the supported platforms: 8192 (on NT/2K/XP). - lt_cv_sys_max_cmd_len=8192; - ;; - - mint*) - # On MiNT this can take a long time and run out of memory. - lt_cv_sys_max_cmd_len=8192; - ;; - - amigaos*) - # On AmigaOS with pdksh, this test takes hours, literally. - # So we just punt and use a minimum line length of 8192. - lt_cv_sys_max_cmd_len=8192; - ;; - - bitrig* | darwin* | dragonfly* | freebsd* | netbsd* | openbsd*) - # This has been around since 386BSD, at least. Likely further. - if test -x /sbin/sysctl; then - lt_cv_sys_max_cmd_len=`/sbin/sysctl -n kern.argmax` - elif test -x /usr/sbin/sysctl; then - lt_cv_sys_max_cmd_len=`/usr/sbin/sysctl -n kern.argmax` - else - lt_cv_sys_max_cmd_len=65536 # usable default for all BSDs - fi - # And add a safety zone - lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \/ 4` - lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \* 3` - ;; - - interix*) - # We know the value 262144 and hardcode it with a safety zone (like BSD) - lt_cv_sys_max_cmd_len=196608 - ;; - - os2*) - # The test takes a long time on OS/2. - lt_cv_sys_max_cmd_len=8192 - ;; - - osf*) - # Dr. Hans Ekkehard Plesser reports seeing a kernel panic running configure - # due to this test when exec_disable_arg_limit is 1 on Tru64. It is not - # nice to cause kernel panics so lets avoid the loop below. - # First set a reasonable default. - lt_cv_sys_max_cmd_len=16384 - # - if test -x /sbin/sysconfig; then - case `/sbin/sysconfig -q proc exec_disable_arg_limit` in - *1*) lt_cv_sys_max_cmd_len=-1 ;; - esac - fi - ;; - sco3.2v5*) - lt_cv_sys_max_cmd_len=102400 - ;; - sysv5* | sco5v6* | sysv4.2uw2*) - kargmax=`grep ARG_MAX /etc/conf/cf.d/stune 2>/dev/null` - if test -n "$kargmax"; then - lt_cv_sys_max_cmd_len=`echo $kargmax | sed 's/.*[[ ]]//'` - else - lt_cv_sys_max_cmd_len=32768 - fi - ;; - *) - lt_cv_sys_max_cmd_len=`(getconf ARG_MAX) 2> /dev/null` - if test -n "$lt_cv_sys_max_cmd_len" && \ - test undefined != "$lt_cv_sys_max_cmd_len"; then - lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \/ 4` - lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \* 3` - else - # Make teststring a little bigger before we do anything with it. - # a 1K string should be a reasonable start. - for i in 1 2 3 4 5 6 7 8; do - teststring=$teststring$teststring - done - SHELL=${SHELL-${CONFIG_SHELL-/bin/sh}} - # If test is not a shell built-in, we'll probably end up computing a - # maximum length that is only half of the actual maximum length, but - # we can't tell. - while { test X`env echo "$teststring$teststring" 2>/dev/null` \ - = "X$teststring$teststring"; } >/dev/null 2>&1 && - test 17 != "$i" # 1/2 MB should be enough - do - i=`expr $i + 1` - teststring=$teststring$teststring - done - # Only check the string length outside the loop. - lt_cv_sys_max_cmd_len=`expr "X$teststring" : ".*" 2>&1` - teststring= - # Add a significant safety factor because C++ compilers can tack on - # massive amounts of additional arguments before passing them to the - # linker. It appears as though 1/2 is a usable value. - lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \/ 2` - fi - ;; - esac -]) -if test -n "$lt_cv_sys_max_cmd_len"; then - AC_MSG_RESULT($lt_cv_sys_max_cmd_len) -else - AC_MSG_RESULT(none) -fi -max_cmd_len=$lt_cv_sys_max_cmd_len -_LT_DECL([], [max_cmd_len], [0], - [What is the maximum length of a command?]) -])# LT_CMD_MAX_LEN - -# Old name: -AU_ALIAS([AC_LIBTOOL_SYS_MAX_CMD_LEN], [LT_CMD_MAX_LEN]) -dnl aclocal-1.4 backwards compatibility: -dnl AC_DEFUN([AC_LIBTOOL_SYS_MAX_CMD_LEN], []) - - -# _LT_HEADER_DLFCN -# ---------------- -m4_defun([_LT_HEADER_DLFCN], -[AC_CHECK_HEADERS([dlfcn.h], [], [], [AC_INCLUDES_DEFAULT])dnl -])# _LT_HEADER_DLFCN - - -# _LT_TRY_DLOPEN_SELF (ACTION-IF-TRUE, ACTION-IF-TRUE-W-USCORE, -# ACTION-IF-FALSE, ACTION-IF-CROSS-COMPILING) -# ---------------------------------------------------------------- -m4_defun([_LT_TRY_DLOPEN_SELF], -[m4_require([_LT_HEADER_DLFCN])dnl -if test yes = "$cross_compiling"; then : - [$4] -else - lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2 - lt_status=$lt_dlunknown - cat > conftest.$ac_ext <<_LT_EOF -[#line $LINENO "configure" -#include "confdefs.h" - -#if HAVE_DLFCN_H -#include -#endif - -#include - -#ifdef RTLD_GLOBAL -# define LT_DLGLOBAL RTLD_GLOBAL -#else -# ifdef DL_GLOBAL -# define LT_DLGLOBAL DL_GLOBAL -# else -# define LT_DLGLOBAL 0 -# endif -#endif - -/* We may have to define LT_DLLAZY_OR_NOW in the command line if we - find out it does not work in some platform. */ -#ifndef LT_DLLAZY_OR_NOW -# ifdef RTLD_LAZY -# define LT_DLLAZY_OR_NOW RTLD_LAZY -# else -# ifdef DL_LAZY -# define LT_DLLAZY_OR_NOW DL_LAZY -# else -# ifdef RTLD_NOW -# define LT_DLLAZY_OR_NOW RTLD_NOW -# else -# ifdef DL_NOW -# define LT_DLLAZY_OR_NOW DL_NOW -# else -# define LT_DLLAZY_OR_NOW 0 -# endif -# endif -# endif -# endif -#endif - -/* When -fvisibility=hidden is used, assume the code has been annotated - correspondingly for the symbols needed. */ -#if defined __GNUC__ && (((__GNUC__ == 3) && (__GNUC_MINOR__ >= 3)) || (__GNUC__ > 3)) -int fnord () __attribute__((visibility("default"))); -#endif - -int fnord () { return 42; } -int main () -{ - void *self = dlopen (0, LT_DLGLOBAL|LT_DLLAZY_OR_NOW); - int status = $lt_dlunknown; - - if (self) - { - if (dlsym (self,"fnord")) status = $lt_dlno_uscore; - else - { - if (dlsym( self,"_fnord")) status = $lt_dlneed_uscore; - else puts (dlerror ()); - } - /* dlclose (self); */ - } - else - puts (dlerror ()); - - return status; -}] -_LT_EOF - if AC_TRY_EVAL(ac_link) && test -s "conftest$ac_exeext" 2>/dev/null; then - (./conftest; exit; ) >&AS_MESSAGE_LOG_FD 2>/dev/null - lt_status=$? - case x$lt_status in - x$lt_dlno_uscore) $1 ;; - x$lt_dlneed_uscore) $2 ;; - x$lt_dlunknown|x*) $3 ;; - esac - else : - # compilation failed - $3 - fi -fi -rm -fr conftest* -])# _LT_TRY_DLOPEN_SELF - - -# LT_SYS_DLOPEN_SELF -# ------------------ -AC_DEFUN([LT_SYS_DLOPEN_SELF], -[m4_require([_LT_HEADER_DLFCN])dnl -if test yes != "$enable_dlopen"; then - enable_dlopen=unknown - enable_dlopen_self=unknown - enable_dlopen_self_static=unknown -else - lt_cv_dlopen=no - lt_cv_dlopen_libs= - - case $host_os in - beos*) - lt_cv_dlopen=load_add_on - lt_cv_dlopen_libs= - lt_cv_dlopen_self=yes - ;; - - mingw* | pw32* | cegcc*) - lt_cv_dlopen=LoadLibrary - lt_cv_dlopen_libs= - ;; - - cygwin*) - lt_cv_dlopen=dlopen - lt_cv_dlopen_libs= - ;; - - darwin*) - # if libdl is installed we need to link against it - AC_CHECK_LIB([dl], [dlopen], - [lt_cv_dlopen=dlopen lt_cv_dlopen_libs=-ldl],[ - lt_cv_dlopen=dyld - lt_cv_dlopen_libs= - lt_cv_dlopen_self=yes - ]) - ;; - - tpf*) - # Don't try to run any link tests for TPF. We know it's impossible - # because TPF is a cross-compiler, and we know how we open DSOs. - lt_cv_dlopen=dlopen - lt_cv_dlopen_libs= - lt_cv_dlopen_self=no - ;; - - *) - AC_CHECK_FUNC([shl_load], - [lt_cv_dlopen=shl_load], - [AC_CHECK_LIB([dld], [shl_load], - [lt_cv_dlopen=shl_load lt_cv_dlopen_libs=-ldld], - [AC_CHECK_FUNC([dlopen], - [lt_cv_dlopen=dlopen], - [AC_CHECK_LIB([dl], [dlopen], - [lt_cv_dlopen=dlopen lt_cv_dlopen_libs=-ldl], - [AC_CHECK_LIB([svld], [dlopen], - [lt_cv_dlopen=dlopen lt_cv_dlopen_libs=-lsvld], - [AC_CHECK_LIB([dld], [dld_link], - [lt_cv_dlopen=dld_link lt_cv_dlopen_libs=-ldld]) - ]) - ]) - ]) - ]) - ]) - ;; - esac - - if test no = "$lt_cv_dlopen"; then - enable_dlopen=no - else - enable_dlopen=yes - fi - - case $lt_cv_dlopen in - dlopen) - save_CPPFLAGS=$CPPFLAGS - test yes = "$ac_cv_header_dlfcn_h" && CPPFLAGS="$CPPFLAGS -DHAVE_DLFCN_H" - - save_LDFLAGS=$LDFLAGS - wl=$lt_prog_compiler_wl eval LDFLAGS=\"\$LDFLAGS $export_dynamic_flag_spec\" - - save_LIBS=$LIBS - LIBS="$lt_cv_dlopen_libs $LIBS" - - AC_CACHE_CHECK([whether a program can dlopen itself], - lt_cv_dlopen_self, [dnl - _LT_TRY_DLOPEN_SELF( - lt_cv_dlopen_self=yes, lt_cv_dlopen_self=yes, - lt_cv_dlopen_self=no, lt_cv_dlopen_self=cross) - ]) - - if test yes = "$lt_cv_dlopen_self"; then - wl=$lt_prog_compiler_wl eval LDFLAGS=\"\$LDFLAGS $lt_prog_compiler_static\" - AC_CACHE_CHECK([whether a statically linked program can dlopen itself], - lt_cv_dlopen_self_static, [dnl - _LT_TRY_DLOPEN_SELF( - lt_cv_dlopen_self_static=yes, lt_cv_dlopen_self_static=yes, - lt_cv_dlopen_self_static=no, lt_cv_dlopen_self_static=cross) - ]) - fi - - CPPFLAGS=$save_CPPFLAGS - LDFLAGS=$save_LDFLAGS - LIBS=$save_LIBS - ;; - esac - - case $lt_cv_dlopen_self in - yes|no) enable_dlopen_self=$lt_cv_dlopen_self ;; - *) enable_dlopen_self=unknown ;; - esac - - case $lt_cv_dlopen_self_static in - yes|no) enable_dlopen_self_static=$lt_cv_dlopen_self_static ;; - *) enable_dlopen_self_static=unknown ;; - esac -fi -_LT_DECL([dlopen_support], [enable_dlopen], [0], - [Whether dlopen is supported]) -_LT_DECL([dlopen_self], [enable_dlopen_self], [0], - [Whether dlopen of programs is supported]) -_LT_DECL([dlopen_self_static], [enable_dlopen_self_static], [0], - [Whether dlopen of statically linked programs is supported]) -])# LT_SYS_DLOPEN_SELF - -# Old name: -AU_ALIAS([AC_LIBTOOL_DLOPEN_SELF], [LT_SYS_DLOPEN_SELF]) -dnl aclocal-1.4 backwards compatibility: -dnl AC_DEFUN([AC_LIBTOOL_DLOPEN_SELF], []) - - -# _LT_COMPILER_C_O([TAGNAME]) -# --------------------------- -# Check to see if options -c and -o are simultaneously supported by compiler. -# This macro does not hard code the compiler like AC_PROG_CC_C_O. -m4_defun([_LT_COMPILER_C_O], -[m4_require([_LT_DECL_SED])dnl -m4_require([_LT_FILEUTILS_DEFAULTS])dnl -m4_require([_LT_TAG_COMPILER])dnl -AC_CACHE_CHECK([if $compiler supports -c -o file.$ac_objext], - [_LT_TAGVAR(lt_cv_prog_compiler_c_o, $1)], - [_LT_TAGVAR(lt_cv_prog_compiler_c_o, $1)=no - $RM -r conftest 2>/dev/null - mkdir conftest - cd conftest - mkdir out - echo "$lt_simple_compile_test_code" > conftest.$ac_ext - - lt_compiler_flag="-o out/conftest2.$ac_objext" - # Insert the option either (1) after the last *FLAGS variable, or - # (2) before a word containing "conftest.", or (3) at the end. - # Note that $ac_compile itself does not contain backslashes and begins - # with a dollar sign (not a hyphen), so the echo should work correctly. - lt_compile=`echo "$ac_compile" | $SED \ - -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ - -e 's: [[^ ]]*conftest\.: $lt_compiler_flag&:; t' \ - -e 's:$: $lt_compiler_flag:'` - (eval echo "\"\$as_me:$LINENO: $lt_compile\"" >&AS_MESSAGE_LOG_FD) - (eval "$lt_compile" 2>out/conftest.err) - ac_status=$? - cat out/conftest.err >&AS_MESSAGE_LOG_FD - echo "$as_me:$LINENO: \$? = $ac_status" >&AS_MESSAGE_LOG_FD - if (exit $ac_status) && test -s out/conftest2.$ac_objext - then - # The compiler can only warn and ignore the option if not recognized - # So say no if there are warnings - $ECHO "$_lt_compiler_boilerplate" | $SED '/^$/d' > out/conftest.exp - $SED '/^$/d; /^ *+/d' out/conftest.err >out/conftest.er2 - if test ! -s out/conftest.er2 || diff out/conftest.exp out/conftest.er2 >/dev/null; then - _LT_TAGVAR(lt_cv_prog_compiler_c_o, $1)=yes - fi - fi - chmod u+w . 2>&AS_MESSAGE_LOG_FD - $RM conftest* - # SGI C++ compiler will create directory out/ii_files/ for - # template instantiation - test -d out/ii_files && $RM out/ii_files/* && rmdir out/ii_files - $RM out/* && rmdir out - cd .. - $RM -r conftest - $RM conftest* -]) -_LT_TAGDECL([compiler_c_o], [lt_cv_prog_compiler_c_o], [1], - [Does compiler simultaneously support -c and -o options?]) -])# _LT_COMPILER_C_O - - -# _LT_COMPILER_FILE_LOCKS([TAGNAME]) -# ---------------------------------- -# Check to see if we can do hard links to lock some files if needed -m4_defun([_LT_COMPILER_FILE_LOCKS], -[m4_require([_LT_ENABLE_LOCK])dnl -m4_require([_LT_FILEUTILS_DEFAULTS])dnl -_LT_COMPILER_C_O([$1]) - -hard_links=nottested -if test no = "$_LT_TAGVAR(lt_cv_prog_compiler_c_o, $1)" && test no != "$need_locks"; then - # do not overwrite the value of need_locks provided by the user - AC_MSG_CHECKING([if we can lock with hard links]) - hard_links=yes - $RM conftest* - ln conftest.a conftest.b 2>/dev/null && hard_links=no - touch conftest.a - ln conftest.a conftest.b 2>&5 || hard_links=no - ln conftest.a conftest.b 2>/dev/null && hard_links=no - AC_MSG_RESULT([$hard_links]) - if test no = "$hard_links"; then - AC_MSG_WARN(['$CC' does not support '-c -o', so 'make -j' may be unsafe]) - need_locks=warn - fi -else - need_locks=no -fi -_LT_DECL([], [need_locks], [1], [Must we lock files when doing compilation?]) -])# _LT_COMPILER_FILE_LOCKS - - -# _LT_CHECK_OBJDIR -# ---------------- -m4_defun([_LT_CHECK_OBJDIR], -[AC_CACHE_CHECK([for objdir], [lt_cv_objdir], -[rm -f .libs 2>/dev/null -mkdir .libs 2>/dev/null -if test -d .libs; then - lt_cv_objdir=.libs -else - # MS-DOS does not allow filenames that begin with a dot. - lt_cv_objdir=_libs -fi -rmdir .libs 2>/dev/null]) -objdir=$lt_cv_objdir -_LT_DECL([], [objdir], [0], - [The name of the directory that contains temporary libtool files])dnl -m4_pattern_allow([LT_OBJDIR])dnl -AC_DEFINE_UNQUOTED([LT_OBJDIR], "$lt_cv_objdir/", - [Define to the sub-directory where libtool stores uninstalled libraries.]) -])# _LT_CHECK_OBJDIR - - -# _LT_LINKER_HARDCODE_LIBPATH([TAGNAME]) -# -------------------------------------- -# Check hardcoding attributes. -m4_defun([_LT_LINKER_HARDCODE_LIBPATH], -[AC_MSG_CHECKING([how to hardcode library paths into programs]) -_LT_TAGVAR(hardcode_action, $1)= -if test -n "$_LT_TAGVAR(hardcode_libdir_flag_spec, $1)" || - test -n "$_LT_TAGVAR(runpath_var, $1)" || - test yes = "$_LT_TAGVAR(hardcode_automatic, $1)"; then - - # We can hardcode non-existent directories. - if test no != "$_LT_TAGVAR(hardcode_direct, $1)" && - # If the only mechanism to avoid hardcoding is shlibpath_var, we - # have to relink, otherwise we might link with an installed library - # when we should be linking with a yet-to-be-installed one - ## test no != "$_LT_TAGVAR(hardcode_shlibpath_var, $1)" && - test no != "$_LT_TAGVAR(hardcode_minus_L, $1)"; then - # Linking always hardcodes the temporary library directory. - _LT_TAGVAR(hardcode_action, $1)=relink - else - # We can link without hardcoding, and we can hardcode nonexisting dirs. - _LT_TAGVAR(hardcode_action, $1)=immediate - fi -else - # We cannot hardcode anything, or else we can only hardcode existing - # directories. - _LT_TAGVAR(hardcode_action, $1)=unsupported -fi -AC_MSG_RESULT([$_LT_TAGVAR(hardcode_action, $1)]) - -if test relink = "$_LT_TAGVAR(hardcode_action, $1)" || - test yes = "$_LT_TAGVAR(inherit_rpath, $1)"; then - # Fast installation is not supported - enable_fast_install=no -elif test yes = "$shlibpath_overrides_runpath" || - test no = "$enable_shared"; then - # Fast installation is not necessary - enable_fast_install=needless -fi -_LT_TAGDECL([], [hardcode_action], [0], - [How to hardcode a shared library path into an executable]) -])# _LT_LINKER_HARDCODE_LIBPATH - - -# _LT_CMD_STRIPLIB -# ---------------- -m4_defun([_LT_CMD_STRIPLIB], -[m4_require([_LT_DECL_EGREP]) -striplib= -old_striplib= -AC_MSG_CHECKING([whether stripping libraries is possible]) -if test -n "$STRIP" && $STRIP -V 2>&1 | $GREP "GNU strip" >/dev/null; then - test -z "$old_striplib" && old_striplib="$STRIP --strip-debug" - test -z "$striplib" && striplib="$STRIP --strip-unneeded" - AC_MSG_RESULT([yes]) -else -# FIXME - insert some real tests, host_os isn't really good enough - case $host_os in - darwin*) - if test -n "$STRIP"; then - striplib="$STRIP -x" - old_striplib="$STRIP -S" - AC_MSG_RESULT([yes]) - else - AC_MSG_RESULT([no]) - fi - ;; - *) - AC_MSG_RESULT([no]) - ;; - esac -fi -_LT_DECL([], [old_striplib], [1], [Commands to strip libraries]) -_LT_DECL([], [striplib], [1]) -])# _LT_CMD_STRIPLIB - - -# _LT_PREPARE_MUNGE_PATH_LIST -# --------------------------- -# Make sure func_munge_path_list() is defined correctly. -m4_defun([_LT_PREPARE_MUNGE_PATH_LIST], -[[# func_munge_path_list VARIABLE PATH -# ----------------------------------- -# VARIABLE is name of variable containing _space_ separated list of -# directories to be munged by the contents of PATH, which is string -# having a format: -# "DIR[:DIR]:" -# string "DIR[ DIR]" will be prepended to VARIABLE -# ":DIR[:DIR]" -# string "DIR[ DIR]" will be appended to VARIABLE -# "DIRP[:DIRP]::[DIRA:]DIRA" -# string "DIRP[ DIRP]" will be prepended to VARIABLE and string -# "DIRA[ DIRA]" will be appended to VARIABLE -# "DIR[:DIR]" -# VARIABLE will be replaced by "DIR[ DIR]" -func_munge_path_list () -{ - case x@S|@2 in - x) - ;; - *:) - eval @S|@1=\"`$ECHO @S|@2 | $SED 's/:/ /g'` \@S|@@S|@1\" - ;; - x:*) - eval @S|@1=\"\@S|@@S|@1 `$ECHO @S|@2 | $SED 's/:/ /g'`\" - ;; - *::*) - eval @S|@1=\"\@S|@@S|@1\ `$ECHO @S|@2 | $SED -e 's/.*:://' -e 's/:/ /g'`\" - eval @S|@1=\"`$ECHO @S|@2 | $SED -e 's/::.*//' -e 's/:/ /g'`\ \@S|@@S|@1\" - ;; - *) - eval @S|@1=\"`$ECHO @S|@2 | $SED 's/:/ /g'`\" - ;; - esac -} -]])# _LT_PREPARE_PATH_LIST - - -# _LT_SYS_DYNAMIC_LINKER([TAG]) -# ----------------------------- -# PORTME Fill in your ld.so characteristics -m4_defun([_LT_SYS_DYNAMIC_LINKER], -[AC_REQUIRE([AC_CANONICAL_HOST])dnl -m4_require([_LT_DECL_EGREP])dnl -m4_require([_LT_FILEUTILS_DEFAULTS])dnl -m4_require([_LT_DECL_OBJDUMP])dnl -m4_require([_LT_DECL_SED])dnl -m4_require([_LT_CHECK_SHELL_FEATURES])dnl -m4_require([_LT_PREPARE_MUNGE_PATH_LIST])dnl -AC_MSG_CHECKING([dynamic linker characteristics]) -m4_if([$1], - [], [ -if test yes = "$GCC"; then - case $host_os in - darwin*) lt_awk_arg='/^libraries:/,/LR/' ;; - *) lt_awk_arg='/^libraries:/' ;; - esac - case $host_os in - mingw* | cegcc*) lt_sed_strip_eq='s|=\([[A-Za-z]]:\)|\1|g' ;; - *) lt_sed_strip_eq='s|=/|/|g' ;; - esac - lt_search_path_spec=`$CC -print-search-dirs | awk $lt_awk_arg | $SED -e "s/^libraries://" -e $lt_sed_strip_eq` - case $lt_search_path_spec in - *\;*) - # if the path contains ";" then we assume it to be the separator - # otherwise default to the standard path separator (i.e. ":") - it is - # assumed that no part of a normal pathname contains ";" but that should - # okay in the real world where ";" in dirpaths is itself problematic. - lt_search_path_spec=`$ECHO "$lt_search_path_spec" | $SED 's/;/ /g'` - ;; - *) - lt_search_path_spec=`$ECHO "$lt_search_path_spec" | $SED "s/$PATH_SEPARATOR/ /g"` - ;; - esac - # Ok, now we have the path, separated by spaces, we can step through it - # and add multilib dir if necessary... - lt_tmp_lt_search_path_spec= - lt_multi_os_dir=/`$CC $CPPFLAGS $CFLAGS $LDFLAGS -print-multi-os-directory 2>/dev/null` - # ...but if some path component already ends with the multilib dir we assume - # that all is fine and trust -print-search-dirs as is (GCC 4.2? or newer). - case "$lt_multi_os_dir; $lt_search_path_spec " in - "/; "* | "/.; "* | "/./; "* | *"$lt_multi_os_dir "* | *"$lt_multi_os_dir/ "*) - lt_multi_os_dir= - ;; - esac - for lt_sys_path in $lt_search_path_spec; do - if test -d "$lt_sys_path$lt_multi_os_dir"; then - lt_tmp_lt_search_path_spec="$lt_tmp_lt_search_path_spec $lt_sys_path$lt_multi_os_dir" - elif test -n "$lt_multi_os_dir"; then - test -d "$lt_sys_path" && \ - lt_tmp_lt_search_path_spec="$lt_tmp_lt_search_path_spec $lt_sys_path" - fi - done - lt_search_path_spec=`$ECHO "$lt_tmp_lt_search_path_spec" | awk ' -BEGIN {RS = " "; FS = "/|\n";} { - lt_foo = ""; - lt_count = 0; - for (lt_i = NF; lt_i > 0; lt_i--) { - if ($lt_i != "" && $lt_i != ".") { - if ($lt_i == "..") { - lt_count++; - } else { - if (lt_count == 0) { - lt_foo = "/" $lt_i lt_foo; - } else { - lt_count--; - } - } - } - } - if (lt_foo != "") { lt_freq[[lt_foo]]++; } - if (lt_freq[[lt_foo]] == 1) { print lt_foo; } -}'` - # AWK program above erroneously prepends '/' to C:/dos/paths - # for these hosts. - case $host_os in - mingw* | cegcc*) lt_search_path_spec=`$ECHO "$lt_search_path_spec" |\ - $SED 's|/\([[A-Za-z]]:\)|\1|g'` ;; - esac - sys_lib_search_path_spec=`$ECHO "$lt_search_path_spec" | $lt_NL2SP` -else - sys_lib_search_path_spec="/lib /usr/lib /usr/local/lib" -fi]) -library_names_spec= -libname_spec='lib$name' -soname_spec= -shrext_cmds=.so -postinstall_cmds= -postuninstall_cmds= -finish_cmds= -finish_eval= -shlibpath_var= -shlibpath_overrides_runpath=unknown -version_type=none -dynamic_linker="$host_os ld.so" -sys_lib_dlsearch_path_spec="/lib /usr/lib" -need_lib_prefix=unknown -hardcode_into_libs=no - -# when you set need_version to no, make sure it does not cause -set_version -# flags to be left without arguments -need_version=unknown - -AC_ARG_VAR([LT_SYS_LIBRARY_PATH], -[User-defined run-time library search path.]) - -case $host_os in -aix3*) - version_type=linux # correct to gnu/linux during the next big refactor - library_names_spec='$libname$release$shared_ext$versuffix $libname.a' - shlibpath_var=LIBPATH - - # AIX 3 has no versioning support, so we append a major version to the name. - soname_spec='$libname$release$shared_ext$major' - ;; - -aix[[4-9]]*) - version_type=linux # correct to gnu/linux during the next big refactor - need_lib_prefix=no - need_version=no - hardcode_into_libs=yes - if test ia64 = "$host_cpu"; then - # AIX 5 supports IA64 - library_names_spec='$libname$release$shared_ext$major $libname$release$shared_ext$versuffix $libname$shared_ext' - shlibpath_var=LD_LIBRARY_PATH - else - # With GCC up to 2.95.x, collect2 would create an import file - # for dependence libraries. The import file would start with - # the line '#! .'. This would cause the generated library to - # depend on '.', always an invalid library. This was fixed in - # development snapshots of GCC prior to 3.0. - case $host_os in - aix4 | aix4.[[01]] | aix4.[[01]].*) - if { echo '#if __GNUC__ > 2 || (__GNUC__ == 2 && __GNUC_MINOR__ >= 97)' - echo ' yes ' - echo '#endif'; } | $CC -E - | $GREP yes > /dev/null; then - : - else - can_build_shared=no - fi - ;; - esac - # Using Import Files as archive members, it is possible to support - # filename-based versioning of shared library archives on AIX. While - # this would work for both with and without runtime linking, it will - # prevent static linking of such archives. So we do filename-based - # shared library versioning with .so extension only, which is used - # when both runtime linking and shared linking is enabled. - # Unfortunately, runtime linking may impact performance, so we do - # not want this to be the default eventually. Also, we use the - # versioned .so libs for executables only if there is the -brtl - # linker flag in LDFLAGS as well, or --with-aix-soname=svr4 only. - # To allow for filename-based versioning support, we need to create - # libNAME.so.V as an archive file, containing: - # *) an Import File, referring to the versioned filename of the - # archive as well as the shared archive member, telling the - # bitwidth (32 or 64) of that shared object, and providing the - # list of exported symbols of that shared object, eventually - # decorated with the 'weak' keyword - # *) the shared object with the F_LOADONLY flag set, to really avoid - # it being seen by the linker. - # At run time we better use the real file rather than another symlink, - # but for link time we create the symlink libNAME.so -> libNAME.so.V - - case $with_aix_soname,$aix_use_runtimelinking in - # AIX (on Power*) has no versioning support, so currently we cannot hardcode correct - # soname into executable. Probably we can add versioning support to - # collect2, so additional links can be useful in future. - aix,yes) # traditional libtool - dynamic_linker='AIX unversionable lib.so' - # If using run time linking (on AIX 4.2 or later) use lib.so - # instead of lib.a to let people know that these are not - # typical AIX shared libraries. - library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext' - ;; - aix,no) # traditional AIX only - dynamic_linker='AIX lib.a[(]lib.so.V[)]' - # We preserve .a as extension for shared libraries through AIX4.2 - # and later when we are not doing run time linking. - library_names_spec='$libname$release.a $libname.a' - soname_spec='$libname$release$shared_ext$major' - ;; - svr4,*) # full svr4 only - dynamic_linker="AIX lib.so.V[(]$shared_archive_member_spec.o[)]" - library_names_spec='$libname$release$shared_ext$major $libname$shared_ext' - # We do not specify a path in Import Files, so LIBPATH fires. - shlibpath_overrides_runpath=yes - ;; - *,yes) # both, prefer svr4 - dynamic_linker="AIX lib.so.V[(]$shared_archive_member_spec.o[)], lib.a[(]lib.so.V[)]" - library_names_spec='$libname$release$shared_ext$major $libname$shared_ext' - # unpreferred sharedlib libNAME.a needs extra handling - postinstall_cmds='test -n "$linkname" || linkname="$realname"~func_stripname "" ".so" "$linkname"~$install_shared_prog "$dir/$func_stripname_result.$libext" "$destdir/$func_stripname_result.$libext"~test -z "$tstripme" || test -z "$striplib" || $striplib "$destdir/$func_stripname_result.$libext"' - postuninstall_cmds='for n in $library_names $old_library; do :; done~func_stripname "" ".so" "$n"~test "$func_stripname_result" = "$n" || func_append rmfiles " $odir/$func_stripname_result.$libext"' - # We do not specify a path in Import Files, so LIBPATH fires. - shlibpath_overrides_runpath=yes - ;; - *,no) # both, prefer aix - dynamic_linker="AIX lib.a[(]lib.so.V[)], lib.so.V[(]$shared_archive_member_spec.o[)]" - library_names_spec='$libname$release.a $libname.a' - soname_spec='$libname$release$shared_ext$major' - # unpreferred sharedlib libNAME.so.V and symlink libNAME.so need extra handling - postinstall_cmds='test -z "$dlname" || $install_shared_prog $dir/$dlname $destdir/$dlname~test -z "$tstripme" || test -z "$striplib" || $striplib $destdir/$dlname~test -n "$linkname" || linkname=$realname~func_stripname "" ".a" "$linkname"~(cd "$destdir" && $LN_S -f $dlname $func_stripname_result.so)' - postuninstall_cmds='test -z "$dlname" || func_append rmfiles " $odir/$dlname"~for n in $old_library $library_names; do :; done~func_stripname "" ".a" "$n"~func_append rmfiles " $odir/$func_stripname_result.so"' - ;; - esac - shlibpath_var=LIBPATH - fi - ;; - -amigaos*) - case $host_cpu in - powerpc) - # Since July 2007 AmigaOS4 officially supports .so libraries. - # When compiling the executable, add -use-dynld -Lsobjs: to the compileline. - library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext' - ;; - m68k) - library_names_spec='$libname.ixlibrary $libname.a' - # Create ${libname}_ixlibrary.a entries in /sys/libs. - finish_eval='for lib in `ls $libdir/*.ixlibrary 2>/dev/null`; do libname=`func_echo_all "$lib" | $SED '\''s%^.*/\([[^/]]*\)\.ixlibrary$%\1%'\''`; $RM /sys/libs/${libname}_ixlibrary.a; $show "cd /sys/libs && $LN_S $lib ${libname}_ixlibrary.a"; cd /sys/libs && $LN_S $lib ${libname}_ixlibrary.a || exit 1; done' - ;; - esac - ;; - -beos*) - library_names_spec='$libname$shared_ext' - dynamic_linker="$host_os ld.so" - shlibpath_var=LIBRARY_PATH - ;; - -bsdi[[45]]*) - version_type=linux # correct to gnu/linux during the next big refactor - need_version=no - library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext' - soname_spec='$libname$release$shared_ext$major' - finish_cmds='PATH="\$PATH:/sbin" ldconfig $libdir' - shlibpath_var=LD_LIBRARY_PATH - sys_lib_search_path_spec="/shlib /usr/lib /usr/X11/lib /usr/contrib/lib /lib /usr/local/lib" - sys_lib_dlsearch_path_spec="/shlib /usr/lib /usr/local/lib" - # the default ld.so.conf also contains /usr/contrib/lib and - # /usr/X11R6/lib (/usr/X11 is a link to /usr/X11R6), but let us allow - # libtool to hard-code these into programs - ;; - -cygwin* | mingw* | pw32* | cegcc*) - version_type=windows - shrext_cmds=.dll - need_version=no - need_lib_prefix=no - - case $GCC,$cc_basename in - yes,*) - # gcc - library_names_spec='$libname.dll.a' - # DLL is installed to $(libdir)/../bin by postinstall_cmds - postinstall_cmds='base_file=`basename \$file`~ - dlpath=`$SHELL 2>&1 -c '\''. $dir/'\''\$base_file'\''i; echo \$dlname'\''`~ - dldir=$destdir/`dirname \$dlpath`~ - test -d \$dldir || mkdir -p \$dldir~ - $install_prog $dir/$dlname \$dldir/$dlname~ - chmod a+x \$dldir/$dlname~ - if test -n '\''$stripme'\'' && test -n '\''$striplib'\''; then - eval '\''$striplib \$dldir/$dlname'\'' || exit \$?; - fi' - postuninstall_cmds='dldll=`$SHELL 2>&1 -c '\''. $file; echo \$dlname'\''`~ - dlpath=$dir/\$dldll~ - $RM \$dlpath' - shlibpath_overrides_runpath=yes - - case $host_os in - cygwin*) - # Cygwin DLLs use 'cyg' prefix rather than 'lib' - soname_spec='`echo $libname | sed -e 's/^lib/cyg/'``echo $release | $SED -e 's/[[.]]/-/g'`$versuffix$shared_ext' -m4_if([$1], [],[ - sys_lib_search_path_spec="$sys_lib_search_path_spec /usr/lib/w32api"]) - ;; - mingw* | cegcc*) - # MinGW DLLs use traditional 'lib' prefix - soname_spec='$libname`echo $release | $SED -e 's/[[.]]/-/g'`$versuffix$shared_ext' - ;; - pw32*) - # pw32 DLLs use 'pw' prefix rather than 'lib' - library_names_spec='`echo $libname | sed -e 's/^lib/pw/'``echo $release | $SED -e 's/[[.]]/-/g'`$versuffix$shared_ext' - ;; - esac - dynamic_linker='Win32 ld.exe' - ;; - - *,cl*) - # Native MSVC - libname_spec='$name' - soname_spec='$libname`echo $release | $SED -e 's/[[.]]/-/g'`$versuffix$shared_ext' - library_names_spec='$libname.dll.lib' - - case $build_os in - mingw*) - sys_lib_search_path_spec= - lt_save_ifs=$IFS - IFS=';' - for lt_path in $LIB - do - IFS=$lt_save_ifs - # Let DOS variable expansion print the short 8.3 style file name. - lt_path=`cd "$lt_path" 2>/dev/null && cmd //C "for %i in (".") do @echo %~si"` - sys_lib_search_path_spec="$sys_lib_search_path_spec $lt_path" - done - IFS=$lt_save_ifs - # Convert to MSYS style. - sys_lib_search_path_spec=`$ECHO "$sys_lib_search_path_spec" | sed -e 's|\\\\|/|g' -e 's| \\([[a-zA-Z]]\\):| /\\1|g' -e 's|^ ||'` - ;; - cygwin*) - # Convert to unix form, then to dos form, then back to unix form - # but this time dos style (no spaces!) so that the unix form looks - # like /cygdrive/c/PROGRA~1:/cygdr... - sys_lib_search_path_spec=`cygpath --path --unix "$LIB"` - sys_lib_search_path_spec=`cygpath --path --dos "$sys_lib_search_path_spec" 2>/dev/null` - sys_lib_search_path_spec=`cygpath --path --unix "$sys_lib_search_path_spec" | $SED -e "s/$PATH_SEPARATOR/ /g"` - ;; - *) - sys_lib_search_path_spec=$LIB - if $ECHO "$sys_lib_search_path_spec" | [$GREP ';[c-zC-Z]:/' >/dev/null]; then - # It is most probably a Windows format PATH. - sys_lib_search_path_spec=`$ECHO "$sys_lib_search_path_spec" | $SED -e 's/;/ /g'` - else - sys_lib_search_path_spec=`$ECHO "$sys_lib_search_path_spec" | $SED -e "s/$PATH_SEPARATOR/ /g"` - fi - # FIXME: find the short name or the path components, as spaces are - # common. (e.g. "Program Files" -> "PROGRA~1") - ;; - esac - - # DLL is installed to $(libdir)/../bin by postinstall_cmds - postinstall_cmds='base_file=`basename \$file`~ - dlpath=`$SHELL 2>&1 -c '\''. $dir/'\''\$base_file'\''i; echo \$dlname'\''`~ - dldir=$destdir/`dirname \$dlpath`~ - test -d \$dldir || mkdir -p \$dldir~ - $install_prog $dir/$dlname \$dldir/$dlname' - postuninstall_cmds='dldll=`$SHELL 2>&1 -c '\''. $file; echo \$dlname'\''`~ - dlpath=$dir/\$dldll~ - $RM \$dlpath' - shlibpath_overrides_runpath=yes - dynamic_linker='Win32 link.exe' - ;; - - *) - # Assume MSVC wrapper - library_names_spec='$libname`echo $release | $SED -e 's/[[.]]/-/g'`$versuffix$shared_ext $libname.lib' - dynamic_linker='Win32 ld.exe' - ;; - esac - # FIXME: first we should search . and the directory the executable is in - shlibpath_var=PATH - ;; - -darwin* | rhapsody*) - dynamic_linker="$host_os dyld" - version_type=darwin - need_lib_prefix=no - need_version=no - library_names_spec='$libname$release$major$shared_ext $libname$shared_ext' - soname_spec='$libname$release$major$shared_ext' - shlibpath_overrides_runpath=yes - shlibpath_var=DYLD_LIBRARY_PATH - shrext_cmds='`test .$module = .yes && echo .so || echo .dylib`' -m4_if([$1], [],[ - sys_lib_search_path_spec="$sys_lib_search_path_spec /usr/local/lib"]) - sys_lib_dlsearch_path_spec='/usr/local/lib /lib /usr/lib' - ;; - -dgux*) - version_type=linux # correct to gnu/linux during the next big refactor - need_lib_prefix=no - need_version=no - library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext' - soname_spec='$libname$release$shared_ext$major' - shlibpath_var=LD_LIBRARY_PATH - ;; - -freebsd* | dragonfly*) - # DragonFly does not have aout. When/if they implement a new - # versioning mechanism, adjust this. - if test -x /usr/bin/objformat; then - objformat=`/usr/bin/objformat` - else - case $host_os in - freebsd[[23]].*) objformat=aout ;; - *) objformat=elf ;; - esac - fi - version_type=freebsd-$objformat - case $version_type in - freebsd-elf*) - library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext' - soname_spec='$libname$release$shared_ext$major' - need_version=no - need_lib_prefix=no - ;; - freebsd-*) - library_names_spec='$libname$release$shared_ext$versuffix $libname$shared_ext$versuffix' - need_version=yes - ;; - esac - shlibpath_var=LD_LIBRARY_PATH - case $host_os in - freebsd2.*) - shlibpath_overrides_runpath=yes - ;; - freebsd3.[[01]]* | freebsdelf3.[[01]]*) - shlibpath_overrides_runpath=yes - hardcode_into_libs=yes - ;; - freebsd3.[[2-9]]* | freebsdelf3.[[2-9]]* | \ - freebsd4.[[0-5]] | freebsdelf4.[[0-5]] | freebsd4.1.1 | freebsdelf4.1.1) - shlibpath_overrides_runpath=no - hardcode_into_libs=yes - ;; - *) # from 4.6 on, and DragonFly - shlibpath_overrides_runpath=yes - hardcode_into_libs=yes - ;; - esac - ;; - -haiku*) - version_type=linux # correct to gnu/linux during the next big refactor - need_lib_prefix=no - need_version=no - dynamic_linker="$host_os runtime_loader" - library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext' - soname_spec='$libname$release$shared_ext$major' - shlibpath_var=LIBRARY_PATH - shlibpath_overrides_runpath=no - sys_lib_dlsearch_path_spec='/boot/home/config/lib /boot/common/lib /boot/system/lib' - hardcode_into_libs=yes - ;; - -hpux9* | hpux10* | hpux11*) - # Give a soname corresponding to the major version so that dld.sl refuses to - # link against other versions. - version_type=sunos - need_lib_prefix=no - need_version=no - case $host_cpu in - ia64*) - shrext_cmds='.so' - hardcode_into_libs=yes - dynamic_linker="$host_os dld.so" - shlibpath_var=LD_LIBRARY_PATH - shlibpath_overrides_runpath=yes # Unless +noenvvar is specified. - library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext' - soname_spec='$libname$release$shared_ext$major' - if test 32 = "$HPUX_IA64_MODE"; then - sys_lib_search_path_spec="/usr/lib/hpux32 /usr/local/lib/hpux32 /usr/local/lib" - sys_lib_dlsearch_path_spec=/usr/lib/hpux32 - else - sys_lib_search_path_spec="/usr/lib/hpux64 /usr/local/lib/hpux64" - sys_lib_dlsearch_path_spec=/usr/lib/hpux64 - fi - ;; - hppa*64*) - shrext_cmds='.sl' - hardcode_into_libs=yes - dynamic_linker="$host_os dld.sl" - shlibpath_var=LD_LIBRARY_PATH # How should we handle SHLIB_PATH - shlibpath_overrides_runpath=yes # Unless +noenvvar is specified. - library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext' - soname_spec='$libname$release$shared_ext$major' - sys_lib_search_path_spec="/usr/lib/pa20_64 /usr/ccs/lib/pa20_64" - sys_lib_dlsearch_path_spec=$sys_lib_search_path_spec - ;; - *) - shrext_cmds='.sl' - dynamic_linker="$host_os dld.sl" - shlibpath_var=SHLIB_PATH - shlibpath_overrides_runpath=no # +s is required to enable SHLIB_PATH - library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext' - soname_spec='$libname$release$shared_ext$major' - ;; - esac - # HP-UX runs *really* slowly unless shared libraries are mode 555, ... - postinstall_cmds='chmod 555 $lib' - # or fails outright, so override atomically: - install_override_mode=555 - ;; - -interix[[3-9]]*) - version_type=linux # correct to gnu/linux during the next big refactor - need_lib_prefix=no - need_version=no - library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext' - soname_spec='$libname$release$shared_ext$major' - dynamic_linker='Interix 3.x ld.so.1 (PE, like ELF)' - shlibpath_var=LD_LIBRARY_PATH - shlibpath_overrides_runpath=no - hardcode_into_libs=yes - ;; - -irix5* | irix6* | nonstopux*) - case $host_os in - nonstopux*) version_type=nonstopux ;; - *) - if test yes = "$lt_cv_prog_gnu_ld"; then - version_type=linux # correct to gnu/linux during the next big refactor - else - version_type=irix - fi ;; - esac - need_lib_prefix=no - need_version=no - soname_spec='$libname$release$shared_ext$major' - library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$release$shared_ext $libname$shared_ext' - case $host_os in - irix5* | nonstopux*) - libsuff= shlibsuff= - ;; - *) - case $LD in # libtool.m4 will add one of these switches to LD - *-32|*"-32 "|*-melf32bsmip|*"-melf32bsmip ") - libsuff= shlibsuff= libmagic=32-bit;; - *-n32|*"-n32 "|*-melf32bmipn32|*"-melf32bmipn32 ") - libsuff=32 shlibsuff=N32 libmagic=N32;; - *-64|*"-64 "|*-melf64bmip|*"-melf64bmip ") - libsuff=64 shlibsuff=64 libmagic=64-bit;; - *) libsuff= shlibsuff= libmagic=never-match;; - esac - ;; - esac - shlibpath_var=LD_LIBRARY${shlibsuff}_PATH - shlibpath_overrides_runpath=no - sys_lib_search_path_spec="/usr/lib$libsuff /lib$libsuff /usr/local/lib$libsuff" - sys_lib_dlsearch_path_spec="/usr/lib$libsuff /lib$libsuff" - hardcode_into_libs=yes - ;; - -# No shared lib support for Linux oldld, aout, or coff. -linux*oldld* | linux*aout* | linux*coff*) - dynamic_linker=no - ;; - -linux*android*) - version_type=none # Android doesn't support versioned libraries. - need_lib_prefix=no - need_version=no - library_names_spec='$libname$release$shared_ext' - soname_spec='$libname$release$shared_ext' - finish_cmds= - shlibpath_var=LD_LIBRARY_PATH - shlibpath_overrides_runpath=yes - - # This implies no fast_install, which is unacceptable. - # Some rework will be needed to allow for fast_install - # before this can be enabled. - hardcode_into_libs=yes - - dynamic_linker='Android linker' - # Don't embed -rpath directories since the linker doesn't support them. - _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir' - ;; - -# This must be glibc/ELF. -linux* | k*bsd*-gnu | kopensolaris*-gnu | gnu*) - version_type=linux # correct to gnu/linux during the next big refactor - need_lib_prefix=no - need_version=no - library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext' - soname_spec='$libname$release$shared_ext$major' - finish_cmds='PATH="\$PATH:/sbin" ldconfig -n $libdir' - shlibpath_var=LD_LIBRARY_PATH - shlibpath_overrides_runpath=no - - # Some binutils ld are patched to set DT_RUNPATH - AC_CACHE_VAL([lt_cv_shlibpath_overrides_runpath], - [lt_cv_shlibpath_overrides_runpath=no - save_LDFLAGS=$LDFLAGS - save_libdir=$libdir - eval "libdir=/foo; wl=\"$_LT_TAGVAR(lt_prog_compiler_wl, $1)\"; \ - LDFLAGS=\"\$LDFLAGS $_LT_TAGVAR(hardcode_libdir_flag_spec, $1)\"" - AC_LINK_IFELSE([AC_LANG_PROGRAM([],[])], - [AS_IF([ ($OBJDUMP -p conftest$ac_exeext) 2>/dev/null | grep "RUNPATH.*$libdir" >/dev/null], - [lt_cv_shlibpath_overrides_runpath=yes])]) - LDFLAGS=$save_LDFLAGS - libdir=$save_libdir - ]) - shlibpath_overrides_runpath=$lt_cv_shlibpath_overrides_runpath - - # This implies no fast_install, which is unacceptable. - # Some rework will be needed to allow for fast_install - # before this can be enabled. - hardcode_into_libs=yes - - # Add ABI-specific directories to the system library path. - sys_lib_dlsearch_path_spec="/lib64 /usr/lib64 /lib /usr/lib" - - # Ideally, we could use ldconfig to report *all* directores which are - # searched for libraries, however this is still not possible. Aside from not - # being certain /sbin/ldconfig is available, command - # 'ldconfig -N -X -v | grep ^/' on 64bit Fedora does not report /usr/lib64, - # even though it is searched at run-time. Try to do the best guess by - # appending ld.so.conf contents (and includes) to the search path. - if test -f /etc/ld.so.conf; then - lt_ld_extra=`awk '/^include / { system(sprintf("cd /etc; cat %s 2>/dev/null", \[$]2)); skip = 1; } { if (!skip) print \[$]0; skip = 0; }' < /etc/ld.so.conf | $SED -e 's/#.*//;/^[ ]*hwcap[ ]/d;s/[:, ]/ /g;s/=[^=]*$//;s/=[^= ]* / /g;s/"//g;/^$/d' | tr '\n' ' '` - sys_lib_dlsearch_path_spec="$sys_lib_dlsearch_path_spec $lt_ld_extra" - fi - - # We used to test for /lib/ld.so.1 and disable shared libraries on - # powerpc, because MkLinux only supported shared libraries with the - # GNU dynamic linker. Since this was broken with cross compilers, - # most powerpc-linux boxes support dynamic linking these days and - # people can always --disable-shared, the test was removed, and we - # assume the GNU/Linux dynamic linker is in use. - dynamic_linker='GNU/Linux ld.so' - ;; - -netbsd*) - version_type=sunos - need_lib_prefix=no - need_version=no - if echo __ELF__ | $CC -E - | $GREP __ELF__ >/dev/null; then - library_names_spec='$libname$release$shared_ext$versuffix $libname$shared_ext$versuffix' - finish_cmds='PATH="\$PATH:/sbin" ldconfig -m $libdir' - dynamic_linker='NetBSD (a.out) ld.so' - else - library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext' - soname_spec='$libname$release$shared_ext$major' - dynamic_linker='NetBSD ld.elf_so' - fi - shlibpath_var=LD_LIBRARY_PATH - shlibpath_overrides_runpath=yes - hardcode_into_libs=yes - ;; - -newsos6) - version_type=linux # correct to gnu/linux during the next big refactor - library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext' - shlibpath_var=LD_LIBRARY_PATH - shlibpath_overrides_runpath=yes - ;; - -*nto* | *qnx*) - version_type=qnx - need_lib_prefix=no - need_version=no - library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext' - soname_spec='$libname$release$shared_ext$major' - shlibpath_var=LD_LIBRARY_PATH - shlibpath_overrides_runpath=no - hardcode_into_libs=yes - dynamic_linker='ldqnx.so' - ;; - -openbsd* | bitrig*) - version_type=sunos - sys_lib_dlsearch_path_spec=/usr/lib - need_lib_prefix=no - if test -z "`echo __ELF__ | $CC -E - | $GREP __ELF__`"; then - need_version=no - else - need_version=yes - fi - library_names_spec='$libname$release$shared_ext$versuffix $libname$shared_ext$versuffix' - finish_cmds='PATH="\$PATH:/sbin" ldconfig -m $libdir' - shlibpath_var=LD_LIBRARY_PATH - shlibpath_overrides_runpath=yes - ;; - -os2*) - libname_spec='$name' - version_type=windows - shrext_cmds=.dll - need_version=no - need_lib_prefix=no - # OS/2 can only load a DLL with a base name of 8 characters or less. - soname_spec='`test -n "$os2dllname" && libname="$os2dllname"; - v=$($ECHO $release$versuffix | tr -d .-); - n=$($ECHO $libname | cut -b -$((8 - ${#v})) | tr . _); - $ECHO $n$v`$shared_ext' - library_names_spec='${libname}_dll.$libext' - dynamic_linker='OS/2 ld.exe' - shlibpath_var=BEGINLIBPATH - sys_lib_search_path_spec="/lib /usr/lib /usr/local/lib" - sys_lib_dlsearch_path_spec=$sys_lib_search_path_spec - postinstall_cmds='base_file=`basename \$file`~ - dlpath=`$SHELL 2>&1 -c '\''. $dir/'\''\$base_file'\''i; $ECHO \$dlname'\''`~ - dldir=$destdir/`dirname \$dlpath`~ - test -d \$dldir || mkdir -p \$dldir~ - $install_prog $dir/$dlname \$dldir/$dlname~ - chmod a+x \$dldir/$dlname~ - if test -n '\''$stripme'\'' && test -n '\''$striplib'\''; then - eval '\''$striplib \$dldir/$dlname'\'' || exit \$?; - fi' - postuninstall_cmds='dldll=`$SHELL 2>&1 -c '\''. $file; $ECHO \$dlname'\''`~ - dlpath=$dir/\$dldll~ - $RM \$dlpath' - ;; - -osf3* | osf4* | osf5*) - version_type=osf - need_lib_prefix=no - need_version=no - soname_spec='$libname$release$shared_ext$major' - library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext' - shlibpath_var=LD_LIBRARY_PATH - sys_lib_search_path_spec="/usr/shlib /usr/ccs/lib /usr/lib/cmplrs/cc /usr/lib /usr/local/lib /var/shlib" - sys_lib_dlsearch_path_spec=$sys_lib_search_path_spec - ;; - -rdos*) - dynamic_linker=no - ;; - -solaris*) - version_type=linux # correct to gnu/linux during the next big refactor - need_lib_prefix=no - need_version=no - library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext' - soname_spec='$libname$release$shared_ext$major' - shlibpath_var=LD_LIBRARY_PATH - shlibpath_overrides_runpath=yes - hardcode_into_libs=yes - # ldd complains unless libraries are executable - postinstall_cmds='chmod +x $lib' - ;; - -sunos4*) - version_type=sunos - library_names_spec='$libname$release$shared_ext$versuffix $libname$shared_ext$versuffix' - finish_cmds='PATH="\$PATH:/usr/etc" ldconfig $libdir' - shlibpath_var=LD_LIBRARY_PATH - shlibpath_overrides_runpath=yes - if test yes = "$with_gnu_ld"; then - need_lib_prefix=no - fi - need_version=yes - ;; - -sysv4 | sysv4.3*) - version_type=linux # correct to gnu/linux during the next big refactor - library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext' - soname_spec='$libname$release$shared_ext$major' - shlibpath_var=LD_LIBRARY_PATH - case $host_vendor in - sni) - shlibpath_overrides_runpath=no - need_lib_prefix=no - runpath_var=LD_RUN_PATH - ;; - siemens) - need_lib_prefix=no - ;; - motorola) - need_lib_prefix=no - need_version=no - shlibpath_overrides_runpath=no - sys_lib_search_path_spec='/lib /usr/lib /usr/ccs/lib' - ;; - esac - ;; - -sysv4*MP*) - if test -d /usr/nec; then - version_type=linux # correct to gnu/linux during the next big refactor - library_names_spec='$libname$shared_ext.$versuffix $libname$shared_ext.$major $libname$shared_ext' - soname_spec='$libname$shared_ext.$major' - shlibpath_var=LD_LIBRARY_PATH - fi - ;; - -sysv5* | sco3.2v5* | sco5v6* | unixware* | OpenUNIX* | sysv4*uw2*) - version_type=sco - need_lib_prefix=no - need_version=no - library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext $libname$shared_ext' - soname_spec='$libname$release$shared_ext$major' - shlibpath_var=LD_LIBRARY_PATH - shlibpath_overrides_runpath=yes - hardcode_into_libs=yes - if test yes = "$with_gnu_ld"; then - sys_lib_search_path_spec='/usr/local/lib /usr/gnu/lib /usr/ccs/lib /usr/lib /lib' - else - sys_lib_search_path_spec='/usr/ccs/lib /usr/lib' - case $host_os in - sco3.2v5*) - sys_lib_search_path_spec="$sys_lib_search_path_spec /lib" - ;; - esac - fi - sys_lib_dlsearch_path_spec='/usr/lib' - ;; - -tpf*) - # TPF is a cross-target only. Preferred cross-host = GNU/Linux. - version_type=linux # correct to gnu/linux during the next big refactor - need_lib_prefix=no - need_version=no - library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext' - shlibpath_var=LD_LIBRARY_PATH - shlibpath_overrides_runpath=no - hardcode_into_libs=yes - ;; - -uts4*) - version_type=linux # correct to gnu/linux during the next big refactor - library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext' - soname_spec='$libname$release$shared_ext$major' - shlibpath_var=LD_LIBRARY_PATH - ;; - -*) - dynamic_linker=no - ;; -esac -AC_MSG_RESULT([$dynamic_linker]) -test no = "$dynamic_linker" && can_build_shared=no - -variables_saved_for_relink="PATH $shlibpath_var $runpath_var" -if test yes = "$GCC"; then - variables_saved_for_relink="$variables_saved_for_relink GCC_EXEC_PREFIX COMPILER_PATH LIBRARY_PATH" -fi - -if test set = "${lt_cv_sys_lib_search_path_spec+set}"; then - sys_lib_search_path_spec=$lt_cv_sys_lib_search_path_spec -fi - -if test set = "${lt_cv_sys_lib_dlsearch_path_spec+set}"; then - sys_lib_dlsearch_path_spec=$lt_cv_sys_lib_dlsearch_path_spec -fi - -# remember unaugmented sys_lib_dlsearch_path content for libtool script decls... -configure_time_dlsearch_path=$sys_lib_dlsearch_path_spec - -# ... but it needs LT_SYS_LIBRARY_PATH munging for other configure-time code -func_munge_path_list sys_lib_dlsearch_path_spec "$LT_SYS_LIBRARY_PATH" - -# to be used as default LT_SYS_LIBRARY_PATH value in generated libtool -configure_time_lt_sys_library_path=$LT_SYS_LIBRARY_PATH - -_LT_DECL([], [variables_saved_for_relink], [1], - [Variables whose values should be saved in libtool wrapper scripts and - restored at link time]) -_LT_DECL([], [need_lib_prefix], [0], - [Do we need the "lib" prefix for modules?]) -_LT_DECL([], [need_version], [0], [Do we need a version for libraries?]) -_LT_DECL([], [version_type], [0], [Library versioning type]) -_LT_DECL([], [runpath_var], [0], [Shared library runtime path variable]) -_LT_DECL([], [shlibpath_var], [0],[Shared library path variable]) -_LT_DECL([], [shlibpath_overrides_runpath], [0], - [Is shlibpath searched before the hard-coded library search path?]) -_LT_DECL([], [libname_spec], [1], [Format of library name prefix]) -_LT_DECL([], [library_names_spec], [1], - [[List of archive names. First name is the real one, the rest are links. - The last name is the one that the linker finds with -lNAME]]) -_LT_DECL([], [soname_spec], [1], - [[The coded name of the library, if different from the real name]]) -_LT_DECL([], [install_override_mode], [1], - [Permission mode override for installation of shared libraries]) -_LT_DECL([], [postinstall_cmds], [2], - [Command to use after installation of a shared archive]) -_LT_DECL([], [postuninstall_cmds], [2], - [Command to use after uninstallation of a shared archive]) -_LT_DECL([], [finish_cmds], [2], - [Commands used to finish a libtool library installation in a directory]) -_LT_DECL([], [finish_eval], [1], - [[As "finish_cmds", except a single script fragment to be evaled but - not shown]]) -_LT_DECL([], [hardcode_into_libs], [0], - [Whether we should hardcode library paths into libraries]) -_LT_DECL([], [sys_lib_search_path_spec], [2], - [Compile-time system search path for libraries]) -_LT_DECL([sys_lib_dlsearch_path_spec], [configure_time_dlsearch_path], [2], - [Detected run-time system search path for libraries]) -_LT_DECL([], [configure_time_lt_sys_library_path], [2], - [Explicit LT_SYS_LIBRARY_PATH set during ./configure time]) -])# _LT_SYS_DYNAMIC_LINKER - - -# _LT_PATH_TOOL_PREFIX(TOOL) -# -------------------------- -# find a file program that can recognize shared library -AC_DEFUN([_LT_PATH_TOOL_PREFIX], -[m4_require([_LT_DECL_EGREP])dnl -AC_MSG_CHECKING([for $1]) -AC_CACHE_VAL(lt_cv_path_MAGIC_CMD, -[case $MAGIC_CMD in -[[\\/*] | ?:[\\/]*]) - lt_cv_path_MAGIC_CMD=$MAGIC_CMD # Let the user override the test with a path. - ;; -*) - lt_save_MAGIC_CMD=$MAGIC_CMD - lt_save_ifs=$IFS; IFS=$PATH_SEPARATOR -dnl $ac_dummy forces splitting on constant user-supplied paths. -dnl POSIX.2 word splitting is done only on the output of word expansions, -dnl not every word. This closes a longstanding sh security hole. - ac_dummy="m4_if([$2], , $PATH, [$2])" - for ac_dir in $ac_dummy; do - IFS=$lt_save_ifs - test -z "$ac_dir" && ac_dir=. - if test -f "$ac_dir/$1"; then - lt_cv_path_MAGIC_CMD=$ac_dir/"$1" - if test -n "$file_magic_test_file"; then - case $deplibs_check_method in - "file_magic "*) - file_magic_regex=`expr "$deplibs_check_method" : "file_magic \(.*\)"` - MAGIC_CMD=$lt_cv_path_MAGIC_CMD - if eval $file_magic_cmd \$file_magic_test_file 2> /dev/null | - $EGREP "$file_magic_regex" > /dev/null; then - : - else - cat <<_LT_EOF 1>&2 - -*** Warning: the command libtool uses to detect shared libraries, -*** $file_magic_cmd, produces output that libtool cannot recognize. -*** The result is that libtool may fail to recognize shared libraries -*** as such. This will affect the creation of libtool libraries that -*** depend on shared libraries, but programs linked with such libtool -*** libraries will work regardless of this problem. Nevertheless, you -*** may want to report the problem to your system manager and/or to -*** bug-libtool@gnu.org - -_LT_EOF - fi ;; - esac - fi - break - fi - done - IFS=$lt_save_ifs - MAGIC_CMD=$lt_save_MAGIC_CMD - ;; -esac]) -MAGIC_CMD=$lt_cv_path_MAGIC_CMD -if test -n "$MAGIC_CMD"; then - AC_MSG_RESULT($MAGIC_CMD) -else - AC_MSG_RESULT(no) -fi -_LT_DECL([], [MAGIC_CMD], [0], - [Used to examine libraries when file_magic_cmd begins with "file"])dnl -])# _LT_PATH_TOOL_PREFIX - -# Old name: -AU_ALIAS([AC_PATH_TOOL_PREFIX], [_LT_PATH_TOOL_PREFIX]) -dnl aclocal-1.4 backwards compatibility: -dnl AC_DEFUN([AC_PATH_TOOL_PREFIX], []) - - -# _LT_PATH_MAGIC -# -------------- -# find a file program that can recognize a shared library -m4_defun([_LT_PATH_MAGIC], -[_LT_PATH_TOOL_PREFIX(${ac_tool_prefix}file, /usr/bin$PATH_SEPARATOR$PATH) -if test -z "$lt_cv_path_MAGIC_CMD"; then - if test -n "$ac_tool_prefix"; then - _LT_PATH_TOOL_PREFIX(file, /usr/bin$PATH_SEPARATOR$PATH) - else - MAGIC_CMD=: - fi -fi -])# _LT_PATH_MAGIC - - -# LT_PATH_LD -# ---------- -# find the pathname to the GNU or non-GNU linker -AC_DEFUN([LT_PATH_LD], -[AC_REQUIRE([AC_PROG_CC])dnl -AC_REQUIRE([AC_CANONICAL_HOST])dnl -AC_REQUIRE([AC_CANONICAL_BUILD])dnl -m4_require([_LT_DECL_SED])dnl -m4_require([_LT_DECL_EGREP])dnl -m4_require([_LT_PROG_ECHO_BACKSLASH])dnl - -AC_ARG_WITH([gnu-ld], - [AS_HELP_STRING([--with-gnu-ld], - [assume the C compiler uses GNU ld @<:@default=no@:>@])], - [test no = "$withval" || with_gnu_ld=yes], - [with_gnu_ld=no])dnl - -ac_prog=ld -if test yes = "$GCC"; then - # Check if gcc -print-prog-name=ld gives a path. - AC_MSG_CHECKING([for ld used by $CC]) - case $host in - *-*-mingw*) - # gcc leaves a trailing carriage return, which upsets mingw - ac_prog=`($CC -print-prog-name=ld) 2>&5 | tr -d '\015'` ;; - *) - ac_prog=`($CC -print-prog-name=ld) 2>&5` ;; - esac - case $ac_prog in - # Accept absolute paths. - [[\\/]]* | ?:[[\\/]]*) - re_direlt='/[[^/]][[^/]]*/\.\./' - # Canonicalize the pathname of ld - ac_prog=`$ECHO "$ac_prog"| $SED 's%\\\\%/%g'` - while $ECHO "$ac_prog" | $GREP "$re_direlt" > /dev/null 2>&1; do - ac_prog=`$ECHO $ac_prog| $SED "s%$re_direlt%/%"` - done - test -z "$LD" && LD=$ac_prog - ;; - "") - # If it fails, then pretend we aren't using GCC. - ac_prog=ld - ;; - *) - # If it is relative, then search for the first ld in PATH. - with_gnu_ld=unknown - ;; - esac -elif test yes = "$with_gnu_ld"; then - AC_MSG_CHECKING([for GNU ld]) -else - AC_MSG_CHECKING([for non-GNU ld]) -fi -AC_CACHE_VAL(lt_cv_path_LD, -[if test -z "$LD"; then - lt_save_ifs=$IFS; IFS=$PATH_SEPARATOR - for ac_dir in $PATH; do - IFS=$lt_save_ifs - test -z "$ac_dir" && ac_dir=. - if test -f "$ac_dir/$ac_prog" || test -f "$ac_dir/$ac_prog$ac_exeext"; then - lt_cv_path_LD=$ac_dir/$ac_prog - # Check to see if the program is GNU ld. I'd rather use --version, - # but apparently some variants of GNU ld only accept -v. - # Break only if it was the GNU/non-GNU ld that we prefer. - case `"$lt_cv_path_LD" -v 2>&1 &1 conftest.i -cat conftest.i conftest.i >conftest2.i -: ${lt_DD:=$DD} -AC_PATH_PROGS_FEATURE_CHECK([lt_DD], [dd], -[if "$ac_path_lt_DD" bs=32 count=1 conftest.out 2>/dev/null; then - cmp -s conftest.i conftest.out \ - && ac_cv_path_lt_DD="$ac_path_lt_DD" ac_path_lt_DD_found=: -fi]) -rm -f conftest.i conftest2.i conftest.out]) -])# _LT_PATH_DD - - -# _LT_CMD_TRUNCATE -# ---------------- -# find command to truncate a binary pipe -m4_defun([_LT_CMD_TRUNCATE], -[m4_require([_LT_PATH_DD]) -AC_CACHE_CHECK([how to truncate binary pipes], [lt_cv_truncate_bin], -[printf 0123456789abcdef0123456789abcdef >conftest.i -cat conftest.i conftest.i >conftest2.i -lt_cv_truncate_bin= -if "$ac_cv_path_lt_DD" bs=32 count=1 conftest.out 2>/dev/null; then - cmp -s conftest.i conftest.out \ - && lt_cv_truncate_bin="$ac_cv_path_lt_DD bs=4096 count=1" -fi -rm -f conftest.i conftest2.i conftest.out -test -z "$lt_cv_truncate_bin" && lt_cv_truncate_bin="$SED -e 4q"]) -_LT_DECL([lt_truncate_bin], [lt_cv_truncate_bin], [1], - [Command to truncate a binary pipe]) -])# _LT_CMD_TRUNCATE - - -# _LT_CHECK_MAGIC_METHOD -# ---------------------- -# how to check for library dependencies -# -- PORTME fill in with the dynamic library characteristics -m4_defun([_LT_CHECK_MAGIC_METHOD], -[m4_require([_LT_DECL_EGREP]) -m4_require([_LT_DECL_OBJDUMP]) -AC_CACHE_CHECK([how to recognize dependent libraries], -lt_cv_deplibs_check_method, -[lt_cv_file_magic_cmd='$MAGIC_CMD' -lt_cv_file_magic_test_file= -lt_cv_deplibs_check_method='unknown' -# Need to set the preceding variable on all platforms that support -# interlibrary dependencies. -# 'none' -- dependencies not supported. -# 'unknown' -- same as none, but documents that we really don't know. -# 'pass_all' -- all dependencies passed with no checks. -# 'test_compile' -- check by making test program. -# 'file_magic [[regex]]' -- check by looking for files in library path -# that responds to the $file_magic_cmd with a given extended regex. -# If you have 'file' or equivalent on your system and you're not sure -# whether 'pass_all' will *always* work, you probably want this one. - -case $host_os in -aix[[4-9]]*) - lt_cv_deplibs_check_method=pass_all - ;; - -beos*) - lt_cv_deplibs_check_method=pass_all - ;; - -bsdi[[45]]*) - lt_cv_deplibs_check_method='file_magic ELF [[0-9]][[0-9]]*-bit [[ML]]SB (shared object|dynamic lib)' - lt_cv_file_magic_cmd='/usr/bin/file -L' - lt_cv_file_magic_test_file=/shlib/libc.so - ;; - -cygwin*) - # func_win32_libid is a shell function defined in ltmain.sh - lt_cv_deplibs_check_method='file_magic ^x86 archive import|^x86 DLL' - lt_cv_file_magic_cmd='func_win32_libid' - ;; - -mingw* | pw32*) - # Base MSYS/MinGW do not provide the 'file' command needed by - # func_win32_libid shell function, so use a weaker test based on 'objdump', - # unless we find 'file', for example because we are cross-compiling. - if ( file / ) >/dev/null 2>&1; then - lt_cv_deplibs_check_method='file_magic ^x86 archive import|^x86 DLL' - lt_cv_file_magic_cmd='func_win32_libid' - else - # Keep this pattern in sync with the one in func_win32_libid. - lt_cv_deplibs_check_method='file_magic file format (pei*-i386(.*architecture: i386)?|pe-arm-wince|pe-x86-64)' - lt_cv_file_magic_cmd='$OBJDUMP -f' - fi - ;; - -cegcc*) - # use the weaker test based on 'objdump'. See mingw*. - lt_cv_deplibs_check_method='file_magic file format pe-arm-.*little(.*architecture: arm)?' - lt_cv_file_magic_cmd='$OBJDUMP -f' - ;; - -darwin* | rhapsody*) - lt_cv_deplibs_check_method=pass_all - ;; - -freebsd* | dragonfly*) - if echo __ELF__ | $CC -E - | $GREP __ELF__ > /dev/null; then - case $host_cpu in - i*86 ) - # Not sure whether the presence of OpenBSD here was a mistake. - # Let's accept both of them until this is cleared up. - lt_cv_deplibs_check_method='file_magic (FreeBSD|OpenBSD|DragonFly)/i[[3-9]]86 (compact )?demand paged shared library' - lt_cv_file_magic_cmd=/usr/bin/file - lt_cv_file_magic_test_file=`echo /usr/lib/libc.so.*` - ;; - esac - else - lt_cv_deplibs_check_method=pass_all - fi - ;; - -haiku*) - lt_cv_deplibs_check_method=pass_all - ;; - -hpux10.20* | hpux11*) - lt_cv_file_magic_cmd=/usr/bin/file - case $host_cpu in - ia64*) - lt_cv_deplibs_check_method='file_magic (s[[0-9]][[0-9]][[0-9]]|ELF-[[0-9]][[0-9]]) shared object file - IA64' - lt_cv_file_magic_test_file=/usr/lib/hpux32/libc.so - ;; - hppa*64*) - [lt_cv_deplibs_check_method='file_magic (s[0-9][0-9][0-9]|ELF[ -][0-9][0-9])(-bit)?( [LM]SB)? shared object( file)?[, -]* PA-RISC [0-9]\.[0-9]'] - lt_cv_file_magic_test_file=/usr/lib/pa20_64/libc.sl - ;; - *) - lt_cv_deplibs_check_method='file_magic (s[[0-9]][[0-9]][[0-9]]|PA-RISC[[0-9]]\.[[0-9]]) shared library' - lt_cv_file_magic_test_file=/usr/lib/libc.sl - ;; - esac - ;; - -interix[[3-9]]*) - # PIC code is broken on Interix 3.x, that's why |\.a not |_pic\.a here - lt_cv_deplibs_check_method='match_pattern /lib[[^/]]+(\.so|\.a)$' - ;; - -irix5* | irix6* | nonstopux*) - case $LD in - *-32|*"-32 ") libmagic=32-bit;; - *-n32|*"-n32 ") libmagic=N32;; - *-64|*"-64 ") libmagic=64-bit;; - *) libmagic=never-match;; - esac - lt_cv_deplibs_check_method=pass_all - ;; - -# This must be glibc/ELF. -linux* | k*bsd*-gnu | kopensolaris*-gnu | gnu*) - lt_cv_deplibs_check_method=pass_all - ;; - -netbsd*) - if echo __ELF__ | $CC -E - | $GREP __ELF__ > /dev/null; then - lt_cv_deplibs_check_method='match_pattern /lib[[^/]]+(\.so\.[[0-9]]+\.[[0-9]]+|_pic\.a)$' - else - lt_cv_deplibs_check_method='match_pattern /lib[[^/]]+(\.so|_pic\.a)$' - fi - ;; - -newos6*) - lt_cv_deplibs_check_method='file_magic ELF [[0-9]][[0-9]]*-bit [[ML]]SB (executable|dynamic lib)' - lt_cv_file_magic_cmd=/usr/bin/file - lt_cv_file_magic_test_file=/usr/lib/libnls.so - ;; - -*nto* | *qnx*) - lt_cv_deplibs_check_method=pass_all - ;; - -openbsd* | bitrig*) - if test -z "`echo __ELF__ | $CC -E - | $GREP __ELF__`"; then - lt_cv_deplibs_check_method='match_pattern /lib[[^/]]+(\.so\.[[0-9]]+\.[[0-9]]+|\.so|_pic\.a)$' - else - lt_cv_deplibs_check_method='match_pattern /lib[[^/]]+(\.so\.[[0-9]]+\.[[0-9]]+|_pic\.a)$' - fi - ;; - -osf3* | osf4* | osf5*) - lt_cv_deplibs_check_method=pass_all - ;; - -rdos*) - lt_cv_deplibs_check_method=pass_all - ;; - -solaris*) - lt_cv_deplibs_check_method=pass_all - ;; - -sysv5* | sco3.2v5* | sco5v6* | unixware* | OpenUNIX* | sysv4*uw2*) - lt_cv_deplibs_check_method=pass_all - ;; - -sysv4 | sysv4.3*) - case $host_vendor in - motorola) - lt_cv_deplibs_check_method='file_magic ELF [[0-9]][[0-9]]*-bit [[ML]]SB (shared object|dynamic lib) M[[0-9]][[0-9]]* Version [[0-9]]' - lt_cv_file_magic_test_file=`echo /usr/lib/libc.so*` - ;; - ncr) - lt_cv_deplibs_check_method=pass_all - ;; - sequent) - lt_cv_file_magic_cmd='/bin/file' - lt_cv_deplibs_check_method='file_magic ELF [[0-9]][[0-9]]*-bit [[LM]]SB (shared object|dynamic lib )' - ;; - sni) - lt_cv_file_magic_cmd='/bin/file' - lt_cv_deplibs_check_method="file_magic ELF [[0-9]][[0-9]]*-bit [[LM]]SB dynamic lib" - lt_cv_file_magic_test_file=/lib/libc.so - ;; - siemens) - lt_cv_deplibs_check_method=pass_all - ;; - pc) - lt_cv_deplibs_check_method=pass_all - ;; - esac - ;; - -tpf*) - lt_cv_deplibs_check_method=pass_all - ;; -os2*) - lt_cv_deplibs_check_method=pass_all - ;; -esac -]) - -file_magic_glob= -want_nocaseglob=no -if test "$build" = "$host"; then - case $host_os in - mingw* | pw32*) - if ( shopt | grep nocaseglob ) >/dev/null 2>&1; then - want_nocaseglob=yes - else - file_magic_glob=`echo aAbBcCdDeEfFgGhHiIjJkKlLmMnNoOpPqQrRsStTuUvVwWxXyYzZ | $SED -e "s/\(..\)/s\/[[\1]]\/[[\1]]\/g;/g"` - fi - ;; - esac -fi - -file_magic_cmd=$lt_cv_file_magic_cmd -deplibs_check_method=$lt_cv_deplibs_check_method -test -z "$deplibs_check_method" && deplibs_check_method=unknown - -_LT_DECL([], [deplibs_check_method], [1], - [Method to check whether dependent libraries are shared objects]) -_LT_DECL([], [file_magic_cmd], [1], - [Command to use when deplibs_check_method = "file_magic"]) -_LT_DECL([], [file_magic_glob], [1], - [How to find potential files when deplibs_check_method = "file_magic"]) -_LT_DECL([], [want_nocaseglob], [1], - [Find potential files using nocaseglob when deplibs_check_method = "file_magic"]) -])# _LT_CHECK_MAGIC_METHOD - - -# LT_PATH_NM -# ---------- -# find the pathname to a BSD- or MS-compatible name lister -AC_DEFUN([LT_PATH_NM], -[AC_REQUIRE([AC_PROG_CC])dnl -AC_CACHE_CHECK([for BSD- or MS-compatible name lister (nm)], lt_cv_path_NM, -[if test -n "$NM"; then - # Let the user override the test. - lt_cv_path_NM=$NM -else - lt_nm_to_check=${ac_tool_prefix}nm - if test -n "$ac_tool_prefix" && test "$build" = "$host"; then - lt_nm_to_check="$lt_nm_to_check nm" - fi - for lt_tmp_nm in $lt_nm_to_check; do - lt_save_ifs=$IFS; IFS=$PATH_SEPARATOR - for ac_dir in $PATH /usr/ccs/bin/elf /usr/ccs/bin /usr/ucb /bin; do - IFS=$lt_save_ifs - test -z "$ac_dir" && ac_dir=. - tmp_nm=$ac_dir/$lt_tmp_nm - if test -f "$tmp_nm" || test -f "$tmp_nm$ac_exeext"; then - # Check to see if the nm accepts a BSD-compat flag. - # Adding the 'sed 1q' prevents false positives on HP-UX, which says: - # nm: unknown option "B" ignored - # Tru64's nm complains that /dev/null is an invalid object file - # MSYS converts /dev/null to NUL, MinGW nm treats NUL as empty - case $build_os in - mingw*) lt_bad_file=conftest.nm/nofile ;; - *) lt_bad_file=/dev/null ;; - esac - case `"$tmp_nm" -B $lt_bad_file 2>&1 | sed '1q'` in - *$lt_bad_file* | *'Invalid file or object type'*) - lt_cv_path_NM="$tmp_nm -B" - break 2 - ;; - *) - case `"$tmp_nm" -p /dev/null 2>&1 | sed '1q'` in - */dev/null*) - lt_cv_path_NM="$tmp_nm -p" - break 2 - ;; - *) - lt_cv_path_NM=${lt_cv_path_NM="$tmp_nm"} # keep the first match, but - continue # so that we can try to find one that supports BSD flags - ;; - esac - ;; - esac - fi - done - IFS=$lt_save_ifs - done - : ${lt_cv_path_NM=no} -fi]) -if test no != "$lt_cv_path_NM"; then - NM=$lt_cv_path_NM -else - # Didn't find any BSD compatible name lister, look for dumpbin. - if test -n "$DUMPBIN"; then : - # Let the user override the test. - else - AC_CHECK_TOOLS(DUMPBIN, [dumpbin "link -dump"], :) - case `$DUMPBIN -symbols -headers /dev/null 2>&1 | sed '1q'` in - *COFF*) - DUMPBIN="$DUMPBIN -symbols -headers" - ;; - *) - DUMPBIN=: - ;; - esac - fi - AC_SUBST([DUMPBIN]) - if test : != "$DUMPBIN"; then - NM=$DUMPBIN - fi -fi -test -z "$NM" && NM=nm -AC_SUBST([NM]) -_LT_DECL([], [NM], [1], [A BSD- or MS-compatible name lister])dnl - -AC_CACHE_CHECK([the name lister ($NM) interface], [lt_cv_nm_interface], - [lt_cv_nm_interface="BSD nm" - echo "int some_variable = 0;" > conftest.$ac_ext - (eval echo "\"\$as_me:$LINENO: $ac_compile\"" >&AS_MESSAGE_LOG_FD) - (eval "$ac_compile" 2>conftest.err) - cat conftest.err >&AS_MESSAGE_LOG_FD - (eval echo "\"\$as_me:$LINENO: $NM \\\"conftest.$ac_objext\\\"\"" >&AS_MESSAGE_LOG_FD) - (eval "$NM \"conftest.$ac_objext\"" 2>conftest.err > conftest.out) - cat conftest.err >&AS_MESSAGE_LOG_FD - (eval echo "\"\$as_me:$LINENO: output\"" >&AS_MESSAGE_LOG_FD) - cat conftest.out >&AS_MESSAGE_LOG_FD - if $GREP 'External.*some_variable' conftest.out > /dev/null; then - lt_cv_nm_interface="MS dumpbin" - fi - rm -f conftest*]) -])# LT_PATH_NM - -# Old names: -AU_ALIAS([AM_PROG_NM], [LT_PATH_NM]) -AU_ALIAS([AC_PROG_NM], [LT_PATH_NM]) -dnl aclocal-1.4 backwards compatibility: -dnl AC_DEFUN([AM_PROG_NM], []) -dnl AC_DEFUN([AC_PROG_NM], []) - -# _LT_CHECK_SHAREDLIB_FROM_LINKLIB -# -------------------------------- -# how to determine the name of the shared library -# associated with a specific link library. -# -- PORTME fill in with the dynamic library characteristics -m4_defun([_LT_CHECK_SHAREDLIB_FROM_LINKLIB], -[m4_require([_LT_DECL_EGREP]) -m4_require([_LT_DECL_OBJDUMP]) -m4_require([_LT_DECL_DLLTOOL]) -AC_CACHE_CHECK([how to associate runtime and link libraries], -lt_cv_sharedlib_from_linklib_cmd, -[lt_cv_sharedlib_from_linklib_cmd='unknown' - -case $host_os in -cygwin* | mingw* | pw32* | cegcc*) - # two different shell functions defined in ltmain.sh; - # decide which one to use based on capabilities of $DLLTOOL - case `$DLLTOOL --help 2>&1` in - *--identify-strict*) - lt_cv_sharedlib_from_linklib_cmd=func_cygming_dll_for_implib - ;; - *) - lt_cv_sharedlib_from_linklib_cmd=func_cygming_dll_for_implib_fallback - ;; - esac - ;; -*) - # fallback: assume linklib IS sharedlib - lt_cv_sharedlib_from_linklib_cmd=$ECHO - ;; -esac -]) -sharedlib_from_linklib_cmd=$lt_cv_sharedlib_from_linklib_cmd -test -z "$sharedlib_from_linklib_cmd" && sharedlib_from_linklib_cmd=$ECHO - -_LT_DECL([], [sharedlib_from_linklib_cmd], [1], - [Command to associate shared and link libraries]) -])# _LT_CHECK_SHAREDLIB_FROM_LINKLIB - - -# _LT_PATH_MANIFEST_TOOL -# ---------------------- -# locate the manifest tool -m4_defun([_LT_PATH_MANIFEST_TOOL], -[AC_CHECK_TOOL(MANIFEST_TOOL, mt, :) -test -z "$MANIFEST_TOOL" && MANIFEST_TOOL=mt -AC_CACHE_CHECK([if $MANIFEST_TOOL is a manifest tool], [lt_cv_path_mainfest_tool], - [lt_cv_path_mainfest_tool=no - echo "$as_me:$LINENO: $MANIFEST_TOOL '-?'" >&AS_MESSAGE_LOG_FD - $MANIFEST_TOOL '-?' 2>conftest.err > conftest.out - cat conftest.err >&AS_MESSAGE_LOG_FD - if $GREP 'Manifest Tool' conftest.out > /dev/null; then - lt_cv_path_mainfest_tool=yes - fi - rm -f conftest*]) -if test yes != "$lt_cv_path_mainfest_tool"; then - MANIFEST_TOOL=: -fi -_LT_DECL([], [MANIFEST_TOOL], [1], [Manifest tool])dnl -])# _LT_PATH_MANIFEST_TOOL - - -# _LT_DLL_DEF_P([FILE]) -# --------------------- -# True iff FILE is a Windows DLL '.def' file. -# Keep in sync with func_dll_def_p in the libtool script -AC_DEFUN([_LT_DLL_DEF_P], -[dnl - test DEF = "`$SED -n dnl - -e '\''s/^[[ ]]*//'\'' dnl Strip leading whitespace - -e '\''/^\(;.*\)*$/d'\'' dnl Delete empty lines and comments - -e '\''s/^\(EXPORTS\|LIBRARY\)\([[ ]].*\)*$/DEF/p'\'' dnl - -e q dnl Only consider the first "real" line - $1`" dnl -])# _LT_DLL_DEF_P - - -# LT_LIB_M -# -------- -# check for math library -AC_DEFUN([LT_LIB_M], -[AC_REQUIRE([AC_CANONICAL_HOST])dnl -LIBM= -case $host in -*-*-beos* | *-*-cegcc* | *-*-cygwin* | *-*-haiku* | *-*-pw32* | *-*-darwin*) - # These system don't have libm, or don't need it - ;; -*-ncr-sysv4.3*) - AC_CHECK_LIB(mw, _mwvalidcheckl, LIBM=-lmw) - AC_CHECK_LIB(m, cos, LIBM="$LIBM -lm") - ;; -*) - AC_CHECK_LIB(m, cos, LIBM=-lm) - ;; -esac -AC_SUBST([LIBM]) -])# LT_LIB_M - -# Old name: -AU_ALIAS([AC_CHECK_LIBM], [LT_LIB_M]) -dnl aclocal-1.4 backwards compatibility: -dnl AC_DEFUN([AC_CHECK_LIBM], []) - - -# _LT_COMPILER_NO_RTTI([TAGNAME]) -# ------------------------------- -m4_defun([_LT_COMPILER_NO_RTTI], -[m4_require([_LT_TAG_COMPILER])dnl - -_LT_TAGVAR(lt_prog_compiler_no_builtin_flag, $1)= - -if test yes = "$GCC"; then - case $cc_basename in - nvcc*) - _LT_TAGVAR(lt_prog_compiler_no_builtin_flag, $1)=' -Xcompiler -fno-builtin' ;; - *) - _LT_TAGVAR(lt_prog_compiler_no_builtin_flag, $1)=' -fno-builtin' ;; - esac - - _LT_COMPILER_OPTION([if $compiler supports -fno-rtti -fno-exceptions], - lt_cv_prog_compiler_rtti_exceptions, - [-fno-rtti -fno-exceptions], [], - [_LT_TAGVAR(lt_prog_compiler_no_builtin_flag, $1)="$_LT_TAGVAR(lt_prog_compiler_no_builtin_flag, $1) -fno-rtti -fno-exceptions"]) -fi -_LT_TAGDECL([no_builtin_flag], [lt_prog_compiler_no_builtin_flag], [1], - [Compiler flag to turn off builtin functions]) -])# _LT_COMPILER_NO_RTTI - - -# _LT_CMD_GLOBAL_SYMBOLS -# ---------------------- -m4_defun([_LT_CMD_GLOBAL_SYMBOLS], -[AC_REQUIRE([AC_CANONICAL_HOST])dnl -AC_REQUIRE([AC_PROG_CC])dnl -AC_REQUIRE([AC_PROG_AWK])dnl -AC_REQUIRE([LT_PATH_NM])dnl -AC_REQUIRE([LT_PATH_LD])dnl -m4_require([_LT_DECL_SED])dnl -m4_require([_LT_DECL_EGREP])dnl -m4_require([_LT_TAG_COMPILER])dnl - -# Check for command to grab the raw symbol name followed by C symbol from nm. -AC_MSG_CHECKING([command to parse $NM output from $compiler object]) -AC_CACHE_VAL([lt_cv_sys_global_symbol_pipe], -[ -# These are sane defaults that work on at least a few old systems. -# [They come from Ultrix. What could be older than Ultrix?!! ;)] - -# Character class describing NM global symbol codes. -symcode='[[BCDEGRST]]' - -# Regexp to match symbols that can be accessed directly from C. -sympat='\([[_A-Za-z]][[_A-Za-z0-9]]*\)' - -# Define system-specific variables. -case $host_os in -aix*) - symcode='[[BCDT]]' - ;; -cygwin* | mingw* | pw32* | cegcc*) - symcode='[[ABCDGISTW]]' - ;; -hpux*) - if test ia64 = "$host_cpu"; then - symcode='[[ABCDEGRST]]' - fi - ;; -irix* | nonstopux*) - symcode='[[BCDEGRST]]' - ;; -osf*) - symcode='[[BCDEGQRST]]' - ;; -solaris*) - symcode='[[BDRT]]' - ;; -sco3.2v5*) - symcode='[[DT]]' - ;; -sysv4.2uw2*) - symcode='[[DT]]' - ;; -sysv5* | sco5v6* | unixware* | OpenUNIX*) - symcode='[[ABDT]]' - ;; -sysv4) - symcode='[[DFNSTU]]' - ;; -esac - -# If we're using GNU nm, then use its standard symbol codes. -case `$NM -V 2>&1` in -*GNU* | *'with BFD'*) - symcode='[[ABCDGIRSTW]]' ;; -esac - -if test "$lt_cv_nm_interface" = "MS dumpbin"; then - # Gets list of data symbols to import. - lt_cv_sys_global_symbol_to_import="sed -n -e 's/^I .* \(.*\)$/\1/p'" - # Adjust the below global symbol transforms to fixup imported variables. - lt_cdecl_hook=" -e 's/^I .* \(.*\)$/extern __declspec(dllimport) char \1;/p'" - lt_c_name_hook=" -e 's/^I .* \(.*\)$/ {\"\1\", (void *) 0},/p'" - lt_c_name_lib_hook="\ - -e 's/^I .* \(lib.*\)$/ {\"\1\", (void *) 0},/p'\ - -e 's/^I .* \(.*\)$/ {\"lib\1\", (void *) 0},/p'" -else - # Disable hooks by default. - lt_cv_sys_global_symbol_to_import= - lt_cdecl_hook= - lt_c_name_hook= - lt_c_name_lib_hook= -fi - -# Transform an extracted symbol line into a proper C declaration. -# Some systems (esp. on ia64) link data and code symbols differently, -# so use this general approach. -lt_cv_sys_global_symbol_to_cdecl="sed -n"\ -$lt_cdecl_hook\ -" -e 's/^T .* \(.*\)$/extern int \1();/p'"\ -" -e 's/^$symcode$symcode* .* \(.*\)$/extern char \1;/p'" - -# Transform an extracted symbol line into symbol name and symbol address -lt_cv_sys_global_symbol_to_c_name_address="sed -n"\ -$lt_c_name_hook\ -" -e 's/^: \(.*\) .*$/ {\"\1\", (void *) 0},/p'"\ -" -e 's/^$symcode$symcode* .* \(.*\)$/ {\"\1\", (void *) \&\1},/p'" - -# Transform an extracted symbol line into symbol name with lib prefix and -# symbol address. -lt_cv_sys_global_symbol_to_c_name_address_lib_prefix="sed -n"\ -$lt_c_name_lib_hook\ -" -e 's/^: \(.*\) .*$/ {\"\1\", (void *) 0},/p'"\ -" -e 's/^$symcode$symcode* .* \(lib.*\)$/ {\"\1\", (void *) \&\1},/p'"\ -" -e 's/^$symcode$symcode* .* \(.*\)$/ {\"lib\1\", (void *) \&\1},/p'" - -# Handle CRLF in mingw tool chain -opt_cr= -case $build_os in -mingw*) - opt_cr=`$ECHO 'x\{0,1\}' | tr x '\015'` # option cr in regexp - ;; -esac - -# Try without a prefix underscore, then with it. -for ac_symprfx in "" "_"; do - - # Transform symcode, sympat, and symprfx into a raw symbol and a C symbol. - symxfrm="\\1 $ac_symprfx\\2 \\2" - - # Write the raw and C identifiers. - if test "$lt_cv_nm_interface" = "MS dumpbin"; then - # Fake it for dumpbin and say T for any non-static function, - # D for any global variable and I for any imported variable. - # Also find C++ and __fastcall symbols from MSVC++, - # which start with @ or ?. - lt_cv_sys_global_symbol_pipe="$AWK ['"\ -" {last_section=section; section=\$ 3};"\ -" /^COFF SYMBOL TABLE/{for(i in hide) delete hide[i]};"\ -" /Section length .*#relocs.*(pick any)/{hide[last_section]=1};"\ -" /^ *Symbol name *: /{split(\$ 0,sn,\":\"); si=substr(sn[2],2)};"\ -" /^ *Type *: code/{print \"T\",si,substr(si,length(prfx))};"\ -" /^ *Type *: data/{print \"I\",si,substr(si,length(prfx))};"\ -" \$ 0!~/External *\|/{next};"\ -" / 0+ UNDEF /{next}; / UNDEF \([^|]\)*()/{next};"\ -" {if(hide[section]) next};"\ -" {f=\"D\"}; \$ 0~/\(\).*\|/{f=\"T\"};"\ -" {split(\$ 0,a,/\||\r/); split(a[2],s)};"\ -" s[1]~/^[@?]/{print f,s[1],s[1]; next};"\ -" s[1]~prfx {split(s[1],t,\"@\"); print f,t[1],substr(t[1],length(prfx))}"\ -" ' prfx=^$ac_symprfx]" - else - lt_cv_sys_global_symbol_pipe="sed -n -e 's/^.*[[ ]]\($symcode$symcode*\)[[ ]][[ ]]*$ac_symprfx$sympat$opt_cr$/$symxfrm/p'" - fi - lt_cv_sys_global_symbol_pipe="$lt_cv_sys_global_symbol_pipe | sed '/ __gnu_lto/d'" - - # Check to see that the pipe works correctly. - pipe_works=no - - rm -f conftest* - cat > conftest.$ac_ext <<_LT_EOF -#ifdef __cplusplus -extern "C" { -#endif -char nm_test_var; -void nm_test_func(void); -void nm_test_func(void){} -#ifdef __cplusplus -} -#endif -int main(){nm_test_var='a';nm_test_func();return(0);} -_LT_EOF - - if AC_TRY_EVAL(ac_compile); then - # Now try to grab the symbols. - nlist=conftest.nm - if AC_TRY_EVAL(NM conftest.$ac_objext \| "$lt_cv_sys_global_symbol_pipe" \> $nlist) && test -s "$nlist"; then - # Try sorting and uniquifying the output. - if sort "$nlist" | uniq > "$nlist"T; then - mv -f "$nlist"T "$nlist" - else - rm -f "$nlist"T - fi - - # Make sure that we snagged all the symbols we need. - if $GREP ' nm_test_var$' "$nlist" >/dev/null; then - if $GREP ' nm_test_func$' "$nlist" >/dev/null; then - cat <<_LT_EOF > conftest.$ac_ext -/* Keep this code in sync between libtool.m4, ltmain, lt_system.h, and tests. */ -#if defined _WIN32 || defined __CYGWIN__ || defined _WIN32_WCE -/* DATA imports from DLLs on WIN32 can't be const, because runtime - relocations are performed -- see ld's documentation on pseudo-relocs. */ -# define LT@&t@_DLSYM_CONST -#elif defined __osf__ -/* This system does not cope well with relocations in const data. */ -# define LT@&t@_DLSYM_CONST -#else -# define LT@&t@_DLSYM_CONST const -#endif - -#ifdef __cplusplus -extern "C" { -#endif - -_LT_EOF - # Now generate the symbol file. - eval "$lt_cv_sys_global_symbol_to_cdecl"' < "$nlist" | $GREP -v main >> conftest.$ac_ext' - - cat <<_LT_EOF >> conftest.$ac_ext - -/* The mapping between symbol names and symbols. */ -LT@&t@_DLSYM_CONST struct { - const char *name; - void *address; -} -lt__PROGRAM__LTX_preloaded_symbols[[]] = -{ - { "@PROGRAM@", (void *) 0 }, -_LT_EOF - $SED "s/^$symcode$symcode* .* \(.*\)$/ {\"\1\", (void *) \&\1},/" < "$nlist" | $GREP -v main >> conftest.$ac_ext - cat <<\_LT_EOF >> conftest.$ac_ext - {0, (void *) 0} -}; - -/* This works around a problem in FreeBSD linker */ -#ifdef FREEBSD_WORKAROUND -static const void *lt_preloaded_setup() { - return lt__PROGRAM__LTX_preloaded_symbols; -} -#endif - -#ifdef __cplusplus -} -#endif -_LT_EOF - # Now try linking the two files. - mv conftest.$ac_objext conftstm.$ac_objext - lt_globsym_save_LIBS=$LIBS - lt_globsym_save_CFLAGS=$CFLAGS - LIBS=conftstm.$ac_objext - CFLAGS="$CFLAGS$_LT_TAGVAR(lt_prog_compiler_no_builtin_flag, $1)" - if AC_TRY_EVAL(ac_link) && test -s conftest$ac_exeext; then - pipe_works=yes - fi - LIBS=$lt_globsym_save_LIBS - CFLAGS=$lt_globsym_save_CFLAGS - else - echo "cannot find nm_test_func in $nlist" >&AS_MESSAGE_LOG_FD - fi - else - echo "cannot find nm_test_var in $nlist" >&AS_MESSAGE_LOG_FD - fi - else - echo "cannot run $lt_cv_sys_global_symbol_pipe" >&AS_MESSAGE_LOG_FD - fi - else - echo "$progname: failed program was:" >&AS_MESSAGE_LOG_FD - cat conftest.$ac_ext >&5 - fi - rm -rf conftest* conftst* - - # Do not use the global_symbol_pipe unless it works. - if test yes = "$pipe_works"; then - break - else - lt_cv_sys_global_symbol_pipe= - fi -done -]) -if test -z "$lt_cv_sys_global_symbol_pipe"; then - lt_cv_sys_global_symbol_to_cdecl= -fi -if test -z "$lt_cv_sys_global_symbol_pipe$lt_cv_sys_global_symbol_to_cdecl"; then - AC_MSG_RESULT(failed) -else - AC_MSG_RESULT(ok) -fi - -# Response file support. -if test "$lt_cv_nm_interface" = "MS dumpbin"; then - nm_file_list_spec='@' -elif $NM --help 2>/dev/null | grep '[[@]]FILE' >/dev/null; then - nm_file_list_spec='@' -fi - -_LT_DECL([global_symbol_pipe], [lt_cv_sys_global_symbol_pipe], [1], - [Take the output of nm and produce a listing of raw symbols and C names]) -_LT_DECL([global_symbol_to_cdecl], [lt_cv_sys_global_symbol_to_cdecl], [1], - [Transform the output of nm in a proper C declaration]) -_LT_DECL([global_symbol_to_import], [lt_cv_sys_global_symbol_to_import], [1], - [Transform the output of nm into a list of symbols to manually relocate]) -_LT_DECL([global_symbol_to_c_name_address], - [lt_cv_sys_global_symbol_to_c_name_address], [1], - [Transform the output of nm in a C name address pair]) -_LT_DECL([global_symbol_to_c_name_address_lib_prefix], - [lt_cv_sys_global_symbol_to_c_name_address_lib_prefix], [1], - [Transform the output of nm in a C name address pair when lib prefix is needed]) -_LT_DECL([nm_interface], [lt_cv_nm_interface], [1], - [The name lister interface]) -_LT_DECL([], [nm_file_list_spec], [1], - [Specify filename containing input files for $NM]) -]) # _LT_CMD_GLOBAL_SYMBOLS - - -# _LT_COMPILER_PIC([TAGNAME]) -# --------------------------- -m4_defun([_LT_COMPILER_PIC], -[m4_require([_LT_TAG_COMPILER])dnl -_LT_TAGVAR(lt_prog_compiler_wl, $1)= -_LT_TAGVAR(lt_prog_compiler_pic, $1)= -_LT_TAGVAR(lt_prog_compiler_static, $1)= - -m4_if([$1], [CXX], [ - # C++ specific cases for pic, static, wl, etc. - if test yes = "$GXX"; then - _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' - _LT_TAGVAR(lt_prog_compiler_static, $1)='-static' - - case $host_os in - aix*) - # All AIX code is PIC. - if test ia64 = "$host_cpu"; then - # AIX 5 now supports IA64 processor - _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' - fi - _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC' - ;; - - amigaos*) - case $host_cpu in - powerpc) - # see comment about AmigaOS4 .so support - _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC' - ;; - m68k) - # FIXME: we need at least 68020 code to build shared libraries, but - # adding the '-m68020' flag to GCC prevents building anything better, - # like '-m68040'. - _LT_TAGVAR(lt_prog_compiler_pic, $1)='-m68020 -resident32 -malways-restore-a4' - ;; - esac - ;; - - beos* | irix5* | irix6* | nonstopux* | osf3* | osf4* | osf5*) - # PIC is the default for these OSes. - ;; - mingw* | cygwin* | os2* | pw32* | cegcc*) - # This hack is so that the source file can tell whether it is being - # built for inclusion in a dll (and should export symbols for example). - # Although the cygwin gcc ignores -fPIC, still need this for old-style - # (--disable-auto-import) libraries - m4_if([$1], [GCJ], [], - [_LT_TAGVAR(lt_prog_compiler_pic, $1)='-DDLL_EXPORT']) - case $host_os in - os2*) - _LT_TAGVAR(lt_prog_compiler_static, $1)='$wl-static' - ;; - esac - ;; - darwin* | rhapsody*) - # PIC is the default on this platform - # Common symbols not allowed in MH_DYLIB files - _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fno-common' - ;; - *djgpp*) - # DJGPP does not support shared libraries at all - _LT_TAGVAR(lt_prog_compiler_pic, $1)= - ;; - haiku*) - # PIC is the default for Haiku. - # The "-static" flag exists, but is broken. - _LT_TAGVAR(lt_prog_compiler_static, $1)= - ;; - interix[[3-9]]*) - # Interix 3.x gcc -fpic/-fPIC options generate broken code. - # Instead, we relocate shared libraries at runtime. - ;; - sysv4*MP*) - if test -d /usr/nec; then - _LT_TAGVAR(lt_prog_compiler_pic, $1)=-Kconform_pic - fi - ;; - hpux*) - # PIC is the default for 64-bit PA HP-UX, but not for 32-bit - # PA HP-UX. On IA64 HP-UX, PIC is the default but the pic flag - # sets the default TLS model and affects inlining. - case $host_cpu in - hppa*64*) - ;; - *) - _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC' - ;; - esac - ;; - *qnx* | *nto*) - # QNX uses GNU C++, but need to define -shared option too, otherwise - # it will coredump. - _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC -shared' - ;; - *) - _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC' - ;; - esac - else - case $host_os in - aix[[4-9]]*) - # All AIX code is PIC. - if test ia64 = "$host_cpu"; then - # AIX 5 now supports IA64 processor - _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' - else - _LT_TAGVAR(lt_prog_compiler_static, $1)='-bnso -bI:/lib/syscalls.exp' - fi - ;; - chorus*) - case $cc_basename in - cxch68*) - # Green Hills C++ Compiler - # _LT_TAGVAR(lt_prog_compiler_static, $1)="--no_auto_instantiation -u __main -u __premain -u _abort -r $COOL_DIR/lib/libOrb.a $MVME_DIR/lib/CC/libC.a $MVME_DIR/lib/classix/libcx.s.a" - ;; - esac - ;; - mingw* | cygwin* | os2* | pw32* | cegcc*) - # This hack is so that the source file can tell whether it is being - # built for inclusion in a dll (and should export symbols for example). - m4_if([$1], [GCJ], [], - [_LT_TAGVAR(lt_prog_compiler_pic, $1)='-DDLL_EXPORT']) - ;; - dgux*) - case $cc_basename in - ec++*) - _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC' - ;; - ghcx*) - # Green Hills C++ Compiler - _LT_TAGVAR(lt_prog_compiler_pic, $1)='-pic' - ;; - *) - ;; - esac - ;; - freebsd* | dragonfly*) - # FreeBSD uses GNU C++ - ;; - hpux9* | hpux10* | hpux11*) - case $cc_basename in - CC*) - _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' - _LT_TAGVAR(lt_prog_compiler_static, $1)='$wl-a ${wl}archive' - if test ia64 != "$host_cpu"; then - _LT_TAGVAR(lt_prog_compiler_pic, $1)='+Z' - fi - ;; - aCC*) - _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' - _LT_TAGVAR(lt_prog_compiler_static, $1)='$wl-a ${wl}archive' - case $host_cpu in - hppa*64*|ia64*) - # +Z the default - ;; - *) - _LT_TAGVAR(lt_prog_compiler_pic, $1)='+Z' - ;; - esac - ;; - *) - ;; - esac - ;; - interix*) - # This is c89, which is MS Visual C++ (no shared libs) - # Anyone wants to do a port? - ;; - irix5* | irix6* | nonstopux*) - case $cc_basename in - CC*) - _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' - _LT_TAGVAR(lt_prog_compiler_static, $1)='-non_shared' - # CC pic flag -KPIC is the default. - ;; - *) - ;; - esac - ;; - linux* | k*bsd*-gnu | kopensolaris*-gnu | gnu*) - case $cc_basename in - KCC*) - # KAI C++ Compiler - _LT_TAGVAR(lt_prog_compiler_wl, $1)='--backend -Wl,' - _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC' - ;; - ecpc* ) - # old Intel C++ for x86_64, which still supported -KPIC. - _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' - _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC' - _LT_TAGVAR(lt_prog_compiler_static, $1)='-static' - ;; - icpc* ) - # Intel C++, used to be incompatible with GCC. - # ICC 10 doesn't accept -KPIC any more. - _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' - _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC' - _LT_TAGVAR(lt_prog_compiler_static, $1)='-static' - ;; - pgCC* | pgcpp*) - # Portland Group C++ compiler - _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' - _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fpic' - _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' - ;; - cxx*) - # Compaq C++ - # Make sure the PIC flag is empty. It appears that all Alpha - # Linux and Compaq Tru64 Unix objects are PIC. - _LT_TAGVAR(lt_prog_compiler_pic, $1)= - _LT_TAGVAR(lt_prog_compiler_static, $1)='-non_shared' - ;; - xlc* | xlC* | bgxl[[cC]]* | mpixl[[cC]]*) - # IBM XL 8.0, 9.0 on PPC and BlueGene - _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' - _LT_TAGVAR(lt_prog_compiler_pic, $1)='-qpic' - _LT_TAGVAR(lt_prog_compiler_static, $1)='-qstaticlink' - ;; - *) - case `$CC -V 2>&1 | sed 5q` in - *Sun\ C*) - # Sun C++ 5.9 - _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC' - _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' - _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Qoption ld ' - ;; - esac - ;; - esac - ;; - lynxos*) - ;; - m88k*) - ;; - mvs*) - case $cc_basename in - cxx*) - _LT_TAGVAR(lt_prog_compiler_pic, $1)='-W c,exportall' - ;; - *) - ;; - esac - ;; - netbsd*) - ;; - *qnx* | *nto*) - # QNX uses GNU C++, but need to define -shared option too, otherwise - # it will coredump. - _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC -shared' - ;; - osf3* | osf4* | osf5*) - case $cc_basename in - KCC*) - _LT_TAGVAR(lt_prog_compiler_wl, $1)='--backend -Wl,' - ;; - RCC*) - # Rational C++ 2.4.1 - _LT_TAGVAR(lt_prog_compiler_pic, $1)='-pic' - ;; - cxx*) - # Digital/Compaq C++ - _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' - # Make sure the PIC flag is empty. It appears that all Alpha - # Linux and Compaq Tru64 Unix objects are PIC. - _LT_TAGVAR(lt_prog_compiler_pic, $1)= - _LT_TAGVAR(lt_prog_compiler_static, $1)='-non_shared' - ;; - *) - ;; - esac - ;; - psos*) - ;; - solaris*) - case $cc_basename in - CC* | sunCC*) - # Sun C++ 4.2, 5.x and Centerline C++ - _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC' - _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' - _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Qoption ld ' - ;; - gcx*) - # Green Hills C++ Compiler - _LT_TAGVAR(lt_prog_compiler_pic, $1)='-PIC' - ;; - *) - ;; - esac - ;; - sunos4*) - case $cc_basename in - CC*) - # Sun C++ 4.x - _LT_TAGVAR(lt_prog_compiler_pic, $1)='-pic' - _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' - ;; - lcc*) - # Lucid - _LT_TAGVAR(lt_prog_compiler_pic, $1)='-pic' - ;; - *) - ;; - esac - ;; - sysv5* | unixware* | sco3.2v5* | sco5v6* | OpenUNIX*) - case $cc_basename in - CC*) - _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' - _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC' - _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' - ;; - esac - ;; - tandem*) - case $cc_basename in - NCC*) - # NonStop-UX NCC 3.20 - _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC' - ;; - *) - ;; - esac - ;; - vxworks*) - ;; - *) - _LT_TAGVAR(lt_prog_compiler_can_build_shared, $1)=no - ;; - esac - fi -], -[ - if test yes = "$GCC"; then - _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' - _LT_TAGVAR(lt_prog_compiler_static, $1)='-static' - - case $host_os in - aix*) - # All AIX code is PIC. - if test ia64 = "$host_cpu"; then - # AIX 5 now supports IA64 processor - _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' - fi - _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC' - ;; - - amigaos*) - case $host_cpu in - powerpc) - # see comment about AmigaOS4 .so support - _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC' - ;; - m68k) - # FIXME: we need at least 68020 code to build shared libraries, but - # adding the '-m68020' flag to GCC prevents building anything better, - # like '-m68040'. - _LT_TAGVAR(lt_prog_compiler_pic, $1)='-m68020 -resident32 -malways-restore-a4' - ;; - esac - ;; - - beos* | irix5* | irix6* | nonstopux* | osf3* | osf4* | osf5*) - # PIC is the default for these OSes. - ;; - - mingw* | cygwin* | pw32* | os2* | cegcc*) - # This hack is so that the source file can tell whether it is being - # built for inclusion in a dll (and should export symbols for example). - # Although the cygwin gcc ignores -fPIC, still need this for old-style - # (--disable-auto-import) libraries - m4_if([$1], [GCJ], [], - [_LT_TAGVAR(lt_prog_compiler_pic, $1)='-DDLL_EXPORT']) - case $host_os in - os2*) - _LT_TAGVAR(lt_prog_compiler_static, $1)='$wl-static' - ;; - esac - ;; - - darwin* | rhapsody*) - # PIC is the default on this platform - # Common symbols not allowed in MH_DYLIB files - _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fno-common' - ;; - - haiku*) - # PIC is the default for Haiku. - # The "-static" flag exists, but is broken. - _LT_TAGVAR(lt_prog_compiler_static, $1)= - ;; - - hpux*) - # PIC is the default for 64-bit PA HP-UX, but not for 32-bit - # PA HP-UX. On IA64 HP-UX, PIC is the default but the pic flag - # sets the default TLS model and affects inlining. - case $host_cpu in - hppa*64*) - # +Z the default - ;; - *) - _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC' - ;; - esac - ;; - - interix[[3-9]]*) - # Interix 3.x gcc -fpic/-fPIC options generate broken code. - # Instead, we relocate shared libraries at runtime. - ;; - - msdosdjgpp*) - # Just because we use GCC doesn't mean we suddenly get shared libraries - # on systems that don't support them. - _LT_TAGVAR(lt_prog_compiler_can_build_shared, $1)=no - enable_shared=no - ;; - - *nto* | *qnx*) - # QNX uses GNU C++, but need to define -shared option too, otherwise - # it will coredump. - _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC -shared' - ;; - - sysv4*MP*) - if test -d /usr/nec; then - _LT_TAGVAR(lt_prog_compiler_pic, $1)=-Kconform_pic - fi - ;; - - *) - _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC' - ;; - esac - - case $cc_basename in - nvcc*) # Cuda Compiler Driver 2.2 - _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Xlinker ' - if test -n "$_LT_TAGVAR(lt_prog_compiler_pic, $1)"; then - _LT_TAGVAR(lt_prog_compiler_pic, $1)="-Xcompiler $_LT_TAGVAR(lt_prog_compiler_pic, $1)" - fi - ;; - esac - else - # PORTME Check for flag to pass linker flags through the system compiler. - case $host_os in - aix*) - _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' - if test ia64 = "$host_cpu"; then - # AIX 5 now supports IA64 processor - _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' - else - _LT_TAGVAR(lt_prog_compiler_static, $1)='-bnso -bI:/lib/syscalls.exp' - fi - ;; - - darwin* | rhapsody*) - # PIC is the default on this platform - # Common symbols not allowed in MH_DYLIB files - _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fno-common' - case $cc_basename in - nagfor*) - # NAG Fortran compiler - _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,-Wl,,' - _LT_TAGVAR(lt_prog_compiler_pic, $1)='-PIC' - _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' - ;; - esac - ;; - - mingw* | cygwin* | pw32* | os2* | cegcc*) - # This hack is so that the source file can tell whether it is being - # built for inclusion in a dll (and should export symbols for example). - m4_if([$1], [GCJ], [], - [_LT_TAGVAR(lt_prog_compiler_pic, $1)='-DDLL_EXPORT']) - case $host_os in - os2*) - _LT_TAGVAR(lt_prog_compiler_static, $1)='$wl-static' - ;; - esac - ;; - - hpux9* | hpux10* | hpux11*) - _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' - # PIC is the default for IA64 HP-UX and 64-bit HP-UX, but - # not for PA HP-UX. - case $host_cpu in - hppa*64*|ia64*) - # +Z the default - ;; - *) - _LT_TAGVAR(lt_prog_compiler_pic, $1)='+Z' - ;; - esac - # Is there a better lt_prog_compiler_static that works with the bundled CC? - _LT_TAGVAR(lt_prog_compiler_static, $1)='$wl-a ${wl}archive' - ;; - - irix5* | irix6* | nonstopux*) - _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' - # PIC (with -KPIC) is the default. - _LT_TAGVAR(lt_prog_compiler_static, $1)='-non_shared' - ;; - - linux* | k*bsd*-gnu | kopensolaris*-gnu | gnu*) - case $cc_basename in - # old Intel for x86_64, which still supported -KPIC. - ecc*) - _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' - _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC' - _LT_TAGVAR(lt_prog_compiler_static, $1)='-static' - ;; - # icc used to be incompatible with GCC. - # ICC 10 doesn't accept -KPIC any more. - icc* | ifort*) - _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' - _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC' - _LT_TAGVAR(lt_prog_compiler_static, $1)='-static' - ;; - # Lahey Fortran 8.1. - lf95*) - _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' - _LT_TAGVAR(lt_prog_compiler_pic, $1)='--shared' - _LT_TAGVAR(lt_prog_compiler_static, $1)='--static' - ;; - nagfor*) - # NAG Fortran compiler - _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,-Wl,,' - _LT_TAGVAR(lt_prog_compiler_pic, $1)='-PIC' - _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' - ;; - tcc*) - # Fabrice Bellard et al's Tiny C Compiler - _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' - _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC' - _LT_TAGVAR(lt_prog_compiler_static, $1)='-static' - ;; - pgcc* | pgf77* | pgf90* | pgf95* | pgfortran*) - # Portland Group compilers (*not* the Pentium gcc compiler, - # which looks to be a dead project) - _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' - _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fpic' - _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' - ;; - ccc*) - _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' - # All Alpha code is PIC. - _LT_TAGVAR(lt_prog_compiler_static, $1)='-non_shared' - ;; - xl* | bgxl* | bgf* | mpixl*) - # IBM XL C 8.0/Fortran 10.1, 11.1 on PPC and BlueGene - _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' - _LT_TAGVAR(lt_prog_compiler_pic, $1)='-qpic' - _LT_TAGVAR(lt_prog_compiler_static, $1)='-qstaticlink' - ;; - *) - case `$CC -V 2>&1 | sed 5q` in - *Sun\ Ceres\ Fortran* | *Sun*Fortran*\ [[1-7]].* | *Sun*Fortran*\ 8.[[0-3]]*) - # Sun Fortran 8.3 passes all unrecognized flags to the linker - _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC' - _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' - _LT_TAGVAR(lt_prog_compiler_wl, $1)='' - ;; - *Sun\ F* | *Sun*Fortran*) - _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC' - _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' - _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Qoption ld ' - ;; - *Sun\ C*) - # Sun C 5.9 - _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC' - _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' - _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' - ;; - *Intel*\ [[CF]]*Compiler*) - _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' - _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC' - _LT_TAGVAR(lt_prog_compiler_static, $1)='-static' - ;; - *Portland\ Group*) - _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' - _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fpic' - _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' - ;; - esac - ;; - esac - ;; - - newsos6) - _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC' - _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' - ;; - - *nto* | *qnx*) - # QNX uses GNU C++, but need to define -shared option too, otherwise - # it will coredump. - _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC -shared' - ;; - - osf3* | osf4* | osf5*) - _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' - # All OSF/1 code is PIC. - _LT_TAGVAR(lt_prog_compiler_static, $1)='-non_shared' - ;; - - rdos*) - _LT_TAGVAR(lt_prog_compiler_static, $1)='-non_shared' - ;; - - solaris*) - _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC' - _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' - case $cc_basename in - f77* | f90* | f95* | sunf77* | sunf90* | sunf95*) - _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Qoption ld ';; - *) - _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,';; - esac - ;; - - sunos4*) - _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Qoption ld ' - _LT_TAGVAR(lt_prog_compiler_pic, $1)='-PIC' - _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' - ;; - - sysv4 | sysv4.2uw2* | sysv4.3*) - _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' - _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC' - _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' - ;; - - sysv4*MP*) - if test -d /usr/nec; then - _LT_TAGVAR(lt_prog_compiler_pic, $1)='-Kconform_pic' - _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' - fi - ;; - - sysv5* | unixware* | sco3.2v5* | sco5v6* | OpenUNIX*) - _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' - _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC' - _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' - ;; - - unicos*) - _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' - _LT_TAGVAR(lt_prog_compiler_can_build_shared, $1)=no - ;; - - uts4*) - _LT_TAGVAR(lt_prog_compiler_pic, $1)='-pic' - _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' - ;; - - *) - _LT_TAGVAR(lt_prog_compiler_can_build_shared, $1)=no - ;; - esac - fi -]) -case $host_os in - # For platforms that do not support PIC, -DPIC is meaningless: - *djgpp*) - _LT_TAGVAR(lt_prog_compiler_pic, $1)= - ;; - *) - _LT_TAGVAR(lt_prog_compiler_pic, $1)="$_LT_TAGVAR(lt_prog_compiler_pic, $1)@&t@m4_if([$1],[],[ -DPIC],[m4_if([$1],[CXX],[ -DPIC],[])])" - ;; -esac - -AC_CACHE_CHECK([for $compiler option to produce PIC], - [_LT_TAGVAR(lt_cv_prog_compiler_pic, $1)], - [_LT_TAGVAR(lt_cv_prog_compiler_pic, $1)=$_LT_TAGVAR(lt_prog_compiler_pic, $1)]) -_LT_TAGVAR(lt_prog_compiler_pic, $1)=$_LT_TAGVAR(lt_cv_prog_compiler_pic, $1) - -# -# Check to make sure the PIC flag actually works. -# -if test -n "$_LT_TAGVAR(lt_prog_compiler_pic, $1)"; then - _LT_COMPILER_OPTION([if $compiler PIC flag $_LT_TAGVAR(lt_prog_compiler_pic, $1) works], - [_LT_TAGVAR(lt_cv_prog_compiler_pic_works, $1)], - [$_LT_TAGVAR(lt_prog_compiler_pic, $1)@&t@m4_if([$1],[],[ -DPIC],[m4_if([$1],[CXX],[ -DPIC],[])])], [], - [case $_LT_TAGVAR(lt_prog_compiler_pic, $1) in - "" | " "*) ;; - *) _LT_TAGVAR(lt_prog_compiler_pic, $1)=" $_LT_TAGVAR(lt_prog_compiler_pic, $1)" ;; - esac], - [_LT_TAGVAR(lt_prog_compiler_pic, $1)= - _LT_TAGVAR(lt_prog_compiler_can_build_shared, $1)=no]) -fi -_LT_TAGDECL([pic_flag], [lt_prog_compiler_pic], [1], - [Additional compiler flags for building library objects]) - -_LT_TAGDECL([wl], [lt_prog_compiler_wl], [1], - [How to pass a linker flag through the compiler]) -# -# Check to make sure the static flag actually works. -# -wl=$_LT_TAGVAR(lt_prog_compiler_wl, $1) eval lt_tmp_static_flag=\"$_LT_TAGVAR(lt_prog_compiler_static, $1)\" -_LT_LINKER_OPTION([if $compiler static flag $lt_tmp_static_flag works], - _LT_TAGVAR(lt_cv_prog_compiler_static_works, $1), - $lt_tmp_static_flag, - [], - [_LT_TAGVAR(lt_prog_compiler_static, $1)=]) -_LT_TAGDECL([link_static_flag], [lt_prog_compiler_static], [1], - [Compiler flag to prevent dynamic linking]) -])# _LT_COMPILER_PIC - - -# _LT_LINKER_SHLIBS([TAGNAME]) -# ---------------------------- -# See if the linker supports building shared libraries. -m4_defun([_LT_LINKER_SHLIBS], -[AC_REQUIRE([LT_PATH_LD])dnl -AC_REQUIRE([LT_PATH_NM])dnl -m4_require([_LT_PATH_MANIFEST_TOOL])dnl -m4_require([_LT_FILEUTILS_DEFAULTS])dnl -m4_require([_LT_DECL_EGREP])dnl -m4_require([_LT_DECL_SED])dnl -m4_require([_LT_CMD_GLOBAL_SYMBOLS])dnl -m4_require([_LT_TAG_COMPILER])dnl -AC_MSG_CHECKING([whether the $compiler linker ($LD) supports shared libraries]) -m4_if([$1], [CXX], [ - _LT_TAGVAR(export_symbols_cmds, $1)='$NM $libobjs $convenience | $global_symbol_pipe | $SED '\''s/.* //'\'' | sort | uniq > $export_symbols' - _LT_TAGVAR(exclude_expsyms, $1)=['_GLOBAL_OFFSET_TABLE_|_GLOBAL__F[ID]_.*'] - case $host_os in - aix[[4-9]]*) - # If we're using GNU nm, then we don't want the "-C" option. - # -C means demangle to GNU nm, but means don't demangle to AIX nm. - # Without the "-l" option, or with the "-B" option, AIX nm treats - # weak defined symbols like other global defined symbols, whereas - # GNU nm marks them as "W". - # While the 'weak' keyword is ignored in the Export File, we need - # it in the Import File for the 'aix-soname' feature, so we have - # to replace the "-B" option with "-P" for AIX nm. - if $NM -V 2>&1 | $GREP 'GNU' > /dev/null; then - _LT_TAGVAR(export_symbols_cmds, $1)='$NM -Bpg $libobjs $convenience | awk '\''{ if (((\$ 2 == "T") || (\$ 2 == "D") || (\$ 2 == "B") || (\$ 2 == "W")) && ([substr](\$ 3,1,1) != ".")) { if (\$ 2 == "W") { print \$ 3 " weak" } else { print \$ 3 } } }'\'' | sort -u > $export_symbols' - else - _LT_TAGVAR(export_symbols_cmds, $1)='`func_echo_all $NM | $SED -e '\''s/B\([[^B]]*\)$/P\1/'\''` -PCpgl $libobjs $convenience | awk '\''{ if (((\$ 2 == "T") || (\$ 2 == "D") || (\$ 2 == "B") || (\$ 2 == "W") || (\$ 2 == "V") || (\$ 2 == "Z")) && ([substr](\$ 1,1,1) != ".")) { if ((\$ 2 == "W") || (\$ 2 == "V") || (\$ 2 == "Z")) { print \$ 1 " weak" } else { print \$ 1 } } }'\'' | sort -u > $export_symbols' - fi - ;; - pw32*) - _LT_TAGVAR(export_symbols_cmds, $1)=$ltdll_cmds - ;; - cygwin* | mingw* | cegcc*) - case $cc_basename in - cl*) - _LT_TAGVAR(exclude_expsyms, $1)='_NULL_IMPORT_DESCRIPTOR|_IMPORT_DESCRIPTOR_.*' - ;; - *) - _LT_TAGVAR(export_symbols_cmds, $1)='$NM $libobjs $convenience | $global_symbol_pipe | $SED -e '\''/^[[BCDGRS]][[ ]]/s/.*[[ ]]\([[^ ]]*\)/\1 DATA/;s/^.*[[ ]]__nm__\([[^ ]]*\)[[ ]][[^ ]]*/\1 DATA/;/^I[[ ]]/d;/^[[AITW]][[ ]]/s/.* //'\'' | sort | uniq > $export_symbols' - _LT_TAGVAR(exclude_expsyms, $1)=['[_]+GLOBAL_OFFSET_TABLE_|[_]+GLOBAL__[FID]_.*|[_]+head_[A-Za-z0-9_]+_dll|[A-Za-z0-9_]+_dll_iname'] - ;; - esac - ;; - *) - _LT_TAGVAR(export_symbols_cmds, $1)='$NM $libobjs $convenience | $global_symbol_pipe | $SED '\''s/.* //'\'' | sort | uniq > $export_symbols' - ;; - esac -], [ - runpath_var= - _LT_TAGVAR(allow_undefined_flag, $1)= - _LT_TAGVAR(always_export_symbols, $1)=no - _LT_TAGVAR(archive_cmds, $1)= - _LT_TAGVAR(archive_expsym_cmds, $1)= - _LT_TAGVAR(compiler_needs_object, $1)=no - _LT_TAGVAR(enable_shared_with_static_runtimes, $1)=no - _LT_TAGVAR(export_dynamic_flag_spec, $1)= - _LT_TAGVAR(export_symbols_cmds, $1)='$NM $libobjs $convenience | $global_symbol_pipe | $SED '\''s/.* //'\'' | sort | uniq > $export_symbols' - _LT_TAGVAR(hardcode_automatic, $1)=no - _LT_TAGVAR(hardcode_direct, $1)=no - _LT_TAGVAR(hardcode_direct_absolute, $1)=no - _LT_TAGVAR(hardcode_libdir_flag_spec, $1)= - _LT_TAGVAR(hardcode_libdir_separator, $1)= - _LT_TAGVAR(hardcode_minus_L, $1)=no - _LT_TAGVAR(hardcode_shlibpath_var, $1)=unsupported - _LT_TAGVAR(inherit_rpath, $1)=no - _LT_TAGVAR(link_all_deplibs, $1)=unknown - _LT_TAGVAR(module_cmds, $1)= - _LT_TAGVAR(module_expsym_cmds, $1)= - _LT_TAGVAR(old_archive_from_new_cmds, $1)= - _LT_TAGVAR(old_archive_from_expsyms_cmds, $1)= - _LT_TAGVAR(thread_safe_flag_spec, $1)= - _LT_TAGVAR(whole_archive_flag_spec, $1)= - # include_expsyms should be a list of space-separated symbols to be *always* - # included in the symbol list - _LT_TAGVAR(include_expsyms, $1)= - # exclude_expsyms can be an extended regexp of symbols to exclude - # it will be wrapped by ' (' and ')$', so one must not match beginning or - # end of line. Example: 'a|bc|.*d.*' will exclude the symbols 'a' and 'bc', - # as well as any symbol that contains 'd'. - _LT_TAGVAR(exclude_expsyms, $1)=['_GLOBAL_OFFSET_TABLE_|_GLOBAL__F[ID]_.*'] - # Although _GLOBAL_OFFSET_TABLE_ is a valid symbol C name, most a.out - # platforms (ab)use it in PIC code, but their linkers get confused if - # the symbol is explicitly referenced. Since portable code cannot - # rely on this symbol name, it's probably fine to never include it in - # preloaded symbol tables. - # Exclude shared library initialization/finalization symbols. -dnl Note also adjust exclude_expsyms for C++ above. - extract_expsyms_cmds= - - case $host_os in - cygwin* | mingw* | pw32* | cegcc*) - # FIXME: the MSVC++ port hasn't been tested in a loooong time - # When not using gcc, we currently assume that we are using - # Microsoft Visual C++. - if test yes != "$GCC"; then - with_gnu_ld=no - fi - ;; - interix*) - # we just hope/assume this is gcc and not c89 (= MSVC++) - with_gnu_ld=yes - ;; - openbsd* | bitrig*) - with_gnu_ld=no - ;; - esac - - _LT_TAGVAR(ld_shlibs, $1)=yes - - # On some targets, GNU ld is compatible enough with the native linker - # that we're better off using the native interface for both. - lt_use_gnu_ld_interface=no - if test yes = "$with_gnu_ld"; then - case $host_os in - aix*) - # The AIX port of GNU ld has always aspired to compatibility - # with the native linker. However, as the warning in the GNU ld - # block says, versions before 2.19.5* couldn't really create working - # shared libraries, regardless of the interface used. - case `$LD -v 2>&1` in - *\ \(GNU\ Binutils\)\ 2.19.5*) ;; - *\ \(GNU\ Binutils\)\ 2.[[2-9]]*) ;; - *\ \(GNU\ Binutils\)\ [[3-9]]*) ;; - *) - lt_use_gnu_ld_interface=yes - ;; - esac - ;; - *) - lt_use_gnu_ld_interface=yes - ;; - esac - fi - - if test yes = "$lt_use_gnu_ld_interface"; then - # If archive_cmds runs LD, not CC, wlarc should be empty - wlarc='$wl' - - # Set some defaults for GNU ld with shared library support. These - # are reset later if shared libraries are not supported. Putting them - # here allows them to be overridden if necessary. - runpath_var=LD_RUN_PATH - _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath $wl$libdir' - _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl--export-dynamic' - # ancient GNU ld didn't support --whole-archive et. al. - if $LD --help 2>&1 | $GREP 'no-whole-archive' > /dev/null; then - _LT_TAGVAR(whole_archive_flag_spec, $1)=$wlarc'--whole-archive$convenience '$wlarc'--no-whole-archive' - else - _LT_TAGVAR(whole_archive_flag_spec, $1)= - fi - supports_anon_versioning=no - case `$LD -v | $SED -e 's/([^)]\+)\s\+//' 2>&1` in - *GNU\ gold*) supports_anon_versioning=yes ;; - *\ [[01]].* | *\ 2.[[0-9]].* | *\ 2.10.*) ;; # catch versions < 2.11 - *\ 2.11.93.0.2\ *) supports_anon_versioning=yes ;; # RH7.3 ... - *\ 2.11.92.0.12\ *) supports_anon_versioning=yes ;; # Mandrake 8.2 ... - *\ 2.11.*) ;; # other 2.11 versions - *) supports_anon_versioning=yes ;; - esac - - # See if GNU ld supports shared libraries. - case $host_os in - aix[[3-9]]*) - # On AIX/PPC, the GNU linker is very broken - if test ia64 != "$host_cpu"; then - _LT_TAGVAR(ld_shlibs, $1)=no - cat <<_LT_EOF 1>&2 - -*** Warning: the GNU linker, at least up to release 2.19, is reported -*** to be unable to reliably create shared libraries on AIX. -*** Therefore, libtool is disabling shared libraries support. If you -*** really care for shared libraries, you may want to install binutils -*** 2.20 or above, or modify your PATH so that a non-GNU linker is found. -*** You will then need to restart the configuration process. - -_LT_EOF - fi - ;; - - amigaos*) - case $host_cpu in - powerpc) - # see comment about AmigaOS4 .so support - _LT_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib' - _LT_TAGVAR(archive_expsym_cmds, $1)='' - ;; - m68k) - _LT_TAGVAR(archive_cmds, $1)='$RM $output_objdir/a2ixlibrary.data~$ECHO "#define NAME $libname" > $output_objdir/a2ixlibrary.data~$ECHO "#define LIBRARY_ID 1" >> $output_objdir/a2ixlibrary.data~$ECHO "#define VERSION $major" >> $output_objdir/a2ixlibrary.data~$ECHO "#define REVISION $revision" >> $output_objdir/a2ixlibrary.data~$AR $AR_FLAGS $lib $libobjs~$RANLIB $lib~(cd $output_objdir && a2ixlibrary -32)' - _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir' - _LT_TAGVAR(hardcode_minus_L, $1)=yes - ;; - esac - ;; - - beos*) - if $LD --help 2>&1 | $GREP ': supported targets:.* elf' > /dev/null; then - _LT_TAGVAR(allow_undefined_flag, $1)=unsupported - # Joseph Beckenbach says some releases of gcc - # support --undefined. This deserves some investigation. FIXME - _LT_TAGVAR(archive_cmds, $1)='$CC -nostart $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib' - else - _LT_TAGVAR(ld_shlibs, $1)=no - fi - ;; - - cygwin* | mingw* | pw32* | cegcc*) - # _LT_TAGVAR(hardcode_libdir_flag_spec, $1) is actually meaningless, - # as there is no search path for DLLs. - _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir' - _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl--export-all-symbols' - _LT_TAGVAR(allow_undefined_flag, $1)=unsupported - _LT_TAGVAR(always_export_symbols, $1)=no - _LT_TAGVAR(enable_shared_with_static_runtimes, $1)=yes - _LT_TAGVAR(export_symbols_cmds, $1)='$NM $libobjs $convenience | $global_symbol_pipe | $SED -e '\''/^[[BCDGRS]][[ ]]/s/.*[[ ]]\([[^ ]]*\)/\1 DATA/;s/^.*[[ ]]__nm__\([[^ ]]*\)[[ ]][[^ ]]*/\1 DATA/;/^I[[ ]]/d;/^[[AITW]][[ ]]/s/.* //'\'' | sort | uniq > $export_symbols' - _LT_TAGVAR(exclude_expsyms, $1)=['[_]+GLOBAL_OFFSET_TABLE_|[_]+GLOBAL__[FID]_.*|[_]+head_[A-Za-z0-9_]+_dll|[A-Za-z0-9_]+_dll_iname'] - - if $LD --help 2>&1 | $GREP 'auto-import' > /dev/null; then - _LT_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags -o $output_objdir/$soname $wl--enable-auto-image-base -Xlinker --out-implib -Xlinker $lib' - # If the export-symbols file already is a .def file, use it as - # is; otherwise, prepend EXPORTS... - _LT_TAGVAR(archive_expsym_cmds, $1)='if _LT_DLL_DEF_P([$export_symbols]); then - cp $export_symbols $output_objdir/$soname.def; - else - echo EXPORTS > $output_objdir/$soname.def; - cat $export_symbols >> $output_objdir/$soname.def; - fi~ - $CC -shared $output_objdir/$soname.def $libobjs $deplibs $compiler_flags -o $output_objdir/$soname $wl--enable-auto-image-base -Xlinker --out-implib -Xlinker $lib' - else - _LT_TAGVAR(ld_shlibs, $1)=no - fi - ;; - - haiku*) - _LT_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib' - _LT_TAGVAR(link_all_deplibs, $1)=yes - ;; - - os2*) - _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir' - _LT_TAGVAR(hardcode_minus_L, $1)=yes - _LT_TAGVAR(allow_undefined_flag, $1)=unsupported - shrext_cmds=.dll - _LT_TAGVAR(archive_cmds, $1)='$ECHO "LIBRARY ${soname%$shared_ext} INITINSTANCE TERMINSTANCE" > $output_objdir/$libname.def~ - $ECHO "DESCRIPTION \"$libname\"" >> $output_objdir/$libname.def~ - $ECHO "DATA MULTIPLE NONSHARED" >> $output_objdir/$libname.def~ - $ECHO EXPORTS >> $output_objdir/$libname.def~ - emxexp $libobjs | $SED /"_DLL_InitTerm"/d >> $output_objdir/$libname.def~ - $CC -Zdll -Zcrtdll -o $output_objdir/$soname $libobjs $deplibs $compiler_flags $output_objdir/$libname.def~ - emximp -o $lib $output_objdir/$libname.def' - _LT_TAGVAR(archive_expsym_cmds, $1)='$ECHO "LIBRARY ${soname%$shared_ext} INITINSTANCE TERMINSTANCE" > $output_objdir/$libname.def~ - $ECHO "DESCRIPTION \"$libname\"" >> $output_objdir/$libname.def~ - $ECHO "DATA MULTIPLE NONSHARED" >> $output_objdir/$libname.def~ - $ECHO EXPORTS >> $output_objdir/$libname.def~ - prefix_cmds="$SED"~ - if test EXPORTS = "`$SED 1q $export_symbols`"; then - prefix_cmds="$prefix_cmds -e 1d"; - fi~ - prefix_cmds="$prefix_cmds -e \"s/^\(.*\)$/_\1/g\""~ - cat $export_symbols | $prefix_cmds >> $output_objdir/$libname.def~ - $CC -Zdll -Zcrtdll -o $output_objdir/$soname $libobjs $deplibs $compiler_flags $output_objdir/$libname.def~ - emximp -o $lib $output_objdir/$libname.def' - _LT_TAGVAR(old_archive_From_new_cmds, $1)='emximp -o $output_objdir/${libname}_dll.a $output_objdir/$libname.def' - _LT_TAGVAR(enable_shared_with_static_runtimes, $1)=yes - ;; - - interix[[3-9]]*) - _LT_TAGVAR(hardcode_direct, $1)=no - _LT_TAGVAR(hardcode_shlibpath_var, $1)=no - _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath,$libdir' - _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl-E' - # Hack: On Interix 3.x, we cannot compile PIC because of a broken gcc. - # Instead, shared libraries are loaded at an image base (0x10000000 by - # default) and relocated if they conflict, which is a slow very memory - # consuming and fragmenting process. To avoid this, we pick a random, - # 256 KiB-aligned image base between 0x50000000 and 0x6FFC0000 at link - # time. Moving up from 0x10000000 also allows more sbrk(2) space. - _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-h,$soname $wl--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib' - _LT_TAGVAR(archive_expsym_cmds, $1)='sed "s|^|_|" $export_symbols >$output_objdir/$soname.expsym~$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-h,$soname $wl--retain-symbols-file,$output_objdir/$soname.expsym $wl--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib' - ;; - - gnu* | linux* | tpf* | k*bsd*-gnu | kopensolaris*-gnu) - tmp_diet=no - if test linux-dietlibc = "$host_os"; then - case $cc_basename in - diet\ *) tmp_diet=yes;; # linux-dietlibc with static linking (!diet-dyn) - esac - fi - if $LD --help 2>&1 | $EGREP ': supported targets:.* elf' > /dev/null \ - && test no = "$tmp_diet" - then - tmp_addflag=' $pic_flag' - tmp_sharedflag='-shared' - case $cc_basename,$host_cpu in - pgcc*) # Portland Group C compiler - _LT_TAGVAR(whole_archive_flag_spec, $1)='$wl--whole-archive`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; func_echo_all \"$new_convenience\"` $wl--no-whole-archive' - tmp_addflag=' $pic_flag' - ;; - pgf77* | pgf90* | pgf95* | pgfortran*) - # Portland Group f77 and f90 compilers - _LT_TAGVAR(whole_archive_flag_spec, $1)='$wl--whole-archive`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; func_echo_all \"$new_convenience\"` $wl--no-whole-archive' - tmp_addflag=' $pic_flag -Mnomain' ;; - ecc*,ia64* | icc*,ia64*) # Intel C compiler on ia64 - tmp_addflag=' -i_dynamic' ;; - efc*,ia64* | ifort*,ia64*) # Intel Fortran compiler on ia64 - tmp_addflag=' -i_dynamic -nofor_main' ;; - ifc* | ifort*) # Intel Fortran compiler - tmp_addflag=' -nofor_main' ;; - lf95*) # Lahey Fortran 8.1 - _LT_TAGVAR(whole_archive_flag_spec, $1)= - tmp_sharedflag='--shared' ;; - nagfor*) # NAGFOR 5.3 - tmp_sharedflag='-Wl,-shared' ;; - xl[[cC]]* | bgxl[[cC]]* | mpixl[[cC]]*) # IBM XL C 8.0 on PPC (deal with xlf below) - tmp_sharedflag='-qmkshrobj' - tmp_addflag= ;; - nvcc*) # Cuda Compiler Driver 2.2 - _LT_TAGVAR(whole_archive_flag_spec, $1)='$wl--whole-archive`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; func_echo_all \"$new_convenience\"` $wl--no-whole-archive' - _LT_TAGVAR(compiler_needs_object, $1)=yes - ;; - esac - case `$CC -V 2>&1 | sed 5q` in - *Sun\ C*) # Sun C 5.9 - _LT_TAGVAR(whole_archive_flag_spec, $1)='$wl--whole-archive`new_convenience=; for conv in $convenience\"\"; do test -z \"$conv\" || new_convenience=\"$new_convenience,$conv\"; done; func_echo_all \"$new_convenience\"` $wl--no-whole-archive' - _LT_TAGVAR(compiler_needs_object, $1)=yes - tmp_sharedflag='-G' ;; - *Sun\ F*) # Sun Fortran 8.3 - tmp_sharedflag='-G' ;; - esac - _LT_TAGVAR(archive_cmds, $1)='$CC '"$tmp_sharedflag""$tmp_addflag"' $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib' - - if test yes = "$supports_anon_versioning"; then - _LT_TAGVAR(archive_expsym_cmds, $1)='echo "{ global:" > $output_objdir/$libname.ver~ - cat $export_symbols | sed -e "s/\(.*\)/\1;/" >> $output_objdir/$libname.ver~ - echo "local: *; };" >> $output_objdir/$libname.ver~ - $CC '"$tmp_sharedflag""$tmp_addflag"' $libobjs $deplibs $compiler_flags $wl-soname $wl$soname $wl-version-script $wl$output_objdir/$libname.ver -o $lib' - fi - - case $cc_basename in - tcc*) - _LT_TAGVAR(export_dynamic_flag_spec, $1)='-rdynamic' - ;; - xlf* | bgf* | bgxlf* | mpixlf*) - # IBM XL Fortran 10.1 on PPC cannot create shared libs itself - _LT_TAGVAR(whole_archive_flag_spec, $1)='--whole-archive$convenience --no-whole-archive' - _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath $wl$libdir' - _LT_TAGVAR(archive_cmds, $1)='$LD -shared $libobjs $deplibs $linker_flags -soname $soname -o $lib' - if test yes = "$supports_anon_versioning"; then - _LT_TAGVAR(archive_expsym_cmds, $1)='echo "{ global:" > $output_objdir/$libname.ver~ - cat $export_symbols | sed -e "s/\(.*\)/\1;/" >> $output_objdir/$libname.ver~ - echo "local: *; };" >> $output_objdir/$libname.ver~ - $LD -shared $libobjs $deplibs $linker_flags -soname $soname -version-script $output_objdir/$libname.ver -o $lib' - fi - ;; - esac - else - _LT_TAGVAR(ld_shlibs, $1)=no - fi - ;; - - netbsd*) - if echo __ELF__ | $CC -E - | $GREP __ELF__ >/dev/null; then - _LT_TAGVAR(archive_cmds, $1)='$LD -Bshareable $libobjs $deplibs $linker_flags -o $lib' - wlarc= - else - _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib' - _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-soname $wl$soname $wl-retain-symbols-file $wl$export_symbols -o $lib' - fi - ;; - - solaris*) - if $LD -v 2>&1 | $GREP 'BFD 2\.8' > /dev/null; then - _LT_TAGVAR(ld_shlibs, $1)=no - cat <<_LT_EOF 1>&2 - -*** Warning: The releases 2.8.* of the GNU linker cannot reliably -*** create shared libraries on Solaris systems. Therefore, libtool -*** is disabling shared libraries support. We urge you to upgrade GNU -*** binutils to release 2.9.1 or newer. Another option is to modify -*** your PATH or compiler configuration so that the native linker is -*** used, and then restart. - -_LT_EOF - elif $LD --help 2>&1 | $GREP ': supported targets:.* elf' > /dev/null; then - _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib' - _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-soname $wl$soname $wl-retain-symbols-file $wl$export_symbols -o $lib' - else - _LT_TAGVAR(ld_shlibs, $1)=no - fi - ;; - - sysv5* | sco3.2v5* | sco5v6* | unixware* | OpenUNIX*) - case `$LD -v 2>&1` in - *\ [[01]].* | *\ 2.[[0-9]].* | *\ 2.1[[0-5]].*) - _LT_TAGVAR(ld_shlibs, $1)=no - cat <<_LT_EOF 1>&2 - -*** Warning: Releases of the GNU linker prior to 2.16.91.0.3 cannot -*** reliably create shared libraries on SCO systems. Therefore, libtool -*** is disabling shared libraries support. We urge you to upgrade GNU -*** binutils to release 2.16.91.0.3 or newer. Another option is to modify -*** your PATH or compiler configuration so that the native linker is -*** used, and then restart. - -_LT_EOF - ;; - *) - # For security reasons, it is highly recommended that you always - # use absolute paths for naming shared libraries, and exclude the - # DT_RUNPATH tag from executables and libraries. But doing so - # requires that you compile everything twice, which is a pain. - if $LD --help 2>&1 | $GREP ': supported targets:.* elf' > /dev/null; then - _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath $wl$libdir' - _LT_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib' - _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags $wl-soname $wl$soname $wl-retain-symbols-file $wl$export_symbols -o $lib' - else - _LT_TAGVAR(ld_shlibs, $1)=no - fi - ;; - esac - ;; - - sunos4*) - _LT_TAGVAR(archive_cmds, $1)='$LD -assert pure-text -Bshareable -o $lib $libobjs $deplibs $linker_flags' - wlarc= - _LT_TAGVAR(hardcode_direct, $1)=yes - _LT_TAGVAR(hardcode_shlibpath_var, $1)=no - ;; - - *) - if $LD --help 2>&1 | $GREP ': supported targets:.* elf' > /dev/null; then - _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib' - _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-soname $wl$soname $wl-retain-symbols-file $wl$export_symbols -o $lib' - else - _LT_TAGVAR(ld_shlibs, $1)=no - fi - ;; - esac - - if test no = "$_LT_TAGVAR(ld_shlibs, $1)"; then - runpath_var= - _LT_TAGVAR(hardcode_libdir_flag_spec, $1)= - _LT_TAGVAR(export_dynamic_flag_spec, $1)= - _LT_TAGVAR(whole_archive_flag_spec, $1)= - fi - else - # PORTME fill in a description of your system's linker (not GNU ld) - case $host_os in - aix3*) - _LT_TAGVAR(allow_undefined_flag, $1)=unsupported - _LT_TAGVAR(always_export_symbols, $1)=yes - _LT_TAGVAR(archive_expsym_cmds, $1)='$LD -o $output_objdir/$soname $libobjs $deplibs $linker_flags -bE:$export_symbols -T512 -H512 -bM:SRE~$AR $AR_FLAGS $lib $output_objdir/$soname' - # Note: this linker hardcodes the directories in LIBPATH if there - # are no directories specified by -L. - _LT_TAGVAR(hardcode_minus_L, $1)=yes - if test yes = "$GCC" && test -z "$lt_prog_compiler_static"; then - # Neither direct hardcoding nor static linking is supported with a - # broken collect2. - _LT_TAGVAR(hardcode_direct, $1)=unsupported - fi - ;; - - aix[[4-9]]*) - if test ia64 = "$host_cpu"; then - # On IA64, the linker does run time linking by default, so we don't - # have to do anything special. - aix_use_runtimelinking=no - exp_sym_flag='-Bexport' - no_entry_flag= - else - # If we're using GNU nm, then we don't want the "-C" option. - # -C means demangle to GNU nm, but means don't demangle to AIX nm. - # Without the "-l" option, or with the "-B" option, AIX nm treats - # weak defined symbols like other global defined symbols, whereas - # GNU nm marks them as "W". - # While the 'weak' keyword is ignored in the Export File, we need - # it in the Import File for the 'aix-soname' feature, so we have - # to replace the "-B" option with "-P" for AIX nm. - if $NM -V 2>&1 | $GREP 'GNU' > /dev/null; then - _LT_TAGVAR(export_symbols_cmds, $1)='$NM -Bpg $libobjs $convenience | awk '\''{ if (((\$ 2 == "T") || (\$ 2 == "D") || (\$ 2 == "B") || (\$ 2 == "W")) && ([substr](\$ 3,1,1) != ".")) { if (\$ 2 == "W") { print \$ 3 " weak" } else { print \$ 3 } } }'\'' | sort -u > $export_symbols' - else - _LT_TAGVAR(export_symbols_cmds, $1)='`func_echo_all $NM | $SED -e '\''s/B\([[^B]]*\)$/P\1/'\''` -PCpgl $libobjs $convenience | awk '\''{ if (((\$ 2 == "T") || (\$ 2 == "D") || (\$ 2 == "B") || (\$ 2 == "W") || (\$ 2 == "V") || (\$ 2 == "Z")) && ([substr](\$ 1,1,1) != ".")) { if ((\$ 2 == "W") || (\$ 2 == "V") || (\$ 2 == "Z")) { print \$ 1 " weak" } else { print \$ 1 } } }'\'' | sort -u > $export_symbols' - fi - aix_use_runtimelinking=no - - # Test if we are trying to use run time linking or normal - # AIX style linking. If -brtl is somewhere in LDFLAGS, we - # have runtime linking enabled, and use it for executables. - # For shared libraries, we enable/disable runtime linking - # depending on the kind of the shared library created - - # when "with_aix_soname,aix_use_runtimelinking" is: - # "aix,no" lib.a(lib.so.V) shared, rtl:no, for executables - # "aix,yes" lib.so shared, rtl:yes, for executables - # lib.a static archive - # "both,no" lib.so.V(shr.o) shared, rtl:yes - # lib.a(lib.so.V) shared, rtl:no, for executables - # "both,yes" lib.so.V(shr.o) shared, rtl:yes, for executables - # lib.a(lib.so.V) shared, rtl:no - # "svr4,*" lib.so.V(shr.o) shared, rtl:yes, for executables - # lib.a static archive - case $host_os in aix4.[[23]]|aix4.[[23]].*|aix[[5-9]]*) - for ld_flag in $LDFLAGS; do - if (test x-brtl = "x$ld_flag" || test x-Wl,-brtl = "x$ld_flag"); then - aix_use_runtimelinking=yes - break - fi - done - if test svr4,no = "$with_aix_soname,$aix_use_runtimelinking"; then - # With aix-soname=svr4, we create the lib.so.V shared archives only, - # so we don't have lib.a shared libs to link our executables. - # We have to force runtime linking in this case. - aix_use_runtimelinking=yes - LDFLAGS="$LDFLAGS -Wl,-brtl" - fi - ;; - esac - - exp_sym_flag='-bexport' - no_entry_flag='-bnoentry' - fi - - # When large executables or shared objects are built, AIX ld can - # have problems creating the table of contents. If linking a library - # or program results in "error TOC overflow" add -mminimal-toc to - # CXXFLAGS/CFLAGS for g++/gcc. In the cases where that is not - # enough to fix the problem, add -Wl,-bbigtoc to LDFLAGS. - - _LT_TAGVAR(archive_cmds, $1)='' - _LT_TAGVAR(hardcode_direct, $1)=yes - _LT_TAGVAR(hardcode_direct_absolute, $1)=yes - _LT_TAGVAR(hardcode_libdir_separator, $1)=':' - _LT_TAGVAR(link_all_deplibs, $1)=yes - _LT_TAGVAR(file_list_spec, $1)='$wl-f,' - case $with_aix_soname,$aix_use_runtimelinking in - aix,*) ;; # traditional, no import file - svr4,* | *,yes) # use import file - # The Import File defines what to hardcode. - _LT_TAGVAR(hardcode_direct, $1)=no - _LT_TAGVAR(hardcode_direct_absolute, $1)=no - ;; - esac - - if test yes = "$GCC"; then - case $host_os in aix4.[[012]]|aix4.[[012]].*) - # We only want to do this on AIX 4.2 and lower, the check - # below for broken collect2 doesn't work under 4.3+ - collect2name=`$CC -print-prog-name=collect2` - if test -f "$collect2name" && - strings "$collect2name" | $GREP resolve_lib_name >/dev/null - then - # We have reworked collect2 - : - else - # We have old collect2 - _LT_TAGVAR(hardcode_direct, $1)=unsupported - # It fails to find uninstalled libraries when the uninstalled - # path is not listed in the libpath. Setting hardcode_minus_L - # to unsupported forces relinking - _LT_TAGVAR(hardcode_minus_L, $1)=yes - _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir' - _LT_TAGVAR(hardcode_libdir_separator, $1)= - fi - ;; - esac - shared_flag='-shared' - if test yes = "$aix_use_runtimelinking"; then - shared_flag="$shared_flag "'$wl-G' - fi - # Need to ensure runtime linking is disabled for the traditional - # shared library, or the linker may eventually find shared libraries - # /with/ Import File - we do not want to mix them. - shared_flag_aix='-shared' - shared_flag_svr4='-shared $wl-G' - else - # not using gcc - if test ia64 = "$host_cpu"; then - # VisualAge C++, Version 5.5 for AIX 5L for IA-64, Beta 3 Release - # chokes on -Wl,-G. The following line is correct: - shared_flag='-G' - else - if test yes = "$aix_use_runtimelinking"; then - shared_flag='$wl-G' - else - shared_flag='$wl-bM:SRE' - fi - shared_flag_aix='$wl-bM:SRE' - shared_flag_svr4='$wl-G' - fi - fi - - _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl-bexpall' - # It seems that -bexpall does not export symbols beginning with - # underscore (_), so it is better to generate a list of symbols to export. - _LT_TAGVAR(always_export_symbols, $1)=yes - if test aix,yes = "$with_aix_soname,$aix_use_runtimelinking"; then - # Warning - without using the other runtime loading flags (-brtl), - # -berok will link without error, but may produce a broken library. - _LT_TAGVAR(allow_undefined_flag, $1)='-berok' - # Determine the default libpath from the value encoded in an - # empty executable. - _LT_SYS_MODULE_PATH_AIX([$1]) - _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-blibpath:$libdir:'"$aix_libpath" - _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -o $output_objdir/$soname $libobjs $deplibs $wl'$no_entry_flag' $compiler_flags `if test -n "$allow_undefined_flag"; then func_echo_all "$wl$allow_undefined_flag"; else :; fi` $wl'$exp_sym_flag:\$export_symbols' '$shared_flag - else - if test ia64 = "$host_cpu"; then - _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-R $libdir:/usr/lib:/lib' - _LT_TAGVAR(allow_undefined_flag, $1)="-z nodefs" - _LT_TAGVAR(archive_expsym_cmds, $1)="\$CC $shared_flag"' -o $output_objdir/$soname $libobjs $deplibs '"\$wl$no_entry_flag"' $compiler_flags $wl$allow_undefined_flag '"\$wl$exp_sym_flag:\$export_symbols" - else - # Determine the default libpath from the value encoded in an - # empty executable. - _LT_SYS_MODULE_PATH_AIX([$1]) - _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-blibpath:$libdir:'"$aix_libpath" - # Warning - without using the other run time loading flags, - # -berok will link without error, but may produce a broken library. - _LT_TAGVAR(no_undefined_flag, $1)=' $wl-bernotok' - _LT_TAGVAR(allow_undefined_flag, $1)=' $wl-berok' - if test yes = "$with_gnu_ld"; then - # We only use this code for GNU lds that support --whole-archive. - _LT_TAGVAR(whole_archive_flag_spec, $1)='$wl--whole-archive$convenience $wl--no-whole-archive' - else - # Exported symbols can be pulled into shared objects from archives - _LT_TAGVAR(whole_archive_flag_spec, $1)='$convenience' - fi - _LT_TAGVAR(archive_cmds_need_lc, $1)=yes - _LT_TAGVAR(archive_expsym_cmds, $1)='$RM -r $output_objdir/$realname.d~$MKDIR $output_objdir/$realname.d' - # -brtl affects multiple linker settings, -berok does not and is overridden later - compiler_flags_filtered='`func_echo_all "$compiler_flags " | $SED -e "s%-brtl\\([[, ]]\\)%-berok\\1%g"`' - if test svr4 != "$with_aix_soname"; then - # This is similar to how AIX traditionally builds its shared libraries. - _LT_TAGVAR(archive_expsym_cmds, $1)="$_LT_TAGVAR(archive_expsym_cmds, $1)"'~$CC '$shared_flag_aix' -o $output_objdir/$realname.d/$soname $libobjs $deplibs $wl-bnoentry '$compiler_flags_filtered'$wl-bE:$export_symbols$allow_undefined_flag~$AR $AR_FLAGS $output_objdir/$libname$release.a $output_objdir/$realname.d/$soname' - fi - if test aix != "$with_aix_soname"; then - _LT_TAGVAR(archive_expsym_cmds, $1)="$_LT_TAGVAR(archive_expsym_cmds, $1)"'~$CC '$shared_flag_svr4' -o $output_objdir/$realname.d/$shared_archive_member_spec.o $libobjs $deplibs $wl-bnoentry '$compiler_flags_filtered'$wl-bE:$export_symbols$allow_undefined_flag~$STRIP -e $output_objdir/$realname.d/$shared_archive_member_spec.o~( func_echo_all "#! $soname($shared_archive_member_spec.o)"; if test shr_64 = "$shared_archive_member_spec"; then func_echo_all "# 64"; else func_echo_all "# 32"; fi; cat $export_symbols ) > $output_objdir/$realname.d/$shared_archive_member_spec.imp~$AR $AR_FLAGS $output_objdir/$soname $output_objdir/$realname.d/$shared_archive_member_spec.o $output_objdir/$realname.d/$shared_archive_member_spec.imp' - else - # used by -dlpreopen to get the symbols - _LT_TAGVAR(archive_expsym_cmds, $1)="$_LT_TAGVAR(archive_expsym_cmds, $1)"'~$MV $output_objdir/$realname.d/$soname $output_objdir' - fi - _LT_TAGVAR(archive_expsym_cmds, $1)="$_LT_TAGVAR(archive_expsym_cmds, $1)"'~$RM -r $output_objdir/$realname.d' - fi - fi - ;; - - amigaos*) - case $host_cpu in - powerpc) - # see comment about AmigaOS4 .so support - _LT_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib' - _LT_TAGVAR(archive_expsym_cmds, $1)='' - ;; - m68k) - _LT_TAGVAR(archive_cmds, $1)='$RM $output_objdir/a2ixlibrary.data~$ECHO "#define NAME $libname" > $output_objdir/a2ixlibrary.data~$ECHO "#define LIBRARY_ID 1" >> $output_objdir/a2ixlibrary.data~$ECHO "#define VERSION $major" >> $output_objdir/a2ixlibrary.data~$ECHO "#define REVISION $revision" >> $output_objdir/a2ixlibrary.data~$AR $AR_FLAGS $lib $libobjs~$RANLIB $lib~(cd $output_objdir && a2ixlibrary -32)' - _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir' - _LT_TAGVAR(hardcode_minus_L, $1)=yes - ;; - esac - ;; - - bsdi[[45]]*) - _LT_TAGVAR(export_dynamic_flag_spec, $1)=-rdynamic - ;; - - cygwin* | mingw* | pw32* | cegcc*) - # When not using gcc, we currently assume that we are using - # Microsoft Visual C++. - # hardcode_libdir_flag_spec is actually meaningless, as there is - # no search path for DLLs. - case $cc_basename in - cl*) - # Native MSVC - _LT_TAGVAR(hardcode_libdir_flag_spec, $1)=' ' - _LT_TAGVAR(allow_undefined_flag, $1)=unsupported - _LT_TAGVAR(always_export_symbols, $1)=yes - _LT_TAGVAR(file_list_spec, $1)='@' - # Tell ltmain to make .lib files, not .a files. - libext=lib - # Tell ltmain to make .dll files, not .so files. - shrext_cmds=.dll - # FIXME: Setting linknames here is a bad hack. - _LT_TAGVAR(archive_cmds, $1)='$CC -o $output_objdir/$soname $libobjs $compiler_flags $deplibs -Wl,-DLL,-IMPLIB:"$tool_output_objdir$libname.dll.lib"~linknames=' - _LT_TAGVAR(archive_expsym_cmds, $1)='if _LT_DLL_DEF_P([$export_symbols]); then - cp "$export_symbols" "$output_objdir/$soname.def"; - echo "$tool_output_objdir$soname.def" > "$output_objdir/$soname.exp"; - else - $SED -e '\''s/^/-link -EXPORT:/'\'' < $export_symbols > $output_objdir/$soname.exp; - fi~ - $CC -o $tool_output_objdir$soname $libobjs $compiler_flags $deplibs "@$tool_output_objdir$soname.exp" -Wl,-DLL,-IMPLIB:"$tool_output_objdir$libname.dll.lib"~ - linknames=' - # The linker will not automatically build a static lib if we build a DLL. - # _LT_TAGVAR(old_archive_from_new_cmds, $1)='true' - _LT_TAGVAR(enable_shared_with_static_runtimes, $1)=yes - _LT_TAGVAR(exclude_expsyms, $1)='_NULL_IMPORT_DESCRIPTOR|_IMPORT_DESCRIPTOR_.*' - _LT_TAGVAR(export_symbols_cmds, $1)='$NM $libobjs $convenience | $global_symbol_pipe | $SED -e '\''/^[[BCDGRS]][[ ]]/s/.*[[ ]]\([[^ ]]*\)/\1,DATA/'\'' | $SED -e '\''/^[[AITW]][[ ]]/s/.*[[ ]]//'\'' | sort | uniq > $export_symbols' - # Don't use ranlib - _LT_TAGVAR(old_postinstall_cmds, $1)='chmod 644 $oldlib' - _LT_TAGVAR(postlink_cmds, $1)='lt_outputfile="@OUTPUT@"~ - lt_tool_outputfile="@TOOL_OUTPUT@"~ - case $lt_outputfile in - *.exe|*.EXE) ;; - *) - lt_outputfile=$lt_outputfile.exe - lt_tool_outputfile=$lt_tool_outputfile.exe - ;; - esac~ - if test : != "$MANIFEST_TOOL" && test -f "$lt_outputfile.manifest"; then - $MANIFEST_TOOL -manifest "$lt_tool_outputfile.manifest" -outputresource:"$lt_tool_outputfile" || exit 1; - $RM "$lt_outputfile.manifest"; - fi' - ;; - *) - # Assume MSVC wrapper - _LT_TAGVAR(hardcode_libdir_flag_spec, $1)=' ' - _LT_TAGVAR(allow_undefined_flag, $1)=unsupported - # Tell ltmain to make .lib files, not .a files. - libext=lib - # Tell ltmain to make .dll files, not .so files. - shrext_cmds=.dll - # FIXME: Setting linknames here is a bad hack. - _LT_TAGVAR(archive_cmds, $1)='$CC -o $lib $libobjs $compiler_flags `func_echo_all "$deplibs" | $SED '\''s/ -lc$//'\''` -link -dll~linknames=' - # The linker will automatically build a .lib file if we build a DLL. - _LT_TAGVAR(old_archive_from_new_cmds, $1)='true' - # FIXME: Should let the user specify the lib program. - _LT_TAGVAR(old_archive_cmds, $1)='lib -OUT:$oldlib$oldobjs$old_deplibs' - _LT_TAGVAR(enable_shared_with_static_runtimes, $1)=yes - ;; - esac - ;; - - darwin* | rhapsody*) - _LT_DARWIN_LINKER_FEATURES($1) - ;; - - dgux*) - _LT_TAGVAR(archive_cmds, $1)='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags' - _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir' - _LT_TAGVAR(hardcode_shlibpath_var, $1)=no - ;; - - # FreeBSD 2.2.[012] allows us to include c++rt0.o to get C++ constructor - # support. Future versions do this automatically, but an explicit c++rt0.o - # does not break anything, and helps significantly (at the cost of a little - # extra space). - freebsd2.2*) - _LT_TAGVAR(archive_cmds, $1)='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags /usr/lib/c++rt0.o' - _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-R$libdir' - _LT_TAGVAR(hardcode_direct, $1)=yes - _LT_TAGVAR(hardcode_shlibpath_var, $1)=no - ;; - - # Unfortunately, older versions of FreeBSD 2 do not have this feature. - freebsd2.*) - _LT_TAGVAR(archive_cmds, $1)='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags' - _LT_TAGVAR(hardcode_direct, $1)=yes - _LT_TAGVAR(hardcode_minus_L, $1)=yes - _LT_TAGVAR(hardcode_shlibpath_var, $1)=no - ;; - - # FreeBSD 3 and greater uses gcc -shared to do shared libraries. - freebsd* | dragonfly*) - _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags' - _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-R$libdir' - _LT_TAGVAR(hardcode_direct, $1)=yes - _LT_TAGVAR(hardcode_shlibpath_var, $1)=no - ;; - - hpux9*) - if test yes = "$GCC"; then - _LT_TAGVAR(archive_cmds, $1)='$RM $output_objdir/$soname~$CC -shared $pic_flag $wl+b $wl$install_libdir -o $output_objdir/$soname $libobjs $deplibs $compiler_flags~test "x$output_objdir/$soname" = "x$lib" || mv $output_objdir/$soname $lib' - else - _LT_TAGVAR(archive_cmds, $1)='$RM $output_objdir/$soname~$LD -b +b $install_libdir -o $output_objdir/$soname $libobjs $deplibs $linker_flags~test "x$output_objdir/$soname" = "x$lib" || mv $output_objdir/$soname $lib' - fi - _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl+b $wl$libdir' - _LT_TAGVAR(hardcode_libdir_separator, $1)=: - _LT_TAGVAR(hardcode_direct, $1)=yes - - # hardcode_minus_L: Not really in the search PATH, - # but as the default location of the library. - _LT_TAGVAR(hardcode_minus_L, $1)=yes - _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl-E' - ;; - - hpux10*) - if test yes,no = "$GCC,$with_gnu_ld"; then - _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $wl+h $wl$soname $wl+b $wl$install_libdir -o $lib $libobjs $deplibs $compiler_flags' - else - _LT_TAGVAR(archive_cmds, $1)='$LD -b +h $soname +b $install_libdir -o $lib $libobjs $deplibs $linker_flags' - fi - if test no = "$with_gnu_ld"; then - _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl+b $wl$libdir' - _LT_TAGVAR(hardcode_libdir_separator, $1)=: - _LT_TAGVAR(hardcode_direct, $1)=yes - _LT_TAGVAR(hardcode_direct_absolute, $1)=yes - _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl-E' - # hardcode_minus_L: Not really in the search PATH, - # but as the default location of the library. - _LT_TAGVAR(hardcode_minus_L, $1)=yes - fi - ;; - - hpux11*) - if test yes,no = "$GCC,$with_gnu_ld"; then - case $host_cpu in - hppa*64*) - _LT_TAGVAR(archive_cmds, $1)='$CC -shared $wl+h $wl$soname -o $lib $libobjs $deplibs $compiler_flags' - ;; - ia64*) - _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $wl+h $wl$soname $wl+nodefaultrpath -o $lib $libobjs $deplibs $compiler_flags' - ;; - *) - _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $wl+h $wl$soname $wl+b $wl$install_libdir -o $lib $libobjs $deplibs $compiler_flags' - ;; - esac - else - case $host_cpu in - hppa*64*) - _LT_TAGVAR(archive_cmds, $1)='$CC -b $wl+h $wl$soname -o $lib $libobjs $deplibs $compiler_flags' - ;; - ia64*) - _LT_TAGVAR(archive_cmds, $1)='$CC -b $wl+h $wl$soname $wl+nodefaultrpath -o $lib $libobjs $deplibs $compiler_flags' - ;; - *) - m4_if($1, [], [ - # Older versions of the 11.00 compiler do not understand -b yet - # (HP92453-01 A.11.01.20 doesn't, HP92453-01 B.11.X.35175-35176.GP does) - _LT_LINKER_OPTION([if $CC understands -b], - _LT_TAGVAR(lt_cv_prog_compiler__b, $1), [-b], - [_LT_TAGVAR(archive_cmds, $1)='$CC -b $wl+h $wl$soname $wl+b $wl$install_libdir -o $lib $libobjs $deplibs $compiler_flags'], - [_LT_TAGVAR(archive_cmds, $1)='$LD -b +h $soname +b $install_libdir -o $lib $libobjs $deplibs $linker_flags'])], - [_LT_TAGVAR(archive_cmds, $1)='$CC -b $wl+h $wl$soname $wl+b $wl$install_libdir -o $lib $libobjs $deplibs $compiler_flags']) - ;; - esac - fi - if test no = "$with_gnu_ld"; then - _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl+b $wl$libdir' - _LT_TAGVAR(hardcode_libdir_separator, $1)=: - - case $host_cpu in - hppa*64*|ia64*) - _LT_TAGVAR(hardcode_direct, $1)=no - _LT_TAGVAR(hardcode_shlibpath_var, $1)=no - ;; - *) - _LT_TAGVAR(hardcode_direct, $1)=yes - _LT_TAGVAR(hardcode_direct_absolute, $1)=yes - _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl-E' - - # hardcode_minus_L: Not really in the search PATH, - # but as the default location of the library. - _LT_TAGVAR(hardcode_minus_L, $1)=yes - ;; - esac - fi - ;; - - irix5* | irix6* | nonstopux*) - if test yes = "$GCC"; then - _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-soname $wl$soname `test -n "$verstring" && func_echo_all "$wl-set_version $wl$verstring"` $wl-update_registry $wl$output_objdir/so_locations -o $lib' - # Try to use the -exported_symbol ld option, if it does not - # work, assume that -exports_file does not work either and - # implicitly export all symbols. - # This should be the same for all languages, so no per-tag cache variable. - AC_CACHE_CHECK([whether the $host_os linker accepts -exported_symbol], - [lt_cv_irix_exported_symbol], - [save_LDFLAGS=$LDFLAGS - LDFLAGS="$LDFLAGS -shared $wl-exported_symbol ${wl}foo $wl-update_registry $wl/dev/null" - AC_LINK_IFELSE( - [AC_LANG_SOURCE( - [AC_LANG_CASE([C], [[int foo (void) { return 0; }]], - [C++], [[int foo (void) { return 0; }]], - [Fortran 77], [[ - subroutine foo - end]], - [Fortran], [[ - subroutine foo - end]])])], - [lt_cv_irix_exported_symbol=yes], - [lt_cv_irix_exported_symbol=no]) - LDFLAGS=$save_LDFLAGS]) - if test yes = "$lt_cv_irix_exported_symbol"; then - _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-soname $wl$soname `test -n "$verstring" && func_echo_all "$wl-set_version $wl$verstring"` $wl-update_registry $wl$output_objdir/so_locations $wl-exports_file $wl$export_symbols -o $lib' - fi - else - _LT_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags -soname $soname `test -n "$verstring" && func_echo_all "-set_version $verstring"` -update_registry $output_objdir/so_locations -o $lib' - _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags -soname $soname `test -n "$verstring" && func_echo_all "-set_version $verstring"` -update_registry $output_objdir/so_locations -exports_file $export_symbols -o $lib' - fi - _LT_TAGVAR(archive_cmds_need_lc, $1)='no' - _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath $wl$libdir' - _LT_TAGVAR(hardcode_libdir_separator, $1)=: - _LT_TAGVAR(inherit_rpath, $1)=yes - _LT_TAGVAR(link_all_deplibs, $1)=yes - ;; - - linux*) - case $cc_basename in - tcc*) - # Fabrice Bellard et al's Tiny C Compiler - _LT_TAGVAR(ld_shlibs, $1)=yes - _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags' - ;; - esac - ;; - - netbsd*) - if echo __ELF__ | $CC -E - | $GREP __ELF__ >/dev/null; then - _LT_TAGVAR(archive_cmds, $1)='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags' # a.out - else - _LT_TAGVAR(archive_cmds, $1)='$LD -shared -o $lib $libobjs $deplibs $linker_flags' # ELF - fi - _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-R$libdir' - _LT_TAGVAR(hardcode_direct, $1)=yes - _LT_TAGVAR(hardcode_shlibpath_var, $1)=no - ;; - - newsos6) - _LT_TAGVAR(archive_cmds, $1)='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags' - _LT_TAGVAR(hardcode_direct, $1)=yes - _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath $wl$libdir' - _LT_TAGVAR(hardcode_libdir_separator, $1)=: - _LT_TAGVAR(hardcode_shlibpath_var, $1)=no - ;; - - *nto* | *qnx*) - ;; - - openbsd* | bitrig*) - if test -f /usr/libexec/ld.so; then - _LT_TAGVAR(hardcode_direct, $1)=yes - _LT_TAGVAR(hardcode_shlibpath_var, $1)=no - _LT_TAGVAR(hardcode_direct_absolute, $1)=yes - if test -z "`echo __ELF__ | $CC -E - | $GREP __ELF__`"; then - _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags' - _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags $wl-retain-symbols-file,$export_symbols' - _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath,$libdir' - _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl-E' - else - _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags' - _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath,$libdir' - fi - else - _LT_TAGVAR(ld_shlibs, $1)=no - fi - ;; - - os2*) - _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir' - _LT_TAGVAR(hardcode_minus_L, $1)=yes - _LT_TAGVAR(allow_undefined_flag, $1)=unsupported - shrext_cmds=.dll - _LT_TAGVAR(archive_cmds, $1)='$ECHO "LIBRARY ${soname%$shared_ext} INITINSTANCE TERMINSTANCE" > $output_objdir/$libname.def~ - $ECHO "DESCRIPTION \"$libname\"" >> $output_objdir/$libname.def~ - $ECHO "DATA MULTIPLE NONSHARED" >> $output_objdir/$libname.def~ - $ECHO EXPORTS >> $output_objdir/$libname.def~ - emxexp $libobjs | $SED /"_DLL_InitTerm"/d >> $output_objdir/$libname.def~ - $CC -Zdll -Zcrtdll -o $output_objdir/$soname $libobjs $deplibs $compiler_flags $output_objdir/$libname.def~ - emximp -o $lib $output_objdir/$libname.def' - _LT_TAGVAR(archive_expsym_cmds, $1)='$ECHO "LIBRARY ${soname%$shared_ext} INITINSTANCE TERMINSTANCE" > $output_objdir/$libname.def~ - $ECHO "DESCRIPTION \"$libname\"" >> $output_objdir/$libname.def~ - $ECHO "DATA MULTIPLE NONSHARED" >> $output_objdir/$libname.def~ - $ECHO EXPORTS >> $output_objdir/$libname.def~ - prefix_cmds="$SED"~ - if test EXPORTS = "`$SED 1q $export_symbols`"; then - prefix_cmds="$prefix_cmds -e 1d"; - fi~ - prefix_cmds="$prefix_cmds -e \"s/^\(.*\)$/_\1/g\""~ - cat $export_symbols | $prefix_cmds >> $output_objdir/$libname.def~ - $CC -Zdll -Zcrtdll -o $output_objdir/$soname $libobjs $deplibs $compiler_flags $output_objdir/$libname.def~ - emximp -o $lib $output_objdir/$libname.def' - _LT_TAGVAR(old_archive_From_new_cmds, $1)='emximp -o $output_objdir/${libname}_dll.a $output_objdir/$libname.def' - _LT_TAGVAR(enable_shared_with_static_runtimes, $1)=yes - ;; - - osf3*) - if test yes = "$GCC"; then - _LT_TAGVAR(allow_undefined_flag, $1)=' $wl-expect_unresolved $wl\*' - _LT_TAGVAR(archive_cmds, $1)='$CC -shared$allow_undefined_flag $libobjs $deplibs $compiler_flags $wl-soname $wl$soname `test -n "$verstring" && func_echo_all "$wl-set_version $wl$verstring"` $wl-update_registry $wl$output_objdir/so_locations -o $lib' - else - _LT_TAGVAR(allow_undefined_flag, $1)=' -expect_unresolved \*' - _LT_TAGVAR(archive_cmds, $1)='$CC -shared$allow_undefined_flag $libobjs $deplibs $compiler_flags -soname $soname `test -n "$verstring" && func_echo_all "-set_version $verstring"` -update_registry $output_objdir/so_locations -o $lib' - fi - _LT_TAGVAR(archive_cmds_need_lc, $1)='no' - _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath $wl$libdir' - _LT_TAGVAR(hardcode_libdir_separator, $1)=: - ;; - - osf4* | osf5*) # as osf3* with the addition of -msym flag - if test yes = "$GCC"; then - _LT_TAGVAR(allow_undefined_flag, $1)=' $wl-expect_unresolved $wl\*' - _LT_TAGVAR(archive_cmds, $1)='$CC -shared$allow_undefined_flag $pic_flag $libobjs $deplibs $compiler_flags $wl-msym $wl-soname $wl$soname `test -n "$verstring" && func_echo_all "$wl-set_version $wl$verstring"` $wl-update_registry $wl$output_objdir/so_locations -o $lib' - _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath $wl$libdir' - else - _LT_TAGVAR(allow_undefined_flag, $1)=' -expect_unresolved \*' - _LT_TAGVAR(archive_cmds, $1)='$CC -shared$allow_undefined_flag $libobjs $deplibs $compiler_flags -msym -soname $soname `test -n "$verstring" && func_echo_all "-set_version $verstring"` -update_registry $output_objdir/so_locations -o $lib' - _LT_TAGVAR(archive_expsym_cmds, $1)='for i in `cat $export_symbols`; do printf "%s %s\\n" -exported_symbol "\$i" >> $lib.exp; done; printf "%s\\n" "-hidden">> $lib.exp~ - $CC -shared$allow_undefined_flag $wl-input $wl$lib.exp $compiler_flags $libobjs $deplibs -soname $soname `test -n "$verstring" && $ECHO "-set_version $verstring"` -update_registry $output_objdir/so_locations -o $lib~$RM $lib.exp' - - # Both c and cxx compiler support -rpath directly - _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-rpath $libdir' - fi - _LT_TAGVAR(archive_cmds_need_lc, $1)='no' - _LT_TAGVAR(hardcode_libdir_separator, $1)=: - ;; - - solaris*) - _LT_TAGVAR(no_undefined_flag, $1)=' -z defs' - if test yes = "$GCC"; then - wlarc='$wl' - _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $wl-z ${wl}text $wl-h $wl$soname -o $lib $libobjs $deplibs $compiler_flags' - _LT_TAGVAR(archive_expsym_cmds, $1)='echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~echo "local: *; };" >> $lib.exp~ - $CC -shared $pic_flag $wl-z ${wl}text $wl-M $wl$lib.exp $wl-h $wl$soname -o $lib $libobjs $deplibs $compiler_flags~$RM $lib.exp' - else - case `$CC -V 2>&1` in - *"Compilers 5.0"*) - wlarc='' - _LT_TAGVAR(archive_cmds, $1)='$LD -G$allow_undefined_flag -h $soname -o $lib $libobjs $deplibs $linker_flags' - _LT_TAGVAR(archive_expsym_cmds, $1)='echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~echo "local: *; };" >> $lib.exp~ - $LD -G$allow_undefined_flag -M $lib.exp -h $soname -o $lib $libobjs $deplibs $linker_flags~$RM $lib.exp' - ;; - *) - wlarc='$wl' - _LT_TAGVAR(archive_cmds, $1)='$CC -G$allow_undefined_flag -h $soname -o $lib $libobjs $deplibs $compiler_flags' - _LT_TAGVAR(archive_expsym_cmds, $1)='echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~echo "local: *; };" >> $lib.exp~ - $CC -G$allow_undefined_flag -M $lib.exp -h $soname -o $lib $libobjs $deplibs $compiler_flags~$RM $lib.exp' - ;; - esac - fi - _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-R$libdir' - _LT_TAGVAR(hardcode_shlibpath_var, $1)=no - case $host_os in - solaris2.[[0-5]] | solaris2.[[0-5]].*) ;; - *) - # The compiler driver will combine and reorder linker options, - # but understands '-z linker_flag'. GCC discards it without '$wl', - # but is careful enough not to reorder. - # Supported since Solaris 2.6 (maybe 2.5.1?) - if test yes = "$GCC"; then - _LT_TAGVAR(whole_archive_flag_spec, $1)='$wl-z ${wl}allextract$convenience $wl-z ${wl}defaultextract' - else - _LT_TAGVAR(whole_archive_flag_spec, $1)='-z allextract$convenience -z defaultextract' - fi - ;; - esac - _LT_TAGVAR(link_all_deplibs, $1)=yes - ;; - - sunos4*) - if test sequent = "$host_vendor"; then - # Use $CC to link under sequent, because it throws in some extra .o - # files that make .init and .fini sections work. - _LT_TAGVAR(archive_cmds, $1)='$CC -G $wl-h $soname -o $lib $libobjs $deplibs $compiler_flags' - else - _LT_TAGVAR(archive_cmds, $1)='$LD -assert pure-text -Bstatic -o $lib $libobjs $deplibs $linker_flags' - fi - _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir' - _LT_TAGVAR(hardcode_direct, $1)=yes - _LT_TAGVAR(hardcode_minus_L, $1)=yes - _LT_TAGVAR(hardcode_shlibpath_var, $1)=no - ;; - - sysv4) - case $host_vendor in - sni) - _LT_TAGVAR(archive_cmds, $1)='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags' - _LT_TAGVAR(hardcode_direct, $1)=yes # is this really true??? - ;; - siemens) - ## LD is ld it makes a PLAMLIB - ## CC just makes a GrossModule. - _LT_TAGVAR(archive_cmds, $1)='$LD -G -o $lib $libobjs $deplibs $linker_flags' - _LT_TAGVAR(reload_cmds, $1)='$CC -r -o $output$reload_objs' - _LT_TAGVAR(hardcode_direct, $1)=no - ;; - motorola) - _LT_TAGVAR(archive_cmds, $1)='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags' - _LT_TAGVAR(hardcode_direct, $1)=no #Motorola manual says yes, but my tests say they lie - ;; - esac - runpath_var='LD_RUN_PATH' - _LT_TAGVAR(hardcode_shlibpath_var, $1)=no - ;; - - sysv4.3*) - _LT_TAGVAR(archive_cmds, $1)='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags' - _LT_TAGVAR(hardcode_shlibpath_var, $1)=no - _LT_TAGVAR(export_dynamic_flag_spec, $1)='-Bexport' - ;; - - sysv4*MP*) - if test -d /usr/nec; then - _LT_TAGVAR(archive_cmds, $1)='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags' - _LT_TAGVAR(hardcode_shlibpath_var, $1)=no - runpath_var=LD_RUN_PATH - hardcode_runpath_var=yes - _LT_TAGVAR(ld_shlibs, $1)=yes - fi - ;; - - sysv4*uw2* | sysv5OpenUNIX* | sysv5UnixWare7.[[01]].[[10]]* | unixware7* | sco3.2v5.0.[[024]]*) - _LT_TAGVAR(no_undefined_flag, $1)='$wl-z,text' - _LT_TAGVAR(archive_cmds_need_lc, $1)=no - _LT_TAGVAR(hardcode_shlibpath_var, $1)=no - runpath_var='LD_RUN_PATH' - - if test yes = "$GCC"; then - _LT_TAGVAR(archive_cmds, $1)='$CC -shared $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags' - _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $wl-Bexport:$export_symbols $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags' - else - _LT_TAGVAR(archive_cmds, $1)='$CC -G $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags' - _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -G $wl-Bexport:$export_symbols $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags' - fi - ;; - - sysv5* | sco3.2v5* | sco5v6*) - # Note: We CANNOT use -z defs as we might desire, because we do not - # link with -lc, and that would cause any symbols used from libc to - # always be unresolved, which means just about no library would - # ever link correctly. If we're not using GNU ld we use -z text - # though, which does catch some bad symbols but isn't as heavy-handed - # as -z defs. - _LT_TAGVAR(no_undefined_flag, $1)='$wl-z,text' - _LT_TAGVAR(allow_undefined_flag, $1)='$wl-z,nodefs' - _LT_TAGVAR(archive_cmds_need_lc, $1)=no - _LT_TAGVAR(hardcode_shlibpath_var, $1)=no - _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-R,$libdir' - _LT_TAGVAR(hardcode_libdir_separator, $1)=':' - _LT_TAGVAR(link_all_deplibs, $1)=yes - _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl-Bexport' - runpath_var='LD_RUN_PATH' - - if test yes = "$GCC"; then - _LT_TAGVAR(archive_cmds, $1)='$CC -shared $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags' - _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $wl-Bexport:$export_symbols $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags' - else - _LT_TAGVAR(archive_cmds, $1)='$CC -G $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags' - _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -G $wl-Bexport:$export_symbols $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags' - fi - ;; - - uts4*) - _LT_TAGVAR(archive_cmds, $1)='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags' - _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir' - _LT_TAGVAR(hardcode_shlibpath_var, $1)=no - ;; - - *) - _LT_TAGVAR(ld_shlibs, $1)=no - ;; - esac - - if test sni = "$host_vendor"; then - case $host in - sysv4 | sysv4.2uw2* | sysv4.3* | sysv5*) - _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl-Blargedynsym' - ;; - esac - fi - fi -]) -AC_MSG_RESULT([$_LT_TAGVAR(ld_shlibs, $1)]) -test no = "$_LT_TAGVAR(ld_shlibs, $1)" && can_build_shared=no - -_LT_TAGVAR(with_gnu_ld, $1)=$with_gnu_ld - -_LT_DECL([], [libext], [0], [Old archive suffix (normally "a")])dnl -_LT_DECL([], [shrext_cmds], [1], [Shared library suffix (normally ".so")])dnl -_LT_DECL([], [extract_expsyms_cmds], [2], - [The commands to extract the exported symbol list from a shared archive]) - -# -# Do we need to explicitly link libc? -# -case "x$_LT_TAGVAR(archive_cmds_need_lc, $1)" in -x|xyes) - # Assume -lc should be added - _LT_TAGVAR(archive_cmds_need_lc, $1)=yes - - if test yes,yes = "$GCC,$enable_shared"; then - case $_LT_TAGVAR(archive_cmds, $1) in - *'~'*) - # FIXME: we may have to deal with multi-command sequences. - ;; - '$CC '*) - # Test whether the compiler implicitly links with -lc since on some - # systems, -lgcc has to come before -lc. If gcc already passes -lc - # to ld, don't add -lc before -lgcc. - AC_CACHE_CHECK([whether -lc should be explicitly linked in], - [lt_cv_]_LT_TAGVAR(archive_cmds_need_lc, $1), - [$RM conftest* - echo "$lt_simple_compile_test_code" > conftest.$ac_ext - - if AC_TRY_EVAL(ac_compile) 2>conftest.err; then - soname=conftest - lib=conftest - libobjs=conftest.$ac_objext - deplibs= - wl=$_LT_TAGVAR(lt_prog_compiler_wl, $1) - pic_flag=$_LT_TAGVAR(lt_prog_compiler_pic, $1) - compiler_flags=-v - linker_flags=-v - verstring= - output_objdir=. - libname=conftest - lt_save_allow_undefined_flag=$_LT_TAGVAR(allow_undefined_flag, $1) - _LT_TAGVAR(allow_undefined_flag, $1)= - if AC_TRY_EVAL(_LT_TAGVAR(archive_cmds, $1) 2\>\&1 \| $GREP \" -lc \" \>/dev/null 2\>\&1) - then - lt_cv_[]_LT_TAGVAR(archive_cmds_need_lc, $1)=no - else - lt_cv_[]_LT_TAGVAR(archive_cmds_need_lc, $1)=yes - fi - _LT_TAGVAR(allow_undefined_flag, $1)=$lt_save_allow_undefined_flag - else - cat conftest.err 1>&5 - fi - $RM conftest* - ]) - _LT_TAGVAR(archive_cmds_need_lc, $1)=$lt_cv_[]_LT_TAGVAR(archive_cmds_need_lc, $1) - ;; - esac - fi - ;; -esac - -_LT_TAGDECL([build_libtool_need_lc], [archive_cmds_need_lc], [0], - [Whether or not to add -lc for building shared libraries]) -_LT_TAGDECL([allow_libtool_libs_with_static_runtimes], - [enable_shared_with_static_runtimes], [0], - [Whether or not to disallow shared libs when runtime libs are static]) -_LT_TAGDECL([], [export_dynamic_flag_spec], [1], - [Compiler flag to allow reflexive dlopens]) -_LT_TAGDECL([], [whole_archive_flag_spec], [1], - [Compiler flag to generate shared objects directly from archives]) -_LT_TAGDECL([], [compiler_needs_object], [1], - [Whether the compiler copes with passing no objects directly]) -_LT_TAGDECL([], [old_archive_from_new_cmds], [2], - [Create an old-style archive from a shared archive]) -_LT_TAGDECL([], [old_archive_from_expsyms_cmds], [2], - [Create a temporary old-style archive to link instead of a shared archive]) -_LT_TAGDECL([], [archive_cmds], [2], [Commands used to build a shared archive]) -_LT_TAGDECL([], [archive_expsym_cmds], [2]) -_LT_TAGDECL([], [module_cmds], [2], - [Commands used to build a loadable module if different from building - a shared archive.]) -_LT_TAGDECL([], [module_expsym_cmds], [2]) -_LT_TAGDECL([], [with_gnu_ld], [1], - [Whether we are building with GNU ld or not]) -_LT_TAGDECL([], [allow_undefined_flag], [1], - [Flag that allows shared libraries with undefined symbols to be built]) -_LT_TAGDECL([], [no_undefined_flag], [1], - [Flag that enforces no undefined symbols]) -_LT_TAGDECL([], [hardcode_libdir_flag_spec], [1], - [Flag to hardcode $libdir into a binary during linking. - This must work even if $libdir does not exist]) -_LT_TAGDECL([], [hardcode_libdir_separator], [1], - [Whether we need a single "-rpath" flag with a separated argument]) -_LT_TAGDECL([], [hardcode_direct], [0], - [Set to "yes" if using DIR/libNAME$shared_ext during linking hardcodes - DIR into the resulting binary]) -_LT_TAGDECL([], [hardcode_direct_absolute], [0], - [Set to "yes" if using DIR/libNAME$shared_ext during linking hardcodes - DIR into the resulting binary and the resulting library dependency is - "absolute", i.e impossible to change by setting $shlibpath_var if the - library is relocated]) -_LT_TAGDECL([], [hardcode_minus_L], [0], - [Set to "yes" if using the -LDIR flag during linking hardcodes DIR - into the resulting binary]) -_LT_TAGDECL([], [hardcode_shlibpath_var], [0], - [Set to "yes" if using SHLIBPATH_VAR=DIR during linking hardcodes DIR - into the resulting binary]) -_LT_TAGDECL([], [hardcode_automatic], [0], - [Set to "yes" if building a shared library automatically hardcodes DIR - into the library and all subsequent libraries and executables linked - against it]) -_LT_TAGDECL([], [inherit_rpath], [0], - [Set to yes if linker adds runtime paths of dependent libraries - to runtime path list]) -_LT_TAGDECL([], [link_all_deplibs], [0], - [Whether libtool must link a program against all its dependency libraries]) -_LT_TAGDECL([], [always_export_symbols], [0], - [Set to "yes" if exported symbols are required]) -_LT_TAGDECL([], [export_symbols_cmds], [2], - [The commands to list exported symbols]) -_LT_TAGDECL([], [exclude_expsyms], [1], - [Symbols that should not be listed in the preloaded symbols]) -_LT_TAGDECL([], [include_expsyms], [1], - [Symbols that must always be exported]) -_LT_TAGDECL([], [prelink_cmds], [2], - [Commands necessary for linking programs (against libraries) with templates]) -_LT_TAGDECL([], [postlink_cmds], [2], - [Commands necessary for finishing linking programs]) -_LT_TAGDECL([], [file_list_spec], [1], - [Specify filename containing input files]) -dnl FIXME: Not yet implemented -dnl _LT_TAGDECL([], [thread_safe_flag_spec], [1], -dnl [Compiler flag to generate thread safe objects]) -])# _LT_LINKER_SHLIBS - - -# _LT_LANG_C_CONFIG([TAG]) -# ------------------------ -# Ensure that the configuration variables for a C compiler are suitably -# defined. These variables are subsequently used by _LT_CONFIG to write -# the compiler configuration to 'libtool'. -m4_defun([_LT_LANG_C_CONFIG], -[m4_require([_LT_DECL_EGREP])dnl -lt_save_CC=$CC -AC_LANG_PUSH(C) - -# Source file extension for C test sources. -ac_ext=c - -# Object file extension for compiled C test sources. -objext=o -_LT_TAGVAR(objext, $1)=$objext - -# Code to be used in simple compile tests -lt_simple_compile_test_code="int some_variable = 0;" - -# Code to be used in simple link tests -lt_simple_link_test_code='int main(){return(0);}' - -_LT_TAG_COMPILER -# Save the default compiler, since it gets overwritten when the other -# tags are being tested, and _LT_TAGVAR(compiler, []) is a NOP. -compiler_DEFAULT=$CC - -# save warnings/boilerplate of simple test code -_LT_COMPILER_BOILERPLATE -_LT_LINKER_BOILERPLATE - -if test -n "$compiler"; then - _LT_COMPILER_NO_RTTI($1) - _LT_COMPILER_PIC($1) - _LT_COMPILER_C_O($1) - _LT_COMPILER_FILE_LOCKS($1) - _LT_LINKER_SHLIBS($1) - _LT_SYS_DYNAMIC_LINKER($1) - _LT_LINKER_HARDCODE_LIBPATH($1) - LT_SYS_DLOPEN_SELF - _LT_CMD_STRIPLIB - - # Report what library types will actually be built - AC_MSG_CHECKING([if libtool supports shared libraries]) - AC_MSG_RESULT([$can_build_shared]) - - AC_MSG_CHECKING([whether to build shared libraries]) - test no = "$can_build_shared" && enable_shared=no - - # On AIX, shared libraries and static libraries use the same namespace, and - # are all built from PIC. - case $host_os in - aix3*) - test yes = "$enable_shared" && enable_static=no - if test -n "$RANLIB"; then - archive_cmds="$archive_cmds~\$RANLIB \$lib" - postinstall_cmds='$RANLIB $lib' - fi - ;; - - aix[[4-9]]*) - if test ia64 != "$host_cpu"; then - case $enable_shared,$with_aix_soname,$aix_use_runtimelinking in - yes,aix,yes) ;; # shared object as lib.so file only - yes,svr4,*) ;; # shared object as lib.so archive member only - yes,*) enable_static=no ;; # shared object in lib.a archive as well - esac - fi - ;; - esac - AC_MSG_RESULT([$enable_shared]) - - AC_MSG_CHECKING([whether to build static libraries]) - # Make sure either enable_shared or enable_static is yes. - test yes = "$enable_shared" || enable_static=yes - AC_MSG_RESULT([$enable_static]) - - _LT_CONFIG($1) -fi -AC_LANG_POP -CC=$lt_save_CC -])# _LT_LANG_C_CONFIG - - -# _LT_LANG_CXX_CONFIG([TAG]) -# -------------------------- -# Ensure that the configuration variables for a C++ compiler are suitably -# defined. These variables are subsequently used by _LT_CONFIG to write -# the compiler configuration to 'libtool'. -m4_defun([_LT_LANG_CXX_CONFIG], -[m4_require([_LT_FILEUTILS_DEFAULTS])dnl -m4_require([_LT_DECL_EGREP])dnl -m4_require([_LT_PATH_MANIFEST_TOOL])dnl -if test -n "$CXX" && ( test no != "$CXX" && - ( (test g++ = "$CXX" && `g++ -v >/dev/null 2>&1` ) || - (test g++ != "$CXX"))); then - AC_PROG_CXXCPP -else - _lt_caught_CXX_error=yes -fi - -AC_LANG_PUSH(C++) -_LT_TAGVAR(archive_cmds_need_lc, $1)=no -_LT_TAGVAR(allow_undefined_flag, $1)= -_LT_TAGVAR(always_export_symbols, $1)=no -_LT_TAGVAR(archive_expsym_cmds, $1)= -_LT_TAGVAR(compiler_needs_object, $1)=no -_LT_TAGVAR(export_dynamic_flag_spec, $1)= -_LT_TAGVAR(hardcode_direct, $1)=no -_LT_TAGVAR(hardcode_direct_absolute, $1)=no -_LT_TAGVAR(hardcode_libdir_flag_spec, $1)= -_LT_TAGVAR(hardcode_libdir_separator, $1)= -_LT_TAGVAR(hardcode_minus_L, $1)=no -_LT_TAGVAR(hardcode_shlibpath_var, $1)=unsupported -_LT_TAGVAR(hardcode_automatic, $1)=no -_LT_TAGVAR(inherit_rpath, $1)=no -_LT_TAGVAR(module_cmds, $1)= -_LT_TAGVAR(module_expsym_cmds, $1)= -_LT_TAGVAR(link_all_deplibs, $1)=unknown -_LT_TAGVAR(old_archive_cmds, $1)=$old_archive_cmds -_LT_TAGVAR(reload_flag, $1)=$reload_flag -_LT_TAGVAR(reload_cmds, $1)=$reload_cmds -_LT_TAGVAR(no_undefined_flag, $1)= -_LT_TAGVAR(whole_archive_flag_spec, $1)= -_LT_TAGVAR(enable_shared_with_static_runtimes, $1)=no - -# Source file extension for C++ test sources. -ac_ext=cpp - -# Object file extension for compiled C++ test sources. -objext=o -_LT_TAGVAR(objext, $1)=$objext - -# No sense in running all these tests if we already determined that -# the CXX compiler isn't working. Some variables (like enable_shared) -# are currently assumed to apply to all compilers on this platform, -# and will be corrupted by setting them based on a non-working compiler. -if test yes != "$_lt_caught_CXX_error"; then - # Code to be used in simple compile tests - lt_simple_compile_test_code="int some_variable = 0;" - - # Code to be used in simple link tests - lt_simple_link_test_code='int main(int, char *[[]]) { return(0); }' - - # ltmain only uses $CC for tagged configurations so make sure $CC is set. - _LT_TAG_COMPILER - - # save warnings/boilerplate of simple test code - _LT_COMPILER_BOILERPLATE - _LT_LINKER_BOILERPLATE - - # Allow CC to be a program name with arguments. - lt_save_CC=$CC - lt_save_CFLAGS=$CFLAGS - lt_save_LD=$LD - lt_save_GCC=$GCC - GCC=$GXX - lt_save_with_gnu_ld=$with_gnu_ld - lt_save_path_LD=$lt_cv_path_LD - if test -n "${lt_cv_prog_gnu_ldcxx+set}"; then - lt_cv_prog_gnu_ld=$lt_cv_prog_gnu_ldcxx - else - $as_unset lt_cv_prog_gnu_ld - fi - if test -n "${lt_cv_path_LDCXX+set}"; then - lt_cv_path_LD=$lt_cv_path_LDCXX - else - $as_unset lt_cv_path_LD - fi - test -z "${LDCXX+set}" || LD=$LDCXX - CC=${CXX-"c++"} - CFLAGS=$CXXFLAGS - compiler=$CC - _LT_TAGVAR(compiler, $1)=$CC - _LT_CC_BASENAME([$compiler]) - - if test -n "$compiler"; then - # We don't want -fno-exception when compiling C++ code, so set the - # no_builtin_flag separately - if test yes = "$GXX"; then - _LT_TAGVAR(lt_prog_compiler_no_builtin_flag, $1)=' -fno-builtin' - else - _LT_TAGVAR(lt_prog_compiler_no_builtin_flag, $1)= - fi - - if test yes = "$GXX"; then - # Set up default GNU C++ configuration - - LT_PATH_LD - - # Check if GNU C++ uses GNU ld as the underlying linker, since the - # archiving commands below assume that GNU ld is being used. - if test yes = "$with_gnu_ld"; then - _LT_TAGVAR(archive_cmds, $1)='$CC $pic_flag -shared -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-soname $wl$soname -o $lib' - _LT_TAGVAR(archive_expsym_cmds, $1)='$CC $pic_flag -shared -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-soname $wl$soname $wl-retain-symbols-file $wl$export_symbols -o $lib' - - _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath $wl$libdir' - _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl--export-dynamic' - - # If archive_cmds runs LD, not CC, wlarc should be empty - # XXX I think wlarc can be eliminated in ltcf-cxx, but I need to - # investigate it a little bit more. (MM) - wlarc='$wl' - - # ancient GNU ld didn't support --whole-archive et. al. - if eval "`$CC -print-prog-name=ld` --help 2>&1" | - $GREP 'no-whole-archive' > /dev/null; then - _LT_TAGVAR(whole_archive_flag_spec, $1)=$wlarc'--whole-archive$convenience '$wlarc'--no-whole-archive' - else - _LT_TAGVAR(whole_archive_flag_spec, $1)= - fi - else - with_gnu_ld=no - wlarc= - - # A generic and very simple default shared library creation - # command for GNU C++ for the case where it uses the native - # linker, instead of GNU ld. If possible, this setting should - # overridden to take advantage of the native linker features on - # the platform it is being used on. - _LT_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -o $lib' - fi - - # Commands to make compiler produce verbose output that lists - # what "hidden" libraries, object files and flags are used when - # linking a shared library. - output_verbose_link_cmd='$CC -shared $CFLAGS -v conftest.$objext 2>&1 | $GREP -v "^Configured with:" | $GREP "\-L"' - - else - GXX=no - with_gnu_ld=no - wlarc= - fi - - # PORTME: fill in a description of your system's C++ link characteristics - AC_MSG_CHECKING([whether the $compiler linker ($LD) supports shared libraries]) - _LT_TAGVAR(ld_shlibs, $1)=yes - case $host_os in - aix3*) - # FIXME: insert proper C++ library support - _LT_TAGVAR(ld_shlibs, $1)=no - ;; - aix[[4-9]]*) - if test ia64 = "$host_cpu"; then - # On IA64, the linker does run time linking by default, so we don't - # have to do anything special. - aix_use_runtimelinking=no - exp_sym_flag='-Bexport' - no_entry_flag= - else - aix_use_runtimelinking=no - - # Test if we are trying to use run time linking or normal - # AIX style linking. If -brtl is somewhere in LDFLAGS, we - # have runtime linking enabled, and use it for executables. - # For shared libraries, we enable/disable runtime linking - # depending on the kind of the shared library created - - # when "with_aix_soname,aix_use_runtimelinking" is: - # "aix,no" lib.a(lib.so.V) shared, rtl:no, for executables - # "aix,yes" lib.so shared, rtl:yes, for executables - # lib.a static archive - # "both,no" lib.so.V(shr.o) shared, rtl:yes - # lib.a(lib.so.V) shared, rtl:no, for executables - # "both,yes" lib.so.V(shr.o) shared, rtl:yes, for executables - # lib.a(lib.so.V) shared, rtl:no - # "svr4,*" lib.so.V(shr.o) shared, rtl:yes, for executables - # lib.a static archive - case $host_os in aix4.[[23]]|aix4.[[23]].*|aix[[5-9]]*) - for ld_flag in $LDFLAGS; do - case $ld_flag in - *-brtl*) - aix_use_runtimelinking=yes - break - ;; - esac - done - if test svr4,no = "$with_aix_soname,$aix_use_runtimelinking"; then - # With aix-soname=svr4, we create the lib.so.V shared archives only, - # so we don't have lib.a shared libs to link our executables. - # We have to force runtime linking in this case. - aix_use_runtimelinking=yes - LDFLAGS="$LDFLAGS -Wl,-brtl" - fi - ;; - esac - - exp_sym_flag='-bexport' - no_entry_flag='-bnoentry' - fi - - # When large executables or shared objects are built, AIX ld can - # have problems creating the table of contents. If linking a library - # or program results in "error TOC overflow" add -mminimal-toc to - # CXXFLAGS/CFLAGS for g++/gcc. In the cases where that is not - # enough to fix the problem, add -Wl,-bbigtoc to LDFLAGS. - - _LT_TAGVAR(archive_cmds, $1)='' - _LT_TAGVAR(hardcode_direct, $1)=yes - _LT_TAGVAR(hardcode_direct_absolute, $1)=yes - _LT_TAGVAR(hardcode_libdir_separator, $1)=':' - _LT_TAGVAR(link_all_deplibs, $1)=yes - _LT_TAGVAR(file_list_spec, $1)='$wl-f,' - case $with_aix_soname,$aix_use_runtimelinking in - aix,*) ;; # no import file - svr4,* | *,yes) # use import file - # The Import File defines what to hardcode. - _LT_TAGVAR(hardcode_direct, $1)=no - _LT_TAGVAR(hardcode_direct_absolute, $1)=no - ;; - esac - - if test yes = "$GXX"; then - case $host_os in aix4.[[012]]|aix4.[[012]].*) - # We only want to do this on AIX 4.2 and lower, the check - # below for broken collect2 doesn't work under 4.3+ - collect2name=`$CC -print-prog-name=collect2` - if test -f "$collect2name" && - strings "$collect2name" | $GREP resolve_lib_name >/dev/null - then - # We have reworked collect2 - : - else - # We have old collect2 - _LT_TAGVAR(hardcode_direct, $1)=unsupported - # It fails to find uninstalled libraries when the uninstalled - # path is not listed in the libpath. Setting hardcode_minus_L - # to unsupported forces relinking - _LT_TAGVAR(hardcode_minus_L, $1)=yes - _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir' - _LT_TAGVAR(hardcode_libdir_separator, $1)= - fi - esac - shared_flag='-shared' - if test yes = "$aix_use_runtimelinking"; then - shared_flag=$shared_flag' $wl-G' - fi - # Need to ensure runtime linking is disabled for the traditional - # shared library, or the linker may eventually find shared libraries - # /with/ Import File - we do not want to mix them. - shared_flag_aix='-shared' - shared_flag_svr4='-shared $wl-G' - else - # not using gcc - if test ia64 = "$host_cpu"; then - # VisualAge C++, Version 5.5 for AIX 5L for IA-64, Beta 3 Release - # chokes on -Wl,-G. The following line is correct: - shared_flag='-G' - else - if test yes = "$aix_use_runtimelinking"; then - shared_flag='$wl-G' - else - shared_flag='$wl-bM:SRE' - fi - shared_flag_aix='$wl-bM:SRE' - shared_flag_svr4='$wl-G' - fi - fi - - _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl-bexpall' - # It seems that -bexpall does not export symbols beginning with - # underscore (_), so it is better to generate a list of symbols to - # export. - _LT_TAGVAR(always_export_symbols, $1)=yes - if test aix,yes = "$with_aix_soname,$aix_use_runtimelinking"; then - # Warning - without using the other runtime loading flags (-brtl), - # -berok will link without error, but may produce a broken library. - # The "-G" linker flag allows undefined symbols. - _LT_TAGVAR(no_undefined_flag, $1)='-bernotok' - # Determine the default libpath from the value encoded in an empty - # executable. - _LT_SYS_MODULE_PATH_AIX([$1]) - _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-blibpath:$libdir:'"$aix_libpath" - - _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -o $output_objdir/$soname $libobjs $deplibs $wl'$no_entry_flag' $compiler_flags `if test -n "$allow_undefined_flag"; then func_echo_all "$wl$allow_undefined_flag"; else :; fi` $wl'$exp_sym_flag:\$export_symbols' '$shared_flag - else - if test ia64 = "$host_cpu"; then - _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-R $libdir:/usr/lib:/lib' - _LT_TAGVAR(allow_undefined_flag, $1)="-z nodefs" - _LT_TAGVAR(archive_expsym_cmds, $1)="\$CC $shared_flag"' -o $output_objdir/$soname $libobjs $deplibs '"\$wl$no_entry_flag"' $compiler_flags $wl$allow_undefined_flag '"\$wl$exp_sym_flag:\$export_symbols" - else - # Determine the default libpath from the value encoded in an - # empty executable. - _LT_SYS_MODULE_PATH_AIX([$1]) - _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-blibpath:$libdir:'"$aix_libpath" - # Warning - without using the other run time loading flags, - # -berok will link without error, but may produce a broken library. - _LT_TAGVAR(no_undefined_flag, $1)=' $wl-bernotok' - _LT_TAGVAR(allow_undefined_flag, $1)=' $wl-berok' - if test yes = "$with_gnu_ld"; then - # We only use this code for GNU lds that support --whole-archive. - _LT_TAGVAR(whole_archive_flag_spec, $1)='$wl--whole-archive$convenience $wl--no-whole-archive' - else - # Exported symbols can be pulled into shared objects from archives - _LT_TAGVAR(whole_archive_flag_spec, $1)='$convenience' - fi - _LT_TAGVAR(archive_cmds_need_lc, $1)=yes - _LT_TAGVAR(archive_expsym_cmds, $1)='$RM -r $output_objdir/$realname.d~$MKDIR $output_objdir/$realname.d' - # -brtl affects multiple linker settings, -berok does not and is overridden later - compiler_flags_filtered='`func_echo_all "$compiler_flags " | $SED -e "s%-brtl\\([[, ]]\\)%-berok\\1%g"`' - if test svr4 != "$with_aix_soname"; then - # This is similar to how AIX traditionally builds its shared - # libraries. Need -bnortl late, we may have -brtl in LDFLAGS. - _LT_TAGVAR(archive_expsym_cmds, $1)="$_LT_TAGVAR(archive_expsym_cmds, $1)"'~$CC '$shared_flag_aix' -o $output_objdir/$realname.d/$soname $libobjs $deplibs $wl-bnoentry '$compiler_flags_filtered'$wl-bE:$export_symbols$allow_undefined_flag~$AR $AR_FLAGS $output_objdir/$libname$release.a $output_objdir/$realname.d/$soname' - fi - if test aix != "$with_aix_soname"; then - _LT_TAGVAR(archive_expsym_cmds, $1)="$_LT_TAGVAR(archive_expsym_cmds, $1)"'~$CC '$shared_flag_svr4' -o $output_objdir/$realname.d/$shared_archive_member_spec.o $libobjs $deplibs $wl-bnoentry '$compiler_flags_filtered'$wl-bE:$export_symbols$allow_undefined_flag~$STRIP -e $output_objdir/$realname.d/$shared_archive_member_spec.o~( func_echo_all "#! $soname($shared_archive_member_spec.o)"; if test shr_64 = "$shared_archive_member_spec"; then func_echo_all "# 64"; else func_echo_all "# 32"; fi; cat $export_symbols ) > $output_objdir/$realname.d/$shared_archive_member_spec.imp~$AR $AR_FLAGS $output_objdir/$soname $output_objdir/$realname.d/$shared_archive_member_spec.o $output_objdir/$realname.d/$shared_archive_member_spec.imp' - else - # used by -dlpreopen to get the symbols - _LT_TAGVAR(archive_expsym_cmds, $1)="$_LT_TAGVAR(archive_expsym_cmds, $1)"'~$MV $output_objdir/$realname.d/$soname $output_objdir' - fi - _LT_TAGVAR(archive_expsym_cmds, $1)="$_LT_TAGVAR(archive_expsym_cmds, $1)"'~$RM -r $output_objdir/$realname.d' - fi - fi - ;; - - beos*) - if $LD --help 2>&1 | $GREP ': supported targets:.* elf' > /dev/null; then - _LT_TAGVAR(allow_undefined_flag, $1)=unsupported - # Joseph Beckenbach says some releases of gcc - # support --undefined. This deserves some investigation. FIXME - _LT_TAGVAR(archive_cmds, $1)='$CC -nostart $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib' - else - _LT_TAGVAR(ld_shlibs, $1)=no - fi - ;; - - chorus*) - case $cc_basename in - *) - # FIXME: insert proper C++ library support - _LT_TAGVAR(ld_shlibs, $1)=no - ;; - esac - ;; - - cygwin* | mingw* | pw32* | cegcc*) - case $GXX,$cc_basename in - ,cl* | no,cl*) - # Native MSVC - # hardcode_libdir_flag_spec is actually meaningless, as there is - # no search path for DLLs. - _LT_TAGVAR(hardcode_libdir_flag_spec, $1)=' ' - _LT_TAGVAR(allow_undefined_flag, $1)=unsupported - _LT_TAGVAR(always_export_symbols, $1)=yes - _LT_TAGVAR(file_list_spec, $1)='@' - # Tell ltmain to make .lib files, not .a files. - libext=lib - # Tell ltmain to make .dll files, not .so files. - shrext_cmds=.dll - # FIXME: Setting linknames here is a bad hack. - _LT_TAGVAR(archive_cmds, $1)='$CC -o $output_objdir/$soname $libobjs $compiler_flags $deplibs -Wl,-DLL,-IMPLIB:"$tool_output_objdir$libname.dll.lib"~linknames=' - _LT_TAGVAR(archive_expsym_cmds, $1)='if _LT_DLL_DEF_P([$export_symbols]); then - cp "$export_symbols" "$output_objdir/$soname.def"; - echo "$tool_output_objdir$soname.def" > "$output_objdir/$soname.exp"; - else - $SED -e '\''s/^/-link -EXPORT:/'\'' < $export_symbols > $output_objdir/$soname.exp; - fi~ - $CC -o $tool_output_objdir$soname $libobjs $compiler_flags $deplibs "@$tool_output_objdir$soname.exp" -Wl,-DLL,-IMPLIB:"$tool_output_objdir$libname.dll.lib"~ - linknames=' - # The linker will not automatically build a static lib if we build a DLL. - # _LT_TAGVAR(old_archive_from_new_cmds, $1)='true' - _LT_TAGVAR(enable_shared_with_static_runtimes, $1)=yes - # Don't use ranlib - _LT_TAGVAR(old_postinstall_cmds, $1)='chmod 644 $oldlib' - _LT_TAGVAR(postlink_cmds, $1)='lt_outputfile="@OUTPUT@"~ - lt_tool_outputfile="@TOOL_OUTPUT@"~ - case $lt_outputfile in - *.exe|*.EXE) ;; - *) - lt_outputfile=$lt_outputfile.exe - lt_tool_outputfile=$lt_tool_outputfile.exe - ;; - esac~ - func_to_tool_file "$lt_outputfile"~ - if test : != "$MANIFEST_TOOL" && test -f "$lt_outputfile.manifest"; then - $MANIFEST_TOOL -manifest "$lt_tool_outputfile.manifest" -outputresource:"$lt_tool_outputfile" || exit 1; - $RM "$lt_outputfile.manifest"; - fi' - ;; - *) - # g++ - # _LT_TAGVAR(hardcode_libdir_flag_spec, $1) is actually meaningless, - # as there is no search path for DLLs. - _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir' - _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl--export-all-symbols' - _LT_TAGVAR(allow_undefined_flag, $1)=unsupported - _LT_TAGVAR(always_export_symbols, $1)=no - _LT_TAGVAR(enable_shared_with_static_runtimes, $1)=yes - - if $LD --help 2>&1 | $GREP 'auto-import' > /dev/null; then - _LT_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -o $output_objdir/$soname $wl--enable-auto-image-base -Xlinker --out-implib -Xlinker $lib' - # If the export-symbols file already is a .def file, use it as - # is; otherwise, prepend EXPORTS... - _LT_TAGVAR(archive_expsym_cmds, $1)='if _LT_DLL_DEF_P([$export_symbols]); then - cp $export_symbols $output_objdir/$soname.def; - else - echo EXPORTS > $output_objdir/$soname.def; - cat $export_symbols >> $output_objdir/$soname.def; - fi~ - $CC -shared -nostdlib $output_objdir/$soname.def $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -o $output_objdir/$soname $wl--enable-auto-image-base -Xlinker --out-implib -Xlinker $lib' - else - _LT_TAGVAR(ld_shlibs, $1)=no - fi - ;; - esac - ;; - darwin* | rhapsody*) - _LT_DARWIN_LINKER_FEATURES($1) - ;; - - os2*) - _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir' - _LT_TAGVAR(hardcode_minus_L, $1)=yes - _LT_TAGVAR(allow_undefined_flag, $1)=unsupported - shrext_cmds=.dll - _LT_TAGVAR(archive_cmds, $1)='$ECHO "LIBRARY ${soname%$shared_ext} INITINSTANCE TERMINSTANCE" > $output_objdir/$libname.def~ - $ECHO "DESCRIPTION \"$libname\"" >> $output_objdir/$libname.def~ - $ECHO "DATA MULTIPLE NONSHARED" >> $output_objdir/$libname.def~ - $ECHO EXPORTS >> $output_objdir/$libname.def~ - emxexp $libobjs | $SED /"_DLL_InitTerm"/d >> $output_objdir/$libname.def~ - $CC -Zdll -Zcrtdll -o $output_objdir/$soname $libobjs $deplibs $compiler_flags $output_objdir/$libname.def~ - emximp -o $lib $output_objdir/$libname.def' - _LT_TAGVAR(archive_expsym_cmds, $1)='$ECHO "LIBRARY ${soname%$shared_ext} INITINSTANCE TERMINSTANCE" > $output_objdir/$libname.def~ - $ECHO "DESCRIPTION \"$libname\"" >> $output_objdir/$libname.def~ - $ECHO "DATA MULTIPLE NONSHARED" >> $output_objdir/$libname.def~ - $ECHO EXPORTS >> $output_objdir/$libname.def~ - prefix_cmds="$SED"~ - if test EXPORTS = "`$SED 1q $export_symbols`"; then - prefix_cmds="$prefix_cmds -e 1d"; - fi~ - prefix_cmds="$prefix_cmds -e \"s/^\(.*\)$/_\1/g\""~ - cat $export_symbols | $prefix_cmds >> $output_objdir/$libname.def~ - $CC -Zdll -Zcrtdll -o $output_objdir/$soname $libobjs $deplibs $compiler_flags $output_objdir/$libname.def~ - emximp -o $lib $output_objdir/$libname.def' - _LT_TAGVAR(old_archive_From_new_cmds, $1)='emximp -o $output_objdir/${libname}_dll.a $output_objdir/$libname.def' - _LT_TAGVAR(enable_shared_with_static_runtimes, $1)=yes - ;; - - dgux*) - case $cc_basename in - ec++*) - # FIXME: insert proper C++ library support - _LT_TAGVAR(ld_shlibs, $1)=no - ;; - ghcx*) - # Green Hills C++ Compiler - # FIXME: insert proper C++ library support - _LT_TAGVAR(ld_shlibs, $1)=no - ;; - *) - # FIXME: insert proper C++ library support - _LT_TAGVAR(ld_shlibs, $1)=no - ;; - esac - ;; - - freebsd2.*) - # C++ shared libraries reported to be fairly broken before - # switch to ELF - _LT_TAGVAR(ld_shlibs, $1)=no - ;; - - freebsd-elf*) - _LT_TAGVAR(archive_cmds_need_lc, $1)=no - ;; - - freebsd* | dragonfly*) - # FreeBSD 3 and later use GNU C++ and GNU ld with standard ELF - # conventions - _LT_TAGVAR(ld_shlibs, $1)=yes - ;; - - haiku*) - _LT_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib' - _LT_TAGVAR(link_all_deplibs, $1)=yes - ;; - - hpux9*) - _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl+b $wl$libdir' - _LT_TAGVAR(hardcode_libdir_separator, $1)=: - _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl-E' - _LT_TAGVAR(hardcode_direct, $1)=yes - _LT_TAGVAR(hardcode_minus_L, $1)=yes # Not in the search PATH, - # but as the default - # location of the library. - - case $cc_basename in - CC*) - # FIXME: insert proper C++ library support - _LT_TAGVAR(ld_shlibs, $1)=no - ;; - aCC*) - _LT_TAGVAR(archive_cmds, $1)='$RM $output_objdir/$soname~$CC -b $wl+b $wl$install_libdir -o $output_objdir/$soname $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags~test "x$output_objdir/$soname" = "x$lib" || mv $output_objdir/$soname $lib' - # Commands to make compiler produce verbose output that lists - # what "hidden" libraries, object files and flags are used when - # linking a shared library. - # - # There doesn't appear to be a way to prevent this compiler from - # explicitly linking system object files so we need to strip them - # from the output so that they don't get included in the library - # dependencies. - output_verbose_link_cmd='templist=`($CC -b $CFLAGS -v conftest.$objext 2>&1) | $EGREP "\-L"`; list= ; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; func_echo_all "$list"' - ;; - *) - if test yes = "$GXX"; then - _LT_TAGVAR(archive_cmds, $1)='$RM $output_objdir/$soname~$CC -shared -nostdlib $pic_flag $wl+b $wl$install_libdir -o $output_objdir/$soname $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags~test "x$output_objdir/$soname" = "x$lib" || mv $output_objdir/$soname $lib' - else - # FIXME: insert proper C++ library support - _LT_TAGVAR(ld_shlibs, $1)=no - fi - ;; - esac - ;; - - hpux10*|hpux11*) - if test no = "$with_gnu_ld"; then - _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl+b $wl$libdir' - _LT_TAGVAR(hardcode_libdir_separator, $1)=: - - case $host_cpu in - hppa*64*|ia64*) - ;; - *) - _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl-E' - ;; - esac - fi - case $host_cpu in - hppa*64*|ia64*) - _LT_TAGVAR(hardcode_direct, $1)=no - _LT_TAGVAR(hardcode_shlibpath_var, $1)=no - ;; - *) - _LT_TAGVAR(hardcode_direct, $1)=yes - _LT_TAGVAR(hardcode_direct_absolute, $1)=yes - _LT_TAGVAR(hardcode_minus_L, $1)=yes # Not in the search PATH, - # but as the default - # location of the library. - ;; - esac - - case $cc_basename in - CC*) - # FIXME: insert proper C++ library support - _LT_TAGVAR(ld_shlibs, $1)=no - ;; - aCC*) - case $host_cpu in - hppa*64*) - _LT_TAGVAR(archive_cmds, $1)='$CC -b $wl+h $wl$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags' - ;; - ia64*) - _LT_TAGVAR(archive_cmds, $1)='$CC -b $wl+h $wl$soname $wl+nodefaultrpath -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags' - ;; - *) - _LT_TAGVAR(archive_cmds, $1)='$CC -b $wl+h $wl$soname $wl+b $wl$install_libdir -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags' - ;; - esac - # Commands to make compiler produce verbose output that lists - # what "hidden" libraries, object files and flags are used when - # linking a shared library. - # - # There doesn't appear to be a way to prevent this compiler from - # explicitly linking system object files so we need to strip them - # from the output so that they don't get included in the library - # dependencies. - output_verbose_link_cmd='templist=`($CC -b $CFLAGS -v conftest.$objext 2>&1) | $GREP "\-L"`; list= ; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; func_echo_all "$list"' - ;; - *) - if test yes = "$GXX"; then - if test no = "$with_gnu_ld"; then - case $host_cpu in - hppa*64*) - _LT_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib -fPIC $wl+h $wl$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags' - ;; - ia64*) - _LT_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib $pic_flag $wl+h $wl$soname $wl+nodefaultrpath -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags' - ;; - *) - _LT_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib $pic_flag $wl+h $wl$soname $wl+b $wl$install_libdir -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags' - ;; - esac - fi - else - # FIXME: insert proper C++ library support - _LT_TAGVAR(ld_shlibs, $1)=no - fi - ;; - esac - ;; - - interix[[3-9]]*) - _LT_TAGVAR(hardcode_direct, $1)=no - _LT_TAGVAR(hardcode_shlibpath_var, $1)=no - _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath,$libdir' - _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl-E' - # Hack: On Interix 3.x, we cannot compile PIC because of a broken gcc. - # Instead, shared libraries are loaded at an image base (0x10000000 by - # default) and relocated if they conflict, which is a slow very memory - # consuming and fragmenting process. To avoid this, we pick a random, - # 256 KiB-aligned image base between 0x50000000 and 0x6FFC0000 at link - # time. Moving up from 0x10000000 also allows more sbrk(2) space. - _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-h,$soname $wl--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib' - _LT_TAGVAR(archive_expsym_cmds, $1)='sed "s|^|_|" $export_symbols >$output_objdir/$soname.expsym~$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-h,$soname $wl--retain-symbols-file,$output_objdir/$soname.expsym $wl--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib' - ;; - irix5* | irix6*) - case $cc_basename in - CC*) - # SGI C++ - _LT_TAGVAR(archive_cmds, $1)='$CC -shared -all -multigot $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -soname $soname `test -n "$verstring" && func_echo_all "-set_version $verstring"` -update_registry $output_objdir/so_locations -o $lib' - - # Archives containing C++ object files must be created using - # "CC -ar", where "CC" is the IRIX C++ compiler. This is - # necessary to make sure instantiated templates are included - # in the archive. - _LT_TAGVAR(old_archive_cmds, $1)='$CC -ar -WR,-u -o $oldlib $oldobjs' - ;; - *) - if test yes = "$GXX"; then - if test no = "$with_gnu_ld"; then - _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-soname $wl$soname `test -n "$verstring" && func_echo_all "$wl-set_version $wl$verstring"` $wl-update_registry $wl$output_objdir/so_locations -o $lib' - else - _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-soname $wl$soname `test -n "$verstring" && func_echo_all "$wl-set_version $wl$verstring"` -o $lib' - fi - fi - _LT_TAGVAR(link_all_deplibs, $1)=yes - ;; - esac - _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath $wl$libdir' - _LT_TAGVAR(hardcode_libdir_separator, $1)=: - _LT_TAGVAR(inherit_rpath, $1)=yes - ;; - - linux* | k*bsd*-gnu | kopensolaris*-gnu | gnu*) - case $cc_basename in - KCC*) - # Kuck and Associates, Inc. (KAI) C++ Compiler - - # KCC will only create a shared library if the output file - # ends with ".so" (or ".sl" for HP-UX), so rename the library - # to its proper name (with version) after linking. - _LT_TAGVAR(archive_cmds, $1)='tempext=`echo $shared_ext | $SED -e '\''s/\([[^()0-9A-Za-z{}]]\)/\\\\\1/g'\''`; templib=`echo $lib | $SED -e "s/\$tempext\..*/.so/"`; $CC $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags --soname $soname -o \$templib; mv \$templib $lib' - _LT_TAGVAR(archive_expsym_cmds, $1)='tempext=`echo $shared_ext | $SED -e '\''s/\([[^()0-9A-Za-z{}]]\)/\\\\\1/g'\''`; templib=`echo $lib | $SED -e "s/\$tempext\..*/.so/"`; $CC $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags --soname $soname -o \$templib $wl-retain-symbols-file,$export_symbols; mv \$templib $lib' - # Commands to make compiler produce verbose output that lists - # what "hidden" libraries, object files and flags are used when - # linking a shared library. - # - # There doesn't appear to be a way to prevent this compiler from - # explicitly linking system object files so we need to strip them - # from the output so that they don't get included in the library - # dependencies. - output_verbose_link_cmd='templist=`$CC $CFLAGS -v conftest.$objext -o libconftest$shared_ext 2>&1 | $GREP "ld"`; rm -f libconftest$shared_ext; list= ; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; func_echo_all "$list"' - - _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath,$libdir' - _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl--export-dynamic' - - # Archives containing C++ object files must be created using - # "CC -Bstatic", where "CC" is the KAI C++ compiler. - _LT_TAGVAR(old_archive_cmds, $1)='$CC -Bstatic -o $oldlib $oldobjs' - ;; - icpc* | ecpc* ) - # Intel C++ - with_gnu_ld=yes - # version 8.0 and above of icpc choke on multiply defined symbols - # if we add $predep_objects and $postdep_objects, however 7.1 and - # earlier do not add the objects themselves. - case `$CC -V 2>&1` in - *"Version 7."*) - _LT_TAGVAR(archive_cmds, $1)='$CC -shared $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-soname $wl$soname -o $lib' - _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-soname $wl$soname $wl-retain-symbols-file $wl$export_symbols -o $lib' - ;; - *) # Version 8.0 or newer - tmp_idyn= - case $host_cpu in - ia64*) tmp_idyn=' -i_dynamic';; - esac - _LT_TAGVAR(archive_cmds, $1)='$CC -shared'"$tmp_idyn"' $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib' - _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared'"$tmp_idyn"' $libobjs $deplibs $compiler_flags $wl-soname $wl$soname $wl-retain-symbols-file $wl$export_symbols -o $lib' - ;; - esac - _LT_TAGVAR(archive_cmds_need_lc, $1)=no - _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath,$libdir' - _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl--export-dynamic' - _LT_TAGVAR(whole_archive_flag_spec, $1)='$wl--whole-archive$convenience $wl--no-whole-archive' - ;; - pgCC* | pgcpp*) - # Portland Group C++ compiler - case `$CC -V` in - *pgCC\ [[1-5]].* | *pgcpp\ [[1-5]].*) - _LT_TAGVAR(prelink_cmds, $1)='tpldir=Template.dir~ - rm -rf $tpldir~ - $CC --prelink_objects --instantiation_dir $tpldir $objs $libobjs $compile_deplibs~ - compile_command="$compile_command `find $tpldir -name \*.o | sort | $NL2SP`"' - _LT_TAGVAR(old_archive_cmds, $1)='tpldir=Template.dir~ - rm -rf $tpldir~ - $CC --prelink_objects --instantiation_dir $tpldir $oldobjs$old_deplibs~ - $AR $AR_FLAGS $oldlib$oldobjs$old_deplibs `find $tpldir -name \*.o | sort | $NL2SP`~ - $RANLIB $oldlib' - _LT_TAGVAR(archive_cmds, $1)='tpldir=Template.dir~ - rm -rf $tpldir~ - $CC --prelink_objects --instantiation_dir $tpldir $predep_objects $libobjs $deplibs $convenience $postdep_objects~ - $CC -shared $pic_flag $predep_objects $libobjs $deplibs `find $tpldir -name \*.o | sort | $NL2SP` $postdep_objects $compiler_flags $wl-soname $wl$soname -o $lib' - _LT_TAGVAR(archive_expsym_cmds, $1)='tpldir=Template.dir~ - rm -rf $tpldir~ - $CC --prelink_objects --instantiation_dir $tpldir $predep_objects $libobjs $deplibs $convenience $postdep_objects~ - $CC -shared $pic_flag $predep_objects $libobjs $deplibs `find $tpldir -name \*.o | sort | $NL2SP` $postdep_objects $compiler_flags $wl-soname $wl$soname $wl-retain-symbols-file $wl$export_symbols -o $lib' - ;; - *) # Version 6 and above use weak symbols - _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-soname $wl$soname -o $lib' - _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $pic_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-soname $wl$soname $wl-retain-symbols-file $wl$export_symbols -o $lib' - ;; - esac - - _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl--rpath $wl$libdir' - _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl--export-dynamic' - _LT_TAGVAR(whole_archive_flag_spec, $1)='$wl--whole-archive`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; func_echo_all \"$new_convenience\"` $wl--no-whole-archive' - ;; - cxx*) - # Compaq C++ - _LT_TAGVAR(archive_cmds, $1)='$CC -shared $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-soname $wl$soname -o $lib' - _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-soname $wl$soname -o $lib $wl-retain-symbols-file $wl$export_symbols' - - runpath_var=LD_RUN_PATH - _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-rpath $libdir' - _LT_TAGVAR(hardcode_libdir_separator, $1)=: - - # Commands to make compiler produce verbose output that lists - # what "hidden" libraries, object files and flags are used when - # linking a shared library. - # - # There doesn't appear to be a way to prevent this compiler from - # explicitly linking system object files so we need to strip them - # from the output so that they don't get included in the library - # dependencies. - output_verbose_link_cmd='templist=`$CC -shared $CFLAGS -v conftest.$objext 2>&1 | $GREP "ld"`; templist=`func_echo_all "$templist" | $SED "s/\(^.*ld.*\)\( .*ld .*$\)/\1/"`; list= ; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; func_echo_all "X$list" | $Xsed' - ;; - xl* | mpixl* | bgxl*) - # IBM XL 8.0 on PPC, with GNU ld - _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath $wl$libdir' - _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl--export-dynamic' - _LT_TAGVAR(archive_cmds, $1)='$CC -qmkshrobj $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib' - if test yes = "$supports_anon_versioning"; then - _LT_TAGVAR(archive_expsym_cmds, $1)='echo "{ global:" > $output_objdir/$libname.ver~ - cat $export_symbols | sed -e "s/\(.*\)/\1;/" >> $output_objdir/$libname.ver~ - echo "local: *; };" >> $output_objdir/$libname.ver~ - $CC -qmkshrobj $libobjs $deplibs $compiler_flags $wl-soname $wl$soname $wl-version-script $wl$output_objdir/$libname.ver -o $lib' - fi - ;; - *) - case `$CC -V 2>&1 | sed 5q` in - *Sun\ C*) - # Sun C++ 5.9 - _LT_TAGVAR(no_undefined_flag, $1)=' -zdefs' - _LT_TAGVAR(archive_cmds, $1)='$CC -G$allow_undefined_flag -h$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags' - _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -G$allow_undefined_flag -h$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-retain-symbols-file $wl$export_symbols' - _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-R$libdir' - _LT_TAGVAR(whole_archive_flag_spec, $1)='$wl--whole-archive`new_convenience=; for conv in $convenience\"\"; do test -z \"$conv\" || new_convenience=\"$new_convenience,$conv\"; done; func_echo_all \"$new_convenience\"` $wl--no-whole-archive' - _LT_TAGVAR(compiler_needs_object, $1)=yes - - # Not sure whether something based on - # $CC $CFLAGS -v conftest.$objext -o libconftest$shared_ext 2>&1 - # would be better. - output_verbose_link_cmd='func_echo_all' - - # Archives containing C++ object files must be created using - # "CC -xar", where "CC" is the Sun C++ compiler. This is - # necessary to make sure instantiated templates are included - # in the archive. - _LT_TAGVAR(old_archive_cmds, $1)='$CC -xar -o $oldlib $oldobjs' - ;; - esac - ;; - esac - ;; - - lynxos*) - # FIXME: insert proper C++ library support - _LT_TAGVAR(ld_shlibs, $1)=no - ;; - - m88k*) - # FIXME: insert proper C++ library support - _LT_TAGVAR(ld_shlibs, $1)=no - ;; - - mvs*) - case $cc_basename in - cxx*) - # FIXME: insert proper C++ library support - _LT_TAGVAR(ld_shlibs, $1)=no - ;; - *) - # FIXME: insert proper C++ library support - _LT_TAGVAR(ld_shlibs, $1)=no - ;; - esac - ;; - - netbsd*) - if echo __ELF__ | $CC -E - | $GREP __ELF__ >/dev/null; then - _LT_TAGVAR(archive_cmds, $1)='$LD -Bshareable -o $lib $predep_objects $libobjs $deplibs $postdep_objects $linker_flags' - wlarc= - _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-R$libdir' - _LT_TAGVAR(hardcode_direct, $1)=yes - _LT_TAGVAR(hardcode_shlibpath_var, $1)=no - fi - # Workaround some broken pre-1.5 toolchains - output_verbose_link_cmd='$CC -shared $CFLAGS -v conftest.$objext 2>&1 | $GREP conftest.$objext | $SED -e "s:-lgcc -lc -lgcc::"' - ;; - - *nto* | *qnx*) - _LT_TAGVAR(ld_shlibs, $1)=yes - ;; - - openbsd* | bitrig*) - if test -f /usr/libexec/ld.so; then - _LT_TAGVAR(hardcode_direct, $1)=yes - _LT_TAGVAR(hardcode_shlibpath_var, $1)=no - _LT_TAGVAR(hardcode_direct_absolute, $1)=yes - _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -o $lib' - _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath,$libdir' - if test -z "`echo __ELF__ | $CC -E - | grep __ELF__`"; then - _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $pic_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-retain-symbols-file,$export_symbols -o $lib' - _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl-E' - _LT_TAGVAR(whole_archive_flag_spec, $1)=$wlarc'--whole-archive$convenience '$wlarc'--no-whole-archive' - fi - output_verbose_link_cmd=func_echo_all - else - _LT_TAGVAR(ld_shlibs, $1)=no - fi - ;; - - osf3* | osf4* | osf5*) - case $cc_basename in - KCC*) - # Kuck and Associates, Inc. (KAI) C++ Compiler - - # KCC will only create a shared library if the output file - # ends with ".so" (or ".sl" for HP-UX), so rename the library - # to its proper name (with version) after linking. - _LT_TAGVAR(archive_cmds, $1)='tempext=`echo $shared_ext | $SED -e '\''s/\([[^()0-9A-Za-z{}]]\)/\\\\\1/g'\''`; templib=`echo "$lib" | $SED -e "s/\$tempext\..*/.so/"`; $CC $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags --soname $soname -o \$templib; mv \$templib $lib' - - _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath,$libdir' - _LT_TAGVAR(hardcode_libdir_separator, $1)=: - - # Archives containing C++ object files must be created using - # the KAI C++ compiler. - case $host in - osf3*) _LT_TAGVAR(old_archive_cmds, $1)='$CC -Bstatic -o $oldlib $oldobjs' ;; - *) _LT_TAGVAR(old_archive_cmds, $1)='$CC -o $oldlib $oldobjs' ;; - esac - ;; - RCC*) - # Rational C++ 2.4.1 - # FIXME: insert proper C++ library support - _LT_TAGVAR(ld_shlibs, $1)=no - ;; - cxx*) - case $host in - osf3*) - _LT_TAGVAR(allow_undefined_flag, $1)=' $wl-expect_unresolved $wl\*' - _LT_TAGVAR(archive_cmds, $1)='$CC -shared$allow_undefined_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-soname $soname `test -n "$verstring" && func_echo_all "$wl-set_version $verstring"` -update_registry $output_objdir/so_locations -o $lib' - _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath $wl$libdir' - ;; - *) - _LT_TAGVAR(allow_undefined_flag, $1)=' -expect_unresolved \*' - _LT_TAGVAR(archive_cmds, $1)='$CC -shared$allow_undefined_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -msym -soname $soname `test -n "$verstring" && func_echo_all "-set_version $verstring"` -update_registry $output_objdir/so_locations -o $lib' - _LT_TAGVAR(archive_expsym_cmds, $1)='for i in `cat $export_symbols`; do printf "%s %s\\n" -exported_symbol "\$i" >> $lib.exp; done~ - echo "-hidden">> $lib.exp~ - $CC -shared$allow_undefined_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -msym -soname $soname $wl-input $wl$lib.exp `test -n "$verstring" && $ECHO "-set_version $verstring"` -update_registry $output_objdir/so_locations -o $lib~ - $RM $lib.exp' - _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-rpath $libdir' - ;; - esac - - _LT_TAGVAR(hardcode_libdir_separator, $1)=: - - # Commands to make compiler produce verbose output that lists - # what "hidden" libraries, object files and flags are used when - # linking a shared library. - # - # There doesn't appear to be a way to prevent this compiler from - # explicitly linking system object files so we need to strip them - # from the output so that they don't get included in the library - # dependencies. - output_verbose_link_cmd='templist=`$CC -shared $CFLAGS -v conftest.$objext 2>&1 | $GREP "ld" | $GREP -v "ld:"`; templist=`func_echo_all "$templist" | $SED "s/\(^.*ld.*\)\( .*ld.*$\)/\1/"`; list= ; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; func_echo_all "$list"' - ;; - *) - if test yes,no = "$GXX,$with_gnu_ld"; then - _LT_TAGVAR(allow_undefined_flag, $1)=' $wl-expect_unresolved $wl\*' - case $host in - osf3*) - _LT_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib $allow_undefined_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-soname $wl$soname `test -n "$verstring" && func_echo_all "$wl-set_version $wl$verstring"` $wl-update_registry $wl$output_objdir/so_locations -o $lib' - ;; - *) - _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag -nostdlib $allow_undefined_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-msym $wl-soname $wl$soname `test -n "$verstring" && func_echo_all "$wl-set_version $wl$verstring"` $wl-update_registry $wl$output_objdir/so_locations -o $lib' - ;; - esac - - _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath $wl$libdir' - _LT_TAGVAR(hardcode_libdir_separator, $1)=: - - # Commands to make compiler produce verbose output that lists - # what "hidden" libraries, object files and flags are used when - # linking a shared library. - output_verbose_link_cmd='$CC -shared $CFLAGS -v conftest.$objext 2>&1 | $GREP -v "^Configured with:" | $GREP "\-L"' - - else - # FIXME: insert proper C++ library support - _LT_TAGVAR(ld_shlibs, $1)=no - fi - ;; - esac - ;; - - psos*) - # FIXME: insert proper C++ library support - _LT_TAGVAR(ld_shlibs, $1)=no - ;; - - sunos4*) - case $cc_basename in - CC*) - # Sun C++ 4.x - # FIXME: insert proper C++ library support - _LT_TAGVAR(ld_shlibs, $1)=no - ;; - lcc*) - # Lucid - # FIXME: insert proper C++ library support - _LT_TAGVAR(ld_shlibs, $1)=no - ;; - *) - # FIXME: insert proper C++ library support - _LT_TAGVAR(ld_shlibs, $1)=no - ;; - esac - ;; - - solaris*) - case $cc_basename in - CC* | sunCC*) - # Sun C++ 4.2, 5.x and Centerline C++ - _LT_TAGVAR(archive_cmds_need_lc,$1)=yes - _LT_TAGVAR(no_undefined_flag, $1)=' -zdefs' - _LT_TAGVAR(archive_cmds, $1)='$CC -G$allow_undefined_flag -h$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags' - _LT_TAGVAR(archive_expsym_cmds, $1)='echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~echo "local: *; };" >> $lib.exp~ - $CC -G$allow_undefined_flag $wl-M $wl$lib.exp -h$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags~$RM $lib.exp' - - _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-R$libdir' - _LT_TAGVAR(hardcode_shlibpath_var, $1)=no - case $host_os in - solaris2.[[0-5]] | solaris2.[[0-5]].*) ;; - *) - # The compiler driver will combine and reorder linker options, - # but understands '-z linker_flag'. - # Supported since Solaris 2.6 (maybe 2.5.1?) - _LT_TAGVAR(whole_archive_flag_spec, $1)='-z allextract$convenience -z defaultextract' - ;; - esac - _LT_TAGVAR(link_all_deplibs, $1)=yes - - output_verbose_link_cmd='func_echo_all' - - # Archives containing C++ object files must be created using - # "CC -xar", where "CC" is the Sun C++ compiler. This is - # necessary to make sure instantiated templates are included - # in the archive. - _LT_TAGVAR(old_archive_cmds, $1)='$CC -xar -o $oldlib $oldobjs' - ;; - gcx*) - # Green Hills C++ Compiler - _LT_TAGVAR(archive_cmds, $1)='$CC -shared $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-h $wl$soname -o $lib' - - # The C++ compiler must be used to create the archive. - _LT_TAGVAR(old_archive_cmds, $1)='$CC $LDFLAGS -archive -o $oldlib $oldobjs' - ;; - *) - # GNU C++ compiler with Solaris linker - if test yes,no = "$GXX,$with_gnu_ld"; then - _LT_TAGVAR(no_undefined_flag, $1)=' $wl-z ${wl}defs' - if $CC --version | $GREP -v '^2\.7' > /dev/null; then - _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-h $wl$soname -o $lib' - _LT_TAGVAR(archive_expsym_cmds, $1)='echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~echo "local: *; };" >> $lib.exp~ - $CC -shared $pic_flag -nostdlib $wl-M $wl$lib.exp $wl-h $wl$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags~$RM $lib.exp' - - # Commands to make compiler produce verbose output that lists - # what "hidden" libraries, object files and flags are used when - # linking a shared library. - output_verbose_link_cmd='$CC -shared $CFLAGS -v conftest.$objext 2>&1 | $GREP -v "^Configured with:" | $GREP "\-L"' - else - # g++ 2.7 appears to require '-G' NOT '-shared' on this - # platform. - _LT_TAGVAR(archive_cmds, $1)='$CC -G -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-h $wl$soname -o $lib' - _LT_TAGVAR(archive_expsym_cmds, $1)='echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~echo "local: *; };" >> $lib.exp~ - $CC -G -nostdlib $wl-M $wl$lib.exp $wl-h $wl$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags~$RM $lib.exp' - - # Commands to make compiler produce verbose output that lists - # what "hidden" libraries, object files and flags are used when - # linking a shared library. - output_verbose_link_cmd='$CC -G $CFLAGS -v conftest.$objext 2>&1 | $GREP -v "^Configured with:" | $GREP "\-L"' - fi - - _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-R $wl$libdir' - case $host_os in - solaris2.[[0-5]] | solaris2.[[0-5]].*) ;; - *) - _LT_TAGVAR(whole_archive_flag_spec, $1)='$wl-z ${wl}allextract$convenience $wl-z ${wl}defaultextract' - ;; - esac - fi - ;; - esac - ;; - - sysv4*uw2* | sysv5OpenUNIX* | sysv5UnixWare7.[[01]].[[10]]* | unixware7* | sco3.2v5.0.[[024]]*) - _LT_TAGVAR(no_undefined_flag, $1)='$wl-z,text' - _LT_TAGVAR(archive_cmds_need_lc, $1)=no - _LT_TAGVAR(hardcode_shlibpath_var, $1)=no - runpath_var='LD_RUN_PATH' - - case $cc_basename in - CC*) - _LT_TAGVAR(archive_cmds, $1)='$CC -G $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags' - _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -G $wl-Bexport:$export_symbols $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags' - ;; - *) - _LT_TAGVAR(archive_cmds, $1)='$CC -shared $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags' - _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $wl-Bexport:$export_symbols $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags' - ;; - esac - ;; - - sysv5* | sco3.2v5* | sco5v6*) - # Note: We CANNOT use -z defs as we might desire, because we do not - # link with -lc, and that would cause any symbols used from libc to - # always be unresolved, which means just about no library would - # ever link correctly. If we're not using GNU ld we use -z text - # though, which does catch some bad symbols but isn't as heavy-handed - # as -z defs. - _LT_TAGVAR(no_undefined_flag, $1)='$wl-z,text' - _LT_TAGVAR(allow_undefined_flag, $1)='$wl-z,nodefs' - _LT_TAGVAR(archive_cmds_need_lc, $1)=no - _LT_TAGVAR(hardcode_shlibpath_var, $1)=no - _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-R,$libdir' - _LT_TAGVAR(hardcode_libdir_separator, $1)=':' - _LT_TAGVAR(link_all_deplibs, $1)=yes - _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl-Bexport' - runpath_var='LD_RUN_PATH' - - case $cc_basename in - CC*) - _LT_TAGVAR(archive_cmds, $1)='$CC -G $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags' - _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -G $wl-Bexport:$export_symbols $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags' - _LT_TAGVAR(old_archive_cmds, $1)='$CC -Tprelink_objects $oldobjs~ - '"$_LT_TAGVAR(old_archive_cmds, $1)" - _LT_TAGVAR(reload_cmds, $1)='$CC -Tprelink_objects $reload_objs~ - '"$_LT_TAGVAR(reload_cmds, $1)" - ;; - *) - _LT_TAGVAR(archive_cmds, $1)='$CC -shared $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags' - _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $wl-Bexport:$export_symbols $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags' - ;; - esac - ;; - - tandem*) - case $cc_basename in - NCC*) - # NonStop-UX NCC 3.20 - # FIXME: insert proper C++ library support - _LT_TAGVAR(ld_shlibs, $1)=no - ;; - *) - # FIXME: insert proper C++ library support - _LT_TAGVAR(ld_shlibs, $1)=no - ;; - esac - ;; - - vxworks*) - # FIXME: insert proper C++ library support - _LT_TAGVAR(ld_shlibs, $1)=no - ;; - - *) - # FIXME: insert proper C++ library support - _LT_TAGVAR(ld_shlibs, $1)=no - ;; - esac - - AC_MSG_RESULT([$_LT_TAGVAR(ld_shlibs, $1)]) - test no = "$_LT_TAGVAR(ld_shlibs, $1)" && can_build_shared=no - - _LT_TAGVAR(GCC, $1)=$GXX - _LT_TAGVAR(LD, $1)=$LD - - ## CAVEAT EMPTOR: - ## There is no encapsulation within the following macros, do not change - ## the running order or otherwise move them around unless you know exactly - ## what you are doing... - _LT_SYS_HIDDEN_LIBDEPS($1) - _LT_COMPILER_PIC($1) - _LT_COMPILER_C_O($1) - _LT_COMPILER_FILE_LOCKS($1) - _LT_LINKER_SHLIBS($1) - _LT_SYS_DYNAMIC_LINKER($1) - _LT_LINKER_HARDCODE_LIBPATH($1) - - _LT_CONFIG($1) - fi # test -n "$compiler" - - CC=$lt_save_CC - CFLAGS=$lt_save_CFLAGS - LDCXX=$LD - LD=$lt_save_LD - GCC=$lt_save_GCC - with_gnu_ld=$lt_save_with_gnu_ld - lt_cv_path_LDCXX=$lt_cv_path_LD - lt_cv_path_LD=$lt_save_path_LD - lt_cv_prog_gnu_ldcxx=$lt_cv_prog_gnu_ld - lt_cv_prog_gnu_ld=$lt_save_with_gnu_ld -fi # test yes != "$_lt_caught_CXX_error" - -AC_LANG_POP -])# _LT_LANG_CXX_CONFIG - - -# _LT_FUNC_STRIPNAME_CNF -# ---------------------- -# func_stripname_cnf prefix suffix name -# strip PREFIX and SUFFIX off of NAME. -# PREFIX and SUFFIX must not contain globbing or regex special -# characters, hashes, percent signs, but SUFFIX may contain a leading -# dot (in which case that matches only a dot). -# -# This function is identical to the (non-XSI) version of func_stripname, -# except this one can be used by m4 code that may be executed by configure, -# rather than the libtool script. -m4_defun([_LT_FUNC_STRIPNAME_CNF],[dnl -AC_REQUIRE([_LT_DECL_SED]) -AC_REQUIRE([_LT_PROG_ECHO_BACKSLASH]) -func_stripname_cnf () -{ - case @S|@2 in - .*) func_stripname_result=`$ECHO "@S|@3" | $SED "s%^@S|@1%%; s%\\\\@S|@2\$%%"`;; - *) func_stripname_result=`$ECHO "@S|@3" | $SED "s%^@S|@1%%; s%@S|@2\$%%"`;; - esac -} # func_stripname_cnf -])# _LT_FUNC_STRIPNAME_CNF - - -# _LT_SYS_HIDDEN_LIBDEPS([TAGNAME]) -# --------------------------------- -# Figure out "hidden" library dependencies from verbose -# compiler output when linking a shared library. -# Parse the compiler output and extract the necessary -# objects, libraries and library flags. -m4_defun([_LT_SYS_HIDDEN_LIBDEPS], -[m4_require([_LT_FILEUTILS_DEFAULTS])dnl -AC_REQUIRE([_LT_FUNC_STRIPNAME_CNF])dnl -# Dependencies to place before and after the object being linked: -_LT_TAGVAR(predep_objects, $1)= -_LT_TAGVAR(postdep_objects, $1)= -_LT_TAGVAR(predeps, $1)= -_LT_TAGVAR(postdeps, $1)= -_LT_TAGVAR(compiler_lib_search_path, $1)= - -dnl we can't use the lt_simple_compile_test_code here, -dnl because it contains code intended for an executable, -dnl not a library. It's possible we should let each -dnl tag define a new lt_????_link_test_code variable, -dnl but it's only used here... -m4_if([$1], [], [cat > conftest.$ac_ext <<_LT_EOF -int a; -void foo (void) { a = 0; } -_LT_EOF -], [$1], [CXX], [cat > conftest.$ac_ext <<_LT_EOF -class Foo -{ -public: - Foo (void) { a = 0; } -private: - int a; -}; -_LT_EOF -], [$1], [F77], [cat > conftest.$ac_ext <<_LT_EOF - subroutine foo - implicit none - integer*4 a - a=0 - return - end -_LT_EOF -], [$1], [FC], [cat > conftest.$ac_ext <<_LT_EOF - subroutine foo - implicit none - integer a - a=0 - return - end -_LT_EOF -], [$1], [GCJ], [cat > conftest.$ac_ext <<_LT_EOF -public class foo { - private int a; - public void bar (void) { - a = 0; - } -}; -_LT_EOF -], [$1], [GO], [cat > conftest.$ac_ext <<_LT_EOF -package foo -func foo() { -} -_LT_EOF -]) - -_lt_libdeps_save_CFLAGS=$CFLAGS -case "$CC $CFLAGS " in #( -*\ -flto*\ *) CFLAGS="$CFLAGS -fno-lto" ;; -*\ -fwhopr*\ *) CFLAGS="$CFLAGS -fno-whopr" ;; -*\ -fuse-linker-plugin*\ *) CFLAGS="$CFLAGS -fno-use-linker-plugin" ;; -esac - -dnl Parse the compiler output and extract the necessary -dnl objects, libraries and library flags. -if AC_TRY_EVAL(ac_compile); then - # Parse the compiler output and extract the necessary - # objects, libraries and library flags. - - # Sentinel used to keep track of whether or not we are before - # the conftest object file. - pre_test_object_deps_done=no - - for p in `eval "$output_verbose_link_cmd"`; do - case $prev$p in - - -L* | -R* | -l*) - # Some compilers place space between "-{L,R}" and the path. - # Remove the space. - if test x-L = "$p" || - test x-R = "$p"; then - prev=$p - continue - fi - - # Expand the sysroot to ease extracting the directories later. - if test -z "$prev"; then - case $p in - -L*) func_stripname_cnf '-L' '' "$p"; prev=-L; p=$func_stripname_result ;; - -R*) func_stripname_cnf '-R' '' "$p"; prev=-R; p=$func_stripname_result ;; - -l*) func_stripname_cnf '-l' '' "$p"; prev=-l; p=$func_stripname_result ;; - esac - fi - case $p in - =*) func_stripname_cnf '=' '' "$p"; p=$lt_sysroot$func_stripname_result ;; - esac - if test no = "$pre_test_object_deps_done"; then - case $prev in - -L | -R) - # Internal compiler library paths should come after those - # provided the user. The postdeps already come after the - # user supplied libs so there is no need to process them. - if test -z "$_LT_TAGVAR(compiler_lib_search_path, $1)"; then - _LT_TAGVAR(compiler_lib_search_path, $1)=$prev$p - else - _LT_TAGVAR(compiler_lib_search_path, $1)="${_LT_TAGVAR(compiler_lib_search_path, $1)} $prev$p" - fi - ;; - # The "-l" case would never come before the object being - # linked, so don't bother handling this case. - esac - else - if test -z "$_LT_TAGVAR(postdeps, $1)"; then - _LT_TAGVAR(postdeps, $1)=$prev$p - else - _LT_TAGVAR(postdeps, $1)="${_LT_TAGVAR(postdeps, $1)} $prev$p" - fi - fi - prev= - ;; - - *.lto.$objext) ;; # Ignore GCC LTO objects - *.$objext) - # This assumes that the test object file only shows up - # once in the compiler output. - if test "$p" = "conftest.$objext"; then - pre_test_object_deps_done=yes - continue - fi - - if test no = "$pre_test_object_deps_done"; then - if test -z "$_LT_TAGVAR(predep_objects, $1)"; then - _LT_TAGVAR(predep_objects, $1)=$p - else - _LT_TAGVAR(predep_objects, $1)="$_LT_TAGVAR(predep_objects, $1) $p" - fi - else - if test -z "$_LT_TAGVAR(postdep_objects, $1)"; then - _LT_TAGVAR(postdep_objects, $1)=$p - else - _LT_TAGVAR(postdep_objects, $1)="$_LT_TAGVAR(postdep_objects, $1) $p" - fi - fi - ;; - - *) ;; # Ignore the rest. - - esac - done - - # Clean up. - rm -f a.out a.exe -else - echo "libtool.m4: error: problem compiling $1 test program" -fi - -$RM -f confest.$objext -CFLAGS=$_lt_libdeps_save_CFLAGS - -# PORTME: override above test on systems where it is broken -m4_if([$1], [CXX], -[case $host_os in -interix[[3-9]]*) - # Interix 3.5 installs completely hosed .la files for C++, so rather than - # hack all around it, let's just trust "g++" to DTRT. - _LT_TAGVAR(predep_objects,$1)= - _LT_TAGVAR(postdep_objects,$1)= - _LT_TAGVAR(postdeps,$1)= - ;; -esac -]) - -case " $_LT_TAGVAR(postdeps, $1) " in -*" -lc "*) _LT_TAGVAR(archive_cmds_need_lc, $1)=no ;; -esac - _LT_TAGVAR(compiler_lib_search_dirs, $1)= -if test -n "${_LT_TAGVAR(compiler_lib_search_path, $1)}"; then - _LT_TAGVAR(compiler_lib_search_dirs, $1)=`echo " ${_LT_TAGVAR(compiler_lib_search_path, $1)}" | $SED -e 's! -L! !g' -e 's!^ !!'` -fi -_LT_TAGDECL([], [compiler_lib_search_dirs], [1], - [The directories searched by this compiler when creating a shared library]) -_LT_TAGDECL([], [predep_objects], [1], - [Dependencies to place before and after the objects being linked to - create a shared library]) -_LT_TAGDECL([], [postdep_objects], [1]) -_LT_TAGDECL([], [predeps], [1]) -_LT_TAGDECL([], [postdeps], [1]) -_LT_TAGDECL([], [compiler_lib_search_path], [1], - [The library search path used internally by the compiler when linking - a shared library]) -])# _LT_SYS_HIDDEN_LIBDEPS - - -# _LT_LANG_F77_CONFIG([TAG]) -# -------------------------- -# Ensure that the configuration variables for a Fortran 77 compiler are -# suitably defined. These variables are subsequently used by _LT_CONFIG -# to write the compiler configuration to 'libtool'. -m4_defun([_LT_LANG_F77_CONFIG], -[AC_LANG_PUSH(Fortran 77) -if test -z "$F77" || test no = "$F77"; then - _lt_disable_F77=yes -fi - -_LT_TAGVAR(archive_cmds_need_lc, $1)=no -_LT_TAGVAR(allow_undefined_flag, $1)= -_LT_TAGVAR(always_export_symbols, $1)=no -_LT_TAGVAR(archive_expsym_cmds, $1)= -_LT_TAGVAR(export_dynamic_flag_spec, $1)= -_LT_TAGVAR(hardcode_direct, $1)=no -_LT_TAGVAR(hardcode_direct_absolute, $1)=no -_LT_TAGVAR(hardcode_libdir_flag_spec, $1)= -_LT_TAGVAR(hardcode_libdir_separator, $1)= -_LT_TAGVAR(hardcode_minus_L, $1)=no -_LT_TAGVAR(hardcode_automatic, $1)=no -_LT_TAGVAR(inherit_rpath, $1)=no -_LT_TAGVAR(module_cmds, $1)= -_LT_TAGVAR(module_expsym_cmds, $1)= -_LT_TAGVAR(link_all_deplibs, $1)=unknown -_LT_TAGVAR(old_archive_cmds, $1)=$old_archive_cmds -_LT_TAGVAR(reload_flag, $1)=$reload_flag -_LT_TAGVAR(reload_cmds, $1)=$reload_cmds -_LT_TAGVAR(no_undefined_flag, $1)= -_LT_TAGVAR(whole_archive_flag_spec, $1)= -_LT_TAGVAR(enable_shared_with_static_runtimes, $1)=no - -# Source file extension for f77 test sources. -ac_ext=f - -# Object file extension for compiled f77 test sources. -objext=o -_LT_TAGVAR(objext, $1)=$objext - -# No sense in running all these tests if we already determined that -# the F77 compiler isn't working. Some variables (like enable_shared) -# are currently assumed to apply to all compilers on this platform, -# and will be corrupted by setting them based on a non-working compiler. -if test yes != "$_lt_disable_F77"; then - # Code to be used in simple compile tests - lt_simple_compile_test_code="\ - subroutine t - return - end -" - - # Code to be used in simple link tests - lt_simple_link_test_code="\ - program t - end -" - - # ltmain only uses $CC for tagged configurations so make sure $CC is set. - _LT_TAG_COMPILER - - # save warnings/boilerplate of simple test code - _LT_COMPILER_BOILERPLATE - _LT_LINKER_BOILERPLATE - - # Allow CC to be a program name with arguments. - lt_save_CC=$CC - lt_save_GCC=$GCC - lt_save_CFLAGS=$CFLAGS - CC=${F77-"f77"} - CFLAGS=$FFLAGS - compiler=$CC - _LT_TAGVAR(compiler, $1)=$CC - _LT_CC_BASENAME([$compiler]) - GCC=$G77 - if test -n "$compiler"; then - AC_MSG_CHECKING([if libtool supports shared libraries]) - AC_MSG_RESULT([$can_build_shared]) - - AC_MSG_CHECKING([whether to build shared libraries]) - test no = "$can_build_shared" && enable_shared=no - - # On AIX, shared libraries and static libraries use the same namespace, and - # are all built from PIC. - case $host_os in - aix3*) - test yes = "$enable_shared" && enable_static=no - if test -n "$RANLIB"; then - archive_cmds="$archive_cmds~\$RANLIB \$lib" - postinstall_cmds='$RANLIB $lib' - fi - ;; - aix[[4-9]]*) - if test ia64 != "$host_cpu"; then - case $enable_shared,$with_aix_soname,$aix_use_runtimelinking in - yes,aix,yes) ;; # shared object as lib.so file only - yes,svr4,*) ;; # shared object as lib.so archive member only - yes,*) enable_static=no ;; # shared object in lib.a archive as well - esac - fi - ;; - esac - AC_MSG_RESULT([$enable_shared]) - - AC_MSG_CHECKING([whether to build static libraries]) - # Make sure either enable_shared or enable_static is yes. - test yes = "$enable_shared" || enable_static=yes - AC_MSG_RESULT([$enable_static]) - - _LT_TAGVAR(GCC, $1)=$G77 - _LT_TAGVAR(LD, $1)=$LD - - ## CAVEAT EMPTOR: - ## There is no encapsulation within the following macros, do not change - ## the running order or otherwise move them around unless you know exactly - ## what you are doing... - _LT_COMPILER_PIC($1) - _LT_COMPILER_C_O($1) - _LT_COMPILER_FILE_LOCKS($1) - _LT_LINKER_SHLIBS($1) - _LT_SYS_DYNAMIC_LINKER($1) - _LT_LINKER_HARDCODE_LIBPATH($1) - - _LT_CONFIG($1) - fi # test -n "$compiler" - - GCC=$lt_save_GCC - CC=$lt_save_CC - CFLAGS=$lt_save_CFLAGS -fi # test yes != "$_lt_disable_F77" - -AC_LANG_POP -])# _LT_LANG_F77_CONFIG - - -# _LT_LANG_FC_CONFIG([TAG]) -# ------------------------- -# Ensure that the configuration variables for a Fortran compiler are -# suitably defined. These variables are subsequently used by _LT_CONFIG -# to write the compiler configuration to 'libtool'. -m4_defun([_LT_LANG_FC_CONFIG], -[AC_LANG_PUSH(Fortran) - -if test -z "$FC" || test no = "$FC"; then - _lt_disable_FC=yes -fi - -_LT_TAGVAR(archive_cmds_need_lc, $1)=no -_LT_TAGVAR(allow_undefined_flag, $1)= -_LT_TAGVAR(always_export_symbols, $1)=no -_LT_TAGVAR(archive_expsym_cmds, $1)= -_LT_TAGVAR(export_dynamic_flag_spec, $1)= -_LT_TAGVAR(hardcode_direct, $1)=no -_LT_TAGVAR(hardcode_direct_absolute, $1)=no -_LT_TAGVAR(hardcode_libdir_flag_spec, $1)= -_LT_TAGVAR(hardcode_libdir_separator, $1)= -_LT_TAGVAR(hardcode_minus_L, $1)=no -_LT_TAGVAR(hardcode_automatic, $1)=no -_LT_TAGVAR(inherit_rpath, $1)=no -_LT_TAGVAR(module_cmds, $1)= -_LT_TAGVAR(module_expsym_cmds, $1)= -_LT_TAGVAR(link_all_deplibs, $1)=unknown -_LT_TAGVAR(old_archive_cmds, $1)=$old_archive_cmds -_LT_TAGVAR(reload_flag, $1)=$reload_flag -_LT_TAGVAR(reload_cmds, $1)=$reload_cmds -_LT_TAGVAR(no_undefined_flag, $1)= -_LT_TAGVAR(whole_archive_flag_spec, $1)= -_LT_TAGVAR(enable_shared_with_static_runtimes, $1)=no - -# Source file extension for fc test sources. -ac_ext=${ac_fc_srcext-f} - -# Object file extension for compiled fc test sources. -objext=o -_LT_TAGVAR(objext, $1)=$objext - -# No sense in running all these tests if we already determined that -# the FC compiler isn't working. Some variables (like enable_shared) -# are currently assumed to apply to all compilers on this platform, -# and will be corrupted by setting them based on a non-working compiler. -if test yes != "$_lt_disable_FC"; then - # Code to be used in simple compile tests - lt_simple_compile_test_code="\ - subroutine t - return - end -" - - # Code to be used in simple link tests - lt_simple_link_test_code="\ - program t - end -" - - # ltmain only uses $CC for tagged configurations so make sure $CC is set. - _LT_TAG_COMPILER - - # save warnings/boilerplate of simple test code - _LT_COMPILER_BOILERPLATE - _LT_LINKER_BOILERPLATE - - # Allow CC to be a program name with arguments. - lt_save_CC=$CC - lt_save_GCC=$GCC - lt_save_CFLAGS=$CFLAGS - CC=${FC-"f95"} - CFLAGS=$FCFLAGS - compiler=$CC - GCC=$ac_cv_fc_compiler_gnu - - _LT_TAGVAR(compiler, $1)=$CC - _LT_CC_BASENAME([$compiler]) - - if test -n "$compiler"; then - AC_MSG_CHECKING([if libtool supports shared libraries]) - AC_MSG_RESULT([$can_build_shared]) - - AC_MSG_CHECKING([whether to build shared libraries]) - test no = "$can_build_shared" && enable_shared=no - - # On AIX, shared libraries and static libraries use the same namespace, and - # are all built from PIC. - case $host_os in - aix3*) - test yes = "$enable_shared" && enable_static=no - if test -n "$RANLIB"; then - archive_cmds="$archive_cmds~\$RANLIB \$lib" - postinstall_cmds='$RANLIB $lib' - fi - ;; - aix[[4-9]]*) - if test ia64 != "$host_cpu"; then - case $enable_shared,$with_aix_soname,$aix_use_runtimelinking in - yes,aix,yes) ;; # shared object as lib.so file only - yes,svr4,*) ;; # shared object as lib.so archive member only - yes,*) enable_static=no ;; # shared object in lib.a archive as well - esac - fi - ;; - esac - AC_MSG_RESULT([$enable_shared]) - - AC_MSG_CHECKING([whether to build static libraries]) - # Make sure either enable_shared or enable_static is yes. - test yes = "$enable_shared" || enable_static=yes - AC_MSG_RESULT([$enable_static]) - - _LT_TAGVAR(GCC, $1)=$ac_cv_fc_compiler_gnu - _LT_TAGVAR(LD, $1)=$LD - - ## CAVEAT EMPTOR: - ## There is no encapsulation within the following macros, do not change - ## the running order or otherwise move them around unless you know exactly - ## what you are doing... - _LT_SYS_HIDDEN_LIBDEPS($1) - _LT_COMPILER_PIC($1) - _LT_COMPILER_C_O($1) - _LT_COMPILER_FILE_LOCKS($1) - _LT_LINKER_SHLIBS($1) - _LT_SYS_DYNAMIC_LINKER($1) - _LT_LINKER_HARDCODE_LIBPATH($1) - - _LT_CONFIG($1) - fi # test -n "$compiler" - - GCC=$lt_save_GCC - CC=$lt_save_CC - CFLAGS=$lt_save_CFLAGS -fi # test yes != "$_lt_disable_FC" - -AC_LANG_POP -])# _LT_LANG_FC_CONFIG - - -# _LT_LANG_GCJ_CONFIG([TAG]) -# -------------------------- -# Ensure that the configuration variables for the GNU Java Compiler compiler -# are suitably defined. These variables are subsequently used by _LT_CONFIG -# to write the compiler configuration to 'libtool'. -m4_defun([_LT_LANG_GCJ_CONFIG], -[AC_REQUIRE([LT_PROG_GCJ])dnl -AC_LANG_SAVE - -# Source file extension for Java test sources. -ac_ext=java - -# Object file extension for compiled Java test sources. -objext=o -_LT_TAGVAR(objext, $1)=$objext - -# Code to be used in simple compile tests -lt_simple_compile_test_code="class foo {}" - -# Code to be used in simple link tests -lt_simple_link_test_code='public class conftest { public static void main(String[[]] argv) {}; }' - -# ltmain only uses $CC for tagged configurations so make sure $CC is set. -_LT_TAG_COMPILER - -# save warnings/boilerplate of simple test code -_LT_COMPILER_BOILERPLATE -_LT_LINKER_BOILERPLATE - -# Allow CC to be a program name with arguments. -lt_save_CC=$CC -lt_save_CFLAGS=$CFLAGS -lt_save_GCC=$GCC -GCC=yes -CC=${GCJ-"gcj"} -CFLAGS=$GCJFLAGS -compiler=$CC -_LT_TAGVAR(compiler, $1)=$CC -_LT_TAGVAR(LD, $1)=$LD -_LT_CC_BASENAME([$compiler]) - -# GCJ did not exist at the time GCC didn't implicitly link libc in. -_LT_TAGVAR(archive_cmds_need_lc, $1)=no - -_LT_TAGVAR(old_archive_cmds, $1)=$old_archive_cmds -_LT_TAGVAR(reload_flag, $1)=$reload_flag -_LT_TAGVAR(reload_cmds, $1)=$reload_cmds - -if test -n "$compiler"; then - _LT_COMPILER_NO_RTTI($1) - _LT_COMPILER_PIC($1) - _LT_COMPILER_C_O($1) - _LT_COMPILER_FILE_LOCKS($1) - _LT_LINKER_SHLIBS($1) - _LT_LINKER_HARDCODE_LIBPATH($1) - - _LT_CONFIG($1) -fi - -AC_LANG_RESTORE - -GCC=$lt_save_GCC -CC=$lt_save_CC -CFLAGS=$lt_save_CFLAGS -])# _LT_LANG_GCJ_CONFIG - - -# _LT_LANG_GO_CONFIG([TAG]) -# -------------------------- -# Ensure that the configuration variables for the GNU Go compiler -# are suitably defined. These variables are subsequently used by _LT_CONFIG -# to write the compiler configuration to 'libtool'. -m4_defun([_LT_LANG_GO_CONFIG], -[AC_REQUIRE([LT_PROG_GO])dnl -AC_LANG_SAVE - -# Source file extension for Go test sources. -ac_ext=go - -# Object file extension for compiled Go test sources. -objext=o -_LT_TAGVAR(objext, $1)=$objext - -# Code to be used in simple compile tests -lt_simple_compile_test_code="package main; func main() { }" - -# Code to be used in simple link tests -lt_simple_link_test_code='package main; func main() { }' - -# ltmain only uses $CC for tagged configurations so make sure $CC is set. -_LT_TAG_COMPILER - -# save warnings/boilerplate of simple test code -_LT_COMPILER_BOILERPLATE -_LT_LINKER_BOILERPLATE - -# Allow CC to be a program name with arguments. -lt_save_CC=$CC -lt_save_CFLAGS=$CFLAGS -lt_save_GCC=$GCC -GCC=yes -CC=${GOC-"gccgo"} -CFLAGS=$GOFLAGS -compiler=$CC -_LT_TAGVAR(compiler, $1)=$CC -_LT_TAGVAR(LD, $1)=$LD -_LT_CC_BASENAME([$compiler]) - -# Go did not exist at the time GCC didn't implicitly link libc in. -_LT_TAGVAR(archive_cmds_need_lc, $1)=no - -_LT_TAGVAR(old_archive_cmds, $1)=$old_archive_cmds -_LT_TAGVAR(reload_flag, $1)=$reload_flag -_LT_TAGVAR(reload_cmds, $1)=$reload_cmds - -if test -n "$compiler"; then - _LT_COMPILER_NO_RTTI($1) - _LT_COMPILER_PIC($1) - _LT_COMPILER_C_O($1) - _LT_COMPILER_FILE_LOCKS($1) - _LT_LINKER_SHLIBS($1) - _LT_LINKER_HARDCODE_LIBPATH($1) - - _LT_CONFIG($1) -fi - -AC_LANG_RESTORE - -GCC=$lt_save_GCC -CC=$lt_save_CC -CFLAGS=$lt_save_CFLAGS -])# _LT_LANG_GO_CONFIG - - -# _LT_LANG_RC_CONFIG([TAG]) -# ------------------------- -# Ensure that the configuration variables for the Windows resource compiler -# are suitably defined. These variables are subsequently used by _LT_CONFIG -# to write the compiler configuration to 'libtool'. -m4_defun([_LT_LANG_RC_CONFIG], -[AC_REQUIRE([LT_PROG_RC])dnl -AC_LANG_SAVE - -# Source file extension for RC test sources. -ac_ext=rc - -# Object file extension for compiled RC test sources. -objext=o -_LT_TAGVAR(objext, $1)=$objext - -# Code to be used in simple compile tests -lt_simple_compile_test_code='sample MENU { MENUITEM "&Soup", 100, CHECKED }' - -# Code to be used in simple link tests -lt_simple_link_test_code=$lt_simple_compile_test_code - -# ltmain only uses $CC for tagged configurations so make sure $CC is set. -_LT_TAG_COMPILER - -# save warnings/boilerplate of simple test code -_LT_COMPILER_BOILERPLATE -_LT_LINKER_BOILERPLATE - -# Allow CC to be a program name with arguments. -lt_save_CC=$CC -lt_save_CFLAGS=$CFLAGS -lt_save_GCC=$GCC -GCC= -CC=${RC-"windres"} -CFLAGS= -compiler=$CC -_LT_TAGVAR(compiler, $1)=$CC -_LT_CC_BASENAME([$compiler]) -_LT_TAGVAR(lt_cv_prog_compiler_c_o, $1)=yes - -if test -n "$compiler"; then - : - _LT_CONFIG($1) -fi - -GCC=$lt_save_GCC -AC_LANG_RESTORE -CC=$lt_save_CC -CFLAGS=$lt_save_CFLAGS -])# _LT_LANG_RC_CONFIG - - -# LT_PROG_GCJ -# ----------- -AC_DEFUN([LT_PROG_GCJ], -[m4_ifdef([AC_PROG_GCJ], [AC_PROG_GCJ], - [m4_ifdef([A][M_PROG_GCJ], [A][M_PROG_GCJ], - [AC_CHECK_TOOL(GCJ, gcj,) - test set = "${GCJFLAGS+set}" || GCJFLAGS="-g -O2" - AC_SUBST(GCJFLAGS)])])[]dnl -]) - -# Old name: -AU_ALIAS([LT_AC_PROG_GCJ], [LT_PROG_GCJ]) -dnl aclocal-1.4 backwards compatibility: -dnl AC_DEFUN([LT_AC_PROG_GCJ], []) - - -# LT_PROG_GO -# ---------- -AC_DEFUN([LT_PROG_GO], -[AC_CHECK_TOOL(GOC, gccgo,) -]) - - -# LT_PROG_RC -# ---------- -AC_DEFUN([LT_PROG_RC], -[AC_CHECK_TOOL(RC, windres,) -]) - -# Old name: -AU_ALIAS([LT_AC_PROG_RC], [LT_PROG_RC]) -dnl aclocal-1.4 backwards compatibility: -dnl AC_DEFUN([LT_AC_PROG_RC], []) - - -# _LT_DECL_EGREP -# -------------- -# If we don't have a new enough Autoconf to choose the best grep -# available, choose the one first in the user's PATH. -m4_defun([_LT_DECL_EGREP], -[AC_REQUIRE([AC_PROG_EGREP])dnl -AC_REQUIRE([AC_PROG_FGREP])dnl -test -z "$GREP" && GREP=grep -_LT_DECL([], [GREP], [1], [A grep program that handles long lines]) -_LT_DECL([], [EGREP], [1], [An ERE matcher]) -_LT_DECL([], [FGREP], [1], [A literal string matcher]) -dnl Non-bleeding-edge autoconf doesn't subst GREP, so do it here too -AC_SUBST([GREP]) -]) - - -# _LT_DECL_OBJDUMP -# -------------- -# If we don't have a new enough Autoconf to choose the best objdump -# available, choose the one first in the user's PATH. -m4_defun([_LT_DECL_OBJDUMP], -[AC_CHECK_TOOL(OBJDUMP, objdump, false) -test -z "$OBJDUMP" && OBJDUMP=objdump -_LT_DECL([], [OBJDUMP], [1], [An object symbol dumper]) -AC_SUBST([OBJDUMP]) -]) - -# _LT_DECL_DLLTOOL -# ---------------- -# Ensure DLLTOOL variable is set. -m4_defun([_LT_DECL_DLLTOOL], -[AC_CHECK_TOOL(DLLTOOL, dlltool, false) -test -z "$DLLTOOL" && DLLTOOL=dlltool -_LT_DECL([], [DLLTOOL], [1], [DLL creation program]) -AC_SUBST([DLLTOOL]) -]) - -# _LT_DECL_SED -# ------------ -# Check for a fully-functional sed program, that truncates -# as few characters as possible. Prefer GNU sed if found. -m4_defun([_LT_DECL_SED], -[AC_PROG_SED -test -z "$SED" && SED=sed -Xsed="$SED -e 1s/^X//" -_LT_DECL([], [SED], [1], [A sed program that does not truncate output]) -_LT_DECL([], [Xsed], ["\$SED -e 1s/^X//"], - [Sed that helps us avoid accidentally triggering echo(1) options like -n]) -])# _LT_DECL_SED - -m4_ifndef([AC_PROG_SED], [ -# NOTE: This macro has been submitted for inclusion into # -# GNU Autoconf as AC_PROG_SED. When it is available in # -# a released version of Autoconf we should remove this # -# macro and use it instead. # - -m4_defun([AC_PROG_SED], -[AC_MSG_CHECKING([for a sed that does not truncate output]) -AC_CACHE_VAL(lt_cv_path_SED, -[# Loop through the user's path and test for sed and gsed. -# Then use that list of sed's as ones to test for truncation. -as_save_IFS=$IFS; IFS=$PATH_SEPARATOR -for as_dir in $PATH -do - IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. - for lt_ac_prog in sed gsed; do - for ac_exec_ext in '' $ac_executable_extensions; do - if $as_executable_p "$as_dir/$lt_ac_prog$ac_exec_ext"; then - lt_ac_sed_list="$lt_ac_sed_list $as_dir/$lt_ac_prog$ac_exec_ext" - fi - done - done -done -IFS=$as_save_IFS -lt_ac_max=0 -lt_ac_count=0 -# Add /usr/xpg4/bin/sed as it is typically found on Solaris -# along with /bin/sed that truncates output. -for lt_ac_sed in $lt_ac_sed_list /usr/xpg4/bin/sed; do - test ! -f "$lt_ac_sed" && continue - cat /dev/null > conftest.in - lt_ac_count=0 - echo $ECHO_N "0123456789$ECHO_C" >conftest.in - # Check for GNU sed and select it if it is found. - if "$lt_ac_sed" --version 2>&1 < /dev/null | grep 'GNU' > /dev/null; then - lt_cv_path_SED=$lt_ac_sed - break - fi - while true; do - cat conftest.in conftest.in >conftest.tmp - mv conftest.tmp conftest.in - cp conftest.in conftest.nl - echo >>conftest.nl - $lt_ac_sed -e 's/a$//' < conftest.nl >conftest.out || break - cmp -s conftest.out conftest.nl || break - # 10000 chars as input seems more than enough - test 10 -lt "$lt_ac_count" && break - lt_ac_count=`expr $lt_ac_count + 1` - if test "$lt_ac_count" -gt "$lt_ac_max"; then - lt_ac_max=$lt_ac_count - lt_cv_path_SED=$lt_ac_sed - fi - done -done -]) -SED=$lt_cv_path_SED -AC_SUBST([SED]) -AC_MSG_RESULT([$SED]) -])#AC_PROG_SED -])#m4_ifndef - -# Old name: -AU_ALIAS([LT_AC_PROG_SED], [AC_PROG_SED]) -dnl aclocal-1.4 backwards compatibility: -dnl AC_DEFUN([LT_AC_PROG_SED], []) - - -# _LT_CHECK_SHELL_FEATURES -# ------------------------ -# Find out whether the shell is Bourne or XSI compatible, -# or has some other useful features. -m4_defun([_LT_CHECK_SHELL_FEATURES], -[if ( (MAIL=60; unset MAIL) || exit) >/dev/null 2>&1; then - lt_unset=unset -else - lt_unset=false -fi -_LT_DECL([], [lt_unset], [0], [whether the shell understands "unset"])dnl - -# test EBCDIC or ASCII -case `echo X|tr X '\101'` in - A) # ASCII based system - # \n is not interpreted correctly by Solaris 8 /usr/ucb/tr - lt_SP2NL='tr \040 \012' - lt_NL2SP='tr \015\012 \040\040' - ;; - *) # EBCDIC based system - lt_SP2NL='tr \100 \n' - lt_NL2SP='tr \r\n \100\100' - ;; -esac -_LT_DECL([SP2NL], [lt_SP2NL], [1], [turn spaces into newlines])dnl -_LT_DECL([NL2SP], [lt_NL2SP], [1], [turn newlines into spaces])dnl -])# _LT_CHECK_SHELL_FEATURES - - -# _LT_PATH_CONVERSION_FUNCTIONS -# ----------------------------- -# Determine what file name conversion functions should be used by -# func_to_host_file (and, implicitly, by func_to_host_path). These are needed -# for certain cross-compile configurations and native mingw. -m4_defun([_LT_PATH_CONVERSION_FUNCTIONS], -[AC_REQUIRE([AC_CANONICAL_HOST])dnl -AC_REQUIRE([AC_CANONICAL_BUILD])dnl -AC_MSG_CHECKING([how to convert $build file names to $host format]) -AC_CACHE_VAL(lt_cv_to_host_file_cmd, -[case $host in - *-*-mingw* ) - case $build in - *-*-mingw* ) # actually msys - lt_cv_to_host_file_cmd=func_convert_file_msys_to_w32 - ;; - *-*-cygwin* ) - lt_cv_to_host_file_cmd=func_convert_file_cygwin_to_w32 - ;; - * ) # otherwise, assume *nix - lt_cv_to_host_file_cmd=func_convert_file_nix_to_w32 - ;; - esac - ;; - *-*-cygwin* ) - case $build in - *-*-mingw* ) # actually msys - lt_cv_to_host_file_cmd=func_convert_file_msys_to_cygwin - ;; - *-*-cygwin* ) - lt_cv_to_host_file_cmd=func_convert_file_noop - ;; - * ) # otherwise, assume *nix - lt_cv_to_host_file_cmd=func_convert_file_nix_to_cygwin - ;; - esac - ;; - * ) # unhandled hosts (and "normal" native builds) - lt_cv_to_host_file_cmd=func_convert_file_noop - ;; -esac -]) -to_host_file_cmd=$lt_cv_to_host_file_cmd -AC_MSG_RESULT([$lt_cv_to_host_file_cmd]) -_LT_DECL([to_host_file_cmd], [lt_cv_to_host_file_cmd], - [0], [convert $build file names to $host format])dnl - -AC_MSG_CHECKING([how to convert $build file names to toolchain format]) -AC_CACHE_VAL(lt_cv_to_tool_file_cmd, -[#assume ordinary cross tools, or native build. -lt_cv_to_tool_file_cmd=func_convert_file_noop -case $host in - *-*-mingw* ) - case $build in - *-*-mingw* ) # actually msys - lt_cv_to_tool_file_cmd=func_convert_file_msys_to_w32 - ;; - esac - ;; -esac -]) -to_tool_file_cmd=$lt_cv_to_tool_file_cmd -AC_MSG_RESULT([$lt_cv_to_tool_file_cmd]) -_LT_DECL([to_tool_file_cmd], [lt_cv_to_tool_file_cmd], - [0], [convert $build files to toolchain format])dnl -])# _LT_PATH_CONVERSION_FUNCTIONS - -# Helper functions for option handling. -*- Autoconf -*- -# -# Copyright (C) 2004-2005, 2007-2009, 2011-2015 Free Software -# Foundation, Inc. -# Written by Gary V. Vaughan, 2004 -# -# This file is free software; the Free Software Foundation gives -# unlimited permission to copy and/or distribute it, with or without -# modifications, as long as this notice is preserved. - -# serial 8 ltoptions.m4 - -# This is to help aclocal find these macros, as it can't see m4_define. -AC_DEFUN([LTOPTIONS_VERSION], [m4_if([1])]) - - -# _LT_MANGLE_OPTION(MACRO-NAME, OPTION-NAME) -# ------------------------------------------ -m4_define([_LT_MANGLE_OPTION], -[[_LT_OPTION_]m4_bpatsubst($1__$2, [[^a-zA-Z0-9_]], [_])]) - - -# _LT_SET_OPTION(MACRO-NAME, OPTION-NAME) -# --------------------------------------- -# Set option OPTION-NAME for macro MACRO-NAME, and if there is a -# matching handler defined, dispatch to it. Other OPTION-NAMEs are -# saved as a flag. -m4_define([_LT_SET_OPTION], -[m4_define(_LT_MANGLE_OPTION([$1], [$2]))dnl -m4_ifdef(_LT_MANGLE_DEFUN([$1], [$2]), - _LT_MANGLE_DEFUN([$1], [$2]), - [m4_warning([Unknown $1 option '$2'])])[]dnl -]) - - -# _LT_IF_OPTION(MACRO-NAME, OPTION-NAME, IF-SET, [IF-NOT-SET]) -# ------------------------------------------------------------ -# Execute IF-SET if OPTION is set, IF-NOT-SET otherwise. -m4_define([_LT_IF_OPTION], -[m4_ifdef(_LT_MANGLE_OPTION([$1], [$2]), [$3], [$4])]) - - -# _LT_UNLESS_OPTIONS(MACRO-NAME, OPTION-LIST, IF-NOT-SET) -# ------------------------------------------------------- -# Execute IF-NOT-SET unless all options in OPTION-LIST for MACRO-NAME -# are set. -m4_define([_LT_UNLESS_OPTIONS], -[m4_foreach([_LT_Option], m4_split(m4_normalize([$2])), - [m4_ifdef(_LT_MANGLE_OPTION([$1], _LT_Option), - [m4_define([$0_found])])])[]dnl -m4_ifdef([$0_found], [m4_undefine([$0_found])], [$3 -])[]dnl -]) - - -# _LT_SET_OPTIONS(MACRO-NAME, OPTION-LIST) -# ---------------------------------------- -# OPTION-LIST is a space-separated list of Libtool options associated -# with MACRO-NAME. If any OPTION has a matching handler declared with -# LT_OPTION_DEFINE, dispatch to that macro; otherwise complain about -# the unknown option and exit. -m4_defun([_LT_SET_OPTIONS], -[# Set options -m4_foreach([_LT_Option], m4_split(m4_normalize([$2])), - [_LT_SET_OPTION([$1], _LT_Option)]) - -m4_if([$1],[LT_INIT],[ - dnl - dnl Simply set some default values (i.e off) if boolean options were not - dnl specified: - _LT_UNLESS_OPTIONS([LT_INIT], [dlopen], [enable_dlopen=no - ]) - _LT_UNLESS_OPTIONS([LT_INIT], [win32-dll], [enable_win32_dll=no - ]) - dnl - dnl If no reference was made to various pairs of opposing options, then - dnl we run the default mode handler for the pair. For example, if neither - dnl 'shared' nor 'disable-shared' was passed, we enable building of shared - dnl archives by default: - _LT_UNLESS_OPTIONS([LT_INIT], [shared disable-shared], [_LT_ENABLE_SHARED]) - _LT_UNLESS_OPTIONS([LT_INIT], [static disable-static], [_LT_ENABLE_STATIC]) - _LT_UNLESS_OPTIONS([LT_INIT], [pic-only no-pic], [_LT_WITH_PIC]) - _LT_UNLESS_OPTIONS([LT_INIT], [fast-install disable-fast-install], - [_LT_ENABLE_FAST_INSTALL]) - _LT_UNLESS_OPTIONS([LT_INIT], [aix-soname=aix aix-soname=both aix-soname=svr4], - [_LT_WITH_AIX_SONAME([aix])]) - ]) -])# _LT_SET_OPTIONS - - - -# _LT_MANGLE_DEFUN(MACRO-NAME, OPTION-NAME) -# ----------------------------------------- -m4_define([_LT_MANGLE_DEFUN], -[[_LT_OPTION_DEFUN_]m4_bpatsubst(m4_toupper([$1__$2]), [[^A-Z0-9_]], [_])]) - - -# LT_OPTION_DEFINE(MACRO-NAME, OPTION-NAME, CODE) -# ----------------------------------------------- -m4_define([LT_OPTION_DEFINE], -[m4_define(_LT_MANGLE_DEFUN([$1], [$2]), [$3])[]dnl -])# LT_OPTION_DEFINE - - -# dlopen -# ------ -LT_OPTION_DEFINE([LT_INIT], [dlopen], [enable_dlopen=yes -]) - -AU_DEFUN([AC_LIBTOOL_DLOPEN], -[_LT_SET_OPTION([LT_INIT], [dlopen]) -AC_DIAGNOSE([obsolete], -[$0: Remove this warning and the call to _LT_SET_OPTION when you -put the 'dlopen' option into LT_INIT's first parameter.]) -]) - -dnl aclocal-1.4 backwards compatibility: -dnl AC_DEFUN([AC_LIBTOOL_DLOPEN], []) - - -# win32-dll -# --------- -# Declare package support for building win32 dll's. -LT_OPTION_DEFINE([LT_INIT], [win32-dll], -[enable_win32_dll=yes - -case $host in -*-*-cygwin* | *-*-mingw* | *-*-pw32* | *-*-cegcc*) - AC_CHECK_TOOL(AS, as, false) - AC_CHECK_TOOL(DLLTOOL, dlltool, false) - AC_CHECK_TOOL(OBJDUMP, objdump, false) - ;; -esac - -test -z "$AS" && AS=as -_LT_DECL([], [AS], [1], [Assembler program])dnl - -test -z "$DLLTOOL" && DLLTOOL=dlltool -_LT_DECL([], [DLLTOOL], [1], [DLL creation program])dnl - -test -z "$OBJDUMP" && OBJDUMP=objdump -_LT_DECL([], [OBJDUMP], [1], [Object dumper program])dnl -])# win32-dll - -AU_DEFUN([AC_LIBTOOL_WIN32_DLL], -[AC_REQUIRE([AC_CANONICAL_HOST])dnl -_LT_SET_OPTION([LT_INIT], [win32-dll]) -AC_DIAGNOSE([obsolete], -[$0: Remove this warning and the call to _LT_SET_OPTION when you -put the 'win32-dll' option into LT_INIT's first parameter.]) -]) - -dnl aclocal-1.4 backwards compatibility: -dnl AC_DEFUN([AC_LIBTOOL_WIN32_DLL], []) - - -# _LT_ENABLE_SHARED([DEFAULT]) -# ---------------------------- -# implement the --enable-shared flag, and supports the 'shared' and -# 'disable-shared' LT_INIT options. -# DEFAULT is either 'yes' or 'no'. If omitted, it defaults to 'yes'. -m4_define([_LT_ENABLE_SHARED], -[m4_define([_LT_ENABLE_SHARED_DEFAULT], [m4_if($1, no, no, yes)])dnl -AC_ARG_ENABLE([shared], - [AS_HELP_STRING([--enable-shared@<:@=PKGS@:>@], - [build shared libraries @<:@default=]_LT_ENABLE_SHARED_DEFAULT[@:>@])], - [p=${PACKAGE-default} - case $enableval in - yes) enable_shared=yes ;; - no) enable_shared=no ;; - *) - enable_shared=no - # Look at the argument we got. We use all the common list separators. - lt_save_ifs=$IFS; IFS=$IFS$PATH_SEPARATOR, - for pkg in $enableval; do - IFS=$lt_save_ifs - if test "X$pkg" = "X$p"; then - enable_shared=yes - fi - done - IFS=$lt_save_ifs - ;; - esac], - [enable_shared=]_LT_ENABLE_SHARED_DEFAULT) - - _LT_DECL([build_libtool_libs], [enable_shared], [0], - [Whether or not to build shared libraries]) -])# _LT_ENABLE_SHARED - -LT_OPTION_DEFINE([LT_INIT], [shared], [_LT_ENABLE_SHARED([yes])]) -LT_OPTION_DEFINE([LT_INIT], [disable-shared], [_LT_ENABLE_SHARED([no])]) - -# Old names: -AC_DEFUN([AC_ENABLE_SHARED], -[_LT_SET_OPTION([LT_INIT], m4_if([$1], [no], [disable-])[shared]) -]) - -AC_DEFUN([AC_DISABLE_SHARED], -[_LT_SET_OPTION([LT_INIT], [disable-shared]) -]) - -AU_DEFUN([AM_ENABLE_SHARED], [AC_ENABLE_SHARED($@)]) -AU_DEFUN([AM_DISABLE_SHARED], [AC_DISABLE_SHARED($@)]) - -dnl aclocal-1.4 backwards compatibility: -dnl AC_DEFUN([AM_ENABLE_SHARED], []) -dnl AC_DEFUN([AM_DISABLE_SHARED], []) - - - -# _LT_ENABLE_STATIC([DEFAULT]) -# ---------------------------- -# implement the --enable-static flag, and support the 'static' and -# 'disable-static' LT_INIT options. -# DEFAULT is either 'yes' or 'no'. If omitted, it defaults to 'yes'. -m4_define([_LT_ENABLE_STATIC], -[m4_define([_LT_ENABLE_STATIC_DEFAULT], [m4_if($1, no, no, yes)])dnl -AC_ARG_ENABLE([static], - [AS_HELP_STRING([--enable-static@<:@=PKGS@:>@], - [build static libraries @<:@default=]_LT_ENABLE_STATIC_DEFAULT[@:>@])], - [p=${PACKAGE-default} - case $enableval in - yes) enable_static=yes ;; - no) enable_static=no ;; - *) - enable_static=no - # Look at the argument we got. We use all the common list separators. - lt_save_ifs=$IFS; IFS=$IFS$PATH_SEPARATOR, - for pkg in $enableval; do - IFS=$lt_save_ifs - if test "X$pkg" = "X$p"; then - enable_static=yes - fi - done - IFS=$lt_save_ifs - ;; - esac], - [enable_static=]_LT_ENABLE_STATIC_DEFAULT) - - _LT_DECL([build_old_libs], [enable_static], [0], - [Whether or not to build static libraries]) -])# _LT_ENABLE_STATIC - -LT_OPTION_DEFINE([LT_INIT], [static], [_LT_ENABLE_STATIC([yes])]) -LT_OPTION_DEFINE([LT_INIT], [disable-static], [_LT_ENABLE_STATIC([no])]) - -# Old names: -AC_DEFUN([AC_ENABLE_STATIC], -[_LT_SET_OPTION([LT_INIT], m4_if([$1], [no], [disable-])[static]) -]) - -AC_DEFUN([AC_DISABLE_STATIC], -[_LT_SET_OPTION([LT_INIT], [disable-static]) -]) - -AU_DEFUN([AM_ENABLE_STATIC], [AC_ENABLE_STATIC($@)]) -AU_DEFUN([AM_DISABLE_STATIC], [AC_DISABLE_STATIC($@)]) - -dnl aclocal-1.4 backwards compatibility: -dnl AC_DEFUN([AM_ENABLE_STATIC], []) -dnl AC_DEFUN([AM_DISABLE_STATIC], []) - - - -# _LT_ENABLE_FAST_INSTALL([DEFAULT]) -# ---------------------------------- -# implement the --enable-fast-install flag, and support the 'fast-install' -# and 'disable-fast-install' LT_INIT options. -# DEFAULT is either 'yes' or 'no'. If omitted, it defaults to 'yes'. -m4_define([_LT_ENABLE_FAST_INSTALL], -[m4_define([_LT_ENABLE_FAST_INSTALL_DEFAULT], [m4_if($1, no, no, yes)])dnl -AC_ARG_ENABLE([fast-install], - [AS_HELP_STRING([--enable-fast-install@<:@=PKGS@:>@], - [optimize for fast installation @<:@default=]_LT_ENABLE_FAST_INSTALL_DEFAULT[@:>@])], - [p=${PACKAGE-default} - case $enableval in - yes) enable_fast_install=yes ;; - no) enable_fast_install=no ;; - *) - enable_fast_install=no - # Look at the argument we got. We use all the common list separators. - lt_save_ifs=$IFS; IFS=$IFS$PATH_SEPARATOR, - for pkg in $enableval; do - IFS=$lt_save_ifs - if test "X$pkg" = "X$p"; then - enable_fast_install=yes - fi - done - IFS=$lt_save_ifs - ;; - esac], - [enable_fast_install=]_LT_ENABLE_FAST_INSTALL_DEFAULT) - -_LT_DECL([fast_install], [enable_fast_install], [0], - [Whether or not to optimize for fast installation])dnl -])# _LT_ENABLE_FAST_INSTALL - -LT_OPTION_DEFINE([LT_INIT], [fast-install], [_LT_ENABLE_FAST_INSTALL([yes])]) -LT_OPTION_DEFINE([LT_INIT], [disable-fast-install], [_LT_ENABLE_FAST_INSTALL([no])]) - -# Old names: -AU_DEFUN([AC_ENABLE_FAST_INSTALL], -[_LT_SET_OPTION([LT_INIT], m4_if([$1], [no], [disable-])[fast-install]) -AC_DIAGNOSE([obsolete], -[$0: Remove this warning and the call to _LT_SET_OPTION when you put -the 'fast-install' option into LT_INIT's first parameter.]) -]) - -AU_DEFUN([AC_DISABLE_FAST_INSTALL], -[_LT_SET_OPTION([LT_INIT], [disable-fast-install]) -AC_DIAGNOSE([obsolete], -[$0: Remove this warning and the call to _LT_SET_OPTION when you put -the 'disable-fast-install' option into LT_INIT's first parameter.]) -]) - -dnl aclocal-1.4 backwards compatibility: -dnl AC_DEFUN([AC_ENABLE_FAST_INSTALL], []) -dnl AC_DEFUN([AM_DISABLE_FAST_INSTALL], []) - - -# _LT_WITH_AIX_SONAME([DEFAULT]) -# ---------------------------------- -# implement the --with-aix-soname flag, and support the `aix-soname=aix' -# and `aix-soname=both' and `aix-soname=svr4' LT_INIT options. DEFAULT -# is either `aix', `both' or `svr4'. If omitted, it defaults to `aix'. -m4_define([_LT_WITH_AIX_SONAME], -[m4_define([_LT_WITH_AIX_SONAME_DEFAULT], [m4_if($1, svr4, svr4, m4_if($1, both, both, aix))])dnl -shared_archive_member_spec= -case $host,$enable_shared in -power*-*-aix[[5-9]]*,yes) - AC_MSG_CHECKING([which variant of shared library versioning to provide]) - AC_ARG_WITH([aix-soname], - [AS_HELP_STRING([--with-aix-soname=aix|svr4|both], - [shared library versioning (aka "SONAME") variant to provide on AIX, @<:@default=]_LT_WITH_AIX_SONAME_DEFAULT[@:>@.])], - [case $withval in - aix|svr4|both) - ;; - *) - AC_MSG_ERROR([Unknown argument to --with-aix-soname]) - ;; - esac - lt_cv_with_aix_soname=$with_aix_soname], - [AC_CACHE_VAL([lt_cv_with_aix_soname], - [lt_cv_with_aix_soname=]_LT_WITH_AIX_SONAME_DEFAULT) - with_aix_soname=$lt_cv_with_aix_soname]) - AC_MSG_RESULT([$with_aix_soname]) - if test aix != "$with_aix_soname"; then - # For the AIX way of multilib, we name the shared archive member - # based on the bitwidth used, traditionally 'shr.o' or 'shr_64.o', - # and 'shr.imp' or 'shr_64.imp', respectively, for the Import File. - # Even when GNU compilers ignore OBJECT_MODE but need '-maix64' flag, - # the AIX toolchain works better with OBJECT_MODE set (default 32). - if test 64 = "${OBJECT_MODE-32}"; then - shared_archive_member_spec=shr_64 - else - shared_archive_member_spec=shr - fi - fi - ;; -*) - with_aix_soname=aix - ;; -esac - -_LT_DECL([], [shared_archive_member_spec], [0], - [Shared archive member basename, for filename based shared library versioning on AIX])dnl -])# _LT_WITH_AIX_SONAME - -LT_OPTION_DEFINE([LT_INIT], [aix-soname=aix], [_LT_WITH_AIX_SONAME([aix])]) -LT_OPTION_DEFINE([LT_INIT], [aix-soname=both], [_LT_WITH_AIX_SONAME([both])]) -LT_OPTION_DEFINE([LT_INIT], [aix-soname=svr4], [_LT_WITH_AIX_SONAME([svr4])]) - - -# _LT_WITH_PIC([MODE]) -# -------------------- -# implement the --with-pic flag, and support the 'pic-only' and 'no-pic' -# LT_INIT options. -# MODE is either 'yes' or 'no'. If omitted, it defaults to 'both'. -m4_define([_LT_WITH_PIC], -[AC_ARG_WITH([pic], - [AS_HELP_STRING([--with-pic@<:@=PKGS@:>@], - [try to use only PIC/non-PIC objects @<:@default=use both@:>@])], - [lt_p=${PACKAGE-default} - case $withval in - yes|no) pic_mode=$withval ;; - *) - pic_mode=default - # Look at the argument we got. We use all the common list separators. - lt_save_ifs=$IFS; IFS=$IFS$PATH_SEPARATOR, - for lt_pkg in $withval; do - IFS=$lt_save_ifs - if test "X$lt_pkg" = "X$lt_p"; then - pic_mode=yes - fi - done - IFS=$lt_save_ifs - ;; - esac], - [pic_mode=m4_default([$1], [default])]) - -_LT_DECL([], [pic_mode], [0], [What type of objects to build])dnl -])# _LT_WITH_PIC - -LT_OPTION_DEFINE([LT_INIT], [pic-only], [_LT_WITH_PIC([yes])]) -LT_OPTION_DEFINE([LT_INIT], [no-pic], [_LT_WITH_PIC([no])]) - -# Old name: -AU_DEFUN([AC_LIBTOOL_PICMODE], -[_LT_SET_OPTION([LT_INIT], [pic-only]) -AC_DIAGNOSE([obsolete], -[$0: Remove this warning and the call to _LT_SET_OPTION when you -put the 'pic-only' option into LT_INIT's first parameter.]) -]) - -dnl aclocal-1.4 backwards compatibility: -dnl AC_DEFUN([AC_LIBTOOL_PICMODE], []) - - -m4_define([_LTDL_MODE], []) -LT_OPTION_DEFINE([LTDL_INIT], [nonrecursive], - [m4_define([_LTDL_MODE], [nonrecursive])]) -LT_OPTION_DEFINE([LTDL_INIT], [recursive], - [m4_define([_LTDL_MODE], [recursive])]) -LT_OPTION_DEFINE([LTDL_INIT], [subproject], - [m4_define([_LTDL_MODE], [subproject])]) - -m4_define([_LTDL_TYPE], []) -LT_OPTION_DEFINE([LTDL_INIT], [installable], - [m4_define([_LTDL_TYPE], [installable])]) -LT_OPTION_DEFINE([LTDL_INIT], [convenience], - [m4_define([_LTDL_TYPE], [convenience])]) - -# ltsugar.m4 -- libtool m4 base layer. -*-Autoconf-*- -# -# Copyright (C) 2004-2005, 2007-2008, 2011-2015 Free Software -# Foundation, Inc. -# Written by Gary V. Vaughan, 2004 -# -# This file is free software; the Free Software Foundation gives -# unlimited permission to copy and/or distribute it, with or without -# modifications, as long as this notice is preserved. - -# serial 6 ltsugar.m4 - -# This is to help aclocal find these macros, as it can't see m4_define. -AC_DEFUN([LTSUGAR_VERSION], [m4_if([0.1])]) - - -# lt_join(SEP, ARG1, [ARG2...]) -# ----------------------------- -# Produce ARG1SEPARG2...SEPARGn, omitting [] arguments and their -# associated separator. -# Needed until we can rely on m4_join from Autoconf 2.62, since all earlier -# versions in m4sugar had bugs. -m4_define([lt_join], -[m4_if([$#], [1], [], - [$#], [2], [[$2]], - [m4_if([$2], [], [], [[$2]_])$0([$1], m4_shift(m4_shift($@)))])]) -m4_define([_lt_join], -[m4_if([$#$2], [2], [], - [m4_if([$2], [], [], [[$1$2]])$0([$1], m4_shift(m4_shift($@)))])]) - - -# lt_car(LIST) -# lt_cdr(LIST) -# ------------ -# Manipulate m4 lists. -# These macros are necessary as long as will still need to support -# Autoconf-2.59, which quotes differently. -m4_define([lt_car], [[$1]]) -m4_define([lt_cdr], -[m4_if([$#], 0, [m4_fatal([$0: cannot be called without arguments])], - [$#], 1, [], - [m4_dquote(m4_shift($@))])]) -m4_define([lt_unquote], $1) - - -# lt_append(MACRO-NAME, STRING, [SEPARATOR]) -# ------------------------------------------ -# Redefine MACRO-NAME to hold its former content plus 'SEPARATOR''STRING'. -# Note that neither SEPARATOR nor STRING are expanded; they are appended -# to MACRO-NAME as is (leaving the expansion for when MACRO-NAME is invoked). -# No SEPARATOR is output if MACRO-NAME was previously undefined (different -# than defined and empty). -# -# This macro is needed until we can rely on Autoconf 2.62, since earlier -# versions of m4sugar mistakenly expanded SEPARATOR but not STRING. -m4_define([lt_append], -[m4_define([$1], - m4_ifdef([$1], [m4_defn([$1])[$3]])[$2])]) - - - -# lt_combine(SEP, PREFIX-LIST, INFIX, SUFFIX1, [SUFFIX2...]) -# ---------------------------------------------------------- -# Produce a SEP delimited list of all paired combinations of elements of -# PREFIX-LIST with SUFFIX1 through SUFFIXn. Each element of the list -# has the form PREFIXmINFIXSUFFIXn. -# Needed until we can rely on m4_combine added in Autoconf 2.62. -m4_define([lt_combine], -[m4_if(m4_eval([$# > 3]), [1], - [m4_pushdef([_Lt_sep], [m4_define([_Lt_sep], m4_defn([lt_car]))])]]dnl -[[m4_foreach([_Lt_prefix], [$2], - [m4_foreach([_Lt_suffix], - ]m4_dquote(m4_dquote(m4_shift(m4_shift(m4_shift($@)))))[, - [_Lt_sep([$1])[]m4_defn([_Lt_prefix])[$3]m4_defn([_Lt_suffix])])])])]) - - -# lt_if_append_uniq(MACRO-NAME, VARNAME, [SEPARATOR], [UNIQ], [NOT-UNIQ]) -# ----------------------------------------------------------------------- -# Iff MACRO-NAME does not yet contain VARNAME, then append it (delimited -# by SEPARATOR if supplied) and expand UNIQ, else NOT-UNIQ. -m4_define([lt_if_append_uniq], -[m4_ifdef([$1], - [m4_if(m4_index([$3]m4_defn([$1])[$3], [$3$2$3]), [-1], - [lt_append([$1], [$2], [$3])$4], - [$5])], - [lt_append([$1], [$2], [$3])$4])]) - - -# lt_dict_add(DICT, KEY, VALUE) -# ----------------------------- -m4_define([lt_dict_add], -[m4_define([$1($2)], [$3])]) - - -# lt_dict_add_subkey(DICT, KEY, SUBKEY, VALUE) -# -------------------------------------------- -m4_define([lt_dict_add_subkey], -[m4_define([$1($2:$3)], [$4])]) - - -# lt_dict_fetch(DICT, KEY, [SUBKEY]) -# ---------------------------------- -m4_define([lt_dict_fetch], -[m4_ifval([$3], - m4_ifdef([$1($2:$3)], [m4_defn([$1($2:$3)])]), - m4_ifdef([$1($2)], [m4_defn([$1($2)])]))]) - - -# lt_if_dict_fetch(DICT, KEY, [SUBKEY], VALUE, IF-TRUE, [IF-FALSE]) -# ----------------------------------------------------------------- -m4_define([lt_if_dict_fetch], -[m4_if(lt_dict_fetch([$1], [$2], [$3]), [$4], - [$5], - [$6])]) - - -# lt_dict_filter(DICT, [SUBKEY], VALUE, [SEPARATOR], KEY, [...]) -# -------------------------------------------------------------- -m4_define([lt_dict_filter], -[m4_if([$5], [], [], - [lt_join(m4_quote(m4_default([$4], [[, ]])), - lt_unquote(m4_split(m4_normalize(m4_foreach(_Lt_key, lt_car([m4_shiftn(4, $@)]), - [lt_if_dict_fetch([$1], _Lt_key, [$2], [$3], [_Lt_key ])])))))])[]dnl -]) - -# ltversion.m4 -- version numbers -*- Autoconf -*- -# -# Copyright (C) 2004, 2011-2015 Free Software Foundation, Inc. -# Written by Scott James Remnant, 2004 -# -# This file is free software; the Free Software Foundation gives -# unlimited permission to copy and/or distribute it, with or without -# modifications, as long as this notice is preserved. - -# @configure_input@ - -# serial 4179 ltversion.m4 -# This file is part of GNU Libtool - -m4_define([LT_PACKAGE_VERSION], [2.4.6]) -m4_define([LT_PACKAGE_REVISION], [2.4.6]) - -AC_DEFUN([LTVERSION_VERSION], -[macro_version='2.4.6' -macro_revision='2.4.6' -_LT_DECL(, macro_version, 0, [Which release of libtool.m4 was used?]) -_LT_DECL(, macro_revision, 0) -]) - -# lt~obsolete.m4 -- aclocal satisfying obsolete definitions. -*-Autoconf-*- -# -# Copyright (C) 2004-2005, 2007, 2009, 2011-2015 Free Software -# Foundation, Inc. -# Written by Scott James Remnant, 2004. -# -# This file is free software; the Free Software Foundation gives -# unlimited permission to copy and/or distribute it, with or without -# modifications, as long as this notice is preserved. - -# serial 5 lt~obsolete.m4 - -# These exist entirely to fool aclocal when bootstrapping libtool. -# -# In the past libtool.m4 has provided macros via AC_DEFUN (or AU_DEFUN), -# which have later been changed to m4_define as they aren't part of the -# exported API, or moved to Autoconf or Automake where they belong. -# -# The trouble is, aclocal is a bit thick. It'll see the old AC_DEFUN -# in /usr/share/aclocal/libtool.m4 and remember it, then when it sees us -# using a macro with the same name in our local m4/libtool.m4 it'll -# pull the old libtool.m4 in (it doesn't see our shiny new m4_define -# and doesn't know about Autoconf macros at all.) -# -# So we provide this file, which has a silly filename so it's always -# included after everything else. This provides aclocal with the -# AC_DEFUNs it wants, but when m4 processes it, it doesn't do anything -# because those macros already exist, or will be overwritten later. -# We use AC_DEFUN over AU_DEFUN for compatibility with aclocal-1.6. -# -# Anytime we withdraw an AC_DEFUN or AU_DEFUN, remember to add it here. -# Yes, that means every name once taken will need to remain here until -# we give up compatibility with versions before 1.7, at which point -# we need to keep only those names which we still refer to. - -# This is to help aclocal find these macros, as it can't see m4_define. -AC_DEFUN([LTOBSOLETE_VERSION], [m4_if([1])]) - -m4_ifndef([AC_LIBTOOL_LINKER_OPTION], [AC_DEFUN([AC_LIBTOOL_LINKER_OPTION])]) -m4_ifndef([AC_PROG_EGREP], [AC_DEFUN([AC_PROG_EGREP])]) -m4_ifndef([_LT_AC_PROG_ECHO_BACKSLASH], [AC_DEFUN([_LT_AC_PROG_ECHO_BACKSLASH])]) -m4_ifndef([_LT_AC_SHELL_INIT], [AC_DEFUN([_LT_AC_SHELL_INIT])]) -m4_ifndef([_LT_AC_SYS_LIBPATH_AIX], [AC_DEFUN([_LT_AC_SYS_LIBPATH_AIX])]) -m4_ifndef([_LT_PROG_LTMAIN], [AC_DEFUN([_LT_PROG_LTMAIN])]) -m4_ifndef([_LT_AC_TAGVAR], [AC_DEFUN([_LT_AC_TAGVAR])]) -m4_ifndef([AC_LTDL_ENABLE_INSTALL], [AC_DEFUN([AC_LTDL_ENABLE_INSTALL])]) -m4_ifndef([AC_LTDL_PREOPEN], [AC_DEFUN([AC_LTDL_PREOPEN])]) -m4_ifndef([_LT_AC_SYS_COMPILER], [AC_DEFUN([_LT_AC_SYS_COMPILER])]) -m4_ifndef([_LT_AC_LOCK], [AC_DEFUN([_LT_AC_LOCK])]) -m4_ifndef([AC_LIBTOOL_SYS_OLD_ARCHIVE], [AC_DEFUN([AC_LIBTOOL_SYS_OLD_ARCHIVE])]) -m4_ifndef([_LT_AC_TRY_DLOPEN_SELF], [AC_DEFUN([_LT_AC_TRY_DLOPEN_SELF])]) -m4_ifndef([AC_LIBTOOL_PROG_CC_C_O], [AC_DEFUN([AC_LIBTOOL_PROG_CC_C_O])]) -m4_ifndef([AC_LIBTOOL_SYS_HARD_LINK_LOCKS], [AC_DEFUN([AC_LIBTOOL_SYS_HARD_LINK_LOCKS])]) -m4_ifndef([AC_LIBTOOL_OBJDIR], [AC_DEFUN([AC_LIBTOOL_OBJDIR])]) -m4_ifndef([AC_LTDL_OBJDIR], [AC_DEFUN([AC_LTDL_OBJDIR])]) -m4_ifndef([AC_LIBTOOL_PROG_LD_HARDCODE_LIBPATH], [AC_DEFUN([AC_LIBTOOL_PROG_LD_HARDCODE_LIBPATH])]) -m4_ifndef([AC_LIBTOOL_SYS_LIB_STRIP], [AC_DEFUN([AC_LIBTOOL_SYS_LIB_STRIP])]) -m4_ifndef([AC_PATH_MAGIC], [AC_DEFUN([AC_PATH_MAGIC])]) -m4_ifndef([AC_PROG_LD_GNU], [AC_DEFUN([AC_PROG_LD_GNU])]) -m4_ifndef([AC_PROG_LD_RELOAD_FLAG], [AC_DEFUN([AC_PROG_LD_RELOAD_FLAG])]) -m4_ifndef([AC_DEPLIBS_CHECK_METHOD], [AC_DEFUN([AC_DEPLIBS_CHECK_METHOD])]) -m4_ifndef([AC_LIBTOOL_PROG_COMPILER_NO_RTTI], [AC_DEFUN([AC_LIBTOOL_PROG_COMPILER_NO_RTTI])]) -m4_ifndef([AC_LIBTOOL_SYS_GLOBAL_SYMBOL_PIPE], [AC_DEFUN([AC_LIBTOOL_SYS_GLOBAL_SYMBOL_PIPE])]) -m4_ifndef([AC_LIBTOOL_PROG_COMPILER_PIC], [AC_DEFUN([AC_LIBTOOL_PROG_COMPILER_PIC])]) -m4_ifndef([AC_LIBTOOL_PROG_LD_SHLIBS], [AC_DEFUN([AC_LIBTOOL_PROG_LD_SHLIBS])]) -m4_ifndef([AC_LIBTOOL_POSTDEP_PREDEP], [AC_DEFUN([AC_LIBTOOL_POSTDEP_PREDEP])]) -m4_ifndef([LT_AC_PROG_EGREP], [AC_DEFUN([LT_AC_PROG_EGREP])]) -m4_ifndef([LT_AC_PROG_SED], [AC_DEFUN([LT_AC_PROG_SED])]) -m4_ifndef([_LT_CC_BASENAME], [AC_DEFUN([_LT_CC_BASENAME])]) -m4_ifndef([_LT_COMPILER_BOILERPLATE], [AC_DEFUN([_LT_COMPILER_BOILERPLATE])]) -m4_ifndef([_LT_LINKER_BOILERPLATE], [AC_DEFUN([_LT_LINKER_BOILERPLATE])]) -m4_ifndef([_AC_PROG_LIBTOOL], [AC_DEFUN([_AC_PROG_LIBTOOL])]) -m4_ifndef([AC_LIBTOOL_SETUP], [AC_DEFUN([AC_LIBTOOL_SETUP])]) -m4_ifndef([_LT_AC_CHECK_DLFCN], [AC_DEFUN([_LT_AC_CHECK_DLFCN])]) -m4_ifndef([AC_LIBTOOL_SYS_DYNAMIC_LINKER], [AC_DEFUN([AC_LIBTOOL_SYS_DYNAMIC_LINKER])]) -m4_ifndef([_LT_AC_TAGCONFIG], [AC_DEFUN([_LT_AC_TAGCONFIG])]) -m4_ifndef([AC_DISABLE_FAST_INSTALL], [AC_DEFUN([AC_DISABLE_FAST_INSTALL])]) -m4_ifndef([_LT_AC_LANG_CXX], [AC_DEFUN([_LT_AC_LANG_CXX])]) -m4_ifndef([_LT_AC_LANG_F77], [AC_DEFUN([_LT_AC_LANG_F77])]) -m4_ifndef([_LT_AC_LANG_GCJ], [AC_DEFUN([_LT_AC_LANG_GCJ])]) -m4_ifndef([AC_LIBTOOL_LANG_C_CONFIG], [AC_DEFUN([AC_LIBTOOL_LANG_C_CONFIG])]) -m4_ifndef([_LT_AC_LANG_C_CONFIG], [AC_DEFUN([_LT_AC_LANG_C_CONFIG])]) -m4_ifndef([AC_LIBTOOL_LANG_CXX_CONFIG], [AC_DEFUN([AC_LIBTOOL_LANG_CXX_CONFIG])]) -m4_ifndef([_LT_AC_LANG_CXX_CONFIG], [AC_DEFUN([_LT_AC_LANG_CXX_CONFIG])]) -m4_ifndef([AC_LIBTOOL_LANG_F77_CONFIG], [AC_DEFUN([AC_LIBTOOL_LANG_F77_CONFIG])]) -m4_ifndef([_LT_AC_LANG_F77_CONFIG], [AC_DEFUN([_LT_AC_LANG_F77_CONFIG])]) -m4_ifndef([AC_LIBTOOL_LANG_GCJ_CONFIG], [AC_DEFUN([AC_LIBTOOL_LANG_GCJ_CONFIG])]) -m4_ifndef([_LT_AC_LANG_GCJ_CONFIG], [AC_DEFUN([_LT_AC_LANG_GCJ_CONFIG])]) -m4_ifndef([AC_LIBTOOL_LANG_RC_CONFIG], [AC_DEFUN([AC_LIBTOOL_LANG_RC_CONFIG])]) -m4_ifndef([_LT_AC_LANG_RC_CONFIG], [AC_DEFUN([_LT_AC_LANG_RC_CONFIG])]) -m4_ifndef([AC_LIBTOOL_CONFIG], [AC_DEFUN([AC_LIBTOOL_CONFIG])]) -m4_ifndef([_LT_AC_FILE_LTDLL_C], [AC_DEFUN([_LT_AC_FILE_LTDLL_C])]) -m4_ifndef([_LT_REQUIRED_DARWIN_CHECKS], [AC_DEFUN([_LT_REQUIRED_DARWIN_CHECKS])]) -m4_ifndef([_LT_AC_PROG_CXXCPP], [AC_DEFUN([_LT_AC_PROG_CXXCPP])]) -m4_ifndef([_LT_PREPARE_SED_QUOTE_VARS], [AC_DEFUN([_LT_PREPARE_SED_QUOTE_VARS])]) -m4_ifndef([_LT_PROG_ECHO_BACKSLASH], [AC_DEFUN([_LT_PROG_ECHO_BACKSLASH])]) -m4_ifndef([_LT_PROG_F77], [AC_DEFUN([_LT_PROG_F77])]) -m4_ifndef([_LT_PROG_FC], [AC_DEFUN([_LT_PROG_FC])]) -m4_ifndef([_LT_PROG_CXX], [AC_DEFUN([_LT_PROG_CXX])]) - -dnl pkg.m4 - Macros to locate and utilise pkg-config. -*- Autoconf -*- -dnl serial 11 (pkg-config-0.29.1) -dnl -dnl Copyright © 2004 Scott James Remnant . -dnl Copyright © 2012-2015 Dan Nicholson -dnl -dnl This program is free software; you can redistribute it and/or modify -dnl it under the terms of the GNU General Public License as published by -dnl the Free Software Foundation; either version 2 of the License, or -dnl (at your option) any later version. -dnl -dnl This program is distributed in the hope that it will be useful, but -dnl WITHOUT ANY WARRANTY; without even the implied warranty of -dnl MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -dnl General Public License for more details. -dnl -dnl You should have received a copy of the GNU General Public License -dnl along with this program; if not, write to the Free Software -dnl Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA -dnl 02111-1307, USA. -dnl -dnl As a special exception to the GNU General Public License, if you -dnl distribute this file as part of a program that contains a -dnl configuration script generated by Autoconf, you may include it under -dnl the same distribution terms that you use for the rest of that -dnl program. - -dnl PKG_PREREQ(MIN-VERSION) -dnl ----------------------- -dnl Since: 0.29 -dnl -dnl Verify that the version of the pkg-config macros are at least -dnl MIN-VERSION. Unlike PKG_PROG_PKG_CONFIG, which checks the user's -dnl installed version of pkg-config, this checks the developer's version -dnl of pkg.m4 when generating configure. -dnl -dnl To ensure that this macro is defined, also add: -dnl m4_ifndef([PKG_PREREQ], -dnl [m4_fatal([must install pkg-config 0.29 or later before running autoconf/autogen])]) -dnl -dnl See the "Since" comment for each macro you use to see what version -dnl of the macros you require. -m4_defun([PKG_PREREQ], -[m4_define([PKG_MACROS_VERSION], [0.29.1]) -m4_if(m4_version_compare(PKG_MACROS_VERSION, [$1]), -1, - [m4_fatal([pkg.m4 version $1 or higher is required but ]PKG_MACROS_VERSION[ found])]) -])dnl PKG_PREREQ - -dnl PKG_PROG_PKG_CONFIG([MIN-VERSION]) -dnl ---------------------------------- -dnl Since: 0.16 -dnl -dnl Search for the pkg-config tool and set the PKG_CONFIG variable to -dnl first found in the path. Checks that the version of pkg-config found -dnl is at least MIN-VERSION. If MIN-VERSION is not specified, 0.9.0 is -dnl used since that's the first version where most current features of -dnl pkg-config existed. -AC_DEFUN([PKG_PROG_PKG_CONFIG], -[m4_pattern_forbid([^_?PKG_[A-Z_]+$]) -m4_pattern_allow([^PKG_CONFIG(_(PATH|LIBDIR|SYSROOT_DIR|ALLOW_SYSTEM_(CFLAGS|LIBS)))?$]) -m4_pattern_allow([^PKG_CONFIG_(DISABLE_UNINSTALLED|TOP_BUILD_DIR|DEBUG_SPEW)$]) -AC_ARG_VAR([PKG_CONFIG], [path to pkg-config utility]) -AC_ARG_VAR([PKG_CONFIG_PATH], [directories to add to pkg-config's search path]) -AC_ARG_VAR([PKG_CONFIG_LIBDIR], [path overriding pkg-config's built-in search path]) - -if test "x$ac_cv_env_PKG_CONFIG_set" != "xset"; then - AC_PATH_TOOL([PKG_CONFIG], [pkg-config]) -fi -if test -n "$PKG_CONFIG"; then - _pkg_min_version=m4_default([$1], [0.9.0]) - AC_MSG_CHECKING([pkg-config is at least version $_pkg_min_version]) - if $PKG_CONFIG --atleast-pkgconfig-version $_pkg_min_version; then - AC_MSG_RESULT([yes]) - else - AC_MSG_RESULT([no]) - PKG_CONFIG="" - fi -fi[]dnl -])dnl PKG_PROG_PKG_CONFIG - -dnl PKG_CHECK_EXISTS(MODULES, [ACTION-IF-FOUND], [ACTION-IF-NOT-FOUND]) -dnl ------------------------------------------------------------------- -dnl Since: 0.18 -dnl -dnl Check to see whether a particular set of modules exists. Similar to -dnl PKG_CHECK_MODULES(), but does not set variables or print errors. -dnl -dnl Please remember that m4 expands AC_REQUIRE([PKG_PROG_PKG_CONFIG]) -dnl only at the first occurence in configure.ac, so if the first place -dnl it's called might be skipped (such as if it is within an "if", you -dnl have to call PKG_CHECK_EXISTS manually -AC_DEFUN([PKG_CHECK_EXISTS], -[AC_REQUIRE([PKG_PROG_PKG_CONFIG])dnl -if test -n "$PKG_CONFIG" && \ - AC_RUN_LOG([$PKG_CONFIG --exists --print-errors "$1"]); then - m4_default([$2], [:]) -m4_ifvaln([$3], [else - $3])dnl -fi]) - -dnl _PKG_CONFIG([VARIABLE], [COMMAND], [MODULES]) -dnl --------------------------------------------- -dnl Internal wrapper calling pkg-config via PKG_CONFIG and setting -dnl pkg_failed based on the result. -m4_define([_PKG_CONFIG], -[if test -n "$$1"; then - pkg_cv_[]$1="$$1" - elif test -n "$PKG_CONFIG"; then - PKG_CHECK_EXISTS([$3], - [pkg_cv_[]$1=`$PKG_CONFIG --[]$2 "$3" 2>/dev/null` - test "x$?" != "x0" && pkg_failed=yes ], - [pkg_failed=yes]) - else - pkg_failed=untried -fi[]dnl -])dnl _PKG_CONFIG - -dnl _PKG_SHORT_ERRORS_SUPPORTED -dnl --------------------------- -dnl Internal check to see if pkg-config supports short errors. -AC_DEFUN([_PKG_SHORT_ERRORS_SUPPORTED], -[AC_REQUIRE([PKG_PROG_PKG_CONFIG]) -if $PKG_CONFIG --atleast-pkgconfig-version 0.20; then - _pkg_short_errors_supported=yes -else - _pkg_short_errors_supported=no -fi[]dnl -])dnl _PKG_SHORT_ERRORS_SUPPORTED - - -dnl PKG_CHECK_MODULES(VARIABLE-PREFIX, MODULES, [ACTION-IF-FOUND], -dnl [ACTION-IF-NOT-FOUND]) -dnl -------------------------------------------------------------- -dnl Since: 0.4.0 -dnl -dnl Note that if there is a possibility the first call to -dnl PKG_CHECK_MODULES might not happen, you should be sure to include an -dnl explicit call to PKG_PROG_PKG_CONFIG in your configure.ac -AC_DEFUN([PKG_CHECK_MODULES], -[AC_REQUIRE([PKG_PROG_PKG_CONFIG])dnl -AC_ARG_VAR([$1][_CFLAGS], [C compiler flags for $1, overriding pkg-config])dnl -AC_ARG_VAR([$1][_LIBS], [linker flags for $1, overriding pkg-config])dnl - -pkg_failed=no -AC_MSG_CHECKING([for $1]) - -_PKG_CONFIG([$1][_CFLAGS], [cflags], [$2]) -_PKG_CONFIG([$1][_LIBS], [libs], [$2]) - -m4_define([_PKG_TEXT], [Alternatively, you may set the environment variables $1[]_CFLAGS -and $1[]_LIBS to avoid the need to call pkg-config. -See the pkg-config man page for more details.]) - -if test $pkg_failed = yes; then - AC_MSG_RESULT([no]) - _PKG_SHORT_ERRORS_SUPPORTED - if test $_pkg_short_errors_supported = yes; then - $1[]_PKG_ERRORS=`$PKG_CONFIG --short-errors --print-errors --cflags --libs "$2" 2>&1` - else - $1[]_PKG_ERRORS=`$PKG_CONFIG --print-errors --cflags --libs "$2" 2>&1` - fi - # Put the nasty error message in config.log where it belongs - echo "$$1[]_PKG_ERRORS" >&AS_MESSAGE_LOG_FD - - m4_default([$4], [AC_MSG_ERROR( -[Package requirements ($2) were not met: - -$$1_PKG_ERRORS - -Consider adjusting the PKG_CONFIG_PATH environment variable if you -installed software in a non-standard prefix. - -_PKG_TEXT])[]dnl - ]) -elif test $pkg_failed = untried; then - AC_MSG_RESULT([no]) - m4_default([$4], [AC_MSG_FAILURE( -[The pkg-config script could not be found or is too old. Make sure it -is in your PATH or set the PKG_CONFIG environment variable to the full -path to pkg-config. - -_PKG_TEXT - -To get pkg-config, see .])[]dnl - ]) -else - $1[]_CFLAGS=$pkg_cv_[]$1[]_CFLAGS - $1[]_LIBS=$pkg_cv_[]$1[]_LIBS - AC_MSG_RESULT([yes]) - $3 -fi[]dnl -])dnl PKG_CHECK_MODULES - - -dnl PKG_CHECK_MODULES_STATIC(VARIABLE-PREFIX, MODULES, [ACTION-IF-FOUND], -dnl [ACTION-IF-NOT-FOUND]) -dnl --------------------------------------------------------------------- -dnl Since: 0.29 -dnl -dnl Checks for existence of MODULES and gathers its build flags with -dnl static libraries enabled. Sets VARIABLE-PREFIX_CFLAGS from --cflags -dnl and VARIABLE-PREFIX_LIBS from --libs. -dnl -dnl Note that if there is a possibility the first call to -dnl PKG_CHECK_MODULES_STATIC might not happen, you should be sure to -dnl include an explicit call to PKG_PROG_PKG_CONFIG in your -dnl configure.ac. -AC_DEFUN([PKG_CHECK_MODULES_STATIC], -[AC_REQUIRE([PKG_PROG_PKG_CONFIG])dnl -_save_PKG_CONFIG=$PKG_CONFIG -PKG_CONFIG="$PKG_CONFIG --static" -PKG_CHECK_MODULES($@) -PKG_CONFIG=$_save_PKG_CONFIG[]dnl -])dnl PKG_CHECK_MODULES_STATIC - - -dnl PKG_INSTALLDIR([DIRECTORY]) -dnl ------------------------- -dnl Since: 0.27 -dnl -dnl Substitutes the variable pkgconfigdir as the location where a module -dnl should install pkg-config .pc files. By default the directory is -dnl $libdir/pkgconfig, but the default can be changed by passing -dnl DIRECTORY. The user can override through the --with-pkgconfigdir -dnl parameter. -AC_DEFUN([PKG_INSTALLDIR], -[m4_pushdef([pkg_default], [m4_default([$1], ['${libdir}/pkgconfig'])]) -m4_pushdef([pkg_description], - [pkg-config installation directory @<:@]pkg_default[@:>@]) -AC_ARG_WITH([pkgconfigdir], - [AS_HELP_STRING([--with-pkgconfigdir], pkg_description)],, - [with_pkgconfigdir=]pkg_default) -AC_SUBST([pkgconfigdir], [$with_pkgconfigdir]) -m4_popdef([pkg_default]) -m4_popdef([pkg_description]) -])dnl PKG_INSTALLDIR - - -dnl PKG_NOARCH_INSTALLDIR([DIRECTORY]) -dnl -------------------------------- -dnl Since: 0.27 -dnl -dnl Substitutes the variable noarch_pkgconfigdir as the location where a -dnl module should install arch-independent pkg-config .pc files. By -dnl default the directory is $datadir/pkgconfig, but the default can be -dnl changed by passing DIRECTORY. The user can override through the -dnl --with-noarch-pkgconfigdir parameter. -AC_DEFUN([PKG_NOARCH_INSTALLDIR], -[m4_pushdef([pkg_default], [m4_default([$1], ['${datadir}/pkgconfig'])]) -m4_pushdef([pkg_description], - [pkg-config arch-independent installation directory @<:@]pkg_default[@:>@]) -AC_ARG_WITH([noarch-pkgconfigdir], - [AS_HELP_STRING([--with-noarch-pkgconfigdir], pkg_description)],, - [with_noarch_pkgconfigdir=]pkg_default) -AC_SUBST([noarch_pkgconfigdir], [$with_noarch_pkgconfigdir]) -m4_popdef([pkg_default]) -m4_popdef([pkg_description]) -])dnl PKG_NOARCH_INSTALLDIR - - -dnl PKG_CHECK_VAR(VARIABLE, MODULE, CONFIG-VARIABLE, -dnl [ACTION-IF-FOUND], [ACTION-IF-NOT-FOUND]) -dnl ------------------------------------------- -dnl Since: 0.28 -dnl -dnl Retrieves the value of the pkg-config variable for the given module. -AC_DEFUN([PKG_CHECK_VAR], -[AC_REQUIRE([PKG_PROG_PKG_CONFIG])dnl -AC_ARG_VAR([$1], [value of $3 for $2, overriding pkg-config])dnl - -_PKG_CONFIG([$1], [variable="][$3]["], [$2]) -AS_VAR_COPY([$1], [pkg_cv_][$1]) - -AS_VAR_IF([$1], [""], [$5], [$4])dnl -])dnl PKG_CHECK_VAR - -# AM_CONDITIONAL -*- Autoconf -*- - -# Copyright (C) 1997-2014 Free Software Foundation, Inc. -# -# This file is free software; the Free Software Foundation -# gives unlimited permission to copy and/or distribute it, -# with or without modifications, as long as this notice is preserved. - -# AM_CONDITIONAL(NAME, SHELL-CONDITION) -# ------------------------------------- -# Define a conditional. -AC_DEFUN([AM_CONDITIONAL], -[AC_PREREQ([2.52])dnl - m4_if([$1], [TRUE], [AC_FATAL([$0: invalid condition: $1])], - [$1], [FALSE], [AC_FATAL([$0: invalid condition: $1])])dnl -AC_SUBST([$1_TRUE])dnl -AC_SUBST([$1_FALSE])dnl -_AM_SUBST_NOTMAKE([$1_TRUE])dnl -_AM_SUBST_NOTMAKE([$1_FALSE])dnl -m4_define([_AM_COND_VALUE_$1], [$2])dnl -if $2; then - $1_TRUE= - $1_FALSE='#' -else - $1_TRUE='#' - $1_FALSE= -fi -AC_CONFIG_COMMANDS_PRE( -[if test -z "${$1_TRUE}" && test -z "${$1_FALSE}"; then - AC_MSG_ERROR([[conditional "$1" was never defined. -Usually this means the macro was only invoked conditionally.]]) -fi])]) - -# Copyright (C) 2006-2014 Free Software Foundation, Inc. -# -# This file is free software; the Free Software Foundation -# gives unlimited permission to copy and/or distribute it, -# with or without modifications, as long as this notice is preserved. - -# _AM_SUBST_NOTMAKE(VARIABLE) -# --------------------------- -# Prevent Automake from outputting VARIABLE = @VARIABLE@ in Makefile.in. -# This macro is traced by Automake. -AC_DEFUN([_AM_SUBST_NOTMAKE]) - -# AM_SUBST_NOTMAKE(VARIABLE) -# -------------------------- -# Public sister of _AM_SUBST_NOTMAKE. -AC_DEFUN([AM_SUBST_NOTMAKE], [_AM_SUBST_NOTMAKE($@)]) - diff --git a/external/unbound/acx_nlnetlabs.m4 b/external/unbound/acx_nlnetlabs.m4 deleted file mode 100644 index a6c174f1c..000000000 --- a/external/unbound/acx_nlnetlabs.m4 +++ /dev/null @@ -1,1451 +0,0 @@ -# acx_nlnetlabs.m4 - common macros for configure checks -# Copyright 2009, Wouter Wijngaards, NLnet Labs. -# BSD licensed. -# -# Version 34 -# 2016-03-21 Check -ldl -pthread for libcrypto for ldns and openssl 1.1.0. -# 2016-03-21 Use HMAC_Update instead of HMAC_CTX_Init (for openssl-1.1.0). -# 2016-01-04 -D_DEFAULT_SOURCE defined with -D_BSD_SOURCE for Linux glibc 2.20 -# 2015-12-11 FLTO check for new OSX, clang. -# 2015-11-18 spelling check fix. -# 2015-11-05 ACX_SSL_CHECKS no longer adds -ldl needlessly. -# 2015-08-28 ACX_CHECK_PIE and ACX_CHECK_RELRO_NOW added. -# 2015-03-17 AHX_CONFIG_REALLOCARRAY added -# 2013-09-19 FLTO help text improved. -# 2013-07-18 Enable ACX_CHECK_COMPILER_FLAG to test for -Wstrict-prototypes -# 2013-06-25 FLTO has --disable-flto option. -# 2013-05-03 Update W32_SLEEP for newer mingw that links but not defines it. -# 2013-03-22 Fix ACX_RSRC_VERSION for long version numbers. -# 2012-02-09 Fix AHX_MEMCMP_BROKEN with undef in compat/memcmp.h. -# 2012-01-20 Fix COMPILER_FLAGS_UNBOUND for gcc 4.6.2 assigned-not-used-warns. -# 2011-12-05 Fix getaddrinfowithincludes on windows with fedora16 mingw32-gcc. -# Fix ACX_MALLOC for redefined malloc error. -# Fix GETADDRINFO_WITH_INCLUDES to add -lws2_32 -# 2011-11-10 Fix FLTO test to not drop a.out in current directory. -# 2011-11-01 Fix FLTO test for llvm on Lion. -# 2011-08-01 Fix nonblock test (broken at v13). -# 2011-08-01 Fix autoconf 2.68 warnings -# 2011-06-23 Add ACX_CHECK_FLTO to check -flto. -# 2010-08-16 Fix FLAG_OMITTED for AS_TR_CPP changes in autoconf-2.66. -# 2010-07-02 Add check for ss_family (for minix). -# 2010-04-26 Fix to use CPPFLAGS for CHECK_COMPILER_FLAGS. -# 2010-03-01 Fix RPATH using CONFIG_COMMANDS to run at the very end. -# 2010-02-18 WITH_SSL outputs the LIBSSL_LDFLAGS, LIBS, CPPFLAGS separate, -ldl -# 2010-02-01 added ACX_CHECK_MEMCMP_SIGNED, AHX_MEMCMP_BROKEN -# 2010-01-20 added AHX_COONFIG_STRLCAT -# 2009-07-14 U_CHAR detection improved for windows crosscompile. -# added ACX_FUNC_MALLOC -# fixup some #if to #ifdef -# NONBLOCKING test for mingw crosscompile. -# 2009-07-13 added ACX_WITH_SSL_OPTIONAL -# 2009-07-03 fixup LDFLAGS for empty ssl dir. -# -# Automates some of the checking constructs. Aims at portability for POSIX. -# Documentation for functions is below. -# -# the following macro's are provided in this file: -# (see below for details on each macro). -# -# ACX_ESCAPE_BACKSLASH - escape backslashes in var for C-preproc. -# ACX_RSRC_VERSION - create windows resource version number. -# ACX_CHECK_COMPILER_FLAG - see if cc supports a flag. -# ACX_CHECK_ERROR_FLAGS - see which flag is -werror (used below). -# ACX_CHECK_COMPILER_FLAG_NEEDED - see if flags make the code compile cleanly. -# ACX_DEPFLAG - find cc dependency flags. -# ACX_DETERMINE_EXT_FLAGS_UNBOUND - find out which flags enable BSD and POSIX. -# ACX_CHECK_FORMAT_ATTRIBUTE - find cc printf format syntax. -# ACX_CHECK_UNUSED_ATTRIBUTE - find cc variable unused syntax. -# ACX_CHECK_FLTO - see if cc supports -flto and use it if so. -# ACX_LIBTOOL_C_ONLY - create libtool for C only, improved. -# ACX_TYPE_U_CHAR - u_char type. -# ACX_TYPE_RLIM_T - rlim_t type. -# ACX_TYPE_SOCKLEN_T - socklen_t type. -# ACX_TYPE_IN_ADDR_T - in_addr_t type. -# ACX_TYPE_IN_PORT_T - in_port_t type. -# ACX_ARG_RPATH - add --disable-rpath option. -# ACX_WITH_SSL - add --with-ssl option, link -lcrypto. -# ACX_WITH_SSL_OPTIONAL - add --with-ssl option, link -lcrypto, -# where --without-ssl is also accepted -# ACX_LIB_SSL - setup to link -lssl. -# ACX_SYS_LARGEFILE - improved sys_largefile, fseeko, >2G files. -# ACX_CHECK_GETADDRINFO_WITH_INCLUDES - find getaddrinfo, portably. -# ACX_FUNC_DEPRECATED - see if func is deprecated. -# ACX_CHECK_NONBLOCKING_BROKEN - see if nonblocking sockets really work. -# ACX_MKDIR_ONE_ARG - determine mkdir(2) number of arguments. -# ACX_FUNC_IOCTLSOCKET - find ioctlsocket, portably. -# ACX_FUNC_MALLOC - check malloc, define replacement . -# AHX_CONFIG_FORMAT_ATTRIBUTE - config.h text for format. -# AHX_CONFIG_UNUSED_ATTRIBUTE - config.h text for unused. -# AHX_CONFIG_FSEEKO - define fseeko, ftello fallback. -# AHX_CONFIG_RAND_MAX - define RAND_MAX if needed. -# AHX_CONFIG_MAXHOSTNAMELEN - define MAXHOSTNAMELEN if needed. -# AHX_CONFIG_IPV6_MIN_MTU - define IPV6_MIN_MTU if needed. -# AHX_CONFIG_SNPRINTF - snprintf compat prototype -# AHX_CONFIG_INET_PTON - inet_pton compat prototype -# AHX_CONFIG_INET_NTOP - inet_ntop compat prototype -# AHX_CONFIG_INET_ATON - inet_aton compat prototype -# AHX_CONFIG_MEMMOVE - memmove compat prototype -# AHX_CONFIG_STRLCAT - strlcat compat prototype -# AHX_CONFIG_STRLCPY - strlcpy compat prototype -# AHX_CONFIG_GMTIME_R - gmtime_r compat prototype -# AHX_CONFIG_W32_SLEEP - w32 compat for sleep -# AHX_CONFIG_W32_USLEEP - w32 compat for usleep -# AHX_CONFIG_W32_RANDOM - w32 compat for random -# AHX_CONFIG_W32_SRANDOM - w32 compat for srandom -# AHX_CONFIG_W32_FD_SET_T - w32 detection of FD_SET_T. -# ACX_CFLAGS_STRIP - strip one flag from CFLAGS -# ACX_STRIP_EXT_FLAGS - strip extension flags from CFLAGS -# AHX_CONFIG_FLAG_OMITTED - define omitted flag -# AHX_CONFIG_FLAG_EXT - define omitted extension flag -# AHX_CONFIG_EXT_FLAGS - define the stripped extension flags -# ACX_CHECK_MEMCMP_SIGNED - check if memcmp uses signed characters. -# AHX_MEMCMP_BROKEN - replace memcmp func for CHECK_MEMCMP_SIGNED. -# ACX_CHECK_SS_FAMILY - check for sockaddr_storage.ss_family -# ACX_CHECK_PIE - add --enable-pie option and check if works -# ACX_CHECK_RELRO_NOW - add --enable-relro-now option and check it -# - -dnl Escape backslashes as \\, for C:\ paths, for the C preprocessor defines. -dnl for example, ACX_ESCAPE_BACKSLASH($from_var, to_var) -dnl $1: the text to change. -dnl $2: the result. -AC_DEFUN([ACX_ESCAPE_BACKSLASH], [$2="`echo $1 | sed -e 's/\\\\/\\\\\\\\/g'`" -]) - -dnl Calculate comma separated windows-resource numbers from package version. -dnl Picks the first three(,0) or four numbers out of the name. -dnl $1: variable for the result -AC_DEFUN([ACX_RSRC_VERSION], -[$1=[`echo $PACKAGE_VERSION | sed -e 's/^[^0-9]*\([0-9][0-9]*\)[^0-9][^0-9]*\([0-9][0-9]*\)[^0-9][^0-9]*\([0-9][0-9]*\)[^0-9][^0-9]*\([0-9][0-9]*\).*$/\1,\2,\3,\4/' -e 's/^[^0-9]*\([0-9][0-9]*\)[^0-9][^0-9]*\([0-9][0-9]*\)[^0-9][^0-9]*\([0-9][0-9]*\)[^0-9]*$/\1,\2,\3,0/' `] -]) - -dnl Routine to help check for compiler flags. -dnl Checks if the compiler will accept the flag. -dnl $1: the flag without a - in front, so g to check -g. -dnl $2: executed if yes -dnl $3: executed if no -AC_DEFUN([ACX_CHECK_COMPILER_FLAG], -[ -AC_REQUIRE([AC_PROG_CC]) -AC_MSG_CHECKING(whether $CC supports -$1) -cache=`echo $1 | sed 'y%.=/+-%___p_%'` -AC_CACHE_VAL(cv_prog_cc_flag_$cache, -[ -echo 'void f(void){}' >conftest.c -if test -z "`$CC $CPPFLAGS $CFLAGS -$1 -c conftest.c 2>&1`"; then -eval "cv_prog_cc_flag_$cache=yes" -else -eval "cv_prog_cc_flag_$cache=no" -fi -rm -f conftest conftest.o conftest.c -]) -if eval "test \"`echo '$cv_prog_cc_flag_'$cache`\" = yes"; then -AC_MSG_RESULT(yes) -: -$2 -else -AC_MSG_RESULT(no) -: -$3 -fi -]) - -dnl setup flags for ACX_CHECK_COMPILER_FLAG_NEEDED -dnl ERRFLAG: result, compiler flag to turn warnings into errors -AC_DEFUN([ACX_CHECK_ERROR_FLAGS], -[ -ACX_CHECK_COMPILER_FLAG(Werror, [ERRFLAG="-Werror"], [ERRFLAG="-errwarn"]) -ACX_CHECK_COMPILER_FLAG(Wall, [ERRFLAG="$ERRFLAG -Wall"], - [ERRFLAG="$ERRFLAG -errfmt"]) -]) - -dnl Routine to help check for needed compiler flags. -dnl $1: flags for CC -dnl $2: the includes and code -dnl $3: if the given code only compiles with the flag, execute argument 3 -dnl $4: if the given code compiles without the flag, execute argument 4 -dnl $5: with and without flag the compile fails, execute argument 5. -AC_DEFUN([ACX_CHECK_COMPILER_FLAG_NEEDED], -[ -AC_REQUIRE([AC_PROG_CC]) -AC_REQUIRE([ACX_CHECK_ERROR_FLAGS]) -AC_MSG_CHECKING(whether we need $1 as a flag for $CC) -cache=AS_TR_SH($1) -dnl cache=`echo $1 | sed 'y%.=/+- %___p__%'` -AC_CACHE_VAL(cv_prog_cc_flag_needed_$cache, -[ -echo '$2' > conftest.c -echo 'void f(){}' >>conftest.c -if test -z "`$CC $CPPFLAGS $CFLAGS $ERRFLAG -c conftest.c 2>&1`"; then -eval "cv_prog_cc_flag_needed_$cache=no" -else -[ -if test -z "`$CC $CPPFLAGS $CFLAGS $1 $ERRFLAG -c conftest.c 2>&1`"; then -eval "cv_prog_cc_flag_needed_$cache=yes" -else -eval "cv_prog_cc_flag_needed_$cache=fail" -#echo 'Test with flag fails too!' -#cat conftest.c -#echo "$CC $CPPFLAGS $CFLAGS $1 $ERRFLAG -c conftest.c 2>&1" -#echo `$CC $CPPFLAGS $CFLAGS $1 $ERRFLAG -c conftest.c 2>&1` -#exit 1 -fi -] -fi -rm -f conftest conftest.c conftest.o -]) -if eval "test \"`echo '$cv_prog_cc_flag_needed_'$cache`\" = yes"; then -AC_MSG_RESULT(yes) -: -$3 -else -if eval "test \"`echo '$cv_prog_cc_flag_needed_'$cache`\" = no"; then -AC_MSG_RESULT(no) -#echo 'Test with flag is no!' -#cat conftest.c -#echo "$CC $CPPFLAGS $CFLAGS $1 $ERRFLAG -c conftest.c 2>&1" -#echo `$CC $CPPFLAGS $CFLAGS $1 $ERRFLAG -c conftest.c 2>&1` -#exit 1 -: -$4 -else -AC_MSG_RESULT(failed) -: -$5 -fi -fi -]) - -dnl Check for CC dependency flag -dnl DEPFLAG: set to flag that generates dependencies. -AC_DEFUN([ACX_DEPFLAG], -[ -AC_MSG_CHECKING([$CC dependency flag]) -echo 'void f(){}' >conftest.c -if test "`$CC -MM conftest.c 2>&1`" = "conftest.o: conftest.c"; then - DEPFLAG="-MM" -else - if test "`$CC -xM1 conftest.c 2>&1`" = "conftest.o: conftest.c"; then - DEPFLAG="-xM1" - else - DEPFLAG="-MM" # dunno do something - fi -fi -AC_MSG_RESULT($DEPFLAG) -rm -f conftest.c -AC_SUBST(DEPFLAG) -]) - -dnl Determine flags that gives POSIX and BSD functionality. -dnl CFLAGS is modified for the result. -AC_DEFUN([ACX_DETERMINE_EXT_FLAGS_UNBOUND], -[ -ACX_CHECK_COMPILER_FLAG(std=c99, [C99FLAG="-std=c99"]) -ACX_CHECK_COMPILER_FLAG(xc99, [C99FLAG="-xc99"]) - -AC_CHECK_HEADERS([getopt.h time.h],,, [AC_INCLUDES_DEFAULT]) - -ACX_CHECK_COMPILER_FLAG_NEEDED($C99FLAG -D__EXTENSIONS__ -D_BSD_SOURCE -D_DEFAULT_SOURCE -D_POSIX_C_SOURCE=200112 -D_XOPEN_SOURCE=600 -D_XOPEN_SOURCE_EXTENDED=1 -D_ALL_SOURCE, -[ -#include "confdefs.h" -#include -#include -#include -#ifdef HAVE_TIME_H -#include -#endif -#include -#include -#ifdef HAVE_GETOPT_H -#include -#endif - -int test() { - int a; - char **opts = NULL; - struct timeval tv; - char *t; - time_t time = 0; - char *buf = NULL; - const char* str = NULL; - struct msghdr msg; - msg.msg_control = 0; - t = ctime_r(&time, buf); - tv.tv_usec = 10; - srandom(32); - a = getopt(2, opts, "a"); - a = isascii(32); - str = gai_strerror(0); - if(str && t && tv.tv_usec && msg.msg_control) - a = 0; - return a; -} -], [CFLAGS="$CFLAGS $C99FLAG -D__EXTENSIONS__ -D_BSD_SOURCE -D_DEFAULT_SOURCE -D_POSIX_C_SOURCE=200112 -D_XOPEN_SOURCE=600 -D_XOPEN_SOURCE_EXTENDED=1 -D_ALL_SOURCE"]) - -ACX_CHECK_COMPILER_FLAG_NEEDED($C99FLAG -D__EXTENSIONS__ -D_BSD_SOURCE -D_DEFAULT_SOURCE -D_POSIX_C_SOURCE=200112 -D_XOPEN_SOURCE=600 -D_ALL_SOURCE, -[ -#include "confdefs.h" -#include -#include -#include -#ifdef HAVE_TIME_H -#include -#endif -#include -#include -#ifdef HAVE_GETOPT_H -#include -#endif - -int test() { - int a; - char **opts = NULL; - struct timeval tv; - char *t; - time_t time = 0; - char *buf = NULL; - const char* str = NULL; - struct msghdr msg; - msg.msg_control = 0; - t = ctime_r(&time, buf); - tv.tv_usec = 10; - srandom(32); - a = getopt(2, opts, "a"); - a = isascii(32); - str = gai_strerror(0); - if(str && t && tv.tv_usec && msg.msg_control) - a = 0; - return a; -} -], [CFLAGS="$CFLAGS $C99FLAG -D__EXTENSIONS__ -D_BSD_SOURCE -D_DEFAULT_SOURCE -D_POSIX_C_SOURCE=200112 -D_XOPEN_SOURCE=600 -D_ALL_SOURCE"]) - -ACX_CHECK_COMPILER_FLAG_NEEDED($C99FLAG, -[ -#include -#include -int test() { - int a = 0; - return a; -} -], [CFLAGS="$CFLAGS $C99FLAG"]) - -ACX_CHECK_COMPILER_FLAG_NEEDED(-D_BSD_SOURCE -D_DEFAULT_SOURCE, -[ -#include - -int test() { - int a; - a = isascii(32); - return a; -} -], [CFLAGS="$CFLAGS -D_BSD_SOURCE -D_DEFAULT_SOURCE"]) - -ACX_CHECK_COMPILER_FLAG_NEEDED(-D_GNU_SOURCE, -[ -#include - -int test() { - struct in6_pktinfo inf; - int a = (int)sizeof(inf); - return a; -} -], [CFLAGS="$CFLAGS -D_GNU_SOURCE"]) - -# check again for GNU_SOURCE for setresgid. May fail if setresgid -# is not available at all. -D_FRSRESGID is to make this check unique. -# otherwise we would get the previous cached result. -ACX_CHECK_COMPILER_FLAG_NEEDED(-D_GNU_SOURCE -D_FRSRESGID, -[ -#include - -int test() { - int a = setresgid(0,0,0); - a = setresuid(0,0,0); - return a; -} -], [CFLAGS="$CFLAGS -D_GNU_SOURCE"]) - -ACX_CHECK_COMPILER_FLAG_NEEDED(-D_POSIX_C_SOURCE=200112, -[ -#include "confdefs.h" -#ifdef HAVE_TIME_H -#include -#endif -#include - -int test() { - int a = 0; - char *t; - time_t time = 0; - char *buf = NULL; - const char* str = NULL; - t = ctime_r(&time, buf); - str = gai_strerror(0); - if(t && str) - a = 0; - return a; -} -], [CFLAGS="$CFLAGS -D_POSIX_C_SOURCE=200112"]) - -ACX_CHECK_COMPILER_FLAG_NEEDED(-D__EXTENSIONS__, -[ -#include "confdefs.h" -#include -#include -#include -#ifdef HAVE_TIME_H -#include -#endif -#include -#ifdef HAVE_GETOPT_H -#include -#endif - -int test() { - int a; - char **opts = NULL; - struct timeval tv; - tv.tv_usec = 10; - srandom(32); - a = getopt(2, opts, "a"); - a = isascii(32); - if(tv.tv_usec) - a = 0; - return a; -} -], [CFLAGS="$CFLAGS -D__EXTENSIONS__"]) - -])dnl End of ACX_DETERMINE_EXT_FLAGS_UNBOUND - -dnl Check if CC supports -flto. -dnl in a way that supports clang and suncc (that flag does something else, -dnl but fails to link). It sets it in CFLAGS if it works. -AC_DEFUN([ACX_CHECK_FLTO], [ - AC_ARG_ENABLE([flto], AS_HELP_STRING([--disable-flto], [Disable link-time optimization (gcc specific option)])) - AS_IF([test "x$enable_flto" != "xno"], [ - AC_MSG_CHECKING([if $CC supports -flto]) - BAKCFLAGS="$CFLAGS" - CFLAGS="$CFLAGS -flto" - AC_LINK_IFELSE([AC_LANG_PROGRAM([], [])], [ - if $CC $CFLAGS -o conftest conftest.c 2>&1 | $GREP -e "warning: no debug symbols in executable" -e "warning: object" >/dev/null; then - CFLAGS="$BAKCFLAGS" - AC_MSG_RESULT(no) - else - AC_MSG_RESULT(yes) - fi - rm -f conftest conftest.c conftest.o - ], [CFLAGS="$BAKCFLAGS" ; AC_MSG_RESULT(no)]) - ]) -]) - -dnl Check the printf-format attribute (if any) -dnl result in HAVE_ATTR_FORMAT. -dnl Make sure you also include the AHX_CONFIG_FORMAT_ATTRIBUTE. -AC_DEFUN([ACX_CHECK_FORMAT_ATTRIBUTE], -[AC_REQUIRE([AC_PROG_CC]) -AC_MSG_CHECKING(whether the C compiler (${CC-cc}) accepts the "format" attribute) -AC_CACHE_VAL(ac_cv_c_format_attribute, -[ac_cv_c_format_attribute=no -AC_TRY_COMPILE( -[#include -void f (char *format, ...) __attribute__ ((format (printf, 1, 2))); -void (*pf) (char *format, ...) __attribute__ ((format (printf, 1, 2))); -], [ - f ("%s", "str"); -], -[ac_cv_c_format_attribute="yes"], -[ac_cv_c_format_attribute="no"]) -]) - -AC_MSG_RESULT($ac_cv_c_format_attribute) -if test $ac_cv_c_format_attribute = yes; then - AC_DEFINE(HAVE_ATTR_FORMAT, 1, [Whether the C compiler accepts the "format" attribute]) -fi -])dnl End of ACX_CHECK_FORMAT_ATTRIBUTE - -dnl Setup ATTR_FORMAT config.h parts. -dnl make sure you call ACX_CHECK_FORMAT_ATTRIBUTE also. -AC_DEFUN([AHX_CONFIG_FORMAT_ATTRIBUTE], -[ -#ifdef HAVE_ATTR_FORMAT -# define ATTR_FORMAT(archetype, string_index, first_to_check) \ - __attribute__ ((format (archetype, string_index, first_to_check))) -#else /* !HAVE_ATTR_FORMAT */ -# define ATTR_FORMAT(archetype, string_index, first_to_check) /* empty */ -#endif /* !HAVE_ATTR_FORMAT */ -]) - -dnl Check how to mark function arguments as unused. -dnl result in HAVE_ATTR_UNUSED. -dnl Make sure you include AHX_CONFIG_UNUSED_ATTRIBUTE also. -AC_DEFUN([ACX_CHECK_UNUSED_ATTRIBUTE], -[AC_REQUIRE([AC_PROG_CC]) -AC_MSG_CHECKING(whether the C compiler (${CC-cc}) accepts the "unused" attribute) -AC_CACHE_VAL(ac_cv_c_unused_attribute, -[ac_cv_c_unused_attribute=no -AC_TRY_COMPILE( -[#include -void f (char *u __attribute__((unused))); -], [ - f ("x"); -], -[ac_cv_c_unused_attribute="yes"], -[ac_cv_c_unused_attribute="no"]) -]) - -dnl Setup ATTR_UNUSED config.h parts. -dnl make sure you call ACX_CHECK_UNUSED_ATTRIBUTE also. -AC_DEFUN([AHX_CONFIG_UNUSED_ATTRIBUTE], -[ -#if defined(DOXYGEN) -# define ATTR_UNUSED(x) x -#elif defined(__cplusplus) -# define ATTR_UNUSED(x) -#elif defined(HAVE_ATTR_UNUSED) -# define ATTR_UNUSED(x) x __attribute__((unused)) -#else /* !HAVE_ATTR_UNUSED */ -# define ATTR_UNUSED(x) x -#endif /* !HAVE_ATTR_UNUSED */ -]) - -AC_MSG_RESULT($ac_cv_c_unused_attribute) -if test $ac_cv_c_unused_attribute = yes; then - AC_DEFINE(HAVE_ATTR_UNUSED, 1, [Whether the C compiler accepts the "unused" attribute]) -fi -])dnl - -dnl Pre-fun for ACX_LIBTOOL_C_ONLY -AC_DEFUN([ACX_LIBTOOL_C_PRE], [ -# skip these tests, we do not need them. -AC_DEFUN([AC_PROG_F77], [:]) -AC_DEFUN([AC_PROG_FC], [:]) -AC_DEFUN([AC_PROG_CXX], [:]) -AC_DEFUN([AC_PROG_CXXCPP], [:]) -AC_DEFUN([AC_PROG_OBJC], [:]) -AC_DEFUN([AC_PROG_OBJCCPP], [:]) -AC_DEFUN([AC_LIBTOOL_CXX], [:]) -AC_DEFUN([AC_LIBTOOL_F77], [:]) -# always use ./libtool unless override from commandline (libtool=mylibtool) -if test -z "$libtool"; then - libtool="./libtool" -fi -AC_SUBST(libtool) -# avoid libtool max commandline length test on systems that fork slowly. -AC_CANONICAL_HOST -if echo "$host_os" | grep "sunos4" >/dev/null; then - lt_cv_sys_max_cmd_len=32750; -fi -AC_PATH_TOOL(AR, ar, [false]) -if test $AR = false; then - AC_MSG_ERROR([Cannot find 'ar', please extend PATH to include it]) -fi -]) - -dnl Perform libtool check, portably, only for C -AC_DEFUN([ACX_LIBTOOL_C_ONLY], [ -dnl as a requirement so that is gets called before LIBTOOL -dnl because libtools 'AC_REQUIRE' names are right after this one, before -dnl this function contents. -AC_REQUIRE([ACX_LIBTOOL_C_PRE]) -AC_PROG_LIBTOOL -]) - -dnl Detect if u_char type is defined, otherwise define it. -AC_DEFUN([ACX_TYPE_U_CHAR], -[AC_CHECK_TYPE([u_char], , - [AC_DEFINE([u_char], [unsigned char], [Define to 'unsigned char if not defined])], [ -AC_INCLUDES_DEFAULT -#ifdef HAVE_WINSOCK2_H -# include -#endif -]) ]) - -dnl Detect if rlim_t type is defined, otherwise define it. -AC_DEFUN([ACX_TYPE_RLIM_T], -[AC_CHECK_TYPE(rlim_t, , - [AC_DEFINE([rlim_t], [unsigned long], [Define to 'int' if not defined])], [ -AC_INCLUDES_DEFAULT -#ifdef HAVE_SYS_RESOURCE_H -# include -#endif -]) ]) - -dnl Detect if socklen_t type is defined, otherwise define it. -AC_DEFUN([ACX_TYPE_SOCKLEN_T], -[ -AC_CHECK_TYPE(socklen_t, , - [AC_DEFINE([socklen_t], [int], [Define to 'int' if not defined])], [ -AC_INCLUDES_DEFAULT -#ifdef HAVE_SYS_SOCKET_H -# include -#endif -#ifdef HAVE_WS2TCPIP_H -# include -#endif -]) ]) - -dnl Detect if in_addr_t type is defined, otherwise define it. -AC_DEFUN([ACX_TYPE_IN_ADDR_T], -[ AC_CHECK_TYPE(in_addr_t, [], [AC_DEFINE([in_addr_t], [uint32_t], [in_addr_t])], [ -AC_INCLUDES_DEFAULT -#ifdef HAVE_SYS_TYPES_H -# include -#endif -#ifdef HAVE_NETINET_IN_H -# include -#endif -]) ]) - -dnl Detect if in_port_t type is defined, otherwise define it. -AC_DEFUN([ACX_TYPE_IN_PORT_T], -[ AC_CHECK_TYPE(in_port_t, [], [AC_DEFINE([in_port_t], [uint16_t], [in_port_t])], [ -AC_INCLUDES_DEFAULT -#ifdef HAVE_SYS_TYPES_H -# include -#endif -#ifdef HAVE_NETINET_IN_H -# include -#endif -]) ]) - -dnl Add option to disable the evil rpath. Check whether to use rpath or not. -dnl Adds the --disable-rpath option. Uses trick to edit the ./libtool. -AC_DEFUN([ACX_ARG_RPATH], -[ -AC_ARG_ENABLE(rpath, - [ --disable-rpath disable hardcoded rpath (default=enabled)], - enable_rpath=$enableval, enable_rpath=yes) -if test "x$enable_rpath" = xno; then - dnl AC_MSG_RESULT([Fixing libtool for -rpath problems.]) - AC_CONFIG_COMMANDS([disable-rpath], [ - sed < libtool > libtool-2 \ - 's/^hardcode_libdir_flag_spec.*$'/'hardcode_libdir_flag_spec=" -D__LIBTOOL_RPATH_SED__ "/' - mv libtool-2 libtool - chmod 755 libtool - libtool="./libtool" - ]) -fi -]) - -dnl Add a -R to the RUNTIME_PATH. Only if rpath is enabled and it is -dnl an absolute path. -dnl $1: the pathname to add. -AC_DEFUN([ACX_RUNTIME_PATH_ADD], [ - if test "x$enable_rpath" = xyes; then - if echo "$1" | grep "^/" >/dev/null; then - RUNTIME_PATH="$RUNTIME_PATH -R$1" - fi - fi -]) - -dnl Common code for both ACX_WITH_SSL and ACX_WITH_SSL_OPTIONAL -dnl Takes one argument; the withval checked in those 2 functions -dnl sets up the environment for the given openssl path -AC_DEFUN([ACX_SSL_CHECKS], [ - withval=$1 - if test x_$withval != x_no; then - AC_MSG_CHECKING(for SSL) - if test x_$withval = x_ -o x_$withval = x_yes; then - withval="/usr/local/ssl /usr/lib/ssl /usr/ssl /usr/pkg /usr/local /opt/local /usr/sfw /usr" - fi - for dir in $withval; do - ssldir="$dir" - if test -f "$dir/include/openssl/ssl.h"; then - found_ssl="yes" - AC_DEFINE_UNQUOTED([HAVE_SSL], [], [Define if you have the SSL libraries installed.]) - dnl assume /usr/include is already in the include-path. - if test "$ssldir" != "/usr"; then - CPPFLAGS="$CPPFLAGS -I$ssldir/include" - LIBSSL_CPPFLAGS="$LIBSSL_CPPFLAGS -I$ssldir/include" - fi - break; - fi - done - if test x_$found_ssl != x_yes; then - AC_MSG_ERROR(Cannot find the SSL libraries in $withval) - else - AC_MSG_RESULT(found in $ssldir) - HAVE_SSL=yes - dnl assume /usr is already in the lib and dynlib paths. - if test "$ssldir" != "/usr" -a "$ssldir" != ""; then - LDFLAGS="$LDFLAGS -L$ssldir/lib" - LIBSSL_LDFLAGS="$LIBSSL_LDFLAGS -L$ssldir/lib" - ACX_RUNTIME_PATH_ADD([$ssldir/lib]) - fi - - AC_MSG_CHECKING([for HMAC_Update in -lcrypto]) - LIBS="$LIBS -lcrypto" - LIBSSL_LIBS="$LIBSSL_LIBS -lcrypto" - AC_TRY_LINK(, [ - int HMAC_Update(void); - (void)HMAC_Update(); - ], [ - AC_MSG_RESULT(yes) - AC_DEFINE([HAVE_HMAC_UPDATE], 1, - [If you have HMAC_Update]) - ], [ - AC_MSG_RESULT(no) - # check if -lwsock32 or -lgdi32 are needed. - BAKLIBS="$LIBS" - BAKSSLLIBS="$LIBSSL_LIBS" - LIBS="$LIBS -lgdi32" - LIBSSL_LIBS="$LIBSSL_LIBS -lgdi32" - AC_MSG_CHECKING([if -lcrypto needs -lgdi32]) - AC_TRY_LINK([], [ - int HMAC_Update(void); - (void)HMAC_Update(); - ],[ - AC_DEFINE([HAVE_HMAC_UPDATE], 1, - [If you have HMAC_Update]) - AC_MSG_RESULT(yes) - ],[ - AC_MSG_RESULT(no) - LIBS="$BAKLIBS" - LIBSSL_LIBS="$BAKSSLLIBS" - LIBS="$LIBS -ldl" - LIBSSL_LIBS="$LIBSSL_LIBS -ldl" - AC_MSG_CHECKING([if -lcrypto needs -ldl]) - AC_TRY_LINK([], [ - int HMAC_Update(void); - (void)HMAC_Update(); - ],[ - AC_DEFINE([HAVE_HMAC_UPDATE], 1, - [If you have HMAC_Update]) - AC_MSG_RESULT(yes) - ],[ - AC_MSG_RESULT(no) - LIBS="$BAKLIBS" - LIBSSL_LIBS="$BAKSSLLIBS" - LIBS="$LIBS -ldl -pthread" - LIBSSL_LIBS="$LIBSSL_LIBS -ldl -pthread" - AC_MSG_CHECKING([if -lcrypto needs -ldl -pthread]) - AC_TRY_LINK([], [ - int HMAC_Update(void); - (void)HMAC_Update(); - ],[ - AC_DEFINE([HAVE_HMAC_UPDATE], 1, - [If you have HMAC_Update]) - AC_MSG_RESULT(yes) - ],[ - AC_MSG_RESULT(no) - AC_MSG_ERROR([OpenSSL found in $ssldir, but version 0.9.7 or higher is required]) - ]) - ]) - ]) - ]) - fi - AC_SUBST(HAVE_SSL) - AC_SUBST(RUNTIME_PATH) - fi -AC_CHECK_HEADERS([openssl/ssl.h],,, [AC_INCLUDES_DEFAULT]) -AC_CHECK_HEADERS([openssl/err.h],,, [AC_INCLUDES_DEFAULT]) -AC_CHECK_HEADERS([openssl/rand.h],,, [AC_INCLUDES_DEFAULT]) -])dnl End of ACX_SSL_CHECKS - -dnl Check for SSL, where SSL is mandatory -dnl Adds --with-ssl option, searches for openssl and defines HAVE_SSL if found -dnl Setup of CPPFLAGS, CFLAGS. Adds -lcrypto to LIBS. -dnl Checks main header files of SSL. -dnl -AC_DEFUN([ACX_WITH_SSL], -[ -AC_ARG_WITH(ssl, AC_HELP_STRING([--with-ssl=pathname], - [enable SSL (will check /usr/local/ssl - /usr/lib/ssl /usr/ssl /usr/pkg /usr/local /opt/local /usr/sfw /usr)]),[ - ],[ - withval="yes" - ]) - if test x_$withval = x_no; then - AC_MSG_ERROR([Need SSL library to do digital signature cryptography]) - fi - ACX_SSL_CHECKS($withval) -])dnl End of ACX_WITH_SSL - -dnl Check for SSL, where ssl is optional (--without-ssl is allowed) -dnl Adds --with-ssl option, searches for openssl and defines HAVE_SSL if found -dnl Setup of CPPFLAGS, CFLAGS. Adds -lcrypto to LIBS. -dnl Checks main header files of SSL. -dnl -AC_DEFUN([ACX_WITH_SSL_OPTIONAL], -[ -AC_ARG_WITH(ssl, AC_HELP_STRING([--with-ssl=pathname], - [enable SSL (will check /usr/local/ssl - /usr/lib/ssl /usr/ssl /usr/pkg /usr/local /opt/local /usr/sfw /usr)]),[ - ],[ - withval="yes" - ]) - ACX_SSL_CHECKS($withval) -])dnl End of ACX_WITH_SSL_OPTIONAL - -dnl Setup to use -lssl -dnl To use -lcrypto, use the ACX_WITH_SSL setup (before this one). -AC_DEFUN([ACX_LIB_SSL], -[ -# check if libssl needs libdl -BAKLIBS="$LIBS" -LIBS="-lssl $LIBS" -AC_MSG_CHECKING([if libssl needs libdl]) -AC_TRY_LINK_FUNC([SSL_CTX_new], [ - AC_MSG_RESULT([no]) - LIBS="$BAKLIBS" -] , [ - AC_MSG_RESULT([yes]) - LIBS="$BAKLIBS" - AC_SEARCH_LIBS([dlopen], [dl]) -]) ])dnl End of ACX_LIB_SSL - -dnl Setup to use very large files (>2Gb). -dnl setups fseeko and its own -AC_DEFUN([ACX_SYS_LARGEFILE], -[ -AC_SYS_LARGEFILE -dnl try to see if an additional _LARGEFILE_SOURCE 1 is needed to get fseeko -ACX_CHECK_COMPILER_FLAG_NEEDED(-D_LARGEFILE_SOURCE=1, -[ -#include -int test() { - int a = fseeko(stdin, 0, 0); - return a; -} -], [CFLAGS="$CFLAGS -D_LARGEFILE_SOURCE=1"]) -]) - -dnl Check getaddrinfo. -dnl Works on linux, solaris, bsd and windows(links winsock). -dnl defines HAVE_GETADDRINFO, USE_WINSOCK. -AC_DEFUN([ACX_CHECK_GETADDRINFO_WITH_INCLUDES], -[AC_REQUIRE([AC_PROG_CC]) -AC_MSG_CHECKING(for getaddrinfo) -ac_cv_func_getaddrinfo=no -AC_LINK_IFELSE( -[AC_LANG_SOURCE([[ -#ifdef __cplusplus -extern "C" -{ -#endif -char* getaddrinfo(); -char* (*f) () = getaddrinfo; -#ifdef __cplusplus -} -#endif -int main() { - ; - return 0; -} -]])], -dnl this case on linux, solaris, bsd -[ac_cv_func_getaddrinfo="yes" -dnl see if on windows -if test "$ac_cv_header_windows_h" = "yes"; then - AC_DEFINE(USE_WINSOCK, 1, [Whether the windows socket API is used]) - USE_WINSOCK="1" - LIBS="$LIBS -lws2_32" -fi -], -dnl no quick getaddrinfo, try mingw32 and winsock2 library. -ORIGLIBS="$LIBS" -LIBS="$LIBS -lws2_32" -AC_LINK_IFELSE( -[AC_LANG_PROGRAM( -[ -#ifdef HAVE_WS2TCPIP_H -#include -#endif -], -[ - (void)getaddrinfo(NULL, NULL, NULL, NULL); -] -)], -[ -ac_cv_func_getaddrinfo="yes" -dnl already: LIBS="$LIBS -lws2_32" -AC_DEFINE(USE_WINSOCK, 1, [Whether the windows socket API is used]) -USE_WINSOCK="1" -], -[ -ac_cv_func_getaddrinfo="no" -LIBS="$ORIGLIBS" -]) -) - -AC_MSG_RESULT($ac_cv_func_getaddrinfo) -if test $ac_cv_func_getaddrinfo = yes; then - AC_DEFINE(HAVE_GETADDRINFO, 1, [Whether getaddrinfo is available]) -fi -])dnl Endof AC_CHECK_GETADDRINFO_WITH_INCLUDES - -dnl check if a function is deprecated. defines DEPRECATED_func in config.h. -dnl $1: function name -dnl $2: C-statement that calls the function. -dnl $3: includes for the program. -dnl $4: executes if yes -dnl $5: executes if no -AC_DEFUN([ACX_FUNC_DEPRECATED], -[ -AC_REQUIRE([AC_PROG_CC]) -AC_MSG_CHECKING(if $1 is deprecated) -cache=`echo $1 | sed 'y%.=/+-%___p_%'` -AC_CACHE_VAL(cv_cc_deprecated_$cache, -[ -echo '$3' >conftest.c -echo 'void f(){ $2 }' >>conftest.c -if test -z "`$CC -c conftest.c 2>&1 | grep deprecated`"; then -eval "cv_cc_deprecated_$cache=no" -else -eval "cv_cc_deprecated_$cache=yes" -fi -rm -f conftest conftest.o conftest.c -]) -if eval "test \"`echo '$cv_cc_deprecated_'$cache`\" = yes"; then -AC_MSG_RESULT(yes) -AC_DEFINE_UNQUOTED(AS_TR_CPP([DEPRECATED_$1]), 1, [Whether $1 is deprecated]) -: -$4 -else -AC_MSG_RESULT(no) -: -$5 -fi -])dnl end of ACX_FUNC_DEPRECATED - -dnl check if select and nonblocking sockets actually work. -dnl Needs fork(2) and select(2). -dnl defines NONBLOCKING_IS_BROKEN, and if that is true multiple reads from -dnl a nonblocking socket do not work, a new call to select is necessary. -AC_DEFUN([ACX_CHECK_NONBLOCKING_BROKEN], -[ -AC_MSG_CHECKING([if nonblocking sockets work]) -if echo $target | grep mingw32 >/dev/null; then - AC_MSG_RESULT([no (windows)]) - AC_DEFINE([NONBLOCKING_IS_BROKEN], 1, [Define if the network stack does not fully support nonblocking io (causes lower performance).]) -else -AC_RUN_IFELSE([ -AC_LANG_SOURCE([[ -#include -#include -#include -#include -#include -#ifdef HAVE_SYS_TYPES_H -#include -#endif -#ifdef HAVE_SYS_SOCKET_H -#include -#endif -#ifdef HAVE_NETINET_IN_H -#include -#endif -#ifdef HAVE_ARPA_INET_H -#include -#endif -#ifdef HAVE_UNISTD_H -#include -#endif -#ifdef HAVE_TIME_H -#include -#endif - -int main(void) -{ - int port; - int sfd, cfd; - int num = 10; - int i, p; - struct sockaddr_in a; - /* test if select and nonblocking reads work well together */ - /* open port. - fork child to send 10 messages. - select to read. - then try to nonblocking read the 10 messages - then, nonblocking read must give EAGAIN - */ - - port = 12345 + (time(0)%32); - sfd = socket(PF_INET, SOCK_DGRAM, 0); - if(sfd == -1) { - perror("socket"); - return 1; - } - memset(&a, 0, sizeof(a)); - a.sin_family = AF_INET; - a.sin_port = htons(port); - a.sin_addr.s_addr = inet_addr("127.0.0.1"); - if(bind(sfd, (struct sockaddr*)&a, sizeof(a)) < 0) { - perror("bind"); - return 1; - } - if(fcntl(sfd, F_SETFL, O_NONBLOCK) == -1) { - perror("fcntl"); - return 1; - } - - cfd = socket(PF_INET, SOCK_DGRAM, 0); - if(cfd == -1) { - perror("client socket"); - return 1; - } - a.sin_port = 0; - if(bind(cfd, (struct sockaddr*)&a, sizeof(a)) < 0) { - perror("client bind"); - return 1; - } - a.sin_port = htons(port); - - /* no handler, causes exit in 10 seconds */ - alarm(10); - - /* send and receive on the socket */ - if((p=fork()) == 0) { - for(i=0; i -#include -#ifdef HAVE_WINSOCK2_H -#include -#endif -#ifdef HAVE_SYS_STAT_H -#include -#endif -], [ - (void)mkdir("directory"); -], -AC_MSG_RESULT(yes) -AC_DEFINE(MKDIR_HAS_ONE_ARG, 1, [Define if mkdir has one argument.]) -, -AC_MSG_RESULT(no) -) -])dnl end of ACX_MKDIR_ONE_ARG - -dnl Check for ioctlsocket function. works on mingw32 too. -AC_DEFUN([ACX_FUNC_IOCTLSOCKET], -[ -# check ioctlsocket -AC_MSG_CHECKING(for ioctlsocket) -AC_LINK_IFELSE([AC_LANG_PROGRAM([ -#ifdef HAVE_WINSOCK2_H -#include -#endif -], [ - (void)ioctlsocket(0, 0, NULL); -])], [ -AC_MSG_RESULT(yes) -AC_DEFINE(HAVE_IOCTLSOCKET, 1, [if the function 'ioctlsocket' is available]) -],[AC_MSG_RESULT(no)]) -])dnl end of ACX_FUNC_IOCTLSOCKET - -dnl detect malloc and provide malloc compat prototype. -dnl $1: unique name for compat code -AC_DEFUN([ACX_FUNC_MALLOC], -[ - AC_MSG_CHECKING([for GNU libc compatible malloc]) - AC_RUN_IFELSE([AC_LANG_PROGRAM( -[[#if defined STDC_HEADERS || defined HAVE_STDLIB_H -#include -#else -char *malloc (); -#endif -]], [ if(malloc(0) != 0) return 1;]) -], - [AC_MSG_RESULT([no]) - AC_LIBOBJ(malloc) - AC_DEFINE_UNQUOTED([malloc], [rpl_malloc_$1], [Define if replacement function should be used.])] , - [AC_MSG_RESULT([yes]) - AC_DEFINE([HAVE_MALLOC], 1, [If have GNU libc compatible malloc])], - [AC_MSG_RESULT([no (crosscompile)]) - AC_LIBOBJ(malloc) - AC_DEFINE_UNQUOTED([malloc], [rpl_malloc_$1], [Define if replacement function should be used.])] ) -]) - -dnl Define fallback for fseeko and ftello if needed. -AC_DEFUN([AHX_CONFIG_FSEEKO], -[ -#ifndef HAVE_FSEEKO -#define fseeko fseek -#define ftello ftell -#endif /* HAVE_FSEEKO */ -]) - -dnl Define RAND_MAX if not defined -AC_DEFUN([AHX_CONFIG_RAND_MAX], -[ -#ifndef RAND_MAX -#define RAND_MAX 2147483647 -#endif -]) - -dnl Define MAXHOSTNAMELEN if not defined -AC_DEFUN([AHX_CONFIG_MAXHOSTNAMELEN], -[ -#ifndef MAXHOSTNAMELEN -#define MAXHOSTNAMELEN 256 -#endif -]) - -dnl Define IPV6_MIN_MTU if not defined -AC_DEFUN([AHX_CONFIG_IPV6_MIN_MTU], -[ -#ifndef IPV6_MIN_MTU -#define IPV6_MIN_MTU 1280 -#endif /* IPV6_MIN_MTU */ -]) - -dnl provide snprintf, vsnprintf compat prototype -dnl $1: unique name for compat code -AC_DEFUN([AHX_CONFIG_SNPRINTF], -[ -#ifndef HAVE_SNPRINTF -#define snprintf snprintf_$1 -#define vsnprintf vsnprintf_$1 -#include -int snprintf (char *str, size_t count, const char *fmt, ...); -int vsnprintf (char *str, size_t count, const char *fmt, va_list arg); -#endif /* HAVE_SNPRINTF */ -]) - -dnl provide inet_pton compat prototype. -dnl $1: unique name for compat code -AC_DEFUN([AHX_CONFIG_INET_PTON], -[ -#ifndef HAVE_INET_PTON -#define inet_pton inet_pton_$1 -int inet_pton(int af, const char* src, void* dst); -#endif /* HAVE_INET_PTON */ -]) - -dnl provide inet_ntop compat prototype. -dnl $1: unique name for compat code -AC_DEFUN([AHX_CONFIG_INET_NTOP], -[ -#ifndef HAVE_INET_NTOP -#define inet_ntop inet_ntop_$1 -const char *inet_ntop(int af, const void *src, char *dst, size_t size); -#endif -]) - -dnl provide inet_aton compat prototype. -dnl $1: unique name for compat code -AC_DEFUN([AHX_CONFIG_INET_ATON], -[ -#ifndef HAVE_INET_ATON -#define inet_aton inet_aton_$1 -int inet_aton(const char *cp, struct in_addr *addr); -#endif -]) - -dnl provide memmove compat prototype. -dnl $1: unique name for compat code -AC_DEFUN([AHX_CONFIG_MEMMOVE], -[ -#ifndef HAVE_MEMMOVE -#define memmove memmove_$1 -void *memmove(void *dest, const void *src, size_t n); -#endif -]) - -dnl provide strlcat compat prototype. -dnl $1: unique name for compat code -AC_DEFUN([AHX_CONFIG_STRLCAT], -[ -#ifndef HAVE_STRLCAT -#define strlcat strlcat_$1 -size_t strlcat(char *dst, const char *src, size_t siz); -#endif -]) - -dnl provide strlcpy compat prototype. -dnl $1: unique name for compat code -AC_DEFUN([AHX_CONFIG_STRLCPY], -[ -#ifndef HAVE_STRLCPY -#define strlcpy strlcpy_$1 -size_t strlcpy(char *dst, const char *src, size_t siz); -#endif -]) - -dnl provide gmtime_r compat prototype. -dnl $1: unique name for compat code -AC_DEFUN([AHX_CONFIG_GMTIME_R], -[ -#ifndef HAVE_GMTIME_R -#define gmtime_r gmtime_r_$1 -struct tm *gmtime_r(const time_t *timep, struct tm *result); -#endif -]) - -dnl provide reallocarray compat prototype. -dnl $1: unique name for compat code -AC_DEFUN([AHX_CONFIG_REALLOCARRAY], -[ -#ifndef HAVE_REALLOCARRAY -#define reallocarray reallocarray$1 -void* reallocarray(void *ptr, size_t nmemb, size_t size); -#endif -]) - -dnl provide w32 compat definition for sleep -AC_DEFUN([AHX_CONFIG_W32_SLEEP], -[ -#if !defined(HAVE_SLEEP) || defined(HAVE_WINDOWS_H) -#define sleep(x) Sleep((x)*1000) /* on win32 */ -#endif /* HAVE_SLEEP */ -]) - -dnl provide w32 compat definition for usleep -AC_DEFUN([AHX_CONFIG_W32_USLEEP], -[ -#ifndef HAVE_USLEEP -#define usleep(x) Sleep((x)/1000 + 1) /* on win32 */ -#endif /* HAVE_USLEEP */ -]) - -dnl provide w32 compat definition for random -AC_DEFUN([AHX_CONFIG_W32_RANDOM], -[ -#ifndef HAVE_RANDOM -#define random rand /* on win32, for tests only (bad random) */ -#endif /* HAVE_RANDOM */ -]) - -dnl provide w32 compat definition for srandom -AC_DEFUN([AHX_CONFIG_W32_SRANDOM], -[ -#ifndef HAVE_SRANDOM -#define srandom(x) srand(x) /* on win32, for tests only (bad random) */ -#endif /* HAVE_SRANDOM */ -]) - -dnl provide w32 compat definition for FD_SET_T -AC_DEFUN([AHX_CONFIG_W32_FD_SET_T], -[ -/* detect if we need to cast to unsigned int for FD_SET to avoid warnings */ -#ifdef HAVE_WINSOCK2_H -#define FD_SET_T (u_int) -#else -#define FD_SET_T -#endif -]) - -dnl Remove an extension flag from CFLAGS, define replacement to be made. -dnl Used by ACX_STRIP_EXT_FLAGS. -dnl $1: the name of the flag, for example -D_GNU_SOURCE. -AC_DEFUN([ACX_CFLAGS_STRIP], -[ - if echo $CFLAGS | grep " $1" >/dev/null 2>&1; then - CFLAGS="`echo $CFLAGS | sed -e 's/ $1//g'`" - AC_DEFINE(m4_bpatsubst(OMITTED_$1,[[-=]],_), 1, Put $1 define in config.h) - fi -]) - -dnl Remove EXT flags from the CFLAGS and set them to be defined in config.h -dnl use with ACX_DETERMINE_EXT_FLAGS. -AC_DEFUN([ACX_STRIP_EXT_FLAGS], -[ - AC_MSG_NOTICE([Stripping extension flags...]) - ACX_CFLAGS_STRIP(-D_GNU_SOURCE) - ACX_CFLAGS_STRIP(-D_BSD_SOURCE) - ACX_CFLAGS_STRIP(-D_DEFAULT_SOURCE) - ACX_CFLAGS_STRIP(-D__EXTENSIONS__) - ACX_CFLAGS_STRIP(-D_POSIX_C_SOURCE=200112) - ACX_CFLAGS_STRIP(-D_XOPEN_SOURCE=600) - ACX_CFLAGS_STRIP(-D_XOPEN_SOURCE_EXTENDED=1) - ACX_CFLAGS_STRIP(-D_ALL_SOURCE) - ACX_CFLAGS_STRIP(-D_LARGEFILE_SOURCE=1) -]) dnl End of ACX_STRIP_EXT_FLAGS - -dnl define one omitted flag for config.h -dnl $1: flag name. -D_GNU_SOURCE -dnl $2: replacement define. _GNU_SOURCE -dnl $3: define value, 1 -AC_DEFUN([AHX_CONFIG_FLAG_OMITTED], -[#if defined($1) && !defined($2) -#define $2 $3 -[#]endif ]) - -dnl Wrapper for AHX_CONFIG_FLAG_OMITTED for -D style flags -dnl $1: the -DNAME or -DNAME=value string. -AC_DEFUN([AHX_CONFIG_FLAG_EXT], -[AHX_CONFIG_FLAG_OMITTED(m4_bpatsubst(OMITTED_$1,[[-=]],_),m4_bpatsubst(m4_bpatsubst($1,-D,),=.*$,),m4_if(m4_bregexp($1,=),-1,1,m4_bpatsubst($1,^.*=,))) -]) - -dnl config.h part to define omitted cflags, use with ACX_STRIP_EXT_FLAGS. -AC_DEFUN([AHX_CONFIG_EXT_FLAGS], -[AHX_CONFIG_FLAG_EXT(-D_GNU_SOURCE) -AHX_CONFIG_FLAG_EXT(-D_BSD_SOURCE) -AHX_CONFIG_FLAG_EXT(-D_DEFAULT_SOURCE) -AHX_CONFIG_FLAG_EXT(-D__EXTENSIONS__) -AHX_CONFIG_FLAG_EXT(-D_POSIX_C_SOURCE=200112) -AHX_CONFIG_FLAG_EXT(-D_XOPEN_SOURCE=600) -AHX_CONFIG_FLAG_EXT(-D_XOPEN_SOURCE_EXTENDED=1) -AHX_CONFIG_FLAG_EXT(-D_ALL_SOURCE) -AHX_CONFIG_FLAG_EXT(-D_LARGEFILE_SOURCE=1) -]) - -dnl check if memcmp is using signed characters and replace if so. -AC_DEFUN([ACX_CHECK_MEMCMP_SIGNED], -[AC_MSG_CHECKING([if memcmp compares unsigned]) -AC_RUN_IFELSE([AC_LANG_SOURCE([[ -#include -#include -#include -int main(void) -{ - char a = 255, b = 0; - if(memcmp(&a, &b, 1) < 0) - return 1; - return 0; -} -]])], [AC_MSG_RESULT([yes]) ], -[ AC_MSG_RESULT([no]) - AC_DEFINE([MEMCMP_IS_BROKEN], [1], [Define if memcmp() does not compare unsigned bytes]) - AC_LIBOBJ([memcmp]) -], [ AC_MSG_RESULT([cross-compile no]) - AC_DEFINE([MEMCMP_IS_BROKEN], [1], [Define if memcmp() does not compare unsigned bytes]) - AC_LIBOBJ([memcmp]) -]) ]) - -dnl define memcmp to its replacement, pass unique id for program as arg -AC_DEFUN([AHX_MEMCMP_BROKEN], [ -#ifdef MEMCMP_IS_BROKEN -#include "compat/memcmp.h" -#define memcmp memcmp_$1 -int memcmp(const void *x, const void *y, size_t n); -#endif -]) - -dnl ACX_CHECK_SS_FAMILY - check for sockaddr_storage.ss_family -AC_DEFUN([ACX_CHECK_SS_FAMILY], -[AC_CHECK_MEMBER([struct sockaddr_storage.ss_family], [], [ - AC_CHECK_MEMBER([struct sockaddr_storage.__ss_family], [ - AC_DEFINE([ss_family], [__ss_family], [Fallback member name for socket family in struct sockaddr_storage]) - ],, [AC_INCLUDES_DEFAULT -#ifdef HAVE_NETINET_IN_H -#include -#endif -#ifdef HAVE_SYS_SOCKET_H -#include -#endif -#ifdef HAVE_NETDB_H -#include -#endif -#ifdef HAVE_ARPA_INET_H -#include -#endif - ]) -], [AC_INCLUDES_DEFAULT -#ifdef HAVE_NETINET_IN_H -#include -#endif -#ifdef HAVE_SYS_SOCKET_H -#include -#endif -#ifdef HAVE_NETDB_H -#include -#endif -#ifdef HAVE_ARPA_INET_H -#include -#endif -]) ]) - -dnl Check if CC and linker support -fPIE and -pie. -dnl If so, sets them in CFLAGS / LDFLAGS. -AC_DEFUN([ACX_CHECK_PIE], [ - AC_ARG_ENABLE([pie], AS_HELP_STRING([--enable-pie], [Enable Position-Independent Executable (eg. to fully benefit from ASLR, small performance penalty)])) - AS_IF([test "x$enable_pie" = "xyes"], [ - AC_MSG_CHECKING([if $CC supports PIE]) - BAKLDFLAGS="$LDFLAGS" - BAKCFLAGS="$CFLAGS" - LDFLAGS="$LDFLAGS -pie" - CFLAGS="$CFLAGS -fPIE" - AC_LINK_IFELSE([AC_LANG_PROGRAM([], [])], [ - if $CC $CFLAGS $LDFLAGS -o conftest conftest.c 2>&1 | grep "warning: no debug symbols in executable" >/dev/null; then - LDFLAGS="$BAKLDFLAGS" - AC_MSG_RESULT(no) - else - AC_MSG_RESULT(yes) - fi - rm -f conftest conftest.c conftest.o - ], [LDFLAGS="$BAKLDFLAGS" ; CFLAGS="$BAKCFLAGS" ; AC_MSG_RESULT(no)]) - ]) -]) - -dnl Check if linker supports -Wl,-z,relro,-z,now. -dnl If so, adds it to LDFLAGS. -AC_DEFUN([ACX_CHECK_RELRO_NOW], [ - AC_ARG_ENABLE([relro_now], AS_HELP_STRING([--enable-relro-now], [Enable full relocation binding at load-time (RELRO NOW, to protect GOT and .dtor areas)])) - AS_IF([test "x$enable_relro_now" = "xyes"], [ - AC_MSG_CHECKING([if $CC supports -Wl,-z,relro,-z,now]) - BAKLDFLAGS="$LDFLAGS" - LDFLAGS="$LDFLAGS -Wl,-z,relro,-z,now" - AC_LINK_IFELSE([AC_LANG_PROGRAM([], [])], [ - if $CC $CFLAGS $LDFLAGS -o conftest conftest.c 2>&1 | grep "warning: no debug symbols in executable" >/dev/null; then - LDFLAGS="$BAKLDFLAGS" - AC_MSG_RESULT(no) - else - AC_MSG_RESULT(yes) - fi - rm -f conftest conftest.c conftest.o - ], [LDFLAGS="$BAKLDFLAGS" ; AC_MSG_RESULT(no)]) - ]) -]) - -dnl End of file diff --git a/external/unbound/acx_python.m4 b/external/unbound/acx_python.m4 deleted file mode 100644 index 2940971f1..000000000 --- a/external/unbound/acx_python.m4 +++ /dev/null @@ -1,114 +0,0 @@ -AC_DEFUN([AC_PYTHON_DEVEL],[ - # - # Allow the use of a (user set) custom python version - # - AC_ARG_VAR([PYTHON_VERSION],[The installed Python - version to use, for example '2.3'. This string - will be appended to the Python interpreter - canonical name.]) - - AC_PATH_PROG([PYTHON],[python[$PYTHON_VERSION]]) - if test -z "$PYTHON"; then - AC_MSG_ERROR([Cannot find python$PYTHON_VERSION in your system path]) - PYTHON_VERSION="" - fi - - if test -z "$PYTHON_VERSION"; then - PYTHON_VERSION=`$PYTHON -c "import sys; \ - print(sys.version.split()[[0]])"` - fi - - # - # Check if you have distutils, else fail - # - AC_MSG_CHECKING([for the distutils Python package]) - if ac_distutils_result=`$PYTHON -c "import distutils" 2>&1`; then - AC_MSG_RESULT([yes]) - else - AC_MSG_RESULT([no]) - AC_MSG_ERROR([cannot import Python module "distutils". -Please check your Python installation. The error was: -$ac_distutils_result]) - PYTHON_VERSION="" - fi - - # - # Check for Python include path - # - AC_MSG_CHECKING([for Python include path]) - if test -z "$PYTHON_CPPFLAGS"; then - python_path=`$PYTHON -c "import distutils.sysconfig; \ - print(distutils.sysconfig.get_python_inc());"` - if test -n "${python_path}"; then - python_path="-I$python_path" - fi - PYTHON_CPPFLAGS=$python_path - fi - AC_MSG_RESULT([$PYTHON_CPPFLAGS]) - AC_SUBST([PYTHON_CPPFLAGS]) - - # - # Check for Python library path - # - AC_MSG_CHECKING([for Python library path]) - if test -z "$PYTHON_LDFLAGS"; then - PYTHON_LDFLAGS=`$PYTHON -c "from distutils.sysconfig import *; \ - print('-L'+get_config_var('LIBDIR')+' -L'+get_config_var('LIBDEST')+' '+get_config_var('BLDLIBRARY'));"` - fi - AC_MSG_RESULT([$PYTHON_LDFLAGS]) - AC_SUBST([PYTHON_LDFLAGS]) - - # - # Check for site packages - # - AC_MSG_CHECKING([for Python site-packages path]) - if test -z "$PYTHON_SITE_PKG"; then - PYTHON_SITE_PKG=`$PYTHON -c "import distutils.sysconfig; \ - print(distutils.sysconfig.get_python_lib(1,0));"` - fi - AC_MSG_RESULT([$PYTHON_SITE_PKG]) - AC_SUBST([PYTHON_SITE_PKG]) - - # - # final check to see if everything compiles alright - # - AC_MSG_CHECKING([consistency of all components of python development environment]) - AC_LANG_PUSH([C]) - # save current global flags - ac_save_LIBS="$LIBS" - ac_save_CPPFLAGS="$CPPFLAGS" - - LIBS="$LIBS $PYTHON_LDFLAGS" - CPPFLAGS="$CPPFLAGS $PYTHON_CPPFLAGS" - AC_TRY_LINK([ - #include - ],[ - Py_Initialize(); - ],[pythonexists=yes],[pythonexists=no]) - - AC_MSG_RESULT([$pythonexists]) - - if test ! "$pythonexists" = "yes"; then - AC_MSG_ERROR([ - Could not link test program to Python. Maybe the main Python library has been - installed in some non-standard library path. If so, pass it to configure, - via the LDFLAGS environment variable. - Example: ./configure LDFLAGS="-L/usr/non-standard-path/python/lib" - ============================================================================ - ERROR! - You probably have to install the development version of the Python package - for your distribution. The exact name of this package varies among them. - ============================================================================ - ]) - PYTHON_VERSION="" - fi - AC_LANG_POP - # turn back to default flags - CPPFLAGS="$ac_save_CPPFLAGS" - LIBS="$ac_save_LIBS" - - # - # all done! - # -]) - diff --git a/external/unbound/ax_pthread.m4 b/external/unbound/ax_pthread.m4 deleted file mode 100644 index ff7d2a67e..000000000 --- a/external/unbound/ax_pthread.m4 +++ /dev/null @@ -1,332 +0,0 @@ -# =========================================================================== -# http://www.gnu.org/software/autoconf-archive/ax_pthread.html -# =========================================================================== -# -# SYNOPSIS -# -# AX_PTHREAD([ACTION-IF-FOUND[, ACTION-IF-NOT-FOUND]]) -# -# DESCRIPTION -# -# This macro figures out how to build C programs using POSIX threads. It -# sets the PTHREAD_LIBS output variable to the threads library and linker -# flags, and the PTHREAD_CFLAGS output variable to any special C compiler -# flags that are needed. (The user can also force certain compiler -# flags/libs to be tested by setting these environment variables.) -# -# Also sets PTHREAD_CC to any special C compiler that is needed for -# multi-threaded programs (defaults to the value of CC otherwise). (This -# is necessary on AIX to use the special cc_r compiler alias.) -# -# NOTE: You are assumed to not only compile your program with these flags, -# but also link it with them as well. e.g. you should link with -# $PTHREAD_CC $CFLAGS $PTHREAD_CFLAGS $LDFLAGS ... $PTHREAD_LIBS $LIBS -# -# If you are only building threads programs, you may wish to use these -# variables in your default LIBS, CFLAGS, and CC: -# -# LIBS="$PTHREAD_LIBS $LIBS" -# CFLAGS="$CFLAGS $PTHREAD_CFLAGS" -# CC="$PTHREAD_CC" -# -# In addition, if the PTHREAD_CREATE_JOINABLE thread-attribute constant -# has a nonstandard name, defines PTHREAD_CREATE_JOINABLE to that name -# (e.g. PTHREAD_CREATE_UNDETACHED on AIX). -# -# Also HAVE_PTHREAD_PRIO_INHERIT is defined if pthread is found and the -# PTHREAD_PRIO_INHERIT symbol is defined when compiling with -# PTHREAD_CFLAGS. -# -# ACTION-IF-FOUND is a list of shell commands to run if a threads library -# is found, and ACTION-IF-NOT-FOUND is a list of commands to run it if it -# is not found. If ACTION-IF-FOUND is not specified, the default action -# will define HAVE_PTHREAD. -# -# Please let the authors know if this macro fails on any platform, or if -# you have any other suggestions or comments. This macro was based on work -# by SGJ on autoconf scripts for FFTW (http://www.fftw.org/) (with help -# from M. Frigo), as well as ac_pthread and hb_pthread macros posted by -# Alejandro Forero Cuervo to the autoconf macro repository. We are also -# grateful for the helpful feedback of numerous users. -# -# Updated for Autoconf 2.68 by Daniel Richard G. -# -# LICENSE -# -# Copyright (c) 2008 Steven G. Johnson -# Copyright (c) 2011 Daniel Richard G. -# -# This program is free software: you can redistribute it and/or modify it -# under the terms of the GNU General Public License as published by the -# Free Software Foundation, either version 3 of the License, or (at your -# option) any later version. -# -# This program is distributed in the hope that it will be useful, but -# WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General -# Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program. If not, see . -# -# As a special exception, the respective Autoconf Macro's copyright owner -# gives unlimited permission to copy, distribute and modify the configure -# scripts that are the output of Autoconf when processing the Macro. You -# need not follow the terms of the GNU General Public License when using -# or distributing such scripts, even though portions of the text of the -# Macro appear in them. The GNU General Public License (GPL) does govern -# all other use of the material that constitutes the Autoconf Macro. -# -# This special exception to the GPL applies to versions of the Autoconf -# Macro released by the Autoconf Archive. When you make and distribute a -# modified version of the Autoconf Macro, you may extend this special -# exception to the GPL to apply to your modified version as well. - -#serial 21 - -AU_ALIAS([ACX_PTHREAD], [AX_PTHREAD]) -AC_DEFUN([AX_PTHREAD], [ -AC_REQUIRE([AC_CANONICAL_HOST]) -AC_LANG_PUSH([C]) -ax_pthread_ok=no - -# We used to check for pthread.h first, but this fails if pthread.h -# requires special compiler flags (e.g. on True64 or Sequent). -# It gets checked for in the link test anyway. - -# First of all, check if the user has set any of the PTHREAD_LIBS, -# etcetera environment variables, and if threads linking works using -# them: -if test x"$PTHREAD_LIBS$PTHREAD_CFLAGS" != x; then - save_CFLAGS="$CFLAGS" - CFLAGS="$CFLAGS $PTHREAD_CFLAGS" - save_LIBS="$LIBS" - LIBS="$PTHREAD_LIBS $LIBS" - AC_MSG_CHECKING([for pthread_join in LIBS=$PTHREAD_LIBS with CFLAGS=$PTHREAD_CFLAGS]) - AC_TRY_LINK_FUNC([pthread_join], [ax_pthread_ok=yes]) - AC_MSG_RESULT([$ax_pthread_ok]) - if test x"$ax_pthread_ok" = xno; then - PTHREAD_LIBS="" - PTHREAD_CFLAGS="" - fi - LIBS="$save_LIBS" - CFLAGS="$save_CFLAGS" -fi - -# We must check for the threads library under a number of different -# names; the ordering is very important because some systems -# (e.g. DEC) have both -lpthread and -lpthreads, where one of the -# libraries is broken (non-POSIX). - -# Create a list of thread flags to try. Items starting with a "-" are -# C compiler flags, and other items are library names, except for "none" -# which indicates that we try without any flags at all, and "pthread-config" -# which is a program returning the flags for the Pth emulation library. - -ax_pthread_flags="pthreads none -Kthread -kthread lthread -pthread -pthreads -mthreads pthread --thread-safe -mt pthread-config" - -# The ordering *is* (sometimes) important. Some notes on the -# individual items follow: - -# pthreads: AIX (must check this before -lpthread) -# none: in case threads are in libc; should be tried before -Kthread and -# other compiler flags to prevent continual compiler warnings -# -Kthread: Sequent (threads in libc, but -Kthread needed for pthread.h) -# -kthread: FreeBSD kernel threads (preferred to -pthread since SMP-able) -# lthread: LinuxThreads port on FreeBSD (also preferred to -pthread) -# -pthread: Linux/gcc (kernel threads), BSD/gcc (userland threads) -# -pthreads: Solaris/gcc -# -mthreads: Mingw32/gcc, Lynx/gcc -# -mt: Sun Workshop C (may only link SunOS threads [-lthread], but it -# doesn't hurt to check since this sometimes defines pthreads too; -# also defines -D_REENTRANT) -# ... -mt is also the pthreads flag for HP/aCC -# pthread: Linux, etcetera -# --thread-safe: KAI C++ -# pthread-config: use pthread-config program (for GNU Pth library) - -case ${host_os} in - solaris*) - - # On Solaris (at least, for some versions), libc contains stubbed - # (non-functional) versions of the pthreads routines, so link-based - # tests will erroneously succeed. (We need to link with -pthreads/-mt/ - # -lpthread.) (The stubs are missing pthread_cleanup_push, or rather - # a function called by this macro, so we could check for that, but - # who knows whether they'll stub that too in a future libc.) So, - # we'll just look for -pthreads and -lpthread first: - - ax_pthread_flags="-pthreads pthread -mt -pthread $ax_pthread_flags" - ;; - - darwin*) - ax_pthread_flags="-pthread $ax_pthread_flags" - ;; -esac - -# Clang doesn't consider unrecognized options an error unless we specify -# -Werror. We throw in some extra Clang-specific options to ensure that -# this doesn't happen for GCC, which also accepts -Werror. - -AC_MSG_CHECKING([if compiler needs -Werror to reject unknown flags]) -save_CFLAGS="$CFLAGS" -ax_pthread_extra_flags="-Werror" -CFLAGS="$CFLAGS $ax_pthread_extra_flags -Wunknown-warning-option -Wsizeof-array-argument" -AC_COMPILE_IFELSE([AC_LANG_PROGRAM([int foo(void);],[foo()])], - [AC_MSG_RESULT([yes])], - [ax_pthread_extra_flags= - AC_MSG_RESULT([no])]) -CFLAGS="$save_CFLAGS" - -if test x"$ax_pthread_ok" = xno; then -for flag in $ax_pthread_flags; do - - case $flag in - none) - AC_MSG_CHECKING([whether pthreads work without any flags]) - ;; - - -*) - AC_MSG_CHECKING([whether pthreads work with $flag]) - PTHREAD_CFLAGS="$flag" - ;; - - pthread-config) - AC_CHECK_PROG([ax_pthread_config], [pthread-config], [yes], [no]) - if test x"$ax_pthread_config" = xno; then continue; fi - PTHREAD_CFLAGS="`pthread-config --cflags`" - PTHREAD_LIBS="`pthread-config --ldflags` `pthread-config --libs`" - ;; - - *) - AC_MSG_CHECKING([for the pthreads library -l$flag]) - PTHREAD_LIBS="-l$flag" - ;; - esac - - save_LIBS="$LIBS" - save_CFLAGS="$CFLAGS" - LIBS="$PTHREAD_LIBS $LIBS" - CFLAGS="$CFLAGS $PTHREAD_CFLAGS $ax_pthread_extra_flags" - - # Check for various functions. We must include pthread.h, - # since some functions may be macros. (On the Sequent, we - # need a special flag -Kthread to make this header compile.) - # We check for pthread_join because it is in -lpthread on IRIX - # while pthread_create is in libc. We check for pthread_attr_init - # due to DEC craziness with -lpthreads. We check for - # pthread_cleanup_push because it is one of the few pthread - # functions on Solaris that doesn't have a non-functional libc stub. - # We try pthread_create on general principles. - AC_LINK_IFELSE([AC_LANG_PROGRAM([#include - static void routine(void *a) { *((int*)a) = 0; } - static void *start_routine(void *a) { return a; }], - [pthread_t th; pthread_attr_t attr; - pthread_create(&th, 0, start_routine, 0); - pthread_join(th, 0); - pthread_attr_init(&attr); - pthread_cleanup_push(routine, 0); - pthread_cleanup_pop(0) /* ; */])], - [ax_pthread_ok=yes], - []) - - LIBS="$save_LIBS" - CFLAGS="$save_CFLAGS" - - AC_MSG_RESULT([$ax_pthread_ok]) - if test "x$ax_pthread_ok" = xyes; then - break; - fi - - PTHREAD_LIBS="" - PTHREAD_CFLAGS="" -done -fi - -# Various other checks: -if test "x$ax_pthread_ok" = xyes; then - save_LIBS="$LIBS" - LIBS="$PTHREAD_LIBS $LIBS" - save_CFLAGS="$CFLAGS" - CFLAGS="$CFLAGS $PTHREAD_CFLAGS" - - # Detect AIX lossage: JOINABLE attribute is called UNDETACHED. - AC_MSG_CHECKING([for joinable pthread attribute]) - attr_name=unknown - for attr in PTHREAD_CREATE_JOINABLE PTHREAD_CREATE_UNDETACHED; do - AC_LINK_IFELSE([AC_LANG_PROGRAM([#include ], - [int attr = $attr; return attr /* ; */])], - [attr_name=$attr; break], - []) - done - AC_MSG_RESULT([$attr_name]) - if test "$attr_name" != PTHREAD_CREATE_JOINABLE; then - AC_DEFINE_UNQUOTED([PTHREAD_CREATE_JOINABLE], [$attr_name], - [Define to necessary symbol if this constant - uses a non-standard name on your system.]) - fi - - AC_MSG_CHECKING([if more special flags are required for pthreads]) - flag=no - case ${host_os} in - aix* | freebsd* | darwin*) flag="-D_THREAD_SAFE";; - osf* | hpux*) flag="-D_REENTRANT";; - solaris*) - if test "$GCC" = "yes"; then - flag="-D_REENTRANT" - else - # TODO: What about Clang on Solaris? - flag="-mt -D_REENTRANT" - fi - ;; - esac - AC_MSG_RESULT([$flag]) - if test "x$flag" != xno; then - PTHREAD_CFLAGS="$flag $PTHREAD_CFLAGS" - fi - - AC_CACHE_CHECK([for PTHREAD_PRIO_INHERIT], - [ax_cv_PTHREAD_PRIO_INHERIT], [ - AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include ]], - [[int i = PTHREAD_PRIO_INHERIT;]])], - [ax_cv_PTHREAD_PRIO_INHERIT=yes], - [ax_cv_PTHREAD_PRIO_INHERIT=no]) - ]) - AS_IF([test "x$ax_cv_PTHREAD_PRIO_INHERIT" = "xyes"], - [AC_DEFINE([HAVE_PTHREAD_PRIO_INHERIT], [1], [Have PTHREAD_PRIO_INHERIT.])]) - - LIBS="$save_LIBS" - CFLAGS="$save_CFLAGS" - - # More AIX lossage: compile with *_r variant - if test "x$GCC" != xyes; then - case $host_os in - aix*) - AS_CASE(["x/$CC"], - [x*/c89|x*/c89_128|x*/c99|x*/c99_128|x*/cc|x*/cc128|x*/xlc|x*/xlc_v6|x*/xlc128|x*/xlc128_v6], - [#handle absolute path differently from PATH based program lookup - AS_CASE(["x$CC"], - [x/*], - [AS_IF([AS_EXECUTABLE_P([${CC}_r])],[PTHREAD_CC="${CC}_r"])], - [AC_CHECK_PROGS([PTHREAD_CC],[${CC}_r],[$CC])])]) - ;; - esac - fi -fi - -test -n "$PTHREAD_CC" || PTHREAD_CC="$CC" - -AC_SUBST([PTHREAD_LIBS]) -AC_SUBST([PTHREAD_CFLAGS]) -AC_SUBST([PTHREAD_CC]) - -# Finally, execute ACTION-IF-FOUND/ACTION-IF-NOT-FOUND: -if test x"$ax_pthread_ok" = xyes; then - ifelse([$1],,[AC_DEFINE([HAVE_PTHREAD],[1],[Define if you have POSIX threads libraries and header files.])],[$1]) - : -else - ax_pthread_ok=no - $2 -fi -AC_LANG_POP -])dnl AX_PTHREAD diff --git a/external/unbound/compat/arc4_lock.c b/external/unbound/compat/arc4_lock.c deleted file mode 100644 index 0c45ad01b..000000000 --- a/external/unbound/compat/arc4_lock.c +++ /dev/null @@ -1,67 +0,0 @@ -/* arc4_lock.c - global lock for arc4random -* - * Copyright (c) 2014, NLnet Labs. All rights reserved. - * - * This software is open source. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * Redistributions of source code must retain the above copyright notice, - * this list of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, - * this list of conditions and the following disclaimer in the documentation - * and/or other materials provided with the distribution. - * - * Neither the name of the NLNET LABS nor the names of its contributors may - * be used to endorse or promote products derived from this software without - * specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR - * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT - * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED - * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR - * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF - * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING - * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -#include "config.h" -#define LOCKRET(func) func -#include "util/locks.h" - -void _ARC4_LOCK(void); -void _ARC4_UNLOCK(void); - -#ifdef THREADS_DISABLED -void _ARC4_LOCK(void) -{ -} - -void _ARC4_UNLOCK(void) -{ -} -#else /* !THREADS_DISABLED */ - -static lock_quick_type arc4lock; -static int arc4lockinit = 0; - -void _ARC4_LOCK(void) -{ - if(!arc4lockinit) { - arc4lockinit = 1; - lock_quick_init(&arc4lock); - } - lock_quick_lock(&arc4lock); -} - -void _ARC4_UNLOCK(void) -{ - lock_quick_unlock(&arc4lock); -} -#endif /* THREADS_DISABLED */ diff --git a/external/unbound/compat/arc4random.c b/external/unbound/compat/arc4random.c deleted file mode 100644 index a09665c5d..000000000 --- a/external/unbound/compat/arc4random.c +++ /dev/null @@ -1,236 +0,0 @@ -/* $OpenBSD: arc4random.c,v 1.41 2014/07/12 13:24:54 deraadt Exp $ */ - -/* - * Copyright (c) 1996, David Mazieres - * Copyright (c) 2008, Damien Miller - * Copyright (c) 2013, Markus Friedl - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR - * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN - * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF - * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ -#include "config.h" - -/* - * ChaCha based random number generator for OpenBSD. - */ - -#include -#include -#include -#ifdef HAVE_STDINT_H -#include -#endif -#include -#include -#include -#include -#include -#include -#ifndef UB_ON_WINDOWS -#include -#endif - -#define KEYSTREAM_ONLY -#include "chacha_private.h" - -#define arc4_min(a, b) ((a) < (b) ? (a) : (b)) -#ifdef __GNUC__ -#define inline __inline -#else /* !__GNUC__ */ -#define inline -#endif /* !__GNUC__ */ -#ifndef MAP_ANON -#define MAP_ANON MAP_ANONYMOUS -#endif - -#define KEYSZ 32 -#define IVSZ 8 -#define BLOCKSZ 64 -#define RSBUFSZ (16*BLOCKSZ) - -/* Marked MAP_INHERIT_ZERO, so zero'd out in fork children. */ -static struct { - size_t rs_have; /* valid bytes at end of rs_buf */ - size_t rs_count; /* bytes till reseed */ -} *rs; - -/* Preserved in fork children. */ -static struct { - chacha_ctx rs_chacha; /* chacha context for random keystream */ - u_char rs_buf[RSBUFSZ]; /* keystream blocks */ -} *rsx; - -static inline void _rs_rekey(u_char *dat, size_t datlen); - -static inline void -_rs_init(u_char *buf, size_t n) -{ - if (n < KEYSZ + IVSZ) - return; - - if (rs == NULL) { -#ifndef UB_ON_WINDOWS - if ((rs = mmap(NULL, sizeof(*rs), PROT_READ|PROT_WRITE, - MAP_ANON|MAP_PRIVATE, -1, 0)) == MAP_FAILED) - abort(); -#ifdef MAP_INHERIT_ZERO - if (minherit(rs, sizeof(*rs), MAP_INHERIT_ZERO) == -1) - abort(); -#endif -#else /* WINDOWS */ - rs = malloc(sizeof(*rs)); - if(!rs) - abort(); -#endif - } - if (rsx == NULL) { -#ifndef UB_ON_WINDOWS - if ((rsx = mmap(NULL, sizeof(*rsx), PROT_READ|PROT_WRITE, - MAP_ANON|MAP_PRIVATE, -1, 0)) == MAP_FAILED) - abort(); -#else /* WINDOWS */ - rsx = malloc(sizeof(*rsx)); - if(!rsx) - abort(); -#endif - } - - chacha_keysetup(&rsx->rs_chacha, buf, KEYSZ * 8, 0); - chacha_ivsetup(&rsx->rs_chacha, buf + KEYSZ); -} - -static void -_rs_stir(void) -{ - u_char rnd[KEYSZ + IVSZ]; - - if (getentropy(rnd, sizeof rnd) == -1) { -#ifdef SIGKILL - raise(SIGKILL); -#else - exit(9); /* windows */ -#endif - } - - if (!rs) - _rs_init(rnd, sizeof(rnd)); - else - _rs_rekey(rnd, sizeof(rnd)); - explicit_bzero(rnd, sizeof(rnd)); /* discard source seed */ - - /* invalidate rs_buf */ - rs->rs_have = 0; - memset(rsx->rs_buf, 0, sizeof(rsx->rs_buf)); - - rs->rs_count = 1600000; -} - -static inline void -_rs_stir_if_needed(size_t len) -{ -#ifndef MAP_INHERIT_ZERO - static pid_t _rs_pid = 0; - pid_t pid = getpid(); - - /* If a system lacks MAP_INHERIT_ZERO, resort to getpid() */ - if (_rs_pid == 0 || _rs_pid != pid) { - _rs_pid = pid; - if (rs) - rs->rs_count = 0; - } -#endif - if (!rs || rs->rs_count <= len) - _rs_stir(); - if (rs->rs_count <= len) - rs->rs_count = 0; - else - rs->rs_count -= len; -} - -static inline void -_rs_rekey(u_char *dat, size_t datlen) -{ -#ifndef KEYSTREAM_ONLY - memset(rsx->rs_buf, 0, sizeof(rsx->rs_buf)); -#endif - /* fill rs_buf with the keystream */ - chacha_encrypt_bytes(&rsx->rs_chacha, rsx->rs_buf, - rsx->rs_buf, sizeof(rsx->rs_buf)); - /* mix in optional user provided data */ - if (dat) { - size_t i, m; - - m = arc4_min(datlen, KEYSZ + IVSZ); - for (i = 0; i < m; i++) - rsx->rs_buf[i] ^= dat[i]; - } - /* immediately reinit for backtracking resistance */ - _rs_init(rsx->rs_buf, KEYSZ + IVSZ); - memset(rsx->rs_buf, 0, KEYSZ + IVSZ); - rs->rs_have = sizeof(rsx->rs_buf) - KEYSZ - IVSZ; -} - -static inline void -_rs_random_buf(void *_buf, size_t n) -{ - u_char *buf = (u_char *)_buf; - u_char *keystream; - size_t m; - - _rs_stir_if_needed(n); - while (n > 0) { - if (rs->rs_have > 0) { - m = arc4_min(n, rs->rs_have); - keystream = rsx->rs_buf + sizeof(rsx->rs_buf) - - rs->rs_have; - memcpy(buf, keystream, m); - memset(keystream, 0, m); - buf += m; - n -= m; - rs->rs_have -= m; - } - if (rs->rs_have == 0) - _rs_rekey(NULL, 0); - } -} - -static inline void -_rs_random_u32(uint32_t *val) -{ - u_char *keystream; - _rs_stir_if_needed(sizeof(*val)); - if (rs->rs_have < sizeof(*val)) - _rs_rekey(NULL, 0); - keystream = rsx->rs_buf + sizeof(rsx->rs_buf) - rs->rs_have; - memcpy(val, keystream, sizeof(*val)); - memset(keystream, 0, sizeof(*val)); - rs->rs_have -= sizeof(*val); -} - -uint32_t -arc4random(void) -{ - uint32_t val; - - _ARC4_LOCK(); - _rs_random_u32(&val); - _ARC4_UNLOCK(); - return val; -} - -void -arc4random_buf(void *buf, size_t n) -{ - _ARC4_LOCK(); - _rs_random_buf(buf, n); - _ARC4_UNLOCK(); -} diff --git a/external/unbound/compat/arc4random_uniform.c b/external/unbound/compat/arc4random_uniform.c deleted file mode 100644 index 154260ebd..000000000 --- a/external/unbound/compat/arc4random_uniform.c +++ /dev/null @@ -1,57 +0,0 @@ -/* $OpenBSD: arc4random_uniform.c,v 1.1 2014/07/12 13:24:54 deraadt Exp $ */ - -/* - * Copyright (c) 2008, Damien Miller - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR - * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN - * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF - * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ - -#include "config.h" -#include -#include - -/* - * Calculate a uniformly distributed random number less than upper_bound - * avoiding "modulo bias". - * - * Uniformity is achieved by generating new random numbers until the one - * returned is outside the range [0, 2**32 % upper_bound). This - * guarantees the selected random number will be inside - * [2**32 % upper_bound, 2**32) which maps back to [0, upper_bound) - * after reduction modulo upper_bound. - */ -uint32_t -arc4random_uniform(uint32_t upper_bound) -{ - uint32_t r, min; - - if (upper_bound < 2) - return 0; - - /* 2**32 % x == (2**32 - x) % x */ - min = -upper_bound % upper_bound; - - /* - * This could theoretically loop forever but each retry has - * p > 0.5 (worst case, usually far better) of selecting a - * number inside the range we need, so it should rarely need - * to re-roll. - */ - for (;;) { - r = arc4random(); - if (r >= min) - break; - } - - return r % upper_bound; -} diff --git a/external/unbound/compat/chacha_private.h b/external/unbound/compat/chacha_private.h deleted file mode 100644 index 192258c7f..000000000 --- a/external/unbound/compat/chacha_private.h +++ /dev/null @@ -1,222 +0,0 @@ -/* -chacha-merged.c version 20080118 -D. J. Bernstein -Public domain. -*/ - -/* $OpenBSD: chacha_private.h,v 1.2 2013/10/04 07:02:27 djm Exp $ */ - -typedef unsigned char u8; -typedef unsigned int u32; - -typedef struct -{ - u32 input[16]; /* could be compressed */ -} chacha_ctx; - -#define U8C(v) (v##U) -#define U32C(v) (v##U) - -#define U8V(v) ((u8)(v) & U8C(0xFF)) -#define U32V(v) ((u32)(v) & U32C(0xFFFFFFFF)) - -#define ROTL32(v, n) \ - (U32V((v) << (n)) | ((v) >> (32 - (n)))) - -#define U8TO32_LITTLE(p) \ - (((u32)((p)[0]) ) | \ - ((u32)((p)[1]) << 8) | \ - ((u32)((p)[2]) << 16) | \ - ((u32)((p)[3]) << 24)) - -#define U32TO8_LITTLE(p, v) \ - do { \ - (p)[0] = U8V((v) ); \ - (p)[1] = U8V((v) >> 8); \ - (p)[2] = U8V((v) >> 16); \ - (p)[3] = U8V((v) >> 24); \ - } while (0) - -#define ROTATE(v,c) (ROTL32(v,c)) -#define XOR(v,w) ((v) ^ (w)) -#define PLUS(v,w) (U32V((v) + (w))) -#define PLUSONE(v) (PLUS((v),1)) - -#define QUARTERROUND(a,b,c,d) \ - a = PLUS(a,b); d = ROTATE(XOR(d,a),16); \ - c = PLUS(c,d); b = ROTATE(XOR(b,c),12); \ - a = PLUS(a,b); d = ROTATE(XOR(d,a), 8); \ - c = PLUS(c,d); b = ROTATE(XOR(b,c), 7); - -static const char sigma[16] = "expand 32-byte k"; -static const char tau[16] = "expand 16-byte k"; - -static void -chacha_keysetup(chacha_ctx *x,const u8 *k,u32 kbits,u32 ATTR_UNUSED(ivbits)) -{ - const char *constants; - - x->input[4] = U8TO32_LITTLE(k + 0); - x->input[5] = U8TO32_LITTLE(k + 4); - x->input[6] = U8TO32_LITTLE(k + 8); - x->input[7] = U8TO32_LITTLE(k + 12); - if (kbits == 256) { /* recommended */ - k += 16; - constants = sigma; - } else { /* kbits == 128 */ - constants = tau; - } - x->input[8] = U8TO32_LITTLE(k + 0); - x->input[9] = U8TO32_LITTLE(k + 4); - x->input[10] = U8TO32_LITTLE(k + 8); - x->input[11] = U8TO32_LITTLE(k + 12); - x->input[0] = U8TO32_LITTLE(constants + 0); - x->input[1] = U8TO32_LITTLE(constants + 4); - x->input[2] = U8TO32_LITTLE(constants + 8); - x->input[3] = U8TO32_LITTLE(constants + 12); -} - -static void -chacha_ivsetup(chacha_ctx *x,const u8 *iv) -{ - x->input[12] = 0; - x->input[13] = 0; - x->input[14] = U8TO32_LITTLE(iv + 0); - x->input[15] = U8TO32_LITTLE(iv + 4); -} - -static void -chacha_encrypt_bytes(chacha_ctx *x,const u8 *m,u8 *c,u32 bytes) -{ - u32 x0, x1, x2, x3, x4, x5, x6, x7, x8, x9, x10, x11, x12, x13, x14, x15; - u32 j0, j1, j2, j3, j4, j5, j6, j7, j8, j9, j10, j11, j12, j13, j14, j15; - u8 *ctarget = NULL; - u8 tmp[64]; - u_int i; - - if (!bytes) return; - - j0 = x->input[0]; - j1 = x->input[1]; - j2 = x->input[2]; - j3 = x->input[3]; - j4 = x->input[4]; - j5 = x->input[5]; - j6 = x->input[6]; - j7 = x->input[7]; - j8 = x->input[8]; - j9 = x->input[9]; - j10 = x->input[10]; - j11 = x->input[11]; - j12 = x->input[12]; - j13 = x->input[13]; - j14 = x->input[14]; - j15 = x->input[15]; - - for (;;) { - if (bytes < 64) { - for (i = 0;i < bytes;++i) tmp[i] = m[i]; - m = tmp; - ctarget = c; - c = tmp; - } - x0 = j0; - x1 = j1; - x2 = j2; - x3 = j3; - x4 = j4; - x5 = j5; - x6 = j6; - x7 = j7; - x8 = j8; - x9 = j9; - x10 = j10; - x11 = j11; - x12 = j12; - x13 = j13; - x14 = j14; - x15 = j15; - for (i = 20;i > 0;i -= 2) { - QUARTERROUND( x0, x4, x8,x12) - QUARTERROUND( x1, x5, x9,x13) - QUARTERROUND( x2, x6,x10,x14) - QUARTERROUND( x3, x7,x11,x15) - QUARTERROUND( x0, x5,x10,x15) - QUARTERROUND( x1, x6,x11,x12) - QUARTERROUND( x2, x7, x8,x13) - QUARTERROUND( x3, x4, x9,x14) - } - x0 = PLUS(x0,j0); - x1 = PLUS(x1,j1); - x2 = PLUS(x2,j2); - x3 = PLUS(x3,j3); - x4 = PLUS(x4,j4); - x5 = PLUS(x5,j5); - x6 = PLUS(x6,j6); - x7 = PLUS(x7,j7); - x8 = PLUS(x8,j8); - x9 = PLUS(x9,j9); - x10 = PLUS(x10,j10); - x11 = PLUS(x11,j11); - x12 = PLUS(x12,j12); - x13 = PLUS(x13,j13); - x14 = PLUS(x14,j14); - x15 = PLUS(x15,j15); - -#ifndef KEYSTREAM_ONLY - x0 = XOR(x0,U8TO32_LITTLE(m + 0)); - x1 = XOR(x1,U8TO32_LITTLE(m + 4)); - x2 = XOR(x2,U8TO32_LITTLE(m + 8)); - x3 = XOR(x3,U8TO32_LITTLE(m + 12)); - x4 = XOR(x4,U8TO32_LITTLE(m + 16)); - x5 = XOR(x5,U8TO32_LITTLE(m + 20)); - x6 = XOR(x6,U8TO32_LITTLE(m + 24)); - x7 = XOR(x7,U8TO32_LITTLE(m + 28)); - x8 = XOR(x8,U8TO32_LITTLE(m + 32)); - x9 = XOR(x9,U8TO32_LITTLE(m + 36)); - x10 = XOR(x10,U8TO32_LITTLE(m + 40)); - x11 = XOR(x11,U8TO32_LITTLE(m + 44)); - x12 = XOR(x12,U8TO32_LITTLE(m + 48)); - x13 = XOR(x13,U8TO32_LITTLE(m + 52)); - x14 = XOR(x14,U8TO32_LITTLE(m + 56)); - x15 = XOR(x15,U8TO32_LITTLE(m + 60)); -#endif - - j12 = PLUSONE(j12); - if (!j12) { - j13 = PLUSONE(j13); - /* stopping at 2^70 bytes per nonce is user's responsibility */ - } - - U32TO8_LITTLE(c + 0,x0); - U32TO8_LITTLE(c + 4,x1); - U32TO8_LITTLE(c + 8,x2); - U32TO8_LITTLE(c + 12,x3); - U32TO8_LITTLE(c + 16,x4); - U32TO8_LITTLE(c + 20,x5); - U32TO8_LITTLE(c + 24,x6); - U32TO8_LITTLE(c + 28,x7); - U32TO8_LITTLE(c + 32,x8); - U32TO8_LITTLE(c + 36,x9); - U32TO8_LITTLE(c + 40,x10); - U32TO8_LITTLE(c + 44,x11); - U32TO8_LITTLE(c + 48,x12); - U32TO8_LITTLE(c + 52,x13); - U32TO8_LITTLE(c + 56,x14); - U32TO8_LITTLE(c + 60,x15); - - if (bytes <= 64) { - if (bytes < 64) { - for (i = 0;i < bytes;++i) ctarget[i] = c[i]; - } - x->input[12] = j12; - x->input[13] = j13; - return; - } - bytes -= 64; - c += 64; -#ifndef KEYSTREAM_ONLY - m += 64; -#endif - } -} diff --git a/external/unbound/compat/ctime_r.c b/external/unbound/compat/ctime_r.c deleted file mode 100644 index 87c2609a8..000000000 --- a/external/unbound/compat/ctime_r.c +++ /dev/null @@ -1,42 +0,0 @@ -/* taken from ldns 1.6.1 */ -#include "config.h" -#ifdef HAVE_TIME_H -#include -#endif -#include "util/locks.h" - -/** the lock for ctime buffer */ -static lock_basic_type ctime_lock; -/** has it been inited */ -static int ctime_r_init = 0; - -/** cleanup ctime_r on exit */ -static void -ctime_r_cleanup(void) -{ - if(ctime_r_init) { - ctime_r_init = 0; - lock_basic_destroy(&ctime_lock); - } -} - -char *ctime_r(const time_t *timep, char *buf) -{ - char* result; - if(!ctime_r_init) { - /* still small race where this init can be done twice, - * which is mostly harmless */ - ctime_r_init = 1; - lock_basic_init(&ctime_lock); - atexit(&ctime_r_cleanup); - } - lock_basic_lock(&ctime_lock); - result = ctime(timep); - if(buf && result) { - if(strlen(result) > 10 && result[7]==' ' && result[8]=='0') - result[8]=' '; /* fix error in windows ctime */ - strcpy(buf, result); - } - lock_basic_unlock(&ctime_lock); - return result; -} diff --git a/external/unbound/compat/explicit_bzero.c b/external/unbound/compat/explicit_bzero.c deleted file mode 100644 index 5f1c427c2..000000000 --- a/external/unbound/compat/explicit_bzero.c +++ /dev/null @@ -1,26 +0,0 @@ -/* $OpenBSD: explicit_bzero.c,v 1.3 2014/06/21 02:34:26 matthew Exp $ */ -/* - * Public domain. - * Written by Matthew Dempsky. - */ -#include "config.h" -#include - -#ifdef HAVE_ATTR_WEAK -__attribute__((weak)) void -#else -void -#endif -__explicit_bzero_hook(void *ATTR_UNUSED(buf), size_t ATTR_UNUSED(len)) -{ -} - -void -explicit_bzero(void *buf, size_t len) -{ -#ifdef UB_ON_WINDOWS - SecureZeroMemory(buf, len); -#endif - memset(buf, 0, len); - __explicit_bzero_hook(buf, len); -} diff --git a/external/unbound/compat/fake-rfc2553.c b/external/unbound/compat/fake-rfc2553.c deleted file mode 100644 index 0f0f34f1f..000000000 --- a/external/unbound/compat/fake-rfc2553.c +++ /dev/null @@ -1,225 +0,0 @@ -/* From openssh 4.3p2 filename openbsd-compat/fake-rfc2553.h */ -/* - * Copyright (C) 2000-2003 Damien Miller. All rights reserved. - * Copyright (C) 1999 WIDE Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. Neither the name of the project nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -/* - * Pseudo-implementation of RFC2553 name / address resolution functions - * - * But these functions are not implemented correctly. The minimum subset - * is implemented for ssh use only. For example, this routine assumes - * that ai_family is AF_INET. Don't use it for another purpose. - */ - -#include -#include -#include -#include -#include "compat/fake-rfc2553.h" - -#ifndef HAVE_GETNAMEINFO -int getnameinfo(const struct sockaddr *sa, size_t ATTR_UNUSED(salen), char *host, - size_t hostlen, char *serv, size_t servlen, int flags) -{ - struct sockaddr_in *sin = (struct sockaddr_in *)sa; - struct hostent *hp; - char tmpserv[16]; - - if (serv != NULL) { - snprintf(tmpserv, sizeof(tmpserv), "%d", ntohs(sin->sin_port)); - if (strlcpy(serv, tmpserv, servlen) >= servlen) - return (EAI_MEMORY); - } - - if (host != NULL) { - if (flags & NI_NUMERICHOST) { - if (strlcpy(host, inet_ntoa(sin->sin_addr), - hostlen) >= hostlen) - return (EAI_MEMORY); - else - return (0); - } else { - hp = gethostbyaddr((char *)&sin->sin_addr, - sizeof(struct in_addr), AF_INET); - if (hp == NULL) - return (EAI_NODATA); - - if (strlcpy(host, hp->h_name, hostlen) >= hostlen) - return (EAI_MEMORY); - else - return (0); - } - } - return (0); -} -#endif /* !HAVE_GETNAMEINFO */ - -#ifndef HAVE_GAI_STRERROR -#ifdef HAVE_CONST_GAI_STRERROR_PROTO -const char * -#else -char * -#endif -gai_strerror(int err) -{ - switch (err) { - case EAI_NODATA: - return ("no address associated with name"); - case EAI_MEMORY: - return ("memory allocation failure."); - case EAI_NONAME: - return ("nodename nor servname provided, or not known"); - default: - return ("unknown/invalid error."); - } -} -#endif /* !HAVE_GAI_STRERROR */ - -#ifndef HAVE_FREEADDRINFO -void -freeaddrinfo(struct addrinfo *ai) -{ - struct addrinfo *next; - - for(; ai != NULL;) { - next = ai->ai_next; - free(ai); - ai = next; - } -} -#endif /* !HAVE_FREEADDRINFO */ - -#ifndef HAVE_GETADDRINFO -static struct -addrinfo *malloc_ai(int port, u_long addr, const struct addrinfo *hints) -{ - struct addrinfo *ai; - - ai = calloc(1, sizeof(*ai) + sizeof(struct sockaddr_in)); - if (ai == NULL) - return (NULL); - - ai->ai_addr = (struct sockaddr *)(ai + 1); - /* XXX -- ssh doesn't use sa_len */ - ai->ai_addrlen = sizeof(struct sockaddr_in); - ai->ai_addr->sa_family = ai->ai_family = AF_INET; - - ((struct sockaddr_in *)(ai)->ai_addr)->sin_port = port; - ((struct sockaddr_in *)(ai)->ai_addr)->sin_addr.s_addr = addr; - - /* XXX: the following is not generally correct, but does what we want */ - if (hints->ai_socktype) - ai->ai_socktype = hints->ai_socktype; - else - ai->ai_socktype = SOCK_STREAM; - - if (hints->ai_protocol) - ai->ai_protocol = hints->ai_protocol; - - return (ai); -} - -int -getaddrinfo(const char *hostname, const char *servname, - const struct addrinfo *hints, struct addrinfo **res) -{ - struct hostent *hp; - struct servent *sp; - struct in_addr in; - int i; - long int port; - u_long addr; - - port = 0; - if (servname != NULL) { - char *cp; - - port = strtol(servname, &cp, 10); - if (port > 0 && port <= 65535 && *cp == '\0') - port = htons(port); - else if ((sp = getservbyname(servname, NULL)) != NULL) - port = sp->s_port; - else - port = 0; - } - - if (hints && hints->ai_flags & AI_PASSIVE) { - addr = htonl(0x00000000); - if (hostname && inet_aton(hostname, &in) != 0) - addr = in.s_addr; - *res = malloc_ai(port, addr, hints); - if (*res == NULL) - return (EAI_MEMORY); - return (0); - } - - if (!hostname) { - *res = malloc_ai(port, htonl(0x7f000001), hints); - if (*res == NULL) - return (EAI_MEMORY); - return (0); - } - - if (inet_aton(hostname, &in)) { - *res = malloc_ai(port, in.s_addr, hints); - if (*res == NULL) - return (EAI_MEMORY); - return (0); - } - - /* Don't try DNS if AI_NUMERICHOST is set */ - if (hints && hints->ai_flags & AI_NUMERICHOST) - return (EAI_NONAME); - - hp = gethostbyname(hostname); - if (hp && hp->h_name && hp->h_name[0] && hp->h_addr_list[0]) { - struct addrinfo *cur, *prev; - - cur = prev = *res = NULL; - for (i = 0; hp->h_addr_list[i]; i++) { - struct in_addr *in = (struct in_addr *)hp->h_addr_list[i]; - - cur = malloc_ai(port, in->s_addr, hints); - if (cur == NULL) { - if (*res != NULL) - freeaddrinfo(*res); - return (EAI_MEMORY); - } - if (prev) - prev->ai_next = cur; - else - *res = cur; - - prev = cur; - } - return (0); - } - - return (EAI_NODATA); -} -#endif /* !HAVE_GETADDRINFO */ diff --git a/external/unbound/compat/fake-rfc2553.h b/external/unbound/compat/fake-rfc2553.h deleted file mode 100644 index 466c0e663..000000000 --- a/external/unbound/compat/fake-rfc2553.h +++ /dev/null @@ -1,174 +0,0 @@ -/* From openssh 4.3p2 filename openbsd-compat/fake-rfc2553.h */ -/* - * Copyright (C) 2000-2003 Damien Miller. All rights reserved. - * Copyright (C) 1999 WIDE Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. Neither the name of the project nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -/* - * Pseudo-implementation of RFC2553 name / address resolution functions - * - * But these functions are not implemented correctly. The minimum subset - * is implemented for ssh use only. For example, this routine assumes - * that ai_family is AF_INET. Don't use it for another purpose. - */ - -#ifndef _FAKE_RFC2553_H -#define _FAKE_RFC2553_H - -#include -#include -#include -#include -#include - -/* - * First, socket and INET6 related definitions - */ -#ifndef HAVE_STRUCT_SOCKADDR_STORAGE -# define _SS_MAXSIZE 128 /* Implementation specific max size */ -# define _SS_PADSIZE (_SS_MAXSIZE - sizeof (struct sockaddr)) -struct sockaddr_storage { - struct sockaddr ss_sa; - char __ss_pad2[_SS_PADSIZE]; -}; -# define ss_family ss_sa.sa_family -#endif /* !HAVE_STRUCT_SOCKADDR_STORAGE */ - -#ifndef IN6_IS_ADDR_LOOPBACK -# define IN6_IS_ADDR_LOOPBACK(a) \ - (((uint32_t *)(a))[0] == 0 && ((uint32_t *)(a))[1] == 0 && \ - ((uint32_t *)(a))[2] == 0 && ((uint32_t *)(a))[3] == htonl(1)) -#endif /* !IN6_IS_ADDR_LOOPBACK */ - -#ifndef HAVE_STRUCT_IN6_ADDR -struct in6_addr { - uint8_t s6_addr[16]; -}; -#endif /* !HAVE_STRUCT_IN6_ADDR */ - -#ifndef HAVE_STRUCT_SOCKADDR_IN6 -struct sockaddr_in6 { - unsigned short sin6_family; - uint16_t sin6_port; - uint32_t sin6_flowinfo; - struct in6_addr sin6_addr; -}; -#endif /* !HAVE_STRUCT_SOCKADDR_IN6 */ - -#ifndef AF_INET6 -/* Define it to something that should never appear */ -#define AF_INET6 AF_MAX -#endif - -/* - * Next, RFC2553 name / address resolution API - */ - -#ifndef NI_NUMERICHOST -# define NI_NUMERICHOST (1) -#endif -#ifndef NI_NAMEREQD -# define NI_NAMEREQD (1<<1) -#endif -#ifndef NI_NUMERICSERV -# define NI_NUMERICSERV (1<<2) -#endif - -#ifndef AI_PASSIVE -# define AI_PASSIVE (1) -#endif -#ifndef AI_CANONNAME -# define AI_CANONNAME (1<<1) -#endif -#ifndef AI_NUMERICHOST -# define AI_NUMERICHOST (1<<2) -#endif - -#ifndef NI_MAXSERV -# define NI_MAXSERV 32 -#endif /* !NI_MAXSERV */ -#ifndef NI_MAXHOST -# define NI_MAXHOST 1025 -#endif /* !NI_MAXHOST */ - -#ifndef INT_MAX -#define INT_MAX 0xffffffff -#endif - -#ifndef EAI_NODATA -# define EAI_NODATA (INT_MAX - 1) -#endif -#ifndef EAI_MEMORY -# define EAI_MEMORY (INT_MAX - 2) -#endif -#ifndef EAI_NONAME -# define EAI_NONAME (INT_MAX - 3) -#endif -#ifndef EAI_SYSTEM -# define EAI_SYSTEM (INT_MAX - 4) -#endif - -#ifndef HAVE_STRUCT_ADDRINFO -struct addrinfo { - int ai_flags; /* AI_PASSIVE, AI_CANONNAME */ - int ai_family; /* PF_xxx */ - int ai_socktype; /* SOCK_xxx */ - int ai_protocol; /* 0 or IPPROTO_xxx for IPv4 and IPv6 */ - size_t ai_addrlen; /* length of ai_addr */ - char *ai_canonname; /* canonical name for hostname */ - struct sockaddr *ai_addr; /* binary address */ - struct addrinfo *ai_next; /* next structure in linked list */ -}; -#endif /* !HAVE_STRUCT_ADDRINFO */ - -#ifndef HAVE_GETADDRINFO -#ifdef getaddrinfo -# undef getaddrinfo -#endif -#define getaddrinfo(a,b,c,d) (getaddrinfo_unbound(a,b,c,d)) -int getaddrinfo(const char *, const char *, - const struct addrinfo *, struct addrinfo **); -#endif /* !HAVE_GETADDRINFO */ - -#if !defined(HAVE_GAI_STRERROR) && !defined(HAVE_CONST_GAI_STRERROR_PROTO) -#define gai_strerror(a) (gai_strerror_unbound(a)) -char *gai_strerror(int); -#endif /* !HAVE_GAI_STRERROR */ - -#ifndef HAVE_FREEADDRINFO -#define freeaddrinfo(a) (freeaddrinfo_unbound(a)) -void freeaddrinfo(struct addrinfo *); -#endif /* !HAVE_FREEADDRINFO */ - -#ifndef HAVE_GETNAMEINFO -#define getnameinfo(a,b,c,d,e,f,g) (getnameinfo_unbound(a,b,c,d,e,f,g)) -int getnameinfo(const struct sockaddr *, size_t, char *, size_t, - char *, size_t, int); -#endif /* !HAVE_GETNAMEINFO */ - -#endif /* !_FAKE_RFC2553_H */ - diff --git a/external/unbound/compat/getentropy_linux.c b/external/unbound/compat/getentropy_linux.c deleted file mode 100644 index cae18e03b..000000000 --- a/external/unbound/compat/getentropy_linux.c +++ /dev/null @@ -1,566 +0,0 @@ -/* $OpenBSD: getentropy_linux.c,v 1.20 2014/07/12 15:43:49 beck Exp $ */ - -/* - * Copyright (c) 2014 Theo de Raadt - * Copyright (c) 2014 Bob Beck - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR - * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN - * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF - * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ -#include "config.h" - -/* -#define _POSIX_C_SOURCE 199309L -#define _GNU_SOURCE 1 -*/ -#include -#include -#include -#include -#include -#ifdef HAVE_SYS_SYSCTL_H -#include -#endif -#ifdef __ANDROID__ -#include -#define statvfs statfs -#define fstatvfs fstatfs -#else -#include -#endif -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include - -#if defined(HAVE_SSL) -#include -#elif defined(HAVE_NETTLE) -#include -#endif - -#include -#include -#include -#ifdef HAVE_GETAUXVAL -#include -#endif -#include -#ifndef MAP_ANON -#define MAP_ANON MAP_ANONYMOUS -#endif - -#define REPEAT 5 -#define min(a, b) (((a) < (b)) ? (a) : (b)) - -#define HX(a, b) \ - do { \ - if ((a)) \ - HD(errno); \ - else \ - HD(b); \ - } while (0) - -#if defined(HAVE_SSL) -#define CRYPTO_SHA512_CTX SHA512_CTX -#define CRYPTO_SHA512_INIT(x) SHA512_Init(x) -#define CRYPTO_SHA512_FINAL(r, c) SHA512_Final(r, c) -#define HR(x, l) (SHA512_Update(&ctx, (char *)(x), (l))) -#define HD(x) (SHA512_Update(&ctx, (char *)&(x), sizeof (x))) -#define HF(x) (SHA512_Update(&ctx, (char *)&(x), sizeof (void*))) -#elif defined(HAVE_NETTLE) -#define CRYPTO_SHA512_CTX struct sha512_ctx -#define CRYPTO_SHA512_INIT(x) sha512_init(x) -#define CRYPTO_SHA512_FINAL(r, c) sha512_digest(c, SHA512_DIGEST_SIZE, r) -#define HR(x, l) (sha512_update(&ctx, (l), (uint8_t *)(x))) -#define HD(x) (sha512_update(&ctx, sizeof (x), (uint8_t *)&(x))) -#define HF(x) (sha512_update(&ctx, sizeof (void*), (uint8_t *)&(x))) -#endif - -int getentropy(void *buf, size_t len); - -#ifdef CAN_REFERENCE_MAIN -extern int main(int, char *argv[]); -#endif -static int gotdata(char *buf, size_t len); -#if defined(SYS_getrandom) && defined(__NR_getrandom) -static int getentropy_getrandom(void *buf, size_t len); -#endif -static int getentropy_urandom(void *buf, size_t len); -#ifdef SYS__sysctl -static int getentropy_sysctl(void *buf, size_t len); -#endif -static int getentropy_fallback(void *buf, size_t len); - -int -getentropy(void *buf, size_t len) -{ - int ret = -1; - - if (len > 256) { - errno = EIO; - return -1; - } - -#if defined(SYS_getrandom) && defined(__NR_getrandom) - /* - * Try descriptor-less getrandom() - */ - ret = getentropy_getrandom(buf, len); - if (ret != -1) - return (ret); - if (errno != ENOSYS) - return (-1); -#endif - - /* - * Try to get entropy with /dev/urandom - * - * This can fail if the process is inside a chroot or if file - * descriptors are exhausted. - */ - ret = getentropy_urandom(buf, len); - if (ret != -1) - return (ret); - -#ifdef SYS__sysctl - /* - * Try to use sysctl CTL_KERN, KERN_RANDOM, RANDOM_UUID. - * sysctl is a failsafe API, so it guarantees a result. This - * should work inside a chroot, or when file descriptors are - * exhausted. - * - * However this can fail if the Linux kernel removes support - * for sysctl. Starting in 2007, there have been efforts to - * deprecate the sysctl API/ABI, and push callers towards use - * of the chroot-unavailable fd-using /proc mechanism -- - * essentially the same problems as /dev/urandom. - * - * Numerous setbacks have been encountered in their deprecation - * schedule, so as of June 2014 the kernel ABI still exists on - * most Linux architectures. The sysctl() stub in libc is missing - * on some systems. There are also reports that some kernels - * spew messages to the console. - */ - ret = getentropy_sysctl(buf, len); - if (ret != -1) - return (ret); -#endif /* SYS__sysctl */ - - /* - * Entropy collection via /dev/urandom and sysctl have failed. - * - * No other API exists for collecting entropy. See the large - * comment block above. - * - * We have very few options: - * - Even syslog_r is unsafe to call at this low level, so - * there is no way to alert the user or program. - * - Cannot call abort() because some systems have unsafe - * corefiles. - * - Could raise(SIGKILL) resulting in silent program termination. - * - Return EIO, to hint that arc4random's stir function - * should raise(SIGKILL) - * - Do the best under the circumstances.... - * - * This code path exists to bring light to the issue that Linux - * does not provide a failsafe API for entropy collection. - * - * We hope this demonstrates that Linux should either retain their - * sysctl ABI, or consider providing a new failsafe API which - * works in a chroot or when file descriptors are exhausted. - */ -#undef FAIL_INSTEAD_OF_TRYING_FALLBACK -#ifdef FAIL_INSTEAD_OF_TRYING_FALLBACK - raise(SIGKILL); -#endif - ret = getentropy_fallback(buf, len); - if (ret != -1) - return (ret); - - errno = EIO; - return (ret); -} - -/* - * Basic sanity checking; wish we could do better. - */ -static int -gotdata(char *buf, size_t len) -{ - char any_set = 0; - size_t i; - - for (i = 0; i < len; ++i) - any_set |= buf[i]; - if (any_set == 0) - return -1; - return 0; -} - -#if defined(SYS_getrandom) && defined(__NR_getrandom) -static int -getentropy_getrandom(void *buf, size_t len) -{ - int pre_errno = errno; - int ret; - if (len > 256) - return (-1); - do { - ret = syscall(SYS_getrandom, buf, len, 0); - } while (ret == -1 && errno == EINTR); - - if (ret != (int)len) - return (-1); - errno = pre_errno; - return (0); -} -#endif - -static int -getentropy_urandom(void *buf, size_t len) -{ - struct stat st; - size_t i; - int fd, cnt, flags; - int save_errno = errno; - -start: - - flags = O_RDONLY; -#ifdef O_NOFOLLOW - flags |= O_NOFOLLOW; -#endif -#ifdef O_CLOEXEC - flags |= O_CLOEXEC; -#endif - fd = open("/dev/urandom", flags, 0); - if (fd == -1) { - if (errno == EINTR) - goto start; - goto nodevrandom; - } -#ifndef O_CLOEXEC - fcntl(fd, F_SETFD, fcntl(fd, F_GETFD) | FD_CLOEXEC); -#endif - - /* Lightly verify that the device node looks sane */ - if (fstat(fd, &st) == -1 || !S_ISCHR(st.st_mode)) { - close(fd); - goto nodevrandom; - } - if (ioctl(fd, RNDGETENTCNT, &cnt) == -1) { - close(fd); - goto nodevrandom; - } - for (i = 0; i < len; ) { - size_t wanted = len - i; - ssize_t ret = read(fd, (char*)buf + i, wanted); - - if (ret == -1) { - if (errno == EAGAIN || errno == EINTR) - continue; - close(fd); - goto nodevrandom; - } - i += ret; - } - close(fd); - if (gotdata(buf, len) == 0) { - errno = save_errno; - return 0; /* satisfied */ - } -nodevrandom: - errno = EIO; - return -1; -} - -#ifdef SYS__sysctl -static int -getentropy_sysctl(void *buf, size_t len) -{ - static int mib[] = { CTL_KERN, KERN_RANDOM, RANDOM_UUID }; - size_t i; - int save_errno = errno; - - for (i = 0; i < len; ) { - size_t chunk = min(len - i, 16); - - /* SYS__sysctl because some systems already removed sysctl() */ - struct __sysctl_args args = { - .name = mib, - .nlen = 3, - .oldval = (char *)buf + i, - .oldlenp = &chunk, - }; - if (syscall(SYS__sysctl, &args) != 0) - goto sysctlfailed; - i += chunk; - } - if (gotdata(buf, len) == 0) { - errno = save_errno; - return (0); /* satisfied */ - } -sysctlfailed: - errno = EIO; - return -1; -} -#endif /* SYS__sysctl */ - -static int cl[] = { - CLOCK_REALTIME, -#ifdef CLOCK_MONOTONIC - CLOCK_MONOTONIC, -#endif -#ifdef CLOCK_MONOTONIC_RAW - CLOCK_MONOTONIC_RAW, -#endif -#ifdef CLOCK_TAI - CLOCK_TAI, -#endif -#ifdef CLOCK_VIRTUAL - CLOCK_VIRTUAL, -#endif -#ifdef CLOCK_UPTIME - CLOCK_UPTIME, -#endif -#ifdef CLOCK_PROCESS_CPUTIME_ID - CLOCK_PROCESS_CPUTIME_ID, -#endif -#ifdef CLOCK_THREAD_CPUTIME_ID - CLOCK_THREAD_CPUTIME_ID, -#endif -}; - -static int -getentropy_fallback(void *buf, size_t len) -{ - uint8_t results[SHA512_DIGEST_LENGTH]; - int save_errno = errno, e, pgs = getpagesize(), faster = 0, repeat; - static int cnt; - struct timespec ts; - struct timeval tv; - struct rusage ru; - sigset_t sigset; - struct stat st; - CRYPTO_SHA512_CTX ctx; - static pid_t lastpid; - pid_t pid; - size_t i, ii, m; - char *p; - - pid = getpid(); - if (lastpid == pid) { - faster = 1; - repeat = 2; - } else { - faster = 0; - lastpid = pid; - repeat = REPEAT; - } - for (i = 0; i < len; ) { - int j; - CRYPTO_SHA512_INIT(&ctx); - for (j = 0; j < repeat; j++) { - HX((e = gettimeofday(&tv, NULL)) == -1, tv); - if (e != -1) { - cnt += (int)tv.tv_sec; - cnt += (int)tv.tv_usec; - } - - for (ii = 0; ii < sizeof(cl)/sizeof(cl[0]); ii++) - HX(clock_gettime(cl[ii], &ts) == -1, ts); - - HX((pid = getpid()) == -1, pid); - HX((pid = getsid(pid)) == -1, pid); - HX((pid = getppid()) == -1, pid); - HX((pid = getpgid(0)) == -1, pid); - HX((e = getpriority(0, 0)) == -1, e); - - if (!faster) { - ts.tv_sec = 0; - ts.tv_nsec = 1; - (void) nanosleep(&ts, NULL); - } - - HX(sigpending(&sigset) == -1, sigset); - HX(sigprocmask(SIG_BLOCK, NULL, &sigset) == -1, - sigset); - -#ifdef CAN_REFERENCE_MAIN - HF(main); /* an addr in program */ -#endif - HF(getentropy); /* an addr in this library */ - HF(printf); /* an addr in libc */ - p = (char *)&p; - HD(p); /* an addr on stack */ - p = (char *)&errno; - HD(p); /* the addr of errno */ - - if (i == 0) { - struct sockaddr_storage ss; - struct statvfs stvfs; - struct termios tios; - struct statfs stfs; - socklen_t ssl; - off_t off; - - /* - * Prime-sized mappings encourage fragmentation; - * thus exposing some address entropy. - */ - struct mm { - size_t npg; - void *p; - } mm[] = { - { 17, MAP_FAILED }, { 3, MAP_FAILED }, - { 11, MAP_FAILED }, { 2, MAP_FAILED }, - { 5, MAP_FAILED }, { 3, MAP_FAILED }, - { 7, MAP_FAILED }, { 1, MAP_FAILED }, - { 57, MAP_FAILED }, { 3, MAP_FAILED }, - { 131, MAP_FAILED }, { 1, MAP_FAILED }, - }; - - for (m = 0; m < sizeof mm/sizeof(mm[0]); m++) { - HX(mm[m].p = mmap(NULL, - mm[m].npg * pgs, - PROT_READ|PROT_WRITE, - MAP_PRIVATE|MAP_ANON, -1, - (off_t)0), mm[m].p); - if (mm[m].p != MAP_FAILED) { - size_t mo; - - /* Touch some memory... */ - p = mm[m].p; - mo = cnt % - (mm[m].npg * pgs - 1); - p[mo] = 1; - cnt += (int)((long)(mm[m].p) - / pgs); - } - - /* Check cnts and times... */ - for (ii = 0; ii < sizeof(cl)/sizeof(cl[0]); - ii++) { - HX((e = clock_gettime(cl[ii], - &ts)) == -1, ts); - if (e != -1) - cnt += (int)ts.tv_nsec; - } - - HX((e = getrusage(RUSAGE_SELF, - &ru)) == -1, ru); - if (e != -1) { - cnt += (int)ru.ru_utime.tv_sec; - cnt += (int)ru.ru_utime.tv_usec; - } - } - - for (m = 0; m < sizeof mm/sizeof(mm[0]); m++) { - if (mm[m].p != MAP_FAILED) - munmap(mm[m].p, mm[m].npg * pgs); - mm[m].p = MAP_FAILED; - } - - HX(stat(".", &st) == -1, st); - HX(statvfs(".", &stvfs) == -1, stvfs); - HX(statfs(".", &stfs) == -1, stfs); - - HX(stat("/", &st) == -1, st); - HX(statvfs("/", &stvfs) == -1, stvfs); - HX(statfs("/", &stfs) == -1, stfs); - - HX((e = fstat(0, &st)) == -1, st); - if (e == -1) { - if (S_ISREG(st.st_mode) || - S_ISFIFO(st.st_mode) || - S_ISSOCK(st.st_mode)) { - HX(fstatvfs(0, &stvfs) == -1, - stvfs); - HX(fstatfs(0, &stfs) == -1, - stfs); - HX((off = lseek(0, (off_t)0, - SEEK_CUR)) < 0, off); - } - if (S_ISCHR(st.st_mode)) { - HX(tcgetattr(0, &tios) == -1, - tios); - } else if (S_ISSOCK(st.st_mode)) { - memset(&ss, 0, sizeof ss); - ssl = sizeof(ss); - HX(getpeername(0, - (void *)&ss, &ssl) == -1, - ss); - } - } - - HX((e = getrusage(RUSAGE_CHILDREN, - &ru)) == -1, ru); - if (e != -1) { - cnt += (int)ru.ru_utime.tv_sec; - cnt += (int)ru.ru_utime.tv_usec; - } - } else { - /* Subsequent hashes absorb previous result */ - HD(results); - } - - HX((e = gettimeofday(&tv, NULL)) == -1, tv); - if (e != -1) { - cnt += (int)tv.tv_sec; - cnt += (int)tv.tv_usec; - } - - HD(cnt); - } -#ifdef HAVE_GETAUXVAL -# ifdef AT_RANDOM - /* Not as random as you think but we take what we are given */ - p = (char *) getauxval(AT_RANDOM); - if (p) - HR(p, 16); -# endif -# ifdef AT_SYSINFO_EHDR - p = (char *) getauxval(AT_SYSINFO_EHDR); - if (p) - HR(p, pgs); -# endif -# ifdef AT_BASE - p = (char *) getauxval(AT_BASE); - if (p) - HD(p); -# endif -#endif /* HAVE_GETAUXVAL */ - - CRYPTO_SHA512_FINAL(results, &ctx); - memcpy((char*)buf + i, results, min(sizeof(results), len - i)); - i += min(sizeof(results), len - i); - } - memset(results, 0, sizeof results); - if (gotdata(buf, len) == 0) { - errno = save_errno; - return 0; /* satisfied */ - } - errno = EIO; - return -1; -} diff --git a/external/unbound/compat/getentropy_osx.c b/external/unbound/compat/getentropy_osx.c deleted file mode 100644 index d5a64ab36..000000000 --- a/external/unbound/compat/getentropy_osx.c +++ /dev/null @@ -1,432 +0,0 @@ -/* $OpenBSD: getentropy_osx.c,v 1.3 2014/07/12 14:48:00 deraadt Exp $ */ - -/* - * Copyright (c) 2014 Theo de Raadt - * Copyright (c) 2014 Bob Beck - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR - * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN - * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF - * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ -#include "config.h" - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#define SHA512_Update(a, b, c) (CC_SHA512_Update((a), (b), (c))) -#define SHA512_Init(xxx) (CC_SHA512_Init((xxx))) -#define SHA512_Final(xxx, yyy) (CC_SHA512_Final((xxx), (yyy))) -#define SHA512_CTX CC_SHA512_CTX -#define SHA512_DIGEST_LENGTH CC_SHA512_DIGEST_LENGTH - -#define REPEAT 5 -#define min(a, b) (((a) < (b)) ? (a) : (b)) - -#define HX(a, b) \ - do { \ - if ((a)) \ - HD(errno); \ - else \ - HD(b); \ - } while (0) - -#define HR(x, l) (SHA512_Update(&ctx, (char *)(x), (l))) -#define HD(x) (SHA512_Update(&ctx, (char *)&(x), sizeof (x))) -#define HF(x) (SHA512_Update(&ctx, (char *)&(x), sizeof (void*))) - -int getentropy(void *buf, size_t len); - -#ifdef CAN_REFERENCE_MAIN -extern int main(int, char *argv[]); -#endif -static int gotdata(char *buf, size_t len); -static int getentropy_urandom(void *buf, size_t len); -static int getentropy_fallback(void *buf, size_t len); - -int -getentropy(void *buf, size_t len) -{ - int ret = -1; - - if (len > 256) { - errno = EIO; - return -1; - } - - /* - * Try to get entropy with /dev/urandom - * - * This can fail if the process is inside a chroot or if file - * descriptors are exhausted. - */ - ret = getentropy_urandom(buf, len); - if (ret != -1) - return (ret); - - /* - * Entropy collection via /dev/urandom and sysctl have failed. - * - * No other API exists for collecting entropy, and we have - * no failsafe way to get it on OSX that is not sensitive - * to resource exhaustion. - * - * We have very few options: - * - Even syslog_r is unsafe to call at this low level, so - * there is no way to alert the user or program. - * - Cannot call abort() because some systems have unsafe - * corefiles. - * - Could raise(SIGKILL) resulting in silent program termination. - * - Return EIO, to hint that arc4random's stir function - * should raise(SIGKILL) - * - Do the best under the circumstances.... - * - * This code path exists to bring light to the issue that OSX - * does not provide a failsafe API for entropy collection. - * - * We hope this demonstrates that OSX should consider - * providing a new failsafe API which works in a chroot or - * when file descriptors are exhausted. - */ -#undef FAIL_INSTEAD_OF_TRYING_FALLBACK -#ifdef FAIL_INSTEAD_OF_TRYING_FALLBACK - raise(SIGKILL); -#endif - ret = getentropy_fallback(buf, len); - if (ret != -1) - return (ret); - - errno = EIO; - return (ret); -} - -/* - * Basic sanity checking; wish we could do better. - */ -static int -gotdata(char *buf, size_t len) -{ - char any_set = 0; - size_t i; - - for (i = 0; i < len; ++i) - any_set |= buf[i]; - if (any_set == 0) - return -1; - return 0; -} - -static int -getentropy_urandom(void *buf, size_t len) -{ - struct stat st; - size_t i; - int fd, flags; - int save_errno = errno; - -start: - - flags = O_RDONLY; -#ifdef O_NOFOLLOW - flags |= O_NOFOLLOW; -#endif -#ifdef O_CLOEXEC - flags |= O_CLOEXEC; -#endif - fd = open("/dev/urandom", flags, 0); - if (fd == -1) { - if (errno == EINTR) - goto start; - goto nodevrandom; - } -#ifndef O_CLOEXEC - fcntl(fd, F_SETFD, fcntl(fd, F_GETFD) | FD_CLOEXEC); -#endif - - /* Lightly verify that the device node looks sane */ - if (fstat(fd, &st) == -1 || !S_ISCHR(st.st_mode)) { - close(fd); - goto nodevrandom; - } - for (i = 0; i < len; ) { - size_t wanted = len - i; - ssize_t ret = read(fd, (char*)buf + i, wanted); - - if (ret == -1) { - if (errno == EAGAIN || errno == EINTR) - continue; - close(fd); - goto nodevrandom; - } - i += ret; - } - close(fd); - if (gotdata(buf, len) == 0) { - errno = save_errno; - return 0; /* satisfied */ - } -nodevrandom: - errno = EIO; - return -1; -} - -static int tcpmib[] = { CTL_NET, AF_INET, IPPROTO_TCP, TCPCTL_STATS }; -static int udpmib[] = { CTL_NET, AF_INET, IPPROTO_UDP, UDPCTL_STATS }; -static int ipmib[] = { CTL_NET, AF_INET, IPPROTO_IP, IPCTL_STATS }; -static int kmib[] = { CTL_KERN, KERN_USRSTACK }; -static int hwmib[] = { CTL_HW, HW_USERMEM }; - -static int -getentropy_fallback(void *buf, size_t len) -{ - uint8_t results[SHA512_DIGEST_LENGTH]; - int save_errno = errno, e, pgs = getpagesize(), faster = 0, repeat; - static int cnt; - struct timespec ts; - struct timeval tv; - struct rusage ru; - sigset_t sigset; - struct stat st; - SHA512_CTX ctx; - static pid_t lastpid; - pid_t pid; - size_t i, ii, m; - char *p; - struct tcpstat tcpstat; - struct udpstat udpstat; - struct ipstat ipstat; - u_int64_t mach_time; - unsigned int idata; - void *addr; - - pid = getpid(); - if (lastpid == pid) { - faster = 1; - repeat = 2; - } else { - faster = 0; - lastpid = pid; - repeat = REPEAT; - } - for (i = 0; i < len; ) { - int j; - SHA512_Init(&ctx); - for (j = 0; j < repeat; j++) { - HX((e = gettimeofday(&tv, NULL)) == -1, tv); - if (e != -1) { - cnt += (int)tv.tv_sec; - cnt += (int)tv.tv_usec; - } - - mach_time = mach_absolute_time(); - HD(mach_time); - - ii = sizeof(addr); - HX(sysctl(kmib, sizeof(kmib) / sizeof(kmib[0]), - &addr, &ii, NULL, 0) == -1, addr); - - ii = sizeof(idata); - HX(sysctl(hwmib, sizeof(hwmib) / sizeof(hwmib[0]), - &idata, &ii, NULL, 0) == -1, idata); - - ii = sizeof(tcpstat); - HX(sysctl(tcpmib, sizeof(tcpmib) / sizeof(tcpmib[0]), - &tcpstat, &ii, NULL, 0) == -1, tcpstat); - - ii = sizeof(udpstat); - HX(sysctl(udpmib, sizeof(udpmib) / sizeof(udpmib[0]), - &udpstat, &ii, NULL, 0) == -1, udpstat); - - ii = sizeof(ipstat); - HX(sysctl(ipmib, sizeof(ipmib) / sizeof(ipmib[0]), - &ipstat, &ii, NULL, 0) == -1, ipstat); - - HX((pid = getpid()) == -1, pid); - HX((pid = getsid(pid)) == -1, pid); - HX((pid = getppid()) == -1, pid); - HX((pid = getpgid(0)) == -1, pid); - HX((e = getpriority(0, 0)) == -1, e); - - if (!faster) { - ts.tv_sec = 0; - ts.tv_nsec = 1; - (void) nanosleep(&ts, NULL); - } - - HX(sigpending(&sigset) == -1, sigset); - HX(sigprocmask(SIG_BLOCK, NULL, &sigset) == -1, - sigset); - -#ifdef CAN_REFERENCE_MAIN - HF(main); /* an addr in program */ -#endif - HF(getentropy); /* an addr in this library */ - HF(printf); /* an addr in libc */ - p = (char *)&p; - HD(p); /* an addr on stack */ - p = (char *)&errno; - HD(p); /* the addr of errno */ - - if (i == 0) { - struct sockaddr_storage ss; - struct statvfs stvfs; - struct termios tios; - struct statfs stfs; - socklen_t ssl; - off_t off; - - /* - * Prime-sized mappings encourage fragmentation; - * thus exposing some address entropy. - */ - struct mm { - size_t npg; - void *p; - } mm[] = { - { 17, MAP_FAILED }, { 3, MAP_FAILED }, - { 11, MAP_FAILED }, { 2, MAP_FAILED }, - { 5, MAP_FAILED }, { 3, MAP_FAILED }, - { 7, MAP_FAILED }, { 1, MAP_FAILED }, - { 57, MAP_FAILED }, { 3, MAP_FAILED }, - { 131, MAP_FAILED }, { 1, MAP_FAILED }, - }; - - for (m = 0; m < sizeof mm/sizeof(mm[0]); m++) { - HX(mm[m].p = mmap(NULL, - mm[m].npg * pgs, - PROT_READ|PROT_WRITE, - MAP_PRIVATE|MAP_ANON, -1, - (off_t)0), mm[m].p); - if (mm[m].p != MAP_FAILED) { - size_t mo; - - /* Touch some memory... */ - p = mm[m].p; - mo = cnt % - (mm[m].npg * pgs - 1); - p[mo] = 1; - cnt += (int)((long)(mm[m].p) - / pgs); - } - - /* Check cnts and times... */ - mach_time = mach_absolute_time(); - HD(mach_time); - cnt += (int)mach_time; - - HX((e = getrusage(RUSAGE_SELF, - &ru)) == -1, ru); - if (e != -1) { - cnt += (int)ru.ru_utime.tv_sec; - cnt += (int)ru.ru_utime.tv_usec; - } - } - - for (m = 0; m < sizeof mm/sizeof(mm[0]); m++) { - if (mm[m].p != MAP_FAILED) - munmap(mm[m].p, mm[m].npg * pgs); - mm[m].p = MAP_FAILED; - } - - HX(stat(".", &st) == -1, st); - HX(statvfs(".", &stvfs) == -1, stvfs); - HX(statfs(".", &stfs) == -1, stfs); - - HX(stat("/", &st) == -1, st); - HX(statvfs("/", &stvfs) == -1, stvfs); - HX(statfs("/", &stfs) == -1, stfs); - - HX((e = fstat(0, &st)) == -1, st); - if (e == -1) { - if (S_ISREG(st.st_mode) || - S_ISFIFO(st.st_mode) || - S_ISSOCK(st.st_mode)) { - HX(fstatvfs(0, &stvfs) == -1, - stvfs); - HX(fstatfs(0, &stfs) == -1, - stfs); - HX((off = lseek(0, (off_t)0, - SEEK_CUR)) < 0, off); - } - if (S_ISCHR(st.st_mode)) { - HX(tcgetattr(0, &tios) == -1, - tios); - } else if (S_ISSOCK(st.st_mode)) { - memset(&ss, 0, sizeof ss); - ssl = sizeof(ss); - HX(getpeername(0, - (void *)&ss, &ssl) == -1, - ss); - } - } - - HX((e = getrusage(RUSAGE_CHILDREN, - &ru)) == -1, ru); - if (e != -1) { - cnt += (int)ru.ru_utime.tv_sec; - cnt += (int)ru.ru_utime.tv_usec; - } - } else { - /* Subsequent hashes absorb previous result */ - HD(results); - } - - HX((e = gettimeofday(&tv, NULL)) == -1, tv); - if (e != -1) { - cnt += (int)tv.tv_sec; - cnt += (int)tv.tv_usec; - } - - HD(cnt); - } - - SHA512_Final(results, &ctx); - memcpy((char*)buf + i, results, min(sizeof(results), len - i)); - i += min(sizeof(results), len - i); - } - memset(results, 0, sizeof results); - if (gotdata(buf, len) == 0) { - errno = save_errno; - return 0; /* satisfied */ - } - errno = EIO; - return -1; -} diff --git a/external/unbound/compat/getentropy_solaris.c b/external/unbound/compat/getentropy_solaris.c deleted file mode 100644 index 810098a8d..000000000 --- a/external/unbound/compat/getentropy_solaris.c +++ /dev/null @@ -1,441 +0,0 @@ -/* $OpenBSD: getentropy_solaris.c,v 1.3 2014/07/12 14:46:31 deraadt Exp $ */ - -/* - * Copyright (c) 2014 Theo de Raadt - * Copyright (c) 2014 Bob Beck - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR - * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN - * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF - * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ -#include "config.h" - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#ifdef HAVE_STDINT_H -#include -#endif -#include -#include -#include -#include -#include -#include -#include -#include -#ifdef HAVE_SYS_SHA2_H -#include -#define SHA512_Init SHA512Init -#define SHA512_Update SHA512Update -#define SHA512_Final SHA512Final -#else -#include "openssl/sha.h" -#endif - -#include -#include -#include - -#define REPEAT 5 -#define min(a, b) (((a) < (b)) ? (a) : (b)) - -#define HX(a, b) \ - do { \ - if ((a)) \ - HD(errno); \ - else \ - HD(b); \ - } while (0) - -#define HR(x, l) (SHA512_Update(&ctx, (char *)(x), (l))) -#define HD(x) (SHA512_Update(&ctx, (char *)&(x), sizeof (x))) -#define HF(x) (SHA512_Update(&ctx, (char *)&(x), sizeof (void*))) - -int getentropy(void *buf, size_t len); - -#ifdef CAN_REFERENCE_MAIN -extern int main(int, char *argv[]); -#endif -static int gotdata(char *buf, size_t len); -static int getentropy_urandom(void *buf, size_t len, const char *path, - int devfscheck); -static int getentropy_fallback(void *buf, size_t len); - -int -getentropy(void *buf, size_t len) -{ - int ret = -1; - - if (len > 256) { - errno = EIO; - return -1; - } - - /* - * Try to get entropy with /dev/urandom - * - * Solaris provides /dev/urandom as a symbolic link to - * /devices/pseudo/random@0:urandom which is provided by - * a devfs filesystem. Best practice is to use O_NOFOLLOW, - * so we must try the unpublished name directly. - * - * This can fail if the process is inside a chroot which lacks - * the devfs mount, or if file descriptors are exhausted. - */ - ret = getentropy_urandom(buf, len, - "/devices/pseudo/random@0:urandom", 1); - if (ret != -1) - return (ret); - - /* - * Unfortunately, chroot spaces on Solaris are sometimes setup - * with direct device node of the well-known /dev/urandom name - * (perhaps to avoid dragging all of devfs into the space). - * - * This can fail if the process is inside a chroot or if file - * descriptors are exhausted. - */ - ret = getentropy_urandom(buf, len, "/dev/urandom", 0); - if (ret != -1) - return (ret); - - /* - * Entropy collection via /dev/urandom has failed. - * - * No other API exists for collecting entropy, and we have - * no failsafe way to get it on Solaris that is not sensitive - * to resource exhaustion. - * - * We have very few options: - * - Even syslog_r is unsafe to call at this low level, so - * there is no way to alert the user or program. - * - Cannot call abort() because some systems have unsafe - * corefiles. - * - Could raise(SIGKILL) resulting in silent program termination. - * - Return EIO, to hint that arc4random's stir function - * should raise(SIGKILL) - * - Do the best under the circumstances.... - * - * This code path exists to bring light to the issue that Solaris - * does not provide a failsafe API for entropy collection. - * - * We hope this demonstrates that Solaris should consider - * providing a new failsafe API which works in a chroot or - * when file descriptors are exhausted. - */ -#undef FAIL_INSTEAD_OF_TRYING_FALLBACK -#ifdef FAIL_INSTEAD_OF_TRYING_FALLBACK - raise(SIGKILL); -#endif - ret = getentropy_fallback(buf, len); - if (ret != -1) - return (ret); - - errno = EIO; - return (ret); -} - -/* - * Basic sanity checking; wish we could do better. - */ -static int -gotdata(char *buf, size_t len) -{ - char any_set = 0; - size_t i; - - for (i = 0; i < len; ++i) - any_set |= buf[i]; - if (any_set == 0) - return -1; - return 0; -} - -static int -getentropy_urandom(void *buf, size_t len, const char *path, int devfscheck) -{ - struct stat st; - size_t i; - int fd, flags; - int save_errno = errno; - -start: - - flags = O_RDONLY; -#ifdef O_NOFOLLOW - flags |= O_NOFOLLOW; -#endif -#ifdef O_CLOEXEC - flags |= O_CLOEXEC; -#endif - fd = open(path, flags, 0); - if (fd == -1) { - if (errno == EINTR) - goto start; - goto nodevrandom; - } -#ifndef O_CLOEXEC - fcntl(fd, F_SETFD, fcntl(fd, F_GETFD) | FD_CLOEXEC); -#endif - - /* Lightly verify that the device node looks sane */ - if (fstat(fd, &st) == -1 || !S_ISCHR(st.st_mode) || - (devfscheck && (strcmp(st.st_fstype, "devfs") != 0))) { - close(fd); - goto nodevrandom; - } - for (i = 0; i < len; ) { - size_t wanted = len - i; - ssize_t ret = read(fd, (char*)buf + i, wanted); - - if (ret == -1) { - if (errno == EAGAIN || errno == EINTR) - continue; - close(fd); - goto nodevrandom; - } - i += ret; - } - close(fd); - if (gotdata(buf, len) == 0) { - errno = save_errno; - return 0; /* satisfied */ - } -nodevrandom: - errno = EIO; - return -1; -} - -static const int cl[] = { - CLOCK_REALTIME, -#ifdef CLOCK_MONOTONIC - CLOCK_MONOTONIC, -#endif -#ifdef CLOCK_MONOTONIC_RAW - CLOCK_MONOTONIC_RAW, -#endif -#ifdef CLOCK_TAI - CLOCK_TAI, -#endif -#ifdef CLOCK_VIRTUAL - CLOCK_VIRTUAL, -#endif -#ifdef CLOCK_UPTIME - CLOCK_UPTIME, -#endif -#ifdef CLOCK_PROCESS_CPUTIME_ID - CLOCK_PROCESS_CPUTIME_ID, -#endif -#ifdef CLOCK_THREAD_CPUTIME_ID - CLOCK_THREAD_CPUTIME_ID, -#endif -}; - -static int -getentropy_fallback(void *buf, size_t len) -{ - uint8_t results[SHA512_DIGEST_LENGTH]; - int save_errno = errno, e, pgs = getpagesize(), faster = 0, repeat; - static int cnt; - struct timespec ts; - struct timeval tv; - double loadavg[3]; - struct rusage ru; - sigset_t sigset; - struct stat st; - SHA512_CTX ctx; - static pid_t lastpid; - pid_t pid; - size_t i, ii, m; - char *p; - - pid = getpid(); - if (lastpid == pid) { - faster = 1; - repeat = 2; - } else { - faster = 0; - lastpid = pid; - repeat = REPEAT; - } - for (i = 0; i < len; ) { - int j; - SHA512_Init(&ctx); - for (j = 0; j < repeat; j++) { - HX((e = gettimeofday(&tv, NULL)) == -1, tv); - if (e != -1) { - cnt += (int)tv.tv_sec; - cnt += (int)tv.tv_usec; - } - - for (ii = 0; ii < sizeof(cl)/sizeof(cl[0]); ii++) - HX(clock_gettime(cl[ii], &ts) == -1, ts); - - HX((pid = getpid()) == -1, pid); - HX((pid = getsid(pid)) == -1, pid); - HX((pid = getppid()) == -1, pid); - HX((pid = getpgid(0)) == -1, pid); - HX((e = getpriority(0, 0)) == -1, e); - HX((getloadavg(loadavg, 3) == -1), loadavg); - - if (!faster) { - ts.tv_sec = 0; - ts.tv_nsec = 1; - (void) nanosleep(&ts, NULL); - } - - HX(sigpending(&sigset) == -1, sigset); - HX(sigprocmask(SIG_BLOCK, NULL, &sigset) == -1, - sigset); - -#ifdef CAN_REFERENCE_MAIN - HF(main); /* an addr in program */ -#endif - HF(getentropy); /* an addr in this library */ - HF(printf); /* an addr in libc */ - p = (char *)&p; - HD(p); /* an addr on stack */ - p = (char *)&errno; - HD(p); /* the addr of errno */ - - if (i == 0) { - struct sockaddr_storage ss; - struct statvfs stvfs; - struct termios tios; - socklen_t ssl; - off_t off; - - /* - * Prime-sized mappings encourage fragmentation; - * thus exposing some address entropy. - */ - struct mm { - size_t npg; - void *p; - } mm[] = { - { 17, MAP_FAILED }, { 3, MAP_FAILED }, - { 11, MAP_FAILED }, { 2, MAP_FAILED }, - { 5, MAP_FAILED }, { 3, MAP_FAILED }, - { 7, MAP_FAILED }, { 1, MAP_FAILED }, - { 57, MAP_FAILED }, { 3, MAP_FAILED }, - { 131, MAP_FAILED }, { 1, MAP_FAILED }, - }; - - for (m = 0; m < sizeof mm/sizeof(mm[0]); m++) { - HX(mm[m].p = mmap(NULL, - mm[m].npg * pgs, - PROT_READ|PROT_WRITE, - MAP_PRIVATE|MAP_ANON, -1, - (off_t)0), mm[m].p); - if (mm[m].p != MAP_FAILED) { - size_t mo; - - /* Touch some memory... */ - p = mm[m].p; - mo = cnt % - (mm[m].npg * pgs - 1); - p[mo] = 1; - cnt += (int)((long)(mm[m].p) - / pgs); - } - - /* Check cnts and times... */ - for (ii = 0; ii < sizeof(cl)/sizeof(cl[0]); - ii++) { - HX((e = clock_gettime(cl[ii], - &ts)) == -1, ts); - if (e != -1) - cnt += (int)ts.tv_nsec; - } - - HX((e = getrusage(RUSAGE_SELF, - &ru)) == -1, ru); - if (e != -1) { - cnt += (int)ru.ru_utime.tv_sec; - cnt += (int)ru.ru_utime.tv_usec; - } - } - - for (m = 0; m < sizeof mm/sizeof(mm[0]); m++) { - if (mm[m].p != MAP_FAILED) - munmap(mm[m].p, mm[m].npg * pgs); - mm[m].p = MAP_FAILED; - } - - HX(stat(".", &st) == -1, st); - HX(statvfs(".", &stvfs) == -1, stvfs); - - HX(stat("/", &st) == -1, st); - HX(statvfs("/", &stvfs) == -1, stvfs); - - HX((e = fstat(0, &st)) == -1, st); - if (e == -1) { - if (S_ISREG(st.st_mode) || - S_ISFIFO(st.st_mode) || - S_ISSOCK(st.st_mode)) { - HX(fstatvfs(0, &stvfs) == -1, - stvfs); - HX((off = lseek(0, (off_t)0, - SEEK_CUR)) < 0, off); - } - if (S_ISCHR(st.st_mode)) { - HX(tcgetattr(0, &tios) == -1, - tios); - } else if (S_ISSOCK(st.st_mode)) { - memset(&ss, 0, sizeof ss); - ssl = sizeof(ss); - HX(getpeername(0, - (void *)&ss, &ssl) == -1, - ss); - } - } - - HX((e = getrusage(RUSAGE_CHILDREN, - &ru)) == -1, ru); - if (e != -1) { - cnt += (int)ru.ru_utime.tv_sec; - cnt += (int)ru.ru_utime.tv_usec; - } - } else { - /* Subsequent hashes absorb previous result */ - HD(results); - } - - HX((e = gettimeofday(&tv, NULL)) == -1, tv); - if (e != -1) { - cnt += (int)tv.tv_sec; - cnt += (int)tv.tv_usec; - } - - HD(cnt); - } - SHA512_Final(results, &ctx); - memcpy((char*)buf + i, results, min(sizeof(results), len - i)); - i += min(sizeof(results), len - i); - } - memset(results, 0, sizeof results); - if (gotdata(buf, len) == 0) { - errno = save_errno; - return 0; /* satisfied */ - } - errno = EIO; - return -1; -} diff --git a/external/unbound/compat/getentropy_win.c b/external/unbound/compat/getentropy_win.c deleted file mode 100644 index 71fb955e7..000000000 --- a/external/unbound/compat/getentropy_win.c +++ /dev/null @@ -1,56 +0,0 @@ -/* $OpenBSD$ */ - -/* - * Copyright (c) 2014, Theo de Raadt - * Copyright (c) 2014, Bob Beck - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR - * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN - * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF - * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ - -#include -#include -#include -#include -#include -#include - -int getentropy(void *buf, size_t len); - -/* - * On Windows, CryptGenRandom is supposed to be a well-seeded - * cryptographically strong random number generator. - */ -int -getentropy(void *buf, size_t len) -{ - HCRYPTPROV provider; - - if (len > 256) { - errno = EIO; - return -1; - } - - if (CryptAcquireContext(&provider, NULL, NULL, PROV_RSA_FULL, - CRYPT_VERIFYCONTEXT) == 0) - goto fail; - if (CryptGenRandom(provider, len, buf) == 0) { - CryptReleaseContext(provider, 0); - goto fail; - } - CryptReleaseContext(provider, 0); - return (0); - -fail: - errno = EIO; - return (-1); -} diff --git a/external/unbound/compat/gmtime_r.c b/external/unbound/compat/gmtime_r.c deleted file mode 100644 index 19eb637e3..000000000 --- a/external/unbound/compat/gmtime_r.c +++ /dev/null @@ -1,107 +0,0 @@ -/* - * Taken from FreeBSD src / lib / libc / stdtime / localtime.c 1.43 revision. - * localtime.c 7.78. - * tzfile.h 1.8 - * adapted to be replacement gmtime_r. - */ -#include "config.h" - -#ifdef HAVE_TIME_H -#include -#endif - -#define MONSPERYEAR 12 -#define DAYSPERNYEAR 365 -#define DAYSPERLYEAR 366 -#define SECSPERMIN 60 -#define SECSPERHOUR (60*60) -#define SECSPERDAY (24*60*60) -#define DAYSPERWEEK 7 -#define TM_SUNDAY 0 -#define TM_MONDAY 1 -#define TM_TUESDAY 2 -#define TM_WEDNESDAY 3 -#define TM_THURSDAY 4 -#define TM_FRIDAY 5 -#define TM_SATURDAY 6 - -#define TM_YEAR_BASE 1900 - -#define EPOCH_YEAR 1970 -#define EPOCH_WDAY TM_THURSDAY - -#define isleap(y) (((y) % 4) == 0 && (((y) % 100) != 0 || ((y) % 400) == 0)) - -static const int mon_lengths[2][MONSPERYEAR] = { - { 31, 28, 31, 30, 31, 30, 31, 31, 30, 31, 30, 31 }, - { 31, 29, 31, 30, 31, 30, 31, 31, 30, 31, 30, 31 } -}; - -static const int year_lengths[2] = { - DAYSPERNYEAR, DAYSPERLYEAR -}; - -static void -timesub(timep, offset, tmp) -const time_t * const timep; -const long offset; -struct tm * const tmp; -{ - long days; - long rem; - long y; - int yleap; - const int * ip; - - days = *timep / SECSPERDAY; - rem = *timep % SECSPERDAY; - rem += (offset); - while (rem < 0) { - rem += SECSPERDAY; - --days; - } - while (rem >= SECSPERDAY) { - rem -= SECSPERDAY; - ++days; - } - tmp->tm_hour = (int) (rem / SECSPERHOUR); - rem = rem % SECSPERHOUR; - tmp->tm_min = (int) (rem / SECSPERMIN); - /* - ** A positive leap second requires a special - ** representation. This uses "... ??:59:60" et seq. - */ - tmp->tm_sec = (int) (rem % SECSPERMIN) ; - tmp->tm_wday = (int) ((EPOCH_WDAY + days) % DAYSPERWEEK); - if (tmp->tm_wday < 0) - tmp->tm_wday += DAYSPERWEEK; - y = EPOCH_YEAR; -#define LEAPS_THRU_END_OF(y) ((y) / 4 - (y) / 100 + (y) / 400) - while (days < 0 || days >= (long) year_lengths[yleap = isleap(y)]) { - long newy; - - newy = y + days / DAYSPERNYEAR; - if (days < 0) - --newy; - days -= (newy - y) * DAYSPERNYEAR + - LEAPS_THRU_END_OF(newy - 1) - - LEAPS_THRU_END_OF(y - 1); - y = newy; - } - tmp->tm_year = y - TM_YEAR_BASE; - tmp->tm_yday = (int) days; - ip = mon_lengths[yleap]; - for (tmp->tm_mon = 0; days >= (long) ip[tmp->tm_mon]; ++(tmp->tm_mon)) - days = days - (long) ip[tmp->tm_mon]; - tmp->tm_mday = (int) (days + 1); - tmp->tm_isdst = 0; -} - -/* -* Re-entrant version of gmtime. -*/ -struct tm * gmtime_r(const time_t* timep, struct tm *tm) -{ - timesub(timep, 0L, tm); - return tm; -} diff --git a/external/unbound/compat/inet_aton.c b/external/unbound/compat/inet_aton.c deleted file mode 100644 index e93fe8d73..000000000 --- a/external/unbound/compat/inet_aton.c +++ /dev/null @@ -1,182 +0,0 @@ -/* From openssh4.3p2 compat/inet_aton.c */ -/* - * Copyright (c) 1983, 1990, 1993 - * The Regents of the University of California. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. Neither the name of the University nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - - * Portions Copyright (c) 1993 by Digital Equipment Corporation. - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies, and that - * the name of Digital Equipment Corporation not be used in advertising or - * publicity pertaining to distribution of the document or software without - * specific, written prior permission. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND DIGITAL EQUIPMENT CORP. DISCLAIMS ALL - * WARRANTIES WITH REGARD TO THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES - * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL DIGITAL EQUIPMENT - * CORPORATION BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL - * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR - * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS - * ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS - * SOFTWARE. - * - - * --Copyright-- - */ - -/* OPENBSD ORIGINAL: lib/libc/net/inet_addr.c */ - -#include - -#if !defined(HAVE_INET_ATON) - -#include -#include -#ifdef HAVE_NETINET_IN_H -#include -#endif -#ifdef HAVE_ARPA_INET_H -#include -#endif -#include - -#if 0 -/* - * Ascii internet address interpretation routine. - * The value returned is in network order. - */ -in_addr_t -inet_addr(const char *cp) -{ - struct in_addr val; - - if (inet_aton(cp, &val)) - return (val.s_addr); - return (INADDR_NONE); -} -#endif - -/* - * Check whether "cp" is a valid ascii representation - * of an Internet address and convert to a binary address. - * Returns 1 if the address is valid, 0 if not. - * This replaces inet_addr, the return value from which - * cannot distinguish between failure and a local broadcast address. - */ -int -inet_aton(const char *cp, struct in_addr *addr) -{ - uint32_t val; - int base, n; - char c; - unsigned int parts[4]; - unsigned int *pp = parts; - - c = *cp; - for (;;) { - /* - * Collect number up to ``.''. - * Values are specified as for C: - * 0x=hex, 0=octal, isdigit=decimal. - */ - if (!isdigit((unsigned char)c)) - return (0); - val = 0; base = 10; - if (c == '0') { - c = *++cp; - if (c == 'x' || c == 'X') - base = 16, c = *++cp; - else - base = 8; - } - for (;;) { - if (isascii((unsigned char)c) && isdigit((unsigned char)c)) { - val = (val * base) + (c - '0'); - c = *++cp; - } else if (base == 16 && isascii((unsigned char)c) && isxdigit((unsigned char)c)) { - val = (val << 4) | - (c + 10 - (islower((unsigned char)c) ? 'a' : 'A')); - c = *++cp; - } else - break; - } - if (c == '.') { - /* - * Internet format: - * a.b.c.d - * a.b.c (with c treated as 16 bits) - * a.b (with b treated as 24 bits) - */ - if (pp >= parts + 3) - return (0); - *pp++ = val; - c = *++cp; - } else - break; - } - /* - * Check for trailing characters. - */ - if (c != '\0' && (!isascii((unsigned char)c) || !isspace((unsigned char)c))) - return (0); - /* - * Concoct the address according to - * the number of parts specified. - */ - n = pp - parts + 1; - switch (n) { - - case 0: - return (0); /* initial nondigit */ - - case 1: /* a -- 32 bits */ - break; - - case 2: /* a.b -- 8.24 bits */ - if ((val > 0xffffff) || (parts[0] > 0xff)) - return (0); - val |= parts[0] << 24; - break; - - case 3: /* a.b.c -- 8.8.16 bits */ - if ((val > 0xffff) || (parts[0] > 0xff) || (parts[1] > 0xff)) - return (0); - val |= (parts[0] << 24) | (parts[1] << 16); - break; - - case 4: /* a.b.c.d -- 8.8.8.8 bits */ - if ((val > 0xff) || (parts[0] > 0xff) || (parts[1] > 0xff) || (parts[2] > 0xff)) - return (0); - val |= (parts[0] << 24) | (parts[1] << 16) | (parts[2] << 8); - break; - } - if (addr) - addr->s_addr = htonl(val); - return (1); -} - -#endif /* !defined(HAVE_INET_ATON) */ diff --git a/external/unbound/compat/inet_ntop.c b/external/unbound/compat/inet_ntop.c deleted file mode 100644 index bd418ae7d..000000000 --- a/external/unbound/compat/inet_ntop.c +++ /dev/null @@ -1,218 +0,0 @@ -/* From openssh 4.3p2 compat/inet_ntop.c */ -/* Copyright (c) 1996 by Internet Software Consortium. - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS - * ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES - * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE - * CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL - * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR - * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS - * ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS - * SOFTWARE. - */ - -/* OPENBSD ORIGINAL: lib/libc/net/inet_ntop.c */ - -#include - -#ifndef HAVE_INET_NTOP - -#include -#include -#ifdef HAVE_SYS_SOCKET_H -#include -#endif -#ifdef HAVE_NETINET_IN_H -#include -#endif -#include -#include -#include - -#ifndef IN6ADDRSZ -#define IN6ADDRSZ 16 /* IPv6 T_AAAA */ -#endif - -#ifndef INT16SZ -#define INT16SZ 2 /* for systems without 16-bit ints */ -#endif - -/* - * WARNING: Don't even consider trying to compile this on a system where - * sizeof(int) < 4. sizeof(int) > 4 is fine; all the world's not a VAX. - */ - -static const char *inet_ntop4(const u_char *src, char *dst, size_t size); -static const char *inet_ntop6(const u_char *src, char *dst, size_t size); - -/* char * - * inet_ntop(af, src, dst, size) - * convert a network format address to presentation format. - * return: - * pointer to presentation format address (`dst'), or NULL (see errno). - * author: - * Paul Vixie, 1996. - */ -const char * -inet_ntop(int af, const void *src, char *dst, size_t size) -{ - switch (af) { - case AF_INET: - return (inet_ntop4(src, dst, size)); - case AF_INET6: - return (inet_ntop6(src, dst, size)); - default: -#ifdef EAFNOSUPPORT - errno = EAFNOSUPPORT; -#else - errno = ENOSYS; -#endif - return (NULL); - } - /* NOTREACHED */ -} - -/* const char * - * inet_ntop4(src, dst, size) - * format an IPv4 address, more or less like inet_ntoa() - * return: - * `dst' (as a const) - * notes: - * (1) uses no statics - * (2) takes a u_char* not an in_addr as input - * author: - * Paul Vixie, 1996. - */ -static const char * -inet_ntop4(const u_char *src, char *dst, size_t size) -{ - static const char fmt[] = "%u.%u.%u.%u"; - char tmp[sizeof "255.255.255.255"]; - int l; - - l = snprintf(tmp, size, fmt, src[0], src[1], src[2], src[3]); - if (l <= 0 || l >= (int)size) { - errno = ENOSPC; - return (NULL); - } - strlcpy(dst, tmp, size); - return (dst); -} - -/* const char * - * inet_ntop6(src, dst, size) - * convert IPv6 binary address into presentation (printable) format - * author: - * Paul Vixie, 1996. - */ -static const char * -inet_ntop6(const u_char *src, char *dst, size_t size) -{ - /* - * Note that int32_t and int16_t need only be "at least" large enough - * to contain a value of the specified size. On some systems, like - * Crays, there is no such thing as an integer variable with 16 bits. - * Keep this in mind if you think this function should have been coded - * to use pointer overlays. All the world's not a VAX. - */ - char tmp[sizeof "ffff:ffff:ffff:ffff:ffff:ffff:255.255.255.255"]; - char *tp, *ep; - struct { int base, len; } best, cur; - u_int words[IN6ADDRSZ / INT16SZ]; - int i; - int advance; - - /* - * Preprocess: - * Copy the input (bytewise) array into a wordwise array. - * Find the longest run of 0x00's in src[] for :: shorthanding. - */ - memset(words, '\0', sizeof words); - for (i = 0; i < IN6ADDRSZ; i++) - words[i / 2] |= (src[i] << ((1 - (i % 2)) << 3)); - best.base = -1; - best.len = 0; - cur.base = -1; - cur.len = 0; - for (i = 0; i < (IN6ADDRSZ / INT16SZ); i++) { - if (words[i] == 0) { - if (cur.base == -1) - cur.base = i, cur.len = 1; - else - cur.len++; - } else { - if (cur.base != -1) { - if (best.base == -1 || cur.len > best.len) - best = cur; - cur.base = -1; - } - } - } - if (cur.base != -1) { - if (best.base == -1 || cur.len > best.len) - best = cur; - } - if (best.base != -1 && best.len < 2) - best.base = -1; - - /* - * Format the result. - */ - tp = tmp; - ep = tmp + sizeof(tmp); - for (i = 0; i < (IN6ADDRSZ / INT16SZ) && tp < ep; i++) { - /* Are we inside the best run of 0x00's? */ - if (best.base != -1 && i >= best.base && - i < (best.base + best.len)) { - if (i == best.base) { - if (tp + 1 >= ep) - return (NULL); - *tp++ = ':'; - } - continue; - } - /* Are we following an initial run of 0x00s or any real hex? */ - if (i != 0) { - if (tp + 1 >= ep) - return (NULL); - *tp++ = ':'; - } - /* Is this address an encapsulated IPv4? */ - if (i == 6 && best.base == 0 && - (best.len == 6 || (best.len == 5 && words[5] == 0xffff))) { - if (!inet_ntop4(src+12, tp, (size_t)(ep - tp))) - return (NULL); - tp += strlen(tp); - break; - } - advance = snprintf(tp, ep - tp, "%x", words[i]); - if (advance <= 0 || advance >= ep - tp) - return (NULL); - tp += advance; - } - /* Was it a trailing run of 0x00's? */ - if (best.base != -1 && (best.base + best.len) == (IN6ADDRSZ / INT16SZ)) { - if (tp + 1 >= ep) - return (NULL); - *tp++ = ':'; - } - if (tp + 1 >= ep) - return (NULL); - *tp++ = '\0'; - - /* - * Check for overflow, copy, and we're done. - */ - if ((size_t)(tp - tmp) > size) { - errno = ENOSPC; - return (NULL); - } - strlcpy(dst, tmp, size); - return (dst); -} - -#endif /* !HAVE_INET_NTOP */ diff --git a/external/unbound/compat/inet_pton.c b/external/unbound/compat/inet_pton.c deleted file mode 100644 index 15780d0b7..000000000 --- a/external/unbound/compat/inet_pton.c +++ /dev/null @@ -1,230 +0,0 @@ -/* $KAME: inet_pton.c,v 1.5 2001/08/20 02:32:40 itojun Exp $ */ - -/* Copyright (c) 1996 by Internet Software Consortium. - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS - * ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES - * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE - * CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL - * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR - * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS - * ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS - * SOFTWARE. - */ - -#include - -#include -#include -#include - -/* - * WARNING: Don't even consider trying to compile this on a system where - * sizeof(int) < 4. sizeof(int) > 4 is fine; all the world's not a VAX. - */ - -static int inet_pton4 (const char *src, uint8_t *dst); -static int inet_pton6 (const char *src, uint8_t *dst); - -/* - * - * The definitions we might miss. - * - */ -#ifndef NS_INT16SZ -#define NS_INT16SZ 2 -#endif - -#ifndef NS_IN6ADDRSZ -#define NS_IN6ADDRSZ 16 -#endif - -#ifndef NS_INADDRSZ -#define NS_INADDRSZ 4 -#endif - -/* int - * inet_pton(af, src, dst) - * convert from presentation format (which usually means ASCII printable) - * to network format (which is usually some kind of binary format). - * return: - * 1 if the address was valid for the specified address family - * 0 if the address wasn't valid (`dst' is untouched in this case) - * -1 if some other error occurred (`dst' is untouched in this case, too) - * author: - * Paul Vixie, 1996. - */ -int -inet_pton(af, src, dst) - int af; - const char *src; - void *dst; -{ - switch (af) { - case AF_INET: - return (inet_pton4(src, dst)); - case AF_INET6: - return (inet_pton6(src, dst)); - default: -#ifdef EAFNOSUPPORT - errno = EAFNOSUPPORT; -#else - errno = ENOSYS; -#endif - return (-1); - } - /* NOTREACHED */ -} - -/* int - * inet_pton4(src, dst) - * like inet_aton() but without all the hexadecimal and shorthand. - * return: - * 1 if `src' is a valid dotted quad, else 0. - * notice: - * does not touch `dst' unless it's returning 1. - * author: - * Paul Vixie, 1996. - */ -static int -inet_pton4(src, dst) - const char *src; - uint8_t *dst; -{ - static const char digits[] = "0123456789"; - int saw_digit, octets, ch; - uint8_t tmp[NS_INADDRSZ], *tp; - - saw_digit = 0; - octets = 0; - *(tp = tmp) = 0; - while ((ch = *src++) != '\0') { - const char *pch; - - if ((pch = strchr(digits, ch)) != NULL) { - uint32_t new = *tp * 10 + (pch - digits); - - if (new > 255) - return (0); - *tp = new; - if (! saw_digit) { - if (++octets > 4) - return (0); - saw_digit = 1; - } - } else if (ch == '.' && saw_digit) { - if (octets == 4) - return (0); - *++tp = 0; - saw_digit = 0; - } else - return (0); - } - if (octets < 4) - return (0); - - memcpy(dst, tmp, NS_INADDRSZ); - return (1); -} - -/* int - * inet_pton6(src, dst) - * convert presentation level address to network order binary form. - * return: - * 1 if `src' is a valid [RFC1884 2.2] address, else 0. - * notice: - * (1) does not touch `dst' unless it's returning 1. - * (2) :: in a full address is silently ignored. - * credit: - * inspired by Mark Andrews. - * author: - * Paul Vixie, 1996. - */ -static int -inet_pton6(src, dst) - const char *src; - uint8_t *dst; -{ - static const char xdigits_l[] = "0123456789abcdef", - xdigits_u[] = "0123456789ABCDEF"; - uint8_t tmp[NS_IN6ADDRSZ], *tp, *endp, *colonp; - const char *xdigits, *curtok; - int ch, saw_xdigit; - uint32_t val; - - memset((tp = tmp), '\0', NS_IN6ADDRSZ); - endp = tp + NS_IN6ADDRSZ; - colonp = NULL; - /* Leading :: requires some special handling. */ - if (*src == ':') - if (*++src != ':') - return (0); - curtok = src; - saw_xdigit = 0; - val = 0; - while ((ch = *src++) != '\0') { - const char *pch; - - if ((pch = strchr((xdigits = xdigits_l), ch)) == NULL) - pch = strchr((xdigits = xdigits_u), ch); - if (pch != NULL) { - val <<= 4; - val |= (pch - xdigits); - if (val > 0xffff) - return (0); - saw_xdigit = 1; - continue; - } - if (ch == ':') { - curtok = src; - if (!saw_xdigit) { - if (colonp) - return (0); - colonp = tp; - continue; - } - if (tp + NS_INT16SZ > endp) - return (0); - *tp++ = (uint8_t) (val >> 8) & 0xff; - *tp++ = (uint8_t) val & 0xff; - saw_xdigit = 0; - val = 0; - continue; - } - if (ch == '.' && ((tp + NS_INADDRSZ) <= endp) && - inet_pton4(curtok, tp) > 0) { - tp += NS_INADDRSZ; - saw_xdigit = 0; - break; /* '\0' was seen by inet_pton4(). */ - } - return (0); - } - if (saw_xdigit) { - if (tp + NS_INT16SZ > endp) - return (0); - *tp++ = (uint8_t) (val >> 8) & 0xff; - *tp++ = (uint8_t) val & 0xff; - } - if (colonp != NULL) { - /* - * Since some memmove()'s erroneously fail to handle - * overlapping regions, we'll do the shift by hand. - */ - const int n = tp - colonp; - int i; - - for (i = 1; i <= n; i++) { - endp[- i] = colonp[n - i]; - colonp[n - i] = 0; - } - tp = endp; - } - if (tp != endp) - return (0); - memcpy(dst, tmp, NS_IN6ADDRSZ); - return (1); -} diff --git a/external/unbound/compat/isblank.c b/external/unbound/compat/isblank.c deleted file mode 100644 index 8feabed45..000000000 --- a/external/unbound/compat/isblank.c +++ /dev/null @@ -1,45 +0,0 @@ -/* isblank - compatibility implementation of isblank - * - * Copyright (c) 2015, NLnet Labs. All rights reserved. - * - * This software is open source. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * Redistributions of source code must retain the above copyright notice, - * this list of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, - * this list of conditions and the following disclaimer in the documentation - * and/or other materials provided with the distribution. - * - * Neither the name of the NLNET LABS nor the names of its contributors may - * be used to endorse or promote products derived from this software without - * specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR - * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT - * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED - * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR - * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF - * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING - * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -#include "config.h" - -/* return true for a blank character: space or tab */ -int isblank(int c); - -/* implementation of isblank. unsigned char is the argument */ -int -isblank(int c) -{ - return (c==' ' || c=='\t'); -} diff --git a/external/unbound/compat/malloc.c b/external/unbound/compat/malloc.c deleted file mode 100644 index 559aa100d..000000000 --- a/external/unbound/compat/malloc.c +++ /dev/null @@ -1,19 +0,0 @@ -/* Just a replacement, if the original malloc is not - GNU-compliant. See autoconf documentation. */ - -#include "config.h" -#undef malloc -#include - -void *malloc (); - -/* Allocate an N-byte block of memory from the heap. - If N is zero, allocate a 1-byte block. */ - -void * -rpl_malloc_unbound (size_t n) -{ - if (n == 0) - n = 1; - return malloc (n); -} diff --git a/external/unbound/compat/memcmp.c b/external/unbound/compat/memcmp.c deleted file mode 100644 index 9446276f4..000000000 --- a/external/unbound/compat/memcmp.c +++ /dev/null @@ -1,25 +0,0 @@ -/* - * memcmp.c: memcmp compat implementation. - * - * Copyright (c) 2010, NLnet Labs. All rights reserved. - * - * See LICENSE for the license. -*/ - -#include - -int memcmp(const void *x, const void *y, size_t n); - -int memcmp(const void *x, const void *y, size_t n) -{ - const uint8_t* x8 = (const uint8_t*)x; - const uint8_t* y8 = (const uint8_t*)y; - size_t i; - for(i=0; i y8[i]) - return 1; - } - return 0; -} diff --git a/external/unbound/compat/memcmp.h b/external/unbound/compat/memcmp.h deleted file mode 100644 index c1d195ccf..000000000 --- a/external/unbound/compat/memcmp.h +++ /dev/null @@ -1,16 +0,0 @@ -/* - * memcmp.h: undef memcmp for compat. - * - * Copyright (c) 2012, NLnet Labs. All rights reserved. - * - * See LICENSE for the license. -*/ -#ifndef COMPAT_MEMCMP_H -#define COMPAT_MEMCMP_H - -#ifdef memcmp -/* undef here otherwise autoheader messes it up in config.h */ -# undef memcmp -#endif - -#endif /* COMPAT_MEMCMP_H */ diff --git a/external/unbound/compat/memmove.c b/external/unbound/compat/memmove.c deleted file mode 100644 index fe319bb49..000000000 --- a/external/unbound/compat/memmove.c +++ /dev/null @@ -1,43 +0,0 @@ -/* - * memmove.c: memmove compat implementation. - * - * Copyright (c) 2001-2006, NLnet Labs. All rights reserved. - * - * See LICENSE for the license. -*/ - -#include -#include - -void *memmove(void *dest, const void *src, size_t n); - -void *memmove(void *dest, const void *src, size_t n) -{ - uint8_t* from = (uint8_t*) src; - uint8_t* to = (uint8_t*) dest; - - if (from == to || n == 0) - return dest; - if (to > from && to-from < (int)n) { - /* to overlaps with from */ - /* */ - /* */ - /* copy in reverse, to avoid overwriting from */ - int i; - for(i=n-1; i>=0; i--) - to[i] = from[i]; - return dest; - } - if (from > to && from-to < (int)n) { - /* to overlaps with from */ - /* */ - /* */ - /* copy forwards, to avoid overwriting from */ - size_t i; - for(i=0; i - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR - * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN - * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF - * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ - -#include "config.h" -#include -#include -#ifdef HAVE_STDINT_H -#include -#endif -#include -#include - -/* - * This is sqrt(SIZE_MAX+1), as s1*s2 <= SIZE_MAX - * if both s1 < MUL_NO_OVERFLOW and s2 < MUL_NO_OVERFLOW - */ -#define MUL_NO_OVERFLOW ((size_t)1 << (sizeof(size_t) * 4)) - -void * -reallocarray(void *optr, size_t nmemb, size_t size) -{ - if ((nmemb >= MUL_NO_OVERFLOW || size >= MUL_NO_OVERFLOW) && - nmemb > 0 && SIZE_MAX / nmemb < size) { - errno = ENOMEM; - return NULL; - } - return realloc(optr, size * nmemb); -} diff --git a/external/unbound/compat/sha512.c b/external/unbound/compat/sha512.c deleted file mode 100644 index 744b7ac7b..000000000 --- a/external/unbound/compat/sha512.c +++ /dev/null @@ -1,477 +0,0 @@ -/* - * FILE: sha2.c - * AUTHOR: Aaron D. Gifford - http://www.aarongifford.com/ - * - * Copyright (c) 2000-2001, Aaron D. Gifford - * All rights reserved. - * - * Modified by Jelte Jansen to fit in ldns, and not clash with any - * system-defined SHA code. - * Changes: - * - Renamed (external) functions and constants to fit ldns style - * - Removed _End and _Data functions - * - Added ldns_shaX(data, len, digest) convenience functions - * - Removed prototypes of _Transform functions and made those static - * Modified by Wouter, and trimmed, to provide SHA512 for getentropy_fallback. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. Neither the name of the copyright holder nor the names of contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTOR(S) ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTOR(S) BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * $Id: sha2.c,v 1.1 2001/11/08 00:01:51 adg Exp adg $ - */ -#include "config.h" - -#include /* memcpy()/memset() or bcopy()/bzero() */ -#include /* assert() */ - -/* do we have sha512 header defs */ -#ifndef SHA512_DIGEST_LENGTH -#define SHA512_BLOCK_LENGTH 128 -#define SHA512_DIGEST_LENGTH 64 -#define SHA512_DIGEST_STRING_LENGTH (SHA512_DIGEST_LENGTH * 2 + 1) -typedef struct _SHA512_CTX { - uint64_t state[8]; - uint64_t bitcount[2]; - uint8_t buffer[SHA512_BLOCK_LENGTH]; -} SHA512_CTX; -#endif /* do we have sha512 header defs */ - -void SHA512_Init(SHA512_CTX*); -void SHA512_Update(SHA512_CTX*, void*, size_t); -void SHA512_Final(uint8_t[SHA512_DIGEST_LENGTH], SHA512_CTX*); -unsigned char *SHA512(void *data, unsigned int data_len, unsigned char *digest); - - -/*** SHA-256/384/512 Machine Architecture Definitions *****************/ -/* - * BYTE_ORDER NOTE: - * - * Please make sure that your system defines BYTE_ORDER. If your - * architecture is little-endian, make sure it also defines - * LITTLE_ENDIAN and that the two (BYTE_ORDER and LITTLE_ENDIAN) are - * equivalent. - * - * If your system does not define the above, then you can do so by - * hand like this: - * - * #define LITTLE_ENDIAN 1234 - * #define BIG_ENDIAN 4321 - * - * And for little-endian machines, add: - * - * #define BYTE_ORDER LITTLE_ENDIAN - * - * Or for big-endian machines: - * - * #define BYTE_ORDER BIG_ENDIAN - * - * The FreeBSD machine this was written on defines BYTE_ORDER - * appropriately by including (which in turn includes - * where the appropriate definitions are actually - * made). - */ -#if !defined(BYTE_ORDER) || (BYTE_ORDER != LITTLE_ENDIAN && BYTE_ORDER != BIG_ENDIAN) -#error Define BYTE_ORDER to be equal to either LITTLE_ENDIAN or BIG_ENDIAN -#endif - -typedef uint8_t sha2_byte; /* Exactly 1 byte */ -typedef uint32_t sha2_word32; /* Exactly 4 bytes */ -#ifdef S_SPLINT_S -typedef unsigned long long sha2_word64; /* lint 8 bytes */ -#else -typedef uint64_t sha2_word64; /* Exactly 8 bytes */ -#endif - -/*** SHA-256/384/512 Various Length Definitions ***********************/ -#define SHA512_SHORT_BLOCK_LENGTH (SHA512_BLOCK_LENGTH - 16) - - -/*** ENDIAN REVERSAL MACROS *******************************************/ -#if BYTE_ORDER == LITTLE_ENDIAN -#define REVERSE32(w,x) { \ - sha2_word32 tmp = (w); \ - tmp = (tmp >> 16) | (tmp << 16); \ - (x) = ((tmp & 0xff00ff00UL) >> 8) | ((tmp & 0x00ff00ffUL) << 8); \ -} -#ifndef S_SPLINT_S -#define REVERSE64(w,x) { \ - sha2_word64 tmp = (w); \ - tmp = (tmp >> 32) | (tmp << 32); \ - tmp = ((tmp & 0xff00ff00ff00ff00ULL) >> 8) | \ - ((tmp & 0x00ff00ff00ff00ffULL) << 8); \ - (x) = ((tmp & 0xffff0000ffff0000ULL) >> 16) | \ - ((tmp & 0x0000ffff0000ffffULL) << 16); \ -} -#else /* splint */ -#define REVERSE64(w,x) /* splint */ -#endif /* splint */ -#endif /* BYTE_ORDER == LITTLE_ENDIAN */ - -/* - * Macro for incrementally adding the unsigned 64-bit integer n to the - * unsigned 128-bit integer (represented using a two-element array of - * 64-bit words): - */ -#define ADDINC128(w,n) { \ - (w)[0] += (sha2_word64)(n); \ - if ((w)[0] < (n)) { \ - (w)[1]++; \ - } \ -} -#ifdef S_SPLINT_S -#undef ADDINC128 -#define ADDINC128(w,n) /* splint */ -#endif - -/* - * Macros for copying blocks of memory and for zeroing out ranges - * of memory. Using these macros makes it easy to switch from - * using memset()/memcpy() and using bzero()/bcopy(). - * - * Please define either SHA2_USE_MEMSET_MEMCPY or define - * SHA2_USE_BZERO_BCOPY depending on which function set you - * choose to use: - */ -#if !defined(SHA2_USE_MEMSET_MEMCPY) && !defined(SHA2_USE_BZERO_BCOPY) -/* Default to memset()/memcpy() if no option is specified */ -#define SHA2_USE_MEMSET_MEMCPY 1 -#endif -#if defined(SHA2_USE_MEMSET_MEMCPY) && defined(SHA2_USE_BZERO_BCOPY) -/* Abort with an error if BOTH options are defined */ -#error Define either SHA2_USE_MEMSET_MEMCPY or SHA2_USE_BZERO_BCOPY, not both! -#endif - -#ifdef SHA2_USE_MEMSET_MEMCPY -#define MEMSET_BZERO(p,l) memset((p), 0, (l)) -#define MEMCPY_BCOPY(d,s,l) memcpy((d), (s), (l)) -#endif -#ifdef SHA2_USE_BZERO_BCOPY -#define MEMSET_BZERO(p,l) bzero((p), (l)) -#define MEMCPY_BCOPY(d,s,l) bcopy((s), (d), (l)) -#endif - - -/*** THE SIX LOGICAL FUNCTIONS ****************************************/ -/* - * Bit shifting and rotation (used by the six SHA-XYZ logical functions: - * - * NOTE: The naming of R and S appears backwards here (R is a SHIFT and - * S is a ROTATION) because the SHA-256/384/512 description document - * (see http://csrc.nist.gov/cryptval/shs/sha256-384-512.pdf) uses this - * same "backwards" definition. - */ -/* Shift-right (used in SHA-256, SHA-384, and SHA-512): */ -#define R(b,x) ((x) >> (b)) -/* 64-bit Rotate-right (used in SHA-384 and SHA-512): */ -#define S64(b,x) (((x) >> (b)) | ((x) << (64 - (b)))) - -/* Two of six logical functions used in SHA-256, SHA-384, and SHA-512: */ -#define Ch(x,y,z) (((x) & (y)) ^ ((~(x)) & (z))) -#define Maj(x,y,z) (((x) & (y)) ^ ((x) & (z)) ^ ((y) & (z))) - -/* Four of six logical functions used in SHA-384 and SHA-512: */ -#define Sigma0_512(x) (S64(28, (x)) ^ S64(34, (x)) ^ S64(39, (x))) -#define Sigma1_512(x) (S64(14, (x)) ^ S64(18, (x)) ^ S64(41, (x))) -#define sigma0_512(x) (S64( 1, (x)) ^ S64( 8, (x)) ^ R( 7, (x))) -#define sigma1_512(x) (S64(19, (x)) ^ S64(61, (x)) ^ R( 6, (x))) - -/*** SHA-XYZ INITIAL HASH VALUES AND CONSTANTS ************************/ -/* Hash constant words K for SHA-384 and SHA-512: */ -static const sha2_word64 K512[80] = { - 0x428a2f98d728ae22ULL, 0x7137449123ef65cdULL, - 0xb5c0fbcfec4d3b2fULL, 0xe9b5dba58189dbbcULL, - 0x3956c25bf348b538ULL, 0x59f111f1b605d019ULL, - 0x923f82a4af194f9bULL, 0xab1c5ed5da6d8118ULL, - 0xd807aa98a3030242ULL, 0x12835b0145706fbeULL, - 0x243185be4ee4b28cULL, 0x550c7dc3d5ffb4e2ULL, - 0x72be5d74f27b896fULL, 0x80deb1fe3b1696b1ULL, - 0x9bdc06a725c71235ULL, 0xc19bf174cf692694ULL, - 0xe49b69c19ef14ad2ULL, 0xefbe4786384f25e3ULL, - 0x0fc19dc68b8cd5b5ULL, 0x240ca1cc77ac9c65ULL, - 0x2de92c6f592b0275ULL, 0x4a7484aa6ea6e483ULL, - 0x5cb0a9dcbd41fbd4ULL, 0x76f988da831153b5ULL, - 0x983e5152ee66dfabULL, 0xa831c66d2db43210ULL, - 0xb00327c898fb213fULL, 0xbf597fc7beef0ee4ULL, - 0xc6e00bf33da88fc2ULL, 0xd5a79147930aa725ULL, - 0x06ca6351e003826fULL, 0x142929670a0e6e70ULL, - 0x27b70a8546d22ffcULL, 0x2e1b21385c26c926ULL, - 0x4d2c6dfc5ac42aedULL, 0x53380d139d95b3dfULL, - 0x650a73548baf63deULL, 0x766a0abb3c77b2a8ULL, - 0x81c2c92e47edaee6ULL, 0x92722c851482353bULL, - 0xa2bfe8a14cf10364ULL, 0xa81a664bbc423001ULL, - 0xc24b8b70d0f89791ULL, 0xc76c51a30654be30ULL, - 0xd192e819d6ef5218ULL, 0xd69906245565a910ULL, - 0xf40e35855771202aULL, 0x106aa07032bbd1b8ULL, - 0x19a4c116b8d2d0c8ULL, 0x1e376c085141ab53ULL, - 0x2748774cdf8eeb99ULL, 0x34b0bcb5e19b48a8ULL, - 0x391c0cb3c5c95a63ULL, 0x4ed8aa4ae3418acbULL, - 0x5b9cca4f7763e373ULL, 0x682e6ff3d6b2b8a3ULL, - 0x748f82ee5defb2fcULL, 0x78a5636f43172f60ULL, - 0x84c87814a1f0ab72ULL, 0x8cc702081a6439ecULL, - 0x90befffa23631e28ULL, 0xa4506cebde82bde9ULL, - 0xbef9a3f7b2c67915ULL, 0xc67178f2e372532bULL, - 0xca273eceea26619cULL, 0xd186b8c721c0c207ULL, - 0xeada7dd6cde0eb1eULL, 0xf57d4f7fee6ed178ULL, - 0x06f067aa72176fbaULL, 0x0a637dc5a2c898a6ULL, - 0x113f9804bef90daeULL, 0x1b710b35131c471bULL, - 0x28db77f523047d84ULL, 0x32caab7b40c72493ULL, - 0x3c9ebe0a15c9bebcULL, 0x431d67c49c100d4cULL, - 0x4cc5d4becb3e42b6ULL, 0x597f299cfc657e2aULL, - 0x5fcb6fab3ad6faecULL, 0x6c44198c4a475817ULL -}; - -/* initial hash value H for SHA-512 */ -static const sha2_word64 sha512_initial_hash_value[8] = { - 0x6a09e667f3bcc908ULL, - 0xbb67ae8584caa73bULL, - 0x3c6ef372fe94f82bULL, - 0xa54ff53a5f1d36f1ULL, - 0x510e527fade682d1ULL, - 0x9b05688c2b3e6c1fULL, - 0x1f83d9abfb41bd6bULL, - 0x5be0cd19137e2179ULL -}; - -typedef union _ldns_sha2_buffer_union { - uint8_t* theChars; - uint64_t* theLongs; -} ldns_sha2_buffer_union; - -/*** SHA-512: *********************************************************/ -void SHA512_Init(SHA512_CTX* context) { - if (context == (SHA512_CTX*)0) { - return; - } - MEMCPY_BCOPY(context->state, sha512_initial_hash_value, SHA512_DIGEST_LENGTH); - MEMSET_BZERO(context->buffer, SHA512_BLOCK_LENGTH); - context->bitcount[0] = context->bitcount[1] = 0; -} - -static void SHA512_Transform(SHA512_CTX* context, - const sha2_word64* data) { - sha2_word64 a, b, c, d, e, f, g, h, s0, s1; - sha2_word64 T1, T2, *W512 = (sha2_word64*)context->buffer; - int j; - - /* initialize registers with the prev. intermediate value */ - a = context->state[0]; - b = context->state[1]; - c = context->state[2]; - d = context->state[3]; - e = context->state[4]; - f = context->state[5]; - g = context->state[6]; - h = context->state[7]; - - j = 0; - do { -#if BYTE_ORDER == LITTLE_ENDIAN - /* Convert TO host byte order */ - REVERSE64(*data++, W512[j]); - /* Apply the SHA-512 compression function to update a..h */ - T1 = h + Sigma1_512(e) + Ch(e, f, g) + K512[j] + W512[j]; -#else /* BYTE_ORDER == LITTLE_ENDIAN */ - /* Apply the SHA-512 compression function to update a..h with copy */ - T1 = h + Sigma1_512(e) + Ch(e, f, g) + K512[j] + (W512[j] = *data++); -#endif /* BYTE_ORDER == LITTLE_ENDIAN */ - T2 = Sigma0_512(a) + Maj(a, b, c); - h = g; - g = f; - f = e; - e = d + T1; - d = c; - c = b; - b = a; - a = T1 + T2; - - j++; - } while (j < 16); - - do { - /* Part of the message block expansion: */ - s0 = W512[(j+1)&0x0f]; - s0 = sigma0_512(s0); - s1 = W512[(j+14)&0x0f]; - s1 = sigma1_512(s1); - - /* Apply the SHA-512 compression function to update a..h */ - T1 = h + Sigma1_512(e) + Ch(e, f, g) + K512[j] + - (W512[j&0x0f] += s1 + W512[(j+9)&0x0f] + s0); - T2 = Sigma0_512(a) + Maj(a, b, c); - h = g; - g = f; - f = e; - e = d + T1; - d = c; - c = b; - b = a; - a = T1 + T2; - - j++; - } while (j < 80); - - /* Compute the current intermediate hash value */ - context->state[0] += a; - context->state[1] += b; - context->state[2] += c; - context->state[3] += d; - context->state[4] += e; - context->state[5] += f; - context->state[6] += g; - context->state[7] += h; - - /* Clean up */ - a = b = c = d = e = f = g = h = T1 = T2 = 0; -} - -void SHA512_Update(SHA512_CTX* context, void *datain, size_t len) { - size_t freespace, usedspace; - const sha2_byte* data = (const sha2_byte*)datain; - - if (len == 0) { - /* Calling with no data is valid - we do nothing */ - return; - } - - /* Sanity check: */ - assert(context != (SHA512_CTX*)0 && data != (sha2_byte*)0); - - usedspace = (context->bitcount[0] >> 3) % SHA512_BLOCK_LENGTH; - if (usedspace > 0) { - /* Calculate how much free space is available in the buffer */ - freespace = SHA512_BLOCK_LENGTH - usedspace; - - if (len >= freespace) { - /* Fill the buffer completely and process it */ - MEMCPY_BCOPY(&context->buffer[usedspace], data, freespace); - ADDINC128(context->bitcount, freespace << 3); - len -= freespace; - data += freespace; - SHA512_Transform(context, (sha2_word64*)context->buffer); - } else { - /* The buffer is not yet full */ - MEMCPY_BCOPY(&context->buffer[usedspace], data, len); - ADDINC128(context->bitcount, len << 3); - /* Clean up: */ - usedspace = freespace = 0; - return; - } - } - while (len >= SHA512_BLOCK_LENGTH) { - /* Process as many complete blocks as we can */ - SHA512_Transform(context, (sha2_word64*)data); - ADDINC128(context->bitcount, SHA512_BLOCK_LENGTH << 3); - len -= SHA512_BLOCK_LENGTH; - data += SHA512_BLOCK_LENGTH; - } - if (len > 0) { - /* There's left-overs, so save 'em */ - MEMCPY_BCOPY(context->buffer, data, len); - ADDINC128(context->bitcount, len << 3); - } - /* Clean up: */ - usedspace = freespace = 0; -} - -static void SHA512_Last(SHA512_CTX* context) { - size_t usedspace; - ldns_sha2_buffer_union cast_var; - - usedspace = (context->bitcount[0] >> 3) % SHA512_BLOCK_LENGTH; -#if BYTE_ORDER == LITTLE_ENDIAN - /* Convert FROM host byte order */ - REVERSE64(context->bitcount[0],context->bitcount[0]); - REVERSE64(context->bitcount[1],context->bitcount[1]); -#endif - if (usedspace > 0) { - /* Begin padding with a 1 bit: */ - context->buffer[usedspace++] = 0x80; - - if (usedspace <= SHA512_SHORT_BLOCK_LENGTH) { - /* Set-up for the last transform: */ - MEMSET_BZERO(&context->buffer[usedspace], SHA512_SHORT_BLOCK_LENGTH - usedspace); - } else { - if (usedspace < SHA512_BLOCK_LENGTH) { - MEMSET_BZERO(&context->buffer[usedspace], SHA512_BLOCK_LENGTH - usedspace); - } - /* Do second-to-last transform: */ - SHA512_Transform(context, (sha2_word64*)context->buffer); - - /* And set-up for the last transform: */ - MEMSET_BZERO(context->buffer, SHA512_BLOCK_LENGTH - 2); - } - } else { - /* Prepare for final transform: */ - MEMSET_BZERO(context->buffer, SHA512_SHORT_BLOCK_LENGTH); - - /* Begin padding with a 1 bit: */ - *context->buffer = 0x80; - } - /* Store the length of input data (in bits): */ - cast_var.theChars = context->buffer; - cast_var.theLongs[SHA512_SHORT_BLOCK_LENGTH / 8] = context->bitcount[1]; - cast_var.theLongs[SHA512_SHORT_BLOCK_LENGTH / 8 + 1] = context->bitcount[0]; - - /* final transform: */ - SHA512_Transform(context, (sha2_word64*)context->buffer); -} - -void SHA512_Final(sha2_byte digest[], SHA512_CTX* context) { - sha2_word64 *d = (sha2_word64*)digest; - - /* Sanity check: */ - assert(context != (SHA512_CTX*)0); - - /* If no digest buffer is passed, we don't bother doing this: */ - if (digest != (sha2_byte*)0) { - SHA512_Last(context); - - /* Save the hash data for output: */ -#if BYTE_ORDER == LITTLE_ENDIAN - { - /* Convert TO host byte order */ - int j; - for (j = 0; j < 8; j++) { - REVERSE64(context->state[j],context->state[j]); - *d++ = context->state[j]; - } - } -#else - MEMCPY_BCOPY(d, context->state, SHA512_DIGEST_LENGTH); -#endif - } - - /* Zero out state data */ - MEMSET_BZERO(context, sizeof(SHA512_CTX)); -} - -unsigned char * -SHA512(void *data, unsigned int data_len, unsigned char *digest) -{ - SHA512_CTX ctx; - SHA512_Init(&ctx); - SHA512_Update(&ctx, data, data_len); - SHA512_Final(digest, &ctx); - return digest; -} diff --git a/external/unbound/compat/snprintf.c b/external/unbound/compat/snprintf.c deleted file mode 100644 index 97cd7061f..000000000 --- a/external/unbound/compat/snprintf.c +++ /dev/null @@ -1,1037 +0,0 @@ -/* snprintf - compatibility implementation of snprintf, vsnprintf - * - * Copyright (c) 2013, NLnet Labs. All rights reserved. - * - * This software is open source. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * Redistributions of source code must retain the above copyright notice, - * this list of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, - * this list of conditions and the following disclaimer in the documentation - * and/or other materials provided with the distribution. - * - * Neither the name of the NLNET LABS nor the names of its contributors may - * be used to endorse or promote products derived from this software without - * specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR - * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT - * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED - * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR - * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF - * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING - * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -#include "config.h" -#include -#include -#include -#include -#include -#include -#ifdef HAVE_STDINT_H -#include -#endif -#include - -/* for test */ -/* #define SNPRINTF_TEST 1 */ -#ifdef SNPRINTF_TEST -#define snprintf my_snprintf -#define vsnprintf my_vsnprintf -#endif /* SNPRINTF_TEST */ - -int snprintf(char* str, size_t size, const char* format, ...); -int vsnprintf(char* str, size_t size, const char* format, va_list arg); - -/** - * Very portable snprintf implementation, limited in functionality, - * esp. for %[capital] %[nonportable] and so on. Reduced float functionality, - * mostly in formatting and range (e+-16), for %f and %g. - * - * %s, %d, %u, %i, %x, %c, %n and %% are fully supported. - * This includes width, precision, flags 0- +, and *(arg for wid,prec). - * %f, %g, %m, %p have reduced support, support for wid,prec,flags,*, but - * less floating point range, no %e formatting for %g. - */ -int snprintf(char* str, size_t size, const char* format, ...) -{ - int r; - va_list args; - va_start(args, format); - r = vsnprintf(str, size, format, args); - va_end(args); - return r; -} - -/** add padding to string */ -static void -print_pad(char** at, size_t* left, int* ret, char p, int num) -{ - while(num--) { - if(*left > 1) { - *(*at)++ = p; - (*left)--; - } - (*ret)++; - } -} - -/** get negative symbol, 0 if none */ -static char -get_negsign(int negative, int plus, int space) -{ - if(negative) - return '-'; - if(plus) - return '+'; - if(space) - return ' '; - return 0; -} - -#define PRINT_DEC_BUFSZ 32 /* 20 is enough for 64 bit decimals */ -/** print decimal into buffer, returns length */ -static int -print_dec(char* buf, int max, unsigned int value) -{ - int i = 0; - if(value == 0) { - if(max > 0) { - buf[0] = '0'; - i = 1; - } - } else while(value && i < max) { - buf[i++] = '0' + value % 10; - value /= 10; - } - return i; -} - -/** print long decimal into buffer, returns length */ -static int -print_dec_l(char* buf, int max, unsigned long value) -{ - int i = 0; - if(value == 0) { - if(max > 0) { - buf[0] = '0'; - i = 1; - } - } else while(value && i < max) { - buf[i++] = '0' + value % 10; - value /= 10; - } - return i; -} - -/** print long decimal into buffer, returns length */ -static int -print_dec_ll(char* buf, int max, unsigned long long value) -{ - int i = 0; - if(value == 0) { - if(max > 0) { - buf[0] = '0'; - i = 1; - } - } else while(value && i < max) { - buf[i++] = '0' + value % 10; - value /= 10; - } - return i; -} - -/** print hex into buffer, returns length */ -static int -print_hex(char* buf, int max, unsigned int value) -{ - const char* h = "0123456789abcdef"; - int i = 0; - if(value == 0) { - if(max > 0) { - buf[0] = '0'; - i = 1; - } - } else while(value && i < max) { - buf[i++] = h[value & 0x0f]; - value >>= 4; - } - return i; -} - -/** print long hex into buffer, returns length */ -static int -print_hex_l(char* buf, int max, unsigned long value) -{ - const char* h = "0123456789abcdef"; - int i = 0; - if(value == 0) { - if(max > 0) { - buf[0] = '0'; - i = 1; - } - } else while(value && i < max) { - buf[i++] = h[value & 0x0f]; - value >>= 4; - } - return i; -} - -/** print long long hex into buffer, returns length */ -static int -print_hex_ll(char* buf, int max, unsigned long long value) -{ - const char* h = "0123456789abcdef"; - int i = 0; - if(value == 0) { - if(max > 0) { - buf[0] = '0'; - i = 1; - } - } else while(value && i < max) { - buf[i++] = h[value & 0x0f]; - value >>= 4; - } - return i; -} - -/** copy string into result, reversed */ -static void -spool_str_rev(char** at, size_t* left, int* ret, const char* buf, int len) -{ - int i = len; - while(i) { - if(*left > 1) { - *(*at)++ = buf[--i]; - (*left)--; - } else --i; - (*ret)++; - } -} - -/** copy string into result */ -static void -spool_str(char** at, size_t* left, int* ret, const char* buf, int len) -{ - int i; - for(i=0; i 1) { - *(*at)++ = buf[i]; - (*left)--; - } - (*ret)++; - } -} - -/** print number formatted */ -static void -print_num(char** at, size_t* left, int* ret, int minw, int precision, - int prgiven, int zeropad, int minus, int plus, int space, - int zero, int negative, char* buf, int len) -{ - int w = len; /* excludes minus sign */ - char s = get_negsign(negative, plus, space); - if(minus) { - /* left adjust the number into the field, space padding */ - /* calc numw = [sign][zeroes][number] */ - int numw = w; - if(precision == 0 && zero) numw = 0; - if(numw < precision) numw = precision; - if(s) numw++; - - /* sign */ - if(s) print_pad(at, left, ret, s, 1); - - /* number */ - if(precision == 0 && zero) { - /* "" for the number */ - } else { - if(w < precision) - print_pad(at, left, ret, '0', precision - w); - spool_str_rev(at, left, ret, buf, len); - } - /* spaces */ - if(numw < minw) - print_pad(at, left, ret, ' ', minw - numw); - } else { - /* pad on the left of the number */ - /* calculate numw has width of [sign][zeroes][number] */ - int numw = w; - if(precision == 0 && zero) numw = 0; - if(numw < precision) numw = precision; - if(!prgiven && zeropad && numw < minw) numw = minw; - else if(s) numw++; - - /* pad with spaces */ - if(numw < minw) - print_pad(at, left, ret, ' ', minw - numw); - /* print sign (and one less zeropad if so) */ - if(s) { - print_pad(at, left, ret, s, 1); - numw--; - } - /* pad with zeroes */ - if(w < numw) - print_pad(at, left, ret, '0', numw - w); - if(precision == 0 && zero) - return; - /* print the characters for the value */ - spool_str_rev(at, left, ret, buf, len); - } -} - -/** print %d and %i */ -static void -print_num_d(char** at, size_t* left, int* ret, int value, - int minw, int precision, int prgiven, int zeropad, int minus, - int plus, int space) -{ - char buf[PRINT_DEC_BUFSZ]; - int negative = (value < 0); - int zero = (value == 0); - int len = print_dec(buf, (int)sizeof(buf), - (unsigned int)(negative?-value:value)); - print_num(at, left, ret, minw, precision, prgiven, zeropad, minus, - plus, space, zero, negative, buf, len); -} - -/** print %ld and %li */ -static void -print_num_ld(char** at, size_t* left, int* ret, long value, - int minw, int precision, int prgiven, int zeropad, int minus, - int plus, int space) -{ - char buf[PRINT_DEC_BUFSZ]; - int negative = (value < 0); - int zero = (value == 0); - int len = print_dec_l(buf, (int)sizeof(buf), - (unsigned long)(negative?-value:value)); - print_num(at, left, ret, minw, precision, prgiven, zeropad, minus, - plus, space, zero, negative, buf, len); -} - -/** print %lld and %lli */ -static void -print_num_lld(char** at, size_t* left, int* ret, long long value, - int minw, int precision, int prgiven, int zeropad, int minus, - int plus, int space) -{ - char buf[PRINT_DEC_BUFSZ]; - int negative = (value < 0); - int zero = (value == 0); - int len = print_dec_ll(buf, (int)sizeof(buf), - (unsigned long long)(negative?-value:value)); - print_num(at, left, ret, minw, precision, prgiven, zeropad, minus, - plus, space, zero, negative, buf, len); -} - -/** print %u */ -static void -print_num_u(char** at, size_t* left, int* ret, unsigned int value, - int minw, int precision, int prgiven, int zeropad, int minus, - int plus, int space) -{ - char buf[PRINT_DEC_BUFSZ]; - int negative = 0; - int zero = (value == 0); - int len = print_dec(buf, (int)sizeof(buf), value); - print_num(at, left, ret, minw, precision, prgiven, zeropad, minus, - plus, space, zero, negative, buf, len); -} - -/** print %lu */ -static void -print_num_lu(char** at, size_t* left, int* ret, unsigned long value, - int minw, int precision, int prgiven, int zeropad, int minus, - int plus, int space) -{ - char buf[PRINT_DEC_BUFSZ]; - int negative = 0; - int zero = (value == 0); - int len = print_dec_l(buf, (int)sizeof(buf), value); - print_num(at, left, ret, minw, precision, prgiven, zeropad, minus, - plus, space, zero, negative, buf, len); -} - -/** print %llu */ -static void -print_num_llu(char** at, size_t* left, int* ret, unsigned long long value, - int minw, int precision, int prgiven, int zeropad, int minus, - int plus, int space) -{ - char buf[PRINT_DEC_BUFSZ]; - int negative = 0; - int zero = (value == 0); - int len = print_dec_ll(buf, (int)sizeof(buf), value); - print_num(at, left, ret, minw, precision, prgiven, zeropad, minus, - plus, space, zero, negative, buf, len); -} - -/** print %x */ -static void -print_num_x(char** at, size_t* left, int* ret, unsigned int value, - int minw, int precision, int prgiven, int zeropad, int minus, - int plus, int space) -{ - char buf[PRINT_DEC_BUFSZ]; - int negative = 0; - int zero = (value == 0); - int len = print_hex(buf, (int)sizeof(buf), value); - print_num(at, left, ret, minw, precision, prgiven, zeropad, minus, - plus, space, zero, negative, buf, len); -} - -/** print %lx */ -static void -print_num_lx(char** at, size_t* left, int* ret, unsigned long value, - int minw, int precision, int prgiven, int zeropad, int minus, - int plus, int space) -{ - char buf[PRINT_DEC_BUFSZ]; - int negative = 0; - int zero = (value == 0); - int len = print_hex_l(buf, (int)sizeof(buf), value); - print_num(at, left, ret, minw, precision, prgiven, zeropad, minus, - plus, space, zero, negative, buf, len); -} - -/** print %llx */ -static void -print_num_llx(char** at, size_t* left, int* ret, unsigned long long value, - int minw, int precision, int prgiven, int zeropad, int minus, - int plus, int space) -{ - char buf[PRINT_DEC_BUFSZ]; - int negative = 0; - int zero = (value == 0); - int len = print_hex_ll(buf, (int)sizeof(buf), value); - print_num(at, left, ret, minw, precision, prgiven, zeropad, minus, - plus, space, zero, negative, buf, len); -} - -/** print %llp */ -static void -print_num_llp(char** at, size_t* left, int* ret, void* value, - int minw, int precision, int prgiven, int zeropad, int minus, - int plus, int space) -{ - char buf[PRINT_DEC_BUFSZ]; - int negative = 0; - int zero = (value == 0); -#if defined(SIZE_MAX) && defined(UINT32_MAX) && (UINT32_MAX == SIZE_MAX || INT32_MAX == SIZE_MAX) - /* avoid warning about upcast on 32bit systems */ - unsigned long long llvalue = (unsigned long)value; -#else - unsigned long long llvalue = (unsigned long long)value; -#endif - int len = print_hex_ll(buf, (int)sizeof(buf), llvalue); - if(zero) { - buf[0]=')'; - buf[1]='l'; - buf[2]='i'; - buf[3]='n'; - buf[4]='('; - len = 5; - } else { - /* put '0x' in front of the (reversed) buffer result */ - if(len < PRINT_DEC_BUFSZ) - buf[len++] = 'x'; - if(len < PRINT_DEC_BUFSZ) - buf[len++] = '0'; - } - print_num(at, left, ret, minw, precision, prgiven, zeropad, minus, - plus, space, zero, negative, buf, len); -} - -#define PRINT_FLOAT_BUFSZ 64 /* xx.yy with 20.20 about the max */ -/** spool remainder after the decimal point to buffer, in reverse */ -static int -print_remainder(char* buf, int max, double r, int prec) -{ - unsigned long long cap = 1; - unsigned long long value; - int len, i; - if(prec > 19) prec = 19; /* max we can do */ - if(max < prec) return 0; - for(i=0; i= 5) { - value++; - /* that might carry to numbers before the comma, if so, - * just ignore that rounding. failure because 64bitprintout */ - if(value >= cap) - value = cap-1; - } - len = print_dec_ll(buf, max, value); - while(len < prec) { /* pad with zeroes, e.g. if 0.0012 */ - buf[len++] = '0'; - } - if(len < max) - buf[len++] = '.'; - return len; -} - -/** spool floating point to buffer */ -static int -print_float(char* buf, int max, double value, int prec) -{ - /* as xxx.xxx if prec==0, no '.', with prec decimals after . */ - /* no conversion for NAN and INF, because we do not want to require - linking with -lm. */ - /* Thus, the conversions use 64bit integers to convert the numbers, - * which makes 19 digits before and after the decimal point the max */ - unsigned long long whole = (unsigned long long)value; - double remain = value - (double)whole; - int len = 0; - if(prec != 0) - len = print_remainder(buf, max, remain, prec); - len += print_dec_ll(buf+len, max-len, whole); - return len; -} - -/** print %f */ -static void -print_num_f(char** at, size_t* left, int* ret, double value, - int minw, int precision, int prgiven, int zeropad, int minus, - int plus, int space) -{ - char buf[PRINT_FLOAT_BUFSZ]; - int negative = (value < 0); - int zero = 0; - int len; - if(!prgiven) precision = 6; - len = print_float(buf, (int)sizeof(buf), negative?-value:value, - precision); - print_num(at, left, ret, minw, 1, 0, zeropad, minus, - plus, space, zero, negative, buf, len); -} - -/* rudimentary %g support */ -static int -print_float_g(char* buf, int max, double value, int prec) -{ - unsigned long long whole = (unsigned long long)value; - double remain = value - (double)whole; - int before = 0; - int len = 0; - - /* number of digits before the decimal point */ - while(whole > 0) { - before++; - whole /= 10; - } - whole = (unsigned long long)value; - - if(prec > before && remain != 0.0) { - /* see if the last decimals are zero, if so, skip them */ - len = print_remainder(buf, max, remain, prec-before); - while(len > 0 && buf[0]=='0') { - memmove(buf, buf+1, --len); - } - } - len += print_dec_ll(buf+len, max-len, whole); - return len; -} - - -/** print %g */ -static void -print_num_g(char** at, size_t* left, int* ret, double value, - int minw, int precision, int prgiven, int zeropad, int minus, - int plus, int space) -{ - char buf[PRINT_FLOAT_BUFSZ]; - int negative = (value < 0); - int zero = 0; - int len; - if(!prgiven) precision = 6; - if(precision == 0) precision = 1; - len = print_float_g(buf, (int)sizeof(buf), negative?-value:value, - precision); - print_num(at, left, ret, minw, 1, 0, zeropad, minus, - plus, space, zero, negative, buf, len); -} - - -/** strnlen (compat implementation) */ -static int -my_strnlen(const char* s, int max) -{ - int i; - for(i=0; i 1) { - *at++ = *fmt++; - left--; - } else fmt++; - ret++; - } - - /* see if we are at end */ - if(!*fmt) break; - - /* fetch next argument % designation from format string */ - fmt++; /* skip the '%' */ - - /********************************/ - /* get the argument designation */ - /********************************/ - /* we must do this vararg stuff inside this function for - * portability. Hence, get_designation, and print_designation - * are not their own functions. */ - - /* printout designation: - * conversion specifier: x, d, u, s, c, n, m, p - * flags: # not supported - * 0 zeropad (on the left) - * - left adjust (right by default) - * ' ' printspace for positive number (in - position). - * + alwayssign - * fieldwidth: [1-9][0-9]* minimum field width. - * if this is * then type int next argument specifies the minwidth. - * if this is negative, the - flag is set (with positive width). - * precision: period[digits]*, %.2x. - * if this is * then type int next argument specifies the precision. - * just '.' or negative value means precision=0. - * this is mindigits to print for d, i, u, x - * this is aftercomma digits for f - * this is max number significant digits for g - * maxnumber characters to be printed for s - * length: 0-none (int), 1-l (long), 2-ll (long long) - * notsupported: hh (char), h (short), L (long double), q, j, z, t - * Does not support %m$ and *m$ argument designation as array indices. - * Does not support %#x - * - */ - minw = 0; - precision = 1; - prgiven = 0; - zeropad = 0; - minus = 0; - plus = 0; - space = 0; - length = 0; - - /* get flags in any order */ - for(;;) { - if(*fmt == '0') - zeropad = 1; - else if(*fmt == '-') - minus = 1; - else if(*fmt == '+') - plus = 1; - else if(*fmt == ' ') - space = 1; - else break; - fmt++; - } - - /* field width */ - if(*fmt == '*') { - fmt++; /* skip char */ - minw = va_arg(arg, int); - if(minw < 0) { - minus = 1; - minw = -minw; - } - } else while(*fmt >= '0' && *fmt <= '9') { - minw = minw*10 + (*fmt++)-'0'; - } - - /* precision */ - if(*fmt == '.') { - fmt++; /* skip period */ - prgiven = 1; - precision = 0; - if(*fmt == '*') { - fmt++; /* skip char */ - precision = va_arg(arg, int); - if(precision < 0) - precision = 0; - } else while(*fmt >= '0' && *fmt <= '9') { - precision = precision*10 + (*fmt++)-'0'; - } - } - - /* length */ - if(*fmt == 'l') { - fmt++; /* skip char */ - length = 1; - if(*fmt == 'l') { - fmt++; /* skip char */ - length = 2; - } - } - - /* get the conversion */ - if(!*fmt) conv = 0; - else conv = *fmt++; - - /***********************************/ - /* print that argument designation */ - /***********************************/ - switch(conv) { - case 'i': - case 'd': - if(length == 0) - print_num_d(&at, &left, &ret, va_arg(arg, int), - minw, precision, prgiven, zeropad, minus, plus, space); - else if(length == 1) - print_num_ld(&at, &left, &ret, va_arg(arg, long), - minw, precision, prgiven, zeropad, minus, plus, space); - else if(length == 2) - print_num_lld(&at, &left, &ret, - va_arg(arg, long long), - minw, precision, prgiven, zeropad, minus, plus, space); - break; - case 'u': - if(length == 0) - print_num_u(&at, &left, &ret, - va_arg(arg, unsigned int), - minw, precision, prgiven, zeropad, minus, plus, space); - else if(length == 1) - print_num_lu(&at, &left, &ret, - va_arg(arg, unsigned long), - minw, precision, prgiven, zeropad, minus, plus, space); - else if(length == 2) - print_num_llu(&at, &left, &ret, - va_arg(arg, unsigned long long), - minw, precision, prgiven, zeropad, minus, plus, space); - break; - case 'x': - if(length == 0) - print_num_x(&at, &left, &ret, - va_arg(arg, unsigned int), - minw, precision, prgiven, zeropad, minus, plus, space); - else if(length == 1) - print_num_lx(&at, &left, &ret, - va_arg(arg, unsigned long), - minw, precision, prgiven, zeropad, minus, plus, space); - else if(length == 2) - print_num_llx(&at, &left, &ret, - va_arg(arg, unsigned long long), - minw, precision, prgiven, zeropad, minus, plus, space); - break; - case 's': - print_str(&at, &left, &ret, va_arg(arg, char*), - minw, precision, prgiven, minus); - break; - case 'c': - print_char(&at, &left, &ret, va_arg(arg, int), - minw, minus); - break; - case 'n': - *va_arg(arg, int*) = ret; - break; - case 'm': - print_str(&at, &left, &ret, strerror(errno), - minw, precision, prgiven, minus); - break; - case 'p': - print_num_llp(&at, &left, &ret, va_arg(arg, void*), - minw, precision, prgiven, zeropad, minus, plus, space); - break; - case '%': - print_pad(&at, &left, &ret, '%', 1); - break; - case 'f': - print_num_f(&at, &left, &ret, va_arg(arg, double), - minw, precision, prgiven, zeropad, minus, plus, space); - break; - case 'g': - print_num_g(&at, &left, &ret, va_arg(arg, double), - minw, precision, prgiven, zeropad, minus, plus, space); - break; - /* unknown */ - default: - case 0: break; - } - } - - /* zero terminate */ - if(left > 0) - *at = 0; - return ret; -} - -#ifdef SNPRINTF_TEST - -/** do tests */ -#undef snprintf -#define DOTEST(bufsz, result, retval, ...) do { \ - char buf[bufsz]; \ - printf("now test %s\n", #__VA_ARGS__); \ - int r=my_snprintf(buf, sizeof(buf), __VA_ARGS__); \ - if(r != retval || strcmp(buf, result) != 0) { \ - printf("error test(%s) was \"%s\":%d\n", \ - ""#bufsz", "#result", "#retval", "#__VA_ARGS__, \ - buf, r); \ - exit(1); \ - } \ - r=snprintf(buf, sizeof(buf), __VA_ARGS__); \ - if(r != retval || strcmp(buf, result) != 0) { \ - printf("error test(%s) differs with system, \"%s\":%d\n", \ - ""#bufsz", "#result", "#retval", "#__VA_ARGS__, \ - buf, r); \ - exit(1); \ - } \ - printf("test(\"%s\":%d) passed\n", buf, r); \ - } while(0); - -/** test program */ -int main(void) -{ - int x = 0; - - /* bufsize, expectedstring, expectedretval, snprintf arguments */ - DOTEST(1024, "hello", 5, "hello"); - DOTEST(1024, "h", 1, "h"); - /* warning from gcc for format string, but it does work - * DOTEST(1024, "", 0, ""); */ - - DOTEST(3, "he", 5, "hello"); - DOTEST(1, "", 7, "%d", 7823089); - - /* test positive numbers */ - DOTEST(1024, "0", 1, "%d", 0); - DOTEST(1024, "1", 1, "%d", 1); - DOTEST(1024, "9", 1, "%d", 9); - DOTEST(1024, "15", 2, "%d", 15); - DOTEST(1024, "ab15cd", 6, "ab%dcd", 15); - DOTEST(1024, "167", 3, "%d", 167); - DOTEST(1024, "7823089", 7, "%d", 7823089); - DOTEST(1024, " 12", 3, "%3d", 12); - DOTEST(1024, "012", 3, "%.3d", 12); - DOTEST(1024, "012", 3, "%3.3d", 12); - DOTEST(1024, "012", 3, "%03d", 12); - DOTEST(1024, " 012", 4, "%4.3d", 12); - DOTEST(1024, "", 0, "%.0d", 0); - - /* test negative numbers */ - DOTEST(1024, "-1", 2, "%d", -1); - DOTEST(1024, "-12", 3, "%3d", -12); - DOTEST(1024, " -2", 3, "%3d", -2); - DOTEST(1024, "-012", 4, "%.3d", -12); - DOTEST(1024, "-012", 4, "%3.3d", -12); - DOTEST(1024, "-012", 4, "%4.3d", -12); - DOTEST(1024, " -012", 5, "%5.3d", -12); - DOTEST(1024, "-12", 3, "%03d", -12); - DOTEST(1024, "-02", 3, "%03d", -2); - DOTEST(1024, "-15", 3, "%d", -15); - DOTEST(1024, "-7307", 5, "%d", -7307); - DOTEST(1024, "-12 ", 5, "%-5d", -12); - DOTEST(1024, "-00012", 6, "%-.5d", -12); - - /* test + and space flags */ - DOTEST(1024, "+12", 3, "%+d", 12); - DOTEST(1024, " 12", 3, "% d", 12); - - /* test %u */ - DOTEST(1024, "12", 2, "%u", 12); - DOTEST(1024, "0", 1, "%u", 0); - DOTEST(1024, "4294967295", 10, "%u", 0xffffffff); - - /* test %x */ - DOTEST(1024, "0", 1, "%x", 0); - DOTEST(1024, "c", 1, "%x", 12); - DOTEST(1024, "12ab34cd", 8, "%x", 0x12ab34cd); - - /* test %llu, %lld */ - DOTEST(1024, "18446744073709551615", 20, "%llu", - (long long)0xffffffffffffffff); - DOTEST(1024, "-9223372036854775808", 20, "%lld", - (long long)0x8000000000000000); - DOTEST(1024, "9223372036854775808", 19, "%llu", - (long long)0x8000000000000000); - - /* test %s */ - DOTEST(1024, "hello", 5, "%s", "hello"); - DOTEST(1024, " hello", 10, "%10s", "hello"); - DOTEST(1024, "hello ", 10, "%-10s", "hello"); - DOTEST(1024, "he", 2, "%.2s", "hello"); - DOTEST(1024, " he", 4, "%4.2s", "hello"); - DOTEST(1024, " h", 4, "%4.2s", "h"); - - /* test %c */ - DOTEST(1024, "a", 1, "%c", 'a'); - /* warning from gcc for format string, but it does work - DOTEST(1024, " a", 5, "%5c", 'a'); - DOTEST(1024, "a", 1, "%.0c", 'a'); */ - - /* test %n */ - DOTEST(1024, "hello", 5, "hello%n", &x); - if(x != 5) { printf("the %%n failed\n"); exit(1); } - - /* test %m */ - errno = 0; - DOTEST(1024, "Success", 7, "%m"); - - /* test %p */ - DOTEST(1024, "0x10", 4, "%p", (void*)0x10); - DOTEST(1024, "(nil)", 5, "%p", (void*)0x0); - - /* test %% */ - DOTEST(1024, "%", 1, "%%"); - - /* test %f */ - DOTEST(1024, "0.000000", 8, "%f", 0.0); - DOTEST(1024, "0.00", 4, "%.2f", 0.0); - /* differs, "-0.00" DOTEST(1024, "0.00", 4, "%.2f", -0.0); */ - DOTEST(1024, "234.00", 6, "%.2f", 234.005); - DOTEST(1024, "8973497.1246", 12, "%.4f", 8973497.12456); - DOTEST(1024, "-12.000000", 10, "%f", -12.0); - DOTEST(1024, "6", 1, "%.0f", 6.0); - - DOTEST(1024, "6", 1, "%g", 6.0); - DOTEST(1024, "6.1", 3, "%g", 6.1); - DOTEST(1024, "6.15", 4, "%g", 6.15); - - /* These format strings are from the code of NSD, Unbound, ldns */ - - DOTEST(1024, "abcdef", 6, "%s", "abcdef"); - DOTEST(1024, "005", 3, "%03u", 5); - DOTEST(1024, "12345", 5, "%03u", 12345); - DOTEST(1024, "5", 1, "%d", 5); - DOTEST(1024, "(nil)", 5, "%p", NULL); - DOTEST(1024, "12345", 5, "%ld", (long)12345); - DOTEST(1024, "12345", 5, "%lu", (long)12345); - DOTEST(1024, " 12345", 12, "%12u", (unsigned)12345); - DOTEST(1024, "12345", 5, "%u", (unsigned)12345); - DOTEST(1024, "12345", 5, "%llu", (unsigned long long)12345); - DOTEST(1024, "12345", 5, "%x", 0x12345); - DOTEST(1024, "12345", 5, "%llx", (long long)0x12345); - DOTEST(1024, "012345", 6, "%6.6d", 12345); - DOTEST(1024, "012345", 6, "%6.6u", 12345); - DOTEST(1024, "1234.54", 7, "%g", 1234.54); - DOTEST(1024, "123456789.54", 12, "%.12g", 123456789.54); - DOTEST(1024, "3456789123456.54", 16, "%.16g", 3456789123456.54); - /* %24g does not work with 24 digits, not enough accuracy, - * the first 16 digits are correct */ - DOTEST(1024, "12345", 5, "%3.3d", 12345); - DOTEST(1024, "000", 3, "%3.3d", 0); - DOTEST(1024, "001", 3, "%3.3d", 1); - DOTEST(1024, "012", 3, "%3.3d", 12); - DOTEST(1024, "-012", 4, "%3.3d", -12); - DOTEST(1024, "he", 2, "%.2s", "hello"); - DOTEST(1024, "helloworld", 10, "%s%s", "hello", "world"); - DOTEST(1024, "he", 2, "%.*s", 2, "hello"); - DOTEST(1024, " hello", 7, "%*s", 7, "hello"); - DOTEST(1024, "hello ", 7, "%*s", -7, "hello"); - DOTEST(1024, "0", 1, "%c", '0'); - DOTEST(1024, "A", 1, "%c", 'A'); - DOTEST(1024, "", 1, "%c", 0); - DOTEST(1024, "\010", 1, "%c", 8); - DOTEST(1024, "%", 1, "%%"); - DOTEST(1024, "0a", 2, "%02x", 0x0a); - DOTEST(1024, "bd", 2, "%02x", 0xbd); - DOTEST(1024, "12", 2, "%02ld", (long)12); - DOTEST(1024, "02", 2, "%02ld", (long)2); - DOTEST(1024, "02", 2, "%02u", (unsigned)2); - DOTEST(1024, "765432", 6, "%05u", (unsigned)765432); - DOTEST(1024, "10.234", 6, "%0.3f", 10.23421); - DOTEST(1024, "123456.234", 10, "%0.3f", 123456.23421); - DOTEST(1024, "123456789.234", 13, "%0.3f", 123456789.23421); - DOTEST(1024, "123456.23", 9, "%.2f", 123456.23421); - DOTEST(1024, "123456", 6, "%.0f", 123456.23421); - DOTEST(1024, "0123", 4, "%.4x", 0x0123); - DOTEST(1024, "00000123", 8, "%.8x", 0x0123); - DOTEST(1024, "ffeb0cde", 8, "%.8x", 0xffeb0cde); - DOTEST(1024, " 987654321", 10, "%10lu", (unsigned long)987654321); - DOTEST(1024, " 987654321", 12, "%12lu", (unsigned long)987654321); - DOTEST(1024, "987654321", 9, "%i", 987654321); - DOTEST(1024, "-87654321", 9, "%i", -87654321); - DOTEST(1024, "hello ", 16, "%-16s", "hello"); - DOTEST(1024, " ", 16, "%-16s", ""); - DOTEST(1024, "a ", 16, "%-16s", "a"); - DOTEST(1024, "foobarfoobar ", 16, "%-16s", "foobarfoobar"); - DOTEST(1024, "foobarfoobarfoobar", 18, "%-16s", "foobarfoobarfoobar"); - - /* combined expressions */ - DOTEST(1024, "foo 1.0 size 512 edns", 21, - "foo %s size %d %s%s", "1.0", 512, "", "edns"); - DOTEST(15, "foo 1.0 size 5", 21, - "foo %s size %d %s%s", "1.0", 512, "", "edns"); - DOTEST(1024, "packet 1203ceff id", 18, - "packet %2.2x%2.2x%2.2x%2.2x id", 0x12, 0x03, 0xce, 0xff); - DOTEST(1024, "/tmp/testbound_123abcd.tmp", 26, "/tmp/testbound_%u%s%s.tmp", 123, "ab", "cd"); - - return 0; -} -#endif /* SNPRINTF_TEST */ diff --git a/external/unbound/compat/strlcat.c b/external/unbound/compat/strlcat.c deleted file mode 100644 index 0bea9250b..000000000 --- a/external/unbound/compat/strlcat.c +++ /dev/null @@ -1,73 +0,0 @@ -/* compat/strlcat.c */ - -/*- - * Copyright (c) 1998 Todd C. Miller - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. The name of the author may not be used to endorse or promote products - * derived from this software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL - * THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, - * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, - * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; - * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, - * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR - * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF - * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -/* OPENBSD ORIGINAL: lib/libc/string/strlcat.c */ - -#include "config.h" -#ifndef HAVE_STRLCAT - -#include -#include - -/* - * Appends src to string dst of size siz (unlike strncat, siz is the - * full size of dst, not space left). At most siz-1 characters - * will be copied. Always NUL terminates (unless siz <= strlen(dst)). - * Returns strlen(src) + MIN(siz, strlen(initial dst)). - * If retval >= siz, truncation occurred. - */ -size_t -strlcat(char *dst, const char *src, size_t siz) -{ - char *d = dst; - const char *s = src; - size_t n = siz; - size_t dlen; - - /* Find the end of dst and adjust bytes left but don't go past end */ - while (n-- != 0 && *d != '\0') - d++; - dlen = d - dst; - n = siz - dlen; - - if (n == 0) - return(dlen + strlen(s)); - while (*s != '\0') { - if (n != 1) { - *d++ = *s; - n--; - } - s++; - } - *d = '\0'; - - return(dlen + (s - src)); /* count does not include NUL */ -} - -#endif /* !HAVE_STRLCAT */ diff --git a/external/unbound/compat/strlcpy.c b/external/unbound/compat/strlcpy.c deleted file mode 100644 index acd306a15..000000000 --- a/external/unbound/compat/strlcpy.c +++ /dev/null @@ -1,57 +0,0 @@ -/* from openssh 4.3p2 compat/strlcpy.c */ -/* - * Copyright (c) 1998 Todd C. Miller - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR - * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN - * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF - * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ - -/* OPENBSD ORIGINAL: lib/libc/string/strlcpy.c */ - -#include -#ifndef HAVE_STRLCPY - -#include -#include - -/* - * Copy src to string dst of size siz. At most siz-1 characters - * will be copied. Always NUL terminates (unless siz == 0). - * Returns strlen(src); if retval >= siz, truncation occurred. - */ -size_t -strlcpy(char *dst, const char *src, size_t siz) -{ - char *d = dst; - const char *s = src; - size_t n = siz; - - /* Copy as many bytes as will fit */ - if (n != 0 && --n != 0) { - do { - if ((*d++ = *s++) == 0) - break; - } while (--n != 0); - } - - /* Not enough room in dst, add NUL and traverse rest of src */ - if (n == 0) { - if (siz != 0) - *d = '\0'; /* NUL-terminate dst */ - while (*s++) - ; - } - - return(s - src - 1); /* count does not include NUL */ -} - -#endif /* !HAVE_STRLCPY */ diff --git a/external/unbound/compat/strptime.c b/external/unbound/compat/strptime.c deleted file mode 100644 index 10ec31574..000000000 --- a/external/unbound/compat/strptime.c +++ /dev/null @@ -1,345 +0,0 @@ -/** strptime workaround (for oa macos leopard) - * This strptime follows the man strptime (2001-11-12) - * conforming to SUSv2, POSIX.1-2001 - * - * This very simple version of strptime has no: - * - E alternatives - * - O alternatives - * - Glibc additions - * - Does not process week numbers - * - Does not properly processes year day - * - * LICENSE - * Copyright (c) 2008, NLnet Labs, Matthijs Mekking - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions are met: - * * Redistributions of source code must retain the above copyright notice, - * this list of conditions and the following disclaimer. - * * Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * * Neither the name of NLnetLabs nor the names of its - * contributors may be used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE - * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR - * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - * POSSIBILITY OF SUCH DAMAGE. - **/ - -#include "config.h" - -#ifndef HAVE_CONFIG_H -#include -#endif - -#ifndef STRPTIME_WORKS - -#define TM_YEAR_BASE 1900 - -#include -#include - -static const char *abb_weekdays[] = { - "Sun", "Mon", "Tue", "Wed", "Thu", "Fri", "Sat", NULL -}; -static const char *full_weekdays[] = { - "Sunday", "Monday", "Tuesday", "Wednesday", - "Thursday", "Friday", "Saturday", NULL -}; -static const char *abb_months[] = { - "Jan", "Feb", "Mar", "Apr", "May", "Jun", - "Jul", "Aug", "Sep", "Oct", "Nov", "Dec", NULL -}; -static const char *full_months[] = { - "January", "February", "March", "April", "May", "June", - "July", "August", "September", "October", "November", "December", NULL -}; -static const char *ampm[] = { - "am", "pm", NULL -}; - -static int -match_string(const char **buf, const char **strs) -{ - int i = 0; - - for (i = 0; strs[i] != NULL; i++) { - int len = strlen(strs[i]); - if (strncasecmp (*buf, strs[i], len) == 0) { - *buf += len; - return i; - } - } - return -1; -} - -static int -str2int(const char **buf, int max) -{ - int ret=0, count=0; - - while (*buf[0] != '\0' && isdigit((unsigned char)*buf[0]) && counttm_wday = ret; - break; - case 'b': /* month name, abbreviated or full */ - case 'B': - case 'h': - ret = match_string(&s, full_months); - if (ret < 0) - ret = match_string(&s, abb_months); - if (ret < 0) { - return NULL; - } - tm->tm_mon = ret; - break; - case 'c': /* date and time representation */ - if (!(s = unbound_strptime(s, "%x %X", tm))) { - return NULL; - } - break; - case 'C': /* century number */ - ret = str2int(&s, 2); - if (ret < 0 || ret > 99) { /* must be in [00,99] */ - return NULL; - } - - if (split_year) { - tm->tm_year = ret*100 + (tm->tm_year%100); - } - else { - tm->tm_year = ret*100 - TM_YEAR_BASE; - split_year = 1; - } - break; - case 'd': /* day of month */ - case 'e': - ret = str2int(&s, 2); - if (ret < 1 || ret > 31) { /* must be in [01,31] */ - return NULL; - } - tm->tm_mday = ret; - break; - case 'D': /* equivalent to %m/%d/%y */ - if (!(s = unbound_strptime(s, "%m/%d/%y", tm))) { - return NULL; - } - break; - case 'H': /* hour */ - ret = str2int(&s, 2); - if (ret < 0 || ret > 23) { /* must be in [00,23] */ - return NULL; - } - tm->tm_hour = ret; - break; - case 'I': /* 12hr clock hour */ - ret = str2int(&s, 2); - if (ret < 1 || ret > 12) { /* must be in [01,12] */ - return NULL; - } - if (ret == 12) /* actually [0,11] */ - ret = 0; - tm->tm_hour = ret; - break; - case 'j': /* day of year */ - ret = str2int(&s, 2); - if (ret < 1 || ret > 366) { /* must be in [001,366] */ - return NULL; - } - tm->tm_yday = ret; - break; - case 'm': /* month */ - ret = str2int(&s, 2); - if (ret < 1 || ret > 12) { /* must be in [01,12] */ - return NULL; - } - /* months go from 0-11 */ - tm->tm_mon = (ret-1); - break; - case 'M': /* minute */ - ret = str2int(&s, 2); - if (ret < 0 || ret > 59) { /* must be in [00,59] */ - return NULL; - } - tm->tm_min = ret; - break; - case 'n': /* arbitrary whitespace */ - case 't': - while (isspace((unsigned char)*s)) - s++; - break; - case 'p': /* am pm */ - ret = match_string(&s, ampm); - if (ret < 0) { - return NULL; - } - if (tm->tm_hour < 0 || tm->tm_hour > 11) { /* %I */ - return NULL; - } - - if (ret == 1) /* pm */ - tm->tm_hour += 12; - break; - case 'r': /* equivalent of %I:%M:%S %p */ - if (!(s = unbound_strptime(s, "%I:%M:%S %p", tm))) { - return NULL; - } - break; - case 'R': /* equivalent of %H:%M */ - if (!(s = unbound_strptime(s, "%H:%M", tm))) { - return NULL; - } - break; - case 'S': /* seconds */ - ret = str2int(&s, 2); - /* 60 may occur for leap seconds */ - /* earlier 61 was also allowed */ - if (ret < 0 || ret > 60) { /* must be in [00,60] */ - return NULL; - } - tm->tm_sec = ret; - break; - case 'T': /* equivalent of %H:%M:%S */ - if (!(s = unbound_strptime(s, "%H:%M:%S", tm))) { - return NULL; - } - break; - case 'U': /* week number, with the first Sun of Jan being w1 */ - ret = str2int(&s, 2); - if (ret < 0 || ret > 53) { /* must be in [00,53] */ - return NULL; - } - /** it is hard (and not necessary for nsd) to determine time - * data from week number. - **/ - break; - case 'w': /* day of week */ - ret = str2int(&s, 1); - if (ret < 0 || ret > 6) { /* must be in [0,6] */ - return NULL; - } - tm->tm_wday = ret; - break; - case 'W': /* week number, with the first Mon of Jan being w1 */ - ret = str2int(&s, 2); - if (ret < 0 || ret > 53) { /* must be in [00,53] */ - return NULL; - } - /** it is hard (and not necessary for nsd) to determine time - * data from week number. - **/ - break; - case 'x': /* date format */ - if (!(s = unbound_strptime(s, "%m/%d/%y", tm))) { - return NULL; - } - break; - case 'X': /* time format */ - if (!(s = unbound_strptime(s, "%H:%M:%S", tm))) { - return NULL; - } - break; - case 'y': /* last two digits of a year */ - ret = str2int(&s, 2); - if (ret < 0 || ret > 99) { /* must be in [00,99] */ - return NULL; - } - if (split_year) { - tm->tm_year = ((tm->tm_year/100) * 100) + ret; - } - else { - split_year = 1; - - /** currently: - * if in [0,68] we are in 21th century, - * if in [69,99] we are in 20th century. - **/ - if (ret < 69) /* 2000 */ - ret += 100; - tm->tm_year = ret; - } - break; - case 'Y': /* year */ - ret = str2int(&s, 4); - if (ret < 0 || ret > 9999) { - return NULL; - } - tm->tm_year = ret - TM_YEAR_BASE; - break; - case '\0': - default: /* unsupported, cannot match format */ - return NULL; - break; - } - } - else { /* literal */ - /* if input cannot match format, return NULL */ - if (*s != c) - return NULL; - s++; - } - - format++; - } - - /* return pointer to remainder of s */ - return (char*) s; -} - -#endif /* STRPTIME_WORKS */ diff --git a/external/unbound/compat/strsep.c b/external/unbound/compat/strsep.c deleted file mode 100644 index 4e3f05c52..000000000 --- a/external/unbound/compat/strsep.c +++ /dev/null @@ -1,65 +0,0 @@ -/** - * strsep implementation for compatibility. - * - * LICENSE - * Copyright (c) 2016, NLnet Labs - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions are met: - * * Redistributions of source code must retain the above copyright notice, - * this list of conditions and the following disclaimer. - * * Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * * Neither the name of NLnetLabs nor the names of its - * contributors may be used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE - * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR - * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - * POSSIBILITY OF SUCH DAMAGE. - **/ - -#include "config.h" - -/** see if character is in the delimiter array */ -static int -in_delim(char c, const char* delim) -{ - const char* p; - if(!delim) - return 0; - for(p=delim; *p; p++) { - if(*p == c) - return 1; - } - return 0; -} - -char *strsep(char **stringp, const char *delim) -{ - char* s; - char* orig; - if(stringp == NULL || *stringp == NULL) - return NULL; - orig = *stringp; - s = *stringp; - while(*s && !in_delim(*s, delim)) - s++; - if(*s) { - *s = 0; - *stringp = s+1; - } else { - *stringp = NULL; - } - return orig; -} diff --git a/external/unbound/config.guess b/external/unbound/config.guess deleted file mode 100755 index b79252d6b..000000000 --- a/external/unbound/config.guess +++ /dev/null @@ -1,1558 +0,0 @@ -#! /bin/sh -# Attempt to guess a canonical system name. -# Copyright 1992-2013 Free Software Foundation, Inc. - -timestamp='2013-06-10' - -# This file is free software; you can redistribute it and/or modify it -# under the terms of the GNU General Public License as published by -# the Free Software Foundation; either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, but -# WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -# General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program; if not, see . -# -# As a special exception to the GNU General Public License, if you -# distribute this file as part of a program that contains a -# configuration script generated by Autoconf, you may include it under -# the same distribution terms that you use for the rest of that -# program. This Exception is an additional permission under section 7 -# of the GNU General Public License, version 3 ("GPLv3"). -# -# Originally written by Per Bothner. -# -# You can get the latest version of this script from: -# http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.guess;hb=HEAD -# -# Please send patches with a ChangeLog entry to config-patches@gnu.org. - - -me=`echo "$0" | sed -e 's,.*/,,'` - -usage="\ -Usage: $0 [OPTION] - -Output the configuration name of the system \`$me' is run on. - -Operation modes: - -h, --help print this help, then exit - -t, --time-stamp print date of last modification, then exit - -v, --version print version number, then exit - -Report bugs and patches to ." - -version="\ -GNU config.guess ($timestamp) - -Originally written by Per Bothner. -Copyright 1992-2013 Free Software Foundation, Inc. - -This is free software; see the source for copying conditions. There is NO -warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE." - -help=" -Try \`$me --help' for more information." - -# Parse command line -while test $# -gt 0 ; do - case $1 in - --time-stamp | --time* | -t ) - echo "$timestamp" ; exit ;; - --version | -v ) - echo "$version" ; exit ;; - --help | --h* | -h ) - echo "$usage"; exit ;; - -- ) # Stop option processing - shift; break ;; - - ) # Use stdin as input. - break ;; - -* ) - echo "$me: invalid option $1$help" >&2 - exit 1 ;; - * ) - break ;; - esac -done - -if test $# != 0; then - echo "$me: too many arguments$help" >&2 - exit 1 -fi - -trap 'exit 1' 1 2 15 - -# CC_FOR_BUILD -- compiler used by this script. Note that the use of a -# compiler to aid in system detection is discouraged as it requires -# temporary files to be created and, as you can see below, it is a -# headache to deal with in a portable fashion. - -# Historically, `CC_FOR_BUILD' used to be named `HOST_CC'. We still -# use `HOST_CC' if defined, but it is deprecated. - -# Portable tmp directory creation inspired by the Autoconf team. - -set_cc_for_build=' -trap "exitcode=\$?; (rm -f \$tmpfiles 2>/dev/null; rmdir \$tmp 2>/dev/null) && exit \$exitcode" 0 ; -trap "rm -f \$tmpfiles 2>/dev/null; rmdir \$tmp 2>/dev/null; exit 1" 1 2 13 15 ; -: ${TMPDIR=/tmp} ; - { tmp=`(umask 077 && mktemp -d "$TMPDIR/cgXXXXXX") 2>/dev/null` && test -n "$tmp" && test -d "$tmp" ; } || - { test -n "$RANDOM" && tmp=$TMPDIR/cg$$-$RANDOM && (umask 077 && mkdir $tmp) ; } || - { tmp=$TMPDIR/cg-$$ && (umask 077 && mkdir $tmp) && echo "Warning: creating insecure temp directory" >&2 ; } || - { echo "$me: cannot create a temporary directory in $TMPDIR" >&2 ; exit 1 ; } ; -dummy=$tmp/dummy ; -tmpfiles="$dummy.c $dummy.o $dummy.rel $dummy" ; -case $CC_FOR_BUILD,$HOST_CC,$CC in - ,,) echo "int x;" > $dummy.c ; - for c in cc gcc c89 c99 ; do - if ($c -c -o $dummy.o $dummy.c) >/dev/null 2>&1 ; then - CC_FOR_BUILD="$c"; break ; - fi ; - done ; - if test x"$CC_FOR_BUILD" = x ; then - CC_FOR_BUILD=no_compiler_found ; - fi - ;; - ,,*) CC_FOR_BUILD=$CC ;; - ,*,*) CC_FOR_BUILD=$HOST_CC ;; -esac ; set_cc_for_build= ;' - -# This is needed to find uname on a Pyramid OSx when run in the BSD universe. -# (ghazi@noc.rutgers.edu 1994-08-24) -if (test -f /.attbin/uname) >/dev/null 2>&1 ; then - PATH=$PATH:/.attbin ; export PATH -fi - -UNAME_MACHINE=`(uname -m) 2>/dev/null` || UNAME_MACHINE=unknown -UNAME_RELEASE=`(uname -r) 2>/dev/null` || UNAME_RELEASE=unknown -UNAME_SYSTEM=`(uname -s) 2>/dev/null` || UNAME_SYSTEM=unknown -UNAME_VERSION=`(uname -v) 2>/dev/null` || UNAME_VERSION=unknown - -case "${UNAME_SYSTEM}" in -Linux|GNU|GNU/*) - # If the system lacks a compiler, then just pick glibc. - # We could probably try harder. - LIBC=gnu - - eval $set_cc_for_build - cat <<-EOF > $dummy.c - #include - #if defined(__UCLIBC__) - LIBC=uclibc - #elif defined(__dietlibc__) - LIBC=dietlibc - #else - LIBC=gnu - #endif - EOF - eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep '^LIBC'` - ;; -esac - -# Note: order is significant - the case branches are not exclusive. - -case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in - *:NetBSD:*:*) - # NetBSD (nbsd) targets should (where applicable) match one or - # more of the tuples: *-*-netbsdelf*, *-*-netbsdaout*, - # *-*-netbsdecoff* and *-*-netbsd*. For targets that recently - # switched to ELF, *-*-netbsd* would select the old - # object file format. This provides both forward - # compatibility and a consistent mechanism for selecting the - # object file format. - # - # Note: NetBSD doesn't particularly care about the vendor - # portion of the name. We always set it to "unknown". - sysctl="sysctl -n hw.machine_arch" - UNAME_MACHINE_ARCH=`(/sbin/$sysctl 2>/dev/null || \ - /usr/sbin/$sysctl 2>/dev/null || echo unknown)` - case "${UNAME_MACHINE_ARCH}" in - armeb) machine=armeb-unknown ;; - arm*) machine=arm-unknown ;; - sh3el) machine=shl-unknown ;; - sh3eb) machine=sh-unknown ;; - sh5el) machine=sh5le-unknown ;; - *) machine=${UNAME_MACHINE_ARCH}-unknown ;; - esac - # The Operating System including object format, if it has switched - # to ELF recently, or will in the future. - case "${UNAME_MACHINE_ARCH}" in - arm*|i386|m68k|ns32k|sh3*|sparc|vax) - eval $set_cc_for_build - if echo __ELF__ | $CC_FOR_BUILD -E - 2>/dev/null \ - | grep -q __ELF__ - then - # Once all utilities can be ECOFF (netbsdecoff) or a.out (netbsdaout). - # Return netbsd for either. FIX? - os=netbsd - else - os=netbsdelf - fi - ;; - *) - os=netbsd - ;; - esac - # The OS release - # Debian GNU/NetBSD machines have a different userland, and - # thus, need a distinct triplet. However, they do not need - # kernel version information, so it can be replaced with a - # suitable tag, in the style of linux-gnu. - case "${UNAME_VERSION}" in - Debian*) - release='-gnu' - ;; - *) - release=`echo ${UNAME_RELEASE}|sed -e 's/[-_].*/\./'` - ;; - esac - # Since CPU_TYPE-MANUFACTURER-KERNEL-OPERATING_SYSTEM: - # contains redundant information, the shorter form: - # CPU_TYPE-MANUFACTURER-OPERATING_SYSTEM is used. - echo "${machine}-${os}${release}" - exit ;; - *:Bitrig:*:*) - UNAME_MACHINE_ARCH=`arch | sed 's/Bitrig.//'` - echo ${UNAME_MACHINE_ARCH}-unknown-bitrig${UNAME_RELEASE} - exit ;; - *:OpenBSD:*:*) - UNAME_MACHINE_ARCH=`arch | sed 's/OpenBSD.//'` - echo ${UNAME_MACHINE_ARCH}-unknown-openbsd${UNAME_RELEASE} - exit ;; - *:ekkoBSD:*:*) - echo ${UNAME_MACHINE}-unknown-ekkobsd${UNAME_RELEASE} - exit ;; - *:SolidBSD:*:*) - echo ${UNAME_MACHINE}-unknown-solidbsd${UNAME_RELEASE} - exit ;; - macppc:MirBSD:*:*) - echo powerpc-unknown-mirbsd${UNAME_RELEASE} - exit ;; - *:MirBSD:*:*) - echo ${UNAME_MACHINE}-unknown-mirbsd${UNAME_RELEASE} - exit ;; - alpha:OSF1:*:*) - case $UNAME_RELEASE in - *4.0) - UNAME_RELEASE=`/usr/sbin/sizer -v | awk '{print $3}'` - ;; - *5.*) - UNAME_RELEASE=`/usr/sbin/sizer -v | awk '{print $4}'` - ;; - esac - # According to Compaq, /usr/sbin/psrinfo has been available on - # OSF/1 and Tru64 systems produced since 1995. I hope that - # covers most systems running today. This code pipes the CPU - # types through head -n 1, so we only detect the type of CPU 0. - ALPHA_CPU_TYPE=`/usr/sbin/psrinfo -v | sed -n -e 's/^ The alpha \(.*\) processor.*$/\1/p' | head -n 1` - case "$ALPHA_CPU_TYPE" in - "EV4 (21064)") - UNAME_MACHINE="alpha" ;; - "EV4.5 (21064)") - UNAME_MACHINE="alpha" ;; - "LCA4 (21066/21068)") - UNAME_MACHINE="alpha" ;; - "EV5 (21164)") - UNAME_MACHINE="alphaev5" ;; - "EV5.6 (21164A)") - UNAME_MACHINE="alphaev56" ;; - "EV5.6 (21164PC)") - UNAME_MACHINE="alphapca56" ;; - "EV5.7 (21164PC)") - UNAME_MACHINE="alphapca57" ;; - "EV6 (21264)") - UNAME_MACHINE="alphaev6" ;; - "EV6.7 (21264A)") - UNAME_MACHINE="alphaev67" ;; - "EV6.8CB (21264C)") - UNAME_MACHINE="alphaev68" ;; - "EV6.8AL (21264B)") - UNAME_MACHINE="alphaev68" ;; - "EV6.8CX (21264D)") - UNAME_MACHINE="alphaev68" ;; - "EV6.9A (21264/EV69A)") - UNAME_MACHINE="alphaev69" ;; - "EV7 (21364)") - UNAME_MACHINE="alphaev7" ;; - "EV7.9 (21364A)") - UNAME_MACHINE="alphaev79" ;; - esac - # A Pn.n version is a patched version. - # A Vn.n version is a released version. - # A Tn.n version is a released field test version. - # A Xn.n version is an unreleased experimental baselevel. - # 1.2 uses "1.2" for uname -r. - echo ${UNAME_MACHINE}-dec-osf`echo ${UNAME_RELEASE} | sed -e 's/^[PVTX]//' | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz'` - # Reset EXIT trap before exiting to avoid spurious non-zero exit code. - exitcode=$? - trap '' 0 - exit $exitcode ;; - Alpha\ *:Windows_NT*:*) - # How do we know it's Interix rather than the generic POSIX subsystem? - # Should we change UNAME_MACHINE based on the output of uname instead - # of the specific Alpha model? - echo alpha-pc-interix - exit ;; - 21064:Windows_NT:50:3) - echo alpha-dec-winnt3.5 - exit ;; - Amiga*:UNIX_System_V:4.0:*) - echo m68k-unknown-sysv4 - exit ;; - *:[Aa]miga[Oo][Ss]:*:*) - echo ${UNAME_MACHINE}-unknown-amigaos - exit ;; - *:[Mm]orph[Oo][Ss]:*:*) - echo ${UNAME_MACHINE}-unknown-morphos - exit ;; - *:OS/390:*:*) - echo i370-ibm-openedition - exit ;; - *:z/VM:*:*) - echo s390-ibm-zvmoe - exit ;; - *:OS400:*:*) - echo powerpc-ibm-os400 - exit ;; - arm:RISC*:1.[012]*:*|arm:riscix:1.[012]*:*) - echo arm-acorn-riscix${UNAME_RELEASE} - exit ;; - arm*:riscos:*:*|arm*:RISCOS:*:*) - echo arm-unknown-riscos - exit ;; - SR2?01:HI-UX/MPP:*:* | SR8000:HI-UX/MPP:*:*) - echo hppa1.1-hitachi-hiuxmpp - exit ;; - Pyramid*:OSx*:*:* | MIS*:OSx*:*:* | MIS*:SMP_DC-OSx*:*:*) - # akee@wpdis03.wpafb.af.mil (Earle F. Ake) contributed MIS and NILE. - if test "`(/bin/universe) 2>/dev/null`" = att ; then - echo pyramid-pyramid-sysv3 - else - echo pyramid-pyramid-bsd - fi - exit ;; - NILE*:*:*:dcosx) - echo pyramid-pyramid-svr4 - exit ;; - DRS?6000:unix:4.0:6*) - echo sparc-icl-nx6 - exit ;; - DRS?6000:UNIX_SV:4.2*:7* | DRS?6000:isis:4.2*:7*) - case `/usr/bin/uname -p` in - sparc) echo sparc-icl-nx7; exit ;; - esac ;; - s390x:SunOS:*:*) - echo ${UNAME_MACHINE}-ibm-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` - exit ;; - sun4H:SunOS:5.*:*) - echo sparc-hal-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` - exit ;; - sun4*:SunOS:5.*:* | tadpole*:SunOS:5.*:*) - echo sparc-sun-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` - exit ;; - i86pc:AuroraUX:5.*:* | i86xen:AuroraUX:5.*:*) - echo i386-pc-auroraux${UNAME_RELEASE} - exit ;; - i86pc:SunOS:5.*:* | i86xen:SunOS:5.*:*) - eval $set_cc_for_build - SUN_ARCH="i386" - # If there is a compiler, see if it is configured for 64-bit objects. - # Note that the Sun cc does not turn __LP64__ into 1 like gcc does. - # This test works for both compilers. - if [ "$CC_FOR_BUILD" != 'no_compiler_found' ]; then - if (echo '#ifdef __amd64'; echo IS_64BIT_ARCH; echo '#endif') | \ - (CCOPTS= $CC_FOR_BUILD -E - 2>/dev/null) | \ - grep IS_64BIT_ARCH >/dev/null - then - SUN_ARCH="x86_64" - fi - fi - echo ${SUN_ARCH}-pc-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` - exit ;; - sun4*:SunOS:6*:*) - # According to config.sub, this is the proper way to canonicalize - # SunOS6. Hard to guess exactly what SunOS6 will be like, but - # it's likely to be more like Solaris than SunOS4. - echo sparc-sun-solaris3`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` - exit ;; - sun4*:SunOS:*:*) - case "`/usr/bin/arch -k`" in - Series*|S4*) - UNAME_RELEASE=`uname -v` - ;; - esac - # Japanese Language versions have a version number like `4.1.3-JL'. - echo sparc-sun-sunos`echo ${UNAME_RELEASE}|sed -e 's/-/_/'` - exit ;; - sun3*:SunOS:*:*) - echo m68k-sun-sunos${UNAME_RELEASE} - exit ;; - sun*:*:4.2BSD:*) - UNAME_RELEASE=`(sed 1q /etc/motd | awk '{print substr($5,1,3)}') 2>/dev/null` - test "x${UNAME_RELEASE}" = "x" && UNAME_RELEASE=3 - case "`/bin/arch`" in - sun3) - echo m68k-sun-sunos${UNAME_RELEASE} - ;; - sun4) - echo sparc-sun-sunos${UNAME_RELEASE} - ;; - esac - exit ;; - aushp:SunOS:*:*) - echo sparc-auspex-sunos${UNAME_RELEASE} - exit ;; - # The situation for MiNT is a little confusing. The machine name - # can be virtually everything (everything which is not - # "atarist" or "atariste" at least should have a processor - # > m68000). The system name ranges from "MiNT" over "FreeMiNT" - # to the lowercase version "mint" (or "freemint"). Finally - # the system name "TOS" denotes a system which is actually not - # MiNT. But MiNT is downward compatible to TOS, so this should - # be no problem. - atarist[e]:*MiNT:*:* | atarist[e]:*mint:*:* | atarist[e]:*TOS:*:*) - echo m68k-atari-mint${UNAME_RELEASE} - exit ;; - atari*:*MiNT:*:* | atari*:*mint:*:* | atarist[e]:*TOS:*:*) - echo m68k-atari-mint${UNAME_RELEASE} - exit ;; - *falcon*:*MiNT:*:* | *falcon*:*mint:*:* | *falcon*:*TOS:*:*) - echo m68k-atari-mint${UNAME_RELEASE} - exit ;; - milan*:*MiNT:*:* | milan*:*mint:*:* | *milan*:*TOS:*:*) - echo m68k-milan-mint${UNAME_RELEASE} - exit ;; - hades*:*MiNT:*:* | hades*:*mint:*:* | *hades*:*TOS:*:*) - echo m68k-hades-mint${UNAME_RELEASE} - exit ;; - *:*MiNT:*:* | *:*mint:*:* | *:*TOS:*:*) - echo m68k-unknown-mint${UNAME_RELEASE} - exit ;; - m68k:machten:*:*) - echo m68k-apple-machten${UNAME_RELEASE} - exit ;; - powerpc:machten:*:*) - echo powerpc-apple-machten${UNAME_RELEASE} - exit ;; - RISC*:Mach:*:*) - echo mips-dec-mach_bsd4.3 - exit ;; - RISC*:ULTRIX:*:*) - echo mips-dec-ultrix${UNAME_RELEASE} - exit ;; - VAX*:ULTRIX*:*:*) - echo vax-dec-ultrix${UNAME_RELEASE} - exit ;; - 2020:CLIX:*:* | 2430:CLIX:*:*) - echo clipper-intergraph-clix${UNAME_RELEASE} - exit ;; - mips:*:*:UMIPS | mips:*:*:RISCos) - eval $set_cc_for_build - sed 's/^ //' << EOF >$dummy.c -#ifdef __cplusplus -#include /* for printf() prototype */ - int main (int argc, char *argv[]) { -#else - int main (argc, argv) int argc; char *argv[]; { -#endif - #if defined (host_mips) && defined (MIPSEB) - #if defined (SYSTYPE_SYSV) - printf ("mips-mips-riscos%ssysv\n", argv[1]); exit (0); - #endif - #if defined (SYSTYPE_SVR4) - printf ("mips-mips-riscos%ssvr4\n", argv[1]); exit (0); - #endif - #if defined (SYSTYPE_BSD43) || defined(SYSTYPE_BSD) - printf ("mips-mips-riscos%sbsd\n", argv[1]); exit (0); - #endif - #endif - exit (-1); - } -EOF - $CC_FOR_BUILD -o $dummy $dummy.c && - dummyarg=`echo "${UNAME_RELEASE}" | sed -n 's/\([0-9]*\).*/\1/p'` && - SYSTEM_NAME=`$dummy $dummyarg` && - { echo "$SYSTEM_NAME"; exit; } - echo mips-mips-riscos${UNAME_RELEASE} - exit ;; - Motorola:PowerMAX_OS:*:*) - echo powerpc-motorola-powermax - exit ;; - Motorola:*:4.3:PL8-*) - echo powerpc-harris-powermax - exit ;; - Night_Hawk:*:*:PowerMAX_OS | Synergy:PowerMAX_OS:*:*) - echo powerpc-harris-powermax - exit ;; - Night_Hawk:Power_UNIX:*:*) - echo powerpc-harris-powerunix - exit ;; - m88k:CX/UX:7*:*) - echo m88k-harris-cxux7 - exit ;; - m88k:*:4*:R4*) - echo m88k-motorola-sysv4 - exit ;; - m88k:*:3*:R3*) - echo m88k-motorola-sysv3 - exit ;; - AViiON:dgux:*:*) - # DG/UX returns AViiON for all architectures - UNAME_PROCESSOR=`/usr/bin/uname -p` - if [ $UNAME_PROCESSOR = mc88100 ] || [ $UNAME_PROCESSOR = mc88110 ] - then - if [ ${TARGET_BINARY_INTERFACE}x = m88kdguxelfx ] || \ - [ ${TARGET_BINARY_INTERFACE}x = x ] - then - echo m88k-dg-dgux${UNAME_RELEASE} - else - echo m88k-dg-dguxbcs${UNAME_RELEASE} - fi - else - echo i586-dg-dgux${UNAME_RELEASE} - fi - exit ;; - M88*:DolphinOS:*:*) # DolphinOS (SVR3) - echo m88k-dolphin-sysv3 - exit ;; - M88*:*:R3*:*) - # Delta 88k system running SVR3 - echo m88k-motorola-sysv3 - exit ;; - XD88*:*:*:*) # Tektronix XD88 system running UTekV (SVR3) - echo m88k-tektronix-sysv3 - exit ;; - Tek43[0-9][0-9]:UTek:*:*) # Tektronix 4300 system running UTek (BSD) - echo m68k-tektronix-bsd - exit ;; - *:IRIX*:*:*) - echo mips-sgi-irix`echo ${UNAME_RELEASE}|sed -e 's/-/_/g'` - exit ;; - ????????:AIX?:[12].1:2) # AIX 2.2.1 or AIX 2.1.1 is RT/PC AIX. - echo romp-ibm-aix # uname -m gives an 8 hex-code CPU id - exit ;; # Note that: echo "'`uname -s`'" gives 'AIX ' - i*86:AIX:*:*) - echo i386-ibm-aix - exit ;; - ia64:AIX:*:*) - if [ -x /usr/bin/oslevel ] ; then - IBM_REV=`/usr/bin/oslevel` - else - IBM_REV=${UNAME_VERSION}.${UNAME_RELEASE} - fi - echo ${UNAME_MACHINE}-ibm-aix${IBM_REV} - exit ;; - *:AIX:2:3) - if grep bos325 /usr/include/stdio.h >/dev/null 2>&1; then - eval $set_cc_for_build - sed 's/^ //' << EOF >$dummy.c - #include - - main() - { - if (!__power_pc()) - exit(1); - puts("powerpc-ibm-aix3.2.5"); - exit(0); - } -EOF - if $CC_FOR_BUILD -o $dummy $dummy.c && SYSTEM_NAME=`$dummy` - then - echo "$SYSTEM_NAME" - else - echo rs6000-ibm-aix3.2.5 - fi - elif grep bos324 /usr/include/stdio.h >/dev/null 2>&1; then - echo rs6000-ibm-aix3.2.4 - else - echo rs6000-ibm-aix3.2 - fi - exit ;; - *:AIX:*:[4567]) - IBM_CPU_ID=`/usr/sbin/lsdev -C -c processor -S available | sed 1q | awk '{ print $1 }'` - if /usr/sbin/lsattr -El ${IBM_CPU_ID} | grep ' POWER' >/dev/null 2>&1; then - IBM_ARCH=rs6000 - else - IBM_ARCH=powerpc - fi - if [ -x /usr/bin/oslevel ] ; then - IBM_REV=`/usr/bin/oslevel` - else - IBM_REV=${UNAME_VERSION}.${UNAME_RELEASE} - fi - echo ${IBM_ARCH}-ibm-aix${IBM_REV} - exit ;; - *:AIX:*:*) - echo rs6000-ibm-aix - exit ;; - ibmrt:4.4BSD:*|romp-ibm:BSD:*) - echo romp-ibm-bsd4.4 - exit ;; - ibmrt:*BSD:*|romp-ibm:BSD:*) # covers RT/PC BSD and - echo romp-ibm-bsd${UNAME_RELEASE} # 4.3 with uname added to - exit ;; # report: romp-ibm BSD 4.3 - *:BOSX:*:*) - echo rs6000-bull-bosx - exit ;; - DPX/2?00:B.O.S.:*:*) - echo m68k-bull-sysv3 - exit ;; - 9000/[34]??:4.3bsd:1.*:*) - echo m68k-hp-bsd - exit ;; - hp300:4.4BSD:*:* | 9000/[34]??:4.3bsd:2.*:*) - echo m68k-hp-bsd4.4 - exit ;; - 9000/[34678]??:HP-UX:*:*) - HPUX_REV=`echo ${UNAME_RELEASE}|sed -e 's/[^.]*.[0B]*//'` - case "${UNAME_MACHINE}" in - 9000/31? ) HP_ARCH=m68000 ;; - 9000/[34]?? ) HP_ARCH=m68k ;; - 9000/[678][0-9][0-9]) - if [ -x /usr/bin/getconf ]; then - sc_cpu_version=`/usr/bin/getconf SC_CPU_VERSION 2>/dev/null` - sc_kernel_bits=`/usr/bin/getconf SC_KERNEL_BITS 2>/dev/null` - case "${sc_cpu_version}" in - 523) HP_ARCH="hppa1.0" ;; # CPU_PA_RISC1_0 - 528) HP_ARCH="hppa1.1" ;; # CPU_PA_RISC1_1 - 532) # CPU_PA_RISC2_0 - case "${sc_kernel_bits}" in - 32) HP_ARCH="hppa2.0n" ;; - 64) HP_ARCH="hppa2.0w" ;; - '') HP_ARCH="hppa2.0" ;; # HP-UX 10.20 - esac ;; - esac - fi - if [ "${HP_ARCH}" = "" ]; then - eval $set_cc_for_build - sed 's/^ //' << EOF >$dummy.c - - #define _HPUX_SOURCE - #include - #include - - int main () - { - #if defined(_SC_KERNEL_BITS) - long bits = sysconf(_SC_KERNEL_BITS); - #endif - long cpu = sysconf (_SC_CPU_VERSION); - - switch (cpu) - { - case CPU_PA_RISC1_0: puts ("hppa1.0"); break; - case CPU_PA_RISC1_1: puts ("hppa1.1"); break; - case CPU_PA_RISC2_0: - #if defined(_SC_KERNEL_BITS) - switch (bits) - { - case 64: puts ("hppa2.0w"); break; - case 32: puts ("hppa2.0n"); break; - default: puts ("hppa2.0"); break; - } break; - #else /* !defined(_SC_KERNEL_BITS) */ - puts ("hppa2.0"); break; - #endif - default: puts ("hppa1.0"); break; - } - exit (0); - } -EOF - (CCOPTS= $CC_FOR_BUILD -o $dummy $dummy.c 2>/dev/null) && HP_ARCH=`$dummy` - test -z "$HP_ARCH" && HP_ARCH=hppa - fi ;; - esac - if [ ${HP_ARCH} = "hppa2.0w" ] - then - eval $set_cc_for_build - - # hppa2.0w-hp-hpux* has a 64-bit kernel and a compiler generating - # 32-bit code. hppa64-hp-hpux* has the same kernel and a compiler - # generating 64-bit code. GNU and HP use different nomenclature: - # - # $ CC_FOR_BUILD=cc ./config.guess - # => hppa2.0w-hp-hpux11.23 - # $ CC_FOR_BUILD="cc +DA2.0w" ./config.guess - # => hppa64-hp-hpux11.23 - - if echo __LP64__ | (CCOPTS= $CC_FOR_BUILD -E - 2>/dev/null) | - grep -q __LP64__ - then - HP_ARCH="hppa2.0w" - else - HP_ARCH="hppa64" - fi - fi - echo ${HP_ARCH}-hp-hpux${HPUX_REV} - exit ;; - ia64:HP-UX:*:*) - HPUX_REV=`echo ${UNAME_RELEASE}|sed -e 's/[^.]*.[0B]*//'` - echo ia64-hp-hpux${HPUX_REV} - exit ;; - 3050*:HI-UX:*:*) - eval $set_cc_for_build - sed 's/^ //' << EOF >$dummy.c - #include - int - main () - { - long cpu = sysconf (_SC_CPU_VERSION); - /* The order matters, because CPU_IS_HP_MC68K erroneously returns - true for CPU_PA_RISC1_0. CPU_IS_PA_RISC returns correct - results, however. */ - if (CPU_IS_PA_RISC (cpu)) - { - switch (cpu) - { - case CPU_PA_RISC1_0: puts ("hppa1.0-hitachi-hiuxwe2"); break; - case CPU_PA_RISC1_1: puts ("hppa1.1-hitachi-hiuxwe2"); break; - case CPU_PA_RISC2_0: puts ("hppa2.0-hitachi-hiuxwe2"); break; - default: puts ("hppa-hitachi-hiuxwe2"); break; - } - } - else if (CPU_IS_HP_MC68K (cpu)) - puts ("m68k-hitachi-hiuxwe2"); - else puts ("unknown-hitachi-hiuxwe2"); - exit (0); - } -EOF - $CC_FOR_BUILD -o $dummy $dummy.c && SYSTEM_NAME=`$dummy` && - { echo "$SYSTEM_NAME"; exit; } - echo unknown-hitachi-hiuxwe2 - exit ;; - 9000/7??:4.3bsd:*:* | 9000/8?[79]:4.3bsd:*:* ) - echo hppa1.1-hp-bsd - exit ;; - 9000/8??:4.3bsd:*:*) - echo hppa1.0-hp-bsd - exit ;; - *9??*:MPE/iX:*:* | *3000*:MPE/iX:*:*) - echo hppa1.0-hp-mpeix - exit ;; - hp7??:OSF1:*:* | hp8?[79]:OSF1:*:* ) - echo hppa1.1-hp-osf - exit ;; - hp8??:OSF1:*:*) - echo hppa1.0-hp-osf - exit ;; - i*86:OSF1:*:*) - if [ -x /usr/sbin/sysversion ] ; then - echo ${UNAME_MACHINE}-unknown-osf1mk - else - echo ${UNAME_MACHINE}-unknown-osf1 - fi - exit ;; - parisc*:Lites*:*:*) - echo hppa1.1-hp-lites - exit ;; - C1*:ConvexOS:*:* | convex:ConvexOS:C1*:*) - echo c1-convex-bsd - exit ;; - C2*:ConvexOS:*:* | convex:ConvexOS:C2*:*) - if getsysinfo -f scalar_acc - then echo c32-convex-bsd - else echo c2-convex-bsd - fi - exit ;; - C34*:ConvexOS:*:* | convex:ConvexOS:C34*:*) - echo c34-convex-bsd - exit ;; - C38*:ConvexOS:*:* | convex:ConvexOS:C38*:*) - echo c38-convex-bsd - exit ;; - C4*:ConvexOS:*:* | convex:ConvexOS:C4*:*) - echo c4-convex-bsd - exit ;; - CRAY*Y-MP:*:*:*) - echo ymp-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/' - exit ;; - CRAY*[A-Z]90:*:*:*) - echo ${UNAME_MACHINE}-cray-unicos${UNAME_RELEASE} \ - | sed -e 's/CRAY.*\([A-Z]90\)/\1/' \ - -e y/ABCDEFGHIJKLMNOPQRSTUVWXYZ/abcdefghijklmnopqrstuvwxyz/ \ - -e 's/\.[^.]*$/.X/' - exit ;; - CRAY*TS:*:*:*) - echo t90-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/' - exit ;; - CRAY*T3E:*:*:*) - echo alphaev5-cray-unicosmk${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/' - exit ;; - CRAY*SV1:*:*:*) - echo sv1-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/' - exit ;; - *:UNICOS/mp:*:*) - echo craynv-cray-unicosmp${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/' - exit ;; - F30[01]:UNIX_System_V:*:* | F700:UNIX_System_V:*:*) - FUJITSU_PROC=`uname -m | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz'` - FUJITSU_SYS=`uname -p | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/\///'` - FUJITSU_REL=`echo ${UNAME_RELEASE} | sed -e 's/ /_/'` - echo "${FUJITSU_PROC}-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}" - exit ;; - 5000:UNIX_System_V:4.*:*) - FUJITSU_SYS=`uname -p | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/\///'` - FUJITSU_REL=`echo ${UNAME_RELEASE} | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/ /_/'` - echo "sparc-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}" - exit ;; - i*86:BSD/386:*:* | i*86:BSD/OS:*:* | *:Ascend\ Embedded/OS:*:*) - echo ${UNAME_MACHINE}-pc-bsdi${UNAME_RELEASE} - exit ;; - sparc*:BSD/OS:*:*) - echo sparc-unknown-bsdi${UNAME_RELEASE} - exit ;; - *:BSD/OS:*:*) - echo ${UNAME_MACHINE}-unknown-bsdi${UNAME_RELEASE} - exit ;; - *:FreeBSD:*:*) - UNAME_PROCESSOR=`/usr/bin/uname -p` - case ${UNAME_PROCESSOR} in - amd64) - echo x86_64-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'` ;; - *) - echo ${UNAME_PROCESSOR}-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'` ;; - esac - exit ;; - i*:CYGWIN*:*) - echo ${UNAME_MACHINE}-pc-cygwin - exit ;; - *:MINGW64*:*) - echo ${UNAME_MACHINE}-pc-mingw64 - exit ;; - *:MINGW*:*) - echo ${UNAME_MACHINE}-pc-mingw32 - exit ;; - i*:MSYS*:*) - echo ${UNAME_MACHINE}-pc-msys - exit ;; - i*:windows32*:*) - # uname -m includes "-pc" on this system. - echo ${UNAME_MACHINE}-mingw32 - exit ;; - i*:PW*:*) - echo ${UNAME_MACHINE}-pc-pw32 - exit ;; - *:Interix*:*) - case ${UNAME_MACHINE} in - x86) - echo i586-pc-interix${UNAME_RELEASE} - exit ;; - authenticamd | genuineintel | EM64T) - echo x86_64-unknown-interix${UNAME_RELEASE} - exit ;; - IA64) - echo ia64-unknown-interix${UNAME_RELEASE} - exit ;; - esac ;; - [345]86:Windows_95:* | [345]86:Windows_98:* | [345]86:Windows_NT:*) - echo i${UNAME_MACHINE}-pc-mks - exit ;; - 8664:Windows_NT:*) - echo x86_64-pc-mks - exit ;; - i*:Windows_NT*:* | Pentium*:Windows_NT*:*) - # How do we know it's Interix rather than the generic POSIX subsystem? - # It also conflicts with pre-2.0 versions of AT&T UWIN. Should we - # UNAME_MACHINE based on the output of uname instead of i386? - echo i586-pc-interix - exit ;; - i*:UWIN*:*) - echo ${UNAME_MACHINE}-pc-uwin - exit ;; - amd64:CYGWIN*:*:* | x86_64:CYGWIN*:*:*) - echo x86_64-unknown-cygwin - exit ;; - p*:CYGWIN*:*) - echo powerpcle-unknown-cygwin - exit ;; - prep*:SunOS:5.*:*) - echo powerpcle-unknown-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` - exit ;; - *:GNU:*:*) - # the GNU system - echo `echo ${UNAME_MACHINE}|sed -e 's,[-/].*$,,'`-unknown-${LIBC}`echo ${UNAME_RELEASE}|sed -e 's,/.*$,,'` - exit ;; - *:GNU/*:*:*) - # other systems with GNU libc and userland - echo ${UNAME_MACHINE}-unknown-`echo ${UNAME_SYSTEM} | sed 's,^[^/]*/,,' | tr '[A-Z]' '[a-z]'``echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'`-${LIBC} - exit ;; - i*86:Minix:*:*) - echo ${UNAME_MACHINE}-pc-minix - exit ;; - aarch64:Linux:*:*) - echo ${UNAME_MACHINE}-unknown-linux-${LIBC} - exit ;; - aarch64_be:Linux:*:*) - UNAME_MACHINE=aarch64_be - echo ${UNAME_MACHINE}-unknown-linux-${LIBC} - exit ;; - alpha:Linux:*:*) - case `sed -n '/^cpu model/s/^.*: \(.*\)/\1/p' < /proc/cpuinfo` in - EV5) UNAME_MACHINE=alphaev5 ;; - EV56) UNAME_MACHINE=alphaev56 ;; - PCA56) UNAME_MACHINE=alphapca56 ;; - PCA57) UNAME_MACHINE=alphapca56 ;; - EV6) UNAME_MACHINE=alphaev6 ;; - EV67) UNAME_MACHINE=alphaev67 ;; - EV68*) UNAME_MACHINE=alphaev68 ;; - esac - objdump --private-headers /bin/sh | grep -q ld.so.1 - if test "$?" = 0 ; then LIBC="gnulibc1" ; fi - echo ${UNAME_MACHINE}-unknown-linux-${LIBC} - exit ;; - arc:Linux:*:* | arceb:Linux:*:*) - echo ${UNAME_MACHINE}-unknown-linux-${LIBC} - exit ;; - arm*:Linux:*:*) - eval $set_cc_for_build - if echo __ARM_EABI__ | $CC_FOR_BUILD -E - 2>/dev/null \ - | grep -q __ARM_EABI__ - then - echo ${UNAME_MACHINE}-unknown-linux-${LIBC} - else - if echo __ARM_PCS_VFP | $CC_FOR_BUILD -E - 2>/dev/null \ - | grep -q __ARM_PCS_VFP - then - echo ${UNAME_MACHINE}-unknown-linux-${LIBC}eabi - else - echo ${UNAME_MACHINE}-unknown-linux-${LIBC}eabihf - fi - fi - exit ;; - avr32*:Linux:*:*) - echo ${UNAME_MACHINE}-unknown-linux-${LIBC} - exit ;; - cris:Linux:*:*) - echo ${UNAME_MACHINE}-axis-linux-${LIBC} - exit ;; - crisv32:Linux:*:*) - echo ${UNAME_MACHINE}-axis-linux-${LIBC} - exit ;; - frv:Linux:*:*) - echo ${UNAME_MACHINE}-unknown-linux-${LIBC} - exit ;; - hexagon:Linux:*:*) - echo ${UNAME_MACHINE}-unknown-linux-${LIBC} - exit ;; - i*86:Linux:*:*) - echo ${UNAME_MACHINE}-pc-linux-${LIBC} - exit ;; - ia64:Linux:*:*) - echo ${UNAME_MACHINE}-unknown-linux-${LIBC} - exit ;; - m32r*:Linux:*:*) - echo ${UNAME_MACHINE}-unknown-linux-${LIBC} - exit ;; - m68*:Linux:*:*) - echo ${UNAME_MACHINE}-unknown-linux-${LIBC} - exit ;; - mips:Linux:*:* | mips64:Linux:*:*) - eval $set_cc_for_build - sed 's/^ //' << EOF >$dummy.c - #undef CPU - #undef ${UNAME_MACHINE} - #undef ${UNAME_MACHINE}el - #if defined(__MIPSEL__) || defined(__MIPSEL) || defined(_MIPSEL) || defined(MIPSEL) - CPU=${UNAME_MACHINE}el - #else - #if defined(__MIPSEB__) || defined(__MIPSEB) || defined(_MIPSEB) || defined(MIPSEB) - CPU=${UNAME_MACHINE} - #else - CPU= - #endif - #endif -EOF - eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep '^CPU'` - test x"${CPU}" != x && { echo "${CPU}-unknown-linux-${LIBC}"; exit; } - ;; - or1k:Linux:*:*) - echo ${UNAME_MACHINE}-unknown-linux-${LIBC} - exit ;; - or32:Linux:*:*) - echo ${UNAME_MACHINE}-unknown-linux-${LIBC} - exit ;; - padre:Linux:*:*) - echo sparc-unknown-linux-${LIBC} - exit ;; - parisc64:Linux:*:* | hppa64:Linux:*:*) - echo hppa64-unknown-linux-${LIBC} - exit ;; - parisc:Linux:*:* | hppa:Linux:*:*) - # Look for CPU level - case `grep '^cpu[^a-z]*:' /proc/cpuinfo 2>/dev/null | cut -d' ' -f2` in - PA7*) echo hppa1.1-unknown-linux-${LIBC} ;; - PA8*) echo hppa2.0-unknown-linux-${LIBC} ;; - *) echo hppa-unknown-linux-${LIBC} ;; - esac - exit ;; - ppc64:Linux:*:*) - echo powerpc64-unknown-linux-${LIBC} - exit ;; - ppc:Linux:*:*) - echo powerpc-unknown-linux-${LIBC} - exit ;; - ppc64le:Linux:*:*) - echo powerpc64le-unknown-linux-${LIBC} - exit ;; - ppcle:Linux:*:*) - echo powerpcle-unknown-linux-${LIBC} - exit ;; - s390:Linux:*:* | s390x:Linux:*:*) - echo ${UNAME_MACHINE}-ibm-linux-${LIBC} - exit ;; - sh64*:Linux:*:*) - echo ${UNAME_MACHINE}-unknown-linux-${LIBC} - exit ;; - sh*:Linux:*:*) - echo ${UNAME_MACHINE}-unknown-linux-${LIBC} - exit ;; - sparc:Linux:*:* | sparc64:Linux:*:*) - echo ${UNAME_MACHINE}-unknown-linux-${LIBC} - exit ;; - tile*:Linux:*:*) - echo ${UNAME_MACHINE}-unknown-linux-${LIBC} - exit ;; - vax:Linux:*:*) - echo ${UNAME_MACHINE}-dec-linux-${LIBC} - exit ;; - x86_64:Linux:*:*) - echo ${UNAME_MACHINE}-unknown-linux-${LIBC} - exit ;; - xtensa*:Linux:*:*) - echo ${UNAME_MACHINE}-unknown-linux-${LIBC} - exit ;; - i*86:DYNIX/ptx:4*:*) - # ptx 4.0 does uname -s correctly, with DYNIX/ptx in there. - # earlier versions are messed up and put the nodename in both - # sysname and nodename. - echo i386-sequent-sysv4 - exit ;; - i*86:UNIX_SV:4.2MP:2.*) - # Unixware is an offshoot of SVR4, but it has its own version - # number series starting with 2... - # I am not positive that other SVR4 systems won't match this, - # I just have to hope. -- rms. - # Use sysv4.2uw... so that sysv4* matches it. - echo ${UNAME_MACHINE}-pc-sysv4.2uw${UNAME_VERSION} - exit ;; - i*86:OS/2:*:*) - # If we were able to find `uname', then EMX Unix compatibility - # is probably installed. - echo ${UNAME_MACHINE}-pc-os2-emx - exit ;; - i*86:XTS-300:*:STOP) - echo ${UNAME_MACHINE}-unknown-stop - exit ;; - i*86:atheos:*:*) - echo ${UNAME_MACHINE}-unknown-atheos - exit ;; - i*86:syllable:*:*) - echo ${UNAME_MACHINE}-pc-syllable - exit ;; - i*86:LynxOS:2.*:* | i*86:LynxOS:3.[01]*:* | i*86:LynxOS:4.[02]*:*) - echo i386-unknown-lynxos${UNAME_RELEASE} - exit ;; - i*86:*DOS:*:*) - echo ${UNAME_MACHINE}-pc-msdosdjgpp - exit ;; - i*86:*:4.*:* | i*86:SYSTEM_V:4.*:*) - UNAME_REL=`echo ${UNAME_RELEASE} | sed 's/\/MP$//'` - if grep Novell /usr/include/link.h >/dev/null 2>/dev/null; then - echo ${UNAME_MACHINE}-univel-sysv${UNAME_REL} - else - echo ${UNAME_MACHINE}-pc-sysv${UNAME_REL} - fi - exit ;; - i*86:*:5:[678]*) - # UnixWare 7.x, OpenUNIX and OpenServer 6. - case `/bin/uname -X | grep "^Machine"` in - *486*) UNAME_MACHINE=i486 ;; - *Pentium) UNAME_MACHINE=i586 ;; - *Pent*|*Celeron) UNAME_MACHINE=i686 ;; - esac - echo ${UNAME_MACHINE}-unknown-sysv${UNAME_RELEASE}${UNAME_SYSTEM}${UNAME_VERSION} - exit ;; - i*86:*:3.2:*) - if test -f /usr/options/cb.name; then - UNAME_REL=`sed -n 's/.*Version //p' /dev/null >/dev/null ; then - UNAME_REL=`(/bin/uname -X|grep Release|sed -e 's/.*= //')` - (/bin/uname -X|grep i80486 >/dev/null) && UNAME_MACHINE=i486 - (/bin/uname -X|grep '^Machine.*Pentium' >/dev/null) \ - && UNAME_MACHINE=i586 - (/bin/uname -X|grep '^Machine.*Pent *II' >/dev/null) \ - && UNAME_MACHINE=i686 - (/bin/uname -X|grep '^Machine.*Pentium Pro' >/dev/null) \ - && UNAME_MACHINE=i686 - echo ${UNAME_MACHINE}-pc-sco$UNAME_REL - else - echo ${UNAME_MACHINE}-pc-sysv32 - fi - exit ;; - pc:*:*:*) - # Left here for compatibility: - # uname -m prints for DJGPP always 'pc', but it prints nothing about - # the processor, so we play safe by assuming i586. - # Note: whatever this is, it MUST be the same as what config.sub - # prints for the "djgpp" host, or else GDB configury will decide that - # this is a cross-build. - echo i586-pc-msdosdjgpp - exit ;; - Intel:Mach:3*:*) - echo i386-pc-mach3 - exit ;; - paragon:*:*:*) - echo i860-intel-osf1 - exit ;; - i860:*:4.*:*) # i860-SVR4 - if grep Stardent /usr/include/sys/uadmin.h >/dev/null 2>&1 ; then - echo i860-stardent-sysv${UNAME_RELEASE} # Stardent Vistra i860-SVR4 - else # Add other i860-SVR4 vendors below as they are discovered. - echo i860-unknown-sysv${UNAME_RELEASE} # Unknown i860-SVR4 - fi - exit ;; - mini*:CTIX:SYS*5:*) - # "miniframe" - echo m68010-convergent-sysv - exit ;; - mc68k:UNIX:SYSTEM5:3.51m) - echo m68k-convergent-sysv - exit ;; - M680?0:D-NIX:5.3:*) - echo m68k-diab-dnix - exit ;; - M68*:*:R3V[5678]*:*) - test -r /sysV68 && { echo 'm68k-motorola-sysv'; exit; } ;; - 3[345]??:*:4.0:3.0 | 3[34]??A:*:4.0:3.0 | 3[34]??,*:*:4.0:3.0 | 3[34]??/*:*:4.0:3.0 | 4400:*:4.0:3.0 | 4850:*:4.0:3.0 | SKA40:*:4.0:3.0 | SDS2:*:4.0:3.0 | SHG2:*:4.0:3.0 | S7501*:*:4.0:3.0) - OS_REL='' - test -r /etc/.relid \ - && OS_REL=.`sed -n 's/[^ ]* [^ ]* \([0-9][0-9]\).*/\1/p' < /etc/.relid` - /bin/uname -p 2>/dev/null | grep 86 >/dev/null \ - && { echo i486-ncr-sysv4.3${OS_REL}; exit; } - /bin/uname -p 2>/dev/null | /bin/grep entium >/dev/null \ - && { echo i586-ncr-sysv4.3${OS_REL}; exit; } ;; - 3[34]??:*:4.0:* | 3[34]??,*:*:4.0:*) - /bin/uname -p 2>/dev/null | grep 86 >/dev/null \ - && { echo i486-ncr-sysv4; exit; } ;; - NCR*:*:4.2:* | MPRAS*:*:4.2:*) - OS_REL='.3' - test -r /etc/.relid \ - && OS_REL=.`sed -n 's/[^ ]* [^ ]* \([0-9][0-9]\).*/\1/p' < /etc/.relid` - /bin/uname -p 2>/dev/null | grep 86 >/dev/null \ - && { echo i486-ncr-sysv4.3${OS_REL}; exit; } - /bin/uname -p 2>/dev/null | /bin/grep entium >/dev/null \ - && { echo i586-ncr-sysv4.3${OS_REL}; exit; } - /bin/uname -p 2>/dev/null | /bin/grep pteron >/dev/null \ - && { echo i586-ncr-sysv4.3${OS_REL}; exit; } ;; - m68*:LynxOS:2.*:* | m68*:LynxOS:3.0*:*) - echo m68k-unknown-lynxos${UNAME_RELEASE} - exit ;; - mc68030:UNIX_System_V:4.*:*) - echo m68k-atari-sysv4 - exit ;; - TSUNAMI:LynxOS:2.*:*) - echo sparc-unknown-lynxos${UNAME_RELEASE} - exit ;; - rs6000:LynxOS:2.*:*) - echo rs6000-unknown-lynxos${UNAME_RELEASE} - exit ;; - PowerPC:LynxOS:2.*:* | PowerPC:LynxOS:3.[01]*:* | PowerPC:LynxOS:4.[02]*:*) - echo powerpc-unknown-lynxos${UNAME_RELEASE} - exit ;; - SM[BE]S:UNIX_SV:*:*) - echo mips-dde-sysv${UNAME_RELEASE} - exit ;; - RM*:ReliantUNIX-*:*:*) - echo mips-sni-sysv4 - exit ;; - RM*:SINIX-*:*:*) - echo mips-sni-sysv4 - exit ;; - *:SINIX-*:*:*) - if uname -p 2>/dev/null >/dev/null ; then - UNAME_MACHINE=`(uname -p) 2>/dev/null` - echo ${UNAME_MACHINE}-sni-sysv4 - else - echo ns32k-sni-sysv - fi - exit ;; - PENTIUM:*:4.0*:*) # Unisys `ClearPath HMP IX 4000' SVR4/MP effort - # says - echo i586-unisys-sysv4 - exit ;; - *:UNIX_System_V:4*:FTX*) - # From Gerald Hewes . - # How about differentiating between stratus architectures? -djm - echo hppa1.1-stratus-sysv4 - exit ;; - *:*:*:FTX*) - # From seanf@swdc.stratus.com. - echo i860-stratus-sysv4 - exit ;; - i*86:VOS:*:*) - # From Paul.Green@stratus.com. - echo ${UNAME_MACHINE}-stratus-vos - exit ;; - *:VOS:*:*) - # From Paul.Green@stratus.com. - echo hppa1.1-stratus-vos - exit ;; - mc68*:A/UX:*:*) - echo m68k-apple-aux${UNAME_RELEASE} - exit ;; - news*:NEWS-OS:6*:*) - echo mips-sony-newsos6 - exit ;; - R[34]000:*System_V*:*:* | R4000:UNIX_SYSV:*:* | R*000:UNIX_SV:*:*) - if [ -d /usr/nec ]; then - echo mips-nec-sysv${UNAME_RELEASE} - else - echo mips-unknown-sysv${UNAME_RELEASE} - fi - exit ;; - BeBox:BeOS:*:*) # BeOS running on hardware made by Be, PPC only. - echo powerpc-be-beos - exit ;; - BeMac:BeOS:*:*) # BeOS running on Mac or Mac clone, PPC only. - echo powerpc-apple-beos - exit ;; - BePC:BeOS:*:*) # BeOS running on Intel PC compatible. - echo i586-pc-beos - exit ;; - BePC:Haiku:*:*) # Haiku running on Intel PC compatible. - echo i586-pc-haiku - exit ;; - x86_64:Haiku:*:*) - echo x86_64-unknown-haiku - exit ;; - SX-4:SUPER-UX:*:*) - echo sx4-nec-superux${UNAME_RELEASE} - exit ;; - SX-5:SUPER-UX:*:*) - echo sx5-nec-superux${UNAME_RELEASE} - exit ;; - SX-6:SUPER-UX:*:*) - echo sx6-nec-superux${UNAME_RELEASE} - exit ;; - SX-7:SUPER-UX:*:*) - echo sx7-nec-superux${UNAME_RELEASE} - exit ;; - SX-8:SUPER-UX:*:*) - echo sx8-nec-superux${UNAME_RELEASE} - exit ;; - SX-8R:SUPER-UX:*:*) - echo sx8r-nec-superux${UNAME_RELEASE} - exit ;; - Power*:Rhapsody:*:*) - echo powerpc-apple-rhapsody${UNAME_RELEASE} - exit ;; - *:Rhapsody:*:*) - echo ${UNAME_MACHINE}-apple-rhapsody${UNAME_RELEASE} - exit ;; - *:Darwin:*:*) - UNAME_PROCESSOR=`uname -p` || UNAME_PROCESSOR=unknown - eval $set_cc_for_build - if test "$UNAME_PROCESSOR" = unknown ; then - UNAME_PROCESSOR=powerpc - fi - if [ "$CC_FOR_BUILD" != 'no_compiler_found' ]; then - if (echo '#ifdef __LP64__'; echo IS_64BIT_ARCH; echo '#endif') | \ - (CCOPTS= $CC_FOR_BUILD -E - 2>/dev/null) | \ - grep IS_64BIT_ARCH >/dev/null - then - case $UNAME_PROCESSOR in - i386) UNAME_PROCESSOR=x86_64 ;; - powerpc) UNAME_PROCESSOR=powerpc64 ;; - esac - fi - fi - echo ${UNAME_PROCESSOR}-apple-darwin${UNAME_RELEASE} - exit ;; - *:procnto*:*:* | *:QNX:[0123456789]*:*) - UNAME_PROCESSOR=`uname -p` - if test "$UNAME_PROCESSOR" = "x86"; then - UNAME_PROCESSOR=i386 - UNAME_MACHINE=pc - fi - echo ${UNAME_PROCESSOR}-${UNAME_MACHINE}-nto-qnx${UNAME_RELEASE} - exit ;; - *:QNX:*:4*) - echo i386-pc-qnx - exit ;; - NEO-?:NONSTOP_KERNEL:*:*) - echo neo-tandem-nsk${UNAME_RELEASE} - exit ;; - NSE-*:NONSTOP_KERNEL:*:*) - echo nse-tandem-nsk${UNAME_RELEASE} - exit ;; - NSR-?:NONSTOP_KERNEL:*:*) - echo nsr-tandem-nsk${UNAME_RELEASE} - exit ;; - *:NonStop-UX:*:*) - echo mips-compaq-nonstopux - exit ;; - BS2000:POSIX*:*:*) - echo bs2000-siemens-sysv - exit ;; - DS/*:UNIX_System_V:*:*) - echo ${UNAME_MACHINE}-${UNAME_SYSTEM}-${UNAME_RELEASE} - exit ;; - *:Plan9:*:*) - # "uname -m" is not consistent, so use $cputype instead. 386 - # is converted to i386 for consistency with other x86 - # operating systems. - if test "$cputype" = "386"; then - UNAME_MACHINE=i386 - else - UNAME_MACHINE="$cputype" - fi - echo ${UNAME_MACHINE}-unknown-plan9 - exit ;; - *:TOPS-10:*:*) - echo pdp10-unknown-tops10 - exit ;; - *:TENEX:*:*) - echo pdp10-unknown-tenex - exit ;; - KS10:TOPS-20:*:* | KL10:TOPS-20:*:* | TYPE4:TOPS-20:*:*) - echo pdp10-dec-tops20 - exit ;; - XKL-1:TOPS-20:*:* | TYPE5:TOPS-20:*:*) - echo pdp10-xkl-tops20 - exit ;; - *:TOPS-20:*:*) - echo pdp10-unknown-tops20 - exit ;; - *:ITS:*:*) - echo pdp10-unknown-its - exit ;; - SEI:*:*:SEIUX) - echo mips-sei-seiux${UNAME_RELEASE} - exit ;; - *:DragonFly:*:*) - echo ${UNAME_MACHINE}-unknown-dragonfly`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'` - exit ;; - *:*VMS:*:*) - UNAME_MACHINE=`(uname -p) 2>/dev/null` - case "${UNAME_MACHINE}" in - A*) echo alpha-dec-vms ; exit ;; - I*) echo ia64-dec-vms ; exit ;; - V*) echo vax-dec-vms ; exit ;; - esac ;; - *:XENIX:*:SysV) - echo i386-pc-xenix - exit ;; - i*86:skyos:*:*) - echo ${UNAME_MACHINE}-pc-skyos`echo ${UNAME_RELEASE}` | sed -e 's/ .*$//' - exit ;; - i*86:rdos:*:*) - echo ${UNAME_MACHINE}-pc-rdos - exit ;; - i*86:AROS:*:*) - echo ${UNAME_MACHINE}-pc-aros - exit ;; - x86_64:VMkernel:*:*) - echo ${UNAME_MACHINE}-unknown-esx - exit ;; -esac - -eval $set_cc_for_build -cat >$dummy.c < -# include -#endif -main () -{ -#if defined (sony) -#if defined (MIPSEB) - /* BFD wants "bsd" instead of "newsos". Perhaps BFD should be changed, - I don't know.... */ - printf ("mips-sony-bsd\n"); exit (0); -#else -#include - printf ("m68k-sony-newsos%s\n", -#ifdef NEWSOS4 - "4" -#else - "" -#endif - ); exit (0); -#endif -#endif - -#if defined (__arm) && defined (__acorn) && defined (__unix) - printf ("arm-acorn-riscix\n"); exit (0); -#endif - -#if defined (hp300) && !defined (hpux) - printf ("m68k-hp-bsd\n"); exit (0); -#endif - -#if defined (NeXT) -#if !defined (__ARCHITECTURE__) -#define __ARCHITECTURE__ "m68k" -#endif - int version; - version=`(hostinfo | sed -n 's/.*NeXT Mach \([0-9]*\).*/\1/p') 2>/dev/null`; - if (version < 4) - printf ("%s-next-nextstep%d\n", __ARCHITECTURE__, version); - else - printf ("%s-next-openstep%d\n", __ARCHITECTURE__, version); - exit (0); -#endif - -#if defined (MULTIMAX) || defined (n16) -#if defined (UMAXV) - printf ("ns32k-encore-sysv\n"); exit (0); -#else -#if defined (CMU) - printf ("ns32k-encore-mach\n"); exit (0); -#else - printf ("ns32k-encore-bsd\n"); exit (0); -#endif -#endif -#endif - -#if defined (__386BSD__) - printf ("i386-pc-bsd\n"); exit (0); -#endif - -#if defined (sequent) -#if defined (i386) - printf ("i386-sequent-dynix\n"); exit (0); -#endif -#if defined (ns32000) - printf ("ns32k-sequent-dynix\n"); exit (0); -#endif -#endif - -#if defined (_SEQUENT_) - struct utsname un; - - uname(&un); - - if (strncmp(un.version, "V2", 2) == 0) { - printf ("i386-sequent-ptx2\n"); exit (0); - } - if (strncmp(un.version, "V1", 2) == 0) { /* XXX is V1 correct? */ - printf ("i386-sequent-ptx1\n"); exit (0); - } - printf ("i386-sequent-ptx\n"); exit (0); - -#endif - -#if defined (vax) -# if !defined (ultrix) -# include -# if defined (BSD) -# if BSD == 43 - printf ("vax-dec-bsd4.3\n"); exit (0); -# else -# if BSD == 199006 - printf ("vax-dec-bsd4.3reno\n"); exit (0); -# else - printf ("vax-dec-bsd\n"); exit (0); -# endif -# endif -# else - printf ("vax-dec-bsd\n"); exit (0); -# endif -# else - printf ("vax-dec-ultrix\n"); exit (0); -# endif -#endif - -#if defined (alliant) && defined (i860) - printf ("i860-alliant-bsd\n"); exit (0); -#endif - - exit (1); -} -EOF - -$CC_FOR_BUILD -o $dummy $dummy.c 2>/dev/null && SYSTEM_NAME=`$dummy` && - { echo "$SYSTEM_NAME"; exit; } - -# Apollos put the system type in the environment. - -test -d /usr/apollo && { echo ${ISP}-apollo-${SYSTYPE}; exit; } - -# Convex versions that predate uname can use getsysinfo(1) - -if [ -x /usr/convex/getsysinfo ] -then - case `getsysinfo -f cpu_type` in - c1*) - echo c1-convex-bsd - exit ;; - c2*) - if getsysinfo -f scalar_acc - then echo c32-convex-bsd - else echo c2-convex-bsd - fi - exit ;; - c34*) - echo c34-convex-bsd - exit ;; - c38*) - echo c38-convex-bsd - exit ;; - c4*) - echo c4-convex-bsd - exit ;; - esac -fi - -cat >&2 < in order to provide the needed -information to handle your system. - -config.guess timestamp = $timestamp - -uname -m = `(uname -m) 2>/dev/null || echo unknown` -uname -r = `(uname -r) 2>/dev/null || echo unknown` -uname -s = `(uname -s) 2>/dev/null || echo unknown` -uname -v = `(uname -v) 2>/dev/null || echo unknown` - -/usr/bin/uname -p = `(/usr/bin/uname -p) 2>/dev/null` -/bin/uname -X = `(/bin/uname -X) 2>/dev/null` - -hostinfo = `(hostinfo) 2>/dev/null` -/bin/universe = `(/bin/universe) 2>/dev/null` -/usr/bin/arch -k = `(/usr/bin/arch -k) 2>/dev/null` -/bin/arch = `(/bin/arch) 2>/dev/null` -/usr/bin/oslevel = `(/usr/bin/oslevel) 2>/dev/null` -/usr/convex/getsysinfo = `(/usr/convex/getsysinfo) 2>/dev/null` - -UNAME_MACHINE = ${UNAME_MACHINE} -UNAME_RELEASE = ${UNAME_RELEASE} -UNAME_SYSTEM = ${UNAME_SYSTEM} -UNAME_VERSION = ${UNAME_VERSION} -EOF - -exit 1 - -# Local variables: -# eval: (add-hook 'write-file-hooks 'time-stamp) -# time-stamp-start: "timestamp='" -# time-stamp-format: "%:y-%02m-%02d" -# time-stamp-end: "'" -# End: diff --git a/external/unbound/config.h.cmake.in b/external/unbound/config.h.cmake.in deleted file mode 100644 index 84a124214..000000000 --- a/external/unbound/config.h.cmake.in +++ /dev/null @@ -1,1205 +0,0 @@ -/* config.h.in. Generated from configure.ac by autoheader. */ - -/* define if a library can reference the 'main' symbol */ -#cmakedefine CAN_REFERENCE_MAIN - -/* Directory to chroot to */ -#define CHROOT_DIR "@UNBOUND_CHROOT_DIR@" - -/* Do sha512 definitions in config.h */ -#cmakedefine COMPAT_SHA512 - -/* Pathname to the Unbound configuration file */ -#define CONFIGFILE "@UNBOUND_CONFIGFILE@" - -/* Define this if on macOSX10.4-darwin8 and setreuid and setregid do not work - */ -#cmakedefine DARWIN_BROKEN_SETREUID - -/* Whether daemon is deprecated */ -#cmakedefine DEPRECATED_DAEMON - -/* default dnstap socket path */ -#cmakedefine DNSTAP_SOCKET_PATH - -/* Define if you want to use debug lock checking (slow). */ -#cmakedefine ENABLE_LOCK_CHECKS - -/* Define this if you enabled-allsymbols from libunbound to link binaries to - it for smaller install size, but the libunbound export table is polluted by - internal symbols */ -#cmakedefine EXPORT_ALL_SYMBOLS - -/* Define to 1 if you have the `arc4random' function. */ -#cmakedefine HAVE_ARC4RANDOM - -/* Define to 1 if you have the `arc4random_uniform' function. */ -#cmakedefine HAVE_ARC4RANDOM_UNIFORM - -/* Define to 1 if you have the header file. */ -#cmakedefine HAVE_ARPA_INET_H - -/* Whether the C compiler accepts the "format" attribute */ -#cmakedefine HAVE_ATTR_FORMAT - -/* Whether the C compiler accepts the "unused" attribute */ -#cmakedefine HAVE_ATTR_UNUSED - -/* Whether the C compiler accepts the "weak" attribute */ -#cmakedefine HAVE_ATTR_WEAK - -/* Define to 1 if you have the `chown' function. */ -#cmakedefine HAVE_CHOWN - -/* Define to 1 if you have the `chroot' function. */ -#cmakedefine HAVE_CHROOT - -/* Define to 1 if you have the `CRYPTO_cleanup_all_ex_data' function. */ -#cmakedefine HAVE_CRYPTO_CLEANUP_ALL_EX_DATA - -/* Define to 1 if you have the `ctime_r' function. */ -#cmakedefine HAVE_CTIME_R - -/* Define to 1 if you have the `daemon' function. */ -#cmakedefine HAVE_DAEMON - -/* Define to 1 if you have the declaration of `arc4random', and to 0 if you - don't. */ -#cmakedefine HAVE_DECL_ARC4RANDOM - -/* Define to 1 if you have the declaration of `arc4random_uniform', and to 0 - if you don't. */ -#cmakedefine HAVE_DECL_ARC4RANDOM_UNIFORM - -/* Define to 1 if you have the declaration of `inet_ntop', and to 0 if you - don't. */ -#cmakedefine HAVE_DECL_INET_NTOP - -/* Define to 1 if you have the declaration of `inet_pton', and to 0 if you - don't. */ -#cmakedefine HAVE_DECL_INET_PTON - -/* Define to 1 if you have the declaration of `NID_secp384r1', and to 0 if you - don't. */ -#cmakedefine HAVE_DECL_NID_SECP384R1 - -/* Define to 1 if you have the declaration of `NID_X9_62_prime256v1', and to 0 - if you don't. */ -#cmakedefine HAVE_DECL_NID_X9_62_PRIME256V1 - -/* Define to 1 if you have the declaration of `reallocarray', and to 0 if you - don't. */ -#cmakedefine HAVE_DECL_REALLOCARRAY - -/* Define to 1 if you have the declaration of `sk_SSL_COMP_pop_free', and to 0 - if you don't. */ -#cmakedefine HAVE_DECL_SK_SSL_COMP_POP_FREE - -/* Define to 1 if you have the declaration of - `SSL_COMP_get_compression_methods', and to 0 if you don't. */ -#cmakedefine HAVE_DECL_SSL_COMP_GET_COMPRESSION_METHODS - -/* Define to 1 if you have the declaration of `SSL_CTX_set_ecdh_auto', and to - 0 if you don't. */ -#cmakedefine HAVE_DECL_SSL_CTX_SET_ECDH_AUTO - -/* Define to 1 if you have the declaration of `strlcat', and to 0 if you - don't. */ -#cmakedefine HAVE_DECL_STRLCAT - -/* Define to 1 if you have the declaration of `strlcpy', and to 0 if you - don't. */ -#cmakedefine HAVE_DECL_STRLCPY - -/* Define to 1 if you have the declaration of `XML_StopParser', and to 0 if - you don't. */ -#cmakedefine HAVE_DECL_XML_STOPPARSER - -/* Define to 1 if you have the header file. */ -#cmakedefine HAVE_DLFCN_H - -/* Define to 1 if you have the `DSA_SIG_set0' function. */ -#cmakedefine HAVE_DSA_SIG_SET0 - -/* Define to 1 if you have the header file. */ -#cmakedefine HAVE_ENDIAN_H - -/* Define to 1 if you have the `endprotoent' function. */ -#cmakedefine HAVE_ENDPROTOENT - -/* Define to 1 if you have the `endpwent' function. */ -#cmakedefine HAVE_ENDPWENT - -/* Define to 1 if you have the `endservent' function. */ -#cmakedefine HAVE_ENDSERVENT - -/* Define to 1 if you have the `ERR_free_strings' function. */ -#cmakedefine HAVE_ERR_FREE_STRINGS - -/* Define to 1 if you have the `ERR_load_crypto_strings' function. */ -#cmakedefine HAVE_ERR_LOAD_CRYPTO_STRINGS - -/* Define to 1 if you have the `event_base_free' function. */ -#cmakedefine HAVE_EVENT_BASE_FREE - -/* Define to 1 if you have the `event_base_get_method' function. */ -#cmakedefine HAVE_EVENT_BASE_GET_METHOD - -/* Define to 1 if you have the `event_base_new' function. */ -#cmakedefine HAVE_EVENT_BASE_NEW - -/* Define to 1 if you have the `event_base_once' function. */ -#cmakedefine HAVE_EVENT_BASE_ONCE - -/* Define to 1 if you have the header file. */ -#cmakedefine HAVE_EVENT_H - -/* Define to 1 if you have the `EVP_cleanup' function. */ -#cmakedefine HAVE_EVP_CLEANUP - -/* Define to 1 if you have the `EVP_dss1' function. */ -#cmakedefine HAVE_EVP_DSS1 - -/* Define to 1 if you have the `EVP_MD_CTX_new' function. */ -#cmakedefine HAVE_EVP_MD_CTX_NEW - -/* Define to 1 if you have the `EVP_sha1' function. */ -#cmakedefine HAVE_EVP_SHA1 - -/* Define to 1 if you have the `EVP_sha256' function. */ -#cmakedefine HAVE_EVP_SHA256 - -/* Define to 1 if you have the `EVP_sha512' function. */ -#cmakedefine HAVE_EVP_SHA512 - -/* Define to 1 if you have the `ev_default_loop' function. */ -#cmakedefine HAVE_EV_DEFAULT_LOOP - -/* Define to 1 if you have the `ev_loop' function. */ -#cmakedefine HAVE_EV_LOOP - -/* Define to 1 if you have the header file. */ -#cmakedefine HAVE_EXPAT_H - -/* Define to 1 if you have the `fcntl' function. */ -#cmakedefine HAVE_FCNTL - -/* Define to 1 if you have the `FIPS_mode' function. */ -#cmakedefine HAVE_FIPS_MODE - -/* Define to 1 if you have the `fork' function. */ -#cmakedefine HAVE_FORK - -/* Define to 1 if fseeko (and presumably ftello) exists and is declared. */ -#cmakedefine HAVE_FSEEKO - -/* Define to 1 if you have the `fsync' function. */ -#cmakedefine HAVE_FSYNC - -/* Whether getaddrinfo is available */ -#cmakedefine HAVE_GETADDRINFO - -/* Define to 1 if you have the `getauxval' function. */ -#cmakedefine HAVE_GETAUXVAL - -/* Define to 1 if you have the `getentropy' function. */ -#cmakedefine HAVE_GETENTROPY - -/* Define to 1 if you have the header file. */ -#cmakedefine HAVE_GETOPT_H - -/* Define to 1 if you have the `getpwnam' function. */ -#cmakedefine HAVE_GETPWNAM - -/* Define to 1 if you have the `getrlimit' function. */ -#cmakedefine HAVE_GETRLIMIT - -/* Define to 1 if you have the `glob' function. */ -#cmakedefine HAVE_GLOB - -/* Define to 1 if you have the header file. */ -#cmakedefine HAVE_GLOB_H - -/* Define to 1 if you have the `gmtime_r' function. */ -#cmakedefine HAVE_GMTIME_R - -/* Define to 1 if you have the header file. */ -#cmakedefine HAVE_GRP_H - -/* If you have HMAC_Update */ -#cmakedefine HAVE_HMAC_UPDATE - -/* Define to 1 if you have the `inet_aton' function. */ -#cmakedefine HAVE_INET_ATON - -/* Define to 1 if you have the `inet_ntop' function. */ -#cmakedefine HAVE_INET_NTOP - -/* Define to 1 if you have the `inet_pton' function. */ -#cmakedefine HAVE_INET_PTON - -/* Define to 1 if you have the `initgroups' function. */ -#cmakedefine HAVE_INITGROUPS - -/* Define to 1 if you have the header file. */ -#cmakedefine HAVE_INTTYPES_H - -/* if the function 'ioctlsocket' is available */ -#cmakedefine HAVE_IOCTLSOCKET - -/* Define to 1 if you have the header file. */ -#cmakedefine HAVE_IPHLPAPI_H - -/* Define to 1 if you have the `isblank' function. */ -#cmakedefine HAVE_ISBLANK - -/* Define to 1 if you have the `kill' function. */ -#cmakedefine HAVE_KILL - -/* Define if we have LibreSSL */ -#cmakedefine HAVE_LIBRESSL - -/* Define to 1 if you have the `localtime_r' function. */ -#cmakedefine HAVE_LOCALTIME_R - -/* Define to 1 if you have the header file. */ -#cmakedefine HAVE_LOGIN_CAP_H - -/* If have GNU libc compatible malloc */ -#cmakedefine HAVE_MALLOC - -/* Define to 1 if you have the `memmove' function. */ -#cmakedefine HAVE_MEMMOVE - -/* Define to 1 if you have the header file. */ -#cmakedefine HAVE_MEMORY_H - -/* Define to 1 if you have the header file. */ -#cmakedefine HAVE_NETDB_H - -/* Define to 1 if you have the header file. */ -#cmakedefine HAVE_NETINET_IN_H - -/* Define to 1 if you have the header file. */ -#cmakedefine HAVE_NETINET_TCP_H - -/* Use libnettle for crypto */ -#cmakedefine HAVE_NETTLE - -/* Define to 1 if you have the header file. */ -#cmakedefine HAVE_NETTLE_DSA_COMPAT_H - -/* Use libnss for crypto */ -#cmakedefine HAVE_NSS - -/* Define to 1 if you have the `OpenSSL_add_all_digests' function. */ -#cmakedefine HAVE_OPENSSL_ADD_ALL_DIGESTS - -/* Define to 1 if you have the header file. */ -#cmakedefine HAVE_OPENSSL_BN_H - -/* Define to 1 if you have the `OPENSSL_config' function. */ -#cmakedefine HAVE_OPENSSL_CONFIG - -/* Define to 1 if you have the header file. */ -#cmakedefine HAVE_OPENSSL_CONF_H - -/* Define to 1 if you have the header file. */ -#cmakedefine HAVE_OPENSSL_DH_H - -/* Define to 1 if you have the header file. */ -#cmakedefine HAVE_OPENSSL_DSA_H - -/* Define to 1 if you have the header file. */ -#cmakedefine HAVE_OPENSSL_ENGINE_H - -/* Define to 1 if you have the header file. */ -#cmakedefine HAVE_OPENSSL_ERR_H - -/* Define to 1 if you have the `OPENSSL_init_crypto' function. */ -#cmakedefine HAVE_OPENSSL_INIT_CRYPTO - -/* Define to 1 if you have the `OPENSSL_init_ssl' function. */ -#cmakedefine HAVE_OPENSSL_INIT_SSL - -/* Define to 1 if you have the header file. */ -#cmakedefine HAVE_OPENSSL_RAND_H - -/* Define to 1 if you have the header file. */ -#cmakedefine HAVE_OPENSSL_RSA_H - -/* Define to 1 if you have the header file. */ -#cmakedefine HAVE_OPENSSL_SSL_H - -/* Define if you have POSIX threads libraries and header files. */ -#cmakedefine HAVE_PTHREAD - -/* Have PTHREAD_PRIO_INHERIT. */ -#cmakedefine HAVE_PTHREAD_PRIO_INHERIT - -/* Define to 1 if the system has the type `pthread_rwlock_t'. */ -#cmakedefine HAVE_PTHREAD_RWLOCK_T - -/* Define to 1 if the system has the type `pthread_spinlock_t'. */ -#cmakedefine HAVE_PTHREAD_SPINLOCK_T - -/* Define to 1 if you have the header file. */ -#cmakedefine HAVE_PWD_H - -/* Define if you have Python libraries and header files. */ -#cmakedefine HAVE_PYTHON - -/* Define to 1 if you have the `random' function. */ -#cmakedefine HAVE_RANDOM - -/* Define to 1 if you have the `RAND_cleanup' function. */ -#cmakedefine HAVE_RAND_CLEANUP - -/* Define to 1 if you have the `reallocarray' function. */ -#cmakedefine HAVE_REALLOCARRAY - -/* Define to 1 if you have the `recvmsg' function. */ -#cmakedefine HAVE_RECVMSG - -/* Define to 1 if you have the `sendmsg' function. */ -#cmakedefine HAVE_SENDMSG - -/* Define to 1 if you have the `setregid' function. */ -#cmakedefine HAVE_SETREGID - -/* Define to 1 if you have the `setresgid' function. */ -#cmakedefine HAVE_SETRESGID - -/* Define to 1 if you have the `setresuid' function. */ -#cmakedefine HAVE_SETRESUID - -/* Define to 1 if you have the `setreuid' function. */ -#cmakedefine HAVE_SETREUID - -/* Define to 1 if you have the `setrlimit' function. */ -#cmakedefine HAVE_SETRLIMIT - -/* Define to 1 if you have the `setsid' function. */ -#cmakedefine HAVE_SETSID - -/* Define to 1 if you have the `setusercontext' function. */ -#cmakedefine HAVE_SETUSERCONTEXT - -/* Define to 1 if you have the `SHA512_Update' function. */ -#cmakedefine HAVE_SHA512_UPDATE - -/* Define to 1 if you have the `shmget' function. */ -#cmakedefine HAVE_SHMGET - -/* Define to 1 if you have the `sigprocmask' function. */ -#cmakedefine HAVE_SIGPROCMASK - -/* Define to 1 if you have the `sleep' function. */ -#cmakedefine HAVE_SLEEP - -/* Define to 1 if you have the `snprintf' function. */ -#cmakedefine HAVE_SNPRINTF - -/* Define to 1 if you have the `socketpair' function. */ -#cmakedefine HAVE_SOCKETPAIR - -/* Using Solaris threads */ -#cmakedefine HAVE_SOLARIS_THREADS - -/* Define to 1 if you have the `srandom' function. */ -#cmakedefine HAVE_SRANDOM - -/* Define if you have the SSL libraries installed. */ -#cmakedefine HAVE_SSL - -/* Define to 1 if you have the `SSL_CTX_set_security_level' function. */ -#cmakedefine HAVE_SSL_CTX_SET_SECURITY_LEVEL - -/* Define to 1 if you have the header file. */ -#cmakedefine HAVE_STDARG_H - -/* Define to 1 if you have the header file. */ -#cmakedefine HAVE_STDBOOL_H - -/* Define to 1 if you have the header file. */ -#cmakedefine HAVE_STDINT_H - -/* Define to 1 if you have the header file. */ -#cmakedefine HAVE_STDLIB_H - -/* Define to 1 if you have the `strftime' function. */ -#cmakedefine HAVE_STRFTIME - -/* Define to 1 if you have the header file. */ -#cmakedefine HAVE_STRINGS_H - -/* Define to 1 if you have the header file. */ -#cmakedefine HAVE_STRING_H - -/* Define to 1 if you have the `strlcat' function. */ -#cmakedefine HAVE_STRLCAT - -/* Define to 1 if you have the `strlcpy' function. */ -#cmakedefine HAVE_STRLCPY - -/* Define to 1 if you have the `strptime' function. */ -#cmakedefine HAVE_STRPTIME - -/* Define to 1 if you have the `strsep' function. */ -#cmakedefine HAVE_STRSEP - -/* Define to 1 if `ipi_spec_dst' is a member of `struct in_pktinfo'. */ -#cmakedefine HAVE_STRUCT_IN_PKTINFO_IPI_SPEC_DST - -/* Define to 1 if `sun_len' is a member of `struct sockaddr_un'. */ -#cmakedefine HAVE_STRUCT_SOCKADDR_UN_SUN_LEN - -/* Define if you have Swig libraries and header files. */ -#cmakedefine HAVE_SWIG - -/* Define to 1 if you have the header file. */ -#cmakedefine HAVE_SYSLOG_H - -/* Define to 1 if systemd should be used */ -#undef HAVE_SYSTEMD - -/* Define to 1 if you have the header file. */ -#cmakedefine HAVE_SYS_IPC_H - -/* Define to 1 if you have the header file. */ -#cmakedefine01 HAVE_SYS_PARAM_H - -/* Define to 1 if you have the header file. */ -#cmakedefine HAVE_SYS_RESOURCE_H - -/* Define to 1 if you have the header file. */ -#cmakedefine HAVE_SYS_SHA2_H - -/* Define to 1 if you have the header file. */ -#cmakedefine HAVE_SYS_SHM_H - -/* Define to 1 if you have the header file. */ -#cmakedefine HAVE_SYS_SOCKET_H - -/* Define to 1 if you have the header file. */ -#cmakedefine HAVE_SYS_STAT_H - -/* Define to 1 if you have the header file. */ -#cmakedefine HAVE_SYS_SYSCTL_H - -/* Define to 1 if you have the header file. */ -#cmakedefine HAVE_SYS_TYPES_H - -/* Define to 1 if you have the header file. */ -#cmakedefine HAVE_SYS_UIO_H - -/* Define to 1 if you have the header file. */ -#cmakedefine HAVE_SYS_UN_H - -/* Define to 1 if you have the header file. */ -#cmakedefine HAVE_SYS_WAIT_H - -/* Define to 1 if you have the header file. */ -#cmakedefine HAVE_TIME_H - -/* Define to 1 if you have the `tzset' function. */ -#cmakedefine HAVE_TZSET - -/* Define to 1 if you have the header file. */ -#cmakedefine HAVE_UNISTD_H - -/* Define to 1 if you have the `usleep' function. */ -#cmakedefine HAVE_USLEEP - -/* Define to 1 if you have the `vfork' function. */ -#cmakedefine HAVE_VFORK - -/* Define to 1 if you have the header file. */ -#cmakedefine HAVE_VFORK_H - -/* Define to 1 if you have the header file. */ -#cmakedefine HAVE_WINDOWS_H - -/* Using Windows threads */ -#cmakedefine HAVE_WINDOWS_THREADS - -/* Define to 1 if you have the header file. */ -#cmakedefine HAVE_WINSOCK2_H - -/* Define to 1 if `fork' works. */ -#cmakedefine HAVE_WORKING_FORK - -/* Define to 1 if `vfork' works. */ -#cmakedefine HAVE_WORKING_VFORK - -/* Define to 1 if you have the `writev' function. */ -#cmakedefine HAVE_WRITEV - -/* Define to 1 if you have the header file. */ -#cmakedefine HAVE_WS2TCPIP_H - -/* Define to 1 if you have the `_beginthreadex' function. */ -#cmakedefine HAVE__BEGINTHREADEX - -/* if lex has yylex_destroy */ -#cmakedefine LEX_HAS_YYLEX_DESTROY - -/* Define to the sub-directory in which libtool stores uninstalled libraries. - */ -#undef LT_OBJDIR - -/* Define to the maximum message length to pass to syslog. */ -#define MAXSYSLOGMSGLEN @MAXSYSLOGMSGLEN@ - -/* Define if memcmp() does not compare unsigned bytes */ -#cmakedefine MEMCMP_IS_BROKEN - -/* Define if mkdir has one argument. */ -#cmakedefine MKDIR_HAS_ONE_ARG - -/* Define if the network stack does not fully support nonblocking io (causes - lower performance). */ -#cmakedefine NONBLOCKING_IS_BROKEN - -/* Put -D_ALL_SOURCE define in config.h */ -#cmakedefine OMITTED__D_ALL_SOURCE - -/* Put -D_BSD_SOURCE define in config.h */ -#cmakedefine OMITTED__D_BSD_SOURCE - -/* Put -D_DEFAULT_SOURCE define in config.h */ -#cmakedefine OMITTED__D_DEFAULT_SOURCE - -/* Put -D_GNU_SOURCE define in config.h */ -#cmakedefine OMITTED__D_GNU_SOURCE - -/* Put -D_LARGEFILE_SOURCE=1 define in config.h */ -#cmakedefine OMITTED__D_LARGEFILE_SOURCE_1 - -/* Put -D_POSIX_C_SOURCE=200112 define in config.h */ -#cmakedefine OMITTED__D_POSIX_C_SOURCE_200112 - -/* Put -D_XOPEN_SOURCE=600 define in config.h */ -#cmakedefine OMITTED__D_XOPEN_SOURCE_600 - -/* Put -D_XOPEN_SOURCE_EXTENDED=1 define in config.h */ -#cmakedefine OMITTED__D_XOPEN_SOURCE_EXTENDED_1 - -/* Put -D__EXTENSIONS__ define in config.h */ -#cmakedefine OMITTED__D__EXTENSIONS__ - -/* Define to the address where bug reports for this package should be sent. */ -#undef PACKAGE_BUGREPORT - -/* Define to the full name of this package. */ -#define PACKAGE_NAME "@PACKAGE_NAME@" - -/* Define to the full name and version of this package. */ -#define PACKAGE_STRING "@PACKAGE_STRING@" - -/* Define to the one symbol short name of this package. */ -#undef PACKAGE_TARNAME - -/* Define to the home page for this package. */ -#define PACKAGE_URL "" - -/* Define to the version of this package. */ -#define PACKAGE_VERSION "@PACKAGE_VERSION@" - -/* default pidfile location */ -#define PIDFILE "@UNBOUND_PIDFILE@" - -/* Define to necessary symbol if this constant uses a non-standard name on - your system. */ -#undef PTHREAD_CREATE_JOINABLE - -/* Define as the return type of signal handlers (`int' or `void'). */ -#cmakedefine RETSIGTYPE @RETSIGTYPE@ - -/* default rootkey location */ -#undef ROOT_ANCHOR_FILE - -/* default rootcert location */ -#undef ROOT_CERT_FILE - -/* version number for resource files */ -#undef RSRC_PACKAGE_VERSION - -/* Directory to chdir to */ -#define RUN_DIR "@UNBOUND_RUN_DIR@" - -/* Shared data */ -#define SHARE_DIR "@UNBOUND_SHARE_DIR@" - -/* The size of `time_t', as computed by sizeof. */ -#undef SIZEOF_TIME_T - -/* define if (v)snprintf does not return length needed, (but length used) */ -#undef SNPRINTF_RET_BROKEN - -/* Define to 1 if you have the ANSI C header files. */ -#cmakedefine STDC_HEADERS - -/* use default strptime. */ -#cmakedefine STRPTIME_WORKS - -/* Use win32 resources and API */ -#cmakedefine UB_ON_WINDOWS - -/* default username */ -#define UB_USERNAME "@UNBOUND_USERNAME@" - -/* use to enable lightweight alloc assertions, for debug use */ -#cmakedefine UNBOUND_ALLOC_LITE - -/* use malloc not regions, for debug use */ -#cmakedefine UNBOUND_ALLOC_NONREGIONAL - -/* use statistics for allocs and frees, for debug use */ -#cmakedefine UNBOUND_ALLOC_STATS - -/* define this to enable debug checks. */ -#cmakedefine UNBOUND_DEBUG - -/* Define to 1 to use cachedb support */ -#cmakedefine USE_CACHEDB - -/* Define to 1 to enable dnscrypt support */ -#cmakedefine USE_DNSCRYPT - -/* Define to 1 to enable dnstap support */ -#cmakedefine USE_DNSTAP - -/* Define this to enable DSA support. */ -#cmakedefine USE_DSA - -/* Define this to enable ECDSA support. */ -#cmakedefine USE_ECDSA - -/* Define this to enable an EVP workaround for older openssl */ -#cmakedefine USE_ECDSA_EVP_WORKAROUND - -/* Define this to enable GOST support. */ -#cmakedefine USE_GOST - -/* Define if you want to use internal select based events */ -#define USE_MINI_EVENT 1 - -/* Define this to enable client TCP Fast Open. */ -#cmakedefine USE_MSG_FASTOPEN - -/* Define this to enable client TCP Fast Open. */ -#cmakedefine USE_OSX_MSG_FASTOPEN - -/* Define this to enable SHA1 support. */ -#cmakedefine USE_SHA1 - -/* Define this to enable SHA256 and SHA512 support. */ -#cmakedefine USE_SHA2 - -/* Define this to disable code that can trigger Valgrind/AddressSanitizer - errors. See https://www.nlnetlabs.nl/bugs-script/show_bug.cgi?id=1301 */ -#define VALGRIND - -/* Enable extensions on AIX 3, Interix. */ -#ifndef _ALL_SOURCE -# define _ALL_SOURCE 1 -#endif -/* Enable GNU extensions on systems that have them. */ -#ifndef _GNU_SOURCE -# define _GNU_SOURCE 1 -#endif -/* Enable threading extensions on Solaris. */ -#ifndef _POSIX_PTHREAD_SEMANTICS -# define _POSIX_PTHREAD_SEMANTICS 1 -#endif -/* Enable extensions on HP NonStop. */ -#ifndef _TANDEM_SOURCE -# define _TANDEM_SOURCE 1 -#endif -/* Enable general extensions on Solaris. */ -#ifndef __EXTENSIONS__ -# define __EXTENSIONS__ 1 -#endif - - -/* Define this to enable server TCP Fast Open. */ -#cmakedefine USE_TCP_FASTOPEN - -/* Whether the windows socket API is used */ -#cmakedefine USE_WINSOCK - -/* the version of the windows API enabled */ -#define WINVER @WINVER@ - -/* Define if you want Python module. */ -#cmakedefine WITH_PYTHONMODULE - -/* Define if you want PyUnbound. */ -#cmakedefine WITH_PYUNBOUND - -/* Define to 1 if `lex' declares `yytext' as a `char *' by default, not a - `char[]'. */ -#undef YYTEXT_POINTER - -/* Enable large inode numbers on Mac OS X 10.5. */ -#ifndef _DARWIN_USE_64_BIT_INODE -# define _DARWIN_USE_64_BIT_INODE 1 -#endif - -/* Number of bits in a file offset, on hosts where this is settable. */ -#undef _FILE_OFFSET_BITS - -/* Define to 1 to make fseeko visible on some hosts (e.g. glibc 2.2). */ -#cmakedefine _LARGEFILE_SOURCE - -/* Define for large files, on AIX-style hosts. */ -#cmakedefine _LARGE_FILES - -/* Define to 1 if on MINIX. */ -#cmakedefine _MINIX - -/* Enable for compile on Minix */ -#cmakedefine _NETBSD_SOURCE - -/* Define to 2 if the system does not provide POSIX.1 features except with - this defined. */ -#cmakedefine _POSIX_1_SOURCE - -/* Define to 1 if you need to in order for `stat' and other things to work. */ -#cmakedefine _POSIX_SOURCE - -/* Define to empty if `const' does not conform to ANSI C. */ -#cmakedefine const - -/* Define to `int' if doesn't define. */ -#cmakedefine gid_t @gid_t@ - -/* in_addr_t */ -#cmakedefine in_addr_t @in_addr_t@ - -/* in_port_t */ -#cmakedefine in_port_t @in_port_t@ - -/* Define to `__inline__' or `__inline' if that's what the C compiler - calls it, or to nothing if 'inline' is not supported under any name. */ -#ifndef __cplusplus -#cmakedefine inline @inline@ -#endif - -/* Define to `short' if does not define. */ -#cmakedefine int16_t @int16_t@ - -/* Define to `int' if does not define. */ -#cmakedefine int32_t @int32_t@ - -/* Define to `long long' if does not define. */ -#cmakedefine int64_t @int64_t@ - -/* Define to `signed char' if does not define. */ -#cmakedefine int8_t @int8_t@ - -/* Define if replacement function should be used. */ -#cmakedefine malloc - -/* Define to `long int' if does not define. */ -#cmakedefine off_t - -/* Define to `int' if does not define. */ -#cmakedefine pid_t @pid_t@ - -/* Define to 'int' if not defined */ -#cmakedefine rlim_t @rlim_t@ - -/* Define to `unsigned int' if does not define. */ -#cmakedefine size_t - -/* Define to 'int' if not defined */ -#cmakedefine socklen_t - -/* Define to `int' if does not define. */ -#cmakedefine ssize_t @ssize_t@ - -/* Define to 'unsigned char if not defined */ -#cmakedefine u_char - -/* Define to `int' if doesn't define. */ -#cmakedefine uid_t @uid_t@ - -/* Define to `unsigned short' if does not define. */ -#cmakedefine uint16_t @uint16_t@ - -/* Define to `unsigned int' if does not define. */ -#cmakedefine uint32_t @uint32_t@ - -/* Define to `unsigned long long' if does not define. */ -#cmakedefine uint64_t @uint64_t@ - -/* Define to `unsigned char' if does not define. */ -#cmakedefine uint8_t @uint8_t@ - -/* Define as `fork' if `vfork' does not work. */ -#cmakedefine vfork @vfork@ - -#cmakedefine __func__ @__func__@ - -#if defined(OMITTED__D_GNU_SOURCE) && !defined(_GNU_SOURCE) -#define _GNU_SOURCE 1 -#endif - -#if defined(OMITTED__D_BSD_SOURCE) && !defined(_BSD_SOURCE) -#define _BSD_SOURCE 1 -#endif - -#if defined(OMITTED__D_DEFAULT_SOURCE) && !defined(_DEFAULT_SOURCE) -#define _DEFAULT_SOURCE 1 -#endif - -#if defined(OMITTED__D__EXTENSIONS__) && !defined(__EXTENSIONS__) -#define __EXTENSIONS__ 1 -#endif - -#if defined(OMITTED__D_POSIX_C_SOURCE_200112) && !defined(_POSIX_C_SOURCE) -#define _POSIX_C_SOURCE 200112 -#endif - -#if defined(OMITTED__D_XOPEN_SOURCE_600) && !defined(_XOPEN_SOURCE) -#define _XOPEN_SOURCE 600 -#endif - -#if defined(OMITTED__D_XOPEN_SOURCE_EXTENDED_1) && !defined(_XOPEN_SOURCE_EXTENDED) -#define _XOPEN_SOURCE_EXTENDED 1 -#endif - -#if defined(OMITTED__D_ALL_SOURCE) && !defined(_ALL_SOURCE) -#define _ALL_SOURCE 1 -#endif - -#if defined(OMITTED__D_LARGEFILE_SOURCE_1) && !defined(_LARGEFILE_SOURCE) -#define _LARGEFILE_SOURCE 1 -#endif - -/** Use small-ldns codebase */ -#define USE_SLDNS 1 -#ifdef HAVE_SSL -# define LDNS_BUILD_CONFIG_HAVE_SSL 1 -#endif - -#include -#include -#ifdef HAVE_UNISTD_H -#include -#endif -#include - -#ifdef HAVE_STDLIB_H -#include -#endif - -#if STDC_HEADERS -#include -#endif - -#ifdef HAVE_STDARG_H -#include -#endif - -#ifdef HAVE_STDINT_H -#include -#endif - -#include - -#if HAVE_SYS_PARAM_H -#include -#endif - -#ifdef HAVE_SYS_SOCKET_H -#include -#endif - -#ifdef HAVE_SYS_TYPES_H -#include -#endif - -#ifdef HAVE_SYS_UIO_H -#include -#endif - -#ifdef HAVE_NETINET_IN_H -#include -#endif - -#ifdef HAVE_NETINET_TCP_H -#include -#endif - -#ifdef HAVE_ARPA_INET_H -#include -#endif - -#ifdef HAVE_WINSOCK2_H -#include -#endif - -#ifdef HAVE_WS2TCPIP_H -#include -#endif - -#ifndef USE_WINSOCK -#define ARG_LL "%ll" -#else -#define ARG_LL "%I64" -#endif - - -#ifndef AF_LOCAL -#define AF_LOCAL AF_UNIX -#endif - - -#ifdef HAVE_ATTR_FORMAT -# define ATTR_FORMAT(archetype, string_index, first_to_check) \ - __attribute__ ((format (archetype, string_index, first_to_check))) -#else /* !HAVE_ATTR_FORMAT */ -# define ATTR_FORMAT(archetype, string_index, first_to_check) /* empty */ -#endif /* !HAVE_ATTR_FORMAT */ - - -#if defined(DOXYGEN) -# define ATTR_UNUSED(x) x -#elif defined(__cplusplus) -# define ATTR_UNUSED(x) -#elif defined(HAVE_ATTR_UNUSED) -# define ATTR_UNUSED(x) x __attribute__((unused)) -#else /* !HAVE_ATTR_UNUSED */ -# define ATTR_UNUSED(x) x -#endif /* !HAVE_ATTR_UNUSED */ - - -#ifndef HAVE_FSEEKO -#define fseeko fseek -#define ftello ftell -#endif /* HAVE_FSEEKO */ - - -#ifndef MAXHOSTNAMELEN -#define MAXHOSTNAMELEN 256 -#endif - - -#if !defined(HAVE_SNPRINTF) || defined(SNPRINTF_RET_BROKEN) -#define snprintf snprintf_unbound -#define vsnprintf vsnprintf_unbound -#include -int snprintf (char *str, size_t count, const char *fmt, ...); -int vsnprintf (char *str, size_t count, const char *fmt, va_list arg); -#endif /* HAVE_SNPRINTF or SNPRINTF_RET_BROKEN */ - - -#ifndef HAVE_INET_PTON -#define inet_pton inet_pton_unbound -int inet_pton(int af, const char* src, void* dst); -#endif /* HAVE_INET_PTON */ - - -#ifndef HAVE_INET_NTOP -#define inet_ntop inet_ntop_unbound -const char *inet_ntop(int af, const void *src, char *dst, size_t size); -#endif - - -#ifndef HAVE_INET_ATON -#define inet_aton inet_aton_unbound -int inet_aton(const char *cp, struct in_addr *addr); -#endif - - -#ifndef HAVE_MEMMOVE -#define memmove memmove_unbound -void *memmove(void *dest, const void *src, size_t n); -#endif - - -#ifndef HAVE_STRLCAT -#define strlcat strlcat_unbound -size_t strlcat(char *dst, const char *src, size_t siz); -#endif - - -#ifndef HAVE_STRLCPY -#define strlcpy strlcpy_unbound -size_t strlcpy(char *dst, const char *src, size_t siz); -#endif - - -#ifndef HAVE_GMTIME_R -#define gmtime_r gmtime_r_unbound -struct tm *gmtime_r(const time_t *timep, struct tm *result); -#endif - - -#ifndef HAVE_REALLOCARRAY -#define reallocarray reallocarrayunbound -void* reallocarray(void *ptr, size_t nmemb, size_t size); -#endif - - -#if !defined(HAVE_SLEEP) || defined(HAVE_WINDOWS_H) -#define sleep(x) Sleep((x)*1000) /* on win32 */ -#endif /* HAVE_SLEEP */ - - -#ifndef HAVE_USLEEP -#define usleep(x) Sleep((x)/1000 + 1) /* on win32 */ -#endif /* HAVE_USLEEP */ - - -#ifndef HAVE_RANDOM -#define random rand /* on win32, for tests only (bad random) */ -#endif /* HAVE_RANDOM */ - - -#ifndef HAVE_SRANDOM -#define srandom(x) srand(x) /* on win32, for tests only (bad random) */ -#endif /* HAVE_SRANDOM */ - - -/* detect if we need to cast to unsigned int for FD_SET to avoid warnings */ -#ifdef HAVE_WINSOCK2_H -#define FD_SET_T (u_int) -#else -#define FD_SET_T -#endif - - -#ifndef IPV6_MIN_MTU -#define IPV6_MIN_MTU 1280 -#endif /* IPV6_MIN_MTU */ - - -#ifdef MEMCMP_IS_BROKEN -#include "compat/memcmp.h" -#define memcmp memcmp_unbound -int memcmp(const void *x, const void *y, size_t n); -#endif - - - -#ifndef HAVE_CTIME_R -#define ctime_r unbound_ctime_r -char *ctime_r(const time_t *timep, char *buf); -#endif - -#ifndef HAVE_STRSEP -#define strsep unbound_strsep -char *strsep(char **stringp, const char *delim); -#endif - -#ifndef HAVE_ISBLANK -#define isblank unbound_isblank -int isblank(int c); -#endif - -#if !defined(HAVE_STRPTIME) || !defined(STRPTIME_WORKS) -#define strptime unbound_strptime -struct tm; -char *strptime(const char *s, const char *format, struct tm *tm); -#endif - -#ifdef HAVE_LIBRESSL -# if !HAVE_DECL_STRLCPY -size_t strlcpy(char *dst, const char *src, size_t siz); -# endif -# if !HAVE_DECL_STRLCAT -size_t strlcat(char *dst, const char *src, size_t siz); -# endif -# if !HAVE_DECL_ARC4RANDOM && defined(HAVE_ARC4RANDOM) -uint32_t arc4random(void); -# endif -# if !HAVE_DECL_ARC4RANDOM_UNIFORM && defined(HAVE_ARC4RANDOM_UNIFORM) -uint32_t arc4random_uniform(uint32_t upper_bound); -# endif -# if !HAVE_DECL_REALLOCARRAY -void *reallocarray(void *ptr, size_t nmemb, size_t size); -# endif -#endif /* HAVE_LIBRESSL */ -#ifndef HAVE_ARC4RANDOM -void explicit_bzero(void* buf, size_t len); -int getentropy(void* buf, size_t len); -uint32_t arc4random(void); -void arc4random_buf(void* buf, size_t n); -void _ARC4_LOCK(void); -void _ARC4_UNLOCK(void); -#endif -#ifndef HAVE_ARC4RANDOM_UNIFORM -uint32_t arc4random_uniform(uint32_t upper_bound); -#endif -#ifdef COMPAT_SHA512 -#ifndef SHA512_DIGEST_LENGTH -#define SHA512_BLOCK_LENGTH 128 -#define SHA512_DIGEST_LENGTH 64 -#define SHA512_DIGEST_STRING_LENGTH (SHA512_DIGEST_LENGTH * 2 + 1) -typedef struct _SHA512_CTX { - uint64_t state[8]; - uint64_t bitcount[2]; - uint8_t buffer[SHA512_BLOCK_LENGTH]; -} SHA512_CTX; -#endif /* SHA512_DIGEST_LENGTH */ -void SHA512_Init(SHA512_CTX*); -void SHA512_Update(SHA512_CTX*, void*, size_t); -void SHA512_Final(uint8_t[SHA512_DIGEST_LENGTH], SHA512_CTX*); -unsigned char *SHA512(void* data, unsigned int data_len, unsigned char *digest); -#endif /* COMPAT_SHA512 */ - - - -#if defined(HAVE_EVENT_H) && !defined(HAVE_EVENT_BASE_ONCE) && !(defined(HAVE_EV_LOOP) || defined(HAVE_EV_DEFAULT_LOOP)) && (defined(HAVE_PTHREAD) || defined(HAVE_SOLARIS_THREADS)) - /* using version of libevent that is not threadsafe. */ -# define LIBEVENT_SIGNAL_PROBLEM 1 -#endif - -#ifndef CHECKED_INET6 -# define CHECKED_INET6 -# ifdef AF_INET6 -# define INET6 -# else -# define AF_INET6 28 -# endif -#endif /* CHECKED_INET6 */ - -#ifndef HAVE_GETADDRINFO -struct sockaddr_storage; -#include "compat/fake-rfc2553.h" -#endif - -#ifdef UNBOUND_ALLOC_STATS -# define malloc(s) unbound_stat_malloc_log(s, __FILE__, __LINE__, __func__) -# define calloc(n,s) unbound_stat_calloc_log(n, s, __FILE__, __LINE__, __func__) -# define free(p) unbound_stat_free_log(p, __FILE__, __LINE__, __func__) -# define realloc(p,s) unbound_stat_realloc_log(p, s, __FILE__, __LINE__, __func__) -void *unbound_stat_malloc(size_t size); -void *unbound_stat_calloc(size_t nmemb, size_t size); -void unbound_stat_free(void *ptr); -void *unbound_stat_realloc(void *ptr, size_t size); -void *unbound_stat_malloc_log(size_t size, const char* file, int line, - const char* func); -void *unbound_stat_calloc_log(size_t nmemb, size_t size, const char* file, - int line, const char* func); -void unbound_stat_free_log(void *ptr, const char* file, int line, - const char* func); -void *unbound_stat_realloc_log(void *ptr, size_t size, const char* file, - int line, const char* func); -#elif defined(UNBOUND_ALLOC_LITE) -# include "util/alloc.h" -#endif /* UNBOUND_ALLOC_LITE and UNBOUND_ALLOC_STATS */ - -/** default port for DNS traffic. */ -#define UNBOUND_DNS_PORT 53 -/** default port for unbound control traffic, registered port with IANA, - ub-dns-control 8953/tcp unbound dns nameserver control */ -#define UNBOUND_CONTROL_PORT 8953 -/** the version of unbound-control that this software implements */ -#define UNBOUND_CONTROL_VERSION 1 - - diff --git a/external/unbound/config.h.in b/external/unbound/config.h.in deleted file mode 100644 index eacbc7f69..000000000 --- a/external/unbound/config.h.in +++ /dev/null @@ -1,1202 +0,0 @@ -/* config.h.in. Generated from configure.ac by autoheader. */ - -/* Directory to chroot to */ -#undef CHROOT_DIR - -/* Define this to enable client subnet option. */ -#undef CLIENT_SUBNET - -/* Do sha512 definitions in config.h */ -#undef COMPAT_SHA512 - -/* Pathname to the Unbound configuration file */ -#undef CONFIGFILE - -/* Define this if on macOSX10.4-darwin8 and setreuid and setregid do not work - */ -#undef DARWIN_BROKEN_SETREUID - -/* Whether daemon is deprecated */ -#undef DEPRECATED_DAEMON - -/* default dnstap socket path */ -#undef DNSTAP_SOCKET_PATH - -/* Define if you want to use debug lock checking (slow). */ -#undef ENABLE_LOCK_CHECKS - -/* Define this if you enabled-allsymbols from libunbound to link binaries to - it for smaller install size, but the libunbound export table is polluted by - internal symbols */ -#undef EXPORT_ALL_SYMBOLS - -/* Define to 1 if you have the `arc4random' function. */ -#undef HAVE_ARC4RANDOM - -/* Define to 1 if you have the `arc4random_uniform' function. */ -#undef HAVE_ARC4RANDOM_UNIFORM - -/* Define to 1 if you have the header file. */ -#undef HAVE_ARPA_INET_H - -/* Whether the C compiler accepts the "format" attribute */ -#undef HAVE_ATTR_FORMAT - -/* Whether the C compiler accepts the "unused" attribute */ -#undef HAVE_ATTR_UNUSED - -/* Whether the C compiler accepts the "weak" attribute */ -#undef HAVE_ATTR_WEAK - -/* Define to 1 if you have the `chown' function. */ -#undef HAVE_CHOWN - -/* Define to 1 if you have the `chroot' function. */ -#undef HAVE_CHROOT - -/* Define to 1 if you have the `CRYPTO_cleanup_all_ex_data' function. */ -#undef HAVE_CRYPTO_CLEANUP_ALL_EX_DATA - -/* Define to 1 if you have the `ctime_r' function. */ -#undef HAVE_CTIME_R - -/* Define to 1 if you have the `daemon' function. */ -#undef HAVE_DAEMON - -/* Define to 1 if you have the declaration of `arc4random', and to 0 if you - don't. */ -#undef HAVE_DECL_ARC4RANDOM - -/* Define to 1 if you have the declaration of `arc4random_uniform', and to 0 - if you don't. */ -#undef HAVE_DECL_ARC4RANDOM_UNIFORM - -/* Define to 1 if you have the declaration of `inet_ntop', and to 0 if you - don't. */ -#undef HAVE_DECL_INET_NTOP - -/* Define to 1 if you have the declaration of `inet_pton', and to 0 if you - don't. */ -#undef HAVE_DECL_INET_PTON - -/* Define to 1 if you have the declaration of `NID_secp384r1', and to 0 if you - don't. */ -#undef HAVE_DECL_NID_SECP384R1 - -/* Define to 1 if you have the declaration of `NID_X9_62_prime256v1', and to 0 - if you don't. */ -#undef HAVE_DECL_NID_X9_62_PRIME256V1 - -/* Define to 1 if you have the declaration of `reallocarray', and to 0 if you - don't. */ -#undef HAVE_DECL_REALLOCARRAY - -/* Define to 1 if you have the declaration of `sk_SSL_COMP_pop_free', and to 0 - if you don't. */ -#undef HAVE_DECL_SK_SSL_COMP_POP_FREE - -/* Define to 1 if you have the declaration of - `SSL_COMP_get_compression_methods', and to 0 if you don't. */ -#undef HAVE_DECL_SSL_COMP_GET_COMPRESSION_METHODS - -/* Define to 1 if you have the declaration of `SSL_CTX_set_ecdh_auto', and to - 0 if you don't. */ -#undef HAVE_DECL_SSL_CTX_SET_ECDH_AUTO - -/* Define to 1 if you have the declaration of `strlcat', and to 0 if you - don't. */ -#undef HAVE_DECL_STRLCAT - -/* Define to 1 if you have the declaration of `strlcpy', and to 0 if you - don't. */ -#undef HAVE_DECL_STRLCPY - -/* Define to 1 if you have the declaration of `XML_StopParser', and to 0 if - you don't. */ -#undef HAVE_DECL_XML_STOPPARSER - -/* Define to 1 if you have the header file. */ -#undef HAVE_DLFCN_H - -/* Define to 1 if you have the `DSA_SIG_set0' function. */ -#undef HAVE_DSA_SIG_SET0 - -/* Define to 1 if you have the header file. */ -#undef HAVE_ENDIAN_H - -/* Define to 1 if you have the `endprotoent' function. */ -#undef HAVE_ENDPROTOENT - -/* Define to 1 if you have the `endpwent' function. */ -#undef HAVE_ENDPWENT - -/* Define to 1 if you have the `endservent' function. */ -#undef HAVE_ENDSERVENT - -/* Define to 1 if you have the `ERR_free_strings' function. */ -#undef HAVE_ERR_FREE_STRINGS - -/* Define to 1 if you have the `ERR_load_crypto_strings' function. */ -#undef HAVE_ERR_LOAD_CRYPTO_STRINGS - -/* Define to 1 if you have the `event_base_free' function. */ -#undef HAVE_EVENT_BASE_FREE - -/* Define to 1 if you have the `event_base_get_method' function. */ -#undef HAVE_EVENT_BASE_GET_METHOD - -/* Define to 1 if you have the `event_base_new' function. */ -#undef HAVE_EVENT_BASE_NEW - -/* Define to 1 if you have the `event_base_once' function. */ -#undef HAVE_EVENT_BASE_ONCE - -/* Define to 1 if you have the header file. */ -#undef HAVE_EVENT_H - -/* Define to 1 if you have the `EVP_cleanup' function. */ -#undef HAVE_EVP_CLEANUP - -/* Define to 1 if you have the `EVP_dss1' function. */ -#undef HAVE_EVP_DSS1 - -/* Define to 1 if you have the `EVP_MD_CTX_new' function. */ -#undef HAVE_EVP_MD_CTX_NEW - -/* Define to 1 if you have the `EVP_sha1' function. */ -#undef HAVE_EVP_SHA1 - -/* Define to 1 if you have the `EVP_sha256' function. */ -#undef HAVE_EVP_SHA256 - -/* Define to 1 if you have the `EVP_sha512' function. */ -#undef HAVE_EVP_SHA512 - -/* Define to 1 if you have the `ev_default_loop' function. */ -#undef HAVE_EV_DEFAULT_LOOP - -/* Define to 1 if you have the `ev_loop' function. */ -#undef HAVE_EV_LOOP - -/* Define to 1 if you have the header file. */ -#undef HAVE_EXPAT_H - -/* Define to 1 if you have the `fcntl' function. */ -#undef HAVE_FCNTL - -/* Define to 1 if you have the `FIPS_mode' function. */ -#undef HAVE_FIPS_MODE - -/* Define to 1 if you have the `fork' function. */ -#undef HAVE_FORK - -/* Define to 1 if fseeko (and presumably ftello) exists and is declared. */ -#undef HAVE_FSEEKO - -/* Define to 1 if you have the `fsync' function. */ -#undef HAVE_FSYNC - -/* Whether getaddrinfo is available */ -#undef HAVE_GETADDRINFO - -/* Define to 1 if you have the `getauxval' function. */ -#undef HAVE_GETAUXVAL - -/* Define to 1 if you have the `getentropy' function. */ -#undef HAVE_GETENTROPY - -/* Define to 1 if you have the header file. */ -#undef HAVE_GETOPT_H - -/* Define to 1 if you have the `getpwnam' function. */ -#undef HAVE_GETPWNAM - -/* Define to 1 if you have the `getrlimit' function. */ -#undef HAVE_GETRLIMIT - -/* Define to 1 if you have the `glob' function. */ -#undef HAVE_GLOB - -/* Define to 1 if you have the header file. */ -#undef HAVE_GLOB_H - -/* Define to 1 if you have the `gmtime_r' function. */ -#undef HAVE_GMTIME_R - -/* Define to 1 if you have the header file. */ -#undef HAVE_GRP_H - -/* If you have HMAC_Update */ -#undef HAVE_HMAC_UPDATE - -/* Define to 1 if you have the `inet_aton' function. */ -#undef HAVE_INET_ATON - -/* Define to 1 if you have the `inet_ntop' function. */ -#undef HAVE_INET_NTOP - -/* Define to 1 if you have the `inet_pton' function. */ -#undef HAVE_INET_PTON - -/* Define to 1 if you have the `initgroups' function. */ -#undef HAVE_INITGROUPS - -/* Define to 1 if you have the header file. */ -#undef HAVE_INTTYPES_H - -/* if the function 'ioctlsocket' is available */ -#undef HAVE_IOCTLSOCKET - -/* Define to 1 if you have the header file. */ -#undef HAVE_IPHLPAPI_H - -/* Define to 1 if you have the `isblank' function. */ -#undef HAVE_ISBLANK - -/* Define to 1 if you have the `kill' function. */ -#undef HAVE_KILL - -/* Define if we have LibreSSL */ -#undef HAVE_LIBRESSL - -/* Define to 1 if you have the `localtime_r' function. */ -#undef HAVE_LOCALTIME_R - -/* Define to 1 if you have the header file. */ -#undef HAVE_LOGIN_CAP_H - -/* If have GNU libc compatible malloc */ -#undef HAVE_MALLOC - -/* Define to 1 if you have the `memmove' function. */ -#undef HAVE_MEMMOVE - -/* Define to 1 if you have the header file. */ -#undef HAVE_MEMORY_H - -/* Define to 1 if you have the header file. */ -#undef HAVE_NETDB_H - -/* Define to 1 if you have the header file. */ -#undef HAVE_NETINET_IN_H - -/* Define to 1 if you have the header file. */ -#undef HAVE_NETINET_TCP_H - -/* Use libnettle for crypto */ -#undef HAVE_NETTLE - -/* Define to 1 if you have the header file. */ -#undef HAVE_NETTLE_DSA_COMPAT_H - -/* Use libnss for crypto */ -#undef HAVE_NSS - -/* Define to 1 if you have the `OpenSSL_add_all_digests' function. */ -#undef HAVE_OPENSSL_ADD_ALL_DIGESTS - -/* Define to 1 if you have the header file. */ -#undef HAVE_OPENSSL_BN_H - -/* Define to 1 if you have the `OPENSSL_config' function. */ -#undef HAVE_OPENSSL_CONFIG - -/* Define to 1 if you have the header file. */ -#undef HAVE_OPENSSL_CONF_H - -/* Define to 1 if you have the header file. */ -#undef HAVE_OPENSSL_DH_H - -/* Define to 1 if you have the header file. */ -#undef HAVE_OPENSSL_DSA_H - -/* Define to 1 if you have the header file. */ -#undef HAVE_OPENSSL_ENGINE_H - -/* Define to 1 if you have the header file. */ -#undef HAVE_OPENSSL_ERR_H - -/* Define to 1 if you have the `OPENSSL_init_crypto' function. */ -#undef HAVE_OPENSSL_INIT_CRYPTO - -/* Define to 1 if you have the `OPENSSL_init_ssl' function. */ -#undef HAVE_OPENSSL_INIT_SSL - -/* Define to 1 if you have the header file. */ -#undef HAVE_OPENSSL_RAND_H - -/* Define to 1 if you have the header file. */ -#undef HAVE_OPENSSL_RSA_H - -/* Define to 1 if you have the header file. */ -#undef HAVE_OPENSSL_SSL_H - -/* Define if you have POSIX threads libraries and header files. */ -#undef HAVE_PTHREAD - -/* Have PTHREAD_PRIO_INHERIT. */ -#undef HAVE_PTHREAD_PRIO_INHERIT - -/* Define to 1 if the system has the type `pthread_rwlock_t'. */ -#undef HAVE_PTHREAD_RWLOCK_T - -/* Define to 1 if the system has the type `pthread_spinlock_t'. */ -#undef HAVE_PTHREAD_SPINLOCK_T - -/* Define to 1 if you have the header file. */ -#undef HAVE_PWD_H - -/* Define if you have Python libraries and header files. */ -#undef HAVE_PYTHON - -/* Define to 1 if you have the `random' function. */ -#undef HAVE_RANDOM - -/* Define to 1 if you have the `RAND_cleanup' function. */ -#undef HAVE_RAND_CLEANUP - -/* Define to 1 if you have the `reallocarray' function. */ -#undef HAVE_REALLOCARRAY - -/* Define to 1 if you have the `recvmsg' function. */ -#undef HAVE_RECVMSG - -/* Define to 1 if you have the `sendmsg' function. */ -#undef HAVE_SENDMSG - -/* Define to 1 if you have the `setregid' function. */ -#undef HAVE_SETREGID - -/* Define to 1 if you have the `setresgid' function. */ -#undef HAVE_SETRESGID - -/* Define to 1 if you have the `setresuid' function. */ -#undef HAVE_SETRESUID - -/* Define to 1 if you have the `setreuid' function. */ -#undef HAVE_SETREUID - -/* Define to 1 if you have the `setrlimit' function. */ -#undef HAVE_SETRLIMIT - -/* Define to 1 if you have the `setsid' function. */ -#undef HAVE_SETSID - -/* Define to 1 if you have the `setusercontext' function. */ -#undef HAVE_SETUSERCONTEXT - -/* Define to 1 if you have the `SHA512_Update' function. */ -#undef HAVE_SHA512_UPDATE - -/* Define to 1 if you have the `shmget' function. */ -#undef HAVE_SHMGET - -/* Define to 1 if you have the `sigprocmask' function. */ -#undef HAVE_SIGPROCMASK - -/* Define to 1 if you have the `sleep' function. */ -#undef HAVE_SLEEP - -/* Define to 1 if you have the `snprintf' function. */ -#undef HAVE_SNPRINTF - -/* Define to 1 if you have the `socketpair' function. */ -#undef HAVE_SOCKETPAIR - -/* Using Solaris threads */ -#undef HAVE_SOLARIS_THREADS - -/* Define to 1 if you have the `srandom' function. */ -#undef HAVE_SRANDOM - -/* Define if you have the SSL libraries installed. */ -#undef HAVE_SSL - -/* Define to 1 if you have the `SSL_CTX_set_security_level' function. */ -#undef HAVE_SSL_CTX_SET_SECURITY_LEVEL - -/* Define to 1 if you have the header file. */ -#undef HAVE_STDARG_H - -/* Define to 1 if you have the header file. */ -#undef HAVE_STDBOOL_H - -/* Define to 1 if you have the header file. */ -#undef HAVE_STDINT_H - -/* Define to 1 if you have the header file. */ -#undef HAVE_STDLIB_H - -/* Define to 1 if you have the `strftime' function. */ -#undef HAVE_STRFTIME - -/* Define to 1 if you have the header file. */ -#undef HAVE_STRINGS_H - -/* Define to 1 if you have the header file. */ -#undef HAVE_STRING_H - -/* Define to 1 if you have the `strlcat' function. */ -#undef HAVE_STRLCAT - -/* Define to 1 if you have the `strlcpy' function. */ -#undef HAVE_STRLCPY - -/* Define to 1 if you have the `strptime' function. */ -#undef HAVE_STRPTIME - -/* Define to 1 if you have the `strsep' function. */ -#undef HAVE_STRSEP - -/* Define to 1 if `ipi_spec_dst' is a member of `struct in_pktinfo'. */ -#undef HAVE_STRUCT_IN_PKTINFO_IPI_SPEC_DST - -/* Define to 1 if `sun_len' is a member of `struct sockaddr_un'. */ -#undef HAVE_STRUCT_SOCKADDR_UN_SUN_LEN - -/* Define if you have Swig libraries and header files. */ -#undef HAVE_SWIG - -/* Define to 1 if you have the header file. */ -#undef HAVE_SYSLOG_H - -/* Define to 1 if systemd should be used */ -#undef HAVE_SYSTEMD - -/* Define to 1 if you have the header file. */ -#undef HAVE_SYS_IPC_H - -/* Define to 1 if you have the header file. */ -#undef HAVE_SYS_PARAM_H - -/* Define to 1 if you have the header file. */ -#undef HAVE_SYS_RESOURCE_H - -/* Define to 1 if you have the header file. */ -#undef HAVE_SYS_SHA2_H - -/* Define to 1 if you have the header file. */ -#undef HAVE_SYS_SHM_H - -/* Define to 1 if you have the header file. */ -#undef HAVE_SYS_SOCKET_H - -/* Define to 1 if you have the header file. */ -#undef HAVE_SYS_STAT_H - -/* Define to 1 if you have the header file. */ -#undef HAVE_SYS_SYSCTL_H - -/* Define to 1 if you have the header file. */ -#undef HAVE_SYS_TYPES_H - -/* Define to 1 if you have the header file. */ -#undef HAVE_SYS_UIO_H - -/* Define to 1 if you have the header file. */ -#undef HAVE_SYS_UN_H - -/* Define to 1 if you have the header file. */ -#undef HAVE_SYS_WAIT_H - -/* Define to 1 if you have the header file. */ -#undef HAVE_TIME_H - -/* Define to 1 if you have the `tzset' function. */ -#undef HAVE_TZSET - -/* Define to 1 if you have the header file. */ -#undef HAVE_UNISTD_H - -/* Define to 1 if you have the `usleep' function. */ -#undef HAVE_USLEEP - -/* Define to 1 if you have the `vfork' function. */ -#undef HAVE_VFORK - -/* Define to 1 if you have the header file. */ -#undef HAVE_VFORK_H - -/* Define to 1 if you have the header file. */ -#undef HAVE_WINDOWS_H - -/* Using Windows threads */ -#undef HAVE_WINDOWS_THREADS - -/* Define to 1 if you have the header file. */ -#undef HAVE_WINSOCK2_H - -/* Define to 1 if `fork' works. */ -#undef HAVE_WORKING_FORK - -/* Define to 1 if `vfork' works. */ -#undef HAVE_WORKING_VFORK - -/* Define to 1 if you have the `writev' function. */ -#undef HAVE_WRITEV - -/* Define to 1 if you have the header file. */ -#undef HAVE_WS2TCPIP_H - -/* Define to 1 if you have the `_beginthreadex' function. */ -#undef HAVE__BEGINTHREADEX - -/* if lex has yylex_destroy */ -#undef LEX_HAS_YYLEX_DESTROY - -/* Define to the sub-directory where libtool stores uninstalled libraries. */ -#undef LT_OBJDIR - -/* Define to the maximum message length to pass to syslog. */ -#undef MAXSYSLOGMSGLEN - -/* Define if memcmp() does not compare unsigned bytes */ -#undef MEMCMP_IS_BROKEN - -/* Define if mkdir has one argument. */ -#undef MKDIR_HAS_ONE_ARG - -/* Define if the network stack does not fully support nonblocking io (causes - lower performance). */ -#undef NONBLOCKING_IS_BROKEN - -/* Put -D_ALL_SOURCE define in config.h */ -#undef OMITTED__D_ALL_SOURCE - -/* Put -D_BSD_SOURCE define in config.h */ -#undef OMITTED__D_BSD_SOURCE - -/* Put -D_DEFAULT_SOURCE define in config.h */ -#undef OMITTED__D_DEFAULT_SOURCE - -/* Put -D_GNU_SOURCE define in config.h */ -#undef OMITTED__D_GNU_SOURCE - -/* Put -D_LARGEFILE_SOURCE=1 define in config.h */ -#undef OMITTED__D_LARGEFILE_SOURCE_1 - -/* Put -D_POSIX_C_SOURCE=200112 define in config.h */ -#undef OMITTED__D_POSIX_C_SOURCE_200112 - -/* Put -D_XOPEN_SOURCE=600 define in config.h */ -#undef OMITTED__D_XOPEN_SOURCE_600 - -/* Put -D_XOPEN_SOURCE_EXTENDED=1 define in config.h */ -#undef OMITTED__D_XOPEN_SOURCE_EXTENDED_1 - -/* Put -D__EXTENSIONS__ define in config.h */ -#undef OMITTED__D__EXTENSIONS__ - -/* Define to the address where bug reports for this package should be sent. */ -#undef PACKAGE_BUGREPORT - -/* Define to the full name of this package. */ -#undef PACKAGE_NAME - -/* Define to the full name and version of this package. */ -#undef PACKAGE_STRING - -/* Define to the one symbol short name of this package. */ -#undef PACKAGE_TARNAME - -/* Define to the home page for this package. */ -#undef PACKAGE_URL - -/* Define to the version of this package. */ -#undef PACKAGE_VERSION - -/* default pidfile location */ -#undef PIDFILE - -/* Define to necessary symbol if this constant uses a non-standard name on - your system. */ -#undef PTHREAD_CREATE_JOINABLE - -/* Define as the return type of signal handlers (`int' or `void'). */ -#undef RETSIGTYPE - -/* default rootkey location */ -#undef ROOT_ANCHOR_FILE - -/* default rootcert location */ -#undef ROOT_CERT_FILE - -/* version number for resource files */ -#undef RSRC_PACKAGE_VERSION - -/* Directory to chdir to */ -#undef RUN_DIR - -/* Shared data */ -#undef SHARE_DIR - -/* The size of `time_t', as computed by sizeof. */ -#undef SIZEOF_TIME_T - -/* define if (v)snprintf does not return length needed, (but length used) */ -#undef SNPRINTF_RET_BROKEN - -/* Define to 1 if you have the ANSI C header files. */ -#undef STDC_HEADERS - -/* use default strptime. */ -#undef STRPTIME_WORKS - -/* Use win32 resources and API */ -#undef UB_ON_WINDOWS - -/* default username */ -#undef UB_USERNAME - -/* use to enable lightweight alloc assertions, for debug use */ -#undef UNBOUND_ALLOC_LITE - -/* use malloc not regions, for debug use */ -#undef UNBOUND_ALLOC_NONREGIONAL - -/* use statistics for allocs and frees, for debug use */ -#undef UNBOUND_ALLOC_STATS - -/* define this to enable debug checks. */ -#undef UNBOUND_DEBUG - -/* Define to 1 to use cachedb support */ -#undef USE_CACHEDB - -/* Define to 1 to enable dnscrypt support */ -#undef USE_DNSCRYPT - -/* Define to 1 to enable dnstap support */ -#undef USE_DNSTAP - -/* Define this to enable DSA support. */ -#undef USE_DSA - -/* Define this to enable ECDSA support. */ -#undef USE_ECDSA - -/* Define this to enable an EVP workaround for older openssl */ -#undef USE_ECDSA_EVP_WORKAROUND - -/* Define this to enable GOST support. */ -#undef USE_GOST - -/* Define if you want to use internal select based events */ -#undef USE_MINI_EVENT - -/* Define this to enable client TCP Fast Open. */ -#undef USE_MSG_FASTOPEN - -/* Define this to enable client TCP Fast Open. */ -#undef USE_OSX_MSG_FASTOPEN - -/* Define this to enable SHA1 support. */ -#undef USE_SHA1 - -/* Define this to enable SHA256 and SHA512 support. */ -#undef USE_SHA2 - -/* Enable extensions on AIX 3, Interix. */ -#ifndef _ALL_SOURCE -# undef _ALL_SOURCE -#endif -/* Enable GNU extensions on systems that have them. */ -#ifndef _GNU_SOURCE -# undef _GNU_SOURCE -#endif -/* Enable threading extensions on Solaris. */ -#ifndef _POSIX_PTHREAD_SEMANTICS -# undef _POSIX_PTHREAD_SEMANTICS -#endif -/* Enable extensions on HP NonStop. */ -#ifndef _TANDEM_SOURCE -# undef _TANDEM_SOURCE -#endif -/* Enable general extensions on Solaris. */ -#ifndef __EXTENSIONS__ -# undef __EXTENSIONS__ -#endif - - -/* Define this to enable server TCP Fast Open. */ -#undef USE_TCP_FASTOPEN - -/* Whether the windows socket API is used */ -#undef USE_WINSOCK - -/* the version of the windows API enabled */ -#undef WINVER - -/* Define if you want Python module. */ -#undef WITH_PYTHONMODULE - -/* Define if you want PyUnbound. */ -#undef WITH_PYUNBOUND - -/* Define to 1 if `lex' declares `yytext' as a `char *' by default, not a - `char[]'. */ -#undef YYTEXT_POINTER - -/* Enable large inode numbers on Mac OS X 10.5. */ -#ifndef _DARWIN_USE_64_BIT_INODE -# define _DARWIN_USE_64_BIT_INODE 1 -#endif - -/* Number of bits in a file offset, on hosts where this is settable. */ -#undef _FILE_OFFSET_BITS - -/* Define to 1 to make fseeko visible on some hosts (e.g. glibc 2.2). */ -#undef _LARGEFILE_SOURCE - -/* Define for large files, on AIX-style hosts. */ -#undef _LARGE_FILES - -/* Define to 1 if on MINIX. */ -#undef _MINIX - -/* Enable for compile on Minix */ -#undef _NETBSD_SOURCE - -/* Define to 2 if the system does not provide POSIX.1 features except with - this defined. */ -#undef _POSIX_1_SOURCE - -/* Define to 1 if you need to in order for `stat' and other things to work. */ -#undef _POSIX_SOURCE - -/* Define to empty if `const' does not conform to ANSI C. */ -#undef const - -/* Define to `int' if doesn't define. */ -#undef gid_t - -/* in_addr_t */ -#undef in_addr_t - -/* in_port_t */ -#undef in_port_t - -/* Define to `__inline__' or `__inline' if that's what the C compiler - calls it, or to nothing if 'inline' is not supported under any name. */ -#ifndef __cplusplus -#undef inline -#endif - -/* Define to `short' if does not define. */ -#undef int16_t - -/* Define to `int' if does not define. */ -#undef int32_t - -/* Define to `long long' if does not define. */ -#undef int64_t - -/* Define to `signed char' if does not define. */ -#undef int8_t - -/* Define if replacement function should be used. */ -#undef malloc - -/* Define to `long int' if does not define. */ -#undef off_t - -/* Define to `int' if does not define. */ -#undef pid_t - -/* Define to 'int' if not defined */ -#undef rlim_t - -/* Define to `unsigned int' if does not define. */ -#undef size_t - -/* Define to 'int' if not defined */ -#undef socklen_t - -/* Define to `int' if does not define. */ -#undef ssize_t - -/* Define to 'unsigned char if not defined */ -#undef u_char - -/* Define to `int' if doesn't define. */ -#undef uid_t - -/* Define to `unsigned short' if does not define. */ -#undef uint16_t - -/* Define to `unsigned int' if does not define. */ -#undef uint32_t - -/* Define to `unsigned long long' if does not define. */ -#undef uint64_t - -/* Define to `unsigned char' if does not define. */ -#undef uint8_t - -/* Define as `fork' if `vfork' does not work. */ -#undef vfork - -#if defined(OMITTED__D_GNU_SOURCE) && !defined(_GNU_SOURCE) -#define _GNU_SOURCE 1 -#endif - -#if defined(OMITTED__D_BSD_SOURCE) && !defined(_BSD_SOURCE) -#define _BSD_SOURCE 1 -#endif - -#if defined(OMITTED__D_DEFAULT_SOURCE) && !defined(_DEFAULT_SOURCE) -#define _DEFAULT_SOURCE 1 -#endif - -#if defined(OMITTED__D__EXTENSIONS__) && !defined(__EXTENSIONS__) -#define __EXTENSIONS__ 1 -#endif - -#if defined(OMITTED__D_POSIX_C_SOURCE_200112) && !defined(_POSIX_C_SOURCE) -#define _POSIX_C_SOURCE 200112 -#endif - -#if defined(OMITTED__D_XOPEN_SOURCE_600) && !defined(_XOPEN_SOURCE) -#define _XOPEN_SOURCE 600 -#endif - -#if defined(OMITTED__D_XOPEN_SOURCE_EXTENDED_1) && !defined(_XOPEN_SOURCE_EXTENDED) -#define _XOPEN_SOURCE_EXTENDED 1 -#endif - -#if defined(OMITTED__D_ALL_SOURCE) && !defined(_ALL_SOURCE) -#define _ALL_SOURCE 1 -#endif - -#if defined(OMITTED__D_LARGEFILE_SOURCE_1) && !defined(_LARGEFILE_SOURCE) -#define _LARGEFILE_SOURCE 1 -#endif - - - - -#ifndef UNBOUND_DEBUG -# define NDEBUG -#endif - -/** Use small-ldns codebase */ -#define USE_SLDNS 1 -#ifdef HAVE_SSL -# define LDNS_BUILD_CONFIG_HAVE_SSL 1 -#endif - -#include -#include -#include -#include - -#if STDC_HEADERS -#include -#include -#endif - -#ifdef HAVE_STDARG_H -#include -#endif - -#ifdef HAVE_STDINT_H -#include -#endif - -#include - -#if HAVE_SYS_PARAM_H -#include -#endif - -#ifdef HAVE_SYS_SOCKET_H -#include -#endif - -#ifdef HAVE_SYS_UIO_H -#include -#endif - -#ifdef HAVE_NETINET_IN_H -#include -#endif - -#ifdef HAVE_NETINET_TCP_H -#include -#endif - -#ifdef HAVE_ARPA_INET_H -#include -#endif - -#ifdef HAVE_WINSOCK2_H -#include -#endif - -#ifdef HAVE_WS2TCPIP_H -#include -#endif - -#ifndef USE_WINSOCK -#define ARG_LL "%ll" -#else -#define ARG_LL "%I64" -#endif - -#ifndef AF_LOCAL -#define AF_LOCAL AF_UNIX -#endif - - - -#ifdef HAVE_ATTR_FORMAT -# define ATTR_FORMAT(archetype, string_index, first_to_check) \ - __attribute__ ((format (archetype, string_index, first_to_check))) -#else /* !HAVE_ATTR_FORMAT */ -# define ATTR_FORMAT(archetype, string_index, first_to_check) /* empty */ -#endif /* !HAVE_ATTR_FORMAT */ - - -#if defined(DOXYGEN) -# define ATTR_UNUSED(x) x -#elif defined(__cplusplus) -# define ATTR_UNUSED(x) -#elif defined(HAVE_ATTR_UNUSED) -# define ATTR_UNUSED(x) x __attribute__((unused)) -#else /* !HAVE_ATTR_UNUSED */ -# define ATTR_UNUSED(x) x -#endif /* !HAVE_ATTR_UNUSED */ - - -#ifndef HAVE_FSEEKO -#define fseeko fseek -#define ftello ftell -#endif /* HAVE_FSEEKO */ - - -#ifndef MAXHOSTNAMELEN -#define MAXHOSTNAMELEN 256 -#endif - -#if !defined(HAVE_SNPRINTF) || defined(SNPRINTF_RET_BROKEN) -#define snprintf snprintf_unbound -#define vsnprintf vsnprintf_unbound -#include -int snprintf (char *str, size_t count, const char *fmt, ...); -int vsnprintf (char *str, size_t count, const char *fmt, va_list arg); -#endif /* HAVE_SNPRINTF or SNPRINTF_RET_BROKEN */ - -#ifndef HAVE_INET_PTON -#define inet_pton inet_pton_unbound -int inet_pton(int af, const char* src, void* dst); -#endif /* HAVE_INET_PTON */ - - -#ifndef HAVE_INET_NTOP -#define inet_ntop inet_ntop_unbound -const char *inet_ntop(int af, const void *src, char *dst, size_t size); -#endif - - -#ifndef HAVE_INET_ATON -#define inet_aton inet_aton_unbound -int inet_aton(const char *cp, struct in_addr *addr); -#endif - - -#ifndef HAVE_MEMMOVE -#define memmove memmove_unbound -void *memmove(void *dest, const void *src, size_t n); -#endif - - -#ifndef HAVE_STRLCAT -#define strlcat strlcat_unbound -size_t strlcat(char *dst, const char *src, size_t siz); -#endif - - -#ifndef HAVE_STRLCPY -#define strlcpy strlcpy_unbound -size_t strlcpy(char *dst, const char *src, size_t siz); -#endif - - -#ifndef HAVE_GMTIME_R -#define gmtime_r gmtime_r_unbound -struct tm *gmtime_r(const time_t *timep, struct tm *result); -#endif - - -#ifndef HAVE_REALLOCARRAY -#define reallocarray reallocarrayunbound -void* reallocarray(void *ptr, size_t nmemb, size_t size); -#endif - - -#if !defined(HAVE_SLEEP) || defined(HAVE_WINDOWS_H) -#define sleep(x) Sleep((x)*1000) /* on win32 */ -#endif /* HAVE_SLEEP */ - - -#ifndef HAVE_USLEEP -#define usleep(x) Sleep((x)/1000 + 1) /* on win32 */ -#endif /* HAVE_USLEEP */ - - -#ifndef HAVE_RANDOM -#define random rand /* on win32, for tests only (bad random) */ -#endif /* HAVE_RANDOM */ - - -#ifndef HAVE_SRANDOM -#define srandom(x) srand(x) /* on win32, for tests only (bad random) */ -#endif /* HAVE_SRANDOM */ - - -/* detect if we need to cast to unsigned int for FD_SET to avoid warnings */ -#ifdef HAVE_WINSOCK2_H -#define FD_SET_T (u_int) -#else -#define FD_SET_T -#endif - - -#ifndef IPV6_MIN_MTU -#define IPV6_MIN_MTU 1280 -#endif /* IPV6_MIN_MTU */ - - -#ifdef MEMCMP_IS_BROKEN -#include "compat/memcmp.h" -#define memcmp memcmp_unbound -int memcmp(const void *x, const void *y, size_t n); -#endif - - - -#ifndef HAVE_CTIME_R -#define ctime_r unbound_ctime_r -char *ctime_r(const time_t *timep, char *buf); -#endif - -#ifndef HAVE_STRSEP -#define strsep unbound_strsep -char *strsep(char **stringp, const char *delim); -#endif - -#ifndef HAVE_ISBLANK -#define isblank unbound_isblank -int isblank(int c); -#endif - -#if defined(HAVE_INET_NTOP) && !HAVE_DECL_INET_NTOP -const char *inet_ntop(int af, const void *src, char *dst, size_t size); -#endif - -#if defined(HAVE_INET_PTON) && !HAVE_DECL_INET_PTON -int inet_pton(int af, const char* src, void* dst); -#endif - -#if !defined(HAVE_STRPTIME) || !defined(STRPTIME_WORKS) -#define strptime unbound_strptime -struct tm; -char *strptime(const char *s, const char *format, struct tm *tm); -#endif - -#ifdef HAVE_LIBRESSL -# if !HAVE_DECL_STRLCPY -size_t strlcpy(char *dst, const char *src, size_t siz); -# endif -# if !HAVE_DECL_STRLCAT -size_t strlcat(char *dst, const char *src, size_t siz); -# endif -# if !HAVE_DECL_ARC4RANDOM && defined(HAVE_ARC4RANDOM) -uint32_t arc4random(void); -# endif -# if !HAVE_DECL_ARC4RANDOM_UNIFORM && defined(HAVE_ARC4RANDOM_UNIFORM) -uint32_t arc4random_uniform(uint32_t upper_bound); -# endif -# if !HAVE_DECL_REALLOCARRAY -void *reallocarray(void *ptr, size_t nmemb, size_t size); -# endif -#endif /* HAVE_LIBRESSL */ -#ifndef HAVE_ARC4RANDOM -void explicit_bzero(void* buf, size_t len); -int getentropy(void* buf, size_t len); -uint32_t arc4random(void); -void arc4random_buf(void* buf, size_t n); -void _ARC4_LOCK(void); -void _ARC4_UNLOCK(void); -#endif -#ifndef HAVE_ARC4RANDOM_UNIFORM -uint32_t arc4random_uniform(uint32_t upper_bound); -#endif -#ifdef COMPAT_SHA512 -#ifndef SHA512_DIGEST_LENGTH -#define SHA512_BLOCK_LENGTH 128 -#define SHA512_DIGEST_LENGTH 64 -#define SHA512_DIGEST_STRING_LENGTH (SHA512_DIGEST_LENGTH * 2 + 1) -typedef struct _SHA512_CTX { - uint64_t state[8]; - uint64_t bitcount[2]; - uint8_t buffer[SHA512_BLOCK_LENGTH]; -} SHA512_CTX; -#endif /* SHA512_DIGEST_LENGTH */ -void SHA512_Init(SHA512_CTX*); -void SHA512_Update(SHA512_CTX*, void*, size_t); -void SHA512_Final(uint8_t[SHA512_DIGEST_LENGTH], SHA512_CTX*); -unsigned char *SHA512(void* data, unsigned int data_len, unsigned char *digest); -#endif /* COMPAT_SHA512 */ - - - -#if defined(HAVE_EVENT_H) && !defined(HAVE_EVENT_BASE_ONCE) && !(defined(HAVE_EV_LOOP) || defined(HAVE_EV_DEFAULT_LOOP)) && (defined(HAVE_PTHREAD) || defined(HAVE_SOLARIS_THREADS)) - /* using version of libevent that is not threadsafe. */ -# define LIBEVENT_SIGNAL_PROBLEM 1 -#endif - -#ifndef CHECKED_INET6 -# define CHECKED_INET6 -# ifdef AF_INET6 -# define INET6 -# else -# define AF_INET6 28 -# endif -#endif /* CHECKED_INET6 */ - -#ifndef HAVE_GETADDRINFO -struct sockaddr_storage; -#include "compat/fake-rfc2553.h" -#endif - -#ifdef UNBOUND_ALLOC_STATS -# define malloc(s) unbound_stat_malloc_log(s, __FILE__, __LINE__, __func__) -# define calloc(n,s) unbound_stat_calloc_log(n, s, __FILE__, __LINE__, __func__) -# define free(p) unbound_stat_free_log(p, __FILE__, __LINE__, __func__) -# define realloc(p,s) unbound_stat_realloc_log(p, s, __FILE__, __LINE__, __func__) -void *unbound_stat_malloc(size_t size); -void *unbound_stat_calloc(size_t nmemb, size_t size); -void unbound_stat_free(void *ptr); -void *unbound_stat_realloc(void *ptr, size_t size); -void *unbound_stat_malloc_log(size_t size, const char* file, int line, - const char* func); -void *unbound_stat_calloc_log(size_t nmemb, size_t size, const char* file, - int line, const char* func); -void unbound_stat_free_log(void *ptr, const char* file, int line, - const char* func); -void *unbound_stat_realloc_log(void *ptr, size_t size, const char* file, - int line, const char* func); -#elif defined(UNBOUND_ALLOC_LITE) -# include "util/alloc.h" -#endif /* UNBOUND_ALLOC_LITE and UNBOUND_ALLOC_STATS */ - -/** default port for DNS traffic. */ -#define UNBOUND_DNS_PORT 53 -/** default port for unbound control traffic, registered port with IANA, - ub-dns-control 8953/tcp unbound dns nameserver control */ -#define UNBOUND_CONTROL_PORT 8953 -/** the version of unbound-control that this software implements */ -#define UNBOUND_CONTROL_VERSION 1 - - diff --git a/external/unbound/config.sub b/external/unbound/config.sub deleted file mode 100755 index d2a961303..000000000 --- a/external/unbound/config.sub +++ /dev/null @@ -1,1791 +0,0 @@ -#! /bin/sh -# Configuration validation subroutine script. -# Copyright 1992-2013 Free Software Foundation, Inc. - -timestamp='2013-08-10' - -# This file is free software; you can redistribute it and/or modify it -# under the terms of the GNU General Public License as published by -# the Free Software Foundation; either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, but -# WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -# General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program; if not, see . -# -# As a special exception to the GNU General Public License, if you -# distribute this file as part of a program that contains a -# configuration script generated by Autoconf, you may include it under -# the same distribution terms that you use for the rest of that -# program. This Exception is an additional permission under section 7 -# of the GNU General Public License, version 3 ("GPLv3"). - - -# Please send patches with a ChangeLog entry to config-patches@gnu.org. -# -# Configuration subroutine to validate and canonicalize a configuration type. -# Supply the specified configuration type as an argument. -# If it is invalid, we print an error message on stderr and exit with code 1. -# Otherwise, we print the canonical config type on stdout and succeed. - -# You can get the latest version of this script from: -# http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.sub;hb=HEAD - -# This file is supposed to be the same for all GNU packages -# and recognize all the CPU types, system types and aliases -# that are meaningful with *any* GNU software. -# Each package is responsible for reporting which valid configurations -# it does not support. The user should be able to distinguish -# a failure to support a valid configuration from a meaningless -# configuration. - -# The goal of this file is to map all the various variations of a given -# machine specification into a single specification in the form: -# CPU_TYPE-MANUFACTURER-OPERATING_SYSTEM -# or in some cases, the newer four-part form: -# CPU_TYPE-MANUFACTURER-KERNEL-OPERATING_SYSTEM -# It is wrong to echo any other type of specification. - -me=`echo "$0" | sed -e 's,.*/,,'` - -usage="\ -Usage: $0 [OPTION] CPU-MFR-OPSYS - $0 [OPTION] ALIAS - -Canonicalize a configuration name. - -Operation modes: - -h, --help print this help, then exit - -t, --time-stamp print date of last modification, then exit - -v, --version print version number, then exit - -Report bugs and patches to ." - -version="\ -GNU config.sub ($timestamp) - -Copyright 1992-2013 Free Software Foundation, Inc. - -This is free software; see the source for copying conditions. There is NO -warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE." - -help=" -Try \`$me --help' for more information." - -# Parse command line -while test $# -gt 0 ; do - case $1 in - --time-stamp | --time* | -t ) - echo "$timestamp" ; exit ;; - --version | -v ) - echo "$version" ; exit ;; - --help | --h* | -h ) - echo "$usage"; exit ;; - -- ) # Stop option processing - shift; break ;; - - ) # Use stdin as input. - break ;; - -* ) - echo "$me: invalid option $1$help" - exit 1 ;; - - *local*) - # First pass through any local machine types. - echo $1 - exit ;; - - * ) - break ;; - esac -done - -case $# in - 0) echo "$me: missing argument$help" >&2 - exit 1;; - 1) ;; - *) echo "$me: too many arguments$help" >&2 - exit 1;; -esac - -# Separate what the user gave into CPU-COMPANY and OS or KERNEL-OS (if any). -# Here we must recognize all the valid KERNEL-OS combinations. -maybe_os=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\2/'` -case $maybe_os in - nto-qnx* | linux-gnu* | linux-android* | linux-dietlibc | linux-newlib* | \ - linux-musl* | linux-uclibc* | uclinux-uclibc* | uclinux-gnu* | kfreebsd*-gnu* | \ - knetbsd*-gnu* | netbsd*-gnu* | \ - kopensolaris*-gnu* | \ - storm-chaos* | os2-emx* | rtmk-nova*) - os=-$maybe_os - basic_machine=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\1/'` - ;; - android-linux) - os=-linux-android - basic_machine=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\1/'`-unknown - ;; - *) - basic_machine=`echo $1 | sed 's/-[^-]*$//'` - if [ $basic_machine != $1 ] - then os=`echo $1 | sed 's/.*-/-/'` - else os=; fi - ;; -esac - -### Let's recognize common machines as not being operating systems so -### that things like config.sub decstation-3100 work. We also -### recognize some manufacturers as not being operating systems, so we -### can provide default operating systems below. -case $os in - -sun*os*) - # Prevent following clause from handling this invalid input. - ;; - -dec* | -mips* | -sequent* | -encore* | -pc532* | -sgi* | -sony* | \ - -att* | -7300* | -3300* | -delta* | -motorola* | -sun[234]* | \ - -unicom* | -ibm* | -next | -hp | -isi* | -apollo | -altos* | \ - -convergent* | -ncr* | -news | -32* | -3600* | -3100* | -hitachi* |\ - -c[123]* | -convex* | -sun | -crds | -omron* | -dg | -ultra | -tti* | \ - -harris | -dolphin | -highlevel | -gould | -cbm | -ns | -masscomp | \ - -apple | -axis | -knuth | -cray | -microblaze*) - os= - basic_machine=$1 - ;; - -bluegene*) - os=-cnk - ;; - -sim | -cisco | -oki | -wec | -winbond) - os= - basic_machine=$1 - ;; - -scout) - ;; - -wrs) - os=-vxworks - basic_machine=$1 - ;; - -chorusos*) - os=-chorusos - basic_machine=$1 - ;; - -chorusrdb) - os=-chorusrdb - basic_machine=$1 - ;; - -hiux*) - os=-hiuxwe2 - ;; - -sco6) - os=-sco5v6 - basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` - ;; - -sco5) - os=-sco3.2v5 - basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` - ;; - -sco4) - os=-sco3.2v4 - basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` - ;; - -sco3.2.[4-9]*) - os=`echo $os | sed -e 's/sco3.2./sco3.2v/'` - basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` - ;; - -sco3.2v[4-9]*) - # Don't forget version if it is 3.2v4 or newer. - basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` - ;; - -sco5v6*) - # Don't forget version if it is 3.2v4 or newer. - basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` - ;; - -sco*) - os=-sco3.2v2 - basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` - ;; - -udk*) - basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` - ;; - -isc) - os=-isc2.2 - basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` - ;; - -clix*) - basic_machine=clipper-intergraph - ;; - -isc*) - basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` - ;; - -lynx*178) - os=-lynxos178 - ;; - -lynx*5) - os=-lynxos5 - ;; - -lynx*) - os=-lynxos - ;; - -ptx*) - basic_machine=`echo $1 | sed -e 's/86-.*/86-sequent/'` - ;; - -windowsnt*) - os=`echo $os | sed -e 's/windowsnt/winnt/'` - ;; - -psos*) - os=-psos - ;; - -mint | -mint[0-9]*) - basic_machine=m68k-atari - os=-mint - ;; -esac - -# Decode aliases for certain CPU-COMPANY combinations. -case $basic_machine in - # Recognize the basic CPU types without company name. - # Some are omitted here because they have special meanings below. - 1750a | 580 \ - | a29k \ - | aarch64 | aarch64_be \ - | alpha | alphaev[4-8] | alphaev56 | alphaev6[78] | alphapca5[67] \ - | alpha64 | alpha64ev[4-8] | alpha64ev56 | alpha64ev6[78] | alpha64pca5[67] \ - | am33_2.0 \ - | arc | arceb \ - | arm | arm[bl]e | arme[lb] | armv[2-8] | armv[3-8][lb] | armv7[arm] \ - | avr | avr32 \ - | be32 | be64 \ - | bfin \ - | c4x | c8051 | clipper \ - | d10v | d30v | dlx | dsp16xx \ - | epiphany \ - | fido | fr30 | frv \ - | h8300 | h8500 | hppa | hppa1.[01] | hppa2.0 | hppa2.0[nw] | hppa64 \ - | hexagon \ - | i370 | i860 | i960 | ia64 \ - | ip2k | iq2000 \ - | le32 | le64 \ - | lm32 \ - | m32c | m32r | m32rle | m68000 | m68k | m88k \ - | maxq | mb | microblaze | microblazeel | mcore | mep | metag \ - | mips | mipsbe | mipseb | mipsel | mipsle \ - | mips16 \ - | mips64 | mips64el \ - | mips64octeon | mips64octeonel \ - | mips64orion | mips64orionel \ - | mips64r5900 | mips64r5900el \ - | mips64vr | mips64vrel \ - | mips64vr4100 | mips64vr4100el \ - | mips64vr4300 | mips64vr4300el \ - | mips64vr5000 | mips64vr5000el \ - | mips64vr5900 | mips64vr5900el \ - | mipsisa32 | mipsisa32el \ - | mipsisa32r2 | mipsisa32r2el \ - | mipsisa64 | mipsisa64el \ - | mipsisa64r2 | mipsisa64r2el \ - | mipsisa64sb1 | mipsisa64sb1el \ - | mipsisa64sr71k | mipsisa64sr71kel \ - | mipsr5900 | mipsr5900el \ - | mipstx39 | mipstx39el \ - | mn10200 | mn10300 \ - | moxie \ - | mt \ - | msp430 \ - | nds32 | nds32le | nds32be \ - | nios | nios2 | nios2eb | nios2el \ - | ns16k | ns32k \ - | open8 \ - | or1k | or32 \ - | pdp10 | pdp11 | pj | pjl \ - | powerpc | powerpc64 | powerpc64le | powerpcle \ - | pyramid \ - | rl78 | rx \ - | score \ - | sh | sh[1234] | sh[24]a | sh[24]aeb | sh[23]e | sh[34]eb | sheb | shbe | shle | sh[1234]le | sh3ele \ - | sh64 | sh64le \ - | sparc | sparc64 | sparc64b | sparc64v | sparc86x | sparclet | sparclite \ - | sparcv8 | sparcv9 | sparcv9b | sparcv9v \ - | spu \ - | tahoe | tic4x | tic54x | tic55x | tic6x | tic80 | tron \ - | ubicom32 \ - | v850 | v850e | v850e1 | v850e2 | v850es | v850e2v3 \ - | we32k \ - | x86 | xc16x | xstormy16 | xtensa \ - | z8k | z80) - basic_machine=$basic_machine-unknown - ;; - c54x) - basic_machine=tic54x-unknown - ;; - c55x) - basic_machine=tic55x-unknown - ;; - c6x) - basic_machine=tic6x-unknown - ;; - m6811 | m68hc11 | m6812 | m68hc12 | m68hcs12x | picochip) - basic_machine=$basic_machine-unknown - os=-none - ;; - m88110 | m680[12346]0 | m683?2 | m68360 | m5200 | v70 | w65 | z8k) - ;; - ms1) - basic_machine=mt-unknown - ;; - - strongarm | thumb | xscale) - basic_machine=arm-unknown - ;; - xgate) - basic_machine=$basic_machine-unknown - os=-none - ;; - xscaleeb) - basic_machine=armeb-unknown - ;; - - xscaleel) - basic_machine=armel-unknown - ;; - - # We use `pc' rather than `unknown' - # because (1) that's what they normally are, and - # (2) the word "unknown" tends to confuse beginning users. - i*86 | x86_64) - basic_machine=$basic_machine-pc - ;; - # Object if more than one company name word. - *-*-*) - echo Invalid configuration \`$1\': machine \`$basic_machine\' not recognized 1>&2 - exit 1 - ;; - # Recognize the basic CPU types with company name. - 580-* \ - | a29k-* \ - | aarch64-* | aarch64_be-* \ - | alpha-* | alphaev[4-8]-* | alphaev56-* | alphaev6[78]-* \ - | alpha64-* | alpha64ev[4-8]-* | alpha64ev56-* | alpha64ev6[78]-* \ - | alphapca5[67]-* | alpha64pca5[67]-* | arc-* | arceb-* \ - | arm-* | armbe-* | armle-* | armeb-* | armv*-* \ - | avr-* | avr32-* \ - | be32-* | be64-* \ - | bfin-* | bs2000-* \ - | c[123]* | c30-* | [cjt]90-* | c4x-* \ - | c8051-* | clipper-* | craynv-* | cydra-* \ - | d10v-* | d30v-* | dlx-* \ - | elxsi-* \ - | f30[01]-* | f700-* | fido-* | fr30-* | frv-* | fx80-* \ - | h8300-* | h8500-* \ - | hppa-* | hppa1.[01]-* | hppa2.0-* | hppa2.0[nw]-* | hppa64-* \ - | hexagon-* \ - | i*86-* | i860-* | i960-* | ia64-* \ - | ip2k-* | iq2000-* \ - | le32-* | le64-* \ - | lm32-* \ - | m32c-* | m32r-* | m32rle-* \ - | m68000-* | m680[012346]0-* | m68360-* | m683?2-* | m68k-* \ - | m88110-* | m88k-* | maxq-* | mcore-* | metag-* \ - | microblaze-* | microblazeel-* \ - | mips-* | mipsbe-* | mipseb-* | mipsel-* | mipsle-* \ - | mips16-* \ - | mips64-* | mips64el-* \ - | mips64octeon-* | mips64octeonel-* \ - | mips64orion-* | mips64orionel-* \ - | mips64r5900-* | mips64r5900el-* \ - | mips64vr-* | mips64vrel-* \ - | mips64vr4100-* | mips64vr4100el-* \ - | mips64vr4300-* | mips64vr4300el-* \ - | mips64vr5000-* | mips64vr5000el-* \ - | mips64vr5900-* | mips64vr5900el-* \ - | mipsisa32-* | mipsisa32el-* \ - | mipsisa32r2-* | mipsisa32r2el-* \ - | mipsisa64-* | mipsisa64el-* \ - | mipsisa64r2-* | mipsisa64r2el-* \ - | mipsisa64sb1-* | mipsisa64sb1el-* \ - | mipsisa64sr71k-* | mipsisa64sr71kel-* \ - | mipsr5900-* | mipsr5900el-* \ - | mipstx39-* | mipstx39el-* \ - | mmix-* \ - | mt-* \ - | msp430-* \ - | nds32-* | nds32le-* | nds32be-* \ - | nios-* | nios2-* | nios2eb-* | nios2el-* \ - | none-* | np1-* | ns16k-* | ns32k-* \ - | open8-* \ - | orion-* \ - | pdp10-* | pdp11-* | pj-* | pjl-* | pn-* | power-* \ - | powerpc-* | powerpc64-* | powerpc64le-* | powerpcle-* \ - | pyramid-* \ - | rl78-* | romp-* | rs6000-* | rx-* \ - | sh-* | sh[1234]-* | sh[24]a-* | sh[24]aeb-* | sh[23]e-* | sh[34]eb-* | sheb-* | shbe-* \ - | shle-* | sh[1234]le-* | sh3ele-* | sh64-* | sh64le-* \ - | sparc-* | sparc64-* | sparc64b-* | sparc64v-* | sparc86x-* | sparclet-* \ - | sparclite-* \ - | sparcv8-* | sparcv9-* | sparcv9b-* | sparcv9v-* | sv1-* | sx?-* \ - | tahoe-* \ - | tic30-* | tic4x-* | tic54x-* | tic55x-* | tic6x-* | tic80-* \ - | tile*-* \ - | tron-* \ - | ubicom32-* \ - | v850-* | v850e-* | v850e1-* | v850es-* | v850e2-* | v850e2v3-* \ - | vax-* \ - | we32k-* \ - | x86-* | x86_64-* | xc16x-* | xps100-* \ - | xstormy16-* | xtensa*-* \ - | ymp-* \ - | z8k-* | z80-*) - ;; - # Recognize the basic CPU types without company name, with glob match. - xtensa*) - basic_machine=$basic_machine-unknown - ;; - # Recognize the various machine names and aliases which stand - # for a CPU type and a company and sometimes even an OS. - 386bsd) - basic_machine=i386-unknown - os=-bsd - ;; - 3b1 | 7300 | 7300-att | att-7300 | pc7300 | safari | unixpc) - basic_machine=m68000-att - ;; - 3b*) - basic_machine=we32k-att - ;; - a29khif) - basic_machine=a29k-amd - os=-udi - ;; - abacus) - basic_machine=abacus-unknown - ;; - adobe68k) - basic_machine=m68010-adobe - os=-scout - ;; - alliant | fx80) - basic_machine=fx80-alliant - ;; - altos | altos3068) - basic_machine=m68k-altos - ;; - am29k) - basic_machine=a29k-none - os=-bsd - ;; - amd64) - basic_machine=x86_64-pc - ;; - amd64-*) - basic_machine=x86_64-`echo $basic_machine | sed 's/^[^-]*-//'` - ;; - amdahl) - basic_machine=580-amdahl - os=-sysv - ;; - amiga | amiga-*) - basic_machine=m68k-unknown - ;; - amigaos | amigados) - basic_machine=m68k-unknown - os=-amigaos - ;; - amigaunix | amix) - basic_machine=m68k-unknown - os=-sysv4 - ;; - apollo68) - basic_machine=m68k-apollo - os=-sysv - ;; - apollo68bsd) - basic_machine=m68k-apollo - os=-bsd - ;; - aros) - basic_machine=i386-pc - os=-aros - ;; - aux) - basic_machine=m68k-apple - os=-aux - ;; - balance) - basic_machine=ns32k-sequent - os=-dynix - ;; - blackfin) - basic_machine=bfin-unknown - os=-linux - ;; - blackfin-*) - basic_machine=bfin-`echo $basic_machine | sed 's/^[^-]*-//'` - os=-linux - ;; - bluegene*) - basic_machine=powerpc-ibm - os=-cnk - ;; - c54x-*) - basic_machine=tic54x-`echo $basic_machine | sed 's/^[^-]*-//'` - ;; - c55x-*) - basic_machine=tic55x-`echo $basic_machine | sed 's/^[^-]*-//'` - ;; - c6x-*) - basic_machine=tic6x-`echo $basic_machine | sed 's/^[^-]*-//'` - ;; - c90) - basic_machine=c90-cray - os=-unicos - ;; - cegcc) - basic_machine=arm-unknown - os=-cegcc - ;; - convex-c1) - basic_machine=c1-convex - os=-bsd - ;; - convex-c2) - basic_machine=c2-convex - os=-bsd - ;; - convex-c32) - basic_machine=c32-convex - os=-bsd - ;; - convex-c34) - basic_machine=c34-convex - os=-bsd - ;; - convex-c38) - basic_machine=c38-convex - os=-bsd - ;; - cray | j90) - basic_machine=j90-cray - os=-unicos - ;; - craynv) - basic_machine=craynv-cray - os=-unicosmp - ;; - cr16 | cr16-*) - basic_machine=cr16-unknown - os=-elf - ;; - crds | unos) - basic_machine=m68k-crds - ;; - crisv32 | crisv32-* | etraxfs*) - basic_machine=crisv32-axis - ;; - cris | cris-* | etrax*) - basic_machine=cris-axis - ;; - crx) - basic_machine=crx-unknown - os=-elf - ;; - da30 | da30-*) - basic_machine=m68k-da30 - ;; - decstation | decstation-3100 | pmax | pmax-* | pmin | dec3100 | decstatn) - basic_machine=mips-dec - ;; - decsystem10* | dec10*) - basic_machine=pdp10-dec - os=-tops10 - ;; - decsystem20* | dec20*) - basic_machine=pdp10-dec - os=-tops20 - ;; - delta | 3300 | motorola-3300 | motorola-delta \ - | 3300-motorola | delta-motorola) - basic_machine=m68k-motorola - ;; - delta88) - basic_machine=m88k-motorola - os=-sysv3 - ;; - dicos) - basic_machine=i686-pc - os=-dicos - ;; - djgpp) - basic_machine=i586-pc - os=-msdosdjgpp - ;; - dpx20 | dpx20-*) - basic_machine=rs6000-bull - os=-bosx - ;; - dpx2* | dpx2*-bull) - basic_machine=m68k-bull - os=-sysv3 - ;; - ebmon29k) - basic_machine=a29k-amd - os=-ebmon - ;; - elxsi) - basic_machine=elxsi-elxsi - os=-bsd - ;; - encore | umax | mmax) - basic_machine=ns32k-encore - ;; - es1800 | OSE68k | ose68k | ose | OSE) - basic_machine=m68k-ericsson - os=-ose - ;; - fx2800) - basic_machine=i860-alliant - ;; - genix) - basic_machine=ns32k-ns - ;; - gmicro) - basic_machine=tron-gmicro - os=-sysv - ;; - go32) - basic_machine=i386-pc - os=-go32 - ;; - h3050r* | hiux*) - basic_machine=hppa1.1-hitachi - os=-hiuxwe2 - ;; - h8300hms) - basic_machine=h8300-hitachi - os=-hms - ;; - h8300xray) - basic_machine=h8300-hitachi - os=-xray - ;; - h8500hms) - basic_machine=h8500-hitachi - os=-hms - ;; - harris) - basic_machine=m88k-harris - os=-sysv3 - ;; - hp300-*) - basic_machine=m68k-hp - ;; - hp300bsd) - basic_machine=m68k-hp - os=-bsd - ;; - hp300hpux) - basic_machine=m68k-hp - os=-hpux - ;; - hp3k9[0-9][0-9] | hp9[0-9][0-9]) - basic_machine=hppa1.0-hp - ;; - hp9k2[0-9][0-9] | hp9k31[0-9]) - basic_machine=m68000-hp - ;; - hp9k3[2-9][0-9]) - basic_machine=m68k-hp - ;; - hp9k6[0-9][0-9] | hp6[0-9][0-9]) - basic_machine=hppa1.0-hp - ;; - hp9k7[0-79][0-9] | hp7[0-79][0-9]) - basic_machine=hppa1.1-hp - ;; - hp9k78[0-9] | hp78[0-9]) - # FIXME: really hppa2.0-hp - basic_machine=hppa1.1-hp - ;; - hp9k8[67]1 | hp8[67]1 | hp9k80[24] | hp80[24] | hp9k8[78]9 | hp8[78]9 | hp9k893 | hp893) - # FIXME: really hppa2.0-hp - basic_machine=hppa1.1-hp - ;; - hp9k8[0-9][13679] | hp8[0-9][13679]) - basic_machine=hppa1.1-hp - ;; - hp9k8[0-9][0-9] | hp8[0-9][0-9]) - basic_machine=hppa1.0-hp - ;; - hppa-next) - os=-nextstep3 - ;; - hppaosf) - basic_machine=hppa1.1-hp - os=-osf - ;; - hppro) - basic_machine=hppa1.1-hp - os=-proelf - ;; - i370-ibm* | ibm*) - basic_machine=i370-ibm - ;; - i*86v32) - basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'` - os=-sysv32 - ;; - i*86v4*) - basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'` - os=-sysv4 - ;; - i*86v) - basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'` - os=-sysv - ;; - i*86sol2) - basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'` - os=-solaris2 - ;; - i386mach) - basic_machine=i386-mach - os=-mach - ;; - i386-vsta | vsta) - basic_machine=i386-unknown - os=-vsta - ;; - iris | iris4d) - basic_machine=mips-sgi - case $os in - -irix*) - ;; - *) - os=-irix4 - ;; - esac - ;; - isi68 | isi) - basic_machine=m68k-isi - os=-sysv - ;; - m68knommu) - basic_machine=m68k-unknown - os=-linux - ;; - m68knommu-*) - basic_machine=m68k-`echo $basic_machine | sed 's/^[^-]*-//'` - os=-linux - ;; - m88k-omron*) - basic_machine=m88k-omron - ;; - magnum | m3230) - basic_machine=mips-mips - os=-sysv - ;; - merlin) - basic_machine=ns32k-utek - os=-sysv - ;; - microblaze*) - basic_machine=microblaze-xilinx - ;; - mingw64) - basic_machine=x86_64-pc - os=-mingw64 - ;; - mingw32) - basic_machine=i686-pc - os=-mingw32 - ;; - mingw32ce) - basic_machine=arm-unknown - os=-mingw32ce - ;; - miniframe) - basic_machine=m68000-convergent - ;; - *mint | -mint[0-9]* | *MiNT | *MiNT[0-9]*) - basic_machine=m68k-atari - os=-mint - ;; - mips3*-*) - basic_machine=`echo $basic_machine | sed -e 's/mips3/mips64/'` - ;; - mips3*) - basic_machine=`echo $basic_machine | sed -e 's/mips3/mips64/'`-unknown - ;; - monitor) - basic_machine=m68k-rom68k - os=-coff - ;; - morphos) - basic_machine=powerpc-unknown - os=-morphos - ;; - msdos) - basic_machine=i386-pc - os=-msdos - ;; - ms1-*) - basic_machine=`echo $basic_machine | sed -e 's/ms1-/mt-/'` - ;; - msys) - basic_machine=i686-pc - os=-msys - ;; - mvs) - basic_machine=i370-ibm - os=-mvs - ;; - nacl) - basic_machine=le32-unknown - os=-nacl - ;; - ncr3000) - basic_machine=i486-ncr - os=-sysv4 - ;; - netbsd386) - basic_machine=i386-unknown - os=-netbsd - ;; - netwinder) - basic_machine=armv4l-rebel - os=-linux - ;; - news | news700 | news800 | news900) - basic_machine=m68k-sony - os=-newsos - ;; - news1000) - basic_machine=m68030-sony - os=-newsos - ;; - news-3600 | risc-news) - basic_machine=mips-sony - os=-newsos - ;; - necv70) - basic_machine=v70-nec - os=-sysv - ;; - next | m*-next ) - basic_machine=m68k-next - case $os in - -nextstep* ) - ;; - -ns2*) - os=-nextstep2 - ;; - *) - os=-nextstep3 - ;; - esac - ;; - nh3000) - basic_machine=m68k-harris - os=-cxux - ;; - nh[45]000) - basic_machine=m88k-harris - os=-cxux - ;; - nindy960) - basic_machine=i960-intel - os=-nindy - ;; - mon960) - basic_machine=i960-intel - os=-mon960 - ;; - nonstopux) - basic_machine=mips-compaq - os=-nonstopux - ;; - np1) - basic_machine=np1-gould - ;; - neo-tandem) - basic_machine=neo-tandem - ;; - nse-tandem) - basic_machine=nse-tandem - ;; - nsr-tandem) - basic_machine=nsr-tandem - ;; - op50n-* | op60c-*) - basic_machine=hppa1.1-oki - os=-proelf - ;; - openrisc | openrisc-*) - basic_machine=or32-unknown - ;; - os400) - basic_machine=powerpc-ibm - os=-os400 - ;; - OSE68000 | ose68000) - basic_machine=m68000-ericsson - os=-ose - ;; - os68k) - basic_machine=m68k-none - os=-os68k - ;; - pa-hitachi) - basic_machine=hppa1.1-hitachi - os=-hiuxwe2 - ;; - paragon) - basic_machine=i860-intel - os=-osf - ;; - parisc) - basic_machine=hppa-unknown - os=-linux - ;; - parisc-*) - basic_machine=hppa-`echo $basic_machine | sed 's/^[^-]*-//'` - os=-linux - ;; - pbd) - basic_machine=sparc-tti - ;; - pbb) - basic_machine=m68k-tti - ;; - pc532 | pc532-*) - basic_machine=ns32k-pc532 - ;; - pc98) - basic_machine=i386-pc - ;; - pc98-*) - basic_machine=i386-`echo $basic_machine | sed 's/^[^-]*-//'` - ;; - pentium | p5 | k5 | k6 | nexgen | viac3) - basic_machine=i586-pc - ;; - pentiumpro | p6 | 6x86 | athlon | athlon_*) - basic_machine=i686-pc - ;; - pentiumii | pentium2 | pentiumiii | pentium3) - basic_machine=i686-pc - ;; - pentium4) - basic_machine=i786-pc - ;; - pentium-* | p5-* | k5-* | k6-* | nexgen-* | viac3-*) - basic_machine=i586-`echo $basic_machine | sed 's/^[^-]*-//'` - ;; - pentiumpro-* | p6-* | 6x86-* | athlon-*) - basic_machine=i686-`echo $basic_machine | sed 's/^[^-]*-//'` - ;; - pentiumii-* | pentium2-* | pentiumiii-* | pentium3-*) - basic_machine=i686-`echo $basic_machine | sed 's/^[^-]*-//'` - ;; - pentium4-*) - basic_machine=i786-`echo $basic_machine | sed 's/^[^-]*-//'` - ;; - pn) - basic_machine=pn-gould - ;; - power) basic_machine=power-ibm - ;; - ppc | ppcbe) basic_machine=powerpc-unknown - ;; - ppc-* | ppcbe-*) - basic_machine=powerpc-`echo $basic_machine | sed 's/^[^-]*-//'` - ;; - ppcle | powerpclittle | ppc-le | powerpc-little) - basic_machine=powerpcle-unknown - ;; - ppcle-* | powerpclittle-*) - basic_machine=powerpcle-`echo $basic_machine | sed 's/^[^-]*-//'` - ;; - ppc64) basic_machine=powerpc64-unknown - ;; - ppc64-* | ppc64p7-*) basic_machine=powerpc64-`echo $basic_machine | sed 's/^[^-]*-//'` - ;; - ppc64le | powerpc64little | ppc64-le | powerpc64-little) - basic_machine=powerpc64le-unknown - ;; - ppc64le-* | powerpc64little-*) - basic_machine=powerpc64le-`echo $basic_machine | sed 's/^[^-]*-//'` - ;; - ps2) - basic_machine=i386-ibm - ;; - pw32) - basic_machine=i586-unknown - os=-pw32 - ;; - rdos | rdos64) - basic_machine=x86_64-pc - os=-rdos - ;; - rdos32) - basic_machine=i386-pc - os=-rdos - ;; - rom68k) - basic_machine=m68k-rom68k - os=-coff - ;; - rm[46]00) - basic_machine=mips-siemens - ;; - rtpc | rtpc-*) - basic_machine=romp-ibm - ;; - s390 | s390-*) - basic_machine=s390-ibm - ;; - s390x | s390x-*) - basic_machine=s390x-ibm - ;; - sa29200) - basic_machine=a29k-amd - os=-udi - ;; - sb1) - basic_machine=mipsisa64sb1-unknown - ;; - sb1el) - basic_machine=mipsisa64sb1el-unknown - ;; - sde) - basic_machine=mipsisa32-sde - os=-elf - ;; - sei) - basic_machine=mips-sei - os=-seiux - ;; - sequent) - basic_machine=i386-sequent - ;; - sh) - basic_machine=sh-hitachi - os=-hms - ;; - sh5el) - basic_machine=sh5le-unknown - ;; - sh64) - basic_machine=sh64-unknown - ;; - sparclite-wrs | simso-wrs) - basic_machine=sparclite-wrs - os=-vxworks - ;; - sps7) - basic_machine=m68k-bull - os=-sysv2 - ;; - spur) - basic_machine=spur-unknown - ;; - st2000) - basic_machine=m68k-tandem - ;; - stratus) - basic_machine=i860-stratus - os=-sysv4 - ;; - strongarm-* | thumb-*) - basic_machine=arm-`echo $basic_machine | sed 's/^[^-]*-//'` - ;; - sun2) - basic_machine=m68000-sun - ;; - sun2os3) - basic_machine=m68000-sun - os=-sunos3 - ;; - sun2os4) - basic_machine=m68000-sun - os=-sunos4 - ;; - sun3os3) - basic_machine=m68k-sun - os=-sunos3 - ;; - sun3os4) - basic_machine=m68k-sun - os=-sunos4 - ;; - sun4os3) - basic_machine=sparc-sun - os=-sunos3 - ;; - sun4os4) - basic_machine=sparc-sun - os=-sunos4 - ;; - sun4sol2) - basic_machine=sparc-sun - os=-solaris2 - ;; - sun3 | sun3-*) - basic_machine=m68k-sun - ;; - sun4) - basic_machine=sparc-sun - ;; - sun386 | sun386i | roadrunner) - basic_machine=i386-sun - ;; - sv1) - basic_machine=sv1-cray - os=-unicos - ;; - symmetry) - basic_machine=i386-sequent - os=-dynix - ;; - t3e) - basic_machine=alphaev5-cray - os=-unicos - ;; - t90) - basic_machine=t90-cray - os=-unicos - ;; - tile*) - basic_machine=$basic_machine-unknown - os=-linux-gnu - ;; - tx39) - basic_machine=mipstx39-unknown - ;; - tx39el) - basic_machine=mipstx39el-unknown - ;; - toad1) - basic_machine=pdp10-xkl - os=-tops20 - ;; - tower | tower-32) - basic_machine=m68k-ncr - ;; - tpf) - basic_machine=s390x-ibm - os=-tpf - ;; - udi29k) - basic_machine=a29k-amd - os=-udi - ;; - ultra3) - basic_machine=a29k-nyu - os=-sym1 - ;; - v810 | necv810) - basic_machine=v810-nec - os=-none - ;; - vaxv) - basic_machine=vax-dec - os=-sysv - ;; - vms) - basic_machine=vax-dec - os=-vms - ;; - vpp*|vx|vx-*) - basic_machine=f301-fujitsu - ;; - vxworks960) - basic_machine=i960-wrs - os=-vxworks - ;; - vxworks68) - basic_machine=m68k-wrs - os=-vxworks - ;; - vxworks29k) - basic_machine=a29k-wrs - os=-vxworks - ;; - w65*) - basic_machine=w65-wdc - os=-none - ;; - w89k-*) - basic_machine=hppa1.1-winbond - os=-proelf - ;; - xbox) - basic_machine=i686-pc - os=-mingw32 - ;; - xps | xps100) - basic_machine=xps100-honeywell - ;; - xscale-* | xscalee[bl]-*) - basic_machine=`echo $basic_machine | sed 's/^xscale/arm/'` - ;; - ymp) - basic_machine=ymp-cray - os=-unicos - ;; - z8k-*-coff) - basic_machine=z8k-unknown - os=-sim - ;; - z80-*-coff) - basic_machine=z80-unknown - os=-sim - ;; - none) - basic_machine=none-none - os=-none - ;; - -# Here we handle the default manufacturer of certain CPU types. It is in -# some cases the only manufacturer, in others, it is the most popular. - w89k) - basic_machine=hppa1.1-winbond - ;; - op50n) - basic_machine=hppa1.1-oki - ;; - op60c) - basic_machine=hppa1.1-oki - ;; - romp) - basic_machine=romp-ibm - ;; - mmix) - basic_machine=mmix-knuth - ;; - rs6000) - basic_machine=rs6000-ibm - ;; - vax) - basic_machine=vax-dec - ;; - pdp10) - # there are many clones, so DEC is not a safe bet - basic_machine=pdp10-unknown - ;; - pdp11) - basic_machine=pdp11-dec - ;; - we32k) - basic_machine=we32k-att - ;; - sh[1234] | sh[24]a | sh[24]aeb | sh[34]eb | sh[1234]le | sh[23]ele) - basic_machine=sh-unknown - ;; - sparc | sparcv8 | sparcv9 | sparcv9b | sparcv9v) - basic_machine=sparc-sun - ;; - cydra) - basic_machine=cydra-cydrome - ;; - orion) - basic_machine=orion-highlevel - ;; - orion105) - basic_machine=clipper-highlevel - ;; - mac | mpw | mac-mpw) - basic_machine=m68k-apple - ;; - pmac | pmac-mpw) - basic_machine=powerpc-apple - ;; - *-unknown) - # Make sure to match an already-canonicalized machine name. - ;; - *) - echo Invalid configuration \`$1\': machine \`$basic_machine\' not recognized 1>&2 - exit 1 - ;; -esac - -# Here we canonicalize certain aliases for manufacturers. -case $basic_machine in - *-digital*) - basic_machine=`echo $basic_machine | sed 's/digital.*/dec/'` - ;; - *-commodore*) - basic_machine=`echo $basic_machine | sed 's/commodore.*/cbm/'` - ;; - *) - ;; -esac - -# Decode manufacturer-specific aliases for certain operating systems. - -if [ x"$os" != x"" ] -then -case $os in - # First match some system type aliases - # that might get confused with valid system types. - # -solaris* is a basic system type, with this one exception. - -auroraux) - os=-auroraux - ;; - -solaris1 | -solaris1.*) - os=`echo $os | sed -e 's|solaris1|sunos4|'` - ;; - -solaris) - os=-solaris2 - ;; - -svr4*) - os=-sysv4 - ;; - -unixware*) - os=-sysv4.2uw - ;; - -gnu/linux*) - os=`echo $os | sed -e 's|gnu/linux|linux-gnu|'` - ;; - # First accept the basic system types. - # The portable systems comes first. - # Each alternative MUST END IN A *, to match a version number. - # -sysv* is not here because it comes later, after sysvr4. - -gnu* | -bsd* | -mach* | -minix* | -genix* | -ultrix* | -irix* \ - | -*vms* | -sco* | -esix* | -isc* | -aix* | -cnk* | -sunos | -sunos[34]*\ - | -hpux* | -unos* | -osf* | -luna* | -dgux* | -auroraux* | -solaris* \ - | -sym* | -kopensolaris* | -plan9* \ - | -amigaos* | -amigados* | -msdos* | -newsos* | -unicos* | -aof* \ - | -aos* | -aros* \ - | -nindy* | -vxsim* | -vxworks* | -ebmon* | -hms* | -mvs* \ - | -clix* | -riscos* | -uniplus* | -iris* | -rtu* | -xenix* \ - | -hiux* | -386bsd* | -knetbsd* | -mirbsd* | -netbsd* \ - | -bitrig* | -openbsd* | -solidbsd* \ - | -ekkobsd* | -kfreebsd* | -freebsd* | -riscix* | -lynxos* \ - | -bosx* | -nextstep* | -cxux* | -aout* | -elf* | -oabi* \ - | -ptx* | -coff* | -ecoff* | -winnt* | -domain* | -vsta* \ - | -udi* | -eabi* | -lites* | -ieee* | -go32* | -aux* \ - | -chorusos* | -chorusrdb* | -cegcc* \ - | -cygwin* | -msys* | -pe* | -psos* | -moss* | -proelf* | -rtems* \ - | -mingw32* | -mingw64* | -linux-gnu* | -linux-android* \ - | -linux-newlib* | -linux-musl* | -linux-uclibc* \ - | -uxpv* | -beos* | -mpeix* | -udk* \ - | -interix* | -uwin* | -mks* | -rhapsody* | -darwin* | -opened* \ - | -openstep* | -oskit* | -conix* | -pw32* | -nonstopux* \ - | -storm-chaos* | -tops10* | -tenex* | -tops20* | -its* \ - | -os2* | -vos* | -palmos* | -uclinux* | -nucleus* \ - | -morphos* | -superux* | -rtmk* | -rtmk-nova* | -windiss* \ - | -powermax* | -dnix* | -nx6 | -nx7 | -sei* | -dragonfly* \ - | -skyos* | -haiku* | -rdos* | -toppers* | -drops* | -es*) - # Remember, each alternative MUST END IN *, to match a version number. - ;; - -qnx*) - case $basic_machine in - x86-* | i*86-*) - ;; - *) - os=-nto$os - ;; - esac - ;; - -nto-qnx*) - ;; - -nto*) - os=`echo $os | sed -e 's|nto|nto-qnx|'` - ;; - -sim | -es1800* | -hms* | -xray | -os68k* | -none* | -v88r* \ - | -windows* | -osx | -abug | -netware* | -os9* | -beos* | -haiku* \ - | -macos* | -mpw* | -magic* | -mmixware* | -mon960* | -lnews*) - ;; - -mac*) - os=`echo $os | sed -e 's|mac|macos|'` - ;; - -linux-dietlibc) - os=-linux-dietlibc - ;; - -linux*) - os=`echo $os | sed -e 's|linux|linux-gnu|'` - ;; - -sunos5*) - os=`echo $os | sed -e 's|sunos5|solaris2|'` - ;; - -sunos6*) - os=`echo $os | sed -e 's|sunos6|solaris3|'` - ;; - -opened*) - os=-openedition - ;; - -os400*) - os=-os400 - ;; - -wince*) - os=-wince - ;; - -osfrose*) - os=-osfrose - ;; - -osf*) - os=-osf - ;; - -utek*) - os=-bsd - ;; - -dynix*) - os=-bsd - ;; - -acis*) - os=-aos - ;; - -atheos*) - os=-atheos - ;; - -syllable*) - os=-syllable - ;; - -386bsd) - os=-bsd - ;; - -ctix* | -uts*) - os=-sysv - ;; - -nova*) - os=-rtmk-nova - ;; - -ns2 ) - os=-nextstep2 - ;; - -nsk*) - os=-nsk - ;; - # Preserve the version number of sinix5. - -sinix5.*) - os=`echo $os | sed -e 's|sinix|sysv|'` - ;; - -sinix*) - os=-sysv4 - ;; - -tpf*) - os=-tpf - ;; - -triton*) - os=-sysv3 - ;; - -oss*) - os=-sysv3 - ;; - -svr4) - os=-sysv4 - ;; - -svr3) - os=-sysv3 - ;; - -sysvr4) - os=-sysv4 - ;; - # This must come after -sysvr4. - -sysv*) - ;; - -ose*) - os=-ose - ;; - -es1800*) - os=-ose - ;; - -xenix) - os=-xenix - ;; - -*mint | -mint[0-9]* | -*MiNT | -MiNT[0-9]*) - os=-mint - ;; - -aros*) - os=-aros - ;; - -zvmoe) - os=-zvmoe - ;; - -dicos*) - os=-dicos - ;; - -nacl*) - ;; - -none) - ;; - *) - # Get rid of the `-' at the beginning of $os. - os=`echo $os | sed 's/[^-]*-//'` - echo Invalid configuration \`$1\': system \`$os\' not recognized 1>&2 - exit 1 - ;; -esac -else - -# Here we handle the default operating systems that come with various machines. -# The value should be what the vendor currently ships out the door with their -# machine or put another way, the most popular os provided with the machine. - -# Note that if you're going to try to match "-MANUFACTURER" here (say, -# "-sun"), then you have to tell the case statement up towards the top -# that MANUFACTURER isn't an operating system. Otherwise, code above -# will signal an error saying that MANUFACTURER isn't an operating -# system, and we'll never get to this point. - -case $basic_machine in - score-*) - os=-elf - ;; - spu-*) - os=-elf - ;; - *-acorn) - os=-riscix1.2 - ;; - arm*-rebel) - os=-linux - ;; - arm*-semi) - os=-aout - ;; - c4x-* | tic4x-*) - os=-coff - ;; - c8051-*) - os=-elf - ;; - hexagon-*) - os=-elf - ;; - tic54x-*) - os=-coff - ;; - tic55x-*) - os=-coff - ;; - tic6x-*) - os=-coff - ;; - # This must come before the *-dec entry. - pdp10-*) - os=-tops20 - ;; - pdp11-*) - os=-none - ;; - *-dec | vax-*) - os=-ultrix4.2 - ;; - m68*-apollo) - os=-domain - ;; - i386-sun) - os=-sunos4.0.2 - ;; - m68000-sun) - os=-sunos3 - ;; - m68*-cisco) - os=-aout - ;; - mep-*) - os=-elf - ;; - mips*-cisco) - os=-elf - ;; - mips*-*) - os=-elf - ;; - or1k-*) - os=-elf - ;; - or32-*) - os=-coff - ;; - *-tti) # must be before sparc entry or we get the wrong os. - os=-sysv3 - ;; - sparc-* | *-sun) - os=-sunos4.1.1 - ;; - *-be) - os=-beos - ;; - *-haiku) - os=-haiku - ;; - *-ibm) - os=-aix - ;; - *-knuth) - os=-mmixware - ;; - *-wec) - os=-proelf - ;; - *-winbond) - os=-proelf - ;; - *-oki) - os=-proelf - ;; - *-hp) - os=-hpux - ;; - *-hitachi) - os=-hiux - ;; - i860-* | *-att | *-ncr | *-altos | *-motorola | *-convergent) - os=-sysv - ;; - *-cbm) - os=-amigaos - ;; - *-dg) - os=-dgux - ;; - *-dolphin) - os=-sysv3 - ;; - m68k-ccur) - os=-rtu - ;; - m88k-omron*) - os=-luna - ;; - *-next ) - os=-nextstep - ;; - *-sequent) - os=-ptx - ;; - *-crds) - os=-unos - ;; - *-ns) - os=-genix - ;; - i370-*) - os=-mvs - ;; - *-next) - os=-nextstep3 - ;; - *-gould) - os=-sysv - ;; - *-highlevel) - os=-bsd - ;; - *-encore) - os=-bsd - ;; - *-sgi) - os=-irix - ;; - *-siemens) - os=-sysv4 - ;; - *-masscomp) - os=-rtu - ;; - f30[01]-fujitsu | f700-fujitsu) - os=-uxpv - ;; - *-rom68k) - os=-coff - ;; - *-*bug) - os=-coff - ;; - *-apple) - os=-macos - ;; - *-atari*) - os=-mint - ;; - *) - os=-none - ;; -esac -fi - -# Here we handle the case where we know the os, and the CPU type, but not the -# manufacturer. We pick the logical manufacturer. -vendor=unknown -case $basic_machine in - *-unknown) - case $os in - -riscix*) - vendor=acorn - ;; - -sunos*) - vendor=sun - ;; - -cnk*|-aix*) - vendor=ibm - ;; - -beos*) - vendor=be - ;; - -hpux*) - vendor=hp - ;; - -mpeix*) - vendor=hp - ;; - -hiux*) - vendor=hitachi - ;; - -unos*) - vendor=crds - ;; - -dgux*) - vendor=dg - ;; - -luna*) - vendor=omron - ;; - -genix*) - vendor=ns - ;; - -mvs* | -opened*) - vendor=ibm - ;; - -os400*) - vendor=ibm - ;; - -ptx*) - vendor=sequent - ;; - -tpf*) - vendor=ibm - ;; - -vxsim* | -vxworks* | -windiss*) - vendor=wrs - ;; - -aux*) - vendor=apple - ;; - -hms*) - vendor=hitachi - ;; - -mpw* | -macos*) - vendor=apple - ;; - -*mint | -mint[0-9]* | -*MiNT | -MiNT[0-9]*) - vendor=atari - ;; - -vos*) - vendor=stratus - ;; - esac - basic_machine=`echo $basic_machine | sed "s/unknown/$vendor/"` - ;; -esac - -echo $basic_machine$os -exit - -# Local variables: -# eval: (add-hook 'write-file-hooks 'time-stamp) -# time-stamp-start: "timestamp='" -# time-stamp-format: "%:y-%02m-%02d" -# time-stamp-end: "'" -# End: diff --git a/external/unbound/configure b/external/unbound/configure deleted file mode 100755 index 48162d86f..000000000 --- a/external/unbound/configure +++ /dev/null @@ -1,22640 +0,0 @@ -#! /bin/sh -# Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.69 for unbound 1.6.3. -# -# Report bugs to . -# -# -# Copyright (C) 1992-1996, 1998-2012 Free Software Foundation, Inc. -# -# -# This configure script is free software; the Free Software Foundation -# gives unlimited permission to copy, distribute and modify it. -## -------------------- ## -## M4sh Initialization. ## -## -------------------- ## - -# Be more Bourne compatible -DUALCASE=1; export DUALCASE # for MKS sh -if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then : - emulate sh - NULLCMD=: - # Pre-4.2 versions of Zsh do word splitting on ${1+"$@"}, which - # is contrary to our usage. Disable this feature. - alias -g '${1+"$@"}'='"$@"' - setopt NO_GLOB_SUBST -else - case `(set -o) 2>/dev/null` in #( - *posix*) : - set -o posix ;; #( - *) : - ;; -esac -fi - - -as_nl=' -' -export as_nl -# Printing a long string crashes Solaris 7 /usr/bin/printf. -as_echo='\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\' -as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo -as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo$as_echo -# Prefer a ksh shell builtin over an external printf program on Solaris, -# but without wasting forks for bash or zsh. -if test -z "$BASH_VERSION$ZSH_VERSION" \ - && (test "X`print -r -- $as_echo`" = "X$as_echo") 2>/dev/null; then - as_echo='print -r --' - as_echo_n='print -rn --' -elif (test "X`printf %s $as_echo`" = "X$as_echo") 2>/dev/null; then - as_echo='printf %s\n' - as_echo_n='printf %s' -else - if test "X`(/usr/ucb/echo -n -n $as_echo) 2>/dev/null`" = "X-n $as_echo"; then - as_echo_body='eval /usr/ucb/echo -n "$1$as_nl"' - as_echo_n='/usr/ucb/echo -n' - else - as_echo_body='eval expr "X$1" : "X\\(.*\\)"' - as_echo_n_body='eval - arg=$1; - case $arg in #( - *"$as_nl"*) - expr "X$arg" : "X\\(.*\\)$as_nl"; - arg=`expr "X$arg" : ".*$as_nl\\(.*\\)"`;; - esac; - expr "X$arg" : "X\\(.*\\)" | tr -d "$as_nl" - ' - export as_echo_n_body - as_echo_n='sh -c $as_echo_n_body as_echo' - fi - export as_echo_body - as_echo='sh -c $as_echo_body as_echo' -fi - -# The user is always right. -if test "${PATH_SEPARATOR+set}" != set; then - PATH_SEPARATOR=: - (PATH='/bin;/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 && { - (PATH='/bin:/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 || - PATH_SEPARATOR=';' - } -fi - - -# IFS -# We need space, tab and new line, in precisely that order. Quoting is -# there to prevent editors from complaining about space-tab. -# (If _AS_PATH_WALK were called with IFS unset, it would disable word -# splitting by setting IFS to empty value.) -IFS=" "" $as_nl" - -# Find who we are. Look in the path if we contain no directory separator. -as_myself= -case $0 in #(( - *[\\/]* ) as_myself=$0 ;; - *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR -for as_dir in $PATH -do - IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. - test -r "$as_dir/$0" && as_myself=$as_dir/$0 && break - done -IFS=$as_save_IFS - - ;; -esac -# We did not find ourselves, most probably we were run as `sh COMMAND' -# in which case we are not to be found in the path. -if test "x$as_myself" = x; then - as_myself=$0 -fi -if test ! -f "$as_myself"; then - $as_echo "$as_myself: error: cannot find myself; rerun with an absolute file name" >&2 - exit 1 -fi - -# Unset variables that we do not need and which cause bugs (e.g. in -# pre-3.0 UWIN ksh). But do not cause bugs in bash 2.01; the "|| exit 1" -# suppresses any "Segmentation fault" message there. '((' could -# trigger a bug in pdksh 5.2.14. -for as_var in BASH_ENV ENV MAIL MAILPATH -do eval test x\${$as_var+set} = xset \ - && ( (unset $as_var) || exit 1) >/dev/null 2>&1 && unset $as_var || : -done -PS1='$ ' -PS2='> ' -PS4='+ ' - -# NLS nuisances. -LC_ALL=C -export LC_ALL -LANGUAGE=C -export LANGUAGE - -# CDPATH. -(unset CDPATH) >/dev/null 2>&1 && unset CDPATH - -# Use a proper internal environment variable to ensure we don't fall - # into an infinite loop, continuously re-executing ourselves. - if test x"${_as_can_reexec}" != xno && test "x$CONFIG_SHELL" != x; then - _as_can_reexec=no; export _as_can_reexec; - # We cannot yet assume a decent shell, so we have to provide a -# neutralization value for shells without unset; and this also -# works around shells that cannot unset nonexistent variables. -# Preserve -v and -x to the replacement shell. -BASH_ENV=/dev/null -ENV=/dev/null -(unset BASH_ENV) >/dev/null 2>&1 && unset BASH_ENV ENV -case $- in # (((( - *v*x* | *x*v* ) as_opts=-vx ;; - *v* ) as_opts=-v ;; - *x* ) as_opts=-x ;; - * ) as_opts= ;; -esac -exec $CONFIG_SHELL $as_opts "$as_myself" ${1+"$@"} -# Admittedly, this is quite paranoid, since all the known shells bail -# out after a failed `exec'. -$as_echo "$0: could not re-execute with $CONFIG_SHELL" >&2 -as_fn_exit 255 - fi - # We don't want this to propagate to other subprocesses. - { _as_can_reexec=; unset _as_can_reexec;} -if test "x$CONFIG_SHELL" = x; then - as_bourne_compatible="if test -n \"\${ZSH_VERSION+set}\" && (emulate sh) >/dev/null 2>&1; then : - emulate sh - NULLCMD=: - # Pre-4.2 versions of Zsh do word splitting on \${1+\"\$@\"}, which - # is contrary to our usage. Disable this feature. - alias -g '\${1+\"\$@\"}'='\"\$@\"' - setopt NO_GLOB_SUBST -else - case \`(set -o) 2>/dev/null\` in #( - *posix*) : - set -o posix ;; #( - *) : - ;; -esac -fi -" - as_required="as_fn_return () { (exit \$1); } -as_fn_success () { as_fn_return 0; } -as_fn_failure () { as_fn_return 1; } -as_fn_ret_success () { return 0; } -as_fn_ret_failure () { return 1; } - -exitcode=0 -as_fn_success || { exitcode=1; echo as_fn_success failed.; } -as_fn_failure && { exitcode=1; echo as_fn_failure succeeded.; } -as_fn_ret_success || { exitcode=1; echo as_fn_ret_success failed.; } -as_fn_ret_failure && { exitcode=1; echo as_fn_ret_failure succeeded.; } -if ( set x; as_fn_ret_success y && test x = \"\$1\" ); then : - -else - exitcode=1; echo positional parameters were not saved. -fi -test x\$exitcode = x0 || exit 1 -test -x / || exit 1" - as_suggested=" as_lineno_1=";as_suggested=$as_suggested$LINENO;as_suggested=$as_suggested" as_lineno_1a=\$LINENO - as_lineno_2=";as_suggested=$as_suggested$LINENO;as_suggested=$as_suggested" as_lineno_2a=\$LINENO - eval 'test \"x\$as_lineno_1'\$as_run'\" != \"x\$as_lineno_2'\$as_run'\" && - test \"x\`expr \$as_lineno_1'\$as_run' + 1\`\" = \"x\$as_lineno_2'\$as_run'\"' || exit 1 -test \$(( 1 + 1 )) = 2 || exit 1 - - test -n \"\${ZSH_VERSION+set}\${BASH_VERSION+set}\" || ( - ECHO='\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\' - ECHO=\$ECHO\$ECHO\$ECHO\$ECHO\$ECHO - ECHO=\$ECHO\$ECHO\$ECHO\$ECHO\$ECHO\$ECHO - PATH=/empty FPATH=/empty; export PATH FPATH - test \"X\`printf %s \$ECHO\`\" = \"X\$ECHO\" \\ - || test \"X\`print -r -- \$ECHO\`\" = \"X\$ECHO\" ) || exit 1" - if (eval "$as_required") 2>/dev/null; then : - as_have_required=yes -else - as_have_required=no -fi - if test x$as_have_required = xyes && (eval "$as_suggested") 2>/dev/null; then : - -else - as_save_IFS=$IFS; IFS=$PATH_SEPARATOR -as_found=false -for as_dir in /bin$PATH_SEPARATOR/usr/bin$PATH_SEPARATOR$PATH -do - IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. - as_found=: - case $as_dir in #( - /*) - for as_base in sh bash ksh sh5; do - # Try only shells that exist, to save several forks. - as_shell=$as_dir/$as_base - if { test -f "$as_shell" || test -f "$as_shell.exe"; } && - { $as_echo "$as_bourne_compatible""$as_required" | as_run=a "$as_shell"; } 2>/dev/null; then : - CONFIG_SHELL=$as_shell as_have_required=yes - if { $as_echo "$as_bourne_compatible""$as_suggested" | as_run=a "$as_shell"; } 2>/dev/null; then : - break 2 -fi -fi - done;; - esac - as_found=false -done -$as_found || { if { test -f "$SHELL" || test -f "$SHELL.exe"; } && - { $as_echo "$as_bourne_compatible""$as_required" | as_run=a "$SHELL"; } 2>/dev/null; then : - CONFIG_SHELL=$SHELL as_have_required=yes -fi; } -IFS=$as_save_IFS - - - if test "x$CONFIG_SHELL" != x; then : - export CONFIG_SHELL - # We cannot yet assume a decent shell, so we have to provide a -# neutralization value for shells without unset; and this also -# works around shells that cannot unset nonexistent variables. -# Preserve -v and -x to the replacement shell. -BASH_ENV=/dev/null -ENV=/dev/null -(unset BASH_ENV) >/dev/null 2>&1 && unset BASH_ENV ENV -case $- in # (((( - *v*x* | *x*v* ) as_opts=-vx ;; - *v* ) as_opts=-v ;; - *x* ) as_opts=-x ;; - * ) as_opts= ;; -esac -exec $CONFIG_SHELL $as_opts "$as_myself" ${1+"$@"} -# Admittedly, this is quite paranoid, since all the known shells bail -# out after a failed `exec'. -$as_echo "$0: could not re-execute with $CONFIG_SHELL" >&2 -exit 255 -fi - - if test x$as_have_required = xno; then : - $as_echo "$0: This script requires a shell more modern than all" - $as_echo "$0: the shells that I found on your system." - if test x${ZSH_VERSION+set} = xset ; then - $as_echo "$0: In particular, zsh $ZSH_VERSION has bugs and should" - $as_echo "$0: be upgraded to zsh 4.3.4 or later." - else - $as_echo "$0: Please tell bug-autoconf@gnu.org and -$0: unbound-bugs@nlnetlabs.nl about your system, including -$0: any error possibly output before this message. Then -$0: install a modern shell, or manually run the script -$0: under such a shell if you do have one." - fi - exit 1 -fi -fi -fi -SHELL=${CONFIG_SHELL-/bin/sh} -export SHELL -# Unset more variables known to interfere with behavior of common tools. -CLICOLOR_FORCE= GREP_OPTIONS= -unset CLICOLOR_FORCE GREP_OPTIONS - -## --------------------- ## -## M4sh Shell Functions. ## -## --------------------- ## -# as_fn_unset VAR -# --------------- -# Portably unset VAR. -as_fn_unset () -{ - { eval $1=; unset $1;} -} -as_unset=as_fn_unset - -# as_fn_set_status STATUS -# ----------------------- -# Set $? to STATUS, without forking. -as_fn_set_status () -{ - return $1 -} # as_fn_set_status - -# as_fn_exit STATUS -# ----------------- -# Exit the shell with STATUS, even in a "trap 0" or "set -e" context. -as_fn_exit () -{ - set +e - as_fn_set_status $1 - exit $1 -} # as_fn_exit - -# as_fn_mkdir_p -# ------------- -# Create "$as_dir" as a directory, including parents if necessary. -as_fn_mkdir_p () -{ - - case $as_dir in #( - -*) as_dir=./$as_dir;; - esac - test -d "$as_dir" || eval $as_mkdir_p || { - as_dirs= - while :; do - case $as_dir in #( - *\'*) as_qdir=`$as_echo "$as_dir" | sed "s/'/'\\\\\\\\''/g"`;; #'( - *) as_qdir=$as_dir;; - esac - as_dirs="'$as_qdir' $as_dirs" - as_dir=`$as_dirname -- "$as_dir" || -$as_expr X"$as_dir" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ - X"$as_dir" : 'X\(//\)[^/]' \| \ - X"$as_dir" : 'X\(//\)$' \| \ - X"$as_dir" : 'X\(/\)' \| . 2>/dev/null || -$as_echo X"$as_dir" | - sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ - s//\1/ - q - } - /^X\(\/\/\)[^/].*/{ - s//\1/ - q - } - /^X\(\/\/\)$/{ - s//\1/ - q - } - /^X\(\/\).*/{ - s//\1/ - q - } - s/.*/./; q'` - test -d "$as_dir" && break - done - test -z "$as_dirs" || eval "mkdir $as_dirs" - } || test -d "$as_dir" || as_fn_error $? "cannot create directory $as_dir" - - -} # as_fn_mkdir_p - -# as_fn_executable_p FILE -# ----------------------- -# Test if FILE is an executable regular file. -as_fn_executable_p () -{ - test -f "$1" && test -x "$1" -} # as_fn_executable_p -# as_fn_append VAR VALUE -# ---------------------- -# Append the text in VALUE to the end of the definition contained in VAR. Take -# advantage of any shell optimizations that allow amortized linear growth over -# repeated appends, instead of the typical quadratic growth present in naive -# implementations. -if (eval "as_var=1; as_var+=2; test x\$as_var = x12") 2>/dev/null; then : - eval 'as_fn_append () - { - eval $1+=\$2 - }' -else - as_fn_append () - { - eval $1=\$$1\$2 - } -fi # as_fn_append - -# as_fn_arith ARG... -# ------------------ -# Perform arithmetic evaluation on the ARGs, and store the result in the -# global $as_val. Take advantage of shells that can avoid forks. The arguments -# must be portable across $(()) and expr. -if (eval "test \$(( 1 + 1 )) = 2") 2>/dev/null; then : - eval 'as_fn_arith () - { - as_val=$(( $* )) - }' -else - as_fn_arith () - { - as_val=`expr "$@" || test $? -eq 1` - } -fi # as_fn_arith - - -# as_fn_error STATUS ERROR [LINENO LOG_FD] -# ---------------------------------------- -# Output "`basename $0`: error: ERROR" to stderr. If LINENO and LOG_FD are -# provided, also output the error to LOG_FD, referencing LINENO. Then exit the -# script with STATUS, using 1 if that was 0. -as_fn_error () -{ - as_status=$1; test $as_status -eq 0 && as_status=1 - if test "$4"; then - as_lineno=${as_lineno-"$3"} as_lineno_stack=as_lineno_stack=$as_lineno_stack - $as_echo "$as_me:${as_lineno-$LINENO}: error: $2" >&$4 - fi - $as_echo "$as_me: error: $2" >&2 - as_fn_exit $as_status -} # as_fn_error - -if expr a : '\(a\)' >/dev/null 2>&1 && - test "X`expr 00001 : '.*\(...\)'`" = X001; then - as_expr=expr -else - as_expr=false -fi - -if (basename -- /) >/dev/null 2>&1 && test "X`basename -- / 2>&1`" = "X/"; then - as_basename=basename -else - as_basename=false -fi - -if (as_dir=`dirname -- /` && test "X$as_dir" = X/) >/dev/null 2>&1; then - as_dirname=dirname -else - as_dirname=false -fi - -as_me=`$as_basename -- "$0" || -$as_expr X/"$0" : '.*/\([^/][^/]*\)/*$' \| \ - X"$0" : 'X\(//\)$' \| \ - X"$0" : 'X\(/\)' \| . 2>/dev/null || -$as_echo X/"$0" | - sed '/^.*\/\([^/][^/]*\)\/*$/{ - s//\1/ - q - } - /^X\/\(\/\/\)$/{ - s//\1/ - q - } - /^X\/\(\/\).*/{ - s//\1/ - q - } - s/.*/./; q'` - -# Avoid depending upon Character Ranges. -as_cr_letters='abcdefghijklmnopqrstuvwxyz' -as_cr_LETTERS='ABCDEFGHIJKLMNOPQRSTUVWXYZ' -as_cr_Letters=$as_cr_letters$as_cr_LETTERS -as_cr_digits='0123456789' -as_cr_alnum=$as_cr_Letters$as_cr_digits - - - as_lineno_1=$LINENO as_lineno_1a=$LINENO - as_lineno_2=$LINENO as_lineno_2a=$LINENO - eval 'test "x$as_lineno_1'$as_run'" != "x$as_lineno_2'$as_run'" && - test "x`expr $as_lineno_1'$as_run' + 1`" = "x$as_lineno_2'$as_run'"' || { - # Blame Lee E. McMahon (1931-1989) for sed's syntax. :-) - sed -n ' - p - /[$]LINENO/= - ' <$as_myself | - sed ' - s/[$]LINENO.*/&-/ - t lineno - b - :lineno - N - :loop - s/[$]LINENO\([^'$as_cr_alnum'_].*\n\)\(.*\)/\2\1\2/ - t loop - s/-\n.*// - ' >$as_me.lineno && - chmod +x "$as_me.lineno" || - { $as_echo "$as_me: error: cannot create $as_me.lineno; rerun with a POSIX shell" >&2; as_fn_exit 1; } - - # If we had to re-execute with $CONFIG_SHELL, we're ensured to have - # already done that, so ensure we don't try to do so again and fall - # in an infinite loop. This has already happened in practice. - _as_can_reexec=no; export _as_can_reexec - # Don't try to exec as it changes $[0], causing all sort of problems - # (the dirname of $[0] is not the place where we might find the - # original and so on. Autoconf is especially sensitive to this). - . "./$as_me.lineno" - # Exit status is that of the last command. - exit -} - -ECHO_C= ECHO_N= ECHO_T= -case `echo -n x` in #((((( --n*) - case `echo 'xy\c'` in - *c*) ECHO_T=' ';; # ECHO_T is single tab character. - xy) ECHO_C='\c';; - *) echo `echo ksh88 bug on AIX 6.1` > /dev/null - ECHO_T=' ';; - esac;; -*) - ECHO_N='-n';; -esac - -rm -f conf$$ conf$$.exe conf$$.file -if test -d conf$$.dir; then - rm -f conf$$.dir/conf$$.file -else - rm -f conf$$.dir - mkdir conf$$.dir 2>/dev/null -fi -if (echo >conf$$.file) 2>/dev/null; then - if ln -s conf$$.file conf$$ 2>/dev/null; then - as_ln_s='ln -s' - # ... but there are two gotchas: - # 1) On MSYS, both `ln -s file dir' and `ln file dir' fail. - # 2) DJGPP < 2.04 has no symlinks; `ln -s' creates a wrapper executable. - # In both cases, we have to default to `cp -pR'. - ln -s conf$$.file conf$$.dir 2>/dev/null && test ! -f conf$$.exe || - as_ln_s='cp -pR' - elif ln conf$$.file conf$$ 2>/dev/null; then - as_ln_s=ln - else - as_ln_s='cp -pR' - fi -else - as_ln_s='cp -pR' -fi -rm -f conf$$ conf$$.exe conf$$.dir/conf$$.file conf$$.file -rmdir conf$$.dir 2>/dev/null - -if mkdir -p . 2>/dev/null; then - as_mkdir_p='mkdir -p "$as_dir"' -else - test -d ./-p && rmdir ./-p - as_mkdir_p=false -fi - -as_test_x='test -x' -as_executable_p=as_fn_executable_p - -# Sed expression to map a string onto a valid CPP name. -as_tr_cpp="eval sed 'y%*$as_cr_letters%P$as_cr_LETTERS%;s%[^_$as_cr_alnum]%_%g'" - -# Sed expression to map a string onto a valid variable name. -as_tr_sh="eval sed 'y%*+%pp%;s%[^_$as_cr_alnum]%_%g'" - -SHELL=${CONFIG_SHELL-/bin/sh} - - -test -n "$DJDIR" || exec 7<&0 &1 - -# Name of the host. -# hostname on some systems (SVR3.2, old GNU/Linux) returns a bogus exit status, -# so uname gets run too. -ac_hostname=`(hostname || uname -n) 2>/dev/null | sed 1q` - -# -# Initializations. -# -ac_default_prefix=/usr/local -ac_clean_files= -ac_config_libobj_dir=. -LIBOBJS= -cross_compiling=no -subdirs= -MFLAGS= -MAKEFLAGS= - -# Identity of this package. -PACKAGE_NAME='unbound' -PACKAGE_TARNAME='unbound' -PACKAGE_VERSION='1.6.3' -PACKAGE_STRING='unbound 1.6.3' -PACKAGE_BUGREPORT='unbound-bugs@nlnetlabs.nl' -PACKAGE_URL='' - -# Factoring default headers for most tests. -ac_includes_default="\ -#include -#ifdef HAVE_SYS_TYPES_H -# include -#endif -#ifdef HAVE_SYS_STAT_H -# include -#endif -#ifdef STDC_HEADERS -# include -# include -#else -# ifdef HAVE_STDLIB_H -# include -# endif -#endif -#ifdef HAVE_STRING_H -# if !defined STDC_HEADERS && defined HAVE_MEMORY_H -# include -# endif -# include -#endif -#ifdef HAVE_STRINGS_H -# include -#endif -#ifdef HAVE_INTTYPES_H -# include -#endif -#ifdef HAVE_STDINT_H -# include -#endif -#ifdef HAVE_UNISTD_H -# include -#endif" - -ac_subst_vars='LTLIBOBJS -date -version -INSTALLTARGET -ALLTARGET -SOURCEFILE -SOURCEDETERMINE -DNSCRYPT_OBJ -DNSCRYPT_SRC -ENABLE_DNSCRYPT -DNSTAP_OBJ -DNSTAP_SRC -opt_dnstap_socket_path -ENABLE_DNSTAP -PROTOC_C -UBSYMS -EXTRALINK -COMMON_OBJ_ALL_SYMBOLS -LIBOBJ_WITHOUT_CTIME -LIBOBJ_WITHOUT_CTIMEARC4 -WIN_CHECKCONF_OBJ_LINK -WIN_CONTROL_OBJ_LINK -WIN_UBANCHOR_OBJ_LINK -WIN_HOST_OBJ_LINK -WIN_DAEMON_OBJ_LINK -WIN_DAEMON_OBJ -WIN_DAEMON_SRC -WINAPPS -WINDRES -CHECKLOCK_OBJ -USE_SYSTEMD_FALSE -USE_SYSTEMD_TRUE -SYSTEMD_DAEMON_LIBS -SYSTEMD_DAEMON_CFLAGS -SYSTEMD_LIBS -SYSTEMD_CFLAGS -PKG_CONFIG_LIBDIR -PKG_CONFIG_PATH -PKG_CONFIG -staticexe -PC_LIBEVENT_DEPENDENCY -UNBOUND_EVENT_UNINSTALL -UNBOUND_EVENT_INSTALL -SUBNET_HEADER -SUBNET_OBJ -SSLLIB -HAVE_SSL -CONFIG_DATE -NETBSD_LINTFLAGS -PYUNBOUND_UNINSTALL -PYUNBOUND_INSTALL -PYUNBOUND_TARGET -PYUNBOUND_OBJ -WITH_PYUNBOUND -PYTHONMOD_UNINSTALL -PYTHONMOD_INSTALL -PYTHONMOD_HEADER -PYTHONMOD_OBJ -WITH_PYTHONMODULE -swig -SWIG_LIB -SWIG -PC_PY_DEPENDENCY -PY_MAJOR_VERSION -PYTHON_SITE_PKG -PYTHON_LDFLAGS -PYTHON_CPPFLAGS -PYTHON -PYTHON_VERSION -PTHREAD_CFLAGS_ONLY -PTHREAD_CFLAGS -PTHREAD_LIBS -PTHREAD_CC -ax_pthread_config -RUNTIME_PATH -LIBOBJS -LT_SYS_LIBRARY_PATH -OTOOL64 -OTOOL -LIPO -NMEDIT -DSYMUTIL -MANIFEST_TOOL -AWK -RANLIB -ac_ct_AR -DLLTOOL -OBJDUMP -LN_S -NM -ac_ct_DUMPBIN -DUMPBIN -LD -FGREP -SED -LIBTOOL -AR -host_os -host_vendor -host_cpu -host -build_os -build_vendor -build_cpu -build -libtool -STRIP -doxygen -YFLAGS -YACC -LEXLIB -LEX_OUTPUT_ROOT -LEX -debug_enabled -DEPFLAG -UNBOUND_USERNAME -UNBOUND_ROOTCERT_FILE -UNBOUND_ROOTKEY_FILE -UNBOUND_PIDFILE -UNBOUND_SHARE_DIR -UNBOUND_CHROOT_DIR -UNBOUND_RUN_DIR -ub_conf_dir -ub_conf_file -EGREP -GREP -CPP -OBJEXT -EXEEXT -ac_ct_CC -CPPFLAGS -LDFLAGS -CFLAGS -CC -LIBUNBOUND_AGE -LIBUNBOUND_REVISION -LIBUNBOUND_CURRENT -UNBOUND_VERSION_MICRO -UNBOUND_VERSION_MINOR -UNBOUND_VERSION_MAJOR -target_alias -host_alias -build_alias -LIBS -ECHO_T -ECHO_N -ECHO_C -DEFS -mandir -localedir -libdir -psdir -pdfdir -dvidir -htmldir -infodir -docdir -oldincludedir -includedir -localstatedir -sharedstatedir -sysconfdir -datadir -datarootdir -libexecdir -sbindir -bindir -program_transform_name -prefix -exec_prefix -PACKAGE_URL -PACKAGE_BUGREPORT -PACKAGE_STRING -PACKAGE_VERSION -PACKAGE_TARNAME -PACKAGE_NAME -PATH_SEPARATOR -SHELL' -ac_subst_files='' -ac_user_opts=' -enable_option_checking -with_conf_file -with_run_dir -with_chroot_dir -with_share_dir -with_pidfile -with_rootkey_file -with_rootcert_file -with_username -enable_checking -enable_debug -enable_flto -enable_pie -enable_relro_now -enable_shared -enable_static -with_pic -enable_fast_install -with_aix_soname -with_gnu_ld -with_sysroot -enable_libtool_lock -enable_rpath -enable_largefile -enable_alloc_checks -enable_alloc_lite -enable_alloc_nonregional -with_pthreads -with_solaris_threads -with_pyunbound -with_pythonmodule -with_nss -with_nettle -with_ssl -enable_sha1 -enable_sha2 -enable_subnet -enable_gost -enable_ecdsa -enable_dsa -enable_event_api -enable_tfo_client -enable_tfo_server -with_libevent -with_libexpat -enable_static_exe -enable_systemd -enable_lock_checks -enable_allsymbols -enable_dnstap -with_dnstap_socket_path -with_protobuf_c -with_libfstrm -enable_dnscrypt -with_libsodium -enable_cachedb -with_libunbound_only -' - ac_precious_vars='build_alias -host_alias -target_alias -CC -CFLAGS -LDFLAGS -LIBS -CPPFLAGS -CPP -YACC -YFLAGS -LT_SYS_LIBRARY_PATH -PYTHON_VERSION -PKG_CONFIG -PKG_CONFIG_PATH -PKG_CONFIG_LIBDIR -SYSTEMD_CFLAGS -SYSTEMD_LIBS -SYSTEMD_DAEMON_CFLAGS -SYSTEMD_DAEMON_LIBS' - - -# Initialize some variables set by options. -ac_init_help= -ac_init_version=false -ac_unrecognized_opts= -ac_unrecognized_sep= -# The variables have the same names as the options, with -# dashes changed to underlines. -cache_file=/dev/null -exec_prefix=NONE -no_create= -no_recursion= -prefix=NONE -program_prefix=NONE -program_suffix=NONE -program_transform_name=s,x,x, -silent= -site= -srcdir= -verbose= -x_includes=NONE -x_libraries=NONE - -# Installation directory options. -# These are left unexpanded so users can "make install exec_prefix=/foo" -# and all the variables that are supposed to be based on exec_prefix -# by default will actually change. -# Use braces instead of parens because sh, perl, etc. also accept them. -# (The list follows the same order as the GNU Coding Standards.) -bindir='${exec_prefix}/bin' -sbindir='${exec_prefix}/sbin' -libexecdir='${exec_prefix}/libexec' -datarootdir='${prefix}/share' -datadir='${datarootdir}' -sysconfdir='${prefix}/etc' -sharedstatedir='${prefix}/com' -localstatedir='${prefix}/var' -includedir='${prefix}/include' -oldincludedir='/usr/include' -docdir='${datarootdir}/doc/${PACKAGE_TARNAME}' -infodir='${datarootdir}/info' -htmldir='${docdir}' -dvidir='${docdir}' -pdfdir='${docdir}' -psdir='${docdir}' -libdir='${exec_prefix}/lib' -localedir='${datarootdir}/locale' -mandir='${datarootdir}/man' - -ac_prev= -ac_dashdash= -for ac_option -do - # If the previous option needs an argument, assign it. - if test -n "$ac_prev"; then - eval $ac_prev=\$ac_option - ac_prev= - continue - fi - - case $ac_option in - *=?*) ac_optarg=`expr "X$ac_option" : '[^=]*=\(.*\)'` ;; - *=) ac_optarg= ;; - *) ac_optarg=yes ;; - esac - - # Accept the important Cygnus configure options, so we can diagnose typos. - - case $ac_dashdash$ac_option in - --) - ac_dashdash=yes ;; - - -bindir | --bindir | --bindi | --bind | --bin | --bi) - ac_prev=bindir ;; - -bindir=* | --bindir=* | --bindi=* | --bind=* | --bin=* | --bi=*) - bindir=$ac_optarg ;; - - -build | --build | --buil | --bui | --bu) - ac_prev=build_alias ;; - -build=* | --build=* | --buil=* | --bui=* | --bu=*) - build_alias=$ac_optarg ;; - - -cache-file | --cache-file | --cache-fil | --cache-fi \ - | --cache-f | --cache- | --cache | --cach | --cac | --ca | --c) - ac_prev=cache_file ;; - -cache-file=* | --cache-file=* | --cache-fil=* | --cache-fi=* \ - | --cache-f=* | --cache-=* | --cache=* | --cach=* | --cac=* | --ca=* | --c=*) - cache_file=$ac_optarg ;; - - --config-cache | -C) - cache_file=config.cache ;; - - -datadir | --datadir | --datadi | --datad) - ac_prev=datadir ;; - -datadir=* | --datadir=* | --datadi=* | --datad=*) - datadir=$ac_optarg ;; - - -datarootdir | --datarootdir | --datarootdi | --datarootd | --dataroot \ - | --dataroo | --dataro | --datar) - ac_prev=datarootdir ;; - -datarootdir=* | --datarootdir=* | --datarootdi=* | --datarootd=* \ - | --dataroot=* | --dataroo=* | --dataro=* | --datar=*) - datarootdir=$ac_optarg ;; - - -disable-* | --disable-*) - ac_useropt=`expr "x$ac_option" : 'x-*disable-\(.*\)'` - # Reject names that are not valid shell variable names. - expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null && - as_fn_error $? "invalid feature name: $ac_useropt" - ac_useropt_orig=$ac_useropt - ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'` - case $ac_user_opts in - *" -"enable_$ac_useropt" -"*) ;; - *) ac_unrecognized_opts="$ac_unrecognized_opts$ac_unrecognized_sep--disable-$ac_useropt_orig" - ac_unrecognized_sep=', ';; - esac - eval enable_$ac_useropt=no ;; - - -docdir | --docdir | --docdi | --doc | --do) - ac_prev=docdir ;; - -docdir=* | --docdir=* | --docdi=* | --doc=* | --do=*) - docdir=$ac_optarg ;; - - -dvidir | --dvidir | --dvidi | --dvid | --dvi | --dv) - ac_prev=dvidir ;; - -dvidir=* | --dvidir=* | --dvidi=* | --dvid=* | --dvi=* | --dv=*) - dvidir=$ac_optarg ;; - - -enable-* | --enable-*) - ac_useropt=`expr "x$ac_option" : 'x-*enable-\([^=]*\)'` - # Reject names that are not valid shell variable names. - expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null && - as_fn_error $? "invalid feature name: $ac_useropt" - ac_useropt_orig=$ac_useropt - ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'` - case $ac_user_opts in - *" -"enable_$ac_useropt" -"*) ;; - *) ac_unrecognized_opts="$ac_unrecognized_opts$ac_unrecognized_sep--enable-$ac_useropt_orig" - ac_unrecognized_sep=', ';; - esac - eval enable_$ac_useropt=\$ac_optarg ;; - - -exec-prefix | --exec_prefix | --exec-prefix | --exec-prefi \ - | --exec-pref | --exec-pre | --exec-pr | --exec-p | --exec- \ - | --exec | --exe | --ex) - ac_prev=exec_prefix ;; - -exec-prefix=* | --exec_prefix=* | --exec-prefix=* | --exec-prefi=* \ - | --exec-pref=* | --exec-pre=* | --exec-pr=* | --exec-p=* | --exec-=* \ - | --exec=* | --exe=* | --ex=*) - exec_prefix=$ac_optarg ;; - - -gas | --gas | --ga | --g) - # Obsolete; use --with-gas. - with_gas=yes ;; - - -help | --help | --hel | --he | -h) - ac_init_help=long ;; - -help=r* | --help=r* | --hel=r* | --he=r* | -hr*) - ac_init_help=recursive ;; - -help=s* | --help=s* | --hel=s* | --he=s* | -hs*) - ac_init_help=short ;; - - -host | --host | --hos | --ho) - ac_prev=host_alias ;; - -host=* | --host=* | --hos=* | --ho=*) - host_alias=$ac_optarg ;; - - -htmldir | --htmldir | --htmldi | --htmld | --html | --htm | --ht) - ac_prev=htmldir ;; - -htmldir=* | --htmldir=* | --htmldi=* | --htmld=* | --html=* | --htm=* \ - | --ht=*) - htmldir=$ac_optarg ;; - - -includedir | --includedir | --includedi | --included | --include \ - | --includ | --inclu | --incl | --inc) - ac_prev=includedir ;; - -includedir=* | --includedir=* | --includedi=* | --included=* | --include=* \ - | --includ=* | --inclu=* | --incl=* | --inc=*) - includedir=$ac_optarg ;; - - -infodir | --infodir | --infodi | --infod | --info | --inf) - ac_prev=infodir ;; - -infodir=* | --infodir=* | --infodi=* | --infod=* | --info=* | --inf=*) - infodir=$ac_optarg ;; - - -libdir | --libdir | --libdi | --libd) - ac_prev=libdir ;; - -libdir=* | --libdir=* | --libdi=* | --libd=*) - libdir=$ac_optarg ;; - - -libexecdir | --libexecdir | --libexecdi | --libexecd | --libexec \ - | --libexe | --libex | --libe) - ac_prev=libexecdir ;; - -libexecdir=* | --libexecdir=* | --libexecdi=* | --libexecd=* | --libexec=* \ - | --libexe=* | --libex=* | --libe=*) - libexecdir=$ac_optarg ;; - - -localedir | --localedir | --localedi | --localed | --locale) - ac_prev=localedir ;; - -localedir=* | --localedir=* | --localedi=* | --localed=* | --locale=*) - localedir=$ac_optarg ;; - - -localstatedir | --localstatedir | --localstatedi | --localstated \ - | --localstate | --localstat | --localsta | --localst | --locals) - ac_prev=localstatedir ;; - -localstatedir=* | --localstatedir=* | --localstatedi=* | --localstated=* \ - | --localstate=* | --localstat=* | --localsta=* | --localst=* | --locals=*) - localstatedir=$ac_optarg ;; - - -mandir | --mandir | --mandi | --mand | --man | --ma | --m) - ac_prev=mandir ;; - -mandir=* | --mandir=* | --mandi=* | --mand=* | --man=* | --ma=* | --m=*) - mandir=$ac_optarg ;; - - -nfp | --nfp | --nf) - # Obsolete; use --without-fp. - with_fp=no ;; - - -no-create | --no-create | --no-creat | --no-crea | --no-cre \ - | --no-cr | --no-c | -n) - no_create=yes ;; - - -no-recursion | --no-recursion | --no-recursio | --no-recursi \ - | --no-recurs | --no-recur | --no-recu | --no-rec | --no-re | --no-r) - no_recursion=yes ;; - - -oldincludedir | --oldincludedir | --oldincludedi | --oldincluded \ - | --oldinclude | --oldinclud | --oldinclu | --oldincl | --oldinc \ - | --oldin | --oldi | --old | --ol | --o) - ac_prev=oldincludedir ;; - -oldincludedir=* | --oldincludedir=* | --oldincludedi=* | --oldincluded=* \ - | --oldinclude=* | --oldinclud=* | --oldinclu=* | --oldincl=* | --oldinc=* \ - | --oldin=* | --oldi=* | --old=* | --ol=* | --o=*) - oldincludedir=$ac_optarg ;; - - -prefix | --prefix | --prefi | --pref | --pre | --pr | --p) - ac_prev=prefix ;; - -prefix=* | --prefix=* | --prefi=* | --pref=* | --pre=* | --pr=* | --p=*) - prefix=$ac_optarg ;; - - -program-prefix | --program-prefix | --program-prefi | --program-pref \ - | --program-pre | --program-pr | --program-p) - ac_prev=program_prefix ;; - -program-prefix=* | --program-prefix=* | --program-prefi=* \ - | --program-pref=* | --program-pre=* | --program-pr=* | --program-p=*) - program_prefix=$ac_optarg ;; - - -program-suffix | --program-suffix | --program-suffi | --program-suff \ - | --program-suf | --program-su | --program-s) - ac_prev=program_suffix ;; - -program-suffix=* | --program-suffix=* | --program-suffi=* \ - | --program-suff=* | --program-suf=* | --program-su=* | --program-s=*) - program_suffix=$ac_optarg ;; - - -program-transform-name | --program-transform-name \ - | --program-transform-nam | --program-transform-na \ - | --program-transform-n | --program-transform- \ - | --program-transform | --program-transfor \ - | --program-transfo | --program-transf \ - | --program-trans | --program-tran \ - | --progr-tra | --program-tr | --program-t) - ac_prev=program_transform_name ;; - -program-transform-name=* | --program-transform-name=* \ - | --program-transform-nam=* | --program-transform-na=* \ - | --program-transform-n=* | --program-transform-=* \ - | --program-transform=* | --program-transfor=* \ - | --program-transfo=* | --program-transf=* \ - | --program-trans=* | --program-tran=* \ - | --progr-tra=* | --program-tr=* | --program-t=*) - program_transform_name=$ac_optarg ;; - - -pdfdir | --pdfdir | --pdfdi | --pdfd | --pdf | --pd) - ac_prev=pdfdir ;; - -pdfdir=* | --pdfdir=* | --pdfdi=* | --pdfd=* | --pdf=* | --pd=*) - pdfdir=$ac_optarg ;; - - -psdir | --psdir | --psdi | --psd | --ps) - ac_prev=psdir ;; - -psdir=* | --psdir=* | --psdi=* | --psd=* | --ps=*) - psdir=$ac_optarg ;; - - -q | -quiet | --quiet | --quie | --qui | --qu | --q \ - | -silent | --silent | --silen | --sile | --sil) - silent=yes ;; - - -sbindir | --sbindir | --sbindi | --sbind | --sbin | --sbi | --sb) - ac_prev=sbindir ;; - -sbindir=* | --sbindir=* | --sbindi=* | --sbind=* | --sbin=* \ - | --sbi=* | --sb=*) - sbindir=$ac_optarg ;; - - -sharedstatedir | --sharedstatedir | --sharedstatedi \ - | --sharedstated | --sharedstate | --sharedstat | --sharedsta \ - | --sharedst | --shareds | --shared | --share | --shar \ - | --sha | --sh) - ac_prev=sharedstatedir ;; - -sharedstatedir=* | --sharedstatedir=* | --sharedstatedi=* \ - | --sharedstated=* | --sharedstate=* | --sharedstat=* | --sharedsta=* \ - | --sharedst=* | --shareds=* | --shared=* | --share=* | --shar=* \ - | --sha=* | --sh=*) - sharedstatedir=$ac_optarg ;; - - -site | --site | --sit) - ac_prev=site ;; - -site=* | --site=* | --sit=*) - site=$ac_optarg ;; - - -srcdir | --srcdir | --srcdi | --srcd | --src | --sr) - ac_prev=srcdir ;; - -srcdir=* | --srcdir=* | --srcdi=* | --srcd=* | --src=* | --sr=*) - srcdir=$ac_optarg ;; - - -sysconfdir | --sysconfdir | --sysconfdi | --sysconfd | --sysconf \ - | --syscon | --sysco | --sysc | --sys | --sy) - ac_prev=sysconfdir ;; - -sysconfdir=* | --sysconfdir=* | --sysconfdi=* | --sysconfd=* | --sysconf=* \ - | --syscon=* | --sysco=* | --sysc=* | --sys=* | --sy=*) - sysconfdir=$ac_optarg ;; - - -target | --target | --targe | --targ | --tar | --ta | --t) - ac_prev=target_alias ;; - -target=* | --target=* | --targe=* | --targ=* | --tar=* | --ta=* | --t=*) - target_alias=$ac_optarg ;; - - -v | -verbose | --verbose | --verbos | --verbo | --verb) - verbose=yes ;; - - -version | --version | --versio | --versi | --vers | -V) - ac_init_version=: ;; - - -with-* | --with-*) - ac_useropt=`expr "x$ac_option" : 'x-*with-\([^=]*\)'` - # Reject names that are not valid shell variable names. - expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null && - as_fn_error $? "invalid package name: $ac_useropt" - ac_useropt_orig=$ac_useropt - ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'` - case $ac_user_opts in - *" -"with_$ac_useropt" -"*) ;; - *) ac_unrecognized_opts="$ac_unrecognized_opts$ac_unrecognized_sep--with-$ac_useropt_orig" - ac_unrecognized_sep=', ';; - esac - eval with_$ac_useropt=\$ac_optarg ;; - - -without-* | --without-*) - ac_useropt=`expr "x$ac_option" : 'x-*without-\(.*\)'` - # Reject names that are not valid shell variable names. - expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null && - as_fn_error $? "invalid package name: $ac_useropt" - ac_useropt_orig=$ac_useropt - ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'` - case $ac_user_opts in - *" -"with_$ac_useropt" -"*) ;; - *) ac_unrecognized_opts="$ac_unrecognized_opts$ac_unrecognized_sep--without-$ac_useropt_orig" - ac_unrecognized_sep=', ';; - esac - eval with_$ac_useropt=no ;; - - --x) - # Obsolete; use --with-x. - with_x=yes ;; - - -x-includes | --x-includes | --x-include | --x-includ | --x-inclu \ - | --x-incl | --x-inc | --x-in | --x-i) - ac_prev=x_includes ;; - -x-includes=* | --x-includes=* | --x-include=* | --x-includ=* | --x-inclu=* \ - | --x-incl=* | --x-inc=* | --x-in=* | --x-i=*) - x_includes=$ac_optarg ;; - - -x-libraries | --x-libraries | --x-librarie | --x-librari \ - | --x-librar | --x-libra | --x-libr | --x-lib | --x-li | --x-l) - ac_prev=x_libraries ;; - -x-libraries=* | --x-libraries=* | --x-librarie=* | --x-librari=* \ - | --x-librar=* | --x-libra=* | --x-libr=* | --x-lib=* | --x-li=* | --x-l=*) - x_libraries=$ac_optarg ;; - - -*) as_fn_error $? "unrecognized option: \`$ac_option' -Try \`$0 --help' for more information" - ;; - - *=*) - ac_envvar=`expr "x$ac_option" : 'x\([^=]*\)='` - # Reject names that are not valid shell variable names. - case $ac_envvar in #( - '' | [0-9]* | *[!_$as_cr_alnum]* ) - as_fn_error $? "invalid variable name: \`$ac_envvar'" ;; - esac - eval $ac_envvar=\$ac_optarg - export $ac_envvar ;; - - *) - # FIXME: should be removed in autoconf 3.0. - $as_echo "$as_me: WARNING: you should use --build, --host, --target" >&2 - expr "x$ac_option" : ".*[^-._$as_cr_alnum]" >/dev/null && - $as_echo "$as_me: WARNING: invalid host type: $ac_option" >&2 - : "${build_alias=$ac_option} ${host_alias=$ac_option} ${target_alias=$ac_option}" - ;; - - esac -done - -if test -n "$ac_prev"; then - ac_option=--`echo $ac_prev | sed 's/_/-/g'` - as_fn_error $? "missing argument to $ac_option" -fi - -if test -n "$ac_unrecognized_opts"; then - case $enable_option_checking in - no) ;; - fatal) as_fn_error $? "unrecognized options: $ac_unrecognized_opts" ;; - *) $as_echo "$as_me: WARNING: unrecognized options: $ac_unrecognized_opts" >&2 ;; - esac -fi - -# Check all directory arguments for consistency. -for ac_var in exec_prefix prefix bindir sbindir libexecdir datarootdir \ - datadir sysconfdir sharedstatedir localstatedir includedir \ - oldincludedir docdir infodir htmldir dvidir pdfdir psdir \ - libdir localedir mandir -do - eval ac_val=\$$ac_var - # Remove trailing slashes. - case $ac_val in - */ ) - ac_val=`expr "X$ac_val" : 'X\(.*[^/]\)' \| "X$ac_val" : 'X\(.*\)'` - eval $ac_var=\$ac_val;; - esac - # Be sure to have absolute directory names. - case $ac_val in - [\\/$]* | ?:[\\/]* ) continue;; - NONE | '' ) case $ac_var in *prefix ) continue;; esac;; - esac - as_fn_error $? "expected an absolute directory name for --$ac_var: $ac_val" -done - -# There might be people who depend on the old broken behavior: `$host' -# used to hold the argument of --host etc. -# FIXME: To remove some day. -build=$build_alias -host=$host_alias -target=$target_alias - -# FIXME: To remove some day. -if test "x$host_alias" != x; then - if test "x$build_alias" = x; then - cross_compiling=maybe - elif test "x$build_alias" != "x$host_alias"; then - cross_compiling=yes - fi -fi - -ac_tool_prefix= -test -n "$host_alias" && ac_tool_prefix=$host_alias- - -test "$silent" = yes && exec 6>/dev/null - - -ac_pwd=`pwd` && test -n "$ac_pwd" && -ac_ls_di=`ls -di .` && -ac_pwd_ls_di=`cd "$ac_pwd" && ls -di .` || - as_fn_error $? "working directory cannot be determined" -test "X$ac_ls_di" = "X$ac_pwd_ls_di" || - as_fn_error $? "pwd does not report name of working directory" - - -# Find the source files, if location was not specified. -if test -z "$srcdir"; then - ac_srcdir_defaulted=yes - # Try the directory containing this script, then the parent directory. - ac_confdir=`$as_dirname -- "$as_myself" || -$as_expr X"$as_myself" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ - X"$as_myself" : 'X\(//\)[^/]' \| \ - X"$as_myself" : 'X\(//\)$' \| \ - X"$as_myself" : 'X\(/\)' \| . 2>/dev/null || -$as_echo X"$as_myself" | - sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ - s//\1/ - q - } - /^X\(\/\/\)[^/].*/{ - s//\1/ - q - } - /^X\(\/\/\)$/{ - s//\1/ - q - } - /^X\(\/\).*/{ - s//\1/ - q - } - s/.*/./; q'` - srcdir=$ac_confdir - if test ! -r "$srcdir/$ac_unique_file"; then - srcdir=.. - fi -else - ac_srcdir_defaulted=no -fi -if test ! -r "$srcdir/$ac_unique_file"; then - test "$ac_srcdir_defaulted" = yes && srcdir="$ac_confdir or .." - as_fn_error $? "cannot find sources ($ac_unique_file) in $srcdir" -fi -ac_msg="sources are in $srcdir, but \`cd $srcdir' does not work" -ac_abs_confdir=`( - cd "$srcdir" && test -r "./$ac_unique_file" || as_fn_error $? "$ac_msg" - pwd)` -# When building in place, set srcdir=. -if test "$ac_abs_confdir" = "$ac_pwd"; then - srcdir=. -fi -# Remove unnecessary trailing slashes from srcdir. -# Double slashes in file names in object file debugging info -# mess up M-x gdb in Emacs. -case $srcdir in -*/) srcdir=`expr "X$srcdir" : 'X\(.*[^/]\)' \| "X$srcdir" : 'X\(.*\)'`;; -esac -for ac_var in $ac_precious_vars; do - eval ac_env_${ac_var}_set=\${${ac_var}+set} - eval ac_env_${ac_var}_value=\$${ac_var} - eval ac_cv_env_${ac_var}_set=\${${ac_var}+set} - eval ac_cv_env_${ac_var}_value=\$${ac_var} -done - -# -# Report the --help message. -# -if test "$ac_init_help" = "long"; then - # Omit some internal or obsolete options to make the list less imposing. - # This message is too long to be a string in the A/UX 3.1 sh. - cat <<_ACEOF -\`configure' configures unbound 1.6.3 to adapt to many kinds of systems. - -Usage: $0 [OPTION]... [VAR=VALUE]... - -To assign environment variables (e.g., CC, CFLAGS...), specify them as -VAR=VALUE. See below for descriptions of some of the useful variables. - -Defaults for the options are specified in brackets. - -Configuration: - -h, --help display this help and exit - --help=short display options specific to this package - --help=recursive display the short help of all the included packages - -V, --version display version information and exit - -q, --quiet, --silent do not print \`checking ...' messages - --cache-file=FILE cache test results in FILE [disabled] - -C, --config-cache alias for \`--cache-file=config.cache' - -n, --no-create do not create output files - --srcdir=DIR find the sources in DIR [configure dir or \`..'] - -Installation directories: - --prefix=PREFIX install architecture-independent files in PREFIX - [$ac_default_prefix] - --exec-prefix=EPREFIX install architecture-dependent files in EPREFIX - [PREFIX] - -By default, \`make install' will install all the files in -\`$ac_default_prefix/bin', \`$ac_default_prefix/lib' etc. You can specify -an installation prefix other than \`$ac_default_prefix' using \`--prefix', -for instance \`--prefix=\$HOME'. - -For better control, use the options below. - -Fine tuning of the installation directories: - --bindir=DIR user executables [EPREFIX/bin] - --sbindir=DIR system admin executables [EPREFIX/sbin] - --libexecdir=DIR program executables [EPREFIX/libexec] - --sysconfdir=DIR read-only single-machine data [PREFIX/etc] - --sharedstatedir=DIR modifiable architecture-independent data [PREFIX/com] - --localstatedir=DIR modifiable single-machine data [PREFIX/var] - --libdir=DIR object code libraries [EPREFIX/lib] - --includedir=DIR C header files [PREFIX/include] - --oldincludedir=DIR C header files for non-gcc [/usr/include] - --datarootdir=DIR read-only arch.-independent data root [PREFIX/share] - --datadir=DIR read-only architecture-independent data [DATAROOTDIR] - --infodir=DIR info documentation [DATAROOTDIR/info] - --localedir=DIR locale-dependent data [DATAROOTDIR/locale] - --mandir=DIR man documentation [DATAROOTDIR/man] - --docdir=DIR documentation root [DATAROOTDIR/doc/unbound] - --htmldir=DIR html documentation [DOCDIR] - --dvidir=DIR dvi documentation [DOCDIR] - --pdfdir=DIR pdf documentation [DOCDIR] - --psdir=DIR ps documentation [DOCDIR] -_ACEOF - - cat <<\_ACEOF - -System types: - --build=BUILD configure for building on BUILD [guessed] - --host=HOST cross-compile to build programs to run on HOST [BUILD] -_ACEOF -fi - -if test -n "$ac_init_help"; then - case $ac_init_help in - short | recursive ) echo "Configuration of unbound 1.6.3:";; - esac - cat <<\_ACEOF - -Optional Features: - --disable-option-checking ignore unrecognized --enable/--with options - --disable-FEATURE do not include FEATURE (same as --enable-FEATURE=no) - --enable-FEATURE[=ARG] include FEATURE [ARG=yes] - --enable-checking Enable warnings, asserts, makefile-dependencies - --enable-debug same as enable-checking - --disable-flto Disable link-time optimization (gcc specific option) - --enable-pie Enable Position-Independent Executable (eg. to fully - benefit from ASLR, small performance penalty) - --enable-relro-now Enable full relocation binding at load-time (RELRO - NOW, to protect GOT and .dtor areas) - --enable-shared[=PKGS] build shared libraries [default=yes] - --enable-static[=PKGS] build static libraries [default=yes] - --enable-fast-install[=PKGS] - optimize for fast installation [default=yes] - --disable-libtool-lock avoid locking (might break parallel builds) - --disable-rpath disable hardcoded rpath (default=enabled) - --disable-largefile omit support for large files - --enable-alloc-checks enable to memory allocation statistics, for debug - purposes - --enable-alloc-lite enable for lightweight alloc assertions, for debug - purposes - --enable-alloc-nonregional - enable nonregional allocs, slow but exposes regional - allocations to other memory purifiers, for debug - purposes - --disable-sha1 Disable SHA1 RRSIG support, does not disable nsec3 - support - --disable-sha2 Disable SHA256 and SHA512 RRSIG support - --enable-subnet Enable client subnet - --disable-gost Disable GOST support - --disable-ecdsa Disable ECDSA support - --disable-dsa Disable DSA support - --enable-event-api Enable (experimental) pluggable event base - libunbound API installed to unbound-event.h - --enable-tfo-client Enable TCP Fast Open for client mode - --enable-tfo-server Enable TCP Fast Open for server mode - --enable-static-exe enable to compile executables statically against - (event) libs, for debug purposes - --enable-systemd compile with systemd support - --enable-lock-checks enable to check lock and unlock calls, for debug - purposes - --enable-allsymbols export all symbols from libunbound and link binaries - to it, smaller install size but libunbound export - table is polluted by internal symbols - --enable-dnstap Enable dnstap support (requires fstrm, protobuf-c) - --enable-dnscrypt Enable dnscrypt support (requires libsodium) - --enable-cachedb enable cachedb module that can use external cache - storage - -Optional Packages: - --with-PACKAGE[=ARG] use PACKAGE [ARG=yes] - --without-PACKAGE do not use PACKAGE (same as --with-PACKAGE=no) - --with-conf-file=path Pathname to the Unbound configuration file - --with-run-dir=path set default directory to chdir to (by default dir - part of cfg file) - --with-chroot-dir=path set default directory to chroot to (by default same - as run-dir) - --with-share-dir=path set default directory with shared data (by default - same as share/unbound) - --with-pidfile=filename set default pathname to unbound pidfile (default - run-dir/unbound.pid) - --with-rootkey-file=filename - set default pathname to root key file (default - run-dir/root.key). This file is read and written. - --with-rootcert-file=filename - set default pathname to root update certificate file - (default run-dir/icannbundle.pem). This file need - not exist if you are content with the builtin. - --with-username=user set default user that unbound changes to (default - user is unbound) - --with-pic[=PKGS] try to use only PIC/non-PIC objects [default=use - both] - --with-aix-soname=aix|svr4|both - shared library versioning (aka "SONAME") variant to - provide on AIX, [default=aix]. - --with-gnu-ld assume the C compiler uses GNU ld [default=no] - --with-sysroot[=DIR] Search for dependent libraries within DIR (or the - compiler's sysroot if not specified). - --with-pthreads use pthreads library, or --without-pthreads to - disable threading support. - --with-solaris-threads use solaris native thread library. - --with-pyunbound build PyUnbound, or --without-pyunbound to skip it. - (default=no) - --with-pythonmodule build Python module, or --without-pythonmodule to - disable script engine. (default=no) - --with-nss=path use libnss instead of openssl, installed at path. - --with-nettle=path use libnettle as crypto library, installed at path. - --with-ssl=pathname enable SSL (will check /usr/local/ssl /usr/lib/ssl - /usr/ssl /usr/pkg /usr/local /opt/local /usr/sfw - /usr) - --with-libevent=pathname - use libevent (will check /usr/local /opt/local - /usr/lib /usr/pkg /usr/sfw /usr or you can specify - an explicit path). Slower, but allows use of large - outgoing port ranges. - --with-libexpat=path specify explicit path for libexpat. - --with-dnstap-socket-path=pathname - set default dnstap socket path - --with-protobuf-c=path Path where protobuf-c is installed, for dnstap - --with-libfstrm=path Path where libfstrm is installed, for dnstap - --with-libsodium=path Path where libsodium is installed, for dnscrypt - --with-libunbound-only do not build daemon and tool programs - -Some influential environment variables: - CC C compiler command - CFLAGS C compiler flags - LDFLAGS linker flags, e.g. -L if you have libraries in a - nonstandard directory - LIBS libraries to pass to the linker, e.g. -l - CPPFLAGS (Objective) C/C++ preprocessor flags, e.g. -I if - you have headers in a nonstandard directory - CPP C preprocessor - YACC The `Yet Another Compiler Compiler' implementation to use. - Defaults to the first program found out of: `bison -y', `byacc', - `yacc'. - YFLAGS The list of arguments that will be passed by default to $YACC. - This script will default YFLAGS to the empty string to avoid a - default value of `-d' given by some make applications. - LT_SYS_LIBRARY_PATH - User-defined run-time library search path. - PYTHON_VERSION - The installed Python version to use, for example '2.3'. This - string will be appended to the Python interpreter canonical - name. - PKG_CONFIG path to pkg-config utility - PKG_CONFIG_PATH - directories to add to pkg-config's search path - PKG_CONFIG_LIBDIR - path overriding pkg-config's built-in search path - SYSTEMD_CFLAGS - C compiler flags for SYSTEMD, overriding pkg-config - SYSTEMD_LIBS - linker flags for SYSTEMD, overriding pkg-config - SYSTEMD_DAEMON_CFLAGS - C compiler flags for SYSTEMD_DAEMON, overriding pkg-config - SYSTEMD_DAEMON_LIBS - linker flags for SYSTEMD_DAEMON, overriding pkg-config - -Use these variables to override the choices made by `configure' or to help -it to find libraries and programs with nonstandard names/locations. - -Report bugs to . -_ACEOF -ac_status=$? -fi - -if test "$ac_init_help" = "recursive"; then - # If there are subdirs, report their specific --help. - for ac_dir in : $ac_subdirs_all; do test "x$ac_dir" = x: && continue - test -d "$ac_dir" || - { cd "$srcdir" && ac_pwd=`pwd` && srcdir=. && test -d "$ac_dir"; } || - continue - ac_builddir=. - -case "$ac_dir" in -.) ac_dir_suffix= ac_top_builddir_sub=. ac_top_build_prefix= ;; -*) - ac_dir_suffix=/`$as_echo "$ac_dir" | sed 's|^\.[\\/]||'` - # A ".." for each directory in $ac_dir_suffix. - ac_top_builddir_sub=`$as_echo "$ac_dir_suffix" | sed 's|/[^\\/]*|/..|g;s|/||'` - case $ac_top_builddir_sub in - "") ac_top_builddir_sub=. ac_top_build_prefix= ;; - *) ac_top_build_prefix=$ac_top_builddir_sub/ ;; - esac ;; -esac -ac_abs_top_builddir=$ac_pwd -ac_abs_builddir=$ac_pwd$ac_dir_suffix -# for backward compatibility: -ac_top_builddir=$ac_top_build_prefix - -case $srcdir in - .) # We are building in place. - ac_srcdir=. - ac_top_srcdir=$ac_top_builddir_sub - ac_abs_top_srcdir=$ac_pwd ;; - [\\/]* | ?:[\\/]* ) # Absolute name. - ac_srcdir=$srcdir$ac_dir_suffix; - ac_top_srcdir=$srcdir - ac_abs_top_srcdir=$srcdir ;; - *) # Relative name. - ac_srcdir=$ac_top_build_prefix$srcdir$ac_dir_suffix - ac_top_srcdir=$ac_top_build_prefix$srcdir - ac_abs_top_srcdir=$ac_pwd/$srcdir ;; -esac -ac_abs_srcdir=$ac_abs_top_srcdir$ac_dir_suffix - - cd "$ac_dir" || { ac_status=$?; continue; } - # Check for guested configure. - if test -f "$ac_srcdir/configure.gnu"; then - echo && - $SHELL "$ac_srcdir/configure.gnu" --help=recursive - elif test -f "$ac_srcdir/configure"; then - echo && - $SHELL "$ac_srcdir/configure" --help=recursive - else - $as_echo "$as_me: WARNING: no configuration information is in $ac_dir" >&2 - fi || ac_status=$? - cd "$ac_pwd" || { ac_status=$?; break; } - done -fi - -test -n "$ac_init_help" && exit $ac_status -if $ac_init_version; then - cat <<\_ACEOF -unbound configure 1.6.3 -generated by GNU Autoconf 2.69 - -Copyright (C) 2012 Free Software Foundation, Inc. -This configure script is free software; the Free Software Foundation -gives unlimited permission to copy, distribute and modify it. -_ACEOF - exit -fi - -## ------------------------ ## -## Autoconf initialization. ## -## ------------------------ ## - -# ac_fn_c_try_compile LINENO -# -------------------------- -# Try to compile conftest.$ac_ext, and return whether this succeeded. -ac_fn_c_try_compile () -{ - as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack - rm -f conftest.$ac_objext - if { { ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" -$as_echo "$ac_try_echo"; } >&5 - (eval "$ac_compile") 2>conftest.err - ac_status=$? - if test -s conftest.err; then - grep -v '^ *+' conftest.err >conftest.er1 - cat conftest.er1 >&5 - mv -f conftest.er1 conftest.err - fi - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 - test $ac_status = 0; } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then : - ac_retval=0 -else - $as_echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_retval=1 -fi - eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno - as_fn_set_status $ac_retval - -} # ac_fn_c_try_compile - -# ac_fn_c_try_cpp LINENO -# ---------------------- -# Try to preprocess conftest.$ac_ext, and return whether this succeeded. -ac_fn_c_try_cpp () -{ - as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack - if { { ac_try="$ac_cpp conftest.$ac_ext" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" -$as_echo "$ac_try_echo"; } >&5 - (eval "$ac_cpp conftest.$ac_ext") 2>conftest.err - ac_status=$? - if test -s conftest.err; then - grep -v '^ *+' conftest.err >conftest.er1 - cat conftest.er1 >&5 - mv -f conftest.er1 conftest.err - fi - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 - test $ac_status = 0; } > conftest.i && { - test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" || - test ! -s conftest.err - }; then : - ac_retval=0 -else - $as_echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_retval=1 -fi - eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno - as_fn_set_status $ac_retval - -} # ac_fn_c_try_cpp - -# ac_fn_c_check_header_mongrel LINENO HEADER VAR INCLUDES -# ------------------------------------------------------- -# Tests whether HEADER exists, giving a warning if it cannot be compiled using -# the include files in INCLUDES and setting the cache variable VAR -# accordingly. -ac_fn_c_check_header_mongrel () -{ - as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack - if eval \${$3+:} false; then : - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2" >&5 -$as_echo_n "checking for $2... " >&6; } -if eval \${$3+:} false; then : - $as_echo_n "(cached) " >&6 -fi -eval ac_res=\$$3 - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 -$as_echo "$ac_res" >&6; } -else - # Is the header compilable? -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking $2 usability" >&5 -$as_echo_n "checking $2 usability... " >&6; } -cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -$4 -#include <$2> -_ACEOF -if ac_fn_c_try_compile "$LINENO"; then : - ac_header_compiler=yes -else - ac_header_compiler=no -fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_header_compiler" >&5 -$as_echo "$ac_header_compiler" >&6; } - -# Is the header present? -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking $2 presence" >&5 -$as_echo_n "checking $2 presence... " >&6; } -cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -#include <$2> -_ACEOF -if ac_fn_c_try_cpp "$LINENO"; then : - ac_header_preproc=yes -else - ac_header_preproc=no -fi -rm -f conftest.err conftest.i conftest.$ac_ext -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_header_preproc" >&5 -$as_echo "$ac_header_preproc" >&6; } - -# So? What about this header? -case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in #(( - yes:no: ) - { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: accepted by the compiler, rejected by the preprocessor!" >&5 -$as_echo "$as_me: WARNING: $2: accepted by the compiler, rejected by the preprocessor!" >&2;} - { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: proceeding with the compiler's result" >&5 -$as_echo "$as_me: WARNING: $2: proceeding with the compiler's result" >&2;} - ;; - no:yes:* ) - { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: present but cannot be compiled" >&5 -$as_echo "$as_me: WARNING: $2: present but cannot be compiled" >&2;} - { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: check for missing prerequisite headers?" >&5 -$as_echo "$as_me: WARNING: $2: check for missing prerequisite headers?" >&2;} - { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: see the Autoconf documentation" >&5 -$as_echo "$as_me: WARNING: $2: see the Autoconf documentation" >&2;} - { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: section \"Present But Cannot Be Compiled\"" >&5 -$as_echo "$as_me: WARNING: $2: section \"Present But Cannot Be Compiled\"" >&2;} - { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: proceeding with the compiler's result" >&5 -$as_echo "$as_me: WARNING: $2: proceeding with the compiler's result" >&2;} -( $as_echo "## ---------------------------------------- ## -## Report this to unbound-bugs@nlnetlabs.nl ## -## ---------------------------------------- ##" - ) | sed "s/^/$as_me: WARNING: /" >&2 - ;; -esac - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2" >&5 -$as_echo_n "checking for $2... " >&6; } -if eval \${$3+:} false; then : - $as_echo_n "(cached) " >&6 -else - eval "$3=\$ac_header_compiler" -fi -eval ac_res=\$$3 - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 -$as_echo "$ac_res" >&6; } -fi - eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno - -} # ac_fn_c_check_header_mongrel - -# ac_fn_c_try_run LINENO -# ---------------------- -# Try to link conftest.$ac_ext, and return whether this succeeded. Assumes -# that executables *can* be run. -ac_fn_c_try_run () -{ - as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack - if { { ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" -$as_echo "$ac_try_echo"; } >&5 - (eval "$ac_link") 2>&5 - ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 - test $ac_status = 0; } && { ac_try='./conftest$ac_exeext' - { { case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" -$as_echo "$ac_try_echo"; } >&5 - (eval "$ac_try") 2>&5 - ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 - test $ac_status = 0; }; }; then : - ac_retval=0 -else - $as_echo "$as_me: program exited with status $ac_status" >&5 - $as_echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_retval=$ac_status -fi - rm -rf conftest.dSYM conftest_ipa8_conftest.oo - eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno - as_fn_set_status $ac_retval - -} # ac_fn_c_try_run - -# ac_fn_c_check_header_compile LINENO HEADER VAR INCLUDES -# ------------------------------------------------------- -# Tests whether HEADER exists and can be compiled using the include files in -# INCLUDES, setting the cache variable VAR accordingly. -ac_fn_c_check_header_compile () -{ - as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2" >&5 -$as_echo_n "checking for $2... " >&6; } -if eval \${$3+:} false; then : - $as_echo_n "(cached) " >&6 -else - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -$4 -#include <$2> -_ACEOF -if ac_fn_c_try_compile "$LINENO"; then : - eval "$3=yes" -else - eval "$3=no" -fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -fi -eval ac_res=\$$3 - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 -$as_echo "$ac_res" >&6; } - eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno - -} # ac_fn_c_check_header_compile - -# ac_fn_c_try_link LINENO -# ----------------------- -# Try to link conftest.$ac_ext, and return whether this succeeded. -ac_fn_c_try_link () -{ - as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack - rm -f conftest.$ac_objext conftest$ac_exeext - if { { ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" -$as_echo "$ac_try_echo"; } >&5 - (eval "$ac_link") 2>conftest.err - ac_status=$? - if test -s conftest.err; then - grep -v '^ *+' conftest.err >conftest.er1 - cat conftest.er1 >&5 - mv -f conftest.er1 conftest.err - fi - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 - test $ac_status = 0; } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && { - test "$cross_compiling" = yes || - test -x conftest$ac_exeext - }; then : - ac_retval=0 -else - $as_echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_retval=1 -fi - # Delete the IPA/IPO (Inter Procedural Analysis/Optimization) information - # created by the PGI compiler (conftest_ipa8_conftest.oo), as it would - # interfere with the next link command; also delete a directory that is - # left behind by Apple's compiler. We do this before executing the actions. - rm -rf conftest.dSYM conftest_ipa8_conftest.oo - eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno - as_fn_set_status $ac_retval - -} # ac_fn_c_try_link - -# ac_fn_c_check_func LINENO FUNC VAR -# ---------------------------------- -# Tests whether FUNC exists, setting the cache variable VAR accordingly -ac_fn_c_check_func () -{ - as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2" >&5 -$as_echo_n "checking for $2... " >&6; } -if eval \${$3+:} false; then : - $as_echo_n "(cached) " >&6 -else - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -/* Define $2 to an innocuous variant, in case declares $2. - For example, HP-UX 11i declares gettimeofday. */ -#define $2 innocuous_$2 - -/* System header to define __stub macros and hopefully few prototypes, - which can conflict with char $2 (); below. - Prefer to if __STDC__ is defined, since - exists even on freestanding compilers. */ - -#ifdef __STDC__ -# include -#else -# include -#endif - -#undef $2 - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char $2 (); -/* The GNU C library defines this for functions which it implements - to always fail with ENOSYS. Some functions are actually named - something starting with __ and the normal name is an alias. */ -#if defined __stub_$2 || defined __stub___$2 -choke me -#endif - -int -main () -{ -return $2 (); - ; - return 0; -} -_ACEOF -if ac_fn_c_try_link "$LINENO"; then : - eval "$3=yes" -else - eval "$3=no" -fi -rm -f core conftest.err conftest.$ac_objext \ - conftest$ac_exeext conftest.$ac_ext -fi -eval ac_res=\$$3 - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 -$as_echo "$ac_res" >&6; } - eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno - -} # ac_fn_c_check_func - -# ac_fn_c_check_type LINENO TYPE VAR INCLUDES -# ------------------------------------------- -# Tests whether TYPE exists after having included INCLUDES, setting cache -# variable VAR accordingly. -ac_fn_c_check_type () -{ - as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2" >&5 -$as_echo_n "checking for $2... " >&6; } -if eval \${$3+:} false; then : - $as_echo_n "(cached) " >&6 -else - eval "$3=no" - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -$4 -int -main () -{ -if (sizeof ($2)) - return 0; - ; - return 0; -} -_ACEOF -if ac_fn_c_try_compile "$LINENO"; then : - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -$4 -int -main () -{ -if (sizeof (($2))) - return 0; - ; - return 0; -} -_ACEOF -if ac_fn_c_try_compile "$LINENO"; then : - -else - eval "$3=yes" -fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -fi -eval ac_res=\$$3 - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 -$as_echo "$ac_res" >&6; } - eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno - -} # ac_fn_c_check_type - -# ac_fn_c_compute_int LINENO EXPR VAR INCLUDES -# -------------------------------------------- -# Tries to find the compile-time value of EXPR in a program that includes -# INCLUDES, setting VAR accordingly. Returns whether the value could be -# computed -ac_fn_c_compute_int () -{ - as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack - if test "$cross_compiling" = yes; then - # Depending upon the size, compute the lo and hi bounds. -cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -$4 -int -main () -{ -static int test_array [1 - 2 * !(($2) >= 0)]; -test_array [0] = 0; -return test_array [0]; - - ; - return 0; -} -_ACEOF -if ac_fn_c_try_compile "$LINENO"; then : - ac_lo=0 ac_mid=0 - while :; do - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -$4 -int -main () -{ -static int test_array [1 - 2 * !(($2) <= $ac_mid)]; -test_array [0] = 0; -return test_array [0]; - - ; - return 0; -} -_ACEOF -if ac_fn_c_try_compile "$LINENO"; then : - ac_hi=$ac_mid; break -else - as_fn_arith $ac_mid + 1 && ac_lo=$as_val - if test $ac_lo -le $ac_mid; then - ac_lo= ac_hi= - break - fi - as_fn_arith 2 '*' $ac_mid + 1 && ac_mid=$as_val -fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext - done -else - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -$4 -int -main () -{ -static int test_array [1 - 2 * !(($2) < 0)]; -test_array [0] = 0; -return test_array [0]; - - ; - return 0; -} -_ACEOF -if ac_fn_c_try_compile "$LINENO"; then : - ac_hi=-1 ac_mid=-1 - while :; do - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -$4 -int -main () -{ -static int test_array [1 - 2 * !(($2) >= $ac_mid)]; -test_array [0] = 0; -return test_array [0]; - - ; - return 0; -} -_ACEOF -if ac_fn_c_try_compile "$LINENO"; then : - ac_lo=$ac_mid; break -else - as_fn_arith '(' $ac_mid ')' - 1 && ac_hi=$as_val - if test $ac_mid -le $ac_hi; then - ac_lo= ac_hi= - break - fi - as_fn_arith 2 '*' $ac_mid && ac_mid=$as_val -fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext - done -else - ac_lo= ac_hi= -fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -# Binary search between lo and hi bounds. -while test "x$ac_lo" != "x$ac_hi"; do - as_fn_arith '(' $ac_hi - $ac_lo ')' / 2 + $ac_lo && ac_mid=$as_val - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -$4 -int -main () -{ -static int test_array [1 - 2 * !(($2) <= $ac_mid)]; -test_array [0] = 0; -return test_array [0]; - - ; - return 0; -} -_ACEOF -if ac_fn_c_try_compile "$LINENO"; then : - ac_hi=$ac_mid -else - as_fn_arith '(' $ac_mid ')' + 1 && ac_lo=$as_val -fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -done -case $ac_lo in #(( -?*) eval "$3=\$ac_lo"; ac_retval=0 ;; -'') ac_retval=1 ;; -esac - else - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -$4 -static long int longval () { return $2; } -static unsigned long int ulongval () { return $2; } -#include -#include -int -main () -{ - - FILE *f = fopen ("conftest.val", "w"); - if (! f) - return 1; - if (($2) < 0) - { - long int i = longval (); - if (i != ($2)) - return 1; - fprintf (f, "%ld", i); - } - else - { - unsigned long int i = ulongval (); - if (i != ($2)) - return 1; - fprintf (f, "%lu", i); - } - /* Do not output a trailing newline, as this causes \r\n confusion - on some platforms. */ - return ferror (f) || fclose (f) != 0; - - ; - return 0; -} -_ACEOF -if ac_fn_c_try_run "$LINENO"; then : - echo >>conftest.val; read $3 &5 -$as_echo_n "checking whether $as_decl_name is declared... " >&6; } -if eval \${$3+:} false; then : - $as_echo_n "(cached) " >&6 -else - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -$4 -int -main () -{ -#ifndef $as_decl_name -#ifdef __cplusplus - (void) $as_decl_use; -#else - (void) $as_decl_name; -#endif -#endif - - ; - return 0; -} -_ACEOF -if ac_fn_c_try_compile "$LINENO"; then : - eval "$3=yes" -else - eval "$3=no" -fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -fi -eval ac_res=\$$3 - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 -$as_echo "$ac_res" >&6; } - eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno - -} # ac_fn_c_check_decl - -# ac_fn_c_check_member LINENO AGGR MEMBER VAR INCLUDES -# ---------------------------------------------------- -# Tries to find if the field MEMBER exists in type AGGR, after including -# INCLUDES, setting cache variable VAR accordingly. -ac_fn_c_check_member () -{ - as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2.$3" >&5 -$as_echo_n "checking for $2.$3... " >&6; } -if eval \${$4+:} false; then : - $as_echo_n "(cached) " >&6 -else - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -$5 -int -main () -{ -static $2 ac_aggr; -if (ac_aggr.$3) -return 0; - ; - return 0; -} -_ACEOF -if ac_fn_c_try_compile "$LINENO"; then : - eval "$4=yes" -else - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -$5 -int -main () -{ -static $2 ac_aggr; -if (sizeof ac_aggr.$3) -return 0; - ; - return 0; -} -_ACEOF -if ac_fn_c_try_compile "$LINENO"; then : - eval "$4=yes" -else - eval "$4=no" -fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -fi -eval ac_res=\$$4 - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 -$as_echo "$ac_res" >&6; } - eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno - -} # ac_fn_c_check_member -cat >config.log <<_ACEOF -This file contains any messages produced by compilers while -running configure, to aid debugging if configure makes a mistake. - -It was created by unbound $as_me 1.6.3, which was -generated by GNU Autoconf 2.69. Invocation command line was - - $ $0 $@ - -_ACEOF -exec 5>>config.log -{ -cat <<_ASUNAME -## --------- ## -## Platform. ## -## --------- ## - -hostname = `(hostname || uname -n) 2>/dev/null | sed 1q` -uname -m = `(uname -m) 2>/dev/null || echo unknown` -uname -r = `(uname -r) 2>/dev/null || echo unknown` -uname -s = `(uname -s) 2>/dev/null || echo unknown` -uname -v = `(uname -v) 2>/dev/null || echo unknown` - -/usr/bin/uname -p = `(/usr/bin/uname -p) 2>/dev/null || echo unknown` -/bin/uname -X = `(/bin/uname -X) 2>/dev/null || echo unknown` - -/bin/arch = `(/bin/arch) 2>/dev/null || echo unknown` -/usr/bin/arch -k = `(/usr/bin/arch -k) 2>/dev/null || echo unknown` -/usr/convex/getsysinfo = `(/usr/convex/getsysinfo) 2>/dev/null || echo unknown` -/usr/bin/hostinfo = `(/usr/bin/hostinfo) 2>/dev/null || echo unknown` -/bin/machine = `(/bin/machine) 2>/dev/null || echo unknown` -/usr/bin/oslevel = `(/usr/bin/oslevel) 2>/dev/null || echo unknown` -/bin/universe = `(/bin/universe) 2>/dev/null || echo unknown` - -_ASUNAME - -as_save_IFS=$IFS; IFS=$PATH_SEPARATOR -for as_dir in $PATH -do - IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. - $as_echo "PATH: $as_dir" - done -IFS=$as_save_IFS - -} >&5 - -cat >&5 <<_ACEOF - - -## ----------- ## -## Core tests. ## -## ----------- ## - -_ACEOF - - -# Keep a trace of the command line. -# Strip out --no-create and --no-recursion so they do not pile up. -# Strip out --silent because we don't want to record it for future runs. -# Also quote any args containing shell meta-characters. -# Make two passes to allow for proper duplicate-argument suppression. -ac_configure_args= -ac_configure_args0= -ac_configure_args1= -ac_must_keep_next=false -for ac_pass in 1 2 -do - for ac_arg - do - case $ac_arg in - -no-create | --no-c* | -n | -no-recursion | --no-r*) continue ;; - -q | -quiet | --quiet | --quie | --qui | --qu | --q \ - | -silent | --silent | --silen | --sile | --sil) - continue ;; - *\'*) - ac_arg=`$as_echo "$ac_arg" | sed "s/'/'\\\\\\\\''/g"` ;; - esac - case $ac_pass in - 1) as_fn_append ac_configure_args0 " '$ac_arg'" ;; - 2) - as_fn_append ac_configure_args1 " '$ac_arg'" - if test $ac_must_keep_next = true; then - ac_must_keep_next=false # Got value, back to normal. - else - case $ac_arg in - *=* | --config-cache | -C | -disable-* | --disable-* \ - | -enable-* | --enable-* | -gas | --g* | -nfp | --nf* \ - | -q | -quiet | --q* | -silent | --sil* | -v | -verb* \ - | -with-* | --with-* | -without-* | --without-* | --x) - case "$ac_configure_args0 " in - "$ac_configure_args1"*" '$ac_arg' "* ) continue ;; - esac - ;; - -* ) ac_must_keep_next=true ;; - esac - fi - as_fn_append ac_configure_args " '$ac_arg'" - ;; - esac - done -done -{ ac_configure_args0=; unset ac_configure_args0;} -{ ac_configure_args1=; unset ac_configure_args1;} - -# When interrupted or exit'd, cleanup temporary files, and complete -# config.log. We remove comments because anyway the quotes in there -# would cause problems or look ugly. -# WARNING: Use '\'' to represent an apostrophe within the trap. -# WARNING: Do not start the trap code with a newline, due to a FreeBSD 4.0 bug. -trap 'exit_status=$? - # Save into config.log some information that might help in debugging. - { - echo - - $as_echo "## ---------------- ## -## Cache variables. ## -## ---------------- ##" - echo - # The following way of writing the cache mishandles newlines in values, -( - for ac_var in `(set) 2>&1 | sed -n '\''s/^\([a-zA-Z_][a-zA-Z0-9_]*\)=.*/\1/p'\''`; do - eval ac_val=\$$ac_var - case $ac_val in #( - *${as_nl}*) - case $ac_var in #( - *_cv_*) { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cache variable $ac_var contains a newline" >&5 -$as_echo "$as_me: WARNING: cache variable $ac_var contains a newline" >&2;} ;; - esac - case $ac_var in #( - _ | IFS | as_nl) ;; #( - BASH_ARGV | BASH_SOURCE) eval $ac_var= ;; #( - *) { eval $ac_var=; unset $ac_var;} ;; - esac ;; - esac - done - (set) 2>&1 | - case $as_nl`(ac_space='\'' '\''; set) 2>&1` in #( - *${as_nl}ac_space=\ *) - sed -n \ - "s/'\''/'\''\\\\'\'''\''/g; - s/^\\([_$as_cr_alnum]*_cv_[_$as_cr_alnum]*\\)=\\(.*\\)/\\1='\''\\2'\''/p" - ;; #( - *) - sed -n "/^[_$as_cr_alnum]*_cv_[_$as_cr_alnum]*=/p" - ;; - esac | - sort -) - echo - - $as_echo "## ----------------- ## -## Output variables. ## -## ----------------- ##" - echo - for ac_var in $ac_subst_vars - do - eval ac_val=\$$ac_var - case $ac_val in - *\'\''*) ac_val=`$as_echo "$ac_val" | sed "s/'\''/'\''\\\\\\\\'\'''\''/g"`;; - esac - $as_echo "$ac_var='\''$ac_val'\''" - done | sort - echo - - if test -n "$ac_subst_files"; then - $as_echo "## ------------------- ## -## File substitutions. ## -## ------------------- ##" - echo - for ac_var in $ac_subst_files - do - eval ac_val=\$$ac_var - case $ac_val in - *\'\''*) ac_val=`$as_echo "$ac_val" | sed "s/'\''/'\''\\\\\\\\'\'''\''/g"`;; - esac - $as_echo "$ac_var='\''$ac_val'\''" - done | sort - echo - fi - - if test -s confdefs.h; then - $as_echo "## ----------- ## -## confdefs.h. ## -## ----------- ##" - echo - cat confdefs.h - echo - fi - test "$ac_signal" != 0 && - $as_echo "$as_me: caught signal $ac_signal" - $as_echo "$as_me: exit $exit_status" - } >&5 - rm -f core *.core core.conftest.* && - rm -f -r conftest* confdefs* conf$$* $ac_clean_files && - exit $exit_status -' 0 -for ac_signal in 1 2 13 15; do - trap 'ac_signal='$ac_signal'; as_fn_exit 1' $ac_signal -done -ac_signal=0 - -# confdefs.h avoids OS command line length limits that DEFS can exceed. -rm -f -r conftest* confdefs.h - -$as_echo "/* confdefs.h */" > confdefs.h - -# Predefined preprocessor variables. - -cat >>confdefs.h <<_ACEOF -#define PACKAGE_NAME "$PACKAGE_NAME" -_ACEOF - -cat >>confdefs.h <<_ACEOF -#define PACKAGE_TARNAME "$PACKAGE_TARNAME" -_ACEOF - -cat >>confdefs.h <<_ACEOF -#define PACKAGE_VERSION "$PACKAGE_VERSION" -_ACEOF - -cat >>confdefs.h <<_ACEOF -#define PACKAGE_STRING "$PACKAGE_STRING" -_ACEOF - -cat >>confdefs.h <<_ACEOF -#define PACKAGE_BUGREPORT "$PACKAGE_BUGREPORT" -_ACEOF - -cat >>confdefs.h <<_ACEOF -#define PACKAGE_URL "$PACKAGE_URL" -_ACEOF - - -# Let the site file select an alternate cache file if it wants to. -# Prefer an explicitly selected file to automatically selected ones. -ac_site_file1=NONE -ac_site_file2=NONE -if test -n "$CONFIG_SITE"; then - # We do not want a PATH search for config.site. - case $CONFIG_SITE in #(( - -*) ac_site_file1=./$CONFIG_SITE;; - */*) ac_site_file1=$CONFIG_SITE;; - *) ac_site_file1=./$CONFIG_SITE;; - esac -elif test "x$prefix" != xNONE; then - ac_site_file1=$prefix/share/config.site - ac_site_file2=$prefix/etc/config.site -else - ac_site_file1=$ac_default_prefix/share/config.site - ac_site_file2=$ac_default_prefix/etc/config.site -fi -for ac_site_file in "$ac_site_file1" "$ac_site_file2" -do - test "x$ac_site_file" = xNONE && continue - if test /dev/null != "$ac_site_file" && test -r "$ac_site_file"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: loading site script $ac_site_file" >&5 -$as_echo "$as_me: loading site script $ac_site_file" >&6;} - sed 's/^/| /' "$ac_site_file" >&5 - . "$ac_site_file" \ - || { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 -$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} -as_fn_error $? "failed to load site script $ac_site_file -See \`config.log' for more details" "$LINENO" 5; } - fi -done - -if test -r "$cache_file"; then - # Some versions of bash will fail to source /dev/null (special files - # actually), so we avoid doing that. DJGPP emulates it as a regular file. - if test /dev/null != "$cache_file" && test -f "$cache_file"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: loading cache $cache_file" >&5 -$as_echo "$as_me: loading cache $cache_file" >&6;} - case $cache_file in - [\\/]* | ?:[\\/]* ) . "$cache_file";; - *) . "./$cache_file";; - esac - fi -else - { $as_echo "$as_me:${as_lineno-$LINENO}: creating cache $cache_file" >&5 -$as_echo "$as_me: creating cache $cache_file" >&6;} - >$cache_file -fi - -# Check that the precious variables saved in the cache have kept the same -# value. -ac_cache_corrupted=false -for ac_var in $ac_precious_vars; do - eval ac_old_set=\$ac_cv_env_${ac_var}_set - eval ac_new_set=\$ac_env_${ac_var}_set - eval ac_old_val=\$ac_cv_env_${ac_var}_value - eval ac_new_val=\$ac_env_${ac_var}_value - case $ac_old_set,$ac_new_set in - set,) - { $as_echo "$as_me:${as_lineno-$LINENO}: error: \`$ac_var' was set to \`$ac_old_val' in the previous run" >&5 -$as_echo "$as_me: error: \`$ac_var' was set to \`$ac_old_val' in the previous run" >&2;} - ac_cache_corrupted=: ;; - ,set) - { $as_echo "$as_me:${as_lineno-$LINENO}: error: \`$ac_var' was not set in the previous run" >&5 -$as_echo "$as_me: error: \`$ac_var' was not set in the previous run" >&2;} - ac_cache_corrupted=: ;; - ,);; - *) - if test "x$ac_old_val" != "x$ac_new_val"; then - # differences in whitespace do not lead to failure. - ac_old_val_w=`echo x $ac_old_val` - ac_new_val_w=`echo x $ac_new_val` - if test "$ac_old_val_w" != "$ac_new_val_w"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: error: \`$ac_var' has changed since the previous run:" >&5 -$as_echo "$as_me: error: \`$ac_var' has changed since the previous run:" >&2;} - ac_cache_corrupted=: - else - { $as_echo "$as_me:${as_lineno-$LINENO}: warning: ignoring whitespace changes in \`$ac_var' since the previous run:" >&5 -$as_echo "$as_me: warning: ignoring whitespace changes in \`$ac_var' since the previous run:" >&2;} - eval $ac_var=\$ac_old_val - fi - { $as_echo "$as_me:${as_lineno-$LINENO}: former value: \`$ac_old_val'" >&5 -$as_echo "$as_me: former value: \`$ac_old_val'" >&2;} - { $as_echo "$as_me:${as_lineno-$LINENO}: current value: \`$ac_new_val'" >&5 -$as_echo "$as_me: current value: \`$ac_new_val'" >&2;} - fi;; - esac - # Pass precious variables to config.status. - if test "$ac_new_set" = set; then - case $ac_new_val in - *\'*) ac_arg=$ac_var=`$as_echo "$ac_new_val" | sed "s/'/'\\\\\\\\''/g"` ;; - *) ac_arg=$ac_var=$ac_new_val ;; - esac - case " $ac_configure_args " in - *" '$ac_arg' "*) ;; # Avoid dups. Use of quotes ensures accuracy. - *) as_fn_append ac_configure_args " '$ac_arg'" ;; - esac - fi -done -if $ac_cache_corrupted; then - { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 -$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} - { $as_echo "$as_me:${as_lineno-$LINENO}: error: changes in the environment can compromise the build" >&5 -$as_echo "$as_me: error: changes in the environment can compromise the build" >&2;} - as_fn_error $? "run \`make distclean' and/or \`rm $cache_file' and start over" "$LINENO" 5 -fi -## -------------------- ## -## Main body of script. ## -## -------------------- ## - -ac_ext=c -ac_cpp='$CPP $CPPFLAGS' -ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' -ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' -ac_compiler_gnu=$ac_cv_c_compiler_gnu - - -UNBOUND_VERSION_MAJOR=1 - -UNBOUND_VERSION_MINOR=6 - -UNBOUND_VERSION_MICRO=3 - - -LIBUNBOUND_CURRENT=7 -LIBUNBOUND_REVISION=2 -LIBUNBOUND_AGE=5 -# 1.0.0 had 0:12:0 -# 1.0.1 had 0:13:0 -# 1.0.2 had 0:14:0 -# 1.1.0 had 0:15:0 -# 1.1.1 had 0:16:0 -# 1.2.0 had 0:17:0 -# 1.2.1 had 0:18:0 -# 1.3.0 had 1:0:0 # ub_cancel and -export-symbols. -# 1.3.1 had 1:1:0 -# 1.3.2 had 1:2:0 -# 1.3.3 had 1:3:0 -# 1.3.4 had 1:4:0 -# 1.4.0-snapshots had 1:5:0 -# 1.4.0 had 1:5:0 (not 2:0:0) # ub_result.why_bogus -# 1.4.1 had 2:1:0 -# 1.4.2 had 2:2:0 -# 1.4.3 had 2:3:0 -# 1.4.4 had 2:4:0 -# 1.4.5 had 2:5:0 -# 1.4.6 had 2:6:0 -# 1.4.7 had 2:7:0 -# 1.4.8 had 2:8:0 -# 1.4.9 had 2:9:0 -# 1.4.10 had 2:10:0 -# 1.4.11 had 2:11:0 -# 1.4.12 had 2:12:0 -# 1.4.13 had 2:13:0 -# and 1.4.13p1 and 1.4.13.p2 -# 1.4.14 had 2:14:0 -# 1.4.15 had 3:0:1 # adds ub_version() -# 1.4.16 had 3:1:1 -# 1.4.17 had 3:2:1 -# 1.4.18 had 3:3:1 -# 1.4.19 had 3:4:1 -# 1.4.20 had 4:0:2 # adds libunbound.ttl # but shipped 3:5:1 -# 1.4.21 had 4:1:2 -# 1.4.22 had 4:1:2 -# 1.5.0 had 5:3:3 # adds ub_ctx_add_ta_autr -# 1.5.1 had 5:3:3 -# 1.5.2 had 5:5:3 -# 1.5.3 had 5:6:3 -# 1.5.4 had 5:7:3 -# 1.5.5 had 5:8:3 -# 1.5.6 had 5:9:3 -# 1.5.7 had 5:10:3 -# 1.5.8 had 6:0:4 # adds ub_ctx_set_stub -# 1.5.9 had 6:1:4 -# 1.5.10 had 6:2:4 -# 1.6.0 had 6:3:4 -# 1.6.1 had 7:0:5 # ub_callback_t typedef renamed to ub_callback_type -# 1.6.2 had 7:1:5 -# 1.6.3 had 7:2:5 - -# Current -- the number of the binary API that we're implementing -# Revision -- which iteration of the implementation of the binary -# API are we supplying? -# Age -- How many previous binary API versions do we also -# support? -# -# If we release a new version that does not change the binary API, -# increment Revision. -# -# If we release a new version that changes the binary API, but does -# not break programs compiled against the old binary API, increment -# Current and Age. Set Revision to 0, since this is the first -# implementation of the new API. -# -# Otherwise, we're changing the binary API and breaking bakward -# compatibility with old binaries. Increment Current. Set Age to 0, -# since we're backward compatible with no previous APIs. Set Revision -# to 0 too. - - - - -CFLAGS="$CFLAGS" -ac_ext=c -ac_cpp='$CPP $CPPFLAGS' -ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' -ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' -ac_compiler_gnu=$ac_cv_c_compiler_gnu -if test -n "$ac_tool_prefix"; then - # Extract the first word of "${ac_tool_prefix}gcc", so it can be a program name with args. -set dummy ${ac_tool_prefix}gcc; ac_word=$2 -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 -$as_echo_n "checking for $ac_word... " >&6; } -if ${ac_cv_prog_CC+:} false; then : - $as_echo_n "(cached) " >&6 -else - if test -n "$CC"; then - ac_cv_prog_CC="$CC" # Let the user override the test. -else -as_save_IFS=$IFS; IFS=$PATH_SEPARATOR -for as_dir in $PATH -do - IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. - for ac_exec_ext in '' $ac_executable_extensions; do - if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then - ac_cv_prog_CC="${ac_tool_prefix}gcc" - $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 - break 2 - fi -done - done -IFS=$as_save_IFS - -fi -fi -CC=$ac_cv_prog_CC -if test -n "$CC"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CC" >&5 -$as_echo "$CC" >&6; } -else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } -fi - - -fi -if test -z "$ac_cv_prog_CC"; then - ac_ct_CC=$CC - # Extract the first word of "gcc", so it can be a program name with args. -set dummy gcc; ac_word=$2 -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 -$as_echo_n "checking for $ac_word... " >&6; } -if ${ac_cv_prog_ac_ct_CC+:} false; then : - $as_echo_n "(cached) " >&6 -else - if test -n "$ac_ct_CC"; then - ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test. -else -as_save_IFS=$IFS; IFS=$PATH_SEPARATOR -for as_dir in $PATH -do - IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. - for ac_exec_ext in '' $ac_executable_extensions; do - if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then - ac_cv_prog_ac_ct_CC="gcc" - $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 - break 2 - fi -done - done -IFS=$as_save_IFS - -fi -fi -ac_ct_CC=$ac_cv_prog_ac_ct_CC -if test -n "$ac_ct_CC"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_CC" >&5 -$as_echo "$ac_ct_CC" >&6; } -else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } -fi - - if test "x$ac_ct_CC" = x; then - CC="" - else - case $cross_compiling:$ac_tool_warned in -yes:) -{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 -$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} -ac_tool_warned=yes ;; -esac - CC=$ac_ct_CC - fi -else - CC="$ac_cv_prog_CC" -fi - -if test -z "$CC"; then - if test -n "$ac_tool_prefix"; then - # Extract the first word of "${ac_tool_prefix}cc", so it can be a program name with args. -set dummy ${ac_tool_prefix}cc; ac_word=$2 -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 -$as_echo_n "checking for $ac_word... " >&6; } -if ${ac_cv_prog_CC+:} false; then : - $as_echo_n "(cached) " >&6 -else - if test -n "$CC"; then - ac_cv_prog_CC="$CC" # Let the user override the test. -else -as_save_IFS=$IFS; IFS=$PATH_SEPARATOR -for as_dir in $PATH -do - IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. - for ac_exec_ext in '' $ac_executable_extensions; do - if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then - ac_cv_prog_CC="${ac_tool_prefix}cc" - $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 - break 2 - fi -done - done -IFS=$as_save_IFS - -fi -fi -CC=$ac_cv_prog_CC -if test -n "$CC"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CC" >&5 -$as_echo "$CC" >&6; } -else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } -fi - - - fi -fi -if test -z "$CC"; then - # Extract the first word of "cc", so it can be a program name with args. -set dummy cc; ac_word=$2 -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 -$as_echo_n "checking for $ac_word... " >&6; } -if ${ac_cv_prog_CC+:} false; then : - $as_echo_n "(cached) " >&6 -else - if test -n "$CC"; then - ac_cv_prog_CC="$CC" # Let the user override the test. -else - ac_prog_rejected=no -as_save_IFS=$IFS; IFS=$PATH_SEPARATOR -for as_dir in $PATH -do - IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. - for ac_exec_ext in '' $ac_executable_extensions; do - if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then - if test "$as_dir/$ac_word$ac_exec_ext" = "/usr/ucb/cc"; then - ac_prog_rejected=yes - continue - fi - ac_cv_prog_CC="cc" - $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 - break 2 - fi -done - done -IFS=$as_save_IFS - -if test $ac_prog_rejected = yes; then - # We found a bogon in the path, so make sure we never use it. - set dummy $ac_cv_prog_CC - shift - if test $# != 0; then - # We chose a different compiler from the bogus one. - # However, it has the same basename, so the bogon will be chosen - # first if we set CC to just the basename; use the full file name. - shift - ac_cv_prog_CC="$as_dir/$ac_word${1+' '}$@" - fi -fi -fi -fi -CC=$ac_cv_prog_CC -if test -n "$CC"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CC" >&5 -$as_echo "$CC" >&6; } -else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } -fi - - -fi -if test -z "$CC"; then - if test -n "$ac_tool_prefix"; then - for ac_prog in cl.exe - do - # Extract the first word of "$ac_tool_prefix$ac_prog", so it can be a program name with args. -set dummy $ac_tool_prefix$ac_prog; ac_word=$2 -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 -$as_echo_n "checking for $ac_word... " >&6; } -if ${ac_cv_prog_CC+:} false; then : - $as_echo_n "(cached) " >&6 -else - if test -n "$CC"; then - ac_cv_prog_CC="$CC" # Let the user override the test. -else -as_save_IFS=$IFS; IFS=$PATH_SEPARATOR -for as_dir in $PATH -do - IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. - for ac_exec_ext in '' $ac_executable_extensions; do - if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then - ac_cv_prog_CC="$ac_tool_prefix$ac_prog" - $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 - break 2 - fi -done - done -IFS=$as_save_IFS - -fi -fi -CC=$ac_cv_prog_CC -if test -n "$CC"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CC" >&5 -$as_echo "$CC" >&6; } -else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } -fi - - - test -n "$CC" && break - done -fi -if test -z "$CC"; then - ac_ct_CC=$CC - for ac_prog in cl.exe -do - # Extract the first word of "$ac_prog", so it can be a program name with args. -set dummy $ac_prog; ac_word=$2 -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 -$as_echo_n "checking for $ac_word... " >&6; } -if ${ac_cv_prog_ac_ct_CC+:} false; then : - $as_echo_n "(cached) " >&6 -else - if test -n "$ac_ct_CC"; then - ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test. -else -as_save_IFS=$IFS; IFS=$PATH_SEPARATOR -for as_dir in $PATH -do - IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. - for ac_exec_ext in '' $ac_executable_extensions; do - if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then - ac_cv_prog_ac_ct_CC="$ac_prog" - $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 - break 2 - fi -done - done -IFS=$as_save_IFS - -fi -fi -ac_ct_CC=$ac_cv_prog_ac_ct_CC -if test -n "$ac_ct_CC"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_CC" >&5 -$as_echo "$ac_ct_CC" >&6; } -else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } -fi - - - test -n "$ac_ct_CC" && break -done - - if test "x$ac_ct_CC" = x; then - CC="" - else - case $cross_compiling:$ac_tool_warned in -yes:) -{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 -$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} -ac_tool_warned=yes ;; -esac - CC=$ac_ct_CC - fi -fi - -fi - - -test -z "$CC" && { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 -$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} -as_fn_error $? "no acceptable C compiler found in \$PATH -See \`config.log' for more details" "$LINENO" 5; } - -# Provide some information about the compiler. -$as_echo "$as_me:${as_lineno-$LINENO}: checking for C compiler version" >&5 -set X $ac_compile -ac_compiler=$2 -for ac_option in --version -v -V -qversion; do - { { ac_try="$ac_compiler $ac_option >&5" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" -$as_echo "$ac_try_echo"; } >&5 - (eval "$ac_compiler $ac_option >&5") 2>conftest.err - ac_status=$? - if test -s conftest.err; then - sed '10a\ -... rest of stderr output deleted ... - 10q' conftest.err >conftest.er1 - cat conftest.er1 >&5 - fi - rm -f conftest.er1 conftest.err - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 - test $ac_status = 0; } -done - -cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - -int -main () -{ - - ; - return 0; -} -_ACEOF -ac_clean_files_save=$ac_clean_files -ac_clean_files="$ac_clean_files a.out a.out.dSYM a.exe b.out" -# Try to create an executable without -o first, disregard a.out. -# It will help us diagnose broken compilers, and finding out an intuition -# of exeext. -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether the C compiler works" >&5 -$as_echo_n "checking whether the C compiler works... " >&6; } -ac_link_default=`$as_echo "$ac_link" | sed 's/ -o *conftest[^ ]*//'` - -# The possible output files: -ac_files="a.out conftest.exe conftest a.exe a_out.exe b.out conftest.*" - -ac_rmfiles= -for ac_file in $ac_files -do - case $ac_file in - *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM | *.o | *.obj ) ;; - * ) ac_rmfiles="$ac_rmfiles $ac_file";; - esac -done -rm -f $ac_rmfiles - -if { { ac_try="$ac_link_default" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" -$as_echo "$ac_try_echo"; } >&5 - (eval "$ac_link_default") 2>&5 - ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 - test $ac_status = 0; }; then : - # Autoconf-2.13 could set the ac_cv_exeext variable to `no'. -# So ignore a value of `no', otherwise this would lead to `EXEEXT = no' -# in a Makefile. We should not override ac_cv_exeext if it was cached, -# so that the user can short-circuit this test for compilers unknown to -# Autoconf. -for ac_file in $ac_files '' -do - test -f "$ac_file" || continue - case $ac_file in - *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM | *.o | *.obj ) - ;; - [ab].out ) - # We found the default executable, but exeext='' is most - # certainly right. - break;; - *.* ) - if test "${ac_cv_exeext+set}" = set && test "$ac_cv_exeext" != no; - then :; else - ac_cv_exeext=`expr "$ac_file" : '[^.]*\(\..*\)'` - fi - # We set ac_cv_exeext here because the later test for it is not - # safe: cross compilers may not add the suffix if given an `-o' - # argument, so we may need to know it at that point already. - # Even if this section looks crufty: it has the advantage of - # actually working. - break;; - * ) - break;; - esac -done -test "$ac_cv_exeext" = no && ac_cv_exeext= - -else - ac_file='' -fi -if test -z "$ac_file"; then : - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } -$as_echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - -{ { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 -$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} -as_fn_error 77 "C compiler cannot create executables -See \`config.log' for more details" "$LINENO" 5; } -else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 -$as_echo "yes" >&6; } -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for C compiler default output file name" >&5 -$as_echo_n "checking for C compiler default output file name... " >&6; } -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_file" >&5 -$as_echo "$ac_file" >&6; } -ac_exeext=$ac_cv_exeext - -rm -f -r a.out a.out.dSYM a.exe conftest$ac_cv_exeext b.out -ac_clean_files=$ac_clean_files_save -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for suffix of executables" >&5 -$as_echo_n "checking for suffix of executables... " >&6; } -if { { ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" -$as_echo "$ac_try_echo"; } >&5 - (eval "$ac_link") 2>&5 - ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 - test $ac_status = 0; }; then : - # If both `conftest.exe' and `conftest' are `present' (well, observable) -# catch `conftest.exe'. For instance with Cygwin, `ls conftest' will -# work properly (i.e., refer to `conftest.exe'), while it won't with -# `rm'. -for ac_file in conftest.exe conftest conftest.*; do - test -f "$ac_file" || continue - case $ac_file in - *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM | *.o | *.obj ) ;; - *.* ) ac_cv_exeext=`expr "$ac_file" : '[^.]*\(\..*\)'` - break;; - * ) break;; - esac -done -else - { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 -$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} -as_fn_error $? "cannot compute suffix of executables: cannot compile and link -See \`config.log' for more details" "$LINENO" 5; } -fi -rm -f conftest conftest$ac_cv_exeext -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_exeext" >&5 -$as_echo "$ac_cv_exeext" >&6; } - -rm -f conftest.$ac_ext -EXEEXT=$ac_cv_exeext -ac_exeext=$EXEEXT -cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -#include -int -main () -{ -FILE *f = fopen ("conftest.out", "w"); - return ferror (f) || fclose (f) != 0; - - ; - return 0; -} -_ACEOF -ac_clean_files="$ac_clean_files conftest.out" -# Check that the compiler produces executables we can run. If not, either -# the compiler is broken, or we cross compile. -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether we are cross compiling" >&5 -$as_echo_n "checking whether we are cross compiling... " >&6; } -if test "$cross_compiling" != yes; then - { { ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" -$as_echo "$ac_try_echo"; } >&5 - (eval "$ac_link") 2>&5 - ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 - test $ac_status = 0; } - if { ac_try='./conftest$ac_cv_exeext' - { { case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" -$as_echo "$ac_try_echo"; } >&5 - (eval "$ac_try") 2>&5 - ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 - test $ac_status = 0; }; }; then - cross_compiling=no - else - if test "$cross_compiling" = maybe; then - cross_compiling=yes - else - { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 -$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} -as_fn_error $? "cannot run C compiled programs. -If you meant to cross compile, use \`--host'. -See \`config.log' for more details" "$LINENO" 5; } - fi - fi -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $cross_compiling" >&5 -$as_echo "$cross_compiling" >&6; } - -rm -f conftest.$ac_ext conftest$ac_cv_exeext conftest.out -ac_clean_files=$ac_clean_files_save -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for suffix of object files" >&5 -$as_echo_n "checking for suffix of object files... " >&6; } -if ${ac_cv_objext+:} false; then : - $as_echo_n "(cached) " >&6 -else - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - -int -main () -{ - - ; - return 0; -} -_ACEOF -rm -f conftest.o conftest.obj -if { { ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" -$as_echo "$ac_try_echo"; } >&5 - (eval "$ac_compile") 2>&5 - ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 - test $ac_status = 0; }; then : - for ac_file in conftest.o conftest.obj conftest.*; do - test -f "$ac_file" || continue; - case $ac_file in - *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM ) ;; - *) ac_cv_objext=`expr "$ac_file" : '.*\.\(.*\)'` - break;; - esac -done -else - $as_echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - -{ { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 -$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} -as_fn_error $? "cannot compute suffix of object files: cannot compile -See \`config.log' for more details" "$LINENO" 5; } -fi -rm -f conftest.$ac_cv_objext conftest.$ac_ext -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_objext" >&5 -$as_echo "$ac_cv_objext" >&6; } -OBJEXT=$ac_cv_objext -ac_objext=$OBJEXT -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether we are using the GNU C compiler" >&5 -$as_echo_n "checking whether we are using the GNU C compiler... " >&6; } -if ${ac_cv_c_compiler_gnu+:} false; then : - $as_echo_n "(cached) " >&6 -else - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - -int -main () -{ -#ifndef __GNUC__ - choke me -#endif - - ; - return 0; -} -_ACEOF -if ac_fn_c_try_compile "$LINENO"; then : - ac_compiler_gnu=yes -else - ac_compiler_gnu=no -fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -ac_cv_c_compiler_gnu=$ac_compiler_gnu - -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_c_compiler_gnu" >&5 -$as_echo "$ac_cv_c_compiler_gnu" >&6; } -if test $ac_compiler_gnu = yes; then - GCC=yes -else - GCC= -fi -ac_test_CFLAGS=${CFLAGS+set} -ac_save_CFLAGS=$CFLAGS -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether $CC accepts -g" >&5 -$as_echo_n "checking whether $CC accepts -g... " >&6; } -if ${ac_cv_prog_cc_g+:} false; then : - $as_echo_n "(cached) " >&6 -else - ac_save_c_werror_flag=$ac_c_werror_flag - ac_c_werror_flag=yes - ac_cv_prog_cc_g=no - CFLAGS="-g" - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - -int -main () -{ - - ; - return 0; -} -_ACEOF -if ac_fn_c_try_compile "$LINENO"; then : - ac_cv_prog_cc_g=yes -else - CFLAGS="" - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - -int -main () -{ - - ; - return 0; -} -_ACEOF -if ac_fn_c_try_compile "$LINENO"; then : - -else - ac_c_werror_flag=$ac_save_c_werror_flag - CFLAGS="-g" - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - -int -main () -{ - - ; - return 0; -} -_ACEOF -if ac_fn_c_try_compile "$LINENO"; then : - ac_cv_prog_cc_g=yes -fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext - ac_c_werror_flag=$ac_save_c_werror_flag -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cc_g" >&5 -$as_echo "$ac_cv_prog_cc_g" >&6; } -if test "$ac_test_CFLAGS" = set; then - CFLAGS=$ac_save_CFLAGS -elif test $ac_cv_prog_cc_g = yes; then - if test "$GCC" = yes; then - CFLAGS="-g -O2" - else - CFLAGS="-g" - fi -else - if test "$GCC" = yes; then - CFLAGS="-O2" - else - CFLAGS= - fi -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $CC option to accept ISO C89" >&5 -$as_echo_n "checking for $CC option to accept ISO C89... " >&6; } -if ${ac_cv_prog_cc_c89+:} false; then : - $as_echo_n "(cached) " >&6 -else - ac_cv_prog_cc_c89=no -ac_save_CC=$CC -cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -#include -#include -struct stat; -/* Most of the following tests are stolen from RCS 5.7's src/conf.sh. */ -struct buf { int x; }; -FILE * (*rcsopen) (struct buf *, struct stat *, int); -static char *e (p, i) - char **p; - int i; -{ - return p[i]; -} -static char *f (char * (*g) (char **, int), char **p, ...) -{ - char *s; - va_list v; - va_start (v,p); - s = g (p, va_arg (v,int)); - va_end (v); - return s; -} - -/* OSF 4.0 Compaq cc is some sort of almost-ANSI by default. It has - function prototypes and stuff, but not '\xHH' hex character constants. - These don't provoke an error unfortunately, instead are silently treated - as 'x'. The following induces an error, until -std is added to get - proper ANSI mode. Curiously '\x00'!='x' always comes out true, for an - array size at least. It's necessary to write '\x00'==0 to get something - that's true only with -std. */ -int osf4_cc_array ['\x00' == 0 ? 1 : -1]; - -/* IBM C 6 for AIX is almost-ANSI by default, but it replaces macro parameters - inside strings and character constants. */ -#define FOO(x) 'x' -int xlc6_cc_array[FOO(a) == 'x' ? 1 : -1]; - -int test (int i, double x); -struct s1 {int (*f) (int a);}; -struct s2 {int (*f) (double a);}; -int pairnames (int, char **, FILE *(*)(struct buf *, struct stat *, int), int, int); -int argc; -char **argv; -int -main () -{ -return f (e, argv, 0) != argv[0] || f (e, argv, 1) != argv[1]; - ; - return 0; -} -_ACEOF -for ac_arg in '' -qlanglvl=extc89 -qlanglvl=ansi -std \ - -Ae "-Aa -D_HPUX_SOURCE" "-Xc -D__EXTENSIONS__" -do - CC="$ac_save_CC $ac_arg" - if ac_fn_c_try_compile "$LINENO"; then : - ac_cv_prog_cc_c89=$ac_arg -fi -rm -f core conftest.err conftest.$ac_objext - test "x$ac_cv_prog_cc_c89" != "xno" && break -done -rm -f conftest.$ac_ext -CC=$ac_save_CC - -fi -# AC_CACHE_VAL -case "x$ac_cv_prog_cc_c89" in - x) - { $as_echo "$as_me:${as_lineno-$LINENO}: result: none needed" >&5 -$as_echo "none needed" >&6; } ;; - xno) - { $as_echo "$as_me:${as_lineno-$LINENO}: result: unsupported" >&5 -$as_echo "unsupported" >&6; } ;; - *) - CC="$CC $ac_cv_prog_cc_c89" - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cc_c89" >&5 -$as_echo "$ac_cv_prog_cc_c89" >&6; } ;; -esac -if test "x$ac_cv_prog_cc_c89" != xno; then : - -fi - -ac_ext=c -ac_cpp='$CPP $CPPFLAGS' -ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' -ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' -ac_compiler_gnu=$ac_cv_c_compiler_gnu - - -ac_ext=c -ac_cpp='$CPP $CPPFLAGS' -ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' -ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' -ac_compiler_gnu=$ac_cv_c_compiler_gnu -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking how to run the C preprocessor" >&5 -$as_echo_n "checking how to run the C preprocessor... " >&6; } -# On Suns, sometimes $CPP names a directory. -if test -n "$CPP" && test -d "$CPP"; then - CPP= -fi -if test -z "$CPP"; then - if ${ac_cv_prog_CPP+:} false; then : - $as_echo_n "(cached) " >&6 -else - # Double quotes because CPP needs to be expanded - for CPP in "$CC -E" "$CC -E -traditional-cpp" "/lib/cpp" - do - ac_preproc_ok=false -for ac_c_preproc_warn_flag in '' yes -do - # Use a header file that comes with gcc, so configuring glibc - # with a fresh cross-compiler works. - # Prefer to if __STDC__ is defined, since - # exists even on freestanding compilers. - # On the NeXT, cc -E runs the code through the compiler's parser, - # not just through cpp. "Syntax error" is here to catch this case. - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -#ifdef __STDC__ -# include -#else -# include -#endif - Syntax error -_ACEOF -if ac_fn_c_try_cpp "$LINENO"; then : - -else - # Broken: fails on valid input. -continue -fi -rm -f conftest.err conftest.i conftest.$ac_ext - - # OK, works on sane cases. Now check whether nonexistent headers - # can be detected and how. - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -#include -_ACEOF -if ac_fn_c_try_cpp "$LINENO"; then : - # Broken: success on invalid input. -continue -else - # Passes both tests. -ac_preproc_ok=: -break -fi -rm -f conftest.err conftest.i conftest.$ac_ext - -done -# Because of `break', _AC_PREPROC_IFELSE's cleaning code was skipped. -rm -f conftest.i conftest.err conftest.$ac_ext -if $ac_preproc_ok; then : - break -fi - - done - ac_cv_prog_CPP=$CPP - -fi - CPP=$ac_cv_prog_CPP -else - ac_cv_prog_CPP=$CPP -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $CPP" >&5 -$as_echo "$CPP" >&6; } -ac_preproc_ok=false -for ac_c_preproc_warn_flag in '' yes -do - # Use a header file that comes with gcc, so configuring glibc - # with a fresh cross-compiler works. - # Prefer to if __STDC__ is defined, since - # exists even on freestanding compilers. - # On the NeXT, cc -E runs the code through the compiler's parser, - # not just through cpp. "Syntax error" is here to catch this case. - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -#ifdef __STDC__ -# include -#else -# include -#endif - Syntax error -_ACEOF -if ac_fn_c_try_cpp "$LINENO"; then : - -else - # Broken: fails on valid input. -continue -fi -rm -f conftest.err conftest.i conftest.$ac_ext - - # OK, works on sane cases. Now check whether nonexistent headers - # can be detected and how. - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -#include -_ACEOF -if ac_fn_c_try_cpp "$LINENO"; then : - # Broken: success on invalid input. -continue -else - # Passes both tests. -ac_preproc_ok=: -break -fi -rm -f conftest.err conftest.i conftest.$ac_ext - -done -# Because of `break', _AC_PREPROC_IFELSE's cleaning code was skipped. -rm -f conftest.i conftest.err conftest.$ac_ext -if $ac_preproc_ok; then : - -else - { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 -$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} -as_fn_error $? "C preprocessor \"$CPP\" fails sanity check -See \`config.log' for more details" "$LINENO" 5; } -fi - -ac_ext=c -ac_cpp='$CPP $CPPFLAGS' -ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' -ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' -ac_compiler_gnu=$ac_cv_c_compiler_gnu - - -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for grep that handles long lines and -e" >&5 -$as_echo_n "checking for grep that handles long lines and -e... " >&6; } -if ${ac_cv_path_GREP+:} false; then : - $as_echo_n "(cached) " >&6 -else - if test -z "$GREP"; then - ac_path_GREP_found=false - # Loop through the user's path and test for each of PROGNAME-LIST - as_save_IFS=$IFS; IFS=$PATH_SEPARATOR -for as_dir in $PATH$PATH_SEPARATOR/usr/xpg4/bin -do - IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. - for ac_prog in grep ggrep; do - for ac_exec_ext in '' $ac_executable_extensions; do - ac_path_GREP="$as_dir/$ac_prog$ac_exec_ext" - as_fn_executable_p "$ac_path_GREP" || continue -# Check for GNU ac_path_GREP and select it if it is found. - # Check for GNU $ac_path_GREP -case `"$ac_path_GREP" --version 2>&1` in -*GNU*) - ac_cv_path_GREP="$ac_path_GREP" ac_path_GREP_found=:;; -*) - ac_count=0 - $as_echo_n 0123456789 >"conftest.in" - while : - do - cat "conftest.in" "conftest.in" >"conftest.tmp" - mv "conftest.tmp" "conftest.in" - cp "conftest.in" "conftest.nl" - $as_echo 'GREP' >> "conftest.nl" - "$ac_path_GREP" -e 'GREP$' -e '-(cannot match)-' < "conftest.nl" >"conftest.out" 2>/dev/null || break - diff "conftest.out" "conftest.nl" >/dev/null 2>&1 || break - as_fn_arith $ac_count + 1 && ac_count=$as_val - if test $ac_count -gt ${ac_path_GREP_max-0}; then - # Best one so far, save it but keep looking for a better one - ac_cv_path_GREP="$ac_path_GREP" - ac_path_GREP_max=$ac_count - fi - # 10*(2^10) chars as input seems more than enough - test $ac_count -gt 10 && break - done - rm -f conftest.in conftest.tmp conftest.nl conftest.out;; -esac - - $ac_path_GREP_found && break 3 - done - done - done -IFS=$as_save_IFS - if test -z "$ac_cv_path_GREP"; then - as_fn_error $? "no acceptable grep could be found in $PATH$PATH_SEPARATOR/usr/xpg4/bin" "$LINENO" 5 - fi -else - ac_cv_path_GREP=$GREP -fi - -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_GREP" >&5 -$as_echo "$ac_cv_path_GREP" >&6; } - GREP="$ac_cv_path_GREP" - - -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for egrep" >&5 -$as_echo_n "checking for egrep... " >&6; } -if ${ac_cv_path_EGREP+:} false; then : - $as_echo_n "(cached) " >&6 -else - if echo a | $GREP -E '(a|b)' >/dev/null 2>&1 - then ac_cv_path_EGREP="$GREP -E" - else - if test -z "$EGREP"; then - ac_path_EGREP_found=false - # Loop through the user's path and test for each of PROGNAME-LIST - as_save_IFS=$IFS; IFS=$PATH_SEPARATOR -for as_dir in $PATH$PATH_SEPARATOR/usr/xpg4/bin -do - IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. - for ac_prog in egrep; do - for ac_exec_ext in '' $ac_executable_extensions; do - ac_path_EGREP="$as_dir/$ac_prog$ac_exec_ext" - as_fn_executable_p "$ac_path_EGREP" || continue -# Check for GNU ac_path_EGREP and select it if it is found. - # Check for GNU $ac_path_EGREP -case `"$ac_path_EGREP" --version 2>&1` in -*GNU*) - ac_cv_path_EGREP="$ac_path_EGREP" ac_path_EGREP_found=:;; -*) - ac_count=0 - $as_echo_n 0123456789 >"conftest.in" - while : - do - cat "conftest.in" "conftest.in" >"conftest.tmp" - mv "conftest.tmp" "conftest.in" - cp "conftest.in" "conftest.nl" - $as_echo 'EGREP' >> "conftest.nl" - "$ac_path_EGREP" 'EGREP$' < "conftest.nl" >"conftest.out" 2>/dev/null || break - diff "conftest.out" "conftest.nl" >/dev/null 2>&1 || break - as_fn_arith $ac_count + 1 && ac_count=$as_val - if test $ac_count -gt ${ac_path_EGREP_max-0}; then - # Best one so far, save it but keep looking for a better one - ac_cv_path_EGREP="$ac_path_EGREP" - ac_path_EGREP_max=$ac_count - fi - # 10*(2^10) chars as input seems more than enough - test $ac_count -gt 10 && break - done - rm -f conftest.in conftest.tmp conftest.nl conftest.out;; -esac - - $ac_path_EGREP_found && break 3 - done - done - done -IFS=$as_save_IFS - if test -z "$ac_cv_path_EGREP"; then - as_fn_error $? "no acceptable egrep could be found in $PATH$PATH_SEPARATOR/usr/xpg4/bin" "$LINENO" 5 - fi -else - ac_cv_path_EGREP=$EGREP -fi - - fi -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_EGREP" >&5 -$as_echo "$ac_cv_path_EGREP" >&6; } - EGREP="$ac_cv_path_EGREP" - - -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for ANSI C header files" >&5 -$as_echo_n "checking for ANSI C header files... " >&6; } -if ${ac_cv_header_stdc+:} false; then : - $as_echo_n "(cached) " >&6 -else - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -#include -#include -#include -#include - -int -main () -{ - - ; - return 0; -} -_ACEOF -if ac_fn_c_try_compile "$LINENO"; then : - ac_cv_header_stdc=yes -else - ac_cv_header_stdc=no -fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext - -if test $ac_cv_header_stdc = yes; then - # SunOS 4.x string.h does not declare mem*, contrary to ANSI. - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -#include - -_ACEOF -if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | - $EGREP "memchr" >/dev/null 2>&1; then : - -else - ac_cv_header_stdc=no -fi -rm -f conftest* - -fi - -if test $ac_cv_header_stdc = yes; then - # ISC 2.0.2 stdlib.h does not declare free, contrary to ANSI. - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -#include - -_ACEOF -if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | - $EGREP "free" >/dev/null 2>&1; then : - -else - ac_cv_header_stdc=no -fi -rm -f conftest* - -fi - -if test $ac_cv_header_stdc = yes; then - # /bin/cc in Irix-4.0.5 gets non-ANSI ctype macros unless using -ansi. - if test "$cross_compiling" = yes; then : - : -else - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -#include -#include -#if ((' ' & 0x0FF) == 0x020) -# define ISLOWER(c) ('a' <= (c) && (c) <= 'z') -# define TOUPPER(c) (ISLOWER(c) ? 'A' + ((c) - 'a') : (c)) -#else -# define ISLOWER(c) \ - (('a' <= (c) && (c) <= 'i') \ - || ('j' <= (c) && (c) <= 'r') \ - || ('s' <= (c) && (c) <= 'z')) -# define TOUPPER(c) (ISLOWER(c) ? ((c) | 0x40) : (c)) -#endif - -#define XOR(e, f) (((e) && !(f)) || (!(e) && (f))) -int -main () -{ - int i; - for (i = 0; i < 256; i++) - if (XOR (islower (i), ISLOWER (i)) - || toupper (i) != TOUPPER (i)) - return 2; - return 0; -} -_ACEOF -if ac_fn_c_try_run "$LINENO"; then : - -else - ac_cv_header_stdc=no -fi -rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ - conftest.$ac_objext conftest.beam conftest.$ac_ext -fi - -fi -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_header_stdc" >&5 -$as_echo "$ac_cv_header_stdc" >&6; } -if test $ac_cv_header_stdc = yes; then - -$as_echo "#define STDC_HEADERS 1" >>confdefs.h - -fi - -# On IRIX 5.3, sys/types and inttypes.h are conflicting. -for ac_header in sys/types.h sys/stat.h stdlib.h string.h memory.h strings.h \ - inttypes.h stdint.h unistd.h -do : - as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh` -ac_fn_c_check_header_compile "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default -" -if eval test \"x\$"$as_ac_Header"\" = x"yes"; then : - cat >>confdefs.h <<_ACEOF -#define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1 -_ACEOF - -fi - -done - - - - ac_fn_c_check_header_mongrel "$LINENO" "minix/config.h" "ac_cv_header_minix_config_h" "$ac_includes_default" -if test "x$ac_cv_header_minix_config_h" = xyes; then : - MINIX=yes -else - MINIX= -fi - - - if test "$MINIX" = yes; then - -$as_echo "#define _POSIX_SOURCE 1" >>confdefs.h - - -$as_echo "#define _POSIX_1_SOURCE 2" >>confdefs.h - - -$as_echo "#define _MINIX 1" >>confdefs.h - - fi - - - { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether it is safe to define __EXTENSIONS__" >&5 -$as_echo_n "checking whether it is safe to define __EXTENSIONS__... " >&6; } -if ${ac_cv_safe_to_define___extensions__+:} false; then : - $as_echo_n "(cached) " >&6 -else - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - -# define __EXTENSIONS__ 1 - $ac_includes_default -int -main () -{ - - ; - return 0; -} -_ACEOF -if ac_fn_c_try_compile "$LINENO"; then : - ac_cv_safe_to_define___extensions__=yes -else - ac_cv_safe_to_define___extensions__=no -fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_safe_to_define___extensions__" >&5 -$as_echo "$ac_cv_safe_to_define___extensions__" >&6; } - test $ac_cv_safe_to_define___extensions__ = yes && - $as_echo "#define __EXTENSIONS__ 1" >>confdefs.h - - $as_echo "#define _ALL_SOURCE 1" >>confdefs.h - - $as_echo "#define _GNU_SOURCE 1" >>confdefs.h - - $as_echo "#define _POSIX_PTHREAD_SEMANTICS 1" >>confdefs.h - - $as_echo "#define _TANDEM_SOURCE 1" >>confdefs.h - - - -if test "$ac_cv_header_minix_config_h" = "yes"; then - -$as_echo "#define _NETBSD_SOURCE 1" >>confdefs.h - -fi - -case "$prefix" in - NONE) - prefix="/usr/local" - ;; -esac - -# are we on MinGW? -if uname -s 2>&1 | grep MINGW32 >/dev/null; then on_mingw="yes" -else - if echo $host $target | grep mingw32 >/dev/null; then on_mingw="yes" - else on_mingw="no"; fi -fi - -# -# Determine configuration file -# the eval is to evaluate shell expansion twice -if test $on_mingw = "no"; then - ub_conf_file=`eval echo "${sysconfdir}/unbound/unbound.conf"` -else - ub_conf_file="C:\\Program Files\\Unbound\\service.conf" -fi - -# Check whether --with-conf_file was given. -if test "${with_conf_file+set}" = set; then : - withval=$with_conf_file; ub_conf_file="$withval" -fi - - -hdr_config="`echo $ub_conf_file | sed -e 's/\\\\/\\\\\\\\/g'`" - - -cat >>confdefs.h <<_ACEOF -#define CONFIGFILE "$hdr_config" -_ACEOF - -ub_conf_dir=`$as_dirname -- "$ub_conf_file" || -$as_expr X"$ub_conf_file" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ - X"$ub_conf_file" : 'X\(//\)[^/]' \| \ - X"$ub_conf_file" : 'X\(//\)$' \| \ - X"$ub_conf_file" : 'X\(/\)' \| . 2>/dev/null || -$as_echo X"$ub_conf_file" | - sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ - s//\1/ - q - } - /^X\(\/\/\)[^/].*/{ - s//\1/ - q - } - /^X\(\/\/\)$/{ - s//\1/ - q - } - /^X\(\/\).*/{ - s//\1/ - q - } - s/.*/./; q'` - - -# Determine run, chroot directory and pidfile locations - -# Check whether --with-run-dir was given. -if test "${with_run_dir+set}" = set; then : - withval=$with_run_dir; UNBOUND_RUN_DIR="$withval" -else - if test $on_mingw = no; then - UNBOUND_RUN_DIR=`dirname "$ub_conf_file"` -else - UNBOUND_RUN_DIR="" -fi - -fi - - -hdr_run="`echo $UNBOUND_RUN_DIR | sed -e 's/\\\\/\\\\\\\\/g'`" - - -cat >>confdefs.h <<_ACEOF -#define RUN_DIR "$hdr_run" -_ACEOF - - - -# Check whether --with-chroot-dir was given. -if test "${with_chroot_dir+set}" = set; then : - withval=$with_chroot_dir; UNBOUND_CHROOT_DIR="$withval" -else - if test $on_mingw = no; then - UNBOUND_CHROOT_DIR="$UNBOUND_RUN_DIR" -else - UNBOUND_CHROOT_DIR="" -fi - -fi - - -hdr_chroot="`echo $UNBOUND_CHROOT_DIR | sed -e 's/\\\\/\\\\\\\\/g'`" - - -cat >>confdefs.h <<_ACEOF -#define CHROOT_DIR "$hdr_chroot" -_ACEOF - - - -# Check whether --with-share-dir was given. -if test "${with_share_dir+set}" = set; then : - withval=$with_share_dir; UNBOUND_SHARE_DIR="$withval" -else - UNBOUND_SHARE_DIR="$UNBOUND_RUN_DIR" -fi - - - -cat >>confdefs.h <<_ACEOF -#define SHARE_DIR "$UNBOUND_SHARE_DIR" -_ACEOF - - - -# Check whether --with-pidfile was given. -if test "${with_pidfile+set}" = set; then : - withval=$with_pidfile; UNBOUND_PIDFILE="$withval" -else - if test $on_mingw = no; then - UNBOUND_PIDFILE="$UNBOUND_RUN_DIR/unbound.pid" -else - UNBOUND_PIDFILE="" -fi - -fi - - -hdr_pid="`echo $UNBOUND_PIDFILE | sed -e 's/\\\\/\\\\\\\\/g'`" - - -cat >>confdefs.h <<_ACEOF -#define PIDFILE "$hdr_pid" -_ACEOF - - - -# Check whether --with-rootkey-file was given. -if test "${with_rootkey_file+set}" = set; then : - withval=$with_rootkey_file; UNBOUND_ROOTKEY_FILE="$withval" -else - if test $on_mingw = no; then - UNBOUND_ROOTKEY_FILE="$UNBOUND_RUN_DIR/root.key" -else - UNBOUND_ROOTKEY_FILE="C:\\Program Files\\Unbound\\root.key" -fi - -fi - - -hdr_rkey="`echo $UNBOUND_ROOTKEY_FILE | sed -e 's/\\\\/\\\\\\\\/g'`" - - -cat >>confdefs.h <<_ACEOF -#define ROOT_ANCHOR_FILE "$hdr_rkey" -_ACEOF - - - -# Check whether --with-rootcert-file was given. -if test "${with_rootcert_file+set}" = set; then : - withval=$with_rootcert_file; UNBOUND_ROOTCERT_FILE="$withval" -else - if test $on_mingw = no; then - UNBOUND_ROOTCERT_FILE="$UNBOUND_RUN_DIR/icannbundle.pem" -else - UNBOUND_ROOTCERT_FILE="C:\\Program Files\\Unbound\\icannbundle.pem" -fi - -fi - - -hdr_rpem="`echo $UNBOUND_ROOTCERT_FILE | sed -e 's/\\\\/\\\\\\\\/g'`" - - -cat >>confdefs.h <<_ACEOF -#define ROOT_CERT_FILE "$hdr_rpem" -_ACEOF - - - -# Check whether --with-username was given. -if test "${with_username+set}" = set; then : - withval=$with_username; UNBOUND_USERNAME="$withval" -else - UNBOUND_USERNAME="unbound" -fi - - - -cat >>confdefs.h <<_ACEOF -#define UB_USERNAME "$UNBOUND_USERNAME" -_ACEOF - - - -$as_echo "#define WINVER 0x0502" >>confdefs.h - -wnvs=`echo $PACKAGE_VERSION | sed -e 's/^[^0-9]*\([0-9][0-9]*\)[^0-9][^0-9]*\([0-9][0-9]*\)[^0-9][^0-9]*\([0-9][0-9]*\)[^0-9][^0-9]*\([0-9][0-9]*\).*$/\1,\2,\3,\4/' -e 's/^[^0-9]*\([0-9][0-9]*\)[^0-9][^0-9]*\([0-9][0-9]*\)[^0-9][^0-9]*\([0-9][0-9]*\)[^0-9]*$/\1,\2,\3,0/' ` - - -cat >>confdefs.h <<_ACEOF -#define RSRC_PACKAGE_VERSION $wnvs -_ACEOF - - -# Checks for typedefs, structures, and compiler characteristics. -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for an ANSI C-conforming const" >&5 -$as_echo_n "checking for an ANSI C-conforming const... " >&6; } -if ${ac_cv_c_const+:} false; then : - $as_echo_n "(cached) " >&6 -else - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - -int -main () -{ - -#ifndef __cplusplus - /* Ultrix mips cc rejects this sort of thing. */ - typedef int charset[2]; - const charset cs = { 0, 0 }; - /* SunOS 4.1.1 cc rejects this. */ - char const *const *pcpcc; - char **ppc; - /* NEC SVR4.0.2 mips cc rejects this. */ - struct point {int x, y;}; - static struct point const zero = {0,0}; - /* AIX XL C 1.02.0.0 rejects this. - It does not let you subtract one const X* pointer from another in - an arm of an if-expression whose if-part is not a constant - expression */ - const char *g = "string"; - pcpcc = &g + (g ? g-g : 0); - /* HPUX 7.0 cc rejects these. */ - ++pcpcc; - ppc = (char**) pcpcc; - pcpcc = (char const *const *) ppc; - { /* SCO 3.2v4 cc rejects this sort of thing. */ - char tx; - char *t = &tx; - char const *s = 0 ? (char *) 0 : (char const *) 0; - - *t++ = 0; - if (s) return 0; - } - { /* Someone thinks the Sun supposedly-ANSI compiler will reject this. */ - int x[] = {25, 17}; - const int *foo = &x[0]; - ++foo; - } - { /* Sun SC1.0 ANSI compiler rejects this -- but not the above. */ - typedef const int *iptr; - iptr p = 0; - ++p; - } - { /* AIX XL C 1.02.0.0 rejects this sort of thing, saying - "k.c", line 2.27: 1506-025 (S) Operand must be a modifiable lvalue. */ - struct s { int j; const int *ap[3]; } bx; - struct s *b = &bx; b->j = 5; - } - { /* ULTRIX-32 V3.1 (Rev 9) vcc rejects this */ - const int foo = 10; - if (!foo) return 0; - } - return !cs[0] && !zero.x; -#endif - - ; - return 0; -} -_ACEOF -if ac_fn_c_try_compile "$LINENO"; then : - ac_cv_c_const=yes -else - ac_cv_c_const=no -fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_c_const" >&5 -$as_echo "$ac_cv_c_const" >&6; } -if test $ac_cv_c_const = no; then - -$as_echo "#define const /**/" >>confdefs.h - -fi - -ac_ext=c -ac_cpp='$CPP $CPPFLAGS' -ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' -ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' -ac_compiler_gnu=$ac_cv_c_compiler_gnu - -# allow user to override the -g -O2 flags. -if test "x$CFLAGS" = "x" ; then - - -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether $CC supports -g" >&5 -$as_echo_n "checking whether $CC supports -g... " >&6; } -cache=`echo g | sed 'y%.=/+-%___p_%'` -if eval \${cv_prog_cc_flag_$cache+:} false; then : - $as_echo_n "(cached) " >&6 -else - -echo 'void f(void){}' >conftest.c -if test -z "`$CC $CPPFLAGS $CFLAGS -g -c conftest.c 2>&1`"; then -eval "cv_prog_cc_flag_$cache=yes" -else -eval "cv_prog_cc_flag_$cache=no" -fi -rm -f conftest conftest.o conftest.c - -fi - -if eval "test \"`echo '$cv_prog_cc_flag_'$cache`\" = yes"; then -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 -$as_echo "yes" >&6; } -: -CFLAGS="$CFLAGS -g" -else -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } -: - -fi - - - -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether $CC supports -O2" >&5 -$as_echo_n "checking whether $CC supports -O2... " >&6; } -cache=`echo O2 | sed 'y%.=/+-%___p_%'` -if eval \${cv_prog_cc_flag_$cache+:} false; then : - $as_echo_n "(cached) " >&6 -else - -echo 'void f(void){}' >conftest.c -if test -z "`$CC $CPPFLAGS $CFLAGS -O2 -c conftest.c 2>&1`"; then -eval "cv_prog_cc_flag_$cache=yes" -else -eval "cv_prog_cc_flag_$cache=no" -fi -rm -f conftest conftest.o conftest.c - -fi - -if eval "test \"`echo '$cv_prog_cc_flag_'$cache`\" = yes"; then -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 -$as_echo "yes" >&6; } -: -CFLAGS="$CFLAGS -O2" -else -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } -: - -fi - -fi -ac_ext=c -ac_cpp='$CPP $CPPFLAGS' -ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' -ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' -ac_compiler_gnu=$ac_cv_c_compiler_gnu -if test -n "$ac_tool_prefix"; then - # Extract the first word of "${ac_tool_prefix}gcc", so it can be a program name with args. -set dummy ${ac_tool_prefix}gcc; ac_word=$2 -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 -$as_echo_n "checking for $ac_word... " >&6; } -if ${ac_cv_prog_CC+:} false; then : - $as_echo_n "(cached) " >&6 -else - if test -n "$CC"; then - ac_cv_prog_CC="$CC" # Let the user override the test. -else -as_save_IFS=$IFS; IFS=$PATH_SEPARATOR -for as_dir in $PATH -do - IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. - for ac_exec_ext in '' $ac_executable_extensions; do - if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then - ac_cv_prog_CC="${ac_tool_prefix}gcc" - $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 - break 2 - fi -done - done -IFS=$as_save_IFS - -fi -fi -CC=$ac_cv_prog_CC -if test -n "$CC"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CC" >&5 -$as_echo "$CC" >&6; } -else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } -fi - - -fi -if test -z "$ac_cv_prog_CC"; then - ac_ct_CC=$CC - # Extract the first word of "gcc", so it can be a program name with args. -set dummy gcc; ac_word=$2 -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 -$as_echo_n "checking for $ac_word... " >&6; } -if ${ac_cv_prog_ac_ct_CC+:} false; then : - $as_echo_n "(cached) " >&6 -else - if test -n "$ac_ct_CC"; then - ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test. -else -as_save_IFS=$IFS; IFS=$PATH_SEPARATOR -for as_dir in $PATH -do - IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. - for ac_exec_ext in '' $ac_executable_extensions; do - if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then - ac_cv_prog_ac_ct_CC="gcc" - $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 - break 2 - fi -done - done -IFS=$as_save_IFS - -fi -fi -ac_ct_CC=$ac_cv_prog_ac_ct_CC -if test -n "$ac_ct_CC"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_CC" >&5 -$as_echo "$ac_ct_CC" >&6; } -else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } -fi - - if test "x$ac_ct_CC" = x; then - CC="" - else - case $cross_compiling:$ac_tool_warned in -yes:) -{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 -$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} -ac_tool_warned=yes ;; -esac - CC=$ac_ct_CC - fi -else - CC="$ac_cv_prog_CC" -fi - -if test -z "$CC"; then - if test -n "$ac_tool_prefix"; then - # Extract the first word of "${ac_tool_prefix}cc", so it can be a program name with args. -set dummy ${ac_tool_prefix}cc; ac_word=$2 -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 -$as_echo_n "checking for $ac_word... " >&6; } -if ${ac_cv_prog_CC+:} false; then : - $as_echo_n "(cached) " >&6 -else - if test -n "$CC"; then - ac_cv_prog_CC="$CC" # Let the user override the test. -else -as_save_IFS=$IFS; IFS=$PATH_SEPARATOR -for as_dir in $PATH -do - IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. - for ac_exec_ext in '' $ac_executable_extensions; do - if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then - ac_cv_prog_CC="${ac_tool_prefix}cc" - $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 - break 2 - fi -done - done -IFS=$as_save_IFS - -fi -fi -CC=$ac_cv_prog_CC -if test -n "$CC"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CC" >&5 -$as_echo "$CC" >&6; } -else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } -fi - - - fi -fi -if test -z "$CC"; then - # Extract the first word of "cc", so it can be a program name with args. -set dummy cc; ac_word=$2 -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 -$as_echo_n "checking for $ac_word... " >&6; } -if ${ac_cv_prog_CC+:} false; then : - $as_echo_n "(cached) " >&6 -else - if test -n "$CC"; then - ac_cv_prog_CC="$CC" # Let the user override the test. -else - ac_prog_rejected=no -as_save_IFS=$IFS; IFS=$PATH_SEPARATOR -for as_dir in $PATH -do - IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. - for ac_exec_ext in '' $ac_executable_extensions; do - if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then - if test "$as_dir/$ac_word$ac_exec_ext" = "/usr/ucb/cc"; then - ac_prog_rejected=yes - continue - fi - ac_cv_prog_CC="cc" - $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 - break 2 - fi -done - done -IFS=$as_save_IFS - -if test $ac_prog_rejected = yes; then - # We found a bogon in the path, so make sure we never use it. - set dummy $ac_cv_prog_CC - shift - if test $# != 0; then - # We chose a different compiler from the bogus one. - # However, it has the same basename, so the bogon will be chosen - # first if we set CC to just the basename; use the full file name. - shift - ac_cv_prog_CC="$as_dir/$ac_word${1+' '}$@" - fi -fi -fi -fi -CC=$ac_cv_prog_CC -if test -n "$CC"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CC" >&5 -$as_echo "$CC" >&6; } -else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } -fi - - -fi -if test -z "$CC"; then - if test -n "$ac_tool_prefix"; then - for ac_prog in cl.exe - do - # Extract the first word of "$ac_tool_prefix$ac_prog", so it can be a program name with args. -set dummy $ac_tool_prefix$ac_prog; ac_word=$2 -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 -$as_echo_n "checking for $ac_word... " >&6; } -if ${ac_cv_prog_CC+:} false; then : - $as_echo_n "(cached) " >&6 -else - if test -n "$CC"; then - ac_cv_prog_CC="$CC" # Let the user override the test. -else -as_save_IFS=$IFS; IFS=$PATH_SEPARATOR -for as_dir in $PATH -do - IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. - for ac_exec_ext in '' $ac_executable_extensions; do - if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then - ac_cv_prog_CC="$ac_tool_prefix$ac_prog" - $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 - break 2 - fi -done - done -IFS=$as_save_IFS - -fi -fi -CC=$ac_cv_prog_CC -if test -n "$CC"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CC" >&5 -$as_echo "$CC" >&6; } -else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } -fi - - - test -n "$CC" && break - done -fi -if test -z "$CC"; then - ac_ct_CC=$CC - for ac_prog in cl.exe -do - # Extract the first word of "$ac_prog", so it can be a program name with args. -set dummy $ac_prog; ac_word=$2 -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 -$as_echo_n "checking for $ac_word... " >&6; } -if ${ac_cv_prog_ac_ct_CC+:} false; then : - $as_echo_n "(cached) " >&6 -else - if test -n "$ac_ct_CC"; then - ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test. -else -as_save_IFS=$IFS; IFS=$PATH_SEPARATOR -for as_dir in $PATH -do - IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. - for ac_exec_ext in '' $ac_executable_extensions; do - if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then - ac_cv_prog_ac_ct_CC="$ac_prog" - $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 - break 2 - fi -done - done -IFS=$as_save_IFS - -fi -fi -ac_ct_CC=$ac_cv_prog_ac_ct_CC -if test -n "$ac_ct_CC"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_CC" >&5 -$as_echo "$ac_ct_CC" >&6; } -else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } -fi - - - test -n "$ac_ct_CC" && break -done - - if test "x$ac_ct_CC" = x; then - CC="" - else - case $cross_compiling:$ac_tool_warned in -yes:) -{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 -$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} -ac_tool_warned=yes ;; -esac - CC=$ac_ct_CC - fi -fi - -fi - - -test -z "$CC" && { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 -$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} -as_fn_error $? "no acceptable C compiler found in \$PATH -See \`config.log' for more details" "$LINENO" 5; } - -# Provide some information about the compiler. -$as_echo "$as_me:${as_lineno-$LINENO}: checking for C compiler version" >&5 -set X $ac_compile -ac_compiler=$2 -for ac_option in --version -v -V -qversion; do - { { ac_try="$ac_compiler $ac_option >&5" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" -$as_echo "$ac_try_echo"; } >&5 - (eval "$ac_compiler $ac_option >&5") 2>conftest.err - ac_status=$? - if test -s conftest.err; then - sed '10a\ -... rest of stderr output deleted ... - 10q' conftest.err >conftest.er1 - cat conftest.er1 >&5 - fi - rm -f conftest.er1 conftest.err - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 - test $ac_status = 0; } -done - -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether we are using the GNU C compiler" >&5 -$as_echo_n "checking whether we are using the GNU C compiler... " >&6; } -if ${ac_cv_c_compiler_gnu+:} false; then : - $as_echo_n "(cached) " >&6 -else - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - -int -main () -{ -#ifndef __GNUC__ - choke me -#endif - - ; - return 0; -} -_ACEOF -if ac_fn_c_try_compile "$LINENO"; then : - ac_compiler_gnu=yes -else - ac_compiler_gnu=no -fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -ac_cv_c_compiler_gnu=$ac_compiler_gnu - -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_c_compiler_gnu" >&5 -$as_echo "$ac_cv_c_compiler_gnu" >&6; } -if test $ac_compiler_gnu = yes; then - GCC=yes -else - GCC= -fi -ac_test_CFLAGS=${CFLAGS+set} -ac_save_CFLAGS=$CFLAGS -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether $CC accepts -g" >&5 -$as_echo_n "checking whether $CC accepts -g... " >&6; } -if ${ac_cv_prog_cc_g+:} false; then : - $as_echo_n "(cached) " >&6 -else - ac_save_c_werror_flag=$ac_c_werror_flag - ac_c_werror_flag=yes - ac_cv_prog_cc_g=no - CFLAGS="-g" - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - -int -main () -{ - - ; - return 0; -} -_ACEOF -if ac_fn_c_try_compile "$LINENO"; then : - ac_cv_prog_cc_g=yes -else - CFLAGS="" - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - -int -main () -{ - - ; - return 0; -} -_ACEOF -if ac_fn_c_try_compile "$LINENO"; then : - -else - ac_c_werror_flag=$ac_save_c_werror_flag - CFLAGS="-g" - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - -int -main () -{ - - ; - return 0; -} -_ACEOF -if ac_fn_c_try_compile "$LINENO"; then : - ac_cv_prog_cc_g=yes -fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext - ac_c_werror_flag=$ac_save_c_werror_flag -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cc_g" >&5 -$as_echo "$ac_cv_prog_cc_g" >&6; } -if test "$ac_test_CFLAGS" = set; then - CFLAGS=$ac_save_CFLAGS -elif test $ac_cv_prog_cc_g = yes; then - if test "$GCC" = yes; then - CFLAGS="-g -O2" - else - CFLAGS="-g" - fi -else - if test "$GCC" = yes; then - CFLAGS="-O2" - else - CFLAGS= - fi -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $CC option to accept ISO C89" >&5 -$as_echo_n "checking for $CC option to accept ISO C89... " >&6; } -if ${ac_cv_prog_cc_c89+:} false; then : - $as_echo_n "(cached) " >&6 -else - ac_cv_prog_cc_c89=no -ac_save_CC=$CC -cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -#include -#include -struct stat; -/* Most of the following tests are stolen from RCS 5.7's src/conf.sh. */ -struct buf { int x; }; -FILE * (*rcsopen) (struct buf *, struct stat *, int); -static char *e (p, i) - char **p; - int i; -{ - return p[i]; -} -static char *f (char * (*g) (char **, int), char **p, ...) -{ - char *s; - va_list v; - va_start (v,p); - s = g (p, va_arg (v,int)); - va_end (v); - return s; -} - -/* OSF 4.0 Compaq cc is some sort of almost-ANSI by default. It has - function prototypes and stuff, but not '\xHH' hex character constants. - These don't provoke an error unfortunately, instead are silently treated - as 'x'. The following induces an error, until -std is added to get - proper ANSI mode. Curiously '\x00'!='x' always comes out true, for an - array size at least. It's necessary to write '\x00'==0 to get something - that's true only with -std. */ -int osf4_cc_array ['\x00' == 0 ? 1 : -1]; - -/* IBM C 6 for AIX is almost-ANSI by default, but it replaces macro parameters - inside strings and character constants. */ -#define FOO(x) 'x' -int xlc6_cc_array[FOO(a) == 'x' ? 1 : -1]; - -int test (int i, double x); -struct s1 {int (*f) (int a);}; -struct s2 {int (*f) (double a);}; -int pairnames (int, char **, FILE *(*)(struct buf *, struct stat *, int), int, int); -int argc; -char **argv; -int -main () -{ -return f (e, argv, 0) != argv[0] || f (e, argv, 1) != argv[1]; - ; - return 0; -} -_ACEOF -for ac_arg in '' -qlanglvl=extc89 -qlanglvl=ansi -std \ - -Ae "-Aa -D_HPUX_SOURCE" "-Xc -D__EXTENSIONS__" -do - CC="$ac_save_CC $ac_arg" - if ac_fn_c_try_compile "$LINENO"; then : - ac_cv_prog_cc_c89=$ac_arg -fi -rm -f core conftest.err conftest.$ac_objext - test "x$ac_cv_prog_cc_c89" != "xno" && break -done -rm -f conftest.$ac_ext -CC=$ac_save_CC - -fi -# AC_CACHE_VAL -case "x$ac_cv_prog_cc_c89" in - x) - { $as_echo "$as_me:${as_lineno-$LINENO}: result: none needed" >&5 -$as_echo "none needed" >&6; } ;; - xno) - { $as_echo "$as_me:${as_lineno-$LINENO}: result: unsupported" >&5 -$as_echo "unsupported" >&6; } ;; - *) - CC="$CC $ac_cv_prog_cc_c89" - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cc_c89" >&5 -$as_echo "$ac_cv_prog_cc_c89" >&6; } ;; -esac -if test "x$ac_cv_prog_cc_c89" != xno; then : - -fi - -ac_ext=c -ac_cpp='$CPP $CPPFLAGS' -ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' -ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' -ac_compiler_gnu=$ac_cv_c_compiler_gnu - - -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking $CC dependency flag" >&5 -$as_echo_n "checking $CC dependency flag... " >&6; } -echo 'void f(){}' >conftest.c -if test "`$CC -MM conftest.c 2>&1`" = "conftest.o: conftest.c"; then - DEPFLAG="-MM" -else - if test "`$CC -xM1 conftest.c 2>&1`" = "conftest.o: conftest.c"; then - DEPFLAG="-xM1" - else - DEPFLAG="-MM" # dunno do something - fi -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $DEPFLAG" >&5 -$as_echo "$DEPFLAG" >&6; } -rm -f conftest.c - - - - - -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether $CC supports -Werror" >&5 -$as_echo_n "checking whether $CC supports -Werror... " >&6; } -cache=`echo Werror | sed 'y%.=/+-%___p_%'` -if eval \${cv_prog_cc_flag_$cache+:} false; then : - $as_echo_n "(cached) " >&6 -else - -echo 'void f(void){}' >conftest.c -if test -z "`$CC $CPPFLAGS $CFLAGS -Werror -c conftest.c 2>&1`"; then -eval "cv_prog_cc_flag_$cache=yes" -else -eval "cv_prog_cc_flag_$cache=no" -fi -rm -f conftest conftest.o conftest.c - -fi - -if eval "test \"`echo '$cv_prog_cc_flag_'$cache`\" = yes"; then -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 -$as_echo "yes" >&6; } -: -ERRFLAG="-Werror" -else -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } -: -ERRFLAG="-errwarn" -fi - - - -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether $CC supports -Wall" >&5 -$as_echo_n "checking whether $CC supports -Wall... " >&6; } -cache=`echo Wall | sed 'y%.=/+-%___p_%'` -if eval \${cv_prog_cc_flag_$cache+:} false; then : - $as_echo_n "(cached) " >&6 -else - -echo 'void f(void){}' >conftest.c -if test -z "`$CC $CPPFLAGS $CFLAGS -Wall -c conftest.c 2>&1`"; then -eval "cv_prog_cc_flag_$cache=yes" -else -eval "cv_prog_cc_flag_$cache=no" -fi -rm -f conftest conftest.o conftest.c - -fi - -if eval "test \"`echo '$cv_prog_cc_flag_'$cache`\" = yes"; then -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 -$as_echo "yes" >&6; } -: -ERRFLAG="$ERRFLAG -Wall" -else -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } -: -ERRFLAG="$ERRFLAG -errfmt" -fi - - - - - -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether $CC supports -std=c99" >&5 -$as_echo_n "checking whether $CC supports -std=c99... " >&6; } -cache=`echo std=c99 | sed 'y%.=/+-%___p_%'` -if eval \${cv_prog_cc_flag_$cache+:} false; then : - $as_echo_n "(cached) " >&6 -else - -echo 'void f(void){}' >conftest.c -if test -z "`$CC $CPPFLAGS $CFLAGS -std=c99 -c conftest.c 2>&1`"; then -eval "cv_prog_cc_flag_$cache=yes" -else -eval "cv_prog_cc_flag_$cache=no" -fi -rm -f conftest conftest.o conftest.c - -fi - -if eval "test \"`echo '$cv_prog_cc_flag_'$cache`\" = yes"; then -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 -$as_echo "yes" >&6; } -: -C99FLAG="-std=c99" -else -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } -: - -fi - - - -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether $CC supports -xc99" >&5 -$as_echo_n "checking whether $CC supports -xc99... " >&6; } -cache=`echo xc99 | sed 'y%.=/+-%___p_%'` -if eval \${cv_prog_cc_flag_$cache+:} false; then : - $as_echo_n "(cached) " >&6 -else - -echo 'void f(void){}' >conftest.c -if test -z "`$CC $CPPFLAGS $CFLAGS -xc99 -c conftest.c 2>&1`"; then -eval "cv_prog_cc_flag_$cache=yes" -else -eval "cv_prog_cc_flag_$cache=no" -fi -rm -f conftest conftest.o conftest.c - -fi - -if eval "test \"`echo '$cv_prog_cc_flag_'$cache`\" = yes"; then -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 -$as_echo "yes" >&6; } -: -C99FLAG="-xc99" -else -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } -: - -fi - - -for ac_header in getopt.h time.h -do : - as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh` -ac_fn_c_check_header_compile "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default -" -if eval test \"x\$"$as_ac_Header"\" = x"yes"; then : - cat >>confdefs.h <<_ACEOF -#define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1 -_ACEOF - -fi - -done - - - - - -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether we need $C99FLAG -D__EXTENSIONS__ -D_BSD_SOURCE -D_DEFAULT_SOURCE -D_POSIX_C_SOURCE=200112 -D_XOPEN_SOURCE=600 -D_XOPEN_SOURCE_EXTENDED=1 -D_ALL_SOURCE as a flag for $CC" >&5 -$as_echo_n "checking whether we need $C99FLAG -D__EXTENSIONS__ -D_BSD_SOURCE -D_DEFAULT_SOURCE -D_POSIX_C_SOURCE=200112 -D_XOPEN_SOURCE=600 -D_XOPEN_SOURCE_EXTENDED=1 -D_ALL_SOURCE as a flag for $CC... " >&6; } -cache=`$as_echo "$C99FLAG -D__EXTENSIONS__ -D_BSD_SOURCE -D_DEFAULT_SOURCE -D_POSIX_C_SOURCE=200112 -D_XOPEN_SOURCE=600 -D_XOPEN_SOURCE_EXTENDED=1 -D_ALL_SOURCE" | $as_tr_sh` -if eval \${cv_prog_cc_flag_needed_$cache+:} false; then : - $as_echo_n "(cached) " >&6 -else - -echo ' -#include "confdefs.h" -#include -#include -#include -#ifdef HAVE_TIME_H -#include -#endif -#include -#include -#ifdef HAVE_GETOPT_H -#include -#endif - -int test() { - int a; - char **opts = NULL; - struct timeval tv; - char *t; - time_t time = 0; - char *buf = NULL; - const char* str = NULL; - struct msghdr msg; - msg.msg_control = 0; - t = ctime_r(&time, buf); - tv.tv_usec = 10; - srandom(32); - a = getopt(2, opts, "a"); - a = isascii(32); - str = gai_strerror(0); - if(str && t && tv.tv_usec && msg.msg_control) - a = 0; - return a; -} -' > conftest.c -echo 'void f(){}' >>conftest.c -if test -z "`$CC $CPPFLAGS $CFLAGS $ERRFLAG -c conftest.c 2>&1`"; then -eval "cv_prog_cc_flag_needed_$cache=no" -else - -if test -z "`$CC $CPPFLAGS $CFLAGS $C99FLAG -D__EXTENSIONS__ -D_BSD_SOURCE -D_DEFAULT_SOURCE -D_POSIX_C_SOURCE=200112 -D_XOPEN_SOURCE=600 -D_XOPEN_SOURCE_EXTENDED=1 -D_ALL_SOURCE $ERRFLAG -c conftest.c 2>&1`"; then -eval "cv_prog_cc_flag_needed_$cache=yes" -else -eval "cv_prog_cc_flag_needed_$cache=fail" -#echo 'Test with flag fails too!' -#cat conftest.c -#echo "$CC $CPPFLAGS $CFLAGS $C99FLAG -D__EXTENSIONS__ -D_BSD_SOURCE -D_DEFAULT_SOURCE -D_POSIX_C_SOURCE=200112 -D_XOPEN_SOURCE=600 -D_XOPEN_SOURCE_EXTENDED=1 -D_ALL_SOURCE $ERRFLAG -c conftest.c 2>&1" -#echo `$CC $CPPFLAGS $CFLAGS $C99FLAG -D__EXTENSIONS__ -D_BSD_SOURCE -D_DEFAULT_SOURCE -D_POSIX_C_SOURCE=200112 -D_XOPEN_SOURCE=600 -D_XOPEN_SOURCE_EXTENDED=1 -D_ALL_SOURCE $ERRFLAG -c conftest.c 2>&1` -#exit 1 -fi - -fi -rm -f conftest conftest.c conftest.o - -fi - -if eval "test \"`echo '$cv_prog_cc_flag_needed_'$cache`\" = yes"; then -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 -$as_echo "yes" >&6; } -: -CFLAGS="$CFLAGS $C99FLAG -D__EXTENSIONS__ -D_BSD_SOURCE -D_DEFAULT_SOURCE -D_POSIX_C_SOURCE=200112 -D_XOPEN_SOURCE=600 -D_XOPEN_SOURCE_EXTENDED=1 -D_ALL_SOURCE" -else -if eval "test \"`echo '$cv_prog_cc_flag_needed_'$cache`\" = no"; then -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } -#echo 'Test with flag is no!' -#cat conftest.c -#echo "$CC $CPPFLAGS $CFLAGS $C99FLAG -D__EXTENSIONS__ -D_BSD_SOURCE -D_DEFAULT_SOURCE -D_POSIX_C_SOURCE=200112 -D_XOPEN_SOURCE=600 -D_XOPEN_SOURCE_EXTENDED=1 -D_ALL_SOURCE $ERRFLAG -c conftest.c 2>&1" -#echo `$CC $CPPFLAGS $CFLAGS $C99FLAG -D__EXTENSIONS__ -D_BSD_SOURCE -D_DEFAULT_SOURCE -D_POSIX_C_SOURCE=200112 -D_XOPEN_SOURCE=600 -D_XOPEN_SOURCE_EXTENDED=1 -D_ALL_SOURCE $ERRFLAG -c conftest.c 2>&1` -#exit 1 -: - -else -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: failed" >&5 -$as_echo "failed" >&6; } -: - -fi -fi - - - - - -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether we need $C99FLAG -D__EXTENSIONS__ -D_BSD_SOURCE -D_DEFAULT_SOURCE -D_POSIX_C_SOURCE=200112 -D_XOPEN_SOURCE=600 -D_ALL_SOURCE as a flag for $CC" >&5 -$as_echo_n "checking whether we need $C99FLAG -D__EXTENSIONS__ -D_BSD_SOURCE -D_DEFAULT_SOURCE -D_POSIX_C_SOURCE=200112 -D_XOPEN_SOURCE=600 -D_ALL_SOURCE as a flag for $CC... " >&6; } -cache=`$as_echo "$C99FLAG -D__EXTENSIONS__ -D_BSD_SOURCE -D_DEFAULT_SOURCE -D_POSIX_C_SOURCE=200112 -D_XOPEN_SOURCE=600 -D_ALL_SOURCE" | $as_tr_sh` -if eval \${cv_prog_cc_flag_needed_$cache+:} false; then : - $as_echo_n "(cached) " >&6 -else - -echo ' -#include "confdefs.h" -#include -#include -#include -#ifdef HAVE_TIME_H -#include -#endif -#include -#include -#ifdef HAVE_GETOPT_H -#include -#endif - -int test() { - int a; - char **opts = NULL; - struct timeval tv; - char *t; - time_t time = 0; - char *buf = NULL; - const char* str = NULL; - struct msghdr msg; - msg.msg_control = 0; - t = ctime_r(&time, buf); - tv.tv_usec = 10; - srandom(32); - a = getopt(2, opts, "a"); - a = isascii(32); - str = gai_strerror(0); - if(str && t && tv.tv_usec && msg.msg_control) - a = 0; - return a; -} -' > conftest.c -echo 'void f(){}' >>conftest.c -if test -z "`$CC $CPPFLAGS $CFLAGS $ERRFLAG -c conftest.c 2>&1`"; then -eval "cv_prog_cc_flag_needed_$cache=no" -else - -if test -z "`$CC $CPPFLAGS $CFLAGS $C99FLAG -D__EXTENSIONS__ -D_BSD_SOURCE -D_DEFAULT_SOURCE -D_POSIX_C_SOURCE=200112 -D_XOPEN_SOURCE=600 -D_ALL_SOURCE $ERRFLAG -c conftest.c 2>&1`"; then -eval "cv_prog_cc_flag_needed_$cache=yes" -else -eval "cv_prog_cc_flag_needed_$cache=fail" -#echo 'Test with flag fails too!' -#cat conftest.c -#echo "$CC $CPPFLAGS $CFLAGS $C99FLAG -D__EXTENSIONS__ -D_BSD_SOURCE -D_DEFAULT_SOURCE -D_POSIX_C_SOURCE=200112 -D_XOPEN_SOURCE=600 -D_ALL_SOURCE $ERRFLAG -c conftest.c 2>&1" -#echo `$CC $CPPFLAGS $CFLAGS $C99FLAG -D__EXTENSIONS__ -D_BSD_SOURCE -D_DEFAULT_SOURCE -D_POSIX_C_SOURCE=200112 -D_XOPEN_SOURCE=600 -D_ALL_SOURCE $ERRFLAG -c conftest.c 2>&1` -#exit 1 -fi - -fi -rm -f conftest conftest.c conftest.o - -fi - -if eval "test \"`echo '$cv_prog_cc_flag_needed_'$cache`\" = yes"; then -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 -$as_echo "yes" >&6; } -: -CFLAGS="$CFLAGS $C99FLAG -D__EXTENSIONS__ -D_BSD_SOURCE -D_DEFAULT_SOURCE -D_POSIX_C_SOURCE=200112 -D_XOPEN_SOURCE=600 -D_ALL_SOURCE" -else -if eval "test \"`echo '$cv_prog_cc_flag_needed_'$cache`\" = no"; then -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } -#echo 'Test with flag is no!' -#cat conftest.c -#echo "$CC $CPPFLAGS $CFLAGS $C99FLAG -D__EXTENSIONS__ -D_BSD_SOURCE -D_DEFAULT_SOURCE -D_POSIX_C_SOURCE=200112 -D_XOPEN_SOURCE=600 -D_ALL_SOURCE $ERRFLAG -c conftest.c 2>&1" -#echo `$CC $CPPFLAGS $CFLAGS $C99FLAG -D__EXTENSIONS__ -D_BSD_SOURCE -D_DEFAULT_SOURCE -D_POSIX_C_SOURCE=200112 -D_XOPEN_SOURCE=600 -D_ALL_SOURCE $ERRFLAG -c conftest.c 2>&1` -#exit 1 -: - -else -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: failed" >&5 -$as_echo "failed" >&6; } -: - -fi -fi - - - - - -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether we need $C99FLAG as a flag for $CC" >&5 -$as_echo_n "checking whether we need $C99FLAG as a flag for $CC... " >&6; } -cache=`$as_echo "$C99FLAG" | $as_tr_sh` -if eval \${cv_prog_cc_flag_needed_$cache+:} false; then : - $as_echo_n "(cached) " >&6 -else - -echo ' -#include -#include -int test() { - int a = 0; - return a; -} -' > conftest.c -echo 'void f(){}' >>conftest.c -if test -z "`$CC $CPPFLAGS $CFLAGS $ERRFLAG -c conftest.c 2>&1`"; then -eval "cv_prog_cc_flag_needed_$cache=no" -else - -if test -z "`$CC $CPPFLAGS $CFLAGS $C99FLAG $ERRFLAG -c conftest.c 2>&1`"; then -eval "cv_prog_cc_flag_needed_$cache=yes" -else -eval "cv_prog_cc_flag_needed_$cache=fail" -#echo 'Test with flag fails too!' -#cat conftest.c -#echo "$CC $CPPFLAGS $CFLAGS $C99FLAG $ERRFLAG -c conftest.c 2>&1" -#echo `$CC $CPPFLAGS $CFLAGS $C99FLAG $ERRFLAG -c conftest.c 2>&1` -#exit 1 -fi - -fi -rm -f conftest conftest.c conftest.o - -fi - -if eval "test \"`echo '$cv_prog_cc_flag_needed_'$cache`\" = yes"; then -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 -$as_echo "yes" >&6; } -: -CFLAGS="$CFLAGS $C99FLAG" -else -if eval "test \"`echo '$cv_prog_cc_flag_needed_'$cache`\" = no"; then -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } -#echo 'Test with flag is no!' -#cat conftest.c -#echo "$CC $CPPFLAGS $CFLAGS $C99FLAG $ERRFLAG -c conftest.c 2>&1" -#echo `$CC $CPPFLAGS $CFLAGS $C99FLAG $ERRFLAG -c conftest.c 2>&1` -#exit 1 -: - -else -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: failed" >&5 -$as_echo "failed" >&6; } -: - -fi -fi - - - - - -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether we need -D_BSD_SOURCE -D_DEFAULT_SOURCE as a flag for $CC" >&5 -$as_echo_n "checking whether we need -D_BSD_SOURCE -D_DEFAULT_SOURCE as a flag for $CC... " >&6; } -cache=_D_BSD_SOURCE__D_DEFAULT_SOURCE -if eval \${cv_prog_cc_flag_needed_$cache+:} false; then : - $as_echo_n "(cached) " >&6 -else - -echo ' -#include - -int test() { - int a; - a = isascii(32); - return a; -} -' > conftest.c -echo 'void f(){}' >>conftest.c -if test -z "`$CC $CPPFLAGS $CFLAGS $ERRFLAG -c conftest.c 2>&1`"; then -eval "cv_prog_cc_flag_needed_$cache=no" -else - -if test -z "`$CC $CPPFLAGS $CFLAGS -D_BSD_SOURCE -D_DEFAULT_SOURCE $ERRFLAG -c conftest.c 2>&1`"; then -eval "cv_prog_cc_flag_needed_$cache=yes" -else -eval "cv_prog_cc_flag_needed_$cache=fail" -#echo 'Test with flag fails too!' -#cat conftest.c -#echo "$CC $CPPFLAGS $CFLAGS -D_BSD_SOURCE -D_DEFAULT_SOURCE $ERRFLAG -c conftest.c 2>&1" -#echo `$CC $CPPFLAGS $CFLAGS -D_BSD_SOURCE -D_DEFAULT_SOURCE $ERRFLAG -c conftest.c 2>&1` -#exit 1 -fi - -fi -rm -f conftest conftest.c conftest.o - -fi - -if eval "test \"`echo '$cv_prog_cc_flag_needed_'$cache`\" = yes"; then -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 -$as_echo "yes" >&6; } -: -CFLAGS="$CFLAGS -D_BSD_SOURCE -D_DEFAULT_SOURCE" -else -if eval "test \"`echo '$cv_prog_cc_flag_needed_'$cache`\" = no"; then -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } -#echo 'Test with flag is no!' -#cat conftest.c -#echo "$CC $CPPFLAGS $CFLAGS -D_BSD_SOURCE -D_DEFAULT_SOURCE $ERRFLAG -c conftest.c 2>&1" -#echo `$CC $CPPFLAGS $CFLAGS -D_BSD_SOURCE -D_DEFAULT_SOURCE $ERRFLAG -c conftest.c 2>&1` -#exit 1 -: - -else -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: failed" >&5 -$as_echo "failed" >&6; } -: - -fi -fi - - - - - -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether we need -D_GNU_SOURCE as a flag for $CC" >&5 -$as_echo_n "checking whether we need -D_GNU_SOURCE as a flag for $CC... " >&6; } -cache=_D_GNU_SOURCE -if eval \${cv_prog_cc_flag_needed_$cache+:} false; then : - $as_echo_n "(cached) " >&6 -else - -echo ' -#include - -int test() { - struct in6_pktinfo inf; - int a = (int)sizeof(inf); - return a; -} -' > conftest.c -echo 'void f(){}' >>conftest.c -if test -z "`$CC $CPPFLAGS $CFLAGS $ERRFLAG -c conftest.c 2>&1`"; then -eval "cv_prog_cc_flag_needed_$cache=no" -else - -if test -z "`$CC $CPPFLAGS $CFLAGS -D_GNU_SOURCE $ERRFLAG -c conftest.c 2>&1`"; then -eval "cv_prog_cc_flag_needed_$cache=yes" -else -eval "cv_prog_cc_flag_needed_$cache=fail" -#echo 'Test with flag fails too!' -#cat conftest.c -#echo "$CC $CPPFLAGS $CFLAGS -D_GNU_SOURCE $ERRFLAG -c conftest.c 2>&1" -#echo `$CC $CPPFLAGS $CFLAGS -D_GNU_SOURCE $ERRFLAG -c conftest.c 2>&1` -#exit 1 -fi - -fi -rm -f conftest conftest.c conftest.o - -fi - -if eval "test \"`echo '$cv_prog_cc_flag_needed_'$cache`\" = yes"; then -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 -$as_echo "yes" >&6; } -: -CFLAGS="$CFLAGS -D_GNU_SOURCE" -else -if eval "test \"`echo '$cv_prog_cc_flag_needed_'$cache`\" = no"; then -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } -#echo 'Test with flag is no!' -#cat conftest.c -#echo "$CC $CPPFLAGS $CFLAGS -D_GNU_SOURCE $ERRFLAG -c conftest.c 2>&1" -#echo `$CC $CPPFLAGS $CFLAGS -D_GNU_SOURCE $ERRFLAG -c conftest.c 2>&1` -#exit 1 -: - -else -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: failed" >&5 -$as_echo "failed" >&6; } -: - -fi -fi - - -# check again for GNU_SOURCE for setresgid. May fail if setresgid -# is not available at all. -D_FRSRESGID is to make this check unique. -# otherwise we would get the previous cached result. - - - -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether we need -D_GNU_SOURCE -D_FRSRESGID as a flag for $CC" >&5 -$as_echo_n "checking whether we need -D_GNU_SOURCE -D_FRSRESGID as a flag for $CC... " >&6; } -cache=_D_GNU_SOURCE__D_FRSRESGID -if eval \${cv_prog_cc_flag_needed_$cache+:} false; then : - $as_echo_n "(cached) " >&6 -else - -echo ' -#include - -int test() { - int a = setresgid(0,0,0); - a = setresuid(0,0,0); - return a; -} -' > conftest.c -echo 'void f(){}' >>conftest.c -if test -z "`$CC $CPPFLAGS $CFLAGS $ERRFLAG -c conftest.c 2>&1`"; then -eval "cv_prog_cc_flag_needed_$cache=no" -else - -if test -z "`$CC $CPPFLAGS $CFLAGS -D_GNU_SOURCE -D_FRSRESGID $ERRFLAG -c conftest.c 2>&1`"; then -eval "cv_prog_cc_flag_needed_$cache=yes" -else -eval "cv_prog_cc_flag_needed_$cache=fail" -#echo 'Test with flag fails too!' -#cat conftest.c -#echo "$CC $CPPFLAGS $CFLAGS -D_GNU_SOURCE -D_FRSRESGID $ERRFLAG -c conftest.c 2>&1" -#echo `$CC $CPPFLAGS $CFLAGS -D_GNU_SOURCE -D_FRSRESGID $ERRFLAG -c conftest.c 2>&1` -#exit 1 -fi - -fi -rm -f conftest conftest.c conftest.o - -fi - -if eval "test \"`echo '$cv_prog_cc_flag_needed_'$cache`\" = yes"; then -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 -$as_echo "yes" >&6; } -: -CFLAGS="$CFLAGS -D_GNU_SOURCE" -else -if eval "test \"`echo '$cv_prog_cc_flag_needed_'$cache`\" = no"; then -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } -#echo 'Test with flag is no!' -#cat conftest.c -#echo "$CC $CPPFLAGS $CFLAGS -D_GNU_SOURCE -D_FRSRESGID $ERRFLAG -c conftest.c 2>&1" -#echo `$CC $CPPFLAGS $CFLAGS -D_GNU_SOURCE -D_FRSRESGID $ERRFLAG -c conftest.c 2>&1` -#exit 1 -: - -else -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: failed" >&5 -$as_echo "failed" >&6; } -: - -fi -fi - - - - - -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether we need -D_POSIX_C_SOURCE=200112 as a flag for $CC" >&5 -$as_echo_n "checking whether we need -D_POSIX_C_SOURCE=200112 as a flag for $CC... " >&6; } -cache=_D_POSIX_C_SOURCE_200112 -if eval \${cv_prog_cc_flag_needed_$cache+:} false; then : - $as_echo_n "(cached) " >&6 -else - -echo ' -#include "confdefs.h" -#ifdef HAVE_TIME_H -#include -#endif -#include - -int test() { - int a = 0; - char *t; - time_t time = 0; - char *buf = NULL; - const char* str = NULL; - t = ctime_r(&time, buf); - str = gai_strerror(0); - if(t && str) - a = 0; - return a; -} -' > conftest.c -echo 'void f(){}' >>conftest.c -if test -z "`$CC $CPPFLAGS $CFLAGS $ERRFLAG -c conftest.c 2>&1`"; then -eval "cv_prog_cc_flag_needed_$cache=no" -else - -if test -z "`$CC $CPPFLAGS $CFLAGS -D_POSIX_C_SOURCE=200112 $ERRFLAG -c conftest.c 2>&1`"; then -eval "cv_prog_cc_flag_needed_$cache=yes" -else -eval "cv_prog_cc_flag_needed_$cache=fail" -#echo 'Test with flag fails too!' -#cat conftest.c -#echo "$CC $CPPFLAGS $CFLAGS -D_POSIX_C_SOURCE=200112 $ERRFLAG -c conftest.c 2>&1" -#echo `$CC $CPPFLAGS $CFLAGS -D_POSIX_C_SOURCE=200112 $ERRFLAG -c conftest.c 2>&1` -#exit 1 -fi - -fi -rm -f conftest conftest.c conftest.o - -fi - -if eval "test \"`echo '$cv_prog_cc_flag_needed_'$cache`\" = yes"; then -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 -$as_echo "yes" >&6; } -: -CFLAGS="$CFLAGS -D_POSIX_C_SOURCE=200112" -else -if eval "test \"`echo '$cv_prog_cc_flag_needed_'$cache`\" = no"; then -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } -#echo 'Test with flag is no!' -#cat conftest.c -#echo "$CC $CPPFLAGS $CFLAGS -D_POSIX_C_SOURCE=200112 $ERRFLAG -c conftest.c 2>&1" -#echo `$CC $CPPFLAGS $CFLAGS -D_POSIX_C_SOURCE=200112 $ERRFLAG -c conftest.c 2>&1` -#exit 1 -: - -else -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: failed" >&5 -$as_echo "failed" >&6; } -: - -fi -fi - - - - - -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether we need -D__EXTENSIONS__ as a flag for $CC" >&5 -$as_echo_n "checking whether we need -D__EXTENSIONS__ as a flag for $CC... " >&6; } -cache=_D__EXTENSIONS__ -if eval \${cv_prog_cc_flag_needed_$cache+:} false; then : - $as_echo_n "(cached) " >&6 -else - -echo ' -#include "confdefs.h" -#include -#include -#include -#ifdef HAVE_TIME_H -#include -#endif -#include -#ifdef HAVE_GETOPT_H -#include -#endif - -int test() { - int a; - char **opts = NULL; - struct timeval tv; - tv.tv_usec = 10; - srandom(32); - a = getopt(2, opts, "a"); - a = isascii(32); - if(tv.tv_usec) - a = 0; - return a; -} -' > conftest.c -echo 'void f(){}' >>conftest.c -if test -z "`$CC $CPPFLAGS $CFLAGS $ERRFLAG -c conftest.c 2>&1`"; then -eval "cv_prog_cc_flag_needed_$cache=no" -else - -if test -z "`$CC $CPPFLAGS $CFLAGS -D__EXTENSIONS__ $ERRFLAG -c conftest.c 2>&1`"; then -eval "cv_prog_cc_flag_needed_$cache=yes" -else -eval "cv_prog_cc_flag_needed_$cache=fail" -#echo 'Test with flag fails too!' -#cat conftest.c -#echo "$CC $CPPFLAGS $CFLAGS -D__EXTENSIONS__ $ERRFLAG -c conftest.c 2>&1" -#echo `$CC $CPPFLAGS $CFLAGS -D__EXTENSIONS__ $ERRFLAG -c conftest.c 2>&1` -#exit 1 -fi - -fi -rm -f conftest conftest.c conftest.o - -fi - -if eval "test \"`echo '$cv_prog_cc_flag_needed_'$cache`\" = yes"; then -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 -$as_echo "yes" >&6; } -: -CFLAGS="$CFLAGS -D__EXTENSIONS__" -else -if eval "test \"`echo '$cv_prog_cc_flag_needed_'$cache`\" = no"; then -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } -#echo 'Test with flag is no!' -#cat conftest.c -#echo "$CC $CPPFLAGS $CFLAGS -D__EXTENSIONS__ $ERRFLAG -c conftest.c 2>&1" -#echo `$CC $CPPFLAGS $CFLAGS -D__EXTENSIONS__ $ERRFLAG -c conftest.c 2>&1` -#exit 1 -: - -else -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: failed" >&5 -$as_echo "failed" >&6; } -: - -fi -fi - - - - -# debug mode flags warnings -# Check whether --enable-checking was given. -if test "${enable_checking+set}" = set; then : - enableval=$enable_checking; -fi - -# Check whether --enable-debug was given. -if test "${enable_debug+set}" = set; then : - enableval=$enable_debug; -fi - -if test "$enable_debug" = "yes"; then debug_enabled="$enable_debug"; -else debug_enabled="$enable_checking"; fi - -case "$debug_enabled" in - yes) - - -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether $CC supports -W" >&5 -$as_echo_n "checking whether $CC supports -W... " >&6; } -cache=`echo W | sed 'y%.=/+-%___p_%'` -if eval \${cv_prog_cc_flag_$cache+:} false; then : - $as_echo_n "(cached) " >&6 -else - -echo 'void f(void){}' >conftest.c -if test -z "`$CC $CPPFLAGS $CFLAGS -W -c conftest.c 2>&1`"; then -eval "cv_prog_cc_flag_$cache=yes" -else -eval "cv_prog_cc_flag_$cache=no" -fi -rm -f conftest conftest.o conftest.c - -fi - -if eval "test \"`echo '$cv_prog_cc_flag_'$cache`\" = yes"; then -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 -$as_echo "yes" >&6; } -: -CFLAGS="$CFLAGS -W" -else -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } -: - -fi - - - -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether $CC supports -Wall" >&5 -$as_echo_n "checking whether $CC supports -Wall... " >&6; } -cache=`echo Wall | sed 'y%.=/+-%___p_%'` -if eval \${cv_prog_cc_flag_$cache+:} false; then : - $as_echo_n "(cached) " >&6 -else - -echo 'void f(void){}' >conftest.c -if test -z "`$CC $CPPFLAGS $CFLAGS -Wall -c conftest.c 2>&1`"; then -eval "cv_prog_cc_flag_$cache=yes" -else -eval "cv_prog_cc_flag_$cache=no" -fi -rm -f conftest conftest.o conftest.c - -fi - -if eval "test \"`echo '$cv_prog_cc_flag_'$cache`\" = yes"; then -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 -$as_echo "yes" >&6; } -: -CFLAGS="$CFLAGS -Wall" -else -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } -: - -fi - - - -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether $CC supports -Wextra" >&5 -$as_echo_n "checking whether $CC supports -Wextra... " >&6; } -cache=`echo Wextra | sed 'y%.=/+-%___p_%'` -if eval \${cv_prog_cc_flag_$cache+:} false; then : - $as_echo_n "(cached) " >&6 -else - -echo 'void f(void){}' >conftest.c -if test -z "`$CC $CPPFLAGS $CFLAGS -Wextra -c conftest.c 2>&1`"; then -eval "cv_prog_cc_flag_$cache=yes" -else -eval "cv_prog_cc_flag_$cache=no" -fi -rm -f conftest conftest.o conftest.c - -fi - -if eval "test \"`echo '$cv_prog_cc_flag_'$cache`\" = yes"; then -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 -$as_echo "yes" >&6; } -: -CFLAGS="$CFLAGS -Wextra" -else -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } -: - -fi - - - -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether $CC supports -Wdeclaration-after-statement" >&5 -$as_echo_n "checking whether $CC supports -Wdeclaration-after-statement... " >&6; } -cache=`echo Wdeclaration-after-statement | sed 'y%.=/+-%___p_%'` -if eval \${cv_prog_cc_flag_$cache+:} false; then : - $as_echo_n "(cached) " >&6 -else - -echo 'void f(void){}' >conftest.c -if test -z "`$CC $CPPFLAGS $CFLAGS -Wdeclaration-after-statement -c conftest.c 2>&1`"; then -eval "cv_prog_cc_flag_$cache=yes" -else -eval "cv_prog_cc_flag_$cache=no" -fi -rm -f conftest conftest.o conftest.c - -fi - -if eval "test \"`echo '$cv_prog_cc_flag_'$cache`\" = yes"; then -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 -$as_echo "yes" >&6; } -: -CFLAGS="$CFLAGS -Wdeclaration-after-statement" -else -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } -: - -fi - - -$as_echo "#define UNBOUND_DEBUG /**/" >>confdefs.h - - ;; - no|*) - # nothing to do. - ;; -esac - - # Check whether --enable-flto was given. -if test "${enable_flto+set}" = set; then : - enableval=$enable_flto; -fi - - if test "x$enable_flto" != "xno"; then : - - { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $CC supports -flto" >&5 -$as_echo_n "checking if $CC supports -flto... " >&6; } - BAKCFLAGS="$CFLAGS" - CFLAGS="$CFLAGS -flto" - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - -int -main () -{ - - ; - return 0; -} -_ACEOF -if ac_fn_c_try_link "$LINENO"; then : - - if $CC $CFLAGS -o conftest conftest.c 2>&1 | $GREP -e "warning: no debug symbols in executable" -e "warning: object" >/dev/null; then - CFLAGS="$BAKCFLAGS" - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } - else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 -$as_echo "yes" >&6; } - fi - rm -f conftest conftest.c conftest.o - -else - CFLAGS="$BAKCFLAGS" ; { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } -fi -rm -f core conftest.err conftest.$ac_objext \ - conftest$ac_exeext conftest.$ac_ext - -fi - - - # Check whether --enable-pie was given. -if test "${enable_pie+set}" = set; then : - enableval=$enable_pie; -fi - - if test "x$enable_pie" = "xyes"; then : - - { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $CC supports PIE" >&5 -$as_echo_n "checking if $CC supports PIE... " >&6; } - BAKLDFLAGS="$LDFLAGS" - BAKCFLAGS="$CFLAGS" - LDFLAGS="$LDFLAGS -pie" - CFLAGS="$CFLAGS -fPIE" - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - -int -main () -{ - - ; - return 0; -} -_ACEOF -if ac_fn_c_try_link "$LINENO"; then : - - if $CC $CFLAGS $LDFLAGS -o conftest conftest.c 2>&1 | grep "warning: no debug symbols in executable" >/dev/null; then - LDFLAGS="$BAKLDFLAGS" - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } - else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 -$as_echo "yes" >&6; } - fi - rm -f conftest conftest.c conftest.o - -else - LDFLAGS="$BAKLDFLAGS" ; CFLAGS="$BAKCFLAGS" ; { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } -fi -rm -f core conftest.err conftest.$ac_objext \ - conftest$ac_exeext conftest.$ac_ext - -fi - - - # Check whether --enable-relro_now was given. -if test "${enable_relro_now+set}" = set; then : - enableval=$enable_relro_now; -fi - - if test "x$enable_relro_now" = "xyes"; then : - - { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $CC supports -Wl,-z,relro,-z,now" >&5 -$as_echo_n "checking if $CC supports -Wl,-z,relro,-z,now... " >&6; } - BAKLDFLAGS="$LDFLAGS" - LDFLAGS="$LDFLAGS -Wl,-z,relro,-z,now" - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - -int -main () -{ - - ; - return 0; -} -_ACEOF -if ac_fn_c_try_link "$LINENO"; then : - - if $CC $CFLAGS $LDFLAGS -o conftest conftest.c 2>&1 | grep "warning: no debug symbols in executable" >/dev/null; then - LDFLAGS="$BAKLDFLAGS" - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } - else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 -$as_echo "yes" >&6; } - fi - rm -f conftest conftest.c conftest.o - -else - LDFLAGS="$BAKLDFLAGS" ; { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } -fi -rm -f core conftest.err conftest.$ac_objext \ - conftest$ac_exeext conftest.$ac_ext - -fi - - -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for inline" >&5 -$as_echo_n "checking for inline... " >&6; } -if ${ac_cv_c_inline+:} false; then : - $as_echo_n "(cached) " >&6 -else - ac_cv_c_inline=no -for ac_kw in inline __inline__ __inline; do - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -#ifndef __cplusplus -typedef int foo_t; -static $ac_kw foo_t static_foo () {return 0; } -$ac_kw foo_t foo () {return 0; } -#endif - -_ACEOF -if ac_fn_c_try_compile "$LINENO"; then : - ac_cv_c_inline=$ac_kw -fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext - test "$ac_cv_c_inline" != no && break -done - -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_c_inline" >&5 -$as_echo "$ac_cv_c_inline" >&6; } - -case $ac_cv_c_inline in - inline | yes) ;; - *) - case $ac_cv_c_inline in - no) ac_val=;; - *) ac_val=$ac_cv_c_inline;; - esac - cat >>confdefs.h <<_ACEOF -#ifndef __cplusplus -#define inline $ac_val -#endif -_ACEOF - ;; -esac - - -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether the C compiler (${CC-cc}) accepts the \"format\" attribute" >&5 -$as_echo_n "checking whether the C compiler (${CC-cc}) accepts the \"format\" attribute... " >&6; } -if ${ac_cv_c_format_attribute+:} false; then : - $as_echo_n "(cached) " >&6 -else - ac_cv_c_format_attribute=no -cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -#include -void f (char *format, ...) __attribute__ ((format (printf, 1, 2))); -void (*pf) (char *format, ...) __attribute__ ((format (printf, 1, 2))); - -int -main () -{ - - f ("%s", "str"); - - ; - return 0; -} -_ACEOF -if ac_fn_c_try_compile "$LINENO"; then : - ac_cv_c_format_attribute="yes" -else - ac_cv_c_format_attribute="no" -fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext - -fi - - -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_c_format_attribute" >&5 -$as_echo "$ac_cv_c_format_attribute" >&6; } -if test $ac_cv_c_format_attribute = yes; then - -$as_echo "#define HAVE_ATTR_FORMAT 1" >>confdefs.h - -fi - - -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether the C compiler (${CC-cc}) accepts the \"unused\" attribute" >&5 -$as_echo_n "checking whether the C compiler (${CC-cc}) accepts the \"unused\" attribute... " >&6; } -if ${ac_cv_c_unused_attribute+:} false; then : - $as_echo_n "(cached) " >&6 -else - ac_cv_c_unused_attribute=no -cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -#include -void f (char *u __attribute__((unused))); - -int -main () -{ - - f ("x"); - - ; - return 0; -} -_ACEOF -if ac_fn_c_try_compile "$LINENO"; then : - ac_cv_c_unused_attribute="yes" -else - ac_cv_c_unused_attribute="no" -fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext - -fi - - - - -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_c_unused_attribute" >&5 -$as_echo "$ac_cv_c_unused_attribute" >&6; } -if test $ac_cv_c_unused_attribute = yes; then - -$as_echo "#define HAVE_ATTR_UNUSED 1" >>confdefs.h - -fi - - - - -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether the C compiler (${CC-cc}) accepts the \"weak\" attribute" >&5 -$as_echo_n "checking whether the C compiler (${CC-cc}) accepts the \"weak\" attribute... " >&6; } -if ${ac_cv_c_weak_attribute+:} false; then : - $as_echo_n "(cached) " >&6 -else - ac_cv_c_weak_attribute=no -cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - #include -__attribute__((weak)) void f(int x) { printf("%d", x); } - -int -main () -{ - - f(1); - - ; - return 0; -} -_ACEOF -if ac_fn_c_try_compile "$LINENO"; then : - ac_cv_c_weak_attribute="yes" -else - ac_cv_c_weak_attribute="no" -fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext - -fi - - -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_c_weak_attribute" >&5 -$as_echo "$ac_cv_c_weak_attribute" >&6; } -if test $ac_cv_c_weak_attribute = yes; then - -$as_echo "#define HAVE_ATTR_WEAK 1" >>confdefs.h - -fi - - -if test "$srcdir" != "."; then - CPPFLAGS="$CPPFLAGS -I$srcdir" -fi - - - -for ac_prog in flex lex -do - # Extract the first word of "$ac_prog", so it can be a program name with args. -set dummy $ac_prog; ac_word=$2 -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 -$as_echo_n "checking for $ac_word... " >&6; } -if ${ac_cv_prog_LEX+:} false; then : - $as_echo_n "(cached) " >&6 -else - if test -n "$LEX"; then - ac_cv_prog_LEX="$LEX" # Let the user override the test. -else -as_save_IFS=$IFS; IFS=$PATH_SEPARATOR -for as_dir in $PATH -do - IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. - for ac_exec_ext in '' $ac_executable_extensions; do - if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then - ac_cv_prog_LEX="$ac_prog" - $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 - break 2 - fi -done - done -IFS=$as_save_IFS - -fi -fi -LEX=$ac_cv_prog_LEX -if test -n "$LEX"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $LEX" >&5 -$as_echo "$LEX" >&6; } -else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } -fi - - - test -n "$LEX" && break -done -test -n "$LEX" || LEX=":" - -if test "x$LEX" != "x:"; then - cat >conftest.l <<_ACEOF -%% -a { ECHO; } -b { REJECT; } -c { yymore (); } -d { yyless (1); } -e { /* IRIX 6.5 flex 2.5.4 underquotes its yyless argument. */ - yyless ((input () != 0)); } -f { unput (yytext[0]); } -. { BEGIN INITIAL; } -%% -#ifdef YYTEXT_POINTER -extern char *yytext; -#endif -int -main (void) -{ - return ! yylex () + ! yywrap (); -} -_ACEOF -{ { ac_try="$LEX conftest.l" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" -$as_echo "$ac_try_echo"; } >&5 - (eval "$LEX conftest.l") 2>&5 - ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 - test $ac_status = 0; } -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking lex output file root" >&5 -$as_echo_n "checking lex output file root... " >&6; } -if ${ac_cv_prog_lex_root+:} false; then : - $as_echo_n "(cached) " >&6 -else - -if test -f lex.yy.c; then - ac_cv_prog_lex_root=lex.yy -elif test -f lexyy.c; then - ac_cv_prog_lex_root=lexyy -else - as_fn_error $? "cannot find output from $LEX; giving up" "$LINENO" 5 -fi -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_lex_root" >&5 -$as_echo "$ac_cv_prog_lex_root" >&6; } -LEX_OUTPUT_ROOT=$ac_cv_prog_lex_root - -if test -z "${LEXLIB+set}"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: checking lex library" >&5 -$as_echo_n "checking lex library... " >&6; } -if ${ac_cv_lib_lex+:} false; then : - $as_echo_n "(cached) " >&6 -else - - ac_save_LIBS=$LIBS - ac_cv_lib_lex='none needed' - for ac_lib in '' -lfl -ll; do - LIBS="$ac_lib $ac_save_LIBS" - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -`cat $LEX_OUTPUT_ROOT.c` -_ACEOF -if ac_fn_c_try_link "$LINENO"; then : - ac_cv_lib_lex=$ac_lib -fi -rm -f core conftest.err conftest.$ac_objext \ - conftest$ac_exeext conftest.$ac_ext - test "$ac_cv_lib_lex" != 'none needed' && break - done - LIBS=$ac_save_LIBS - -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_lex" >&5 -$as_echo "$ac_cv_lib_lex" >&6; } - test "$ac_cv_lib_lex" != 'none needed' && LEXLIB=$ac_cv_lib_lex -fi - - -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether yytext is a pointer" >&5 -$as_echo_n "checking whether yytext is a pointer... " >&6; } -if ${ac_cv_prog_lex_yytext_pointer+:} false; then : - $as_echo_n "(cached) " >&6 -else - # POSIX says lex can declare yytext either as a pointer or an array; the -# default is implementation-dependent. Figure out which it is, since -# not all implementations provide the %pointer and %array declarations. -ac_cv_prog_lex_yytext_pointer=no -ac_save_LIBS=$LIBS -LIBS="$LEXLIB $ac_save_LIBS" -cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - - #define YYTEXT_POINTER 1 -`cat $LEX_OUTPUT_ROOT.c` -_ACEOF -if ac_fn_c_try_link "$LINENO"; then : - ac_cv_prog_lex_yytext_pointer=yes -fi -rm -f core conftest.err conftest.$ac_objext \ - conftest$ac_exeext conftest.$ac_ext -LIBS=$ac_save_LIBS - -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_lex_yytext_pointer" >&5 -$as_echo "$ac_cv_prog_lex_yytext_pointer" >&6; } -if test $ac_cv_prog_lex_yytext_pointer = yes; then - -$as_echo "#define YYTEXT_POINTER 1" >>confdefs.h - -fi -rm -f conftest.l $LEX_OUTPUT_ROOT.c - -fi - - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for yylex_destroy" >&5 -$as_echo_n "checking for yylex_destroy... " >&6; } - if echo %% | $LEX -t 2>&1 | grep yylex_destroy >/dev/null 2>&1; then - -$as_echo "#define LEX_HAS_YYLEX_DESTROY 1" >>confdefs.h - - { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 -$as_echo "yes" >&6; } - else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; }; fi - -for ac_prog in 'bison -y' byacc -do - # Extract the first word of "$ac_prog", so it can be a program name with args. -set dummy $ac_prog; ac_word=$2 -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 -$as_echo_n "checking for $ac_word... " >&6; } -if ${ac_cv_prog_YACC+:} false; then : - $as_echo_n "(cached) " >&6 -else - if test -n "$YACC"; then - ac_cv_prog_YACC="$YACC" # Let the user override the test. -else -as_save_IFS=$IFS; IFS=$PATH_SEPARATOR -for as_dir in $PATH -do - IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. - for ac_exec_ext in '' $ac_executable_extensions; do - if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then - ac_cv_prog_YACC="$ac_prog" - $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 - break 2 - fi -done - done -IFS=$as_save_IFS - -fi -fi -YACC=$ac_cv_prog_YACC -if test -n "$YACC"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $YACC" >&5 -$as_echo "$YACC" >&6; } -else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } -fi - - - test -n "$YACC" && break -done -test -n "$YACC" || YACC="yacc" - -# Extract the first word of "doxygen", so it can be a program name with args. -set dummy doxygen; ac_word=$2 -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 -$as_echo_n "checking for $ac_word... " >&6; } -if ${ac_cv_prog_doxygen+:} false; then : - $as_echo_n "(cached) " >&6 -else - if test -n "$doxygen"; then - ac_cv_prog_doxygen="$doxygen" # Let the user override the test. -else -as_save_IFS=$IFS; IFS=$PATH_SEPARATOR -for as_dir in $PATH -do - IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. - for ac_exec_ext in '' $ac_executable_extensions; do - if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then - ac_cv_prog_doxygen="doxygen" - $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 - break 2 - fi -done - done -IFS=$as_save_IFS - -fi -fi -doxygen=$ac_cv_prog_doxygen -if test -n "$doxygen"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $doxygen" >&5 -$as_echo "$doxygen" >&6; } -else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } -fi - - -if test -n "$ac_tool_prefix"; then - # Extract the first word of "${ac_tool_prefix}strip", so it can be a program name with args. -set dummy ${ac_tool_prefix}strip; ac_word=$2 -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 -$as_echo_n "checking for $ac_word... " >&6; } -if ${ac_cv_prog_STRIP+:} false; then : - $as_echo_n "(cached) " >&6 -else - if test -n "$STRIP"; then - ac_cv_prog_STRIP="$STRIP" # Let the user override the test. -else -as_save_IFS=$IFS; IFS=$PATH_SEPARATOR -for as_dir in $PATH -do - IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. - for ac_exec_ext in '' $ac_executable_extensions; do - if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then - ac_cv_prog_STRIP="${ac_tool_prefix}strip" - $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 - break 2 - fi -done - done -IFS=$as_save_IFS - -fi -fi -STRIP=$ac_cv_prog_STRIP -if test -n "$STRIP"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $STRIP" >&5 -$as_echo "$STRIP" >&6; } -else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } -fi - - -fi -if test -z "$ac_cv_prog_STRIP"; then - ac_ct_STRIP=$STRIP - # Extract the first word of "strip", so it can be a program name with args. -set dummy strip; ac_word=$2 -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 -$as_echo_n "checking for $ac_word... " >&6; } -if ${ac_cv_prog_ac_ct_STRIP+:} false; then : - $as_echo_n "(cached) " >&6 -else - if test -n "$ac_ct_STRIP"; then - ac_cv_prog_ac_ct_STRIP="$ac_ct_STRIP" # Let the user override the test. -else -as_save_IFS=$IFS; IFS=$PATH_SEPARATOR -for as_dir in $PATH -do - IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. - for ac_exec_ext in '' $ac_executable_extensions; do - if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then - ac_cv_prog_ac_ct_STRIP="strip" - $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 - break 2 - fi -done - done -IFS=$as_save_IFS - -fi -fi -ac_ct_STRIP=$ac_cv_prog_ac_ct_STRIP -if test -n "$ac_ct_STRIP"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_STRIP" >&5 -$as_echo "$ac_ct_STRIP" >&6; } -else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } -fi - - if test "x$ac_ct_STRIP" = x; then - STRIP="" - else - case $cross_compiling:$ac_tool_warned in -yes:) -{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 -$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} -ac_tool_warned=yes ;; -esac - STRIP=$ac_ct_STRIP - fi -else - STRIP="$ac_cv_prog_STRIP" -fi - -ac_aux_dir= -for ac_dir in "$srcdir" "$srcdir/.." "$srcdir/../.."; do - if test -f "$ac_dir/install-sh"; then - ac_aux_dir=$ac_dir - ac_install_sh="$ac_aux_dir/install-sh -c" - break - elif test -f "$ac_dir/install.sh"; then - ac_aux_dir=$ac_dir - ac_install_sh="$ac_aux_dir/install.sh -c" - break - elif test -f "$ac_dir/shtool"; then - ac_aux_dir=$ac_dir - ac_install_sh="$ac_aux_dir/shtool install -c" - break - fi -done -if test -z "$ac_aux_dir"; then - as_fn_error $? "cannot find install-sh, install.sh, or shtool in \"$srcdir\" \"$srcdir/..\" \"$srcdir/../..\"" "$LINENO" 5 -fi - -# These three variables are undocumented and unsupported, -# and are intended to be withdrawn in a future Autoconf release. -# They can cause serious problems if a builder's source tree is in a directory -# whose full name contains unusual characters. -ac_config_guess="$SHELL $ac_aux_dir/config.guess" # Please don't use this var. -ac_config_sub="$SHELL $ac_aux_dir/config.sub" # Please don't use this var. -ac_configure="$SHELL $ac_aux_dir/configure" # Please don't use this var. - - -# Make sure we can run config.sub. -$SHELL "$ac_aux_dir/config.sub" sun4 >/dev/null 2>&1 || - as_fn_error $? "cannot run $SHELL $ac_aux_dir/config.sub" "$LINENO" 5 - -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking build system type" >&5 -$as_echo_n "checking build system type... " >&6; } -if ${ac_cv_build+:} false; then : - $as_echo_n "(cached) " >&6 -else - ac_build_alias=$build_alias -test "x$ac_build_alias" = x && - ac_build_alias=`$SHELL "$ac_aux_dir/config.guess"` -test "x$ac_build_alias" = x && - as_fn_error $? "cannot guess build type; you must specify one" "$LINENO" 5 -ac_cv_build=`$SHELL "$ac_aux_dir/config.sub" $ac_build_alias` || - as_fn_error $? "$SHELL $ac_aux_dir/config.sub $ac_build_alias failed" "$LINENO" 5 - -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_build" >&5 -$as_echo "$ac_cv_build" >&6; } -case $ac_cv_build in -*-*-*) ;; -*) as_fn_error $? "invalid value of canonical build" "$LINENO" 5;; -esac -build=$ac_cv_build -ac_save_IFS=$IFS; IFS='-' -set x $ac_cv_build -shift -build_cpu=$1 -build_vendor=$2 -shift; shift -# Remember, the first character of IFS is used to create $*, -# except with old shells: -build_os=$* -IFS=$ac_save_IFS -case $build_os in *\ *) build_os=`echo "$build_os" | sed 's/ /-/g'`;; esac - - -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking host system type" >&5 -$as_echo_n "checking host system type... " >&6; } -if ${ac_cv_host+:} false; then : - $as_echo_n "(cached) " >&6 -else - if test "x$host_alias" = x; then - ac_cv_host=$ac_cv_build -else - ac_cv_host=`$SHELL "$ac_aux_dir/config.sub" $host_alias` || - as_fn_error $? "$SHELL $ac_aux_dir/config.sub $host_alias failed" "$LINENO" 5 -fi - -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_host" >&5 -$as_echo "$ac_cv_host" >&6; } -case $ac_cv_host in -*-*-*) ;; -*) as_fn_error $? "invalid value of canonical host" "$LINENO" 5;; -esac -host=$ac_cv_host -ac_save_IFS=$IFS; IFS='-' -set x $ac_cv_host -shift -host_cpu=$1 -host_vendor=$2 -shift; shift -# Remember, the first character of IFS is used to create $*, -# except with old shells: -host_os=$* -IFS=$ac_save_IFS -case $host_os in *\ *) host_os=`echo "$host_os" | sed 's/ /-/g'`;; esac - - - -# skip these tests, we do not need them. - - - - - - - - -# always use ./libtool unless override from commandline (libtool=mylibtool) -if test -z "$libtool"; then - libtool="./libtool" -fi - -# avoid libtool max commandline length test on systems that fork slowly. - -if echo "$host_os" | grep "sunos4" >/dev/null; then - lt_cv_sys_max_cmd_len=32750; -fi -if test -n "$ac_tool_prefix"; then - # Extract the first word of "${ac_tool_prefix}ar", so it can be a program name with args. -set dummy ${ac_tool_prefix}ar; ac_word=$2 -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 -$as_echo_n "checking for $ac_word... " >&6; } -if ${ac_cv_path_AR+:} false; then : - $as_echo_n "(cached) " >&6 -else - case $AR in - [\\/]* | ?:[\\/]*) - ac_cv_path_AR="$AR" # Let the user override the test with a path. - ;; - *) - as_save_IFS=$IFS; IFS=$PATH_SEPARATOR -for as_dir in $PATH -do - IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. - for ac_exec_ext in '' $ac_executable_extensions; do - if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then - ac_cv_path_AR="$as_dir/$ac_word$ac_exec_ext" - $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 - break 2 - fi -done - done -IFS=$as_save_IFS - - ;; -esac -fi -AR=$ac_cv_path_AR -if test -n "$AR"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $AR" >&5 -$as_echo "$AR" >&6; } -else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } -fi - - -fi -if test -z "$ac_cv_path_AR"; then - ac_pt_AR=$AR - # Extract the first word of "ar", so it can be a program name with args. -set dummy ar; ac_word=$2 -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 -$as_echo_n "checking for $ac_word... " >&6; } -if ${ac_cv_path_ac_pt_AR+:} false; then : - $as_echo_n "(cached) " >&6 -else - case $ac_pt_AR in - [\\/]* | ?:[\\/]*) - ac_cv_path_ac_pt_AR="$ac_pt_AR" # Let the user override the test with a path. - ;; - *) - as_save_IFS=$IFS; IFS=$PATH_SEPARATOR -for as_dir in $PATH -do - IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. - for ac_exec_ext in '' $ac_executable_extensions; do - if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then - ac_cv_path_ac_pt_AR="$as_dir/$ac_word$ac_exec_ext" - $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 - break 2 - fi -done - done -IFS=$as_save_IFS - - ;; -esac -fi -ac_pt_AR=$ac_cv_path_ac_pt_AR -if test -n "$ac_pt_AR"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_pt_AR" >&5 -$as_echo "$ac_pt_AR" >&6; } -else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } -fi - - if test "x$ac_pt_AR" = x; then - AR="false" - else - case $cross_compiling:$ac_tool_warned in -yes:) -{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 -$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} -ac_tool_warned=yes ;; -esac - AR=$ac_pt_AR - fi -else - AR="$ac_cv_path_AR" -fi - -if test $AR = false; then - as_fn_error $? "Cannot find 'ar', please extend PATH to include it" "$LINENO" 5 -fi - -case `pwd` in - *\ * | *\ *) - { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Libtool does not cope well with whitespace in \`pwd\`" >&5 -$as_echo "$as_me: WARNING: Libtool does not cope well with whitespace in \`pwd\`" >&2;} ;; -esac - - - -macro_version='2.4.6' -macro_revision='2.4.6' - - - - - - - - - - - - - -ltmain=$ac_aux_dir/ltmain.sh - -# Backslashify metacharacters that are still active within -# double-quoted strings. -sed_quote_subst='s/\(["`$\\]\)/\\\1/g' - -# Same as above, but do not quote variable references. -double_quote_subst='s/\(["`\\]\)/\\\1/g' - -# Sed substitution to delay expansion of an escaped shell variable in a -# double_quote_subst'ed string. -delay_variable_subst='s/\\\\\\\\\\\$/\\\\\\$/g' - -# Sed substitution to delay expansion of an escaped single quote. -delay_single_quote_subst='s/'\''/'\'\\\\\\\'\''/g' - -# Sed substitution to avoid accidental globbing in evaled expressions -no_glob_subst='s/\*/\\\*/g' - -ECHO='\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\' -ECHO=$ECHO$ECHO$ECHO$ECHO$ECHO -ECHO=$ECHO$ECHO$ECHO$ECHO$ECHO$ECHO - -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking how to print strings" >&5 -$as_echo_n "checking how to print strings... " >&6; } -# Test print first, because it will be a builtin if present. -if test "X`( print -r -- -n ) 2>/dev/null`" = X-n && \ - test "X`print -r -- $ECHO 2>/dev/null`" = "X$ECHO"; then - ECHO='print -r --' -elif test "X`printf %s $ECHO 2>/dev/null`" = "X$ECHO"; then - ECHO='printf %s\n' -else - # Use this function as a fallback that always works. - func_fallback_echo () - { - eval 'cat <<_LTECHO_EOF -$1 -_LTECHO_EOF' - } - ECHO='func_fallback_echo' -fi - -# func_echo_all arg... -# Invoke $ECHO with all args, space-separated. -func_echo_all () -{ - $ECHO "" -} - -case $ECHO in - printf*) { $as_echo "$as_me:${as_lineno-$LINENO}: result: printf" >&5 -$as_echo "printf" >&6; } ;; - print*) { $as_echo "$as_me:${as_lineno-$LINENO}: result: print -r" >&5 -$as_echo "print -r" >&6; } ;; - *) { $as_echo "$as_me:${as_lineno-$LINENO}: result: cat" >&5 -$as_echo "cat" >&6; } ;; -esac - - - - - - - - - - - - - - -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for a sed that does not truncate output" >&5 -$as_echo_n "checking for a sed that does not truncate output... " >&6; } -if ${ac_cv_path_SED+:} false; then : - $as_echo_n "(cached) " >&6 -else - ac_script=s/aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb/ - for ac_i in 1 2 3 4 5 6 7; do - ac_script="$ac_script$as_nl$ac_script" - done - echo "$ac_script" 2>/dev/null | sed 99q >conftest.sed - { ac_script=; unset ac_script;} - if test -z "$SED"; then - ac_path_SED_found=false - # Loop through the user's path and test for each of PROGNAME-LIST - as_save_IFS=$IFS; IFS=$PATH_SEPARATOR -for as_dir in $PATH -do - IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. - for ac_prog in sed gsed; do - for ac_exec_ext in '' $ac_executable_extensions; do - ac_path_SED="$as_dir/$ac_prog$ac_exec_ext" - as_fn_executable_p "$ac_path_SED" || continue -# Check for GNU ac_path_SED and select it if it is found. - # Check for GNU $ac_path_SED -case `"$ac_path_SED" --version 2>&1` in -*GNU*) - ac_cv_path_SED="$ac_path_SED" ac_path_SED_found=:;; -*) - ac_count=0 - $as_echo_n 0123456789 >"conftest.in" - while : - do - cat "conftest.in" "conftest.in" >"conftest.tmp" - mv "conftest.tmp" "conftest.in" - cp "conftest.in" "conftest.nl" - $as_echo '' >> "conftest.nl" - "$ac_path_SED" -f conftest.sed < "conftest.nl" >"conftest.out" 2>/dev/null || break - diff "conftest.out" "conftest.nl" >/dev/null 2>&1 || break - as_fn_arith $ac_count + 1 && ac_count=$as_val - if test $ac_count -gt ${ac_path_SED_max-0}; then - # Best one so far, save it but keep looking for a better one - ac_cv_path_SED="$ac_path_SED" - ac_path_SED_max=$ac_count - fi - # 10*(2^10) chars as input seems more than enough - test $ac_count -gt 10 && break - done - rm -f conftest.in conftest.tmp conftest.nl conftest.out;; -esac - - $ac_path_SED_found && break 3 - done - done - done -IFS=$as_save_IFS - if test -z "$ac_cv_path_SED"; then - as_fn_error $? "no acceptable sed could be found in \$PATH" "$LINENO" 5 - fi -else - ac_cv_path_SED=$SED -fi - -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_SED" >&5 -$as_echo "$ac_cv_path_SED" >&6; } - SED="$ac_cv_path_SED" - rm -f conftest.sed - -test -z "$SED" && SED=sed -Xsed="$SED -e 1s/^X//" - - - - - - - - - - - -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for fgrep" >&5 -$as_echo_n "checking for fgrep... " >&6; } -if ${ac_cv_path_FGREP+:} false; then : - $as_echo_n "(cached) " >&6 -else - if echo 'ab*c' | $GREP -F 'ab*c' >/dev/null 2>&1 - then ac_cv_path_FGREP="$GREP -F" - else - if test -z "$FGREP"; then - ac_path_FGREP_found=false - # Loop through the user's path and test for each of PROGNAME-LIST - as_save_IFS=$IFS; IFS=$PATH_SEPARATOR -for as_dir in $PATH$PATH_SEPARATOR/usr/xpg4/bin -do - IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. - for ac_prog in fgrep; do - for ac_exec_ext in '' $ac_executable_extensions; do - ac_path_FGREP="$as_dir/$ac_prog$ac_exec_ext" - as_fn_executable_p "$ac_path_FGREP" || continue -# Check for GNU ac_path_FGREP and select it if it is found. - # Check for GNU $ac_path_FGREP -case `"$ac_path_FGREP" --version 2>&1` in -*GNU*) - ac_cv_path_FGREP="$ac_path_FGREP" ac_path_FGREP_found=:;; -*) - ac_count=0 - $as_echo_n 0123456789 >"conftest.in" - while : - do - cat "conftest.in" "conftest.in" >"conftest.tmp" - mv "conftest.tmp" "conftest.in" - cp "conftest.in" "conftest.nl" - $as_echo 'FGREP' >> "conftest.nl" - "$ac_path_FGREP" FGREP < "conftest.nl" >"conftest.out" 2>/dev/null || break - diff "conftest.out" "conftest.nl" >/dev/null 2>&1 || break - as_fn_arith $ac_count + 1 && ac_count=$as_val - if test $ac_count -gt ${ac_path_FGREP_max-0}; then - # Best one so far, save it but keep looking for a better one - ac_cv_path_FGREP="$ac_path_FGREP" - ac_path_FGREP_max=$ac_count - fi - # 10*(2^10) chars as input seems more than enough - test $ac_count -gt 10 && break - done - rm -f conftest.in conftest.tmp conftest.nl conftest.out;; -esac - - $ac_path_FGREP_found && break 3 - done - done - done -IFS=$as_save_IFS - if test -z "$ac_cv_path_FGREP"; then - as_fn_error $? "no acceptable fgrep could be found in $PATH$PATH_SEPARATOR/usr/xpg4/bin" "$LINENO" 5 - fi -else - ac_cv_path_FGREP=$FGREP -fi - - fi -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_FGREP" >&5 -$as_echo "$ac_cv_path_FGREP" >&6; } - FGREP="$ac_cv_path_FGREP" - - -test -z "$GREP" && GREP=grep - - - - - - - - - - - - - - - - - - - -# Check whether --with-gnu-ld was given. -if test "${with_gnu_ld+set}" = set; then : - withval=$with_gnu_ld; test no = "$withval" || with_gnu_ld=yes -else - with_gnu_ld=no -fi - -ac_prog=ld -if test yes = "$GCC"; then - # Check if gcc -print-prog-name=ld gives a path. - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ld used by $CC" >&5 -$as_echo_n "checking for ld used by $CC... " >&6; } - case $host in - *-*-mingw*) - # gcc leaves a trailing carriage return, which upsets mingw - ac_prog=`($CC -print-prog-name=ld) 2>&5 | tr -d '\015'` ;; - *) - ac_prog=`($CC -print-prog-name=ld) 2>&5` ;; - esac - case $ac_prog in - # Accept absolute paths. - [\\/]* | ?:[\\/]*) - re_direlt='/[^/][^/]*/\.\./' - # Canonicalize the pathname of ld - ac_prog=`$ECHO "$ac_prog"| $SED 's%\\\\%/%g'` - while $ECHO "$ac_prog" | $GREP "$re_direlt" > /dev/null 2>&1; do - ac_prog=`$ECHO $ac_prog| $SED "s%$re_direlt%/%"` - done - test -z "$LD" && LD=$ac_prog - ;; - "") - # If it fails, then pretend we aren't using GCC. - ac_prog=ld - ;; - *) - # If it is relative, then search for the first ld in PATH. - with_gnu_ld=unknown - ;; - esac -elif test yes = "$with_gnu_ld"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for GNU ld" >&5 -$as_echo_n "checking for GNU ld... " >&6; } -else - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for non-GNU ld" >&5 -$as_echo_n "checking for non-GNU ld... " >&6; } -fi -if ${lt_cv_path_LD+:} false; then : - $as_echo_n "(cached) " >&6 -else - if test -z "$LD"; then - lt_save_ifs=$IFS; IFS=$PATH_SEPARATOR - for ac_dir in $PATH; do - IFS=$lt_save_ifs - test -z "$ac_dir" && ac_dir=. - if test -f "$ac_dir/$ac_prog" || test -f "$ac_dir/$ac_prog$ac_exeext"; then - lt_cv_path_LD=$ac_dir/$ac_prog - # Check to see if the program is GNU ld. I'd rather use --version, - # but apparently some variants of GNU ld only accept -v. - # Break only if it was the GNU/non-GNU ld that we prefer. - case `"$lt_cv_path_LD" -v 2>&1 &5 -$as_echo "$LD" >&6; } -else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } -fi -test -z "$LD" && as_fn_error $? "no acceptable ld found in \$PATH" "$LINENO" 5 -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if the linker ($LD) is GNU ld" >&5 -$as_echo_n "checking if the linker ($LD) is GNU ld... " >&6; } -if ${lt_cv_prog_gnu_ld+:} false; then : - $as_echo_n "(cached) " >&6 -else - # I'd rather use --version here, but apparently some GNU lds only accept -v. -case `$LD -v 2>&1 &5 -$as_echo "$lt_cv_prog_gnu_ld" >&6; } -with_gnu_ld=$lt_cv_prog_gnu_ld - - - - - - - - - -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for BSD- or MS-compatible name lister (nm)" >&5 -$as_echo_n "checking for BSD- or MS-compatible name lister (nm)... " >&6; } -if ${lt_cv_path_NM+:} false; then : - $as_echo_n "(cached) " >&6 -else - if test -n "$NM"; then - # Let the user override the test. - lt_cv_path_NM=$NM -else - lt_nm_to_check=${ac_tool_prefix}nm - if test -n "$ac_tool_prefix" && test "$build" = "$host"; then - lt_nm_to_check="$lt_nm_to_check nm" - fi - for lt_tmp_nm in $lt_nm_to_check; do - lt_save_ifs=$IFS; IFS=$PATH_SEPARATOR - for ac_dir in $PATH /usr/ccs/bin/elf /usr/ccs/bin /usr/ucb /bin; do - IFS=$lt_save_ifs - test -z "$ac_dir" && ac_dir=. - tmp_nm=$ac_dir/$lt_tmp_nm - if test -f "$tmp_nm" || test -f "$tmp_nm$ac_exeext"; then - # Check to see if the nm accepts a BSD-compat flag. - # Adding the 'sed 1q' prevents false positives on HP-UX, which says: - # nm: unknown option "B" ignored - # Tru64's nm complains that /dev/null is an invalid object file - # MSYS converts /dev/null to NUL, MinGW nm treats NUL as empty - case $build_os in - mingw*) lt_bad_file=conftest.nm/nofile ;; - *) lt_bad_file=/dev/null ;; - esac - case `"$tmp_nm" -B $lt_bad_file 2>&1 | sed '1q'` in - *$lt_bad_file* | *'Invalid file or object type'*) - lt_cv_path_NM="$tmp_nm -B" - break 2 - ;; - *) - case `"$tmp_nm" -p /dev/null 2>&1 | sed '1q'` in - */dev/null*) - lt_cv_path_NM="$tmp_nm -p" - break 2 - ;; - *) - lt_cv_path_NM=${lt_cv_path_NM="$tmp_nm"} # keep the first match, but - continue # so that we can try to find one that supports BSD flags - ;; - esac - ;; - esac - fi - done - IFS=$lt_save_ifs - done - : ${lt_cv_path_NM=no} -fi -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_path_NM" >&5 -$as_echo "$lt_cv_path_NM" >&6; } -if test no != "$lt_cv_path_NM"; then - NM=$lt_cv_path_NM -else - # Didn't find any BSD compatible name lister, look for dumpbin. - if test -n "$DUMPBIN"; then : - # Let the user override the test. - else - if test -n "$ac_tool_prefix"; then - for ac_prog in dumpbin "link -dump" - do - # Extract the first word of "$ac_tool_prefix$ac_prog", so it can be a program name with args. -set dummy $ac_tool_prefix$ac_prog; ac_word=$2 -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 -$as_echo_n "checking for $ac_word... " >&6; } -if ${ac_cv_prog_DUMPBIN+:} false; then : - $as_echo_n "(cached) " >&6 -else - if test -n "$DUMPBIN"; then - ac_cv_prog_DUMPBIN="$DUMPBIN" # Let the user override the test. -else -as_save_IFS=$IFS; IFS=$PATH_SEPARATOR -for as_dir in $PATH -do - IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. - for ac_exec_ext in '' $ac_executable_extensions; do - if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then - ac_cv_prog_DUMPBIN="$ac_tool_prefix$ac_prog" - $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 - break 2 - fi -done - done -IFS=$as_save_IFS - -fi -fi -DUMPBIN=$ac_cv_prog_DUMPBIN -if test -n "$DUMPBIN"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $DUMPBIN" >&5 -$as_echo "$DUMPBIN" >&6; } -else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } -fi - - - test -n "$DUMPBIN" && break - done -fi -if test -z "$DUMPBIN"; then - ac_ct_DUMPBIN=$DUMPBIN - for ac_prog in dumpbin "link -dump" -do - # Extract the first word of "$ac_prog", so it can be a program name with args. -set dummy $ac_prog; ac_word=$2 -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 -$as_echo_n "checking for $ac_word... " >&6; } -if ${ac_cv_prog_ac_ct_DUMPBIN+:} false; then : - $as_echo_n "(cached) " >&6 -else - if test -n "$ac_ct_DUMPBIN"; then - ac_cv_prog_ac_ct_DUMPBIN="$ac_ct_DUMPBIN" # Let the user override the test. -else -as_save_IFS=$IFS; IFS=$PATH_SEPARATOR -for as_dir in $PATH -do - IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. - for ac_exec_ext in '' $ac_executable_extensions; do - if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then - ac_cv_prog_ac_ct_DUMPBIN="$ac_prog" - $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 - break 2 - fi -done - done -IFS=$as_save_IFS - -fi -fi -ac_ct_DUMPBIN=$ac_cv_prog_ac_ct_DUMPBIN -if test -n "$ac_ct_DUMPBIN"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_DUMPBIN" >&5 -$as_echo "$ac_ct_DUMPBIN" >&6; } -else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } -fi - - - test -n "$ac_ct_DUMPBIN" && break -done - - if test "x$ac_ct_DUMPBIN" = x; then - DUMPBIN=":" - else - case $cross_compiling:$ac_tool_warned in -yes:) -{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 -$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} -ac_tool_warned=yes ;; -esac - DUMPBIN=$ac_ct_DUMPBIN - fi -fi - - case `$DUMPBIN -symbols -headers /dev/null 2>&1 | sed '1q'` in - *COFF*) - DUMPBIN="$DUMPBIN -symbols -headers" - ;; - *) - DUMPBIN=: - ;; - esac - fi - - if test : != "$DUMPBIN"; then - NM=$DUMPBIN - fi -fi -test -z "$NM" && NM=nm - - - - - - -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking the name lister ($NM) interface" >&5 -$as_echo_n "checking the name lister ($NM) interface... " >&6; } -if ${lt_cv_nm_interface+:} false; then : - $as_echo_n "(cached) " >&6 -else - lt_cv_nm_interface="BSD nm" - echo "int some_variable = 0;" > conftest.$ac_ext - (eval echo "\"\$as_me:$LINENO: $ac_compile\"" >&5) - (eval "$ac_compile" 2>conftest.err) - cat conftest.err >&5 - (eval echo "\"\$as_me:$LINENO: $NM \\\"conftest.$ac_objext\\\"\"" >&5) - (eval "$NM \"conftest.$ac_objext\"" 2>conftest.err > conftest.out) - cat conftest.err >&5 - (eval echo "\"\$as_me:$LINENO: output\"" >&5) - cat conftest.out >&5 - if $GREP 'External.*some_variable' conftest.out > /dev/null; then - lt_cv_nm_interface="MS dumpbin" - fi - rm -f conftest* -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_nm_interface" >&5 -$as_echo "$lt_cv_nm_interface" >&6; } - -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether ln -s works" >&5 -$as_echo_n "checking whether ln -s works... " >&6; } -LN_S=$as_ln_s -if test "$LN_S" = "ln -s"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 -$as_echo "yes" >&6; } -else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no, using $LN_S" >&5 -$as_echo "no, using $LN_S" >&6; } -fi - -# find the maximum length of command line arguments -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking the maximum length of command line arguments" >&5 -$as_echo_n "checking the maximum length of command line arguments... " >&6; } -if ${lt_cv_sys_max_cmd_len+:} false; then : - $as_echo_n "(cached) " >&6 -else - i=0 - teststring=ABCD - - case $build_os in - msdosdjgpp*) - # On DJGPP, this test can blow up pretty badly due to problems in libc - # (any single argument exceeding 2000 bytes causes a buffer overrun - # during glob expansion). Even if it were fixed, the result of this - # check would be larger than it should be. - lt_cv_sys_max_cmd_len=12288; # 12K is about right - ;; - - gnu*) - # Under GNU Hurd, this test is not required because there is - # no limit to the length of command line arguments. - # Libtool will interpret -1 as no limit whatsoever - lt_cv_sys_max_cmd_len=-1; - ;; - - cygwin* | mingw* | cegcc*) - # On Win9x/ME, this test blows up -- it succeeds, but takes - # about 5 minutes as the teststring grows exponentially. - # Worse, since 9x/ME are not pre-emptively multitasking, - # you end up with a "frozen" computer, even though with patience - # the test eventually succeeds (with a max line length of 256k). - # Instead, let's just punt: use the minimum linelength reported by - # all of the supported platforms: 8192 (on NT/2K/XP). - lt_cv_sys_max_cmd_len=8192; - ;; - - mint*) - # On MiNT this can take a long time and run out of memory. - lt_cv_sys_max_cmd_len=8192; - ;; - - amigaos*) - # On AmigaOS with pdksh, this test takes hours, literally. - # So we just punt and use a minimum line length of 8192. - lt_cv_sys_max_cmd_len=8192; - ;; - - bitrig* | darwin* | dragonfly* | freebsd* | netbsd* | openbsd*) - # This has been around since 386BSD, at least. Likely further. - if test -x /sbin/sysctl; then - lt_cv_sys_max_cmd_len=`/sbin/sysctl -n kern.argmax` - elif test -x /usr/sbin/sysctl; then - lt_cv_sys_max_cmd_len=`/usr/sbin/sysctl -n kern.argmax` - else - lt_cv_sys_max_cmd_len=65536 # usable default for all BSDs - fi - # And add a safety zone - lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \/ 4` - lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \* 3` - ;; - - interix*) - # We know the value 262144 and hardcode it with a safety zone (like BSD) - lt_cv_sys_max_cmd_len=196608 - ;; - - os2*) - # The test takes a long time on OS/2. - lt_cv_sys_max_cmd_len=8192 - ;; - - osf*) - # Dr. Hans Ekkehard Plesser reports seeing a kernel panic running configure - # due to this test when exec_disable_arg_limit is 1 on Tru64. It is not - # nice to cause kernel panics so lets avoid the loop below. - # First set a reasonable default. - lt_cv_sys_max_cmd_len=16384 - # - if test -x /sbin/sysconfig; then - case `/sbin/sysconfig -q proc exec_disable_arg_limit` in - *1*) lt_cv_sys_max_cmd_len=-1 ;; - esac - fi - ;; - sco3.2v5*) - lt_cv_sys_max_cmd_len=102400 - ;; - sysv5* | sco5v6* | sysv4.2uw2*) - kargmax=`grep ARG_MAX /etc/conf/cf.d/stune 2>/dev/null` - if test -n "$kargmax"; then - lt_cv_sys_max_cmd_len=`echo $kargmax | sed 's/.*[ ]//'` - else - lt_cv_sys_max_cmd_len=32768 - fi - ;; - *) - lt_cv_sys_max_cmd_len=`(getconf ARG_MAX) 2> /dev/null` - if test -n "$lt_cv_sys_max_cmd_len" && \ - test undefined != "$lt_cv_sys_max_cmd_len"; then - lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \/ 4` - lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \* 3` - else - # Make teststring a little bigger before we do anything with it. - # a 1K string should be a reasonable start. - for i in 1 2 3 4 5 6 7 8; do - teststring=$teststring$teststring - done - SHELL=${SHELL-${CONFIG_SHELL-/bin/sh}} - # If test is not a shell built-in, we'll probably end up computing a - # maximum length that is only half of the actual maximum length, but - # we can't tell. - while { test X`env echo "$teststring$teststring" 2>/dev/null` \ - = "X$teststring$teststring"; } >/dev/null 2>&1 && - test 17 != "$i" # 1/2 MB should be enough - do - i=`expr $i + 1` - teststring=$teststring$teststring - done - # Only check the string length outside the loop. - lt_cv_sys_max_cmd_len=`expr "X$teststring" : ".*" 2>&1` - teststring= - # Add a significant safety factor because C++ compilers can tack on - # massive amounts of additional arguments before passing them to the - # linker. It appears as though 1/2 is a usable value. - lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \/ 2` - fi - ;; - esac - -fi - -if test -n "$lt_cv_sys_max_cmd_len"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_sys_max_cmd_len" >&5 -$as_echo "$lt_cv_sys_max_cmd_len" >&6; } -else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: none" >&5 -$as_echo "none" >&6; } -fi -max_cmd_len=$lt_cv_sys_max_cmd_len - - - - - - -: ${CP="cp -f"} -: ${MV="mv -f"} -: ${RM="rm -f"} - -if ( (MAIL=60; unset MAIL) || exit) >/dev/null 2>&1; then - lt_unset=unset -else - lt_unset=false -fi - - - - - -# test EBCDIC or ASCII -case `echo X|tr X '\101'` in - A) # ASCII based system - # \n is not interpreted correctly by Solaris 8 /usr/ucb/tr - lt_SP2NL='tr \040 \012' - lt_NL2SP='tr \015\012 \040\040' - ;; - *) # EBCDIC based system - lt_SP2NL='tr \100 \n' - lt_NL2SP='tr \r\n \100\100' - ;; -esac - - - - - - - - - -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking how to convert $build file names to $host format" >&5 -$as_echo_n "checking how to convert $build file names to $host format... " >&6; } -if ${lt_cv_to_host_file_cmd+:} false; then : - $as_echo_n "(cached) " >&6 -else - case $host in - *-*-mingw* ) - case $build in - *-*-mingw* ) # actually msys - lt_cv_to_host_file_cmd=func_convert_file_msys_to_w32 - ;; - *-*-cygwin* ) - lt_cv_to_host_file_cmd=func_convert_file_cygwin_to_w32 - ;; - * ) # otherwise, assume *nix - lt_cv_to_host_file_cmd=func_convert_file_nix_to_w32 - ;; - esac - ;; - *-*-cygwin* ) - case $build in - *-*-mingw* ) # actually msys - lt_cv_to_host_file_cmd=func_convert_file_msys_to_cygwin - ;; - *-*-cygwin* ) - lt_cv_to_host_file_cmd=func_convert_file_noop - ;; - * ) # otherwise, assume *nix - lt_cv_to_host_file_cmd=func_convert_file_nix_to_cygwin - ;; - esac - ;; - * ) # unhandled hosts (and "normal" native builds) - lt_cv_to_host_file_cmd=func_convert_file_noop - ;; -esac - -fi - -to_host_file_cmd=$lt_cv_to_host_file_cmd -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_to_host_file_cmd" >&5 -$as_echo "$lt_cv_to_host_file_cmd" >&6; } - - - - - -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking how to convert $build file names to toolchain format" >&5 -$as_echo_n "checking how to convert $build file names to toolchain format... " >&6; } -if ${lt_cv_to_tool_file_cmd+:} false; then : - $as_echo_n "(cached) " >&6 -else - #assume ordinary cross tools, or native build. -lt_cv_to_tool_file_cmd=func_convert_file_noop -case $host in - *-*-mingw* ) - case $build in - *-*-mingw* ) # actually msys - lt_cv_to_tool_file_cmd=func_convert_file_msys_to_w32 - ;; - esac - ;; -esac - -fi - -to_tool_file_cmd=$lt_cv_to_tool_file_cmd -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_to_tool_file_cmd" >&5 -$as_echo "$lt_cv_to_tool_file_cmd" >&6; } - - - - - -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $LD option to reload object files" >&5 -$as_echo_n "checking for $LD option to reload object files... " >&6; } -if ${lt_cv_ld_reload_flag+:} false; then : - $as_echo_n "(cached) " >&6 -else - lt_cv_ld_reload_flag='-r' -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_ld_reload_flag" >&5 -$as_echo "$lt_cv_ld_reload_flag" >&6; } -reload_flag=$lt_cv_ld_reload_flag -case $reload_flag in -"" | " "*) ;; -*) reload_flag=" $reload_flag" ;; -esac -reload_cmds='$LD$reload_flag -o $output$reload_objs' -case $host_os in - cygwin* | mingw* | pw32* | cegcc*) - if test yes != "$GCC"; then - reload_cmds=false - fi - ;; - darwin*) - if test yes = "$GCC"; then - reload_cmds='$LTCC $LTCFLAGS -nostdlib $wl-r -o $output$reload_objs' - else - reload_cmds='$LD$reload_flag -o $output$reload_objs' - fi - ;; -esac - - - - - - - - - -if test -n "$ac_tool_prefix"; then - # Extract the first word of "${ac_tool_prefix}objdump", so it can be a program name with args. -set dummy ${ac_tool_prefix}objdump; ac_word=$2 -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 -$as_echo_n "checking for $ac_word... " >&6; } -if ${ac_cv_prog_OBJDUMP+:} false; then : - $as_echo_n "(cached) " >&6 -else - if test -n "$OBJDUMP"; then - ac_cv_prog_OBJDUMP="$OBJDUMP" # Let the user override the test. -else -as_save_IFS=$IFS; IFS=$PATH_SEPARATOR -for as_dir in $PATH -do - IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. - for ac_exec_ext in '' $ac_executable_extensions; do - if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then - ac_cv_prog_OBJDUMP="${ac_tool_prefix}objdump" - $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 - break 2 - fi -done - done -IFS=$as_save_IFS - -fi -fi -OBJDUMP=$ac_cv_prog_OBJDUMP -if test -n "$OBJDUMP"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $OBJDUMP" >&5 -$as_echo "$OBJDUMP" >&6; } -else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } -fi - - -fi -if test -z "$ac_cv_prog_OBJDUMP"; then - ac_ct_OBJDUMP=$OBJDUMP - # Extract the first word of "objdump", so it can be a program name with args. -set dummy objdump; ac_word=$2 -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 -$as_echo_n "checking for $ac_word... " >&6; } -if ${ac_cv_prog_ac_ct_OBJDUMP+:} false; then : - $as_echo_n "(cached) " >&6 -else - if test -n "$ac_ct_OBJDUMP"; then - ac_cv_prog_ac_ct_OBJDUMP="$ac_ct_OBJDUMP" # Let the user override the test. -else -as_save_IFS=$IFS; IFS=$PATH_SEPARATOR -for as_dir in $PATH -do - IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. - for ac_exec_ext in '' $ac_executable_extensions; do - if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then - ac_cv_prog_ac_ct_OBJDUMP="objdump" - $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 - break 2 - fi -done - done -IFS=$as_save_IFS - -fi -fi -ac_ct_OBJDUMP=$ac_cv_prog_ac_ct_OBJDUMP -if test -n "$ac_ct_OBJDUMP"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_OBJDUMP" >&5 -$as_echo "$ac_ct_OBJDUMP" >&6; } -else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } -fi - - if test "x$ac_ct_OBJDUMP" = x; then - OBJDUMP="false" - else - case $cross_compiling:$ac_tool_warned in -yes:) -{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 -$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} -ac_tool_warned=yes ;; -esac - OBJDUMP=$ac_ct_OBJDUMP - fi -else - OBJDUMP="$ac_cv_prog_OBJDUMP" -fi - -test -z "$OBJDUMP" && OBJDUMP=objdump - - - - - - - - - -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking how to recognize dependent libraries" >&5 -$as_echo_n "checking how to recognize dependent libraries... " >&6; } -if ${lt_cv_deplibs_check_method+:} false; then : - $as_echo_n "(cached) " >&6 -else - lt_cv_file_magic_cmd='$MAGIC_CMD' -lt_cv_file_magic_test_file= -lt_cv_deplibs_check_method='unknown' -# Need to set the preceding variable on all platforms that support -# interlibrary dependencies. -# 'none' -- dependencies not supported. -# 'unknown' -- same as none, but documents that we really don't know. -# 'pass_all' -- all dependencies passed with no checks. -# 'test_compile' -- check by making test program. -# 'file_magic [[regex]]' -- check by looking for files in library path -# that responds to the $file_magic_cmd with a given extended regex. -# If you have 'file' or equivalent on your system and you're not sure -# whether 'pass_all' will *always* work, you probably want this one. - -case $host_os in -aix[4-9]*) - lt_cv_deplibs_check_method=pass_all - ;; - -beos*) - lt_cv_deplibs_check_method=pass_all - ;; - -bsdi[45]*) - lt_cv_deplibs_check_method='file_magic ELF [0-9][0-9]*-bit [ML]SB (shared object|dynamic lib)' - lt_cv_file_magic_cmd='/usr/bin/file -L' - lt_cv_file_magic_test_file=/shlib/libc.so - ;; - -cygwin*) - # func_win32_libid is a shell function defined in ltmain.sh - lt_cv_deplibs_check_method='file_magic ^x86 archive import|^x86 DLL' - lt_cv_file_magic_cmd='func_win32_libid' - ;; - -mingw* | pw32*) - # Base MSYS/MinGW do not provide the 'file' command needed by - # func_win32_libid shell function, so use a weaker test based on 'objdump', - # unless we find 'file', for example because we are cross-compiling. - if ( file / ) >/dev/null 2>&1; then - lt_cv_deplibs_check_method='file_magic ^x86 archive import|^x86 DLL' - lt_cv_file_magic_cmd='func_win32_libid' - else - # Keep this pattern in sync with the one in func_win32_libid. - lt_cv_deplibs_check_method='file_magic file format (pei*-i386(.*architecture: i386)?|pe-arm-wince|pe-x86-64)' - lt_cv_file_magic_cmd='$OBJDUMP -f' - fi - ;; - -cegcc*) - # use the weaker test based on 'objdump'. See mingw*. - lt_cv_deplibs_check_method='file_magic file format pe-arm-.*little(.*architecture: arm)?' - lt_cv_file_magic_cmd='$OBJDUMP -f' - ;; - -darwin* | rhapsody*) - lt_cv_deplibs_check_method=pass_all - ;; - -freebsd* | dragonfly*) - if echo __ELF__ | $CC -E - | $GREP __ELF__ > /dev/null; then - case $host_cpu in - i*86 ) - # Not sure whether the presence of OpenBSD here was a mistake. - # Let's accept both of them until this is cleared up. - lt_cv_deplibs_check_method='file_magic (FreeBSD|OpenBSD|DragonFly)/i[3-9]86 (compact )?demand paged shared library' - lt_cv_file_magic_cmd=/usr/bin/file - lt_cv_file_magic_test_file=`echo /usr/lib/libc.so.*` - ;; - esac - else - lt_cv_deplibs_check_method=pass_all - fi - ;; - -haiku*) - lt_cv_deplibs_check_method=pass_all - ;; - -hpux10.20* | hpux11*) - lt_cv_file_magic_cmd=/usr/bin/file - case $host_cpu in - ia64*) - lt_cv_deplibs_check_method='file_magic (s[0-9][0-9][0-9]|ELF-[0-9][0-9]) shared object file - IA64' - lt_cv_file_magic_test_file=/usr/lib/hpux32/libc.so - ;; - hppa*64*) - lt_cv_deplibs_check_method='file_magic (s[0-9][0-9][0-9]|ELF[ -][0-9][0-9])(-bit)?( [LM]SB)? shared object( file)?[, -]* PA-RISC [0-9]\.[0-9]' - lt_cv_file_magic_test_file=/usr/lib/pa20_64/libc.sl - ;; - *) - lt_cv_deplibs_check_method='file_magic (s[0-9][0-9][0-9]|PA-RISC[0-9]\.[0-9]) shared library' - lt_cv_file_magic_test_file=/usr/lib/libc.sl - ;; - esac - ;; - -interix[3-9]*) - # PIC code is broken on Interix 3.x, that's why |\.a not |_pic\.a here - lt_cv_deplibs_check_method='match_pattern /lib[^/]+(\.so|\.a)$' - ;; - -irix5* | irix6* | nonstopux*) - case $LD in - *-32|*"-32 ") libmagic=32-bit;; - *-n32|*"-n32 ") libmagic=N32;; - *-64|*"-64 ") libmagic=64-bit;; - *) libmagic=never-match;; - esac - lt_cv_deplibs_check_method=pass_all - ;; - -# This must be glibc/ELF. -linux* | k*bsd*-gnu | kopensolaris*-gnu | gnu*) - lt_cv_deplibs_check_method=pass_all - ;; - -netbsd*) - if echo __ELF__ | $CC -E - | $GREP __ELF__ > /dev/null; then - lt_cv_deplibs_check_method='match_pattern /lib[^/]+(\.so\.[0-9]+\.[0-9]+|_pic\.a)$' - else - lt_cv_deplibs_check_method='match_pattern /lib[^/]+(\.so|_pic\.a)$' - fi - ;; - -newos6*) - lt_cv_deplibs_check_method='file_magic ELF [0-9][0-9]*-bit [ML]SB (executable|dynamic lib)' - lt_cv_file_magic_cmd=/usr/bin/file - lt_cv_file_magic_test_file=/usr/lib/libnls.so - ;; - -*nto* | *qnx*) - lt_cv_deplibs_check_method=pass_all - ;; - -openbsd* | bitrig*) - if test -z "`echo __ELF__ | $CC -E - | $GREP __ELF__`"; then - lt_cv_deplibs_check_method='match_pattern /lib[^/]+(\.so\.[0-9]+\.[0-9]+|\.so|_pic\.a)$' - else - lt_cv_deplibs_check_method='match_pattern /lib[^/]+(\.so\.[0-9]+\.[0-9]+|_pic\.a)$' - fi - ;; - -osf3* | osf4* | osf5*) - lt_cv_deplibs_check_method=pass_all - ;; - -rdos*) - lt_cv_deplibs_check_method=pass_all - ;; - -solaris*) - lt_cv_deplibs_check_method=pass_all - ;; - -sysv5* | sco3.2v5* | sco5v6* | unixware* | OpenUNIX* | sysv4*uw2*) - lt_cv_deplibs_check_method=pass_all - ;; - -sysv4 | sysv4.3*) - case $host_vendor in - motorola) - lt_cv_deplibs_check_method='file_magic ELF [0-9][0-9]*-bit [ML]SB (shared object|dynamic lib) M[0-9][0-9]* Version [0-9]' - lt_cv_file_magic_test_file=`echo /usr/lib/libc.so*` - ;; - ncr) - lt_cv_deplibs_check_method=pass_all - ;; - sequent) - lt_cv_file_magic_cmd='/bin/file' - lt_cv_deplibs_check_method='file_magic ELF [0-9][0-9]*-bit [LM]SB (shared object|dynamic lib )' - ;; - sni) - lt_cv_file_magic_cmd='/bin/file' - lt_cv_deplibs_check_method="file_magic ELF [0-9][0-9]*-bit [LM]SB dynamic lib" - lt_cv_file_magic_test_file=/lib/libc.so - ;; - siemens) - lt_cv_deplibs_check_method=pass_all - ;; - pc) - lt_cv_deplibs_check_method=pass_all - ;; - esac - ;; - -tpf*) - lt_cv_deplibs_check_method=pass_all - ;; -os2*) - lt_cv_deplibs_check_method=pass_all - ;; -esac - -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_deplibs_check_method" >&5 -$as_echo "$lt_cv_deplibs_check_method" >&6; } - -file_magic_glob= -want_nocaseglob=no -if test "$build" = "$host"; then - case $host_os in - mingw* | pw32*) - if ( shopt | grep nocaseglob ) >/dev/null 2>&1; then - want_nocaseglob=yes - else - file_magic_glob=`echo aAbBcCdDeEfFgGhHiIjJkKlLmMnNoOpPqQrRsStTuUvVwWxXyYzZ | $SED -e "s/\(..\)/s\/[\1]\/[\1]\/g;/g"` - fi - ;; - esac -fi - -file_magic_cmd=$lt_cv_file_magic_cmd -deplibs_check_method=$lt_cv_deplibs_check_method -test -z "$deplibs_check_method" && deplibs_check_method=unknown - - - - - - - - - - - - - - - - - - - - - - -if test -n "$ac_tool_prefix"; then - # Extract the first word of "${ac_tool_prefix}dlltool", so it can be a program name with args. -set dummy ${ac_tool_prefix}dlltool; ac_word=$2 -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 -$as_echo_n "checking for $ac_word... " >&6; } -if ${ac_cv_prog_DLLTOOL+:} false; then : - $as_echo_n "(cached) " >&6 -else - if test -n "$DLLTOOL"; then - ac_cv_prog_DLLTOOL="$DLLTOOL" # Let the user override the test. -else -as_save_IFS=$IFS; IFS=$PATH_SEPARATOR -for as_dir in $PATH -do - IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. - for ac_exec_ext in '' $ac_executable_extensions; do - if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then - ac_cv_prog_DLLTOOL="${ac_tool_prefix}dlltool" - $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 - break 2 - fi -done - done -IFS=$as_save_IFS - -fi -fi -DLLTOOL=$ac_cv_prog_DLLTOOL -if test -n "$DLLTOOL"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $DLLTOOL" >&5 -$as_echo "$DLLTOOL" >&6; } -else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } -fi - - -fi -if test -z "$ac_cv_prog_DLLTOOL"; then - ac_ct_DLLTOOL=$DLLTOOL - # Extract the first word of "dlltool", so it can be a program name with args. -set dummy dlltool; ac_word=$2 -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 -$as_echo_n "checking for $ac_word... " >&6; } -if ${ac_cv_prog_ac_ct_DLLTOOL+:} false; then : - $as_echo_n "(cached) " >&6 -else - if test -n "$ac_ct_DLLTOOL"; then - ac_cv_prog_ac_ct_DLLTOOL="$ac_ct_DLLTOOL" # Let the user override the test. -else -as_save_IFS=$IFS; IFS=$PATH_SEPARATOR -for as_dir in $PATH -do - IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. - for ac_exec_ext in '' $ac_executable_extensions; do - if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then - ac_cv_prog_ac_ct_DLLTOOL="dlltool" - $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 - break 2 - fi -done - done -IFS=$as_save_IFS - -fi -fi -ac_ct_DLLTOOL=$ac_cv_prog_ac_ct_DLLTOOL -if test -n "$ac_ct_DLLTOOL"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_DLLTOOL" >&5 -$as_echo "$ac_ct_DLLTOOL" >&6; } -else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } -fi - - if test "x$ac_ct_DLLTOOL" = x; then - DLLTOOL="false" - else - case $cross_compiling:$ac_tool_warned in -yes:) -{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 -$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} -ac_tool_warned=yes ;; -esac - DLLTOOL=$ac_ct_DLLTOOL - fi -else - DLLTOOL="$ac_cv_prog_DLLTOOL" -fi - -test -z "$DLLTOOL" && DLLTOOL=dlltool - - - - - - - - - - -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking how to associate runtime and link libraries" >&5 -$as_echo_n "checking how to associate runtime and link libraries... " >&6; } -if ${lt_cv_sharedlib_from_linklib_cmd+:} false; then : - $as_echo_n "(cached) " >&6 -else - lt_cv_sharedlib_from_linklib_cmd='unknown' - -case $host_os in -cygwin* | mingw* | pw32* | cegcc*) - # two different shell functions defined in ltmain.sh; - # decide which one to use based on capabilities of $DLLTOOL - case `$DLLTOOL --help 2>&1` in - *--identify-strict*) - lt_cv_sharedlib_from_linklib_cmd=func_cygming_dll_for_implib - ;; - *) - lt_cv_sharedlib_from_linklib_cmd=func_cygming_dll_for_implib_fallback - ;; - esac - ;; -*) - # fallback: assume linklib IS sharedlib - lt_cv_sharedlib_from_linklib_cmd=$ECHO - ;; -esac - -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_sharedlib_from_linklib_cmd" >&5 -$as_echo "$lt_cv_sharedlib_from_linklib_cmd" >&6; } -sharedlib_from_linklib_cmd=$lt_cv_sharedlib_from_linklib_cmd -test -z "$sharedlib_from_linklib_cmd" && sharedlib_from_linklib_cmd=$ECHO - - - - - - - -if test -n "$ac_tool_prefix"; then - for ac_prog in ar - do - # Extract the first word of "$ac_tool_prefix$ac_prog", so it can be a program name with args. -set dummy $ac_tool_prefix$ac_prog; ac_word=$2 -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 -$as_echo_n "checking for $ac_word... " >&6; } -if ${ac_cv_prog_AR+:} false; then : - $as_echo_n "(cached) " >&6 -else - if test -n "$AR"; then - ac_cv_prog_AR="$AR" # Let the user override the test. -else -as_save_IFS=$IFS; IFS=$PATH_SEPARATOR -for as_dir in $PATH -do - IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. - for ac_exec_ext in '' $ac_executable_extensions; do - if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then - ac_cv_prog_AR="$ac_tool_prefix$ac_prog" - $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 - break 2 - fi -done - done -IFS=$as_save_IFS - -fi -fi -AR=$ac_cv_prog_AR -if test -n "$AR"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $AR" >&5 -$as_echo "$AR" >&6; } -else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } -fi - - - test -n "$AR" && break - done -fi -if test -z "$AR"; then - ac_ct_AR=$AR - for ac_prog in ar -do - # Extract the first word of "$ac_prog", so it can be a program name with args. -set dummy $ac_prog; ac_word=$2 -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 -$as_echo_n "checking for $ac_word... " >&6; } -if ${ac_cv_prog_ac_ct_AR+:} false; then : - $as_echo_n "(cached) " >&6 -else - if test -n "$ac_ct_AR"; then - ac_cv_prog_ac_ct_AR="$ac_ct_AR" # Let the user override the test. -else -as_save_IFS=$IFS; IFS=$PATH_SEPARATOR -for as_dir in $PATH -do - IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. - for ac_exec_ext in '' $ac_executable_extensions; do - if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then - ac_cv_prog_ac_ct_AR="$ac_prog" - $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 - break 2 - fi -done - done -IFS=$as_save_IFS - -fi -fi -ac_ct_AR=$ac_cv_prog_ac_ct_AR -if test -n "$ac_ct_AR"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_AR" >&5 -$as_echo "$ac_ct_AR" >&6; } -else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } -fi - - - test -n "$ac_ct_AR" && break -done - - if test "x$ac_ct_AR" = x; then - AR="false" - else - case $cross_compiling:$ac_tool_warned in -yes:) -{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 -$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} -ac_tool_warned=yes ;; -esac - AR=$ac_ct_AR - fi -fi - -: ${AR=ar} -: ${AR_FLAGS=cru} - - - - - - - - - - - -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for archiver @FILE support" >&5 -$as_echo_n "checking for archiver @FILE support... " >&6; } -if ${lt_cv_ar_at_file+:} false; then : - $as_echo_n "(cached) " >&6 -else - lt_cv_ar_at_file=no - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - -int -main () -{ - - ; - return 0; -} -_ACEOF -if ac_fn_c_try_compile "$LINENO"; then : - echo conftest.$ac_objext > conftest.lst - lt_ar_try='$AR $AR_FLAGS libconftest.a @conftest.lst >&5' - { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$lt_ar_try\""; } >&5 - (eval $lt_ar_try) 2>&5 - ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 - test $ac_status = 0; } - if test 0 -eq "$ac_status"; then - # Ensure the archiver fails upon bogus file names. - rm -f conftest.$ac_objext libconftest.a - { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$lt_ar_try\""; } >&5 - (eval $lt_ar_try) 2>&5 - ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 - test $ac_status = 0; } - if test 0 -ne "$ac_status"; then - lt_cv_ar_at_file=@ - fi - fi - rm -f conftest.* libconftest.a - -fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext - -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_ar_at_file" >&5 -$as_echo "$lt_cv_ar_at_file" >&6; } - -if test no = "$lt_cv_ar_at_file"; then - archiver_list_spec= -else - archiver_list_spec=$lt_cv_ar_at_file -fi - - - - - - - -if test -n "$ac_tool_prefix"; then - # Extract the first word of "${ac_tool_prefix}strip", so it can be a program name with args. -set dummy ${ac_tool_prefix}strip; ac_word=$2 -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 -$as_echo_n "checking for $ac_word... " >&6; } -if ${ac_cv_prog_STRIP+:} false; then : - $as_echo_n "(cached) " >&6 -else - if test -n "$STRIP"; then - ac_cv_prog_STRIP="$STRIP" # Let the user override the test. -else -as_save_IFS=$IFS; IFS=$PATH_SEPARATOR -for as_dir in $PATH -do - IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. - for ac_exec_ext in '' $ac_executable_extensions; do - if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then - ac_cv_prog_STRIP="${ac_tool_prefix}strip" - $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 - break 2 - fi -done - done -IFS=$as_save_IFS - -fi -fi -STRIP=$ac_cv_prog_STRIP -if test -n "$STRIP"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $STRIP" >&5 -$as_echo "$STRIP" >&6; } -else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } -fi - - -fi -if test -z "$ac_cv_prog_STRIP"; then - ac_ct_STRIP=$STRIP - # Extract the first word of "strip", so it can be a program name with args. -set dummy strip; ac_word=$2 -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 -$as_echo_n "checking for $ac_word... " >&6; } -if ${ac_cv_prog_ac_ct_STRIP+:} false; then : - $as_echo_n "(cached) " >&6 -else - if test -n "$ac_ct_STRIP"; then - ac_cv_prog_ac_ct_STRIP="$ac_ct_STRIP" # Let the user override the test. -else -as_save_IFS=$IFS; IFS=$PATH_SEPARATOR -for as_dir in $PATH -do - IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. - for ac_exec_ext in '' $ac_executable_extensions; do - if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then - ac_cv_prog_ac_ct_STRIP="strip" - $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 - break 2 - fi -done - done -IFS=$as_save_IFS - -fi -fi -ac_ct_STRIP=$ac_cv_prog_ac_ct_STRIP -if test -n "$ac_ct_STRIP"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_STRIP" >&5 -$as_echo "$ac_ct_STRIP" >&6; } -else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } -fi - - if test "x$ac_ct_STRIP" = x; then - STRIP=":" - else - case $cross_compiling:$ac_tool_warned in -yes:) -{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 -$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} -ac_tool_warned=yes ;; -esac - STRIP=$ac_ct_STRIP - fi -else - STRIP="$ac_cv_prog_STRIP" -fi - -test -z "$STRIP" && STRIP=: - - - - - - -if test -n "$ac_tool_prefix"; then - # Extract the first word of "${ac_tool_prefix}ranlib", so it can be a program name with args. -set dummy ${ac_tool_prefix}ranlib; ac_word=$2 -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 -$as_echo_n "checking for $ac_word... " >&6; } -if ${ac_cv_prog_RANLIB+:} false; then : - $as_echo_n "(cached) " >&6 -else - if test -n "$RANLIB"; then - ac_cv_prog_RANLIB="$RANLIB" # Let the user override the test. -else -as_save_IFS=$IFS; IFS=$PATH_SEPARATOR -for as_dir in $PATH -do - IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. - for ac_exec_ext in '' $ac_executable_extensions; do - if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then - ac_cv_prog_RANLIB="${ac_tool_prefix}ranlib" - $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 - break 2 - fi -done - done -IFS=$as_save_IFS - -fi -fi -RANLIB=$ac_cv_prog_RANLIB -if test -n "$RANLIB"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $RANLIB" >&5 -$as_echo "$RANLIB" >&6; } -else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } -fi - - -fi -if test -z "$ac_cv_prog_RANLIB"; then - ac_ct_RANLIB=$RANLIB - # Extract the first word of "ranlib", so it can be a program name with args. -set dummy ranlib; ac_word=$2 -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 -$as_echo_n "checking for $ac_word... " >&6; } -if ${ac_cv_prog_ac_ct_RANLIB+:} false; then : - $as_echo_n "(cached) " >&6 -else - if test -n "$ac_ct_RANLIB"; then - ac_cv_prog_ac_ct_RANLIB="$ac_ct_RANLIB" # Let the user override the test. -else -as_save_IFS=$IFS; IFS=$PATH_SEPARATOR -for as_dir in $PATH -do - IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. - for ac_exec_ext in '' $ac_executable_extensions; do - if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then - ac_cv_prog_ac_ct_RANLIB="ranlib" - $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 - break 2 - fi -done - done -IFS=$as_save_IFS - -fi -fi -ac_ct_RANLIB=$ac_cv_prog_ac_ct_RANLIB -if test -n "$ac_ct_RANLIB"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_RANLIB" >&5 -$as_echo "$ac_ct_RANLIB" >&6; } -else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } -fi - - if test "x$ac_ct_RANLIB" = x; then - RANLIB=":" - else - case $cross_compiling:$ac_tool_warned in -yes:) -{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 -$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} -ac_tool_warned=yes ;; -esac - RANLIB=$ac_ct_RANLIB - fi -else - RANLIB="$ac_cv_prog_RANLIB" -fi - -test -z "$RANLIB" && RANLIB=: - - - - - - -# Determine commands to create old-style static archives. -old_archive_cmds='$AR $AR_FLAGS $oldlib$oldobjs' -old_postinstall_cmds='chmod 644 $oldlib' -old_postuninstall_cmds= - -if test -n "$RANLIB"; then - case $host_os in - bitrig* | openbsd*) - old_postinstall_cmds="$old_postinstall_cmds~\$RANLIB -t \$tool_oldlib" - ;; - *) - old_postinstall_cmds="$old_postinstall_cmds~\$RANLIB \$tool_oldlib" - ;; - esac - old_archive_cmds="$old_archive_cmds~\$RANLIB \$tool_oldlib" -fi - -case $host_os in - darwin*) - lock_old_archive_extraction=yes ;; - *) - lock_old_archive_extraction=no ;; -esac - - - - - - - - - - - - - - - - - - - - - -for ac_prog in gawk mawk nawk awk -do - # Extract the first word of "$ac_prog", so it can be a program name with args. -set dummy $ac_prog; ac_word=$2 -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 -$as_echo_n "checking for $ac_word... " >&6; } -if ${ac_cv_prog_AWK+:} false; then : - $as_echo_n "(cached) " >&6 -else - if test -n "$AWK"; then - ac_cv_prog_AWK="$AWK" # Let the user override the test. -else -as_save_IFS=$IFS; IFS=$PATH_SEPARATOR -for as_dir in $PATH -do - IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. - for ac_exec_ext in '' $ac_executable_extensions; do - if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then - ac_cv_prog_AWK="$ac_prog" - $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 - break 2 - fi -done - done -IFS=$as_save_IFS - -fi -fi -AWK=$ac_cv_prog_AWK -if test -n "$AWK"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $AWK" >&5 -$as_echo "$AWK" >&6; } -else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } -fi - - - test -n "$AWK" && break -done - - - - - - - - - - - - - - - - - - - -# If no C compiler was specified, use CC. -LTCC=${LTCC-"$CC"} - -# If no C compiler flags were specified, use CFLAGS. -LTCFLAGS=${LTCFLAGS-"$CFLAGS"} - -# Allow CC to be a program name with arguments. -compiler=$CC - - -# Check for command to grab the raw symbol name followed by C symbol from nm. -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking command to parse $NM output from $compiler object" >&5 -$as_echo_n "checking command to parse $NM output from $compiler object... " >&6; } -if ${lt_cv_sys_global_symbol_pipe+:} false; then : - $as_echo_n "(cached) " >&6 -else - -# These are sane defaults that work on at least a few old systems. -# [They come from Ultrix. What could be older than Ultrix?!! ;)] - -# Character class describing NM global symbol codes. -symcode='[BCDEGRST]' - -# Regexp to match symbols that can be accessed directly from C. -sympat='\([_A-Za-z][_A-Za-z0-9]*\)' - -# Define system-specific variables. -case $host_os in -aix*) - symcode='[BCDT]' - ;; -cygwin* | mingw* | pw32* | cegcc*) - symcode='[ABCDGISTW]' - ;; -hpux*) - if test ia64 = "$host_cpu"; then - symcode='[ABCDEGRST]' - fi - ;; -irix* | nonstopux*) - symcode='[BCDEGRST]' - ;; -osf*) - symcode='[BCDEGQRST]' - ;; -solaris*) - symcode='[BDRT]' - ;; -sco3.2v5*) - symcode='[DT]' - ;; -sysv4.2uw2*) - symcode='[DT]' - ;; -sysv5* | sco5v6* | unixware* | OpenUNIX*) - symcode='[ABDT]' - ;; -sysv4) - symcode='[DFNSTU]' - ;; -esac - -# If we're using GNU nm, then use its standard symbol codes. -case `$NM -V 2>&1` in -*GNU* | *'with BFD'*) - symcode='[ABCDGIRSTW]' ;; -esac - -if test "$lt_cv_nm_interface" = "MS dumpbin"; then - # Gets list of data symbols to import. - lt_cv_sys_global_symbol_to_import="sed -n -e 's/^I .* \(.*\)$/\1/p'" - # Adjust the below global symbol transforms to fixup imported variables. - lt_cdecl_hook=" -e 's/^I .* \(.*\)$/extern __declspec(dllimport) char \1;/p'" - lt_c_name_hook=" -e 's/^I .* \(.*\)$/ {\"\1\", (void *) 0},/p'" - lt_c_name_lib_hook="\ - -e 's/^I .* \(lib.*\)$/ {\"\1\", (void *) 0},/p'\ - -e 's/^I .* \(.*\)$/ {\"lib\1\", (void *) 0},/p'" -else - # Disable hooks by default. - lt_cv_sys_global_symbol_to_import= - lt_cdecl_hook= - lt_c_name_hook= - lt_c_name_lib_hook= -fi - -# Transform an extracted symbol line into a proper C declaration. -# Some systems (esp. on ia64) link data and code symbols differently, -# so use this general approach. -lt_cv_sys_global_symbol_to_cdecl="sed -n"\ -$lt_cdecl_hook\ -" -e 's/^T .* \(.*\)$/extern int \1();/p'"\ -" -e 's/^$symcode$symcode* .* \(.*\)$/extern char \1;/p'" - -# Transform an extracted symbol line into symbol name and symbol address -lt_cv_sys_global_symbol_to_c_name_address="sed -n"\ -$lt_c_name_hook\ -" -e 's/^: \(.*\) .*$/ {\"\1\", (void *) 0},/p'"\ -" -e 's/^$symcode$symcode* .* \(.*\)$/ {\"\1\", (void *) \&\1},/p'" - -# Transform an extracted symbol line into symbol name with lib prefix and -# symbol address. -lt_cv_sys_global_symbol_to_c_name_address_lib_prefix="sed -n"\ -$lt_c_name_lib_hook\ -" -e 's/^: \(.*\) .*$/ {\"\1\", (void *) 0},/p'"\ -" -e 's/^$symcode$symcode* .* \(lib.*\)$/ {\"\1\", (void *) \&\1},/p'"\ -" -e 's/^$symcode$symcode* .* \(.*\)$/ {\"lib\1\", (void *) \&\1},/p'" - -# Handle CRLF in mingw tool chain -opt_cr= -case $build_os in -mingw*) - opt_cr=`$ECHO 'x\{0,1\}' | tr x '\015'` # option cr in regexp - ;; -esac - -# Try without a prefix underscore, then with it. -for ac_symprfx in "" "_"; do - - # Transform symcode, sympat, and symprfx into a raw symbol and a C symbol. - symxfrm="\\1 $ac_symprfx\\2 \\2" - - # Write the raw and C identifiers. - if test "$lt_cv_nm_interface" = "MS dumpbin"; then - # Fake it for dumpbin and say T for any non-static function, - # D for any global variable and I for any imported variable. - # Also find C++ and __fastcall symbols from MSVC++, - # which start with @ or ?. - lt_cv_sys_global_symbol_pipe="$AWK '"\ -" {last_section=section; section=\$ 3};"\ -" /^COFF SYMBOL TABLE/{for(i in hide) delete hide[i]};"\ -" /Section length .*#relocs.*(pick any)/{hide[last_section]=1};"\ -" /^ *Symbol name *: /{split(\$ 0,sn,\":\"); si=substr(sn[2],2)};"\ -" /^ *Type *: code/{print \"T\",si,substr(si,length(prfx))};"\ -" /^ *Type *: data/{print \"I\",si,substr(si,length(prfx))};"\ -" \$ 0!~/External *\|/{next};"\ -" / 0+ UNDEF /{next}; / UNDEF \([^|]\)*()/{next};"\ -" {if(hide[section]) next};"\ -" {f=\"D\"}; \$ 0~/\(\).*\|/{f=\"T\"};"\ -" {split(\$ 0,a,/\||\r/); split(a[2],s)};"\ -" s[1]~/^[@?]/{print f,s[1],s[1]; next};"\ -" s[1]~prfx {split(s[1],t,\"@\"); print f,t[1],substr(t[1],length(prfx))}"\ -" ' prfx=^$ac_symprfx" - else - lt_cv_sys_global_symbol_pipe="sed -n -e 's/^.*[ ]\($symcode$symcode*\)[ ][ ]*$ac_symprfx$sympat$opt_cr$/$symxfrm/p'" - fi - lt_cv_sys_global_symbol_pipe="$lt_cv_sys_global_symbol_pipe | sed '/ __gnu_lto/d'" - - # Check to see that the pipe works correctly. - pipe_works=no - - rm -f conftest* - cat > conftest.$ac_ext <<_LT_EOF -#ifdef __cplusplus -extern "C" { -#endif -char nm_test_var; -void nm_test_func(void); -void nm_test_func(void){} -#ifdef __cplusplus -} -#endif -int main(){nm_test_var='a';nm_test_func();return(0);} -_LT_EOF - - if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_compile\""; } >&5 - (eval $ac_compile) 2>&5 - ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 - test $ac_status = 0; }; then - # Now try to grab the symbols. - nlist=conftest.nm - if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$NM conftest.$ac_objext \| "$lt_cv_sys_global_symbol_pipe" \> $nlist\""; } >&5 - (eval $NM conftest.$ac_objext \| "$lt_cv_sys_global_symbol_pipe" \> $nlist) 2>&5 - ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 - test $ac_status = 0; } && test -s "$nlist"; then - # Try sorting and uniquifying the output. - if sort "$nlist" | uniq > "$nlist"T; then - mv -f "$nlist"T "$nlist" - else - rm -f "$nlist"T - fi - - # Make sure that we snagged all the symbols we need. - if $GREP ' nm_test_var$' "$nlist" >/dev/null; then - if $GREP ' nm_test_func$' "$nlist" >/dev/null; then - cat <<_LT_EOF > conftest.$ac_ext -/* Keep this code in sync between libtool.m4, ltmain, lt_system.h, and tests. */ -#if defined _WIN32 || defined __CYGWIN__ || defined _WIN32_WCE -/* DATA imports from DLLs on WIN32 can't be const, because runtime - relocations are performed -- see ld's documentation on pseudo-relocs. */ -# define LT_DLSYM_CONST -#elif defined __osf__ -/* This system does not cope well with relocations in const data. */ -# define LT_DLSYM_CONST -#else -# define LT_DLSYM_CONST const -#endif - -#ifdef __cplusplus -extern "C" { -#endif - -_LT_EOF - # Now generate the symbol file. - eval "$lt_cv_sys_global_symbol_to_cdecl"' < "$nlist" | $GREP -v main >> conftest.$ac_ext' - - cat <<_LT_EOF >> conftest.$ac_ext - -/* The mapping between symbol names and symbols. */ -LT_DLSYM_CONST struct { - const char *name; - void *address; -} -lt__PROGRAM__LTX_preloaded_symbols[] = -{ - { "@PROGRAM@", (void *) 0 }, -_LT_EOF - $SED "s/^$symcode$symcode* .* \(.*\)$/ {\"\1\", (void *) \&\1},/" < "$nlist" | $GREP -v main >> conftest.$ac_ext - cat <<\_LT_EOF >> conftest.$ac_ext - {0, (void *) 0} -}; - -/* This works around a problem in FreeBSD linker */ -#ifdef FREEBSD_WORKAROUND -static const void *lt_preloaded_setup() { - return lt__PROGRAM__LTX_preloaded_symbols; -} -#endif - -#ifdef __cplusplus -} -#endif -_LT_EOF - # Now try linking the two files. - mv conftest.$ac_objext conftstm.$ac_objext - lt_globsym_save_LIBS=$LIBS - lt_globsym_save_CFLAGS=$CFLAGS - LIBS=conftstm.$ac_objext - CFLAGS="$CFLAGS$lt_prog_compiler_no_builtin_flag" - if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_link\""; } >&5 - (eval $ac_link) 2>&5 - ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 - test $ac_status = 0; } && test -s conftest$ac_exeext; then - pipe_works=yes - fi - LIBS=$lt_globsym_save_LIBS - CFLAGS=$lt_globsym_save_CFLAGS - else - echo "cannot find nm_test_func in $nlist" >&5 - fi - else - echo "cannot find nm_test_var in $nlist" >&5 - fi - else - echo "cannot run $lt_cv_sys_global_symbol_pipe" >&5 - fi - else - echo "$progname: failed program was:" >&5 - cat conftest.$ac_ext >&5 - fi - rm -rf conftest* conftst* - - # Do not use the global_symbol_pipe unless it works. - if test yes = "$pipe_works"; then - break - else - lt_cv_sys_global_symbol_pipe= - fi -done - -fi - -if test -z "$lt_cv_sys_global_symbol_pipe"; then - lt_cv_sys_global_symbol_to_cdecl= -fi -if test -z "$lt_cv_sys_global_symbol_pipe$lt_cv_sys_global_symbol_to_cdecl"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: failed" >&5 -$as_echo "failed" >&6; } -else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: ok" >&5 -$as_echo "ok" >&6; } -fi - -# Response file support. -if test "$lt_cv_nm_interface" = "MS dumpbin"; then - nm_file_list_spec='@' -elif $NM --help 2>/dev/null | grep '[@]FILE' >/dev/null; then - nm_file_list_spec='@' -fi - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for sysroot" >&5 -$as_echo_n "checking for sysroot... " >&6; } - -# Check whether --with-sysroot was given. -if test "${with_sysroot+set}" = set; then : - withval=$with_sysroot; -else - with_sysroot=no -fi - - -lt_sysroot= -case $with_sysroot in #( - yes) - if test yes = "$GCC"; then - lt_sysroot=`$CC --print-sysroot 2>/dev/null` - fi - ;; #( - /*) - lt_sysroot=`echo "$with_sysroot" | sed -e "$sed_quote_subst"` - ;; #( - no|'') - ;; #( - *) - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $with_sysroot" >&5 -$as_echo "$with_sysroot" >&6; } - as_fn_error $? "The sysroot must be an absolute path." "$LINENO" 5 - ;; -esac - - { $as_echo "$as_me:${as_lineno-$LINENO}: result: ${lt_sysroot:-no}" >&5 -$as_echo "${lt_sysroot:-no}" >&6; } - - - - - -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for a working dd" >&5 -$as_echo_n "checking for a working dd... " >&6; } -if ${ac_cv_path_lt_DD+:} false; then : - $as_echo_n "(cached) " >&6 -else - printf 0123456789abcdef0123456789abcdef >conftest.i -cat conftest.i conftest.i >conftest2.i -: ${lt_DD:=$DD} -if test -z "$lt_DD"; then - ac_path_lt_DD_found=false - # Loop through the user's path and test for each of PROGNAME-LIST - as_save_IFS=$IFS; IFS=$PATH_SEPARATOR -for as_dir in $PATH -do - IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. - for ac_prog in dd; do - for ac_exec_ext in '' $ac_executable_extensions; do - ac_path_lt_DD="$as_dir/$ac_prog$ac_exec_ext" - as_fn_executable_p "$ac_path_lt_DD" || continue -if "$ac_path_lt_DD" bs=32 count=1 conftest.out 2>/dev/null; then - cmp -s conftest.i conftest.out \ - && ac_cv_path_lt_DD="$ac_path_lt_DD" ac_path_lt_DD_found=: -fi - $ac_path_lt_DD_found && break 3 - done - done - done -IFS=$as_save_IFS - if test -z "$ac_cv_path_lt_DD"; then - : - fi -else - ac_cv_path_lt_DD=$lt_DD -fi - -rm -f conftest.i conftest2.i conftest.out -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_lt_DD" >&5 -$as_echo "$ac_cv_path_lt_DD" >&6; } - - -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking how to truncate binary pipes" >&5 -$as_echo_n "checking how to truncate binary pipes... " >&6; } -if ${lt_cv_truncate_bin+:} false; then : - $as_echo_n "(cached) " >&6 -else - printf 0123456789abcdef0123456789abcdef >conftest.i -cat conftest.i conftest.i >conftest2.i -lt_cv_truncate_bin= -if "$ac_cv_path_lt_DD" bs=32 count=1 conftest.out 2>/dev/null; then - cmp -s conftest.i conftest.out \ - && lt_cv_truncate_bin="$ac_cv_path_lt_DD bs=4096 count=1" -fi -rm -f conftest.i conftest2.i conftest.out -test -z "$lt_cv_truncate_bin" && lt_cv_truncate_bin="$SED -e 4q" -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_truncate_bin" >&5 -$as_echo "$lt_cv_truncate_bin" >&6; } - - - - - - - -# Calculate cc_basename. Skip known compiler wrappers and cross-prefix. -func_cc_basename () -{ - for cc_temp in $*""; do - case $cc_temp in - compile | *[\\/]compile | ccache | *[\\/]ccache ) ;; - distcc | *[\\/]distcc | purify | *[\\/]purify ) ;; - \-*) ;; - *) break;; - esac - done - func_cc_basename_result=`$ECHO "$cc_temp" | $SED "s%.*/%%; s%^$host_alias-%%"` -} - -# Check whether --enable-libtool-lock was given. -if test "${enable_libtool_lock+set}" = set; then : - enableval=$enable_libtool_lock; -fi - -test no = "$enable_libtool_lock" || enable_libtool_lock=yes - -# Some flags need to be propagated to the compiler or linker for good -# libtool support. -case $host in -ia64-*-hpux*) - # Find out what ABI is being produced by ac_compile, and set mode - # options accordingly. - echo 'int i;' > conftest.$ac_ext - if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_compile\""; } >&5 - (eval $ac_compile) 2>&5 - ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 - test $ac_status = 0; }; then - case `/usr/bin/file conftest.$ac_objext` in - *ELF-32*) - HPUX_IA64_MODE=32 - ;; - *ELF-64*) - HPUX_IA64_MODE=64 - ;; - esac - fi - rm -rf conftest* - ;; -*-*-irix6*) - # Find out what ABI is being produced by ac_compile, and set linker - # options accordingly. - echo '#line '$LINENO' "configure"' > conftest.$ac_ext - if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_compile\""; } >&5 - (eval $ac_compile) 2>&5 - ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 - test $ac_status = 0; }; then - if test yes = "$lt_cv_prog_gnu_ld"; then - case `/usr/bin/file conftest.$ac_objext` in - *32-bit*) - LD="${LD-ld} -melf32bsmip" - ;; - *N32*) - LD="${LD-ld} -melf32bmipn32" - ;; - *64-bit*) - LD="${LD-ld} -melf64bmip" - ;; - esac - else - case `/usr/bin/file conftest.$ac_objext` in - *32-bit*) - LD="${LD-ld} -32" - ;; - *N32*) - LD="${LD-ld} -n32" - ;; - *64-bit*) - LD="${LD-ld} -64" - ;; - esac - fi - fi - rm -rf conftest* - ;; - -mips64*-*linux*) - # Find out what ABI is being produced by ac_compile, and set linker - # options accordingly. - echo '#line '$LINENO' "configure"' > conftest.$ac_ext - if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_compile\""; } >&5 - (eval $ac_compile) 2>&5 - ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 - test $ac_status = 0; }; then - emul=elf - case `/usr/bin/file conftest.$ac_objext` in - *32-bit*) - emul="${emul}32" - ;; - *64-bit*) - emul="${emul}64" - ;; - esac - case `/usr/bin/file conftest.$ac_objext` in - *MSB*) - emul="${emul}btsmip" - ;; - *LSB*) - emul="${emul}ltsmip" - ;; - esac - case `/usr/bin/file conftest.$ac_objext` in - *N32*) - emul="${emul}n32" - ;; - esac - LD="${LD-ld} -m $emul" - fi - rm -rf conftest* - ;; - -x86_64-*kfreebsd*-gnu|x86_64-*linux*|powerpc*-*linux*| \ -s390*-*linux*|s390*-*tpf*|sparc*-*linux*) - # Find out what ABI is being produced by ac_compile, and set linker - # options accordingly. Note that the listed cases only cover the - # situations where additional linker options are needed (such as when - # doing 32-bit compilation for a host where ld defaults to 64-bit, or - # vice versa); the common cases where no linker options are needed do - # not appear in the list. - echo 'int i;' > conftest.$ac_ext - if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_compile\""; } >&5 - (eval $ac_compile) 2>&5 - ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 - test $ac_status = 0; }; then - case `/usr/bin/file conftest.o` in - *32-bit*) - case $host in - x86_64-*kfreebsd*-gnu) - LD="${LD-ld} -m elf_i386_fbsd" - ;; - x86_64-*linux*) - case `/usr/bin/file conftest.o` in - *x86-64*) - LD="${LD-ld} -m elf32_x86_64" - ;; - *) - LD="${LD-ld} -m elf_i386" - ;; - esac - ;; - powerpc64le-*linux*) - LD="${LD-ld} -m elf32lppclinux" - ;; - powerpc64-*linux*) - LD="${LD-ld} -m elf32ppclinux" - ;; - s390x-*linux*) - LD="${LD-ld} -m elf_s390" - ;; - sparc64-*linux*) - LD="${LD-ld} -m elf32_sparc" - ;; - esac - ;; - *64-bit*) - case $host in - x86_64-*kfreebsd*-gnu) - LD="${LD-ld} -m elf_x86_64_fbsd" - ;; - x86_64-*linux*) - LD="${LD-ld} -m elf_x86_64" - ;; - powerpcle-*linux*) - LD="${LD-ld} -m elf64lppc" - ;; - powerpc-*linux*) - LD="${LD-ld} -m elf64ppc" - ;; - s390*-*linux*|s390*-*tpf*) - LD="${LD-ld} -m elf64_s390" - ;; - sparc*-*linux*) - LD="${LD-ld} -m elf64_sparc" - ;; - esac - ;; - esac - fi - rm -rf conftest* - ;; - -*-*-sco3.2v5*) - # On SCO OpenServer 5, we need -belf to get full-featured binaries. - SAVE_CFLAGS=$CFLAGS - CFLAGS="$CFLAGS -belf" - { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether the C compiler needs -belf" >&5 -$as_echo_n "checking whether the C compiler needs -belf... " >&6; } -if ${lt_cv_cc_needs_belf+:} false; then : - $as_echo_n "(cached) " >&6 -else - ac_ext=c -ac_cpp='$CPP $CPPFLAGS' -ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' -ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' -ac_compiler_gnu=$ac_cv_c_compiler_gnu - - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - -int -main () -{ - - ; - return 0; -} -_ACEOF -if ac_fn_c_try_link "$LINENO"; then : - lt_cv_cc_needs_belf=yes -else - lt_cv_cc_needs_belf=no -fi -rm -f core conftest.err conftest.$ac_objext \ - conftest$ac_exeext conftest.$ac_ext - ac_ext=c -ac_cpp='$CPP $CPPFLAGS' -ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' -ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' -ac_compiler_gnu=$ac_cv_c_compiler_gnu - -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_cc_needs_belf" >&5 -$as_echo "$lt_cv_cc_needs_belf" >&6; } - if test yes != "$lt_cv_cc_needs_belf"; then - # this is probably gcc 2.8.0, egcs 1.0 or newer; no need for -belf - CFLAGS=$SAVE_CFLAGS - fi - ;; -*-*solaris*) - # Find out what ABI is being produced by ac_compile, and set linker - # options accordingly. - echo 'int i;' > conftest.$ac_ext - if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_compile\""; } >&5 - (eval $ac_compile) 2>&5 - ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 - test $ac_status = 0; }; then - case `/usr/bin/file conftest.o` in - *64-bit*) - case $lt_cv_prog_gnu_ld in - yes*) - case $host in - i?86-*-solaris*|x86_64-*-solaris*) - LD="${LD-ld} -m elf_x86_64" - ;; - sparc*-*-solaris*) - LD="${LD-ld} -m elf64_sparc" - ;; - esac - # GNU ld 2.21 introduced _sol2 emulations. Use them if available. - if ${LD-ld} -V | grep _sol2 >/dev/null 2>&1; then - LD=${LD-ld}_sol2 - fi - ;; - *) - if ${LD-ld} -64 -r -o conftest2.o conftest.o >/dev/null 2>&1; then - LD="${LD-ld} -64" - fi - ;; - esac - ;; - esac - fi - rm -rf conftest* - ;; -esac - -need_locks=$enable_libtool_lock - -if test -n "$ac_tool_prefix"; then - # Extract the first word of "${ac_tool_prefix}mt", so it can be a program name with args. -set dummy ${ac_tool_prefix}mt; ac_word=$2 -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 -$as_echo_n "checking for $ac_word... " >&6; } -if ${ac_cv_prog_MANIFEST_TOOL+:} false; then : - $as_echo_n "(cached) " >&6 -else - if test -n "$MANIFEST_TOOL"; then - ac_cv_prog_MANIFEST_TOOL="$MANIFEST_TOOL" # Let the user override the test. -else -as_save_IFS=$IFS; IFS=$PATH_SEPARATOR -for as_dir in $PATH -do - IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. - for ac_exec_ext in '' $ac_executable_extensions; do - if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then - ac_cv_prog_MANIFEST_TOOL="${ac_tool_prefix}mt" - $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 - break 2 - fi -done - done -IFS=$as_save_IFS - -fi -fi -MANIFEST_TOOL=$ac_cv_prog_MANIFEST_TOOL -if test -n "$MANIFEST_TOOL"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $MANIFEST_TOOL" >&5 -$as_echo "$MANIFEST_TOOL" >&6; } -else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } -fi - - -fi -if test -z "$ac_cv_prog_MANIFEST_TOOL"; then - ac_ct_MANIFEST_TOOL=$MANIFEST_TOOL - # Extract the first word of "mt", so it can be a program name with args. -set dummy mt; ac_word=$2 -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 -$as_echo_n "checking for $ac_word... " >&6; } -if ${ac_cv_prog_ac_ct_MANIFEST_TOOL+:} false; then : - $as_echo_n "(cached) " >&6 -else - if test -n "$ac_ct_MANIFEST_TOOL"; then - ac_cv_prog_ac_ct_MANIFEST_TOOL="$ac_ct_MANIFEST_TOOL" # Let the user override the test. -else -as_save_IFS=$IFS; IFS=$PATH_SEPARATOR -for as_dir in $PATH -do - IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. - for ac_exec_ext in '' $ac_executable_extensions; do - if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then - ac_cv_prog_ac_ct_MANIFEST_TOOL="mt" - $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 - break 2 - fi -done - done -IFS=$as_save_IFS - -fi -fi -ac_ct_MANIFEST_TOOL=$ac_cv_prog_ac_ct_MANIFEST_TOOL -if test -n "$ac_ct_MANIFEST_TOOL"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_MANIFEST_TOOL" >&5 -$as_echo "$ac_ct_MANIFEST_TOOL" >&6; } -else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } -fi - - if test "x$ac_ct_MANIFEST_TOOL" = x; then - MANIFEST_TOOL=":" - else - case $cross_compiling:$ac_tool_warned in -yes:) -{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 -$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} -ac_tool_warned=yes ;; -esac - MANIFEST_TOOL=$ac_ct_MANIFEST_TOOL - fi -else - MANIFEST_TOOL="$ac_cv_prog_MANIFEST_TOOL" -fi - -test -z "$MANIFEST_TOOL" && MANIFEST_TOOL=mt -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if $MANIFEST_TOOL is a manifest tool" >&5 -$as_echo_n "checking if $MANIFEST_TOOL is a manifest tool... " >&6; } -if ${lt_cv_path_mainfest_tool+:} false; then : - $as_echo_n "(cached) " >&6 -else - lt_cv_path_mainfest_tool=no - echo "$as_me:$LINENO: $MANIFEST_TOOL '-?'" >&5 - $MANIFEST_TOOL '-?' 2>conftest.err > conftest.out - cat conftest.err >&5 - if $GREP 'Manifest Tool' conftest.out > /dev/null; then - lt_cv_path_mainfest_tool=yes - fi - rm -f conftest* -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_path_mainfest_tool" >&5 -$as_echo "$lt_cv_path_mainfest_tool" >&6; } -if test yes != "$lt_cv_path_mainfest_tool"; then - MANIFEST_TOOL=: -fi - - - - - - - case $host_os in - rhapsody* | darwin*) - if test -n "$ac_tool_prefix"; then - # Extract the first word of "${ac_tool_prefix}dsymutil", so it can be a program name with args. -set dummy ${ac_tool_prefix}dsymutil; ac_word=$2 -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 -$as_echo_n "checking for $ac_word... " >&6; } -if ${ac_cv_prog_DSYMUTIL+:} false; then : - $as_echo_n "(cached) " >&6 -else - if test -n "$DSYMUTIL"; then - ac_cv_prog_DSYMUTIL="$DSYMUTIL" # Let the user override the test. -else -as_save_IFS=$IFS; IFS=$PATH_SEPARATOR -for as_dir in $PATH -do - IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. - for ac_exec_ext in '' $ac_executable_extensions; do - if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then - ac_cv_prog_DSYMUTIL="${ac_tool_prefix}dsymutil" - $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 - break 2 - fi -done - done -IFS=$as_save_IFS - -fi -fi -DSYMUTIL=$ac_cv_prog_DSYMUTIL -if test -n "$DSYMUTIL"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $DSYMUTIL" >&5 -$as_echo "$DSYMUTIL" >&6; } -else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } -fi - - -fi -if test -z "$ac_cv_prog_DSYMUTIL"; then - ac_ct_DSYMUTIL=$DSYMUTIL - # Extract the first word of "dsymutil", so it can be a program name with args. -set dummy dsymutil; ac_word=$2 -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 -$as_echo_n "checking for $ac_word... " >&6; } -if ${ac_cv_prog_ac_ct_DSYMUTIL+:} false; then : - $as_echo_n "(cached) " >&6 -else - if test -n "$ac_ct_DSYMUTIL"; then - ac_cv_prog_ac_ct_DSYMUTIL="$ac_ct_DSYMUTIL" # Let the user override the test. -else -as_save_IFS=$IFS; IFS=$PATH_SEPARATOR -for as_dir in $PATH -do - IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. - for ac_exec_ext in '' $ac_executable_extensions; do - if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then - ac_cv_prog_ac_ct_DSYMUTIL="dsymutil" - $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 - break 2 - fi -done - done -IFS=$as_save_IFS - -fi -fi -ac_ct_DSYMUTIL=$ac_cv_prog_ac_ct_DSYMUTIL -if test -n "$ac_ct_DSYMUTIL"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_DSYMUTIL" >&5 -$as_echo "$ac_ct_DSYMUTIL" >&6; } -else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } -fi - - if test "x$ac_ct_DSYMUTIL" = x; then - DSYMUTIL=":" - else - case $cross_compiling:$ac_tool_warned in -yes:) -{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 -$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} -ac_tool_warned=yes ;; -esac - DSYMUTIL=$ac_ct_DSYMUTIL - fi -else - DSYMUTIL="$ac_cv_prog_DSYMUTIL" -fi - - if test -n "$ac_tool_prefix"; then - # Extract the first word of "${ac_tool_prefix}nmedit", so it can be a program name with args. -set dummy ${ac_tool_prefix}nmedit; ac_word=$2 -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 -$as_echo_n "checking for $ac_word... " >&6; } -if ${ac_cv_prog_NMEDIT+:} false; then : - $as_echo_n "(cached) " >&6 -else - if test -n "$NMEDIT"; then - ac_cv_prog_NMEDIT="$NMEDIT" # Let the user override the test. -else -as_save_IFS=$IFS; IFS=$PATH_SEPARATOR -for as_dir in $PATH -do - IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. - for ac_exec_ext in '' $ac_executable_extensions; do - if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then - ac_cv_prog_NMEDIT="${ac_tool_prefix}nmedit" - $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 - break 2 - fi -done - done -IFS=$as_save_IFS - -fi -fi -NMEDIT=$ac_cv_prog_NMEDIT -if test -n "$NMEDIT"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $NMEDIT" >&5 -$as_echo "$NMEDIT" >&6; } -else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } -fi - - -fi -if test -z "$ac_cv_prog_NMEDIT"; then - ac_ct_NMEDIT=$NMEDIT - # Extract the first word of "nmedit", so it can be a program name with args. -set dummy nmedit; ac_word=$2 -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 -$as_echo_n "checking for $ac_word... " >&6; } -if ${ac_cv_prog_ac_ct_NMEDIT+:} false; then : - $as_echo_n "(cached) " >&6 -else - if test -n "$ac_ct_NMEDIT"; then - ac_cv_prog_ac_ct_NMEDIT="$ac_ct_NMEDIT" # Let the user override the test. -else -as_save_IFS=$IFS; IFS=$PATH_SEPARATOR -for as_dir in $PATH -do - IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. - for ac_exec_ext in '' $ac_executable_extensions; do - if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then - ac_cv_prog_ac_ct_NMEDIT="nmedit" - $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 - break 2 - fi -done - done -IFS=$as_save_IFS - -fi -fi -ac_ct_NMEDIT=$ac_cv_prog_ac_ct_NMEDIT -if test -n "$ac_ct_NMEDIT"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_NMEDIT" >&5 -$as_echo "$ac_ct_NMEDIT" >&6; } -else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } -fi - - if test "x$ac_ct_NMEDIT" = x; then - NMEDIT=":" - else - case $cross_compiling:$ac_tool_warned in -yes:) -{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 -$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} -ac_tool_warned=yes ;; -esac - NMEDIT=$ac_ct_NMEDIT - fi -else - NMEDIT="$ac_cv_prog_NMEDIT" -fi - - if test -n "$ac_tool_prefix"; then - # Extract the first word of "${ac_tool_prefix}lipo", so it can be a program name with args. -set dummy ${ac_tool_prefix}lipo; ac_word=$2 -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 -$as_echo_n "checking for $ac_word... " >&6; } -if ${ac_cv_prog_LIPO+:} false; then : - $as_echo_n "(cached) " >&6 -else - if test -n "$LIPO"; then - ac_cv_prog_LIPO="$LIPO" # Let the user override the test. -else -as_save_IFS=$IFS; IFS=$PATH_SEPARATOR -for as_dir in $PATH -do - IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. - for ac_exec_ext in '' $ac_executable_extensions; do - if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then - ac_cv_prog_LIPO="${ac_tool_prefix}lipo" - $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 - break 2 - fi -done - done -IFS=$as_save_IFS - -fi -fi -LIPO=$ac_cv_prog_LIPO -if test -n "$LIPO"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $LIPO" >&5 -$as_echo "$LIPO" >&6; } -else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } -fi - - -fi -if test -z "$ac_cv_prog_LIPO"; then - ac_ct_LIPO=$LIPO - # Extract the first word of "lipo", so it can be a program name with args. -set dummy lipo; ac_word=$2 -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 -$as_echo_n "checking for $ac_word... " >&6; } -if ${ac_cv_prog_ac_ct_LIPO+:} false; then : - $as_echo_n "(cached) " >&6 -else - if test -n "$ac_ct_LIPO"; then - ac_cv_prog_ac_ct_LIPO="$ac_ct_LIPO" # Let the user override the test. -else -as_save_IFS=$IFS; IFS=$PATH_SEPARATOR -for as_dir in $PATH -do - IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. - for ac_exec_ext in '' $ac_executable_extensions; do - if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then - ac_cv_prog_ac_ct_LIPO="lipo" - $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 - break 2 - fi -done - done -IFS=$as_save_IFS - -fi -fi -ac_ct_LIPO=$ac_cv_prog_ac_ct_LIPO -if test -n "$ac_ct_LIPO"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_LIPO" >&5 -$as_echo "$ac_ct_LIPO" >&6; } -else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } -fi - - if test "x$ac_ct_LIPO" = x; then - LIPO=":" - else - case $cross_compiling:$ac_tool_warned in -yes:) -{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 -$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} -ac_tool_warned=yes ;; -esac - LIPO=$ac_ct_LIPO - fi -else - LIPO="$ac_cv_prog_LIPO" -fi - - if test -n "$ac_tool_prefix"; then - # Extract the first word of "${ac_tool_prefix}otool", so it can be a program name with args. -set dummy ${ac_tool_prefix}otool; ac_word=$2 -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 -$as_echo_n "checking for $ac_word... " >&6; } -if ${ac_cv_prog_OTOOL+:} false; then : - $as_echo_n "(cached) " >&6 -else - if test -n "$OTOOL"; then - ac_cv_prog_OTOOL="$OTOOL" # Let the user override the test. -else -as_save_IFS=$IFS; IFS=$PATH_SEPARATOR -for as_dir in $PATH -do - IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. - for ac_exec_ext in '' $ac_executable_extensions; do - if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then - ac_cv_prog_OTOOL="${ac_tool_prefix}otool" - $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 - break 2 - fi -done - done -IFS=$as_save_IFS - -fi -fi -OTOOL=$ac_cv_prog_OTOOL -if test -n "$OTOOL"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $OTOOL" >&5 -$as_echo "$OTOOL" >&6; } -else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } -fi - - -fi -if test -z "$ac_cv_prog_OTOOL"; then - ac_ct_OTOOL=$OTOOL - # Extract the first word of "otool", so it can be a program name with args. -set dummy otool; ac_word=$2 -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 -$as_echo_n "checking for $ac_word... " >&6; } -if ${ac_cv_prog_ac_ct_OTOOL+:} false; then : - $as_echo_n "(cached) " >&6 -else - if test -n "$ac_ct_OTOOL"; then - ac_cv_prog_ac_ct_OTOOL="$ac_ct_OTOOL" # Let the user override the test. -else -as_save_IFS=$IFS; IFS=$PATH_SEPARATOR -for as_dir in $PATH -do - IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. - for ac_exec_ext in '' $ac_executable_extensions; do - if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then - ac_cv_prog_ac_ct_OTOOL="otool" - $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 - break 2 - fi -done - done -IFS=$as_save_IFS - -fi -fi -ac_ct_OTOOL=$ac_cv_prog_ac_ct_OTOOL -if test -n "$ac_ct_OTOOL"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_OTOOL" >&5 -$as_echo "$ac_ct_OTOOL" >&6; } -else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } -fi - - if test "x$ac_ct_OTOOL" = x; then - OTOOL=":" - else - case $cross_compiling:$ac_tool_warned in -yes:) -{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 -$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} -ac_tool_warned=yes ;; -esac - OTOOL=$ac_ct_OTOOL - fi -else - OTOOL="$ac_cv_prog_OTOOL" -fi - - if test -n "$ac_tool_prefix"; then - # Extract the first word of "${ac_tool_prefix}otool64", so it can be a program name with args. -set dummy ${ac_tool_prefix}otool64; ac_word=$2 -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 -$as_echo_n "checking for $ac_word... " >&6; } -if ${ac_cv_prog_OTOOL64+:} false; then : - $as_echo_n "(cached) " >&6 -else - if test -n "$OTOOL64"; then - ac_cv_prog_OTOOL64="$OTOOL64" # Let the user override the test. -else -as_save_IFS=$IFS; IFS=$PATH_SEPARATOR -for as_dir in $PATH -do - IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. - for ac_exec_ext in '' $ac_executable_extensions; do - if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then - ac_cv_prog_OTOOL64="${ac_tool_prefix}otool64" - $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 - break 2 - fi -done - done -IFS=$as_save_IFS - -fi -fi -OTOOL64=$ac_cv_prog_OTOOL64 -if test -n "$OTOOL64"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $OTOOL64" >&5 -$as_echo "$OTOOL64" >&6; } -else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } -fi - - -fi -if test -z "$ac_cv_prog_OTOOL64"; then - ac_ct_OTOOL64=$OTOOL64 - # Extract the first word of "otool64", so it can be a program name with args. -set dummy otool64; ac_word=$2 -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 -$as_echo_n "checking for $ac_word... " >&6; } -if ${ac_cv_prog_ac_ct_OTOOL64+:} false; then : - $as_echo_n "(cached) " >&6 -else - if test -n "$ac_ct_OTOOL64"; then - ac_cv_prog_ac_ct_OTOOL64="$ac_ct_OTOOL64" # Let the user override the test. -else -as_save_IFS=$IFS; IFS=$PATH_SEPARATOR -for as_dir in $PATH -do - IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. - for ac_exec_ext in '' $ac_executable_extensions; do - if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then - ac_cv_prog_ac_ct_OTOOL64="otool64" - $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 - break 2 - fi -done - done -IFS=$as_save_IFS - -fi -fi -ac_ct_OTOOL64=$ac_cv_prog_ac_ct_OTOOL64 -if test -n "$ac_ct_OTOOL64"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_OTOOL64" >&5 -$as_echo "$ac_ct_OTOOL64" >&6; } -else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } -fi - - if test "x$ac_ct_OTOOL64" = x; then - OTOOL64=":" - else - case $cross_compiling:$ac_tool_warned in -yes:) -{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 -$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} -ac_tool_warned=yes ;; -esac - OTOOL64=$ac_ct_OTOOL64 - fi -else - OTOOL64="$ac_cv_prog_OTOOL64" -fi - - - - - - - - - - - - - - - - - - - - - - - - - - - - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for -single_module linker flag" >&5 -$as_echo_n "checking for -single_module linker flag... " >&6; } -if ${lt_cv_apple_cc_single_mod+:} false; then : - $as_echo_n "(cached) " >&6 -else - lt_cv_apple_cc_single_mod=no - if test -z "$LT_MULTI_MODULE"; then - # By default we will add the -single_module flag. You can override - # by either setting the environment variable LT_MULTI_MODULE - # non-empty at configure time, or by adding -multi_module to the - # link flags. - rm -rf libconftest.dylib* - echo "int foo(void){return 1;}" > conftest.c - echo "$LTCC $LTCFLAGS $LDFLAGS -o libconftest.dylib \ --dynamiclib -Wl,-single_module conftest.c" >&5 - $LTCC $LTCFLAGS $LDFLAGS -o libconftest.dylib \ - -dynamiclib -Wl,-single_module conftest.c 2>conftest.err - _lt_result=$? - # If there is a non-empty error log, and "single_module" - # appears in it, assume the flag caused a linker warning - if test -s conftest.err && $GREP single_module conftest.err; then - cat conftest.err >&5 - # Otherwise, if the output was created with a 0 exit code from - # the compiler, it worked. - elif test -f libconftest.dylib && test 0 = "$_lt_result"; then - lt_cv_apple_cc_single_mod=yes - else - cat conftest.err >&5 - fi - rm -rf libconftest.dylib* - rm -f conftest.* - fi -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_apple_cc_single_mod" >&5 -$as_echo "$lt_cv_apple_cc_single_mod" >&6; } - - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for -exported_symbols_list linker flag" >&5 -$as_echo_n "checking for -exported_symbols_list linker flag... " >&6; } -if ${lt_cv_ld_exported_symbols_list+:} false; then : - $as_echo_n "(cached) " >&6 -else - lt_cv_ld_exported_symbols_list=no - save_LDFLAGS=$LDFLAGS - echo "_main" > conftest.sym - LDFLAGS="$LDFLAGS -Wl,-exported_symbols_list,conftest.sym" - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - -int -main () -{ - - ; - return 0; -} -_ACEOF -if ac_fn_c_try_link "$LINENO"; then : - lt_cv_ld_exported_symbols_list=yes -else - lt_cv_ld_exported_symbols_list=no -fi -rm -f core conftest.err conftest.$ac_objext \ - conftest$ac_exeext conftest.$ac_ext - LDFLAGS=$save_LDFLAGS - -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_ld_exported_symbols_list" >&5 -$as_echo "$lt_cv_ld_exported_symbols_list" >&6; } - - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for -force_load linker flag" >&5 -$as_echo_n "checking for -force_load linker flag... " >&6; } -if ${lt_cv_ld_force_load+:} false; then : - $as_echo_n "(cached) " >&6 -else - lt_cv_ld_force_load=no - cat > conftest.c << _LT_EOF -int forced_loaded() { return 2;} -_LT_EOF - echo "$LTCC $LTCFLAGS -c -o conftest.o conftest.c" >&5 - $LTCC $LTCFLAGS -c -o conftest.o conftest.c 2>&5 - echo "$AR cru libconftest.a conftest.o" >&5 - $AR cru libconftest.a conftest.o 2>&5 - echo "$RANLIB libconftest.a" >&5 - $RANLIB libconftest.a 2>&5 - cat > conftest.c << _LT_EOF -int main() { return 0;} -_LT_EOF - echo "$LTCC $LTCFLAGS $LDFLAGS -o conftest conftest.c -Wl,-force_load,./libconftest.a" >&5 - $LTCC $LTCFLAGS $LDFLAGS -o conftest conftest.c -Wl,-force_load,./libconftest.a 2>conftest.err - _lt_result=$? - if test -s conftest.err && $GREP force_load conftest.err; then - cat conftest.err >&5 - elif test -f conftest && test 0 = "$_lt_result" && $GREP forced_load conftest >/dev/null 2>&1; then - lt_cv_ld_force_load=yes - else - cat conftest.err >&5 - fi - rm -f conftest.err libconftest.a conftest conftest.c - rm -rf conftest.dSYM - -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_ld_force_load" >&5 -$as_echo "$lt_cv_ld_force_load" >&6; } - case $host_os in - rhapsody* | darwin1.[012]) - _lt_dar_allow_undefined='$wl-undefined ${wl}suppress' ;; - darwin1.*) - _lt_dar_allow_undefined='$wl-flat_namespace $wl-undefined ${wl}suppress' ;; - darwin*) # darwin 5.x on - # if running on 10.5 or later, the deployment target defaults - # to the OS version, if on x86, and 10.4, the deployment - # target defaults to 10.4. Don't you love it? - case ${MACOSX_DEPLOYMENT_TARGET-10.0},$host in - 10.0,*86*-darwin8*|10.0,*-darwin[91]*) - _lt_dar_allow_undefined='$wl-undefined ${wl}dynamic_lookup' ;; - 10.[012][,.]*) - _lt_dar_allow_undefined='$wl-flat_namespace $wl-undefined ${wl}suppress' ;; - 10.*) - _lt_dar_allow_undefined='$wl-undefined ${wl}dynamic_lookup' ;; - esac - ;; - esac - if test yes = "$lt_cv_apple_cc_single_mod"; then - _lt_dar_single_mod='$single_module' - fi - if test yes = "$lt_cv_ld_exported_symbols_list"; then - _lt_dar_export_syms=' $wl-exported_symbols_list,$output_objdir/$libname-symbols.expsym' - else - _lt_dar_export_syms='~$NMEDIT -s $output_objdir/$libname-symbols.expsym $lib' - fi - if test : != "$DSYMUTIL" && test no = "$lt_cv_ld_force_load"; then - _lt_dsymutil='~$DSYMUTIL $lib || :' - else - _lt_dsymutil= - fi - ;; - esac - -# func_munge_path_list VARIABLE PATH -# ----------------------------------- -# VARIABLE is name of variable containing _space_ separated list of -# directories to be munged by the contents of PATH, which is string -# having a format: -# "DIR[:DIR]:" -# string "DIR[ DIR]" will be prepended to VARIABLE -# ":DIR[:DIR]" -# string "DIR[ DIR]" will be appended to VARIABLE -# "DIRP[:DIRP]::[DIRA:]DIRA" -# string "DIRP[ DIRP]" will be prepended to VARIABLE and string -# "DIRA[ DIRA]" will be appended to VARIABLE -# "DIR[:DIR]" -# VARIABLE will be replaced by "DIR[ DIR]" -func_munge_path_list () -{ - case x$2 in - x) - ;; - *:) - eval $1=\"`$ECHO $2 | $SED 's/:/ /g'` \$$1\" - ;; - x:*) - eval $1=\"\$$1 `$ECHO $2 | $SED 's/:/ /g'`\" - ;; - *::*) - eval $1=\"\$$1\ `$ECHO $2 | $SED -e 's/.*:://' -e 's/:/ /g'`\" - eval $1=\"`$ECHO $2 | $SED -e 's/::.*//' -e 's/:/ /g'`\ \$$1\" - ;; - *) - eval $1=\"`$ECHO $2 | $SED 's/:/ /g'`\" - ;; - esac -} - -for ac_header in dlfcn.h -do : - ac_fn_c_check_header_compile "$LINENO" "dlfcn.h" "ac_cv_header_dlfcn_h" "$ac_includes_default -" -if test "x$ac_cv_header_dlfcn_h" = xyes; then : - cat >>confdefs.h <<_ACEOF -#define HAVE_DLFCN_H 1 -_ACEOF - -fi - -done - - - - - - - -# Set options - - - - enable_dlopen=no - - - enable_win32_dll=no - - - # Check whether --enable-shared was given. -if test "${enable_shared+set}" = set; then : - enableval=$enable_shared; p=${PACKAGE-default} - case $enableval in - yes) enable_shared=yes ;; - no) enable_shared=no ;; - *) - enable_shared=no - # Look at the argument we got. We use all the common list separators. - lt_save_ifs=$IFS; IFS=$IFS$PATH_SEPARATOR, - for pkg in $enableval; do - IFS=$lt_save_ifs - if test "X$pkg" = "X$p"; then - enable_shared=yes - fi - done - IFS=$lt_save_ifs - ;; - esac -else - enable_shared=yes -fi - - - - - - - - - - # Check whether --enable-static was given. -if test "${enable_static+set}" = set; then : - enableval=$enable_static; p=${PACKAGE-default} - case $enableval in - yes) enable_static=yes ;; - no) enable_static=no ;; - *) - enable_static=no - # Look at the argument we got. We use all the common list separators. - lt_save_ifs=$IFS; IFS=$IFS$PATH_SEPARATOR, - for pkg in $enableval; do - IFS=$lt_save_ifs - if test "X$pkg" = "X$p"; then - enable_static=yes - fi - done - IFS=$lt_save_ifs - ;; - esac -else - enable_static=yes -fi - - - - - - - - - - -# Check whether --with-pic was given. -if test "${with_pic+set}" = set; then : - withval=$with_pic; lt_p=${PACKAGE-default} - case $withval in - yes|no) pic_mode=$withval ;; - *) - pic_mode=default - # Look at the argument we got. We use all the common list separators. - lt_save_ifs=$IFS; IFS=$IFS$PATH_SEPARATOR, - for lt_pkg in $withval; do - IFS=$lt_save_ifs - if test "X$lt_pkg" = "X$lt_p"; then - pic_mode=yes - fi - done - IFS=$lt_save_ifs - ;; - esac -else - pic_mode=default -fi - - - - - - - - - # Check whether --enable-fast-install was given. -if test "${enable_fast_install+set}" = set; then : - enableval=$enable_fast_install; p=${PACKAGE-default} - case $enableval in - yes) enable_fast_install=yes ;; - no) enable_fast_install=no ;; - *) - enable_fast_install=no - # Look at the argument we got. We use all the common list separators. - lt_save_ifs=$IFS; IFS=$IFS$PATH_SEPARATOR, - for pkg in $enableval; do - IFS=$lt_save_ifs - if test "X$pkg" = "X$p"; then - enable_fast_install=yes - fi - done - IFS=$lt_save_ifs - ;; - esac -else - enable_fast_install=yes -fi - - - - - - - - - shared_archive_member_spec= -case $host,$enable_shared in -power*-*-aix[5-9]*,yes) - { $as_echo "$as_me:${as_lineno-$LINENO}: checking which variant of shared library versioning to provide" >&5 -$as_echo_n "checking which variant of shared library versioning to provide... " >&6; } - -# Check whether --with-aix-soname was given. -if test "${with_aix_soname+set}" = set; then : - withval=$with_aix_soname; case $withval in - aix|svr4|both) - ;; - *) - as_fn_error $? "Unknown argument to --with-aix-soname" "$LINENO" 5 - ;; - esac - lt_cv_with_aix_soname=$with_aix_soname -else - if ${lt_cv_with_aix_soname+:} false; then : - $as_echo_n "(cached) " >&6 -else - lt_cv_with_aix_soname=aix -fi - - with_aix_soname=$lt_cv_with_aix_soname -fi - - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $with_aix_soname" >&5 -$as_echo "$with_aix_soname" >&6; } - if test aix != "$with_aix_soname"; then - # For the AIX way of multilib, we name the shared archive member - # based on the bitwidth used, traditionally 'shr.o' or 'shr_64.o', - # and 'shr.imp' or 'shr_64.imp', respectively, for the Import File. - # Even when GNU compilers ignore OBJECT_MODE but need '-maix64' flag, - # the AIX toolchain works better with OBJECT_MODE set (default 32). - if test 64 = "${OBJECT_MODE-32}"; then - shared_archive_member_spec=shr_64 - else - shared_archive_member_spec=shr - fi - fi - ;; -*) - with_aix_soname=aix - ;; -esac - - - - - - - - - - -# This can be used to rebuild libtool when needed -LIBTOOL_DEPS=$ltmain - -# Always use our own libtool. -LIBTOOL='$(SHELL) $(top_builddir)/libtool' - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -test -z "$LN_S" && LN_S="ln -s" - - - - - - - - - - - - - - -if test -n "${ZSH_VERSION+set}"; then - setopt NO_GLOB_SUBST -fi - -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for objdir" >&5 -$as_echo_n "checking for objdir... " >&6; } -if ${lt_cv_objdir+:} false; then : - $as_echo_n "(cached) " >&6 -else - rm -f .libs 2>/dev/null -mkdir .libs 2>/dev/null -if test -d .libs; then - lt_cv_objdir=.libs -else - # MS-DOS does not allow filenames that begin with a dot. - lt_cv_objdir=_libs -fi -rmdir .libs 2>/dev/null -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_objdir" >&5 -$as_echo "$lt_cv_objdir" >&6; } -objdir=$lt_cv_objdir - - - - - -cat >>confdefs.h <<_ACEOF -#define LT_OBJDIR "$lt_cv_objdir/" -_ACEOF - - - - -case $host_os in -aix3*) - # AIX sometimes has problems with the GCC collect2 program. For some - # reason, if we set the COLLECT_NAMES environment variable, the problems - # vanish in a puff of smoke. - if test set != "${COLLECT_NAMES+set}"; then - COLLECT_NAMES= - export COLLECT_NAMES - fi - ;; -esac - -# Global variables: -ofile=libtool -can_build_shared=yes - -# All known linkers require a '.a' archive for static linking (except MSVC, -# which needs '.lib'). -libext=a - -with_gnu_ld=$lt_cv_prog_gnu_ld - -old_CC=$CC -old_CFLAGS=$CFLAGS - -# Set sane defaults for various variables -test -z "$CC" && CC=cc -test -z "$LTCC" && LTCC=$CC -test -z "$LTCFLAGS" && LTCFLAGS=$CFLAGS -test -z "$LD" && LD=ld -test -z "$ac_objext" && ac_objext=o - -func_cc_basename $compiler -cc_basename=$func_cc_basename_result - - -# Only perform the check for file, if the check method requires it -test -z "$MAGIC_CMD" && MAGIC_CMD=file -case $deplibs_check_method in -file_magic*) - if test "$file_magic_cmd" = '$MAGIC_CMD'; then - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ${ac_tool_prefix}file" >&5 -$as_echo_n "checking for ${ac_tool_prefix}file... " >&6; } -if ${lt_cv_path_MAGIC_CMD+:} false; then : - $as_echo_n "(cached) " >&6 -else - case $MAGIC_CMD in -[\\/*] | ?:[\\/]*) - lt_cv_path_MAGIC_CMD=$MAGIC_CMD # Let the user override the test with a path. - ;; -*) - lt_save_MAGIC_CMD=$MAGIC_CMD - lt_save_ifs=$IFS; IFS=$PATH_SEPARATOR - ac_dummy="/usr/bin$PATH_SEPARATOR$PATH" - for ac_dir in $ac_dummy; do - IFS=$lt_save_ifs - test -z "$ac_dir" && ac_dir=. - if test -f "$ac_dir/${ac_tool_prefix}file"; then - lt_cv_path_MAGIC_CMD=$ac_dir/"${ac_tool_prefix}file" - if test -n "$file_magic_test_file"; then - case $deplibs_check_method in - "file_magic "*) - file_magic_regex=`expr "$deplibs_check_method" : "file_magic \(.*\)"` - MAGIC_CMD=$lt_cv_path_MAGIC_CMD - if eval $file_magic_cmd \$file_magic_test_file 2> /dev/null | - $EGREP "$file_magic_regex" > /dev/null; then - : - else - cat <<_LT_EOF 1>&2 - -*** Warning: the command libtool uses to detect shared libraries, -*** $file_magic_cmd, produces output that libtool cannot recognize. -*** The result is that libtool may fail to recognize shared libraries -*** as such. This will affect the creation of libtool libraries that -*** depend on shared libraries, but programs linked with such libtool -*** libraries will work regardless of this problem. Nevertheless, you -*** may want to report the problem to your system manager and/or to -*** bug-libtool@gnu.org - -_LT_EOF - fi ;; - esac - fi - break - fi - done - IFS=$lt_save_ifs - MAGIC_CMD=$lt_save_MAGIC_CMD - ;; -esac -fi - -MAGIC_CMD=$lt_cv_path_MAGIC_CMD -if test -n "$MAGIC_CMD"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $MAGIC_CMD" >&5 -$as_echo "$MAGIC_CMD" >&6; } -else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } -fi - - - - - -if test -z "$lt_cv_path_MAGIC_CMD"; then - if test -n "$ac_tool_prefix"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for file" >&5 -$as_echo_n "checking for file... " >&6; } -if ${lt_cv_path_MAGIC_CMD+:} false; then : - $as_echo_n "(cached) " >&6 -else - case $MAGIC_CMD in -[\\/*] | ?:[\\/]*) - lt_cv_path_MAGIC_CMD=$MAGIC_CMD # Let the user override the test with a path. - ;; -*) - lt_save_MAGIC_CMD=$MAGIC_CMD - lt_save_ifs=$IFS; IFS=$PATH_SEPARATOR - ac_dummy="/usr/bin$PATH_SEPARATOR$PATH" - for ac_dir in $ac_dummy; do - IFS=$lt_save_ifs - test -z "$ac_dir" && ac_dir=. - if test -f "$ac_dir/file"; then - lt_cv_path_MAGIC_CMD=$ac_dir/"file" - if test -n "$file_magic_test_file"; then - case $deplibs_check_method in - "file_magic "*) - file_magic_regex=`expr "$deplibs_check_method" : "file_magic \(.*\)"` - MAGIC_CMD=$lt_cv_path_MAGIC_CMD - if eval $file_magic_cmd \$file_magic_test_file 2> /dev/null | - $EGREP "$file_magic_regex" > /dev/null; then - : - else - cat <<_LT_EOF 1>&2 - -*** Warning: the command libtool uses to detect shared libraries, -*** $file_magic_cmd, produces output that libtool cannot recognize. -*** The result is that libtool may fail to recognize shared libraries -*** as such. This will affect the creation of libtool libraries that -*** depend on shared libraries, but programs linked with such libtool -*** libraries will work regardless of this problem. Nevertheless, you -*** may want to report the problem to your system manager and/or to -*** bug-libtool@gnu.org - -_LT_EOF - fi ;; - esac - fi - break - fi - done - IFS=$lt_save_ifs - MAGIC_CMD=$lt_save_MAGIC_CMD - ;; -esac -fi - -MAGIC_CMD=$lt_cv_path_MAGIC_CMD -if test -n "$MAGIC_CMD"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $MAGIC_CMD" >&5 -$as_echo "$MAGIC_CMD" >&6; } -else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } -fi - - - else - MAGIC_CMD=: - fi -fi - - fi - ;; -esac - -# Use C for the default configuration in the libtool script - -lt_save_CC=$CC -ac_ext=c -ac_cpp='$CPP $CPPFLAGS' -ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' -ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' -ac_compiler_gnu=$ac_cv_c_compiler_gnu - - -# Source file extension for C test sources. -ac_ext=c - -# Object file extension for compiled C test sources. -objext=o -objext=$objext - -# Code to be used in simple compile tests -lt_simple_compile_test_code="int some_variable = 0;" - -# Code to be used in simple link tests -lt_simple_link_test_code='int main(){return(0);}' - - - - - - - -# If no C compiler was specified, use CC. -LTCC=${LTCC-"$CC"} - -# If no C compiler flags were specified, use CFLAGS. -LTCFLAGS=${LTCFLAGS-"$CFLAGS"} - -# Allow CC to be a program name with arguments. -compiler=$CC - -# Save the default compiler, since it gets overwritten when the other -# tags are being tested, and _LT_TAGVAR(compiler, []) is a NOP. -compiler_DEFAULT=$CC - -# save warnings/boilerplate of simple test code -ac_outfile=conftest.$ac_objext -echo "$lt_simple_compile_test_code" >conftest.$ac_ext -eval "$ac_compile" 2>&1 >/dev/null | $SED '/^$/d; /^ *+/d' >conftest.err -_lt_compiler_boilerplate=`cat conftest.err` -$RM conftest* - -ac_outfile=conftest.$ac_objext -echo "$lt_simple_link_test_code" >conftest.$ac_ext -eval "$ac_link" 2>&1 >/dev/null | $SED '/^$/d; /^ *+/d' >conftest.err -_lt_linker_boilerplate=`cat conftest.err` -$RM -r conftest* - - -if test -n "$compiler"; then - -lt_prog_compiler_no_builtin_flag= - -if test yes = "$GCC"; then - case $cc_basename in - nvcc*) - lt_prog_compiler_no_builtin_flag=' -Xcompiler -fno-builtin' ;; - *) - lt_prog_compiler_no_builtin_flag=' -fno-builtin' ;; - esac - - { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $compiler supports -fno-rtti -fno-exceptions" >&5 -$as_echo_n "checking if $compiler supports -fno-rtti -fno-exceptions... " >&6; } -if ${lt_cv_prog_compiler_rtti_exceptions+:} false; then : - $as_echo_n "(cached) " >&6 -else - lt_cv_prog_compiler_rtti_exceptions=no - ac_outfile=conftest.$ac_objext - echo "$lt_simple_compile_test_code" > conftest.$ac_ext - lt_compiler_flag="-fno-rtti -fno-exceptions" ## exclude from sc_useless_quotes_in_assignment - # Insert the option either (1) after the last *FLAGS variable, or - # (2) before a word containing "conftest.", or (3) at the end. - # Note that $ac_compile itself does not contain backslashes and begins - # with a dollar sign (not a hyphen), so the echo should work correctly. - # The option is referenced via a variable to avoid confusing sed. - lt_compile=`echo "$ac_compile" | $SED \ - -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ - -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ - -e 's:$: $lt_compiler_flag:'` - (eval echo "\"\$as_me:$LINENO: $lt_compile\"" >&5) - (eval "$lt_compile" 2>conftest.err) - ac_status=$? - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - if (exit $ac_status) && test -s "$ac_outfile"; then - # The compiler can only warn and ignore the option if not recognized - # So say no if there are warnings other than the usual output. - $ECHO "$_lt_compiler_boilerplate" | $SED '/^$/d' >conftest.exp - $SED '/^$/d; /^ *+/d' conftest.err >conftest.er2 - if test ! -s conftest.er2 || diff conftest.exp conftest.er2 >/dev/null; then - lt_cv_prog_compiler_rtti_exceptions=yes - fi - fi - $RM conftest* - -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler_rtti_exceptions" >&5 -$as_echo "$lt_cv_prog_compiler_rtti_exceptions" >&6; } - -if test yes = "$lt_cv_prog_compiler_rtti_exceptions"; then - lt_prog_compiler_no_builtin_flag="$lt_prog_compiler_no_builtin_flag -fno-rtti -fno-exceptions" -else - : -fi - -fi - - - - - - - lt_prog_compiler_wl= -lt_prog_compiler_pic= -lt_prog_compiler_static= - - - if test yes = "$GCC"; then - lt_prog_compiler_wl='-Wl,' - lt_prog_compiler_static='-static' - - case $host_os in - aix*) - # All AIX code is PIC. - if test ia64 = "$host_cpu"; then - # AIX 5 now supports IA64 processor - lt_prog_compiler_static='-Bstatic' - fi - lt_prog_compiler_pic='-fPIC' - ;; - - amigaos*) - case $host_cpu in - powerpc) - # see comment about AmigaOS4 .so support - lt_prog_compiler_pic='-fPIC' - ;; - m68k) - # FIXME: we need at least 68020 code to build shared libraries, but - # adding the '-m68020' flag to GCC prevents building anything better, - # like '-m68040'. - lt_prog_compiler_pic='-m68020 -resident32 -malways-restore-a4' - ;; - esac - ;; - - beos* | irix5* | irix6* | nonstopux* | osf3* | osf4* | osf5*) - # PIC is the default for these OSes. - ;; - - mingw* | cygwin* | pw32* | os2* | cegcc*) - # This hack is so that the source file can tell whether it is being - # built for inclusion in a dll (and should export symbols for example). - # Although the cygwin gcc ignores -fPIC, still need this for old-style - # (--disable-auto-import) libraries - lt_prog_compiler_pic='-DDLL_EXPORT' - case $host_os in - os2*) - lt_prog_compiler_static='$wl-static' - ;; - esac - ;; - - darwin* | rhapsody*) - # PIC is the default on this platform - # Common symbols not allowed in MH_DYLIB files - lt_prog_compiler_pic='-fno-common' - ;; - - haiku*) - # PIC is the default for Haiku. - # The "-static" flag exists, but is broken. - lt_prog_compiler_static= - ;; - - hpux*) - # PIC is the default for 64-bit PA HP-UX, but not for 32-bit - # PA HP-UX. On IA64 HP-UX, PIC is the default but the pic flag - # sets the default TLS model and affects inlining. - case $host_cpu in - hppa*64*) - # +Z the default - ;; - *) - lt_prog_compiler_pic='-fPIC' - ;; - esac - ;; - - interix[3-9]*) - # Interix 3.x gcc -fpic/-fPIC options generate broken code. - # Instead, we relocate shared libraries at runtime. - ;; - - msdosdjgpp*) - # Just because we use GCC doesn't mean we suddenly get shared libraries - # on systems that don't support them. - lt_prog_compiler_can_build_shared=no - enable_shared=no - ;; - - *nto* | *qnx*) - # QNX uses GNU C++, but need to define -shared option too, otherwise - # it will coredump. - lt_prog_compiler_pic='-fPIC -shared' - ;; - - sysv4*MP*) - if test -d /usr/nec; then - lt_prog_compiler_pic=-Kconform_pic - fi - ;; - - *) - lt_prog_compiler_pic='-fPIC' - ;; - esac - - case $cc_basename in - nvcc*) # Cuda Compiler Driver 2.2 - lt_prog_compiler_wl='-Xlinker ' - if test -n "$lt_prog_compiler_pic"; then - lt_prog_compiler_pic="-Xcompiler $lt_prog_compiler_pic" - fi - ;; - esac - else - # PORTME Check for flag to pass linker flags through the system compiler. - case $host_os in - aix*) - lt_prog_compiler_wl='-Wl,' - if test ia64 = "$host_cpu"; then - # AIX 5 now supports IA64 processor - lt_prog_compiler_static='-Bstatic' - else - lt_prog_compiler_static='-bnso -bI:/lib/syscalls.exp' - fi - ;; - - darwin* | rhapsody*) - # PIC is the default on this platform - # Common symbols not allowed in MH_DYLIB files - lt_prog_compiler_pic='-fno-common' - case $cc_basename in - nagfor*) - # NAG Fortran compiler - lt_prog_compiler_wl='-Wl,-Wl,,' - lt_prog_compiler_pic='-PIC' - lt_prog_compiler_static='-Bstatic' - ;; - esac - ;; - - mingw* | cygwin* | pw32* | os2* | cegcc*) - # This hack is so that the source file can tell whether it is being - # built for inclusion in a dll (and should export symbols for example). - lt_prog_compiler_pic='-DDLL_EXPORT' - case $host_os in - os2*) - lt_prog_compiler_static='$wl-static' - ;; - esac - ;; - - hpux9* | hpux10* | hpux11*) - lt_prog_compiler_wl='-Wl,' - # PIC is the default for IA64 HP-UX and 64-bit HP-UX, but - # not for PA HP-UX. - case $host_cpu in - hppa*64*|ia64*) - # +Z the default - ;; - *) - lt_prog_compiler_pic='+Z' - ;; - esac - # Is there a better lt_prog_compiler_static that works with the bundled CC? - lt_prog_compiler_static='$wl-a ${wl}archive' - ;; - - irix5* | irix6* | nonstopux*) - lt_prog_compiler_wl='-Wl,' - # PIC (with -KPIC) is the default. - lt_prog_compiler_static='-non_shared' - ;; - - linux* | k*bsd*-gnu | kopensolaris*-gnu | gnu*) - case $cc_basename in - # old Intel for x86_64, which still supported -KPIC. - ecc*) - lt_prog_compiler_wl='-Wl,' - lt_prog_compiler_pic='-KPIC' - lt_prog_compiler_static='-static' - ;; - # icc used to be incompatible with GCC. - # ICC 10 doesn't accept -KPIC any more. - icc* | ifort*) - lt_prog_compiler_wl='-Wl,' - lt_prog_compiler_pic='-fPIC' - lt_prog_compiler_static='-static' - ;; - # Lahey Fortran 8.1. - lf95*) - lt_prog_compiler_wl='-Wl,' - lt_prog_compiler_pic='--shared' - lt_prog_compiler_static='--static' - ;; - nagfor*) - # NAG Fortran compiler - lt_prog_compiler_wl='-Wl,-Wl,,' - lt_prog_compiler_pic='-PIC' - lt_prog_compiler_static='-Bstatic' - ;; - tcc*) - # Fabrice Bellard et al's Tiny C Compiler - lt_prog_compiler_wl='-Wl,' - lt_prog_compiler_pic='-fPIC' - lt_prog_compiler_static='-static' - ;; - pgcc* | pgf77* | pgf90* | pgf95* | pgfortran*) - # Portland Group compilers (*not* the Pentium gcc compiler, - # which looks to be a dead project) - lt_prog_compiler_wl='-Wl,' - lt_prog_compiler_pic='-fpic' - lt_prog_compiler_static='-Bstatic' - ;; - ccc*) - lt_prog_compiler_wl='-Wl,' - # All Alpha code is PIC. - lt_prog_compiler_static='-non_shared' - ;; - xl* | bgxl* | bgf* | mpixl*) - # IBM XL C 8.0/Fortran 10.1, 11.1 on PPC and BlueGene - lt_prog_compiler_wl='-Wl,' - lt_prog_compiler_pic='-qpic' - lt_prog_compiler_static='-qstaticlink' - ;; - *) - case `$CC -V 2>&1 | sed 5q` in - *Sun\ Ceres\ Fortran* | *Sun*Fortran*\ [1-7].* | *Sun*Fortran*\ 8.[0-3]*) - # Sun Fortran 8.3 passes all unrecognized flags to the linker - lt_prog_compiler_pic='-KPIC' - lt_prog_compiler_static='-Bstatic' - lt_prog_compiler_wl='' - ;; - *Sun\ F* | *Sun*Fortran*) - lt_prog_compiler_pic='-KPIC' - lt_prog_compiler_static='-Bstatic' - lt_prog_compiler_wl='-Qoption ld ' - ;; - *Sun\ C*) - # Sun C 5.9 - lt_prog_compiler_pic='-KPIC' - lt_prog_compiler_static='-Bstatic' - lt_prog_compiler_wl='-Wl,' - ;; - *Intel*\ [CF]*Compiler*) - lt_prog_compiler_wl='-Wl,' - lt_prog_compiler_pic='-fPIC' - lt_prog_compiler_static='-static' - ;; - *Portland\ Group*) - lt_prog_compiler_wl='-Wl,' - lt_prog_compiler_pic='-fpic' - lt_prog_compiler_static='-Bstatic' - ;; - esac - ;; - esac - ;; - - newsos6) - lt_prog_compiler_pic='-KPIC' - lt_prog_compiler_static='-Bstatic' - ;; - - *nto* | *qnx*) - # QNX uses GNU C++, but need to define -shared option too, otherwise - # it will coredump. - lt_prog_compiler_pic='-fPIC -shared' - ;; - - osf3* | osf4* | osf5*) - lt_prog_compiler_wl='-Wl,' - # All OSF/1 code is PIC. - lt_prog_compiler_static='-non_shared' - ;; - - rdos*) - lt_prog_compiler_static='-non_shared' - ;; - - solaris*) - lt_prog_compiler_pic='-KPIC' - lt_prog_compiler_static='-Bstatic' - case $cc_basename in - f77* | f90* | f95* | sunf77* | sunf90* | sunf95*) - lt_prog_compiler_wl='-Qoption ld ';; - *) - lt_prog_compiler_wl='-Wl,';; - esac - ;; - - sunos4*) - lt_prog_compiler_wl='-Qoption ld ' - lt_prog_compiler_pic='-PIC' - lt_prog_compiler_static='-Bstatic' - ;; - - sysv4 | sysv4.2uw2* | sysv4.3*) - lt_prog_compiler_wl='-Wl,' - lt_prog_compiler_pic='-KPIC' - lt_prog_compiler_static='-Bstatic' - ;; - - sysv4*MP*) - if test -d /usr/nec; then - lt_prog_compiler_pic='-Kconform_pic' - lt_prog_compiler_static='-Bstatic' - fi - ;; - - sysv5* | unixware* | sco3.2v5* | sco5v6* | OpenUNIX*) - lt_prog_compiler_wl='-Wl,' - lt_prog_compiler_pic='-KPIC' - lt_prog_compiler_static='-Bstatic' - ;; - - unicos*) - lt_prog_compiler_wl='-Wl,' - lt_prog_compiler_can_build_shared=no - ;; - - uts4*) - lt_prog_compiler_pic='-pic' - lt_prog_compiler_static='-Bstatic' - ;; - - *) - lt_prog_compiler_can_build_shared=no - ;; - esac - fi - -case $host_os in - # For platforms that do not support PIC, -DPIC is meaningless: - *djgpp*) - lt_prog_compiler_pic= - ;; - *) - lt_prog_compiler_pic="$lt_prog_compiler_pic -DPIC" - ;; -esac - -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $compiler option to produce PIC" >&5 -$as_echo_n "checking for $compiler option to produce PIC... " >&6; } -if ${lt_cv_prog_compiler_pic+:} false; then : - $as_echo_n "(cached) " >&6 -else - lt_cv_prog_compiler_pic=$lt_prog_compiler_pic -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler_pic" >&5 -$as_echo "$lt_cv_prog_compiler_pic" >&6; } -lt_prog_compiler_pic=$lt_cv_prog_compiler_pic - -# -# Check to make sure the PIC flag actually works. -# -if test -n "$lt_prog_compiler_pic"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $compiler PIC flag $lt_prog_compiler_pic works" >&5 -$as_echo_n "checking if $compiler PIC flag $lt_prog_compiler_pic works... " >&6; } -if ${lt_cv_prog_compiler_pic_works+:} false; then : - $as_echo_n "(cached) " >&6 -else - lt_cv_prog_compiler_pic_works=no - ac_outfile=conftest.$ac_objext - echo "$lt_simple_compile_test_code" > conftest.$ac_ext - lt_compiler_flag="$lt_prog_compiler_pic -DPIC" ## exclude from sc_useless_quotes_in_assignment - # Insert the option either (1) after the last *FLAGS variable, or - # (2) before a word containing "conftest.", or (3) at the end. - # Note that $ac_compile itself does not contain backslashes and begins - # with a dollar sign (not a hyphen), so the echo should work correctly. - # The option is referenced via a variable to avoid confusing sed. - lt_compile=`echo "$ac_compile" | $SED \ - -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ - -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ - -e 's:$: $lt_compiler_flag:'` - (eval echo "\"\$as_me:$LINENO: $lt_compile\"" >&5) - (eval "$lt_compile" 2>conftest.err) - ac_status=$? - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - if (exit $ac_status) && test -s "$ac_outfile"; then - # The compiler can only warn and ignore the option if not recognized - # So say no if there are warnings other than the usual output. - $ECHO "$_lt_compiler_boilerplate" | $SED '/^$/d' >conftest.exp - $SED '/^$/d; /^ *+/d' conftest.err >conftest.er2 - if test ! -s conftest.er2 || diff conftest.exp conftest.er2 >/dev/null; then - lt_cv_prog_compiler_pic_works=yes - fi - fi - $RM conftest* - -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler_pic_works" >&5 -$as_echo "$lt_cv_prog_compiler_pic_works" >&6; } - -if test yes = "$lt_cv_prog_compiler_pic_works"; then - case $lt_prog_compiler_pic in - "" | " "*) ;; - *) lt_prog_compiler_pic=" $lt_prog_compiler_pic" ;; - esac -else - lt_prog_compiler_pic= - lt_prog_compiler_can_build_shared=no -fi - -fi - - - - - - - - - - - -# -# Check to make sure the static flag actually works. -# -wl=$lt_prog_compiler_wl eval lt_tmp_static_flag=\"$lt_prog_compiler_static\" -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if $compiler static flag $lt_tmp_static_flag works" >&5 -$as_echo_n "checking if $compiler static flag $lt_tmp_static_flag works... " >&6; } -if ${lt_cv_prog_compiler_static_works+:} false; then : - $as_echo_n "(cached) " >&6 -else - lt_cv_prog_compiler_static_works=no - save_LDFLAGS=$LDFLAGS - LDFLAGS="$LDFLAGS $lt_tmp_static_flag" - echo "$lt_simple_link_test_code" > conftest.$ac_ext - if (eval $ac_link 2>conftest.err) && test -s conftest$ac_exeext; then - # The linker can only warn and ignore the option if not recognized - # So say no if there are warnings - if test -s conftest.err; then - # Append any errors to the config.log. - cat conftest.err 1>&5 - $ECHO "$_lt_linker_boilerplate" | $SED '/^$/d' > conftest.exp - $SED '/^$/d; /^ *+/d' conftest.err >conftest.er2 - if diff conftest.exp conftest.er2 >/dev/null; then - lt_cv_prog_compiler_static_works=yes - fi - else - lt_cv_prog_compiler_static_works=yes - fi - fi - $RM -r conftest* - LDFLAGS=$save_LDFLAGS - -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler_static_works" >&5 -$as_echo "$lt_cv_prog_compiler_static_works" >&6; } - -if test yes = "$lt_cv_prog_compiler_static_works"; then - : -else - lt_prog_compiler_static= -fi - - - - - - - - { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $compiler supports -c -o file.$ac_objext" >&5 -$as_echo_n "checking if $compiler supports -c -o file.$ac_objext... " >&6; } -if ${lt_cv_prog_compiler_c_o+:} false; then : - $as_echo_n "(cached) " >&6 -else - lt_cv_prog_compiler_c_o=no - $RM -r conftest 2>/dev/null - mkdir conftest - cd conftest - mkdir out - echo "$lt_simple_compile_test_code" > conftest.$ac_ext - - lt_compiler_flag="-o out/conftest2.$ac_objext" - # Insert the option either (1) after the last *FLAGS variable, or - # (2) before a word containing "conftest.", or (3) at the end. - # Note that $ac_compile itself does not contain backslashes and begins - # with a dollar sign (not a hyphen), so the echo should work correctly. - lt_compile=`echo "$ac_compile" | $SED \ - -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ - -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ - -e 's:$: $lt_compiler_flag:'` - (eval echo "\"\$as_me:$LINENO: $lt_compile\"" >&5) - (eval "$lt_compile" 2>out/conftest.err) - ac_status=$? - cat out/conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - if (exit $ac_status) && test -s out/conftest2.$ac_objext - then - # The compiler can only warn and ignore the option if not recognized - # So say no if there are warnings - $ECHO "$_lt_compiler_boilerplate" | $SED '/^$/d' > out/conftest.exp - $SED '/^$/d; /^ *+/d' out/conftest.err >out/conftest.er2 - if test ! -s out/conftest.er2 || diff out/conftest.exp out/conftest.er2 >/dev/null; then - lt_cv_prog_compiler_c_o=yes - fi - fi - chmod u+w . 2>&5 - $RM conftest* - # SGI C++ compiler will create directory out/ii_files/ for - # template instantiation - test -d out/ii_files && $RM out/ii_files/* && rmdir out/ii_files - $RM out/* && rmdir out - cd .. - $RM -r conftest - $RM conftest* - -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler_c_o" >&5 -$as_echo "$lt_cv_prog_compiler_c_o" >&6; } - - - - - - - { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $compiler supports -c -o file.$ac_objext" >&5 -$as_echo_n "checking if $compiler supports -c -o file.$ac_objext... " >&6; } -if ${lt_cv_prog_compiler_c_o+:} false; then : - $as_echo_n "(cached) " >&6 -else - lt_cv_prog_compiler_c_o=no - $RM -r conftest 2>/dev/null - mkdir conftest - cd conftest - mkdir out - echo "$lt_simple_compile_test_code" > conftest.$ac_ext - - lt_compiler_flag="-o out/conftest2.$ac_objext" - # Insert the option either (1) after the last *FLAGS variable, or - # (2) before a word containing "conftest.", or (3) at the end. - # Note that $ac_compile itself does not contain backslashes and begins - # with a dollar sign (not a hyphen), so the echo should work correctly. - lt_compile=`echo "$ac_compile" | $SED \ - -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ - -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ - -e 's:$: $lt_compiler_flag:'` - (eval echo "\"\$as_me:$LINENO: $lt_compile\"" >&5) - (eval "$lt_compile" 2>out/conftest.err) - ac_status=$? - cat out/conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - if (exit $ac_status) && test -s out/conftest2.$ac_objext - then - # The compiler can only warn and ignore the option if not recognized - # So say no if there are warnings - $ECHO "$_lt_compiler_boilerplate" | $SED '/^$/d' > out/conftest.exp - $SED '/^$/d; /^ *+/d' out/conftest.err >out/conftest.er2 - if test ! -s out/conftest.er2 || diff out/conftest.exp out/conftest.er2 >/dev/null; then - lt_cv_prog_compiler_c_o=yes - fi - fi - chmod u+w . 2>&5 - $RM conftest* - # SGI C++ compiler will create directory out/ii_files/ for - # template instantiation - test -d out/ii_files && $RM out/ii_files/* && rmdir out/ii_files - $RM out/* && rmdir out - cd .. - $RM -r conftest - $RM conftest* - -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler_c_o" >&5 -$as_echo "$lt_cv_prog_compiler_c_o" >&6; } - - - - -hard_links=nottested -if test no = "$lt_cv_prog_compiler_c_o" && test no != "$need_locks"; then - # do not overwrite the value of need_locks provided by the user - { $as_echo "$as_me:${as_lineno-$LINENO}: checking if we can lock with hard links" >&5 -$as_echo_n "checking if we can lock with hard links... " >&6; } - hard_links=yes - $RM conftest* - ln conftest.a conftest.b 2>/dev/null && hard_links=no - touch conftest.a - ln conftest.a conftest.b 2>&5 || hard_links=no - ln conftest.a conftest.b 2>/dev/null && hard_links=no - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $hard_links" >&5 -$as_echo "$hard_links" >&6; } - if test no = "$hard_links"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: '$CC' does not support '-c -o', so 'make -j' may be unsafe" >&5 -$as_echo "$as_me: WARNING: '$CC' does not support '-c -o', so 'make -j' may be unsafe" >&2;} - need_locks=warn - fi -else - need_locks=no -fi - - - - - - - { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether the $compiler linker ($LD) supports shared libraries" >&5 -$as_echo_n "checking whether the $compiler linker ($LD) supports shared libraries... " >&6; } - - runpath_var= - allow_undefined_flag= - always_export_symbols=no - archive_cmds= - archive_expsym_cmds= - compiler_needs_object=no - enable_shared_with_static_runtimes=no - export_dynamic_flag_spec= - export_symbols_cmds='$NM $libobjs $convenience | $global_symbol_pipe | $SED '\''s/.* //'\'' | sort | uniq > $export_symbols' - hardcode_automatic=no - hardcode_direct=no - hardcode_direct_absolute=no - hardcode_libdir_flag_spec= - hardcode_libdir_separator= - hardcode_minus_L=no - hardcode_shlibpath_var=unsupported - inherit_rpath=no - link_all_deplibs=unknown - module_cmds= - module_expsym_cmds= - old_archive_from_new_cmds= - old_archive_from_expsyms_cmds= - thread_safe_flag_spec= - whole_archive_flag_spec= - # include_expsyms should be a list of space-separated symbols to be *always* - # included in the symbol list - include_expsyms= - # exclude_expsyms can be an extended regexp of symbols to exclude - # it will be wrapped by ' (' and ')$', so one must not match beginning or - # end of line. Example: 'a|bc|.*d.*' will exclude the symbols 'a' and 'bc', - # as well as any symbol that contains 'd'. - exclude_expsyms='_GLOBAL_OFFSET_TABLE_|_GLOBAL__F[ID]_.*' - # Although _GLOBAL_OFFSET_TABLE_ is a valid symbol C name, most a.out - # platforms (ab)use it in PIC code, but their linkers get confused if - # the symbol is explicitly referenced. Since portable code cannot - # rely on this symbol name, it's probably fine to never include it in - # preloaded symbol tables. - # Exclude shared library initialization/finalization symbols. - extract_expsyms_cmds= - - case $host_os in - cygwin* | mingw* | pw32* | cegcc*) - # FIXME: the MSVC++ port hasn't been tested in a loooong time - # When not using gcc, we currently assume that we are using - # Microsoft Visual C++. - if test yes != "$GCC"; then - with_gnu_ld=no - fi - ;; - interix*) - # we just hope/assume this is gcc and not c89 (= MSVC++) - with_gnu_ld=yes - ;; - openbsd* | bitrig*) - with_gnu_ld=no - ;; - esac - - ld_shlibs=yes - - # On some targets, GNU ld is compatible enough with the native linker - # that we're better off using the native interface for both. - lt_use_gnu_ld_interface=no - if test yes = "$with_gnu_ld"; then - case $host_os in - aix*) - # The AIX port of GNU ld has always aspired to compatibility - # with the native linker. However, as the warning in the GNU ld - # block says, versions before 2.19.5* couldn't really create working - # shared libraries, regardless of the interface used. - case `$LD -v 2>&1` in - *\ \(GNU\ Binutils\)\ 2.19.5*) ;; - *\ \(GNU\ Binutils\)\ 2.[2-9]*) ;; - *\ \(GNU\ Binutils\)\ [3-9]*) ;; - *) - lt_use_gnu_ld_interface=yes - ;; - esac - ;; - *) - lt_use_gnu_ld_interface=yes - ;; - esac - fi - - if test yes = "$lt_use_gnu_ld_interface"; then - # If archive_cmds runs LD, not CC, wlarc should be empty - wlarc='$wl' - - # Set some defaults for GNU ld with shared library support. These - # are reset later if shared libraries are not supported. Putting them - # here allows them to be overridden if necessary. - runpath_var=LD_RUN_PATH - hardcode_libdir_flag_spec='$wl-rpath $wl$libdir' - export_dynamic_flag_spec='$wl--export-dynamic' - # ancient GNU ld didn't support --whole-archive et. al. - if $LD --help 2>&1 | $GREP 'no-whole-archive' > /dev/null; then - whole_archive_flag_spec=$wlarc'--whole-archive$convenience '$wlarc'--no-whole-archive' - else - whole_archive_flag_spec= - fi - supports_anon_versioning=no - case `$LD -v | $SED -e 's/(^)\+)\s\+//' 2>&1` in - *GNU\ gold*) supports_anon_versioning=yes ;; - *\ [01].* | *\ 2.[0-9].* | *\ 2.10.*) ;; # catch versions < 2.11 - *\ 2.11.93.0.2\ *) supports_anon_versioning=yes ;; # RH7.3 ... - *\ 2.11.92.0.12\ *) supports_anon_versioning=yes ;; # Mandrake 8.2 ... - *\ 2.11.*) ;; # other 2.11 versions - *) supports_anon_versioning=yes ;; - esac - - # See if GNU ld supports shared libraries. - case $host_os in - aix[3-9]*) - # On AIX/PPC, the GNU linker is very broken - if test ia64 != "$host_cpu"; then - ld_shlibs=no - cat <<_LT_EOF 1>&2 - -*** Warning: the GNU linker, at least up to release 2.19, is reported -*** to be unable to reliably create shared libraries on AIX. -*** Therefore, libtool is disabling shared libraries support. If you -*** really care for shared libraries, you may want to install binutils -*** 2.20 or above, or modify your PATH so that a non-GNU linker is found. -*** You will then need to restart the configuration process. - -_LT_EOF - fi - ;; - - amigaos*) - case $host_cpu in - powerpc) - # see comment about AmigaOS4 .so support - archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib' - archive_expsym_cmds='' - ;; - m68k) - archive_cmds='$RM $output_objdir/a2ixlibrary.data~$ECHO "#define NAME $libname" > $output_objdir/a2ixlibrary.data~$ECHO "#define LIBRARY_ID 1" >> $output_objdir/a2ixlibrary.data~$ECHO "#define VERSION $major" >> $output_objdir/a2ixlibrary.data~$ECHO "#define REVISION $revision" >> $output_objdir/a2ixlibrary.data~$AR $AR_FLAGS $lib $libobjs~$RANLIB $lib~(cd $output_objdir && a2ixlibrary -32)' - hardcode_libdir_flag_spec='-L$libdir' - hardcode_minus_L=yes - ;; - esac - ;; - - beos*) - if $LD --help 2>&1 | $GREP ': supported targets:.* elf' > /dev/null; then - allow_undefined_flag=unsupported - # Joseph Beckenbach says some releases of gcc - # support --undefined. This deserves some investigation. FIXME - archive_cmds='$CC -nostart $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib' - else - ld_shlibs=no - fi - ;; - - cygwin* | mingw* | pw32* | cegcc*) - # _LT_TAGVAR(hardcode_libdir_flag_spec, ) is actually meaningless, - # as there is no search path for DLLs. - hardcode_libdir_flag_spec='-L$libdir' - export_dynamic_flag_spec='$wl--export-all-symbols' - allow_undefined_flag=unsupported - always_export_symbols=no - enable_shared_with_static_runtimes=yes - export_symbols_cmds='$NM $libobjs $convenience | $global_symbol_pipe | $SED -e '\''/^[BCDGRS][ ]/s/.*[ ]\([^ ]*\)/\1 DATA/;s/^.*[ ]__nm__\([^ ]*\)[ ][^ ]*/\1 DATA/;/^I[ ]/d;/^[AITW][ ]/s/.* //'\'' | sort | uniq > $export_symbols' - exclude_expsyms='[_]+GLOBAL_OFFSET_TABLE_|[_]+GLOBAL__[FID]_.*|[_]+head_[A-Za-z0-9_]+_dll|[A-Za-z0-9_]+_dll_iname' - - if $LD --help 2>&1 | $GREP 'auto-import' > /dev/null; then - archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags -o $output_objdir/$soname $wl--enable-auto-image-base -Xlinker --out-implib -Xlinker $lib' - # If the export-symbols file already is a .def file, use it as - # is; otherwise, prepend EXPORTS... - archive_expsym_cmds='if test DEF = "`$SED -n -e '\''s/^[ ]*//'\'' -e '\''/^\(;.*\)*$/d'\'' -e '\''s/^\(EXPORTS\|LIBRARY\)\([ ].*\)*$/DEF/p'\'' -e q $export_symbols`" ; then - cp $export_symbols $output_objdir/$soname.def; - else - echo EXPORTS > $output_objdir/$soname.def; - cat $export_symbols >> $output_objdir/$soname.def; - fi~ - $CC -shared $output_objdir/$soname.def $libobjs $deplibs $compiler_flags -o $output_objdir/$soname $wl--enable-auto-image-base -Xlinker --out-implib -Xlinker $lib' - else - ld_shlibs=no - fi - ;; - - haiku*) - archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib' - link_all_deplibs=yes - ;; - - os2*) - hardcode_libdir_flag_spec='-L$libdir' - hardcode_minus_L=yes - allow_undefined_flag=unsupported - shrext_cmds=.dll - archive_cmds='$ECHO "LIBRARY ${soname%$shared_ext} INITINSTANCE TERMINSTANCE" > $output_objdir/$libname.def~ - $ECHO "DESCRIPTION \"$libname\"" >> $output_objdir/$libname.def~ - $ECHO "DATA MULTIPLE NONSHARED" >> $output_objdir/$libname.def~ - $ECHO EXPORTS >> $output_objdir/$libname.def~ - emxexp $libobjs | $SED /"_DLL_InitTerm"/d >> $output_objdir/$libname.def~ - $CC -Zdll -Zcrtdll -o $output_objdir/$soname $libobjs $deplibs $compiler_flags $output_objdir/$libname.def~ - emximp -o $lib $output_objdir/$libname.def' - archive_expsym_cmds='$ECHO "LIBRARY ${soname%$shared_ext} INITINSTANCE TERMINSTANCE" > $output_objdir/$libname.def~ - $ECHO "DESCRIPTION \"$libname\"" >> $output_objdir/$libname.def~ - $ECHO "DATA MULTIPLE NONSHARED" >> $output_objdir/$libname.def~ - $ECHO EXPORTS >> $output_objdir/$libname.def~ - prefix_cmds="$SED"~ - if test EXPORTS = "`$SED 1q $export_symbols`"; then - prefix_cmds="$prefix_cmds -e 1d"; - fi~ - prefix_cmds="$prefix_cmds -e \"s/^\(.*\)$/_\1/g\""~ - cat $export_symbols | $prefix_cmds >> $output_objdir/$libname.def~ - $CC -Zdll -Zcrtdll -o $output_objdir/$soname $libobjs $deplibs $compiler_flags $output_objdir/$libname.def~ - emximp -o $lib $output_objdir/$libname.def' - old_archive_From_new_cmds='emximp -o $output_objdir/${libname}_dll.a $output_objdir/$libname.def' - enable_shared_with_static_runtimes=yes - ;; - - interix[3-9]*) - hardcode_direct=no - hardcode_shlibpath_var=no - hardcode_libdir_flag_spec='$wl-rpath,$libdir' - export_dynamic_flag_spec='$wl-E' - # Hack: On Interix 3.x, we cannot compile PIC because of a broken gcc. - # Instead, shared libraries are loaded at an image base (0x10000000 by - # default) and relocated if they conflict, which is a slow very memory - # consuming and fragmenting process. To avoid this, we pick a random, - # 256 KiB-aligned image base between 0x50000000 and 0x6FFC0000 at link - # time. Moving up from 0x10000000 also allows more sbrk(2) space. - archive_cmds='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-h,$soname $wl--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib' - archive_expsym_cmds='sed "s|^|_|" $export_symbols >$output_objdir/$soname.expsym~$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-h,$soname $wl--retain-symbols-file,$output_objdir/$soname.expsym $wl--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib' - ;; - - gnu* | linux* | tpf* | k*bsd*-gnu | kopensolaris*-gnu) - tmp_diet=no - if test linux-dietlibc = "$host_os"; then - case $cc_basename in - diet\ *) tmp_diet=yes;; # linux-dietlibc with static linking (!diet-dyn) - esac - fi - if $LD --help 2>&1 | $EGREP ': supported targets:.* elf' > /dev/null \ - && test no = "$tmp_diet" - then - tmp_addflag=' $pic_flag' - tmp_sharedflag='-shared' - case $cc_basename,$host_cpu in - pgcc*) # Portland Group C compiler - whole_archive_flag_spec='$wl--whole-archive`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; func_echo_all \"$new_convenience\"` $wl--no-whole-archive' - tmp_addflag=' $pic_flag' - ;; - pgf77* | pgf90* | pgf95* | pgfortran*) - # Portland Group f77 and f90 compilers - whole_archive_flag_spec='$wl--whole-archive`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; func_echo_all \"$new_convenience\"` $wl--no-whole-archive' - tmp_addflag=' $pic_flag -Mnomain' ;; - ecc*,ia64* | icc*,ia64*) # Intel C compiler on ia64 - tmp_addflag=' -i_dynamic' ;; - efc*,ia64* | ifort*,ia64*) # Intel Fortran compiler on ia64 - tmp_addflag=' -i_dynamic -nofor_main' ;; - ifc* | ifort*) # Intel Fortran compiler - tmp_addflag=' -nofor_main' ;; - lf95*) # Lahey Fortran 8.1 - whole_archive_flag_spec= - tmp_sharedflag='--shared' ;; - nagfor*) # NAGFOR 5.3 - tmp_sharedflag='-Wl,-shared' ;; - xl[cC]* | bgxl[cC]* | mpixl[cC]*) # IBM XL C 8.0 on PPC (deal with xlf below) - tmp_sharedflag='-qmkshrobj' - tmp_addflag= ;; - nvcc*) # Cuda Compiler Driver 2.2 - whole_archive_flag_spec='$wl--whole-archive`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; func_echo_all \"$new_convenience\"` $wl--no-whole-archive' - compiler_needs_object=yes - ;; - esac - case `$CC -V 2>&1 | sed 5q` in - *Sun\ C*) # Sun C 5.9 - whole_archive_flag_spec='$wl--whole-archive`new_convenience=; for conv in $convenience\"\"; do test -z \"$conv\" || new_convenience=\"$new_convenience,$conv\"; done; func_echo_all \"$new_convenience\"` $wl--no-whole-archive' - compiler_needs_object=yes - tmp_sharedflag='-G' ;; - *Sun\ F*) # Sun Fortran 8.3 - tmp_sharedflag='-G' ;; - esac - archive_cmds='$CC '"$tmp_sharedflag""$tmp_addflag"' $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib' - - if test yes = "$supports_anon_versioning"; then - archive_expsym_cmds='echo "{ global:" > $output_objdir/$libname.ver~ - cat $export_symbols | sed -e "s/\(.*\)/\1;/" >> $output_objdir/$libname.ver~ - echo "local: *; };" >> $output_objdir/$libname.ver~ - $CC '"$tmp_sharedflag""$tmp_addflag"' $libobjs $deplibs $compiler_flags $wl-soname $wl$soname $wl-version-script $wl$output_objdir/$libname.ver -o $lib' - fi - - case $cc_basename in - tcc*) - export_dynamic_flag_spec='-rdynamic' - ;; - xlf* | bgf* | bgxlf* | mpixlf*) - # IBM XL Fortran 10.1 on PPC cannot create shared libs itself - whole_archive_flag_spec='--whole-archive$convenience --no-whole-archive' - hardcode_libdir_flag_spec='$wl-rpath $wl$libdir' - archive_cmds='$LD -shared $libobjs $deplibs $linker_flags -soname $soname -o $lib' - if test yes = "$supports_anon_versioning"; then - archive_expsym_cmds='echo "{ global:" > $output_objdir/$libname.ver~ - cat $export_symbols | sed -e "s/\(.*\)/\1;/" >> $output_objdir/$libname.ver~ - echo "local: *; };" >> $output_objdir/$libname.ver~ - $LD -shared $libobjs $deplibs $linker_flags -soname $soname -version-script $output_objdir/$libname.ver -o $lib' - fi - ;; - esac - else - ld_shlibs=no - fi - ;; - - netbsd*) - if echo __ELF__ | $CC -E - | $GREP __ELF__ >/dev/null; then - archive_cmds='$LD -Bshareable $libobjs $deplibs $linker_flags -o $lib' - wlarc= - else - archive_cmds='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib' - archive_expsym_cmds='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-soname $wl$soname $wl-retain-symbols-file $wl$export_symbols -o $lib' - fi - ;; - - solaris*) - if $LD -v 2>&1 | $GREP 'BFD 2\.8' > /dev/null; then - ld_shlibs=no - cat <<_LT_EOF 1>&2 - -*** Warning: The releases 2.8.* of the GNU linker cannot reliably -*** create shared libraries on Solaris systems. Therefore, libtool -*** is disabling shared libraries support. We urge you to upgrade GNU -*** binutils to release 2.9.1 or newer. Another option is to modify -*** your PATH or compiler configuration so that the native linker is -*** used, and then restart. - -_LT_EOF - elif $LD --help 2>&1 | $GREP ': supported targets:.* elf' > /dev/null; then - archive_cmds='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib' - archive_expsym_cmds='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-soname $wl$soname $wl-retain-symbols-file $wl$export_symbols -o $lib' - else - ld_shlibs=no - fi - ;; - - sysv5* | sco3.2v5* | sco5v6* | unixware* | OpenUNIX*) - case `$LD -v 2>&1` in - *\ [01].* | *\ 2.[0-9].* | *\ 2.1[0-5].*) - ld_shlibs=no - cat <<_LT_EOF 1>&2 - -*** Warning: Releases of the GNU linker prior to 2.16.91.0.3 cannot -*** reliably create shared libraries on SCO systems. Therefore, libtool -*** is disabling shared libraries support. We urge you to upgrade GNU -*** binutils to release 2.16.91.0.3 or newer. Another option is to modify -*** your PATH or compiler configuration so that the native linker is -*** used, and then restart. - -_LT_EOF - ;; - *) - # For security reasons, it is highly recommended that you always - # use absolute paths for naming shared libraries, and exclude the - # DT_RUNPATH tag from executables and libraries. But doing so - # requires that you compile everything twice, which is a pain. - if $LD --help 2>&1 | $GREP ': supported targets:.* elf' > /dev/null; then - hardcode_libdir_flag_spec='$wl-rpath $wl$libdir' - archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib' - archive_expsym_cmds='$CC -shared $libobjs $deplibs $compiler_flags $wl-soname $wl$soname $wl-retain-symbols-file $wl$export_symbols -o $lib' - else - ld_shlibs=no - fi - ;; - esac - ;; - - sunos4*) - archive_cmds='$LD -assert pure-text -Bshareable -o $lib $libobjs $deplibs $linker_flags' - wlarc= - hardcode_direct=yes - hardcode_shlibpath_var=no - ;; - - *) - if $LD --help 2>&1 | $GREP ': supported targets:.* elf' > /dev/null; then - archive_cmds='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib' - archive_expsym_cmds='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-soname $wl$soname $wl-retain-symbols-file $wl$export_symbols -o $lib' - else - ld_shlibs=no - fi - ;; - esac - - if test no = "$ld_shlibs"; then - runpath_var= - hardcode_libdir_flag_spec= - export_dynamic_flag_spec= - whole_archive_flag_spec= - fi - else - # PORTME fill in a description of your system's linker (not GNU ld) - case $host_os in - aix3*) - allow_undefined_flag=unsupported - always_export_symbols=yes - archive_expsym_cmds='$LD -o $output_objdir/$soname $libobjs $deplibs $linker_flags -bE:$export_symbols -T512 -H512 -bM:SRE~$AR $AR_FLAGS $lib $output_objdir/$soname' - # Note: this linker hardcodes the directories in LIBPATH if there - # are no directories specified by -L. - hardcode_minus_L=yes - if test yes = "$GCC" && test -z "$lt_prog_compiler_static"; then - # Neither direct hardcoding nor static linking is supported with a - # broken collect2. - hardcode_direct=unsupported - fi - ;; - - aix[4-9]*) - if test ia64 = "$host_cpu"; then - # On IA64, the linker does run time linking by default, so we don't - # have to do anything special. - aix_use_runtimelinking=no - exp_sym_flag='-Bexport' - no_entry_flag= - else - # If we're using GNU nm, then we don't want the "-C" option. - # -C means demangle to GNU nm, but means don't demangle to AIX nm. - # Without the "-l" option, or with the "-B" option, AIX nm treats - # weak defined symbols like other global defined symbols, whereas - # GNU nm marks them as "W". - # While the 'weak' keyword is ignored in the Export File, we need - # it in the Import File for the 'aix-soname' feature, so we have - # to replace the "-B" option with "-P" for AIX nm. - if $NM -V 2>&1 | $GREP 'GNU' > /dev/null; then - export_symbols_cmds='$NM -Bpg $libobjs $convenience | awk '\''{ if (((\$ 2 == "T") || (\$ 2 == "D") || (\$ 2 == "B") || (\$ 2 == "W")) && (substr(\$ 3,1,1) != ".")) { if (\$ 2 == "W") { print \$ 3 " weak" } else { print \$ 3 } } }'\'' | sort -u > $export_symbols' - else - export_symbols_cmds='`func_echo_all $NM | $SED -e '\''s/B\([^B]*\)$/P\1/'\''` -PCpgl $libobjs $convenience | awk '\''{ if (((\$ 2 == "T") || (\$ 2 == "D") || (\$ 2 == "B") || (\$ 2 == "W") || (\$ 2 == "V") || (\$ 2 == "Z")) && (substr(\$ 1,1,1) != ".")) { if ((\$ 2 == "W") || (\$ 2 == "V") || (\$ 2 == "Z")) { print \$ 1 " weak" } else { print \$ 1 } } }'\'' | sort -u > $export_symbols' - fi - aix_use_runtimelinking=no - - # Test if we are trying to use run time linking or normal - # AIX style linking. If -brtl is somewhere in LDFLAGS, we - # have runtime linking enabled, and use it for executables. - # For shared libraries, we enable/disable runtime linking - # depending on the kind of the shared library created - - # when "with_aix_soname,aix_use_runtimelinking" is: - # "aix,no" lib.a(lib.so.V) shared, rtl:no, for executables - # "aix,yes" lib.so shared, rtl:yes, for executables - # lib.a static archive - # "both,no" lib.so.V(shr.o) shared, rtl:yes - # lib.a(lib.so.V) shared, rtl:no, for executables - # "both,yes" lib.so.V(shr.o) shared, rtl:yes, for executables - # lib.a(lib.so.V) shared, rtl:no - # "svr4,*" lib.so.V(shr.o) shared, rtl:yes, for executables - # lib.a static archive - case $host_os in aix4.[23]|aix4.[23].*|aix[5-9]*) - for ld_flag in $LDFLAGS; do - if (test x-brtl = "x$ld_flag" || test x-Wl,-brtl = "x$ld_flag"); then - aix_use_runtimelinking=yes - break - fi - done - if test svr4,no = "$with_aix_soname,$aix_use_runtimelinking"; then - # With aix-soname=svr4, we create the lib.so.V shared archives only, - # so we don't have lib.a shared libs to link our executables. - # We have to force runtime linking in this case. - aix_use_runtimelinking=yes - LDFLAGS="$LDFLAGS -Wl,-brtl" - fi - ;; - esac - - exp_sym_flag='-bexport' - no_entry_flag='-bnoentry' - fi - - # When large executables or shared objects are built, AIX ld can - # have problems creating the table of contents. If linking a library - # or program results in "error TOC overflow" add -mminimal-toc to - # CXXFLAGS/CFLAGS for g++/gcc. In the cases where that is not - # enough to fix the problem, add -Wl,-bbigtoc to LDFLAGS. - - archive_cmds='' - hardcode_direct=yes - hardcode_direct_absolute=yes - hardcode_libdir_separator=':' - link_all_deplibs=yes - file_list_spec='$wl-f,' - case $with_aix_soname,$aix_use_runtimelinking in - aix,*) ;; # traditional, no import file - svr4,* | *,yes) # use import file - # The Import File defines what to hardcode. - hardcode_direct=no - hardcode_direct_absolute=no - ;; - esac - - if test yes = "$GCC"; then - case $host_os in aix4.[012]|aix4.[012].*) - # We only want to do this on AIX 4.2 and lower, the check - # below for broken collect2 doesn't work under 4.3+ - collect2name=`$CC -print-prog-name=collect2` - if test -f "$collect2name" && - strings "$collect2name" | $GREP resolve_lib_name >/dev/null - then - # We have reworked collect2 - : - else - # We have old collect2 - hardcode_direct=unsupported - # It fails to find uninstalled libraries when the uninstalled - # path is not listed in the libpath. Setting hardcode_minus_L - # to unsupported forces relinking - hardcode_minus_L=yes - hardcode_libdir_flag_spec='-L$libdir' - hardcode_libdir_separator= - fi - ;; - esac - shared_flag='-shared' - if test yes = "$aix_use_runtimelinking"; then - shared_flag="$shared_flag "'$wl-G' - fi - # Need to ensure runtime linking is disabled for the traditional - # shared library, or the linker may eventually find shared libraries - # /with/ Import File - we do not want to mix them. - shared_flag_aix='-shared' - shared_flag_svr4='-shared $wl-G' - else - # not using gcc - if test ia64 = "$host_cpu"; then - # VisualAge C++, Version 5.5 for AIX 5L for IA-64, Beta 3 Release - # chokes on -Wl,-G. The following line is correct: - shared_flag='-G' - else - if test yes = "$aix_use_runtimelinking"; then - shared_flag='$wl-G' - else - shared_flag='$wl-bM:SRE' - fi - shared_flag_aix='$wl-bM:SRE' - shared_flag_svr4='$wl-G' - fi - fi - - export_dynamic_flag_spec='$wl-bexpall' - # It seems that -bexpall does not export symbols beginning with - # underscore (_), so it is better to generate a list of symbols to export. - always_export_symbols=yes - if test aix,yes = "$with_aix_soname,$aix_use_runtimelinking"; then - # Warning - without using the other runtime loading flags (-brtl), - # -berok will link without error, but may produce a broken library. - allow_undefined_flag='-berok' - # Determine the default libpath from the value encoded in an - # empty executable. - if test set = "${lt_cv_aix_libpath+set}"; then - aix_libpath=$lt_cv_aix_libpath -else - if ${lt_cv_aix_libpath_+:} false; then : - $as_echo_n "(cached) " >&6 -else - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - -int -main () -{ - - ; - return 0; -} -_ACEOF -if ac_fn_c_try_link "$LINENO"; then : - - lt_aix_libpath_sed=' - /Import File Strings/,/^$/ { - /^0/ { - s/^0 *\([^ ]*\) *$/\1/ - p - } - }' - lt_cv_aix_libpath_=`dump -H conftest$ac_exeext 2>/dev/null | $SED -n -e "$lt_aix_libpath_sed"` - # Check for a 64-bit object if we didn't find anything. - if test -z "$lt_cv_aix_libpath_"; then - lt_cv_aix_libpath_=`dump -HX64 conftest$ac_exeext 2>/dev/null | $SED -n -e "$lt_aix_libpath_sed"` - fi -fi -rm -f core conftest.err conftest.$ac_objext \ - conftest$ac_exeext conftest.$ac_ext - if test -z "$lt_cv_aix_libpath_"; then - lt_cv_aix_libpath_=/usr/lib:/lib - fi - -fi - - aix_libpath=$lt_cv_aix_libpath_ -fi - - hardcode_libdir_flag_spec='$wl-blibpath:$libdir:'"$aix_libpath" - archive_expsym_cmds='$CC -o $output_objdir/$soname $libobjs $deplibs $wl'$no_entry_flag' $compiler_flags `if test -n "$allow_undefined_flag"; then func_echo_all "$wl$allow_undefined_flag"; else :; fi` $wl'$exp_sym_flag:\$export_symbols' '$shared_flag - else - if test ia64 = "$host_cpu"; then - hardcode_libdir_flag_spec='$wl-R $libdir:/usr/lib:/lib' - allow_undefined_flag="-z nodefs" - archive_expsym_cmds="\$CC $shared_flag"' -o $output_objdir/$soname $libobjs $deplibs '"\$wl$no_entry_flag"' $compiler_flags $wl$allow_undefined_flag '"\$wl$exp_sym_flag:\$export_symbols" - else - # Determine the default libpath from the value encoded in an - # empty executable. - if test set = "${lt_cv_aix_libpath+set}"; then - aix_libpath=$lt_cv_aix_libpath -else - if ${lt_cv_aix_libpath_+:} false; then : - $as_echo_n "(cached) " >&6 -else - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - -int -main () -{ - - ; - return 0; -} -_ACEOF -if ac_fn_c_try_link "$LINENO"; then : - - lt_aix_libpath_sed=' - /Import File Strings/,/^$/ { - /^0/ { - s/^0 *\([^ ]*\) *$/\1/ - p - } - }' - lt_cv_aix_libpath_=`dump -H conftest$ac_exeext 2>/dev/null | $SED -n -e "$lt_aix_libpath_sed"` - # Check for a 64-bit object if we didn't find anything. - if test -z "$lt_cv_aix_libpath_"; then - lt_cv_aix_libpath_=`dump -HX64 conftest$ac_exeext 2>/dev/null | $SED -n -e "$lt_aix_libpath_sed"` - fi -fi -rm -f core conftest.err conftest.$ac_objext \ - conftest$ac_exeext conftest.$ac_ext - if test -z "$lt_cv_aix_libpath_"; then - lt_cv_aix_libpath_=/usr/lib:/lib - fi - -fi - - aix_libpath=$lt_cv_aix_libpath_ -fi - - hardcode_libdir_flag_spec='$wl-blibpath:$libdir:'"$aix_libpath" - # Warning - without using the other run time loading flags, - # -berok will link without error, but may produce a broken library. - no_undefined_flag=' $wl-bernotok' - allow_undefined_flag=' $wl-berok' - if test yes = "$with_gnu_ld"; then - # We only use this code for GNU lds that support --whole-archive. - whole_archive_flag_spec='$wl--whole-archive$convenience $wl--no-whole-archive' - else - # Exported symbols can be pulled into shared objects from archives - whole_archive_flag_spec='$convenience' - fi - archive_cmds_need_lc=yes - archive_expsym_cmds='$RM -r $output_objdir/$realname.d~$MKDIR $output_objdir/$realname.d' - # -brtl affects multiple linker settings, -berok does not and is overridden later - compiler_flags_filtered='`func_echo_all "$compiler_flags " | $SED -e "s%-brtl\\([, ]\\)%-berok\\1%g"`' - if test svr4 != "$with_aix_soname"; then - # This is similar to how AIX traditionally builds its shared libraries. - archive_expsym_cmds="$archive_expsym_cmds"'~$CC '$shared_flag_aix' -o $output_objdir/$realname.d/$soname $libobjs $deplibs $wl-bnoentry '$compiler_flags_filtered'$wl-bE:$export_symbols$allow_undefined_flag~$AR $AR_FLAGS $output_objdir/$libname$release.a $output_objdir/$realname.d/$soname' - fi - if test aix != "$with_aix_soname"; then - archive_expsym_cmds="$archive_expsym_cmds"'~$CC '$shared_flag_svr4' -o $output_objdir/$realname.d/$shared_archive_member_spec.o $libobjs $deplibs $wl-bnoentry '$compiler_flags_filtered'$wl-bE:$export_symbols$allow_undefined_flag~$STRIP -e $output_objdir/$realname.d/$shared_archive_member_spec.o~( func_echo_all "#! $soname($shared_archive_member_spec.o)"; if test shr_64 = "$shared_archive_member_spec"; then func_echo_all "# 64"; else func_echo_all "# 32"; fi; cat $export_symbols ) > $output_objdir/$realname.d/$shared_archive_member_spec.imp~$AR $AR_FLAGS $output_objdir/$soname $output_objdir/$realname.d/$shared_archive_member_spec.o $output_objdir/$realname.d/$shared_archive_member_spec.imp' - else - # used by -dlpreopen to get the symbols - archive_expsym_cmds="$archive_expsym_cmds"'~$MV $output_objdir/$realname.d/$soname $output_objdir' - fi - archive_expsym_cmds="$archive_expsym_cmds"'~$RM -r $output_objdir/$realname.d' - fi - fi - ;; - - amigaos*) - case $host_cpu in - powerpc) - # see comment about AmigaOS4 .so support - archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib' - archive_expsym_cmds='' - ;; - m68k) - archive_cmds='$RM $output_objdir/a2ixlibrary.data~$ECHO "#define NAME $libname" > $output_objdir/a2ixlibrary.data~$ECHO "#define LIBRARY_ID 1" >> $output_objdir/a2ixlibrary.data~$ECHO "#define VERSION $major" >> $output_objdir/a2ixlibrary.data~$ECHO "#define REVISION $revision" >> $output_objdir/a2ixlibrary.data~$AR $AR_FLAGS $lib $libobjs~$RANLIB $lib~(cd $output_objdir && a2ixlibrary -32)' - hardcode_libdir_flag_spec='-L$libdir' - hardcode_minus_L=yes - ;; - esac - ;; - - bsdi[45]*) - export_dynamic_flag_spec=-rdynamic - ;; - - cygwin* | mingw* | pw32* | cegcc*) - # When not using gcc, we currently assume that we are using - # Microsoft Visual C++. - # hardcode_libdir_flag_spec is actually meaningless, as there is - # no search path for DLLs. - case $cc_basename in - cl*) - # Native MSVC - hardcode_libdir_flag_spec=' ' - allow_undefined_flag=unsupported - always_export_symbols=yes - file_list_spec='@' - # Tell ltmain to make .lib files, not .a files. - libext=lib - # Tell ltmain to make .dll files, not .so files. - shrext_cmds=.dll - # FIXME: Setting linknames here is a bad hack. - archive_cmds='$CC -o $output_objdir/$soname $libobjs $compiler_flags $deplibs -Wl,-DLL,-IMPLIB:"$tool_output_objdir$libname.dll.lib"~linknames=' - archive_expsym_cmds='if test DEF = "`$SED -n -e '\''s/^[ ]*//'\'' -e '\''/^\(;.*\)*$/d'\'' -e '\''s/^\(EXPORTS\|LIBRARY\)\([ ].*\)*$/DEF/p'\'' -e q $export_symbols`" ; then - cp "$export_symbols" "$output_objdir/$soname.def"; - echo "$tool_output_objdir$soname.def" > "$output_objdir/$soname.exp"; - else - $SED -e '\''s/^/-link -EXPORT:/'\'' < $export_symbols > $output_objdir/$soname.exp; - fi~ - $CC -o $tool_output_objdir$soname $libobjs $compiler_flags $deplibs "@$tool_output_objdir$soname.exp" -Wl,-DLL,-IMPLIB:"$tool_output_objdir$libname.dll.lib"~ - linknames=' - # The linker will not automatically build a static lib if we build a DLL. - # _LT_TAGVAR(old_archive_from_new_cmds, )='true' - enable_shared_with_static_runtimes=yes - exclude_expsyms='_NULL_IMPORT_DESCRIPTOR|_IMPORT_DESCRIPTOR_.*' - export_symbols_cmds='$NM $libobjs $convenience | $global_symbol_pipe | $SED -e '\''/^[BCDGRS][ ]/s/.*[ ]\([^ ]*\)/\1,DATA/'\'' | $SED -e '\''/^[AITW][ ]/s/.*[ ]//'\'' | sort | uniq > $export_symbols' - # Don't use ranlib - old_postinstall_cmds='chmod 644 $oldlib' - postlink_cmds='lt_outputfile="@OUTPUT@"~ - lt_tool_outputfile="@TOOL_OUTPUT@"~ - case $lt_outputfile in - *.exe|*.EXE) ;; - *) - lt_outputfile=$lt_outputfile.exe - lt_tool_outputfile=$lt_tool_outputfile.exe - ;; - esac~ - if test : != "$MANIFEST_TOOL" && test -f "$lt_outputfile.manifest"; then - $MANIFEST_TOOL -manifest "$lt_tool_outputfile.manifest" -outputresource:"$lt_tool_outputfile" || exit 1; - $RM "$lt_outputfile.manifest"; - fi' - ;; - *) - # Assume MSVC wrapper - hardcode_libdir_flag_spec=' ' - allow_undefined_flag=unsupported - # Tell ltmain to make .lib files, not .a files. - libext=lib - # Tell ltmain to make .dll files, not .so files. - shrext_cmds=.dll - # FIXME: Setting linknames here is a bad hack. - archive_cmds='$CC -o $lib $libobjs $compiler_flags `func_echo_all "$deplibs" | $SED '\''s/ -lc$//'\''` -link -dll~linknames=' - # The linker will automatically build a .lib file if we build a DLL. - old_archive_from_new_cmds='true' - # FIXME: Should let the user specify the lib program. - old_archive_cmds='lib -OUT:$oldlib$oldobjs$old_deplibs' - enable_shared_with_static_runtimes=yes - ;; - esac - ;; - - darwin* | rhapsody*) - - - archive_cmds_need_lc=no - hardcode_direct=no - hardcode_automatic=yes - hardcode_shlibpath_var=unsupported - if test yes = "$lt_cv_ld_force_load"; then - whole_archive_flag_spec='`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience $wl-force_load,$conv\"; done; func_echo_all \"$new_convenience\"`' - - else - whole_archive_flag_spec='' - fi - link_all_deplibs=yes - allow_undefined_flag=$_lt_dar_allow_undefined - case $cc_basename in - ifort*|nagfor*) _lt_dar_can_shared=yes ;; - *) _lt_dar_can_shared=$GCC ;; - esac - if test yes = "$_lt_dar_can_shared"; then - output_verbose_link_cmd=func_echo_all - archive_cmds="\$CC -dynamiclib \$allow_undefined_flag -o \$lib \$libobjs \$deplibs \$compiler_flags -install_name \$rpath/\$soname \$verstring $_lt_dar_single_mod$_lt_dsymutil" - module_cmds="\$CC \$allow_undefined_flag -o \$lib -bundle \$libobjs \$deplibs \$compiler_flags$_lt_dsymutil" - archive_expsym_cmds="sed 's|^|_|' < \$export_symbols > \$output_objdir/\$libname-symbols.expsym~\$CC -dynamiclib \$allow_undefined_flag -o \$lib \$libobjs \$deplibs \$compiler_flags -install_name \$rpath/\$soname \$verstring $_lt_dar_single_mod$_lt_dar_export_syms$_lt_dsymutil" - module_expsym_cmds="sed -e 's|^|_|' < \$export_symbols > \$output_objdir/\$libname-symbols.expsym~\$CC \$allow_undefined_flag -o \$lib -bundle \$libobjs \$deplibs \$compiler_flags$_lt_dar_export_syms$_lt_dsymutil" - - else - ld_shlibs=no - fi - - ;; - - dgux*) - archive_cmds='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags' - hardcode_libdir_flag_spec='-L$libdir' - hardcode_shlibpath_var=no - ;; - - # FreeBSD 2.2.[012] allows us to include c++rt0.o to get C++ constructor - # support. Future versions do this automatically, but an explicit c++rt0.o - # does not break anything, and helps significantly (at the cost of a little - # extra space). - freebsd2.2*) - archive_cmds='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags /usr/lib/c++rt0.o' - hardcode_libdir_flag_spec='-R$libdir' - hardcode_direct=yes - hardcode_shlibpath_var=no - ;; - - # Unfortunately, older versions of FreeBSD 2 do not have this feature. - freebsd2.*) - archive_cmds='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags' - hardcode_direct=yes - hardcode_minus_L=yes - hardcode_shlibpath_var=no - ;; - - # FreeBSD 3 and greater uses gcc -shared to do shared libraries. - freebsd* | dragonfly*) - archive_cmds='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags' - hardcode_libdir_flag_spec='-R$libdir' - hardcode_direct=yes - hardcode_shlibpath_var=no - ;; - - hpux9*) - if test yes = "$GCC"; then - archive_cmds='$RM $output_objdir/$soname~$CC -shared $pic_flag $wl+b $wl$install_libdir -o $output_objdir/$soname $libobjs $deplibs $compiler_flags~test "x$output_objdir/$soname" = "x$lib" || mv $output_objdir/$soname $lib' - else - archive_cmds='$RM $output_objdir/$soname~$LD -b +b $install_libdir -o $output_objdir/$soname $libobjs $deplibs $linker_flags~test "x$output_objdir/$soname" = "x$lib" || mv $output_objdir/$soname $lib' - fi - hardcode_libdir_flag_spec='$wl+b $wl$libdir' - hardcode_libdir_separator=: - hardcode_direct=yes - - # hardcode_minus_L: Not really in the search PATH, - # but as the default location of the library. - hardcode_minus_L=yes - export_dynamic_flag_spec='$wl-E' - ;; - - hpux10*) - if test yes,no = "$GCC,$with_gnu_ld"; then - archive_cmds='$CC -shared $pic_flag $wl+h $wl$soname $wl+b $wl$install_libdir -o $lib $libobjs $deplibs $compiler_flags' - else - archive_cmds='$LD -b +h $soname +b $install_libdir -o $lib $libobjs $deplibs $linker_flags' - fi - if test no = "$with_gnu_ld"; then - hardcode_libdir_flag_spec='$wl+b $wl$libdir' - hardcode_libdir_separator=: - hardcode_direct=yes - hardcode_direct_absolute=yes - export_dynamic_flag_spec='$wl-E' - # hardcode_minus_L: Not really in the search PATH, - # but as the default location of the library. - hardcode_minus_L=yes - fi - ;; - - hpux11*) - if test yes,no = "$GCC,$with_gnu_ld"; then - case $host_cpu in - hppa*64*) - archive_cmds='$CC -shared $wl+h $wl$soname -o $lib $libobjs $deplibs $compiler_flags' - ;; - ia64*) - archive_cmds='$CC -shared $pic_flag $wl+h $wl$soname $wl+nodefaultrpath -o $lib $libobjs $deplibs $compiler_flags' - ;; - *) - archive_cmds='$CC -shared $pic_flag $wl+h $wl$soname $wl+b $wl$install_libdir -o $lib $libobjs $deplibs $compiler_flags' - ;; - esac - else - case $host_cpu in - hppa*64*) - archive_cmds='$CC -b $wl+h $wl$soname -o $lib $libobjs $deplibs $compiler_flags' - ;; - ia64*) - archive_cmds='$CC -b $wl+h $wl$soname $wl+nodefaultrpath -o $lib $libobjs $deplibs $compiler_flags' - ;; - *) - - # Older versions of the 11.00 compiler do not understand -b yet - # (HP92453-01 A.11.01.20 doesn't, HP92453-01 B.11.X.35175-35176.GP does) - { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $CC understands -b" >&5 -$as_echo_n "checking if $CC understands -b... " >&6; } -if ${lt_cv_prog_compiler__b+:} false; then : - $as_echo_n "(cached) " >&6 -else - lt_cv_prog_compiler__b=no - save_LDFLAGS=$LDFLAGS - LDFLAGS="$LDFLAGS -b" - echo "$lt_simple_link_test_code" > conftest.$ac_ext - if (eval $ac_link 2>conftest.err) && test -s conftest$ac_exeext; then - # The linker can only warn and ignore the option if not recognized - # So say no if there are warnings - if test -s conftest.err; then - # Append any errors to the config.log. - cat conftest.err 1>&5 - $ECHO "$_lt_linker_boilerplate" | $SED '/^$/d' > conftest.exp - $SED '/^$/d; /^ *+/d' conftest.err >conftest.er2 - if diff conftest.exp conftest.er2 >/dev/null; then - lt_cv_prog_compiler__b=yes - fi - else - lt_cv_prog_compiler__b=yes - fi - fi - $RM -r conftest* - LDFLAGS=$save_LDFLAGS - -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler__b" >&5 -$as_echo "$lt_cv_prog_compiler__b" >&6; } - -if test yes = "$lt_cv_prog_compiler__b"; then - archive_cmds='$CC -b $wl+h $wl$soname $wl+b $wl$install_libdir -o $lib $libobjs $deplibs $compiler_flags' -else - archive_cmds='$LD -b +h $soname +b $install_libdir -o $lib $libobjs $deplibs $linker_flags' -fi - - ;; - esac - fi - if test no = "$with_gnu_ld"; then - hardcode_libdir_flag_spec='$wl+b $wl$libdir' - hardcode_libdir_separator=: - - case $host_cpu in - hppa*64*|ia64*) - hardcode_direct=no - hardcode_shlibpath_var=no - ;; - *) - hardcode_direct=yes - hardcode_direct_absolute=yes - export_dynamic_flag_spec='$wl-E' - - # hardcode_minus_L: Not really in the search PATH, - # but as the default location of the library. - hardcode_minus_L=yes - ;; - esac - fi - ;; - - irix5* | irix6* | nonstopux*) - if test yes = "$GCC"; then - archive_cmds='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-soname $wl$soname `test -n "$verstring" && func_echo_all "$wl-set_version $wl$verstring"` $wl-update_registry $wl$output_objdir/so_locations -o $lib' - # Try to use the -exported_symbol ld option, if it does not - # work, assume that -exports_file does not work either and - # implicitly export all symbols. - # This should be the same for all languages, so no per-tag cache variable. - { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether the $host_os linker accepts -exported_symbol" >&5 -$as_echo_n "checking whether the $host_os linker accepts -exported_symbol... " >&6; } -if ${lt_cv_irix_exported_symbol+:} false; then : - $as_echo_n "(cached) " >&6 -else - save_LDFLAGS=$LDFLAGS - LDFLAGS="$LDFLAGS -shared $wl-exported_symbol ${wl}foo $wl-update_registry $wl/dev/null" - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -int foo (void) { return 0; } -_ACEOF -if ac_fn_c_try_link "$LINENO"; then : - lt_cv_irix_exported_symbol=yes -else - lt_cv_irix_exported_symbol=no -fi -rm -f core conftest.err conftest.$ac_objext \ - conftest$ac_exeext conftest.$ac_ext - LDFLAGS=$save_LDFLAGS -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_irix_exported_symbol" >&5 -$as_echo "$lt_cv_irix_exported_symbol" >&6; } - if test yes = "$lt_cv_irix_exported_symbol"; then - archive_expsym_cmds='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-soname $wl$soname `test -n "$verstring" && func_echo_all "$wl-set_version $wl$verstring"` $wl-update_registry $wl$output_objdir/so_locations $wl-exports_file $wl$export_symbols -o $lib' - fi - else - archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags -soname $soname `test -n "$verstring" && func_echo_all "-set_version $verstring"` -update_registry $output_objdir/so_locations -o $lib' - archive_expsym_cmds='$CC -shared $libobjs $deplibs $compiler_flags -soname $soname `test -n "$verstring" && func_echo_all "-set_version $verstring"` -update_registry $output_objdir/so_locations -exports_file $export_symbols -o $lib' - fi - archive_cmds_need_lc='no' - hardcode_libdir_flag_spec='$wl-rpath $wl$libdir' - hardcode_libdir_separator=: - inherit_rpath=yes - link_all_deplibs=yes - ;; - - linux*) - case $cc_basename in - tcc*) - # Fabrice Bellard et al's Tiny C Compiler - ld_shlibs=yes - archive_cmds='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags' - ;; - esac - ;; - - netbsd*) - if echo __ELF__ | $CC -E - | $GREP __ELF__ >/dev/null; then - archive_cmds='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags' # a.out - else - archive_cmds='$LD -shared -o $lib $libobjs $deplibs $linker_flags' # ELF - fi - hardcode_libdir_flag_spec='-R$libdir' - hardcode_direct=yes - hardcode_shlibpath_var=no - ;; - - newsos6) - archive_cmds='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags' - hardcode_direct=yes - hardcode_libdir_flag_spec='$wl-rpath $wl$libdir' - hardcode_libdir_separator=: - hardcode_shlibpath_var=no - ;; - - *nto* | *qnx*) - ;; - - openbsd* | bitrig*) - if test -f /usr/libexec/ld.so; then - hardcode_direct=yes - hardcode_shlibpath_var=no - hardcode_direct_absolute=yes - if test -z "`echo __ELF__ | $CC -E - | $GREP __ELF__`"; then - archive_cmds='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags' - archive_expsym_cmds='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags $wl-retain-symbols-file,$export_symbols' - hardcode_libdir_flag_spec='$wl-rpath,$libdir' - export_dynamic_flag_spec='$wl-E' - else - archive_cmds='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags' - hardcode_libdir_flag_spec='$wl-rpath,$libdir' - fi - else - ld_shlibs=no - fi - ;; - - os2*) - hardcode_libdir_flag_spec='-L$libdir' - hardcode_minus_L=yes - allow_undefined_flag=unsupported - shrext_cmds=.dll - archive_cmds='$ECHO "LIBRARY ${soname%$shared_ext} INITINSTANCE TERMINSTANCE" > $output_objdir/$libname.def~ - $ECHO "DESCRIPTION \"$libname\"" >> $output_objdir/$libname.def~ - $ECHO "DATA MULTIPLE NONSHARED" >> $output_objdir/$libname.def~ - $ECHO EXPORTS >> $output_objdir/$libname.def~ - emxexp $libobjs | $SED /"_DLL_InitTerm"/d >> $output_objdir/$libname.def~ - $CC -Zdll -Zcrtdll -o $output_objdir/$soname $libobjs $deplibs $compiler_flags $output_objdir/$libname.def~ - emximp -o $lib $output_objdir/$libname.def' - archive_expsym_cmds='$ECHO "LIBRARY ${soname%$shared_ext} INITINSTANCE TERMINSTANCE" > $output_objdir/$libname.def~ - $ECHO "DESCRIPTION \"$libname\"" >> $output_objdir/$libname.def~ - $ECHO "DATA MULTIPLE NONSHARED" >> $output_objdir/$libname.def~ - $ECHO EXPORTS >> $output_objdir/$libname.def~ - prefix_cmds="$SED"~ - if test EXPORTS = "`$SED 1q $export_symbols`"; then - prefix_cmds="$prefix_cmds -e 1d"; - fi~ - prefix_cmds="$prefix_cmds -e \"s/^\(.*\)$/_\1/g\""~ - cat $export_symbols | $prefix_cmds >> $output_objdir/$libname.def~ - $CC -Zdll -Zcrtdll -o $output_objdir/$soname $libobjs $deplibs $compiler_flags $output_objdir/$libname.def~ - emximp -o $lib $output_objdir/$libname.def' - old_archive_From_new_cmds='emximp -o $output_objdir/${libname}_dll.a $output_objdir/$libname.def' - enable_shared_with_static_runtimes=yes - ;; - - osf3*) - if test yes = "$GCC"; then - allow_undefined_flag=' $wl-expect_unresolved $wl\*' - archive_cmds='$CC -shared$allow_undefined_flag $libobjs $deplibs $compiler_flags $wl-soname $wl$soname `test -n "$verstring" && func_echo_all "$wl-set_version $wl$verstring"` $wl-update_registry $wl$output_objdir/so_locations -o $lib' - else - allow_undefined_flag=' -expect_unresolved \*' - archive_cmds='$CC -shared$allow_undefined_flag $libobjs $deplibs $compiler_flags -soname $soname `test -n "$verstring" && func_echo_all "-set_version $verstring"` -update_registry $output_objdir/so_locations -o $lib' - fi - archive_cmds_need_lc='no' - hardcode_libdir_flag_spec='$wl-rpath $wl$libdir' - hardcode_libdir_separator=: - ;; - - osf4* | osf5*) # as osf3* with the addition of -msym flag - if test yes = "$GCC"; then - allow_undefined_flag=' $wl-expect_unresolved $wl\*' - archive_cmds='$CC -shared$allow_undefined_flag $pic_flag $libobjs $deplibs $compiler_flags $wl-msym $wl-soname $wl$soname `test -n "$verstring" && func_echo_all "$wl-set_version $wl$verstring"` $wl-update_registry $wl$output_objdir/so_locations -o $lib' - hardcode_libdir_flag_spec='$wl-rpath $wl$libdir' - else - allow_undefined_flag=' -expect_unresolved \*' - archive_cmds='$CC -shared$allow_undefined_flag $libobjs $deplibs $compiler_flags -msym -soname $soname `test -n "$verstring" && func_echo_all "-set_version $verstring"` -update_registry $output_objdir/so_locations -o $lib' - archive_expsym_cmds='for i in `cat $export_symbols`; do printf "%s %s\\n" -exported_symbol "\$i" >> $lib.exp; done; printf "%s\\n" "-hidden">> $lib.exp~ - $CC -shared$allow_undefined_flag $wl-input $wl$lib.exp $compiler_flags $libobjs $deplibs -soname $soname `test -n "$verstring" && $ECHO "-set_version $verstring"` -update_registry $output_objdir/so_locations -o $lib~$RM $lib.exp' - - # Both c and cxx compiler support -rpath directly - hardcode_libdir_flag_spec='-rpath $libdir' - fi - archive_cmds_need_lc='no' - hardcode_libdir_separator=: - ;; - - solaris*) - no_undefined_flag=' -z defs' - if test yes = "$GCC"; then - wlarc='$wl' - archive_cmds='$CC -shared $pic_flag $wl-z ${wl}text $wl-h $wl$soname -o $lib $libobjs $deplibs $compiler_flags' - archive_expsym_cmds='echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~echo "local: *; };" >> $lib.exp~ - $CC -shared $pic_flag $wl-z ${wl}text $wl-M $wl$lib.exp $wl-h $wl$soname -o $lib $libobjs $deplibs $compiler_flags~$RM $lib.exp' - else - case `$CC -V 2>&1` in - *"Compilers 5.0"*) - wlarc='' - archive_cmds='$LD -G$allow_undefined_flag -h $soname -o $lib $libobjs $deplibs $linker_flags' - archive_expsym_cmds='echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~echo "local: *; };" >> $lib.exp~ - $LD -G$allow_undefined_flag -M $lib.exp -h $soname -o $lib $libobjs $deplibs $linker_flags~$RM $lib.exp' - ;; - *) - wlarc='$wl' - archive_cmds='$CC -G$allow_undefined_flag -h $soname -o $lib $libobjs $deplibs $compiler_flags' - archive_expsym_cmds='echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~echo "local: *; };" >> $lib.exp~ - $CC -G$allow_undefined_flag -M $lib.exp -h $soname -o $lib $libobjs $deplibs $compiler_flags~$RM $lib.exp' - ;; - esac - fi - hardcode_libdir_flag_spec='-R$libdir' - hardcode_shlibpath_var=no - case $host_os in - solaris2.[0-5] | solaris2.[0-5].*) ;; - *) - # The compiler driver will combine and reorder linker options, - # but understands '-z linker_flag'. GCC discards it without '$wl', - # but is careful enough not to reorder. - # Supported since Solaris 2.6 (maybe 2.5.1?) - if test yes = "$GCC"; then - whole_archive_flag_spec='$wl-z ${wl}allextract$convenience $wl-z ${wl}defaultextract' - else - whole_archive_flag_spec='-z allextract$convenience -z defaultextract' - fi - ;; - esac - link_all_deplibs=yes - ;; - - sunos4*) - if test sequent = "$host_vendor"; then - # Use $CC to link under sequent, because it throws in some extra .o - # files that make .init and .fini sections work. - archive_cmds='$CC -G $wl-h $soname -o $lib $libobjs $deplibs $compiler_flags' - else - archive_cmds='$LD -assert pure-text -Bstatic -o $lib $libobjs $deplibs $linker_flags' - fi - hardcode_libdir_flag_spec='-L$libdir' - hardcode_direct=yes - hardcode_minus_L=yes - hardcode_shlibpath_var=no - ;; - - sysv4) - case $host_vendor in - sni) - archive_cmds='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags' - hardcode_direct=yes # is this really true??? - ;; - siemens) - ## LD is ld it makes a PLAMLIB - ## CC just makes a GrossModule. - archive_cmds='$LD -G -o $lib $libobjs $deplibs $linker_flags' - reload_cmds='$CC -r -o $output$reload_objs' - hardcode_direct=no - ;; - motorola) - archive_cmds='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags' - hardcode_direct=no #Motorola manual says yes, but my tests say they lie - ;; - esac - runpath_var='LD_RUN_PATH' - hardcode_shlibpath_var=no - ;; - - sysv4.3*) - archive_cmds='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags' - hardcode_shlibpath_var=no - export_dynamic_flag_spec='-Bexport' - ;; - - sysv4*MP*) - if test -d /usr/nec; then - archive_cmds='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags' - hardcode_shlibpath_var=no - runpath_var=LD_RUN_PATH - hardcode_runpath_var=yes - ld_shlibs=yes - fi - ;; - - sysv4*uw2* | sysv5OpenUNIX* | sysv5UnixWare7.[01].[10]* | unixware7* | sco3.2v5.0.[024]*) - no_undefined_flag='$wl-z,text' - archive_cmds_need_lc=no - hardcode_shlibpath_var=no - runpath_var='LD_RUN_PATH' - - if test yes = "$GCC"; then - archive_cmds='$CC -shared $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags' - archive_expsym_cmds='$CC -shared $wl-Bexport:$export_symbols $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags' - else - archive_cmds='$CC -G $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags' - archive_expsym_cmds='$CC -G $wl-Bexport:$export_symbols $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags' - fi - ;; - - sysv5* | sco3.2v5* | sco5v6*) - # Note: We CANNOT use -z defs as we might desire, because we do not - # link with -lc, and that would cause any symbols used from libc to - # always be unresolved, which means just about no library would - # ever link correctly. If we're not using GNU ld we use -z text - # though, which does catch some bad symbols but isn't as heavy-handed - # as -z defs. - no_undefined_flag='$wl-z,text' - allow_undefined_flag='$wl-z,nodefs' - archive_cmds_need_lc=no - hardcode_shlibpath_var=no - hardcode_libdir_flag_spec='$wl-R,$libdir' - hardcode_libdir_separator=':' - link_all_deplibs=yes - export_dynamic_flag_spec='$wl-Bexport' - runpath_var='LD_RUN_PATH' - - if test yes = "$GCC"; then - archive_cmds='$CC -shared $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags' - archive_expsym_cmds='$CC -shared $wl-Bexport:$export_symbols $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags' - else - archive_cmds='$CC -G $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags' - archive_expsym_cmds='$CC -G $wl-Bexport:$export_symbols $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags' - fi - ;; - - uts4*) - archive_cmds='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags' - hardcode_libdir_flag_spec='-L$libdir' - hardcode_shlibpath_var=no - ;; - - *) - ld_shlibs=no - ;; - esac - - if test sni = "$host_vendor"; then - case $host in - sysv4 | sysv4.2uw2* | sysv4.3* | sysv5*) - export_dynamic_flag_spec='$wl-Blargedynsym' - ;; - esac - fi - fi - -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ld_shlibs" >&5 -$as_echo "$ld_shlibs" >&6; } -test no = "$ld_shlibs" && can_build_shared=no - -with_gnu_ld=$with_gnu_ld - - - - - - - - - - - - - - - -# -# Do we need to explicitly link libc? -# -case "x$archive_cmds_need_lc" in -x|xyes) - # Assume -lc should be added - archive_cmds_need_lc=yes - - if test yes,yes = "$GCC,$enable_shared"; then - case $archive_cmds in - *'~'*) - # FIXME: we may have to deal with multi-command sequences. - ;; - '$CC '*) - # Test whether the compiler implicitly links with -lc since on some - # systems, -lgcc has to come before -lc. If gcc already passes -lc - # to ld, don't add -lc before -lgcc. - { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether -lc should be explicitly linked in" >&5 -$as_echo_n "checking whether -lc should be explicitly linked in... " >&6; } -if ${lt_cv_archive_cmds_need_lc+:} false; then : - $as_echo_n "(cached) " >&6 -else - $RM conftest* - echo "$lt_simple_compile_test_code" > conftest.$ac_ext - - if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_compile\""; } >&5 - (eval $ac_compile) 2>&5 - ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 - test $ac_status = 0; } 2>conftest.err; then - soname=conftest - lib=conftest - libobjs=conftest.$ac_objext - deplibs= - wl=$lt_prog_compiler_wl - pic_flag=$lt_prog_compiler_pic - compiler_flags=-v - linker_flags=-v - verstring= - output_objdir=. - libname=conftest - lt_save_allow_undefined_flag=$allow_undefined_flag - allow_undefined_flag= - if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$archive_cmds 2\>\&1 \| $GREP \" -lc \" \>/dev/null 2\>\&1\""; } >&5 - (eval $archive_cmds 2\>\&1 \| $GREP \" -lc \" \>/dev/null 2\>\&1) 2>&5 - ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 - test $ac_status = 0; } - then - lt_cv_archive_cmds_need_lc=no - else - lt_cv_archive_cmds_need_lc=yes - fi - allow_undefined_flag=$lt_save_allow_undefined_flag - else - cat conftest.err 1>&5 - fi - $RM conftest* - -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_archive_cmds_need_lc" >&5 -$as_echo "$lt_cv_archive_cmds_need_lc" >&6; } - archive_cmds_need_lc=$lt_cv_archive_cmds_need_lc - ;; - esac - fi - ;; -esac - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - { $as_echo "$as_me:${as_lineno-$LINENO}: checking dynamic linker characteristics" >&5 -$as_echo_n "checking dynamic linker characteristics... " >&6; } - -if test yes = "$GCC"; then - case $host_os in - darwin*) lt_awk_arg='/^libraries:/,/LR/' ;; - *) lt_awk_arg='/^libraries:/' ;; - esac - case $host_os in - mingw* | cegcc*) lt_sed_strip_eq='s|=\([A-Za-z]:\)|\1|g' ;; - *) lt_sed_strip_eq='s|=/|/|g' ;; - esac - lt_search_path_spec=`$CC -print-search-dirs | awk $lt_awk_arg | $SED -e "s/^libraries://" -e $lt_sed_strip_eq` - case $lt_search_path_spec in - *\;*) - # if the path contains ";" then we assume it to be the separator - # otherwise default to the standard path separator (i.e. ":") - it is - # assumed that no part of a normal pathname contains ";" but that should - # okay in the real world where ";" in dirpaths is itself problematic. - lt_search_path_spec=`$ECHO "$lt_search_path_spec" | $SED 's/;/ /g'` - ;; - *) - lt_search_path_spec=`$ECHO "$lt_search_path_spec" | $SED "s/$PATH_SEPARATOR/ /g"` - ;; - esac - # Ok, now we have the path, separated by spaces, we can step through it - # and add multilib dir if necessary... - lt_tmp_lt_search_path_spec= - lt_multi_os_dir=/`$CC $CPPFLAGS $CFLAGS $LDFLAGS -print-multi-os-directory 2>/dev/null` - # ...but if some path component already ends with the multilib dir we assume - # that all is fine and trust -print-search-dirs as is (GCC 4.2? or newer). - case "$lt_multi_os_dir; $lt_search_path_spec " in - "/; "* | "/.; "* | "/./; "* | *"$lt_multi_os_dir "* | *"$lt_multi_os_dir/ "*) - lt_multi_os_dir= - ;; - esac - for lt_sys_path in $lt_search_path_spec; do - if test -d "$lt_sys_path$lt_multi_os_dir"; then - lt_tmp_lt_search_path_spec="$lt_tmp_lt_search_path_spec $lt_sys_path$lt_multi_os_dir" - elif test -n "$lt_multi_os_dir"; then - test -d "$lt_sys_path" && \ - lt_tmp_lt_search_path_spec="$lt_tmp_lt_search_path_spec $lt_sys_path" - fi - done - lt_search_path_spec=`$ECHO "$lt_tmp_lt_search_path_spec" | awk ' -BEGIN {RS = " "; FS = "/|\n";} { - lt_foo = ""; - lt_count = 0; - for (lt_i = NF; lt_i > 0; lt_i--) { - if ($lt_i != "" && $lt_i != ".") { - if ($lt_i == "..") { - lt_count++; - } else { - if (lt_count == 0) { - lt_foo = "/" $lt_i lt_foo; - } else { - lt_count--; - } - } - } - } - if (lt_foo != "") { lt_freq[lt_foo]++; } - if (lt_freq[lt_foo] == 1) { print lt_foo; } -}'` - # AWK program above erroneously prepends '/' to C:/dos/paths - # for these hosts. - case $host_os in - mingw* | cegcc*) lt_search_path_spec=`$ECHO "$lt_search_path_spec" |\ - $SED 's|/\([A-Za-z]:\)|\1|g'` ;; - esac - sys_lib_search_path_spec=`$ECHO "$lt_search_path_spec" | $lt_NL2SP` -else - sys_lib_search_path_spec="/lib /usr/lib /usr/local/lib" -fi -library_names_spec= -libname_spec='lib$name' -soname_spec= -shrext_cmds=.so -postinstall_cmds= -postuninstall_cmds= -finish_cmds= -finish_eval= -shlibpath_var= -shlibpath_overrides_runpath=unknown -version_type=none -dynamic_linker="$host_os ld.so" -sys_lib_dlsearch_path_spec="/lib /usr/lib" -need_lib_prefix=unknown -hardcode_into_libs=no - -# when you set need_version to no, make sure it does not cause -set_version -# flags to be left without arguments -need_version=unknown - - - -case $host_os in -aix3*) - version_type=linux # correct to gnu/linux during the next big refactor - library_names_spec='$libname$release$shared_ext$versuffix $libname.a' - shlibpath_var=LIBPATH - - # AIX 3 has no versioning support, so we append a major version to the name. - soname_spec='$libname$release$shared_ext$major' - ;; - -aix[4-9]*) - version_type=linux # correct to gnu/linux during the next big refactor - need_lib_prefix=no - need_version=no - hardcode_into_libs=yes - if test ia64 = "$host_cpu"; then - # AIX 5 supports IA64 - library_names_spec='$libname$release$shared_ext$major $libname$release$shared_ext$versuffix $libname$shared_ext' - shlibpath_var=LD_LIBRARY_PATH - else - # With GCC up to 2.95.x, collect2 would create an import file - # for dependence libraries. The import file would start with - # the line '#! .'. This would cause the generated library to - # depend on '.', always an invalid library. This was fixed in - # development snapshots of GCC prior to 3.0. - case $host_os in - aix4 | aix4.[01] | aix4.[01].*) - if { echo '#if __GNUC__ > 2 || (__GNUC__ == 2 && __GNUC_MINOR__ >= 97)' - echo ' yes ' - echo '#endif'; } | $CC -E - | $GREP yes > /dev/null; then - : - else - can_build_shared=no - fi - ;; - esac - # Using Import Files as archive members, it is possible to support - # filename-based versioning of shared library archives on AIX. While - # this would work for both with and without runtime linking, it will - # prevent static linking of such archives. So we do filename-based - # shared library versioning with .so extension only, which is used - # when both runtime linking and shared linking is enabled. - # Unfortunately, runtime linking may impact performance, so we do - # not want this to be the default eventually. Also, we use the - # versioned .so libs for executables only if there is the -brtl - # linker flag in LDFLAGS as well, or --with-aix-soname=svr4 only. - # To allow for filename-based versioning support, we need to create - # libNAME.so.V as an archive file, containing: - # *) an Import File, referring to the versioned filename of the - # archive as well as the shared archive member, telling the - # bitwidth (32 or 64) of that shared object, and providing the - # list of exported symbols of that shared object, eventually - # decorated with the 'weak' keyword - # *) the shared object with the F_LOADONLY flag set, to really avoid - # it being seen by the linker. - # At run time we better use the real file rather than another symlink, - # but for link time we create the symlink libNAME.so -> libNAME.so.V - - case $with_aix_soname,$aix_use_runtimelinking in - # AIX (on Power*) has no versioning support, so currently we cannot hardcode correct - # soname into executable. Probably we can add versioning support to - # collect2, so additional links can be useful in future. - aix,yes) # traditional libtool - dynamic_linker='AIX unversionable lib.so' - # If using run time linking (on AIX 4.2 or later) use lib.so - # instead of lib.a to let people know that these are not - # typical AIX shared libraries. - library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext' - ;; - aix,no) # traditional AIX only - dynamic_linker='AIX lib.a(lib.so.V)' - # We preserve .a as extension for shared libraries through AIX4.2 - # and later when we are not doing run time linking. - library_names_spec='$libname$release.a $libname.a' - soname_spec='$libname$release$shared_ext$major' - ;; - svr4,*) # full svr4 only - dynamic_linker="AIX lib.so.V($shared_archive_member_spec.o)" - library_names_spec='$libname$release$shared_ext$major $libname$shared_ext' - # We do not specify a path in Import Files, so LIBPATH fires. - shlibpath_overrides_runpath=yes - ;; - *,yes) # both, prefer svr4 - dynamic_linker="AIX lib.so.V($shared_archive_member_spec.o), lib.a(lib.so.V)" - library_names_spec='$libname$release$shared_ext$major $libname$shared_ext' - # unpreferred sharedlib libNAME.a needs extra handling - postinstall_cmds='test -n "$linkname" || linkname="$realname"~func_stripname "" ".so" "$linkname"~$install_shared_prog "$dir/$func_stripname_result.$libext" "$destdir/$func_stripname_result.$libext"~test -z "$tstripme" || test -z "$striplib" || $striplib "$destdir/$func_stripname_result.$libext"' - postuninstall_cmds='for n in $library_names $old_library; do :; done~func_stripname "" ".so" "$n"~test "$func_stripname_result" = "$n" || func_append rmfiles " $odir/$func_stripname_result.$libext"' - # We do not specify a path in Import Files, so LIBPATH fires. - shlibpath_overrides_runpath=yes - ;; - *,no) # both, prefer aix - dynamic_linker="AIX lib.a(lib.so.V), lib.so.V($shared_archive_member_spec.o)" - library_names_spec='$libname$release.a $libname.a' - soname_spec='$libname$release$shared_ext$major' - # unpreferred sharedlib libNAME.so.V and symlink libNAME.so need extra handling - postinstall_cmds='test -z "$dlname" || $install_shared_prog $dir/$dlname $destdir/$dlname~test -z "$tstripme" || test -z "$striplib" || $striplib $destdir/$dlname~test -n "$linkname" || linkname=$realname~func_stripname "" ".a" "$linkname"~(cd "$destdir" && $LN_S -f $dlname $func_stripname_result.so)' - postuninstall_cmds='test -z "$dlname" || func_append rmfiles " $odir/$dlname"~for n in $old_library $library_names; do :; done~func_stripname "" ".a" "$n"~func_append rmfiles " $odir/$func_stripname_result.so"' - ;; - esac - shlibpath_var=LIBPATH - fi - ;; - -amigaos*) - case $host_cpu in - powerpc) - # Since July 2007 AmigaOS4 officially supports .so libraries. - # When compiling the executable, add -use-dynld -Lsobjs: to the compileline. - library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext' - ;; - m68k) - library_names_spec='$libname.ixlibrary $libname.a' - # Create ${libname}_ixlibrary.a entries in /sys/libs. - finish_eval='for lib in `ls $libdir/*.ixlibrary 2>/dev/null`; do libname=`func_echo_all "$lib" | $SED '\''s%^.*/\([^/]*\)\.ixlibrary$%\1%'\''`; $RM /sys/libs/${libname}_ixlibrary.a; $show "cd /sys/libs && $LN_S $lib ${libname}_ixlibrary.a"; cd /sys/libs && $LN_S $lib ${libname}_ixlibrary.a || exit 1; done' - ;; - esac - ;; - -beos*) - library_names_spec='$libname$shared_ext' - dynamic_linker="$host_os ld.so" - shlibpath_var=LIBRARY_PATH - ;; - -bsdi[45]*) - version_type=linux # correct to gnu/linux during the next big refactor - need_version=no - library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext' - soname_spec='$libname$release$shared_ext$major' - finish_cmds='PATH="\$PATH:/sbin" ldconfig $libdir' - shlibpath_var=LD_LIBRARY_PATH - sys_lib_search_path_spec="/shlib /usr/lib /usr/X11/lib /usr/contrib/lib /lib /usr/local/lib" - sys_lib_dlsearch_path_spec="/shlib /usr/lib /usr/local/lib" - # the default ld.so.conf also contains /usr/contrib/lib and - # /usr/X11R6/lib (/usr/X11 is a link to /usr/X11R6), but let us allow - # libtool to hard-code these into programs - ;; - -cygwin* | mingw* | pw32* | cegcc*) - version_type=windows - shrext_cmds=.dll - need_version=no - need_lib_prefix=no - - case $GCC,$cc_basename in - yes,*) - # gcc - library_names_spec='$libname.dll.a' - # DLL is installed to $(libdir)/../bin by postinstall_cmds - postinstall_cmds='base_file=`basename \$file`~ - dlpath=`$SHELL 2>&1 -c '\''. $dir/'\''\$base_file'\''i; echo \$dlname'\''`~ - dldir=$destdir/`dirname \$dlpath`~ - test -d \$dldir || mkdir -p \$dldir~ - $install_prog $dir/$dlname \$dldir/$dlname~ - chmod a+x \$dldir/$dlname~ - if test -n '\''$stripme'\'' && test -n '\''$striplib'\''; then - eval '\''$striplib \$dldir/$dlname'\'' || exit \$?; - fi' - postuninstall_cmds='dldll=`$SHELL 2>&1 -c '\''. $file; echo \$dlname'\''`~ - dlpath=$dir/\$dldll~ - $RM \$dlpath' - shlibpath_overrides_runpath=yes - - case $host_os in - cygwin*) - # Cygwin DLLs use 'cyg' prefix rather than 'lib' - soname_spec='`echo $libname | sed -e 's/^lib/cyg/'``echo $release | $SED -e 's/[.]/-/g'`$versuffix$shared_ext' - - sys_lib_search_path_spec="$sys_lib_search_path_spec /usr/lib/w32api" - ;; - mingw* | cegcc*) - # MinGW DLLs use traditional 'lib' prefix - soname_spec='$libname`echo $release | $SED -e 's/[.]/-/g'`$versuffix$shared_ext' - ;; - pw32*) - # pw32 DLLs use 'pw' prefix rather than 'lib' - library_names_spec='`echo $libname | sed -e 's/^lib/pw/'``echo $release | $SED -e 's/[.]/-/g'`$versuffix$shared_ext' - ;; - esac - dynamic_linker='Win32 ld.exe' - ;; - - *,cl*) - # Native MSVC - libname_spec='$name' - soname_spec='$libname`echo $release | $SED -e 's/[.]/-/g'`$versuffix$shared_ext' - library_names_spec='$libname.dll.lib' - - case $build_os in - mingw*) - sys_lib_search_path_spec= - lt_save_ifs=$IFS - IFS=';' - for lt_path in $LIB - do - IFS=$lt_save_ifs - # Let DOS variable expansion print the short 8.3 style file name. - lt_path=`cd "$lt_path" 2>/dev/null && cmd //C "for %i in (".") do @echo %~si"` - sys_lib_search_path_spec="$sys_lib_search_path_spec $lt_path" - done - IFS=$lt_save_ifs - # Convert to MSYS style. - sys_lib_search_path_spec=`$ECHO "$sys_lib_search_path_spec" | sed -e 's|\\\\|/|g' -e 's| \\([a-zA-Z]\\):| /\\1|g' -e 's|^ ||'` - ;; - cygwin*) - # Convert to unix form, then to dos form, then back to unix form - # but this time dos style (no spaces!) so that the unix form looks - # like /cygdrive/c/PROGRA~1:/cygdr... - sys_lib_search_path_spec=`cygpath --path --unix "$LIB"` - sys_lib_search_path_spec=`cygpath --path --dos "$sys_lib_search_path_spec" 2>/dev/null` - sys_lib_search_path_spec=`cygpath --path --unix "$sys_lib_search_path_spec" | $SED -e "s/$PATH_SEPARATOR/ /g"` - ;; - *) - sys_lib_search_path_spec=$LIB - if $ECHO "$sys_lib_search_path_spec" | $GREP ';[c-zC-Z]:/' >/dev/null; then - # It is most probably a Windows format PATH. - sys_lib_search_path_spec=`$ECHO "$sys_lib_search_path_spec" | $SED -e 's/;/ /g'` - else - sys_lib_search_path_spec=`$ECHO "$sys_lib_search_path_spec" | $SED -e "s/$PATH_SEPARATOR/ /g"` - fi - # FIXME: find the short name or the path components, as spaces are - # common. (e.g. "Program Files" -> "PROGRA~1") - ;; - esac - - # DLL is installed to $(libdir)/../bin by postinstall_cmds - postinstall_cmds='base_file=`basename \$file`~ - dlpath=`$SHELL 2>&1 -c '\''. $dir/'\''\$base_file'\''i; echo \$dlname'\''`~ - dldir=$destdir/`dirname \$dlpath`~ - test -d \$dldir || mkdir -p \$dldir~ - $install_prog $dir/$dlname \$dldir/$dlname' - postuninstall_cmds='dldll=`$SHELL 2>&1 -c '\''. $file; echo \$dlname'\''`~ - dlpath=$dir/\$dldll~ - $RM \$dlpath' - shlibpath_overrides_runpath=yes - dynamic_linker='Win32 link.exe' - ;; - - *) - # Assume MSVC wrapper - library_names_spec='$libname`echo $release | $SED -e 's/[.]/-/g'`$versuffix$shared_ext $libname.lib' - dynamic_linker='Win32 ld.exe' - ;; - esac - # FIXME: first we should search . and the directory the executable is in - shlibpath_var=PATH - ;; - -darwin* | rhapsody*) - dynamic_linker="$host_os dyld" - version_type=darwin - need_lib_prefix=no - need_version=no - library_names_spec='$libname$release$major$shared_ext $libname$shared_ext' - soname_spec='$libname$release$major$shared_ext' - shlibpath_overrides_runpath=yes - shlibpath_var=DYLD_LIBRARY_PATH - shrext_cmds='`test .$module = .yes && echo .so || echo .dylib`' - - sys_lib_search_path_spec="$sys_lib_search_path_spec /usr/local/lib" - sys_lib_dlsearch_path_spec='/usr/local/lib /lib /usr/lib' - ;; - -dgux*) - version_type=linux # correct to gnu/linux during the next big refactor - need_lib_prefix=no - need_version=no - library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext' - soname_spec='$libname$release$shared_ext$major' - shlibpath_var=LD_LIBRARY_PATH - ;; - -freebsd* | dragonfly*) - # DragonFly does not have aout. When/if they implement a new - # versioning mechanism, adjust this. - if test -x /usr/bin/objformat; then - objformat=`/usr/bin/objformat` - else - case $host_os in - freebsd[23].*) objformat=aout ;; - *) objformat=elf ;; - esac - fi - version_type=freebsd-$objformat - case $version_type in - freebsd-elf*) - library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext' - soname_spec='$libname$release$shared_ext$major' - need_version=no - need_lib_prefix=no - ;; - freebsd-*) - library_names_spec='$libname$release$shared_ext$versuffix $libname$shared_ext$versuffix' - need_version=yes - ;; - esac - shlibpath_var=LD_LIBRARY_PATH - case $host_os in - freebsd2.*) - shlibpath_overrides_runpath=yes - ;; - freebsd3.[01]* | freebsdelf3.[01]*) - shlibpath_overrides_runpath=yes - hardcode_into_libs=yes - ;; - freebsd3.[2-9]* | freebsdelf3.[2-9]* | \ - freebsd4.[0-5] | freebsdelf4.[0-5] | freebsd4.1.1 | freebsdelf4.1.1) - shlibpath_overrides_runpath=no - hardcode_into_libs=yes - ;; - *) # from 4.6 on, and DragonFly - shlibpath_overrides_runpath=yes - hardcode_into_libs=yes - ;; - esac - ;; - -haiku*) - version_type=linux # correct to gnu/linux during the next big refactor - need_lib_prefix=no - need_version=no - dynamic_linker="$host_os runtime_loader" - library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext' - soname_spec='$libname$release$shared_ext$major' - shlibpath_var=LIBRARY_PATH - shlibpath_overrides_runpath=no - sys_lib_dlsearch_path_spec='/boot/home/config/lib /boot/common/lib /boot/system/lib' - hardcode_into_libs=yes - ;; - -hpux9* | hpux10* | hpux11*) - # Give a soname corresponding to the major version so that dld.sl refuses to - # link against other versions. - version_type=sunos - need_lib_prefix=no - need_version=no - case $host_cpu in - ia64*) - shrext_cmds='.so' - hardcode_into_libs=yes - dynamic_linker="$host_os dld.so" - shlibpath_var=LD_LIBRARY_PATH - shlibpath_overrides_runpath=yes # Unless +noenvvar is specified. - library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext' - soname_spec='$libname$release$shared_ext$major' - if test 32 = "$HPUX_IA64_MODE"; then - sys_lib_search_path_spec="/usr/lib/hpux32 /usr/local/lib/hpux32 /usr/local/lib" - sys_lib_dlsearch_path_spec=/usr/lib/hpux32 - else - sys_lib_search_path_spec="/usr/lib/hpux64 /usr/local/lib/hpux64" - sys_lib_dlsearch_path_spec=/usr/lib/hpux64 - fi - ;; - hppa*64*) - shrext_cmds='.sl' - hardcode_into_libs=yes - dynamic_linker="$host_os dld.sl" - shlibpath_var=LD_LIBRARY_PATH # How should we handle SHLIB_PATH - shlibpath_overrides_runpath=yes # Unless +noenvvar is specified. - library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext' - soname_spec='$libname$release$shared_ext$major' - sys_lib_search_path_spec="/usr/lib/pa20_64 /usr/ccs/lib/pa20_64" - sys_lib_dlsearch_path_spec=$sys_lib_search_path_spec - ;; - *) - shrext_cmds='.sl' - dynamic_linker="$host_os dld.sl" - shlibpath_var=SHLIB_PATH - shlibpath_overrides_runpath=no # +s is required to enable SHLIB_PATH - library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext' - soname_spec='$libname$release$shared_ext$major' - ;; - esac - # HP-UX runs *really* slowly unless shared libraries are mode 555, ... - postinstall_cmds='chmod 555 $lib' - # or fails outright, so override atomically: - install_override_mode=555 - ;; - -interix[3-9]*) - version_type=linux # correct to gnu/linux during the next big refactor - need_lib_prefix=no - need_version=no - library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext' - soname_spec='$libname$release$shared_ext$major' - dynamic_linker='Interix 3.x ld.so.1 (PE, like ELF)' - shlibpath_var=LD_LIBRARY_PATH - shlibpath_overrides_runpath=no - hardcode_into_libs=yes - ;; - -irix5* | irix6* | nonstopux*) - case $host_os in - nonstopux*) version_type=nonstopux ;; - *) - if test yes = "$lt_cv_prog_gnu_ld"; then - version_type=linux # correct to gnu/linux during the next big refactor - else - version_type=irix - fi ;; - esac - need_lib_prefix=no - need_version=no - soname_spec='$libname$release$shared_ext$major' - library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$release$shared_ext $libname$shared_ext' - case $host_os in - irix5* | nonstopux*) - libsuff= shlibsuff= - ;; - *) - case $LD in # libtool.m4 will add one of these switches to LD - *-32|*"-32 "|*-melf32bsmip|*"-melf32bsmip ") - libsuff= shlibsuff= libmagic=32-bit;; - *-n32|*"-n32 "|*-melf32bmipn32|*"-melf32bmipn32 ") - libsuff=32 shlibsuff=N32 libmagic=N32;; - *-64|*"-64 "|*-melf64bmip|*"-melf64bmip ") - libsuff=64 shlibsuff=64 libmagic=64-bit;; - *) libsuff= shlibsuff= libmagic=never-match;; - esac - ;; - esac - shlibpath_var=LD_LIBRARY${shlibsuff}_PATH - shlibpath_overrides_runpath=no - sys_lib_search_path_spec="/usr/lib$libsuff /lib$libsuff /usr/local/lib$libsuff" - sys_lib_dlsearch_path_spec="/usr/lib$libsuff /lib$libsuff" - hardcode_into_libs=yes - ;; - -# No shared lib support for Linux oldld, aout, or coff. -linux*oldld* | linux*aout* | linux*coff*) - dynamic_linker=no - ;; - -linux*android*) - version_type=none # Android doesn't support versioned libraries. - need_lib_prefix=no - need_version=no - library_names_spec='$libname$release$shared_ext' - soname_spec='$libname$release$shared_ext' - finish_cmds= - shlibpath_var=LD_LIBRARY_PATH - shlibpath_overrides_runpath=yes - - # This implies no fast_install, which is unacceptable. - # Some rework will be needed to allow for fast_install - # before this can be enabled. - hardcode_into_libs=yes - - dynamic_linker='Android linker' - # Don't embed -rpath directories since the linker doesn't support them. - hardcode_libdir_flag_spec='-L$libdir' - ;; - -# This must be glibc/ELF. -linux* | k*bsd*-gnu | kopensolaris*-gnu | gnu*) - version_type=linux # correct to gnu/linux during the next big refactor - need_lib_prefix=no - need_version=no - library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext' - soname_spec='$libname$release$shared_ext$major' - finish_cmds='PATH="\$PATH:/sbin" ldconfig -n $libdir' - shlibpath_var=LD_LIBRARY_PATH - shlibpath_overrides_runpath=no - - # Some binutils ld are patched to set DT_RUNPATH - if ${lt_cv_shlibpath_overrides_runpath+:} false; then : - $as_echo_n "(cached) " >&6 -else - lt_cv_shlibpath_overrides_runpath=no - save_LDFLAGS=$LDFLAGS - save_libdir=$libdir - eval "libdir=/foo; wl=\"$lt_prog_compiler_wl\"; \ - LDFLAGS=\"\$LDFLAGS $hardcode_libdir_flag_spec\"" - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - -int -main () -{ - - ; - return 0; -} -_ACEOF -if ac_fn_c_try_link "$LINENO"; then : - if ($OBJDUMP -p conftest$ac_exeext) 2>/dev/null | grep "RUNPATH.*$libdir" >/dev/null; then : - lt_cv_shlibpath_overrides_runpath=yes -fi -fi -rm -f core conftest.err conftest.$ac_objext \ - conftest$ac_exeext conftest.$ac_ext - LDFLAGS=$save_LDFLAGS - libdir=$save_libdir - -fi - - shlibpath_overrides_runpath=$lt_cv_shlibpath_overrides_runpath - - # This implies no fast_install, which is unacceptable. - # Some rework will be needed to allow for fast_install - # before this can be enabled. - hardcode_into_libs=yes - - # Add ABI-specific directories to the system library path. - sys_lib_dlsearch_path_spec="/lib64 /usr/lib64 /lib /usr/lib" - - # Ideally, we could use ldconfig to report *all* directores which are - # searched for libraries, however this is still not possible. Aside from not - # being certain /sbin/ldconfig is available, command - # 'ldconfig -N -X -v | grep ^/' on 64bit Fedora does not report /usr/lib64, - # even though it is searched at run-time. Try to do the best guess by - # appending ld.so.conf contents (and includes) to the search path. - if test -f /etc/ld.so.conf; then - lt_ld_extra=`awk '/^include / { system(sprintf("cd /etc; cat %s 2>/dev/null", \$2)); skip = 1; } { if (!skip) print \$0; skip = 0; }' < /etc/ld.so.conf | $SED -e 's/#.*//;/^[ ]*hwcap[ ]/d;s/[:, ]/ /g;s/=[^=]*$//;s/=[^= ]* / /g;s/"//g;/^$/d' | tr '\n' ' '` - sys_lib_dlsearch_path_spec="$sys_lib_dlsearch_path_spec $lt_ld_extra" - fi - - # We used to test for /lib/ld.so.1 and disable shared libraries on - # powerpc, because MkLinux only supported shared libraries with the - # GNU dynamic linker. Since this was broken with cross compilers, - # most powerpc-linux boxes support dynamic linking these days and - # people can always --disable-shared, the test was removed, and we - # assume the GNU/Linux dynamic linker is in use. - dynamic_linker='GNU/Linux ld.so' - ;; - -netbsd*) - version_type=sunos - need_lib_prefix=no - need_version=no - if echo __ELF__ | $CC -E - | $GREP __ELF__ >/dev/null; then - library_names_spec='$libname$release$shared_ext$versuffix $libname$shared_ext$versuffix' - finish_cmds='PATH="\$PATH:/sbin" ldconfig -m $libdir' - dynamic_linker='NetBSD (a.out) ld.so' - else - library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext' - soname_spec='$libname$release$shared_ext$major' - dynamic_linker='NetBSD ld.elf_so' - fi - shlibpath_var=LD_LIBRARY_PATH - shlibpath_overrides_runpath=yes - hardcode_into_libs=yes - ;; - -newsos6) - version_type=linux # correct to gnu/linux during the next big refactor - library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext' - shlibpath_var=LD_LIBRARY_PATH - shlibpath_overrides_runpath=yes - ;; - -*nto* | *qnx*) - version_type=qnx - need_lib_prefix=no - need_version=no - library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext' - soname_spec='$libname$release$shared_ext$major' - shlibpath_var=LD_LIBRARY_PATH - shlibpath_overrides_runpath=no - hardcode_into_libs=yes - dynamic_linker='ldqnx.so' - ;; - -openbsd* | bitrig*) - version_type=sunos - sys_lib_dlsearch_path_spec=/usr/lib - need_lib_prefix=no - if test -z "`echo __ELF__ | $CC -E - | $GREP __ELF__`"; then - need_version=no - else - need_version=yes - fi - library_names_spec='$libname$release$shared_ext$versuffix $libname$shared_ext$versuffix' - finish_cmds='PATH="\$PATH:/sbin" ldconfig -m $libdir' - shlibpath_var=LD_LIBRARY_PATH - shlibpath_overrides_runpath=yes - ;; - -os2*) - libname_spec='$name' - version_type=windows - shrext_cmds=.dll - need_version=no - need_lib_prefix=no - # OS/2 can only load a DLL with a base name of 8 characters or less. - soname_spec='`test -n "$os2dllname" && libname="$os2dllname"; - v=$($ECHO $release$versuffix | tr -d .-); - n=$($ECHO $libname | cut -b -$((8 - ${#v})) | tr . _); - $ECHO $n$v`$shared_ext' - library_names_spec='${libname}_dll.$libext' - dynamic_linker='OS/2 ld.exe' - shlibpath_var=BEGINLIBPATH - sys_lib_search_path_spec="/lib /usr/lib /usr/local/lib" - sys_lib_dlsearch_path_spec=$sys_lib_search_path_spec - postinstall_cmds='base_file=`basename \$file`~ - dlpath=`$SHELL 2>&1 -c '\''. $dir/'\''\$base_file'\''i; $ECHO \$dlname'\''`~ - dldir=$destdir/`dirname \$dlpath`~ - test -d \$dldir || mkdir -p \$dldir~ - $install_prog $dir/$dlname \$dldir/$dlname~ - chmod a+x \$dldir/$dlname~ - if test -n '\''$stripme'\'' && test -n '\''$striplib'\''; then - eval '\''$striplib \$dldir/$dlname'\'' || exit \$?; - fi' - postuninstall_cmds='dldll=`$SHELL 2>&1 -c '\''. $file; $ECHO \$dlname'\''`~ - dlpath=$dir/\$dldll~ - $RM \$dlpath' - ;; - -osf3* | osf4* | osf5*) - version_type=osf - need_lib_prefix=no - need_version=no - soname_spec='$libname$release$shared_ext$major' - library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext' - shlibpath_var=LD_LIBRARY_PATH - sys_lib_search_path_spec="/usr/shlib /usr/ccs/lib /usr/lib/cmplrs/cc /usr/lib /usr/local/lib /var/shlib" - sys_lib_dlsearch_path_spec=$sys_lib_search_path_spec - ;; - -rdos*) - dynamic_linker=no - ;; - -solaris*) - version_type=linux # correct to gnu/linux during the next big refactor - need_lib_prefix=no - need_version=no - library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext' - soname_spec='$libname$release$shared_ext$major' - shlibpath_var=LD_LIBRARY_PATH - shlibpath_overrides_runpath=yes - hardcode_into_libs=yes - # ldd complains unless libraries are executable - postinstall_cmds='chmod +x $lib' - ;; - -sunos4*) - version_type=sunos - library_names_spec='$libname$release$shared_ext$versuffix $libname$shared_ext$versuffix' - finish_cmds='PATH="\$PATH:/usr/etc" ldconfig $libdir' - shlibpath_var=LD_LIBRARY_PATH - shlibpath_overrides_runpath=yes - if test yes = "$with_gnu_ld"; then - need_lib_prefix=no - fi - need_version=yes - ;; - -sysv4 | sysv4.3*) - version_type=linux # correct to gnu/linux during the next big refactor - library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext' - soname_spec='$libname$release$shared_ext$major' - shlibpath_var=LD_LIBRARY_PATH - case $host_vendor in - sni) - shlibpath_overrides_runpath=no - need_lib_prefix=no - runpath_var=LD_RUN_PATH - ;; - siemens) - need_lib_prefix=no - ;; - motorola) - need_lib_prefix=no - need_version=no - shlibpath_overrides_runpath=no - sys_lib_search_path_spec='/lib /usr/lib /usr/ccs/lib' - ;; - esac - ;; - -sysv4*MP*) - if test -d /usr/nec; then - version_type=linux # correct to gnu/linux during the next big refactor - library_names_spec='$libname$shared_ext.$versuffix $libname$shared_ext.$major $libname$shared_ext' - soname_spec='$libname$shared_ext.$major' - shlibpath_var=LD_LIBRARY_PATH - fi - ;; - -sysv5* | sco3.2v5* | sco5v6* | unixware* | OpenUNIX* | sysv4*uw2*) - version_type=sco - need_lib_prefix=no - need_version=no - library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext $libname$shared_ext' - soname_spec='$libname$release$shared_ext$major' - shlibpath_var=LD_LIBRARY_PATH - shlibpath_overrides_runpath=yes - hardcode_into_libs=yes - if test yes = "$with_gnu_ld"; then - sys_lib_search_path_spec='/usr/local/lib /usr/gnu/lib /usr/ccs/lib /usr/lib /lib' - else - sys_lib_search_path_spec='/usr/ccs/lib /usr/lib' - case $host_os in - sco3.2v5*) - sys_lib_search_path_spec="$sys_lib_search_path_spec /lib" - ;; - esac - fi - sys_lib_dlsearch_path_spec='/usr/lib' - ;; - -tpf*) - # TPF is a cross-target only. Preferred cross-host = GNU/Linux. - version_type=linux # correct to gnu/linux during the next big refactor - need_lib_prefix=no - need_version=no - library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext' - shlibpath_var=LD_LIBRARY_PATH - shlibpath_overrides_runpath=no - hardcode_into_libs=yes - ;; - -uts4*) - version_type=linux # correct to gnu/linux during the next big refactor - library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext' - soname_spec='$libname$release$shared_ext$major' - shlibpath_var=LD_LIBRARY_PATH - ;; - -*) - dynamic_linker=no - ;; -esac -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $dynamic_linker" >&5 -$as_echo "$dynamic_linker" >&6; } -test no = "$dynamic_linker" && can_build_shared=no - -variables_saved_for_relink="PATH $shlibpath_var $runpath_var" -if test yes = "$GCC"; then - variables_saved_for_relink="$variables_saved_for_relink GCC_EXEC_PREFIX COMPILER_PATH LIBRARY_PATH" -fi - -if test set = "${lt_cv_sys_lib_search_path_spec+set}"; then - sys_lib_search_path_spec=$lt_cv_sys_lib_search_path_spec -fi - -if test set = "${lt_cv_sys_lib_dlsearch_path_spec+set}"; then - sys_lib_dlsearch_path_spec=$lt_cv_sys_lib_dlsearch_path_spec -fi - -# remember unaugmented sys_lib_dlsearch_path content for libtool script decls... -configure_time_dlsearch_path=$sys_lib_dlsearch_path_spec - -# ... but it needs LT_SYS_LIBRARY_PATH munging for other configure-time code -func_munge_path_list sys_lib_dlsearch_path_spec "$LT_SYS_LIBRARY_PATH" - -# to be used as default LT_SYS_LIBRARY_PATH value in generated libtool -configure_time_lt_sys_library_path=$LT_SYS_LIBRARY_PATH - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - { $as_echo "$as_me:${as_lineno-$LINENO}: checking how to hardcode library paths into programs" >&5 -$as_echo_n "checking how to hardcode library paths into programs... " >&6; } -hardcode_action= -if test -n "$hardcode_libdir_flag_spec" || - test -n "$runpath_var" || - test yes = "$hardcode_automatic"; then - - # We can hardcode non-existent directories. - if test no != "$hardcode_direct" && - # If the only mechanism to avoid hardcoding is shlibpath_var, we - # have to relink, otherwise we might link with an installed library - # when we should be linking with a yet-to-be-installed one - ## test no != "$_LT_TAGVAR(hardcode_shlibpath_var, )" && - test no != "$hardcode_minus_L"; then - # Linking always hardcodes the temporary library directory. - hardcode_action=relink - else - # We can link without hardcoding, and we can hardcode nonexisting dirs. - hardcode_action=immediate - fi -else - # We cannot hardcode anything, or else we can only hardcode existing - # directories. - hardcode_action=unsupported -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $hardcode_action" >&5 -$as_echo "$hardcode_action" >&6; } - -if test relink = "$hardcode_action" || - test yes = "$inherit_rpath"; then - # Fast installation is not supported - enable_fast_install=no -elif test yes = "$shlibpath_overrides_runpath" || - test no = "$enable_shared"; then - # Fast installation is not necessary - enable_fast_install=needless -fi - - - - - - - if test yes != "$enable_dlopen"; then - enable_dlopen=unknown - enable_dlopen_self=unknown - enable_dlopen_self_static=unknown -else - lt_cv_dlopen=no - lt_cv_dlopen_libs= - - case $host_os in - beos*) - lt_cv_dlopen=load_add_on - lt_cv_dlopen_libs= - lt_cv_dlopen_self=yes - ;; - - mingw* | pw32* | cegcc*) - lt_cv_dlopen=LoadLibrary - lt_cv_dlopen_libs= - ;; - - cygwin*) - lt_cv_dlopen=dlopen - lt_cv_dlopen_libs= - ;; - - darwin*) - # if libdl is installed we need to link against it - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for dlopen in -ldl" >&5 -$as_echo_n "checking for dlopen in -ldl... " >&6; } -if ${ac_cv_lib_dl_dlopen+:} false; then : - $as_echo_n "(cached) " >&6 -else - ac_check_lib_save_LIBS=$LIBS -LIBS="-ldl $LIBS" -cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char dlopen (); -int -main () -{ -return dlopen (); - ; - return 0; -} -_ACEOF -if ac_fn_c_try_link "$LINENO"; then : - ac_cv_lib_dl_dlopen=yes -else - ac_cv_lib_dl_dlopen=no -fi -rm -f core conftest.err conftest.$ac_objext \ - conftest$ac_exeext conftest.$ac_ext -LIBS=$ac_check_lib_save_LIBS -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_dl_dlopen" >&5 -$as_echo "$ac_cv_lib_dl_dlopen" >&6; } -if test "x$ac_cv_lib_dl_dlopen" = xyes; then : - lt_cv_dlopen=dlopen lt_cv_dlopen_libs=-ldl -else - - lt_cv_dlopen=dyld - lt_cv_dlopen_libs= - lt_cv_dlopen_self=yes - -fi - - ;; - - tpf*) - # Don't try to run any link tests for TPF. We know it's impossible - # because TPF is a cross-compiler, and we know how we open DSOs. - lt_cv_dlopen=dlopen - lt_cv_dlopen_libs= - lt_cv_dlopen_self=no - ;; - - *) - ac_fn_c_check_func "$LINENO" "shl_load" "ac_cv_func_shl_load" -if test "x$ac_cv_func_shl_load" = xyes; then : - lt_cv_dlopen=shl_load -else - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for shl_load in -ldld" >&5 -$as_echo_n "checking for shl_load in -ldld... " >&6; } -if ${ac_cv_lib_dld_shl_load+:} false; then : - $as_echo_n "(cached) " >&6 -else - ac_check_lib_save_LIBS=$LIBS -LIBS="-ldld $LIBS" -cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char shl_load (); -int -main () -{ -return shl_load (); - ; - return 0; -} -_ACEOF -if ac_fn_c_try_link "$LINENO"; then : - ac_cv_lib_dld_shl_load=yes -else - ac_cv_lib_dld_shl_load=no -fi -rm -f core conftest.err conftest.$ac_objext \ - conftest$ac_exeext conftest.$ac_ext -LIBS=$ac_check_lib_save_LIBS -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_dld_shl_load" >&5 -$as_echo "$ac_cv_lib_dld_shl_load" >&6; } -if test "x$ac_cv_lib_dld_shl_load" = xyes; then : - lt_cv_dlopen=shl_load lt_cv_dlopen_libs=-ldld -else - ac_fn_c_check_func "$LINENO" "dlopen" "ac_cv_func_dlopen" -if test "x$ac_cv_func_dlopen" = xyes; then : - lt_cv_dlopen=dlopen -else - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for dlopen in -ldl" >&5 -$as_echo_n "checking for dlopen in -ldl... " >&6; } -if ${ac_cv_lib_dl_dlopen+:} false; then : - $as_echo_n "(cached) " >&6 -else - ac_check_lib_save_LIBS=$LIBS -LIBS="-ldl $LIBS" -cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char dlopen (); -int -main () -{ -return dlopen (); - ; - return 0; -} -_ACEOF -if ac_fn_c_try_link "$LINENO"; then : - ac_cv_lib_dl_dlopen=yes -else - ac_cv_lib_dl_dlopen=no -fi -rm -f core conftest.err conftest.$ac_objext \ - conftest$ac_exeext conftest.$ac_ext -LIBS=$ac_check_lib_save_LIBS -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_dl_dlopen" >&5 -$as_echo "$ac_cv_lib_dl_dlopen" >&6; } -if test "x$ac_cv_lib_dl_dlopen" = xyes; then : - lt_cv_dlopen=dlopen lt_cv_dlopen_libs=-ldl -else - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for dlopen in -lsvld" >&5 -$as_echo_n "checking for dlopen in -lsvld... " >&6; } -if ${ac_cv_lib_svld_dlopen+:} false; then : - $as_echo_n "(cached) " >&6 -else - ac_check_lib_save_LIBS=$LIBS -LIBS="-lsvld $LIBS" -cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char dlopen (); -int -main () -{ -return dlopen (); - ; - return 0; -} -_ACEOF -if ac_fn_c_try_link "$LINENO"; then : - ac_cv_lib_svld_dlopen=yes -else - ac_cv_lib_svld_dlopen=no -fi -rm -f core conftest.err conftest.$ac_objext \ - conftest$ac_exeext conftest.$ac_ext -LIBS=$ac_check_lib_save_LIBS -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_svld_dlopen" >&5 -$as_echo "$ac_cv_lib_svld_dlopen" >&6; } -if test "x$ac_cv_lib_svld_dlopen" = xyes; then : - lt_cv_dlopen=dlopen lt_cv_dlopen_libs=-lsvld -else - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for dld_link in -ldld" >&5 -$as_echo_n "checking for dld_link in -ldld... " >&6; } -if ${ac_cv_lib_dld_dld_link+:} false; then : - $as_echo_n "(cached) " >&6 -else - ac_check_lib_save_LIBS=$LIBS -LIBS="-ldld $LIBS" -cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char dld_link (); -int -main () -{ -return dld_link (); - ; - return 0; -} -_ACEOF -if ac_fn_c_try_link "$LINENO"; then : - ac_cv_lib_dld_dld_link=yes -else - ac_cv_lib_dld_dld_link=no -fi -rm -f core conftest.err conftest.$ac_objext \ - conftest$ac_exeext conftest.$ac_ext -LIBS=$ac_check_lib_save_LIBS -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_dld_dld_link" >&5 -$as_echo "$ac_cv_lib_dld_dld_link" >&6; } -if test "x$ac_cv_lib_dld_dld_link" = xyes; then : - lt_cv_dlopen=dld_link lt_cv_dlopen_libs=-ldld -fi - - -fi - - -fi - - -fi - - -fi - - -fi - - ;; - esac - - if test no = "$lt_cv_dlopen"; then - enable_dlopen=no - else - enable_dlopen=yes - fi - - case $lt_cv_dlopen in - dlopen) - save_CPPFLAGS=$CPPFLAGS - test yes = "$ac_cv_header_dlfcn_h" && CPPFLAGS="$CPPFLAGS -DHAVE_DLFCN_H" - - save_LDFLAGS=$LDFLAGS - wl=$lt_prog_compiler_wl eval LDFLAGS=\"\$LDFLAGS $export_dynamic_flag_spec\" - - save_LIBS=$LIBS - LIBS="$lt_cv_dlopen_libs $LIBS" - - { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether a program can dlopen itself" >&5 -$as_echo_n "checking whether a program can dlopen itself... " >&6; } -if ${lt_cv_dlopen_self+:} false; then : - $as_echo_n "(cached) " >&6 -else - if test yes = "$cross_compiling"; then : - lt_cv_dlopen_self=cross -else - lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2 - lt_status=$lt_dlunknown - cat > conftest.$ac_ext <<_LT_EOF -#line $LINENO "configure" -#include "confdefs.h" - -#if HAVE_DLFCN_H -#include -#endif - -#include - -#ifdef RTLD_GLOBAL -# define LT_DLGLOBAL RTLD_GLOBAL -#else -# ifdef DL_GLOBAL -# define LT_DLGLOBAL DL_GLOBAL -# else -# define LT_DLGLOBAL 0 -# endif -#endif - -/* We may have to define LT_DLLAZY_OR_NOW in the command line if we - find out it does not work in some platform. */ -#ifndef LT_DLLAZY_OR_NOW -# ifdef RTLD_LAZY -# define LT_DLLAZY_OR_NOW RTLD_LAZY -# else -# ifdef DL_LAZY -# define LT_DLLAZY_OR_NOW DL_LAZY -# else -# ifdef RTLD_NOW -# define LT_DLLAZY_OR_NOW RTLD_NOW -# else -# ifdef DL_NOW -# define LT_DLLAZY_OR_NOW DL_NOW -# else -# define LT_DLLAZY_OR_NOW 0 -# endif -# endif -# endif -# endif -#endif - -/* When -fvisibility=hidden is used, assume the code has been annotated - correspondingly for the symbols needed. */ -#if defined __GNUC__ && (((__GNUC__ == 3) && (__GNUC_MINOR__ >= 3)) || (__GNUC__ > 3)) -int fnord () __attribute__((visibility("default"))); -#endif - -int fnord () { return 42; } -int main () -{ - void *self = dlopen (0, LT_DLGLOBAL|LT_DLLAZY_OR_NOW); - int status = $lt_dlunknown; - - if (self) - { - if (dlsym (self,"fnord")) status = $lt_dlno_uscore; - else - { - if (dlsym( self,"_fnord")) status = $lt_dlneed_uscore; - else puts (dlerror ()); - } - /* dlclose (self); */ - } - else - puts (dlerror ()); - - return status; -} -_LT_EOF - if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_link\""; } >&5 - (eval $ac_link) 2>&5 - ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 - test $ac_status = 0; } && test -s "conftest$ac_exeext" 2>/dev/null; then - (./conftest; exit; ) >&5 2>/dev/null - lt_status=$? - case x$lt_status in - x$lt_dlno_uscore) lt_cv_dlopen_self=yes ;; - x$lt_dlneed_uscore) lt_cv_dlopen_self=yes ;; - x$lt_dlunknown|x*) lt_cv_dlopen_self=no ;; - esac - else : - # compilation failed - lt_cv_dlopen_self=no - fi -fi -rm -fr conftest* - - -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_dlopen_self" >&5 -$as_echo "$lt_cv_dlopen_self" >&6; } - - if test yes = "$lt_cv_dlopen_self"; then - wl=$lt_prog_compiler_wl eval LDFLAGS=\"\$LDFLAGS $lt_prog_compiler_static\" - { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether a statically linked program can dlopen itself" >&5 -$as_echo_n "checking whether a statically linked program can dlopen itself... " >&6; } -if ${lt_cv_dlopen_self_static+:} false; then : - $as_echo_n "(cached) " >&6 -else - if test yes = "$cross_compiling"; then : - lt_cv_dlopen_self_static=cross -else - lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2 - lt_status=$lt_dlunknown - cat > conftest.$ac_ext <<_LT_EOF -#line $LINENO "configure" -#include "confdefs.h" - -#if HAVE_DLFCN_H -#include -#endif - -#include - -#ifdef RTLD_GLOBAL -# define LT_DLGLOBAL RTLD_GLOBAL -#else -# ifdef DL_GLOBAL -# define LT_DLGLOBAL DL_GLOBAL -# else -# define LT_DLGLOBAL 0 -# endif -#endif - -/* We may have to define LT_DLLAZY_OR_NOW in the command line if we - find out it does not work in some platform. */ -#ifndef LT_DLLAZY_OR_NOW -# ifdef RTLD_LAZY -# define LT_DLLAZY_OR_NOW RTLD_LAZY -# else -# ifdef DL_LAZY -# define LT_DLLAZY_OR_NOW DL_LAZY -# else -# ifdef RTLD_NOW -# define LT_DLLAZY_OR_NOW RTLD_NOW -# else -# ifdef DL_NOW -# define LT_DLLAZY_OR_NOW DL_NOW -# else -# define LT_DLLAZY_OR_NOW 0 -# endif -# endif -# endif -# endif -#endif - -/* When -fvisibility=hidden is used, assume the code has been annotated - correspondingly for the symbols needed. */ -#if defined __GNUC__ && (((__GNUC__ == 3) && (__GNUC_MINOR__ >= 3)) || (__GNUC__ > 3)) -int fnord () __attribute__((visibility("default"))); -#endif - -int fnord () { return 42; } -int main () -{ - void *self = dlopen (0, LT_DLGLOBAL|LT_DLLAZY_OR_NOW); - int status = $lt_dlunknown; - - if (self) - { - if (dlsym (self,"fnord")) status = $lt_dlno_uscore; - else - { - if (dlsym( self,"_fnord")) status = $lt_dlneed_uscore; - else puts (dlerror ()); - } - /* dlclose (self); */ - } - else - puts (dlerror ()); - - return status; -} -_LT_EOF - if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_link\""; } >&5 - (eval $ac_link) 2>&5 - ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 - test $ac_status = 0; } && test -s "conftest$ac_exeext" 2>/dev/null; then - (./conftest; exit; ) >&5 2>/dev/null - lt_status=$? - case x$lt_status in - x$lt_dlno_uscore) lt_cv_dlopen_self_static=yes ;; - x$lt_dlneed_uscore) lt_cv_dlopen_self_static=yes ;; - x$lt_dlunknown|x*) lt_cv_dlopen_self_static=no ;; - esac - else : - # compilation failed - lt_cv_dlopen_self_static=no - fi -fi -rm -fr conftest* - - -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_dlopen_self_static" >&5 -$as_echo "$lt_cv_dlopen_self_static" >&6; } - fi - - CPPFLAGS=$save_CPPFLAGS - LDFLAGS=$save_LDFLAGS - LIBS=$save_LIBS - ;; - esac - - case $lt_cv_dlopen_self in - yes|no) enable_dlopen_self=$lt_cv_dlopen_self ;; - *) enable_dlopen_self=unknown ;; - esac - - case $lt_cv_dlopen_self_static in - yes|no) enable_dlopen_self_static=$lt_cv_dlopen_self_static ;; - *) enable_dlopen_self_static=unknown ;; - esac -fi - - - - - - - - - - - - - - - - - -striplib= -old_striplib= -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether stripping libraries is possible" >&5 -$as_echo_n "checking whether stripping libraries is possible... " >&6; } -if test -n "$STRIP" && $STRIP -V 2>&1 | $GREP "GNU strip" >/dev/null; then - test -z "$old_striplib" && old_striplib="$STRIP --strip-debug" - test -z "$striplib" && striplib="$STRIP --strip-unneeded" - { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 -$as_echo "yes" >&6; } -else -# FIXME - insert some real tests, host_os isn't really good enough - case $host_os in - darwin*) - if test -n "$STRIP"; then - striplib="$STRIP -x" - old_striplib="$STRIP -S" - { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 -$as_echo "yes" >&6; } - else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } - fi - ;; - *) - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } - ;; - esac -fi - - - - - - - - - - - - - # Report what library types will actually be built - { $as_echo "$as_me:${as_lineno-$LINENO}: checking if libtool supports shared libraries" >&5 -$as_echo_n "checking if libtool supports shared libraries... " >&6; } - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $can_build_shared" >&5 -$as_echo "$can_build_shared" >&6; } - - { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to build shared libraries" >&5 -$as_echo_n "checking whether to build shared libraries... " >&6; } - test no = "$can_build_shared" && enable_shared=no - - # On AIX, shared libraries and static libraries use the same namespace, and - # are all built from PIC. - case $host_os in - aix3*) - test yes = "$enable_shared" && enable_static=no - if test -n "$RANLIB"; then - archive_cmds="$archive_cmds~\$RANLIB \$lib" - postinstall_cmds='$RANLIB $lib' - fi - ;; - - aix[4-9]*) - if test ia64 != "$host_cpu"; then - case $enable_shared,$with_aix_soname,$aix_use_runtimelinking in - yes,aix,yes) ;; # shared object as lib.so file only - yes,svr4,*) ;; # shared object as lib.so archive member only - yes,*) enable_static=no ;; # shared object in lib.a archive as well - esac - fi - ;; - esac - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $enable_shared" >&5 -$as_echo "$enable_shared" >&6; } - - { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to build static libraries" >&5 -$as_echo_n "checking whether to build static libraries... " >&6; } - # Make sure either enable_shared or enable_static is yes. - test yes = "$enable_shared" || enable_static=yes - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $enable_static" >&5 -$as_echo "$enable_static" >&6; } - - - - -fi -ac_ext=c -ac_cpp='$CPP $CPPFLAGS' -ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' -ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' -ac_compiler_gnu=$ac_cv_c_compiler_gnu - -CC=$lt_save_CC - - - - - - - - - - - - - - - - ac_config_commands="$ac_config_commands libtool" - - - - -# Only expand once: - - - - -# Checks for header files. -for ac_header in stdarg.h stdbool.h netinet/in.h netinet/tcp.h sys/param.h sys/socket.h sys/un.h sys/uio.h sys/resource.h arpa/inet.h syslog.h netdb.h sys/wait.h pwd.h glob.h grp.h login_cap.h winsock2.h ws2tcpip.h endian.h sys/ipc.h sys/shm.h -do : - as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh` -ac_fn_c_check_header_compile "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default -" -if eval test \"x\$"$as_ac_Header"\" = x"yes"; then : - cat >>confdefs.h <<_ACEOF -#define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1 -_ACEOF - -fi - -done - - -# check for types. -# Using own tests for int64* because autoconf builtin only give 32bit. -ac_fn_c_check_type "$LINENO" "int8_t" "ac_cv_type_int8_t" "$ac_includes_default" -if test "x$ac_cv_type_int8_t" = xyes; then : - -else - -cat >>confdefs.h <<_ACEOF -#define int8_t signed char -_ACEOF - -fi - -ac_fn_c_check_type "$LINENO" "int16_t" "ac_cv_type_int16_t" "$ac_includes_default" -if test "x$ac_cv_type_int16_t" = xyes; then : - -else - -cat >>confdefs.h <<_ACEOF -#define int16_t short -_ACEOF - -fi - -ac_fn_c_check_type "$LINENO" "int32_t" "ac_cv_type_int32_t" "$ac_includes_default" -if test "x$ac_cv_type_int32_t" = xyes; then : - -else - -cat >>confdefs.h <<_ACEOF -#define int32_t int -_ACEOF - -fi - -ac_fn_c_check_type "$LINENO" "int64_t" "ac_cv_type_int64_t" "$ac_includes_default" -if test "x$ac_cv_type_int64_t" = xyes; then : - -else - -cat >>confdefs.h <<_ACEOF -#define int64_t long long -_ACEOF - -fi - -ac_fn_c_check_type "$LINENO" "uint8_t" "ac_cv_type_uint8_t" "$ac_includes_default" -if test "x$ac_cv_type_uint8_t" = xyes; then : - -else - -cat >>confdefs.h <<_ACEOF -#define uint8_t unsigned char -_ACEOF - -fi - -ac_fn_c_check_type "$LINENO" "uint16_t" "ac_cv_type_uint16_t" "$ac_includes_default" -if test "x$ac_cv_type_uint16_t" = xyes; then : - -else - -cat >>confdefs.h <<_ACEOF -#define uint16_t unsigned short -_ACEOF - -fi - -ac_fn_c_check_type "$LINENO" "uint32_t" "ac_cv_type_uint32_t" "$ac_includes_default" -if test "x$ac_cv_type_uint32_t" = xyes; then : - -else - -cat >>confdefs.h <<_ACEOF -#define uint32_t unsigned int -_ACEOF - -fi - -ac_fn_c_check_type "$LINENO" "uint64_t" "ac_cv_type_uint64_t" "$ac_includes_default" -if test "x$ac_cv_type_uint64_t" = xyes; then : - -else - -cat >>confdefs.h <<_ACEOF -#define uint64_t unsigned long long -_ACEOF - -fi - -ac_fn_c_check_type "$LINENO" "size_t" "ac_cv_type_size_t" "$ac_includes_default" -if test "x$ac_cv_type_size_t" = xyes; then : - -else - -cat >>confdefs.h <<_ACEOF -#define size_t unsigned int -_ACEOF - -fi - -ac_fn_c_check_type "$LINENO" "ssize_t" "ac_cv_type_ssize_t" "$ac_includes_default" -if test "x$ac_cv_type_ssize_t" = xyes; then : - -else - -cat >>confdefs.h <<_ACEOF -#define ssize_t int -_ACEOF - -fi - -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for uid_t in sys/types.h" >&5 -$as_echo_n "checking for uid_t in sys/types.h... " >&6; } -if ${ac_cv_type_uid_t+:} false; then : - $as_echo_n "(cached) " >&6 -else - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -#include - -_ACEOF -if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | - $EGREP "uid_t" >/dev/null 2>&1; then : - ac_cv_type_uid_t=yes -else - ac_cv_type_uid_t=no -fi -rm -f conftest* - -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_type_uid_t" >&5 -$as_echo "$ac_cv_type_uid_t" >&6; } -if test $ac_cv_type_uid_t = no; then - -$as_echo "#define uid_t int" >>confdefs.h - - -$as_echo "#define gid_t int" >>confdefs.h - -fi - -ac_fn_c_check_type "$LINENO" "pid_t" "ac_cv_type_pid_t" "$ac_includes_default" -if test "x$ac_cv_type_pid_t" = xyes; then : - -else - -cat >>confdefs.h <<_ACEOF -#define pid_t int -_ACEOF - -fi - -ac_fn_c_check_type "$LINENO" "off_t" "ac_cv_type_off_t" "$ac_includes_default" -if test "x$ac_cv_type_off_t" = xyes; then : - -else - -cat >>confdefs.h <<_ACEOF -#define off_t long int -_ACEOF - -fi - -ac_fn_c_check_type "$LINENO" "u_char" "ac_cv_type_u_char" " -$ac_includes_default -#ifdef HAVE_WINSOCK2_H -# include -#endif - -" -if test "x$ac_cv_type_u_char" = xyes; then : - -else - -$as_echo "#define u_char unsigned char" >>confdefs.h - -fi - -ac_fn_c_check_type "$LINENO" "rlim_t" "ac_cv_type_rlim_t" " -$ac_includes_default -#ifdef HAVE_SYS_RESOURCE_H -# include -#endif - -" -if test "x$ac_cv_type_rlim_t" = xyes; then : - -else - -$as_echo "#define rlim_t unsigned long" >>confdefs.h - -fi - - -ac_fn_c_check_type "$LINENO" "socklen_t" "ac_cv_type_socklen_t" " -$ac_includes_default -#ifdef HAVE_SYS_SOCKET_H -# include -#endif -#ifdef HAVE_WS2TCPIP_H -# include -#endif - -" -if test "x$ac_cv_type_socklen_t" = xyes; then : - -else - -$as_echo "#define socklen_t int" >>confdefs.h - -fi - - ac_fn_c_check_type "$LINENO" "in_addr_t" "ac_cv_type_in_addr_t" " -$ac_includes_default -#ifdef HAVE_SYS_TYPES_H -# include -#endif -#ifdef HAVE_NETINET_IN_H -# include -#endif - -" -if test "x$ac_cv_type_in_addr_t" = xyes; then : - -else - -$as_echo "#define in_addr_t uint32_t" >>confdefs.h - -fi - - ac_fn_c_check_type "$LINENO" "in_port_t" "ac_cv_type_in_port_t" " -$ac_includes_default -#ifdef HAVE_SYS_TYPES_H -# include -#endif -#ifdef HAVE_NETINET_IN_H -# include -#endif - -" -if test "x$ac_cv_type_in_port_t" = xyes; then : - -else - -$as_echo "#define in_port_t uint16_t" >>confdefs.h - -fi - -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if memcmp compares unsigned" >&5 -$as_echo_n "checking if memcmp compares unsigned... " >&6; } -if test "$cross_compiling" = yes; then : - { $as_echo "$as_me:${as_lineno-$LINENO}: result: cross-compile no" >&5 -$as_echo "cross-compile no" >&6; } - -$as_echo "#define MEMCMP_IS_BROKEN 1" >>confdefs.h - - case " $LIBOBJS " in - *" memcmp.$ac_objext "* ) ;; - *) LIBOBJS="$LIBOBJS memcmp.$ac_objext" - ;; -esac - - -else - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - -#include -#include -#include -int main(void) -{ - char a = 255, b = 0; - if(memcmp(&a, &b, 1) < 0) - return 1; - return 0; -} - -_ACEOF -if ac_fn_c_try_run "$LINENO"; then : - { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 -$as_echo "yes" >&6; } -else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } - -$as_echo "#define MEMCMP_IS_BROKEN 1" >>confdefs.h - - case " $LIBOBJS " in - *" memcmp.$ac_objext "* ) ;; - *) LIBOBJS="$LIBOBJS memcmp.$ac_objext" - ;; -esac - - -fi -rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ - conftest.$ac_objext conftest.beam conftest.$ac_ext -fi - - -# The cast to long int works around a bug in the HP C Compiler -# version HP92453-01 B.11.11.23709.GP, which incorrectly rejects -# declarations like `int a3[[(sizeof (unsigned char)) >= 0]];'. -# This bug is HP SR number 8606223364. -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking size of time_t" >&5 -$as_echo_n "checking size of time_t... " >&6; } -if ${ac_cv_sizeof_time_t+:} false; then : - $as_echo_n "(cached) " >&6 -else - if ac_fn_c_compute_int "$LINENO" "(long int) (sizeof (time_t))" "ac_cv_sizeof_time_t" " -$ac_includes_default -#ifdef TIME_WITH_SYS_TIME -# include -# include -#else -# ifdef HAVE_SYS_TIME_H -# include -# else -# include -# endif -#endif - -"; then : - -else - if test "$ac_cv_type_time_t" = yes; then - { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 -$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} -as_fn_error 77 "cannot compute sizeof (time_t) -See \`config.log' for more details" "$LINENO" 5; } - else - ac_cv_sizeof_time_t=0 - fi -fi - -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sizeof_time_t" >&5 -$as_echo "$ac_cv_sizeof_time_t" >&6; } - - - -cat >>confdefs.h <<_ACEOF -#define SIZEOF_TIME_T $ac_cv_sizeof_time_t -_ACEOF - - - -# add option to disable the evil rpath - -# Check whether --enable-rpath was given. -if test "${enable_rpath+set}" = set; then : - enableval=$enable_rpath; enable_rpath=$enableval -else - enable_rpath=yes -fi - -if test "x$enable_rpath" = xno; then - ac_config_commands="$ac_config_commands disable-rpath" - -fi - - - -# check to see if libraries are needed for these functions. -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing inet_pton" >&5 -$as_echo_n "checking for library containing inet_pton... " >&6; } -if ${ac_cv_search_inet_pton+:} false; then : - $as_echo_n "(cached) " >&6 -else - ac_func_search_save_LIBS=$LIBS -cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char inet_pton (); -int -main () -{ -return inet_pton (); - ; - return 0; -} -_ACEOF -for ac_lib in '' nsl; do - if test -z "$ac_lib"; then - ac_res="none required" - else - ac_res=-l$ac_lib - LIBS="-l$ac_lib $ac_func_search_save_LIBS" - fi - if ac_fn_c_try_link "$LINENO"; then : - ac_cv_search_inet_pton=$ac_res -fi -rm -f core conftest.err conftest.$ac_objext \ - conftest$ac_exeext - if ${ac_cv_search_inet_pton+:} false; then : - break -fi -done -if ${ac_cv_search_inet_pton+:} false; then : - -else - ac_cv_search_inet_pton=no -fi -rm conftest.$ac_ext -LIBS=$ac_func_search_save_LIBS -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_inet_pton" >&5 -$as_echo "$ac_cv_search_inet_pton" >&6; } -ac_res=$ac_cv_search_inet_pton -if test "$ac_res" != no; then : - test "$ac_res" = "none required" || LIBS="$ac_res $LIBS" - -fi - -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing socket" >&5 -$as_echo_n "checking for library containing socket... " >&6; } -if ${ac_cv_search_socket+:} false; then : - $as_echo_n "(cached) " >&6 -else - ac_func_search_save_LIBS=$LIBS -cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char socket (); -int -main () -{ -return socket (); - ; - return 0; -} -_ACEOF -for ac_lib in '' socket; do - if test -z "$ac_lib"; then - ac_res="none required" - else - ac_res=-l$ac_lib - LIBS="-l$ac_lib $ac_func_search_save_LIBS" - fi - if ac_fn_c_try_link "$LINENO"; then : - ac_cv_search_socket=$ac_res -fi -rm -f core conftest.err conftest.$ac_objext \ - conftest$ac_exeext - if ${ac_cv_search_socket+:} false; then : - break -fi -done -if ${ac_cv_search_socket+:} false; then : - -else - ac_cv_search_socket=no -fi -rm conftest.$ac_ext -LIBS=$ac_func_search_save_LIBS -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_socket" >&5 -$as_echo "$ac_cv_search_socket" >&6; } -ac_res=$ac_cv_search_socket -if test "$ac_res" != no; then : - test "$ac_res" = "none required" || LIBS="$ac_res $LIBS" - -fi - - -# check wether strptime also works - -# check some functions of the OS before linking libs (while still runnable). -for ac_header in unistd.h -do : - ac_fn_c_check_header_mongrel "$LINENO" "unistd.h" "ac_cv_header_unistd_h" "$ac_includes_default" -if test "x$ac_cv_header_unistd_h" = xyes; then : - cat >>confdefs.h <<_ACEOF -#define HAVE_UNISTD_H 1 -_ACEOF - -fi - -done - -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for working chown" >&5 -$as_echo_n "checking for working chown... " >&6; } -if ${ac_cv_func_chown_works+:} false; then : - $as_echo_n "(cached) " >&6 -else - if test "$cross_compiling" = yes; then : - ac_cv_func_chown_works=no -else - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -$ac_includes_default -#include - -int -main () -{ - char *f = "conftest.chown"; - struct stat before, after; - - if (creat (f, 0600) < 0) - return 1; - if (stat (f, &before) < 0) - return 1; - if (chown (f, (uid_t) -1, (gid_t) -1) == -1) - return 1; - if (stat (f, &after) < 0) - return 1; - return ! (before.st_uid == after.st_uid && before.st_gid == after.st_gid); - - ; - return 0; -} -_ACEOF -if ac_fn_c_try_run "$LINENO"; then : - ac_cv_func_chown_works=yes -else - ac_cv_func_chown_works=no -fi -rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ - conftest.$ac_objext conftest.beam conftest.$ac_ext -fi - -rm -f conftest.chown - -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_func_chown_works" >&5 -$as_echo "$ac_cv_func_chown_works" >&6; } -if test $ac_cv_func_chown_works = yes; then - -$as_echo "#define HAVE_CHOWN 1" >>confdefs.h - -fi - -for ac_header in vfork.h -do : - ac_fn_c_check_header_mongrel "$LINENO" "vfork.h" "ac_cv_header_vfork_h" "$ac_includes_default" -if test "x$ac_cv_header_vfork_h" = xyes; then : - cat >>confdefs.h <<_ACEOF -#define HAVE_VFORK_H 1 -_ACEOF - -fi - -done - -for ac_func in fork vfork -do : - as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` -ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" -if eval test \"x\$"$as_ac_var"\" = x"yes"; then : - cat >>confdefs.h <<_ACEOF -#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 -_ACEOF - -fi -done - -if test "x$ac_cv_func_fork" = xyes; then - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for working fork" >&5 -$as_echo_n "checking for working fork... " >&6; } -if ${ac_cv_func_fork_works+:} false; then : - $as_echo_n "(cached) " >&6 -else - if test "$cross_compiling" = yes; then : - ac_cv_func_fork_works=cross -else - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -$ac_includes_default -int -main () -{ - - /* By Ruediger Kuhlmann. */ - return fork () < 0; - - ; - return 0; -} -_ACEOF -if ac_fn_c_try_run "$LINENO"; then : - ac_cv_func_fork_works=yes -else - ac_cv_func_fork_works=no -fi -rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ - conftest.$ac_objext conftest.beam conftest.$ac_ext -fi - -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_func_fork_works" >&5 -$as_echo "$ac_cv_func_fork_works" >&6; } - -else - ac_cv_func_fork_works=$ac_cv_func_fork -fi -if test "x$ac_cv_func_fork_works" = xcross; then - case $host in - *-*-amigaos* | *-*-msdosdjgpp*) - # Override, as these systems have only a dummy fork() stub - ac_cv_func_fork_works=no - ;; - *) - ac_cv_func_fork_works=yes - ;; - esac - { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: result $ac_cv_func_fork_works guessed because of cross compilation" >&5 -$as_echo "$as_me: WARNING: result $ac_cv_func_fork_works guessed because of cross compilation" >&2;} -fi -ac_cv_func_vfork_works=$ac_cv_func_vfork -if test "x$ac_cv_func_vfork" = xyes; then - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for working vfork" >&5 -$as_echo_n "checking for working vfork... " >&6; } -if ${ac_cv_func_vfork_works+:} false; then : - $as_echo_n "(cached) " >&6 -else - if test "$cross_compiling" = yes; then : - ac_cv_func_vfork_works=cross -else - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -/* Thanks to Paul Eggert for this test. */ -$ac_includes_default -#include -#ifdef HAVE_VFORK_H -# include -#endif -/* On some sparc systems, changes by the child to local and incoming - argument registers are propagated back to the parent. The compiler - is told about this with #include , but some compilers - (e.g. gcc -O) don't grok . Test for this by using a - static variable whose address is put into a register that is - clobbered by the vfork. */ -static void -#ifdef __cplusplus -sparc_address_test (int arg) -# else -sparc_address_test (arg) int arg; -#endif -{ - static pid_t child; - if (!child) { - child = vfork (); - if (child < 0) { - perror ("vfork"); - _exit(2); - } - if (!child) { - arg = getpid(); - write(-1, "", 0); - _exit (arg); - } - } -} - -int -main () -{ - pid_t parent = getpid (); - pid_t child; - - sparc_address_test (0); - - child = vfork (); - - if (child == 0) { - /* Here is another test for sparc vfork register problems. This - test uses lots of local variables, at least as many local - variables as main has allocated so far including compiler - temporaries. 4 locals are enough for gcc 1.40.3 on a Solaris - 4.1.3 sparc, but we use 8 to be safe. A buggy compiler should - reuse the register of parent for one of the local variables, - since it will think that parent can't possibly be used any more - in this routine. Assigning to the local variable will thus - munge parent in the parent process. */ - pid_t - p = getpid(), p1 = getpid(), p2 = getpid(), p3 = getpid(), - p4 = getpid(), p5 = getpid(), p6 = getpid(), p7 = getpid(); - /* Convince the compiler that p..p7 are live; otherwise, it might - use the same hardware register for all 8 local variables. */ - if (p != p1 || p != p2 || p != p3 || p != p4 - || p != p5 || p != p6 || p != p7) - _exit(1); - - /* On some systems (e.g. IRIX 3.3), vfork doesn't separate parent - from child file descriptors. If the child closes a descriptor - before it execs or exits, this munges the parent's descriptor - as well. Test for this by closing stdout in the child. */ - _exit(close(fileno(stdout)) != 0); - } else { - int status; - struct stat st; - - while (wait(&status) != child) - ; - return ( - /* Was there some problem with vforking? */ - child < 0 - - /* Did the child fail? (This shouldn't happen.) */ - || status - - /* Did the vfork/compiler bug occur? */ - || parent != getpid() - - /* Did the file descriptor bug occur? */ - || fstat(fileno(stdout), &st) != 0 - ); - } -} -_ACEOF -if ac_fn_c_try_run "$LINENO"; then : - ac_cv_func_vfork_works=yes -else - ac_cv_func_vfork_works=no -fi -rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ - conftest.$ac_objext conftest.beam conftest.$ac_ext -fi - -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_func_vfork_works" >&5 -$as_echo "$ac_cv_func_vfork_works" >&6; } - -fi; -if test "x$ac_cv_func_fork_works" = xcross; then - ac_cv_func_vfork_works=$ac_cv_func_vfork - { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: result $ac_cv_func_vfork_works guessed because of cross compilation" >&5 -$as_echo "$as_me: WARNING: result $ac_cv_func_vfork_works guessed because of cross compilation" >&2;} -fi - -if test "x$ac_cv_func_vfork_works" = xyes; then - -$as_echo "#define HAVE_WORKING_VFORK 1" >>confdefs.h - -else - -$as_echo "#define vfork fork" >>confdefs.h - -fi -if test "x$ac_cv_func_fork_works" = xyes; then - -$as_echo "#define HAVE_WORKING_FORK 1" >>confdefs.h - -fi - -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking return type of signal handlers" >&5 -$as_echo_n "checking return type of signal handlers... " >&6; } -if ${ac_cv_type_signal+:} false; then : - $as_echo_n "(cached) " >&6 -else - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -#include -#include - -int -main () -{ -return *(signal (0, 0)) (0) == 1; - ; - return 0; -} -_ACEOF -if ac_fn_c_try_compile "$LINENO"; then : - ac_cv_type_signal=int -else - ac_cv_type_signal=void -fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_type_signal" >&5 -$as_echo "$ac_cv_type_signal" >&6; } - -cat >>confdefs.h <<_ACEOF -#define RETSIGTYPE $ac_cv_type_signal -_ACEOF - - -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for _LARGEFILE_SOURCE value needed for large files" >&5 -$as_echo_n "checking for _LARGEFILE_SOURCE value needed for large files... " >&6; } -if ${ac_cv_sys_largefile_source+:} false; then : - $as_echo_n "(cached) " >&6 -else - while :; do - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -#include /* for off_t */ - #include -int -main () -{ -int (*fp) (FILE *, off_t, int) = fseeko; - return fseeko (stdin, 0, 0) && fp (stdin, 0, 0); - ; - return 0; -} -_ACEOF -if ac_fn_c_try_link "$LINENO"; then : - ac_cv_sys_largefile_source=no; break -fi -rm -f core conftest.err conftest.$ac_objext \ - conftest$ac_exeext conftest.$ac_ext - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -#define _LARGEFILE_SOURCE 1 -#include /* for off_t */ - #include -int -main () -{ -int (*fp) (FILE *, off_t, int) = fseeko; - return fseeko (stdin, 0, 0) && fp (stdin, 0, 0); - ; - return 0; -} -_ACEOF -if ac_fn_c_try_link "$LINENO"; then : - ac_cv_sys_largefile_source=1; break -fi -rm -f core conftest.err conftest.$ac_objext \ - conftest$ac_exeext conftest.$ac_ext - ac_cv_sys_largefile_source=unknown - break -done -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sys_largefile_source" >&5 -$as_echo "$ac_cv_sys_largefile_source" >&6; } -case $ac_cv_sys_largefile_source in #( - no | unknown) ;; - *) -cat >>confdefs.h <<_ACEOF -#define _LARGEFILE_SOURCE $ac_cv_sys_largefile_source -_ACEOF -;; -esac -rm -rf conftest* - -# We used to try defining _XOPEN_SOURCE=500 too, to work around a bug -# in glibc 2.1.3, but that breaks too many other things. -# If you want fseeko and ftello with glibc, upgrade to a fixed glibc. -if test $ac_cv_sys_largefile_source != unknown; then - -$as_echo "#define HAVE_FSEEKO 1" >>confdefs.h - -fi - - -# Check whether --enable-largefile was given. -if test "${enable_largefile+set}" = set; then : - enableval=$enable_largefile; -fi - -if test "$enable_largefile" != no; then - - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for special C compiler options needed for large files" >&5 -$as_echo_n "checking for special C compiler options needed for large files... " >&6; } -if ${ac_cv_sys_largefile_CC+:} false; then : - $as_echo_n "(cached) " >&6 -else - ac_cv_sys_largefile_CC=no - if test "$GCC" != yes; then - ac_save_CC=$CC - while :; do - # IRIX 6.2 and later do not support large files by default, - # so use the C compiler's -n32 option if that helps. - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -#include - /* Check that off_t can represent 2**63 - 1 correctly. - We can't simply define LARGE_OFF_T to be 9223372036854775807, - since some C++ compilers masquerading as C compilers - incorrectly reject 9223372036854775807. */ -#define LARGE_OFF_T (((off_t) 1 << 62) - 1 + ((off_t) 1 << 62)) - int off_t_is_large[(LARGE_OFF_T % 2147483629 == 721 - && LARGE_OFF_T % 2147483647 == 1) - ? 1 : -1]; -int -main () -{ - - ; - return 0; -} -_ACEOF - if ac_fn_c_try_compile "$LINENO"; then : - break -fi -rm -f core conftest.err conftest.$ac_objext - CC="$CC -n32" - if ac_fn_c_try_compile "$LINENO"; then : - ac_cv_sys_largefile_CC=' -n32'; break -fi -rm -f core conftest.err conftest.$ac_objext - break - done - CC=$ac_save_CC - rm -f conftest.$ac_ext - fi -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sys_largefile_CC" >&5 -$as_echo "$ac_cv_sys_largefile_CC" >&6; } - if test "$ac_cv_sys_largefile_CC" != no; then - CC=$CC$ac_cv_sys_largefile_CC - fi - - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for _FILE_OFFSET_BITS value needed for large files" >&5 -$as_echo_n "checking for _FILE_OFFSET_BITS value needed for large files... " >&6; } -if ${ac_cv_sys_file_offset_bits+:} false; then : - $as_echo_n "(cached) " >&6 -else - while :; do - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -#include - /* Check that off_t can represent 2**63 - 1 correctly. - We can't simply define LARGE_OFF_T to be 9223372036854775807, - since some C++ compilers masquerading as C compilers - incorrectly reject 9223372036854775807. */ -#define LARGE_OFF_T (((off_t) 1 << 62) - 1 + ((off_t) 1 << 62)) - int off_t_is_large[(LARGE_OFF_T % 2147483629 == 721 - && LARGE_OFF_T % 2147483647 == 1) - ? 1 : -1]; -int -main () -{ - - ; - return 0; -} -_ACEOF -if ac_fn_c_try_compile "$LINENO"; then : - ac_cv_sys_file_offset_bits=no; break -fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -#define _FILE_OFFSET_BITS 64 -#include - /* Check that off_t can represent 2**63 - 1 correctly. - We can't simply define LARGE_OFF_T to be 9223372036854775807, - since some C++ compilers masquerading as C compilers - incorrectly reject 9223372036854775807. */ -#define LARGE_OFF_T (((off_t) 1 << 62) - 1 + ((off_t) 1 << 62)) - int off_t_is_large[(LARGE_OFF_T % 2147483629 == 721 - && LARGE_OFF_T % 2147483647 == 1) - ? 1 : -1]; -int -main () -{ - - ; - return 0; -} -_ACEOF -if ac_fn_c_try_compile "$LINENO"; then : - ac_cv_sys_file_offset_bits=64; break -fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext - ac_cv_sys_file_offset_bits=unknown - break -done -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sys_file_offset_bits" >&5 -$as_echo "$ac_cv_sys_file_offset_bits" >&6; } -case $ac_cv_sys_file_offset_bits in #( - no | unknown) ;; - *) -cat >>confdefs.h <<_ACEOF -#define _FILE_OFFSET_BITS $ac_cv_sys_file_offset_bits -_ACEOF -;; -esac -rm -rf conftest* - if test $ac_cv_sys_file_offset_bits = unknown; then - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for _LARGE_FILES value needed for large files" >&5 -$as_echo_n "checking for _LARGE_FILES value needed for large files... " >&6; } -if ${ac_cv_sys_large_files+:} false; then : - $as_echo_n "(cached) " >&6 -else - while :; do - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -#include - /* Check that off_t can represent 2**63 - 1 correctly. - We can't simply define LARGE_OFF_T to be 9223372036854775807, - since some C++ compilers masquerading as C compilers - incorrectly reject 9223372036854775807. */ -#define LARGE_OFF_T (((off_t) 1 << 62) - 1 + ((off_t) 1 << 62)) - int off_t_is_large[(LARGE_OFF_T % 2147483629 == 721 - && LARGE_OFF_T % 2147483647 == 1) - ? 1 : -1]; -int -main () -{ - - ; - return 0; -} -_ACEOF -if ac_fn_c_try_compile "$LINENO"; then : - ac_cv_sys_large_files=no; break -fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -#define _LARGE_FILES 1 -#include - /* Check that off_t can represent 2**63 - 1 correctly. - We can't simply define LARGE_OFF_T to be 9223372036854775807, - since some C++ compilers masquerading as C compilers - incorrectly reject 9223372036854775807. */ -#define LARGE_OFF_T (((off_t) 1 << 62) - 1 + ((off_t) 1 << 62)) - int off_t_is_large[(LARGE_OFF_T % 2147483629 == 721 - && LARGE_OFF_T % 2147483647 == 1) - ? 1 : -1]; -int -main () -{ - - ; - return 0; -} -_ACEOF -if ac_fn_c_try_compile "$LINENO"; then : - ac_cv_sys_large_files=1; break -fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext - ac_cv_sys_large_files=unknown - break -done -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sys_large_files" >&5 -$as_echo "$ac_cv_sys_large_files" >&6; } -case $ac_cv_sys_large_files in #( - no | unknown) ;; - *) -cat >>confdefs.h <<_ACEOF -#define _LARGE_FILES $ac_cv_sys_large_files -_ACEOF -;; -esac -rm -rf conftest* - fi - - -fi - - - - -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether we need -D_LARGEFILE_SOURCE=1 as a flag for $CC" >&5 -$as_echo_n "checking whether we need -D_LARGEFILE_SOURCE=1 as a flag for $CC... " >&6; } -cache=_D_LARGEFILE_SOURCE_1 -if eval \${cv_prog_cc_flag_needed_$cache+:} false; then : - $as_echo_n "(cached) " >&6 -else - -echo ' -#include -int test() { - int a = fseeko(stdin, 0, 0); - return a; -} -' > conftest.c -echo 'void f(){}' >>conftest.c -if test -z "`$CC $CPPFLAGS $CFLAGS $ERRFLAG -c conftest.c 2>&1`"; then -eval "cv_prog_cc_flag_needed_$cache=no" -else - -if test -z "`$CC $CPPFLAGS $CFLAGS -D_LARGEFILE_SOURCE=1 $ERRFLAG -c conftest.c 2>&1`"; then -eval "cv_prog_cc_flag_needed_$cache=yes" -else -eval "cv_prog_cc_flag_needed_$cache=fail" -#echo 'Test with flag fails too!' -#cat conftest.c -#echo "$CC $CPPFLAGS $CFLAGS -D_LARGEFILE_SOURCE=1 $ERRFLAG -c conftest.c 2>&1" -#echo `$CC $CPPFLAGS $CFLAGS -D_LARGEFILE_SOURCE=1 $ERRFLAG -c conftest.c 2>&1` -#exit 1 -fi - -fi -rm -f conftest conftest.c conftest.o - -fi - -if eval "test \"`echo '$cv_prog_cc_flag_needed_'$cache`\" = yes"; then -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 -$as_echo "yes" >&6; } -: -CFLAGS="$CFLAGS -D_LARGEFILE_SOURCE=1" -else -if eval "test \"`echo '$cv_prog_cc_flag_needed_'$cache`\" = no"; then -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } -#echo 'Test with flag is no!' -#cat conftest.c -#echo "$CC $CPPFLAGS $CFLAGS -D_LARGEFILE_SOURCE=1 $ERRFLAG -c conftest.c 2>&1" -#echo `$CC $CPPFLAGS $CFLAGS -D_LARGEFILE_SOURCE=1 $ERRFLAG -c conftest.c 2>&1` -#exit 1 -: - -else -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: failed" >&5 -$as_echo "failed" >&6; } -: - -fi -fi - - - -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if nonblocking sockets work" >&5 -$as_echo_n "checking if nonblocking sockets work... " >&6; } -if echo $target | grep mingw32 >/dev/null; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no (windows)" >&5 -$as_echo "no (windows)" >&6; } - -$as_echo "#define NONBLOCKING_IS_BROKEN 1" >>confdefs.h - -else -if test "$cross_compiling" = yes; then : - - { $as_echo "$as_me:${as_lineno-$LINENO}: result: crosscompile(yes)" >&5 -$as_echo "crosscompile(yes)" >&6; } - -else - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - - -#include -#include -#include -#include -#include -#ifdef HAVE_SYS_TYPES_H -#include -#endif -#ifdef HAVE_SYS_SOCKET_H -#include -#endif -#ifdef HAVE_NETINET_IN_H -#include -#endif -#ifdef HAVE_ARPA_INET_H -#include -#endif -#ifdef HAVE_UNISTD_H -#include -#endif -#ifdef HAVE_TIME_H -#include -#endif - -int main(void) -{ - int port; - int sfd, cfd; - int num = 10; - int i, p; - struct sockaddr_in a; - /* test if select and nonblocking reads work well together */ - /* open port. - fork child to send 10 messages. - select to read. - then try to nonblocking read the 10 messages - then, nonblocking read must give EAGAIN - */ - - port = 12345 + (time(0)%32); - sfd = socket(PF_INET, SOCK_DGRAM, 0); - if(sfd == -1) { - perror("socket"); - return 1; - } - memset(&a, 0, sizeof(a)); - a.sin_family = AF_INET; - a.sin_port = htons(port); - a.sin_addr.s_addr = inet_addr("127.0.0.1"); - if(bind(sfd, (struct sockaddr*)&a, sizeof(a)) < 0) { - perror("bind"); - return 1; - } - if(fcntl(sfd, F_SETFL, O_NONBLOCK) == -1) { - perror("fcntl"); - return 1; - } - - cfd = socket(PF_INET, SOCK_DGRAM, 0); - if(cfd == -1) { - perror("client socket"); - return 1; - } - a.sin_port = 0; - if(bind(cfd, (struct sockaddr*)&a, sizeof(a)) < 0) { - perror("client bind"); - return 1; - } - a.sin_port = htons(port); - - /* no handler, causes exit in 10 seconds */ - alarm(10); - - /* send and receive on the socket */ - if((p=fork()) == 0) { - for(i=0; i&5 -$as_echo "yes" >&6; } - -else - - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } - -$as_echo "#define NONBLOCKING_IS_BROKEN 1" >>confdefs.h - - -fi -rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ - conftest.$ac_objext conftest.beam conftest.$ac_ext -fi - -fi - - -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether mkdir has one arg" >&5 -$as_echo_n "checking whether mkdir has one arg... " >&6; } -cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - -#include -#include -#ifdef HAVE_WINSOCK2_H -#include -#endif -#ifdef HAVE_SYS_STAT_H -#include -#endif - -int -main () -{ - - (void)mkdir("directory"); - - ; - return 0; -} -_ACEOF -if ac_fn_c_try_compile "$LINENO"; then : - { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 -$as_echo "yes" >&6; } - -$as_echo "#define MKDIR_HAS_ONE_ARG 1" >>confdefs.h - - -else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } - -fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext - -for ac_func in strptime -do : - ac_fn_c_check_func "$LINENO" "strptime" "ac_cv_func_strptime" -if test "x$ac_cv_func_strptime" = xyes; then : - cat >>confdefs.h <<_ACEOF -#define HAVE_STRPTIME 1 -_ACEOF - -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether strptime works" >&5 -$as_echo_n "checking whether strptime works... " >&6; } -if test c${cross_compiling} = cno; then -if test "$cross_compiling" = yes; then : - { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 -$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} -as_fn_error $? "cannot run test program while cross compiling -See \`config.log' for more details" "$LINENO" 5; } -else - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - -#define _XOPEN_SOURCE 600 -#include -int main(void) { struct tm tm; char *res; -res = strptime("2010-07-15T00:00:00+00:00", "%t%Y%t-%t%m%t-%t%d%tT%t%H%t:%t%M%t:%t%S%t", &tm); -if (!res) return 2; -res = strptime("20070207111842", "%Y%m%d%H%M%S", &tm); -if (!res) return 1; return 0; } - -_ACEOF -if ac_fn_c_try_run "$LINENO"; then : - eval "ac_cv_c_strptime_works=yes" -else - eval "ac_cv_c_strptime_works=no" -fi -rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ - conftest.$ac_objext conftest.beam conftest.$ac_ext -fi - -else -eval "ac_cv_c_strptime_works=maybe" -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_c_strptime_works" >&5 -$as_echo "$ac_cv_c_strptime_works" >&6; } -if test $ac_cv_c_strptime_works = no; then -case " $LIBOBJS " in - *" strptime.$ac_objext "* ) ;; - *) LIBOBJS="$LIBOBJS strptime.$ac_objext" - ;; -esac - -else - -cat >>confdefs.h <<_ACEOF -#define STRPTIME_WORKS 1 -_ACEOF - -fi - -else - case " $LIBOBJS " in - *" strptime.$ac_objext "* ) ;; - *) LIBOBJS="$LIBOBJS strptime.$ac_objext" - ;; -esac - -fi -done - - -# set memory allocation checking if requested -# Check whether --enable-alloc-checks was given. -if test "${enable_alloc_checks+set}" = set; then : - enableval=$enable_alloc_checks; -fi - -# Check whether --enable-alloc-lite was given. -if test "${enable_alloc_lite+set}" = set; then : - enableval=$enable_alloc_lite; -fi - -# Check whether --enable-alloc-nonregional was given. -if test "${enable_alloc_nonregional+set}" = set; then : - enableval=$enable_alloc_nonregional; -fi - -if test x_$enable_alloc_nonregional = x_yes; then - -$as_echo "#define UNBOUND_ALLOC_NONREGIONAL 1" >>confdefs.h - -fi -if test x_$enable_alloc_checks = x_yes; then - -$as_echo "#define UNBOUND_ALLOC_STATS 1" >>confdefs.h - -else - if test x_$enable_alloc_lite = x_yes; then - -$as_echo "#define UNBOUND_ALLOC_LITE 1" >>confdefs.h - - else - - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for GNU libc compatible malloc" >&5 -$as_echo_n "checking for GNU libc compatible malloc... " >&6; } - if test "$cross_compiling" = yes; then : - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no (crosscompile)" >&5 -$as_echo "no (crosscompile)" >&6; } - case " $LIBOBJS " in - *" malloc.$ac_objext "* ) ;; - *) LIBOBJS="$LIBOBJS malloc.$ac_objext" - ;; -esac - - -cat >>confdefs.h <<_ACEOF -#define malloc rpl_malloc_unbound -_ACEOF - -else - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -#if defined STDC_HEADERS || defined HAVE_STDLIB_H -#include -#else -char *malloc (); -#endif - -int -main () -{ - if(malloc(0) != 0) return 1; - ; - return 0; -} - -_ACEOF -if ac_fn_c_try_run "$LINENO"; then : - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } - case " $LIBOBJS " in - *" malloc.$ac_objext "* ) ;; - *) LIBOBJS="$LIBOBJS malloc.$ac_objext" - ;; -esac - - -cat >>confdefs.h <<_ACEOF -#define malloc rpl_malloc_unbound -_ACEOF - -else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 -$as_echo "yes" >&6; } - -$as_echo "#define HAVE_MALLOC 1" >>confdefs.h - -fi -rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ - conftest.$ac_objext conftest.beam conftest.$ac_ext -fi - - - fi -fi - -# check windows threads (we use them, not pthreads, on windows). -if test "$on_mingw" = "yes"; then -# check windows threads - for ac_header in windows.h -do : - ac_fn_c_check_header_compile "$LINENO" "windows.h" "ac_cv_header_windows_h" "$ac_includes_default -" -if test "x$ac_cv_header_windows_h" = xyes; then : - cat >>confdefs.h <<_ACEOF -#define HAVE_WINDOWS_H 1 -_ACEOF - -fi - -done - - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for CreateThread" >&5 -$as_echo_n "checking for CreateThread... " >&6; } - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - -#ifdef HAVE_WINDOWS_H -#include -#endif - -int -main () -{ - - HANDLE t = CreateThread(NULL, 0, NULL, NULL, 0, NULL); - - ; - return 0; -} -_ACEOF -if ac_fn_c_try_compile "$LINENO"; then : - { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 -$as_echo "yes" >&6; } - -$as_echo "#define HAVE_WINDOWS_THREADS 1" >>confdefs.h - - -else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } - -fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext - -else -# not on mingw, check thread libraries. - -# check for thread library. -# check this first, so that the pthread lib does not get linked in via -# libssl or libpython, and thus distorts the tests, and we end up using -# the non-threadsafe C libraries. - -# Check whether --with-pthreads was given. -if test "${with_pthreads+set}" = set; then : - withval=$with_pthreads; -else - withval="yes" -fi - -ub_have_pthreads=no -if test x_$withval != x_no; then - - -ac_ext=c -ac_cpp='$CPP $CPPFLAGS' -ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' -ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' -ac_compiler_gnu=$ac_cv_c_compiler_gnu - -ax_pthread_ok=no - -# We used to check for pthread.h first, but this fails if pthread.h -# requires special compiler flags (e.g. on True64 or Sequent). -# It gets checked for in the link test anyway. - -# First of all, check if the user has set any of the PTHREAD_LIBS, -# etcetera environment variables, and if threads linking works using -# them: -if test x"$PTHREAD_LIBS$PTHREAD_CFLAGS" != x; then - save_CFLAGS="$CFLAGS" - CFLAGS="$CFLAGS $PTHREAD_CFLAGS" - save_LIBS="$LIBS" - LIBS="$PTHREAD_LIBS $LIBS" - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for pthread_join in LIBS=$PTHREAD_LIBS with CFLAGS=$PTHREAD_CFLAGS" >&5 -$as_echo_n "checking for pthread_join in LIBS=$PTHREAD_LIBS with CFLAGS=$PTHREAD_CFLAGS... " >&6; } - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char pthread_join (); -int -main () -{ -return pthread_join (); - ; - return 0; -} -_ACEOF -if ac_fn_c_try_link "$LINENO"; then : - ax_pthread_ok=yes -fi -rm -f core conftest.err conftest.$ac_objext \ - conftest$ac_exeext conftest.$ac_ext - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ax_pthread_ok" >&5 -$as_echo "$ax_pthread_ok" >&6; } - if test x"$ax_pthread_ok" = xno; then - PTHREAD_LIBS="" - PTHREAD_CFLAGS="" - fi - LIBS="$save_LIBS" - CFLAGS="$save_CFLAGS" -fi - -# We must check for the threads library under a number of different -# names; the ordering is very important because some systems -# (e.g. DEC) have both -lpthread and -lpthreads, where one of the -# libraries is broken (non-POSIX). - -# Create a list of thread flags to try. Items starting with a "-" are -# C compiler flags, and other items are library names, except for "none" -# which indicates that we try without any flags at all, and "pthread-config" -# which is a program returning the flags for the Pth emulation library. - -ax_pthread_flags="pthreads none -Kthread -kthread lthread -pthread -pthreads -mthreads pthread --thread-safe -mt pthread-config" - -# The ordering *is* (sometimes) important. Some notes on the -# individual items follow: - -# pthreads: AIX (must check this before -lpthread) -# none: in case threads are in libc; should be tried before -Kthread and -# other compiler flags to prevent continual compiler warnings -# -Kthread: Sequent (threads in libc, but -Kthread needed for pthread.h) -# -kthread: FreeBSD kernel threads (preferred to -pthread since SMP-able) -# lthread: LinuxThreads port on FreeBSD (also preferred to -pthread) -# -pthread: Linux/gcc (kernel threads), BSD/gcc (userland threads) -# -pthreads: Solaris/gcc -# -mthreads: Mingw32/gcc, Lynx/gcc -# -mt: Sun Workshop C (may only link SunOS threads [-lthread], but it -# doesn't hurt to check since this sometimes defines pthreads too; -# also defines -D_REENTRANT) -# ... -mt is also the pthreads flag for HP/aCC -# pthread: Linux, etcetera -# --thread-safe: KAI C++ -# pthread-config: use pthread-config program (for GNU Pth library) - -case ${host_os} in - solaris*) - - # On Solaris (at least, for some versions), libc contains stubbed - # (non-functional) versions of the pthreads routines, so link-based - # tests will erroneously succeed. (We need to link with -pthreads/-mt/ - # -lpthread.) (The stubs are missing pthread_cleanup_push, or rather - # a function called by this macro, so we could check for that, but - # who knows whether they'll stub that too in a future libc.) So, - # we'll just look for -pthreads and -lpthread first: - - ax_pthread_flags="-pthreads pthread -mt -pthread $ax_pthread_flags" - ;; - - darwin*) - ax_pthread_flags="-pthread $ax_pthread_flags" - ;; -esac - -# Clang doesn't consider unrecognized options an error unless we specify -# -Werror. We throw in some extra Clang-specific options to ensure that -# this doesn't happen for GCC, which also accepts -Werror. - -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if compiler needs -Werror to reject unknown flags" >&5 -$as_echo_n "checking if compiler needs -Werror to reject unknown flags... " >&6; } -save_CFLAGS="$CFLAGS" -ax_pthread_extra_flags="-Werror" -CFLAGS="$CFLAGS $ax_pthread_extra_flags -Wunknown-warning-option -Wsizeof-array-argument" -cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -int foo(void); -int -main () -{ -foo() - ; - return 0; -} -_ACEOF -if ac_fn_c_try_compile "$LINENO"; then : - { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 -$as_echo "yes" >&6; } -else - ax_pthread_extra_flags= - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } -fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -CFLAGS="$save_CFLAGS" - -if test x"$ax_pthread_ok" = xno; then -for flag in $ax_pthread_flags; do - - case $flag in - none) - { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether pthreads work without any flags" >&5 -$as_echo_n "checking whether pthreads work without any flags... " >&6; } - ;; - - -*) - { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether pthreads work with $flag" >&5 -$as_echo_n "checking whether pthreads work with $flag... " >&6; } - PTHREAD_CFLAGS="$flag" - ;; - - pthread-config) - # Extract the first word of "pthread-config", so it can be a program name with args. -set dummy pthread-config; ac_word=$2 -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 -$as_echo_n "checking for $ac_word... " >&6; } -if ${ac_cv_prog_ax_pthread_config+:} false; then : - $as_echo_n "(cached) " >&6 -else - if test -n "$ax_pthread_config"; then - ac_cv_prog_ax_pthread_config="$ax_pthread_config" # Let the user override the test. -else -as_save_IFS=$IFS; IFS=$PATH_SEPARATOR -for as_dir in $PATH -do - IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. - for ac_exec_ext in '' $ac_executable_extensions; do - if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then - ac_cv_prog_ax_pthread_config="yes" - $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 - break 2 - fi -done - done -IFS=$as_save_IFS - - test -z "$ac_cv_prog_ax_pthread_config" && ac_cv_prog_ax_pthread_config="no" -fi -fi -ax_pthread_config=$ac_cv_prog_ax_pthread_config -if test -n "$ax_pthread_config"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ax_pthread_config" >&5 -$as_echo "$ax_pthread_config" >&6; } -else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } -fi - - - if test x"$ax_pthread_config" = xno; then continue; fi - PTHREAD_CFLAGS="`pthread-config --cflags`" - PTHREAD_LIBS="`pthread-config --ldflags` `pthread-config --libs`" - ;; - - *) - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for the pthreads library -l$flag" >&5 -$as_echo_n "checking for the pthreads library -l$flag... " >&6; } - PTHREAD_LIBS="-l$flag" - ;; - esac - - save_LIBS="$LIBS" - save_CFLAGS="$CFLAGS" - LIBS="$PTHREAD_LIBS $LIBS" - CFLAGS="$CFLAGS $PTHREAD_CFLAGS $ax_pthread_extra_flags" - - # Check for various functions. We must include pthread.h, - # since some functions may be macros. (On the Sequent, we - # need a special flag -Kthread to make this header compile.) - # We check for pthread_join because it is in -lpthread on IRIX - # while pthread_create is in libc. We check for pthread_attr_init - # due to DEC craziness with -lpthreads. We check for - # pthread_cleanup_push because it is one of the few pthread - # functions on Solaris that doesn't have a non-functional libc stub. - # We try pthread_create on general principles. - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -#include - static void routine(void *a) { *((int*)a) = 0; } - static void *start_routine(void *a) { return a; } -int -main () -{ -pthread_t th; pthread_attr_t attr; - pthread_create(&th, 0, start_routine, 0); - pthread_join(th, 0); - pthread_attr_init(&attr); - pthread_cleanup_push(routine, 0); - pthread_cleanup_pop(0) /* ; */ - ; - return 0; -} -_ACEOF -if ac_fn_c_try_link "$LINENO"; then : - ax_pthread_ok=yes -fi -rm -f core conftest.err conftest.$ac_objext \ - conftest$ac_exeext conftest.$ac_ext - - LIBS="$save_LIBS" - CFLAGS="$save_CFLAGS" - - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ax_pthread_ok" >&5 -$as_echo "$ax_pthread_ok" >&6; } - if test "x$ax_pthread_ok" = xyes; then - break; - fi - - PTHREAD_LIBS="" - PTHREAD_CFLAGS="" -done -fi - -# Various other checks: -if test "x$ax_pthread_ok" = xyes; then - save_LIBS="$LIBS" - LIBS="$PTHREAD_LIBS $LIBS" - save_CFLAGS="$CFLAGS" - CFLAGS="$CFLAGS $PTHREAD_CFLAGS" - - # Detect AIX lossage: JOINABLE attribute is called UNDETACHED. - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for joinable pthread attribute" >&5 -$as_echo_n "checking for joinable pthread attribute... " >&6; } - attr_name=unknown - for attr in PTHREAD_CREATE_JOINABLE PTHREAD_CREATE_UNDETACHED; do - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -#include -int -main () -{ -int attr = $attr; return attr /* ; */ - ; - return 0; -} -_ACEOF -if ac_fn_c_try_link "$LINENO"; then : - attr_name=$attr; break -fi -rm -f core conftest.err conftest.$ac_objext \ - conftest$ac_exeext conftest.$ac_ext - done - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $attr_name" >&5 -$as_echo "$attr_name" >&6; } - if test "$attr_name" != PTHREAD_CREATE_JOINABLE; then - -cat >>confdefs.h <<_ACEOF -#define PTHREAD_CREATE_JOINABLE $attr_name -_ACEOF - - fi - - { $as_echo "$as_me:${as_lineno-$LINENO}: checking if more special flags are required for pthreads" >&5 -$as_echo_n "checking if more special flags are required for pthreads... " >&6; } - flag=no - case ${host_os} in - aix* | freebsd* | darwin*) flag="-D_THREAD_SAFE";; - osf* | hpux*) flag="-D_REENTRANT";; - solaris*) - if test "$GCC" = "yes"; then - flag="-D_REENTRANT" - else - # TODO: What about Clang on Solaris? - flag="-mt -D_REENTRANT" - fi - ;; - esac - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $flag" >&5 -$as_echo "$flag" >&6; } - if test "x$flag" != xno; then - PTHREAD_CFLAGS="$flag $PTHREAD_CFLAGS" - fi - - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for PTHREAD_PRIO_INHERIT" >&5 -$as_echo_n "checking for PTHREAD_PRIO_INHERIT... " >&6; } -if ${ax_cv_PTHREAD_PRIO_INHERIT+:} false; then : - $as_echo_n "(cached) " >&6 -else - - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -#include -int -main () -{ -int i = PTHREAD_PRIO_INHERIT; - ; - return 0; -} -_ACEOF -if ac_fn_c_try_link "$LINENO"; then : - ax_cv_PTHREAD_PRIO_INHERIT=yes -else - ax_cv_PTHREAD_PRIO_INHERIT=no -fi -rm -f core conftest.err conftest.$ac_objext \ - conftest$ac_exeext conftest.$ac_ext - -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ax_cv_PTHREAD_PRIO_INHERIT" >&5 -$as_echo "$ax_cv_PTHREAD_PRIO_INHERIT" >&6; } - if test "x$ax_cv_PTHREAD_PRIO_INHERIT" = "xyes"; then : - -$as_echo "#define HAVE_PTHREAD_PRIO_INHERIT 1" >>confdefs.h - -fi - - LIBS="$save_LIBS" - CFLAGS="$save_CFLAGS" - - # More AIX lossage: compile with *_r variant - if test "x$GCC" != xyes; then - case $host_os in - aix*) - case "x/$CC" in #( - x*/c89|x*/c89_128|x*/c99|x*/c99_128|x*/cc|x*/cc128|x*/xlc|x*/xlc_v6|x*/xlc128|x*/xlc128_v6) : - #handle absolute path differently from PATH based program lookup - case "x$CC" in #( - x/*) : - if as_fn_executable_p ${CC}_r; then : - PTHREAD_CC="${CC}_r" -fi ;; #( - *) : - for ac_prog in ${CC}_r -do - # Extract the first word of "$ac_prog", so it can be a program name with args. -set dummy $ac_prog; ac_word=$2 -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 -$as_echo_n "checking for $ac_word... " >&6; } -if ${ac_cv_prog_PTHREAD_CC+:} false; then : - $as_echo_n "(cached) " >&6 -else - if test -n "$PTHREAD_CC"; then - ac_cv_prog_PTHREAD_CC="$PTHREAD_CC" # Let the user override the test. -else -as_save_IFS=$IFS; IFS=$PATH_SEPARATOR -for as_dir in $PATH -do - IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. - for ac_exec_ext in '' $ac_executable_extensions; do - if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then - ac_cv_prog_PTHREAD_CC="$ac_prog" - $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 - break 2 - fi -done - done -IFS=$as_save_IFS - -fi -fi -PTHREAD_CC=$ac_cv_prog_PTHREAD_CC -if test -n "$PTHREAD_CC"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $PTHREAD_CC" >&5 -$as_echo "$PTHREAD_CC" >&6; } -else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } -fi - - - test -n "$PTHREAD_CC" && break -done -test -n "$PTHREAD_CC" || PTHREAD_CC="$CC" - ;; -esac ;; #( - *) : - ;; -esac - ;; - esac - fi -fi - -test -n "$PTHREAD_CC" || PTHREAD_CC="$CC" - - - - - -# Finally, execute ACTION-IF-FOUND/ACTION-IF-NOT-FOUND: -if test x"$ax_pthread_ok" = xyes; then - - -$as_echo "#define HAVE_PTHREAD 1" >>confdefs.h - - LIBS="$PTHREAD_LIBS $LIBS" - CFLAGS="$CFLAGS $PTHREAD_CFLAGS" - CC="$PTHREAD_CC" - ub_have_pthreads=yes - ac_fn_c_check_type "$LINENO" "pthread_spinlock_t" "ac_cv_type_pthread_spinlock_t" "#include -" -if test "x$ac_cv_type_pthread_spinlock_t" = xyes; then : - -cat >>confdefs.h <<_ACEOF -#define HAVE_PTHREAD_SPINLOCK_T 1 -_ACEOF - - -fi -ac_fn_c_check_type "$LINENO" "pthread_rwlock_t" "ac_cv_type_pthread_rwlock_t" "#include -" -if test "x$ac_cv_type_pthread_rwlock_t" = xyes; then : - -cat >>confdefs.h <<_ACEOF -#define HAVE_PTHREAD_RWLOCK_T 1 -_ACEOF - - -fi - - - if echo "$CFLAGS" | $GREP -e "-pthread" >/dev/null; then - { $as_echo "$as_me:${as_lineno-$LINENO}: checking if -pthread unused during linking" >&5 -$as_echo_n "checking if -pthread unused during linking... " >&6; } - # catch clang warning 'argument unused during compilation' - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -$ac_includes_default - -int main(void) {return 0;} - -_ACEOF - pthread_unused="yes" - # first compile - echo "$CC $CFLAGS -c conftest.c -o conftest.o" >&5 - $CC $CFLAGS -c conftest.c -o conftest.o 2>&5 >&5 - if test $? = 0; then - # then link - echo "$CC $CFLAGS -Werror $LDFLAGS $LIBS -o conftest contest.o" >&5 - $CC $CFLAGS -Werror $LDFLAGS $LIBS -o conftest conftest.o 2>&5 >&5 - if test $? -ne 0; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 -$as_echo "yes" >&6; } - CFLAGS=`echo "$CFLAGS" | sed -e 's/-pthread//'` - PTHREAD_CFLAGS_ONLY="-pthread" - - else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } - fi - else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } - fi # endif cc successful - rm -f conftest conftest.c conftest.o - fi # endif -pthread in CFLAGS - - - : -else - ax_pthread_ok=no - -fi -ac_ext=c -ac_cpp='$CPP $CPPFLAGS' -ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' -ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' -ac_compiler_gnu=$ac_cv_c_compiler_gnu - - -fi - -# check solaris thread library - -# Check whether --with-solaris-threads was given. -if test "${with_solaris_threads+set}" = set; then : - withval=$with_solaris_threads; -else - withval="no" -fi - -ub_have_sol_threads=no -if test x_$withval != x_no; then - if test x_$ub_have_pthreads != x_no; then - { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Have pthreads already, ignoring --with-solaris-threads" >&5 -$as_echo "$as_me: WARNING: Have pthreads already, ignoring --with-solaris-threads" >&2;} - else - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing thr_create" >&5 -$as_echo_n "checking for library containing thr_create... " >&6; } -if ${ac_cv_search_thr_create+:} false; then : - $as_echo_n "(cached) " >&6 -else - ac_func_search_save_LIBS=$LIBS -cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char thr_create (); -int -main () -{ -return thr_create (); - ; - return 0; -} -_ACEOF -for ac_lib in '' thread; do - if test -z "$ac_lib"; then - ac_res="none required" - else - ac_res=-l$ac_lib - LIBS="-l$ac_lib $ac_func_search_save_LIBS" - fi - if ac_fn_c_try_link "$LINENO"; then : - ac_cv_search_thr_create=$ac_res -fi -rm -f core conftest.err conftest.$ac_objext \ - conftest$ac_exeext - if ${ac_cv_search_thr_create+:} false; then : - break -fi -done -if ${ac_cv_search_thr_create+:} false; then : - -else - ac_cv_search_thr_create=no -fi -rm conftest.$ac_ext -LIBS=$ac_func_search_save_LIBS -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_thr_create" >&5 -$as_echo "$ac_cv_search_thr_create" >&6; } -ac_res=$ac_cv_search_thr_create -if test "$ac_res" != no; then : - test "$ac_res" = "none required" || LIBS="$ac_res $LIBS" - - -$as_echo "#define HAVE_SOLARIS_THREADS 1" >>confdefs.h - - - - -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether $CC supports -mt" >&5 -$as_echo_n "checking whether $CC supports -mt... " >&6; } -cache=`echo mt | sed 'y%.=/+-%___p_%'` -if eval \${cv_prog_cc_flag_$cache+:} false; then : - $as_echo_n "(cached) " >&6 -else - -echo 'void f(void){}' >conftest.c -if test -z "`$CC $CPPFLAGS $CFLAGS -mt -c conftest.c 2>&1`"; then -eval "cv_prog_cc_flag_$cache=yes" -else -eval "cv_prog_cc_flag_$cache=no" -fi -rm -f conftest conftest.o conftest.c - -fi - -if eval "test \"`echo '$cv_prog_cc_flag_'$cache`\" = yes"; then -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 -$as_echo "yes" >&6; } -: -CFLAGS="$CFLAGS -mt" -else -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } -: -CFLAGS="$CFLAGS -D_REENTRANT" -fi - - ub_have_sol_threads=yes - -else - - as_fn_error $? "no solaris threads found." "$LINENO" 5 - -fi - - fi -fi - -fi # end of non-mingw check of thread libraries - -# Check for PyUnbound - -# Check whether --with-pyunbound was given. -if test "${with_pyunbound+set}" = set; then : - withval=$with_pyunbound; -else - withval="no" -fi - - -ub_test_python=no -ub_with_pyunbound=no -if test x_$withval != x_no; then - ub_with_pyunbound=yes - ub_test_python=yes -fi - -# Check for Python module - -# Check whether --with-pythonmodule was given. -if test "${with_pythonmodule+set}" = set; then : - withval=$with_pythonmodule; -else - withval="no" -fi - - -ub_with_pythonmod=no -if test x_$withval != x_no; then - ub_with_pythonmod=yes - ub_test_python=yes -fi - -# Check for Python & SWIG only on PyUnbound or PyModule -if test x_$ub_test_python != x_no; then - - # Check for Python - ub_have_python=no - ac_save_LIBS="$LIBS" - # - # Allow the use of a (user set) custom python version - # - - - # Extract the first word of "python[$PYTHON_VERSION]", so it can be a program name with args. -set dummy python$PYTHON_VERSION; ac_word=$2 -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 -$as_echo_n "checking for $ac_word... " >&6; } -if ${ac_cv_path_PYTHON+:} false; then : - $as_echo_n "(cached) " >&6 -else - case $PYTHON in - [\\/]* | ?:[\\/]*) - ac_cv_path_PYTHON="$PYTHON" # Let the user override the test with a path. - ;; - *) - as_save_IFS=$IFS; IFS=$PATH_SEPARATOR -for as_dir in $PATH -do - IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. - for ac_exec_ext in '' $ac_executable_extensions; do - if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then - ac_cv_path_PYTHON="$as_dir/$ac_word$ac_exec_ext" - $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 - break 2 - fi -done - done -IFS=$as_save_IFS - - ;; -esac -fi -PYTHON=$ac_cv_path_PYTHON -if test -n "$PYTHON"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $PYTHON" >&5 -$as_echo "$PYTHON" >&6; } -else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } -fi - - - if test -z "$PYTHON"; then - as_fn_error $? "Cannot find python$PYTHON_VERSION in your system path" "$LINENO" 5 - PYTHON_VERSION="" - fi - - if test -z "$PYTHON_VERSION"; then - PYTHON_VERSION=`$PYTHON -c "import sys; \ - print(sys.version.split()[0])"` - fi - - # - # Check if you have distutils, else fail - # - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for the distutils Python package" >&5 -$as_echo_n "checking for the distutils Python package... " >&6; } - if ac_distutils_result=`$PYTHON -c "import distutils" 2>&1`; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 -$as_echo "yes" >&6; } - else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } - as_fn_error $? "cannot import Python module \"distutils\". -Please check your Python installation. The error was: -$ac_distutils_result" "$LINENO" 5 - PYTHON_VERSION="" - fi - - # - # Check for Python include path - # - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for Python include path" >&5 -$as_echo_n "checking for Python include path... " >&6; } - if test -z "$PYTHON_CPPFLAGS"; then - python_path=`$PYTHON -c "import distutils.sysconfig; \ - print(distutils.sysconfig.get_python_inc());"` - if test -n "${python_path}"; then - python_path="-I$python_path" - fi - PYTHON_CPPFLAGS=$python_path - fi - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $PYTHON_CPPFLAGS" >&5 -$as_echo "$PYTHON_CPPFLAGS" >&6; } - - - # - # Check for Python library path - # - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for Python library path" >&5 -$as_echo_n "checking for Python library path... " >&6; } - if test -z "$PYTHON_LDFLAGS"; then - PYTHON_LDFLAGS=`$PYTHON -c "from distutils.sysconfig import *; \ - print('-L'+get_config_var('LIBDIR')+' -L'+get_config_var('LIBDEST')+' '+get_config_var('BLDLIBRARY'));"` - fi - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $PYTHON_LDFLAGS" >&5 -$as_echo "$PYTHON_LDFLAGS" >&6; } - - - # - # Check for site packages - # - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for Python site-packages path" >&5 -$as_echo_n "checking for Python site-packages path... " >&6; } - if test -z "$PYTHON_SITE_PKG"; then - PYTHON_SITE_PKG=`$PYTHON -c "import distutils.sysconfig; \ - print(distutils.sysconfig.get_python_lib(1,0));"` - fi - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $PYTHON_SITE_PKG" >&5 -$as_echo "$PYTHON_SITE_PKG" >&6; } - - - # - # final check to see if everything compiles alright - # - { $as_echo "$as_me:${as_lineno-$LINENO}: checking consistency of all components of python development environment" >&5 -$as_echo_n "checking consistency of all components of python development environment... " >&6; } - ac_ext=c -ac_cpp='$CPP $CPPFLAGS' -ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' -ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' -ac_compiler_gnu=$ac_cv_c_compiler_gnu - - # save current global flags - ac_save_LIBS="$LIBS" - ac_save_CPPFLAGS="$CPPFLAGS" - - LIBS="$LIBS $PYTHON_LDFLAGS" - CPPFLAGS="$CPPFLAGS $PYTHON_CPPFLAGS" - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - - #include - -int -main () -{ - - Py_Initialize(); - - ; - return 0; -} -_ACEOF -if ac_fn_c_try_link "$LINENO"; then : - pythonexists=yes -else - pythonexists=no -fi -rm -f core conftest.err conftest.$ac_objext \ - conftest$ac_exeext conftest.$ac_ext - - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $pythonexists" >&5 -$as_echo "$pythonexists" >&6; } - - if test ! "$pythonexists" = "yes"; then - as_fn_error $? " - Could not link test program to Python. Maybe the main Python library has been - installed in some non-standard library path. If so, pass it to configure, - via the LDFLAGS environment variable. - Example: ./configure LDFLAGS=\"-L/usr/non-standard-path/python/lib\" - ============================================================================ - ERROR! - You probably have to install the development version of the Python package - for your distribution. The exact name of this package varies among them. - ============================================================================ - " "$LINENO" 5 - PYTHON_VERSION="" - fi - ac_ext=c -ac_cpp='$CPP $CPPFLAGS' -ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' -ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' -ac_compiler_gnu=$ac_cv_c_compiler_gnu - - # turn back to default flags - CPPFLAGS="$ac_save_CPPFLAGS" - LIBS="$ac_save_LIBS" - - # - # all done! - # - - if test ! -z "$PYTHON_VERSION"; then - if test `$PYTHON -c "print('$PYTHON_VERSION' >= '2.4.0')"` = "False"; then - as_fn_error $? "Python version >= 2.4.0 is required" "$LINENO" 5 - fi - - PY_MAJOR_VERSION="`$PYTHON -c \"import sys; print(sys.version_info[0])\"`" - - # Have Python - -$as_echo "#define HAVE_PYTHON 1" >>confdefs.h - - LIBS="$PYTHON_LDFLAGS $LIBS" - CPPFLAGS="$CPPFLAGS $PYTHON_CPPFLAGS" - ub_have_python=yes - PC_PY_DEPENDENCY="python" - - - # Check for SWIG - ub_have_swig=no - - # Extract the first word of "swig", so it can be a program name with args. -set dummy swig; ac_word=$2 -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 -$as_echo_n "checking for $ac_word... " >&6; } -if ${ac_cv_path_SWIG+:} false; then : - $as_echo_n "(cached) " >&6 -else - case $SWIG in - [\\/]* | ?:[\\/]*) - ac_cv_path_SWIG="$SWIG" # Let the user override the test with a path. - ;; - *) - as_save_IFS=$IFS; IFS=$PATH_SEPARATOR -for as_dir in $PATH -do - IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. - for ac_exec_ext in '' $ac_executable_extensions; do - if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then - ac_cv_path_SWIG="$as_dir/$ac_word$ac_exec_ext" - $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 - break 2 - fi -done - done -IFS=$as_save_IFS - - ;; -esac -fi -SWIG=$ac_cv_path_SWIG -if test -n "$SWIG"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $SWIG" >&5 -$as_echo "$SWIG" >&6; } -else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } -fi - - - if test -z "$SWIG" ; then - { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cannot find 'swig' program. You should look at http://www.swig.org" >&5 -$as_echo "$as_me: WARNING: cannot find 'swig' program. You should look at http://www.swig.org" >&2;} - SWIG='echo "Error: SWIG is not installed. You should look at http://www.swig.org" ; false' - elif test -n "2.0.1" ; then - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for SWIG version" >&5 -$as_echo_n "checking for SWIG version... " >&6; } - swig_version=`$SWIG -version 2>&1 | grep 'SWIG Version' | sed 's/.*\([0-9][0-9]*\.[0-9][0-9]*\.[0-9][0-9]*\).*/\1/g'` - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $swig_version" >&5 -$as_echo "$swig_version" >&6; } - if test -n "$swig_version" ; then - # Calculate the required version number components - required=2.0.1 - required_major=`echo $required | sed 's/[^0-9].*//'` - if test -z "$required_major" ; then - required_major=0 - fi - required=`echo $required | sed 's/[0-9]*[^0-9]//'` - required_minor=`echo $required | sed 's/[^0-9].*//'` - if test -z "$required_minor" ; then - required_minor=0 - fi - required=`echo $required | sed 's/[0-9]*[^0-9]//'` - required_patch=`echo $required | sed 's/[^0-9].*//'` - if test -z "$required_patch" ; then - required_patch=0 - fi - # Calculate the available version number components - available=$swig_version - available_major=`echo $available | sed 's/[^0-9].*//'` - if test -z "$available_major" ; then - available_major=0 - fi - available=`echo $available | sed 's/[0-9]*[^0-9]//'` - available_minor=`echo $available | sed 's/[^0-9].*//'` - if test -z "$available_minor" ; then - available_minor=0 - fi - available=`echo $available | sed 's/[0-9]*[^0-9]//'` - available_patch=`echo $available | sed 's/[^0-9].*//'` - if test -z "$available_patch" ; then - available_patch=0 - fi - badversion=0 - if test $available_major -lt $required_major ; then - badversion=1 - fi - if test $available_major -eq $required_major \ - -a $available_minor -lt $required_minor ; then - badversion=1 - fi - if test $available_major -eq $required_major \ - -a $available_minor -eq $required_minor \ - -a $available_patch -lt $required_patch ; then - badversion=1 - fi - if test $badversion -eq 1 ; then - { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: SWIG version >= 2.0.1 is required. You have $swig_version. You should look at http://www.swig.org" >&5 -$as_echo "$as_me: WARNING: SWIG version >= 2.0.1 is required. You have $swig_version. You should look at http://www.swig.org" >&2;} - SWIG='echo "Error: SWIG version >= 2.0.1 is required. You have '"$swig_version"'. You should look at http://www.swig.org" ; false' - else - { $as_echo "$as_me:${as_lineno-$LINENO}: SWIG executable is '$SWIG'" >&5 -$as_echo "$as_me: SWIG executable is '$SWIG'" >&6;} - SWIG_LIB=`$SWIG -swiglib` - { $as_echo "$as_me:${as_lineno-$LINENO}: SWIG library directory is '$SWIG_LIB'" >&5 -$as_echo "$as_me: SWIG library directory is '$SWIG_LIB'" >&6;} - fi - else - { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cannot determine SWIG version" >&5 -$as_echo "$as_me: WARNING: cannot determine SWIG version" >&2;} - SWIG='echo "Error: Cannot determine SWIG version. You should look at http://www.swig.org" ; false' - fi - fi - - - { $as_echo "$as_me:${as_lineno-$LINENO}: checking SWIG" >&5 -$as_echo_n "checking SWIG... " >&6; } - if test ! -x "$SWIG"; then - as_fn_error $? "failed to find swig tool, install it, or do not build Python module and PyUnbound" "$LINENO" 5 - else - -$as_echo "#define HAVE_SWIG 1" >>confdefs.h - - swig="$SWIG" - - { $as_echo "$as_me:${as_lineno-$LINENO}: result: present" >&5 -$as_echo "present" >&6; } - - # If have Python & SWIG - # Declare PythonMod - if test x_$ub_with_pythonmod != x_no; then - -$as_echo "#define WITH_PYTHONMODULE 1" >>confdefs.h - - WITH_PYTHONMODULE=yes - - PYTHONMOD_OBJ="pythonmod.lo pythonmod_utils.lo" - - PYTHONMOD_HEADER='$(srcdir)/pythonmod/pythonmod.h' - - PYTHONMOD_INSTALL=pythonmod-install - - PYTHONMOD_UNINSTALL=pythonmod-uninstall - - fi - - # Declare PyUnbound - if test x_$ub_with_pyunbound != x_no; then - -$as_echo "#define WITH_PYUNBOUND 1" >>confdefs.h - - WITH_PYUNBOUND=yes - - PYUNBOUND_OBJ="libunbound_wrap.lo" - - PYUNBOUND_TARGET="_unbound.la" - - PYUNBOUND_INSTALL=pyunbound-install - - PYUNBOUND_UNINSTALL=pyunbound-uninstall - - fi - fi - else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: *** Python libraries not found, won't build PythonMod or PyUnbound ***" >&5 -$as_echo "*** Python libraries not found, won't build PythonMod or PyUnbound ***" >&6; } - ub_with_pyunbound=no - ub_with_pythonmod=no - fi -fi - -if test "`uname`" = "NetBSD"; then - NETBSD_LINTFLAGS='"-D__RENAME(x)=" -D_NETINET_IN_H_' - -fi -CONFIG_DATE=`date +%Y%m%d` - - -# Checks for libraries. - -# libnss -USE_NSS="no" - -# Check whether --with-nss was given. -if test "${with_nss+set}" = set; then : - withval=$with_nss; - USE_NSS="yes" - -$as_echo "#define HAVE_NSS 1" >>confdefs.h - - if test "$withval" != "" -a "$withval" != "yes"; then - CPPFLAGS="$CPPFLAGS -I$withval/include/nss3" - LDFLAGS="$LDFLAGS -L$withval/lib" - - if test "x$enable_rpath" = xyes; then - if echo "$withval/lib" | grep "^/" >/dev/null; then - RUNTIME_PATH="$RUNTIME_PATH -R$withval/lib" - fi - fi - - CPPFLAGS="-I$withval/include/nspr4 $CPPFLAGS" - else - CPPFLAGS="$CPPFLAGS -I/usr/include/nss3" - CPPFLAGS="-I/usr/include/nspr4 $CPPFLAGS" - fi - LIBS="$LIBS -lnss3 -lnspr4" - SSLLIB="" - - -fi - - -# libnettle -USE_NETTLE="no" - -# Check whether --with-nettle was given. -if test "${with_nettle+set}" = set; then : - withval=$with_nettle; - USE_NETTLE="yes" - -$as_echo "#define HAVE_NETTLE 1" >>confdefs.h - - for ac_header in nettle/dsa-compat.h -do : - ac_fn_c_check_header_compile "$LINENO" "nettle/dsa-compat.h" "ac_cv_header_nettle_dsa_compat_h" "$ac_includes_default -" -if test "x$ac_cv_header_nettle_dsa_compat_h" = xyes; then : - cat >>confdefs.h <<_ACEOF -#define HAVE_NETTLE_DSA_COMPAT_H 1 -_ACEOF - -fi - -done - - if test "$withval" != "" -a "$withval" != "yes"; then - CPPFLAGS="$CPPFLAGS -I$withval/include/nettle" - LDFLAGS="$LDFLAGS -L$withval/lib" - - if test "x$enable_rpath" = xyes; then - if echo "$withval/lib" | grep "^/" >/dev/null; then - RUNTIME_PATH="$RUNTIME_PATH -R$withval/lib" - fi - fi - - else - CPPFLAGS="$CPPFLAGS -I/usr/include/nettle" - fi - LIBS="$LIBS -lhogweed -lnettle -lgmp" - SSLLIB="" - - -fi - - -# openssl -if test $USE_NSS = "no" -a $USE_NETTLE = "no"; then - - -# Check whether --with-ssl was given. -if test "${with_ssl+set}" = set; then : - withval=$with_ssl; - -else - - withval="yes" - -fi - - if test x_$withval = x_no; then - as_fn_error $? "Need SSL library to do digital signature cryptography" "$LINENO" 5 - fi - - withval=$withval - if test x_$withval != x_no; then - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for SSL" >&5 -$as_echo_n "checking for SSL... " >&6; } - if test x_$withval = x_ -o x_$withval = x_yes; then - withval="/usr/local/ssl /usr/lib/ssl /usr/ssl /usr/pkg /usr/local /opt/local /usr/sfw /usr" - fi - for dir in $withval; do - ssldir="$dir" - if test -f "$dir/include/openssl/ssl.h"; then - found_ssl="yes" - -cat >>confdefs.h <<_ACEOF -#define HAVE_SSL /**/ -_ACEOF - - if test "$ssldir" != "/usr"; then - CPPFLAGS="$CPPFLAGS -I$ssldir/include" - LIBSSL_CPPFLAGS="$LIBSSL_CPPFLAGS -I$ssldir/include" - fi - break; - fi - done - if test x_$found_ssl != x_yes; then - as_fn_error $? "Cannot find the SSL libraries in $withval" "$LINENO" 5 - else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: found in $ssldir" >&5 -$as_echo "found in $ssldir" >&6; } - HAVE_SSL=yes - if test "$ssldir" != "/usr" -a "$ssldir" != ""; then - LDFLAGS="$LDFLAGS -L$ssldir/lib" - LIBSSL_LDFLAGS="$LIBSSL_LDFLAGS -L$ssldir/lib" - - if test "x$enable_rpath" = xyes; then - if echo "$ssldir/lib" | grep "^/" >/dev/null; then - RUNTIME_PATH="$RUNTIME_PATH -R$ssldir/lib" - fi - fi - - fi - - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for HMAC_Update in -lcrypto" >&5 -$as_echo_n "checking for HMAC_Update in -lcrypto... " >&6; } - LIBS="$LIBS -lcrypto" - LIBSSL_LIBS="$LIBSSL_LIBS -lcrypto" - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - -int -main () -{ - - int HMAC_Update(void); - (void)HMAC_Update(); - - ; - return 0; -} -_ACEOF -if ac_fn_c_try_link "$LINENO"; then : - - { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 -$as_echo "yes" >&6; } - -$as_echo "#define HAVE_HMAC_UPDATE 1" >>confdefs.h - - -else - - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } - # check if -lwsock32 or -lgdi32 are needed. - BAKLIBS="$LIBS" - BAKSSLLIBS="$LIBSSL_LIBS" - LIBS="$LIBS -lgdi32" - LIBSSL_LIBS="$LIBSSL_LIBS -lgdi32" - { $as_echo "$as_me:${as_lineno-$LINENO}: checking if -lcrypto needs -lgdi32" >&5 -$as_echo_n "checking if -lcrypto needs -lgdi32... " >&6; } - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - -int -main () -{ - - int HMAC_Update(void); - (void)HMAC_Update(); - - ; - return 0; -} -_ACEOF -if ac_fn_c_try_link "$LINENO"; then : - - -$as_echo "#define HAVE_HMAC_UPDATE 1" >>confdefs.h - - { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 -$as_echo "yes" >&6; } - -else - - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } - LIBS="$BAKLIBS" - LIBSSL_LIBS="$BAKSSLLIBS" - LIBS="$LIBS -ldl" - LIBSSL_LIBS="$LIBSSL_LIBS -ldl" - { $as_echo "$as_me:${as_lineno-$LINENO}: checking if -lcrypto needs -ldl" >&5 -$as_echo_n "checking if -lcrypto needs -ldl... " >&6; } - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - -int -main () -{ - - int HMAC_Update(void); - (void)HMAC_Update(); - - ; - return 0; -} -_ACEOF -if ac_fn_c_try_link "$LINENO"; then : - - -$as_echo "#define HAVE_HMAC_UPDATE 1" >>confdefs.h - - { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 -$as_echo "yes" >&6; } - -else - - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } - LIBS="$BAKLIBS" - LIBSSL_LIBS="$BAKSSLLIBS" - LIBS="$LIBS -ldl -pthread" - LIBSSL_LIBS="$LIBSSL_LIBS -ldl -pthread" - { $as_echo "$as_me:${as_lineno-$LINENO}: checking if -lcrypto needs -ldl -pthread" >&5 -$as_echo_n "checking if -lcrypto needs -ldl -pthread... " >&6; } - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - -int -main () -{ - - int HMAC_Update(void); - (void)HMAC_Update(); - - ; - return 0; -} -_ACEOF -if ac_fn_c_try_link "$LINENO"; then : - - -$as_echo "#define HAVE_HMAC_UPDATE 1" >>confdefs.h - - { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 -$as_echo "yes" >&6; } - -else - - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } - as_fn_error $? "OpenSSL found in $ssldir, but version 0.9.7 or higher is required" "$LINENO" 5 - -fi -rm -f core conftest.err conftest.$ac_objext \ - conftest$ac_exeext conftest.$ac_ext - -fi -rm -f core conftest.err conftest.$ac_objext \ - conftest$ac_exeext conftest.$ac_ext - -fi -rm -f core conftest.err conftest.$ac_objext \ - conftest$ac_exeext conftest.$ac_ext - -fi -rm -f core conftest.err conftest.$ac_objext \ - conftest$ac_exeext conftest.$ac_ext - fi - - - fi -for ac_header in openssl/ssl.h -do : - ac_fn_c_check_header_compile "$LINENO" "openssl/ssl.h" "ac_cv_header_openssl_ssl_h" "$ac_includes_default -" -if test "x$ac_cv_header_openssl_ssl_h" = xyes; then : - cat >>confdefs.h <<_ACEOF -#define HAVE_OPENSSL_SSL_H 1 -_ACEOF - -fi - -done - -for ac_header in openssl/err.h -do : - ac_fn_c_check_header_compile "$LINENO" "openssl/err.h" "ac_cv_header_openssl_err_h" "$ac_includes_default -" -if test "x$ac_cv_header_openssl_err_h" = xyes; then : - cat >>confdefs.h <<_ACEOF -#define HAVE_OPENSSL_ERR_H 1 -_ACEOF - -fi - -done - -for ac_header in openssl/rand.h -do : - ac_fn_c_check_header_compile "$LINENO" "openssl/rand.h" "ac_cv_header_openssl_rand_h" "$ac_includes_default -" -if test "x$ac_cv_header_openssl_rand_h" = xyes; then : - cat >>confdefs.h <<_ACEOF -#define HAVE_OPENSSL_RAND_H 1 -_ACEOF - -fi - -done - - - - -# check if libssl needs libdl -BAKLIBS="$LIBS" -LIBS="-lssl $LIBS" -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if libssl needs libdl" >&5 -$as_echo_n "checking if libssl needs libdl... " >&6; } -cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char SSL_CTX_new (); -int -main () -{ -return SSL_CTX_new (); - ; - return 0; -} -_ACEOF -if ac_fn_c_try_link "$LINENO"; then : - - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } - LIBS="$BAKLIBS" - -else - - { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 -$as_echo "yes" >&6; } - LIBS="$BAKLIBS" - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing dlopen" >&5 -$as_echo_n "checking for library containing dlopen... " >&6; } -if ${ac_cv_search_dlopen+:} false; then : - $as_echo_n "(cached) " >&6 -else - ac_func_search_save_LIBS=$LIBS -cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char dlopen (); -int -main () -{ -return dlopen (); - ; - return 0; -} -_ACEOF -for ac_lib in '' dl; do - if test -z "$ac_lib"; then - ac_res="none required" - else - ac_res=-l$ac_lib - LIBS="-l$ac_lib $ac_func_search_save_LIBS" - fi - if ac_fn_c_try_link "$LINENO"; then : - ac_cv_search_dlopen=$ac_res -fi -rm -f core conftest.err conftest.$ac_objext \ - conftest$ac_exeext - if ${ac_cv_search_dlopen+:} false; then : - break -fi -done -if ${ac_cv_search_dlopen+:} false; then : - -else - ac_cv_search_dlopen=no -fi -rm conftest.$ac_ext -LIBS=$ac_func_search_save_LIBS -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_dlopen" >&5 -$as_echo "$ac_cv_search_dlopen" >&6; } -ac_res=$ac_cv_search_dlopen -if test "$ac_res" != no; then : - test "$ac_res" = "none required" || LIBS="$ac_res $LIBS" - -fi - - -fi -rm -f core conftest.err conftest.$ac_objext \ - conftest$ac_exeext conftest.$ac_ext -SSLLIB="-lssl" - -# check if -lcrypt32 is needed because CAPIENG needs that. (on windows) -BAKLIBS="$LIBS" -LIBS="-lssl $LIBS" -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if libssl needs -lcrypt32" >&5 -$as_echo_n "checking if libssl needs -lcrypt32... " >&6; } -cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char HMAC_Update (); -int -main () -{ -return HMAC_Update (); - ; - return 0; -} -_ACEOF -if ac_fn_c_try_link "$LINENO"; then : - - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } - LIBS="$BAKLIBS" - -else - - { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 -$as_echo "yes" >&6; } - LIBS="$BAKLIBS" - LIBS="$LIBS -lcrypt32" - -fi -rm -f core conftest.err conftest.$ac_objext \ - conftest$ac_exeext conftest.$ac_ext - -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for LibreSSL" >&5 -$as_echo_n "checking for LibreSSL... " >&6; } -if grep VERSION_TEXT $ssldir/include/openssl/opensslv.h | grep "LibreSSL" >/dev/null; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 -$as_echo "yes" >&6; } - -$as_echo "#define HAVE_LIBRESSL 1" >>confdefs.h - - # libressl provides these compat functions, but they may also be - # declared by the OS in libc. See if they have been declared. - ac_fn_c_check_decl "$LINENO" "strlcpy" "ac_cv_have_decl_strlcpy" "$ac_includes_default" -if test "x$ac_cv_have_decl_strlcpy" = xyes; then : - ac_have_decl=1 -else - ac_have_decl=0 -fi - -cat >>confdefs.h <<_ACEOF -#define HAVE_DECL_STRLCPY $ac_have_decl -_ACEOF -ac_fn_c_check_decl "$LINENO" "strlcat" "ac_cv_have_decl_strlcat" "$ac_includes_default" -if test "x$ac_cv_have_decl_strlcat" = xyes; then : - ac_have_decl=1 -else - ac_have_decl=0 -fi - -cat >>confdefs.h <<_ACEOF -#define HAVE_DECL_STRLCAT $ac_have_decl -_ACEOF -ac_fn_c_check_decl "$LINENO" "arc4random" "ac_cv_have_decl_arc4random" "$ac_includes_default" -if test "x$ac_cv_have_decl_arc4random" = xyes; then : - ac_have_decl=1 -else - ac_have_decl=0 -fi - -cat >>confdefs.h <<_ACEOF -#define HAVE_DECL_ARC4RANDOM $ac_have_decl -_ACEOF -ac_fn_c_check_decl "$LINENO" "arc4random_uniform" "ac_cv_have_decl_arc4random_uniform" "$ac_includes_default" -if test "x$ac_cv_have_decl_arc4random_uniform" = xyes; then : - ac_have_decl=1 -else - ac_have_decl=0 -fi - -cat >>confdefs.h <<_ACEOF -#define HAVE_DECL_ARC4RANDOM_UNIFORM $ac_have_decl -_ACEOF -ac_fn_c_check_decl "$LINENO" "reallocarray" "ac_cv_have_decl_reallocarray" "$ac_includes_default" -if test "x$ac_cv_have_decl_reallocarray" = xyes; then : - ac_have_decl=1 -else - ac_have_decl=0 -fi - -cat >>confdefs.h <<_ACEOF -#define HAVE_DECL_REALLOCARRAY $ac_have_decl -_ACEOF - -else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } -fi -for ac_header in openssl/conf.h openssl/engine.h openssl/bn.h openssl/dh.h openssl/dsa.h openssl/rsa.h -do : - as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh` -ac_fn_c_check_header_compile "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default -" -if eval test \"x\$"$as_ac_Header"\" = x"yes"; then : - cat >>confdefs.h <<_ACEOF -#define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1 -_ACEOF - -fi - -done - -for ac_func in OPENSSL_config EVP_sha1 EVP_sha256 EVP_sha512 FIPS_mode EVP_MD_CTX_new OpenSSL_add_all_digests OPENSSL_init_crypto EVP_cleanup ERR_load_crypto_strings CRYPTO_cleanup_all_ex_data ERR_free_strings RAND_cleanup DSA_SIG_set0 EVP_dss1 -do : - as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` -ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" -if eval test \"x\$"$as_ac_var"\" = x"yes"; then : - cat >>confdefs.h <<_ACEOF -#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 -_ACEOF - -fi -done - - -# these check_funcs need -lssl -BAKLIBS="$LIBS" -LIBS="-lssl $LIBS" -for ac_func in OPENSSL_init_ssl SSL_CTX_set_security_level -do : - as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` -ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" -if eval test \"x\$"$as_ac_var"\" = x"yes"; then : - cat >>confdefs.h <<_ACEOF -#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 -_ACEOF - -fi -done - -LIBS="$BAKLIBS" - -ac_fn_c_check_decl "$LINENO" "SSL_COMP_get_compression_methods" "ac_cv_have_decl_SSL_COMP_get_compression_methods" " -$ac_includes_default -#ifdef HAVE_OPENSSL_ERR_H -#include -#endif - -#ifdef HAVE_OPENSSL_RAND_H -#include -#endif - -#ifdef HAVE_OPENSSL_CONF_H -#include -#endif - -#ifdef HAVE_OPENSSL_ENGINE_H -#include -#endif -#include -#include - -" -if test "x$ac_cv_have_decl_SSL_COMP_get_compression_methods" = xyes; then : - ac_have_decl=1 -else - ac_have_decl=0 -fi - -cat >>confdefs.h <<_ACEOF -#define HAVE_DECL_SSL_COMP_GET_COMPRESSION_METHODS $ac_have_decl -_ACEOF -ac_fn_c_check_decl "$LINENO" "sk_SSL_COMP_pop_free" "ac_cv_have_decl_sk_SSL_COMP_pop_free" " -$ac_includes_default -#ifdef HAVE_OPENSSL_ERR_H -#include -#endif - -#ifdef HAVE_OPENSSL_RAND_H -#include -#endif - -#ifdef HAVE_OPENSSL_CONF_H -#include -#endif - -#ifdef HAVE_OPENSSL_ENGINE_H -#include -#endif -#include -#include - -" -if test "x$ac_cv_have_decl_sk_SSL_COMP_pop_free" = xyes; then : - ac_have_decl=1 -else - ac_have_decl=0 -fi - -cat >>confdefs.h <<_ACEOF -#define HAVE_DECL_SK_SSL_COMP_POP_FREE $ac_have_decl -_ACEOF -ac_fn_c_check_decl "$LINENO" "SSL_CTX_set_ecdh_auto" "ac_cv_have_decl_SSL_CTX_set_ecdh_auto" " -$ac_includes_default -#ifdef HAVE_OPENSSL_ERR_H -#include -#endif - -#ifdef HAVE_OPENSSL_RAND_H -#include -#endif - -#ifdef HAVE_OPENSSL_CONF_H -#include -#endif - -#ifdef HAVE_OPENSSL_ENGINE_H -#include -#endif -#include -#include - -" -if test "x$ac_cv_have_decl_SSL_CTX_set_ecdh_auto" = xyes; then : - ac_have_decl=1 -else - ac_have_decl=0 -fi - -cat >>confdefs.h <<_ACEOF -#define HAVE_DECL_SSL_CTX_SET_ECDH_AUTO $ac_have_decl -_ACEOF - -fi - - - -# Check whether --enable-sha1 was given. -if test "${enable_sha1+set}" = set; then : - enableval=$enable_sha1; -fi - -case "$enable_sha1" in - no) - ;; - yes|*) - -$as_echo "#define USE_SHA1 1" >>confdefs.h - - ;; -esac - - -# Check whether --enable-sha2 was given. -if test "${enable_sha2+set}" = set; then : - enableval=$enable_sha2; -fi - -case "$enable_sha2" in - no) - ;; - yes|*) - -$as_echo "#define USE_SHA2 1" >>confdefs.h - - ;; -esac - -# Check whether --enable-subnet was given. -if test "${enable_subnet+set}" = set; then : - enableval=$enable_subnet; -fi - -case "$enable_subnet" in - yes) - -$as_echo "#define CLIENT_SUBNET 1" >>confdefs.h - - SUBNET_OBJ="edns-subnet.lo subnetmod.lo addrtree.lo subnet-whitelist.lo" - - SUBNET_HEADER='$(srcdir)/edns-subnet/subnetmod.h $(srcdir)/edns-subnet/edns-subnet.h $(srcdir)/edns-subnet/subnet-whitelist.h $(srcdir)/edns-subnet/addrtree.h' - - ;; - no|*) - ;; -esac - -# check wether gost also works - -# Check whether --enable-gost was given. -if test "${enable_gost+set}" = set; then : - enableval=$enable_gost; -fi - -use_gost="no" -if test $USE_NSS = "no" -a $USE_NETTLE = "no"; then -case "$enable_gost" in - no) - ;; - *) - ac_fn_c_check_func "$LINENO" "EVP_PKEY_set_type_str" "ac_cv_func_EVP_PKEY_set_type_str" -if test "x$ac_cv_func_EVP_PKEY_set_type_str" = xyes; then : - : -else - as_fn_error $? "OpenSSL 1.0.0 is needed for GOST support" "$LINENO" 5 -fi - - ac_fn_c_check_func "$LINENO" "EC_KEY_new" "ac_cv_func_EC_KEY_new" -if test "x$ac_cv_func_EC_KEY_new" = xyes; then : - -else - as_fn_error $? "OpenSSL does not support ECC, needed for GOST support" "$LINENO" 5 -fi - - -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if GOST works" >&5 -$as_echo_n "checking if GOST works... " >&6; } -if test c${cross_compiling} = cno; then -BAKCFLAGS="$CFLAGS" -if test -n "$ssldir"; then - CFLAGS="$CFLAGS -Wl,-rpath,$ssldir/lib" -fi -if test "$cross_compiling" = yes; then : - { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 -$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} -as_fn_error $? "cannot run test program while cross compiling -See \`config.log' for more details" "$LINENO" 5; } -else - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - -#include -#include -#include -#include -#include -/* routine to load gost (from sldns) */ -int load_gost_id(void) -{ - static int gost_id = 0; - const EVP_PKEY_ASN1_METHOD* meth; - ENGINE* e; - - if(gost_id) return gost_id; - - /* see if configuration loaded gost implementation from other engine*/ - meth = EVP_PKEY_asn1_find_str(NULL, "gost2001", -1); - if(meth) { - EVP_PKEY_asn1_get0_info(&gost_id, NULL, NULL, NULL, NULL, meth); - return gost_id; - } - - /* see if engine can be loaded already */ - e = ENGINE_by_id("gost"); - if(!e) { - /* load it ourself, in case statically linked */ - ENGINE_load_builtin_engines(); - ENGINE_load_dynamic(); - e = ENGINE_by_id("gost"); - } - if(!e) { - /* no gost engine in openssl */ - return 0; - } - if(!ENGINE_set_default(e, ENGINE_METHOD_ALL)) { - ENGINE_finish(e); - ENGINE_free(e); - return 0; - } - - meth = EVP_PKEY_asn1_find_str(&e, "gost2001", -1); - if(!meth) { - /* algo not found */ - ENGINE_finish(e); - ENGINE_free(e); - return 0; - } - EVP_PKEY_asn1_get0_info(&gost_id, NULL, NULL, NULL, NULL, meth); - return gost_id; -} -int main(void) { - EVP_MD_CTX* ctx; - const EVP_MD* md; - unsigned char digest[64]; /* its a 256-bit digest, so uses 32 bytes */ - const char* str = "Hello world"; - const unsigned char check[] = { - 0x40 , 0xed , 0xf8 , 0x56 , 0x5a , 0xc5 , 0x36 , 0xe1 , - 0x33 , 0x7c , 0x7e , 0x87 , 0x62 , 0x1c , 0x42 , 0xe0 , - 0x17 , 0x1b , 0x5e , 0xce , 0xa8 , 0x46 , 0x65 , 0x4d , - 0x8d , 0x3e , 0x22 , 0x9b , 0xe1 , 0x30 , 0x19 , 0x9d - }; - OPENSSL_config(NULL); - (void)load_gost_id(); - md = EVP_get_digestbyname("md_gost94"); - if(!md) return 1; - memset(digest, 0, sizeof(digest)); - ctx = EVP_MD_CTX_create(); - if(!ctx) return 2; - if(!EVP_DigestInit_ex(ctx, md, NULL)) return 3; - if(!EVP_DigestUpdate(ctx, str, 10)) return 4; - if(!EVP_DigestFinal_ex(ctx, digest, NULL)) return 5; - /* uncomment to see the hash calculated. - {int i; - for(i=0; i<32; i++) - printf(" %2.2x", (int)digest[i]); - printf("\n");} - */ - if(memcmp(digest, check, sizeof(check)) != 0) - return 6; - return 0; -} - -_ACEOF -if ac_fn_c_try_run "$LINENO"; then : - eval "ac_cv_c_gost_works=yes" -else - eval "ac_cv_c_gost_works=no" -fi -rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ - conftest.$ac_objext conftest.beam conftest.$ac_ext -fi - -CFLAGS="$BAKCFLAGS" -else -eval "ac_cv_c_gost_works=maybe" -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_c_gost_works" >&5 -$as_echo "$ac_cv_c_gost_works" >&6; } - - if test "$ac_cv_c_gost_works" != no; then - use_gost="yes" - -$as_echo "#define USE_GOST 1" >>confdefs.h - - fi - ;; -esac -fi -# Check whether --enable-ecdsa was given. -if test "${enable_ecdsa+set}" = set; then : - enableval=$enable_ecdsa; -fi - -use_ecdsa="no" -case "$enable_ecdsa" in - no) - ;; - *) - if test $USE_NSS = "no" -a $USE_NETTLE = "no"; then - ac_fn_c_check_func "$LINENO" "ECDSA_sign" "ac_cv_func_ECDSA_sign" -if test "x$ac_cv_func_ECDSA_sign" = xyes; then : - -else - as_fn_error $? "OpenSSL does not support ECDSA: please upgrade or rerun with --disable-ecdsa" "$LINENO" 5 -fi - - ac_fn_c_check_func "$LINENO" "SHA384_Init" "ac_cv_func_SHA384_Init" -if test "x$ac_cv_func_SHA384_Init" = xyes; then : - -else - as_fn_error $? "OpenSSL does not support SHA384: please upgrade or rerun with --disable-ecdsa" "$LINENO" 5 -fi - - ac_fn_c_check_decl "$LINENO" "NID_X9_62_prime256v1" "ac_cv_have_decl_NID_X9_62_prime256v1" "$ac_includes_default -#include - -" -if test "x$ac_cv_have_decl_NID_X9_62_prime256v1" = xyes; then : - ac_have_decl=1 -else - ac_have_decl=0 -fi - -cat >>confdefs.h <<_ACEOF -#define HAVE_DECL_NID_X9_62_PRIME256V1 $ac_have_decl -_ACEOF -if test $ac_have_decl = 1; then : - -else - as_fn_error $? "OpenSSL does not support the ECDSA curves: please upgrade or rerun with --disable-ecdsa" "$LINENO" 5 -fi -ac_fn_c_check_decl "$LINENO" "NID_secp384r1" "ac_cv_have_decl_NID_secp384r1" "$ac_includes_default -#include - -" -if test "x$ac_cv_have_decl_NID_secp384r1" = xyes; then : - ac_have_decl=1 -else - ac_have_decl=0 -fi - -cat >>confdefs.h <<_ACEOF -#define HAVE_DECL_NID_SECP384R1 $ac_have_decl -_ACEOF -if test $ac_have_decl = 1; then : - -else - as_fn_error $? "OpenSSL does not support the ECDSA curves: please upgrade or rerun with --disable-ecdsa" "$LINENO" 5 -fi - - # see if OPENSSL 1.0.0 or later (has EVP MD and Verify independency) - { $as_echo "$as_me:${as_lineno-$LINENO}: checking if openssl supports SHA2 and ECDSA with EVP" >&5 -$as_echo_n "checking if openssl supports SHA2 and ECDSA with EVP... " >&6; } - if grep OPENSSL_VERSION_TEXT $ssldir/include/openssl/opensslv.h | grep "OpenSSL" >/dev/null; then - if grep OPENSSL_VERSION_NUMBER $ssldir/include/openssl/opensslv.h | grep 0x0 >/dev/null; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } - -cat >>confdefs.h <<_ACEOF -#define USE_ECDSA_EVP_WORKAROUND 1 -_ACEOF - - else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 -$as_echo "yes" >&6; } - fi - else - # not OpenSSL, thus likely LibreSSL, which supports it - { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 -$as_echo "yes" >&6; } - fi - fi - # we now know we have ECDSA and the required curves. - -cat >>confdefs.h <<_ACEOF -#define USE_ECDSA 1 -_ACEOF - - use_ecdsa="yes" - ;; -esac - -# Check whether --enable-dsa was given. -if test "${enable_dsa+set}" = set; then : - enableval=$enable_dsa; -fi - -use_dsa="no" -case "$enable_dsa" in - no) - ;; - *) - # detect if DSA is supported, and turn it off if not. - ac_fn_c_check_func "$LINENO" "DSA_SIG_new" "ac_cv_func_DSA_SIG_new" -if test "x$ac_cv_func_DSA_SIG_new" = xyes; then : - - -cat >>confdefs.h <<_ACEOF -#define USE_DSA 1 -_ACEOF - - -else - if test "x$enable_dsa" = "xyes"; then as_fn_error $? "OpenSSL does not support DSA and you used --enable-dsa." "$LINENO" 5 - fi -fi - - ;; -esac - - -# Check whether --enable-event-api was given. -if test "${enable_event_api+set}" = set; then : - enableval=$enable_event_api; -fi - -case "$enable_event_api" in - yes) - UNBOUND_EVENT_INSTALL=unbound-event-install - - UNBOUND_EVENT_UNINSTALL=unbound-event-uninstall - - ;; - *) - ;; -esac - -# Check whether --enable-tfo-client was given. -if test "${enable_tfo_client+set}" = set; then : - enableval=$enable_tfo_client; -fi - -case "$enable_tfo_client" in - yes) - case `uname` in - Linux) ac_fn_c_check_decl "$LINENO" "MSG_FASTOPEN" "ac_cv_have_decl_MSG_FASTOPEN" "$ac_includes_default -#include - -" -if test "x$ac_cv_have_decl_MSG_FASTOPEN" = xyes; then : - { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Check the platform specific TFO kernel parameters are correctly configured to support client mode TFO" >&5 -$as_echo "$as_me: WARNING: Check the platform specific TFO kernel parameters are correctly configured to support client mode TFO" >&2;} -else - as_fn_error $? "TCP Fast Open is not available for client mode: please rerun without --enable-tfo-client" "$LINENO" 5 -fi - - -cat >>confdefs.h <<_ACEOF -#define USE_MSG_FASTOPEN 1 -_ACEOF - - ;; - Darwin) ac_fn_c_check_decl "$LINENO" "CONNECT_RESUME_ON_READ_WRITE" "ac_cv_have_decl_CONNECT_RESUME_ON_READ_WRITE" "$ac_includes_default -#include - -" -if test "x$ac_cv_have_decl_CONNECT_RESUME_ON_READ_WRITE" = xyes; then : - { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Check the platform specific TFO kernel parameters are correctly configured to support client mode TFO" >&5 -$as_echo "$as_me: WARNING: Check the platform specific TFO kernel parameters are correctly configured to support client mode TFO" >&2;} -else - as_fn_error $? "TCP Fast Open is not available for client mode: please rerun without --enable-tfo-client" "$LINENO" 5 -fi - - -cat >>confdefs.h <<_ACEOF -#define USE_OSX_MSG_FASTOPEN 1 -_ACEOF - - ;; - esac - ;; - no|*) - ;; -esac - -# Check whether --enable-tfo-server was given. -if test "${enable_tfo_server+set}" = set; then : - enableval=$enable_tfo_server; -fi - -case "$enable_tfo_server" in - yes) - ac_fn_c_check_decl "$LINENO" "TCP_FASTOPEN" "ac_cv_have_decl_TCP_FASTOPEN" "$ac_includes_default -#include - -" -if test "x$ac_cv_have_decl_TCP_FASTOPEN" = xyes; then : - { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Check the platform specific TFO kernel parameters are correctly configured to support server mode TFO" >&5 -$as_echo "$as_me: WARNING: Check the platform specific TFO kernel parameters are correctly configured to support server mode TFO" >&2;} -else - as_fn_error $? "TCP Fast Open is not available for server mode: please rerun without --enable-tfo-server" "$LINENO" 5 -fi - - -cat >>confdefs.h <<_ACEOF -#define USE_TCP_FASTOPEN 1 -_ACEOF - - ;; - no|*) - ;; -esac - -# check for libevent - -# Check whether --with-libevent was given. -if test "${with_libevent+set}" = set; then : - withval=$with_libevent; -else - withval="no" -fi - -if test x_$withval = x_yes -o x_$withval != x_no; then - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for libevent" >&5 -$as_echo_n "checking for libevent... " >&6; } - if test x_$withval = x_ -o x_$withval = x_yes; then - withval="/usr/local /opt/local /usr/lib /usr/pkg /usr/sfw /usr" - fi - for dir in $withval; do - thedir="$dir" - if test -f "$dir/include/event.h" -o -f "$dir/include/event2/event.h"; then - found_libevent="yes" - if test "$thedir" != "/usr"; then - CPPFLAGS="$CPPFLAGS -I$thedir/include" - fi - break; - fi - done - if test x_$found_libevent != x_yes; then - if test -f "$dir/event.h" -a \( -f "$dir/libevent.la" -o -f "$dir/libev.la" \) ; then - # libevent source directory - { $as_echo "$as_me:${as_lineno-$LINENO}: result: found in $thedir" >&5 -$as_echo "found in $thedir" >&6; } - CPPFLAGS="$CPPFLAGS -I$thedir -I$thedir/include" - BAK_LDFLAGS_SET="1" - BAK_LDFLAGS="$LDFLAGS" - # remove evdns from linking - mkdir build >/dev/null 2>&1 - mkdir build/libevent >/dev/null 2>&1 - mkdir build/libevent/.libs >/dev/null 2>&1 - ev_files_o=`ls $thedir/*.o | grep -v evdns\.o | grep -v bufferevent_openssl\.o` - ev_files_lo=`ls $thedir/*.lo | grep -v evdns\.lo | grep -v bufferevent_openssl\.lo` - ev_files_libso=`ls $thedir/.libs/*.o | grep -v evdns\.o | grep -v bufferevent_openssl\.o` - cp $ev_files_o build/libevent - cp $ev_files_lo build/libevent - cp $ev_files_libso build/libevent/.libs - LATE_LDFLAGS="build/libevent/*.lo -lm" - LDFLAGS="build/libevent/*.o $LDFLAGS -lm" - else - as_fn_error $? "Cannot find the libevent library in $withval -You can restart ./configure --with-libevent=no to use a builtin alternative. -Please note that this alternative is not as capable as libevent when using -large outgoing port ranges. " "$LINENO" 5 - fi - else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: found in $thedir" >&5 -$as_echo "found in $thedir" >&6; } - if test ! -f $thedir/lib/libevent.a -a ! -f $thedir/lib/libevent.so -a -d "$thedir/lib/event2"; then - LDFLAGS="$LDFLAGS -L$thedir/lib/event2" - - if test "x$enable_rpath" = xyes; then - if echo "$thedir/lib/event2" | grep "^/" >/dev/null; then - RUNTIME_PATH="$RUNTIME_PATH -R$thedir/lib/event2" - fi - fi - - else - if test "$thedir" != "/usr" -a "$thedir" != ""; then - LDFLAGS="$LDFLAGS -L$thedir/lib" - - if test "x$enable_rpath" = xyes; then - if echo "$thedir/lib" | grep "^/" >/dev/null; then - RUNTIME_PATH="$RUNTIME_PATH -R$thedir/lib" - fi - fi - - fi - fi - fi - # check for library used by libevent after 1.3c - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing clock_gettime" >&5 -$as_echo_n "checking for library containing clock_gettime... " >&6; } -if ${ac_cv_search_clock_gettime+:} false; then : - $as_echo_n "(cached) " >&6 -else - ac_func_search_save_LIBS=$LIBS -cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char clock_gettime (); -int -main () -{ -return clock_gettime (); - ; - return 0; -} -_ACEOF -for ac_lib in '' rt; do - if test -z "$ac_lib"; then - ac_res="none required" - else - ac_res=-l$ac_lib - LIBS="-l$ac_lib $ac_func_search_save_LIBS" - fi - if ac_fn_c_try_link "$LINENO"; then : - ac_cv_search_clock_gettime=$ac_res -fi -rm -f core conftest.err conftest.$ac_objext \ - conftest$ac_exeext - if ${ac_cv_search_clock_gettime+:} false; then : - break -fi -done -if ${ac_cv_search_clock_gettime+:} false; then : - -else - ac_cv_search_clock_gettime=no -fi -rm conftest.$ac_ext -LIBS=$ac_func_search_save_LIBS -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_clock_gettime" >&5 -$as_echo "$ac_cv_search_clock_gettime" >&6; } -ac_res=$ac_cv_search_clock_gettime -if test "$ac_res" != no; then : - test "$ac_res" = "none required" || LIBS="$ac_res $LIBS" - -fi - - - # is the event.h header libev or libevent? - for ac_header in event.h -do : - ac_fn_c_check_header_compile "$LINENO" "event.h" "ac_cv_header_event_h" "$ac_includes_default -" -if test "x$ac_cv_header_event_h" = xyes; then : - cat >>confdefs.h <<_ACEOF -#define HAVE_EVENT_H 1 -_ACEOF - -fi - -done - - ac_fn_c_check_decl "$LINENO" "EV_VERSION_MAJOR" "ac_cv_have_decl_EV_VERSION_MAJOR" "$ac_includes_default -#include - -" -if test "x$ac_cv_have_decl_EV_VERSION_MAJOR" = xyes; then : - - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing event_set" >&5 -$as_echo_n "checking for library containing event_set... " >&6; } -if ${ac_cv_search_event_set+:} false; then : - $as_echo_n "(cached) " >&6 -else - ac_func_search_save_LIBS=$LIBS -cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char event_set (); -int -main () -{ -return event_set (); - ; - return 0; -} -_ACEOF -for ac_lib in '' ev; do - if test -z "$ac_lib"; then - ac_res="none required" - else - ac_res=-l$ac_lib - LIBS="-l$ac_lib $ac_func_search_save_LIBS" - fi - if ac_fn_c_try_link "$LINENO"; then : - ac_cv_search_event_set=$ac_res -fi -rm -f core conftest.err conftest.$ac_objext \ - conftest$ac_exeext - if ${ac_cv_search_event_set+:} false; then : - break -fi -done -if ${ac_cv_search_event_set+:} false; then : - -else - ac_cv_search_event_set=no -fi -rm conftest.$ac_ext -LIBS=$ac_func_search_save_LIBS -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_event_set" >&5 -$as_echo "$ac_cv_search_event_set" >&6; } -ac_res=$ac_cv_search_event_set -if test "$ac_res" != no; then : - test "$ac_res" = "none required" || LIBS="$ac_res $LIBS" - -fi - - -else - - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing event_set" >&5 -$as_echo_n "checking for library containing event_set... " >&6; } -if ${ac_cv_search_event_set+:} false; then : - $as_echo_n "(cached) " >&6 -else - ac_func_search_save_LIBS=$LIBS -cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char event_set (); -int -main () -{ -return event_set (); - ; - return 0; -} -_ACEOF -for ac_lib in '' event; do - if test -z "$ac_lib"; then - ac_res="none required" - else - ac_res=-l$ac_lib - LIBS="-l$ac_lib $ac_func_search_save_LIBS" - fi - if ac_fn_c_try_link "$LINENO"; then : - ac_cv_search_event_set=$ac_res -fi -rm -f core conftest.err conftest.$ac_objext \ - conftest$ac_exeext - if ${ac_cv_search_event_set+:} false; then : - break -fi -done -if ${ac_cv_search_event_set+:} false; then : - -else - ac_cv_search_event_set=no -fi -rm conftest.$ac_ext -LIBS=$ac_func_search_save_LIBS -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_event_set" >&5 -$as_echo "$ac_cv_search_event_set" >&6; } -ac_res=$ac_cv_search_event_set -if test "$ac_res" != no; then : - test "$ac_res" = "none required" || LIBS="$ac_res $LIBS" - -fi - - -fi - - for ac_func in event_base_free -do : - ac_fn_c_check_func "$LINENO" "event_base_free" "ac_cv_func_event_base_free" -if test "x$ac_cv_func_event_base_free" = xyes; then : - cat >>confdefs.h <<_ACEOF -#define HAVE_EVENT_BASE_FREE 1 -_ACEOF - -fi -done - # only in libevent 1.2 and later - for ac_func in event_base_once -do : - ac_fn_c_check_func "$LINENO" "event_base_once" "ac_cv_func_event_base_once" -if test "x$ac_cv_func_event_base_once" = xyes; then : - cat >>confdefs.h <<_ACEOF -#define HAVE_EVENT_BASE_ONCE 1 -_ACEOF - -fi -done - # only in libevent 1.4.1 and later - for ac_func in event_base_new -do : - ac_fn_c_check_func "$LINENO" "event_base_new" "ac_cv_func_event_base_new" -if test "x$ac_cv_func_event_base_new" = xyes; then : - cat >>confdefs.h <<_ACEOF -#define HAVE_EVENT_BASE_NEW 1 -_ACEOF - -fi -done - # only in libevent 1.4.1 and later - for ac_func in event_base_get_method -do : - ac_fn_c_check_func "$LINENO" "event_base_get_method" "ac_cv_func_event_base_get_method" -if test "x$ac_cv_func_event_base_get_method" = xyes; then : - cat >>confdefs.h <<_ACEOF -#define HAVE_EVENT_BASE_GET_METHOD 1 -_ACEOF - -fi -done - # only in libevent 1.4.3 and later - for ac_func in ev_loop -do : - ac_fn_c_check_func "$LINENO" "ev_loop" "ac_cv_func_ev_loop" -if test "x$ac_cv_func_ev_loop" = xyes; then : - cat >>confdefs.h <<_ACEOF -#define HAVE_EV_LOOP 1 -_ACEOF - -fi -done - # only in libev. (tested on 3.51) - for ac_func in ev_default_loop -do : - ac_fn_c_check_func "$LINENO" "ev_default_loop" "ac_cv_func_ev_default_loop" -if test "x$ac_cv_func_ev_default_loop" = xyes; then : - cat >>confdefs.h <<_ACEOF -#define HAVE_EV_DEFAULT_LOOP 1 -_ACEOF - -fi -done - # only in libev. (tested on 4.00) - PC_LIBEVENT_DEPENDENCY="libevent" - - if test -n "$BAK_LDFLAGS_SET"; then - LDFLAGS="$BAK_LDFLAGS" - fi -else - -$as_echo "#define USE_MINI_EVENT 1" >>confdefs.h - -fi - -# check for libexpat - -# Check whether --with-libexpat was given. -if test "${with_libexpat+set}" = set; then : - withval=$with_libexpat; -else - withval="/usr/local /opt/local /usr/lib /usr/pkg /usr/sfw /usr" -fi - -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for libexpat" >&5 -$as_echo_n "checking for libexpat... " >&6; } -found_libexpat="no" -for dir in $withval ; do - if test -f "$dir/include/expat.h"; then - found_libexpat="yes" - if test "$dir" != "/usr"; then - CPPFLAGS="$CPPFLAGS -I$dir/include" - LDFLAGS="$LDFLAGS -L$dir/lib" - fi - { $as_echo "$as_me:${as_lineno-$LINENO}: result: found in $dir" >&5 -$as_echo "found in $dir" >&6; } - break; - fi -done -if test x_$found_libexpat != x_yes; then - as_fn_error $? "Could not find libexpat, expat.h" "$LINENO" 5 -fi -for ac_header in expat.h -do : - ac_fn_c_check_header_compile "$LINENO" "expat.h" "ac_cv_header_expat_h" "$ac_includes_default -" -if test "x$ac_cv_header_expat_h" = xyes; then : - cat >>confdefs.h <<_ACEOF -#define HAVE_EXPAT_H 1 -_ACEOF - -fi - -done - -ac_fn_c_check_decl "$LINENO" "XML_StopParser" "ac_cv_have_decl_XML_StopParser" "$ac_includes_default -#include - -" -if test "x$ac_cv_have_decl_XML_StopParser" = xyes; then : - ac_have_decl=1 -else - ac_have_decl=0 -fi - -cat >>confdefs.h <<_ACEOF -#define HAVE_DECL_XML_STOPPARSER $ac_have_decl -_ACEOF - - -# set static linking if requested - -staticexe="" -# Check whether --enable-static-exe was given. -if test "${enable_static_exe+set}" = set; then : - enableval=$enable_static_exe; -fi - -if test x_$enable_static_exe = x_yes; then - staticexe="-static" - if test "$on_mingw" = yes; then - staticexe="-all-static" - # for static compile, include gdi32 and zlib here. - LIBS="$LIBS -lgdi32 -lz" - fi -fi - -# Include systemd.m4 - begin -# macros for configuring systemd -# Copyright 2015, Sami Kerola, CloudFlare. -# BSD licensed. -# Check whether --enable-systemd was given. -if test "${enable_systemd+set}" = set; then : - enableval=$enable_systemd; -else - enable_systemd=no -fi - -have_systemd=no - - - - - - - -if test "x$ac_cv_env_PKG_CONFIG_set" != "xset"; then - if test -n "$ac_tool_prefix"; then - # Extract the first word of "${ac_tool_prefix}pkg-config", so it can be a program name with args. -set dummy ${ac_tool_prefix}pkg-config; ac_word=$2 -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 -$as_echo_n "checking for $ac_word... " >&6; } -if ${ac_cv_path_PKG_CONFIG+:} false; then : - $as_echo_n "(cached) " >&6 -else - case $PKG_CONFIG in - [\\/]* | ?:[\\/]*) - ac_cv_path_PKG_CONFIG="$PKG_CONFIG" # Let the user override the test with a path. - ;; - *) - as_save_IFS=$IFS; IFS=$PATH_SEPARATOR -for as_dir in $PATH -do - IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. - for ac_exec_ext in '' $ac_executable_extensions; do - if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then - ac_cv_path_PKG_CONFIG="$as_dir/$ac_word$ac_exec_ext" - $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 - break 2 - fi -done - done -IFS=$as_save_IFS - - ;; -esac -fi -PKG_CONFIG=$ac_cv_path_PKG_CONFIG -if test -n "$PKG_CONFIG"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $PKG_CONFIG" >&5 -$as_echo "$PKG_CONFIG" >&6; } -else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } -fi - - -fi -if test -z "$ac_cv_path_PKG_CONFIG"; then - ac_pt_PKG_CONFIG=$PKG_CONFIG - # Extract the first word of "pkg-config", so it can be a program name with args. -set dummy pkg-config; ac_word=$2 -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 -$as_echo_n "checking for $ac_word... " >&6; } -if ${ac_cv_path_ac_pt_PKG_CONFIG+:} false; then : - $as_echo_n "(cached) " >&6 -else - case $ac_pt_PKG_CONFIG in - [\\/]* | ?:[\\/]*) - ac_cv_path_ac_pt_PKG_CONFIG="$ac_pt_PKG_CONFIG" # Let the user override the test with a path. - ;; - *) - as_save_IFS=$IFS; IFS=$PATH_SEPARATOR -for as_dir in $PATH -do - IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. - for ac_exec_ext in '' $ac_executable_extensions; do - if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then - ac_cv_path_ac_pt_PKG_CONFIG="$as_dir/$ac_word$ac_exec_ext" - $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 - break 2 - fi -done - done -IFS=$as_save_IFS - - ;; -esac -fi -ac_pt_PKG_CONFIG=$ac_cv_path_ac_pt_PKG_CONFIG -if test -n "$ac_pt_PKG_CONFIG"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_pt_PKG_CONFIG" >&5 -$as_echo "$ac_pt_PKG_CONFIG" >&6; } -else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } -fi - - if test "x$ac_pt_PKG_CONFIG" = x; then - PKG_CONFIG="" - else - case $cross_compiling:$ac_tool_warned in -yes:) -{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 -$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} -ac_tool_warned=yes ;; -esac - PKG_CONFIG=$ac_pt_PKG_CONFIG - fi -else - PKG_CONFIG="$ac_cv_path_PKG_CONFIG" -fi - -fi -if test -n "$PKG_CONFIG"; then - _pkg_min_version=0.9.0 - { $as_echo "$as_me:${as_lineno-$LINENO}: checking pkg-config is at least version $_pkg_min_version" >&5 -$as_echo_n "checking pkg-config is at least version $_pkg_min_version... " >&6; } - if $PKG_CONFIG --atleast-pkgconfig-version $_pkg_min_version; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 -$as_echo "yes" >&6; } - else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } - PKG_CONFIG="" - fi -fi -if test "x$enable_systemd" != xno; then : - - - -pkg_failed=no -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for SYSTEMD" >&5 -$as_echo_n "checking for SYSTEMD... " >&6; } - -if test -n "$SYSTEMD_CFLAGS"; then - pkg_cv_SYSTEMD_CFLAGS="$SYSTEMD_CFLAGS" - elif test -n "$PKG_CONFIG"; then - if test -n "$PKG_CONFIG" && \ - { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"libsystemd\""; } >&5 - ($PKG_CONFIG --exists --print-errors "libsystemd") 2>&5 - ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 - test $ac_status = 0; }; then - pkg_cv_SYSTEMD_CFLAGS=`$PKG_CONFIG --cflags "libsystemd" 2>/dev/null` - test "x$?" != "x0" && pkg_failed=yes -else - pkg_failed=yes -fi - else - pkg_failed=untried -fi -if test -n "$SYSTEMD_LIBS"; then - pkg_cv_SYSTEMD_LIBS="$SYSTEMD_LIBS" - elif test -n "$PKG_CONFIG"; then - if test -n "$PKG_CONFIG" && \ - { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"libsystemd\""; } >&5 - ($PKG_CONFIG --exists --print-errors "libsystemd") 2>&5 - ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 - test $ac_status = 0; }; then - pkg_cv_SYSTEMD_LIBS=`$PKG_CONFIG --libs "libsystemd" 2>/dev/null` - test "x$?" != "x0" && pkg_failed=yes -else - pkg_failed=yes -fi - else - pkg_failed=untried -fi - - - -if test $pkg_failed = yes; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } - -if $PKG_CONFIG --atleast-pkgconfig-version 0.20; then - _pkg_short_errors_supported=yes -else - _pkg_short_errors_supported=no -fi - if test $_pkg_short_errors_supported = yes; then - SYSTEMD_PKG_ERRORS=`$PKG_CONFIG --short-errors --print-errors --cflags --libs "libsystemd" 2>&1` - else - SYSTEMD_PKG_ERRORS=`$PKG_CONFIG --print-errors --cflags --libs "libsystemd" 2>&1` - fi - # Put the nasty error message in config.log where it belongs - echo "$SYSTEMD_PKG_ERRORS" >&5 - - have_systemd=no -elif test $pkg_failed = untried; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } - have_systemd=no -else - SYSTEMD_CFLAGS=$pkg_cv_SYSTEMD_CFLAGS - SYSTEMD_LIBS=$pkg_cv_SYSTEMD_LIBS - { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 -$as_echo "yes" >&6; } - have_systemd=yes -fi - if test "x$have_systemd" != "xyes"; then : - - -pkg_failed=no -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for SYSTEMD_DAEMON" >&5 -$as_echo_n "checking for SYSTEMD_DAEMON... " >&6; } - -if test -n "$SYSTEMD_DAEMON_CFLAGS"; then - pkg_cv_SYSTEMD_DAEMON_CFLAGS="$SYSTEMD_DAEMON_CFLAGS" - elif test -n "$PKG_CONFIG"; then - if test -n "$PKG_CONFIG" && \ - { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"libsystemd-daemon\""; } >&5 - ($PKG_CONFIG --exists --print-errors "libsystemd-daemon") 2>&5 - ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 - test $ac_status = 0; }; then - pkg_cv_SYSTEMD_DAEMON_CFLAGS=`$PKG_CONFIG --cflags "libsystemd-daemon" 2>/dev/null` - test "x$?" != "x0" && pkg_failed=yes -else - pkg_failed=yes -fi - else - pkg_failed=untried -fi -if test -n "$SYSTEMD_DAEMON_LIBS"; then - pkg_cv_SYSTEMD_DAEMON_LIBS="$SYSTEMD_DAEMON_LIBS" - elif test -n "$PKG_CONFIG"; then - if test -n "$PKG_CONFIG" && \ - { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"libsystemd-daemon\""; } >&5 - ($PKG_CONFIG --exists --print-errors "libsystemd-daemon") 2>&5 - ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 - test $ac_status = 0; }; then - pkg_cv_SYSTEMD_DAEMON_LIBS=`$PKG_CONFIG --libs "libsystemd-daemon" 2>/dev/null` - test "x$?" != "x0" && pkg_failed=yes -else - pkg_failed=yes -fi - else - pkg_failed=untried -fi - - - -if test $pkg_failed = yes; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } - -if $PKG_CONFIG --atleast-pkgconfig-version 0.20; then - _pkg_short_errors_supported=yes -else - _pkg_short_errors_supported=no -fi - if test $_pkg_short_errors_supported = yes; then - SYSTEMD_DAEMON_PKG_ERRORS=`$PKG_CONFIG --short-errors --print-errors --cflags --libs "libsystemd-daemon" 2>&1` - else - SYSTEMD_DAEMON_PKG_ERRORS=`$PKG_CONFIG --print-errors --cflags --libs "libsystemd-daemon" 2>&1` - fi - # Put the nasty error message in config.log where it belongs - echo "$SYSTEMD_DAEMON_PKG_ERRORS" >&5 - - have_systemd_daemon=no -elif test $pkg_failed = untried; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } - have_systemd_daemon=no -else - SYSTEMD_DAEMON_CFLAGS=$pkg_cv_SYSTEMD_DAEMON_CFLAGS - SYSTEMD_DAEMON_LIBS=$pkg_cv_SYSTEMD_DAEMON_LIBS - { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 -$as_echo "yes" >&6; } - have_systemd_daemon=yes -fi - if test "x$have_systemd_daemon" = "xyes"; then : - have_systemd=yes -fi - -fi - case $enable_systemd:$have_systemd in #( - yes:no) : - as_fn_error $? "systemd enabled but libsystemd not found" "$LINENO" 5 ;; #( - *:yes) : - -$as_echo "#define HAVE_SYSTEMD 1" >>confdefs.h - - LIBS="$LIBS $SYSTEMD_LIBS" - - ;; #( - *) : - ;; -esac - - -fi - if test "x$have_systemd" = xyes; then - USE_SYSTEMD_TRUE= - USE_SYSTEMD_FALSE='#' -else - USE_SYSTEMD_TRUE='#' - USE_SYSTEMD_FALSE= -fi - - -# Include systemd.m4 - end - -# set lock checking if requested -# Check whether --enable-lock_checks was given. -if test "${enable_lock_checks+set}" = set; then : - enableval=$enable_lock_checks; -fi - -if test x_$enable_lock_checks = x_yes; then - -$as_echo "#define ENABLE_LOCK_CHECKS 1" >>confdefs.h - - CHECKLOCK_OBJ="checklocks.lo" - -fi - - -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for getaddrinfo" >&5 -$as_echo_n "checking for getaddrinfo... " >&6; } -ac_cv_func_getaddrinfo=no -cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - -#ifdef __cplusplus -extern "C" -{ -#endif -char* getaddrinfo(); -char* (*f) () = getaddrinfo; -#ifdef __cplusplus -} -#endif -int main() { - ; - return 0; -} - -_ACEOF -if ac_fn_c_try_link "$LINENO"; then : - ac_cv_func_getaddrinfo="yes" -if test "$ac_cv_header_windows_h" = "yes"; then - -$as_echo "#define USE_WINSOCK 1" >>confdefs.h - - USE_WINSOCK="1" - LIBS="$LIBS -lws2_32" -fi - -else - ORIGLIBS="$LIBS" -LIBS="$LIBS -lws2_32" -cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - -#ifdef HAVE_WS2TCPIP_H -#include -#endif - -int -main () -{ - - (void)getaddrinfo(NULL, NULL, NULL, NULL); - - - ; - return 0; -} -_ACEOF -if ac_fn_c_try_link "$LINENO"; then : - -ac_cv_func_getaddrinfo="yes" - -$as_echo "#define USE_WINSOCK 1" >>confdefs.h - -USE_WINSOCK="1" - -else - -ac_cv_func_getaddrinfo="no" -LIBS="$ORIGLIBS" - -fi -rm -f core conftest.err conftest.$ac_objext \ - conftest$ac_exeext conftest.$ac_ext - -fi -rm -f core conftest.err conftest.$ac_objext \ - conftest$ac_exeext conftest.$ac_ext - -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_func_getaddrinfo" >&5 -$as_echo "$ac_cv_func_getaddrinfo" >&6; } -if test $ac_cv_func_getaddrinfo = yes; then - -$as_echo "#define HAVE_GETADDRINFO 1" >>confdefs.h - -fi - -if test "$USE_WINSOCK" = 1; then - -$as_echo "#define UB_ON_WINDOWS 1" >>confdefs.h - - for ac_header in iphlpapi.h -do : - ac_fn_c_check_header_compile "$LINENO" "iphlpapi.h" "ac_cv_header_iphlpapi_h" "$ac_includes_default -#include - -" -if test "x$ac_cv_header_iphlpapi_h" = xyes; then : - cat >>confdefs.h <<_ACEOF -#define HAVE_IPHLPAPI_H 1 -_ACEOF - -fi - -done - - if test -n "$ac_tool_prefix"; then - # Extract the first word of "${ac_tool_prefix}windres", so it can be a program name with args. -set dummy ${ac_tool_prefix}windres; ac_word=$2 -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 -$as_echo_n "checking for $ac_word... " >&6; } -if ${ac_cv_prog_WINDRES+:} false; then : - $as_echo_n "(cached) " >&6 -else - if test -n "$WINDRES"; then - ac_cv_prog_WINDRES="$WINDRES" # Let the user override the test. -else -as_save_IFS=$IFS; IFS=$PATH_SEPARATOR -for as_dir in $PATH -do - IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. - for ac_exec_ext in '' $ac_executable_extensions; do - if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then - ac_cv_prog_WINDRES="${ac_tool_prefix}windres" - $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 - break 2 - fi -done - done -IFS=$as_save_IFS - -fi -fi -WINDRES=$ac_cv_prog_WINDRES -if test -n "$WINDRES"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $WINDRES" >&5 -$as_echo "$WINDRES" >&6; } -else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } -fi - - -fi -if test -z "$ac_cv_prog_WINDRES"; then - ac_ct_WINDRES=$WINDRES - # Extract the first word of "windres", so it can be a program name with args. -set dummy windres; ac_word=$2 -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 -$as_echo_n "checking for $ac_word... " >&6; } -if ${ac_cv_prog_ac_ct_WINDRES+:} false; then : - $as_echo_n "(cached) " >&6 -else - if test -n "$ac_ct_WINDRES"; then - ac_cv_prog_ac_ct_WINDRES="$ac_ct_WINDRES" # Let the user override the test. -else -as_save_IFS=$IFS; IFS=$PATH_SEPARATOR -for as_dir in $PATH -do - IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. - for ac_exec_ext in '' $ac_executable_extensions; do - if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then - ac_cv_prog_ac_ct_WINDRES="windres" - $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 - break 2 - fi -done - done -IFS=$as_save_IFS - -fi -fi -ac_ct_WINDRES=$ac_cv_prog_ac_ct_WINDRES -if test -n "$ac_ct_WINDRES"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_WINDRES" >&5 -$as_echo "$ac_ct_WINDRES" >&6; } -else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } -fi - - if test "x$ac_ct_WINDRES" = x; then - WINDRES="" - else - case $cross_compiling:$ac_tool_warned in -yes:) -{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 -$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} -ac_tool_warned=yes ;; -esac - WINDRES=$ac_ct_WINDRES - fi -else - WINDRES="$ac_cv_prog_WINDRES" -fi - - LIBS="$LIBS -liphlpapi" - WINAPPS="unbound-service-install.exe unbound-service-remove.exe anchor-update.exe" - - WIN_DAEMON_SRC="winrc/win_svc.c winrc/w_inst.c" - - WIN_DAEMON_OBJ="win_svc.lo w_inst.lo" - - WIN_DAEMON_OBJ_LINK="rsrc_unbound.o" - - WIN_HOST_OBJ_LINK="rsrc_unbound_host.o" - - WIN_UBANCHOR_OBJ_LINK="rsrc_unbound_anchor.o log.lo locks.lo" - - WIN_CONTROL_OBJ_LINK="rsrc_unbound_control.o" - - WIN_CHECKCONF_OBJ_LINK="rsrc_unbound_checkconf.o" - -fi -if test $ac_cv_func_getaddrinfo = no; then - case " $LIBOBJS " in - *" fake-rfc2553.$ac_objext "* ) ;; - *) LIBOBJS="$LIBOBJS fake-rfc2553.$ac_objext" - ;; -esac - -fi -# check after getaddrinfo for its libraries - -# check ioctlsocket -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for ioctlsocket" >&5 -$as_echo_n "checking for ioctlsocket... " >&6; } -cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - -#ifdef HAVE_WINSOCK2_H -#include -#endif - -int -main () -{ - - (void)ioctlsocket(0, 0, NULL); - - ; - return 0; -} -_ACEOF -if ac_fn_c_try_link "$LINENO"; then : - -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 -$as_echo "yes" >&6; } - -$as_echo "#define HAVE_IOCTLSOCKET 1" >>confdefs.h - - -else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } -fi -rm -f core conftest.err conftest.$ac_objext \ - conftest$ac_exeext conftest.$ac_ext - - -# see if daemon(3) exists, and if it is deprecated. -for ac_func in daemon -do : - ac_fn_c_check_func "$LINENO" "daemon" "ac_cv_func_daemon" -if test "x$ac_cv_func_daemon" = xyes; then : - cat >>confdefs.h <<_ACEOF -#define HAVE_DAEMON 1 -_ACEOF - -fi -done - -if test $ac_cv_func_daemon = yes; then - - -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if daemon is deprecated" >&5 -$as_echo_n "checking if daemon is deprecated... " >&6; } -cache=`echo daemon | sed 'y%.=/+-%___p_%'` -if eval \${cv_cc_deprecated_$cache+:} false; then : - $as_echo_n "(cached) " >&6 -else - -echo ' -#include -' >conftest.c -echo 'void f(){ (void)daemon(0, 0); }' >>conftest.c -if test -z "`$CC -c conftest.c 2>&1 | grep deprecated`"; then -eval "cv_cc_deprecated_$cache=no" -else -eval "cv_cc_deprecated_$cache=yes" -fi -rm -f conftest conftest.o conftest.c - -fi - -if eval "test \"`echo '$cv_cc_deprecated_'$cache`\" = yes"; then -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 -$as_echo "yes" >&6; } - -cat >>confdefs.h <<_ACEOF -#define DEPRECATED_DAEMON 1 -_ACEOF - -: - -else -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } -: - -fi - -fi - -ac_fn_c_check_member "$LINENO" "struct sockaddr_un" "sun_len" "ac_cv_member_struct_sockaddr_un_sun_len" " -$ac_includes_default -#ifdef HAVE_SYS_UN_H -#include -#endif - -" -if test "x$ac_cv_member_struct_sockaddr_un_sun_len" = xyes; then : - -cat >>confdefs.h <<_ACEOF -#define HAVE_STRUCT_SOCKADDR_UN_SUN_LEN 1 -_ACEOF - - -fi - -ac_fn_c_check_member "$LINENO" "struct in_pktinfo" "ipi_spec_dst" "ac_cv_member_struct_in_pktinfo_ipi_spec_dst" " -$ac_includes_default -#if HAVE_SYS_PARAM_H -#include -#endif - -#ifdef HAVE_SYS_SOCKET_H -#include -#endif - -#ifdef HAVE_SYS_UIO_H -#include -#endif - -#ifdef HAVE_NETINET_IN_H -#include -#endif - -#ifdef HAVE_NETINET_TCP_H -#include -#endif - -#ifdef HAVE_ARPA_INET_H -#include -#endif - -#ifdef HAVE_WINSOCK2_H -#include -#endif - -#ifdef HAVE_WS2TCPIP_H -#include -#endif - -" -if test "x$ac_cv_member_struct_in_pktinfo_ipi_spec_dst" = xyes; then : - -cat >>confdefs.h <<_ACEOF -#define HAVE_STRUCT_IN_PKTINFO_IPI_SPEC_DST 1 -_ACEOF - - -fi - -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing setusercontext" >&5 -$as_echo_n "checking for library containing setusercontext... " >&6; } -if ${ac_cv_search_setusercontext+:} false; then : - $as_echo_n "(cached) " >&6 -else - ac_func_search_save_LIBS=$LIBS -cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char setusercontext (); -int -main () -{ -return setusercontext (); - ; - return 0; -} -_ACEOF -for ac_lib in '' util; do - if test -z "$ac_lib"; then - ac_res="none required" - else - ac_res=-l$ac_lib - LIBS="-l$ac_lib $ac_func_search_save_LIBS" - fi - if ac_fn_c_try_link "$LINENO"; then : - ac_cv_search_setusercontext=$ac_res -fi -rm -f core conftest.err conftest.$ac_objext \ - conftest$ac_exeext - if ${ac_cv_search_setusercontext+:} false; then : - break -fi -done -if ${ac_cv_search_setusercontext+:} false; then : - -else - ac_cv_search_setusercontext=no -fi -rm conftest.$ac_ext -LIBS=$ac_func_search_save_LIBS -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_setusercontext" >&5 -$as_echo "$ac_cv_search_setusercontext" >&6; } -ac_res=$ac_cv_search_setusercontext -if test "$ac_res" != no; then : - test "$ac_res" = "none required" || LIBS="$ac_res $LIBS" - -fi - -for ac_func in tzset sigprocmask fcntl getpwnam endpwent getrlimit setrlimit setsid chroot kill chown sleep usleep random srandom recvmsg sendmsg writev socketpair glob initgroups strftime localtime_r setusercontext _beginthreadex endservent endprotoent fsync shmget -do : - as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` -ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" -if eval test \"x\$"$as_ac_var"\" = x"yes"; then : - cat >>confdefs.h <<_ACEOF -#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 -_ACEOF - -fi -done - -for ac_func in setresuid -do : - ac_fn_c_check_func "$LINENO" "setresuid" "ac_cv_func_setresuid" -if test "x$ac_cv_func_setresuid" = xyes; then : - cat >>confdefs.h <<_ACEOF -#define HAVE_SETRESUID 1 -_ACEOF - -else - for ac_func in setreuid -do : - ac_fn_c_check_func "$LINENO" "setreuid" "ac_cv_func_setreuid" -if test "x$ac_cv_func_setreuid" = xyes; then : - cat >>confdefs.h <<_ACEOF -#define HAVE_SETREUID 1 -_ACEOF - -fi -done - -fi -done - -for ac_func in setresgid -do : - ac_fn_c_check_func "$LINENO" "setresgid" "ac_cv_func_setresgid" -if test "x$ac_cv_func_setresgid" = xyes; then : - cat >>confdefs.h <<_ACEOF -#define HAVE_SETRESGID 1 -_ACEOF - -else - for ac_func in setregid -do : - ac_fn_c_check_func "$LINENO" "setregid" "ac_cv_func_setregid" -if test "x$ac_cv_func_setregid" = xyes; then : - cat >>confdefs.h <<_ACEOF -#define HAVE_SETREGID 1 -_ACEOF - -fi -done - -fi -done - - -# check if setreuid en setregid fail, on MacOSX10.4(darwin8). -if echo $build_os | grep darwin8 > /dev/null; then - -$as_echo "#define DARWIN_BROKEN_SETREUID 1" >>confdefs.h - -fi -ac_fn_c_check_decl "$LINENO" "inet_pton" "ac_cv_have_decl_inet_pton" " -$ac_includes_default -#ifdef HAVE_NETINET_IN_H -#include -#endif - -#ifdef HAVE_NETINET_TCP_H -#include -#endif - -#ifdef HAVE_ARPA_INET_H -#include -#endif - -#ifdef HAVE_WINSOCK2_H -#include -#endif - -#ifdef HAVE_WS2TCPIP_H -#include -#endif - -" -if test "x$ac_cv_have_decl_inet_pton" = xyes; then : - ac_have_decl=1 -else - ac_have_decl=0 -fi - -cat >>confdefs.h <<_ACEOF -#define HAVE_DECL_INET_PTON $ac_have_decl -_ACEOF -ac_fn_c_check_decl "$LINENO" "inet_ntop" "ac_cv_have_decl_inet_ntop" " -$ac_includes_default -#ifdef HAVE_NETINET_IN_H -#include -#endif - -#ifdef HAVE_NETINET_TCP_H -#include -#endif - -#ifdef HAVE_ARPA_INET_H -#include -#endif - -#ifdef HAVE_WINSOCK2_H -#include -#endif - -#ifdef HAVE_WS2TCPIP_H -#include -#endif - -" -if test "x$ac_cv_have_decl_inet_ntop" = xyes; then : - ac_have_decl=1 -else - ac_have_decl=0 -fi - -cat >>confdefs.h <<_ACEOF -#define HAVE_DECL_INET_NTOP $ac_have_decl -_ACEOF - -ac_fn_c_check_func "$LINENO" "inet_aton" "ac_cv_func_inet_aton" -if test "x$ac_cv_func_inet_aton" = xyes; then : - $as_echo "#define HAVE_INET_ATON 1" >>confdefs.h - -else - case " $LIBOBJS " in - *" inet_aton.$ac_objext "* ) ;; - *) LIBOBJS="$LIBOBJS inet_aton.$ac_objext" - ;; -esac - -fi - - -ac_fn_c_check_func "$LINENO" "inet_pton" "ac_cv_func_inet_pton" -if test "x$ac_cv_func_inet_pton" = xyes; then : - $as_echo "#define HAVE_INET_PTON 1" >>confdefs.h - -else - case " $LIBOBJS " in - *" inet_pton.$ac_objext "* ) ;; - *) LIBOBJS="$LIBOBJS inet_pton.$ac_objext" - ;; -esac - -fi - - -ac_fn_c_check_func "$LINENO" "inet_ntop" "ac_cv_func_inet_ntop" -if test "x$ac_cv_func_inet_ntop" = xyes; then : - $as_echo "#define HAVE_INET_NTOP 1" >>confdefs.h - -else - case " $LIBOBJS " in - *" inet_ntop.$ac_objext "* ) ;; - *) LIBOBJS="$LIBOBJS inet_ntop.$ac_objext" - ;; -esac - -fi - - -ac_fn_c_check_func "$LINENO" "snprintf" "ac_cv_func_snprintf" -if test "x$ac_cv_func_snprintf" = xyes; then : - $as_echo "#define HAVE_SNPRINTF 1" >>confdefs.h - -else - case " $LIBOBJS " in - *" snprintf.$ac_objext "* ) ;; - *) LIBOBJS="$LIBOBJS snprintf.$ac_objext" - ;; -esac - -fi - - -# test if snprintf return the proper length -if test "x$ac_cv_func_snprintf" = xyes; then - if test c${cross_compiling} = cno; then - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for correct snprintf return value" >&5 -$as_echo_n "checking for correct snprintf return value... " >&6; } - if test "$cross_compiling" = yes; then : - { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 -$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} -as_fn_error $? "cannot run test program while cross compiling -See \`config.log' for more details" "$LINENO" 5; } -else - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -$ac_includes_default - -int main(void) { return !(snprintf(NULL, 0, "test") == 4); } - -_ACEOF -if ac_fn_c_try_run "$LINENO"; then : - { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 -$as_echo "yes" >&6; } -else - - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } - -$as_echo "#define SNPRINTF_RET_BROKEN /**/" >>confdefs.h - - case " $LIBOBJS " in - *" snprintf.$ac_objext "* ) ;; - *) LIBOBJS="$LIBOBJS snprintf.$ac_objext" - ;; -esac - - -fi -rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ - conftest.$ac_objext conftest.beam conftest.$ac_ext -fi - - fi -fi -ac_fn_c_check_func "$LINENO" "strlcat" "ac_cv_func_strlcat" -if test "x$ac_cv_func_strlcat" = xyes; then : - $as_echo "#define HAVE_STRLCAT 1" >>confdefs.h - -else - case " $LIBOBJS " in - *" strlcat.$ac_objext "* ) ;; - *) LIBOBJS="$LIBOBJS strlcat.$ac_objext" - ;; -esac - -fi - - -ac_fn_c_check_func "$LINENO" "strlcpy" "ac_cv_func_strlcpy" -if test "x$ac_cv_func_strlcpy" = xyes; then : - $as_echo "#define HAVE_STRLCPY 1" >>confdefs.h - -else - case " $LIBOBJS " in - *" strlcpy.$ac_objext "* ) ;; - *) LIBOBJS="$LIBOBJS strlcpy.$ac_objext" - ;; -esac - -fi - - -ac_fn_c_check_func "$LINENO" "memmove" "ac_cv_func_memmove" -if test "x$ac_cv_func_memmove" = xyes; then : - $as_echo "#define HAVE_MEMMOVE 1" >>confdefs.h - -else - case " $LIBOBJS " in - *" memmove.$ac_objext "* ) ;; - *) LIBOBJS="$LIBOBJS memmove.$ac_objext" - ;; -esac - -fi - - -ac_fn_c_check_func "$LINENO" "gmtime_r" "ac_cv_func_gmtime_r" -if test "x$ac_cv_func_gmtime_r" = xyes; then : - $as_echo "#define HAVE_GMTIME_R 1" >>confdefs.h - -else - case " $LIBOBJS " in - *" gmtime_r.$ac_objext "* ) ;; - *) LIBOBJS="$LIBOBJS gmtime_r.$ac_objext" - ;; -esac - -fi - - -ac_fn_c_check_func "$LINENO" "isblank" "ac_cv_func_isblank" -if test "x$ac_cv_func_isblank" = xyes; then : - $as_echo "#define HAVE_ISBLANK 1" >>confdefs.h - -else - case " $LIBOBJS " in - *" isblank.$ac_objext "* ) ;; - *) LIBOBJS="$LIBOBJS isblank.$ac_objext" - ;; -esac - -fi - - -LIBOBJ_WITHOUT_CTIMEARC4="$LIBOBJS" - -ac_fn_c_check_func "$LINENO" "reallocarray" "ac_cv_func_reallocarray" -if test "x$ac_cv_func_reallocarray" = xyes; then : - $as_echo "#define HAVE_REALLOCARRAY 1" >>confdefs.h - -else - case " $LIBOBJS " in - *" reallocarray.$ac_objext "* ) ;; - *) LIBOBJS="$LIBOBJS reallocarray.$ac_objext" - ;; -esac - -fi - - -if test "$USE_NSS" = "no"; then - ac_fn_c_check_func "$LINENO" "arc4random" "ac_cv_func_arc4random" -if test "x$ac_cv_func_arc4random" = xyes; then : - $as_echo "#define HAVE_ARC4RANDOM 1" >>confdefs.h - -else - case " $LIBOBJS " in - *" arc4random.$ac_objext "* ) ;; - *) LIBOBJS="$LIBOBJS arc4random.$ac_objext" - ;; -esac - -fi - - - ac_fn_c_check_func "$LINENO" "arc4random_uniform" "ac_cv_func_arc4random_uniform" -if test "x$ac_cv_func_arc4random_uniform" = xyes; then : - $as_echo "#define HAVE_ARC4RANDOM_UNIFORM 1" >>confdefs.h - -else - case " $LIBOBJS " in - *" arc4random_uniform.$ac_objext "* ) ;; - *) LIBOBJS="$LIBOBJS arc4random_uniform.$ac_objext" - ;; -esac - -fi - - - if test "$ac_cv_func_arc4random" = "no"; then - case " $LIBOBJS " in - *" explicit_bzero.$ac_objext "* ) ;; - *) LIBOBJS="$LIBOBJS explicit_bzero.$ac_objext" - ;; -esac - - case " $LIBOBJS " in - *" arc4_lock.$ac_objext "* ) ;; - *) LIBOBJS="$LIBOBJS arc4_lock.$ac_objext" - ;; -esac - - for ac_func in getentropy -do : - ac_fn_c_check_func "$LINENO" "getentropy" "ac_cv_func_getentropy" -if test "x$ac_cv_func_getentropy" = xyes; then : - cat >>confdefs.h <<_ACEOF -#define HAVE_GETENTROPY 1 -_ACEOF - -else - - if test "$USE_WINSOCK" = 1; then - case " $LIBOBJS " in - *" getentropy_win.$ac_objext "* ) ;; - *) LIBOBJS="$LIBOBJS getentropy_win.$ac_objext" - ;; -esac - - else - case "$host" in - Darwin|*darwin*) - case " $LIBOBJS " in - *" getentropy_osx.$ac_objext "* ) ;; - *) LIBOBJS="$LIBOBJS getentropy_osx.$ac_objext" - ;; -esac - - ;; - *solaris*|*sunos*|SunOS) - case " $LIBOBJS " in - *" getentropy_solaris.$ac_objext "* ) ;; - *) LIBOBJS="$LIBOBJS getentropy_solaris.$ac_objext" - ;; -esac - - for ac_header in sys/sha2.h -do : - ac_fn_c_check_header_compile "$LINENO" "sys/sha2.h" "ac_cv_header_sys_sha2_h" "$ac_includes_default -" -if test "x$ac_cv_header_sys_sha2_h" = xyes; then : - cat >>confdefs.h <<_ACEOF -#define HAVE_SYS_SHA2_H 1 -_ACEOF - -else - - for ac_func in SHA512_Update -do : - ac_fn_c_check_func "$LINENO" "SHA512_Update" "ac_cv_func_SHA512_Update" -if test "x$ac_cv_func_SHA512_Update" = xyes; then : - cat >>confdefs.h <<_ACEOF -#define HAVE_SHA512_UPDATE 1 -_ACEOF - -else - - case " $LIBOBJS " in - *" sha512.$ac_objext "* ) ;; - *) LIBOBJS="$LIBOBJS sha512.$ac_objext" - ;; -esac - - -fi -done - - -fi - -done - - if test "$ac_cv_header_sys_sha2_h" = "yes"; then - # this lib needed for sha2 on solaris - LIBS="$LIBS -lmd" - fi - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing clock_gettime" >&5 -$as_echo_n "checking for library containing clock_gettime... " >&6; } -if ${ac_cv_search_clock_gettime+:} false; then : - $as_echo_n "(cached) " >&6 -else - ac_func_search_save_LIBS=$LIBS -cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char clock_gettime (); -int -main () -{ -return clock_gettime (); - ; - return 0; -} -_ACEOF -for ac_lib in '' rt; do - if test -z "$ac_lib"; then - ac_res="none required" - else - ac_res=-l$ac_lib - LIBS="-l$ac_lib $ac_func_search_save_LIBS" - fi - if ac_fn_c_try_link "$LINENO"; then : - ac_cv_search_clock_gettime=$ac_res -fi -rm -f core conftest.err conftest.$ac_objext \ - conftest$ac_exeext - if ${ac_cv_search_clock_gettime+:} false; then : - break -fi -done -if ${ac_cv_search_clock_gettime+:} false; then : - -else - ac_cv_search_clock_gettime=no -fi -rm conftest.$ac_ext -LIBS=$ac_func_search_save_LIBS -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_clock_gettime" >&5 -$as_echo "$ac_cv_search_clock_gettime" >&6; } -ac_res=$ac_cv_search_clock_gettime -if test "$ac_res" != no; then : - test "$ac_res" = "none required" || LIBS="$ac_res $LIBS" - -fi - - ;; - *linux*|Linux|*) - case " $LIBOBJS " in - *" getentropy_linux.$ac_objext "* ) ;; - *) LIBOBJS="$LIBOBJS getentropy_linux.$ac_objext" - ;; -esac - - for ac_func in SHA512_Update -do : - ac_fn_c_check_func "$LINENO" "SHA512_Update" "ac_cv_func_SHA512_Update" -if test "x$ac_cv_func_SHA512_Update" = xyes; then : - cat >>confdefs.h <<_ACEOF -#define HAVE_SHA512_UPDATE 1 -_ACEOF - -else - - -$as_echo "#define COMPAT_SHA512 1" >>confdefs.h - - case " $LIBOBJS " in - *" sha512.$ac_objext "* ) ;; - *) LIBOBJS="$LIBOBJS sha512.$ac_objext" - ;; -esac - - -fi -done - - for ac_header in sys/sysctl.h -do : - ac_fn_c_check_header_compile "$LINENO" "sys/sysctl.h" "ac_cv_header_sys_sysctl_h" "$ac_includes_default -" -if test "x$ac_cv_header_sys_sysctl_h" = xyes; then : - cat >>confdefs.h <<_ACEOF -#define HAVE_SYS_SYSCTL_H 1 -_ACEOF - -fi - -done - - for ac_func in getauxval -do : - ac_fn_c_check_func "$LINENO" "getauxval" "ac_cv_func_getauxval" -if test "x$ac_cv_func_getauxval" = xyes; then : - cat >>confdefs.h <<_ACEOF -#define HAVE_GETAUXVAL 1 -_ACEOF - -fi -done - - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing clock_gettime" >&5 -$as_echo_n "checking for library containing clock_gettime... " >&6; } -if ${ac_cv_search_clock_gettime+:} false; then : - $as_echo_n "(cached) " >&6 -else - ac_func_search_save_LIBS=$LIBS -cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char clock_gettime (); -int -main () -{ -return clock_gettime (); - ; - return 0; -} -_ACEOF -for ac_lib in '' rt; do - if test -z "$ac_lib"; then - ac_res="none required" - else - ac_res=-l$ac_lib - LIBS="-l$ac_lib $ac_func_search_save_LIBS" - fi - if ac_fn_c_try_link "$LINENO"; then : - ac_cv_search_clock_gettime=$ac_res -fi -rm -f core conftest.err conftest.$ac_objext \ - conftest$ac_exeext - if ${ac_cv_search_clock_gettime+:} false; then : - break -fi -done -if ${ac_cv_search_clock_gettime+:} false; then : - -else - ac_cv_search_clock_gettime=no -fi -rm conftest.$ac_ext -LIBS=$ac_func_search_save_LIBS -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_clock_gettime" >&5 -$as_echo "$ac_cv_search_clock_gettime" >&6; } -ac_res=$ac_cv_search_clock_gettime -if test "$ac_res" != no; then : - test "$ac_res" = "none required" || LIBS="$ac_res $LIBS" - -fi - - ;; - esac - fi - -fi -done - - fi -fi -LIBOBJ_WITHOUT_CTIME="$LIBOBJS" - -ac_fn_c_check_func "$LINENO" "ctime_r" "ac_cv_func_ctime_r" -if test "x$ac_cv_func_ctime_r" = xyes; then : - $as_echo "#define HAVE_CTIME_R 1" >>confdefs.h - -else - case " $LIBOBJS " in - *" ctime_r.$ac_objext "* ) ;; - *) LIBOBJS="$LIBOBJS ctime_r.$ac_objext" - ;; -esac - -fi - - -ac_fn_c_check_func "$LINENO" "strsep" "ac_cv_func_strsep" -if test "x$ac_cv_func_strsep" = xyes; then : - $as_echo "#define HAVE_STRSEP 1" >>confdefs.h - -else - case " $LIBOBJS " in - *" strsep.$ac_objext "* ) ;; - *) LIBOBJS="$LIBOBJS strsep.$ac_objext" - ;; -esac - -fi - - - -# Check whether --enable-allsymbols was given. -if test "${enable_allsymbols+set}" = set; then : - enableval=$enable_allsymbols; -fi - -case "$enable_allsymbols" in - yes) - COMMON_OBJ_ALL_SYMBOLS="" - UBSYMS="" - EXTRALINK="-L. -L.libs -lunbound" - -$as_echo "#define EXPORT_ALL_SYMBOLS 1" >>confdefs.h - - ;; - no|*) - COMMON_OBJ_ALL_SYMBOLS='$(COMMON_OBJ)' - UBSYMS='-export-symbols $(srcdir)/libunbound/ubsyms.def' - EXTRALINK="" - ;; -esac - - - -if test x_$enable_lock_checks = x_yes; then - UBSYMS="-export-symbols clubsyms.def" - cp ${srcdir}/libunbound/ubsyms.def clubsyms.def - echo lock_protect >> clubsyms.def - echo lock_unprotect >> clubsyms.def - echo lock_get_mem >> clubsyms.def - echo checklock_start >> clubsyms.def - echo checklock_stop >> clubsyms.def - echo checklock_lock >> clubsyms.def - echo checklock_unlock >> clubsyms.def - echo checklock_init >> clubsyms.def - echo checklock_thrcreate >> clubsyms.def - echo checklock_thrjoin >> clubsyms.def -fi - -# check for dnstap if requested - - # Check whether --enable-dnstap was given. -if test "${enable_dnstap+set}" = set; then : - enableval=$enable_dnstap; opt_dnstap=$enableval -else - opt_dnstap=no -fi - - - -# Check whether --with-dnstap-socket-path was given. -if test "${with_dnstap_socket_path+set}" = set; then : - withval=$with_dnstap_socket_path; opt_dnstap_socket_path=$withval -else - opt_dnstap_socket_path="$UNBOUND_RUN_DIR/dnstap.sock" -fi - - - if test "x$opt_dnstap" != "xno"; then - # Extract the first word of "protoc-c", so it can be a program name with args. -set dummy protoc-c; ac_word=$2 -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 -$as_echo_n "checking for $ac_word... " >&6; } -if ${ac_cv_path_PROTOC_C+:} false; then : - $as_echo_n "(cached) " >&6 -else - case $PROTOC_C in - [\\/]* | ?:[\\/]*) - ac_cv_path_PROTOC_C="$PROTOC_C" # Let the user override the test with a path. - ;; - *) - as_save_IFS=$IFS; IFS=$PATH_SEPARATOR -for as_dir in $PATH -do - IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. - for ac_exec_ext in '' $ac_executable_extensions; do - if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then - ac_cv_path_PROTOC_C="$as_dir/$ac_word$ac_exec_ext" - $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 - break 2 - fi -done - done -IFS=$as_save_IFS - - ;; -esac -fi -PROTOC_C=$ac_cv_path_PROTOC_C -if test -n "$PROTOC_C"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $PROTOC_C" >&5 -$as_echo "$PROTOC_C" >&6; } -else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } -fi - - - if test -z "$PROTOC_C"; then - as_fn_error $? "The protoc-c program was not found. Please install protobuf-c!" "$LINENO" 5 - fi - -# Check whether --with-protobuf-c was given. -if test "${with_protobuf_c+set}" = set; then : - withval=$with_protobuf_c; - # workaround for protobuf-c includes at old dir before protobuf-c-1.0.0 - if test -f $withval/include/google/protobuf-c/protobuf-c.h; then - CFLAGS="$CFLAGS -I$withval/include/google" - else - CFLAGS="$CFLAGS -I$withval/include" - fi - LDFLAGS="$LDFLAGS -L$withval/lib" - -else - - # workaround for protobuf-c includes at old dir before protobuf-c-1.0.0 - if test -f /usr/include/google/protobuf-c/protobuf-c.h; then - CFLAGS="$CFLAGS -I/usr/include/google" - else - if test -f /usr/local/include/google/protobuf-c/protobuf-c.h; then - CFLAGS="$CFLAGS -I/usr/local/include/google" - LDFLAGS="$LDFLAGS -L/usr/local/lib" - fi - fi - -fi - - -# Check whether --with-libfstrm was given. -if test "${with_libfstrm+set}" = set; then : - withval=$with_libfstrm; - CFLAGS="$CFLAGS -I$withval/include" - LDFLAGS="$LDFLAGS -L$withval/lib" - -fi - - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing fstrm_iothr_init" >&5 -$as_echo_n "checking for library containing fstrm_iothr_init... " >&6; } -if ${ac_cv_search_fstrm_iothr_init+:} false; then : - $as_echo_n "(cached) " >&6 -else - ac_func_search_save_LIBS=$LIBS -cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char fstrm_iothr_init (); -int -main () -{ -return fstrm_iothr_init (); - ; - return 0; -} -_ACEOF -for ac_lib in '' fstrm; do - if test -z "$ac_lib"; then - ac_res="none required" - else - ac_res=-l$ac_lib - LIBS="-l$ac_lib $ac_func_search_save_LIBS" - fi - if ac_fn_c_try_link "$LINENO"; then : - ac_cv_search_fstrm_iothr_init=$ac_res -fi -rm -f core conftest.err conftest.$ac_objext \ - conftest$ac_exeext - if ${ac_cv_search_fstrm_iothr_init+:} false; then : - break -fi -done -if ${ac_cv_search_fstrm_iothr_init+:} false; then : - -else - ac_cv_search_fstrm_iothr_init=no -fi -rm conftest.$ac_ext -LIBS=$ac_func_search_save_LIBS -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_fstrm_iothr_init" >&5 -$as_echo "$ac_cv_search_fstrm_iothr_init" >&6; } -ac_res=$ac_cv_search_fstrm_iothr_init -if test "$ac_res" != no; then : - test "$ac_res" = "none required" || LIBS="$ac_res $LIBS" - -else - as_fn_error $? "The fstrm library was not found. Please install fstrm!" "$LINENO" 5 -fi - - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing protobuf_c_message_pack" >&5 -$as_echo_n "checking for library containing protobuf_c_message_pack... " >&6; } -if ${ac_cv_search_protobuf_c_message_pack+:} false; then : - $as_echo_n "(cached) " >&6 -else - ac_func_search_save_LIBS=$LIBS -cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char protobuf_c_message_pack (); -int -main () -{ -return protobuf_c_message_pack (); - ; - return 0; -} -_ACEOF -for ac_lib in '' protobuf-c; do - if test -z "$ac_lib"; then - ac_res="none required" - else - ac_res=-l$ac_lib - LIBS="-l$ac_lib $ac_func_search_save_LIBS" - fi - if ac_fn_c_try_link "$LINENO"; then : - ac_cv_search_protobuf_c_message_pack=$ac_res -fi -rm -f core conftest.err conftest.$ac_objext \ - conftest$ac_exeext - if ${ac_cv_search_protobuf_c_message_pack+:} false; then : - break -fi -done -if ${ac_cv_search_protobuf_c_message_pack+:} false; then : - -else - ac_cv_search_protobuf_c_message_pack=no -fi -rm conftest.$ac_ext -LIBS=$ac_func_search_save_LIBS -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_protobuf_c_message_pack" >&5 -$as_echo "$ac_cv_search_protobuf_c_message_pack" >&6; } -ac_res=$ac_cv_search_protobuf_c_message_pack -if test "$ac_res" != no; then : - test "$ac_res" = "none required" || LIBS="$ac_res $LIBS" - -else - as_fn_error $? "The protobuf-c library was not found. Please install protobuf-c!" "$LINENO" 5 -fi - - - -$as_echo "#define USE_DNSTAP 1" >>confdefs.h - - ENABLE_DNSTAP=1 - - - - hdr_dnstap_socket_path="`echo $opt_dnstap_socket_path | sed -e 's/\\\\/\\\\\\\\/g'`" - - -cat >>confdefs.h <<_ACEOF -#define DNSTAP_SOCKET_PATH "$hdr_dnstap_socket_path" -_ACEOF - - - DNSTAP_SRC="dnstap/dnstap.c dnstap/dnstap.pb-c.c" - - DNSTAP_OBJ="dnstap.lo dnstap.pb-c.lo" - - - else - - ENABLE_DNSTAP=0 - - - - fi - - -# check for dnscrypt if requested - - # Check whether --enable-dnscrypt was given. -if test "${enable_dnscrypt+set}" = set; then : - enableval=$enable_dnscrypt; opt_dnscrypt=$enableval -else - opt_dnscrypt=no -fi - - - if test "x$opt_dnscrypt" != "xno"; then - -# Check whether --with-libsodium was given. -if test "${with_libsodium+set}" = set; then : - withval=$with_libsodium; - CFLAGS="$CFLAGS -I$withval/include" - LDFLAGS="$LDFLAGS -L$withval/lib" - -fi - - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing sodium_init" >&5 -$as_echo_n "checking for library containing sodium_init... " >&6; } -if ${ac_cv_search_sodium_init+:} false; then : - $as_echo_n "(cached) " >&6 -else - ac_func_search_save_LIBS=$LIBS -cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char sodium_init (); -int -main () -{ -return sodium_init (); - ; - return 0; -} -_ACEOF -for ac_lib in '' sodium; do - if test -z "$ac_lib"; then - ac_res="none required" - else - ac_res=-l$ac_lib - LIBS="-l$ac_lib $ac_func_search_save_LIBS" - fi - if ac_fn_c_try_link "$LINENO"; then : - ac_cv_search_sodium_init=$ac_res -fi -rm -f core conftest.err conftest.$ac_objext \ - conftest$ac_exeext - if ${ac_cv_search_sodium_init+:} false; then : - break -fi -done -if ${ac_cv_search_sodium_init+:} false; then : - -else - ac_cv_search_sodium_init=no -fi -rm conftest.$ac_ext -LIBS=$ac_func_search_save_LIBS -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_sodium_init" >&5 -$as_echo "$ac_cv_search_sodium_init" >&6; } -ac_res=$ac_cv_search_sodium_init -if test "$ac_res" != no; then : - test "$ac_res" = "none required" || LIBS="$ac_res $LIBS" - -else - as_fn_error $? "The sodium library was not found. Please install sodium!" "$LINENO" 5 -fi - - - -$as_echo "#define USE_DNSCRYPT 1" >>confdefs.h - - ENABLE_DNSCRYPT=1 - - - DNSCRYPT_SRC="dnscrypt/dnscrypt.c" - - DNSCRYPT_OBJ="dnscrypt.lo" - - - else - - ENABLE_DNSCRYPT=0 - - - - fi - - -# check for cachedb if requested -# Check whether --enable-cachedb was given. -if test "${enable_cachedb+set}" = set; then : - enableval=$enable_cachedb; -fi - -case "$enable_cachedb" in - yes) - -$as_echo "#define USE_CACHEDB 1" >>confdefs.h - - ;; - no|*) - # nothing - ;; -esac - -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if ${MAKE:-make} supports $< with implicit rule in scope" >&5 -$as_echo_n "checking if ${MAKE:-make} supports $< with implicit rule in scope... " >&6; } -# on openBSD, the implicit rule make $< work. -# on Solaris, it does not work ($? is changed sources, $^ lists dependencies). -# gmake works. -cat >conftest.make </dev/null -rm -f conftest.make conftest.c conftest.dir/conftest.c -rm -rf conftest.dir -if test ! -f conftest.lo; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } - SOURCEDETERMINE='echo "$^" | awk "-F " "{print \$$1;}" > .source' - SOURCEFILE='`cat .source`' -else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 -$as_echo "yes" >&6; } - SOURCEDETERMINE=':' - SOURCEFILE='$<' -fi -rm -f conftest.lo - - - -# see if we want to build the library or everything -ALLTARGET="alltargets" -INSTALLTARGET="install-all" - -# Check whether --with-libunbound-only was given. -if test "${with_libunbound_only+set}" = set; then : - withval=$with_libunbound_only; - if test "$withval" = "yes"; then - ALLTARGET="lib" - INSTALLTARGET="install-lib" - fi - -fi - - - - - - { $as_echo "$as_me:${as_lineno-$LINENO}: Stripping extension flags..." >&5 -$as_echo "$as_me: Stripping extension flags..." >&6;} - - if echo $CFLAGS | grep " -D_GNU_SOURCE" >/dev/null 2>&1; then - CFLAGS="`echo $CFLAGS | sed -e 's/ -D_GNU_SOURCE//g'`" - -$as_echo "#define OMITTED__D_GNU_SOURCE 1" >>confdefs.h - - fi - - - if echo $CFLAGS | grep " -D_BSD_SOURCE" >/dev/null 2>&1; then - CFLAGS="`echo $CFLAGS | sed -e 's/ -D_BSD_SOURCE//g'`" - -$as_echo "#define OMITTED__D_BSD_SOURCE 1" >>confdefs.h - - fi - - - if echo $CFLAGS | grep " -D_DEFAULT_SOURCE" >/dev/null 2>&1; then - CFLAGS="`echo $CFLAGS | sed -e 's/ -D_DEFAULT_SOURCE//g'`" - -$as_echo "#define OMITTED__D_DEFAULT_SOURCE 1" >>confdefs.h - - fi - - - if echo $CFLAGS | grep " -D__EXTENSIONS__" >/dev/null 2>&1; then - CFLAGS="`echo $CFLAGS | sed -e 's/ -D__EXTENSIONS__//g'`" - -$as_echo "#define OMITTED__D__EXTENSIONS__ 1" >>confdefs.h - - fi - - - if echo $CFLAGS | grep " -D_POSIX_C_SOURCE=200112" >/dev/null 2>&1; then - CFLAGS="`echo $CFLAGS | sed -e 's/ -D_POSIX_C_SOURCE=200112//g'`" - -$as_echo "#define OMITTED__D_POSIX_C_SOURCE_200112 1" >>confdefs.h - - fi - - - if echo $CFLAGS | grep " -D_XOPEN_SOURCE=600" >/dev/null 2>&1; then - CFLAGS="`echo $CFLAGS | sed -e 's/ -D_XOPEN_SOURCE=600//g'`" - -$as_echo "#define OMITTED__D_XOPEN_SOURCE_600 1" >>confdefs.h - - fi - - - if echo $CFLAGS | grep " -D_XOPEN_SOURCE_EXTENDED=1" >/dev/null 2>&1; then - CFLAGS="`echo $CFLAGS | sed -e 's/ -D_XOPEN_SOURCE_EXTENDED=1//g'`" - -$as_echo "#define OMITTED__D_XOPEN_SOURCE_EXTENDED_1 1" >>confdefs.h - - fi - - - if echo $CFLAGS | grep " -D_ALL_SOURCE" >/dev/null 2>&1; then - CFLAGS="`echo $CFLAGS | sed -e 's/ -D_ALL_SOURCE//g'`" - -$as_echo "#define OMITTED__D_ALL_SOURCE 1" >>confdefs.h - - fi - - - if echo $CFLAGS | grep " -D_LARGEFILE_SOURCE=1" >/dev/null 2>&1; then - CFLAGS="`echo $CFLAGS | sed -e 's/ -D_LARGEFILE_SOURCE=1//g'`" - -$as_echo "#define OMITTED__D_LARGEFILE_SOURCE_1 1" >>confdefs.h - - fi - - -LDFLAGS="$LATE_LDFLAGS $LDFLAGS" - - -cat >>confdefs.h <<_ACEOF -#define MAXSYSLOGMSGLEN 10240 -_ACEOF - - - - -version=1.6.3 - -date=`date +'%b %e, %Y'` - - -ac_config_files="$ac_config_files Makefile doc/example.conf doc/libunbound.3 doc/unbound.8 doc/unbound-anchor.8 doc/unbound-checkconf.8 doc/unbound.conf.5 doc/unbound-control.8 doc/unbound-host.1 smallapp/unbound-control-setup.sh dnstap/dnstap_config.h dnscrypt/dnscrypt_config.h contrib/libunbound.pc contrib/unbound.socket contrib/unbound.service" - -ac_config_headers="$ac_config_headers config.h" - -cat >confcache <<\_ACEOF -# This file is a shell script that caches the results of configure -# tests run on this system so they can be shared between configure -# scripts and configure runs, see configure's option --config-cache. -# It is not useful on other systems. If it contains results you don't -# want to keep, you may remove or edit it. -# -# config.status only pays attention to the cache file if you give it -# the --recheck option to rerun configure. -# -# `ac_cv_env_foo' variables (set or unset) will be overridden when -# loading this file, other *unset* `ac_cv_foo' will be assigned the -# following values. - -_ACEOF - -# The following way of writing the cache mishandles newlines in values, -# but we know of no workaround that is simple, portable, and efficient. -# So, we kill variables containing newlines. -# Ultrix sh set writes to stderr and can't be redirected directly, -# and sets the high bit in the cache file unless we assign to the vars. -( - for ac_var in `(set) 2>&1 | sed -n 's/^\([a-zA-Z_][a-zA-Z0-9_]*\)=.*/\1/p'`; do - eval ac_val=\$$ac_var - case $ac_val in #( - *${as_nl}*) - case $ac_var in #( - *_cv_*) { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cache variable $ac_var contains a newline" >&5 -$as_echo "$as_me: WARNING: cache variable $ac_var contains a newline" >&2;} ;; - esac - case $ac_var in #( - _ | IFS | as_nl) ;; #( - BASH_ARGV | BASH_SOURCE) eval $ac_var= ;; #( - *) { eval $ac_var=; unset $ac_var;} ;; - esac ;; - esac - done - - (set) 2>&1 | - case $as_nl`(ac_space=' '; set) 2>&1` in #( - *${as_nl}ac_space=\ *) - # `set' does not quote correctly, so add quotes: double-quote - # substitution turns \\\\ into \\, and sed turns \\ into \. - sed -n \ - "s/'/'\\\\''/g; - s/^\\([_$as_cr_alnum]*_cv_[_$as_cr_alnum]*\\)=\\(.*\\)/\\1='\\2'/p" - ;; #( - *) - # `set' quotes correctly as required by POSIX, so do not add quotes. - sed -n "/^[_$as_cr_alnum]*_cv_[_$as_cr_alnum]*=/p" - ;; - esac | - sort -) | - sed ' - /^ac_cv_env_/b end - t clear - :clear - s/^\([^=]*\)=\(.*[{}].*\)$/test "${\1+set}" = set || &/ - t end - s/^\([^=]*\)=\(.*\)$/\1=${\1=\2}/ - :end' >>confcache -if diff "$cache_file" confcache >/dev/null 2>&1; then :; else - if test -w "$cache_file"; then - if test "x$cache_file" != "x/dev/null"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: updating cache $cache_file" >&5 -$as_echo "$as_me: updating cache $cache_file" >&6;} - if test ! -f "$cache_file" || test -h "$cache_file"; then - cat confcache >"$cache_file" - else - case $cache_file in #( - */* | ?:*) - mv -f confcache "$cache_file"$$ && - mv -f "$cache_file"$$ "$cache_file" ;; #( - *) - mv -f confcache "$cache_file" ;; - esac - fi - fi - else - { $as_echo "$as_me:${as_lineno-$LINENO}: not updating unwritable cache $cache_file" >&5 -$as_echo "$as_me: not updating unwritable cache $cache_file" >&6;} - fi -fi -rm -f confcache - -test "x$prefix" = xNONE && prefix=$ac_default_prefix -# Let make expand exec_prefix. -test "x$exec_prefix" = xNONE && exec_prefix='${prefix}' - -DEFS=-DHAVE_CONFIG_H - -ac_libobjs= -ac_ltlibobjs= -U= -for ac_i in : $LIBOBJS; do test "x$ac_i" = x: && continue - # 1. Remove the extension, and $U if already installed. - ac_script='s/\$U\././;s/\.o$//;s/\.obj$//' - ac_i=`$as_echo "$ac_i" | sed "$ac_script"` - # 2. Prepend LIBOBJDIR. When used with automake>=1.10 LIBOBJDIR - # will be set to the directory where LIBOBJS objects are built. - as_fn_append ac_libobjs " \${LIBOBJDIR}$ac_i\$U.$ac_objext" - as_fn_append ac_ltlibobjs " \${LIBOBJDIR}$ac_i"'$U.lo' -done -LIBOBJS=$ac_libobjs - -LTLIBOBJS=$ac_ltlibobjs - - -if test -z "${USE_SYSTEMD_TRUE}" && test -z "${USE_SYSTEMD_FALSE}"; then - as_fn_error $? "conditional \"USE_SYSTEMD\" was never defined. -Usually this means the macro was only invoked conditionally." "$LINENO" 5 -fi - -: "${CONFIG_STATUS=./config.status}" -ac_write_fail=0 -ac_clean_files_save=$ac_clean_files -ac_clean_files="$ac_clean_files $CONFIG_STATUS" -{ $as_echo "$as_me:${as_lineno-$LINENO}: creating $CONFIG_STATUS" >&5 -$as_echo "$as_me: creating $CONFIG_STATUS" >&6;} -as_write_fail=0 -cat >$CONFIG_STATUS <<_ASEOF || as_write_fail=1 -#! $SHELL -# Generated by $as_me. -# Run this file to recreate the current configuration. -# Compiler output produced by configure, useful for debugging -# configure, is in config.log if it exists. - -debug=false -ac_cs_recheck=false -ac_cs_silent=false - -SHELL=\${CONFIG_SHELL-$SHELL} -export SHELL -_ASEOF -cat >>$CONFIG_STATUS <<\_ASEOF || as_write_fail=1 -## -------------------- ## -## M4sh Initialization. ## -## -------------------- ## - -# Be more Bourne compatible -DUALCASE=1; export DUALCASE # for MKS sh -if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then : - emulate sh - NULLCMD=: - # Pre-4.2 versions of Zsh do word splitting on ${1+"$@"}, which - # is contrary to our usage. Disable this feature. - alias -g '${1+"$@"}'='"$@"' - setopt NO_GLOB_SUBST -else - case `(set -o) 2>/dev/null` in #( - *posix*) : - set -o posix ;; #( - *) : - ;; -esac -fi - - -as_nl=' -' -export as_nl -# Printing a long string crashes Solaris 7 /usr/bin/printf. -as_echo='\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\' -as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo -as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo$as_echo -# Prefer a ksh shell builtin over an external printf program on Solaris, -# but without wasting forks for bash or zsh. -if test -z "$BASH_VERSION$ZSH_VERSION" \ - && (test "X`print -r -- $as_echo`" = "X$as_echo") 2>/dev/null; then - as_echo='print -r --' - as_echo_n='print -rn --' -elif (test "X`printf %s $as_echo`" = "X$as_echo") 2>/dev/null; then - as_echo='printf %s\n' - as_echo_n='printf %s' -else - if test "X`(/usr/ucb/echo -n -n $as_echo) 2>/dev/null`" = "X-n $as_echo"; then - as_echo_body='eval /usr/ucb/echo -n "$1$as_nl"' - as_echo_n='/usr/ucb/echo -n' - else - as_echo_body='eval expr "X$1" : "X\\(.*\\)"' - as_echo_n_body='eval - arg=$1; - case $arg in #( - *"$as_nl"*) - expr "X$arg" : "X\\(.*\\)$as_nl"; - arg=`expr "X$arg" : ".*$as_nl\\(.*\\)"`;; - esac; - expr "X$arg" : "X\\(.*\\)" | tr -d "$as_nl" - ' - export as_echo_n_body - as_echo_n='sh -c $as_echo_n_body as_echo' - fi - export as_echo_body - as_echo='sh -c $as_echo_body as_echo' -fi - -# The user is always right. -if test "${PATH_SEPARATOR+set}" != set; then - PATH_SEPARATOR=: - (PATH='/bin;/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 && { - (PATH='/bin:/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 || - PATH_SEPARATOR=';' - } -fi - - -# IFS -# We need space, tab and new line, in precisely that order. Quoting is -# there to prevent editors from complaining about space-tab. -# (If _AS_PATH_WALK were called with IFS unset, it would disable word -# splitting by setting IFS to empty value.) -IFS=" "" $as_nl" - -# Find who we are. Look in the path if we contain no directory separator. -as_myself= -case $0 in #(( - *[\\/]* ) as_myself=$0 ;; - *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR -for as_dir in $PATH -do - IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. - test -r "$as_dir/$0" && as_myself=$as_dir/$0 && break - done -IFS=$as_save_IFS - - ;; -esac -# We did not find ourselves, most probably we were run as `sh COMMAND' -# in which case we are not to be found in the path. -if test "x$as_myself" = x; then - as_myself=$0 -fi -if test ! -f "$as_myself"; then - $as_echo "$as_myself: error: cannot find myself; rerun with an absolute file name" >&2 - exit 1 -fi - -# Unset variables that we do not need and which cause bugs (e.g. in -# pre-3.0 UWIN ksh). But do not cause bugs in bash 2.01; the "|| exit 1" -# suppresses any "Segmentation fault" message there. '((' could -# trigger a bug in pdksh 5.2.14. -for as_var in BASH_ENV ENV MAIL MAILPATH -do eval test x\${$as_var+set} = xset \ - && ( (unset $as_var) || exit 1) >/dev/null 2>&1 && unset $as_var || : -done -PS1='$ ' -PS2='> ' -PS4='+ ' - -# NLS nuisances. -LC_ALL=C -export LC_ALL -LANGUAGE=C -export LANGUAGE - -# CDPATH. -(unset CDPATH) >/dev/null 2>&1 && unset CDPATH - - -# as_fn_error STATUS ERROR [LINENO LOG_FD] -# ---------------------------------------- -# Output "`basename $0`: error: ERROR" to stderr. If LINENO and LOG_FD are -# provided, also output the error to LOG_FD, referencing LINENO. Then exit the -# script with STATUS, using 1 if that was 0. -as_fn_error () -{ - as_status=$1; test $as_status -eq 0 && as_status=1 - if test "$4"; then - as_lineno=${as_lineno-"$3"} as_lineno_stack=as_lineno_stack=$as_lineno_stack - $as_echo "$as_me:${as_lineno-$LINENO}: error: $2" >&$4 - fi - $as_echo "$as_me: error: $2" >&2 - as_fn_exit $as_status -} # as_fn_error - - -# as_fn_set_status STATUS -# ----------------------- -# Set $? to STATUS, without forking. -as_fn_set_status () -{ - return $1 -} # as_fn_set_status - -# as_fn_exit STATUS -# ----------------- -# Exit the shell with STATUS, even in a "trap 0" or "set -e" context. -as_fn_exit () -{ - set +e - as_fn_set_status $1 - exit $1 -} # as_fn_exit - -# as_fn_unset VAR -# --------------- -# Portably unset VAR. -as_fn_unset () -{ - { eval $1=; unset $1;} -} -as_unset=as_fn_unset -# as_fn_append VAR VALUE -# ---------------------- -# Append the text in VALUE to the end of the definition contained in VAR. Take -# advantage of any shell optimizations that allow amortized linear growth over -# repeated appends, instead of the typical quadratic growth present in naive -# implementations. -if (eval "as_var=1; as_var+=2; test x\$as_var = x12") 2>/dev/null; then : - eval 'as_fn_append () - { - eval $1+=\$2 - }' -else - as_fn_append () - { - eval $1=\$$1\$2 - } -fi # as_fn_append - -# as_fn_arith ARG... -# ------------------ -# Perform arithmetic evaluation on the ARGs, and store the result in the -# global $as_val. Take advantage of shells that can avoid forks. The arguments -# must be portable across $(()) and expr. -if (eval "test \$(( 1 + 1 )) = 2") 2>/dev/null; then : - eval 'as_fn_arith () - { - as_val=$(( $* )) - }' -else - as_fn_arith () - { - as_val=`expr "$@" || test $? -eq 1` - } -fi # as_fn_arith - - -if expr a : '\(a\)' >/dev/null 2>&1 && - test "X`expr 00001 : '.*\(...\)'`" = X001; then - as_expr=expr -else - as_expr=false -fi - -if (basename -- /) >/dev/null 2>&1 && test "X`basename -- / 2>&1`" = "X/"; then - as_basename=basename -else - as_basename=false -fi - -if (as_dir=`dirname -- /` && test "X$as_dir" = X/) >/dev/null 2>&1; then - as_dirname=dirname -else - as_dirname=false -fi - -as_me=`$as_basename -- "$0" || -$as_expr X/"$0" : '.*/\([^/][^/]*\)/*$' \| \ - X"$0" : 'X\(//\)$' \| \ - X"$0" : 'X\(/\)' \| . 2>/dev/null || -$as_echo X/"$0" | - sed '/^.*\/\([^/][^/]*\)\/*$/{ - s//\1/ - q - } - /^X\/\(\/\/\)$/{ - s//\1/ - q - } - /^X\/\(\/\).*/{ - s//\1/ - q - } - s/.*/./; q'` - -# Avoid depending upon Character Ranges. -as_cr_letters='abcdefghijklmnopqrstuvwxyz' -as_cr_LETTERS='ABCDEFGHIJKLMNOPQRSTUVWXYZ' -as_cr_Letters=$as_cr_letters$as_cr_LETTERS -as_cr_digits='0123456789' -as_cr_alnum=$as_cr_Letters$as_cr_digits - -ECHO_C= ECHO_N= ECHO_T= -case `echo -n x` in #((((( --n*) - case `echo 'xy\c'` in - *c*) ECHO_T=' ';; # ECHO_T is single tab character. - xy) ECHO_C='\c';; - *) echo `echo ksh88 bug on AIX 6.1` > /dev/null - ECHO_T=' ';; - esac;; -*) - ECHO_N='-n';; -esac - -rm -f conf$$ conf$$.exe conf$$.file -if test -d conf$$.dir; then - rm -f conf$$.dir/conf$$.file -else - rm -f conf$$.dir - mkdir conf$$.dir 2>/dev/null -fi -if (echo >conf$$.file) 2>/dev/null; then - if ln -s conf$$.file conf$$ 2>/dev/null; then - as_ln_s='ln -s' - # ... but there are two gotchas: - # 1) On MSYS, both `ln -s file dir' and `ln file dir' fail. - # 2) DJGPP < 2.04 has no symlinks; `ln -s' creates a wrapper executable. - # In both cases, we have to default to `cp -pR'. - ln -s conf$$.file conf$$.dir 2>/dev/null && test ! -f conf$$.exe || - as_ln_s='cp -pR' - elif ln conf$$.file conf$$ 2>/dev/null; then - as_ln_s=ln - else - as_ln_s='cp -pR' - fi -else - as_ln_s='cp -pR' -fi -rm -f conf$$ conf$$.exe conf$$.dir/conf$$.file conf$$.file -rmdir conf$$.dir 2>/dev/null - - -# as_fn_mkdir_p -# ------------- -# Create "$as_dir" as a directory, including parents if necessary. -as_fn_mkdir_p () -{ - - case $as_dir in #( - -*) as_dir=./$as_dir;; - esac - test -d "$as_dir" || eval $as_mkdir_p || { - as_dirs= - while :; do - case $as_dir in #( - *\'*) as_qdir=`$as_echo "$as_dir" | sed "s/'/'\\\\\\\\''/g"`;; #'( - *) as_qdir=$as_dir;; - esac - as_dirs="'$as_qdir' $as_dirs" - as_dir=`$as_dirname -- "$as_dir" || -$as_expr X"$as_dir" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ - X"$as_dir" : 'X\(//\)[^/]' \| \ - X"$as_dir" : 'X\(//\)$' \| \ - X"$as_dir" : 'X\(/\)' \| . 2>/dev/null || -$as_echo X"$as_dir" | - sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ - s//\1/ - q - } - /^X\(\/\/\)[^/].*/{ - s//\1/ - q - } - /^X\(\/\/\)$/{ - s//\1/ - q - } - /^X\(\/\).*/{ - s//\1/ - q - } - s/.*/./; q'` - test -d "$as_dir" && break - done - test -z "$as_dirs" || eval "mkdir $as_dirs" - } || test -d "$as_dir" || as_fn_error $? "cannot create directory $as_dir" - - -} # as_fn_mkdir_p -if mkdir -p . 2>/dev/null; then - as_mkdir_p='mkdir -p "$as_dir"' -else - test -d ./-p && rmdir ./-p - as_mkdir_p=false -fi - - -# as_fn_executable_p FILE -# ----------------------- -# Test if FILE is an executable regular file. -as_fn_executable_p () -{ - test -f "$1" && test -x "$1" -} # as_fn_executable_p -as_test_x='test -x' -as_executable_p=as_fn_executable_p - -# Sed expression to map a string onto a valid CPP name. -as_tr_cpp="eval sed 'y%*$as_cr_letters%P$as_cr_LETTERS%;s%[^_$as_cr_alnum]%_%g'" - -# Sed expression to map a string onto a valid variable name. -as_tr_sh="eval sed 'y%*+%pp%;s%[^_$as_cr_alnum]%_%g'" - - -exec 6>&1 -## ----------------------------------- ## -## Main body of $CONFIG_STATUS script. ## -## ----------------------------------- ## -_ASEOF -test $as_write_fail = 0 && chmod +x $CONFIG_STATUS || ac_write_fail=1 - -cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 -# Save the log message, to keep $0 and so on meaningful, and to -# report actual input values of CONFIG_FILES etc. instead of their -# values after options handling. -ac_log=" -This file was extended by unbound $as_me 1.6.3, which was -generated by GNU Autoconf 2.69. Invocation command line was - - CONFIG_FILES = $CONFIG_FILES - CONFIG_HEADERS = $CONFIG_HEADERS - CONFIG_LINKS = $CONFIG_LINKS - CONFIG_COMMANDS = $CONFIG_COMMANDS - $ $0 $@ - -on `(hostname || uname -n) 2>/dev/null | sed 1q` -" - -_ACEOF - -case $ac_config_files in *" -"*) set x $ac_config_files; shift; ac_config_files=$*;; -esac - -case $ac_config_headers in *" -"*) set x $ac_config_headers; shift; ac_config_headers=$*;; -esac - - -cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 -# Files that config.status was made for. -config_files="$ac_config_files" -config_headers="$ac_config_headers" -config_commands="$ac_config_commands" - -_ACEOF - -cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 -ac_cs_usage="\ -\`$as_me' instantiates files and other configuration actions -from templates according to the current configuration. Unless the files -and actions are specified as TAGs, all are instantiated by default. - -Usage: $0 [OPTION]... [TAG]... - - -h, --help print this help, then exit - -V, --version print version number and configuration settings, then exit - --config print configuration, then exit - -q, --quiet, --silent - do not print progress messages - -d, --debug don't remove temporary files - --recheck update $as_me by reconfiguring in the same conditions - --file=FILE[:TEMPLATE] - instantiate the configuration file FILE - --header=FILE[:TEMPLATE] - instantiate the configuration header FILE - -Configuration files: -$config_files - -Configuration headers: -$config_headers - -Configuration commands: -$config_commands - -Report bugs to ." - -_ACEOF -cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 -ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" -ac_cs_version="\\ -unbound config.status 1.6.3 -configured by $0, generated by GNU Autoconf 2.69, - with options \\"\$ac_cs_config\\" - -Copyright (C) 2012 Free Software Foundation, Inc. -This config.status script is free software; the Free Software Foundation -gives unlimited permission to copy, distribute and modify it." - -ac_pwd='$ac_pwd' -srcdir='$srcdir' -AWK='$AWK' -test -n "\$AWK" || AWK=awk -_ACEOF - -cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 -# The default lists apply if the user does not specify any file. -ac_need_defaults=: -while test $# != 0 -do - case $1 in - --*=?*) - ac_option=`expr "X$1" : 'X\([^=]*\)='` - ac_optarg=`expr "X$1" : 'X[^=]*=\(.*\)'` - ac_shift=: - ;; - --*=) - ac_option=`expr "X$1" : 'X\([^=]*\)='` - ac_optarg= - ac_shift=: - ;; - *) - ac_option=$1 - ac_optarg=$2 - ac_shift=shift - ;; - esac - - case $ac_option in - # Handling of the options. - -recheck | --recheck | --rechec | --reche | --rech | --rec | --re | --r) - ac_cs_recheck=: ;; - --version | --versio | --versi | --vers | --ver | --ve | --v | -V ) - $as_echo "$ac_cs_version"; exit ;; - --config | --confi | --conf | --con | --co | --c ) - $as_echo "$ac_cs_config"; exit ;; - --debug | --debu | --deb | --de | --d | -d ) - debug=: ;; - --file | --fil | --fi | --f ) - $ac_shift - case $ac_optarg in - *\'*) ac_optarg=`$as_echo "$ac_optarg" | sed "s/'/'\\\\\\\\''/g"` ;; - '') as_fn_error $? "missing file argument" ;; - esac - as_fn_append CONFIG_FILES " '$ac_optarg'" - ac_need_defaults=false;; - --header | --heade | --head | --hea ) - $ac_shift - case $ac_optarg in - *\'*) ac_optarg=`$as_echo "$ac_optarg" | sed "s/'/'\\\\\\\\''/g"` ;; - esac - as_fn_append CONFIG_HEADERS " '$ac_optarg'" - ac_need_defaults=false;; - --he | --h) - # Conflict between --help and --header - as_fn_error $? "ambiguous option: \`$1' -Try \`$0 --help' for more information.";; - --help | --hel | -h ) - $as_echo "$ac_cs_usage"; exit ;; - -q | -quiet | --quiet | --quie | --qui | --qu | --q \ - | -silent | --silent | --silen | --sile | --sil | --si | --s) - ac_cs_silent=: ;; - - # This is an error. - -*) as_fn_error $? "unrecognized option: \`$1' -Try \`$0 --help' for more information." ;; - - *) as_fn_append ac_config_targets " $1" - ac_need_defaults=false ;; - - esac - shift -done - -ac_configure_extra_args= - -if $ac_cs_silent; then - exec 6>/dev/null - ac_configure_extra_args="$ac_configure_extra_args --silent" -fi - -_ACEOF -cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 -if \$ac_cs_recheck; then - set X $SHELL '$0' $ac_configure_args \$ac_configure_extra_args --no-create --no-recursion - shift - \$as_echo "running CONFIG_SHELL=$SHELL \$*" >&6 - CONFIG_SHELL='$SHELL' - export CONFIG_SHELL - exec "\$@" -fi - -_ACEOF -cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 -exec 5>>config.log -{ - echo - sed 'h;s/./-/g;s/^.../## /;s/...$/ ##/;p;x;p;x' <<_ASBOX -## Running $as_me. ## -_ASBOX - $as_echo "$ac_log" -} >&5 - -_ACEOF -cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 -# -# INIT-COMMANDS -# - - -# The HP-UX ksh and POSIX shell print the target directory to stdout -# if CDPATH is set. -(unset CDPATH) >/dev/null 2>&1 && unset CDPATH - -sed_quote_subst='$sed_quote_subst' -double_quote_subst='$double_quote_subst' -delay_variable_subst='$delay_variable_subst' -macro_version='`$ECHO "$macro_version" | $SED "$delay_single_quote_subst"`' -macro_revision='`$ECHO "$macro_revision" | $SED "$delay_single_quote_subst"`' -enable_shared='`$ECHO "$enable_shared" | $SED "$delay_single_quote_subst"`' -enable_static='`$ECHO "$enable_static" | $SED "$delay_single_quote_subst"`' -pic_mode='`$ECHO "$pic_mode" | $SED "$delay_single_quote_subst"`' -enable_fast_install='`$ECHO "$enable_fast_install" | $SED "$delay_single_quote_subst"`' -shared_archive_member_spec='`$ECHO "$shared_archive_member_spec" | $SED "$delay_single_quote_subst"`' -SHELL='`$ECHO "$SHELL" | $SED "$delay_single_quote_subst"`' -ECHO='`$ECHO "$ECHO" | $SED "$delay_single_quote_subst"`' -PATH_SEPARATOR='`$ECHO "$PATH_SEPARATOR" | $SED "$delay_single_quote_subst"`' -host_alias='`$ECHO "$host_alias" | $SED "$delay_single_quote_subst"`' -host='`$ECHO "$host" | $SED "$delay_single_quote_subst"`' -host_os='`$ECHO "$host_os" | $SED "$delay_single_quote_subst"`' -build_alias='`$ECHO "$build_alias" | $SED "$delay_single_quote_subst"`' -build='`$ECHO "$build" | $SED "$delay_single_quote_subst"`' -build_os='`$ECHO "$build_os" | $SED "$delay_single_quote_subst"`' -SED='`$ECHO "$SED" | $SED "$delay_single_quote_subst"`' -Xsed='`$ECHO "$Xsed" | $SED "$delay_single_quote_subst"`' -GREP='`$ECHO "$GREP" | $SED "$delay_single_quote_subst"`' -EGREP='`$ECHO "$EGREP" | $SED "$delay_single_quote_subst"`' -FGREP='`$ECHO "$FGREP" | $SED "$delay_single_quote_subst"`' -LD='`$ECHO "$LD" | $SED "$delay_single_quote_subst"`' -NM='`$ECHO "$NM" | $SED "$delay_single_quote_subst"`' -LN_S='`$ECHO "$LN_S" | $SED "$delay_single_quote_subst"`' -max_cmd_len='`$ECHO "$max_cmd_len" | $SED "$delay_single_quote_subst"`' -ac_objext='`$ECHO "$ac_objext" | $SED "$delay_single_quote_subst"`' -exeext='`$ECHO "$exeext" | $SED "$delay_single_quote_subst"`' -lt_unset='`$ECHO "$lt_unset" | $SED "$delay_single_quote_subst"`' -lt_SP2NL='`$ECHO "$lt_SP2NL" | $SED "$delay_single_quote_subst"`' -lt_NL2SP='`$ECHO "$lt_NL2SP" | $SED "$delay_single_quote_subst"`' -lt_cv_to_host_file_cmd='`$ECHO "$lt_cv_to_host_file_cmd" | $SED "$delay_single_quote_subst"`' -lt_cv_to_tool_file_cmd='`$ECHO "$lt_cv_to_tool_file_cmd" | $SED "$delay_single_quote_subst"`' -reload_flag='`$ECHO "$reload_flag" | $SED "$delay_single_quote_subst"`' -reload_cmds='`$ECHO "$reload_cmds" | $SED "$delay_single_quote_subst"`' -OBJDUMP='`$ECHO "$OBJDUMP" | $SED "$delay_single_quote_subst"`' -deplibs_check_method='`$ECHO "$deplibs_check_method" | $SED "$delay_single_quote_subst"`' -file_magic_cmd='`$ECHO "$file_magic_cmd" | $SED "$delay_single_quote_subst"`' -file_magic_glob='`$ECHO "$file_magic_glob" | $SED "$delay_single_quote_subst"`' -want_nocaseglob='`$ECHO "$want_nocaseglob" | $SED "$delay_single_quote_subst"`' -DLLTOOL='`$ECHO "$DLLTOOL" | $SED "$delay_single_quote_subst"`' -sharedlib_from_linklib_cmd='`$ECHO "$sharedlib_from_linklib_cmd" | $SED "$delay_single_quote_subst"`' -AR='`$ECHO "$AR" | $SED "$delay_single_quote_subst"`' -AR_FLAGS='`$ECHO "$AR_FLAGS" | $SED "$delay_single_quote_subst"`' -archiver_list_spec='`$ECHO "$archiver_list_spec" | $SED "$delay_single_quote_subst"`' -STRIP='`$ECHO "$STRIP" | $SED "$delay_single_quote_subst"`' -RANLIB='`$ECHO "$RANLIB" | $SED "$delay_single_quote_subst"`' -old_postinstall_cmds='`$ECHO "$old_postinstall_cmds" | $SED "$delay_single_quote_subst"`' -old_postuninstall_cmds='`$ECHO "$old_postuninstall_cmds" | $SED "$delay_single_quote_subst"`' -old_archive_cmds='`$ECHO "$old_archive_cmds" | $SED "$delay_single_quote_subst"`' -lock_old_archive_extraction='`$ECHO "$lock_old_archive_extraction" | $SED "$delay_single_quote_subst"`' -CC='`$ECHO "$CC" | $SED "$delay_single_quote_subst"`' -CFLAGS='`$ECHO "$CFLAGS" | $SED "$delay_single_quote_subst"`' -compiler='`$ECHO "$compiler" | $SED "$delay_single_quote_subst"`' -GCC='`$ECHO "$GCC" | $SED "$delay_single_quote_subst"`' -lt_cv_sys_global_symbol_pipe='`$ECHO "$lt_cv_sys_global_symbol_pipe" | $SED "$delay_single_quote_subst"`' -lt_cv_sys_global_symbol_to_cdecl='`$ECHO "$lt_cv_sys_global_symbol_to_cdecl" | $SED "$delay_single_quote_subst"`' -lt_cv_sys_global_symbol_to_import='`$ECHO "$lt_cv_sys_global_symbol_to_import" | $SED "$delay_single_quote_subst"`' -lt_cv_sys_global_symbol_to_c_name_address='`$ECHO "$lt_cv_sys_global_symbol_to_c_name_address" | $SED "$delay_single_quote_subst"`' -lt_cv_sys_global_symbol_to_c_name_address_lib_prefix='`$ECHO "$lt_cv_sys_global_symbol_to_c_name_address_lib_prefix" | $SED "$delay_single_quote_subst"`' -lt_cv_nm_interface='`$ECHO "$lt_cv_nm_interface" | $SED "$delay_single_quote_subst"`' -nm_file_list_spec='`$ECHO "$nm_file_list_spec" | $SED "$delay_single_quote_subst"`' -lt_sysroot='`$ECHO "$lt_sysroot" | $SED "$delay_single_quote_subst"`' -lt_cv_truncate_bin='`$ECHO "$lt_cv_truncate_bin" | $SED "$delay_single_quote_subst"`' -objdir='`$ECHO "$objdir" | $SED "$delay_single_quote_subst"`' -MAGIC_CMD='`$ECHO "$MAGIC_CMD" | $SED "$delay_single_quote_subst"`' -lt_prog_compiler_no_builtin_flag='`$ECHO "$lt_prog_compiler_no_builtin_flag" | $SED "$delay_single_quote_subst"`' -lt_prog_compiler_pic='`$ECHO "$lt_prog_compiler_pic" | $SED "$delay_single_quote_subst"`' -lt_prog_compiler_wl='`$ECHO "$lt_prog_compiler_wl" | $SED "$delay_single_quote_subst"`' -lt_prog_compiler_static='`$ECHO "$lt_prog_compiler_static" | $SED "$delay_single_quote_subst"`' -lt_cv_prog_compiler_c_o='`$ECHO "$lt_cv_prog_compiler_c_o" | $SED "$delay_single_quote_subst"`' -need_locks='`$ECHO "$need_locks" | $SED "$delay_single_quote_subst"`' -MANIFEST_TOOL='`$ECHO "$MANIFEST_TOOL" | $SED "$delay_single_quote_subst"`' -DSYMUTIL='`$ECHO "$DSYMUTIL" | $SED "$delay_single_quote_subst"`' -NMEDIT='`$ECHO "$NMEDIT" | $SED "$delay_single_quote_subst"`' -LIPO='`$ECHO "$LIPO" | $SED "$delay_single_quote_subst"`' -OTOOL='`$ECHO "$OTOOL" | $SED "$delay_single_quote_subst"`' -OTOOL64='`$ECHO "$OTOOL64" | $SED "$delay_single_quote_subst"`' -libext='`$ECHO "$libext" | $SED "$delay_single_quote_subst"`' -shrext_cmds='`$ECHO "$shrext_cmds" | $SED "$delay_single_quote_subst"`' -extract_expsyms_cmds='`$ECHO "$extract_expsyms_cmds" | $SED "$delay_single_quote_subst"`' -archive_cmds_need_lc='`$ECHO "$archive_cmds_need_lc" | $SED "$delay_single_quote_subst"`' -enable_shared_with_static_runtimes='`$ECHO "$enable_shared_with_static_runtimes" | $SED "$delay_single_quote_subst"`' -export_dynamic_flag_spec='`$ECHO "$export_dynamic_flag_spec" | $SED "$delay_single_quote_subst"`' -whole_archive_flag_spec='`$ECHO "$whole_archive_flag_spec" | $SED "$delay_single_quote_subst"`' -compiler_needs_object='`$ECHO "$compiler_needs_object" | $SED "$delay_single_quote_subst"`' -old_archive_from_new_cmds='`$ECHO "$old_archive_from_new_cmds" | $SED "$delay_single_quote_subst"`' -old_archive_from_expsyms_cmds='`$ECHO "$old_archive_from_expsyms_cmds" | $SED "$delay_single_quote_subst"`' -archive_cmds='`$ECHO "$archive_cmds" | $SED "$delay_single_quote_subst"`' -archive_expsym_cmds='`$ECHO "$archive_expsym_cmds" | $SED "$delay_single_quote_subst"`' -module_cmds='`$ECHO "$module_cmds" | $SED "$delay_single_quote_subst"`' -module_expsym_cmds='`$ECHO "$module_expsym_cmds" | $SED "$delay_single_quote_subst"`' -with_gnu_ld='`$ECHO "$with_gnu_ld" | $SED "$delay_single_quote_subst"`' -allow_undefined_flag='`$ECHO "$allow_undefined_flag" | $SED "$delay_single_quote_subst"`' -no_undefined_flag='`$ECHO "$no_undefined_flag" | $SED "$delay_single_quote_subst"`' -hardcode_libdir_flag_spec='`$ECHO "$hardcode_libdir_flag_spec" | $SED "$delay_single_quote_subst"`' -hardcode_libdir_separator='`$ECHO "$hardcode_libdir_separator" | $SED "$delay_single_quote_subst"`' -hardcode_direct='`$ECHO "$hardcode_direct" | $SED "$delay_single_quote_subst"`' -hardcode_direct_absolute='`$ECHO "$hardcode_direct_absolute" | $SED "$delay_single_quote_subst"`' -hardcode_minus_L='`$ECHO "$hardcode_minus_L" | $SED "$delay_single_quote_subst"`' -hardcode_shlibpath_var='`$ECHO "$hardcode_shlibpath_var" | $SED "$delay_single_quote_subst"`' -hardcode_automatic='`$ECHO "$hardcode_automatic" | $SED "$delay_single_quote_subst"`' -inherit_rpath='`$ECHO "$inherit_rpath" | $SED "$delay_single_quote_subst"`' -link_all_deplibs='`$ECHO "$link_all_deplibs" | $SED "$delay_single_quote_subst"`' -always_export_symbols='`$ECHO "$always_export_symbols" | $SED "$delay_single_quote_subst"`' -export_symbols_cmds='`$ECHO "$export_symbols_cmds" | $SED "$delay_single_quote_subst"`' -exclude_expsyms='`$ECHO "$exclude_expsyms" | $SED "$delay_single_quote_subst"`' -include_expsyms='`$ECHO "$include_expsyms" | $SED "$delay_single_quote_subst"`' -prelink_cmds='`$ECHO "$prelink_cmds" | $SED "$delay_single_quote_subst"`' -postlink_cmds='`$ECHO "$postlink_cmds" | $SED "$delay_single_quote_subst"`' -file_list_spec='`$ECHO "$file_list_spec" | $SED "$delay_single_quote_subst"`' -variables_saved_for_relink='`$ECHO "$variables_saved_for_relink" | $SED "$delay_single_quote_subst"`' -need_lib_prefix='`$ECHO "$need_lib_prefix" | $SED "$delay_single_quote_subst"`' -need_version='`$ECHO "$need_version" | $SED "$delay_single_quote_subst"`' -version_type='`$ECHO "$version_type" | $SED "$delay_single_quote_subst"`' -runpath_var='`$ECHO "$runpath_var" | $SED "$delay_single_quote_subst"`' -shlibpath_var='`$ECHO "$shlibpath_var" | $SED "$delay_single_quote_subst"`' -shlibpath_overrides_runpath='`$ECHO "$shlibpath_overrides_runpath" | $SED "$delay_single_quote_subst"`' -libname_spec='`$ECHO "$libname_spec" | $SED "$delay_single_quote_subst"`' -library_names_spec='`$ECHO "$library_names_spec" | $SED "$delay_single_quote_subst"`' -soname_spec='`$ECHO "$soname_spec" | $SED "$delay_single_quote_subst"`' -install_override_mode='`$ECHO "$install_override_mode" | $SED "$delay_single_quote_subst"`' -postinstall_cmds='`$ECHO "$postinstall_cmds" | $SED "$delay_single_quote_subst"`' -postuninstall_cmds='`$ECHO "$postuninstall_cmds" | $SED "$delay_single_quote_subst"`' -finish_cmds='`$ECHO "$finish_cmds" | $SED "$delay_single_quote_subst"`' -finish_eval='`$ECHO "$finish_eval" | $SED "$delay_single_quote_subst"`' -hardcode_into_libs='`$ECHO "$hardcode_into_libs" | $SED "$delay_single_quote_subst"`' -sys_lib_search_path_spec='`$ECHO "$sys_lib_search_path_spec" | $SED "$delay_single_quote_subst"`' -configure_time_dlsearch_path='`$ECHO "$configure_time_dlsearch_path" | $SED "$delay_single_quote_subst"`' -configure_time_lt_sys_library_path='`$ECHO "$configure_time_lt_sys_library_path" | $SED "$delay_single_quote_subst"`' -hardcode_action='`$ECHO "$hardcode_action" | $SED "$delay_single_quote_subst"`' -enable_dlopen='`$ECHO "$enable_dlopen" | $SED "$delay_single_quote_subst"`' -enable_dlopen_self='`$ECHO "$enable_dlopen_self" | $SED "$delay_single_quote_subst"`' -enable_dlopen_self_static='`$ECHO "$enable_dlopen_self_static" | $SED "$delay_single_quote_subst"`' -old_striplib='`$ECHO "$old_striplib" | $SED "$delay_single_quote_subst"`' -striplib='`$ECHO "$striplib" | $SED "$delay_single_quote_subst"`' - -LTCC='$LTCC' -LTCFLAGS='$LTCFLAGS' -compiler='$compiler_DEFAULT' - -# A function that is used when there is no print builtin or printf. -func_fallback_echo () -{ - eval 'cat <<_LTECHO_EOF -\$1 -_LTECHO_EOF' -} - -# Quote evaled strings. -for var in SHELL \ -ECHO \ -PATH_SEPARATOR \ -SED \ -GREP \ -EGREP \ -FGREP \ -LD \ -NM \ -LN_S \ -lt_SP2NL \ -lt_NL2SP \ -reload_flag \ -OBJDUMP \ -deplibs_check_method \ -file_magic_cmd \ -file_magic_glob \ -want_nocaseglob \ -DLLTOOL \ -sharedlib_from_linklib_cmd \ -AR \ -AR_FLAGS \ -archiver_list_spec \ -STRIP \ -RANLIB \ -CC \ -CFLAGS \ -compiler \ -lt_cv_sys_global_symbol_pipe \ -lt_cv_sys_global_symbol_to_cdecl \ -lt_cv_sys_global_symbol_to_import \ -lt_cv_sys_global_symbol_to_c_name_address \ -lt_cv_sys_global_symbol_to_c_name_address_lib_prefix \ -lt_cv_nm_interface \ -nm_file_list_spec \ -lt_cv_truncate_bin \ -lt_prog_compiler_no_builtin_flag \ -lt_prog_compiler_pic \ -lt_prog_compiler_wl \ -lt_prog_compiler_static \ -lt_cv_prog_compiler_c_o \ -need_locks \ -MANIFEST_TOOL \ -DSYMUTIL \ -NMEDIT \ -LIPO \ -OTOOL \ -OTOOL64 \ -shrext_cmds \ -export_dynamic_flag_spec \ -whole_archive_flag_spec \ -compiler_needs_object \ -with_gnu_ld \ -allow_undefined_flag \ -no_undefined_flag \ -hardcode_libdir_flag_spec \ -hardcode_libdir_separator \ -exclude_expsyms \ -include_expsyms \ -file_list_spec \ -variables_saved_for_relink \ -libname_spec \ -library_names_spec \ -soname_spec \ -install_override_mode \ -finish_eval \ -old_striplib \ -striplib; do - case \`eval \\\\\$ECHO \\\\""\\\\\$\$var"\\\\"\` in - *[\\\\\\\`\\"\\\$]*) - eval "lt_\$var=\\\\\\"\\\`\\\$ECHO \\"\\\$\$var\\" | \\\$SED \\"\\\$sed_quote_subst\\"\\\`\\\\\\"" ## exclude from sc_prohibit_nested_quotes - ;; - *) - eval "lt_\$var=\\\\\\"\\\$\$var\\\\\\"" - ;; - esac -done - -# Double-quote double-evaled strings. -for var in reload_cmds \ -old_postinstall_cmds \ -old_postuninstall_cmds \ -old_archive_cmds \ -extract_expsyms_cmds \ -old_archive_from_new_cmds \ -old_archive_from_expsyms_cmds \ -archive_cmds \ -archive_expsym_cmds \ -module_cmds \ -module_expsym_cmds \ -export_symbols_cmds \ -prelink_cmds \ -postlink_cmds \ -postinstall_cmds \ -postuninstall_cmds \ -finish_cmds \ -sys_lib_search_path_spec \ -configure_time_dlsearch_path \ -configure_time_lt_sys_library_path; do - case \`eval \\\\\$ECHO \\\\""\\\\\$\$var"\\\\"\` in - *[\\\\\\\`\\"\\\$]*) - eval "lt_\$var=\\\\\\"\\\`\\\$ECHO \\"\\\$\$var\\" | \\\$SED -e \\"\\\$double_quote_subst\\" -e \\"\\\$sed_quote_subst\\" -e \\"\\\$delay_variable_subst\\"\\\`\\\\\\"" ## exclude from sc_prohibit_nested_quotes - ;; - *) - eval "lt_\$var=\\\\\\"\\\$\$var\\\\\\"" - ;; - esac -done - -ac_aux_dir='$ac_aux_dir' - -# See if we are running on zsh, and set the options that allow our -# commands through without removal of \ escapes INIT. -if test -n "\${ZSH_VERSION+set}"; then - setopt NO_GLOB_SUBST -fi - - - PACKAGE='$PACKAGE' - VERSION='$VERSION' - RM='$RM' - ofile='$ofile' - - - - -_ACEOF - -cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 - -# Handling of arguments. -for ac_config_target in $ac_config_targets -do - case $ac_config_target in - "libtool") CONFIG_COMMANDS="$CONFIG_COMMANDS libtool" ;; - "disable-rpath") CONFIG_COMMANDS="$CONFIG_COMMANDS disable-rpath" ;; - "Makefile") CONFIG_FILES="$CONFIG_FILES Makefile" ;; - "doc/example.conf") CONFIG_FILES="$CONFIG_FILES doc/example.conf" ;; - "doc/libunbound.3") CONFIG_FILES="$CONFIG_FILES doc/libunbound.3" ;; - "doc/unbound.8") CONFIG_FILES="$CONFIG_FILES doc/unbound.8" ;; - "doc/unbound-anchor.8") CONFIG_FILES="$CONFIG_FILES doc/unbound-anchor.8" ;; - "doc/unbound-checkconf.8") CONFIG_FILES="$CONFIG_FILES doc/unbound-checkconf.8" ;; - "doc/unbound.conf.5") CONFIG_FILES="$CONFIG_FILES doc/unbound.conf.5" ;; - "doc/unbound-control.8") CONFIG_FILES="$CONFIG_FILES doc/unbound-control.8" ;; - "doc/unbound-host.1") CONFIG_FILES="$CONFIG_FILES doc/unbound-host.1" ;; - "smallapp/unbound-control-setup.sh") CONFIG_FILES="$CONFIG_FILES smallapp/unbound-control-setup.sh" ;; - "dnstap/dnstap_config.h") CONFIG_FILES="$CONFIG_FILES dnstap/dnstap_config.h" ;; - "dnscrypt/dnscrypt_config.h") CONFIG_FILES="$CONFIG_FILES dnscrypt/dnscrypt_config.h" ;; - "contrib/libunbound.pc") CONFIG_FILES="$CONFIG_FILES contrib/libunbound.pc" ;; - "contrib/unbound.socket") CONFIG_FILES="$CONFIG_FILES contrib/unbound.socket" ;; - "contrib/unbound.service") CONFIG_FILES="$CONFIG_FILES contrib/unbound.service" ;; - "config.h") CONFIG_HEADERS="$CONFIG_HEADERS config.h" ;; - - *) as_fn_error $? "invalid argument: \`$ac_config_target'" "$LINENO" 5;; - esac -done - - -# If the user did not use the arguments to specify the items to instantiate, -# then the envvar interface is used. Set only those that are not. -# We use the long form for the default assignment because of an extremely -# bizarre bug on SunOS 4.1.3. -if $ac_need_defaults; then - test "${CONFIG_FILES+set}" = set || CONFIG_FILES=$config_files - test "${CONFIG_HEADERS+set}" = set || CONFIG_HEADERS=$config_headers - test "${CONFIG_COMMANDS+set}" = set || CONFIG_COMMANDS=$config_commands -fi - -# Have a temporary directory for convenience. Make it in the build tree -# simply because there is no reason against having it here, and in addition, -# creating and moving files from /tmp can sometimes cause problems. -# Hook for its removal unless debugging. -# Note that there is a small window in which the directory will not be cleaned: -# after its creation but before its name has been assigned to `$tmp'. -$debug || -{ - tmp= ac_tmp= - trap 'exit_status=$? - : "${ac_tmp:=$tmp}" - { test ! -d "$ac_tmp" || rm -fr "$ac_tmp"; } && exit $exit_status -' 0 - trap 'as_fn_exit 1' 1 2 13 15 -} -# Create a (secure) tmp directory for tmp files. - -{ - tmp=`(umask 077 && mktemp -d "./confXXXXXX") 2>/dev/null` && - test -d "$tmp" -} || -{ - tmp=./conf$$-$RANDOM - (umask 077 && mkdir "$tmp") -} || as_fn_error $? "cannot create a temporary directory in ." "$LINENO" 5 -ac_tmp=$tmp - -# Set up the scripts for CONFIG_FILES section. -# No need to generate them if there are no CONFIG_FILES. -# This happens for instance with `./config.status config.h'. -if test -n "$CONFIG_FILES"; then - - -ac_cr=`echo X | tr X '\015'` -# On cygwin, bash can eat \r inside `` if the user requested igncr. -# But we know of no other shell where ac_cr would be empty at this -# point, so we can use a bashism as a fallback. -if test "x$ac_cr" = x; then - eval ac_cr=\$\'\\r\' -fi -ac_cs_awk_cr=`$AWK 'BEGIN { print "a\rb" }' /dev/null` -if test "$ac_cs_awk_cr" = "a${ac_cr}b"; then - ac_cs_awk_cr='\\r' -else - ac_cs_awk_cr=$ac_cr -fi - -echo 'BEGIN {' >"$ac_tmp/subs1.awk" && -_ACEOF - - -{ - echo "cat >conf$$subs.awk <<_ACEOF" && - echo "$ac_subst_vars" | sed 's/.*/&!$&$ac_delim/' && - echo "_ACEOF" -} >conf$$subs.sh || - as_fn_error $? "could not make $CONFIG_STATUS" "$LINENO" 5 -ac_delim_num=`echo "$ac_subst_vars" | grep -c '^'` -ac_delim='%!_!# ' -for ac_last_try in false false false false false :; do - . ./conf$$subs.sh || - as_fn_error $? "could not make $CONFIG_STATUS" "$LINENO" 5 - - ac_delim_n=`sed -n "s/.*$ac_delim\$/X/p" conf$$subs.awk | grep -c X` - if test $ac_delim_n = $ac_delim_num; then - break - elif $ac_last_try; then - as_fn_error $? "could not make $CONFIG_STATUS" "$LINENO" 5 - else - ac_delim="$ac_delim!$ac_delim _$ac_delim!! " - fi -done -rm -f conf$$subs.sh - -cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 -cat >>"\$ac_tmp/subs1.awk" <<\\_ACAWK && -_ACEOF -sed -n ' -h -s/^/S["/; s/!.*/"]=/ -p -g -s/^[^!]*!// -:repl -t repl -s/'"$ac_delim"'$// -t delim -:nl -h -s/\(.\{148\}\)..*/\1/ -t more1 -s/["\\]/\\&/g; s/^/"/; s/$/\\n"\\/ -p -n -b repl -:more1 -s/["\\]/\\&/g; s/^/"/; s/$/"\\/ -p -g -s/.\{148\}// -t nl -:delim -h -s/\(.\{148\}\)..*/\1/ -t more2 -s/["\\]/\\&/g; s/^/"/; s/$/"/ -p -b -:more2 -s/["\\]/\\&/g; s/^/"/; s/$/"\\/ -p -g -s/.\{148\}// -t delim -' >$CONFIG_STATUS || ac_write_fail=1 -rm -f conf$$subs.awk -cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 -_ACAWK -cat >>"\$ac_tmp/subs1.awk" <<_ACAWK && - for (key in S) S_is_set[key] = 1 - FS = "" - -} -{ - line = $ 0 - nfields = split(line, field, "@") - substed = 0 - len = length(field[1]) - for (i = 2; i < nfields; i++) { - key = field[i] - keylen = length(key) - if (S_is_set[key]) { - value = S[key] - line = substr(line, 1, len) "" value "" substr(line, len + keylen + 3) - len += length(value) + length(field[++i]) - substed = 1 - } else - len += 1 + keylen - } - - print line -} - -_ACAWK -_ACEOF -cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 -if sed "s/$ac_cr//" < /dev/null > /dev/null 2>&1; then - sed "s/$ac_cr\$//; s/$ac_cr/$ac_cs_awk_cr/g" -else - cat -fi < "$ac_tmp/subs1.awk" > "$ac_tmp/subs.awk" \ - || as_fn_error $? "could not setup config files machinery" "$LINENO" 5 -_ACEOF - -# VPATH may cause trouble with some makes, so we remove sole $(srcdir), -# ${srcdir} and @srcdir@ entries from VPATH if srcdir is ".", strip leading and -# trailing colons and then remove the whole line if VPATH becomes empty -# (actually we leave an empty line to preserve line numbers). -if test "x$srcdir" = x.; then - ac_vpsub='/^[ ]*VPATH[ ]*=[ ]*/{ -h -s/// -s/^/:/ -s/[ ]*$/:/ -s/:\$(srcdir):/:/g -s/:\${srcdir}:/:/g -s/:@srcdir@:/:/g -s/^:*// -s/:*$// -x -s/\(=[ ]*\).*/\1/ -G -s/\n// -s/^[^=]*=[ ]*$// -}' -fi - -cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 -fi # test -n "$CONFIG_FILES" - -# Set up the scripts for CONFIG_HEADERS section. -# No need to generate them if there are no CONFIG_HEADERS. -# This happens for instance with `./config.status Makefile'. -if test -n "$CONFIG_HEADERS"; then -cat >"$ac_tmp/defines.awk" <<\_ACAWK || -BEGIN { -_ACEOF - -# Transform confdefs.h into an awk script `defines.awk', embedded as -# here-document in config.status, that substitutes the proper values into -# config.h.in to produce config.h. - -# Create a delimiter string that does not exist in confdefs.h, to ease -# handling of long lines. -ac_delim='%!_!# ' -for ac_last_try in false false :; do - ac_tt=`sed -n "/$ac_delim/p" confdefs.h` - if test -z "$ac_tt"; then - break - elif $ac_last_try; then - as_fn_error $? "could not make $CONFIG_HEADERS" "$LINENO" 5 - else - ac_delim="$ac_delim!$ac_delim _$ac_delim!! " - fi -done - -# For the awk script, D is an array of macro values keyed by name, -# likewise P contains macro parameters if any. Preserve backslash -# newline sequences. - -ac_word_re=[_$as_cr_Letters][_$as_cr_alnum]* -sed -n ' -s/.\{148\}/&'"$ac_delim"'/g -t rset -:rset -s/^[ ]*#[ ]*define[ ][ ]*/ / -t def -d -:def -s/\\$// -t bsnl -s/["\\]/\\&/g -s/^ \('"$ac_word_re"'\)\(([^()]*)\)[ ]*\(.*\)/P["\1"]="\2"\ -D["\1"]=" \3"/p -s/^ \('"$ac_word_re"'\)[ ]*\(.*\)/D["\1"]=" \2"/p -d -:bsnl -s/["\\]/\\&/g -s/^ \('"$ac_word_re"'\)\(([^()]*)\)[ ]*\(.*\)/P["\1"]="\2"\ -D["\1"]=" \3\\\\\\n"\\/p -t cont -s/^ \('"$ac_word_re"'\)[ ]*\(.*\)/D["\1"]=" \2\\\\\\n"\\/p -t cont -d -:cont -n -s/.\{148\}/&'"$ac_delim"'/g -t clear -:clear -s/\\$// -t bsnlc -s/["\\]/\\&/g; s/^/"/; s/$/"/p -d -:bsnlc -s/["\\]/\\&/g; s/^/"/; s/$/\\\\\\n"\\/p -b cont -' >$CONFIG_STATUS || ac_write_fail=1 - -cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 - for (key in D) D_is_set[key] = 1 - FS = "" -} -/^[\t ]*#[\t ]*(define|undef)[\t ]+$ac_word_re([\t (]|\$)/ { - line = \$ 0 - split(line, arg, " ") - if (arg[1] == "#") { - defundef = arg[2] - mac1 = arg[3] - } else { - defundef = substr(arg[1], 2) - mac1 = arg[2] - } - split(mac1, mac2, "(") #) - macro = mac2[1] - prefix = substr(line, 1, index(line, defundef) - 1) - if (D_is_set[macro]) { - # Preserve the white space surrounding the "#". - print prefix "define", macro P[macro] D[macro] - next - } else { - # Replace #undef with comments. This is necessary, for example, - # in the case of _POSIX_SOURCE, which is predefined and required - # on some systems where configure will not decide to define it. - if (defundef == "undef") { - print "/*", prefix defundef, macro, "*/" - next - } - } -} -{ print } -_ACAWK -_ACEOF -cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 - as_fn_error $? "could not setup config headers machinery" "$LINENO" 5 -fi # test -n "$CONFIG_HEADERS" - - -eval set X " :F $CONFIG_FILES :H $CONFIG_HEADERS :C $CONFIG_COMMANDS" -shift -for ac_tag -do - case $ac_tag in - :[FHLC]) ac_mode=$ac_tag; continue;; - esac - case $ac_mode$ac_tag in - :[FHL]*:*);; - :L* | :C*:*) as_fn_error $? "invalid tag \`$ac_tag'" "$LINENO" 5;; - :[FH]-) ac_tag=-:-;; - :[FH]*) ac_tag=$ac_tag:$ac_tag.in;; - esac - ac_save_IFS=$IFS - IFS=: - set x $ac_tag - IFS=$ac_save_IFS - shift - ac_file=$1 - shift - - case $ac_mode in - :L) ac_source=$1;; - :[FH]) - ac_file_inputs= - for ac_f - do - case $ac_f in - -) ac_f="$ac_tmp/stdin";; - *) # Look for the file first in the build tree, then in the source tree - # (if the path is not absolute). The absolute path cannot be DOS-style, - # because $ac_f cannot contain `:'. - test -f "$ac_f" || - case $ac_f in - [\\/$]*) false;; - *) test -f "$srcdir/$ac_f" && ac_f="$srcdir/$ac_f";; - esac || - as_fn_error 1 "cannot find input file: \`$ac_f'" "$LINENO" 5;; - esac - case $ac_f in *\'*) ac_f=`$as_echo "$ac_f" | sed "s/'/'\\\\\\\\''/g"`;; esac - as_fn_append ac_file_inputs " '$ac_f'" - done - - # Let's still pretend it is `configure' which instantiates (i.e., don't - # use $as_me), people would be surprised to read: - # /* config.h. Generated by config.status. */ - configure_input='Generated from '` - $as_echo "$*" | sed 's|^[^:]*/||;s|:[^:]*/|, |g' - `' by configure.' - if test x"$ac_file" != x-; then - configure_input="$ac_file. $configure_input" - { $as_echo "$as_me:${as_lineno-$LINENO}: creating $ac_file" >&5 -$as_echo "$as_me: creating $ac_file" >&6;} - fi - # Neutralize special characters interpreted by sed in replacement strings. - case $configure_input in #( - *\&* | *\|* | *\\* ) - ac_sed_conf_input=`$as_echo "$configure_input" | - sed 's/[\\\\&|]/\\\\&/g'`;; #( - *) ac_sed_conf_input=$configure_input;; - esac - - case $ac_tag in - *:-:* | *:-) cat >"$ac_tmp/stdin" \ - || as_fn_error $? "could not create $ac_file" "$LINENO" 5 ;; - esac - ;; - esac - - ac_dir=`$as_dirname -- "$ac_file" || -$as_expr X"$ac_file" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ - X"$ac_file" : 'X\(//\)[^/]' \| \ - X"$ac_file" : 'X\(//\)$' \| \ - X"$ac_file" : 'X\(/\)' \| . 2>/dev/null || -$as_echo X"$ac_file" | - sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ - s//\1/ - q - } - /^X\(\/\/\)[^/].*/{ - s//\1/ - q - } - /^X\(\/\/\)$/{ - s//\1/ - q - } - /^X\(\/\).*/{ - s//\1/ - q - } - s/.*/./; q'` - as_dir="$ac_dir"; as_fn_mkdir_p - ac_builddir=. - -case "$ac_dir" in -.) ac_dir_suffix= ac_top_builddir_sub=. ac_top_build_prefix= ;; -*) - ac_dir_suffix=/`$as_echo "$ac_dir" | sed 's|^\.[\\/]||'` - # A ".." for each directory in $ac_dir_suffix. - ac_top_builddir_sub=`$as_echo "$ac_dir_suffix" | sed 's|/[^\\/]*|/..|g;s|/||'` - case $ac_top_builddir_sub in - "") ac_top_builddir_sub=. ac_top_build_prefix= ;; - *) ac_top_build_prefix=$ac_top_builddir_sub/ ;; - esac ;; -esac -ac_abs_top_builddir=$ac_pwd -ac_abs_builddir=$ac_pwd$ac_dir_suffix -# for backward compatibility: -ac_top_builddir=$ac_top_build_prefix - -case $srcdir in - .) # We are building in place. - ac_srcdir=. - ac_top_srcdir=$ac_top_builddir_sub - ac_abs_top_srcdir=$ac_pwd ;; - [\\/]* | ?:[\\/]* ) # Absolute name. - ac_srcdir=$srcdir$ac_dir_suffix; - ac_top_srcdir=$srcdir - ac_abs_top_srcdir=$srcdir ;; - *) # Relative name. - ac_srcdir=$ac_top_build_prefix$srcdir$ac_dir_suffix - ac_top_srcdir=$ac_top_build_prefix$srcdir - ac_abs_top_srcdir=$ac_pwd/$srcdir ;; -esac -ac_abs_srcdir=$ac_abs_top_srcdir$ac_dir_suffix - - - case $ac_mode in - :F) - # - # CONFIG_FILE - # - -_ACEOF - -cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 -# If the template does not know about datarootdir, expand it. -# FIXME: This hack should be removed a few years after 2.60. -ac_datarootdir_hack=; ac_datarootdir_seen= -ac_sed_dataroot=' -/datarootdir/ { - p - q -} -/@datadir@/p -/@docdir@/p -/@infodir@/p -/@localedir@/p -/@mandir@/p' -case `eval "sed -n \"\$ac_sed_dataroot\" $ac_file_inputs"` in -*datarootdir*) ac_datarootdir_seen=yes;; -*@datadir@*|*@docdir@*|*@infodir@*|*@localedir@*|*@mandir@*) - { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $ac_file_inputs seems to ignore the --datarootdir setting" >&5 -$as_echo "$as_me: WARNING: $ac_file_inputs seems to ignore the --datarootdir setting" >&2;} -_ACEOF -cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 - ac_datarootdir_hack=' - s&@datadir@&$datadir&g - s&@docdir@&$docdir&g - s&@infodir@&$infodir&g - s&@localedir@&$localedir&g - s&@mandir@&$mandir&g - s&\\\${datarootdir}&$datarootdir&g' ;; -esac -_ACEOF - -# Neutralize VPATH when `$srcdir' = `.'. -# Shell code in configure.ac might set extrasub. -# FIXME: do we really want to maintain this feature? -cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 -ac_sed_extra="$ac_vpsub -$extrasub -_ACEOF -cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 -:t -/@[a-zA-Z_][a-zA-Z_0-9]*@/!b -s|@configure_input@|$ac_sed_conf_input|;t t -s&@top_builddir@&$ac_top_builddir_sub&;t t -s&@top_build_prefix@&$ac_top_build_prefix&;t t -s&@srcdir@&$ac_srcdir&;t t -s&@abs_srcdir@&$ac_abs_srcdir&;t t -s&@top_srcdir@&$ac_top_srcdir&;t t -s&@abs_top_srcdir@&$ac_abs_top_srcdir&;t t -s&@builddir@&$ac_builddir&;t t -s&@abs_builddir@&$ac_abs_builddir&;t t -s&@abs_top_builddir@&$ac_abs_top_builddir&;t t -$ac_datarootdir_hack -" -eval sed \"\$ac_sed_extra\" "$ac_file_inputs" | $AWK -f "$ac_tmp/subs.awk" \ - >$ac_tmp/out || as_fn_error $? "could not create $ac_file" "$LINENO" 5 - -test -z "$ac_datarootdir_hack$ac_datarootdir_seen" && - { ac_out=`sed -n '/\${datarootdir}/p' "$ac_tmp/out"`; test -n "$ac_out"; } && - { ac_out=`sed -n '/^[ ]*datarootdir[ ]*:*=/p' \ - "$ac_tmp/out"`; test -z "$ac_out"; } && - { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $ac_file contains a reference to the variable \`datarootdir' -which seems to be undefined. Please make sure it is defined" >&5 -$as_echo "$as_me: WARNING: $ac_file contains a reference to the variable \`datarootdir' -which seems to be undefined. Please make sure it is defined" >&2;} - - rm -f "$ac_tmp/stdin" - case $ac_file in - -) cat "$ac_tmp/out" && rm -f "$ac_tmp/out";; - *) rm -f "$ac_file" && mv "$ac_tmp/out" "$ac_file";; - esac \ - || as_fn_error $? "could not create $ac_file" "$LINENO" 5 - ;; - :H) - # - # CONFIG_HEADER - # - if test x"$ac_file" != x-; then - { - $as_echo "/* $configure_input */" \ - && eval '$AWK -f "$ac_tmp/defines.awk"' "$ac_file_inputs" - } >"$ac_tmp/config.h" \ - || as_fn_error $? "could not create $ac_file" "$LINENO" 5 - if diff "$ac_file" "$ac_tmp/config.h" >/dev/null 2>&1; then - { $as_echo "$as_me:${as_lineno-$LINENO}: $ac_file is unchanged" >&5 -$as_echo "$as_me: $ac_file is unchanged" >&6;} - else - rm -f "$ac_file" - mv "$ac_tmp/config.h" "$ac_file" \ - || as_fn_error $? "could not create $ac_file" "$LINENO" 5 - fi - else - $as_echo "/* $configure_input */" \ - && eval '$AWK -f "$ac_tmp/defines.awk"' "$ac_file_inputs" \ - || as_fn_error $? "could not create -" "$LINENO" 5 - fi - ;; - - :C) { $as_echo "$as_me:${as_lineno-$LINENO}: executing $ac_file commands" >&5 -$as_echo "$as_me: executing $ac_file commands" >&6;} - ;; - esac - - - case $ac_file$ac_mode in - "libtool":C) - - # See if we are running on zsh, and set the options that allow our - # commands through without removal of \ escapes. - if test -n "${ZSH_VERSION+set}"; then - setopt NO_GLOB_SUBST - fi - - cfgfile=${ofile}T - trap "$RM \"$cfgfile\"; exit 1" 1 2 15 - $RM "$cfgfile" - - cat <<_LT_EOF >> "$cfgfile" -#! $SHELL -# Generated automatically by $as_me ($PACKAGE) $VERSION -# Libtool was configured on host `(hostname || uname -n) 2>/dev/null | sed 1q`: -# NOTE: Changes made to this file will be lost: look at ltmain.sh. - -# Provide generalized library-building support services. -# Written by Gordon Matzigkeit, 1996 - -# Copyright (C) 2014 Free Software Foundation, Inc. -# This is free software; see the source for copying conditions. There is NO -# warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. - -# GNU Libtool is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; either version 2 of of the License, or -# (at your option) any later version. -# -# As a special exception to the GNU General Public License, if you -# distribute this file as part of a program or library that is built -# using GNU Libtool, you may include this file under the same -# distribution terms that you use for the rest of that program. -# -# GNU Libtool is distributed in the hope that it will be useful, but -# WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - - -# The names of the tagged configurations supported by this script. -available_tags='' - -# Configured defaults for sys_lib_dlsearch_path munging. -: \${LT_SYS_LIBRARY_PATH="$configure_time_lt_sys_library_path"} - -# ### BEGIN LIBTOOL CONFIG - -# Which release of libtool.m4 was used? -macro_version=$macro_version -macro_revision=$macro_revision - -# Whether or not to build shared libraries. -build_libtool_libs=$enable_shared - -# Whether or not to build static libraries. -build_old_libs=$enable_static - -# What type of objects to build. -pic_mode=$pic_mode - -# Whether or not to optimize for fast installation. -fast_install=$enable_fast_install - -# Shared archive member basename,for filename based shared library versioning on AIX. -shared_archive_member_spec=$shared_archive_member_spec - -# Shell to use when invoking shell scripts. -SHELL=$lt_SHELL - -# An echo program that protects backslashes. -ECHO=$lt_ECHO - -# The PATH separator for the build system. -PATH_SEPARATOR=$lt_PATH_SEPARATOR - -# The host system. -host_alias=$host_alias -host=$host -host_os=$host_os - -# The build system. -build_alias=$build_alias -build=$build -build_os=$build_os - -# A sed program that does not truncate output. -SED=$lt_SED - -# Sed that helps us avoid accidentally triggering echo(1) options like -n. -Xsed="\$SED -e 1s/^X//" - -# A grep program that handles long lines. -GREP=$lt_GREP - -# An ERE matcher. -EGREP=$lt_EGREP - -# A literal string matcher. -FGREP=$lt_FGREP - -# A BSD- or MS-compatible name lister. -NM=$lt_NM - -# Whether we need soft or hard links. -LN_S=$lt_LN_S - -# What is the maximum length of a command? -max_cmd_len=$max_cmd_len - -# Object file suffix (normally "o"). -objext=$ac_objext - -# Executable file suffix (normally ""). -exeext=$exeext - -# whether the shell understands "unset". -lt_unset=$lt_unset - -# turn spaces into newlines. -SP2NL=$lt_lt_SP2NL - -# turn newlines into spaces. -NL2SP=$lt_lt_NL2SP - -# convert \$build file names to \$host format. -to_host_file_cmd=$lt_cv_to_host_file_cmd - -# convert \$build files to toolchain format. -to_tool_file_cmd=$lt_cv_to_tool_file_cmd - -# An object symbol dumper. -OBJDUMP=$lt_OBJDUMP - -# Method to check whether dependent libraries are shared objects. -deplibs_check_method=$lt_deplibs_check_method - -# Command to use when deplibs_check_method = "file_magic". -file_magic_cmd=$lt_file_magic_cmd - -# How to find potential files when deplibs_check_method = "file_magic". -file_magic_glob=$lt_file_magic_glob - -# Find potential files using nocaseglob when deplibs_check_method = "file_magic". -want_nocaseglob=$lt_want_nocaseglob - -# DLL creation program. -DLLTOOL=$lt_DLLTOOL - -# Command to associate shared and link libraries. -sharedlib_from_linklib_cmd=$lt_sharedlib_from_linklib_cmd - -# The archiver. -AR=$lt_AR - -# Flags to create an archive. -AR_FLAGS=$lt_AR_FLAGS - -# How to feed a file listing to the archiver. -archiver_list_spec=$lt_archiver_list_spec - -# A symbol stripping program. -STRIP=$lt_STRIP - -# Commands used to install an old-style archive. -RANLIB=$lt_RANLIB -old_postinstall_cmds=$lt_old_postinstall_cmds -old_postuninstall_cmds=$lt_old_postuninstall_cmds - -# Whether to use a lock for old archive extraction. -lock_old_archive_extraction=$lock_old_archive_extraction - -# A C compiler. -LTCC=$lt_CC - -# LTCC compiler flags. -LTCFLAGS=$lt_CFLAGS - -# Take the output of nm and produce a listing of raw symbols and C names. -global_symbol_pipe=$lt_lt_cv_sys_global_symbol_pipe - -# Transform the output of nm in a proper C declaration. -global_symbol_to_cdecl=$lt_lt_cv_sys_global_symbol_to_cdecl - -# Transform the output of nm into a list of symbols to manually relocate. -global_symbol_to_import=$lt_lt_cv_sys_global_symbol_to_import - -# Transform the output of nm in a C name address pair. -global_symbol_to_c_name_address=$lt_lt_cv_sys_global_symbol_to_c_name_address - -# Transform the output of nm in a C name address pair when lib prefix is needed. -global_symbol_to_c_name_address_lib_prefix=$lt_lt_cv_sys_global_symbol_to_c_name_address_lib_prefix - -# The name lister interface. -nm_interface=$lt_lt_cv_nm_interface - -# Specify filename containing input files for \$NM. -nm_file_list_spec=$lt_nm_file_list_spec - -# The root where to search for dependent libraries,and where our libraries should be installed. -lt_sysroot=$lt_sysroot - -# Command to truncate a binary pipe. -lt_truncate_bin=$lt_lt_cv_truncate_bin - -# The name of the directory that contains temporary libtool files. -objdir=$objdir - -# Used to examine libraries when file_magic_cmd begins with "file". -MAGIC_CMD=$MAGIC_CMD - -# Must we lock files when doing compilation? -need_locks=$lt_need_locks - -# Manifest tool. -MANIFEST_TOOL=$lt_MANIFEST_TOOL - -# Tool to manipulate archived DWARF debug symbol files on Mac OS X. -DSYMUTIL=$lt_DSYMUTIL - -# Tool to change global to local symbols on Mac OS X. -NMEDIT=$lt_NMEDIT - -# Tool to manipulate fat objects and archives on Mac OS X. -LIPO=$lt_LIPO - -# ldd/readelf like tool for Mach-O binaries on Mac OS X. -OTOOL=$lt_OTOOL - -# ldd/readelf like tool for 64 bit Mach-O binaries on Mac OS X 10.4. -OTOOL64=$lt_OTOOL64 - -# Old archive suffix (normally "a"). -libext=$libext - -# Shared library suffix (normally ".so"). -shrext_cmds=$lt_shrext_cmds - -# The commands to extract the exported symbol list from a shared archive. -extract_expsyms_cmds=$lt_extract_expsyms_cmds - -# Variables whose values should be saved in libtool wrapper scripts and -# restored at link time. -variables_saved_for_relink=$lt_variables_saved_for_relink - -# Do we need the "lib" prefix for modules? -need_lib_prefix=$need_lib_prefix - -# Do we need a version for libraries? -need_version=$need_version - -# Library versioning type. -version_type=$version_type - -# Shared library runtime path variable. -runpath_var=$runpath_var - -# Shared library path variable. -shlibpath_var=$shlibpath_var - -# Is shlibpath searched before the hard-coded library search path? -shlibpath_overrides_runpath=$shlibpath_overrides_runpath - -# Format of library name prefix. -libname_spec=$lt_libname_spec - -# List of archive names. First name is the real one, the rest are links. -# The last name is the one that the linker finds with -lNAME -library_names_spec=$lt_library_names_spec - -# The coded name of the library, if different from the real name. -soname_spec=$lt_soname_spec - -# Permission mode override for installation of shared libraries. -install_override_mode=$lt_install_override_mode - -# Command to use after installation of a shared archive. -postinstall_cmds=$lt_postinstall_cmds - -# Command to use after uninstallation of a shared archive. -postuninstall_cmds=$lt_postuninstall_cmds - -# Commands used to finish a libtool library installation in a directory. -finish_cmds=$lt_finish_cmds - -# As "finish_cmds", except a single script fragment to be evaled but -# not shown. -finish_eval=$lt_finish_eval - -# Whether we should hardcode library paths into libraries. -hardcode_into_libs=$hardcode_into_libs - -# Compile-time system search path for libraries. -sys_lib_search_path_spec=$lt_sys_lib_search_path_spec - -# Detected run-time system search path for libraries. -sys_lib_dlsearch_path_spec=$lt_configure_time_dlsearch_path - -# Explicit LT_SYS_LIBRARY_PATH set during ./configure time. -configure_time_lt_sys_library_path=$lt_configure_time_lt_sys_library_path - -# Whether dlopen is supported. -dlopen_support=$enable_dlopen - -# Whether dlopen of programs is supported. -dlopen_self=$enable_dlopen_self - -# Whether dlopen of statically linked programs is supported. -dlopen_self_static=$enable_dlopen_self_static - -# Commands to strip libraries. -old_striplib=$lt_old_striplib -striplib=$lt_striplib - - -# The linker used to build libraries. -LD=$lt_LD - -# How to create reloadable object files. -reload_flag=$lt_reload_flag -reload_cmds=$lt_reload_cmds - -# Commands used to build an old-style archive. -old_archive_cmds=$lt_old_archive_cmds - -# A language specific compiler. -CC=$lt_compiler - -# Is the compiler the GNU compiler? -with_gcc=$GCC - -# Compiler flag to turn off builtin functions. -no_builtin_flag=$lt_lt_prog_compiler_no_builtin_flag - -# Additional compiler flags for building library objects. -pic_flag=$lt_lt_prog_compiler_pic - -# How to pass a linker flag through the compiler. -wl=$lt_lt_prog_compiler_wl - -# Compiler flag to prevent dynamic linking. -link_static_flag=$lt_lt_prog_compiler_static - -# Does compiler simultaneously support -c and -o options? -compiler_c_o=$lt_lt_cv_prog_compiler_c_o - -# Whether or not to add -lc for building shared libraries. -build_libtool_need_lc=$archive_cmds_need_lc - -# Whether or not to disallow shared libs when runtime libs are static. -allow_libtool_libs_with_static_runtimes=$enable_shared_with_static_runtimes - -# Compiler flag to allow reflexive dlopens. -export_dynamic_flag_spec=$lt_export_dynamic_flag_spec - -# Compiler flag to generate shared objects directly from archives. -whole_archive_flag_spec=$lt_whole_archive_flag_spec - -# Whether the compiler copes with passing no objects directly. -compiler_needs_object=$lt_compiler_needs_object - -# Create an old-style archive from a shared archive. -old_archive_from_new_cmds=$lt_old_archive_from_new_cmds - -# Create a temporary old-style archive to link instead of a shared archive. -old_archive_from_expsyms_cmds=$lt_old_archive_from_expsyms_cmds - -# Commands used to build a shared archive. -archive_cmds=$lt_archive_cmds -archive_expsym_cmds=$lt_archive_expsym_cmds - -# Commands used to build a loadable module if different from building -# a shared archive. -module_cmds=$lt_module_cmds -module_expsym_cmds=$lt_module_expsym_cmds - -# Whether we are building with GNU ld or not. -with_gnu_ld=$lt_with_gnu_ld - -# Flag that allows shared libraries with undefined symbols to be built. -allow_undefined_flag=$lt_allow_undefined_flag - -# Flag that enforces no undefined symbols. -no_undefined_flag=$lt_no_undefined_flag - -# Flag to hardcode \$libdir into a binary during linking. -# This must work even if \$libdir does not exist -hardcode_libdir_flag_spec=$lt_hardcode_libdir_flag_spec - -# Whether we need a single "-rpath" flag with a separated argument. -hardcode_libdir_separator=$lt_hardcode_libdir_separator - -# Set to "yes" if using DIR/libNAME\$shared_ext during linking hardcodes -# DIR into the resulting binary. -hardcode_direct=$hardcode_direct - -# Set to "yes" if using DIR/libNAME\$shared_ext during linking hardcodes -# DIR into the resulting binary and the resulting library dependency is -# "absolute",i.e impossible to change by setting \$shlibpath_var if the -# library is relocated. -hardcode_direct_absolute=$hardcode_direct_absolute - -# Set to "yes" if using the -LDIR flag during linking hardcodes DIR -# into the resulting binary. -hardcode_minus_L=$hardcode_minus_L - -# Set to "yes" if using SHLIBPATH_VAR=DIR during linking hardcodes DIR -# into the resulting binary. -hardcode_shlibpath_var=$hardcode_shlibpath_var - -# Set to "yes" if building a shared library automatically hardcodes DIR -# into the library and all subsequent libraries and executables linked -# against it. -hardcode_automatic=$hardcode_automatic - -# Set to yes if linker adds runtime paths of dependent libraries -# to runtime path list. -inherit_rpath=$inherit_rpath - -# Whether libtool must link a program against all its dependency libraries. -link_all_deplibs=$link_all_deplibs - -# Set to "yes" if exported symbols are required. -always_export_symbols=$always_export_symbols - -# The commands to list exported symbols. -export_symbols_cmds=$lt_export_symbols_cmds - -# Symbols that should not be listed in the preloaded symbols. -exclude_expsyms=$lt_exclude_expsyms - -# Symbols that must always be exported. -include_expsyms=$lt_include_expsyms - -# Commands necessary for linking programs (against libraries) with templates. -prelink_cmds=$lt_prelink_cmds - -# Commands necessary for finishing linking programs. -postlink_cmds=$lt_postlink_cmds - -# Specify filename containing input files. -file_list_spec=$lt_file_list_spec - -# How to hardcode a shared library path into an executable. -hardcode_action=$hardcode_action - -# ### END LIBTOOL CONFIG - -_LT_EOF - - cat <<'_LT_EOF' >> "$cfgfile" - -# ### BEGIN FUNCTIONS SHARED WITH CONFIGURE - -# func_munge_path_list VARIABLE PATH -# ----------------------------------- -# VARIABLE is name of variable containing _space_ separated list of -# directories to be munged by the contents of PATH, which is string -# having a format: -# "DIR[:DIR]:" -# string "DIR[ DIR]" will be prepended to VARIABLE -# ":DIR[:DIR]" -# string "DIR[ DIR]" will be appended to VARIABLE -# "DIRP[:DIRP]::[DIRA:]DIRA" -# string "DIRP[ DIRP]" will be prepended to VARIABLE and string -# "DIRA[ DIRA]" will be appended to VARIABLE -# "DIR[:DIR]" -# VARIABLE will be replaced by "DIR[ DIR]" -func_munge_path_list () -{ - case x$2 in - x) - ;; - *:) - eval $1=\"`$ECHO $2 | $SED 's/:/ /g'` \$$1\" - ;; - x:*) - eval $1=\"\$$1 `$ECHO $2 | $SED 's/:/ /g'`\" - ;; - *::*) - eval $1=\"\$$1\ `$ECHO $2 | $SED -e 's/.*:://' -e 's/:/ /g'`\" - eval $1=\"`$ECHO $2 | $SED -e 's/::.*//' -e 's/:/ /g'`\ \$$1\" - ;; - *) - eval $1=\"`$ECHO $2 | $SED 's/:/ /g'`\" - ;; - esac -} - - -# Calculate cc_basename. Skip known compiler wrappers and cross-prefix. -func_cc_basename () -{ - for cc_temp in $*""; do - case $cc_temp in - compile | *[\\/]compile | ccache | *[\\/]ccache ) ;; - distcc | *[\\/]distcc | purify | *[\\/]purify ) ;; - \-*) ;; - *) break;; - esac - done - func_cc_basename_result=`$ECHO "$cc_temp" | $SED "s%.*/%%; s%^$host_alias-%%"` -} - - -# ### END FUNCTIONS SHARED WITH CONFIGURE - -_LT_EOF - - case $host_os in - aix3*) - cat <<\_LT_EOF >> "$cfgfile" -# AIX sometimes has problems with the GCC collect2 program. For some -# reason, if we set the COLLECT_NAMES environment variable, the problems -# vanish in a puff of smoke. -if test set != "${COLLECT_NAMES+set}"; then - COLLECT_NAMES= - export COLLECT_NAMES -fi -_LT_EOF - ;; - esac - - -ltmain=$ac_aux_dir/ltmain.sh - - - # We use sed instead of cat because bash on DJGPP gets confused if - # if finds mixed CR/LF and LF-only lines. Since sed operates in - # text mode, it properly converts lines to CR/LF. This bash problem - # is reportedly fixed, but why not run on old versions too? - sed '$q' "$ltmain" >> "$cfgfile" \ - || (rm -f "$cfgfile"; exit 1) - - mv -f "$cfgfile" "$ofile" || - (rm -f "$ofile" && cp "$cfgfile" "$ofile" && rm -f "$cfgfile") - chmod +x "$ofile" - - ;; - "disable-rpath":C) - sed < libtool > libtool-2 \ - 's/^hardcode_libdir_flag_spec.*$'/'hardcode_libdir_flag_spec=" -D__LIBTOOL_RPATH_SED__ "/' - mv libtool-2 libtool - chmod 755 libtool - libtool="./libtool" - ;; - - esac -done # for ac_tag - - -as_fn_exit 0 -_ACEOF -ac_clean_files=$ac_clean_files_save - -test $ac_write_fail = 0 || - as_fn_error $? "write failure creating $CONFIG_STATUS" "$LINENO" 5 - - -# configure is writing to config.log, and then calls config.status. -# config.status does its own redirection, appending to config.log. -# Unfortunately, on DOS this fails, as config.log is still kept open -# by configure, so config.status won't be able to write to it; its -# output is simply discarded. So we exec the FD to /dev/null, -# effectively closing config.log, so it can be properly (re)opened and -# appended to by config.status. When coming back to configure, we -# need to make the FD available again. -if test "$no_create" != yes; then - ac_cs_success=: - ac_config_status_args= - test "$silent" = yes && - ac_config_status_args="$ac_config_status_args --quiet" - exec 5>/dev/null - $SHELL $CONFIG_STATUS $ac_config_status_args || ac_cs_success=false - exec 5>>config.log - # Use ||, not &&, to avoid exiting from the if with $? = 1, which - # would make configure fail if this is the last instruction. - $ac_cs_success || as_fn_exit 1 -fi -if test -n "$ac_unrecognized_opts" && test "$enable_option_checking" != no; then - { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: unrecognized options: $ac_unrecognized_opts" >&5 -$as_echo "$as_me: WARNING: unrecognized options: $ac_unrecognized_opts" >&2;} -fi - diff --git a/external/unbound/configure.ac b/external/unbound/configure.ac deleted file mode 100644 index c2d1213da..000000000 --- a/external/unbound/configure.ac +++ /dev/null @@ -1,1650 +0,0 @@ -# -*- Autoconf -*- -# Process this file with autoconf to produce a configure script. -AC_PREREQ(2.56) -sinclude(acx_nlnetlabs.m4) -sinclude(ax_pthread.m4) -sinclude(acx_python.m4) -sinclude(ac_pkg_swig.m4) -sinclude(dnstap/dnstap.m4) -sinclude(dnscrypt/dnscrypt.m4) - -# must be numbers. ac_defun because of later processing -m4_define([VERSION_MAJOR],[1]) -m4_define([VERSION_MINOR],[6]) -m4_define([VERSION_MICRO],[3]) -AC_INIT(unbound, m4_defn([VERSION_MAJOR]).m4_defn([VERSION_MINOR]).m4_defn([VERSION_MICRO]), unbound-bugs@nlnetlabs.nl, unbound) -AC_SUBST(UNBOUND_VERSION_MAJOR, [VERSION_MAJOR]) -AC_SUBST(UNBOUND_VERSION_MINOR, [VERSION_MINOR]) -AC_SUBST(UNBOUND_VERSION_MICRO, [VERSION_MICRO]) - -LIBUNBOUND_CURRENT=7 -LIBUNBOUND_REVISION=2 -LIBUNBOUND_AGE=5 -# 1.0.0 had 0:12:0 -# 1.0.1 had 0:13:0 -# 1.0.2 had 0:14:0 -# 1.1.0 had 0:15:0 -# 1.1.1 had 0:16:0 -# 1.2.0 had 0:17:0 -# 1.2.1 had 0:18:0 -# 1.3.0 had 1:0:0 # ub_cancel and -export-symbols. -# 1.3.1 had 1:1:0 -# 1.3.2 had 1:2:0 -# 1.3.3 had 1:3:0 -# 1.3.4 had 1:4:0 -# 1.4.0-snapshots had 1:5:0 -# 1.4.0 had 1:5:0 (not 2:0:0) # ub_result.why_bogus -# 1.4.1 had 2:1:0 -# 1.4.2 had 2:2:0 -# 1.4.3 had 2:3:0 -# 1.4.4 had 2:4:0 -# 1.4.5 had 2:5:0 -# 1.4.6 had 2:6:0 -# 1.4.7 had 2:7:0 -# 1.4.8 had 2:8:0 -# 1.4.9 had 2:9:0 -# 1.4.10 had 2:10:0 -# 1.4.11 had 2:11:0 -# 1.4.12 had 2:12:0 -# 1.4.13 had 2:13:0 -# and 1.4.13p1 and 1.4.13.p2 -# 1.4.14 had 2:14:0 -# 1.4.15 had 3:0:1 # adds ub_version() -# 1.4.16 had 3:1:1 -# 1.4.17 had 3:2:1 -# 1.4.18 had 3:3:1 -# 1.4.19 had 3:4:1 -# 1.4.20 had 4:0:2 # adds libunbound.ttl # but shipped 3:5:1 -# 1.4.21 had 4:1:2 -# 1.4.22 had 4:1:2 -# 1.5.0 had 5:3:3 # adds ub_ctx_add_ta_autr -# 1.5.1 had 5:3:3 -# 1.5.2 had 5:5:3 -# 1.5.3 had 5:6:3 -# 1.5.4 had 5:7:3 -# 1.5.5 had 5:8:3 -# 1.5.6 had 5:9:3 -# 1.5.7 had 5:10:3 -# 1.5.8 had 6:0:4 # adds ub_ctx_set_stub -# 1.5.9 had 6:1:4 -# 1.5.10 had 6:2:4 -# 1.6.0 had 6:3:4 -# 1.6.1 had 7:0:5 # ub_callback_t typedef renamed to ub_callback_type -# 1.6.2 had 7:1:5 -# 1.6.3 had 7:2:5 - -# Current -- the number of the binary API that we're implementing -# Revision -- which iteration of the implementation of the binary -# API are we supplying? -# Age -- How many previous binary API versions do we also -# support? -# -# If we release a new version that does not change the binary API, -# increment Revision. -# -# If we release a new version that changes the binary API, but does -# not break programs compiled against the old binary API, increment -# Current and Age. Set Revision to 0, since this is the first -# implementation of the new API. -# -# Otherwise, we're changing the binary API and breaking bakward -# compatibility with old binaries. Increment Current. Set Age to 0, -# since we're backward compatible with no previous APIs. Set Revision -# to 0 too. -AC_SUBST(LIBUNBOUND_CURRENT) -AC_SUBST(LIBUNBOUND_REVISION) -AC_SUBST(LIBUNBOUND_AGE) - -CFLAGS="$CFLAGS" -AC_AIX -if test "$ac_cv_header_minix_config_h" = "yes"; then - AC_DEFINE(_NETBSD_SOURCE,1, [Enable for compile on Minix]) -fi - -dnl -dnl By default set prefix to /usr/local -dnl -case "$prefix" in - NONE) - prefix="/usr/local" - ;; -esac - -# are we on MinGW? -if uname -s 2>&1 | grep MINGW32 >/dev/null; then on_mingw="yes" -else - if echo $host $target | grep mingw32 >/dev/null; then on_mingw="yes" - else on_mingw="no"; fi -fi - -# -# Determine configuration file -# the eval is to evaluate shell expansion twice -if test $on_mingw = "no"; then - ub_conf_file=`eval echo "${sysconfdir}/unbound/unbound.conf"` -else - ub_conf_file="C:\\Program Files\\Unbound\\service.conf" -fi -AC_ARG_WITH([conf_file], - AC_HELP_STRING([--with-conf-file=path], - [Pathname to the Unbound configuration file]), - [ub_conf_file="$withval"]) -AC_SUBST(ub_conf_file) -ACX_ESCAPE_BACKSLASH($ub_conf_file, hdr_config) -AC_DEFINE_UNQUOTED(CONFIGFILE, ["$hdr_config"], [Pathname to the Unbound configuration file]) -ub_conf_dir=`AS_DIRNAME(["$ub_conf_file"])` -AC_SUBST(ub_conf_dir) - -# Determine run, chroot directory and pidfile locations -AC_ARG_WITH(run-dir, - AC_HELP_STRING([--with-run-dir=path], - [set default directory to chdir to (by default dir part of cfg file)]), - UNBOUND_RUN_DIR="$withval", -if test $on_mingw = no; then - UNBOUND_RUN_DIR=`dirname "$ub_conf_file"` -else - UNBOUND_RUN_DIR="" -fi -) -AC_SUBST(UNBOUND_RUN_DIR) -ACX_ESCAPE_BACKSLASH($UNBOUND_RUN_DIR, hdr_run) -AC_DEFINE_UNQUOTED(RUN_DIR, ["$hdr_run"], [Directory to chdir to]) - -AC_ARG_WITH(chroot-dir, - AC_HELP_STRING([--with-chroot-dir=path], - [set default directory to chroot to (by default same as run-dir)]), - UNBOUND_CHROOT_DIR="$withval", -if test $on_mingw = no; then - UNBOUND_CHROOT_DIR="$UNBOUND_RUN_DIR" -else - UNBOUND_CHROOT_DIR="" -fi -) -AC_SUBST(UNBOUND_CHROOT_DIR) -ACX_ESCAPE_BACKSLASH($UNBOUND_CHROOT_DIR, hdr_chroot) -AC_DEFINE_UNQUOTED(CHROOT_DIR, ["$hdr_chroot"], [Directory to chroot to]) - -AC_ARG_WITH(share-dir, - AC_HELP_STRING([--with-share-dir=path], - [set default directory with shared data (by default same as share/unbound)]), - UNBOUND_SHARE_DIR="$withval", - UNBOUND_SHARE_DIR="$UNBOUND_RUN_DIR") -AC_SUBST(UNBOUND_SHARE_DIR) -AC_DEFINE_UNQUOTED(SHARE_DIR, ["$UNBOUND_SHARE_DIR"], [Shared data]) - -AC_ARG_WITH(pidfile, - AC_HELP_STRING([--with-pidfile=filename], - [set default pathname to unbound pidfile (default run-dir/unbound.pid)]), - UNBOUND_PIDFILE="$withval", -if test $on_mingw = no; then - UNBOUND_PIDFILE="$UNBOUND_RUN_DIR/unbound.pid" -else - UNBOUND_PIDFILE="" -fi -) -AC_SUBST(UNBOUND_PIDFILE) -ACX_ESCAPE_BACKSLASH($UNBOUND_PIDFILE, hdr_pid) -AC_DEFINE_UNQUOTED(PIDFILE, ["$hdr_pid"], [default pidfile location]) - -AC_ARG_WITH(rootkey-file, - AC_HELP_STRING([--with-rootkey-file=filename], - [set default pathname to root key file (default run-dir/root.key). This file is read and written.]), - UNBOUND_ROOTKEY_FILE="$withval", -if test $on_mingw = no; then - UNBOUND_ROOTKEY_FILE="$UNBOUND_RUN_DIR/root.key" -else - UNBOUND_ROOTKEY_FILE="C:\\Program Files\\Unbound\\root.key" -fi -) -AC_SUBST(UNBOUND_ROOTKEY_FILE) -ACX_ESCAPE_BACKSLASH($UNBOUND_ROOTKEY_FILE, hdr_rkey) -AC_DEFINE_UNQUOTED(ROOT_ANCHOR_FILE, ["$hdr_rkey"], [default rootkey location]) - -AC_ARG_WITH(rootcert-file, - AC_HELP_STRING([--with-rootcert-file=filename], - [set default pathname to root update certificate file (default run-dir/icannbundle.pem). This file need not exist if you are content with the builtin.]), - UNBOUND_ROOTCERT_FILE="$withval", -if test $on_mingw = no; then - UNBOUND_ROOTCERT_FILE="$UNBOUND_RUN_DIR/icannbundle.pem" -else - UNBOUND_ROOTCERT_FILE="C:\\Program Files\\Unbound\\icannbundle.pem" -fi -) -AC_SUBST(UNBOUND_ROOTCERT_FILE) -ACX_ESCAPE_BACKSLASH($UNBOUND_ROOTCERT_FILE, hdr_rpem) -AC_DEFINE_UNQUOTED(ROOT_CERT_FILE, ["$hdr_rpem"], [default rootcert location]) - -AC_ARG_WITH(username, - AC_HELP_STRING([--with-username=user], - [set default user that unbound changes to (default user is unbound)]), - UNBOUND_USERNAME="$withval", - UNBOUND_USERNAME="unbound") -AC_SUBST(UNBOUND_USERNAME) -AC_DEFINE_UNQUOTED(UB_USERNAME, ["$UNBOUND_USERNAME"], [default username]) - -AC_DEFINE(WINVER, 0x0502, [the version of the windows API enabled]) -ACX_RSRC_VERSION(wnvs) -AC_DEFINE_UNQUOTED(RSRC_PACKAGE_VERSION, [$wnvs], [version number for resource files]) - -# Checks for typedefs, structures, and compiler characteristics. -AC_C_CONST -AC_LANG_C -# allow user to override the -g -O2 flags. -if test "x$CFLAGS" = "x" ; then -ACX_CHECK_COMPILER_FLAG(g, [CFLAGS="$CFLAGS -g"]) -ACX_CHECK_COMPILER_FLAG(O2, [CFLAGS="$CFLAGS -O2"]) -fi -AC_PROG_CC -ACX_DEPFLAG -ACX_DETERMINE_EXT_FLAGS_UNBOUND - -# debug mode flags warnings -AC_ARG_ENABLE(checking, AC_HELP_STRING([--enable-checking], [Enable warnings, asserts, makefile-dependencies])) -AC_ARG_ENABLE(debug, AC_HELP_STRING([--enable-debug], [same as enable-checking])) -if test "$enable_debug" = "yes"; then debug_enabled="$enable_debug"; -else debug_enabled="$enable_checking"; fi -AC_SUBST(debug_enabled) -case "$debug_enabled" in - yes) - ACX_CHECK_COMPILER_FLAG(W, [CFLAGS="$CFLAGS -W"]) - ACX_CHECK_COMPILER_FLAG(Wall, [CFLAGS="$CFLAGS -Wall"]) - ACX_CHECK_COMPILER_FLAG(Wextra, [CFLAGS="$CFLAGS -Wextra"]) - ACX_CHECK_COMPILER_FLAG(Wdeclaration-after-statement, [CFLAGS="$CFLAGS -Wdeclaration-after-statement"]) - AC_DEFINE([UNBOUND_DEBUG], [], [define this to enable debug checks.]) - ;; - no|*) - # nothing to do. - ;; -esac -ACX_CHECK_FLTO -ACX_CHECK_PIE -ACX_CHECK_RELRO_NOW - -AC_C_INLINE -ACX_CHECK_FORMAT_ATTRIBUTE -ACX_CHECK_UNUSED_ATTRIBUTE - -AC_DEFUN([CHECK_WEAK_ATTRIBUTE], -[AC_REQUIRE([AC_PROG_CC]) -AC_MSG_CHECKING(whether the C compiler (${CC-cc}) accepts the "weak" attribute) -AC_CACHE_VAL(ac_cv_c_weak_attribute, -[ac_cv_c_weak_attribute=no -AC_TRY_COMPILE( -[ #include -__attribute__((weak)) void f(int x) { printf("%d", x); } -], [ - f(1); -], -[ac_cv_c_weak_attribute="yes"], -[ac_cv_c_weak_attribute="no"]) -]) - -AC_MSG_RESULT($ac_cv_c_weak_attribute) -if test $ac_cv_c_weak_attribute = yes; then - AC_DEFINE(HAVE_ATTR_WEAK, 1, [Whether the C compiler accepts the "weak" attribute]) -fi -])dnl End of CHECK_WEAK_ATTRIBUTE - -CHECK_WEAK_ATTRIBUTE - -if test "$srcdir" != "."; then - CPPFLAGS="$CPPFLAGS -I$srcdir" -fi - -AC_DEFUN([ACX_YYLEX_DESTROY], [ - AC_MSG_CHECKING([for yylex_destroy]) - if echo %% | $LEX -t 2>&1 | grep yylex_destroy >/dev/null 2>&1; then - AC_DEFINE(LEX_HAS_YYLEX_DESTROY, 1, [if lex has yylex_destroy]) - AC_MSG_RESULT(yes) - else AC_MSG_RESULT(no); fi -]) - -AC_PROG_LEX -ACX_YYLEX_DESTROY -AC_PROG_YACC -AC_CHECK_PROG(doxygen, doxygen, doxygen) -AC_CHECK_TOOL(STRIP, strip) -ACX_LIBTOOL_C_ONLY - -# Checks for header files. -AC_CHECK_HEADERS([stdarg.h stdbool.h netinet/in.h netinet/tcp.h sys/param.h sys/socket.h sys/un.h sys/uio.h sys/resource.h arpa/inet.h syslog.h netdb.h sys/wait.h pwd.h glob.h grp.h login_cap.h winsock2.h ws2tcpip.h endian.h sys/ipc.h sys/shm.h],,, [AC_INCLUDES_DEFAULT]) - -# check for types. -# Using own tests for int64* because autoconf builtin only give 32bit. -AC_CHECK_TYPE(int8_t, signed char) -AC_CHECK_TYPE(int16_t, short) -AC_CHECK_TYPE(int32_t, int) -AC_CHECK_TYPE(int64_t, long long) -AC_CHECK_TYPE(uint8_t, unsigned char) -AC_CHECK_TYPE(uint16_t, unsigned short) -AC_CHECK_TYPE(uint32_t, unsigned int) -AC_CHECK_TYPE(uint64_t, unsigned long long) -AC_TYPE_SIZE_T -AC_CHECK_TYPE(ssize_t, int) -AC_TYPE_UID_T -AC_TYPE_PID_T -AC_TYPE_OFF_T -ACX_TYPE_U_CHAR -ACX_TYPE_RLIM_T -ACX_TYPE_SOCKLEN_T -ACX_TYPE_IN_ADDR_T -ACX_TYPE_IN_PORT_T -ACX_CHECK_MEMCMP_SIGNED - -AC_CHECK_SIZEOF(time_t,,[ -AC_INCLUDES_DEFAULT -#ifdef TIME_WITH_SYS_TIME -# include -# include -#else -# ifdef HAVE_SYS_TIME_H -# include -# else -# include -# endif -#endif -]) - -# add option to disable the evil rpath -ACX_ARG_RPATH -AC_SUBST(RUNTIME_PATH) - -# check to see if libraries are needed for these functions. -AC_SEARCH_LIBS([inet_pton], [nsl]) -AC_SEARCH_LIBS([socket], [socket]) - -# check wether strptime also works -AC_DEFUN([AC_CHECK_STRPTIME_WORKS], -[AC_REQUIRE([AC_PROG_CC]) -AC_MSG_CHECKING(whether strptime works) -if test c${cross_compiling} = cno; then -AC_RUN_IFELSE([AC_LANG_SOURCE([[ -#define _XOPEN_SOURCE 600 -#include -int main(void) { struct tm tm; char *res; -res = strptime("2010-07-15T00:00:00+00:00", "%t%Y%t-%t%m%t-%t%d%tT%t%H%t:%t%M%t:%t%S%t", &tm); -if (!res) return 2; -res = strptime("20070207111842", "%Y%m%d%H%M%S", &tm); -if (!res) return 1; return 0; } -]])] , [eval "ac_cv_c_strptime_works=yes"], [eval "ac_cv_c_strptime_works=no"]) -else -eval "ac_cv_c_strptime_works=maybe" -fi -AC_MSG_RESULT($ac_cv_c_strptime_works) -if test $ac_cv_c_strptime_works = no; then -AC_LIBOBJ(strptime) -else -AC_DEFINE_UNQUOTED([STRPTIME_WORKS], 1, [use default strptime.]) -fi -])dnl - -# check some functions of the OS before linking libs (while still runnable). -AC_FUNC_CHOWN -AC_FUNC_FORK -AC_TYPE_SIGNAL -AC_FUNC_FSEEKO -ACX_SYS_LARGEFILE -ACX_CHECK_NONBLOCKING_BROKEN -ACX_MKDIR_ONE_ARG -AC_CHECK_FUNCS([strptime],[AC_CHECK_STRPTIME_WORKS],[AC_LIBOBJ([strptime])]) - -# set memory allocation checking if requested -AC_ARG_ENABLE(alloc-checks, AC_HELP_STRING([--enable-alloc-checks], - [ enable to memory allocation statistics, for debug purposes ]), - , ) -AC_ARG_ENABLE(alloc-lite, AC_HELP_STRING([--enable-alloc-lite], - [ enable for lightweight alloc assertions, for debug purposes ]), - , ) -AC_ARG_ENABLE(alloc-nonregional, AC_HELP_STRING([--enable-alloc-nonregional], - [ enable nonregional allocs, slow but exposes regional allocations to other memory purifiers, for debug purposes ]), - , ) -if test x_$enable_alloc_nonregional = x_yes; then - AC_DEFINE(UNBOUND_ALLOC_NONREGIONAL, 1, [use malloc not regions, for debug use]) -fi -if test x_$enable_alloc_checks = x_yes; then - AC_DEFINE(UNBOUND_ALLOC_STATS, 1, [use statistics for allocs and frees, for debug use]) -else - if test x_$enable_alloc_lite = x_yes; then - AC_DEFINE(UNBOUND_ALLOC_LITE, 1, [use to enable lightweight alloc assertions, for debug use]) - else - ACX_FUNC_MALLOC([unbound]) - fi -fi - -# check windows threads (we use them, not pthreads, on windows). -if test "$on_mingw" = "yes"; then -# check windows threads - AC_CHECK_HEADERS([windows.h],,, [AC_INCLUDES_DEFAULT]) - AC_MSG_CHECKING([for CreateThread]) - AC_COMPILE_IFELSE([AC_LANG_PROGRAM([ -#ifdef HAVE_WINDOWS_H -#include -#endif -], [ - HANDLE t = CreateThread(NULL, 0, NULL, NULL, 0, NULL); -])], - AC_MSG_RESULT(yes) - AC_DEFINE(HAVE_WINDOWS_THREADS, 1, [Using Windows threads]) -, - AC_MSG_RESULT(no) -) - -else -# not on mingw, check thread libraries. - -# check for thread library. -# check this first, so that the pthread lib does not get linked in via -# libssl or libpython, and thus distorts the tests, and we end up using -# the non-threadsafe C libraries. -AC_ARG_WITH(pthreads, AC_HELP_STRING([--with-pthreads], - [use pthreads library, or --without-pthreads to disable threading support.]), - [ ],[ withval="yes" ]) -ub_have_pthreads=no -if test x_$withval != x_no; then - AX_PTHREAD([ - AC_DEFINE(HAVE_PTHREAD,1,[Define if you have POSIX threads libraries and header files.]) - LIBS="$PTHREAD_LIBS $LIBS" - CFLAGS="$CFLAGS $PTHREAD_CFLAGS" - CC="$PTHREAD_CC" - ub_have_pthreads=yes - AC_CHECK_TYPES([pthread_spinlock_t, pthread_rwlock_t],,,[#include ]) - - if echo "$CFLAGS" | $GREP -e "-pthread" >/dev/null; then - AC_MSG_CHECKING([if -pthread unused during linking]) - # catch clang warning 'argument unused during compilation' - AC_LANG_CONFTEST([AC_LANG_SOURCE(AC_INCLUDES_DEFAULT -[[ -int main(void) {return 0;} -]])]) - pthread_unused="yes" - # first compile - echo "$CC $CFLAGS -c conftest.c -o conftest.o" >&AS_MESSAGE_LOG_FD - $CC $CFLAGS -c conftest.c -o conftest.o 2>&AS_MESSAGE_LOG_FD >&AS_MESSAGE_LOG_FD - if test $? = 0; then - # then link - echo "$CC $CFLAGS -Werror $LDFLAGS $LIBS -o conftest contest.o" >&AS_MESSAGE_LOG_FD - $CC $CFLAGS -Werror $LDFLAGS $LIBS -o conftest conftest.o 2>&AS_MESSAGE_LOG_FD >&AS_MESSAGE_LOG_FD - if test $? -ne 0; then - AC_MSG_RESULT(yes) - CFLAGS=`echo "$CFLAGS" | sed -e 's/-pthread//'` - PTHREAD_CFLAGS_ONLY="-pthread" - AC_SUBST(PTHREAD_CFLAGS_ONLY) - else - AC_MSG_RESULT(no) - fi - else - AC_MSG_RESULT(no) - fi # endif cc successful - rm -f conftest conftest.c conftest.o - fi # endif -pthread in CFLAGS - - ]) -fi - -# check solaris thread library -AC_ARG_WITH(solaris-threads, AC_HELP_STRING([--with-solaris-threads], - [use solaris native thread library.]), [ ],[ withval="no" ]) -ub_have_sol_threads=no -if test x_$withval != x_no; then - if test x_$ub_have_pthreads != x_no; then - AC_WARN([Have pthreads already, ignoring --with-solaris-threads]) - else - AC_SEARCH_LIBS(thr_create, [thread], - [ - AC_DEFINE(HAVE_SOLARIS_THREADS, 1, [Using Solaris threads]) - - ACX_CHECK_COMPILER_FLAG(mt, [CFLAGS="$CFLAGS -mt"], - [CFLAGS="$CFLAGS -D_REENTRANT"]) - ub_have_sol_threads=yes - ] , [ - AC_ERROR([no solaris threads found.]) - ]) - fi -fi - -fi # end of non-mingw check of thread libraries - -# Check for PyUnbound -AC_ARG_WITH(pyunbound, - AC_HELP_STRING([--with-pyunbound], - [build PyUnbound, or --without-pyunbound to skip it. (default=no)]), - [], [ withval="no" ]) - -ub_test_python=no -ub_with_pyunbound=no -if test x_$withval != x_no; then - ub_with_pyunbound=yes - ub_test_python=yes -fi - -# Check for Python module -AC_ARG_WITH(pythonmodule, - AC_HELP_STRING([--with-pythonmodule], - [build Python module, or --without-pythonmodule to disable script engine. (default=no)]), - [], [ withval="no" ]) - -ub_with_pythonmod=no -if test x_$withval != x_no; then - ub_with_pythonmod=yes - ub_test_python=yes -fi - -# Check for Python & SWIG only on PyUnbound or PyModule -if test x_$ub_test_python != x_no; then - - # Check for Python - ub_have_python=no - ac_save_LIBS="$LIBS" dnl otherwise AC_PYTHON_DEVEL thrashes $LIBS - AC_PYTHON_DEVEL - if test ! -z "$PYTHON_VERSION"; then - if test `$PYTHON -c "print('$PYTHON_VERSION' >= '2.4.0')"` = "False"; then - AC_ERROR([Python version >= 2.4.0 is required]) - fi - - [PY_MAJOR_VERSION="`$PYTHON -c \"import sys; print(sys.version_info[0])\"`"] - AC_SUBST(PY_MAJOR_VERSION) - # Have Python - AC_DEFINE(HAVE_PYTHON,1,[Define if you have Python libraries and header files.]) - LIBS="$PYTHON_LDFLAGS $LIBS" - CPPFLAGS="$CPPFLAGS $PYTHON_CPPFLAGS" - ub_have_python=yes - PC_PY_DEPENDENCY="python" - AC_SUBST(PC_PY_DEPENDENCY) - - # Check for SWIG - ub_have_swig=no - AC_PROG_SWIG(2.0.1) - AC_MSG_CHECKING(SWIG) - if test ! -x "$SWIG"; then - AC_ERROR([failed to find swig tool, install it, or do not build Python module and PyUnbound]) - else - AC_DEFINE(HAVE_SWIG, 1, [Define if you have Swig libraries and header files.]) - AC_SUBST(swig, "$SWIG") - AC_MSG_RESULT(present) - - # If have Python & SWIG - # Declare PythonMod - if test x_$ub_with_pythonmod != x_no; then - AC_DEFINE(WITH_PYTHONMODULE, 1, [Define if you want Python module.]) - WITH_PYTHONMODULE=yes - AC_SUBST(WITH_PYTHONMODULE) - PYTHONMOD_OBJ="pythonmod.lo pythonmod_utils.lo" - AC_SUBST(PYTHONMOD_OBJ) - PYTHONMOD_HEADER='$(srcdir)/pythonmod/pythonmod.h' - AC_SUBST(PYTHONMOD_HEADER) - PYTHONMOD_INSTALL=pythonmod-install - AC_SUBST(PYTHONMOD_INSTALL) - PYTHONMOD_UNINSTALL=pythonmod-uninstall - AC_SUBST(PYTHONMOD_UNINSTALL) - fi - - # Declare PyUnbound - if test x_$ub_with_pyunbound != x_no; then - AC_DEFINE(WITH_PYUNBOUND, 1, [Define if you want PyUnbound.]) - WITH_PYUNBOUND=yes - AC_SUBST(WITH_PYUNBOUND) - PYUNBOUND_OBJ="libunbound_wrap.lo" - AC_SUBST(PYUNBOUND_OBJ) - PYUNBOUND_TARGET="_unbound.la" - AC_SUBST(PYUNBOUND_TARGET) - PYUNBOUND_INSTALL=pyunbound-install - AC_SUBST(PYUNBOUND_INSTALL) - PYUNBOUND_UNINSTALL=pyunbound-uninstall - AC_SUBST(PYUNBOUND_UNINSTALL) - fi - fi - else - AC_MSG_RESULT([*** Python libraries not found, won't build PythonMod or PyUnbound ***]) - ub_with_pyunbound=no - ub_with_pythonmod=no - fi -fi - -if test "`uname`" = "NetBSD"; then - NETBSD_LINTFLAGS='"-D__RENAME(x)=" -D_NETINET_IN_H_' - AC_SUBST(NETBSD_LINTFLAGS) -fi -CONFIG_DATE=`date +%Y%m%d` -AC_SUBST(CONFIG_DATE) - -# Checks for libraries. - -# libnss -USE_NSS="no" -AC_ARG_WITH([nss], AC_HELP_STRING([--with-nss=path], - [use libnss instead of openssl, installed at path.]), - [ - USE_NSS="yes" - AC_DEFINE(HAVE_NSS, 1, [Use libnss for crypto]) - if test "$withval" != "" -a "$withval" != "yes"; then - CPPFLAGS="$CPPFLAGS -I$withval/include/nss3" - LDFLAGS="$LDFLAGS -L$withval/lib" - ACX_RUNTIME_PATH_ADD([$withval/lib]) - CPPFLAGS="-I$withval/include/nspr4 $CPPFLAGS" - else - CPPFLAGS="$CPPFLAGS -I/usr/include/nss3" - CPPFLAGS="-I/usr/include/nspr4 $CPPFLAGS" - fi - LIBS="$LIBS -lnss3 -lnspr4" - SSLLIB="" - ] -) - -# libnettle -USE_NETTLE="no" -AC_ARG_WITH([nettle], AC_HELP_STRING([--with-nettle=path], - [use libnettle as crypto library, installed at path.]), - [ - USE_NETTLE="yes" - AC_DEFINE(HAVE_NETTLE, 1, [Use libnettle for crypto]) - AC_CHECK_HEADERS([nettle/dsa-compat.h],,, [AC_INCLUDES_DEFAULT]) - if test "$withval" != "" -a "$withval" != "yes"; then - CPPFLAGS="$CPPFLAGS -I$withval/include/nettle" - LDFLAGS="$LDFLAGS -L$withval/lib" - ACX_RUNTIME_PATH_ADD([$withval/lib]) - else - CPPFLAGS="$CPPFLAGS -I/usr/include/nettle" - fi - LIBS="$LIBS -lhogweed -lnettle -lgmp" - SSLLIB="" - ] -) - -# openssl -if test $USE_NSS = "no" -a $USE_NETTLE = "no"; then -ACX_WITH_SSL -ACX_LIB_SSL -SSLLIB="-lssl" - -# check if -lcrypt32 is needed because CAPIENG needs that. (on windows) -BAKLIBS="$LIBS" -LIBS="-lssl $LIBS" -AC_MSG_CHECKING([if libssl needs -lcrypt32]) -AC_TRY_LINK_FUNC([HMAC_Update], [ - AC_MSG_RESULT([no]) - LIBS="$BAKLIBS" -], [ - AC_MSG_RESULT([yes]) - LIBS="$BAKLIBS" - LIBS="$LIBS -lcrypt32" -]) - -AC_MSG_CHECKING([for LibreSSL]) -if grep VERSION_TEXT $ssldir/include/openssl/opensslv.h | grep "LibreSSL" >/dev/null; then - AC_MSG_RESULT([yes]) - AC_DEFINE([HAVE_LIBRESSL], [1], [Define if we have LibreSSL]) - # libressl provides these compat functions, but they may also be - # declared by the OS in libc. See if they have been declared. - AC_CHECK_DECLS([strlcpy,strlcat,arc4random,arc4random_uniform,reallocarray]) -else - AC_MSG_RESULT([no]) -fi -AC_CHECK_HEADERS([openssl/conf.h openssl/engine.h openssl/bn.h openssl/dh.h openssl/dsa.h openssl/rsa.h],,, [AC_INCLUDES_DEFAULT]) -AC_CHECK_FUNCS([OPENSSL_config EVP_sha1 EVP_sha256 EVP_sha512 FIPS_mode EVP_MD_CTX_new OpenSSL_add_all_digests OPENSSL_init_crypto EVP_cleanup ERR_load_crypto_strings CRYPTO_cleanup_all_ex_data ERR_free_strings RAND_cleanup DSA_SIG_set0 EVP_dss1]) - -# these check_funcs need -lssl -BAKLIBS="$LIBS" -LIBS="-lssl $LIBS" -AC_CHECK_FUNCS([OPENSSL_init_ssl SSL_CTX_set_security_level]) -LIBS="$BAKLIBS" - -AC_CHECK_DECLS([SSL_COMP_get_compression_methods,sk_SSL_COMP_pop_free,SSL_CTX_set_ecdh_auto], [], [], [ -AC_INCLUDES_DEFAULT -#ifdef HAVE_OPENSSL_ERR_H -#include -#endif - -#ifdef HAVE_OPENSSL_RAND_H -#include -#endif - -#ifdef HAVE_OPENSSL_CONF_H -#include -#endif - -#ifdef HAVE_OPENSSL_ENGINE_H -#include -#endif -#include -#include -]) -fi -AC_SUBST(SSLLIB) - - -AC_ARG_ENABLE(sha1, AC_HELP_STRING([--disable-sha1], [Disable SHA1 RRSIG support, does not disable nsec3 support])) -case "$enable_sha1" in - no) - ;; - yes|*) - AC_DEFINE([USE_SHA1], [1], [Define this to enable SHA1 support.]) - ;; -esac - - -AC_ARG_ENABLE(sha2, AC_HELP_STRING([--disable-sha2], [Disable SHA256 and SHA512 RRSIG support])) -case "$enable_sha2" in - no) - ;; - yes|*) - AC_DEFINE([USE_SHA2], [1], [Define this to enable SHA256 and SHA512 support.]) - ;; -esac - -AC_ARG_ENABLE(subnet, AC_HELP_STRING([--enable-subnet], [Enable client subnet])) -case "$enable_subnet" in - yes) - AC_DEFINE([CLIENT_SUBNET], [1], [Define this to enable client subnet option.]) - SUBNET_OBJ="edns-subnet.lo subnetmod.lo addrtree.lo subnet-whitelist.lo" - AC_SUBST(SUBNET_OBJ) - SUBNET_HEADER='$(srcdir)/edns-subnet/subnetmod.h $(srcdir)/edns-subnet/edns-subnet.h $(srcdir)/edns-subnet/subnet-whitelist.h $(srcdir)/edns-subnet/addrtree.h' - AC_SUBST(SUBNET_HEADER) - ;; - no|*) - ;; -esac - -# check wether gost also works -AC_DEFUN([AC_CHECK_GOST_WORKS], -[AC_REQUIRE([AC_PROG_CC]) -AC_MSG_CHECKING([if GOST works]) -if test c${cross_compiling} = cno; then -BAKCFLAGS="$CFLAGS" -if test -n "$ssldir"; then - CFLAGS="$CFLAGS -Wl,-rpath,$ssldir/lib" -fi -AC_RUN_IFELSE([AC_LANG_SOURCE([[ -#include -#include -#include -#include -#include -/* routine to load gost (from sldns) */ -int load_gost_id(void) -{ - static int gost_id = 0; - const EVP_PKEY_ASN1_METHOD* meth; - ENGINE* e; - - if(gost_id) return gost_id; - - /* see if configuration loaded gost implementation from other engine*/ - meth = EVP_PKEY_asn1_find_str(NULL, "gost2001", -1); - if(meth) { - EVP_PKEY_asn1_get0_info(&gost_id, NULL, NULL, NULL, NULL, meth); - return gost_id; - } - - /* see if engine can be loaded already */ - e = ENGINE_by_id("gost"); - if(!e) { - /* load it ourself, in case statically linked */ - ENGINE_load_builtin_engines(); - ENGINE_load_dynamic(); - e = ENGINE_by_id("gost"); - } - if(!e) { - /* no gost engine in openssl */ - return 0; - } - if(!ENGINE_set_default(e, ENGINE_METHOD_ALL)) { - ENGINE_finish(e); - ENGINE_free(e); - return 0; - } - - meth = EVP_PKEY_asn1_find_str(&e, "gost2001", -1); - if(!meth) { - /* algo not found */ - ENGINE_finish(e); - ENGINE_free(e); - return 0; - } - EVP_PKEY_asn1_get0_info(&gost_id, NULL, NULL, NULL, NULL, meth); - return gost_id; -} -int main(void) { - EVP_MD_CTX* ctx; - const EVP_MD* md; - unsigned char digest[64]; /* its a 256-bit digest, so uses 32 bytes */ - const char* str = "Hello world"; - const unsigned char check[] = { - 0x40 , 0xed , 0xf8 , 0x56 , 0x5a , 0xc5 , 0x36 , 0xe1 , - 0x33 , 0x7c , 0x7e , 0x87 , 0x62 , 0x1c , 0x42 , 0xe0 , - 0x17 , 0x1b , 0x5e , 0xce , 0xa8 , 0x46 , 0x65 , 0x4d , - 0x8d , 0x3e , 0x22 , 0x9b , 0xe1 , 0x30 , 0x19 , 0x9d - }; - OPENSSL_config(NULL); - (void)load_gost_id(); - md = EVP_get_digestbyname("md_gost94"); - if(!md) return 1; - memset(digest, 0, sizeof(digest)); - ctx = EVP_MD_CTX_create(); - if(!ctx) return 2; - if(!EVP_DigestInit_ex(ctx, md, NULL)) return 3; - if(!EVP_DigestUpdate(ctx, str, 10)) return 4; - if(!EVP_DigestFinal_ex(ctx, digest, NULL)) return 5; - /* uncomment to see the hash calculated. - {int i; - for(i=0; i<32; i++) - printf(" %2.2x", (int)digest[i]); - printf("\n");} - */ - if(memcmp(digest, check, sizeof(check)) != 0) - return 6; - return 0; -} -]])] , [eval "ac_cv_c_gost_works=yes"], [eval "ac_cv_c_gost_works=no"]) -CFLAGS="$BAKCFLAGS" -else -eval "ac_cv_c_gost_works=maybe" -fi -AC_MSG_RESULT($ac_cv_c_gost_works) -])dnl - -AC_ARG_ENABLE(gost, AC_HELP_STRING([--disable-gost], [Disable GOST support])) -use_gost="no" -if test $USE_NSS = "no" -a $USE_NETTLE = "no"; then -case "$enable_gost" in - no) - ;; - *) - AC_CHECK_FUNC(EVP_PKEY_set_type_str, [:],[AC_MSG_ERROR([OpenSSL 1.0.0 is needed for GOST support])]) - AC_CHECK_FUNC(EC_KEY_new, [], [AC_MSG_ERROR([OpenSSL does not support ECC, needed for GOST support])]) - AC_CHECK_GOST_WORKS - if test "$ac_cv_c_gost_works" != no; then - use_gost="yes" - AC_DEFINE([USE_GOST], [1], [Define this to enable GOST support.]) - fi - ;; -esac -fi dnl !USE_NSS && !USE_NETTLE - -AC_ARG_ENABLE(ecdsa, AC_HELP_STRING([--disable-ecdsa], [Disable ECDSA support])) -use_ecdsa="no" -case "$enable_ecdsa" in - no) - ;; - *) - if test $USE_NSS = "no" -a $USE_NETTLE = "no"; then - AC_CHECK_FUNC(ECDSA_sign, [], [AC_MSG_ERROR([OpenSSL does not support ECDSA: please upgrade or rerun with --disable-ecdsa])]) - AC_CHECK_FUNC(SHA384_Init, [], [AC_MSG_ERROR([OpenSSL does not support SHA384: please upgrade or rerun with --disable-ecdsa])]) - AC_CHECK_DECLS([NID_X9_62_prime256v1, NID_secp384r1], [], [AC_MSG_ERROR([OpenSSL does not support the ECDSA curves: please upgrade or rerun with --disable-ecdsa])], [AC_INCLUDES_DEFAULT -#include - ]) - # see if OPENSSL 1.0.0 or later (has EVP MD and Verify independency) - AC_MSG_CHECKING([if openssl supports SHA2 and ECDSA with EVP]) - if grep OPENSSL_VERSION_TEXT $ssldir/include/openssl/opensslv.h | grep "OpenSSL" >/dev/null; then - if grep OPENSSL_VERSION_NUMBER $ssldir/include/openssl/opensslv.h | grep 0x0 >/dev/null; then - AC_MSG_RESULT([no]) - AC_DEFINE_UNQUOTED([USE_ECDSA_EVP_WORKAROUND], [1], [Define this to enable an EVP workaround for older openssl]) - else - AC_MSG_RESULT([yes]) - fi - else - # not OpenSSL, thus likely LibreSSL, which supports it - AC_MSG_RESULT([yes]) - fi - fi - # we now know we have ECDSA and the required curves. - AC_DEFINE_UNQUOTED([USE_ECDSA], [1], [Define this to enable ECDSA support.]) - use_ecdsa="yes" - ;; -esac - -AC_ARG_ENABLE(dsa, AC_HELP_STRING([--disable-dsa], [Disable DSA support])) -use_dsa="no" -case "$enable_dsa" in - no) - ;; - *) - # detect if DSA is supported, and turn it off if not. - AC_CHECK_FUNC(DSA_SIG_new, [ - AC_DEFINE_UNQUOTED([USE_DSA], [1], [Define this to enable DSA support.]) - ], [if test "x$enable_dsa" = "xyes"; then AC_MSG_ERROR([OpenSSL does not support DSA and you used --enable-dsa.]) - fi ]) - ;; -esac - - -AC_ARG_ENABLE(event-api, AC_HELP_STRING([--enable-event-api], [Enable (experimental) pluggable event base libunbound API installed to unbound-event.h])) -case "$enable_event_api" in - yes) - AC_SUBST(UNBOUND_EVENT_INSTALL, [unbound-event-install]) - AC_SUBST(UNBOUND_EVENT_UNINSTALL, [unbound-event-uninstall]) - ;; - *) - ;; -esac - -AC_ARG_ENABLE(tfo-client, AC_HELP_STRING([--enable-tfo-client], [Enable TCP Fast Open for client mode])) -case "$enable_tfo_client" in - yes) - case `uname` in - Linux) AC_CHECK_DECL([MSG_FASTOPEN], [AC_MSG_WARN([Check the platform specific TFO kernel parameters are correctly configured to support client mode TFO])], - [AC_MSG_ERROR([TCP Fast Open is not available for client mode: please rerun without --enable-tfo-client])], - [AC_INCLUDES_DEFAULT -#include -]) - AC_DEFINE_UNQUOTED([USE_MSG_FASTOPEN], [1], [Define this to enable client TCP Fast Open.]) - ;; - Darwin) AC_CHECK_DECL([CONNECT_RESUME_ON_READ_WRITE], [AC_MSG_WARN([Check the platform specific TFO kernel parameters are correctly configured to support client mode TFO])], - [AC_MSG_ERROR([TCP Fast Open is not available for client mode: please rerun without --enable-tfo-client])], - [AC_INCLUDES_DEFAULT -#include -]) - AC_DEFINE_UNQUOTED([USE_OSX_MSG_FASTOPEN], [1], [Define this to enable client TCP Fast Open.]) - ;; - esac - ;; - no|*) - ;; -esac - -AC_ARG_ENABLE(tfo-server, AC_HELP_STRING([--enable-tfo-server], [Enable TCP Fast Open for server mode])) -case "$enable_tfo_server" in - yes) - AC_CHECK_DECL([TCP_FASTOPEN], [AC_MSG_WARN([Check the platform specific TFO kernel parameters are correctly configured to support server mode TFO])], [AC_MSG_ERROR([TCP Fast Open is not available for server mode: please rerun without --enable-tfo-server])], [AC_INCLUDES_DEFAULT -#include - ]) - AC_DEFINE_UNQUOTED([USE_TCP_FASTOPEN], [1], [Define this to enable server TCP Fast Open.]) - ;; - no|*) - ;; -esac - -# check for libevent -AC_ARG_WITH(libevent, AC_HELP_STRING([--with-libevent=pathname], - [use libevent (will check /usr/local /opt/local /usr/lib /usr/pkg /usr/sfw /usr or you can specify an explicit path). Slower, but allows use of large outgoing port ranges.]), - [ ],[ withval="no" ]) -if test x_$withval = x_yes -o x_$withval != x_no; then - AC_MSG_CHECKING(for libevent) - if test x_$withval = x_ -o x_$withval = x_yes; then - withval="/usr/local /opt/local /usr/lib /usr/pkg /usr/sfw /usr" - fi - for dir in $withval; do - thedir="$dir" - if test -f "$dir/include/event.h" -o -f "$dir/include/event2/event.h"; then - found_libevent="yes" - dnl assume /usr is in default path. - if test "$thedir" != "/usr"; then - CPPFLAGS="$CPPFLAGS -I$thedir/include" - fi - break; - fi - done - if test x_$found_libevent != x_yes; then - if test -f "$dir/event.h" -a \( -f "$dir/libevent.la" -o -f "$dir/libev.la" \) ; then - # libevent source directory - AC_MSG_RESULT(found in $thedir) - CPPFLAGS="$CPPFLAGS -I$thedir -I$thedir/include" - BAK_LDFLAGS_SET="1" - BAK_LDFLAGS="$LDFLAGS" - # remove evdns from linking - mkdir build >/dev/null 2>&1 - mkdir build/libevent >/dev/null 2>&1 - mkdir build/libevent/.libs >/dev/null 2>&1 - ev_files_o=`ls $thedir/*.o | grep -v evdns\.o | grep -v bufferevent_openssl\.o` - ev_files_lo=`ls $thedir/*.lo | grep -v evdns\.lo | grep -v bufferevent_openssl\.lo` - ev_files_libso=`ls $thedir/.libs/*.o | grep -v evdns\.o | grep -v bufferevent_openssl\.o` - cp $ev_files_o build/libevent - cp $ev_files_lo build/libevent - cp $ev_files_libso build/libevent/.libs - LATE_LDFLAGS="build/libevent/*.lo -lm" - LDFLAGS="build/libevent/*.o $LDFLAGS -lm" - else - AC_MSG_ERROR([Cannot find the libevent library in $withval -You can restart ./configure --with-libevent=no to use a builtin alternative. -Please note that this alternative is not as capable as libevent when using -large outgoing port ranges. ]) - fi - else - AC_MSG_RESULT(found in $thedir) - dnl if event2 exists and no event lib in dir itself, use subdir - if test ! -f $thedir/lib/libevent.a -a ! -f $thedir/lib/libevent.so -a -d "$thedir/lib/event2"; then - LDFLAGS="$LDFLAGS -L$thedir/lib/event2" - ACX_RUNTIME_PATH_ADD([$thedir/lib/event2]) - else - dnl assume /usr is in default path, do not add "". - if test "$thedir" != "/usr" -a "$thedir" != ""; then - LDFLAGS="$LDFLAGS -L$thedir/lib" - ACX_RUNTIME_PATH_ADD([$thedir/lib]) - fi - fi - fi - # check for library used by libevent after 1.3c - AC_SEARCH_LIBS([clock_gettime], [rt]) - - # is the event.h header libev or libevent? - AC_CHECK_HEADERS([event.h],,, [AC_INCLUDES_DEFAULT]) - AC_CHECK_DECL(EV_VERSION_MAJOR, [ - AC_SEARCH_LIBS(event_set, [ev]) - ],[ - AC_SEARCH_LIBS(event_set, [event]) - ],[AC_INCLUDES_DEFAULT -#include - ]) - AC_CHECK_FUNCS([event_base_free]) # only in libevent 1.2 and later - AC_CHECK_FUNCS([event_base_once]) # only in libevent 1.4.1 and later - AC_CHECK_FUNCS([event_base_new]) # only in libevent 1.4.1 and later - AC_CHECK_FUNCS([event_base_get_method]) # only in libevent 1.4.3 and later - AC_CHECK_FUNCS([ev_loop]) # only in libev. (tested on 3.51) - AC_CHECK_FUNCS([ev_default_loop]) # only in libev. (tested on 4.00) - PC_LIBEVENT_DEPENDENCY="libevent" - AC_SUBST(PC_LIBEVENT_DEPENDENCY) - if test -n "$BAK_LDFLAGS_SET"; then - LDFLAGS="$BAK_LDFLAGS" - fi -else - AC_DEFINE(USE_MINI_EVENT, 1, [Define if you want to use internal select based events]) -fi - -# check for libexpat -AC_ARG_WITH(libexpat, AC_HELP_STRING([--with-libexpat=path], - [specify explicit path for libexpat.]), - [ ],[ withval="/usr/local /opt/local /usr/lib /usr/pkg /usr/sfw /usr" ]) -AC_MSG_CHECKING(for libexpat) -found_libexpat="no" -for dir in $withval ; do - if test -f "$dir/include/expat.h"; then - found_libexpat="yes" - dnl assume /usr is in default path. - if test "$dir" != "/usr"; then - CPPFLAGS="$CPPFLAGS -I$dir/include" - LDFLAGS="$LDFLAGS -L$dir/lib" - fi - AC_MSG_RESULT(found in $dir) - break; - fi -done -if test x_$found_libexpat != x_yes; then - AC_ERROR([Could not find libexpat, expat.h]) -fi -AC_CHECK_HEADERS([expat.h],,, [AC_INCLUDES_DEFAULT]) -AC_CHECK_DECLS([XML_StopParser], [], [], [AC_INCLUDES_DEFAULT -#include -]) - -# set static linking if requested -AC_SUBST(staticexe) -staticexe="" -AC_ARG_ENABLE(static-exe, AC_HELP_STRING([--enable-static-exe], - [ enable to compile executables statically against (event) libs, for debug purposes ]), - , ) -if test x_$enable_static_exe = x_yes; then - staticexe="-static" - if test "$on_mingw" = yes; then - staticexe="-all-static" - # for static compile, include gdi32 and zlib here. - LIBS="$LIBS -lgdi32 -lz" - fi -fi - -# Include systemd.m4 - begin -sinclude(systemd.m4) -# Include systemd.m4 - end - -# set lock checking if requested -AC_ARG_ENABLE(lock_checks, AC_HELP_STRING([--enable-lock-checks], - [ enable to check lock and unlock calls, for debug purposes ]), - , ) -if test x_$enable_lock_checks = x_yes; then - AC_DEFINE(ENABLE_LOCK_CHECKS, 1, [Define if you want to use debug lock checking (slow).]) - CHECKLOCK_OBJ="checklocks.lo" - AC_SUBST(CHECKLOCK_OBJ) -fi - -ACX_CHECK_GETADDRINFO_WITH_INCLUDES -if test "$USE_WINSOCK" = 1; then - AC_DEFINE(UB_ON_WINDOWS, 1, [Use win32 resources and API]) - AC_CHECK_HEADERS([iphlpapi.h],,, [AC_INCLUDES_DEFAULT -#include - ]) - AC_CHECK_TOOL(WINDRES, windres) - LIBS="$LIBS -liphlpapi" - WINAPPS="unbound-service-install.exe unbound-service-remove.exe anchor-update.exe" - AC_SUBST(WINAPPS) - WIN_DAEMON_SRC="winrc/win_svc.c winrc/w_inst.c" - AC_SUBST(WIN_DAEMON_SRC) - WIN_DAEMON_OBJ="win_svc.lo w_inst.lo" - AC_SUBST(WIN_DAEMON_OBJ) - WIN_DAEMON_OBJ_LINK="rsrc_unbound.o" - AC_SUBST(WIN_DAEMON_OBJ_LINK) - WIN_HOST_OBJ_LINK="rsrc_unbound_host.o" - AC_SUBST(WIN_HOST_OBJ_LINK) - WIN_UBANCHOR_OBJ_LINK="rsrc_unbound_anchor.o log.lo locks.lo" - AC_SUBST(WIN_UBANCHOR_OBJ_LINK) - WIN_CONTROL_OBJ_LINK="rsrc_unbound_control.o" - AC_SUBST(WIN_CONTROL_OBJ_LINK) - WIN_CHECKCONF_OBJ_LINK="rsrc_unbound_checkconf.o" - AC_SUBST(WIN_CHECKCONF_OBJ_LINK) -fi -if test $ac_cv_func_getaddrinfo = no; then - AC_LIBOBJ([fake-rfc2553]) -fi -# check after getaddrinfo for its libraries -ACX_FUNC_IOCTLSOCKET - -# see if daemon(3) exists, and if it is deprecated. -AC_CHECK_FUNCS([daemon]) -if test $ac_cv_func_daemon = yes; then - ACX_FUNC_DEPRECATED([daemon], [(void)daemon(0, 0);], [ -#include -]) -fi - -AC_CHECK_MEMBERS([struct sockaddr_un.sun_len],,,[ -AC_INCLUDES_DEFAULT -#ifdef HAVE_SYS_UN_H -#include -#endif -]) -AC_CHECK_MEMBERS([struct in_pktinfo.ipi_spec_dst],,,[ -AC_INCLUDES_DEFAULT -#if HAVE_SYS_PARAM_H -#include -#endif - -#ifdef HAVE_SYS_SOCKET_H -#include -#endif - -#ifdef HAVE_SYS_UIO_H -#include -#endif - -#ifdef HAVE_NETINET_IN_H -#include -#endif - -#ifdef HAVE_NETINET_TCP_H -#include -#endif - -#ifdef HAVE_ARPA_INET_H -#include -#endif - -#ifdef HAVE_WINSOCK2_H -#include -#endif - -#ifdef HAVE_WS2TCPIP_H -#include -#endif -]) -AC_SEARCH_LIBS([setusercontext], [util]) -AC_CHECK_FUNCS([tzset sigprocmask fcntl getpwnam endpwent getrlimit setrlimit setsid chroot kill chown sleep usleep random srandom recvmsg sendmsg writev socketpair glob initgroups strftime localtime_r setusercontext _beginthreadex endservent endprotoent fsync shmget]) -AC_CHECK_FUNCS([setresuid],,[AC_CHECK_FUNCS([setreuid])]) -AC_CHECK_FUNCS([setresgid],,[AC_CHECK_FUNCS([setregid])]) - -# check if setreuid en setregid fail, on MacOSX10.4(darwin8). -if echo $build_os | grep darwin8 > /dev/null; then - AC_DEFINE(DARWIN_BROKEN_SETREUID, 1, [Define this if on macOSX10.4-darwin8 and setreuid and setregid do not work]) -fi -AC_CHECK_DECLS([inet_pton,inet_ntop], [], [], [ -AC_INCLUDES_DEFAULT -#ifdef HAVE_NETINET_IN_H -#include -#endif - -#ifdef HAVE_NETINET_TCP_H -#include -#endif - -#ifdef HAVE_ARPA_INET_H -#include -#endif - -#ifdef HAVE_WINSOCK2_H -#include -#endif - -#ifdef HAVE_WS2TCPIP_H -#include -#endif -]) -AC_REPLACE_FUNCS(inet_aton) -AC_REPLACE_FUNCS(inet_pton) -AC_REPLACE_FUNCS(inet_ntop) -AC_REPLACE_FUNCS(snprintf) -# test if snprintf return the proper length -if test "x$ac_cv_func_snprintf" = xyes; then - if test c${cross_compiling} = cno; then - AC_MSG_CHECKING([for correct snprintf return value]) - AC_RUN_IFELSE([AC_LANG_SOURCE(AC_INCLUDES_DEFAULT -[[ -int main(void) { return !(snprintf(NULL, 0, "test") == 4); } -]])], [AC_MSG_RESULT(yes)], [ - AC_MSG_RESULT(no) - AC_DEFINE([SNPRINTF_RET_BROKEN], [], [define if (v)snprintf does not return length needed, (but length used)]) - AC_LIBOBJ(snprintf) - ]) - fi -fi -AC_REPLACE_FUNCS(strlcat) -AC_REPLACE_FUNCS(strlcpy) -AC_REPLACE_FUNCS(memmove) -AC_REPLACE_FUNCS(gmtime_r) -AC_REPLACE_FUNCS(isblank) -dnl without CTIME, ARC4-functions and without reallocarray. -LIBOBJ_WITHOUT_CTIMEARC4="$LIBOBJS" -AC_SUBST(LIBOBJ_WITHOUT_CTIMEARC4) -AC_REPLACE_FUNCS(reallocarray) -if test "$USE_NSS" = "no"; then - AC_REPLACE_FUNCS(arc4random) - AC_REPLACE_FUNCS(arc4random_uniform) - if test "$ac_cv_func_arc4random" = "no"; then - AC_LIBOBJ(explicit_bzero) - AC_LIBOBJ(arc4_lock) - AC_CHECK_FUNCS([getentropy],,[ - if test "$USE_WINSOCK" = 1; then - AC_LIBOBJ(getentropy_win) - else - case "$host" in - Darwin|*darwin*) - AC_LIBOBJ(getentropy_osx) - ;; - *solaris*|*sunos*|SunOS) - AC_LIBOBJ(getentropy_solaris) - AC_CHECK_HEADERS([sys/sha2.h],, [ - AC_CHECK_FUNCS([SHA512_Update],,[ - AC_LIBOBJ(sha512) - ]) - ], [AC_INCLUDES_DEFAULT]) - if test "$ac_cv_header_sys_sha2_h" = "yes"; then - # this lib needed for sha2 on solaris - LIBS="$LIBS -lmd" - fi - AC_SEARCH_LIBS([clock_gettime], [rt]) - ;; - *linux*|Linux|*) - AC_LIBOBJ(getentropy_linux) - AC_CHECK_FUNCS([SHA512_Update],,[ - AC_DEFINE([COMPAT_SHA512], [1], [Do sha512 definitions in config.h]) - AC_LIBOBJ(sha512) - ]) - AC_CHECK_HEADERS([sys/sysctl.h],,, [AC_INCLUDES_DEFAULT]) - AC_CHECK_FUNCS([getauxval]) - AC_SEARCH_LIBS([clock_gettime], [rt]) - ;; - esac - fi - ]) - fi -fi -LIBOBJ_WITHOUT_CTIME="$LIBOBJS" -AC_SUBST(LIBOBJ_WITHOUT_CTIME) -AC_REPLACE_FUNCS(ctime_r) -AC_REPLACE_FUNCS(strsep) - -AC_ARG_ENABLE(allsymbols, AC_HELP_STRING([--enable-allsymbols], [export all symbols from libunbound and link binaries to it, smaller install size but libunbound export table is polluted by internal symbols])) -case "$enable_allsymbols" in - yes) - COMMON_OBJ_ALL_SYMBOLS="" - UBSYMS="" - EXTRALINK="-L. -L.libs -lunbound" - AC_DEFINE(EXPORT_ALL_SYMBOLS, 1, [Define this if you enabled-allsymbols from libunbound to link binaries to it for smaller install size, but the libunbound export table is polluted by internal symbols]) - ;; - no|*) - COMMON_OBJ_ALL_SYMBOLS='$(COMMON_OBJ)' - UBSYMS='-export-symbols $(srcdir)/libunbound/ubsyms.def' - EXTRALINK="" - ;; -esac -AC_SUBST(COMMON_OBJ_ALL_SYMBOLS) -AC_SUBST(EXTRALINK) -AC_SUBST(UBSYMS) -if test x_$enable_lock_checks = x_yes; then - UBSYMS="-export-symbols clubsyms.def" - cp ${srcdir}/libunbound/ubsyms.def clubsyms.def - echo lock_protect >> clubsyms.def - echo lock_unprotect >> clubsyms.def - echo lock_get_mem >> clubsyms.def - echo checklock_start >> clubsyms.def - echo checklock_stop >> clubsyms.def - echo checklock_lock >> clubsyms.def - echo checklock_unlock >> clubsyms.def - echo checklock_init >> clubsyms.def - echo checklock_thrcreate >> clubsyms.def - echo checklock_thrjoin >> clubsyms.def -fi - -# check for dnstap if requested -dt_DNSTAP([$UNBOUND_RUN_DIR/dnstap.sock], - [ - AC_DEFINE([USE_DNSTAP], [1], [Define to 1 to enable dnstap support]) - AC_SUBST([ENABLE_DNSTAP], [1]) - - AC_SUBST([opt_dnstap_socket_path]) - ACX_ESCAPE_BACKSLASH($opt_dnstap_socket_path, hdr_dnstap_socket_path) - AC_DEFINE_UNQUOTED(DNSTAP_SOCKET_PATH, - ["$hdr_dnstap_socket_path"], [default dnstap socket path]) - - AC_SUBST([DNSTAP_SRC], ["dnstap/dnstap.c dnstap/dnstap.pb-c.c"]) - AC_SUBST([DNSTAP_OBJ], ["dnstap.lo dnstap.pb-c.lo"]) - ], - [ - AC_SUBST([ENABLE_DNSTAP], [0]) - ] -) - -# check for dnscrypt if requested -dnsc_DNSCRYPT([ - AC_DEFINE([USE_DNSCRYPT], [1], [Define to 1 to enable dnscrypt support]) - AC_SUBST([ENABLE_DNSCRYPT], [1]) - - AC_SUBST([DNSCRYPT_SRC], ["dnscrypt/dnscrypt.c"]) - AC_SUBST([DNSCRYPT_OBJ], ["dnscrypt.lo"]) - ], - [ - AC_SUBST([ENABLE_DNSCRYPT], [0]) - ] -) - -# check for cachedb if requested -AC_ARG_ENABLE(cachedb, AC_HELP_STRING([--enable-cachedb], [enable cachedb module that can use external cache storage])) -case "$enable_cachedb" in - yes) - AC_DEFINE([USE_CACHEDB], [1], [Define to 1 to use cachedb support]) - ;; - no|*) - # nothing - ;; -esac - -AC_MSG_CHECKING([if ${MAKE:-make} supports $< with implicit rule in scope]) -# on openBSD, the implicit rule make $< work. -# on Solaris, it does not work ($? is changed sources, $^ lists dependencies). -# gmake works. -cat >conftest.make </dev/null -rm -f conftest.make conftest.c conftest.dir/conftest.c -rm -rf conftest.dir -if test ! -f conftest.lo; then - AC_MSG_RESULT(no) - SOURCEDETERMINE='echo "$^" | awk "-F " "{print \$$1;}" > .source' - SOURCEFILE='`cat .source`' -else - AC_MSG_RESULT(yes) - SOURCEDETERMINE=':' - SOURCEFILE='$<' -fi -rm -f conftest.lo -AC_SUBST(SOURCEDETERMINE) -AC_SUBST(SOURCEFILE) - -# see if we want to build the library or everything -ALLTARGET="alltargets" -INSTALLTARGET="install-all" -AC_ARG_WITH(libunbound-only, AC_HELP_STRING([--with-libunbound-only], - [do not build daemon and tool programs]), - [ - if test "$withval" = "yes"; then - ALLTARGET="lib" - INSTALLTARGET="install-lib" - fi -]) -AC_SUBST(ALLTARGET) -AC_SUBST(INSTALLTARGET) - -ACX_STRIP_EXT_FLAGS -LDFLAGS="$LATE_LDFLAGS $LDFLAGS" - -AC_DEFINE_UNQUOTED([MAXSYSLOGMSGLEN], [10240], [Define to the maximum message length to pass to syslog.]) - -AH_BOTTOM( -dnl this must be first AH_CONFIG, to define the flags before any includes. -AHX_CONFIG_EXT_FLAGS - -dnl includes -[ -#ifndef UNBOUND_DEBUG -# define NDEBUG -#endif - -/** Use small-ldns codebase */ -#define USE_SLDNS 1 -#ifdef HAVE_SSL -# define LDNS_BUILD_CONFIG_HAVE_SSL 1 -#endif - -#include -#include -#include -#include - -#if STDC_HEADERS -#include -#include -#endif - -#ifdef HAVE_STDARG_H -#include -#endif - -#ifdef HAVE_STDINT_H -#include -#endif - -#include - -#if HAVE_SYS_PARAM_H -#include -#endif - -#ifdef HAVE_SYS_SOCKET_H -#include -#endif - -#ifdef HAVE_SYS_UIO_H -#include -#endif - -#ifdef HAVE_NETINET_IN_H -#include -#endif - -#ifdef HAVE_NETINET_TCP_H -#include -#endif - -#ifdef HAVE_ARPA_INET_H -#include -#endif - -#ifdef HAVE_WINSOCK2_H -#include -#endif - -#ifdef HAVE_WS2TCPIP_H -#include -#endif - -#ifndef USE_WINSOCK -#define ARG_LL "%ll" -#else -#define ARG_LL "%I64" -#endif - -#ifndef AF_LOCAL -#define AF_LOCAL AF_UNIX -#endif -] - -AHX_CONFIG_FORMAT_ATTRIBUTE -AHX_CONFIG_UNUSED_ATTRIBUTE -AHX_CONFIG_FSEEKO -AHX_CONFIG_MAXHOSTNAMELEN -#if !defined(HAVE_SNPRINTF) || defined(SNPRINTF_RET_BROKEN) -#define snprintf snprintf_unbound -#define vsnprintf vsnprintf_unbound -#include -int snprintf (char *str, size_t count, const char *fmt, ...); -int vsnprintf (char *str, size_t count, const char *fmt, va_list arg); -#endif /* HAVE_SNPRINTF or SNPRINTF_RET_BROKEN */ -AHX_CONFIG_INET_PTON(unbound) -AHX_CONFIG_INET_NTOP(unbound) -AHX_CONFIG_INET_ATON(unbound) -AHX_CONFIG_MEMMOVE(unbound) -AHX_CONFIG_STRLCAT(unbound) -AHX_CONFIG_STRLCPY(unbound) -AHX_CONFIG_GMTIME_R(unbound) -AHX_CONFIG_REALLOCARRAY(unbound) -AHX_CONFIG_W32_SLEEP -AHX_CONFIG_W32_USLEEP -AHX_CONFIG_W32_RANDOM -AHX_CONFIG_W32_SRANDOM -AHX_CONFIG_W32_FD_SET_T -AHX_CONFIG_IPV6_MIN_MTU -AHX_MEMCMP_BROKEN(unbound) - -[ -#ifndef HAVE_CTIME_R -#define ctime_r unbound_ctime_r -char *ctime_r(const time_t *timep, char *buf); -#endif - -#ifndef HAVE_STRSEP -#define strsep unbound_strsep -char *strsep(char **stringp, const char *delim); -#endif - -#ifndef HAVE_ISBLANK -#define isblank unbound_isblank -int isblank(int c); -#endif - -#if defined(HAVE_INET_NTOP) && !HAVE_DECL_INET_NTOP -const char *inet_ntop(int af, const void *src, char *dst, size_t size); -#endif - -#if defined(HAVE_INET_PTON) && !HAVE_DECL_INET_PTON -int inet_pton(int af, const char* src, void* dst); -#endif - -#if !defined(HAVE_STRPTIME) || !defined(STRPTIME_WORKS) -#define strptime unbound_strptime -struct tm; -char *strptime(const char *s, const char *format, struct tm *tm); -#endif - -#ifdef HAVE_LIBRESSL -# if !HAVE_DECL_STRLCPY -size_t strlcpy(char *dst, const char *src, size_t siz); -# endif -# if !HAVE_DECL_STRLCAT -size_t strlcat(char *dst, const char *src, size_t siz); -# endif -# if !HAVE_DECL_ARC4RANDOM && defined(HAVE_ARC4RANDOM) -uint32_t arc4random(void); -# endif -# if !HAVE_DECL_ARC4RANDOM_UNIFORM && defined(HAVE_ARC4RANDOM_UNIFORM) -uint32_t arc4random_uniform(uint32_t upper_bound); -# endif -# if !HAVE_DECL_REALLOCARRAY -void *reallocarray(void *ptr, size_t nmemb, size_t size); -# endif -#endif /* HAVE_LIBRESSL */ -#ifndef HAVE_ARC4RANDOM -void explicit_bzero(void* buf, size_t len); -int getentropy(void* buf, size_t len); -uint32_t arc4random(void); -void arc4random_buf(void* buf, size_t n); -void _ARC4_LOCK(void); -void _ARC4_UNLOCK(void); -#endif -#ifndef HAVE_ARC4RANDOM_UNIFORM -uint32_t arc4random_uniform(uint32_t upper_bound); -#endif -#ifdef COMPAT_SHA512 -#ifndef SHA512_DIGEST_LENGTH -#define SHA512_BLOCK_LENGTH 128 -#define SHA512_DIGEST_LENGTH 64 -#define SHA512_DIGEST_STRING_LENGTH (SHA512_DIGEST_LENGTH * 2 + 1) -typedef struct _SHA512_CTX { - uint64_t state[8]; - uint64_t bitcount[2]; - uint8_t buffer[SHA512_BLOCK_LENGTH]; -} SHA512_CTX; -#endif /* SHA512_DIGEST_LENGTH */ -void SHA512_Init(SHA512_CTX*); -void SHA512_Update(SHA512_CTX*, void*, size_t); -void SHA512_Final(uint8_t[SHA512_DIGEST_LENGTH], SHA512_CTX*); -unsigned char *SHA512(void* data, unsigned int data_len, unsigned char *digest); -#endif /* COMPAT_SHA512 */ - - - -#if defined(HAVE_EVENT_H) && !defined(HAVE_EVENT_BASE_ONCE) && !(defined(HAVE_EV_LOOP) || defined(HAVE_EV_DEFAULT_LOOP)) && (defined(HAVE_PTHREAD) || defined(HAVE_SOLARIS_THREADS)) - /* using version of libevent that is not threadsafe. */ -# define LIBEVENT_SIGNAL_PROBLEM 1 -#endif - -#ifndef CHECKED_INET6 -# define CHECKED_INET6 -# ifdef AF_INET6 -# define INET6 -# else -# define AF_INET6 28 -# endif -#endif /* CHECKED_INET6 */ - -#ifndef HAVE_GETADDRINFO -struct sockaddr_storage; -#include "compat/fake-rfc2553.h" -#endif - -#ifdef UNBOUND_ALLOC_STATS -# define malloc(s) unbound_stat_malloc_log(s, __FILE__, __LINE__, __func__) -# define calloc(n,s) unbound_stat_calloc_log(n, s, __FILE__, __LINE__, __func__) -# define free(p) unbound_stat_free_log(p, __FILE__, __LINE__, __func__) -# define realloc(p,s) unbound_stat_realloc_log(p, s, __FILE__, __LINE__, __func__) -void *unbound_stat_malloc(size_t size); -void *unbound_stat_calloc(size_t nmemb, size_t size); -void unbound_stat_free(void *ptr); -void *unbound_stat_realloc(void *ptr, size_t size); -void *unbound_stat_malloc_log(size_t size, const char* file, int line, - const char* func); -void *unbound_stat_calloc_log(size_t nmemb, size_t size, const char* file, - int line, const char* func); -void unbound_stat_free_log(void *ptr, const char* file, int line, - const char* func); -void *unbound_stat_realloc_log(void *ptr, size_t size, const char* file, - int line, const char* func); -#elif defined(UNBOUND_ALLOC_LITE) -# include "util/alloc.h" -#endif /* UNBOUND_ALLOC_LITE and UNBOUND_ALLOC_STATS */ - -/** default port for DNS traffic. */ -#define UNBOUND_DNS_PORT 53 -/** default port for unbound control traffic, registered port with IANA, - ub-dns-control 8953/tcp unbound dns nameserver control */ -#define UNBOUND_CONTROL_PORT 8953 -/** the version of unbound-control that this software implements */ -#define UNBOUND_CONTROL_VERSION 1 - -]) - -dnl if we build from source tree, the man pages need @date@ and @version@ -dnl if this is a distro tarball, that was already done by makedist.sh -AC_SUBST(version, [VERSION_MAJOR.VERSION_MINOR.VERSION_MICRO]) -AC_SUBST(date, [`date +'%b %e, %Y'`]) - -AC_CONFIG_FILES([Makefile doc/example.conf doc/libunbound.3 doc/unbound.8 doc/unbound-anchor.8 doc/unbound-checkconf.8 doc/unbound.conf.5 doc/unbound-control.8 doc/unbound-host.1 smallapp/unbound-control-setup.sh dnstap/dnstap_config.h dnscrypt/dnscrypt_config.h contrib/libunbound.pc contrib/unbound.socket contrib/unbound.service]) -AC_CONFIG_HEADER([config.h]) -AC_OUTPUT diff --git a/external/unbound/configure_checks.cmake b/external/unbound/configure_checks.cmake deleted file mode 100644 index 2acf556d1..000000000 --- a/external/unbound/configure_checks.cmake +++ /dev/null @@ -1,237 +0,0 @@ -include(CheckIncludeFile) -include(CheckFunctionExists) -include(CheckSymbolExists) -include(CheckTypeSize) - -# Need expat. - -check_include_file(arpa/inet.h HAVE_ARPA_INET_H) -check_include_file(endian.h HAVE_ENDIAN_H) -check_include_file(dlfcn.h HAVE_DLFCN_H) -check_include_file(event.h HAVE_EVENT_H) -check_include_file(getopt.h HAVE_GETOPT_H) -check_include_file(glob.h HAVE_GLOB_H) -check_include_file(grp.h HAVE_GRP_H) -check_include_file(inttypes.h HAVE_INTTYPES_H) -check_include_file(iphlpapi.h HAVE_IPHLPAPI_H) -check_include_file(login_cap.h HAVE_LOGIN_CAP_H) -check_include_file(memory.h HAVE_MEMORY_H) -check_include_file(netdb.h HAVE_NETDB_H) -check_include_file(netinet/in.h HAVE_NETINET_IN_H) -check_include_file(pthread.h HAVE_PTHREAD) -check_include_file(pwd.h HAVE_PWD_H) -check_include_file(stdarg.h HAVE_STDARG_H) -check_include_file(stdbool.h HAVE_STDBOOL_H) -check_include_file(stdint.h HAVE_STDINT_H) -check_include_file(stdlib.h HAVE_STDLIB_H) -check_include_file(strings.h HAVE_STRINGS_H) -check_include_file(string.h HAVE_STRING_H) -check_include_file(sys/param.h HAVE_SYS_PARAM_H) -check_include_file(sys/resource.h HAVE_SYS_RESOURCE_H) -check_include_file(sys/sha2.h HAVE_SYS_SHA2_H) -check_include_file(sys/socket.h HAVE_SYS_SOCKET_H) -check_include_file(sys/stat.h HAVE_SYS_STAT_H) -check_include_file(sys/sysctl.h HAVE_SYS_SYSCTL_H) -check_include_file(sys/types.h HAVE_SYS_TYPES_H) -check_include_file(sys/uio.h HAVE_SYS_UIO_H) -check_include_file(sys/un.h HAVE_SYS_UN_H) -check_include_file(sys/wait.h HAVE_SYS_WAIT_H) -check_include_file(syslog.h HAVE_SYSLOG_H) -check_include_file(time.h HAVE_TIME_H) -check_include_file(unistd.h HAVE_UNISTD_H) -check_include_file(vfork.h HAVE_VFORK_H) -check_include_file(windows.h HAVE_WINDOWS_H) -check_include_file(winsock2.h HAVE_WINSOCK2_H) -check_include_file(ws2tcpip.h HAVE_WS2TCPIP_H) - -if (WIN32) - set(CMAKE_REQUIRED_LIBRARIES - iphlpapi - ws2_32) -endif () -if (CMAKE_SYSTEM_NAME MATCHES "(SunOS|Solaris)") - set(CMAKE_REQUIRED_LIBRARIES - socket - nsl) -endif () - -check_function_exists(_beginthreadex HAVE__BEGINTHREADEX) -check_function_exists(arc4random HAVE_ARC4RANDOM) -check_function_exists(arc4random_uniform HAVE_ARC4RANDOM_UNIFORM) -check_function_exists(chown HAVE_CHOWN) -check_function_exists(chroot HAVE_CHROOT) -check_function_exists(ctime_r HAVE_CTIME_R) -check_function_exists(daemon HAVE_DAEMON) -check_function_exists(endprotoent HAVE_ENDPROTOENT) -check_function_exists(endservent HAVE_ENDSERVENT) -check_function_exists(fork HAVE_FORK) -check_function_exists(fseeko HAVE_FSEEKO) -check_function_exists(fsync HAVE_FSYNC) -check_function_exists(getauxval HAVE_GETAUXVAL) -check_function_exists(getentropy HAVE_GETENTROPY) -check_function_exists(getpwnam HAVE_GETPWNAM) -check_function_exists(getrlimit HAVE_GETRLIMIT) -check_function_exists(glob HAVE_GLOB) -check_function_exists(gmtime_r HAVE_GMTIME_R) -check_function_exists(fcntl HAVE_FCNTL) -check_function_exists(inet_aton HAVE_INET_ATON) -check_function_exists(inet_ntop HAVE_INET_NTOP) -check_function_exists(inet_pton HAVE_INET_PTON) -check_function_exists(initgroups HAVE_INITGROUPS) -check_function_exists(ioctlsocket HAVE_IOCTLSOCKET) -check_function_exists(isblank HAVE_ISBLANK) -check_function_exists(kill HAVE_KILL) -check_function_exists(localtime_r HAVE_LOCALTIME_R) -check_function_exists(malloc HAVE_MALLOC) -check_function_exists(memmove HAVE_MEMMOVE) -check_function_exists(random HAVE_RANDOM) -check_function_exists(reallocarray HAVE_DECL_REALLOCARRAY) -check_function_exists(recvmsg HAVE_RECVMSG) -check_function_exists(sbrk HAVE_SBRK) -check_function_exists(sendmsg HAVE_SENDMSG) -check_function_exists(setregid HAVE_SETREGID) -check_function_exists(setresgid HAVE_SETRESGID) -check_function_exists(setresuid HAVE_SETRESUID) -check_function_exists(setreuid HAVE_SETREUID) -check_function_exists(setrlimit HAVE_SETRLIMIT) -check_function_exists(setsid HAVE_SETSID) -check_function_exists(setusercontent HAVE_SETUSERCONTENT) -check_function_exists(sigprocmask HAVE_SIGPROCMASK) -check_function_exists(sleep HAVE_SLEEP) -check_function_exists(snprintf HAVE_SNPRINTF) -check_function_exists(socketpair HAVE_SOCKETPAIR) -check_function_exists(srandom HAVE_SRANDOM) -check_function_exists(strsep HAVE_STRSEP) -check_function_exists(strftime HAVE_STRFTIME) -check_function_exists(strlcat HAVE_STRLCAT) -check_function_exists(strlcpy HAVE_STRLCPY) -check_function_exists(strptime HAVE_STRPTIME) -check_function_exists(strlcpy HAVE_STRLCPY) -check_function_exists(tzset HAVE_TZSET) -check_function_exists(usleep HAVE_USLEEP) -check_function_exists(writev HAVE_WRITEV) -check_function_exists(_beginthreadex HAVE__BEGINTHREADEX) - -set(getaddrinfo_headers) -if (HAVE_NETDB_H) - list(APPEND getaddrinfo_headers "netdb.h") -endif () -if (HAVE_WS2TCPIP_H) - list(APPEND getaddrinfo_headers "ws2tcpip.h") -endif () -check_symbol_exists(getaddrinfo "${getaddrinfo_headers}" HAVE_GETADDRINFO) - -check_function_exists(getaddrinfo HAVE_GETADDRINFO) - -function (check_type_exists type variable header default) - set(CMAKE_EXTRA_INCLUDE_FILES "${header}") - check_type_size("${type}" "${variable}") - - if (NOT HAVE_${type}) - set("${variable}" "${default}" PARENT_SCOPE) - else () - set("${variable}" "FALSE" PARENT_SCOPE) - endif () -endfunction () - -set(CMAKE_EXTRA_INCLUDE_FILES "time.h") -check_type_size(time_t SIZEOF_TIME_T) -set(CMAKE_EXTRA_INCLUDE_FILES) - -check_type_exists(gid_t gid_t "sys/types.h" int) -check_type_exists(in_addr_t in_addr_t "netinet/in.h" uint32_t) -check_type_exists(in_port_t in_port_t "netinet/in.h" uint16_t) -check_type_exists(int16_t int16_t "sys/types.h" short) -check_type_exists(int32_t int32_t "sys/types.h" int) -check_type_exists(int64_t int64_t "sys/types.h" __int64) -check_type_exists(int8_t int8_t "sys/types.h" char) -check_type_exists(pid_t pid_t "sys/types.h" int) -check_type_exists(rlim_t rlim_t "sys/resource.h" "unsigned long") -check_type_exists(ssize_t ssize_t "sys/types.h" int) -check_type_exists(uid_t uid_t "sys/types.h" int) -check_type_exists(uint16_t uint16_t "sys/types.h" "unsigned short") -check_type_exists(uint32_t uint32_t "sys/types.h" "unsigned int") -check_type_exists(uint64_t uint64_t "sys/types.h" "unsigned long long") -check_type_exists(uint8_t uint8_t "sys/types.h" "unsigned char") - -if (WIN32) - set(UB_ON_WINDOWS 1) -endif () - -if (MSVC) - set(inline __inline) - set(__func__ __FUNCTION__) -endif () - -if (NOT HAVE_VFORK) - set(vfork fork) -endif () - -# XXX: Check for broken malloc()? -# XXX: Check for broken memcmp()? -# XXX: Check for broken vfork()? -# XXX: Check for one-arg mkdir? - -check_symbol_exists(inet_pton "arpa/inet.h" HAVE_INET_PTON) -check_symbol_exists(inet_ntop "arpa/inet.h" HAVE_INET_NTOP) - -check_symbol_exists(strsep "string.h" HAVE_STRSEP) - -check_symbol_exists(PTHREAD_PRIO_INHERIT "pthread.h" HAVE_PTHREAD_PRIO_INHERIT) -check_symbol_exists(pthread_rwlock_t "pthread.h" HAVE_PTHREAD_RWLOCK_T) -check_symbol_exists(pthread_spinlock_t "pthread.h" HAVE_PTHREAD_SPINLOCK_T) - -# openssl -set(CMAKE_REQUIRED_INCLUDES - ${OPENSSL_INCLUDE_DIR}) - -check_include_file(openssl/conf.h HAVE_OPENSSL_CONF_H) -check_include_file(openssl/engine.h HAVE_OPENSSL_ENGINE_H) -check_include_file(openssl/err.h HAVE_OPENSSL_ERR_H) -check_include_file(openssl/rand.h HAVE_OPENSSL_RAND_H) -check_include_file(openssl/ssl.h HAVE_OPENSSL_SSL_H) - -set(CMAKE_REQUIRED_INCLUDES) - -check_symbol_exists(NID_secp384r1 "openssl/evp.h" HAVE_DECL_NID_SECP384R1) -check_symbol_exists(NID_X9_62_prime256v1 "openssl/evp.h" HAVE_DECL_NID_X9_62_PRIME256V1) -check_symbol_exists(sk_SSL_COMP_pop_free "openssl/ssl.h" HAVE_DECL_SK_SSL_COMP_POP_FREE) -check_symbol_exists(SSL_COMP_get_compression_methods "openssl/ssl.h" HAVE_DECL_SSL_COMP_GET_COMPRESSION_METHODS) - -set(CMAKE_REQUIRED_LIBRARIES - ${OPENSSL_LIBRARIES}) - -check_function_exists(EVP_MD_CTX_new HAVE_EVP_MD_CTX_NEW) -check_function_exists(EVP_sha1 HAVE_EVP_SHA1) -check_function_exists(EVP_sha256 HAVE_EVP_SHA256) -check_function_exists(EVP_sha512 HAVE_EVP_SHA512) -check_function_exists(FIPS_mode HAVE_FIPS_MODE) -check_function_exists(HMAC_Update HAVE_HMAC_UPDATE) -check_function_exists(OPENSSL_config HAVE_OPENSSL_CONFIG) -check_function_exists(SHA512_Update HAVE_SHA512_UPDATE) - -set(CMAKE_REQUIRED_LIBRARIES) - -set(UNBOUND_CONFIGFILE "${CMAKE_INSTALL_PREFIX}/etc/unbound/unbound.conf" - CACHE STRING "default configuration file") -set(UNBOUND_USERNAME "unbound" - CACHE STRING "default user that unbound changes to") -set(UNBOUND_CHROOT_DIR "${CMAKE_INSTALL_PREFIX}/etc/unbound" - CACHE STRING "default directory to chroot to") -set(UNBOUND_RUN_DIR "${CMAKE_INSTALL_PREFIX}/etc/unbound" - CACHE STRING "default directory to chroot to") -set(UNBOUND_SHARE_DIR "${CMAKE_INSTALL_PREFIX}/etc/unbound" - CACHE STRING "default directory with shared data") -set(UNBOUND_PIDFILE "${CMAKE_INSTALL_PREFIX}/etc/unbound/unbound.pid" - CACHE STRING "default pathname to the pidfile") - -# Copied from configure.ac. -set(WINVER 0x0502) -set(PACKAGE_VERSION "1.5.8") -set(PACKAGE_NAME "${PROJECT_NAME}") -set(PACKAGE_STRING "${PACKAGE_NAME} ${PACKAGE_VERSION}") -set(MAXSYSLOGMSGLEN 10240) - -# Make assumptions. -set(HAVE_WORKING_FORK ${HAVE_FORK}) -set(HAVE_WORKING_VFORK ${HAVE_VFORK}) diff --git a/external/unbound/contrib/README b/external/unbound/contrib/README deleted file mode 100644 index 7ccae735d..000000000 --- a/external/unbound/contrib/README +++ /dev/null @@ -1,33 +0,0 @@ -These files are contributed to unbound, and are not part of the official -distribution but may be helpful. - -* rc_d_unbound: FreeBSD compatible /etc/rc.d script. -* parseunbound.pl: perl script to run from cron that parses statistics from - the log file and stores them. -* unbound.spec and unbound.init: RPM specfile and Linux rc.d initfile. -* update-anchor.sh: shell script that uses unbound-host to update a set - of trust anchor files. Run from cron twice a month. -* unbound_munin_ : plugin for munin statistics report -* unbound_cacti.tar.gz : setup files for cacti statistics report -* selinux: the .fc and .te files for SElinux protection of the unbound daemon -* unbound.plist: launchd configuration file for MacOSX. -* build-unbound-localzone-from-hosts.pl: perl script to turn /etc/hosts into - a local-zone and local-data include file for unbound.conf. -* unbound-host.nagios.patch: makes unbound-host return status that fits right - in with the nagios monitoring framework. Contributed by Migiel de Vos. -* patch_rsamd5_enable.diff: this patch enables RSAMD5 validation (otherwise - it is treated as insecure). The RSAMD5 algorithm is deprecated (RFC6725). -* create_unbound_ad_servers.sh: shell script to enter anti-ad server lists. -* create_unbound_ad_servers.cmd: windows script to enter anti-ad server lists. -* unbound_cache.sh: shell script to save and load the cache. -* unbound_cache.cmd: windows script to save and load the cache. -* warmup.sh: shell script to warm up DNS cache by your own MRU domains. -* warmup.cmd: windows script to warm up DNS cache by your own MRU domains. -* aaaa-filter-iterator.patch: adds config option aaaa-filter: yes that - works like the BIND feature (removes AAAA records unless AAAA-only domain). - Useful for certain 'broken IPv6 default route' scenarios. - Patch from Stephane Lapie for ASAHI Net. -* unbound_smf22.tar.gz: Solaris SMF installation/removal scripts. - Contributed by Yuri Voinov. -* unbound.socket and unbound.service: systemd files for unbound, install them - in /usr/lib/systemd/system. Contributed by Sami Kerola and Pavel Odintsov. diff --git a/external/unbound/contrib/aaaa-filter-iterator.patch b/external/unbound/contrib/aaaa-filter-iterator.patch deleted file mode 100644 index 0647f4979..000000000 --- a/external/unbound/contrib/aaaa-filter-iterator.patch +++ /dev/null @@ -1,413 +0,0 @@ -Index: trunk/doc/unbound.conf.5.in -=================================================================== ---- trunk/doc/unbound.conf.5.in (revision 3587) -+++ trunk/doc/unbound.conf.5.in (working copy) -@@ -593,6 +593,13 @@ - possible. Best effort approach, full QNAME and original QTYPE will be sent when - upstream replies with a RCODE other than NOERROR. Default is off. - .TP -+.B aaaa\-filter: \fI -+Activate behavior similar to BIND's AAAA-filter. -+This forces the dropping of all AAAA records, unless in the case of -+explicit AAAA queries, when no A records have been confirmed. -+This also causes an additional A query to be sent for each AAAA query. -+This breaks DNSSEC! -+.TP - .B private\-address: \fI - Give IPv4 of IPv6 addresses or classless subnets. These are addresses - on your private network, and are not allowed to be returned for -Index: trunk/iterator/iter_scrub.c -=================================================================== ---- trunk/iterator/iter_scrub.c (revision 3587) -+++ trunk/iterator/iter_scrub.c (working copy) -@@ -617,6 +617,32 @@ - } - - /** -+ * ASN: Lookup A records from rrset cache. -+ * @param qinfo: the question originally asked. -+ * @param env: module environment with config and cache. -+ * @param ie: iterator environment with private address data. -+ * @return 0 if no A record found, 1 if A record found. -+ */ -+static int -+asn_lookup_a_record_from_cache(struct query_info* qinfo, -+ struct module_env* env, struct iter_env* ATTR_UNUSED(ie)) -+{ -+ struct ub_packed_rrset_key* akey; -+ -+ /* get cached A records for queried name */ -+ akey = rrset_cache_lookup(env->rrset_cache, qinfo->qname, -+ qinfo->qname_len, LDNS_RR_TYPE_A, qinfo->qclass, -+ 0, *env->now, 0); -+ if(akey) { /* we had some. */ -+ log_rrset_key(VERB_ALGO, "ASN-AAAA-filter: found A record", -+ akey); -+ lock_rw_unlock(&akey->entry.lock); -+ return 1; -+ } -+ return 0; -+} -+ -+/** - * Given a response event, remove suspect RRsets from the response. - * "Suspect" rrsets are potentially poison. Note that this routine expects - * the response to be in a "normalized" state -- that is, all "irrelevant" -@@ -635,6 +661,7 @@ - struct query_info* qinfo, uint8_t* zonename, struct module_env* env, - struct iter_env* ie) - { -+ int found_a_record = 0; /* ASN: do we have a A record? */ - int del_addi = 0; /* if additional-holding rrsets are deleted, we - do not trust the normalized additional-A-AAAA any more */ - struct rrset_parse* rrset, *prev; -@@ -670,6 +697,13 @@ - rrset = rrset->rrset_all_next; - } - -+ /* ASN: Locate any A record we can find */ -+ if((ie->aaaa_filter) && (qinfo->qtype == LDNS_RR_TYPE_AAAA)) { -+ found_a_record = asn_lookup_a_record_from_cache(qinfo, -+ env, ie); -+ } -+ /* ASN: End of added code */ -+ - /* At this point, we brutally remove ALL rrsets that aren't - * children of the originating zone. The idea here is that, - * as far as we know, the server that we contacted is ONLY -@@ -681,6 +715,24 @@ - rrset = msg->rrset_first; - while(rrset) { - -+ /* ASN: For AAAA records only... */ -+ if((ie->aaaa_filter) && (rrset->type == LDNS_RR_TYPE_AAAA)) { -+ /* ASN: If this is not a AAAA query, then remove AAAA -+ * records, no questions asked. If this IS a AAAA query -+ * then remove AAAA records if we have an A record. -+ * Otherwise, leave things be. */ -+ if((qinfo->qtype != LDNS_RR_TYPE_AAAA) || -+ (found_a_record)) { -+ remove_rrset("ASN-AAAA-filter: removing AAAA " -+ "for record", pkt, msg, prev, &rrset); -+ continue; -+ } -+ log_nametypeclass(VERB_ALGO, "ASN-AAAA-filter: " -+ "keep AAAA for", zonename, -+ LDNS_RR_TYPE_AAAA, qinfo->qclass); -+ } -+ /* ASN: End of added code */ -+ - /* remove private addresses */ - if( (rrset->type == LDNS_RR_TYPE_A || - rrset->type == LDNS_RR_TYPE_AAAA)) { -Index: trunk/iterator/iter_utils.c -=================================================================== ---- trunk/iterator/iter_utils.c (revision 3587) -+++ trunk/iterator/iter_utils.c (working copy) -@@ -175,6 +175,7 @@ - } - iter_env->supports_ipv6 = cfg->do_ip6; - iter_env->supports_ipv4 = cfg->do_ip4; -+ iter_env->aaaa_filter = cfg->aaaa_filter; - return 1; - } - -Index: trunk/iterator/iterator.c -=================================================================== ---- trunk/iterator/iterator.c (revision 3587) -+++ trunk/iterator/iterator.c (working copy) -@@ -1776,6 +1776,53 @@ - - return 0; - } -+ -+/** -+ * ASN: This event state was added as an intermediary step between -+ * QUERYTARGETS_STATE and the next step, in order to cast a subquery for the -+ * purpose of caching A records for the queried name. -+ * -+ * @param qstate: query state. -+ * @param iq: iterator query state. -+ * @param ie: iterator shared global environment. -+ * @param id: module id. -+ * @return true if the event requires more request processing immediately, -+ * false if not. This state only returns true when it is generating -+ * a SERVFAIL response because the query has hit a dead end. -+ */ -+static int -+asn_processQueryAAAA(struct module_qstate* qstate, struct iter_qstate* iq, -+ struct iter_env* ATTR_UNUSED(ie), int id) -+{ -+ struct module_qstate* subq = NULL; -+ -+ log_assert(iq->fetch_a_for_aaaa == 0); -+ -+ /* flag the query properly in order to not loop */ -+ iq->fetch_a_for_aaaa = 1; -+ -+ /* re-throw same query, but with a different type */ -+ if(!generate_sub_request(iq->qchase.qname, -+ iq->qchase.qname_len, LDNS_RR_TYPE_A, -+ iq->qchase.qclass, qstate, id, iq, -+ INIT_REQUEST_STATE, FINISHED_STATE, &subq, 1)) { -+ log_nametypeclass(VERB_ALGO, "ASN-AAAA-filter: failed " -+ "preloading of A record for", -+ iq->qchase.qname, LDNS_RR_TYPE_A, -+ iq->qchase.qclass); -+ return error_response(qstate, id, LDNS_RCODE_SERVFAIL); -+ } -+ log_nametypeclass(VERB_ALGO, "ASN-AAAA-filter: " -+ "preloading records in cache for", -+ iq->qchase.qname, LDNS_RR_TYPE_A, -+ iq->qchase.qclass); -+ -+ /* set this query as waiting */ -+ qstate->ext_state[id] = module_wait_subquery; -+ /* at this point break loop */ -+ return 0; -+} -+/* ASN: End of added code */ - - /** - * This is the request event state where the request will be sent to one of -@@ -1823,6 +1870,13 @@ - return error_response(qstate, id, LDNS_RCODE_SERVFAIL); - } - -+ /* ASN: If we have a AAAA query, then also query for A records */ -+ if((ie->aaaa_filter) && (iq->qchase.qtype == LDNS_RR_TYPE_AAAA) && -+ (iq->fetch_a_for_aaaa == 0)) { -+ return next_state(iq, ASN_FETCH_A_FOR_AAAA_STATE); -+ } -+ /* ASN: End of added code */ -+ - /* Make sure we have a delegation point, otherwise priming failed - * or another failure occurred */ - if(!iq->dp) { -@@ -2922,6 +2976,61 @@ - return 0; - } - -+/** -+ * ASN: Do final processing on responses to A queries originated from AAAA -+ * queries. Events reach this state after the iterative resolution algorithm -+ * terminates. -+ * This is required down the road to decide whether to scrub AAAA records -+ * from the results or not. -+ * -+ * @param qstate: query state. -+ * @param id: module id. -+ * @param forq: super query state. -+ */ -+static void -+asn_processAAAAResponse(struct module_qstate* qstate, int id, -+ struct module_qstate* super) -+{ -+ /*struct iter_qstate* iq = (struct iter_qstate*)qstate->minfo[id];*/ -+ struct iter_qstate* super_iq = (struct iter_qstate*)super->minfo[id]; -+ struct delegpt_ns* dpns = NULL; -+ int error = (qstate->return_rcode != LDNS_RCODE_NOERROR); -+ -+ log_assert(super_iq->fetch_a_for_aaaa > 0); -+ -+ /* let super go to evaluation of targets after this */ -+ super_iq->state = QUERYTARGETS_STATE; -+ -+ log_query_info(VERB_ALGO, "ASN-AAAA-filter: processAAAAResponse", -+ &qstate->qinfo); -+ log_query_info(VERB_ALGO, "ASN-AAAA-filter: processAAAAResponse super", -+ &super->qinfo); -+ -+ if(super_iq->dp) -+ dpns = delegpt_find_ns(super_iq->dp, -+ qstate->qinfo.qname, qstate->qinfo.qname_len); -+ if (!dpns) { -+ /* not interested */ -+ verbose(VERB_ALGO, "ASN-AAAA-filter: subq: %s, but parent not " -+ "interested%s", (error ? "error, but" : "success"), -+ (super_iq->dp ? "anymore" : " (was reset)")); -+ log_query_info(VERB_ALGO, "ASN-AAAA-filter: superq", &super->qinfo); -+ if(super_iq->dp && error) -+ delegpt_log(VERB_ALGO, super_iq->dp); -+ return; -+ } else if (error) { -+ verbose(VERB_ALGO, "ASN-AAAA-filter: mark as failed, " -+ "and go to target query."); -+ /* see if the failure did get (parent-lame) info */ -+ if(!cache_fill_missing(super->env, -+ super_iq->qchase.qclass, super->region, -+ super_iq->dp)) -+ log_err("ASN-AAAA-filter: out of memory adding missing"); -+ dpns->resolved = 1; /* mark as failed */ -+ } -+} -+/* ASN: End of added code */ -+ - /* - * Return priming query results to interestes super querystates. - * -@@ -2941,6 +3050,9 @@ - else if(super->qinfo.qtype == LDNS_RR_TYPE_DS && ((struct iter_qstate*) - super->minfo[id])->state == DSNS_FIND_STATE) - processDSNSResponse(qstate, id, super); -+ else if (super->qinfo.qtype == LDNS_RR_TYPE_AAAA && ((struct iter_qstate*) -+ super->minfo[id])->state == ASN_FETCH_A_FOR_AAAA_STATE) -+ asn_processAAAAResponse(qstate, id, super); - else if(qstate->return_rcode != LDNS_RCODE_NOERROR) - error_supers(qstate, id, super); - else if(qstate->is_priming) -@@ -2978,6 +3090,9 @@ - case INIT_REQUEST_3_STATE: - cont = processInitRequest3(qstate, iq, id); - break; -+ case ASN_FETCH_A_FOR_AAAA_STATE: -+ cont = asn_processQueryAAAA(qstate, iq, ie, id); -+ break; - case QUERYTARGETS_STATE: - cont = processQueryTargets(qstate, iq, ie, id); - break; -@@ -3270,6 +3385,8 @@ - return "INIT REQUEST STATE (stage 2)"; - case INIT_REQUEST_3_STATE: - return "INIT REQUEST STATE (stage 3)"; -+ case ASN_FETCH_A_FOR_AAAA_STATE: -+ return "ASN_FETCH_A_FOR_AAAA_STATE"; - case QUERYTARGETS_STATE : - return "QUERY TARGETS STATE"; - case PRIME_RESP_STATE : -@@ -3294,6 +3411,7 @@ - case INIT_REQUEST_STATE : - case INIT_REQUEST_2_STATE : - case INIT_REQUEST_3_STATE : -+ case ASN_FETCH_A_FOR_AAAA_STATE : - case QUERYTARGETS_STATE : - case COLLECT_CLASS_STATE : - return 0; -Index: trunk/iterator/iterator.h -=================================================================== ---- trunk/iterator/iterator.h (revision 3587) -+++ trunk/iterator/iterator.h (working copy) -@@ -113,6 +113,9 @@ - */ - int* target_fetch_policy; - -+ /** ASN: AAAA-filter flag */ -+ int aaaa_filter; -+ - /** ip6.arpa dname in wireformat, used for qname-minimisation */ - uint8_t* ip6arpa_dname; - }; -@@ -163,6 +166,14 @@ - INIT_REQUEST_3_STATE, - - /** -+ * This state is responsible for intercepting AAAA queries, -+ * and launch a A subquery on the same target, to populate the -+ * cache with A records, so the AAAA filter scrubbing logic can -+ * work. -+ */ -+ ASN_FETCH_A_FOR_AAAA_STATE, -+ -+ /** - * Each time a delegation point changes for a given query or a - * query times out and/or wakes up, this state is (re)visited. - * This state is reponsible for iterating through a list of -@@ -346,6 +357,13 @@ - */ - int refetch_glue; - -+ /** -+ * ASN: This is a flag that, if true, means that this query is -+ * for fetching A records to populate cache and determine if we must -+ * return AAAA records or not. -+ */ -+ int fetch_a_for_aaaa; -+ - /** list of pending queries to authoritative servers. */ - struct outbound_list outlist; - -Index: trunk/pythonmod/interface.i -=================================================================== ---- trunk/pythonmod/interface.i (revision 3587) -+++ trunk/pythonmod/interface.i (working copy) -@@ -632,6 +632,7 @@ - int harden_dnssec_stripped; - int harden_referral_path; - int use_caps_bits_for_id; -+ int aaaa_filter; /* ASN */ - struct config_strlist* private_address; - struct config_strlist* private_domain; - size_t unwanted_threshold; -Index: trunk/util/config_file.c -=================================================================== ---- trunk/util/config_file.c (revision 3587) -+++ trunk/util/config_file.c (working copy) -@@ -176,6 +176,7 @@ - cfg->harden_referral_path = 0; - cfg->harden_algo_downgrade = 0; - cfg->use_caps_bits_for_id = 0; -+ cfg->aaaa_filter = 0; /* ASN: default is disabled */ - cfg->caps_whitelist = NULL; - cfg->private_address = NULL; - cfg->private_domain = NULL; -Index: trunk/util/config_file.h -=================================================================== ---- trunk/util/config_file.h (revision 3587) -+++ trunk/util/config_file.h (working copy) -@@ -179,6 +179,8 @@ - int harden_algo_downgrade; - /** use 0x20 bits in query as random ID bits */ - int use_caps_bits_for_id; -+ /** ASN: enable AAAA filter? */ -+ int aaaa_filter; - /** 0x20 whitelist, domains that do not use capsforid */ - struct config_strlist* caps_whitelist; - /** strip away these private addrs from answers, no DNS Rebinding */ -Index: trunk/util/configlexer.lex -=================================================================== ---- trunk/util/configlexer.lex (revision 3587) -+++ trunk/util/configlexer.lex (working copy) -@@ -267,6 +267,7 @@ - use-caps-for-id{COLON} { YDVAR(1, VAR_USE_CAPS_FOR_ID) } - caps-whitelist{COLON} { YDVAR(1, VAR_CAPS_WHITELIST) } - unwanted-reply-threshold{COLON} { YDVAR(1, VAR_UNWANTED_REPLY_THRESHOLD) } -+aaaa-filter{COLON} { YDVAR(1, VAR_AAAA_FILTER) } - private-address{COLON} { YDVAR(1, VAR_PRIVATE_ADDRESS) } - private-domain{COLON} { YDVAR(1, VAR_PRIVATE_DOMAIN) } - prefetch-key{COLON} { YDVAR(1, VAR_PREFETCH_KEY) } -Index: trunk/util/configparser.y -=================================================================== ---- trunk/util/configparser.y (revision 3587) -+++ trunk/util/configparser.y (working copy) -@@ -92,6 +92,7 @@ - %token VAR_STATISTICS_CUMULATIVE VAR_OUTGOING_PORT_PERMIT - %token VAR_OUTGOING_PORT_AVOID VAR_DLV_ANCHOR_FILE VAR_DLV_ANCHOR - %token VAR_NEG_CACHE_SIZE VAR_HARDEN_REFERRAL_PATH VAR_PRIVATE_ADDRESS -+%token VAR_AAAA_FILTER - %token VAR_PRIVATE_DOMAIN VAR_REMOTE_CONTROL VAR_CONTROL_ENABLE - %token VAR_CONTROL_INTERFACE VAR_CONTROL_PORT VAR_SERVER_KEY_FILE - %token VAR_SERVER_CERT_FILE VAR_CONTROL_KEY_FILE VAR_CONTROL_CERT_FILE -@@ -169,6 +170,7 @@ - server_dlv_anchor_file | server_dlv_anchor | server_neg_cache_size | - server_harden_referral_path | server_private_address | - server_private_domain | server_extended_statistics | -+ server_aaaa_filter | - server_local_data_ptr | server_jostle_timeout | - server_unwanted_reply_threshold | server_log_time_ascii | - server_domain_insecure | server_val_sig_skew_min | -@@ -893,6 +895,15 @@ - yyerror("out of memory"); - } - ; -+server_aaaa_filter: VAR_AAAA_FILTER STRING_ARG -+ { -+ OUTYY(("P(server_aaaa_filter:%s)\n", $2)); -+ if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0) -+ yyerror("expected yes or no."); -+ else cfg_parser->cfg->aaaa_filter = (strcmp($2, "yes")==0); -+ free($2); -+ } -+ ; - server_private_address: VAR_PRIVATE_ADDRESS STRING_ARG - { - OUTYY(("P(server_private_address:%s)\n", $2)); diff --git a/external/unbound/contrib/build-unbound-localzone-from-hosts.pl b/external/unbound/contrib/build-unbound-localzone-from-hosts.pl deleted file mode 100644 index c11bbc330..000000000 --- a/external/unbound/contrib/build-unbound-localzone-from-hosts.pl +++ /dev/null @@ -1,67 +0,0 @@ -#!/usr/bin/perl -WT - -use strict; -use warnings; - -my $hostsfile = '/etc/hosts'; -my $localzonefile = '/etc/unbound/localzone.conf.new'; - -my $localzone = 'example.com'; - -open( HOSTS,"<${hostsfile}" ) or die( "Could not open ${hostsfile}: $!" ); -open( ZONE,">${localzonefile}" ) or die( "Could not open ${localzonefile}: $!" ); - -print ZONE "server:\n\n"; -print ZONE "local-zone: \"${localzone}\" transparent\n\n"; - -my %ptrhash; - -while ( my $hostline = ) { - - # Skip comments - if ( $hostline !~ "^#" and $hostline !~ '^\s+$' ) { - - my @entries = split( /\s+/, $hostline ); - - my $ip; - - my $count = 0; - foreach my $entry ( @entries ) { - if ( $count == 0 ) { - $ip = $entry; - } else { - - if ( $count == 1) { - - # Only return localhost for 127.0.0.1 and ::1 - if ( ($ip ne '127.0.0.1' and $ip ne '::1') or $entry =~ 'localhost' ) { - if ( ! defined $ptrhash{$ip} ) { - $ptrhash{$ip} = $entry; - print ZONE "local-data-ptr: \"$ip $entry\"\n"; - } - } - - } - - # Use AAAA for IPv6 addresses - my $a = 'A'; - if ( $ip =~ ':' ) { - $a = 'AAAA'; - } - - print ZONE "local-data: \"$entry ${a} $ip\"\n"; - - } - $count++; - } - print ZONE "\n"; - - - } -} - - - - -__END__ - diff --git a/external/unbound/contrib/create_unbound_ad_servers.cmd b/external/unbound/contrib/create_unbound_ad_servers.cmd deleted file mode 100644 index 91d18db3e..000000000 --- a/external/unbound/contrib/create_unbound_ad_servers.cmd +++ /dev/null @@ -1,33 +0,0 @@ -@Echo off -rem Convert the Yoyo.org anti-ad server listing -rem into an unbound dns spoof redirection list. -rem Written by Y.Voinov (c) 2014 - -rem Note: Wget required! - -rem Variables -set prefix="C:\Program Files (x86)" -set dst_dir=%prefix%\Unbound -set work_dir=%TEMP% -set list_addr="http://pgl.yoyo.org/adservers/serverlist.php?hostformat=nohtml&showintro=1&startdate%5Bday%5D=&startdate%5Bmonth%5D=&startdate%5Byear%5D=" - -rem Check Wget installed -for /f "delims=" %%a in ('where wget') do @set wget=%%a -if /I "%wget%"=="" echo Wget not found. If installed, add path to PATH environment variable. & exit 1 -echo Wget found: %wget% - -"%wget%" -O %work_dir%\yoyo_ad_servers %list_addr% - -del /Q /F /S %dst_dir%\unbound_ad_servers - -for /F "eol=; tokens=*" %%a in (%work_dir%\yoyo_ad_servers) do ( -echo local-zone: %%a redirect>>%dst_dir%\unbound_ad_servers -echo local-data: "%%a A 127.0.0.1">>%dst_dir%\unbound_ad_servers -) - -echo Done. -rem then add an include line to your unbound.conf pointing to the full path of -rem the unbound_ad_servers file: -rem -rem include: $dst_dir/unbound_ad_servers -rem diff --git a/external/unbound/contrib/create_unbound_ad_servers.sh b/external/unbound/contrib/create_unbound_ad_servers.sh deleted file mode 100644 index c3b05c60c..000000000 --- a/external/unbound/contrib/create_unbound_ad_servers.sh +++ /dev/null @@ -1,39 +0,0 @@ -#!/bin/sh -# -# Convert the Yoyo.org anti-ad server listing -# into an unbound dns spoof redirection list. -# Modified by Y.Voinov (c) 2014 - -# Note: Wget required! - -# Variables -dst_dir="/etc/opt/csw/unbound" -work_dir="/tmp" -list_addr="http://pgl.yoyo.org/adservers/serverlist.php?hostformat=nohtml&showintro=1&startdate%5Bday%5D=&startdate%5Bmonth%5D=&startdate%5Byear%5D=" - -# OS commands -CAT=`which cat` -ECHO=`which echo` -WGET=`which wget` - -# Check Wget installed -if [ ! -f $WGET ]; then - echo "Wget not found. Exiting..." - exit 1 -fi - -$WGET -O $work_dir/yoyo_ad_servers "$list_addr" && \ -$CAT $work_dir/yoyo_ad_servers | \ -while read line ; \ - do \ - $ECHO "local-zone: \"$line\" redirect" ;\ - $ECHO "local-data: \"$line A 127.0.0.1\"" ;\ - done > \ -$dst_dir/unbound_ad_servers - -echo "Done." -# then add an include line to your unbound.conf pointing to the full path of -# the unbound_ad_servers file: -# -# include: $dst_dir/unbound_ad_servers -# diff --git a/external/unbound/contrib/parseunbound.pl b/external/unbound/contrib/parseunbound.pl deleted file mode 100644 index 6a6a76d6f..000000000 --- a/external/unbound/contrib/parseunbound.pl +++ /dev/null @@ -1,140 +0,0 @@ -#!/usr/local/bin/perl -w -# -# Script to parse the output from the unbound namedaemon. -# Unbound supports a threading model, and outputs a multiline log-blob for -# every thread. -# -# This script should parse all threads of the once, and store it -# in a local cached file for speedy results when queried lots. -# -use strict; -use POSIX qw(SEEK_END); -use Storable; -use FileHandle; -use Carp qw(croak carp); -use constant UNBOUND_CACHE => "/var/tmp/unbound-cache.stor"; - -my $run_from_cron = @ARGV && $ARGV[0] eq "--cron" && shift; -my $DEBUG = -t STDERR; - -# NB. VERY IMPORTANTES: set this when running this script. -my $numthreads = 4; - -### if cache exists, read it in. and is newer than 3 minutes -if ( -r UNBOUND_CACHE ) { - my $result = retrieve(UNBOUND_CACHE); - if (-M _ < 3/24/60 && !$run_from_cron ) { - print STDERR "Cached results:\n" if $DEBUG; - print join("\n", @$result), "\n"; - exit; - } -} -my $logfile = shift or die "Usage: parseunbound.pl --cron unboundlogfile"; -my $in = new FileHandle $logfile or die "Cannot open $logfile: $!\n"; - -# there is a special key 'thread' that indicates the thread. its not used, but returned anyway. -my @records = ('thread', 'queries', 'cachehits', 'recursions', 'recursionavg', - 'outstandingmax', 'outstandingavg', 'outstandingexc', - 'median25', 'median50', 'median75', - 'us_0', 'us_1', 'us_2', 'us_4', 'us_8', 'us_16', 'us_32', - 'us_64', 'us_128', 'us_256', 'us_512', 'us_1024', 'us_2048', - 'us_4096', 'us_8192', 'us_16384', 'us_32768', 'us_65536', - 'us_131072', 'us_262144', 'us_524288', 's_1', 's_2', 's_4', - 's_8', 's_16', 's_32', 's_64', 's_128', 's_256', 's_512'); -# Stats hash containing one or more keys. for every thread, 1 key. -my %allstats = (); # key="$threadid", stats={key => value} -my %startstats = (); # when we got a queries entry for this thread -my %donestats = (); # same, but only when we got a histogram entry for it -# stats hash contains name/value pairs of the actual numbers for that thread. -my $offset = 0; -my $inthread=0; -my $inpid; - -# We should continue looping untill we meet these conditions: -# a) more total queries than the previous run (which defaults to 0) AND -# b) parsed all $numthreads threads in the log. -my $numqueries = $previousresult ? $previousresult->[1] : 0; - -# Main loop -while ( scalar keys %startstats < $numthreads || scalar keys %donestats < $numthreads) { - $offset += 10000; - if ( $offset > -s $logfile or $offset > 10_000_000 ) { - die "Cannot find stats in $logfile\n"; - } - $in->seek(-$offset, SEEK_END) or croak "cannot seek $logfile: $!\n"; - - for my $line ( <$in> ) { - chomp($line); - - #[1208777234] unbound[6705:0] - if ($line =~ m/^\[\d+\] unbound\[\d+:(\d+)\]/) { - $inthread = $1; - if ($inthread + 1 > $numthreads) { - die "Hey. lazy. change \$numthreads in this script to ($inthread)\n"; - } - } - # this line doesn't contain a pid:thread. skip. - else { - next; - } - - if ( $line =~ m/info: server stats for thread \d+: (\d+) queries, (\d+) answers from cache, (\d+) recursions/ ) { - $startstats{$inthread} = 1; - $allstats{$inthread}->{thread} = $inthread; - $allstats{$inthread}->{queries} = $1; - $allstats{$inthread}->{cachehits} = $2; - $allstats{$inthread}->{recursions} = $3; - } - elsif ( $line =~ m/info: server stats for thread (\d+): requestlist max (\d+) avg ([0-9\.]+) exceeded (\d+)/ ) { - $allstats{$inthread}->{outstandingmax} = $2; - $allstats{$inthread}->{outstandingavg} = int($3); # This is a float; rrdtool only handles ints. - $allstats{$inthread}->{outstandingexc} = $4; - } - elsif ( $line =~ m/info: average recursion processing time ([0-9\.]+) sec/ ) { - $allstats{$inthread}->{recursionavg} = int($1 * 1000); # change sec to milisec. - } - elsif ( $line =~ m/info: histogram of recursion processing times/ ) { - next; - } - elsif ( $line =~ m/info: \[25%\]=([0-9\.]+) median\[50%\]=([0-9\.]+) \[75%\]=([0-9\.]+)/ ) { - $allstats{$inthread}->{median25} = int($1 * 1000000); # change seconds to usec - $allstats{$inthread}->{median50} = int($2 * 1000000); - $allstats{$inthread}->{median75} = int($3 * 1000000); - } - elsif ( $line =~ m/info: lower\(secs\) upper\(secs\) recursions/ ) { - # since after this line we're unsure if we get these numbers - # at all, we sould consider this marker as the end of the - # block. Chances that we're parsing a file halfway written - # at this stage are small. Bold statement. - $donestats{$inthread} = 1; - next; - } - elsif ( $line =~ m/info:\s+(\d+)\.(\d+)\s+(\d+)\.(\d+)\s+(\d+)/ ) { - my ($froms, $fromus, $toms, $tous, $counter) = ($1, $2, $3, $4, $5); - my $prefix = ''; - if ($froms > 0) { - $allstats{$inthread}->{'s_' . int($froms)} = $counter; - } else { - $allstats{$inthread}->{'us_' . int($fromus)} = $counter; - } - } - } -} - -my @result; -# loop on the records we want to store -for my $key ( @records ) { - my $sum = 0; - # these are the different threads parsed - foreach my $thread ( 0 .. $numthreads - 1 ) { - $sum += ($allstats{$thread}->{$key} || 0); - } - print STDERR "$key = " . $sum . "\n" if $DEBUG; - push @result, $sum; -} -print join("\n", @result), "\n"; -store \@result, UNBOUND_CACHE; - -if ($DEBUG) { - print STDERR "Threads: " . (scalar keys %allstats) . "\n"; -} diff --git a/external/unbound/contrib/patch_rsamd5_enable.diff b/external/unbound/contrib/patch_rsamd5_enable.diff deleted file mode 100644 index dfd4a7b9f..000000000 --- a/external/unbound/contrib/patch_rsamd5_enable.diff +++ /dev/null @@ -1,22 +0,0 @@ -Index: validator/val_secalgo.c -=================================================================== ---- validator/val_secalgo.c (revision 2759) -+++ validator/val_secalgo.c (working copy) -@@ -153,7 +153,7 @@ - switch(id) { - case LDNS_RSAMD5: - /* RFC 6725 deprecates RSAMD5 */ -- return 0; -+ return 1; - case LDNS_DSA: - case LDNS_DSA_NSEC3: - case LDNS_RSASHA1: -@@ -617,7 +617,7 @@ - switch(id) { - case LDNS_RSAMD5: - /* RFC 6725 deprecates RSAMD5 */ -- return 0; -+ return 1; - case LDNS_DSA: - case LDNS_DSA_NSEC3: - case LDNS_RSASHA1: diff --git a/external/unbound/contrib/rc_d_unbound b/external/unbound/contrib/rc_d_unbound deleted file mode 100755 index 56516147f..000000000 --- a/external/unbound/contrib/rc_d_unbound +++ /dev/null @@ -1,25 +0,0 @@ -#!/bin/sh -# -# unbound freebsd startup rc.d script, modified from the named script. -# uses the default unbound installation path and pidfile location. -# copy this to /etc/rc.d/unbound -# and put unbound_enable="YES" into rc.conf -# - -# PROVIDE: unbound -# REQUIRE: SERVERS cleanvar -# KEYWORD: shutdown - -. /etc/rc.subr - -name="unbound" -rcvar=`set_rcvar` - -load_rc_config $name - -command="/usr/local/sbin/unbound" -pidfile=${unbound_pidfile:-"/usr/local/etc/unbound/unbound.pid"} -command_args=${unbound_flags:-"-c /usr/local/etc/unbound/unbound.conf"} -extra_commands="reload" - -run_rc_command "$1" diff --git a/external/unbound/contrib/selinux/unbound.fc b/external/unbound/contrib/selinux/unbound.fc deleted file mode 100644 index f7e63eada..000000000 --- a/external/unbound/contrib/selinux/unbound.fc +++ /dev/null @@ -1,4 +0,0 @@ -/etc/unbound(/.*)? system_u:object_r:unbound_conf_t:s0 -/etc/rc\.d/init\.d/unbound -- system_u:object_r:unbound_initrc_exec_t:s0 -/usr/sbin/unbound -- system_u:object_r:unbound_exec_t:s0 -/var/run/unbound(/.*)? system_u:object_r:unbound_var_run_t:s0 diff --git a/external/unbound/contrib/selinux/unbound.te b/external/unbound/contrib/selinux/unbound.te deleted file mode 100644 index d407ed351..000000000 --- a/external/unbound/contrib/selinux/unbound.te +++ /dev/null @@ -1,42 +0,0 @@ -policy_module(unbound, 0.1.0) - -type unbound_t; -type unbound_conf_t; -type unbound_exec_t; -type unbound_initrc_exec_t; -type unbound_var_run_t; - -init_daemon_domain(unbound_t, unbound_exec_t) -init_script_file(unbound_initrc_exec_t) - -role system_r types unbound_t; - -# XXX -# unbound-{checkconf,control} are not protected. Do we need protect them? - -# Unbound daemon - -auth_use_nsswitch(unbound_t) -dev_read_urand(unbound_t) -corenet_all_recvfrom_unlabeled(unbound_t) -corenet_tcp_bind_all_nodes(unbound_t) -corenet_tcp_bind_dns_port(unbound_t) -corenet_tcp_bind_rndc_port(unbound_t) -corenet_udp_bind_all_nodes(unbound_t) -corenet_udp_bind_all_unreserved_ports(unbound_t) -corenet_udp_bind_dns_port(unbound_t) -files_read_etc_files(unbound_t) -files_pid_file(unbound_var_run_t) -files_type(unbound_conf_t) -libs_use_ld_so(unbound_t) -libs_use_shared_libs(unbound_t) -logging_send_syslog_msg(unbound_t) -manage_files_pattern(unbound_t, unbound_var_run_t, unbound_var_run_t) -miscfiles_read_localization(unbound_t) -read_files_pattern(unbound_t, unbound_conf_t, unbound_conf_t) - -allow unbound_t self:capability { setuid chown net_bind_service setgid dac_override }; -allow unbound_t self:tcp_socket create_stream_socket_perms; -allow unbound_t self:udp_socket create_socket_perms; - -################################################### diff --git a/external/unbound/contrib/unbound-host.nagios.patch b/external/unbound/contrib/unbound-host.nagios.patch deleted file mode 100644 index 5b249b636..000000000 --- a/external/unbound/contrib/unbound-host.nagios.patch +++ /dev/null @@ -1,134 +0,0 @@ -Index: smallapp/unbound-host.c -=================================================================== ---- smallapp/unbound-host.c (revision 2115) -+++ smallapp/unbound-host.c (working copy) -@@ -62,9 +62,18 @@ - #include "libunbound/unbound.h" - #include - -+/** status variable ala nagios */ -+#define FINAL_STATUS_OK 0 -+#define FINAL_STATUS_WARNING 1 -+#define FINAL_STATUS_CRITICAL 2 -+#define FINAL_STATUS_UNKNOWN 3 -+ - /** verbosity for unbound-host app */ - static int verb = 0; - -+/** variable to determine final output */ -+static int final_status = FINAL_STATUS_UNKNOWN; -+ - /** Give unbound-host usage, and exit (1). */ - static void - usage() -@@ -93,7 +102,7 @@ - printf("Version %s\n", PACKAGE_VERSION); - printf("BSD licensed, see LICENSE in source package for details.\n"); - printf("Report bugs to %s\n", PACKAGE_BUGREPORT); -- exit(1); -+ exit(FINAL_STATUS_UNKNOWN); - } - - /** determine if str is ip4 and put into reverse lookup format */ -@@ -138,7 +147,7 @@ - *res = strdup(buf); - if(!*res) { - fprintf(stderr, "error: out of memory\n"); -- exit(1); -+ exit(FINAL_STATUS_UNKNOWN); - } - return 1; - } -@@ -158,7 +167,7 @@ - } - if(!res) { - fprintf(stderr, "error: out of memory\n"); -- exit(1); -+ exit(FINAL_STATUS_UNKNOWN); - } - return res; - } -@@ -172,7 +181,7 @@ - if(r == 0 && strcasecmp(t, "TYPE0") != 0 && - strcmp(t, "") != 0) { - fprintf(stderr, "error unknown type %s\n", t); -- exit(1); -+ exit(FINAL_STATUS_UNKNOWN); - } - return r; - } -@@ -191,7 +200,7 @@ - if(r == 0 && strcasecmp(c, "CLASS0") != 0 && - strcmp(c, "") != 0) { - fprintf(stderr, "error unknown class %s\n", c); -- exit(1); -+ exit(FINAL_STATUS_UNKNOWN); - } - return r; - } -@@ -207,6 +216,19 @@ - return "(insecure)"; - } - -+/** update the final status for the exit code */ -+void -+update_final_status(struct ub_result* result) -+{ -+ if (final_status == FINAL_STATUS_UNKNOWN || final_status == FINAL_STATUS_OK) { -+ if (result->secure) final_status = FINAL_STATUS_OK; -+ else if (result->bogus) final_status = FINAL_STATUS_CRITICAL; -+ else final_status = FINAL_STATUS_WARNING; -+ } -+ else if (final_status == FINAL_STATUS_WARNING && result->bogus) -+ final_status = FINAL_STATUS_CRITICAL; -+} -+ - /** nice string for type */ - static void - pretty_type(char* s, size_t len, int t) -@@ -353,7 +375,7 @@ - } else { - fprintf(stderr, "could not parse " - "reply packet to ANY query\n"); -- exit(1); -+ exit(FINAL_STATUS_UNKNOWN); - } - ldns_pkt_free(p); - -@@ -388,9 +410,10 @@ - ret = ub_resolve(ctx, q, t, c, &result); - if(ret != 0) { - fprintf(stderr, "resolve error: %s\n", ub_strerror(ret)); -- exit(1); -+ exit(FINAL_STATUS_UNKNOWN); - } - pretty_output(q, t, c, result, docname); -+ update_final_status(result); - ret = result->nxdomain; - ub_resolve_free(result); - return ret; -@@ -427,7 +450,7 @@ - { - if(r != 0) { - fprintf(stderr, "error: %s\n", ub_strerror(r)); -- exit(1); -+ exit(FINAL_STATUS_UNKNOWN); - } - } - -@@ -448,7 +471,7 @@ - ctx = ub_ctx_create(); - if(!ctx) { - fprintf(stderr, "error: out of memory\n"); -- exit(1); -+ exit(FINAL_STATUS_UNKNOWN); - } - - /* parse the options */ -@@ -509,5 +532,5 @@ - usage(); - - lookup(ctx, argv[0], qtype, qclass); -- return 0; -+ return final_status; - } diff --git a/external/unbound/contrib/unbound.init b/external/unbound/contrib/unbound.init deleted file mode 100644 index 747f94e93..000000000 --- a/external/unbound/contrib/unbound.init +++ /dev/null @@ -1,139 +0,0 @@ -#!/bin/sh -# -# unbound This shell script takes care of starting and stopping -# unbound (DNS server). -# -# chkconfig: - 14 86 -# description: unbound is a Domain Name Server (DNS) \ -# that is used to resolve host names to IP addresses. - -### BEGIN INIT INFO -# Provides: $named unbound -# Required-Start: $network $local_fs -# Required-Stop: $network $local_fs -# Should-Start: $syslog -# Should-Stop: $syslog -# Short-Description: unbound recursive Domain Name Server. -# Description: unbound is a Domain Name Server (DNS) -# that is used to resolve host names to IP addresses. -### END INIT INFO - -# Source function library. -. /etc/rc.d/init.d/functions - -exec="/usr/sbin/unbound" -prog="unbound" -config="/var/unbound/unbound.conf" -pidfile="/var/unbound/unbound.pid" -rootdir="/var/unbound" - -[ -e /etc/sysconfig/$prog ] && . /etc/sysconfig/$prog - -lockfile=/var/lock/subsys/$prog - -start() { - [ -x $exec ] || exit 5 - [ -f $config ] || exit 6 - echo -n $"Starting $prog: " - - # setup root jail - if [ -s /etc/localtime ]; then - [ -d ${rootdir}/etc ] || mkdir -p ${rootdir}/etc ; - if [ ! -e ${rootdir}/etc/localtime ] || /usr/bin/cmp -s /etc/localtime ${rootdir}/etc/localtime; then - cp -fp /etc/localtime ${rootdir}/etc/localtime - fi; - fi; - if [ -s /etc/resolv.conf ]; then - [ -d ${rootdir}/etc ] || mkdir -p ${rootdir}/etc ; - if [ ! -e ${rootdir}/etc/resolv.conf ] || /usr/bin/cmp -s /etc/resolv.conf ${rootdir}/etc/resolv.conf; then - cp -fp /etc/resolv.conf ${rootdir}/etc/resolv.conf - fi; - fi; - if ! egrep -q '^/[^[:space:]]+[[:space:]]+'${rootdir}'/dev/log' /proc/mounts; then - [ -d ${rootdir}/dev ] || mkdir -p ${rootdir}/dev ; - [ -e ${rootdir}/dev/log ] || touch ${rootdir}/dev/log - mount --bind -n /dev/log ${rootdir}/dev/log >/dev/null 2>&1; - fi; - if ! egrep -q '^/[^[:space:]]+[[:space:]]+'${rootdir}'/dev/random' /proc/mounts; then - [ -d ${rootdir}/dev ] || mkdir -p ${rootdir}/dev ; - [ -e ${rootdir}/dev/random ] || touch ${rootdir}/dev/random - mount --bind -n /dev/random ${rootdir}/dev/random >/dev/null 2>&1; - fi; - - # if not running, start it up here - daemon $exec - retval=$? - echo - [ $retval -eq 0 ] && touch $lockfile - return $retval -} - -stop() { - echo -n $"Stopping $prog: " - # stop it here, often "killproc $prog" - killproc -p $pidfile $prog - retval=$? - echo - [ $retval -eq 0 ] && rm -f $lockfile - if egrep -q '^/[^[:space:]]+[[:space:]]+'${rootdir}'/dev/log' /proc/mounts; then - umount ${rootdir}/dev/log >/dev/null 2>&1 - fi; - if egrep -q '^/[^[:space:]]+[[:space:]]+'${rootdir}'/dev/random' /proc/mounts; then - umount ${rootdir}/dev/random >/dev/null 2>&1 - fi; - return $retval -} - -restart() { - stop - start -} - -reload() { - kill -HUP `cat $pidfile` -} - -force_reload() { - restart -} - -rh_status() { - # run checks to determine if the service is running or use generic status - status -p $pidfile $prog -} - -rh_status_q() { - rh_status -p $pidfile >/dev/null 2>&1 -} - -case "$1" in - start) - rh_status_q && exit 0 - $1 - ;; - stop) - rh_status_q || exit 0 - $1 - ;; - restart) - $1 - ;; - reload) - rh_status_q || exit 7 - $1 - ;; - force-reload) - force_reload - ;; - status) - rh_status - ;; - condrestart|try-restart) - rh_status_q || exit 0 - restart - ;; - *) - echo $"Usage: $0 {start|stop|status|restart|condrestart|try-restart|reload|force-reload}" - exit 2 -esac -exit $? diff --git a/external/unbound/contrib/unbound.init_fedora b/external/unbound/contrib/unbound.init_fedora deleted file mode 100644 index 9f7e4422b..000000000 --- a/external/unbound/contrib/unbound.init_fedora +++ /dev/null @@ -1,119 +0,0 @@ -#!/bin/sh -# -# unbound This shell script takes care of starting and stopping -# unbound (DNS server). -# -# chkconfig: - 14 86 -# description: unbound is a Domain Name Server (DNS) \ -# that is used to resolve host names to IP addresses. - -### BEGIN INIT INFO -# Provides: unbound -# Required-Start: $network $local_fs -# Required-Stop: $network $local_fs -# Should-Start: $syslog -# Should-Stop: $syslog -# Short-Description: unbound recursive Domain Name Server. -# Description: unbound is a Domain Name Server (DNS) -# that is used to resolve host names to IP addresses. -### END INIT INFO - -# Source function library. -. /etc/rc.d/init.d/functions - -exec="/usr/sbin/unbound" -config="/var/lib/unbound/unbound.conf" -rootdir="/var/lib/unbound" -pidfile="/var/run/unbound/unbound.pid" - -[ -e /etc/sysconfig/unbound ] && . /etc/sysconfig/unbound - -lockfile=/var/lock/subsys/unbound - -start() { - [ -x $exec ] || exit 5 - [ -f $config ] || exit 6 - echo -n $"Starting unbound: " - - if [ ! -e ${rootdir}/etc/resolv.conf ] || /usr/bin/cmp -s /etc/resolv.conf ${rootdir}/etc/resolv.conf; then - cp -fp /etc/resolv.conf ${rootdir}/etc/resolv.conf - fi; - if [ ! -e ${rootdir}/etc/localtime ] || /usr/bin/cmp -s /etc/localtime ${rootdir}/etc/localtime; then - cp -fp /etc/localtime ${rootdir}/etc/localtime - fi; - mount --bind -n /dev/log ${rootdir}/dev/log >/dev/null 2>&1; - mount --bind -n /dev/random ${rootdir}/dev/random >/dev/null 2>&1; - mount --bind -n /var/run/unbound ${rootdir}/var/run/unbound >/dev/null 2>&1; - - # if not running, start it up here - daemon $exec - retval=$? - [ $retval -eq 0 ] && touch $lockfile - echo -} - -stop() { - echo -n $"Stopping unbound: " - # stop it here, often "killproc unbound" - killproc -p $pidfile unbound - retval=$? - [ $retval -eq 0 ] && rm -f $lockfile - for mountfile in /dev/log /dev/random /etc/localtime /etc/resolv.conf /var/run/unbound - do - if egrep -q '^/[^[:space:]]+[[:space:]]+'${rootdir}''${mountfile}'' /proc/mounts; then - umount ${rootdir}$mountfile >/dev/null 2>&1 - fi; - done - echo -} - -restart() { - stop - start -} - -reload() { - kill -HUP `cat $pidfile` -} - -force_reload() { - restart -} - -rh_status() { - # run checks to determine if the service is running or use generic status - status -p $pidfile unbound -} - -rh_status_q() { - rh_status -p $pidfile >/dev/null 2>&1 -} - -case "$1" in - start) - start - ;; - stop) - stop - ;; - restart) - restart - ;; - reload) - reload - ;; - force-reload) - force_reload - ;; - status) - rh_status - ;; - condrestart|try-restart) - rh_status_q || exit 0 - restart - ;; - *) - echo $"Usage: $0 {start|stop|status|restart|condrestart|try-restart|reload|force-reload}" - exit 2 -esac -exit $? diff --git a/external/unbound/contrib/unbound.plist b/external/unbound/contrib/unbound.plist deleted file mode 100644 index 15e1162be..000000000 --- a/external/unbound/contrib/unbound.plist +++ /dev/null @@ -1,42 +0,0 @@ - - - - - - Label - unbound - - ProgramArguments - - unbound - - - UserName - unbound - - RootDirectory - /usr/local/etc/unbound - - WorkingDirectory - /usr/local/etc/unbound - - KeepAlive - - - RunAtLoad - - - - diff --git a/external/unbound/contrib/unbound.spec b/external/unbound/contrib/unbound.spec deleted file mode 100644 index 6ddc5f18d..000000000 --- a/external/unbound/contrib/unbound.spec +++ /dev/null @@ -1,112 +0,0 @@ -Summary: Validating, recursive, and caching DNS resolver -Name: unbound -Version: 1.4.18 -Release: 1%{?dist} -License: BSD -Url: http://www.nlnetlabs.nl/unbound/ -Source: http://www.unbound.net/downloads/%{name}-%{version}.tar.gz -#Source1: unbound.init -Group: System Environment/Daemons -Requires: ldns -BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) -BuildRequires: flex, openssl-devel, expat-devel, ldns-devel - -%description -Unbound is a validating, recursive, and caching DNS resolver. - -The C implementation of Unbound is developed and maintained by NLnet -Labs. It is based on ideas and algorithms taken from a java prototype -developed by Verisign labs, Nominet, Kirei and ep.net. - -Unbound is designed as a set of modular components, so that also -DNSSEC (secure DNS) validation and stub-resolvers (that do not run -as a server, but are linked into an application) are easily possible. - -The source code is under a BSD License. - -%prep -%setup -q - -# configure with /var/unbound/unbound.conf so that all default chroot, -# pidfile and config file are in /var/unbound, ready for chroot jail set up. -%configure --with-conf-file=%{_localstatedir}/%{name}/unbound.conf --disable-rpath - -%build -#%{__make} %{?_smp_mflags} -make - -%install -rm -rf %{buildroot} -%{__make} DESTDIR=%{buildroot} install -install -d 0700 %{buildroot}%{_localstatedir}/%{name} -install -d 0755 %{buildroot}%{_initrddir} -install -m 0755 contrib/unbound.init %{buildroot}%{_initrddir}/unbound -# add symbolic link from /etc/unbound.conf -> /var/unbound/unbound.conf -ln -s %{_localstatedir}/unbound/unbound.conf %{buildroot}%{_sysconfdir}/unbound.conf -# remove static library from install (fedora packaging guidelines) -rm -f %{buildroot}%{_libdir}/libunbound.a %{buildroot}%{_libdir}/libunbound.la - -%clean -rm -rf ${RPM_BUILD_ROOT} - -%files -%defattr(-,root,root,-) -%doc doc/README doc/CREDITS doc/LICENSE doc/FEATURES -%attr(0755,root,root) %{_initrddir}/%{name} -%attr(0700,%{name},%{name}) %dir %{_localstatedir}/%{name} -%attr(0644,%{name},%{name}) %config(noreplace) %{_localstatedir}/%{name}/unbound.conf -%attr(0644,%{name},%{name}) %config(noreplace) %{_sysconfdir}/unbound.conf -%{_sbindir}/* -%{_mandir}/*/* -%{_includedir}/* -%{_libdir}/libunbound* - -%pre -getent group unbound >/dev/null || groupadd -r unbound -getent passwd unbound >/dev/null || \ -useradd -r -g unbound -d /var/unbound -s /sbin/nologin \ - -c "unbound name daemon" unbound -exit 0 - -%post -# This adds the proper /etc/rc*.d links for the script -/sbin/chkconfig --add %{name} - -%preun -if [ $1 -eq 0 ]; then - /sbin/service %{name} stop >/dev/null 2>&1 - /sbin/chkconfig --del %{name} - # remove root jail - rm -f /var/unbound/dev/log /var/unbound/dev/random /var/unbound/etc/localtime /var/unbound/etc/resolv.conf >/dev/null 2>&1 - rmdir /var/unbound/dev >/dev/null 2>&1 || : - rmdir /var/unbound/etc >/dev/null 2>&1 || : - rmdir /var/unbound >/dev/null 2>&1 || : -fi - -%postun -if [ "$1" -ge "1" ]; then - /sbin/service %{name} condrestart >/dev/null 2>&1 || : -fi - -%changelog -* Thu Jul 13 2011 Wouter Wijngaards - 1.4.8 -- ldns required and ldns-devel required for build, no more ldns-builtin. - -* Thu Mar 17 2011 Wouter Wijngaards - 1.4.8 -- removed --disable-gost, assume recent openssl on the destination platform. - -* Wed Mar 16 2011 Harold Jones - 1.4.8 -- Bump version number to latest -- Add expat-devel to BuildRequires -- Added --disable-gost for building on CentOS 5.x -- Added --with-ldns-builtin for CentOS 5.x - -* Thu May 22 2008 Wouter Wijngaards - 1.0.0 -- contrib changes from Patrick Vande Walle. - -* Thu Apr 25 2008 Wouter Wijngaards - 0.12 -- Using parts from ports collection entry by Jaap Akkerhuis. -- Using Fedoraproject wiki guidelines. - -* Wed Apr 23 2008 Wouter Wijngaards - 0.11 -- Initial version. diff --git a/external/unbound/contrib/unbound.spec_fedora b/external/unbound/contrib/unbound.spec_fedora deleted file mode 100644 index e7e9ac073..000000000 --- a/external/unbound/contrib/unbound.spec_fedora +++ /dev/null @@ -1,433 +0,0 @@ -# not ready yet -%{?!with_python: %global with_python 1} - -%if %{with_python} -%{!?python_sitelib: %global python_sitelib %(%{__python} -c "from distutils.sysconfig import get_python_lib; print get_python_lib()")} -%{!?python_sitearch: %global python_sitearch %(%{__python} -c "from distutils.sysconfig import get_python_lib; print get_python_lib(1)")} -%endif - -Summary: Validating, recursive, and caching DNS(SEC) resolver -Name: unbound -Version: 1.4.13 -Release: 1%{?dist} -License: BSD -Url: http://www.nlnetlabs.nl/unbound/ -Source: http://www.unbound.net/downloads/%{name}-%{version}.tar.gz -Source1: unbound.init -Source2: unbound.conf -Source3: unbound.munin -Source4: unbound_munin_ -Source5: root.key -Patch1: unbound-1.2-glob.patch - -Group: System Environment/Daemons -BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) -BuildRequires: flex, openssl-devel , ldns-devel >= 1.5.0, -BuildRequires: libevent-devel expat-devel -%if %{with_python} -BuildRequires: python-devel swig -%endif -# Required for SVN versions -# BuildRequires: bison - -Requires(post): chkconfig -Requires(preun): chkconfig -Requires(preun): initscripts -Requires(postun): initscripts -Requires: ldns >= 1.5.0 -Requires(pre): shadow-utils - -Obsoletes: dnssec-conf < 1.27-2 -Provides: dnssec-conf = 1.27-1 - -%description -Unbound is a validating, recursive, and caching DNS(SEC) resolver. - -The C implementation of Unbound is developed and maintained by NLnet -Labs. It is based on ideas and algorithms taken from a java prototype -developed by Verisign labs, Nominet, Kirei and ep.net. - -Unbound is designed as a set of modular components, so that also -DNSSEC (secure DNS) validation and stub-resolvers (that do not run -as a server, but are linked into an application) are easily possible. - -%package munin -Summary: Plugin for the munin / munin-node monitoring package -Group: System Environment/Daemons -Requires: munin-node -Requires: %{name} = %{version}-%{release}, bc - -%description munin -Plugin for the munin / munin-node monitoring package - -%package devel -Summary: Development package that includes the unbound header files -Group: Development/Libraries -Requires: %{name}-libs = %{version}-%{release}, openssl-devel, ldns-devel - -%description devel -The devel package contains the unbound library and the include files - -%package libs -Summary: Libraries used by the unbound server and client applications -Group: Applications/System -Requires(post): /sbin/ldconfig -Requires(postun): /sbin/ldconfig -Requires: openssl - -%description libs -Contains libraries used by the unbound server and client applications - -%if %{with_python} -%package python -Summary: Python modules and extensions for unbound -Group: Applications/System -Requires: %{name}-libs = %{version}-%{release} - -%description python -Python modules and extensions for unbound -%endif - -%prep -%setup -q -%patch1 -p1 - -%build -%configure --with-ldns= --with-libevent --with-pthreads --with-ssl \ - --disable-rpath --disable-static \ - --with-conf-file=%{_sysconfdir}/%{name}/unbound.conf \ - --with-pidfile=%{_localstatedir}/run/%{name}/%{name}.pid \ -%if %{with_python} - --with-pythonmodule --with-pyunbound \ -%endif - --enable-sha2 --disable-gost -%{__make} %{?_smp_mflags} - -%install -rm -rf %{buildroot} -%{__make} DESTDIR=%{buildroot} install -install -d 0755 %{buildroot}%{_initrddir} -install -m 0755 %{SOURCE1} %{buildroot}%{_initrddir}/unbound -install -m 0755 %{SOURCE2} %{buildroot}%{_sysconfdir}/unbound -# Install munin plugin and its softlinks -install -d 0755 %{buildroot}%{_sysconfdir}/munin/plugin-conf.d -install -m 0644 %{SOURCE3} %{buildroot}%{_sysconfdir}/munin/plugin-conf.d/unbound -install -d 0755 %{buildroot}%{_datadir}/munin/plugins/ -install -m 0755 %{SOURCE4} %{buildroot}%{_datadir}/munin/plugins/unbound -for plugin in unbound_munin_hits unbound_munin_queue unbound_munin_memory unbound_munin_by_type unbound_munin_by_class unbound_munin_by_opcode unbound_munin_by_rcode unbound_munin_by_flags unbound_munin_histogram; do - ln -s unbound %{buildroot}%{_datadir}/munin/plugins/$plugin -done - -# install root and DLV key -install -m 0644 %{SOURCE5} %{SOURCE6} %{buildroot}%{_sysconfdir}/unbound/ - -# remove static library from install (fedora packaging guidelines) -rm %{buildroot}%{_libdir}/*.la -%if %{with_python} -rm %{buildroot}%{python_sitearch}/*.la -%endif - -mkdir -p %{buildroot}%{_localstatedir}/run/unbound - -%clean -rm -rf ${RPM_BUILD_ROOT} - -%files -%defattr(-,root,root,-) -%doc doc/README doc/CREDITS doc/LICENSE doc/FEATURES -%attr(0755,root,root) %{_initrddir}/%{name} -%attr(0755,root,root) %dir %{_sysconfdir}/%{name} -%ghost %attr(0755,unbound,unbound) %dir %{_localstatedir}/run/%{name} -%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/%{name}/unbound.conf -%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/%{name}/root.key -%{_sbindir}/* -%{_mandir}/*/* - -%if %{with_python} -%files python -%defattr(-,root,root,-) -%{python_sitearch}/* -%doc libunbound/python/examples/* -%doc pythonmod/examples/* -%endif - -%files munin -%defattr(-,root,root,-) -%config(noreplace) %{_sysconfdir}/munin/plugin-conf.d/unbound -%{_datadir}/munin/plugins/unbound* - -%files devel -%defattr(-,root,root,-) -%{_libdir}/libunbound.so -%{_includedir}/unbound.h -%doc README - -%files libs -%defattr(-,root,root,-) -%{_libdir}/libunbound.so.* -%doc doc/README doc/LICENSE - -%pre -getent group unbound >/dev/null || groupadd -r unbound -getent passwd unbound >/dev/null || \ -useradd -r -g unbound -d %{_sysconfdir}/unbound -s /sbin/nologin \ --c "Unbound DNS resolver" unbound -exit 0 - -%post -/sbin/chkconfig --add %{name} - -%post libs -p /sbin/ldconfig - -%preun -if [ "$1" -eq 0 ]; then - /sbin/service %{name} stop >/dev/null 2>&1 - /sbin/chkconfig --del %{name} -fi - -%postun -if [ "$1" -ge "1" ]; then - /sbin/service %{name} condrestart >/dev/null 2>&1 || : -fi - -%postun libs -p /sbin/ldconfig - -%changelog -* Tue Sep 06 2011 Paul Wouters - 1.4.13-1 -- Updated to 1.4.13 -- Fix install location of pythonmod from sitelib to sitearch -- Removed patches merged in by upstream -- Removed versioned openssl dep, it differs per branch - -* Mon Aug 08 2011 Paul Wouters - 1.4.12-3 -- Added pythonmod docs and examples -- Fix for python module load in the server (Tom Hendrikx) -- No longer enable --enable-debug as it causes degraded performance - under load. - -* Mon Jul 18 2011 Paul Wouters - 1.4.12-1 -- Updated to 1.4.12 - -* Sun Jul 03 2011 Paul Wouters - 1.4.11-1 -- Updated to 1.4.11 -- removed integrated CVE patch -- updated stock unbound.conf for new options introduced - -* Mon Jun 06 2011 Paul Wouters - 1.4.10-1 -- Added ghost for /var/run/unbound (bz#656710) - -* Mon Jun 06 2011 Paul Wouters - 1.4.9-3 -- rebuilt - -* Wed May 25 2011 Paul Wouters - 1.4.9-2 -- Applied patch for CVE-2011-1922 DoS vulnerability - -* Sun Mar 27 2011 Paul Wouters - 1.4.9-1 -- Updated to 1.4.9 - -* Sat Feb 12 2011 Paul Wouters - 1.4.8-2 -- rebuilt - -* Tue Jan 25 2011 Paul Wouters - 1.4.8-1 -- Updated to 1.4.8 -- Enable root key for DNSSEC -- Fix unbound-munin to use proper file (could cause excessive logging) -- Build unbound-python per default -- Disable gost as Fedora/EPEL does not allow ECC and has mangled openssl - -* Tue Oct 26 2010 Paul Wouters - 1.4.5-4 -- Revert last build - it was on the wrong branch - -* Tue Oct 26 2010 Paul Wouters - 1.4.5-3 -- Disable do-ipv6 per default - causes severe degradation on non-ipv6 machines - (see comments in inbound.conf) - -* Tue Jun 15 2010 Paul Wouters - 1.4.5-2 -- Bump release - forgot to upload the new tar ball. - -* Tue Jun 15 2010 Paul Wouters - 1.4.5-1 -- Upgraded to 1.4.5 - -* Mon May 31 2010 Paul Wouters - 1.4.4-2 -- Added accidentally omitted svn patches to cvs - -* Mon May 31 2010 Paul Wouters - 1.4.4-1 -- Upgraded to 1.4.4 with svn patches -- Obsolete dnssec-conf to ensure it is de-installed - -* Thu Mar 11 2010 Paul Wouters - 1.4.3-1 -- Update to 1.4.3 that fixes 64bit crasher - -* Tue Mar 09 2010 Paul Wouters - 1.4.2-1 -- Updated to 1.4.2 -- Updated unbound.conf with new options -- Enabled pre-fetching DNSKEY records (DNSSEC speedup) -- Enabled re-fetching popular records before they expire -- Enabled logging of DNSSEC validation errors - -* Mon Mar 01 2010 Paul Wouters - 1.4.1-5 -- Overriding -D_GNU_SOURCE is no longer needed. This fixes DSO issues - with pthreads - -* Wed Feb 24 2010 Paul Wouters - 1.4.1-3 -- Change make/configure lines to attempt to fix -lphtread linking issue - -* Thu Feb 18 2010 Paul Wouters - 1.4.1-2 -- Removed dependency for dnssec-conf -- Added ISC DLV key (formerly in dnssec-conf) -- Fixup old DLV locations in unbound.conf file via %%post -- Fix parent child disagreement handling and no-ipv6 present [svn r1953] - -* Tue Jan 05 2010 Paul Wouters - 1.4.1-1 -- Updated to 1.4.1 -- Changed %%define to %%global - -* Thu Oct 08 2009 Paul Wouters - 1.3.4-2 -- Bump version - -* Thu Oct 08 2009 Paul Wouters - 1.3.4-1 -- Upgraded to 1.3.4. Security fix with validating NSEC3 records - -* Fri Aug 21 2009 Tomas Mraz - 1.3.3-2 -- rebuilt with new openssl - -* Mon Aug 17 2009 Paul Wouters - 1.3.3-1 -- Updated to 1.3.3 - -* Sun Jul 26 2009 Fedora Release Engineering - 1.3.0-3 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild - -* Sat Jun 20 2009 Paul Wouters - 1.3.0-2 -- Added missing glob patch to cvs -- Place python macros within the %%with_python check - -* Sat Jun 20 2009 Paul Wouters - 1.3.0-1 -- Updated to 1.3.0 -- Added unbound-python sub package. disabled for now -- Patch from svn to fix DLV lookups -- Patches from svn to detect wrong truncated response from BIND 9.6.1 with - minimal-responses) -- Added Default-Start and Default-Stop to unbound.init -- Re-enabled --enable-sha2 -- Re-enabled glob.patch - -* Wed May 20 2009 Paul Wouters - 1.2.1-7 -- unbound-iterator.patch was not committed - -* Wed May 20 2009 Paul Wouters - 1.2.1-6 -- Fix for https://bugzilla.redhat.com/show_bug.cgi?id=499793 - -* Tue Mar 17 2009 Paul Wouters - 1.2.1-5 -- Use --nocheck to avoid giving an error on missing unbound-remote certs/keys - -* Tue Mar 10 2009 Adam Tkac - 1.2.1-4 -- enable DNSSEC only if it is enabled in sysconfig/dnssec - -* Mon Mar 09 2009 Adam Tkac - 1.2.1-3 -- add DNSSEC support to initscript and enabled it per default -- add requires dnssec-conf - -* Wed Feb 25 2009 Fedora Release Engineering - 1.2.1-2 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild - -* Tue Feb 10 2009 Paul Wouters - 1.2.0-2 -- rebuild with new openssl - -* Wed Jan 14 2009 Paul Wouters - 1.1.1-7 -- Modified scandir patch to silently fail when wildcard matches nothing -- Patch to allow unbound-checkconf to find empty wildcard matches - -* Mon Jan 5 2009 Paul Wouters - 1.1.1-6 -- Added scandir patch for trusted-keys-file: option, which - is used to load multiple dnssec keys in bind file format - -* Mon Dec 8 2008 Paul Wouters - 1.1.1-4 -- Added Requires: for selinux-policy >= 3.5.13-33 for proper SElinux rules. - -* Mon Dec 1 2008 Paul Wouters - 1.1.1-3 -- We did not own the /etc/unbound directory (#474020) -- Fixed cvs anomalies - -* Fri Nov 28 2008 Adam Tkac - 1.1.1-2 -- removed all obsolete chroot related stuff -- label control certs after generation correctly - -* Thu Nov 20 2008 Paul Wouters - 1.1.1-1 -- Updated to unbound 1.1.1 which fixes a crasher and - addresses nlnetlabs bug #219 - -* Wed Nov 19 2008 Paul Wouters - 1.1.0-3 -- Remove the chroot, obsoleted by SElinux -- Add additional munin plugin links supported by unbound plugin -- Move configuration directory from /var/lib/unbound to /etc/unbound -- Modified unbound.init and unbound.conf to account for chroot changes -- Updated unbound.conf with new available options -- Enabled dns-0x20 protection per default - -* Wed Nov 19 2008 Adam Tkac - 1.1.0-2 -- unbound-1.1.0-log_open.patch - - make sure log is opened before chroot call - - tracked as http://www.nlnetlabs.nl/bugs/show_bug.cgi?id=219 -- removed /dev/log and /var/run/unbound and /etc/resolv.conf from - chroot, not needed -- don't mount files in chroot, it causes problems during updates -- fixed typo in default config file - -* Fri Nov 14 2008 Paul Wouters - 1.1.0-1 -- Updated to version 1.1.0 -- Updated unbound.conf's statistics options and remote-control - to work properly for munin -- Added unbound-munin package -- Generate unbound remote-control key/certs on first startup -- Required ldns is now 1.4.0 - -* Wed Oct 22 2008 Paul Wouters - 1.0.2-5 -- Only call ldconfig in -libs package -- Move configure into build section -- devel subpackage should only depend on libs subpackage - -* Tue Oct 21 2008 Paul Wouters - 1.0.2-4 -- Fix CFLAGS getting lost in build -- Don't enable interface-automatic:yes because that - causes unbound to listen on 0.0.0.0 instead of 127.0.0.1 - -* Sun Oct 19 2008 Paul Wouters - 1.0.2-3 -- Split off unbound-libs, make build verbose - -* Thu Oct 9 2008 Paul Wouters - 1.0.2-2 -- FSB compliance, chroot fixes, initscript fixes - -* Thu Sep 11 2008 Paul Wouters - 1.0.2-1 -- Upgraded to 1.0.2 - -* Wed Jul 16 2008 Paul Wouters - 1.0.1-1 -- upgraded to new release - -* Wed May 21 2008 Paul Wouters - 1.0.0-2 -- Build against ldns-1.3.0 - -* Wed May 21 2008 Paul Wouters - 1.0.0-1 -- Split of -devel package, fixed dependencies, make rpmlint happy - -* Thu Apr 25 2008 Wouter Wijngaards - 0.12 -- Using parts from ports collection entry by Jaap Akkerhuis. -- Using Fedoraproject wiki guidelines. - -* Wed Apr 23 2008 Wouter Wijngaards - 0.11 -- Initial version. diff --git a/external/unbound/contrib/unbound_cache.cmd b/external/unbound/contrib/unbound_cache.cmd deleted file mode 100644 index 532162b16..000000000 --- a/external/unbound/contrib/unbound_cache.cmd +++ /dev/null @@ -1,105 +0,0 @@ -@echo off -rem -------------------------------------------------------------- -rem -- DNS cache save/load script -rem -- -rem -- Version 1.2 -rem -- By Yuri Voinov (c) 2014 -rem -------------------------------------------------------------- - -rem Variables -set prefix="C:\Program Files (x86)" -set program_path=%prefix%\Unbound -set uc=%program_path%\unbound-control.exe -set fname="unbound_cache.dmp" - -rem Check Unbound installed -if exist %uc% goto start -echo Unbound control not found. Exiting... -exit 1 - -:start - -rem arg1 - command (optional) -rem arg2 - file name (optional) -set arg1=%1 -set arg2=%2 - -if /I "%arg1%" == "-h" goto help - -if "%arg1%" == "" ( -echo Loading cache from %program_path%\%fname% -dir /a %program_path%\%fname% -type %program_path%\%fname%|%uc% load_cache -goto end -) - -if defined %arg2% (goto Not_Defined) else (goto Defined) - -rem If file not specified; use default dump file -:Not_defined -if /I "%arg1%" == "-s" ( -echo Saving cache to %program_path%\%fname% -%uc% dump_cache>%program_path%\%fname% -dir /a %program_path%\%fname% -echo ok -goto end -) - -if /I "%arg1%" == "-l" ( -echo Loading cache from %program_path%\%fname% -dir /a %program_path%\%fname% -type %program_path%\%fname%|%uc% load_cache -goto end -) - -if /I "%arg1%" == "-r" ( -echo Saving cache to %program_path%\%fname% -dir /a %program_path%\%fname% -%uc% dump_cache>%program_path%\%fname% -echo ok -echo Loading cache from %program_path%\%fname% -type %program_path%\%fname%|%uc% load_cache -goto end -) - -rem If file name specified; use this filename -:Defined -if /I "%arg1%" == "-s" ( -echo Saving cache to %arg2% -%uc% dump_cache>%arg2% -dir /a %arg2% -echo ok -goto end -) - -if /I "%arg1%" == "-l" ( -echo Loading cache from %arg2% -dir /a %arg2% -type %arg2%|%uc% load_cache -goto end -) - -if /I "%arg1%" == "-r" ( -echo Saving cache to %arg2% -dir /a %arg2% -%uc% dump_cache>%arg2% -echo ok -echo Loading cache from %arg2% -type %arg2%|%uc% load_cache -goto end -) - -:help -echo Usage: unbound_cache.cmd [-s] or [-l] or [-r] or [-h] [filename] -echo. -echo l - Load - default mode. Warming up Unbound DNS cache from saved file. cache-ttl must be high value. -echo s - Save - save Unbound DNS cache contents to plain file with domain names. -echo r - Reload - reloadind new cache entries and refresh existing cache -echo h - this screen. -echo filename - file to save/load dumped cache. If not specified, %program_path%\%fname% will be used instead. -echo Note: Run without any arguments will be in default mode. -echo Also, unbound-control must be configured. -exit 1 - -:end -exit 0 diff --git a/external/unbound/contrib/unbound_cache.sh b/external/unbound/contrib/unbound_cache.sh deleted file mode 100644 index fd2b4811d..000000000 --- a/external/unbound/contrib/unbound_cache.sh +++ /dev/null @@ -1,174 +0,0 @@ -#!/sbin/sh - -# -------------------------------------------------------------- -# -- DNS cache save/load script -# -- -# -- Version 1.2 -# -- By Yuri Voinov (c) 2006, 2014 -# -------------------------------------------------------------- -# -# ident "@(#)unbound_cache.sh 1.2 14/10/30 YV" -# - -############# -# Variables # -############# - -# Installation base dir -CONF="/etc/opt/csw/unbound" -BASE="/opt/csw" - -# Unbound binaries -UC="$BASE/sbin/unbound-control" -FNAME="unbound_cache.dmp" - -# OS utilities -BASENAME=`which basename` -CAT=`which cat` -CUT=`which cut` -ECHO=`which echo` -EXPR=`which expr` -GETOPT=`which getopt` -ID=`which id` -LS=`which ls` - -############### -# Subroutines # -############### - -usage_note () -{ -# Script usage note - $ECHO "Usage: `$BASENAME $0` [-s] or [-l] or [-r] or [-h] [filename]" - $ECHO . - $ECHO "l - Load - default mode. Warming up Unbound DNS cache from saved file. cache-ttl must be high value." - $ECHO "s - Save - save Unbound DNS cache contents to plain file with domain names." - $ECHO "r - Reload - reloadind new cache entries and refresh existing cache" - $ECHO "h - this screen." - $ECHO "filename - file to save/load dumped cache. If not specified, $CONF/$FNAME will be used instead." - $ECHO "Note: Run without any arguments will be in default mode." - $ECHO " Also, unbound-control must be configured." - exit 0 -} - -root_check () -{ - if [ ! `$ID | $CUT -f1 -d" "` = "uid=0(root)" ]; then - $ECHO "ERROR: You must be super-user to run this script." - exit 1 - fi -} - -check_uc () -{ - if [ ! -f "$UC" ]; then - $ECHO . - $ECHO "ERROR: $UC not found. Exiting..." - exit 1 - fi -} - -check_saved_file () -{ - filename=$1 - if [ ! -z "$filename" -a ! -f "$filename" ]; then - $ECHO . - $ECHO "ERROR: File $filename does not exists. Save it first." - exit 1 - elif [ ! -f "$CONF/$FNAME" ]; then - $ECHO . - $ECHO "ERROR: File $CONF/$FNAME does not exists. Save it first." - exit 1 - fi -} - -save_cache () -{ - # Save unbound cache - filename=$1 - if [ -z "$filename" ]; then - $ECHO "Saving cache in $CONF/$FNAME..." - $UC dump_cache>$CONF/$FNAME - $LS -lh $CONF/$FNAME - else - $ECHO "Saving cache in $filename..." - $UC dump_cache>$filename - $LS -lh $filename - fi - $ECHO "ok" -} - -load_cache () -{ - # Load saved cache contents and warmup cache - filename=$1 - if [ -z "$filename" ]; then - $ECHO "Loading cache from saved $CONF/$FNAME..." - $LS -lh $CONF/$FNAME - check_saved_file $filename - $CAT $CONF/$FNAME|$UC load_cache - else - $ECHO "Loading cache from saved $filename..." - $LS -lh $filename - check_saved_file $filename - $CAT $filename|$UC load_cache - fi -} - -reload_cache () -{ - # Reloading and refresh existing cache and saved dump - filename=$1 - save_cache $filename - load_cache $filename -} - -############## -# Main block # -############## - -# Root check -root_check - -# Check unbound-control -check_uc - -# Check command-line arguments -if [ "x$*" = "x" ]; then - # If arguments list empty,load cache by default - load_cache -else - arg_list=$* - # Parse command line - set -- `$GETOPT sSlLrRhH: $arg_list` || { - usage_note 1>&2 - } - - # Read arguments - for i in $arg_list - do - case $i in - -s | -S) save="1";; - -l | -L) save="0";; - -r | -R) save="2";; - -h | -H | \?) usage_note;; - *) shift - file=$1 - break;; - esac - shift - done - - # Remove trailing -- - shift `$EXPR $OPTIND - 1` -fi - -if [ "$save" = "1" ]; then - save_cache $file -elif [ "$save" = "0" ]; then - load_cache $file -elif [ "$save" = "2" ]; then - reload_cache $file -fi - -exit 0 diff --git a/external/unbound/contrib/unbound_cacti.tar.gz b/external/unbound/contrib/unbound_cacti.tar.gz deleted file mode 100644 index cc29476c65de13dfbb87cf6ad05a72d8bdd3105d..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 73220 zcmZ6xV|1lW6D}NEJGME|jxn)4u_v}|+n(6YWMXS#+qP}%WS;k&AK&+<*V=m(uBxl5 z@72{!6bS>8luV!m0)F;WD;AF<`N8sr_KtPQyE@}>G-}EZFqrCX$NYWxV#1&X#myOh zmfpEA!4UlU+EZO6LEXX`W7XojRz#3kB#)889+z%B5%Tcw@g4>a_|F*}wecz)uXyBu z*uD0TkRLAt2?f^e$@)U^g{cOlI>b*@OOddj%=5=S?587tC=;>D_iIl^A5R^Wg69`Y zr`6uAxF0?rW!1-fJq-9|fB$&gPP@8-ctsndSjvG9VSM<+&GC6%oJr&Om8PC$$7`v3C2w{#5A^?%79EU|M`4kEJ@(u3E zaMf2cCwli%b^?n>d9~kqHpk))MK!@^!&KOn00+M;*NC2br;~~Sg7~T=9^0Pp& zcW)e-Usgws5*j33XFg5Qrc+LLQ>I*lK3%85UsFBQr%j`>JPp~hDScDzc7KP1x<>1x zpkMeIw(z$9y*PdR-FX%>eFc>~nuPf*O+LhNTlh+FTR^)o8<)D!(_CwGexy+Sw<+El z#nW;t+@rN3UKyGz)6@2`3P(jcg{ZHY<_6Sh5PQ3}OqGNEdx70-MMk4u_R0>-L%d-b zm}|OY5Y3|9?vY-6_*BKC|QRX(}390h-5%kgbHSh zK%i;@7nOWAhdiL{T2*{3{Ce8%k~0DXO^D_f$)q$oV#rb$q_GYf77FzSjR7&zd9I}7 zstIMBHXC)?1-X{;?^e+ zt)ps<5hn6mU9kr{uda0DmMzNy%SWJ;&QDrX&Mezf!q4gLQY$L796S5noA0x@iH7R9 zi3(Y};+$O}f$#|Wm)MV(`g!5N1k~NIedW{%`VATnk9%dWeZMF{7=)(qCVz8y4ty+m z#N9w=O!1y#hcN(rM5j5E%ut;$IIC;X)FaBy^$V zQ(&QgU}h3Zt&^g5{Ay4ky4M8?Jar^K?jAqe1sv$&oHAdCtM8<6NaF1nES^G9M-k_i z|EF4r2_{O_LedrCZ4?7%K@JTx91S0sL>MMwv~pmLD`WtRXpf!P-NG4b&@&Ms4!}s=)mhPiH%S&9xgpeT|I@`uGrDTrPhpnjJcKjhpOAdc`(3vR~GLfZMd zecyJ;n2Qfj%>@)AKnLT4RYozPVVAe88IX{dpm7Gn(5HhgVuMQ*$gI{B#PI7?4EGke zT8*%O9n1AX%z>vA50oU65Wp56Hx`&97NHkVChbqFEuMo{2CF%q_pzqJSV>ASVhNJh zaNbVd9s^Mk?ee3U39*Om5!m~&DqwB)gc4N1q@GBbU*VrX!Wm!;BZ~>Dn3sztwpdBYAL^ ziA)-_c!ulDuM&ADvJ^c93H;o{2w_A3qtn$7sdo;8hLt0U5+&$MWyOhM&t%QD z$g2-FJWja3gDvm5M<&qN_VM!fTtyTZuOrl7Idc42aS-{qsFrbma^iA4cK$1iv2r1@ z?e#G)z5PvKZEru8$cHI0#pb4D^@Nee_#oNUHKV`%<*wv$Uf052lVnpg*)gXlH}j2Z z#&%)h^iK{ZQ{h4(GPd19n(c-63V5w%8ZNv>{rP;)>(w>k%lgPVh|BkB%FvdMpC8;> zRyMYaaU`(~^3tu2(z=@{ZFY$ZtWGUuTc@~x8)a=NmaXkF`!8MLwRu(OXQ>cQ2Je<` z8f(g#OL7JqGzv41(LxFgSFB(Lmwu&97mGV--^viPhTHzK{v&V4aB5BlX!^ucy}qj_4Bi`<{t&>MXr)lVM_Q8Lw4=E&&r}FcC8B?B-3yO1dOf4s;8aU!2loa&*1YTtblRJ9 zi$>NTgdRc*;TyvhVxixYqT+(D4$cS!=S$_goq-w@)?34Px5rM#)c5junuN1ZMPW*R zmQ2eEa=lx)L*%N?=HrQ{OLrsh@!y_00+tUA44a*258gKKFTKUiZ=M};5^i%Y)eb%m zg1~b-4*8jkldjjFe}tUg<^+t4K2KI%yW4%B&4jusbjir?FkO%IcNHbR zW>+~m{~3@M1~1oOtFp;}oTQu!JKZ|O2OEb^8^6rm%2;Jf=;Od^Jwh9;J?&CT z0!ljy@y6^Hap8eXCXW}wf!B7#+FXx^5ye4n+@%x!A@(+I8RWyC(pP7FoO3L z8uHjh4F^#4YvPV{jXI=doe(-r)1e)CSn3_1unHaxElDK%`A{M<+Ul7kTV%DH{FuL& z?nWRy;W$!!_3s0{r{#*8?Z)MrX^eRsWTSH!u9oyafm#f2cPHDTv*kabpSP}9D%*^# z!*<5Z=n!T!$xd+OH87Iky7d{Fl-%n+OvfJ;KYxYk6WZ1`@1Hx&Q(pFHiFdz8xA?rW zbHOT>#y9SM`uGZ~Rnt4y=xj{rk056~(Ai*CBC%reWH0HQ39l`bBC^9Gb94(hU#Q)R zx{T<~&FOp>!|3;~+lmqrQldkw*4!6K;!*K%)hI8!sr7KPsZhtn-ri<+=^9Bo46k?ibTOL_Ao2b9Gn1n9XQT1hf@XAp9yUkn45^_LR2 zo33FA+cawt^Sd8zB;mmXfK4Z#F(hp=Fw*Cn_R^{KweIBY{VwvF|jBAO3U7A@K0jEOwzub)SsD=D6%A_9+&cv0x<{zep0BVlA~Uc_;5#=W)v{W zAPHk$K}>~+;Cwj1C{Dx-lAgg)R5$Qd=ApBCGQ@jfRrbdbgAoyH1YMRexM&|eB%u`9 zzF03o42+nn89|sHn74wNw!}dl0`YHTfGE@iAdeJ288s48Y=an(G!J}u3X=r}%sLA6 zwIs@{hlY`YyM`c>W!7|mJ0wLK^6a(1A!A465YN&v6z+o&i%CTBSGcTJFxbXN?X!^b zLKk5%Oj^{F=>b%W!WSyM)*X>g};7D!-PKv)F^pG>DZdYS2)^%7zH>Ez-J;sab^eLDmT#*b7ik+qxiM8NVSY#~J`3=1OBVS)@i9gUe;B7X zq9M_>&?SM!V=PExTwOGzPx3yMK1fZ>6fnKZDsjin8cCNa40Z%X2C-CHJcWQ?${~Wb zUz41@EBKoWPT~!;)TBzhZfJmju_;%?Ja1+e6pR(tgs}%;0%IJnZv`d5bmvwEDxbSI z+b%zj34h#;RN{oyfizAk?CM788elKss3>32oJ^dneJ!EVWi_IDaW==)Xs$yY2vib+MaCjI_D(M_1Mt2LCgkRoeZ^}3 z!IOB`${K04mKN)QP6IiT=Or>SN^OiD1+`bod=lR%d(Y%XR3D*tHWElzsNK574X5tk!gMKpz z3|(EvrG>TEMaTVDN5T^Sgn9@hP=fGh6QIe15Q9+5fR8cD*u2rgd>0A=J7?i0{}WM- z=h*~9qazhZ1&mOD%PYvx)cO@U`t`vK#LObWKm4zXNacaL9uhzWJ0=bWpk z5#3kzMH2r>SgqNc37yv*ip)4QM!^z#)lc-Zz7QXT#Ka+W$kh;`2RQ1bW92U!1F)1NoAkyy;&I@C=i~6qH^=v847|Y;)}j2nNBx9MBKtfRl>> zT{5A<|8FhQG88@n+>z%g@dbi|y8S^p1dk;#4?)8DL8i|(^E3>0Ctj#yQYG^X;}jr5 zvTk4sP?CzfQUTAIPB9*E#$<6 zRSUsBf-@rb2{X(7{|2!J?ujT2q7 zb*NtC8L09vww}>s7kp3J`vwR&IK%)nQ8>{sCJb}~*inrE1%7DxPy&KH2-0#aDKP}1 z@_zRJPJSg}?uVht6PpR6GtWry_ZgmY$BZ6dDNVk>2O{Z+onlKymJ7%PJM(0TEyVZS z2TC872<{58=9t19-fO69IM7>+AS)) z>m*pX1jZeGg7`Ugq?{rEOx0h~w128D?O%IG5tIo2m&WajY}&z86d5={fcS7<1Q}US z{(>ccJ%KHH+!Hv;_&)-pzw^OW{Bqd|97v z;D3s0N9(rFOP^#8yLHT-Uc2FeGA5h&GZoEBAYhDp^jKX ze5Muy4Zkf(Z(l6=s=4F&i)f|s)$H4pA0$7ke&d{z?oK$I`L%dp&;wP3VQw)29l=ts zsQV)_KAJYF3^E_4uiQtApR4Xg&JRBPX1;{0-A0a0W;z5}1*K5q3`N7M%74qOrcZ5r zMsJWhU??WP-$g|6TuzOm-LwlM&rhD!c_O>Cs5r2YrV_!8@*)71q)ppN1HK7#JOEI3 zLdRips?3J-Oh*ni@jX`DvR#k3=G-^(pwSQAL$kGBODQ4|615aHK<%9OK9|~R2{{tT zDi+suyRq=vkQEQTmk>d3U;+@`V(z0{JJjjIcqj~($6YwI(m@XfZH-jo$BYtxm66PY zJ5YNT{{HjFNTp9LURQ+BpNWU{fKall!Vr#yGEm3#ex+*ICS}1?+1PqEgzvA-}{X)M~c=3hHa{yPC|=K%sC!$2T-6a|NZttG+8>hQfU@U zNV{r`kt1hJR3yal3(*CxPJY?dxQZ}iF5wiw4Ot4x54P1f#f(jTOi^@IFe0Y(N#6PV zfpf3E>TDz(Td=CI=WO|kj-F*?4C*;8sk*>+Id7P#>A;H`x;6W2pnLIx3EXHUDQt-Q zfJ?hih1ch?cQacdzCon}a2P6&@vlaH>TYg zJu#LGQ+n#b3PB1P+^&B5{Q{4mcm$;_qK~h+@O`_ACHe($xIvV$g|tBr6n%^aDhvjQzz~oDxiu4%yR;?2Fhf1!h`TsaDm5*v(sLf% z{ijbK9#;i+3d5P!KBMEe)ilCdJKXJ`3xaABn64<|T%>IHF~3t!nRW*Nf>4v-5D3_s z0`IUtIw?3aSgFQV-w;@V$koo&Xt~XUH?n`{=1Tu=MNa$s!Rzqo@E(6i(9uJQWW=tu zyxn;yhvvhG4D7<9=6S};bMKBm*Z9;mOTBtyXOp`bQ8nkejt^Q-LDmFCbeB<$sgOS# zCJhK0I#O3@X$cfAjV(d;&BsPz-Cbty_DetxA6@UdojK<*L*=9yt_pn>eaQg5DbXtj z5mFm`uYCmMLH~NJO*K-SBmf?aC;V$j3GFckfNFy5r6TOg3%?5BH+2R$(a8V)!@N~5 z1<9J`Z;F%yE%@!vj;{Al00C%iUcRwNiODZfq$7Mg7rQxCK=NOkT)oDw&{+Z5u(D8xXduZIz#n|ee;Bg5rAr6484F<}kdmZAr%t$v$lzB7BQd=6;!Id2 zY4xmJ9&*;tmE3d5ZM}@f$VJc^Q0yPJUt=JawybrYjX(O;+?S_&6yTU6aJ{kzgSGM7 zJeEe(8f=Qn)SDI~w;F2r{RpTc#urUt?8#Mv%!G>r33c-=7VXhK? zF$og_f`2_&5ohI!k-Q0tu}!)Hi(Gv4N&rmj0$9TM%57 zc|g414i+`kl?m+`%A}`a(+_+Q{=X)Lh_Di9 zuzDfmOZ+87s1fn2cW3-^b`|oe^F?Lsj@%W>N7o^$!Qy{KaSnpQ@iCEl+r@e0ekKx_th+s1}R-sCFC7a!dQYt;3_aqs5abIWdJOJfr>XVV8e=uPEcq=kJ?g zE3*Wv$ME$n1Ba*6})Z>WU9K&pW(XP?<6)X8G9RqIr-C5z_&asI#BgpX`XMLK% z{2^#}F8FII$Xja#kYyNM5qOf*$o3}|FIpl`I-Lx&K1(o&_?gv;y?EWU?qG#FdT%O1 z?>bxqFP+m$%u#c{o?wM4GwrA*HtZrL%M7%p@R)ZSh!%IQ?3Z$F3>sZ04K zL?0u6APZ-55IB<*EX%qzvouxx(mU>X;rZ!gpNbvpE2ov!chCAf&p=$km@=B*NUcW} z`3blEnE<5bPG;>xGap)?L4k>yXG9b4ecj(Ft?*n5+db_+zY$LOnhv^OyZKfFTa&J| zX5ze3Si|B@Qt}J7-yQ7dl3lF&t~a~asLZ#9wQgs(d*n~bSnJm)5TyVm>NUFLF(Hqm z{R&zgwE*z|5ylus6RxKVTgW=yi0F_eJdfJqtT^_bCrWEq*2xX8B~qI6;JX*s6O6RM z;Y-4W?^MqHc<`G~hF3b~4RfbhDg3V=JP+VljNb)+dK<5W0-u3eeA)!p95W|E!_SdE zR0>HS{Rsv0?rKo$fCO~#=_E!JlYlrZG@m}xrPsr2ee(;dM6AcieuqCBR9np3A6(f- z8lPwLzG^@M7cF=W*V{g-&=n=$SD-hSbJ+vyywCmaxYwsGIVAjm%PEl(Wty8mD2NEq z57ym3Y%8@RHP;l-WvlhM*b)4e(m+6z{Ox-{sU8Ug6y5Xy%vhKi4P?GKZAml%BQzh! z(=fefkNl5|?zqY1TOaH;{*%bI-jJdW_t)q5*=0nh!d^m;@)qP(`YDfw5MjiUzFHrQyVxzbNxvn}Le=C- zs+j1)AC;?pF@dv$?LfKT ztOI$j_cQ6a$7C--VvD+MAl8MB9*zN3pBZ+8#5L2CE_{m8&8DF?+d?3oA6_I=AjbiP zR4fsVjpl1cxfQCB(a04WAkc}*6saom?H8QFtfonLqCnqs2>^Rsa;|WvM~agwI$Ecs zf{$M8iVxr1$bF^k`zoitt_7@UJZg}-boEt?RAJaOc8ebYnRc|HP>0GJLC4f2#`~Gu z0R({&v)C;foB8)pXv!osGB>|jkSc0$rUA)Op6zbKYte0cl63K75wY1XJk3CC^N74D zOge;w6_iuJVti2jZgEP6?2H@^;Oj7aZRU|riHOw>=D0=5$4rZ;j79jS4y47khv$vk z{+dCc9q}Or_L(_+38f4x0I)bgc%2YfdbiNGkGiL*3(3nA#uL9z_)4-ogeO+h_VM@_ zIOj!z{_Y`=*BgT%K`MU2fbg1nFu384U*vH~^inKXxh1uP;03T@;*8&N-5%xsc94s& zAEZA43z%@{trT7LS(EzbL?Yt)we120dzl@eqS#aknoKM13rZBR=$tSX{V+PnVShW#Saolu9+QmmC3KD2(OK0rFrJ{E4 zxde6~xZ`?>nQ)h^X6&{TrFLZOdOU19972kD66RnHc;v-PCO}a;K^wVnm#t>(k>JR) zIB-8$%+I2@;j8u(Y`CuJy|UNO7(5miGt7|1Wq1L^ z&%6d)i;p=mCNXotme~u0nQ1%9|M(hMOt25TS=EX5a*=zb>(b+3XoI5Vb{8ott&j>K zsDF-)lbb38^>eDpj=r_=I?U)HcI|;#m!)l zVg6fn<(e}>A{Y{Z>7*Jx$~?NJ+`ULFfVURziQcV4hKT^Cxz``Eue1bnabOzoGMfRv zO1DhOJ7yL&$gVZ_6QR&j+*s;EigijU-zc5mkQW8@q+*}}CnI!ww}(A;Ha2R2{T~Gx zip>G;5M+VvBs1R#V9}^$Pn2S^A^*qGmq4a4DYmd|y{h;m*J7ABYLJT@YDmFP+Zvad zI8J}0J)p$@%n0PKu5^=O1gkRaze*_afl3O9lP_g{jg@TuzPM)3aMErj7USM;9nZ#~Xx zri{qD?d~y@DJYfg;zA+8`s<#QZN%ETT)5pM+Mi%>;vd)t z5);wg!x({M96mhZ#=)Nd#zfVgj)-F6tH1nSNy5hcTP{1lDjT`=EYB#PBbo zFK?{c^6+l(*-njN> zk!~@J0F(5U69{-TCf5+ERS5YgTxd$V#WnFK`xN}*>$Hp%(Gwg@RT^nNZ{VmTYn}U5 zB8Tq#eRadouJ9@S3ZtnnJP?HEs$S1eKc9CRRp)1FlBmj@m;_SbXs{Qdsrw7{^H)D~ zvv#!vGjvH9=CgqijzWk{Gub&5g*DjEeRX(C;txJ4zAx}V#8@ur)zzLX1g1l5)C5Rc zNFau!r6v4VsZveleAS`C%~z@nB*>fne$8bEnwHNjOv5ncQfZ61QK=%jWP^QOQFz__ z6WTR6LbnRPO45VQwhF_PM1xHb+48ICXR*l=w2`iDwdx}qBU^`<6fTS7`IkK*I zTDU%)RyqtFN9zE0ONoqI3^)LcqyuW+9QqL{x4HqewC zU42tx(`Cxee_C+pr7L%B5~WgcxP=Kst8g6eme#mCXVvP>(+ zj<#h#ZpOwfV8_O%XzY{vMsJ65+`^&&1s^?^S}d0N-ME95Gz_Jne_FFZI4%K#@Y`zb zU-#RCAGTM)=9S4v-uLVJ4+gA-%Z0}V8=@#9oI>g&dm*JY%th$p)5P0sUa$Y%4!CDB z82uC4HeiMLfEf)Z6%fUTS3t2)3~@4=jc)M2`zpm{wDIY`@e6NM4e=>=$#bmo@{j&R$1h*dB3{80Zeh~j5@q|HUzm3xQHW< z)qL*m*NLFpfUy55yArj{)t@ru|iw9qfd&dDrmiYWKdt-mmA@f zzkuDc_pOE8a<|iceWgn;FK;AF;cNaDSFM&IJ2KpG%q1C~8>RHE$IxDqlzqdJqA)?9 z_t@jCH*?(^eX?{^lbAQfkiJKAt|Djyu0zd$*?m2|{I6Py?C)V`$$;w-RMKX{ArRtV zl8x_^W&!}RR<)GTqy(#U)|LG$*-?ZXg}esi&=#QO>2w5gWvx6-m6lewB6iqFPe=!x z^~{gTsUhX0>(Ax3g^fo0qV+1OP9e@Nt|iEoAS{I>mq0L^oq8yTW6STW=Tw1<1L}hl zHNSNH-mfp^6Rd}8D2nVEA4VdrsUz}-ObHQ9#mM`?i>eR&RZ*`5Yqe585?t~@Iow}S4Mcpl#mXAOU#k*g;A8yjL zf3TQ6qAuC#W+zG60vjYMIV>OqHpwJaOQ>QdAyBc@jqey4)oh+Y0rIlI;58TQ3gdMI zJ;|{@geOj5=QIG}#D4;b(40vj&6z=*B=f6WlF%|Ix7d^W* zqT>SohhsnG5hQe>f$Le%tagq0jfrVdj2GMk3IZq4q}d+?Jt{a4U(Dl5QDe&x?)P7z z+#_h%`jbGjV5<5ZB@M_e+P`_qZt1jql}fCmBb_a^%jCaFh??C9Nz-*R+(ChTfh{25 zO++}b8#tx5K+9- z7(61tygzPU1odjNc{qhaPpC&&&mQC(65$U!wCc!pSk4e1dFYw;3|M1l%r)(q4}g;6 zA<3#B>6Au(Lb8ZwTpCT`{Mr1G#z1VSTJcOLK}=}VV-r04SnMqGb7mB3KiIP9j$=*2 z8K;_LGD}sVeC|?f>=SK>_|l@+)z>0B-bcy9i{1#jr3Bcv2AovwUcFja^Ay|&;&iAHvc zN}G{YXo{tQI3k;Ca5}!2mJwv$OouuU7$cPf#^sG&*Nt&&saS_Odo%avW#qQ8EN$5f zk;yeUbwquj;YLBCOkO5b58GcUyh|H0BD}TlPk$W`Q@Km+8Y&YJ6aucr1sogfBEG^m zL^nE2FP5uO4G|1d1RDIHVoEkkCi)-azvE7E$$F zFnUgVf5Kq4-l1{nNVlL<+;nHN`_)3HL|i=83piR8Z2e7H0yJ#MA($KqJw*{FggpdU4UQO% zK%?j3i^`e$F0fajYkr2AJCZdm9_6zrU695TOn{VuT4tadmIp7ec8IrUkOZ__^^dL9v` z+AcL2rC@pwjnkuG`m9LHyq;%-b9+k(EvwofUT(6;J8Nz5>X70s?U8SE_}aN3ygpOI z?oQn;VG6E24;1pN$l7UnVHEp8y@_7Q>jAkiA;t8rfUEchq&J6E4pr;S%6 z`2wx>R0q>`s@mC)+b4)4LHyyjV=L@1QRJ?jHt4QVskDB1aL+YaW(JRyZP%T1I8o60 z_|C(R-l=&dI0Jf_7@}?OeZjMzI_>vz2R8l40kub~JQ!2+D^j@?!ODXAsxsfTzqd0| zrd<4PTm#Cw1pfX5u0S~Z``IB_&}_YL=nLa5-Q<6Ww&GM}o-||6E|4$qim7evq%HlN zyy{_c$Eqsu7`T1rGhEIz-IPJthTN`t>C<5+z^3HQ*MjK}7Y5^d4I?xGoBf9zt5yYG>G z{KQRtr zj;X~y_a<4kOxI`?_N;_jr(v}$e@j(lQnyr_ckn}M+@!`>cswU5{YxVxou7v7OBs>T zS4@XJk{(a-!>Q2f%fO$vXZ0@wZ)#skU;1CBzW)4wemVpjHLO~U)&J*}K;-M!|4-t} z#s5>J%blic94q*L3*F8&J(iX#qnVXY>!4N=nB=@}Ul^0QM^5t-< z^A>TV+xH^UIM`TN-p%f|y9GZ@IB!kR@O)8~b_G2gOb2vcdhq02qX}D^GDYPLcd0kV!FBW630WNL0 zpE>8^!fZtlKCw&taFTnkp?}B@cpNdL6EsKK$iA&wc;+^^Y@nE0do*>y9sQ)s^{-?n zp(0u@<5Jy~ux-nj$CWq}s1yu57_F1h2aH(N!# zs+BtqZ|!8;Id1cyTZf8K$^M!c*54*7o=% zvO8QW6TrdARoQR;Gw~R~=4D?1cM#s}wU5ORv1LF31lRt%KM9>EMCI%h_g0qab`Ta; zDM!iZ*#z|n>G? zKb<=!`d4p}l%X12wNl>Y+8)GNnpizX%ylfuvUx4M z^r(@^0@0iLb9<y~+`18e>1vOh3 zOvK({-CDP~SSO3%u2T2@CF{ev^StA4E4M7}s-^3vA87ewo2$>fv_R`cgP?cA3%#qM z8YD493Ca6O>!Q6nffK{)xy|E?b*H2AGi}&CK`!XKO?OcVY^hp`q#9^y`Gu!iSub(- zTg&5xEZ&V^Z3;B3B0aPqGRpVk!^rM;kS?Ff*bU>?dv|C(KJ&IZwaR4IES=ZIK-H#M zM@a5t>&=F(?8VB_aI;($b7t|m!*Gy}iL^!T_k!K@EKEL-_(yIWUgC0B?;Fa%*DJlm z55}0!itDpPe{lt$>&#Q{`Yfga#GA|-*(fRsnubpxSOz22CkVeVI%E>Z!{*}?@6spPJ9P(y zWDrUI73a&}{0o*#lDai-W5R8xkb&0aAGB}7mo~ecNds#;f;>^;$L*D@zf7oxakcz; znkD}xbYEd+uKCv$i16e*H>and{~U+-bg^!6vop*b|23CHG5chZJ^+!q?&ZVt#5#8^ ztH>uyv24zKo#xnbt;Y_gAzM3-&~m;0}b}4q+2E&;p=gfBC%`c8GEe* zw{N$e1J=Kzm3{0J^Ka2q4T&u7c7F!Yn+33j0d_p1|{*n5D4ApZmk#u z5BPCq#qS9oSl}IsE@F*+Yev&-YjKIhJ;WJZIpBh~M~~NO8I)rizm*gMO@gHg? zRaC*N!el4C_o~ zr8V)T=w>VF)JA9U&BRnloHk0&(kVQ=G`X8M7pqq%6pj zYajOSASx%1*QtIsa;af=*~q6$%XZ^jbgfZXG03;C=$OL9E2A&L%9yk-KGpST@S%E~ z-8?vs+;)q%@qViw!^-gmpL29Bacu)AJua~R&521A=k(1?PQ@V}QBNbE;{I`{qsSWo z1-XH}8w!C2d4Q1^X3y`iC1FBADi-P7J}kRJC2t>wgO(15HcU;P4$&i_Yu}w;8liu5 zhTu&w{>EFlypPeGz4cM?u2NH+#8Q~V;!G_+$EJ54%mW8jAq2Q4-b*GU<3dDFj^vWw z3}ew1O*yJ@y7u*HUmUWk<3E~IJ*3VHeNh|Z0w{cs9~rzc@da` z#sD;CI8xcX-2{uB&?K}zzo00;`O(yUm4%Wze!Nqbf&kB-4htul{F263%pP+IF4=?( z2cylwpdq9d-ZGGG9CPA;-Vw96=;LYZ^i^z;9%ivQ)UV*cl<;7W(3nBPrtM_F$mtbH zQQ<=Jy!HD2;-xG6-{7X80R|)pVEX~+w=`^j<;TYHYV)cd`~lyA9$#6){-uzg90Z?S zEC?|~3hOMRIK@bm3h^nr@S?DH2~P2_In!6MgWr)ZkB(_xGAV%YhsB>5@WNJ8JyKK}I`2dW5(2{iFfCvzlxMI;h)1VCR+&=!U6*@$#g#`O-^!VUzQHZ=B zYi(#pek6kEL11m?i8%Qfh1ChY<6zX4Y+WRzO;rfH0l3mAPec2KU3(bb{kWDayFG3@ zs`q@d#z_NgmauJINTk($P@)2al#&3qbw#OcrDRmjPI5bknht%JocUd@DmI*UM zCiFO1cR>rP_WfQVSpkB$u-lF}!*S1=Pb!U+sLZHPl}@^XiX?B7>O-l-GOq)zv4Kfq z?BSc-uy|T5yF#r`eHm%T?{hq|j!7XLmcu+hP^Xv`nFyY7m*w><(u(qmZ8$_}%E&j9 z$fJi_vbqad+cl(nf;mWM#JGX}TME=)OisB(exrL-y1cL#5C4Cm7WP!g`Q>EfM8b}<` zKr4s=hGW+4_|HkL$U3DCiq(GY4jxrCoU_Lnk4+m++$=S#NwzO3(^^12bMxl9Gs4pTQ#fJKMgoR!cIe{j+ybZ;6& z6`fX||6!z36M=#9#t4Q2)-1_-FR0NQC&Lw-&kZe+*>)uvI-bRbf5G+SF^n>pN<9)E zt_+{fzH$&IN-skX$CZUORlA#=7yxShFz z(bpSmsG!Mh;5{7SVOmHAIcY~>Y3sCeF!;|D@oWbg3u80%5gH;RbWY7C1J#rgLvs^f z+orgW%_RH2u~{4b&qe9%1Zzteh@r^^PWRT1Q->5IpoM(h-Fovgbwy$uohJ0WJ6lHGQLB|5T4l8<=TWv<5nzJmRwlLE zEt9-t^2Q{C#5sn$2At;UbUVs;(jt9u%bv6JHM0A9g4Uakj%rQuV@#_bfui#sS#{Vg?AC1+Gd>kUpT|oasHGLdvnT7pNH-nS<6na-*v@e&vZGc4JSiI`}cD zC?MR4k*xe_#*mz81YlUCpUd5gjQ3=y>~Vo87=Xa+aD5U*hXd|uE8HzLXXw%GHI<q!e@|iE+~kFwclV@{N!^8_>&*Y5>K(%~Yl3#sIGNbCt%+^hHYc`i+jcUs zlZkEHwv&lsW~ zw5{pzP=r&yawPS^TB$8Xn!ZA3x;Al@u93vSqN% z*d#mKB)HMoZ)>qmKMhe2k3D1e3(L>T$Ia*6xdWpAyt6tf&Dr8q{nVCO|1HM(M3Y2! z?014*$d^+!E#Jn>Ml0CWpZ>R*^`3&OHC4taGK>2O7kzfJtZm!z!E>_Jn&ro8pMy-W ziY`7ttgFxVpLwAo*#s~Arum9LjiKiP0x7-C)f zMP(6QaWLr_f$k%8gFyj;CjW9N5jEf{b{C8%1#Z-Y8QMCp+4i+TXQ5LL#Bsqcpd)on zL>Fbm-z@1KhlwsQU{6gy4Yp+TK-+K&N_vBpV>7B>9r_P77$XdxN*Rq|Vv>D1!=vVDtu;U! zags}4HcCo+j8H`!FNJgPy|8V&;HcLbb-GHOB%5QgpCV!xVfO6swTnjh>6 zIy4+>tCx_$!ERy*N0rE`S%nlrg12_I$lEu#40W#G?l+IGGk1 ziizftaGw!IWFkaN2*;_j>MW0ITM<{{L?#N0AIXI~BEa1Z zc8B}N+}b?1MfI+x6?P9#@5jfTfwX6;CIb$UR&B9|REzKP>p@uA$WU08m$@z9>O}`a zoLehG-hkuN7sbBWjo-&vp4rp(l&@RkhwvX}x98SYs<=Idp7+iVVdZR@yNjfEtGw8b zl8`0&;vMU@wV#V>W4G@-7A-C<)^&cKw^SLoMuyl`CS_aY7<^$22#oX$x>6sCg|nnbKvc+EXjl*!mL1oLS(hE7?*A(`-tW1= zMuu@BFeVC4RtW`2hn}c>4;eo`-^a)7Yf7wF?dKbxzTyV1Rq6^6p&^Xqil)-`QKtp~ z8wZ{bnfZNC(N3P+5@gi8fTLb#-EzbY)7@YY%z;}R zXq#4OIVyWvGe@vPR#-TEKNy?yN{Pqpd-&ks6HIQ2lWF{^DC6NS5r#&%?91v5GiIV^YY&c-EUuZH9N^7L!%l=@59 zNN}BpE{;;PrfwUBop@6Sfuz)hiib9nmQ-{Y(Lyxx4b~{J*xM+7oOTdVu;}#5qCE;b znb`dS%?pW>I+uY$d~D5DI2J4-6<6QpaJORzZBj2XCbF!9hj7zgIJ&1Ky+7-6tb=0^ z)&AwK^*nHMaLtZjWiLYZ&Mdh0gUP+-aP#$UYm{HUI_BQzfrX&OI{E5n%LQa_e^?gF zj+@)$=hnf;=Vp`JhXSDxT3RMg7pT%|9)Hs<%nAswGbl>GL7QtJx`#%~I{ zyB{fb2q}QO;L+BQ(J^grq0oFrIAW6Kpc6@f{5Fo{v_Q%10 z+1PPk%Kn#AR>{$S4|+JYBpBGT4p1;(y9K{HAU=Sy`s*y2# z2?9h#u=3G*=0pi@pt6 zB`M!hYKcZrxQLC*ay249oZ?@BJW~@qQV~?ZDcHe$nJlg&h^HU{VwwaCtJ8VHP$RKWWDJ*W;UW+_*}hVT66h;E9S^_Wbo|Mqzpfl|`x^#;Qw z>XBhq)-5%%As2cStud12$Cgp8SvTNVm6aS(fROAN2_1ybN*G9?Gf7R>8!93p;wN1r z#i(G1XtAgT(1??uzy|$B32K1?n;;AnOBDxd9uZql8jBW@wZKKdCM&1Gwmixvg|{^3 zpu|VDEDdQuUV@-r@xMSta?iD=<~)YyRA|B+1>%Cj4`RNB>_68I?-f>Thgt;niSMPs zgPP>Z^}m%N1DPwMma60X6XP~#LzP(_r960AtpWdNF`cRmI=zx;(A3TrUoYcYvF45wlkSWS zAEm=mT{Lq0T}y*&%Cgld#=EL`vuC&G#0S7ga0DDW%ttLQGZypeg>du>%E7~bG+Ft2 zBbM`bA>gH_pxnA08F@`4c^V`oJtxu(hka!zbQ)wjh8L)j6({~xd^%S5vuL9lVi88T zrUuoiVy!kfHr?yJY8CHXD(hhzPjB|Bx{Q|coyA#N)}QCy+ECmyNX*{1eHp7wT)I!k zgG)Za4w+aV!%DQ&6e?>MXziSSwX(V;z-6alW!T_%Ur1Ob1{e_h@VDW(1pYTg)=Q7G zN94Cx$V}r4|DuL)d`g1&5HAHX&g@n*WPqRt1hKV%_~17y<}b1oG9VL=1$x|OaT^CG zcNtWJ?bVMr^w4k*8P2}cO7P{YhSGCaqG)*T3%V2ay|)L|j;{^87Do%O=pV3X9{V%b&BoPM3{knOiENk|V1rGOxKlSM!fe7lF%_6$MJ8D&-u8(PBy z`LO-JAo!0j!`HSY3GJ38C2fiO*(FeqYzDvfdhW%3ru&psRytEvu1Px&Hl4dy;Rw$)MHd5;hfb z&9Rk&!EhpvfMCef)85@>Yd1dQxA2=Y3ncsYxoQ~M;;&O}!bfLCB8C9UObx@yGEb-Z*);8cqwlRloX_^8FHvz|*6IXV+86l8Fmak21R(iVt z9qurJ$ld5!gwD@7ly4D$1Y@yDRXRF>|L`^nI;2nA%tFx+Ri&9>{DOz#!yU%3z}bno z(FbGp2qk={r#qXP&)jyhPZ9VDg~be(K@D~o?*Lu7n*+0|L?KwvxW1b&%cuxV{Z~C? zaw3$}hf-^GLwrIpJYP7x+{iu_iUj;vh%=1yQ3+=P3}e*&FuQ3k7yLgO4>+R2$UaVD z)EIK?;_`U4x^U9+Sa>XVwgAhQ@r7|3A|tS$)GRC78uhBaxQG8Ga9Uyei5`NFY2g#wyVRara5M?OD3M^a285|`0y702&GXuV3b?Q4?keW zMJ#wU3s;!+lgm$;@Z;0+0%7=bN>-g2Lu6J#coSth-aYu-Sgz!G12EZOv1}jRbQzEn zDsmLo;Bab)=cZ+WY*kD%LKM~(jw=oMY_$ZWv3(E1{Y`K=-ty#SM!<=H=Ug0OI5H&8 z8DWJ;O(6jZ)&xgKbO0p@ts^S267$MueEGgT{EryPdrI)Gp9+gynf)Pz8VOG{@Z?U^6!B@TtCKR98b-+sV6mPsC7*3C+0 z5;_@0#$j;X)nzn>-tkr>#pjb+Fk}=8xrM z8ImdRKmv}IQ***22c=F^!#|7tKx^w|KFV1LmL%(10Kvh*deYMHg9jivhtq<}=4f$V zFvNn)dkH0Kb4~G~s7Rr|Y^qpkUlLgq*AdJxQL{;k`DGo=!$MM;egsk=9fAd({KJSI zI8`X+-_gKI_ohye&mj~9>GntwgJ7v*2u1`=k$L2QmcRlW#Ic#Dl#MFI4Fn7FVGw1# zxae7iTI!1j#QjSmyK9%z;fJe2EK1k)idfD)tqkfWzc zFvuKm&IBb491yjW&>-#<6LbWTOKNlXTV}AWIQJia0E2ttKcTpH_}opB$Y4lARTL`9 zNj5cc91^C~yF@!R%edvhAPRB6)TG_^{(h--u)ZV|*Unu@=-3>z?3?yGOVhfDSW)<& zvBZ3c*fHRb3)lk#atQZH|GyzxJOD$2!1_js17k$;2Ssj3;(85@D(;bYUH)-P^d-S| zxGvkbu@~&7w^{PcVU|n@L_g(E7RO-mE?v-3iNQr6O_GfW8qMx&4grFmN$H9W=&PdC z9Kq*}^0&Fo_5$n&$#nn2*1%>2qyE*%dU)$$9g69Oz_@@%+x}00MkHY8rT1#gbx+r#U{wyhnUNj zeQ=5t5v)is>VI!=!2v883Ah-}9RKBnfULq4MT-vYAPjmy+-`-;kQj!sbdC$4`B0+3 zd%CIGbFe#yiv58TZXeAV*m=T1wd{60ra zfd^>Rcb(=-Mp7E6up^TO5F`Q6i%OA9L!lD-T88}aq)DS5nPVoavzh|{H}+#43!}IM z5+CCWyX3LClTLDqcVD+LMP!!+4CWUAP|PkxAxk)9$@|qlzV&i2B)$FQDOIfkDdLlV zoHv?>91^hDT!4z*cmq4YtcnCXM9h6c#8~|muMhz_G}MrI1)y$ufe@J%6#mz?=y!9$ zg*ib=fWcI*I(IXJu=^5_GSdW*tP>qmj-e@y+QGrYjmTsUBKBh50dQ{hNDMCbJL@Z& z=h_fGNQXzyB{YQDGUg=Tq;;SqBA6iI?Jt-!+efKi8z_@;Glr^?MinK*renO?yvSyo zwCI(QF4O8f82If;~rRs%%?|y%C=jM{!viRq;|T?Dm+dc!SV#f36uHD($)tx-u;gH zBtPw+n>c?W6@qXE#e}3KfS@Ah^t+NqX=y4uddGnvlf)CB*c7w=mzR78ka0*xvTiRj zmdqh4OlcD&(*Q0~$?Oe)9_FYr+j@3FbLapUl~A>lg$NU+Q&zc}t+Jzu}wcO|5j%*qRIpY=6YMg8TG&<=bGe=U1w~$>| z3%kJVTV0~&K+o8VZo5?#bX4VJAd!LS%2vg_j=`b&3~fe#fhLA5j*ko|xq9oon`~EN ze4!+~n^%=%`%h{3h|n$qDG^aVVk-K(u#%!_Q-#2-wJK8*zpPA(WeB zmQJ=~Pa>YTp>t@UlfpB(pW(Sl3^$B>Y*ji%g@`SEq&MTY1HA`AW zqT9i_(ST;?FX2(_c%dO5hhd`RMM2)ZOHlQ@Y4WM_V1wRmEUJaF4OZ+{go%;+QB^ATdk7GPC%^g zYq^#iEuXgUnk77+^H$unst+wCdo6A|{ch>4boCU*Q*0#8yuyy~krpPw*G`ti#<$({ zP&PbqgT|NTT+@P&*|4-8T2A{ZI`$qLiFTzUy@7MNt#oUS;#e9(aoGXs96<_<;mXL? z{?ZoFYM!SQEIXwxoPU4tQGiNY%{uO;#NLQ-ex0D>gcD001J{Q4O?Tb$fkmZ!A z8Cv~t77j_~8`2P{j)Y&}xCKuCYiz7V%UWNy^8~<>L}U?r&2P8O{b!7=btfL5aX&AqFuD@X#PgXURWxr}fta^Ga&0 z*3^9aAlw))UkDp|RUZ77fs=N`_rzo}Q3*ww=7{bGy4*$cZX`Y94~Hvf7U8{d(^zfq z9!cv@Jq9?ZtH$fV*bwEAk1h0hn0I`DI`xoekp&F$n;Fx|5DH_I3T_>RQV|;G&zAQ) z5CXWD8hWad-s7mcL}(KQ7v#d>p^fybvM019QT4DQx|&0A*$hx9RUyX|JabtR9LQV4 zBC^aeVmtSE|D%zOt@(4D+t0N55nGE6DU3}yqs!##FE3?#NxdP zh@a$A@e_ig@GqCT>yNJOEN7IDtu(gsFKfT>@c$@p2|77?i6}?weQ$c2ZF+vymk6j^ z%Q+t%9!*qcgzd4QUO93#q$p?L3SlfY`xpH6XUm=x}~ldrdoS_zndEm5~K6bmW+ z{9VzMOvw1hd0S0HTtK11q7Poa6?|(O9J^P{$ns@uBb3D*8)2RDnAAg+qkIbrEQ1VH z<{`cnJRMS)HeEg0BVG^qvK@%}cYv`wLS}fA#}ve5_k++iUpNZxG|tX>mEq}ctSZ-X zFQqj&)%T?_<2A#5%Zt`KFimeBQ`+ zlViz5g!7$+7)<8PiCMuzB*rAuDLBfdFo$~Kv(=?-7dqi-ail?eG}r};jsUez!!iOQ zdyNM97(_gS3EK{~3%rjuZ79TZnw~OSC8PyEHQx{f1DA9OJv1jU$Ap1uW?;=6RIWC* z*2`ETGY~(*Qxj~2*5F8)ims~<6?yniEFtJ=wC^Q_527XSdW}i_KeTDg z6u)G!>Cpx}lNNwAt$rB%57xwqD!suED0S-Z8d{98U{NHKY=Dz+hP@D`sgDRyaymI) zxq6C46^MH5u+sVsOaYUufKDIaU?SI{Po|F=EEbNBeeNodSQG|fT~fF}) z_{1}%7U|5C?m`C^3sS;F(P(5RYYi2!rn;tSIB(cKN@k!|lKOG*2iMWW~GtVKQR-!@EPxenNQ0I$Su51BKwsg29&-y)!grYeHy%WfH?am?hHUo>@@WddA7wkH+??pl*vo z&xfnB974ANfeu2W7A=O8=bN2vo|;tlRv2?zyUUL+GZ(+-TfQoaT7G19kI&XPKlY>* z+xz#8$GnA%4DHP=-tCzc{_n5Pw;5TN%(HEL+GDW0%54n6+L?Frq-TBnnGlAx=dts#4lpA$7vDFp|fS2BrlDK1v24jSP0Wz;iS z*|;>D+Mp&BaUs_lKldLN7V!@Yb45Z4`wt6y)=CFpVQ%)Z04$7$Z_n@0>mNHOn7A=P z3Q6hV^rug-BWrMaZa(u-^848c!I#T@TFeW-*kG+pe>c1m;ps=Wz|3a{TzpHU(gMn5 zV0P0^5OfN353(Y^HGv;K=Yr3F`!HueLZ#&fdp;kxYDIdS&RWvn1shZq4Lt+B>e&ff zau4RXEvxcqy&ctDle|kd%*iS$(Z9~-EwxA+W9nM_gTc14?5S2t5nOnK%XBmO0qBbfUJk=vKM%NM zx?eF<0o)$O$6l{IQ4bq+nW6{FQAgT;L*?zB&XpQbWqYLHGh5<+r$)(FP9J4T#gLf$ zVyGb;e^n#X=B(nECDFU?9lxYCu}W-0SeH7Gy6+7E z%pP#_8|o`NwRc|DWwd(iGHtJ|Be$5g^qk}zp7x(0tU8X4b1g93#cD3N}l3>SN|3hKXZW$oBye=oTH{Ve-h z*O_I6g6NY9!pIaSk9fou&wlzPP`risG@EQ5lqX#~xYcpi`$t^nGzPw*5_>^SH z(u*dvYMx1NWh>Tnt6IfA<>xJg$}1x2K`bKUSP5eQN2lzQPegO<#O-s2m(Fx=Vs|Lf z5$~rsyf8CZ_gQcCvzGKYl&p4d@hm(p;z<>oXBV`2S3XB^kkEF;sRrZf1|`~woLE7! z$i0xD1GfQv@7IfS$dQHtRa1yVrl9~ujGjGy`h6l6vVldh1>t5D0iJqL18ypi`XQ%_ zSZ@hZZW$$VD$y`mg?>*K`*LH5CdB*v(*rMw#hTh*$hMGaB+ly&5p@?d=DCq#;mI!Mupf*g{D- zA%RzIG_S}|PC~yN*Z^((*`kc^28uHj+8NtE>T-U01lHF(n>X zOmu94#k8U^X&JdOZ7I!g-5HWu7zH?El|sv-?oAAU#X`IsJOj0BmvJ})kI=!vRX#pY#lhutNZilPm20!|4UHtPgs z)%H!T>>gX$Kd`pFMguN@?l^l6?(%f!H(QI&KK`11~)NxvGW zSP$@|`q$nNgX_48eNg8!`*%rO-%eB6-|<%5DskdEZ$8U6Sm3%c4r_ zkQw9Tua(B7D-f2I4!Ni)ge-_Phxx*1`C9X1hpzPM?6cE!JT|z71M*?#8)pDH_g$Ud z)mCx!Mu)PtbJ=-&VIxmCNgvinWHK6%$@i8jE`Cy=Am46kSf;6!lv3H~^&2 z*^#p|wGnlH;Aab0uL};~=bkr$V|iQbko4VT8Kc=nm!GaRU#=2jBTN2I#bgw3&&C~t zEk>#iVb|4eabM4GlNFwXW4=xP_9?y3YhQVKj&)r4en(!&;ThW)xYnyd^`76BZR(JY z4x9*;V^bz*oBP}HcDZ_sM@e>(?{hOY5H5WnOYqW#eOl200R@B^_rL{&lKD7Af6^}a zD%4*cHcYZ^@L4^k*YAgS<*;sg-s!P6Di)WYl(!CQYP}YYMiw>>{-zsKbVPLoKUawB z*7M#u(>rwRTXQF9HkVs>5Zkc(WSDm3seFCiw|y*>!oJ5>4^5_QM96WZshX6$yp#jl6)3ZqZEzRa6loJqw$D2uh7}u00YX(*wn6TA?AHb#+=*BnbqZ;{*RxhBYjV9O9KJ)-A_1 zPo<%gJrq(ZQW2O2i3_10i&0|nll+#!K2`m`%m*4C%e{UDjP$|s*T>I(JXV+qLGcxW z0`ORnqsY-Bv7F4g6#D#~zr~2clWq0qy*$!iq(T z$p`i?r$w(S67HAK z2Z{i&V?LPcE;VKeV&dm%WOGizY#QPUnEm`DXX|+P*L4bfXFs*Owi8asdJqz5)>w%F zL3K2EFQcxqRRbYaVAK+q=Yf2Q>6yxR0H8xaaAU3EI&S`xCNVJ|GcENg_h&ThAHGVU zStqM<)Xd`;7gVZBPKz3)AddY&%>aAJhU~EP$|n!3G3L|vf7mPGk7%n)%*If{!#bhC zjQpZj8A&{;L{k77cXkfY#P>f;-w3(w#OJS^wk(t+QRk$)0-8XO!akXR5g73ij|8kI zeWK+VGwcXb-zhMY~`u)T)z(XB`>k`dr6|w5=FX$*d3<*~e%)-8us;l-k*aP)r`-Z#hT^0|4Cx{| zBoo*#smwE3eFxyqx#|O8xOk2_ncwC&T3(xN^_Si;exiN72IhfV@H=sY-2QkY=|EXv z66itT5JAI76SguvgcVmNb^N{z(n{=Wam1i5&svUS4zwwhYG^Z5_uJC?{VHEC);_8x<^7s91|OE} zo1>$){=|*dnPc3NDOW-BAc@}^j&!hWLkDX&K(Q$aT2#KT#!xkGy>gI@o2)j%?2V5? zLG+L>;#>#DBX#NTu~5um<6>pfj64S-L)y8?h4OYF(o+c*rHvBGiWu>5(FfM)(8QgJ zVS8J#+5EFbc+7SKnPMPU7ivX%Ko(W-KHsGw7%VL)^>h?-&s#ze7laIc=lU?oa0WkG zI^j+6vKD!vg=85!Sf!82HpXEb+71p$E0!BEeG{G%N45(MwkNs*IJ8Io&HuaH86GAA z+dAlefmO9;dYYX%2s}w_U&pVJUc2~%M3>wAtCezNU0E^Jrn-e;q9xTZ%~ZS62`0Lx z1nE72s=#^EF*P_}>kKI2UUbLcVQw=}rqb9&=R4Si zKL80`-_9NEtea{K?5ulz5Xb3Fq$q{?x@0XfXfEsgl~C>iO1I~V6Tpf=$78~uoch<& zZ>h5ySW%RChhh*tmYmp(%Fs%%iJBqzE``d1QL@AcH#zhu@rxxbP@#Ykb^GPOgyJ3> z6>ogSIJ6y#8>qB_L!k>pPc&0)+DV&DS#2u#pv)1taL_K4G(4St$~p{lrafm*cugPi zp0sqd&&zYRZUJsfk0>N20BOME=x;KT^Khw7bhdv|@pCFow|ANw`6do#J9*5s zcLJUQ1nQUm=l_4Xz1L?sO&@g;=;Zt-@m#73cp0}=2#_1Gp87up-sd`b+}P3ITv;qP z3m=s-`A%*qKrgs-9FW~8zD^KKA#uwN5TvbeYYh*u^Ln3*!T+3b&-vcy343sJ@MwB- zVa9m6@jfz*LOA&*S8;3@`_AEpeS+i>;>daM;~$9{BPoo-BzhXc@QaE%8XI~Qi2aM? zaW|AUP`R+MH({-#J9KpZ*QA~6%kc#$3dMdk1omc67*{9yWMFM53=_h;i9Xb{GZ=h5 zilG}5BJR7pL*s+(@PrwbAu3W2AC7-GZeW6`>fI6Zc?1qo2v+W(=# z%>CMLLOtbzrf{Ai4EF}N4iF?b#Leq@7kEcfc+EnNuc^OngfwE~-Cmg25vC@Sh6;!xk)(znhge|PtSig5AR`ugJN)W77Vam3xG zqw~_H1An4!F0P6C*jj`+ohEMQi#<=(Ie>C_2tAb(T{*{c<Ygh)^n*3<;kDzxO zufi*|S_T^t>nf9n#~!+{i6qA2p`o=do4WQQukd>M<{{hH$6IyMWpKwmYw6*Kc!ry> z$7WqRC*l>j06j!ckyVIXhOnC%c{K`m@hEp}L#!|atl!@^Cx4z*pTGU+e(-+$KpL|N z`S^HH=guZ^yVn{Id;7k_bo~}_iu@jMRDtRLW*imon21<0-~M(x;78}cSAVgC!L=i3 z-wgZkbbXuUEFJcf($E9*21N6SNq&y=e6P(h2WBGX$&QPq6{^Ig|=t*VAxmLwwvF~$;t838AUf)eaN zgsg9~EIqGfG{1lVwwb5N~TxLPAwrCvQMjk9xbnU?s=hLg)!4? z(d$Cey$aFI=6LM47TnQ7V8@fG2ix>))cNqRNA#vmsL+z6~&ei8$kceJA+d?JrLk zSoO-NgOV`WD0G4mkf9R?ulefQ2?AVwoto5EYE6O;)rB`g8Y`M{Ret_1cejpV?^D;1 z3!`T=tu0)R>4%sLm`)$-EfqKDZSAT*=|f`xzUFJ(PM?^K!e@+475fN!2|XA`-GirI zS(^=#6?+v?wUN7(iKwAW+pN|DjI8HZ^`pI|yQL#j9o)R!?3^k;6<^=_*u5Rx{0u)g zsj9jdKDCtOybU8k5>%r zLrx3XBM;n5n_RxiJ2?bA8o2y};GXdIp5D;(xiu>?OJT!-t+6&Ja^5Mtbx{wuQ|fMh zO=r6!t*z|SHY!Vr%E4q%@t7-OC{jTqdb)>rGcr20C)8+Gqso-4v!JM~*njkP^ys>` zyTA7iKi)no5pHZ_2Ws_iGDFOibZWyO(ClV)gt$XIn#xN^m}wjh4mdJ!4VjuuFf&F2 zNtJ|l5vv@zVQkUFP02SRMZA?BNEpm`sTGbnNJ zX}e=R8C(xWG>0?quq4(kz5j&?@NmZAk3T(fP*iBr5unQ0v*yWPdR`_wn1E@*xLkC) z3h)g`+c}Aeb0VX3pSWlxAftaDizd7*DOWUgt@5P z8UCZxc$|hZ_o=b9jpGop?APuF{q|GgBFIvqYPHD~De2)R?@ldz>?$uu9eLkRPfO3= z&B|#^6(3t6t|@lh+QnRZKm$MI104l!LSc-^9+_q-N=K|M_=X9YsXn&A?Z=?2J^+yfAm{3Ys~i1eVRi-6(=;#0@M)qWjy z84Th_<9C?$W-oqT3$-<{kQhp&(qcu+j7R!`WCZ(JOZBg(UO($8?BCMKa$%ib_P0r? zmim{8ILinUr&%oL#)jJ*&P!Bk3syQTRiGQhgQ%5;yUHL>zUS*KznE5g{|ufCn9dS7 z`R;r@3sc|uZqqJf!dkox?7$XB)oXcBDPkg45s+dE$c05JqHHabACFsG_Re-NVg9`q zVlNrtAjpT|krF0=qj~`*RG>dGTVNXeM>v1504K|txe6eHR<~;rVn0M8t>tc*ElW*R zLmOlv`U|}N32=Op(f?8`Vyw*!qhHl^U=-^yn|dl}m>m~2CEScyMxyk9NMZkH9a|Y7 zXwN|Bs7jin&7V2&s2!y$vvF+Qzoc-ZvqQ?|Ru(W|+03w`R4^-|P-3>M$V|D`)^7anD7Mdp#lj7lrF&%ke=p z@d6f{7h;Xj76$}aW_Eo5;;f8F0PVb9SUL&=>p}tGKr8(Aa(1*eU{;cY~87ageTVEJ- z3Yf1ho5Vzi;$fWF{Gzpgdmo%MftBZp|*1}e~~^!#kdeO47t-@(Cz$( zXp#!}0OY)YG0uPLv_+~>&L}5t8UVfr3L~34#xz2i_(R93VNuJx`fySqDbO_(CzAtS zRS!x)kL@GA)lR=Fmtw&#EBktXYss-S)|h#84cueNA$(V5)Ka`_C~Kb_I>;0bM#<{0 zeO@w2MKEX6YVvJmM(i75v8$k>(083RK*QOkn;s)H$LL?u;vIc! zlB3Co?qvCal`;h?D>Uu$)kHF8?Z7v!*Z)5<%k`%Xhu!GO2Kq*GE{g7M)EzB+ft=xb zfFG3{AJ!qjAgvd>il|s59NIfUkT57Ar&OVNw!~$4<*?N<6B9kCbbrl^#$S%c;3rfR z*cs#@Dwi(T&t_3hUEUAp)*7^_4$ZjJ26r>G{jH66V-y29x~J+WWNS*`ACP#m!a%bk z1&f>pLK&o)S#WMe6V~2*({;>P*8oS~i(8Psi8DkP>TxSG4!o695)Y2V;OmAgmjpxxSL577g_0IHx)Y zrnvGs7Qun-u@qEGCUoTwnj3h_*(u-jw#kHYlA~250z$%8RPlXuGm2$A2!7rcN3#>1 z7h5=XkBdG+s4;#pmlEQA`TDxJ!j5QOoe-!prwA=GUa+F))p$6%xOR`3D$QD$Og*w+ zG+b2b>)WJ_%a@d_&H7a|vEYmony#gqiKyBMOXmZfYE3i{q#}=GukdhmGS~J&jT94t zwe7FUsVP@{-S5YuF9@gGKF{)#)Ktqprtn!BcerS_G$XanQ`lV2R@vKFZ+aoFu*tOA z5A8!RY)R74DhD267n^Wi(G981SD!dFN?u{rTia+=u6NdFRnTs%A1kHWT=`J~7I8!T z|CUlqKhH^kiIW*U9HDvOn~3l3^zJC@;b_z5^y&7060d3HDO16+quVB%YX5vo>9;rj z-TJ$g3H0Swc@0!1q8NRZ1)4!sGjPj&9=M#@Asf9^C=(*_V(4Qg+{DVkZ!NM~bw^cy zQv+UyXibAc3$XGd@J1Y?H;^KoJDScwOlSg|vc$D%MvZ`w_4mB&RskJjGW#1X&_d2w zIa0vXsG4dc>!A{)PlB$8B^`r!79`-hrvyCK>kc6oB(Q=d5Bs8Sk7oiThMEQDcy}q# z5*V7haWr&e<<)q(+SOZ)uwpyFE5xkobN zfyLkFyY!-1A#Q@%GdvL6m?W;rhHPa?%8?b+&# z6c#_osV{Dd7MzyPzI1zf^AW8seGw>bxg>e$&A;~f>!`&j4r_g)8w^Th{ikana5`cb z8dltUvBeqYV|h9)9WcAUUIf2qEiqVy)0XEi>B?~R_JO}K-S=%xa!LIh*RJXPrNtNv z=D3sf#syfF(TxPem)m;j8YpqWNS+L2)*_IS8VhuR)GvPKpigVcDk;H^q=<+*Qajkl z$fSk|8w~ErC&=4AodyE>wa%4YrMe%u98$Nwr1gW6HZHlTzwC*z|U*XZKr1Drg29X#$4SBbZtHibeI)9G+`s$qqvxXYIC4uh6S>e z$hqf?*;w-Q{u%RofN=Gl=0YO(rlnVhaGo5!ee|KHiYlNP0Wi@KcG3dK?2XstBikgz z2QT;!sS5C;cc4iZ4EfVrGB8S?|r*{>cp^`b=t(=%^0FwY#LkRaSonQf2 z3&yn+)lH3$5VJ{0FDSrR32eeHB?H0Mfmq|MG{qxQs{=)kiI813*scx>k{R3GENss} zd55Ku^=~+hu8c-lhpc(?EfGeI3}5*grpxgLV&ah&yC&%IvVRyfX4|)A5Mw!HBgDUzoic zLjMv+VH*LrAF)9vQAU;e`n<$_XiI6`F`vTzZ1t4o9>Ca2QYH_dW^^6Npj4o^Z7Sm` z5?Tg5goYB!#(zWqf94DW%%P{+v&fZ?VTuLGP}77PJj~|LW%_G{V6@BOZRMm@3aA(A zmW;GtNb(X&5j0`A$UHZ9sQp?}J`*${*%ISeO?Gn^XyjHkh1|HJq=Asz^WDsLP#&MZ zTG*_tlK2bE0QIsY^5;=Uxq`FNBA2=7;SCF8mT<36b6u;x9f#k{>H&+T1K`wBSx#SJ z(|);7FoSihtaJrZhV!4f1Ym%9%zAdT4Pan6!v?mOm|jCIPEH*iENs}eBDZjym6B}x ze~hW2EC_j~Moda()sv_a@QjcdX9igXd_0zn4-`Y)Fxp$x9Cy1U^DH}98gsdmxhu3K13H*jK61I}7$rBQqRu1kU zjZ4E8GOtf8@2MJIl1V@k@V197)^mZ`$J-LPcU3pE^k5)Ool5p;)yjaI&F#dqLbX)? zMy>NW7Hph-D8+6m`@1P?-X|iiLZ6}j$s|HFn5XIZk2TYQI^`8 zQq_ImvRMO$GGkF!NLKzJ#BkCAWj!??z&IMH6lf+=N946(BVpC?NFIlPqs&YD1}B(g z4!^rIwV@M$dGi&2$#OFd>qQz;8lgwEz^@8~Vj0&#<3ZJ(`6%*@4u|v2{$5s95J9F` z((*AR<>a;9t~~ebzUNR*cf9RYm(MP6#VwINQLT2|4TfbOIbA9BrXvZc+UWfB*t(%| zSIpH>IeCbtsFc1`hH?`XEUu1Nj;9V-Cp#+?gdiCbtcQg^5r}A1&-ovL#$7JrN;S{? z!~Hf)B$9Np?nipcBC#x3cEJcZSkf{@BbNvt=sjC;tc_z21m@%TU}`2|1xaN_@M?x% z$>EJZq`X0YJN=V6sL2~`Aq58uEQa_^wE|0@MQ(ssnsDxHQbhr&>V?1-KSeGQAw$~? zH+L%b`$7J#kc;18kN@k#%}*<=o~wrw+(kWsF{wFVgI!o9U26*iNA|&^I>Un{GuMU~sYtAUVMelZ%r#+9-FEV2`@ zsFBx}HQ-T%+gd)1mLt3qmc>m%%+HLshDP3&m~{A1)Mp@G`*rl;*+oO3S08;SA?hNU z06Ac#j^I3d<9dR}6R%4(0W2qcLfW*b(OVd60@1i~BRenn{=h-= z`>n0&JJKRH^)=1SvFZO~>Z=0c`kl6cqQ#}SyE}!&S=?O~FAgp4R@^D>?(XjHTHK+y zdvW`=zyEvj-JFZF*~wTY&m=jM_q8vVgp5co@W>jGN!F5x2#R?Cm?;c-hqf>NeHawu z(+(mWq{2a_S)FPZ}moUxloU_Fx35+A{%;*>b#z;-v!R)vtVZj_Shv3Is(jr&(D)q7l2EH6rm; zga)!aChVJwK0JKCzuP8E^wZrOQ}*k*01+odo#v2WeL2mV7O5>QKFy!bsSo5xmt%)e z8yk~C-9-ezS0LkziSP#X-dg^o5SCwg92@SP4OtzbkmPD)9)Is?2B|wj$`ttsnjfNs^A41K&vEp9mob#utB!}lf!$rx%_LiM3#cD=LYm#}&$V6coiBGMy8`cOLL7fk zvp-iif4*!_-&hk}c-M`+rW8rRiao>8svhsPnnr-~iGdQzx z_qMi%diT7+L}W9(bKcdv)euLLA%KRdUtp-Ezn4&HXsNKm{4*ZN}>?VRLYmhMPMY%Wop_`248?7TL*8u>fg z-ygR{JKKMH-d-GB74E-y$L~X0yuRcODqPHf6T76#2l*tpJuCySuJ$Q6gKCn4-S*}e z*ocRmv`@Rcu??S6)_06vbFg{xluEOCn>q>1GMl$c z8b0%~6~{ez%(r@zuV4jjT$1R2xZS?bopSqp9N*f%4qqxVrPik12=@DLK2w#M#4+sA z@%^>P3nT*#l#|cE=Zh84UuQh1LnVJkmsuodEw9rz|C^+W-#XUllPp#cB3AGf)&9L- z4fy8$agH?9*=;DNT}5p%ITiuM_Qk=O>e#;wrP(AxYi6R?Jd=K5o&8gg7uN{Gccx!W z;<_hhjICG3owlbn57Whb-~RCN_<1+aO@*ZN%}`;`i76a$0}Brx&7sH>GhQ7iKtJUgZj+l`vS8sa%x zA(bVh@zB_c6^h+ZWY!|c{4nGM{K6=o%LD_V@ykU(P#4uSdEl&>1O=!B*Ox1(K4*ZN zR6z5PubB0ssFpN2N$glhuxM7-!9l4)l0?V3#-Xc`NTR0On_N8GeNYx=R7=;kt_^k4{1@8`Nk} z6ybq_@wm9B;B-kH?326E5`V_iNkl`;gx4aL_rxyFIWZwJm1y{} z$HY)>RFZ4L9lPvKw{;(e_!03!@&NMEf2(}=NckjCNdn4z%>b_sq^eohFgN1PTaoDO zo#Gi|WMae>YwJ4f*%4L+E&sKfWY~;+C7kx>zsKM`DA(Si})0 z$HVys3|F!+*xCZA)uSh8M4vHd7-5AAm&eF5K2d#TEy|DxTNnjH?sh5-mQP5>F^H;> z+HjdQc2Qh3h2j<9HeHaAZCPgkzw5}`jAYg!P7cz(v6(?Lq3w=9K+AMJ&wB~WLu5DR z6{-Z$!_$Rr^>GO2GRs`5EV7Hr-jk)7WHmXa zh!i(F8s>kW=u3dWFf#(4r;CVS^;yoA+g${tp0>BYw0VlNN`?()dhe3%H`MFmQc}1W zqSVdv0+HjAH7W?HYe4>V##T%Y=)9h=vR}OB6~63}!Rbvru5Fkm$Jbv7>@=ABB#J@i76dFYJnVieg9$PZ>PDdZK zi=Hen^Z{hLPP{Z=L4eNDDUUXZL*K7j!`(yDwXFFXE_693k zWf3o98ta;?)sNt3l!l4shl{fT)nc*FWN1*HqKHw11v@svRfV%QREd!(VL1KI#?86G z(0#mLTJJ)SHFB{zvR^O}q}CG@Ey(1Y*fS34<9Ix>ho1s;)itMkGBG1JcPllMFT21#_VPUG+BMpViTG4cpfdEb@$l$5Ip zJFfFVOLMf2pej#ya2wy`$eusFPqev(99S4;YvkyZ2%f-$ZT{DPk+R&mJi=KO!qxIP zI9AzTnWV0{!ap!dJXbe8+2SQAByrqmWBjE~4sxBK%W_UGTz0a8Ar&oQZf3cJ-Lq1{ zT?9ObJXJ4LGB3!BtOqe}?)@-QDqS!s6(+^mU74pvy5Vn3dY8KfwziH ziia1zJhT7ppdP3Q;v#RcOg4&?0?ol6$>H;2;llWA?~OYv_>=p?llwqA-}ZBaO6_D6 z3(j(2)grESd2PWS^w4p=;Q*{eERK_DDzIfu7_|*tSKekcED%tIRgK|E61kWoNpSRE zI+Sr*#i)wwN+DSnnk5y2n~$PTK-y1LAg9p2{gwKZDd*KMtq!X1rfq?M}p zzE=prpRTbPlFWpOMHULIc5O$x%_gZ(U8&gU|O7g;}gk^(phsyuO`|&Af*(AEa-()8ud-oI0e>;Xq?}R%O!$5=6y0G5+km>V1&SYzK|6{ zlc=Ki(Qc!fBmz?9s3cfTBs@vLDy_%KD#y%Hg?~`}lY4-aR7sUIHSlFe2~VC4L=iQ? z{S};fM^dpI4YLQ?aod^1lK<(Pq;G}h;!9wlOC%-#6xlcTZ?z=ou#IFKYslNbn8GxH z2EAMw&eo)1G)(84-h_)q)wc=+!;D$wo#>`$>fDDMq7{vEK4i1r09BvQ;OVs|2(FQ? zZ_d)Q?MnCITPm+S?!n9*T zp*O^~5cnmvtqWhqbD762y=0O$giJ;s-wI7A7vPhe;BZgQAFb=Alx|)6c4D&7s_$qE zdv62t%cyh}P_=1w>=|fK0IZPqAZRj6h_%O8WG=gP2Om^Co&wJ<$5WAX=&J{aSP9KX z0dr?;pKBf1^EW8KZnRQ9b$2|47x-euQvs}j45!Cd(Xmr4g3gTXP5$=tkQ%&{;J4Qx zAM!tBk-$1*me?z~|6A?UOLl2~PbWB8IzJ5rrt?&;P@lC02(agNnm-6oYh+o(t_&q? z2=drWKN7*U<_Hkewvo6i5gUbOdKeDICmLwV+(hLc^?A%MQSedDL_Iyz92UQirz!?z z9%b}(q%YLXn5)nDiPy|x4p`N(K}^Oo{k8~tgXD7^a1{D$Kz@ z@CB_%aJ5!CGBYe|w*Q(a89C>Hr{1dMP`WU3OFX_SpEEs>BPF-PJA+q4e=XU1h>^Yo z$83Z#)A#6P@8cf88EZ(vND)fN&koE5c?^rX*qXKwboIGiJ=-t%Fd7TVL9gtwBatiS z`6=OP4!d#pV}=Qi*yL=Vm>e>soQN_-;kio{X(vb1CwxPsE+KVKm{`@Yd+n~FZoQ|0 zlwD9`E6z?R-`0bDC1VMbp(9~QOTLOxRYG&*nK(CKV21A@j&o_?yHV(Su=?_FjmgL2 z&IENSy^V`SRk)xE9oV5W?;hEN@0(0Zm09u4 z%AM-(w}1&8NU9-Xs^i-H7Ig^<9YAUru@7r#)1M*>ByfQo3b#vQzerVJmQ_e({pz2F zPBn9jA!hWHpy~wX2X_ewsZC{-9Op;}{wViE72z}hQ61w^LQRt~Lky+^_CkgT?Rx+_ ziqtO-i~{uB451i0fy-0}g*sA~ggHWafcVllAke*jpYapS=w@OA@9Y86P!$(lC}Rc| zV*v~O|1Z-70khd*C!DUxzArXAAS|wmrHvNYMVU)hg4coMqZQ% zY#xUKV7iqz+vHnb+K2sm!i=*mir+oOGNY#}s=?gWOHlkZvT}$XE7c+uA*=?z~(t9{S>zfSsC{@@^m6pa9tB1Bgehopp6h_Q-w?81o z7(Yy_JKZGgb;}9lQ0+)iVLGi^JgA$Z??@pmSkbOAb>Y6N!`-J+f3Vf^!Jtr-N7oc9 zU-Yg$ZoYXgXf1kRYZZDO~9N~FmLfL)x(C$;-)m!OGp)$`6Q$p_%ho;<(pF6 zNVgf*@+ZwGKh(Ae5{+$j?WD_F=fVzh2A$su!jdjmCXOPmeh*W(&+(qO&l~tqT*qAP z?Qe@f+5}hm(|!4%ppB*JdtoK^+Sb(Xzv6l8s8BqClE^tTWDd3^4@frs1uBAr?lIc& zpY~gCVd|Qp(ISqj42ZE$bRGtcgwyR~|MZxB7B?C~`R{L}&FIwcge}3xtB^ZEM?C8E z7!f_$v#lLaIc~BLwT~sw```RHoDCTB@=ALn85_ClA?lz!(R#?htcrhSjV3@n*9zYu>ne$?lGKwu?iL=j(MW*~BLP0QsaucA;_0RVW(dh$`h#-mhi` z9f#i!&k;N|gg_k>2*QQt6aTcu$nY8xijw&4z`9$M($PBrF>V&TleX7pb0A5H;J`re zw%!8AM(AHK^!p|O3S7p>ky&m#9NO4V05Xhy{YJ}}#@(pW;x*33{Q@`oMO7 zHclATNZ%V~#|YM|HmTNoJ%I;vgvd3O&*A(5AlP7LsS5D%K`mnIXH`tvkB)n8)TQg4 zU7xqN9TprMq4SgCmo1i?#22RzM%c@&@S^0Cv-GUhx^Z$>IJd{``f(h zpPh-glT|;?XXZNu5~z%-tu`tys%>oMPHyGbyW&oqPLwin4!7Q?(-S?H*DEdp);eeZ zdzpOt;8Vq-wXyDh)e!Jw?OtN_Yn?|!nStZe!esFqy6oJ$@0v}u^C~}g1##6;oT;89y?dH3wDBd=f9(Rf zyJl-d|GYW)$N3zcjdORu8B{5LF7Jk*Q1ru&f565z<%abl z#Oujtxs`IutInd*UH!G`c7)S(3?@5A2MLD|JW%8#e``D39r7AN#2 zl^6I-#bIBf5H{7Cj@-nscjo!#_|ng3R%L$jl;A zgYf{aRS6^FMVd~7&1|f{Ls3St63vG29holyg_yXc%;FQH`UpC%3{tNQT>_Fm)erM= zuxQ5#_1Qn%p#M-S2z-yNSmae=7Iup(Tt_GlaKRHpa5S6%lAGm7Mlm!mMXQpCxUqnu z8Jo%xRvlEZMV(P7rORZLU`4OJ74L#Jg-{h}LjFi%BFy z<8n;ZDUp*qAdnbxN}yLZFH&*l&3FuJoGpZ}(#W8u&%iV_MviZ_3 z0NRIwrALV_pDH2FiX?^MCBO5E-)=arr)0?f#=$JRc!uF^z8}mvURFh;+VK%bGjUNm zT4*6VLv>}GGBc18ds?tvaGESI9R#!=^~dZhFmbBk_Z%O;|7M1Ci?3sr9V9g&oJ)w4 zv2f=Oh6=cp;g)04aR^cr0V@Lp(@2LRlIhTC9&Xs=wO;q5ZD2}~=@3l#LEH2g%%QaS zGzxs|`PVYN^|@UY;5tg~WLhh$D0L%o4Uu9JFoh@M`+hp~FCBK>Eq4oaY2^mLDl0$vwwfo`ctN3wZb%iRWQ3R4xgoX-WPw_tcxY9lNVv1ysTjbW@yo8Aq> z3Bi|Zg-2fNwD=znf$0{6HkPsEmhvml$tfxtV(L&p`Ok!i51Id@i6x}L(91qV>yz)O zj$K?CDEQ^qn`u7P0@)Bioz<3*Op0Lud3yHDAHr%=p*p6vf<%HCx{kQhQFQggaNU6n z8ascVk%{3skLOS2h?)mZq5~(4EbuF_apq+=Uv+~}{nUrND|azzhBx;i{EqeSB+UVy z>B2yU`X(5o6l*WT4Cn~)AQBpK^FDWc^;ty`et$br9%MQ{Jh53rm4kUYQF0c=l3zpW zql{uk*Maq?2Vi;0GAPSp)S~=(sbvnjpm$V>B}Z~h!7eo+975QB6q zWa1>1h!hM*xI<(;?e9v8dbF^8OodIn8CP)d{9DGL8^HNApji&-Y2;3;1 zyd7GBj9yr{w2zyfN!?X6w|>ggzuFkx3H7p$!B6v_kk9-o&)@!<@^Sm zQApPxn+$zFs=y*)HFfH^9KkEF4m5jsUo80~S#6fZrYIe#O|ZmnEc}fV zlKt(ZpBU{IL<*?wz<0e6m=VRNiI0OmM-mL7<+76ediBc&9p?9AY8`HMf7o5``egMi z(LMM6iyK{21B^4oKbaCId~2c9?|30pP02lf4IUBF{GVhG&QYYg5rHObw8qvubZ#p2 z;@1OWSgBUMnZx8xV7H7g&(t#jhlO8K;3WgOLb>K?dP{WnWMLg|I?^+|CRxLOiMF_d zZrNj1HQ2+cq51JGRj7;h`jyBmP;#_ot(mC|=$iE0|HZ;Zy7sOq^vH6kkjt#HFM{D? zRr9&G;eg{`^_+(}DzF>72>g|QF&btsiu9B67{zIQ^!FErNw(^ssDQaAC($W3)? z@iucfPx$F$UGP#N3`$WwD!VD2dy5j2T#g{hZ!!*-+zl(Mcqmpc) zNiurnKM}_|zk$=AKWm0j70}?^3nnjs2c=hKcSLJPun<=`gnl0jo>fljN}&!jT=L9w zqWr-&i~<{S(=Z?qmV23$Enj}nkTRv_B4RLwXuuvm312eBS&AKtS4!z==F?(^qqrrr z;vjAKZuh2&0Qs8asb=Uo!;g8~y6uWojo3^n-(&NGZ74;OYf+}g3xYI0VXWMjN{_Q*){++^zBSbHVRS7k!hj$^I&X`? zH$&LZbO|~zK%7R}R8%FxkLzt@`vHd{?k$Qqx%O25SVr(A7mRNOw0;UStl{kU`=ncXm9oa4AzJ9uW+)P4d|w@@R359@_+tF+ z;Oq(g3y07Xgi{^KLssw$VpvHHWK18OzN{M#Sx&t)&qr&$)k{Q^CD!6k#HL9z`JCX) zSstht42_8pN*ek_km&J6FWDq|!v-K8V2@-WR9UNapkEg#(mSMyS8EWlC&j(a2W^WWXIM#nr)O})ju~uDr8@hq)T(qrk zlRH&Rj)%LvwtE@;5p6jN&~CQX=&ss5a5(7}NK0!DsVkT%)#fgLDNkQ(c=p0*ov}^7Du^pjmUMqQ-&*<% z%r*%9X^4(ojJEV8hOJaBhL~QGagUzWV%d!|QHx(EBsEwDN+!euK`{ zGB5ZRvk%^y0XB-DPvJbR$Ov$W7kQ9IaVj}C3%{85WErP^!&EKlA-%m^**%=^UK=be zDGp!yJpEn2`1x|bY=pP*n1{}0k+*6Itpd#{2~l2v73s}d5%z^&oQkv8ANtQ~PD!+G z&yl_q@|oYskL`Uk7E@kLix;2Jm6t3hqGXCPf^9)^s7c-UOel&4)kA;O84rBn`5s?a zLnid#!2%*0jzg{dxgU9_Q{)s7&1>`&ON5M&2UyCcztq5mRpDb`z5~9^Ow`AO4u;_0 zxvHZ;tOq7)rFyBzARwxSB4&V3VaIPCmN51A$(WI$b12abi{m>R%Sb@j7)>|qlGP%0 zy5w_E%L`QZj{^1}ki@^~F8Iv-TGwo^mN^=tbK8eqqhHx$_ zwS-8L0xQj{W>y+d%$8?Uk z1Z-(D6J!GkxBkMK zA~>u>FRchiFw9dDkxKk>*!g9VmJx%d0A?G>4gqLYBnR^I6Kp4@(+ac9Dm=(Sy!@HT zt;_i-O;lKuS5-2fGc#gQ>awAEp0sfe)Ha~bvM3ObXP)^)j$ME^1IA;YHP8YzV$S}M z^WuMp@>igg=Aq!o(VJ$`gQil@H~%V{29_r;k1`ru1&jhwKY78v=|`Gr>uS;8Y$&ia zya%Q_T>rJ<_~y~xv`DHqzzELbJ4U5G92vBx@4zA}7?_8fNr3^|7>RgNA?4^cD@VxJ zwK{ESTI9U-d`(8QeAhh_+<>9Ax*_dDTp&AJ4a5rSk3jn@fX_~!;^iSS&ZOG`+HW}C z`UGb9S=xMH&j4lq13wG}K=w(|YzSoD6$)cH%pr+Zb%M$#t0s*iLfbFvhwI-qpNl|k zkM2QsA+EGD?_6ZDL_#dmGB%AR!%hHY&Wn~DsW!o<0}Yg647ABGLP*f^Jx-AfbMZfb z?^8eetWqGTjH`pq8DNJ0JM4&S9D7hY5@XAE>W8^Sl%eiZJ`f&XBrbj|H04+0-n?02 zvqR$Wg&MAKDf%{>r==_mI*C7&++sw@F>EK2{L4MzwAW7Gme4D^ZHEOcXGly{5+t5= z;Rt#o%G9y23N*&-DGFo-+O=Zg5Xhn{62TJO2CYhVnFBkqnU~F&6oIZ{7eC)WL-{~I z(i1&_$31ri$pVE;w=^8%>8q|?JXd{%8kdR~{b-?yur4o*3}cVWgbw2}Gl1X!Dgi?p z!>fezvn0+bT0B%}?w)=y;fl1<&flP-AK-3StDw^Uo&&7DnSykRA{A1|hIA`XRco6A z=Lz~{DmO?w;!@NTBw+Cib@y_DE@S#E8S~ zOb!ZUSaoRB7}c9Rb_e;bGJ+1qQ)0}-z^ITu-&3cG`Gs7WB6_dSOwrEaA`{mC2@5=E zfT~|9{yABqTpWS|ERt@a%3q|$SxS*e>Bv{?;9}u0nB^$<1Ph6OD)HA`)f$*UJN}L+ zUtmOiRUnmKqcXaK^>5d1(k1u+erVy9c3Ky-T~WJ2IhZdx1d^GORVk^^Oa;mi;NjwD zSP1+7`0_@d!AGGLu6wXd9kggWxpo_6r3k!D_L(GLNkg9`D>&7Hk-`jEg!0WuD5?9+ z9I8}SZssSD3y8)y&wXO2{@<{<5#aG)haAI0n9v!71~5b|@0qf$K9HwH6_ryX4WN`&@rO?g1)n$zx|hk14fSF*0|Kz!#sy6IycrdDt+7qvLIo0*_m>!BqGyi zNFWlxWJ-xW2;Ecl&+!C?<2vu(C~wm?%=m20 zdg28R*T7p-IVp}jK%kvCLO#j83 z&>qK8zROA&Uc^Zn=GTs=gvDElNHaM{_|q}O>rm~doL-*dI7p=RxtGgMHH>zy8?(4w zMlOSaP)_52F2zwug$T#4s80b|9yg#i5cWWxfUKhEhe5-_mCiOv7FaG_8v{(534pCC zv@4`W?ytadjFtU~0S*OsDVkNCcyr+Rm?yTU%V8Hq7uz64(})3ZOQ#&?y*I-8XC7Jk zjY!KVL;e-JtM=lJPb8&vYaTJLODTy_IqsDE;mn`t7DxkuhJ8XR`^!-==?mX&;8)fz zidNO?>(ONzXKc(PA}zNz4-n?MI`f_-xdRD-rk^P&K7RX3u%i=NBOL|CMrmELVT#tE z?xt&Qtk!F)cCBJGt6F#bdxm(dHf!dztghCpHs906iT23FIvIvmDcdO+q}uWFyquF@TXL{>^~dCu1uAhgckS4$CHvBt#x52%V6IyfZw_fzMFaYC7*h44VPMEw}VD{l}zSuxm6W>gubW zXrn}HDGwTV8dk;i>-8sVAUG|* zIS}dB^EDlAC#(@N-6G*JIahH9Z+7>w&@?qMgkc<6AT`w}bIhgBPx;z89WGT+-IT+> zezV>hY*`@N@q_r>TP6Jn`%FI<$n=Suu|L)6C)iqNj7JhAMM~D4c$4}(Eipi?jLTGR zWw^8%!FbR_S3(uX|8X+(NOxx$<}M)VEyULjQxTg@iSfcw*&i?}XR|-#hfjZb9}WSR zup*D?tcaEgahZiI>&kTB(LQaUK|9^<6sUIcvLNaO_sUI=-lOf17nD8>E!HA zBv|C_Rw?#ptP^#uNe`6(@TOpJ+6?lRNhT4prf`iWab+2~;9%JoDLzkMAW3d{YB=wH zX|Ue(o;S5|o^1nd7;J17F5EF){0tf0ZtCA_34}#ewAI-D=GfjA{q2KK0i~IUdU*f2 ze{K#@quF&J?wPv1DS+=BfAFtO{Lh7b&1MqRORY2%+m_S&Muqgl;D!Fl{dYv-rt_a= zEWAG(b?!_TlSv*ZpYpD+_yk?vJci$pFQ9hzC-?s4HkbFyH_(y`ru8z}mo`g$ZRbKZ zif2N}+Ic#;la&jLZM63}u2yIh?)-Tn6NyP!P+2y%H$wgEJ#iz)`Sy5nien%k6+)g z!l0JdoVMK&BHqZr()mKk&V0f0!J@Z*5U~{=*xJ(B3f{ykR{o}6SZpRfgN~tAQCr}j zKVsU}CwtjCiu;SK6@jv}J^gIbWD+oQB(5>Wg$Le=X{4ujGcnBM-1{zrtupbICl~os z75tj2;lSu29#^v1F9=omsz+9P_{$WvN9+w(Va+**iyc9zK!kP~=w zgdQgr&!&)C*{I@XRajxsoN< z(hJ(BqJ*#kM%Ay%ducH9F|E0hcZ^hdP_CT<4rVF`jDiMzHJtJ5;PeE05KEH#N4&HV z{qzu&xq=yZ`Ss{xsuf-$qwVp>(m5_drFH)Uybo`sJ&3319@sBY`2)YgTbVyO1Q`EezAcLIGpj#)TBlq< zS5*6Q@X$rWB=e#QD92-qYZ)vU0e4m%@H}3#)_!f;M{YYR%{GWCJKN^MNRa((X~p-Y|_kD zgSCp?b?2*o_T8cKTiEGZdwc6mJ>Dx}U-vBj%<4#dfo7K1Z%S1VtA$eNh!WIavxNin z14bc(p_+#LYzlaidB+iDGgD_!!EW9ISyE5n-Jc360TP#g==o^{$p?&{C(B?Yreu}A z4jC3A^zg$8OW`+gZfGr$)7C;nu(KGKgG~ZXJzYs6DR8LW7_3>@%#?KTi;0#@CoiON zqvn#c^ZsYFuy}@3)1t#VMn5!#oE#b;4k-=1z}z=IP!QJG=QNe#K6;{{kzQ@1h|s}_ zMyc&h_WQT=`d2UT4V~=>nm7-rOG^kWHa;{|ZBGpfke7$Q$j=9+(O=8mS`+(B50$M# zP2ax#E-66O#*44f`DsV|ZR+OM6iJrj`JeG(uPWkQRDgjhbAqwRMz!-b_JpFY3{U?u zp8aAANg*&~%flzTt_uXMsn}x66+i~nn9S-R>fgn+fgSIkd;XvG5`u4mR|Cdz5(h|y zW)atdhjo7qda}zo!JQTEng8p|{!6Q`N`DXsWC0huD2tQ}&mAa>Go&U&? zBYp(NlPI%{;ot9Kb$XpE4?*x!tRY6hg9EN}E zl0R$DF!<|4V0rC?J9BTO4ky%Kc;Q9NB6))C6NcpEly{rSH+~T zg$r9W?(dbHiRS&^gPgzDeZQualHkuss^QI8&>PE=Rz{U7d@l>C)W4|k0p!*9>lDhy zm03e-QvIa^y#2*|AQ~v|p+$re@>Cb;BK|&pGAx=#H$WfP*N_ZSG;jOJ`Jv@V+(Iw8 zm`Yk9gX(hdE6NA}J&83gb^cep0fmgmqn6{14jGM0ph0a0$q?`7$78tCy^OKiu1>K9 zP~Eb&KBLQHgAcKiVVMunE*c03oWPP{^w~65IS7WW=xLSx3%sq{4WPoPfu!B-_xMs( zrH?r^6}a@b_-ryz&DNeqO#fF#=CY-pXe*Hl-{(U#UUi~jm1&%j2L*{dmsBx76*9^Z z&QNGVWg(cUke8*3{pARX1uC|+f5qjZ4gu$Dj?z}93mRp^-vKB&julC}!uCS~=#Lsl zI=umf)hvu*LkV8=yb$78vvJRBQ}k;u#V?pdnrr4h_n^IdO^Owr69aY+onshkKe4t&3k4X&_j_}(j0|ljj_K;8u4fP4$U_^$=V5P$*0tTzxA)P4s+m}x zc;Cckyw=+a@|V)=rR$=g*&qo*0iM=Pr?M=-0u4CIp)kKFP@I*ROpJf)-04F@J@x zIgWl^?a{D%kmX_eMI8f7o??kf9A)*_`OM+IT)6z?DKT_#;k7T~7)8=k*(%H*jw=Yw zia*rU5x#5|o#R;RvRFrz51A~aJokWUCLy_an18&~ za$PpS5?tb5AyKrcvvu!~Uda7fHEh_seY+?USe>bSSHFmJ*0oZMwMZbvC;6VU|FkC9 zoC+>?`NMOs&064H{S^U8CQt0RFm`VT+afL<4y)JOScx2u;MeZFelz#hyGs4$WXAj^ z{n}g(oPbn^Vm*hW%K=TSPaOFrc5k)M`CH>g6_01B(8xiW&)seL_xA;+W{cmZ-yWO9 zPaK+kUn;s*}nT@ym>FiYKZK+=9^_uc8ZJ=2)j*(V-dmB1F zCL9*-MT|m-che_O{T@S)9_HtDf_7%aBW?4R0Dgxm1vjV8>aVL=o(DS4i4`>QlHV}a zJ!qPj3q|&4=Z<1Tvu>8#TGCrb_Arc=e?k zZdm0U%Dn?^BEvp61I{qMY)~|?(abWkw+1eA#ZNXbejQE>v;uavkr-a6OzdGK|8_OK z!P*W1&Q2JXo#W{xE6`86P6!?*YP8l^hoWgR-<+9Jq=EUn_Nvdti~D_&sB08dYz9?ut`@DH)6d z9z%+cK7xv`ElU&$1dt(L4eou;Eq(uFU*CAA3*Ec~*}W8Qar|cKhJ1QkdVdOF5%VI6 z>JUFgnO^w)=uAmO^xD&>F%Z--HCoLU{Z+KGz*x5p`zLMOJ3=(h^WNZidb20ojL_c^ z)WK;O#0FwnF7udqO}N7ypSZ~tWA&-Wr*AulCMULfwj#kFlfUxqYx!w7UHsq2(_V|^ z9@W#iTAC1orHoNp(;d&(%Kqy2o~4aP@`l{N zrrx32gfHMg*R^RJYE}FZ)ZHv9DK-Wiz`C`6WLgk^l2>s~4lzEVipsT- zOHW%0Pp|?@%hB_wX1~Tdp*32Vv7td5V9>!HjdUsXn9eGg;x}6iVNO!yAu#u=rB}; zzgg-!&Nj|?ruRiew!qp!fJ=ml?VecFep~Dhdp8U&M;Z2Ql|^6J0s2e=w(74~^Kc0S z#xMr*tyiMsa@=+&SW3+43dvdz|~)vHYIQ-z&ZoATGEr^(0T zz#Cd6UUUlu!!ZPzFfDBj=O~jFYIeQK6)mG5m=g(sgU3r+GQt>V#}2O$K_aoYn@U}; z$JP7);!V^l)K~gjR%b}l$PH;Lx)!qO9@M>zX8Q@4k$b7w^eEf|=?lh5*qx4_zaf}H zgV)E0SsvI*H|&yEgNiFB&ur4A^*Rcy%&~Dc&23o1Hlj^!ND|FlX*v&L;v6L8`@M1r zsCt!EX!VF`Bi`O-&&Zr`x!RW`=t|b4E|?+*Vj0bS;Q~kVtFHZ!9)U71yq^@%smr+f75n(A5tQQqD88t$E zWvhnXLn1OkSNSHrqh2EB;kT4OEst!=H3l$p>S~)Z$q%c&&^tYtZp${WCQrFPM5uWQ z*TiVfZ1z0FCStz*MMD&yIZ0~z3v}j!Xz*X*N(LSoWywU#4<_fq{NYV_Wf0>&d$D&P z^%3$Zw6%5Z#+)$rJsxW-R!JMj$(gFpBUflf^)~+T9P_CL(lM<5J8L<}dfpfTU;vv9 z3ppel)7XYnvm5M=c#zI*dv`E!L#u^?Z4%7h22>*ksoq#SOoT6-q;HZZ$tLI-moA&5 zqWDlFb43zw@M-j5@ZmHx&G}`9?OVGKt-T*i(Z#UTJ4IE(qIEO5u%*}S3+c3__L^P4%>o2~lUcSkPRG#r>TSNnfsrqwSg=R=)4o?$ zgR7sl)9XkxH%^{YI{DbRkNfau zhxNtxB`Ks%8=*mLkt;k`nlPn-wFQavfdD`*?sp^^jD67CWIZT3;#9_f4w1tTb*gC96*6qmQ9D}Ol zQ6YJC>1(z$>{EnnK^Eu%EFJOi_5oe#oSOa?iXe-|%sX!DD$<%g22jEkZ3ey#l<(Rs zXxw_-aFL)wl`dtFo6?SAm*@Gy;n4*anub`Ifb4-?-wJ^=89S8>Wjc zR2V*p4jg9O2vKv=_KXFwpan~((+7)q!;X}F+EIV1d!3|-(O~GDq%?lH&@`C_WKZQK z_b$5JV;b<7al=I&+86Ox7|7wwrZzywfWc~%W$8XLOhIXSkW`T#3vnC*4+NpL!_PJz zrr|#M(DK9@e1FC->pG?OxL5xwpf`)M{+a#nGa)x0)y{cavk|6mko&LBQHJPg@95Tc zd|SeHpW;aV70hp|kn*braflK+IJ|B+q=~*aYPg%y4Qz*?p)t*@gq>@aI^?Ab;-irj ziZCxBN1#~R_T34Fos;WqWouvY@zvqKyl-VZclo@K`+UE^<7)pshs%VxWK@#JzU&r5 zRcd#<;8a`?6_!^} zFo1RtDxV(+#Nu(h5;~FagFCa4yo-iQ864Y>lL(p8EWrO^F&;l$?NK-$QxeGm6Q{O` zTm-}9Ffk7mtzBM`7JknytzMM~0I^&s6@Z=OpdM&ft>09fCX;FeWY$po52zy?Oth`j9 zQCse$v4LMtw&F?g{5d94#$Q{>aJ4ljYZF_27dr4+1@C?iQ{OeuqP2S2v(-NYpE=f= zP}wVM4Q-r<*;Y6T$wRVXVq}7 z1GwCBQ&_B#OpGxT{da~it6pA-({8B{o3hj~IS@7I!DWZ-GLq+I%N=gMq$$10W_IIn zI`QF4Cy=~GK&rwaqKAx8Q``)a&PKpW5tt6yJgUYscuIs0M8w7qRN8fVLz~;z+i}nr zIqNM4XJT})UJ%5Txt%Q0$Sc2S=utWLS!&4lisVcj)YarhN7Ot4)b&~%2ZEZqJhkEKcU+qNq#^opmaM-+L$Zo9o zt3~i#xG|gVuZ90KaX8w7VM&_WdHtAzS-*i6CYD%K;IZitn<-l;z%AvDPqphXqLq*o zol~`Nhq^eqcZgq)&ZO~v%4APcBGnPz zDq!{5`t(6GB=_Ba7;Lc0dEb9T*vJsY2#^dWvOK$ip_u@ULRJEP(X7$ZS4v#}3`QXl z7t}W~>(h%$zH>$+9|avkElrav4$iT#kB^Ro(E38p!{T!(gd{ZqVDn~) zLnvMBhAaZdo{)U;Ueh);inV^J3a)i7eOd*3|o9EALnHWyijpEc|tIYG!!Jz z!s}3^#mJ_6a}-nXI-dB=ZbPQ}j`CeRTmRuQRyh}qPy5fdFWUG`z>q3CWP1BitO6rQ zTo2p5VSEqCH=MY26iVGA9@pSn@P=<*E%rzyg#f&1=m<&Mf>t~>dcx*?s$1rt!4XzW z9WgbVY3l$!4MXwsY!kM^(_dnJe4^h>pwcViRKHA4re5!e=ur$r< zk!YWqn9)gS+W<*J*;^OHyH0F*Dbg`wK^<4+Wrq2xMe=)****5>#Qp8{l*89v$buC9 zkd(s%D-UUNqsVWAem2XeQb?#Z=^gX7YbcWp104oj70e|Fs$XX!)#VUsWl6ry66W6^ z#}_^489iA5Jn)J6_L~Ka%xOafO`DE;!O?3dXUSU54CAo+s7Yh+F*DoSj&wd9X*o_1 zV-SmXwzeF=`8O;_88=kY8gN*V7|6bPbtr3FXIyB*Tl2U%yZ!I_sZGJmmOq_R1=vXz zF{A>zh>%4kSuz_R0!2NqY0tTeEo!xAhs4X!9GkjckPI?7#WBT^ z(d_*QR*Pj)E(QE5^LD=*T&#JlvDHAHE-q_kCt#fMkybvL78rEdkx6>lw;#b88t#b} zkCa+st;>k(ynycxo>3^v)Y|2YIud>_(UMr#1M&enxXW#|fDoQp#|V!+#~ZqwKzkYi zvo^a;X2)iBiR1+~H)6+K`P*KBa@27uOzIN}EHripnzGI(1gtul)LtHbQ7W+4U1Oss zmunT-ds0#2RDQE*z;t>c&-q?q>Vj@PwQOK>;}hyN7KcY@EeYW^#BrD5{NC&(YaJ3T zcv+wWM8=&5q-1`;Nty06rT;bl9Po{rnbxj~smO<~@&gAUU)S%~DrCrJJznj=k97)s z#-sgsc=Y|r3aWsSX$W%M5&``k>H=IiIsSZW2?Z0@34;y z+EXH+X0|o2Nby`&!MY_=O)e^;-@^%;=HVcGYphGRyHm?t$n1PtwVb)zg1U@hOAWwv~=jVWlvmIR;VjycQho$jWN;ck`k_* zT`DbJ_N)8&=>N??47D5fa8xniSuT9WeZ8oJS%ox6D3#&>OH0Vh@EDBEb~alI5TpEB ze_VR5J_zygzCV7PxbeY2+<2ec)8&G2RoOec7h>(7n>mz65^+M|z&W{v5rDiIaQ624 z=G^{xygF5Dw!+v21QpH1v0HfNzLLsSCkbASwE^wT-NH%4gW7ZG9PZ$AjY(5O095iQ z0p*=Y$meL1k%Bo4u0&;veTP9P3GweVs=g3Rky%H@sDd;Wvkz*;iI5Dx7Xf%(!KSwz z+X#pWO4c2hYBy9L`*+r?&WRTyFtL>&ijj$?&}MRMl>MmcN68*xgJHK+Iii>Gn%SUZ zM&M&q3|{d{6Q*4)=|FvYfAemq=cEO&s_HxKU=C_vZq48C0~k#1k!kMT zAP7|$&jeYB!YBeHML4raOmS3!l|cNDQJ{m^zdl1&zIoi5>Ri92DI^=-CH=0mt$?gh z%LKj;%R1unI|Ktlu`G$yAyK2ymE6@&bN=l3+}rHG7JqQD6UZgSo?tmOY8p={y97^;*Cc|^U&^cP1N}zN30jLv}BZzNImz1%Ow|Xc8mV#kK zP`a))+4=DNH4(Ewwi&IF@{rC*;H+#5)n!S8szSX_ArF?Ri`Uqk$(c-I_r)-^cE#lc z$KK%#V|IeY?UhXffj-9;17#S_OV1wdP9aW4e8RiRJ9BLQn{NK>*xi^x-{VBr0Af_d z?>r%@d5U5eAO)08f`{xZpzr3N8bNlMKzbsStdvj%vP2%?o@Ga-EH`IH1|IUapb%^X z(d6;zbLDB}`uJw6(~sS|@|_k_S3Rh-)}LZt^felZ$F-#LiO$zj)mxR)wwu1{GP5vA zS<(WvR6lS@zJTf87d63wACr<6K2RK~l&MxWIR{xyo3DS_mnt6@0mF&X&aqelfyjan zBoTlG9HsKePV-C!my*IbwxkO1N;7OODN9iGds%!|gqJF*|E%1D`ywV0q=_$=iB z#Z7fW3%kkqz(GnFwDr)6dq<@(_c z(|s%|3xvlsb07j!m7_#8LSNrq@R1tGhij`t;g8acka*FnSf1oL)4D*DOMFqcT{(OTK#a_QmSL{w+vCVm8G zjlRMu4kfqhxP7+RbW#u=^1-@TTxq>r`8_rOo@@adkhIU#-0|{PF}P6%wvbnuj(a^n z`#0fltlMm+A~moA6f9+l46X7%5ve=;8tuk)IDZ!FNkOG5e%y7(1;TJnXT#(9AecKP zXKxo4!zzUfN$qx6X>i4p^N_~ORR=GNRl0DM*gii57xMc+4&#SL7nG|@T)cN8t)M{B zmMg@`KVm$=gJ%Pzm^#WA#VR(omyE>ch?Lh-YoSadqH-fZn6dz$u;T@O02X$|;VcS| z?7^p6Z|?F51=);XbM@zqWw;F;qW{nbC=6rvgTv;M0`gNgNY~R^se3-mHvhg~VWelO z`JI$Td9R;dZ=8<(ouuAiPAgrA%r!!!Kr_9D{Q=;Z6#2GpHb+a5bYWI26n{$KlSyBj zYMp!}0KuRla_G;q3J>su_qV63Owt_O-y2H8s0&%u{+RvL0L^dpQQkN8V~R2;Wtl7} z&Aa^_H(bi?BD{GQ9+ifJO{NN-AKO;iwa0OfDt66bI$l{HCg7bmW2X?yY(QorGpY$2 zN@Sf(PI{=!?9ae>jP40$G=~_E9J?!~8e3pKdAeSKA0D}sOL4toT9_A{KmkS!p_RD{ z=^h=(gcd|!g2sKEYJghmZ;8j~U@bDPCWM;ddtzkdPr$}7;z^lAOtz-|fzXD9Fhnef z%yA1O1Tj_Azz*qJMgtDaYv*bY;EhsZ+zAq|CQafHE~qz6*MOEVcKP+)(g`WWoy=~C znxK#MW3?kvbZfA&t~c~P4xFWmHGR3bwPEHDoV;*eW);4{9WPc~%JvlWI}^OAkVp{K zcEx{IUuyWM#BHsTX-omF+yhxzSge19dIrT`jT&Se z=)nhj%wh`{j_Tj9B}~S=aJU-6d9FhJEF=Y1keU%+mh(1Y*D58O*>>|nguMO{iw4qV$% zsC3h8#c|TH2gFu{SDqoG0=;4E@h zs0TO$iMw2G?|b7*oDMdaH6B*Lcv*uyhCU8-a$PULFis)=9tkG+w*;J>rxS$pOod)Y z36x}AGJO3Lna58dJuyoET!q2WSUy-0-2In381`JW3abAWhvEg^j=AD?VgmT<o(Bf1$UnpEsj$#BeIPd_H zO@>WE;Lk!=fL#vIs|P<4as}TT2XP3~DTtlQ)shx?Q=Idgpzvd(PfX zsCSK@QYDxZ5zoF}xfR6ZEpnIapgX(Mq)nNa-ge4Ay-o;Q2xAF81Aa4Hq#9--!t;4X;|D2`Q#+t&%S_ z*(LXS>BcLy>162XLwDe>>e}2ploLxTu$$HOT#HtR`A7So=2?nNHci$Gmk=r~)?fV; zaqyPU_kFR&TKOVx&^@l*TO0MI)|xrsVQjm=2T{_F#MlOar+s3(94?Bjo z?jrOU>SP5c1X)tePqci{qQjpa?SNFnI!|~^d@;>E8yq;hDh3*51Q6RgG$A#%0{K$vTR&#WD>9&tQZU8&n&d|VGr&-1s3GY&=qn!pzn6zUVJfhbY;(G zQw-~As{JwNIaR%I7*i2(^11*1gEl@=t2Ju*w7<4s@{rR(*ZiWqQ84p88 zZ&URdk@JyaF3$FDg*jD&W;o+Er#D^#+Hc z>gb!v#S(S5cUS8sj{)5}kDlt4T+wm2ZhAn~7Wj3tQ|S{GUZslWq`h++T6|akmc^zL zkEWfMzXrO2H$pSdLGkXFWk$S}3yN|&rDv-a4VRsUP4lnijaQA&ePeeQ59o=r$4ld7 zud<$Rd@Z1ZZeQcqjfy#fg6ARew|A=~Z{TeG8&~E>Yw#|br>?DL0h^roOV2A6({-8i zth|yfB?~zMD95QyR)n>ym6$MBJ~c%ZP{P z4k|snEbz=ANA;K;MiD1N^LeM#hzP;Wct$ElSRo}RTOFc8F+gRT=(h%@MW1ifX*5S(VeW=nV?i>c^Dz=(FiC!Sz&lbO%5%Se z_-S@XYQ}!)&^H(`LFTPPY$&2>EPXsA2MMAw?q&*PQlwnA(0nRrr6GzXS% zW`NMYTgk!S28ys_LdxjRMnv?Ff#YOyM}O;3ns)mIW3_WNDq19E@e+O~#MiAe3meJ& z4wfRa^EW5zYdt-!mGXSQN~l{y4r;Mcot0WAt-$X;Tom+ISi14zC!Cl2dy%-2iOrjz zxYjF(!qL!HDDYM8e`jdV8_LNjh$O$%=M`206Gx#(G3I-I@*`> zC_TTfUtxZn85)sWJTdp5-!LtqkYfo^=Gvtv6X#0(zxD~Pc6auU1h`?&innfh8YMFW z%3sv-_#7ET%g4hI^zkJyGHw()6g0BICjk^meYz&f@aV}UcDox+7y_ZDMOaFL2&{X{ zY9;+;e}^fA_BUx|IWev(&-aL;39BB$<^wr@MUoNvN^es|tAvN0CuT81#bNldy)wmN zz_@(zd8|Bb3_Bgan}4C2WP#MdM5IB}3s$xK#VQFx7jFse0!9>#(K^(N82ajVIF^vdDtF!-#cQq`O>=mie*Wy<;4qo4 zB-tCh^T-1zO)8Y>+bhy)6tlnQ<=Qt?a;9r}lM~$H1!kX2yHt}L46-DvH)Zl+T9O!If*E0;Sx|w6QmI&qmrl)hTK&i1F9{pw!uw-x-GTHsd8N=?Bf&ff z0w~TLiWtB0*({Lch!L~Z%}|l=AgL{RO$*<}rrAsq2~J305&Af)M#Z^t9}Rj1YPFdy zvkLHBp;=Oena2wqILY?ssv_5aHZjSM`&kVcNh`{^lp9JbI4`CAsDYBzgn%vzr9ISz zg^#ehfJ)9&jr-p(&!4HU6rO~S&ZGwPCZajfmXJd&&R#dFzVw)Hby2*B zf-=G+wXjP%BA=ySS7~9sPIU3(Q3sx{`H75oHOU?c2~2@l$e=x^m!`0kKuyMivT_*) z>XOWa_>V7iezI;nVwqg8ZSjG~l9isP^jV3|q{JrL9?nSxDRta1pbAO>UDUxH4Q}uI#WD|Y*WmgPc z)VZu88a!Yjb+Q4AWzG1WN$k#)Pe2T*2;ZpsMkR9(vOMAZ;soTK#1rF)gLqal9@@w7 zb@gVl3WF2HS9LKd(i>j5^cl_6f5-~|;lwNnBd3s}(^t_|1gp=|6rBV9(ze&K4p5kd zA7xTY3iUq>7Dh(wFPmeazmfY5xWgsH=ORW_p|9}!4 z7cmF5#ar(82g)9yLF6e*MyuDhsWUa^>z_H6ml~g)wX5B)NN(q|ET~8!Ei)TY@#yg= z9s`iCilw@TCW@!VGAXB$0+CaU#~g8l=csC_J3;oVkS^(VOX^apUDv1OdCSVX`=rrnAq)A|IZkB9P*350~==;PZAaAXX7+# zhaIWJh`xF;kq=h(LfWuO@J5XLTKO03l>?`HZ}ZAGIQ1`uPR3Aj z^J2Rs!4mJyByY54Klobsn*N-M-NRTs$!u z_y9_6)2FTX-fY-XGMqojQ8$9AC`J*ac?sQ{h}rF3zU1AlU3+n&cfoQct1}iMmj6z@ z)JHgcm?3aa{44uf=r`ALs1Kq$aonZlw(QTm@<+mEd!~}>W3B~ADV!ZNE_;6g9tyV}{V`RP>o9=^3;E@DH!~oNk z+54Yg6Q)q~f=5RDMu-48D$ujh34(|MCM&JoDUp;t zLqmwk36M$iwSCQi5^C(xyl@pn%2t1t`D2+h;vgNw)QVl2?neHoag{+w$h()N(W>4D zd+4;xGRo2SRS9$3xLQM+~ zy)l#ASZhus_jO+6KN42%z;A29zo}6_O2&JrzRFvR%3dW9btYbFQfqc&@+TA|MJr#; zng->32b9TOthIHqj{F_?e>S#)6rag@qCI%I(e6rcx4HREl1~qk{=PQyTANa9d$X^u z9xTj2Pdx=3n%i?;Fflug4Q^uENN5EK|DoUAO1Wi08`N?xrW-DpXlqAGu-5K%8*Y2M z?nZMYrQ7WMtBGQ=@&1W4k;LwF50Zd4!4uEd;FQ+%@qn_0Sp%UN#Q%prwwB(Wg_qJH z4b$D+{w#9Ezq&V@S;r&=&(Wl&VM5y^rE8kbBTMUvv*Xgq`DUB^@l&V&wtM-aM`8QB zs0_Rar|Vl%@$^&2{pqWw<(}j5tHx4Cy_ueNBPE#@N4q#^;D?2n%pqZD@G`@s@$s*n zd@3?3{W!~G`jG&>C;vV9|I1%VPW-%kpRe~a^T97RexLUy`LF$9*SZ`3Z&Eii-Hp%g zH|SpR?>*fw4+k1KKIu2Sye`y>!h9z;-wF}s`SV}&((;l={^j3N^3d*enOEQL*f|{< zO>hYv)fnAN=~~;3ZBy;EDo2(j0X0oz4eC=nuO|ofqD|Lm7I)X2;1`pY>r%SpIUOBC zm{$Xh<{P-n_5h2Fc_*bcNKOVWcupE2oK5KtWfPf-DNc%&v*pTZSYu9I<_qhz+>!~b zW6*6qD?0eTqU*9fXRC%~mJ68t`wPZ}dUdOgC?Qdy$F>J(?DcN6x5yy(z=Qsw0P-(E2`S2{{+&TViBHa*Kc0Dihb0aX47U4kJR) zy77t|n`VMAgXD2{Jd2gw?-;Z#?YVHcE*%(u){$HWF2mx~&;lMg@M1Bfu&VhJO~Li6 z=XyI9MLU*4u_B$cEu76WG_>}=XuoQW?f9d8LF#lHmMqi#@2#Tk812v;vbTP#=l93L z+bKr_Q}Q9->1I_e%WRQRHE&dfuxfz75gQo(D-)bcwZsH!?W^9)pdB8|&?4k$Q)I;; zb5gMo31zfvo3Ol2<$A0>b=wen&ua3#zSmk_3qm(XnDJRU{z!4LuCv!Rx~M!3jZ3>^ zZtWN;{B6~&bz&SM*ezCC`756op-b9jmMDrZwH!iTRW|I&oWwOupkW($V%pq7UVhfN z_H#KTbGF=*&ZR|I&f0~)XclPx%t&}Blw{zKJ%>{iSmVKkEy2a#3>!fWF0NQ#IpISk z!fCHGC=0~;B&D#EwH_AWb(IAha6w@CxIkKr4V8kYo7h|TNHpX1o&nr{xnc9I(h4=i zQx@y5n>8A{Ll7O$VeC~IK10hseb?Z<@jcy@PPsI9?GbSB>g3}S$n^q zTm$P|@v4_%l?Ko8n`1^G_Aig=>OAkQbI3!qip5~8M%3SjKSI=1qEq0^NhT4&h^I^! zg{LK!x={!^{j-5{P)mGF_%YazwS<&c6^&BJ+8tPoJUQ=w=5N_B@wfdDio}V5R4p$J%!eN|YzaLs|EdYVzm$6J0mQ7p2# z?G`s}+)gk<<*wXa=7@`a$U~!&BOyP!eD;aehp9<_r8*`EF7C+%Es00A4CIwALPD{T ze3vo(p~cAGx*CN#!OZ-q&Q`EG;rQ-^;*S;&F%V$t0Ah+oQ+biJaFQrZD6^q*vRwz@|L98h>5)x}!c#v_u z(eLO(*JVHHJYjd|+_5y>utTQhudCLn4-*y_)I%k?i6|MTYIHb=pFu$ZKyn>-rIgQl zK~jx_ZJw7nn>uVfr(c!!$NOqDy=7I^Hpmfck(RjWa5)pd9@FX0`dn@90Re$T01o4) zu>-{@UkLILSh{`_8h5XA+NYFI3^uqXf;fJYZP`rZx?vRt+$LH(_vVT7j^G1p3JjL5{+2 zxC_nTb&f$>#q0;_56TSoS%?G6_HCQEwMtZ01}R?ao0Th^8ip=YKl%C`lkZTb?*|Cp zwoRRq?L=vagRi;7DEIAcMVlVJ2Y`?LA#OMO?eX;kct*q6$J$u#2-)Q*?nCi51C;+e zf9Su@R=zib@6f0%9vk<|KWFu2T>s$MQvc|aU(c<2t>tudQD$WQq#G1n)^nuZ1J+=j zSs(}vo(+TJyYSk-*RkQZD6w4?Z9F}DJ5N5n%)v>fwIBI&l~yf8yXRcF38&a;f^Zwi&-%Z0JJU~5*;H?`d-avS;KCa$x8*={ZMY}2Gvzxp26fdt8 zaYR}O?rM8C#7ZDoC8*=Ri6Y0y6vOmReZb(fBV`sLM$b{YG_gRH^njLzM>yYimfs7X6-r@5c4#as2Idv1->Bj8PdHz*h2@LXE^u6`b z6CWuDbPvqD7SXmZv@^l$->I4$^~~2kT(85!-ebw26HKZ(Q1?CW%Mqg^NeJv;kkT3c zxkF5@bbjOe(8Cg6c^m(F(F5<%J?%oydjnG(P~9Bd`Ok#5T#%p>-J#Gy5VF}DJ)219 zU)u;qCD*OrmuCWEZqfoRF=%`Hl!sX(`%SF1A&{KL@7sG0kU~H6PJMezE@GF|0peB!=zxe7y)LF(lZb0sIH~w_)yT*eyta6%2*BwK$L6sg{3yzUL#2m z0kn$@$s8mFIry43o8#GtQ!psS1Z{l9eu(A;AD{nxE6-L+jKba{$SY_` zqFPWe@NvJYq?%S~5;Uu?{K_k%{NzZ4McR%5=8Z0O*ehTPu&3m z55;azC#m{Br3W$`jpui`f1i|rUCJ#71#lA7PIhIF%EYcLx~%yh5R(79aztYxdi~`g zE`!GqtB{0?H-Yo7$FqjHU>FpO;ya<}=k$=~hX9rsu$0aB?5BwN3Z%Cbl?_8N_q)#8 zq>#9iu1*V<)^bSjWen%%`9j(kgW9lQJQo)nlyrOL z_kBAtxtopQZSkEkhJe5cz?%p-{HE` zEfpORoIg>m?H5GkC%8^Hy(Me7$rZdGFp15)wt{%E+6KL@Ik1$O&dGJld!bCI7fL z<^;^tKNa1z5HJTD@c3HSSQ+Zb&5j)-PzHP2yBh=PtWQY_?J#~b2G(;4O-klDVv1z! zAmIxOq98Om;^E6DQDTyzH%HoMm*_||37jkZeLb=5ujQW=8uG>D9BA}#%;f z>47p0NZxpzvrEr0JBM!pU+mFyf44bc$@9<4|ySFHxb~i22(@}Fpc=s z^5^|NmF|u@iK;c<4WrD$75HP9tO*n^4>1cm@0bA}#vvQ|+c9^qbLm5+*Uf`(B7d5d z@H9H(sW~HlQ%`-}l2t8-g8SOqi43mlf_4z88vLo&jC3wr>}jIpDf6DmM?-{W={o}m79w`1RUf=UC7|71zxk9qZJG||QSqKOS9y-#Hg zf9~A;bB=OhgZVB`Z!LdOZ7NcI98`{yU(oNc{HQMKxuDchM>gaP4yFn8jTEMY&mX9e(0PKQCT?+_r_HYswX~8*=TU;nzzyzjU^K z;;d>IYuXa@QEwNg-7j&%rX5~4S(cH3jx{Q<S|nOQocaeQBlp(b2`~fX&g|46UWV~+-xEe1r*!P8B&6P;derG#Lt90F z>y_eCIg5>bq>{=NQ>!MMYWzE`imy>Rom+?E@zFq#U72TY*{A05&_J5mF88kZjjO(V zz4IkjvoqiiMSCF#|JIAIoDwAuy|+X3D9@O`EwNug6&l{Io-ZQlP7T(D>95Hk#US+f zi#(Jfc&pSq#;)E|<*g9B3mV+aCOwLJVi@q?@#*ta-Sx*BXKbfuAtzrCBVr6^KNSA9 z?f~rHDsw9^-B_W)p?w>VBSn08l#``R2hSMJ-Cj(gcA*f@$Eb0~2rNc&c#ppP5R%$Y zlJ>bgA8{|y_|EC=0CB4gohX^UEW221ly~a~FuJmu@&@<=or)}6C7%k{H+l5VP3pSu z9`#G9Zhi#Zx!V#R+OoS z?(yGH-+fNU;fYO0BYI6o<4!cX*8W8bB7Y6KP5a?^<{F; zQA7$KJsN$5K(M$?j5aUd%cC&O)#FUWpB|i#x174hd*}^75T)w+YBrqN+EB>F`H%ye zydp$Sr8Djp=#t9>k+aGt^NbdvSUS=BmvbK7Pyh%R5|qI#(NKT@2=FkYY1}@)Vkn`( z&y9j0zj#b?6OfV|JA~DE_(-m_+8V}UQWK36Y}N}EXGy^$9p}2e9SVjUzh_e@f`*ML zKR0hA0y^Vi2OyboFNAS_Zo;?p3O#2+xIl|`a+56jahz7Qx_v#ZJvHfC-a@m};BL#| z^?J?4^JbTFJ8^XS2s4mx`b75&Fy)ec-PzM5 zrZmpp_VRG6o-I_=D-v#pTK(X;k~GTQ?DogUmF2x!`lGtJva8>}+~*>~7br549i=g^ z79DCs&N7z=usK}6ZK(zgC5FG~T1klVh=$e#EoqCN*fBOf?=fz!2toncSyIV16awN8=&Yn03Lz2`{~v9SK8!QjFzA}Q ze%`r}0snrteg)xWLh}A#e1qc1{i*HP6P{dJvQQED5JsV!9h#pL5q5e(Ga`h-AS*Pt zFevokRBu281)v2h z?O^*>{8}YKU&sW^j~nG%-*|FJ#E06&TacKNFv7;vc8T;X(WXV`415j+3{BIcEn~(W z$do8P80L0ep_GPDd6))XpN%7rFXzCsp$oc&h!tX~9$fl%O*S~D$)`6XA#yearv7GE zWIc^eOg%1dk4>Y7xnw;yboVnRG{iJW3&gWk2fMf~rbUH%(E^47wM4=+Q#|EXvPna0 z?<~*qe^UiiZRG9DD%nJf$kfu9VCOTrp^!n9Mv0|4W8k3z*+j-DdUn!sy?ejX-Y(R% zgHdVd-}~5@aB{UuThXugAw41re2b#}B5S+Ug;up;J5|6nD$2?ZD2OdbLJ*q|2Ifp6 z#5E!%Jka;t|GXJ8^58|D-!cq4v-cW<@_2~SgVLdYaJX~yD~W`(XDY9ncEYQRzUSJb z8P~+SlvhQK92;Z(-WHm+cIZOZIIeHN&byv;8P`v4;E_MuWt-<$;>3uDE12K2DjX5BTV#f_KApC7X-Oel3^BFPddTG$XP zkw0q`ZNDGasOMtNs9G-6D=*;yZ8pAR9zUJ>zH)1bcS7@ONG?cIR!p7CJb#^Qa{iDvRa$tjq0Msn^PXpMHpSQ2V7;mbO^ zRM}>g8SP+HhJ7-A&3?;)7H1c@^DH)V_H!Sl(ua!e6TUn!7gZas|`$5&URWw$+p zp=pH&w%#g;sRe^Rs|?&+vq}H~G;z)cBo(ezrb^wS>GM>y*u7PtSvb8~{4yuS)W5x3 zn%TNnXFIQ_Ii^*Vk3N5d-Wz_|vY*2Uc}{mqtFBQAkb1I$YMaDHI%0T0Fx?KOn4P8G zdXtRhK6yxO8Owy9MUUnL$`0!#tW>e ziO62Gsg?fI13CENnFyWXs26>Ckll0TpWX9_NU!bkbG?WD7feD4-%?lTiG$b%ff`(q z`)IabQvZu8k%Vs;=yj+0IBn%sa^K!wL6p)_!f08EO=Oy(1t=KMUP?j8PB_F+bPHIH zsO6z~6^#&DLZteuL`D2)c|S*)XR#t9NCFW=%MmJo_Jr}NU`3Nt-PNNj2di1PX#5%b zWgx#yi=?vT8jrYuV;>oY$RTl&rNlGKOvYyzi-3mH+{tdk_k}s!j}OD^A1iXXhK|{7 z`9xiYC+%vzqpvTOZgC28im*F+;uICt4&AT;mz^(XEg3>)lZ}q_JJx>ME>NL^#>28QZUHHZIXB-f?XY^p~G5$ttL&P#2 zFA&h=MNk-UZK*V__90k_MBqZfbA^1PdhdPhs2X)-elofwJsfHquDWCuo6UUf_(K2* z#p;HKeSSGeO!c_A)6a`~``mr@5I^d8zL0#J20!m5937N5RBKzjQzkaUX!L#Ve2Y+s z&li6w{<8`D1o|5Iy73ve>3RA3ba_nkxeo13oRvZtSBM?MF*KWYNFS5p&xbq?JLS5! z`6{mu?)UC&04@)BTArFKo2sL{K96|sj-DUlU0#T|rzaa>_-^)cKN)=~;aEOlM>8qY zO}`~s0Wv{gC~}}gDU#BYb`x>H%{&0${v_@RP?yH?j*PN$lb;gGAH|EVhe?-RN;$I| z#hDA-&HmVMHQ&vXCayePV&_~2wkyI~+oFx9VB?_N9YK_sdbaf;BI{V&f&?hX1K3Qm zc_}9idx`_eAIT`C3I1XZa0F=fCJGE8E+P>@?D61QY_kjbmRhyN^cCN6^ zM+4#0*elX7DXVYXFi;LpvXTRg1MLVgnoVYicwaH@e?uH=kgT}HW6MHY^yi{M5(i?= z{niDcMF$C3Dq8j+tr`CjuucA01U- zF~2YgV_{D!pB^5GHBkI)5m$o-kJd(sW|q!U?ni?8mm(w$^Dq_+n2JSyKKqbkj_7~d z2nY~hBJulDCM*+4xsX7V$derW&)oGK?5?$=(siSmTTNX6-?T+>^LqYImqaobf&`FK?-r< zxQGf-sl+{BSca*#m*}3viMBjTK&UusNv;HkY*@Y*DE1@!bM$}yG7S*PQZhxQ9fA-V z^^j&z8gXf5QnNIzWE<-8*GvVT?M#hwCt(=T6mcI=fXk)H$DKV7{rsc8fl*@vns|m} z!^j5ilgKk}RjdFMYH-SNUqeIl8lIt_KBH_#mLvJ6Da9Y)6sE}qLgtdn8cttx;Jse= z5&Rh<2s)G)8;oqCWIoPAB8g%i3o2G1RhNeSlB%ouB%kt(o@yK&n!jw%2^(Uyff2Wh z22$V_ryvcry$4~W&7CH>rmtSg=IWX{t7xS!NX$Ih@4QT z;GG3eC6a@S=B%u)XcVVdQvPhifO!cfY~1{AlKos!+>5ehf%*iUrQIgTn=Q>*bwF=& zfjfQE@fR78@+MySrP^;1HY;WN>$vfdD~+1%hXQ;E-S$+}#EZgF6I=0Kwhu zPVWD`oOK>{Rqv`@r`PIry1FHv&n=${7?&Vt_dA=qi_Qhq<`JoTPJHPiIW_>>hE~>( zcL&KLWzQ?mS4Fk4Qb112k*PLzN}(s&kWL|uW24;k%k@SX^atjH?YpbR#Z<&w-=b8* z)I~+exaw8Q0Yimf=Vti)xaN2n8V|xG3m@=7?ysk$ruOhNc9;{t5gM3g{<)F9;`TQ1B z!{HiTDE@Q-ww7xv%>kXUNg{ZrHYD8Aw?1eYDZm742@bjaNR^d-v|p3%x8@@GF&1s} zV|HO$_b9m`3Q?U>+b`$3tH0d32WJ7rKl|sm7N%0uX>gmmPsFIM16UxoFQ~Hl4j~QT?qpS#C{j*fVwyaVN>qV(|4QWjx9|r!!wl{NI77siG>Z4x;XUxYFk3VdCA*-s9cg z-IdWeZty(kgRK;A=7s-W!i&*P4~_aY*P_}@UcCc}-TamLV$wTLOO>+Nclx&K^JXm* z6MITQKI~(88TvCUGdIHTceZ1Jpd&=%52^izMW!5g{@&yUIq`L=%Ww@d*iLnQ>IjM-A`jkTPj>rTenjNX)EN}9v z5^5?aR-ErLs0oo5>8u8n-CfJNiffI3Zd+vaZc$%W88##VH3iR)mx>hA!ZOP0h+NL7cp%a{jI@f#)Cn zgZv@-YQAK3*5@bo{h@XA2+kqYeZT+y)k%s8IiZt++DxjL^9p(vb);giRv`P`6yveP z3R@g;3=KouxO02oxv{2slx2b*IvRk&+#kW_pTCp3xm`L1IdKI0vj_wM%h%9Va29^( ztx0?o=$bm;G&z#q6M&bE@vpIK`*kB*+4n5*&T5}Rndm7%8hT#^6zJ!*;inw%Rz4rU zky{EjoS*FCr90m|w9;dlpVxEPI9GV{uuVz{tkwrKTq0zq;?RGGT|Msi1fh)9{~mt4 zH))Lx`z~E$Bi#E~s<3UFJYh;;{RPw_E_ri(N4Wb4ioutcDKSuk67(Fol%54-Fo`t; zgi)c=M(>^|b{~kLY@*4A|mK!A}I`xTU^ZujH@v7NN zr;N$s_+^gT5i06z1F3GyC%`R>Jb?lzOfT(1!Q-c3f?^NZpqMuMm;rpnRGnzs*ZkEy zSjElW((e`bVZhB|VapR!@$FXfg~@=6?S%GvQjvP8-3M_9HK4~1R0shWJ9*74Z4`Nzk~#YOBh^a*BTK1g1!uSxiiYbch{_u==Oz85iW7#ZO;8RW{FAp(H$-Y>r0v<@9 zj-_5(Vd#a1s0e%-m_wgfFceWWyM+xqorw)4X{eW4t+62dIu`;Ug})gm%*JhoPY6xfLYA4hg} z^bbr8*7_`vmDu#t>>YtgcDjKeTL(^ctA`*>KC-{rx`UnXm3a`FUMY(W5hUSZzE>^c zhm5pVhsBZgFATCp#rH&s(IVxK4->RAqR8ezAa;|&YaU{$L8Km9QMclo5`#n`SAjD(Ff|+Y z+!0vBMQ}=U5;e$0UgBQ0V6&XDo{FQ%=YaPYM82SG>#}C>GbC8%BJ|kWMK$uVUIRDq z3&iRb_8Ec zI5Rh}RG9JytSbjr4!5BX?Rmkre1G6fg24INAeo;quRg))W#tTyq#dS$>_UzeOz^_T z6A<4H91;!;%O_I(#6O++e&~I!XG)?BH-gr|(C z>RlQ?jjrMRwFXNdf=SQBx|X=2?>ZpQ9Sle3LYOd7!g4QOUN%)SO;5i4xra3s%S-V`jRqq+pdqgIc?Ro0GH#+v}~h zDkoN4v)!jl)^PrDmDh(^C`jbG8Tp282I(tmIh>K$P(RjCm(MCLZSxpt|Ig1LK3udK znBryE^z5jNKKNw;@LgR^sBzhsQQZnz{A*iApT!7B8yoE)$PfmY=i645(>bS-?NfJE z%e0aC8%U|X`EK0@XW$L%tS6s1AgNHG9|mNAc`yiIj?`s9xqHYGD<&x(!YVbj32*KDb-IvKB=8s_vssbk+FBGgQ_@Ky(WCQw3XGM6dzc#6HWdD4 zcg7R%0Z2BZC=tlu6YtWFuhJ{PKeb(=tyOKgLTD z7K8Y5mLo|sWE#_IY8V%$^9$u%GHq}rV{Pof&K`msi|n1yAe355z(HrIL){?h9VL6F zAKx7#MwZ?G@rUlUCoYhc8Ve*`)A4I7{7l)3Y96whVLL$C?~N6usuBYM@X>q*htIaq z1__YuxNLghVBqd|qY=AwTV!(JhmQ6!e%3k_T`+nd{$6IY#W=^CZ)CA=!|J;XN;kTu zF6L!@G1e%9#9ZA zch3D5F-AIcRxJDXV$ar(TG{mhtGC^H{K<-^v}~xCbU#qsPBo!clNLXNHORf&_L2?Ea5qre~4_USQ3Q~hjo{7A0n&0$92h~q3cyGa&PUKmkU6F>%% zq79E23%QCEN7H*yXy1j1l}`Ve{@RO>e+V^+WoKaaDH)dEKmGbV z2K+s|xmjhkNFy}@OcXxpRa1OkBVk1=14-Z8@U6pz>FMi+A)S=}d8>1R@AX^k2(UAS zVSNc_1!@vs^ysdO?6oyx{hAptmR(1~e;8-+Rz(BLCuO75T^v<8PA2&c4nb=B7%C2F z4L2T}8NmURE0VW3jGf1dPghZaO3!+|AheIRd!LGD2`*hvW;DLPD%lN|=YFaniVm$m zR?k~Aed=g6l(p(Fii-90CInUN7ztX6$^fE$^|P)?xO6yvVY7Ez^Ce*Ymj(H9FgB}i zV|7Qg59*KPdXH}(x4NwWI`=5A< z=grz@;Wc9{IHc_BW}d_h+7Oy34^3^0(m4aA&nZ0(+c0=|7fs@K7Ugx3gVS51*TAx) zl8c7(Ce<1C)a8v~b|Q#O%plyAYVR%B|8g{n5U|_kOYLg@n@0 zehC8!@w^UO(~W1htfCx5=JRuL*|5R%DtLB@g>YYIuCdtoqVe^2(h&V!t)xE&{0Q&*pY2lXZoym*U@j| zOLHde0e1_1Y1xUtoO;HQKUQc z0+!Vce*;W*1iDzMjVZ|?HPHK^iR+>>B6QOwg|bZY$p*Pf4P1ar{#bJ(x36n3zix&< z?1kKo)mTQB=DbFZx2*|{y`;isWMwTKx@ETmUbPpeV8&Tf5JUB(I{j6z3=E|*!PSkG z)mql60Q*RTigE>x1p~u;FJ8*5X6>I!i05=aqXDF<1QYy1hIL3q5Go-^?b+23oGZ|` zn5e85pn@p{=z)i+89p+AdOu90Oh;<6&q3yGR;zoL4;#$W z%u7ma$lU7>EGL@gQSc~&d95}AgPYP5Q%lQl&TC@0#b_In=zImg~`SkIbqX!rEOc%q-8ARq5Npc2n=|{xjT=PH{maE49J0_`=0z-NW>a zC@Qox@Nwfx2Q~`>R)}FcXZeu`G}m@m({plCz7V@9*~&NnCrduc*O4=#!q@qD_GHcnew z=mwI17zRClxowyprVHN0uvBR!nNuRda^!0ivMD)^gbKA>QiCnJ&T`hCSE$oP50C`* zm+Ymotd_jOzzS0E5N;Xu{L$d?)1p;u8018$-h^N9XuWe|fB${nswsEcF1ffAlyG?W zCNXb0Na_)R?yQ~iN!U%PEe1IuH_Gu#hDI;yCb2}IZ+U@|iJuOiF1hOI};B6xvXL0+I1vC5a$zw$fEhCli+h zei|lrm{1kiMS(4$a&*7G%)jJQ=A^~GNhtUm!z`p|ecqVwfRxT)G0psv6nd*Ol+1)W zW=SQ4?qNfNr zAVsy`@E5P&1tprr4t)qEjxM(eJ0VRju}4!#03-{9E+wSUYZ7jv`?=GE>qQp;j)tdJ z16`wC5Dh;4QcYWs!p|@xqQVm+QShQg`by>R;U&6Ihc#kw`W%n+@T;%>Zz*;%H^MN! zVOdzGIr-f^9ivjXvZ_rq2Y?Dj{UQI}%LlFaDRmxA<#*gsrSpq5uBXTL(xcV+XF`WPT z6Z)%$PC(V()|)`(OB`;pHdnn+{#cO}`sCaHaJ%hrT*)*t!(f=Q4L*h_M{hxjnL|Z6 zDcwc0(pyv-3j9TsYNX`U)}4SxMqB|eq3HS%1s-;E!4mAETrH-G8dZb$~- z8#tMNUY9rE=8ihxv8TuZ9f=Eo9DRS~zeVk+s3Lf%);k@Mgl^g% z^E!Od16?5qG&GYbfGUlov4VBuaB1#a7~$x&y#BjAvpt3gindpRZ#_uZi_I9Bit^=3 z-i%o&S0}8jttfQ(sJ`4g_&mA&cquK(GOKuqUb;t@$3cNar}i0nP6!Ki#9NOjQesm^ zp9TYIJtvi>=9KIT^a%W6p^|U4m>m^J4lGiU1Dv}97Owd_(wAq483Pp(6>dlea6{H3 zpypl?clZMyh{KF=9@o6mQ>R_xJt!rNarxZZO5!UeD?#m`Lz~Dl8VzTK#?I1QsdZbA z8+nOUm$jE2|5g%!Bl`%DqkPUFn>P*KX20}pP$c$XE0)uqC*jB?xINvxGlVh?OiCM_ z)$Vt-5n^}VqXFLy5}bOR-Bva{oOS1NcQ)KKT-7?fH+#GD$7yHU^QAK6iEvLu0*B;8 zBTH+du7Ps0tSgVWg;M0?(>{F%5}JV>YlqA$_ui@#**`oh63yn>l}72Yv1R6CyCS5d zvELj=$FIwk3>h-o&R0wpsH%=D27G<$B0|i@b`B74NNX`Bu5LJ(<6Pc>7H2gh_mF$Q zVvFae7jFASj+X&bxX%#0Q%&?B5$dd80zoobuB6mD6W)j3%P7IV(={<%(`XT4A13)D z?*}voHJZKtgCSVMVWCd{V2dCA2WwuD*xnNC-a4>+Bb>}!Vtv$qXewT5)}EM^V0hl` zCN7*@#0TO~k!d?k|JpvFG064)h^DP1l1q%*8N%82*Y6(dFn1b$49CAAQ9gaxKd_e> z1Y5$*Z0|!C`gz1V$)(BHu(WGp*x-~ny*PrAkL|>7bKXFGv+_c+mC|zsmHSvS)oJm* z!D4Q=eAj}d#Z24Iy9n8b{d%l1K0Y|g-@4?_T>24K8-z5yRu&AB(S8&z2HDw>(z1r^ zfZgpcvTW0{1JUPqTyND#M(?iPjPdkrzM*JpZw-z~xV^lcYnb8MzT(yXW$%;3V`~0X z``5a4@8>J*QJ&t-j*PAd_DnaIv1tv`hd$p&_F3MTETLN;$HY14cKuK0CwIrQD!gFL zzI+Gs89d*g^u9XsbXtXZN(oVC+kbvmI4^wNS}MCcH~oQ@5eV`DJvmr;FZHeci2Bp^ zQ&wTOB$z~uV&EINpwZh}Eg=LAl=JfwtNqT_R?PPqQzwU(Sc((|%^Isb#sA!CE`DW{ zwNgx2Q};Su0Rd7b?X3zdy*r$oIo#`+2Yew>lZwLUoyYGvJTA{)`6%#g{)z1`rqcHH l=iHzS!5T;f%6B|YZ-8#8q&|<=-9OSIY9gg0_+cVo{vSMfZh`;+ diff --git a/external/unbound/contrib/unbound_munin_ b/external/unbound/contrib/unbound_munin_ deleted file mode 100755 index 5d3dff8e8..000000000 --- a/external/unbound/contrib/unbound_munin_ +++ /dev/null @@ -1,559 +0,0 @@ -#!/bin/sh -# -# plugin for munin to monitor usage of unbound servers. -# To install copy this to /usr/local/share/munin/plugins/unbound_munin_ -# and use munin-node-configure (--suggest, --shell). -# -# (C) 2008 W.C.A. Wijngaards. BSD Licensed. -# -# To install; enable statistics and unbound-control in unbound.conf -# server: extended-statistics: yes -# statistics-cumulative: no -# statistics-interval: 0 -# remote-control: control-enable: yes -# Run the command unbound-control-setup to generate the key files. -# -# Environment variables for this script -# statefile - where to put temporary statefile. -# unbound_conf - where the unbound.conf file is located. -# unbound_control - where to find unbound-control executable. -# spoof_warn - what level to warn about spoofing -# spoof_crit - what level to crit about spoofing -# -# You can set them in your munin/plugin-conf.d/plugins.conf file -# with: -# [unbound*] -# user root -# env.statefile /usr/local/var/munin/plugin-state/unbound-state -# env.unbound_conf /usr/local/etc/unbound/unbound.conf -# env.unbound_control /usr/local/sbin/unbound-control -# env.spoof_warn 1000 -# env.spoof_crit 100000 -# -# This plugin can create different graphs depending on what name -# you link it as (with ln -s) into the plugins directory -# You can link it multiple times. -# If you are only a casual user, the _hits and _by_type are most interesting, -# possibly followed by _by_rcode. -# -# unbound_munin_hits - base volume, cache hits, unwanted traffic -# unbound_munin_queue - to monitor the internal requestlist -# unbound_munin_memory - memory usage -# unbound_munin_by_type - incoming queries by type -# unbound_munin_by_class - incoming queries by class -# unbound_munin_by_opcode - incoming queries by opcode -# unbound_munin_by_rcode - answers by rcode, validation status -# unbound_munin_by_flags - incoming queries by flags -# unbound_munin_histogram - histogram of query resolving times -# -# Magic markers - optional - used by installation scripts and -# munin-config: (originally contrib family but munin-node-configure ignores it) -# -#%# family=auto -#%# capabilities=autoconf suggest - -# POD documentation -: <<=cut -=head1 NAME - -unbound_munin_ - Munin plugin to monitor the Unbound DNS resolver. - -=head1 APPLICABLE SYSTEMS - -System with unbound daemon. - -=head1 CONFIGURATION - - [unbound*] - user root - env.statefile /usr/local/var/munin/plugin-state/unbound-state - env.unbound_conf /usr/local/etc/unbound/unbound.conf - env.unbound_control /usr/local/sbin/unbound-control - env.spoof_warn 1000 - env.spoof_crit 100000 - -Use the .env settings to override the defaults. - -=head1 USAGE - -Can be used to present different graphs. Use ln -s for that name in -the plugins directory to enable the graph. -unbound_munin_hits - base volume, cache hits, unwanted traffic -unbound_munin_queue - to monitor the internal requestlist -unbound_munin_memory - memory usage -unbound_munin_by_type - incoming queries by type -unbound_munin_by_class - incoming queries by class -unbound_munin_by_opcode - incoming queries by opcode -unbound_munin_by_rcode - answers by rcode, validation status -unbound_munin_by_flags - incoming queries by flags -unbound_munin_histogram - histogram of query resolving times - -=head1 AUTHOR - -Copyright 2008 W.C.A. Wijngaards - -=head1 LICENSE - -BSD - -=cut - -state=${statefile:-/usr/local/var/munin/plugin-state/unbound-state} -conf=${unbound_conf:-/usr/local/etc/unbound/unbound.conf} -ctrl=${unbound_control:-/usr/local/sbin/unbound-control} -warn=${spoof_warn:-1000} -crit=${spoof_crit:-100000} -lock=$state.lock - -# number of seconds between polling attempts. -# makes the statefile hang around for at least this many seconds, -# so that multiple links of this script can share the results. -lee=55 - -# to keep things within 19 characters -ABBREV="-e s/total/t/ -e s/thread/t/ -e s/num/n/ -e s/query/q/ -e s/answer/a/ -e s/unwanted/u/ -e s/requestlist/ql/ -e s/type/t/ -e s/class/c/ -e s/opcode/o/ -e s/rcode/r/ -e s/edns/e/ -e s/mem/m/ -e s/cache/c/ -e s/mod/m/" - -# get value from $1 into return variable $value -get_value ( ) { - value="`grep '^'$1'=' $state | sed -e 's/^.*=//'`" - if test "$value"x = ""x; then - value="0" - fi -} - -# download the state from the unbound server. -get_state ( ) { - # obtain lock for fetching the state - # because there is a race condition in fetching and writing to file - - # see if the lock is stale, if so, take it - if test -f $lock ; then - pid="`cat $lock 2>&1`" - kill -0 "$pid" >/dev/null 2>&1 - if test $? -ne 0 -a "$pid" != $$ ; then - echo $$ >$lock - fi - fi - - i=0 - while test ! -f $lock || test "`cat $lock 2>&1`" != $$; do - while test -f $lock; do - # wait - i=`expr $i + 1` - if test $i -gt 1000; then - sleep 1; - fi - if test $i -gt 1500; then - echo "error locking $lock" "=" `cat $lock` - rm -f $lock - exit 1 - fi - done - # try to get it - if echo $$ >$lock ; then : ; else break; fi - done - # do not refetch if the file exists and only LEE seconds old - if test -f $state; then - now=`date +%s` - get_value "time.now" - value="`echo $value | sed -e 's/\..*$//'`" - if test $now -lt `expr $value + $lee`; then - rm -f $lock - return - fi - fi - $ctrl -c $conf stats > $state - if test $? -ne 0; then - echo "error retrieving data from unbound server" - rm -f $lock - exit 1 - fi - rm -f $lock -} - -if test "$1" = "autoconf" ; then - if test ! -f $conf; then - echo no "($conf does not exist)" - exit 1 - fi - if test ! -d `dirname $state`; then - echo no "(`dirname $state` directory does not exist)" - exit 1 - fi - echo yes - exit 0 -fi - -if test "$1" = "suggest" ; then - echo "hits" - echo "queue" - echo "memory" - echo "by_type" - echo "by_class" - echo "by_opcode" - echo "by_rcode" - echo "by_flags" - echo "histogram" - exit 0 -fi - -# determine my type, by name -id=`echo $0 | sed -e 's/^.*unbound_munin_//'` -if test "$id"x = ""x; then - # some default to keep people sane. - id="hits" -fi - -# if $1 exists in statefile, config is echoed with label $2 -exist_config ( ) { - mn=`echo $1 | sed $ABBREV | tr . _` - if grep '^'$1'=' $state >/dev/null 2>&1; then - echo "$mn.label $2" - echo "$mn.min 0" - echo "$mn.type ABSOLUTE" - fi -} - -# print label and min 0 for a name $1 in unbound format -p_config ( ) { - mn=`echo $1 | sed $ABBREV | tr . _` - echo $mn.label "$2" - echo $mn.min 0 - echo $mn.type $3 -} - -if test "$1" = "config" ; then - if test ! -f $state; then - get_state - fi - case $id in - hits) - echo "graph_title Unbound DNS traffic and cache hits" - echo "graph_args --base 1000 -l 0" - echo "graph_vlabel queries / \${graph_period}" - echo "graph_scale no" - echo "graph_category DNS" - for x in `grep "^thread[0-9][0-9]*\.num\.queries=" $state | - sed -e 's/=.*//'`; do - exist_config $x "queries handled by `basename $x .num.queries`" - done - p_config "total.num.queries" "total queries from clients" "ABSOLUTE" - p_config "total.num.cachehits" "cache hits" "ABSOLUTE" - p_config "total.num.prefetch" "cache prefetch" "ABSOLUTE" - p_config "num.query.tcp" "TCP queries" "ABSOLUTE" - p_config "num.query.tcpout" "TCP out queries" "ABSOLUTE" - p_config "num.query.ipv6" "IPv6 queries" "ABSOLUTE" - p_config "unwanted.queries" "queries that failed acl" "ABSOLUTE" - p_config "unwanted.replies" "unwanted or unsolicited replies" "ABSOLUTE" - echo "u_replies.warning $warn" - echo "u_replies.critical $crit" - echo "graph_info DNS queries to the recursive resolver. The unwanted replies could be innocent duplicate packets, late replies, or spoof threats." - ;; - queue) - echo "graph_title Unbound requestlist size" - echo "graph_args --base 1000 -l 0" - echo "graph_vlabel number of queries" - echo "graph_scale no" - echo "graph_category DNS" - p_config "total.requestlist.avg" "Average size of queue on insert" "GAUGE" - p_config "total.requestlist.max" "Max size of queue (in 5 min)" "GAUGE" - p_config "total.requestlist.overwritten" "Number of queries replaced by new ones" "GAUGE" - p_config "total.requestlist.exceeded" "Number of queries dropped due to lack of space" "GAUGE" - echo "graph_info The queries that did not hit the cache and need recursion service take up space in the requestlist. If there are too many queries, first queries get overwritten, and at last resort dropped." - ;; - memory) - echo "graph_title Unbound memory usage" - echo "graph_args --base 1024 -l 0" - echo "graph_vlabel memory used in bytes" - echo "graph_category DNS" - p_config "mem.cache.rrset" "RRset cache memory" "GAUGE" - p_config "mem.cache.message" "Message cache memory" "GAUGE" - p_config "mem.mod.iterator" "Iterator module memory" "GAUGE" - p_config "mem.mod.validator" "Validator module and key cache memory" "GAUGE" - p_config "msg.cache.count" "msg cache count" "GAUGE" - p_config "rrset.cache.count" "rrset cache count" "GAUGE" - p_config "infra.cache.count" "infra cache count" "GAUGE" - p_config "key.cache.count" "key cache count" "GAUGE" - echo "graph_info The memory used by unbound." - ;; - by_type) - echo "graph_title Unbound DNS queries by type" - echo "graph_args --base 1000 -l 0" - echo "graph_vlabel queries / \${graph_period}" - echo "graph_scale no" - echo "graph_category DNS" - for x in `grep "^num.query.type" $state`; do - nm=`echo $x | sed -e 's/=.*$//'` - tp=`echo $nm | sed -e s/num.query.type.//` - p_config "$nm" "$tp" "ABSOLUTE" - done - echo "graph_info queries by DNS RR type queried for" - ;; - by_class) - echo "graph_title Unbound DNS queries by class" - echo "graph_args --base 1000 -l 0" - echo "graph_vlabel queries / \${graph_period}" - echo "graph_scale no" - echo "graph_category DNS" - for x in `grep "^num.query.class" $state`; do - nm=`echo $x | sed -e 's/=.*$//'` - tp=`echo $nm | sed -e s/num.query.class.//` - p_config "$nm" "$tp" "ABSOLUTE" - done - echo "graph_info queries by DNS RR class queried for." - ;; - by_opcode) - echo "graph_title Unbound DNS queries by opcode" - echo "graph_args --base 1000 -l 0" - echo "graph_vlabel queries / \${graph_period}" - echo "graph_scale no" - echo "graph_category DNS" - for x in `grep "^num.query.opcode" $state`; do - nm=`echo $x | sed -e 's/=.*$//'` - tp=`echo $nm | sed -e s/num.query.opcode.//` - p_config "$nm" "$tp" "ABSOLUTE" - done - echo "graph_info queries by opcode in the query packet." - ;; - by_rcode) - echo "graph_title Unbound DNS answers by return code" - echo "graph_args --base 1000 -l 0" - echo "graph_vlabel answer packets / \${graph_period}" - echo "graph_scale no" - echo "graph_category DNS" - for x in `grep "^num.answer.rcode" $state`; do - nm=`echo $x | sed -e 's/=.*$//'` - tp=`echo $nm | sed -e s/num.answer.rcode.//` - p_config "$nm" "$tp" "ABSOLUTE" - done - p_config "num.answer.secure" "answer secure" "ABSOLUTE" - p_config "num.answer.bogus" "answer bogus" "ABSOLUTE" - p_config "num.rrset.bogus" "num rrsets marked bogus" "ABSOLUTE" - echo "graph_info answers sorted by return value. rrsets bogus is the number of rrsets marked bogus per \${graph_period} by the validator" - ;; - by_flags) - echo "graph_title Unbound DNS incoming queries by flags" - echo "graph_args --base 1000 -l 0" - echo "graph_vlabel queries / \${graph_period}" - echo "graph_scale no" - echo "graph_category DNS" - p_config "num.query.flags.QR" "QR (query reply) flag" "ABSOLUTE" - p_config "num.query.flags.AA" "AA (auth answer) flag" "ABSOLUTE" - p_config "num.query.flags.TC" "TC (truncated) flag" "ABSOLUTE" - p_config "num.query.flags.RD" "RD (recursion desired) flag" "ABSOLUTE" - p_config "num.query.flags.RA" "RA (rec avail) flag" "ABSOLUTE" - p_config "num.query.flags.Z" "Z (zero) flag" "ABSOLUTE" - p_config "num.query.flags.AD" "AD (auth data) flag" "ABSOLUTE" - p_config "num.query.flags.CD" "CD (check disabled) flag" "ABSOLUTE" - p_config "num.query.edns.present" "EDNS OPT present" "ABSOLUTE" - p_config "num.query.edns.DO" "DO (DNSSEC OK) flag" "ABSOLUTE" - echo "graph_info This graphs plots the flags inside incoming queries. For example, if QR, AA, TC, RA, Z flags are set, the query can be rejected. RD, AD, CD and DO are legitimately set by some software." - ;; - histogram) - echo "graph_title Unbound DNS histogram of reply time" - echo "graph_args --base 1000 -l 0" - echo "graph_vlabel queries / \${graph_period}" - echo "graph_scale no" - echo "graph_category DNS" - echo hcache.label "cache hits" - echo hcache.min 0 - echo hcache.type ABSOLUTE - echo hcache.draw AREA - echo hcache.colour 999999 - echo h64ms.label "0 msec - 66 msec" - echo h64ms.min 0 - echo h64ms.type ABSOLUTE - echo h64ms.draw STACK - echo h64ms.colour 0000FF - echo h128ms.label "66 msec - 131 msec" - echo h128ms.min 0 - echo h128ms.type ABSOLUTE - echo h128ms.colour 1F00DF - echo h128ms.draw STACK - echo h256ms.label "131 msec - 262 msec" - echo h256ms.min 0 - echo h256ms.type ABSOLUTE - echo h256ms.draw STACK - echo h256ms.colour 3F00BF - echo h512ms.label "262 msec - 524 msec" - echo h512ms.min 0 - echo h512ms.type ABSOLUTE - echo h512ms.draw STACK - echo h512ms.colour 5F009F - echo h1s.label "524 msec - 1 sec" - echo h1s.min 0 - echo h1s.type ABSOLUTE - echo h1s.draw STACK - echo h1s.colour 7F007F - echo h2s.label "1 sec - 2 sec" - echo h2s.min 0 - echo h2s.type ABSOLUTE - echo h2s.draw STACK - echo h2s.colour 9F005F - echo h4s.label "2 sec - 4 sec" - echo h4s.min 0 - echo h4s.type ABSOLUTE - echo h4s.draw STACK - echo h4s.colour BF003F - echo h8s.label "4 sec - 8 sec" - echo h8s.min 0 - echo h8s.type ABSOLUTE - echo h8s.draw STACK - echo h8s.colour DF001F - echo h16s.label "8 sec - ..." - echo h16s.min 0 - echo h16s.type ABSOLUTE - echo h16s.draw STACK - echo h16s.colour FF0000 - echo "graph_info Histogram of the reply times for queries." - ;; - esac - - exit 0 -fi - -# do the stats itself -get_state - -# get the time elapsed -get_value "time.elapsed" -if test $value = 0 || test $value = "0.000000"; then - echo "error: time elapsed 0 or could not retrieve data" - exit 1 -fi -elapsed="$value" - -# print value for $1 -print_value ( ) { - mn=`echo $1 | sed $ABBREV | tr . _` - get_value $1 - echo "$mn.value" $value -} - -# print value if line already found in $2 -print_value_line ( ) { - mn=`echo $1 | sed $ABBREV | tr . _` - value="`echo $2 | sed -e 's/^.*=//'`" - echo "$mn.value" $value -} - - -case $id in -hits) - for x in `grep "^thread[0-9][0-9]*\.num\.queries=" $state | - sed -e 's/=.*//'` total.num.queries \ - total.num.cachehits total.num.prefetch num.query.tcp \ - num.query.tcpout num.query.ipv6 unwanted.queries \ - unwanted.replies; do - if grep "^"$x"=" $state >/dev/null 2>&1; then - print_value $x - fi - done - ;; -queue) - for x in total.requestlist.avg total.requestlist.max \ - total.requestlist.overwritten total.requestlist.exceeded; do - print_value $x - done - ;; -memory) - for x in mem.cache.rrset mem.cache.message mem.mod.iterator \ - mem.mod.validator msg.cache.count rrset.cache.count \ - infra.cache.count key.cache.count; do - print_value $x - done - ;; -by_type) - for x in `grep "^num.query.type" $state`; do - nm=`echo $x | sed -e 's/=.*$//'` - print_value_line $nm $x - done - ;; -by_class) - for x in `grep "^num.query.class" $state`; do - nm=`echo $x | sed -e 's/=.*$//'` - print_value_line $nm $x - done - ;; -by_opcode) - for x in `grep "^num.query.opcode" $state`; do - nm=`echo $x | sed -e 's/=.*$//'` - print_value_line $nm $x - done - ;; -by_rcode) - for x in `grep "^num.answer.rcode" $state`; do - nm=`echo $x | sed -e 's/=.*$//'` - print_value_line $nm $x - done - print_value "num.answer.secure" - print_value "num.answer.bogus" - print_value "num.rrset.bogus" - ;; -by_flags) - for x in num.query.flags.QR num.query.flags.AA num.query.flags.TC num.query.flags.RD num.query.flags.RA num.query.flags.Z num.query.flags.AD num.query.flags.CD num.query.edns.present num.query.edns.DO; do - print_value $x - done - ;; -histogram) - get_value total.num.cachehits - echo hcache.value $value - r=0 - for x in histogram.000000.000000.to.000000.000001 \ - histogram.000000.000001.to.000000.000002 \ - histogram.000000.000002.to.000000.000004 \ - histogram.000000.000004.to.000000.000008 \ - histogram.000000.000008.to.000000.000016 \ - histogram.000000.000016.to.000000.000032 \ - histogram.000000.000032.to.000000.000064 \ - histogram.000000.000064.to.000000.000128 \ - histogram.000000.000128.to.000000.000256 \ - histogram.000000.000256.to.000000.000512 \ - histogram.000000.000512.to.000000.001024 \ - histogram.000000.001024.to.000000.002048 \ - histogram.000000.002048.to.000000.004096 \ - histogram.000000.004096.to.000000.008192 \ - histogram.000000.008192.to.000000.016384 \ - histogram.000000.016384.to.000000.032768 \ - histogram.000000.032768.to.000000.065536; do - get_value $x - r=`expr $r + $value` - done - echo h64ms.value $r - get_value histogram.000000.065536.to.000000.131072 - echo h128ms.value $value - get_value histogram.000000.131072.to.000000.262144 - echo h256ms.value $value - get_value histogram.000000.262144.to.000000.524288 - echo h512ms.value $value - get_value histogram.000000.524288.to.000001.000000 - echo h1s.value $value - get_value histogram.000001.000000.to.000002.000000 - echo h2s.value $value - get_value histogram.000002.000000.to.000004.000000 - echo h4s.value $value - get_value histogram.000004.000000.to.000008.000000 - echo h8s.value $value - r=0 - for x in histogram.000008.000000.to.000016.000000 \ - histogram.000016.000000.to.000032.000000 \ - histogram.000032.000000.to.000064.000000 \ - histogram.000064.000000.to.000128.000000 \ - histogram.000128.000000.to.000256.000000 \ - histogram.000256.000000.to.000512.000000 \ - histogram.000512.000000.to.001024.000000 \ - histogram.001024.000000.to.002048.000000 \ - histogram.002048.000000.to.004096.000000 \ - histogram.004096.000000.to.008192.000000 \ - histogram.008192.000000.to.016384.000000 \ - histogram.016384.000000.to.032768.000000 \ - histogram.032768.000000.to.065536.000000 \ - histogram.065536.000000.to.131072.000000 \ - histogram.131072.000000.to.262144.000000 \ - histogram.262144.000000.to.524288.000000; do - get_value $x - r=`expr $r + $value` - done - echo h16s.value $r - ;; -esac diff --git a/external/unbound/contrib/unbound_smf22.tar.gz b/external/unbound/contrib/unbound_smf22.tar.gz deleted file mode 100644 index 4845c3354c77a53f32a18e791b74b3804d1162f3..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 4579 zcmV<95ghIxiwFp7UiVZ40CjF+Z*^{DUvq6{GBPf7VR8WN9BET4MUcBs6TD5Yew4Ml%$8Ghsd;PIF_lC1?p^?Dk+;5@w|f! zrgd#SZEuy*6*ia-`_2&HzHDiZLk+UNLtb?)jl5)PhPg!sr-#T0c);*TCYxiEXeu=v zB0oL&(2$3ovNs8|k<)7cz(^(7e)Qbf!QY$_H_+m&)rGfKLvQb6n+H>l%} zGr>X)=YL7DG-X|{-0{}Uds?5!`v;r2ZR1`zCeIT+W!~>A&snz`2_NG?aBrv)rO}`jC zyYM_a{rr;XpruW7O?qK&eqQw4({z1JDlCX+tFk7&xHz>iD>__5sn9jxMF>L58cfXe zU<2qgOD`_Y6qlz~pU=w)p*mS+J}1Yp0{Ca<7K_i$&Clj#&pl*`%W6@bf_bE+mEudY zh5TBAF+-BpI|&esB+DZtsmdvN4IywS0I>x~7C{Jr_@)mWW5r#!OxMv2&oyGsQQD-X zdqvYGgG18W5`oo%9mv=gwQRHx(aPj?(of`s$AC=oL|$=?r4^YZ6*j_|hesXOKsFCIw`YKywgzwoq6qOoDQ3w^}tVhpIS-AV~y;5W;;8nBGXGQrJo1iDV^Es`RcT z;r`}SEwhA7qm20MD_&J-1^EVm4NIxy6IsaXG7;;S{25{c-W-XrkERoz8o1ufYFKUXc#hV95-uFFmVgyU60lBvVyUX8u8~I` zA&J65=Lk;K;fD)~2HPks=zAS*2+$pF=R2l9=y4eAUy@K}naDAjR<^%g8l*c5=+@e5>Ih z$Rnfx`ws*>BpUvO14AkQcbX(U`skyCy#MLPpS<_!#~=2?OrO{G>uvb=s7c7l56y#L zYKM(K2|27Cw_DBnA^sxdyV}vo@xI`En4BE9YlqFGx!p1W{eTBz;iBUPS!5 z*&@gLt;SKixl4{(^}WN|cZaoKfa>1CnIN*?APsV|R|8^=GwHbA+HD-yP&o|9jT|1x z48#Rw#nd5Ov*GLn+}+b(>nTZk|F{lw)|+4d)ZArlIkHE#(XNx@gZkddpT7Z9zt+BKOiIb?HA%{*$d`O}ARDlSGDS@Jb>r)U zMzdYtZw%Lu4;ti;c2lbV1~9OEO5mlPv2|@azEzt5s`##}+YqHIQMJ@wW)@ z6jTGu^!uO0-xdV22h5F3n(h5s`;_z2JgT=)%fp@?>*yH3&tbhT9km+aT|j7Dtdx&x zKh%H0g)|8?zl`rs5eLE*3es{D{s7^q&@KzSYF&C{MxfKuj?};ARw_y%`3clzap+lLrywWk3vj1U)3b+qcy~7Kr-2 zPn2Mzc4$$hWyRGUw*4wbiF%QWnja`Dx=ja2I*ep%uys=(I6A1(Dqhzar5%scvYljM zp5P^D8*pn{1zPz5i@xb<7A-1zCz!a=C?fZUX@rF8F7uNe-`jz*S%Yd@_RMUa1-8B%{3RGZL*Ok(}e~T8v()x}qn7qE2)y*AS`xhCz ztC)hx>x=2Q2K`ryXsBuuej}gPlhTE^MgK|(z2%7fT}m=~pO%XJ)ngAX_+ST*o+6ke zor6d=KXBf=P4aN1i`-g;!mFa9O(D5f?fk%aW*~jD?3&eH+)m<)xy$iHZj>pDK6oug zIfje$Dz%)QBJOrYeqUiQu{SBx!G!E?lM~YzEzdVA2y_ydC@w!qF%DF4wxG?0q-gGSDV+ zx!(ET$ap;e%VkEhclqBfG^qaxmH$NUAGOehND9WTSkn{u)Op1{&~c^uoaMsObA_n| zUfdCshpfyNUYeVp?dYB^%q_2az3ecOLSY*wLUQ0 zIVC>0H+72H55*{RGf+qn(=}Ek!C{}z3?kl8Z^m9VT~dMlk*re)nczT9x^T!q;DDDb z{JO?2Sz6WUWC;wjXd1~4-CS36<}5ZAgJ@;VD`Yd^XycmDQoaV09-T#+5-5!L9>R z_@khq#^SBtBqb zmk#&Ffl%^^X~)tZo8}mJSEqNK=Q_GzuXspRV%5J@=3u-YQxL;maKfmn0x;Z?*ve(a zWl`@>D!kJ>Wy1>@Pq>Ju`pW|b*^x+cxt!mb4ueVpUl4{L{G`Sae$I(Focd#F0sSQ0 zFl?m_7mPac3bCg!vQHt?pxq9sS)8TKyq@qLGv!)p$1PqHWt?7MV}y?K2Q>EFfqUv46v z|Ba20kKN^ex6sbX|19ES~wryy?8e?|+r`O}+erNSu`IdzZ=Po-52Qi=GXO zR^$2Ia`-ciD*sMndByLrV_$6`yHhiw$E#zy%Lwl>!hdf@ShTK|6J9@$>C6kSlo+~3 zm(*Q8ew6qAq5(aFMt%EHdel7d~V*FkV$78fId)BAJA#&{NYf$h5_%-!PraZk_N^DgR@Pa5ElueswR3!a9FP>kOdTquArfFyZpMLh`W zHc>(34b6twMBoV){G&bv)-jP~Z40h;nUG;8EStJ+Zeus>)7=L>=rbYc=T$GMBufS7ToVZMSY^TC5f8*v-oaU=dC-IV{Zzqk-qcIP!2WR(6e^K-sR zL`>^5D5Cd6u$3Sm?nzVNdf|b;YBkV8v6#(lv^k zAHs0eGZv#nTRJ5E`pO$`7sT~PqC z=hspTSWbp2Qvgr^017r+(n " - echo " performs an update of trust anchor file" - echo " the trust anchor file is overwritten with the latest keys" - echo " the trust anchor file should contain only keys for one zone" - echo " -b causes keyfile to be made in bind format." - echo " without -b the file is made in unbound format." - echo " " - echo "alternate:" - echo " update-anchor [-r hints] [-b] -d directory" - echo " update all .anchor files in the directory." - echo " " - echo " name the files br.anchor se.anchor ..., and include them in" - echo " the validating resolver config file." - echo " put keys for the root in a file with the name root.anchor." - echo "" - echo "-r root.hints use different root hints. Strict option order." - echo "" - echo "Exit code 0 means anchors updated, 1 no changes, others are errors." - exit 2 -} - -if test $# -eq 0; then - usage -fi -bindformat="no" -filearg='-f' -roothints="" -if test X"$1" = "X-r"; then - shift - roothints="$1" - shift -fi -if test X"$1" = "X-b"; then - shift - bindformat="yes" - filearg='-F' -fi -if test $# -ne 2; then - echo "arguments wrong." - usage -fi - -do_update ( ) { - # arguments: - zonename="$1" - keyfile="$2" - tmpfile="/tmp/update-anchor.$$" - tmp2=$tmpfile.2 - tmp3=$tmpfile.3 - rh="" - if test -n "$roothints"; then - echo "server: root-hints: '$roothints'" > $tmp3 - rh="-C $tmp3" - fi - $ubhost -v $rh $filearg "$keyfile" -t DNSKEY "$zonename" >$tmpfile - if test $? -ne 0; then - rm -f $tmpfile - echo "Error: Could not update zone $zonename anchor file $keyfile" - echo "Cause: $ubhost lookup failed" - echo " (Is the domain decommissioned? Is connectivity lost?)" - return 2 - fi - - # has the lookup been DNSSEC validated? - if grep '(secure)$' $tmpfile >/dev/null 2>&1; then - : - else - rm -f $tmpfile - echo "Error: Could not update zone $zonename anchor file $keyfile" - echo "Cause: result of lookup was not secure" - echo " (keys too far out of date? domain changed ownership? need root hints?)" - return 3 - fi - - if test $bindformat = "yes"; then - # are there any KSK keys on board? - echo 'trusted-keys {' > "$tmp2" - if grep ' has DNSKEY record 257' $tmpfile >/dev/null 2>&1; then - # store KSK keys in anchor file - grep '(secure)$' $tmpfile | \ - grep ' has DNSKEY record 257' | \ - sed -e 's/ (secure)$/";/' | \ - sed -e 's/ has DNSKEY record \([0-9]*\) \([0-9]*\) \([0-9]*\) /. \1 \2 \3 "/' | \ - sed -e 's/^\.\././' | sort >> "$tmp2" - else - # store all keys in the anchor file - grep '(secure)$' $tmpfile | \ - sed -e 's/ (secure)$/";/' | \ - sed -e 's/ has DNSKEY record \([0-9]*\) \([0-9]*\) \([0-9]*\) /. \1 \2 \3 "/' | \ - sed -e 's/^\.\././' | sort >> "$tmp2" - fi - echo '};' >> "$tmp2" - else #not bindformat - # are there any KSK keys on board? - if grep ' has DNSKEY record 257' $tmpfile >/dev/null 2>&1; then - # store KSK keys in anchor file - grep '(secure)$' $tmpfile | \ - grep ' has DNSKEY record 257' | \ - sed -e 's/ (secure)$//' | \ - sed -e 's/ has DNSKEY record /. IN DNSKEY /' | \ - sed -e 's/^\.\././' | sort > "$tmp2" - else - # store all keys in the anchor file - grep '(secure)$' $tmpfile | \ - sed -e 's/ (secure)$//' | \ - sed -e 's/ has DNSKEY record /. IN DNSKEY /' | \ - sed -e 's/^\.\././' | sort > "$tmp2" - fi - fi # endif-bindformat - - # copy over if changed - diff $tmp2 $keyfile >/dev/null 2>&1 - if test $? -eq 1; then # 0 means no change, 2 means trouble. - cat $tmp2 > $keyfile - no_updated=0 - echo "$zonename key file $keyfile updated." - else - echo "$zonename key file $keyfile unchanged." - fi - - rm -f $tmpfile $tmp2 $tmp3 -} - -no_updated=1 -if test X"$1" = "X-d"; then - tdir="$2" - echo "start updating in $2" - for x in $tdir/*.anchor; do - if test `basename "$x"` = "root.anchor"; then - zname="." - else - zname=`basename "$x" .anchor` - fi - do_update "$zname" "$x" - done - echo "done updating in $2" -else - # regular invocation - if test X"$1" = "X."; then - zname="$1" - else - # strip trailing dot from zone name - zname="`echo $1 | sed -e 's/\.$//'`" - fi - kfile="$2" - do_update $zname $kfile -fi -exit $no_updated diff --git a/external/unbound/contrib/validation-reporter.sh b/external/unbound/contrib/validation-reporter.sh deleted file mode 100755 index 7c1a4218b..000000000 --- a/external/unbound/contrib/validation-reporter.sh +++ /dev/null @@ -1,117 +0,0 @@ -#!/bin/sh -# validation reporter - reports validation failures to a collection server. -# Copyright NLnet Labs, 2010 -# BSD license. - - -### -# Here is the configuration for the validation reporter -# it greps the failure lines out of the log and sends them to a server. - -# The pidfile for the reporter daemon. -pidfile="/var/run/validation-reporter.pid" - -# The logfile to watch for logged validation failures. -logfile="/var/log/unbound.log" - -# how to notify the upstream -# nc is netcat, it sends tcp to given host port. It makes a tcp connection -# and writes one log-line to it (grepped from the logfile). -# the notify command can be: "nc the.server.name.org 1234" -# the listening daemon could be: nc -lk 127.0.0.1 1234 >> outputfile & -notify_cmd="nc localhost 1234" - - -### -# Below this line is the code for the validation reporter, -# first the daemon itself, then the controller for the daemon. -reporter_daemon() { - trap "rm -f \"$pidfile\"" EXIT - tail -F $logfile | grep --line-buffered "unbound.*info: validation failure" | \ - while read x; do - echo "$x" | $notify_cmd - done -} - - -### -# controller for daemon. -start_daemon() { - echo "starting reporter" - nohup $0 rundaemon /dev/null 2>&1 & - echo $! > "$pidfile" -} - -kill_daemon() { - echo "stopping reporter" - if test -s "$pidfile"; then - kill `cat "$pidfile"` - # check it is really dead - if kill -0 `cat "$pidfile"` >/dev/null 2>&1; then - sleep 1 - while kill -0 `cat "$pidfile"` >/dev/null 2>&1; do - kill `cat "$pidfile"` >/dev/null 2>&1 - echo "waiting for reporter to stop" - sleep 1 - done - fi - fi -} - -get_status_daemon() { - if test -s "$pidfile"; then - if kill -0 `cat "$pidfile"`; then - return 0; - fi - fi - return 1; -} - -restart_daemon() { - kill_daemon - start_daemon -} - -condrestart_daemon() { - if get_status_daemon; then - echo "reporter ("`cat "$pidfile"`") is running" - exit 0 - fi - start_daemon - exit 0 -} - -status_daemon() { - if get_status_daemon; then - echo "reporter ("`cat "$pidfile"`") is running" - exit 0 - fi - echo "reporter is not running" - exit 1 -} - -case "$1" in - rundaemon) - reporter_daemon - ;; - start) - start_daemon - ;; - stop) - kill_daemon - ;; - restart) - restart_daemon - ;; - condrestart) - condrestart_daemon - ;; - status) - status_daemon - ;; - *) - echo "Usage: $0 {start|stop|restart|condrestart|status}" - exit 2 - ;; -esac -exit $? diff --git a/external/unbound/contrib/warmup.cmd b/external/unbound/contrib/warmup.cmd deleted file mode 100644 index cbbdebc72..000000000 --- a/external/unbound/contrib/warmup.cmd +++ /dev/null @@ -1,153 +0,0 @@ -@echo off - -rem -------------------------------------------------------------- -rem -- Warm up DNS cache script by your own MRU domains or from -rem -- file when it specified as script argument. -rem -- -rem -- Version 1.1 -rem -- By Yuri Voinov (c) 2014 -rem -------------------------------------------------------------- - -rem DNS host address -set address="127.0.0.1" - -rem Check dig installed -for /f "delims=" %%a in ('where dig') do @set dig=%%a -if /I "%dig%"=="" echo Dig not found. If installed, add path to PATH environment variable. & exit 1 -echo Dig found: %dig% - -set arg=%1% - -if defined %arg% (goto builtin) else (goto from_file) - -:builtin -echo Warming up cache by MRU domains... -for %%a in ( -2gis.ru -admir.kz -adobe.com -agent.mail.ru -aimp.ru -akamai.com -akamai.net -almaty.tele2.kz -aol.com -apple.com -arin.com -artlebedev.ru -auto.mail.ru -beeline.kz -bing.com -blogspot.com -comodo.com -dnscrypt.org -drive.google.com -drive.mail.ru -facebook.com -farmanager.com -fb.com -firefox.com -forum.farmanager.com -gazeta.ru -getsharex.com -gismeteo.ru -google.com -google.kz -google.ru -googlevideo.com -goto.kz -iana.org -icq.com -imap.mail.ru -instagram.com -intel.com -irr.kz -java.com -kaspersky.com -kaspersky.ru -kcell.kz -krisha.kz -lady.mail.ru -lenta.ru -libreoffice.org -linkedin.com -livejournal.com -mail.google.com -mail.ru -microsoft.com -mozilla.org -mra.mail.ru -munin-monitoring.org -my.mail.ru -news.bbcimg.co.uk -news.mail.ru -newsimg.bbc.net.uk -nvidia.com -odnoklassniki.ru -ok.ru -opencsw.org -opendns.com -opendns.org -opennet.ru -opera.com -oracle.com -peerbet.ru -piriform.com -plugring.farmanager.com -privoxy.org -qip.ru -raidcall.com -rambler.ru -reddit.com -ru.wikipedia.org -shallalist.de -skype.com -snob.ru -squid-cache.org -squidclamav.darold.net -squidguard.org -ssl.comodo.com -ssl.verisign.com -symantec.com -symantecliveupdate.com -tele2.kz -tengrinews.kz -thunderbird.com -torproject.org -torstatus.blutmagie.de -translate.google.com -unbound.net -verisign.com -vk.com -vk.me -vk.ru -vkontakte.com -vkontakte.ru -vlc.org -watsapp.net -weather.mail.ru -windowsupdate.com -www.baidu.com -www.bbc.co.uk -www.internic.net -www.opennet.ru -www.topgear.com -ya.ru -yahoo.com -yandex.com -yandex.ru -youtube.com -ytimg.com -) do "%dig%" %%a @%address% 1>nul 2>nul -goto end - -:from_file -echo Warming up cache from %1% file... -%dig% -f %arg% @%address% 1>nul 2>nul - -:end -echo Saving cache... -if exist unbound_cache.cmd unbound_cache.cmd -s -echo Done. - -exit 0 diff --git a/external/unbound/contrib/warmup.sh b/external/unbound/contrib/warmup.sh deleted file mode 100644 index b4d9135a6..000000000 --- a/external/unbound/contrib/warmup.sh +++ /dev/null @@ -1,150 +0,0 @@ -#!/bin/sh - -# -------------------------------------------------------------- -# -- Warm up DNS cache script by your own MRU domains or from -# -- file when it specified as script argument. -# -- -# -- Version 1.1 -# -- By Yuri Voinov (c) 2014 -# -------------------------------------------------------------- - -# Default DNS host address -address="127.0.0.1" - -cat=`which cat` -dig=`which dig` - -if [ -z "$1" ]; then -echo "Warming up cache by MRU domains..." -$dig -f - @$address >/dev/null 2>&1 </dev/null 2>&1 -fi - -echo "Done." - -echo "Saving cache..." -script=`which unbound_cache.sh` -[ -f "$script" ] && $script -s -echo "Done." - -exit 0 diff --git a/external/unbound/daemon/acl_list.c b/external/unbound/daemon/acl_list.c deleted file mode 100644 index f7d71b9fd..000000000 --- a/external/unbound/daemon/acl_list.c +++ /dev/null @@ -1,487 +0,0 @@ -/* - * daemon/acl_list.h - client access control storage for the server. - * - * Copyright (c) 2007, NLnet Labs. All rights reserved. - * - * This software is open source. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * Redistributions of source code must retain the above copyright notice, - * this list of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, - * this list of conditions and the following disclaimer in the documentation - * and/or other materials provided with the distribution. - * - * Neither the name of the NLNET LABS nor the names of its contributors may - * be used to endorse or promote products derived from this software without - * specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR - * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT - * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED - * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR - * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF - * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING - * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -/** - * \file - * - * This file helps the server keep out queries from outside sources, that - * should not be answered. - */ -#include "config.h" -#include "daemon/acl_list.h" -#include "util/regional.h" -#include "util/log.h" -#include "util/config_file.h" -#include "util/net_help.h" -#include "services/localzone.h" -#include "sldns/str2wire.h" - -struct acl_list* -acl_list_create(void) -{ - struct acl_list* acl = (struct acl_list*)calloc(1, - sizeof(struct acl_list)); - if(!acl) - return NULL; - acl->region = regional_create(); - if(!acl->region) { - acl_list_delete(acl); - return NULL; - } - return acl; -} - -void -acl_list_delete(struct acl_list* acl) -{ - if(!acl) - return; - regional_destroy(acl->region); - free(acl); -} - -/** insert new address into acl_list structure */ -static struct acl_addr* -acl_list_insert(struct acl_list* acl, struct sockaddr_storage* addr, - socklen_t addrlen, int net, enum acl_access control, - int complain_duplicates) -{ - struct acl_addr* node = regional_alloc_zero(acl->region, - sizeof(struct acl_addr)); - if(!node) - return NULL; - node->control = control; - if(!addr_tree_insert(&acl->tree, &node->node, addr, addrlen, net)) { - if(complain_duplicates) - verbose(VERB_QUERY, "duplicate acl address ignored."); - } - return node; -} - -/** apply acl_list string */ -static int -acl_list_str_cfg(struct acl_list* acl, const char* str, const char* s2, - int complain_duplicates) -{ - struct sockaddr_storage addr; - int net; - socklen_t addrlen; - enum acl_access control; - if(strcmp(s2, "allow") == 0) - control = acl_allow; - else if(strcmp(s2, "deny") == 0) - control = acl_deny; - else if(strcmp(s2, "refuse") == 0) - control = acl_refuse; - else if(strcmp(s2, "deny_non_local") == 0) - control = acl_deny_non_local; - else if(strcmp(s2, "refuse_non_local") == 0) - control = acl_refuse_non_local; - else if(strcmp(s2, "allow_snoop") == 0) - control = acl_allow_snoop; - else { - log_err("access control type %s unknown", str); - return 0; - } - if(!netblockstrtoaddr(str, UNBOUND_DNS_PORT, &addr, &addrlen, &net)) { - log_err("cannot parse access control: %s %s", str, s2); - return 0; - } - if(!acl_list_insert(acl, &addr, addrlen, net, control, - complain_duplicates)) { - log_err("out of memory"); - return 0; - } - return 1; -} - -/** find or create node (NULL on parse or error) */ -static struct acl_addr* -acl_find_or_create(struct acl_list* acl, const char* str) -{ - struct acl_addr* node; - struct sockaddr_storage addr; - int net; - socklen_t addrlen; - if(!netblockstrtoaddr(str, UNBOUND_DNS_PORT, &addr, &addrlen, &net)) { - log_err("cannot parse netblock: %s", str); - return NULL; - } - /* find or create node */ - if(!(node=(struct acl_addr*)addr_tree_find(&acl->tree, &addr, - addrlen, net))) { - /* create node, type 'allow' since otherwise tags are - * pointless, can override with specific access-control: cfg */ - if(!(node=(struct acl_addr*)acl_list_insert(acl, &addr, - addrlen, net, acl_allow, 1))) { - log_err("out of memory"); - return NULL; - } - } - return node; -} - -/** apply acl_tag string */ -static int -acl_list_tags_cfg(struct acl_list* acl, const char* str, uint8_t* bitmap, - size_t bitmaplen) -{ - struct acl_addr* node; - if(!(node=acl_find_or_create(acl, str))) - return 0; - node->taglen = bitmaplen; - node->taglist = regional_alloc_init(acl->region, bitmap, bitmaplen); - if(!node->taglist) { - log_err("out of memory"); - return 0; - } - return 1; -} - -/** apply acl_view string */ -static int -acl_list_view_cfg(struct acl_list* acl, const char* str, const char* str2, - struct views* vs) -{ - struct acl_addr* node; - if(!(node=acl_find_or_create(acl, str))) - return 0; - node->view = views_find_view(vs, str2, 0 /* get read lock*/); - if(!node->view) { - log_err("no view with name: %s", str2); - return 0; - } - lock_rw_unlock(&node->view->lock); - return 1; -} - -/** apply acl_tag_action string */ -static int -acl_list_tag_action_cfg(struct acl_list* acl, struct config_file* cfg, - const char* str, const char* tag, const char* action) -{ - struct acl_addr* node; - int tagid; - enum localzone_type t; - if(!(node=acl_find_or_create(acl, str))) - return 0; - /* allocate array if not yet */ - if(!node->tag_actions) { - node->tag_actions = (uint8_t*)regional_alloc_zero(acl->region, - sizeof(*node->tag_actions)*cfg->num_tags); - if(!node->tag_actions) { - log_err("out of memory"); - return 0; - } - node->tag_actions_size = (size_t)cfg->num_tags; - } - /* parse tag */ - if((tagid=find_tag_id(cfg, tag)) == -1) { - log_err("cannot parse tag (define-tag it): %s %s", str, tag); - return 0; - } - if((size_t)tagid >= node->tag_actions_size) { - log_err("tagid too large for array %s %s", str, tag); - return 0; - } - if(!local_zone_str2type(action, &t)) { - log_err("cannot parse access control action type: %s %s %s", - str, tag, action); - return 0; - } - node->tag_actions[tagid] = (uint8_t)t; - return 1; -} - -/** check wire data parse */ -static int -check_data(const char* data, const struct config_strlist* head) -{ - char buf[65536]; - uint8_t rr[LDNS_RR_BUF_SIZE]; - size_t len = sizeof(rr); - int res; - /* '.' is sufficient for validation, and it makes the call to - * sldns_wirerr_get_type() simpler below. */ - snprintf(buf, sizeof(buf), "%s %s", ".", data); - res = sldns_str2wire_rr_buf(buf, rr, &len, NULL, 3600, NULL, 0, - NULL, 0); - - /* Reject it if we would end up having CNAME and other data (including - * another CNAME) for the same tag. */ - if(res == 0 && head) { - const char* err_data = NULL; - - if(sldns_wirerr_get_type(rr, len, 1) == LDNS_RR_TYPE_CNAME) { - /* adding CNAME while other data already exists. */ - err_data = data; - } else { - snprintf(buf, sizeof(buf), "%s %s", ".", head->str); - len = sizeof(rr); - res = sldns_str2wire_rr_buf(buf, rr, &len, NULL, 3600, - NULL, 0, NULL, 0); - if(res != 0) { - /* This should be impossible here as head->str - * has been validated, but we check it just in - * case. */ - return 0; - } - if(sldns_wirerr_get_type(rr, len, 1) == - LDNS_RR_TYPE_CNAME) /* already have CNAME */ - err_data = head->str; - } - if(err_data) { - log_err("redirect tag data '%s' must not coexist with " - "other data.", err_data); - return 0; - } - } - if(res == 0) - return 1; - log_err("rr data [char %d] parse error %s", - (int)LDNS_WIREPARSE_OFFSET(res)-13, - sldns_get_errorstr_parse(res)); - return 0; -} - -/** apply acl_tag_data string */ -static int -acl_list_tag_data_cfg(struct acl_list* acl, struct config_file* cfg, - const char* str, const char* tag, const char* data) -{ - struct acl_addr* node; - int tagid; - char* dupdata; - if(!(node=acl_find_or_create(acl, str))) - return 0; - /* allocate array if not yet */ - if(!node->tag_datas) { - node->tag_datas = (struct config_strlist**)regional_alloc_zero( - acl->region, sizeof(*node->tag_datas)*cfg->num_tags); - if(!node->tag_datas) { - log_err("out of memory"); - return 0; - } - node->tag_datas_size = (size_t)cfg->num_tags; - } - /* parse tag */ - if((tagid=find_tag_id(cfg, tag)) == -1) { - log_err("cannot parse tag (define-tag it): %s %s", str, tag); - return 0; - } - if((size_t)tagid >= node->tag_datas_size) { - log_err("tagid too large for array %s %s", str, tag); - return 0; - } - - /* check data? */ - if(!check_data(data, node->tag_datas[tagid])) { - log_err("cannot parse access-control-tag data: %s %s '%s'", - str, tag, data); - return 0; - } - - dupdata = regional_strdup(acl->region, data); - if(!dupdata) { - log_err("out of memory"); - return 0; - } - if(!cfg_region_strlist_insert(acl->region, - &(node->tag_datas[tagid]), dupdata)) { - log_err("out of memory"); - return 0; - } - return 1; -} - -/** read acl_list config */ -static int -read_acl_list(struct acl_list* acl, struct config_file* cfg) -{ - struct config_str2list* p; - for(p = cfg->acls; p; p = p->next) { - log_assert(p->str && p->str2); - if(!acl_list_str_cfg(acl, p->str, p->str2, 1)) - return 0; - } - return 1; -} - -/** read acl tags config */ -static int -read_acl_tags(struct acl_list* acl, struct config_file* cfg) -{ - struct config_strbytelist* np, *p = cfg->acl_tags; - cfg->acl_tags = NULL; - while(p) { - log_assert(p->str && p->str2); - if(!acl_list_tags_cfg(acl, p->str, p->str2, p->str2len)) { - config_del_strbytelist(p); - return 0; - } - /* free the items as we go to free up memory */ - np = p->next; - free(p->str); - free(p->str2); - free(p); - p = np; - } - return 1; -} - -/** read acl view config */ -static int -read_acl_view(struct acl_list* acl, struct config_file* cfg, struct views* v) -{ - struct config_str2list* np, *p = cfg->acl_view; - cfg->acl_view = NULL; - while(p) { - log_assert(p->str && p->str2); - if(!acl_list_view_cfg(acl, p->str, p->str2, v)) { - return 0; - } - /* free the items as we go to free up memory */ - np = p->next; - free(p->str); - free(p->str2); - free(p); - p = np; - } - return 1; -} - -/** read acl tag actions config */ -static int -read_acl_tag_actions(struct acl_list* acl, struct config_file* cfg) -{ - struct config_str3list* p, *np; - p = cfg->acl_tag_actions; - cfg->acl_tag_actions = NULL; - while(p) { - log_assert(p->str && p->str2 && p->str3); - if(!acl_list_tag_action_cfg(acl, cfg, p->str, p->str2, - p->str3)) { - config_deltrplstrlist(p); - return 0; - } - /* free the items as we go to free up memory */ - np = p->next; - free(p->str); - free(p->str2); - free(p->str3); - free(p); - p = np; - } - return 1; -} - -/** read acl tag datas config */ -static int -read_acl_tag_datas(struct acl_list* acl, struct config_file* cfg) -{ - struct config_str3list* p, *np; - p = cfg->acl_tag_datas; - cfg->acl_tag_datas = NULL; - while(p) { - log_assert(p->str && p->str2 && p->str3); - if(!acl_list_tag_data_cfg(acl, cfg, p->str, p->str2, p->str3)) { - config_deltrplstrlist(p); - return 0; - } - /* free the items as we go to free up memory */ - np = p->next; - free(p->str); - free(p->str2); - free(p->str3); - free(p); - p = np; - } - return 1; -} - -int -acl_list_apply_cfg(struct acl_list* acl, struct config_file* cfg, - struct views* v) -{ - regional_free_all(acl->region); - addr_tree_init(&acl->tree); - if(!read_acl_list(acl, cfg)) - return 0; - if(!read_acl_view(acl, cfg, v)) - return 0; - if(!read_acl_tags(acl, cfg)) - return 0; - if(!read_acl_tag_actions(acl, cfg)) - return 0; - if(!read_acl_tag_datas(acl, cfg)) - return 0; - /* insert defaults, with '0' to ignore them if they are duplicates */ - if(!acl_list_str_cfg(acl, "0.0.0.0/0", "refuse", 0)) - return 0; - if(!acl_list_str_cfg(acl, "127.0.0.0/8", "allow", 0)) - return 0; - if(cfg->do_ip6) { - if(!acl_list_str_cfg(acl, "::0/0", "refuse", 0)) - return 0; - if(!acl_list_str_cfg(acl, "::1", "allow", 0)) - return 0; - if(!acl_list_str_cfg(acl, "::ffff:127.0.0.1", "allow", 0)) - return 0; - } - addr_tree_init_parents(&acl->tree); - return 1; -} - -enum acl_access -acl_get_control(struct acl_addr* acl) -{ - if(acl) return acl->control; - return acl_deny; -} - -struct acl_addr* -acl_addr_lookup(struct acl_list* acl, struct sockaddr_storage* addr, - socklen_t addrlen) -{ - return (struct acl_addr*)addr_tree_lookup(&acl->tree, - addr, addrlen); -} - -size_t -acl_list_get_mem(struct acl_list* acl) -{ - if(!acl) return 0; - return sizeof(*acl) + regional_get_mem(acl->region); -} diff --git a/external/unbound/daemon/acl_list.h b/external/unbound/daemon/acl_list.h deleted file mode 100644 index d0d42bfae..000000000 --- a/external/unbound/daemon/acl_list.h +++ /dev/null @@ -1,155 +0,0 @@ -/* - * daemon/acl_list.h - client access control storage for the server. - * - * Copyright (c) 2007, NLnet Labs. All rights reserved. - * - * This software is open source. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * Redistributions of source code must retain the above copyright notice, - * this list of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, - * this list of conditions and the following disclaimer in the documentation - * and/or other materials provided with the distribution. - * - * Neither the name of the NLNET LABS nor the names of its contributors may - * be used to endorse or promote products derived from this software without - * specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR - * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT - * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED - * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR - * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF - * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING - * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -/** - * \file - * - * This file keeps track of the list of clients that are allowed to - * access the server. - */ - -#ifndef DAEMON_ACL_LIST_H -#define DAEMON_ACL_LIST_H -#include "util/storage/dnstree.h" -#include "services/view.h" -struct config_file; -struct regional; - -/** - * Enumeration of access control options for an address range. - * Allow or deny access. - */ -enum acl_access { - /** disallow any access whatsoever, drop it */ - acl_deny = 0, - /** disallow access, send a polite 'REFUSED' reply */ - acl_refuse, - /** disallow any access to zones that aren't local, drop it */ - acl_deny_non_local, - /** disallow access to zones that aren't local, 'REFUSED' reply */ - acl_refuse_non_local, - /** allow full access for recursion (+RD) queries */ - acl_allow, - /** allow full access for all queries, recursion and cache snooping */ - acl_allow_snoop -}; - -/** - * Access control storage structure - */ -struct acl_list { - /** regional for allocation */ - struct regional* region; - /** - * Tree of the addresses that are allowed/blocked. - * contents of type acl_addr. - */ - rbtree_type tree; -}; - -/** - * - * An address span with access control information - */ -struct acl_addr { - /** node in address tree */ - struct addr_tree_node node; - /** access control on this netblock */ - enum acl_access control; - /** tag bitlist */ - uint8_t* taglist; - /** length of the taglist (in bytes) */ - size_t taglen; - /** array per tagnumber of localzonetype(in one byte). NULL if none. */ - uint8_t* tag_actions; - /** size of the tag_actions_array */ - size_t tag_actions_size; - /** array per tagnumber, with per tag a list of rdata strings. - * NULL if none. strings are like 'A 127.0.0.1' 'AAAA ::1' */ - struct config_strlist** tag_datas; - /** size of the tag_datas array */ - size_t tag_datas_size; - /* view element, NULL if none */ - struct view* view; -}; - -/** - * Create acl structure - * @return new structure or NULL on error. - */ -struct acl_list* acl_list_create(void); - -/** - * Delete acl structure. - * @param acl: to delete. - */ -void acl_list_delete(struct acl_list* acl); - -/** - * Process access control config. - * @param acl: where to store. - * @param cfg: config options. - * @param v: views structure - * @return 0 on error. - */ -int acl_list_apply_cfg(struct acl_list* acl, struct config_file* cfg, - struct views* v); - -/** - * Lookup access control status for acl structure. - * @param acl: structure for acl storage. - * @return: what to do with message from this address. - */ -enum acl_access acl_get_control(struct acl_addr* acl); - -/** - * Lookup address to see its acl structure - * @param acl: structure for address storage. - * @param addr: address to check - * @param addrlen: length of addr. - * @return: acl structure from this address. - */ -struct acl_addr* -acl_addr_lookup(struct acl_list* acl, struct sockaddr_storage* addr, - socklen_t addrlen); - -/** - * Get memory used by acl structure. - * @param acl: structure for address storage. - * @return bytes in use. - */ -size_t acl_list_get_mem(struct acl_list* acl); - -#endif /* DAEMON_ACL_LIST_H */ diff --git a/external/unbound/daemon/cachedump.c b/external/unbound/daemon/cachedump.c deleted file mode 100644 index 8992e6cb8..000000000 --- a/external/unbound/daemon/cachedump.c +++ /dev/null @@ -1,898 +0,0 @@ -/* - * daemon/cachedump.c - dump the cache to text format. - * - * Copyright (c) 2008, NLnet Labs. All rights reserved. - * - * This software is open source. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * Redistributions of source code must retain the above copyright notice, - * this list of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, - * this list of conditions and the following disclaimer in the documentation - * and/or other materials provided with the distribution. - * - * Neither the name of the NLNET LABS nor the names of its contributors may - * be used to endorse or promote products derived from this software without - * specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR - * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT - * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED - * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR - * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF - * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING - * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -/** - * \file - * - * This file contains functions to read and write the cache(s) - * to text format. - */ -#include "config.h" -#include -#include "daemon/cachedump.h" -#include "daemon/remote.h" -#include "daemon/worker.h" -#include "services/cache/rrset.h" -#include "services/cache/dns.h" -#include "services/cache/infra.h" -#include "util/data/msgreply.h" -#include "util/regional.h" -#include "util/net_help.h" -#include "util/data/dname.h" -#include "iterator/iterator.h" -#include "iterator/iter_delegpt.h" -#include "iterator/iter_utils.h" -#include "iterator/iter_fwd.h" -#include "iterator/iter_hints.h" -#include "sldns/sbuffer.h" -#include "sldns/wire2str.h" -#include "sldns/str2wire.h" - -/** dump one rrset zonefile line */ -static int -dump_rrset_line(SSL* ssl, struct ub_packed_rrset_key* k, time_t now, size_t i) -{ - char s[65535]; - if(!packed_rr_to_string(k, i, now, s, sizeof(s))) { - return ssl_printf(ssl, "BADRR\n"); - } - return ssl_printf(ssl, "%s", s); -} - -/** dump rrset key and data info */ -static int -dump_rrset(SSL* ssl, struct ub_packed_rrset_key* k, - struct packed_rrset_data* d, time_t now) -{ - size_t i; - /* rd lock held by caller */ - if(!k || !d) return 1; - if(d->ttl < now) return 1; /* expired */ - - /* meta line */ - if(!ssl_printf(ssl, ";rrset%s " ARG_LL "d %u %u %d %d\n", - (k->rk.flags & PACKED_RRSET_NSEC_AT_APEX)?" nsec_apex":"", - (long long)(d->ttl - now), - (unsigned)d->count, (unsigned)d->rrsig_count, - (int)d->trust, (int)d->security - )) - return 0; - for(i=0; icount + d->rrsig_count; i++) { - if(!dump_rrset_line(ssl, k, now, i)) - return 0; - } - return 1; -} - -/** dump lruhash rrset cache */ -static int -dump_rrset_lruhash(SSL* ssl, struct lruhash* h, time_t now) -{ - struct lruhash_entry* e; - /* lruhash already locked by caller */ - /* walk in order of lru; best first */ - for(e=h->lru_start; e; e = e->lru_next) { - lock_rw_rdlock(&e->lock); - if(!dump_rrset(ssl, (struct ub_packed_rrset_key*)e->key, - (struct packed_rrset_data*)e->data, now)) { - lock_rw_unlock(&e->lock); - return 0; - } - lock_rw_unlock(&e->lock); - } - return 1; -} - -/** dump rrset cache */ -static int -dump_rrset_cache(SSL* ssl, struct worker* worker) -{ - struct rrset_cache* r = worker->env.rrset_cache; - size_t slab; - if(!ssl_printf(ssl, "START_RRSET_CACHE\n")) return 0; - for(slab=0; slabtable.size; slab++) { - lock_quick_lock(&r->table.array[slab]->lock); - if(!dump_rrset_lruhash(ssl, r->table.array[slab], - *worker->env.now)) { - lock_quick_unlock(&r->table.array[slab]->lock); - return 0; - } - lock_quick_unlock(&r->table.array[slab]->lock); - } - return ssl_printf(ssl, "END_RRSET_CACHE\n"); -} - -/** dump message to rrset reference */ -static int -dump_msg_ref(SSL* ssl, struct ub_packed_rrset_key* k) -{ - char* nm, *tp, *cl; - nm = sldns_wire2str_dname(k->rk.dname, k->rk.dname_len); - tp = sldns_wire2str_type(ntohs(k->rk.type)); - cl = sldns_wire2str_class(ntohs(k->rk.rrset_class)); - if(!nm || !cl || !tp) { - free(nm); - free(tp); - free(cl); - return ssl_printf(ssl, "BADREF\n"); - } - if(!ssl_printf(ssl, "%s %s %s %d\n", nm, cl, tp, (int)k->rk.flags)) { - free(nm); - free(tp); - free(cl); - return 0; - } - free(nm); - free(tp); - free(cl); - - return 1; -} - -/** dump message entry */ -static int -dump_msg(SSL* ssl, struct query_info* k, struct reply_info* d, - time_t now) -{ - size_t i; - char* nm, *tp, *cl; - if(!k || !d) return 1; - if(d->ttl < now) return 1; /* expired */ - - nm = sldns_wire2str_dname(k->qname, k->qname_len); - tp = sldns_wire2str_type(k->qtype); - cl = sldns_wire2str_class(k->qclass); - if(!nm || !tp || !cl) { - free(nm); - free(tp); - free(cl); - return 1; /* skip this entry */ - } - if(!rrset_array_lock(d->ref, d->rrset_count, now)) { - /* rrsets have timed out or do not exist */ - free(nm); - free(tp); - free(cl); - return 1; /* skip this entry */ - } - - /* meta line */ - if(!ssl_printf(ssl, "msg %s %s %s %d %d " ARG_LL "d %d %u %u %u\n", - nm, cl, tp, - (int)d->flags, (int)d->qdcount, - (long long)(d->ttl-now), (int)d->security, - (unsigned)d->an_numrrsets, - (unsigned)d->ns_numrrsets, - (unsigned)d->ar_numrrsets)) { - free(nm); - free(tp); - free(cl); - rrset_array_unlock(d->ref, d->rrset_count); - return 0; - } - free(nm); - free(tp); - free(cl); - - for(i=0; irrset_count; i++) { - if(!dump_msg_ref(ssl, d->rrsets[i])) { - rrset_array_unlock(d->ref, d->rrset_count); - return 0; - } - } - rrset_array_unlock(d->ref, d->rrset_count); - - return 1; -} - -/** copy msg to worker pad */ -static int -copy_msg(struct regional* region, struct lruhash_entry* e, - struct query_info** k, struct reply_info** d) -{ - struct reply_info* rep = (struct reply_info*)e->data; - if(rep->rrset_count > RR_COUNT_MAX) - return 0; /* to protect against integer overflow */ - *d = (struct reply_info*)regional_alloc_init(region, e->data, - sizeof(struct reply_info) + - sizeof(struct rrset_ref) * (rep->rrset_count-1) + - sizeof(struct ub_packed_rrset_key*) * rep->rrset_count); - if(!*d) - return 0; - (*d)->rrsets = (struct ub_packed_rrset_key**)(void *)( - (uint8_t*)(&((*d)->ref[0])) + - sizeof(struct rrset_ref) * rep->rrset_count); - *k = (struct query_info*)regional_alloc_init(region, - e->key, sizeof(struct query_info)); - if(!*k) - return 0; - (*k)->qname = regional_alloc_init(region, - (*k)->qname, (*k)->qname_len); - return (*k)->qname != NULL; -} - -/** dump lruhash msg cache */ -static int -dump_msg_lruhash(SSL* ssl, struct worker* worker, struct lruhash* h) -{ - struct lruhash_entry* e; - struct query_info* k; - struct reply_info* d; - - /* lruhash already locked by caller */ - /* walk in order of lru; best first */ - for(e=h->lru_start; e; e = e->lru_next) { - regional_free_all(worker->scratchpad); - lock_rw_rdlock(&e->lock); - /* make copy of rrset in worker buffer */ - if(!copy_msg(worker->scratchpad, e, &k, &d)) { - lock_rw_unlock(&e->lock); - return 0; - } - lock_rw_unlock(&e->lock); - /* release lock so we can lookup the rrset references - * in the rrset cache */ - if(!dump_msg(ssl, k, d, *worker->env.now)) { - return 0; - } - } - return 1; -} - -/** dump msg cache */ -static int -dump_msg_cache(SSL* ssl, struct worker* worker) -{ - struct slabhash* sh = worker->env.msg_cache; - size_t slab; - if(!ssl_printf(ssl, "START_MSG_CACHE\n")) return 0; - for(slab=0; slabsize; slab++) { - lock_quick_lock(&sh->array[slab]->lock); - if(!dump_msg_lruhash(ssl, worker, sh->array[slab])) { - lock_quick_unlock(&sh->array[slab]->lock); - return 0; - } - lock_quick_unlock(&sh->array[slab]->lock); - } - return ssl_printf(ssl, "END_MSG_CACHE\n"); -} - -int -dump_cache(SSL* ssl, struct worker* worker) -{ - if(!dump_rrset_cache(ssl, worker)) - return 0; - if(!dump_msg_cache(ssl, worker)) - return 0; - return ssl_printf(ssl, "EOF\n"); -} - -/** read a line from ssl into buffer */ -static int -ssl_read_buf(SSL* ssl, sldns_buffer* buf) -{ - return ssl_read_line(ssl, (char*)sldns_buffer_begin(buf), - sldns_buffer_capacity(buf)); -} - -/** check fixed text on line */ -static int -read_fixed(SSL* ssl, sldns_buffer* buf, const char* str) -{ - if(!ssl_read_buf(ssl, buf)) return 0; - return (strcmp((char*)sldns_buffer_begin(buf), str) == 0); -} - -/** load an RR into rrset */ -static int -load_rr(SSL* ssl, sldns_buffer* buf, struct regional* region, - struct ub_packed_rrset_key* rk, struct packed_rrset_data* d, - unsigned int i, int is_rrsig, int* go_on, time_t now) -{ - uint8_t rr[LDNS_RR_BUF_SIZE]; - size_t rr_len = sizeof(rr), dname_len = 0; - int status; - - /* read the line */ - if(!ssl_read_buf(ssl, buf)) - return 0; - if(strncmp((char*)sldns_buffer_begin(buf), "BADRR\n", 6) == 0) { - *go_on = 0; - return 1; - } - status = sldns_str2wire_rr_buf((char*)sldns_buffer_begin(buf), rr, - &rr_len, &dname_len, 3600, NULL, 0, NULL, 0); - if(status != 0) { - log_warn("error cannot parse rr: %s: %s", - sldns_get_errorstr_parse(status), - (char*)sldns_buffer_begin(buf)); - return 0; - } - if(is_rrsig && sldns_wirerr_get_type(rr, rr_len, dname_len) - != LDNS_RR_TYPE_RRSIG) { - log_warn("error expected rrsig but got %s", - (char*)sldns_buffer_begin(buf)); - return 0; - } - - /* convert ldns rr into packed_rr */ - d->rr_ttl[i] = (time_t)sldns_wirerr_get_ttl(rr, rr_len, dname_len) + now; - sldns_buffer_clear(buf); - d->rr_len[i] = sldns_wirerr_get_rdatalen(rr, rr_len, dname_len)+2; - d->rr_data[i] = (uint8_t*)regional_alloc_init(region, - sldns_wirerr_get_rdatawl(rr, rr_len, dname_len), d->rr_len[i]); - if(!d->rr_data[i]) { - log_warn("error out of memory"); - return 0; - } - - /* if first entry, fill the key structure */ - if(i==0) { - rk->rk.type = htons(sldns_wirerr_get_type(rr, rr_len, dname_len)); - rk->rk.rrset_class = htons(sldns_wirerr_get_class(rr, rr_len, dname_len)); - rk->rk.dname_len = dname_len; - rk->rk.dname = regional_alloc_init(region, rr, dname_len); - if(!rk->rk.dname) { - log_warn("error out of memory"); - return 0; - } - } - - return 1; -} - -/** move entry into cache */ -static int -move_into_cache(struct ub_packed_rrset_key* k, - struct packed_rrset_data* d, struct worker* worker) -{ - struct ub_packed_rrset_key* ak; - struct packed_rrset_data* ad; - size_t s, i, num = d->count + d->rrsig_count; - struct rrset_ref ref; - uint8_t* p; - - ak = alloc_special_obtain(&worker->alloc); - if(!ak) { - log_warn("error out of memory"); - return 0; - } - ak->entry.data = NULL; - ak->rk = k->rk; - ak->entry.hash = rrset_key_hash(&k->rk); - ak->rk.dname = (uint8_t*)memdup(k->rk.dname, k->rk.dname_len); - if(!ak->rk.dname) { - log_warn("error out of memory"); - ub_packed_rrset_parsedelete(ak, &worker->alloc); - return 0; - } - s = sizeof(*ad) + (sizeof(size_t) + sizeof(uint8_t*) + - sizeof(time_t))* num; - for(i=0; irr_len[i]; - ad = (struct packed_rrset_data*)malloc(s); - if(!ad) { - log_warn("error out of memory"); - ub_packed_rrset_parsedelete(ak, &worker->alloc); - return 0; - } - p = (uint8_t*)ad; - memmove(p, d, sizeof(*ad)); - p += sizeof(*ad); - memmove(p, &d->rr_len[0], sizeof(size_t)*num); - p += sizeof(size_t)*num; - memmove(p, &d->rr_data[0], sizeof(uint8_t*)*num); - p += sizeof(uint8_t*)*num; - memmove(p, &d->rr_ttl[0], sizeof(time_t)*num); - p += sizeof(time_t)*num; - for(i=0; irr_data[i], d->rr_len[i]); - p += d->rr_len[i]; - } - packed_rrset_ptr_fixup(ad); - - ak->entry.data = ad; - - ref.key = ak; - ref.id = ak->id; - (void)rrset_cache_update(worker->env.rrset_cache, &ref, - &worker->alloc, *worker->env.now); - return 1; -} - -/** load an rrset entry */ -static int -load_rrset(SSL* ssl, sldns_buffer* buf, struct worker* worker) -{ - char* s = (char*)sldns_buffer_begin(buf); - struct regional* region = worker->scratchpad; - struct ub_packed_rrset_key* rk; - struct packed_rrset_data* d; - unsigned int rr_count, rrsig_count, trust, security; - long long ttl; - unsigned int i; - int go_on = 1; - regional_free_all(region); - - rk = (struct ub_packed_rrset_key*)regional_alloc_zero(region, - sizeof(*rk)); - d = (struct packed_rrset_data*)regional_alloc_zero(region, sizeof(*d)); - if(!rk || !d) { - log_warn("error out of memory"); - return 0; - } - - if(strncmp(s, ";rrset", 6) != 0) { - log_warn("error expected ';rrset' but got %s", s); - return 0; - } - s += 6; - if(strncmp(s, " nsec_apex", 10) == 0) { - s += 10; - rk->rk.flags |= PACKED_RRSET_NSEC_AT_APEX; - } - if(sscanf(s, " " ARG_LL "d %u %u %u %u", &ttl, &rr_count, &rrsig_count, - &trust, &security) != 5) { - log_warn("error bad rrset spec %s", s); - return 0; - } - if(rr_count == 0 && rrsig_count == 0) { - log_warn("bad rrset without contents"); - return 0; - } - if(rr_count > RR_COUNT_MAX || rrsig_count > RR_COUNT_MAX) { - log_warn("bad rrset with too many rrs"); - return 0; - } - d->count = (size_t)rr_count; - d->rrsig_count = (size_t)rrsig_count; - d->security = (enum sec_status)security; - d->trust = (enum rrset_trust)trust; - d->ttl = (time_t)ttl + *worker->env.now; - - d->rr_len = regional_alloc_zero(region, - sizeof(size_t)*(d->count+d->rrsig_count)); - d->rr_ttl = regional_alloc_zero(region, - sizeof(time_t)*(d->count+d->rrsig_count)); - d->rr_data = regional_alloc_zero(region, - sizeof(uint8_t*)*(d->count+d->rrsig_count)); - if(!d->rr_len || !d->rr_ttl || !d->rr_data) { - log_warn("error out of memory"); - return 0; - } - - /* read the rr's themselves */ - for(i=0; ienv.now)) { - log_warn("could not read rr %u", i); - return 0; - } - } - for(i=0; ienv.now)) { - log_warn("could not read rrsig %u", i); - return 0; - } - } - if(!go_on) { - /* skip this entry */ - return 1; - } - - return move_into_cache(rk, d, worker); -} - -/** load rrset cache */ -static int -load_rrset_cache(SSL* ssl, struct worker* worker) -{ - sldns_buffer* buf = worker->env.scratch_buffer; - if(!read_fixed(ssl, buf, "START_RRSET_CACHE")) return 0; - while(ssl_read_buf(ssl, buf) && - strcmp((char*)sldns_buffer_begin(buf), "END_RRSET_CACHE")!=0) { - if(!load_rrset(ssl, buf, worker)) - return 0; - } - return 1; -} - -/** read qinfo from next three words */ -static char* -load_qinfo(char* str, struct query_info* qinfo, struct regional* region) -{ - /* s is part of the buf */ - char* s = str; - uint8_t rr[LDNS_RR_BUF_SIZE]; - size_t rr_len = sizeof(rr), dname_len = 0; - int status; - - /* skip three words */ - s = strchr(str, ' '); - if(s) s = strchr(s+1, ' '); - if(s) s = strchr(s+1, ' '); - if(!s) { - log_warn("error line too short, %s", str); - return NULL; - } - s[0] = 0; - s++; - - /* parse them */ - status = sldns_str2wire_rr_question_buf(str, rr, &rr_len, &dname_len, - NULL, 0, NULL, 0); - if(status != 0) { - log_warn("error cannot parse: %s %s", - sldns_get_errorstr_parse(status), str); - return NULL; - } - qinfo->qtype = sldns_wirerr_get_type(rr, rr_len, dname_len); - qinfo->qclass = sldns_wirerr_get_class(rr, rr_len, dname_len); - qinfo->qname_len = dname_len; - qinfo->qname = (uint8_t*)regional_alloc_init(region, rr, dname_len); - qinfo->local_alias = NULL; - if(!qinfo->qname) { - log_warn("error out of memory"); - return NULL; - } - - return s; -} - -/** load a msg rrset reference */ -static int -load_ref(SSL* ssl, sldns_buffer* buf, struct worker* worker, - struct regional *region, struct ub_packed_rrset_key** rrset, - int* go_on) -{ - char* s = (char*)sldns_buffer_begin(buf); - struct query_info qinfo; - unsigned int flags; - struct ub_packed_rrset_key* k; - - /* read line */ - if(!ssl_read_buf(ssl, buf)) - return 0; - if(strncmp(s, "BADREF", 6) == 0) { - *go_on = 0; /* its bad, skip it and skip message */ - return 1; - } - - s = load_qinfo(s, &qinfo, region); - if(!s) { - return 0; - } - if(sscanf(s, " %u", &flags) != 1) { - log_warn("error cannot parse flags: %s", s); - return 0; - } - - /* lookup in cache */ - k = rrset_cache_lookup(worker->env.rrset_cache, qinfo.qname, - qinfo.qname_len, qinfo.qtype, qinfo.qclass, - (uint32_t)flags, *worker->env.now, 0); - if(!k) { - /* not found or expired */ - *go_on = 0; - return 1; - } - - /* store in result */ - *rrset = packed_rrset_copy_region(k, region, *worker->env.now); - lock_rw_unlock(&k->entry.lock); - - return (*rrset != NULL); -} - -/** load a msg entry */ -static int -load_msg(SSL* ssl, sldns_buffer* buf, struct worker* worker) -{ - struct regional* region = worker->scratchpad; - struct query_info qinf; - struct reply_info rep; - char* s = (char*)sldns_buffer_begin(buf); - unsigned int flags, qdcount, security, an, ns, ar; - long long ttl; - size_t i; - int go_on = 1; - - regional_free_all(region); - - if(strncmp(s, "msg ", 4) != 0) { - log_warn("error expected msg but got %s", s); - return 0; - } - s += 4; - s = load_qinfo(s, &qinf, region); - if(!s) { - return 0; - } - - /* read remainder of line */ - if(sscanf(s, " %u %u " ARG_LL "d %u %u %u %u", &flags, &qdcount, &ttl, - &security, &an, &ns, &ar) != 7) { - log_warn("error cannot parse numbers: %s", s); - return 0; - } - rep.flags = (uint16_t)flags; - rep.qdcount = (uint16_t)qdcount; - rep.ttl = (time_t)ttl; - rep.prefetch_ttl = PREFETCH_TTL_CALC(rep.ttl); - rep.security = (enum sec_status)security; - if(an > RR_COUNT_MAX || ns > RR_COUNT_MAX || ar > RR_COUNT_MAX) { - log_warn("error too many rrsets"); - return 0; /* protect against integer overflow in alloc */ - } - rep.an_numrrsets = (size_t)an; - rep.ns_numrrsets = (size_t)ns; - rep.ar_numrrsets = (size_t)ar; - rep.rrset_count = (size_t)an+(size_t)ns+(size_t)ar; - rep.rrsets = (struct ub_packed_rrset_key**)regional_alloc_zero( - region, sizeof(struct ub_packed_rrset_key*)*rep.rrset_count); - - /* fill repinfo with references */ - for(i=0; ienv, &qinf, &rep, 0, 0, 0, NULL, flags)) { - log_warn("error out of memory"); - return 0; - } - return 1; -} - -/** load msg cache */ -static int -load_msg_cache(SSL* ssl, struct worker* worker) -{ - sldns_buffer* buf = worker->env.scratch_buffer; - if(!read_fixed(ssl, buf, "START_MSG_CACHE")) return 0; - while(ssl_read_buf(ssl, buf) && - strcmp((char*)sldns_buffer_begin(buf), "END_MSG_CACHE")!=0) { - if(!load_msg(ssl, buf, worker)) - return 0; - } - return 1; -} - -int -load_cache(SSL* ssl, struct worker* worker) -{ - if(!load_rrset_cache(ssl, worker)) - return 0; - if(!load_msg_cache(ssl, worker)) - return 0; - return read_fixed(ssl, worker->env.scratch_buffer, "EOF"); -} - -/** print details on a delegation point */ -static void -print_dp_details(SSL* ssl, struct worker* worker, struct delegpt* dp) -{ - char buf[257]; - struct delegpt_addr* a; - int lame, dlame, rlame, rto, edns_vs, to, delay, - tA = 0, tAAAA = 0, tother = 0; - long long entry_ttl; - struct rtt_info ri; - uint8_t edns_lame_known; - for(a = dp->target_list; a; a = a->next_target) { - addr_to_str(&a->addr, a->addrlen, buf, sizeof(buf)); - if(!ssl_printf(ssl, "%-16s\t", buf)) - return; - if(a->bogus) { - if(!ssl_printf(ssl, "Address is BOGUS. ")) - return; - } - /* lookup in infra cache */ - delay=0; - entry_ttl = infra_get_host_rto(worker->env.infra_cache, - &a->addr, a->addrlen, dp->name, dp->namelen, - &ri, &delay, *worker->env.now, &tA, &tAAAA, &tother); - if(entry_ttl == -2 && ri.rto >= USEFUL_SERVER_TOP_TIMEOUT) { - if(!ssl_printf(ssl, "expired, rto %d msec, tA %d " - "tAAAA %d tother %d.\n", ri.rto, tA, tAAAA, - tother)) - return; - continue; - } - if(entry_ttl == -1 || entry_ttl == -2) { - if(!ssl_printf(ssl, "not in infra cache.\n")) - return; - continue; /* skip stuff not in infra cache */ - } - - /* uses type_A because most often looked up, but other - * lameness won't be reported then */ - if(!infra_get_lame_rtt(worker->env.infra_cache, - &a->addr, a->addrlen, dp->name, dp->namelen, - LDNS_RR_TYPE_A, &lame, &dlame, &rlame, &rto, - *worker->env.now)) { - if(!ssl_printf(ssl, "not in infra cache.\n")) - return; - continue; /* skip stuff not in infra cache */ - } - if(!ssl_printf(ssl, "%s%s%s%srto %d msec, ttl " ARG_LL "d, " - "ping %d var %d rtt %d, tA %d, tAAAA %d, tother %d", - lame?"LAME ":"", dlame?"NoDNSSEC ":"", - a->lame?"AddrWasParentSide ":"", - rlame?"NoAuthButRecursive ":"", rto, entry_ttl, - ri.srtt, ri.rttvar, rtt_notimeout(&ri), - tA, tAAAA, tother)) - return; - if(delay) - if(!ssl_printf(ssl, ", probedelay %d", delay)) - return; - if(infra_host(worker->env.infra_cache, &a->addr, a->addrlen, - dp->name, dp->namelen, *worker->env.now, &edns_vs, - &edns_lame_known, &to)) { - if(edns_vs == -1) { - if(!ssl_printf(ssl, ", noEDNS%s.", - edns_lame_known?" probed":" assumed")) - return; - } else { - if(!ssl_printf(ssl, ", EDNS %d%s.", edns_vs, - edns_lame_known?" probed":" assumed")) - return; - } - } - if(!ssl_printf(ssl, "\n")) - return; - } -} - -/** print main dp info */ -static void -print_dp_main(SSL* ssl, struct delegpt* dp, struct dns_msg* msg) -{ - size_t i, n_ns, n_miss, n_addr, n_res, n_avail; - - /* print the dp */ - if(msg) - for(i=0; irep->rrset_count; i++) { - struct ub_packed_rrset_key* k = msg->rep->rrsets[i]; - struct packed_rrset_data* d = - (struct packed_rrset_data*)k->entry.data; - if(d->security == sec_status_bogus) { - if(!ssl_printf(ssl, "Address is BOGUS:\n")) - return; - } - if(!dump_rrset(ssl, k, d, 0)) - return; - } - delegpt_count_ns(dp, &n_ns, &n_miss); - delegpt_count_addr(dp, &n_addr, &n_res, &n_avail); - /* since dp has not been used by iterator, all are available*/ - if(!ssl_printf(ssl, "Delegation with %d names, of which %d " - "can be examined to query further addresses.\n" - "%sIt provides %d IP addresses.\n", - (int)n_ns, (int)n_miss, (dp->bogus?"It is BOGUS. ":""), - (int)n_addr)) - return; -} - -int print_deleg_lookup(SSL* ssl, struct worker* worker, uint8_t* nm, - size_t nmlen, int ATTR_UNUSED(nmlabs)) -{ - /* deep links into the iterator module */ - struct delegpt* dp; - struct dns_msg* msg; - struct regional* region = worker->scratchpad; - char b[260]; - struct query_info qinfo; - struct iter_hints_stub* stub; - regional_free_all(region); - qinfo.qname = nm; - qinfo.qname_len = nmlen; - qinfo.qtype = LDNS_RR_TYPE_A; - qinfo.qclass = LDNS_RR_CLASS_IN; - qinfo.local_alias = NULL; - - dname_str(nm, b); - if(!ssl_printf(ssl, "The following name servers are used for lookup " - "of %s\n", b)) - return 0; - - dp = forwards_lookup(worker->env.fwds, nm, qinfo.qclass); - if(dp) { - if(!ssl_printf(ssl, "forwarding request:\n")) - return 0; - print_dp_main(ssl, dp, NULL); - print_dp_details(ssl, worker, dp); - return 1; - } - - while(1) { - dp = dns_cache_find_delegation(&worker->env, nm, nmlen, - qinfo.qtype, qinfo.qclass, region, &msg, - *worker->env.now); - if(!dp) { - return ssl_printf(ssl, "no delegation from " - "cache; goes to configured roots\n"); - } - /* go up? */ - if(iter_dp_is_useless(&qinfo, BIT_RD, dp)) { - print_dp_main(ssl, dp, msg); - print_dp_details(ssl, worker, dp); - if(!ssl_printf(ssl, "cache delegation was " - "useless (no IP addresses)\n")) - return 0; - if(dname_is_root(nm)) { - /* goes to root config */ - return ssl_printf(ssl, "no delegation from " - "cache; goes to configured roots\n"); - } else { - /* useless, goes up */ - nm = dp->name; - nmlen = dp->namelen; - dname_remove_label(&nm, &nmlen); - dname_str(nm, b); - if(!ssl_printf(ssl, "going up, lookup %s\n", b)) - return 0; - continue; - } - } - stub = hints_lookup_stub(worker->env.hints, nm, qinfo.qclass, - dp); - if(stub) { - if(stub->noprime) { - if(!ssl_printf(ssl, "The noprime stub servers " - "are used:\n")) - return 0; - } else { - if(!ssl_printf(ssl, "The stub is primed " - "with servers:\n")) - return 0; - } - print_dp_main(ssl, stub->dp, NULL); - print_dp_details(ssl, worker, stub->dp); - } else { - print_dp_main(ssl, dp, msg); - print_dp_details(ssl, worker, dp); - } - break; - } - - return 1; -} diff --git a/external/unbound/daemon/cachedump.h b/external/unbound/daemon/cachedump.h deleted file mode 100644 index 0f2feabcb..000000000 --- a/external/unbound/daemon/cachedump.h +++ /dev/null @@ -1,107 +0,0 @@ -/* - * daemon/cachedump.h - dump the cache to text format. - * - * Copyright (c) 2008, NLnet Labs. All rights reserved. - * - * This software is open source. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * Redistributions of source code must retain the above copyright notice, - * this list of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, - * this list of conditions and the following disclaimer in the documentation - * and/or other materials provided with the distribution. - * - * Neither the name of the NLNET LABS nor the names of its contributors may - * be used to endorse or promote products derived from this software without - * specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR - * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT - * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED - * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR - * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF - * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING - * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -/** - * \file - * - * This file contains functions to read and write the cache(s) - * to text format. - * - * The format of the file is as follows: - * [RRset cache] - * [Message cache] - * EOF -- fixed string "EOF" before end of the file. - * - * The RRset cache is: - * START_RRSET_CACHE - * [rrset]* - * END_RRSET_CACHE - * - * rrset is: - * ;rrset [nsec_apex] TTL rr_count rrsig_count trust security - * resource records, one per line, in zonefile format - * rrsig records, one per line, in zonefile format - * If the text conversion fails, BADRR is printed on the line. - * - * The Message cache is: - * START_MSG_CACHE - * [msg]* - * END_MSG_CACHE - * - * msg is: - * msg name class type flags qdcount ttl security an ns ar - * list of rrset references, one per line. If conversion fails, BADREF - * reference is: - * name class type flags - * - * Expired cache entries are not printed. - */ - -#ifndef DAEMON_DUMPCACHE_H -#define DAEMON_DUMPCACHE_H -struct worker; - -/** - * Dump cache(s) to text - * @param ssl: to print to - * @param worker: worker that is available (buffers, etc) and has - * ptrs to the caches. - * @return false on ssl print error. - */ -int dump_cache(SSL* ssl, struct worker* worker); - -/** - * Load cache(s) from text - * @param ssl: to read from - * @param worker: worker that is available (buffers, etc) and has - * ptrs to the caches. - * @return false on ssl error. - */ -int load_cache(SSL* ssl, struct worker* worker); - -/** - * Print the delegation used to lookup for this name. - * @param ssl: to read from - * @param worker: worker that is available (buffers, etc) and has - * ptrs to the caches. - * @param nm: name to lookup - * @param nmlen: length of name. - * @param nmlabs: labels in name. - * @return false on ssl error. - */ -int print_deleg_lookup(SSL* ssl, struct worker* worker, uint8_t* nm, - size_t nmlen, int nmlabs); - -#endif /* DAEMON_DUMPCACHE_H */ diff --git a/external/unbound/daemon/daemon.c b/external/unbound/daemon/daemon.c deleted file mode 100644 index dad9f86b3..000000000 --- a/external/unbound/daemon/daemon.c +++ /dev/null @@ -1,795 +0,0 @@ -/* - * daemon/daemon.c - collection of workers that handles requests. - * - * Copyright (c) 2007, NLnet Labs. All rights reserved. - * - * This software is open source. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * Redistributions of source code must retain the above copyright notice, - * this list of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, - * this list of conditions and the following disclaimer in the documentation - * and/or other materials provided with the distribution. - * - * Neither the name of the NLNET LABS nor the names of its contributors may - * be used to endorse or promote products derived from this software without - * specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR - * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT - * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED - * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR - * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF - * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING - * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -/** - * \file - * - * The daemon consists of global settings and a number of workers. - */ - -#include "config.h" -#ifdef HAVE_OPENSSL_ERR_H -#include -#endif - -#ifdef HAVE_OPENSSL_RAND_H -#include -#endif - -#ifdef HAVE_OPENSSL_CONF_H -#include -#endif - -#ifdef HAVE_OPENSSL_ENGINE_H -#include -#endif - -#ifdef HAVE_TIME_H -#include -#endif -#include - -#ifdef HAVE_NSS -/* nss3 */ -#include "nss.h" -#endif - -#include "daemon/daemon.h" -#include "daemon/worker.h" -#include "daemon/remote.h" -#include "daemon/acl_list.h" -#include "util/log.h" -#include "util/config_file.h" -#include "util/data/msgreply.h" -#include "util/shm_side/shm_main.h" -#include "util/storage/lookup3.h" -#include "util/storage/slabhash.h" -#include "services/listen_dnsport.h" -#include "services/cache/rrset.h" -#include "services/cache/infra.h" -#include "services/localzone.h" -#include "services/view.h" -#include "services/modstack.h" -#include "util/module.h" -#include "util/random.h" -#include "util/tube.h" -#include "util/net_help.h" -#include "sldns/keyraw.h" -#include "respip/respip.h" -#include - -#ifdef HAVE_SYSTEMD -#include -#endif - -/** How many quit requests happened. */ -static int sig_record_quit = 0; -/** How many reload requests happened. */ -static int sig_record_reload = 0; - -#if HAVE_DECL_SSL_COMP_GET_COMPRESSION_METHODS -/** cleaner ssl memory freeup */ -static void* comp_meth = NULL; -#endif -#ifdef LEX_HAS_YYLEX_DESTROY -/** remove buffers for parsing and init */ -int ub_c_lex_destroy(void); -#endif - -/** used when no other sighandling happens, so we don't die - * when multiple signals in quick succession are sent to us. - * @param sig: signal number. - * @return signal handler return type (void or int). - */ -static RETSIGTYPE record_sigh(int sig) -{ -#ifdef LIBEVENT_SIGNAL_PROBLEM - /* cannot log, verbose here because locks may be held */ - /* quit on signal, no cleanup and statistics, - because installed libevent version is not threadsafe */ - exit(0); -#endif - switch(sig) - { - case SIGTERM: -#ifdef SIGQUIT - case SIGQUIT: -#endif -#ifdef SIGBREAK - case SIGBREAK: -#endif - case SIGINT: - sig_record_quit++; - break; -#ifdef SIGHUP - case SIGHUP: - sig_record_reload++; - break; -#endif -#ifdef SIGPIPE - case SIGPIPE: - break; -#endif - default: - /* ignoring signal */ - break; - } -} - -/** - * Signal handling during the time when netevent is disabled. - * Stores signals to replay later. - */ -static void -signal_handling_record(void) -{ - if( signal(SIGTERM, record_sigh) == SIG_ERR || -#ifdef SIGQUIT - signal(SIGQUIT, record_sigh) == SIG_ERR || -#endif -#ifdef SIGBREAK - signal(SIGBREAK, record_sigh) == SIG_ERR || -#endif -#ifdef SIGHUP - signal(SIGHUP, record_sigh) == SIG_ERR || -#endif -#ifdef SIGPIPE - signal(SIGPIPE, SIG_IGN) == SIG_ERR || -#endif - signal(SIGINT, record_sigh) == SIG_ERR - ) - log_err("install sighandler: %s", strerror(errno)); -} - -/** - * Replay old signals. - * @param wrk: worker that handles signals. - */ -static void -signal_handling_playback(struct worker* wrk) -{ -#ifdef SIGHUP - if(sig_record_reload) { -# ifdef HAVE_SYSTEMD - sd_notify(0, "RELOADING=1"); -# endif - worker_sighandler(SIGHUP, wrk); -# ifdef HAVE_SYSTEMD - sd_notify(0, "READY=1"); -# endif - } -#endif - if(sig_record_quit) - worker_sighandler(SIGTERM, wrk); - sig_record_quit = 0; - sig_record_reload = 0; -} - -struct daemon* -daemon_init(void) -{ - struct daemon* daemon = (struct daemon*)calloc(1, - sizeof(struct daemon)); -#ifdef USE_WINSOCK - int r; - WSADATA wsa_data; -#endif - if(!daemon) - return NULL; -#ifdef USE_WINSOCK - r = WSAStartup(MAKEWORD(2,2), &wsa_data); - if(r != 0) { - fatal_exit("could not init winsock. WSAStartup: %s", - wsa_strerror(r)); - } -#endif /* USE_WINSOCK */ - signal_handling_record(); - checklock_start(); -#ifdef HAVE_SSL -# ifdef HAVE_ERR_LOAD_CRYPTO_STRINGS - ERR_load_crypto_strings(); -# endif - ERR_load_SSL_strings(); -# ifdef USE_GOST - (void)sldns_key_EVP_load_gost_id(); -# endif -# if OPENSSL_VERSION_NUMBER < 0x10100000 || !defined(HAVE_OPENSSL_INIT_CRYPTO) - OpenSSL_add_all_algorithms(); -# else - OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS - | OPENSSL_INIT_ADD_ALL_DIGESTS - | OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL); -# endif -# if HAVE_DECL_SSL_COMP_GET_COMPRESSION_METHODS - /* grab the COMP method ptr because openssl leaks it */ - comp_meth = (void*)SSL_COMP_get_compression_methods(); -# endif -# if OPENSSL_VERSION_NUMBER < 0x10100000 || !defined(HAVE_OPENSSL_INIT_SSL) - (void)SSL_library_init(); -# else - (void)OPENSSL_init_ssl(0, NULL); -# endif -# if defined(HAVE_SSL) && defined(OPENSSL_THREADS) && !defined(THREADS_DISABLED) - if(!ub_openssl_lock_init()) - fatal_exit("could not init openssl locks"); -# endif -#elif defined(HAVE_NSS) - if(NSS_NoDB_Init(NULL) != SECSuccess) - fatal_exit("could not init NSS"); -#endif /* HAVE_SSL or HAVE_NSS */ -#ifdef HAVE_TZSET - /* init timezone info while we are not chrooted yet */ - tzset(); -#endif - /* open /dev/random if needed */ - ub_systemseed((unsigned)time(NULL)^(unsigned)getpid()^0xe67); - daemon->need_to_exit = 0; - modstack_init(&daemon->mods); - if(!(daemon->env = (struct module_env*)calloc(1, - sizeof(*daemon->env)))) { - free(daemon); - return NULL; - } - /* init edns_known_options */ - if(!edns_known_options_init(daemon->env)) { - free(daemon->env); - free(daemon); - return NULL; - } - alloc_init(&daemon->superalloc, NULL, 0); - daemon->acl = acl_list_create(); - if(!daemon->acl) { - edns_known_options_delete(daemon->env); - free(daemon->env); - free(daemon); - return NULL; - } - if(gettimeofday(&daemon->time_boot, NULL) < 0) - log_err("gettimeofday: %s", strerror(errno)); - daemon->time_last_stat = daemon->time_boot; - return daemon; -} - -int -daemon_open_shared_ports(struct daemon* daemon) -{ - log_assert(daemon); - if(daemon->cfg->port != daemon->listening_port) { - size_t i; - struct listen_port* p0; - daemon->reuseport = 0; - /* free and close old ports */ - if(daemon->ports != NULL) { - for(i=0; inum_ports; i++) - listening_ports_free(daemon->ports[i]); - free(daemon->ports); - daemon->ports = NULL; - } - /* see if we want to reuseport */ -#ifdef SO_REUSEPORT - if(daemon->cfg->so_reuseport && daemon->cfg->num_threads > 0) - daemon->reuseport = 1; -#endif - /* try to use reuseport */ - p0 = listening_ports_open(daemon->cfg, &daemon->reuseport); - if(!p0) { - listening_ports_free(p0); - return 0; - } - if(daemon->reuseport) { - /* reuseport was successful, allocate for it */ - daemon->num_ports = (size_t)daemon->cfg->num_threads; - } else { - /* do the normal, singleportslist thing, - * reuseport not enabled or did not work */ - daemon->num_ports = 1; - } - if(!(daemon->ports = (struct listen_port**)calloc( - daemon->num_ports, sizeof(*daemon->ports)))) { - listening_ports_free(p0); - return 0; - } - daemon->ports[0] = p0; - if(daemon->reuseport) { - /* continue to use reuseport */ - for(i=1; inum_ports; i++) { - if(!(daemon->ports[i]= - listening_ports_open(daemon->cfg, - &daemon->reuseport)) - || !daemon->reuseport ) { - for(i=0; inum_ports; i++) - listening_ports_free(daemon->ports[i]); - free(daemon->ports); - daemon->ports = NULL; - return 0; - } - } - } - daemon->listening_port = daemon->cfg->port; - } - if(!daemon->cfg->remote_control_enable && daemon->rc_port) { - listening_ports_free(daemon->rc_ports); - daemon->rc_ports = NULL; - daemon->rc_port = 0; - } - if(daemon->cfg->remote_control_enable && - daemon->cfg->control_port != daemon->rc_port) { - listening_ports_free(daemon->rc_ports); - if(!(daemon->rc_ports=daemon_remote_open_ports(daemon->cfg))) - return 0; - daemon->rc_port = daemon->cfg->control_port; - } - return 1; -} - -/** - * Setup modules. setup module stack. - * @param daemon: the daemon - */ -static void daemon_setup_modules(struct daemon* daemon) -{ - daemon->env->cfg = daemon->cfg; - daemon->env->alloc = &daemon->superalloc; - daemon->env->worker = NULL; - daemon->env->need_to_validate = 0; /* set by module init below */ - if(!modstack_setup(&daemon->mods, daemon->cfg->module_conf, - daemon->env)) { - fatal_exit("failed to setup modules"); - } - log_edns_known_options(VERB_ALGO, daemon->env); -} - -/** - * Obtain allowed port numbers, concatenate the list, and shuffle them - * (ready to be handed out to threads). - * @param daemon: the daemon. Uses rand and cfg. - * @param shufport: the portlist output. - * @return number of ports available. - */ -static int daemon_get_shufport(struct daemon* daemon, int* shufport) -{ - int i, n, k, temp; - int avail = 0; - for(i=0; i<65536; i++) { - if(daemon->cfg->outgoing_avail_ports[i]) { - shufport[avail++] = daemon->cfg-> - outgoing_avail_ports[i]; - } - } - if(avail == 0) - fatal_exit("no ports are permitted for UDP, add " - "with outgoing-port-permit"); - /* Knuth shuffle */ - n = avail; - while(--n > 0) { - k = ub_random_max(daemon->rand, n+1); /* 0<= k<= n */ - temp = shufport[k]; - shufport[k] = shufport[n]; - shufport[n] = temp; - } - return avail; -} - -/** - * Allocate empty worker structures. With backptr and thread-number, - * from 0..numthread initialised. Used as user arguments to new threads. - * Creates the daemon random generator if it does not exist yet. - * The random generator stays existing between reloads with a unique state. - * @param daemon: the daemon with (new) config settings. - */ -static void -daemon_create_workers(struct daemon* daemon) -{ - int i, numport; - int* shufport; - log_assert(daemon && daemon->cfg); - if(!daemon->rand) { - unsigned int seed = (unsigned int)time(NULL) ^ - (unsigned int)getpid() ^ 0x438; - daemon->rand = ub_initstate(seed, NULL); - if(!daemon->rand) - fatal_exit("could not init random generator"); - } - hash_set_raninit((uint32_t)ub_random(daemon->rand)); - shufport = (int*)calloc(65536, sizeof(int)); - if(!shufport) - fatal_exit("out of memory during daemon init"); - numport = daemon_get_shufport(daemon, shufport); - verbose(VERB_ALGO, "total of %d outgoing ports available", numport); - - daemon->num = (daemon->cfg->num_threads?daemon->cfg->num_threads:1); - if(daemon->reuseport && (int)daemon->num < (int)daemon->num_ports) { - log_warn("cannot reduce num-threads to %d because so-reuseport " - "so continuing with %d threads.", (int)daemon->num, - (int)daemon->num_ports); - daemon->num = (int)daemon->num_ports; - } - daemon->workers = (struct worker**)calloc((size_t)daemon->num, - sizeof(struct worker*)); - if(!daemon->workers) - fatal_exit("out of memory during daemon init"); - if(daemon->cfg->dnstap) { -#ifdef USE_DNSTAP - daemon->dtenv = dt_create(daemon->cfg->dnstap_socket_path, - (unsigned int)daemon->num); - if (!daemon->dtenv) - fatal_exit("dt_create failed"); - dt_apply_cfg(daemon->dtenv, daemon->cfg); -#else - fatal_exit("dnstap enabled in config but not built with dnstap support"); -#endif - } - for(i=0; inum; i++) { - if(!(daemon->workers[i] = worker_create(daemon, i, - shufport+numport*i/daemon->num, - numport*(i+1)/daemon->num - numport*i/daemon->num))) - /* the above is not ports/numthr, due to rounding */ - fatal_exit("could not create worker"); - } - free(shufport); -} - -#ifdef THREADS_DISABLED -/** - * Close all pipes except for the numbered thread. - * @param daemon: daemon to close pipes in. - * @param thr: thread number 0..num-1 of thread to skip. - */ -static void close_other_pipes(struct daemon* daemon, int thr) -{ - int i; - for(i=0; inum; i++) - if(i!=thr) { - if(i==0) { - /* only close read part, need to write stats */ - tube_close_read(daemon->workers[i]->cmd); - } else { - /* complete close channel to others */ - tube_delete(daemon->workers[i]->cmd); - daemon->workers[i]->cmd = NULL; - } - } -} -#endif /* THREADS_DISABLED */ - -/** - * Function to start one thread. - * @param arg: user argument. - * @return: void* user return value could be used for thread_join results. - */ -static void* -thread_start(void* arg) -{ - struct worker* worker = (struct worker*)arg; - int port_num = 0; - log_thread_set(&worker->thread_num); - ub_thread_blocksigs(); -#ifdef THREADS_DISABLED - /* close pipe ends used by main */ - tube_close_write(worker->cmd); - close_other_pipes(worker->daemon, worker->thread_num); -#endif -#ifdef SO_REUSEPORT - if(worker->daemon->cfg->so_reuseport) - port_num = worker->thread_num % worker->daemon->num_ports; - else - port_num = 0; -#endif - if(!worker_init(worker, worker->daemon->cfg, - worker->daemon->ports[port_num], 0)) - fatal_exit("Could not initialize thread"); - - worker_work(worker); - return NULL; -} - -/** - * Fork and init the other threads. Main thread returns for special handling. - * @param daemon: the daemon with other threads to fork. - */ -static void -daemon_start_others(struct daemon* daemon) -{ - int i; - log_assert(daemon); - verbose(VERB_ALGO, "start threads"); - /* skip i=0, is this thread */ - for(i=1; inum; i++) { - ub_thread_create(&daemon->workers[i]->thr_id, - thread_start, daemon->workers[i]); -#ifdef THREADS_DISABLED - /* close pipe end of child */ - tube_close_read(daemon->workers[i]->cmd); -#endif /* no threads */ - } -} - -/** - * Stop the other threads. - * @param daemon: the daemon with other threads. - */ -static void -daemon_stop_others(struct daemon* daemon) -{ - int i; - log_assert(daemon); - verbose(VERB_ALGO, "stop threads"); - /* skip i=0, is this thread */ - /* use i=0 buffer for sending cmds; because we are #0 */ - for(i=1; inum; i++) { - worker_send_cmd(daemon->workers[i], worker_cmd_quit); - } - /* wait for them to quit */ - for(i=1; inum; i++) { - /* join it to make sure its dead */ - verbose(VERB_ALGO, "join %d", i); - ub_thread_join(daemon->workers[i]->thr_id); - verbose(VERB_ALGO, "join success %d", i); - } -} - -void -daemon_fork(struct daemon* daemon) -{ - int have_view_respip_cfg = 0; - - log_assert(daemon); - if(!(daemon->views = views_create())) - fatal_exit("Could not create views: out of memory"); - /* create individual views and their localzone/data trees */ - if(!views_apply_cfg(daemon->views, daemon->cfg)) - fatal_exit("Could not set up views"); - - if(!acl_list_apply_cfg(daemon->acl, daemon->cfg, daemon->views)) - fatal_exit("Could not setup access control list"); - if(daemon->cfg->dnscrypt) { -#ifdef USE_DNSCRYPT - daemon->dnscenv = dnsc_create(); - if (!daemon->dnscenv) - fatal_exit("dnsc_create failed"); - dnsc_apply_cfg(daemon->dnscenv, daemon->cfg); -#else - fatal_exit("dnscrypt enabled in config but unbound was not built with " - "dnscrypt support"); -#endif - } - /* create global local_zones */ - if(!(daemon->local_zones = local_zones_create())) - fatal_exit("Could not create local zones: out of memory"); - if(!local_zones_apply_cfg(daemon->local_zones, daemon->cfg)) - fatal_exit("Could not set up local zones"); - - /* process raw response-ip configuration data */ - if(!(daemon->respip_set = respip_set_create())) - fatal_exit("Could not create response IP set"); - if(!respip_global_apply_cfg(daemon->respip_set, daemon->cfg)) - fatal_exit("Could not set up response IP set"); - if(!respip_views_apply_cfg(daemon->views, daemon->cfg, - &have_view_respip_cfg)) - fatal_exit("Could not set up per-view response IP sets"); - daemon->use_response_ip = !respip_set_is_empty(daemon->respip_set) || - have_view_respip_cfg; - - /* setup modules */ - daemon_setup_modules(daemon); - - /* response-ip-xxx options don't work as expected without the respip - * module. To avoid run-time operational surprise we reject such - * configuration. */ - if(daemon->use_response_ip && - modstack_find(&daemon->mods, "respip") < 0) - fatal_exit("response-ip options require respip module"); - - /* first create all the worker structures, so we can pass - * them to the newly created threads. - */ - daemon_create_workers(daemon); - -#if defined(HAVE_EV_LOOP) || defined(HAVE_EV_DEFAULT_LOOP) - /* in libev the first inited base gets signals */ - if(!worker_init(daemon->workers[0], daemon->cfg, daemon->ports[0], 1)) - fatal_exit("Could not initialize main thread"); -#endif - - /* Now create the threads and init the workers. - * By the way, this is thread #0 (the main thread). - */ - daemon_start_others(daemon); - - /* Special handling for the main thread. This is the thread - * that handles signals and remote control. - */ -#if !(defined(HAVE_EV_LOOP) || defined(HAVE_EV_DEFAULT_LOOP)) - /* libevent has the last inited base get signals (or any base) */ - if(!worker_init(daemon->workers[0], daemon->cfg, daemon->ports[0], 1)) - fatal_exit("Could not initialize main thread"); -#endif - signal_handling_playback(daemon->workers[0]); - - if (!shm_main_init(daemon)) - log_warn("SHM has failed"); - - /* Start resolver service on main thread. */ -#ifdef HAVE_SYSTEMD - sd_notify(0, "READY=1"); -#endif - log_info("start of service (%s).", PACKAGE_STRING); - worker_work(daemon->workers[0]); -#ifdef HAVE_SYSTEMD - sd_notify(0, "STOPPING=1"); -#endif - log_info("service stopped (%s).", PACKAGE_STRING); - - /* we exited! a signal happened! Stop other threads */ - daemon_stop_others(daemon); - - /* Shutdown SHM */ - shm_main_shutdown(daemon); - - daemon->need_to_exit = daemon->workers[0]->need_to_exit; -} - -void -daemon_cleanup(struct daemon* daemon) -{ - int i; - log_assert(daemon); - /* before stopping main worker, handle signals ourselves, so we - don't die on multiple reload signals for example. */ - signal_handling_record(); - log_thread_set(NULL); - /* clean up caches because - * a) RRset IDs will be recycled after a reload, causing collisions - * b) validation config can change, thus rrset, msg, keycache clear */ - slabhash_clear(&daemon->env->rrset_cache->table); - slabhash_clear(daemon->env->msg_cache); - local_zones_delete(daemon->local_zones); - daemon->local_zones = NULL; - respip_set_delete(daemon->respip_set); - daemon->respip_set = NULL; - views_delete(daemon->views); - daemon->views = NULL; - /* key cache is cleared by module desetup during next daemon_fork() */ - daemon_remote_clear(daemon->rc); - for(i=0; inum; i++) - worker_delete(daemon->workers[i]); - free(daemon->workers); - daemon->workers = NULL; - daemon->num = 0; -#ifdef USE_DNSTAP - dt_delete(daemon->dtenv); -#endif - daemon->cfg = NULL; -} - -void -daemon_delete(struct daemon* daemon) -{ - size_t i; - if(!daemon) - return; - modstack_desetup(&daemon->mods, daemon->env); - daemon_remote_delete(daemon->rc); - for(i = 0; i < daemon->num_ports; i++) - listening_ports_free(daemon->ports[i]); - free(daemon->ports); - listening_ports_free(daemon->rc_ports); - if(daemon->env) { - slabhash_delete(daemon->env->msg_cache); - rrset_cache_delete(daemon->env->rrset_cache); - infra_delete(daemon->env->infra_cache); - edns_known_options_delete(daemon->env); - } - ub_randfree(daemon->rand); - alloc_clear(&daemon->superalloc); - acl_list_delete(daemon->acl); - free(daemon->chroot); - free(daemon->pidfile); - free(daemon->env); -#ifdef HAVE_SSL - SSL_CTX_free((SSL_CTX*)daemon->listen_sslctx); - SSL_CTX_free((SSL_CTX*)daemon->connect_sslctx); -#endif - free(daemon); -#ifdef LEX_HAS_YYLEX_DESTROY - /* lex cleanup */ - ub_c_lex_destroy(); -#endif - /* libcrypto cleanup */ -#ifdef HAVE_SSL -# if defined(USE_GOST) && defined(HAVE_LDNS_KEY_EVP_UNLOAD_GOST) - sldns_key_EVP_unload_gost(); -# endif -# if HAVE_DECL_SSL_COMP_GET_COMPRESSION_METHODS && HAVE_DECL_SK_SSL_COMP_POP_FREE -# ifndef S_SPLINT_S -# if OPENSSL_VERSION_NUMBER < 0x10100000 - sk_SSL_COMP_pop_free(comp_meth, (void(*)())CRYPTO_free); -# endif -# endif -# endif -# ifdef HAVE_OPENSSL_CONFIG - EVP_cleanup(); -# if OPENSSL_VERSION_NUMBER < 0x10100000 - ENGINE_cleanup(); -# endif - CONF_modules_free(); -# endif -# ifdef HAVE_CRYPTO_CLEANUP_ALL_EX_DATA - CRYPTO_cleanup_all_ex_data(); /* safe, no more threads right now */ -# endif -# ifdef HAVE_ERR_FREE_STRINGS - ERR_free_strings(); -# endif -# if OPENSSL_VERSION_NUMBER < 0x10100000 - RAND_cleanup(); -# endif -# if defined(HAVE_SSL) && defined(OPENSSL_THREADS) && !defined(THREADS_DISABLED) - ub_openssl_lock_delete(); -# endif -#elif defined(HAVE_NSS) - NSS_Shutdown(); -#endif /* HAVE_SSL or HAVE_NSS */ - checklock_stop(); -#ifdef USE_WINSOCK - if(WSACleanup() != 0) { - log_err("Could not WSACleanup: %s", - wsa_strerror(WSAGetLastError())); - } -#endif -} - -void daemon_apply_cfg(struct daemon* daemon, struct config_file* cfg) -{ - daemon->cfg = cfg; - config_apply(cfg); - if(!daemon->env->msg_cache || - cfg->msg_cache_size != slabhash_get_size(daemon->env->msg_cache) || - cfg->msg_cache_slabs != daemon->env->msg_cache->size) { - slabhash_delete(daemon->env->msg_cache); - daemon->env->msg_cache = slabhash_create(cfg->msg_cache_slabs, - HASH_DEFAULT_STARTARRAY, cfg->msg_cache_size, - msgreply_sizefunc, query_info_compare, - query_entry_delete, reply_info_delete, NULL); - if(!daemon->env->msg_cache) { - fatal_exit("malloc failure updating config settings"); - } - } - if((daemon->env->rrset_cache = rrset_cache_adjust( - daemon->env->rrset_cache, cfg, &daemon->superalloc)) == 0) - fatal_exit("malloc failure updating config settings"); - if((daemon->env->infra_cache = infra_adjust(daemon->env->infra_cache, - cfg))==0) - fatal_exit("malloc failure updating config settings"); -} diff --git a/external/unbound/daemon/daemon.h b/external/unbound/daemon/daemon.h deleted file mode 100644 index 71e5bb96d..000000000 --- a/external/unbound/daemon/daemon.h +++ /dev/null @@ -1,183 +0,0 @@ -/* - * daemon/daemon.h - collection of workers that handles requests. - * - * Copyright (c) 2007, NLnet Labs. All rights reserved. - * - * This software is open source. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * Redistributions of source code must retain the above copyright notice, - * this list of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, - * this list of conditions and the following disclaimer in the documentation - * and/or other materials provided with the distribution. - * - * Neither the name of the NLNET LABS nor the names of its contributors may - * be used to endorse or promote products derived from this software without - * specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR - * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT - * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED - * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR - * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF - * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING - * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -/** - * \file - * - * The daemon consists of global settings and a number of workers. - */ - -#ifndef DAEMON_H -#define DAEMON_H - -#include "util/locks.h" -#include "util/alloc.h" -#include "services/modstack.h" -#ifdef UB_ON_WINDOWS -# include "util/winsock_event.h" -#endif -struct config_file; -struct worker; -struct listen_port; -struct slabhash; -struct module_env; -struct rrset_cache; -struct acl_list; -struct local_zones; -struct views; -struct ub_randstate; -struct daemon_remote; -struct respip_set; -struct shm_main_info; - -#include "dnstap/dnstap_config.h" -#ifdef USE_DNSTAP -struct dt_env; -#endif - -#include "dnscrypt/dnscrypt_config.h" -#ifdef USE_DNSCRYPT -struct dnsc_env; -#endif - -/** - * Structure holding worker list. - * Holds globally visible information. - */ -struct daemon { - /** The config settings */ - struct config_file* cfg; - /** the chroot dir in use, NULL if none */ - char* chroot; - /** pidfile that is used */ - char* pidfile; - /** port number that has ports opened. */ - int listening_port; - /** array of listening ports, opened. Listening ports per worker, - * or just one element[0] shared by the worker threads. */ - struct listen_port** ports; - /** size of ports array */ - size_t num_ports; - /** reuseport is enabled if true */ - int reuseport; - /** port number for remote that has ports opened. */ - int rc_port; - /** listening ports for remote control */ - struct listen_port* rc_ports; - /** remote control connections management (for first worker) */ - struct daemon_remote* rc; - /** ssl context for listening to dnstcp over ssl, and connecting ssl */ - void* listen_sslctx, *connect_sslctx; - /** num threads allocated */ - int num; - /** the worker entries */ - struct worker** workers; - /** do we need to exit unbound (or is it only a reload?) */ - int need_to_exit; - /** master random table ; used for port div between threads on reload*/ - struct ub_randstate* rand; - /** master allocation cache */ - struct alloc_cache superalloc; - /** the module environment master value, copied and changed by threads*/ - struct module_env* env; - /** stack of module callbacks */ - struct module_stack mods; - /** access control, which client IPs are allowed to connect */ - struct acl_list* acl; - /** local authority zones */ - struct local_zones* local_zones; - /** last time of statistics printout */ - struct timeval time_last_stat; - /** time when daemon started */ - struct timeval time_boot; - /** views structure containing view tree */ - struct views* views; -#ifdef USE_DNSTAP - /** the dnstap environment master value, copied and changed by threads*/ - struct dt_env* dtenv; -#endif - struct shm_main_info* shm_info; - /** response-ip set with associated actions and tags. */ - struct respip_set* respip_set; - /** some response-ip tags or actions are configured if true */ - int use_response_ip; -#ifdef USE_DNSCRYPT - /** the dnscrypt environment */ - struct dnsc_env* dnscenv; -#endif -}; - -/** - * Initialize daemon structure. - * @return: The daemon structure, or NULL on error. - */ -struct daemon* daemon_init(void); - -/** - * Open shared listening ports (if needed). - * The cfg member pointer must have been set for the daemon. - * @param daemon: the daemon. - * @return: false on error. - */ -int daemon_open_shared_ports(struct daemon* daemon); - -/** - * Fork workers and start service. - * When the routine exits, it is no longer forked. - * @param daemon: the daemon. - */ -void daemon_fork(struct daemon* daemon); - -/** - * Close off the worker thread information. - * Bring the daemon back into state ready for daemon_fork again. - * @param daemon: the daemon. - */ -void daemon_cleanup(struct daemon* daemon); - -/** - * Delete workers, close listening ports. - * @param daemon: the daemon. - */ -void daemon_delete(struct daemon* daemon); - -/** - * Apply config settings. - * @param daemon: the daemon. - * @param cfg: new config settings. - */ -void daemon_apply_cfg(struct daemon* daemon, struct config_file* cfg); - -#endif /* DAEMON_H */ diff --git a/external/unbound/daemon/remote.c b/external/unbound/daemon/remote.c deleted file mode 100644 index c15967c20..000000000 --- a/external/unbound/daemon/remote.c +++ /dev/null @@ -1,3050 +0,0 @@ -/* - * daemon/remote.c - remote control for the unbound daemon. - * - * Copyright (c) 2008, NLnet Labs. All rights reserved. - * - * This software is open source. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * Redistributions of source code must retain the above copyright notice, - * this list of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, - * this list of conditions and the following disclaimer in the documentation - * and/or other materials provided with the distribution. - * - * Neither the name of the NLNET LABS nor the names of its contributors may - * be used to endorse or promote products derived from this software without - * specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR - * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT - * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED - * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR - * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF - * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING - * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -/** - * \file - * - * This file contains the remote control functionality for the daemon. - * The remote control can be performed using either the commandline - * unbound-control tool, or a TLS capable web browser. - * The channel is secured using TLSv1, and certificates. - * Both the server and the client(control tool) have their own keys. - */ -#include "config.h" -#ifdef HAVE_OPENSSL_ERR_H -#include -#endif -#ifdef HAVE_OPENSSL_DH_H -#include -#endif -#ifdef HAVE_OPENSSL_BN_H -#include -#endif - -#include -#include "daemon/remote.h" -#include "daemon/worker.h" -#include "daemon/daemon.h" -#include "daemon/stats.h" -#include "daemon/cachedump.h" -#include "util/log.h" -#include "util/config_file.h" -#include "util/net_help.h" -#include "util/module.h" -#include "services/listen_dnsport.h" -#include "services/cache/rrset.h" -#include "services/cache/infra.h" -#include "services/mesh.h" -#include "services/localzone.h" -#include "util/storage/slabhash.h" -#include "util/fptr_wlist.h" -#include "util/data/dname.h" -#include "validator/validator.h" -#include "validator/val_kcache.h" -#include "validator/val_kentry.h" -#include "validator/val_anchor.h" -#include "iterator/iterator.h" -#include "iterator/iter_fwd.h" -#include "iterator/iter_hints.h" -#include "iterator/iter_delegpt.h" -#include "services/outbound_list.h" -#include "services/outside_network.h" -#include "sldns/str2wire.h" -#include "sldns/parseutil.h" -#include "sldns/wire2str.h" -#include "sldns/sbuffer.h" - -#ifdef HAVE_SYS_TYPES_H -# include -#endif -#ifdef HAVE_SYS_STAT_H -#include -#endif -#ifdef HAVE_NETDB_H -#include -#endif - -/* just for portability */ -#ifdef SQ -#undef SQ -#endif - -/** what to put on statistics lines between var and value, ": " or "=" */ -#define SQ "=" -/** if true, inhibits a lot of =0 lines from the stats output */ -static const int inhibit_zero = 1; - -/** subtract timers and the values do not overflow or become negative */ -static void -timeval_subtract(struct timeval* d, const struct timeval* end, - const struct timeval* start) -{ -#ifndef S_SPLINT_S - time_t end_usec = end->tv_usec; - d->tv_sec = end->tv_sec - start->tv_sec; - if(end_usec < start->tv_usec) { - end_usec += 1000000; - d->tv_sec--; - } - d->tv_usec = end_usec - start->tv_usec; -#endif -} - -/** divide sum of timers to get average */ -static void -timeval_divide(struct timeval* avg, const struct timeval* sum, size_t d) -{ -#ifndef S_SPLINT_S - size_t leftover; - if(d == 0) { - avg->tv_sec = 0; - avg->tv_usec = 0; - return; - } - avg->tv_sec = sum->tv_sec / d; - avg->tv_usec = sum->tv_usec / d; - /* handle fraction from seconds divide */ - leftover = sum->tv_sec - avg->tv_sec*d; - avg->tv_usec += (leftover*1000000)/d; -#endif -} - -/* - * The following function was generated using the openssl utility, using - * the command : "openssl dhparam -C 2048" - * (some openssl versions reject DH that is 'too small', eg. 512). - */ -#if OPENSSL_VERSION_NUMBER < 0x10100000 || defined(HAVE_LIBRESSL) -#ifndef S_SPLINT_S -static DH *get_dh2048(void) -{ - static unsigned char dh2048_p[]={ - 0xE7,0x36,0x28,0x3B,0xE4,0xC3,0x32,0x1C,0x01,0xC3,0x67,0xD6, - 0xF5,0xF3,0xDA,0xDC,0x71,0xC0,0x42,0x8B,0xE6,0xEB,0x8D,0x80, - 0x35,0x7F,0x09,0x45,0x30,0xE5,0xB2,0x92,0x81,0x3F,0x08,0xCD, - 0x36,0x5E,0x19,0x83,0x62,0xCC,0xAE,0x9B,0x81,0x66,0x24,0xEE, - 0x16,0x6F,0xA9,0x9E,0xF4,0x82,0x1B,0xDD,0x46,0xC7,0x33,0x5D, - 0xF4,0xCA,0xE6,0x8F,0xFC,0xD4,0xD8,0x58,0x94,0x24,0x5D,0xFF, - 0x0A,0xE8,0xEF,0x3D,0xCE,0xBB,0x50,0x94,0xE0,0x5F,0xE8,0x41, - 0xC3,0x35,0x30,0x37,0xD5,0xCB,0x8F,0x3D,0x95,0x15,0x1A,0x77, - 0x42,0xB2,0x06,0x86,0xF6,0x09,0x66,0x0E,0x9A,0x25,0x94,0x3E, - 0xD2,0x04,0x25,0x25,0x1D,0x23,0xEB,0xDC,0x4D,0x0C,0x83,0x28, - 0x2E,0x15,0x81,0x2D,0xC1,0xAF,0x8D,0x36,0x64,0xE3,0x9A,0x83, - 0x78,0xC2,0x8D,0xC0,0x9D,0xD9,0x3A,0x1C,0xC5,0x2B,0x50,0x68, - 0x07,0xA9,0x4B,0x8C,0x07,0x57,0xD6,0x15,0x03,0x4E,0x9E,0x01, - 0xF2,0x6F,0x35,0xAC,0x26,0x9C,0x92,0x68,0x61,0x13,0xFB,0x01, - 0xBA,0x22,0x36,0x01,0x55,0xB6,0x62,0xD9,0xB2,0x98,0xCE,0x5D, - 0x4B,0xA5,0x41,0xD6,0xE5,0x70,0x78,0x12,0x1F,0x64,0xB6,0x6F, - 0xB0,0x91,0x51,0x91,0x92,0xC0,0x94,0x3A,0xD1,0x28,0x4D,0x30, - 0x84,0x3E,0xE4,0xE4,0x7F,0x47,0x89,0xB1,0xB6,0x8C,0x8E,0x0E, - 0x26,0xDB,0xCD,0x17,0x07,0x2A,0x21,0x7A,0xCC,0x68,0xE8,0x57, - 0x94,0x9E,0x59,0x61,0xEC,0x20,0x34,0x26,0x0D,0x66,0x44,0xEB, - 0x6F,0x02,0x58,0xE2,0xED,0xF6,0xF3,0x1B,0xBF,0x9E,0x45,0x52, - 0x5A,0x49,0xA1,0x5B, - }; - static unsigned char dh2048_g[]={ - 0x02, - }; - DH *dh = NULL; - BIGNUM *p = NULL, *g = NULL; - - dh = DH_new(); - p = BN_bin2bn(dh2048_p, sizeof(dh2048_p), NULL); - g = BN_bin2bn(dh2048_g, sizeof(dh2048_g), NULL); - if (!dh || !p || !g) - goto err; - -#if OPENSSL_VERSION_NUMBER < 0x10100000 || defined(HAVE_LIBRESSL) - dh->p = p; - dh->g = g; -#else - if (!DH_set0_pqg(dh, p, NULL, g)) - goto err; -#endif - return dh; -err: - if (p) - BN_free(p); - if (g) - BN_free(g); - if (dh) - DH_free(dh); - return NULL; -} -#endif /* SPLINT */ -#endif /* OPENSSL_VERSION_NUMBER < 0x10100000 */ - -struct daemon_remote* -daemon_remote_create(struct config_file* cfg) -{ - char* s_cert; - char* s_key; - struct daemon_remote* rc = (struct daemon_remote*)calloc(1, - sizeof(*rc)); - if(!rc) { - log_err("out of memory in daemon_remote_create"); - return NULL; - } - rc->max_active = 10; - - if(!cfg->remote_control_enable) { - rc->ctx = NULL; - return rc; - } - rc->ctx = SSL_CTX_new(SSLv23_server_method()); - if(!rc->ctx) { - log_crypto_err("could not SSL_CTX_new"); - free(rc); - return NULL; - } - /* no SSLv2, SSLv3 because has defects */ - if((SSL_CTX_set_options(rc->ctx, SSL_OP_NO_SSLv2) & SSL_OP_NO_SSLv2) - != SSL_OP_NO_SSLv2){ - log_crypto_err("could not set SSL_OP_NO_SSLv2"); - daemon_remote_delete(rc); - return NULL; - } - if((SSL_CTX_set_options(rc->ctx, SSL_OP_NO_SSLv3) & SSL_OP_NO_SSLv3) - != SSL_OP_NO_SSLv3){ - log_crypto_err("could not set SSL_OP_NO_SSLv3"); - daemon_remote_delete(rc); - return NULL; - } -#if defined(SSL_OP_NO_TLSv1) && defined(SSL_OP_NO_TLSv1_1) - /* if we have tls 1.1 disable 1.0 */ - if((SSL_CTX_set_options(rc->ctx, SSL_OP_NO_TLSv1) & SSL_OP_NO_TLSv1) - != SSL_OP_NO_TLSv1){ - log_crypto_err("could not set SSL_OP_NO_TLSv1"); - daemon_remote_delete(rc); - return NULL; - } -#endif -#if defined(SSL_OP_NO_TLSv1_1) && defined(SSL_OP_NO_TLSv1_2) - /* if we have tls 1.2 disable 1.1 */ - if((SSL_CTX_set_options(rc->ctx, SSL_OP_NO_TLSv1_1) & SSL_OP_NO_TLSv1_1) - != SSL_OP_NO_TLSv1_1){ - log_crypto_err("could not set SSL_OP_NO_TLSv1_1"); - daemon_remote_delete(rc); - return NULL; - } -#endif -#ifdef SHA256_DIGEST_LENGTH - /* if we have sha256, set the cipher list to have no known vulns */ - if(!SSL_CTX_set_cipher_list(rc->ctx, "ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256")) - log_crypto_err("coult not set cipher list with SSL_CTX_set_cipher_list"); -#endif - - if (cfg->remote_control_use_cert == 0) { - /* No certificates are requested */ -#ifdef HAVE_SSL_CTX_SET_SECURITY_LEVEL - SSL_CTX_set_security_level(rc->ctx, 0); -#endif - if(!SSL_CTX_set_cipher_list(rc->ctx, "aNULL, eNULL")) { - log_crypto_err("Failed to set aNULL cipher list"); - daemon_remote_delete(rc); - return NULL; - } - - /* in openssl 1.1, the securitylevel 0 allows eNULL, that - * does not need the DH */ -#if OPENSSL_VERSION_NUMBER < 0x10100000 || defined(HAVE_LIBRESSL) - /* Since we have no certificates and hence no source of - * DH params, let's generate and set them - */ - if(!SSL_CTX_set_tmp_dh(rc->ctx,get_dh2048())) { - log_crypto_err("Wanted to set DH param, but failed"); - daemon_remote_delete(rc); - return NULL; - } -#endif - return rc; - } - rc->use_cert = 1; - s_cert = fname_after_chroot(cfg->server_cert_file, cfg, 1); - s_key = fname_after_chroot(cfg->server_key_file, cfg, 1); - if(!s_cert || !s_key) { - log_err("out of memory in remote control fname"); - goto setup_error; - } - verbose(VERB_ALGO, "setup SSL certificates"); - if (!SSL_CTX_use_certificate_chain_file(rc->ctx,s_cert)) { - log_err("Error for server-cert-file: %s", s_cert); - log_crypto_err("Error in SSL_CTX use_certificate_chain_file"); - goto setup_error; - } - if(!SSL_CTX_use_PrivateKey_file(rc->ctx,s_key,SSL_FILETYPE_PEM)) { - log_err("Error for server-key-file: %s", s_key); - log_crypto_err("Error in SSL_CTX use_PrivateKey_file"); - goto setup_error; - } - if(!SSL_CTX_check_private_key(rc->ctx)) { - log_err("Error for server-key-file: %s", s_key); - log_crypto_err("Error in SSL_CTX check_private_key"); - goto setup_error; - } -#if HAVE_DECL_SSL_CTX_SET_ECDH_AUTO - if(!SSL_CTX_set_ecdh_auto(rc->ctx,1)) { - log_crypto_err("Error in SSL_CTX_ecdh_auto, not enabling ECDHE"); - } -#elif defined(USE_ECDSA) - if(1) { - EC_KEY *ecdh = EC_KEY_new_by_curve_name (NID_X9_62_prime256v1); - if (!ecdh) { - log_crypto_err("could not find p256, not enabling ECDHE"); - } else { - if (1 != SSL_CTX_set_tmp_ecdh (rc->ctx, ecdh)) { - log_crypto_err("Error in SSL_CTX_set_tmp_ecdh, not enabling ECDHE"); - } - EC_KEY_free (ecdh); - } - } -#endif - if(!SSL_CTX_load_verify_locations(rc->ctx, s_cert, NULL)) { - log_crypto_err("Error setting up SSL_CTX verify locations"); - setup_error: - free(s_cert); - free(s_key); - daemon_remote_delete(rc); - return NULL; - } - SSL_CTX_set_client_CA_list(rc->ctx, SSL_load_client_CA_file(s_cert)); - SSL_CTX_set_verify(rc->ctx, SSL_VERIFY_PEER, NULL); - free(s_cert); - free(s_key); - - return rc; -} - -void daemon_remote_clear(struct daemon_remote* rc) -{ - struct rc_state* p, *np; - if(!rc) return; - /* but do not close the ports */ - listen_list_delete(rc->accept_list); - rc->accept_list = NULL; - /* do close these sockets */ - p = rc->busy_list; - while(p) { - np = p->next; - if(p->ssl) - SSL_free(p->ssl); - comm_point_delete(p->c); - free(p); - p = np; - } - rc->busy_list = NULL; - rc->active = 0; - rc->worker = NULL; -} - -void daemon_remote_delete(struct daemon_remote* rc) -{ - if(!rc) return; - daemon_remote_clear(rc); - if(rc->ctx) { - SSL_CTX_free(rc->ctx); - } - free(rc); -} - -/** - * Add and open a new control port - * @param ip: ip str - * @param nr: port nr - * @param list: list head - * @param noproto_is_err: if lack of protocol support is an error. - * @param cfg: config with username for chown of unix-sockets. - * @return false on failure. - */ -static int -add_open(const char* ip, int nr, struct listen_port** list, int noproto_is_err, - struct config_file* cfg) -{ - struct addrinfo hints; - struct addrinfo* res; - struct listen_port* n; - int noproto; - int fd, r; - char port[15]; - snprintf(port, sizeof(port), "%d", nr); - port[sizeof(port)-1]=0; - memset(&hints, 0, sizeof(hints)); - - if(ip[0] == '/') { - /* This looks like a local socket */ - fd = create_local_accept_sock(ip, &noproto, cfg->use_systemd); - /* - * Change socket ownership and permissions so users other - * than root can access it provided they are in the same - * group as the user we run as. - */ - if(fd != -1) { -#ifdef HAVE_CHOWN - if (cfg->username && cfg->username[0] && - cfg_uid != (uid_t)-1) { - if(chown(ip, cfg_uid, cfg_gid) == -1) - log_err("cannot chown %u.%u %s: %s", - (unsigned)cfg_uid, (unsigned)cfg_gid, - ip, strerror(errno)); - } - chmod(ip, (mode_t)(S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP)); -#else - (void)cfg; -#endif - } - } else { - hints.ai_socktype = SOCK_STREAM; - hints.ai_flags = AI_PASSIVE | AI_NUMERICHOST; - if((r = getaddrinfo(ip, port, &hints, &res)) != 0 || !res) { -#ifdef USE_WINSOCK - if(!noproto_is_err && r == EAI_NONAME) { - /* tried to lookup the address as name */ - return 1; /* return success, but do nothing */ - } -#endif /* USE_WINSOCK */ - log_err("control interface %s:%s getaddrinfo: %s %s", - ip?ip:"default", port, gai_strerror(r), -#ifdef EAI_SYSTEM - r==EAI_SYSTEM?(char*)strerror(errno):"" -#else - "" -#endif - ); - return 0; - } - - /* open fd */ - fd = create_tcp_accept_sock(res, 1, &noproto, 0, - cfg->ip_transparent, 0, cfg->ip_freebind, cfg->use_systemd); - freeaddrinfo(res); - } - - if(fd == -1 && noproto) { - if(!noproto_is_err) - return 1; /* return success, but do nothing */ - log_err("cannot open control interface %s %d : " - "protocol not supported", ip, nr); - return 0; - } - if(fd == -1) { - log_err("cannot open control interface %s %d", ip, nr); - return 0; - } - - /* alloc */ - n = (struct listen_port*)calloc(1, sizeof(*n)); - if(!n) { -#ifndef USE_WINSOCK - close(fd); -#else - closesocket(fd); -#endif - log_err("out of memory"); - return 0; - } - n->next = *list; - *list = n; - n->fd = fd; - return 1; -} - -struct listen_port* daemon_remote_open_ports(struct config_file* cfg) -{ - struct listen_port* l = NULL; - log_assert(cfg->remote_control_enable && cfg->control_port); - if(cfg->control_ifs) { - struct config_strlist* p; - for(p = cfg->control_ifs; p; p = p->next) { - if(!add_open(p->str, cfg->control_port, &l, 1, cfg)) { - listening_ports_free(l); - return NULL; - } - } - } else { - /* defaults */ - if(cfg->do_ip6 && - !add_open("::1", cfg->control_port, &l, 0, cfg)) { - listening_ports_free(l); - return NULL; - } - if(cfg->do_ip4 && - !add_open("127.0.0.1", cfg->control_port, &l, 1, cfg)) { - listening_ports_free(l); - return NULL; - } - } - return l; -} - -/** open accept commpoint */ -static int -accept_open(struct daemon_remote* rc, int fd) -{ - struct listen_list* n = (struct listen_list*)malloc(sizeof(*n)); - if(!n) { - log_err("out of memory"); - return 0; - } - n->next = rc->accept_list; - rc->accept_list = n; - /* open commpt */ - n->com = comm_point_create_raw(rc->worker->base, fd, 0, - &remote_accept_callback, rc); - if(!n->com) - return 0; - /* keep this port open, its fd is kept in the rc portlist */ - n->com->do_not_close = 1; - return 1; -} - -int daemon_remote_open_accept(struct daemon_remote* rc, - struct listen_port* ports, struct worker* worker) -{ - struct listen_port* p; - rc->worker = worker; - for(p = ports; p; p = p->next) { - if(!accept_open(rc, p->fd)) { - log_err("could not create accept comm point"); - return 0; - } - } - return 1; -} - -void daemon_remote_stop_accept(struct daemon_remote* rc) -{ - struct listen_list* p; - for(p=rc->accept_list; p; p=p->next) { - comm_point_stop_listening(p->com); - } -} - -void daemon_remote_start_accept(struct daemon_remote* rc) -{ - struct listen_list* p; - for(p=rc->accept_list; p; p=p->next) { - comm_point_start_listening(p->com, -1, -1); - } -} - -int remote_accept_callback(struct comm_point* c, void* arg, int err, - struct comm_reply* ATTR_UNUSED(rep)) -{ - struct daemon_remote* rc = (struct daemon_remote*)arg; - struct sockaddr_storage addr; - socklen_t addrlen; - int newfd; - struct rc_state* n; - if(err != NETEVENT_NOERROR) { - log_err("error %d on remote_accept_callback", err); - return 0; - } - /* perform the accept */ - newfd = comm_point_perform_accept(c, &addr, &addrlen); - if(newfd == -1) - return 0; - /* create new commpoint unless we are servicing already */ - if(rc->active >= rc->max_active) { - log_warn("drop incoming remote control: too many connections"); - close_exit: -#ifndef USE_WINSOCK - close(newfd); -#else - closesocket(newfd); -#endif - return 0; - } - - /* setup commpoint to service the remote control command */ - n = (struct rc_state*)calloc(1, sizeof(*n)); - if(!n) { - log_err("out of memory"); - goto close_exit; - } - /* start in reading state */ - n->c = comm_point_create_raw(rc->worker->base, newfd, 0, - &remote_control_callback, n); - if(!n->c) { - log_err("out of memory"); - free(n); - goto close_exit; - } - log_addr(VERB_QUERY, "new control connection from", &addr, addrlen); - n->c->do_not_close = 0; - comm_point_stop_listening(n->c); - comm_point_start_listening(n->c, -1, REMOTE_CONTROL_TCP_TIMEOUT); - memcpy(&n->c->repinfo.addr, &addr, addrlen); - n->c->repinfo.addrlen = addrlen; - n->shake_state = rc_hs_read; - n->ssl = SSL_new(rc->ctx); - if(!n->ssl) { - log_crypto_err("could not SSL_new"); - comm_point_delete(n->c); - free(n); - goto close_exit; - } - SSL_set_accept_state(n->ssl); - (void)SSL_set_mode(n->ssl, SSL_MODE_AUTO_RETRY); - if(!SSL_set_fd(n->ssl, newfd)) { - log_crypto_err("could not SSL_set_fd"); - SSL_free(n->ssl); - comm_point_delete(n->c); - free(n); - goto close_exit; - } - - n->rc = rc; - n->next = rc->busy_list; - rc->busy_list = n; - rc->active ++; - - /* perform the first nonblocking read already, for windows, - * so it can return wouldblock. could be faster too. */ - (void)remote_control_callback(n->c, n, NETEVENT_NOERROR, NULL); - return 0; -} - -/** delete from list */ -static void -state_list_remove_elem(struct rc_state** list, struct comm_point* c) -{ - while(*list) { - if( (*list)->c == c) { - *list = (*list)->next; - return; - } - list = &(*list)->next; - } -} - -/** decrease active count and remove commpoint from busy list */ -static void -clean_point(struct daemon_remote* rc, struct rc_state* s) -{ - state_list_remove_elem(&rc->busy_list, s->c); - rc->active --; - if(s->ssl) { - SSL_shutdown(s->ssl); - SSL_free(s->ssl); - } - comm_point_delete(s->c); - free(s); -} - -int -ssl_print_text(SSL* ssl, const char* text) -{ - int r; - if(!ssl) - return 0; - ERR_clear_error(); - if((r=SSL_write(ssl, text, (int)strlen(text))) <= 0) { - if(SSL_get_error(ssl, r) == SSL_ERROR_ZERO_RETURN) { - verbose(VERB_QUERY, "warning, in SSL_write, peer " - "closed connection"); - return 0; - } - log_crypto_err("could not SSL_write"); - return 0; - } - return 1; -} - -/** print text over the ssl connection */ -static int -ssl_print_vmsg(SSL* ssl, const char* format, va_list args) -{ - char msg[1024]; - vsnprintf(msg, sizeof(msg), format, args); - return ssl_print_text(ssl, msg); -} - -/** printf style printing to the ssl connection */ -int ssl_printf(SSL* ssl, const char* format, ...) -{ - va_list args; - int ret; - va_start(args, format); - ret = ssl_print_vmsg(ssl, format, args); - va_end(args); - return ret; -} - -int -ssl_read_line(SSL* ssl, char* buf, size_t max) -{ - int r; - size_t len = 0; - if(!ssl) - return 0; - while(len < max) { - ERR_clear_error(); - if((r=SSL_read(ssl, buf+len, 1)) <= 0) { - if(SSL_get_error(ssl, r) == SSL_ERROR_ZERO_RETURN) { - buf[len] = 0; - return 1; - } - log_crypto_err("could not SSL_read"); - return 0; - } - if(buf[len] == '\n') { - /* return string without \n */ - buf[len] = 0; - return 1; - } - len++; - } - buf[max-1] = 0; - log_err("control line too long (%d): %s", (int)max, buf); - return 0; -} - -/** skip whitespace, return new pointer into string */ -static char* -skipwhite(char* str) -{ - /* EOS \0 is not a space */ - while( isspace((unsigned char)*str) ) - str++; - return str; -} - -/** send the OK to the control client */ -static void send_ok(SSL* ssl) -{ - (void)ssl_printf(ssl, "ok\n"); -} - -/** do the stop command */ -static void -do_stop(SSL* ssl, struct daemon_remote* rc) -{ - rc->worker->need_to_exit = 1; - comm_base_exit(rc->worker->base); - send_ok(ssl); -} - -/** do the reload command */ -static void -do_reload(SSL* ssl, struct daemon_remote* rc) -{ - rc->worker->need_to_exit = 0; - comm_base_exit(rc->worker->base); - send_ok(ssl); -} - -/** do the verbosity command */ -static void -do_verbosity(SSL* ssl, char* str) -{ - int val = atoi(str); - if(val == 0 && strcmp(str, "0") != 0) { - ssl_printf(ssl, "error in verbosity number syntax: %s\n", str); - return; - } - verbosity = val; - send_ok(ssl); -} - -/** print stats from statinfo */ -static int -print_stats(SSL* ssl, const char* nm, struct stats_info* s) -{ - struct timeval avg; - if(!ssl_printf(ssl, "%s.num.queries"SQ"%lu\n", nm, - (unsigned long)s->svr.num_queries)) return 0; - if(!ssl_printf(ssl, "%s.num.queries_ip_ratelimited"SQ"%lu\n", nm, - (unsigned long)s->svr.num_queries_ip_ratelimited)) return 0; - if(!ssl_printf(ssl, "%s.num.cachehits"SQ"%lu\n", nm, - (unsigned long)(s->svr.num_queries - - s->svr.num_queries_missed_cache))) return 0; - if(!ssl_printf(ssl, "%s.num.cachemiss"SQ"%lu\n", nm, - (unsigned long)s->svr.num_queries_missed_cache)) return 0; - if(!ssl_printf(ssl, "%s.num.prefetch"SQ"%lu\n", nm, - (unsigned long)s->svr.num_queries_prefetch)) return 0; - if(!ssl_printf(ssl, "%s.num.zero_ttl"SQ"%lu\n", nm, - (unsigned long)s->svr.zero_ttl_responses)) return 0; - if(!ssl_printf(ssl, "%s.num.recursivereplies"SQ"%lu\n", nm, - (unsigned long)s->mesh_replies_sent)) return 0; -#ifdef USE_DNSCRYPT - if(!ssl_printf(ssl, "%s.num.dnscrypt.crypted"SQ"%lu\n", nm, - (unsigned long)s->svr.num_query_dnscrypt_crypted)) return 0; - if(!ssl_printf(ssl, "%s.num.dnscrypt.cert"SQ"%lu\n", nm, - (unsigned long)s->svr.num_query_dnscrypt_cert)) return 0; - if(!ssl_printf(ssl, "%s.num.dnscrypt.cleartext"SQ"%lu\n", nm, - (unsigned long)s->svr.num_query_dnscrypt_cleartext)) return 0; - if(!ssl_printf(ssl, "%s.num.dnscrypt.malformed"SQ"%lu\n", nm, - (unsigned long)s->svr.num_query_dnscrypt_crypted_malformed)) return 0; -#endif - if(!ssl_printf(ssl, "%s.requestlist.avg"SQ"%g\n", nm, - (s->svr.num_queries_missed_cache+s->svr.num_queries_prefetch)? - (double)s->svr.sum_query_list_size/ - (s->svr.num_queries_missed_cache+ - s->svr.num_queries_prefetch) : 0.0)) return 0; - if(!ssl_printf(ssl, "%s.requestlist.max"SQ"%lu\n", nm, - (unsigned long)s->svr.max_query_list_size)) return 0; - if(!ssl_printf(ssl, "%s.requestlist.overwritten"SQ"%lu\n", nm, - (unsigned long)s->mesh_jostled)) return 0; - if(!ssl_printf(ssl, "%s.requestlist.exceeded"SQ"%lu\n", nm, - (unsigned long)s->mesh_dropped)) return 0; - if(!ssl_printf(ssl, "%s.requestlist.current.all"SQ"%lu\n", nm, - (unsigned long)s->mesh_num_states)) return 0; - if(!ssl_printf(ssl, "%s.requestlist.current.user"SQ"%lu\n", nm, - (unsigned long)s->mesh_num_reply_states)) return 0; - timeval_divide(&avg, &s->mesh_replies_sum_wait, s->mesh_replies_sent); - if(!ssl_printf(ssl, "%s.recursion.time.avg"SQ ARG_LL "d.%6.6d\n", nm, - (long long)avg.tv_sec, (int)avg.tv_usec)) return 0; - if(!ssl_printf(ssl, "%s.recursion.time.median"SQ"%g\n", nm, - s->mesh_time_median)) return 0; - if(!ssl_printf(ssl, "%s.tcpusage"SQ"%lu\n", nm, - (unsigned long)s->svr.tcp_accept_usage)) return 0; - return 1; -} - -/** print stats for one thread */ -static int -print_thread_stats(SSL* ssl, int i, struct stats_info* s) -{ - char nm[16]; - snprintf(nm, sizeof(nm), "thread%d", i); - nm[sizeof(nm)-1]=0; - return print_stats(ssl, nm, s); -} - -/** print long number */ -static int -print_longnum(SSL* ssl, const char* desc, size_t x) -{ - if(x > 1024*1024*1024) { - /* more than a Gb */ - size_t front = x / (size_t)1000000; - size_t back = x % (size_t)1000000; - return ssl_printf(ssl, "%s%u%6.6u\n", desc, - (unsigned)front, (unsigned)back); - } else { - return ssl_printf(ssl, "%s%lu\n", desc, (unsigned long)x); - } -} - -/** print mem stats */ -static int -print_mem(SSL* ssl, struct worker* worker, struct daemon* daemon) -{ - int m; - size_t msg, rrset, val, iter, respip; -#ifdef CLIENT_SUBNET - size_t subnet = 0; -#endif /* CLIENT_SUBNET */ - msg = slabhash_get_mem(daemon->env->msg_cache); - rrset = slabhash_get_mem(&daemon->env->rrset_cache->table); - val=0; - iter=0; - respip=0; - m = modstack_find(&worker->env.mesh->mods, "validator"); - if(m != -1) { - fptr_ok(fptr_whitelist_mod_get_mem(worker->env.mesh-> - mods.mod[m]->get_mem)); - val = (*worker->env.mesh->mods.mod[m]->get_mem) - (&worker->env, m); - } - m = modstack_find(&worker->env.mesh->mods, "iterator"); - if(m != -1) { - fptr_ok(fptr_whitelist_mod_get_mem(worker->env.mesh-> - mods.mod[m]->get_mem)); - iter = (*worker->env.mesh->mods.mod[m]->get_mem) - (&worker->env, m); - } - m = modstack_find(&worker->env.mesh->mods, "respip"); - if(m != -1) { - fptr_ok(fptr_whitelist_mod_get_mem(worker->env.mesh-> - mods.mod[m]->get_mem)); - respip = (*worker->env.mesh->mods.mod[m]->get_mem) - (&worker->env, m); - } -#ifdef CLIENT_SUBNET - m = modstack_find(&worker->env.mesh->mods, "subnet"); - if(m != -1) { - fptr_ok(fptr_whitelist_mod_get_mem(worker->env.mesh-> - mods.mod[m]->get_mem)); - subnet = (*worker->env.mesh->mods.mod[m]->get_mem) - (&worker->env, m); - } -#endif /* CLIENT_SUBNET */ - - if(!print_longnum(ssl, "mem.cache.rrset"SQ, rrset)) - return 0; - if(!print_longnum(ssl, "mem.cache.message"SQ, msg)) - return 0; - if(!print_longnum(ssl, "mem.mod.iterator"SQ, iter)) - return 0; - if(!print_longnum(ssl, "mem.mod.validator"SQ, val)) - return 0; - if(!print_longnum(ssl, "mem.mod.respip"SQ, respip)) - return 0; -#ifdef CLIENT_SUBNET - if(!print_longnum(ssl, "mem.mod.subnet"SQ, subnet)) - return 0; -#endif /* CLIENT_SUBNET */ - return 1; -} - -/** print uptime stats */ -static int -print_uptime(SSL* ssl, struct worker* worker, int reset) -{ - struct timeval now = *worker->env.now_tv; - struct timeval up, dt; - timeval_subtract(&up, &now, &worker->daemon->time_boot); - timeval_subtract(&dt, &now, &worker->daemon->time_last_stat); - if(reset) - worker->daemon->time_last_stat = now; - if(!ssl_printf(ssl, "time.now"SQ ARG_LL "d.%6.6d\n", - (long long)now.tv_sec, (unsigned)now.tv_usec)) return 0; - if(!ssl_printf(ssl, "time.up"SQ ARG_LL "d.%6.6d\n", - (long long)up.tv_sec, (unsigned)up.tv_usec)) return 0; - if(!ssl_printf(ssl, "time.elapsed"SQ ARG_LL "d.%6.6d\n", - (long long)dt.tv_sec, (unsigned)dt.tv_usec)) return 0; - return 1; -} - -/** print extended histogram */ -static int -print_hist(SSL* ssl, struct stats_info* s) -{ - struct timehist* hist; - size_t i; - hist = timehist_setup(); - if(!hist) { - log_err("out of memory"); - return 0; - } - timehist_import(hist, s->svr.hist, NUM_BUCKETS_HIST); - for(i=0; inum; i++) { - if(!ssl_printf(ssl, - "histogram.%6.6d.%6.6d.to.%6.6d.%6.6d=%lu\n", - (int)hist->buckets[i].lower.tv_sec, - (int)hist->buckets[i].lower.tv_usec, - (int)hist->buckets[i].upper.tv_sec, - (int)hist->buckets[i].upper.tv_usec, - (unsigned long)hist->buckets[i].count)) { - timehist_delete(hist); - return 0; - } - } - timehist_delete(hist); - return 1; -} - -/** print extended stats */ -static int -print_ext(SSL* ssl, struct stats_info* s) -{ - int i; - char nm[16]; - const sldns_rr_descriptor* desc; - const sldns_lookup_table* lt; - /* TYPE */ - for(i=0; isvr.qtype[i] == 0) - continue; - desc = sldns_rr_descript((uint16_t)i); - if(desc && desc->_name) { - snprintf(nm, sizeof(nm), "%s", desc->_name); - } else if (i == LDNS_RR_TYPE_IXFR) { - snprintf(nm, sizeof(nm), "IXFR"); - } else if (i == LDNS_RR_TYPE_AXFR) { - snprintf(nm, sizeof(nm), "AXFR"); - } else if (i == LDNS_RR_TYPE_MAILA) { - snprintf(nm, sizeof(nm), "MAILA"); - } else if (i == LDNS_RR_TYPE_MAILB) { - snprintf(nm, sizeof(nm), "MAILB"); - } else if (i == LDNS_RR_TYPE_ANY) { - snprintf(nm, sizeof(nm), "ANY"); - } else { - snprintf(nm, sizeof(nm), "TYPE%d", i); - } - if(!ssl_printf(ssl, "num.query.type.%s"SQ"%lu\n", - nm, (unsigned long)s->svr.qtype[i])) return 0; - } - if(!inhibit_zero || s->svr.qtype_big) { - if(!ssl_printf(ssl, "num.query.type.other"SQ"%lu\n", - (unsigned long)s->svr.qtype_big)) return 0; - } - /* CLASS */ - for(i=0; isvr.qclass[i] == 0) - continue; - lt = sldns_lookup_by_id(sldns_rr_classes, i); - if(lt && lt->name) { - snprintf(nm, sizeof(nm), "%s", lt->name); - } else { - snprintf(nm, sizeof(nm), "CLASS%d", i); - } - if(!ssl_printf(ssl, "num.query.class.%s"SQ"%lu\n", - nm, (unsigned long)s->svr.qclass[i])) return 0; - } - if(!inhibit_zero || s->svr.qclass_big) { - if(!ssl_printf(ssl, "num.query.class.other"SQ"%lu\n", - (unsigned long)s->svr.qclass_big)) return 0; - } - /* OPCODE */ - for(i=0; isvr.qopcode[i] == 0) - continue; - lt = sldns_lookup_by_id(sldns_opcodes, i); - if(lt && lt->name) { - snprintf(nm, sizeof(nm), "%s", lt->name); - } else { - snprintf(nm, sizeof(nm), "OPCODE%d", i); - } - if(!ssl_printf(ssl, "num.query.opcode.%s"SQ"%lu\n", - nm, (unsigned long)s->svr.qopcode[i])) return 0; - } - /* transport */ - if(!ssl_printf(ssl, "num.query.tcp"SQ"%lu\n", - (unsigned long)s->svr.qtcp)) return 0; - if(!ssl_printf(ssl, "num.query.tcpout"SQ"%lu\n", - (unsigned long)s->svr.qtcp_outgoing)) return 0; - if(!ssl_printf(ssl, "num.query.ipv6"SQ"%lu\n", - (unsigned long)s->svr.qipv6)) return 0; - /* flags */ - if(!ssl_printf(ssl, "num.query.flags.QR"SQ"%lu\n", - (unsigned long)s->svr.qbit_QR)) return 0; - if(!ssl_printf(ssl, "num.query.flags.AA"SQ"%lu\n", - (unsigned long)s->svr.qbit_AA)) return 0; - if(!ssl_printf(ssl, "num.query.flags.TC"SQ"%lu\n", - (unsigned long)s->svr.qbit_TC)) return 0; - if(!ssl_printf(ssl, "num.query.flags.RD"SQ"%lu\n", - (unsigned long)s->svr.qbit_RD)) return 0; - if(!ssl_printf(ssl, "num.query.flags.RA"SQ"%lu\n", - (unsigned long)s->svr.qbit_RA)) return 0; - if(!ssl_printf(ssl, "num.query.flags.Z"SQ"%lu\n", - (unsigned long)s->svr.qbit_Z)) return 0; - if(!ssl_printf(ssl, "num.query.flags.AD"SQ"%lu\n", - (unsigned long)s->svr.qbit_AD)) return 0; - if(!ssl_printf(ssl, "num.query.flags.CD"SQ"%lu\n", - (unsigned long)s->svr.qbit_CD)) return 0; - if(!ssl_printf(ssl, "num.query.edns.present"SQ"%lu\n", - (unsigned long)s->svr.qEDNS)) return 0; - if(!ssl_printf(ssl, "num.query.edns.DO"SQ"%lu\n", - (unsigned long)s->svr.qEDNS_DO)) return 0; - - /* RCODE */ - for(i=0; i LDNS_RCODE_REFUSED && s->svr.ans_rcode[i] == 0) - continue; - lt = sldns_lookup_by_id(sldns_rcodes, i); - if(lt && lt->name) { - snprintf(nm, sizeof(nm), "%s", lt->name); - } else { - snprintf(nm, sizeof(nm), "RCODE%d", i); - } - if(!ssl_printf(ssl, "num.answer.rcode.%s"SQ"%lu\n", - nm, (unsigned long)s->svr.ans_rcode[i])) return 0; - } - if(!inhibit_zero || s->svr.ans_rcode_nodata) { - if(!ssl_printf(ssl, "num.answer.rcode.nodata"SQ"%lu\n", - (unsigned long)s->svr.ans_rcode_nodata)) return 0; - } - /* validation */ - if(!ssl_printf(ssl, "num.answer.secure"SQ"%lu\n", - (unsigned long)s->svr.ans_secure)) return 0; - if(!ssl_printf(ssl, "num.answer.bogus"SQ"%lu\n", - (unsigned long)s->svr.ans_bogus)) return 0; - if(!ssl_printf(ssl, "num.rrset.bogus"SQ"%lu\n", - (unsigned long)s->svr.rrset_bogus)) return 0; - /* threat detection */ - if(!ssl_printf(ssl, "unwanted.queries"SQ"%lu\n", - (unsigned long)s->svr.unwanted_queries)) return 0; - if(!ssl_printf(ssl, "unwanted.replies"SQ"%lu\n", - (unsigned long)s->svr.unwanted_replies)) return 0; - /* cache counts */ - if(!ssl_printf(ssl, "msg.cache.count"SQ"%u\n", - (unsigned)s->svr.msg_cache_count)) return 0; - if(!ssl_printf(ssl, "rrset.cache.count"SQ"%u\n", - (unsigned)s->svr.rrset_cache_count)) return 0; - if(!ssl_printf(ssl, "infra.cache.count"SQ"%u\n", - (unsigned)s->svr.infra_cache_count)) return 0; - if(!ssl_printf(ssl, "key.cache.count"SQ"%u\n", - (unsigned)s->svr.key_cache_count)) return 0; - return 1; -} - -/** do the stats command */ -static void -do_stats(SSL* ssl, struct daemon_remote* rc, int reset) -{ - struct daemon* daemon = rc->worker->daemon; - struct stats_info total; - struct stats_info s; - int i; - log_assert(daemon->num > 0); - /* gather all thread statistics in one place */ - for(i=0; inum; i++) { - server_stats_obtain(rc->worker, daemon->workers[i], &s, reset); - if(!print_thread_stats(ssl, i, &s)) - return; - if(i == 0) - total = s; - else server_stats_add(&total, &s); - } - /* print the thread statistics */ - total.mesh_time_median /= (double)daemon->num; - if(!print_stats(ssl, "total", &total)) - return; - if(!print_uptime(ssl, rc->worker, reset)) - return; - if(daemon->cfg->stat_extended) { - if(!print_mem(ssl, rc->worker, daemon)) - return; - if(!print_hist(ssl, &total)) - return; - if(!print_ext(ssl, &total)) - return; - } -} - -/** parse commandline argument domain name */ -static int -parse_arg_name(SSL* ssl, char* str, uint8_t** res, size_t* len, int* labs) -{ - uint8_t nm[LDNS_MAX_DOMAINLEN+1]; - size_t nmlen = sizeof(nm); - int status; - *res = NULL; - *len = 0; - *labs = 0; - status = sldns_str2wire_dname_buf(str, nm, &nmlen); - if(status != 0) { - ssl_printf(ssl, "error cannot parse name %s at %d: %s\n", str, - LDNS_WIREPARSE_OFFSET(status), - sldns_get_errorstr_parse(status)); - return 0; - } - *res = memdup(nm, nmlen); - if(!*res) { - ssl_printf(ssl, "error out of memory\n"); - return 0; - } - *labs = dname_count_size_labels(*res, len); - return 1; -} - -/** find second argument, modifies string */ -static int -find_arg2(SSL* ssl, char* arg, char** arg2) -{ - char* as = strchr(arg, ' '); - char* at = strchr(arg, '\t'); - if(as && at) { - if(at < as) - as = at; - as[0]=0; - *arg2 = skipwhite(as+1); - } else if(as) { - as[0]=0; - *arg2 = skipwhite(as+1); - } else if(at) { - at[0]=0; - *arg2 = skipwhite(at+1); - } else { - ssl_printf(ssl, "error could not find next argument " - "after %s\n", arg); - return 0; - } - return 1; -} - -/** Add a new zone */ -static int -perform_zone_add(SSL* ssl, struct local_zones* zones, char* arg) -{ - uint8_t* nm; - int nmlabs; - size_t nmlen; - char* arg2; - enum localzone_type t; - struct local_zone* z; - if(!find_arg2(ssl, arg, &arg2)) - return 0; - if(!parse_arg_name(ssl, arg, &nm, &nmlen, &nmlabs)) - return 0; - if(!local_zone_str2type(arg2, &t)) { - ssl_printf(ssl, "error not a zone type. %s\n", arg2); - free(nm); - return 0; - } - lock_rw_wrlock(&zones->lock); - if((z=local_zones_find(zones, nm, nmlen, - nmlabs, LDNS_RR_CLASS_IN))) { - /* already present in tree */ - lock_rw_wrlock(&z->lock); - z->type = t; /* update type anyway */ - lock_rw_unlock(&z->lock); - free(nm); - lock_rw_unlock(&zones->lock); - return 1; - } - if(!local_zones_add_zone(zones, nm, nmlen, - nmlabs, LDNS_RR_CLASS_IN, t)) { - lock_rw_unlock(&zones->lock); - ssl_printf(ssl, "error out of memory\n"); - return 0; - } - lock_rw_unlock(&zones->lock); - return 1; -} - -/** Do the local_zone command */ -static void -do_zone_add(SSL* ssl, struct local_zones* zones, char* arg) -{ - if(!perform_zone_add(ssl, zones, arg)) - return; - send_ok(ssl); -} - -/** Do the local_zones command */ -static void -do_zones_add(SSL* ssl, struct local_zones* zones) -{ - char buf[2048]; - int num = 0; - while(ssl_read_line(ssl, buf, sizeof(buf))) { - if(buf[0] == 0x04 && buf[1] == 0) - break; /* end of transmission */ - if(!perform_zone_add(ssl, zones, buf)) { - if(!ssl_printf(ssl, "error for input line: %s\n", buf)) - return; - } - else - num++; - } - (void)ssl_printf(ssl, "added %d zones\n", num); -} - -/** Remove a zone */ -static int -perform_zone_remove(SSL* ssl, struct local_zones* zones, char* arg) -{ - uint8_t* nm; - int nmlabs; - size_t nmlen; - struct local_zone* z; - if(!parse_arg_name(ssl, arg, &nm, &nmlen, &nmlabs)) - return 0; - lock_rw_wrlock(&zones->lock); - if((z=local_zones_find(zones, nm, nmlen, - nmlabs, LDNS_RR_CLASS_IN))) { - /* present in tree */ - local_zones_del_zone(zones, z); - } - lock_rw_unlock(&zones->lock); - free(nm); - return 1; -} - -/** Do the local_zone_remove command */ -static void -do_zone_remove(SSL* ssl, struct local_zones* zones, char* arg) -{ - if(!perform_zone_remove(ssl, zones, arg)) - return; - send_ok(ssl); -} - -/** Do the local_zones_remove command */ -static void -do_zones_remove(SSL* ssl, struct local_zones* zones) -{ - char buf[2048]; - int num = 0; - while(ssl_read_line(ssl, buf, sizeof(buf))) { - if(buf[0] == 0x04 && buf[1] == 0) - break; /* end of transmission */ - if(!perform_zone_remove(ssl, zones, buf)) { - if(!ssl_printf(ssl, "error for input line: %s\n", buf)) - return; - } - else - num++; - } - (void)ssl_printf(ssl, "removed %d zones\n", num); -} - -/** Add new RR data */ -static int -perform_data_add(SSL* ssl, struct local_zones* zones, char* arg) -{ - if(!local_zones_add_RR(zones, arg)) { - ssl_printf(ssl,"error in syntax or out of memory, %s\n", arg); - return 0; - } - return 1; -} - -/** Do the local_data command */ -static void -do_data_add(SSL* ssl, struct local_zones* zones, char* arg) -{ - if(!perform_data_add(ssl, zones, arg)) - return; - send_ok(ssl); -} - -/** Do the local_datas command */ -static void -do_datas_add(SSL* ssl, struct local_zones* zones) -{ - char buf[2048]; - int num = 0; - while(ssl_read_line(ssl, buf, sizeof(buf))) { - if(buf[0] == 0x04 && buf[1] == 0) - break; /* end of transmission */ - if(!perform_data_add(ssl, zones, buf)) { - if(!ssl_printf(ssl, "error for input line: %s\n", buf)) - return; - } - else - num++; - } - (void)ssl_printf(ssl, "added %d datas\n", num); -} - -/** Remove RR data */ -static int -perform_data_remove(SSL* ssl, struct local_zones* zones, char* arg) -{ - uint8_t* nm; - int nmlabs; - size_t nmlen; - if(!parse_arg_name(ssl, arg, &nm, &nmlen, &nmlabs)) - return 0; - local_zones_del_data(zones, nm, - nmlen, nmlabs, LDNS_RR_CLASS_IN); - free(nm); - return 1; -} - -/** Do the local_data_remove command */ -static void -do_data_remove(SSL* ssl, struct local_zones* zones, char* arg) -{ - if(!perform_data_remove(ssl, zones, arg)) - return; - send_ok(ssl); -} - -/** Do the local_datas_remove command */ -static void -do_datas_remove(SSL* ssl, struct local_zones* zones) -{ - char buf[2048]; - int num = 0; - while(ssl_read_line(ssl, buf, sizeof(buf))) { - if(buf[0] == 0x04 && buf[1] == 0) - break; /* end of transmission */ - if(!perform_data_remove(ssl, zones, buf)) { - if(!ssl_printf(ssl, "error for input line: %s\n", buf)) - return; - } - else - num++; - } - (void)ssl_printf(ssl, "removed %d datas\n", num); -} - -/** Add a new zone to view */ -static void -do_view_zone_add(SSL* ssl, struct worker* worker, char* arg) -{ - char* arg2; - struct view* v; - if(!find_arg2(ssl, arg, &arg2)) - return; - v = views_find_view(worker->daemon->views, - arg, 1 /* get write lock*/); - if(!v) { - ssl_printf(ssl,"no view with name: %s\n", arg); - return; - } - if(!v->local_zones) { - if(!(v->local_zones = local_zones_create())){ - lock_rw_unlock(&v->lock); - ssl_printf(ssl,"error out of memory\n"); - return; - } - } - do_zone_add(ssl, v->local_zones, arg2); - lock_rw_unlock(&v->lock); -} - -/** Remove a zone from view */ -static void -do_view_zone_remove(SSL* ssl, struct worker* worker, char* arg) -{ - char* arg2; - struct view* v; - if(!find_arg2(ssl, arg, &arg2)) - return; - v = views_find_view(worker->daemon->views, - arg, 1 /* get write lock*/); - if(!v) { - ssl_printf(ssl,"no view with name: %s\n", arg); - return; - } - if(!v->local_zones) { - lock_rw_unlock(&v->lock); - send_ok(ssl); - return; - } - do_zone_remove(ssl, v->local_zones, arg2); - lock_rw_unlock(&v->lock); -} - -/** Add new RR data to view */ -static void -do_view_data_add(SSL* ssl, struct worker* worker, char* arg) -{ - char* arg2; - struct view* v; - if(!find_arg2(ssl, arg, &arg2)) - return; - v = views_find_view(worker->daemon->views, - arg, 1 /* get write lock*/); - if(!v) { - ssl_printf(ssl,"no view with name: %s\n", arg); - return; - } - if(!v->local_zones) { - if(!(v->local_zones = local_zones_create())){ - lock_rw_unlock(&v->lock); - ssl_printf(ssl,"error out of memory\n"); - return; - } - } - do_data_add(ssl, v->local_zones, arg2); - lock_rw_unlock(&v->lock); -} - -/** Remove RR data from view */ -static void -do_view_data_remove(SSL* ssl, struct worker* worker, char* arg) -{ - char* arg2; - struct view* v; - if(!find_arg2(ssl, arg, &arg2)) - return; - v = views_find_view(worker->daemon->views, - arg, 1 /* get write lock*/); - if(!v) { - ssl_printf(ssl,"no view with name: %s\n", arg); - return; - } - if(!v->local_zones) { - lock_rw_unlock(&v->lock); - send_ok(ssl); - return; - } - do_data_remove(ssl, v->local_zones, arg2); - lock_rw_unlock(&v->lock); -} - -/** cache lookup of nameservers */ -static void -do_lookup(SSL* ssl, struct worker* worker, char* arg) -{ - uint8_t* nm; - int nmlabs; - size_t nmlen; - if(!parse_arg_name(ssl, arg, &nm, &nmlen, &nmlabs)) - return; - (void)print_deleg_lookup(ssl, worker, nm, nmlen, nmlabs); - free(nm); -} - -/** flush something from rrset and msg caches */ -static void -do_cache_remove(struct worker* worker, uint8_t* nm, size_t nmlen, - uint16_t t, uint16_t c) -{ - hashvalue_type h; - struct query_info k; - rrset_cache_remove(worker->env.rrset_cache, nm, nmlen, t, c, 0); - if(t == LDNS_RR_TYPE_SOA) - rrset_cache_remove(worker->env.rrset_cache, nm, nmlen, t, c, - PACKED_RRSET_SOA_NEG); - k.qname = nm; - k.qname_len = nmlen; - k.qtype = t; - k.qclass = c; - k.local_alias = NULL; - h = query_info_hash(&k, 0); - slabhash_remove(worker->env.msg_cache, h, &k); - if(t == LDNS_RR_TYPE_AAAA) { - /* for AAAA also flush dns64 bit_cd packet */ - h = query_info_hash(&k, BIT_CD); - slabhash_remove(worker->env.msg_cache, h, &k); - } -} - -/** flush a type */ -static void -do_flush_type(SSL* ssl, struct worker* worker, char* arg) -{ - uint8_t* nm; - int nmlabs; - size_t nmlen; - char* arg2; - uint16_t t; - if(!find_arg2(ssl, arg, &arg2)) - return; - if(!parse_arg_name(ssl, arg, &nm, &nmlen, &nmlabs)) - return; - t = sldns_get_rr_type_by_name(arg2); - do_cache_remove(worker, nm, nmlen, t, LDNS_RR_CLASS_IN); - - free(nm); - send_ok(ssl); -} - -/** flush statistics */ -static void -do_flush_stats(SSL* ssl, struct worker* worker) -{ - worker_stats_clear(worker); - send_ok(ssl); -} - -/** - * Local info for deletion functions - */ -struct del_info { - /** worker */ - struct worker* worker; - /** name to delete */ - uint8_t* name; - /** length */ - size_t len; - /** labels */ - int labs; - /** time to invalidate to */ - time_t expired; - /** number of rrsets removed */ - size_t num_rrsets; - /** number of msgs removed */ - size_t num_msgs; - /** number of key entries removed */ - size_t num_keys; - /** length of addr */ - socklen_t addrlen; - /** socket address for host deletion */ - struct sockaddr_storage addr; -}; - -/** callback to delete hosts in infra cache */ -static void -infra_del_host(struct lruhash_entry* e, void* arg) -{ - /* entry is locked */ - struct del_info* inf = (struct del_info*)arg; - struct infra_key* k = (struct infra_key*)e->key; - if(sockaddr_cmp(&inf->addr, inf->addrlen, &k->addr, k->addrlen) == 0) { - struct infra_data* d = (struct infra_data*)e->data; - d->probedelay = 0; - d->timeout_A = 0; - d->timeout_AAAA = 0; - d->timeout_other = 0; - rtt_init(&d->rtt); - if(d->ttl > inf->expired) { - d->ttl = inf->expired; - inf->num_keys++; - } - } -} - -/** flush infra cache */ -static void -do_flush_infra(SSL* ssl, struct worker* worker, char* arg) -{ - struct sockaddr_storage addr; - socklen_t len; - struct del_info inf; - if(strcmp(arg, "all") == 0) { - slabhash_clear(worker->env.infra_cache->hosts); - send_ok(ssl); - return; - } - if(!ipstrtoaddr(arg, UNBOUND_DNS_PORT, &addr, &len)) { - (void)ssl_printf(ssl, "error parsing ip addr: '%s'\n", arg); - return; - } - /* delete all entries from cache */ - /* what we do is to set them all expired */ - inf.worker = worker; - inf.name = 0; - inf.len = 0; - inf.labs = 0; - inf.expired = *worker->env.now; - inf.expired -= 3; /* handle 3 seconds skew between threads */ - inf.num_rrsets = 0; - inf.num_msgs = 0; - inf.num_keys = 0; - inf.addrlen = len; - memmove(&inf.addr, &addr, len); - slabhash_traverse(worker->env.infra_cache->hosts, 1, &infra_del_host, - &inf); - send_ok(ssl); -} - -/** flush requestlist */ -static void -do_flush_requestlist(SSL* ssl, struct worker* worker) -{ - mesh_delete_all(worker->env.mesh); - send_ok(ssl); -} - -/** callback to delete rrsets in a zone */ -static void -zone_del_rrset(struct lruhash_entry* e, void* arg) -{ - /* entry is locked */ - struct del_info* inf = (struct del_info*)arg; - struct ub_packed_rrset_key* k = (struct ub_packed_rrset_key*)e->key; - if(dname_subdomain_c(k->rk.dname, inf->name)) { - struct packed_rrset_data* d = - (struct packed_rrset_data*)e->data; - if(d->ttl > inf->expired) { - d->ttl = inf->expired; - inf->num_rrsets++; - } - } -} - -/** callback to delete messages in a zone */ -static void -zone_del_msg(struct lruhash_entry* e, void* arg) -{ - /* entry is locked */ - struct del_info* inf = (struct del_info*)arg; - struct msgreply_entry* k = (struct msgreply_entry*)e->key; - if(dname_subdomain_c(k->key.qname, inf->name)) { - struct reply_info* d = (struct reply_info*)e->data; - if(d->ttl > inf->expired) { - d->ttl = inf->expired; - inf->num_msgs++; - } - } -} - -/** callback to delete keys in zone */ -static void -zone_del_kcache(struct lruhash_entry* e, void* arg) -{ - /* entry is locked */ - struct del_info* inf = (struct del_info*)arg; - struct key_entry_key* k = (struct key_entry_key*)e->key; - if(dname_subdomain_c(k->name, inf->name)) { - struct key_entry_data* d = (struct key_entry_data*)e->data; - if(d->ttl > inf->expired) { - d->ttl = inf->expired; - inf->num_keys++; - } - } -} - -/** remove all rrsets and keys from zone from cache */ -static void -do_flush_zone(SSL* ssl, struct worker* worker, char* arg) -{ - uint8_t* nm; - int nmlabs; - size_t nmlen; - struct del_info inf; - if(!parse_arg_name(ssl, arg, &nm, &nmlen, &nmlabs)) - return; - /* delete all RRs and key entries from zone */ - /* what we do is to set them all expired */ - inf.worker = worker; - inf.name = nm; - inf.len = nmlen; - inf.labs = nmlabs; - inf.expired = *worker->env.now; - inf.expired -= 3; /* handle 3 seconds skew between threads */ - inf.num_rrsets = 0; - inf.num_msgs = 0; - inf.num_keys = 0; - slabhash_traverse(&worker->env.rrset_cache->table, 1, - &zone_del_rrset, &inf); - - slabhash_traverse(worker->env.msg_cache, 1, &zone_del_msg, &inf); - - /* and validator cache */ - if(worker->env.key_cache) { - slabhash_traverse(worker->env.key_cache->slab, 1, - &zone_del_kcache, &inf); - } - - free(nm); - - (void)ssl_printf(ssl, "ok removed %lu rrsets, %lu messages " - "and %lu key entries\n", (unsigned long)inf.num_rrsets, - (unsigned long)inf.num_msgs, (unsigned long)inf.num_keys); -} - -/** callback to delete bogus rrsets */ -static void -bogus_del_rrset(struct lruhash_entry* e, void* arg) -{ - /* entry is locked */ - struct del_info* inf = (struct del_info*)arg; - struct packed_rrset_data* d = (struct packed_rrset_data*)e->data; - if(d->security == sec_status_bogus) { - d->ttl = inf->expired; - inf->num_rrsets++; - } -} - -/** callback to delete bogus messages */ -static void -bogus_del_msg(struct lruhash_entry* e, void* arg) -{ - /* entry is locked */ - struct del_info* inf = (struct del_info*)arg; - struct reply_info* d = (struct reply_info*)e->data; - if(d->security == sec_status_bogus) { - d->ttl = inf->expired; - inf->num_msgs++; - } -} - -/** callback to delete bogus keys */ -static void -bogus_del_kcache(struct lruhash_entry* e, void* arg) -{ - /* entry is locked */ - struct del_info* inf = (struct del_info*)arg; - struct key_entry_data* d = (struct key_entry_data*)e->data; - if(d->isbad) { - d->ttl = inf->expired; - inf->num_keys++; - } -} - -/** remove all bogus rrsets, msgs and keys from cache */ -static void -do_flush_bogus(SSL* ssl, struct worker* worker) -{ - struct del_info inf; - /* what we do is to set them all expired */ - inf.worker = worker; - inf.expired = *worker->env.now; - inf.expired -= 3; /* handle 3 seconds skew between threads */ - inf.num_rrsets = 0; - inf.num_msgs = 0; - inf.num_keys = 0; - slabhash_traverse(&worker->env.rrset_cache->table, 1, - &bogus_del_rrset, &inf); - - slabhash_traverse(worker->env.msg_cache, 1, &bogus_del_msg, &inf); - - /* and validator cache */ - if(worker->env.key_cache) { - slabhash_traverse(worker->env.key_cache->slab, 1, - &bogus_del_kcache, &inf); - } - - (void)ssl_printf(ssl, "ok removed %lu rrsets, %lu messages " - "and %lu key entries\n", (unsigned long)inf.num_rrsets, - (unsigned long)inf.num_msgs, (unsigned long)inf.num_keys); -} - -/** callback to delete negative and servfail rrsets */ -static void -negative_del_rrset(struct lruhash_entry* e, void* arg) -{ - /* entry is locked */ - struct del_info* inf = (struct del_info*)arg; - struct ub_packed_rrset_key* k = (struct ub_packed_rrset_key*)e->key; - struct packed_rrset_data* d = (struct packed_rrset_data*)e->data; - /* delete the parentside negative cache rrsets, - * these are namerserver rrsets that failed lookup, rdata empty */ - if((k->rk.flags & PACKED_RRSET_PARENT_SIDE) && d->count == 1 && - d->rrsig_count == 0 && d->rr_len[0] == 0) { - d->ttl = inf->expired; - inf->num_rrsets++; - } -} - -/** callback to delete negative and servfail messages */ -static void -negative_del_msg(struct lruhash_entry* e, void* arg) -{ - /* entry is locked */ - struct del_info* inf = (struct del_info*)arg; - struct reply_info* d = (struct reply_info*)e->data; - /* rcode not NOERROR: NXDOMAIN, SERVFAIL, ..: an nxdomain or error - * or NOERROR rcode with ANCOUNT==0: a NODATA answer */ - if(FLAGS_GET_RCODE(d->flags) != 0 || d->an_numrrsets == 0) { - d->ttl = inf->expired; - inf->num_msgs++; - } -} - -/** callback to delete negative key entries */ -static void -negative_del_kcache(struct lruhash_entry* e, void* arg) -{ - /* entry is locked */ - struct del_info* inf = (struct del_info*)arg; - struct key_entry_data* d = (struct key_entry_data*)e->data; - /* could be bad because of lookup failure on the DS, DNSKEY, which - * was nxdomain or servfail, and thus a result of negative lookups */ - if(d->isbad) { - d->ttl = inf->expired; - inf->num_keys++; - } -} - -/** remove all negative(NODATA,NXDOMAIN), and servfail messages from cache */ -static void -do_flush_negative(SSL* ssl, struct worker* worker) -{ - struct del_info inf; - /* what we do is to set them all expired */ - inf.worker = worker; - inf.expired = *worker->env.now; - inf.expired -= 3; /* handle 3 seconds skew between threads */ - inf.num_rrsets = 0; - inf.num_msgs = 0; - inf.num_keys = 0; - slabhash_traverse(&worker->env.rrset_cache->table, 1, - &negative_del_rrset, &inf); - - slabhash_traverse(worker->env.msg_cache, 1, &negative_del_msg, &inf); - - /* and validator cache */ - if(worker->env.key_cache) { - slabhash_traverse(worker->env.key_cache->slab, 1, - &negative_del_kcache, &inf); - } - - (void)ssl_printf(ssl, "ok removed %lu rrsets, %lu messages " - "and %lu key entries\n", (unsigned long)inf.num_rrsets, - (unsigned long)inf.num_msgs, (unsigned long)inf.num_keys); -} - -/** remove name rrset from cache */ -static void -do_flush_name(SSL* ssl, struct worker* w, char* arg) -{ - uint8_t* nm; - int nmlabs; - size_t nmlen; - if(!parse_arg_name(ssl, arg, &nm, &nmlen, &nmlabs)) - return; - do_cache_remove(w, nm, nmlen, LDNS_RR_TYPE_A, LDNS_RR_CLASS_IN); - do_cache_remove(w, nm, nmlen, LDNS_RR_TYPE_AAAA, LDNS_RR_CLASS_IN); - do_cache_remove(w, nm, nmlen, LDNS_RR_TYPE_NS, LDNS_RR_CLASS_IN); - do_cache_remove(w, nm, nmlen, LDNS_RR_TYPE_SOA, LDNS_RR_CLASS_IN); - do_cache_remove(w, nm, nmlen, LDNS_RR_TYPE_CNAME, LDNS_RR_CLASS_IN); - do_cache_remove(w, nm, nmlen, LDNS_RR_TYPE_DNAME, LDNS_RR_CLASS_IN); - do_cache_remove(w, nm, nmlen, LDNS_RR_TYPE_MX, LDNS_RR_CLASS_IN); - do_cache_remove(w, nm, nmlen, LDNS_RR_TYPE_PTR, LDNS_RR_CLASS_IN); - do_cache_remove(w, nm, nmlen, LDNS_RR_TYPE_SRV, LDNS_RR_CLASS_IN); - do_cache_remove(w, nm, nmlen, LDNS_RR_TYPE_NAPTR, LDNS_RR_CLASS_IN); - - free(nm); - send_ok(ssl); -} - -/** printout a delegation point info */ -static int -ssl_print_name_dp(SSL* ssl, const char* str, uint8_t* nm, uint16_t dclass, - struct delegpt* dp) -{ - char buf[257]; - struct delegpt_ns* ns; - struct delegpt_addr* a; - int f = 0; - if(str) { /* print header for forward, stub */ - char* c = sldns_wire2str_class(dclass); - dname_str(nm, buf); - if(!ssl_printf(ssl, "%s %s %s ", buf, (c?c:"CLASS??"), str)) { - free(c); - return 0; - } - free(c); - } - for(ns = dp->nslist; ns; ns = ns->next) { - dname_str(ns->name, buf); - if(!ssl_printf(ssl, "%s%s", (f?" ":""), buf)) - return 0; - f = 1; - } - for(a = dp->target_list; a; a = a->next_target) { - addr_to_str(&a->addr, a->addrlen, buf, sizeof(buf)); - if(!ssl_printf(ssl, "%s%s", (f?" ":""), buf)) - return 0; - f = 1; - } - return ssl_printf(ssl, "\n"); -} - - -/** print root forwards */ -static int -print_root_fwds(SSL* ssl, struct iter_forwards* fwds, uint8_t* root) -{ - struct delegpt* dp; - dp = forwards_lookup(fwds, root, LDNS_RR_CLASS_IN); - if(!dp) - return ssl_printf(ssl, "off (using root hints)\n"); - /* if dp is returned it must be the root */ - log_assert(query_dname_compare(dp->name, root)==0); - return ssl_print_name_dp(ssl, NULL, root, LDNS_RR_CLASS_IN, dp); -} - -/** parse args into delegpt */ -static struct delegpt* -parse_delegpt(SSL* ssl, char* args, uint8_t* nm, int allow_names) -{ - /* parse args and add in */ - char* p = args; - char* todo; - struct delegpt* dp = delegpt_create_mlc(nm); - struct sockaddr_storage addr; - socklen_t addrlen; - if(!dp) { - (void)ssl_printf(ssl, "error out of memory\n"); - return NULL; - } - while(p) { - todo = p; - p = strchr(p, ' '); /* find next spot, if any */ - if(p) { - *p++ = 0; /* end this spot */ - p = skipwhite(p); /* position at next spot */ - } - /* parse address */ - if(!extstrtoaddr(todo, &addr, &addrlen)) { - if(allow_names) { - uint8_t* n = NULL; - size_t ln; - int lb; - if(!parse_arg_name(ssl, todo, &n, &ln, &lb)) { - (void)ssl_printf(ssl, "error cannot " - "parse IP address or name " - "'%s'\n", todo); - delegpt_free_mlc(dp); - return NULL; - } - if(!delegpt_add_ns_mlc(dp, n, 0)) { - (void)ssl_printf(ssl, "error out of memory\n"); - free(n); - delegpt_free_mlc(dp); - return NULL; - } - free(n); - - } else { - (void)ssl_printf(ssl, "error cannot parse" - " IP address '%s'\n", todo); - delegpt_free_mlc(dp); - return NULL; - } - } else { - /* add address */ - if(!delegpt_add_addr_mlc(dp, &addr, addrlen, 0, 0)) { - (void)ssl_printf(ssl, "error out of memory\n"); - delegpt_free_mlc(dp); - return NULL; - } - } - } - dp->has_parent_side_NS = 1; - return dp; -} - -/** do the status command */ -static void -do_forward(SSL* ssl, struct worker* worker, char* args) -{ - struct iter_forwards* fwd = worker->env.fwds; - uint8_t* root = (uint8_t*)"\000"; - if(!fwd) { - (void)ssl_printf(ssl, "error: structure not allocated\n"); - return; - } - if(args == NULL || args[0] == 0) { - (void)print_root_fwds(ssl, fwd, root); - return; - } - /* set root forwards for this thread. since we are in remote control - * the actual mesh is not running, so we can freely edit it. */ - /* delete all the existing queries first */ - mesh_delete_all(worker->env.mesh); - if(strcmp(args, "off") == 0) { - forwards_delete_zone(fwd, LDNS_RR_CLASS_IN, root); - } else { - struct delegpt* dp; - if(!(dp = parse_delegpt(ssl, args, root, 0))) - return; - if(!forwards_add_zone(fwd, LDNS_RR_CLASS_IN, dp)) { - (void)ssl_printf(ssl, "error out of memory\n"); - return; - } - } - send_ok(ssl); -} - -static int -parse_fs_args(SSL* ssl, char* args, uint8_t** nm, struct delegpt** dp, - int* insecure, int* prime) -{ - char* zonename; - char* rest; - size_t nmlen; - int nmlabs; - /* parse all -x args */ - while(args[0] == '+') { - if(!find_arg2(ssl, args, &rest)) - return 0; - while(*(++args) != 0) { - if(*args == 'i' && insecure) - *insecure = 1; - else if(*args == 'p' && prime) - *prime = 1; - else { - (void)ssl_printf(ssl, "error: unknown option %s\n", args); - return 0; - } - } - args = rest; - } - /* parse name */ - if(dp) { - if(!find_arg2(ssl, args, &rest)) - return 0; - zonename = args; - args = rest; - } else zonename = args; - if(!parse_arg_name(ssl, zonename, nm, &nmlen, &nmlabs)) - return 0; - - /* parse dp */ - if(dp) { - if(!(*dp = parse_delegpt(ssl, args, *nm, 1))) { - free(*nm); - return 0; - } - } - return 1; -} - -/** do the forward_add command */ -static void -do_forward_add(SSL* ssl, struct worker* worker, char* args) -{ - struct iter_forwards* fwd = worker->env.fwds; - int insecure = 0; - uint8_t* nm = NULL; - struct delegpt* dp = NULL; - if(!parse_fs_args(ssl, args, &nm, &dp, &insecure, NULL)) - return; - if(insecure && worker->env.anchors) { - if(!anchors_add_insecure(worker->env.anchors, LDNS_RR_CLASS_IN, - nm)) { - (void)ssl_printf(ssl, "error out of memory\n"); - delegpt_free_mlc(dp); - free(nm); - return; - } - } - if(!forwards_add_zone(fwd, LDNS_RR_CLASS_IN, dp)) { - (void)ssl_printf(ssl, "error out of memory\n"); - free(nm); - return; - } - free(nm); - send_ok(ssl); -} - -/** do the forward_remove command */ -static void -do_forward_remove(SSL* ssl, struct worker* worker, char* args) -{ - struct iter_forwards* fwd = worker->env.fwds; - int insecure = 0; - uint8_t* nm = NULL; - if(!parse_fs_args(ssl, args, &nm, NULL, &insecure, NULL)) - return; - if(insecure && worker->env.anchors) - anchors_delete_insecure(worker->env.anchors, LDNS_RR_CLASS_IN, - nm); - forwards_delete_zone(fwd, LDNS_RR_CLASS_IN, nm); - free(nm); - send_ok(ssl); -} - -/** do the stub_add command */ -static void -do_stub_add(SSL* ssl, struct worker* worker, char* args) -{ - struct iter_forwards* fwd = worker->env.fwds; - int insecure = 0, prime = 0; - uint8_t* nm = NULL; - struct delegpt* dp = NULL; - if(!parse_fs_args(ssl, args, &nm, &dp, &insecure, &prime)) - return; - if(insecure && worker->env.anchors) { - if(!anchors_add_insecure(worker->env.anchors, LDNS_RR_CLASS_IN, - nm)) { - (void)ssl_printf(ssl, "error out of memory\n"); - delegpt_free_mlc(dp); - free(nm); - return; - } - } - if(!forwards_add_stub_hole(fwd, LDNS_RR_CLASS_IN, nm)) { - if(insecure && worker->env.anchors) - anchors_delete_insecure(worker->env.anchors, - LDNS_RR_CLASS_IN, nm); - (void)ssl_printf(ssl, "error out of memory\n"); - delegpt_free_mlc(dp); - free(nm); - return; - } - if(!hints_add_stub(worker->env.hints, LDNS_RR_CLASS_IN, dp, !prime)) { - (void)ssl_printf(ssl, "error out of memory\n"); - forwards_delete_stub_hole(fwd, LDNS_RR_CLASS_IN, nm); - if(insecure && worker->env.anchors) - anchors_delete_insecure(worker->env.anchors, - LDNS_RR_CLASS_IN, nm); - free(nm); - return; - } - free(nm); - send_ok(ssl); -} - -/** do the stub_remove command */ -static void -do_stub_remove(SSL* ssl, struct worker* worker, char* args) -{ - struct iter_forwards* fwd = worker->env.fwds; - int insecure = 0; - uint8_t* nm = NULL; - if(!parse_fs_args(ssl, args, &nm, NULL, &insecure, NULL)) - return; - if(insecure && worker->env.anchors) - anchors_delete_insecure(worker->env.anchors, LDNS_RR_CLASS_IN, - nm); - forwards_delete_stub_hole(fwd, LDNS_RR_CLASS_IN, nm); - hints_delete_stub(worker->env.hints, LDNS_RR_CLASS_IN, nm); - free(nm); - send_ok(ssl); -} - -/** do the insecure_add command */ -static void -do_insecure_add(SSL* ssl, struct worker* worker, char* arg) -{ - size_t nmlen; - int nmlabs; - uint8_t* nm = NULL; - if(!parse_arg_name(ssl, arg, &nm, &nmlen, &nmlabs)) - return; - if(worker->env.anchors) { - if(!anchors_add_insecure(worker->env.anchors, - LDNS_RR_CLASS_IN, nm)) { - (void)ssl_printf(ssl, "error out of memory\n"); - free(nm); - return; - } - } - free(nm); - send_ok(ssl); -} - -/** do the insecure_remove command */ -static void -do_insecure_remove(SSL* ssl, struct worker* worker, char* arg) -{ - size_t nmlen; - int nmlabs; - uint8_t* nm = NULL; - if(!parse_arg_name(ssl, arg, &nm, &nmlen, &nmlabs)) - return; - if(worker->env.anchors) - anchors_delete_insecure(worker->env.anchors, - LDNS_RR_CLASS_IN, nm); - free(nm); - send_ok(ssl); -} - -static void -do_insecure_list(SSL* ssl, struct worker* worker) -{ - char buf[257]; - struct trust_anchor* a; - if(worker->env.anchors) { - RBTREE_FOR(a, struct trust_anchor*, worker->env.anchors->tree) { - if(a->numDS == 0 && a->numDNSKEY == 0) { - dname_str(a->name, buf); - ssl_printf(ssl, "%s\n", buf); - } - } - } -} - -/** do the status command */ -static void -do_status(SSL* ssl, struct worker* worker) -{ - int i; - time_t uptime; - if(!ssl_printf(ssl, "version: %s\n", PACKAGE_VERSION)) - return; - if(!ssl_printf(ssl, "verbosity: %d\n", verbosity)) - return; - if(!ssl_printf(ssl, "threads: %d\n", worker->daemon->num)) - return; - if(!ssl_printf(ssl, "modules: %d [", worker->daemon->mods.num)) - return; - for(i=0; idaemon->mods.num; i++) { - if(!ssl_printf(ssl, " %s", worker->daemon->mods.mod[i]->name)) - return; - } - if(!ssl_printf(ssl, " ]\n")) - return; - uptime = (time_t)time(NULL) - (time_t)worker->daemon->time_boot.tv_sec; - if(!ssl_printf(ssl, "uptime: " ARG_LL "d seconds\n", (long long)uptime)) - return; - if(!ssl_printf(ssl, "options:%s%s\n" , - (worker->daemon->reuseport?" reuseport":""), - (worker->daemon->rc->accept_list?" control(ssl)":""))) - return; - if(!ssl_printf(ssl, "unbound (pid %d) is running...\n", - (int)getpid())) - return; -} - -/** get age for the mesh state */ -static void -get_mesh_age(struct mesh_state* m, char* buf, size_t len, - struct module_env* env) -{ - if(m->reply_list) { - struct timeval d; - struct mesh_reply* r = m->reply_list; - /* last reply is the oldest */ - while(r && r->next) - r = r->next; - timeval_subtract(&d, env->now_tv, &r->start_time); - snprintf(buf, len, ARG_LL "d.%6.6d", - (long long)d.tv_sec, (int)d.tv_usec); - } else { - snprintf(buf, len, "-"); - } -} - -/** get status of a mesh state */ -static void -get_mesh_status(struct mesh_area* mesh, struct mesh_state* m, - char* buf, size_t len) -{ - enum module_ext_state s = m->s.ext_state[m->s.curmod]; - const char *modname = mesh->mods.mod[m->s.curmod]->name; - size_t l; - if(strcmp(modname, "iterator") == 0 && s == module_wait_reply && - m->s.minfo[m->s.curmod]) { - /* break into iterator to find out who its waiting for */ - struct iter_qstate* qstate = (struct iter_qstate*) - m->s.minfo[m->s.curmod]; - struct outbound_list* ol = &qstate->outlist; - struct outbound_entry* e; - snprintf(buf, len, "%s wait for", modname); - l = strlen(buf); - buf += l; len -= l; - if(ol->first == NULL) - snprintf(buf, len, " (empty_list)"); - for(e = ol->first; e; e = e->next) { - snprintf(buf, len, " "); - l = strlen(buf); - buf += l; len -= l; - addr_to_str(&e->qsent->addr, e->qsent->addrlen, - buf, len); - l = strlen(buf); - buf += l; len -= l; - } - } else if(s == module_wait_subquery) { - /* look in subs from mesh state to see what */ - char nm[257]; - struct mesh_state_ref* sub; - snprintf(buf, len, "%s wants", modname); - l = strlen(buf); - buf += l; len -= l; - if(m->sub_set.count == 0) - snprintf(buf, len, " (empty_list)"); - RBTREE_FOR(sub, struct mesh_state_ref*, &m->sub_set) { - char* t = sldns_wire2str_type(sub->s->s.qinfo.qtype); - char* c = sldns_wire2str_class(sub->s->s.qinfo.qclass); - dname_str(sub->s->s.qinfo.qname, nm); - snprintf(buf, len, " %s %s %s", (t?t:"TYPE??"), - (c?c:"CLASS??"), nm); - l = strlen(buf); - buf += l; len -= l; - free(t); - free(c); - } - } else { - snprintf(buf, len, "%s is %s", modname, strextstate(s)); - } -} - -/** do the dump_requestlist command */ -static void -do_dump_requestlist(SSL* ssl, struct worker* worker) -{ - struct mesh_area* mesh; - struct mesh_state* m; - int num = 0; - char buf[257]; - char timebuf[32]; - char statbuf[10240]; - if(!ssl_printf(ssl, "thread #%d\n", worker->thread_num)) - return; - if(!ssl_printf(ssl, "# type cl name seconds module status\n")) - return; - /* show worker mesh contents */ - mesh = worker->env.mesh; - if(!mesh) return; - RBTREE_FOR(m, struct mesh_state*, &mesh->all) { - char* t = sldns_wire2str_type(m->s.qinfo.qtype); - char* c = sldns_wire2str_class(m->s.qinfo.qclass); - dname_str(m->s.qinfo.qname, buf); - get_mesh_age(m, timebuf, sizeof(timebuf), &worker->env); - get_mesh_status(mesh, m, statbuf, sizeof(statbuf)); - if(!ssl_printf(ssl, "%3d %4s %2s %s %s %s\n", - num, (t?t:"TYPE??"), (c?c:"CLASS??"), buf, timebuf, - statbuf)) { - free(t); - free(c); - return; - } - num++; - free(t); - free(c); - } -} - -/** structure for argument data for dump infra host */ -struct infra_arg { - /** the infra cache */ - struct infra_cache* infra; - /** the SSL connection */ - SSL* ssl; - /** the time now */ - time_t now; - /** ssl failure? stop writing and skip the rest. If the tcp - * connection is broken, and writes fail, we then stop writing. */ - int ssl_failed; -}; - -/** callback for every host element in the infra cache */ -static void -dump_infra_host(struct lruhash_entry* e, void* arg) -{ - struct infra_arg* a = (struct infra_arg*)arg; - struct infra_key* k = (struct infra_key*)e->key; - struct infra_data* d = (struct infra_data*)e->data; - char ip_str[1024]; - char name[257]; - if(a->ssl_failed) - return; - addr_to_str(&k->addr, k->addrlen, ip_str, sizeof(ip_str)); - dname_str(k->zonename, name); - /* skip expired stuff (only backed off) */ - if(d->ttl < a->now) { - if(d->rtt.rto >= USEFUL_SERVER_TOP_TIMEOUT) { - if(!ssl_printf(a->ssl, "%s %s expired rto %d\n", ip_str, - name, d->rtt.rto)) { - a->ssl_failed = 1; - return; - } - } - return; - } - if(!ssl_printf(a->ssl, "%s %s ttl %lu ping %d var %d rtt %d rto %d " - "tA %d tAAAA %d tother %d " - "ednsknown %d edns %d delay %d lame dnssec %d rec %d A %d " - "other %d\n", ip_str, name, (unsigned long)(d->ttl - a->now), - d->rtt.srtt, d->rtt.rttvar, rtt_notimeout(&d->rtt), d->rtt.rto, - d->timeout_A, d->timeout_AAAA, d->timeout_other, - (int)d->edns_lame_known, (int)d->edns_version, - (int)(a->nowprobedelay?(d->probedelay - a->now):0), - (int)d->isdnsseclame, (int)d->rec_lame, (int)d->lame_type_A, - (int)d->lame_other)) { - a->ssl_failed = 1; - return; - } -} - -/** do the dump_infra command */ -static void -do_dump_infra(SSL* ssl, struct worker* worker) -{ - struct infra_arg arg; - arg.infra = worker->env.infra_cache; - arg.ssl = ssl; - arg.now = *worker->env.now; - arg.ssl_failed = 0; - slabhash_traverse(arg.infra->hosts, 0, &dump_infra_host, (void*)&arg); -} - -/** do the log_reopen command */ -static void -do_log_reopen(SSL* ssl, struct worker* worker) -{ - struct config_file* cfg = worker->env.cfg; - send_ok(ssl); - log_init(cfg->logfile, cfg->use_syslog, cfg->chrootdir); -} - -/** do the set_option command */ -static void -do_set_option(SSL* ssl, struct worker* worker, char* arg) -{ - char* arg2; - if(!find_arg2(ssl, arg, &arg2)) - return; - if(!config_set_option(worker->env.cfg, arg, arg2)) { - (void)ssl_printf(ssl, "error setting option\n"); - return; - } - /* effectuate some arguments */ - if(strcmp(arg, "val-override-date:") == 0) { - int m = modstack_find(&worker->env.mesh->mods, "validator"); - struct val_env* val_env = NULL; - if(m != -1) val_env = (struct val_env*)worker->env.modinfo[m]; - if(val_env) - val_env->date_override = worker->env.cfg->val_date_override; - } - send_ok(ssl); -} - -/* routine to printout option values over SSL */ -void remote_get_opt_ssl(char* line, void* arg) -{ - SSL* ssl = (SSL*)arg; - (void)ssl_printf(ssl, "%s\n", line); -} - -/** do the get_option command */ -static void -do_get_option(SSL* ssl, struct worker* worker, char* arg) -{ - int r; - r = config_get_option(worker->env.cfg, arg, remote_get_opt_ssl, ssl); - if(!r) { - (void)ssl_printf(ssl, "error unknown option\n"); - return; - } -} - -/** do the list_forwards command */ -static void -do_list_forwards(SSL* ssl, struct worker* worker) -{ - /* since its a per-worker structure no locks needed */ - struct iter_forwards* fwds = worker->env.fwds; - struct iter_forward_zone* z; - struct trust_anchor* a; - int insecure; - RBTREE_FOR(z, struct iter_forward_zone*, fwds->tree) { - if(!z->dp) continue; /* skip empty marker for stub */ - - /* see if it is insecure */ - insecure = 0; - if(worker->env.anchors && - (a=anchor_find(worker->env.anchors, z->name, - z->namelabs, z->namelen, z->dclass))) { - if(!a->keylist && !a->numDS && !a->numDNSKEY) - insecure = 1; - lock_basic_unlock(&a->lock); - } - - if(!ssl_print_name_dp(ssl, (insecure?"forward +i":"forward"), - z->name, z->dclass, z->dp)) - return; - } -} - -/** do the list_stubs command */ -static void -do_list_stubs(SSL* ssl, struct worker* worker) -{ - struct iter_hints_stub* z; - struct trust_anchor* a; - int insecure; - char str[32]; - RBTREE_FOR(z, struct iter_hints_stub*, &worker->env.hints->tree) { - - /* see if it is insecure */ - insecure = 0; - if(worker->env.anchors && - (a=anchor_find(worker->env.anchors, z->node.name, - z->node.labs, z->node.len, z->node.dclass))) { - if(!a->keylist && !a->numDS && !a->numDNSKEY) - insecure = 1; - lock_basic_unlock(&a->lock); - } - - snprintf(str, sizeof(str), "stub %sprime%s", - (z->noprime?"no":""), (insecure?" +i":"")); - if(!ssl_print_name_dp(ssl, str, z->node.name, - z->node.dclass, z->dp)) - return; - } -} - -/** do the list_local_zones command */ -static void -do_list_local_zones(SSL* ssl, struct local_zones* zones) -{ - struct local_zone* z; - char buf[257]; - lock_rw_rdlock(&zones->lock); - RBTREE_FOR(z, struct local_zone*, &zones->ztree) { - lock_rw_rdlock(&z->lock); - dname_str(z->name, buf); - if(!ssl_printf(ssl, "%s %s\n", buf, - local_zone_type2str(z->type))) { - /* failure to print */ - lock_rw_unlock(&z->lock); - lock_rw_unlock(&zones->lock); - return; - } - lock_rw_unlock(&z->lock); - } - lock_rw_unlock(&zones->lock); -} - -/** do the list_local_data command */ -static void -do_list_local_data(SSL* ssl, struct worker* worker, struct local_zones* zones) -{ - struct local_zone* z; - struct local_data* d; - struct local_rrset* p; - char* s = (char*)sldns_buffer_begin(worker->env.scratch_buffer); - size_t slen = sldns_buffer_capacity(worker->env.scratch_buffer); - lock_rw_rdlock(&zones->lock); - RBTREE_FOR(z, struct local_zone*, &zones->ztree) { - lock_rw_rdlock(&z->lock); - RBTREE_FOR(d, struct local_data*, &z->data) { - for(p = d->rrsets; p; p = p->next) { - struct packed_rrset_data* d = - (struct packed_rrset_data*)p->rrset->entry.data; - size_t i; - for(i=0; icount + d->rrsig_count; i++) { - if(!packed_rr_to_string(p->rrset, i, - 0, s, slen)) { - if(!ssl_printf(ssl, "BADRR\n")) { - lock_rw_unlock(&z->lock); - lock_rw_unlock(&zones->lock); - return; - } - } - if(!ssl_printf(ssl, "%s\n", s)) { - lock_rw_unlock(&z->lock); - lock_rw_unlock(&zones->lock); - return; - } - } - } - } - lock_rw_unlock(&z->lock); - } - lock_rw_unlock(&zones->lock); -} - -/** do the view_list_local_zones command */ -static void -do_view_list_local_zones(SSL* ssl, struct worker* worker, char* arg) -{ - struct view* v = views_find_view(worker->daemon->views, - arg, 0 /* get read lock*/); - if(!v) { - ssl_printf(ssl,"no view with name: %s\n", arg); - return; - } - if(v->local_zones) { - do_list_local_zones(ssl, v->local_zones); - } - lock_rw_unlock(&v->lock); -} - -/** do the view_list_local_data command */ -static void -do_view_list_local_data(SSL* ssl, struct worker* worker, char* arg) -{ - struct view* v = views_find_view(worker->daemon->views, - arg, 0 /* get read lock*/); - if(!v) { - ssl_printf(ssl,"no view with name: %s\n", arg); - return; - } - if(v->local_zones) { - do_list_local_data(ssl, worker, v->local_zones); - } - lock_rw_unlock(&v->lock); -} - -/** struct for user arg ratelimit list */ -struct ratelimit_list_arg { - /** the infra cache */ - struct infra_cache* infra; - /** the SSL to print to */ - SSL* ssl; - /** all or only ratelimited */ - int all; - /** current time */ - time_t now; -}; - -#define ip_ratelimit_list_arg ratelimit_list_arg - -/** list items in the ratelimit table */ -static void -rate_list(struct lruhash_entry* e, void* arg) -{ - struct ratelimit_list_arg* a = (struct ratelimit_list_arg*)arg; - struct rate_key* k = (struct rate_key*)e->key; - struct rate_data* d = (struct rate_data*)e->data; - char buf[257]; - int lim = infra_find_ratelimit(a->infra, k->name, k->namelen); - int max = infra_rate_max(d, a->now); - if(a->all == 0) { - if(max < lim) - return; - } - dname_str(k->name, buf); - ssl_printf(a->ssl, "%s %d limit %d\n", buf, max, lim); -} - -/** list items in the ip_ratelimit table */ -static void -ip_rate_list(struct lruhash_entry* e, void* arg) -{ - char ip[128]; - struct ip_ratelimit_list_arg* a = (struct ip_ratelimit_list_arg*)arg; - struct ip_rate_key* k = (struct ip_rate_key*)e->key; - struct ip_rate_data* d = (struct ip_rate_data*)e->data; - int lim = infra_ip_ratelimit; - int max = infra_rate_max(d, a->now); - if(a->all == 0) { - if(max < lim) - return; - } - addr_to_str(&k->addr, k->addrlen, ip, sizeof(ip)); - ssl_printf(a->ssl, "%s %d limit %d\n", ip, max, lim); -} - -/** do the ratelimit_list command */ -static void -do_ratelimit_list(SSL* ssl, struct worker* worker, char* arg) -{ - struct ratelimit_list_arg a; - a.all = 0; - a.infra = worker->env.infra_cache; - a.now = *worker->env.now; - a.ssl = ssl; - arg = skipwhite(arg); - if(strcmp(arg, "+a") == 0) - a.all = 1; - if(a.infra->domain_rates==NULL || - (a.all == 0 && infra_dp_ratelimit == 0)) - return; - slabhash_traverse(a.infra->domain_rates, 0, rate_list, &a); -} - -/** do the ip_ratelimit_list command */ -static void -do_ip_ratelimit_list(SSL* ssl, struct worker* worker, char* arg) -{ - struct ip_ratelimit_list_arg a; - a.all = 0; - a.infra = worker->env.infra_cache; - a.now = *worker->env.now; - a.ssl = ssl; - arg = skipwhite(arg); - if(strcmp(arg, "+a") == 0) - a.all = 1; - if(a.infra->client_ip_rates==NULL || - (a.all == 0 && infra_ip_ratelimit == 0)) - return; - slabhash_traverse(a.infra->client_ip_rates, 0, ip_rate_list, &a); -} - -/** tell other processes to execute the command */ -static void -distribute_cmd(struct daemon_remote* rc, SSL* ssl, char* cmd) -{ - int i; - if(!cmd || !ssl) - return; - /* skip i=0 which is me */ - for(i=1; iworker->daemon->num; i++) { - worker_send_cmd(rc->worker->daemon->workers[i], - worker_cmd_remote); - if(!tube_write_msg(rc->worker->daemon->workers[i]->cmd, - (uint8_t*)cmd, strlen(cmd)+1, 0)) { - ssl_printf(ssl, "error could not distribute cmd\n"); - return; - } - } -} - -/** check for name with end-of-string, space or tab after it */ -static int -cmdcmp(char* p, const char* cmd, size_t len) -{ - return strncmp(p,cmd,len)==0 && (p[len]==0||p[len]==' '||p[len]=='\t'); -} - -/** execute a remote control command */ -static void -execute_cmd(struct daemon_remote* rc, SSL* ssl, char* cmd, - struct worker* worker) -{ - char* p = skipwhite(cmd); - /* compare command */ - if(cmdcmp(p, "stop", 4)) { - do_stop(ssl, rc); - return; - } else if(cmdcmp(p, "reload", 6)) { - do_reload(ssl, rc); - return; - } else if(cmdcmp(p, "stats_noreset", 13)) { - do_stats(ssl, rc, 0); - return; - } else if(cmdcmp(p, "stats", 5)) { - do_stats(ssl, rc, 1); - return; - } else if(cmdcmp(p, "status", 6)) { - do_status(ssl, worker); - return; - } else if(cmdcmp(p, "dump_cache", 10)) { - (void)dump_cache(ssl, worker); - return; - } else if(cmdcmp(p, "load_cache", 10)) { - if(load_cache(ssl, worker)) send_ok(ssl); - return; - } else if(cmdcmp(p, "list_forwards", 13)) { - do_list_forwards(ssl, worker); - return; - } else if(cmdcmp(p, "list_stubs", 10)) { - do_list_stubs(ssl, worker); - return; - } else if(cmdcmp(p, "list_insecure", 13)) { - do_insecure_list(ssl, worker); - return; - } else if(cmdcmp(p, "list_local_zones", 16)) { - do_list_local_zones(ssl, worker->daemon->local_zones); - return; - } else if(cmdcmp(p, "list_local_data", 15)) { - do_list_local_data(ssl, worker, worker->daemon->local_zones); - return; - } else if(cmdcmp(p, "view_list_local_zones", 21)) { - do_view_list_local_zones(ssl, worker, skipwhite(p+21)); - return; - } else if(cmdcmp(p, "view_list_local_data", 20)) { - do_view_list_local_data(ssl, worker, skipwhite(p+20)); - return; - } else if(cmdcmp(p, "ratelimit_list", 14)) { - do_ratelimit_list(ssl, worker, p+14); - return; - } else if(cmdcmp(p, "ip_ratelimit_list", 17)) { - do_ip_ratelimit_list(ssl, worker, p+17); - return; - } else if(cmdcmp(p, "stub_add", 8)) { - /* must always distribute this cmd */ - if(rc) distribute_cmd(rc, ssl, cmd); - do_stub_add(ssl, worker, skipwhite(p+8)); - return; - } else if(cmdcmp(p, "stub_remove", 11)) { - /* must always distribute this cmd */ - if(rc) distribute_cmd(rc, ssl, cmd); - do_stub_remove(ssl, worker, skipwhite(p+11)); - return; - } else if(cmdcmp(p, "forward_add", 11)) { - /* must always distribute this cmd */ - if(rc) distribute_cmd(rc, ssl, cmd); - do_forward_add(ssl, worker, skipwhite(p+11)); - return; - } else if(cmdcmp(p, "forward_remove", 14)) { - /* must always distribute this cmd */ - if(rc) distribute_cmd(rc, ssl, cmd); - do_forward_remove(ssl, worker, skipwhite(p+14)); - return; - } else if(cmdcmp(p, "insecure_add", 12)) { - /* must always distribute this cmd */ - if(rc) distribute_cmd(rc, ssl, cmd); - do_insecure_add(ssl, worker, skipwhite(p+12)); - return; - } else if(cmdcmp(p, "insecure_remove", 15)) { - /* must always distribute this cmd */ - if(rc) distribute_cmd(rc, ssl, cmd); - do_insecure_remove(ssl, worker, skipwhite(p+15)); - return; - } else if(cmdcmp(p, "forward", 7)) { - /* must always distribute this cmd */ - if(rc) distribute_cmd(rc, ssl, cmd); - do_forward(ssl, worker, skipwhite(p+7)); - return; - } else if(cmdcmp(p, "flush_stats", 11)) { - /* must always distribute this cmd */ - if(rc) distribute_cmd(rc, ssl, cmd); - do_flush_stats(ssl, worker); - return; - } else if(cmdcmp(p, "flush_requestlist", 17)) { - /* must always distribute this cmd */ - if(rc) distribute_cmd(rc, ssl, cmd); - do_flush_requestlist(ssl, worker); - return; - } else if(cmdcmp(p, "lookup", 6)) { - do_lookup(ssl, worker, skipwhite(p+6)); - return; - } - -#ifdef THREADS_DISABLED - /* other processes must execute the command as well */ - /* commands that should not be distributed, returned above. */ - if(rc) { /* only if this thread is the master (rc) thread */ - /* done before the code below, which may split the string */ - distribute_cmd(rc, ssl, cmd); - } -#endif - if(cmdcmp(p, "verbosity", 9)) { - do_verbosity(ssl, skipwhite(p+9)); - } else if(cmdcmp(p, "local_zone_remove", 17)) { - do_zone_remove(ssl, worker->daemon->local_zones, skipwhite(p+17)); - } else if(cmdcmp(p, "local_zones_remove", 18)) { - do_zones_remove(ssl, worker->daemon->local_zones); - } else if(cmdcmp(p, "local_zone", 10)) { - do_zone_add(ssl, worker->daemon->local_zones, skipwhite(p+10)); - } else if(cmdcmp(p, "local_zones", 11)) { - do_zones_add(ssl, worker->daemon->local_zones); - } else if(cmdcmp(p, "local_data_remove", 17)) { - do_data_remove(ssl, worker->daemon->local_zones, skipwhite(p+17)); - } else if(cmdcmp(p, "local_datas_remove", 18)) { - do_datas_remove(ssl, worker->daemon->local_zones); - } else if(cmdcmp(p, "local_data", 10)) { - do_data_add(ssl, worker->daemon->local_zones, skipwhite(p+10)); - } else if(cmdcmp(p, "local_datas", 11)) { - do_datas_add(ssl, worker->daemon->local_zones); - } else if(cmdcmp(p, "view_local_zone_remove", 22)) { - do_view_zone_remove(ssl, worker, skipwhite(p+22)); - } else if(cmdcmp(p, "view_local_zone", 15)) { - do_view_zone_add(ssl, worker, skipwhite(p+15)); - } else if(cmdcmp(p, "view_local_data_remove", 22)) { - do_view_data_remove(ssl, worker, skipwhite(p+22)); - } else if(cmdcmp(p, "view_local_data", 15)) { - do_view_data_add(ssl, worker, skipwhite(p+15)); - } else if(cmdcmp(p, "flush_zone", 10)) { - do_flush_zone(ssl, worker, skipwhite(p+10)); - } else if(cmdcmp(p, "flush_type", 10)) { - do_flush_type(ssl, worker, skipwhite(p+10)); - } else if(cmdcmp(p, "flush_infra", 11)) { - do_flush_infra(ssl, worker, skipwhite(p+11)); - } else if(cmdcmp(p, "flush", 5)) { - do_flush_name(ssl, worker, skipwhite(p+5)); - } else if(cmdcmp(p, "dump_requestlist", 16)) { - do_dump_requestlist(ssl, worker); - } else if(cmdcmp(p, "dump_infra", 10)) { - do_dump_infra(ssl, worker); - } else if(cmdcmp(p, "log_reopen", 10)) { - do_log_reopen(ssl, worker); - } else if(cmdcmp(p, "set_option", 10)) { - do_set_option(ssl, worker, skipwhite(p+10)); - } else if(cmdcmp(p, "get_option", 10)) { - do_get_option(ssl, worker, skipwhite(p+10)); - } else if(cmdcmp(p, "flush_bogus", 11)) { - do_flush_bogus(ssl, worker); - } else if(cmdcmp(p, "flush_negative", 14)) { - do_flush_negative(ssl, worker); - } else { - (void)ssl_printf(ssl, "error unknown command '%s'\n", p); - } -} - -void -daemon_remote_exec(struct worker* worker) -{ - /* read the cmd string */ - uint8_t* msg = NULL; - uint32_t len = 0; - if(!tube_read_msg(worker->cmd, &msg, &len, 0)) { - log_err("daemon_remote_exec: tube_read_msg failed"); - return; - } - verbose(VERB_ALGO, "remote exec distributed: %s", (char*)msg); - execute_cmd(NULL, NULL, (char*)msg, worker); - free(msg); -} - -/** handle remote control request */ -static void -handle_req(struct daemon_remote* rc, struct rc_state* s, SSL* ssl) -{ - int r; - char pre[10]; - char magic[7]; - char buf[1024]; -#ifdef USE_WINSOCK - /* makes it possible to set the socket blocking again. */ - /* basically removes it from winsock_event ... */ - WSAEventSelect(s->c->fd, NULL, 0); -#endif - fd_set_block(s->c->fd); - - /* try to read magic UBCT[version]_space_ string */ - ERR_clear_error(); - if((r=SSL_read(ssl, magic, (int)sizeof(magic)-1)) <= 0) { - if(SSL_get_error(ssl, r) == SSL_ERROR_ZERO_RETURN) - return; - log_crypto_err("could not SSL_read"); - return; - } - magic[6] = 0; - if( r != 6 || strncmp(magic, "UBCT", 4) != 0) { - verbose(VERB_QUERY, "control connection has bad magic string"); - /* probably wrong tool connected, ignore it completely */ - return; - } - - /* read the command line */ - if(!ssl_read_line(ssl, buf, sizeof(buf))) { - return; - } - snprintf(pre, sizeof(pre), "UBCT%d ", UNBOUND_CONTROL_VERSION); - if(strcmp(magic, pre) != 0) { - verbose(VERB_QUERY, "control connection had bad " - "version %s, cmd: %s", magic, buf); - ssl_printf(ssl, "error version mismatch\n"); - return; - } - verbose(VERB_DETAIL, "control cmd: %s", buf); - - /* figure out what to do */ - execute_cmd(rc, ssl, buf, rc->worker); -} - -int remote_control_callback(struct comm_point* c, void* arg, int err, - struct comm_reply* ATTR_UNUSED(rep)) -{ - struct rc_state* s = (struct rc_state*)arg; - struct daemon_remote* rc = s->rc; - int r; - if(err != NETEVENT_NOERROR) { - if(err==NETEVENT_TIMEOUT) - log_err("remote control timed out"); - clean_point(rc, s); - return 0; - } - /* (continue to) setup the SSL connection */ - ERR_clear_error(); - r = SSL_do_handshake(s->ssl); - if(r != 1) { - int r2 = SSL_get_error(s->ssl, r); - if(r2 == SSL_ERROR_WANT_READ) { - if(s->shake_state == rc_hs_read) { - /* try again later */ - return 0; - } - s->shake_state = rc_hs_read; - comm_point_listen_for_rw(c, 1, 0); - return 0; - } else if(r2 == SSL_ERROR_WANT_WRITE) { - if(s->shake_state == rc_hs_write) { - /* try again later */ - return 0; - } - s->shake_state = rc_hs_write; - comm_point_listen_for_rw(c, 0, 1); - return 0; - } else { - if(r == 0) - log_err("remote control connection closed prematurely"); - log_addr(1, "failed connection from", - &s->c->repinfo.addr, s->c->repinfo.addrlen); - log_crypto_err("remote control failed ssl"); - clean_point(rc, s); - return 0; - } - } - s->shake_state = rc_none; - - /* once handshake has completed, check authentication */ - if (!rc->use_cert) { - verbose(VERB_ALGO, "unauthenticated remote control connection"); - } else if(SSL_get_verify_result(s->ssl) == X509_V_OK) { - X509* x = SSL_get_peer_certificate(s->ssl); - if(!x) { - verbose(VERB_DETAIL, "remote control connection " - "provided no client certificate"); - clean_point(rc, s); - return 0; - } - verbose(VERB_ALGO, "remote control connection authenticated"); - X509_free(x); - } else { - verbose(VERB_DETAIL, "remote control connection failed to " - "authenticate with client certificate"); - clean_point(rc, s); - return 0; - } - - /* if OK start to actually handle the request */ - handle_req(rc, s, s->ssl); - - verbose(VERB_ALGO, "remote control operation completed"); - clean_point(rc, s); - return 0; -} diff --git a/external/unbound/daemon/remote.h b/external/unbound/daemon/remote.h deleted file mode 100644 index 190286d47..000000000 --- a/external/unbound/daemon/remote.h +++ /dev/null @@ -1,191 +0,0 @@ -/* - * daemon/remote.h - remote control for the unbound daemon. - * - * Copyright (c) 2008, NLnet Labs. All rights reserved. - * - * This software is open source. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * Redistributions of source code must retain the above copyright notice, - * this list of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, - * this list of conditions and the following disclaimer in the documentation - * and/or other materials provided with the distribution. - * - * Neither the name of the NLNET LABS nor the names of its contributors may - * be used to endorse or promote products derived from this software without - * specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR - * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT - * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED - * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR - * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF - * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING - * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -/** - * \file - * - * This file contains the remote control functionality for the daemon. - * The remote control can be performed using either the commandline - * unbound-control tool, or a SSLv3/TLS capable web browser. - * The channel is secured using SSLv3 or TLSv1, and certificates. - * Both the server and the client(control tool) have their own keys. - */ - -#ifndef DAEMON_REMOTE_H -#define DAEMON_REMOTE_H -#ifdef HAVE_OPENSSL_SSL_H -#include "openssl/ssl.h" -#endif -struct config_file; -struct listen_list; -struct listen_port; -struct worker; -struct comm_reply; -struct comm_point; -struct daemon_remote; - -/** number of milliseconds timeout on incoming remote control handshake */ -#define REMOTE_CONTROL_TCP_TIMEOUT 120000 - -/** - * a busy control command connection, SSL state - */ -struct rc_state { - /** the next item in list */ - struct rc_state* next; - /** the commpoint */ - struct comm_point* c; - /** in the handshake part */ - enum { rc_none, rc_hs_read, rc_hs_write } shake_state; -#ifdef HAVE_SSL - /** the ssl state */ - SSL* ssl; -#endif - /** the rc this is part of */ - struct daemon_remote* rc; -}; - -/** - * The remote control tool state. - * The state is only created for the first thread, other threads - * are called from this thread. Only the first threads listens to - * the control port. The other threads do not, but are called on the - * command channel(pipe) from the first thread. - */ -struct daemon_remote { - /** the worker for this remote control */ - struct worker* worker; - /** commpoints for accepting remote control connections */ - struct listen_list* accept_list; - /* if certificates are used */ - int use_cert; - /** number of active commpoints that are handling remote control */ - int active; - /** max active commpoints */ - int max_active; - /** current commpoints busy; should be a short list, malloced */ - struct rc_state* busy_list; -#ifdef HAVE_SSL - /** the SSL context for creating new SSL streams */ - SSL_CTX* ctx; -#endif -}; - -/** - * Create new remote control state for the daemon. - * @param cfg: config file with key file settings. - * @return new state, or NULL on failure. - */ -struct daemon_remote* daemon_remote_create(struct config_file* cfg); - -/** - * remote control state to delete. - * @param rc: state to delete. - */ -void daemon_remote_delete(struct daemon_remote* rc); - -/** - * remote control state to clear up. Busy and accept points are closed. - * Does not delete the rc itself, or the ssl context (with its keys). - * @param rc: state to clear. - */ -void daemon_remote_clear(struct daemon_remote* rc); - -/** - * Open and create listening ports for remote control. - * @param cfg: config options. - * @return list of ports or NULL on failure. - * can be freed with listening_ports_free(). - */ -struct listen_port* daemon_remote_open_ports(struct config_file* cfg); - -/** - * Setup comm points for accepting remote control connections. - * @param rc: state - * @param ports: already opened ports. - * @param worker: worker with communication base. and links to command channels. - * @return false on error. - */ -int daemon_remote_open_accept(struct daemon_remote* rc, - struct listen_port* ports, struct worker* worker); - -/** - * Stop accept handlers for TCP (until enabled again) - * @param rc: state - */ -void daemon_remote_stop_accept(struct daemon_remote* rc); - -/** - * Stop accept handlers for TCP (until enabled again) - * @param rc: state - */ -void daemon_remote_start_accept(struct daemon_remote* rc); - -/** - * Handle nonthreaded remote cmd execution. - * @param worker: this worker (the remote worker). - */ -void daemon_remote_exec(struct worker* worker); - -#ifdef HAVE_SSL -/** - * Print fixed line of text over ssl connection in blocking mode - * @param ssl: print to - * @param text: the text. - * @return false on connection failure. - */ -int ssl_print_text(SSL* ssl, const char* text); - -/** - * printf style printing to the ssl connection - * @param ssl: the SSL connection to print to. Blocking. - * @param format: printf style format string. - * @return success or false on a network failure. - */ -int ssl_printf(SSL* ssl, const char* format, ...) - ATTR_FORMAT(printf, 2, 3); - -/** - * Read until \n is encountered - * If SSL signals EOF, the string up to then is returned (without \n). - * @param ssl: the SSL connection to read from. blocking. - * @param buf: buffer to read to. - * @param max: size of buffer. - * @return false on connection failure. - */ -int ssl_read_line(SSL* ssl, char* buf, size_t max); -#endif /* HAVE_SSL */ - -#endif /* DAEMON_REMOTE_H */ diff --git a/external/unbound/daemon/stats.c b/external/unbound/daemon/stats.c deleted file mode 100644 index 3665616be..000000000 --- a/external/unbound/daemon/stats.c +++ /dev/null @@ -1,343 +0,0 @@ -/* - * daemon/stats.c - collect runtime performance indicators. - * - * Copyright (c) 2007, NLnet Labs. All rights reserved. - * - * This software is open source. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * Redistributions of source code must retain the above copyright notice, - * this list of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, - * this list of conditions and the following disclaimer in the documentation - * and/or other materials provided with the distribution. - * - * Neither the name of the NLNET LABS nor the names of its contributors may - * be used to endorse or promote products derived from this software without - * specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR - * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT - * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED - * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR - * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF - * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING - * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -/** - * \file - * - * This file describes the data structure used to collect runtime performance - * numbers. These 'statistics' may be of interest to the operator. - */ -#include "config.h" -#ifdef HAVE_TIME_H -#include -#endif -#include -#include -#include "daemon/stats.h" -#include "daemon/worker.h" -#include "daemon/daemon.h" -#include "services/mesh.h" -#include "services/outside_network.h" -#include "services/listen_dnsport.h" -#include "util/config_file.h" -#include "util/tube.h" -#include "util/timehist.h" -#include "util/net_help.h" -#include "validator/validator.h" -#include "sldns/sbuffer.h" -#include "services/cache/rrset.h" -#include "services/cache/infra.h" -#include "validator/val_kcache.h" - -/** add timers and the values do not overflow or become negative */ -static void -timeval_add(struct timeval* d, const struct timeval* add) -{ -#ifndef S_SPLINT_S - d->tv_sec += add->tv_sec; - d->tv_usec += add->tv_usec; - if(d->tv_usec > 1000000) { - d->tv_usec -= 1000000; - d->tv_sec++; - } -#endif -} - -void server_stats_init(struct server_stats* stats, struct config_file* cfg) -{ - memset(stats, 0, sizeof(*stats)); - stats->extended = cfg->stat_extended; -} - -void server_stats_querymiss(struct server_stats* stats, struct worker* worker) -{ - stats->num_queries_missed_cache++; - stats->sum_query_list_size += worker->env.mesh->all.count; - if(worker->env.mesh->all.count > stats->max_query_list_size) - stats->max_query_list_size = worker->env.mesh->all.count; -} - -void server_stats_prefetch(struct server_stats* stats, struct worker* worker) -{ - stats->num_queries_prefetch++; - /* changes the query list size so account that, like a querymiss */ - stats->sum_query_list_size += worker->env.mesh->all.count; - if(worker->env.mesh->all.count > stats->max_query_list_size) - stats->max_query_list_size = worker->env.mesh->all.count; -} - -void server_stats_log(struct server_stats* stats, struct worker* worker, - int threadnum) -{ - log_info("server stats for thread %d: %u queries, " - "%u answers from cache, %u recursions, %u prefetch, %u rejected by " - "ip ratelimiting", - threadnum, (unsigned)stats->num_queries, - (unsigned)(stats->num_queries - - stats->num_queries_missed_cache), - (unsigned)stats->num_queries_missed_cache, - (unsigned)stats->num_queries_prefetch, - (unsigned)stats->num_queries_ip_ratelimited); - log_info("server stats for thread %d: requestlist max %u avg %g " - "exceeded %u jostled %u", threadnum, - (unsigned)stats->max_query_list_size, - (stats->num_queries_missed_cache+stats->num_queries_prefetch)? - (double)stats->sum_query_list_size/ - (stats->num_queries_missed_cache+ - stats->num_queries_prefetch) : 0.0, - (unsigned)worker->env.mesh->stats_dropped, - (unsigned)worker->env.mesh->stats_jostled); -} - -/** get rrsets bogus number from validator */ -static size_t -get_rrset_bogus(struct worker* worker) -{ - int m = modstack_find(&worker->env.mesh->mods, "validator"); - struct val_env* ve; - size_t r; - if(m == -1) - return 0; - ve = (struct val_env*)worker->env.modinfo[m]; - lock_basic_lock(&ve->bogus_lock); - r = ve->num_rrset_bogus; - if(!worker->env.cfg->stat_cumulative) - ve->num_rrset_bogus = 0; - lock_basic_unlock(&ve->bogus_lock); - return r; -} - -void -server_stats_compile(struct worker* worker, struct stats_info* s, int reset) -{ - int i; - struct listen_list* lp; - - s->svr = worker->stats; - s->mesh_num_states = worker->env.mesh->all.count; - s->mesh_num_reply_states = worker->env.mesh->num_reply_states; - s->mesh_jostled = worker->env.mesh->stats_jostled; - s->mesh_dropped = worker->env.mesh->stats_dropped; - s->mesh_replies_sent = worker->env.mesh->replies_sent; - s->mesh_replies_sum_wait = worker->env.mesh->replies_sum_wait; - s->mesh_time_median = timehist_quartile(worker->env.mesh->histogram, - 0.50); - - /* add in the values from the mesh */ - s->svr.ans_secure += worker->env.mesh->ans_secure; - s->svr.ans_bogus += worker->env.mesh->ans_bogus; - s->svr.ans_rcode_nodata += worker->env.mesh->ans_nodata; - for(i=0; i<16; i++) - s->svr.ans_rcode[i] += worker->env.mesh->ans_rcode[i]; - timehist_export(worker->env.mesh->histogram, s->svr.hist, - NUM_BUCKETS_HIST); - /* values from outside network */ - s->svr.unwanted_replies = worker->back->unwanted_replies; - s->svr.qtcp_outgoing = worker->back->num_tcp_outgoing; - - /* get and reset validator rrset bogus number */ - s->svr.rrset_bogus = get_rrset_bogus(worker); - - /* get cache sizes */ - s->svr.msg_cache_count = count_slabhash_entries(worker->env.msg_cache); - s->svr.rrset_cache_count = count_slabhash_entries(&worker->env.rrset_cache->table); - s->svr.infra_cache_count = count_slabhash_entries(worker->env.infra_cache->hosts); - if(worker->env.key_cache) - s->svr.key_cache_count = count_slabhash_entries(worker->env.key_cache->slab); - else s->svr.key_cache_count = 0; - - /* get tcp accept usage */ - s->svr.tcp_accept_usage = 0; - for(lp = worker->front->cps; lp; lp = lp->next) { - if(lp->com->type == comm_tcp_accept) - s->svr.tcp_accept_usage += lp->com->cur_tcp_count; - } - - if(reset && !worker->env.cfg->stat_cumulative) { - worker_stats_clear(worker); - } -} - -void server_stats_obtain(struct worker* worker, struct worker* who, - struct stats_info* s, int reset) -{ - uint8_t *reply = NULL; - uint32_t len = 0; - if(worker == who) { - /* just fill it in */ - server_stats_compile(worker, s, reset); - return; - } - /* communicate over tube */ - verbose(VERB_ALGO, "write stats cmd"); - if(reset) - worker_send_cmd(who, worker_cmd_stats); - else worker_send_cmd(who, worker_cmd_stats_noreset); - verbose(VERB_ALGO, "wait for stats reply"); - if(!tube_read_msg(worker->cmd, &reply, &len, 0)) - fatal_exit("failed to read stats over cmd channel"); - if(len != (uint32_t)sizeof(*s)) - fatal_exit("stats on cmd channel wrong length %d %d", - (int)len, (int)sizeof(*s)); - memcpy(s, reply, (size_t)len); - free(reply); -} - -void server_stats_reply(struct worker* worker, int reset) -{ - struct stats_info s; - server_stats_compile(worker, &s, reset); - verbose(VERB_ALGO, "write stats replymsg"); - if(!tube_write_msg(worker->daemon->workers[0]->cmd, - (uint8_t*)&s, sizeof(s), 0)) - fatal_exit("could not write stat values over cmd channel"); -} - -void server_stats_add(struct stats_info* total, struct stats_info* a) -{ - total->svr.num_queries += a->svr.num_queries; - total->svr.num_queries_ip_ratelimited += a->svr.num_queries_ip_ratelimited; - total->svr.num_queries_missed_cache += a->svr.num_queries_missed_cache; - total->svr.num_queries_prefetch += a->svr.num_queries_prefetch; - total->svr.sum_query_list_size += a->svr.sum_query_list_size; -#ifdef USE_DNSCRYPT - total->svr.num_query_dnscrypt_crypted += a->svr.num_query_dnscrypt_crypted; - total->svr.num_query_dnscrypt_cert += a->svr.num_query_dnscrypt_cert; - total->svr.num_query_dnscrypt_cleartext += \ - a->svr.num_query_dnscrypt_cleartext; - total->svr.num_query_dnscrypt_crypted_malformed += \ - a->svr.num_query_dnscrypt_crypted_malformed; -#endif - /* the max size reached is upped to higher of both */ - if(a->svr.max_query_list_size > total->svr.max_query_list_size) - total->svr.max_query_list_size = a->svr.max_query_list_size; - - if(a->svr.extended) { - int i; - total->svr.qtype_big += a->svr.qtype_big; - total->svr.qclass_big += a->svr.qclass_big; - total->svr.qtcp += a->svr.qtcp; - total->svr.qtcp_outgoing += a->svr.qtcp_outgoing; - total->svr.qipv6 += a->svr.qipv6; - total->svr.qbit_QR += a->svr.qbit_QR; - total->svr.qbit_AA += a->svr.qbit_AA; - total->svr.qbit_TC += a->svr.qbit_TC; - total->svr.qbit_RD += a->svr.qbit_RD; - total->svr.qbit_RA += a->svr.qbit_RA; - total->svr.qbit_Z += a->svr.qbit_Z; - total->svr.qbit_AD += a->svr.qbit_AD; - total->svr.qbit_CD += a->svr.qbit_CD; - total->svr.qEDNS += a->svr.qEDNS; - total->svr.qEDNS_DO += a->svr.qEDNS_DO; - total->svr.ans_rcode_nodata += a->svr.ans_rcode_nodata; - total->svr.zero_ttl_responses += a->svr.zero_ttl_responses; - total->svr.ans_secure += a->svr.ans_secure; - total->svr.ans_bogus += a->svr.ans_bogus; - total->svr.rrset_bogus += a->svr.rrset_bogus; - total->svr.unwanted_replies += a->svr.unwanted_replies; - total->svr.unwanted_queries += a->svr.unwanted_queries; - total->svr.tcp_accept_usage += a->svr.tcp_accept_usage; - for(i=0; isvr.qtype[i] += a->svr.qtype[i]; - for(i=0; isvr.qclass[i] += a->svr.qclass[i]; - for(i=0; isvr.qopcode[i] += a->svr.qopcode[i]; - for(i=0; isvr.ans_rcode[i] += a->svr.ans_rcode[i]; - for(i=0; isvr.hist[i] += a->svr.hist[i]; - } - - total->mesh_num_states += a->mesh_num_states; - total->mesh_num_reply_states += a->mesh_num_reply_states; - total->mesh_jostled += a->mesh_jostled; - total->mesh_dropped += a->mesh_dropped; - total->mesh_replies_sent += a->mesh_replies_sent; - timeval_add(&total->mesh_replies_sum_wait, &a->mesh_replies_sum_wait); - /* the medians are averaged together, this is not as accurate as - * taking the median over all of the data, but is good and fast - * added up here, division later*/ - total->mesh_time_median += a->mesh_time_median; -} - -void server_stats_insquery(struct server_stats* stats, struct comm_point* c, - uint16_t qtype, uint16_t qclass, struct edns_data* edns, - struct comm_reply* repinfo) -{ - uint16_t flags = sldns_buffer_read_u16_at(c->buffer, 2); - if(qtype < STATS_QTYPE_NUM) - stats->qtype[qtype]++; - else stats->qtype_big++; - if(qclass < STATS_QCLASS_NUM) - stats->qclass[qclass]++; - else stats->qclass_big++; - stats->qopcode[ LDNS_OPCODE_WIRE(sldns_buffer_begin(c->buffer)) ]++; - if(c->type != comm_udp) - stats->qtcp++; - if(repinfo && addr_is_ip6(&repinfo->addr, repinfo->addrlen)) - stats->qipv6++; - if( (flags&BIT_QR) ) - stats->qbit_QR++; - if( (flags&BIT_AA) ) - stats->qbit_AA++; - if( (flags&BIT_TC) ) - stats->qbit_TC++; - if( (flags&BIT_RD) ) - stats->qbit_RD++; - if( (flags&BIT_RA) ) - stats->qbit_RA++; - if( (flags&BIT_Z) ) - stats->qbit_Z++; - if( (flags&BIT_AD) ) - stats->qbit_AD++; - if( (flags&BIT_CD) ) - stats->qbit_CD++; - if(edns->edns_present) { - stats->qEDNS++; - if( (edns->bits & EDNS_DO) ) - stats->qEDNS_DO++; - } -} - -void server_stats_insrcode(struct server_stats* stats, sldns_buffer* buf) -{ - if(stats->extended && sldns_buffer_limit(buf) != 0) { - int r = (int)LDNS_RCODE_WIRE( sldns_buffer_begin(buf) ); - stats->ans_rcode[r] ++; - if(r == 0 && LDNS_ANCOUNT( sldns_buffer_begin(buf) ) == 0) - stats->ans_rcode_nodata ++; - } -} diff --git a/external/unbound/daemon/stats.h b/external/unbound/daemon/stats.h deleted file mode 100644 index 39c4d21c5..000000000 --- a/external/unbound/daemon/stats.h +++ /dev/null @@ -1,262 +0,0 @@ -/* - * daemon/stats.h - collect runtime performance indicators. - * - * Copyright (c) 2007, NLnet Labs. All rights reserved. - * - * This software is open source. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * Redistributions of source code must retain the above copyright notice, - * this list of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, - * this list of conditions and the following disclaimer in the documentation - * and/or other materials provided with the distribution. - * - * Neither the name of the NLNET LABS nor the names of its contributors may - * be used to endorse or promote products derived from this software without - * specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR - * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT - * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED - * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR - * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF - * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING - * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -/** - * \file - * - * This file describes the data structure used to collect runtime performance - * numbers. These 'statistics' may be of interest to the operator. - */ - -#ifndef DAEMON_STATS_H -#define DAEMON_STATS_H -#include "util/timehist.h" -#include "dnscrypt/dnscrypt_config.h" -struct worker; -struct config_file; -struct comm_point; -struct comm_reply; -struct edns_data; -struct sldns_buffer; - -/** number of qtype that is stored for in array */ -#define STATS_QTYPE_NUM 256 -/** number of qclass that is stored for in array */ -#define STATS_QCLASS_NUM 256 -/** number of rcodes in stats */ -#define STATS_RCODE_NUM 16 -/** number of opcodes in stats */ -#define STATS_OPCODE_NUM 16 - -/** per worker statistics */ -struct server_stats { - /** number of queries from clients received. */ - size_t num_queries; - /** number of queries that have been dropped/ratelimited by ip. */ - size_t num_queries_ip_ratelimited; - /** number of queries that had a cache-miss. */ - size_t num_queries_missed_cache; - /** number of prefetch queries - cachehits with prefetch */ - size_t num_queries_prefetch; - - /** - * Sum of the querylistsize of the worker for - * every query that missed cache. To calculate average. - */ - size_t sum_query_list_size; - /** max value of query list size reached. */ - size_t max_query_list_size; - - /** Extended stats below (bool) */ - int extended; - - /** qtype stats */ - size_t qtype[STATS_QTYPE_NUM]; - /** bigger qtype values not in array */ - size_t qtype_big; - /** qclass stats */ - size_t qclass[STATS_QCLASS_NUM]; - /** bigger qclass values not in array */ - size_t qclass_big; - /** query opcodes */ - size_t qopcode[STATS_OPCODE_NUM]; - /** number of queries over TCP */ - size_t qtcp; - /** number of outgoing queries over TCP */ - size_t qtcp_outgoing; - /** number of queries over IPv6 */ - size_t qipv6; - /** number of queries with QR bit */ - size_t qbit_QR; - /** number of queries with AA bit */ - size_t qbit_AA; - /** number of queries with TC bit */ - size_t qbit_TC; - /** number of queries with RD bit */ - size_t qbit_RD; - /** number of queries with RA bit */ - size_t qbit_RA; - /** number of queries with Z bit */ - size_t qbit_Z; - /** number of queries with AD bit */ - size_t qbit_AD; - /** number of queries with CD bit */ - size_t qbit_CD; - /** number of queries with EDNS OPT record */ - size_t qEDNS; - /** number of queries with EDNS with DO flag */ - size_t qEDNS_DO; - /** answer rcodes */ - size_t ans_rcode[STATS_RCODE_NUM]; - /** answers with pseudo rcode 'nodata' */ - size_t ans_rcode_nodata; - /** answers that were secure (AD) */ - size_t ans_secure; - /** answers that were bogus (withheld as SERVFAIL) */ - size_t ans_bogus; - /** rrsets marked bogus by validator */ - size_t rrset_bogus; - /** unwanted traffic received on server-facing ports */ - size_t unwanted_replies; - /** unwanted traffic received on client-facing ports */ - size_t unwanted_queries; - /** usage of tcp accept list */ - size_t tcp_accept_usage; - /** answers served from expired cache */ - size_t zero_ttl_responses; - /** histogram data exported to array - * if the array is the same size, no data is lost, and - * if all histograms are same size (is so by default) then - * adding up works well. */ - size_t hist[NUM_BUCKETS_HIST]; - - /** number of message cache entries */ - size_t msg_cache_count; - /** number of rrset cache entries */ - size_t rrset_cache_count; - /** number of infra cache entries */ - size_t infra_cache_count; - /** number of key cache entries */ - size_t key_cache_count; -#ifdef USE_DNSCRYPT - /** number of queries that used dnscrypt */ - size_t num_query_dnscrypt_crypted; - /** number of queries that queried dnscrypt certificates */ - size_t num_query_dnscrypt_cert; - /** number of queries in clear text and not asking for the certificates */ - size_t num_query_dnscrypt_cleartext; - /** number of malformed encrypted queries */ - size_t num_query_dnscrypt_crypted_malformed; -#endif -}; - -/** - * Statistics to send over the control pipe when asked - * This struct is made to be memcpied, sent in binary. - */ -struct stats_info { - /** the thread stats */ - struct server_stats svr; - - /** mesh stats: current number of states */ - size_t mesh_num_states; - /** mesh stats: current number of reply (user) states */ - size_t mesh_num_reply_states; - /** mesh stats: number of reply states overwritten with a new one */ - size_t mesh_jostled; - /** mesh stats: number of incoming queries dropped */ - size_t mesh_dropped; - /** mesh stats: replies sent */ - size_t mesh_replies_sent; - /** mesh stats: sum of waiting times for the replies */ - struct timeval mesh_replies_sum_wait; - /** mesh stats: median of waiting times for replies (in sec) */ - double mesh_time_median; -}; - -/** - * Initialize server stats to 0. - * @param stats: what to init (this is alloced by the caller). - * @param cfg: with extended statistics option. - */ -void server_stats_init(struct server_stats* stats, struct config_file* cfg); - -/** add query if it missed the cache */ -void server_stats_querymiss(struct server_stats* stats, struct worker* worker); - -/** add query if was cached and also resulted in a prefetch */ -void server_stats_prefetch(struct server_stats* stats, struct worker* worker); - -/** display the stats to the log */ -void server_stats_log(struct server_stats* stats, struct worker* worker, - int threadnum); - -/** - * Obtain the stats info for a given thread. Uses pipe to communicate. - * @param worker: the worker that is executing (the first worker). - * @param who: on who to get the statistics info. - * @param s: the stats block to fill in. - * @param reset: if stats can be reset. - */ -void server_stats_obtain(struct worker* worker, struct worker* who, - struct stats_info* s, int reset); - -/** - * Compile stats into structure for this thread worker. - * Also clears the statistics counters (if that is set by config file). - * @param worker: the worker to compile stats for, also the executing worker. - * @param s: stats block. - * @param reset: if true, depending on config stats are reset. - * if false, statistics are not reset. - */ -void server_stats_compile(struct worker* worker, struct stats_info* s, - int reset); - -/** - * Send stats over comm tube in reply to query cmd - * @param worker: this worker. - * @param reset: if true, depending on config stats are reset. - * if false, statistics are not reset. - */ -void server_stats_reply(struct worker* worker, int reset); - -/** - * Addup stat blocks. - * @param total: sum of the two entries. - * @param a: to add to it. - */ -void server_stats_add(struct stats_info* total, struct stats_info* a); - -/** - * Add stats for this query - * @param stats: the stats - * @param c: commpoint with type and buffer. - * @param qtype: query type - * @param qclass: query class - * @param edns: edns record - * @param repinfo: reply info with remote address - */ -void server_stats_insquery(struct server_stats* stats, struct comm_point* c, - uint16_t qtype, uint16_t qclass, struct edns_data* edns, - struct comm_reply* repinfo); - -/** - * Add rcode for this query. - * @param stats: the stats - * @param buf: buffer with rcode. If buffer is length0: not counted. - */ -void server_stats_insrcode(struct server_stats* stats, struct sldns_buffer* buf); - -#endif /* DAEMON_STATS_H */ diff --git a/external/unbound/daemon/unbound.c b/external/unbound/daemon/unbound.c deleted file mode 100644 index ba7337d89..000000000 --- a/external/unbound/daemon/unbound.c +++ /dev/null @@ -1,738 +0,0 @@ -/* - * daemon/unbound.c - main program for unbound DNS resolver daemon. - * - * Copyright (c) 2007, NLnet Labs. All rights reserved. - * - * This software is open source. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * Redistributions of source code must retain the above copyright notice, - * this list of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, - * this list of conditions and the following disclaimer in the documentation - * and/or other materials provided with the distribution. - * - * Neither the name of the NLNET LABS nor the names of its contributors may - * be used to endorse or promote products derived from this software without - * specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR - * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT - * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED - * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR - * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF - * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING - * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - * - */ - -/** - * \file - * - * Main program to start the DNS resolver daemon. - */ - -#include "config.h" -#ifdef HAVE_GETOPT_H -#include -#endif -#include -#include "util/log.h" -#include "daemon/daemon.h" -#include "daemon/remote.h" -#include "util/config_file.h" -#include "util/storage/slabhash.h" -#include "services/listen_dnsport.h" -#include "services/cache/rrset.h" -#include "services/cache/infra.h" -#include "util/fptr_wlist.h" -#include "util/data/msgreply.h" -#include "util/module.h" -#include "util/net_help.h" -#include "util/ub_event.h" -#include -#include -#include -#ifdef HAVE_PWD_H -#include -#endif -#ifdef HAVE_GRP_H -#include -#endif - -#ifndef S_SPLINT_S -/* splint chokes on this system header file */ -#ifdef HAVE_SYS_RESOURCE_H -#include -#endif -#endif /* S_SPLINT_S */ -#ifdef HAVE_LOGIN_CAP_H -#include -#endif - -#ifdef UB_ON_WINDOWS -# include "winrc/win_svc.h" -#endif - -#ifdef HAVE_NSS -/* nss3 */ -# include "nss.h" -#endif - -/** print usage. */ -static void usage(void) -{ - const char** m; - const char *evnm="event", *evsys="", *evmethod=""; - time_t t; - struct timeval now; - struct ub_event_base* base; - printf("usage: unbound [options]\n"); - printf(" start unbound daemon DNS resolver.\n"); - printf("-h this help\n"); - printf("-c file config file to read instead of %s\n", CONFIGFILE); - printf(" file format is described in unbound.conf(5).\n"); - printf("-d do not fork into the background.\n"); - printf("-v verbose (more times to increase verbosity)\n"); -#ifdef UB_ON_WINDOWS - printf("-w opt windows option: \n"); - printf(" install, remove - manage the services entry\n"); - printf(" service - used to start from services control panel\n"); -#endif - printf("Version %s\n", PACKAGE_VERSION); - base = ub_default_event_base(0,&t,&now); - ub_get_event_sys(base, &evnm, &evsys, &evmethod); - printf("linked libs: %s %s (it uses %s), %s\n", - evnm, evsys, evmethod, -#ifdef HAVE_SSL -# ifdef SSLEAY_VERSION - SSLeay_version(SSLEAY_VERSION) -# else - OpenSSL_version(OPENSSL_VERSION) -# endif -#elif defined(HAVE_NSS) - NSS_GetVersion() -#elif defined(HAVE_NETTLE) - "nettle" -#endif - ); - printf("linked modules:"); - for(m = module_list_avail(); *m; m++) - printf(" %s", *m); - printf("\n"); - printf("BSD licensed, see LICENSE in source package for details.\n"); - printf("Report bugs to %s\n", PACKAGE_BUGREPORT); - ub_event_base_free(base); -} - -#ifndef unbound_testbound -int replay_var_compare(const void* ATTR_UNUSED(a), const void* ATTR_UNUSED(b)) -{ - log_assert(0); - return 0; -} -#endif - -/** check file descriptor count */ -static void -checkrlimits(struct config_file* cfg) -{ -#ifndef S_SPLINT_S -#ifdef HAVE_GETRLIMIT - /* list has number of ports to listen to, ifs number addresses */ - int list = ((cfg->do_udp?1:0) + (cfg->do_tcp?1 + - (int)cfg->incoming_num_tcp:0)); - size_t listen_ifs = (size_t)(cfg->num_ifs==0? - ((cfg->do_ip4 && !cfg->if_automatic?1:0) + - (cfg->do_ip6?1:0)):cfg->num_ifs); - size_t listen_num = list*listen_ifs; - size_t outudpnum = (size_t)cfg->outgoing_num_ports; - size_t outtcpnum = cfg->outgoing_num_tcp; - size_t misc = 4; /* logfile, pidfile, stdout... */ - size_t perthread_noudp = listen_num + outtcpnum + - 2/*cmdpipe*/ + 2/*libevent*/ + misc; - size_t perthread = perthread_noudp + outudpnum; - -#if !defined(HAVE_PTHREAD) && !defined(HAVE_SOLARIS_THREADS) - int numthread = 1; /* it forks */ -#else - int numthread = (cfg->num_threads?cfg->num_threads:1); -#endif - size_t total = numthread * perthread + misc; - size_t avail; - struct rlimit rlim; - - if(total > 1024 && - strncmp(ub_event_get_version(), "mini-event", 10) == 0) { - log_warn("too many file descriptors requested. The builtin" - "mini-event cannot handle more than 1024. Config " - "for less fds or compile with libevent"); - if(numthread*perthread_noudp+15 > 1024) - fatal_exit("too much tcp. not enough fds."); - cfg->outgoing_num_ports = (int)((1024 - - numthread*perthread_noudp - - 10 /* safety margin */) /numthread); - log_warn("continuing with less udp ports: %u", - cfg->outgoing_num_ports); - total = 1024; - } - if(perthread > 64 && - strncmp(ub_event_get_version(), "winsock-event", 13) == 0) { - log_err("too many file descriptors requested. The winsock" - " event handler cannot handle more than 64 per " - " thread. Config for less fds"); - if(perthread_noudp+2 > 64) - fatal_exit("too much tcp. not enough fds."); - cfg->outgoing_num_ports = (int)((64 - - perthread_noudp - - 2/* safety margin */)); - log_warn("continuing with less udp ports: %u", - cfg->outgoing_num_ports); - total = numthread*(perthread_noudp+ - (size_t)cfg->outgoing_num_ports)+misc; - } - if(getrlimit(RLIMIT_NOFILE, &rlim) < 0) { - log_warn("getrlimit: %s", strerror(errno)); - return; - } - if(rlim.rlim_cur == (rlim_t)RLIM_INFINITY) - return; - if((size_t)rlim.rlim_cur < total) { - avail = (size_t)rlim.rlim_cur; - rlim.rlim_cur = (rlim_t)(total + 10); - rlim.rlim_max = (rlim_t)(total + 10); -#ifdef HAVE_SETRLIMIT - if(setrlimit(RLIMIT_NOFILE, &rlim) < 0) { - log_warn("setrlimit: %s", strerror(errno)); -#endif - log_warn("cannot increase max open fds from %u to %u", - (unsigned)avail, (unsigned)total+10); - /* check that calculation below does not underflow, - * with 15 as margin */ - if(numthread*perthread_noudp+15 > avail) - fatal_exit("too much tcp. not enough fds."); - cfg->outgoing_num_ports = (int)((avail - - numthread*perthread_noudp - - 10 /* safety margin */) /numthread); - log_warn("continuing with less udp ports: %u", - cfg->outgoing_num_ports); - log_warn("increase ulimit or decrease threads, " - "ports in config to remove this warning"); - return; -#ifdef HAVE_SETRLIMIT - } -#endif - verbose(VERB_ALGO, "increased limit(open files) from %u to %u", - (unsigned)avail, (unsigned)total+10); - } -#else - (void)cfg; -#endif /* HAVE_GETRLIMIT */ -#endif /* S_SPLINT_S */ -} - -/** set default logfile identity based on value from argv[0] at startup **/ -static void -log_ident_set_fromdefault(struct config_file* cfg, - const char *log_default_identity) -{ - if(cfg->log_identity == NULL || cfg->log_identity[0] == 0) - log_ident_set(log_default_identity); - else - log_ident_set(cfg->log_identity); -} - -/** set verbosity, check rlimits, cache settings */ -static void -apply_settings(struct daemon* daemon, struct config_file* cfg, - int cmdline_verbose, int debug_mode, const char* log_default_identity) -{ - /* apply if they have changed */ - verbosity = cmdline_verbose + cfg->verbosity; - if (debug_mode > 1) { - cfg->use_syslog = 0; - free(cfg->logfile); - cfg->logfile = NULL; - } - daemon_apply_cfg(daemon, cfg); - checkrlimits(cfg); - - if (cfg->use_systemd && cfg->do_daemonize) { - log_warn("use-systemd and do-daemonize should not be enabled at the same time"); - } - - log_ident_set_fromdefault(cfg, log_default_identity); -} - -#ifdef HAVE_KILL -/** Read existing pid from pidfile. - * @param file: file name of pid file. - * @return: the pid from the file or -1 if none. - */ -static pid_t -readpid (const char* file) -{ - int fd; - pid_t pid; - char pidbuf[32]; - char* t; - ssize_t l; - - if ((fd = open(file, O_RDONLY)) == -1) { - if(errno != ENOENT) - log_err("Could not read pidfile %s: %s", - file, strerror(errno)); - return -1; - } - - if (((l = read(fd, pidbuf, sizeof(pidbuf)))) == -1) { - if(errno != ENOENT) - log_err("Could not read pidfile %s: %s", - file, strerror(errno)); - close(fd); - return -1; - } - - close(fd); - - /* Empty pidfile means no pidfile... */ - if (l == 0) { - return -1; - } - - pidbuf[sizeof(pidbuf)-1] = 0; - pid = (pid_t)strtol(pidbuf, &t, 10); - - if (*t && *t != '\n') { - return -1; - } - return pid; -} - -/** write pid to file. - * @param pidfile: file name of pid file. - * @param pid: pid to write to file. - */ -static void -writepid (const char* pidfile, pid_t pid) -{ - FILE* f; - - if ((f = fopen(pidfile, "w")) == NULL ) { - log_err("cannot open pidfile %s: %s", - pidfile, strerror(errno)); - return; - } - if(fprintf(f, "%lu\n", (unsigned long)pid) < 0) { - log_err("cannot write to pidfile %s: %s", - pidfile, strerror(errno)); - } - fclose(f); -} - -/** - * check old pid file. - * @param pidfile: the file name of the pid file. - * @param inchroot: if pidfile is inchroot and we can thus expect to - * be able to delete it. - */ -static void -checkoldpid(char* pidfile, int inchroot) -{ - pid_t old; - if((old = readpid(pidfile)) != -1) { - /* see if it is still alive */ - if(kill(old, 0) == 0 || errno == EPERM) - log_warn("unbound is already running as pid %u.", - (unsigned)old); - else if(inchroot) - log_warn("did not exit gracefully last time (%u)", - (unsigned)old); - } -} -#endif /* HAVE_KILL */ - -/** detach from command line */ -static void -detach(void) -{ -#if defined(HAVE_DAEMON) && !defined(DEPRECATED_DAEMON) - /* use POSIX daemon(3) function */ - if(daemon(1, 0) != 0) - fatal_exit("daemon failed: %s", strerror(errno)); -#else /* no HAVE_DAEMON */ -#ifdef HAVE_FORK - int fd; - /* Take off... */ - switch (fork()) { - case 0: - break; - case -1: - fatal_exit("fork failed: %s", strerror(errno)); - default: - /* exit interactive session */ - exit(0); - } - /* detach */ -#ifdef HAVE_SETSID - if(setsid() == -1) - fatal_exit("setsid() failed: %s", strerror(errno)); -#endif - if ((fd = open("/dev/null", O_RDWR, 0)) != -1) { - (void)dup2(fd, STDIN_FILENO); - (void)dup2(fd, STDOUT_FILENO); - (void)dup2(fd, STDERR_FILENO); - if (fd > 2) - (void)close(fd); - } -#endif /* HAVE_FORK */ -#endif /* HAVE_DAEMON */ -} - -/** daemonize, drop user priviliges and chroot if needed */ -static void -perform_setup(struct daemon* daemon, struct config_file* cfg, int debug_mode, - const char** cfgfile) -{ -#ifdef HAVE_KILL - int pidinchroot; -#endif -#ifdef HAVE_GETPWNAM - struct passwd *pwd = NULL; - - if(cfg->username && cfg->username[0]) { - if((pwd = getpwnam(cfg->username)) == NULL) - fatal_exit("user '%s' does not exist.", cfg->username); - /* endpwent below, in case we need pwd for setusercontext */ - } -#endif -#ifdef UB_ON_WINDOWS - w_config_adjust_directory(cfg); -#endif - - /* init syslog (as root) if needed, before daemonize, otherwise - * a fork error could not be printed since daemonize closed stderr.*/ - if(cfg->use_syslog) { - log_init(cfg->logfile, cfg->use_syslog, cfg->chrootdir); - } - /* if using a logfile, we cannot open it because the logfile would - * be created with the wrong permissions, we cannot chown it because - * we cannot chown system logfiles, so we do not open at all. - * So, using a logfile, the user does not see errors unless -d is - * given to unbound on the commandline. */ - - /* read ssl keys while superuser and outside chroot */ -#ifdef HAVE_SSL - if(!(daemon->rc = daemon_remote_create(cfg))) - fatal_exit("could not set up remote-control"); - if(cfg->ssl_service_key && cfg->ssl_service_key[0]) { - if(!(daemon->listen_sslctx = listen_sslctx_create( - cfg->ssl_service_key, cfg->ssl_service_pem, NULL))) - fatal_exit("could not set up listen SSL_CTX"); - } - if(!(daemon->connect_sslctx = connect_sslctx_create(NULL, NULL, NULL))) - fatal_exit("could not set up connect SSL_CTX"); -#endif - -#ifdef HAVE_KILL - /* true if pidfile is inside chrootdir, or nochroot */ - pidinchroot = !(cfg->chrootdir && cfg->chrootdir[0]) || - (cfg->chrootdir && cfg->chrootdir[0] && - strncmp(cfg->pidfile, cfg->chrootdir, - strlen(cfg->chrootdir))==0); - - /* check old pid file before forking */ - if(cfg->pidfile && cfg->pidfile[0]) { - /* calculate position of pidfile */ - if(cfg->pidfile[0] == '/') - daemon->pidfile = strdup(cfg->pidfile); - else daemon->pidfile = fname_after_chroot(cfg->pidfile, - cfg, 1); - if(!daemon->pidfile) - fatal_exit("pidfile alloc: out of memory"); - checkoldpid(daemon->pidfile, pidinchroot); - } -#endif - - /* daemonize because pid is needed by the writepid func */ - if(!debug_mode && cfg->do_daemonize) { - detach(); - } - - /* write new pidfile (while still root, so can be outside chroot) */ -#ifdef HAVE_KILL - if(cfg->pidfile && cfg->pidfile[0]) { - writepid(daemon->pidfile, getpid()); - if(cfg->username && cfg->username[0] && cfg_uid != (uid_t)-1 && - pidinchroot) { -# ifdef HAVE_CHOWN - if(chown(daemon->pidfile, cfg_uid, cfg_gid) == -1) { - verbose(VERB_QUERY, "cannot chown %u.%u %s: %s", - (unsigned)cfg_uid, (unsigned)cfg_gid, - daemon->pidfile, strerror(errno)); - } -# endif /* HAVE_CHOWN */ - } - } -#else - (void)daemon; -#endif /* HAVE_KILL */ - - /* Set user context */ -#ifdef HAVE_GETPWNAM - if(cfg->username && cfg->username[0] && cfg_uid != (uid_t)-1) { -#ifdef HAVE_SETUSERCONTEXT - /* setusercontext does initgroups, setuid, setgid, and - * also resource limits from login config, but we - * still call setresuid, setresgid to be sure to set all uid*/ - if(setusercontext(NULL, pwd, cfg_uid, (unsigned) - LOGIN_SETALL & ~LOGIN_SETUSER & ~LOGIN_SETGROUP) != 0) - log_warn("unable to setusercontext %s: %s", - cfg->username, strerror(errno)); -#endif /* HAVE_SETUSERCONTEXT */ - } -#endif /* HAVE_GETPWNAM */ - - /* box into the chroot */ -#ifdef HAVE_CHROOT - if(cfg->chrootdir && cfg->chrootdir[0]) { - if(chdir(cfg->chrootdir)) { - fatal_exit("unable to chdir to chroot %s: %s", - cfg->chrootdir, strerror(errno)); - } - verbose(VERB_QUERY, "chdir to %s", cfg->chrootdir); - if(chroot(cfg->chrootdir)) - fatal_exit("unable to chroot to %s: %s", - cfg->chrootdir, strerror(errno)); - if(chdir("/")) - fatal_exit("unable to chdir to / in chroot %s: %s", - cfg->chrootdir, strerror(errno)); - verbose(VERB_QUERY, "chroot to %s", cfg->chrootdir); - if(strncmp(*cfgfile, cfg->chrootdir, - strlen(cfg->chrootdir)) == 0) - (*cfgfile) += strlen(cfg->chrootdir); - - /* adjust stored pidfile for chroot */ - if(daemon->pidfile && daemon->pidfile[0] && - strncmp(daemon->pidfile, cfg->chrootdir, - strlen(cfg->chrootdir))==0) { - char* old = daemon->pidfile; - daemon->pidfile = strdup(old+strlen(cfg->chrootdir)); - free(old); - if(!daemon->pidfile) - log_err("out of memory in pidfile adjust"); - } - daemon->chroot = strdup(cfg->chrootdir); - if(!daemon->chroot) - log_err("out of memory in daemon chroot dir storage"); - } -#else - (void)cfgfile; -#endif - /* change to working directory inside chroot */ - if(cfg->directory && cfg->directory[0]) { - char* dir = cfg->directory; - if(cfg->chrootdir && cfg->chrootdir[0] && - strncmp(dir, cfg->chrootdir, - strlen(cfg->chrootdir)) == 0) - dir += strlen(cfg->chrootdir); - if(dir[0]) { - if(chdir(dir)) { - fatal_exit("Could not chdir to %s: %s", - dir, strerror(errno)); - } - verbose(VERB_QUERY, "chdir to %s", dir); - } - } - - /* drop permissions after chroot, getpwnam, pidfile, syslog done*/ -#ifdef HAVE_GETPWNAM - if(cfg->username && cfg->username[0] && cfg_uid != (uid_t)-1) { -# ifdef HAVE_INITGROUPS - if(initgroups(cfg->username, cfg_gid) != 0) - log_warn("unable to initgroups %s: %s", - cfg->username, strerror(errno)); -# endif /* HAVE_INITGROUPS */ -# ifdef HAVE_ENDPWENT - endpwent(); -# endif - -#ifdef HAVE_SETRESGID - if(setresgid(cfg_gid,cfg_gid,cfg_gid) != 0) -#elif defined(HAVE_SETREGID) && !defined(DARWIN_BROKEN_SETREUID) - if(setregid(cfg_gid,cfg_gid) != 0) -#else /* use setgid */ - if(setgid(cfg_gid) != 0) -#endif /* HAVE_SETRESGID */ - fatal_exit("unable to set group id of %s: %s", - cfg->username, strerror(errno)); -#ifdef HAVE_SETRESUID - if(setresuid(cfg_uid,cfg_uid,cfg_uid) != 0) -#elif defined(HAVE_SETREUID) && !defined(DARWIN_BROKEN_SETREUID) - if(setreuid(cfg_uid,cfg_uid) != 0) -#else /* use setuid */ - if(setuid(cfg_uid) != 0) -#endif /* HAVE_SETRESUID */ - fatal_exit("unable to set user id of %s: %s", - cfg->username, strerror(errno)); - verbose(VERB_QUERY, "drop user privileges, run as %s", - cfg->username); - } -#endif /* HAVE_GETPWNAM */ - /* file logging inited after chroot,chdir,setuid is done so that - * it would succeed on SIGHUP as well */ - if(!cfg->use_syslog) - log_init(cfg->logfile, cfg->use_syslog, cfg->chrootdir); -} - -/** - * Run the daemon. - * @param cfgfile: the config file name. - * @param cmdline_verbose: verbosity resulting from commandline -v. - * These increase verbosity as specified in the config file. - * @param debug_mode: if set, do not daemonize. - * @param log_default_identity: Default identity to report in logs - */ -static void -run_daemon(const char* cfgfile, int cmdline_verbose, int debug_mode, const char* log_default_identity) -{ - struct config_file* cfg = NULL; - struct daemon* daemon = NULL; - int done_setup = 0; - - if(!(daemon = daemon_init())) - fatal_exit("alloc failure"); - while(!daemon->need_to_exit) { - if(done_setup) - verbose(VERB_OPS, "Restart of %s.", PACKAGE_STRING); - else verbose(VERB_OPS, "Start of %s.", PACKAGE_STRING); - - /* config stuff */ - if(!(cfg = config_create())) - fatal_exit("Could not alloc config defaults"); - if(!config_read(cfg, cfgfile, daemon->chroot)) { - if(errno != ENOENT) - fatal_exit("Could not read config file: %s", - cfgfile); - log_warn("Continuing with default config settings"); - } - apply_settings(daemon, cfg, cmdline_verbose, debug_mode, log_default_identity); - if(!done_setup) - config_lookup_uid(cfg); - - /* prepare */ - if(!daemon_open_shared_ports(daemon)) - fatal_exit("could not open ports"); - if(!done_setup) { - perform_setup(daemon, cfg, debug_mode, &cfgfile); - done_setup = 1; - } else { - /* reopen log after HUP to facilitate log rotation */ - if(!cfg->use_syslog) - log_init(cfg->logfile, 0, cfg->chrootdir); - } - /* work */ - daemon_fork(daemon); - - /* clean up for restart */ - verbose(VERB_ALGO, "cleanup."); - daemon_cleanup(daemon); - config_delete(cfg); - } - verbose(VERB_ALGO, "Exit cleanup."); - /* this unlink may not work if the pidfile is located outside - * of the chroot/workdir or we no longer have permissions */ - if(daemon->pidfile) { - int fd; - /* truncate pidfile */ - fd = open(daemon->pidfile, O_WRONLY | O_TRUNC, 0644); - if(fd != -1) - close(fd); - /* delete pidfile */ - unlink(daemon->pidfile); - } - daemon_delete(daemon); -} - -/** getopt global, in case header files fail to declare it. */ -extern int optind; -/** getopt global, in case header files fail to declare it. */ -extern char* optarg; - -/** - * main program. Set options given commandline arguments. - * @param argc: number of commandline arguments. - * @param argv: array of commandline arguments. - * @return: exit status of the program. - */ -int -main(int argc, char* argv[]) -{ - int c; - const char* cfgfile = CONFIGFILE; - const char* winopt = NULL; - const char* log_ident_default; - int cmdline_verbose = 0; - int debug_mode = 0; -#ifdef UB_ON_WINDOWS - int cmdline_cfg = 0; -#endif - - log_init(NULL, 0, NULL); - log_ident_default = strrchr(argv[0],'/')?strrchr(argv[0],'/')+1:argv[0]; - log_ident_set(log_ident_default); - /* parse the options */ - while( (c=getopt(argc, argv, "c:dhvw:")) != -1) { - switch(c) { - case 'c': - cfgfile = optarg; -#ifdef UB_ON_WINDOWS - cmdline_cfg = 1; -#endif - break; - case 'v': - cmdline_verbose++; - verbosity++; - break; - case 'd': - debug_mode++; - break; - case 'w': - winopt = optarg; - break; - case '?': - case 'h': - default: - usage(); - return 1; - } - } - argc -= optind; - argv += optind; - - if(winopt) { -#ifdef UB_ON_WINDOWS - wsvc_command_option(winopt, cfgfile, cmdline_verbose, - cmdline_cfg); -#else - fatal_exit("option not supported"); -#endif - } - - if(argc != 0) { - usage(); - return 1; - } - - run_daemon(cfgfile, cmdline_verbose, debug_mode, log_ident_default); - log_init(NULL, 0, NULL); /* close logfile */ - return 0; -} diff --git a/external/unbound/daemon/worker.c b/external/unbound/daemon/worker.c deleted file mode 100644 index b1cc974aa..000000000 --- a/external/unbound/daemon/worker.c +++ /dev/null @@ -1,1883 +0,0 @@ -/* - * daemon/worker.c - worker that handles a pending list of requests. - * - * Copyright (c) 2007, NLnet Labs. All rights reserved. - * - * This software is open source. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * Redistributions of source code must retain the above copyright notice, - * this list of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, - * this list of conditions and the following disclaimer in the documentation - * and/or other materials provided with the distribution. - * - * Neither the name of the NLNET LABS nor the names of its contributors may - * be used to endorse or promote products derived from this software without - * specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR - * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT - * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED - * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR - * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF - * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING - * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -/** - * \file - * - * This file implements the worker that handles callbacks on events, for - * pending requests. - */ -#include "config.h" -#include "util/log.h" -#include "util/net_help.h" -#include "util/random.h" -#include "daemon/worker.h" -#include "daemon/daemon.h" -#include "daemon/remote.h" -#include "daemon/acl_list.h" -#include "util/netevent.h" -#include "util/config_file.h" -#include "util/module.h" -#include "util/regional.h" -#include "util/storage/slabhash.h" -#include "services/listen_dnsport.h" -#include "services/outside_network.h" -#include "services/outbound_list.h" -#include "services/cache/rrset.h" -#include "services/cache/infra.h" -#include "services/cache/dns.h" -#include "services/mesh.h" -#include "services/localzone.h" -#include "util/data/msgparse.h" -#include "util/data/msgencode.h" -#include "util/data/dname.h" -#include "util/fptr_wlist.h" -#include "util/tube.h" -#include "iterator/iter_fwd.h" -#include "iterator/iter_hints.h" -#include "validator/autotrust.h" -#include "validator/val_anchor.h" -#include "respip/respip.h" -#include "libunbound/context.h" -#include "libunbound/libworker.h" -#include "sldns/sbuffer.h" -#include "sldns/wire2str.h" -#include "util/shm_side/shm_main.h" -#include "dnscrypt/dnscrypt.h" - -#ifdef HAVE_SYS_TYPES_H -# include -#endif -#ifdef HAVE_NETDB_H -#include -#endif -#include -#ifdef UB_ON_WINDOWS -#include "winrc/win_svc.h" -#endif - -/** Size of an UDP datagram */ -#define NORMAL_UDP_SIZE 512 /* bytes */ -/** ratelimit for error responses */ -#define ERROR_RATELIMIT 100 /* qps */ - -/** - * seconds to add to prefetch leeway. This is a TTL that expires old rrsets - * earlier than they should in order to put the new update into the cache. - * This additional value is to make sure that if not all TTLs are equal in - * the message to be updated(and replaced), that rrsets with up to this much - * extra TTL are also replaced. This means that the resulting new message - * will have (most likely) this TTL at least, avoiding very small 'split - * second' TTLs due to operators choosing relative primes for TTLs (or so). - * Also has to be at least one to break ties (and overwrite cached entry). - */ -#define PREFETCH_EXPIRY_ADD 60 - -/** Report on memory usage by this thread and global */ -static void -worker_mem_report(struct worker* ATTR_UNUSED(worker), - struct serviced_query* ATTR_UNUSED(cur_serv)) -{ -#ifdef UNBOUND_ALLOC_STATS - /* measure memory leakage */ - extern size_t unbound_mem_alloc, unbound_mem_freed; - /* debug func in validator module */ - size_t total, front, back, mesh, msg, rrset, infra, ac, superac; - size_t me, iter, val, anch; - int i; -#ifdef CLIENT_SUBNET - size_t subnet = 0; -#endif /* CLIENT_SUBNET */ - if(verbosity < VERB_ALGO) - return; - front = listen_get_mem(worker->front); - back = outnet_get_mem(worker->back); - msg = slabhash_get_mem(worker->env.msg_cache); - rrset = slabhash_get_mem(&worker->env.rrset_cache->table); - infra = infra_get_mem(worker->env.infra_cache); - mesh = mesh_get_mem(worker->env.mesh); - ac = alloc_get_mem(&worker->alloc); - superac = alloc_get_mem(&worker->daemon->superalloc); - anch = anchors_get_mem(worker->env.anchors); - iter = 0; - val = 0; - for(i=0; ienv.mesh->mods.num; i++) { - fptr_ok(fptr_whitelist_mod_get_mem(worker->env.mesh-> - mods.mod[i]->get_mem)); - if(strcmp(worker->env.mesh->mods.mod[i]->name, "validator")==0) - val += (*worker->env.mesh->mods.mod[i]->get_mem) - (&worker->env, i); -#ifdef CLIENT_SUBNET - else if(strcmp(worker->env.mesh->mods.mod[i]->name, - "subnet")==0) - subnet += (*worker->env.mesh->mods.mod[i]->get_mem) - (&worker->env, i); -#endif /* CLIENT_SUBNET */ - else iter += (*worker->env.mesh->mods.mod[i]->get_mem) - (&worker->env, i); - } - me = sizeof(*worker) + sizeof(*worker->base) + sizeof(*worker->comsig) - + comm_point_get_mem(worker->cmd_com) - + sizeof(worker->rndstate) - + regional_get_mem(worker->scratchpad) - + sizeof(*worker->env.scratch_buffer) - + sldns_buffer_capacity(worker->env.scratch_buffer) - + forwards_get_mem(worker->env.fwds) - + hints_get_mem(worker->env.hints); - if(worker->thread_num == 0) - me += acl_list_get_mem(worker->daemon->acl); - if(cur_serv) { - me += serviced_get_mem(cur_serv); - } - total = front+back+mesh+msg+rrset+infra+iter+val+ac+superac+me; -#ifdef CLIENT_SUBNET - total += subnet; - log_info("Memory conditions: %u front=%u back=%u mesh=%u msg=%u " - "rrset=%u infra=%u iter=%u val=%u subnet=%u anchors=%u " - "alloccache=%u globalalloccache=%u me=%u", - (unsigned)total, (unsigned)front, (unsigned)back, - (unsigned)mesh, (unsigned)msg, (unsigned)rrset, (unsigned)infra, - (unsigned)iter, (unsigned)val, - (unsigned)subnet, (unsigned)anch, (unsigned)ac, - (unsigned)superac, (unsigned)me); -#else /* no CLIENT_SUBNET */ - log_info("Memory conditions: %u front=%u back=%u mesh=%u msg=%u " - "rrset=%u infra=%u iter=%u val=%u anchors=%u " - "alloccache=%u globalalloccache=%u me=%u", - (unsigned)total, (unsigned)front, (unsigned)back, - (unsigned)mesh, (unsigned)msg, (unsigned)rrset, - (unsigned)infra, (unsigned)iter, (unsigned)val, (unsigned)anch, - (unsigned)ac, (unsigned)superac, (unsigned)me); -#endif /* CLIENT_SUBNET */ - log_info("Total heap memory estimate: %u total-alloc: %u " - "total-free: %u", (unsigned)total, - (unsigned)unbound_mem_alloc, (unsigned)unbound_mem_freed); -#else /* no UNBOUND_ALLOC_STATS */ - size_t val = 0; -#ifdef CLIENT_SUBNET - size_t subnet = 0; -#endif /* CLIENT_SUBNET */ - int i; - if(verbosity < VERB_QUERY) - return; - for(i=0; ienv.mesh->mods.num; i++) { - fptr_ok(fptr_whitelist_mod_get_mem(worker->env.mesh-> - mods.mod[i]->get_mem)); - if(strcmp(worker->env.mesh->mods.mod[i]->name, "validator")==0) - val += (*worker->env.mesh->mods.mod[i]->get_mem) - (&worker->env, i); -#ifdef CLIENT_SUBNET - else if(strcmp(worker->env.mesh->mods.mod[i]->name, - "subnet")==0) - subnet += (*worker->env.mesh->mods.mod[i]->get_mem) - (&worker->env, i); -#endif /* CLIENT_SUBNET */ - } -#ifdef CLIENT_SUBNET - verbose(VERB_QUERY, "cache memory msg=%u rrset=%u infra=%u val=%u " - "subnet=%u", - (unsigned)slabhash_get_mem(worker->env.msg_cache), - (unsigned)slabhash_get_mem(&worker->env.rrset_cache->table), - (unsigned)infra_get_mem(worker->env.infra_cache), - (unsigned)val, (unsigned)subnet); -#else /* no CLIENT_SUBNET */ - verbose(VERB_QUERY, "cache memory msg=%u rrset=%u infra=%u val=%u", - (unsigned)slabhash_get_mem(worker->env.msg_cache), - (unsigned)slabhash_get_mem(&worker->env.rrset_cache->table), - (unsigned)infra_get_mem(worker->env.infra_cache), - (unsigned)val); -#endif /* CLIENT_SUBNET */ -#endif /* UNBOUND_ALLOC_STATS */ -} - -void -worker_send_cmd(struct worker* worker, enum worker_commands cmd) -{ - uint32_t c = (uint32_t)htonl(cmd); - if(!tube_write_msg(worker->cmd, (uint8_t*)&c, sizeof(c), 0)) { - log_err("worker send cmd %d failed", (int)cmd); - } -} - -int -worker_handle_reply(struct comm_point* c, void* arg, int error, - struct comm_reply* reply_info) -{ - struct module_qstate* q = (struct module_qstate*)arg; - struct worker* worker = q->env->worker; - struct outbound_entry e; - e.qstate = q; - e.qsent = NULL; - - if(error != 0) { - mesh_report_reply(worker->env.mesh, &e, reply_info, error); - worker_mem_report(worker, NULL); - return 0; - } - /* sanity check. */ - if(!LDNS_QR_WIRE(sldns_buffer_begin(c->buffer)) - || LDNS_OPCODE_WIRE(sldns_buffer_begin(c->buffer)) != - LDNS_PACKET_QUERY - || LDNS_QDCOUNT(sldns_buffer_begin(c->buffer)) > 1) { - /* error becomes timeout for the module as if this reply - * never arrived. */ - mesh_report_reply(worker->env.mesh, &e, reply_info, - NETEVENT_TIMEOUT); - worker_mem_report(worker, NULL); - return 0; - } - mesh_report_reply(worker->env.mesh, &e, reply_info, NETEVENT_NOERROR); - worker_mem_report(worker, NULL); - return 0; -} - -int -worker_handle_service_reply(struct comm_point* c, void* arg, int error, - struct comm_reply* reply_info) -{ - struct outbound_entry* e = (struct outbound_entry*)arg; - struct worker* worker = e->qstate->env->worker; - struct serviced_query *sq = e->qsent; - - verbose(VERB_ALGO, "worker svcd callback for qstate %p", e->qstate); - if(error != 0) { - mesh_report_reply(worker->env.mesh, e, reply_info, error); - worker_mem_report(worker, sq); - return 0; - } - /* sanity check. */ - if(!LDNS_QR_WIRE(sldns_buffer_begin(c->buffer)) - || LDNS_OPCODE_WIRE(sldns_buffer_begin(c->buffer)) != - LDNS_PACKET_QUERY - || LDNS_QDCOUNT(sldns_buffer_begin(c->buffer)) > 1) { - /* error becomes timeout for the module as if this reply - * never arrived. */ - verbose(VERB_ALGO, "worker: bad reply handled as timeout"); - mesh_report_reply(worker->env.mesh, e, reply_info, - NETEVENT_TIMEOUT); - worker_mem_report(worker, sq); - return 0; - } - mesh_report_reply(worker->env.mesh, e, reply_info, NETEVENT_NOERROR); - worker_mem_report(worker, sq); - return 0; -} - -/** ratelimit error replies - * @param worker: the worker struct with ratelimit counter - * @param err: error code that would be wanted. - * @return value of err if okay, or -1 if it should be discarded instead. - */ -static int -worker_err_ratelimit(struct worker* worker, int err) -{ - if(worker->err_limit_time == *worker->env.now) { - /* see if limit is exceeded for this second */ - if(worker->err_limit_count++ > ERROR_RATELIMIT) - return -1; - } else { - /* new second, new limits */ - worker->err_limit_time = *worker->env.now; - worker->err_limit_count = 1; - } - return err; -} - -/** check request sanity. - * @param pkt: the wire packet to examine for sanity. - * @param worker: parameters for checking. - * @return error code, 0 OK, or -1 discard. -*/ -static int -worker_check_request(sldns_buffer* pkt, struct worker* worker) -{ - if(sldns_buffer_limit(pkt) < LDNS_HEADER_SIZE) { - verbose(VERB_QUERY, "request too short, discarded"); - return -1; - } - if(sldns_buffer_limit(pkt) > NORMAL_UDP_SIZE && - worker->daemon->cfg->harden_large_queries) { - verbose(VERB_QUERY, "request too large, discarded"); - return -1; - } - if(LDNS_QR_WIRE(sldns_buffer_begin(pkt))) { - verbose(VERB_QUERY, "request has QR bit on, discarded"); - return -1; - } - if(LDNS_TC_WIRE(sldns_buffer_begin(pkt))) { - LDNS_TC_CLR(sldns_buffer_begin(pkt)); - verbose(VERB_QUERY, "request bad, has TC bit on"); - return worker_err_ratelimit(worker, LDNS_RCODE_FORMERR); - } - if(LDNS_OPCODE_WIRE(sldns_buffer_begin(pkt)) != LDNS_PACKET_QUERY) { - verbose(VERB_QUERY, "request unknown opcode %d", - LDNS_OPCODE_WIRE(sldns_buffer_begin(pkt))); - return worker_err_ratelimit(worker, LDNS_RCODE_NOTIMPL); - } - if(LDNS_QDCOUNT(sldns_buffer_begin(pkt)) != 1) { - verbose(VERB_QUERY, "request wrong nr qd=%d", - LDNS_QDCOUNT(sldns_buffer_begin(pkt))); - return worker_err_ratelimit(worker, LDNS_RCODE_FORMERR); - } - if(LDNS_ANCOUNT(sldns_buffer_begin(pkt)) != 0) { - verbose(VERB_QUERY, "request wrong nr an=%d", - LDNS_ANCOUNT(sldns_buffer_begin(pkt))); - return worker_err_ratelimit(worker, LDNS_RCODE_FORMERR); - } - if(LDNS_NSCOUNT(sldns_buffer_begin(pkt)) != 0) { - verbose(VERB_QUERY, "request wrong nr ns=%d", - LDNS_NSCOUNT(sldns_buffer_begin(pkt))); - return worker_err_ratelimit(worker, LDNS_RCODE_FORMERR); - } - if(LDNS_ARCOUNT(sldns_buffer_begin(pkt)) > 1) { - verbose(VERB_QUERY, "request wrong nr ar=%d", - LDNS_ARCOUNT(sldns_buffer_begin(pkt))); - return worker_err_ratelimit(worker, LDNS_RCODE_FORMERR); - } - return 0; -} - -void -worker_handle_control_cmd(struct tube* ATTR_UNUSED(tube), uint8_t* msg, - size_t len, int error, void* arg) -{ - struct worker* worker = (struct worker*)arg; - enum worker_commands cmd; - if(error != NETEVENT_NOERROR) { - free(msg); - if(error == NETEVENT_CLOSED) - comm_base_exit(worker->base); - else log_info("control event: %d", error); - return; - } - if(len != sizeof(uint32_t)) { - fatal_exit("bad control msg length %d", (int)len); - } - cmd = sldns_read_uint32(msg); - free(msg); - switch(cmd) { - case worker_cmd_quit: - verbose(VERB_ALGO, "got control cmd quit"); - comm_base_exit(worker->base); - break; - case worker_cmd_stats: - verbose(VERB_ALGO, "got control cmd stats"); - server_stats_reply(worker, 1); - break; - case worker_cmd_stats_noreset: - verbose(VERB_ALGO, "got control cmd stats_noreset"); - server_stats_reply(worker, 0); - break; - case worker_cmd_remote: - verbose(VERB_ALGO, "got control cmd remote"); - daemon_remote_exec(worker); - break; - default: - log_err("bad command %d", (int)cmd); - break; - } -} - -/** check if a delegation is secure */ -static enum sec_status -check_delegation_secure(struct reply_info *rep) -{ - /* return smallest security status */ - size_t i; - enum sec_status sec = sec_status_secure; - enum sec_status s; - size_t num = rep->an_numrrsets + rep->ns_numrrsets; - /* check if answer and authority are OK */ - for(i=0; irrsets[i]->entry.data) - ->security; - if(s < sec) - sec = s; - } - /* in additional, only unchecked triggers revalidation */ - for(i=num; irrset_count; i++) { - s = ((struct packed_rrset_data*)rep->rrsets[i]->entry.data) - ->security; - if(s == sec_status_unchecked) - return s; - } - return sec; -} - -/** remove nonsecure from a delegation referral additional section */ -static void -deleg_remove_nonsecure_additional(struct reply_info* rep) -{ - /* we can simply edit it, since we are working in the scratch region */ - size_t i; - enum sec_status s; - - for(i = rep->an_numrrsets+rep->ns_numrrsets; irrset_count; i++) { - s = ((struct packed_rrset_data*)rep->rrsets[i]->entry.data) - ->security; - if(s != sec_status_secure) { - memmove(rep->rrsets+i, rep->rrsets+i+1, - sizeof(struct ub_packed_rrset_key*)* - (rep->rrset_count - i - 1)); - rep->ar_numrrsets--; - rep->rrset_count--; - i--; - } - } -} - -/** answer nonrecursive query from the cache */ -static int -answer_norec_from_cache(struct worker* worker, struct query_info* qinfo, - uint16_t id, uint16_t flags, struct comm_reply* repinfo, - struct edns_data* edns) -{ - /* for a nonrecursive query return either: - * o an error (servfail; we try to avoid this) - * o a delegation (closest we have; this routine tries that) - * o the answer (checked by answer_from_cache) - * - * So, grab a delegation from the rrset cache. - * Then check if it needs validation, if so, this routine fails, - * so that iterator can prime and validator can verify rrsets. - */ - uint16_t udpsize = edns->udp_size; - int secure = 0; - time_t timenow = *worker->env.now; - int must_validate = (!(flags&BIT_CD) || worker->env.cfg->ignore_cd) - && worker->env.need_to_validate; - struct dns_msg *msg = NULL; - struct delegpt *dp; - - dp = dns_cache_find_delegation(&worker->env, qinfo->qname, - qinfo->qname_len, qinfo->qtype, qinfo->qclass, - worker->scratchpad, &msg, timenow); - if(!dp) { /* no delegation, need to reprime */ - return 0; - } - /* In case we have a local alias, copy it into the delegation message. - * Shallow copy should be fine, as we'll be done with msg in this - * function. */ - msg->qinfo.local_alias = qinfo->local_alias; - if(must_validate) { - switch(check_delegation_secure(msg->rep)) { - case sec_status_unchecked: - /* some rrsets have not been verified yet, go and - * let validator do that */ - return 0; - case sec_status_bogus: - /* some rrsets are bogus, reply servfail */ - edns->edns_version = EDNS_ADVERTISED_VERSION; - edns->udp_size = EDNS_ADVERTISED_SIZE; - edns->ext_rcode = 0; - edns->bits &= EDNS_DO; - if(!inplace_cb_reply_servfail_call(&worker->env, qinfo, NULL, - msg->rep, LDNS_RCODE_SERVFAIL, edns, worker->scratchpad)) - return 0; - error_encode(repinfo->c->buffer, LDNS_RCODE_SERVFAIL, - &msg->qinfo, id, flags, edns); - if(worker->stats.extended) { - worker->stats.ans_bogus++; - worker->stats.ans_rcode[LDNS_RCODE_SERVFAIL]++; - } - return 1; - case sec_status_secure: - /* all rrsets are secure */ - /* remove non-secure rrsets from the add. section*/ - if(worker->env.cfg->val_clean_additional) - deleg_remove_nonsecure_additional(msg->rep); - secure = 1; - break; - case sec_status_indeterminate: - case sec_status_insecure: - default: - /* not secure */ - secure = 0; - break; - } - } - /* return this delegation from the cache */ - edns->edns_version = EDNS_ADVERTISED_VERSION; - edns->udp_size = EDNS_ADVERTISED_SIZE; - edns->ext_rcode = 0; - edns->bits &= EDNS_DO; - if(!inplace_cb_reply_cache_call(&worker->env, qinfo, NULL, msg->rep, - (int)(flags&LDNS_RCODE_MASK), edns, worker->scratchpad)) - return 0; - msg->rep->flags |= BIT_QR|BIT_RA; - if(!reply_info_answer_encode(&msg->qinfo, msg->rep, id, flags, - repinfo->c->buffer, 0, 1, worker->scratchpad, - udpsize, edns, (int)(edns->bits & EDNS_DO), secure)) { - if(!inplace_cb_reply_servfail_call(&worker->env, qinfo, NULL, NULL, - LDNS_RCODE_SERVFAIL, edns, worker->scratchpad)) - edns->opt_list = NULL; - error_encode(repinfo->c->buffer, LDNS_RCODE_SERVFAIL, - &msg->qinfo, id, flags, edns); - } - if(worker->stats.extended) { - if(secure) worker->stats.ans_secure++; - server_stats_insrcode(&worker->stats, repinfo->c->buffer); - } - return 1; -} - -/** Apply, if applicable, a response IP action to a cached answer. - * If the answer is rewritten as a result of an action, '*encode_repp' will - * point to the reply info containing the modified answer. '*encode_repp' will - * be intact otherwise. - * It returns 1 on success, 0 otherwise. */ -static int -apply_respip_action(struct worker* worker, const struct query_info* qinfo, - struct respip_client_info* cinfo, struct reply_info* rep, - struct comm_reply* repinfo, struct ub_packed_rrset_key** alias_rrset, - struct reply_info** encode_repp) -{ - struct respip_action_info actinfo = {respip_none, NULL}; - - if(qinfo->qtype != LDNS_RR_TYPE_A && - qinfo->qtype != LDNS_RR_TYPE_AAAA && - qinfo->qtype != LDNS_RR_TYPE_ANY) - return 1; - - if(!respip_rewrite_reply(qinfo, cinfo, rep, encode_repp, &actinfo, - alias_rrset, 0, worker->scratchpad)) - return 0; - - /* xxx_deny actions mean dropping the reply, unless the original reply - * was redirected to response-ip data. */ - if((actinfo.action == respip_deny || - actinfo.action == respip_inform_deny) && - *encode_repp == rep) - *encode_repp = NULL; - - /* If address info is returned, it means the action should be an - * 'inform' variant and the information should be logged. */ - if(actinfo.addrinfo) { - respip_inform_print(actinfo.addrinfo, qinfo->qname, - qinfo->qtype, qinfo->qclass, qinfo->local_alias, - repinfo); - } - - return 1; -} - -/** answer query from the cache. - * Normally, the answer message will be built in repinfo->c->buffer; if the - * answer is supposed to be suppressed or the answer is supposed to be an - * incomplete CNAME chain, the buffer is explicitly cleared to signal the - * caller as such. In the latter case *partial_rep will point to the incomplete - * reply, and this function is (possibly) supposed to be called again with that - * *partial_rep value to complete the chain. In addition, if the query should - * be completely dropped, '*need_drop' will be set to 1. */ -static int -answer_from_cache(struct worker* worker, struct query_info* qinfo, - struct respip_client_info* cinfo, int* need_drop, - struct ub_packed_rrset_key** alias_rrset, - struct reply_info** partial_repp, - struct reply_info* rep, uint16_t id, uint16_t flags, - struct comm_reply* repinfo, struct edns_data* edns) -{ - time_t timenow = *worker->env.now; - uint16_t udpsize = edns->udp_size; - struct reply_info* encode_rep = rep; - struct reply_info* partial_rep = *partial_repp; - int secure; - int must_validate = (!(flags&BIT_CD) || worker->env.cfg->ignore_cd) - && worker->env.need_to_validate; - *partial_repp = NULL; /* avoid accidental further pass */ - if(worker->env.cfg->serve_expired) { - /* always lock rrsets, rep->ttl is ignored */ - if(!rrset_array_lock(rep->ref, rep->rrset_count, 0)) - return 0; - /* below, rrsets with ttl before timenow become TTL 0 in - * the response */ - /* This response was served with zero TTL */ - if (timenow >= rep->ttl) { - worker->stats.zero_ttl_responses++; - } - } else { - /* see if it is possible */ - if(rep->ttl < timenow) { - /* the rrsets may have been updated in the meantime. - * we will refetch the message format from the - * authoritative server - */ - return 0; - } - if(!rrset_array_lock(rep->ref, rep->rrset_count, timenow)) - return 0; - /* locked and ids and ttls are OK. */ - } - /* check CNAME chain (if any) */ - if(rep->an_numrrsets > 0 && (rep->rrsets[0]->rk.type == - htons(LDNS_RR_TYPE_CNAME) || rep->rrsets[0]->rk.type == - htons(LDNS_RR_TYPE_DNAME))) { - if(!reply_check_cname_chain(qinfo, rep)) { - /* cname chain invalid, redo iterator steps */ - verbose(VERB_ALGO, "Cache reply: cname chain broken"); - bail_out: - rrset_array_unlock_touch(worker->env.rrset_cache, - worker->scratchpad, rep->ref, rep->rrset_count); - return 0; - } - } - /* check security status of the cached answer */ - if( rep->security == sec_status_bogus && must_validate) { - /* BAD cached */ - edns->edns_version = EDNS_ADVERTISED_VERSION; - edns->udp_size = EDNS_ADVERTISED_SIZE; - edns->ext_rcode = 0; - edns->bits &= EDNS_DO; - if(!inplace_cb_reply_servfail_call(&worker->env, qinfo, NULL, rep, - LDNS_RCODE_SERVFAIL, edns, worker->scratchpad)) - goto bail_out; - error_encode(repinfo->c->buffer, LDNS_RCODE_SERVFAIL, - qinfo, id, flags, edns); - rrset_array_unlock_touch(worker->env.rrset_cache, - worker->scratchpad, rep->ref, rep->rrset_count); - if(worker->stats.extended) { - worker->stats.ans_bogus ++; - worker->stats.ans_rcode[LDNS_RCODE_SERVFAIL] ++; - } - return 1; - } else if( rep->security == sec_status_unchecked && must_validate) { - verbose(VERB_ALGO, "Cache reply: unchecked entry needs " - "validation"); - goto bail_out; /* need to validate cache entry first */ - } else if(rep->security == sec_status_secure) { - if(reply_all_rrsets_secure(rep)) - secure = 1; - else { - if(must_validate) { - verbose(VERB_ALGO, "Cache reply: secure entry" - " changed status"); - goto bail_out; /* rrset changed, re-verify */ - } - secure = 0; - } - } else secure = 0; - - edns->edns_version = EDNS_ADVERTISED_VERSION; - edns->udp_size = EDNS_ADVERTISED_SIZE; - edns->ext_rcode = 0; - edns->bits &= EDNS_DO; - if(!inplace_cb_reply_cache_call(&worker->env, qinfo, NULL, rep, - (int)(flags&LDNS_RCODE_MASK), edns, worker->scratchpad)) - goto bail_out; - *alias_rrset = NULL; /* avoid confusion if caller set it to non-NULL */ - if(worker->daemon->use_response_ip && !partial_rep && - !apply_respip_action(worker, qinfo, cinfo, rep, repinfo, alias_rrset, - &encode_rep)) { - goto bail_out; - } else if(partial_rep && - !respip_merge_cname(partial_rep, qinfo, rep, cinfo, - must_validate, &encode_rep, worker->scratchpad)) { - goto bail_out; - } - if(encode_rep != rep) - secure = 0; /* if rewritten, it can't be considered "secure" */ - if(!encode_rep || *alias_rrset) { - sldns_buffer_clear(repinfo->c->buffer); - sldns_buffer_flip(repinfo->c->buffer); - if(!encode_rep) - *need_drop = 1; - else { - /* If a partial CNAME chain is found, we first need to - * make a copy of the reply in the scratchpad so we - * can release the locks and lookup the cache again. */ - *partial_repp = reply_info_copy(encode_rep, NULL, - worker->scratchpad); - if(!*partial_repp) - goto bail_out; - } - } else if(!reply_info_answer_encode(qinfo, encode_rep, id, flags, - repinfo->c->buffer, timenow, 1, worker->scratchpad, - udpsize, edns, (int)(edns->bits & EDNS_DO), secure)) { - if(!inplace_cb_reply_servfail_call(&worker->env, qinfo, NULL, NULL, - LDNS_RCODE_SERVFAIL, edns, worker->scratchpad)) - edns->opt_list = NULL; - error_encode(repinfo->c->buffer, LDNS_RCODE_SERVFAIL, - qinfo, id, flags, edns); - } - /* cannot send the reply right now, because blocking network syscall - * is bad while holding locks. */ - rrset_array_unlock_touch(worker->env.rrset_cache, worker->scratchpad, - rep->ref, rep->rrset_count); - if(worker->stats.extended) { - if(secure) worker->stats.ans_secure++; - server_stats_insrcode(&worker->stats, repinfo->c->buffer); - } - /* go and return this buffer to the client */ - return 1; -} - -/** Reply to client and perform prefetch to keep cache up to date. - * If the buffer for the reply is empty, it indicates that only prefetch is - * necessary and the reply should be suppressed (because it's dropped or - * being deferred). */ -static void -reply_and_prefetch(struct worker* worker, struct query_info* qinfo, - uint16_t flags, struct comm_reply* repinfo, time_t leeway) -{ - /* first send answer to client to keep its latency - * as small as a cachereply */ - if(sldns_buffer_limit(repinfo->c->buffer) != 0) - comm_point_send_reply(repinfo); - server_stats_prefetch(&worker->stats, worker); - - /* create the prefetch in the mesh as a normal lookup without - * client addrs waiting, which has the cache blacklisted (to bypass - * the cache and go to the network for the data). */ - /* this (potentially) runs the mesh for the new query */ - mesh_new_prefetch(worker->env.mesh, qinfo, flags, leeway + - PREFETCH_EXPIRY_ADD); -} - -/** - * Fill CH class answer into buffer. Keeps query. - * @param pkt: buffer - * @param str: string to put into text record (<255). - * array of strings, every string becomes a text record. - * @param num: number of strings in array. - * @param edns: edns reply information. - * @param worker: worker with scratch region. - */ -static void -chaos_replystr(sldns_buffer* pkt, char** str, int num, struct edns_data* edns, - struct worker* worker) -{ - int i; - unsigned int rd = LDNS_RD_WIRE(sldns_buffer_begin(pkt)); - unsigned int cd = LDNS_CD_WIRE(sldns_buffer_begin(pkt)); - sldns_buffer_clear(pkt); - sldns_buffer_skip(pkt, (ssize_t)sizeof(uint16_t)); /* skip id */ - sldns_buffer_write_u16(pkt, (uint16_t)(BIT_QR|BIT_RA)); - if(rd) LDNS_RD_SET(sldns_buffer_begin(pkt)); - if(cd) LDNS_CD_SET(sldns_buffer_begin(pkt)); - sldns_buffer_write_u16(pkt, 1); /* qdcount */ - sldns_buffer_write_u16(pkt, (uint16_t)num); /* ancount */ - sldns_buffer_write_u16(pkt, 0); /* nscount */ - sldns_buffer_write_u16(pkt, 0); /* arcount */ - (void)query_dname_len(pkt); /* skip qname */ - sldns_buffer_skip(pkt, (ssize_t)sizeof(uint16_t)); /* skip qtype */ - sldns_buffer_skip(pkt, (ssize_t)sizeof(uint16_t)); /* skip qclass */ - for(i=0; i255) len=255; /* cap size of TXT record */ - sldns_buffer_write_u16(pkt, 0xc00c); /* compr ptr to query */ - sldns_buffer_write_u16(pkt, LDNS_RR_TYPE_TXT); - sldns_buffer_write_u16(pkt, LDNS_RR_CLASS_CH); - sldns_buffer_write_u32(pkt, 0); /* TTL */ - sldns_buffer_write_u16(pkt, sizeof(uint8_t) + len); - sldns_buffer_write_u8(pkt, len); - sldns_buffer_write(pkt, str[i], len); - } - sldns_buffer_flip(pkt); - edns->edns_version = EDNS_ADVERTISED_VERSION; - edns->udp_size = EDNS_ADVERTISED_SIZE; - edns->bits &= EDNS_DO; - if(!inplace_cb_reply_local_call(&worker->env, NULL, NULL, NULL, - LDNS_RCODE_NOERROR, edns, worker->scratchpad)) - edns->opt_list = NULL; - attach_edns_record(pkt, edns); -} - -/** Reply with one string */ -static void -chaos_replyonestr(sldns_buffer* pkt, const char* str, struct edns_data* edns, - struct worker* worker) -{ - chaos_replystr(pkt, (char**)&str, 1, edns, worker); -} - -/** - * Create CH class trustanchor answer. - * @param pkt: buffer - * @param edns: edns reply information. - * @param w: worker with scratch region. - */ -static void -chaos_trustanchor(sldns_buffer* pkt, struct edns_data* edns, struct worker* w) -{ -#define TA_RESPONSE_MAX_TXT 16 /* max number of TXT records */ -#define TA_RESPONSE_MAX_TAGS 32 /* max number of tags printed per zone */ - char* str_array[TA_RESPONSE_MAX_TXT]; - uint16_t tags[TA_RESPONSE_MAX_TAGS]; - int num = 0; - struct trust_anchor* ta; - - if(!w->env.need_to_validate) { - /* no validator module, reply no trustanchors */ - chaos_replystr(pkt, NULL, 0, edns, w); - return; - } - - /* fill the string with contents */ - lock_basic_lock(&w->env.anchors->lock); - RBTREE_FOR(ta, struct trust_anchor*, w->env.anchors->tree) { - char* str; - size_t i, numtag, str_len = 255; - if(num == TA_RESPONSE_MAX_TXT) continue; - str = (char*)regional_alloc(w->scratchpad, str_len); - if(!str) continue; - lock_basic_lock(&ta->lock); - numtag = anchor_list_keytags(ta, tags, TA_RESPONSE_MAX_TAGS); - if(numtag == 0) { - /* empty, insecure point */ - lock_basic_unlock(&ta->lock); - continue; - } - str_array[num] = str; - num++; - - /* spool name of anchor */ - (void)sldns_wire2str_dname_buf(ta->name, ta->namelen, str, str_len); - str_len -= strlen(str); str += strlen(str); - /* spool tags */ - for(i=0; ilock); - } - lock_basic_unlock(&w->env.anchors->lock); - - chaos_replystr(pkt, str_array, num, edns, w); - regional_free_all(w->scratchpad); -} - -/** - * Answer CH class queries. - * @param w: worker - * @param qinfo: query info. Pointer into packet buffer. - * @param edns: edns info from query. - * @param pkt: packet buffer. - * @return: true if a reply is to be sent. - */ -static int -answer_chaos(struct worker* w, struct query_info* qinfo, - struct edns_data* edns, sldns_buffer* pkt) -{ - struct config_file* cfg = w->env.cfg; - if(qinfo->qtype != LDNS_RR_TYPE_ANY && qinfo->qtype != LDNS_RR_TYPE_TXT) - return 0; - if(query_dname_compare(qinfo->qname, - (uint8_t*)"\002id\006server") == 0 || - query_dname_compare(qinfo->qname, - (uint8_t*)"\010hostname\004bind") == 0) - { - if(cfg->hide_identity) - return 0; - if(cfg->identity==NULL || cfg->identity[0]==0) { - char buf[MAXHOSTNAMELEN+1]; - if (gethostname(buf, MAXHOSTNAMELEN) == 0) { - buf[MAXHOSTNAMELEN] = 0; - chaos_replyonestr(pkt, buf, edns, w); - } else { - log_err("gethostname: %s", strerror(errno)); - chaos_replyonestr(pkt, "no hostname", edns, w); - } - } - else chaos_replyonestr(pkt, cfg->identity, edns, w); - return 1; - } - if(query_dname_compare(qinfo->qname, - (uint8_t*)"\007version\006server") == 0 || - query_dname_compare(qinfo->qname, - (uint8_t*)"\007version\004bind") == 0) - { - if(cfg->hide_version) - return 0; - if(cfg->version==NULL || cfg->version[0]==0) - chaos_replyonestr(pkt, PACKAGE_STRING, edns, w); - else chaos_replyonestr(pkt, cfg->version, edns, w); - return 1; - } - if(query_dname_compare(qinfo->qname, - (uint8_t*)"\013trustanchor\007unbound") == 0) - { - if(cfg->hide_trustanchor) - return 0; - chaos_trustanchor(pkt, edns, w); - return 1; - } - - return 0; -} - -static int -deny_refuse(struct comm_point* c, enum acl_access acl, - enum acl_access deny, enum acl_access refuse, - struct worker* worker, struct comm_reply* repinfo) -{ - if(acl == deny) { - comm_point_drop_reply(repinfo); - if(worker->stats.extended) - worker->stats.unwanted_queries++; - return 0; - } else if(acl == refuse) { - log_addr(VERB_ALGO, "refused query from", - &repinfo->addr, repinfo->addrlen); - log_buf(VERB_ALGO, "refuse", c->buffer); - if(worker->stats.extended) - worker->stats.unwanted_queries++; - if(worker_check_request(c->buffer, worker) == -1) { - comm_point_drop_reply(repinfo); - return 0; /* discard this */ - } - sldns_buffer_set_limit(c->buffer, LDNS_HEADER_SIZE); - sldns_buffer_write_at(c->buffer, 4, - (uint8_t*)"\0\0\0\0\0\0\0\0", 8); - LDNS_QR_SET(sldns_buffer_begin(c->buffer)); - LDNS_RCODE_SET(sldns_buffer_begin(c->buffer), - LDNS_RCODE_REFUSED); - sldns_buffer_set_position(c->buffer, LDNS_HEADER_SIZE); - sldns_buffer_flip(c->buffer); - return 1; - } - - return -1; -} - -static int -deny_refuse_all(struct comm_point* c, enum acl_access acl, - struct worker* worker, struct comm_reply* repinfo) -{ - return deny_refuse(c, acl, acl_deny, acl_refuse, worker, repinfo); -} - -static int -deny_refuse_non_local(struct comm_point* c, enum acl_access acl, - struct worker* worker, struct comm_reply* repinfo) -{ - return deny_refuse(c, acl, acl_deny_non_local, acl_refuse_non_local, worker, repinfo); -} - -int -worker_handle_request(struct comm_point* c, void* arg, int error, - struct comm_reply* repinfo) -{ - struct worker* worker = (struct worker*)arg; - int ret; - hashvalue_type h; - struct lruhash_entry* e; - struct query_info qinfo; - struct edns_data edns; - enum acl_access acl; - struct acl_addr* acladdr; - int rc = 0; - int need_drop = 0; - /* We might have to chase a CNAME chain internally, in which case - * we'll have up to two replies and combine them to build a complete - * answer. These variables control this case. */ - struct ub_packed_rrset_key* alias_rrset = NULL; - struct reply_info* partial_rep = NULL; - struct query_info* lookup_qinfo = &qinfo; - struct query_info qinfo_tmp; /* placeholdoer for lookup_qinfo */ - struct respip_client_info* cinfo = NULL, cinfo_tmp; - - if(error != NETEVENT_NOERROR) { - /* some bad tcp query DNS formats give these error calls */ - verbose(VERB_ALGO, "handle request called with err=%d", error); - return 0; - } -#ifdef USE_DNSCRYPT - repinfo->max_udp_size = worker->daemon->cfg->max_udp_size; - if(!dnsc_handle_curved_request(worker->daemon->dnscenv, repinfo)) { - worker->stats.num_query_dnscrypt_crypted_malformed++; - return 0; - } - if(c->dnscrypt && !repinfo->is_dnscrypted) { - char buf[LDNS_MAX_DOMAINLEN+1]; - // Check if this is unencrypted and asking for certs - if(worker_check_request(c->buffer, worker) != 0) { - verbose(VERB_ALGO, "dnscrypt: worker check request: bad query."); - log_addr(VERB_CLIENT,"from",&repinfo->addr, repinfo->addrlen); - comm_point_drop_reply(repinfo); - return 0; - } - if(!query_info_parse(&qinfo, c->buffer)) { - verbose(VERB_ALGO, "dnscrypt: worker parse request: formerror."); - log_addr(VERB_CLIENT,"from",&repinfo->addr, repinfo->addrlen); - comm_point_drop_reply(repinfo); - return 0; - } - dname_str(qinfo.qname, buf); - if(!(qinfo.qtype == LDNS_RR_TYPE_TXT && - strcasecmp(buf, worker->daemon->dnscenv->provider_name) == 0)) { - verbose(VERB_ALGO, - "dnscrypt: not TXT %s. Receive: %s %s", - worker->daemon->dnscenv->provider_name, - sldns_rr_descript(qinfo.qtype)->_name, - buf); - comm_point_drop_reply(repinfo); - worker->stats.num_query_dnscrypt_cleartext++; - return 0; - } - worker->stats.num_query_dnscrypt_cert++; - sldns_buffer_rewind(c->buffer); - } else if(c->dnscrypt && repinfo->is_dnscrypted) { - worker->stats.num_query_dnscrypt_crypted++; - } -#endif -#ifdef USE_DNSTAP - if(worker->dtenv.log_client_query_messages) - dt_msg_send_client_query(&worker->dtenv, &repinfo->addr, c->type, - c->buffer); -#endif - acladdr = acl_addr_lookup(worker->daemon->acl, &repinfo->addr, - repinfo->addrlen); - acl = acl_get_control(acladdr); - if((ret=deny_refuse_all(c, acl, worker, repinfo)) != -1) - { - if(ret == 1) - goto send_reply; - return ret; - } - if((ret=worker_check_request(c->buffer, worker)) != 0) { - verbose(VERB_ALGO, "worker check request: bad query."); - log_addr(VERB_CLIENT,"from",&repinfo->addr, repinfo->addrlen); - if(ret != -1) { - LDNS_QR_SET(sldns_buffer_begin(c->buffer)); - LDNS_RCODE_SET(sldns_buffer_begin(c->buffer), ret); - return 1; - } - comm_point_drop_reply(repinfo); - return 0; - } - - worker->stats.num_queries++; - - /* check if this query should be dropped based on source ip rate limiting */ - if(!infra_ip_ratelimit_inc(worker->env.infra_cache, repinfo, - *worker->env.now)) { - /* See if we are passed through with slip factor */ - if(worker->env.cfg->ip_ratelimit_factor != 0 && - ub_random_max(worker->env.rnd, - worker->env.cfg->ip_ratelimit_factor) == 1) { - - char addrbuf[128]; - addr_to_str(&repinfo->addr, repinfo->addrlen, - addrbuf, sizeof(addrbuf)); - verbose(VERB_OPS, "ip_ratelimit allowed through for ip address %s ", - addrbuf); - } else { - worker->stats.num_queries_ip_ratelimited++; - comm_point_drop_reply(repinfo); - return 0; - } - } - - /* see if query is in the cache */ - if(!query_info_parse(&qinfo, c->buffer)) { - verbose(VERB_ALGO, "worker parse request: formerror."); - log_addr(VERB_CLIENT,"from",&repinfo->addr, repinfo->addrlen); - if(worker_err_ratelimit(worker, LDNS_RCODE_FORMERR) == -1) { - comm_point_drop_reply(repinfo); - return 0; - } - sldns_buffer_rewind(c->buffer); - LDNS_QR_SET(sldns_buffer_begin(c->buffer)); - LDNS_RCODE_SET(sldns_buffer_begin(c->buffer), - LDNS_RCODE_FORMERR); - server_stats_insrcode(&worker->stats, c->buffer); - goto send_reply; - } - if(worker->env.cfg->log_queries) { - char ip[128]; - addr_to_str(&repinfo->addr, repinfo->addrlen, ip, sizeof(ip)); - log_nametypeclass(0, ip, qinfo.qname, qinfo.qtype, qinfo.qclass); - } - if(qinfo.qtype == LDNS_RR_TYPE_AXFR || - qinfo.qtype == LDNS_RR_TYPE_IXFR) { - verbose(VERB_ALGO, "worker request: refused zone transfer."); - log_addr(VERB_CLIENT,"from",&repinfo->addr, repinfo->addrlen); - sldns_buffer_rewind(c->buffer); - LDNS_QR_SET(sldns_buffer_begin(c->buffer)); - LDNS_RCODE_SET(sldns_buffer_begin(c->buffer), - LDNS_RCODE_REFUSED); - if(worker->stats.extended) { - worker->stats.qtype[qinfo.qtype]++; - server_stats_insrcode(&worker->stats, c->buffer); - } - goto send_reply; - } - if(qinfo.qtype == LDNS_RR_TYPE_OPT || - qinfo.qtype == LDNS_RR_TYPE_TSIG || - qinfo.qtype == LDNS_RR_TYPE_TKEY || - qinfo.qtype == LDNS_RR_TYPE_MAILA || - qinfo.qtype == LDNS_RR_TYPE_MAILB || - (qinfo.qtype >= 128 && qinfo.qtype <= 248)) { - verbose(VERB_ALGO, "worker request: formerror for meta-type."); - log_addr(VERB_CLIENT,"from",&repinfo->addr, repinfo->addrlen); - if(worker_err_ratelimit(worker, LDNS_RCODE_FORMERR) == -1) { - comm_point_drop_reply(repinfo); - return 0; - } - sldns_buffer_rewind(c->buffer); - LDNS_QR_SET(sldns_buffer_begin(c->buffer)); - LDNS_RCODE_SET(sldns_buffer_begin(c->buffer), - LDNS_RCODE_FORMERR); - if(worker->stats.extended) { - worker->stats.qtype[qinfo.qtype]++; - server_stats_insrcode(&worker->stats, c->buffer); - } - goto send_reply; - } - if((ret=parse_edns_from_pkt(c->buffer, &edns, worker->scratchpad)) != 0) { - struct edns_data reply_edns; - verbose(VERB_ALGO, "worker parse edns: formerror."); - log_addr(VERB_CLIENT,"from",&repinfo->addr, repinfo->addrlen); - memset(&reply_edns, 0, sizeof(reply_edns)); - reply_edns.edns_present = 1; - reply_edns.udp_size = EDNS_ADVERTISED_SIZE; - LDNS_RCODE_SET(sldns_buffer_begin(c->buffer), ret); - error_encode(c->buffer, ret, &qinfo, - *(uint16_t*)(void *)sldns_buffer_begin(c->buffer), - sldns_buffer_read_u16_at(c->buffer, 2), &reply_edns); - regional_free_all(worker->scratchpad); - server_stats_insrcode(&worker->stats, c->buffer); - goto send_reply; - } - if(edns.edns_present && edns.edns_version != 0) { - edns.ext_rcode = (uint8_t)(EDNS_RCODE_BADVERS>>4); - edns.edns_version = EDNS_ADVERTISED_VERSION; - edns.udp_size = EDNS_ADVERTISED_SIZE; - edns.bits &= EDNS_DO; - edns.opt_list = NULL; - verbose(VERB_ALGO, "query with bad edns version."); - log_addr(VERB_CLIENT,"from",&repinfo->addr, repinfo->addrlen); - error_encode(c->buffer, EDNS_RCODE_BADVERS&0xf, &qinfo, - *(uint16_t*)(void *)sldns_buffer_begin(c->buffer), - sldns_buffer_read_u16_at(c->buffer, 2), NULL); - attach_edns_record(c->buffer, &edns); - regional_free_all(worker->scratchpad); - goto send_reply; - } - if(edns.edns_present && edns.udp_size < NORMAL_UDP_SIZE && - worker->daemon->cfg->harden_short_bufsize) { - verbose(VERB_QUERY, "worker request: EDNS bufsize %d ignored", - (int)edns.udp_size); - log_addr(VERB_CLIENT,"from",&repinfo->addr, repinfo->addrlen); - edns.udp_size = NORMAL_UDP_SIZE; - } - if(edns.udp_size > worker->daemon->cfg->max_udp_size && - c->type == comm_udp) { - verbose(VERB_QUERY, - "worker request: max UDP reply size modified" - " (%d to max-udp-size)", (int)edns.udp_size); - log_addr(VERB_CLIENT,"from",&repinfo->addr, repinfo->addrlen); - edns.udp_size = worker->daemon->cfg->max_udp_size; - } - if(edns.udp_size < LDNS_HEADER_SIZE) { - verbose(VERB_ALGO, "worker request: edns is too small."); - log_addr(VERB_CLIENT, "from", &repinfo->addr, repinfo->addrlen); - LDNS_QR_SET(sldns_buffer_begin(c->buffer)); - LDNS_TC_SET(sldns_buffer_begin(c->buffer)); - LDNS_RCODE_SET(sldns_buffer_begin(c->buffer), - LDNS_RCODE_SERVFAIL); - sldns_buffer_set_position(c->buffer, LDNS_HEADER_SIZE); - sldns_buffer_write_at(c->buffer, 4, - (uint8_t*)"\0\0\0\0\0\0\0\0", 8); - sldns_buffer_flip(c->buffer); - regional_free_all(worker->scratchpad); - goto send_reply; - } - if(worker->stats.extended) - server_stats_insquery(&worker->stats, c, qinfo.qtype, - qinfo.qclass, &edns, repinfo); - if(c->type != comm_udp) - edns.udp_size = 65535; /* max size for TCP replies */ - if(qinfo.qclass == LDNS_RR_CLASS_CH && answer_chaos(worker, &qinfo, - &edns, c->buffer)) { - server_stats_insrcode(&worker->stats, c->buffer); - regional_free_all(worker->scratchpad); - goto send_reply; - } - if(local_zones_answer(worker->daemon->local_zones, &worker->env, &qinfo, - &edns, c->buffer, worker->scratchpad, repinfo, acladdr->taglist, - acladdr->taglen, acladdr->tag_actions, - acladdr->tag_actions_size, acladdr->tag_datas, - acladdr->tag_datas_size, worker->daemon->cfg->tagname, - worker->daemon->cfg->num_tags, acladdr->view)) { - regional_free_all(worker->scratchpad); - if(sldns_buffer_limit(c->buffer) == 0) { - comm_point_drop_reply(repinfo); - return 0; - } - server_stats_insrcode(&worker->stats, c->buffer); - goto send_reply; - } - - /* We've looked in our local zones. If the answer isn't there, we - * might need to bail out based on ACLs now. */ - if((ret=deny_refuse_non_local(c, acl, worker, repinfo)) != -1) - { - regional_free_all(worker->scratchpad); - if(ret == 1) - goto send_reply; - return ret; - } - - /* If this request does not have the recursion bit set, verify - * ACLs allow the snooping. */ - if(!(LDNS_RD_WIRE(sldns_buffer_begin(c->buffer))) && - acl != acl_allow_snoop ) { - sldns_buffer_set_limit(c->buffer, LDNS_HEADER_SIZE); - sldns_buffer_write_at(c->buffer, 4, - (uint8_t*)"\0\0\0\0\0\0\0\0", 8); - LDNS_QR_SET(sldns_buffer_begin(c->buffer)); - LDNS_RCODE_SET(sldns_buffer_begin(c->buffer), - LDNS_RCODE_REFUSED); - sldns_buffer_flip(c->buffer); - regional_free_all(worker->scratchpad); - server_stats_insrcode(&worker->stats, c->buffer); - log_addr(VERB_ALGO, "refused nonrec (cache snoop) query from", - &repinfo->addr, repinfo->addrlen); - goto send_reply; - } - - /* If we've found a local alias, replace the qname with the alias - * target before resolving it. */ - if(qinfo.local_alias) { - struct ub_packed_rrset_key* rrset = qinfo.local_alias->rrset; - struct packed_rrset_data* d = rrset->entry.data; - - /* Sanity check: our current implementation only supports - * a single CNAME RRset as a local alias. */ - if(qinfo.local_alias->next || - rrset->rk.type != htons(LDNS_RR_TYPE_CNAME) || - d->count != 1) { - log_err("assumption failure: unexpected local alias"); - regional_free_all(worker->scratchpad); - return 0; /* drop it */ - } - qinfo.qname = d->rr_data[0] + 2; - qinfo.qname_len = d->rr_len[0] - 2; - } - - /* If we may apply IP-based actions to the answer, build the client - * information. As this can be expensive, skip it if there is - * absolutely no possibility of it. */ - if(worker->daemon->use_response_ip && - (qinfo.qtype == LDNS_RR_TYPE_A || - qinfo.qtype == LDNS_RR_TYPE_AAAA || - qinfo.qtype == LDNS_RR_TYPE_ANY)) { - cinfo_tmp.taglist = acladdr->taglist; - cinfo_tmp.taglen = acladdr->taglen; - cinfo_tmp.tag_actions = acladdr->tag_actions; - cinfo_tmp.tag_actions_size = acladdr->tag_actions_size; - cinfo_tmp.tag_datas = acladdr->tag_datas; - cinfo_tmp.tag_datas_size = acladdr->tag_datas_size; - cinfo_tmp.view = acladdr->view; - cinfo_tmp.respip_set = worker->daemon->respip_set; - cinfo = &cinfo_tmp; - } - -lookup_cache: - /* Lookup the cache. In case we chase an intermediate CNAME chain - * this is a two-pass operation, and lookup_qinfo is different for - * each pass. We should still pass the original qinfo to - * answer_from_cache(), however, since it's used to build the reply. */ - if(!edns_bypass_cache_stage(edns.opt_list, &worker->env)) { - h = query_info_hash(lookup_qinfo, sldns_buffer_read_u16_at(c->buffer, 2)); - if((e=slabhash_lookup(worker->env.msg_cache, h, lookup_qinfo, 0))) { - /* answer from cache - we have acquired a readlock on it */ - if(answer_from_cache(worker, &qinfo, - cinfo, &need_drop, &alias_rrset, &partial_rep, - (struct reply_info*)e->data, - *(uint16_t*)(void *)sldns_buffer_begin(c->buffer), - sldns_buffer_read_u16_at(c->buffer, 2), repinfo, - &edns)) { - /* prefetch it if the prefetch TTL expired. - * Note that if there is more than one pass - * its qname must be that used for cache - * lookup. */ - if((worker->env.cfg->prefetch || worker->env.cfg->serve_expired) - && *worker->env.now >= - ((struct reply_info*)e->data)->prefetch_ttl) { - time_t leeway = ((struct reply_info*)e-> - data)->ttl - *worker->env.now; - if(((struct reply_info*)e->data)->ttl - < *worker->env.now) - leeway = 0; - lock_rw_unlock(&e->lock); - reply_and_prefetch(worker, lookup_qinfo, - sldns_buffer_read_u16_at(c->buffer, 2), - repinfo, leeway); - if(!partial_rep) { - rc = 0; - regional_free_all(worker->scratchpad); - goto send_reply_rc; - } - } else if(!partial_rep) { - lock_rw_unlock(&e->lock); - regional_free_all(worker->scratchpad); - goto send_reply; - } - /* We've found a partial reply ending with an - * alias. Replace the lookup qinfo for the - * alias target and lookup the cache again to - * (possibly) complete the reply. As we're - * passing the "base" reply, there will be no - * more alias chasing. */ - lock_rw_unlock(&e->lock); - memset(&qinfo_tmp, 0, sizeof(qinfo_tmp)); - get_cname_target(alias_rrset, &qinfo_tmp.qname, - &qinfo_tmp.qname_len); - if(!qinfo_tmp.qname) { - log_err("unexpected: invalid answer alias"); - regional_free_all(worker->scratchpad); - return 0; /* drop query */ - } - qinfo_tmp.qtype = qinfo.qtype; - qinfo_tmp.qclass = qinfo.qclass; - lookup_qinfo = &qinfo_tmp; - goto lookup_cache; - } - verbose(VERB_ALGO, "answer from the cache failed"); - lock_rw_unlock(&e->lock); - } - if(!LDNS_RD_WIRE(sldns_buffer_begin(c->buffer))) { - if(answer_norec_from_cache(worker, &qinfo, - *(uint16_t*)(void *)sldns_buffer_begin(c->buffer), - sldns_buffer_read_u16_at(c->buffer, 2), repinfo, - &edns)) { - regional_free_all(worker->scratchpad); - goto send_reply; - } - verbose(VERB_ALGO, "answer norec from cache -- " - "need to validate or not primed"); - } - } - sldns_buffer_rewind(c->buffer); - server_stats_querymiss(&worker->stats, worker); - - if(verbosity >= VERB_CLIENT) { - if(c->type == comm_udp) - log_addr(VERB_CLIENT, "udp request from", - &repinfo->addr, repinfo->addrlen); - else log_addr(VERB_CLIENT, "tcp request from", - &repinfo->addr, repinfo->addrlen); - } - - /* grab a work request structure for this new request */ - mesh_new_client(worker->env.mesh, &qinfo, cinfo, - sldns_buffer_read_u16_at(c->buffer, 2), - &edns, repinfo, *(uint16_t*)(void *)sldns_buffer_begin(c->buffer)); - regional_free_all(worker->scratchpad); - worker_mem_report(worker, NULL); - return 0; - -send_reply: - rc = 1; -send_reply_rc: - if(need_drop) { - comm_point_drop_reply(repinfo); - return 0; - } -#ifdef USE_DNSTAP - if(worker->dtenv.log_client_response_messages) - dt_msg_send_client_response(&worker->dtenv, &repinfo->addr, - c->type, c->buffer); -#endif - if(worker->env.cfg->log_replies) - { - struct timeval tv = {0, 0}; - log_reply_info(0, &qinfo, &repinfo->addr, repinfo->addrlen, - tv, 1, c->buffer); - } -#ifdef USE_DNSCRYPT - if(!dnsc_handle_uncurved_request(repinfo)) { - return 0; - } -#endif - return rc; -} - -void -worker_sighandler(int sig, void* arg) -{ - /* note that log, print, syscalls here give race conditions. - * And cause hangups if the log-lock is held by the application. */ - struct worker* worker = (struct worker*)arg; - switch(sig) { -#ifdef SIGHUP - case SIGHUP: - comm_base_exit(worker->base); - break; -#endif - case SIGINT: - worker->need_to_exit = 1; - comm_base_exit(worker->base); - break; -#ifdef SIGQUIT - case SIGQUIT: - worker->need_to_exit = 1; - comm_base_exit(worker->base); - break; -#endif - case SIGTERM: - worker->need_to_exit = 1; - comm_base_exit(worker->base); - break; - default: - /* unknown signal, ignored */ - break; - } -} - -/** restart statistics timer for worker, if enabled */ -static void -worker_restart_timer(struct worker* worker) -{ - if(worker->env.cfg->stat_interval > 0) { - struct timeval tv; -#ifndef S_SPLINT_S - tv.tv_sec = worker->env.cfg->stat_interval; - tv.tv_usec = 0; -#endif - comm_timer_set(worker->stat_timer, &tv); - } -} - -void worker_stat_timer_cb(void* arg) -{ - struct worker* worker = (struct worker*)arg; - server_stats_log(&worker->stats, worker, worker->thread_num); - mesh_stats(worker->env.mesh, "mesh has"); - worker_mem_report(worker, NULL); - /* SHM is enabled, process data to SHM */ - if (worker->daemon->cfg->shm_enable) { - shm_main_run(worker); - } - if(!worker->daemon->cfg->stat_cumulative) { - worker_stats_clear(worker); - } - /* start next timer */ - worker_restart_timer(worker); -} - -void worker_probe_timer_cb(void* arg) -{ - struct worker* worker = (struct worker*)arg; - struct timeval tv; -#ifndef S_SPLINT_S - tv.tv_sec = (time_t)autr_probe_timer(&worker->env); - tv.tv_usec = 0; -#endif - if(tv.tv_sec != 0) - comm_timer_set(worker->env.probe_timer, &tv); -} - -struct worker* -worker_create(struct daemon* daemon, int id, int* ports, int n) -{ - unsigned int seed; - struct worker* worker = (struct worker*)calloc(1, - sizeof(struct worker)); - if(!worker) - return NULL; - worker->numports = n; - worker->ports = (int*)memdup(ports, sizeof(int)*n); - if(!worker->ports) { - free(worker); - return NULL; - } - worker->daemon = daemon; - worker->thread_num = id; - if(!(worker->cmd = tube_create())) { - free(worker->ports); - free(worker); - return NULL; - } - /* create random state here to avoid locking trouble in RAND_bytes */ - seed = (unsigned int)time(NULL) ^ (unsigned int)getpid() ^ - (((unsigned int)worker->thread_num)<<17); - /* shift thread_num so it does not match out pid bits */ - if(!(worker->rndstate = ub_initstate(seed, daemon->rand))) { - seed = 0; - log_err("could not init random numbers."); - tube_delete(worker->cmd); - free(worker->ports); - free(worker); - return NULL; - } - seed = 0; -#ifdef USE_DNSTAP - if(daemon->cfg->dnstap) { - log_assert(daemon->dtenv != NULL); - memcpy(&worker->dtenv, daemon->dtenv, sizeof(struct dt_env)); - if(!dt_init(&worker->dtenv)) - fatal_exit("dt_init failed"); - } -#endif - return worker; -} - -int -worker_init(struct worker* worker, struct config_file *cfg, - struct listen_port* ports, int do_sigs) -{ -#ifdef USE_DNSTAP - struct dt_env* dtenv = &worker->dtenv; -#else - void* dtenv = NULL; -#endif - worker->need_to_exit = 0; - worker->base = comm_base_create(do_sigs); - if(!worker->base) { - log_err("could not create event handling base"); - worker_delete(worker); - return 0; - } - comm_base_set_slow_accept_handlers(worker->base, &worker_stop_accept, - &worker_start_accept, worker); - if(do_sigs) { -#ifdef SIGHUP - ub_thread_sig_unblock(SIGHUP); -#endif - ub_thread_sig_unblock(SIGINT); -#ifdef SIGQUIT - ub_thread_sig_unblock(SIGQUIT); -#endif - ub_thread_sig_unblock(SIGTERM); -#ifndef LIBEVENT_SIGNAL_PROBLEM - worker->comsig = comm_signal_create(worker->base, - worker_sighandler, worker); - if(!worker->comsig -#ifdef SIGHUP - || !comm_signal_bind(worker->comsig, SIGHUP) -#endif -#ifdef SIGQUIT - || !comm_signal_bind(worker->comsig, SIGQUIT) -#endif - || !comm_signal_bind(worker->comsig, SIGTERM) - || !comm_signal_bind(worker->comsig, SIGINT)) { - log_err("could not create signal handlers"); - worker_delete(worker); - return 0; - } -#endif /* LIBEVENT_SIGNAL_PROBLEM */ - if(!daemon_remote_open_accept(worker->daemon->rc, - worker->daemon->rc_ports, worker)) { - worker_delete(worker); - return 0; - } -#ifdef UB_ON_WINDOWS - wsvc_setup_worker(worker); -#endif /* UB_ON_WINDOWS */ - } else { /* !do_sigs */ - worker->comsig = NULL; - } - worker->front = listen_create(worker->base, ports, - cfg->msg_buffer_size, (int)cfg->incoming_num_tcp, - worker->daemon->listen_sslctx, dtenv, worker_handle_request, - worker); - if(!worker->front) { - log_err("could not create listening sockets"); - worker_delete(worker); - return 0; - } - worker->back = outside_network_create(worker->base, - cfg->msg_buffer_size, (size_t)cfg->outgoing_num_ports, - cfg->out_ifs, cfg->num_out_ifs, cfg->do_ip4, cfg->do_ip6, - cfg->do_tcp?cfg->outgoing_num_tcp:0, - worker->daemon->env->infra_cache, worker->rndstate, - cfg->use_caps_bits_for_id, worker->ports, worker->numports, - cfg->unwanted_threshold, cfg->outgoing_tcp_mss, - &worker_alloc_cleanup, worker, - cfg->do_udp, worker->daemon->connect_sslctx, cfg->delay_close, - dtenv); - if(!worker->back) { - log_err("could not create outgoing sockets"); - worker_delete(worker); - return 0; - } - /* start listening to commands */ - if(!tube_setup_bg_listen(worker->cmd, worker->base, - &worker_handle_control_cmd, worker)) { - log_err("could not create control compt."); - worker_delete(worker); - return 0; - } - worker->stat_timer = comm_timer_create(worker->base, - worker_stat_timer_cb, worker); - if(!worker->stat_timer) { - log_err("could not create statistics timer"); - } - - /* we use the msg_buffer_size as a good estimate for what the - * user wants for memory usage sizes */ - worker->scratchpad = regional_create_custom(cfg->msg_buffer_size); - if(!worker->scratchpad) { - log_err("malloc failure"); - worker_delete(worker); - return 0; - } - - server_stats_init(&worker->stats, cfg); - alloc_init(&worker->alloc, &worker->daemon->superalloc, - worker->thread_num); - alloc_set_id_cleanup(&worker->alloc, &worker_alloc_cleanup, worker); - worker->env = *worker->daemon->env; - comm_base_timept(worker->base, &worker->env.now, &worker->env.now_tv); - if(worker->thread_num == 0) - log_set_time(worker->env.now); - worker->env.worker = worker; - worker->env.send_query = &worker_send_query; - worker->env.alloc = &worker->alloc; - worker->env.rnd = worker->rndstate; - worker->env.scratch = worker->scratchpad; - worker->env.mesh = mesh_create(&worker->daemon->mods, &worker->env); - worker->env.detach_subs = &mesh_detach_subs; - worker->env.attach_sub = &mesh_attach_sub; - worker->env.kill_sub = &mesh_state_delete; - worker->env.detect_cycle = &mesh_detect_cycle; - worker->env.scratch_buffer = sldns_buffer_new(cfg->msg_buffer_size); - if(!(worker->env.fwds = forwards_create()) || - !forwards_apply_cfg(worker->env.fwds, cfg)) { - log_err("Could not set forward zones"); - worker_delete(worker); - return 0; - } - if(!(worker->env.hints = hints_create()) || - !hints_apply_cfg(worker->env.hints, cfg)) { - log_err("Could not set root or stub hints"); - worker_delete(worker); - return 0; - } - /* one probe timer per process -- if we have 5011 anchors */ - if(autr_get_num_anchors(worker->env.anchors) > 0 -#ifndef THREADS_DISABLED - && worker->thread_num == 0 -#endif - ) { - struct timeval tv; - tv.tv_sec = 0; - tv.tv_usec = 0; - worker->env.probe_timer = comm_timer_create(worker->base, - worker_probe_timer_cb, worker); - if(!worker->env.probe_timer) { - log_err("could not create 5011-probe timer"); - } else { - /* let timer fire, then it can reset itself */ - comm_timer_set(worker->env.probe_timer, &tv); - } - } - if(!worker->env.mesh || !worker->env.scratch_buffer) { - worker_delete(worker); - return 0; - } - worker_mem_report(worker, NULL); - /* if statistics enabled start timer */ - if(worker->env.cfg->stat_interval > 0) { - verbose(VERB_ALGO, "set statistics interval %d secs", - worker->env.cfg->stat_interval); - worker_restart_timer(worker); - } - return 1; -} - -void -worker_work(struct worker* worker) -{ - comm_base_dispatch(worker->base); -} - -void -worker_delete(struct worker* worker) -{ - if(!worker) - return; - if(worker->env.mesh && verbosity >= VERB_OPS) { - server_stats_log(&worker->stats, worker, worker->thread_num); - mesh_stats(worker->env.mesh, "mesh has"); - worker_mem_report(worker, NULL); - } - outside_network_quit_prepare(worker->back); - mesh_delete(worker->env.mesh); - sldns_buffer_free(worker->env.scratch_buffer); - forwards_delete(worker->env.fwds); - hints_delete(worker->env.hints); - listen_delete(worker->front); - outside_network_delete(worker->back); - comm_signal_delete(worker->comsig); - tube_delete(worker->cmd); - comm_timer_delete(worker->stat_timer); - comm_timer_delete(worker->env.probe_timer); - free(worker->ports); - if(worker->thread_num == 0) { - log_set_time(NULL); -#ifdef UB_ON_WINDOWS - wsvc_desetup_worker(worker); -#endif /* UB_ON_WINDOWS */ - } - comm_base_delete(worker->base); - ub_randfree(worker->rndstate); - alloc_clear(&worker->alloc); - regional_destroy(worker->scratchpad); - free(worker); -} - -struct outbound_entry* -worker_send_query(struct query_info* qinfo, uint16_t flags, int dnssec, - int want_dnssec, int nocaps, struct sockaddr_storage* addr, - socklen_t addrlen, uint8_t* zone, size_t zonelen, int ssl_upstream, - struct module_qstate* q) -{ - struct worker* worker = q->env->worker; - struct outbound_entry* e = (struct outbound_entry*)regional_alloc( - q->region, sizeof(*e)); - if(!e) - return NULL; - e->qstate = q; - e->qsent = outnet_serviced_query(worker->back, qinfo, flags, dnssec, - want_dnssec, nocaps, q->env->cfg->tcp_upstream, - ssl_upstream, addr, addrlen, zone, zonelen, q, - worker_handle_service_reply, e, worker->back->udp_buff, q->env); - if(!e->qsent) { - return NULL; - } - return e; -} - -void -worker_alloc_cleanup(void* arg) -{ - struct worker* worker = (struct worker*)arg; - slabhash_clear(&worker->env.rrset_cache->table); - slabhash_clear(worker->env.msg_cache); -} - -void worker_stats_clear(struct worker* worker) -{ - server_stats_init(&worker->stats, worker->env.cfg); - mesh_stats_clear(worker->env.mesh); - worker->back->unwanted_replies = 0; - worker->back->num_tcp_outgoing = 0; -} - -void worker_start_accept(void* arg) -{ - struct worker* worker = (struct worker*)arg; - listen_start_accept(worker->front); - if(worker->thread_num == 0) - daemon_remote_start_accept(worker->daemon->rc); -} - -void worker_stop_accept(void* arg) -{ - struct worker* worker = (struct worker*)arg; - listen_stop_accept(worker->front); - if(worker->thread_num == 0) - daemon_remote_stop_accept(worker->daemon->rc); -} - -/* --- fake callbacks for fptr_wlist to work --- */ -struct outbound_entry* libworker_send_query( - struct query_info* ATTR_UNUSED(qinfo), - uint16_t ATTR_UNUSED(flags), int ATTR_UNUSED(dnssec), - int ATTR_UNUSED(want_dnssec), int ATTR_UNUSED(nocaps), - struct sockaddr_storage* ATTR_UNUSED(addr), socklen_t ATTR_UNUSED(addrlen), - uint8_t* ATTR_UNUSED(zone), size_t ATTR_UNUSED(zonelen), - int ATTR_UNUSED(ssl_upstream), struct module_qstate* ATTR_UNUSED(q)) -{ - log_assert(0); - return 0; -} - -int libworker_handle_reply(struct comm_point* ATTR_UNUSED(c), - void* ATTR_UNUSED(arg), int ATTR_UNUSED(error), - struct comm_reply* ATTR_UNUSED(reply_info)) -{ - log_assert(0); - return 0; -} - -int libworker_handle_service_reply(struct comm_point* ATTR_UNUSED(c), - void* ATTR_UNUSED(arg), int ATTR_UNUSED(error), - struct comm_reply* ATTR_UNUSED(reply_info)) -{ - log_assert(0); - return 0; -} - -void libworker_handle_control_cmd(struct tube* ATTR_UNUSED(tube), - uint8_t* ATTR_UNUSED(buffer), size_t ATTR_UNUSED(len), - int ATTR_UNUSED(error), void* ATTR_UNUSED(arg)) -{ - log_assert(0); -} - -void libworker_fg_done_cb(void* ATTR_UNUSED(arg), int ATTR_UNUSED(rcode), - sldns_buffer* ATTR_UNUSED(buf), enum sec_status ATTR_UNUSED(s), - char* ATTR_UNUSED(why_bogus)) -{ - log_assert(0); -} - -void libworker_bg_done_cb(void* ATTR_UNUSED(arg), int ATTR_UNUSED(rcode), - sldns_buffer* ATTR_UNUSED(buf), enum sec_status ATTR_UNUSED(s), - char* ATTR_UNUSED(why_bogus)) -{ - log_assert(0); -} - -void libworker_event_done_cb(void* ATTR_UNUSED(arg), int ATTR_UNUSED(rcode), - sldns_buffer* ATTR_UNUSED(buf), enum sec_status ATTR_UNUSED(s), - char* ATTR_UNUSED(why_bogus)) -{ - log_assert(0); -} - -int context_query_cmp(const void* ATTR_UNUSED(a), const void* ATTR_UNUSED(b)) -{ - log_assert(0); - return 0; -} - -int order_lock_cmp(const void* ATTR_UNUSED(e1), const void* ATTR_UNUSED(e2)) -{ - log_assert(0); - return 0; -} - -int codeline_cmp(const void* ATTR_UNUSED(a), const void* ATTR_UNUSED(b)) -{ - log_assert(0); - return 0; -} - diff --git a/external/unbound/daemon/worker.h b/external/unbound/daemon/worker.h deleted file mode 100644 index 0d7ce9521..000000000 --- a/external/unbound/daemon/worker.h +++ /dev/null @@ -1,178 +0,0 @@ -/* - * daemon/worker.h - worker that handles a pending list of requests. - * - * Copyright (c) 2007, NLnet Labs. All rights reserved. - * - * This software is open source. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * Redistributions of source code must retain the above copyright notice, - * this list of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, - * this list of conditions and the following disclaimer in the documentation - * and/or other materials provided with the distribution. - * - * Neither the name of the NLNET LABS nor the names of its contributors may - * be used to endorse or promote products derived from this software without - * specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR - * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT - * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED - * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR - * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF - * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING - * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -/** - * \file - * - * This file describes the worker structure that holds a list of - * pending requests and handles them. - */ - -#ifndef DAEMON_WORKER_H -#define DAEMON_WORKER_H - -#include "libunbound/worker.h" -#include "util/netevent.h" -#include "util/locks.h" -#include "util/alloc.h" -#include "util/data/msgreply.h" -#include "util/data/msgparse.h" -#include "daemon/stats.h" -#include "util/module.h" -#include "dnstap/dnstap.h" -struct listen_dnsport; -struct outside_network; -struct config_file; -struct daemon; -struct listen_port; -struct ub_randstate; -struct regional; -struct tube; -struct daemon_remote; -struct query_info; - -/** worker commands */ -enum worker_commands { - /** make the worker quit */ - worker_cmd_quit, - /** obtain statistics */ - worker_cmd_stats, - /** obtain statistics without statsclear */ - worker_cmd_stats_noreset, - /** execute remote control command */ - worker_cmd_remote -}; - -/** - * Structure holding working information for unbound. - * Holds globally visible information. - */ -struct worker { - /** the thread number (in daemon array). First in struct for debug. */ - int thread_num; - /** global shared daemon structure */ - struct daemon* daemon; - /** thread id */ - ub_thread_type thr_id; - /** pipe, for commands for this worker */ - struct tube* cmd; - /** the event base this worker works with */ - struct comm_base* base; - /** the frontside listening interface where request events come in */ - struct listen_dnsport* front; - /** the backside outside network interface to the auth servers */ - struct outside_network* back; - /** ports to be used by this worker. */ - int* ports; - /** number of ports for this worker */ - int numports; - /** the signal handler */ - struct comm_signal* comsig; - /** commpoint to listen to commands. */ - struct comm_point* cmd_com; - /** timer for statistics */ - struct comm_timer* stat_timer; - /** ratelimit for errors, time value */ - time_t err_limit_time; - /** ratelimit for errors, packet count */ - unsigned int err_limit_count; - - /** random() table for this worker. */ - struct ub_randstate* rndstate; - /** do we need to restart or quit (on signal) */ - int need_to_exit; - /** allocation cache for this thread */ - struct alloc_cache alloc; - /** per thread statistics */ - struct server_stats stats; - /** thread scratch regional */ - struct regional* scratchpad; - - /** module environment passed to modules, changed for this thread */ - struct module_env env; - -#ifdef USE_DNSTAP - /** dnstap environment, changed for this thread */ - struct dt_env dtenv; -#endif -}; - -/** - * Create the worker structure. Bare bones version, zeroed struct, - * with backpointers only. Use worker_init on it later. - * @param daemon: the daemon that this worker thread is part of. - * @param id: the thread number from 0.. numthreads-1. - * @param ports: the ports it is allowed to use, array. - * @param n: the number of ports. - * @return: the new worker or NULL on alloc failure. - */ -struct worker* worker_create(struct daemon* daemon, int id, int* ports, int n); - -/** - * Initialize worker. - * Allocates event base, listens to ports - * @param worker: worker to initialize, created with worker_create. - * @param cfg: configuration settings. - * @param ports: list of shared query ports. - * @param do_sigs: if true, worker installs signal handlers. - * @return: false on error. - */ -int worker_init(struct worker* worker, struct config_file *cfg, - struct listen_port* ports, int do_sigs); - -/** - * Make worker work. - */ -void worker_work(struct worker* worker); - -/** - * Delete worker. - */ -void worker_delete(struct worker* worker); - -/** - * Send a command to a worker. Uses blocking writes. - * @param worker: worker to send command to. - * @param cmd: command to send. - */ -void worker_send_cmd(struct worker* worker, enum worker_commands cmd); - -/** - * Init worker stats - includes server_stats_init, outside network and mesh. - * @param worker: the worker to init - */ -void worker_stats_clear(struct worker* worker); - -#endif /* DAEMON_WORKER_H */ diff --git a/external/unbound/dns64/dns64.c b/external/unbound/dns64/dns64.c deleted file mode 100644 index b3e3ab852..000000000 --- a/external/unbound/dns64/dns64.c +++ /dev/null @@ -1,854 +0,0 @@ -/* - * dns64/dns64.c - DNS64 module - * - * Copyright (c) 2009, Viagénie. All rights reserved. - * - * This software is open source. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * Redistributions of source code must retain the above copyright notice, - * this list of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, - * this list of conditions and the following disclaimer in the documentation - * and/or other materials provided with the distribution. - * - * Neither the name of Viagénie nor the names of its contributors may - * be used to endorse or promote products derived from this software without - * specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED - * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE - * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR - * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - * POSSIBILITY OF SUCH DAMAGE. - */ - -/** - * \file - * - * This file contains a module that performs DNS64 query processing. - */ - -#include "config.h" -#include "dns64/dns64.h" -#include "services/cache/dns.h" -#include "services/cache/rrset.h" -#include "util/config_file.h" -#include "util/data/msgreply.h" -#include "util/fptr_wlist.h" -#include "util/net_help.h" -#include "util/regional.h" - -/****************************************************************************** - * * - * STATIC CONSTANTS * - * * - ******************************************************************************/ - -/** - * This is the default DNS64 prefix that is used whent he dns64 module is listed - * in module-config but when the dns64-prefix variable is not present. - */ -static const char DEFAULT_DNS64_PREFIX[] = "64:ff9b::/96"; - -/** - * Maximum length of a domain name in a PTR query in the .in-addr.arpa tree. - */ -#define MAX_PTR_QNAME_IPV4 30 - -/** - * Per-query module-specific state. This is usually a dynamically-allocated - * structure, but in our case we only need to store one variable describing the - * state the query is in. So we repurpose the minfo pointer by storing an - * integer in there. - */ -enum dns64_qstate { - DNS64_INTERNAL_QUERY, /**< Internally-generated query, no DNS64 - processing. */ - DNS64_NEW_QUERY, /**< Query for which we're the first module in - line. */ - DNS64_SUBQUERY_FINISHED /**< Query for which we generated a sub-query, and - for which this sub-query is finished. */ -}; - - -/****************************************************************************** - * * - * STRUCTURES * - * * - ******************************************************************************/ - -/** - * This structure contains module configuration information. One instance of - * this structure exists per instance of the module. Normally there is only one - * instance of the module. - */ -struct dns64_env { - /** - * DNS64 prefix address. We're using a full sockaddr instead of just an - * in6_addr because we can reuse Unbound's generic string parsing functions. - * It will always contain a sockaddr_in6, and only the sin6_addr member will - * ever be used. - */ - struct sockaddr_storage prefix_addr; - - /** - * This is always sizeof(sockaddr_in6). - */ - socklen_t prefix_addrlen; - - /** - * This is the CIDR length of the prefix. It needs to be between 0 and 96. - */ - int prefix_net; -}; - - -/****************************************************************************** - * * - * UTILITY FUNCTIONS * - * * - ******************************************************************************/ - -/** - * Generic macro for swapping two variables. - * - * \param t Type of the variables. (e.g. int) - * \param a First variable. - * \param b Second variable. - * - * \warning Do not attempt something foolish such as swap(int,a++,b++)! - */ -#define swap(t,a,b) do {t x = a; a = b; b = x;} while(0) - -/** - * Reverses a string. - * - * \param begin Points to the first character of the string. - * \param end Points one past the last character of the string. - */ -static void -reverse(char* begin, char* end) -{ - while ( begin < --end ) { - swap(char, *begin, *end); - ++begin; - } -} - -/** - * Convert an unsigned integer to a string. The point of this function is that - * of being faster than sprintf(). - * - * \param n The number to be converted. - * \param s The result will be written here. Must be large enough, be careful! - * - * \return The number of characters written. - */ -static int -uitoa(unsigned n, char* s) -{ - char* ss = s; - do { - *ss++ = '0' + n % 10; - } while (n /= 10); - reverse(s, ss); - return ss - s; -} - -/** - * Extract an IPv4 address embedded in the IPv6 address \a ipv6 at offset \a - * offset (in bits). Note that bits are not necessarily aligned on bytes so we - * need to be careful. - * - * \param ipv6 IPv6 address represented as a 128-bit array in big-endian - * order. - * \param offset Index of the MSB of the IPv4 address embedded in the IPv6 - * address. - */ -static uint32_t -extract_ipv4(const uint8_t ipv6[16], const int offset) -{ - uint32_t ipv4 = (uint32_t)ipv6[offset/8+0] << (24 + (offset%8)) - | (uint32_t)ipv6[offset/8+1] << (16 + (offset%8)) - | (uint32_t)ipv6[offset/8+2] << ( 8 + (offset%8)) - | (uint32_t)ipv6[offset/8+3] << ( 0 + (offset%8)); - if (offset/8+4 < 16) - ipv4 |= (uint32_t)ipv6[offset/8+4] >> (8 - offset%8); - return ipv4; -} - -/** - * Builds the PTR query name corresponding to an IPv4 address. For example, - * given the number 3,464,175,361, this will build the string - * "\03206\03123\0231\011\07in-addr\04arpa". - * - * \param ipv4 IPv4 address represented as an unsigned 32-bit number. - * \param ptr The result will be written here. Must be large enough, be - * careful! - * - * \return The number of characters written. - */ -static size_t -ipv4_to_ptr(uint32_t ipv4, char ptr[MAX_PTR_QNAME_IPV4]) -{ - static const char IPV4_PTR_SUFFIX[] = "\07in-addr\04arpa"; - int i; - char* c = ptr; - - for (i = 0; i < 4; ++i) { - *c = uitoa((unsigned int)(ipv4 % 256), c + 1); - c += *c + 1; - ipv4 /= 256; - } - - memmove(c, IPV4_PTR_SUFFIX, sizeof(IPV4_PTR_SUFFIX)); - - return c + sizeof(IPV4_PTR_SUFFIX) - ptr; -} - -/** - * Converts an IPv6-related domain name string from a PTR query into an IPv6 - * address represented as a 128-bit array. - * - * \param ptr The domain name. (e.g. "\011[...]\010\012\016\012\03ip6\04arpa") - * \param ipv6 The result will be written here, in network byte order. - * - * \return 1 on success, 0 on failure. - */ -static int -ptr_to_ipv6(const char* ptr, uint8_t ipv6[16]) -{ - int i; - - for (i = 0; i < 64; i++) { - int x; - - if (ptr[i++] != 1) - return 0; - - if (ptr[i] >= '0' && ptr[i] <= '9') { - x = ptr[i] - '0'; - } else if (ptr[i] >= 'a' && ptr[i] <= 'f') { - x = ptr[i] - 'a' + 10; - } else if (ptr[i] >= 'A' && ptr[i] <= 'F') { - x = ptr[i] - 'A' + 10; - } else { - return 0; - } - - ipv6[15-i/4] |= x << (2 * ((i-1) % 4)); - } - - return 1; -} - -/** - * Synthesize an IPv6 address based on an IPv4 address and the DNS64 prefix. - * - * \param prefix_addr DNS64 prefix address. - * \param prefix_net CIDR length of the DNS64 prefix. Must be between 0 and 96. - * \param a IPv4 address. - * \param aaaa IPv6 address. The result will be written here. - */ -static void -synthesize_aaaa(const uint8_t prefix_addr[16], int prefix_net, - const uint8_t a[4], uint8_t aaaa[16]) -{ - memcpy(aaaa, prefix_addr, 16); - aaaa[prefix_net/8+0] |= a[0] >> (0+prefix_net%8); - aaaa[prefix_net/8+1] |= a[0] << (8-prefix_net%8); - aaaa[prefix_net/8+1] |= a[1] >> (0+prefix_net%8); - aaaa[prefix_net/8+2] |= a[1] << (8-prefix_net%8); - aaaa[prefix_net/8+2] |= a[2] >> (0+prefix_net%8); - aaaa[prefix_net/8+3] |= a[2] << (8-prefix_net%8); - aaaa[prefix_net/8+3] |= a[3] >> (0+prefix_net%8); - if (prefix_net/8+4 < 16) /* <-- my beautiful symmetry is destroyed! */ - aaaa[prefix_net/8+4] |= a[3] << (8-prefix_net%8); -} - - -/****************************************************************************** - * * - * DNS64 MODULE FUNCTIONS * - * * - ******************************************************************************/ - -/** - * This function applies the configuration found in the parsed configuration - * file \a cfg to this instance of the dns64 module. Currently only the DNS64 - * prefix (a.k.a. Pref64) is configurable. - * - * \param dns64_env Module-specific global parameters. - * \param cfg Parsed configuration file. - */ -static int -dns64_apply_cfg(struct dns64_env* dns64_env, struct config_file* cfg) -{ - verbose(VERB_ALGO, "dns64-prefix: %s", cfg->dns64_prefix); - if (!netblockstrtoaddr(cfg->dns64_prefix ? cfg->dns64_prefix : - DEFAULT_DNS64_PREFIX, 0, &dns64_env->prefix_addr, - &dns64_env->prefix_addrlen, &dns64_env->prefix_net)) { - log_err("cannot parse dns64-prefix netblock: %s", cfg->dns64_prefix); - return 0; - } - if (!addr_is_ip6(&dns64_env->prefix_addr, dns64_env->prefix_addrlen)) { - log_err("dns64_prefix is not IPv6: %s", cfg->dns64_prefix); - return 0; - } - if (dns64_env->prefix_net < 0 || dns64_env->prefix_net > 96) { - log_err("dns64-prefix length it not between 0 and 96: %s", - cfg->dns64_prefix); - return 0; - } - return 1; -} - -/** - * Initializes this instance of the dns64 module. - * - * \param env Global state of all module instances. - * \param id This instance's ID number. - */ -int -dns64_init(struct module_env* env, int id) -{ - struct dns64_env* dns64_env = - (struct dns64_env*)calloc(1, sizeof(struct dns64_env)); - if (!dns64_env) { - log_err("malloc failure"); - return 0; - } - env->modinfo[id] = (void*)dns64_env; - if (!dns64_apply_cfg(dns64_env, env->cfg)) { - log_err("dns64: could not apply configuration settings."); - return 0; - } - return 1; -} - -/** - * Deinitializes this instance of the dns64 module. - * - * \param env Global state of all module instances. - * \param id This instance's ID number. - */ -void -dns64_deinit(struct module_env* env, int id) -{ - if (!env) - return; - free(env->modinfo[id]); - env->modinfo[id] = NULL; -} - -/** - * Handle PTR queries for IPv6 addresses. If the address belongs to the DNS64 - * prefix, we must do a PTR query for the corresponding IPv4 address instead. - * - * \param qstate Query state structure. - * \param id This module instance's ID number. - * - * \return The new state of the query. - */ -static enum module_ext_state -handle_ipv6_ptr(struct module_qstate* qstate, int id) -{ - struct dns64_env* dns64_env = (struct dns64_env*)qstate->env->modinfo[id]; - struct module_qstate* subq = NULL; - struct query_info qinfo; - struct sockaddr_in6 sin6; - - /* Convert the PTR query string to an IPv6 address. */ - memset(&sin6, 0, sizeof(sin6)); - sin6.sin6_family = AF_INET6; - if (!ptr_to_ipv6((char*)qstate->qinfo.qname, sin6.sin6_addr.s6_addr)) - return module_wait_module; /* Let other module handle this. */ - - /* - * If this IPv6 address is not part of our DNS64 prefix, then we don't need - * to do anything. Let another module handle the query. - */ - if (addr_in_common((struct sockaddr_storage*)&sin6, 128, - &dns64_env->prefix_addr, dns64_env->prefix_net, - (socklen_t)sizeof(sin6)) != dns64_env->prefix_net) - return module_wait_module; - - verbose(VERB_ALGO, "dns64: rewrite PTR record"); - - /* - * Create a new PTR query info for the domain name corresponding to the IPv4 - * address corresponding to the IPv6 address corresponding to the original - * PTR query domain name. - */ - qinfo = qstate->qinfo; - if (!(qinfo.qname = regional_alloc(qstate->region, MAX_PTR_QNAME_IPV4))) - return module_error; - qinfo.qname_len = ipv4_to_ptr(extract_ipv4(sin6.sin6_addr.s6_addr, - dns64_env->prefix_net), (char*)qinfo.qname); - - /* Create the new sub-query. */ - fptr_ok(fptr_whitelist_modenv_attach_sub(qstate->env->attach_sub)); - if(!(*qstate->env->attach_sub)(qstate, &qinfo, qstate->query_flags, 0, 0, - &subq)) - return module_error; - if (subq) { - subq->curmod = id; - subq->ext_state[id] = module_state_initial; - subq->minfo[id] = NULL; - } - - return module_wait_subquery; -} - -static enum module_ext_state -generate_type_A_query(struct module_qstate* qstate, int id) -{ - struct module_qstate* subq = NULL; - struct query_info qinfo; - - verbose(VERB_ALGO, "dns64: query A record"); - - /* Create a new query info. */ - qinfo = qstate->qinfo; - qinfo.qtype = LDNS_RR_TYPE_A; - - /* Start the sub-query. */ - fptr_ok(fptr_whitelist_modenv_attach_sub(qstate->env->attach_sub)); - if(!(*qstate->env->attach_sub)(qstate, &qinfo, qstate->query_flags, 0, - 0, &subq)) - { - verbose(VERB_ALGO, "dns64: sub-query creation failed"); - return module_error; - } - if (subq) { - subq->curmod = id; - subq->ext_state[id] = module_state_initial; - subq->minfo[id] = NULL; - } - - return module_wait_subquery; -} - -/** - * Handles the "pass" event for a query. This event is received when a new query - * is received by this module. The query may have been generated internally by - * another module, in which case we don't want to do any special processing - * (this is an interesting discussion topic), or it may be brand new, e.g. - * received over a socket, in which case we do want to apply DNS64 processing. - * - * \param qstate A structure representing the state of the query that has just - * received the "pass" event. - * \param id This module's instance ID. - * - * \return The new state of the query. - */ -static enum module_ext_state -handle_event_pass(struct module_qstate* qstate, int id) -{ - if ((uintptr_t)qstate->minfo[id] == DNS64_NEW_QUERY - && qstate->qinfo.qtype == LDNS_RR_TYPE_PTR - && qstate->qinfo.qname_len == 74 - && !strcmp((char*)&qstate->qinfo.qname[64], "\03ip6\04arpa")) - /* Handle PTR queries for IPv6 addresses. */ - return handle_ipv6_ptr(qstate, id); - - if (qstate->env->cfg->dns64_synthall && - (uintptr_t)qstate->minfo[id] == DNS64_NEW_QUERY - && qstate->qinfo.qtype == LDNS_RR_TYPE_AAAA) - return generate_type_A_query(qstate, id); - - /* We are finished when our sub-query is finished. */ - if ((uintptr_t)qstate->minfo[id] == DNS64_SUBQUERY_FINISHED) - return module_finished; - - /* Otherwise, pass request to next module. */ - verbose(VERB_ALGO, "dns64: pass to next module"); - return module_wait_module; -} - -/** - * Handles the "done" event for a query. We need to analyze the response and - * maybe issue a new sub-query for the A record. - * - * \param qstate A structure representing the state of the query that has just - * received the "pass" event. - * \param id This module's instance ID. - * - * \return The new state of the query. - */ -static enum module_ext_state -handle_event_moddone(struct module_qstate* qstate, int id) -{ - /* - * In many cases we have nothing special to do. From most to least common: - * - * - An internal query. - * - A query for a record type other than AAAA. - * - CD FLAG was set on querier - * - An AAAA query for which an error was returned.(qstate.return_rcode) - * -> treated as servfail thus synthesize (sec 5.1.3 6147), thus - * synthesize in (sec 5.1.2 of RFC6147). - * - A successful AAAA query with an answer. - */ - if ( (enum dns64_qstate)qstate->minfo[id] == DNS64_INTERNAL_QUERY - || qstate->qinfo.qtype != LDNS_RR_TYPE_AAAA - || (qstate->query_flags & BIT_CD) - || (qstate->return_msg && - qstate->return_msg->rep && - reply_find_answer_rrset(&qstate->qinfo, - qstate->return_msg->rep))) - return module_finished; - - /* So, this is a AAAA noerror/nodata answer */ - return generate_type_A_query(qstate, id); -} - -/** - * This is the module's main() function. It gets called each time a query - * receives an event which we may need to handle. We respond by updating the - * state of the query. - * - * \param qstate Structure containing the state of the query. - * \param event Event that has just been received. - * \param id This module's instance ID. - * \param outbound State of a DNS query on an authoritative server. We never do - * our own queries ourselves (other modules do it for us), so - * this is unused. - */ -void -dns64_operate(struct module_qstate* qstate, enum module_ev event, int id, - struct outbound_entry* outbound) -{ - (void)outbound; - verbose(VERB_QUERY, "dns64[module %d] operate: extstate:%s event:%s", - id, strextstate(qstate->ext_state[id]), - strmodulevent(event)); - log_query_info(VERB_QUERY, "dns64 operate: query", &qstate->qinfo); - - switch(event) { - case module_event_new: - /* Tag this query as being new and fall through. */ - qstate->minfo[id] = (void*)DNS64_NEW_QUERY; - case module_event_pass: - qstate->ext_state[id] = handle_event_pass(qstate, id); - break; - case module_event_moddone: - qstate->ext_state[id] = handle_event_moddone(qstate, id); - break; - default: - qstate->ext_state[id] = module_finished; - break; - } -} - -static void -dns64_synth_aaaa_data(const struct ub_packed_rrset_key* fk, - const struct packed_rrset_data* fd, - struct ub_packed_rrset_key *dk, - struct packed_rrset_data **dd_out, struct regional *region, - struct dns64_env* dns64_env ) -{ - struct packed_rrset_data *dd; - size_t i; - /* - * Create synthesized AAAA RR set data. We need to allocated extra memory - * for the RRs themselves. Each RR has a length, TTL, pointer to wireformat - * data, 2 bytes of data length, and 16 bytes of IPv6 address. - */ - if(fd->count > RR_COUNT_MAX) { - *dd_out = NULL; - return; /* integer overflow protection in alloc */ - } - if (!(dd = *dd_out = regional_alloc(region, - sizeof(struct packed_rrset_data) - + fd->count * (sizeof(size_t) + sizeof(time_t) + - sizeof(uint8_t*) + 2 + 16)))) { - log_err("out of memory"); - return; - } - - /* Copy attributes from A RR set. */ - dd->ttl = fd->ttl; - dd->count = fd->count; - dd->rrsig_count = 0; - dd->trust = fd->trust; - dd->security = fd->security; - - /* - * Synthesize AAAA records. Adjust pointers in structure. - */ - dd->rr_len = - (size_t*)((uint8_t*)dd + sizeof(struct packed_rrset_data)); - dd->rr_data = (uint8_t**)&dd->rr_len[dd->count]; - dd->rr_ttl = (time_t*)&dd->rr_data[dd->count]; - for(i = 0; i < fd->count; ++i) { - if (fd->rr_len[i] != 6 || fd->rr_data[i][0] != 0 - || fd->rr_data[i][1] != 4) { - *dd_out = NULL; - return; - } - dd->rr_len[i] = 18; - dd->rr_data[i] = - (uint8_t*)&dd->rr_ttl[dd->count] + 18*i; - dd->rr_data[i][0] = 0; - dd->rr_data[i][1] = 16; - synthesize_aaaa( - ((struct sockaddr_in6*)&dns64_env->prefix_addr)->sin6_addr.s6_addr, - dns64_env->prefix_net, &fd->rr_data[i][2], - &dd->rr_data[i][2] ); - dd->rr_ttl[i] = fd->rr_ttl[i]; - } - - /* - * Create synthesized AAAA RR set key. This is mostly just bookkeeping, - * nothing interesting here. - */ - if(!dk) { - log_err("no key"); - *dd_out = NULL; - return; - } - - dk->rk.dname = (uint8_t*)regional_alloc_init(region, - fk->rk.dname, fk->rk.dname_len); - - if(!dk->rk.dname) { - log_err("out of memory"); - *dd_out = NULL; - return; - } - - dk->rk.type = htons(LDNS_RR_TYPE_AAAA); - memset(&dk->entry, 0, sizeof(dk->entry)); - dk->entry.key = dk; - dk->entry.hash = rrset_key_hash(&dk->rk); - dk->entry.data = dd; - -} - -/** - * Synthesize an AAAA RR set from an A sub-query's answer and add it to the - * original empty response. - * - * \param id This module's instance ID. - * \param super Original AAAA query. - * \param qstate A query. - */ -static void -dns64_adjust_a(int id, struct module_qstate* super, struct module_qstate* qstate) -{ - struct dns64_env* dns64_env = (struct dns64_env*)super->env->modinfo[id]; - struct reply_info *rep, *cp; - size_t i, s; - struct packed_rrset_data* fd, *dd; - struct ub_packed_rrset_key* fk, *dk; - - verbose(VERB_ALGO, "converting A answers to AAAA answers"); - - log_assert(super->region); - log_assert(qstate->return_msg); - log_assert(qstate->return_msg->rep); - - /* If dns64-synthall is enabled, return_msg is not initialized */ - if(!super->return_msg) { - super->return_msg = (struct dns_msg*)regional_alloc( - super->region, sizeof(struct dns_msg)); - if(!super->return_msg) - return; - memset(super->return_msg, 0, sizeof(*super->return_msg)); - super->return_msg->qinfo = super->qinfo; - } - - rep = qstate->return_msg->rep; - - /* - * Build the actual reply. - */ - cp = construct_reply_info_base(super->region, rep->flags, rep->qdcount, - rep->ttl, rep->prefetch_ttl, rep->an_numrrsets, rep->ns_numrrsets, - rep->ar_numrrsets, rep->rrset_count, rep->security); - if(!cp) - return; - - /* allocate ub_key structures special or not */ - if(!reply_info_alloc_rrset_keys(cp, NULL, super->region)) { - return; - } - - /* copy everything and replace A by AAAA */ - for(i=0; irrset_count; i++) { - fk = rep->rrsets[i]; - dk = cp->rrsets[i]; - fd = (struct packed_rrset_data*)fk->entry.data; - dk->rk = fk->rk; - dk->id = fk->id; - - if(ian_numrrsets && fk->rk.type == htons(LDNS_RR_TYPE_A)) { - /* also sets dk->entry.hash */ - dns64_synth_aaaa_data(fk, fd, dk, &dd, super->region, dns64_env); - if(!dd) - return; - /* Delete negative AAAA record from cache stored by - * the iterator module */ - rrset_cache_remove(super->env->rrset_cache, dk->rk.dname, - dk->rk.dname_len, LDNS_RR_TYPE_AAAA, - LDNS_RR_CLASS_IN, 0); - } else { - dk->entry.hash = fk->entry.hash; - dk->rk.dname = (uint8_t*)regional_alloc_init(super->region, - fk->rk.dname, fk->rk.dname_len); - - if(!dk->rk.dname) - return; - - s = packed_rrset_sizeof(fd); - dd = (struct packed_rrset_data*)regional_alloc_init( - super->region, fd, s); - - if(!dd) - return; - } - - packed_rrset_ptr_fixup(dd); - dk->entry.data = (void*)dd; - } - - /* Commit changes. */ - super->return_msg->rep = cp; -} - -/** - * Generate a response for the original IPv6 PTR query based on an IPv4 PTR - * sub-query's response. - * - * \param qstate IPv4 PTR sub-query. - * \param super Original IPv6 PTR query. - */ -static void -dns64_adjust_ptr(struct module_qstate* qstate, struct module_qstate* super) -{ - struct ub_packed_rrset_key* answer; - - verbose(VERB_ALGO, "adjusting PTR reply"); - - /* Copy the sub-query's reply to the parent. */ - if (!(super->return_msg = (struct dns_msg*)regional_alloc(super->region, - sizeof(struct dns_msg)))) - return; - super->return_msg->qinfo = super->qinfo; - super->return_msg->rep = reply_info_copy(qstate->return_msg->rep, NULL, - super->region); - - /* - * Adjust the domain name of the answer RR set so that it matches the - * initial query's domain name. - */ - answer = reply_find_answer_rrset(&qstate->qinfo, super->return_msg->rep); - log_assert(answer); - answer->rk.dname = super->qinfo.qname; - answer->rk.dname_len = super->qinfo.qname_len; -} - -/** - * This function is called when a sub-query finishes to inform the parent query. - * - * We issue two kinds of sub-queries: PTR and A. - * - * \param qstate State of the sub-query. - * \param id This module's instance ID. - * \param super State of the super-query. - */ -void -dns64_inform_super(struct module_qstate* qstate, int id, - struct module_qstate* super) -{ - log_query_info(VERB_ALGO, "dns64: inform_super, sub is", - &qstate->qinfo); - log_query_info(VERB_ALGO, "super is", &super->qinfo); - - /* - * Signal that the sub-query is finished, no matter whether we are - * successful or not. This lets the state machine terminate. - */ - super->minfo[id] = (void*)DNS64_SUBQUERY_FINISHED; - - /* If there is no successful answer, we're done. */ - if (qstate->return_rcode != LDNS_RCODE_NOERROR - || !qstate->return_msg - || !qstate->return_msg->rep - || !reply_find_answer_rrset(&qstate->qinfo, - qstate->return_msg->rep)) - return; - - /* Generate a response suitable for the original query. */ - if (qstate->qinfo.qtype == LDNS_RR_TYPE_A) { - dns64_adjust_a(id, super, qstate); - } else { - log_assert(qstate->qinfo.qtype == LDNS_RR_TYPE_PTR); - dns64_adjust_ptr(qstate, super); - } - - /* Store the generated response in cache. */ - if (!super->no_cache_store && - !dns_cache_store(super->env, &super->qinfo, super->return_msg->rep, - 0, 0, 0, NULL, super->query_flags)) - log_err("out of memory"); -} - -/** - * Clear module-specific data from query state. Since we do not allocate memory, - * it's just a matter of setting a pointer to NULL. - * - * \param qstate Query state. - * \param id This module's instance ID. - */ -void -dns64_clear(struct module_qstate* qstate, int id) -{ - qstate->minfo[id] = NULL; -} - -/** - * Returns the amount of global memory that this module uses, not including - * per-query data. - * - * \param env Module environment. - * \param id This module's instance ID. - */ -size_t -dns64_get_mem(struct module_env* env, int id) -{ - struct dns64_env* dns64_env = (struct dns64_env*)env->modinfo[id]; - if (!dns64_env) - return 0; - return sizeof(*dns64_env); -} - -/** - * The dns64 function block. - */ -static struct module_func_block dns64_block = { - "dns64", - &dns64_init, &dns64_deinit, &dns64_operate, &dns64_inform_super, - &dns64_clear, &dns64_get_mem -}; - -/** - * Function for returning the above function block. - */ -struct module_func_block * -dns64_get_funcblock(void) -{ - return &dns64_block; -} diff --git a/external/unbound/dns64/dns64.h b/external/unbound/dns64/dns64.h deleted file mode 100644 index 2f0c01a22..000000000 --- a/external/unbound/dns64/dns64.h +++ /dev/null @@ -1,71 +0,0 @@ -/* - * dns64/dns64.h - DNS64 module - * - * Copyright (c) 2009, Viagénie. All rights reserved. - * - * This software is open source. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * Redistributions of source code must retain the above copyright notice, - * this list of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, - * this list of conditions and the following disclaimer in the documentation - * and/or other materials provided with the distribution. - * - * Neither the name of the NLNET LABS nor the names of its contributors may - * be used to endorse or promote products derived from this software without - * specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED - * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE - * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR - * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - * POSSIBILITY OF SUCH DAMAGE. - */ - -/** - * \file - * - * This file contains a module that performs DNS64 query processing. - */ - -#ifndef DNS64_DNS64_H -#define DNS64_DNS64_H -#include "util/module.h" - -/** - * Get the dns64 function block. - * @return: function block with function pointers to dns64 methods. - */ -struct module_func_block *dns64_get_funcblock(void); - -/** dns64 init */ -int dns64_init(struct module_env* env, int id); - -/** dns64 deinit */ -void dns64_deinit(struct module_env* env, int id); - -/** dns64 operate on a query */ -void dns64_operate(struct module_qstate* qstate, enum module_ev event, int id, - struct outbound_entry* outbound); - -void dns64_inform_super(struct module_qstate* qstate, int id, - struct module_qstate* super); - -/** dns64 cleanup query state */ -void dns64_clear(struct module_qstate* qstate, int id); - -/** dns64 alloc size routine */ -size_t dns64_get_mem(struct module_env* env, int id); - -#endif /* DNS64_DNS64_H */ diff --git a/external/unbound/dnscrypt/cert.h b/external/unbound/dnscrypt/cert.h deleted file mode 100644 index 044f49f26..000000000 --- a/external/unbound/dnscrypt/cert.h +++ /dev/null @@ -1,32 +0,0 @@ -#ifndef UNBOUND_DNSCRYPT_CERT_H -#define UNBOUND_DNSCRYPT_CERT_H - -/** - * \file - * certificate type for dnscrypt for use in other header files - */ - -#include -#define CERT_MAGIC_CERT "DNSC" -#define CERT_MAJOR_VERSION 1 -#define CERT_MINOR_VERSION 0 -#define CERT_OLD_MAGIC_HEADER "7PYqwfzt" - -#define CERT_FILE_EXPIRE_DAYS 365 - -struct SignedCert { - uint8_t magic_cert[4]; - uint8_t version_major[2]; - uint8_t version_minor[2]; - - // Signed Content - uint8_t server_publickey[crypto_box_PUBLICKEYBYTES]; - uint8_t magic_query[8]; - uint8_t serial[4]; - uint8_t ts_begin[4]; - uint8_t ts_end[4]; - uint8_t end[64]; -}; - - -#endif diff --git a/external/unbound/dnscrypt/dnscrypt.c b/external/unbound/dnscrypt/dnscrypt.c deleted file mode 100644 index 56903e651..000000000 --- a/external/unbound/dnscrypt/dnscrypt.c +++ /dev/null @@ -1,531 +0,0 @@ - -#include "config.h" -#include -#include -#ifdef HAVE_TIME_H -#include -#endif -#include -#include -#include "sldns/sbuffer.h" -#include "util/config_file.h" -#include "util/net_help.h" -#include "util/netevent.h" -#include "util/log.h" - -#include "dnscrypt/cert.h" -#include "dnscrypt/dnscrypt.h" - -#include - -/** - * \file - * dnscrypt functions for encrypting DNS packets. - */ - -#define DNSCRYPT_QUERY_BOX_OFFSET \ - (DNSCRYPT_MAGIC_HEADER_LEN + crypto_box_PUBLICKEYBYTES + crypto_box_HALF_NONCEBYTES) - -// 8 bytes: magic header (CERT_MAGIC_HEADER) -// 12 bytes: the client's nonce -// 12 bytes: server nonce extension -// 16 bytes: Poly1305 MAC (crypto_box_ZEROBYTES - crypto_box_BOXZEROBYTES) - -#define DNSCRYPT_REPLY_BOX_OFFSET \ - (DNSCRYPT_MAGIC_HEADER_LEN + crypto_box_HALF_NONCEBYTES + crypto_box_HALF_NONCEBYTES) - -/** - * Decrypt a query using the keypair that was found using dnsc_find_keypair. - * The client nonce will be extracted from the encrypted query and stored in - * client_nonce, a shared secret will be computed and stored in nmkey and the - * buffer will be decrypted inplace. - * \param[in] keypair the keypair that matches this encrypted query. - * \param[in] client_nonce where the client nonce will be stored. - * \param[in] nmkey where the shared secret key will be written. - * \param[in] buffer the encrypted buffer. - * \return 0 on success. - */ -static int -dnscrypt_server_uncurve(const KeyPair *keypair, - uint8_t client_nonce[crypto_box_HALF_NONCEBYTES], - uint8_t nmkey[crypto_box_BEFORENMBYTES], - struct sldns_buffer* buffer) -{ - size_t len = sldns_buffer_limit(buffer); - uint8_t *const buf = sldns_buffer_begin(buffer); - uint8_t nonce[crypto_box_NONCEBYTES]; - struct dnscrypt_query_header *query_header; - - if (len <= DNSCRYPT_QUERY_HEADER_SIZE) { - return -1; - } - - query_header = (struct dnscrypt_query_header *)buf; - memcpy(nmkey, query_header->publickey, crypto_box_PUBLICKEYBYTES); - if (crypto_box_beforenm(nmkey, nmkey, keypair->crypt_secretkey) != 0) { - return -1; - } - - memcpy(nonce, query_header->nonce, crypto_box_HALF_NONCEBYTES); - memset(nonce + crypto_box_HALF_NONCEBYTES, 0, crypto_box_HALF_NONCEBYTES); - - sldns_buffer_set_at(buffer, - DNSCRYPT_QUERY_BOX_OFFSET - crypto_box_BOXZEROBYTES, - 0, crypto_box_BOXZEROBYTES); - - if (crypto_box_open_afternm - (buf + DNSCRYPT_QUERY_BOX_OFFSET - crypto_box_BOXZEROBYTES, - buf + DNSCRYPT_QUERY_BOX_OFFSET - crypto_box_BOXZEROBYTES, - len - DNSCRYPT_QUERY_BOX_OFFSET + crypto_box_BOXZEROBYTES, nonce, - nmkey) != 0) { - return -1; - } - - while (*sldns_buffer_at(buffer, --len) == 0) - ; - - if (*sldns_buffer_at(buffer, len) != 0x80) { - return -1; - } - - memcpy(client_nonce, nonce, crypto_box_HALF_NONCEBYTES); - memmove(sldns_buffer_begin(buffer), - sldns_buffer_at(buffer, DNSCRYPT_QUERY_HEADER_SIZE), - len - DNSCRYPT_QUERY_HEADER_SIZE); - - sldns_buffer_set_position(buffer, 0); - sldns_buffer_set_limit(buffer, len - DNSCRYPT_QUERY_HEADER_SIZE); - - return 0; -} - - -/** - * Add random padding to a buffer, according to a client nonce. - * The length has to depend on the query in order to avoid reply attacks. - * - * @param buf a buffer - * @param len the initial size of the buffer - * @param max_len the maximum size - * @param nonce a nonce, made of the client nonce repeated twice - * @param secretkey - * @return the new size, after padding - */ -size_t -dnscrypt_pad(uint8_t *buf, const size_t len, const size_t max_len, - const uint8_t *nonce, const uint8_t *secretkey) -{ - uint8_t *buf_padding_area = buf + len; - size_t padded_len; - uint32_t rnd; - - // no padding - if (max_len < len + DNSCRYPT_MIN_PAD_LEN) - return len; - - assert(nonce[crypto_box_HALF_NONCEBYTES] == nonce[0]); - - crypto_stream((unsigned char *)&rnd, (unsigned long long)sizeof(rnd), nonce, - secretkey); - padded_len = - len + DNSCRYPT_MIN_PAD_LEN + rnd % (max_len - len - - DNSCRYPT_MIN_PAD_LEN + 1); - padded_len += DNSCRYPT_BLOCK_SIZE - padded_len % DNSCRYPT_BLOCK_SIZE; - if (padded_len > max_len) - padded_len = max_len; - - memset(buf_padding_area, 0, padded_len - len); - *buf_padding_area = 0x80; - - return padded_len; -} - -uint64_t -dnscrypt_hrtime(void) -{ - struct timeval tv; - uint64_t ts = (uint64_t)0U; - int ret; - - ret = gettimeofday(&tv, NULL); - if (ret == 0) { - ts = (uint64_t)tv.tv_sec * 1000000U + (uint64_t)tv.tv_usec; - } else { - log_err("gettimeofday: %s", strerror(errno)); - } - return ts; -} - -/** - * Add the server nonce part to once. - * The nonce is made half of client nonce and the seconf half of the server - * nonce, both of them of size crypto_box_HALF_NONCEBYTES. - * \param[in] nonce: a uint8_t* of size crypto_box_NONCEBYTES - */ -static void -add_server_nonce(uint8_t *nonce) -{ - uint64_t ts; - uint64_t tsn; - uint32_t suffix; - ts = dnscrypt_hrtime(); - // TODO? dnscrypt-wrapper does some logic with context->nonce_ts_last - // unclear if we really need it, so skipping it for now. - tsn = (ts << 10) | (randombytes_random() & 0x3ff); -#if (BYTE_ORDER == LITTLE_ENDIAN) - tsn = - (((uint64_t)htonl((uint32_t)tsn)) << 32) | htonl((uint32_t)(tsn >> 32)); -#endif - memcpy(nonce + crypto_box_HALF_NONCEBYTES, &tsn, 8); - suffix = randombytes_random(); - memcpy(nonce + crypto_box_HALF_NONCEBYTES + 8, &suffix, 4); -} - -/** - * Encrypt a reply using the keypair that was used with the query. - * The client nonce will be extracted from the encrypted query and stored in - * The buffer will be encrypted inplace. - * \param[in] keypair the keypair that matches this encrypted query. - * \param[in] client_nonce client nonce used during the query - * \param[in] nmkey shared secret key used during the query. - * \param[in] buffer the buffer where to encrypt the reply. - * \param[in] udp if whether or not it is a UDP query. - * \param[in] max_udp_size configured max udp size. - * \return 0 on success. - */ -static int -dnscrypt_server_curve(const KeyPair *keypair, - uint8_t client_nonce[crypto_box_HALF_NONCEBYTES], - uint8_t nmkey[crypto_box_BEFORENMBYTES], - struct sldns_buffer* buffer, - uint8_t udp, - size_t max_udp_size) -{ - size_t dns_reply_len = sldns_buffer_limit(buffer); - size_t max_len = dns_reply_len + DNSCRYPT_MAX_PADDING + DNSCRYPT_REPLY_HEADER_SIZE; - size_t max_reply_size = max_udp_size - 20U - 8U; - uint8_t nonce[crypto_box_NONCEBYTES]; - uint8_t *boxed; - uint8_t *const buf = sldns_buffer_begin(buffer); - size_t len = sldns_buffer_limit(buffer); - - if(udp){ - if (max_len > max_reply_size) - max_len = max_reply_size; - } - - - memcpy(nonce, client_nonce, crypto_box_HALF_NONCEBYTES); - memcpy(nonce + crypto_box_HALF_NONCEBYTES, client_nonce, - crypto_box_HALF_NONCEBYTES); - - boxed = buf + DNSCRYPT_REPLY_BOX_OFFSET; - memmove(boxed + crypto_box_MACBYTES, buf, len); - len = dnscrypt_pad(boxed + crypto_box_MACBYTES, len, - max_len - DNSCRYPT_REPLY_HEADER_SIZE, nonce, - keypair->crypt_secretkey); - sldns_buffer_set_at(buffer, - DNSCRYPT_REPLY_BOX_OFFSET - crypto_box_BOXZEROBYTES, - 0, crypto_box_ZEROBYTES); - - // add server nonce extension - add_server_nonce(nonce); - - if (crypto_box_afternm - (boxed - crypto_box_BOXZEROBYTES, boxed - crypto_box_BOXZEROBYTES, - len + crypto_box_ZEROBYTES, nonce, nmkey) != 0) { - return -1; - } - - sldns_buffer_write_at(buffer, 0, DNSCRYPT_MAGIC_RESPONSE, DNSCRYPT_MAGIC_HEADER_LEN); - sldns_buffer_write_at(buffer, DNSCRYPT_MAGIC_HEADER_LEN, nonce, crypto_box_NONCEBYTES); - sldns_buffer_set_limit(buffer, len + DNSCRYPT_REPLY_HEADER_SIZE); - return 0; -} - -/** - * Read the content of fname into buf. - * \param[in] fname name of the file to read. - * \param[in] buf the buffer in which to read the content of the file. - * \param[in] count number of bytes to read. - * \return 0 on success. - */ -static int -dnsc_read_from_file(char *fname, char *buf, size_t count) -{ - int fd; - fd = open(fname, O_RDONLY); - if (fd == -1) { - return -1; - } - if (read(fd, buf, count) != (ssize_t)count) { - close(fd); - return -2; - } - close(fd); - return 0; -} - -/** - * Parse certificates files provided by the configuration and load them into - * dnsc_env. - * \param[in] env the dnsc_env structure to load the certs into. - * \param[in] cfg the configuration. - * \return the number of certificates loaded. - */ -static int -dnsc_parse_certs(struct dnsc_env *env, struct config_file *cfg) -{ - struct config_strlist *head; - size_t signed_cert_id; - - env->signed_certs_count = 0U; - for (head = cfg->dnscrypt_provider_cert; head; head = head->next) { - env->signed_certs_count++; - } - env->signed_certs = sodium_allocarray(env->signed_certs_count, - sizeof *env->signed_certs); - - signed_cert_id = 0U; - for(head = cfg->dnscrypt_provider_cert; head; head = head->next, signed_cert_id++) { - if(dnsc_read_from_file( - head->str, - (char *)(env->signed_certs + signed_cert_id), - sizeof(struct SignedCert)) != 0) { - fatal_exit("dnsc_parse_certs: failed to load %s: %s", head->str, strerror(errno)); - } - verbose(VERB_OPS, "Loaded cert %s", head->str); - } - return signed_cert_id; -} - -/** - * Helper function to convert a binary key into a printable fingerprint. - * \param[in] fingerprint the buffer in which to write the printable key. - * \param[in] key the key to convert. - */ -void -dnsc_key_to_fingerprint(char fingerprint[80U], const uint8_t * const key) -{ - const size_t fingerprint_size = 80U; - size_t fingerprint_pos = (size_t) 0U; - size_t key_pos = (size_t) 0U; - - for (;;) { - assert(fingerprint_size > fingerprint_pos); - snprintf(&fingerprint[fingerprint_pos], - fingerprint_size - fingerprint_pos, "%02X%02X", - key[key_pos], key[key_pos + 1U]); - key_pos += 2U; - if (key_pos >= crypto_box_PUBLICKEYBYTES) { - break; - } - fingerprint[fingerprint_pos + 4U] = ':'; - fingerprint_pos += 5U; - } -} - -/** - * Find the keypair matching a DNSCrypt query. - * \param[in] dnscenv The DNSCrypt enviroment, which contains the list of keys - * supported by the server. - * \param[in] buffer The encrypted DNS query. - * \return a KeyPair * if we found a key pair matching the query, NULL otherwise. - */ -static const KeyPair * -dnsc_find_keypair(struct dnsc_env* dnscenv, struct sldns_buffer* buffer) -{ - const KeyPair *keypairs = dnscenv->keypairs; - struct dnscrypt_query_header *dnscrypt_header; - size_t i; - - if (sldns_buffer_limit(buffer) < DNSCRYPT_QUERY_HEADER_SIZE) { - return NULL; - } - dnscrypt_header = (struct dnscrypt_query_header *)sldns_buffer_begin(buffer); - for (i = 0U; i < dnscenv->keypairs_count; i++) { - if (memcmp(keypairs[i].crypt_publickey, dnscrypt_header->magic_query, - DNSCRYPT_MAGIC_HEADER_LEN) == 0) { - return &keypairs[i]; - } - } - return NULL; -} - -/** - * Insert local-zone and local-data into configuration. - * In order to be able to serve certs over TXT, we can reuse the local-zone and - * local-data config option. The zone and qname are infered from the - * provider_name and the content of the TXT record from the certificate content. - * returns the number of certtificate TXT record that were loaded. - * < 0 in case of error. - */ -static int -dnsc_load_local_data(struct dnsc_env* dnscenv, struct config_file *cfg) -{ - size_t i, j; - // Insert 'local-zone: "2.dnscrypt-cert.example.com" deny' - if(!cfg_str2list_insert(&cfg->local_zones, - strdup(dnscenv->provider_name), - strdup("deny"))) { - log_err("Could not load dnscrypt local-zone: %s deny", - dnscenv->provider_name); - return -1; - } - - // Add local data entry of type: - // 2.dnscrypt-cert.example.com 86400 IN TXT "DNSC......" - for(i=0; isigned_certs_count; i++) { - const char *ttl_class_type = " 86400 IN TXT \""; - struct SignedCert *cert = dnscenv->signed_certs + i; - uint16_t rrlen = strlen(dnscenv->provider_name) + - strlen(ttl_class_type) + - 4 * sizeof(struct SignedCert) + // worst case scenario - 1 + // trailing double quote - 1; - char *rr = malloc(rrlen); - if(!rr) { - log_err("Could not allocate memory"); - return -2; - } - snprintf(rr, rrlen - 1, "%s 86400 IN TXT \"", dnscenv->provider_name); - for(j=0; jlocal_data, strdup(rr)); - free(rr); - } - return dnscenv->signed_certs_count; -} - -/** - * Parse the secret key files from `dnscrypt-secret-key` config and populates - * a list of secret/public keys supported by dnscrypt listener. - * \param[in] env The dnsc_env structure which will hold the keypairs. - * \param[in] cfg The config with the secret key file paths. - */ -static int -dnsc_parse_keys(struct dnsc_env *env, struct config_file *cfg) -{ - struct config_strlist *head; - size_t keypair_id; - - env->keypairs_count = 0U; - for (head = cfg->dnscrypt_secret_key; head; head = head->next) { - env->keypairs_count++; - } - env->keypairs = sodium_allocarray(env->keypairs_count, - sizeof *env->keypairs); - - keypair_id = 0U; - for(head = cfg->dnscrypt_secret_key; head; head = head->next, keypair_id++) { - char fingerprint[80]; - if(dnsc_read_from_file( - head->str, - (char *)(env->keypairs[keypair_id].crypt_secretkey), - crypto_box_SECRETKEYBYTES) != 0) { - fatal_exit("dnsc_parse_keys: failed to load %s: %s", head->str, strerror(errno)); - } - verbose(VERB_OPS, "Loaded key %s", head->str); - if (crypto_scalarmult_base(env->keypairs[keypair_id].crypt_publickey, - env->keypairs[keypair_id].crypt_secretkey) != 0) { - fatal_exit("dnsc_parse_keys: could not generate public key from %s", head->str); - } - dnsc_key_to_fingerprint(fingerprint, env->keypairs[keypair_id].crypt_publickey); - verbose(VERB_OPS, "Crypt public key fingerprint for %s: %s", head->str, fingerprint); - } - return keypair_id; -} - - -/** - * ######################################################### - * ############# Publicly accessible functions ############# - * ######################################################### - */ - -int -dnsc_handle_curved_request(struct dnsc_env* dnscenv, - struct comm_reply* repinfo) -{ - struct comm_point* c = repinfo->c; - - repinfo->is_dnscrypted = 0; - if( !c->dnscrypt ) { - return 1; - } - // Attempt to decrypt the query. If it is not crypted, we may still need - // to serve the certificate. - verbose(VERB_ALGO, "handle request called on DNSCrypt socket"); - if ((repinfo->keypair = dnsc_find_keypair(dnscenv, c->buffer)) != NULL) { - if(dnscrypt_server_uncurve(repinfo->keypair, - repinfo->client_nonce, - repinfo->nmkey, - c->buffer) != 0){ - verbose(VERB_ALGO, "dnscrypt: Failed to uncurve"); - comm_point_drop_reply(repinfo); - return 0; - } - repinfo->is_dnscrypted = 1; - sldns_buffer_rewind(c->buffer); - } - return 1; -} - -int -dnsc_handle_uncurved_request(struct comm_reply *repinfo) -{ - if(!repinfo->c->dnscrypt) { - return 1; - } - sldns_buffer_copy(repinfo->c->dnscrypt_buffer, repinfo->c->buffer); - if(!repinfo->is_dnscrypted) { - return 1; - } - if(dnscrypt_server_curve(repinfo->keypair, - repinfo->client_nonce, - repinfo->nmkey, - repinfo->c->dnscrypt_buffer, - repinfo->c->type == comm_udp, - repinfo->max_udp_size) != 0){ - verbose(VERB_ALGO, "dnscrypt: Failed to curve cached missed answer"); - comm_point_drop_reply(repinfo); - return 0; - } - return 1; -} - -struct dnsc_env * -dnsc_create(void) -{ - struct dnsc_env *env; - if (sodium_init() == -1) { - fatal_exit("dnsc_create: could not initialize libsodium."); - } - env = (struct dnsc_env *) calloc(1, sizeof(struct dnsc_env)); - return env; -} - -int -dnsc_apply_cfg(struct dnsc_env *env, struct config_file *cfg) -{ - if(dnsc_parse_certs(env, cfg) <= 0) { - fatal_exit("dnsc_apply_cfg: no cert file loaded"); - } - if(dnsc_parse_keys(env, cfg) <= 0) { - fatal_exit("dnsc_apply_cfg: no key file loaded"); - } - randombytes_buf(env->hash_key, sizeof env->hash_key); - env->provider_name = cfg->dnscrypt_provider; - - if(dnsc_load_local_data(env, cfg) <= 0) { - fatal_exit("dnsc_apply_cfg: could not load local data"); - } - return 0; -} diff --git a/external/unbound/dnscrypt/dnscrypt.h b/external/unbound/dnscrypt/dnscrypt.h deleted file mode 100644 index dac611b05..000000000 --- a/external/unbound/dnscrypt/dnscrypt.h +++ /dev/null @@ -1,102 +0,0 @@ -#ifndef UNBOUND_DNSCRYPT_H -#define UNBOUND_DNSCRYPT_H - -/** - * \file - * dnscrypt functions for encrypting DNS packets. - */ - -#include "dnscrypt/dnscrypt_config.h" -#ifdef USE_DNSCRYPT - -#define DNSCRYPT_MAGIC_HEADER_LEN 8U -#define DNSCRYPT_MAGIC_RESPONSE "r6fnvWj8" - -#ifndef DNSCRYPT_MAX_PADDING -# define DNSCRYPT_MAX_PADDING 256U -#endif -#ifndef DNSCRYPT_BLOCK_SIZE -# define DNSCRYPT_BLOCK_SIZE 64U -#endif -#ifndef DNSCRYPT_MIN_PAD_LEN -# define DNSCRYPT_MIN_PAD_LEN 8U -#endif - -#define crypto_box_HALF_NONCEBYTES (crypto_box_NONCEBYTES / 2U) - -#include "config.h" -#include "dnscrypt/cert.h" - -#define DNSCRYPT_QUERY_HEADER_SIZE \ - (DNSCRYPT_MAGIC_HEADER_LEN + crypto_box_PUBLICKEYBYTES + crypto_box_HALF_NONCEBYTES + crypto_box_MACBYTES) -#define DNSCRYPT_RESPONSE_HEADER_SIZE \ - (DNSCRYPT_MAGIC_HEADER_LEN + crypto_box_NONCEBYTES + crypto_box_MACBYTES) - -#define DNSCRYPT_REPLY_HEADER_SIZE \ - (DNSCRYPT_MAGIC_HEADER_LEN + crypto_box_HALF_NONCEBYTES * 2 + crypto_box_MACBYTES) - -struct sldns_buffer; -struct config_file; -struct comm_reply; - -typedef struct KeyPair_ { - uint8_t crypt_publickey[crypto_box_PUBLICKEYBYTES]; - uint8_t crypt_secretkey[crypto_box_SECRETKEYBYTES]; -} KeyPair; - -struct dnsc_env { - struct SignedCert *signed_certs; - size_t signed_certs_count; - uint8_t provider_publickey[crypto_sign_ed25519_PUBLICKEYBYTES]; - uint8_t provider_secretkey[crypto_sign_ed25519_SECRETKEYBYTES]; - KeyPair *keypairs; - size_t keypairs_count; - uint64_t nonce_ts_last; - unsigned char hash_key[crypto_shorthash_KEYBYTES]; - char * provider_name; -}; - -struct dnscrypt_query_header { - uint8_t magic_query[DNSCRYPT_MAGIC_HEADER_LEN]; - uint8_t publickey[crypto_box_PUBLICKEYBYTES]; - uint8_t nonce[crypto_box_HALF_NONCEBYTES]; - uint8_t mac[crypto_box_MACBYTES]; -}; - -/** - * Initialize DNSCrypt enviroment. - * Initialize sodium library and allocate the dnsc_env structure. - * \return an uninitialized struct dnsc_env. - */ -struct dnsc_env * dnsc_create(void); - -/** - * Apply configuration. - * Read certificates and secret keys from configuration. Initialize hashkey and - * provider name as well as loading cert TXT records. - * In case of issue applying configuration, this function fatals. - * \param[in] env the struct dnsc_env to populate. - * \param[in] cfg the config_file struct with dnscrypt options. - * \return 0 on success. - */ -int dnsc_apply_cfg(struct dnsc_env *env, struct config_file *cfg); - -/** - * handle a crypted dnscrypt request. - * Determine wether or not a query is coming over the dnscrypt listener and - * attempt to uncurve it or detect if it is a certificate query. - * return 0 in case of failure. - */ -int dnsc_handle_curved_request(struct dnsc_env* dnscenv, - struct comm_reply* repinfo); -/** - * handle an unencrypted dnscrypt request. - * Determine wether or not a query is going over the dnscrypt channel and - * attempt to curve it unless it was not crypted like when it is a - * certificate query. - * \return 0 in case of failure. - */ - -int dnsc_handle_uncurved_request(struct comm_reply *repinfo); -#endif /* USE_DNSCRYPT */ -#endif diff --git a/external/unbound/dnscrypt/dnscrypt.m4 b/external/unbound/dnscrypt/dnscrypt.m4 deleted file mode 100644 index 077d28221..000000000 --- a/external/unbound/dnscrypt/dnscrypt.m4 +++ /dev/null @@ -1,25 +0,0 @@ -# dnscrypt.m4 - -# dnsc_DNSCRYPT([action-if-true], [action-if-false]) -# -------------------------------------------------------------------------- -# Check for required dnscrypt libraries and add dnscrypt configure args. -AC_DEFUN([dnsc_DNSCRYPT], -[ - AC_ARG_ENABLE([dnscrypt], - AS_HELP_STRING([--enable-dnscrypt], - [Enable dnscrypt support (requires libsodium)]), - [opt_dnscrypt=$enableval], [opt_dnscrypt=no]) - - if test "x$opt_dnscrypt" != "xno"; then - AC_ARG_WITH([libsodium], AC_HELP_STRING([--with-libsodium=path], - [Path where libsodium is installed, for dnscrypt]), [ - CFLAGS="$CFLAGS -I$withval/include" - LDFLAGS="$LDFLAGS -L$withval/lib" - ]) - AC_SEARCH_LIBS([sodium_init], [sodium], [], - AC_MSG_ERROR([The sodium library was not found. Please install sodium!])) - $1 - else - $2 - fi -]) diff --git a/external/unbound/dnscrypt/dnscrypt_config.h b/external/unbound/dnscrypt/dnscrypt_config.h deleted file mode 100644 index 0d77a0c91..000000000 --- a/external/unbound/dnscrypt/dnscrypt_config.h +++ /dev/null @@ -1,17 +0,0 @@ -#ifndef UNBOUND_DNSCRYPT_CONFIG_H -#define UNBOUND_DNSCRYPT_CONFIG_H - -/* - * Process this file (dnscrypt_config.h.in) with AC_CONFIG_FILES to generate - * dnscrypt_config.h. - * - * This file exists so that USE_DNSCRYPT can be used without including config.h. - */ - -#if 0 /* ENABLE_DNSCRYPT */ -# ifndef USE_DNSCRYPT -# define USE_DNSCRYPT 1 -# endif -#endif - -#endif /* UNBOUND_DNSCRYPT_CONFIG_H */ diff --git a/external/unbound/dnstap/dnstap.c b/external/unbound/dnstap/dnstap.c deleted file mode 100644 index 5d0420f6f..000000000 --- a/external/unbound/dnstap/dnstap.c +++ /dev/null @@ -1,518 +0,0 @@ -/* dnstap support for Unbound */ - -/* - * Copyright (c) 2013-2014, Farsight Security, Inc. - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * 3. Neither the name of the copyright holder nor the names of its - * contributors may be used to endorse or promote products derived from - * this software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED - * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR - * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, - * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, - * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; - * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, - * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR - * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF - * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -#include "dnstap/dnstap_config.h" - -#ifdef USE_DNSTAP - -#include "config.h" -#include -#include -#include "sldns/sbuffer.h" -#include "util/config_file.h" -#include "util/net_help.h" -#include "util/netevent.h" -#include "util/log.h" - -#include -#include - -#include "dnstap/dnstap.h" -#include "dnstap/dnstap.pb-c.h" - -#define DNSTAP_CONTENT_TYPE "protobuf:dnstap.Dnstap" -#define DNSTAP_INITIAL_BUF_SIZE 256 - -struct dt_msg { - void *buf; - size_t len_buf; - Dnstap__Dnstap d; - Dnstap__Message m; -}; - -static int -dt_pack(const Dnstap__Dnstap *d, void **buf, size_t *sz) -{ - ProtobufCBufferSimple sbuf; - - memset(&sbuf, 0, sizeof(sbuf)); - sbuf.base.append = protobuf_c_buffer_simple_append; - sbuf.len = 0; - sbuf.alloced = DNSTAP_INITIAL_BUF_SIZE; - sbuf.data = malloc(sbuf.alloced); - if (sbuf.data == NULL) - return 0; - sbuf.must_free_data = 1; - - *sz = dnstap__dnstap__pack_to_buffer(d, (ProtobufCBuffer *) &sbuf); - if (sbuf.data == NULL) - return 0; - *buf = sbuf.data; - - return 1; -} - -static void -dt_send(const struct dt_env *env, void *buf, size_t len_buf) -{ - fstrm_res res; - if (!buf) - return; - res = fstrm_iothr_submit(env->iothr, env->ioq, buf, len_buf, - fstrm_free_wrapper, NULL); - if (res != fstrm_res_success) - free(buf); -} - -static void -dt_msg_init(const struct dt_env *env, - struct dt_msg *dm, - Dnstap__Message__Type mtype) -{ - memset(dm, 0, sizeof(*dm)); - dm->d.base.descriptor = &dnstap__dnstap__descriptor; - dm->m.base.descriptor = &dnstap__message__descriptor; - dm->d.type = DNSTAP__DNSTAP__TYPE__MESSAGE; - dm->d.message = &dm->m; - dm->m.type = mtype; - if (env->identity != NULL) { - dm->d.identity.data = (uint8_t *) env->identity; - dm->d.identity.len = (size_t) env->len_identity; - dm->d.has_identity = 1; - } - if (env->version != NULL) { - dm->d.version.data = (uint8_t *) env->version; - dm->d.version.len = (size_t) env->len_version; - dm->d.has_version = 1; - } -} - -struct dt_env * -dt_create(const char *socket_path, unsigned num_workers) -{ -#ifdef UNBOUND_DEBUG - fstrm_res res; -#endif - struct dt_env *env; - struct fstrm_iothr_options *fopt; - struct fstrm_unix_writer_options *fuwopt; - struct fstrm_writer *fw; - struct fstrm_writer_options *fwopt; - - verbose(VERB_OPS, "attempting to connect to dnstap socket %s", - socket_path); - log_assert(socket_path != NULL); - log_assert(num_workers > 0); - - env = (struct dt_env *) calloc(1, sizeof(struct dt_env)); - if (!env) - return NULL; - - fwopt = fstrm_writer_options_init(); -#ifdef UNBOUND_DEBUG - res = -#else - (void) -#endif - fstrm_writer_options_add_content_type(fwopt, - DNSTAP_CONTENT_TYPE, sizeof(DNSTAP_CONTENT_TYPE) - 1); - log_assert(res == fstrm_res_success); - - fuwopt = fstrm_unix_writer_options_init(); - fstrm_unix_writer_options_set_socket_path(fuwopt, socket_path); - - fw = fstrm_unix_writer_init(fuwopt, fwopt); - log_assert(fw != NULL); - - fopt = fstrm_iothr_options_init(); - fstrm_iothr_options_set_num_input_queues(fopt, num_workers); - env->iothr = fstrm_iothr_init(fopt, &fw); - if (env->iothr == NULL) { - verbose(VERB_DETAIL, "dt_create: fstrm_iothr_init() failed"); - fstrm_writer_destroy(&fw); - free(env); - env = NULL; - } - fstrm_iothr_options_destroy(&fopt); - fstrm_unix_writer_options_destroy(&fuwopt); - fstrm_writer_options_destroy(&fwopt); - - return env; -} - -static void -dt_apply_identity(struct dt_env *env, struct config_file *cfg) -{ - char buf[MAXHOSTNAMELEN+1]; - if (!cfg->dnstap_send_identity) - return; - free(env->identity); - if (cfg->dnstap_identity == NULL || cfg->dnstap_identity[0] == 0) { - if (gethostname(buf, MAXHOSTNAMELEN) == 0) { - buf[MAXHOSTNAMELEN] = 0; - env->identity = strdup(buf); - } else { - fatal_exit("dt_apply_identity: gethostname() failed"); - } - } else { - env->identity = strdup(cfg->dnstap_identity); - } - if (env->identity == NULL) - fatal_exit("dt_apply_identity: strdup() failed"); - env->len_identity = (unsigned int)strlen(env->identity); - verbose(VERB_OPS, "dnstap identity field set to \"%s\"", - env->identity); -} - -static void -dt_apply_version(struct dt_env *env, struct config_file *cfg) -{ - if (!cfg->dnstap_send_version) - return; - free(env->version); - if (cfg->dnstap_version == NULL || cfg->dnstap_version[0] == 0) - env->version = strdup(PACKAGE_STRING); - else - env->version = strdup(cfg->dnstap_version); - if (env->version == NULL) - fatal_exit("dt_apply_version: strdup() failed"); - env->len_version = (unsigned int)strlen(env->version); - verbose(VERB_OPS, "dnstap version field set to \"%s\"", - env->version); -} - -void -dt_apply_cfg(struct dt_env *env, struct config_file *cfg) -{ - if (!cfg->dnstap) - return; - - dt_apply_identity(env, cfg); - dt_apply_version(env, cfg); - if ((env->log_resolver_query_messages = (unsigned int) - cfg->dnstap_log_resolver_query_messages)) - { - verbose(VERB_OPS, "dnstap Message/RESOLVER_QUERY enabled"); - } - if ((env->log_resolver_response_messages = (unsigned int) - cfg->dnstap_log_resolver_response_messages)) - { - verbose(VERB_OPS, "dnstap Message/RESOLVER_RESPONSE enabled"); - } - if ((env->log_client_query_messages = (unsigned int) - cfg->dnstap_log_client_query_messages)) - { - verbose(VERB_OPS, "dnstap Message/CLIENT_QUERY enabled"); - } - if ((env->log_client_response_messages = (unsigned int) - cfg->dnstap_log_client_response_messages)) - { - verbose(VERB_OPS, "dnstap Message/CLIENT_RESPONSE enabled"); - } - if ((env->log_forwarder_query_messages = (unsigned int) - cfg->dnstap_log_forwarder_query_messages)) - { - verbose(VERB_OPS, "dnstap Message/FORWARDER_QUERY enabled"); - } - if ((env->log_forwarder_response_messages = (unsigned int) - cfg->dnstap_log_forwarder_response_messages)) - { - verbose(VERB_OPS, "dnstap Message/FORWARDER_RESPONSE enabled"); - } -} - -int -dt_init(struct dt_env *env) -{ - env->ioq = fstrm_iothr_get_input_queue(env->iothr); - if (env->ioq == NULL) - return 0; - return 1; -} - -void -dt_delete(struct dt_env *env) -{ - if (!env) - return; - verbose(VERB_OPS, "closing dnstap socket"); - fstrm_iothr_destroy(&env->iothr); - free(env->identity); - free(env->version); - free(env); -} - -static void -dt_fill_timeval(const struct timeval *tv, - uint64_t *time_sec, protobuf_c_boolean *has_time_sec, - uint32_t *time_nsec, protobuf_c_boolean *has_time_nsec) -{ -#ifndef S_SPLINT_S - *time_sec = tv->tv_sec; - *time_nsec = tv->tv_usec * 1000; -#endif - *has_time_sec = 1; - *has_time_nsec = 1; -} - -static void -dt_fill_buffer(sldns_buffer *b, ProtobufCBinaryData *p, protobuf_c_boolean *has) -{ - log_assert(b != NULL); - p->len = sldns_buffer_limit(b); - p->data = sldns_buffer_begin(b); - *has = 1; -} - -static void -dt_msg_fill_net(struct dt_msg *dm, - struct sockaddr_storage *ss, - enum comm_point_type cptype, - ProtobufCBinaryData *addr, protobuf_c_boolean *has_addr, - uint32_t *port, protobuf_c_boolean *has_port) -{ - log_assert(ss->ss_family == AF_INET6 || ss->ss_family == AF_INET); - if (ss->ss_family == AF_INET6) { - struct sockaddr_in6 *s = (struct sockaddr_in6 *) ss; - - /* socket_family */ - dm->m.socket_family = DNSTAP__SOCKET_FAMILY__INET6; - dm->m.has_socket_family = 1; - - /* addr: query_address or response_address */ - addr->data = s->sin6_addr.s6_addr; - addr->len = 16; /* IPv6 */ - *has_addr = 1; - - /* port: query_port or response_port */ - *port = ntohs(s->sin6_port); - *has_port = 1; - } else if (ss->ss_family == AF_INET) { - struct sockaddr_in *s = (struct sockaddr_in *) ss; - - /* socket_family */ - dm->m.socket_family = DNSTAP__SOCKET_FAMILY__INET; - dm->m.has_socket_family = 1; - - /* addr: query_address or response_address */ - addr->data = (uint8_t *) &s->sin_addr.s_addr; - addr->len = 4; /* IPv4 */ - *has_addr = 1; - - /* port: query_port or response_port */ - *port = ntohs(s->sin_port); - *has_port = 1; - } - - log_assert(cptype == comm_udp || cptype == comm_tcp); - if (cptype == comm_udp) { - /* socket_protocol */ - dm->m.socket_protocol = DNSTAP__SOCKET_PROTOCOL__UDP; - dm->m.has_socket_protocol = 1; - } else if (cptype == comm_tcp) { - /* socket_protocol */ - dm->m.socket_protocol = DNSTAP__SOCKET_PROTOCOL__TCP; - dm->m.has_socket_protocol = 1; - } -} - -void -dt_msg_send_client_query(struct dt_env *env, - struct sockaddr_storage *qsock, - enum comm_point_type cptype, - sldns_buffer *qmsg) -{ - struct dt_msg dm; - struct timeval qtime; - - gettimeofday(&qtime, NULL); - - /* type */ - dt_msg_init(env, &dm, DNSTAP__MESSAGE__TYPE__CLIENT_QUERY); - - /* query_time */ - dt_fill_timeval(&qtime, - &dm.m.query_time_sec, &dm.m.has_query_time_sec, - &dm.m.query_time_nsec, &dm.m.has_query_time_nsec); - - /* query_message */ - dt_fill_buffer(qmsg, &dm.m.query_message, &dm.m.has_query_message); - - /* socket_family, socket_protocol, query_address, query_port */ - log_assert(cptype == comm_udp || cptype == comm_tcp); - dt_msg_fill_net(&dm, qsock, cptype, - &dm.m.query_address, &dm.m.has_query_address, - &dm.m.query_port, &dm.m.has_query_port); - - if (dt_pack(&dm.d, &dm.buf, &dm.len_buf)) - dt_send(env, dm.buf, dm.len_buf); -} - -void -dt_msg_send_client_response(struct dt_env *env, - struct sockaddr_storage *qsock, - enum comm_point_type cptype, - sldns_buffer *rmsg) -{ - struct dt_msg dm; - struct timeval rtime; - - gettimeofday(&rtime, NULL); - - /* type */ - dt_msg_init(env, &dm, DNSTAP__MESSAGE__TYPE__CLIENT_RESPONSE); - - /* response_time */ - dt_fill_timeval(&rtime, - &dm.m.response_time_sec, &dm.m.has_response_time_sec, - &dm.m.response_time_nsec, &dm.m.has_response_time_nsec); - - /* response_message */ - dt_fill_buffer(rmsg, &dm.m.response_message, &dm.m.has_response_message); - - /* socket_family, socket_protocol, query_address, query_port */ - log_assert(cptype == comm_udp || cptype == comm_tcp); - dt_msg_fill_net(&dm, qsock, cptype, - &dm.m.query_address, &dm.m.has_query_address, - &dm.m.query_port, &dm.m.has_query_port); - - if (dt_pack(&dm.d, &dm.buf, &dm.len_buf)) - dt_send(env, dm.buf, dm.len_buf); -} - -void -dt_msg_send_outside_query(struct dt_env *env, - struct sockaddr_storage *rsock, - enum comm_point_type cptype, - uint8_t *zone, size_t zone_len, - sldns_buffer *qmsg) -{ - struct dt_msg dm; - struct timeval qtime; - uint16_t qflags; - - gettimeofday(&qtime, NULL); - qflags = sldns_buffer_read_u16_at(qmsg, 2); - - /* type */ - if (qflags & BIT_RD) { - if (!env->log_forwarder_query_messages) - return; - dt_msg_init(env, &dm, DNSTAP__MESSAGE__TYPE__FORWARDER_QUERY); - } else { - if (!env->log_resolver_query_messages) - return; - dt_msg_init(env, &dm, DNSTAP__MESSAGE__TYPE__RESOLVER_QUERY); - } - - /* query_zone */ - dm.m.query_zone.data = zone; - dm.m.query_zone.len = zone_len; - dm.m.has_query_zone = 1; - - /* query_time_sec, query_time_nsec */ - dt_fill_timeval(&qtime, - &dm.m.query_time_sec, &dm.m.has_query_time_sec, - &dm.m.query_time_nsec, &dm.m.has_query_time_nsec); - - /* query_message */ - dt_fill_buffer(qmsg, &dm.m.query_message, &dm.m.has_query_message); - - /* socket_family, socket_protocol, response_address, response_port */ - log_assert(cptype == comm_udp || cptype == comm_tcp); - dt_msg_fill_net(&dm, rsock, cptype, - &dm.m.response_address, &dm.m.has_response_address, - &dm.m.response_port, &dm.m.has_response_port); - - if (dt_pack(&dm.d, &dm.buf, &dm.len_buf)) - dt_send(env, dm.buf, dm.len_buf); -} - -void -dt_msg_send_outside_response(struct dt_env *env, - struct sockaddr_storage *rsock, - enum comm_point_type cptype, - uint8_t *zone, size_t zone_len, - uint8_t *qbuf, size_t qbuf_len, - const struct timeval *qtime, - const struct timeval *rtime, - sldns_buffer *rmsg) -{ - struct dt_msg dm; - uint16_t qflags; - - log_assert(qbuf_len >= sizeof(qflags)); - memcpy(&qflags, qbuf, sizeof(qflags)); - qflags = ntohs(qflags); - - /* type */ - if (qflags & BIT_RD) { - if (!env->log_forwarder_response_messages) - return; - dt_msg_init(env, &dm, DNSTAP__MESSAGE__TYPE__FORWARDER_RESPONSE); - } else { - if (!env->log_resolver_response_messages) - return; - dt_msg_init(env, &dm, DNSTAP__MESSAGE__TYPE__RESOLVER_RESPONSE); - } - - /* query_zone */ - dm.m.query_zone.data = zone; - dm.m.query_zone.len = zone_len; - dm.m.has_query_zone = 1; - - /* query_time_sec, query_time_nsec */ - dt_fill_timeval(qtime, - &dm.m.query_time_sec, &dm.m.has_query_time_sec, - &dm.m.query_time_nsec, &dm.m.has_query_time_nsec); - - /* response_time_sec, response_time_nsec */ - dt_fill_timeval(rtime, - &dm.m.response_time_sec, &dm.m.has_response_time_sec, - &dm.m.response_time_nsec, &dm.m.has_response_time_nsec); - - /* response_message */ - dt_fill_buffer(rmsg, &dm.m.response_message, &dm.m.has_response_message); - - /* socket_family, socket_protocol, response_address, response_port */ - log_assert(cptype == comm_udp || cptype == comm_tcp); - dt_msg_fill_net(&dm, rsock, cptype, - &dm.m.response_address, &dm.m.has_response_address, - &dm.m.response_port, &dm.m.has_response_port); - - if (dt_pack(&dm.d, &dm.buf, &dm.len_buf)) - dt_send(env, dm.buf, dm.len_buf); -} - -#endif /* USE_DNSTAP */ diff --git a/external/unbound/dnstap/dnstap.h b/external/unbound/dnstap/dnstap.h deleted file mode 100644 index 0103c1c0e..000000000 --- a/external/unbound/dnstap/dnstap.h +++ /dev/null @@ -1,188 +0,0 @@ -/* dnstap support for Unbound */ - -/* - * Copyright (c) 2013-2014, Farsight Security, Inc. - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * 3. Neither the name of the copyright holder nor the names of its - * contributors may be used to endorse or promote products derived from - * this software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED - * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR - * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, - * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, - * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; - * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, - * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR - * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF - * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -#ifndef UNBOUND_DNSTAP_H -#define UNBOUND_DNSTAP_H - -#include "dnstap/dnstap_config.h" - -#ifdef USE_DNSTAP - -struct config_file; -struct fstrm_io; -struct fstrm_queue; -struct sldns_buffer; - -struct dt_env { - /** dnstap I/O thread */ - struct fstrm_iothr *iothr; - - /** dnstap I/O thread input queue */ - struct fstrm_iothr_queue *ioq; - - /** dnstap "identity" field, NULL if disabled */ - char *identity; - - /** dnstap "version" field, NULL if disabled */ - char *version; - - /** length of "identity" field */ - unsigned len_identity; - - /** length of "version" field */ - unsigned len_version; - - /** whether to log Message/RESOLVER_QUERY */ - unsigned log_resolver_query_messages : 1; - /** whether to log Message/RESOLVER_RESPONSE */ - unsigned log_resolver_response_messages : 1; - /** whether to log Message/CLIENT_QUERY */ - unsigned log_client_query_messages : 1; - /** whether to log Message/CLIENT_RESPONSE */ - unsigned log_client_response_messages : 1; - /** whether to log Message/FORWARDER_QUERY */ - unsigned log_forwarder_query_messages : 1; - /** whether to log Message/FORWARDER_RESPONSE */ - unsigned log_forwarder_response_messages : 1; -}; - -/** - * Create dnstap environment object. Afterwards, call dt_apply_cfg() to fill in - * the config variables and dt_init() to fill in the per-worker state. Each - * worker needs a copy of this object but with its own I/O queue (the fq field - * of the structure) to ensure lock-free access to its own per-worker circular - * queue. Duplicate the environment object if more than one worker needs to - * share access to the dnstap I/O socket. - * @param socket_path: path to dnstap logging socket, must be non-NULL. - * @param num_workers: number of worker threads, must be > 0. - * @return dt_env object, NULL on failure. - */ -struct dt_env * -dt_create(const char *socket_path, unsigned num_workers); - -/** - * Apply config settings. - * @param env: dnstap environment object. - * @param cfg: new config settings. - */ -void -dt_apply_cfg(struct dt_env *env, struct config_file *cfg); - -/** - * Initialize per-worker state in dnstap environment object. - * @param env: dnstap environment object to initialize, created with dt_create(). - * @return: true on success, false on failure. - */ -int -dt_init(struct dt_env *env); - -/** - * Delete dnstap environment object. Closes dnstap I/O socket and deletes all - * per-worker I/O queues. - */ -void -dt_delete(struct dt_env *env); - -/** - * Create and send a new dnstap "Message" event of type CLIENT_QUERY. - * @param env: dnstap environment object. - * @param qsock: address/port of client. - * @param cptype: comm_udp or comm_tcp. - * @param qmsg: query message. - */ -void -dt_msg_send_client_query(struct dt_env *env, - struct sockaddr_storage *qsock, - enum comm_point_type cptype, - struct sldns_buffer *qmsg); - -/** - * Create and send a new dnstap "Message" event of type CLIENT_RESPONSE. - * @param env: dnstap environment object. - * @param qsock: address/port of client. - * @param cptype: comm_udp or comm_tcp. - * @param rmsg: response message. - */ -void -dt_msg_send_client_response(struct dt_env *env, - struct sockaddr_storage *qsock, - enum comm_point_type cptype, - struct sldns_buffer *rmsg); - -/** - * Create and send a new dnstap "Message" event of type RESOLVER_QUERY or - * FORWARDER_QUERY. The type used is dependent on the value of the RD bit - * in the query header. - * @param env: dnstap environment object. - * @param rsock: address/port of server the query is being sent to. - * @param cptype: comm_udp or comm_tcp. - * @param zone: query zone. - * @param zone_len: length of zone. - * @param qmsg: query message. - */ -void -dt_msg_send_outside_query(struct dt_env *env, - struct sockaddr_storage *rsock, - enum comm_point_type cptype, - uint8_t *zone, size_t zone_len, - struct sldns_buffer *qmsg); - -/** - * Create and send a new dnstap "Message" event of type RESOLVER_RESPONSE or - * FORWARDER_RESPONSE. The type used is dependent on the value of the RD bit - * in the query header. - * @param env: dnstap environment object. - * @param rsock: address/port of server the response was received from. - * @param cptype: comm_udp or comm_tcp. - * @param zone: query zone. - * @param zone_len: length of zone. - * @param qbuf: outside_network's qbuf key. - * @param qbuf_len: length of outside_network's qbuf key. - * @param qtime: time query message was sent. - * @param rtime: time response message was sent. - * @param rmsg: response message. - */ -void -dt_msg_send_outside_response(struct dt_env *env, - struct sockaddr_storage *rsock, - enum comm_point_type cptype, - uint8_t *zone, size_t zone_len, - uint8_t *qbuf, size_t qbuf_len, - const struct timeval *qtime, - const struct timeval *rtime, - struct sldns_buffer *rmsg); - -#endif /* USE_DNSTAP */ - -#endif /* UNBOUND_DNSTAP_H */ diff --git a/external/unbound/dnstap/dnstap.m4 b/external/unbound/dnstap/dnstap.m4 deleted file mode 100644 index 5b78b3e26..000000000 --- a/external/unbound/dnstap/dnstap.m4 +++ /dev/null @@ -1,56 +0,0 @@ -# dnstap.m4 - -# dt_DNSTAP(default_dnstap_socket_path, [action-if-true], [action-if-false]) -# -------------------------------------------------------------------------- -# Check for required dnstap libraries and add dnstap configure args. -AC_DEFUN([dt_DNSTAP], -[ - AC_ARG_ENABLE([dnstap], - AS_HELP_STRING([--enable-dnstap], - [Enable dnstap support (requires fstrm, protobuf-c)]), - [opt_dnstap=$enableval], [opt_dnstap=no]) - - AC_ARG_WITH([dnstap-socket-path], - AS_HELP_STRING([--with-dnstap-socket-path=pathname], - [set default dnstap socket path]), - [opt_dnstap_socket_path=$withval], [opt_dnstap_socket_path="$1"]) - - if test "x$opt_dnstap" != "xno"; then - AC_PATH_PROG([PROTOC_C], [protoc-c]) - if test -z "$PROTOC_C"; then - AC_MSG_ERROR([The protoc-c program was not found. Please install protobuf-c!]) - fi - AC_ARG_WITH([protobuf-c], AC_HELP_STRING([--with-protobuf-c=path], - [Path where protobuf-c is installed, for dnstap]), [ - # workaround for protobuf-c includes at old dir before protobuf-c-1.0.0 - if test -f $withval/include/google/protobuf-c/protobuf-c.h; then - CFLAGS="$CFLAGS -I$withval/include/google" - else - CFLAGS="$CFLAGS -I$withval/include" - fi - LDFLAGS="$LDFLAGS -L$withval/lib" - ], [ - # workaround for protobuf-c includes at old dir before protobuf-c-1.0.0 - if test -f /usr/include/google/protobuf-c/protobuf-c.h; then - CFLAGS="$CFLAGS -I/usr/include/google" - else - if test -f /usr/local/include/google/protobuf-c/protobuf-c.h; then - CFLAGS="$CFLAGS -I/usr/local/include/google" - LDFLAGS="$LDFLAGS -L/usr/local/lib" - fi - fi - ]) - AC_ARG_WITH([libfstrm], AC_HELP_STRING([--with-libfstrm=path], - [Path where libfstrm is installed, for dnstap]), [ - CFLAGS="$CFLAGS -I$withval/include" - LDFLAGS="$LDFLAGS -L$withval/lib" - ]) - AC_SEARCH_LIBS([fstrm_iothr_init], [fstrm], [], - AC_MSG_ERROR([The fstrm library was not found. Please install fstrm!])) - AC_SEARCH_LIBS([protobuf_c_message_pack], [protobuf-c], [], - AC_MSG_ERROR([The protobuf-c library was not found. Please install protobuf-c!])) - $2 - else - $3 - fi -]) diff --git a/external/unbound/dnstap/dnstap.proto b/external/unbound/dnstap/dnstap.proto deleted file mode 100644 index 32871f409..000000000 --- a/external/unbound/dnstap/dnstap.proto +++ /dev/null @@ -1,262 +0,0 @@ -// dnstap: flexible, structured event replication format for DNS software -// -// This file contains the protobuf schemas for the "dnstap" structured event -// replication format for DNS software. - -// Written in 2013-2014 by Farsight Security, Inc. -// -// To the extent possible under law, the author(s) have dedicated all -// copyright and related and neighboring rights to this file to the public -// domain worldwide. This file is distributed without any warranty. -// -// You should have received a copy of the CC0 Public Domain Dedication along -// with this file. If not, see: -// -// . - -package dnstap; - -// "Dnstap": this is the top-level dnstap type, which is a "union" type that -// contains other kinds of dnstap payloads, although currently only one type -// of dnstap payload is defined. -// See: https://developers.google.com/protocol-buffers/docs/techniques#union -message Dnstap { - // DNS server identity. - // If enabled, this is the identity string of the DNS server which generated - // this message. Typically this would be the same string as returned by an - // "NSID" (RFC 5001) query. - optional bytes identity = 1; - - // DNS server version. - // If enabled, this is the version string of the DNS server which generated - // this message. Typically this would be the same string as returned by a - // "version.bind" query. - optional bytes version = 2; - - // Extra data for this payload. - // This field can be used for adding an arbitrary byte-string annotation to - // the payload. No encoding or interpretation is applied or enforced. - optional bytes extra = 3; - - // Identifies which field below is filled in. - enum Type { - MESSAGE = 1; - } - required Type type = 15; - - // One of the following will be filled in. - optional Message message = 14; -} - -// SocketFamily: the network protocol family of a socket. This specifies how -// to interpret "network address" fields. -enum SocketFamily { - INET = 1; // IPv4 (RFC 791) - INET6 = 2; // IPv6 (RFC 2460) -} - -// SocketProtocol: the transport protocol of a socket. This specifies how to -// interpret "transport port" fields. -enum SocketProtocol { - UDP = 1; // User Datagram Protocol (RFC 768) - TCP = 2; // Transmission Control Protocol (RFC 793) -} - -// Message: a wire-format (RFC 1035 section 4) DNS message and associated -// metadata. Applications generating "Message" payloads should follow -// certain requirements based on the MessageType, see below. -message Message { - - // There are eight types of "Message" defined that correspond to the - // four arrows in the following diagram, slightly modified from RFC 1035 - // section 2: - - // +---------+ +----------+ +--------+ - // | | query | | query | | - // | Stub |-SQ--------CQ->| Recursive|-RQ----AQ->| Auth. | - // | Resolver| | Server | | Name | - // | |<-SR--------CR-| |<-RR----AR-| Server | - // +---------+ response | | response | | - // +----------+ +--------+ - - // Each arrow has two Type values each, one for each "end" of each arrow, - // because these are considered to be distinct events. Each end of each - // arrow on the diagram above has been marked with a two-letter Type - // mnemonic. Clockwise from upper left, these mnemonic values are: - // - // SQ: STUB_QUERY - // CQ: CLIENT_QUERY - // RQ: RESOLVER_QUERY - // AQ: AUTH_QUERY - // AR: AUTH_RESPONSE - // RR: RESOLVER_RESPONSE - // CR: CLIENT_RESPONSE - // SR: STUB_RESPONSE - - // Two additional types of "Message" have been defined for the - // "forwarding" case where an upstream DNS server is responsible for - // further recursion. These are not shown on the diagram above, but have - // the following mnemonic values: - - // FQ: FORWARDER_QUERY - // FR: FORWARDER_RESPONSE - - // The "Message" Type values are defined below. - - enum Type { - // AUTH_QUERY is a DNS query message received from a resolver by an - // authoritative name server, from the perspective of the authoritative - // name server. - AUTH_QUERY = 1; - - // AUTH_RESPONSE is a DNS response message sent from an authoritative - // name server to a resolver, from the perspective of the authoritative - // name server. - AUTH_RESPONSE = 2; - - // RESOLVER_QUERY is a DNS query message sent from a resolver to an - // authoritative name server, from the perspective of the resolver. - // Resolvers typically clear the RD (recursion desired) bit when - // sending queries. - RESOLVER_QUERY = 3; - - // RESOLVER_RESPONSE is a DNS response message received from an - // authoritative name server by a resolver, from the perspective of - // the resolver. - RESOLVER_RESPONSE = 4; - - // CLIENT_QUERY is a DNS query message sent from a client to a DNS - // server which is expected to perform further recursion, from the - // perspective of the DNS server. The client may be a stub resolver or - // forwarder or some other type of software which typically sets the RD - // (recursion desired) bit when querying the DNS server. The DNS server - // may be a simple forwarding proxy or it may be a full recursive - // resolver. - CLIENT_QUERY = 5; - - // CLIENT_RESPONSE is a DNS response message sent from a DNS server to - // a client, from the perspective of the DNS server. The DNS server - // typically sets the RA (recursion available) bit when responding. - CLIENT_RESPONSE = 6; - - // FORWARDER_QUERY is a DNS query message sent from a downstream DNS - // server to an upstream DNS server which is expected to perform - // further recursion, from the perspective of the downstream DNS - // server. - FORWARDER_QUERY = 7; - - // FORWARDER_RESPONSE is a DNS response message sent from an upstream - // DNS server performing recursion to a downstream DNS server, from the - // perspective of the downstream DNS server. - FORWARDER_RESPONSE = 8; - - // STUB_QUERY is a DNS query message sent from a stub resolver to a DNS - // server, from the perspective of the stub resolver. - STUB_QUERY = 9; - - // STUB_RESPONSE is a DNS response message sent from a DNS server to a - // stub resolver, from the perspective of the stub resolver. - STUB_RESPONSE = 10; - } - - // One of the Type values described above. - required Type type = 1; - - // One of the SocketFamily values described above. - optional SocketFamily socket_family = 2; - - // One of the SocketProtocol values described above. - optional SocketProtocol socket_protocol = 3; - - // The network address of the message initiator. - // For SocketFamily INET, this field is 4 octets (IPv4 address). - // For SocketFamily INET6, this field is 16 octets (IPv6 address). - optional bytes query_address = 4; - - // The network address of the message responder. - // For SocketFamily INET, this field is 4 octets (IPv4 address). - // For SocketFamily INET6, this field is 16 octets (IPv6 address). - optional bytes response_address = 5; - - // The transport port of the message initiator. - // This is a 16-bit UDP or TCP port number, depending on SocketProtocol. - optional uint32 query_port = 6; - - // The transport port of the message responder. - // This is a 16-bit UDP or TCP port number, depending on SocketProtocol. - optional uint32 response_port = 7; - - // The time at which the DNS query message was sent or received, depending - // on whether this is an AUTH_QUERY, RESOLVER_QUERY, or CLIENT_QUERY. - // This is the number of seconds since the UNIX epoch. - optional uint64 query_time_sec = 8; - - // The time at which the DNS query message was sent or received. - // This is the seconds fraction, expressed as a count of nanoseconds. - optional fixed32 query_time_nsec = 9; - - // The initiator's original wire-format DNS query message, verbatim. - optional bytes query_message = 10; - - // The "zone" or "bailiwick" pertaining to the DNS query message. - // This is a wire-format DNS domain name. - optional bytes query_zone = 11; - - // The time at which the DNS response message was sent or received, - // depending on whether this is an AUTH_RESPONSE, RESOLVER_RESPONSE, or - // CLIENT_RESPONSE. - // This is the number of seconds since the UNIX epoch. - optional uint64 response_time_sec = 12; - - // The time at which the DNS response message was sent or received. - // This is the seconds fraction, expressed as a count of nanoseconds. - optional fixed32 response_time_nsec = 13; - - // The responder's original wire-format DNS response message, verbatim. - optional bytes response_message = 14; -} - -// All fields except for 'type' in the Message schema are optional. -// It is recommended that at least the following fields be filled in for -// particular types of Messages. - -// AUTH_QUERY: -// socket_family, socket_protocol -// query_address, query_port -// query_message -// query_time_sec, query_time_nsec - -// AUTH_RESPONSE: -// socket_family, socket_protocol -// query_address, query_port -// query_time_sec, query_time_nsec -// response_message -// response_time_sec, response_time_nsec - -// RESOLVER_QUERY: -// socket_family, socket_protocol -// query_name, query_type, query_class -// query_message -// query_time_sec, query_time_nsec -// query_zone -// response_address, response_port - -// RESOLVER_RESPONSE: -// socket_family, socket_protocol -// query_name, query_type, query_class -// query_time_sec, query_time_nsec -// query_zone -// response_address, response_port -// response_message -// response_time_sec, response_time_nsec - -// CLIENT_QUERY: -// socket_family, socket_protocol -// query_message -// query_time_sec, query_time_nsec - -// CLIENT_RESPONSE: -// socket_family, socket_protocol -// query_time_sec, query_time_nsec -// response_message -// response_time_sec, response_time_nsec diff --git a/external/unbound/dnstap/dnstap_config.h.in b/external/unbound/dnstap/dnstap_config.h.in deleted file mode 100644 index c9f74893a..000000000 --- a/external/unbound/dnstap/dnstap_config.h.in +++ /dev/null @@ -1,17 +0,0 @@ -#ifndef UNBOUND_DNSTAP_CONFIG_H -#define UNBOUND_DNSTAP_CONFIG_H - -/* - * Process this file (dnstap_config.h.in) with AC_CONFIG_FILES to generate - * dnstap_config.h. - * - * This file exists so that USE_DNSTAP can be used without including config.h. - */ - -#if @ENABLE_DNSTAP@ /* ENABLE_DNSTAP */ -# ifndef USE_DNSTAP -# define USE_DNSTAP 1 -# endif -#endif - -#endif /* UNBOUND_DNSTAP_CONFIG_H */ diff --git a/external/unbound/doc/CREDITS b/external/unbound/doc/CREDITS deleted file mode 100644 index 805327ad6..000000000 --- a/external/unbound/doc/CREDITS +++ /dev/null @@ -1,23 +0,0 @@ -Unbound was developed at NLnet Labs by Wouter Wijngaards. - -Unbound was architected in January of 2004 by Jakob Schlyter of Kirei -and Roy Arends of Nominet. VeriSign and EP.Net funded development of -the prototype, which was built by David Blacka and Matt Larson of VeriSign. -Late in 2006, NLnet Labs joined the effort, writing an implementation in C -based on the existing prototype and using experience NLnet Labs gained -during the development of NSD, an authoritative DNS server. - -At NLnet Labs, Jelte Jansen, Mark Santcroos and Matthijs Mekking -reviewed the unbound C sources. - -Jakob Schlyter - for advice on secure settings, random numbers and blacklists. -Ondřej Surý - running coverity analysis tool on 0.9 dev version. -Alexander Gall - multihomed, anycast testing of unbound resolver server. -Zdenek Vasicek and Marek Vavrusa - python module. -cz.nic - sponsoring 'summer of code' development by Zdenek and Marek. -Brett Carr - windows beta testing. -Luca Bruno - patch for windows support in libunbound hosts and resolvconf(). -Tom Hendrikx - contributed split-itar.sh a useful script to 5011-track ITAR. -Daisuke HIGASHI - patch for rrset-roundrobin and minimal-responses. -Simon Perrault - DNS64 module. -Robert Edmonds - dnstap code. diff --git a/external/unbound/doc/Changelog b/external/unbound/doc/Changelog deleted file mode 100644 index 8f8d6daea..000000000 --- a/external/unbound/doc/Changelog +++ /dev/null @@ -1,7114 +0,0 @@ -13 June 2017: Wouter - - Fix #1280: Unbound fails assert when response from authoritative - contains malformed qname. When 0x20 caps-for-id is enabled, when - assertions are not enabled the malformed qname is handled correctly. - - tag for 1.6.3 - -13 April 2017: Wouter - - Fix #1250: inconsistent indentation in services/listen_dnsport.c. - - tag for 1.6.2rc1 - -12 April 2017: Wouter - - subnet mem value is available in shm, also when not enabled, - to make the struct easier to memmap by other applications, - independent of the configuration of unbound. - -12 April 2017: Ralph - - Fix #1247: unbound does not shorten source prefix length when - forwarding ECS. - - Properly check for allocation failure in local_data_find_tag_datas. - - Fix #1249: unbound doesn't return FORMERR to bogus ECS. - - Set SHM ECS memory usage to 0 when module not loaded. - -11 April 2017: Ralph - - Display ECS module memory usage. - -10 April 2017: Wouter - - harden-algo-downgrade: no also makes unbound more lenient about - digest algorithms in DS records. - -10 April 2017: Ralph - - Remove ECS option after REFUSED answer. - - Fix small memory leak in edns_opt_copy_alloc. - - Respip dereference after NULL check. - - Zero initialize addrtree allocation. - - Use correct identifier for SHM destroy. - -7 April 2017: George - - Fix pythonmod for cb changes. - - Some whitespace fixup. - -7 April 2017: Ralph - - Unlock view in respip unit test - -6 April 2017: Ralph - - Generalise inplace callback (de)registration - - (de)register inplace callbacks for module id - - No unbound-control set_option for ECS options - - Deprecated client-subnet-opcode config option - - Introduced client-subnet-always-forward config option - - Changed max-client-subnet-ipv6 default to 56 (as in RFC) - - Removed extern ECS config options - - module_restart_next now calls clear on all following modules - - Also create ECS module qstate on module_event_pass event - - remove malloc from inplace_cb_register - -6 April 2017: Wouter - - Small fixup for documentation. - - iana portlist update - - Fix respip for braces when locks arent used. - - Fix pythonmod for cb changes. - -4 April 2017: Wouter - - Fix #1244: document that use of chroot requires trust anchor file to - be under chroot. - - iana portlist update - -3 April 2017: Ralph - - Do not add current time twice to TTL before ECS cache store. - - Do not touch rrset cache after ECS cache message generation. - - Use LDNS_EDNS_CLIENT_SUBNET as default ECS opcode. - -3 April 2017: Wouter - - Fix #1217: Add metrics to unbound-control interface showing - crypted, cert request, plaintext and malformed queries (from - Manu Bretelle). - - iana portlist update - -27 March 2017: Wouter - - Remove (now unused) event2 include from dnscrypt code. - -24 March 2017: George - - Fix to prevent non-referal query from being cached as referal when the - no_cache_store flag was set. - -23 March 2017: Wouter - - Fix #1239: configure fails to find python distutils if python - prints warning. - -22 March 2017: Wouter - - Fix #1238: segmentation fault when adding through the remote - interface a per-view local zone to a view with no previous - (configured) local zones. - - Fix #1229: Systemd service sandboxing, options in wrong sections. - -21 March 2017: Ralph - - Merge EDNS Client subnet implementation from feature branch into main - branch, using new EDNS processing framework. - -21 March 2017: Wouter - - Fix doxygen for dnscrypt files. - -20 March 2017: Wouter - - #1217. DNSCrypt support, with --enable-dnscrypt, libsodium and then - enabled in the config file from Manu Bretelle. - - make depend, autoconf, remove warnings about statement before var. - - lru_demote and lruhash_insert_or_retrieve functions for getdns. - - fixup for lruhash (whitespace and header file comment). - - dnscrypt tests. - -17 March 2017: Wouter - - Patch for view functionality for local-data-ptr from Björn Ketelaars. - - Fix #1237 - Wrong resolving in chain, for norec queries that get - SERVFAIL returned. - -16 March 2017: Wouter - - Fix that SHM is not inited if not enabled. - - Add trustanchor.unbound CH TXT that gets a response with a number - of TXT RRs with a string like "example.com. 2345 1234" with - the trust anchors and their keytags. - - Fix that looped DNAMEs do not cause unbound to spend effort. - - trustanchor tags are sorted. reusable routine to fetch taglist. - -13 March 2017: Wouter - - testbound understands Deckard MATCH rcode question answer commands. - - Fix #1235: Fix too long DNAME expansion produces SERVFAIL instead - of YXDOMAIN + query loop, reported by Petr Spacek. - -10 March 2017: Wouter - - Fix #1234: shortening DNAME loop produces duplicate DNAME records - in ANSWER section. - -9 March 2017: Wouter - - --disable-sha1 disables SHA1 support in RRSIG, so from DNSKEY and - DS records. NSEC3 is not disabled. - - fake-sha1 test option; print warning if used. To make unit tests. - - unbound-control list local zone and data commands listed in the - help output. - -8 March 2017: Wouter - - make depend for build dependencies. - - swig version 2.0.1 required. - - fix enum conversion warnings - -7 March 2017: Wouter - - Fix #1230: swig version 2.0.0 is required for pythonmod, with - 1.3.40 it crashes when running repeatly unbound-control reload. - - Response actions based on IP address from Jinmei Tatuya (Infoblox). - -6 March 2017: Wouter - - Fix #1229: Systemd service sandboxing in contrib/unbound.service. - - iana portlist update - -28 February 2017: Ralph - - Fix testpkts.c, check if DO bit is set, not only if there is an OPT - record. - -28 February 2017: Wouter - - For #1227: if we have sha256, set the cipher list to have no - known vulns. - -27 February 2017: Wouter - - Fix #1227: Fix that Unbound control allows weak ciphersuits. - - Fix #1226: provide official 32bit binary for windows. - -24 February 2017: Wouter - - include sys/time.h for new shm code on NetBSD. - -23 February 2017: Wouter - - Fix doc/CNAME-basedRedirectionDesignNotes.pdf zone static to - redirect. - - Patch from Luiz Fernando Softov for Stats Shared Memory. - - unbound-control stats_shm command prints stats using shared memory, - which uses less cpu. - - make depend, autoconf, doxygen and lint fixed up. - -22 February 2017: Wouter - - Fix #1224: Fix that defaults should not fall back to "Program Files - (x86) if Unbound is 64bit by default on windows. - -21 February 2017: Wouter - - iana portlist update - -16 February 2017: Wouter - - sldns updated for vfixed and buffer resize indication from getdns. - -15 February 2017: Wouter - - sldns has ED25519 and ED448 algorithm number and name for display. - -14 February 2017: Wouter - - tag 1.6.1rc3. -- which became 1.6.1 on 21feb, trunk has 1.6.2 - -13 February 2017: Wouter - - Fix autoconf of systemd check for lack of pkg-config. - -10 February 2017: Wouter - - Fix pythonmod for typedef changes. - - Fix dnstap for warning of set but not used. - - tag 1.6.1rc2. - -9 February 2017: Wouter - - tag 1.6.1rc1. - -8 February 2017: Wouter - - Fix for type name change and fix warning on windows compile. - -7 February 2017: Wouter - - Include root trust anchor id 20326 in unbound-anchor. - -6 February 2017: Wouter - - Fix compile on solaris of the fix to use $host detect. - -4 February 2017: Wouter - - fix root_anchor test for updated icannbundle.pem lower certificates. - -26 January 2017: Wouter - - Fix 1211: Fix can't enable interface-automatic if no IPv6 with - more helpful error message. - -20 January 2017: Wouter - - Increase MAX_MODULE to 16. - -19 January 2017: Wouter - - Fix to Rename ub_callback_t to ub_callback_type, because POSIX - reserves _t typedefs. - - Fix to rename internally used types from _t to _type, because _t - type names are reserved by POSIX. - - iana portlist update - -12 January 2017: Wouter - - Fix to also block meta types 128 through to 248 with formerr. - - Fix #1206: Some view-related commands are missing from 'unbound-control -h' - -9 January 2017: Wouter - - Fix #1202: Fix code comment that packed_rrset_data is not always - 'packed'. - -6 January 2017: Wouter - - Fix #1201: Fix missing unlock in answer_from_cache error condition. - -5 January 2017: Wouter - - Fix to return formerr for queries for meta-types, to avoid - packet amplification if this meta-type is sent on to upstream. - - Fix #1184: Log DNS replies. This includes the same logging - information that DNS queries and response code and response size, - patch from Larissa Feng. - - Fix #1185: Source IP rate limiting, patch from Larissa Feng. - -3 January 2017: Wouter - - configure --enable-systemd and lets unbound use systemd sockets if - you enable use-systemd: yes in unbound.conf. - Also there are contrib/unbound.socket and contrib/unbound.service: - systemd files for unbound, install them in /usr/lib/systemd/system. - Contributed by Sami Kerola and Pavel Odintsov. - - Fix reload chdir failure when also chrooted to that directory. - -2 January 2017: Wouter - - Fix #1194: Cross build fails when $host isn't `uname` for getentropy. - -23 December 2016: Ralph - - Fix #1190: Do not echo back EDNS options in local-zone error response. - - iana portlist update - -21 December 2016: Ralph - - Fix #1188: Unresolved symbol 'fake_dsa' in libunbound.so when built - with Nettle - -19 December 2016: Ralph - - Fix #1191: remove comment about view deletion. - -15 December 2016: Wouter - - iana portlist update - - 64bit is default for windows builds. - - Fix inet_ntop and inet_pton warnings in windows compile. - -14 December 2016: Wouter - - Fix #1178: attempt to fix setup error at end, pop result values - at end of install. - -13 December 2016: Wouter - - Fix #1182: Fix Resource leak (socket), at startup. - - Fix unbound-control and ipv6 only. - -9 December 2016: Wouter - - Fix #1176: stack size too small for Alpine Linux. - -8 December 2016: Wouter - - Fix downcast warnings from visual studio in sldns code. - - tag 1.6.0rc1 which became 1.6.0 on 15 dec, and trunk is 1.6.1. - -7 December 2016: Ralph - - Add DSA support for OpenSSL 1.1.0 - - Fix remote control without cert for LibreSSL - -6 December 2016: George - - Added generic EDNS code for registering known EDNS option codes, - bypassing the cache response stage and uniquifying mesh states. Four EDNS - option lists were added to module_qstate (module_qstate.edns_opts_*) to - store EDNS options from/to front/back side. - - Added two flags to module_qstate (no_cache_lookup, no_cache_store) that - control the modules' cache interactions. - - Added code for registering inplace callback functions. The registered - functions can be called just before replying with local data or Chaos, - replying from cache, replying with SERVFAIL, replying with a resolved - query, sending a query to a nameserver. The functions can inspect the - available data and maybe change response/query related data (i.e. append - EDNS options). - - Updated Python module for the above. - - Updated Python documentation. - -5 December 2016: Ralph - - Fix #1173: differ local-zone type deny from unset - tag_actions element. - -5 December 2016: Wouter - - Fix #1170: document that 'inform' local-zone uses local-data. - -1 December 2016: Ralph - - hyphen as minus fix, by Andreas Schulze - -30 November 2016: Ralph - - Added local-zones and local-data bulk addition and removal - functionality in unbound-control (local_zones, local_zones_remove, - local_datas and local_datas_remove). - - iana portlist update - -29 November 2016: Wouter - - version 1.6.0 is in the development branch. - - braces in view.c around lock statements. - -28 November 2016: Wouter - - new install-sh. - -25 November 2016: Wouter - - Fix that with openssl 1.1 control-use-cert: no uses less cpu, by - using no encryption over the unix socket. - -22 Novenber 2016: Ralph - - Make access-control-tag-data RDATA absolute. This makes the RDATA - origin consistent between local-data and access-control-tag-data. - - Fix NSEC ENT wildcard check. Matching wildcard does not have to be a - subdomain of the NSEC owner. - - QNAME minimisation uses QTYPE=A, therefore always check cache for - this type in harden-below-nxdomain functionality. - - Added unit test for QNAME minimisation + harden below nxdomain - synergy. - -22 November 2016: Wouter - - iana portlist update. - - Fix unit tests for DS hash processing for fake-dsa test option. - - patch from Dag-Erling Smorgrav that removes code that relies - on sbrk(). - -21 November 2016: Wouter - - Fix #1158: reference RFC 8020 "NXDOMAIN: There Really Is Nothing - Underneath" for the harden-below-nxdomain option. - -10 November 2016: Ralph - - Fix #1155: test status code of unbound-control in 04-checkconf, - not the status code from the tee command. - -4 November 2016: Ralph - - Added stub-ssl-upstream and forward-ssl-upstream options. - -4 November 2016: Wouter - - configure detects ssl security level API function in the autoconf - manner. Every function on its own, so that other libraries (eg. - LibreSSL) can develop their API without hindrance. - - Fix #1154: segfault when reading config with duplicate zones. - - Note that for harden-below-nxdomain the nxdomain must be secure, - this means nsec3 with optout is insufficient. - -3 November 2016: Ralph - - Set OpenSSL security level to 0 when using aNULL ciphers. - -3 November 2016: Wouter - - .gitattributes line for githubs code language display. - - log-identity: config option to set sys log identity, patch from - "Robin H. Johnson" - -2 November 2016: Wouter - - iana portlist update. - -31 October 2016: Wouter - - Fix failure to build on arm64 with no sbrk. - - iana portlist update. - -28 October 2016: Wouter - - Patch for server.num.zero_ttl stats for count of expired replies, - from Pavel Odintsov. - -26 October 2016: Wouter - - Fix unit tests for openssl 1.1, with no DSA, by faking DSA, enabled - with the undocumented switch 'fake-dsa'. It logs a warning. - -25 October 2016: Wouter - - Fix #1134: unbound-control set_option -- val-override-date: -1 works - immediately to ignore datetime, or back to 0 to enable it again. - The -- is to ignore the '-1' as an option flag. - -24 October 2016: Wouter - - serve-expired config option: serve expired responses with TTL 0. - - g.root-servers.net has AAAA address. - -21 October 2016: Wouter - - Ported tests for local_cname unit test to testbound framework. - -20 October 2016: Wouter - - suppress compile warning in lex files. - - init lzt variable, for older gcc compiler warnings. - - fix --enable-dsa to work, instead of copying ecdsa enable. - - Fix DNSSEC validation of query type ANY with DNAME answers. - - Fixup query_info local_alias init. - -19 October 2016: Wouter - - Fix #1130: whitespace in example.conf.in more consistent. - -18 October 2016: Wouter - - Patch that resolves CNAMEs entered in local-data conf statements that - point to data on the internet, from Jinmei Tatuya (Infoblox). - - Removed patch comments from acllist.c and msgencode.c - - Added documentation doc/CNAME-basedRedirectionDesignNotes.pdf, - from Jinmei Tatuya (Infoblox). - - Fix #1125: unbound could reuse an answer packet incorrectly for - clients with different EDNS parameters, from Jinmei Tatuya. - - Fix #1118: libunbound.pc sets strange Libs, Libs.private values. - - Added Requires line to libunbound.pc - - Please doxygen by modifying mesh.h - -17 October 2016: Wouter - - Re-fix #839 from view commit overwrite. - - Fixup const void cast warning. - -12 October 2016: Ralph - - Free view config elements. - -11 October 2016: Ralph - - Added qname-minimisation-strict config option. - - iana portlist update. - - fix memoryleak logfile when in debug mode. - -5 October 2016: Ralph - - Added views functionality. - - Fix #1117: spelling errors, from Robert Edmonds. - -30 September 2016: Wouter - - Fix Nits for 1.5.10 reported by Dag-Erling Smorgrav. - -29 September 2016: Wouter - - Fix #838: 1.5.10 cannot be built on Solaris, undefined PATH_MAX. - - Fix #839: Memory grows unexpectedly with large RPZ files. - - Fix #840: infinite loop in unbound_munin_ plugin on unowned lockfile. - - Fix #841: big local-zone's make it consume large amounts of memory. - -27 September 2016: Wouter - - tag for 1.5.10 release - - trunk contains 1.5.11 in development. - - Fix dnstap relaying "random" messages instead of resolver/forwarder - responses, from Nikolay Edigaryev. - - Fix #836: unbound could echo back EDNS options in an error response. - -20 September 2016: Wouter - - iana portlist update. - - Fix #835: fix --disable-dsa with nettle verify. - - tag for 1.5.10rc1 release. - -15 September 2016: Wouter - - Fix 883: error for duplicate local zone entry. - - Test for openssl init_crypto and init_ssl functions. - -15 September 2016: Ralph - - fix potential memory leak in daemon/remote.c and nullpointer - dereference in validator/autotrust. - - iana portlist update. - -13 September 2016: Wouter - - Silenced flex-generated sign-unsigned warning print with gcc - diagnostic pragma. - - Fix for new splint on FreeBSD. Fix cast for sockaddr_un.sun_len. - -9 September 2016: Wouter - - Fix #831: workaround for spurious fread_chk warning against petal.c - -5 September 2016: Ralph - - Take configured minimum TTL into consideration when reducing TTL - to original TTL from RRSIG. - -5 September 2016: Wouter - - Fix #829: doc of sldns_wire2str_rdata_buf() return value has an - off-by-one typo, from Jinmei Tatuya (Infoblox). - - Fix incomplete prototypes reported by Dag-Erling Smørgrav. - - Fix #828: missing type in access-control-tag-action redirect results - in NXDOMAIN. - -2 September 2016: Wouter - - Fix compile with openssl 1.1.0 with api=1.1.0. - -1 September 2016: Wouter - - RFC 7958 is now out, updated docs for unbound-anchor. - - Fix for compile without warnings with openssl 1.1.0. - - Fix #826: Fix refuse_non_local could result in a broken response. - - iana portlist update. - -29 August 2016: Wouter - - Fix #777: OpenSSL 1.1.0 compatibility, patch from Sebastian A. - Siewior. - - Add default root hints for IPv6 E.ROOT-SERVERS.NET, 2001:500:a8::e. - -25 August 2016: Ralph - - Clarify local-zone-override entry in unbound.conf.5 - -25 August 2016: Wouter - - 64bit build option for makedist windows compile, -w64. - -24 August 2016: Ralph - - Fix #820: set sldns_str2wire_rr_buf() dual meaning len parameter - in each iteration in find_tag_datas(). - - unbound.conf.5 entries for define-tag, access-control-tag, - access-control-tag-action, access-control-tag-data, local-zone-tag, - and local-zone-override. - -23 August 2016: Wouter - - Fix #804: unbound stops responding after outage. Fixes queries - that attempt to wait for an empty list of subqueries. - - Fix #804: lower num_target_queries for iterator also for failed - lookups. - -8 August 2016: Wouter - - Note that OPENPGPKEY type is RFC 7929. - -4 August 2016: Wouter - - Fix #807: workaround for possible some "unused" function parameters - in test code, from Jinmei Tatuya. - -3 August 2016: Wouter - - use sendmsg instead of sendto for TFO. - -28 July 2016: Wouter - - Fix #806: wrong comment removed. - -26 July 2016: Wouter - - nicer ratelimit-below-domain explanation. - -22 July 2016: Wouter - - Fix #801: missing error condition handling in - daemon_create_workers(). - - Fix #802: workaround for function parameters that are "unused" - without log_assert. - - Fix #803: confusing (and incorrect) code comment in daemon_cleanup(). - -20 July 2016: Wouter - - Fix typo in unbound.conf. - -18 July 2016: Wouter - - Fix #798: Client-side TCP fast open fails (Linux). - -14 July 2016: Wouter - - TCP Fast open patch from Sara Dickinson. - - Fixed unbound.doxygen for 1.8.11. - -7 July 2016: Wouter - - access-control-tag-data implemented. verbose(4) prints tag debug. - -5 July 2016: Wouter - - Fix dynamic link of anchor-update.exe on windows. - - Fix detect of mingw for MXE package build. - - Fixes for 64bit windows compile. - - Fix #788 for nettle 3.0: Failed to build with Nettle >= 3.0 and - --with-libunbound-only --with-nettle. - -4 July 2016: Wouter - - For #787: prefer-ip6 option for unbound.conf prefers to send - upstream queries to ipv6 servers. - - Fix #787: outgoing-interface netblock/64 ipv6 option to use linux - freebind to use 64bits of entropy for every query with random local - part. - -30 June 2016: Wouter - - Document always_transparent, always_refuse, always_nxdomain types. - -29 June 2016: Wouter - - Fix static compile on windows missing gdi32. - -28 June 2016: Wouter - - Create a pkg-config file for libunbound in contrib. - -27 June 2016: Wouter - - Fix #784: Build configure assumess that having getpwnam means there - is endpwent function available. - - Updated repository with newer flex and bison output. - -24 June 2016: Ralph - - Possibility to specify local-zone type for an acl/tag pair - - Possibility to specify (override) local-zone type for a source address - block -16 June 2016: Ralph - - Decrease dp attempts at each QNAME minimisation iteration - -16 June 2016: Wouter - - Fix tcp timeouts in tv.usec. - -15 June 2016: Wouter - - TCP_TIMEOUT is specified in milliseconds. - - If more than half of tcp connections are in use, a shorter timeout - is used (200 msec, vs 2 minutes) to pressure tcp for new connects. - -14 June 2016: Ralph - - QNAME minimisation unit test for dropped QTYPE=A queries. - -14 June 2016: Wouter - - Fix 775: unbound-host and unbound-anchor crash on windows, ignore - null delete for wsaevent. - - Fix spelling in freebind option man page text. - - Fix windows link of ssl with crypt32. - - Fix 779: Union casting is non-portable. - - Fix 780: MAP_ANON not defined in HP-UX 11.31. - - Fix 781: prealloc() is an HP-UX system library call. - -13 June 2016: Ralph - - Use QTYPE=A for QNAME minimisation. - - Keep track of number of time-outs when performing QNAME minimisation. - Stop minimising when number of time-outs for a QNAME/QTYPE pair is - more than three. - -13 June 2016: Wouter - - Fix #778: unbound 1.5.9: -h segfault (null deref). - - Fix directory: fix for unbound-checkconf, it restores cwd. - -10 June 2016: Wouter - - And delete service.conf.shipped on uninstall. - - In unbound.conf directory: dir immediately changes to that directory, - so that include: file below that is relative to that directory. - With chroot, make the directory an absolute path inside chroot. - - keep debug symbols in windows build. - - do not delete service.conf on windows uninstall. - - document directory immediate fix and allow EXECUTABLE syntax in it - on windows. - -9 June 2016: Wouter - - Trunk is called 1.5.10 (with previous fixes already in there to 2 - june). - - Revert fix for NetworkService account on windows due to breakage - it causes. - - Fix that windows install will not overwrite existing service.conf - file (and ignore gui config choices if it exists). - -7 June 2016: Ralph - - Lookup localzones by taglist from acl. - - Possibility to lookup local_zone, regardless the taglist. - - Added local_zone/taglist/acl unit test. - -7 June 2016: Wouter - - Fix #773: Non-standard Python location build failure with pyunbound. - - Improve threadsafety for openssl 0.9.8 ecdsa dnssec signatures. - -6 June 2016: Wouter - - Better help text from -h (from Ray Griffith). - - access-control-tag config directive. - - local-zone-override config directive. - - access-control-tag-action and access-control-tag-data config - directives. - - free acl-tags, acltag-action and acltag-data config lists during - initialisation to free up memory for more entries. - -3 June 2016: Wouter - - Fix to not ignore return value of chown() in daemon startup. - -2 June 2016: Wouter - - Fix libubound for edns optlist feature. - - Fix distinction between free and CRYPTO_free in dsa and ecdsa alloc. - - Fix #752: retry resource temporarily unavailable on control pipe. - - un-document localzone tags. - - tag for release 1.5.9rc1. - And this also became release 1.5.9. - - Fix (for 1.5.10): Fix unbound-anchor.exe file location defaults to - Program Files with (x86) appended. - - re-documented localzone tags in example.conf. - -31 May 2016: Wouter - - Fix windows service to be created run with limited rights, as a - network service account, from Mario Turschmann. - - compat strsep implementation. - - generic edns option parse and store code. - - and also generic edns options for upstream messages (and replies). - after parse use edns_opt_find(edns.opt_list, LDNS_EDNS_NSID), - to insert use edns_opt_append(edns, region, code, len, bindata) on - the opt_list passed to send_query, or in edns_opt_inplace_reply. - -30 May 2016: Wouter - - Fix time in case answer comes from cache in ub_resolve_event(). - - Attempted fix for #765: _unboundmodule missing for python3. - -27 May 2016: Wouter - - Fix #770: Small subgroup attack on DH used in unix pipe on localhost - if unbound control uses a unix local named pipe. - - Document write permission to directory of trust anchor needed. - - Fix #768: Unbound Service Sometimes Can Not Shutdown - Completely, WER Report Shown Up. Close handle before closing WSA. - -26 May 2016: Wouter - - Updated patch from Charles Walker. - -24 May 2016: Wouter - - disable-dnssec-lame-check config option from Charles Walker. - - remove memory leak from lame-check patch. - - iana portlist update. - -23 May 2016: Wouter - - Fix #767: Reference to an expired Internet-Draft in - harden-below-nxdomain documentation. - -20 May 2016: Ralph - - No QNAME minimisation fall-back for NXDOMAIN answers from DNSSEC - signed zones. - - iana portlist update. - -19 May 2016: Wouter - - Fix #766: dns64 should synthesize results on timeout/errors. - -18 May 2016: Wouter - - Fix #761: DNSSEC LAME false positive resolving nic.club. - -17 May 2016: Wouter - - trunk updated with output of flex 2.6.0. - -6 May 2016: Wouter - - Fix memory leak in out-of-memory conditions of local zone add. - -29 April 2016: Wouter - - Fix sldns with static checking fixes copied from getdns. - -28 April 2016: Wouter - - Fix #759: 0x20 capsforid no longer checks type PTR, for - compatibility with cisco dns guard. This lowers false positives. - -18 April 2016: Wouter - - Fix some malformed reponses to edns queries get fallback to nonedns. - -15 April 2016: Wouter - - cachedb module event handling design. - -14 April 2016: Wouter - - cachedb module framework (empty). - - iana portlist update. - -12 April 2016: Wouter - - Fix #753: document dump_requestlist is for first thread. - -24 March 2016: Wouter - - Document permit-small-holddown for 5011 debug. - - Fix #749: unbound-checkconf gets SIGSEGV when use against a - malformatted conf file. - -23 March 2016: Wouter - - OpenSSL 1.1.0 portability, --disable-dsa configure option. - -21 March 2016: Wouter - - Fix compile of getentropy_linux for SLES11 servicepack 4. - - Fix dnstap-log-resolver-response-messages, from Nikolay Edigaryev. - - Fix test for openssl to use HMAC_Update for 1.1.0. - - acx_nlnetlabs.m4 to v33, with HMAC_Update. - - acx_nlnetlabs.m4 to v34, with -ldl -pthread test for libcrypto. - - ERR_remove_state deprecated since openssl 1.0.0. - - OPENSSL_config is deprecated, removing. - -18 March 2016: Ralph - - Validate QNAME minimised NXDOMAIN responses. - - If QNAME minimisation is enabled, do cache lookup for QTYPE NS in - harden-below-nxdomain. - -17 March 2016: Ralph - - Limit number of QNAME minimisation iterations. - -17 March 2016: Wouter - - Fix #746: Fix unbound sets CD bit on all forwards. - If no trust anchors, it'll not set CD bit when forwarding to another - server. If a trust anchor, no CD bit on the first attempt to a - forwarder, but CD bit thereafter on repeated attempts to get DNSSEC. - - iana portlist update. - -16 March 2016: Wouter - - Fix ip-transparent for ipv6 on FreeBSD, thanks to Nick Hibma. - - Fix ip-transparent for tcp on freebsd. - -15 March 2016: Wouter - - ip_freebind: yesno option in unbound.conf sets IP_FREEBIND for - binding to an IP address while the interface or address is down. - -14 March 2016: Wouter - - Fix warnings in ifdef corner case, older or unknown libevent. - - Fix compile for ub_event code with older libev. - -11 March 2016: Wouter - - Remove warning about unused parameter in event_pluggable.c. - - Fix libev usage of dispatch return value. - - No side effects in tolower() call, in case it is a macro. - - For test put free in pluggable api in parenthesis. - -10 March 2016: Wouter - - Fixup backend2str for libev. - -09 March 2016: Willem - - User defined pluggable event API for libunbound - - Fixup of compile fix for pluggable event API from P.Y. Adi - Prasaja. - -09 March 2016: Wouter - - Updated configure and ltmain.sh. - - Updated L root IPv6 address. - -07 March 2016: Wouter - - Fix #747: assert in outnet_serviced_query_stop. - - iana ports fetched via https. - - iana portlist update. - -03 March 2016: Wouter - - configure tests for the weak attribute support by the compiler. - -02 March 2016: Wouter - - 1.5.8 release tag - - trunk contains 1.5.9 in development. - - iana portlist update. - - Fix #745: unbound.py - idn2dname throws UnicodeError when idnname - contains trailing dot. - -24 February 2016: Wouter - - Fix OpenBSD asynclook lock free that gets used later (fix test code). - - Fix that NSEC3 negative cache is used when there is no salt. - -23 February 2016: Wouter - - ub_ctx_set_stub() function for libunbound to config stub zones. - - sorted ubsyms.def file with exported libunbound functions. - -19 February 2016: Wouter - - Print understandable debug log when unusable DS record is seen. - - load gost algorithm if digest is seen before key algorithm. - - iana portlist update. - -17 February 2016: Wouter - - Fix that "make install" fails due to "text file busy" error. - -16 February 2016: Wouter - - Set IPPROTO_IP6 for ipv6 sockets otherwise invalid argument error. - -15 February 2016: Wouter - - ip-transparent option for FreeBSD with IP_BINDANY socket option. - - wait for sendto to drain socket buffers when they are full. - -9 February 2016: Wouter - - Test for type OPENPGPKEY. - - insecure-lan-zones: yesno config option, patch from Dag-Erling - Smørgrav. - -8 February 2016: Wouter - - Fix patch typo in prevuous commit for 734 from Adi Prasaja. - - RR Type CSYNC support RFC 7477, in debug printout and config input. - - RR Type OPENPGPKEY support (draft-ietf-dane-openpgpkey-07). - -29 January 2016: Wouter - - Neater cmdline_verbose increment patch from Edgar Pettijohn. - -27 January 2016: Wouter - - Made netbsd sendmsg test nonfatal, in case of false positives. - - Fix #741: log message for dnstap socket connection is more clear. - -26 January 2016: Wouter - - Fix #734: chown the pidfile if it resides inside the chroot. - - Use arc4random instead of random in tests (because it is - available, possibly as compat, anyway). - - Fix cmsg alignment for argument to sendmsg on NetBSD. - - Fix that unbound complains about unimplemented IP_PKTINFO for - sendmsg on NetBSD (for interface-automatic). - -25 January 2016: Wouter - - Fix #738: Swig should not be invoked with CPPFLAGS. - -19 January 2016: Wouter - - Squelch 'cannot assign requested address' log messages unless - verbosity is high, it was spammed after network down. - -14 January 2016: Wouter - - Fix to simplify empty string checking from Michael McConville. - - iana portlist update. - -12 January 2016: Wouter - - Fix #734: Do not log an error when the PID file cannot be chown'ed. - Patch from Simon Deziel. - -11 January 2016: Wouter - - Fix test if -pthreads unused to use better grep for portability. - -06 January 2016: Wouter - - Fix mingw crosscompile for recent mingw. - - Update aclocal, autoconf output with new versions (1.15, 2.4.6). - -05 January 2016: Wouter - - #731: tcp-mss, outgoing-tcp-mss options for unbound.conf, patch - from Daisuke Higashi. - - Support RFC7686: handle ".onion" Special-Use Domain. It is blocked - by default, and can be unblocked with "nodefault" localzone config. - -04 January 2016: Wouter - - Define DEFAULT_SOURCE together with BSD_SOURCE when that is defined, - for Linux glibc 2.20. - - Fixup contrib/aaaa-filter-iterator.patch for moved contents in the - source code, so it applies cleanly again. Removed unused variable - warnings. - -15 December 2015: Ralph - - Fix #729: omit use of escape sequences in echo since they are not - portable (unbound-control-setup). - -11 December 2015: Wouter - - remove NULL-checks before free, patch from Michael McConville. - - updated ax_pthread.m4 to version 21 with clang support, this - removes a warning from compilation. - - OSX portability, detect if sbrk is deprecated. - - OSX clang, stop -pthread unused during link stage warnings. - - OSX clang new flto check. - -10 December 2015: Wouter - - 1.5.7 release - - trunk has 1.5.8 in development. - -8 December 2015: Wouter - - Fixup 724 for unbound-control. - -7 December 2015: Ralph - - Do not minimise forwarded requests. - -4 December 2015: Wouter - - Removed unneeded whitespace from example.conf. - -3 December 2015: Ralph - - (after rc1 tag) - - Committed fix to qname minimisation and unit test case for it. - -3 December 2015: Wouter - - iana portlist update. - - 1.5.7rc1 prerelease tag. - -2 December 2015: Wouter - - Fixup 724: Fix PCA prompt for unbound-service-install.exe. - re-enable stdout printout. - - For 724: Add Changelog to windows binary dist. - -1 December 2015: Ralph - - Qname minimisation review fixes - -1 December 2015: Wouter - - Fixup 724 fix for fname_after_chroot() calls. - - Remove stdout printout for unbound-service-install.exe - - .gitignore for git users. - -30 November 2015: Ralph - - Implemented qname minimisation - -30 November 2015: Wouter - - Fix for #724: conf syntax to read files from run dir (on Windows). - -25 November 2015: Wouter - - Fix for #720, fix unbound-control-setup windows batch file. - -24 November 2015: Wouter - - Fix #720: add windows scripts to zip bundle. - - iana portlist update. - -20 November 2015: Wouter - - Added assert on rrset cache correctness. - - Fix that malformed EDNS query gets a response without malformed EDNS. - -18 November 2015: Wouter - - newer acx_nlnetlabs.m4. - - spelling fixes from Igor Sobrado Delgado. - -17 November 2015: Wouter - - Fix #594. libunbound: optionally use libnettle for crypto. - Contributed by Luca Bruno. Added --with-nettle for use with - --with-libunbound-only. - - refactor nsec3 hash implementation to be more library-portable. - - iana portlist update. - - Fixup DER encoded DSA signatures for libnettle. - -16 November 2015: Wouter - - Fix for lenient accept of reverse order DNAME and CNAME. - -6 November 2015: Wouter - - Change example.conf: ftp.internic.net to https://www.internic.net - -5 November 2015: Wouter - - ACX_SSL_CHECKS no longer adds -ldl needlessly. - -3 November 2015: Wouter - - Fix #718: Fix unbound-control-setup with support for env - without HEREDOC bash support. - -29 October 2015: Wouter - - patch from Doug Hogan for SSL_OP_NO_SSLvx options. - - Fix #716: nodata proof with empty non-terminals and wildcards. - -28 October 2015: Wouter - - Fix checklock testcode for linux threads on exit. - -27 October 2015: Wouter - - isblank() compat implementation. - - detect libexpat without xml_StopParser function. - - portability fixes. - - portability, replace snprintf if return value broken. - -23 October 2015: Wouter - - Fix #714: Document config to block private-address for IPv4 - mapped IPv6 addresses. - -22 October 2015: Wouter - - Fix #712: unbound-anchor appears to not fsync root.key. - -20 October 2015: Wouter - - 1.5.6 release. - - trunk tracks development of 1.5.7. - -15 October 2015: Wouter - - Fix segfault in the dns64 module in the formaterror error path. - - Fix sldns_wire2str_rdata_scan for malformed RRs. - - tag for 1.5.6rc1 release. - -14 October 2015: Wouter - - ANY responses include DNAME records if present, as per Evan Hunt's - remark in dnsop. - - Fix manpage to suggest using SIGTERM to terminate the server. - -9 October 2015: Wouter - - Default for ssl-port is port 853, the temporary port assignment - for secure domain name system traffic. - If you used to rely on the older default of port 443, you have - to put a clause in unbound.conf for that. The new value is likely - going to be the standardised port number for this traffic. - - iana portlist update. - -6 October 2015: Wouter - - 1.5.5 release. - - trunk tracks the development of 1.5.6. - -28 September 2015: Wouter - - MAX_TARGET_COUNT increased to 64, to fix up sporadic resolution - failures. - - tag for 1.5.5rc1 release. - - makedist.sh: pgp sig echo commands. - -25 September 2015: Wouter - - Fix unbound-control flush that does not succeed in removing data. - -22 September 2015: Wouter - - Fix config globbed include chroot treatment, this fixes reload of - globs (patch from Dag-Erling Smørgrav). - - iana portlist update. - - Fix #702: New IPs for for h.root-servers.net. - - Remove confusion comment from canonical_compare() function. - - Fix #705: ub_ctx_set_fwd() return value mishandled on windows. - - testbound selftest also works in non-debug mode. - - Fix minor error in unbound.conf.5.in - - Fix unbound.conf(5) access-control description for precedence - and default. - -31 August 2015: Wouter - - changed windows setup compression to be more transparent. - -28 August 2015: Wouter - - Fix #697: Get PY_MAJOR_VERSION failure at configure for python - 2.4 to 2.6. - - Feature #699: --enable-pie option to that builds PIE binary. - - Feature #700: --enable-relro-now option that enables full read-only - relocation. - -24 August 2015: Wouter - - Fix deadlock for local data add and zone add when unbound-control - list_local_data printout is interrupted. - - iana portlist update. - - Change default of harden-algo-downgrade to off. This is lenient - for algorithm rollover. - -13 August 2015: Wouter - - 5011 implementation does not insist on all algorithms, when - harden-algo-downgrade is turned off. - - Reap the child process that libunbound spawns. - -11 August 2015: Wouter - - Fix #694: configure script does not detect LibreSSL 2.2.2 - -4 August 2015: Wouter - - Document that local-zone nodefault matches exactly and transparent - can be used to release a subzone. - -3 August 2015: Wouter - - Document in the manual more text about configuring locally served - zones. - - Fix 5011 anchor update timer after reload. - - Fix mktime in unbound-anchor not using UTC. - -30 July 2015: Wouter - - please afl-gcc (llvm) for uninitialised variable warning. - - Added permit-small-holddown config to debug fast 5011 rollover. - -24 July 2015: Wouter - - Fix #690: Reload fails when so-reuseport is yes after changing - num-threads. - - iana portlist update. - -21 July 2015: Wouter - - Fix configure to detect SSL_CTX_set_ecdh_auto. - - iana portlist update. - -20 July 2015: Wouter - - Enable ECDHE for servers. Where available, use - SSL_CTX_set_ecdh_auto() for TLS-wrapped server configurations to - enable ECDHE. Otherwise, manually offer curve p256. - Client connections should automatically use ECDHE when available. - (thanks Daniel Kahn Gillmor) - -18 July 2015: Willem - - Allow certificate chain files to allow for intermediate certificates. - (thanks Daniel Kahn Gillmor) - -13 July 2015: Wouter - - makedist produces sha1 and sha256 files for created binaries too. - -9 July 2015: Wouter - - 1.5.4 release tag - - trunk has 1.5.5 in development. - - Fix #681: Setting forwarders with unbound-control forward - implicitly turns on forward-first. - -29 June 2015: Wouter - - iana portlist update. - - Fix alloc with log for allocation size checks. - -26 June 2015: Wouter - - Fix #677 Fix DNAME responses from cache that failed internal chain - test. - - iana portlist update. - -22 June 2015: Wouter - - Fix #677 Fix CNAME corresponding to a DNAME was checked incorrectly - and was therefore always synthesized (thanks to Valentin Dietrich). - -4 June 2015: Wouter - - RFC 7553 RR type URI support, is now enabled by default. - -2 June 2015: Wouter - - Fix #674: Do not free pointers given by getenv. - -29 May 2015: Wouter - - Fix that unparseable error responses are ratelimited. - - SOA negative TTL is capped at minimumttl in its rdata section. - - cache-max-negative-ttl config option, default 3600. - -26 May 2015: Wouter - - Document that ratelimit works with unbound-control set_option. - -21 May 2015: Wouter - - iana portlist update. - - documentation proposes ratelimit of 1000 (closer to what upstream - servers expect from us). - -20 May 2015: Wouter - - DLV is going to be decommissioned. Advice to stop using it, and - put text in the example configuration and man page to that effect. - -10 May 2015: Wouter - - Change syntax of particular validator error to be easier for - machine parse, swap rrset and ip adres info so it looks like: - validation failure : signature crypto - failed from 2001:DB8:7:bba4::53 for <*.example.nl. NSEC IN> - -1 May 2015: Wouter - - caps-whitelist in unbound.conf allows whitelist of loadbalancers - that cannot work with caps-for-id or its fallback. - -30 April 2015: Wouter - - Unit test for type ANY synthesis. - -22 April 2015: Wouter - - Removed contrib/unbound_unixsock.diff, because it has been - integrated, use control-interface: /path in unbound.conf. - - iana portlist update. - -17 April 2015: Wouter - - Synthesize ANY responses from cache. Does not search exhaustively, - but MX,A,AAAA,SOA,NS also CNAME. - - Fix leaked dns64prefix configuration string. - -16 April 2015: Wouter - - Add local-zone type inform_deny, that logs query and drops answer. - - Ratelimit does not apply to prefetched queries, and ratelimit-factor - is default 10. Repeated normal queries get resolved and with - prefetch stay in the cache. - - Fix bug#664: libunbound python3 related fixes (from Tomas Hozza) - Use print_function also for Python2. - libunbound examples: produce sorted output. - libunbound-Python: libldns is not used anymore. - Fix issue with Python 3 mapping of FILE* using file_py3.i from ldns. - -10 April 2015: Wouter - - unbound-control ratelimit_list lists high rate domains. - - ratelimit feature, ratelimit: 100, or some sensible qps, can be - used to turn it on. It ratelimits recursion effort per zone. - For particular names you can configure exceptions in unbound.conf. - - Fix that get_option for cache-sizes does not print double newline. - - Fix#663: ssl handshake fails when using unix socket because dh size - is too small. - -8 April 2015: Wouter - - Fix crash in dnstap: Do not try to log TCP responses after timeout. - -7 April 2015: Wouter - - Libunbound skips dos-line-endings from etc/hosts. - - Unbound exits with a fatal error when the auto-trust-anchor-file - fails to be writable. This is seconds after startup. You can - load a readonly auto-trust-anchor-file with trust-anchor-file. - The file has to be writable to notice the trust anchor change, - without it, a trust anchor change will be unnoticed and the system - will then become inoperable. - - unbound-control list_insecure command shows the negative trust - anchors currently configured, patch from Jelte Jansen. - -2 April 2015: Wouter - - Fix #660: Fix interface-automatic broken in the presence of - asymmetric routing. - -26 March 2015: Wouter - - remote.c probedelay line is easier to read. - - rename ldns subdirectory to sldns to avoid name collision. - -25 March 2015: Wouter - - Fix #657: libunbound(3) recommends deprecated - CRYPTO_set_id_callback. - - If unknown trust anchor algorithm, and libressl is used, error - message encourages upgrade of the libressl package. - -23 March 2015: Wouter - - Fix segfault on user not found at startup (from Maciej Soltysiak). - -20 March 2015: Wouter - - Fixed to add integer overflow checks on allocation (defense in depth). - -19 March 2015: Wouter - - Add ip-transparent config option for bind to non-local addresses. - -17 March 2015: Wouter - - Use reallocarray for integer overflow protection, patch submitted - by Loganaden Velvindron. - -16 March 2015: Wouter - - Fixup compile on cygwin, more portable openssl thread id. - -12 March 2015: Wouter - - Updated default keylength in unbound-control-setup to 3k. - -10 March 2015: Wouter - - Fix lintian warning in unbound-checkconf man page (from Andreas - Schulze). - - print svnroot when building windows dist. - - iana portlist update. - - Fix warning on sign compare in getentropy_linux. - -9 March 2015: Wouter - - Fix #644: harden-algo-downgrade option, if turned off, fixes the - reported excessive validation failure when multiple algorithms - are present. It allows the weakest algorithm to validate the zone. - - iana portlist update. - -5 March 2015: Wouter - - contrib/unbound_smf22.tar.gz: Solaris SMF installation/removal - scripts. Contributed by Yuri Voinov. - - Document that incoming-num-tcp increase is good for large servers. - - stats reports tcp usage, of incoming-num-tcp buffers. - -4 March 2015: Wouter - - Patch from Brad Smith that syncs compat/getentropy_linux with - OpenBSD's version (2015-03-04). - - 0x20 fallback improved: servfail responses do not count as missing - comparisons (except if all responses are errors), - inability to find nameservers does not fail equality comparisons, - many nameservers does not try to compare more than max-sent-count, - parse failures start 0x20 fallback procedure. - - store caps_response with best response in case downgrade response - happens to be the last one. - - Document windows 8 tests. - -3 March 2015: Wouter - - tag 1.5.3rc1 - [ This became 1.5.3 on 10 March, trunk is 1.5.4 in development ] - -2 March 2015: Wouter - - iana portlist update. - -20 February 2015: Wouter - - Use the getrandom syscall introduced in Linux 3.17 (from Heiner - Kallweit). - - Fix #645 Portability to Solaris 10, use AF_LOCAL. - - Fix #646 Portability to Solaris, -lrt for getentropy_solaris. - - Fix #647 crash in 1.5.2 because pwd.db no longer accessible after - reload. - -19 February 2015: Wouter - - 1.5.2 release tag. - - svn trunk contains 1.5.3 under development. - -13 February 2015: Wouter - - Fix #643: doc/example.conf.in: unnecessary whitespace. - -12 February 2015: Wouter - - tag 1.5.2rc1 - -11 February 2015: Wouter - - iana portlist update. - -10 February 2015: Wouter - - Fix scrubber with harden-glue turned off to reject NS (and other - not-address) records. - -9 February 2015: Wouter - - Fix validation failure in case upstream forwarder (ISC BIND) does - not have the same trust anchors and decides to insert unsigned NS - record in authority section. - -2 February 2015: Wouter - - infra-cache-min-rtt patch from Florian Riehm, for expected long - uplink roundtrip times. - -30 January 2015: Wouter - - Fix 0x20 capsforid fallback to omit gratuitous NS and additional - section changes. - - Portability fix for Solaris ('sun' is not usable for a variable). - -29 January 2015: Wouter - - Fix pyunbound byte string representation for python3. - -26 January 2015: Wouter - - Fix unintended use of gcc extension for incomplete enum types, - compile with pedantic c99 compliance (from Daniel Dickman). - -23 January 2015: Wouter - - windows port fixes, no AF_LOCAL, no chown, no chmod(grp). - -16 January 2015: Wouter - - unit test for local unix connection. Documentation and log_addr - does not inspect port for AF_LOCAL. - - unbound-checkconf -f prints chroot with pidfile path. - -13 January 2015: Wouter - - iana portlist update. - -12 January 2015: Wouter - - Cast sun_len sizeof to socklen_t. - - Fix pyunbound ord call, portable for python 2 and 3. - -7 January 2015: Wouter - - Fix warnings in pythonmod changes. - -6 January 2015: Wouter - - iana portlist update. - - patch for remote control over local sockets, from Dag-Erling - Smorgrav, Ilya Bakulin. Use control-interface: /path/sock and - control-use-cert: no. - - Fixup that patch and uid lookup (only for daemon). - - coded the default of control-use-cert, to yes. - -5 January 2015: Wouter - - getauxval test for ppc64 linux compatibility. - - make strip works for unbound-host and unbound-anchor. - - patch from Stephane Lapie that adds to the python API, that - exposes struct delegpt, and adds the find_delegation function. - - print query name when max target count is exceeded. - - patch from Stuart Henderson that fixes DESTDIR in - unbound-control-setup for installs where config is not in - the prefix location. - - Fix #634: fix fail to start on Linux LTS 3.14.X, ignores missing - IP_MTU_DISCOVER OMIT option (fix from Remi Gacogne). - - Updated contrib warmup.cmd/sh to support two modes - load - from pre-defined list of domains or (with filename as argument) - load from user-specified list of domains, and updated contrib - unbound_cache.sh/cmd to support loading/save/reload cache to/from - default path or (with secondary argument) arbitrary path/filename, - from Yuri Voinov. - - Patch from Philip Paeps to contrib/unbound_munin_ that uses - type ABSOLUTE. Allows munin.conf: [idleserver.example.net] - unbound_munin_hits.graph_period minute - -9 December 2014: Wouter - - svn trunk has 1.5.2 in development. - - config.guess and config.sub update from libtoolize. - - local-zone: example.com inform makes unbound log a message with - client IP for queries in that zone. Eg. for finding infected hosts. - -8 December 2014: Wouter - - Fix CVE-2014-8602: denial of service by making resolver chase - endless series of delegations. - -1 December 2014: Wouter - - Fix bug#632: unbound fails to build on AArch64, protects - getentropy compat code from calling sysctl if it is has been removed. - -29 November 2014: Wouter - - Add include to getentropy_linux.c, hopefully fixing debian build. - -28 November 2014: Wouter - - Fix makefile for build from noexec source tree. - -26 November 2014: Wouter - - Fix libunbound undefined symbol errors for main. - Referencing main does not seem to be possible for libunbound. - -24 November 2014: Wouter - - Fix log at high verbosity and memory allocation failure. - - iana portlist update. - -21 November 2014: Wouter - - Fix crash on multiple thread random usage on systems without - arc4random. - -20 November 2014: Wouter - - fix compat/getentropy_win.c check if CryptGenRandom works and no - immediate exit on windows. - -19 November 2014: Wouter - - Fix cdflag dns64 processing. - -18 November 2014: Wouter - - Fix that CD flag disables DNS64 processing, returning the DNSSEC - signed AAAA denial. - - iana portlist update. - -17 November 2014: Wouter - - Fix #627: SSL_CTX_load_verify_locations return code not properly - checked. - -14 November 2014: Wouter - - parser with bison 2.7 - -13 November 2014: Wouter - - Patch from Stephane Lapie for ASAHI Net that implements aaaa-filter, - added to contrib/aaaa-filter-iterator.patch. - -12 November 2014: Wouter - - trunk has 1.5.1 in development. - - Patch from Robert Edmonds to build pyunbound python module - differently. No versioninfo, with -shared and without $(LIBS). - - Patch from Robert Edmonds fixes hyphens in unbound-anchor man page. - - Removed 'increased limit open files' log message that is written - to console. It is only written on verbosity 4 and higher. - This keeps system bootup console cleaner. - - Patch from James Raftery, always print stats for rcodes 0..5. - -11 November 2014: Wouter - - iana portlist update. - - Fix bug where forward or stub addresses with same address but - different port number were not tried. - - version number in svn trunk is 1.5.0 - - tag 1.5.0rc1 - - review fix from Ralph. - -7 November 2014: Wouter - - dnstap fixes by Robert Edmonds: - dnstap/dnstap.m4: cosmetic fixes - dnstap/: Remove compiled protoc-c output files - dnstap/dnstap.m4: Error out if required libraries are not found - dnstap: Fix ProtobufCBufferSimple usage that is incorrect as of - protobuf-c 1.0.0 - dnstap/: Adapt to API changes in latest libfstrm (>= 0.2.0) - -4 November 2014: Wouter - - Add ub_ctx_add_ta_autr function to add a RFC5011 automatically - tracked trust anchor to libunbound. - - Redefine internal minievent symbols to unique symbols that helps - linking on platforms where the linker leaks names across modules. - -27 October 2014: Wouter - - Disabled use of SSLv3 in remote-control and ssl-upstream. - - iana portlist update. - -16 October 2014: Wouter - - Documented dns64 configuration in unbound.conf man page. - -13 October 2014: Wouter - - Fix #617: in ldns in unbound, lowercase WKS services. - - Fix ctype invocation casts. - -10 October 2014: Wouter - - Fix unbound-checkconf check for module config with dns64 module. - - Fix unbound capsforid fallback, it ignores TTLs in comparison. - -6 October 2014: Wouter - - Fix #614: man page variable substitution bug. -6 October 2014: Willem - - Whitespaces after $ORIGIN are not part of the origin dname (ldns). - - $TTL's value starts at position 5 (ldns). - -1 October 2014: Wouter - - fix #613: Allow tab ws in var length last rdfs (in ldns str2wire). - -29 September 2014: Wouter - - Fix #612: create service with service.conf in present directory and - auto load it. - - Fix for mingw compile openssl ranlib. - -25 September 2014: Wouter - - updated configure and aclocal with newer autoconf 1.13. - -22 September 2014: Wouter - - Fix swig and python examples for Python 3.x. - - Fix for mingw compile with openssl-1.0.1i. - -19 September 2014: Wouter - - improve python configuration detection to build on Fedora 22. - -18 September 2014: Wouter - - patches to also build with Python 3.x (from Pavel Simerda). - -16 September 2014: Wouter - - Fix tcp timer waiting list removal code. - - iana portlist update. - - Updated the TCP_BACLOG from 5 to 256, so that the tcp accept queue - is longer and more tcp connections can be handled. - -15 September 2014: Wouter - - Fix unit test for CDS typecode. - -5 September 2014: Wouter - - type CDS and CDNSKEY types in sldns. - -25 August 2014: Wouter - - Fixup checklock code for log lock and its mutual initialization - dependency. - - iana portlist update. - - Removed necessity for pkg-config from the dnstap.m4, new are - the --with-libfstrm and --with-protobuf-c configure options. - -19 August 2014: Wouter - - Update unbound manpage with more explanation (from Florian Obser). - -18 August 2014: Wouter - - Fix #603: unbound-checkconf -o
    Z@nSf;x>qbI6UCUYt#=oY$%xa9J2 zG}R$c&P`e~5W$SX6pGZU3+wF|{w|kPG=4^KBk~3zJ1IPK78favuu}!h;qWd;RwUOm zm^MYCK@EdE5LP5@593l%?3pvEt$KOp_5us#;Oue133Nz42uTCvBkt2`Ea1HF8t^dj6%~C zOz9TG=JP3vQfFatZRxt9$E2!;05k1uE&L=Elt9=yW%&m%nEns=|M2jDrWyQqq6Yu_ z(n4{Vh5oLc{;GSZ?-Xg|FfU|cWP7RIG0b9$uu4F2fXoT*cb6TmYiqYPlwj79EP{v3O3wNZ}HW>gYQ*XFi1YI<=z!}cL6mV|J7jT zx1cuFWkva**(rH^ajj^vE5mNYH;o+X5K@6^g8Ut85Q!zEP+}`pPDAa2kqaG}9{t6= z`4+W$5tbi&{2$2q`svP#GR5;j5m9g6&t4DWBD_E(3f#V*(fa%?`#TQV*DUb%y(?+$ zg`aXNw6}Gr)0Gy5k6p~}R9`D(GJN-_0Dm65Q)Ifi`c>luXBVBap-{Nbq*7Xfrz$uy zZxh@VPpM~mE{-8Uagij`&a+@Qi`>FtPoU^d9tUW3ps{m@?ATu6QEK{PA^k>Oe7}2& zv59MPhNeHUm`n?rQuCjxMyYkfwXfK#3b9rB$=3KA!Mw%?Qw~{AB6&OIHZCoxdjtxN zEjw0-i)uQnce%|9bk^0Ez6cIRCvY!x+Sc{FqF27Z`we?J>bHZK)RwaE-M8g~>vI~e z4O@ky7FLayqR&mby+o5ADG~HoV1+6JMz(VRD|IPvm1mpnx7&R+q{qt&TnF+6vox}l zqZqEzu#o)%IVb)^@k;rwwyeiDB$uI^&QD}rdS@0JX~Gp_@~YW>6z(>*RdXSemebWA zDAaD0CSAK4DCO7OZ@6}`Nki^XwRcHPp=>_tMO6r0n{iM`sON*Sdizk!lJ54gFqL^) zJZIw6e{`F6B1;_ZPmi7p6?awo+Zrc|3X1sa7Sb0hDH*wkxQPv@H6JRK6B>nB{{yhv zY!7x!t`9oaJggWpB)T+DZ%8}cCCcr}vdE}r2NxGh`3ejB38EG%U%f5Aef6DRodiMV z)oZc)5vw22Jt*hTn7?PwZM4Ap(oVvH21Ngd(;n333$9KckC(@FW_ye-8xW3}y>$tY z*V5vW>SF`WB#ILZxPF{j6{nGvWYE6yl`gD~`#Zq@wS(ZOpU%us(L3`_AQB?w&{pPy z%^0_pW{=Kx{)$c(KS&&)qS4HwhT*Dbu|EUPpJT8|qT$2L!<_2eA5OxpR04K+^mZ3R z`)L!_%bmz}nW!9*Z-}KgA!|Utt`M9dhv)`tKr~{@U&N3D z#!BVD^vnkiRE`2zL5Vmi0`e&s{=VaPAEWnVeg^(PnQou6UFbA;y*OW}_=|n~df}%9 z_?@<#T3e%6;2G^J|y*? zw$U0Wq5YKwTvppZK-~5rO;|kJk889w@88jL2^(^TwePe41K_M=&tgKCXpimXHxfKW zWm6RpqI3&~XRRn4E~%Zp#k~_t+6%R#ooqSDzr^i9^95l>W9*c$OaB0At{SN`Gi$%8 zp_eQf!oIJ$iy40_mvU z^z8UR+DAq>Qdf`RoeC#uKJo1P!uxNhPe81I!EefW$l2FrYgz;lg& zHza}S($5Gh%Qik-@=M^GHTe3grcWlvb;9j@GaY0Ewm#RU z#pUZq^YCF}$C|)fpRj2G6>LxzVUD!DvZ^4bDIeRK+U(ET?~>(-h^aTMmdV|I3Hlds zO&RJE749-plWvSoe$vs43STZ+G5G6!0x(}>!p|5Y8_#O%Lm%9%@bt@a9lbnGKVZsgs**I2S9f!@)1Vx{ah|n9 z@lvdp1gjvuhNzz}ySm^>Q;l^(3Fj50a~gq1AK5njSz1Ppvv`+%z1nKBY$K&K-#ng1 z_w6c#)a(UgZD`jR{3cq?JCZ-_H~b+1>(wN4>1Dn5uj!BB0pnP%>Gk|@axYZNwxtYn zAcbjR3QJV51*2MB;oKp>J7>&}iHdf+v8FiXvaqsMhU88a-G#Xr5AVI6a75YG33=M4 zlFA=@%%>oX_-TvCRahKry*B~06o6xk2D8Q_z_fz@b})e1v={H|Ne4K}OlJhA*oih6 zIp`s_!jm<=Vois5Dz(DtY$NEN5s_^b8Ui+#6xVAniYz^WmdJ@vbdTCPSZfrrZW8u=nSuf>@r|J{I!<87s!4;o1vY zO6J581|PKiz#zse3M>kH6Z*8*i7dwQO%n4P{`%MKBKMGwP{*7BAt@3&nMKV(((E1( z)T$#$usFYEBx#3b3E!YdN?t&=v-kc3#E*hM$hf~zpnLLQK)^)EckhZObbIPEPg;p+ zg|@J})QaBLgNG%TIs4qiVPfn9NO*0DZ6p=5JfXK^`-Hi}iW7P1G#K{+Ee1k!T6^hoA}Dx#jet^89=I3bx= zvTCd-^gK*@E1YGyeI{5ad@My?(+W{o$oe)xI#DS`GQFg;pVPxoG%^_ir8_GitB5EY z&jdVd*i4glg$U9zxN>ia={oN51e8d1P96*EQC18(#h?3ap0>_0q(&lAex6Lc(Y6-U zN2%dP3C^DrhtsyeYG9VL`eOFPA;RuBjfFs|+#xk&q+(}h+J`1L&vJ66-)@xjfCk}t zT1iC?xZ#wAux_dpeq*8-0SO!x!fINHt}muj$Co$Bil_H0*hM+z?~ZQ1xj?~|zE*F^ zR2J%T*C7O)jI~kDumr;9F>=L5qT-P(R4ZK49-xWcZco{(N)XL?4k|OdB-@mBM2JdM zQ`tzZo}}6w^KU zfs8o}+n}{|vMkh}k=Bi`1F1ouinp1!7qAOq$j(F3QP@c7r~xHZZT7)Gz}tTSbZ|}$ zD{Nb6mVxS)OJ-i8wr7WXC~Ukp;>gZYV{Y%_rHNkuQ+WJ;PYtuyb=X{Dgpiw8XaEO& z;e2cxKKRcmMRh~9ZIiPKH<-g&mOSh0y&sp=e+O^lJRyKm`)#NcJ6X2wcZncd)&@6n}x=OQ8K?cyw`HOzoFx3Ld8{wcaRT1>P=A1Ep6nRl+Z znWMA0r1gSc3U~a-TG4e`S@iDtw9i@3HLX0Z2zor6U=EOk=!uej6Gfb*OkNSNqdT=qFT=b@CW&c&7?vk#>9W90#LS$wa? zdG9u4hJa^qg6f$p^gKFo`K9W;Ud_daBc8G8D{meY9G*dPM9S#oiVMM{OrI5k)v5_v z@Jq6I+hMs?5dV9R3R#;slIeBxvA^@CF}#6fCC@N9!z)vpg~@gmCT=0(i7nW4FIvKm z?x_0YnJ$sDq4xCe8>NgH-y7E9Kw%fB)N1H}27AFVoxZ3DQ71i%^}$4BgArZ;aDF%l zKE1Yrd-K>Y-F!{P#wr;3!-h&qTd8xL<9Q4b=9K=; zlx9sB|Cv$gs$#OZHJ?^4<^4b;`LhV7OAz>)MV1slrHwwfY#(mOz2F<#NAxf#wOJP{ zXfj1d;V!ZN`2CEic#>wSLe8PZCce6@PRjIB9H5%eEEf|kG&GQ@o$J`)^>gDaZwFUg z)#G>vZ>+=d#2b-?jI?kZHHEi7Hu`OT%j&zrF66(5unx(MS4yn{0s!a-Qb+EhYQJ7K z@Me=5&6nZGWXhR_`jIptg90mk?~9|mVNO+->Jz21vhHyHJ|I9Q0roCKqerOr3B`Pg zLc_@Ov-;7V=ZRc?;$dE4B5keeVuuF!=NSM{@+>8Ey|=0mY;44MWDGt$6gb*3+)s*) zP%ln84F`$PwxFs101d7d3=D%;cRMHw9;k7K<*z~l$Ap3QG8zP^_d|605y+Tyl!C=? z5so-?%UDTitH4L~;)~Ry+ zoQ~M}AGE*!AA0Hqm?CNCMdpx*ZOLq1BlT=IKNzP~4N$*D{W@Bb4X-g5-i|Tp{I!RjR{ZRg;{X$8qiDd!RWAh5F?mpz~0z4Y>O3$tzd+ zwLcGSH!YMXHAf9R$xuGBGSQI7TnUaJ@UzI;_c=MG9&A-zQ(yfgq-^XKb-^H)@%_|~ zE~W^jt3M{cYdnJ34tlc9Nk17itG{}ap3%Y<2~}b^yVP3k17~)Mal3ZsAK>M<9%BZ2 zrVD{;-*tK%AkP!l!?Km*1)v#^CY-@MJ>w*Vw__VYA4Q6jG=665!m*Y-KSJ>+jtod? z0!vDG>eODb;x-#7g8+@bIr1tFH1H}^Gm2@;I){A)V)7sfQr#8aA8wCa%>n;d{AO0I zqsaEg7fAQptQPe4K4?>$6LefX>UUqUpj_mzf#w8%_8BwG)AthIDHq$jDzMES&HjS` z$C2P+po|L5_-{A9^|<7?MsMjVFqL^e3WJ6NvWDhV0tk@xf>jghsIyu@(LccAsPm1f z%b={*gj3{zg7;M_#a0AQ8?H9#*`*2BmnX9%6C@)Se4y492rW}xd6uj{})3iHjPH=vVDu#9H{|U{)$q+ed2{Q!q z?C8NtX}3R^IlWh6U!$ASsC@yP1cpgi4Z#aM{NBK40&Ad>xG+?-x%oAm_vy=q2T=FC zLIIQtWC#?7cZxb|I*<=-SU6jkeQ!-5cvYn0{?J(n)r*o}Omu7%@X|+@6#9*F>5@G` zpTam18=P&erY|TjJv`A9X}raSdZ0wJqpZ^%;>9CZQ!$}qJSue6|HzzMZ&NAfu*$mM zh~h1`fo#7-3vwy1<}5K5@iXoV`^q{aK@HAoM^J)StG_aYsCKF($VjBNoerE0w4Jub zO(OSAU^Fskqr|bKZNlUcBb9;7jB0PMtyFW7II<_J0^=sD_ywfHj?K6!*oTMqg65=1 zP<4`dS~!>)Ici4xCuv{*GHpGrbz%SF(fZ-(c{Ku!XwsmXbF2LV%#x!p+`e4g2U%$-dO2 z6dhHU76-d2*z|#?a}s9KvKWB)papqh^UG3y$KoD_m8ezt^z(3xcw`6)xOPdwyua$~ z>R!}OmTbA^?_S3)W&6lV{H?>Xe}KT>__)1e*s|5;qq^AU`0D2@ch_gUwRnQR*Toz3 zJKyZ*;i|n{P~^GxsM5CGg?L1>W1hNq=WZ$ZAY%T&uLn+x7~8@Nu$cP?3XYdD6?+b4 z+?I6^k7aC2({D&beer&(8<^TB`wDG}!oymkN@U}*o>%&OYxq3ld2bNrO2C+66ve%C z7SKW@*mxri`=^=SW3%2Ds5V_H02NF-ow|_0N_YW$d`Z$>|4DI$ zK0oPHYY(GtSX{26x$$#?<;Fm0jygBkTy zYd0wHcpPk#=O(aNNh(A<0v^e7Y_p#FGvGJISZ}K|GI5ktcg{r@NV!~2^Re>r0yBrw zKC{^ACL5oz!XHv`pAk&YKpu^K?5(FLH9}}mLE)m@*0i$ZLZ2*JsIWxEY{;k4a4*7u zN{UU-&yiPfX;+oMn@m34Hj^HcjwOPnWp9dz*cW=_E^qIEZsV%Q4#Di@ks2&k0->Tu zV}(9S+A*kp~maX^{_Pw$95ON*qs8wayH>lY*d?(x1mxWi9cw+H%O2hc-`H2+I1{Oj-#bZPcFL5SI^?|*glt1AY*ahd#gVF=f0vB zDphJ@-#OEHHkd5gYDgRM7I<5y(O8R{#TEp_{rxA6?Ff$1n5d2O&=4W&LI)^OAr{_i%;vJ2iw?(^+4RDT*Z6 z1jk_OvO0{!*PHZ2qYlOp1=qCXTB3_3M`I*z04fp_LqBD8sHt_Y(O>Q%JmB$%d86n# zR-ot({TM0l^GkCn3&^Jxf(|+&QCd{f6*J2$<;@F7FLmZw4tMFy;W;}lU1r;tJM(Iv z4;DkhbcZ5C)(^%$7v}a9FqSi=pCdv6uwhPgOfVJbO~{z89soaou6~lX*P$rv4-9h^ znP_W0G5sd-DKfAY%1pqf5@|#8nulinW%}9_~`GyDN6XYLpyU>nX*r3PWPzQX z-eSj{_Jby>Uj3gD0RFceg#TMJFbx|NJ!!XEdB1P7v$>^m48!NN!yEBxQ3vPR<&7Pa4Ejg+W@3^0xaOv&q+M$dtoQjJK_=6d`>U`cFhv2H z*Ia@ttq=&{pwjE+0BME_H8ANJc3MEwC_1`O+^K*bAdp(kxVgE!J9eH_mxB-AJwAxr z9%~3bdEqaSExlu~c;-g%q12V$#WMTNYQf@2zIIwK^;C3)MhmlWBG8tSXNHZ3B!a1A z2Bs2B+w^H$lqf=;<^b21H?f4(LG9>=RohQP!u=^+%b!&9I$u-VR!hm4jn#Lj&GVhU=V1uc_bv0R}==3u*E6>w{ru+|)3b%+aY@PHT`62Py17GL#bGFgO(8_6a~c zXvk-zwasM>GRSM9$?X5^)zyEk#L~2vf+X)%hTz9Gl7-_&5X9Z(ndLSD;x{hoko131 z_ZC2LeeIhd?$!i%cXuaP#gnN{;|{3rkvC?B-Yqi$mpu1>~OuN^$rqr zBC#RnU?B2dJWL?uPs9b$*cGTbPaEvO%#4W5wYBR@Do|2_wEFlWG4y&jKZaSoVB+kI z_Uqdx^>7{FKRV%we<$VA1zlm6pdwr}^AnkKtyvD?|SIcBdJ{*jh6%nQu(!^OrXWFAAn*a1ZpH?zzYYiA(tBFqm0`Y2mQITRYU z?RkHHKac93JrGOlecql9+)e6!E_$3^g`zcVdGzRmUiG26437tpx zGt}lv>Z#B$N5D%a)Vg-->xRVlwVm_4$4)eS>-)%m15N(Ec~2-evwT8`Xi<>@l4~ z9}P-)_0t$#S)#KY1>G3r0rUJlCv8|PI7B`S*$w`@aSr-^eiDQ3DSvFnye(3m%qU9H zhO}=&0hA){S94N*MGGZDpY%L>y?VX+3Xvq;qAb`ExpSSLi#5~h-iBDgl3lBYoJq^> zVL!Z}yJW}9oyNP>(TBdlyFN*`-Y4?5=P>ENQLcYoO6rSw48!b`Yp6g89LpxK( z7A5caq4Y>WU;e`MT&!BX20e#ipUx`*kEAy5bjm~CcHFL@Kp#4z=FcA=tnO;aUo*o- zoL(w*8}4+UbN*{tOhyNM*k$PGY2Q{~-<{Juqjy?ghvbSMRJDvMwMvm*Qd$C`ej&QB z%GLAURdN$0-`D+VD1@*&bl8i+-mkufbi=;61pV*EH2()3^6$9NGG=mj*^c?zeclH3 zVZ}g->9PP#+rBS;&ks-?GrAdeN}AJr{~QU0%9K2Q>pGscgc{itVlGYU84r(deUzQr z!H;1h5&=&E`sH%+hcB>eNw2Trlqvf=(~whdxAvkCt;lfXzDuY~!mffsMHkD>MgASn z{V%jp6MzZL@-5n29a#-{>ual7J%8)Fc?-O@fbQG}%?{Nmb2k6quq*xNs*nFLv;U{o z&A;o8tiQ`&f#eri!!R&*)J0`PY48+#`NpRyu8T{5|1SOg1B0UkR0P7n!otECz!|{6 z{9T2S`RD9kI{s=W!ob47BEUm`hxu;@ z5&|N!hB72^j$%9SH>+ z9u^LI3k)&<_Zc^etw29eo2UJ5TRV(V5x5=b>GY|92z)e+~`oKm8%1AfrNm)&#)7LC+DP z4*>ljp~JvH&tL!uxYUU6xTQ2{EIcld@OVC^730%NYc=)HAk$fHUGnmIenO#_@l7uw zfOf0hO328sW98-3-12SU?+OeCJS=o#zyn|;Va_lAG0Xl1wep{AK>j~{(vGsr`BTT` zK3HQ=qKm+`OU2P%jxZ1w-QCjg!_Ps28gb{<=M#T->w38it;y??jFd6aXH7-YiF|TK zt$U;i?X8Se(3a#-^o5nNfQgf5Tl5Yu&BAsb5~KwKiPa?oFM`~aMOg%+Wb4-VzCP$9 zP?_oSxR%X;C3=!P^XTBJz00%nQ+|*4TkF-kr=WvSQm2Bb*wrN_f#z*(q$S1nrsi#H zFl{9G5=BPX8%-ronTxO!uCwX4IY4u4JT&b5@hR}43VOuHe{SvC{66SuVSA(tzbeCn2j9|QEC$hT3_(Ah^GgnipwG{9B4@~9{8M#B0yaiR zT)sR8K#{MRG&M~&Y8Ofjh!$_K^v>cdzxU0eDbicIWYi)HjWcI#imvSI&${QZx86m8 zH)6kgvP+pJQir~dEcP?;WLIC&o8*cd2Bo>4hWKpW<1PY4O@Wb4I=>G%Ma`<|9IMN> z1tF@c-&{YPl)<@7+%|k!GW-0*e#pUKLNTyPL+$U2_$Q`DH?|T%uw5E zj}}E~%oNN<=%L*#-M&39^Cx2EzIj8$FMh(-_t{y{4y&iOpW}LaW$)*JR({r;@6xMm ztc*zzQ)j_`qH{F2)FPm%>wVf9FXf5_Y5T+%=7|q(mGFZ_{`HE7`z4%hVFynxldLWu z6N8bf5Qf}BJO#PC3D?f9k@bxCCyIsZECZZ>tMbP`9sN({WZiK6*=acgWIIUM;q%VL zy}Z!q6j$Fv*{9QHUz=DhPh+d61p4jEyAJD|G^mfqG9>JZd8c zt5~tLp=fy>Otz_}VUlbrzI5;enLWqUNzKR_v;M4efIb0|gzT_*ZU&?DtJ2WzSe>{b$HC{LxrA*>ft%YeTy1pARik9FpErL>EMUwf_I*#5$FnMH+yQy$vI z=>Ed|bo>j`N=(rje@FOYp4Kn`Ekag*T5k(mAM3jo&ok8z>889)Ib(cTJQ;oF=G0fd z@t53M&kmdEa}QfJZJw{Yy9gVR>?pc6Z=pOH>M`Y<`2#iUeGUJ@0AKt6!npWOK=X#X zir%2#ckH1O=x^(*uaD4ltmoYLv%`wd4}J7+=zn4K`Xu_=kKqMVR{Z`L55DbM2g!H6 zQ8Bys3=NqYO(u|J#kz{;9g}-#BHgv3iX>ovs}UKmZjRvY)$^E162a(cY5Zj4)lMPy zLhU*-zqh&`={7>h>TtKWZqI9S^~%8&h!MKKp6W7c%mMT;OwMdB>u(8Hu!<&T<(iGb z;taIxz&x}%ErpWTk6UaT3Y&?IEQR#Fjb4abjYd&oN-zdHn_>^Pfdzc(+2y@eC&0sD z0UTc(8=agKxGpoNnlsSEew3d^g{TCI2n^SM1Mka6aPX5c$YM^WJ&lm_ux8V28OF7S zQ<3vsw)L<+#=LuWy{W-gZW}Glb(3%Noxe4$Yi(1T9Q;r`TK{WUHF9`5dVsItIAi1o zoAHU>F1eI-ZfmjdFHADFUGJ+u64-sbU|WDZOufT{eL8l}0JFRxThfM;5;~lr zzZJ>X#mVbjhVAQ|%GmzQ?_>_2T~h|uS_)pO!ssVkbfR%X@XNurfJaBE1=#8A69l8si5odDCRO(aD* zAwlAVuT6nkZ+R9ycsJ9QAAG%YCru2)jvbc%5jV!4O%A%x9m&ZiZ z(iOsK?~QbKF3r2HA0Hc*zVA!~gn%Sq?ij8@ISc$#2dyFaHdl8-XXx*!*1ALV=zq6w6bXlH?b5-vZcP3_YDygzF!y@p#qY zj?9DuSbRcR+qr8kyS0wLnnt%x-E&-(lYL=nEveLQs}JdR2o?+C70=6)|3=F2Ggf8B zx6eUfaGjf{wjPm)(~ZrO^p8@WeuCvZkM%&Ub;Xa^XV$JDI0AZEMgCIq;70)~d!E#K z)!js0|8SwS>zxU;r`JtoNyk-7Nu`)#iBBia980T;)DeK#QPIHWZ9Q7C3mFniu7n&^ z9ILot^@L=hT}4ZPfXeBrxs!O4#MJ3(S4`3@6e@7Ujm-v&4kaij#iq-Fz#{(aW1@a% z61$nu0N|C4Xx9WL(raabdt%%vgXv0&i6)J#R0xYZ7a5gEBbVM1M-CNOZvm9*Y#=78 zw;eYlf+Pp4aI?+rw;Jj@b8W`!wHQg(k zs|F~BA=ONJIK$#LUO1NsAb>rIMfl2gd2d3x-S&JJJ2^ik4fW*&D8d7prtTPQx=WRF zl0QYOa6z8^$RJ)*DgiXhLt~d6XtFk>7Q3m`On*pv>3C&31=E_SJdnTtxFX+=!7dCT zdaZhrqAYKE!auwl=|8Efj%UhcGn=x#_4{mp-(j!|9JaDb7yHodzRmUUg@KWQ!T>)p z37gk!CdIyO`2lI=Zq<;7!J@k}(eTGgQZ3mq>X|L9DC5|b7py5w23&FKWnE7RKfRHX z<}ZzJ3!VxFP%nNVg)j)zQ|2jV^f0wP`a|Ul;@T21frp!MkQE%>a}_?fN3iAR1hR(j zIjYI}(cDfRNA@@iZ6$c#4$7N+aatCy^`Y3^D$WvHR>r5>e!)$cCzE1QyLsM1=}m#P z>0kZl$avVT4|F`JOfQidh(Yz;Nv2ZDYDowjLvhIG6FDr_iA)zZTcYfj)xE7>u%m2p zH}FFo5^RJO8k(zoe;*+e;$ysAwfFZw^kND%0Thnkh@WMkZ|OknXVtYjtD?qMKuEc$biz@>r*rw& zB7jwX~(>LIYY8b8ywD|_8BY86f8q(YUfj!chdN=+|59K9mYNjOEAm+|AUHeGX z*45Xh<6)G%9ti$$l=j&Q2WFx4UZj~SunrVH)$^kcStIwQmkRg3aoBS z5sZ4Vn9hb;f13qWqg$*+;&t-lt?SMVHMGJ$sVk9RI)v7!z3dsja8_e?5BrfU=D#xn z@2m1;Onklgt(JA)*QUMD!)bXOKyW}rSZ+^`S`mVTE**4*3Nng!t?u|YT=U*5G`q%jH zTR#dl#%8S(ZLg=LH012GXi7xC7N{P{>dN|&m9SKb9DqJkm96qH^*!S054rsOwvik< z-!`(QBC@?|8)*2g$tl`F1)V#ERPe(%ZRS_OyGXY!v*Nyb7bu?Ab!of#Uzq&uB4{e+ z+(w3nJ4T`7{7zmkb%=G-PkPov&p=j(UK4T@t4F10R31?ptt2$FMQ2AK?OOcZH3S5y z`3v)s-42ZxmxR6bc=|qP0k@NIpykD?>X5E`=?Nbu2UuTydztG7-EDkl6~%IPRGLgS3*@7`dj#3ZMBWqz@S9d5eb zlG^>I5rIahM$O-}LPmS5&1ZE`a%_UR$brLL_cT`6yKyR0>K14A`8q|0$T6&^X~?x%FYF4f}|V)yprY z$g#82i+yjOE1M`cC)ioYNf~;jTAXLg+BR8N5AIh6zVQ$>nd`N_J6&UB*PJkflUZ86 zFjAYLSUR_LxlalfC0uvOAw#@GY~}YlqMlh&L3CFA+0UTpQ|y5qIPOKgV6D?Oo#7Po zvyqA=(U`TySXg7&fnvO`lAl3tTeM%|atO>i(Xl};Sc;KG!%J{fZ_DfrAT}7g%>Z$3 zJvY#f)-EydIHPLTbFaELBFUyFCi}VyY{=p(?Q0qTu;k6M(mW_VP^gq*F)Qb!Z|r+HZ|?7(*M^n~$j(rVpZdlI94 zPIucn^hjH-_^tu(m(xy+w)4aygkLD*W0&mv|`Fdq0J$cao-GI$t8?CWeO5Lxb%Tfx#1Ru`Y)EH zM;$SmVNETs47MMdEP*I%W4@}|iMD&IzmjrC5R*SWtznU@+_iRmx!RWh^~5D<+oe4_ zEw5g>q^{mpKcC>}d?LN=v6M(W@IfClHr_*myCeZ$R0^Hi0f$YK$Cjc6{~GoFkSpv; zxqtdEjEP{eBvxqhpThi?&YgLQo7+X=!u~wXoo9J2DWY0pyHm9*>BvzQ+Oi2Hma$_p z=Ia10GSu`y(upqa#5WNjL~ZbGbsDMj9_qW(5foLF=Ve)2Pn^Uq(A~!WDZL8msH@|P z7n{nVi0@`QiRA8CPSw?G0tflcfU6^a8%#wK-niBGjkk?*#<=MErJjz2#TwD&@|GAF zZslcj`k+oxdUKxXZp<2vc&5@heIbw`xeA}u6N~UIZuy~gCtkc2N)mMZ^I0oczhtv@ zjk8>+7O(k_8taEs6J~@_3T^>cO5~WKt(|-ju%$Lv9wUYqNEa=yl3whlW$26Z6*Z=S zMT|=9vZQf#imBf_uNfJa%r^6!Xq`r<6p8OcX=aQt5T|uF$fz#h@j-a4h+u;?*uh^T zFK6$KDp+RTg7mf3kiGcyjJIH5aBDuFTax zGfK3+MXFOAt?ScxjaQa`?2CtTSb+ zZ#&e~k#iDx%k0mC*LUN~N>GpZyWjgqMH27kh0INZuitO!f0qEPqxFQwo|~)ZOwZ__ zZQ<)`Cn?XQb+|ExvFtkK6dO;xYff^kq|_@y>1{tfGVkdo;1V$%E4s*;xc*gyt;O^# z7E)8CejcjO&AIelXL22RD6}U`?J1Y-t6)QVlBg@N4~l6G8mHl`oX*s_fe6c~1*nF2 zr?yhm(*lSVI*;ma93}7ZLnPGy!e}S!Zsar8mt&KuDfQZ%dQr{}ow9xp2nbwRxOolq z5vpoXUpw3iRi1htrfjouSW6NHy}H8&2r?wq(moo{ zgj8ywyUBgiCeJ}xX>@tDwW7`IaB>NA#CI3;a9nB1w=mCroz{uw7d4q2#JqTI}%+fy6O>qR}L>{{hUN4k;b7QfvRhICKNG(C$_0mws4>TRbU7*+qN@w}2 z>E^SPeyh%h0#wyPYp^9o%`ZLLr8aDn3h)mg4g)=i_T+<)z^t=_5A&Lm0n-o0qf8J8 zAcWAIAXrwL28?}j6dP8nUZXEs40!Px<#-6Vl@0W+xvoZmH(SW6{VZQ<``(fzO1m79 z`7EB{g?WuwX`9=caiBZ+ce$<)2_6G|Nw1;N!cAhI?mQ%2Hv6YuNr|UVfLVO>{;tbKRSr0;P&FVDGXr{fV|z64_7ttRsdz>qsnI z{+bHrLV5mDwNQr2%_>9o+VsV=Ym-DDR?@kduE@kORWCXkkbZjc%7QOG{&@9l-R*4D zlKJxNu5Wlx9J%)&j=&cL2s@Rq>|749&Q5@A!QP9NoxX8Kp*ZQUw}7osxIj*s)+#-m zsb3vD(m-$k5x#}6w3w=XTHVd97tx|HxZ8aW62h-o?xUHiPX95}4r7@IAhn_;!n*tT zsZ%$9$Y46(tkL7ryHz~Ud{PHSzmp2Ykb6$IJoNx|iSWhfSD`T`8O2tp^zivySn%Iy+`7^J|wkBCn`d#;#u-Xdd z&%jRMtrV*)07XI#Q!2B;GonlFM~TkYnYZyWXTIy?YjUxcySuVxA#6{UJF=>IGwo_W zQd4D|1rOXQ>43oM9sdH#YT9C|L5%Ch13u@HWFgC}nOw*Tv#!5RAgylF&1VOKip>>H zJ<1^Mig53RMQT>NB^i<$2?c{{d^=7}Kvfz*6GW}69f`|Q;#2c7|1MdVzfDx>>Kis$ z$C+~)*$+>AA*NFA$C&ot_fm6nf?`bb{(+1n6(=-vSrp5>V1`#h&CVc}*i>UGY{jax ztfz&nQrVON(9`!o{Q_lR?o%_7s;iBMm3f*41YR9aQls0VnXPb=TGt$M}4BhDq6+;cYa)Jgae)42bPu)MUpf%aK&;0BNRRbsM6O5iF zfyvtgryWh!vM`pi_8S7FIG2`*pT5cd>F)ds!$_-XusLCoDXrM|EJucqd0O<4^n+o= z(G|60v=bE1OCWntOhiw|D^>yI^UO+Ow17^}AU6m6-X2=WnT{jNv2y*9QH#+rihb*; z(_UprO;hd}fXqx7*q%efnx;zv0oIh}Bx&fWjncyn>z!-`)t5~MAj4F61+QCx=o?`* z8uDV(EPwhHSPF+zq1<|YeKNh0QeeH|EXh-OJ1k9eE1iX*S)d zCOEHVP{}BtGh)tUmAD^MrGNY#t4ryvhGHW|_i;e{N|XHeg)oREZ{YB@_nP@&8D=W;~)Py#=)+v9Hr9`y+U_&=~=fr6| zFELS}4M4|Z{b?w1iC1Lw@oc3Zd^%WxF_>he7(3w z%k+JoKFdCFQ)H8e!t4R1X|BHNmx-Imv?Q=RZ6_mIpW9Ri7 zXD@4)THY>Bp>qg2Z=^1={zNrN)mg*Zflipd(sk8<@j|R;ykb+X5Kk1A@tPX0SZNgw z70cxXUIK#%f5K7EUf3~1ZC@7`B)Y&*Yy%pf=)waT?S^&E!i0a)cnpi?k+x4b-zZ$U z^}`R;CCTz>n7NRFGForEHxy(DH*^%D=cZMUAgCD}hmj#&r((wHp(~W8{ftwczaOGc z(stPc-rBmJyRFHMQ)+VgG0wrx0tikX*cXO7sS)EPP32&1G1iw?M&w)CQ7VpY6StPV zvf{-n2~JT5IgP~M)x50azqD50xg#mU(KT|VQ45SHlgY}%p?CH0#O4Q6>%w*fK7|;+ zLFSQNJ1(R0m`|sMI+NsZ^>d;Xv6GvN#j`fvTaj)GwIID6VJ3yCQ{vLl99x>UG1Ayf z7KQeGA=47~`sF?))yDHJ%7P{hu9~HPry~(kZ`pBj7Exv2;7PL?E*W!dB=iXt@hjZk z(0J+lYtD@wYvmi^{;lN>=az73d35?w4;yKpM33TkRlf{M!yvS7A~WG1tgl4oAJvmOpPczNiQwZ^QCU@ zRm9^*`*IC3+SfFr6$63IQoqMN_0uL3N@+XrVzKorO%XwLd)JW5|*5N;tWf$G3Ec>XXV1SkM+E zclitEc2{kX-B_@Y<1%#h7K2DGQcjQM@t7}ZjUZeixViR3DyoAyp7KH6(_U;&Hp$ixuJ%I^7jN0aYXUX3 zUy-}CMOX9f8RMN543_2j7W2+*tGi7CW|9W)xA}T=;C2l^Z>fL}jz`&kyL=cSLzRx; z-V-%QgXF8ELTx#TcVdVZGligKU6u=h&avWU35ms}q(ywNQtTMdST&QYfu?R!Sn$z? zW(iO@*=t6ZctN5!i&nUO@#cmXK2w4Hrb8_yvp<9Dq(KqYTp|RI1xeEONV+q~}&+L7sjKZGOMZsH=q{I%vb(M>ajHt|t{$0YTYoGz}LHkJf_# z{pYfmuF^(K(I8|tC2ok7Ya#{>b==4rVKvB=2c2R#`7=JPacA_^Sa(%)GbzgmnNJ*S zcDhETlPLdg(2%e-L;?rr6V(!w<8WixO4IbPuE|=*4hMtP02?FzQJ|Pb(Gv6a*V>43 zZi*R6+IDxTbxfyr^SyT(09+07@nG!x5f_dsWD0WQpX)nH-8i8pvS^J>oRGD7O&iHPR~EN`4xO1C37D6_Q#S8u3^a6P z*ndBfc##$13Mh1O^l?grk$MVE0*#{vDXqUug~RA$xvE_awzG2LvT1w@qA`AJpF6bz zw{Zg!TWv_!%GF3+r4upg&D9lMxq)=p=d2qGFN<0`d%0!SP1?Ko(n@hOaW;!w_Kmv* z=S1Pwa=OyOJFG&E!Xy_3^?FqbNo|N7{kV8pzUtIST``m_USD*%hZF%2ti`Vu3a>V0 zQtw$eJr`gtrA;7N3CUFzt)UugZ{i!UyKz`ekooqC@Vp71aXSAA z*y>1%)J$}QXaFE>TcglYPVBfx9}t6p2GYrvar4lI|IK*)$Y3BJte2xaMp+euY#**? za41nFiR!SwoFN59^=@#sH!#I!AqzrN$yA$P8Yp{kWQgSkFVAvtQc4LWsyA8WQ>nH& zj%|ik5PGH!lIM68M#aiEOhJrm9B<<{CQ-&^nom{i4&P zFu1fqAtDUgldE32_>A(o-fMZl_xs9jM50MQwTT?go{{1*}nL&#)h$f1QLkb|tKc=e!t)$|jNaaF^ zjk$L6w4NfEMt75$KYEx*sW#*|;nihMErUR70&1TZ8!#0v3N@RJH|nm=bsaS89V?1y z_Z~9KK?;xfQhJB`vXOfFDmDYA%SZ5 zA$EsFb(~2{8L$l__EX`gtmAePd2BzCk`HCKNLr$2N31OD&KX7UGkDO-1D-w_XU|~T z2`9nx7*;@ZupB~#Lvo}$4A%KVy#;yr8BVJh5n#w7HX-Q+z5+P zxs(pGa((;w-oVi08M$4u*jxK^erf`Xk1L(g6I%12!M4FAoz*1Xo)L%yT8N1e-BV?o z^iA=gZMgL}S>A0a39))9U|CixRcIN+S*n=K)T_ARi``{wLcVOt{Rd9={FYVv4&RN! zq?1y_;YrV!G7eA*8$loOE?DKgeU)5qm$t7UY*H=k2b93EXN-2z8vKv7uE!Q=HL?b6 zoN3Gv3hB1tS|u>uPsL?Gu4L-=>M8WDxC{RA)XJ&GhoL6Gm6Anz1r_5Gw_TJTo3LpS zo8L{%E!UeZ4<_=$JzG`v@5%7nmEiAP*dIJ2D4B~)+^v^}B7+@0jnXl5FMcfa#}LrM z*qJ2TifB)O4;X z51qc1Gdoq*bj-ORHk2<@gl9v-Wi9ZH#78-0sFX`HqLD+?Keqqm+Yhs=`nE(|Hnt$a zQ{f24{&Yj`H2?iOgNWR0gmiq+Rs)tJC4$zoPz=+#|o@DYn(&&kjsT4`GQ%|5%o{_0dbGD*Ndi^eMg+Qi9w&%ou` zc7Y_`GO+&XHY-}QF9aQY z=4B|RDlN$VWy0)-G`a(*bZorW9HV2bCAqv*0a%Qa4iw>vAGx0qU?MnGQkN2k$qWoQ!8Ys^fvbJe*w3;rP zCDzey0EV_ig>nqFgA(u$MZ zu^$Q;R8I}878dnar+CX#S}B_6N64)gdxV`zmvE5C7?aHRVyD7O*Qye_2$@H1JJ{pA zOzCHt3sOJAGTEHXa@C>NA=N_2G0TI1J2V%woYE!2__&iRTMq@^DkYVN>`6hF&hK2+ zsX!(f=E}z5YVB>KXJiG1^G();-_?uitpfbFK}a*qL*Mo1{yZ4(2tBGaHTT&&=jtmp zcyeVD=nppLrFL#%E8C<`ncL&TIcAjY5Dh^bz1Rm+1_y6nL>9x0hhkuVV>E^PCH1}6 zjJyH@8>+xLbRX?7u-bLIYsZ@gcxscr*J-XVD1NV|87GyOs35WeXIYV-ZKcGJ;qDNP zLWsEYQanrb3zSOE1keT7HuPCbBxh0WB9tN;(Y}vZTXM-Kk=Il~c+oTxiVubZ)XAKW z0tQmP!8WX}lBf_6H+OEF)~%}c4;x(T6?V@${8{+@+opx>WyrTTeLRVVTM=X1=@*2C z3f%9QKFZb8*PIr=44gV+m}m#@0vly^-cEexCY{#u5(CEon0Rs{Vv#Cl^4m?j zI^br{%L%C~5VY(;*B~+4Mj$3j&@7RJGh0O}W?-tUlgF=bL2h~a{oZVQGw`DBJVIDO z_VF}J9Q#Z1V`C~mRAPCCV?LmPqszw(HYSRjAWj>VYDs+FLH0t#_J8aIJWC=Netaz^ zSI`S;#={)_;*h*Js|pfPGgMQVcD6*A$)AeE~3*9*P!i= zoA|w&37%q-juQmToNwoJ_!(b#e0naIN-x^DU{94^y}du`W#e3$gee4Gx! zW&B44ZmwqYNpLxsRyj|FuO)d=Jqb~5ISNhu=b^$`0&|oD)C)y3Zl|u}Ma$-0%j*g{ z6rZ=tT}FC$XH4atC)aS&xpdpBi1Ze!JqMn`DR16Z_(GC~bT7n1N)DrzV&q!ne0R*4 zlN{EUF!9bdWxRY<#)#7!-1~jBwtmk@sDw|C6k8lK+L%qg%FCd61w3fhjUDQ##jHrkJ(|20 z?{Vya=j*Y!pIrPA3@TlJPnY--zg(jSwDJXFzWa59#Js+ebuM*>`F!X@f=u$)ms(ib3Z{0xCr!Hc>2QHKTj1m&| zvfTEpyK?=9!8L>Mai$JNS4D^F>N(ABr?gZ{8_{)xDL-zTuD9ksPKj40*~xkTz!*nu zWRUsuUiKQ#u zX{980D9>G}=4QOQyL(q5AbduuK^jM3$S%h9i{7eUA)v&`Y4*V0C{vQ`MNdV?n*fvI zkljo+d4bkCD4>lmjmJ>Co#d`N^HH`N$V{BXo^~iNQpy5$wMRx1qs4tRmMh#?E}{;i z$nt*jHmZ5ab(MA?T#-4Fp)0nY4-G+FPwh zQ==SY&_z0K0SpHQ`*Juh?){2#dTt82z2e@%BzM;KcA|>sUaJ0>;*c38NmU8SpEPvc z!OrmH?G|C8A4^N0jprj_66Wi~Dx~<~@hq6D+jgX*OZs(*KsXBJ#4BBscoj|jD9QBc zWP+eQ7%;!7I~`KM+{|(}l+DZbU1%RedpV-Cu;Xh675AiiZnEsVm06lr?oq0Nwqvq} z-qF21f%zi&wg#t~dA;%lCMdSYQx8a;vWB?rv{aJtO2M2qdyBk`1*ryTpb>CY7oCabk?>>;!TV+6^WeFovI*h_AyG?hxHGOK$O*AjAC6&yX^JDB`!0NGxo&C zcYQ^l9x5m6C>Cm6t`w_|o{;Do%c z)O)NFb~n5hIx8cqF1R=Y_DSvJS3@&m-@-d-8zEEd`VyfuMu(MK8G^ZM>oTjOJw$>y zVMWs4#4Os98)+|oOl@-asPC=yHRL?T|Lk0nGdRN0iay!aX8BKvtx7J~RQ>EB59ry_ zXxz=jF90~FRLLHJt3Wc{30R)#8X_i|_EM&$|xNSTlDDBrvnhdwXuxA@} zKl9J`xo*Bx5QDp4DeTjBIbQXD%x0~VyQ(87@x@CWn!CgXqR02d6_!nIr&Uxwi<^2J zmg4M|DT0WPctC1I-xJa8xGf6D8Fp4be-fC(dcw&rwr-`i^S@#LMxaGp9JN<#V}cY5 z_+S}fNg&>}mI%jpxsz<*cf7v!^f>$Qq)*<%^3FDQ0f-giOEyL_#?k`l`&CmuMrF*t ztkX3bJt=6LTPoIICZomoC24G8ySqh}fs`&a~W^k(wg8~Om`Zm(GJ5J`==5-}~E4SORs|ygmDFkT|vE_2-8_8n7JZcU9nq3 z5C=a&7<4AENgw4q9%F}Z-W>F)MA>cgzc=+IFeJ*=4z~?k)<++?yv&&D!-5A$AyCqm zS~6|5(6D#`vY@{(C41?|xv_vv@6NX~ucwZ)yJ#6d$(dhp%$Z>7p3~ukL@PUG{kE-w zPJKYJ;+P;@U5cxSjq%D@*PwYw7+n7$N|D?jz5T}OD)=mbRb*{C_#~)6hzFKaV$|g$ z3j>sqn3LAcP2^RDZFgix_(zHeUq1a3jhsP9iwZ5L8PeYP@G026ykRae$v2!};m>CA zv1@*ShsX}F>ZFDD>{lOFqtTuIhkSzs5)wKaqX%U2?Sr>;bXtmR(qk~`8sXAL& z7f+$%L?j5k8nF@EwwFR`{T?quyk=L=gh^p#YSH6&{zmR8ZB|uBY1ZJ1NxH;gI>+9! z?s&}_npn+%J$HsWK3n^*&@w10>9vKg=jV(p_Uc_D>EMt0=F}!K-u-$xx<4g;jri`& z$gUYXf-p!aR)b`~CZTd)FWa2ang$BUhd-tATuIZ{xqH@Bl~G#~n0)Xc8+CIva2V}V z$D*VhRF!*@m>-6x)@*72px9}Z7}K8RvD)&w1~D?HM3 zKY4uItNEJ$j@yG*Xp%rWg`_jNhPJezHhYn2UiL=rLEl_ocnH9n-$^b??3ScF=@hFt zKm^(TC5Q6cZAh9G*vbuWh0x3({1YdJi8HX&bgHSTV`}lVh0V#<_Rf7&b8DoFAahKY zA^pxWqnS1K($gcGPhUXyXV!Y&7VvBQC_ot^jk1Oxd!!eVJ-9A4R8`x~;s0THiLA>x z@oL6EzxA81&({pvD$DPA44WN~5F3_+Z4^5mIDlfo-vUg@OLBqix#6 ziOgyK0EqI%_v_Fp3_p4qXkdzL49Tfkl(`nJ50MMo*!u5!>=I@Zt+W2LhZPvVst7u& zJ+=hR_l$9|EuTF)9B`@nm*T`)p{9&tf+|<7+g839{p|1P?Mur$n{WIgNFWYyoq5MvVWJ@7h(~aVJD)lF-g> zyq4FB+ThkSH%R>$QE#7E@)?LGZV;WSO#Fr0MNr$-!4h2H^4Tiu*S2-V;OPWwh_&6Rs54p^+L2=H$OhYKvJ1nQ?2 z$ec(HaML#Ga(ECruHPfkZahR@GZkb*7r#lDbK7s0s&SEath-K|^C_DY!=EY1ZAzoy zcD>#PguVe8TowJsPhvq#AL_6VAiCCkh34#>@rr#wZ&rY#4Im z=FNkV#`d?69SjG(LMNlq+0zMfwxxfar&p5$oH9$APBf;mEeL+evdA& zL)QbQT^8v~yIvTz<&05m9fi@t&DU2?tR=P?xzZJ%5^c-`IJ={(PIoqhsEz1tr=u7# zBWNHYg8c;OyBK&{Z)dN(aDz#KTU2LC;m>#=r2sI zooad&Zw=Q97rsNwIBnv80iZx%zqbDX?QYmys+%Els?6}=^ID&9FuZ}-`)P7&Ye!{O zc2`*IVNDs`aal}wv2CV8YduOT$x~v*o{Q2*l1$JYj4v%oXt!r=Ok79;&GDy~J5r_| zG_{Y{k#w9_2efl^3wM!2hjWP2HjUG24_w^nSs8f9o|IM{8hTRbNy6-Fm5;G95JSOJ2PXsjfOMj3!@4f!@9D0eR+ zlSY}6IPyLI z9Dx2@x~|y8IEY2`WRkwlP)V07_&JUASxwiNaxK~XV_^Y*2-o{ zQ0UhgJiIcn&6vd;?5+fhD3d57JCCfijV7MZCW@aM2?9%3)Na){{q5R8#;}n`@cGRo_6db>t~5fY;rqR2BL)SD=jvEg<5t^Q@ro!6^Rb+p?jjMLq^ ze(z+Ez0H^0ZFpoi5lQkX>LBAeIkHSu)$yxL`)1Z-Io-{jhI&D$t3W8yi0+7T10(?F ze(MhZ06))#VtuiWK&BPhjg~Zd^W$J$(UT1n$;T3+&dn}MunvlZFh|~u;hmRlEv%e{ z);Bm^l)N<~#mJv6YNsBFvLtpuDX%b0@D0-l;3_fB5auZ(zoJ4ti8*O73K_RA81b69 z_{CE$E{GU)(B)Ip%oNpR>0|_E7Boo#ub!wycR?8x=%}dG)*wQ~c3L>MZX7Mlw=5Vn zj;?!BgvJ&*OFwWMcW&yb$qA{NkLjwutkz&8meh1QysmK?yD(IPPNfvc+%wxmu!D$AHccWGv{{Rp0^7o&Y zztI*tM;pmgW~-JqDT#&d!`G|>?{zuw&?>ftftkui%JIW^&7I-V<&wPlEg)tFpWo$- zTL28Ar$Hgs!R>mdKs>tngjXs(WBqzFwef4qj3YrYr5@9({9LJSeiFMelio zv#C?1pjgt7h)##G(PcGT%yXkGZLZqkcelqG@~dXPW(^A`O5oOwsKG>`1|JV4WXFMB z!(c}eK7fkkB&N9TL>rZw+6DoFm{il|W)?<=lh9k`^N8x!K^@2=Hrmof>JzZ8p#%oz zvI@0n>S3g2IUL|gQoA~8e@^c|E+fCLWAnGv;W7syThUl)Q^5U@_R0i`Gt&0!< zpHT)IrkEOboQ3`U8eC{w3}&l zfZ-Q8PG^b^gLE8i)6 zkGcNO!PQwBc*TJDkdDMGWdlJFS?1mlC?crY=LVAxVg}4=xu!_SsluYU{O|sX6lgO2 zj5rad&L~9_czi-vk>iez@`IP3S4?^%QL6bbBf}Z(f5>es#)zubRF&(|q7s;(GBIM> zp-nRzhs;6tK_=(zTrX=cW)-5r5Yi*9E-r_P6_Frb=&0)mQK;o18|3~LwW`-U=B#Vj z=OQDMnCLaQwRFb1w!V%G=SFkd_)s84l(9(Ed$@df!zzjB#Co@@hc%sQ)kgYDCBUo< z`;!`Z*yqD33mqf%`FCCnRqA0qtXIi-)(F@Lytzh2UU^5irYDifoCa?~RiZCsIw&Kj{z6~PNkXL@~8 zm_C;yRTI_UCF6wq6=5+WIVC)fNe(YA3x=xo3nMiM&Xnx4p~C5Mq9fJZ`t^D%pvoII zNW&Wv!zd>nr0(8;+f)F{KP)mAz~yOWM~bQx(YWQFvYD@{ek9 zCCG|nD*amWtvis9PL)nkoOG*A^5Iw4*HJ`k5mnu5%Vx({d_IWxJVQot_M)}P@gn>x zsH@Kkh^+-iY~>KQWQMRN`fGi7TThX$wOaxDQGN_OM0nc6JPTr*72<}UaVPLUxDvMjHgW64#S-JKZ18E3)Ndyri(VBXMq3eXl_ZZH{SsovU=CBz9FU9fP zro9uo$T>9~RrE%88s2z|YYt!;$|F(T3{H60kw>!qKlsF(0H1fX6E^<<4BK#j%U-_X zR`!Ox{J<}>{{VHoardv`#+A23kxEF4>cY&911TCC5JiZ%8WCew>W5`EcNdt;9BXQ} z(;l!Jn(@t|z_BWcjB;?Tb7a@k$B@@2rw(h{sp-b9axtm*s{QU&RsJ5oX1+C1eqTO6 z!_hyN$vH*-UY@J3O6LqPzzRVWaHa2-DAqN-hPF@v@wMyXr$3+1{yMjLM$v6vZ8^4i zj@w`vWs?}uw!^8Wzu)349Zg$=BKKDHM8xPCS9=+x@v9nT#; zp1;5MC#S0M>c3(pw%mhWT)liN5#FEs%hHZSUVbi76X(Kw{?+4k>feo36?ki0zPxkC zs&T?63ZH-dUuN2?Iac&4r$V>poO~(Q)5pyh?MHq80Mkl`{JQYJT?gTRBDT>2)kpkk z!(R30*VKHYmC47e)41eBPoF-#DkikGfqI3!6Q77^)l^Pwb#g6IQb$L-E9;&GBuZ5`8dUk$FtHdaH$EZ0)_*Bn&IUbzwytmVhZaL9flLo!yYDQ7Nghfu=RwG`}s;{XSglaEW z2<22%^iN$K$f%OIj_#F4xqh)zt)63{dJ~oHA{89d*;3}&Ct|Ft= zJB=$)H zSl*sGx;Wu}diozN*8``!)#ORo>PDy3@D8r$3+PTed~xvp_u-+80X&Xyp64V6Dyl!# z!g*DV5+d-3s^#^6&xQLq)EA$MCk0kHTjhd4E0O5#&ppmV$2=FS$*OmM)%aC@Zqk=g z_eP+d4^=m}faBZ_n$fZ#i7S`(o{*!+CpoQNh8fO|j*-Ii!=9?fbaK3>Q@uIVDweQ} z3OmlCG{t+75v^X-l7>s%f0`_3xPWqWFL@j2zNqeXckBA2w2+9NTi|yl>S$ZuMvWYZ z@7i14dOZ<&=w4m-CXv#-tpX$>FI( z=SOIyx$bNF{;Ykm$VG|!uIuCdW#VBe&|E7gz9}Bik_idYX9>h}z$S&_R;nmff+8_f zpNXjCU!Ij0fz>VC8-`cEF7wFg;sN?+K$Mf@E2VltfjRCPHLB4CO(rQLb#wLTt#h2x zBDbEFucE5z7ow-T;-c^XEE$Xy>Q3{;#6?YB=6ZKK2)tcT9Sq zcTt5_w9%R=NWcw046v|f2{I+sbCTN-1^_$F7fGY8#iz84knnD&VTuSDxu zk7!m>r^1WT&k4?yYYW`R#?7N}%-M$ycI(Th7@$V2H@n6AQ~d3Hlg6Z0@=(rD5@V#f zyl`?USgh@*LwR~9q9(M#9dlBkqIB0fM7f5J^D7+ppURXaSxVGuA|L{+5)D3WXFU8` zgk{Bicf?hMar?XmiPVN^Jg=#kphl~|Y3?m+kq!Q$bSnPywG{$PH~Xk9git&)W=9hp zBe;=@ke?)uSE8yNr3sZ07xx_XPxTW@icpoYj{S~J)+<`;$3_DB@Zo2)IVDub6l8av zRx;*v)~YaWa}OF@$0()s>c#%a(%d_(!0B7^#YQx?S0#~FOTih#0*&gfvT|DVKx?{DsAqk7oOgU3 zE@KrD5f^piq>xKlsI#2X(vrl;#bODuZ6hlTXoG(aNoEWdquN#Nv0Bw{tKZJdxwRxq zmX^5cfK-vx$touuYYy73;1q60!*E}~*q(|}E1d6|rlV$-x(O`erFkFIS5pDa8T)KF zCdiWpBti11k^$A81!CMTAGy5+>OxWrn=g~Mz59U+ZJh;tL; zK%#K&RXEWK!l)9c7z*hOQpE{Ib&{l5&&ZU8MwtlpB*MrnH>u<=J*DA!_>~b^(6DCQ zvatb4RwS-y&o#HOPZMo*?B3ez!%8txluogKnxAH9#FXJZ#5k*@!jQ9iQK->26jux= zCZhZTSA0tTWN{~Au>b`hzW%Cw8wU57H<)oCLm!Zk{v3(!kwcO`gidBT9r3kZj?~4M z6%oNit*nsHiSs0hJkMW|Y? zjC|rf$_q%SSZ;Y(S1Y0UP>gS^a`wcGX!=)|km^-*h3i%cdd3|_PWm~~XVdR) zzcr5bk_T(O=90a>>Gx-M;pJiSr}JL|e0=?ymrlB&k|~2VB*QF;#j|5lcV*I8*t6ry zn1*3mu~E?KWrUDbcsm@{aGlqyCbNx3NSP#uRvqJnDoLg7$|PbLQUKop(Ofq*(1{o> zXq8yx>iD_k6?wfa#{GOg9zUf9PS#TfT}ZM$z!A!I?C}e(oCg8yhNqM0PcH0x>$l}2 z`3}cVYtMG+x_pAay_8Jvz}R=)f#3qI-Cm(#+)hSA438{V9;yOyWO&y#P_3WDiYPlu{m8Zl2l1=?;}P@f_b{FWH{rVUNo`z($t6b-F@#?CZ z2F5WM(k!C%Trq0#;9ID}Abps_L5wV)30~EEt{loB_dDHDxno_?$%(D0*R%{h{ZdfN zD%unjXf{n?1#0@aBBO8`s88&%MRA(e6?jvLs`O62lv%*-sce1gJ++cu=CCMMQXc6_ z$4IF+y;OC*wz=Sr*0TdEWajAYa$TWqVb8s6;`vspZn zX<=cn=wpqKv@@LOIU5ZYyq(d>bH`idMqx;yRX{LY524*%Nak;U$ET6*tY-|X8omGci$deBXuQ*PCM@JcJ+KK3#Z+_ zXS?;Bd9IK7J}H|sV9c}2BbAvkC0a7hnZS;Ka3spLu&#@F8yxPryi6sFpe)DEasiHN zx-y_zRMkysE{TxyWj#ED3O-MdhRki8@vVf?COhQiiO8wtM;EyX9tLpI`B(Cb-ght; zkg+hIKbIze<&jAO4ZOn!%1|F5(%MTzeOj>1N||dSv;~nSIt|he(Y^gh*L4Ml8}dJg z^XKr^yG*2ml;O0`eCa0u*v2H;4D4AiD8|IEEc*&d z%J~3-Cva5A$xeFU5rtHO-(D3A(=MW^;R*F)2@ID}_!Mg2C*LYZR@dIO2jj$wh}L zAxo(e4SOniPPZLRh*-m9`KvQnV!lq^m7vy|8Z> z%fh3cFFoq?X-J`Q9QfPx9!EO!XA39~CJVDTXS8z$3?y8{5|+(iY)Q6IZf)8TfIi;F zTpCKhCKw}B)X9iaAbhCcN41n{0%V9TUDV5lNpv)W$|+jDYw8uLt>{3(ZzAK&Ycg>) zGD&p;jU{78ImwW{x#C8*V-@XvG{lV-Y-Nt-%41Mbimg?W-D-w>Ea{B4Rxc(y>pqcG zEOJbH8unOo7ap1HL)fV zEcv*JY$~jaDNbdU24mz55x{fRu)Y8zRk7IjI`KYv_kS&GNn*;U)bh6N8ANj2_He9M zR2KUzs(I!lUoc2=;&>O7lgi}nYjW}7ib2Ybk{J1JT5ofORfx}{uN|Al_qi6q2IVVD z-D5QfjoXofG8+>pY;lqs3W?b4whJ>-p%WQL`g^&#Vo7ArJNr*hUtxT|V^x7>WByV~ ztt_QtZp0{0VptKbenR_r3>C^f9m``fOTu-5{o1r{8n=fkYL9ic4x`Q9n5@)c4-n@5 z(|RSOVP?jxF(I`M{{V7`c`#+z5(wHR%zIgUR$H5$*s4#Yq;{gUtjdY-QGv9yZxEm>i+v6cMIA3N}i89W!j@R7fSLm^aNxidS_g z+QR94jkoeIv2GzLV!vozs?cI!;jD4)h$oaK7 zCNV8+Mh38Q^7-~NEumh>5~Ig^Hf;@=Ba#zV2zzRca~N2ut#vrQ-&%bNmd~XUot2u- zNMB(lH&x5)TuYVuOwh5dM#d~ed=}UCQC!vt{bN@qwAW6-D_v83+*)io6&T)SbXP5z z<&rde4G0OXFY8-j4Mzm>1 z627eQ(YS|R6|y6p3iXrncFDLa`nf!Fm@~-8F6D!4!Lb^h zhN4hczpIL>`%$|Hoh!@b*$r`Hg7QRnx+XDABEsOY=whl3gxb2dS8 zKsKW56|k_8Qb?mbX@$n?DyoS@rfb^xw7<978qA`-49Wi1}@>?!|M0*0G4$QWH=X8SWoBGK%)%R+B!G z&w!!>Z3PH<0#Tgw{$s67-*Ga%afdaLozm%o5M9&OVzsHekB3~JA#!5Y(^E63uE!W> zSq>k++>Wb=l_Vc|7L6jmHw#wHQ4&LZ%h;-*j)c1K*OyLtdHb~R9ra#JBeOAV8xmZC zW0;$k#xOcYbtSN@NWNy&Upxilz4NxXbn?RECI`DPZ=)_ZWKtoN5~H^%O6HfT3|yjM zEL$-ZSladT2rjlg6|Is+9@J!3n7uJWm^sT)TZo<`GOi|3kI}-()DCmoei6sW z*$CCHSS}(k(j2XHEo+H;w;6TgNK7)ot80%M31!H$dqS2l@mElvtBx@c}L_}sfAY9jMgtE-3 z@$I!DV0TQBmp%Ce`)dG8v6T^BYFuEyNO{VdA)x%daq-ZewUx~Zxxf%)b&RG(hl(w- z%HY!Q+{i3GZ7vvqe=8D9$L=G=oOWzl-s2sM+zuQ$U{JVrKp2AODNLH>1>BhlGj9yjIsR?#xnt_zy#whuRnFV@%Vi8 z;X+|Wk1@cA*aegrr|l6A4n|NnSHAePmTMfQ%b^Im8BYp18N_5MRwO6fND+`F~jT#MbE71w zYLunF^Vq{wao-YQTJfu-{Z#JPF~SNR)QKYyvLsgll5AQ#R)LumY)bAf3{{N4o4H5i zCcy}!hopXXAks?ox$kOT1p8kic(0#_eP%L=8yfCxQ(sxxKy>{T_r+(IQFgw+=|8xRBN}{B$U?nE8jyqzMh}b4j4TNeAJ*Apr?u|?051Hh?TE@&-m>jOGX4vI!-CZsxPR3=1k!@YO^`#BVq7G4| zPqD9yxMIo)8-!)E=aemm>a|EsYL!C0q!Q~^Emyap2HMDkOtxF{45KWYOnYL&G>O)& z#cgOT-H|9-F|r$IYKsm7ATf^X3^$n-&O4S19Llho`<<_iU5VPoe99;jV%U=9(;rPI zc2Z@N17O)QA1eA~w7hmfEbSlG=wv|=s;F`_bDA4$Ju7y8L~L$!Nb)W-N8`+OsiZo9 z@M^M|7Lug=O6x|=jT*pV1NzV}mNzjGLf#tmYkaw%4i@-)GYN#WX80y#FalONc%$s7 zyElviLm3fR=orK_%Q#6j6%N|eSJ65fvjUBqzg3UdnqlFdOEMfVHhA4U6R!+nV%6~> zNRJ)tYS@@vlSq5a@+t$4?X5j-WTITXVnEysHx`=59vR67!UkDYkx^Drp%JK<*spSy zo?GQB>>LRb0@694iir)5W_VTH3KowKwT0$)TOGKC7}rfQg4;T;u*zz(XPgHkUNXm& zcgv!3^g}s&2-gfuden35u@=>5?=CeofRDUb%o}jF+@p1tNNWrokZ%G+cQE3_G>W1U zy`3X7Ys%L(e9QR@_wwQ5E&RMkD#{29LE|_pEK>y{DS!pAvTsJQ<_cIG;@OG@xX)o! zrcZCR_LFx$OyXxS=T=OClh3lP960Yun|yZR$C-x^=s}Uyvm`pM%yxoCNGZrzsPOcW znyhYiqZgZ(Vx6qPop?27)~g``G2+h!Jb3VdLyky0(5A`4Jn{#bkzkB~_sJX3%jITt z$}O*U$a1%h$H46i{g;v&$jN+0Ga-phmV&1$6>u9Z{{TjoMo{6+DgAph$ql2FZM3#n5wRIm z(>b_#gv)iJzmWQZLHCbD`$ASkw}{Nu{G4ks5oEOp;)=hjz1w(|_`*xVETXo)w|s+T z9!<$^NdVL=j=O*f(g`4+N==b3sH_fEbGTpbRqkU%Tc{m0=yl`Vd2sg%#1rR{q-nNW zGVW~Y4kQ(}D+iY`Xoi5_ciPfR{ebNqCmwFePi7BVP;MX{RXo-5;K~#rxE0p9o;i@$ zvpQ%T_Bx7QQ+tictaU*aZ%l@cZ%lDdYF4zk-qz7q);c5eLX3OWL5xE*v%!%hc_tGk zem_H6^;R*7h*vZ+0um!#XlUZ{4-{`LJ}ET7hmhoAa9mHzkl{{ZU1A4q-2-TIZs zKUe;5-kx*zuD>{tziaY3q=_?O!0gt(w0ngl868}VTA~GGA`%^xd&|0z-a^~NnD#12 zec-D}YD?k_Vjx`jF7l{ETB~qwHtmozi1wHrt-+IY=7wB&nIY>BV{u)!G4C$!<5)IS zXH~>@5(!lXsTmQriiC>sqh^%D+OvtYM6TV7@ZfWt3~qxD$;kMZmKA4^JG$UyFkOxe z655!Q(V9GB*cQ1!vt^AQWg}6@;P5=TkKytMvE7yxxUGiF9MWP1 zVmNheQ#iead`R3!&B^xiizLmlFkuz~iC4Dw7(?Ynw(UZ(s=)DJh*0McD zUe?CGdr*?)6ytN(%Y=`us4Q_ZWcWy-)_7jY5>%W_xBEmPtw)t35Uc;H^XPkDowhZ>SfXWY?npN7upgYc4F5j zBW5xz4j$bKR?XSe7crARCyBUOUOP7B@ChQo*$hg%44Q6Qplb#>j&YJYs-`+3CON8BlBj5~bk(azv{HKeNOL z?T`Ne2O`t@ezshNlgFo&OIK~talfC~G}}eS-S}l_&Jj47tFbdJ+6(H9)eGI5wgr}B zh2*y940r)`p@ElC;FR`wi^%0^G1g>wXrS0Odqp`$8PWhg)R=0viE_<~9V?idM}5*O z1r^KB@=Ol8*S{Y4>NG< zvDvU<?qx#RQU&b&Bx zvP?vqA9azIK^7kv36e}MDIyFv0KLg|Wdk`nj=f@Z?&CB}%a>5{J$en>&e4y88xzqa`tjPfY(41(MB zp&E}E3*UMg#^%qinOlvd0;0-C;tZ@VR5q;lwW~Y`b2F&J0|_vlmu)<=+wK}*cJk-s z8$*ob&MMs+JLd~=tbbO)scaWZ_ibg_hh1A$X_JMhSJZ?Gh9Kjwa%=otG}LkI+va?m z*LRZ$?(GBY&uT}Mv^b4$rd(@Fs=z}r!nPBEu^p?JS_1N^_WK1z4!)k@+2JY=w0Q+( zg@mzy@Yb_+BTU@cv2LZu=#rVm=;$o1V0*MFSseXwc?-`7X;I-e8%I?yZ>>UI!H;oW zZ@o4KE>PO{*oyuoOi4R{T-~sdK(fPHD37RZ3M@x87>J6Bx}|7u_GdWEF)C?0U1!{t zMH_CW$en!S*H&9cpw6mm=x0@ee?{@4&|`UBY)r|ZdEtV}u0W z>1O4)Qg>Jz%8}VwUbY5wV|_JDx+vUE+U@HDOi2$B6))B^9UZZJ$wZo*?UmlylD7ko zQ@58CCtcvK1W3~|liSFxy|vnDSNQ$(t2LP|ZJ{>-kq(d)#43uTkwakBmEtiW-->LS zQcY^@tlugv`-!!^mgP3>GRc){3`q(ZNi_{04f1y92{6_@D_;bMkLCKF*CUx7t|NgQ zbnog%=S32j5=b9pXDG=tG&rGn;ltt8BLmgL0~(jk8CJxLCTz$k>6ZQ;fX%~*5pI;{ zWL8mQ!iNAb4(ZiZx%N|;SwC)4ONJ!IqvlxtS3caAL~Qk79vc3rrLAh$Hk8{XHa7U> z-R$i3@^;YK9!l6IhOr~#d%0H2`)RmLNn>e6b$%RHB&!x%J>iQaF~t#~5#+O0%JV1K z;z`Wl3utepSX^XMBvPbI!1XS+jZb&Duu4(3fQh2AEN|cGy^mQ|`E-JMBKV9_Ea{mAd(+n zcyG$`EOQuWcR=UJqRgkf4Y^|mq?xUN_ewC?oSH8N4tvsF#aINSRL92Vh2%v>)TXLI z?!MD*O_cY{+q>y;F7~ka`79;fHZmQ!wmL1;CMJ-hOi2)BR)T9J!OP=tueA$V9H=nI zGp6y$vp7Mp4B%UPXB6=ELnGcOlNoiR7Gz$|nKKh2OiwcWkO!fS=*Yoiv<-p@I@%yOz+nWAf&>@@j446^Ir z2}f+eMXn2s*2j(2$5IGmPf7ivlwqAn9!0@;mr`UOoEeDRAu*tnzH50>=@NR}YE<+u1S7 zU0wi6-Z2{j3kgvKq;BO%W*IhJvlzWbPLrFsXBhlLUS-yi>!Mdmo-Ds^QkOT#?P9a2 zWBLnC3aTW@ZF`+?c(KGpG{#~=5g5>!G4!G zTY8d0@hwHvjm(=S;kPZ2ak_MnLU2P07ep9xJ(}EVdzRX5b>EhqyBLMbSZt)>J*sbo z#H=B?8>LoHY2jB}M5nL@MTHf~9F@!*Vh!snk=5IcmTl!oHRn&dDsmyDp0%493W00xw%xrO#0amtby5WzdeDmIcrM<3K;njba%f73aW{u}| z*-}DOj4K>ID6nr=+F3&l!D3D>C3Of1D;wk+-Nhy(HCBmnj@L_=|0ca_2#O-d|R##j@3Nlk=MS((Xdj^E?bE*<0BA+`j`Cblv5;2%T(M8aX7UENgr$*P9$JKuyq* zSCHT^^E`%Z^2aSTf%9B@a`KFN$3As?SuHcE)t0+}YH?7pl>m|0k137q)F!GNFF5f3 z0E^gd@y1Qs9o|2gWtZ18a;UYZn?sQ0(BSRiC+=||szw}X;IOE#p-gONXu2awp23WA z-ssm^>|D4wjqX9Uc1;#Lv|F_jbOYoPY{6Ae;q?!LT2M`bDa@?PXUBB zX*DTp=0{Or!5~5=!dAV@T>LfESoP=UPP+4r9VduD+YKG0!n8lTV*_4Ec669){XhZO z$c~_p*J;Qrnn%M@7CBFbjGChxk77OHiyl5vm)*{X<*VXLW+%B>79Y5GHaT+y@(p&< z-p3%rCd2o0{*yT7Uoy!1*6ABg$#hSD zctqRmlvMUrvJzOweGn03O$z{LLUXArnI0aoDm+$0ws!JVQ0E(sB3chIur!+Ne{3^s zXKrm~Pmwy=r^zw&lOGKCM&A*~f;!sB<3KTMl_cGGQ1*u(sLiBTZQYD;LGc-cV6$Vh zCa`**`l~C)>~YJA*B(()s~e-c%cNPx#iF2Kqu*jQ0y1YxO*FA>O}LJt{Pe2|yU8ld z`w`G#;%P!*@q5gpXS3kgmcxKm6+;5Lg;&ZI{;WyaA7LVXx8a0)hzOA3O@}N^@@oJz z(KjVy$)u$0P;<#-_Em|>;=^-TI|bAxSY55hZ8vTJ_TtLY+S4w^aSH$g zB|Jc1&&ul8bEGYKWy|u|oqEe0`%6*6V3}ud#WTj`lHQ5oNwrxrZVqMiBEZG{SmQgN zB3HiV!92j^kPm+yYU4+ifX8wsyAG#x>xd{bNRbi>yrgV$cOM=Dhxs)f{{YLr-te{t z6gww-8@FUZhzPrf+9p7@hS!K&B8%?Gz1SFx(~6wTGp*^q6@#=ROX?DCvQ(piv~k7K|rX$_X8blYX(PQ;?m=ys;0|g zUnEyK-uH}=0LbsJbAVTQk`2n&hg4*7ZA#@K$49sF+BL;RRFYQQ%LmRA2PRUG-2rBG zzRfXZco!{JdDW8jjo#||)TrriFn376>4k~UY+HxONKVOgYux>ekZ zg3-xaODA=@ITUV3DjbM8pgLw8`Ea*hTItW@rF$WgLRn>(XRtDEfJm_e>sD+ty0&=u z04`1J2n3vPc5FylqWEJP9#ee;N0QcX2yyzCbVbjgpBcb@FBl&p%e`Fh5J);WpDSjB~d zZGrhnjAkET9@L@QJWjVEUK&!tr;!}*I?Hm)hLB{|4Y>DHgcOb1M)Zju`EIxQaq#Zx zr_5JC=oM980t+gaymMKUrXA4VciJVxv0?yYeFKNd(2Mldy~p~`_I`Vp-aVh79wa+{ zcc-)DzMbvgm-l~9#pL|&y!$=x+B;po=fm6AJKv&yTE=@9Fi^@#&urcL--u@vMvc-- zESYpd1aSJ*28{B-W60vFBV5w`?bie!rmG^RM(6uK2~}EZ@fQK{At8!cDt4YBGtIjY zToEZB0hX%daQOaeXuO9BR3KYD9e~%y-mgJ8tZ<` zC$pfQS!e38a?Fcd!I&ds8dAe7d2vSxU-2Z+mc}!RhH3-i=~Yx2H5C$dBxMtVvyp?X zBwnI16{+2G<`5)RRC3RIm`5*9)bhP3zNy5fESz#m$s~Gn3`2i;lLjNx(ygY2a8{xMZ$+yFD%Xf2t?OZGUg~4-T?fwBm6S8JsnA+Q4-sR`Qaf8>uk3Q;7 zLz-S=Y`lp+eplr`p+VuC`&T+12je$>1HJz2kP3W{Fv9la+gB?i92J!jwwO&6Vdd47 zlTX_WgTc@4ENeh#NMw65NAjmvp+Z@1RGTjk1p~i`7Qf|PuY45v_V9o02-_0ww}h?b zq}^<8wtPB#qP{C9(dKwXwAk(}N?hj%zlU9u;^ven@*P@R8s}=zJ#b#&| zx4}Pu{W>pKqJMebkJHDm?*8XI`uz3eA?!Eat?>4Bdu%pGXl!T8$L8eTBG^e0_p1%q;K;`K5~b#;`)vl_2pqWmERxFnw{ddKxUb10je5IQn6U1tW^vaF&Onu4OtnFb@))waHb8>bJws!UpWJ>DjamONb`9$t0 zqDC@=5>MKWUhKOm`VzYuJ+g=X=${#zvunI^pdsd;WbsTglWb^gip6rkh79_q{{Sq^ zU_x@VZMTyn2Q`};-b!kYv=bGo>?Q2`_VfET{iIn)w%=j*e#;l$IZ@9pyJfeh9d_LA zCFEGbbcrs-7)uL$M>UliFr-VHSBGVHmr$U^kzp#VFhWTw%(5yfa*OHn=j`L>^Z9(e zdHE`Or>4AXeXM@TpA!DW-x8Q0q~}wzd1dIZ%ncSapTA%kSHu zj1l8X-5d@rSq+s69Cm~d+n?fBIJSCdF=I!ruCvH(Dr?#0D~F{kC475(Pka`8HE@co z&&96s)?kt{e>mJ91FEmE%Xc?DEqj8=zeMnQAxXBE0tqBX1(ri%m3XyGi7}(vUc-?j z0w)MKzv+*ACNd0>w07A40E>(ssqz{W%(7jZ#AoB;7gtN=$%BUOrcsr$JAZu}8y%S` zS;~22e+*ub{@k6<&b(3kYy4Q!?&fqXZnqopDKEorEqRj~QsUcZwEKIN2XC?Iqlo9V zE3vpx8#iz-MGLe!_Lmp;Zdc2*G?I4-u>A}F0B2q9(N)%B9wdBHz}(kU#W1&Aw>w{w z;rBLDB6Y2^w%iy^Xq}Erc^NXcwy!<})UR+@xh&VJ%_5cB55jMa-wHlCup;hXg#Gov zH@6dpSh21Ph}yj`ae1>uL&L7j@e5E_W!Pn$pa`aqUzAbQ%90U~(S~s`U#7Se{T^>) z7l{vK7W8=V$M=6D!S^d{_jael%eHrSFo{HjnP9Ma`^LE~Zb^h%mH8GGkW&XLpgf2s zJ?1|pmTB%Rp4rhX8x^H1w4=UXE`RV<{{XvN3aRVxwSSM{&(H4T@bu^G`?uZlU*WC4 z{eQtzk3{wUJpBIvkI(#csCXM`ZYJHp{uQ>bMC#?JzXGq#SDrZZU%5SfK7OCiN2)bk zy$x0EqVl}@qnD?pSJhF!YW@kw8r1da>f?`2l=W&aqm_B(6OK_n@0alT>t#ysUxmNB z^5K45BK0c$txi=sc=Y4t_bL<0_PNtb^!WMdUl7UG#`HIyIuTLIs))URyXorBs`XxZ ze#C0BBFHgyt!4X(W-vuLU83@xp-badQ`tV-(HsHp8o(2 zwXxq94E>xwk4L8q%5v`4px3A3Dt8;p7t`SMMD)>w3)=2u2ZcC26V*90+|FI;=tiP1 zQ$Acd5q^5ql3&9(7`W?2Zv$4NoV~tS#OL8Fdo+DzP#kU3HIP6cxVtUxZi^(iJBv%u z;O_1g+}+*XB|&y^f;$9R+}%Px?x)`G*KE~PP1W?YUA=wIiHE-R+}4**m*}7q8_jZf z%QAVLT`!z9k_~G}-ccG{w*G@LDKE0p`A9}>WfN1}{j50%MXeK5qxbR>q0w@TJET-U zd2|?nI;Ngldo%XpzH0$3HWS>YRFnRgP!m3UU{n81WpYc%e`}i1gX#s+kOV!|wTS5W zcj8bg#{w62oC`XRu@2wP+m7C70nR`N?F?FH!=B4(PM0@a}TGl>RIr zzNL9P#ynj{SCm3F|G^}9TtB?t9au)u5ew$3g5M}mPo_t8cWxxg*y4Sq(3*nGTI=XkHyy0{0&1GzzN@k^D6Ic(?G zHEAD@H~0&7GnIRmFE37v#4L{+-c1)5J*Pmd5kSNt2A@#(A+@4jjSY4C_3{=Zd8_Cf zMUQUgYD>Q>tqqHb0M+D}1$3M-k;FRC5#u-Azh?Cmdn#cYeG=LjvHc1;bn+&+hdmXi zn)uZ_;|V&W&v?Ly?v>fIzPWrpW=SGli{3-jTW@A3i6kQeHzX0wHi`^Xp;ndLNi)`u z;__>d)U5N|!&2*V*pQJ4^K7e0YfGr&XN~0WpHM}731^ep!!D_+0hzUa?Ty7J{am{3 zhwHV;(~#2?-e6iq5F-5`S8IJAd08|i;jqwu@2b)&0414!5q9mGmA0*F1kf$r)oXmO z)^;`COpM(0XHfE#0%xae%jJK*-n8JP5iV@=mV)a*3mY^<>pM>Q=9BOb#!8=0ShY@h z<4E#uS1vHwnZ)WJ%pfVj?IHTm%WaosG!qpwhs(L;Z1k*vcg#SzESA7u?BnHF7uC(G ziidin>&5aXtqB)$1g@N8BlaDEcTjZQ8MB9TbZ%e1QvIgXE5l(_g{-EtG{7+n@h{3B zHkY3d?!lokL&-F%BjIuPvRvWZM^XjpOL46-6)saAsInx?TIxWxziLHyh3nizOzA1G zM3I_NeySvST_6-BitGgCWjs7nmz&;>t-d=Jlnxu(99b>Y-or$o){G2wBTo4(#H9H| zjCDp$e6v^f9bO8|scu8&|0!n?-A4brUaghj&LnKsqSm@b>XyxQOK1IyS~)Bf`*i-- z_tc_VE)!TN4fAL&3tVxQ3If*(!RP2YjIkXi9INs4@T=n=Qyae5qq;-Xo^dt@@*foF zr-*$_LU#*`sTRiIoxDCQRjQ8hUG^&7Y9fTfEYh*`)wr;)B|sg}+<9?pn|>BVRw8gx zU5iWDsA`pl+eX>x#N5999fJs~L+7QvkMs0KLd@!-JyFl)WaIWWJ~%^enzWPjgCChO zFG>EuSI(?+f$;O{s$!GJ3Zmb4S_pA6F$>vX3<-Gi)Um|X^FxnAr1?({s~*_M@hW#V z$Is+I^?~y@29S;fx$S6i9iGz&%3l36Cj&e|LQ33TCYl}&t>SduxK%d$C8JlKFUHDG zKF>x4vq0NrJLBHqfkNUr@Iiwn`kLR2 zq!Em0QB~C@KS91KRykW^!*9*RuaP^M^_A?_HlB1cOo~BVE2L84&i0~`^Ey%m0ADc! z;43A2=VVHb$bJ=iIr3SLz!PZMsGPr$nOk?b)lcW??I@W~t@;jwm(u#0n=qZ1h#3xBdKsUpE za^kQRqNh@|n98_pOQgJ0R7^5zz?wb*-$8V4D3}$PXNLWZVBuj`_g5t;MykGxRCk(G zKq3+m(L;ngcnk$ZL~j!ZBgM_y>I{x&cF?ML&RGJ`iQPU|r3(ZfEb-ge4>zSpi9Lo) zICk{5)JA>}qV{YgRfp}fwo523qSH!r4G?mpcGG-SVlbszU!s$jId6NllUy1(2qd_g z=V2Fv>{HiCp{MbLe~jW-5$@spOH+g8$~6-ssmY!W;>FWwI92_Y$!5p8~#fZ$Smy{I_7X{KIT>c7%J}fL}Er~NF4Ap1MNWdi6D@EO- zdXcOc;e+WqYYfW)j20k$Xhc)jd3bLm%*o>4rSW@7S?VoNMLCC4S9)RD6T~Ar7CVKd z&Aa5F0Kd`fwhoBEr7Cro6?v{YbgqD$B*EVVa--%U`s$h#S*k&urZo}|TiAkyD)@Pi z$_SHq{s(DvzD3d5IXV_kb|ze-iWlror84aBhisw>m))eV;61hROtvx%YL`o)m?N9K z$hdTJ+D0+m;u9uQs!iAl-$(?y?(if%0<$&^7vB>l+zaWqvmytQI}TjUI78vTo34u; zX(KXRZl8|v&-+E(JLiu~z)zrBRc$;(TW3CC6_PSJp6o%w?Vsk4no7jmxg(n@Xe5-4 zLy}rOzC7zKwu&T@}<9};ia zDUqoP4+gbx3V>pG52ZMEpHdbx^&4c_?YB!QGehj!6HK|GAzq z(Jh&NbMqyP7P=B1YIxt)#RJgbVS~e&46Y zddO?fZ-oT#jn8+uHK4wTXhApdum=PbDlA_UnKI|^B8f%34Mk+aZdDndt)N3r%q2a2c(^Le_0m3zU;Ff(+vT@svm-fRgs&!!yly&nlJ7Ps_Bw8R(kB zg}jW!oqPQrhS*&cSq#S0vRU1}>iMUNPGXQ>n@-zugmdO=UD5E~SqdCLt#nr>9 z^lC->s(pP^VjzqedH!Xh%d;-~`nDOV;(FYc+0X+>GU>he2Vh3;zObiH-h(I~XPcQ+ zZz?W}WRv(gS5_T)m?Mmv~IN$9p(L)JF_NQeeuB_80YQl^L$-r1vum@NJz2}sR{X; zynKl_##V42BotL~QZ)bJ=t(wyLB>xXxT2;nb@{?a#8t*a(@Q*$izxx&4gvY(%rm9e zR#tfFpb)h4x!D%hpAA6{M73Ia5twzezUgr?M^1d^))+D`E*hpHtKJa1+$4)k(A2Rj z_`Zkfx1qUwnlj>SE>oAFsU>M1`7PXT`lHSFU|Y35ebrWp-?5m$JZ|q335C8z{n5BY zX~PeKgsJp}eqM{(D`aUjk;wEH9!sF9boxtiB;6&BpBg7>g+y_EAL>2wQp+;Abj-$v z?*zmCm}jK+dzywmIP+Kl2 zHat@s)^$vg`?L?G;GIL;x$)FISE3m8n(Qu3a*Qx0>H+1n)l>(f`%5W?wvwoEjj*cn zcb#tZ{VIy<`qUYXZ@rr;NG5yJCwWVZ$1jKwZ!r87_5;FYtloTYQ!hxEUzgF{#hyH% z*s2n4zD1eaWnPZrWRgtr_s(#ajm%I(L)L2a&QSUyZJ6!Ae&egO)IdO;Qoe zp61T2rtJ>^_So)dt~#sgpB3l*F3Td^JcD2f)9?i<(yK4C@yMI2MmVYoT{y;`mv6{qEKyO7)nGTQ zkYr4aYSv59#-<)BprMhG1_tMjZENB<4kQrvH_lmon7_Ik3e|)?I#Y^{@VnU4t z6@8&My-#{!Jz3+x%wJd)29L1`+X-oYm!@lg-6jo-e#`*d)xHG-4Y+!T(hmeRh^Hsc zJ{Zyw`gDt#Tvj6!t6=d_3u5?}P}*#a6+P0# z<>3(to=v=@YI;I3o5I1#xPMV#3Pv#2LsVNpwYH}3J z<7opHeU-Esm}}loGR5;T0djOg){3#_Sf|Fj@jNWZy1tvjHfEA#)SiQ8>y{5L)S^g+ z2a-*7O(&I^Jh+n#Uk%$DrhKI43`G1LtViukkRlOf;@QqCJO_gT8?dLHRFWMrFARD* zXjX7VBoAd=DrN{SiG*iD?O@n4lbJ!=laJmXqdPwy#KzXc(TSHd;u=;gNX9oe6o+9u z)3oE1IsfVgiwcBVM=hZ@J>Z6*o6m|!cqZAASs>*q_$EH&-<49eGF48puox%aR8->s zeKg_N3f``(*wrb+G3vT)uJ($fU4fg*C1T{rk*X2>9~Tm?eQ%QV3$z#A5iMG5lZ@3 z_Q!_xIv*LsrFm8*G;4H9e-T2T5?O*$>cP2PT=!%&3)i%RezGxB(i80gTs9%gBn#CUl^{-e8e+GdhAVNG7~j%FFO4O`#MJ0VB1?0+TuNOCzoJ-T zjWiEwCG_mIBYb@^uB~Nrd)WFEP+7n~ZeoQ|7yY=%7_Tf$pcKvfSx_|^OfU)6h#Ha@ zuSD`NN3yAo#5`-Z?+y(tp)3KKZL>JZ)E&`y$Yfnm&Hk8|?ylawb)9`as)Ra>PX%}L zf8y5ynat8VXo*{J?fmS^ttqv2@LlVH=%DHvp9?c1{K9sO{w`fp)KTT?spd1yu9S&s z!5M=dG4q8aOF_}doPAwb(^5tgbAT~DfP9*m zBjQP_Yt-A~p-$g}<1~&litL;lr zp03A?l9Elgmw;P~P5im!ju5A4;Vh?Z_jcpOb47Fuk48=UnkEP&Vkxc^S+BdKDC87+ zGCn^dDe;)|qZC}Wg?BBxdsWXEC91rcE*7ZwiS*}W&}aD8IUn5G2k*G44v*IQnjyJ$ z`@)#au5=#Efq_IxBO&bTM7(RpY5}*D2nhkXVX0Pfpfb84re^$)^xu1_X=u5jro+h1 z3R2(Gnd5nRk~0m6Qm;=1Vy3{-DC~JJh*pb$n5&;!?whwdV6L3C)ur9NL}i)S)cgfd zO=K$;)eyFw)2LROQZy2R&+gisF2)@;vv>E0V!=N6;E81+BG}@0xRDi-c?-4%+`%7LmtNbElt?WkYgI6p(r$xxiLsOja}?e zIGC!a!eHN2`V>G39U~sua}9A*qnmDwnzc80?gWRox8CtYpM2ou7>cx&fb&=SHL%kZ zqud`XgKb*xIay}fVfs#gcOEXDtbnTt&7B7!_>r8d7X09?HEVKSUfjJ#zmQ@|p3cLh z&46L@7DSE1t742&wLJYH(jJj$;Z_;9+ovtZ*y+6gdo)RREN~h^Db+tRHp}ilpR{YB zJr)Mv8xEVQ^n8Gnlq2|z7O;Ks5D&G^2*%8b5i3gbq5nCwZU(NclV(n0pi?6lS=8SP z%h*jcK?lSJ&W6jh74X5GxgzewoRorRE6dHyY^=0tE?7dOB6O$2bk-i-M21hVPNUa8 zU|y~}I?Ib@&j)|=%%bODALq|FNG+rMI+QN^4XG&?7i?olQ0l229S-c1jX&r4TRViP z?v!O|ni`p@h-n2aX$cf^U4m=1ihP^nsBA+q|7wlMs;$nKiN@)^So&=A{d4!{%ui&M z+?m;`iBOg>w1yzhnv>&0T5xHVs(=9;&Ji{u{-BMa+I?V*hof9wL}}|>K9jHDOSQ^K ztQE?yVzuaFN2f9?e9TbRdzc1h0+w30J_oC>7|UU`$UAoAi9__&gbC9VcoaKK9VOgy z-EOG>xQZDwvJp%??)L1kQ`|}Dq^Vv7JyT>~H4zoNg1&fS4_?QqBRk8PSo&wT3EmCJ zbDojFX;EZd`0e$e6pF%jB21LLmVKGx#&8HZDP;f0CKuIWURSiQ>Rv5N%;zV&VO5Ba zm9i1mfNeDu=4=E*!&p`DhnW3&g0yXeb*-5+5Dgr4?Ql_zSK*v|EDn=L{AhRE*I-%0 z%gx^_39Vc; $?N@a*~Vm#GkyzK#~zHg-9Mm)f$4GC)a=nC>qFy0O`h6#7m`p_xM zN^@zPWLTC^8vmJ}p)supempAG1uB9dvx3s^Qwxy`lI!-S^(<%NXDS}VLGh55sgsrV)I?d=2Em0yGLiD_>Mu3M7E<+>rspPd& zj*os1&Lr=%x83sY%Q@{3Gx+Z^1J&r~PCPd#PSpB3_E7-hW!-b|#8L@y2f>si7jIK? z+wEto>;M-RmYb2#_Uu~+G6*M~WdCOg>*1QL7fX&4<^g4PXASl#Nma0|pO#=q%+AuD zuU`j*%sPjbn&6s>G_d&_&5n_b6eVm!&hH(k9n9Ms7VixT38&28+iqc33GIA^u1 zu4ke23nilhkE`czcJH|llS<+*sU@JgZdHkNTkWr=O3g(E}Y{SmXNdd>>Uk>o{5U}&x_&UcL3oWJ>Q=Uy-WU`iiVWM+m)8%<7eLs$`* zPHxphzVR?NQ8c{$PQW{jWGt>}0^6Ke`G%v%iXlB5+cUFEND>rlgO&|JkkP*wn z=eGoi##brK9GK1`V!cW!(+-d;PiImYe%zR-eQBtGVy;j^fwuCn2GA zEhjMA6T@E8ni}1T86bQ$%O6-;U{kSe@3$KfVBmEzC&$?qj=*JL zm)-(P75j@9-a#EX`&FCAXUj7?Ag(91Wx3?VSpK_(l8jJr67KHKRyADJCu#1yB#Oj0 zv%#BBl6-ZgowNo&zVNL-V)LF5G$dnVj;-(x$YS0v_KP>31^|5603}MsGb=AseKh6? zaZeJ$;`--xLzP0*$Tt$6-tyW?*)QMY>ZxEX3^6nrEdQW`Sa(&y}yC;H1=m|%S&%uj$U@O+$aV4CcV z_BMlq|tUFIa^9JXVQyyI4zrJ?d(XjR!ubIPP;`W+|u5sxWR z>dx_&Vk_S!F2ZQ&RT|h~vDw_?**bDv1jx<(jPv*6`!Xr)H;KlANqaS?uaaHA9N5=_ z&Kf?obx81)?di>k@u;f#ejc?6Z3fCmGdM)z%cstdJs%Ydf)Z_+a=vy~;Yg4w0;h2s zYip=qKjCL_K880BX%i}3#PD)*$`hzNhr5M&*M7%h%g)3cg_e*W4|JXpYpIhMv1S9x z-vvU>1(BR%##!s~2wZJ&cmQ<~nL_G}67OtA787Z$PAjbHFL~xk&{oVo^IpM!FpA7c zeI0K*g~xo644yWb=N|VEU7_eHEW^g!t>C+z4`w2}sl+81?^50p){6GrK<9qH_^?U$ zAM}A1nFO3v*vBdrjE;|=zG@(oME?nvUTqCO)m{GLGY((FWA3!! znjG(&if@x;q9z(5u6FK7WFTh&pvnp0asr09=2?O1Qu5s`KfBiTo!lRA1no|DO`J=# z^+bdO#Ebe72nNqTz{8HJt89M$WEA0x?PytRjo2+T zJxtZH!JAb=-D+($C0l4{jc#{A!h)o=3GNL0WI*HII;D0jZYs;|bH18pq^CqUw1K!- z&l(4`B}gq~Q4X3q$A$o54wSPA02I;6ul&(Y9{GdsvsWS1mV+g>fd1_{CC&>hP9+Y_ zuXWS`#oOJ9x0TdK-#$w-5@*xHj{>AnZDV_v=U)VKqTK6=I!Plw|XoMY9W zsUyq{c*ddZNs{9`;__`wdy26NHSa>@G5j-PS4bd3PrTqYZ!;Q^Prw*|xs{9N>&9wM zI*isf~Pt|Yu6 zwshj6OlLaf;plShS#QfT@R=`C;zKpb)Dv}^`X{}$@9!+zC*?l}IZlv@E>FH^L1I4R zw~6UMSP(PghCIDvQ2ZvEQqjbnBS{x*8y27_S%2&^ceCiE7_cEKuvgO8_@B;4i zDStSKifA*mv1@3<5;;ovjn#h-(s9ygv9#z48e4QLQWM_BG?^r6pq#5<5;+ zHx~+yi#M(RsNkFU`t8IKO=kA20~IscLK{t45w(651&!Nlt-0;oRt3YwIB+d~)6zmN zpnGs_oW3Y%ruL{q_nzScDQ1C(RB5Ktt*K_>joi3!^*{~0aVkrv@QeMuR-XaD!Zj{A z3)jZ*IHySiwcS_F^V@lwnV|P$IAd6n9-US9RVKKUx!~KQcK?=mtVz1Jwj~v*F8BJ056>@u?+&md29q+N#HHf` z&unNP%Ve%tNate;HF;cFPLU62hvxIC$Jw1D9BEkRjjequ)@ZO~>${jtbJt?vGf^@_ z8wOme3QcLkFvkJd7?4ylVCMjPu#`qCp+8;n;&SGTU7U1i0LtUrw?nMe=(-Y}OyJ-k z3Lcn1N8HeRX|yf{GbXZW@oOL*M^@;V#}^87ckiQ&I5zz+3{7G!!f%4KQ>5Is`_xHh z*qo226b4?OuzWBucRNiuiSw%IW4{~WqQ2|$=tA;Y{i$TN*#1u8tgIO0rTo3u8&6D* zeY}mpiDj@P82dvc%s?~>V>ZxIa>7<}bbjE_dGM^&CV;WS`8<|09!cXL8^z^+7yq%b z%{X17*@^*WwK1s#i_@12U0W%esp=9M&~aB%O)PG1fLG$G^vtE2SC{@ZM7l!{XSOEd z%rD$2MGrRA_~VymUR&O04`gp`q#q9n!bo!lJnctrwtvENtWhrU><+D?SR;o&;PK$( zdyy(DfRkib&;&oeHTbIKwoZTF)Um_CHq|!ymFv)ri_!F1U%xeBTtbk3vQ-lToeMTJ3 zDlJ{Gxr9l3%zTIqSB>UCzC)1C`-&gIbWdW{E;?D(Q7Y~tU$>SZH=d|6Lqk!Q~QV-Ig{Vs>?cfY4E+@ZInx22j05DjZwF?e0XXcO6j#-nv8K;;Gsq0c3rx|?l&Sgf zd#_0`LRY?`KDx|oz|8jMqsugZ(gp6KRg|6y@tPBrZDX-m=_+Z{q}lwcpWb<~BKYE> zlD=-0{>&D37cC5WVkTyd#T9K5ROlI=)w;9>P2+h7niJr`f9AT@K5}E-LT<{(#>@UZ z%^jhql^Yd7WY!5k!XbymeIMe>G4QO2d5RgahjYioH^-Nk{qqC`nK01XueNXGhv*mL zCZXr2j5`Z{YXZX1;0)3J+OcFnm!G8PFO(URIXT1}!_Ii~c4V}Co7XRM2eX}nKcZYB zz(`!o#s6T;ex^_2&5AlA6q+S_f_kebv0;;Old7gTnTcU~NA`wRC-|?A@2N-{NoE>A zP(MS_q&gI4cb!itAz?9EgED*hLJF?o^U~a)@83RH%bT2ofyYAbJBBN!&S9#J-GAK0 z>yw(nDcPn0@;|gq3ARy@+xalZi4n0vtuU9$`h=)G(PHU%!uRck&jn1=KKJ87Sg`OQ zrYq#`b|_Kt=WF|%^fkpR{M09zF=~rKOU_mViWBY!qr*CUiZL6y*%TsK4 zq>EeUQ5(Q!G9J$~GO8?9(-dcp{hX2qCB8Hb-1I0Fr56;w0hOG@-A3p%Q{sfn`S#O; zWBqTIm(vW-D_Jsg{YKPWB#p$j9FCfBd6WZHJoVDPmYkoUmH{plr1za%2$vChu)ayb&7$#6O*A95G8ql%>i*mg?hIl2c6Rgc$IpR8rAh3GPM0qs^ zsowoz3G}X0UG1WyC@A>L{QRh%kroe;L?KS-01}n7m>5Oa{)c+1l>$&uWciRxkFtfH zV6v_4iuj~xPSQRU7OfO5O-wUhvg^gH&+!u|4H1b}1(hgqGV!u_s4}y0qNc-aN|`PnMty_*Bp_w*0XmxcnVI_6 zH=q2lHH{6qpcZ}>LE7{4$>k(r*Uc9rHlazV=KOS*suox~bCHU*VsW_AL?!a0#+g${)Urn=YuEPj<;plSZ>wpHr#NpL>T+tyo)Tr}{5F`6<)^`vrZwPe?wy1~ z5q4oYrD>fw&6iF$WaXUc+98F-6Vdw;q%?}>813BD+H7m-p2fNw>M3*y2~fE0 zB^X81(ikz6#t~R#>Ml_tkRUR{o%U2hg7%Af)#YT2V#=G%p@@4XCt-d z@op?jr;1Z?e9`n^ty{6kTD;*~pMXPf>f&E(Q@1b0^NsW*WIo+TgG;pHB<+FxGR=#` zwO4S#xPXFqaokm8o}|$@;hkHGgSAy2(@xH&bP@;SvT=icn&-_a6&YT^yl84IoXy=x z|B{=pdY?gX+61mUcRj_EbRt~up78=3P;w%CxsXFHkj{Ch(ZhJrruH(0j^&w^Y_mOG zIAXqIw?d5f=cp57Mh>r!bVx_6suD1jF$kW902#G8e}=vj?`G_*fTa<#9oSFMUC)M8 z!6qh}%AL5#mt(dGD+<*FB~tkgHmo(}rr*J)k@l|9#T4c2$D&O^8-5~Jd-&yDTcy?D zxdN9c{<}M;7}z2~Jh&BIUybZ;C@V6f4DuRK5ck_Vl%iTBXS-vQr`6qfwMXYS&7;}+ zBsgB(=t`umj)jac!EifefLRT}++Rh{%)F#B#K|0w!b}z=B4@PPJlG+QLC>i*V^Z_? z*hV1i^u}6YLKiA`Q{b1uO3l|RAhjYk31xrU?-~KCzeionDZFn}Ftbs|M+GP?= z7ip5ROR6>S^dHQmeNSxnbU(O@m4gFY^mzI2?@!1?Ax+Kb(cebG$k(}L7ls2P*@_`W6dM8uHw4HqjK5lI&96+4; zh?QzxdLZVultcIwa=mJsaIuCWM{jQbHoK9;WcPyu*((2C7rJoWEHc6L33UiO85O*0 zhVUS^S>^tqGkegrweXm=?!`mU*cbGt+^QK*Dbmu@{E|}NtohHjrY5mpycG2Su-?gr zZhuA5_cf0--eDZjgqwczQ2Yg!V0SJfKI9B7fjt6~gs;k``2}_UO(%&|2 zUI);)-G2$ zwWLjCmrg#MW@Wl36^nEE*x)t}EdhFzwPZObmqx!qyMyAJafdhbP~jEn7YR;}97+pg zjiV$Y(#$2SBFIjNv&k8HQ{ifuqemu-fhFm&%w&9&<UZg z`Z30QW(bg|D|0ICuG(id(jp-Y?$>S9Z$~ROPv*5b!T>YMGBXlp5?6g9P?D6jg^=ol zH#jr<^_Qol3OgkH+bGWKROV(mMR=rns1{cdDpPOgc9N+AKkPOBy@>tNB~ev|!7=8A zRd7YuCn!oW5p&JzFC+97uuAH1pzKz?fB@jXjw;{6H_Oyh>m0Hqjy+Qj@t@JgY=T8rEdgkx7PEVz(&9KN_fu>@`OS$z(U632rT9Gt z`UVwgL55FuoCHhlz={lwg2$oGvmHu!cKIJ%ldnJE2f;#0!<=AizKIS2!{4b2MiSc> z%*mJ&%0cy%B%8SB2iX@h@(r=*%X4k)@dj`C z=NnyYh(o!0x;~A6wr~3A204s@DaLCb$BsJ}j@X%pHgo=Wpqw)3gy}iGCTieI=(aG= z#KmFN0S^B|X*JqhPI387*<-<7ZB97XsVG4PA6q!Ps+^P+-d z8{dfx@Q|nZxMOVA&&I(KZUwo1-cg1tE8^sC{Dq3E&ZGuUCdM4aC zmdP(OT0g%uHxHyYyI4AH6kU$DcHDDXXbsj+@$rK6W%WwCwHo5dNW-Ob_v?t(b>x~d zu=S*h%?eE(52sQ+p*-f_5J;J3+fDjzKKy{5qd$kS`dX?Gw|Yy)n;3na$=j5SaF%< zI57Q9T{wjv1`{zVd>Z;OR@LQUQ@NQJFDV&7a&_g;*mX_X?vi|)uLLC*pIftsS9PuS zCduO(p6B^a(yCigt62qTRaI5R#pO8}D)Y&yJ^U^KY&|)Km&AC(d4uNj{DWDy zuD^a&4|{pKI~XBf3A}H=jpBu!(rnMSWVO!6&YC~=cj`d3Q8lcHJ`kQX#m*}ip0rWb zulR9tipBWRw;{5Eqo^pbr|7m7KSdKzk9_Za1=&8V@+XQjVm!WjHtaT!vFID|4dL#H z!hPr#?(e3_Fi|%IQ~y>RwL5K_-6t`<+Bj7znt-Nhn0eSv)kmA~Ohw{;CkZI{2a~8f zxzcaRO6Ht6?<$zR{X$b0cOcj>uHTNazWSqxBgd5z9T~02YN2}m9`Z>Sz>%}|We)Ma z^i0G!>|5WYV(R$Ojs94%Gn0q%P;DBIG0|)@5-pXU&8K(n*qc9D5>!wZdo~*LCj&0T zWDZf&#}cc*T=pdrVIy0I?w)F+?$RscxelAgI*etI;j|mMu`7zvxX0n_RzY*Mb!6;z zikMg~X@|6aCyOP_2}_GP7P}N_JnlcK$F0HtU`iIAg|nM`vr{vCq=hg{Ts+VjM~+XR zkIBo--b{P@?RXs<64pWXi;MHH_(u|>k9X#-3MU_HvCN!nstMCf6P+2-(;EsL^-iVfLu92+2Nzz~+2p?h6+8oD}x%Gg^`<%T3#7A`X^Z3e~YvV1b}Dg$Z8% z3@o-TtMpG^(x2^br zN!_f474AEF|}+a>cM~rs26b z>{+y2TQS-0ncW-5i6)@e%{st9y@`#uNmST?>t$Z2OK&7~<=cCT;9`(4Q5duKKAFWQ z&M0+R`O^(qY%+F|Npskxt09 z`}FqKfyF~>QmYokFZo8F6}9{L4+ivFe*M3Pynd-CcbJwdzo}4a_8`dXWdv8fisaQe z_j-5SYB=*?_T@$Q(2>>t4o#eJ-Ch?aD0vjIuK$y(w43J2wc}9b+?UrERdJ4eGY!?c znhSlc`UgXP@OoQmI{(yu=+DFIL|ufc8>hv9_~Yl(@t=yB)^P}mb(H>jzvQhX=}w$-r0q8w>316&L$x!X-Otn*X*KHv`uD8GCa(RIv^zcXrnI#L5a zOa!o!$zEG4+)PPw@{~vwKZ3rx(a+UH4iULlrIPW!Kb~}MzIx0r-{)qje;z`WO%P|J zqTd=Og)08Lhs|x;B{Ghjbz2XDn3dz0pK7GM{mvH-RDU-pkviKIA7nZ|C1sYGNR1-n z&Kf!8Ij`($&9po6Tm(>v6D#U+GMkUkf*=`EB5kv(G}nu(L5g^J?dtS?zob@5S~Cjh z-L>E?>`!=s^aOf)|L2|@a!~&M^R?gIRoH8yIbt3X+;-$_1$FN0C?860+39arz1&vc)e#`39%O z1nZ%bqW>8v{^rg5fA+cg2ZPFxu(oDT;;>ymzVCONy}v<)*o$z>MpDA<+)y!CZQ9sN z((_p=sG2ImG2W;~(onCf=^V2Sc@4m?;9ylroI;4F%R%tT_3ii4@Sl1QwnLA4`sx9V zzYPC5%|94ne&wy`Y;9cO3BF z+c1=q=V{$c@7~PTiPzh;_QpPXdU_pc#8{;(XCj3XrhE)Q(;7T`*!7_0nKk=T+NW_! z3=j@h+R{zcYQJ*aU;y4^#Ys8T9o;bO%>@fi7etSuNztWz`&M0oI=Xi3;|1NU)g63y z)i*7r|Dxziz|Cyg>Cs*M)jKJi*Gu^ul~49&d@}H^1}@Y>3+R`y6e;tz3(pY}h(#y8 zAT4Chw869uMSysyYVE9jJbBLjDV`Y{nJX=S8vsC0o$dDGrbQ@j;(cer>n1?Tdlhq>qnYJq|abu&{a=*x3{SW z?#9nBrD92wr#P}5s`On=$66(zr>y?d6XL-#3LIZL(d%b^M2&d-PFP}I4j}3NUT;`l zUF==&`v$xfPy~1ozx!9~I)B{gzwZUbm#ZbT#{!=Cq5EWex(BvPlKccj*@eqORp0b~ zP#wNT(GQ2mf*Ne+G4g7Ul&FD34~tlg&Uc#kbI?j>U2{LD1d0SR7ixEmg%R2*Y@~0C zBN^vwLQ!DKub#hNfP@PDaCevE@&EJ0yMwc*quKYUx|(e=Hg%{=(1tDCwXuOjwe`52 zPY^}brO_X!Y&)&2I;2|bQ0=lu&UonZ(y^XEXK^|vX4yBE z)9TfWsL~2C;xnPey$kW^R)TJ4DMzq&@u(onx%<@J$|d#xjQb8ct*^^vcwd#C^f&UD zhCW)U{2YSqPtnVuJ&+)A@Nt)&Pj=^{Ue6MfSStg!J7(D5`Uc}@(=SItbqDYo%UuZ9 zp0|sUSu~~5&TczZV$Ynn($wvTglbJ1jt|8GkL@#ZH`~*g$Z0-C^Lh25)Jaoy=e9y~ zc(7wNNdm}^`w!}S{=1~S>1s~cI^4zAK3#SsSk*KCiM!QpzqW0%(A@}y6)b|(H8Jy+ zpf$Aq3c^`Pf@Ny!v(~7b&cG7a!Y?hfcGs?)mx-FY=4h-&foIUd6q+X*l9cSRGA<@Q z9(ukd-V<)<$_RDw)2^D|Y2W_B*q;|bo|i-S{;B^LF3p|xOG~n=d^s@zjrG6oBw(CKbZXb z%h@LOi!=x(gRs2=n5(SE=Ogl#v_P{#^XhZ8@6Vrb6F7Ya3A13qD2>ET{#k9w&X}3| zXw?;*ME7%pSwe9#5lnVuR|rn{lpE(mE}D`a~m<*M=Gh zu}H%Et`#nN>?BmV|G9qU9d10R^yR%a+$>a4ICd&rlOj&Y_EnAhY$e(b<}SF+)F5f2=Pc4K9>4Gu~YX=ue0 zaP5Uz<$@TK$HP^QOk_gnIeqNar;_cT5`Soy0+2rZ4s=k~d#8|o&sDD?7tsIZ_?ySq zJ4Rm8m1ggu@k#-43?6qI-B*}zA&*k+r_eTzv!;iwIS4%sFKpExB2&#;EWwnNIcnt$ ztKJgrxuUf=9F8ToMl!DMdk>ez5&m|sW~lK5J*}&9keZ%Ft)MRFNFuE`YtPkhg$MN$ zV_xozL22m=oVxF_GlGiU`gBmO=l`oV|E1~|VgJ93-tY9`7uY`Ly~RIM1UxSZ5lOlw zFb3Ieyb#7|sfARMKGC3aQMUeYTQCf9VS>Gwrrzah$y2buzWd9micoT5QoXTd*oEt? zI3Xja%9C+KsE4BB)pR}E%j+CiM^kGI@`2e$yvw=W9;(@H6?{uf!V zeHVH4-P5^@B81EI1exjdjg+x#jYRAB9UI8xJMI^>>&q)pKvY^1``*L0(G0j$O6vi% z&_pcJ#)_=LbRadHY!;VN3kV{(lWuRw#hEO9^JkL(6NvYrK9&c56aKTTZr8N8R=9AO zdYXXW9ixHqcey0^8-Jbcv8_CT&+F4*Q>8Soo~4tTVG;*x%yEQMj{@#xi=bkiRAZ*#xLFvsf9+p2AF=R<#k*d( zgCh6N0LE0iOiofK%3*>1Z2Qw%lut{=+6pzIm9Ff#K*D9N5w9LCDsZ@q{_yt&Up~SA zlGB^ltG~D7kAE=HZvlCwMq0j|ekL}{C`)HPqEScA2!?o#Ks~tzj%&pU*XXop>L+7{ zy%Om$ND|SelzC9-u0eMLxnmcPH_DYN*5`2#v?Ipu_6q(Lkt2RkbR+ZFtn#;4P+1#z&cc26Mf``EovJ@+?P54N&z`&VxV0 z&)dgpYcJ8rvRekXsE>}7$+vYdpr;nD#es)ZAN`d-JPP%mowdiZz#Vq=N$0aM2m z($u%fmb_{_P`{i&$hPLUfL__NT(B9U&L|*UIkT<}A|B7~7U^G+R6HZHLInugyu_HK z9jzBks6vY<637ib?E24LZy?*(|Cc@@HeOr$(i*NFy)Nte-V5bs`57|W%&DJ7;)dI< z2Ub8V&Mn~A`kqe`a!m}TsSa8b_YkonIjL<+W%)xXyXop&`Z)epGITL-N1;M)WfL@` zd%-HQBx()RtJynq=mm_#87*|w8dBHT5Up2QD3MDGmou67(eGfS8d%Q=9OtGSFRc8R zPaQViTS5NU>;EOz^zCx=T*-lvI-|vdZw_Y6az7e{*v9V3u1>==Afr#b$0#jPMtZCY zQ3P)Kv*I*F)Us)1kTa;hOg0bP7Y}VM{oo>Q>$p>k{HYG%;NqD-`8(;ILxUzYE#^TK z6WwD}N|~Hdtx4wd;uRNj?}H?0aI1u0x+9!sG+@k9a-4MI@q+HZ#_=rxm0ub1Tvuw& zp2QT+KOqh?=A6bWV8}~xUu!XBADoM{6 z>a?w*IlT|00qIY8%|W{kj!7gVsh+0vYZH}ZC-|Zo_In#@v-Y)nt5kOsId*kQ1e2s8 zCgAI_WJ^UMoEh1K+jo9F2wRWN(guR+f8FxY>lgI2-2dMW>RtY}y1A+mLD1wQI90pX z(9vH#jtX7`|F) z2Gr*>4)Jzbj1gFgsj^r(`s=oK1jneZD2a}I#J`n-CUo1g=|2p@n>D1gmwjtJH>Aa_ z+b!mO`PAusfqdiw3x4)}e`p23NP(Om?9y>A(@*dHknyBV=`T=4J^bM$$u?wH{i%r1;S zMzm1iOuun8a+=m__oRGQe187~8@hfz=_UW5e%2I!MCPTMSE1DR7{U#S)|67V6E;%W z-$rZ`3uK*L(JTjRO*hr3a&}kw8KliM3n1=zkj;wB1J~EROODR(ZH|sfyR%~km~tOr z3V0-?GI@&r41hnxE|hNlMkJ56$&%XsyveK0b#tA#I3gC}a&2f(qy24+twvowy1{&R zgJ^Z{tHqy`pA}LPf&XUt9;nDS2*?k;R2@Bg)OXoDx!wYco4*U>;W<$Rz%eGVniEq3 z;8Dae01h~5VGK@jxFt6g%Utla(jf*TIwRG^x#l&6Ln?Y%i6Q|BirvPEc4`XB`sKbf zNm=#mUJi$%mlxNBRz|9A60`^PDCG%M{tWYo5{BruBvDj1EMUcqgWj_YYP+Rlt^>{) zH?c5rco)2;Ky2y1_~q&KPB+;%(IuV1Eu>M}*%8_-B)780K+{ZT#_be+I@oI|6{UeZ=j+kM+HwN%(qok`%Vu1TPJurSU50TO`a-I z)voHYHvGxb;mL{WZE-sCorg4~?XN+hN-C*JRHG}9#TlZ+LYm-u&q8^I{{~_gq`;H(Q9*h}!xqSD!i2jo-_!`Fjq5xbZ# znTl9rW_w$jMl%=A6f8NZ$BOEvaBJUW=Sc#wXozl-M9}5RonI&Ac<^}@)zcmH+C_Y% zSv$ts{+o1L+Fk!a$f?`eH)g^rS*vV>8cu?O-2NAtg{~B zodb6pM>QiURz>9*s&&Zgz{_{?QC{Q0CQ{8@77-BsBz}#Fs}xQK4mW|XBcmdfhAS^_ zmItYYTTxe&F^XCzX0{*pNg|K3jqUok()@)!*k~*Z!0%eK`glv}`PXOOLrY6i@t}f0 zhh21SM>lWG|CW(w6=!AWmAG2sck*z#Cenq~3x@y;tNjFMGQ$=CLby1ZMkkrlq5GYXwIsdEnd5Iw38t)eCgXLKA1zo`u_(mN^C@8&G| zKW_B)&Kvj-@?5-jULKU$PP;aNDqdBbtklITzDVQ1`N13iO1@c@5VSaVH<_X4UwsMj8j1M?6d zr{K`kvLEh`7N+yPqCBlGzoX5SG8MdzLsS7^BKhMdgYJZkXq`fla7gH4!iV~UgOZjO zD(|)S)a~3qu73M=&-FoAw5RpAXE=o}yr1WHexklJgyuo&;NaQ4vAE&v;%v&N3|+oGHX6K`hws%)jTzA)~Q&eBjArf6kPwmlEc8z;yD&2>10z*UwVWfLm*y7)V) zbtAcD@QsIdAMKB2ox!4}{*OYmopW4saXR}0`IY$@&XKkgZt=$J1m{}X^teRWqVyAH zvHmX_{X4uM&TagENodj4LT5WnnpYN+jKxTA?mKw|shk2$yLn9viK3l-tQzr7?EWj* ztFET)E8~bWBRt#Qx@@^t^C5Nk_*&q}A>p`l_;#R@p)56=&yaRd@(;ph7Bd!055 z(7PsVEnQPRafi0lJ-^I|&ez>nv1${FzTFOq4=2m`$ql+qr22#@lu6`Mt1ZET#y3HE zv-2M<9rdR1_+Q2q6m&s2fc2fnsDr13%!sEYcp;@Cc^NtmgGhFDI}a@;YP;_@&oCqo zkg;R?3!I+3;zWjlH*yQKgo{zOxuE52IG3(jj;Nh5+CciFM6>MP1+&wb%_i-r6KY@m z)gxBF`;lI6h_b6GnnW4H0@@sep_q|lUT1CONsIqmxODbWWghzXg&cE}_v4$N>)*Mz zXj4}H`zv#SqS^lwHD3Q4=l0q2k$syz(>;AKiqS~EIY)bo#g>hlU;YSF#SAI>X=qMI zOq*dG3;(U!)MerDV3)#ZB%9AGVv@pugdf59;ka+?ormbLW?v`CFY;lv?lY z!+%R@LGS1x&19EQ?^J3;P~zRN6ub>=RvG-$JX?#O8(~f0P6d3h>wRRmEmlR>nf$v> zsSj=OH<+a;xlGq9qR@P=KBKNEQJXlU?DD_B2jl^zZV0XZi_2L@#gZ2VT^#c+u==ie zd)HEgsGVPd1G3K7;?4YNA~%CG>Ohfgu#VK8Tr2Vr%sLZIw8Tw~vvQ+W!wcK196zYT z-yWe35`JA2H6r>NB+Sj-IcrPYQKh1@;a4qlZXTtw_n;EMl8XJ8( zM=$ObdzKL)=IWM~q}BZS6_pABqTHPTeIpLFbLN(QJRwvo=xvw36(wD?oZ21%5p8S! z;__rj&|@iqLuNJI;%lRgORpX8=kBB<>8B;n#-`eMNQ&Yr=KVS1bGBS!uH4%{C@TeY z#VDk+gU9i#5ov1J@Dlio2KE8OWY(&@)^cS0tP^9V`-Y)9u}GAX_Kc0R*suvR>VAw0;DcmX;<{`!AyzfA7PZGI;c2BVPr@lbNripr z&XuX(dh9_h2JvlY5dZ$i4EnP6p5E@dY#v`hxSM2!JxE!$;o-0A(Pp6NSBjQG&Vmb* zzhX@U6MGt^#c1qT;?V2Ts1M%{Hd=nW;F>0Z$g>NL&2+spz#m+-lh{CF;o=} z`>>`(;-BO_-!)0YWRHx98^k#S0^gqhwK75TKNSMRu%f)P`Bv zORS<(Euaa!ac#wmV)kw+w`+jS!h`bmx3c@4nTm2_UT_E4rkBZb*# zD1!yoezCkUOZoTCOi1cYS7gSQ;Pn zWk^iC7oxV%S6D?y%L^58)5Ac}ZRy}RW%>k5JGw~PANd4}d-Q05!S{y7>TB)POnA}m zj~c4Z2kod(k7POT->KPZpLgCEwIAZ;`Soo7kZUe&p#93~{U8q#f#f>G%5zuh%p8f2 z{nJ{#4mq71;18gsFYLddbxcVmo&ZyzP$t$)RI3$*p zYXdb|2IlAk^xCXBHXCeI$!~#z(L+c2Ih~zZ%sXCQC69EQS$@Y6f>NmLf;*_FitK{V z#9oAf3Ff27LsQ4|uUbxHUXRxHPLI0$UCTU@t=|vrBM*59?cD%@>-4pN#wC(si*$lR zCz=+PM~2*G-`D`{NY#NaI~dUwg*AE664Jgqad+WL)DNXd3$I#wdpBSW#(lALp-LQs#~_CWpIN}4*Kn@1Q}YSdzSws06qm^x#7lQj)q$w6BddtP zzN4tf{@Q#Lbv2uC=ziY(jyi>*zR--lcDi=4zt43h zK>yVK>K0KkbTMx>cGf1IcQhU9|OM76lv36yK%oQU?`QDtIh8e2Zub8MtPY&2aLbagU&kj~?J)>JHRUCeEHXr1*9s*``)!mnW6GkV6 zU`KPpebu1XzQ$>h(J1-NLJ}=*ytS1L&pmGE>@MNWWOn|^b+e-4A$%{|-@OT^7nf#sq#22(W)A4d|YXslJ1wouNG)1O5Md{Q2Kc z21WrkR%T{?b`~~T8!KbbJ1@eBa5!+F=MY6j1m!^29WXF(z*h*+x7KNaThIm8Mnu&f z42<^YzZ2Z0fY%8O;@7RHAisi3dU=Plje)2a!P6VHwXEV*qpwx=MSa>y%E>k7nX^;# zSOGX>UwJ>%1tBDNBjbKO1AnQr$P*Hgxm`F% zCgA4q`IWKmGzWTvdn{}k-obHaC&eR0+pFvHaZLL#u2TAwVaPUeuUfisr)_-gY2Vdr zi+pW;Z;f{i*`{lam9yK4J&eF`hIg&e^2XrX2n_iw9Yjl2zFpLsi+uM8d&I_MM*zvl zzWXg4@oS_sKgw|t#n;$w@qKxeVH&(Qx)9%8 z%`sn-bKyh^i!M{<8j_%u806k=cDzDV-Q6Q9lr?-ClGaLZ!A1OIY)s(wAfLtU4SXAT zq*EAcSkm^qXuI@2t|{(d$KnaWn8-wSn1la3Ea$7cLrKm zT6VmoNNcp%9W2M>83|DDI~f-lYq>usAoIS-+?TYPdOVA3!wTHhtjNred8MVCGDO^<$gSO zTWE^gs#>8mc3{?_HFa>4VAr9>FYq~6wO_(vBeYG$37>Jt`;!&K@^ywhASQodVd3HqNsYQAfhIw0Z|@t(HsislA|3HBm|v2%%k#~_ zSXfwCRmV-p=lkayFK}Y>ttIQVMZPGr)%6V8D%37AJRCqn*&@{KgOg&NnMS~!MQ(gh9Z+YY3w?eFI4!Im;-}{GmbKA zi0K!o&(L3Cpgnqgwl1?YliwS>Kj_-EKGnD0$bi(Mz4ypfYK8u1Dv5I@$HnN(QTi#k zxaRj_ib~vRX=(gj)^;!a9Bn^c7E<+J_G(&Q;|jYcs;baWF(w%47U>qt8a!wpU(BS}<~`s`hW9z|SxusdOZixV0Q`Q&*hS zp!tS_`Utq&;!Ys}b@jDkrPGXzj1WPX&_{XR=Y)`upC=I$*Z$wwc-tFd zHr2E=RW-CAUbNj#NXHn7V?-ENVn*_1d)@L@Q;xZqS&`T^J6(F9!}e??&5ONFiqyD0 z%3lYtwA($N)kx3@@bM>%8)X`Sn_5B-IWk|nY8het`Kujy(v$^BlP1&yQE^X(4{vHB z4IJ2#B%E?N4{o1*cVZkkxOsWqcl$?ZE7W7r<=N0>A)H)=msd7#+!PfWH;bJKIb;^h zKTP76<{eseR-8)Ph7O+s0tz}I1+=uYHOlWE?-HHDsHx56ILQdaL-BTKmz;QGgbCeg z-+xP+LQ?bv33y3lR%g$>>BgJGM-5PLPwCQIVusE9s5?m)^re-P>rcQo_?0BeYlfoI zqjT>{25U2+R{{Y|y4aD!a_ZKgHiYcuo0=USTsPgHY6&@>E|F{|Jyji6J#l$oW5?>w zN|5@|oNW<;;#*UGA!vgoTMmxMo=uAEaz$q#!CWdKDOn&#dG2vmQ3dHiVQ#JLOoGyG ze4?oOuCZ}&u~Dg-m)wY-zFmK@WQ*MHaMEa;ZV5_> zs(B*Zpq#$M%#jNcl`Fc>$eTtl>2btXRbTXi+@Oj+uD5i@HcW=LMP-sQ!Cle`t-LT9 z8bJK>>v>Xw{y`-%;?Q^2VxA@W7nJ~Pn%upK3b6?y^l1Mhba&ZV=y?n&vXrijy`t%y z++12sB#9gsT>TuFpP=SdyZO5+hA3my>qsqJnV413?DUOjZjlN=h`6(}lP7t8q2b_+ zPz!i*fsex*yCUX&)dK@smOi@PlDcexEyheO8zREz1xuOWIDEMcZjSa$b2BsGr`&e? z!xL$9agT*OpDk1A9IhUwRy^DHB%E?fbed=QggzBX+~9oQAHV@BB?>~w(&#s?@hDJy zy46LMEMG)%aB=r6e;mU{B1L8XvKL~Ccz%91XR|7FuJtpeqXqao{D`2s7prATIF*o) zmM#lr!wg?6jku^7A3TLKBTt&RyLW=|pN8r@I558+tSz1{BDts-yE7$gTe$* zacY|0+K8Jv|J`e4Vb!~+PRqCUg!V9GXFKBdz%yPQ=-kx=S&v^h?w`|`2@#*F@3GZq z@~sf!ot9^2F)zn9Q@<%EBCmHcKMN0%B2@C?BQx;Bq)0C@!=Cbclr&0-=>Xc5Dh=k? zft=!;55}yh>5|WHmJ`)L%d;=8`FZX(dTl~SYOCmYeW*CbA4Ch4`;@;HsYzN}HvE6` zWG&0!#ug9DB{(3p?nIhUWzm7fKY8*~w5R}XZh1c+yB->q~*HQ8PdNRD9Y~0QJ@lKiGfK3 zd=%9=2=7l9)5S6K0-Zw6vV z0c4WT@6P;$v4b}&)NL?6L-s#5VI%=qBz-eFmOdU;Q+vyPrB4b2)*LKKzi3xg6zQXe zDmVti(8CP!mf}~>M)$6(wMF^(W5MJD9c3DGZSGs4&Ednz&}#O`BfWMarf6sZ**n}e zq3DKQw*1li##x-aT#UWtO!Y*S^bEGeMMW@^?A<}5z8#)tXIstQkB2F7MQAaR0WAZQ zlbIPFJa}jH=g`ruwe<+QT0ukKLIz~! zjWgYy+`JYqk#jeE?)iq1F{d`i2ji}1YGNu5h|7OdpiJZ9tV?QgM%xO~C>hnN&9qca z6h!=595@mrA8xY7^jc-eka3usdMCU|8jdI1;)$RhRHuGhhLMP`CL(Z!TlP zpXTlydi|%%p8<_dXmcn&Fw9&cSTEIhjDK7#<%I|fzyWCF0 zZ8n2Qp-ZpW$Dbs)qWzs)etuO(XB?L#aFCeg61MD-{4(%2zX)XV>&nVXm8a$F)?3<^ zM)K4m3nYYtqy9IYQkHt>P1mBbCYT%aqdnE$9s0^Qa_<}R6p2G>-unZe)!T@!PU5k} zn7+M8LlRCss!L5(HP~=LCuirq5g?t%4*b?9@bPM+IAQOa-35Kh@2ne-51KvT?d9d= z{q=FiRCi1~fDwDXzD1+NClVZ^zNRMT^sn!wm@#X&H$j!%Zi&84PPRs9+izmjAc&ma z!3VeCT#*O_4CgQxj|!!#Br4C4$@`T8|96<#08N#cgXaJ`0vuk?mveRRcg*wUmlrbT zB*6?l2>wx+@ev|KQ=I%qrdXX$D04gIu0}|Qt;`1%grT$w{fB+Z2zfD}ZpBrEWO;5U zmi(KD#L&z}2G^w%wlGl-nJ;Fz6Jn2*-bN#zEFT6&WFZA=Mref*Y;}R##w?4twMs;& zEbVXqRNNGRZBj9A*-Or;qB^s=P=V6=4`R9Nu!;x;CEJ#u zmb@<5K2NINPY1{QQdUm7Ugfn-=MlIDhP$t_KA*K|50A*m2G1I`DwRhUcicHi_do6VcvhjXn7vUV^wKCQly9kT>;y)z2CoOc>~Ai2w1q7I_S}Pk}p)W zN6YcBagd7io+Tc}ubJcoWDrvxnH_4hn8wc5aN$O!(;Fv>rZO*hxt=1byvHsP({kH0 zrf^dUqyijDFn7mslQ!KCTd>Ab@XU-XbaeC`Wp^tw6~ydh8=}$)8p5rJu4X2{QoczQhxc5p}TKTC%gAkdPokQD0xr zY-=Ks_%}lWx{(t*w6_8nJb0xn1F%A56z}J3&lz4_RjV=LU&9V;tgZi>X4VR;CGF&d z=>)gkr9)qxHpT+r#J&nRs5HoBN}}-vj1>$HU;P-{&k^LOU9EoPikQ7gLq&vKYCD*#3;48Le)taF+hB7llQCc1vmzyob;3aU8B-^^hbd zW2%X-i$7kv-k!&*+RS3)ujh45)>{O)_`dKg z92}u%3Zn%nmUPIm57pDcg%=|OA(OYhEhS=Q73gt>CI%#Y@? z)|e>_A>p6q>S^sHa=oxicf!x4+Fb%hj3D?TTt&QCZYrai3B%T~ChEr`?qil$vh_y8~8S|Y~ zrwmmBQER>lisD~xxwaZ7wneIozejc;#l0rkozaXpQh4ohxby3T%7U=YD2p&BFU0hs zV`}sMa!>j|ZnVjqQhf|h*u)u$Oa4LQZGsv`hGUal$!XyLJpH~ONh_a)v(FViO-&V6 z%_h{Y&{FkrHWohE-q%r!G1iKQx$nWxi!z8IKkMTusPWX2D7@jV7``8NLxL3ofD>?i zlcYY?0FRV*PpoLq)4LKGqNn+hy{qZpx?A=~S=T%=#zuuzS{*OaAJ?C;V*NcHxaQ^{ zUNjo(3T*yK`!y6|=l7N>VCC7T@kplMX&Y5z#sK*lXk=YmW}U40WCB2SSVObf3~T!&Fx zPt@KXjw$7l&hH*fz@+!=z$n1k;AoAh_5Zd%LQUN;lgn&CfI=eDrE2JMFY z%^p2*P_xF)sWj=ntU|}R%I(eJ>rnGo1IIJ93jo^{#>l~1poWSXr?!}Wu2EQ(ig@kh zg^h`VA|B#4mhqyin^S_T99B6`)mW9E~5*|NB&E>lrIun`KV_D&UcZQ72<&9)H1-_)2%g=Ass zX+x3t>S}6#Uy&`1Pa_0^kaAKkH#^|LcB;pf+)PZ45ATs}JLEbT*w~yu#&{v)%*-01 zr}CDlHZn?fVr1uHSeuf_FC_!~bVX89?l8YpO2;$^P1M(KTx4ii71h;!!;r5?n5nr+ z?tpw(|8+h^Nq~XeT;DuhtRPJYDv*uc?)f-*XvDFKDqYyBW8YZ!%LGbw-=C*SUyUSo znqEQF(k8a#+ZtN9AiJ#Y4owIG%Gst$FgtYAfvnQr1;P?7_-EQx@s(^xn{k_J^e3u1 zo!8xP$4zy+pOH&K(Or~Lkmna907tcH8g!Mp6e_KGr$O0#>R9dmb?LUIq`wqtUy$Dg z=9HPGAW6*5bO(F!>wq347>#vEQI1Tkj2;^4b|gtl5j|g>njxpUD(UeT2zSiyNO8ge zjV2VKL}8c_>InmK9dayq_-@|?8`LWZlG*>NgGV73kxAoyPqK8s*y)QCCUbJOAOG=+ z-1X@Gc}4j4{6#nt?A=f#*u)xyQ?pJGae>(0j%147L?Q>R!)BcMS zQ#$#W-a&&s;dmPN-T**MEhRuL%E-n(58w6$d%;|Y2zAHvREf;L7C#;Pk?M26{LOc{c1~xfw8-?s}!4^$JYpe~*ecNL+o!hk0%^Xw7%gh5nAuw`Rs2pwO7jv1bSb z@dPUm{<>I!zStz_D>gsYJm^*h^!Xs9i{**mS8u+?uhUq+a0(_TDT};YeQP0}ZI!S{xlL%JcH}%Cz78ZRnFHjC2=wB(*y{zAtWvS$ny@^gu=z z^Rroxx3$GVQH&vaI(lxD1Ifq-Rj_rNWP*kE+MX|ZVszW&D&j{eemxko&elXm-bWPJ zP^eXjkByC~_3^PGeEE%%A;r}@vODb?QxgLTM>lCT6%Rjf?sRy1@9uoL9@CL&*HZ4r zy>YFQqh@8I#`qn094s2C669NK&ND#W$2F|Qf0OIN$;oMhEHkqGA;u6iIwVE3;PA=; z>u)zsvw^$09)vuE|7I1!w3yf^?~NX|Je_x~%{B%};s?V{l!jMj>WWnRH{5II2PxX7pF8bp?iXZoSinX9y#8C$07A3$d$1mrwvTDq!_7v9eZ6=n|CM_q00tds>keD0vB zEbYvUwe{6VcZfo(_z8}tG<={4rh($NK=ay$I`SYgzVv;5tY!>#5^bmFUaNNE&y10j zfM3`IWpYuD_bc>6JiHza1pxzsjIC)C5fKrto|)<>*uqgg)0SB9##)~SIU3Jt>P=Q2 zdvrT@3(mLrKRX&ET1m1G@hf!|3@h^$6A5XN5eZb%veL3#ujXTB?gOB-jk!7!LIyc4 z#J@r2%2Ia^zk1{>G^F2|Y|jM@@c3DfCv#(S1Cu>p*N{J4v^>rqu3;cm%A3B%(u4py z=X@v`&ZZ^YN;E3Y`0@=oLMy+?EH<>3A*H1d0(9na*!1=%*2z3#e(lt-=rpn_+cJi- zIIeZvXu;&6dR0zXRYPJwY(!APJfgQ@%;r94!%-uLH&lK{v2S(^KQ!oe4I=y&?C?cC zqxvLA$HwDahjEi(d9FwV?z`)0sI;Wy1aESn2sblxZ9@jM_(2#6L4Di?lCa;V4;#u= z1%PH3^=(9jG>Mnd7W+Z7N^xsN1s5B8B)@5Q~75+F-=} zXmP{-V_HYsTP5MAuR=|e`>eo?ZC)o>Ce+>3)nD3pu|fS0nZ>iTH21GX7%xU7Oyx}Q=T;;(*8Y*!c3xatZ zcC6tsM@J_~lg~gLy15k5^ytON^n7J$`t{x5B#w_HkxSaWqQ9E~THb@n`9HR#T zCY9lkw@tXiXzbM%XjNQm3HtEwCn>UiouVqZESSh-qt0$?p(!O z+c4ur4Jj7_^TtVj3|5ppplMi>^lMs5Pz|k*;rw43b;sf(>7YAYnd1kQm8QtXZ;= z4*z(5mHabrAee}L9*UO8Ix0nCMOb-kQ`up5q>1u6-H0?#rU9Zca^{G7-vR|s^Vhj&_xaNsf!59;N3z8D!N&p7Lba#xtj(>O{N zsq&|&J_x^g7QzI>7YvKLE zgl{9CX?5okWZ&*ycM5%28r(d+yfzz$>Ay73S(zjxATskxjUU+I`vwoFZ*XUbhuvyw zQdSAWKE3f*9WCz&7)xbntY{G8<8$BNtu)+`-N~_ME^m%tiX~8x$6m_?$a85`Ep5e! zln}T(Iwm-ftcKW}B`g$#WVy`Qd@(UWdl-$CIsmcA3UjZjDwR>Xic0jdg9;0dwlvQ7 z@wzf|+_aVrpC!VGfw2Jye1iRJ8DX-)Z+S2UPI9(A{Y??Eyd&k8L!(2z4qGR@i@TR+ ztQX(|o>=7i+|${unia_d9(fwG2>9L@j`9qab3eYnNKs1feYgL*?)F_v$)Na1wx%N9F>G`#=0L!7kb$YihAd13o zl!ir@`8sY+LGtDq3$9saX=U|rceh+xt{x~HXpqnwGdEp2G&%L!Z8({_*l zEBu&Sfgj9YG^qLMvuxr~kpK2`@DTi^tV{sVFDZ?-0bDsE^m|;b^~8GLKvCTsWd4 zj$@vZqZx))SyhFPSUz-&rS@^xK&nXk1hNv>nb6(%+q>ww2|)I6ly7IJt!e`ykF?y z-PqM!*M9n*kM3JQAW)1T73^CnPu0{Jx6AqP%P3X$_~qeg8-|Lsdc6;*LKAC){@3JcnorzaaLlfkuW zWsBeN@nvvaU9^NOb#!!04Cql1Uw-dMdjRWTq%)o?wq9sT6!?<(o^#yT*k+3#E;8`D zM^S!>9{#)zwmK=2&SI7=Z9#0hTKqCKc0)oHQD3WRF1(^7?F&_eO{1-lI46vc=9W5CJ! z_AN%U9a0p(2oH=#lAA`s)v0B~0aNOl&7$vvQY#QR2Vt z`?J2gvsQ-?^7-R;%S5)-jj2U$r0)=4O@Lt`HiT9%Q&=>2^1-CoxHaTM8t``|O+4a% z|BmYVdXS`@NrOI@V!3=hM=t$-H}%#r^7_c@a{12b4CLbeK)0}c?D;{za#6-c9F&lg zlXG(LOA`&PB>vcjzslOs6^f*_v$Yfnkr10uds77$@4MIQhBJvQw~fv?D2<~RfE>M} zijGa9S+(@;3-**OQ9)^BwXs=gwm|pRpM;>LvMy29>BE-!b%Z#b{K}+LC11705v8Sc zm(H`n&9y20^J?&3+Vhkt#>ULdj&?hW052=}uiwg@Ql6G%pub6`*bl-e;VjQXJcN*s z<;I|@nxKS5dSuoOD>SgJUG}1tS6(!j<*|7CaA92`gN%} zc~KoM#khU)>&U-e05LOxrZ7XsDv;|26-J3t56IUAy8)^Sh}}9@eVWKeER1PUZD>Lt zrq#7YUZ&P~dhKec`r{k=3}fq$;n<;{VQv#=urK@7=T8B3oadc!~>H^nFzM6qZy zHJhKwFFv1nqXYr1{%8qsji&s8yAC?NJLa0)3_1+x$S0ARQbjw*{jIM^!{9YWx^WrQpwZd;tdw!tD5e1*mPMAih|sM<+-`G3e_^bo}{yE2wS zdO3U<`Kx0iVf2!r^c#Q8#&F>58_CM>Prp%S1bV`-k6sf$M*ctj&sQ!t&s<)TWO3DvHi0@4ON)y{E?S=V3n1C+ z;qxO(yTk5abfzeB2`2(8i}&;6k++-1$GRB+%BxTt)*%-Gv$*Zyl6o^lA$&+k;_zE# z2MQqg4XwOR#!nOg1Sde?pf(ofkyJW61O2l3Qp2RmEVVn4$cce0=p_MUP&Et*Lw9%R zuz=BxHfKroWNnpJyL+{g>TigpV`F6~oh=sN5^$YUSd0O`DLXp+aV0msuU?FKSe|uo zq9DDXNToqB;qB?#hCN(3Gd1-$F8BSs{Mp%ADg`$W+vQ%(y^0Ud2?xYuGCOq#QWynG zUl1_8FcFe^dU;oCUUa(y6ZS&|aiW~19_PCl({`DP8@d6!r_nFslmev0I_B#50@)Q~ z6CIwI#F%d7B?QK#jApLtq)Z=eR45nR)IwNd?(SK`AcUVYA+mmkapx$QQ{wTrxeo6*)o}bIH4%59p2}=g3H7= zyq!fXCN5M`5P}viEGhzDsfnox2!I-n%X;VJedX+WZ7cYFz5SGmF^{RDLG^mcfYsZmKyO-FJ~h>Rr3Y%aypMH4%KC`ZlIBX6^e8KA@Kq9dBo zt#IL5UrAw&n>&B8M)vt-HEzI!#2q==uNHD;7e+6v=Ta)xn z6W;31>w$gk#p(p3?qLZh*SiZ@KJZ=#kIKEfPC`A|&Ys32b|{7*iWiM)3PD0~9g*ao zaqum7&rv-nRjmZeZsnJ|B2j;wqeq1WGC@#n{jf?uppop>YgZGO?Q-i9TIplHUiFI_IA0`HwaMmMM}<{zc%8Qb~N z_8nwynKcpeMv|Cs>R5SDHuJ~Pfpr14HfO<99TkD&SxYe($q3(H5Xizv8l69?Y)(w~ zaDNx@n}qzh_Z4eVY0=5aDfa85yfm_bbnqz3Cu!MGXo4ogEEVbo-4iEkUGK6r_lZHPusiPh=>cZN(9QT+UhSI z4j*r>1D72(C%fb47Oq8j5leWR&}Z(RH>aaqNAp9-5h<;4A|%&e8`LOKuDaWz1anPH z2aYs1)@3?6IpgG~xSc!YN=P~6YV#o;adB}a3g;jcrr%{W%g#=?vrc3Y-YvnJ>9|iB zmUale@p0xYYD?PUH2Tdp2o^O>gbao?HW_uZ%r=S@uJz5JzmsCQgw&y@R)2B&G6*o+ z5(RdsbLk1t2p0aq zBr%I3zv{w`wYSrEIRMvxrGHF)tnjvZJl{}Pwck{E-)@2Q^!VdjkDaIfn6e~V_dl-L zWyXe9JEIBa9UB?NvImd0hZ@vKV!edQnL5ROr($=#_w?5qSr?7Thtl|N>I=>iq9r4{eJ+vKt#WcqeUv| z06-XU3HwZ)<-worzlk4EFG%S(d?PrzF2=C_lnSa)|PY7tI1T)=_;-o>SP0A+i71BgMd zsMj0tO+65bK2@)i9a``!~V`lNtQyNC3*f$5WYv}No0)*R-hL!nTKOcE(b0zEO%jcSdIziTmc z{Yp)1=$6BQL1o|(W>%7Q!>nm~*%mCBOu+Pr5C9f&iqNja{u5K}G*g^pIT#3{;bFE2 zh&?KCm@I-7%^=y;HgDpdyhQlXBrc8Z4)ZYAo`qEDvNJeDXcgQc%c9t_gWWtG?6*vo zOaLd$AbC!vEI0KQTQmTEbnY@XVU4@Cr`fl=9@SYj#O8w^U&xRVD#|*)XUGEfAh_AfBvWc_2I*Z zfWoa?w+@XA!wwXS zkw}IK{>dhBr46Sw56&GBS0oV_Wz#Uw+vSch$xxh$FX`QZMf)~H$&;|Kct|Lhz8<>c`b2M>*AGwJSBC;FWv zdQ=gh+=)bk0C6Uh{_w+V$Bv#H8$EjQ!nLs3nak%DRrUMr1J4}z;N1&ve*T$qu~N=1 zqc&g@&;wxs&;wCycv0R^K!W5aRYsSTV@q<BtzQq?q`bs<^wg~B2qRjIF2=d3!;wi|H|b4yV$r5j-71KZ)1MkiA7d6Aby+R~`x`Kioa2ILbSh zu3Wl)@3Y6otU_ikn@e=|b$0fIleOb#4*%6R{^HmF=U;v8^;dPWYLs^S!JQ*d9qm6h z^e5l>(`X_OJi*-;kzj%gfz2uFaf0{?hVdE)wc3*4EZn*M^6N)^|2@<>FBPfFpT+_xJuF z9FJaq=gP^`r~lV~``c5~4?nzltFx#3>wo>0?9WBL!};aB!X;+c7J_mz;7x`i;l-Qx zm+AKDPk(x2V|}PUHNP+w3`r4hADEt*i`m&(Ccg1yGhKKhk3Na~e(W&jqo*)KMlB;x z^D>zBbjM~`0E=%vVLQyQGgYcuSHy6kh+9tNMQAFmi z@Bk5AcS)j=ERz%5L34%@b|S;Q8&Y*+L+*Na?z6a~n(mQY%UIJ4e;O_j$Rkqfbu*YG z*D+!VP3*f&oikQfZmf+?A>j(eazONYM2}6^0ljqbqAZH#dV^Q|+1-3aBfeZ$DmB>E ze{^)>=B;bKpgJ%-bmhZqBv5+(xl*;1Or^HgHnY1$HX}5WO2YdB=}t~g{@q{t$Ge3> zXGiz&(8#+#`r#X&ePbuHH8Rw@Qpg`VbhuWvoM#pEF}n0@G)zk{EMC)y*>-(3H-DaQ%@b1T z#)b-62$O(=Co4cu`!0JGRTd?d+QgPiV6g(05ZN3kZ%r?9;lc!{oBzSJR(WveH@g{h zu2Y3#cvK&CgM)loUGg9g;Qx%>qA}r+2u{$s1qN|w$Gk@=K1GdxHmO<>dfiO z#`_L0m1}huy zXhPLQqfu}z>aDjY@kETa>qYJni~sSbw8Iq4(!>+ba@GWfQL*X0vMeOZNjAZErN+TZ zR~t@UgZ{BClLMpDg?)%dB#VT#aL+hQCCbLn{9oqHu*7wv<%hwmLG!xvH&~2`x$ro_?Hlb~&K2TzYbq&OVuWraN>4DlH@A+=gywD6qj$L(H-g7N zaz1R93P_rRjTb-)L)PFbIvg=Yf-bDrD&s>#$u5vhhF2u7SN6!l`pT+Nuc5i4v4GD< zhK1mxOixdH{Gn?%ZkEao-qsU|L_C>#Ff{`-Sk;O;*gZNr+Nd~Zo_hA^$)jKW>Q~`C zrnlAx2Rj!Y&Ro56+cKqqKl+K+UVrcXcL181+50{p)QX~2YW=-^-F>~;V!l)Fwgvvm zwX0At^?EH3iY(2}ZLF^K^bNq#IW%#2a9~uH-kY49@d#XZXF~OU8=RQbwoIcSE#EY zkZEU@W0?XQh$+_`Sm1^MBW@aGH85i9v0s)%=IF3IAVyArStu0p(+ve+InFMOI0^!o z67*4zq5`92`6oqW`SVUIv4b7Y_HeCXBzJC|I~S!Lldti7 zOCBX@Qwm+er`ero6*W*H=&8X_#MCYHO=z9VmoFYaGM$u#PN&fs4o72ft%ipO;dH+L!Nv8h&3dD{wy}Qf{7Z)p9lCe(#;Y%$Pj*Bd!3mYZ z3o8q`Tn>E(6$QP4Pq;_;+}+(B>FGihojZ39+zb;xH#Y}uN&sCd{umy8^z*TENVty% z^B=YN`|wR^RmB+~NW-voP$t0}N5=+1foLH3>J|V>7rG(W@OoqzQexdCiAEWLFfb*_ zVn5zLwAL ze)5HvdJ@T%bgs7}<>9%v-+dcxIXZgK?+e|zGwBNjIo|5*N|tN2*FW`!HxTpq!oT5~S6bwgkSr`)#HktjryNg2l{oX<@H#0R=Emz==KbX9mibhiL2QM_5`~ zLh*2YNKX{@&Vxx_m4l%WFjUMJVv)%6&z!q*;bJV+p*yCiioswg+z|*`aM^GG(0?Q(VVo|RzY)O)3*DKY6?Z`VjMTj|G@@;Nydp!a4G4#pY z@^ZbVLF)A<6MC7f;W#=vu)en3-IWUYeVxh9Y4c7r6!XXdSrI<>`A?rZb*dwtoSY;< zDA@h3DxI?O$Rj$4Gzi0Cx^hOO}q$GmaQCM#jE(2pCOcUR0~O0<0$+x8fH`{TRX zz`b=d2w=NwJ~j;tGwHUqw{|mg#aP(2QEO19mq<{J=uw{Kn1~jc{~uYUXZNf1SD&0ET=$&cCdp|bLBQVClo@Twt*n>u%skz3IL%A;IuSVKOL%OY(*t-m5w*F zsld$PB}n3-zy&gAhb&}gleNJZy0VRJ%l2rdSkk@4nxGjrgqg>yn4DEN^@>)5=irsa zfX^QelBm1SuL2eT7Xyb#T9bHMwR+ukz}dJZc{UZ!a78DQ>hLV(Yi}ole8MQ_ho!}LCQ!e@9wFC(cG_Pnj6`X>_IsboC$%rCtB-lfaA?M#2JQrukA zOXWioM+%wZNdLifHXDwlQr%*)W~!c`KOFnS8()frFsDXQ3J;`pYsE0D2Go@q$=&EQK8+Dc~&25$F=OkN!L@XfDroYocR(tL^id3s ztoI{BQG=^1n}Lv+N(^3n=Tdi1 zGUAbM+`9hUmw#%0VeY|$2c}lz=^Jeft(wp6-kh3FXLiq?Iz4gtc$K^n$&$T+we6h? zAAInWKmB+7;SlKABg$(t^NZ%f!Lc#LAF9;!a)tD?4?q0S3tMN@AuwcB0VW_`^W}2H zFnxYM5K}3a&n8E@gwoxG~1oq2dp97s8QY4f- z8bv$CBBAu=#`5A~GL?+R!nbbR>`8S>A{VENUjlP9k)rux1l~5iHdzYPCe2DR;z^zw zMXKX!vep-34MoXu*AO8?*d#H7m^_)Rv&?a&l4x2a5J=vm0#+1k zlJ}{BKggQ{07Ud57y{I(mwMJlz19rMw2U(I-pG3Ot&B`IyQnEBbx{)8@`#+y=|H~i zkc@g&^1*tNF=7Rk%j<@z8EhK6Dz?_Ub2|X`7^c;ZQO6E4o9iMo(xR8iOF1+_{G#GmEbDv7Z`n{G9)dKJ8_RSkJ4<4YX zC^>lj__=eEV?^oe5G+_uK}0iHbS}7Q)OkvTAV{La6qSsFizI2CZ_yY}(>!UGJkggX zovF(L^&~T$VwTL>)O4p>HEI>d&~O~FfjFjKQ)o~LHcpTfaxJhd1gK>r?uv~4br(tIwywP1vWUs-=}nn8HBW*JRMq5iw!u=klzl#6_G^(bETSpk+F z3hNENZ!RTC5~_r7Fy>Xf)k+0Og{W#Aa<$mf?memNNEkOa^6 zW_o99GuaWHynlOT<>BbaAX(8f6oP;Q0q^dl*Voq*@i5Tv%K4XX-MBqFJAdrhv6H9I zz#hP@_D7?e+vz|2!#{-A_4KpnW~Ux>btI1-J-WECF#TYzYoH&`Jw5#p{Tdynl(uX2 z;`-)BqBEs<)RB>q^{q5|6o3+qb>s>=_vdDP@rdd77`C%IKd%=`KGl=z?&<9A-ENc{ zrONeNxB9!g`GDHFwIUl{=+S662+@p6K$%g7=bn460u9=zNoXND`&*)1$Z{g=TFC@z zq4hmpvUWZGMy42%fqjW{-})suESiol@RFIOrOH)c`Mv1(m1@0KHA`i^Q6+iu#Ojez zLEO|aECXgul1w&q2*QGDY+s;;V*zdYS_L@v45Rz7LWPB+N-~R{a&*BKhb%KD(%`wp zRvZ`Tq{=`b5DRp$tUz!tPgl$niGALS3fZl7L|iASJ!IkDnj|)XxCKR|Q$@Juq5&*Y z=FnF@(M9sfyGlvbY7KNy0q#34OJ2&T)u^i^_#6*dG$K#X(#x)_Z8k)9SDE1o$*rZS_!zD_^JB-fGJ4;LY z+QQ7{`o!??%ALuW=7a?y(vd3GYRP2hMs*3@X5!HJ!|4YXZe3RS7*JlTlp>*Ee}8{x zXD3}cJxqFYVVBITpnd>P1C0!$idH8SMJ7Ku#AuSGl!#HL?_(wFAXwxrv!X*5n3V|f zWU2MKEL#LAll*d%ENM_GI<+cSt?-5>kc=WhVoYO_u}>gKCyWbtqC*h%CR>)qqSzive zT~8!Ksm}Q3c5XYpe(J<2qh5V*|K9U2z5GvpOPHtJ}RmG!ma`?YW^y1uc(soZ*Q z3#C4L^6b4U@71dM;gOMzhK;U5Qu{X6i92iAeLcNhsm>2qmP)4Hl}ds+YL#kcZB5h- zzmF@D*RU27{ap=RlNBiz4G#$2QK!S!0uvJx>CN@-&Jd zmgxc}MI|)IniBy$pF*4m6}=2)A$bI3F+c?jdgu0Sw3aMNov8$wdkr^%yf9L0G>APR z?x4}ARx8YE&y=zMzjRvk&$nO57=1uLyR<1)Dr63Wz$@fUt+2X^ zkJxL$kyMM!Tq9ZO_z*QRQ<1!i&Jk*4>0^_mFF?uzpdPP8b)ZZZgEu)ins9GwRRi@1 zK=5+JFv#m-$&_(ORqFHVWFm6iu;IsO^vwzi9k(ZJXw&tLSc)fsCRv_}jJc9a0BD+I`g(pnQ25!utXq6gr&u7Yjbw8-OOulu9m~^ zy<4K4N>!EiBadttgs?RYPfLm*i>mX{jm1rYX|fzIU2>Yeb&?Ls8@ws8#Zi1Pv+DL;kL=E~8#i71`(WS1WbcSx`Vc9yc8L(K?))NHX5tlPc_H zx(^+F>e%s-kU^p`q=K z)v+TJfAg*HOg@}NmA$>N!F&pcdR`u+d(M?d@8XNQLS@6RtpBBA;D`CuR%2nOfw zPab&T)EB<^Mpv?XZEbz(-qhUOLJqiES{d_qhve}3{keu{&aW*dhq?eH0e9&hsjbb^ z`FDYc-(T9<_Ithg-Kv&9M-iS`I8VI!d1G3k=CUQsdNZwtC6!HW_dMYLhofmbaOpl_ddbPHWVR0UB{ zeTpCl>h-cLK{pc%4b6^bCM&ywdL&T3ElZqXnpOB*h9wf2Ad7$^fgQM!R|W9AWawo2 zvZiWH_n%idi@a#Di9d84z)e!10#(&3kccUn%3)XqNolT2-(2kxf`p(S3V=+YqN4-o zq_V-wu;&3ENs}c@B$HP>;(3W$=Q!ChtFQ}-S7Mp@6?8tjVnD#&v~*GRbV;JGRyNSx zeV!;04ze}<;7-Kv6+>iIl3cMI?@AgXU$q;Fp3d3j#fDy&EIt+uZEr0H;vF{EC{(mW zs=H%gz(2p9-p&pTjB~}>&Q9*(%uF~K%Z{42q2V#yCgivmjwT<~DbEwwo@5~i!qXi!4T0?_~}9VKU`nPmVm z7L=uCt`KM&o`lp~4g|*4aPy%|5)-9EM;6D1-8o*-bxAkqd(*sh_8VFDS8|$*E#l%F zO)N!;WmXbny9+qZ5YZ{Nzvm^dJ2D-&!_sX&!4|}^Cp`w?+XUtlfCoykKhdL)a%EO9WyF*iA>}* z(R_pb{oC2>AOGC{{{rPzR77wMXCiXSKx98=;{!B)XDHJJ38B{yH6OeXSjG=q~3Ksy{+pM$uz#493; zB-jR}F8Xc;It)o1BvD|qG@;`lM~R&U;5381F`Kk*B$Q%PiW`l3tJP25l}odpeC^Oq8#094&T)_YTvGpEMl3dr7U}X46 z?=#DL)7{nHJ2XK!5+Eshv*N6@q9{^xv=YUYctnk6XEb|u<}5k88jaD6JPA@1DUu)w zpaH@I-3_$wt}fG6)#Y89O7FvDMC^P2XC+#DwonJBx+*jB$B*~lyZ719$&;sNrtiZR z{qmLPQ>m>B7cQW?&7*X7Mc0PsGowAd3NI(DwlmVE zMRPYDyA$Mhp&LA48FVTf6UvqhqXE1F^)Zonc+&7|hx$GNr!{?aW;09Mg*vd74J@#Q z?S_GWs0IQIOIARpC0HlFJHW2(5Jkaq2yCl;BkiY*+S_K{4>Gm0Jt&hiSp!EgH#ORB zgrQx39JFHqb#b)XLy(bCHpw7xFf>>~d|i0^#2e*wVu-(1FE`XmD2zpRi;GKT%q{Y{ zTrNx3R5D*gu1k8g?&QU~stF96$Yvc9SEOc5_4-EDVcEmbw-MS?Qy@gyJZr|;6 z$~`zg*QGcQ95~>RoInqL@Q>er?&r^Ub;MvRx0A_3M~*GtzRLrPG|?<#2O`*UP^Ab$ z;YkSSXw>Qr(65-J16-RnY_FK8_hf;ZX^I< z#Da=l%hCz73A{kXcen0>;RPCpe7~9k&jZi3=D)KoI^PZjq3?(^^`cjE*aqSEI>);a znKX@Ry{4))z$A($%bFMsxb24~C$;lC;oa>JC^|G+J|>%HBedC1+e{O)-ZW{eOk%)M zOJbIm3(Nz0e+`=Z2ZqJO<~&ViHw0(X7A)v&VlijN=TktS3&mX1)Zi8}JGt4J1t7pa z0B!z&s@2Oybd;&pTD?#TID>+T;CN?eNAf6;onW^OF#*q_8G3sV9k3IgR+vmM_ z@#5_L`SFSIO0B%GI1e{|<CnJnb|<5V(#X*8^5PQQ z-Qlz6?=LJw!m%Ix;0G&9i+}RRf7H|62|ssw{5&aPG^pxC=O_!f38d5@*c6qbsx|0z z3ypNc1S5kT1|1&kN$2K7*abYz{_?MwMo$b1KhGBLit`1VRN;N1$ zN;_?$k9qVI;I`6QD3e5$ILjoN(KI5^4py<~P8JneRqOCANphu9e(+!^naKDhg(q_v z1=)v23DCI)CPAxt@H#$5V4g@RNLO2w0DwqJ!-`jUPvy{_4f=^i;aQa5m0IS#t(8XZgKU#xCvXJ*K#|eWhtx}>x@5o;v4{|g$GMO z?0R~8L9lbh0vyKs^LOuFzbOj##MpR4txZfEh=pS}uHHU&a&2QhA;=2=Y0jQK`_@}; z%-_5H`A>fWl$+D(1Y5IrVn1uz^=hNxYPg-Ar=EE7tyf=f)av<6R*~dJqw!#M`NPjV z0}ur?8f-3Ty~9V3MdO{TYa4-JII+IPlXf9!m9Vp%Q<6kpZ>Tug$Y{Yz8oa?q39 z@OXqK2Ty==*vJiRg0A3O)5|DuC>&%|8G~RERw*bl4IN={MOCR+kNTBb$?7zT%4`jO zW>}55YcYZ#!PAq7!ecl}wy@nC>M&SUD>Vr{2{y))nzjKb9DCH^pU^7`;?p!an~}ku zh(c=~y&{X06}7XE=~0mc1)&Ga5Z3{T<6;yI;|dR_(6{sV&=Wv1?J2c_8>fVd$~;LW z!!5OGIW=;9>d9)!XiH~vEYLzSpr+}xa+nu5QFeF5DDGFlTA?0b*ZP7W3{ zYXucDSJfK+KmeB79f`{hu2HE31_y56yf!;MnakwIN5(^h zfKKHlUTvcdJpSlYYik?8lcJs7SKhtK*d}%HZf$K$ z-JCvp_;62Gx5A4r{Pbs*Zh#1#J$3r%W2diQx{_Gih`S#Wv{HWx&jfKT*A1NXq@ z)^!d{I!<@tS(0?Z(q2fQ*jP^F;TZ71Oi^8do>OEegKlM1bS7zNMtZxb4v&HdXm1REh>h=cSnoE(cVFJtG(5(9wjl=MqR7cD&cU@FHgyj#xLt0i&kxe6Y0X-_?(+qzl@f;X4NG!xrBZJ1-aYwzadL99kT0D) zaps+O-g)(vH}Blv)*5xtB>VU5U0Yh%-blXw+S^{Y^Y|A&JUr5~wKydUb|4U*nO(N_ zHPf5PFnmShr%#`qoVpDxM^uDRBnYd$cKwnhJNgH@?<5i;PNi`d3zdm|2jxIyVQD!` z+E0{A`JH4M?stA+?zg`2r+04Me);8>Gl|st;__!d`Ki}l`em(Do=YyL$d^}g(k+4y z++1Ie4vm9Oz5MPCc*O7o0HJxk-mI=y)H)A_h!oS{{u?y;4Opbd-N>b>Jn;bPSspf- zwB6Kmxt!03NeKpKh_tD$T`V>z(WYvKK14F#v(7afHpse*XFL)I1XGX|P@HzHs)>Rk=~%HlN6W#H0er(5h%7<>vBYs? zV`ti?3FJ$qdB;GvL~LLJOEgupX0SR|GxAC+qm&omb8H>XP`OfT`n`d0G;Cx}VgrM{qU;F-qkdnwP%6Rgzjb47c6JtC1Cl-a)6vbq1PIZoq2q2Zf<^Y#T$<~T+XJ*xq{w1(~}dYPjvOf zx7RkNZ`|EGHo82$s3PjBr0u;2@fqD|VW z0fPdN%L%-P#37x=gG`7!a6LnAx&&nL6qx5parczfCl(I$d-wbSbzYW)8%w4 zZq+md+X434@Abhggu-E&lwmEeZT58bd)&c#qxRNYZ-P0hR!c{Z9n5D+c&8>d2yy~e zktEXCOr4&ZJ#gUAqmMo5a{KR0P6IH2-QCG%G?HHnXbRL4C=vQhlgZ@R_=L~zfAaCC z{K3GxZ(j-qd>sSB+0+j3n4vRgqCJBn10yra9XJUqOUt~6@9YXy>-Fn5u5Kn1XU?2C zG_fE17P%F#>V<#4^76~7X+8e<?V%%0Ogsy7sl3b+!ibCD7g5V^6Ma^i|O&utgYH_OBWX)y}2OVNg z9{^C$#5@o-z_^xLIERHj>5r#zujHq*+HV>xD5 zM%&?5`XyO52`9BOz_Fbvi7LpXU#Vj^iMD-Obk%UmV3j>iV#_eKL^lhCg3sxaOf&*c zx2s-PLGR`(n9w;sHlau^z$vf1{7R`*=(3WaE0ArN`e{m|Un zO1$vG3#oK&b$v_0CV;+dE*Fo-;Wa+Dt1BLZO;$;=n8&Haq8(s2LEK%6^Z3zYCk`A+ ztgM$)>5a8bKyO_g-8}Do!|eeey|S_@`y{Veuc{4r(77C}Nk*`;LE;n3ZdU_hx z6A6VkHa1{K1_lPc|NZYTZ6>!jQ}11V@ARn?ckkUjaq3jPRsh3e6gFf26RhCs-+SB; z1J7Ulj$SKthC$w4mhI>t9BMV-KyAgAO9iu|6Byx*Yj<`M$>IKio#e(&L#tW3*eCMs zhVWDcwzD2(6kNk0nviIOjrw8 zMvz;~C$U+Y7-VA)5uP+L6fBd9K4>d=vA|j&yPCb*Oqu!TC4TH~ulTmh)86&(&Y=oOr_0_@;_E-)azQn7c5oEo`B!Z=LAX2W(u*06beOVXQ#bB=laI# z=;&xLl}H+=@lQ)lwE7Qb#y8Gc&_e>q*HwO@MFdR8bH~IyoI;iHsfn zG7P2+k^;zfRFjGeaA9ieDSs!etciMN(S3+;&ZbvIy8Do{C=YoN+ z!W?-MHh`>;2jt_sXMMaDGEukBA|s63H41WQ;qwe;3QZ>Kld z%K0}M78wj`qYH@@Y_7?0h<=Qgrj7jWuD>k*+OD-doUCRW;=O%vMxxo_|Ijq6uoZOcm!1cp6!{`CI+ z`$4H+efPbQkr6l{moH!b;upX8`(OVi<6z$W*hi+OCj0t&-g^5DIM9W1>Cs~oSKhf4 z9Xs48mG0iUZJAmqsu%ukfYmM6K(t@n`5oW#6M(xMX{XS=U)yO5lSnm}P9wKBC@tu?Pm zLJdlFEqqX|R>522fHJxN8&Gwd;9yg*Atf6#L6j* zXrKWFJqjy!J0rz%p{u(?hT-$&}YIQ&{cF-Tx)W*U6 z`_qM7tz3?VLQ6}FSKfU4$bo~PMBxTO|J}WP2R7=t=bk%#`ZVa#x#{IS`-et`2A}=j z-vFcd?B_mbSoTX7f4QEmUcYs>dpp}ZIDGH&t346_PCm;6`v@0#*_qx+kB$uIvpXQ` zTN~>qj~{#LGoQ~FDwZtQfYFLV@8E!1%q`DP4-F0RwAWm__@*7Vq&b5c`8^ zD8Wsfajuiu=Bl|nlbyU*plE^qiB?yV=ZE>c7U}LTNusJYG!0u4i!$bdpfd=bJ{Dbo zw&oos3&#urAm%^;InkP?M1nweJFDa2+&PML`Q0IL?NE^8{RU<&nWH$>-pyRz<$CYe zBDY12UY}xLhNPx6o75F*@hl^fPlj(pVrfypL#LGVH+A|Dlc)xqa#&WSSOEjQliF#r zHk@0yu2#n$GN4uk;*DC`&beJ80M?$K$i2G{I$|A8r#v=#ZZ!ewM4|SL>h)Zqu(`e6 z5sa8JY;r@CrJlaNU^oER-`H3aY~HPa3J+p$z(zw61*ar3rm|=JR1=RY$j5-Z{C^MGhwTZ&DBkSm`z=6)G91vm8#W1(6=x*>v6%UbKJan z6V^YmcW+Nm57=L|-uUvDzI5x>t)KnVo5REXoxR~|xvY4U-}~Cv>RMA)Jb9B-8GdbH z)+(f2S}s#e7o5J{;Ss<>xm+O}jlr!|DwUw$x3RwZyZ`d5{=It=sqE47=U;r`r5}Fp zS+iLm>Fqjj>`1<>;=EL90{(S4`m4)p3o*Xqe8uFk(5$k z=uU+$qg^aOK}94I0erTyy`nXA&`iZ#5fD~7oi=5zQLO=~uM~;_pFfjK1^ofI;AXm% z+1WmO{t#H3;o)KUWj<3_TwHVpd?0FIyW#pkp1>^91}*hMIUJ6pv#4v`KDR#*zy>6G zLo4g89;>2AZ-LU>Xfzs&MZWdz*9tocFDPxdvsx-g{eF0d*3hOVr$P8W_UKcKcke9B z+#lRGFgrUtxA!GqgaTfcDj+~WL#<-`s#D5;ey0FRG-l9Nsf>AP|K@rK~mV_01i=TENDCGMFcs zH+P%P@nmk5ZlLVi=t1G&A!#+timIzdt)W-zx@nkT`#>46jL8Ab<8$>I2J1lz;9%usm7tEZZm>TwFZmQK{4v$A5z{{cxdbd(7($*Aa#)o{?7qM{?tqJ%Y ztaC#vDx^0)MzD5yH|=@{q{t?Ds|2CQ)T;mhpj1ncUZ;paMbYV0+=}891zFNen)rt$ z15FfuQ6LRMER2<77B{R=tHL)d%Wc_Y$4f93D8rUlx5y$p+5+J50AZH3GAb$P5JwPS%shlJNd5<%3 zY`jW6C-HbE?8DAZ7XH8Z!m|TCy@Fn5s>RO!fpR+AbzH7!)Fc;1>?zNaeQd-Q=j|I|MIOrJ-(-J|NhZj z#XufSX)nJ!CTrKf*s7gq^X0amrELe%43Sphn9RdSEGD#Dtb;@gC0=m~PM6T-?eII@ zAT&65iD5A5pL38YvyOHgoGM5I(h@wPj?NIBH%IOr^J`&m zfn#A*MMKw$Q&!;ZpyV=@9r)@W99Ump@9ORZF0WNe-k>X8NERzQpZ%4ur80%yf#HU_ zcH{P)lcx_cjz-g}4GoSofzk=ipZ(;ym6a8(T*!%zdaa@Xx;D%P`4VIW770(Gx3@cS ze^YTe|KJ;c*fliX)7|sd<;wsAHrF@cj?jK;`o4YplAGJ7&Yrn+=~7o`=T=4Sj>kUu z==p;O4@}>^liu2dZM=E!Zk{zddWQ-%vry{D@1zHN`wBbR)ny#W!PAy9)c$f0b@qCg zvopJGYE0}KkHwoLT1n^DkQ7K1VK?@7u&^OKnqMHmyanG;Ur2X)3^MP!1{#PA`~u0= zt0dw|MrTk*51rt_ODIdwvWzJ#WFj5|z!8}uV-@o_mjgg# zPge)XF8o!2O=Zn`H6yyXrLDRCy*OxBsZyOfsEzdEDn8d-Mm-et%(MZsPcnr=EDC z(PaMi*&qGW5C3t`U>AH!!0YSY*U$40bwGYNc+>WkKAf3`O|=2MVv!#97C{#zHsK(i z7e=%seDGNDj5*CV^7|Se#3~&@kz@muA^cwCy)0&MCRfm7-$RWQ)TatQwx~Pno!74w3b~zBBA?3u+VS~3 zkx(!e@iLO^^STM|2NbTmU2-ts3;5ljVrjEJk)+VmcpjiVr_&9ucQ96FCuLjB{rmTW zRFQHeJh7EZiA)r6QDp&VQ`H(YjgX}LaR3d$6p)Udw4w_my1*AmT>$1=-MMkSySvN5 zG@~6o{-B)LT;9rWA3l31kt~HHJAkFOlBq`@e+-OOwb7{5w9L$Xk1rJPM^BtMv9+>n z)Zj#w^=eu6`m@=5E}c`vD}pWE*TJ$?H8xtWF4d{sYi@G#uqTd%z;^4!AW z13X=|x=wsdoWS=E^slY0b%cXpdNaxN8<*ZXaq9TU;E7k>cvEn>mX=oDc;&UaVJBCY zSfg=xV&BZItCM#o2LzD^%S8`vn~t>UZQIau4}A#|5gItoq)?TTX`5vHP>+u&k@O`T zCTPIkmH3k4bOH`+lHtb~XL4aj3af@)C&A)TCqTQ+qJ>ET2F)n1hT2|rK*>L zX6ov~EE6od1ct>@{<|BM5NWiCAx%I@9w*2yYXaZHI6T?`Ns=+61tXj$DOhc}DcXsx zB#tGNN|jm-HCazjA0Xz{)zy3V?oCckVT%ct0lmUudY)OUmvz0$3!zLZ843q$wGu2W z6m)0ONigv)Ss^8UEbZtEp91%;H&m^TT|eDQlq21(%Z0pFm#U>A+!4N>WBdX1K!Nr} zXMSoM&>kHd1bP&^T9L+E=uW}f6|}#AC_HW_Xbzwr57)L@9+Qa^zmagO$}f}6cuP9 zN(;jP56c$|v$NBG@Vj3-a`sgJKyOD^cQTtzWpg4gWD3Ra|HD6ofZ)aBqQI;zKPXnp zU9oVbUg6vAkK4emEuGZdw_QAxw|WD9GAFjFt7zUxeklqWL+avb&u`G9q>(WT*1xRQ zfm;a-@_kUiGSEW>l&%9FEhW)7yO;D(rm{t*De5Y5(6nNkJl7V!wg^)9C-M0=NP-fc zrM9<$xRyk0E#WW-qatBf;%U-sgTfWW0*np!gqd_4)Aj?<%hD0z2!61-4jWr=EMKpw z8|z!w$yX3CfFyX}yvd?zsP$S&HOO!hwVKJMK)m7qn3*5%Ok-LJ98On|aBv41uLvI= zjYN97y8*^F4bA8CP3+qP`v3?M{t8eBATQi0katoSE(2C~xxmC@0VixM#b)%}(zHg# zGC=#$NPRM~4LlDPKiJ>b-P5_cw&wP@cu`8_N}|(${;_8SS9pE#az{rDcGRl~!+jm= z8!MP}%P`;l?)O5G*t5?*3lMyCbaZ~I2!|ZZJ$#C;nLe){07?qq*YZ%+1tCHFcv_t-^I+ z{XsuYc&S$_K9Ae)^{Ci`9-~C)hZlIl0)Wn`@c($chhbu{*>y5z5A+r#yU9pU^$;J`rMes0VK~C4U|fSi?67{dzJnr|$TJ>b)dwX*;5DKj>ufX1JZEe9b1w0Dk095$K-JAdZ&;ReKg#}Jg#>e*V zB-3+~vzOj{#}iVToa60x-|33SzWkLhx!unB`T4ok<Gm2ENfb($s)Pzwc#iVp6@yv4&;ToA6h&UaxVWP6Wx6bqwMa8&vPY z^8lqtRUku>sdYi;>S)l(Tw_p4D5HwUO;Ja4cfxEdr%85@nhk@*nRHU3X^|_x&-6)F zQfu0A)1pQ6h!$iWFfPsEVnj})FMil*3jZ7*-#a%q_u`8$(e%PdBt{@gsdG3AVoyeP z3wlH0gqkD>iraJl#?-)2cfC@I#e+suOQ$lO9ewan&z?OC76X7Luxz*skknR+V-q79 zAf_Nya1ua{VV~j9ZYPuQGjNga?ryl{L?U5flWW!KbkULoT1ksm#YROda?I-LGN@tL zOu&CmXBWKw{{0!B&lT_NURhgz_6I-wfByV0B&X-U{g1!->=(X}oZX(haid(x23*Rk zFTQZ@{He}JuqPIIu&~xY)DJA`2j748=z(#-BBf%QF{9cjxv${NTHO|M_Dlj{fLJKe~1I z&WAtr3_RIZ^%*s$aH|xag3-}Pv5uu#HC>f8j5<1aR`I%tQDw23#ApJ$_IbR(hd`l% zS*OjzEE{Qogk|QSDNV&8hP)wIU&>73C`fo1r1qE6GSF6TmscdPxLm5%0Jj^BCIUpn zhyZ))wE`emRB5C?C}=*DjPlk1zY-km^ovT<<7@_42Y?pQA+Rn5lqj$2q=JRi;@O6v zYnU5~34YDA$hmlqZ|Yp5V)0hPk^!Zdm8KnwbpX9fC3or$As*}G1SOZOz5M1sfK)Sv4@jr##Ols|3!>^X|xnz3nfBx*}rzWQ*)}PTVXKZYF?%ux9e#6B!&5CB} z>xrF-(J>$(+lg)1?QlmZQ_Y?E;03^EoW*_c^!aSwo}OCqhC(in_h0?%e?579^2EWD zr9zVvHu`!xntFYxuNzcWC6|F?nc3d_ z3kyf~pLTJPt8d=hTuk+M^%#12<93N}$Cju|0m?(18*2H9kR^&imU|SS8KPCwU@tnPD z^jSwM&C0eKO@os}Cv}}-^(aeQPccB*>2gu!5r*3?4)8hD_R|3o(M)+R)k2f z3zQIC6@Z}I?a%DwrlzJJJa_=W4%SS^H_{+5O%-q|K0q=cRX%S3fL(WYC#djhwb*Fn zKx>wY^=cJscBiK9!P^0K_4Ibq)D~ECEEWSe4i|){GCmfdgFvxr+%V`6t!y?2Gz~VE z_Pv2M!11P@Dc!7!oYQRbO%>Z2i=xBO>cwJ#=3P)9GteebU9gAC%gZX@CQeSLx8Sc@ z)4YBAHXJ7q@&m(Tul?f1?#`~!V@KY)efzcdF1cO4bEi&TeeX8lkaRkA;oNyZN5I<} z)!M!ThpM#(+zwnhnM#l#ur)I?6AFcb(H_7;dk-G`+rRtH<;$1P9Y5ptH~|J2q@5t} zHh|Qil_@C)eEFHrd?u62!tn+LcI4>sV!49Nf&{_MxyQ%HZ(h3j=;=o$@7)1*7__}$ z)n0t#)%V-KQ&mdUDr}$0GBic4jSE}ODaO%GxgZ%tOsi*h1C!N(F9B_pu;-{jp&{uI zjh&q_t&d0~@mylZM)F39&>)jW|0zzO93Oj239KZ6p*P@yP0|KJkR@z}OhUCB@f=py&++XvvMR4OYjADjdqj$1&>U6Rk9C{|5&H4k8O1<&Y zi_dp-$7+?z&Q|h^pZmg*3+KbbL+iD2ceo?o)%pFu`rAOXYnkJgH&*-}@9mqn$n0~& z>vXj<$Y=@yJn`At*{44A#3w%SiS1+>?ANIiCmWSUX(yLWB#pZ6XKC?D zy!P5_BV(f=wf7emrlzLK)f&LLL?RXM^l%P7-VrMla${qoyyQ6j$cd}B-ir?o@apO-_!agLR3?DM<)w8RDm0Dety?!vizmP+UO0X#Fwkd*0)r!m zKlP>Gy!y)P@I)TW%xLV==)OILa-pWyrY0vnk`(ay;aq`w2Hj7aN|W_4pk+X_-n@Pb z^kT7GI=ug2(Cho!zxvKnGI*9}WKp83q0{Jw4q&H~_Z>eBb8}N{SPp zPAawY@{6yG4UK%{!%r8one~n3shN8RPaKTIx<3A^zrj^`d~~@GixjNbIbyufF%*d#kIffLMT}D~jL2z@g>I&NSgS0B49zFN3;*AIg<{ zyIP|U3-7T~-oPN7|;4f_DkCgAUcB?D#vxuly0&%5pBqX{>#dmvk>R4NjQ z_7C*ZvGs0@^kDGJ6Y6K;Su=$1I`?$%4OPpGMQBV_&RR`ERR%H}!L2=NZx`nnvf_^&b2~b447x zl`0}HOM=!EHPD$V0C@*1i7v7(mJ~!`rX@grJYd)z1@NhXMeTT;>MVNT!y#YT;|c&; zc;}sWZrr>EA`W8Ybjo1CLC#>i;k1x&KL-yK{tEgalSz9$5r4qjH0#Au4jpIZy4wRv z+%+^Dt5$Jjazm}b0Sx%V{r$Z@Z_u_mia24-00U?^8_5leW!xa6AOu7|p&SD$U0GS9 z&Q!R|bUFjK53k3hzEU}t%Sti>AFXKuhMia*u0Jr)2iL?$UMS$8UV?F9-{uyUlj)sk zC=Or-F5>rf37p;45q<9B^E;*57ry#?oA;JapFaAHuYLX3-n%ltvD(?+#|T`st3&k2 z9o=28zH~8LEYwP6Q9|2IGZ^9e$>cV+tH@+7y>;meU;M(k(`Wv}xBtWQKYK0~4i^jA ziM=E1nG8*Kg98S~hGq=XM+u-7lqe?4Td12s`GF{#n!TCZC>Ju%{p5$$M(xRud??!8 zoz0gehrqY}pj1~e?Iwv>ao=juK}DyPX~CP6*NZqg1M~CIE`xqzSsL3k9vab(7qoe> z`+%R2Z&Cn&Wf{o9sFEg??-=i?IU3YD(BTUtWu9es`-jn#dy|ZYM;MBX3{^F-7Nbc! z+|@K}IInv>tW)vu*nJ7Vc|w(T!xUDfk&{F~qMD(rpo9IMux+sGt2;{%R%T{q0hxp& zL9AwhTht7idI#r(R%p?LLki0h$#t)9T#{Kmqk_HO-b(fL^*L-g5Oi90qf%{{CMIFk zs(?)aUC17<0?&qeb}0#iCk;1Jt2XFIEG@0{^$vtW5fCqUWj>$rxP5TT@c&A=hTX9( zbWEhuD~iH~BR)V+maW5eu%ChKg?9mo0bL8rfJY9>7z7A*Z)s%((6AsWqF}2vTM^;x zGFVB{8JS<*&Mt2aj~?`x%)&EHDBu7VwKlH&5PT#&gcYns;)r0dP2*ZI_0*{2P z`}C(jtsBObD^~!h{mtL}&8gF8Ck`CU6)=1A<(FUEw|8`8uuBm6^T*GE$=thdzhN^w ztJ|$2JDPXcc8=PZPOr5yq0EP7$O^P1-?E#$;lKh4;)(*0MjCO!H;IxH-j9vE8Ja9d z&j5WwG?EF_hzc=0Dl$_PXB9lG(P=h|_0R-c3P@;wWNe2{UI5?^>?}5pRU0Iam63S2 zQ}VVKyo(g*e63|XMcA4_U+5>z6X}~i6@?V;U9iHKR-V^b^YsK|5~&oy0V?Tc=2NY*q%=lbH5{tKi#en$)ed$qv*I|8uWi+cs12zJlUsJ$db!c1h{i4Qb zLbJxHyaOLUrY6%ITZhAtWC29FP%P72V_CrBW5vlkT@s6-XVkB>-vmWz@ae#XNtFoC zU|k0KSZdX3I};C;tKP&(Ic(J;QC14+d~P4{g4N39ZMQCRO;)y@Jfk2>vm1Z~G^3^{ zcBz<^B~MSsnBC-Nr{m zm8X4ved)oi@R74_+pZPz8qW?5_lPn-Gn>)WrZ3w2$cH{5@KQ-NR@PQ~ys@6C1Y0`?6 z7n{aNe~4CZqX0)$=fSeMTEsBj_Jm%P>EG)O+6Hha}2k+ zxw*ZWOmAm6-tO#*c$}>yeBg>;Y5{!Gx);gitm_(ItC|j`3526sscEV=7|12E@VUUT zfNsO8Kv00@zV+5?N008?Nf$EdTlIPaz*s(?Rd6Vby1A9_=@~7Q>e*Bt9x!P3xd$7= zBmH~!AKcvDVP&^wfhm)h7w(ge1Ul_k0DOq1MgpO2G=N;z`?@+n6O)Kn1nw6!E~q!U zdyjwcu{(F}g276q(>Jc&K6Lbm%j2#E0eh@2-3l}czT)F~uv05r8 z3@um42Sa{PxhCfTR6rdR*lb$G+}wBHeK(s(J@vUy0=bx(od@MQI5JC@026AjzqKkj#F{M>d zwutSSWGA|4=->q6fCT2<_PkQ+L$9xpDtnwRg(eROEJt%dMX8nFWRvlYgqb6+s?{{Q z09q#SeoCv|$}edr_|c3LF#j$WnfibkSU?zXI0PJ#aHyLxEqESNllRtFR^fE`Nlda( z&`F900&&pdK;fwqHyG`p4iqrEY2Zr43&V;y%Wi0RxVx(l?s0Q#b#rs$iKiX`Ik`g0c)iR1NBA?z7ZJ<9QK6rd8pe2Ahhb=F2$rC>k{ne_JbfvvwgdGqj*gJ9)Z#sRw*iN|!y>>D23%IyF)Si814erT+f zJlgivJK8m9==#L57n*}@G%`az~{^CygLUhc{7{6{q4dG#&L3k5h1HJc%YN z(Wli`lOpN!Tte&ADXEZDpgPtpann#dj|SDIywZl1xZ1PxWfUs zLOP9nZhCq;6bkh8bZl*{jdtw&#V>xbZ{NOPBn*~nWbgR!$cSlM8(Rt9-YuGYIJ3k- z`hQYe4r{fLhl6fxwKGPa5jLyE$=5bXCIWGGDqgsTR@c-<9gZdPe3CFqv+D`OR9f8_ zNueCaN*FbgXynO+zbH-tn=)a#oz|WeMl<~woDjv^4|UD~S*J2utyic+hqim5dL4nU zfG`)Njb`GJ?kWnX<&~wi+c$5|-=Fn*l>XjcpGN_Luj?8Be8S)BRKZ{;Xf!L$a91C# zD1y%&8yka{-MxDkl*);{ds3+ctl8^xt*$NX*|TS5Wf6>Kf9Kfz!W67_|ABqQV!lxa zg)x*)XYbs5P^g*xBg6hcB&<7(T1B^jbf+Bd;)!Ds#>T-Lt4s49rzG;Q$-2ws0hOug zDyT^iQ203(3-=H7R`YofFFJDr&MHQq0+{DtZCC-H|G76`=;|Bj9~`CLqtt>8`I(5onTBU5hUadX( zp{KwYf%I&FqTbp9B?{pC*3FwBYFO6dQEVIx(1ddW9BXN91?*KDNmu|^}2uFhyA7*HF)44Wc{-a9z@g+dPSC~O}< zNz}&;6&_VA6o$8B*+#Wia?elNcRvx@!NN=hVakWr9{(a~}2_EssOrLvq`n+dPa52s>n zW5X8=t!-@=YBj;);DC7pL0D}vu_gPlRRru0NYCKlAjpaYn%v{j^97JpqoOOaJC#hz zydZM|So~t4AUXi31mVT-dwBZM?jCq0$TtlQR#nXTC?rcAJ>7Lxw{){R)_rv1a1%$$ za2D&BoSrJ?@>Op!9*-Y8b}Uh^0WFS1LOTF5DkY~&UR;_3*pNshj-5OK-;3+3H>W0L zk85dV`N7=$M?e3i_h*AUcB_7=$f`)WZP~)U-wGIL3kw$+)yTvDvFcm|9`3*dN%SS@ zynq2C?1W^ubC6LV*f^+!@@{IKiIo?Lml4w+NsyC9D{bsN=del2Su68o*B6FE5gd$6 z^Y^IMq%K?dD~6=W3_F^YOmmz`Tppbey43*U7r+tARuxkvip4_4?{meYevi`yyiQdO zwW@>QN1Uy7l88tc)&Tbl$8F`o5-6%zEQZGei(?y#APr0$DCEFeS<5T)@R(1ZI*W}6 zGeDKfGqd;h9~c7xEtQLbK&T_$`^w9gHWK;4z57J3ci-{jyg&5BV~<^Z<8>#`$*`*o ze{Xi~Q%`>oc+v60hkPL%>t3o?)7vXR`#>h(rn4}>P4C-pWw z4?<%JCa^TW%QJcV&g$yw{kgePwF2Y}&K}qhuzJa4a%E}x>eZ_t@gUitR-2p|@9fmf zCd08Fmy3;bfM&PUW+Ii`yLYdk$R-vS6oDpO4|K`kaII);V^Kv+qqcJsX} z?|$kFpNsW%J6v+ZG(-~O0a5w=um3UMCh{$p`)+GvlcoMmRIXT5WLk#p&<*qbj7(Ib zIG6}!0xnRlVn#lh3l9PzO0wH2q6`Zhb%4_hK>AtOVuY8d|CLn9*}Ha}X-8SxiPdyZ z&1S2=P1|2fgBG$=YV}LwI9eS=OC}INT1KN;XV|7wbArI-GS$`9jchIjYJlTJOyIX! zm*jGoj!L;~;NTmcZaqkIGPw;`gHwLu=-CJGb$<@dKzMxICCT}nOeUEsRWm?1bVDUZ z69E9Aj9RTYHa_stk3Btm{|-FPQztK6y?XOM{pasIcJ`ygX9j>vEjcfMn0(IUY?O7CRhQt9nYN-+Ud z7fq`--s^B=v6&fq2@3IOEW4cnq7AC9ue%59SMT3{<>g=cJl;=!=F>nf;la&JO#?$0 zaTW}MtInbBlgCeNt!?-B^jn&hOXmu?;`FV19mBmq|0$Y>kApkHq}c84w5oy7hr_{K zE(1t!eSIw)33hfxvBlrm*jj2^l%;czoUf@3So4Xa$6mU;z{|X?ndte%lww-|J8aoP zlf{S-u%C)*kRkTyGpfVhu~w7ORZVR&67S-hOf#<)9e}Q6+qBm*g`GmBDx;uIqs$gNh@beFdac()Cl3_h8YC0Ep9wQ9YlR~sDf0e+=vRS-^q zJFbh&#`hoSKHdig1Gzqu3EjgkyzQvJ?QM{lQ{3n@+SNqRB3llr*71i z*Qax(o&G+Ml4x>g!?fdFJ)M)2lX5VSs~gdt!TJ05-Kk7xckkxrCa{W7n7MiVidPAE z_*l^0`}2$6?HuX2v;FRkZ~r6^>gg(qUwGz`U;Xv3doA{r%WvoWpwy{%|oT1m>dLdtKCe{{5NA^zMof;b)pT9k=*75@by|IXIYI*jF zXFgNURn%fra0h4aT^sH5`9;I_`_Vf2y}_=yHggYjto=>bBmJM>YJo^BYLaAJR z@}nO`vuPrbtJNyCN@-}I563AR?B;4}v~NJb*`9n=GxCK}+!wZL_SE&+uYT?co}`yk zzU)+F7oAOwI0K*;X-x;p3$6*Lf#^tG>MN(wa-5h6gVRIA>F>5_r#fB6t5rw6;tb$5q*d)!VJXflvX zP&1WMxvK-cR7*>XKDQr3Q`-y6%Zs38J<+gH1yb02=E6arm45pt|M)LHeCWS_=dTB1 zf#mjTrcl0c?&$E~kggi(Y}RzJ7R%N3s)?R^*eHcIAv7&5nc8fsT1Q8eX6$bzGlPS} zE350I_qr79>GA|3nbq}bO?7*N5x)}lx{PXx15;=;!;wI~kPU_dYn6;E;M>Zi4<9~y z?b?l#k9-W&98I5FSy}tQnIjJ#%mSOvSIhg49D-d1d##qMz&b9z{36SX$4;LNg#4fU z~m2Yn8>5Pc2A z6NJ;iciY)fB0{q{?cJs{x~k9x)K`fxs1t z)o29nNNE7Zt7}eIs8Ug3PqUdkysNLTAEW`K9MpsC!bRpXnVzn0uiI11<^Z#Tz0TU4 z-xqW`-SCNP>np%`fP7`MS)Zyoto-M{`cbA*z4PYVvr|_heO)zHjC$NB4jqbzBdOF1 zY@{a;Y&4DabW#*t0`H83-8S|sV8Nc$>iK9e(XRJk%6p_=~0&=jZ1)wzq@PSTG#jGd9xO)jcxM4?yp@1hbE!J47NGI@FR*QHVR`MCLMm* zXtl^A$s7iC1mF$Ga!+?RJR7(lRh5DIt6H^IE!3-dv#GfhfQhogd5F8JW|FESlI4WM z#zEvjLGWa(68ZEd4$RhT0ly#fB(M_+ya4RJgVsjt76a=96oiwC@XHBDmSNs+9!7OA ztc3QP1_Er^tfnHtYBcKQQVCuV@IHZ1DtL%I>Txbm@Apd$l#4|`*=kkHPE&3&KPL!Lb>$(3qL<~>Xh5#t5>y0&Rqxvf-heD zd8wF#hX^RIQpwdbdf4w1Sw|tWlTId0O|=bFcCknV*cd$Wa4-n_35Gu!4)=6*NnO1U z<`+Itt+QIws%zcxj(8vnpWfd+fVQ3xX9M&EPiAb(5~lVzNcSyLxq&4TG{u-FJ#w*> zoz4dblC5HUBp~pL69)rZwzn!v6_MA~8qjo7`wOD40Tl&Z#tV!nIdOCji^Ik(>;t3o zqF~{t7^Fx^qse%bPGLX^ldF(XMPv_+se)33A3%xdbN)%wDNjF)^5AfD-k1CBHw0LHb6mkgvF$KBu#lfd*m<+XC_p zKj5cFB5>=#GeD=qIe|@+TyA*T@uSC5i9|k|1LF?+pzxxDk=NH3c^qfTV{R9RS%{!5 zwj{^>jn$8Q*#_eGnysKK$zW%LmACQZ($QO%+NVp^552p(SAiqG@LPG(`DZzRw z4IWf7V`!iSgJ1_32iBAtO_AZjtiw0U0od_;<#&HCx0C+w|K&d~%uIPCslTr`vA+7# zAODkP*nv>ESS~u<^6J*w@e?P4;fUh&1O;JcaSf=b-|dP;B9{r=#@zC!}%80hPfMd76vo*x|Q_qkn_ zVj<{@gK|ry5@3ZMd+gC$w{FeMOaY6+;aP?TZ;404l~Muzsn)CYYPqv-cx!gXr?~vy zz~=HQ&`_7+{M*0!YndVbAZB;gplYb-Xd_8)SYX_0`=OKhAv9f|v6>D5qofh3qp2H! zO5rb$03D_-<4;UZlQLMqVnrex5d#rm&S7!@ zFvtMG1O^ZUGik|M1>2O9ybiKg>md90{_C@jYuRgw4zeXmv?N-Qq##PnU;v1WNtm3w zr>Ar7t`5~z)zy1n6)@6z&YU@e!A$q7_wKv*``)|vySs;IU_)jM5C`}OgqtaJc~5F& zbQb_`uVY|a(FUMfdbYu}%EdNGz}#we45?)GOMoIs4FjN%qGa_d4{Vg@D=-77RfAr? zv9=EWH4+Gd2Zb$RVD#lC5;D> zm0H8@_LZs)oM5W;Rw&XByK{MA9#B@RiBx(Zk~CXwkJldz_|E?1eUrnnQ%t+OuBG)w zAkkz`Q!Q~r{ZZvq%lGD6KPgx8KwltOj}P=)EQw;d1T(g^wWR__z@vpiVPt%y#q-Hb za%+3bZgT=Y%%oG5a{2hN!|%WMRxGwTH#@VuvS@+GVuI~09rOIj>8-BN9z@U z1Qb}gAh}%*So2~b7msZkSf<0X;O1dxwp*>tPSR|(XSR2ShDIDdq-SHGDG~?)yeJF> zWpFm&*V-ybH(E5inhQPD3r0yPk);mTQI$eaj;bIQvbh$AvVr8P;Bq+O)xcdbj1lh{ zk&n5E({(X}TlGrim8^E{6#hfo6@1|?z= zltIlNR4=Yn^sMFpD9M1m-GeGx=?F?`4Zu(#_%>^G<;scxJj&IpFa~s)B)4fT4%nu_ z!6>^hT1ICjHK?2qU9o|6^pHm+HKdm5p@g~yl34_P+G-+EK0sILY+m5`<>h5Yt3!Rf zD^)E`!|xEZ+2wMJomwUr2kSk4$5D$rdg;ovMyqk{+m|gAR~9#5_a3|F=8AIr=)HgS_ zSQeeKz4X%e(P5w82Qe+Ny#wZYRTfg|iH-f=%M-nY2Gx$N+Y*=S+4EJ=`jORCp8q++1@9)w-Q+#$r%s8h1i zL;=Wh_f}&riUK-M_i!X+4%k!mqwo{803VD}$J*4+W0aEGr*b3Z-d0kj(Ue000>WNT z=@G&;1p>n%jG%ldzKL~2q1P5WyrjYM`HUntA#NhkB_1;woS{HO6tz;9*V35TqDcL8 zVQeTT&=FHU3R*`TRomr;0Z5D9A z2z!l>kDWaIgxxpv#pnKQd3_fAo7v&+j_$wn;KZ53qwjt9s}COCo41=Sj7j2vKqO}- zr+hx2KN19HtJU?uMq%nr7F#N@BQ`ssU|*}waV-vpS11-E10&x*`}*L}IQV^%#Ge1x ze};u9=CTmnNB~7$*=%>QW*cV2VS{pfgQ_WAqX^t;uuxry3vnBlq703&%}1!qLdw+?>ILNV&`7?g3w^lwbo)OzZ{V1_o9v=7D*GDFf;~fBwTv zDqG{~t7{utJ)6v=pE-SkG#T{(_OULl!D$17Tg^gOY6J1fC6kIgXOE-+LqZhP6G&7B zYsw|kh+-}$aU@OJ19tQ_%_1XJYT6E~?O+{qhi0@CI3cZ(!77b9K@obb6$plUf!R|8 zAc0+>X5FZXn+7#kVeJ}1Pc@tQTu!}|M``Lb+3Cu9f;3vq1b(ZN3F1SF4x@?$+KmQS zAAvJ^8ZZW!V_oiok0e-=h0!vpwRk>NvanvtM8$xLq^q>4JUlc4Hr;5nz-D?fjx>IH zjaqXX{)ua}R;xb}?oXvMv8^5O4cqZ#Y;&W(Z_KFYxoU?bw0@s+Vd1(cYLMo<&$hHN z2g}^0`Kpk|*-k`9fs69G`-Vbyjs(ZgpS_sNf5&SxYh6Hxy1-%q)Vk%^#*O&t$4;RW zv`%Mrc{Q0%EiNq$jD%s^1Ve6kMjn^I1^9dcRCdrK4Q5xS20*kmee=e|z5{pN^T0R1 z^<6>4hK44}Rc?KKGq$!2Xm26u~Dm+fam}Ur)ZQ74Son5MkEq}?{`^qB@4SUSFP2|W-I!% zSYU=RLQ}5+jFyq~9co`qS1YwtYNt>rjgRf!vuE$>>M8)Z=bwN6<(Gc~69T^NsmJaE zcj)%`ApRUUZ~$Bv%onO)Za4Ps-FxZMC3wcGm#+ka!Hu=m!NEaUsI*04Y~S8v$ByMI zbzbWI_uu~P8*je@+Y$yjdHE_=Ye*QLuU7uQ-}&uteeXN0D7=2|ZC5z-umAd$OP8-M z%*>6Ajh#RDf!OSV5oky%l}f=Q2ZCXn({bg>6+ygw`pg*sQeL0;^MCmJW~;SOD*oHQ z{TnGDT`-7h@a*vQ(4j-FaA0w5Wp?)3na7?;q|jv;g;SMWVRUp9X$!QQWCQTLh{GpM z-4clfe1ne0%|>86ZK2JzYV~HlgQUb|4N3R{0ri$rt@TlJ?NB+WC^C#5v2~>7p$I{u zR<>PS^V60zyI+xw$_VTtvBm$_MuD)aEx&eu`4+~wT^pz#FsTNrP(76-AvJU)i333a zX*AHR#s-MK)f8YbfYKm1$XLr@!XYSQ$~7YdYE+%9w0(l__v|?e_5|Je$8 zfB5j>Ts8|3C>~1!dM=f7VC96SI}jY?$_VpR%Oyrfb6gET4v-jNWk!>MHPG-UlFX&E zn}f!FoRDmGv)$oUYm~tV)GF}x^>tWRnMWC3;3nKYFFTp1f~!GnUU6;iX`Yfv*jOqJF=3eqkw{$vyh$qwwPQ-FF`_9++OnU>F=9 zy?*_AwO)q^zOl7AGJ?`jR@c`KA0F-|;^}N^adE-p4OsQ;#MsDBUO5XWFr7-VMnfWz zJaG6(V6cDs#$+**!;ri{_hTRVn9u1wdhiff#`KM8_%)V7$wmZ43X)i@*P2Sj&XucI zF3Fw zvxRbHPTzlz*je2P{p0_a9e7M=J2i6&^u;4%il_wiz@%9W^UuEo~@5oj50G(4gv zbEwDoYQ8PXmcL!tgbGMBq^i_#E4cq`r-WObZqy#f|Bp7bYRYPM2#gX_lr47i2YR>K z%HQe?_S4d5q<)5u?svP@C`uE!&l6f(*-WQ%=sJL*8e9ojFVJ@IlrE(O*OdrbOGcyNe8HgA;oFG~u2B<23J?)s zsc<+51`5vv?+>Ay(8wKule*3RL4T{+7DNu5Twi}cov59ioop5%THqq^RS^-F!M|#> zI-ue8W&?Iez0p+U2vDo#R*P59gJFWMGhU@fA`&YzkBX&bSmz4?4(oaZ07g>@DHAR{0YE(*REW>c=>XnRNC5!0n1LL z63>6_D;~GsVs;!jaLC3QdT!K`vD^@4OR?gzL%e!$*(ZbJxA|H|HS0 z*{zO^&6pED%q9{QFKF}z*5Pv18z_YZ;^=TB`r4~Mf(3o_iN_y&=v1v-n!0us=Gp1> zPf);r$-eAQ=2*Mrtzy?GSFRqyG1Bh{7RBYuPe&C zR=At~hy6?=IZQeBQe<^+wRzp8XuHA5&ux91PNE9U=K5=xf z%W7#o#OwL_1&E2P9)P2+T17$=S{)K>$t$J6`}gk$Q*LlAtJM~bMibjr_%A>#nM?|7 z+TpxQr_(A20(2KCowr1(4Ix{(9YsQinA`>9#W9(tP+pjZ#96)0WMpgQ0zf3BIL=^- zgk&3RD3i&=;%i`ws%{K~Ip9Vx28gQhtsT9=1XR!AaKRQanXN!WtXAv7@{)3G22O=_ zyPfK}2Yf6ou0^B$uf6d$xM9=~(HGzv)jRLJWA^48e3q&;04)u!W;U?RTE%2EXc^|C z|K(#76BD^Y{*V6nkN@#YU)tVDjE;}(p9s#+EgD(2l+SH%Z67>v+1uQSZi=# zrm)z0gTdyo$JW=59XCX#mGEik=MsbTC`DInKr3Zfr1~_^OrrN7~Tf7{skG!3{tWmnc z?;e7xd*F5%6Ta(B6{U$=X;5uk)Igj;KWl@RL7Foro0euTT)8weGnvUGgF#nUDQ;F3 zk(AqtrlPF?zRUuQ6#^_c7(Hv)+*$@>g7HG=1e34V8er=#d#F|~a1CyC4I)w3-E|vS ztJ&l!HquzHtJi6T4r~m$)9#>4WF*|z1q2PEjUf z)FTUz$7{9O5eS0~WHiAnutpPn!dt_nwt=)GB|r%tt<};PjC!4p;kd@uRvd8T@bFNx z)qeD`Gi&QhCY#e_u}NL|!i5VPYfG6_5@0yq6$S_Q!5dwlnlu}XmXjxc?K7Xb@WBTc zFJ8P~Kh|xv4)2?=JDjh+{+7@ch%Pn1vJkfErzfZGx%b`&9(?fc|KW>5N3<9%cvmjh zIj`5(sBtUR<)AnGzyqhwU%Zqrl&myQ>)=V4Og5h{6}`cb)9t!GHD&FQLaQ}1HF@dk z6-kcAJ7F_h>~0rKNHiSjNk#0lj@7q z>kSN-0P}&%F`0~jSb$g*@*C&geZ5dj8%?M`bfKK<$z8A8sb_VtYt_6y2*L2T{e1u` z@WsW&$Dep=dwW~%i7uxL41H}CC7F+nI_g~6Xw;96hg&UF6$EIaT;ggKSW^*~yC&Aq zLTx_@_zGc1X!B;16JQRdMHt;;L8s7Gi$g=`P??7!y$es_a=DO*5RNNNtX*9sPo*iA zD}cu{;NuxxzF0!KDoPG(tKFngrzaZ7Eo@;}f*+mzF<^kFo_eZUt?%q4S(X7h_0-cp z2RsS3+?5Z{XHwfeKsF7okk6Lq=4?pl!ag`MJUcr(JUHZZy8*4f^sThR8x>yYNMZfaG*QRdH9@&2g1{n>69(&@6eG?N>OPIPb&DGoYo;vm6 z zheJ9=QgRV@i=0YKdj>(7~62I+=W}_{YjvI{V#KY}&7xSDX zYFtjUmO)J^fCB+(3x~t1t`@rEz|m_7d}KmF;S{;A8s!n2r-26+AcXs}&tD^1(9cbz;50Apr) z8UV(~&~UzpaL&Ym0|C4diS|AJjTg(!=I8&%{}18W=&(=C-@JI?!ms}3Z>?=@oxgJB z>1RID+vgUhXMgDvzxefk|K=O-zWa|~{fg0U8}%Cj7PCghjwBvCa71lF z^8J@zD(18M_fP04Ol;L#I8yNt2o1$htcEZ)1g^!EIy?ulJSiXnY!A)oS)wN)eQwHt zu?9v2^F?#j?z9_VOp1p@s$K9aLYIKhFX<_wXQDeIE_N}9u@btJx_t|Td}ODKRBEse zS}l~pfVADflc3~zJw@^@9tgAC5j8TVqiKeudxF$x*Gyi0waTHhVlB*!ht*pp5eMc= zYika>cXoQEkWa$ePfgu;?}InIUMGp~SWN@9LbsS}dt6?lrCY4U;q|y3l<*r0MJzxF z>{j&z4fg4Fx;VeI-sIZpowU)wL?a%HRXaKg&g zjvk8iy0u&`Z?m~`1x^Fximn0t1)PBQbjd^xo=(T~3Z>2Pz<^jNbh_BU$R2>0TrzWW zVG{^k$k{RjXA(pkYid?FTpk4 zN7SA#fYo3~YfGDUyTk7e&;ZmhvMYes2g{a30i7b@6`d(0?vcsl)ch%wFdzx4-h|m6wp(5KTqzNY8;y>`hYyk@@WO^K+K0B;@q;65KLq^-_NF82ud)x+-wOnlg7KT|-@~3DRcBN7Q9|iymTuUmS z*C;I|!BciRnO2jx+wB7bLwptKB2~G%(PUu}DrE|#V!2c?bvibS$$+w9(Gh(vlee1e zl%~GAx-5$FAOGPWCDKKk#rei-KR$49A`}k(*8@O+jg@CcgLH zxkdva96<1&`1mIwD6Vg;9y)ZWQZB-}eDj;%gemmwJ2W#hGZ>BBcjuiy`N>bNUcNjv zGkM_X!T9n#tRwhKc>HRusDd>3CyXJzlLBB+t2g5D7)3Kig7kP@A%7G&md$FpcIo2S z*cg%ShZ==W{)I&-mCtU&v%If`z+XA(k=j>}+>h?P8%I zi;~4;Y&RRgjr5E$TS%8m1)I|d+Xk@gb|SWazZozm%o~7*NF<^*omcA(A!wkCLaiR4 z3h+QxijhE~ht>|l?u3e(a0qGu6Bs=(9+LqAl+I$-H@TXY(s_LT&9%*eXkWE9x4O2B z6Kr233~++Ruy6hQH&Uq->H@mI4gE#U(~lSyXbJZ@IgG8OaOhXmFapFxhg=(OG`^8 zmi763;5C3>!X~uU8b(q((l=l*8J~Re$y29JX(;mYs{ zprdJxLc@XTXtjWrG@T9)pY3)_IW-6VkET$?m+I}gO1;$@F6_1r8A?k7uZXHZFqFoo z{PC?aCM8*kP&%-~eo(p&fN6I1dN6t|yfYZhZl@9KmNFC?n?Yx>nH&W&x3sh{e{&jK zbG=?orV@!*Mol&~7{T{97#3c#o5^jBj_hkws7DdH`4Vvm3%H`U17JLrO2U3a5xHJf z8rGn^{cHw}*6;NNd@e1m+1gxhG;4cCM;2!srD>q{ zMb(+w3H zqh-wCHA0bSqPzmL4nH($nNqIU*B@DKHzCY7$1 zs^BTXxGOOw{5?fj6_yQtqBdp*5~mm? zy1ftt;A$fLQ_->|;CP8btZXr%|z3G8JFAIT?>{Xmuo5W~<#$RF5kdE)p7v z(1=!>)#Y-w`DQL#=(JH6Pz*%ML29Gu%TM9l1Y~!I=dZqu3pV$({85?P;Y-Uq9L*2kwGwp$>|$6rmx?5_wmEW z58t?PRU||RXD~VGbXrXiQ1X%9Zwxj(qIrKdLvGFHcWL2M56;0s^5KL#|N%i@*2_tKI7lM!?Di zstF+i9Vc)#Ns(xUSTWc)$SFlZ2M-?HiN_TSLA>YErAr30izF~$BeOG8Fo8>JtLNW; z7qv}ev;gGHRujyg$zpEtof_AYG0oiUg4gdwO@2kmX|re3DT~djXK1I@2t$J1`{_^r z(#Gmqe0#gewJKcW4}a~qZgs^(NoY!p5R{TAzSS<*3aV#Cr*v)9Do&|_*N_BSRQ0r< zyq$iEj`5`~p>%`CZxuk_>Wi#q(A~=ER4z_c@kg*_<SrWDG^|i-~v-=RQAd;7BFwA({#E5g4jUJ5uGYBfU(fkk&MA#DfdP_9Rm)i zhk7|H@+SaQT^=Ja#cHiWQ%r*sve_K`JRFE}mFjw}B#AA**9m3|yU^qG1l;{|^Ruwq z+RauzQ-bF-8oTWtXFrL+{-Ycjb5P`a8g06njjv+($1qvPw-hTUSE|VoyEU1bo zp|()BFLKm!b=766p7NGLi6E${9%_i+72!cq4C#B5>eZ;+5!5`?UFBQVI*HpIx>y4B z76LP-(Gf5@`jn8=-mR_%U8VmEfVt)6<%NX>q{%@v!D_)z*loygv*{`4hxn^XPsWcW;a*LO=JhYJ`JG*e*u8f z>a``dH${PSdo8q%AZySynjH8xcq#CF!-GSx@zj$LaH5rR`O!xo9Xxah+_uZ< z1n>-2o7qX+ao_*|k2l_ld3>Hd6MLs-XZG0lBcx3sK_6C-SC&>;qh2*9yWPq+8{5gm z&c@cr$S4d0HU@0AQ>Pv(6iQdGPlER%chxvX=0s*}`n_+7xN-Vfa>ir48#5m$@lRmnTG0tAUQQwA{2csvfi6SgTt z3iV(i=+?Db&0G#KN|)0D?+iA#9gmfpGyq2k-*&s1WsO{2z^t50mB6K0Asl#8kLRvkR3*=);a3)}JR zP9kNunGB2p18~`FiFz7l%HcAG!^6{)t1rL&%Flh|lOw}>EjEW%OD!&5QmG-h9Ei5) zM00gDo6Vv-SfznM2X#jVh=qFEMx%Y(@q|v#z$OFc1pbd8Y1U{kTP?I)RjM+2^+pYX zgD4aA#xzAS`}XWDWOH?{y|J|jh>)RmU|;EY9P9?R?%MKFD2PNS_w3p8#V>yGmw)+} z@7#A_^(H#T?~6v~=jJ~6;Db|7KV!Doh#Ccc@zT{B-~!-%yY7ZDWhc3VmKJ-NeIfrPTPuYz_Wxy0X6yk>8GFOS;p)4g#y7J{@|sz-+XH@+IR2W z_k82)FL*-kV@HpVj*qRbuN^#e%={9!)DTxV$npCCI*YuxNu;gw4H6& zI(nMkzjrK^h*gU*v)*MyskWk)>a-eZmLXZMlOow-C)om&E49q#$l?9Ru3Y}GQ5Gd;XGL#7LPh>r|o zv>5G^H>Ou+r}pjJZwMVWTP$0t8{uG|#bgHLH+k)5O z8XFj9+rPZmz7DG}OfC=z2PH_ft=N?_005dCX}u zf>ZOm1H=6XUi;CjURVFtW?Zk+xy*)AHrcM#_l%8$rw7dJbcb-AW&UOiAhahic;=&@ zn%~&AvCRMZ;y>&g898|9#7=zYTocWR|_ zSHL@MAzR2(2L187?@a8pv-ud>MI*e20ag-?Mr)M%EMVgvifFaM!6Abs|;zj|eAHosEHq>}Y&4JHZ#I<27ro;vJKk;G9# zEUi}(S@={c1p}~HY`J_&?H{dHJ;441j)JmM7;=4meQ0n5oaoBR3P6YlAAIoW(c@f) znVOmcvp#w9Gz|6Xl}qqnNUEvRR@2Y``3(<7!C3&%JaX&~gWqj6TVjjzsuCa&$})I? zQaNBVFHYXvJ1}tm{P`!Icw(p8`rh}x#}Wpb?Z8T1zI?f*ToJjfR=~U0u3UZM$wvX$ zum)6Vn9XK}M@L~DU;O63AHVP6Y%zaxel8LTFna3zh4;LEPX`RGNF6ih7Xa;yyL*rZ985+1i zz}FDK*VcMn(QdYSyrE{ZU2AgLLWUDO?K+_<%6i;B7-g|gtCTqcYcwUf)$HP3(qu9h zid$Z<+2^-ztblKlA(pO{x4=*g1~Y^Vr^`^OC3R+|Tq%}H4l`>6v#3|{jYi9ZJ0~U{ zpM3f4LH|&KU0vPSMmNGH^60U{<#q#hpwH!YS{yIF`28<^;qSwtAuDTL%%swZ?MAK6 z=*fbBIud~)wo%C|JbFu~>i|(}Hd~cS6<9gA0ISu^ao|fu127s!+d^vK4W!enMK|EU z9f4Y)i|lGuJv)mGjl(LM4eW^%CxE`Z{ni_5vj?3PhDMa~0J1%NN6Z$At842vyCbNz z!=8_X!&0Np=;-6ek8`rjI_&S9{pv7M7qe;##iK`$it|gc)s(@m_l3L=tiS&JSK=G% zR-?Jh)c|<7e4ZXgXm#jF8?|tuH5Ri0b`GGIQlqA!$Y5V+eQkE~#^t4z`DZ`zsXLDy zd-d#Fun(1bS`vJmdRznJbbzOCwN~OO%AmXBxhS)) z3!g|_1NBeuD(R!r?roEDR*G6lt0s#WeHVwBVs&&R*q_g%%D|PSn{#v5Q^_rGJPw;# zXx33m6HodAUIU|_nO%tQ#4!y%?Dy1bTr8eyw>+<$~cr*%3G9z2*y=fHb`rJ|F_<>eD6?urZ{1wX6F2=fe(9qa%W9`)rA zI)0D)t<(;H)N9wS1%lzlmDOY>d!)h>nCx@A;wv}+fWyr@7dJO3gURLeQKWWpaj8d> zga*6kp1ZX8)KG9}X=VD(V_>vLZ_Z3Z1n8mUTwo?AUmES!&wlQ|z4+oc)>c-&`TW;6x8v#@!oE`PmQV|;Dw0zB%fJ1H_uhTq z6P81fKC9ifu(=c&j@38^4Vt-~k<7k<{$W)P)b;YN7sGqQ%7EMAyg~D3Wrxf?L~L)oM8s4%V7A8SC!Z zyEo*t6btoY1*zgwI<47mX$vh_q&<5_+HKg`=wuN-k#wuoIXE~xzm^b%9?BOhIrkp` z0z`NC(*FH>vKd~@y@%i~N{IQxO2D53XjYogWf)3pw_0fmC>mcXRUAI@(Z?qK@_&Bj zOaJ_>7r*=JH(vPWefK^1+0Xn^6YGqR?=c#z`CJLr3sUlX7tb8=P z3p`l_gbz`m+Y>ET8`dKfL24P^w2S1VGbNO7Dsfy5crnZvEP&td1-2_HlMDvhYPHQ~ zly}mvd;rB!V>(29_ywTb7Ly4fE2%6?D3L<#rS!l94^*o4`T6;+jrDRagSDFAW-$U_ zMy*mR_Io_0zJc?vzV?w*4}W;$GWe~%C+=EaS?u#g!BYZt4hDl@Pe+a&YjU+W-gpfb zY|rp$qt#3#w*f{4{NC8c28H(q`a|!(`RbFW?o*86AH3%tMV@6<||` zZy^~`)WitCRjL7trvf8MgW~vZr%*we2K0WYWY=SgY9ETou9iZ$7FGX(ElcPG zlq7IUNg`1apD>leqw5yA2OjIfJMUb*c5!=q1%QOvs6$>@>d69Lsux53L12{0g{^%P zeMUw6DeU%j@wU!vwAgJL5-FNHt+qtl^l;<+7o!JFB*1x z{CdC`rDCp>?{r&gPZh+3a80F>fSmx309!>7;Iu)w7sWQLgp%3Rgk3Ckg-oUZcvR1z zUQO4o-GJG9>Zzw7bbjxL-v{dfGo7BERt4u_epK11x8HbO64A-Y-FM&3HCnl1snO<( zh1~3oNhhm2d~l*ttu8Mu0MvQnu}8o4{J#J`4u_*xXQtqdzWdr6`$iA^%fCGLE1&*F z068#eBu!at))wECHMm4zo}mAox86=BVkp;65`i+04)<3|c_U5UdF049fACUtV7S$m z0I456dRL)P63VEfje7nFHULWlgNH$`uWeH_zPzxQFXirg;AH>c5ZFtt%DwykJHtam zC-1(iUX|bY@v9flUj)ElHJPX6o21%mRy_(;4?dAK!b=mRB+0wSM(C(P$*32k7P3DI zqX`E74jmf_DlkPgaU@Pq%7qUyVx>J&S3RFn1RNC&99?WHIWxKN>JPsI3!~Nc2ofP- z^qM#g!J88rg4`Jx=^q%vd>(H$o9(nZ#hvVOaa|PfmBo~fLKRoA0X#Ox!LgCpPTFAf zz*?%ZjHuuf0uslCBR(U5AFmgF23ullYZJ)+VqxXLp$Q22W(%U$Nb7-S^^DQw^zyw< zAmGyyx^|sch_Q9F8uvJJXhp8ufO}9k3O<@&mOAM;13>| z_~b8sYJF>KWqHBp({uH5H~<*c$C{iHreXA^o`$G2ODwCcw#p<4!My=i2z#05TQrR> zm{8fE(~d;mP*p((_59S5Z61CH%^TQ?MHRBs>-~N|Z~*W|y9btFqkf;4#IZu50AO@+ zVIHVGgi8zT$#P|WVG-5IfJLBGbOPW(A`zdQyE$~|NPKGx474xW|N85%!#nODx+h*P zoj!f)nMarf_hgMC9V*IQ zBAd;ZOZA>saM)QGDN6pJX@|v(itjY?cB~zsr43^H@kgFX^vpY@{9pau=U#vQ&&#j5 zT*1(#X58+)`{16ZI}HaRt>jaaAG~+2uYVMHtJouDlE{`aT&Ly>xcBVelg|}18FZ5G zcKgGj2!tsDC$m`~7IsBk6(|7@qf)N;TLXirx$XMe=IZJyx&kDS(sVFrP!4gaY${2S z=spjiYO{{+7c!}xP$)!eb+94l7FM49m0xYO`F2OtY7x8w^aY46;Pp`kr1!MEyaZ;g z!w8l&()BXD-Lua=J3c&q=FG!$b93-IdR7NPA2kTA0h-zixB@Wlr#|`dLOz36xFuQir)&3E;B;uKDN~Z-BffrlF zP}pm;Tes(842y*VED{N;lxvm7kI$ZG83SX*^+vmzu8-y-lQSAMk)hDi&G~#gZ893Q zgXr9#4ZhA`$z<};iIH=Ymliir8^a>lX>?n|I8D=Zx+0I zX=~4jqtWV>Dm#mbS*ye2iwp?3m@C)2q@KGtj~a|K4!(u!v_S1S*nw*E3DnduUxYmj zo>D{T^g1hJWiY&w*v@E4<6ytHR7%vuLVSDfwV%9NY3bGeaU3V9JOM!+h-Mhs#nCG) zt*%7-`d|&Cg8`uAKRo-Y(PkJA2G&;>QE!m(aXqcE8ubICdtdwR*Y*tf14F*YpZG+f z*e-7rzw>Wj`{Td;o8|S*Q}^Ec^yw#8XBUIf(89t>C=xZgt^yq}S)87M37*%}Iwx1> z#|Or)#bb~E>aUyazPXJQp|b!71)RDvH<<@)YG4En_WJpEj~qGj@|&+6ICRKpvu$OU zFMn{(BzG+uL#-#=dG{H-B@{Ok!H~!4vK&5gz~ivJ^zHB8cjBIEv9c52whx9$weM07 z@H8P3I4@JOa?eR19XJhjJB1!q!YQ)}*!0%L(r!Avdew=9fq1?npb}@)u13Bk2T3Rm z(A^dbe1GoE*FSvs{ceZXYN=|afelGV=YY6`LIIP}4nf=`pjE$deX1p)8e)wia0-yF zD<%Y?#Wf@i%UZ2ATY%Or!pa1-y+_*B; zY&MNiV=S>}EK7ASjCXlv=9(oAI z)5EdjCr-dqPt8p0SpEFs;(8)}-_wt+t*u!o#sQGLKSZM@irP>hJUBd*$|rkWS!dBT zt97se1Fn>C0%B~-O_&a~{*WdaRXkC-jwjS^@)V7_R^F=TR3f;l*MKRlMU*-wFnL0Q z(k5gT<{Avfo~sK{10wP4^i(>P2zq=Fr({ykcUskI9sWp^fV=bzM#k;2g(rsQ=H|g` z7YYFSvj*O@vAzb@o2#}o$|=E0dj(vt()+W0{l>-Ua1hwB(a-_gT3lQT1_Ous4y>%K z7!5W+F7HCHJquv=rdIpN&{fe-{EuHG;Q4LTj_g8@$srckSK z9Ra15&Rm(&;$4^B+bjqJgCh=?XZnK+KCd&K<^>6BwrB^=&MnW2T`8X4YITx4Z}a#Z z@YEdNs-nA14Ql{M(o{htY)A-#U}PxqK>1LwOMpkKDG*?+@pv3{I&8^+&T$I$fK;*v zC4d1y{J|Vy?Ulq+iz@yPF9m;FD;9)K8yM35y?cTI-|Wq4yVYFhs^g<$>vJ~&yp9bF zXj$Zg4;?zRu)dkx*z%e+jM-Y}P~xdfV2s&F=;6U@Cr_S?L?S<)nSrn1m|uPCb(hB} z@$&lm2K>3%YD&gqHisRl4%*$#<}}1!Knp-jhlU1kT)p=8+i#8z4MwBUS6+GLBR~K1 z14DygsqoJiUU=cxe(l#_=U@%KnJ>56u;}>m>dNuG2f96Zb0HQC`djt(_SPoKw6vP~ z`}XtEFdz#A-vIALYYYGZl^*FdI4U(q9b6_DrCM~a&L>P7{2Y8L!&tid zE>JpND53T&IJ&CoN*HTqQLCyR^1^2KU;2Rqoj9%w**qa=8;*R6-#P-P0P$rXZ zaUAKu0e6>c)s5H|e6{fHsmaL?-}}I0vR69N(Eg#7tvGDOch0?qy0^>ivuDpf{LpES z%?1GU?tAV;je2n$MkqD;fHypR&*0+x+}8FMU_rAxD_doam`1>FJ=qyS}vs$HkC7DhQ`a-83J=3DFnb}#n$uD1Rt@{17_3h zah^GI225>zeI3?#Yb&O7RYYS@6>ecaK;$YFii4vEQF0Jad$S#^Q|Z^;g}ugcP53#C zKN>}v&hT(xQm6|zW;8Lj2G83A;YL?e%9fn|Xtmj)^d=2ulnGXlwY)6S6s9$pthC-> z^+*`1K|p6@3}ZA~dql6(=GDpqwQ~@X*Hi9Y0BoqqG(dE`UX(bYp4bDoFdEIIMg}aD z$>-3NlG=7lB5+o%YX$1Ao{}nN-Gd(<4DCY=!Makb$w9n&_>nU!>uazK>0}b9u+Qh? zMPX!o?9kC;wMy0NcJrkgt|h@Q0Ho`*n-UPVUN@UbJ^l34OACwRgM;9(7Zw&CeE1Zg z$)%M=zbz1n^np8k>80lEz^qcWVs|;WH&@cREQKz7P^5-+%oj2}tOwYv##JB~ zBK2{gN&p%WuP1sa8w6#LYEY6WNj7SNQvNQ286lxN5l0PZ;5U1?s{5eg(cMB#HKSBX zDm3Io7)fk?qODh7ZE0|S61K#8Y}9+Md(>q&0MQUCXF zsNHI)jhW2`1REe?HCr6K)a4H^G`Je8*8vQM?fUMU=Xa6`gP!7=br?gTSWGXhw(1R> z#5{fvOc6lvomlLFM?YeuwF4ge$up1s@a$_1rP~;-B~z&sjBsdZ2#9GmlU4gZMxtRD z`Mv{(JRaZt+@IZf=iN^|^$gO+zjS41XZyeY`lr`dmSKSaLcsIB_uhMV+;ImCY-t67 zG)LGUiiA^ZTbr>hquB&zFLUk3pLqQG>`g#-CbOZ_5OEm~di|A3IiD(+WQLTnw$hJ| zQ1ow5&jyrYf)t?mt|AYPRPMT%a>ps)giH|({xdCQcPo&syDO5FVz;uD^+%Xir$P`8x7~};IoNpMgjkasd^2n$hSnN% zR-_QCRDeOCSBhj1@`I@Z52v1h?sfb85B2Ar{|6xPy|q1$0~l!Ijp>V%{2 zbrh8;`@CY`Kt=?$? z3k{4pHjtOj@@yTO9{Dj3UKX1XHLhrw|W=> zk>bLoYfnG@bHDM~-?e-Ev1DdpW#MaIMI~Zq&Yb$2zx=y>`}XamQh-O59>JQ2AAT72 z=gs-K?VUs<6oe-YMk4T}^H(RYT)(EZnA^Y`;X5j^mV@{U|905y zrOdX&=kT~3H?CZi&6<7s{R{)3Lf_$gfGe;b1>wx)_cYt3a-q`SHxlrA(uo|z-1tW7 z@R0+e)X3#Bdnbk>(a^%&W+qe6;Oyl~S5G~3UoM|q-&g_A?R47Te;;7QyP=V&OJ}p% z%;V$ZGm|%HT30Ej_-2A+DL@E)(SCpyl7xE1!#Gh-PNaSdI38*6fd@tX&kc+qbchO0 zQ~FT9WhYs%7+uYJ=hB5M;b6#P2FGRH#V?6DvS zOeT|?n|1J`0QeAikh|bV>(vVQB*6L*7Fv8e7TerOCBb9^j(#NV!SkczW3UiYQ!_^n z9PhNHo7>Cl3tRg~L-3A+0|SYzt>~d6WEbi29y@Xr+}`}m4A?Y`u&=KV25;5)V4Z8t z^1#4@7cQM2AKPazTh_O>;!{^oKmNoIfAYq$yY7AX)I+EOHkCU4;C%qSu3Wh?I5?Qe zX3w8L4@13j?HU;Cy^lV0{hbf``}<3kN_}}*>~;ZxtX`k_KmY6V8|&*M{lj2ovDM9F zEVXiTHQ)$n3_Y@5ssrfJ&|0J)E=w9xCtL6n5H1VGE!vuG&`C0n%`ogh|_ zJRW&VAXjZkuke5xN|Mr|>v)(rnB{OFg8cuh-<8W*vL|h=q+MtlKBwDj zcWQejkJC!qC${6Ma=8NdRuXj8l3d8Pj~{)&=A%}YH?&&)`bwc(1_EBSdz=*AGqb%? zz9zQYB*wIxb%!$mP`}Y>k~X`;5YeF;DPG{3#wEE7C z8&ePgBYl84j4Nw5(Yc$zm&(A3x&b9O8TQP9gZm-o)GKA!GuixhFw|#rhL)GNbD5ob zM-1=ZKe@CN@VFgFIhHze^5pf)m(nZCcRlp5&1QS^?Q?dA!|t#zEN&<|w8!SArod>x z`uUomktl=KxW2Xu3-=qJ`{UK+Yd5!&4x29(uQLqlrd2n{v5oot2L~(dVwtc0!aetj zys$C5;dXgBLt%J)07AsIt8;f8c>rS0*;mev4-eme*8u9s#jt=l*0(a@;c@RsWJf5b z%bR!Hcd*&$m~4iV_uc>P|9ENY+T!p1?&n^4@jt9CTmSw&;OIX0yPq2!9Y1{V(4C+8 zosd0Rh*vue%;5-`&0cUcc~JlpZ;!>Cjqy+c5KGxKSi2{-F@!`> z^K=c+X;RCWHEJcDdKJ5iM^%*=Rm5Js;;$&}2f%FrH`1YOapZte3xzf+Ey`DF2B2$Z z7P+pb*sNCxS#;T9u|)MZTvUH3$LMsWe4)mnVjz+4K)9Ws zzHBh+#`g4+RFtbXbGeu(^L^2=*iK?>Y^+qOPEJnxe5g}pt6hu5SBr(3+wDbJ@rC;A z{6eWx)M!!uf2%EE42BN*NnO6#DHIE(9;OF&Z8X5dR4dJBGz^ee5wb+N0U?_Mu#m}U zA#kowZP2~dsNg#gE z_uh6@cUOBiJ>Cx-2@oUz9zj`(q`0R$9ku(1BK8y^a~t|YtI#oGC9QaOij%0-21Nr} zQ6xavff+vojOm$a@4LFZcUhHLnOS+?%LH-T0Zg>1%F2B2_rBlvz4tSPV(#w!_b%VK z{K6ML{e>@nvESlKnVi#Pd3gWc=;#=R}(tyS%Ng!{$apcGm+z;%2V`Jm|nU_XJ zrgPa2{6Hd=Jau9*5O)*`xy6O!KX~Ow48zXO9JzD*w$ov`aQ;*#vwN_&kL%#Q-}=@+ zedQ}(Id<#>7V0lwd*dKic=E|7>#g?FPe1wY<;x%5zCJfSC3PFMQkk*aND`w=$s81} z+$UKzpn+zS)nws~J%g?zc6t0#A`Ln);(D_)s5y7dMm1upxvft!L$tz+U`XIbhq*(B z)tRi8z8YcGfjb9PiWG4?o&ax-(WI!nw@5w(-}mA*(4d+g@w7@y^T^i8;ge$!#e?gH<1peeS)2-;v)JWe)U~wS86TgFL}HBwi2%YN zzzf^$_9Kh)*RS14r!%Kco(C;DJj`xwYykEOg_0=oE#C&#jAcyfjBadL^rVlq zHd$B<;5opKKmOxCjwPa`TXMhO=`=@15>|)*{hJ@WefhG~A&0T`M(f1FLMEHRDy7M8 zBX#%whZIHDLq4Ak1bn#XWD-0962nxlHbsFHT6Q_DLZ7RYcwTH-`?e=8eM%+Dm0$ky zHQ)tB58iwKjq!;TDERH0H?d%zeCFx7nT4CTZjO$RwFUa-hxaO_VtQ})=9SBH6QeLt za4)yj%2+KfmSy@fiNY1dK0XzC&SWvljLTx+tww-cN94PT*jHo$^o!$cS{)I!?gOKp zh^l>TX)TWwul1K_74k(M&P9pPJ3Zv7~4IuojR(nH`3Z=S2 z?+XHFbGX%T!xl^j?~(_6EbjmC#%+(!Yqi_!;Eu9P(g+7~x==7H-9n)W!p3pCJ-#FG zVyDBA&M7vf)xzlz)1i$I_>H^7*X`5|!xL%4P!9-Y#6hlMx zCt?Q72PU;rY7-Qx<{b{-^Ur_2*{Wa~?k_zAeI+d%0PsK$zk1L*9g~FwTgjB*^4eI& z$Z@?|twAc?k>e;E{*=w+>$SEr(Dz8tD}F3MOJU4_rqQ?$m;`Kt_27aSNqD4WGFixG zB+`vl(2n$AtRH^(q0b+^c>es>+G@LABYmKGK3mA^2D01h#mh*?9Isam_O)?6QrrvX z7)TCl1=uu7rs2q)J9i$h9eP|2M%T{f_NJ%KeCc;TpLlindq4gcBc(5vig+z0%H39T zXM5f4@FLR#p%^ZB{PyCDEb2Le9e zw%#aHwAJAxZEpDvO}frX0>#5) zwZUBa(tw}{@A7yhsSCxRRypMcgFc+T$Ln{x-3m>)++H`SpwEZ{xl*h4+9s317Y&UH zVyoTE*hnxt94OiRQX5}e;Qm0!7LLq;L*Kah{$z3n7r=C?%_e1`-|IIeykL548jl9* zs?a)`!Z?^=8a+YWKisEv6mFnc$qyx>^=8LtVsiQFP<%9=h(p8e?rn~Zjqn2BXmzJ& z=MT3lc)MCS($;JmXq~c8z7AYYlDAnX6u1s4Tma6R$>gvMB9Sou)yO?~Jl=*e#LKia z+E1d|z{0fs|9Ck1*=L`7>y6j9i+TLMRw>pR^|6VR=Ep5It7eg;-9jV+w8NF*SXHYc z<;w6I`2BzQhkwxPJSR>iO*Vk3P;XS~t@`P6XAjDUP$qD=xb3}68aLeOcG|591~aT3=cI;Jx=I zC&y2mIFTA286Qnuy?Ra2(UDO2&g~E3j23gTUORc>*!KEr_VA$3wG#1YHl0qy zW0i7=B%eXisfnGWS-p`&g(@V3ksQW4cb**6t9{nB znoytY>f?L-*6Vk{`Kw33W|lGZc)@J3QsjunVs?>MN1aZK%J0=1&f6;KE>{^jgP0g-Huv-SH@HUu;G_6Tws~NcHrFf#JI+qWRi^|YVGDv zo;AhoYn@q5JW?z!qWaTCuk?XU^RE;0g>Bi}2E=OB%}JA`sfO zvQ#Tq_-;EA4me$wjqTO3xy7&jyWjiXxBf{o>U~~!esxvH=tKdmpR*d7mpo28fhII8rZVX<4k73tpFqvjaLh`}2FJ3nFj6R*%9V77t79&s3klo0N#NzB zrN`=S$leQ*V<$HWzYBsr6r)MbZH4+e(xw5?GS2U2e!?+>dK*gu4Z*A&2G$IXZ!iiZuvF5@jS%livcefy?cjfG zbFciWX_LibRW+}m*()AEO@V0hQbTR9PBxrjz|BV6XdwP5=pL#!Yh8{sYKM05_#GRY z%X|AefT*=}>Rj`VMUHUOHet!^B48bi?-Ziz(8*Bb{rdxQSKX12^88@_$#=GHD@ zhtqRI7L&VJNa5=^ zurLaP!m^6l!Ulp~k~YQA;-Jc!+~R;6jgM%qhU&{RvkQM(7|`zE-~gBk$Z^?i zT$l8GSE!G>th5>(n3tZS8>G8EDHQ{+qN8c7RkFPEgwg5^EPezFDpxCbvDIe7q+rov zq2e1YEE*00s{(4rX0;|pJUcrZGHqWxky?7Zw4K=-S(xc6lHF{an4PW^vT*lsE}N?> ziKD0Ryzjj84lad}92*-0@WX}r{Z2hYg#zCB*~xCNfBw>^H#YZowsJas-|u%1CE`2@ z($#NorNPhqz6e}km+yV~%U`y;++C4WPWbiT`pq}qeEY2r-u=tJ{L5Efc|~)}!C>gi zU;W)T-+Z$(=rWYf!IN?}eS=Y^t+Hh7kq&PP!&NvuzZ&c@Fq5PYg8=2m3l5(J7RW&Q z(t1j!2a?X9vwIwt9$gnCIqZ)@;+YLrtI1KyH1wjSru4>wVW-dCZCCv^=Y^TkL9g$1 zx{3@(OZ{}_pw*%b;IUSh-JWPP4kcQ*cbL%vCM1cEhyDB8t3jV5q}Cd#H5-*oqg-u0 z^USl5y6bB@rTn4GYIj=Pg>=nga!Flg3 z{@8G>o;f(&Hk%EkGR#n*Q5Vcc^FUYM+dpu+LKEXtl^QUwd63>ZdFE)d;`O*aCdFdW z8EahKtkXF>j*|e@4d?&uXi*x z%ov&st88uGb-6+t8;8$5I}euv*`wFF4Mx-K+`LY$Rx&c0f(Hj3ayXod(uGVp%oZ!v zhTZ0M*j?pPBOLMm{onoP=bn3RYvtaHFTS|Bxe4e^rBYaFw29}TM=9r{hnp|G^!bl& zJp}NZ^z?Lm`0?7RBVa368?|2l*r`;{F)UEp;I^2%kkG5PU^ZZEaC*S(-fTWNo&cIVZsFH)@zNlr` zQM6v*$*~U&994t8u{!l81Mpw%FhfH1^lE4+Ifo)Kc%-DgiLt4hqqN#au}doy+?mkt zSd471Ns<9Xt|xbT2E0{PI=ya{rgFIw-aj)#a*p@*b^r`hQxkjJkK65TBof3gM@L6V zb4Rn89L8*HyWBRX!|n38pL>2zl69q0dva=Y`SF!dFhYVpi)F8u0+m!KsZhv>rB1cd zh{uN2fHxmLKcCM)%LB>k_44S*SiMmm9v)d=BOS9PaS#c|46L=)hVp7utCe2AOR6$8 zyLwYh)# z%*k`-Pu#w9gC+Us*{}TW@18n$>E`W^3YGf%S8rUoc^5JWL+AH+Z(O+wgoYZu{=pR( ziJ7D?8A;DBl1wjv-tdY%U}@5KOA#fS!MAGDB+~gqPxA5xq}H;I8L&`4q`5goYC7?v z8W;r~!%8B_fh56*qNEH&QR>oqKIHUBuznI9$@aQE%1Fu?H8I{Y9rAlf8%Z^&R;N&` zP7fB3*>XBkIWw9*$bj9GhHR8jDmPp%Pp8v07ug~RLcAMK^ z=vqk-v>Qv-YH{Xrc{uHEw}s2v9i|RPn@L`)sV{Qd+Z%B1SR}bzW+)NSDRh%m?HVC% zGsnmAC$&ILxY;Bfc6N4l+N~~hTP|C4yS&$LT(#LPpw3v;(B`lSyclazOQP3K?TsF? zMH&djpx)}u-jO3mBuRm@jzmJ6JKI1I$YJnKe<%pS)b7F%+tX9YdaWZ51Smq>M!QpI z^sLq8dhqzM%jK`S7;?CS!9KSv zErUeyTsIO5^;#Xj*Ngk}1`d^#LW#FDi@B;J#BTid&P2Z!Sx z`|8SykzvEZ5ZCMO9~>kT38BYB4Kt+eu^RUYd+W73JuAoP%{o~DH6>(DZN@+X?ZM6@ zSuLMSgSYC{L`P1oSfFi`8cYtbC$J@f?Iign=?WzDuIFn1NpB1gR7IG9CoW&*z5>vhE*LL5M|B23I?BWPWF7 z-wD=HD7)R}LcZXfAPvAtQ9i3#XbNE1nOxTGvhYF&BpC7nN{DpgvsommFNu7w+Xk90 z9+~&~-TV8yK99HE?2ry2tR8D`XLoCHak1TQfmUKJBcV~;WVup2e*CDK5f7>@l}bgz zxz)<7q*=0h!UW_1mJmwn@)%5(dV_@X0bk)>s?%|G(lXu)ke^|*Ze5=;px+-;orA6w_Gmw6=&62=ElUnqN#DGe0@ifRM5%bc35=lKqxy$!Cfou2L+S!tMKx1@FtPZS| z(Lp8P-T1u@mi01kx3B-i0W4RZK z8K=`h=xnVvk}zR9?KY2&Hn9w;|7A;ANq99yTP=<@$AeS$gnq5j3Ws8?W-l7?srkWX zttb#aLd(FOo0({~>U_5~H#3RL7P2`Q*53XO9D1!*!RO-jK+}VReOjlGtx7fEUn}nj zw}7Dlf~uXzMA8vhtzy?xL({brW_*L^+Sxm#bu8BZ!9l)SZ3Kd0(p<06_~IA8s5P{J zY`=T=F1`ZPthox%9TGf&pb^78Vd)L7CN^e!0YXj=I% zfBQFo{^x&QYk+!mNr|1oAe%}1y}o+6U}E$T73a>J1&F@??t8!#+78%XamO|XmoK1r{kLkl;&HmL7(TkcQmS`>(7{+pZ96S%hf+omv%bK~qJv>tjV3q% z)<67j?l2>$$*hj)*;B`l>>OreZqL!UqBL-N~K0qY_-y+2Dw1o$qV3- z%F60vtuP5be<(g$D3k^=l^UJc+1~GR{oUQ&*}1W7Hq&YAFt6dbA9n6=0$f~>Ad#?j zdwU-^C-8kJ0I^ST9kJQS;G0A|WCejy2F+R(4>dnCYqwaBE*vphNcbFS3OW$MC~!@< zT|5GKf;`}Db~BcH<}f!tK9S3oNj_kdC?Oy*RxeDjMz$10ZI2ngdw6sL>a|#InoJI_ zH?Y04*Q(dt4(Ia2M<5BYaOBR-TR;}rlhta++87y)8;lGo;pPu}+>s*-ekjHFu3SxL zb5A|}OugF1Tw9D5q1Sgh92;v70at3&tdk;@Y@?V-Fcyq|sZi985hjd7I7p zH-G(Kk1n41#m`^I{TGd-maWU~5SpUowwDigpu7s4a_hzo{0AS^>2_gQjaIAPYhx&ulB8_NbiuoL<*R&EDRY+ zrO&WxJKBL>&3s~jYj&f7q(SyYtU_>efVR)=p$CLo>}+ihBx*R3Bt>8{^>kez4<9{9Z)5BVg*|!=-_tWRG#PF$9G-gk@Zs?A@L|57EnU()mm0*> zFTkY7Yj;-2X)*q1S;NA@;-iPl9M{|0+9Idwfxr__Jb__+@ZbS{1WSQx{NRJDu_1XV zF|xgVFP$zV5+lU(2!hpUx_R~5v17+3Q)5@JUiCPf5Ps0w%galEAE=XRwT1;hKIWq- z!}Q$zkAC!{YNhrE|Ni&?k3aj%iK)qR=Ps~%Jy>j|Sn_);w{F}tn2Z=_cyNQB0S(RM zb9jWraFU!O(ll^{5PF|)Zg%1B{d|M5@$WOH|Cdutcd z@tyB}_ka1HzZ&sJuaX*i!CXFb{N#z*`Gt+m-O<#H*z@jeZv%Q#$)We(f8Xn{I4vgd zD{Cn7gYUl*RO7j>UAuPS!UdRLHlGXmXBoTQC<^pIG%$+Z#F+FV(<-$aQlr3Eh@4Us zK_V!M@4*l7)ovHnmLSj;Mu>(!4=1WO8H_?lN({}mxK6HG#rp0x!NRKpNvLr(&?`zY zb(;NZgM%}&IjKUUXr#?|KYD1fnC9kVrD_GjBAE(+9Ew#PMz+>c_R_nh0_NTn36EB) zxn7Tl1%RrCLy`ThBBQs8LM!YZ+N%_bEn)Y~dmek(NeZV`OlEO&;6b+dw-Xg`r&YBYjyqjk;UWBoGG>o zSKfT<)Z(Jh5bj?8=)}T>_pe;#rF1lG)zh7qKKtn-3&+kLpFiAQ`?VLJ|Hps+>(uzL z!ASdJky@qRYjdfX!*5_VD%t7rk*%F=MnBj;*wX2-NWxZ|Ve`SV5ko&W3&;q1oNTXa z*6W>mw$jPAxcU#i_kRO%=Tbo|Y^TYz{NS<7<%Z*lsge1`$tUjKTVA@eJ2pNFhT7_v zC4)ZKsJ6HJj%eu3n>Utrcd!N~k4`0zj=%gHzZr~1e@*&&YH|u7{npOP@yR13i*uk; zvlvAHVxJ@ZZA7Ur7Wp zY4v1riC`|0Kyt&?6MPU6Jwv%{(8{C=7vYc?{=T3#R&01<(Mq`iHa(E_fq*yY_hM#% zNtZ5N!e0XcAJ=WcOL{#)w<}a@Wa~<=)9&%SESN~6_km*II=m#Cmp;5ZJ3i?TxDC_* z{>yB(b(+1U^_6}fFXr|SFfLsZW)}32=JlQS{rmTEhw-7P)8Pj5Bdf7P67VbaQm-dK z205HIkK3n4BMd6FLn~>WN)p?Fk+Eo;=Sk(Qd-v|S6V7C8_~HFEJXbosFH1d^0n-sM zbO1{X3nWgr+p#0*c;nW>{4wP2*Jh8Ha%(o=W%EyBLQsXO7UCY`bS41j2oDqoU%I|U4h4^tgWwuu{?X`(%izl z&0;mNhJ3LA2og<}&`_*F^)UOS=;_1+7#bKY{)MGVI(Iylc=OFSyFFMC+ZCE_zuD~2 zl`_1h5y2?_?(hCis|okcJMUaLcjWY$bFrbg!{ZT3JMW0!5O<%|tqo&n{Q}Zm-|Pg86|3X0it+ z6EiZFB3p5N{^F%G;9En92D~jq_r3e8^C#y+fhgZ?*z7uA$Ve-4rzlX0y<4q?jxFRf zS-p;eQ?Aw!6+RL8}xpmm|tFA2J6KT!9L*ZFdC}K4n{{u@#%0HU5-~2Jxud3U96O= z!^spmC1)9j%h}-Cqhl$!LR>TA4|)UshfAxaBFv8)o0ud;`4sB@!{x~6kjZE_n;g|j z#bI|<#qzc5AHbMieCaa^P33cGC`;1r%xV+5{d}eb6mZg!EAPL*u(()PcXn}Qe=q$q>u%|a^!;LSj21)5D1KMC9HKuWJO>UD;CyG8MrX?D~ zg!RAyYguxs7pqOa6 z=_x>q*8}7srMv(+kY6sR7s~zE+-#V3i??HSq9X_9TFc7^y=dt5+gMne!VZZ<2&f`ZbUXN>k z_ke5m&YnA+n41HC1ypbE?(QAz1FC0cW&o4*VtHlh(ZI;~qv0sf&h5fd@z|ZVZ5Jke zkF>Sm7>2dk?2C&>@tDnGNze9=9y|8Tr=K1kAL-JqdaE)qpOX8wM=Q%e|M}0q@r`fb z@$D|>2iLAX|H9{f_S5foNjbiro;4@-+_*1^y zfmhe-NaZt0q>N-!$L_S-dR(Uqu>)smHsd0_4o5S3S?ZD)JW60#+H5x3?DkY@BoOpA zTa~4y!tvue%vQ6(!SiI(2Z4}dpo41GjDS}3l*M7O80mw(T?jxt2Eag)l?V5$HnXYH z0QA)0UJ2z72G!yVq-?6iC+R_; zCWo9lb)wO%cRDgg9g;a3BOTYY`0FFI}?sZZ4SrL`ZVulJr-nR1e{3vucj+MzE}2X~fu+;C!y`jaKmFwO8&`k);~!tV`22|z zr~6{}>Id(LeI5wfX?35Sc{Y$7{^A#2K5}$%d3A;B^>F32<&~|CP35pwX*FVFBirfy z>4iBAHI|mzmtrxUPLGa`frs?_m0&RJa(NO7=So)|9ZCJpS5MYEHLlP7yWjs>p<33n z`f|D(iO0@gx(G=6*)M+n^2;x~yqrXc8q7?Lzh=`?Yc-IuslqO?LaecB>*$ z;AfFUa`dg&Uri(^2KSvo0M&kw!wIVzz@w>)}kBTq_uI zAEfsHOVNNo8KESOt5sWlfh6RU+_z)`&K;#`y%gTup; zMLkR+^=w@(EDS9EMw9F`ftlrmvbMLcRTu^cXoc&w?N!+8-H#qP>^??s-re1GI^7W6 z7*sg=bms8afAcrocE^n?S98U}cYpHVoOa8vz5K#Ye)LMQTz&4dpJQ!ylRI$x)wlBn z-S~Ja9*?I|V^dQzw{G3R=w12X+OfqW;Czpk;GJEd?CUG*q{wZx`sFWusY60?%TqJc z>zkX~n_Fj3oxbtfJFLr=m>y5(a~7Mm-E6sR_ORO*@Q0Qkuaf4PW*Zi>)nbR!PYexD zOw7ni-wEvJs>>T|DgESOzMxR_Xk-kc@TsSsdhp=E>GS7)_UbQyrk;SmCrZU?4ba?d zws>&>n}OZW%*^#=4jz-EbWlwSDTWI_3so&EI)xdiPFzbvCMmQen1UFq7YtSX(o&i} zasAo}iq&CfjD{|)V}ij*ganH?-DE#p;=1sz011VJN|68nallt=HKEHHKBl*%rX-AY zGBw)qJ%G&!v0kR>rwDd3*8CDpK#=u}Cwbs-cBz-O7JD1&OjZCvu z#TsW#ETo{_;ph8uB;dp~v2K&eB#5=P4+@uBtG3n1lF~pSVUYN}Tm1@#1JG+DBO{Q2 zSS_$okYl`lcW2XTxA!Gr3X_@`r$pHR9lg9fHlEC+ce~`+Ph44Dzx3(P7#T~e&4(jC zQg+6m8^yp15-eUv8$-ePg9i`4{q67AolL9MaXD?FU=XwY=+V-Yj$|%CUFD19oR(HA zoRKbJGCe#xVs$!-4xTkUko`Ej>vV2talYvhQV z)=8KlQgRH2MKQ7r4l0q5ORclLmMRa&4ZBrsRIS>j*ZR+XqT+E|UWW_n%I0*CQ`5d^ zph#s@vbSup)@p^m*mBxU7KfGWa>}&HWM+(Xjj!O&Y$_yc?Q*zI$7VF!T-LDPmnmi* zuGOu@W;~JN$xIW{3p1FXKLP~hyRtd#I@r&-y-J(w8`%Ia=qn}8Y}fh2Hk$3r4CVKE ztv18Z5FZNoTh)5l7fByv%x35K_|*05-CmiXQ@}av(vtOZC9`IvJ3QF6x@@%G zAc*q9;&IaRLm;(~0HW}WP)H`T5x|Bkld~M7ktElLgBS#0Eo=e<^61f{jrFaUUV3?Y zdV1->s#^1hMB{t?zHVOtJ$?GQPs5U?QsX13(T$bW03>$3^4e>^7#SP!`NLL=lhPT# z_x+zz<&DpL=Cc^udcAhApYeDClM}Q1`v-P=_B-GCjz8e=`)t908_(-ut)(C@!|`SLSQK0P@%BS_+8b$b2r3atMAosYyuXZDFFqS3gflDl1K zb`nW_?b?m$(HRWm`uaw&8*oR0lteq7A!%S@j3US@+~&!XC-Kx6jUz{n;6d~T#_4hA zGdXy+zFLjz!iB|+jjh-I^>v1Bd|cB3%lt>I-?@$Sy9o!Vp+X$KnmtdfCZAm zB1klG*R-rkeW^!+`bajT+7P={Z<6jd0}6U7kcb<7?qX?IBvH=>qXBx(uk$IDB1m9f zstB>53z`>xwq9=+^NmVdrW9}6ObfF3@a|(tpjhoXxjfanyWV&0a zr`_>afBYXFFF$(ct+!jf{^hsd`L&l{wppxet9MDSI$h_~@tJ5eIzK-Tn)}nA{!|bR z9>0HnX5{BTe^nV!i*vK?_;4T;dH8T;`{8zKG`h0-=+cGfyyo!J7e@~>d$v%!C~||F z*FY{mymf0YeE@%7s~f;W4vYKM{JrgTdOdykhkyE~PKVD%GXgJX)0yCS2!6rkaIP<} zyIuaUJHB*t+3ECU`WZXlDVIy5u_P$XK{i+A8akIbHZ#s>LdT+hX^|zQUntMl2eJll zAD@D%-dt_i_;Jxj`d1yowdzhE7jf2_*HhFd1))f5d-V&KB?4t2!N22A9*?&#i2Hko zERkM}(FBEL04|d^TMh5?Y({cwO((mu5O$=cQ#)s z0mL6aUcqfxtxk;fd+)#F^E(yF4%pA_=SyYYVRw7nj=Q(B9!Ipz>3Bsn>2=`8Bw9~V z>{h4EDo3LxzhA%;+iX@yL7*nr0UH)P?%>`&X}T8*MW7~u^tewbB)H&a)6pZ9bV)fo zl2$;z!uZY5Pz>LZ@cy2l)gAz@sCjd~`}avvT#P4-cx!X-`n5Z7b3;Q(wF8bDP=sg4 zipBRppm@w8^-1m79;{%*1_SEm&6|~4 zY{zFw^~SJ#%oI(%Nz6qA&?Xg71|^f$lxP0+T7>z z#{c)P{q~WQC;!jC{HxKq`3Ea&t#%LO>csKmT(czigv3y?(;-1~CX;1yb_T0m3nRc!CkU{q%}_gMv|VkqCfsWzxtq-K=*UzH-GK5heU z_(WHcV|t1<=ov{Nug5nQqp2>-cuh)kgg3iUg8cYV5 zPFJ=JWJ=q&f{k{&9fu8(Ocqr^(^#kY|htpcAmGjlcXMm9yG<<`9Z{50;NW@`MSmYo8 zHk$?Vu2?J^jHD)6r84AnS?)jhkQ9AjEwBbs4%c9)kw|+d3`pw+W;F6%uiNeP?CoYj z!9gAXy&!2dQYXxI?#vVG>*-g%|C3t1bMc8Mj4Txm!T7Ro+}`@n-}tL&YPiey?%%(^ zv$HcXlDc-~Dx~MITE%X3c%;*6m5Zfry8}DM2WdreV53^E3oZYI)mbT})8$CJht;h$ zgVl&-6G;ZFb|-7FU%hfG9FA8TRfQUm^EJJmZ$ULix&rTTIiY~}_V-`;-uFQ_f9>U8 z4<{1isWI>e2s?+_9&q_=Ks3g*mMaYf<9I;UY$}#39g$48*yaX&-{$9DGt7k5nX6n>AVt`cKN`X}NVD*Mu4rOl4 zaM~>7JU4AKm~5nvmOdIBz|sZr|{ za&-tkZI0D+!oke!l+nbfuBMBJip7R>Gy{|}7)Z5IumX4v5*3g=jK>pd#GPqtYXh*# zvd)Q#iE8zzMiXuZ?x6lf_n6pq9qbH``1xsuoG3r9m9k8^MD zz`&Yv`6AG*-fA8_as2N6duwZJKvwvWO11j@v(E)hti@r!^8VGx$Z#k=1i$BXd;aaG zKN<1|LN0$S7~R<0Q5fBRE@OreRes68x@^jA)iIVz}UYb$YFbiQH=Ta0T!MpU39+xrkBIGK>;Sa3~hLcKc>H z9%n3;`;Q(k96Qb!*rkp1Qg^4*p`Lv%GBO%#wQE`wCd>NFHap+t%|_k!&U!MLs5ROH z#Sjig$)cirLSF=@7pX?R^AZKP~FcS58 z8CnX$HXKM|Oo(Huw@8yhs~wQJu&_|6=GvX6POV2rsS&vOd={@C9-f(+8e3j@01vC~ zZRJR(!$7dzCN;CnW)cK3Q2G#FtyWW##1~~i8@Sz$W~;79VlWzc#JV|zues140wGWyE7S!>+wJg3tMc~8)r_P0w0Zq zBaa_HhWfx#(HaurN7(Do&=AmcbA4T>p3X2V8y^}vcIu?nWiJ$SJTF4vj!ljAAVL($ zZZ&4|xm0TG#OYHes|6RqGQ(m9dnpx){$NPzwk0axPm1sgA}%2YWTR=}36k>4J(kmWpMNV>9_8b(8CLE)ej6ax5)9u-Z(l zfzm2m5CWiPX=-%_!1=npTBA`jTZ~xIm5KsZ1HCLuWLbhp08pQN>eAxkVj=&g78FMs zps{3I02g$TTo=V3@CJkaYOw?-Q?1wWS-jA$)l135D4-ynI{^59^C?01O8g_{fogAMydh{rWlNNmkbA^kao1Mg;@OW4=upvUt z?RFRdIX}}=28$^*HmX1)Fvh)f2E1@?;u!QcAg|dzbh>T+ppO@T`sPf2Z)JVW>vAVU zAoMwY$*@WF-i=c7Z3MzamOoST^iZS6_??)o~k zrp{)qw_7@rdCL;w!Hebn4BHiPtBh8V@e?!EYG|otaoA64JN~NHIC1e>+_6?cSlbc& zxF4=MXLuPNReOPE-z0IFM6gR*8Zil_BFC=cKp{yfG_BSy9gtQK%0Q)H9xdE*NrMzh009sZ#922;3g~KnRM0Nb3hqhpXLb zkW+YFV!6Ve^7*2Ao=h_4FbMfV7NibN z3EyM6K6>=1*{pWB7MLR0y3gf6eB14w-R7`Z&3k)WZjU38j5eDjD+{ZIr5KWL&2u`v zJ~3Q!noA=ONhPQb|2ymf@PMa-kS-2TmP7H+6je|NYiKzV_N{U~)sTI551| z;d+gBI-Q1-#f^nj8*(}vd)qr&XJM_PK5kE|WrD}Svqb$tcsHllJ2g8c(K-=U+TlV` zmogwx-oSM{qT55>IGh|c8m&Ih*w)q-V>BFQGOc=Jaee{71lJs$7&F(a28V6bF%d|_ zlCkL4>iWHh_k|`YxHLIAH8whY`N})M*Ji76@#Lv&t=JKIW&>+50>%;jrMyjr=FOvJkYjF9X7jF?XOJ0voDf9 zPlVTkdr&4&IXy|yP@{@Up`g|6_SdW3Rts_jl9_~@N|F$YhGEQF2!YE*?gRt%g4r=L1?_rs5>9YzrBqSTt134}sHkWs8Wzu&)gxSNRhW+#WPzkg$X zZo*);>U3r^N~D34~b271u>)Laupv3DjbWE0c^EelT*X6(b3V==H_;%eSjea zD7svp<;U0IKgTDAZ``0x1mBbUG6^2)aa~Xd;5r25{@&j3Py#M{ zfi#C$x49gdLKYJ`IXAPvwbkdOW~aTqy8}k_uRrIM{qF$uqJwPBzO3yXKI|Jz3HFcyhY1F75TFh*0m z)o?kS^**IH*b9|%wbH;6a5^Kn)We6%_P7fgkFOM`lkua|!^q(JdC|}(61O?gAYj@gmg9-TK?_R#!>oR?@ZL#uRlhMMG$b81EZ*=)iVb^Un zWiz`C6L;y-r8nRBXlTeM>xFu29gE?mr(fzad)5Ay(WSe3<4SU9Xe2&rWz1X4D>^&d zl7xWWwY78m!r4%Ayli(+nfy4`MzyA9C{6Z`g z1ScUWn(bz4SU0!ekH`FsZoFCs`Ab%6O`Fr;_EXhL8hS-fo43~UEbFC}{^rJkA~7bj zyH+osI6iav@_SOR`{@3y^!DSg{%^nk;NE?`(Xh3*JDwcL7E1kYE;TaR?^K6lr{|`o z?%e+9t+(C|`8_qh{x^U9jmInbBlB^K#rN&+ejB3U$a&Mu`Lj8pQ=*C%#w}CkR=w+T z(CvEG?FbgL?Pjlf<<`w-o_$U)^z{bg&9~o4rw?s*dvI*x@#>nMq9HSK2ZtBVp6iv! zMt7li2!K2?J#RATx3<^ECMPX^_o;Jdv#n~OUIAePIX=C35{hafH5rU26*H5vAd0jeVOu>kp2L&@ceCX*Gk z6>tlLhQHq1OXK3Q(2oucDI!UK?e$3%+&~!^Y0}AlZ)zyc(o6T3?p=NVgW<8^&ph{Bv$N0D z2HEXlo+&0AMQ5h;} z)2wz3BaLHNqR(|QO_B2`8Rka<(-bw=IT9Uu^mtY14=fglCxsvIX0uUkR4{@o;O1;r zJ0w=E*3{`Km&;MhR%B9Bn&L>xp4{Up4+Of+<~9p(0}L&-U}Xv`4s^|4pT{6kX0BaO z6j70RNIt98JTfv2Eqw3xZjGex2=So^R)}85DpcR$Vu$=gkj4;dhv_U$>HC5-GMsWb zJwm%1DeU?>?Tr)vXI_?;;AQhb~g^Q`!=Ub($U3IM$eEAlzyYz zkGu#GKh|W?Co7QXiAl1mJhtqD0#rK7&ytEo^iRBSSXu zfCDBnEMR-Q$!xOOEUg+hIhDeE-@kt!pgTJ|3-4^V^&Z{4wY$CJak*llNUPCw*~zXp z$8(_w)>{TMl}e36r=@pEj@RA0_Wy3Ifd@2ks34RX*8;&RN*M67xfZwj zU`P`BHm9@I?V4GGK}SElcehq4c|Go+*GCPKj22}_Sfi@OA^Y_PRzpqAKtG9c(qix| zdW*Un^>HULg>*|Mb;>Me(?BM@HuNM6N*2`)m0<3v@oCT9r5@KLnSDAMV2fqY;@U=N zH%cj&Dh0WS8M0VNbEa(Wz{0=|NowDKW)wYZv4Kfix?E=I{s7rwplDVtRouwuijd)Mrz;v6+TPhPSZRxmb$cytUkvLNpV;dO ztyZVq=EldJKzbOcnK4LeNmBR|2wP6zJAMAr(bLjEUfWm?2i)mHU8gs=0aRIf9I*L- zosb$mzE!K!iDU#mvBM=mtSgmzu~4RHDH;nJjC8GD1OS8igd$OoJ8+QB6WwWX!FN@w z^~uy!K3Ae>_!AdJTN=#@z#ebxwaEqx;A(So-R<^*M=n3!09LJU?Rwqra4-Z4QOxJb zG&kz_(cy4b(>aXWrAtqOjEcQ3{F1!wpW7R# z)tfM$aMTCj8J`>*035n}AP~BC<9aw6Ti@8K*PFlnJ74-QfAzP2^hba6xzB$FKz8-k zhqpiakQ0Q&SgM#V)@vQ9%Yk zQavf8_i;NLwWG}^&BN8^OFBveV8Xa1fiw#ofVsk22b7wI51CHs@q^;=guK4sdbw;e zaXN-2J)dZ$ClH9j^#R{@yVYVbsq{G0o!D2C5Z5Rr&d%v-<1sCb@hTzI^Bg7vldbnenZUeFo4)$<;3@GMU z&7dGX>meQVJWtYotyWXVw7Y*G$Pfn%$>KQJH`~k>Gqb<90Utg!5!+nflm*J*Wq2N9 zIS59xySwl627Es6*48GN3F!dQ@0%?wu2!w(d4W^YU|JrZ-|aF$M_X+Us~Y+UtRfYb zrM_OT(7FM`=+z_&KA)?F1Ef|NMax?1CaGXxHj91W)6m%1n9$?3Moq-yDT6>XEC{WU zkx?u*kK4Diy=OLC+fXHq_K$w}3ZCMtU;E0f4{!Z{T)hX7B-eQ+n3blgvb^`zRqcD) zjOp>184N&Jf+Qe{1SCo)QrcbZ?P~9&6W3{_h`Za>!n&byPzt=OQ zERlHn!o?@Az5gZ{_(}JuKjaUD1C9CsoXi_Q_1}0hr zUyU-DF%;`-9x-c=!=A`PBzkxR4+Pz)uwwx;hpL$9D$ffjc~k(y&VxxuvB@NX8Rbe* z3DTh!49At#)egfsX{*_$1fZVW*WtpTH&as+@W)%*nC9-mIqWfAt3`>Y{M8&2iFv`P`ur{&cLBz&RvV&#oja4Y+gu<$ z2m5XC+yD?6sRM-F;SA#h+K82g)PU!}ZVDnQd&`R&Ck$wg1%Uu*OU4u6p#|(2Sfs2@Gp_0}Mwf-`XaaP2h_r0eol%QuI-Fn}D(&dCmr+ z4xX2?s|3|yTC`#b`#oT`X}_m0sZ0-Wo&XlY>+-rCej6rp{lQ2!;Bwn=LbBUv;B}gc zWkym1p#|~>P8K}T>Fnulx6O10fuJ`M_4fP3=H^y^;Dj+EEu_@!XuQ>Qfqoy9i<$ID zDv_8On=rGAkDpyE6!$aZ>A|qe_n86Hr*J#VuzJ*Ox48#>sb?2lF0ZZ)L;+x`RT^@} z#+*eE1)W2?ByLv#u5)DC2Se@mcw9o|TCFHa%wlvs<=vhbO~W7d6-BpMfh5>%6iPG9 zWHOpAgAkyA0o)E(1+}q~oz7%BJvK3M_wHTLc0iGL?=DfO6Pg>~L9K$i zjU^(<*%?%S3Klb+jDL9TN;n$&`mg+QS0nZ}EB;UzrpwIex7uynd%L<3X>j?;r(2z_ zs-tGuFvj2i{r~f?U;lwKlk8r1db`yWVz2!jL|dh6CL0R8n^Cm2f= z3#G1=AvAREjjMWL?*IrEh2c`4ugfU-!7Q8xmohSQFhE~vuMg&be|3%ErAi@x>f}No z61Li{KYrr_(&R?wfhXD!#fZZK&8BFYA5|u+_xZUllE@BIpk6;-4aCt-3FkgTM73(r6g0s_Y4+a>l(1VA| zp`c9~BJ&>##=xKgkC~d9$`=qP)pRV8jF|BWy?$3#1l8h_jS}VPyp7{P>0v^>v@?=Q z?BurWZaR^O4;Xl+;e`uN9_*JkY6rVJIdHGLJ9&z-Wiq38?%XpkclVP!$$0$fOP6n6zj^AJW9f7}7Kpt6 z?t1`*+nd`K%nEkl-sVGKd!S}8q}|?f1SK@a^4ei&>Bya0y1wY6nd zrdfe|JX-$hSAQ-P4&uN~K+<@X?>G7;Lju)wI;>8kqMm9&mKBvNGwR^tsIeJ_{P&;< z3Wv7nHMz%&U@R>*XCUUma0_Leq=CdrLlHPV*j5e9go`5`-l>_fQf`m$2#H`^llx+; z1J=A)KLCn->4|gbyrkY*zLSeboS}Ivp3IcX-Fm4u5{nI_!OCVnp7I?(GA!-~SMRUe zyx5s%MvEnJ@1XM33k$bCToE`JbKw4s-BYK=gKlfHx+jXAkOw<4Kee;H=SX_;2e*B0 zMG>t`vtHU~;t6Uzot?~1SIP~M*KHSVq^GKp<4EpzOb? zshOQ^lp=Ea^vQeo?)Ul~+7_6Zo%98L`}xAy%=D=zpL+l5wX>glzBL@)yZ-S=CcVA( z;KJE+a-Zup+ARy&Y&I5;AAk60nfAB@NmUG@@ROguUu!By7v>2t&4Y&Bma!9ouzOh9 z+pL9Rv2X<7BWP4Cl~xJM{jIg*$B);y?;JmV`ggwh8&}_b%k80$ElhYE(y4`btx`X8 z@>H!>d+PaT+s)?W)ad(f{RHg&7he86z(^yYyF50TJ#~6UV8SRfARt+~#J54&T;S~1i zkL5Ezrin&{!i*zLc*kx>X-l}#Zh1I#il`^HhKiONVS5fY?Q#3!@dT)Qvs^-Mj=(`Q zTTBVK{KQ1I*XM@dz7!?`ttG~O^yM9p#3$|N0?=~;qKjT zbI|8Og8;lL3_mgg{>Qq8G7$p)V6)#n zd2&o1Dxx3>0=K)j36C>7H`(oQAXv=?(`VE`(ADmC%N5D*cjk6-XU?9lHCqbUVg+k8 zs~(qqV{7O9F(BZZK&8L%g^~63bpS2EX90$$l9`Q-jYv2Ks8P{ySUg!nT_pgPA@78t z9PYz#v%#Qev%1nLKdOCuhQ$WiYjkxtoeeG)2B}ZI|SSF?6c4Q?VtbY z)0duvI|2&)(krikrR?&(h4cwKO+;eR)vXNxe|vj-6Jz7Q_)A}_*6X)!t=zeN3t)u_ zi<`}6r`epDnK5XwZuZbwSy>sMm~1r~Km5TPeupKN9uEbhnbGlhBzpA3;{BV~qrouX z`P}XvEZhe-J^@h%vzjOEIK;)f48)**FJYF{=?#zRDlA;f*i61r!Gx!c}GJ3F} zil$LEWOTuM;sj;4Ie_2~1{A80jo<+iZWPfc3O;`@oyv3?4MbI(gsf_V9_DgjK938C zGgxjF8wR63T^GI1Ah1^ewJsNOK^8*k(-b&`9*f})$&^d@vDx}C^6l+ykJlmasE#;6 zVHQGU*yh-HMj8%mR-9vvic}f_PQ=(iv%+BNwJvZbm(vUA4VJCbVKjZ{aOn=&Gk@gx z_3Iyk#)0`~x(!&ZSS-RaHfzAC3@J_3;|XuQU1~Jjku(iphIYUL3vRbJ9C8Z-jWEO0^gW`0Nf#yD@+n7bVf@L`986VHk}@yIpoXo$)waFxM9^UTiU) ze7U%A`lQ|G+1Xg39BAth#Ko*T{-u|`xb*P;$&*k1;QOyXT)GE(0y7D=oa=Vd>2$w` zjz&@BgOz%)y!`cVe8cJSHe0Pbw{Otyh|^oYaQTwk>1r`tt;LRyPd2*;`@8%0`FSu% z)6>({R^#a6iTe*8U`-_+i)TixojA(ea=W~MJwV$5JtNsb&F2a5@{%HZ-5xN*>E!In z{fGJx?{PfJH&ll!t4kQEID8(`6iQP@59`~boq7CcaiZo%sQJFdc=NN7rY5^Gf}d2g zbto87K%MAZK$bgQ9>?kdw|{(UvQa5F>jfa}0BlDyZdfg*(*|Pebd$l5L)B%5?IvTB zs)o`|C>ssJglQ^;qY_aFmC4pdqvd2Ihsy)E1Kt3_=W;nn5~WH@a$mQA5ma1m6td~_ z#X_OL?%sC3P{9dXJRVliu?+)KMLVnxhYKVFmc;FGqUcGL3;4o70$Yvt$y3K*NFdOP z3L-8zXfLi)C>l%CNm_P!F}EM6l8{V>0X-LssC<1Q9=20B+vBonACQKzu~8t@z|+UZ zVxwc}O0@vo6eb4{B#JeuR(JOcQ`57s62(F}6hNo{AZ+G54^b;&RmT*H^s>wVsHZNX zOdQfy+{La$#ZN>eUZPRl9!mTE0|-S^eJkzklt<^`}1f zba{1I81(F&Hki^>Dy156z$=d)DdOBOS&bfA3V798z0zql z1{^z-q;scEMWZn*ZQnh}{n|hKdbL#h5C8Vxr^De=xuFl0ewTf)w3J9CxqfeSV!YmM zA5==C;gH`SFxny6(IEmVs;rZwL|Um&Zrv=`tEvT?w9f1u>|=6uxs)4u&lhaYr-m1Po%UY~8Zo2bH!BG?_S4$}rg zR%tLmyU>XjuA*SjLEmbW@^iasLi2&y6NKKu!9lf3jgF5`On8^?Za5q$RUgcuri(NU zL$dUGieO>qj~**ls?~Zc8Vi#)2iM_s3pqDG1waDiwOpzsQ!$thx7z{hVI!z!t*XjW zG#osX`dwAFolPd2 z4Rk(Pt(L*S1DOTh0}OqBe%59UKUjW5k+w{B9GoD?H(|Ab%L83Roh>8*F;Y?=4p9Sk z5M~0SYBd;PlwsT8D?{N}rBbw7gYkIa)*Wzy0=SEKYJ7QR11v%;nrICeAfrc*AIpx7 zPE^a_=!d|dtyDY-^d>$&ISF`!?RMc(fAj5c1N?Zne$WC0!!QBApJ_GBMo?(o?bx8+ z2eRK`x}l)|y|;c^ELZHm^;;*-J$ZNOj?-ZSHtllS`&{?r^Do$Nt4v${^;)r33CClA zG%zd4%Mx4)B~$cx0CnK3;NtM$NSZLBfqI?{Bw41NsCMyCl%{5;{XQSt>{FzpR4ax< zXoCVQEATCthn<}~Ng4H<9v?LsLCt2eJfS_#05Qc>{ZvL#H((<{lpt{QZ2~vHFN&CX zGz!-Prw=gS$d|B7y2EboIo)1VbY##k2SHo zIGk3m+YY!0a4Ja>;92Z;m(3;_HAbxf=|KfrRRnH;IX0`Pp$rTU#v`ESZZyO69kgw4 z4`40t^0;MH;d%nl5||mV5I*l95OM~CS(f1hepo8i;PPPM8mKtGV7KAjcB|EFs>%>V zO$TMiQBDESdEE|tW1wInf!jMRB^n-pge9Vpo44*tA|DO10rI$?2pz0F!ZnNCHH%oX}Je4zwiRh>`KRJU)k`2kX645NEQHF4JgXom4u8I*<8-^;#>H93M#ATYH;BNr}ee zdwctRUiEk*C}5VVW0pW9G7b9LYIW`{-Szog+0nEtaaKQoA4eg#3$%L3D;xPOSSp9l z686SR`wa|J`~lDQL9dXnQFy3UuLpyE9@M}=gaST!D7alT4t7u%dwnUD@&m4@RH{sO zFp?f;8PvuGwW{~}VQl~sQ0RNNi!sVxwZo1XxF)Tn`>R(1an4a^z6c!$Z?%mJ3HJYO~S~ z2RG=OO?csP^7;J3`wx=IRDZyrz5Gb5T&fbdbtvg>uLJlQ`QIhbnQ0-2u`5H6d<+E} zKaPM#h4E2pGf3-Wb8F@^8K+Nx5R4cU{BfEnO4M|rSP)L?+9-RkgW`8U-J|iO+vDkU z1|AwbOAmasaT1djgetH!j*~4o*mZRD3NTC%MA~MDu`unf*5e&USK@McAmvKA9CqU5 zVscE%L{2_)A8ozOeg)4{pPdU~K>*J7~{HdSY|^V0M0D`N8Je z`bs)Ek%*@P{xA?4j_Y}SbSxeKI9RRJ&!4{lqk8aQJsi^P#2}JFbxm-ly z{iJhaV?!De{!k3CCgpN`^_PAzw|{W$qYvTNdbx7@#wWcl^USj^7Yc=DyEQd6wXwFw zb(usg4#IKg&YgHHN?R#&hXlkC5C}MH8Ay!Z2OG+&IxoJKaH+1v|^w9y|Gm9sr@b^$a5 zrtZj*BM2y>ejY}x20&7hI5jmHkHl9Vu8@QsjA$?rEs(n;MFMT6jXGhdR2Txb1nSQu zTNG5y0aGc$s*{Q2>f%sHqkev!l2j0u_PKQFs+9>TPUD0T)5r$T;p8df0Z? zO?!GnrcfxRMyD^oVEgWOz9U+Cp+q3Jp9hc-PbDX_5g_Rx=@W5}(}{sFEgYM4kS;~T zdZH{_@pvc;qwq1{QJq$Tn3|BrM!+ur{W)oj$uHXKX%U0tP)3!=x7_Pc_Pk(qq{;JuxX zz=PR!AsGvF+ts^wZYD>@Uik7WPM2@_(Q2)-jfee2!BfsxdkrO>839mH659{AmO_E> z!rZZlF9OTAFn#1N|Lm{g;Jl8d!8*MC)3=XI&tl*rajI4CoI86~!<{_=i^MXTj)Q+& zm_Je}<=9Sxv=2uz(NnXh-~GvZjY`!+gTQqvrTaEVkTkf-rPW?pUp`AEZ={e zH}aY65%UL>#=L?__RS+Dgu#up1T!59Gg^ql48mgUt?t_G1gNaqVo;CNy?vlQpsjv?y)hHjm~lC?9_}(bU1CJW7(~ZoYe+CK?BgKsRYXi z6i$XiJ~4xG${2=)FEeaY5PQ5p2ZA278%0~;O)&hW;%>9i#c9+RtJh ze^wtxqe1Yeb92)$CxA5_c5k)XgazpL8J1?XiYJ7a-%Ed2y$?c>wne_I?I!H+FpkSlWk^RwQ(;vKjRccGP zMJH{fhA9BZ>`uyS@sMU7h*^HjtTAS8;}iJL_U+A6`^USdq#?~F<^Ocs->d;)%JE^Q zp7~cUqg$|K#GRNT4oC&2QtD-zjanoewNX}|+a-xuX2h3FM0+kI+`d4F;d=gnztv$- zBAY14Jisi}Bb4WPBXNoV#%|=eNig<&fpa)8(}b(4MHKXIkBLNVPLCU>@S%#ex*cf< z5FWV|RKZ5!%~*|OB5htU;0pn0+u80JohNme5Ww$#zjq=S1+TZW$C>F$3?qfc9I=@7 zV7~wcFB(gV5@#Mj3nB~b)o%BJK&vVWt5cP}StA2(K@dKYutp+LBM*l_m8nGzv%p|H z=H@7-7FbfCcFQ9_|CSN!hpa34BTrMS&s0j#| zk>c*=y&E5bni+{JsTZEQ2;SUn#jpM2PusAsuq1kL4 z?C(Z`fqJD1V!$!5zQIH?T|21ktZs})v$045pn=tGo0yv^)hcYcMVbO?xM|#sEihA) zNn>)&<9HMKni6(sSust0yfgLb9_nGDvuga9VN+&ytgfhL{FG@;Q4Ipe`Kup%aF8#% z99EWP2@+#FO-<&3W};j(38)k@9q_mCDcA2!jz;qNQnQHxZ8wS?M?jW5ZvTMqqFo3A z1G=VTC`p`U`d+VJ8mje12W+~-<@N<>8FfFwjkd&SCm-Zh)npTVqq@T`ze=K~Lv{Zs zitlqM`L(q*c{n_M>S(cuPRqL8zSCs~Brgau>X_}cd%Yf@8VuWq zn=UM*_xJaG-T>Tje0&@Xb~F-%dreG?@8=GjF30NX3h)e|@E&&U8@bJ9ab>O?KZ;Aw8KNw z4oOtEHg{Inx8iH4E=y<7y?gU^qg-t@oA5t8(NBN+(_E>T@VWgizsKPgc>dn~doFL_ zpW7^#HaPmNfIB0X)=dO}Ezr zN=ezQAeW#=;Gk^+>Q`>1Y)*#5e%0Pt+bUH16 zC)JQr&@thpBWqJuGXM)<7wBHmjplXr|JMF3SR9 zb9?Nx1B|!gbOltcgj%BvhjyBl6^$URV9kv(K{9;JijyE%jd}}h7UNjgN0eA~6EjZ+yHwJD&u-?hhD;%VDR3f>0uHnja`E2mcLBq*N>x zVdS+cmrgsjwzl9kPD;3{FWvuSd}11ea$(_UrPczepb4<+ii&z;^@AZVJQ2zpvAF{N zxTeaLavR6N&+s7sx;8`!QQa1RIY0$0*K)d0^f|1O$L&)jjpcf^dIRKYY`qN8f;c-dX?FwxgWbIO@klxe z`1s(UFfuZttN705*5%7jgX#|?3BG^n(&f#KZJX8k+Sh*B>9CdRQ${FjW7vz!P%r*w0#jn=)!LAzk~~;r*fOH}jYQlNrIFeX~4-NtMit%P8^! zRT%)73(^UK(q(#)SRx)vcbY|`p_B+%SQPpu&xpp8Y_D%dxS2`)FfN-N^-p&>eQVxzD=};%lZ~}nOb@l8ci0?MpGP$sz|I3@VHw^$mxCes{2o-| zD-wY>5ngmqW*RrBuNi}EWKR1El|2AK@Qkro0^X_DTSgR!&JFtM6d8@CjbiPXD5#y* z01%5m7;*CK6EH=! zMx)+ldcqLUO{WJ!Ptc-M*DRz(kp@FuQWMDt@FKV==(8^n0idiZxB_4vLz}X&1ifAd z7T)dlf}!uU+Td+49P_!{9K!~DK2=6t-z8ZF6S%Rp4J7ZS7hiO^oB#ms-M;m?ix*#b z;f3$NeP!vvC-p}8m6u<_F>NTyiFk&#TVajaZl~600tN#z05fB?+Jhm-{Pft)=9(Z6 z!F8Z2A-u(Hb@r4&qgEnKp){jNO{IBU8wb-r3jhu!Qa7sNW1sQ(hmgROQIIgF;kV4x zdw30oQxGK!ra5T4s>nwCo(3=($K>&;$=i)QXc$PZEObR4prp4{VqKm=t=5`3GDX>F zQ5-g!%?sxyS+@7^K{Xly9*w#(QzX5&R|fn)M9F;wh?k`DwR$<789M-i>DR)cC}~ye z^)gH-O~Yb(`#ql2WSgCUaRPz_9|Y`J6lxMu5Cyf;!Z4JDGc^H%$acG9W7$kLoja(2 z3ayc0v@AVnG&9iv&XfC(EySv|N zGDl|SjW6?xiglUhojbR|+a^Mnsn`GFwAogI9!HB}(RT=eZ0vrIu-#Cat32`W(0+r?@dp(Y4xK67D zE}R|on{3za_vH3=o`3mEk|UPc3e(u3K@Uw7-Au{33XEMHvEu0#EYv)6Zxs z_U=3HJon7A9j03@7Ut%UO;1k)1}l{+9x4zp(C({Z(J6-=e1=Y-LnZ>X2t&pOCJ5C%Q+QB! zm}@(2_jqY=rl>wCIQAiG+z9H9N=l(}B^Ju*l2O1;Uza7YGe8>;w%1~@S-Z=!zP6i5 z(q39{l5{#06gwSXJmR0B&`W1VD54sTrMn!XQ92#8dU%4gk< z9<^BuSuiI(D3|I$FGjOdOm$;^Vd2)D4-+vjIR0{_JUKQlDRQUT1_6pkyyBqap(Rb? z3E2a7Vr6X;XoDd4y)v70$HNhDi?TQ1EEXHQC?%7V%|4~*Xy+_A71;$uYCR7#j|_G-Sh-11foTS^>8$tz01VJ&vmP~GR=&;Os zA?8OW6Egics)u7l=^L)0$MxFgCXSh3X1Zxqs>BFNH^U;$Q&ux~PmnFXfal2E(LUSW zQI=8DDvL@{7%%bhbc`VJUaOZ%B`^XjRhu>&rs&q*0GNl(EC|4h0%^0JJbAiS%7YPY zHagjK_F!*c#_g?c!yWPN>}*d?%rIRPnF^XC4F`*h$HB_N-MvnPt8@)Ln1!GiVbJNZ zC$gjcf!Gbg`oz(*iZD3X;FH#hdCrY7JSPoA9L*w{#?lY;?^3d8}VU>KMUcrhGm zC_`746UmejSfd*e5R@bV+R^NGRD`EmD)|H9nIqnzB2`O8zb|y@iL)Pm_+cs%qjXei z9q?JL+3@;(tk4(oxfh;$_PgKx?&m-Md3b+KRgND&-fGlg+^HRiupn`5?Oz=f{%~JqCrd( zCnm-ORvXBormLV-Pn6EFvQl3#qg>5j&Fb-}S`#x=G&~YbyS>3sBrzN`0wK2r z11v3jJPvsHT74Le0cN*3U06Du!b#uzS5`q-392;>q*4-_fPH%dht0}>2PdqGPSXBJ zvB8P58gcqFS+6J!3dJ1isxg(W)(Xi~44nvjqM%+Ku!I9ZCLJRd2e;5PkUDUeEui^c zpi-fBw*`*UPT4qCXf=o9W4OoT1ME>M=P8?Jqp?sRW|kBNB}YvZ#xsu#5m2c61UL+E z%2pe$>1IC+i_7lGBvW3GUs07>y{3vii{|9o6|e+$9H%LgV>%4S35v)Hy*hAhoB!h* zA1xf6Te^Q2rnlLum&yfDiL)oadiU;aSO}0#!0HSGB83WMZEqGqh+zrV4)%{Nkg>=p zI@wm+D6)H~=^Cyom<1!jjUlYcFaUOq@#{{9%j{JIa34jE8n(%-{ADf{JROR;X`mn} zBbOC*=71Fh6ApHLuaE;{G!jd|q=AVo)c4tD`|{<>A(yvVs?JXz*nuNdbneNE zIz=p=IG2nk2#ZxRQXNUsGU&Ayj!s>8;)%cin}1;1y;M8_2&>twO9BOaOAtG#Igoi{ zn8ft)Ww>tqEOEd)t*q+Hwv}!s4^j^OOx9zeW4O3$Y3*dBMJb{qU>-TgzQYu9NTcsU{ zh~x?&D>ULlI4%vOXf(N>E6pw(zj6DPH|Q=jxo6JK0CU>tutQ0yH(8H2Kv}K)VBmJShP7lUzKycPLO!>Lmc>3m z^}_yswNVGRK*0Z2veRc<-S&~mng*)FbU{@!0wni zISEF6nzp)*=!O`a)rk&(~r5ss*ps8-gVDtfavi zfhy_}KVUmDiJ@&EE9HXqfJXoVK~e~-z*@s2iy~*bAXpxwr7s2E10FeyT4p*iY=Aa; zEHH0YV;V`HH?+02Ls^TX6XUR``CJj)pVLVXhhnwLaf7}u7{D=fUNw*gswU_5w1oQxlh%Dd(n=ndZGPv-`q4sM2hE;97~+0 zSV+R{_V{-;`C5Y`EUY499w!YPSP&Ie!z)#o4RvzL)9wi1eC#B>x!Lr1F;J;cC<3&7 zb7My)l&P7yVxblZhPtiBxf4gXcGqQ}n`QWV4IR^&Mh;+^s^Eb@NRk;D2lgfbqD8f* zaok2&0RqaJ0*){Q49$k>N``|D;C?RJ)$Mms8w-No-79*$_HwzJ9*Lu-r-rVYh9nk? z!Q_AhAZ|oDJnkT-Q@Tcqf~v^qY_{K%Lf#-o*con+%a?##pg25PDU>UyI*Qej2zo#! z*j|tCqmos@NVr|=STN6{<@?}g`2lzD?k$&-ZZxWP)Ve9s>oF|b0p!JickJ~tnT*3p ztgfx3QmOXs3Ow(|=0kq~^$a3$Ppe&(hW-8heHNt?T8t7H(P04?tOV)}%g1p{JP!T= zoT|gD%x}iNnT8X_0~!v(2agG23gEaU9(vr_mI$-2b<>6k(oMYe#bagc3_|RG0iYC zx|(d_1o+h~!eL@lkWtg(nkdKA1i0ovZIU=Gt2U4}k^nyt5c#3Yqg!w~7_!%DOsDgp zTmk*Yg24m;itU~9ky&zL(rv-5;KW@Xf3w+|n3$@U55Sj!jM5aY@qHgnxGV}Cat@^M z!{v>izWL7R*ofa3E)}aH2&T{pjaorE*go56G=WCgtqw{f;=XW4WK>xUdcEeMKfr%Q zwD>(ii_M@2!+s(GV(X&qu6mUL`vEHr-VL6yTrR_xIU|kO3ybBDy*Rv5M0RU#GhWx&KK7Z`kF|bJ> z9H<_IgZ8;y-cX>|XLZ0r@d$7`c;N?z10OhpFMsJ(7|%QJykoa{rzRJGMQv^7B5}7U z^%PYQL@pW&fN=!@0*_ZNv#YDCsF6dY+wHKRYyblsPP9D?7SXgdW)mqher;)K30_Q0 zOrQe1BO_+9G1hpVe6PMmn~X!(af{?SM_v$M9* ztv5m6jvbp!jfA(imT}C|X|+i#5EvbY7b7F7NGP1!DblDnaUkRmlxvkhWZK~|a_%sr z2CgN=zUBxX_on^nO25iIIYPd zA+mZP820(YiFmr0XLU^m5;{FS2?n54YTNCWfIk5G0$eT7E@;|zPdjDV9w7bH)&M11iM!x9)BiTgoCS5{V^d-jD!qct@(bN%{_bb8b* z`v&U-k_u+bbTvk{EUM!G>;$#_G&J0Nc84cyRK<6PBEc@l-g~${7+_%(zl%H!iQ!yV zcG`hhy(;t-?Hf^WXey`2Ozx9^2!t z-}o4$dG6=}pqFyB0@?@@{L*tTv|BBJs{i6QzP|EsC7y`18|@cfctMdAD@DmLih9H6 z_plkRr2+8D!be6P8~V2wz})Edbk#VD!N=y z-7e4UbarcFA2~!BuXA8Ah~W@L*0Fk-opHeC}R8cVxm)6=UAy;7f+nH zxW`myPn_QK>=etzIlHT;41Kh(J?sX8(SfKdINpA zr@NfAc=}QcodIeqJ5`1B@fQ8({)ZQm({q5v*e)|Vk^v3>qd)qiSTyRkD_&pRL3^jh z7ke$`rHfM{SG#`YEhfA0-h1!o`JpZizxLIyOpaz{#nS1p$s@#`yytf+uGXJ%*+he6EusswYxSkF%yZ!mmh7s_LX0D*xY~n z*T1uH4t!byx5r$m?Pv_veQ|H=>WPa@&7C9x!({?Whk3Gn`iI-nG4ha+Do>6#vmMZpF)>P=L3&?xj`ZV!X6Y`40a)}|d^l0Z0K9HJ&} zCr_UKr@#7ZzHof7w*uVj+}S5?-@AL`*6pK5k3aRfr(yg|u?jBUcR36o%g81z8oAUl zwj*4+@YKfoHtO=|a^3voV^I7jFP&?&_uhN&y%Wcd!xY!+b+6ll8*K~nrP}D|D9k`U zU;LGC{L{6KjdV6Ml$4P1bLIW_Nt`%w^w@9z_HToM{Ht$$i%>WMv;5_^zxCg~{hbSE z&YwO$%Qkb*y!?f){Pyqv^dH~+A7x)BP}vYPOOzJnnl&b z0hY(u)co`?2E{>vezv^^JanNzOZ7eg8rr^V#df1&khVL0UMEO4?Vwn;4e%70zTB1Qh=&*Y71L<(bh3)kj z7M4Sp7#kl?XRhA;5GG}7cc;rTUXLf69?@0p`iCFET!AMY%}#-g!gMuJ;X$+tk#Kr? z^62~T-T7V})WP5=%; z@xBYYfwmbZf|M5RvegEo} z58gU5H@7f9y>xfI59GMt2YwccL>w-3xEP7WYW4ifUwrlT*MA@mc%RSPXqF{j$c#oN z#unHnHa3xb@~J7Du-&`enw&~iTlZU6+{-rFGxsi(!PmSDB%cpJZK5KUm zqwdWlC)19avi|tUiXhG1V7S;}1{T_5v!E>Kp*qwoq|@UZ8=t)K;aeJJqimQz5UN(| zf;6<+?frq!Xttd$&u9SE2%egr;CjGhoruK5(+ty*`-H<`2Vn&QVYgd>nZo7aY2tyf zN`0(dHU4icfb30s=~kf?vInv)aet8`+Iw5&z{98^5LC3XU?2idT<|* zrOW9V8=YD_b@H9}-uHO@6lDW50T>+!P$UwaojDTl`un{eVD4;o6zg?{qWtAoe?B%g z{+-vq7moR=mHc+C_K*MY_PKNC_V;&_>E!SJ?(YH&1cLv>Q-!~%LnSX`o@izw(;Qpq9HZ8q!GP}p59bMPXQ zjVVK0yUTF>`poR;PF^nbb|1%-97^h8kf<5!d1wyJGZl0H_Hn${r=I2Qgt8`nULdoZe6trm~R&E^xI24#a?vl`K{gf7TN89(^I zf@4l}YXuP+)DE2jGY|jT+I@zyA_fUY3kB5+0z&DS+7T3xIUUnTN+(D=DuDm^heky% zhC_n1V#b*q$_~IJtJOY4r}Vs$(hbZL7_|gbBF$!ZcVjERy>sjC zJ@A7x?abvs5GU^3x#y%Eu>8l5&445Ut%*bu_wL<0b7m1}J}`P&bmaDOnN(&hlidO< z`e5nk(K#^xy)H91HwW(C+@#EokFoupsK^1@`RLK=tFIopdgU6d1JJ%$(r$(f0W7gu zX@=o0Uw%614}5at7BI`1XzJsSKS@kXb-8vV86L@|X_x&Vw+BOd^ym?ogG3_EOM# z!9yeOCyPJ?2@;!}8tpN9F28l+)XBY_DsV4R;YjPTvu7^e{^%-vWrd}7tz7g=o zsETH@(G*2nDci8eqsg#hb{Z8zLNS*TXrSuxV<o;PvgUidmd!+YD{i2?UoPh`EFE{CotEB3RAcy$zU$WOO>0+xL0gfQ4399s=V@Cr7~Ia&69TwSm=C zq#+nxug|xg6(6@89|Df7dJlb({IgPu~8W-}}8-EF$tK#_iXB?HeC| zbairSDi(`ZYE{4A{jG2R-RU#ud;GxT^NvqWeC~6fo1dFsezbh__%RSrfZ7hi{`OmM z!c3xlNn=+&n;Dy#o`1NMSJZ*qV-*J;x3i~7U0G#M9KDn)=Ey@MYKo=_q0DU*^Q7L~ zkU!is#Xgf~_c&VbQ<42_OtdMZrgH}*XI8pWH58%reNHKfcehM|b!9N={%63OM;V6ss_yNv=b z5A4U73h~Cxr59d$`uO5$ZlK*;T6a2K#a#aEi4&Jzem0#>-@17-5{+-JZ-oQFcr;cj zl#P06C=m+G=b?*3fv){d{$S_Ci4&mhsvHOfo@mxOd{2n@0&6R)eIC3GJ~=a8Y19=> zg&}o1T^MKXpx|_S0D+JcItv^Oc$lR-ckVFlPB<8X5jMFdfCNbpC+B8)Wq9||60a*? z`RbP+K76?PVC7?%?}=w$zWreJ+@%YcMgQpP6?G_u0)cxU-^`Z|M5){AB+s3{fZ<3~ zE_S4%41YtOjgu2quR_ZAQTI0X70%aJg(CpkNV`iL}|KC^M4X+1a6O z8JhA8xW2BDZods9to=coq-EO>0H4F$j)fNo2M1=YHWjyl9qJDxx0A5w8ppJnHFnSw z=>Ql=i`(r2$yiwKlfYoWd^Q?QbGpD-0P<5R@XNE)o=bL z%+l)G^2EfHf6>eL2S54oo3Qp^5w2ai`oa3z*wh4!U)F{;9M8s6Dks)+rQiEM{`b}8 zN5A|FuWdeB$?xu@^>^`pMh><&XdD(duTYSRG9T zfK*+%as?*gw|?`t>Ww;#e|u;9PygRPPR0}P(WNIYJ@f2y!r;Gz{3u-na1*$W{rrAD zR|Z$*4A>%3f3;i-%%w@Y4HcGG6$#T(WUHo1is7}bb^;f4nHL8Fphg-ek#QD>13QMQ zJXr|C0HZecric^$Py6MWB~K11El%lXD2>^2+_bf_qG7Tc0E~u{OqUac;gPvxz%Hp^ zqS?*MLyIh^QeU*-Hc=uK-0lrVF{Ou7N?~tT;@RM-MXM#sbrhN&QPd``lWuQ%eQoFb z$b=;Cmul@yCfVc~Bbk({la&TOU5#Of3Rz32|{Cf5=iYp z8hQdKJYp~$m{}#G;~~E{&~7ShgLe^5wj*(^TsoPmbX$OcjPA~$z&4j7G92I=D@EPH zJDddAPgKIX&&h)UFo|R!oZIP?cgi-x+wAOb9OR<$*mEyEyR-7}|N77W`u5G`_ujd6 z{0kS7*`w`FZFT+j)Y)laXmNM~VA51Vz4+XdTZMyT=P$he`s;J!p>Xhmq73u(LZMvo zb1|#UzTPaK9*qT3epfPR4SLse`LT()t+gE6VRfgb+sMUpXBeK}-QQU}dHnjdYoHYt zOl>r3HivDqxYuRcCl`*1Twha$(U>=1*qa!i#%-=#f%*8xtynB16WTAlaLy&O6Y*%$ z8~k3iaqQ&c{=r6OHgWpm=Rmf=Cw})kKgdL5|KI=ppKO%%$@%$ifB(&Q?xj*=l5Bb7 zAAfZ6)On3^{r_CO2b3h&btRaQ5$U}z?_HN^SMAW~Zgj(u00F`Y1VFbk)R2-!Zbo}{ zXEi(L?986om9%?g#z>SXu1JC)M9=^r3ByKvw5#@A-utS|N^c`0!|i?XtBb9vgHx!^ zii-I0|NHmd_x>}Q&W8h9Z+9K9D?jWfb#Y@9aPPfitNf9Pj-(~qpDKC8^K41 zv7nO7Bjd7BmZxOI8Lh9ck^@qtRzq$#wOnaxYQkmEHK1saJW72orZ6tKw#`iNer}K5 za4NYNy}=y}W8C>5M5ZK|0js>v8*thjr9x3GW8YSwtfBhLrJPE&ge)+~N=8R*yWK+7 zTF6Cemuu840Q5O8mf0bALtWkK@*-%TT&r$mx7;3TL4Eb=RagPZWa_cUPWrc#;De)icfeDRAn?%e+0{{8>H5e^(a zcC;u~<6Ft4<@H1R4qRAUw3y6wjV+i2m^*+BOiMPKKX~9U{@L78-`l?n#wgYTFpT&8 z=>4C=Fxu4?h3x@&o?qF-yuJGRYxi#7*xXo)M(dt>>N6CKH@Ccd_t4DD%+W`W3=ZyI zPGruUJNwx26TkcW|2h$mFE1|jbao9642-W&_UzibwzhHh6neWIWvf>t*1XbbcbHs)*>1y2&=WgA)gRQu0*ARsG z-1(2&+8g^TeRcJXykK36C(>KVzTV#Y*4CmVm! zs(fVOGa2&f;sTW_C{e&+JRWCpGk&L^H>=PP4^AR#vLa#vg26BwA={QL+#73Y)M#LQ z#tinXm^i`i(0L)7Oj1~a&1n(1np9vRLO#Do&r2pA9F}7Tab}C)1Ep~}wR9dg8NGKO zFDHv)Hl48A%xfDfo;vEuHa95!Ju^Q)=XBXT?x0|`)HT#!yK)s{#0JB30H|)= zzx%ltUM!X?3kwV7Qe|Rn(#%_4dG6)?JqIp+dLgsA;0r};R{kHp{mooFp;QXP(YgZ% z4jejoGt;Kci(-tv$GSnWIVnFWim9h2kUbC_U*>@_7;vxR6|Bh zylZhWzO|LxJGj>_@R`J>Ns(_~xp3t0DX5uXFx1%CFg-Kw^#>Z7`h!9LM?bkH*Gw1B zU;T}*|HjzZUC5}e)D9m$D#3U)Kd76>q>}~Y6WXZ+T~^C>XJy$iU3H^&F89#a&N0=) zH6R!VU~1iBckCpbY}YU|eBciQFvDq9^*kDmlyX_6TG3S5W_R*7!DJD1lZ@TG4%9Sk zHdcfU!z)!P4Ur~@6Q1w$xy$7O>|Tr-#-77thQR?{2C0R{#OyaVHc}&WnX}ogJ8@VK z&J<*p7s28Xs3f-02%W%2r7RAhuBvmen*d0)k^vP_rLG5+SgVVO(t>oP}e7)OzdtysOf4Zo5UWACsrC7>Nevm z0e{Hiu>0(`Ql32jV0%A%|NV}(c8Ra}{K05LV~gG1($*FY#~=ZK_M10v4fYQUPEVmy zjny?|G8EkT!VAyyx;8a6^?SefdlxT!iuWBJ9)_}JaixsdfR^Ap47DxK7Ty{pr!nlg zdinD6U;OfBsRF72>ArgAlmFvS|Mc?pk=MTPMq^X`g^OnsTN}UiTVLD1@4(2&h$<^9 zOUtjk@(K_g+XkBIna@2-g}m=f#5dP5b(r2zxdggzxefY=TA2@)JJ2% znK^B7alY5uyRk6=!=S0L#pUwY$?HdjKcGoPQF42O!p=d_!$zztwSwuR%ppkRAl%4do6{e_ehG9T^TP7+XJFOtj=8@~yA9>{D`sz|3;_lwn zIkVV&>eQ+A_03SoR}u3)eeF_J#-_q{vN?>=D)O#@{%Wy&3l_&Pd)WSs+f{B{k?bJH|zYyMk2Ag*1CH?_UFZm7x4}hYopcj$2o+13~S%O`bOKWaoma}W`fyz^5*91c#Q2m$FgHbGjiF#6lY~{- z)4R*>^Yjl5jgOB4M;aPKzdZfn+}zCm{Ri6HdcOC)?>B~8JYLtqgTvTVpoDrMQRQ}RTSs1TP`)&=NR6%)-Ha>LS8CfXjyOP0WW{E6na!9zovI&dChBXiD7d~LR~50sS9m%CHCw!P zrve0))f(*wuck^s0*Bpd;q^ix+tb$x>WOiJThA}dbai%PLXFV+ipA?TYDiTfvdgpc z*vs>CbNIgh*draColb|lv9bB~?Ylqx=O2}el^0)lX*Ry%^tcuG5+0u0R63Z>Iz^QC*E<92UoeqpMMeq`n6GT+mxUcuW~YkSPC`99uirU*+72W&^z4pTb%&KcY(g=- zWX{ow5uCwD9=kcy`&7ZpLdCagL?WpB7WRcy)l3ePRj@d1Fp4!QZ3>9DTLq_6s@g+7 zx5ccL@+p!wY#cLnf`q-f8DCR%YKq|Z`!g8|c7(WNv;a{65@+PNLc!smMj6TqpxcPo zR`3ZBSyN4rEtki|k`5kL`uJO_Jj$6>Q#PJRZe=ncqb{#cHcnrGc>-_6V6eKN$k>XM z4DK{#GkK5-P3OFBpUq+wbW$vmsyN&(k2{>tq$#{Nlev5UPJ4F~lo~}3IAF=u#A@Zy zqbKHOmr|*;6*FcbGcjA0?%cW46syl9Q%X$+=l-#^@HB-;w zeHVZEfd=bRsy_MTlhgOc&iwM+?|uCn0C-sIKmF-Xzy9^#!Gk{i^wWR!+uy*`J33pg zj$C(nJvOHUfF1VwckkZ)_Wkc`&Gi_^{(}ep`Qu-%ZEjF8>s&tI^EWrQeDLA>j~v~P zg?sbO?+Uyfw>|dgsbl*O{P7?EF(9LV&(P}1O0>SNe`xT_ufOruKmM(e(XPPkJ9+8} zdf(A;4D9?b-rGuUZYHFrriRYWZs?HHA79DmD&c?)Lb0`#Fj}dXHPw9c?meH=YYP$* zs5?N&z8KVrhB<7a)GhM*?3_RGg1!?=kH6c=FyXA8sw!hkRmCzCFLu1HR5`T*0%*WEM;e%HjltNbj@P72=+Z>uCue463OQ+gVRLqB z`nSLK>mHl^mmmM4v%MAeLveF!{Q5{PnS%Joyq>1kmZOJ;zxmB?{!!i6mhN9U`sk^d zwRklL-Q|7y!&i(1SZy|;L$SlaRjg?x%CPzXDL zd8P;PpgS6$QAuV^v(P80R%QWvJEitmxW26DJ5tVRCc%gqHUG;pW)C0qliN=e$sehb z>NhNC$}AQ0CEfyHv#FdJI?-XZDQXQMPEGq1dnqk?-8O)h#~%QYI-nw_W-yY(#wPa6 z{L&(TB$dmO@4da5xH2OPGnqS_kEFxrW9lUSu=A%9(hN$LI6A zfMLta^VIa5f56lgDu>~6IY5AgxI$u3-tiD=SNVeLWw2d^(>m-M)3FrMU}tJ9q9}rBWE$JuopbQ7(xG z_Z`0S>6P`BbzBTqdg;=oJ%h9?7uGRQ!AD{c) z_rBNM8pd)fnx4+)J2|1Rf57f?ZftIjjZM7p(ux?4@0f|n92GN{+qR;sZn z3|kF%!$R!Yvj?i6tE=nUwQGYteKXVZb#--Mv3-4gtcYxH-|nI)Dwmol01^z001 zS4UT;-C?o1^E`VkU?R03tEsx?usNtWyrx=g_}m87gV6{5Zi~Q`as@%+iWQM}x)sQ*6Ua@K zrYrfP?6l9#&2{zmSX~ac4T8v6Z=qDq%ZeqFNf{n7E99FM3c$QmPzcXMEMP#ynnN%u zRn1bO?tSFTgk43H)J?V4Af~mNLOGQM$>oHOA!1`BFhPqezaKoz z>EHgz|MEwF^oLa?=?MgvR@PS6H=#ol=|oMV0}DtR=P`jNfY9&Wx0gF!eDf=>d~wgdz3Yih6L0Pchp=Rw-QC4}f$=(AIXZR+FI6mvM<01? z&z^nh%tqcQj)~cZM1u9QcFXB(L6Y^Z#>SFZ0s_@ktJ~|oKQ?LN_+q}sn;rEHby&w} zEQ~+I56!*3+cuN_P?=^Xi!55=;qxSR0so-Y*iIb&gTLC2zT-@qS|i^(rXEP?3d$toO#>A#mDvTn#pdz)VbQ0lk{JLQTo8t~9tu&VLhRslG0(%!$mYC0 z9~PIF>ABF|Vol=Alq}_RxfGqk&MDW{q&75$7Zw%@ML(v@<7uF@X}g`}Qtz}Y01|)? zL?XaNRjP>wfwp1~LdURRnnJ$9o7GCWMx2x{^Jc4H1*}r%UX!ZXT@IJip{v-js-H6& z9Vxoeo@$#Eu@vWAj*1SMg*3RSq*fuLC9&uY(9@0N%mVYuaYo~{bUHb__lvmy@e?Q4 z*4M|TrW;z?Jb@4>8h+Nz)VX0~5w6xr~b^|aUjr!b9 z$4f8$+Wq_Y=jRuW9z8laIT?#ZAS;)zTnGn!ef>j~s!|_qY>38|XJ_y>P!ZXD9x}SC zW7o$YUxZ+}RL$X{w5|H)mVrINci(+iRkZt~^W`hQ>vm#~&J#a#itWX4}!v+~G zm$3h8y0)#z9`>8=ggLYFQbZVxeZq=FNKU@Kt`3wESC)&E&SB;)4yUbF#adQC7Za&; zQ=|b_a3JJ|l&o*%`E+t{XlNsu2nPdYBm5IajKxG<471r36xZ}j#p$%lRKbdLJ$osL zEH#z@czQgzax=XQDamAVc#%*rV$3XVlkkUI6Y(5m&f^X`9B!`{njKWfDpQ9s()MN( zSc%1KxYUgL%eDv7xf3`GF}1MG&%jlaYs@`IjXR74OPF-PR6G=O3nhO2`t_c+J_r-^ zqol~MeBq6s{NyKxjvmJ+g>;@vY{kOCP&C49iT2j!P{8xd^Dmw`eGYsY&%ATzRwk9a zc_ZD^*;G+@3YyVP0R3Vyzi0Puo82NyHDKP+V~;J|zOQpaKAXLFV*~?$bF1vN_P4*CNM`_wZZB9$tR~j(-?TNNt` zbo$g1-k=bgoyS)KmP+ddJWTtL%AU`j@{Hm;)EH+0uoh?_(ZJn*S zVIr02=;%r-RbeNPdB@Xf-tJo`@927_*;!erGBw@V4uE2k$L1ZfO1F>%h2Y`DyJOtLNXewgJ|N)bTX00R?~HVAi(Qpt4#<*>s3MU zdfm$#E7$|D$2?JrRLV=0)s1ybD>gK2G@Hf+!V$pP`o?M`<^e5qQZ}`nB9&B;ZEjp? zGAjEqDWP~gYJTU2zP8!yg+e)>D}#V06BS9Mt!NQstHlm8mkt6rbG2mnF-+iTG*wmL zDV3M6mSw#nmf3ct>KK~LYKtb5m}K5!b+AJ$s#PtDoS<9m4n~Wor>A4F7&JaZZjaju zDb$55q&(Gnx!~6HHu5E;4QHR$JhFyY13sU3vIXz(E z39!|)$;hei?aeN)jNBY~^((JJf84lpXZOB+@y$(`l`!n?-nn<>^40#nJ@NPkHnXac zKcrNw$~AKMfCnEra%6CD5FiRF^~4iT0L7`|gez#XI`Lbo8SSt={`iw^t=$2C=s*AY z{~L*h3Z>%G%3@o4%i89$pxAkf06Y>NR`jNaN{TW`+HubBIHXt>IWwnr(9xiJ0;>_k zbUpMJL&_aN-(jLVxp-xx0EVWhCaRLWP2eC0nhA1m2?oQwiNlTueBz(=p>Tauvu?H5 zx3n!R&Na3)moi&khsECzn_FFuC%2$?SC?0MySn9aC1iI?vRW$V6aek|ir43i$2W2F zbULd@84QU@180=P$CjldCAYo4-VAFAHd8()0z@%3%-z}sbwa~Cfr(lyH825)AV-C% zs?>JHq|uR_R)d(TGN;JI7Q~7K{;H}}UV+mx?tS;~PvDIx3f}1fH;|!~H7Y)w$!_91K=++@-f3%V+rOXk z2)te|C)haNQmT|z@7x0P8rjDd)x>}P#aF@j#wVt8-%$FAQ_+%t+v zK~h;rhpb6_o~OnTAcal`c9L9FtCW6Gh&DCnD{A*Z_uS%Kb5rYNCXQVh&!ln{F(_7= zo15b+Yd*JUeRjcVcVu}%)kIRJg=}+kzJToeMFVUh4~DD3t4GwA|_a%L;Zlp_)e>n2$gi-Ltjj^4{AzLpXv$)va-Ggn@ z*=e1gnXA^6^~vdDhYrn5O?0)lf`aEW36I_7cRN4)@E7}@eW9+g0q;T;NuPXTb!i&f z>80QJ^3|(Xd%F9eBa_J_p8MKsufiND6^eTf?Emni)9HLEnaVocuAyDM3rmY!TMNcL zH8pj0X0fw#u&|nF@Os11esGUaBn->pZ~yM^u<(cX9~c1}>Fk2=t*&CUbd(JsFoJy> z1s=LWSl?K9;gwhZ%U}NG%*@Om|M4H=o{(2SsoUd&qVMk+NT%pi<;{FN{N zR$pI#RVoI8&aKoc2%vEsT{&~+3>H*y_$WFUR!g-aO3>r1*Mh~W)D$xi!lX+|jT$xK z7ou7gD{|RL6t>%}cJe)$4N_K9WJ`5Jr2h3)R(nS^3d#in{wg`=A)QnV7N`m-G&=2x zMX3Vm#KwYjmJ7vlu_PGf_1qpHu41>itOCq@)nW-+E#^vDP(s$NOga{;*DB@VfuZrS z>9+R65He3O?(OO$eJ$kz9`DTDtl)9#7E8IX2`JJ`oSE}4E#_6lv$T}K@RC-KB>AWr zLpp1E5Z(n$mla5uH4+J>^45)H4x~NW)PQj|HmQ*aAq1pa*DX-=5J8B(*H4VLv7tE- zh}^t!3#6^HqkAp2)iKaMy|fsOMF9H(&w;4QwX9gFX40FUP}FV{(uqy0-FoQYBaN|+ zdt;+jKHu5iWH#yLWa+U-k4)XWzk6`+Pk;K;iK+X4@CSbc_LkY&+_Ue{$c;O_Ege#Q z%lcNlrK3}@@-vI`O_W)MfH|~ubbsc#mtia)I=Tx&@R_HcJ#+p-AzSEZZoGZ@{9sq(?9|^nhxu}ia{k3C73r}Pf+t~My#F3pq0MdreVSuDH$|?5*_r{$nBt0VdWB- z2{bZi5ggmGS%S{PLZd3xOmPqp@&YJtgt24`mCYcx8GAcL#@5S2GV!7g2S#XvQlXGq zonA1N0@?y`<#5=wXV0EzpM5r4RyNnxOU1(K$_mCF3Q}cspNE3XaL=*PQ3qJB&9N{) zziZb3h^kv~*g5OQM%=<%pr)N}?^=9=Cx3%oQ83wM>~8Q&pnkrPE0rtmfV)yDh5hwC zJ$)N1^QriT*B4k>Ti^Al7fN|~VIGqJ-YHkbTeogS!r^qWG(0>Eiita7?O|Ml_yVfi z+uNI3+n#><>9p|$@-uI<;Sa&@{Jx-EGao*DcxG;CZGGj`smGR=m$3O^5@j~GZrr#5 zTMG6NFbG5zJGQ=_8t37*c+gW%Jq2!xC2nYmjgOBXI&=so+PP0oQ<sby;BrWf_yH+Ja@@d#_tau7~Z?Nv2p+Y{f34HSSMKcryqYJ8Q%oehKypR zSv^h0E-)c10tWX~mzN9W3P?rJ=f$+JXfL-Xu(q~-^vJ1q-+S-c$gQvc&No0FHa6BV z)zN5lePJ1|gr7GyH;XlK_x^pQYysLF8vwEe8Vv-+7^rmFYFt&!z_FV*M=%woa$$XK zqpPD`m8~_2ld4*GcP|*f#cJN#igUbj>cmNGp(V!>_U+ic`=C87EiI|U*6^W&!oy6| z^iYl{vo19<*Lm&%n>2)2V^X-|jbedzKztV0$NU47l5eqTM)%u?<4$&t>{*-uJ?lXb z6~kA%BS3Yb3l*_aG&(n1gF$NhUa7d5hs)>#0Tr$*YOPSrR5eBBbhF(G5wA0nS20b* zI~`6eBv6hjpiA^DO3$hlOeWAl8F%7&&KN%j;%&F{`K(kb<~2;Ag*Ti>vPA&H#QUlh z?2jr{K!KQ2%`m}KrV^gpJvU%O0^qUs7cN}DIP=*|O%m-kOTgzbgUq_um|9?Z#Zff+XL5 zDuWGRvpPx@8YRv!ga|L6boe>U%;BF@Zh#Qc3gN3g(yCr@FhFnWIe z^Pm6bZ~i70qNk^a#pNVY>1)?Vn3FiZxk9dGTX0w3&^Q17TLZiH_x5$-{WIC*&6_tU ztg$L$Ut#j`=P=lpS5|!CP+wnPYI6%9{n%rVz5e>^moHxigM_Zfm}8MTiqD4Qj+uIMMQpG}1^!g}37AqsxN*0N`a``f_bNA2?BqtG%I~|U;)>enz zJ~cWf>~s{-9|~J$KKz=I=wt%MYJ@jb*D4TDMT#;6I6qt%f}~XoF&l_kQOxnlrLQP>z9EqDzL7W^?ng|72D&$PMOeM#>e*Bs`(Rj)CDa#7zELBhxs6iVT zPuU27$NjxFd$ggEIxS_hfDn((h0h}~$a|hun#P)0QZ`-{Ib)b+5D-eaCpLjkd>((b zQYK3g;WvzmeAcPp1oM(jET{@Dn*ZPWmgVq5Vc3<3a5b6dCDVW$RV z)U`|nV8!AY&-7az}A3Sz~Ed=vd;7ZIbMujcP zY+oSU-~HX+LHQ024pNEJav7kD?~rm_%zCX*L&Sj|n0EX39fXn8+}hIK(R}&JwF8Ha z0DLOd3g}#Ov|f>AT)c1JzQN(WYX({$KYqNwzyIF7d!Kyr3Dyz&!En0qRF}`|>F(|* z=Cd}N<@29^@%?w-Ywzr?N)?SWC)3$tSxjstO=dyWO?GU4LlTPRO0`U}4mYolfMMG~ z;aN}!+k8;o+=Ebjmd&H+8jC?T*2Cs-Idw^9M^Fq7w*^!XV0&A(Ehv@wQ<)#QW^CDq z1NnB`t5%~nv|#2jCfH2Iv6~`M#BD~FM338Pl=F1ds#Pqo$754ujUBRs6kv>YyA?dr zrjQkBYy&F>2$`lpPf6BmRH@M6ba{P#3TlxmZm$dfQQFaia+bK8L5OvwrdoN$W)WZt zQaNtk>@+gDbkNb739Lug$QhSO=Vj_f%>xrXg+xO@ISxvqt&$yXyMKEc);tMn_rd`lT;|Z{K~7Pd@++qfE&I3 z;wz^=xaf3H!KreI1PGc1dkiq#-QDSNy5?tQ6Y(w3(`=4{xWDw3-+cdP@3G`3%skYH z#Z0Y~G0~71P(8dapbl(rb#--pef`v_Q_KtY=%bHbyLPRZ%N{s*@Y6FNf&dirCZ8{q z$!vXc=CnT;1e#(Kiy}CHJGmJrAGxkW*0DyAY}jFLoAZe$o&aNJH7Icbh5;1&_@ndT zu)ka>H8w;mrJTz}_Q3G);i_C&-&}XPT=Vh9D;wR8u(cZN8?cd7 zS=rUw*VNJ^?3^u88*q)R8zxCi-CImpK@H@LCE5d}1pBt$XYCo-q>x1N0!OmQt0vh* zdXxe^L8l-9J7M_@s#(6MO{0#@q~F0eHC+;^x+K**uU0X|I%Ny#QdJhqRba1~!(PgZ zVug&E8hB%osxJv(6ntGI#(aT8j)FeyNcmgpb8Om%qT#$IapP7 zp0C10V6L=uCP|qsHbJIQ*NplZ93)#7%`m)-kZn^gt7vK&YtNgl=@ezFc|HD0r3xW{ zWnjenRpOhgkSCb+Ubm}|uMt%1Dnx&IVVM`e9n3BmO-`4iRwkRt z#s+lygSb{Khc62~vV7bDJi?FdG{t%WG!iw()4jcd( z#cW^eTRNeAme%HcAy2+k?CR>dHgcn-wKtu)Q&(RX z3el|~HW;&Rr1#*jdUo|akWtV=oe0;CjPBU@R2jdfD-Yn%W<(h?e$B%5S;yu7p~xt6 zsp1;5!0otQ8DO)Jj+zO=|Eq%KwEqm(m2L*`1DjMxs-~K&73%NdcG*j%9AmK+I+Rj? zpl&xMRW`OXvjZ?v-zLiIfb>ERm{mkBwQ9La!7CJ)!to}lqToLnG*;2onn|ZX5aufP8FuRnU?vAg%~9XoR5+T~CG_Amc@c#wE% zBA#q*ZG(~xMRzYQFX|>URJqZcDF=EmGde+Mf%*Kt{rf>1j-NcaG`BD^GP1I=0_&cV zt~icWCw>0;7tUWeok(nUb~NK$9R?xDR{;?9m;@y(3O zVQX$|f?TdHuLOMlx@c^EcJA)&JM(Kx0xkkMkabR0^r~#AU@Mfqpi2c3DUMP!9TeH? zCY34)MY+Uq3)ViaR%K1Mn#lZcK;}#}h0gNHjy6M+yP=?qQh`d*P{=OCU4sZfz-3Xd zO61{Z5l@;-ttvRfMUcjQ7@DgDOZrHBBjKcd7B0+QxZ#6 z&g*rTYbGksWOq4Tkiv?j*CI}#R8f=ZVnc)fNMAPv9cS`h*aR_3=v!EtES0mc?;r$F z_jbE`ae2(^hwWc06r`rcHm}Q*OcbXk7x5SM%^hbiTqsCNbMLOj_4StK$ZD}PI&x8$ ziXF|dP|#D?Sf5CzzW?JNKMsy4rKe{Sh9{DzBTLeSvjSaTv^j4 zDYunMZYD6jM}`lVpmGvLY)ELnY9SYPxkm2YRrl_*goB%_OEBYLci$Tu-MxQ!@812N zj@-OIdF|NaM>R#uW~xn*j*vTC&g6glkAC+*{D(hVTwLngw>vND4o`#49=d+{=1^b1 z*Fp@fR4ayB8youvp8fK#`-0(*uiWdci@o%PuM8bNdglC@(ea5#hKCbtt7=914eMbTw7du^3-SgyY{^E-4AyU4R1}4N-ZkTK?nd18d{;EpoZZs;Xj|t28_e!cxS97b@C%$s$gW{8b_ci z)G3wnpl(DOCziK+`9J~Ek4z!g6$6{edtlb>YRz1wv-=|LH;wien2RjcSgIh%Zprv! z?W2m-G6jWL%vOz)YbvAE)UD9rVEtd9@-Q8_JhkF&Ym10g1!MGhWOmL@q{3mvW!O|e z0z3k+L~X!XfQc--oF1_EGGTDp8WVTk zy?ZxQ2k0ZNr{ix}hozF!?f^@h7$1evH+ugrM%p`Y6d<>>wDRn;&#D@kwjX}{@#5mL z#jftzJ&3_WtphT5b#?(V?~jii?`)%{_Ivggie>y3%=rEH->14!A}+w|ltR5@q#d%$Z# z42&#>0@eakkxb^8H`C1PL8>Yp@Ohd9t3cjtlabQS>Aa>f|0s`%CO7rAsZKs`orIMK zNn*|>kW9dtLMA!v^jcYDGAiN&o5{wR9Tuy}%$sG+0cuA~0J@6hIq8%XCD;Yk@Kq59 z5PlUK1yaJCU#u%3a|qxXr!C+FxY^t_Nj07#!s4UUC2I&e+^7>)HUv%uiKcu(l@8L? z8hPWHGhy2{FICJ`mI%y5mpRtxhZ_8`<5}j2Q4}KIFq*J7^9!p~QWyML({s73v8ilO zFpzjmE|qsQSPY=h0)c^YfEq z;|`n6@AYDNHrI`wkv5wU40d;RUcP=E_r${E{>5TG6b{_GJBs_m;(-(%IdTM|9FD|p z+_=H|&<(V8%uG%l*tfr}xdrSaS{IAf*V*j$si`Rp3@{Iaku^WTJlwy3zw7Zw7N=)l zeD!c$UCU;Cy}PS!dES2U+EoY;v?d-3>e<`ZkL8dm5^nOu<4;1=M#rbAB)3xg`~Uvm zUi;FQu^!`h?q%}1M@}4-4SOFn29%&B)-baXuhhi0uFkjK{OKgBvW-<-OifbFMu}5GJw_2=#h4V6 zCh%6lD1pXq1+~r+i5OpIptX|}WjM1eKx;siZqlqa-c|$Q1l(#$)xwA`EUKDZ(I9x7 zZss+Qo$}?W*HEb>8rGPiv-nq=N+|=9j62b36ZQQ7vXY}J5&=MhQ{ttu%k6fueDM^6 z^JqrP07^2kQ$wQ)>mtrvk~(+~no z6tH%1pzqqvJ1h>rqobp}y)zPa{y%^5XS}Kd-Kjo2^p-_Pq>>H&bWjZ9yQ_cj(v{1= zEtuh-Ub+0q2WMhIs8Kx}@qc*w=b7X>aOuNey!+*6Us+sT6HO{>dx4H{d_~$Prmpsg6fAk68-E z{0nn)O#!^6+q9XaL;0F$w?LCyVzEdq0d+1ya!Ta_sJ7efibTkp>9RY8Y&yLYC(k`d zem9~=y$=HLdCFckVSy=snJOljEGEihmcaZJwOW(4azzh@1000|f*+VnoVFudU_2~L zTCmxm{~Z+U4%>ydcr8}L0P{c$zj%U`lh0&X$~?>5V75Q&SH|QIW22zy3Q=U3+qy|% z&aYCjsw-)g&V?YLWkr>!c8^BkFI6f>vh9eaubRY;!JG~coe)&YkZ+5{M%ziJASOJH z<=h!3q5|7I)J5DAfOe*wZOZGfna!l@OXVC()$oydqUVilp$yA1pD-Rq3$EB7GHTmR|Phmq>rEZH;#aSh>B8UJuoSU z-R019I*7|;Q&=j-!zgf5F-}cE7X%~4RHt6kq{n3wNCV-hjod?arvn<=>GLQi$!_%0 zh55`J_=4d^UsX;!=s z3{jbRKw;BEKoyG1Rt=}DPL2bhsA?m_jt2rlfB606`qp$M5b#0aQw;)>W;AwkV{DiT z<4}Ww?x3{yGqaez5 z!yP;b^dMH(P#5t*;P9Hu3yZXOjl)u`*xcM)v0SP*%3gpN+`D(r#PJ}S%+C!D&1Lf{ zXUdlgqa&XJ--mYX+E`lJ-8-;2K0!d|cJJD?3!ux2^<6r9{?#{L9~c+}XBZzF17m53 z#DM6X&CU1(8lzaH#z`0(Ms@b=S=dZpYlwEYcl_*!KgQEBa*LUR#;z1oj+XjjDPPyr z=?evTswiFYIP8f;Tr<02LgOY7Du3)st|jd@RSN7g!0=U^$XTP=1VqrlTAW)7;^0@-$3IQhYO{kFs3M#(=G zj%wvFsAFh}jrg>pKbU7VXsZEZo|Kq2tk!NEb+hYolwaKg&s5^xlF8&7OtN?Kc6j~zWs*-Kkn zhYt;Za{iLT>9*QKM-T72bARUi*>f=2uuctiG0674(NXZ0ruqg7m-cx6{vW^n#FJ0g zH8x-~w6?aNId|5sa$UQJtS%d9&d|U>CcYK(N0#RoFyM5)fJa~_Jonslp+M;J#mlgS zz=oX;_ottJ3XSD)x>8$l2mq&2HRo(0Z}&K09j>goi&H=-I1k;^frW%E}_{K&`Co_SV+ULUv1VSl!0a z&^DdgDR(cbtS|%&k17?KQ>s#pxd8L!GRIog8|U)i22R-Vg<{(2a5;1z&tmpKLrq{i zW(Q0rszahMvlpmJ{G?j-2iY z!5+;QeMUr&1PJi?Y#{f!T!JFj?5@s^E}O-AbLtkhiO=o91_f^bXkGsF)7M{rJ(W!Q zyxv4S&X(hqS6+eiE-uZkt}dt2Nhfau%6{;{2LKp|HPEr8t-V^Sz4OkG)~Cl$Ja&vi zW3w5&1^9r^Pf-LfKl2QR_w>_G@7}X-a%Q@vwVlP3+_-xEwO{`dR1h?*-|P9WfBqN$ z{@?zuXC|f&9Nx2)$tL4*+-hK8U}|CtsPe`eZ>(-?4h`+Oc=000;>3gvlUQG0=kd6^ zy1ZkP6PV8!47io+1Kr(^KKiI8*0wg*XD6l$nS3l1P9^1q*|Ab3QOu|DA`}V~-4X3QS5^Q(AId8{rgmdIXr$HG%xq zF5Swh7S87J(q#eS$Y5vzpA`y@9qW^wEj!CK&T8iEUYjD95?g8f7M6!%2^Xa@Hml2Q z)fFf!vV{CzpINTL3=y!)9rl{rDOO6@VOEE=VyDDY) zUmufe>g>$I%*5=K8y`ON!V{M-*?#%aN3et(R-)sbJ+1kLvd!Ttl&e4e@wh42ZGffS>#mu!K!dNbq4|+hr~Ll#u_vFuaclIQAN{nV^KCtq zg_-MLdF^w4SIDI*c%`-N87pNX9jTJpONT#n{sR!TP|9dcRv0A(co;EJ5Eoextdz)Mw1&ZV zYRKns!Cql;Cm_@iS|e2)+(3tp6RUKNY`BC>HJRK&#ggKt0wGYNijiI-xSU?n>?&8K zdfq^Hhh&$knn+DT%qEMKV>^e1th00W2cdwJlBFs&qY5~0G@8*QRbofA+C!Bn)d!s* zAO7c#+eqN8Dz6)!U31N59LgI{;RKV_BHQh*x>(G}&DSYnw3w+$Cb6P|c=Kj5upo`` z#Cklj3U-*79-vO_EJl%VR3nVdSdeNr#};l#NK}UhYN*d zdwV;c%Tm!{q+?Xj^<0^6@9YRiBd5;0Sm`rkSnk*3D>uYK)b9o%~; z8mT{X;nVKE{@?lP*WP>cAJ~~QZ~+iY30Q{h3!wxzW%*mII3`AmXZ7`V;r-KFNhrvn z-d(3op2W}4!RJ2uc0*&^%*x;auWYd}P(Xm84)78}r)iF0e0~)S# zrpp&D;cgzI_43@}(pSIw)$!>mhsTLonwy@lkHw&Kusy(8A#n5a6VT&;e~@NSd5omL zzn{fY#nV)Fw5zKNbQZ!hIXO8rGz9ox-rNv&7D;=kUO0Ke%~Yy}ts+I7kjGCoaz-hE zlSR|m45Npc@X+K;0`OH8B_n$o>X?qND2blbs?0!_TuUaZQ(|}wU`k7nGq2ar`awdU zI;?iyA%M$jHOgjEjSNh&yq#joV*gnthOsLwz%X!H%8L=m&Lc9+nI7h{JHcEm4nccR zAnoB(Ukh(D>Wq?0%i%DZ@M@G2=x}+;C0SD`WR`Y_T;&BYTG8+G+ifnBi8%-O`i3ac zQ!`Y8YbrJQ+_TT#x;}FE_MN;DRixD9=H4C*AP|X}c!$lt5d|@Aj2+oOxVe=e%vf1r zt*-%oc(1*C_qOipdHYB2OwBJodg3un=i{ktJiX})`xfUnhx+=Z>gCDFDKZ9YWv7e( z$xpuz)l!kFIU~IrDnn9a-b&SaK@&$uM_G(4!~$z)R2<5rE?uXz`9eudr_~hjA6G#1_px^FF z$5V2pCPaj;u8t?4esXMP0unYgF;O3_-?Mk9zM*c$AOpTY_=Oj~@WCe|n0f3LO6oFN zEnrj_9=<~;!7je_t#4spH8eEf=@{qe)hhxJ6#r4>8x3ra))_34>?gAk52Q#&in#!F zN^NW?x|s!JRDeW+Kt2MhTx@h4Wo~do7=UfMQ7g()$YohTZn;=s5q+2}2!dFVjFb~I zHD@$ptf8PQ<*L=@BHgWVHrQ5zMKxFCYE`V3#nQGsF<#4D5Jm`sfxo2BS@~LU0P>Wv zO5rS{jR`3KpmB=!pj8_CVuGu(pnMg}N<0+;L&yEH*&;YfMM#Cif2XefD$DLM}m{fPa9ZTeogu%)58*wgfy5mun3uVzo3hHbdV{Ok+{h7oLCZ z```I)EZQ6ikk;O}f6!((#WSgvP$Q5M$N+4sR4K}_vAN0Z^{|Q(SU7+aGmG)=xYA{| zD3xkDz6F2`*F{}EucWK_^wyvJhyQr_{Kd7|h1<7Anxes<|M&+jEseoQP_fz<=H?-z z0e>`;&vkcq`vU${I$cfV>Z0}Soo#Nv@9y}$E7vaPi+PvdQ`y`YJT(9tt5nL#is*E? zZr!>2^k@H_&C>{&zkmNe2D7@ldiCm6ObcWYLIp~C?bFks^t6;-_W{!YO*S5Rl5YTZjT&Sr4 zojg?~fn}K*(W5%K-Kp9qXO_VnC>(^-AcD+|Unu6oR%fk>>5_oUkWmw$S1i>CCY{XL z$%3s|j2~tC%RGg_Z~~on8To)ltP{r$RGD9lZ5{^0JAr~b$hsYWOl5K>2w$hftvaXCh3mOS2adq*$s zj6bnEZTUjM8+0$MtOKWV`66edtb-r@=trSw$i|ym+Bzo3#^USi_&7oZ6Qs5EKB1y?alELQp%<`_t3Y#^JNJzkNUCH6D+{U;+Wa57@VOR)|x{*-MK}ebyClQ|wxT zRg*5l4pwCi>t)hvN{yZUKt{9Kg24-2teeMnkZ7%D(t*NO<3HR+hq(s*NUb{^ZnyJS z?Mhgmci6HPyJ%zxIgEDpSz0ZFVuGv^I?6x<5wK>~VGmgZlg(tcGA|WtV7?PE&06sq zWo|ViDpV$cC9vEc7&{N!E~vH*^S}Dq;W@Zo*BQ?-8Hc~n61>AOv!aSlo73&_6be+FqExDMckde?n`XedFgF+UQ-PMcNK{jZR2<$vG&?m4m2>dG zVVZ=pXcBBw^W(`(8cPMC!OgMuENBR5+TPs_`>B{o=WTW<&&%h}LzTn)KX>kvFMa8Y z_wU@kd-M8ZCyxUtnwwhhj*S*dMV&fEf*$iVMP@&&tgXh267ET{r3NSL>v*$K~8uTdwcznBI!}>ccpIL3(|s65;4Yl3XZs63|@tD-8x#!-q}sRBd9Y7LfBS?5%{Q_$3^fy9a?QW1P6?#W)3APQq`~QwA4;4m z#!IzAO|JNDZps76=kdB`&cJP<0-9*Uh%1zpkDDJkeEjz9+f6Nf5Od56<++E#Z7r=g zZ``0XruL@!@zITy#dKTy=2mKHZ5;xY%M}`8eppBt72pIL73e~=H4vy|iVgc>)vg}w zp&Qq(_Vo4iwzlY!c;Mh(XqTz!F$2zppa1N`=U#l?H!4n|Uj5aRC{ZmX_Xq_g!#S(2s)$53&`>K!t|G7#q|G$PeTd1BUi5 zLh$qlU6k1A4rm;+NJM#?U+S8PRSdQ08nio12W)yQ7^D+h0q@Vsen1S2LOX;_Oh&1+ zCndsF7;#i(Raeaxv)%3R0Ub+PoHeyzrvR9D3zZplniUWLUa48c646r%d1DaB zJ*dpX#=|J4s_0cfzD%c-HgYov(90BbB5xOrW;rd)G~9Vp^+8+I9UET|Y%KViPJJsn zOAQ4NF>$hLRH-6PB0>q2&7jJ39t*2ov08<4rDU@@1>Qb1xcBCbdw#DMO3Lf@T$-8f z>ga^TFawrTq%XhmYBH0bm>3gPQ?5{9z9&cqtEJCEJYh6MA`vW4UwiM?W<0*S-qY7x zt5m=pBLP3KVr6w<{9X>~736qjd9A*_G2jn>{LOE@^5XLxSiV&C`h5^M*g#azIvkQr zcC0$k1hB-E74wZuFU`9gPM?vh2=oHu#vtp$QH$AETwfWzG(9}nkMTrXT1Rf)nV4I6 z=J*M)YFJCq#b5c#7w(NuJA97z&JKULHJ?uLy1G0^L0E?m9;%fJHLhC7mxl%i7iMQW zdONXIp8Nc(@4k2X!0=HB54a5^r=_JuHR>gT+Wz7fzvvqpU`Ik!Hz1#<;>y`9m_Tz! z3m7G5vIsn96-AYU*&!3*!w>0XhO)>FrzsIKRhD3B%bMNIYYLVspUR}ug|w(td7Uq1 zD^*FR>%CqEjm!k6Lj?^4Vp~Lr8cGr@CX35qE^%VnB$e_N@*dR6r6P-GiAY~S8^qDU5-A+@aA35x(U zR6*6_u>ohvmbcl-^=qYO51C9AaESRyCbnEotJfPTl?qfEN!5+a8FQ?@{@&>L>u-Fi ze^0-pNfj;I*3)q7=3UMq^b8J}t?s9ue(5{k`5rjTv7_~E9i6SMZQ$7om4Pe(K}R=N z(wPKygqhkWG&VQ42)uP|b)$Q52uoEJOrs0a-e@4!+OUy|uWzg#Kk)QaO7yux4o4=j zmD#udP*bF-IoR;dJ3n~gg_mw#8wt7ny^nQ^o8_XU*mY}CFC02_2ye~0tgzUf_V#v= zKU*C+XYez0E0tXh1j=GX_3)C%dv7J7nCh9^UP|G2!mRzh~rAT-1vW=b7>^jB&`G;CcGo0RrSlw(qlpLlGqHqo>t)I%^HKCvZLRetT$;Tgm413wg9s$EH zV9A@B8thh=RF-;rx=Q(#jd;RpwRg0(;SNxdA#W?RZtt+Gdw*rnJ?t<#MZWEJZ0p@HCFsvxm~_+`ivxs@4xrn zVDEq^%0YidF%K3ld&mZEkMP zBvTb^Y*jsUcprrVhQpvDflxS^NK8-9zVPD9*G8^y%+o>C=H~kS(Yx*Kt$X+GxqSJu zU@`YKhtjFSlTUm$lcgTv6|t~?c=wNg`p#pAA8%}I#GgRpV^JWlY>i}D?`Uhke{W)8 zeraG=e^o3`jE?p8_L@AdU-h(QQpHx3tqn{1Vd0xhz0#p6IU}p!cQ9(`?A>9fa`!eH zWRy9EnCP&YiA?TyxZ}eTW`rFVlQ0{n_b|jDar_BGdNbke8y!oL{5=PFxiE$f>k2EBnQ37V|F$7X6>p%^K0u&^r z>Q*~72whoQ^9RH8^YcIX$xoV^S}4+>Dnn!;K(}t+R3y#og3JxQ{r3M))_Xw7b)9E| zRWH=5dX+%ktQ= zXi1c0i=>!95(J4vgbo0@(db6!T-}v(u2*lr|K08)JX@y^PNBNG>b-ma`~BaaZ`9P) z+1)NtHYT*vOj-h+Dw~{*4RVzy)7IARa9CGX7s8R9FMs8QY(Xu>lGSxhPETDhN`-P?Px^$@FQ zU;#xODk#~KHr8i*dm9%Ch5ph@FAeneT)grbZBtg)-qzF9*g7(NVENuO43)t8sQ{GqdvsiJ!iE%jP&#Rtq?dSY*%-NYTK+0E=#7JvVkDbN7~Oy!F|1^7@UdwKX1- zEEJVgXe%aEY={abF(E7M4ZW;n!tYLm(Ts1|Vi6^fF(Wt-Q=_6*lf-gQEBucYH#1q{!jg5A%jYuMyha+7tm10e@D#j_m-M@NA$yt8Octq mK;ii3&r zq_n1anvJaEC>e@% zSbzmkQp=5v&6M(JCYv&w&c)-<5HY9C;c|L<1_tlU&aP~104-pn*vuA4u@VgFq$-mv z={bFET}?xy7kjy}xq|gBmGw(=OGh6Ve(_7MeE$cpd21TFdj?j?QB`9$o51h@>Wz(5 ztG&254>|kgS6)hlR4NzFAvw_Fp__ z(#$ZdtceYvCRfhkSJu^hjuTg4C^v>At?67Kcr^f2?wurbef=RtrToRRgcEPW8;l zfP__9>;ycT0R)pBL5K+`gJ-6U?jQ8Xa85(zVmh5I0F!jsHC9?w&gBX@ z>YS+Ob$VWVTSZb~u`yw)P)7E^S**}d2DB9jWMWs^8=S%h5bE!1H(5bbO@fOoD8N3y zv^ST6l1BwSxRx92QBVhmj{n2QAZF565%50JeSUK&GY-nn# zyD>J_-QWN3e*P;kd@g+YX*QLfo}PaDo%bGkq{s;)0L6QA_Y4Mp-@akk^>cGeqPhIg zLnn4Neg43XlFwRTX{x2Kyz-@g`RCVwJ?$NB4yQd74(jx3U41PCaqP-<5Q$VKZE-+* z>MXLsWtE>e{m9Wro(BO1MuHCj2(ekrU|_ogYY7|_FLrcv;ATJh{6Ux*EU#BzC zxLv7`$>A7L(w~M*ufF;!s9PiwtE;Pr4B?A9I@?14pR&@}RCnyyvA_HN8@_G-#O+BK z^-n+l!lNfoz4lMv`!E0Hzf9kq@NKVXEhLl}m8&Z0RAF{zJe?kk?QFql1Zq+vT$`od zh5q^tf`sFrKsdRsH?_u$fG%n(}RI?`&MaI-F@9X3v+YvSmemjW7wd{soO$+ zuTv(onLg*EYMIG_R(-}sh|zZD6KN(HTC<*Fp|p#a7CXh(7}sRdzMY?BGLWgVgJ$FWdg zZ1n0YFTHsE>Su{~{LJac-+lX?g9rCFH#ICREI$3zlY@hUpPai`Q&VNKO1WVAnP|VB*(v_cv<&0c z44ZNK!7Le^;J0i$DL!eFEEXfkJK%@OcRH0b89^ZQ!JUYwx^8Q3>({^WjKS#L@qs6J z;{ISxDOP!_SGG6nVS03RZSMFlUcQ#fa!;Om1h&q`#+JUUciXER7SBf?ePp%DxKvPr zo43ZT7JFxB_mQKAKK$?_LG?L3?qW7B@dm5SBZ>0F_|(wIzG!+LmeF%Be<>1)R8@JE zQrRDgwRCn1l7ZS$iPF&FqquAEyqA7;KXH<+Fpe+|RU{IP#o{!-B@38HgQ^}sejGOr zG^Hvzp6~ANe*N{=U;V=4uU~%a`qW*?>aKSd6E*pT%{%+Q^ip(b;mQXexN54K+PgNF zR~wr;t2_;pH)mUFt=B&Lu&Cx`r}^B)PqR7Y(7xmMrtf;)PQAeAQc58sy!Xz7|#Z?%sU(;fJXXc2k?h z$Wo-r+N=*oMoBMtJ=F0~i(HdxR%l8*tQ^xGDcsGg$D0*{Zg;98^=eco884eJXoZ@E zQaG?)@i#H0%>GJWrnn_b@WAi!L!MC5`}vC9Qvr1n7wWgqe5)D((4y*vVvcb~MjjZ5 zGFzL5jgzUa*H|?(t)Tk33P7?C*X>mw@Oz^o)xCmgM#p)r-c{6EQz^R*b&2+ng_p@e z+F{lJHXzx6G~doPr~Nr(U6dpiNCWa&jq=pgZRq8r4M%L#Gk$;YgAd=u_xl6>>{@_b zFwB&hyZ4~}u3ftZ3~Tnf%@$`Oo_D+521!n&qDHe6jR6$h%v$Q`=$f0GgO+FW(Bi2i zwQo;T5j_MHPXM=2?$ju_T-HD_iz~#N0lE;%o}M16{!OPDal(z`w$;7p z%F4=Dzxq{>)Sv$Jr?~Q68Ks7!npc8NU}0UHnD?Gl0JDS-{A)ECD_*LKrL1XmkaZLX;e6He1{-PbwCVME$vZQqL** zLW<*Q&~hf7rFMTdo0bnHv63cW3^ob-UCt!ERm~h9b-LW8a_R0|h!;!iTZ>OU|0<;z zFD@QG-rkVSmbF01?7~b#eY56E-v-{Z;0>1R(MKQM+NOb&_;9ARSiKaspsTBs`M;S5 z1Gk1-?(OY0cXX}>WR* z|9xEcsZ*yWCnv$4!Lz^l&2PT*&O2J0ea$SWgk+c?GH)VmF=hkN^j|IPwCfl*O6q-& zif>Y{=vb|sHq)V)&5^*BL$vdk!q7k`+KL z1@xR&Xh4}U)YFxunYwgvdeQE%V&9>spacMExCXn!kxdwq$%Hn8)F_IQMKZ-gvGwIO zPn81)c4cJ=Allm6CK*h4f=`P@1CTkJ%|16b-`v~`@PqQjmnJicY;k9O0U@0vO=>X= z4fjQG;6e0rIhV&no@revol61q>l^Dh9mfLEERh^21ydcL98HxPVawEdS%U^vA;``@ z8^gkmC|gXtKD)G(%O>oix0sF!lDzK__yD(b=XO(VYcdv}pPTFH>YNxGJ9gxOvRblR zZJ&Lz91cfc{PLII`|yL8Uw-Az&D%F_T&wri^f!(yEiLT?V4gP$IBL;ID6n17s2yud z0VrjyrKu^4qCi+#Wf(9XAPNMe1HepdVidel z5%fB#EE+V&Crx>v!X#ap)9tn4<@UP!;lIu&by&7S;8aiInr4 z$OH%vAkFabFsBzXnF(wUcIDY;pT)IfZ+d(B0fbO|=g)sq?`bb7AOnH9+WyDs)%hE*e%ZH``m;a#GpED$ z@Pj94fTB@qYHk?2eG@D%m(36F8<|^LT3=rS$8&pJkVqY67aQ#k7xOVmM$u`r!XAX+ z;=*u+_z;|YC?Z@Wz85c^KYt#V0W`&*U>#te;q|q(HGxSO)8=}u3j?EN3Z=Sf=B=LG z==eX?6=^|pCbBx#!C4z?3-ytt_+K&}kAgCgj8ddsGl|knWHnt+W42UP`(e&gje07T zpcEj1u|4L)y5C*T(HFsT*XBUe&|H=Ilo)I<+l%2JYvF4&*eQjD<{;9Ha|k&u2|v3X zF0_=C3Im};=1i995Pq+F3bVstcQKzc%TUJkXikZOY!R&%M_paRv(G+{Z^y;PVo{xT zdnO~566CUlcq|z$6!C9$b&XC{B9R!ru)VGQ$O9(;v5O09=RW#m-#)4#ft^lz)@+`d znucWtF%@-IaD2DdUE(wOQpRet6-z2ClA|X^R@XM-$pj>IaH!8}x5VSIoq!Kaj-h}y zEWnOW0|jIS?`-g7Fc^e-W%eQtOe&RRn(W z{=nwvbMDwyu@WUx#f1z5CxA*mPnkii;D!dcNLt*Jl9>f63oepxKORh`aZD0eg%k`d zDjTK@e~Rx@zeuX;ML@5zt2576a?OgLMN~;#UwpRyha}g#AHNzBTm0SAh6p&1htT z<_)xJVF>0P!QyUht+drYI?#Q3)|Z^$Nso`;{L4T4)7sACBO@bMuU>iM&3}FFg%@mg z8Xr|s%MORDp`q#W<;yCs;+$wG9&D_w)^U6&5^Zm#FcPol?#)csc%02m^~s_FD8&~& z^w2{%nQy=SHhxbj&wg^9c6N5Y@x~jcPoKVd^CoK}x3st}FlTkeux0f|q|p+^%8M*~ z&wfQZOX~^62~?#fWJQH0CYCCFzgUV8ww&g5==q|O`(JXA*gH+KiKWcx_A>byoI9N^ z7CU8eS3zr%PwX?xX-#sp93_%AbuS>W+e^9<7-NO`sznBC1g`T`-609u_yk5hD?U`+ zeVuy^lBg(z;-UeEK`j)uL!wZLJ#LvnJDZh=563~Rt*ONxn{AXwi^IujV7v5U(&EJ$g{XhKv53>2pfBw(^`Oe+DG$l~0etZ4xx4->Yf4Q)>QrBFI z?YnaEe68CJn2hVG4KGgM<%^%D6LBn(Y&NYeuSAnsHeqmKVF7P@_0?Cg{#UPFt#;V~ z`8Zws_U*$8OifKe6~Js792gOxtjk*MG7UL4%dGwyI~^$`^c-(87-j69sxRk@A9(wBM8Xpqg(*bc54`_1a&bGZ^# zhw2UaLaeN21yR*>y-v~U`tUp$i`r}!HkO372Lx%(=1NpXp_h~rU(6Rl7A+<-^)$(6 z45~35N!#qQ)#V_MZ$@z#tL(BnozK-ZH3C_&j<8yJl{#KPo5!IJB?HJsE|oHha@l4W zdFYW(Ke^D`(|2uj?97wTG_|(<{I*qRDG9Z;byHKf z3+BARZ4yLdK9jYXO^IOI(PLe>IeGH*7Z#Tn5B2wFu-T#|9E~K^ax|LH7V|oh2aw+! zpD5)E4g-CvcV+y|7oPg1g_8Z^&7bZYIPkT9_uK0$0bNPFePhPI5&YuQXFi*} z5y+>yd-`*UR3?xS%Eoj-^|sdP3ps;M$tL6BV6eTl_5b{nKgE#-W$$S92Dg2)lXo1l z91p~5J>H3_TScW5Twk$Ls7M;ze=wOz2V$|Vp3ar!IZvHK5LuT`j#?PA&fnC8Q7wC` zstvpVB_-kVRTB(^ezCyNGJr0N0 zUggeYY4`z7Vki^<6_?G%s%jS-!Lhu$xwYeOXm0a(>j0C74juaGKmHw5|KpE8erxIu z?Du^ZPZP>#9zS+~t`?C1kKn;U(-oqzxL-|6h`@_1aOFzLe=UwpA^X!y5(`?sDr{g|%A zs$8fI$?kX%ww=r>!ozKM0}xCGNe7%sri-~^S(nXIqvssUh-026YWEY3LQL~o0w`!* zCY8+RG6Gfn5KgAjyLC~FHdLaQT4jBSiJc$-L-j>%*rri3RuVq$cXBa5lx}Z)nO0a# zVI-@?Lte8ibqgbIU}X7OI6^AU9}S?_OnCYt15YQ8I>lwQp-t4z$v|ECS?e_;$D65U zP@uUY;HHwq8}P#$S;7`kl%ihX&06J?0hX0o=IwSTbkp4YbV8bk0H@@+A|L=c?I%{ic;4L_yprI6EZEbCi$8D=?i{NK# zfq0dx)?s$=s(yBM`rho_t?kX)dM^ME>JFdDjxKI_bKA$h2qqE!3r&hsvA(v(2-tH^ zKiAOE@adsN|5-S{|15yM9C#d5>!k zio#LfaaAe8PDvN@IaMJ?qoC(5?D%QYAL1D+Ks3se%JTJ z{o4v-$Z>_#vbnlU#4WNzDe1IyVP^F3F&d&uC6U_Zg1hcfC!O^37Fw{PLqkW)nG+YShS}4 z2AY16%fT+eIl&$SH5=+1a7kDVSW#GOEF-Y(*2Eor0`?Bq$xbpp8P@dK_kVWw;|r(0 z`1IK24-IZRSm!@|`)^+Q@~=F7@};xyzZ(jLAxY_E_`=0=pI-QAWdA@_U60FV$)}>; zD#yxVxxJ-XDHIp(E&Rr>|2Bv(=r8UI1`zHS0!mn*r6B`wmM zl4Y|>=`wngEPn00+$H+khs8rup9YzV~1M{BJ_x;KZ$QEVkS2dHRdb-=4ZPHgS8P zXWvf15Brw|ECQh*AdsmSd^IbFgxFEzW;2;o7cN{leE2ZH{=%h;(DnO9hFM|_i_5Sv z55OAMDFnt-U)Mgp5>M%~&wu&L$$+0vW#YjAFX{gJum1L#r=LtD!;#4Ln{Rx-p~3U# zfBs)T`sgFx=qaUBHC0ui;P&#;{J`K)Bpj}CS3}6K3lLM>CQLV~u+Vz(WeNpod0tUZ zKmPd5@zJ}}QzuS6ICbX^uAG#N(+Og*;oHJK;s{~6bXP7B6D2LC>Pm%Ti61x`|ALq5Y7HMLUIz>iJwVqVO> zR6tP^IBGFMNdaV=Q^^Tls{}$6tqP}-i&P1XG9hNY^kHv{2GPhHVMJ*JR{^IamqR&I zqz=tfni^+~musd80c2EJ0a2uih-v7I)j6?hFO&*x;FzC@#Fi|I^GjVHn& zGT9u-y4~q;yIf9(-D;8Ju>eh*D3@pN&Cq5`*6M1ChF|^cveWIt;xx9jc64-@EcWHK zb;)3a(S7^QG&KI~`~sv38`fCkfs$=#ABIrk@Bl%9qp%%;e8ADS-hBOm2OhvjrnBI; z^64{AyQ}MOj80L;v1ag%jg3X(F{qEe!2zrT^!t|ffYAw_Ow)d?R%~uC68YqlPh1`k zRt!i6CV=y_y1EK23|Iwa#Kk8mwcc*j8k38PRNq{)zA@eDs=f8;#b0^l%ddZW(e5-q z_0&`A>uW|?uZ>MBU%!6c@7snd7#bP8b>nKV7)!+iglg;tk55E7xb5Cz?tR`cT zx8M1x0PKVrh@S$V(}u0*Sz3wR=4OsY7Kctx*H(G1YlD?=7 zB+=_2k&1q=T%^*zLGyQVlo~=c{i4>ViP!6R=zT%l?L1XU`_S(-X{zKmv9RY}pg+y= zdXWwZwMYT#gD;kfu(yi%NHVguyh6yX*6~0xngF_1yaEu#9~Q~SM7buJY)qDIX0yp; zG;7Y(ahp4TXQ^g?vew7`^c?Kl~mwA#1GP-U@-4|NG{~vwi(Ty#s^Mcsi9X*41@9`Q*ztZ+z6=*#RMg8imY(jzQEItO5>qwtO_i zN2kY;fY_Cx2=XOX6AUnmCgOlMRvWDpiPQn$X$ntuHC|y`zj1HJANPggv48m9x#0M% zXC6DFD`X{EPz&WP-#mxvze<`FMsp*zI9__6c_)+XOF^w zck%=<%+OiZR4X}AeOj&5Y zg3Y|3(wWec)df5)>4C#4BcsfK0NOFDt5OLF!FABXmM`SOVV3MAs#2b^A1rQQu&T9# z)^o&oG7(QH01ZL%zHck#x4ayDxjrW<8B zY29g<^MSE;TsHJR%xy}6YirS$6{kgd{k4AtuILR7yio4!Y8xF}H5!{C<$>U8S7)Dp z$93-Gvry{~oqD8D;%?o%Yj?O$Kk>}i)w9?+sPdtG`@Zzb%fWEy|Ne{rhV6$O06{_6 zV6xy8N?KbN$T5UtWMl-(vFY1lu^dQGAQ()O?ne9R# z67KKn{`UX)n}8&F>#A>E+Zr4kxIX%6CX;GxY#1Azka+9@clPXAT`^hA{Kc`c8$RDwDnbU| z%=|p`!_gDR7Zw)qSGUGT&ph|IkS!Gilf+3BkJj?iIQ$e#Fe%Is)NHm4eQ%d#d>m9Y z)P6LVB@PEgn1~lLX+c$7W|0Q9q;s4O@}y-GXO(P$%jAGkAP^~roh+Ql#)RUPR3-$a ztk)R;j?`U>1EElCMlO?1k~UWb90bZ9G8locy2^As7~345&+QhUP`4?;LXG;#sjuTi zyi(@04t~ZoFBv#J^(?^!h!&GY(i!=(U~+58P&}7U=Rmw2wp!K;z*S#PCVbgoxS_ta zuC@hyRdYONjkaKFEf7mYz17vS!Kvm9dYxpIoxVW)Onvjz-SZ92O?PLeO-2J(rlcHI zmz%hG-R_XJ3a8GMHD4l@zc;%waOn6>Fu0S-xpg|Jrp}a%A3FWSSHAr6zrOz3#~*)u zZz+GRF*0^5Q0<*lKf;bbP+*WWdHd+d#WdF|NIhnl>mR5G}Dd$xI`|C5Ou9UWaM zPFU~-&9beod0=5RY$_>rE^jE3Fo?Fg`lduYV{yv<$ZTCzd3@^nM(d(JO>^$$>Pkt#oDTdb3Z#D zjHUMvk3bJSbo`M_Jn5~fo}9P|`zai_J2Z3>9B6WC`ogVcZ*BeD_RjjoMsrgWgluZ| zPFq{2n$E7S`o?a~CemeHrZ72rOHjD$6F2J{YR4vTWBIXNR4QJ?@nO`J4Q=an*bV$iFr01>P8m!~ok^F6fRzDQ&UI`n)+7PuuKf z2A{ap#-@54Dyzk2vb1i8LR;HzzkeH`1&m)?Sv_^~^z~~uT~3!I@}r}pz~KIY9vxrq z?&`;dIULTjXFt4p^}2y#d@=~`@BI7Uxp?hzLqpTd-Fp`=Ui|r=|H_xY{K~uUzF&wI zuvAv7J(bP?gz#>&3gV>JcpGtxQzoCJFL@Zg> zmt*Pp>egB!w0YzDg$E9FgAIRt?kv``si|dYb*sC70J;%8p|!DTV|8t4XlQ0PS{PQdBKzUfWu|HW!kn!0*m(Eaqr>1f^W-D#=Pf zWR3CYwRuZC2_a1?r8gKPBP?-MQh>;mKdR63A}kx?8PxWKOf|hEQb5b@)avC$)oM1u zdckeNxMnu8gLm+}3Y7veRTWj)>%9Yf?d={0D+1QSg2D$y!pUSRBAa>E3k`~XC%COm z$BNfCwam>e;136SdrC9+(&;2*G#vDIw>63ezOAkA@ZpEdvLO+tanT^eFiL>^sbn!8 z3m@43z~ zq6T`PxlJe(mFA{4a33r)MB&`IbCA(PhYne+*1L1}E?v0L*4B~AWEvYAc|n9ME-ow| zId&|SNJ0lfzWx3{G!kdyOhJv7XQn{eS^ErJDz-YKMTKZ8wkX2#13h479IU#NCr{?< zdnqSUe_wgf{g_%wn`g!~a~kUfzG5wrzXM=MI-UwJAZc1(MO8~m(y<}Vl`wt90NPCf zDN-~`RSV_44iPLLRhv@B)8$Z7oT?f7k~V8P&n}9=u-0ye8ii8YilEnKFlecC0)&;k zFucxG0(J@og)b@8f3L{N1`2;?RdS_jpFkrbWs}JaOqY|{4A03ntFc%D%}wFoOg2F# zM?p_cCA(ZIC?K*_!K|Z$vF!`xa~YsAb^XjH@a+_FOK{OxR;KD8N+rE}_fA=7Xz%L6 zkxwV%k#I;9IM83oAlPjdEJP`v3xtx#PMit_wiAil-M#(EL~w0&38XxiRl?!mfddEq z6BDrZoKA<+WjSzg-?gh_I8iVzaU}pSER)~A)7#e-aivE`uY>O3UT|O`xcPj_Znv2v zPbe_Cy0ZSjkpnmY=RY|+HgQSMsb4t$v_Z!ug5iuYW3pOGN-hvha*}SKyDc7EIdr?BgDg?uWV>gwv*Sl^PZmWLib*?-{R z+R_Toy^rn7=S$IOU~q8IWRe5^aohq96671|rKzcrAt0zQHW3#Ics_jWSR@j8@4fdR z!C>3q3E%wYH~R(#e(CpL6SToDyQ91-1(PgS>i%L&-Ck>?bS?)`AU}YX1ya_Uh>)32 zj@B}DcAy63`C@4|#iSB0(%n}ar^Vb$70u6zMsynQG)Q{QtTJd*_EZ|Tt2v=yxL0g> zbuUF957}bI-)i?YB99xXVW z**AQkp{d1PRX2HermCi%7r3fw*VgM(wJj{9A+x+|@zE^AKD*|PmHPuD6ys_=8 z^}4Ng8z^4b7sdf>?rQV};>qoMHAPe1+e!w>)EU;ZTyVtaRI zXq^W^f_%L9-dTSzQrFP*(n~KVQ>p7$Z@?lPy)h1b?Q%QLef;72#wv3iV3lB^vGNs3 z64~$|;ONxU6b?M>Hk-``)d8jd^{;k8_*itYqPXz{>rxRi=K5jqsTA@wKR`+qH)j+L7K@p+)5!8^9f+ME8+cjdOf>&TPZW8}x9WD|157*HTTpPF z9W54FE*A4J+F%@es%vo6W)~K<7Cj1tetvFNG@5z`hoZ?;F`wJn@@;Q#)z!G?m+mEE zk9^@)%DfuzLgrzLnMV0a~bSad3yTJ?aA@&?adv(t9r)~3PqF>f8y9<({r4_`|#1zUyOz0cNccr+I!MT8eR$^>uT@l z?CQ$ovW=}RdSXNrL6A)5NG$%z`3uc$ZD&qD+1}Mt<*u{29B=*WzvlB<5Q9i0yuIyf zZEemto%j$)7Y-QIJIwzxd*dZ@&2^WEYFiik}W2N$ncCfqd20cJigP{3NJYLG@hT1AJhBJmZMr|$DUB2dqYR+zz* zyU1GXN)r3tqMmy2Qzsmnw@ZQP-E0zOKUIqOfPBCh*-Xy=blQ+e#T&4(aM21{7k%x80WkJV}s z^~Q`2yiKxNZGr4IAfMwUmhob@xpBkLRyth{mx(3CIuZke07gOpiFh>9(A<`RMUzV7 zIQe&ccAE`=oXMqmiGyl}M7pcIzRe=edp^&%HMwwXKD&AmnhY$>TV0Fw3;5$EqnJ)* zwK(Sh<-BsLkuy|Rdwj9T!2Z6u`DyB(K}}zv9!y+WI(qDo%WZz>;X|SUG$R*_C6e*N zu_KRt_u6;zAD(Tjuj6?A?TPU`)r#U;qunQuod58xmgf4V#>VExrs}F1lcOb;x?Wf9 z%HvM+WGjF8!3R#a+v#@AFD^K>(H(d0-aP!kQIl-N+4v9t;XhzMzV>Usxo>#z^y$;M zecWA5jraWda|?@e9gXckCDyjBwXK=PhqeLf{g*CXf_^`C?AWbaw*VC^Bm2ymGwmG) zVJ{83UZxi`OK!I`lm@5c6lr7r zw3G%xQVM$608Lb@CUcUJ=L$5Mk?5!0l}qLFSt<*QMq(fm;TR1_SX^252ey}&m&r+9 z$o}kSZ^GW$zkgVkO>T!gK0e;L|9D$VE3BWz#d+LcI+c%xlFdyW%PZFbKct|0dTmyh zc7_H2PQ z)>XB%d7DJhFi8FV$G_Nc!zVWX=sjsaW85*3M zo9*uIe&>S=w`MnoMvguB;Dc|x@dg$gy8GOPPgu=KI2tMIxfh=Q((S3~#l=NfPG9@R zZ>_Gb*VNU5S^mKv{K0Sj*4Mkc+egQ)gSoV{Hm$9%Xa(_lhJ7H`K#v0l4gglZ|Dzwh z{PN2`{_&4lD`$$9WwXP0?0ZfyIo(j1(9cv6sX(a<`a)67mosWQr*(7A=W|SrYK4Uv zS+H>wJK)Wt9!7Q{pU#k*iCV}~yAg`^Yw7VEWd~_uS1PB8zLv=zmv~MpD|)4<=ShZW zND?d`k>BlShL4TLGo_MVvt=}K)J8NxC97gaG;w+f*H{*K(Igu=A~#vpR!Ar@HKn70 z)V8XUAY}wTlTBrX711P?0GLGu$X?Xt(&dO^_R3s6jCTWEp4TSZdP@oG?l{1D7sEEC$&knbrdzY@m=44qar1LaxRHvUB9R*Ns zE-m3Yx?AhOqJc5}BS#GuhirF;!f~kVSSSop_N^_4BP%7n%hTXUsmZdaTbN&IZ)`Ob zBpp}C6q5rT-AR8`w%0B%t`)L0W~8Oh%NxX0vgo$gJFE`eZe5kV#w|Yf%*eU-&x5fT zbV4RsK6c{7?YlQ~29b|ObR2(gb=^|c5YFUzBiGnuQ%akc$Hw1!|Ghu?lmFDv)_nH& z-hJe;$BhLiRiuuPRz{AxZKuv&wq4xW^(_5&Xtu}tHpg_|NhTDyOKx* zV0Wc+D>D;sXbi8crEX}g?8+Je6(xhp@8T=*RNZcLo}%H}+)gcUUsPzq4W&3y$$?hq zsr=iaqng8#r& zq)RL(gILX;bAv{gQ=XJoRZ>uB=7>t+4n5806_Uw3(DB~f3@`wD(AVF)u@><8{PE;G zJ_IO|Namo+sL)<3W4Bmrb8~Y#9i79&hYw%Aa^6#AH=C`jB`VA*SQs@`)#O$TQoo7% zu4YzVR$o_VHW;_Jwr<|OH8L_%>#h=w(&pxt$nj8)9#@s!XidaoMnyG<7NaCL_SMx_ z*L8PwO-@ZiM&Ez`1K@FAH&xTa3ZYKFX0y{_r}(WuSxjQ@OMz`)iKeSlPn+wPRzNvw zYWZLw47FR=P#a4p8=LCts;feQ!13e9&wua%qms+(Yeq?wP0la<`mf!c^DVCipLpVQ zPiN~-e((=Q3EH)c?{#}xY|a`i(U#qw%i5qPahswrX_RcxPREZQU0A%gxVSVhFz}Pt zU;D<_fBVYi(fJD(s=ZaoOvLH3J@oLSKl-Ql1fw8oBB!-!V96Y0fe6^-3J1{95KiVi zQu9gbl}D*@#XMw`hIeV>ZZo-zZf^tvx7P%eBAi(o^CeQ190&cZ%|f6Ey(q{PuM?9_ zCbBSM*crILGb4qmz(1ChdYrCsDCDr(@Ubbi@WOM?Z*BM-b{aF<(iW$t&(kwkKe_nD z=bvq^Ymm&=ST-4qMv7*|X1A*Tyl*2gb?Z)hV>5_LZEej1#}7JO_Se3jU0zzfH+|3L zbhfv&_V#p9)p9OhU)wk|lwX}$F=7cUCYReu`T6xVn8s?&&%TL&ERhaXKAScg6z2t)Zc=ySEo0otAud zWp$BC*g0KeW24LI7~Xdf9Pq^#UYVJh1CD~>jtmY;lELk&2H|0&Q&no89T^_!-&ptY z7Fp2PAPEysF+y(7hpEGAR=hn>r?y65Q(EHS0D*OXbem!;3__sXO)7H5}az2@IG<*0zZ2$~2kK!k>O7kQkM zqQIAPY9f`wr)G-!G*<@Dh^#?B6<|T!cpZ>G5(_|?mvMhOeM!+9$iN_F!8k4++STzT zh4?Z^0-(+;+i;>XsVr{QAQZJiRvKktkZ@#7$y7|sqm9O5(Qr68IJgfM5^zzXuux}p zjT;x>_Xlbmj^^g(g@q+7?!9|6P0fwql(=7*3p+bIxMk|LTquTuK}irPRDJEnV~;#G zJA2RNatA_TQ1an}2hW~8n+QdUnOry?lbnTIxm4w?jz;5w^{`#`0_{cKXp)Qz3-jZ* z#?skDdrues9JW^?8q-==P!m=dSTHC?uTE^OZ3Q=X#4-;p7Yzl~aw(NaJo4xn-}ZJ{ z$GJS!wT<;4jyPkmD*YQPSbmV;haP=oacQ}>wsw5%+E9PjQ(t)Q>b2{V#YriG`cga* zYHM$dM1$Sk{UFfm8>_)c3j1pm)lxpav$+{B=J)SESl>{K``z4J3j}veG7Jo5VDP~B z#3Xf6sq(C>EG1G&kjR z`;kDDOb}jQ$x5!gS*z{jKxeV~5KW2Fka+Un7xN-7S0YapyNwxDEZdqjv#sQk!Ylz+ z8AJ&b7N||d+m!!gDV0qE2O6cLd1Hk9pw~=FN?Y1>zH#2pIt0v3;LwVC>sni zJ_qao3ZSD0pu8$EdFz~ThxT(1d~N3AXGNoN$h76}H%$8O+kL;Ja#+V9<+7gZJaaOBY8V8ADv zh)WuD-jsZ)$p~rLz?VU+B)9-E4a9`Delj>KxnHSg#iI-}>h7xLh6Q z&RukQ&1Q!s77zLT+kIWlrDDz^x?`!dAn85e4LqMqCD&J$w*2c&JrrgA^FROdV9;-~ z+e!-cmHyS=_{Jao;UAXD`i`!ymDMGa#nd-2lq)E$t({PpLQacBQC@{WvoG~p&OKm; zSIgbjEETj|e*SX=t%xZe7MmeQo`feT9+1Vl(L>QToXgHHqs;X+^@yPU@ zyA6%C(DmIt{j)O*IB#xu)%5iA{QNwtINjLTz;_!(10@}E;@PtwKKbO66Sr>Pn!NM; zi!Xfm;fFMnC>C)w*8bct{-Q1#4JW`AQ_(=gVYdrw@gMBdaE?gh8+H7|wr}RqUgZJKwCQLL5!zB2&*8_p=?TvMh-FjeT zcx%<4%M~nko6|#6HcL6)88+&}CWEl6whn#d7g} z(5;wFfH$L_@;i5Hl8TUUJyl@tMFA?7({8%7QDT+#SPoElme)tM9Kal-1=LXB3$m#U zC2O%*$?)fjG>!=XS%5L0$O1!&h)P@$x}JihxNg>7pBzkOyf0H!^EhWY{7t@~H3|?_ zj=9*VTF=0JK4*+N>J(uwf>c;(@O=^RENI>_s*cHIk_D~Z-`d*R!op%S5{Gti*qz|+ z3kwTPtquKsgNbAz81e=DQ8VSqicY5;>sct|MXlCRGMI1Qxyg!*(+;O^V-ri}^;7{? zfl^R9_=GK{f~+ zbanNR8(S7XzIbKy#@LAmkH=%lQZZ|_7=Y2Bst=wxYB5>!8K|8yPTaO{b8hw?FG?#b z>q;r(@wytCT5?5lAs;#Vkj3ow?F81A7fwBX`r^flp>Pz$6<3nYq+a{(|NMnt`=eYT z9SrTnlQFN?Yd2fAHUr_n#r=aLf{?}D_vz2Y#it7xo2Oh zt!e(#|Lec*J8%$GaA{>FmPjPhsk(*+K`>6rmSQxtkq94Oq@JVr6Qd|_d*veK3iL8b zW%XA0FKz=`fDMA87AQ2a(`XQ7o-;ytjGA)_nzvAn(p1xYE}4zRNk$6*P=IWiiimj4 zC(oo`uTW-I3FspkgQ=U%(EMp^z{4j`gd-t$wG(nbK0aDfB)6+ZR0>Cr z9ydrTPS)JqY=7VI{M;HlimWpkcw{D-lCgu{=GWYiOFRiT(?Hf68 z@bLBVE8{bF9Bx-Q7RTO4wnJNM>zyra`}Xx0v#G_|rMKUDGffk}#p;Io@BQG1F3Ei8 z5IL=Rij3R0sg9n?xe{@Z&s2`fH`cfyMmv6=b;BLl-pMC7%R0sGb_F5{-XI@7bnNcj z;>7rr!)D2*GxjoAjXjo#9~l|??EE`lJagJ&HKi7lHEwHHT?Y;ub_7t8&lYfKlex6j zX{8Dzk#DSRa9A9hI0KS#`tF>=31SfJ?CiwGX<1sb)9G$(^8WE3|MAM&y^|*&#wp$0 z@HaL#FD)z!nL>*EN}^GepkByTL!zTA$1^D-FB$C?Zz6Eb?XQ zNhhcj(8S8>xU^>MGs_rO^6p463FAf5Ur3Qp-2jl~K|U>JJDJaA zy}z(2n{1-pA{cQdJph#`=ZgimjV2J;f}S%utPYU9LS9u$F!Rl7AzCQ%>5`JrN7ANM zMGRyG6Y-p5x<@6tN3~smxPD zDe7VkQj#vE)2S-AI~oq?xGZ!cNb$tj_?N!)CEv!qU}y^qB0Ie!M;?CdAHS>D0SF|c zEx+www2CHUQRZ`!&ETF|xYyLyo(ODnM!nVLvD)3?&5fB&fBXJnXnCi{ZFe{}HaF9$ zl*49ksI9v>F;Ux4U)v-vEiQ+n;qH$1hU#ir6(=r?o;vx+{_cJkZ=Ak#wY$3;_Qjw6 z>7VxY_Rh}UtgUzM9~zAM{lgFVr5osYd7kg)py3GA3ya-drSLgmp@vcnsgsJaIoj#z4^IxvgKFf4#_&XEO5Lc6l0k( zseg_tp;$hgmPDsU1)ZkM>37=807ojvRCG8ctb$&PQmQnYNv{Wkp;BYs08thNqc#zN z5VXP3$mtDcgG?Mh7AdQsV9~O$J4lIfVqW{sVo}ffpY7#Lsk@0UI2+^~{WtS&%6qDy zQmj%zdZyE1_Ew7V*{@jbE8ei}_tX4$+04@nSUn6+*rZcaQ;K{cak#A(d#+H}+4A9`%OuS z4?g(dz<~n}8XuYinORs^#;+bc@rX7_P&a#TMvy6ZI6FHF)q(|NbMZz;M?ncd+s>aq zfB3*b*kObH0{}(5EniMkUl5+B`Cw}K?f2f@cXXt0sPF3N^&MZhy{&s|Ys&}%BU_;H zy4C;$dKZ~Wid1EXT49?HZL0B?M@zamb$3h#!`$r&H zOG`@+KK$^-%U5;+{y+MUfB21G|5{^XBUV+Xa!;IjYISurohtm=uYT>vpNet<-IhH_9Y2=}bJH^5>Nd3~DP!4YTvP zBG2UvBB+9{tX0hy_vVCG7$j^Zl2NT+sh&Vxtw?bBzH#=IL_wB{>To!?y}r2I-XI6+ z&n+23TRy5B(p+-+Y_7JpHknT4i%R!U7tkCKxW2Y2NXF*2cB8?xx;-aqEvu5r`1IXL z{LQITr*7SuuJ+dE3uQeunD!_tx4G%d=Q1{vIj~r^e)GOgkk`7pI+x4#cYpUcCr+Gr?6Fgj#Zpe!)X;kD=!ugLKbT5H&wlXE{L-wq zsw$H%o;&-AC>kGp@WIPhKU-Oy>*?;hJ$YlGp*e^X84g!fx!2cM4;(tU|LDQRjpgcU z8e3{I%XjYF(Z-jR_U#)il?veIRo+^EVB^daj{~%PJO1OxPDy4Ny!`VSV$7IT_d-52 z7BQPwXv&$Qjq;*qOsPx?ph1n4btHW}b)V(R+H(UZm(?N=RHqiG)`MDpDrG%bp}APn z64E`ud zyIor(NpF*FX?vkmOvV!pb#>rL+BMI=gXlU;Tw&T3gwK+1An3zPhoTPQ+h+@fWYvT$N4M&GoJNs%qcP zR#7eO9~lC&Ub=MY!3Q4}sj_P4n~(qY^70}~2)Dy=d*bH$>c&jfjLTu2TbOTYYi@37 z?5OXnuCCtnZJd4o{bV{>$Y)-A?K@vMb9(&xbzIMZ2M&uysjH`}tG}nHDz2KUzy0U$ zA3l8eSAOM}8d{p)dh4xcpM4s7;D@jOK$RR-UN0caXfprwjki1=FG%56zVg-J+=Q?@ zH-ktRr?qq}GhYu4Bq-}>Btwz)soRAj*IhqN|f%-%HNnq2J2U}fdN`gg{l`QhXhh)t{hfE-p*p*vp{3Xf%osgec(iVR_Wn)L2Y%I1n5f92_4X z$Meb9&Dp7Yzx?X2Ox&7uyS>?B&L8qO)OmL{*FxJ7Ni;4mERl!AX5HG}X>4xk>gmH0 zH8eCeH#dIwyWf54sWVU~Kls7xhYlV7$?HGHEl482xwhWbeM&Fr>+5Sbw>Ccc_*_p< zkJIgh0!k+n4<0*u?8rf<+dUr6q*95Rn(8apt~Rx`1Ohu3E??O3`%gXg*sHI;YPZ`q zcYH>pArub2_x{`98{hbyKYsGbGjF{4<2%#0Iy(Nps=hq9jqJ>?FEoG#8aGG~C&BxY zNKw>C)Ip7o(MX=L%SS5qdUkegC$Y1~>~6VgtCC73mAERYq-y_3x#A?=c-N_&vDT~A z9GBYAXC(numH-nV#y2M*#s8t6uMBj4*sGP96MB}zb}`@Qdd-|u_x`+mRH-}}zn znRL-);@=$X+-FvzwT;QzLF~gXR0YSfGNCEXk*t|CQ+isc=D?Q8Y8BBRYBf>-UQx^y zs<^MiXn8X##D|%C>q3 zAVX58=8D;Jsi>!PW`hMa(9`UfJ6K2(6|X3&NY@PX0WYq4K!rjaurp&D#f(!OY@kcis zy!Bv5{rv+DySpN(0bfv*iTHLDQduyXwe{sc_`~nc&CLxCo{q=%K79Y(*Is}9Yyaji zHzJ#L9*^DOf&rPFS$y{N;a~juAN}_B?V?Z`Jb5CS&H{k8+A|R9Ob!ccWTWxjI*)s6 zYjb{a0T%h!zWMF3$*B)NeBWWW@Forn0EXqy|LjkX51tvHoVaoG{l31QZ-3`Iet&3Z zckIH&%i|yYZ|0Ev1H70H(sM0WsDhWoyPFV>HIfEWV}k)3EfoZqP1GWXvVR49C0SL7 zs!Y+ccFu{a2|1$~rU4gv*12q$wH3@16ORGFf-iMC-Q}_w0zJmQsFsvMCSrD5tTwYM zm+~dVoy(hSEM=@zWFv3V@+unQJ3h3OQK`Q~kqpJwzFaB*W`qui4)$ENt`!=y=V|RF z+NLhKf2MWFWsVOK5UGSHkyye{1Fvw=VyOgsh^+iDEB)ze_ zTkrA069t0)P_Sj<#dA$BH0ulai>2I+8#lr&-9wkIluISvVgnyc*5r+qmx)*uvBFZw zk+-$9-uwJ>tC??YZT;kvPayo2OO@vhf!9v)+ZOTid$U zHzFm0ICJLM*o!CYYm0Vg-TluWSgiJA0|P>-GB-O7p=e_}0#F`lJQPZ8p{9ZEqmY^W z>K|^TlCeP0>vY)`=4JpMEG^Gh4c@={tN*$gS^dd>{)yk;`0?#qfF%i<*~!ZLi9BFC zMicu4kA$fFAvIwcZTo&-Pyz6$f)wd$dfvoHnw%{o!7l}El!JXS5`|b2Q2LIlkqwX< zp-S6Y4RQrM{ZdsC$_4lr%z2s17d3xYqcve%$j3-ZE8;g$oYe?`lFMQDlC|Mw!E`h$R1i{S=toei5J+JPwcO-@iqpdRwr$_V)H<2C?8mS`B&qH9ejeTrfy`U)aXIU{yN*OQ zrs2Y=R1&LjuSeoTm#(q~&gTo%x$W6xa$bW-AcO=5?EbpZfOZOHZCtLf;l4E zVWAQVh2b9a`8+J|P$=~9;RCQL2XDhl^j%$D6B85Q=fG=DO-;c?n!%5fWYFgaL<>pP z%+&N7Z@dwY@BQNEf8BljM4&kgAo9_p;ny#}RxISa4I#J)+BR0Ig?y>KqsL^nFU-wH zw$^|6!yo+HfA`~xD13eoC0i3O<^Vdu??;dC>sW5+!j*KkU~_n$JRLI_Os`(Ml-x_V zw>J}%K~YmYZWzAxQOCkle=)lPsOjvv^P+%y!RDua0G&<4AOFjv`Xktk*>SwRzGrbxDiwCQS)NpKbNDnN}cmtEv=uc(iQ~3k#9o5(YiX zA(|7`jW(64c|^EITPv_0C5bnb#WDp3lgs6j=`>Ov<4q#Kl5!~$n`#WUhyB4~3ZM-{ zWWnR{*Xqq>aqGj6-VKMk;8qzz=jJ`zk?l~>fBnW!old9D$Q>IPdiLZCo;3$;B2!Mk z`_un;<&Cd5_Z*v=U(p*)S%|9nLa;e(cj^F^!-z42ITk5Yiqwf?XMFzp=I*vcCi}O) zd{58v?X%q%R&W9iGUe|>RjW^;G5&hL0x+#S2O9PU3cGQUa5 z>c;9~Ym+aN-;3lkkfisYJO(~^d2yje>FdH>zrJ-*VxvdEyy~i_UOUG=74p5Wo}^T zzX2eDRf-T-0ieCg|Z{7@eeXO3@ei<7$c6xehe0F*+;PV9ifz~6<>l-t{plf%# z+!*u)L;mP?w3sb0RP@EjXCJ)(X-#48B_18`IexUWRaS)L#v}t~gjMEoO*_VC*dY;G z*BXiWzyJeCnj{xV>tNVu#OAEm*q|{lIH7TaX)OFaq^^+0z)bUIt9;2*r}!YK;j3K)zr7>b;&$AF5W-dsvPe92}&`8W?on z@v}qc&yI~RLV^X?iO1HE&$9CGz4vzzE?|Y*?eN?F>8H0K#es2296Iue73&6Ix_lf==@-3 zSF6!%N2hS81LR9g;rrEbnr`QQj?bXY{h~%#r`A-=7eWyGVmJ6$-(o_z6ICaft=eWd zYvOoxEGyLxJCJZmDDFX}X&Du=)ELNK&gi$3}3yd-@ zLli}rMd~nlf;B}*ghE#j^CYe11Z`=drY!hhLZ(Pa{}D}GjZs9or~+&O42-@G^>}LR zDJ7QDVVH|e9BZw>J$wC4WQ{8pE7=U%Gq1{(Qn>;#MXV@2-93`H90>YoO1Bxwc6WCy zEiZUH9{5zA&Z5)Nav5?jLQ_Ao*`3#~Uq2V$JNxQutE=m$1_n;{_rVGQ*ks{&K=Sd_ zF5@CuJy{a6n_Fv6PxIo^%M0f(Hiz40CdQ;v&L8sTQnAgAtvWX#V*#LlHkUS=Ify^- zV;%22(R*AGAcbVjR`Xtbw;+nCbi%6%+QKt}Hw7>N_Xa)>Lh9=3BG_3vnFNf=o6H6V z$=_VP^18)RS1J_1)V>%Q9Xj*1++GTz>(<7)-`5z4M4mr?9@$AHQ)#Qk2yo)ftFI-Z z(Us-pjIbgGxD?*VqIkCtKZl3!mC-ORiI;=7# z5WAhCReb0wB~j6&L{T3q(jY)v`rtlYbxwFYhuY1}V4yH zj0;&{IrVhGa$hoW;LFTvO*9y(y7~Z&%4c^TCo_4ms-$x%K`5uP$!sB?%H-hjVclX4 zCooNdGhu&x`rMG$=X>(-0k{yz+RqG~*Vcmy3qY^uHa8WCJjO*VB;8mxhNQ2E%RPrl43BVzERdvOPWXi`M2Q_z|3w%VAgL>f3L9 z7wqBQ=XYgA^mq`5btaRUnx5$G?S;})m*Fr`!FzBa1WGLr;KxCyg9I6)=AJ{!H{1=egc+kFc~Vc4sCLw z-ckSpCNOdBbhN7Rm(;Kx4e_N0lG*`lB!Rr4NHCiA7eNuECVES<;7qj!Xsv@3{zQ#d zwPHC%k(8?SWL1$91&1ls%CeDi;?6y6shAoA9gynj#f23kr*pY&bMsSfw+kj19^uSc z9e7Gtox4V=cBi$en~5{ODi*t3Up;zi>GG@nj~ty|=u)SnuJE zoE_2`O~WH&#Znghk=<6;d$bSm1_1OUJw3a-yYc9bifX_qr`-w(5V+hQAk*sfC3F1l|bxd*Ay3c$Jm4^>AyOII}qVY=qV8TAPD<9Z|?7?|$|v zZ{p?_78uM4ilgM0t3O#B?vYTZvcDUJcn)YlU5K(!mLZvfd>kgy<#M5YIIWFY+vL$9 z|5R0UC|@^0PKF&bW^KTf!SG|DED(_Ns3c%P)D#QQsah#k3WaUP8XxPUolK1q z8qpDI#er};QnkWr9j%%YUjd*aphTKMumr5HMrtL6s0T(xBE2%MyjH<7!C*u=Pv~t% z&R~>zwJH|Hk}6l|>ON%<_M=#Kj6_0Y#*Gaman#h}D+#$oBJOb55re$~F-NzyzSYti z%H)%kM1?iBr&D2bLEM!zo+-ShiHjsOo(a%Tsz&SEtV_+J3WyPK=I zOjeepNMa9_K{}k1`Q_7>hacVJOgi3d0GKUT%TtqM;N#a;=NRlY_jk6n z7dBSJgs-BWdg(yX3mtvK%oy~5p&*%u2gXsG(X#|{eQ4n#265#4;4i9{LUARj^5qKA zLoX;H=Z%D*km^NMlC^G98N#}XcrRGpzKLs9!-(_?CF=VJ^nepYn#QD5q_%-2K^&)W ztu#R?nrIV4>%m_`0<&K$sBJW%B5Oj@8Bs-?S+Oc&i7aK{xoTST7Oo(%*=#U~_zVm_ zv$GRvZVCAV?(N-mcb&7Xt(_#mM!{VAm5f{p@E=?cIsJ`1aO%An4iM-Gc8u^~&kC zrtX(ZFD4-$e`+{SlP8ITn|M|cE$MVb7fm~rdvb_=6hC6xrZ2U)m{G-<9 zwzETLR#w)YjgEC6fz_k4$7->?g(pLleep4ZNjy+rH;;Ky@A=-ShL$9#yKIt$yJiKdtkJ{ zMR8_WpDbPp;D=OAB&1@s;qqr#sJN?cCtuj!-sVjvswVGlZ^1nboIbOYNIRX@2lp5M z{eSoyR!5IK9T|HzTh3GMZ9NpT1@QOg`@bGIabBtEM!y(M?CuP_a)#$E;L&0JHX~9d zliG^xm`!$3ltMn=*z{yiXE+e@Z*Q#IE!Lu?yt%qzuo(P)e>@(Ca1YiA;U1DFh8o;5tW-9)XZMHa_*vJMRR-&ENmQzqHsK&8=B?3G;?=UmjTneTKH@GP( zQ7M#)C0QuzA^*mcg!WA}u1AGZ0OQFO(MT~O*fV1JL5(FW>O3;WS)_J~^`1rb9J-Yd%1UV_M z7)*xdIBo&{#*dnjTqv=up=BN%BPIpZ zuZXLUSv(|J*Oy@J9t?>yqxI%h7Y?7E9sNGm&N4juT5M+LUc$DcFvN}?VdeUiqZG63 z6R0mJ%ihw#+Bh@2+1-(>lWR!m^@u-ovp1TEn>hFz*?Y^Hk*KAmP^tq#CA=#;6+E7Z z4M=T!e79w>5vOC(t?q+2w2+}Z+xqh(n#G$?cTz(vqzV)9<|WO9fMWzOH@4i8m#j@r*kEO}gf@*+j#c)MRBX{B9Q z`n?`)D-$AnF-w{{z$e6sB&L7(FkT?8k-Vo-)widWo{_3%wsTu<%ly>$wP$tfbRR7% zY303JQ#rF`-RG|_^KUL^Yt63o6{XgdH#dGgA^GDweG7z{vU2b)zBGgkkrLmw#y%T* z8yS#9-H4xspfF!4KT_;t&neAy78IN@{v;Kg>fH?@sG^DBZHG8QU62&5KQG$zkkx*~ z0U;*oRK!s-nl@qgk{dvxi;29ndsEDFf=r_psSeuZDJnPNuOE|Wxbmz*kMuQa#*!pj zJ{~)>Ypci4!A3{qSccsmaU{>Rrz+c2O4=aDdAdsHI{S;^xVoea`vy%kONsXJBYK&-Q58$}j)^yqnh=1j=Z z){?Xx*k}KpCp{=mfp-hv$0I2z6?03LsjDTrPsg@*)BD{2*&hY<+W;%w<(VS}pb5-H zF4CMzbK(HdL5;@OQu<(-jXmmMKQ7yQ7?dU0LKK2ZSe{Yk;79{30{l6!!=n++47+Ie z?gurvFEBn;omhsh8yFgXGlQplzwx2>yu7@;wiABK6}KBNZz}R?_M+$Io<*pO)Ac-R zI&$QkP{6=L45qWOh)tZTdJxqZZ~a0-Z1PXVXXeshK3hY7^vV%m7a^QMiRTw5iQ~qm zzA$yf8(602hf~=DKBGWaAl5@vO^Gkr`+;u>qI$qcC`RtrPT#wIA?18&k$7^4 z_`wE$!cU)HEYbcJd>GZ4kX(qArX2{3d4=mWg!W%~K~-}33t!aSyDDc*!7|)fp;i;l z{=0H{cI5LNB$yt}MtX3O36jUI{0kI4SN2GDW}WYs>}&k?LIrBVV+aga8>8QvnWSk* zizcGM@~0^&2<2!AW@U>WFTfzu+ue6x9(Hf}@dc{}SsO~@5@%e+#6*=w6ETFaupah{ zDNA?I$MBEPall!NHouoY{02!LOUuhayvAm5X<&S2Mgo|jZ^^><#!lZh(YGVtk8Asq zzw;Lfv%e_%i4?O~dY{1B=~&s*;iI`Iu1;}=PxKXPdUbP2xpFMdN%N*SCuXWk9^PRj zPnC^i4m$|$?I6)h2QH0{a8C;XB4DzAfYQoQ%bJwde5H z&FqoeLDQh^<;BHhrajG+l*aI)Ma%w|giA)|pHs+W(WYVemtDL%k4?4Hpb4a(?z^j$HMH5VGrMr2307o=zp$j1uBapQ70eMSgnL&+fp zExKxAYM=BCH9Be8@bo~UAovUL+Owz;p^bza`Ncho&Q14|6TY?}g z^E%ld866WeKBuGh%@CK%$S=mlAqP{nm0-%){GHv=utJ1ii=pZ7*7^Z|T3B2RNB%xX zS^@8UwO?jQPC!5heBP{FlA4}OS%IRNqUwD>(PwR)FETUoAMrzVM-S)LGslJ0sExzz z&I0iCbagwtZVqf}4TH=;_VB!1f*EjnWQc}P^Wk^vzdDo=%kw`2hfOGlJhZ+qT8s78 zn##F=8!xB2sicfRiRJIb=P*7!?mXQbLIxG0cP%;ixH-Ez>sB^rt@b9Z+rm=$^pMR> zJw5Ti9L9eA`^#hd#YbDiGZE8xZ?=1D+WxBm>*d%{rSS#5rPbv;tu+OKDf&4gbg_1!e8^Y=M4DWf+OwQo;&N^~$NWh5zN8yI?r z{UIp+K}NUde$LqP1Ri2}3LK%FnNRXu&(3E1Z%~KzBeqri+HD}$&7kD8#N^84-Kzfq@Zm9Q3Vj_Sifvbd; ztEz*!tA~-Z8A!_6$kEcuM9jh7-OSn5%$ZYP`WyuMpe!RUqUM=(nvJBUs`)zHk$rxa zo^$Wo2tI34%uZ)MYM{24#$aP;~g9hUYvfC0#`gq zygvDd={xbrPl!1pb#vl9;*%6R)>V*qKi>td_(Vf5nF?_twtTLG3< z5qCzxWfP>xUBXkxqb*LXmBmPj&ZvlsiGWKR83q%XC@~oDW0dk|?@v=qCx}x+*#9kB z5yldHk4Y{6>sTBYTwAowP^s#^ROth|W`OGlwx}oaTyLHR(!CBB+LC!i#rb$4tqaoi zw%&X2K@-!46gZmxt>r>WwE`kElKG9Rk#sL8@hx2v%&Q=G;2+XNHK$a_mdK3G$dLS* z-r(H$D>>Il(u8?n$liN0YlCN=x+>+ft~t$zx8O!=qMt^xem8xhe2KU=lGwa;Rf^Su z`d>diqIhXoz%Um1Z!DCzB*2WfF9?zwI%ij`!kmmUofJHE(s3rij7Pxg-VIUcZZ`7C zK`35~#@CXpyN~VmdmC`AUMdv4E!^&VMZK3^D?5h>u`|a5%y6*A&AeNz(R)SzB)+7Y z*(sE$jRtVO!BxE0{L-AH){6>=XTZyw2tZbV&+etod|H=X0inw8>fARP)vwsNB8P8E3q^ z9C+hjS$X7PJY7v>I>f`>bIp0Qk z6!OxT7)?SpMW(nMrRO~!7;;?ZIcNdcMeZz%EY?a0Ehd7*1SyZ`CGVAgswFw*^qh3Z*S|9L+?V-h2@cWk!=Ry*ArnLQ7BJGw+80RuhC*H z?S-VBLmBBW%m+as4(!DlEmDui8ht==ckw^7OC3*vcrJa-2H%QdoV!$3@6^ApK5>fC z)lR_DgHcxieyLF&4zU*XoHor)I;2T19-wo7@i`w{V!fct{;od5I`vOc{IH&N&*A>fw5h{v0vXj!aYiVPfVlJzW=+#CL99ndRM#lwrHWU6~Swa@T;>aJXLlFanZ2W@K zcM0yBl$6@sE`CcQ$SdH`pBEkHB}|+wy@7weB{S%qDp;J1R-fdwJpUYmv00Y*dO+1n zW-KHcB3+jGsk_Rb_p6qOd2B&0h1>ld>w76!$qr)kZhyF4esWyaY$nx&#Q=#-296T4 zDX^D-^nPNWvs`5Qs;YGw>VS-~K>(cF?cLvHgM0MzR#e=Y;iO)^cSNREb+>$mDmN&M z(&ScO?U%WUwT3v<>)f?H_a^EjRc_E3%cMU(&fnT6IYX4!$V{9f%{U>LYpbG44kizi zymeYEH^&Q>=v6XfRh4PK1KH`86zxq9JR~%2;mEtgH8UATcb0&`ThYP_qmA7a>K)`KEJM+6N zPm%-Q!O<0K+@v%3o?PM{P@$q?V5Y#JT#w18>DECwfj%OH;5bBZ`&gZu7D5t+X3l)Q zx8w$=aNGJfZSfNaVx;u5vb`ARNw`8eb3W7h!lo78LF3vB$Vj=4JhkYO7k2#g7N{S$ z6`9y|8N~^oY>n#weBHD%Ib|o36|+PRc5^q{ifnP<@$gmj&msIkQgwJ})xn~NH88G2 zME%lb+=eh)Y$>mPqA2>YD2E#V-)@9 z)s*}S&hgvqaaWT_J6j$33Mm5!MI}1A`X*zoof@4{_RvLz@rs0?w_j=r3b#ltx+-H# zRvMjApH~k#O`$GSjf&;`X^O9xvgw3En^wgcGAmm+%R?JFxq!^7QI}U2C|?N`nTEgn zx%;d$8pfsq5-(eRpfntJr2ouUAJ*31H5;G-gPWhd^nLJ36P*zZ0DA5vRz!S0QA~j| z8k)Q5=xL6<+;8Qm(-8lCx;U!U>6?)tXhr6U>s=&RDkQ_L4@WU=zKOz7RF6L$p#4oKhh zr%c~;R0T}55FAtZt2y}Q0F`B7GK13PB)|$HoUyW&NXpKi&qTHPH2IyvTs*?Bx`6Ha z)h+pMNqMyyHHH+!^~@&C@{cw)lwzO6#lm2Mj=h#!x42!-ie#G(&x$rPWhYe>h9@p^&Nvr@kJWE_ABt)>m3koPHYj z78DyOk~owLvkK*j;D`h0{y``gFpTA*F*-HK^pGad(sxPK#VyLyoHSWr7Q|!>Ws`i8 zW0Fd>YhLYGFQo}r2hj&cz12|9UfDilD0HnVOFw2lk%uNNEkb_@Z+)7;kcN94@ICrv8OJ&|woeI)Iss1qII)l(Dy4DlU7SHOm_op#@-D2_)Q|vV&$-`E5RwL=#*;*O6`%=HcDIGVP9dj1j zHPq}XB`1F*KO(|l z%Ap(dczrX!#h@EqCf2&q))0vK5x|)X+!w9`fo|m=9>}KLO^0Fo7`6$2EBO9NzECzL zZyI+{EERXSEfkVG^b+)2ln{J+U{E6_6P1rse_?&^lS2eC@@a(H&IDw$kff*$UY3$1t!Y`P@m!& z!c@9oX<@?@5o>8s-}H@@F$MjA<~u?LpU@+c)a^K*#UddyOdyXaTup@0;&=2js8h4r z0$R1|i@gR4E5?&0nzQXLD=*OzVYD8{m+i5I|EF3+d>qsHvO~M*cId0L&_)KcS*G;q z&JmSmg0cxl@f)`2@-q)VZD?YS5V7O4qanL)i1c?BzIU(uPx9-p6vZ~z5?VCZ^F!x~ zZ>Oft;uSu57_+@UeiE}=$i>2z>Eo!;ONMd~qLDLLRty+At9VWC2>UKKGimc4`U=^! z518)`;KRE9AtHx^jR|gL3)8fW2A-tG(6=kp8s&Mg;ziUlw zeG5aHw(|GhdUvWemNfTejb7#tZ90i3Fp|Le{O@%6N> zRs9jYl7UqGoq9~C|d0l1Jgtq`yq@U~Uv zwnA4YtYj=<VKYhTr7>>FQ_W5uB@0^ z5c%pQh4l_qP&&dAs=5EGCFFv0CxdFOnhX996UyS0nG z9CxUgEMrV{cv}ss)O-G7jLdlJkBa@$s~V|Rko|spwNh;YN$aue z&-3%A=hMa}bt0@5lVS9bK=WlAcsBpVt*vgSUqc<|?UBvDf&KB)($dT;IHQ7%%}p|| zJxtZ^9XXb+;EA9hj>u~5UY*^B7d6>ipx*l97#e`;WOa!i#ItG1QY=szwW$1)^$op> zD^}=)lG1GJRVtn+ypHRvL6MAd0U=Z95ShI$^6+J?&5G;{RAz=I)x^wVteucR5DKpa z8DqTkEwJ^M;XLGaHvyhjQ&USbh-9l15EMi^LkP0(ema=ULHpR85uz!`@*`& z@;D=gkuBimYZl0=c+5`wJ&`)z>;)NkQkn998C54xF6|{ z^cgF$51I@Zp|8x~0y@>czXhXf5!y+OW+LLz12f3?R0BYt$>ZlFCkP1<95~Tfg*Cd| zHc7y;>?sX0`@-mnPxBgs=JxjTFo4ZoPpMN!>i1}LQvv^RVBn9g@(i*XlVSHpr%ql% zf{f4UoWJ@OO>i{gLmR8kHxS>xiRD4e_82z4R%Gn(N&|JkjB_ zx!T9~$X6X4&qZP=xQs_9^It>ht1bI7VtP~PNV&bwju-mTQ<^Qg`b3pDvJ(}p2jE{e z<1IOVK}3A+PmOBccl`wpf$(P2^VCgXg0(z0oQ6$e1>qCnTSF;`eo6%h_v)k`L;51W z{=FK;EU7=}yj#*u#|sM*Ffjvk(&GSX0d{tFTn?uw*5``l96HXp25cE2`Lv?M55*U= zk0;q{tEYR3ny+uOgpWyj+7+{W>dz)Y1y5~+qCwplM!!arp**2V?&Di!lW7`}t{P12aEMqha*wgtPqY>|J#PMev*wM(W z%GB%3NXb$3p)^OUqLxb`rx9IH;2nX1fw{W6Ld`*LCt7OP>Jw!Iv`Hbc%5MI_iu^%A zK{1}fWb*N@AB81~aC-%Hn1d0T2$z)9KCP{^6ahE`aG1M1IRTBkQJzY|bsl!<CMdWb&&UBVqyeil9H0I=N>&^4Pqy1J33ED z>$YEqk>3}TgOZ<`w;L|g>99-OuQipM_b7t}J!j8s1xNHo#Q&NoX9el=pHrvKM*iPf zN*c!5TBbgI*nWTR5kK`pVejMPK{LjD2u4H2=(Cit3KBPg>}CV=#_xxD^sV{r#ifzN z_GRxmTP=qPcSaHi&=9er(YUn;8HtF9mUvKF_L`Rsz_vtuENfC2OWf zvMwxZz2En5jRB3Os9_BwC4%&PGfa^uR9#ZV?o415>sbYz4@w%U}s}8(9zN7%q1VJ zjiVJ56tKd@A4q)bAfB&IgUr<>?;&O=G#YV)Fbw4d?{HCC(DZ>_+N-O*NM;$#9T0@m z-R-p76W!O)RGF)j`Bo29Su6#e7@8IAR0pi5KEineW7*NWAJ+z7itq`T?d*beX%gJH zrTHLFAly?8alHxKK)7#Iyu7Qol+JBgOR0Fs+FbS7@tHG2e|{=ta?Kum-3dTI1=s4e zIm;&hmL+2hD0=D1=IYtI94H~@Zg!UpVyoK`Sr2&vrs$zg{Xc3_n;ekt{!l-nesR}Y zXB2_M-^3$9q=EP;?*VH#DQ{xlBQsP+(T;GeopE3?bQegazO)3anGm+ge9z-#;bP#h zFxyB}oX3*2VNjNY=;^I1ig6jWAS<0?W3mS-VCWRl{5+DW5D)3hw|_^*1k-_)llfVP zl>~T$m7}5nms>1|YG7dyU-SfCxq~KARj*7T2UA(aCOiMth`KpY8_d?iE6hYEhM7iO z@uSeX`Fuch)_?ZIDMgb1yX@rM0LpLjM&1n&%V3lWOZQ`e(ar4_OtHy@CW196C4A*_ zHS4t1>FL;eQ_)JzTFEB<#kDpkMigYWJfj;eZsIJuy2md!U@av14&Y|y8FJ+XcVoOU)Q~ILyU4?pO+G=3z1z^Tv zEGqmB1_XM0JI(fzf3HnCtS-NYL8WX`Foe%xfUoaC6)DB#DNdlodeokArFDgG0dj(0 z5V`6#8H8dH#!RvygoTAI+IJQHEExdbCMC?P_D&oMs;&NE{jSNfqB3IWGgo8z1({^t z@2=243m2Xj4_hXIZajlN;Xw*>^Tehhj~>4k=ZE{h2qv0nWVKQ!4;q4S6U0qJMvg(M z@->XbJk!r2whCf`uT0hD3Ff6jAIBtAchl(xA7>#H{$hIDx4aBrM9e~>t8*Lr1K>3@ zHSszp{@k5tBM@;yFLnDqt7Wb=n4v7+O-@dt;4$x6pv)~VvwZxxbCF>}d@@<;RP{Cc z=}M=7<2t-x2IJjG4`NkQLg@mJ1_QxxduBFak~`UwwDQqI1MGH@`>iUYR&{a2Ppdl5 zq57Q|1avKGYHFz%;&dJ-o_MP)Y+!#PMr^ltoNG9>OLogcKurr7bc_53gLK#fs%poG?vdOK%y$mQ zkm^hR(}Sv=xYhBHNE}u0C}5}lU&(T=Lxzc zdIHD#9V09OGc&UQj!t`fyJwlVw|55I_~@uiGo4?g1Oo?0lG{QO1r=4{(vrsFdODDl{`;{_krXD_%61noSR2wAhcfA#z+*fei7WPGV1ClMoe zV0MyN3u{u`0(+*Km!9_=yK4}FK0d_?h$!yld_MjZhl^GcsT(&E{KQvTS zuzabptH?eu)1<~8Y9<}8XG)pAUPUJ|`R*a1Vv&zCvIrIMT#MJ&$FpnE_EX!3tH2(A zg4d(UT+nUUQsXVCT_RAaARr?;Mqy5g%DU% z>9rRQRDJfrsT$^#2&>8dmQZc`TPcP4xvKJTIVEuC1@r%BSV6 zJr+nr9@(TpR$;xWc)sGpf~p=nqui#3NzUQ_2&$ZJf@)#wAkwzbg6Obx_sSaZ@xAxq?kp1Jj`k0kF&YfR zj53gnAznR+&VWXl#aZS6*~}^e)0GDOyY+7^4%;Wg$LKpld5lp*06HlwIu3pgUebAh(ZWt>ALbJ^yh(eHvqgj+MhEHS6 zKS+x{@YNndT1bp%FNg5KNFe;qArE9u#Tt|XIqC?hlx0h>?kT$7-op$P{x zPbMY3|HHl_FvuO{_h6VNdmX;II2)h_EW%t6(dvqy zv$aKRZ-aS<2A>|$r*DdaC3%NL^X!OD&D?J2fjTioViK^hbGt_*Gi%!T$!i)Pg_)gM zDMc+!tU{@etzXDn^_`n>mEZdp3+*m%&J(!tR2EGV+=z&Xxy8kO>-qWlL_J&r0>HSe z>EdXd-*yL-fv#7uj6$8Im5t4G7O%@x7O#Mu5rT50Rk8^Tjn)VhURFzc&ijz6OPMDy zc>3l5D-|5it-wqsh8R*c^I){Wd=c3r4$s=#p7OCdHqIZzG-S^ci@EMyQ$R&vgtKW# z5pEJZN((aVFDZYzNWyS@a>vx`31`}PR1kmRG>(A;c>CX~c!y-=p#;Xa$lBpSqN zI`WQ;jEuCx8%|E4t-YPTbrklbhntwYE!#^&AF0k>NS0OLIZ?NOYW+g+_{Q;`sG|5nM< zoFvopHpirM2B@oshK5$u1I$OM&qq*cF-@^6BsmAV(%Y4u3(I1zDz{Uxb3dx4lk22)E z9VTZNm&W?~)lM(4$}AvLmCp(2K?3&C95%jR&E$*u`T2EC=~vVOIRyv9A|QMt;dcl2 z00UhuAdoueeOW-&vV+4#Le<1(;Pfu4u1O&4%vR#(+CL-Fzb5 z{O!L219$+z=@aG?6XtLKl^;M0h@JjsKJjM$_8&O_Y60W{=m8J_C^1k(piDp^0IUHt z0lWZ2fSdu)0BislkQ#^%gaaPHHIbhF_8%#M5&{_m?um)?xBn;$6d1q*2%dOLfBTQn z09yb)0E7o94UiU~B|toYS^#+fdH@6fN(>YcKpKDrU=5%N-~}K8{grGXG;RKudre0G2>v zfF1w=fD!{m1ds+`0aycQ0(b$4067Do0oVXAATc{{8>-(G%J^%&x ze+2wYc4$HPk~mTH`0A`GI3Uotx&Rah#?IxxeEv_NMMMzde?p7@I|e9#!^FYf)y&?N z+0)MU%vUbs*GT+#9H!?d(Xj~`GYy%=?Aoaj6)SI5vOw2_&;B435EZ+1 zG0eonWC31duFZsf%p5`*II0bX{OSWKtcd^a?;6v0j_>SyGBY#NGt=L$?pl+hN$U=E zYi_PZcOFrKv&;D#vwn<6lJ)p~nq@KQ`NQ(n_0Yv8!omF9wXt83HN9OCl#7_-{x|dT zd^|GxaN~Q4!xMK*TmP#9YnRjVN_cL&OiOqE1#<0UU!wlA(;Cl{tA7ui8yStA>U4(3 z-L^atZElX&fyw4K8C?+P)8j_<^CkCo&V;_OZ!;GR!+fMe%l<}BrxtwQpMyVtuCC&J zl6aPN^-w~M^yWL((Un@ymWZZHs?FzZY)!7&-*k3@PrjcaBbaZ##?d&^k|T zklrz*;r1(h|1seBH10|>Mc?Oro*mMBMvQtUj`aHALinJowVfvp3+!(1^YS{%0gWS| zkqs$(^tJL+C^+LavcG3^+|XcRsb9j?$X;|hcSq$T5v`3&0LxF>L_As>48Bu1+$7zY^E6i%0m*O=0Pp4O*{>*bawSjuIzF#PrT;Cp6V510A- zal*j3fy7>&9}cibHQ4XY2INlBYrk{L*-lk>6RY;rDiB={n4=w~#z?)*0OEZ6G~@l? zWjUMnV*WolA9y>V@Sq`gsd(LYHieo8k4%1Me+NpWT!sIbVF`%`FHhW>KYL5SBW@kG zJzV<#;sfDUwantg8MdH&eAUc(y`Z!eY_;XL@93(t<12lOJbyQd{>Mx)rN-g~`FFXM zlKi@k|6aqDK$s3D8z&TCpqm)Nlp-R~nVuQD6vf!K+tudN*pPJw^VhYx3%8jnm2fBX z*CG0qe)^W+Jq`JWp+V=Be@f)(on0w!_~(S)RS!EG4cI2uMc5xz@ZQLqG?i}cn=r@Q zuFKYDljiPJp-GuATmwR#rxx*Vyejq#@#9xIf-&^eV8>+zOSPEk_cJ+`b#S&K7w_4I zv>OuF$oP|u$z?tM*sc{Vuk92KA%!Y_qC~`@;>yOY=A!g{~mneTF;m_%oXbcJO@6fEF73b#cAAOo4+EP}Pw6S+?Y|M>3mn zah-2x0b5=mKSX5(@iv(LsAjSprNgW@PnXXUY3FMR$3 zCrbi{qGnR)d~?YCeUyI+ul{m`KkkoEp4J)i%*Y>(OI@8|8?@({HE zNX3Kh>H4{=eck=7KJn4d!lA$rwvV%!iPcL$0FAlNR3!Y(Kzy%{$Wk#Gux*pm zoa9)6q>93u&=^gGr5`JUUSc~ALX#fX?wK|ca7l3xE7(+k=%V9}9c$1Z3;j$xu-$lF z;oSBS!OOT4vhZ*DIYQB(?{|{Vw4EK-cCCv&En>XK&B}*IAlf{^Gm0F){rf1#^{$Bc zh0!gebKp(;^9$o$c4y_=lXR_Ea{jOQt$>=Ohow&l?o%B*2;h=o^TSR#Kh`3T-YGAK zyGF>N7*3Uwif`G{Vz`bMhoWD~TC!)EySj-y=Ul#^K2LW=VeXt3CdQ)0(5Tk8-@L!{ zuZqQzvn!x#%@0+hzPs9T&kK+Gb^Fm+z4I&i^$|ArX2aH-=4_xvYMmiH>?!$}X=h&< zRiL!oxRaZ7OFFoZN+%D*Uoj|9VJ-2tL`06>-AzW zTt~94Lz>Wlv_L-y2He=67FPA1nd|tnU;7=m_>qJxBd~lc5JLZq&L$B^hgH4zSw!C6 z#v+Rz%@5utlw*cqf&-~UrYW;;^Q>B}y6?w{QBaM0i!b{JxBM?2;m0WQhCJN9`ITsr zIpCz1oNuSL$m`rk*3rI0(2fW8ojvF-93Z5bJm=NJz^XtK+jqGJ?N{=3Y<=z;fz_3Q z@qH5;##CVndR$J^Hb32)@kFcC%~ldUM57$c>cA^I$r)g+l#}KURT{O$eRRfMDbP;p zi?;MG)(RQ0(b(2laA2)!ndFbo#tID(c$*6LEUVQ;bg5>O`jye;yvpn|V^j%mHHI^< z_#NF!H+JJMw3x)py6Nsjx#ogH`|sOI_`&zw>KqH-J&7uT0&tEAAS zQL9M>DW_%b5TU*Dm+y_2PD;w0LN{cq7NX0AASeZpg41lQyAV;4lH*y?E-)tvMq~}M zG-dVXRp1tfr;|lZ{#uxX%B65`dxVt3#>G&mE=&Qsqxim$cbAk@-fP1nbq}YA(a|WsqqI@rX>wl{q9arR>4T}`QRfz+s8k|JjgTFD@w)o zDkqxq?t4oVun296DD3>P@$JqNyqaRMjKa>EQLK!z?HC)wmgOBTXWBtII3JYVh1g;c zZAI8k4XrdwGy5dI%zzr^%_u^-aS(!w(5@5^;E&YxzALnS+c_hdJ<=>AJ-Q%=zmGV=@X1^xDR) z9+4wVo$2H}PCZe32{cI(m&h8Cj+A?k^SK$p42h*ZGr4zlcDr7I`WP!&2^|gJv|ouM zy{Ea%lrN@D(eT__LUWzbl-ABIdP4EAo~xEGYqI(&OY1oQ=5c;G5iQpn5c{N(&8dg| zyZOV3@njuC1M`xt?9z`6h0%7c#`39A&T_19qDFJo@WkktU)@99tT(nsLdX3RpGrg8 z!d5K0SUsBW5Xa$k)3k-}AutWA*5ewwEo%*n_f3^{9yqzpy9;W-$qSl;F~6yrQ!#T# zjH^StK(L&ZLe0x$|N7o}K|j12pcAk^;>T3oO8P7zF{69vf1im2#1`5D-M_=gTf!P8 zzGy{0QmB5f90awvO$ppS5eN`t_}-zCs*JvW^8b+bbK+&r;6A%cD~sAA={;ZDH*4m} z@tTE;9`+f%O<5b2!#lOtYp;gXIWcBuhI`{*Vnc^E_MV88$xq2aAAekO;_)aiKIHQ| zqgxQW?bML!gzf5)2#%(E-N)pJ8cUrWm9uy{`;5q6j=n{H!||Py`M5}9fs>#{gbsBN z)jY1Se!pJ26K7Wa^I+UDL)!vIqclr|(arRIrjUz9?h&2oX&I0v?`cnsZm0RObV2AN*@B% z=pRxKcju!q$rdR5XqfZ{bB&<(-fA(Tupqg^%+822Q+9{-x+OgKx_hv;VG*EUe|IrD zmNqs82HR3}namh9Xi&iUD;o!W_Vxl*UJr!bdU%dGsg25VQ6Q z9m}+M1M$0Q)+uSa7VchG+>*vya&7b}EV6V{Bd;#o<@htcdkSszFbhv~S|+(_x&B<@ z+$h+n3KLgkBH;Xe%ikkvx}z-=yis^Azg~9^!E-Jy#P64|j@~4XynOEjIyuvs6?!i} zyx(Iysr+bAx5j7kxo2soR;!9|UOQYYxS;N*F43&c?i`qF50Ov2Y)b5}rUHEO03YMS?@~+3#f#uIuDd-v*Z`+?@zy!?7MmZ5SeC52~uym>{>QLi!{(LTKINY`AuTm@g0z@oam`S@M$|C$;=LOmI~B zcljS?^yeT76MB0&98F#U`k#nK#Rx%P+8wjDL>;7}lpXq7sfNm0FV`_m7IZ=9VQjzY zU_AyA?{I_pjibC#21wW>yWoDJV-$wUmae7F@giR;=IP|rt_`ZmmFTc9CX}ZP2#1xY z$Tyo-nB`U!yK870RO$4x9*|Yyvf^huHzC$rL&40_N=0J)^U(hvkGosxmtgA3B=8tF z|7Rq@yanO5XcOsajIAjK%p|2RGG2a{?gnN4eY)lRWO3u;Gt~ALp$K`T5*s}w!RKf$dMPcl87A?-b=Oi zRaymPIsH^W%{KSsywL!6W<1pp7)-jVhH93tje>i1%I-nyyb?*Q7Ow=o<5^D=>7NWd z)4{pCH^ULkE(c(XSFKr+Zg3A)LLtvZ2zpGZO?J!*>ym|ZzUjB%=v+Lku8?oB_=Q{0 zga7DC@e`nHDfty9)q-x?BS2TC&tC@d?@CwzT9y!+B3O(IN_CaD2I5i;g&n8Jx0<$7 z&og}scsI|KZa?ZeZs0aP5DPK+F{eecRd|v@#lQd-*mNGmuQ#>|nq`uTddHB$MgG4$ znt`|&Jp5)`8B-^W4t9>7*-BeFpZ>o+mABSJ{5coT_<2^V-Qf7etV{{ArM_^=c@w4T zDobO&^-(c!je3OG2ESChP_R5tp@o8b*~*(dWrSyu>saY(PQ4h7vLk)^gwV zr|gxA!W?I=s)o(E&Kd~4x;d@0b6;^Uyv_-H7b-)GHF+h=815p8(1qd(}|Q?f^>xBNm>hmT7DfMTgNB;O73P(1acl{)AVV zqX#}6E4e6pDhFQU)r3>Uk!t!Qd2Xn>ZRP>OIciAirhX@!_YvJ}UKby70DLcVax1&p z!4{rOcsjfbQoq-SUSMFi(_FbuS7>#zPPyA*j(eT?GL2ZIDzRr z&!)ZhE0w(z;-tXD&0ERGvWO?VP(l2WfQ^0&=E}Q%n;@(w`^6BS=fP#R?r4_N{L55{ zNk*6Z{#}QGu>>o*mqRz79fwkvkOZhwA~lHw5~x9gg4gnOmRzSoi);?(UGnw}_B7jb z-V|-kM-(eR;Nvac4=|LiAFqu46kk z^irZ$^^(Z^NGThjo)03Sd^QS?(7Ws;TXt#{e#PJm?Zj?Ye0y@eJAU)RXDwe4)|00S z0a5ku&1hi>yy=%b+CLw8tOkqP@#zY->#=H8di}Wi#Y%gXqJNXdI;jE*;(y&{agDpR z?V=D}v9vi<;RXgG1GVq{zPU#Ec=*<02Ju;HktS;sl+u@I8o}MiTug6K2>&QL;KHKI z+r7SC?-C2*#?Qz`_Y91%52?>uMLfnxbbkzW)`{LSg!~nJe>79d*p&M>>TH?HyakHe@fl2vV+pZx7 z6J-Dc)xWnbmfT)}pJ!^!+0 znDr}146T4Sb-gC^lIvg`CSQH*1vt2H3u}6j(kwzwg?X~*gK61y?W{#@kFkc z3)g1>Zt#p}IMLSPLtlHtT!d{qM8HYvrR)1QRKhV5u(eB#6inY*JN7f_iHEJvuv zW_m-W=aH4s*wonB#+ZDNi81J5@0e*FXRVRhMgMOS7%`OMKU)QMb$C(RzgMu_bQo#Z zweOq8{)JSqG+dtBUZoYPt%`S)xF1&^s195)DoRW(8IhqnaKNl*)6rXE9}#aPF+&7n^sEfB~RW(m5YtXeS=_jT}ImgMY@a zY`u*Gajv9u!yIq=$Bg*ULrmPMAIhol8^Y8|fIgttm4crqyBqH>v?Y3*$1UMjRtlNO zcmdLuZ?`s`idnJGf=_utrJ4q)R=xhYx~NgP=%aw%SRT+#v(V0smbZTVE9qi{c7DdA zn)xpnPgl4YrY9bIV+tw;e~L*qLL2_NgMBdQNJQgN|}iKGM`1vaax5RBi^_+8#CA^!fCSx7XYDF0Rb z)Pr~&)Vo4l5u^x;FoBuki`m^%4^^eef-+&hhjh?QN1%d$Kwd4L664MSKbh^!O(c>R z1!O!V1X&{Q8ik-^2I`J&t57G@i&9RUzkxbr7lfw^?wjD6c zP|m;fT3DrESA@Yk7vOiiA_VxXk$O@*Zoda0m*3^Sl%LPvI6ahhEXh-$L?3|pjvWBR zO_|sd0H&P`a9JF902p5~==UKP^P5@R55UMhx`aR`RQLV~$TvV6I0{5S5R?0l5P?uF zgb5_P5ND{c2tJw!j6QQ5_}E}=SV+!WoO}BoP@RN#7@>!Dz#nA*H4(C2igQ8_AQ6qc zyh%-VP=M5-P&~_fFpF|P>^UPLkv=-(s{I<#JVlX*)(T8uq2)Yfi#Z^{UhpKL$2%oC zKS8Sxh}#unj;|ox&|J%pMf_KlqQTvODk2lqaO31YZCNk zcSP^5HBZ0L}tb3p+EXquVgXGwOh?n4PBX+ope}nkVsVbko zpM{2?lLYjy!IzVV>Xy*t`8HsM&YYz#=(b=>_z-GMW^RTV!u8o@os;M{=R z+A)-rU$HMI!P(&wpeWTz;4Zyg_$mJ>o;ddS`2;pYvO6G<3euMFXmIY2v8QMjB+u%h z@`qoj#!RLf3O&+=*FssV=u-u0p?s>R#3rP#d_^OXrCjroxLl$HOW~K)w-jvd^JdCE zaOndkMM{&_XY^k$?Q_NfGp)NsDPJI&a1sO!;u=+cf-uh2*c$2Qoxfe6T{_52Ly0jg z5P5Q4gc`UZ(J9?O4(=w%3+O9Q2_%v<>pU?$Fl?xA(tEklW@bPh{X4R!EHbWNC?R3Z zNGb}Og}*XU_4=ni4%{M#LV7Rk>X#N6hOq1u5Ku0Z`nbyWSFMdQJQyB(zKA@@1RYTD_VL5=%}*#8j%4_s!~wm&4?0#*=(es zG){-S@#JdRTq+h4tTBN_>$tO;xCH~iAe&kyI@QPrF4X4U9ErzEJ#s^gju5tlEF3|~ zhxJc(ViKucY{AON-zZ^Ngo99s`WD4EqiNunx(X*WYMmGTo6d+hQD`Ht99o7sVD zswF4WIrVjx^HM_;22zeft(awpL)sYfzG6`Du99}iWsxoKw^HWwvPJRY6M&G1WBvbcg)Ov1O})V*KF(FvHZg%map>$I$kMsiXu(;u5x85)BzL;hNk}g zPM9e=grUQ0%q~J&<(x8LDwX^h)W5pn&|~t?;(S(okmCh)cK&pS(+wWPZ5J8h00=}q zaafyplS*nR!b;FA@M)}cx(6DUM5?Sx&V(?ndzXe7q_Gz0H`Ux>%V%k9P{(h~qPSo;$IJUi}^ z35axeY4zvCdIpPqaUr9jg)wv*mv%-*Q8{gF596qj`|>c*cqV3(zY2I{>q`Hw`y|aq zD6HkuY09l7Or$ROQ85xxumNN_^%kY?+rIEaLha!-Z8f zh#gns$GE6EYsHTqW7|I|IP;1&&pPsRh!@EnYc$S{_R?EfS+m`t&}8;+xuRHomDN_A za~8y|pVd+{!j{cC79|T-^Vs%1qK@$E+fQreVrOvXRp)!t;7qr9RwQLD+FdELXp2&0 z)uoB*o1A9vJuR=dSS`9dTXgnBWRyn4o5F$uqLAN zkX3GOBF_Jl{s}TphM1x{feTI zg6I=(n0=ww;jgZA<+3KEuy^$2!RP_KDDxqvki@>e24z$tB85GgE1F-=98t4K{uD__ zdd3|s_)&pdo9Ff8ymAB{w4uhx&&@3)S&p=`v9piCLBwP`mW3#S8^aS?o-5EfI~ToH zDys#wC>_N*tjt3uU5TVMLB-rWWp&Q7Yjzn%LDlSVf043*d@h`f*^J?KPTn4{?UJ*@ zdPDe2o}iXUeqK6~ko*8l3h7DJsgtsg{A8Q;fdq3Nf!wTX2gp}baW?8AdQX9v@FU1G zw!@&e-Q-L1HRrY3O;%U+1(H$1HV~ua(>OWPTindNNFppYf3I~FrVubr%_p7WG{BFXarkP!W7MRPXn2O@2a|Mkk%F5erl!I!U#)CkSbfanI@?@?k>#mQsLQMD-o$2O(ydl43Im!>rdF+s?99zg zWVBq+5A;dFG4;Pp8Zaq)Ag{Wa{R@|r!=xL)jwoCTI$MDq6~~7@q*&g!v@^p639>plze6R?vxaRIg*&A z#j^GE>>^`(Mt7Qscxm3pXJf@@$Y3v#fhV~ETcPR<+eDV)(t!%F@tTkbyW)^Azy+Al zNoj$G1D01IflUTb=UbjM-~j5whARC6$Ao3;oGU4Tu#~7YV<4ds6rvNDz&Qy_F`(u3 zCRcsKo+SpRop1V^9&&a1BknbalH}6JYqx3f?DZ8>s5GpTh%xGSd{94l#&>>hj3vbT zjpb1iT3F7@jFhvO@R-I#5Y#x~62zqOA>{ERxxfXD#Bnu={I1K;ACiC=#~PSmL3XXs zeQ>W@^IRPy(y?ZBSN;H(DexmUY0>B77(i*+y~7|MaqI+G3`3lZd*)q^XRH}il=Rw6Tdy@)@ns0Y};mK zS!?|0%=c3)-<{fhUg}DXgEnrV;K)p^>gDtl7Dc;urVUFlC9XlPe2N;BKwmD=&?)76!%XIhIGQyqY-4e^}vnr>|@lPwj+&{I*ZnAvwKhA_hkGf)o7 z3Q1j=Ibo{9;eXTWT@ed>j?WB8YN%VBaG$mz(9WDyU#xL!vOEjx2hA_TZ^mq=#sj)Q zs;+aE3wBkVtf~me)>H=c-=D`N#SLNx-(9KACfDf>^V%t$=xm!7L@alzQ>w|MkUrs) z1!e;?m?TRrpPux1N^!;f^>y0_{)lft<2T~xQqd-}YOedXG-h$hvBa>U4r@OD^JmQ! zjh@(pNB9WFUx`Er9$0Aqd3%ezp2(2Pz>H@o33kV{4OL4MS`rLZh^ILq&zpu-nSxyH zE9Xv3C_13ara=b}>kN72E8(m_tq&NnFf-hSv?YCQhpwg4%C#9`)04)Bi}N9Q zsr;Ff0$@Ox4QX52nQ8u;TiDIzLmg{ghSBrVyFz;O>Hdnk_MmsPT8MzO9Q8^)IK0hY8WV*&?hA# zhnfTtC#F4=OUofs@*t~QSQU!$uu-y%lkO)ud~IDc%X)I6?+Jx5c@Mhq$=)*m%lTqp zfXnc~vcY9jKlu+pk)vZMK=N`6CIi1_DYmkziTw}&Mz*88#(oI`5O9cIDz&nzPA!X| z%KiCrJWzQBu!a}AFw@L0Y5f|r--#n&Me>MM2xWMMDS5^{;Jhkpx0F;#|D*W6`@{P| z+UPM!)P|2r8&2v-zwAJo=HlblXqN?586kJo*zx^QKE`JbX6sSy+?Y(}&i!j$bl8Aj z>x%mm77u#wFEKNV7m-u@MLQx_aYHCaBU{rY<*u6kv*elEkefp`t7xTlpf&{zj@M3 zH)!U>Km|S?{aeuZFYpU|O#bIIB1G>_9@a<3Ey|9F*;Q+%A+WaYm#iCYp)g`8id#u` z@bW~(21ei}xcwno4R``R_ERc>o~$0#VTE!cMF#Gq7tIT9V7W9bu^|&Tb8x#-)CtU4M#qWQ@2x z3XU^aqP$n!DVkLQRPxxH!oaCu3l9FEaMe37eu2Vm&J}X5VIqeum&9hgoR7G?IB#Bc zCUuJg{6E4IYg&slROzq*7&{t8*qHPlmT5j03JkZMuJlO>Tk>$o70~2$27b=e3m|7= z(#pA*cDYFb)2AEsXV25$;GWs;m?sqx) zAh7~_YM_1<<&kb;<26tGGo@$TNi4hZG{5oeb6K=#=0T>R%&DmA1zThiVOWqvJ7&K`YM0 zhdyyS+j6+o_#`D zsR)bBTyPm`TA67_&Vb@M$T^bNY}4h8k+^CnG!)?x-!Nn}{v^85`mmQ^apBQGrqYPBUFG#SGHzh$ z^}{e%Gp^D*6Hb^u*YKPI z?uPe$%J&20LyW=SeU!N^nXda&QT zZRP40`{eV?itlTd=;d95{ImD>?!h2ME--r43RP#-@t~CC<<9C!x2*_*n68H3tQXql z9WA?bcNO^)@X@@fNmC2O9NvHbUrhr#{~k4mbM3iY<{N_sU?8_XkjDzrn#Y5#z(e`_ zl-s5WxZO?8+!WA>xB6a1S+{T*8y950^#(E&8w%B+Hoe4~c`B#Kq}k zrNF7s`|7NV>~g)f2C0Ll!%eeE7i6}tkbp5(^b{AS94}ThQ8CTXV|v5s&O8orNLezk z)$76!yJF5&8MJZ3E+3+}iwFK&1^*c=25rsoS> za`z7Q$<}k=dvb_MeOKI=@ILpT93i;lw4gj0+LO5 zx(GU;*1*OA_?y&A>C6G5C{ronIz~EFF@|((&@c z(xa>K#Q_`UDk0T5iD+uY05cpX(nXy3tC{0_?Sx>gHG^0(crg=Sw*6W?KcTJr&uw<)gkpK|&SK zvxa!S{V}!A7)x0Xp_K+Ax`ueXyRpgbsIGzVa}GGPwJf}+F*Q4+72T8OtFcCo-S06x zS4c-rOl7H@S&;w%3DBaJN4PnqVHKZMV(98)k#cHGWkki*#QW@V`D>le2B#5_`~;^M zM`>qNd=octLk51%Q7KW_yan)A9srDBfaGkZ8t6ZGD5M^g5jbI~%}W#;`YvYZVaUSd zX8834K*=~vywISMa=C(k$B3C70g{>IIrxX6m0c&^6wt-VDeRK~$erLjVU?t(@QEix zF$q|FpgVy}f>j~olp*8#&>gOB=-m!#=91IhI;uj+{GY}h!+h_$%pwfAvgCdAsnqqE=n-c`cS9UTX35(;4 zY$t_;7g+z0g$N$Fb8uxUN_9+;SXPF2fEMok@1 zsi10`47%;zxiq;+clk-WK3$aITR*{KbjP^V0B2rox zIdZ4yR3o{hfYTGLht|=OY+FO=c$=_-B=I@vd@(srTPkE1;QA|mvIH2`fR$s}mWM1@ z#1>Rm-Kkxm}+y>4qiQR%U(ZjSr7ND~WOtP^`EzOpQii z!PYxLA$h*@z5=D38ad(m90R0q$U{Y$9UVoV;HLdZqundV_n*lcqRD zMm{1)#z@}Ep;gaAVP86#PbpJWZc6zK3K zl_ld!O+SP0pk^4}nN4#~wydM%2aQ}3HS}QXPZBH7SVXTsv z>%J|~amP<@4hh%w<29LX<5UL3CQC{NeZ#ea+5Y&BN(Jjf629ut)83dleCFs6#EBDk zDg3zRHxB_74fw`*LNsQxg3tQ*5CGkAPe#4b@tjw&joR#fi{nl#^g(8fS&e*L9AAY7 z&h9<-&Mb`duu2YA)NREOYS}jCXFSW{jIk>8g$U1tN=hDT9yLUBbxIv{#xQ%ZCA)s+799En)%^j5M3 zhm9=bzy2n+)&P7(z%Qz~u733Z6`V|)3*DDhhl;4J_`r8_ziAnM#T|%V?xDnzs)09p zaQrbpO{5oG%XXXgiY(H&w|l!=ULW_zK{00zC=k8?j0keEXU`z9TxP#p&)5<+BFvlP z(M>nHFv(VDpErS3ER*YdPT}A2r|R>1*@v@?v705gcFX3JynZpX?(esgK{vHCows}Q z^+t+1@Ug|%*4=Iq>{Sn*Z8NBs)#78Kx8JTIun}vbhgr;%5+eEJV+ql{?8qvB`9cAN zb$r+C-3+VMUm<#YQoj|~x`C^`nQMKQzpnQ0_XlQ%V7)GCM>4!!$L^^1?*auZh~ksd zd%|Hm_R@Pg{8HJ?c@uvX!a$%+Q8(BZ&9mY}ewwmCwtYI!*J==kYMyk;Et8292=YU2 z!D>PgcvQ#0Xo$9QFJ8fOY(r%Lk^QSpsr($i#b1!|<_4fs=woiU8Is&ZNA0_W!1KP( zjGBf>so~Um<0k)!DaIc4$p^Rh#h{eM6)V>gY}{j;tvdZfdk%n%NA|9mvS?^1BDnkH$XU+yU~cqf>`?H z73>wuq%@p+It3d(4M@4k<N+Z4)(gIfV|Td%-Tza)TY4T6oP0 zaLPL>=K$Hb=LF7=zV{GaaIs8xJcA^yf|e;j?}Z8U0P*oFcDp~X7nOE5@%Xi>sA1KR zB##39i-S1|G&tKI*!e}2F7K$M( z5XVQF>u=!!f6!{6Wbo++WW4oW-T7OAu3kA4+jZkK7M5uQ0*ufRhJ*IcW)xoj_@A9u z?eN00{=70QW`mtSZ!@u^?|>qin1-z5x-v40CI_dZ$T#yc`q!6u9~HD+=E`v_$#je2bkmszfcEG^Ar!)o7&i$tegO z)lf58=7?zJN>PcTLFf0$Tb{0#TwVEl=-$gjnhN>ObNA|V%7mJWzZOJI^kb$33?cgbU#|N<*wb2FTk4!j*fN2oo0N25r1hxP{zC+g1x^cXY*(N z(wbyzUoL-~#eV=7$L6$yE<0KpEk-JTTG7*qVZvxDg#>?nadp%_40cxDb?LoDP8p~x zc;dXsp3=$?k!2R|2f-9G$eZwyR9)WBZ1|1lNQGDg8}!Gj5#*98sDH<5#|AA{01$LL z&Fbh39w5yugRDcl+z}y+S`U_`Ym_lH);TrKp=W5Ick3f+8eLzZ&d3Mzm`08zW75oP zZDvxNG#jqarXl6>eDN!;w)zw5r1>)F$9FHc@J5Z5PXG*xce+mb{6QJe@qYrru^h5} zi;J2>W3GZY_^C7c{K6qlY=$;#j*&O#Es&ZA z7N<7~J5XY`E;oo?LNxbN+iQIXs+a%SY_-`}`jZ$d4y=x4;)?DKA$452S>D=Cq>8RE z(|Uh;zq1;q@eCzy@2E^@e$3YwVFz0Cis|z(r#E;__r@CLzy)~hY!agJagUnbm@a}! zyZBfv#NI}V z3QQXQN4LE(IvR{mBxZn!-F;|neFo{Gz+tc8a{D!_K%-n74KJMSKOLVh>U(Z|v|3)5 zD5SG9tyFfRs@u!X3@}3CX%!@-nK7(MIj_tO3QEs-gsK)LEJ4{vSQjTSM%G*wenXS9 ztlV>X7RwpJ@R380%Xz+{KAu2!jxpU?Ru)ffpE#am7A`8oI`IX6ho{TnqRCN%-AbbJfU>~ z-hjiAN4${77`F|uM;srjXZ!NYs!itF@Gd!@h$7@UX5U@2jX{lC+JU^ZP?_Z-ykd>Q z87WSQbHKjGgfzXB(>#eY$+UO<1W2r$38m=@Gy^5bI+hUkw%#~QH3aRn(59|5K`z`^ z3$!m_M#0MAKer(jS7Wb2RGT1vGU3epyvfsl=3F5Hy}s4REPS7qv|_G_Iy_sd`BI9* z3^!QUOIfAlNn(Z@d5`Y5qEuLN+BIIiUJ%)6bgdqs5Q7c#MZaAp&fuL4VJ-06CG+z| z5b~3AZf=DF9+wasYv6JQk9w!3v|R8KASkB3rSkFu*^p)0MW zTC##>caN;>x)IyJz&GqQ(j|A>sDnQ@X5c~&ijG?Ar?vQ)Az}q$Lw5zZIGAjlEtck6 z$=IC3;2aUljOCXL8Z97eogxICOuOnOf5Z}Qmb-x&o;JfBrp1T3)e>^e6(!GxQi~C@ zOzk`>+=WelGK4Y_$21Ep7H>ZKdwx$y4QMYS1d-s75+GC)v$B;Q` zr2(%3=6>zE?W+lRSC%(?iK;Q%UQ^Q+hz%kG?Go zdfa9-X88X!#U5)~BUBw@RYB@OR8Co`lf-_LG+a z1E)QaA*2@kmrW%P4Df%+SpQ!p6aOV#IXQb+n>hW?V?t-Tp^!agXI6>*M%c}nE-oGb zYqz2*rl$8sL{(8S?SB*&PTAO9z+58bHh z>TH4;G4D}=lk;Pa<8+d*8#im+Y!c3T*5?)2|BJbCE81-1=4N|w7Oyw;sg%#>*-p=M zv%0%JN5;;HQ{9#vWdGlP2$Ods7WZiIZH{cu=M{!O4tM8BKV;6}bfa67w&x;~)+dLj ziZ_WT`t7xX$;-{0Cya+3sf*JqrqvIdSn_(O%&z->cly$BT0^TH&rYTukl2Rj!Uz|3 z^c-!|!E*h!+-=T_fxCCkte&oJUnC&6A6sbUvL$YE3CvE>a}3#TxMg}~`?30wNk29q zd#MYYs`*_@?2<|5Q4XxtZuOQRA%?S zQ*2|Iqi-2G>94$k^vg~l!j093TJG;(sKVc`J6(b<=w369)>KLh&Hz}K$z7)CvBky-o$@d>^^lk zw&f1n83KlFtZYw3v`orK&1p)*dJ5fGm7BFa#F|GQr&uM?xlED1@oHUOA5xCjcH%#q z4-~Wv*L!E^c8WbCQK)2^XqRA=o*YBkB=xyFPVeM=K(>clawMT#m@T!pLD6{&y9et#?5;ZCl z!FY(6v>H9e_=VF1?N?sPuVWUGEiH%QZHum`n^m>fcly}XA0Z?t;){efUtO=&*PW%g zS2FGcm{zbRFK~uGsz=MOcUbn$Zci(B*XR;1?1<$DR{c3sgiw{*iMot;h0*YxnQ^Kw0{{p013yXFliLV1X_rKbK@ThnGSh}+ zMt=@SMw?nj#wDOLG`wxB_Ap{XsdCImySqIKTw+7)gjb6SW67HEHr9Y6BEt*_FiPj3 zVn98jZ8UYYm+fP`4k^lAx!Vu#r|*QW|PWpyG^r z9^09D3i(JaQYPETNL6ZP(oKOX+se+z56RZ4!^KfpVD`K((O)O*UeOyT!TH9Vu9;R< zAo@HRX2wI}KjyY;m;V|ilMh#-cO#IOUyLQ&-8~UbDsz`QqKql3`FS;Ys%}ZAB>lTI ziO;9esbmdY=7dCb}iZH|?q97}34xEfZugt>|?Pp;E9lvDyQB^${*a ziBvxV?X0l7Pd03H3%tBir9tMBGG#QsK@K;_ ztN#A}!9`bBY|qoGLl ztHAp1+csq;3shxja(sC8EVED|euiO!BT3VFAaOPpLZ)T<$$@U1x^%V^qA?XB1;M@e zWQc}G$-q1&)`CUoXt}wwL~==NWxtK>V1||TuRozjhJM z&L=Sxhj=t2p1x8InWw~YGunyK2NZqlzN)J%*=p9i(?n`^b3FXJqi>_SS-Ce0kej(` zV-|i;Ld}e%F@?&ay4%N!&eVE%M|$k%{m1X8`@2U9G?I0*22P#C&z-BPTiMRu=RHcS zumYy<#|?~tmLqOEwSMHaNNRGMPk*uP$GX32aTt-Q5)&5=wf8j<-VK>BQ7HJu2CBeZaHzF0#jv*YKij+>We0dlUs{qH z`Zai`K3CIN{l<&!MWjY^Io@6(4p@=T_POubLWj~WHRA>vx83Zi5AiXrJDfFi#`|F z*I1XSvg%u+YOvrjHJ89*?bfP`ULRG(Jz;~6#=Yd&{YHFF*+=X+2S?;WuxD0n^s`Ps z0qeatN}|#QeAgskKEG*}_p9L6J2C+4?U1ojq8dC3uXTBS4lz1(39oS@u-?}61W04k zA+X8?O?Otpp&*S)1x;s4uW@^B)tzt&Ic;?@_!zMja@vj8t31E z+7^HXv)LmNkaziKlJoDwYzcor*y-=Xcwj?*$)En%_}E8yZ52sqPNv15@Yo$Z38Wh%u|=ll^#`YmYM5-OcY z*m%^RV=wWlGC+M>xy)H$zARyNUC{k(;B;kxdL>a$TK#l>8^4(MDvQj4z0nxh0ed3P zaQ^IyY|Rc1vH==`<9E-1NyZ5UV0#ifp0R?((UOKL#-8rOqQLOO4J&SA@hC4|%r6L8 z89iErhSq6KjI6>5C};8*V0~M-q8CX?LHP-AF1@}L9J6`>t5q4J?V+3XLDL2@(e=AH zddf~TI&>!I-&td0=`P+|V}sV7yR*Uut~zsLh4x!<=0p$fvEa;(7~EyVm>tr)%ZxTU zpm&iTt-B-W6Xn6wV)55Q8Ig0Nf*7#V8;FxJDBZu?FF%M$LjCHXfyQ+2*ED!62MD`n1vUyGGB+{}73-BYQK@Aq(M?XCsqap87$ zbpC*JMR#q3>@Wgui>AosdCADi{{v8kJTH|V1>v#|d>Sk3Ex5C&H3k-|1=$j@jv$#{ z&|XmglE->Q%D-6_+GzUqdzI~g{~A$-@YO4_R8+PWvsBRdPmv*O{ti%}1n3V_pep)L zP@ro5MM1H`q}KGC36BX&@r^V;uM#>qDlArmq$(&@5>c3#$S5Q$XQe7_rmoMbmIeSm z3SJlimPc!){}b|S4Z1|KD~1g+mbF{UoM++9;(}kx-Wwj@4Pd4M!Y`Yi2b$7_ckKL^ zy;v~l-?FO!2v(vl`jZ{O($~P7(ToLy;L>m|?m)3)_#^I6-sP~GG8mpe%W(gD zHX-6!e&co@n-a0P_@(eW$#o-kM(5^GWm1d*DN@?HI~~0ikK6PB@nM;`1g-RepajiK z#n971mE^wxPFa?s0h7bOFT;woyi8=t=K;JS$6NayG2Cs=SB-aF+Op{DEDCu|X5CBh zuduy<%U?|MpW{6#$oIj`wMP zwPFjpnUD#?%D?Dy(t#J;>w10eCRE0;tbr1oAigh$rCEi@4Zk?Q(0AOX!h$$peoXIBnfvu8S}xk(&Xuo zH;0fz%vuScOc!U4+7U`}$P{1fyLFxaF7?;D6&S&V?(HcI<3acK35D>YfBT35deOgo z#yPv}|F;wP;^Ouo+zI*wy&-PJ?S+u`!EAep*ZR-;LZgvi`mW_?sKzGaXkul`ad8K1 zN4;Jq<3VzdvSJAxmoClkJYMV7%VT&5tD(|HP*_MaF8sInO)-mY_p8*$ItI_G{pwlw zgEi^foU-k&5dH0`V(#xkUWdBW$7^wB{V;WR1ZjZR_`(wT1Jz<+S}50Y__XEM=_4x*wz|G-^rOK20v>m{<$ zCXCfmz#fJVy0Z+eWaEr<(o-47<61SNh8M-LDG&!CBjnO8`RF_f zpt6`#ZIcPEL3PRn)uBONV?tJ2v5pmJB16iMGw06*33j#%US>cwl%WO-BK;p{TQk>T z8bDnk^55hCxTZ|1rWz0YNK1wPdj$#d`T{a~S#Du|O(Vgm%YY?m(ZSD`&QI8Qb8N+z zmvdxf!wVMGCWR_Ys9D5mV<>jO=A+BYH#%m(B7PSC{af_pR8i&Z_9*THke{PlR3(lW zsEGI`D3#^U1U@Ie%Oq*l-yV6}%@9L5a{WK^HeLs)GUP8qFdOn$5HMx+W(U`v|6_zp zS*K~LivglPkejUd4f%60bUO;rG5`qFsa1zb`9Xj- z#gOX83&tu#Sods~2%(BNcs%mdubA97-DKC`mG=yTZ!f66jL~aYS8vq+dbW78S_XE#N zLG2WU#vg4UA$N+se9y34#|l&#AS{nV3*&MlG?4j*i&cHWYDfD=*fmf8kT>F;)Fab` z1bO#!y_**m*VUm(5g0Y#&yJf~UB8=RW@gasu(0VF;Y!)^S8HZv_Lku6wSR}iv)Ttz z+$(69TzVJ?C7-Dy?luOqqMWj>d1`(D8 zmhMIbrMn~+Sc!$Dr9rx+1f{#XI|Zd%8fg*fl9F%H>%HoC-|u_p_nX~$o;l|~XU;RT zGtZozIh+%!J&#doC@BJSA{zW70{E1-fSYv#w4Hc{>keGGG;ywAHpj0Pri`m% z;JIThIz5Wl(S<#LDD6_fYra%2>5}U;!WSne#pn`67W{jHq&adq{Mj;bYChc`R44S< zGFsLjvJff}CCA}Ls2)U=S2#8Y9Ts61EXtdnB^wI#c;ZmVBQ$4es?NA(BzVLI{Q>b}u7iHgJ8MkD^DlwKjp>G9$8L)?#lVjhy z`b?<54~PMr0{Xz7rOB!XQU?s}<@@jU_ESFNOo^p%Twj~0%!}aC^$C)a3A$&N1}h6q zwI~Xd&!4u!#famU!ik{1mTyRI3jj=ajSjJcjJs+P%N*{Qx}RuYhfYjAe#zXwTJ&KC zvuBjoorC>a=8y!W!);xIAn@fBKqoO~fcz}#Es^GAZi7)f^QY?0}p%5_&^JyRVE@~1dz!A&#O)|x1?kFj= z2ZXM01_szOyH|8e16wGfUsHHd*|{_8)w(#l3X0$ken6>eVp%0F$k;tw)LkgmKUg@t z>H`@nH}Y#P2p)+L&zwF7W;R(ZVP`yp(p&q3oviH|3*URvQ+DTlk`6znvxRm`nlxl3 zA>hXd#?|I~0M-Vkxk4U4K74t=Q@!;_&+3`I)P=F?m_<+1<88|&8*DKTJ5``ogl>03 zU0wd&qL1}C62mZ+YRGy|bPZjk+j1p(K;@F?D+e`I&}It$GYoBgk!-*&AR0LH_knu_ZwonP zo7xJAOFtLwB9-b?suFwSwIvu+j#186Lt5v1l@d-&IxPiqu5Kp3RaEf#al*;XoOsOh zUQ>?A3=Vv7RJgdA9z#Si4G1{5fk;K!kW$QNGrV5r%(Qo#ro`LA_4Y3!*pGY4wo)SU zfm)Xw%iI*IhGkz(y5P7iPxpI*;20k5%aI9hHQl(6hr|^0a4Af}<@4x_ou=H#FJ2_3 zoSeySct`-6HW80yeQQsxrQyl_U3k*$?x@ibVgsTJdr7_B)nWGO1r66F4m7Yj-pocAm7Xa^Ucyw0n;>>n=oY3_fs_Bd zuhW^0527Q=fuTi>GYQQ;bzLGJEPZVrHNC6V4t86eY-k?0fdybs16f3+K^cTD>=30t zd(-k`>Xfr4xCBxb)_>gPTAx@XjjPcM$y(bljV_M-*NSkc56F1~=vPZL*J7X>jviDZ6 z>RqaZ9K9@&v6X=-MVj=Rp_JgE*K3xZ*~%`!qg7}?cnl#{{9f@^@GGpq8hmIMi_qd(d(mz_0+g0il{ zSiByhhC?Pz$T)qAIZ=V#vn5OHv9DNu%lvKZ!Wa)?!s<8LNf(oZzZEVDF5TT1^=idv zO{?Q1YUrR8rkh&{tP9w#YO_aNjnnB;MV*QEAwaD2#e8#TxGE2)LUT-Sl3l;FWQKOM z9V0tK&abIC2+bz^&P4ixLA1xzhxiwUjQeF!dZEK}*SNQm+i6{&=!*N4^W;L_*lS=H zRl%Mv^uC7>*DwzF5JZbjS*ua_is{DfE4}PMLei+{UPh$Wn}9TAp}Ud|w|8GJ*jE&t zpi=OaY95Aj=92KT5s^uxJ=hDIBOPAV!Aj-Iy!)Ov7XiwW^%P3Z@_|3wDOq(k4Z%(} z-rNtCWU1GjX*?t3|eD zjJ=ybf1}cLiRPYvM^ZR#KBIM5bjP5#nZu+$}ePlrqX>$=6qh;gr|KUWF{5 zc?+|1d@>u|9@&K3VOimS3^%|yp=a^)zZl7i$Go&?I(^HMc(DNLcX*g}UuJ-r)sR1X z$2gfX3G9U5{*X%3sPzl_1<|`nyE`I}_}-D;%B2TDOvbcEEN2_7#tevXkejVyH{ZOn z36fZ}^()?>ddFdcS<8Llhm>}wnn=eYB&T$k%3PU(>4AI-U#A31A(0$t4)(BpcVZQ~ z<|eJ}ag|);YZ&2&nSc1Q^xVfC{iy$_Z=FddrW%drY3~&kKQ=VO}mK?^{e03pwU*BZSQ&sVwMMMyl_OVN+NzpSDxFr6jzk8a-}lqYcEL#NG#SV z_C5$mt4hq4orP4&?YR|~%*&CLw1$eNO!s4_S>A?(KC2I#RCBTPAHyN?yfuF=%oIDj ztxwHrxBTM4Q+_*&ywHyGy!+2vllWr!*(qNTrpAZQ$5NRlv@ycipBOlE@VW@kS|FyW zaLVpWXIT$U4|TNk16grjoqUs$uFS&HSS@=ulNW`Q_{!(?swH_q@njpUzD`6}nA{x0 zQ7t>@Fv&XlgOqKJUenNP)T)#VzhV*o@v<5W|83rmnTl1a@t7f-=GWV0o0iQdM-$NN zK1Cunmx0Rw=RuJdCuWKVnggEhyE;o>n#-{pbfl5-_A$yv!z>~Q%Yae*wO9CEZz>-st>C=fXt`Ebl!iH#&BdU~x(ileZ{)D;oI=Un4k5(P zL48&G$fuL6u23~EnS0`Nra6!Hm!|zAuvq41rp%fO+{<`UEC;{QK|Z;`+M+9i{c2i^ zExuAvoz{4vzVD`W(v>P(K3@<#Tk?GRa0j8ZMrqmc*v(CljeeJG9b0&>-LpB9GQsN9 zVUvGOb4Trb2T!m@GSy4As806N!M7gCy%0$xNecV~O~Ht< zzMNWq3Rd1M)N7m@t1`{tf-@y00s<}*(qC5P8-G zhPylf-0)MwS#9hEeq;&LI>KxOphor(djT6GYp}h5gNXpt7HspAMc`Lzf$s(VxZ`34 zv9T1UwQz8-6#xRAot@d7L2OW%Igo>&pC9-=m-ersOili#vvq`7eWx-t0fMc-H$vG1 zIoLRWKWT3y{BMQ2q5V}PTNv0L4rt`?T`B)v#eU`a6$|c2_HUtY^zlPo-$jSJap3~~ zxc(`%y*0$@zm@ui7GMHD>JKibu@(5&LXB)7*8eTc4ej@u{s8#vN&nU)M1DU18%2o- zeOH$`*ai$Ua)81_6ydc}{N6r()QXLrUIAj`=tBK_hM_GC`V4I10Oa9gx8|moaD-Ty z0{GcEID~+I0RAYz1P1;t7QocV0W1R76%T-e9l*(>#=#@N0TSS5|BLT;Iw4aNfnOLn z0PGxUH`IIr9K1rnpP4^Ou!TY3P5BpUb^wT7je}Q!omYT^^Dp>ch;Fd0jBLyujm*I! zU>ktC>UYGyZ~Z_8n?fAmy$4|8Y6Ab`h6sp@>o24~GJdBvb%ZMu-rPi#)HpdGazEx| zhl79D%TKnyDSj|I+Jj*LQ?MDt25d_Go$#jH3De5im_eyIXn}t{rvHhl{dZ(s zf0O;}^8ovsK4k9zG5H}O)cB?Wz}u{&je{^PCok^}$6q}_;HD1$T>TC4{q}$Ui_DEf z7c~nYa z+>}r#v0vgAS0nr|()zU&2f>z387Bim9NU;EpZsnV>+{-~z`MJ;?M?k+B3xoOR zf_F6c&#_`XVSAS}pYxm)>cl{v=! zeSWADN@{J?>z%-!;rRe9vSlH$mPJup*4!{pg9sgu27MLb2kq$}<@`@OK!YE_n`Bp8 zU?#%%6ke>sd|#}|CkJK0We$3AwK7!Mj*C@@3}Sg6$k@exo;bnf184^UZC~EKv8hq= zAV!2_>mAV#jFXd#Y^rHq5MCu|z20Zp+Ci5dK0&X}dp;Fzn1Usg>yoIuL!MFx6?sHN zGh|iw5R*^Mgc!D2$G%+fA?6fkoV8fd`t+GzIBUsQA@1RtYwzUB>leI+dJ8UVnfeSP z;{m-Pz!z7z-x~BDPxm+XoyD8@xOfipTxQ%Rh1!+X8;A*$$Y`GY5vCch;%-9TqF~@RzYc#B=NwGQvg z2u5u?-6U;T;d`>T$rMk33?kWfyq&h4^ln8x^@`?AI2-xSXLqGudaSEA4xFFzcdeJL zJvxD(>TFu`)b)Kt3uw%M!j?O%3;jsJ&5Fr>jW4X^r6YN*WB=C6ui@PNx97_t*LD$8 zwHMPNbq~)ek2faEh`iB^5K(TCO2u3`@E`U+8?4&CGku$%*P%_*66hF;K}6`4>7|Nm zSJ`zSsVA!zWZb<&Q@_X+)aUaRFy$o?m4Dvd-L>l4Cw-mFfTt9*WL6Dc^lgpJvXvd~ zbr=^fHtv=$yC2UwBI4;lc(r^GHLDVQPmf&QT1;rN6?4ztOU)B2To?DyP2t4WDl{Sj3_M%)R zDBp(>`Kuo|Q(C`!8bms7Hl>-wkxMqydN6>K(n~tSY@lP>+mIcSH^3oD)|?sVnOFq2 zZ~~^;3CP#9VAz+2KShCzFjZrPq&Kw2zq$vjO%C+=;QPip__L}$3r1MhcIB~llFIZ0 zX524XdsI}G2@i5hFe1!dUN@bA78j)Jdv!{Ttjadm@Nyd+pGiC61~v`b;65WtdpwKUM7xrK0;3^om2FtYUZwrDe-+{cg10zE;6GW z7FmSntnp-`*4$26rJZejX*Ru@sPkeEBaLB{3t%!nz1c{eoT4K<;5YYB%`{b&RT2^W@D++hx)OQ#@Z4>C|Kh4*Q=-w zgT*{2C041sTIa0{>?0yK{Sufkd3G23S|20Lb83@$O0M-&Zc^PcaL~BJ;(|7K*qh0F z7V$tZMYVDgYV3mD8~6Gpe)U<8)w04_zFRdu2F+aXnr8qRu@B8jOo2Fzfy9JGLraLT zicLlJxxyva-STs-d<$Xn>NhXQ1;x8h^xt|@48HWeoJ;`fW}g$V(XrcS*q9^-SJ=PX6l z1baT>%C5V6he<6L#qJ~j-duv-ZezrJMn^$fi#nPDpr;O2vD zx8dF^EiTbXBWBB%nvN2MeEc*9i2!WW4Hmy8yW4sBiFW;H;PW&C>|T(pMK9f!1kisl zhYtm?D;=hdT0Ab-nr-RfhBk1|fN9@i@Ae=@E-;ZwpNdKAHUW>JP9afHYrIOU21Yi@ z#BvYJErnk2Q2u?;5O$TP1P9Unxfp4{Mx;jPBVw7tTcX(Pr4+g(vOT+~?ac{xFar_L z<$^*WlI7Z?VlzZ9HD!@dZ7uzHkQw5BqwYymg~ORzza_IR)4Ie6O?ite+P>?O{UI$` z4}dY3@)w)!&m$VAFTt`bpHR@&pXR!C#EJ|gP7@0z5=3xqs3Il3jFp_{v9Y)X z8M9Z5s^{2nJAK|)K8Ek4o96Aqh<@!Q{$#B2Jxv%{7PY(7TG&)nLi!`&xV&`nA?0S0 zP>t%(GVnvqP-20%tLg`{rG4eR(Q$w6zXwj)x$nR~t$ z81Nq+hPk})dmX)Abf~uZ)HffMmcJyir1GO>`Wu;)B=B?KBfwe}kREq_D}4$>V2L$R z-cFovyNc1<^F;Quoqg2|LyD`x*9UiF-AUpmth?*Su~Ou#CooPk zLia!e?p#)OYtAV{ThSV0q-UkXx*nu_#V3)5xH1IgP5{FY$*(j974I_lt9x{HLHYWU z^h)_?CS&zVQ+&*e5p_j7T3s;(E$gwV>xMgFT>=W9ISmBB8oiB+sj~4V8AdyVyCFT- z6^~my#G?oHKAAllwz{P{SYE`+=Ez$K$J75{lMhZ&{W9@zL$!9 z(@%VrknhW7*07Dss5EG%6YDC-JgAQiuOKir)$H-WXOw*2!UxjRQ&j^s#3P#aWsw}k z4`RGSy%WoQKD%f8(XeT0XC}g_0Z<8Z+nM-acCG;=r4yZQV@x#dQnXTuX6{d8Tqr~R|x??;|cK05DxXm(Y8>Ep#A@Ve`{ zCrFzfXGtP3s3!Y>Q`k6&&;H79@(ZP$d3UyA>2(`whyq>=H`Xge+ffIo^!{QU7SQeE$4G^S;x zY=JSQN29Hv`o6>2jyG&E(Y4)=$EZ^wJRwAV)^^^zRoJz^Pc>YRz<`Sj^Xkjgw5UO3 z8-0S1nveCjjJKcPR0=r27ok$)62*2HpOg&7bY>C=ljQ>rBO~>r>PeK4zL-b>OAQIV zQz8(vRQhNR7H`&Yau!pJ%P|oU-oxX6e(iy0BG`i+ZeBFM?+uvO(Y9aa!}VM=j9PXK zooXZZd6d8@%h-=VLoW9&v5crl{FPobdEn)_HOV{tGEi5yu4*50Ai%>TFZ)}=z*((% zWQvdx4Z8VV|IvJHzV`lgY@@@_4pVn+Ar|+-YsWz{?_Tkb0~Z^F3O{rvfq6 z6WgH@)LP+ma;D)lIDKy_Ea!TxK*cq}4aDfW`mQ-I0BmZJlx*DYv*JkxwiPiJ0kSllVPoFa%5}q7APb~sky52=) zZ$6Q-{Yr}NU*`(ln8VKxFGrCv*}2QZJ24uV_#$7TS@G9&Pk)(G3Pd$5F+yc?*&g=Q?viZgOAkiuN{ zaXyNaM0&{zZ8lR2#wt226MFm1%goULh~RiQlMUHf>>k7dCJ9A;w3uKo#< zvGu=>;#-LL7R$uMGkKs?G4J1&yo1B1FJrUSfeMD$*=?w7Rzh;B%?vdt<*N)L*>vD% z(Y%$#_c|L#VCbq);>Gq%*3TLPBgke+c!luj+W^ZB-PFStC6DW~KVGJ;m3w^dXb5&%k$NjeKSgBmP%%`91m{L~?#n-no zIq!ZY#(7GT7&{fp;i+LANS|}Y%FKyB?0}cJLSq<5#Ge4l=xT>~zkM0FUwFy9hK^%1 z!Xl(nM)>ecx0yphZdgB-Luz3&gUGECY)ZQ5R;C2eX6nA2bc+(k< z9^NkzPhW=NkkOdhvWAV-0>%#VAt-5UI_Q!m)9>?FD;?e-N)p_5sjz@4)_OaR*<(JV zhzpgClPj5=-6XW6*<3G(k5K_$1|b!QRY!#|=~2n`zYiajXEW=vV|T;y`(i!Bru2I|_&x(DQ-Dmb^kx1Vetd3w#z1rXL z^Y53S_SzVW(@w`A{G8YKxQ#)1SGn{H(sCkl&*8Ot?2{_2dLfr!(=P5O5uY-)#73?N z&VrDtoX=f_hlA2X*7`No*@!-1X# z4rSiAQy083QAdl_=b|^`g_QB!#0e?_!WHBHHD18|8zVfHRuc!vJ&^%g!V%~Bn^X_nfoN^}D6D1ViUJ3&Ja8D5{bA|@p#iHl5S{U6LRB`W43D!YHQDYg= zUF@ppqkj3U#aT$@G2_S7R>y7^&)AEh8FY1EaH=RZo^WF&BVf>)VdvqnFRw>*Au({3=r%p6&@(3M(__ znb2Nrd3Ew}B&AH1Cq$rL$9GDd(SR?D(gee=+w&Yf<(IffJT`f}fR)y-0K2?$l%j<@ z4|c3nThv2n8wV0A=D5ro;}Wu-@IZ|OpdqtD*BWdgE@FC;^G%Trmj-68m8`^}h4~wq zobs<`tN10aa8{(=_-lp+vaHijP?5PUP#igzl)GWCFHcdj)=zny?X8~6ir?d%@>B!X z=+S)zGZ7aZ@753H>o19>*l!u$Jo2LQHmx$aZ+Ue1{y-&pL?l84LipqTVdw!d7Ucoq z>6>_C==nWZL*UD)uD0MmxqhW0{q+Jt9eyPVwK0R3|FuAE&k4L))pfKtHi7|v;{3XK z5$P{}rr&VF{{_d$!~|}-`EEo2nmEE>fBDk>33|hSW4rnl=VrP0pRfu~{wbW96%=kS z_(!xG>OWC_uOca2m4BkxLTw#w;YKCLzpMCfIOI1s{|+kuh696|!;MM5DeH#ePlTS`WVpUxamavVKp=hzX?8BQXSU{lwgoBH`NvUH z2naXvcW7_8`u`moB+d7uAYNV&50@k#pS0w^K{E$%#)%6cA>72@q4ikc=G1?cnqB%w zB{(=Gd3m_F#QC^+ZwwEAN-Zri*VRRjfN&FkhyDbH@BjUGXvx2%=9A(BaY^#?a&!M1 z^iZbvt}ZeH!cF`g`ZVM}Lc@(|-^0x}h@D@CL-JSXpPl*FJ<2!k?*9qN5hw^IP#cFo zI_yuzU(L`rTbTa|NFyk}Y-s*dO@A7x|KZcxMfuxg{gdlwX}`WO{oaijj!^!iZRk&w zUx(3~m#cpQIU?$BuUda{{`zZtGtB-I6wpxreb7~sM}?b`5a2)Cgb3B}v0D@!{(*4k Fe*gs369xbP diff --git a/external/unbound/doc/ietf67-design-02.pdf b/external/unbound/doc/ietf67-design-02.pdf deleted file mode 100644 index 1ebdaf92dd36be419466b593d7ff1fe841366d52..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 630129 zcmdpdWn3K1*5}~v9ta*FxVtB~YjAgWhanI&IDrssa7hA$AcITr;O_43gA4;Z&%N*6 z{q26*-H&fgS5J3Wbx-||R-ZcaM)SQq2M;Gd4(6MllAgAn#vTw3CNC{Ft-F;I4yL#` zEtjgTo4t<%Eg$@vHV!5&EiIS4ql=HN7yR4B(#Q6_t+l(2Ee@unBo3yxkC&~bD-LEr zZl2z<(+W3!sL(yl4OK-E#VR{Xl#3u%C^q{I(o#t&Bgd!;u#>@%M1 z?>(zGVaYvQg}q{LWC9ZWows18N+B%-QvC?;+txagBK_jU%?Ict%?=duZ%QhTI3&pi z$Sz%}^4;kr0~qLH9Z+gY>u!qj(w8*0_z*BXp_j9<+ZvbTs|}M=;UHLC0v>HW8pT%n zSx4^zRdGqSCK2~X(Ra0kFq<3ICy%6^w>TVC!axErbC8hs=j*zFnvF-=a6bAs6m&9LHtVvRyW5F_H*VqPI3z6drYwvIgc|Jz^*1g&C)*2FWLSf797)B$ zlg-)pUVW*I!$|l}Ny66Q|G6*KXvk}$;#XAgIQ6t(>vIY9-C$1kmzZ9&t*cobbq6u@AF=PMV>sT3oCF2-=#YnmP>>EdADHdrg(hXLPNo@P-t;Y!l# z%J)&hTi^I!`p7Apt1Bvt8F=Je{XVtZoKyn){9rBMZg(*fsB+^l}RcLdxGr20sHg9dC!jY4nP+Vp=t zT3r}1)u^2Ya=UIQ@Sm1{1YbAM!-Emv)x+J**3E}j_}|yxxx2V~>3CRL!++$xt)HW{ zt+s;fznlJ}VDI1Q{ztw3dGdd0BCi0qkkJ3Ga4!ol8vuM|c_n!O0s;Vl0RI49mI3bo zNQj94Z192%-%!v|P>_*PFwxLZ(XlbHv9U0*uyAk*@o{hoaIvuPN%0AYh)GCDu<^*q zNr}k`iAjk6c?bd${2pW!3=|X$VjL_S;{WIJ(gh$u2lyi$AR*8L5D5^F2oPR+0W|P& zq9FXM0RF2WAi~FpiiVDXi3RV_fDb@KKte)9M*3&e@ZO>Db^tN~3Lzbj3@VY9B^tda zG4IFJLUab%+HMl<$qPn4E3XI)Oj0s(idS!#m|5Pk@(TzG35$rndoL%ips1v*qpPR? z!NAbS+Q!z--oeqy+sD_>KOitD@>5iFOl(|yTKboa%&%GBvWtpKO3TVCD!>1(t8Zuo zH#N8X>FMq39~d0^J2gEsJ2$_uxU{*oy|cTwe{gtod3Akr3%R?0c>D(!0s!gXu;BZD z1N%R45x{XFA|oRqqy2*m0nr~`kqD4c=y*^GWwg*NJ&EXfKcW-MrWV$AV=(Y(UyxXN zO=6NV@^8Mm{0G{q@CNKjuvx6LsO+5es2nft#mh!CK+Oie;EKGh!C&p+ z=xh9H&#{v#lXzBJX+_3}og$X4;8IeQo8P}naz*|Eh)BI>0X>jBy?Zcz0bDLUYHTJa zpFFeN<0)LKMb$$xvvVawJWNin@!c43>QnQ@Ub*snY4&ek@_LrC)%)^CcLd${K^+3@ zH^!6BLO3c9jQVa@@cYEn?C7orJyTHk(ZqxF#v^DN?qb431Nz-@4~;mh%2(y=?xKw+ zN&kEwED5Pr5A$5EEgH#4>Jjbe(^y*?XxEY>PP+I%n2x}sB4=%S-y>gpDUcjfK2xnZWG7T{^teYW8($H{en>s7IY|zM}Hx))bDH1@2ZL zMLt;o147ni!Y1~m5JP}301LKp7~$*#;`=#&sjI2AJ+eE6#F=Ll1A<%R4@(`0upcqK z=Zi0Z0ZH6T)4w&JtJ)-jAy^h^MbDwrCJ^!SGoA+ZegJ@Zx z{!GU!+Ds2!L?113t^P^m^1O?h{i3>bOHHU3;$G-D^&s?Np0a8?4idej`Z2JFOTD=- z%sXt!{K}h}_XQ9%{{m35s#e+5=rMm4;@obI5#XRCkw6IR@bu(K8e3dIzAo8#>SfUi zH`v(ltrF2o{+#I_Yw%4ofvC>W*!zapd^u)g2hMN17r>_?1(S^xraZ4nynE8I{M!>r zqRXVu+f{@(*3vVl4X(VvW^ZR&U*;wVLz8&Y?SsT+CnV%jqf70bdSow$y{~)4kA{Zb zPYILFs_r_?y3v$hZg!~gjBac0nZe2KK2o2-VPw~N^`mZol~j?Ret6eZ%%RZ-aStX~f zf>K43Axx2FF2NyE2jl7_m2O(x(|Bvz0|n^Mu>xih4soU{N~;f&v4KA$|8s zTgwY4r)|b4c_WDpMA{K5ngg&0Vy$ZLd{dORbD(mj=5m0oMb#K8`asYv=$?7MA0~hFe7)IU<##7IkPw)Pl;Lxti{MENB~Ux zQ_l-vzZudc2`H}3am!eP;E0+w-}Xa8;)HB%xGZ1=86g}~)O#h}%=5x|Q|<-O4|@G> zGgR<#S-mB5&G@6lR2?lwLIRhF$af`!OP+-jJyjQrVmJLNnrkVwCuXSj6X)f4>`$N9 zM13jiNAqLWV6d^_%wV?)L8desrUr8Z$%Z+Klw~q;2>1Pu&2i%OfOMty`f27sn+SB< z4<1%NUCc?aq`IBq9XZv)^*669K_m{qC$tfM75Nk>Qcd0bFpbM?e2aZ>GuyE@a zz*O9i6j-#>&aSxB3&89v=#g>W6mEp6XhR$(yrf?MaoC~2<1MEhprs!gUNm*7_IN-_%eyVIugUd5{QazEmvb1U@KHvtJ=lovqqF48w^n(G;a!Dnu% zHj$_2WAmmQFOixUpv(CpOKrz})W#2b^F5HkRMm9m**pQu`Ra@>v?q60?#8}6*Y-mP zQ^fptm`2RkikdmDMXYDF&MpuH?**`wY@Y6PoO+En)@dkZLk+Y$M+7dw$L}N|LS-VF z-K!4k)D4k<`U8gsoL&I8oAxh&f>$%}*#YoKFxz|p>#&Biu>LcY(05%tK3*dSkAl(L z5C{%NfGQk4&;kqoWm-Fe-8uRxo$=m9ygf@6Z2u55@3JINryyT-cu z4pc?bOAGsD=4*j#=F_sSuxUx&A*8*A^A~`6?T6{k3$zq~m`jB9{KPxu*-XF(dIqmQ=dDFuB$I<6y`k2RM9-^&b<59FK~HIw1mlkO z?2LCBj9fGqZ-Vy1kVC}p6EA6xAYp*{9JOE#PUjzbbBw?3aZ;#QVH<)Q`75|v9Sg8p zxb=6gNi>qkY~AcjekN>Z6-=~9jo>&zKI3r{N5x4ixxD5U9#h!wODf)ib1$DK>5OS6 zgkg(KkT&o#%Lb_>!!kx^g{pEZ+h2i63Xh#rVCFlB!N28N;@S|F{48}JKYh~DSVdjw z+$5D6yhUM`>~Y}ti-CbT`xI#BzR0{K^k+R$6fLfyiGQ&Ehg_4=(h_teM4Yn#Wr^>a z>(23{p2Cfn85js4iCz{?NY3Lnj00NR&mpJ{97T$xi#Go7=l zCT+FHR`sL-xw%?8e?zHh_%oR}J<3kPYNqTW)du$p?gs3MNfEO>yl+ZesCFO)XsBqV zlmk>rK{{k^3gTNSQ4e8mGw8sqHZPI8;!*Q++@@nKOW}v)-J9ZJ6Pm2s<>{LO4At*^ z*SMnBG8yuLRK69M1DOwlw3h=9qaqoCjg;XCW1`lj2woN&cdz;GwJ~&4gs@XnSl^&m zf&ImJrY}njCfaOxpamb3n&7HFf!yI0Qta{2;yw3uR2ywXM3}~?x|Z(BV}HVPo@z2{ zR%c&agdrLD+>YSoDN40Dfc83g!ajNLVPJSZKSQ5C78Oy}&@uTPOb=0e;fh`SK@47eY*Xpe{CbpO z`XhSXz|Ys%NkJ1}f+p?i5}vN^W8JWEq*EsS9#p$+ihl2#en-e5!PO<5m1#>guirNH ziYD9drIp?dl2k>Gdi>x=ZHXDhlKOanYf1Y0)OR^|VyBo`;<`A-OahG8cxDD!CER=M+ ztdiqNpq^CtwA83j%i+D#JWkqgx4+xxzT@TZq|J4d#hPrje_@J^26_Q>S zjVov8hq_e^U`ZJwzS`7ewuHQ_0WgV~7@MIrrJKp_r@+O82voEk(FsmF=b>O^<&mqR z?~PMR2cd6qZUBSWmCz3Je2~#_v!EB_`XPJyD7&I;P^Het6$|RnO2+#7I8K=+*HT#k z*&BcFfoca_I~RdohY_p_mevKLiJ<2%lYtmtn6sl6{ZYmlgXTi!Nxg zM?qV)34(;MZ?6s;WB=fPpjb}f1%A4Hs+=qPOXn6gGZHejQb-{toA8KDFbbz=IV7)a zb=@J^(e>NvlUWAC>Ywi?Hkt$xwd1m$A0OlQ!$!*=#Me6bcK7WstjYUDt?$3X<`)^F zFO)p~Qg5nQV$g-_d_3+NMbZvcQ)rEr67q=`FTmP?tvpW5Yq5!bBPLcm!8qvXEd1Hp z<8WL-+GM%U?zH?tc<{mVINJs6N2ulj_lZ(%V2uCZMHq3e8c`iAl6#XLlyGZqKBJ=# zK{bfYK>tGe4%CLG&BnVF%+%6=;bAzp()*+SN&<%WH{fvw>4aK8kH}Q8FDgSxTZj$Y zCVv$NVZ^Dr%5IAn%tOH7Y9gd__|&QV_4Jpuq?7f?Rm%&2tbDF{*;KUO_haUjJQs7O zH?@!j8_IwiKGoe1K7qtGh0tjhvND}3Y6^A5M?53slE>_8C;i4_1|@L^28#rP8%BGY z4E`g(Z&{SF*O+H;UKG#F=@;5N^O`lc1pHlL<3k?nXCWd#Pg$?hgOcW9%+Qmip(wtl zP`0-aUXvLZ9i&l47|J6C&s}7$^U}S)rerR9guNxwYV_4N+-4oLLGwpZ(77Q=4apP| z@+Xj(X6&@rqh(%Q^52)h*r5v2)mnDEB6pRXJDE0CjNIwpq+8G323#l-qwxuD&79gB zWQ%Nja{5_zKt!MQULEUW*JiYSilel84Ktp;rOEoK5>S7#5Zx9?ZOs^d!T`(?ydD@n z)dSY~ETk=hG*cd`tvPmKyZUn7+q>Ozl-O`2$aopYp9!Pcfs%u26@j@l5X&f1iQX?Q=atcK&(iAu>&02N3N;AUeeY zmFG3iSdT0`LSmmz&bICEIx?dCEv=ot zI=Jm57OGfCs`V+S?`{AIm>YB*Zh*9Z1ke`PXOUc(!~G+3y;hPl!}lGIi1g}HwKBJO ztE1(_npj0a1)~bo&6ZrLzt2do;|MkfMw6O;3Rm$ja#-U9?NU$e2NN%6*rCdchm=sy z%8GH&8**f;Da!}uetRbe_QXlemsIzVI3N>GYJ6?=cavbNIc{?2>dOy%u7vI5cx&fJ zuVRt*aMqz+qBf7UjPXPL7WY)A$@QVPWN{4%#wy&&=uHDiZn(j7KAEE2;1syfD+8?2 zEpZiNe<1QC$zz2)&tQz{iy0@HjZMCBthP?HvZyw!txrwC+i*;-KD?~|JD(Cs7~|O% zQg9&7ICOc)9D3BfA*u~ zxx$t7&d~VUc!V&fcxpXUWlQ^}*G1LLqsRU&?7URK_cL=gy8a#m`{CaEoMzwSR0AWu zvOFTW9W(JrsBp!DXxWwu%sZboyQjq1?9fZFXhXr3D9YiYnt;ZdDETXG^FWBEq`!@? zr;}eDmiOykH%<%!3)qvr@T0|qfSA6nrMRt`4rcDHXUd1;?x!DF({4Ulz*+{CeLHZP z^v5FFv_%sk8ZLI8{5GA{n^xmsx!`?F0SYEL6k>9WO6IR97&hy1b7 zcL+pq?o4t4Vde2I9dy%{Pt9a^$0&K;VN|eTmj4Sjjbe#VA>yrM@#C@l4TycM!TKy&8^>2yO<~KA2 zdyv%C!*FrmPC7NFlVEsLW_}){G#1e~4`s`1nLObrYzISaQYnqa?3nGgU-cTMb}kL+ zq@F6dJC-^8jH<~+znL4`Ii?8t`nYp*S5O^ju2cM~DhHk1q^~hxq&9Cw6o6rQ!Yd^j z!A0np9tyI(!GT1-C8Y}4@kP3M>hm6UFIh1-Ol`QySM?(!ec;Jp|EOofk$ROepj=$; zu%tKA$j4O4pQa}AVHJ0ryKE6LH8~woK;%rap72PeaACOSaDtVBi%$9~i;NT1go@-b z@_i5l#FACI!%mkX$3z7W1OlXV`n>S0i;qb!$!|quhXU#ChiE%a2E6Qv1v|3sX%odeXe0(kj&NP zyN^_B%-*7Kw@fl18p)vOV(BQqhEJucfhKC)T(QMX9cg?%mhpOupNXv^9W>EK6!*TH zJ7nvZ28IT;e2M>od4x$S9(#vEue!a5HblcUKld4D%$T9t)T?_!xb;)vrxnySp53G> zka9d1;i0!cODU{X;7?|3VB|iM$iNPe!KAlEFxB05N3CM8Hjh(nM2Du;9^2+{-V@q! zt3BQ$Dqk*8{-nD9twyzqK2Qw1I-##_;Oy@=JQ`(oW^Mo9V(4vJB_oY}0$6@zxZ3QB zl76qHp9c0M94`Vst2Rqtn#<6Ci)v!sc)qwXudF8Ecg2ya+xcqnEpa+!bjL#Z2R#6f zrj@c-rnMvVs6WxNh@%blwZ38F`to-^S>3$&_eu#q4ENAUOV)I^u>o`D`1;s1zfk#A zeGFu6BH9N7h*auRa;chk&EZ^}$F$kISIei@D#8y!p)0W94@mGJoLp`Em6C7Z7WWFJ zEj`Yj_>Wd5z(a>&?%4@igHdy&>{qDH(5y{jRWDHt0U1H8{DcCz=irzqk#w+K!!cbMux3rW#K*nko_jCrlq!kZ9OJC8JiP0f+yd-X}=*Xxgxi=2|4q?V3oMQ zc>F-(xH(Gp!IYGErrbyH1z>xXAoj|f!QUjI5M@ju?Cp|^DAQNclqshx<@2EFl0*c} zU7eE!3seGyzq~=9DpJBq&PLJodzBk^wvp%QhO4J@2LEiHPH2OZsa-#E6I``P*W}{0 zjX!xOyuD%edbVo&btp+r%KXecy$xIh!?N}VuOQpxhhPw2sc%bOSr&wv*3f+?k@^`m z@6-FN+(0qipvb6wSn;7;gn-R?ZKvl}75(hll&SnG^#qdWH&pAPuJJADC&!^JS5~Dp zk{OOAy_i#!_u;A3e65EGG=()%v-~gwUsr9NDh-kmqK8`g<*!$}j#^nHe;>Zhm=}(GTl5D~*ZFQD32Y%~cShHNLz zHv`FiKEAj(AXvV2hW|(GZQx#0Q{Hast98q4MbJn$a@e_}gjhVgkp73?wX2E^ zK(x=dY7_Qo$tf6!)z6~P8I6rZlAk;9$jxY1-#P^TN=NH~&hsEVU=BK;v@$iyBa|S# z?rqTrk@S8Qx{%JiLNDdqaPdOG484$f)LywyR;`cUQ>rO=57rGdX!^qj`xDl*J=dhB z{~AqO%{AR94THX2CB_%b&LAc^8igEkd>5_o?xwV@Zh~I4y*{XILd6=TKB_Hki{|$o zm6fWSX_wDnQ4i$zm00h5{R3a)6=`2n%YzBcDs}SnIa;>)>8d!o#xfnE1I`rT1}dD` z&j%|ach%gELCn#;6GN55C<72ZONIx-Fdr>*#x1_~($b z48!C#$!i&QJm`R5uDiG4RMji3s`k$`W1PArX>fKvU?!966{C@~)XGFUT>JKqQP5un zX*Ftj^2rc50@jX}4HcTiL!FZ@8uF7N?YIHHj@52UM`zO1EB&@#24b+A9t10>s5=ww zor26`sHas78=8v}&(5~T7l*D%sxwM-1_qJiKXOp=fumlITwjeB>bR9=}oj`Q;veoS(qnE9c-(?eSW_XG>U)3Bo^_gk4yg5b{Of zm68(uc(ZU`c9|K6w91}c`n};hdpaI}NW5o6STo!~knmgzeqrE!ExRJm@jTx-LVgwG zK7JQ^JZyb&7nK&g{yQMTqb0PdEe7A+z%P*VjFS8-%;bHI>)Mk^+jIzrCDoG2(##}z zeFoUdk{KYBODWtPCbKw?>?!x@helP$^_0t#OxY3Y^vV3MF}Gqzi-m`45=Cr zlYh3Z2-8gje%kxvurLx+Z~X8)aVid2moeB)If8to&pA0;bNDkf{ujvbK%=~4pVPAx znweJTboHI7!80IvM`)BbQ-&T)!^)Vl6{? zo(u?CP%`)?=6N_sSS8SqtP1)t;a1wpXJV-KCZE&`YS5S7C7Ju&U?G@cDbcOviriTH z@H^#u89(h+z(z>EGyWTcureJbCM?-m=au zKK=OMl-h491#6PF6hkn)9p|i;i?y84u%r2@2*_v8-PlJ+Q}v{`dHTT|WE>wzA4*RdC|-+2|I3>(KB%dmZ(`mT zD*WVi5p&9M(Xu`uikm2zQ8wx+@C!Uk7iFhI>B{(tom)fQ`8wwrOYe1C81ub0ZPs6u z{F1h6Zt(-p+a0jv>@C_8VKhq_EP=l)P5XOxe!-_GXu$~H_JlU)(2oTu%Yvijs^qwH zGwL3-(S;OiCYCd$Y1ROxEf2v#*N@%%xZS^)t4Db|f0KwtBF zu)!5gz|J;kYe4r;^S4h;T6kh%9THmz9U;9_E(+NGg4C7z&f=MW@F)9e389=jwi_-I zqXhxzPad?92H1RhtYLvL229WtV>-9qP6hzGwZdM9yuV*A58MV%%~{pE`O?x9 zzhL|`exx*xh;;cXe-Tnsth_zYi_ zN8WI_c?uR5FPN*MB7YUEWC(M?sETKyjL$r%vMo0{{KZb1d1)-$=_jm7pWLOT?@-|Q zrU-vp{%wCws&v!ud&v(6KtR4#C!3(+W$i72?Gt}_NBwdP}*9G3oSqQxn5!Cm-%XH zCQ?nsDB>$>6r5zf3aRk@t7C1|Nh=Hgyk4Ya6C0~SUTNLu-DVN!Dm-v}e5s>s^_GW4 z5k;xHKVU0ddhcz>{4lJ~OQB$hyv#Kcm=Ocb0Ycoz+ZCUU0*`-fT2pi%iEI_61z2a* z#{DLv7!UDzYMnruVln?~o_j9OAkp3Lt%UdorS+|sVI1q1=%V5A&ao?=0IluVlQi6aG8;&O(cC}!*@W0 zdYwb@Jujn8ujf87l7C3B>G zM3O$z6=TUz#*-WBSZi#geu?;o9r~O6mNxh7?jcz@#A@kCT9uiDKpb37{s^6V=ZWmK z6crV%i@#h42G-Ol1B`td^%^Z~#PZ@Z&-_xn?=h>eAw2R;*G;}*LE&gJZ!gZG|P2YO(;z$7!R95H=$G#Iy7frI%ETz2xBmS7(=jAwrRQfvE&^ z5|Bgf=C6>73Q3)my2Llo(;$QK?c zMP$W0f$R9flA!Bh>+a$6{Ay*)LP#n|$bJzd@_cp%+%PQpdZM+WL9=MQBg;z($N=Qx z4v_CJ<)y2kj`nDO1B$IWM!t!D~{D&WJ@xvw*{i%R^QE10`OAdZ8rj@3rjOq^dRmN$t*t&br$4L9CJ$G!j~YiWnSPLH-3z1nu3jXZSB87q3R%&?!Nkcyr|n`MU2;kC4hJw5;3wN#f0|Txc319gy_!*r*<rOq2S9t}9deH_ifEMY;>8b`ca#9py5&V*T%aL!3Dc>nY z_G6HUQ(g;h(V~2=a4ZH;;H`$Cg=LKot8#^6-I-fm3A}#xTbGm)a+ACp0=t7(VNMyt zho8MeKAC*|!f*V6+^QE1<2=`1!0*Ud3%9go^_%_{4=rBe>6Hc4I{9x=M?^Q{tWB`K z-A7V+dRbnL(JOfJ&#nS}#5cWjpKqKcO`}8W6#Zy_4T>VrpvKBjos*qu#u=BV&Uy?z zJ%D=)gY39|H$3uC8TgnV4gr?pusqx^4<{5n_^B!#kA z?ql;kmkCb;F%Rtr^pH@r{zp}NwUCwX><)j`xruoeJD*WPr(2Wv+o^R%Z`1PJK&4)@^rFc`L;bF7M_s5=9IYD!B>@PJ39yqCkgvpcSr0y)*{ zwxM#m@C25tX^)4FZv!OKtB0+=3=pzz3ypKh`)lP~@2jVcT>pYsieI(brr)%-e}I0- zJ$)5PPSwKQrQu;>FRl-KQWU&|bg~Umdfxe;zLr|)bXh??NEr5PSYlQDy~2KjLe&lK#P%VgYb2Hgw<&Svas8*lWb z@u0MCVQh3SfM1eh@b%>vz|84#;+p>anAAf5IdBS0pFgr}K;X1#tm!MW7dpT4;O^PI zz4rUOv-Z?=-~41g6wFJfmz6}I35Tlcty(|9B%HJUtSt#>+ zt3>0kvCt!|JW9p7bWNH=MVC#(!Nh2W1Aivq=eu_`x=#f zXG2Z?9#`BCe_y`<+8~suJcp`rKBoFuZd}9ylbTiG#$&KEJSZCAaW+v%b9&Kd@cGY0 zmTk6xe!53O?645Ds}klcIBh)TY7wqbrbfM(xliqBfmS510haUFp;giMc%BTHhs-XSx z#5QAJ#?CIo^8p`ckPbEJNcg; zeH&AQAy^)qi@PelY=XQ>7EISXPlo+GeViH2B}ESB6s;*MCd!liC4}R8~ zWwZ{Ls&m`}i%J9u3j_4#-f^C@k7srd4HIhaKz@*t1pyat&{TvHUl}IQ4r+XnZMF*a zLU=kL1b@A?YRHIAw0C#WT;qO~_9tqPQHk6}6Sx4N2{O2WQI9QaEkimvxGcdIif;@Q ztK&OQ&eA)@K~8p{Do5}yqmSjo)Tgo{daBJme@o|7BM&r&m#Q_qEjR>ZU2?x4c``%T=M&qGj&$>QP#|?FKbLW@fb%wqM zM+$x}-vrS82}h)p8h}pDCxs?{XziTTH^(QP+I3$YGmsuJ?kS6 zcwiD|)s{(@9Q7ugfZx4bHg+J&NJQ*4JF!RW_Ny#wJtbW&71=R_QUA-JZngM^dRXXMJrRZJx@>}XfR|_4pP`DvxWA&pNSIT_ zH95~i{<1vd;&)Y8976AF!QuVx1~}SczML}jibLVX9bx7N$#TRbQ#i zqcoyAL}ZGk^^B#jCnp=yrpqV;gsjc09?@i$C~YYNnkEm?aBf*(?hG%ofg3+_cIk!0;X>$!~6l{ai*)7FMvjJ>NXG7Tx!yb+ttyA zMlR!1Qq*JTrloBZe=v+6c6c}-Im`Z-pKe)kq|a71$PnLmD)ck!gJLnRHIfLqq2%3M zeLXY>b>?O^X>>||N~M2KR#xuI1JBBp2&BaH3%K@!OpKyohy*`Qz||^8-v}2EameltK(L(rh|-5%aMfq`TGp{s3yzIET#iX3^IjehbZewJL_)j1W>Rwqyx z@k=T{RvqJ->do#?Ea>*#!m2caz4?XVcS?k}$_L`}F+5YY*^f`!!^4&F_btij(4g;j z1(ykK;WHs2VA!83J7kHk|Z zPV0-_N*w(;#1GestNTJ}WE5TQ88Yt5m~CcrwE5?M=D7RZMLL}Qrfm{;JTOmlDPpZe zt|_evlBATuMJ5h{b&fjGGlW|rT&9V0tAC^mhWEBRcoN(6*sxvzxW_?#QLP7QyM?6c zA1!g?UjU0lvDv6i_Kx7J-krkL^lw-sw2zvMbMP46 zo8OHWdkwCoET;0@T-2-9=}vVNcuS2#&)t814Z!m%&?CqA_T;dqj_QE%U^jvQBKKvk5lRe1KRrIzXpR-SAes-PI;AR`4s$7K@ ze))1rK6V}^c-D|e@YB~|bE-5`tkswj_||rTNhy+DX?~}RnRzY3YI?0NnHXph`W*^) z+OF49zl&CPtzqVQ(Du%o=`e|w4^ozvn>Zh|>V7X*)|s%$@s3Ep9$`}WO0kd+{2K0sjz%{SR7-U4FBi(DW6Gp!Gi5t7+dI-H z3sB!shkNai1?zF$&8Dn1nH{&6O) zMm1kY4CDg?gi;jlf@T-nREizvg0!B8atEjjeSH8Rn3B?n2A6pb2dC^KjT3_Kva#_q zd06R>0DqObc0wGPuDSd@xkTMxnXiAh;yv0SMg-q}e=LjK%qpHge|;+;$k%VAXzGpe z^)4$$>QBFydZ@Z6W|D+LPX~Q{6OlvuNxD|FCQdiX^VA;416sIj=GYkhi4Jd{&v8Np-C1Xhw+T8G9das>uPPHMQR^sLSvMxvji zMN(~K6WX3Cs_4YfUWYooQUeE*^oEgrhK32eitmsA+ml#`eD8?|&dJ@s*s3uf-MshB zGc_@%H@g}MJJ|>-!7qXp@OFO1C zpmY0!eTlkEz*GS$C@*CZ{{+s~{pDfc3V2F{mJU%zPDSdrun{S2N#LDgdA&OSOjCEp zBDhW22<%M$Q`N(i{w5>7so9{gt|`(b+*V8Q=f}&ZcSz;!_VO(hv!oM_>S&9-#%QL}Am8QIin-=_$X0vbN0R`-029-G~`1usX^oMX#J-|7rDBVi#c{cjm< zTL^ZVG*{xez(o=BAltIya-+WT--e3cRaBMIJ=I2c zcXpl@$0WZjaNcyXa`Qis;q2ktjuBzXj0KXjT|qU)Y8bBO;n7=&`@PaLF)U|f86u%V z`RICG*e_An(oq1<`_!msfN)Ne+@(DBJ*MO-UCZ;_V?F@k_b?I$6mKd;5Mky>C|<$C z6YyI^a0c2#CE%&Eg#ijDmL+Jh&7!kc;gl5a+!p&_;>716$h%deu`59vu~}(W(G(f- zyN4(xV#wqvTPLDKGsES;+>btvlAOQGDIJEiX9LoBNVSLK4aNo*oZsn>Nzd9_!oqG4 zXRgl^I_t@LIv1~d{2m9ALljV>oM{893Q{OIISqUbwxmr5w;8dqujE1+UI2LU_qZ)7 zjj#L@mT(q?K#RW~?AP5vtu)c0Ke~ZV8jF-$c&9PYfPkrCrDj*YKSmtzS+!@ilkHAp z?T5N}b0*?r#;Ck?s}0*YtJaSaYn5oZ?69Kc?UWp)H(8`w!ESI zlYX$19E3RmE#D{~=!|&*)H6p@nqJVv7RU z4uV}i?0nc@J`vhBCwv|QH4a4AW0VFfaW;(K%L%mNKO|{h2Vz$p|2C~IpGB*zS}Fj6C>S3xVRRQ7PXuf|Y@1mxfKAT(xE~r@q^hkBnUe~RL_i-5 zy?kj2^^r$R)KF`v+R%qa2%tR2o9(xI#5*QjWrAy{lZG#bwY;P~R341Js)kxx>^MessX2AqURJWs=?BS1U&Us@Cf z^65US1pkDk{b6*hK8x)SY5JOmDsQkUFRwTnGGF=v=(c`FI(n7Tm_OaOWP?%*8P4Nm zipA4r_y(ep6L_eBdfkI`?n|LA0cXqRGkv*&OP3Q>`_0Tlzw6^=2&w#}`RE3;M}p@M zUJpDG05{=I^%HH3#$`;r)m(yfqQS5`J0TBE@E}2Q$}K?B^GTr!5L$JSvkm+hCUSuD z^PZ^p5g5mgAN6HP2|7rAMQX5&MtTXs7>u!zGp;T#5^ZjSeOOrv`0-!+4I0r!T|xxce?@GL*sP?Gez0C?-X^Z5blzl zkOfKszZTj+*V*R6+`yF3DfQs(xs;K0p}*~cgNL^TBa2cj)XlF&eGAYOH@&~0?TjB! zWxWRI?ABneN>qy99sdelSJtR+VnD~E0*K!3gz2L6DQK)dp9U~`p78ZC@>XKR&U$T^ zH;rP6xh1%o5QR%0k2?jVoW5(2w_zxs&jwVxF|e#RtG6~wna{_2uU4*!mp&wmNR3~W z2x&BQ`sI25z1vT&A>mI;NzeOyb-Iz%E;>PneRRwhXbsb}&VQoDVRLbe<$24*u_&3J zK?PR-tz7s4DKd4!a|p6Cz1if5{udz&>~r_5i!!Kf@HFhXL;E+mVo*YAJm`J1;`10O z355u`1h3zv_O}H_b_VT!`URvWq>oDO9#iCAu`*slC<87#L7H^$fBcqO<;33gJn#y9 zoP8Ji>c`d^Pv+`;5^vz$_U(@dzpIH8GyAvGjT%x$Wp`IDz*Tukmo%O5zzyhy$Xx*i z`*nYQ7_Dj@YubuEgZOmzE|bz~p$;@EC33y8yJ86STX>AG8b@ZhH*-4Ite=(uDY980HOr9&t-`#Q@ zCal8>eF6CA?w3z}HqOjcaVhemLem=ngrnb}hErhmu`Z+|TYLX9hj^wB?7sJUpIW^f zFhg0C^*WZ({#YYoH;+B;J+<{OVY94p4fPDOZOu$Z6svd8c^dCZw2!xv^{9Q0TpMp$ z1U+&)&a*E2&pKju#e-+YE9DOZb8PxYdx?g+k#G(*TH76pvto<3teR~GH@*1IG)Rb! zyiq~iz29hgY?$qZAKD$5tyX*B2@{{XDS4OA*@J%VM?UC@G_Vvj;XxFK*%^>&a?a8R zz~rM60){(*{?hRwX?@DM2`mhf1!?jUm32qn3f#-?lmzIsE+Pz$BI5<(R^cwXt)D*o z38tofW=(9{V7?1YBqj6YHTu5%9@N1qNEPnqHh4Ecd@q0@-h|mh8S?vdAqxjwwyrws z;2Rhoj!w@2M6qTFeDEThNE`q;p?Ea5Hs&+F0AxQQiF$}2c^pqy+?1-^WBY$H?3MIk zv_B8Kb{{?P;=7-DXP9S&Y}_juvLo-=O0oQW*RGzOTPD`C^B%Ls#^pfev?nMR;C-%2 z^rk)7=XuuJkti#}Fz#8BZB0nxxTUVAU69K_Gbaa7eyBopYQ+1sU`#Ki-OH6j3 zxHV%Kb9cDPxTQp;Z{C2N^<&g+e@BH3$LIkH#-&f_bO0Lm&-L8hO z8&%@Adg-qO;-~I~lv>mBi2Xyl(QznKP0oY(?+~~v*@h1Fk1f}>9>c+_R`|x2CcOXz zJ@FakX~AofcH=n{Pt8x?S8rFeUH~pG@9&5Ja)vVE)#-wSpX65@N<6QzZcKOhMmf81cUx7}-+ z)3f=b%;ePa^9_SVLC9HaY3=sIpj}z%dcKy=bOLk~O<14LMkd<((;{$@hI>se%41xf zG+IrS=(7{TlUc<{TT$AF)zs$Sm~J1PBmy{yjid^Yqo0+?qfOtM@Qc{<>crOV_UW8| z;r@2>-+}?46;T#nmZ%B7w$2re%gKF4#YQ?BKa4zo8EIDR zZEG@LP#3ajqqGA?OY2d68#z<2X+n;;%l{nH5#{Q-k+CIhN3!5Jzm>yv_S$CAkv3yoca$Bp5}O%Q`zNKT1v=M<6_Tt5omUI6ri=+7zR6oB%H$(STy z^lv{(N$(Du&RHgw`Bj=a7-;L+aqD)<9(l=s9}22@3rVakOFCL&ov5p*Q4P)E#S_j` zD~Tz#)EV^I+7M~=A)aF6{uN|I^3V3prkGgr(eA7+wxv&!2b%IIHP5Ywn)tQ~I`osq zIjVDRx`9r&W;#1~tq0?r2E<}!Q*97u14ro2w5CB(jlh(Uocgy1Pg;T=A2yskjj_Ny zFZiaC;!UH&snsTGe%p#9M^c+PvhsnF*9pgA$2%^GyEFQO7QiY&&r}4(6&A`N+w&B! zK{jks)1adrTlz)&jLFu}7;ylh!*er5%-w5`?z-|-%Ah4mdExUjO^aywYA&uUtrD{T z6+OlP_Pt*tnzrl9J3X_xuOVxe4iz!HvTVJGZj-IUn-8}Y+NP5w1+K*vmP@@897AM& zzy5HehU}&Aap@>R@D~^Nl}F7n469;Q#{`x9@V35!@Hd5?rl}W_+rIQ6%~&8|hveKI>3>9TEL4;6_@Sh+$b2x3Wk0OG^Jf z6moTq1?Vf&ftEkGMiv)$M0KWe#}Xjerz0NRT<_p2>Ze%CKrkl{I_tcx{WI^Vm=Zo9 z?K7<)LzDMEiqO*)(6=@Mn-<78&m4iOu}Fw9M_z{0EzFq{9gz1$?%LVnvW?7~T{;3? zh=!{&X|e1YRLfjV+*J%~2E4%F^gHSRM2h!vlpDS}hiB&u)vXnyR%_+VRkac=q1>sO zax8O!QM?r1uvZY?yUrgF5IVD@t*rU%#e-1N*p}gV^MF);v;)@e@3-l>)SCeUZM|o_ zIp%S3D;zBa3M8RdwgQ9>#k{r>fSS1_5 z`%M)Ikj0lzpQ^JELXE}{cS=rtYBr;t{EQTvt=_`QI~RxItE}zt=MKKt4K~_J!fOHA zh)6*V+XKt8Z5-(6ZkFim`N0QSlPl_g%lM)?;f43-z!xEOw`Fzp`};Tb4BJo5wM)Ai z0mNF#(n8QzD@@~oZ<;z*6c84mj}=BGwQu=(0#kd$@YbUU;sTmo63DuJ+}kX1Zu_V^ zl6@Q%Uarh+=O5gsT-2f_2pMes9y7;Q&Rc))f6GhBv<=Y_()@~<=P2@+q|Gij{*2cI zp_#r{Yh{!8I70esvJ=tpm4AUhwZ_P`(~6!m%2JQH7?X-3=cQ5Vafny718EyB zl)Z8LBJ5WG8)1smQ7<+iR&XDhl$YfcAoatnz@KQl1Bmrx+o2-VhKkrX_(z565r&K4 z`dke^1GG_{4CZj32l!n>W++zNs;TNwzWLd3N`R4s57|*4DpIu%VD-2kXT`5NDKEI- zOXY(-_f*Fbe=oZfkazoq{uF&BbG(e5=?R`4Gl5Tv>E!LEydo{^cF#^=G=1&e#O1RrqWcXtK~#>tH^(%gXOI79VI zmP$M30`?R2dc-QOT6JRh=wM>N7Vjv&a9YJEO=(!Vw$AWuv#+3D6| z{)KJxkgjng9WCyb>lXA*SO@>1Wy+GEnJq57vPn)}b$a%~M4~lREOs48nBJeZ7Y5G} zC-$DU7$hbeK^O$r68y*DLlW+Ao1~*24I4Vr!RMOJOCbgw0KwLl zuAXO`TBDuIeFDe=>kb{aEtRgEgH5UX{MB0WN;h+f*EC82m@4{5Xs*0}Y8SXqasD!V za9<+Zz9E#cEngjV)?ARbws8N-sN8;%zpGlfx5aCIPZyiq^sRahX0S*QPAVac>W zJ>>Vad#w%`}`#bJ{5&FYKqteCf*sJL2_ zys|NBRcoJ|m95FYHO({Iq0C-Tm{m9o2xh6}k_x}D%z0K+mA#X)X3X>(8@hm=*lU9S@+qF6pIo^Pjm|L%3KToGP zZ5xQDy)n%lye-Cb@RfdarP9sd5JZSIkEhgI})qWM^5F!l^uH^?4m({h>T3_qr0 zmoxonyiey!R_(WO`PXsVd(JMx<)ek_TWQmVCh5b5HUUuZ-vOsTpMShAxC+$W=Fh&U zD}ry>8s&}U=)MmH8r8g8PAJqN+r_XvBnaO--0<}xowI@=}W2!r!c8K24q2Tvqj0cG4Lo7-q$yUPKB>a?1GIx9GT*5P2P0t)EkVe(LX@q~dj2I!1b0R59_girX42 zE2PGT52a^*JPVwiPS=dSv{MEQ1Mex!Y(W5eg9&Qaa1Q+Sw`pyR%Pz)~V}1V1oRX7F z(zAlK^gPklt`Ea6XaqbS$;R>Pt#s9lBw~=kn5M%BbELr1-u+FY{`JXgn3_Di5!rsq z-!pakmxW@)rw*spN-z21Q8`NjyvWUd-Ta$wPn_v-ic90Mo1DGel;YiKeBCYDU_b+t zsj9O(p31rop8C(=7K^~=4EyA}DNMwpL%%avLBZ@@qOW;8Cs(k_>+9$JU437&PsW*Y z@9HDD^hwgi&&Iq@YgS9{(JngQ)fX;k7^pW>Q*8tDVrdMRZ~>c@Sq2fA9jU3zuW3d* zoAxTH)dVuq(dkO&2g$@H@4Ht7T}yce^b{C%mOrTlOI=88##GqKh$IBFaNNlLu;B4; z<~?Rbpdl-SEf4+c_V~Gk4KVydd+Pq@T-B^u zUHy9#+d`YcWGYBswc?@W^3y_uH7Els%erf|3Y;jK_pP1^){WbutV29eYqH1R60fjo z4jNh>{qcQB8l7kllL%L4H9mqgaClSr_S0sS&I>AM4K8d#Ux~$;<#FI`&pNSr6D_F| z%l8Are5<)})Ygu6hMM35)uf4uB$*K$3%+lc@teGvI7pz-3W%r}@Po5k5FTgB{bIO! z!e`yG)}#DZs8)`bW}O6O!0{W$R~8<+2aSDI7^0UPrP6!_W)`i`uAKvb^x&o$r#B|D zgcbPs__(}2THbr0)CC~=%)%kVg;KdMAK+)%f=JT1jnA8};r6MhzoYUgx%s=q3 zEBy7Yzg>7MC0tO$Y+`@&|k? z9#(geKpA()%t74U9C*M?O>z{ncA{O8d1;~WxHE$<{=Evq?AG0cu(9}AH{6C5?ReiC zaqDlnhGsKHG=UvLigMBbFCpMBr>iv%oG+QN*-=6-I zlpN!%Th#Fi8yC7ea9>%C!OOc#H6Tp)`+M+EDQJ?_T)=JPlI zvF|Vcl@J$CCUvXnp;!$Fgq&0O1fmrlZr}It?BlD!dGnj*l zlzj+cF3M|m69Dh@L*qw}hMzp#W8*)S&?1K1e=lW8bDU;wb1aUsYGB07M? z1y<>dyp44^0o~BBP=G0|O5Hc3*B!rX&J60iVTGPW9Ndcz1UbAB8`~PJ2%^B=-mqLt zjpM`7>!oIIwAs=+D5R0WYE?nmCyjipctc}-CVb(8rhyBG0JsEe>;2^1GmR&A92M*E zxCW2XI%BQ+u?8e+Z&0I-gzI?hGGTNdYjE7~6}%?2yVvW_sh7l(av+HrFd4p!Shbvg z-^4oz^&PIpe(4KN1&F2LkKfGNa`5L&8BQ{L$;?C0N?rn8VEizP09p0PRfiYaSH%0| zIRwvA6{7&0hDjbeE*jde@L5?7w}Z4tW3ERv__SXK;l6A25KTFsTuBpyov@YHZ_4T< zzvAfS>Ndj<`SL4w8DvrJ(+dgQR}dBAy^p-2E{L6RjFbJIX#52MYrE9W^G(exT8V(+ zG0BVtTgc<#=wuL^x`!TazwV8~4)VtYMMeJxx_kvW@jG@X)8>q z)1#uL5D#sTC)JUu2Qi@3e*9v1xs%`0OvMes-!(VqM!n2}EE-zU${~qjTlAo7;yijQ zL@)T9-P`-v^#C*Vc*}Oy#xn}koKE%5C$z9hGkoB`>3K5l{G#ZhF5g>ECi2Mdvk~VQ z?X1oF9|!L|&R@0E}r zO~%IdjR{6Xx%~}UeA{2ETty~HA_)`BQ`pY22Ek7GhQrpp%@GScK=@0JmYsXwd_I?< zwqwC3->u7ed2Bx$JB>VJnhOZK0Ifa~k94g#x*xC(GSt3x_oqzX{W;I zaUKR}&kQmn)+I4do^I-vSK$3LDm0T4ZT!8Flq*zrGwo3>*u=DL#v0Q-JbbnsIXB1* zKW5nL{+AQX$e2EEOe<)oo1Jv*82RZ+3DruB&5XIl(^ui;*Ar$dUsZ?ld?&(z?}VJr zr0DFA$d`#onK&ZkEA0HcijTT_l{_Khc3LUMkAUEd>E*J+#wX=Sc&UleuC~sY%V5I+ ztJx6KI7c);2x6yN=<`oYQW+BZ52@=1V5}KYjQ2v(y~UyifB+A$AGW$WuQ-vAfu)gK4 z<@du-^4xqr|FC|lxbl(sdVjOMCSmH_cf#LY(C*c`9QFlL`-PE~)-GxLF{F*8FN49; zV{VtjHR^|DdRCvxH}x1QgJ^6_4W|Y-zKsu0NRM94wf#^Q+3=arvF?;eiT*pbZG`)a z?xpDn5U21p^-B3epRuGRW|H*JQZ0uT@=ZnjCdsc@dOUoZcg!ZEa6c0kk{UY%d}dp& zw>Nv9%nGAam&W?9WqZ2Vm!K?uKPoVM@=YJ_tK0F6g7_$$GZtJiwRugx6=e|OGNgn# zQewv&&*XAEEml-aN>DD0G1|vU4^T?wqUf#cA` zc{k8S)#}e6KUZvHM(MmMP-WvyYP0XfW z8rh0MGA-2t!UXClQA*>I@kci=mda!*paJ5aamG;m{;X4Tlb|5+>4uPWJ}uivvi(rV z@>O85)iF?Sn{fJ55unBVKook|qaf@cqMPfODY^I}dMHay|D~@QocbIrPJcr`JmFvv z>lk_AC;@-I?Hu;D0wL$v2W0Hqt?oNMIClfKronG1HAMzi&eNq)Aa2WKYeH#g%AuzrER%AoXCzR!&4BReugZ-Id_5!`Lzpr(NC!cKn z#Fe319l9d^jdqRi^c*X!g7O24BQt1Q2f|1qdLaL$F__+4ugiWS1ABM`j`jDD<5v4Q z8k@xEz5Qb>qs(H{V?K}vl|}ph>qci+--iNr4CBkt9T@+@VQ^Yu`?sDcYj1%nl49d7 zIQ_vGW`uF`hCinqiKb+!eT3~;=@DYGj37n-p)ehJwM88}c+K(VfKSNrLWl67E!kbW zudmuTve%?}Kx?8~SY$7$5Awz}13P^*a&t!iGHXYvEDL=ZK>ftJPtBu!%HCO!pLUgX zh4qEK$#)gmNwU?6cpG-x;Y8hEwsiB+%a$?{{R!L7QL|jOZXUOL4h`&`dxagTTUr(` zi9NN$V}jFZg64=z^&bbwnYsTC5kEZU$mh|@=ck7cqqbA|1GR5Elp|Thi`JmASnFC4 zs{S(KFUc~bGv%zSbqyRTuKL2R*Y`OacV{P91=Svz0l=;W4ri7G($gUF_oLe_SbT!4;~Gr%cQRb)?=o~n zo(xk}jCwvE@Y0cz5`fzH*+i`fP94EkZIJm}x@)~lvxZE$WDmDEPRg$&acPIsr0V#< za6#?9@dqAUM!A4#^Tsh}f_=xh1QAPz4Red5<#|WR_k=X__7~*7Mb>__xtsC>s&+g} zkUDF<5aqb5WDMWMJ?y7BiE5Ah!AgQqTZr6;aNjHv4hOXq-pA#!we{8^uO}~puY-hy z_5Kr1UPHxIB3)mf*`?*1I^>O;F;|@`bx3_S0*ASb9+Vc17w(95HJiva1;y8!JoPtt+ZyO2s?_uQBM{6t!9FLA^le%6( zNW-`2ar1@?^p5D!9vHxgGtYI3m;Ps;U%vf@6g$kd24`dKWaxs_&snY`c0`BuJ+1Nk9)F(qA#oElD~gGPq{HnNH$qR#m7r)e7CMzw~S;MeiW3$w$*|_=xzyc#<*f5jHM!OKQ!d+Fd75_k6 zXh0e&WvDM(NjoiBzT$HSg5!0r!NET`v{OgPuPuw*ZMh~}pCJLCkj5=@W%AWixtsb% zKRc01ue@$8^pbI0%{5%SDDIgBO{B9Jxbz@-W0pt_=oG>h8QwC$kE7Q4>rT$v zUvNxv{e%19QNK2KQe~LUeyV{ZIck2$7Nh#Dn(aXg%K8);?h!R4tk5Oj(Wfc)$iU1S z^YU6?%=@~-W*Bkw?*2r-Ad)SU1z>XJXXe>?*a>R6v&S7KPs2hbH-QwHBqcP5V=myKr~Ln(sFYjmc7G(Jw#Yh)*$n= zW4|vD-=WT;L1)a~hWMSd`W2cmm;7-m;|Dv0{*XO^Cof4snLS0u{$kq_OY>mPktGi; z>Kljg&%>7iafis!dHN}*>4gYU5z1~r4nZpleCYX_c3sd(MhP6p$@7my+wgQvA_E9}DVD-2Z?6(w>abh-y+pB{nWxXz z7l=pV3n$0mr!mAvH}A=otsYMwif{O6GDpN0>XMzHe(FAJPs1;q>+(}AYZWs{>0NyQuw=@oJ&kGg)6~1u_jwGB{ z#?w6?59J!i%xDm)_yo>hf=Aj5-dU*OH zPAuU&WU2A0?u57tfBVin&+52Nk{+3=soD?bHQB4_ZypzsN7f+rdPLnmKGqxu{1uWQA)HatAHL~@ z@j}qoKTc9F3{}p7d590yKL^Cje|>tW$Y`T1 zM>_990c1iR+}VbfY4R^uJU&y`RO=~$XZVM+*j9)8SV2b?X% z2`*js02U9WrO@;8*{G7m8b`LX2t^PDj=!P(8u|{;(71OEmWRC_BxNb@uXvedF8%B| z`61t-x)y;3h42uTuxV0@km%^E%4@jbXUMP&csQa%9I~u#J&k+zP^+tba>3tP3;a$s ze!YkAwO%tPB2S&KrqnGGZV=87{{_a31X=m`frsOoF05t1_0WnRZ3}emK{x%&mW&~u z#LH}KTHryO^MaFK8? zmal1morEnuNKH7?U3WApY#NgmY7{TW5}SrjTj;})6I}2GUuY%gEfRGDV8khp+u!fS z9Gg_UCT>`=(v!N>+o;b5(Sg73Vk)&-GP^ z%+a(;!lijI@KI|`@2|8F@ickU^RvLyC$?3mawW+NAYz9j*dF93-l)d?d$)$AHcuW{|v79-_tEP|Bo{)xc-+2 z3r@cOTM-r|9^zVe@1isw~w%RuFB}%ty!=W@ZUwDv-6l_S0; zw)g46u(uq_!@bmM?UsGUeH@Q_$p*~166B);mK&U`^yu2|^ZPvCSc3^24bH4|ce|pQ zEQ$`|%Uub=%lLp1cI=67naickp6DL4xRu9@#oDLt2E(1VBdgMec}AdXST5Gtku5&izmNwDeW_TVh|tY_lp*y+jqKc7?x4t<@I!N*riepzSJ}bAM9aeXXPm+6& zbG1Vi@n6?0q=sfrP$_dd7UoTwdE{-Vr_LQz`KIP0Z?{AFe^6k)v3n%-^7DH5@Ng&D zR<5mN5YNr2QVo770ZFT`RmJH(&1>vn6}@3)94vo^@xG^ewmvei<+T(IRiK#iK#shx zQqLXcywuMc%HX}-`-UQDlnz8Avc{&yN2**3zj>3NN6uQuqoJ8|%bm1=1J^s@L}Ic` zsf>8A;Nuv>732g?i&$L zZ}7b_ne&2L?J-|SAe=mYg!5dlZsSVe?vRp?C$sB4XRb~o#lJWb-Qt)P!FQBqQ7H@@ zR*Y!|qZ>D6w@KdMJT++7G9luS!|6wZb$!%z98vtyaP8o!ZKk0j{9)?DP7RR!Xba?_ z&+}(}1Q%a=wXZETFIS2q7@+TA_rgffV3LP@dH3xAj5&R0Rt*6SH8)trA_nZM~t zuX+;To<=J=0}+K6*F1)M+8!Y;estiJ*O1&&=Cpg?4gO>W@Hmmt$e!hhEA{gSM>*`i zq4};4R^%U=I<#u+nOSgkP8I^GZ|qp9;AaSodoCi;?^O?zn%mB{>wfRaRYY`=LO+T} zf^;nI*0acjPc3w;ACZ`^zuM*3%D3Lqw)zvuv-X}%6IpZ-C!D*Sx?@(Tx%hpf@<8iWC}mI5 zdQLyyr@riz%E}tx_{;Q{*13OhO&!QJFA|=I1|M~{bak~hB6J>b#MvZ*SsWY7<0bhv ztUDnGv+YZ7q*LrcdP;mszP1~na{U+jC2Bo!vF1f)BXDS;hdo{Jz_wL1M_3}B&BfXT zf365!m8%~;IC<@`VmB(w(`hxwq0pF+T&S4vr<2rrc{4*YY!X7^R zD&49D#|@PIQ?*PtrR`8>s78qezw?PUL7p)csMDGR!jtvvPFTb_K6qe5a!HH+3N&eo=?aY@iA$Hpq733MY=7|-A9v7p+KT`r`^*@>Rv;bp_zj$&d8cPX% zE4n`m{Bd-za@=@wP&d7K(!KUZ1|f{1PE}i~VyPyda{Np#CbrK2pZzO@?`~7O_C)DL ze95)d^&{;%uVLgQfmjf-MQ{vd@AInRbbbYJ3w~kWR!Y8Ufig;Dp&D}l(r7Z36>IWc z=-Ys+5WCf7*{+ZZro#P^SVwbXoKnc=7P;`%W_-PJ$X?ghH;)|^#?|riyBoeqBuVIR z=Rexk@2i;&=eib|1R^6!*opeN`FH36sxn6Nr!l1-Mu#9R8&#DyU_w;RTtC|7ce7Ke z3HX0-Zf#OvwW-)O-6zZeHr-Y2*O=4`8JWVfBw)O_Gc;2I%sg0J&AgxwTqErGMUU*)Qg08p)($dg_1cx zqOHw7#XJ(-WaBC9%pQt1|(Q(l9!I#XctrHd9vo+W2 zw(yHYHB-LP4J5Wl)ut*Id6`Ny{?gUUM7Pack!i&3Omxdrv(x*sDv!i%h1PMcVVh;l z4@QV}wuQX6hxPgFx}Kk?6Weu|UuxNy+&QJ&gFY^|P>AXgR21uu`@esUPLOiN<&-dc zS6Fa_ObYfaFYIR@G)9+l=w4%+vWuSRW)$$K`V@NI(N0-3JXLC$Ju}i`N zHkqgT*_CHv@QN{SbL-vRsGT*sm&qvNlOHK+9F1h}AjAM#X;~t_a#)!`X?_^t%Wonu z9<|^iYLZ(e4jEwQ@97P{?!#icyHZ*2YkOS?J)@xtV*iT@$AOXhw3rq1WxsR5K_OvX zkNX6XexvC1qT9eLQIFk&j(t^zRA&#Tegu`&g^FzOvs2d~I=8Lns?J7TB3I1nkYh)M zE%BSn{#LKc^~HWvA-VIYNPF|qZAGDs_s=G4Eqv2J*(A!{-u)x;m$?|4r45{~&q`@i zH*CH3r6s)iR!n7l+(?&8Nc1EqW4~S}hmr9)>ten*G57xT(2Gn;X!ZJ(Z5hX@f#i;4 zS$9LZ>o|`GJuga?^e)j5!1zVk(|hXIh&5523YtE5{w%Qns~*?6o2pa$A6$CPYwcU( zicJYNN~(m%?sGb6-jBsN%GZX;k>RukvZoo9@9q?kN6S0=1Br*HMi|%?^>Qj>$STMh zkAN$EH&WaZJW&phh=F||DsJz;w`A}jFAZ44F1`KZF%jQ}7$nJV+3S#gpN~?7{KV-m zD;=SEARIkZ6v{y=TbhmbJq|wbh&mH4MoE&&F=yaqc$xG4>uM78CVPH~`@JY1`dl2- zPPL!z(N+Lv`}oHN2ca^lDHu8>n~?1yWa${2n+%8DF6-?*3yf6yN(3(_fd>bRDTD9N z3+F-H;{|K1>^-yIW8ZhLJ>)#U%^ujSM;ntK@f8jkd|(k|+nYu_#?cxU6#m@O7OIsq z*7)V?kAT03*$J_Zx@88?aS0)qDi8f1-1?e978<%eWB`uzU=?p%y7RWiDKijyT?K{`Md8POQ`5{KtuW4qGnudM;*@d(vpj$Z zvJ6{y>QeVl9#|WT>Jn={)}Dl_6C*ZTr!EO25w*mHJ0R*bIhNn9%rL% znOhU|;Y6PI`D^tbL9KVQtekNxSA!}B>z&z8G1Y}-zM0BRe`F3kaiq`P>a*P@3BI|O zJ1a~V&NnqbPwPNx21W%LcP1HCek;DsE^&D>UodeVB>hSS8O9fnJpRNS$ac{-@9z%R zE@`i_7AAqPWZ4&cB*|))x-?{u+dIC?SY@*5Auk^jCB?bYjT=PClLy!I`+wwAkt;p^ z6jQwUkQ_4Mc7Z54_sdBv?cH9p)pGx&!us$wv5ypJlI(3UU*|;q>AS{Ak(Bedgks;| z*PVi7T!Bm`%M0@hm2O*Mot)DCJd(*h3$BOEB>~lvGeT`6l#S-QhyW}nUOFNAEmBD3 z+IHNF-tJM8biwTVf>>84Z3BMxBPt@IA>L~Hov(v=G2Q1@3;wrk3Sgq)q3uZI^&kHc z{vwk(RFrMme)$hh(uIedJCh=kI~V_%$!yD(LH_&3l|VmJd6wHAQNKA~we=tXziHgo zS}&|W^WCSeoZSJ9MY_!6fy+VnMkTl+4hAPDkt4k4-Mlpc*iYA)`M=W39@q(LnS$qk zLQ{&*NcK7wS#*@SJ8Tl1 z<1tBJz8XHTb3a%|Z!T*P7j~Ph=|PRA7WAZx{%nY7cJRTytoQ_Old6Yim29l}O}#O< zwFO@2sKRs+DySOPQl!PJ@MN(Yq~0^%85Z2zm!=gqWB7y zIu#PFq76mv$sCE4scN*YAXzVtk;4y`s>?%60{Zy{EMB2nxxH~gtI9mWWc?eD?=ydT zIdmxbv=*}y6VYEa8Veu(wzp()saY2<2IoajbrOabw?zs_yX44vGoKEGO7{p%laecv zFHTu>NTQ9Wzkr)_it)?dSM zbr{=@KTk6Sm=?|3XT-0_V{B*bk*Kb8rZq2Q zipuSfAI)z9wKMPAIC;1^^fJcD#*`Pu_GT_$>9@W@zPBM&?Vd^R$fT)uJ~KA3A+gnE zQ7ybQg_W_s==*+r>v;e?ar3(mz;ssltbyII&ox6*!bv;lG@-|zz3;aCxzLgZ3D4b#Th9o3W^Ch4TyQ8bfS( z2r$y#K)w4(h`x(2hf@&`YM|FPcG6rW)H$#+5;h^)6qi4?ljrrGZz9kbKFchtcSv|h+%1GFw z5@W0nk!-iazW2SIm9YIxgd1MCrt6I>jl5P2m1Nr?1H3+V-&)V`%F0)C9p;5~$gT}M zfhKW9GF|u9kuVev)YLb8`IlJoAP7%~I_PIHY?L!xFz-HF2il3AL@|!)Z}{PR$kCCC zsM=Z6Q2DBb3-(i0O5xyvKdsMtvO+rj!ld8@tA0&jD=_wO-EtG5ucsZD-v{cOq5eRY;22b{$S1h7blD0*nk$|iP%awvcS}8p z!fBFCYVo?Q#`TpH;^_CI1aCwRYvi7~0Grp`f6zLqEiV|h3f1WmMqI??gM%^LiJDN9 z@^mHp0-_Jh%Sx-ELD%alz`5IY&C8mDm{NP8F)7ktd(;66GCQi3f{OS5;4t;9#IPAa ztERZ??Y^TQ`E+5jByp{_rgLF(NTYVl%_BDtH^BU3?W4Mc?+RVB=qm#mIh{SS^@B|e zu7S|vg4G_fF+G~}MLY*|#(?9{D@Q%fZ!I;+++&2wa#u$7cRVT_sG+guBlB{Y>7re{ zNCL4t11UIK>MXKu*Dwy_#Nh6X@GXcjbFPwlp^H?1U97!0e#2II<1yOtNl7PZer9Q2 zP{!vWHNi?^rb=j+8{Y;%e?Ay3gBAb(^UcP^ffcnC^0=JG5AkQH_JNp;u&666L+?(Vi$y=-9 zOKKiS`Nk4(_eyciNusx!=GrOISjFyLEJ`H_kEQ^>k9{V;=*nFei68lyYvPhBlHCDy zNQQ0(tqOGMBjkB&@QR}9+JA4I!+sa|P4qMF2aZPeJ;09{Tw87iXkdO*JCBl0TeGPu zo^AX=*X8_`>WY;Hw%bx#Ej7pa&4;1qlr&yIc%@Dg|L@aJA#EAIqyowiuY&oEguLET z3hf=q%c_Tk+CAfYVZb^T4;v9h@t2=DJ{$KaD+6is0`jUM}k^*Sf9w^-*Jx#xr4)<`qz zwvT)#ftjq;YYSpxq1y~YPL9zFJiqyyb6`$3fRs<&8%_Vpi{*Ss;kg!vitc zpWKTz_~1iPiHSIe$PL}}Mc{lbcfuT`ep$fx)=vo0^N_dfaTZ=RQSKN8kSfZef_^Xf zT1v?x;Whrxm_t0Q;!=NG-`^M9+iTnAH(isRKL6n8+;}d|fbPU6nZ*^*hW;m(DnrAv z(>2%BVkiGu+skSkn)qB{3FD;PY>hlv=ODTq`K<^9xOQu)utz-+=AV1xwQ9Sl8A4n<02X!_rGcRhm=hK`)ub^qWZnW^0}Nr<=@NjypS8`*xGPzZtZ zvHPNkhw=8atBP~F^rnkaHL06%84GoiH%M_Bt2wf7hZr!w-1jTb|7xA51Gd&BxJxis zFiQ3d{j7QC%g7^30TEyGUl9V_Dpf1qJCXRIK!5np=eNuNxEOAbTb1O2Y_XM>SZ<%06^4#ff4>Pc=jVL-IZVO+J0UiE zIn{&wZBH8N3z5B_Noi|da*g;y_1Bdc`365)kgEi$+S`qC=S#cA>ni?NbLhblj;2*7 zeL9z{t@%9B`9xs|tG(XRGxu`&p0T_*qb0zK88zh>OP6IdDFI^j#*TT3RY?_y3|qFV z0l3hFP9itD{z}f6kw7-B82>TpWYAHg@Qs~N-VTP^#=u;!i&1s&YQi|TiS=I8+n1^e z+FIq(YGY-R34oyjt|lvrn~&+uQht`2W$NBE%eSrP{KW?$F>RxN?)7aa95HX^BuZimMh}iL(9gJg!Kvv zen9%G*BjSy9{$i(s4yMH9TsdTF2YGrzR6>k#{btO)Y~PIRw^W!z5c_`GE$rirIR!_ z_hw~9Lne+jVObfw-uRo}LA+;~)8PE!V9o?sdg6aJxpW_TAaNm?gs;v?u!^@6Dbnv+ zZ+2BnUu!cf(2|pbsMzB0T9d3Et9<3SKl=A1HIKTA!Ggjs?gaDS6DMBFy_!C{fKL8N;c=)Y=2k^wsZxBu;Oa<0x z{tGLKW)0gic~)~m?l!A(>Qb*Y3j*-pAO5OHbl?+)mTrtHC zP`t#-jXwvNW$65V0WM|RZa0~HFLL+p;8`lrht6m}%6j$O_7d4F`Y(-Q9VOZ%q&^Pw zv<+lw#kAKt>ockX-z1JIhTL=PR!4kaV$RUfwk|%$`D&oBV3NaBeQ`<7Jy7v3a!|4B zYuL~E;sukY$kWZMcpq?OqzU4NYc;Fpd{qZ)rH7p!1Imu`yZiGmx}M>mSvX=_Opzg# z(A#Hk>~|jKKY%jj!f8YU%*pgI>5oMa}LF}?d9NrWD*a6E$W_=}UDz5nl zH-Zi;UTZu7w;!deZMEEpsZ#MgGW5CODn5@;)!~g>?zBYtU?oZ=@<@sjBj@JcN%f19 zlgR)gTOOtf*i%%$q=lhn z>YDQXuq@zRadreA_?28}wV9sqw)BD^|B_>+X+&T%hP_zE(Q-VdeiH>mbBp51B@Sj0 zVI@+$vFd50wHK4~t`b#(+K%@O=H++2wosbKscZ+JOYbpxHf!L*ftBCFu*X67@J*~R zbc#$)cd={n(-@UBNMujoXBi!N1}Em|xt%*If|?+`#WEKz&-Y5+u}J01EWU# zX@jdO047mbeW8G z&`PW(Ko()lR70rTyBAahbeE;B-{5Ri{v7X{2)s=n*l@^fE*Kh!S5Y zt@sZo11=-waKiIm@84YD`BSI^B&Bp!F7;MMrZ^&lD4>h3e7 z$HUmif0eEu7RM_f*qt}^ER~kCmF2AhT_0Ra4TGTfXv-H4HERzJF1TAk4kCx)UDv#w z7@BxX%4Av2GCU8y;9gS~e~xOqrABAQ_~qjw2z>M43D4c|T@ogEBZYqG;o!=99c*rIyx+iTutm zb%8GY%Ff+|hA^W?>_eYF=8Jgc$wY*&sX6sbV??Vs{E(EFxMLxq5WkiEx}~-4pTW`y zbS4KB!9G4pmJLvYFa=Z?0Pn#g2Y%6D^(2edSDF42V!odp&r4=?5%V$+wcCP>JziPW zCnA$XnwKuscHwwrJ`cjSFt^O+Djr);m)jF5f8-+-K)hsaN>v=XQSN^#ipcCjlR)6jM$4K)a(vvnsn2l=TyX1 zh(|}Eq^Ai?krVNmczNu>jQ^&HXXOl(+nl*N1iLsvueS$=4hCvZu6{8$#}sh}KA2Z~ z3^5`Pz(iW1tre#lZe9nMG4>Th30BR`U9;+R7EUBQ`=IgJ5D3dH{wrkzk;OXS4rSh;HcazB4QVj5mO2@n`Y2sGDmN7*V`8r5X>O){^b6!_HLXp}3 zLD*LYwH5V!1}nwgwYa-G6n80ZEpEZxrMSDhdx79q9Et~u1oz@@MY?%sc4yvscHh|# zcanU}Id|^;pPyPptZDuxmb35NyT#um{K>Y)#m`AAK{UpLf1qNj8v72jV4LH-;GS!U z=Xwgy_|cU^UVAi1v3Pq6wKD9L*Rpg>*r>d@Ioen%V-o+5SSu7C?b^sl_A6J;Snw`E z(-fr>l)?-BOu3$lHzTo{qARLXkvZ1Y9y;1@-p~V`c;a(R4U8lSQrPg;zUmm|VLlO& z#p7ews>!YWeM6rd5+hVYYpc`rEPRprYk0U`CvP3=kpqdFis7@2Ws03DfzF(G9>x%0*Vo4h7b)H`6`I4UdV{>)mc)%Q5v8-u=Vs za>b`PxsbNRx|yU{hFxabnu+)7_M^jDl8(y}K+R_vU_Zvmk)_KHsBk1BXD2`X{M@1q z^PKSOS$*CMuzcB{FXynhbc5#{YoQ?!TvPMW?MDMfr9q`vgYn4TxwxW^TGO;S&qa42 z@ZCGH{bD8@pq4~ljAsbZ|@BqYA3CKo1>^8Y?#vE>|*C`AqIW)o#(=ScKz?N z1eKGb!sH=y#AQ4u-3478uoH{^l)W3upb=_1YMJ$YT_f2kzX3)h`OS2)wSKXLu@@>& zOl4v*Z_qG*^YJFdqT@ED3IZsl_*-%ZBXx|7m|?$E{be}oJqGGf=`>C5w*=k<_h(}w z&epMFc&nNfZz@`2$$Or28 zD2Cb>g8dD-o)B6mx0|Pl6-P8YBR;Ku2@KYvt+LrN8;#wbJ$w1%=)_BOFWVM1VAoO; zf=u3vI5iC5^84Z`2AeQ*vcmf|3;~u^_}L@ESvbvzIhLX3!GTK`cvY-bf8U(~&FuZ6 z?rF>llx0MsaUE9|F9>HvU6~apwL5Z0eAC0yUwH7Z#)H`f%~p@DaIw=Uq^4)0+KKNA zDl9GSz00Cx5z)FykFF~1{&Jlx=*fdYK^7eZ0GRw?SPm#ichMtLtAJiyyT${j+>~AV z!c1pk@i`K>x_$q1%nkxQGXM)^`KJ1eH^8zlnSxSf*T-|}raZ=XZ1!D>rv^rCPM@MJ zn7pbc2)_oE>-B*M+H~;`Vvx*jCSew+iR$7F-v0)ekg=;}2>U3@`dBCP|CjfWd$I69 zCZXNMZRd0{8V~znPKh)aBhwdd{6T~mahjw>SFM>iAiTAv$s>X{j+2lcj;N-~GaM}= z=>dJz+i0TOdGs^3{F_}JWc|w9apsI^!pAw836`TmZtQr*4y$hC4|rpsYJzM&VP$=c z#_|GQhQIMh!A5b^RRA;9qmhymYeJCkOys93VkMf2Fzw}*PYnCVu0qmq>qo|Jc^+% z;{n$}8OmdVpI-ozk5j`vO10+5Ui7DUqn3*Ev!PD`5yA@}b|*85r8SRb2asY|izVS` z0CG=Smv{Gl(FA^SG!A4mCN(l&3U!k2FxrM;<<&{ClF*&yZfl9-7n?p(h1nE%LCPbf z;w*Ax{7P|T^ZC95Q-N zy5TUD!UVr`k$P62TX)3Vo-MOAXQ=!+=?*N#Mba}gW**Pr^C__Wju#CL;R`bO!79+~Fw9OQfXbPyx|+6j z9+Pk(8?z~A+VeryPHJqDzK{E_I;mP5S_e*NM@F?NDn@)#1bj9!KOPQcD0cpES7uSq0T zWXIFw+lb1f3q)BN)PyFSr>ZQTp~Abtq?4WUAHv=mAH>^zNJ!pP-*Vf{Dg5HB zc_Vk7V*7BfB06$Zt7}mFz*uD{I9(ET&K0`qIvi?J!&(9d#CEKL9-ZmeV@gmPhj59U zr9JO@@@bd<%nw#vqERLq_kjlkP<33-hIy=w#hK6WsR2s?dLd9Unz%GSB;38jS= zK6eMggov-YAcMl}=7t@yM^EyTA_PA^L%aD4gWMEG#s|(*qobc2LZ=E(Dm&f6Yqky- zC9P{TIK^_GJ3AWyXUNN%W^( z%GR^LV;rd9CWADGS7wL^KajeOABKV>g_aFTO+)?Jy#jXF$&Yo_l`K3&4K?*37R;SA zJ4V(udG}=YaLUH^BN>4ouX<;~f-2RDjU~k@J>2luoLLvcvHImUJ(Cl{1RG7}{bj!G z!uQxC#ZB6}(dG>o8#fmZv5UH#2-F1->;^^jd~V=_X2nNeiUkyQdn5o0gC<@1`h?Hv zVzauOA9eX(akx%Zx}4%Y2}&SZR$aJFB*BrB=+>IJ?aJHMcr#m*HBZ!EuJhxFY2T}O zCsd%ZWM#s8Tq56yXq>i(7z9Pkx^4UDyj?M%N3CytB?$ijIg|qNQ}&ERSlOH)Xk(C@ zA#p;ldAX_WQYN>L7xDLaye=TU9|DW4#9pxPoYr?*Kc&W3xS3bA9h7P69r4IJ`A;b~ zhra?uX)r&z-6)2y!Ts1j0=J2H06of{N{2S-LVxY4w>RsbJMOfqacL(=aGaE;Mrb4n z4%9pC3Ut4U-2&BB5#7M`6T6~}Fw)KTt>$gtQF_Jye{Ou4W^w!H(zF;0sEq?9P0cgz}HZU%pp1&dZ#;dT#xe-_t9g z%qhN>R?w;@-+0IPQKQCq$(A0d>o?ooQ~8FMP1UU&=(YH^y&$sqSZ3@j<8>{IpiQfN zc$)3_ThdxZt`N_F>d%q6U^V3{+fDA~f>Xn*+9A}GGNFiPBHX0dgC7%jM7*ARV?wMA z%{-m#65X5B;?%ghqL_Vr5n|sL?i-11i4h=%CL7OMT#-ywvrTUCQxd|memN+1_`dgy z{_-saFN4i8PAIdC1+dt>EY7r=-sFRz9xar0Z*%P!9$Oke1#OKFO4yMA3wH1l80Jz~beN0XApg1$&ykRFn(1~t5Hl1J}c zz2}m~XiB%m>+5|D#dNmM0E19!FT*b@cvKM9>bf=6zg*m+u(>UW1bQs2J>{x&f@v1P z$1-U?Thy@KA5T7tgq<(tmwJbenJ5^{XdY6*m6lRB_*%*%=9qyjEdwJ(?M0WP@281% z7cLx17Sa#$8_ZWw%RR$QP0IFN40Q0DE8}@>A@rENAmnDeXT8u>z&mfFWwqf6wow_j zlf92J7b;c+fYfcdsytDnJ>%V;*MD6)<|0=OrX|7GlLt-4wt8e5;XWg~<`0s&3roA! z#J*~ER!=7hZFU!`#kHZqVIfr^#t5ntli|i#N6nGlcWU}MoyDB+9^E;J@b2yxYw3Y~ z^q#v*?N)XyJzE?aU2ccui1T74py?$kI$~#$QMJk0>~E0``eDu!Gl+ezEo{x=tjNM61iI;Gelk#|+D$qrKXWy1RIUa8GrQyWT@n5bkY+>6`p&@Rw( zsV$XuZX@wba;YQu6g3IJi4AkQ$s@;w`%APxYem$qRc9;a6csgm`l#+Hl*iCX_0I6? zOhE#c;K#!U`kt}uA5|9p#OwahWbI=1XwQL3=hb2Xq^_d8LBl8Rttd(1;j*558Ca}_ zTMUDQxQ^U&eM<>2dsNx7^2)Do!k#b=nWMp7?LhNg(M7=J5 z$cX2fYucdZ;HHCRInP!(jBO;xV%t<=^!lsYIe>e_L3B}LT@HnhCJDPXp#$0wapJke zQp!J^vK4Hm!l2C z)eRFFcM}AD#qYtVF2}UuopDQmYvW_{hp!Xs@t1$BN8GFl`-XlLuLq=jYKhOdxJ#$x z2@aJrVH_ZNQOQMgO8ek4>ZbWQ0BtBuZhga-Jg@+SvSJX#AU>PtXT89KSG1bcdfoz% zH+~k&)9?--)`Q=bp(jrlhRQCGo^u7rK@*Oe*l?scvv549z}?KYB!B{SQMLTrD)|;T z=eCA{=4yj;##Z{5`Bq`(QZOYJXS2-M6hJ_1@jBZI4OCMlDyOB%Qgb3Ng5J6NJ>9e% zK!vLG>7M#oBXP_6El(>$#yr^83vJ~x=7Zd?3qpFA@k+eGkmDF1YN}8h%!MJV%%!v( z21172|A2)44?F}nDG#M=(h%RvKSRNNj~SaLeIxInJ#)JdV(UdG{Qb$eXR1~Ix}zT^ z>8GYw(JMiN-=H`F9nJf~3p6Cs>$O1V4N99Wd-)Driw|s}dAAq_sQx8MX4%2NAY?0G zaKaPY&c@yO`FK92SXU<%tC}}Gwkk5ZGUn67w{c3tO^!YmNp=G0fx_r7v#j%|@U~;W9yzfp~J+An! z9_13=mY@JVa|m|r48pw@kUHLOmTNxBfuV6l`Rz$~CzY=N7lZ*Jyhf z@lyVs#T@bd1L9uH{QPgNz4j=C_P>?$K!ZQ*YCQ5g+?OqP4gCgJ5t+Lf=>Gs_TLVWc z-(@s3cCo_&BZA69J}xd1VmtmSoym@j(#U9`)ava-8-p z2;0eJM;{3y%jsKN>vW>S7CW2xG-*EPr^6S1)hKcG@FOR@jQjF?XIrRYq&LtDx&@3# zgVvDz33p42jpY-v&tSpxyI&>B|S}JomJb{PNyYC#|ddiu$T!uXdQJzwY%sB&GmPsY>d8 zcyPy_tb+b?AnF0j7lrFY9ey~rE}0H!0p1Yx<=9@_vS?|XKhCux{i`pt9W(Iwz{%fy zt={XM?n*X$xB6?r>1^mBo(*^x>=~gF|CrQ#ul2`nu>gM|F``g10fSoE2CY3EYwbHU zq<*;ogm+f%b^H2xDCmayxbXgn;60cbV+V6=sGc(ZGr@OMxV=KDqiz*%BUep(RxBj|r zwNJWgOZZz;`mFoyn#oG`pQ3-u4;UqEE*g1jsT4w&*>NVNBc@`lxws&y=TzYmihA3v)koT&%(Yx?zK_+qtIAI|XRo|1fMSMPL4wu0ZNy=S_tP&YSz9!`8zWJ%WE@fBNIn{f|tpgNp7NLr@fNQ2c(l?b3L z%F@QsU|ek2C<)QtRZUlBq{F?!aC4+CbJLV2?k&MfeL_i=K<|987eyq8(~PHF++UwC ziV9|PJ!HsX6vdlq_NSwY^FsFfdX!$i&6{C}(0Ld#Z1E_7GFbeR>LSk{UIutKSc$K{ zeyvzi7sI>rAW|z`2m)1fU)0n!5?fk-H|8KJKh7TO_{$=1Z4h>tSN6U2~QsxSM!#FyGwK=$@T{^Ma8aCVoj1BfL@MJ1y6OU%VwwHBPt;Rz$= ziy;dB`KG+d&lHSc8_*);1fA(N1ZRJ|~9~ASU=O>iSv` zxFQA&G=b90I>{r+WDs0i*ky`ripFB}&he6Q3;~I{E%uJ3Sq?(*KCC zh?i$PcpHqgH7)-z2@*EQSzZv_!lJ zACYJ8Hpp4xI``&6@76S`C{{K0 zE*;^6db=7vTjOGMN{$l}2|`4x3TX96z;N14-?putsdA8tqfT7^_dR@rXSrZ-Uar5u>Qz^70u zC>0+>l0UAxfMI z;iY%tu;y5dYdMh8&|7WjyjrDvW1V%+Zh1*SLC;X(z>G^0r8kNuWK7ava(lyXr>_O! zGQxd$`P>o=yql=s-1+LB0+4n+=wOnh44Ibvc6DTYrCk{AVJx)CYOcGmbnHPQlO}T% zn|VtyX|>1nH0qKpnO@`3U%1&XmHA3XPTAg+J4gXZ;cMvnYja%7Rh?zX6X=yC%VF^m z`H0M?p?!egHzI6L#dNT}D}JUCNLFVMp8osvL$*d%X(r2<| zXU9GUAkd?{iQ5vk#>WhfUisPQxyxc%WqSihxBFVPb~nIr!hPc6Ys{~uVdZ9!#wQjf zuImh|KSD5)^}JfyCQwZTQXkPtW=a1Mfj^Uyn*}zt25Q z*IP07M8&Jt{;XoNblYBMakVasUkmOMzL(qh{sUwqj8=N~<2#%oOodK>qUr4YU&DuM z;LMj1asL4b?Q}f@nXbNL8Y!Ui^Ea2x7ynF_W|0spr6f)XK)-*dgPaVKuFz%DwkUPD zd`j0t_4tFq1AQ3VWaeZ>i?Dh)5o9C8ucyqc1+P@lsXP1L$SK0yy7rsiaNRF0ifHXA zxC;X{PZgS*S`4!-T0U8(=$c_#gxv&}?e*EAIN_Y|Zy~qFc2;tpEO8pGO}G&JQclJ< z-kZyV(`}vR)|>CqgB&J)?JC(YV67i%$~LpKFw+=t{P-M2T`z|icInVZYzI9M?rHZ# z>?*)=ATKB?P~xo76N#l^*}92B1*|`X;<0V%=U6P0C&wS=TZG9K7`W`2cY5Du%D3ye z4lk@bI+FEznn_#y&jeqYP32lsmZe+T(>~!Ibvu@f)okXwxNN`~%L%BN+Fd=fN-jY>U?Gzb zxZhs_9xwLD)SSvLYZa;`Di7-%f8eC)=Er^}O^_I|UqANZ@&=E-nNQbwx(2xN{Lw-uvUP}q z_*cVD$YQu>ampFm~!_?cv59w~r zV^P{u$(qOHYg|gDYX^No*}mWJHBs1;wzdb>jGqYZ5JCNkYpocEFEz^wbN;JTe;&k0h7IPN^m zBI3#&6|n$r$@caRH8u-2#eMPy`F%fPwDgMzZ`TvQ-1=`;>1BG2`p~VaZS^K!2SbdN z-x(Ia+3F1@N&otOg~XcrSL=>U%#S%=`%ooTbWMqZ@<1`95S+0zYV#@+;64#W8^NP9 zz8~r~w#$g!Xko765#VMUR43y@V+PU1GDP)ph;sHq-`{>?*461v75Y4QPORn{5-jec zm>Twl4(vf#f9XE{O{cXpJ=;+!h~QA!f8I0)$G zR6Q18|FMIP8a3Gw*(EO&six_eKxf`?gF&BN(>g~!>?_$T9^#7mO_Adx>oN8uG(|nF z8T2lxnIgW)G$bI_QB~JU^zG`kU6V6InhR6!NWct1AADYcV{B|hnV`R7#^Kf^@e}^< zqK>ace95FO$I6UppGyV}u?%zEcO%-Pp zwD>1sr5(0Nkk!hFmvW8Ey4wiOTK5SbIOK+^!@MB-ShY9&kncs-Q?V{E4R1Z+PtRkt zV>6G!kMXH|H38UI+cJCo-)mgb`ux7z&bG@~@|lbx3Wu2GMBJfr29)jYZE1WW6DXW; zMbK$#X+J}C))s}6WkgotQbSUhH7|veqP$(7E82(leMrT@NgxXH_`RnU zx!SA#b7h-;4ypZX`*6K+3Gg#*6!DU&b^@Se7-EQU9P10w)vR1%t zEY`9+2_!I?166;^P`LM@O(2lqE0*5$vN$R_&$)VPI3GJ(=fOUG>wK6!yKMdkm^5vD zYZMqW`UfBY_fm{0$_+b35(!crUedpBOlv0!;Z^K;9X$2M2jRa;hYcB|2?6`E1L{xI zkh=VgMe%YNBnLcMB=)ZmHD%<2uEmujrROj2o*X@VJQ7$O&M|$Ow=G*bf{TNqQb){J zHrD=Z5s4^5zE?Xv)Uz$w`_O$Y8Y6O{L%O5Exo=?Knb{CGxYE8~`t+kWQOA%kHT;88 z@E^hBPMEQJd?cMhUZ@fa?n|PIX^fD@Rqd$?-Xf4}Y-LT2GpH;!@BGH|C}V=`IsqEo z^ZnHtBO3CsadzR}D?5?y$l`>Hgvs%%{g*tGth3~q{X}^V-8I>0TSMh%a*n9%mY1H` zAcl#8tlN)7_YIdaDZ)_fg!o{j8e7t-d~Hqjk87W;=hx1Al-FauD($?SZYVDm>i!oo zhPCyHm&jZ$gvIdylr$ZZ5%)U9;TvF2ApKNqUU%Y|ghH}rsB~!A)ZY=u!Y|`0Z{o@Y zLrrOcJaRP+S`I|J-pAk0K3MdiiDTCs{u>(eN{P>Ylwt(p>j}4W8*qb_4zPG z*c_giMXQ>bRZS)c>t_Ld>}O7SM;efQ6Xod7;?TVYx71^$TJH!ndM$8WS%O@udUkPq zDxoH3o2r^J`tMmIjHm7gx%VP4)c$)=En>sHJNw}uVEL^7FKrd?k*Cwt{53`#_1q<8 zbHwQBm;MZH{?)oge7%7IR|Np-m8c3-V1#6uR)Cjk8tMO_1gF+2OM#58i&#uZP2L)f zJ8%0BfXj>D?Ga^Uo6N&b4frSr+{QUhQZYY{GTh;hqSJ`=OKh74K>HdUra_73%hyGP zw#@y7+rGT{yPGRR?ls!9@fLu4K-_O9j8hlyNcr}~Pw{&(Ulr@J);Z*lC=^vt5;63G zmg|E40_qYY%*hdS*GC5_TH<)@4)(O zsHw@e4TZQcTRG^IOZ11EWNKbr_MDOTE_m~=Uf;CyL(&xMVc!>WWmi&EoV-Mt=6z&p1 z;+8(v2(M$B)z&ANUimeaH#90c0S2=F<4v;0*X;7jvz;k%edbY9<|0yn`o5^a%hSWt zOUcI`^#r-DiWF`UmRsAwqt6n8=DH8D=eSWPGs4_!#HT@wnb6*t4O7K-4Pc#cE&@NSn`X;f0_=*&j{oko0P_l6* zvUj3~UDui7qsE#p@2j0!$Ip&9S-94@=(Fk5U~ZP7hNf_{Xlkev4TOz#6kRS=cB7wr zu(w6kU<+oA->hn9!E2K}avA+XNijt%IW>)vZ^e*-K}&voWc()?CZ(_E4wuXh&Ju4B z(T&+bKKOak*L>|mvpXixv99MbHJ|{;i(*uPA{kddsXb#EG1jX)*Pc8t4(>Tj!j0Q? z^vy|QTsD5bt;dn$3wX_R4Eh@Upvl=S-2L_TwWgs!x~rm?igYYZIUzjwuvU^pJd$3U zh<<82sKNN#nn-aCLc4cpDGR9)uUeC8=lDH0>5%`4JUCuSlkyiPgRYhBCYsXM;! zwE2u!J*(IxlpZrhULrkvAgRziJv{g^dj*>S99@Z7M1!pWfLY9mRVMUo>O*Cxf?8a2DL@je=G|Q78##nQ!r+rdJ@3g-V=A94msq zZo_)d;{J3_30tPi;A~9@Kmdqz{2UYfgFw>USwT5q>TLVdtzfkX5iUpF7SRAdB!#Sv#mx!gUXKY5Zc?quaUDi@3Sq!o(_A2r-ohznAh{yqn%zJ zZg>yrZmbO%*Q$S5UbB9;GawRK2@0N%2$TEP)mxI?i^>g?8kSS^-TZ3QAGA$j3Hsv;H z>#F5BrfCVX>lljlMH@y>+unvlUA(8?4fc2MFv)Ljpfa!vsm&ZEsh`MQ~ zU9zd^c)K&SF#(cD+)K0;iYOCK&EYD1Z}=;5Pg^tvUIO4uHfU03QSkwfyigj>CVaX(H?4B>V-RlJmJ4Bi)a04j`fQ&amwy?I+} zG-W7fc>D*zk%(^IB<)BhsFafA-J4%(pM%JtjvJ*FhoYDZ z<%?`{m;~S3OMMeGGgIRU`gb}vb9&K?Ohs1co4TTlOEC&~#XTll1X^fms-}yqRH~}K zT^(GG1)GIAzuFByI2%pCO=6E<^*yadGOditZL2sp8@6tS2kla`glQ(&(u5C3VwH%& znpb=zeY5v7&YJYwStc@mlt?brn})Auc5tvG)-I?fE@!#BYIpu}?Y+waDO-)(+jvPwz8vR|Fp)G%L zE2=H30x`oE_5WH?&x$pJ&$fUF!X<_X=NJxXXF+liV@uEC-My6!>jp99a7xW&ey3P%d>uc)!Y7tIv?2@l`dD!^U(){4;V+&Knmut@oUWb8pnz?&WTXV>rFYsz{b({(88WCwL!oEmvha>tiC zTS9L*Ql*=#_CFAfFhhoD$d#n)F$q@_nDM7`_5JiN6l|6-IMcBC`8@acj&n&r7g|V~NpYN?|h?G;tv@SgxvoD))bYrz@!6qrv{QhLs{0 zYbMb8^!>UBq!$V%B+3!U;BzdO<(7gBw-8C&(TI;E*pXld&iniW7zY)VC%#K*{`Ikc zorayut}pSCjwj9}BTTTpB<|Z75)dRGt)2b{pji3`xabu+6%3=eom1!X!LpF5+_nTjss%nUv!5ksa>#8=eQZqf;lAV0wfXM!qPXymIotNuIJvTA zck}pMARBnG@eeSvjOS+X6wt`}(2E{jtq-vkx^?Oyz-m!}OGl!XNkBiK7@1oL+Ogk+ z8jt1|-m$QJ9@x(*#2-7iTBdKV6WN2v+&1g&`>|S??cel{g}6?HtYQ<-kstvHs&i9K zZ0Nf+uC8+BqH1D`z{-0l@M?GobCN?|=@hV|lq+og0`KcSXIjgJoA_oJ+CSV$jTolU zIAl1Dp*lx1&;CuQFNGG3c9(+fkD?m`uqUp4iZjow;iN#Mr>noc`D&>Uzt;J|zDn_S z_CPk7e;u%Wkei3x!k=iKxwHRH4{B#WSQFW@N^eW|7`LGD#grk=w9^e*URT=@M^-C7 z?g}$8l5?v$;TD}DQ|I0ox=Ch zP!hg654Vt%3>dQsuDGlmEp;mxAH>U>2D_l))?IQ(KH&EUFxDkXhNCd=84_>l80*vf1CNGP`SEvRx5 zS13G{Z&n0{q!g8_P4G_eq54&&zAvm&&NZ23q%wxJZsp~IKs>@W=e?6Jm$tmVylcaB zqe-vS3sS@|$xZG}v6RG%;P*@AR;sj_+!HM50ku-frsg20#n(SC}midvDqQ>~#vxoIj(miVG?wA=vO7gd9CIR;Ipr6>u5`+?rt+1w?MRq z<@mCYP&=*dZSd%fcu#-&Mof>J;*?>5j7|7VNC+7r0wi}CTK9^k9wwD zhgd+5YssqW!3w5VL*NzJ4?Ektm#CxkbD9L+Y^e@sZ_2M&iFPfltBL9nTQ*eERvQIb zV^52^Lf;uglenfN1TRH%q}kpcY1u_i-AnWkQr z_)WQ~&E7DGHHx0a`%$n2d{D93&`tX}0M?Z?6Wagmf)@Srt&wAI% zadU(Pe!g=spt!%pngXRF3sr{i{`)7~0FFj_m`{8|!qMu!4PS4o3~n%b4@PU89;%LFQZ2gIcRW zke$P9@*#VEd!uT{rBXn(t!L)a+{T8%kk_ZTVK@2W6=+r`2K`l~TewDZR|bUKa;G~g zkjP#>=dNUiBp-i9;DTmmfrd$YZ}zbh9{rw5PsRF*ThA{Fg4h*tawffpfG=mIF6a31 z^>mTl0u;l;?}YrxLz^2D#{4Io=q)&2>IOXe`=B?6kTnwZ_Q#i3h27YUsB@dw%GN0C__MTPQc+V~pEr`|1DSTH9sC)}8gIa5A zHNC5>hXe7U8`UX(r=@dhhtC|?Ho6Prs~Z*Dn4MT@q`6_bYA}oHMSv;8UAV#0P@MGw zCuvkOYf?cl%$bi&@%I%PzdawTa!pfR?wu&Rc!562qX67bds~?Vd?}Q0iCb21W5JRo z_KL@G28>G(&64>Yrrh}X`FZ(eCJ4xF+RCFm9VQ7Fx4RWw)yAG~xM{^vG;hq5;E(cu zS1FHd5`3-Yn*l3rg&*TGA1WMVA`7*xqI?b1ULA9TGejy);dW~O^gCk8_o#xAfXR7m*5b#2Da%5zEVryRbElxi)pvaZKb6sR_98_4~qMDpzgmOP-A> z4vetr`QvgcP5m)dxA5MQ+GuUZJpGsLdL_Mb}@O3Ma8*4058Plp3F8j zwbn1s&8WOT^72mSA0R1Kg+>8g%zE<~6$+{qLcJ^0Hw|~VGm7glg+`z1Jv&9^i z9@9S%MM8_jY#}P-r46D}Xor%d_~YYac!JH2QB{RC8tC-d>DDw%E-f3o)c#z!9j{kuEnmyP?5QPIl4A( z1|`F3K^h{X&Q!FcBb|x4Sxx0KTs<39h(I3pcKGgLNu)2SiTpra&Xmr4lbom_sepGb zz6?eEm(`9H3$NekU!Z|z9+at}0wTLfLYJemm#TL#xM6Qh?4?>2&_C%;#Z>fo@~v@*Fa7xF4-IM;ZOh z@;GxiC6MBBJaE-H{+oaGzdsuPU*F+|v{c%i!nUqbpY7lJ9Q#3HYl)lBTQ+O)8!m~N zWSoXBHW?3aH1g~wg68b_loh`)kbN>AJ z;T6-4bSZ~^kv^53nIz@OT}^NyYjAU4`bg#ph9G1WdCl2N8+=Ga&W3q+MOBg`6|Yl? z0MyS7K`RDFQ0q8u7qq+}W^07LLZ41oV zZQb-Sm3`r~S%M)baaqac@IcW{nrj11ZzA$t`H{QH@(FQ>sTwk0=1kzDdf9DT#o{ZK zlM`Ecdw1o zT_8T#1KSWG$Bo3b?gU_z@HD|&TKxyh^w?Ril*GH(dzCM4`x86{IKR$j3le0VA-K78 zu@NgH1W?@n8j7JVXNM+8vG2-{S*M$6py=P_ck-h;&beEkzxfRbF41?hsXbBcI$#Qa zyh)O`Wa_$TFcMW);F022g(>pqw`|t#S(;4j$%lxpZSfo-jx)}Lf^=)e`S`fo^;zfT zOgBJ1GlLPspCa_o;5cF{&qQj&RqxO*FUMZO7*!fyQbtKwDWtl?0bShE2I^wgTaPz> zN4)dLe+^b*2YSZY=xn3D#W|jTsTbj4tqA5_Of^_*@@8E@{d7L76?ZM~$o`oUGQuBm zdAT9k!>z!OOTpFLhYNQGz-z2&N;#5o732;Lx(riI9WqlW({Q6&outpDt%9@X*P2yF zI@fLFx%T2M3;*SV?Gp@>cO@%sV6I`Qh7)&;2E`1h{{iMkh)Yo7wNyhTyRc29DoZg1 zW{-4vnX#%2vXs&g(wjd(3tmlEPzFd?B8WwdkWED>19mUfd;dblN|JVC8sDvECEJ>R(UfzuvTCk7Oq(k>C9o zIgo1?Je?@Ai6JN7{s(9;1ZP#@L-;9zD33ZPYLW0q-3oi$l=V2|raa-2K!67EAc{Hg zICsn2jw)lORzY^T#YUoe&Iitj;}1RntMm_ek;MY#mJ_p5!ZGR{gheo7e~R48;b4O~ zB|ak3<^SLMwExtr{pW9(L-SF{sb0{aI$HZHb-&$B-^4+o@c7ojbNB7C2o%sWR_(4| zU-3>I%1}>x5xr|+S<9pePjntQpLU+Gu4?=q8Peb4*tf(cQrP+|cLo*T-FiKD{|(sW zT;^TzPMNXwH{4;Qj^1RjD)g&K!SsAw#$ih;x*KvCn9EEYTRWH5+f;AZz}s+YmZ;*({3H$|!S*m2;(l(+xUEzHmT z?Ko0(v|mu+)#8)2aaVuKB4r;|yqsEkQF;kH^^O;Fu&)Ky*iwzYceD39#pn9ws($_W4n%xN%&DAPr< z6HOq~HGDh?iz`Y%!k6Hc&w1o`c=&hsZ>XIjN;M?5tz|dj%~W|~53Z3@-a|kx$5}*? zJu;?^i^iIbjT6=i5E8KRE7z~^xXX4o2FlkWxWsx35J9qy){}+4sq4*^nVar`U;KwXy>>&!i$KUGuw^(rtx2L>?_q%KMO|h~OHONf-8*nW9R%sO@%DDf zWBvgj;8RcLc%ei_b+gNYWEP$8g&G&4=Ub483H^UL60%`cU-)X- z>xKbJdO~Uu((9+iocOvixdplyx)ejX7%fZ+ZUBb_c?YlR#jhaD*0(A33FLtMZ{L;6 zQGNiA!qzB}E!vqgf%hcmViyee^fA%}bjb!ZYfWhujV7|fFIudvhWGehndG{wZ0nTK zx@d$>U2a=jrz%0*!~7XXXE$qO@R~@(7RtAySpayz z-?howiLKWvT5R_^nW4e5bRoXCs@iF#3LBLr#HZ6 zWS+tq<6x#h8M-*SlN|9t9f$t>Smb4q=pl$blk1!{tYz%d2(-7YiScgbR-(V-1t3WfzjR>gLC~%4Spg=ppXJ)ybgpMI_SSS)#j>XwI z10z~P_q{wg@qaP*mQis<+nOlugh0^X?(XjHTDZHr6D)yHxVyW%2d8j%cM0wgG_TIR z?~d+q-yQFCpY9&-{U~bfwb^^@s#~wLA~$ejL=g>m9;Hu!I@P z$At)S7xjt?l%rW&OlWI0t*J6`H5F2rzK4KXa8s_h2y(*8FlKuZG;T3CGf4A9UUn|! zUuw}q8)&-*#`b}h&pjvI%4-5$rI%KYZu8Zuivkvfzn4#}e0=NmSzv0GNFjHyNle_X zfRp4OOmV^w@ZcIQi>YP=Uu?GcxlQDoC&rmRy0w4Wzw@crPaQo)dQbo z_u+NIsb1*>X#n-J3iEN2gKV_gjR-+z;6LDIex3m22d+q;>tM z25r2}{9AH(8HLNA0kK;VEf%F3oDZKJv+GIOBD6mhZ=&~LOMC_umR2y`<4v|?xIEzd zMp^r2BQ6i>s=WJji|xi!ou0B2W^Ie?N|71NC5hED02du?;H=d?Aa9bq{)3r&a{uN; zuVYH7IuHAG%gyTSFaxG!5>;NOX-+Jl#E7BWvrKJpzr6QCscngov1;z**oaKQ-ePn+ zCk?vVsz3jifx9`LMUyB|05ajqn~Tm@ve1AM+9TMMtI_+{4e*1Kws&R=_%;`{z+Ef! zSP|;q#H^6l1e7m*O>QZQTDo;Ya_$X55ZbxZU+k}a%ef1hWon8Ed=s{h=r?s&T~w1FN*C`o4^NjVr-X(`jo&~}oOoSX0LLHzQX z_@cHN`zPm=_)_xSnm*I?Rez`z8PaL1Ar(0$Pi@?Vfca~uNs&VZ>%t;!&w-#5xQG<- zGtfZ!L+Boy^l<_9HD$oN9z3D1OLt4HwL=T*x+gHGHrDr-jS4Nw>*Cc3gM-Pw(}AAe zeDnj`w#S0H3)j4th&k%eFE-m=)QvlVyE^d=I5pnncNK0ZE342?^241ciVLpPS+(l$ zld(@d{Xy-%$Rm!pKet_=1zAA?awTFxZ@o~`OOdj|S|6Z@*3VSh7Z44)adBuN~fB zdq)n`f!Hb7$7zyr3WJHH0>4@bbC@?9%`?~uVb(9119ecAZim81DXU7jSaZr;76U2< zUr@6;$Zf=g=|&4~J*8ZJJaWnp;UunV>va8^L~cGn0Qr?WBfLo}?~RvNy>XUJ!$f1w z_D{rgi9TRP`d7SQJ2lxENGrag{5FKZM9V}eawmBtU&^b$UQA9dp1?QUF$k>n3un4@ ziIIJ*@Lei&&#+8~{WU~ic|smOH6#bsZb|e9{;ujQ+wf_iP@|C>&HDyK(9$p+GT>)F zVC)t;$);bBy~gdHi@IigCs2=9oKzMiaEn71S`c-QWxK5uw)Sy(!R^z^FEEiKq#6wD z<;MAj*B#BoOu0akvnGp{9aZ&{o50weyqRmwK@8;HCAN2Sthb6q6&$pZIRtPj;dz-s zlC?3@`Ne9wJaiDjn>fYt96rYUzSqSLaCHAuQ^RPP==ti&l*WTcPVnI&ds#w61Kgf) zqF7^3I@fc?s{o++l#wZuhk@K2Ju9o<<^k2U|ZpF#Xj}s+4vS z9p;Xh8Sh$2t^-hoWCrUyxTRnSz7}%Mcc&$i(oD9NE@!m5f*cO%oW&9lUR1P#mPW1- zevTQV1kjQ;#gP0N$Jvd{N>pk!of(oHrDF?33ZdNubL6Zs#}K#Qn&7_2=}IFz;!)$` zgEMwRiqL7|bN{44_>_H_2-6;r(H9b(HoH(GXKnYG9>e@h17W9OgG_MiD&b!F^mvwLe z;gYx%gk!wgS~f(Zft-6&au6it>i5-ogl8&X5`u}B!vSIjjrvU57Y^3dX5qgTXobc6 zpC1$XcM~q*fCC!7Tb)ZZ^qM(e0{ zW0>tyuA?jMM4Wcwg;K=^hoz0-112<;Ex7V`&t9#+Ok`;5sJg-_?<*|+lEhARPC0WB zJRB#D13Bgc^FGKEgkK&wG9D^^M_1(AI7k>ejqsBH_M4-c>Uo|IQJaZ{K=nZvb z5~}Q1(1OGCA4jOlrt`MWD$5P@2N_B;D1cj3#vo6w9qkxir@4;r*@l~z5Et~Fgf~%( z{0_ET`_cw7NA#v);=f!WUQ|A@`lXvGcP%?%=)Ia)V6q5^dWADxvJ9HlVU8OJtF;?& zO`UFN12$2KNtS%)hrHsh0u;Fnl64#7YH*68@Aadvjy7b$OXn*#NT=L)O zRtMrPU{6%~MB^oK+d~6ueQH2f{KJRx+)2=KH#HK*;EWd`8hn|MC)s!oJv$zp3F{1| zKf5xcm1{+4E+reFua{oY$IMbZ-xC!`ZrQ^SAI*%5{cG#8>`z(11M#XM1RUS>}(i0R>+b)`9kBfo;Yo3CF<#eL@ZF)?@M$I7!NxXf_{7p z?sxz}H?+fLJ5jcGY;}4~P5pX+OF^Jelsi>xlh!~Aa9Jv8?a+(mwk98U4HqiN4_A+| z(G=s6rl9!lUlmY>id1dmTsLl6ANr-8%wQ8UD?U~?eK%)K=PhlZs*NONXg*kym&|Bv~*{N0V8)chytJQtXIY|BPUl% zUIOs6Ptjq96AINb0OW3@f|0p2@-=LVH}_D zVnxs`QCWk`%an%%WtL!fiYs|!WaN}~x6ifhKm|sMOXWBGnDW-Noad4hzmzC(vWzwy zbQfn4#6HaaT+rwI+mIMv^)y#B7dgGdXo({^O6~Bub9LRuSQ8dHn(rJ>;xB6F3+=^Szk6p zIpQnFA*r|pHR3~K`_ogIQtntTisX&(Y%M(z%$pSj9|a;@N0lUQP=Z8_MH2Rx^tbmDhc;ulmm zq#xacy$~ZBQYNSQw}EnJi|A$u5J+&W7pi?$u+0tYpsz)AT;HLC1Zil8jua>AH@#!! zSmF-Jl2>YlNg>cC7CM~4KIBmCzYs0LFNl>Xdb?P>cTbU$O?`MAND5P>3Qv$>uXvNe^zvs@Io_R3+oqgdyYF9&}WD+k3t;}CmVe41{~ylej$KPW>g&n(6jnbgZWQ zQ2_1?!#itkP{k%lt0PVeWBwK1r0xbIutPXmq%so&KL5kRnnnd;9}^f1fG}2pQ4C8U zLo45($2%IvG*-DR($5weUI-#r z-=o%^MhdVxihUJ#eKxYVMrBv-NZz9Sg7?!Dr4!%wASPhaR=&VM zTfb;cZ!ot_&r9|$ih0u{W-s1fkTbd~bagE3blusEhTmd)+=`I*D8$EHSlsG|2R+&O zi5;!>YK)9pJG9VhMa#0<+8;VRa#t!EbR%A{yb9D^oV#CT*lA(G@fCOS8Y)7S?~8} zNtj^Ssrjt033gHmOB|>zGLH?d_CP&5ADC$lkU|txP&P!Krx$s%Yy4)bK|}lTi7JI9 zZuKQMYy7HL*87g_2KEsvi~Z+IJ?NPQ)wR*rCQo%tD{?|5KFgp+vNc0QCV6xkQ$P*` zJZ|Ne>}h*ni@O(f#me0Rlmcw~T-8%L8&jqm^eB3(`#dv3iDi7;Y+(D4OQINtLlMkD z4S?gB+=RrP+>^yktY3?)eUx|ffdj?g$mLt;vxYUu;g;|2?Nq~{0zR*#$~)HPod&Yg zzeV5cECXs+vvKrH2}$06g(r`8#}gC6tbCf|axW2gqD*t3E?r^~be9o7}&!^9dttAH*mZF_6 z&(|_RhT*~VrtVNZZh!-_^Zcid%9dkS(kEaHBK%_;!@$&UPWt^-Mq}yrs0%}#z642o zBuquiA)W7MJCy7>p(04GZAT0%;$9rbs}ei4A&IUfM1zp)S-BrJXll5!Ug|mgGKg8Bz-y1(Purp_} zHsimwyn0(tWHw$!X>fmyisYz75waCyCwJ_7=zZ9WAAVB?Q&hE{V2@4(x^s$}QBf(% zMHeJ-AUVM|4ru#E%Gb`Jl-Y>%#EHX}pst>;afadbc0bhn6Pq5%o7I}2l~RNS&QYPF za?%N<&(x%TxR;OOZV~nhg#{_59CX}XEGc%T*I|jCD%+ZFVPZt2n&oYX@WS|MxJ9=t zO^0Z4Y4O~H*jye<)Ayf~&5+|ajyYggE%C$IU{Zt`>c;M}79yEWvRR)*cpoOkkE%g~ zl%K>x24gndOTp#iiPZzJgG)%;jdemSIe8d!Pn3Mp*kKLUeeZzZKi3IJUmZmG9xMR+ zsp7c5N%vsFj(*jbB0#w><&O`7lRZ(zT6cuJ0Qy~@ZiY!h6GSPA;*#uR(jT(V#q(MU zMnm|g<-wx(0rl@>7l5i@gQN=_L;F8Ny#F&50o9uA@L0?2Z)7vPIkFvFsvEz?N?`&F zr#Od+%GC#uwan&%8;03n5j(Oye|QQxtlvbvm_=!Am9SS?9}^E#e*}vrE z4@q(F<6X!z_2J`jJsZ1q7F&6Lw_Mu(=mwL@GZhBzR?^_bQDYghzR@Pf;KPFezYCNh zqK?7^vU$>o5*J&ZB2l)^?>IfEjRX&uLG!%R$;&J)19E7RD4Z}xG^HTy_kxYo#n{3< z`%4qEe4p~zoQx4RSmXFUIHhHG9ed7pPnHTlsJylxr=L~$&-K`(D3RO!C)`J-X!R@) zr`U7Y-|0ytO63y{f*+%g6yN($ft_x5`Z~Ffqwh4xDMc&rlTm(iEl^qegm;?FVB)Xm zs`jp&X~+RwyTN^iO&?4xV*XT3JtT>J^wso{`b{GKq+KSok2xBibo;$OOvIU=U@xfM z0q>J%T!4!lYuo*#=wX$*WSzqZ$$ndD-uqjws0apu)mA((gk4eiEch>k`JBV2=^VcR z8YuN38lJL`d-3biR&fy!rV5`LEeL|~e=uJ9zmJ{%XJa^;>)#mmuk!EVlXu_7o6J1j zq8^5PK!)vgINY9zscXiT{4QAsrs&4fF>n_q-s!#|1-Oc}Ry4N%~GakYxErR~2iM_qg0oSN1+0j?`tg zi2T-|ig7AgD?FsaZW{c$*G$;<7MVya^FC=pjhL`VesafKS&A^5qM>7Qf=@x87By_u z5l}4DFHDW7-xGX~Pk{AS0^R;8cgZ%N;XZ{zCcUcAS0=2jy{E}=J8qK;E0_tEo3-3t zQl)w-WO@%PAUR}Rv7~wm>EKDho5-U~JOR+N92DF37gPihl(O%z?r=r)d?E>~&Q7!_ z!L@Lxr?^;oh7DOY6*oY-&Nw5e(QOA&`@H2882}%F>Q1w>_@~(WJPxY1(CH{9mk=~% zIsf|S`UWdJ+)2P)j-}?$AJ5_#1A=~Pkzw)VND!VB1oyaSB9{?{5H~QR`?%!wgeR3w z16TaxC|{yn6u5Nc;&&!$QbKHer91`%lYzYGN-L5Iud)@ z5=3Ka5MDw9L3I)7#2HjBDE$iw5Ca1XWmgfc8 zFVqDGT}HpMn;cNkJb+-VH5O-!TEEk!kXcWGQx4>JW{gBVnsYd{q>D!gbYqBRK086RfZv$jn9DNc;CI}u)=#P zwfaYJRSfO_qC4rof-e6tM{r65#`V_RZ_V31f=^e~_}kA2HXohfRxP5Xe<3VHkDqh7 zxSejF{4={;&a^07Wi5bGQ@=;)r^`Tawv1S&kj-|{8}S%Frb~It$cS&q(mYfMnCGdn ze2>QXQ&8l|AzNL!5Q&l=TcXx+A=ZgD+lZ1r^_RZ+)xP%3<>~P#_Z2pw)-a z@<)5_u}lzglT|s7u!6>x_8qj>5N$0~Cx$EgGJNe)P(5KAWvZYjiYo4N;tV!O?j~$l zHHK#|X^<;;=2Kc8gJf)0?Cutw=ttcihT$@4`7kAZba;yf#MBXrbRm6D`z_P>A#z z6YBzr3{Cm4_isz}P{eZOAbfd@T~^{JIW15ILfB{G`%3bjDF|;DoYhzarD&iO2R!-r zIdCBEPhQjl$3^cs3PZMa;b?8yL1a{;id5epnF`NE#*w6ooV@R}B(>wpk(7>m9 zdCFg|JeDHbUSx%%uU@UG?>1mqWCSlbeVZpy1>8qr56z&6HrHnvx#uJt-p~*94&?Ly z3vrtJ+Zu8#7ze`GSET|=1R5$Xpzr=8Def;sg;6my0Vd=y;RzHCFEm_6>7m(gMH<|` zW5M5_-%#eT@bVtsXvpJ5KGY3mG^}^|r!h2=4N|EI1kvqSXhx+7LG3cjY!wVO->-Bq2yIAtA&ZfzYU#CZBda>k+?}% zNd9doAV9*bVBu)xZcV}io>N0bA|WARma?&Tw{Qi&+ncysNLYZAvn^1OgoIF${^L&G zS&M*m+YOe_0Y)oL=H`CgKk+wkCdAt>b6tq*G;C?Q zr}Mf^%~oOd#DwRH0l6EXcUije3Ac@eBhkP~EjJKk-G)5`Xk&62&#nT4!|d;~3chm{ zv!#CssDvVGhX>{rdjhEi>BN-}t32-|j+;-t1PyGg_F>DWex6ag_~qZZmkvJ2ZpeDm z*KEgx!)M&LSyCggw!?-xI z+uTjX_urZOlexzuexGKzBUYaSrfjeR1FavsP{>Q>JIRKSY8E-0r&J_SO{**_DvLBs z4cf){0OC0oxI_M*l1T9ued+7%>yr8uKIg9~%x)lbW0vuU_VcaNI>07N1pkr2z}S0y zm;ZcBY`S>zn}V_|+1$2prUn@j&b3GWgtgNgicoyFmloCJ2cj%Y<>^C(tazFi5|+Bu zOfZVOQfV_3mKzJMdyJq={{Y5qz>XY*`_d0QpQl=eBc5ij#3c5wV>)Q^UxY^+Y~RJ= zsob!o-rB5ymhWR1h^jv>F2DP-tS6B$O3@4|YKPL!Db7M2#vZ4rEb3^Sv46I0~0~>e3##qoe1@jfEfZGY9_F5@z2kEkA$# zEs~Y}Cr{FEEdI7(P|GMA?B6C{0>-#m!LFDdD?)+_tl zw`1LJ7z$mEFr4uti>$4Ln`qmy1Jce^jeadcsl3CF>JPW_F{6ynie2Kpyo2UE0I4T# z{CmkfT6PA5WgjW^OLPk@gP67ldv&7%JHEPn1XX;GF;jh#)Rl+fMQK!OBYne`rvoOB z3GLxVw36YwzsE}y@vQ*2$5}Z<=pq~5TSN2ZFW^RJ)c~;U5qWW35NW#IGZs=1xdRmm z+#x%w2to*f4MC7a2sS1mrHK13f<%f)8z=VlB>8@eDsjs%_g;3oX!0+=+lWV6`_ohr z_4&Kd(9?}&T zm?c;ME~}OLEu-JY72G$aAM2BY(`$XbY(L1QSwwSnt!YYIUbxo+!$<*0RvfDGV)-PZ3SNb6dl>8#Jl z(Cm&3h!*Fx(|?x?2qzZy5&Oq1NuOGm+hg6iW;S7svp{jTU_nr=FBSm+SyC-mPVus0 z>MMXJXMQbP&9Kb$AJbxr{hqw?oUi)3-dbms=W9rs6+3Mif1xy-M*nEIjbOzrdps?B zG|^S>1p+H~XXDo%Q{G-qe|1!hrIZAd&Ncy9xwzn#JDSRgG!K?FHCvJ3!oy3{i~)h$ zaEWFL0FTG^{+p5yw6>^oO$Lb?ef5GT-i&$zEXL@D6PL(om^Mca!H=dRrB(Hp9`f~N zT$|r72F&(V>0{3vo-O>;(iOaVHG-wI0MHk;*e3&V4^*%9xQ+Y1{0P>i+4XnkFAgb{ z9cou3uf@H}vh^#pu9Bx%?jChn&teCsZLQFL2EQuQ5-=baKCQdSO<#--7!f?wW&TzS zPZ+!X>$kcyN^Vr<&2K39T$T3reHc0_rx5!i}=|p{QVJhn~q~Ha>fWnznrIip3)E^5Z14;X@6iJ!-|=% zLbWCw=}f3B-@r^+S9BMoz5T1<_-6$z^?(L++xg-rTrVJK@Dxx2{#uJSpLfxHm@jJ% zZ0UxPxCrLk}V^p$Tu< zk}`Rfr+#cWem|Qv_}M?<_^cm+$cEtl+6toeto_Jt47cdyPZ&ooed<)mp!bhQ)O4R1 zH*7%yUoXDCp3|~L&TYTK?%2v|dx1T6C`U6Hxcg_Bq21mzw0w}o$Zpz34IU3=!1b52 zf33YQ$V?{x2S(-4BDWF_r+_`R`{o4sTN&M@Z;j^)F6?0u7T3bTq9&=B|FVjKO$sX2 zFebgj<*CMbW`bagZdM8Br_Tk#*s14)p#ut`Y~;7>tI8fnFOoeT9SDKOe?5>FnK>Em zng{iYfSqZT$IVYL$3>%u7dWVnYS=xY#GtYniiu3hakc8&ul(yeQ_rtwM+~d;^pQ4h zlZ*fvUJkZ55Y_-<9w$-MMzwx$^a7AFOkZY~=hRi7a%%l9X*SHBVYC&XpWSvcVhH6=`iS9rMrSb(Z&6xb`Xm$S zaCTzK3w~hj2J$}z+0SgsZ6ViKpJB^lQs{<5_JO`aBSlxW^*;POu9pX6Y-54G%;kIe zxH7=wF8~#Bt9AU+q*lkjCJ|gK_vN(eLG51x zW(Hh}y;GqZ)K=yLop--GSIG^fAP_nvKoI-!)t+8&euy-(3 z{@XAmG`lcVKQBiMFf!oGk*J^V$2!QtW>20aBmm6FS;PiSlKYpQA*%ryb{YXMHSv6Y zh?~&wKqn;}K%Aoe^@b~K=5y0gY9fyz?{l@jhg*O0w;+1IlpgDInaaGtiQ$@>55pDl zwb+C)q$IK;otL#l>kUuBy2z;seq#|4@%;bmrd(C)EwdtN52iq@+ zPzUFjIWy0;uXu#-Ykf)kwyyfg+}vf}sV1x4ZKl>lyWt|t9Ne4K?6X{4f4;Zw_b@8W zh8-*Di`EI;<cqbH2spqQ$u4QAC(qyHPVkIr2AQ4G@zhQ@k{#khzljX!S-3> zsAiA#^`s+740&I!mk*y0n&Cx> zb}}H%jxs1}Wb6w=q6MVU7R3*x{gSHG9fa!@Gvs51uGZBF8F7m`%=NO-{ zw({+itr!cPcQ9PhnxrpLx*I~{LxB_}c6Pf>{$W6P=N$2*DVHE6=J~9-JIj-i-VNi8P4quPRn3yT5c%Ck{sU)f}hl;ea zL)NfZr;_;-e(8s9RA;Xo-&s;>(w6M&qsLkp_^cxhpM(53^W-H+yk~=tA4TU31yo<- z{cjMVK*Pw$NwlT%8l5u)@ z?RmJHaHY>_&uJXTV*}W>22%93aI+GZw$>FtCM#&CD{IMW(NT*vF*y;PYWde@mlF;2 zL_>rIMSpT4eYKTIi{Kv5#Q$8Mz?&!t{oZ`RsG$onP1U0H&5t1yOfX>9ys&>eH*8Cp;&C>yS zl*!4Tj44%+$=VsYDhW91S?a563)Ei~XqjQMMpnoPf2=IcYm&7^vkouzColl;6=RKl z9quQi_e^OcANX6BB~g`+`k!A6+$C_tw7suQ(Mrc z*Gi|)ofwQ7!@#99`j#NFf}W7LMPUywPlDt`m5PND8+EXtxzxlN$yc973?^cKL=2H+Ppy*CVvc|D!C=X)tdDy1gmT+jBxGFo(;?$;n7Tr9f6imO8VrKXl zzFB2bXk6P1cb-fvjL4X$sR410(ndy<3e+cc^0i={KyL%9zYuzs6g@z)uByiJEK*IF zRG6DB{ir827+e7w^mU|OYWZuMPxfR9iK&~UUkN66)E%066fcFUQZgbbx9or0N79c< z?jv}eDForKx`;^DxZ2XsOu?BKQzRYj8tq^jBoP{eO^3FGsP>a@0r_>Q|Oekxd@2BX?$pjB!4+<`;#jooHaRPA=W z(C$g$1~W}h8mVzBfhknCS2I7&#nX>&ij_V?kO9vL1C7Jyf1h5F*Ybjk|9|KC_dnPv z{_Kfc{I#;Wln9^N!#WusPA)5{WJpq!n(BXEubVkRd1bp76hyp@K7Ezd+R*Ug`VHq# zHz!vB?g-wteV`8G%QUL${iSx@uM^$r--;@$v$YYiHI{ z*fS;I6@rdYQ-Iuf|Ca2ECGVoSI_I8QImF+Va3ATa&*)q}qN$+Db&fS6%8#p;MW3>Z zbeWRV6DjSx@lf=Wo>kOz$@5z48`XramZFb{)>v;G4FhvwSv|H8))u7k4pQLrTrtGI zEeAt97y1V@;L!VHqL31N7Gt@xa3j~XLhKiL{*0)QO|R8#Vd6d6EdM`Sx;X&ZhK-J~ z`EOIso1<{e2JZouyWA$JBc+Fo(J_d-Mbs6=o#0YJiiTveI-67wHaC<$U@U27W@gM# zU4R=n3US-AbvbvmURmw>?bU#xgjX%&3T}z&Pzg^>?zJhta0vSqCY43_j+~ zGGHyJBkQ(2d8TqKCQ5%ZjaXh#bRdPHU#77yg}Xxigx1$n(9(5DjFJC9VHx-D>!mdk z*}$ymhFRUgTh4lEL7zdmdG2p3$i{ok^yI7lb?t~XeSOsSC!gZslNZDANJ+J^my4g+ z7kgr#mB=tCV(_xucrGZ&1w2)v_473N#+uRqn*Fs*(5eu)G6To8Hg<3|eY+-i!Ij12Bg@uKc zm6fQdsI|2<*+71s8X+!W3taaBUS8YK(fXv@0<=l@UWlF9`?v{d%RMBMO&2Hl9Y|e; zfnOjmS1h9hKSo+8OZXbU_60y`8g8Iazh_2&b(vNZDCHk7H#6gU+n|$x{jrCqiUz0nN7@j*>DuVYr`*9BlfT7kV_AP$E^gFdW9sc+G6z6mUVcdjdpwr1w7 zKI#lwX|WpW1me$7Om`0NE>e${wDjUgbF-hXbxNZpIx^tl;ohEIh zx8kPLWO{&v&UX{j>^LTM0ss? z=qgLzil#Xmo(aDI>LhpQ@;R=wgr-?W4E#&Gz(A+7SYn_gm_8wO4~dbm4FiE6Le14j zG}@hjt!^SYM!d!rD~QP)25cR?>Mt%XzV8$NRXGe9KdlXXw{vu?Ic;Wf@i-jAl054x z@Vjh39*HL>|B`+n#KY6(b9WT+txx!E7cG^^;H%{&9!bKXoN(`hncHS|%kd{3y@HeH z{-NuUX!^fh_98?Zb>JXq(-5Zbn=tamYW~!K-T^8u9vc2hUS5ox9__G7RvY?sh6qeo zFgEaogI60vRu!u4z^v-e*!58CgkfpB{K)TXGE(=le53cqq5A-0J?w;{^&_j*lj+uc z+?NU~*4R3;v5@p^z*Ivlc6gjo0g#i@%gvuRvex8QXxJnm84RM4VJWf$F!TUm^+i#p z8t5QskaOa~xNmlCY+hzy9nZ=T3;&dfg77^)f_b!(*hmkn+e^$w=tL~sIFg3vRWj5Y z)m4Us_WTTFM<;Op`@-h(l;Ui6+EPGUM<>GQu&9>ze(;O3yXV-|PdR$sni8_SVqjx5 zl^$&A;_PGwd+et>n@=e_`sMGEU*l5R2xJ?>}6?`+q!=^}ho9%c7X`fq<^&GuM1 z{1I@OCI2LRuFY>m{o7F@5zl(z{A;&T`oJn-IOY!r2X`UBy>pY@%h*7*7ZgR7R!EHubr{j=~wGEBh7y9cNpWoyuAE`gk*Z7 zHnT)iEl&&h+0SJ73qhj%*g#QH(b3Tn;jfNs*X^g9&-{+yAGujAMsnkr6P7c=ZOw6t5@1-JYQ#Xu6UPtX7$=%P!B)`lNYK zlhC$c46>cOzW%rXTTugrpJvOD~00bk(_|kf(=nqYpJ!!EV^s@;&MMIeF&t{zW0_Mu!w%N=1)xW#a3x zpE&GpuzE2608TxgZ9!h{{#oaHV!+JPPup!!IPYnxf-6D6V9x|J)^Uhn2mFgkgMZO3 z=@)=EH3csoD$rh>!Mu9T~c-70R^{auPei1bZmyvOsDR0 zZ%6BPYp=5utS!Df*WN3EKt{&x0zLH5LZ0sAo4w}qvpip$fV*xw)TlY|`d4^Q8pwy&;A zSE(blW@l%cm_AFa>#VJ>%V**`R027*G&B%kpi*F1_^-0(qv*hn97M{5hyn%uA4eqv zhJ6kBgecSd1_(Vi1gEely_!C5p;L;~9R6E)h}Ug1_Q92>T#zVV)qv^k7^rBZI6J$5 z)O=2R49}gyoW9_y4A(Yuj|)bN5V#dVXV}U^tlz?!`hBYiXlMYzNEMnQk9~Uj2Yp$l&w>}nC=|wi@gRzYaX!8{cTZLq%9NS}m`77!gGuL( zgvGK}ktXKAg>>jTGX~^7hA5%V6^+2&Qk4s=`qlnE`>ejQz|Hr)lf%Qq`r{1j8ed;u zYd@D=yt$I?HW%^>(8BDj>Y8(9*#{{)=MOxv`53oZ{+UJPj5Lvzap83GCuKR_q{^}g zF{iSR!d&sH;v}IsHZH;G_i!mG^VW|+M3iW0ZL>KcO?_JGsJ z^M<)IGb*6LfPjElp%r1rvgx$n<`iIqYPE`v zhZFFz%>P@k?YFjLr!y?M0qkJ0SZy2lrm;mRkow=u&;n3ze?>eh% zPXV57uvtea`Q>huI(O!gbqWz6{B|8`s><(qZY;OGz1?HGNaxvN4g(g~(#lX+Uc84K%GK`+u%<^IQvz+zY@n#Yf;6p+nA<9>;{}NAuP&sbR5rAc z$E9-6rbq$KEDQ_`+EV6>It?&S_djq9)AVW-6cjKcOj=5g_IJK~X9a1$*kK=^9NUkaG4^wX?Di$yxp*878^^lZJE$=m3JWi+(iCgl-Q6)G*V^4mfva}5wiX=oC3?-O1tG6TA}GKFl6oi zc(GfHhjW|4atH@^fQd+fwj$za7;L|00h>xXaw6o1S(p)Fu@m}IDo%JOPM+i89BRqc zim8szzQx0dC)13Z{dThGP$%P;k?%RVTVlB5|1`C~KGNLi9MLf{Dxz0}6Zz6GFhtRgZ@4ZlElJ_4 z)Ws5*p~nvEwb=hX{($ z8>E#yOccWJL9dq!Fo+iJ(7}h>gh)JpO(P+wi$J{Hr`}cHqa79UieVmAq?rsglM3lR zxD_)Vs-&Zgl&WY_nw@ZNHU%NI1F;!(2S3QO^=h)Rv$4j5Jv3cj;HrK7{8}B>hrVm+ z>l3ICy-#85F`baT8GU;R5*B_oqFP%JqGFLYjxtjB6l;i$Fh3;IsR4T-^@d^kgoXY0 zk#u^4Bj|CN(we`;yMGvenSAS`G8ra(O^b>-P%_(i9gD6XNtID&{e@3kEu?RTgn&`QW9weAoFcKhxiX^c#Hc_v+&k)>ZTYz|9+u{YRLOm}I9 zk(3QwaW;2Pvg~$4TlcrR*>L$mqg+o`OkREzN8dEngme6Rw(tvGxR$uMxU$f5k?HPL z_bZb+HY(bBbjdIzL>q8q`fWvjnPz2^QnEn^I)ei2St!_btUMvrA=OEtFEmEGL)Zpe zY$t6(5nsj!v4Z+u4WQ>9@G`FSb459Lx`o6Kr_b0?|<5<48+`mr{`;EDZJYEr_9 zziHbHweKP2V5uJqU(jSnMWGC~SEQm{tToHmU;o33q7@Xl`1>^PMSuUvu~|TnhvOj0 z`^tb{2dcbzTHr@EVSkav{7z_=MIUe}9YNgWt_4zrElyB03<~*9d4wDQ0k+Ih6gmXj-gS7nl2Z7GiriYKy<|`Jbmxr3TY%sQV z0->>Zbq1LD)YR0ZT?$!IISIO3Jw_6Sq$>N?M}VjneY77de7Uoe=iUaT&ma+4;nrC< zIQS3i2c=ZDsNm?xat-*at4l`-&C~2;u6Q1_xKypTx(o}2A`)^qJ7<*}Fq8zC!t>kx zf%EIvFYS`80olT8DD2on6cbi+>D9iE`^ayX#o-I+lyGn6m7f|(5OEewHuZr!3`JR)ti2dWI5;0xFn8&&(Z$Nx^>6x(|1<3ibP zUPa3iHZEQLnhy-*j4ogr2QNaIOyl>L2jHeCDJiLZ3WEvVJQxg7Afur8AEjGi<_0Oe zzMxn)==i3jwG}jZ-|XQS`QJDNzT%HZEgQ)kPc-nr{ruSCa~ok|g1Ir)QhX-zn}?pl zh6{GoV|s^q`oAc9#~{g~ZEd%@%eJj7+vu`w+paE~UAAr8wr$&1myKI{-+j)vPsF}B ze`aLHS}RuOip(+JIo@ZC33;>gZRUC4PELVs#q6I+NX?l0nC|$w#$0gp4WQz%@+q&# z{c(+ncrR%2FZ|i_3_)!y*-mf-srtR%lQRESL9zHg@3Z`r*4EYjANf^B7wdK?}M_e4yd`&lbJq@%LBZs7VwRa~(IH zEQON6sg?2CjIwa0PN#-B_+a35y6q`GBXsx6)4T<}^tN{UedW9`E`IU%dg}q#`rDd@ zoS0$93U(j0b7J99T7Ke$nMHKLzKux>Ew5O!Cjs-=32R6}QN6yjJv2QMXLA9_<{iU- zJ3nPuWfcR@!@QrfLqlLXHm?=Xf{w&;_K!faMC*E z4eh0E$~mX{l0olIj}I8Z?s!km1oeLh=OT|N@bP5WE7ZFdIDceab8mg8Yb|(ny`3-* z``Mt@4a4eskxn-Sd{Y%Q`Bk7v8e^1gz9)8aHa2uTYDM?ws+QckEbhyZHeE5(gO`_= z+KrIhTtYp_9)yQ-@9OU*^`XP@l#`<)dFQOu*woZkv+cGZ{I3C>?~FotlhvyIaz!D4 z>K)IGiF(alR73>fW;beo`C|y%w&Ud}U9;H+l=s^oYUtKt&Uu!PA24I=dO5;ID0ECz zRrf=F5Bbinu`o09e7!q>(g) z{1YqUpl4m)sR z&?qb5R_8&vn>Ae*Ph_Nk!?1=u5dM9QSn}IzoUkU9ucq{FiE?;%dP;$p$12ZmFI8Qe zg};|WCAV&GwVNwBcN5E(MOr$yx>>2!Zi^S)_P?Y(<$0UakJIx%_@ni_y4EnXCR9W6 z>qX0-WLN9(6Knsd%5EB6wdaKmkXSI7RojW6ZJ9{#U4D7gA*n~FXlg4 zm!9dB(+-g-;}Mhdt+pg{emcD85YHa$aJ%a#`t?SWp)il%wI@Q>IjBFQ@?s!%k1`>v zslYOKK(Um5{`$kONKZ353e^`!zO@9!$f=sRa6Ot*M*pXyIIm_{oTe%1J|DPEad)fs zvV}B2bopa_1-G91QdTD)m&pyJVHp>0;hJVOYCLEuKzBb!t(ei;L^z1l9ZiesB-Lp? zECzX5gJk<~AaGAsQY$fN#=N^p5GQI& zEBVspxmnJ#KfT*$2OB5-< z$8&V0OCDp4P)-oRF-Us$az+e*D<2)-m-lIqm*0+o8E@dFRK0KqB3KNg_^{-EV1AHg5J7_r zw(EE$k8MunSiOJCnBplAZPjxz3*!N2fUN&}Ss(*{>KQoc_gwD*m)@k`Oe0U!7(0f= zA_aZL_1H-sSo{OZXyxs-w^kdmn0libmEg{$wYIQysy>SdJ9EmX$zRIHl&YEQ;rcC( z+q7bj_!L5mKTegV@F-$$MFwC!KZ=bRgpS;_jJtjfbDFbxKdv~cuiZ84n-}8^Uq7m` zb9&@Jg`z8vW01*-kH011QtSTIT{6zHHqoTKC7FK#uYgWxfZ$3D^ziHOixudLSz1Mv z9}L`FKDCVOdLfZzlGbOvk`ktPrl!lbH!6W zkF7E7BD3kGY`WH=>cacjZkgt|zBd{H9rc=@pVd@U+?{3agL9+Z&2HdmZ5&ZMT)PtK zMjiS5zKPq7tv%stW-Ozzm52bY#>34ks(S$?D@=x>b9SbmJ zEjaz8N$!KG-u7S9jme$h>}4Rw82;hq_c$y!vk8Jp5`twOA7z;wHTUXm1O@W-oE&Pef+ z-5tVe2)h7ZW{ixvwJuz$j-oIFUVm{UJp+)x~1rzLAY@ss(v&wuK zV*^sbmXM=FscOpLDa`_|snG$~kn$0qH*PGO??7!nhp;prm-y+lZfTBKgO9+v>^O}G zsAL5iU-`(s(|@7I(3b2-skJarmrazgnPqYO8ORHB5ao{%&__^7Re_%TB4L!c|pT zQ!vJ|-@Zru@7f@jR%1Al+0C-Enqp;a7Y_(du`YCkQ(v(DUJsNkD_C3uP^%0)4y*8G(F)B)1nq zK{9ZMpPkq8CV8=@EgA@*Cy+F=)PJWCNsNg3qZxc=|G=28EwiO?wy0pfF(QFFdTLB% z38EI3P(gaKsCD2o$%#wSrr!#;7p0BMVcFr`VB5UqaX;nSIi*pK^}eb#Mm)&fqztKG zo~*7DCnk-S84|YYMCecPqGOvzqY&X*FlCSr?;!Uw>7*7+kEW7zM8lwF8QE6uKNzT| zMfW6^T3CBfP(bOX3rv3;prEa9p{A_5A|BLMv%*}=zGUCoYyQ3EGTmaRj?xlcJ5;ye zL{_vTX$heBZ;~Br&P}<@N(dp!q&BADe&OJ#oxS}EGHy|tD{)DZi5yG3yTkYXB>GdK zvdJUZh%+3de^H8GYj);90@O8zD=cO#IUp)z(k4@2y>NQlA{J3il=HmWH=l(5aL%^V zzq7dE6-D5hq=G@mB%GTYB--`IYKPz)h)>Nj^}LX&`=7Cx2Pn!NIn8=x$X0}586b{NF5pCR`ulMrh(K?CUs#Kv<$ zBM}V~)C58(L0k2a687q$IR*xjy6hNJl0xKs(6NdWOhsnG;JXP@5}X$ALlCRyME(~z zOw)=?0hDrEDz2j)hGB#yb#9{j;uaCiVeNUqqDHyS#xhgyEYB3$M~zoH;(9gt$xD*MG@!2ZA+!bfND2Yxqn8ecpV|#9|K@d@)#tXu{fz z+qlQ}v!`%=X#e0uYDZkBqk{D`U+z?|x~*ydPHU6=f>r+vmD7~J#q2HeL+v}pWc5X@ zf38G4B7o%VM$uN*|-n4gJAnl6aQ|V6d!3 zv#}1Epv@d+L-v71j%JF2qQVoSOtPg&OSrR0C3j}nvBI2lr#ie(r|mz8Tf7wo|KLl$ zIxH;XhHJScKmzD59KPevKFiEU4Y}}crmCYQ90vVXn&_IT^B9YB@?=+lEzYQofj8sk zenuS=gL{EdM945zgI8Pz$zZ}P3|-Jy$c}TCx^@d{tZ58uS1#)Fw^gi8E)p=&B-pYI zdib4`sTNqKVvxQd%>{Vo?$>B(T+WJfWcrJq=2D2$YTtbpKeVy9-1C5?PYY1lX19+iJELmy|YMhPtl@2XxJnIo4=yw{F$@2 ztXp_xXyG1}%~f=#{auK2g~5aNz`mMzSRTTYKm9T_++}s%*Yp%dcMfxkvnk*Y?rB+p zCQqy}zL`0xwn6a~JBy!8k!sQcn2HqIj2Xlgq&RL|nGeYL*@ha?G`1Df(WEb`gG~&Q zE`OZ$&B?X9$TKX&%{w$DoxqdA{9@pFQt-l-FF{ZN&@uGJJVn{p6CZ zSe!jA7I(uJL&ncTBi*x}9gs_Qvv3tKlR*c-cD4 z57yT92{C&N1XweLE9oww73w2()T@Z>(O`?&kfr3jK{~T}G*5-1#<;0mO!7xN8g!}! z>-E%eCwg&${;@oh3j%Uzg=;@5;<*dh>!r0BE@n)^siV)W8(LSGO z&Bb3m&W zHtc}LYOXTdZ-ZakowQlZuK1h^+!{q|jr}Mpt-%l#jD#i(?nL4d5hnH9NT!oag+M4Z4WVSk_*c|3#g3)(bh zg_7Awygcb?OP>y$q;gC#iC@E77+O^X+fL%o$P0ehc*ykl&R@k~jL+3(eQDB~JqHnF z8n`CEhRFCsiL;|5c}(Xge3?3&h2Wvm9m?|P`k7-Fv|vq!3)B-WFag09{HgIVN|V@O zu<2|gWVB-o_ZF)teFjk3XT*ah%3NMmnM0mu(WdI$H0Fg;e7q?9f?<`ktD3m4#fv60s z*@8qQ06jRU(10tJ6!EfA>NE+PR);sndmqTqijt{fA{&`at?AXs@Fx%`1ik#R78@yE z6sZ8a%P;?BH_nUBbLvXx){-`$ny`pkg#6O_UBK6(V(gU9<=k(_%EF(tR89+s;G{34 zuWAp{pj1^14Rb!5Iq8d<=Q-vv7754r_CWJghei?}v?8R`7xy8RrQTcihBeTqC%=?T zzX}_-vC^X4l6hHaldT7K#97wG;pW>(oA`F&uF(5z+G(HoN3*VL7X;miQZwwnR=|$^ zv!Q#)TbVOU5RjvBO$>nH%(6w1>GibQ4FWTQImZJBP3iS)Py-}Z#R=Vt2tZ_XB&H0W z3<4u;u*dp1d|>s^Dzt?MERb~a8lSmnNiAb6z&3`>$n1E(01fH&SnB8)Evh4iqNf+y zchpb(SJE`oQ;hn!HJt2JC2c}ne$sdkR6E$?^RxxUVgv2cMLppGaMfz4-E+s76FiEe zQoc#(`0)jHwD`Z(the&e_d^@!DVxR7O*mYcik`M^#Zq5iIi08kTRJJLDFtl&N@dsz zfv?vggBl%CsayMDFU6yJrrhJR)8dxqWahTWTGA<~;Txhd%nV>aIua!-%`-DynX)y63?rsbxB6 zAwdx}yppl!pdxgTomXjZg@M93dfK%J)xu#EQe)CtO?LR|BTX$cx1YKPfI3B`sx}@> zcsZqjv&=!~w)K{A{gTw5Mn4)^jN?33I(B7$tDi@OV0yy5&Yw{?Rpx6NS}Unrp}?8! z{48>{pc98`!PHoD(;B<}IMGxHLwelms#ehPH~AVZ{d|2tyPh|hTR+{(Q8rV9k^C1p ze0c<~x2eZ={0L5e`8phu>>no}+ZQmBky(CgI&(58zyhI@sKma@L&_E#RFsYmCARm2 z3>}SU?4pjGYWa?45%dh}v)xwjwvhSCnFTnwIe}36rsV9}ST70g2|PLb=IGCPndt`a z6#E8Xp`U(pyOPggFm$_;T>!+ClQZmHXhjRn_q}XTs7T;>qMPwf=igb6b;8@y6l+Tf zFC5q4f9`VGcu;=nl_D!}?WN%P%6SA*!zq<@4yJN++W?a7OU~YZ($TqwE6{j*0-&wY zn)nA@0Xf>JCAd{TeS7V?o?Ko~C&$N(+;I8rZ_#k?2x=%6X6LPg#~w}kK-Qe9abmKMb}YcjJr6=b(NX6(>|G9pkTkC z8&w6?X3ZttlPDHKA-F(`B~sffxGTr?Q{^^WIUpp!<}D{9+Nl_QBI%mp00W^(SmK*f z<9r>X12xZ)Lv#b6KxA}I-1rikb|<@{ig03K2u_SxNt7A@7+f2usulRC7FtPfh75U8 zY(cSN90@ChD!Fdg1T_4UfF+z0O4W#lMsJgFk77!3H+|v$&-<)jw_uif_sy;%*mwrP%zHo5t}#b&9epPOl0{NoHoE_=Sfv* zJz)j|5s4iINZtVK_rWfrqE5lJ4KA6JFeD0)Xu=<~aHP$zaUn=Y4z8eWlaO?^WL*5<6}y1D;4g)1}Deix(kWR31V;8gjUf z+G4CY+}Sn;m`f7w5$M&;Y0#crxrq~to=GWOiBzC9qZFg2%?g){LrK4w613TQ#UYNj zF#-bJTZK!euDe~E5C<*Ht(DjI3wRPJr|>^2$A1dJe;Cut>8^K)yo<} zE#~)X+!j77t16FFPYQN<2>Q$fW*^d;F^%q=H-o8A*ILw|_2IMFqb5gGCq5+WDNEh# zc`7ZEPL)_n6Bc%T+&ReOe-_&8*=U!dJ;*fAG>sKYQUpa3oCVgX_pNHeIu+5U?G#f@+(+0q9Pvb4*sy4C~Le`#IrB17T zh)O@A6ml~K`akUsPV36yxr!v)=4`pK2e?HSKxI|gK)57O1|+ixhj<>O+QEv(|8->A zH*hy_o0?tdf{$K0!-N2wz0U|mGS-*he zkhVJOB@YSx$yuRx{Zx>&K3Rg@X2Pnx;)B?*&J|p?Rjf0~I>5jubY%Gh6%U%m8Z(m- zWv3WTIGA6B$7axe4~mq+1r^lVSV~EXloF*Ko>sFyK1TLy1!NZ;k#H(fG}Z^)g{U?s zR{aP8z+DNz-3GUBy|7q~11MLhe((JJko-0I>CU#erNm3yjLf4L*3yOfd9XSK zTPZsn^L|f1`N56H1~%F>w>oiYBw~j5BxXtAj~T#0 zpK1!diikBl6-xmcejCo&DD|=e*~}oxDsZQEP%MGhZXwko%y466$0M-s+OP_nxNEal zt-t3aT+0gWoT|V!(5jU3?7hY}WG^*-60Odr>c^2Pdp-keej;(j&yVeI(DqsS4nki z!obY6<6gT+0`p?KQKi2TH*9_-f%M|QD{C4UZN6{#(trw*5&>uvPyN84#~{kA84Teb zviWNJbHv~lpiN1z0TH*Sb8U6QAh6Gl)~&CsxD+Wt9OHNzu%1GSo$E$@i(EUWY}i-9 zcz1B)1Rl9RYrQBI0>hCsa5$f+P(lSEhRw>KP-#x86@337NSZ~ zV}_V7$f-)Insqk?;4vi!xI{ZNyZw02yhmFzQ_Z`glYTEJ-g;_2 ze6H<RCkWa#Jl2!RMwPDw< zuost||72WBb{@MVs`xZhez)8x|5OFfhRj~0Jg%mz;8P2Adj=YAOrYd9)(pKW*V5HN zsMw?Hgn`j|FvYloMhr~DVJb%38DefOqEJKgkM5+ncF7l%f6oF9~d-Xp`Z*fRTZJEz!_hJ43Q=vP2j;_ zQAC^;o)n@(0afq-0^M=)Z5JhG<14cn*D_7l7a~{o1KLFLhn`k9f#U=_g9E#PsMvd3 z^QWBgg?P~YK}iu5(-$HMY-`trL1MpgONlYsN{&#>rbBfvuE|$)Jq{W?$-v|boQ@bV zUelaJVl;zFOGXxhnX^GDhK-Dv5YKwZVqguMTeBMoyGZ3IhrZecAc44|SN0_z6Slz- zAHz8+cs5LAsbEEBj&ao$K}UV9acD)~^qB4Z*HEqLxO|)@#%}a@`mnk8y%AZPQ;IIo z#4_;B{tcy3Tc>Nk7ym?vYe%OWfL@XY;4vUYD8~**q|=MS+6?5^AFPVnpPDBA6#*l2 zFcGoHBA+>?)o4&)A@>8g=RQ@UtSv_$bj%uO3W6X=3aYb&(58MxC08lh105?ndmvVJhk!;*v?yE)0Uiz8B<%VfXdNG!A~ru zBO!>uy?nGk6FruKXHYORxPU{0-8uZa%TGDN*!TfO!rVtoiYCvt#oPx98_e54DFH+J zEaUMFDL#_?9~e9+e+iI`c-2X4K~SY3I+(_~8U^qY@pN7OcjN@nQVIX2 z`Frb58;QdPuCPLQ*X|A>oVYwh?b>V$EgKRoUmTclX(aV1L>UW-P^ZZBo^Q@U-cQ>= zn7@#n`xB66gm@vd*3-l;@S|4)3Q#WzdI2W6173XNBm`84CXhG70J65l(Q$kW5}ktCF(oos9%!rV%^Z^-YG`L9%E&^E$8$_d>&wko zPivmllm8mtc}pkBxIFWzesLzq{H5WUv}HU-4>z@?K%)bi{-g^i(oE{$H12p-VJw?} z3b%EqGMAOX)E*JSkKFlE1b8N*#t$H@ssi<@GxMjF`n^pMgIwGg8ewBYWiFjqD<2?N z_t$pt`!~HJq!y_O!2nZkW=SqU7!8F5(XzJzT8>w9f?9S+;;Acvs4@*MIOXRz9mC8Q zN^>jO2dj{S(q(u{zJQ8=A^`tcB>y)F^POI0WBMPI4C8<52gvxpYY2F$xmktN4BN%q z;}+ZsHxnuJ0nGn{D=Pevw$YELr^y@?Mo$S7Ipna%b6ZJal$+pGTl?PZkq`EHyyJ6nsn@i_UI?7d^5yV3Nc zGM|;^U1B)-PaQ+wkGt^!FtTGQ3;;qe;Lb;uwW(%zv7~@z|5_jf^u~>+8;4{3HxRouY&wN^v zXOjtb{CSxd66{^$>$C9nb-H`MB3n&xwx|u6RYd#rm`!t_pcWYh*d& zbbgZ{q3rKVOnT+a-h3$v6`)*B$jxa6{$qB_R?Y8KEHhleDcA#yHQI7VHMZ76T&bBE z_@`Wa*^5f!OT(S*(4wSEQHunNEBlxE8Kk$}548gCfg<3^7JDbH0KsWdtmVVCw+`5H z3zT_kC;3sA#RFAXE1)_XqSE`t!zaqhjdnGCA5X{3pdXpHzmXPYygYa!_SY;XIJbuZ zuY|YK30C?&9;DL^^k-w~{1vGM=X{(A_o(Ho&kCx)yF`0mDh<|am$&?*F0+vqKYYSJ zrbQL*Hjfgq$DxNUa+*%Ov}$Un3~kvF>M?j=+dh=6;tb~s%lE0*7d=bdcw5Z>$hU`z zE{R&tUTv0uuNx%v8a<}1?HtmVw6|Z%D>uv3*DdKR>F6)^v{3p!zKN>7HXL3N{&h99 z>MeaLicEzsEGnye9nra8EO|6l!to!kJiC&AF&b}|f14FuhSe6%$$V_m`?x6*IJZOD zDw#Q*@s68?;Kc3~f!?I{fR8E%;|f?O)L!}hH+WJ?+d9Kz8`LTI?($do7VPufuoRj> zw2RwOKAZls#Kco{3m5B0qv1c3V#z26vBViVGDn&nL6x)OpJtscoJ?MQ!%myf_T zMCl^zWQW8tk;GkQVf)>?)9i#P*1m2>xqH)K*-teuhR`{+MH+c>vnUhvC4 zXv#jA2jOkyXYT-PAU7pes3I|XTm;R01c8KSk(aTjw237gR`@O-B#$siw1H?LHU(lP z#}Tt|$Rcb!?mo!{Z$GySwP^RK?cv&R8U%s6CIK~Er|n>;V+7hV>JP`7u8q^zSYkuD z>^S4z6JyKM%RZGlr?3XhrX9~Zr4~TDP?RD{&p30eNS$|}Eaq?2-ee#*zv)SXNk^>a zcy#5^Fa3Y3di35ACBN~331-?^nm)EK;b{=Dc}Bg)1(2dqI^;TSHLz7yW#3IwUI->v z&mI17#6*FiczpIc&wxc(B07g5zO~kk_$&hU>3*umK-#=it!1o(45fowZJ{&VGv-h4 z*msV&$=iIb`16-C)n_pE$O8$<#y}2$AC0^%q26?iYlm;vDZRd2F9;4?OB*3lXVPE( zV*o!W#0SAbXsHFPfF>luob3#wcAjvX3*n6&1r$s#-p<_%(UpKyTSUE21m~?1mL`L) zM10*MW_|=rAhA~b1mIx*=E-lp&XeC%-092G)TtMO&{SEOyBw6(Ap8oZSx0X&KEC+U z;?n(4=UAeJjm)}l-Iy+*wCCA=M3b9 zkyH-O0-`KSwww@$?4M9Ol%v4eL`pq~~ zZ~03}M{)2ZowTyO^vk!Pz*cv?su&(5Zy2X~BcY_Aq?V$Xc2}%_R)zEc^qc+3M~4Fd z4iW4vf5LETjR_eA@d+$Pi1Og|L+f(o+gsG6H_y?t=LaedS%S)qL@)EZR zuKSeJYpi{7R5eSt77Q@q^-HG*YI!XD?R}n-`kg{k!Il+R2@sNCIb9>7ka%HsoFz($ z=J82tYE-e+B8GB5jjx;rp@Zw`>Y&;K^1}IyaN=MXATIx~qlJLich%CV#Q0a(X)4glVV*N2GEBJKATA2X2yy=!uV9A<>8@W5hL%WN8`h#q zN&uzIrK4Yq{EwbPkE#F)D9UxLJSqtkPcXGO&b}(H()CzaU?TYoZg_9d>@Ofu^gsfg zesDt2O@;n*n6udBCzLKp5)3$AA`5b7Cs_{NGBKJ^6xEH;;z3Mfi*|@)|N0i22t5bq z4u+0qty3cC?w+kN7gd#ni$h?*_@x}If5na+kPQL_82E5saMa#FI~5GD&y!GTW`dx? zKsH$%DCJduDob)J(&PoxF?Jwx>huwVD^`3tAsKgEaWP-3&uCb52g!TvJc(b;&yRO6 zP=7fY)A;>5yRC*lM79FVm8L=g`E57@@A>;XI^1PPVSK67S6E)VP_&vP;IOYnjQ0^7 zmBjc`wDq-|S*;9?4Ua@Y%?Y4~<&i2eX!xO41^%mHTkc}LL~jTbrL4|KBu$|ehsx@| z8dsc^iNI2pismWh$^Fo$RkEO~#rEqadNTg>d9kKFUe}N;QgiGINN9OmCSV>Vz#_+XPR97ft^zC&dX2LSq$BbVFQ2ZMG;ls~gHlA#s zJ462NKDWZMm-2YPR&rd5A1Z*R4dmj)pZv{_Qc0jn?WUIz<9}EDLuw6{_L5Qf49#+( zO+9tsEfroXho*rID@Zf~S$RPgbVeJ%R#~wcd4&>}Ou~m$DY~xzOrbSBXt&T7gzj65 z8wgsis`)!LfTq)-@b1^HU_ZA0GA=`*xW~L0o_rICgrBRoCzPwcnN*KGJ-$2N+zlB; zIxEKzl2D+B1Z!JqL8`F@Uc5t;kk#NIkphv+hZb7xhjr-sgmvf^3{V0eMkCpsKeX_- zryQPm!4DN3yjbC88LF(gtOSF5mFN@;#?;QLVRomrt$B`ukH;VR;JX61=Z$&u+xYSs z@%p_QznfLE7%3iLTe!Bo;XF~b{n-2EioA6t1~}y#=_n+@j|iA(j(J@0tr5sJvbYxQ zsYN49i5ZX>Vy77k&{C|*F^1{VD}+spk@ppps5UcwbCAiM1!=OoDq@N5DOIEDzb)S3 z?lB}v2PImmu1HeBElP?5+)g)m9ljxmdfAw=t6BxFrag<_N@sXt8w)KM?@?An9Kw^Y zIUuu!v#tQP><-%AvjgjV3+Ox};z-&-eeL0A(^IKxJyV{g&TXC(p1BZ9X^VP}eJALa zVKwd#+4yN`e=So8#t>s%K%M1qlLNEn6)mem0EvJEZH_8BR`$Sg&HeY_c{~UY zekJfiUIb@U2oD6FNgf@HFEhQ(SkFh}>x5UG$LEdMx-1}Frp4@UCHl{|X8k<0y8DXI z7YED%Uv@9}mAAX}Tyk5!c-61&*(mstYL&e==;Q0>a(R8K8*l4A6&TcQmx4Rq< zrnK&EFXk^gBfNBU-5cA#3MF{)%*BTigFMYgic2A%Upwg!BU_&r*%Tra6eN_lS|tZu z9wK||XpJe-Fgn*t6x)}rL;Rd&(B)QBLa4lndB$R2O0ht#^cAoXCkh?(9Ggm}j*d&DrnxF}awFHii8d2l6Hc%LZRa ztTy753J!16q%72V-VY_Ucs@)y7Ca!tA&0;&v}lHO4H7`($7l>OR~yYR*gXU3&PtT6 z)KoI+Ftz*3L$ns_;#On%#S9dQ2`wlIkHDH7Cy6-{Bt^6=DR^kNiu;b7>P>Yl=M0y* zVOfwg;{FIC`wT$tB2;k%a3Z5u7dYLswJYR=F%rUFKsOM~3sQ8^NB|cXxD+OIi|gA{ zj4ukr0b3gkR*Bzs5IJ1g@}l5>X}-Q#-X3x6H(>L#g)O_JepVdi1$mCg8-<)hzzbTD?TjXLM0N$$e+BF$iY8`)dQ-jx z19|tko7cW%J;@UPWt#*|UxuIHfLp4?^+Aj8H+c9gLhF4SXQr|yar-Ke0+)x^;{G+3 zl2h5(b`&L)WxH}GG4aE;qVte@HG;#4AH{)tzT4Dk!(C7WChh8{%#ML{WlCqIx^9;4 z*rUua4)XkflLW5pFpi~SXDdlM;EoMBNY?)mgugPyiBXwAEz7^f+en0L6~p$zYVUU| zcq+#Ioeudpr?goHoUw2*V;21Ps5rVko&RcV)OnvwvpllkRpMrhL1qH?X09tv8Fr^n zMan#_&@bX_rA*kD@nFDyr+GZZ`Z0~NJM8Gs!(Fc_Dp@By2u}I{Y zvc2ug%R|`$FZTSRe`9+uym_K-T7_(3b@|*uYXmkH6m#K*S(e!)4e$50ug7@B3ky1C zU%VB~eVo&p39>wWL*i;K*(rtX$Guh=m^!XpOV8}?KbPkeJ&o1d=aknaFtOSkZPgU* zCSp4cXMs1KEDm?&o@}&qIJ^{NeJ+rTJa;I6}x}HVcawF4Pa1n@aebctDzz?WBtM zZs26a``6#I3X#TOYdL{76iD++hf<=*LYeCtk?q24mPr5fAnjZE{HC>#h5)svuyd5m zg@MN3EKH~tRehl183(21PA`x2hf-b?QVVt~THAtwXd zlopkkgcUn3$NegTW%x2;TMSP@rxFDBs$`;GBjsTyN+3J-Az+gK{#WuPvm zWLj>;oTrYhlgf_15FuqemxhzW6);H^z|i>X%}s?&(+qVV;Nj)Mvu*yzbyC{6`XW%QN}etp*kW+GBOR!QM z_yM?VD96HC7Saewu?2}Ja*srHa7V}h5P}UB=ZI8&9MncOcNz;L4Y+2L@ z;VlNf1mi`iAL_~UI=^Yf9fjB4h>{lKW?+fni*~B8&j^<^=#5smpm5I=lrxylC=<$j z+i2@cOR$wOFK6@}U*K)>FuveIqIH)p(RpUq%IC{$E3u)So^xjjbv0KxL&Q z@f1`fl5GTr;z*DNgyprq76G&=U?+;u^HdT_(BxrAT@f`W;zCNADhViyYIS)=xRUZp zJS)^;_N@iuQA;HhzEi5wq@J_yKmF!axpK&K8xF8Vy5>rA{Ie)zo7SYU!bh-e8{=2$ zmC4l|b7K_Hz@ZAy++WK~$&F(aXmvPEPsRr-4pCAD@7_0*DlA(3&7a3YQ~b+>=pJIN^|GSu1I1l)tv#6%nq8-?qF`0vGqw)t$>51`MB}JU?e~3f)>*qFte(haZpLR` zKS{bx{2MlmkhNU!HWtJ&_m!WVB=GEf-)u~`8$_|OrFaPO1bzip+)No83WQ%An5_hz<&M}0S!rIIme>>wB<$cU zn);OG?`$ zP>Lo)%tFRlr$ZPoaN@<^d)8DQCy`ydyW1VhmR^o!2XoP=2eqKhjylj7LFI2#GgCPj zn(gtbXzktto~w18LW0_;Gg|$^XconbJxbZ&HsJ!(z}OoCyaE-|9fgh;MvV&ULpHld z6{>DAw$F(9LjtLxl6P7a}k_1CpKZPT0b3O>(sJ*&Dpc>yqzL?NyqeAMPlGIfY`p)zQwOlI{x)lc@wcuB|I@G)k-1o`plX#wo-Uw`}1hWh{Y^RLzq|8k`H zEoJNf0Z_kc3x1*d7l5KtqL(9wFrWhy45HSdC4zC_Mg}vKWaM@T(qda2R+tha5bcE| zj~rlZ2D*ghlknqW1P#QID@Y@$Q-GX8DnrTt)`ubn;wHwjPi}N!4|Z)2c4ZF?be@D8 z`|m*eXPEB4K>Js~{x${YU%>ij;pnf||1ZE|U}Apf)8AMHU}UCc{Xeq`z%tLM_={B_ z4sa9Hzeq(rfoSzks?`CdDU^XZ(CMP#VR%^0MGu{b?0@J_1X8Q9+UOo3Wysaq-j zU#yBuBZ-8YgWuuM-6Z8LGSND@9u#BK^|kD|2xqBSzGhhSjF^b z^)^iZS-nlC`h*1z18f)FDdz*u;au|DS43!W7C$^tKOVl-hQu$0tv9zPX^p30B%B*T z$+1!@wMOFK$)ZlhE={|iX}-9Uk&$pw^H!>RcX^`b&<;$!$b{{k?5%niXGK!w+_&#t zqIByD{$OQalI<*gV=_PYnoaQm&B!!%smFBBdo7;kH(-d zHF{~bNeqc#szSp?O!To}kHk>qew4x_1Z2n)V7Se@Spd8VB9P-UK=t~Eu}_6SjOvJ! z?c&&Egk~CHQ?I6O8ufLsqM|m4Jr5wSRc|(K{%jG)gq}rz&Bo^yNEc847-Ct3K9xb9wE8L}=_OP(Y;Xi0W;go!Q06aC3=gyp9j0QcK>*uB5MdPpPSi4; zn${tQ2WXF)8(Y>% zk&}Q4de}JQBKn5*;kSTZXSI35kb(tVCm3DdHS9pd#5;;2yCx5D(px#kA@39HoK~L6 z9?AQB+_YqND1$@m6={QWi!|aNB3-oCy?@rHl!Snci4jFqdluEE72Uj*c^3<;5z& zOiBz;eod~@A+3~j`ehCW;y*yRHOx4)#6@CO;F*2GBhtW)pqmT1V!6vIlkNPmB$YMH zyWfN|6LZFlO%}F$g|4e?O_Mm zRtkl}MKFQLr>~XR*4Yrb7^Vs%j?^LpR$>#3HA=8}j+T9&smqjZTx3(=r`9@Vb-&<2L{io^R>M=O1@ZO*FUIn=!#5C`LKL8s{u`P9w;NkP;vOs`L z(Jnm4c6Sp}lqn6CVL7d0GJ93hx`%_mxK%SKuvSQSIJ475|jXDhPz0mDT{6TI2iHy7vT)E7>a z+;%E<7a1dil9N~-MoWqn)ulEJZcv8aM(AV8n(4&(J&s$bln#wyAnT7kVs1rtS8HYI z;;VyM5gnf6lFt10GtBu;R>0$+{gfZ8vrumYEeCP;YBc-6-f9{1Y2m>$^2n%#MDm%4 z4Sa5OSV;V>rVFQ-i(o&nxYILbv{go%6zJ>pwSl)SL_~ek*x$O3G@$x)LsdA!fzhj+ z<2XWrL+*GfaZux~O?4R8SZc2PUSwuJ5#VOHG}(Cm5QZwNrO4M&*gO(`E3;jhoamPL zWzc(@B>GGyamUkxI$TliUWlBay~5BznFo!I*=tJN6`R5hv%WII8=1?_oQRr^x+#GL zVZE9gA(RJ5>OG%W<*9ijDazT3h`Hu-kYHhB-vScn4;cTLhQs!h;MkEkvWRPf219N| zg@Cw)`cp(IBu6e7>M3L;%h~J(c79L;NCFk`e!Vrb$^>2#?HYt!S*ZZ*q z(Filc8j%c@s}z%$p8QEBC5a@^8F#To6J;h&%eVI{4=Z5Z(}av}M!&3#`Z|suw7C=F zc9WKs=Z(0S20|?~wI-yj?OzIu3Oki&_&;;Dn3JQ!x;0C-ucAJw1G6(dkA(4Q445r6 zqmYk}EunLtZr3@tEeuuZa?==-nug)u8*$JfM1qq=5s~3DNN3I$T`qmB1F(gSTmQ_& zSZY~?t9Yy4@2q3v(kVGx`oU=FqfS0tx9J+pYTec@@)XSuZt)}U)^^Mt$4BO{5wpzN zuK6(#$d00ikgj~D(iC66Q{YQPERogK9-W~!))bWmM7!J*3%W^CU}w|lQc#T{hUZwhAIPhdx%9IMz9s7rV?Y+5R6nOqZkj)i4H+;qotg#5c!Aw z%Vz{yneG=C_v@RHpf-|WY~N#~sJlF`ct)$E=7}0((8=;*vAoyGWJ`;Em!=wOL9eM7%FMvi6M$1=1K{h1KudP^adCv5=SZW`kj`1~>YDWdR zs!Qq`&o&qY^ZmyP?;ezgd@*;4;gR` zm)C$wVt2+^LkJ+C(vzf&7wWqXKeqc^U{lkT$--DX!4%8FO}kTZxku*?B7+omBTRM( zpaxJa$bFflk}wFEMSTbq%Nz-<4ZBD&LdsTEiV1*`q@pkC!gw9^FanRHB2A-`*k19` z3nnfTi4-@E7ypIW4{MfK5nbt@BvKtYDw1vBaCQ4cJv^1!McrKSuQM#QwAOe-V?yZD zBTdO+GCM6zuFja2!NYKzl*pVC24bvAq$)`8Q15@!oiNOIAD(WQO1Jx#a_4yulU6kh zd57`~8Oc5#BUl@v=FG>yk02^hYI2`*s73{=EwisJzHklHb6E;h8e8=}fXt|?5-~F@ z#2u$a$7A$mmthea3Ye6_mu|}^{_#QYMyV@%1oEP{uTZPrLhS~L9fZZTo)NMIk(7zP zegTXS|LuQ^O@aP?H(*kpay)I2Sb9zEv{Ty3`_?dG{8k#gnqpb=l2y9MsTpB=&qhDd4n;GfD(PblEt22u}Bev zu<(3pA%_t3xz)q;_(@F}ClmbnB^+rZo;=M&9i*& z9?U0|ChM~1EWH+sY7?t<<%#BiKPwo7vCRCrBpm~u&u+$`rJTZze4Rntre$T_$qD_ zXh}|k2o4oHzliqe(|5vILUT>2Peq})F6-sm-^L-0A~?kagPR$gTHbz>=UlSA<^S^4 zQ#P`8sS>~}ZNfco_{jiwEv(|p33>3XZi&^$Gz~YV4*tf)Q2C5en8peN0U8qbx}nZ2 zG*g@f$7+?%i82UdtzatZ*z3E|mZ=Fh_1zAp*z08b3w`nvC(uOJL$B3b-Zju#x#n-) zG&UsITA%@~JTjj|_AV!rWmQLEu(X6%p?0o7s_6sV#qlVFB%!BeO*8ok&b0|*#ya$> z5)a@;0)m*vkgu&nT~$u+e{}55Do!h8<8+YI3EJoc7HkBlrsRO)=y)x+&I25=zmoq* zwK2UvOMkt?Z#wsAA6*u)3Vhl1f_qT2KM3Bpzs-^5YS-lR^pHAnz?G3cNd$9AUoY_S z@U|Sqbayy67#z35}yVJ>Z4JKS?IsLOT)Z_7F5ZAbgPi z$m*yY=;K*8hrZ8g!esxVxbeu*YD}2LY0GQ&$RN=EiTM0=c&odM{pZdNFHILp@t5r$aNby*onx<*6|J?>!YJR#sYed`8A!S7vrLTE=&$j{g1nyHm%&^w%9I>sW61 zetcLF7vdkA$ZAmgLt1&7b3`>taRA5TTT3z#r$X4=dtmn_w|IiE3F$4~S&~xa- zY)qt5XbzT3el5d1Zb?HsbnCWNOM0Q>1`5k0q~PV`OgL{PwnGN@g$YAo&MbiWnpIf<%t6RJGOrxMEw`sJ>ytOcn|_uzI$o+knCJP_&orRJ#}AI9wz^zzy+ zWa1?_)jjef;tPpe@h}u4PfVzW>+IaxuM=mgx_0->J*M_--%1gZn4c z{ZHU!_(fgezfl(>1F>ql^7x}#nHVO=?bBc{u@YwN2IwX4J}7XPHMg(cwTuxzNOUA@ zJEcAg>Lhtjg8{p`t>2TWOLS{P^|9?tzL9z#_!(~^Wq z=e6r4eOBSn9cE)if=HJAx1YSI8ylS+9`5&`5@%dn{{~*>-+Zn=%*6j0-v7Oa&&Wpq zt_c8!cM}|+iG}GMUH}W=oyY$dWsrsjC4d#V_gf<%gM1bGM&+ow4{0Nzk5+$ti@meN z(EzjMMR^{9w|iK4B9fgAS*tXOV!tWm5fj#rX=tZK@g<)#fe76qBE@%`<1{-4p8jpg0D{)O*5eOcLlVa>w$PU!z1zP}1z{-XD99s5uE zUdZYVeh_RCXf6@e3nO$ooI62BF3wW`uej%bS6;)u;w%V^c9&X6;XtO@$P|$##1tV+ zel$wn=tQ}<88`>?MwTRD`810({dKH)Ke~7>`5KoIN^Tpc(0<1{X3QP9)dABPiqCz#V+M8x{2I8B>xWEf39Hv^mPAcZ2vE-8uL3-f5`y=pP7-3mf?Mc z`*r;tTV|%e4DIh>6-7fBZb2|ZLzo~f9a?0EcOM+gkjRkRFbF3|Pp69SJsxlv2?hM` zVE7LgALjqV;`6s#2LRs5#RB-XtpC4*fsqK5o9G<|B5uk5g5lr<^6B5f@E_?RPf(jQ~UrfiIVpB>4q6Dca zRIw>AK!?syK>r2>mj6)CS^oEW{`Wh7*O*_=#4k$xDGLAFXX0N_(4kc{d{3kTBVzph znMnG#&jibVD7!4bNy*<`QI=nN@z;|`Cw}XaUByHsi54ipihgK_KaF6PksRN^MECL% zy@<8^O-$pACyC@ltvrtDAhUHz<7NH)mArD}sFxh!`rho|eDU+~b<$JgcT8pk(psz#`g@=szk{#+RPIZZs=wQnY1PZY$?9@FY$Hjj9v|TY_C=)6e`*SQ! zLzPm`RxjjnO@Mm{!C?pPk{iHK0^7<;qwtLoV?!+%Q(-i^e0cb15NRo^CY%k#5I-P@ zB@mpR)!b}+K%RYpi9%>sFl%R;TJb7W2%?W@H?zg0st@r~RK9gQe9Z>i9y88#@UBB1 zC}IV1V30w&Y19+Ir1DeTh@($R(Js5!4uR-;u-IfHZEaMDBE2sRdcdZMEEp`U{DST9 zngk|VPdGJrTq~=_-kgA)HD&0wXsKc{|LJwv2oJkZc?4PLwL850@gCmFDj)pRQ?}9-IhX zs^Zfq5MM3}CWxJXZ>=>!)Y6wXuXe8Hxr$;D%+e->u-3Ju=RG$`ofII4zn_njlrnEp zb5ELp`Ne=UX}&|mU@V7uQE5oFwusgT3f=`qnm;ik2cAC>?oE(?ciPUQVFFk?jtU=r zUC>ZsW5i}MlVcMc%XG1cNO({NF2A9)Tee!>NPGh*c2fN?>Wc!5RMW{!e!uh5#o5WD7PA3o zZV4E!#I~_n1j0u5)vri#IUQ49>&!ID1j{*_{Kk*c`>MZ?XQ6@gE#w`;gjS_s1|`C) zh|H{pltbJiz#gvN{por84>kEmP==oIx1bEmZ%gt&Y?ci?AWz`4oli5yp_uI*3udpHmFE`Ic%)wK&!9tGHJkxfL z|3k;i^X1m!Ip3R6om1YcBgK=F&q`t^=sfEus=ZiN`{Ej}pF?*qA)`|{Yj>B6XApuu z8$7Rf4;Nj8FOGpoNmPOHh!Reg!8xyb9pev*Z5)F8_NX7#(;|vz_8q^nE>G}?Ec0;F*>kry=sbEC|mgp+ia4_v+;Y%>dMe`Zs!^9&O;hK7st*T8`#3M1)PTfq$x3fSA zl|VDJ3Po=8X(SbnglE{&v=L_snrOCtswbQ9!zkPRt zd4h3>(@xPg5d#R0<4T+)YoaaLmD3{ybQf(=vCx<}m|THnFav3~wMOUezZ9-xYNhlw zYH@#XkXAR2V~)yY<+gWck%}n)Ca2e`l&d>qrj@0y@RP7lZJ~0-gcfi&u<_EOfH&TE zyYBVz4Pm{IwzDEKupUVzV-7n)+i7)H@>-Qs?5xCExp(v;bmO#cnTV&hVAXIzXWnsu zBst0vkW##3WhGseEW;Vxjt4?@nFZN`yoXeoj4({1aldPEImd?QaDa<$Dep?<>f&h= znh1~G`|3&)Rm^OE)Q-@*$_ytY_$-XNFter9S=^Pc4Uu`x^u!_^ejiw$u#a5joZr8>T5jq z`-PEaqY%xI9UA2v2=&gn6aPEwSFCXVFu7C{`zd)(bUpY`+3+IrU% zBLJWZJ8VyqCm}`Q5{m@E%)b5RG|pOB4DJSkrsC?|EoXqi%WyUhc~!DhEA%xgRp7lH zb>Iu}GVr{QB=*O7%>&c0%DrLq>6K~m##(xL$Wy1FgGD8hU9N~NVMwK6Ol#bSBX!>PH2o zk(4IqQb`WJxb2(Kbi+DDQ?mjmlxmy+Q@lYr#SjI3ozf^*Li0vBVX$bq8nhSoHYXYF zDfp0;fL=oM<6?WZAwORWhC^Mo$k+!Q!sS2>k!&=8*@E*8(m4)!GDe1PpCJIxIxQGaURsRH~QMID) zJpr;&zX@K&i+6Y(nyg_fa7Phq5{kWGKJD3=zzfRKjl}?gA zd;FPvpL#_0;PtZbK`ixPL#169o2Yz|K9v#GKEtWcW*<<9l0>MCis*`5rMrzeI~ZIy zN1~J{m!koo-zK91QfFxhNj#jqBH+tLAFw&Yy9QLnydN(tKjsYq1!G*c+$D^ms$C)#jDfwlT&$C4d)pm>$c zr1eCH?2q8c$G92hb*CW`{=DwW-GSg`Smg8@r}mX7L+1Pf_K1i@ChV4MOQN9UEs0xm!Q7!y|@*xkUaXWgAUSqgK@_( zo&Q`dEI~R|fQQ_2W`~2dViV$to`G3Ub+4BytdU9MM1?%CoekxOH#XIV$YBktLl)C{ znI!1tDy}z-jws(#-J!ha&u(((qjX!Hk_<99{eV7v!0%1XRaaWw=VTQg3t^H4e9F;p zx7O$g54F#p)t~I{R%Mz@=u^aaRX>@T^{>CKFO*1E1~0LU?5ikX6hoW}#c7;@amb`e zoT#AWlU5{=En^48TFJfee5<^sy2z;X4`@0eZxa_yBQ4AXhO?GqYl%bOXVo0Iw$8VN zl$(`Hq)H>-gEcb?=+lqrAm?2V)kz7ofrV}f#fO;_wezsp8Lsb%)K>&?x*3?WE$DOn zrs{$V1&n)Lp|m-}LhRc1$*@{_g^}c4aD#C9$XG=^1@jHZN{>qge+raP;k2hA^{WNp z#Eh!t8<_XLi_|L?HrBG~CMVCAJ920)l@c5t zhqPH6TR2%JY5UzrH>;uk&4lB&E< z*?^CyXchwCn~-{A>PEu6Sd|5}oN!iP5xzv$M)XIpDJd z6Z{C?gLS&e_sr`MiTRI)nh}e4{xG6P#v^`B4o(Z4o@Oa~zSwr5mdpk`7Kyq)Zr}S3 zu@EQ^VBT`bo=m!Gl;UMyT8XOxBt$qzCARYU$GvjT>@sASixe)}KD&fJ8%VQxebdrS&+8gRT{$^wR^%6;svkYp-h;-_M`OqwP@aH^a%_>Sxa1H#;ncHaUQ>)>`*q1|%!aLfrZAqGAf$V(tjNCl=bCNEi{SyTe!6HuIM?!{&idA#wo$@iUN@n3h*%^9kvOZ^qB* zoPUwYY`GW_0+^8=fwo93`FFV(X|2T{ww3Jn(h?*mB)Q*8D;DKB!}EVHZ(^>oy|%L$ z4R#$$+(}0Wzbch*Kv)ud4w6|NdlDfT70ftN$I<1hcAwPfGlC2jDi@*lSA}|j7Hn-q zOOu+JEXtMeC<{fEnBh@WV03UJJHa?7&hG+mQnUGjDrzEO?f|fE0wm4HV8d>0&K;nCv=->k9?Tlaaw6X%=B1_ks z^Ws?GHWY0DlXre278iGyUHZcG6Y@$NA)5FB2gm;c8@Pie&>8F!a!cA@g#1#nxCiX$ zt3-8h0*>z4Akl3N6O9GexQ$XLp4+e(=v=S8(VPU2Z4%hF``vqyBp2BUtgOC!OYoD3 zjo|Jjy*16P+g*-O9dFFFE><+P%RWa)C|YW56ZXm1=2#^HI~bkYuQL$kc7*fq%Y|X&fl?n4u;)TEKbu(7=p=NuxANeAnv2L!AVXaA}%e?rD9%y0-J#6 zI1uyZ2Ut zfNb#-2{ao|9uz(qgtEfs59b8Cy$d?qY`Z@c%(`;`-X9svufsc)ImHQrU+t{lKHN>L zOs~}9dov<-`!>`0`m{q%x0~kq5P24R>_>X~w2b9?*>QOjF)4fwXhd*Lu+%+idKql0 za#~k-+pBTRl4(FM-(EFVR#Wi`roAP-w{QDt{>38ROPH`iJNMLc4^uv@pPfwBK0 zc5W0dQjK8(b8>Gyji7SAd#ImRqWsg1ky69S{c`p9?$;u3@8VYuyhx4iu2*lamfY(} zx}pB3OZK-h&TG?T%GYM^4Hj<|9~^|74eeW5_gb6D99r;C*Tqp0E~=HqixqAs)A_Q$sgPq`B@$G1~ETk))3YXu`;qVru9QR*$-U(O)TK2v#zucH=NQW!>d zRt8agTWQ)pGIe=gHv70!*qeRkN=8a+`_t1W#+wur-In_1Hj|a&=@GtGnY+egeaC`cSgQ?3wRlk#*P1x8__4d% z-Q-O5sx~@`oqHq8Q7Bqiqd~^U;>WZ5-?`#ANiUIRL;NJxREXhlC_WM)R14i%S4855 zx)q`DPCM%Nro$4SD1CB69$W%G%cCm^wKdIOLRliMiYDWzI-$)jWB@X2B=}tU0Z7rd z*C^Y~oWGrD32s-DR$nKSjk8BmqjjydCBnGmd+6X`US@0C^2fqpMc>ObZjc_iO`0I} zVMRG@Q!)vH&z`37D1rmzmMp$NJ2IIye$GtLu*D_Cy=W@1wlwZ*m{utBRhIddi1=3d zHtJRuLQs2OCdc`x`G_&A;S9d@$bYn)AP|IfZdr)r`=o872Vda(5p54u?uo=`Cw-7L zNlr6Syjzd9f>QKjQrB^xS5K#e6MbH)#(&$G}$_UoJ&JetPe@6o16PzVd8ICe^pga&U>H{rVi8 zn;Zc#SI2Jxel-U)MJ&i18DzpWZox5GGf$TPk*e@36B6(&!pdVGXlO~k|7kConsL41hiolX8*~raH0SC^ zKJopq^f9hLrC=`s0e@N!!4cYNd8C_$c;-z<*{#Z1vNa3i;p*a0OmcY?2KU<@1d-0* z9ZQirpacI`2%EW6st`qk5I=7MnXG5O;F@$?3af!3p1Ay1iT(k_3GubOAd;2_Tb2yb zysxP6!}zy&U+Axat>!)wMyTWTbbu>^G<^>#>oO!#(jR^ziKe6DqcAZ?lpqoi`w*&@ zC@>{ARhS%~>J~bL|80DeI%%_l8?_U(N=xyUXoApidG-aRsiZuk-wmafQS6MtOqMAZ zwz7Pu!*CklKpy-G0bbd($*P?dnNqcJe#ExW!=wT$c3ZA>ncHD_XCb8l7h!Z~kNRPg zR$FY#bqS->)?gfT2F83$l`cDEdmY)SvyhodfiqODXisf09tQpfYcn0!;M22%0sjxE zjtz!bOzb_9tGqa?q)hDiC?3c{ZhW*CH4@%|kGJI+TF}DRMC;+%bT7l%z~~51n?zba zeFRyIc3x3xES>qLY?F6*q2Y?+hk^mFESPM(7$dt)ptw0NSZWVVVYpl2{WgX`{g(zq zwv7dTB)VE1c!#xEk~8@Xb;{oF3=;GO5hNAeLT8|T;3+zvL$RbWqU!Xz~Z%;Eg~ZPRsH$t*o2ElIL}e=p|cwmL;ICY1pvfq9{WB zbPUL4w*ftWAD!tRUa$VAivNdz|HGAIqW@j-e~ZQbL-GH!ROwDN?FcPaSg%j1Z<_~v zHdc?=0{Zogpl-0#HxLcdlHwZaDX%X}jH-1+kM2LH8>p8@T&>kPI5?93A^6Si43q*d zXWB0>XRNo^*td(9dP*;kch8r40kn+WcnG&Ul8>q;$y0S@&$=%i(m(TG+37 zais`rYOD_$s`}1N_3!PmFC#pXhI%$vvStxa!0~eT?I+4<^X57Xf^m#NLG2pyCJlDg zcVFf6gREe>42!jdu2X?MO!lqSa$n`CY$M+1`KndGlo3y0-AYmb3OBrdrq3UJZj5>8 z0*t6f?LzEr$Je*If1uirwj;GAuPq#ui&c zlDC*J?PU%X_E*vyAq#*X0O?r|qM2Cy^noEg9)tW#3!z!LXG?}B>f1*9 zUJ&T1+2cSWI_yP%h_f zcGyj+RAsh{P`&!}Jal#n&WtgKg`yS+PHubVn%E+t7p{n@(w&=NPlL%W76jx*tBx}Rr>dx+ zhs2>FK)v~;hD@x$A!^1EOcSf>!tmN~7$Kx?jYA&U42_u=Quc(X2S(FXEmdeDKVgyJ z2o#An+#!oaaO`SwdLD?Y*86b4%u-`rE}6pTCt-RYIA40*_gJ&fkU!uHu9&*Ywy7 zg#N-%>3QNI?IVy%>_JB53suP=I4Y5ME~UPqyF)ND#X#+{)Z&ph#6PFKoQ;0^R@Yg0 zMl)80{uy@y(QMp}T@}owo$3tJG8tzvUIzVUuE9n4=okoXeS_y34Z7f`1O|@CFx}2o zl)b=_l=3Tify3DtTj8a8WqWPB`<2EitvY&Sb+_es(dB*ZD+OjqUWJ0J!{QSV#|#I}V4%4I-l=kv z$#5Xl3PcbF^^!yomm^%m`RT-2-6byR1QcDS)!LZ}+u!HJI#wNhiTC3)3rjr0jD>p# zwiBM<{lLQG|6FYU8D)JRb^&00j|{)R><{sUgJ%6Li{T$)`ztQ;*Fzv@8WX>^*Ih8v zoEJE`*slpNAHWDTLEK^WauKFUX~Mqj+HVQ!57e34JF{I+u<~M0 zzOv)Jnq&mYKol2yhl%|a^IWumRRSL4Q{B@U7B_lP(y35a!uG!fr9#4HdwwFX6 zPdlz`A<{V_#9^%j!!-U{Em$!=FFm()`DBY)A3JzR0%OP0vrN<^sj$3N$Iksz4BblW z$+&e;QMuhaT028{ef{yY$D8)JiWD!NF-JP7sZ3_tnUa%QgS{-YJ$>TLw@MV%*jma?IhSTN};>I~RDXi6P(~(Z! z=NU$Jz8$TOVLd5<(??5k5>$dbxYar#|DgA^i}>rNL1hbwIrO-WOG z**RPZ)`Sd7R{0MxQ)gJ%euzCmUzwMTfVOC~p*QH(NMV}l|hm5LO z`H9pOpFfi*#(;QZ&nI6m{_W$kLo!Xq`{!c!ypCqLDp5$WG*+Ym77NI~G83i~fWdYF_gQ-qFvqg#S5Xun2rGi$( z@^tLt1c55*hN%^{w+Wz#xnTHmhC}394q^ZkL`_F31Ds<8i zhSZviHB?(WP+P!@kRO(9jCMJ0IhEQQq14<#soRo#3p4V})Plm=fDAlt_<<@xG5klA zhX6#(f$_`*W&>uB0E`DEqZnHjRKeSwU`iuz5J+5Tz1g zi2)w8KwN+lZhi%Xx!FYC1L1QSy}V^5&8c4?!TiJn3%vdE{sT)s(GR(avi4rGM{MB&uvl1e#YA>f>G0iht5uB?ia3Xkq5)O~!$ z!A*6A2wcwTZj)uNX@m*(9~LBsd^Ig)w{)hESBke2^mPI!b*e3FEHGt=pF) zhyT*OZrmR}%4r9`NE48r$95>}RxK+mAFW?UBi#}#Sd}*(Hb!HmwZ_lV+P%Iz zf>@Pt0I^6aJD!a3siOnd_rzQcfXmr=^%H8JPQmF4E{+pI(pdl@QH&An?k#-?WH&8P}$&+RMPm? znrw^%^3bxRJ|SbF2NTnCU#ip<1B`D(UVV_fov|<2lX0~1DAqbJKv$dup1gHntmZe_ zKZEBhn;lG$1kO?KWePpIk z541GDXqsbdKZ*kDn@w4~6qf_0l0rj!G+NWOQIV|uSSrr>R zCS&??U!C~5z2(o(uf4k*jxWWvEwA~xUzg6K-M;l>Ns`iFgeT;sYR~TIRyXDlcSS@X z6R&vMj>1e9zaO{wkFA*N=T$uO|wI6g~8aZ0g)t=;^dbx~x z7J1sc>UTah)^)+C+}56Fo-50wGaft8zHhL7JjIVMBr7>$oLJ8Hv%oJj_Y70w)B2Rw z96$wtX3U|6pPE9g45cq=RMpGMh=&Lll3^)8)R+kJ^!kz5@I4YkW)WO5JM8rX?Vwug z3%j%}j&B8w<_D=gx7!E|0EVh5B7r^9+eFC( zG1Xkb7Fqph2+1y_7;K-4I0B2`1nrftSX*GI@|-Ld?vE(HHswcQC1JwuDlnZ!5Z*)L zwgrsn{~XLf;NsTf=TALHjcnVOG2h6pDdH?P@R*VmS79MJ%M=EV0R3rU+^-PfA)(JV zatE7_@7NxfsM^W+ zN2XDVHM5}UsvMCcP@8*~#>E<2Xqq}RwVTmH6X5bG!5eTL7IM&$R z9%KihPWMqjBt`+EEcGcURv87$L5#AQ9wJ`4yA`jMeRlJ74=oU!#dy!ML{uGRAf5IK zA!bvd2)tj(H4l|dL%-favyg!4$LIz-Qa4cdFfKW@10C!)U*6giQ1$td=@z#Bx{+p#ACAvBCkEQgFd} zM=;%H`sdCmZq!G1CwvWYkHOAMQPM52S1opeAQP$pLk}t z&jE)K>1>B?6rSGfYK+7zv`Yd%3GX!^(IWt=tKbwA$K{g~hz;je?Eq4Jtx2ex%(}9SPWa!WlQL+ci9`3=bAX|#MMyC_x{9=(kMobEgc-E812k9ZC z9jT26gUtfCI>^+Y3eDoCCE5D)J|NjRN&{j^7nGHx10=aqCVuX4e_pSlGYZbIm{)qy z7&IMRGD97U@fQ%MQI*4yw3h@93$N$IAdT6i)M`b02@pM1Ilh70&i|(UfgAWqu}_w6vR z?FRp%pUn+pyfXocr>9JA3b5ecm2vInww$}2QNvQC&e>2)%F{p{D{B9Fe^KMbgXg87 z;fWtXM3~d(p5Eu}F5~Gj>*>T3VDb8N_x!l)FT>fLEqgtbazl3}m2)(=?{j@ncNy`t z!>Y)3s+? zp>&Qraat)MIjz5edwRCdGk<>_h+st(hITgK>yj}IEOJ#Pl`n7mo@v1~gNDVadbNxC zV4U{3?nc2U`QA8g>bX6wMa75fsF9bJiU(kLb1N7JCqt}lPrqj8ul9q=#l_<-gaUkK zn}WWybI6)*MoZ@;8mU@!)fFg0C^3*gDBIc?r#~etsbM$D5c@arOFq1dW6G|P#QR?O zWARz10bXj!vk`gT7-u#^ z4&>MajzOFqOZe@l`Qmrszkf)j>Z11taWHDMl@B#L-# zP0qFJJPtnjqPTEIgT1a5rZgy{!q6h`Jd%C$gYzW*1%n_*-GOa?tc;-(Ost60b9{Jh z6~YzQe*4l`CXok>q~fhNe2<7Vd9*ScOLUkL5rEo`5tu6&&l!t*;zr6_EY0pC6GS<7 zDMDeBjK&p7Kphpb21#EA&G3!16n)|PdsBu+A(aI;@oCS->wyO>mm?aj_s*VXhEp+z3v=Ohd8C_XM0l z>_wlh2{>igw-OMbc2Sg8m*`ojzm6X>hvgp{(^K0kAoFm|1JuB1NYEUz8Qz;3^4(&H zEY%EMvp^@27@^pwl+Fgt#FL2s*s{h|0wf?>J+Olu-#(IXrDkYd$lF|Zo#5$~^;pqo zP&XHY)NkZ{{!B>^af5@_-rBz+f=RGzr9zkr!yie{mN(P-O+k+%$%b?eQovl%Cqv1+ z)6TrVvBO@#Nx8~v&m@PuDnLovzUl_GUP?aqF7>Co^1972r5=;s1jU#+i?^tZWLVAt zQ?K3SJZyFHTMC8fFx^J%nWy=rbdIaBWJZq`7WWJ^i-Id8p<<6#s@at+xq1%>c2n{a zmi)a?0%5k;{d`T2TP=A}H_rxbSITiA*Ni6ZOj$n{g?FkuQ?=vC34N~#Fk*&Aq= zlZU!J7gmcOb&QS`Pe=jA5E=+)$T%^lhKL~T%_Tph`vmNt4E^LVu$_;dR=fKWkIcRl?u}Pj|ufna;d89ckmV46J_MhBk z#3{RT!ZwDi2W0k1Bl4gYZDq1zVAOn5#}ZXBwZhycFafFWZIZ@4vDB|1nFuI>Td~Y+ zzUhl^kpF+2y$Lv!|Jy!1N=Z_YDBDy<+E6HDnMxW%nvz1cB%wl-Wh^t_R!Pj)OiYL= zYqDkEO@$_j$(}vNl4WeeFlOeS|7X6>@A-H6KejP6`;pPPrY*SbUolN7 zrAJjGub(4XzjzTRX4Nar^(09M;ZV zmd)BE{c~sBN7~t&+xEt9*x9xt&)xba(YyX(UG??)%jt)Y*qI)9+R>ydWqb3U-A?7L zy9dopxQ-Q{@=m{3Nieao^S!;L;nS6iubzu~nAp7EVv=cIf9%2gLv|l^PS0-`_1tK^ zt4Ok7|1J$xRF9&`Qj3vl2mPVH-!;|AEuDxh2VEXMop;~Rqp1F}{*enkcqx8Y?ravk zgQI=LpK$fd^H|XyRZ;z{FwoW~tLM}pa*617YS!+GzfHr-=H-_fytsJM0NkT`MI>1W3d95@!S({J+8>n&Gg z(^hA-&s;h9a(|`r-m@*PU#@vEtsWoxTFn3Z=EkY}L)+IM%ewg|`kC(@#aIz_pKFDe zeLbX2bmcr$z8LF>^eZ@thg|Krx#`EBx9<*EXYRc|+w$GF`;?aXm%O?6eqTSVd&}N( zX3*lLf&-g7cb;Xia-a73?+<>~(d=_Cuo;_`HT`!TPbAI_Y}K~QlI>>4AMklz{X=2@ z<;`DQZUwAuc$9j3t2+_t{hTe4rxcUCA@GUCpVN!ve}=tY@W2=eFi}j5U0vdu7#@tr(bHwRjz-K(xDb z^XeX(r=j#B{<|Mx-rFjw`t(Ha_sFImx_v;UtjM#!4;8TOO{Ml@{XlX^!r@Q;uH5kx z1wX=0&zc&9*6;ds*SOI*{i-QQCh=nGO#f5$wmX?ipO&Gr5DC6;H=YjCN#zrs(q=m%e2QpCtm zYpe6GgJ+@k)=Y&}&2JnjDEr<(fJktp10%u3;Fia%XiW~_2pSAFJtuNmje6c%{ zXE@q!G~`fgu1F}d&wpDubio8CF_^2_ctz8aOU&FUx!xBNnO^V>s3dqqJ^AZ*=X#gr z($7VYC19w?6I-6v)Nj;$?rhQfYrkvOS2?*Vm#@7iw+X~9M7ZVL?s(T(Y7n74)Op9t z_Xq3Ei*25{Ox4^g&8}U&AEU1Ak@mM^=B{q@5V@`PKWD0cd+i`o9oGlnXZ|n3<&3hV1m`crg-roxc*G$> zaK@FX&V!yhuCiZl5Nxi-PWgR!U|t23hapd>JTPguiXi5|+Dh3_2Ys%?nYKP_dAe_o z_E_>HlNW5519xtt6l;g=&l;e1(VM<%P7xTxtg0dit@(9r$#dfO_>$*%Lr+l`K@(l% zEYs7NO$O3q;z4p^PA~^ZkF`rRJgniHwhW9)!hsVq&2pyq{VekZ+|yM}FA~ScH&0%B z@%)FI`uSt|UWYaCKAJ-$jT_Y+Jw-}Bkr5J#bNO?vgq}|u6eYZjFp1U>BpOW7JdE=T zw7dJ^p5%nik7<#?*T>2BPX2yw&39V$Bn7^AinaF4j3wDdFZd zk|ewK)L37V?x7zpg&OZ)=~zsWt^bi8cdRk^>|?(TNd5P(y3c3&j2}E#`3Y|@bPOsz z8y{a3zusNeEV-busr#LQP1l_uJ4xGP>E;i2T?ci^H(`!(P!oBl^-WwrP@k+ zDvAYU)eT#Cm#tGHZD*YvxNjf05#82I^HMbvdHLqj_rNzHEwWcE+hleGM(=u1f4uId zvY+d*VrO7J#^KrEngT{c&e=Ny*!ac4}WT0+9y+uvlX=(=)gd6 zW7*FE!4UF*cfDrDxtf`&6UQ4Z^2_eqM7KOUepXv-(;t^(KRlgAl$S*<3{GF5Ym3#k zm>$vHd)jgJJUj^F#4&DAxqa$Dx7Vo&rCkor_DK%Gm(50^Dr8J6!W8Zf@sGH?IT{yq zS!-52XsC8<)Yi?iKYJj$b$q_36s@v5v+YN@j8v76nBHf8`lA>3$}c)LZ0n8)5L>V# z89ns7U%9zi=Sh#jyMvLpz zE}daE$PKDuA4jS0kT_)bc^%PuS$tjm+XGfEn{FkY*|=++ez&yfqcUqwJNJE?B>LO{clp`osq;IVmA+omChc%MVYEQ}>^Rf7MPK$!-TDnC;rrfl^kk+d zyZo=6D#I^dgVHWT&S3Mc8IZL>IhVZ73O-~G<`QxyhicC^_SnYx&RH;xy* z+H~}yeK?JL?yJ|~lqfS|%(S`dvr`>LZ`AIM#Kem?Jj>8Lmx1EF_+WUly{o1BZmah_ z^vBI@M|EDCiD>9=eJ<&8F*oGvI!yG?jt{}>JV=t}CPPWuQAfVl-JJWbn0V!H{GNBR zc|W9XbX8nkd3EY~{-a3`a8Wz=7U^~Olk&}vee%4xM~-8(@}g;7tD6FhV316-Z+Kpn zbbc>IW?!@n>)f@Wt53G9+!i;j3?#~^7X0<;+wGI`j561qCv-a8K9n)eAAcv7noitR zc;MrGB@#kQeGg2`a_@yr-wzE+6Q5qfr>&d!Umwz`(Z5W;{a*j5O7yhSqlWm$7ikfR z&Z)sk>7`jwy#X9f&|L8m3#-mYft{*vHyVhC(6;m}4c0%A-+n_^)FDUa$?127Ns*p^ zdh0gR$dyhs^?LjA?4KE8Pm)CLwp^Kgaw9l$LizW*)qa%|&(_r9(%)3QTIW+U-WNG) z&kqe&z)w<ug8=*R4r+Z@i3;G7KB|o;mn3XUWI<^L!udo7}P5 z-J89{CI4zaw<}~)dcM7K;OCWf7X?HoK{^!_J;3;m@3J%W$fHG3=SZmCuH75G#Cl$!Li?z%_omc3>F9QzBLyfm@+ z08zF%J>R*xFNATG0NQm&e+n&(9k@=RLh!OdV)ZmGX0f4Ue;chsjJH;C4Hu?P2S&Jfjg7@ znCcl8`XPaF_YEZlyVg)$)5ZES+T5u zS1FxQT{Uu7bL`Dye|5_Z-KDXAA-T)$?shNZHinckj1u)C84SJ=`{l-#ksF@QbT`r$ z%8*1&x4-Iz;VZHxV%;v3jB3U0BC^ijxRT{Vk zh;JfeN?Lz4if(v#J!3>wTVmt)$`^TI3fr;WYJZ>mP_RR37a6l8}{o~qK$cy1Z#~c&J_1Pe57q%;op{FFQbh_v@E~cD}zVu}9hM5CL~b%E2Ww>dd7_1#^7Y-6mR#7d1Rytu#NqkY=n(kUAe{ zVWhHJSa0}2V#45D{mJz$%Q81V`K7Bs;pq|gmA|pm?Q!E_TMyC##HZC$gWsu|?{4*T z-DhQ&$}}G^mwniocF zE8#*hBIC^1_uguvf&DvAgj?I*Ht7JlHp{Jj-+hL5GT&~`8G`HAhe8fAY*DG&Yq#!i zdzrJ@OH9>bYwX?pE49#Zv)tGDcWM&OFKMd1s(X6R|C#aMiuayr?5dZ5pCgG9j$Ryp zsZ#SY^&69P`wm+s_i)xRnEkQ`)C!7D@_T?F4PzL@Xo5vn>hC7S)icGc{c&cZtR-nQyZH%CTcN^ZNJ z4(PrwxSVfx>v!~5Q-vq)1vnkCC+>fR9TmXXJ#T*g&-ngt`(NlK{rA#<{=d6u{wqWO zzdKh!jqQJ7=%2l=Om5x(v5K()DKEPyf_}4o=E^qG`(MS8-v#FaO5?sBP4#@Q?K zI4e!icmrR2iwOZ2XwbS;eqLs=?Ez;l#7k4E>PhFOKl&1|d1;nKifxqbnzzQ#>6K#H z-d&e{e1aol1_mABsg(DhzR8YvPw00ZS%V%nb3-G_8wRf&yKs*=-XWH%c*CWz@B{12 z=InZcm%~r3&2z_z2ej7f9K~n<2-Vs>5S!BGAYC;7PnosYZ5%yU{1Vb&*(9Q>S~atQa*Q94%ky!sPxda=uDk!G~K{WoMR zcdSdk#cP3oXt8s1kaB+d{rW)ct&QXU$%Llcx7@Zk|*gm?7g_Z-n>AR zcWk(qaC`1&vsV%7{ocoJMhb6DW)*5XV9h3vKezmz+$wuyRgIKGh3{g+48Mjx#^s_lN{(?*DZQwB$IP9xVdMKd4V$Q}=H zVQ+-}P`KBATFKQzr{8MRY>d6J%YLWhQYNfjY=@pZcUKm@63UH>bUxH6>6fyuKJU-E z=XDNu_Ce&~*JeL+o+z3Bz#Q`qmrk5WT0Ss79e(cbw>qWN;6IgZq7PQvP4CF0v~6hq z`M&E={{z8t>Za?zV#<_E{XYD557+2sr`>}#H+$OHkhT!ECtQ$vw>)?|s8^&R>7!0n zdkuZK_>KRg8^^8&E~wm^#rFSgm~@@}RNIGO)IU*_x1RALt6XB&F_s`;Qt{Am#d8C@ z;foWAPYjaOqvz)BB%OZ7I9+*IGDcqv{5$4@y? z(kUH*2BpgW|1-e-+Yko;cTD@gwF2t@+nx{t-2c}(u+UyE?r#5amK__%;UwL1+oW=);PXza)_H{X4Zla?n`Py8?Uq;FuXfmj4+spx20woC^jY}xh!;fCtJpa5 z>-dC})U@=B%=cLz3X6(MO3TVCD!>z=$0Y(={~yBwKmTK3|F3aLfpM)96@I-EJ9~kbwN0^e@6Dd8`z`&UnBeX!2X|c^}@ES z7Xgd6UJ8bUt+AN3Znn|m1%Oc7%UqqW5oqc(1>c#n9kY#lR9j{W~eg;U;Hu9>fJ2yLo#qcB{Fo%^mt$z)-+Q z_B0|Eaf^BaSZ8YAqml;!G@(eH_q z6TnPaI<`!x^}PVrWKm&AUygxTD`aUj_xl7-bK!QFxux+oX#vbLECo}H%IceJ<@ola z5IE;v$rZrz{0WTa6BfI5 zDuz}9R%B%t(f8r;WBe54K;xJI)`!$w@yDPDRzFqRCRl1jizVK$No#%Xw7oCc?}@Bf<|qMAuw-aC&g8QFT{wP=CznEC>88 z4&_!^6>+d-1dZSiRQq9Zj(6==PhwN(1e)r)BEw^0GiMlsnrUH~gOoVFVH`?aCH4|W5Sx274d7{E?==?l$TG$Qz; z_~n)&=91)oO?ih?tX`+dwe!i2{k{;3zYocoP~)*!htDSd`ZC39(`GLH62OMx0>#VNvLRrh!VgI1+ck(|DPzgtRM@MB5HSLr2zH>e^~&F2&-wX8H#7)2RJb_HRxp? zvLWHsV$UCZHCHwZuf~4bAF#l|xyP$s?lL@WSPO6G8HHp!@{=W~rD2i$n|O9R1YKl? z7`3K8esyIn`Jn(Nfkz8qlqxuHy#U61V5260ZSoSpcmf!HRPRp?mh8fn2|MVc87qLP zAF3x0I=b?+dkH6~nwKl`557~SCt8ojrLqh^5PoElt50F6)!7l&yvm=^nuku_mOl5{ z2cD?v0H*CM&N1o@iOwx&gxDFIIlQwN-sEe;BACYtYgxxiiNH1X3=Kq z_%?6kB!yR$zimP6h0pTgrYM#GmIDCbfzxg0>heWo7rx1yRdc^yF4%H>h46y}*>U{Y zy9~G7D;W1))W^OVI@pW$3iLwY@bUJt0qxK%ei^^mQpD2)6Z*JL0J~F3SfMP^q4;ie z>JVCq+M`C`JM)V3QMNPg25Pq)idaX|Sjt(PLVKrB0jxUOyh8Ev5E>jrs$CbY=PgSm z3fbA_RnxE_H5t$jR^nR1*BHcAoGWdtl^f}4NY`G8X&u?NJFFC`*#t&!e^|XaDF)s{ zv25q9j^-ijlO;*@aX37$7>vokz-NR~hGunp`h>YC6MR*wrTS<-2%-a6mm>@U|K_Xx z$zOfFW<#lpHo-no>PtyZBO&U>kiHH_^T9Nx7_A7Ry@>!-qLc#2%Ic)gy+-47$!qv8 zx`AV~tU($)9^r=q_i^F-31DOCzK{|BZME*(Ai|fmlDwyZ@B2O@*^isvH?s96$_S8M zA3!FI7G}+JjN?Bo4^BZ+xG<0&{ybEZAD=nh+BnR|V5-X&N2|)CNAws(j0T3|sZ<}s zc~x=kctUJ!Y@I_FQzI1Vju%_IOS#TH7w>gn0Mih_z&F9cu0BNNsmiZB&SftD(rmxL zLKKxpqg4RdgD_5ZhD-!7YAj_WY9C&56^Ux|$4XCF&oiG89qjDT;{YD&0~ToGSUjr* zWT5GEd8hoWAkr87f&s;{w2i63h_(RXgat7~;dv)kD{SIP;WCE8d6Mw2C#pLAmHc-5 zONjrdd?Rg7^T7rpVjAJ`aK3glhA-!UiZayQm^gyo^Eiy$GiOL&iZ}em5MtYk|1T$t zcPRG{r^RCO`#n#@u@_O}cp7aEK}4=iLV0K;GfCc|QuD=;nVI8E3$9u{yt=I2@S6Y@ z=nK#Z;1d8(^H-$K2wnVx%=tksE!gMjawK2cz!Fu5cPEa_T2M4F8c0siBAB8~Uh(2| z_-WTd3fEjCn z>;d(d-gam4EaH~^^s)(Uyg<*e@vu0gc2h24+iHrzBqDkWS!6Tbq}gyr{kzzu0=B2o z2jn5M=`%xD+i#XHLf!CqtJ~xg@?O-rS?QBw_Yy)&J2o+ysl=0+Id|CdYO@ohl~~$T zGLpn3qV903z_>Z!d{jT$gNUUpx0I+aMa<T^EDZXKJuq)(a4E(Z_j{1n^_)}<9@2m zvnQ50lNPz+!~Hg8#;fpFi2_WH6MJI_!cuul+49d4jS~^~t8tFiuWnybE*NWo&w}90 z^KTxsN8d;Ia`4lLJQDL*e?MwHn2~IGWRFURhH)Q!7T^knubp*aCcv^sn?m{mc~z4> zLwU$$e+FLJ@U(H_?=a*S0jw9Di5?laU}QWpg5kKk!{;=R>^FFJTkYRvT*u--DR8lB zBxlkY4s|4>o*Qd;1gqx|(R`BUxFeu8EocM_xjLY}cP>C9;eG-tX*Jafq(uwc@@UCq zm3FAnS8Wd2NrRIC1LQx*4_ZZKp)yvHwhR07Gk&cSAgNsGK{MuZ7I>G5OfsCWLuvvs zH#ZPOd1bJTUOs*`Gy!vN}5~-~4aXyZM2)IU$=a+c;j@#SgoAf~-uK3~m z%%+eiFYlF)?<(Wi=(5FSUU(&I=?@6zShX| z_u}%m8RJ$Tekvjk@4+96ALHPc+5x?~nugyI>YnAXK>L7|M!n@wdV`~r6v3f0!DJ8! z+E68Ku>dj-f&{P;_wXg`?~h^oTiWVo7VW_CSEJS9$MM~I;Hj;z+KQcH4t1lAT6~6` zqf3S)|FCg#wT~q4)CDd&pjB&Th$ujDKpxUZPNw;{1;Npj`s4!(qVj6buebW64e2xA zMhP>EVHBtm57sFI&u*#U8m+G{wek#L&|(wd%yB}dcZ5e5eylnommU$bbjRtEv2j~!a{BrQnw@U%I%m{uga$=S%fUO@*seLJcJ@uKNfWndD_}{bU zhxFC@hm!Dz4WUJL*#1F-$OFhR%G}}b4r6u4$&=x)=W%mTu+3YvOk68x2W=d!2ASk- zvtA8E6ryX9T6758%c5{*2)rQ#G$;CO&!MjX|Af(!GUu(!GpdXy;^~HE*Bt5jV{|Rh>;QZ3~`QNV`j_x zo*v^6#u^c^j5X(|x1A*z<7qs=k1l+-`K*RUXy5bE5>gX5wbsCH^Q2OP$fkp1(Rwpf zW;*=W-wsoeD`=8LwIiEPFmdLSff4Bl%Jo2D!S>1vQ8lW{QA{s)Y-E`o$(j~ zliYNYXpnTR=^|G(H@w#sOnPhw{zlj{2Ga*VhsZ0cTQkj^L$Fl1raI4N2U_WU&`MJj z17s#vuGv!0OfC<6n435LCW=khBFLckC%VIDr_J74SS0&kCmKK@0W96&8!W5jHRQfP zmTPp;@-}TN76LQSs3af8Y8v~r&^V6I&QUBb6iY35mt)GU!fPN0@pSV{ML#FnSj_|Z zXSu0C7AV$nOY^qx7WhFlJCU&LhwnZ)KDydE|NS6hXryTuAT?a7hCavy4d#urvXFBs#bqQwG&9K3`0VJ~!)>!Zqn(JZlHCGWaY^L!Q7$STD*BOs zmY-sL;15;$c(Zcd7gpo@Rj0ZYiYLe_29X4gCjd|88$3XqjMxeGN^dMZo}ZKvmM~(0 z*Rbe|H*Q6MAUmn5q<iQ21S2qdpIpzAp2IhA~cR-W$2^J=70dj9j9?bXl0IN1jn z(U?Je6B@C|Ydlm<+3dP-mmDYO6vk}m_rnH9%_QHXOiecI=On+(s;Y@*K(g?MI(^Nq zXE3`w{O-tsM4dX=hgKb<#*YnRV`#nrx)$38YaUrpz^Q=hl@;c@l3e(t51w%=@<#nJ zGzO}yZ=c#$l@ZQ?pkJean^BhWFSQF9cy%f^8e9g>frah+P9t1 zKGZOE0}tN)pv;0IeJ$t~gBhrWh6>ThKp#cQa(ff8#J76j<(SwE1U+ZSj20mC(dR`1a#-ND!9eOB=_xqYW#cEfw3n+A&d0xV+ju z+^mcKS)4C9RT-D+n}+qfTU~7i^^9XF?qw{n`I2$Y0KuEg-+c(OAD(@v)}vAKeo5&* z->o(q9&GQUA!!cl}3 zUm6hhO%?=gCVaUa9CL=h4I{k49&jKcd7FwlD_yPgU5h0}I z)Y!a;=|Tyewu68CY(3%Ik1&_vtFQT_%UnfDPa6uri!fD!_>VFCK8N&>JOMQ|$U<^K z$PrASr?0O|h-$x|lY;{aDjdXULJ+VPM$H$g>zmYiHIRiW+zap6|Y;h$vnyRhI_(F>@V`Z*ic)G9{E<$>Clufiu0&}z z)h_<7p{&HVHs`)n6D>hiIs}y>XUf4GGy!9)YqZVBkgin$l23oH?G*7ECXh|xtmI03 zqqZZ4pgjG9Cwf}iXM$-@d6za)eHQVwdjIG7mlIPxiJ&Yj2!(6=3WZJQJDyD_8M*t;-LIyG`E)7S zl?K#4KBopSEj2z^s&BF20+d{AXvOcUN4*Rn$We+yap#2`OTS!1gpkD-R`9nLp;maj zYCpvt?3^wv&MhEWVLmQ53?dt4#>2^KWJM5xz|ZtljD7rmbha6LiJbW-`7U|Kz^R0n zcoq}B)`SIQ+S`7zXs`!xW<;$6r3$=NAW$Cde7C#ylliK&m{9~d29O!7A9{>W`2mg( z!0TbZK?@57yfKymo<8vgJRQ(J7I0#nu2#yU@4EN&;1)3h96vxA3;|7ui@k4MOPIl5 ze{`0(2z08VpOCTT5%EnYqX&)b?b}8v7mAbnn9|q)A)f;wOE>Q?Z&f$ceb>l7$oux2 zKhW?4U>|@7FrtO;WSdw-RH{s8&v376!A;+A9+aBf+`PZ7#(J?5)4kD z77itXyspjzBonY+lw$03m$KaaOPq4sGJXBjrJkTZ^uiV*X1K4Ze6*%xlxPNmH=M7{ zMaBa_%U*1_gSpBrcD+&>%RWbE8fD(LT77I*-nlfOX}Ta5qZlZF^#nq0z{Z2m&H}*# zsFjM)J!Qx%m$Bi}4k#q=F%UC8zG^+AL`(q<5S7L0F5?qUt0`zhc;0Htm$qI5yvCqK z5FjeE43NJd5HC4GP@GuACM!g@%x)6eAOv853t*bcH~%pq{(PGbP8`_P=6QJx)hZ_+ z6+W{tUx%Xpd|<2LqcPDw1E>PX55y4+AUyT|n4Ic}MMnO%E<@LBxKiUtU7&L8h~+zdIO$z3pW<0&Y4z5j9BIE=5ue`d5%U?M+68 z9tJ8S%IA;IKF#6C%0Ee1I-^TOk1mdeG(`XtFq`yakw+ci#5V9u7BXKLt0e7fWHQ>{ z&UeJnu%e_!Zqyl!W)l&ky^?%028gHV+89EE7I4O}O3WcP=D9KOjwjoI)X-kRInOeP zKzoj(#=xW*PER1WP0Avr46*L}V-Vz%Vf~a|xwURGJ4A2RkgA~vW_}GQfiV!4C5P=Y zQgP##602&PE(by~APcgF)A7F@8+NvWtgrjWc}aF55ZX%RI_{)58jrHp_%u!SoaR3t znH@7(>sCz;pjHu}Yc{&+(<^Jz5!^+_vlBras>Q3SUkiQTrggh9_0v+=K1=fvjInU7d})rTXu}dqfaIg|V!aQ7W|Wb- zz}<2_%rk4hId4g0t9Q>bXGd8GA!~{A2jBZno_j@Gn20LzQE+g=EgI>5S!jd^Ztyu{ zutb)K9Aq)g3z3Lq3=XZ}+-PJt&|66^gSRiOJ{n=rs~!QbVvNQWdNdjS6~k1?Mg-9j z0GwJp@U#Del^FhEzgc;CDdokBLIX)n%jgLVY33xkCl92`C81Mb$E7d(VJTBnmL_L0 zn)KvZOaZ9m7(}Rm2nIzGkQLfjz=W0R80`;JdZYvv!yCCUQ^X;Fo!ndHmB2jY(safx@WFBUm&87Z_{l0SPBB8 z9_)@0aA;Oe7HoCpp>r%G7LUMJN9zOayGG}QJGq&6d*#ZRq#WvUY&g=ov2v0ziybP)Q-Pb5m z$MH)cMkgd=Xo0?LJU0-O&>-NCeDf!d&{sFG!W z)2l@C0{RG}oCwJAk7%T@=m5w466=DAhCcnco5OZ zX-fPUG+T}=1qGHMjJaxo7{kOPETc~qNZ%{IQ zhUnnfcl#I(5d#{;a-uQI!2CQ}l{V98-C_UAk|42aVMVfNU-=y929d`&Soea>v+NiN~J6JjBt;H~X#-7n*o`yuq6n&?5jQM3wBVSo#+O(KZ6*{Y!@c!|8F zNP|YTM{5%n9SoA~$C~yup|?=RAL1<$^;JkvPxoVBqF}tRzMlSwMKmH%7P^UNwIP>< zVk((ZogefQ(w-~`)ookq%MIAH+`R7#gBf5Wjq*{g4*+y%4jwP04`8sJovaX)tN0gB z4_jc0W)36y+vf4VQ!l0zf(m1pvjFz&5W6P+Kp^}E)W6H0sr>#dA4MrnAROe29hi={ECdml zD)6<+dAxL}No(j1UtfIo^wl^g2OyhM!D>_3E#>%KxNd4snVf90Ogp}H7Nj)B$|V5W zij)Z`*gESgd`E$~#eTZA*$SpT10LYi3wM@1c=ISeEf2M!+XM40hv zjP?GhIoYv;FXyH1_7lLIO#AE;ljT|s8xgFz(ZaH5K50ZbwPdeMvavmH8I zG15$zpMyQk*9(EK0#lkN+&_WkU%iUTsb%n=n8V(xjL}v~Z{~_s`<( zYo`6=lZJlSK-soy_ze3-s8A17CqQ9*34Cq1&*FY+kDViMW~$V!Fv~=H&^v&31CA?z z*q2~QoMKW}r!2gT^_DF6(@a4eg*Jkfz_YmDN14pGM6(GCOmRP!;=w&nS(qDZ1d8#{ zXz<;HYQJk(KL?>JP)7O($t_iKNcRixDim}DIiG#Zr1V|OC=p|)0oAH;lRrU*@Yt)G z>ZuEsUn%S9h5_?fN;N>W49Zg5$2px}%wle&nF4qcdv zn@1ynyMhAEB2Yenj?&oF%p! z|5&m@$J=@GUp!rpzfUV?xs2Z-%OTxah-i$K#dD#>k7LaU1^EOh(&Uj)^E_w|00~T; zjSahCTD~I=0CtBrpf@&byp|cS5jl|t$^-27rhF$^>&|FX+?}HCBhYqKisxGROC4qa z+7O+AdXL6uI`n~-hmc5Q5j2Zj22xijIl;fN;ll#h^I-B*06lv19m)y?3%cR6Q0oWu zeWf&t2avcZz-=&`2{1oGHz(P@_ja&mUp0PV+n2d4el&ozRuy6k{Ssk?2wcT#0F~fL zAYtX>T6(?TsS&CzTr=&XdRt;9(DKfWJ_wvc%xj?>?Q9%Jy~pBi#%k~u{#fcZZ=}R9 zYUN5F83fHvR7GP-Kw;g-4S~BEAgl|pBZSttVWS~+ZDQQ!Qu?H_d`GS1lq}^>oU=5r z+&T~h2&w4}W;rbms2x@d=z$S7*0{mtRNMWj68)+lfLAW45+nr|+ z%}18_K9?(2vxaN#TzI6nYz8XR5@GVlA`m@lvw(FlGl4{%8;#xEdTmKJd~PR~Xb+aa zv(&dyte2U0rM+r^522k+*4lE8tRSvhzWek-yHsq4A;9 zK=DYP)Pv}tf(;yGjxfW{32U8M$65L^iNx_gAVEml%y&aiC_C`K&*FJ8rha(Oc|2dr z5)Z1-i}*#Ootedp8m*8s4HEyOyr=aza=U$FQB$@WJE9`3Bk6NIe0aVI5{4CViN+LAQ){9-;@beL!~>HrWB^NF{Td2*vn6RDKrf88dI>C-~SlgCt|&v4P$T z{Ibw(Ydbkm)sA!59#D|aNZg;B*>CHJPYp{(4sdV|05%}-f#+-$_E8OhdlI>Gz$=HxD+V6p#Bh>9@&xtE*l^!8yr<^^J^d3A?TLt?c_}8l z_ky*`h|N*BSX_EYt83zIQ0j1P;>fng0l_5Tq4lf=gwQp)C)?17F6JzPID%XvZ~{Sm zH<5&Mh_B8FlB)}z_>v2}sFg>&1Kv6SCtSNz%ezyni>g6h0PZ^(G#?6SNo=DBbdppT zjLSj{;v$tZ;bdRn;Nho*mWXhrIy(v5c-J0(8I-G@Uyki(+w1_qGj0#fLGb{4%)c*l zNExNmL#2rUDE#ajjj=`M(1OuA*4fUyo6taqzxv4)=8Cd=Pbz@SwTWx8E4u7%;KVA> zd^b>g5z)Ov0@&V02c_h6mypbUGa{(#3UM4V)=1duXVLU$mO6}4P*%( zJB|X@m(Ubw^?#S%cRGVlVP5V<0X?ONpH#jX1Ck9=TUc*GF6`?K@p83zOy^=i9fAV5 zPX+~CDmY~J1{SJdc&S;$nrFs}^Ju!u#-J>9s(VRpI$^_VVxukocaYLelmJ z+RT>V8fMH{b*L2tRy5dnox%^%LJQ%`VVVxrZ73#_s$=*mj33bkKH3nUrpD*yUtHC^ z@0k+D0Wt~Lz9R;S@xU@K1MQCtkek8u@Qb2r;?bs4F8S)M-K!xDaX6h-TGlinBmGrE zXMX~?nA|gi5CSmN0m}h79Sd+f!vZi{& z2IJk|hb60#z$zQkLC+arlAz>|*DAME=5nPO*3`l((uMMmRYlQ*D?&e5==b!22@G^< zO!biO4mWgBdot%*K(cPv`8KOkUc@q{`y$B6?(tku|3=_fW(#;Ozr~MhO55`zzZL$3 zx>d(`Ktvf}0T~~ABQ!EWFB}lh)K^mt)8A!2_!XxYw3(&_g)@+K0+@EarvLjvkIMd- z$;vBbWFH@2`0Qx8kS(i`LB>&8WUy57Da^UN+0aWq*^U@M0sQRwr7L`8q=v=w=|2*5 z>D3g>L*;G7kIz9Z-Tre0f7roMahXcM3+fpqf!ZIG2Z+>v$UtP54Q181&ve1^4G8QT zz4lI?2?M~#aG=3?*v4_(tR7HBHe=8tk_))H(P2b_Mf^a*!S@w*9^OGdzsE@-s`YDu z?3N@p+L+Fc2i?a2YK3W3xZQ>9^b+q>N3rHcTIyu&=8h7|*4xSMWWcpJ6nFlpAJz{z z+cnwl3FL3Gh0Gqj4jU3hqQuT@b+jd}HtjBnB)~_AdC`2Q*>znzI7+kHH8YG@}5O zkpfuplcomv(ux4~*V5$)mVpt4XuLE(5S#g2Qzg0y|BFW*w8kOkiEAunaPFB}Nv1i%*z=KzFLnn^HqBY)8UR8p(=eRa8a=2~!k5HJ!Nn zFbh3QeFp7WkbFhCRbKqDoCJz*vpGSehGT!?0v0}l&K}m`7Dz8B#bWL+NQc08td5gL zfgbBg3$xj~3Etm$D@7H2U^<*csnWn65c)PyVX^ucv9DQP+?V&;y(teEZQ*5fpqCN4~KT79|~G|N8&1 z_1Ph-?WEgs?XWgg}Pxb?EQ?~M!p zWCWUK^_&T)Bn&v9h5<}UL!~52dZ~RE4x68C&Kg*EO=x^lghMxLFPW`NP73`~GW(bHcY(u|&d;iMNH`sJS`7S=oF_Cp07KUO(sE z9V%M*9B~XA)I<9a60a*JK)V9Jj%K*~BBGv*7}yDNDO~I`r=HOwtOu(tG;%Lonfx`r zS0S{7pN)f+$1>H<;_P{q(zM(OWn9C97g`5AeolRM3ts8HU&^TXDNeoVl@!h;c~5{4 z$Sx^Y>Lo3naJu-WBso(d&~E%Jn6KE~;&fEdBFJsK#u5%nkHn+N9(1I`I@1>QLBX-0 z9n~zzYlBT%te%8!gE0aP_qP>`EN#;XZ%WNW2It6J(#h6P zEdh69P>5w&NH1n!rh#S!(<*7G2RBR^L^_g_3^et88x21n2~P!6B}N1h=oM|gS0|R} zcSS#3(8i$5KO8Iv%@|eg%p4Vq=KvkJJy)j{z+5em2GFyEys(46szvi1o#5``RtN@d zxgR`st>7%t8Tm(Q^`~oNbB<14l)3ZC0lct(I6Td~3V@s0G-x_B5o`_4-(kD#Ac{3} zpd4db;ksB$K2<{x zSX`&hi5{vOc6R87Tf_qXyCFuAV7CtDTGXiH+9&3HukFhjJK60Djy!gl1bms81Wzgs zh{~8L4VRMxf={v!-Jx}Q5r?cPwF&r|`XJefwOu)fu=((CffKU|0$c?yQ(7#8_SGe| zBpv5NAZetJ)TQz4E#x`UkFt7-{vyKz21TSm-^}8w202#OR_>fz9aj`kgmo{Xf&4mV zF}hC5?OkGc$o+DTv@A$4p-OMPjOQs=qh>5=O;*ouQut0wuvrkcb2p{+OmkiBmnxO? zo!ys$?=uAw*~Qsx>_)DaRzYntg{MO7@}l9?6KgBjbVLH#_Yoeht2Qa?{kB&`^&H+L z%Op}V7&RjIpo60WmMAinmjeYSU3B4>%-&a87j)umS&L%V^M?zbvJ$O0oF05f2Q>;p z-#RGrECJ^kbEe!St9tWw%39~YTq|x%5@Bk4{}-`&5};VRRt*g{A5`sWMC&p>p&gQ@ zIir0|S`@mfRw%tTA;VZjb10%OpMs6R>Y*T#nJDuY_|m4dXtDsr_S z*i0N#G`tf|qN7MFyHsDU2@*+AeCrHS9;)&q{j|U65(G3ppW6Tuc&xtMnNkL_`FJ?E z4gw2~E3T%OTzb`LQW1@k>4Z5cD7utck5h1Q>tIW8*TLN1bH|R!J@~ok)%?igLwZh= zi<`%M!xGZF#*AZ|VCv%yN~aZsoBZeR`Mw|M)t~Z0 zEt~q+%T6|Hb}G~*;Z;ftf!kD&`CBCKwSFv62}u&(w(`;|hu#qpqa%d~biKOMe~2{u zOpyJEund7ib*I=&9|9W1mI6&_fs(N@G++yaAbll>grF?t0JP0*n+$mta7cIl9{oI( zOEcN0OJr2KchhGrpWYQrQXnw(n-%!OGSPHY)GKL9ZTQFMo3(~CWFhDFp* zGAR|KWB_UkDJWdvLbD=2X6YqKO;yO(UjV3OUMuAuT%?pkHG#r$rq((&NjvwpF|d|g zYno2j@wL?Y_Cwg^AQ5&V#nW?HCUja7=cW`4`oi&&j050PPsRnM2AIDVXtrh*jlGQ( zA2Q>ZHvq&QpGK@4z9a-qE%XKDWJz0et*MQ(8|=3k&ElvLDDqGr9d0u2#>31mToP21C=pt5YIh#+S zS%5JqYjf-pO~HoK=~v&x8xOMj>eIUF#Onm*)cU9as|ZaX#8yz_spQxR#^yQnHb=x`GV z@jH7cHK21Ffd8FUh}ohi}1+>zZ#mv=l9E`j{zq22OuUR`zg`J(MQTM-b^f zRKIll(dE!T$)TIn~0fqBLx4c9%3ix|4Xr#Nw z6S5@U(i0tr^o*xJ9G#vvT+$niX^@^Ohgk_P{tZ-XS}z1Yz@h5OG!j)B?1DK>cKOhAb&U4#e6x8=+jDt$K^ z92cEoaXp(-bxHyAaXGT9>QD$I0oEEsI4#ofJ zwmBT;!@nn!!jDd41c1>(uMQ|X@J4Jt4gvg!A7pXTgWS$Hhf*h}%=y!R4H;qE8Z~aXbxX;B`UR8QuV>`*R(fI9lbK;D?|sLqzqN zBAv)KQ!TWws|!zZKg?Lj$L255^GHzA0r!xPfcMBRs^VZjBLel8sY;3@xD!W%JA=W@ zxW~Y8vg}2aat&7Ivu7kpcJX}hTBaW~q5lGqrBWwpwd$|rfmO=p0#$_+{ zl;Q*{2Q)0|m8J_uACMe_dVuT>Yw6|OsY&3G!agKN*P)*})gg|vDHRPjy1L!|(vs>U z7yE;mX7Dj75_lG;>}pUF)XLyUm7JCx`nKxCjS@IiOoI1g{fC3e^(t@(MvNu=!=fAC z^Cbzb)R^T_#xsUy%IlvSnJ!^TT14{NR`)`wnG{CoB`?=_@r06oL%4CTNj$5&REP8W zSbvx~ZdZ&P1sJER+nbwz+RKv`70$3(SvmHwUvb4z7V;s0NPyXUlmIPh3-}Q(TtV@W z?m*P?>@{!EGWPX6R!4#Mqy9I+PnFt%9rvibLEK(o?`NmQkIntv`7PPfj%fiz!c|e*PytyjTic-xim6p8qB0% zn1LNgqcE2|+^{YoMx)fLk4s)c+3}5Q35%Jc_y7>njG`;D1@%$cUUOlO`mAUik9akd zC+!ocPNZBu3I1lr5^=nb4Sg01w%0IDk$rUHw8^tPI)w>n7cW4FBZ89#AbT(z!_zzS zHQ@HgQG!)g_&RhUtEfFEQ}4F!NU>;FYZ55Z4*5Cez{d~Ya?Wq{+t5$}JsNgQ^@s=ip0I;G*fq81Varl0r| z83*%6y*&e4CAWnp73M9|CREG-Hs4htYFH7_AVLSc!I>zlnT6nIivjdJkc86V8iY;Q zB@b;xvD+L=C#3^u@>`_3qGA zIzOvO8L&QaK1O=Rr2C<)zFvMB-wV=FZRk*zN2H$?tm<_(D0BOJ<(YIlbKTj-6wZup zGN6QbJ}GVvTvGUX=)Grpy+c)6eGEa?LF>E3RP3Rv5INuyAbaot>g#|$IT~F04vPs| zeRo5#B(Jyj_Fdjg-lDQgcMnI(&F?}00uqRJRxGNnG}b^$&xjvRCA1s?v z5IKc71TIpj7Q2U@I%dAE%}{=`##lKh5)AKCD%-${&QSwynu44o*n?rmyH4bbw1mWFs&h(emi!FXEFgr@jb&8hWsWP*8&H*O(Q@grNhz zttw*`6_v$Ish~tHNP}Pp1}Xdk0s(*S02jOIkuC5b*Ddsr59hWDireOWf@da)T(vnc z!v}y5)dDeQwNw%%+5)!Zchd`mft}s>gBJgG)D(|mfVu!MhB|}LH0;=E#X-sQe*8|? z(S*1c%gF$|OwR{awBN!GtAI%uDW!<}eb7iJ`1ZQZHXG_Zt-gL+rT!&|;9M-Vg>l}b z1Rb?kAe0pgVj4tH!RZM2Z5abg?|wGH5Id>vZPIlJ%YqdZ2+b8jFoM>3hbz9nLfOpK z+GazD^oT7G8B`OzfdD~AGKDf&iQMJliI+vQ{K(hdD1sE4k$Z6rXFB4hc*Su_iX++t zg#9AyvunNDrZ+wPQe?UWplKx3dQcnys72XgdI9wiV+b6dAxIlF2C6Sat=|i!H_8&Y&3vGA!0`eSp;Doljd;4AgCex1G0y>jS;@SD zhS~vG0Ua#1fLyDI>)6!e#7TkEQWrM0y5F}|S7>Heo1jY)G=WGh(VH}t zxQ7XHMBv2j=f*!f+@x=dkk;)2T-Z&PpM_U;A|-@I^FRw(22=k01}9v3am+ck6wgF0 zTg2P+KD<3W>{i>TjNRe27{_p1R_`r`z8+{rk&eiXgHpoC)(NaH9tX?7Q4CNn#UgAA zf~zy3+)=PXb#kgJDcX}LFH|xZfQSO*ng`h32d%?D2&~#GtFbd*X-$xc@UOq&qyNaY zT_e_?Op=qaEruN@VbZJvFcHBkm@`K)TTNjV06eC3MW!A+%`Ak z7@t#&%*=vQA(1N7^U~1G;N7c0U~>eA%aHdlr8Z}xgu`Knts+|R`OW}tLMsjC5rA6} zq%q|~M4)!JX<~Gb1p$D41lEBP`)$>0c*t6I#nQE36rHOTZt=qwMDXX z$w9HJunbu9X=Ox9XDKVuld%_Q-~fvfa4Tti%5EhCBV^zOlO=2k=_giCT%zTw~ zdjU_;aV<#T2o>7NQLa7=NtYu{nD01R6`j)psi`lHNKoXb3{>297< z3%a;(X#@lTP<}r~BkMCq9&-gl*H|(w{t9E0%8aH^#uaIK)CFFhcFvz$E#}<|5ip@( zA|BKQ3V>uQU9tGnyyb%Dv=4M_5-}96>kZ8El_mqopN{~2m$RjZrn2>S1<5`tI{%eU z>rU8kYYUBU1;9BKCl@JgUANBZpv6#toXIgXNYstEE7;&9^mdnOElXdcJ0zY zK9oOaVOU-W33%)JD9b@Ptm2(;kq8+W7dx@9>fF?%U)j9bZZm>SApm3hU_qf~^aRB* zu*G1_j->%lIcAERyXi7_Hcrg=mBDcYX3`YQ66Hv1?} zr7p#ZmS`4g;5OwOVI=@PX5T$;Jo68z(ETav#tS=@kIB=&taa{UF+27kocfg0=B1-SCq5wGpPcJq2mn z4-AL1+bWMa zOawY13Qnl9UY$i>C*V9v+LLK{hAq}bB{K}AxwDj6MiBN?yP?~ZI_jeIB&DmxF)XTS zz)~RZllvidff>#0Bo1R&Gn;iMX#UC1LA5Ee=m{GqJPa_1aoG{(RsBWc5;#e*HGNyW zmpL-6gp4<|q=Ny4YY;53SZi2!ad^yAQr z!=xsKGB(poN_=s#E9kD(yEzNlS^tN62<;Lh*FYE+aGM{D$_|RLV^|+Qip_KVgahN( zbaw-Q)*yEUOQQ(sDnBx=Yiyo78(8`w*HgT$(zPHJ&>eMlyw*SEfGb18INyTh+uC@s zq7wcjS|^hrrbVl?NN!B|y84;zNLK-2X))&8s#RF&^{t^I#WlA-rQriS%9K(Mg=?If z#F3}SUxAJx`n|)VN`AL14!itiydtq7&cGSJ+6zrbO=xCkU#olO^rZ(W(nh;PIvA^& z$u3Z-2IDSpGPwG(eBo$uWz;8xgGnV{KZdiX)+U@%WTh+xkfphTkj&SWWg|*sh(P(AS+Ms{z6Wwt3DE^4EuSteD^NPb29n0Hh%F`npqR7AIa^ zxUFYMrgZhWC`60CxM2%*X16<_OK^wa5Xt~oZoFoG>te;i3`l%OV5om!aD1>bRFWri-KWDdL%ahi&h1A~3h9%Sb-s3oJ z5qLj(L3~`#k+GmA$G##aTV!}D$cgA^kc?^5hjD6TXU26E)z!3~P#RvFP6T;5#0LOA z=caf}E8U=fGO8P2#1;xF@DaIw2Jlfg_4({xk%p9E9&P zF5}A6oVJm7vf_>k7}X$jgT{2F9?h738Z)d={wX=e{ZA0zz<^%|{72UM#@$8)sM;-VUCv1M)OfFTG$MNFGkerN5d0)T0=V zRcifRn7Fm+TES`m$go~MgnqWNgpLazIng#XV_tWih+5_vfGr7tIXJMSb(%S-qPVKP z0(lRp_?U<$p-w%xmKmWvr+r_h|H}To`m=-^@x-+5IzMe-%!F1{Sp;Z4ws{8 z!%eyC@6BX#WJxQwKqxK92? zVJMp@`-PwS!#fq)cH6{@8g4Su67=>HNLGM$JWK^uku4?R#~AY+lZwIS=-<>*EV>EQc$>_3X_?UR#z)q%_Wa9w47pF>`8 zrPP&f3T#lxe<u$WQM?3SFStcbJ4bd)_1Cm zHh{;pD$EgeK-p2~N+yzFi$j{)o!65U)a^9Qk;ylQ^xHGhvTXp;twWa zEk=rTa%VmME>{_-iL|kH>=?P!a!syC9O4j39w2&FP@${M1o;D;XvTs=KaE5Q&bODF z4WRO!9UZ~Pk>*mTUI9E-lM$49N1T>jRouNjt$9byuJXdjedl9N#x#7M7AQDn9oGO? zhyk8>Hy(OypttP|+3&o0!*sE|W@~Z>n8O^Z9 znBXuVh0uheU;$YHMQfIxKK$6~2K*Jc$=L6Y+&tHPcRE-Hn9uZ6y zzT>@}_=yvr$F5zI9^v%OZ^(UJikF-*{q@_bV}y+t9Q}SDWJ&dl=OgP!rzwGox5@c= z)TvF-D!_iNKXb^6z#88sBvHyT!>;lG9fGi%KxKHtp3b>ziKE$fRKq3#ghcdCu$1i; zdkckGgNc|HBXGjgwQ&8?9lGER!(_v*)nQVrE_QpPZZhP9FjA1DpB{ubY~ATP`B_A+ zPJ$`Asa$_x4U4?1b?_a0GcZdJfq7)2$Mo1xT~gg{@VCZyQhV&dB^J2+n0%cHdqF{J zF&L-5kX@NgwN|z=VH>RfFF^M|)fnkKn6vmh^u*WE$?54NkzolSa{%`$C_tsja#GB9 z2i--qLjfBpubjGjfa2G|m^oRO%*ujwMVt^Vs9q=@h*OAX==(-b-{v&UNoJ6OQ*%ne`$Dl&)dB*tK z7J?>pRG?nW(Vyc?)|y8XVA5tWKvGy1lE9(a>a|B6HpFfjV|E3IDrB4F48fu=xZ^=Q zka&kV``nA&1xG}P)Im=mRB+V`R_Y|rU&w#euRr;mJO2ilXjqD8a#JLCrP`BF)$dL! z+?n&-MgOLEb!8&*8lxkh#rQ2ja{XJf3SRe#0&e-(hV9r5Bi!_jT1iaHol*|OP z&D3GdLT?pbL4&Rt;mcaH@so`67L{$I&EXM4zcb3;QZSv|r2 zm1z_rBtan98#wAiexzQ{mK~Y9PyI1kY~^#}B6U(M1Rny!rJM#v7KHU?$F}Y~Jn(mF zf9`@-WeVC(MP>O8`Fc%&(3w09V;*z`^kE8fA-2t%`E#X)%vwSePwW#Eb^`V=GX%GTe%F`mHrB=>fl;N1|l0SYfSwzU9utX_#jvi$E8^k%bWO#e+H8lICj}o=jy;Hl$W` zZ|drjGwVU?0is=Z1P^A!+T4vKOdooJ_iVZ0Op_#?EN>AMFeVzpA+3=qoEr{f;1K2= zG+l7cOfcy#BefeGr`_%=(5#AgccmBW^FhTiEi0ZBASF}=KPN5yTm+K2^|F&~XhjF@ z=#;MB4j&I7d3ptC``lI&RRsU6n?x5bnE-@4k%@7hYuUi<(fg2I^zLN4gc z6eTU>@mm)Hi5BrU13tL@C&+;E)A)sMGk&C;9=3~Sgcc3P$PqI!q;d2x%QLMp-8h); zYpf!s+@+`KUTB&llyiMLbHWr_&@sdUV+ve)qFwXCzC%7X*mpdN=h$r6>ptk;hCw6* z02L^vp(;RQ;dNn*tW2#n-z!DW^}#I5?j7s6AWs6o9IT^a06ejLP;iXcdbz!7d)?|S z?|P6l#-4rZDGsL7%^C-lok?*WVlag*u8=^>Fq8}>`qNc!E&B|;_|yK_b)s2HB3QeZ zP2)hay`ok?S}1wGXuk<|og=_}wCaymiC1BqgNHBWzH_RRegu^cfDc^U{tqQN<93yM zTSh`GP0Q9n`JX!73Mch+Up*YyutILn!FMn&DyVlXQx2k3U62%VtAo#~1P4TBy3~Qx z(>Rk1`v*23vYgBiq5?YPRR8qsAi_neee1lQt4W3N02a)qJ@6v{Y?eVviDIUnmb(y1 zkkH4Ky*g0kcP~n@(*iia1Jz$3V{PxWj-Nu=+OfO(+bZ`8+PJm8+&#|mNnbonO(;4F zqMsPf{`(K#O6~5VQL40FQMf@csnx&;{wNLcrU7lZwj2uyN`_3C@1u-(Ath*W-61cK z4K}oTAhnS8TM0vLlrO3tGnj?#no%a~1+vF--QM!q zz%MK*$uI(42n-+>W84^W`hTPPrdWB-tDa+P>7djUwG?BwdqztLRz>f^U~eEHdoH&u zvL;GTmB;i!J_PXd2tZ+rdSV)QB^?s_HdQookg1p9d)Y|4@~_qsfx>i_|6Kk`8es~E z5*%YW*z(ptVkUjj>rl}vT0;ldh`HU%{G%{vEd)Xr3!_k6tf=pisSgOeb}FXvOJmU6 zWIA55kJkl&d+C2x9A~IV; zD4jZ@d>Wkihz86HCiJzJ z=cS%QFmbzpdy=lTCp&WuRjCVyDcSS<$2!w*s|*mwrGKB~hiX+iH5Bia=5;ule{(su zuWM3oITzUe=7eUB$L!h&UH`o!bEnf& zD>DX<5eQd82N4Q!?90F^?)~+|Ei=Vdo9Fkwev%{MWU9PsY;HONUQ6d;-^IHb5U8SJ?m-8G2-2A$drPS0kDC4OIA6J_9W(D_m9Dp7q$va;AV^=Mz)AwG ziz7}QHbPa!k>k?qwS4Np4kY14p~ZU)Cq6X#fabv71h}EHhC1*hnY^~mblsaTF0OTy z)zM?vaakGsG8AukObj>)L1S#&+!wOLIypO*>%nTBPYikQ>uu}0%i7qg%yOi-?JDEw zAn1fZHi_IfH)K_&BD}@fIgcmFb88P1U0g2dw)JLBBqxKI6r7$=NGwcKA8Z*PHA`LU-pN@-eR+qkBlHpiWHD2R|AH(035iLDvlx z-oH*Fgu~Ptyg`H3XV!OvcjId7g*JE(V>jq2;^5O)ye~v>0D!z-Xm&eff>M;myslnb z&Kzx_WEO$H%>#t>6B;7x&jleL1?}@X>cM>gSNS>t;|7PSw6wWu{KL-yp`3d1+QOLM zXA_4D#6JzTeg#!abT{z41R~_VtbkU@5c0V6OT`aWs#1yD2UYXu$=>HJ-g*~#SB_aJmOhY!xzAd>K+mD_t#fkMWErKZ;#Rms!Wg?7GfbOn9xbZrf5|6JL zGZ7oTz&g?bXrO3l$jEB>1Ocq%r9ZEAS^dQdNZOF~fpTne^ zbw2#ID%Z!HtHlb?aHbQX2mkla!^&{Q3aoEeS9Jsrs-BXex)dJE7KlyJ5`bq=6Cl_T zgyKNU&5~JNqxA2^Oq!m!7J6ud0|v-phyzeVm4j~)^e;m&2L#*xNDoWxSqfZ!@<99~ zk)Jl~!qH`xgXpjf5nRGL;wnllPC2k9i`3x_B(;%8zvi_}jfBIVInWE%PeO>u_-DqgG^;>sa9G%L;xWALn

    sC|#D2kZ`9-Mg%R55@YI$N$Qc~xNazT2BFrn0}f>8JGpUbhV5{Ab&mdyw`C+YSbL6BC~h zo7TZ7h&L#Lb#80wdO^7^TQCAb>*fh z!WGy_ONm~$y*n}&xZ7cmOAqt$njcpTSSg`Jb0-GeRhsM28?|D=hJgHdTx|6OQ~8hy z^WY-5ndOGG@;>{y)pRxhMxT?Bys1w_?}o9*s_h90X*G@B!`%8(gjG+lQ+eav;w*;- zWh&9GxP2sQ0EB-mkWJ^m4OHg%5#X{iilcIe34WJowkHEo@TaJ65Qz19oyxKr&_>*Y zuzxbLHkd;U6~M#@(4xp@VGO_Qj;WU($Dw^8qkb%f_@bir*$TSfLAv9ln5gfoG@&l| zx8PEjf*)|9OWS(2&oXKl!cQR>S0K_cGA#N*313Ltrz<9l`75$E2xVb~u5IclY1?L=zv5wlOHx2PCGsxsRXuRwvcA9<0SSKL}tOLYT znpD@aqGkva1keYdg%)^1-jMbe`V?n5BO-7>X}u)IHm|+1@r{=;po`aiq-Blgp#OwEUnhIt z6nd{U=h`RP+T@@U(i75~=UOTGNkzp)F&9O8=psPV4$61;K?!8U&Rf&~%Mxln_ifdq zP#EcdqIPMv&wv7Yu9hHP0Tf`qf#YOm1k}k$*x#Bbi9_A6j8Opq2Q5NB9!CSv6OlK9 z9nS+6PpF~DX3Qwz`B84+Oa|=KMH7GAkfR-RI6AQ$jpTHV5nP+jGBz`C; zhD&EcWGf_9!h&|ZSa!R!eaHTcSA1vZ@fMDUSH?%0Gc1_jXAVxn&EWzh%($*ED4;IX*dXag(C;L*aRE`SCi~C^H^=H;t|W4EOxViI+aHP=^LV}k22e{zE2+) zf}aOLjuTV_8RUpS6D(8@cwqrIk+t@Ii`!$>kuNMJM&K$n8%((4OBU5jvB<^%jw}F~ z%zXBbgv%}txUB;<3q^ictG17he7{T(3Bbzef%S|dGX)G`hTTT<=Kp429 zodKR200oM$DXC?kqx=}j!>p68{$ktQ*y8eIcyb8DfsoN4&~%ggWxJioW8!AzHH4jG z=6eC^mxg>%aK%>Ol8Leeem)K2^7R!Zkg2<#f*G-I)77v9`z1d2OIQ+oT?9M&2G2up ziJjz8e8B~P1;9fN@+c60L(2>pJgok)M5kbTTyM{qd36%yb3iN94lLwI!2vmE^=(y~ z-M3ZW!&xG@V{1C;{AQWPH#_`+KR|*S3&@FF5nov?cm^ zIPfpat_VCacb0aE%p0NqN?s-h;FE^Ds$JNV$U zLIal`y66UCD259gD(Bgluc3?P&a;$cA3(#sd9R>C^~yP0G#i(8 zO)X}ug+v4?rXG9f#j_!jPVTvY0E-WbowMj*dZc+B{LYPhR*c-G!GGREw!3-Ed}n^^ zAK{ic7>uG>n+I?q(6(TnhQQS`f+>Z1Z|%T_<6ty#Uqr1mDzRgzO^5a!(%<6L`~Hep z-=GDQ)a;?eigNHN(_Jq0*DF05lMnTN>NG=r)kq54qOrFCFPUc-<%5tHD{4XZ1QSt< zy5iU_~ zpZvCJvtw8uemM~ASTwAB2f|igJTJ+=lJ1#cHk7k$xGqq=CLz=h%6JTrhbz)^h#Bw5 znp}XFGu+_0P~#x@)l#qg$ROTJBTEbc_F$aCsX_V;aK1o^fFiU);5@7Upi(c0jNc(M zjp}R&Hv&zBK#J{#H7EsdjKZOZEG+L6c-)^))IML-d8gvAHN5a++KP*$WrK|lI^AVV zG4_XXyWrEW2v<@j9J6CQuw8>~(|2Y-w>AT57>HAWI@E#h3Al-$xRwNr&gcfE+9EQ# zd1^)$2`b&5KxNRaY-K}i0~8A{ZADu)rB=BP!+dir*;42YJemjbO*f;_bg7mprSH*h!>W?$4Z{zpj`!A zIR~hAq}uRE5Sg{%cFTx;2b!_I;&k6x>8aX^si{GtJP(J4kUQWxyI_l(!9nQUh9L~( zx9Rh(taL&`is#w6I4>#G`zVtLj450ssED9Lu-0iv&P*2M-|kDFXsZx3mO4U;&I6^i zdP2s8vPB9vFvry%M?@z)sR0k6GcXH?A_L4dGlnE=zCRvQ9~R4@6V+uU z@W_stCl2^v`Wi&~hFNYoxu7)JjbGm5dH@`AWx+ZR6y0-d`6l%rzOC8=33XeY z-zoeTtz=Q=-po2l5?>$lM_bYo5HWCa>de)gw;~WtIMUK-U_+qTc`UQxr5kRK47+w0 z(N=e9Bk#m8=}G@yB+qeSv~U)Rb&2;HhV5tY?ZTn7<^pU3$PwXWvBc!BWJNy5MxwST$ab84MQ642rMk! zi5^4jKL_iyUTC-hJV7bXzKd_xSE!GETlGgSb+Yd!wE?OlytFD{TVQAKDJICrU>EAa z%c8an=6tRzW7r9(8+bt!3))ZciXa+=Q$bQZNR>aoRK!#S;nZTsm>V@k{%|%A<;0`n zohvGyF+GdB+)xRZZNpMmm#Y=0W@59l5y5H^QUyT~n3&Nn{Ut z8u&NK!UAmnuIA7qZ-N9;*X9{_T9t_j#Q?apkrlwkzvX6}TNmn9qNbG4g_tr)!1g0} z(^L4OElU~eNjO5dU_sib+3 zMiS8a&axC-sLe<=F?7oXNPJ}pcKv8fpV#v6M>sEFrzC-Zk559xsWUJv-%JZV+{R)n zO$3M;x-T3&nLH&A(g^&n#v<{(b~NZD;D=Zf9pzX0J!PARIHrDGUhuvJnvs4eTr6t2 zcwDfp^W_l6VmzoXLW|Y0us%W-@oiNez#SMoaBC3S1lr=(MSr^AY!f8{b&FcfI}7mK zIxqFXIB~N=2m~k$a6`!ecR;!%G~pwO!61~S3AuT-%wV&;w%o)CGL6_#m*ut@G zMH7RL7}8T{V4j1Z3kbMWV~nXE2)Eut;!|JZ#S}CB!I%>WBSwvY`y6EielTUqC|l~~ zl;E1OW~NGxvZ-jx&Pt-09T#GA9Z5|0C@?gEAd3R(a!^}(aV`L}Q)m_Pum#H+TXu(L zaSnq>hhh4M?R^VLSpbRv0wh=+hF?s5K&qWub~7+_^ljje zfH^fnHk)nt}l*tdm@QM^>RAMj6uefK?QFNNYL3x zYi6cHFPg*00#6yTdNB`z0~0GMVqvP8fPEa{l-pAs~oaI`! z+$sPWkGC;4(r{)YUrQD@SDy(nt6AO}ZV-6}1-1cf>%c^U_Rsd58h`9Xa#H?bc0Zi} zqC69u@u3 z=-TF~auo-=ZF7xD?@NwVyN7w3>6~YHX76|rGi>8Mq8f1YiQoH!l2jpIY2JyzhZH%S z>#MKqzh{FelXHsck;T|Y9g*naKe#*Z_x!Bp=lc9>qwl!S8B6C3i=lZs_J}LK5QihEU#kr6IJUpu~`|2OhDLI7F8;@8MmVRTxWXA7JtF{a?>mGw;hM+ z829_DrN{M?qVB)VtmxQuZuwyB+;H@oIA&TekL$0927;juqyl~cWHfCUEBP;2n1FL4 zLc3r*25%)HWKGyT?K@6CAZMIYyHT9A_G}TmWBS&J_3ZknEgi+C&oRiy_@d9Iy7JZq}osWdbf5GIovPl+9)1ck$n})Wg2i}%*hSNG9KUH3TGNvBh z6J}ZhZ-YTPHU`)kM`rfNJ*W6--!;|G$*OtkO}emNM)`yYq`?=Qja%Ru+SlMewl$^DjMD!L8Cbz@kg_-fUT3sxHa_Y=HJIyaBN&+#`?WC?4I;*YI%Hd{JLWhFGQyiWmCW^YiCLH zVNF;gs^tNbAUL-{&H}HZFooIeRE>%mpd=Q9#?B{BAZUdokfvUPcMH|6jVuEx8oxXC&u)$ zhD(^vMfuT#fB!NXTDyc-Ke{z9?*9I5RvBtxYSmpL6#D5wsd89;hFeT zOf6#_tFT>9K(#KQU!w7i&?Qjd5k`RxF9VP}gNU^}3;$!6MUL|r@5z|gjrb$?xOHmr z-NU;kB{LVj{kU&D6Q%|`m01HMpX%F+)rG~e59F+%r|fK#3u}CblFs@JHKwxD#)5D0 zbXEP42v_M@$lalW+!47ifr>n=L3yRXHi~C`ksCg3ISAc%aUl&-#Nef3E9MzE>ww|{ zfZV?WexcS*yhz@}DmkYXQodvLA-jsL$nZbNZhgHp%j<=D99iDV#g~ z&d^D;e(DP0&VVhC0V?Y zOK}g=2e6xa$8(7OZ{h7p=>dzX_rMdU3bGS^7;|w2_K$=2PrfVA)2^!Ab@x<9sKvmP zTh+BG#`TUwcr`PvX?+RcTi_HG)#VvNmA=!r%}TF{n%#pt`24vgy7-{SaH8V2Gc@@Y zz1^4Rb2fBMOc1wzrCIKpZ5&Qn{p;*g?!)K4Q9UD~LpCwvzZ`aMKCqyq^u@VrDbDrR zvXUs6(?sLG? z;b4ekIsc!@{orD3Ymk1mBc;aeA$j}fLzb&;{~VP*j$@W4oIu6rhb$ZwxrwsTYeLFe z(Kinimlxwq-@nKta^8il@vG~SmTq=$9{INF3u-}o+)c8BaEknlQk6cdB41~Wm5ZRV ztGzDG8mtsB;}@~tx;Fg$|NlB_qg}u4B3$*}@H6tt>HqVJ=L5g}2LEdFf4>d-^sOs* zuK$1E2Yq1I0i#0)4F2yILI=H=DqkOT=~N-s@v^jeX1aIgjxjE<75$xR%PSMy=AV++ z;et-w+ZglviSKci-~aln(r=!7YPKgGt9`icq1tt|OEqitcCWs(arKsCA9ko`3mS~Z z9~*0oY`^}Dc;gYR*|)`Sy))!Ra^KXsskbgUE(INL3&M+jSw-Go3L64;HOOV%f0m*?_cd7{PvQ+ z?sPu-Pl4qff|i^21c z6@z>CX{o-xXWRdEe$wmj%!dE43Erhgd_K8zlOs0UT%>WzI3+Kll519nlN8zkS}@ zkDA{6t>4^hl8oCPU-i$l(Gp9b0-Dz9kJ~?_{`MOG{zL6-vVBtc+u*=sE?*9(y?yh>bEbf)sx@3OLH-(>V$j?MVXH}O9v>zzzB0VnSi53sV#5FaVxLX0 zUwWi#JtP7A@xQP&w?{V`>%8IKO|K!1g?@3DJa-$yym^~(=YCO6*4pp?=Qb4fY&P5c zS7%A0;mr2vxBJJ(ipO=voPQoq3^RF~vecvft@XD(`rOWMw<~_YmJ!cg z*L{HBrU>`U`|M)h+-Wx&uuXh<{_-zRZn;ea{5)N$qJo*cx&O^yY1?9tXS|AzF`4YI zl76Z>eoBw=i|mz+O>w4S=X4AG34hxY{_c$?8_i=46SsF>-E@A(R(k1+-`{LaxgPNH z;y!DY6UM3+ul&%@_|bQx=FXH03#MT#_rpE)dhQkV*{D_ozAg}J?j2oN zh28I2H`c5y`q?orjOCt5`e!G@_mV-w@H^A%lXz|W$7>2&tG@{Qw%A$JSAQ@{d7Sv{ z)Ww>n&(B(Z;O)}BweWjzc$(6GXRQM5XYZA?w2EICq`h3LcdVqSr(!lvXyb9L@4s74 z`lUX}dxl=mzQg|KnCLH8<*K6=!F%GKDSy66{%`KNyH)#6c>XD@`Zam){;*AgwV&?K zT5`{upE3P=%R`5J)klH&0OR%J!efSCZ*bi|{&z6EO*1C(p9}X(>tBR5RW4l)YdY@X zbA9W(vyWcAEX`?H-{9oxsB-0YBtTY&XW!`b3qV0z}8~;8- zJ?HupEz#!E&lwbxz4SlGI~q2h95wvN^LqKa!;UuIk;66*O~wbVUQ-;|E~>;m4btV+ z`;Pulx_4qCvNw9m*C01$h0=}PL&Yv9w$~cme|l+coOI(a+i<6j6-7RB{=0i9;Qi50 z!dEk#zrRab|MR9#K|8*G_u=;~tCT~|?cOHTnETJKwnx`>y?AzG^}OKw@1J-k{4{pa zC75o$1G8ON+1K=H!tnIdzlPlh_f4;#cHQz|&&&U`?JRFkKWDeL{jpi!sc(T-6Q7%@qYH9}b@-SCXvbRPH}~vB>Om zcVQkUxJf*Xh-NG=dpur(+)Bor9f12L`k(BahT17O(UBZ>{yfxf>1x{1GWC z)Hke4GF4V-8mNfzkvy>);9^{rm7GJ@Kft(Dy^2&HIOloCW%9ud-OwW!bzMw-W7CI% zqt}P+I2(cz^kT{_sJM#n4z~V>ePAPPaPz(Ybq6<$y419LwLCw&C+x*8yVdR|H0|zg z-bH-zhr#a*^u6eqqrN*!9=!7%plPKhe4m=N=l<_u1>bLJxsbK-{9dn&zifK-uL)l?f)>rt|Ms@Ao z-CuvZHZ~CweI36IzpdF>0B;TdO^V-mZ3h0^BlWFWH51tN-EL|JOW+toe{5)<^ zi3Bj)b1XF1y_V6}!~Pm|VXiS!69s3ZitVzDM*xER?SK!uBy zMKv+Bf5(A7!V-MoUB za#gd$m%4%$03tqTIvR5?qNDe(cPn18@G&yE2q(R0E~g`(lLa&&Hv;w7>lH2|>PXQ3 z5a~@1xN_;6a|LP+0jN+{Yzt5Tvg<>wEN;Nc*M7qS+#O5NPUy zzg>M<$S^aQC^4n^T_WqI(wI0oR+%jtmmKnwC*7cjW3xGfXiE0M6k{?FEM<~`WSLSy zzl+m%zit64`TPP^J%N(T$xCJ+S+IlM{TNRmP=C;$%p<8g33l-L=|)jAR4~llp1*bQ zm>nJH)xd1RhX(!T;Uk18RJdS>9TNh5mzI$$>KCkz)HjH7n7uT5dvy5}#eM!bZ%P04 zXw&juWA=Kw!GAJz^p05lC+p4Q_||pv6E(5}bZ{2FGvS*FHN1>Kp`(a4GwWGyAQZj?OjmoJU(AeX3yrHyg zjr-{}qf^_FQbhdS72;5r3J*iyJ?xRHPVa?waZqe;w&@8!rT_$>)yJ5Ms*y((JgTyRPArITHZApIxmF|0|>{fyg*~qJTbG2hcHm|c!k;-e+VG@HM z=_NGx*yJjL-GgG>eR<1JPLvc`l!q%FV4*cGw<3|7KUhN)$|%c#4O-oK58MaV!3b1U zA7ee+cpN6g-#0uMvnX9up^O9PKLV;Xr(S6aB1F;!ZHg7?-!0IdNgxgVLt_+(WGPl; z+m*&OajMylD@GbdM8GbiN80sBJM9{Ub8@v(UYY>=+1Z|)$I64fReS?TUGv}ODKL+&U-2qFUregbUpU=Hbz=t} zw<&Q!8l+tuAixyGxmtd?tNZxS9|apoObe2ncL=Q5W(2#`#VE)q@!Y`AA}U({a8X86 zhL+&c@k30T0M3FLQ_ke;zLjhjgA8A*sE4p-t|< zZSkfgdHDH8X%q^wT9T{kn#W~OUa8!#_Ave$>wwgXQPrp&wSO1k1~cpq6)!WILN1&+>1clEfA$4bW5f z8?V}^1F?18g6uCk(`%-u5~R@A*Jdg(36h2O$1E#AMYZNiu)q=ePK8h?IvN~O!!Bqr zuu(Bag$yh=I@5WR|DoOh%f=;V8mHDepJ|* z-*5sQ9OPlbr!WC6IpGyJWaqLk8h_{$mexq6yByZBj}FM(+ELrqf#KDE8+2{ru(sud zu_>vDd;?ko$^k<|3m_F?SYeS11&Y8721!-EqICZN_XxA7*csr5H>Mw>foK29_jU;? zS22~rYt(bb-`Q-m{Lt>C;Z#&8JA7BUUQ_XLAtJUYE8!xWo#J(9l>WMoYzQ<4#0H8K zD6&KObyQ<@q$(xcXw+~OR(~t_AX9hWI!I^>vv~Q5AVmfL0p+;(PU*(J5m|K6Nz?_V z)T}+uL9Zo|7-gr_j#qW!t+<_kcF3S+My?zeABhiH>=J1xQ4r#i?8o)dwSUfKfu8fecXAl?O2yMg8d1V!i=`Hj3!#|MFd7 zNj#mpe{^J=upIF5+d}01&W7FGvANiPMc@i?R3fSe<~qM61~npYT!Nz>Vgz52U;>qx zG0-2hZ9&y=LNk`4o~+nWfwp4M9yjpVxe3Y8OeZa*Dqd}I0o2K z5L7bn9W#L%MPtHi7^LZ)>wCu33uZLvN3TIU8#+@-76N))7F}Mf{f0$y8}i16#O<4b zF$Y)B?Pv?pFAdxP5OL7wbR>O^BN;KUuI;dJ_{3GH0b>PIwx_Pfc|BjUGajfj^lp4= zaI*gQF%uBGV==ls+{QtMs3I(N|4hUDLycFp^h(0u_s4I34n zy0M>_!G?u+G6!#XelyVvkV3bA=6mCl?T?tWsVFW%I<;0bHd&#`m1Q6!b$g~e!UUEO#*}N z_O%Qny_m1=`9%aZ$Gk8W7KfepIrOsk zuQ14^&+WCrqX#T*;09z8r%})=#!bM68v?^d-H@e zd6_aWvZ-r`BXw}wmdLnUCi8w#XUoP)vA$3)ho>g<3K-iNZN&5l`vj zxB0Y}l8?m1Vu8z; zFs&<9%NbS=0zJtxcEfP3SMrGR{1!{YKZo}31yL`u`Y~sB_1xY9NHuiw`;mN9gz2n$ zo8-FQ&{=9YL0kA02g7>_t!DZ7i@^FD9^85l=CkbG7LNsFUyx(q?tS170E$p`xpM%J zY#C)^k^!=`EJ`4d#}FIi)(Bgy{1*87I1=A`@i|-qjWhaWI};fP^F#u>=S@xS#u|7A zudCxq#g=hvrNh^G3yb&aY!jjLstC+Ja0T>bnVG>q!m9l{GEG>iGM!@?k08*1+*D5R z9YZcuAB;Fvj=dp=|!w$=kT54VtDEMe>H4n7a99MlShCclXh7jHk?FN2aw_ptXqMJaZrR+JH>)MtWBBphHLpAI0 zIo#dR0*I{oO+jqch23BQ;&lX{Y2Lcc^0}$;bGnd=UyN2!{X{QpTAh?sZN2 zSe(m`I77eEv~0mPBT+n3Jht0!hU$H6t2K1_QC#IPuNe4Wn>#VYq}+u7ts4;x`ZhiXhWr35l6xrM|#Tsxp4*mC97;ypz7*S5e6DHSw=W9Cf$yGT`SwD zBs#~GtZ;4BEQ-KmPnOR>hz6%qnM~A(5(hvgMJq_K4=ORv4FAPi{oNZ?;^{7@_T8r} z-^r;&jQ03Y*Il`uFgjucGcN)ib?&HWgq>m&`4?G)6kU6`FWGteo+uv~^x~8s{|i?n z-WtUNR1?~WyrKLU7UnWtKT@xYW5)PtaXYAXdIHXX!gTJ~#09F2T^OD1Y1}FE((QC0 zTK%~6RyZ7ZKo}3^ZXK>2h^Gt$2PnUva}cD!6p-6t2?j`}Xj7+C=n(F=d|08&rF{dq ztukMq-KHlL2dX*>Lk{82ym%FG-4Wzi8rU+p174d!Naqwvlj>HzuT&t2{_kqF%>+bF zpAG^{qLcFa-xKCX8nHPVu>J2Kd+N-4Um0WI@zh;#-}p8ez#((L)8S0&kca^6GHs=A z=sao#)yTwnm0{%G`D{nJA_zVuc-&#Sf}B3_tUhjv%Xc(*&b7WBe!klL-T^PZR&MXw ze}C=Q^L`P#W@k8Xi47weclr*!jzWWYB)~Tz$_zYWTET@|OgkSBu4zp|)u&3kQP!;) z3#yu&GK83Rqu67H0@g6OfPw+WgX+2>;K3lXJxdi;D^}H8N>#zNt$tZh4AbkHi}X~p z$P;&Fg@3|P0qq|MUBZkC!c6zf0Wfuwf!eGeD1V%VS1$+iGF+A(yEb86wlc-%Zp=Tl z9}tS!e1EH%FH9fl6h{+`sW;mbDNEr!=g#7CyQmz#3@bOm*@wH=R|Pd2H&?Mw3s{0; z#01;*gE%&xt2d0o$EpV$t>h@8OGtC3A~{RkbyId(^bvl0ov_8M<#xI{bTy$*pWLXt>GzDLJ=0cImU>Msz0}hWzZ9LK5D%G+o^>n{C0~b9XU7NxpA%l*C zDo?pfP6iSOGk6bQx(STbxEZC(al726%V&4nb>n%xv8}nXi?i{39xaYy>2{|#8U9i% zj*dUDO|7;AHZWBV=StAt={3~Pydw9L!~8o*v63W$BD7LbiNOh~qf;n2nA>pCX*F;n zHv$9}k{>4as&wMsZP6|p9eKu_tKq@6mzTOWO(#tjirP+~+lqB;jJ73R1~JxG^kZ zX2PNb+}ZC>vdd#9M-m|5u#7hK?i{U3<;9X9P=k%y&Gx&euo#%U^PC05AX!#>Kq8Y-;Gii@dQna4SLk?Kn_x&IV2xVEPR?31KYHiE;sq94!76Jz zd^!LZsW{F(!c&x8AALF^d;I8;P?ev@e@ALfzcL-vEa_9_W5RH z7vJ%`^Vors3l2lTO#B`%oh!^#xv3`+WQVPfDiZ)<4ZsO#2QaVoJ zOgu{m#$*y&Nf^s-ia{En5PLmkh_|S33Yc=i)|RcTC|5dXZ@8qTmZNS(KAm<4@#mYQ zp0+wiC8L_HHO<$Ad6!E>669y!!C4`0(~Xz%X1xnk(&{w}Wi1TqHA!91YL^9~$O5pb zH#c zR)Etvfuf4tQdyYFZh@*y3;e(7yq|X2S!LCAIDhPc>rEJ=mew7NYj%0rh{{gp@uoY$ zaaDnZWrgA8-%L|#2v>r%#Fn%y5`L)r)!%~U>~zB>4bgfI+CNQ_2?HKLw_HWu z+E<*Tt%%7X3*`Auh+u>c8dDvR1uNoCnz<`Jc2EA${1``1Oz=%@FCR9Mc{N&i<%kNL+5uc*ckm zw+?e0QJIw1Z-Jfn(_qh zFyA=ZL>$@=@;Ru{^8(lU!&9^>-Xuq`(r^7wAY0NXS|bkadkU*dwRJ|GSh>uP?-%yS z^X`eW9>?Zh92nKONOS^X1G9BM%Igscex7jcmV`nhugt#p_bjKkJ-=aX+{6#`+?C%l zc|QktMz);6cI{@jyPL9F2wXZeKH_#@YWAEQ9N)ofUnLJW2M*ty<}{DbuLmf-(4t7T9QoB zF524 z-{nqkGZOmv!kwv>4IDMZFdwg$0!+l8I095SSLFrCSRi1AlLQ-i%a^Zt*0u2HMWhyviw2L|Xcve$EUGR^}yHuU#XQ=xjOV?1(c9|w09rWPY zlCqL0CMR)>4(Gk<-~Q>}jOJ@EbC=EK61hw=iOTx~QccM!llF} zo`!eTQLtd3k0gfH#v|rKS2lwdkKxSu#|1ieq|>!K=EVnNS!yHVE%QSCXSPJiNTl{r z>ehk{SG!C|wrn>fZS#^mc;b&DAK_d-zORqDBd5SZU#MyZtCK|>^$rQSaQKN3D-Uv^ z?B9AR!xeiG!SG(e-6xz{;Ffs@GGl_8$KR`I?Gs0&>YZ<}E7xWWfcH7~8l9H}I-_H7 z`gA;?>5ocf;B7=(d?R}qhF5uLI><$Uv1r_7lSLJkYqyP==R?FUykHNBrZu6{l- z@qyXe@cHO^so;*hSqaG&+)7>BWZV}|IYhhF+|m5fna>Kj?D=WPQX}i775TI2S;nea zV~3vqv%?MimG1*iPIN}^TeUdX^$L#mfW&Js6F5hQdZ98A8R!{kt`P(MFKT5fG6q~w zy?mE6lf=Bw?E*X@n|+4^PJfn1 z*`+ZmNN`$d-6A+8@}bS0SbpdS!)U#_U*$OqMp5R>9>30uS~8NS)yfE>)&207!Grnn z2kjPZ9tb*B7MN3k3nq_PpF0PsU>5pLhKMUFcJCd!FZYNDY`;K^Aov9tA~6!S!gayg z&=<%X6{%B*EgW_{StH28_c4&){b4V<65rAtpTgJs{7vuIyWx2id=zNW5(352 z4jXC=Iry&9c+E1?Q8n9fY$68(w{2yZRBnJ2$cT}NclpRdqu76%Z z^x2ovn%coTi~Fs17Uf=GirQ89<{SzvL?ISkc5k!s&9Bb9^d0+*rWh7*va>gFV4g4B zk%PSPD<1ITBbO93r>jgW1KSmte}WBG8F&t-{!oJEJye~3L=O=%^7Q?)KrnDUs%#QgfTh*q>tu*zA^7Mj}0_MW&DOu>D^f7$oS(EEKD1 zfVI!~wNVgWOMiST!QIuFqOG+Y;*u$L0{Ln=tt-JR*Yh@ktfVxbO4S_vj(9RQsZR$W z2+?#nr$G>-mI~bk(>)|6OBObJVdN;h+FfXc9TO?fWd&D0?vq)mw@9u#q7>NEXq$SG z&D!v)aqa54@%N{2sBDS>$v2S6&6`t-&d&?xYj~db-%Y$Ws9j{+;?2-rMPb$WkFU3z z7Z~(jH%U*nenS^WonW_x1-BUB9rcoIG~eZm?3if2D+!#5CSMf!Inwu?7W`t*)aJt2 z3kS*+A#(uG_scy(m5LSvtsnK4E~yNxp&ax6kl!-{nzGXy-jJ=dYU22&CSm5ckR!QF zUk7Tc7%N-(c(AA~4VapaAgiyr?EQ0vH&}1%J2EPLbhtU0VZJ9PTjq;!=7b;lkyx*H zD6BN?-O~Ub1|E$TMvZ%lyuhi2teN51(j%X&{cA02ob>TD-d+(|X{Yqs`kEojC#r@Q zVd#D=Mc0&lojVEV>;NH)U{Qf6vo9#AOW6_X$^3E&AxJR~8ZQbYSr<8X)XDnys+c=O zmiqS>V$>9Niy_0gwb49sS1(ghLU;3FuWa-8OgsKleC{VnHZon_ABfomt$%#KHCE2-@|b{~e(ltf+| zM@MbuIB0;vgZzm-62Ts>(Lu*%f04N*^dN~Bj6xz3=Qng|t{0J8s*ViS!7e#AlICXG zEHse~YXp`GsUgSga-)97V+ZL1*J-Vi9y+SFEzOe^MBRu*e3RYcIl?~{m%KSG1f`4# z#kaOE)d=avM9Qa6#;mhVqr7N;pZS#5sq_9cTkN%4Lz+@4^E{>Iex*ta`e;~cwHj2D z>$-}13XK^U-W;Ki*jagW`K{%SF+lDKlyom;7U+_QIX5tbqb`!dn1%rB{8k@Q|@ z+u%lqAyz_$C^cZSnEe=PZ|5r}yW;tlsrKLj_CP>t7PT#hp~TWV7(AAjK?BOOL-hs&iKPcONJXsn^O#Np&rsJXk6CdX^0M1xZp;Zy}yGNLAZ9S+37 zt&53w2MdMSkIu|K&cB#PG*x7ZV)B@18Ie8^p3?APNIZMr6y6{i*!($?w~I{~^LBz= zbg5qzEluPer?kg=BfQsj#50yk!jZ%cy&}c|Q5L+<1r7d!tnJL4>T|ovCf5Sz9O?TE zD-RePR(asA!fnr`{El;uSVbwnTR37BkCTu}j4`;I04^T`{ZMbsLdX4T1Dv|GVL151 zr8bk5qWQ`Vos2AXh$ygF&vg8Vo%siw;UHF#3k@i5?A*3MGzU2cLJTYba}bLh@Vx_2 zh^UmEpesnAm0uNKuLH*J(dvn(*dklM>DCgNC3#8PFmcaX_|C$SU}vUL(r-N z@zE{n1~#1|XY?mXhQ3`#G38HvEmwKRSY%~%KaT16ILdNbtUr_tz&PLyKaVp~;-g$w zW42p)heeoxa01;)_%~6BN9SR&Id;O71at@;3`e&# znIBgih(4g7l!WrO80OA2IQ{3CSS>@4rf3nNEhL$*Qq}*=9|?j^3xelYV*~ zM%mN4E*JNsI~Vuv7l{^57AS)iU5^YgI2h88@(gsqr7&`(W)y`9mTpPM)~{IDT6e%d zAqXdDmGleA51N*`3^;*CXWz{Xy^?jfW$-y7j6w`g|E{vuKPA1tAs8`zqEBei zOX?e-n}7zEUV30-`GUc*uzD4N|TiyN@VqI15XQ9^9MMq%Y{GYv5tv(Fj<% zF3tY`=|fMvHkJ1>b-%-Hzw0A*=y$xi_$=2+|` zLdX#qw{5<@%fRF(mB|WEI;%WhldyePn%8GkZ!gPsyUCno7KJ#yVKYpbSB#=1iZ!2a zqoWjL>J-a*(^`s2+6J8=I);2(*(r&3@wD?L^P^g{qhTIa*eu@ktabIhwy(*U1X;{I zS?o3Pv073Y8etZ)x456oIfiFsuY8i9r3`dm)9|lrVRH8JZxts zU4ps8R??NWM;y&f(opF?4N9^+w2&`ij6@sA6^!IaR1yD6o&fRXF6Z?+HSSU!g({S5 z-4SI4tOh=7tgjAYnR<94k&xOIO63}V4nemH_~c>_a)#;xW(C$8AcWU1^12E;r491< zn#z2&MputVNf;I=VdlAt2t)AYDj2~rQU=!eTtAEjer1mX`xZfQK9SLy- z6zG%D?SijlXopT2LBJcLGr)4`P@ef0?36#|;F0O67~eLJGE6tOl-RFpbT1HJ8T16a zJ)T?4Tj~R97s}Uczxd64n>RzB2x%gzxcxEw*ba)XGhVbm5{V_QD|VDj+L;R0ez#Y6 zs5|Rcs+XgQ_;TC&};b^=@{!^6h~{}E@HYeUU;t3t(;sdv z+sFcKbSG6^Gb-)r%p4mcX_6mB$_RDH7fA}mc+1GfU|f7~Z?W>XRpqLx&VEIibtRz6 z%G%PdN=t9`gr=&}h0b8qx_thv}c!pX|*d4j6v@iND9cov0|sd$cV z=Hx8pe4Bhy#&WpEHLRoCQo0{oS2dtho3FtF*CMI;t$QE!FBOZA~R#n6oJ>>!gi3P-4Sq zVrQ+gtFkT&9zs=BYitDWv-mLgP*{I4HpXPkzIn*X{!qB&z&aay|@*}j55&HvVCTN zS3Gh?_#Z-7wiPJ7LmBTTao2eyHKBG9Z1_q}3`^ltx=!Dk}zMTz_4?^=b2DuVA2 zKhtL*hOLBIKedc>APP?lJGBZGgees%k{Sj*w1D$9>7pvcEw$ha6PYOgpnSU1NEy(u zP7iUFvStFGCnPrswX2TWeAs2R$&TjYhHWh7vxQmG%7;F1alIt_3YH#utq{gUA7mdh z?CbscrC8w>iJf0*CLl{b&W)FK`ifEc(PCY{_j$PWNd*a8@aD|!5L^|hnsNwW=+~`R zc_|WG6Nsp1W0%M$n9v}Z@Gr6pbjiOLQ*-)C zl}u8fr)(W?b7T#Z%U1}{vJQ?}_#Ao@`GaCN8OI=uI;2Sc7J>L4<#A;`z%6qb8$KrU zE9{EZ=Z!k!V}AQL6!ze8w$ZkdwgdDfPvGnnYNiEOA5^i!z;V%R|EuH$wUnO0H1syu z44x}4h3|z6ca=*zZnkqVw-4gBwQG`*TGtdKL&~n3*VWaQRiLz8)6@*;c0^TabRV8X zbQ4!OuH6rgd#9+~e7fv>*gtrgd}6L<0r{mUu$kMFvzgKg6tb-o@y+w`)dPlhb^T46 z*0jmwW3jm4yU6TpnibGEIF%1kQH}8FG!O9UTf%%QzLsp^MlxMj!)>f>)w7 z-}1E@(B3bI)P6KR)H+h@Rwv32$ROt=$01Fq&S}XOBebAD$Su37P)XE#(J)Y*N%oZf z`iLpJwc`iUbwqs?x9RhIb%tfBa_r2y%#zG@;EDL) zve5{`M%?y_!d>6AS8vuK9W~ON-O|9_icsf&VuCpK?PU=~hWDNE3V{*#W!xkc3N497 zcouxFIf88MK4iU~*ECm*Cty}-Hn+2^C90!8%=8C_nGE0ZKLbTZiO!^u8)o~?qi%Yk zMCZqhL~OK|#I-Jz~*c8hv45AwU~vq zwUU9Y)4zwU4a}SfS^fw6gK5;v98=E*(m_RJYoeVrjX%0)K*BjZ~1 zc_H(ua~fvd6DRoE(6&KVqq8f5-qrQ1d}yx4?}OvTi+;J{$Ied_+gv=EWb*W=(ms>P z=Z3ScuP>wM%^zMB#Xn8Gc;qlXq1`?2dZ75#7gU{{n;%WkLTWogSTxL*2P+UmWzvEg zKRyAJ?arObU1J8(jY@!IiN;hxpj9*hU|nDYc@96wJ-9JwIBF=V?)WPh^=~lU=v!_# zKbC-9;BNhRdq8xdK{%>$c`TVhP-(mYusJcfKzEe#{)I6)AUNKCuYsjee9{60%b-X3 z--rH)X#jh(Ku!&FNFQslr_K|2Y_hwZIyeh1wA`kxshZ?C^J*yg_bRzEr;W^i(ppHiA1vkUDF zwslPMeQtIrzaxv!XUycLhUK6mK;@~Wq3qEh1s$D@9DTk$FOAL1cE0n}f&Swe_H%)8 z;eWMK=KtK8|6_^&?0h9>L%_d`Q`ynk z|88@9g<=vC64I+#7z50mzAW|2OE3^Jv9lAhf7vMuD+eJnGczF*BPSsXGdm$G!$0;# z__s#L!o)_%&hd5S{3`5Uh_CkFerAq;9Kb)QzjK+sQ0#xN|1RvT41}z#jQ?UyNXX2@ z{I7X`=l(5UE`sqNLY%CBr~Dhn%E0+A=$C~5RQ^izmp>Z=3n2?5+rMG#3><{)>|Z+k z*x3G&^{+(#n$PxyU}O51wqG**H_I<=Sih+M)$WViUt0eq zb~nUIZ@_3!oHw7&HCyE24q zEUf?KA^&eT{IxoNUGAxd(S^tN|m!JH9 zo!vjg{{b@+a{T`Sb~&N#ap#jhkB&K83y)jOSdxo}0*$TlNTeD~p#8~{MW6f{s!c>d zBP(l6Nuw&p{tP!lg_|fxk1ruCAY*wF5g~y@j5%n683H#VL7x>-881R}5~&4OB3V`j z6(Glhd)8k*)(64Uv?Z;qtdyx`{jgz50$XTXU0^etC3a%6bTPL);a z%~3?VPZz&p-i-U=9~j!$k1e&>`!v}NL^#bGV6IQlyFVf?cBsZ`*dWgL($}b#PYnUq zFpbndCjxAmdZkx#?Axi4WT~=R-K?l1OAy6t|6IAqGmFgglBJx0I72H*Fs3m<`@#4L zZhla%*`ug_`-4=KMLZm0x3gS(?Oq_mCftX0M%0sKAt>K z-MdKX;jGJ98e|B=MJ$IlRTLvDWv*rwhl$v4<~9cFXys9;BnqLwzGs0p2EfU{WJl-|G4#(~#5_zTM`%Bu&QAP570uvx+jW3e_o znLy1wB>%+Nnd`kG@2;bzCjGwV9BV{tO(PoS9I;(GE8mr^au|1vv;rQ)%oIFE! zsq`I{CcvwnY2+-Rza~>c6oWLPPYaY`Z1!Y#CKnS1<8wTI7X6|^wffemKdeH#X1+n5 zKFpYLrx1=Atw-{=g0_gCo?c=IsW#kq#kf4H)cXZt;}H;Ups|g{?t@iZySTpN0jgog z+AP_8l!5f(xSARhnB6JSqU*QZV~@m78YbdaC&-@!-;?+4Yw>U3`$r7*EABvD%G7O# zO(~J$W*t3@cxc&&Gix~Z1Z@Ok#l-?*<7{Y0taTIR``dn!6USLj-?~a87N1Cn2?+fv z%9WZ2f~gWHhKyhrYC&gf>~_QpUMEy00N%}|GtKog?Wu%v+RGJ@%EgmtWliTtWaF<# zj-@wlum;7;A&!@|LZu91DVp72am#ZA`LKv&8Dvp>?Z(a;%oSBZg?ZAz3kLo0BRKmx z7kCj$R0dlP7A;JZ=>Y~w1S3P%-+aW`4}7US!?IIw=vS%aK$U9+4hF%PA#PIshTc^O zWQ*x`8GSPCSs~&l@O$!k)A5({uDAeQJ*~2n8Uou5yg7-Sdp(4T!#od#>=oN7*p6z- z;*n+0Pfm-4R549T1Vw3!-2CO4i=60hyPQpTliKyf%@kZ1A`MOrPBTYkOt=I4!^A|N zOfF5povjQ&&Fd0Qz9F=!{^NySYPiJfHc>P(V?2fqvRh%w;% z16CC$q*_=#GL@D3{zN|r*YM@Im+RT{%WEiTPVySHE{NgDflUtI z?QKWaFkC*2&Qe3THm?=zT|M8*XK#$dykNQ_amGa=gkCH~+Y9I!{G^dNf^g2>b~|%S z=OBe*&YPtRmvuwQHFb)H zRP|u2{2p3Iq|Cv$YiI6rcRwD(l-h$cX9Hc?!dyS&H^G^r~ z+G9dgN!5Tdcm!js8dYW`)^Biq{BG_KWb4yyVgeYZ#hNQJ1fh??b|KM`IGcjPp?9J? z*A-W1kJC;?PE`agM-y~sfbJmFmK;@6uo*fiV#gNKHT<^Kb3uG&a#={T)IHJ!!e$-S z8RG)sYN)Xw=iU+qA|B%Jy%qKf3`x+BP{lzM;I_r~0#A7Y;J+Ys4{!rEjviV9FEk&~ zA0^l?ec0qYC{C#K>;-jX)wK5;V2RAiDKRuV1j|M$OM5)$Y=TvOQKy6Qa-_j~&>3)C zI5<4|8a(QD?n@_B6_H+|qr%XK>k5X@1mZQvdapxS zY#U5A1a2DqBTFoy_VLHtIv#cySV}Qr9`XB@04*q(CK%q{zFydX4?bWi5cI5jabIKI zq&i4ow<2;UTZ4DuAt$|2Tci{^np~4Hn~2kp#ofB}9arCn)N$(6?9E?p{`FLw7vUTB zF}m!4eTs8C-p`?N{xoN!OH-fw-r*U0EKeUBkQmLQ*^}FHDu6e0_?71j!)Noh1dd(i zp3M$v{KA3qDz+orGRF`m?{%K6tOT4}H+UFk7&y*`i$)*u zkj1)*oQw`q6($G+rM@}~EJy^Ziq`B;5V-N^3~keS!x}vwG1X4Qj)($36+VW9c;u=g z8&!C6O%l?>VWuKE7o^q|5Opfyl1^16GN=~5^{&YBM3`xl*52=G1)P56`;g8T#~o(7 zj!>LxE2E=QJhIKVb&LzWzK4*v?5-Qyc9gCsd?K@hPOnQ+ZowU1ux|us{0C-7VEzn{ z)By}+=8Lb?&^N|B_&eO5=v+T?E4zP}qct!pmx*y0U^A6cQ=FC=1bB#y-l_|0%a@>W zfq5uA6$+@AnvVfJRJH`y>Zyd}xgjRD`D!55;VQ3Oo&K(xY_ILCGIx?OOTW`$Xd!gU zb`w20ntx~R_wIYMI|ke1hkR)0nLcm;j7#!(6vx&pjP9q+@A_di$})>N8N32yh~t_x z$VH$@oahcoJ<>)|TsXMp#k*g|bsCW%JXXn28RpI&)>&bJ>O4#gGQ02NIFv5J0o&}XTG0rE%R_jd`!yp6{fYudy6$#3Oi}fMQy})Cg=AS6_NlyJrf8eW7%Y6A3G?JbYEnf0!rGW9tK$^v~ zjGQd=mLZrGW(p=(-_x*zCKuZGkuj&#%WuHCNJB~E>#0)AcEU|>Cv>#}aN@rC>h*zN-J3<|87*#i89Ow$ zgt4I;k^ayycKAta@y9-#6xn3KNi^pp?9QA+RP_P^o* zsH<=@j?k~?QdkwjWap_^ zfF^g_3+6K7efCj3Umg~iU6HRd82!50--TzO!>T2JY@ zL61Q*)RKS=D&>G-17<4VGL)uFfwjxH%4yyrMaa*OoU4=@@Y;spEp@C2*wPP90A(n@ zFjFfXd)Xgu0G|OY!?y9wzN;;@pyuJ0oX1;;vJpwBBu>{^gO@fGC$g3pArlzKP%4|g zR?%v8CAv&b6-1ffF{DfL!JN@0a9=XsG!)|`#?Y(?ch}PE?V!5MOQn8oO>7Xo+y8v7ZHU|MyV%eZp@8e&qbmzbIVz4Uo z5v;PFXK@;+KokB(FyS!+@TQR$T9?o{`4RZ4HH%rfUvvP&@_`PJ7!=*K*f=a7{0gt` z;dAf=d~k%;6q&*Ald%9ne-!_J`dVsVt^O{Qp( zoz1b;c3&v};yp}q1Eh`^0G)m_|0VtDB~9v{t6g}!Eq;di@YGcnTYfNoW9`6+_UPQv zz4e8s)iZs4tsNZfy5&@wBXc98jytiA9C!Ubk9^Affs70OY=~Rsq2dG3?*)(yAPNu% zunAosXA_|dqf5{a7=RdHukf7Z5$_w8R~*0tFdv}ZX&l%FqMs*VzZOh~Fn|#NxIZ5N z1JEQI^P>x3y!Zvf<2i_#Iol&2B*Kc#Wj#>*24JHJfNg$H`}~&rPF00VGBu82b5GN7 zcM_-Bq`xF?AL)LAX!AlP13KMAdqr0p%@69AF)8onb zm@f()NE>bCqDK?a6nik78Tf*tcCcvPqoCmPR&mytIXZ{Lo_fxdHf$5mG>pbyb$c5t z*|E(tdTQ2+uDq>~$%}73b1O5vfvHkhh?~Z`~Ay@xBIQsIR z!4d5r1n3XR@e{aw@*}oCl+}L#sDA+@2G&mi^r@MC%D?QNY>4eodGy}_678RW=ud>i z@P~Lz{~rj6>7Qr*9U=W89n=3ELi*IB|4>W+D??)c_rLy6X_fh(;xYYS$g2O9A;pZ? z1Tr9qK74uYp_vg4BJ^iL5|Wf4sy-CXe*>rromFH^v`2gOHYf-yv9U_OYTt1eF?KGC zxJPJj7MwrKo)P232`!C-pw+E|4CDaJ&+jDEsj;=f5UK6V5R3LUZUMaJfdR;Q&|vUj z?>^27LBpqbJVxQNrmK3Uv4opbv+S%E-w_NFRPg&{GxW5&m{cJCZLp(awrtWzbE2O= zHhPGN1m{~b8z%*hHSrYdet^LbXaxZuK6C>=u{YmHC71g2SBur0DARg`717M^LHbEZ zRu~N+T3~`dYE0#RAbuqez!e;Z#CswoTx7oF2M3dV6ZwGyDJknsz)?d(#$gYN*_~pH zeSSSZHqCH$$S3RWY?DD!9!u6VDvRA#xdNBy)j0s4bsX~vIsUR6CF7@@{%`Fl|6}s~ zF`53atmJ>3iGPbs7+L?g{C`F!zh!)uPl)gvb^Hb*OuzBT=P?`epUC0&5eo~)AEQ2D zz@HZF^fPwgy^Q*`VVZ#sVb8*Dfm)HL)FG9%3*#AXZ+AwEcM(L(V zqO86b!4j{afX#BIY;4&owIR$>$u}&uf6`|DS!$~J-1QtrB(834t@FOI)40jC!||MR z*2(tL53m6UetaJ;iC(GD3l87|#BXX0+jAHGrTjbOJFX72rdK)cmN*GFK&F(M z`bkR%+D7TkJo2FIkW`0SKFRzqa$*W?>-{VbS{enY&EYDBXnwyMXPMD`j z?jWDE{M0E=)m!_r18=svxV5}ndVtO82RUO-o1h=th^P9o)KqtsU07pV}q}PN)F~n6MoPTsQM2$Eknl7GM*;ix4!6 zIdWe6cKR>#EqjC1O*9;#aD7CiAT!-9WHaUhtpWNQPcvdO^W&BR8Qx zY`!%CH*Nvgbl)xdTa&0DR}c;*hLV*2l8i0KDJ*e_l<3>*wDW6f!~YpVO#BPhpvNO!l^FIr(8LzPZik=OGL3u1>b?W~mHDx&O!}Asv^q}1 z#POKY*vuZGx+;6GsaDyYFbDT>BBW;p<1)`&hE(nSD*I`(up=8>cDWTqPRONRNEh38 zvD%P*Yn<(`%dD+d5V<}~NdQ`)**O=4+QhZStitAaD+QbH)jCF6o3^$w2X!ioj*h1! zVaaTzueF^MHB=7nn-}!2KQ)gf$nRGjTtMH4jS3<=E5={T5fB$ORhn z&Ov*@PvkZu&&a6=j*KS(J6mG#QXP!lqmpiGL%{5tSz@e72c^!<-SqoKb-ZA!La{Hs9&Z^j&*-sNVK)Q>WF{!VDOr0|!SC!>*Sh7J4nx>8ELMXTmOUK?#<|2 zAWJldV1){3WER{e;>(;NcduY9GaHrIY_Rz@i~$&a@3FUm2XEmJo!|9!npZ^RrWLYM zv*9n))QI4?;U5CU9xpHc+#&JkzM*n-KKf%N;OIL_+5^>=(H!jAUSZH6EiN7EO5RrF zjiFQ5zz_o zgrKCIxd3+JW~Wi2uA(T~qx?0chY_7LWsMjPoxSy^1N*w}EPMLh233v4S9*Cy84$t6 zw)GX6$e9XQ`kQ`9#05JBb{=ci7!*Wa#Wq{cB`$bKC7fX=(cRIQWqQNwdT+&z*QM>M z7`7^=ZWnF%I*c`>Gbhj{;P&c~UOnKM_d-bMJ8A;Rpt0C)ga|t%-T-bJ~q_6aP>c#F(5ym$|3-2+v*d)tA^X`iy+akXl` zRi5o;5pM(B(J1KKi`~?$>raXt5j$aRKKBs!uyPvN6Mz=Wk!>^X!n;*u(|F37=(uYL z$JW5N{}SJGPI0Um!NL-oh|@*1u#Nb}4N(hoB;6xM;%|gZ1jD7_ESmNst3}VWO?Kkj z*Mq|1n8a~ZbWu53+BA}qZP6@B6c^I%sJ$M3D-VgMOC8$}P-%~Crv17OXT1&jhUak@ zw~)qBt6Dj>R=M2A$L|{;bs7wOj~ zfi-*PZOOsT!;Xl|rnDQZV@!}Q_O_h5s_U34x+z=>3PWb#XX~<0Gl#QRV2QyT-jjUasJx)O(W2yQ7H+Akt}w?^>aSZ<3-R;~*1~6&Z%KGcQ7x)$PFvY4>ps#ngD#^?9AR_ zpK}sQ4A1tyy+Z$HqA|mNt~q^)l{EJ?;(OFLX8f-3kr&2toAqD4NUaVzc@_sJckAf$ zKQqJ}zeIa}iPlhVH{mM$n%eXTR8t3P0Mwr}?4hFyhRg59#ccD`7 zrs-s=>-NJLyf~q`tM@j7z7_~lKId53NLiE-Go>&w50%+`7N^?usy*_~kyr}<*7b}= z!}~Jh33^6mW)0g{mHXwYhk9I(K_*$fB*=P=gO=D@*Fe&vd5zI%E2O5M_Iu3^GSROR zi& z^o(H+LOxzXQE3Oq1{vP*O;qIM?9+rXJlKK{?frfS<$JJX_-5g03bax-5E}QvC`IIEeQm&iSOQvPdpy1;C6WzkXI*erHzT z&W%ZSL~bQh-Pm)QbDf>7SRZmN!zig7MT;{M0^S#VH;U{lf6)fMPCH(KhimZhQhb_$ zJy}ki&2gVw3q@OJZ%cHfSX)nFEv?;0r?n_vZP(8_*_j_}t8Zy+D>Nt}N$eX4Hm^(3 z@>Jtjd>b@5xh6&2x~UCcA&P@v+gV>RQ){4UTT@F^GPZ@nFf~OGG z%N$%!4HhYj!ZCYY62kWNEe@`Hx@fxSw2JD1>dZ-! zJ3`zJ+Exk2?flujn)ed45cItNTP#vZ$Q1$iShod6CA%V2n3%kjA&!@$#MhSH5p`QT zN8`2|x3Pky@kOoS9i`~>vOcq!w8)c3@GmWQyGEJNW$(*rVI*`y7BX-scw0u{gUr>HMR;TZ<46|9?p9YN@2ecnmz8u zn%7+|D-KE$#Js}yJc4wG725OsaVQ+oOvQltrv%oM0)9jw&mhBc;g+=Lc9)=CNJo4X zcf=P75kG0lsB8KGYGZ>p=a(TpW+jHljyJhe4&9tR+3LM3Fy6(@cd^22IkHgif`4@Q z`ZmLBYZIyGQsFwa+6)UW=e(KGs`n5iL)EpMGGZ&0Qo}&)`?iI*A$4-9loPLJT9%TL z%F1i{USP`%c_^Rd;({c?#hR0K@Flp+*Ks!vIcqLpwi=Z}Ey29$Y>odicY)N0<&x6W zP^VUrAdOh6*N=9VRcoMSKkcew=~y0{HBeVh$D$06%u9G-v^dOaRAgxII>4g-tL|B< zl&9XA>q{Y1oXmQ^2b;0yQ3;T#vxT&*YS2`sX&`!+OaH zIaX8TBG`CPVnKF4VbH)R$K43y*fE$$%XKruxFn%=8TrD#!?3Anl)RL}wyAJAy4>8kqWkA%T-RS2u|mB@&uL;<^V&6ur|IZ zj~f~RS)p-6O9pvd0EZ8uFb806yyGJN9*Bs%cQJIdVc^ki8j`rGNs+ODDOGKZTL+r~qx zh@;_vV6^ygiga}P_xGIb{wTF^uiJSBM*}+YODPAV;GIQLq_w7i6%b(dto}B>O!4-9 zR49-6AE;WOJ@vlG+x9CI8kr^RrUXYu`b5%BWF>uAiV-GUu$Zt2BPAS82!$nG-GlQW zsqko1G%uI~iUyM#oWkQ}j}Y!Ttfa$CGd>&B`43j+6y_;>V>(=Y%%Vk_UQb4$q~k0G z*H8SjJXedk3w&l6$;T<0%i5aDDA#9=LmfoPX7(v}(eTD)X+OlFZS`8en4Z%b zzSM7ojxYX9M`^{Bmv&waA;`g*5dEr25&83uES=A3GO=2(6ds)UexO(MIy+Yf!E#F7 z{RMv7&}Uc2v~3;J_{d^gVViahS81$?^qr6wwU?bhXQeh!qh6w2aRxnRT@ z&ih`di}qCu^DX6gvE-ZHOji(bx|iWE%EX=!%wfun2~YqN%n`~o1+ArFSW(%I0XxOH zP`3hsN+Lfu*FKWaYj?`#fYwSPnLA?jWy8g$U3I%i)tm%;GPAl;#TX7QlXycHwU$Z>5izt6TcFDH^x+Ybf4g)cnL%87q;cb_zw%sPv^5 zIf`9d(v6EfFd-Oe@p*)dPBg&GbNvJhnC2!j^>VqE4XcM{YGEaO zXF|dL&feji$s{BVv+*$BZ)p4!;_VD;-68RM75v#-5$93JO0UNGB6i<>xVpDlr1iKT z!beb7Oe02xgHN)My%#fgkx@qlRA0OaL=YT01ACSyK7x@Q{_+_2?(WT%p4vXiK@01+ z(Wbocwg#4w1>&;p zE%Bytro9U0EYvJ7raKB$oKjl)TF};@TlkNe?-B@Q_PRe?SD(USJ%x*CgaKrH+7FLF zwD~F~T+_67W?36n#WABjMqm7mCi^kcU9xk036p}B;r!0xwi5pcvvuhDlp z-(|Wd0vOh|o9hsy%R$(QK^(Jo_Jj5Da+)l1qJT)TUr`rO0uXb8DG8H-%jHo6+>229 z=b;${IS>LwC!q&~t3bkj6(f{&Yi~6Ya=?&DDMGOM$^FC&3XAbN`T`;LEr}1J8%IP+ zO^D%0gIL8)tDSd!46pIj<*sRWpH5G&v9Z2f+((x#nXA5wkCMMrAY*BHI~Lu=+2!u` ziRb#X!bVT6v2A=hqap6e)ju~2Gom(nzP3a7+ zYt!>C89d_WR^7FQtplPPXV@+6K8=kjTMyBWtfiLeo@u}@Nvp%qmV1)XmPQ*a%^dU_ zyhkJ8Rs)YHsnxY9AL)h-cejs{xKZot>pbX7<;1D@XuLVI&)&ROgwUGfYSMLfQtr5yEBD;`zF)jXwC~l%X1QH z@MpJ(vX~|_MXCBOuElkW;XKX@T+f5-3YVqC@ZO$>p1H%wTJG585EbQwIO(^q4BfiU zyt&J{+b%QDaL?x<^(+gbI79MMZoD5d9VJKZrQz-3d&EVU^t{IL0gs7O!&uIDNY0I+ z8BDPGr7WG}V}{!W!FDXAttl`tc~ zYPE+$T$&HgxQm?%jnZ26PL+AAbTvZw(zyzZ5~*_PWZpYbj97YltPTBq9s3{UPkN1H z-^1}@OHpuck5u^G>*z6TarLHzGqCD$KYDcFob|vp`m={m)OKo=_MELu>W3Kv*{3?H z?~G!!OASwRbfiuBJjU~4j!^a$?pg>@){IU%xjF^%-ELs;kB^|jZfqa90joKC#`i!C z-|Z@d2g5MNQGOBk8VtUktJ*(~kG%eL(@y38-12J)5_)dca-HH+~6O)kByP>)2Q%o z^pEj>Z5tE*FZ55y*6QoOv%kOcj(q}>Pwy8C0VCrlT;XJ5`YZJJPvh60;E##vkBj~X z`1>b^q5n7V_vfI$2Y-KU9%K9~^B4>BA0CeX7w{L?ZL`gQBKi<>4X^8hrm`KHjshu~ zBTs@h6BTj~EM#bw*BvIUe)$l$dZL=UE)(W+qFDYSvJS|pop8`yf^ zILYDcbTD2RhBoIi_89zVNq6^yY)RR-Nl)B$=|!nhwUkAH>V=oKDQc?%Z{FJ1iJ##S zO%t8VR}~&V6*v^G(cp21ZakVwF0MqeoO>*V|75GagCimP)qX>ky5;Jf1NFUj_l=K( z6lZc(Yo_s>Yc>+Pp1+kvW6wQbwN)p9Y`pPf0&ApXr}(L?r%h9?^k#M00t^s^-Vam| zAfyUdU0~>E05h085D7Ssy$Pf`&?rz98N*qMIm}{}3GgD)V>UgOoA0Mf-^KG}-=corU{1IG{Oj7`FsDi1& zUZxapl7+{jN%0?Kw~QRPVGqFg+0nrblZ9?Ty)On>-Y|6PIq>5Ghs4sk(S809-Zav| ze9-fgh1xX>9Uc}o+->m}1vWN>(r*#q!F(CqO*iK+Q?PG-EsrTYbMS=JyFaIpH3|n=HE`9f8fX8$E=*6 z=QueCSlRz{JF$GakvNz>tyiBuD9+!`ug_5|oXiBj0p(}p|0AG2Jzc*&OaJ&LHUf@M zZ`fy0eo{^rHUj2PzRAJ*C++hznI zvVU?>woj|(Z+iOs3;u?J{$siM?-cYO@%Y~OMcl8iJT0eG#M*RxBiD+=6@w)8#rPVd841tzT94+0f2{ z&^FRA)X2sILTgR4?bsiF(8AIbJ1I;kM$hnGapP%@>)sFRt{3G>6e%15sDqO*QWK%1 z5&)mOn+!yNM^dJ2j+vyji)2z7jtT=M>ZPtUFBr7{+>8#r)!Zkp1D6;-x?3 zkhs5=j(3gauEu71*vKG2afpwb*bxtJFuZf|IBm7YWXr*B8|P~jQSMc77<4sgd|0^N zkpzKn>x@`}hyHk>h6JP{P*FnZ5;NC{5*{=zCKOW=AttI1Z*lxEVnF~pv}R1JmVk6N zN%>uZac5KZodf;dDu?f5k7Ibp?wg zv?jsAo!chWN*%%o)~?oek}fThS?RyDTCdwNrcN0dPdQRlrN@B^r7%DXPf0893o)7! zPFP@O=j+otH=cLl>dNBtp;X#9?oT=h7|Fy;;1(`J$Ja}3$|oWwk(4<~_z z_iOfz758@+%>YUN4(6}Arx@)6$#UE)CiM3QdxVxVCU1Z+sKp9@yYBp}8i(z-Ir87r z@&CFQN92!mEN5qIqvURFXlwO<$;FJHPDonj&w%@^z4#35zb?c1&$*cGzZc>BSwit| zx%i*{&A%_g`A0PWMUekh5e^gcKdXHHABu2(bX)WieCFbSkITfFJ_KSX^q|-y0km{V znHNAYJ;iJVMw6J%%AYCOPPwZmywNA6%jdHi$k`t7vUeB;EUMtzt5_(%{Nk$PXL0Hj zuINVcO^zswkv43ldYfx=0}HZ2vYx;AlZL>;(J#Y3Dvw%DVnn2GUe4XO&Q-2|Y(}sF z<%&Q|a_pzrPV4PP$fLe49>p`*bCX@l?K<8-c(EV1r#fJv)1!i!ljr3bNDDafK}${^ ze^h#fhA4QC{OECp>SUS^r*T7iZEmlAkjGQeEf6Dv#|cF1Hm8XK5qd2Yj*Hz1a>32Xr#sAPDzf-Gg@(B zsM z*E$^+CKC6<<8|!hqZ(geaDII4Q_viR6sRc6k`xpbebYk&gM)+f^MCOr05C8TcT~a# zINHEQH=@>R^=;Szf_S@omm)E-GCI9vH_!DYdOr#(Di18a>a58(%{2x3k;=)rWIsLi z78fzZk5HZqSsq!9jN7-dD{2)HWL5sLOCkM8t=X++CuU^t);m)Ik+Rc9~mz#FE6m)d*%-RMcv2v;^2J$@LT7q@ojk|;D_hl z$EV}p>;&vG&p_W8e3GGt835xj<(<>M3b^fqd&{?Bn}7L|zBH}lsk2bxLoaQcjjX|! z^SwN+)BE)y7Ql(FA1=!G4vOGId>zH_qoI34#5#QxHWG06gOrNa1MRufVBo^7FipMp_`Y z0@V*=W>*weS7x?YW>+Sb7k0!C?kp>#uc!LPHbyk2CuZ*x+~5K|0&*X|fs!WsA&G4L zQBeSizC95i_otmBUwZo|=Lc8&QL+wi8?&F`#6HX)!P%T#>>j!6eIXBQPkqZ|MnCq= ztWHg=AdE(EMpL7oQ96K;mi4m5GZW#6F!)IF>f)lGWrl^IfpZTXP|a;1KhP2(4JqY8 zIP~69^nSUdl9xPOA$)1uq01h9O+4u2ou3JzAWpbhESphC`vw!poO2CQgB2;|$s|1Y zqi}tS{eXX|@xp%k3+2E)Dfmc9F2jtHGWsFdxU>$OlvPY@%!NU>Z9qp|`8w zZTu!ePIW8998H zi;f!l8|9u$g$OajQ@9KFL&L3?lIO)&Yl4MfhmpQ!3vc>NgYQ(ObqgT8N zz9~oCAkILOMTvmWnR>6U^jE7yWi78GslTRI0H@D8cQI~0pJ&f63rm!3 zWe`t`7hXnm!mP$bQ;UGs0?ZyKZsG7%s!Z(Zc6=!j#=rJ3kUcy8wQU-wBd9ha+`lvt z#(Rmt%W!mJ>(&nX{Y1{a7FvX!&%CC2$zV^f))agIjYmd_D^po^D=FP|Q_(She2rEL zvG=KmN*z`OD`qlN_>{*y)r4#Ni*6-U1mjir(a_PpWZ{?TfTSS)lg$GAB84OSIv*kd zJ*^X1Mr;0`wRi&-)!eatxmx##h=7pT=N?=ZZAp%hhIx~P7*BIHsr)CE?X5m)N@W|c z4-}MCP<+$S)|THHQ??WBAFgBKzPss_jS4t*^p?J*EU7@#} zSA2qvJ@I5Pw#+C+C{4*snp>;C*==|d$U564`2^{}@bx&@M$&B;!NnijqakClKo;4u z*e+AUkD$3Iy-7rZp=E$MZVE+EO|ZZvYdQr;Q7i$FR}NTjKPDeW2h`MZ2mHFsESaZ% zqfhU2+~wY|7~02ncn!^WYH zDsPg2w(TKt8NcqhdNf_BQ~g`}u=mlVIbx4k->#yFN|f8MyN7VD_&SvPk4@=;rdFUP zIXq{#Cw;iuR%oUiz+#wA1uf*}G|$6n8rPGw@8oR_pu&OI027r8yr?!@h!v-kTMN*u z=*pqgyh(HOhvXz@k;`B|w7-04<(Hkof@-X`cm)H2gm#z@51qhY5CpQRp;MENal zwKbb|J{Nle2_6WZ4JH{YV%DRpF)C*w1^Wr=fN;V|s@4n$76BmVzimJ;e{mv%09DKv za(B(GC5-4v4iwmEf_XmbyU&7%=7+-N1NTboIp>%$v>b81)IwU8zey+(qdeM2y&}ZQ zYWTVkbHt>K1|}MfyMR+p<*h0^$-zbIEP*lyrJNj#8ss)0a$0e*42Av-`rv)$m&ub& z8au=hgEpqb%!BWf0{#FaI{^DqTYVSkjg-MzHyjNGaBDk{&Y~K)CO+u)>_?Nczka#yLDL-N~B7x z4?*SFzD3+<{L#IStOLW+^GJ7;IS7$au#8_P<{igNEp?TO(v?re>=&NS2UWM)fp5%{ zDO~yE=#W&rnF2pt+2ND4ro&lcIr_a&@Q3!YNvK*ixFxX5OP~6;W7`{@knAxk$O3oEmmLmZ! z3vn>0!*sM4oo%mWlAh*38M!8;Yrcc6X(MQM8O7$#lB#LbxvxRRXDkNER@uf3C_#b@ zKzDw_Y|$U}t6N4{ONlX!sRyf@4bKjhw+K%2N%fMV&IyQ|VtL$F6)4Im!c@em*1Be~ zhPecM!el?&Mv0H>UgOmElEfwZg%pa4xcqZb1+zSy$EgtM8|wH=L(?gMi}7FJF}PI+aXV z(BST}oiZR0A6@Bk659zl#SpTHy8xmlQ%~ZkyQ;ZlXI9w{hYC(w?Jdf#B4Lgi`DbZx znuHbBFD#y_5Nai{SV2oZ@7#7zrpTQYBqUHDI+KccH)Zh-k?dwJr;?PFx^q|kjDmw7 z_sM_W`teTnq(qX;7%Pt^2k9;b>q#W{&vcT8r@M@v8Q<3+L>wF#u(Sh@wIkbByeSf7 z+sr^3eYt~SNWG)nRy6&h9cvACK(pJc(f03dt*h+`^xy*Y$^fF}f#jO-{U0ZTi;Bb9N_mOId=-8))isOgY59ZzJ*1WSk z8KC2EX$w4Xl>bmZwdZ6sc(1y~!QWpI2hd-}{);EOMrlQ`eLHCh>Z zW$JsLV{L%Nq71bXWRS4BH>8zLsT?L%X8Gfu1n9f2hlm(kKHSEb)%vSj3>-Je3VZlV zaGitTQTZOkN7crWc_6I_C~lK{hsor(ZIIxbUUvB);*;b=fgt(dlN89rXW+?sRpdb| z!zVBzeWxX~atH<$dky*~KfL+&9r;$h*nuc>dUtij-0BsXNq=Cryl_URo<#hV_h6tL z`)9ahG{u{l=6o^qupOc;)dHp!+KtX#>`B!}mXXVP!|4EQ$)LCSM^MUB_7`kC3p`xl z6>9_Q^cF6xs}4k_@7Sh<+_<3V0ANKT$zMsMaV(lCM6T+G7}4_Q0N(Nu=IiJD2(Gem zpisU@M@7bYfA`$s%jZ(I$u?9tvKYE)b)-T(87rj#%1-f&Kn!zw6d)wAq}Ht@+fAQ< z3dfVAyom4B*uNVD2Q~2tE+E4ZqoX!%2$aP9B#uMgl^d4U>7>ZjW@A`gV@$ov)p0JIwneO4pOH9rMk~bLRy`!9w|&{Fq6WetfY;p7%?YV1q(93_0f6O`jb3pA zHse#3E{G)yBJ?&8yN|~T8qK7pGx!-H4|_PH;u9ulvB-l1Tffm9aiA%|rVuvax;u0kHET6#R=?qzN0EAf|C zdPd0hWeTv{7Hmd}dI{GLyG@jh#^{dd4wCuo0yjF7%sUJx+eR!z=SFha_{8 z_TEUyM^M*K;D@VmF!!vbK^3=EMxI0J0D`fjsiJ4upj?710BO9&c&k(kO%I0{{E4GV zZ|S*^0&g%;_J~2XN+utr^KeT`I9~e%*0lEPM)FzhFAoi%0K$|(%xyq~(0rUOJ_KgU z5oOUb-Sm&YevV-rQ}&-QJb7}O`qklJ^3n(5ZoDl*SV(_mvvv(k zg@$xmN%TJHC9nhti!&a7KlT7cto&kNxE--*EyeK5;~skLG=6b9CT(?@rKQZDxPYcN zZz>-8S81cCNiJ+{8#yVY!x^z^m-Z433;-Vw$hqI0Qp91t6u(o_Ko9` z0S2?iVa&nw)1jjXb6Ygn$b;T}yv&2k`>givEA}(_Hkbo;CywRKx?Ik%Vy_sEI_XUG z2*Pmra0oVa1!soC?rip#ZAHrTz0KoHL$!0j`F%>6rtE4%jC4)<=xz``iO5pz@=nx!RA%-lUQ?AM(uJY(u5tm2hMeL^%S_l!KgH zZouVmkk5tp76q~Z$3iOxytx)=+G5QQM{K^RQ7>90QYLnM6CG^()z9*%eFgx0RoTH% zh78%k9c)wV_PvgJ>pTl{_PMBW_>82b8VN_Y8h205>!=>I>9S zy$<}CE0nU(TbN>e5h(eAJhfl2-+mzCC`==2f7X%k+jQzZJ`|f``Wkv|&_=XcoV$dt z2U|eMB7xMF%Q!IGau*l1Tt~ThO!-xOj;XRJC(n@{d1^v8CeS)VSgmroqo8i!G!3Zn zFzSaM=hsq0uID34%7|sKnRMEl39$C~)_Uy$J-z+(xd7Nu8J|~aar-x9ok;F+Zvsit zDp49kHT!Mo>f+Jy?F##3#!1hbQuVUy&O>f}wgV*p(Lm9GDwRv&23b3KlNddEhV@o>GPZSNYM!*^m z1VOMiCFS`a6H6%NcDIwM>fxALh8moSHGuav1yl1)MP#E zRJy~|PBoZlcrG%jK^#5GelhpX>kx${5LQCy;uQ%phKRQ~KOGSMDn+7vJj zywZPKkQl-6?6ul<64OtIZy?IjW5BeL6P#PTfa`QrvKgG)xIlZ)@zD%=YtE zy%Aot0najJ^yORZdLNj#wIeVxvHy4i&D}L6sx) zI+_*JgS*)?6AN>l`wp5r>Tx-U3sW;3Zn|ofi#i`Y<$^{noNIf6D2?mIFrK1&340fz zqc!Ic_R?{79_5U)ua91(BM9M!VD!)+pBW}>%z09*>M)XyPJ&jXeqIrxC*}2t<`VbnW?NN3e5McoBFKmJBmOPo zv}KqR=;}&PbgxTrsljnO1mOW{`y!KhBcwkED)r!TdO6XTrJAO zq$lBl$qShLS|HZm5#F6J2Z4rd*tJ{B{tmUZpDXcM+eJcrTG2U`e;Ga9 zXa{Xc{2-9obA!PV=BSg6h5eppj~I78NVP30^~lL*yJo87*WxxfPutDhKeShDeuNp( zg=>Jrc@4L$00}34&F14UUMM7yilpetw8QY~^M;HdH<)oZd$hR# zE_orsD#+C`I&UJCtSgJ6tcSgAcv!%%>o^>-iras=;-FsOM*$6QxUN72esl(UAuE42 z_G&6LX@c;xeKBlZQ65sp3h2o!2LWgRH0q|JNty<|tn3oZ26H~ltZ8pYa4{u1r!@v8 z-u8gGSpCR|+eE#ja=7=(Y;n^rI%0Z@oPVza5vP~3iVLyiJEc7U+iEC%uBCGypjE|C^jPYw{(}rNLi&}v|lE=#2hf+$3kHR`sD{!cj z7<>=Ez@4Qf;$(DC-QlhZuPn+5sj}N&z1?A9GBw9cXEik>>KSd1bheUUnG(##s2zK} zoChMiF!Nf;p*gyK}*z+1YI5Y4&B_RK+5AQCS1itGp znvrvUwnwwD3p)za+YN%+o?jKC+{*@A{IR<_=wnzM~$OUpU8 z{^CHJz&o8_#8EaG5uE;{2Z&Z>0qs@V#L@XnBjMb^pd?J=!G-JjvRw)xa=m~UPRdvg z{Rl&-Q4Rj4D6>@&d%o+s7mUCTQI!5!KjBO!>-BIhRE(p}!a+4MzE37s(9Ovm(Wg)A zOZEO>O(KvlW<9=8RQj06cm*WO;%xMQsxWsdcUx;JNTVH zReG(Hnb^a+L+Q)D;>HM(xeSbASMsh*{fCvI?iX_GQg45O47FBGf9E?;mjySIf!!-8 z3$2eEg8>|*H4ihEIOgL9)uaSf>7GiD6KdbINTa*fnj)Dl5@%``(q-plIf_7lC_bF; zn2kIH41Uj|1_!MRUh&}^kJujan%aKL6*~s@Z9U?~y4?D1DFy!ALBU>YTMh91w7GBY zZaPb7++9xAv!`N1V=X(w5Kq)d={L(7BN%|)>&;Vc6@+ql(JNEbAWhIQAlQdkk0_lI zQE7!0ES7ylV}+njahDhns{Hh6^dr*Tdibk}p;Mt$cM2*1?IDOtlUB;ve7hEm4dTi9 zBdCf4KeI-V?nDMddd`21pE`AkEiJz2S%%J)2_#sajyVK1djHaey2N-B zlMiKpwSg_ZJ8}ivbssh|iGAyOneLArJtw}8$oE=5y2Bkf1v(%q)9cgU+9%__wnXD) z4B4!HdJp~){9Ooa<;h1a|Ba$W`E+@+#8XcRWKdRF#7C`)*)?&3$olJ#97-ttn+a8C z`z4N2(vVj+V-&~289av6v#^WNTO4#etd*lVSP+k;_kbvuY~xmNWb!v=9Ct$6+oZx+ zCS7leBm5sEZd>1Z3N_L75WNpnWwio!(vmaBJhIw)J$%9J0ap_qvT1vgToyWZ&2CBr zk?Uxsvv$5xhx=eZ4vwi*ov}en*jg-fm~(Y&+*ff}a9bseV&9ZrW5_3^4w47M4RvwT z_X)=Y8+!3&9>z)I2h`W}LM$Yi89IiKU1SLO@S<-OcTYauXK8?s3w0iujwSkxTC)Cd z5kG!&lN(RPF%Cxg@sQqaRVMMh*G&4fZB!5K+l}g%!cP64{|7rj#J_-fnie`6Zc!)_ za|oW?2KQKfBZ-u!O0z=_Zs3bN%8#Z<yWcQ<|tc0L4T?*jOiR!I?_uug5wqKW4 zE1?{Pd9Dd(obA`68^ke$5lfFC)tP}6&n9dcpNkp#3QHI{W)_=ABmjXS-lmwmP`!;H z{YIzcyG$7VX{`=?1;xV+EWJ@JD}XF-b6HfeA0LXO!RekK&x2u;m?b3d7DlS0x~vRt zKRO@-%2DOKDDEY$eu&*pb0? z2>V%X^vHabJn>rd1>gI{E~^EtiOYUJNY9)h1DPkM=E!kT(|v+%0!?Dzp5F67OSs}S z4ss|JwUwE|^~xRtFs zVeufJ=#i`0X~vL8kWDH{3ONh!M76wPl}9Y@?RrjN7r>Ek6iC?imwiY?9pyzE(%lZ; z9vyDG5JnH(D0?m7>Aa?Ljy-W^unZ;BxeizYr?A3hFbM)PqC@q8&%eU^opd&zp))K< zIsL3vWV>w}N6I!RqUwKOF0+lM%Ht}EzCWtW@H7$eZCOKyZV(Z;<@&q=O!A+tGOYiE z^Q%3$JF88~H0ho0jkwQmbXvBVZixjJaTKk^pU$A;&LIO(oL`X?xlA~H3`yFefgx#VHr-I_Ixs>t~?|(fjB6hrOU3X7e|7`F&g`!*pkv9dnMJPcDBO1 z4v#^F4mzC49rS#wU@_rfL9Hn&N(F`8cLndal%ER;H{%_&82SIeGLXY+ z+-t9ZCUhY^c7iC_efWW;Z_tWta@{=C3Wp5D-+jQDeA^cnnoSlRW$=VAWE`dL4%64dFsaDE7+ z88m%az8m`D&2_5?#@y7al0cd075F{5dQ|NZjr_a1&@rt%+5FDE!KUYl^WtOYh-=Rt zi(qt4dCuo-`Lhbq#{t2>2vtA{Yf9N_ur*5=bp6EXUiW^8jGw#PoOT3yNBL_&)zYVu z(+zV)PszOW$MIULD_Y^sWUXnCJQmE9IPio}2o7DzSROVcRfawO541QgE1viz?vwrK zsC&M_#RMRd;jFg~grCySp?6-~tL{0@6SVBT3)JpM3aH=uNQfB>_Kim(8xo4=BnU-# z0K!7Vz`W08`g;4Cq~DHz`l^L_P}}$U=Ji6kh;r%SSX~xVvb*qRm z@$10Y*x{L|qZkl%lVL81z5Q4_90HbFo2@+wO5u!o{Vq-6a2cBs<#`jJf>dYg7Bbt- zL{z6EQLcq3L1RM}CU>gC)=eYS*mID2B;KC?B_LoB(}_R2x$5M&8A{C;FfoO~NphL( zz@^gW26wnc^41v_!~yadg+vJ75_ZH0BS>vWGUF%wS-fMtGl2z^7p(2U;;iI>8!^u$ z^3G%i&HVeOf}^c2NLtX=>K(}H!#il`O1KU#01L}DMKLj@(zk?8 z<)|aW+S0)8KDL9l#EO3hiTS$>;?__%nc-_R(U)#eoxkVCCj1z5s3B~@)2Wkr4yKqt ztwRudZ$6F>4>30~`;~1Dueej4 zoy#`aRXr{vwpyJDXi7NfTtKgl;-0QgOOa`aZ8$1Zxcf%A$K{fLbr z$j2tJ2E7Ic@qLuQgk$gMlUX8eTg<*b)Sn&T-<`IagbjD2puem%yI*7ON5<}ml_O{R zJ_mA=cIiK|ZyL0AvhVD83?ASpo_EZ=cFfoDGd*Nr;XauWZSbQC!A6d!wmBwe# z{PgdYl@G0`BtMKgrY*oEVwoVxvBY`W4S280FnkfS??6wE9%$V~woY(31${GAxW2%m ziX10!)Eb8Jn1%b;P#d|6G=rZjjR?LV5Y&&ptxTWmG+tv$k5jb3WxDJgt==48QQ|GE z!$0He*}pR&K?B)RY>}7O%|kpEB!q8m3e7AhN-?r@fZE)#n?)Z2S5BNvO>3#rN~LZ1&;5gDqhHF zxJI-*O&L5z40?AJYJBF++Ag!Q2d)dnfDazF08I)$8?dvHXVMb*nma3cOT(qmnk;)-8@{=$Y~*nw)y$DbRDu88=#6LrN0VCsCfCFT$rI^;q$0JP${x53ghz`P zpxj>K<#&)ZeWmrna13r}jtQuy1yTBQ{L`a%SfuG1vcc5Nr~}11kFWlu%i#T>Q9yN+ zFMM&c`>jMu-nBdt!pcmNxY<#VNcU$VLqn}*`@LS(A{{lR^mxji;tUn|Tyu3v&m82h z#ARohQLfeSVzvPZayaoOm17k%p(K|E2O!L@f^U!ZZ%X9Ps&=yI#o|L@O9rmdDymMx zt8{*w;tDX{m@;|&=M3c1_NzCZ5uX}eo5=-Jpu4HcFnbP4a7Q_B2XvqCsO9q))AY^y zDcsAZ9p@=;7gkG6^85^iqbk9*$((+^-1@FN+zQTatNI!7=0dQbGdZX7qRc?@$v5^H z__YDr?;qCYpUNAwmNI#1mnQTe1l&X{7jxOl7J)Q67(JrEzZ zV2|ZI-~=|+EsG$e%Z!F;9Kt|lr8yr_#1e?FQDisQc>feIKTDHI7Evy>RxW+$(lO7A zym|`f>)96rQ(EIKD$8m2hitv=9*_utG1A810Nbfk)RG{3MO^o}>=!C9wT$pv7zORk zY2ya=t~1zb*J39)T!F>xv-<=|Q%EEH8DkkTbusCL+f&%l!OE_pX{LA5S&b0T!71np zBjM}Mw}=D{An?hv??&fId}9my&H6$#Q-ZYhswp)V0K~t&=?B{kIMdG`m>OVU5@NjC zXN~@`6b%C|8^LFLuR1;U%$NL3=KE%UEr@Rarx(AmGT`_*XeTYj_%hXcU%%7UxSD?< z1imW_2IM_DTKInZGb#DZTN+%xBHhK&KHb*p@3`JW{lF#CFdl7~Ig6v#=n$NT`U2ZK^RnijShO7q zM63k#rzJmXtHzc9Hl7Lmstt>;p8^(3c|4%M3MaI3;>_%BnH zt`!*efGQYNmKm_3E6$3ix)k*Vg>jZ01FR4~M%w6i_6;EmLK!S~~x>n_*D)q;KTS^w3qfa-o)pQ@kRkgT# zWa<(QRXvYGJpJ90G!%G~+lHPUFFd)C)ciMIL>a85`7qc`2<~eZX`4!)@;y6BT0x$k zT(T+UvwV<%=3)xU%eA!c18#eJgTaeoxT;Yam z2DtDsY)Ukd*)vM73P|{*Fhl4!k!*f&bpPO@e++E*N7+#nCGfgNmKOI|3F}GS5(!Ma zaPDQp7DZo~4*v3+znL0Ef#-pfsEj$pjNFYhjg}X~6^6XF4U7YI(;+g6BHj^U(2O4e5;A<(fPWj=O`WQd`HU>huhr zn6FM_Pjji<09-g_33aIH>O_K5Jief^@zaw3lhCGZ&|0hEBLRabR%nt{#IY#q3-#b; z!u_Ld;8j(P3z`CN4Nl1HKi2koNt{*dU<`bG>D)GAX*pVCyvL)yj8TDK@= z*N+|3y{%|#P{?-9Nt;2Fgq42nCfV8jR+HfUtW%i%%+-hFA7m9s-CB=!hub_`|HU~AFHotqOgoSZoJ>@||z(62`B)$OZD{;X5#_143xDqj;8V%k?kLeCp} ze4-j3Wicft2}U9u$;xWrWL#HFacx&WVAEO~FH5O*uI(~CE4#G~G~Or@@H(p-Ffo`I zwsWKP0it}#B^8T$7!pVMXj!AJ&gI%P!HQnJ7?xhduY*^mkLI^~u=s}_%C@tb{z{g4 z`4aYQ47Cp3rc{!zPSb?<{HvjH%l(X)0!&35eG8WxuO#yNq32bBE z4vyz7R!D?IHl@JNo-XmTMbkj4~xZ_Be@Os6ab8&kwY}!mm1qQgYN3R zUC92CA^6HGv0e*Vf(H8WXC$Nkt^%LVP=0$z&eFj)vI;bdLA@GeDzN1_X`uvH_mg1O zjwMcqgn98MIvJa?j-~*7Zkxh|=0v1vZM;jV^GikHJA3hF?z~wV&@d6nzb5nHEano5 zpvVJb&!R1WnWJ95uJu!Y4;!T;hC!WEsp8c}D}IVdZtzO{2C|n&z2Cm`N$%L~U5j=* z>4yqL+FP%w$ZNpJgv|QNEyZf^A3o-Ry|U?@1WNA37enZZ}~2%w`nc)|NcdO_2XH!Sx*mE-LjHL#~gq122< zPCMcX!KooUvlS6mg~3k(XFGKCCdXyDn8Q%c?87`C^y z)XyE+kMm2tqi@9GY3tzihqbVX3@o^-|_8{=Q$dl!7&6}(+*l^6U=j(&~ z)jktm8z$}p7`k$DjUC|2we5A!NSK%bnISa@AMV&11XpjN98yfp#NBalIDhw*3GtMA zt1`@#wE%8TcefA|lkXxsnU*GsXydw@RZhycb_^Z~l;F zYcRqz$fMM_RAyh$o8O4+y7jsIoPrRMgP7Z=-;2T97?)X`^6BBX>wxLKYYb~2xk?Gh z>aT}GPzi&EY=fjbtnNnn^$~=`r(&WWB(%W?Uo42KT@J3w0N1f)0akHC4fBp{TTlDJ z(g&sNXpt0ZomF5ZUw?)Jjxl&*&^-w+q-5z{;>@&!(e_lk@oGgwXHycgfSmPme-+y-AW52aih9rhlBBjveV(w^KzpgD1Gz=wMJLtOfnhiyCEblSOKgn}`a z)Af&fSY^kXceEZO%iAXHB*vdmVIC#nyZ3#?pprAsxbRW?QwxckpSybvk$i%IrO8(DBmDrg%J(q)7c+cV zY6o-t*o?iUWotNwmS#vHjnf9vAb0V}QGs=cWy78Flt=BNdEMqQ(85=Kxoj>1i!wcIL);ZEC6V_+5sKOX^M@Ls?a1ji6cP4-S{3h>_h?{@wtH!T$ z-fb|xBv-g=J@F>amkNBBR{4GA&e0f>QJ5vms_WJ8G}U83!ZfKZeNgTs1R}z9TQ&~@ zLNgukVsv{q@?8h~M;OH2@QuCklJnfDe+jPIh|+Tp9Ee`JTN^r96myj1Z6!)oG5Lp? zsS>jm6f5$odh;a2hB<}|D~MVSCtzk(`6*|G4+1YHK;WvV*GHRV)+emEgORiGnY}8C zn7uP{haw56nO`)bws)}IgNF*epCv=t#c+{O|B+h&m?x!%p#in4jV$!`qtTBBV@Vbl z!Ack&d&ZmhAz(r=NJGAAD(F-?Qj~{_#=n5h5$B#cZw+$9NOuGqgCoyH=jd{UzaF8d z$T5M$bnKW!QZvJ-=-Q+q6wzDNHcXX=M43d;^kl4)vp(dPDBx zLQ>ms4w21TionBToEs;Ns!HI7gLnAQ*SQsC-1?>i@*2JZW@j#GKA6VL!Nw0y`p|TJ zUSjaHg2PN5>FW~U;KvX0s=nKiiN%Xz(wkxe}vkeq_$z59z0ct=HX@GZ99}Dl#%Jen)Z@&kFS|+NW3Uffgk%$c%hGa?Y)}i zl%cG%f{i-@bh26uu`e>C_8ZziU}K4ObYSkw^{S?+#M}7MS`aY=m86l{rda;HUTF^v z3v8hkZ9ytC;aMPWipb6zn{5&QyvXKjiEN%x zYvpU;I-!X2suSz|7QvG%djb}3s~HjGarSa4P;lW4*^QqA>{*eHHlsokbFf-Cq1NJc zCrZO&4jearY~@d6&<84T?OWhf>tGM54nstVRNo@{?y*Om8O;-`v4DarJ%vdej)J{k zC~^YsXOmHSUMw50(NXT#K%egZG z4Um$u#@eOd_L_#vt-ESB#{wzSB)H`i!P@URWg84&Zd^)G;0pR(Uph7R#GZNOxe60C ze^v@h27YA|Wn%2h_LMXHHi~}XXr>sYkX3=z)~KK)-rI-t7`$KNH&V^O?Cl^TrDPW^ zN$OaAjtZ^z23b_^W9yV%MZm(%QWkr(hG`Wb%$F2~>L*EPYa9kjCKmvrb}sLYaIDQ; zAB<8q_b9*9;i&NXW0@~5A>;RrE`3=?Sk-wQS*VgoYQ99skGLUh0uLov!lGEwBHM}1 zMf8z8c$1==086Us>HEG5$?&ryxb^YTlC}&KU;b_X+^)0FUKukUBmCLLb3waWwDxOL zjF^j0k$6kmcfEo;X?7R!K2fYDzQGc%+91t?V-Vw>ubtMO<{DS`3910!GgzllbYZ7l z|Bj+@;yCCCI9vza^e3>CH1iSix{>zG1tXUnO$$OOjKpGCk@(u?VzvkPEnsBpym}kn zgNhABGzQg(Xh*Q~Z16Jg-TdPeN$0W)>3m$E6cwI+a0OecAfHusouv$R9sFl{mW6(< zTA3|54ahD6#L!17x*?V)8}g;{!IJvjNs+3Qb8OaGL8%j>^LNG}mi4lrQ*Mn?=ty*p z4a1JA;ZFSlq=Fwroz@b~#)ub0IN!w{LjX&8=az@{o_nfnrjMnD$H9$L0L%v5ML&${ z*4#cQsZ)Q;%n9+7D4xyd`y4`NKy7pV_;O3YtM&MG(%5J(-a<4+B~U5DOo>&rqGye- z(bwmCOVm8sP5*iO!z@vE~z_jeE7I59j{iHZTg2Iq@Mkl zb&fR=4WdZ@_HZ+Ayg`H28^5$~YkC&YSxPO2_PwY=evDe=rH<6%ZIySd`lzrb%Zv%s zJB?Mnrki7I4Az})A%=(%$CJHt*S=R=AG96HRlA0*=zS8;%iB<=pU^7R&Rp-Va*4b& zx<#Kt`>M?3v>?HjdBb1I7t90@x7IUYym2MAE_YMn-eafwX^)w6M27o}HBNdz`HmMt z@wR$IvNBpxor(^yNp41UYi#E^Z8{Yi)dfboTF@Q(Ao)orC!$usvxpBm^hY^81;(bf zNzbb&lilIGWgY~9UjyX*6wkI$cdy{fv9BnEL^GHb952SX>=#QLp>6fc5 zx>dKzoHn!iqJnaLxZx{Ngxf?0{aCKsYv?OLSD#n;r{YM24v8jBj{7Mo?CNiG8uS8S z?UEX?Z&x33Ur(;LU!>xoqo|;^&v9^bu~sAq9qeZLAfMcacBfs?a$?-=YVQqETTjMy z!FS_)Lp;4mOyK6QWZ03`1|1NZ0a3o}kUK1$?6rMyW^xoF4ZnHOG>IJ!(0FtIsp z2tPDMk05iEfzHi`RwP$x3T+>}>!qj?i(ym(mipDhKI_KoO^`6a%b#kmG^=YpQ8IkA zZ}9tNvwBvUDPhKZrR5h?gO*epTO=%zF-FwEs}i5ZdA0?Mf=gU%o=XYzz17X^v49o& zQ>Y)lht(GWZp>LK=zPkRY8G91dm$}OIJWP-85Q-$OlHa6lak_{@Yo#`S#uKopObPC zaYPWq>H0`1oEDZ*u8)1qvzToX8S~Wp^{B}$ky;CmCcG-}^9t?o+6(&id9o&KDRSgW zM9*|??(CNVW0*5~&Z#uVAj0;*CtxiQ7=&$NTliDq)t~7GHGgiUa5Tea-I!|&g=^^& zof5PxDexAA8t?gTtn#26jmWTBT9&r4VI$K9P?AZ-1#LS;-y4K^Lx3PEt4~%c4okI9 zsjRaXW>n~K5KV!{B&a=N&z;4c;xTlz`Z(#|Wl*-Us6UkePb5$qdKm1Vw|NE+(*r^g zV#$-K@06M3b#WsxnP zBn51XL_8U3p^E-mws0bFA=xPyQRg|es~ZXY(z~Zgysp01@BaMFT`+nW(FfDw?#HDo zBdT|t#kv}L1^FqOm6n1g77)x3;*Hj$eiY}zBP38+RCKRwSI^qq6@f}t+jNj|LC?r*T!Fv1B#^?F$9t7WFExFtC0qFrY}YdBYS?oGB+5A zl}7s~Wr}(j>h`ByOSEG8lt%~EeC8Y?7mzGIwA4(+CjeMc~FUybzA2M2tU{W8uF~=`fQd@7C@rU zx`S%!4h9hUAqLY($=Lr`45#igA9+fJn00)LzIawNsY8pH?Z9%3_6!U@#1uy^L)Ptv zdH%cP1e)mN5Iw?`nmJX5OqYnashhW$G9<1N=^*@-IvF7MAWcs)BVz0=rj>-D{hp1K zH#Yc$H<`iwG$Y=yuhwNdb&$|A!&FNkxp`9SMZ8vw4zq||qj39EEu3|@o&GYMiQmyu zw*A-k5o%V9%9Y^r7wX6*QMrbG7>5A+4KqVz5(u`BhK}jAKns)Yek#RBe`zguNtJu? zdaAuK@sHUvYSnh>jkDdKnb`b3>}|K~Nfg#?D&yt|(qt-nD$Jg5(M;Cp2$DM4fiy6Q zOSEII7L-nT(xJvrRWjJp;(5O3UXw}QE0n+=WP0g&pk6%wZo<>`D3|;x4bQSMeX=Rz z=9aZ`9ICD3cMLmHhYCbupySWcC>_7y^izL`AaR%{=TOi1)EK?Nz<>{sz=2Z;wVDLd z3WzoY)K+5{_XJ0{dM=u&B-WXaXpjk=#Y=l%HwK<91=4DQcil%Taz?B+t5@nWm98pJ zEvf?_gkhe%WVHLv>So8%ZI)9)GE?nSi;BBuR&U#i=B<{0d9CXlM%Uh%IgEOBfeuJ# zNP0kUJ5KuQ`Bn>@Ua;X{`HGWtA-J4>TGAh(ngCdNAHaYzhqdU-LmNLqyFg4+yoe<`7Bclt~~2eYfv< zz1Pf^`jXOCHM#AN6?}L-I4UIHNx{PlAPX!7UTvQ{*iU)Cw}vPE{z=9xl{0U^1YjkS zw8pS_P@MiY7dMo4RP(yc@f`5({;Ah#;zAl*J`o+E%s?k7nAv4VdOpPmJixXS{d+0+5>*4?Mu&t;-lN7ugmG zETEYUxEsb4`}ne`1WjDSD^x|Xr8=jeE}3GA1nSX_9D{>0tbL~4dhIH+CR-S-LPN>a z?#mIbVb|((nQDWV`7;suOc+}ORBipa9{;iSv3TbxyAMMuz!a6z zkY{!>Zq6uZAUK8)dhuBF{8coknsNvf@zN9e0fHYB$NKpz-gIU@l_L%=rRv0H=Q5U{ zRE*Gd%hui9y9x3`f704Aa-8t{2H$UN;wv!QRSf144Y}%PXvKFmt-OEnS}O_AOwcW0 zh8PbK5g0RqDhGG%sb?s-7_*!ojSrR(B(uon_5s&I^wLRwc+S5HwrVE+$&8Pb;)wGM5+$u^+p#w0+$~;JO@IkXz_kWmjS6O20 zAaY=zL|=3Y2_`Q68P>{PfkJLG+K$Rq8k4Dbrhy7&JK$4i8sv?geHk1kCqpKC$F2O< zS*0OThfjPYC45LTVq*TKIiyuQ3KhWwKwhP}AJ-F!BqX=Cz8-lw9X_^5Tb6;E zDTU?vP+wa0&S=zi=!9p_(u%hqx9-y5vgetUq_FtIr*S+c%c$J6v5mPApkef5h(U%i zQf_8-- zWwH)5WkdWfcbAzYj}ppw#QJ3;RGCiH3TtMi1w!7x&fclCR<}raEdv%|L~u&eD2LE^ z=l74?*WWZF>2N-hJ1`31v^0rb*O^kQzTdJxKepyf*u2F1N=R)Y}#fas{p`}q5nWcN<( zw+vutn-BtKtlrBKjjutA>)p84LDXC%?NGmQ(*v{$(qdS6)~KJBT=XicnM+B^HE5pO zGG0&T?;a*AcQHt!I!rK|V_6?XC>4P51bl7gAsJIl2wGOOGR5&BNn;~%cE=syM8hSP zfbj!~cq&*gUlPfAjjjXBx5NrX9$}csw?TzrVS9C-Bg~^AC7K&h1HfVFF z{`K}icyyGCJYzpZ2y|VCk5tUPim=RG@Y8z_X}%w_e+8I%7`6N9-8faeT}h16D#7|y zuJYSue|c1io1OA!q+(%Uez0Ws*TXwBkd^)qu&RlNWg8sHjzz*x`4Kbz(*n& zqg%~^eEcq5QxS}LoX%@n>0^Acod2sw>pr!?0@cRiXT_K>H@j}0zyO7}cE0tF2q6iFQ~j8g1J}CV*tc(!W}oRY9$>+* z18lD63-hIZrnpYGpw-%=KpSeDSZhvaK`|C3Hy#4DRrH|HT5(W`Q15B49ENEeq^NwwLtVo7>C267p@wQk#Nq~JWJJEzPOB9MF zE$4`!xn{PxrZ1pmU%z16n4x}mMBG)&2DUJ=gEpm9JRe6+QYS))IvEhLGVRrG(K7s# zRQX^V5IQVJ9jKoip>Jz`>w%)V4LKQ{E>t0Ohh#MMb6IEZ5V z7E9OMvb}gwD}0&)G>(lYc|)B<8~7WLdl2 zRPm6RR645a$has+&s2XYuc?fM8ohisdNpm33b3yP9~s_)OLQCq7Bo66leR_g(rksU zh!d-P8f-@D8F#|?V!SJX$SdZWty}gFD}$y3SFdMoNM-TkD*z)NiF7?!8}5uPoB;9j zFO~6qH z36?O&=?d)k#IsO>EUVUORh;*lC;T{NzhaR$UMPzJLFiNntE!Qm50TV;_M&bv@;SbU zJW-ot2&!4+qTO*F%Hc#`0iXl70`-lXT1Ppj*O4+sgfG;4e5T94ecch(2@nScQ$#fj zod5sqlp$R&8Eki)wUe_y9yo}78CoCb+d!T<9Nf5hMMhNPT9(pvRT*Jg>u7VitA`1d zc7S1wk~^!i#aPvN1;JuTBT#p!DNO97!JZ^z1#H4QT;02e%bfCd(-P^^^Qf=N}*x%RU-X4#Z5%!0wY9FCR+1Q$vGFa=V z1ajdNb(koqv60W>wt{@_zOazjkL^FYLdZ6;|Mb(-r9zNqt;?BYW0KZxi?`O5O3`>q zzTZW)jm#MVQSAT_(v^@;g$5HhKwAYbKMq1D3YF!Ty*`z1h)(MqA(Cb(a7zNbh1MF{ zT=&%Px=GY|XM5C>_(HE$BQTLUxZ6x8CK6Y(XGR7jJYrTb4|ih08&kDvR--3lyBIBF zjlFk2pn%rZT13Z@{sBJN;wX+7u*P8b{d_O! zhND8r1OUUtEcAHpBHfgs$$70o4}mcm!2rp_mMqW0Erv9*7gXp@kHxWs14AX@UI^27 zw*^7knEt5aP;}J$)*a{FxWX2!d7B^3BO#7H)CTLaJquOqfIuF8%w?*sKT%tRFV|*KO)rS^uGyeRT%qr5o$wH}#~#sr zAyr?P)dkMhNNXu8G$cVP+AkY~A4hFo2y`lE?aL zP!zbhk6m9CdOFzea=oeViRw2^LM#2Q#F8Wp|8%138Q~VkM$Rph|iC3Qi z^F*L+rtXW6yHxUSP`#aS7d~IT0m{GD)WE8eBXeg1!R07UnRAg>YSo%}H?J`tPxyAL zG$)(KCgbWEL%GS%+mpN`IX6l)E_HNex@_O(EIg;D7NkpES!{39$T-C-9(NmoTbA^n zUjO9ysN;S{m(j{c4@_z6dKyhc9a|Xkxj2#73nfOhJCLS+sxP zl<}}(dpd$guQ17S80X-Syc`~tX53~KQp{Lvo_QhneKYveTr9)yTY72Io5w4JBAqkD zGJahir43}8fD5d(Cz?YF`NyIMYv9HZNfQ&~{?2x9tNBc66sB~(n-2X&2oA@eWs^zc z5o~Tn|E?np@3MbR2{h?$ z-{;pfklKg>Q~V;zh1gPdskCY5L z)w;LoUQ4T~K7hO4HIfL`{ce548*6*}N;!OVx5dI&oL75ofp4vs5OVM(9pTL`0Hw*=|OD8|SBeHuwG`CV5c~?&hN7U}g z;D1#!dJ?SUM($e{>U`^Uy@%|MEM^!hFVFZ^+Ta!?4d^N$sF|u)1et`{vzK40i=o+E z`;*TPYeSOxi?!8$4lLjf#xwYPF+te^QD4k8rm%zX0cDHf&Y)Rfh+aK`PIwo_xim~3 zHfM#U4+k@mw2ax^{GdysGFFhOI6wifoAPx0vDMc3?QcP`4#pm~u|&cD53MBq{zRIU-@jqX&d3 z;0CacaKFA&eTLdb5Aw*nbD``?kI$wkhvH%tvaPK4Hr1$t&a1A0TvI_^K z#_BA@xUrsZ$m4=sSOOOrvwQ@dZ3f?oMsG&BIt4`-Rru)y9ZE=m9_i`7N;s7G@kSYoLV(l;w>$uiODf)rf z>zT94-9T!7(Bs-lbHQE-rqzDp?bCi6zU8?@gq_ovz(mV3_?mup=&A(F?5xPMBA5%x z{IX#w23Q8&v031L#)T50i<&1&s}{{A3E3ZC)Lr-! zgi~E4)z?sNwLI&o4=Q)BomQu)-UCp7PUnF&>Zl?%w-tlcyMvR&xG_ zSPz#)8+1b(wbdP3DsoNEL!bI?`qt}^5Oxosqox_U_4WXdSVL^^a@9wHmsdUS}H+hax>^@bA5Dtj>y?L7rHP5<%~Jd=~|5Zd{YBaDz1x zs;^e$J!x2K9!dDIA^VUt={6j?X5LMTtQHgve;BPeKbrzgNNmvb!wR#J=ypZKggLvq z)(}gah@=b~Dcs2zWIKy>r3$(3UgmB&E}37wQ%QcNyx|XyD(w)K`k+2C>u?1y6LI9z z!Xu7>9nK2ej=-G$Iq5l2=;4y_IQ3pTiy*t`O0;QGDV?D`{%Al*#KH?g6bbo;aO!S} zd)^R~(VuR{Q3OOq7o*?w9#&P{DFKGqE7aHa4+AMiEiS3qU%#uLYLp)O0Ny|fAMPEX zT5~~fnZ+&;)%}1KyMcc!4K>XiiSoAcJrd~IM1*IymL}nhQcCZ}?=!LV@Q=|#sXy48 z?D*!r%Ark*<-TE^qvzIP5ng-Gl4FDqpA;K`^ z-l}42Il@Pb^0`ye#;n17wxuXp9`beAGs|-w4{eOy?dW59<)RbD<>e#rw_+t!OIQh- z;Pp%z3`)D;(**kJ{R~RI3Q|?}D<^dxjt~ibqRyee+@IVlRr)PDK&jzI>ZNKaq zNiu>(peEV2bC$*ASM(aCYeBB@L&@Hv%;sB021d8xtP4VUu}u|VfDo&dcFL|UwnKxr zCqfj(^<2rv>O^s5V}0bgFq>;%>B`f@BbgG5?|2ZpIa4Q;)F|^F;fd~huVkfersC7n z_c0j8ed^r>?UH_sxW3c%zJDmELJbpVT+HWWu9|E3!TU6gMOA%_9*=w(?8cPuN!ofU zg8cI_cpCg@;{3=L)!V^qMAXAF?hx?Sdz0%X5hEVgnv<=8GX`)6L6~DG)-W8PB-Ck- z#jy)}>2r|mEGt7_(vT%*k$P`>rQEVWCtUGfqD`X`ox})<%3Gtw;qGeeaWC6ntvCD| zdv&>@q+(u441ty|sl`^C60^qku5 z;PgKx?fU7@5qQ^98t^PNc<{}PXt+pH2yuZW8rXV1VlFc~Mm`V;XCq}yw)}jL;ZbRg z71#!T#qk@N{K^_RXESl=0ydwsSgqvsp?&N3ux7aq=flD6+w*Ju11fjRT^md9F041{ z^K*TfLxlOAb$vx+b?UfvIo3$U(NLvaF*JF|4zn~%<$`Fdx!Jdhle+~BIb*yY1=o0x^qZGcN1<#-vaU=>Bv5C2V_yKgj- zPkR^Ho)&qqO*98Rbivy?YwRb2;*TIiXm#L9#-s)b@pp^M)g~V+gxn+J4S^A|ISX?u z<9W+;9tQp-33k%QZE-lklc~Q+sQ6|I-&dI@k=IJwnde;(1sS!s^{F#qhAF#OKMLRV zjvsA_>$FIA^#sbXh=Nf@QB31g_W2ucLwZGGlz2)noZ)?2~^h{ z002usw7d(%P9&b zy-xmXw@0H5xBg8evynwtcWgtfO*y-plE!(U=i9F7M&g?ih3@xD_W%X|22xG{DcIWP z&>=<~wCRyM#S>}Jw7&|qYEA&1R^o!{#CyJ+?%c!uyfEtZ^=}rZ@tRD_q<@pP!dRaG z(u`-+9!{#x7K8G{mQGTQ0d0rVu`vhuHV$EV{+NyNDb%r)LBG8G`4BlDTXvp>%i5t|ap!Q=p46dONdBY^_ zuh_gcv5<Pc*2r#^9+}+ss;~uC|x&DVVx0As-yT$`R4rsKM z>F(wI2>n7#@^aP)-ThcXb<9IfGo~lWl}8CPueRg+yjA)eA3r_>&It0rbXFtRMUL-9 z%jD zU%BYfD2V?i(KeJhqmgtl}5ABRjybj8|bk}74ERl2U&9ZL?JyCv?#`1TG7?@ zoU-hVwtu2ikz&A5lzN70iq2!Zh2q@xP4xY|aHJg=g6VTseT{|6DX*QG6}_BlLqUTksbIQ+7j1bH-1h&Ss#_GKKst1Df(`d+!ny7?WDO`zLoK&0LV@i@P5pD3X0iZZ)|;}_`U&0OjD0NQes;Ip?; zhU>J-DZCrkt->uC3 z_*K5g5WvF1105b5_9yRR)UBO^vaOb0iqV;$(*uUQx}!!(l|bq6x+XC%2lo}*aY5_p z`RZs!+vZ_WK$U}SQ+1ooxyJjQ*dJauQ9)xf092g}F=Qz!OWSJ51ooCIiGQi!Jz@BY zM~x*ng=Q6_=6~h`^WF=^Fc(5@CuH7pNqUL-)Qe8$q}Uf=&K+x^LncSuKry$0K#Y;R z+W-qYmliK69fsSFB_$3}FZfaO&*O zGp!Z_>V=`kCfv9OX`{ARCML08l2;bF1Z zh)qu>Gvf2l2&{%wijUUO@APUDkI>aE*`ogI0}YcRH(Q=DG1)=XUzn9k<=k_2&NXb2TiS^IoZ z7pX=Z3~OF4cYXHCRsVq2%GQi=7XaWo0#jnTgtr4UQ7+Zpg~(QKiswcYefMLvvmb|X z2Vkwx*fXX~V|vC74~w6&lFQNsy^4PB6gdU7z1B4q{m(8sVeIr*?!(?RFANw?J)4#j zEnF|-|4cru1s~`e*p(js5Obva+v!Nt*O}8BYp$tCDl4P=0YhmF8&Kd!zNo0m}Qo_R;)CP zZ1-CzWHUu3KlBYkuqy1EJsLYyqAqh?)~5bISu?`~EYiD*#^JoC?=7`pmp_f}3)h0% zpzV%TUVrJ-s^Tb`kBPwCrayij7=t{{-kITLi*6UR*|r8VC|-9`eKm)vsSV&R3HI&R zbS!qpN<=?+7oY&PJzeS5^!N?qOH% zN#`iAAS_8xxn%toF|gD){Mp4{^b~SJ%;J@LB1ok5v{p7v_LZPi@tH^Zd?pc&igtT@ z;YnXn;j^eI`5Jd?-<^=nR2Kg0 zn5cNyCe`sPM2D|KzlluHw=hg)j5lULa%WT2vp`1yOK!Nq{kUHBK zbi?2voj%O)7A_7XOPkR%l4grE-1^_jv2JZ+q3xK~};PZfUw+8Vd^(Pe&rqgC?-dJDN9?}}`}5LwvS zPx^4>(3+NdX};-p+b$i`Nn>Jn+FMgebB_$tztj|A(}bnwwt5>DRgA?KEPFxTml3)? zIR_YiC!OpVwJ7HyxodUGRc@+mC$S-&*(ApP>v`558#3T)ZMaSE(8u!lx@?-1gb;{} zt66lN3t} zbo2#&a;=nE=f3cK!sJg@Zis-=NMqj*n;|#5uxOes%p@a7R-jf|&t#Dt$Ex3xt1xk+ zK*v`jg$3DUzAvNS__8^|P&VZUexuQ8Ib7Ncj48mEu0DZPe{5mXw6?JO_CHUX?R0c2 zcAR^ur(Aiu1nlE8{=R~88iYui(3Is>XrR1JkN%TMA9x8U#vqErl0$8f$57uDDfJwF zlcX#gn%C!!JVGG&AHWg|FbMX zzOx!jBTK@eeaqB;r$GyP=&mE@Y^n;(6H%J`xw#y)BPE<};n_rc;KHx5K7Cr=zGEjh z_!w^_7gxMA=$85c8;)pEzK+182C@uPu5JFF6T-rpH^|Gz;fq9l(jQ;4Xvz3NIj>dS zWiwT3D1zp3%bJvAkqQ&CIAGUY=9f-xA$gXMb=#k!>HGO%bKN*O8HH`JVRG^Y{|KLp3{jaJ`R zE(9;whJXOHq=zzgNj|c3dybp4F7^Ytwo4Te6y3N<)J}F`)98sM03<{8;lHA7d1fSq zu>1{^LkA1PlEf8UC5Md6E|anEH)?*^pPSSyA}#C(AJl=b#8@NlLBqi4hSa@YCoSNg z&{(jkt3E3e)*{&fmI$A3$9+OnJl#Gr#yOju><`l&Dw?v^+et7S3*pOska0$8*uuYeG39ZK5-SN|2O7or9@p3H zk3X9^t*?~xMmIunL7PY&Mr-bc7U!r{nf!T5lhq#HZ=Xfgpl>vYkwm}jY(P>F>nhZ& zvey3&5e*+f24yO*VOtwz_c)NUQ#?s@tS!n?uk-loBY&`g?oS(2(xhtdXEzv|ONDE* zo6vOiti$bLD}tDJs8`2~60{>@TxMMnr%~J)EfEcPIVHJnbNN2S4X@V4uyBU$4;Ou1 zxxSP*-+1W|P~f-M_#pEljO(qsB@2dLCC#m*&ii)|`YLpAGyRL|0NS0A9ngp;8!|AJ zcuMLH%pc0Hv~%DBx1RY1W!=Z6yb>0whXtw`11!l4rPEwV&q84v0=y%_xoMRvQVa5i zPDl~=t2_n$V2V1ytLgKEvW$lTpXBhrSsjL=l8vpFVUD~9_9}Gd!)`HCpsN{?$3S4lr3gptao)9tk2nY|EzkSXniKW&S%D^0 z7v0D7beJY6`mp4VYyXy97rZtNTJwHFHfiNwr2u`n^D#{EBBu8YMJ?D%j`XqFRc&La z&z~$jR(j-)Sp&_Jw%7^}tBr|?@#|CoU-#;i?+>da%xY-X74ogV*7HjU+&R3yn??q! z_*@KV0p7Y%&epH8Di-b+?q0ZzC*uyHeie3RIBH1RJ_B z`>%J1T<96{)N<)##Q&9d>J$XCqDT#_CiM~);qI-h+qqUfa}4-*Q(myGA=eKulxD~Z z05c(kV|;6yT|!7!hI3Z(QiM=YsMvXIS(U|>mV_B!9 zH_C|5!vFXsfI$?Fk>IN(cd@Ky(zVi~t_wBPSphIgrN0kGM%Qsmd{3nJc>m-;wZcGE zvQsj|@~_D`$PB+3LNX3N!NXgq_q?D~O>bJdh!TIXJfH9>%`9MSs8P)_lSOJdK6j4c z6sJo_Dm*SKxD|!(*>|Gv-nrUYM|D1I?Nj4ti-fmZg08SVvWX3Z4Z~ECC*#(#pcOCa z_aE53Hm=a&^?U6I7^B}bgnmQC1X@!F@CdZ5vyn41n>mS1W^d{g(N)r=d?^X?=0N$C zFQD0qgdKR03;d$ySuGqUbTc)+R(J=C0bO;=*oy-Z>kRQSsi;9btRHQXDS#t8A&K?8 zaM;*tR68QWGsL1(l2oFh~FXquTAP1Ry>d55Pgczqn7>=4T1rL-p9$@tcNTX11OizMpqjh_0A# z8B0eva;A`WcZW?)cg>*&5pjB!yZZh_J z9KlY_E5}g>8_~>}A?js1GmUVwgvlPmAf}!zp#R|(FJU5G=d=atPvJjQ0FE?H zJZA14p*X|sW{rKRn0syOHByUahl<)DHM$1h79l-yMlzy%Kuv#Ix#eK}6WSoI@!8(& zko4f6CD?VfVNEWU2hmMnhHgiXuL!W#x3f4jU(3l;eoq#=&8&e~;#MIh$E9%g;jhU> z)T1>easJxC8=?oQSsfX5uJqfyGM&<(I_`h8_d~AOto$-(fto$uFz_7E6Bh|>)E9%# z>@(dWB&S^i6~%V14_jT3Q&lxWpQ}JQ4%95z6) zxB)b%F~js@4!2a@ta^h-*A=Yp`X)(})RIoAY1)P%z-~d!3?&}e|T>=9|&GPiEf>Py~@Jb zGls%c&b;)TBOHY;5`BS?lv1PUh|f?EHlW^G`q*Rz-|dJ0Q5qzK+$3){c4vB!>`u^;Oq>1@T(h4hQF*mBNnO3N^c7Z|EN zz)1@C#$&`)j`bCL${HwczyN?F-hX>VW8w3*UU|7`Hu;T)TGSsVH@rCx`XvX{oO;ZD z6$$jbKE2XkBC2zENrpoJ9fhnbSa-GL-XUsA7ES4+3vB}|63a^itIy^Kuh%}pkNfg- z6f;%D#>hH_V+vKOQA#mg?-C>(bjtd2G6L{~G0 z-u81-Fn$K4#a&#P7Vx!v@cMsH@NLT(29Fp$RD6xQTP*gU;?i)JO0)YF{qA}*yFm~@ z*yA-zY4h(4bU=v}9y%Bu%TWYZe`5u?n~y{>yP5} zEa`97dn}Hn6OeG+O4krB&2atR-$Z`%7Mu`J$byu9-o$u8z-Dh^$c}mW%ys@4S;_)| z)}BT~9;os&7c{>~*pjJ0TK9C9y4in*AH&6^~#0{(X|3*A0+_WEI z#uKr_6OfQkDxm-Y-kI!zkOqlU%>`88M)}hbg)Hmb8>Q=@#G+e&jw#zxZ#h*oIbU24bobLZp>V z%)+mgJM;^{2aQ}+Ggmi3V$PX!IJkNCeL)i7dzSErOPC7l6|!$tT6G+{_$|{Pq6K9< z`t*?NuE^lYJ&RX2{a;go@kDu=kzZ#195B%EG%i~IptwP2?JxE9EP2NXaw;w)pnC?^U>e*o zw11H(F59FR<0OKxD(nYF+Vw$#cLT1h#~LM?Ui0snpOf78-&2D`5}Pxuo^w!_wa^mTt9-uDpPjxFdW2IU)?swh^(I4eiAA~(W=|Q$;;>Ya%GrcM z69CEmPk07&V@QFWvBci8Yv4CMCw!!7=Gz;iQ`N3iE=>JRRsppqL5Nz7eqy|5pXI`! zUcPYys7KJ9vC7Wc&%c*R&r4h9kcT7?v29`58*B5AW0aBoDZQmHDL4D!ykXzZrLhR- zY^hFlvx!Sht$&hMHsADYldKJRS$N#6wy+?IF)}yDEX`la(NltJFdMhd6)Afp*h zi?mlL3+bots{d5mk>QA{JNt8s%#R4h2oZ@nhc=vkYg&5b@N|Y-l5ca?+vhk4Vzm>g zb#^sa_a1{ttSk46G!z-uj0&I*OU-zHY#DjC4oa7bp;rOB7R2}sQQOe82M&fU_`3Tt zju(a&H_bg}1{9Z%WI6fzZzuO-VxI4t+NW3Wv-Fb4&v>%Xb=QCFYtLNeW=Zl-bcYk! zN3=^n%Ts`k4n=>+CD)J%a24Q)5;{r|9d%(R%;Y`OQ8P;e^qGx7{d)i$V$5Iu3M_U- zh=-|4vn@JGd5N6CvjY$W-Pjaj(;tI%<3&Wfv7H-VgM6>lqNxE>b&%zsG(y=t?O&UB z^2tmg`|&TNJQA>bCy{*@Vv+6s*~D9O_5qFVzzpYQzi%sj0O`|2k|f&B0ft|rH$b1l zP7lS0X4fbgBmAM5iw^6|ShAoXYk;HvQ9j02T)U)x=Ed%J9|L$JAUPRzT*#`)6J|z< zOrR>C90DZtxl$W{x4i+J8$JN z_8-1t_l#vcFVxhug`3Kmh^Gwu9LB$=0ap-ThBJVHj^D(9jFfdG1Y25lj7r`tVVygy zcOZw}i3oIyaY%0X;@NfOTqp&q3Ae7&CHbKf`O^A=s{hC1^;Iv$fL82aV>d&UmZyzQ zgJcXohC&md^c#$GIuo?&!Hg0UPaI%$@e(+xgBx6zkDs`;`zL#KJHrXy9blzDwbh8e z$KvCOuc&EXhVIvsPN_w^R>QeEuYfqfo7JC}fwDpJ(O_xGyMxgbAMhXLO)uMzA{7j` z01OKCE^%Lg!&7g9f#DGd0WN#P4AOx*?c8XOsxCzu!v?1}TeFp+{1~K?AnxwNUUlX} z?o-T>k>yp#896-_G2?d;I-}z$4@Lo7W2lZ|nI8h>KalFk?-MRx88RGyGrE~O^}IXW zaBt^K!-k)Wr;xAT(RR#>%lzWcuu}G34SMPO?2=mMJ?ofh81oMcf3Q<79NY!T+XiQ? zPh6LOFN24@1_YoKx{63U3-yntZY-;?6$lRu0>T-3QR8{5UjA;D)q^QTEtN6+pY#G& zBniD+t+GEsBDQ|#RjE_E7Wk=400CN@)8q|uLd78|B^jK2P%zcnh;^&+g8fZP(~$CS zOYQ#uK@#`zDob2-8QJ@HT6zQ9Lq>Ouo#bcw9j!CYDAqFH;rlg??2kNCwh;KvdTp?) z%ZgKE=*4)x+P!6j;Dm84{+pOhPqm$uf+!#!B+D2> zsJzYj5H4Wf1HX)XRB7mz=M-u@*CMy!cy3GJV+qubm@axsYME6K&Mu!tcR{20Hhq|w zjd>vjF`}Q8XLfZbK&APT-3BA4Cm@J|{K&qg5Ak%V0&2zCDJNY8Nwp4_kT^>JrJ?lk z`h47PRS+&5s$Vp^$i&r^d{Q)IYvS~gq8A@ztE6^lvADFu?uQZq?;6D5K}SUQgH+pe zSSr&uVGuc-tcRg28zmkQIIO!qbEE+`AFe2X7virNeQQwQ{!@x~XK92ZGKi=@;Pj|G$H}@l4)ylVOsj zwEDaQeZxfYb;e&F+=s}!hr1Jr(1zc8@5y9^G#J#Vv%Q!dfJt(yg3d$@u~Mo zi?j;-g^e7RCZ9F_9Jn*+D3+mlIboF6lN;ac32M0bKA8;;8&=}%AlIW0dC5GIF+503 zeJe+{r6YXgdpAE4&IK4{!f(PARc0>*ABN2(dws6opoJE>`nbTm#aQ(=UWxJcGqLgB z1Opbsi3>9Sym4;y8Y6!yR?U+%gx~bf;PpAyOF;A*5QdRx&CVQRz!bDeu}5p98O9awyrBTts=pTBxC5~6EMlngqyN7F?J(^N37D)MPDJ~NBX;0QJT zrSs7~h)xl*Zq(nq_aN+2f_y0T=){O=`k~Vd(NHVTY^)?3*t?7xW6k3nGfrjDAn(<<4(o?nTZF}N zv{P`7sWW4hh&n@>XrGi@{k7?PLJ^H7+)ry$MPL12m@M#D8g~k2Cf>2h&6148ptzL4 z#r5-x6ct|sS_5EnfJJ*q+lN%D6)YyO-8#M!Ae$N=Q_krjY?d+$9Q#b^bmW?!@~FQ< ztF>RC{{b$|uI#~;^f$7rUJh;<$--JA3|Sm&H>sA$u)IB}!UV_>ic&;k60>HFwbE;g zD)-eEuz&%4GFdPRg3Uvb29FHGv6{#gk@)%q2b6~kGt#k-WeIiJ+Jw@+qWPxo}aMy6H!S{jMao_wLFzBx1`^om=JV@k}SS&i@Y z9=>#K+mIzrN}NakFdJd{H|s-aK$iGOfopz~lg`WwK2f}8O3n_w(`{gd`(o6|+g#VN zh&lhsmpR4n3H5}&x`>~?CPV9`}T~s&F?eRsd;@rv$y|A*(HR24<|SFIm4GX1@rmB0OemNpG|dMnPPeVLZ;s z_nVNW=M;Hl#eMAv>+Tb&D;$<3m9aT%NZWp2`$Z7Q3NqLHvE@`QNelv) z96`(;xoEnwr>pQ^NH9SDK)f}nws`_yA6($cs&HaT;y8fPRWM+n+Dwyct+HOLvXa$T zUIv+ZMFanxG^50`X7{I=kf-R~Nc%u|FGTh*70CJ)w)rJ9#jjX>AeF@YI#C-*kKVOq z-bh$yEU7TBFm-SAx^3aEdL1{MO7!We0(Gjl;iayfhjgNZ|KWF0)g(B*8s<$x4*5%w zi;2Jg4=Wjm3x|UsRB%J4T63&800Th$zv0?>d5L1+)i)3-Nx?AT~K9}E4 zmM~0MkS1hF{{qZ9ahN^;xR#XNb>?_)y`F2}J(iS!4SM32j&?*t5#Oj&Q4wPvgf$tEgh=>DIKc;1 zhTlQno(f}nPRu93@_h#rKgxJHklZm~$#c%!v){EvQsAZD4U%~_G6y1#BlO6*QV{{s zvV*%L;j+&cIwOFGDhYpbs;^W&9K{Xy{0Xl6WXzpI23*FC+1s>0g5v$LSM-_U{T0hq z!T4s15vkcCW@<|sCtZzzF!qA> z!$W8L2(_QlV)zPTwZYBlC{drDG13DAj z<%F-<1Guw-1^ppF>wt@u4lw`clmcBPDv&d9y#jne&=QUQkfQ{a)Kg}r1CwWxU^bt8 zpx8(nqYHzdD2rwM$Q%dy5eJu7$+L+hHX1%^StR>mGNk|pSWus$po;*w02e2$wk~A2D-r1|upF(X(^-+nlDfZ=Ndw7Z z)88`Hx5=QdypBV8t)pQaUB5Vd+w0xI#Sgg|`Ntq#q!707+wBfK%UU^^(#PlcH|3GUOlqM@eL?;I zbQ!g9Wj?wQ#>5w_A{9-eyX_as`EAU!d$SG*jRNB9q51i1I1rn>@KQD26Vq4v#h0iv zo}g)zea_nFi*abSgZMS^Bdve5{=j%*CPxou1zkHtbQ|OQUO>Mq=3YpNo-3OsNMCep zpE47ne8_z47!A4NSMON}`;XE5iFS!au=rFC>W2!idqR!n>3in)K52$W$Nug4x~2OZ zlmfDj;Xh3|=*WxNx>W-)Io^8wV@F9&6$%;$Am~#QG(8!X($ER46T6{f4npFrw1CB^un=;! zk}Y{EY6XXW^?iNu-hhADU1{$}lMHHkb$*ErT=r}XTg(<|)wy}uCJah0J(6|UsvV99 zSvE~F3Ffrb-p?@q1giY(m%wSgx?G9pg^QqCQk<9>Buvq$=3cbC7%i2w#y6{ z@YE^qNxLQt`l(Q}?SDY$K~RjAYOm9ZxtV7E$cg<|wwR$jd-8b~(q62T_}w2nb;~Ma zU;yrtF{rLtFJs)@ivlko^7P>HV=le^T&e1>*ZmxQRaK)YC{HfUT!a-BSID)YBu4%c zib*`gfsxKnx_0_8X2m|w{}XM%e^k{~0&<7tGT&oq^TS#i~U9r zyc3Kyax3jPjTeRQuw%#6u}E1QHMFlRdKf6avUECTiKnDX!&Xs2^Wy(}D9yhTFoL7= zfQ5rzreH};V!5A1`_#RweH!3PXpZ_@lx|b#x3m~9YngpY z;CAV)>78EoLRmN*B~yb+ddyPHV`Ugh?xxJ9^Ut7Slc!|+LiDP-Q;0yx{XC=v3=N%k z+PjBv*)o|ycKLYfYzty#sIeBYyEKTBOBIEJ3@=UADyPnfv?1p|Ph-lJ>v7Z+>pK=U7@FKCZ1R`*sdnD%|rfbr9L@At3{yGDpM= zpF{9_3Pk#}R|pmW>?lRM%O^2@Ark||QVf&7GJFtGPP=9yMU#EwB$)!Z6=U$1b^$oXz+zRea)0pJ3vF}T^D#_c zZ#@ay0$zTUt4?*g>FrI=VSWFu^Y_z@n-Vap)%>MSYuK-7*&qmxA*pWg-i{x3Ka0=c$@wR6(;12R~0+eU#`Pu zfBi!yEn7FKVn9D>hKHHD{y{Omw%Kw|C6+^ib1)F_naQPxG15p*B%H+$aO`I(40DDE zjKu}XNnkw+elfGqhTYBP`^lJ;k0xftox$I%*#!|gio&@RYRkfz)fGl4Fq-t?G}#(I zaDPgJkHuQr9o+c_!D4L7 z0!}i)_-ifFeV5*QrFjU(b+riLT|4$t?l+;b28-!aaFVojx!N08Z(^}k#3f`1^J1MI zlsp`g09y?B#2P%(;SG8MWcNdoZ(aps@pTM*{CcJP9Y^R^SBb2v^ZO5(aQS9wxSfIn z7=3g2&D5!@B!=$AXPRAJKqVLOH1z?yi<^OC{MvtreiU4+KU9DJaNaBG$xW-a&-*$S zX!jg@Q`(bTwE-~K8`~=toi;d(X!FxC+SWPa3U}+f<^iyu^s48{g6?|y zJ9f!Zc2l{j5;Y#M_%13-wzWD`3^C&?>w~UKpI>%sjn0+gsk90Hn+dIjT9Qgwrf`+b zH46K4CW5yJh9mu&_5UO=WFm!zm!Uiai9RiYsa3a?J<%uS93U@2=o;BuI&~)YMokkizHWvh{xiuFGN+^wjoOr=--_ zkm)s?pB0_QjLeiFxgX$Qem^9OF@g8q1y!mJ7;sbqcmhh^><`8LpQFZ$eWXX=w-xP> zeI(&>N5?#xn#|!Yh8`!-m~s;+8r$?oP0+5hLh=YyrMlF#r5kYkF<3b`a{cstdEo4hz}?#k39*MVu*D@DSz5Lq=*T@`dk}iMx`HD*B4MMC z7Wy}EKG&!*a-?b!lV7_wq>fVtd2l10{kfe28n*(nSiNxhDN?`m`WhOFs{IgGhk^iu zVZ#p&M8bfWn2y8eo6>Fp8HU(SdIIf&$q+ldWQkrt^RE;T6B@3g1$;#F`MMMKF$}6Hk zvW>$5Y$ZyI=wymo7636ye@!^F;c(6)rb65PW{v9i^^9rQK$#E{Hcw2ik*r7GDj+Gw z1{kQ|_T0rt#Jg$NYB>vvvcl4mw-T7Du}3hamkkq33piyJ9e4T$-a640JnWedR#8fb zCUs)QV#uWI|nByo{!Tow|?t+>AWnhw|4zeU6(KDEjgI`_axosb0;d$x$C6^ zinp97?Da(K9@MKmC^{=I%Th2)YL?q$46E@*nqwH8xkPS~+>hjFSLFsULG_$L$PuHA zz|o53Na?@TW)i12)}oF!l~`B>qVEHn;X%MWWBU%QxR~ zA_T^5ee{{eE5TDBEC~u$O-SxR^_8-9*QsQL+K1=MN~mKSQL{x|7=VUlVP8xa(`PDl zxJtRAzCBtVSY*!yc>*TKQ&|+GQSpjrt3!8Z^b2zIpXqY0~uJe749bg1vE7|K9jP= zZfXvxX6De9l(6ZuS^4yM`G8(nLJ(sa$22j^ta}3`*eDE-seGYMo-xKMOvm!Yst%6> zx>unn)Wdw4O`IRcklXZxWVNpvEhg!0IC|t@xq4M~XS7=+T;F>qS&W$f$rrnhJ!M+o zPf*r8gS`sH<3|p)l9EZvM(gQ&VGs>r=muL*zThkIZTLj?Z>kPn*xC!#5qXVCNQMf- zlegA%%k1|e0IuFoL<_CxqXVI=4E10lMNq8bJSuRjbF=SiFZQ( zj<%bTfZY{WheQTVfL(+8=J9%o_>>u|Tux2{($cT0wz6Stj|ze8ODgHk1P`Nq-2#&H z0H!`uBwD<%$MW>23YhdLwe)TVgNqCFg;CZ3=%=q_NLMmO(#Tb0GUAF46`DE4k`PQW zA{fVrEnpL*VjkS&46E4bfR?@|2Rw$M;-9>`+XvZX{_uL?v~et#GbCrWMW9F&jHP$F z4)lQ3_9O9$5?1>{4SrNLRn?#X?hgG}o&c zw#rg4%P;POf|S#pD6p}z`GbZg(XUyCDbC2(uq-a#3$>?bj=d@^r-x3mq8RmE!c*h9 zD7xthSVqi}-LN)crndYw3@tt5l%`TCr7DoZp%V$xY9l=eqq+q zF6yrtF6U(A2szk9dy-YeY>au|bwp8D?AImX(Omzj`IC3NyQ%M-KNyas(o=9LkMmi6 zD6gj^*6^c^&xYx(BMB}A^pk}x`L%e_b5mpcgRPskc|P(vM?`wS{9fzpDG-o zOU6yn9AjW%U0vg_rlhgF-bwUzUQiuBD83=yZ#ig6>_J{x+y`sz7n=KAuVNe&uEjj~3~E1o%1 zMWQ=>kX1cA89$60h^Abc@iCsQMo<>6w=3I=eAatq-$w>f(afy2$3LA~KmxdfD zofu-XxkZk%Ur`!Tzp;K3%=h%0sT~P+%^1YyGg#I$>l~ zWhtui0g8>x&3)=$OUGpqO7lnf6e5axJb3-KAp=C-`juEH+fEWo&pAqsh0O8^5|J=R z?%9KoWqLepQAgN{G6m}brgxlO=fshU!FB9~*di{tfK_&$!kpY%;*}Lfa%h<6aHAb9SRbnjju`bDWL50ChRbIaD&Y(3-BJourQ5h4y>(|2^b& zvH~u0%@lptW428zG>NOz&Qf?Y54{)=qP37M*rXZa<8w56;W=j9n6K@E zc_T}uOy{Q$y|EHgVHpXVJ)J;+f=O;7?j1Xy3%shojR{st3FSj%E4v%}tJsxA5-pfW z;$1F_uHc`I+6LX(O|tUKEXMy-c|F>^yk2*>B#J(~!YKKl?%7OI<{v9+g|1{uk51NP zGY|H@PGfXC3&_?)c*3asKb52`;+0;d@`y*T)%Rb5=h&C}NolC}E;O%-=F)xhM2$an zW)%RQH#kZC;2ndsZG*z3i?o46@=TqQGHs2%$NOB|&JzI$q3@9Ue|Sxa>eire1IS;V z+-lAnx=v!wD@fesdbm{fr){CFiMNXIAdbeLFG7@rfE-YB29dfqn}qb$CjRMGbl7-S z9AMiFV7cI2$v6kE2K@JwV(iAqaC(^0Yn_<#KV2mY=OUPJ*cVnf8js>10=evC*Ne8+ zu(QpKB|^OhUpl#WpLlq3Qp1x&|8N^A1NVhf>R5gS*!|@TpV7i44g-`7CvsyM+ux%I zOcLv5EbtsX5l{3>iey(EPI4=F_^~7Wg+N%ypO@Z)W%^nPPj%;|YS5jrX8dn<*Uc-! zaI9q-TU&G`UP9^sAi=5;K;eUtQ3LWR zO;5*^@1u=>(FMrs6k3e+3XK$aY)s-Kz9F3(tC@|Bgr6VBWnX0z7g9Twme2BL9YYZi zlM)Fd{*#HpLETZ`zrexC<%G+MJzG|cN6yWzhtNxn#(kbMwx7QU(s@rbufm?E+H{-!T+l)U7U>)l z`)8wg@u-x}vW7^;eC&+g_b#JF3p8+0X8bP6>F3+neUCFfR(|@^D;hsFS?ng%%N%jJ zPJc5z=LN@-LpNKYv=X-@tCBb1;ckyJ zpl}7pUxXJ?vG*=Xe-Rvij?4oNmg%wHkb3CJfWK##1z-8kon(FU`$^;mSQtqtnQPw% zO8OY)9l3~#pFY!>+K=wRx~jPwSO_PU z*<}01(&&IXDg`7YGPyyhmiwZ?l(I0$pL8O^fkRc}ST#G$e(mtCC*DE&*|O9UXtKiY zkifY1PL}9y6g-J>rg}xSFQF*3R$UHvtUov-cFnON67MSCYILeHV_o7y241wd0$pf% z`^@)fL4)FJ(fi2^qM?|IW|g&ZqiNu;4VBKd&5E(vI1uZqIAqo|bLUqcRzktDP&nJO zPj*_ZcklH{(Ka-+pBS(-9kA3JbcLm!v%w#_wIKSTah43yIKqB-aZr?=Fse9_$CmDH zm*8pJhr(8XT6xd}M`69?+akFF-G#lC+~wDRi4TIK4~S=yoRyhS#pgWAJa`Shw#xw@ z4}emNinOyru}OT|*==lX>y!2T*6y?N#CSsm7|qYQmBW*21E~gQi@sd_&bX?1cagm* ztqr)@(3PmC=}3Q#c9L0z_=e&_Bd$)v-9nsER4zF8+;pJ4h8>3T_#Qs7wnr;;9Qe~CTP6J!?Uglx+$&h7cJm< zG*7_rcyWR2l|>6^Ws<;KZG86bVT-v%RwPF$#EVf?j{TeaaH4>v5JJTUWcjUb{4IQs zQ&9>Lov}1ncY-fgRgH%Vx)%40yC!@*}V$T9rO2QH`3Pb=} zY+{&kjp69G!Aq#4T~?-AjM{}H8EfrL%=K)tfWh=hjwamVZRWCqxSM>KU7*Dw)PUu^ z%XZ>|bq>Tb0sR~Bc2YMaseDPRxea}*6922&iIE(KKb3lfgo)R@c$S)MC0-%0uTmWe zl6RC;VIfp5h_b=|q`lIcxm)Jg79BQ`4I_+f#5yby2f>Zn+gMQw*-BqOdX`KEC|oD1 zBQg|ojWC)}KkkQthSkJgcZligb3rGWZ8FrDx#vu*#IY)*KB%oHRh?I8>r}GfzPBff z*i*`Ttd^&#RW~;zlac^lWClytDPbXY*EGTP2EvS54=zS&DPn{%47ICSbu07MrgtH) zC&Fc5X$7THbuQ~PMjW4l+R%9LO=%UFcqx;8ut2)r&`>L=5=mfLPQ8!X_kWnl(6F}a`1JDR`tD1!o* zs#E6&ONgpT2jdedx85LM_nHx0ojmii`b+1;d5q@6xRNg3#j{=6&a zC7$=H6ICQudDdiIRYG*9?OT>AT(%MppgAd;IFZyschoP26tP*jEOA4=og6~NpPg)u zv*G&e2^sG7ig`W!TR;D}j~>LenC0&8@Kkmw$$LwCoQH-NLh9I(U2cnsN zI&zfg0!0QX3%gx9xTR|uGb)J6haEdv6F zk}AvDL8s?7RI;OrF^m}c#z{Dc=*U?3Ul3o?GJu1>QTLDpyVyNUWP2|F7S;{kSLyKXeIYR@g&{b=t+*;d<+T+TF_h+&^-Qg154pFOHmWdjN%o0U$t#aqoh%)e*>AjW1B7T zD(nUQV(-AA*0m?TpLW=Xk-oi$_*14?_j)z?7dvFaQsyAI1EnVggJk&t)oyx5-|l|< z;mcusnH&-_4uJ#c33`Dfna#`|d_sOU&i|(ag!6sbV>B|v$idHF8p?ajWK+Lr45|~< zJYOlcLBH7!bJ*D!Bgaal{PHVTe#=z@bZiPV;OZ8L9@=YB`E38$?k58hyt9-HZ#oFi zds!4@DGxUQqs)!jDpyy_>{6Spbtn|cZY44-uy}EIh0lHrY!;lJE!yRG z5cvnJF1!_Qj&oIWGW)&2z>r!Ij~{bi7w|FJ(mY zoT^M6-o9kk7?5AtpWwm))`S_(PrukjS$x-~U~JH@=$l49PL30!SLeN$5u&YpHj%u% zh-*3EG}U@%j4CqV-4o%Ex9PCk&jFmboCkneBAurR0}cl+KD>+Kw7WTS+3y}EubA)* zgq{2QmkF0Tg|Rni20E%+>N>$oTM&yC0$V9Hi`N$*%zMBSo82XbW;I;eB~5l3&*PWK zs{p}ZIKy_Q*#M*>B2GW&7M1gGJG485o)3EHH!qkm`clI)nsay6Gbz_!VBYK5nxPYj zF-Q@myfr;Vz=XS2qc9EwiljfPDg4F|FEianBIUhOQS~v#F(?oP~sIlQfr7ZlCA1f%s{Ot z)*4X&`Qeli(o8y8q;D!4Z#@CL?wStrx`N&Ycv%v7KhRM*UPjT77D=KR2CKFc8R>?o z1X$8?5Kr3&PTh?Xxe>nHC+n+tC(^H!muS)$DhpZZHxqlO?EhSB7s(3+z-^2bK;~QO zT220`cU^0@id8p+DOy(?pL@%J=>w-Y^kybs>1^bTh4*0a&hf7JzZ0JQV-%1Qls0mw z$}3zjT)tuB%q6C$7u|sSu+Z%QQ*Y98v|+SytuA8d*zwZo>;%gd^(++*w8?vGk4L@R zXi@%?bBE{2nrY?K!D+gW<`k^%Jw!8?gXcXB-|Y-nZl3B9J8*r$8MaJv3(eUf9s<@h zfP)lWq~&);3=$ddNN)y9q%dToy(-1^N`}S758f&afd_6mjM&x;S`w#L9*sTsByl8ESxcOF zfPQ_W@}NDIh*VGd$|3ryW!258LZal z-efRg*IrF{1kGj*Pl?b416%G_@W1Dg9|f{(gK*y3aq8%$(GIuMaG)+Zmcn-+>{uIb zm3Q-z6z*rVXy!`U7<%wmp#Jy_gA-PV42+M@jyNe*lL-Vy-x{}Z{o@b1I|w8z&xW8h z2%k$qsP>)RNPo6K5vqI&DMcye^*g>X3}hZg&jvbcVcuzYnhyCjEI)ht8$TnZE83dP zNd>uTPi97$r+2>LI;wh);?A!eM{fsl$ek87^~byTx(e&Q4b*lxHr7^j1HUrjAVpAR zkrtx+S8;S$%ueO7X)gb2$*9Ho(8@&|-&GC3zphi7UCfm=cNgPLvZL`x;lUbqCqt(( z@k$UkZI`7}h4@!4Z!uorp-1u~>XHmx&MQ>|H_E3{F-|{`i+%xh>0B#6(%=8XYrT?P?y|ER*7*&9j6gB&z z9uUe&^`J~6H>Nv^OX%B4_dE>h??gq;HEE{)v~yN_Y@BDwNaK|#lO?KO@#h_Y(R9#r zvxh!*#v6EbMqyTaj3MW3K#;OU0a&)5;ffd3`dvsS_#`75K&qt1b(&Y$9w`2ekTG|c zhw^7n-(1s%#=?>jH?CCLuE!Xr`*VoKyXvI3k7k>kw8Rlx1jli$Pmct{d<8^WrCb_- zJZQRfhn*_%#_Qv0$nLrPDlZ55;}VFos29je9@64hL5tRt0gglZ<+r+5B5p8~cPEXe zn4*zRs_(fxXpI0?2GtNUWM57X)Mxs_n8_^)@1G8kfe;Fg?;Z@wM5lVI66Twj*LqsZ z5!`rR341a6q5})LU8hc!<3u0vW^wX1bK|>W$7&z?1DOKLdR7fUN6zhC#Qysy{O?3Q zQABvd{ceOrvdC0C*JHeRYpC%-R5rfq0PnB(aq?q%9URhV(*U!TK=6hP-lZzIrVjfC zIuQ(@O1CK9~Qb};U{UcfZUH9OT<>#Buvqq*WG&nR;uue?1i zk4)JJPW||N^``ZWLv)sFgn3-NR_hWj#s)o#Vbq3OqZQAO)bDn=OkM+a-m~W;Rgc2s z(n^tVzYKcI0+sKnE0%4+9vD=(AIYlF?L)ub=%p3<^WXFY&x1Ysf%b_;R*YU$%=!L{ zl4>pGU#e5qcY5M00)jd?)t3UsuS}2%lSY(WR&Eh`GWOrQ+>C( z<8~0m0CuOvgFLw@(g<8EF}C9iyg~+xz+5cYjBF6Re{D#B7@P&3J6Cakob%mD+mcpCQi> zF&QNGI*pA(9Nss0bT`l7aso=YE{5ur{Xg!L3&b%B%QGHMN(OdOe*o}KFW0sLrRJ}0TjqCJ z-Zaw>>f4wt8|%%bKwi5X^) z4x+>I>FP5=ytP&6K&z4N)O!Z(f0LxLr}h=#J?HGysVJX-g^2|yF?qa zxx3(eEjaFC=mGk}D4mq)4Tm4Ot* zWdrS;D_k;R^v|Zy>w1sEI!$OWYBmV`q|#axr5PhaFx3Ke zok(O{Uupt>6HJL3)-*P7Y93l|d}~{9ualMcKubBQ&t^xz#zmn+v!CFy9dd~hdSw-; z2g}RrzPjL0(#~W5AXhGWk>i*252C`Y7E02b zJe`e7@qo_xD)PZWnp?)pL6#Nay~q7I45LieL7MJd9YDF~{HBE$0D zad8wTy_un~I*KqNncsUgWwadV6k{7ESTjD|j_tN}WFErNP$727* zIp`@F-VaCP0F`=&36`#S2Jx#0U@&!M2RHE&Y(3%LvXo>XyX2pJt3Lb2uT1<#)qi!6 zBsVE7nb?vj>>ghi47>{%(!>?kx1;x~(Xt0(d=Pe5;KSMsm1~ReiHA}=HGVi)H$JTw zU!#tKw~(VnK&!32POaBCIKA#+?MI+CD$vwp@~cStOabqPX`w9YTYzS->tcU@W5A z$x&#~%nI!6>hMLs7I09a(%@*=h?7+0UrjR#_V#0vIh$ zYAie4gjbBoB(VV2#QUS4R9QAv@#XIN>dm&|N_6D1T$&oCN#D0^BVe3~pP?S))Y@F} zvBebH3X1ahRhU1vZt9-oFXQF)uWYL(zWisKhz6xQ@=nvHL@lNtVo5ggDJJZk3GHyq z_kLe!Udx|hWlZH;3BsxqsCcnRoCrQD1TF~O2<$xOrd*ud^S&F;9kG!;X zKJNr;Kh2R$i8Ce{aM6LxJy4R=lM^&NqO!(ojiX_`Fp?Lcz=iA^w!%L2MQ6;BMzF%k z8W&R}Wec`NJ(d-GrclE$uv10|2SG{PYCQ`yC9j)?XYE<@gYISQWt~@!$N1_o);0g@ z7}`H)0m1myR~)-8eC$QLBD5fV>>e8@q{$$hcC+IAZS~oi?~-L8nO5c6(=32*2{-DhQs|t)@KCyQ;LUp3o&RkXvN+zFhiFd`Nf>lG zRTZ~ruESx8DQSy2=q?o#)vmB&1kY8k9ci2JRrRZWCF&wWNjY5{Q=Egasld|pH_$x| zBaLPe^egAZc^N^2>Aw23H&EW)+YhEXcEFWWyqFz;R(m4A)I-6XV~lu;M!z9tt^NUF~FQ*}sS^fuX(1lk`vNcWKCtqzAgcACWcR3f`h!Nqh8^ z5(oBTrx_zShX|kw`}$85RVT7Ivb>usz-1itpXS~PX)Hi^Y9e$4JTO$lh3_!rZIlhv zEM{#bXRbbb3f1ee#^Gqs+#Y_P31@%C1U8yxR@;%mehJG}ku1ZOx-Flz)|KqeB8Kaze8+5^O+OsA3z5ImJ&iKkuPyRLzQ}kL!dH?naf7zE}WQu&|q+HHjK{6GxhY`_iU1@oKp zSqE}2V-YdJ*m>~oBc&xH!jnZ<2oPI>ma5a4nug!4YEn-CNR_5JhD58Pnj@@_xB8o6 zI$Un#_39)q916W{TVcUa2y^v^wT_*V>bOqKDkpifdfw#O4WnIlUDHR31a>ydbAN{5k!Ghn-nDrF%i1^VI_b|El76n%!p-9lUkm5DP|WcAAN&F}TwU|3{H((LJ@% zveb@j5$kU{@nZ?X-`8XIps*w?vL*t#w_BjrZazu zz~P?*Vl$q@HVcNo;1S$nJ_+pntD3eF@=aM*eO)A9QuBPOF#u4&Sd_p#IOKUIWm(%$ z0r6hc5V)i92qo}5g!O}&l$j{HV!h7raH06fEKesZi@*H;GtHJZ{NQfC|G%VOz7C%| zmgs1yF(^{6%}xl7@f%SuN9B4*hK_RYn9Z0S$FJ5i+k~=|{zuJ5xlpjT{8{$3RA7E& zC~f>pt~eMWP%~pI@}CI!dQ;F)qPL%ogkE|AVqTGK&j>=7Ziv2vNLSPvIG!$Du*( z1^}a%Yv$q4@8ncDqz?n_7m55Q`PpS!P?;xH>0FqIZ3 zkW^Kq9rkv9da|8s-x?`K6x}^m21N-0!b@z=%NL7xgrV=$V0SedlEJ8xI?q!C^FQi5 z&4sB2t*&>7dM6t2iad}3vDIMb&YuN5s2ejc&Ran6%_8*_P$DMDhM;+e=9i*p!B;46 z3hYqB>){3NS(2@kJjg&bo*OJ*@CZ08H6N#vzU{m-d;qMq(|>Rvn{`#-*ma(=hw1;9 zK9pfp_f`Vt>`=7aEaYo^)cP*W%w=ix`i}4UwMfa(XUVjz;4r_kz!E2)IyCxpU!FZe zet!U`St`_wbw6px!hnjNna##4wtx z-AV$%f8#K`rC3?^ILm@r;G*=ulQ>ADIdp4TarK4>Avxs)=2UxYVbucLUPX!WG?unN z74;ZwXpNSMjO;U==hKdqlmG71*!SEHOaf>iAkqgO zz4e%!vkZut&U6uSwOQ`MN232BJf(doGV^+G2S!+MVxQ3mdevTvCzENP;yC+EM|j@e z(r871vnT}i#Kyf-yh_ET3=It8ejvf{AIwLC7*MUjGa-c>Q++Hp!KC}}CRy~9c2VGh z58OIxbdSI_A(&udU36^1)2C z&KBrE4@o6#;1i0Y+K#zYbtqUYqR30%z5!vxPcqbvM&R(-!5U11{T-KFmnMBc<`qf@>$4J#aERmaemxu^>jSc3I6|099WOCqfGt zd|5_Vxw|*-!ChU%WUW;36U0aHppnv`4x-H5MJyEdO2501OwQ@gq0g;S(=5)m7%X(2 zFQgrM^}8oIsmXISP)?X(ftY4#+1}{6idETmQJTb^bZh<^7I~SiYv0SlvdPUIN$+;I ztrro)|0mw`I%o}<=l!v9EE!T80xJ0JWzHirwXTp7ZeBX!)f0cAM@7!LPi%%YCrNar zrA&PY4irX?>u%DuWZqOmi_}9%k@^O48CO&vcZ*khrkUiUf#zdz8vG~6r z+Der}xaKZHei%U7E{2x?9QT3`4`VkO>b*fKTF@sGH8kX+lV3DrhnB=??a8+w(p3OpAl}4`X z(+I?6c<_y*?G6aD<|kC~LO9t^pq<%d)r@u3zM#`r-2Z8vXx2M07)FF`V2tI7O+Ut6 zz=7zsf`{|ZY&9NFEk=^tyC}Q z`uQ5TB12zc6+*Lu?KSHvHMB0e@XLt}{$6!_?o2(OI05!GMWtNAh`` zod8;8B}htvqPM=hK3}J<*`faJw$r2E77;p>nsuMJX?+Nq91EE+nE)h932E}o1djo=7k= ze8JCY485%iB|*D;D@b?|VbJ62SvUNDBtxuCEPS=1?^o4MUi6^2bQ$oRB4QOf@Mo}+ zBF;B7y0WdeqlWOL7hY}T^t zLR?Es6$q0B|N9p46ACSbI9x_ILgeyhV34?DR}mw*QiNw?0$lbS)qo`*(Ye<~9QVDD zWYY_gh6Re!nVi4hjqvH4bg^H6%|%VXIHJU1B+snwWN1}UbJHt-L7SK9_@uAhKL;Jp z6WZ4J>{GWY+CPxYT33$vgXJJYKf)<(sqasEeiFbE!tW97`k=dIHs~tH9yHfBl*+^-q82CJh z+MDpwrTT8YXWW^Y5CBY;QISQAtWd9~fX74)jEal5mCtTK8@ zlE(~mxzIYAJIY3==nxrimQ(G(3*<8W89eNhv=m6hWCd0*Y49bI5&{(d8j4X9cBwJwtyXF^1H@K1xMF0{&?Z4490A0A$60lT~ zsNw3j#Me%UvtvPCM3~9`;x58Xrpdth7#wFMIW%U^vr(AWX|Z00V3B!n64lQg8iFn_ zDk9R*o%fwAdh-5DaaGw*r@6A!x)&R>tDZ<U(1m6YnG11&@mvsnk~@ze@wd3;uj~d~=dZkr8iq?au zW&cw_LR|icrAzZ_NX&sJdW+19p#Eh|wwr2S~J zqkfjKl#xZ}HS;E2-&lU|Om5448k0@8e$Yj$<1z}A0*sU|BiHoLe1cPE-@@qHVrjI~ zA4?;!U5)FgA!Ok`B}*wGd}j3GkNRQ(aY5bEpilLrby#{l_OZqd^_TM!?1F50`ShI2 z03GH9T+*TLlZ>~Mf2m5=I>*fS6#dHxs=+0U!Ou6b#zRo@@BPG&if(ab_qyf*{!5fs z4YlZtEpFO`7zx!Nw&_UiM03Tyeqg;<5?zxF86lcJ<8su1f7jC;vX{*^@Ha@YnzqN* zl`}C7LwI%avuRKO8X&4p9AMDw(wlx1T(~LIXDw$De$n(b1*O;R)>tqtwSfAS_PjW} z9L7n93vdwT!)2Z+!OM0i=5?crg>xq3zREt-9Ett8Ve9GZ_X`i63c|KG?c$77H5R8j zwKs>BRZ9VW>9Vt74=hASUcje|xP8Xcxks2elrLiAS!c%W;eUD-7UNT8@p84|Z-hWk z8u~(@XZig7mNlHF#u_R=Fx0-JkIH`-?mp0ypGe2ug~~fM;HJ8hXog3y+6iIL})BxQ8>v}GW+-Cp1hl_5y?ZKyon3J zodbJ)nB&TbU(8U7z_am#&Yw8A6>c=2u(3O%ZvhDH%lftj=aQKf!DSV~C{G zAb`#9 z4H=OG6ByqUbhXbJ2VddW2+xvQgsbwaBjnz;L?hV#++Ufuo)LM6K1?SqvrtM4J`DS@ zr)&hWl|Q=%LXi1EY92_g!7wH+j51Xy&XEh^X`yZ@p*E&J0$)N9*V79L-EwlIc_g6I z5a(oOh&AleuWjaroHbp)#zCK32{0!5;iR5MrP(g$UY&o5y?N;wpt}o1ced=sddNz_ zw>b#;tw|S@b0JKvT0xmCFzXxLHy}WQfF4j_ZGA6Vy#EDs|(#M*b5^0`LKkS`E z$g-93b*h2wziA2sRw(?2A67s0*j#ibRn@q8?~E=cYx}_CSAV^I(oJ(Lb@~LP83@Vel#$z8-Q5BGNt| z_#(O{S^GQCAO6tHYSnr?F({_UsHx9*eT{lIZh|mfKJDV^WIHbdYF1$Z;7achQHrA z-*B}R+3+p2Bz0XsBoiVnJ_QB8f)%yqV&#;t-!<5VYnYcxh21RVP8DIw_hpRo>Pqd`aNqoUe9 z&OalEj61*3JCN&|QpNOc2gcwy%;^Xr59cs4V?7VO@0sYFK#cLmKWju*8@k~RjXskt z4EdO$_^CPHVqu#HwSd^p8V(wKQ=Z0|p$t(M&8z0~Wmo*;S$D?|%#)FWaG_Em_L)WL zkp3vBw^GHnv>{H~55^Ve{AK>Tp0*f;Qkkt8SOEP2@s-uhPZ-8o z0D}icp_jPTFpb2Ww$mHEJgk;e)6{uCrXMpdz)qkiApE)Twz0*Bcu;Yj1x2>w@!+9v zMiqP-hjb;`rhfhT_VLzudtzaIN!{{Z42-*e&9eK+s%3^sX2HXZgJZ-u8#XSRR5{CFFis*Fklk8dcNBG<|UUkAjQOd$&SjkwpzD^de7p z-EeDvK<)&Ia2Rd*#)rBiVq@DQw=10{7na(nuun!AgP_6MR#Y0F=dB>OM5QytdWw-z zQe7I6RDgf(kYJPzPpK&ie6WH1T6a9oVmJqo5kQR9=t!at0G$As%rp?};7arN>X{bo z4l*;Z?p2Efv%h`sIBhts*LBa$e<1ISF0=Qsh!G3{Fh!N0e*n~ea?Rg6f5VLp7j+zvs4$+FrbNDlis+g9$i=jj15qO~fRIXfuzW2wlW$`_wp_R)b% z%X4?3C{{p<*||DE4W=$8lGKJ3lMw8mgXIfTjK9?H zAo(qJBqZO6PG(fnM^ReLC4OVAUAwGgfJeeY)qP5d2nB%X{TGo^&_0xX>jIrlR-V2&J&$p7RN#ZQ5&{)vVfqBe3W zrX{j%gJ#(}d(3^qaw%nZe1tvY_^<>EC!WYdcsCaV}xl z8+GcbW+)P>G7SM^KBj%`l?FzUm`OS$btGm&I8iL)S4XHWjYQBDN4)zy;J>7fm$V20 zk^?Edz5qV~G?FhnlcmDzhGZ8-%f&i-c#_;~xulr?4_+ai@cbFjP9GGz-x0=_(onE) z9sJ|mQlMrU_L{+WheXvzbnS7h zBGH5X&_fpTDeh`pQr>416xLwu9qv4&@J*i|AwPnbFG@!%=@7g!!N>JBcw(Z|*&R$y zcNKwuz_|j>?3ow2sdv7Uy>u9o5XjE$Nd?<3^9Khb(bqU0z&r7sDl?dSPYZcpPs#vs z*PRe#oU`o1sl@}jGg=4y?-@03FGXQVyRVmqPFG!e5kaGptItFX1eu&Np*J)o^0Lca z({2ct!*j!e%qzuoT+%Q5ddDOsc(st~o-A`+LW!5}i+9oTb7=UL!GcpNlz91U`?vqi z#_x#!RL*q4nq;;B_o1FAn1`8(|IMl@dH~@}*{wMox`9tdb%1~g)!zhpA29hFXBy?e zGeuyMw>Or>e)OViKpv%ruQ1CE2b&V`zr3JGAui&eVhMkBg=1|dsfV&p)x^j1x>6(2 zR#GV5j{EQ{LH+ke;dqlvBK|Dvk?Hg>Sw$5T!+7clf=(I?1IKIpFB{hR%7;>Ee86|p zHGR>%R`@dNq$3LuEN19rHw~bQ!eWAg!Z#f)d^#{$VqrJqql$Agx**Xu6tj!jiLA6f zDfd>4C<|2g&YuYodiRLdVee#kpI~}6i&&iOFP4~2XJ zALA2e4eN7^`fMfjXOpK_L^|WYRFxQLxIMbozvGZ^0zQ79*l}#Z1-V=%UWNK%HyTI-S;BO;@+O&umI^Qp@I7<8CwgI zn9mlpaQ#}_??$l^wej-&ElTc4@b&y#MOgMyB~vNPH0n>Fko#&2VXqBjvLo<{`OBc` zqr8tO)G;!gdbOtE)0FX)&zuIRYP=X$o2&R>pD;7O6+U=G4p{05_UZyM`|Id#{;zO-v!I?Mp9!`>GaV_Bf`)OqdJTj&?>sGWadl79Vc$AL zzEClP%8fqp8b~O}H6Z#rRluYLM;}K_5A9T$0ry=p+vp=OF;R5dsXhSx6Z>yMg`FJl z)WM4z5JgM5phe=KRRQA0n4=q1heBOVHWT@PjG!+zHCtTvO^Qj8m{=AoiURgTRaRN& zolP|xeFntGn65_@)9eNPHTplD%-c9`WOg4UEYnMG07p=!!&4P-Q2t9&Qs9-Ab>*Qj z<(OUe&~Jw4RubbzogJZJJW(lcP>@C(lS z79Y7DRa3`3&?XiQhCrH4R*$IlH%DO}SM{KgeSPsCJ)=14;6R(y?{uLBT3LZByf1C$ zunH1YAF|cm*vbAm@FiE1>eMHQPI{X*sOArDl!9wl88Lxk$>-1Ef0Vjj6ewgFzbCm zsy9*%r>U?hAi_Ybr+FDTeq@EsDKP(9oppHp)-T0y(h*J>?>z3U7Wn|AEP#s8uOX-s zl$sU16jleKCIP8%5*WoNLTR#kD5cToTiBFNUK}A6Omq);NIyEdTOw5Kb_k@gUypV) zIGs`M#R5%PG9a*#0fW0xDoYvRSF?d!_6@%K1&WNZxWJn=Asds7=E2#jwwaV2*avlj zX6Zg$(~~5~(*GFhl1QeBjaD#~+hj8*345ZZ)ylCikPECH$`-gmGo*#kLXj6V_Hoi{ z-s}W+W3PI8z+mmLV3=#7X4u|g@-LrT-%Chr6|mDx;ywMP2$5kE75Y0Kcu;e@Iajky zf@lTpZiqlA&p3k`TK<~E+t(GST09HvcKxvN&2s(gjKitZ@d~X^q+3F6QDZ;**uaQL5q-c&VyP5VF~UDGzLvSs)2@ zL{2hIOX%IoM3ot+Via%Tg1*67qYvz%M@SpmG$S$u%$g6vwv``rI2WMpLwJ~NQ;kOQ z&Wl$hs8ZBY)Sk|vV*v}Xy+e*JqLo|uHqyDYIaa*93IJ!#%IdH%;=d(DQ^(yBkfllf zT&#&^^Ka;E?zqqn$RDvwAY65v{5NRn)ziLYrv@!-_{gp^kajDo?AbA8<85_ol{QC~ zt&W$w8}E(3s)l(mGc-%9+$j(to*kbaQ7<*=UYSAEb@np5q>V6AqHV)=pELDhh7F8j zH3ETt1EV*e3@!eHfD5I5fil#h_TQ6gB50_ry!D8hS6NJx_M=*}%z&2{-oz&UG9u9& zsJ;oufT4DV-VnC2kQH^CCu^uGFF(GzLphemG4URU77(S|WB%IcgPXx)gLW11(5gbC z*WY4Jn_A~q2z!tGWpwtOdo(njA_}qq?_R^E{r3Zkw3r)t*|G^6+{-zz1BouCmVi8Y z`BR$3OOP`7Vhl5#?N^^RURP1H`dE5ifBubZ6EwPzHSOiy9Mb8_L2llX@;&*(0vS0c zK+3er{dH)e_rR0ti))_-kU z{WjCFdIZtoYrwBQSFMK^1kHZ(HiIjt8ea`1{t^5$mGog$yK)#!TU48+yFB|948Se6 z^SFL)J5yvE%_54ZcUIxPYAv3lSl_}x%LKGvTF4zU5#(HiI)1`wSyd^>ZdmkNY0PJx!OLb#g$T` z**C=CGY(myMK0LF*)jB!>-1*50NFmEA_qPBu-3=KR%3tmUcin9vdS@^!2VEM*n@q4 zA*mwCXJozO5zm@716>6mr@>Hn)9kB0&4^z{=g+7-uiO}q6yUu;lEh)>7V)v(fGO+T zKD|QXf=}H{ z;%GHwSdwrnRgB!i5&e8OU&-+qP4&AH8>LTc_R7(%@mgblgXGY3`_P4(g|Xg623}SX z0o)+~={M-DL3eh-TO2Kq_9$o$L3^eIQEHtZZ@mk zr;$8JiPN$-f%#_Mu4&YQk$4&|{z-J5FD5(-pa^j94T~}7AeU%kiIuFfTw&-=keE-i z6XBuUFD{qXz{xmKxNvQg+U@h2YQ38o4Lv}!8h}_qSjTUuMDS4XJ8&jvw}|i&-{5$( zN_+aDV(oTmM!LiJfR2PJmmvV-%CM@yytZu2lkR$^@S(Yx8wA@9O z+5s0@ozxrk%w#+*ziT$Z5NR^VlZ=j zjkD&z#+9tLws-haK>O}@fJo2}{7qlNiG4DjmanzvI#b%H5LZTddL+!~N|C*LsSvv0 z?>G^2TS3wC^j$fEe+28bAgf?ka~2d-Qeb0BBkJ#+4g~5p3em4|ifo!dJYzvQf zL|cOFycFj#<2f_QtujWoDybJ6!0o_N4kJR?2uVTrRk|FnY;cShvZg#?~t`07*c$zp?XIsgPd#6d^Z(BU0z#maEVq#*)Up1X;mLXrn38EjLZs zQ1r3wRa@>A;A$z;E_1WUfUYD)+PsMl5@8Sf{^6?c#pX}mB?3q1as)=G2Zck<|zWhChl9J|A#k!1>H z3{+2dyaqn}z-GWJy_}0 zIDPWdOnd_>M~Eo^@~qXtJ|6j2L@BR9!r>Na3 z>=(<;Dr-tKMx$Ymh$y%i9Wr4UJq)V+7;(2#SL#aOv^4pZO&v+@&CT4f;?D+jSj}mHm{AclrV;hpCaQ~=+#Rj*GUUZ$Y(x; zF8ZK|Mf!EV#i#x%bi=#BDa9|N%vx{||&jWfJLQ?vT>HiOy{A769eA(`7hz~?AyzLUJ5$ZO!HA75+CuePX z&~0#>Ad}EC0g!)hbI2@1n@-$wXYA~Ujc-UaS1OEfQj!U4_`H{mKlLt_cmisT!Ybfe z6O&IC$-BK#>~Z!-K87y%g&+dXuTV)2kfgDIFnJm!FAyhBZB=wqJ|>-cNhCyRsdY=F z0JzW{9->N{wMFdYgvarR^I_7Gr{L`wb@R4ZC`@152|XLv;J>==sbjA?{JiIG8_Nq`JrhIDTEAZ>%^aEW;pO;5_-CA)<_^MBbhe#?g~5ZSU8sBQ zA%Ca(m;RNQ2%^H$J)&<%99T5`9)DvR>ji=O{P{9;Kvw68$!V>lvVJViK<2IV_co{O z0$x2-1OVWI3l%5B$YF$i;%nesL?>*m{|)W?$V*5|7GEImO4U9#q#qdUe?0a{`UEJZ zdmf7egw-#n#^QLcuIS{L} zCUGdRp*9SJ$Qf2Ow=}kyZn#4~=4Jy94b% zZDN8ypAy!Bs?=C>>mtXNeY@k1k=anhuq$Qk)?C5%&uDw%Mn3qppqVzC<8FM(gP$7a zdtqifYW0cNqV_h)kk4MAnf8diReUMQX9ZwSs+*$f$nUp0o#mLkc0aC=)oS$@gu9%@ zjRis})UndVZ+p6ymM$sk5a|8aV1M%(#JlUt4$TV%m|(U``sPEE9--$;M?-#~m;f>P z$5&fZq`C*$a1~t)t?U%;K}8T5E5!Ud)f_T2#rST+8HA8XdSTg zg)}?p$E2Bptv-in8k+I%5^=8|b2HF98u3rQM64^u`K8k&A_pkb_k+#RzS8)#rqsp~ z@xB*(Va@HGTtvR`Ir-{9Zj--g<*zIjW9Fr(2;~VzV!WUfMR3s-{nu=l%u{vbTFP`3AmZ*eijh2@@+=&&K-igp8SyKHyzMbH#h6V6pPlSSHe= zdK@a6n5nS~dG*HMrqmYL|ErnTl46SiU_IKpL8t)E{C&7czMKL#k@ z4cgL;l>9yipFgT~7oxruK6zk6M6J&{7q$HyEQ|8BCgm&_-TJkt~K{(He zy^wb+7e+z?rt$bv4PRXKLbX^CAedvxHx!`dN>@&_t!nw#8ygIcWbda)cAASJ0kiV~ zdM67@24Z(P$9-hZ&B?R3Rt*47g{90rJXsW$#3xjDyferI+?0itTYy}G~@!WOF5LV`jurrDk!y6i= z&Gk}@qyyv`s338*s-~QgGJ-J#Y=mskxWB5~B<* z3fFoK$%Av!K4CtU6rf}Qg*QgzmC*GR8phIy?1UgMxk{SLUs*fo*NJeuJI)aAx(Vc5qt=vNY(!$Hfy@5Q=c- zPm_ek4+|7I_ar^x>7k>n#gzJ%<|6tLQ5vcce|_Sg6Egc?9vs)Qa%L<=NRPLcxF1B< zf__bMP|-bt-Y>a)jTPhIO{E;G|G3^oM=EmIFeEfYIt~XwLhX3b?|(zo>TuaG;LKku z3+HH)m)A;)=#afH9hvehQfoS$uIbmtHOQ3M)&`su=i8QShm0DTwBx~P zv5OjyCWQ-d)fAC)##v!VyHjI}(QmDID1Hh2o{sVMaP4k^J+t!aA`VVFq^X;5&Wg3?}S$Nwr}1uJizB0xP`K=crT*f@>CDb5kT6 ziqo~6CB_j?nTC%t+pr3e4gT%oPH?PA=l>rhT5Zm<*kYy)4iIKr)Ia*ooa4QSdarFp z*uYaWqC_m3^_-VvEOnF{hs}n*4Vzg-)m`;!kH5e1`gv6W%P3%+U=qBUIZvFNgWcAS zxg!+*b3g&)-)awV$Ku}7E=y>+2Lhh8+`iAXi&WBjU+xyK@_?*Fpan=yQ$*z{hTZ(D z3><|gfrF^&#JOS^UMC*(>4FqSt@8p^_qw1s2Nm^aT^p#EBfHMXvoz3E1XiHl>)3*3 zI-I&Ai%OYt_$7O~&S}duJkw+yeE%-u+rvmnw1?4-ykU~$J+D_62KG{Ng7z)aE;Mz z`>t;aoZSjm5&uzh3Sn^mBP;{dHuLqKkg$`K1Lqo?xbaI$TwY9#lV?)7(xE9wh;TUQ_1z@R6LQ8{&Mg9r|9d3 zaI;8!rs$`7y|$Hfi2lZi{O%Ma8o#x1Ib%{Z!qyX{UALp*V>~ff(V`5nx1=`mc@Ir^ zT-1?aI5AZ=uJ+~;!e%x$HsPr&C%kZ{K3pdl62S_kD7w3K$s;ukh1^M)&MpZ+#pM}@ z4xUdHr#m7rzPGta29h8T^yJlNVpI)16iNtko!+9<%*o<88HmG_@WTWednePyr0a8V zo1gZ*9#)y4O4Ou=WJ=8nnsuYiGp3Zf%@=VrK-VwwN0A$|ol+cq_Z*_6JvQlcjZY;qnH zqAuO0)&%Z~@At^zklJl3%u(vJ3z(5eYaC#RwQ0g5dUJdC1B>&ffq+i~AhowkY)Ala zlUZOJkK|bIUGr}xc*QBnoa~30zl3V%z9p4+5tBA?1;n83bDrpuUp041NjRwZ zV879dJ`l18S@Ab1$H<_VoA~#BwGyjtu^#|_zUYCR1=NnyXuQJ{*3US{h7JU&Uc*81 zgnj0+Zd7K~wE3O@e+p?~Ctla@e^JY{#CpNn5MYe!n8B9_z83a4O3_00<4C{=f~QF8 z7X2%zb^)eg*ZJsNx}JC%B=}~i9JZI3Y&b3&rG%Wci-}~MJ8uA@eZfIOU?PnFtm6Lu zlXdPnXZh-Uibr?fTG06oty0;dvtw04WXt@*yM>h@VhoZQEAaN8?P<_w0^%=YNB;JY zsHO|Cv0Vki1(qL2#gd3|OVT~7g+fW8X5(=O0%$tOE~v0-&j*YLg1sXA-@U#0@yWlO zRlpOj`Z02yKX^xw{2XhyRq_Pa0mVj9_LD+96OJ$s}NYq;AWCWn*{it3_#hq zBa|Xw+JJQ~<76Dee~#K(gk``$$Me6Vq`1ds4rXK7kMe*`K^RJzMqiWx^|3I?>AnhF zfycu_>_;ov?#EtoT*cy>x;tE83+O$qenU2j_-bg=Mcq`s8(B6N?N1$k{!B{aB}Wj# z!S8hi7K07*J|IWUWtv;eVLZdG&VP`P#~UW5?;cvq0#+Q)saV!)T~&;c;O0qdZpIIi zU#?LhrO#%i@VGb9ei9zSh&)37AL_al_+6p;ia|kvOb$rfMRtLsRf7is9HG!#&eDTF zd0{YMV4@l(`d!7|Uv&W_uD%u3I6vTfWvnpi5o17s5N58z&dL}Vmk8#Z zk>eXjXpZXn2txSd4RmM@jKfTbNuXGho5h9IR%!wgT1Ac zY|T?mY-5yRhE90LtV_4WwfCp=akM|_li@KY-nR4UQZ&~0y;uL6()_U_F@UI?tLIGB z2mr6s^`&68=I9A}*(+;etcO@0Cwk8r5$EsZ$>#l0l98?(D{*?wSwrk~!~1(_O&va) zyv;0DLxzpRwW{elw*jYPfXvT>)f35nl5@y!d zBkE3dLc>oB&(FKE*9El7G^u)ql)Q*(6y3htQuEhzzhjZa$V|9S;gG83*h7P5ZR3CnmtCC}40H_0z;vYHU$*I|oW$ zYp>z>O`yx!xo$9&b7tv7Fu!@(RDIAv7u`Z6F_c@VSj249RPL?)X2z*qcY<0EcDIzJ zlBmxZ)gs(1$xHhen*`9I4r@I^-5S=EESg6QqFt9`X~ljg!vMivRJYQxX1Dq1sYh{7 z$Ys4VZEi9RYffv!pmSuUY+Ft+yam4wBb0}k$5OKtS$?r7)uK0@(|=D>=1B!(R;7OUZ! zE+L258rPqL_wl(F-1*JM=q@ViCs*?h3Txb^P4&=c7osv09zsSjFg5ul%@vXt33TMB zuzM#`ZHAC7X74UJEEj1ea75`6;)KRKWI72{x~Mb0#_-ZfCXjKMb(Ul^9J%}5a0;-$ z@sCIA$v%R8)DBeYjCXG!C24@stsz8PNc&N_M9d#EEa>gd1OIIeQn$#?LmjeShP zogn_+gcV3v@sPU=aH8RlVk&?9NeP5cbv~_lrucm84BbDfjKyK?YQKn)W^ohY$ zN*#lwfj&4O(x7Ed-ZrmM`qMDDys?pt5s;P&@7Y%aNCIM_`brbU#igo`JjOIpZU3P)c}*7Xn?hpMxGcw zUgmcG>+p%`Z4`tmHWG2ik`qRy%{=4Ggq#Ku4`t}89n9_t>)8LjFRj>&0C8&deuU9q zHR5bbo#BNxn&O7W6Ue^f!g}ne>ALQ|u>{!y_1Qc<=+9bu?Q`urDXM2tgw z<71Qx)!G!`oo4pDlW_4?1;sLikWow@uI|14Iy5CrIH(G?zo}H)c6v@~7Yl%RLACxr zg)~;ytWTNXc#;5&7(94b#n{h=f^Ro_ErUJYYjYA`5;A#N|JKJiu;6x1c9Kf^t`63Y6Xg?zbp{F8hQtXTvA6`|33-4oK$TRwe~9983sN$mp;oYoBsO3 zw~?$|psazwpU0X*V>8al_N+H`&h(;=} zKJl>+mhdC1GD{u?Wck3_#d%P$3EW}H$Z>VgD62*4ea>No9E!B8Vm(q=)T~u(JhBV# zEu<_@_f&=VcS@6*^G#*Y@L7t7rFI!e?xrkDzJL-}$8&Wjmkl;opIy>$FjY}Ft}2uY zFO!`+pE(nGuw&mDZmQ{3%0;!jZJ5H}LUbT}WhVc`@qwO9SWhRk?mX#D^x;h>mi!7Y zYNfhDAE&?EY#>CjA@rcIMi)k5SdH`d`Jk(o0V{=slS^JKO+kRCiJuJM3y3S{G796rRWi_&07Z@ zNINh$G--%0J4wvYxly}Vc5yBm=C0Rbiym}Qyc4)EBy7}ON&bN*F#?G34&cF6_toHp_Tw=;5K%^TXVG~Z>ls)7tlFCENO9he1ljgiWnws zGW_C!FSB03yB?)Iej+vkP_UtShPU$TxS9TXSU{GHblWjO%gt;@IigRJA;%nD{~Q3( zI`10)H*(!om3 z!-3*bgZ7C~fsbt*enI}SR-RoDQP%b#LOQz7f{Tbb$EePfItPzcklf(f=qr#Vs)Z}{qU&Ox6{X= zT|zRuxxF01YP-!77&T;aCZML7J)Y5XvBZRA% zOMTLBg)s{bfp(Xz!ta--YiI>IhaCHP6BY&qWtm0KP9fA800CQ8ADBmEMb=g)4WIQ& z^>h3aP7;DQLvv=M_+go0`jqbr_Kp+HFWOWo@jKv zkB}Z|mq%!{UB_OO2IU!fj@x z8U=^TB$?}v<57@b?i*yL8j@%yMM#ySSiX5SAhRt-kR$Y$;OBBQ` z?~b`1ZldUeyITSY$|vz+my*av|1AQZ#YY{%5hr34sLkS`OCQZsFlh@;XDcjnIj@r_34OruD5!lh(N)3$VA4e@ZJ9NstuL*o- z=rQ?&Ls!VH-)@jleQ>_I0PQS__Pt%XEc~fg1N$kUHHpHsz-;hUUA~uKUiK*84p+5H z;F>*oZ)~0`n~k6Va@VC*0RPhbiVIehG=j(BvfRTh$`6dw3T{|&YyA}lnx4jP3!Sb( za++wV?C6}2@l#&p{`tf4gK1=J7L&VQI8Me*WYk$6pQ5;nFuD^L-> zJI-;Meza7VvUR&702ATE3DOJD*`9tFd`j}*zqsF!_3&L`jEsJy zFV{Pr=*ro+^{bm2y87cD5>j$Un{M4gvgP%m6<53S2%7jd4xs{+C{rT$jnC%Rpa(r4= zdY1F|zRrg&#MJS!Q2vrFH<_tXOdWNIyn?AAIZgdetuKH}6+Bp!!^xQOOD%T^Y_(rH z&J6>ehP(d|=%{9EJBi5vM73JHGo$I!%C17*h4i$>%QZ*rp)m&opMq$V8V)1QR+p9w~HvBZRe zlN+kdBOLUGb&Ibg;(gyqI(E#ha%o97a!BrOp4@IzY@n`OCr-Z z>HTKibq?A3T+MDVKhYnJTmK7XS zp`7I1HbO-CiA745r{Mt;BW_Q&j^^#-fq8cGga4wSeQiNzxBubr3?2Sga3UNpphT2fkm;CDX_m=e<$p8vK^}i{v)_)USdXnHdS%{ZtcSB5(KEopI{Ka!b_wcEf zn`Gp(5uG%nL_66~&w&hWmmK3MVHggl&7=7e_G=HbG#0A^!gs^NG7l0) zs9IY45+`+LkmTOr{<4ifkFv5ULHT&-k?22tvmIS#XW{?r-RWC+Q6sniqFtvl{~&WH z9G)L)N6PVn{0wN!r^_k{S`$At(n z9-6aDiKCe)JPb1X|20s##9~tHwTQ&ltlq7nz3P+_ z(x_(g);TLB5;mJVPq1?-Vo9=w(((rL=Ia_A`f+g&=j0uzQ!(0drqlRp)&M34dyQum zulhBO;A*=@<1e`Ct&wR-t;ae`&E^j*7=QI*vox3M+Xy+~f+czVqH=k5}8+F zf~qK`-83!JBBUq_d^XZ?@haKGK3}k`1?%1d;ZYLTJ$|3%z*a9zesg@k%x#U&is)ahcn7AQQ-vN{;VP@o!_$`I@x8r5yCK;_9Ms#!`<~U~m%zYPqh`mLS`5eywDqRH2#WPZ+p$>k(ZO8bwF!5Bg(Q^N~o!#vzn3*5(Bn)>e_`<4sc zuy#h_#chk)XTVL7YaBr|dH5jPR@ew&My@wtBr1oFe%*%l2=wka9*v7k)b5p3w$If9 zG$eSx-H@(9Nl-j$V5LrPCei0pJs0(y#~@NlSfv1KtJ+yo(qJ`>_|qtH(&uWoZcam} zTDR=tr-T0r|4*^waX;|Jm{i$tqZ4?Ui?`%HT0Z5`e?)?O4+7-tdUU#XEqURA*XhSf z*?Oxoqy?2a`k+|u_NVZkRIS-mumxi_Wh+WV8t<3-YK8q#?c2wTo=O8%!tP>fxKf3krJ8o zdRCx?BnS^@DN$DgqFuw~9D>^26`J?BE{p0Hci~AO9P*yLBY144KMvronFrg^6AJap*bEX=5g#{)QJ6 z!yUv{M7g+~Q2-ul34}@-$_Onj7Df>lZu?mK2#K`B(>!y z*u71gmr@vak~vF9m*y8@LvbA3q%Z^80ZB_%sol9+3kwRdVRXH+hrRNyz3qu0AKu4+ zj7@XAqQ>sfZL0uh5gXcEX!;@rW*)(@ZM`LjX8tcW?@kjF8qtm~8cQO^KozcQ5zx8};zfg?E#mzJ)Kt94k72`>WisiR%?EL@ z&!P~Aa&=(vsJi6c1*0Za)!_og73M%GtS-`+$PF_zP+6?`8`T2!WlOQA3}v*QrU)o^MgO#qh1cN zkZ_S}?6T%Pyyd9L7`)E{u#~ZcoG;RNO#95(L+46BQuD{-G2zw=VOR zw@ibWz!b%%fZ2@m#+YT$3MSec%CK~|U0%=3!+d=DchXk<#;!kzIlI>IW|y7xK$SYD z8|{s1BUb)#wUlk!3gG@rv{Du3y7x=qQP4$&_?Iu*!(<kIhYYIwl6 zcSCF?(EI2wQmefx6ZXOHsC1Uv+j7k9&t3G8`!*nFT-L6{5So7gWnP6#RA?Aswx1L1 z5X|9Gdpa6;8J_*VdXIWE@1l+9gDFRhB#TJyZbWz0c&80u`b~+AU8W+@Q1-#4ra%2C zTiw;`cr_;e|46m$G}y4E6Lbp(rp9nu;56jyYydl-h$?YdymI8pFtM#pAM>18ypw`I z40$3{1`LN2z^I&V^gT=r6c5WisT1X1FYj|N#nOH@pj6o@g!5f_K3sGu!IPkZ z>I&>CiMSha2gS7IlI@X0SkRpRArDJ7GA8$#^#eN?BO+B6YCy=$GsyZlbn9jpWxSeS zTu?XnV6NYQKT8z`avm5yhVaOCbaWV1eln$g)sZ{-QNjISvQ8TL7l!z|irh3KZp9-L0 zQEmpclW~tPF98`Mx2u>)oA!By(ocHynuzcL_}*-V)qw}lo<oh;dN^ky zTNq7*D+okuocfT>bN@w=<(jl z*5lIG&e!Z-6rV5f5Yc2hKObApQre$}k}&R15rlYSe0GgYONvbkJ0LnZ9esQ7IB`qh z#2tXb09k4}Bnrw!Ae3b7RU3m^aJsdjaH3Yo97)GuI*!FD3N4ma>bQG*<3ZInXxic> zMl&pvVs8>ID^@v83Vk}@=#`JI3*M43+~ajVlsKgmSkWnjoT;h6Bp&^5T%{*!IV0s{ zC?%!=CmT=QdmdREkI&T)e6=kbG*#+Q<}vtsrGEL&@mnfBfdf_LOsb|Y?d8_cm&9ec zF3*{&y`Y9a4Hdr>6R+CltG>kEcQg00w?NFd?49;`JZ7L8h^Jjc5tKB%_@qZGRD-*< zDwh4SX(XvyQM&RRXIu{ZY#4Ai6K!gvcu(6#vi8$!J4`L9ZDwdoR6Gpw=@sq{mynxp zR_*1=I35!R$gU9k2LOt^OuqH)N1x!lQq6kuo_SI|4NgCZ8P&opkOJ!e#wH`g?0j<&XSmJZnj1<~UTZ|b=e;EBy zzGXl=9e?;&2SYG_F z5MAk7a65ZXkrMi`6KqKm^D95wLvWZ&(w+xNPu zn$7XCR4K^0)%XdXtly#HA1SmA{|jiz23*H78i1e6DPuUjjI-Uddu!t%u6#J`A#x`{ zX@9*0H)lfczyuKvl|0^B?>)qWv(h#yW7zZf1lnlR>PUJkrf?Akw^c@T1~G#Clpgtw z^CQ9ls`Q~#DO)Na_(&O9?rGcn7WvG1PpfSe zt9l5t(1%s00L`P*fxhe+!M)Voa&=)A$z08^3~Zor>ydo@nzc> z#r9WK(QGPP^ny}5%_j#qUVgfk02L)C)#42x)wk5=Bc77c#Y~ zj73?;Y4uHZI9a>&s4SRisq-4PnrRq#nDJHin|K6!`EPo&2+_FveuBIZ}R`iWP-OzSN0tG-8nps<=Kp^ZsSefn>4i|T8 z+n;IqZAL12gTxWIXlsEvz+ms?+Jph*8o~8!zOU;2?1BGd8)^VpIZ+9%3B)-H{z(Ei z!v1M^5Gw;1w2=?6#pne=LVJ)F)%iu1SKs@+TkkjPy3`E|35UuYE$crJx3gZ5LLhZd zTl6RjjA-Z$)&Z17?z=+P-_5kQ;s9!NiYQG|S#9Zop;fl0iYCZtL#^0swnw_cAVzUM zO_GZ*CUBzxeT2(ly6Pl6O4#ba_E~oZk&dzirmnUu2A6el1zEUGDbu}wW}GpJsh@e! zmsh!Lxyhs=*7J^PiW?%Qvg~8CEMI$#d%v@Wmapo=1wKfVRAlucb zWGmY~hCbwaIG5aMi7y&BpVIJ0@|3^VR~NMsovGEaZB4AIue1e>$_%tt%fmfF02m^^ ztt7S=R#Zm`Q7sKeB)msP>Ub5hEj;%9Yxv6#%`&t}@RQ{=|%Lou?MmF{ckqMTL`ZY)kkN zk10=t59a@xdQ{Pqt2M_8k({Tl?OLwI5Pa+yoEJwe<5!VKOo7F+GjF--P>8he=c5s0 zkICd6$tS8gATZ9%14Ezg_NM1S#T_>sG7?Qj=dZQrk(z|4l#XcdDMf^GwCc4eGPlLr zu}s`BNq;aC3%%!Lu$3<(>&d8i8a-|`E!0^tnSFJX{efQYd@}=AkxW81CfFkmY8_2E#oRx@-$jB{pTT&;ILt# zw6wNo7YKFEex_jhNQtYQsHLA2_OsP%?d6(^;S615QrW zwI^}Lfe6=`l0&0rMl1Gsf_IPCPhRrS_xW|J#oP`7R1J#KFf*$hz9vzCVnuS72AA^Qo3ye`v=H_t!yV> zQ9ApX3!n?Jy4_oL0*B)JXh9Vc=tVVSy}(KA#!S&F(rp~=<<23!|01)cZIXaH-}Gfb zebiL>`jN;z&b}bS7bdXEa1S_5KKEZsHd}~jeW?)!)a<-Qw`@kobCaUEDjUG2aXxRevvbvkgCz?g>;!f5&Ho;2kZ5$AAyll= z%T61&3H3}?ajbYV-MHG`*sa95uc9c5!LOIAk&rEOn}f;Xvk-U$_s-yC&`k@vZz#HM z0CD&0mt+7UrV#C9>vQTyeB(O&MDJ??e7hFk zLkN#y`Em$Uh$0C5T%7yqU(9#V%Lfi!GMg`#W`^jCCm1h*#6+Zbk|Ki1xNuE0%$2Ft zx2A%UMfJ$w%p`1ZzKF>7w05qNkoM-!(^z|^m)Eei{ed1e{T+rlp}pvmwC<0xgyQ=5 ztMQfHoF1;D;%zz=QW0tM2Z}4-GHKYdyV1rdeTqJA#vPIf&c8BBnQ=LAS`{LlYt>o~ zj1-#7kTqTDHJ?Z^Af15psuEEX50jw=jmA!?K-)Wj2QR--I~cFQ!u6>FZXdASQv5#b zTYpk2js|FkuYm~CABD&llz~YMQqX7lKU=TdUN~-y6l{%G0UJiUv=T zPAsu2g@8gE5q`sP7 z#c`HrMeYEuwaT6zP;wA;G7+*yG1iv3g>gmYQez<&+V~cxJuZHmPZ-UkwhmgaRy#^`~^IXfTJ4-2(J;!!JV)PDV~PqLak6 z*yOj3wsUlkdUR|5rWEZe)ZLv{8tu-5kXHmnDuvQo*rT$7xF=Uw7 zyZV;Zx`Q=o279xACUjspfeV2#MnE+7SXG8>m3|jWJkB}S?6bS#>rn)0)5X1<+g|J1 z<8ud?^pX_|s$2Y6gZ*EJkqR6_&Mnsg-IOwyaQyvJQl$k|laPd66RYYcd$2K?KZ;lM z9HlYO7VgoQplsGqlWT&Y$Hwg4gzIn|E}XAilGYNLR@gx{tw$?|Jp$u?bYB#A(xsmb z8a?0OGH|R30(sO&p@axe5pSn7ANnu?17UbbU6D5Xa(SQ z^DO|uFuEXX`kL;U_6lXv`veq8JCu-Got^Bb)D}UhU)qRJ?j=%Ss&9^rT)1-t6Yf^| zhTu_lMVfQ7o4agR3T9}ppO_32i>ON<*)^g!atSd#DJ{#{f2z;!y}AIm2>%jH#f-DT zAKFhEX6)vS4e9uNoSPIIHGG6$b1dy>fAJ))-)4ILqy?yq{p1aCk9zHNcY|&a6tO=o=ZTZfl5vOxUiq3sIli24XYWuP8DTyK&wSS=SJGsK+i02Yh5b%l1 zWtMt5t2!VW%O`ttPY&;=DS+@(XES^em3*Mb@Tc;^LS56_yBj$AJxfq^NIh>Kn;HjO z5(*`PP5{W0Ik1N(nD8XbxOqj=%AQU8btTY8msPDo?E0<$yuTOyk-@OnawN7xhZ;7{ zI8L-iP@>NXF!P#7pkj7U#2Q^x=<#ciZZ7+4ABzGa*@auj?lF=pazy}8K(D`5usPGb zpLBolRgK1EU7L6$t!s;cNF;*0a>qOp)B5(!=GDK=wiV+EN@>I`nKF)_Jwf$D9>M8n zFZkWJM@VSyNcz*9jDWf0Ziy;5iWk#ne*NjFrO1Aq@$CH`{jg1Y!{&t8_wnW*;KfEO zo^{L$W>IRKP1xGO0f5df1I1fr{F>_s1zI*03SQg)LFCs$)#Uv7=4|6z3^0fw*H_2M1x&FV-q?t;F%W;j3DiZ;9HZb zZl7+7ycY&jl;`KA%wQJ%7;d0gE|0p~w){h2Qi+s|vAer2^-*ZQ3?q-!11rEwBM&DB_{OFX!b$HnRE{_^^P%)|#uDj}w)gh!$; z3x+FX6s^fj(zz;Ux3eDo{`|$bHwBk5?OI*$BAg*aiw?}_Uq<@DEsm>U6 z5QRI9hQ)P+2(YxDN7^I_kTP~smjFAHnz{d^-}=2%9*PkKNcl4Jzw<(x2okEvQt@m@ zi~oyN;Y}4Uwy`iMgJc?pHKf+J1@rOsH-0q8#c-qGvJTrr+~Rrkk#!0!XXV&XS3_V9 z5ovD%V8B@YdDK$1)Z3$c<&{QQidIkCmLXpW|Zy4*|;FJfaRd zZ#WE3zV_|K@oWFjt}oQNvHeFl;Z1O0jx5elM4^!E)%gbQ86Aqp>DRzo8b$BSfGvRZ zdG#7EiB~n)`5?+_&MUaaDbZz-iOjFDMu@9dapsCw&S~a!rkH3W`a~}avx%b1A}XqT zsZhrdle*jXgYv)@y3n~BgE24@(%EP09~LJ-!C#vdai3{aQ#GR4z|On97seCU^c6NRYxd~F}Hk3 zmCn~xl|E^dSmlP|8EiQm6hT7`NgG)o8Cb$bRxY_QmIFk(er zeP&n&bF%(UO7>rQj~gma9}U51E3`H0Hi_3f@<30^aVS}d$8w;uGJAWJ6T_9{KclMK z?2|14XrjcwK>hhc02D_R487sv@1UZeg}%f)>>FiOSH= z!rU482<>j@DS@S>q2di1X-e$u;X`}^Tejn`OXtG7IYpdNHCGTYYpR*#!e~Y zoENU?9qVKx4cAGmo?J@yS)bpr-INk#uzB;uR_FqnaB%~CYaKiA)m8o9N9k%CpTX83 zeiSQu6d8pfO78anl7Qe_yHP1Be(VM)m-tnQ08kw980J%5D8sYcKGi`HH$rRH;F}k( zx{9KdxRu_a^ypf51=3sFzSRTpb=gIl{|VoM0n0vuAvygSjNVM? zYy2NE2bWe}{00-0H0AOjA)$4Fia=Kij0k2EFx=gx1D?T>F72Niv~U!XuUizTWd*`C z05!-!W^%HT%hGOUY{W=?hV~3y_2#Ne%z?WN;>6LnAH^kHfz=rE8)akX8*F63w?~>*-MixK-%wV zy_#d26(R`D9G8p{y2!X2cBLoz>{?C8iTS_cA=4nM2s`3C1b+dAo~2Fg3a@&u27xG? zE3p_v3@b5jNj}L4v6vJL7u*gnsnJ5;0&t<>%W3{lOD<=+O%JCUZrGm^*w%F-=#ZWu~;rvAQ zo!V=>gCqpTht>wHirn`e9k^ksOJqTZd1^PaUNt$^l?;rhr_BCyQ)uv><*}y! z(uB}^@b3xONrW1YZ<-bA_{wfk1ehn?r<}q}@xRS=z)Xi*wWaC15M_EeK_}6`h0w?` z;S;|k@x&=%MUKon4b7?_J2(*|7q_i9!pCYk{jWc{yu^~?M99%1Z*RtYwcN58qunkW z?px=~P&J)%OiEFtz*Q`RbV| z+jWr*U-D;QWOy?RKQ*SD2oQml+1P&h+#CBz^xlO5sh4rp!qo@G9GyC0H=noy21MBC zWzL)iSErz$|LmFuc?pTJ7(k9sp;rk;o49kCKvqyPOKmaBOq*Xs2*G|g*_jDX!LM}UYrq~sB zxl}#zt>ZQQli{&L=Z+#$lyc*xUP}>HpTB~k#elCErf5@gY^A@ELtS131oT`X3kYyQ z+Z3V$A5Xt3cxJebqNvcV*d98l7yC>Pvz0(Dba4ewgZ|Qa-DY?&owqx5jq<*4tkWH+ z`Su#Kqww*en;Ks#E?KqZ=XiRKEJb!1drL_*h2C;Nk_^Y%*kD)9h;k38qde=GuqFBn zr8a}FHDdbwCW1FN2D~aOiqSSMdPJ%rf%ed_v%p1iAeBJ>w(chS=D4hQv$-C+Mt3bJ zFO{4R58%xq=q&Kfsy+a=|2-TbG&iMVx#tPSn*o(!>9!!#6RmeHrkpEW6jP(K(U^2C zKMC~?>f&>Aub8~EzeVIH<%LFohUF^qJ}c0DXnoa4BSJxB{Cz`#3r&E(aqs$Z0<&o8 z%q6oW*DcrA=lAcX4fz~O;UJ?#p{%5wGDc=Zn9PGycF1~(GpVT3{@Yl*<-ZaL^~V3l z*!A^K*7bK`clcfXE?sdFbd@@X!9?px>;K)KM5s~~42@!u>>r?7NkrO6z1TVw(4e~V z0IXCVm-Y})InHXuCHL%Xye7YoL78s?LxGuP`s>fT4jm*YQ}zGWW9SyWRnYuF~-&F50#l1oOwNELEsM*!nv27oDga5}P5| zCpAJ6M|{Ve0ko}Q$_NM}i807ski(il5z6vqkf+_K{uSW>U5oib$pWgBwn!Bs!D1~W z<@@fiaxJg7|A*$w#r1P(1y1k(_tH*0CwVXb>qfelkgw|jv7pC)OgykpG@5u~Tc#O( z1!#4a=zVdOev02GLRUx_xgKL^_?>x%w{3Lp`>g(4SmRF5giN>Gh;%B#YT2qrhFcH8K$hrSei=aePoRdBJW0G4y0Xu_A4)sLeK z->g^SE6R!~k`oV+hs7O8#rnE2quyMa8^7mdJrWfctAI}|R|2NTEZffI$ zKpCERPe&|ke)G)k;EJ{z8MKKTL<*-UQci_7)5K4<{5A^Wp{ko_t?iU;nQ=253+9zMh=V#1NG|cexYgO#}6eUMtvA^?) zLsJ76!A;H)%29@tq#jtjMi8b#Dn$Go6Wk0wxlydoc1XV$xVP|=JGw-@5C;RZel*j- zR~ZmFOGkHf-z{e6Wt}>?E2vA^u@*a&2sUk9@S*o-VO8%ve7qi!=&Ts*9-OsdwC!Zg zji#tGC6A?|W2j{0G~?=|p#K(ZQq`MVxik$sASi-N@YC@5 z%p_DwVxrVy1d)TImrc*VYD>W~^h02$jTE-bjJ5~3*5bwM8NTsA+{{c$%%CUw=hegz zFQ8m~K$b~RHU`Y>Edi(quRc*)Ie@vvt8C^zCh*(k$%E6fBCt9~CRAMAnCD_>Jazi7 zFMyQv)!5t=m z>Fstj$UtK2qaerkGf}!ua13a*(Zhlv>%EVJsUKS$VfV>io}Jc^l6t2Up=d)@6X-jj3!D~fot94to{@Pbk# zR$&1LuNNXZk<28l2x78DN{Q**HG4*$@bWGgt$keC`IlXB9ml& zF@)1bV12&l^0A3#Sb7d}{M1+~4j+zI;A?Wqk4Cg`CUmT&o5NVv@#dtwic0a8`>GcE zvw*HjT5kbBc24o@hwS2TGynjW-^kR zQ;}PNeR{97M#|lTyxbP@2%Esos_*a(exK*I%J+m+3z!D#maR*Khx0&BZmL^61l4cd zcARcpIi}+I9wKX}?b?I%vbVI}@5CqM!SCgeH16Re<~iOh%zk2m!3oGq6=X%!liE41`#WuT4`1+mGVqs*a^8H$e}QAYi>?HGX+VpTM2fj_uc zt2>l!(KVRavS-dyCHngBX>$}b@ISViZ(N1%sXg04*(z4%EA`@==|)_(aw+7BLPbsV z0!Pv#7x_MAu;;T zet<2?NKiCES4(RrI6QCs2W6NcR?lqSsR!NT)`mYMCEYph6o4_iTSGBu5Vp)7&jUfK zsXEw5?=M?>DG>mh&I)V+wgC!Te7vWHD$tjrOgHC_8i|dG(r3w`c>qtt_P@@*B?q5q+Z<1?u%k;kAggAM%(*S!>BekNZt zs1|!~AKmZ~aG@gl{g*5f`TVt7+Ypt0wj?3mm(OzQwVT>1$@N0*Mx})6y7Slf$%teQ zhi(g8Y$4xU3Sir8H33HN=s_?*?S#7k%doN$U-Z(n+?7wapSH^U;zcw(cSl&ZBmcjS zjeh*?GB|>TVsE04Kati`wDpu&>6$7T!-s9)w)mC2^A}M?G-2`&E(E4-{E%cF>HIeD z%R&+FFrTFZFo7)0^PE!tqGYgl#O~^WeBrX*l}*Z!QPm;}4o#QV_UnTtSxj zxs&FE5g)g|xIVKZ;-RRYHlNO1ozZlg=FD{migh}70-$d;!*kESL25hQJ;|Gh(qnMQ1K@m?Pd6WP}zNx z+b$l{7=Hd{f($Ot7;V)#nTa=_K3?6z-6GS59;;R}vZp?02c_zr2F-9|(SblPx( zSEi_shyNGT6QccF*-<%tby`YFZSAkEMZ<*y;P%%i-{HwYw{|87$t?7BPx5KJ4KfOd zK-taF7xcCPyzg4^^I?0yuwu?&3bX(8VHLnIM^7WN_UCa*+EM{T}l z{Uq(ERHg*wb>ZmSGEJyv;2VnHNCw-0BbazRiB89xU`qabVcx;e$j zL>%c&G%jJcw*C`k`8IEmaz{saH_vj^#j`dvDmW5qd?=NOT1T%w+)rfV&{0H{lt;x5 zQ<2PcOa5AOyioaF$@4jmtS_i6BnaLD=q!Se;yCHL)r#Cr@_IpKy{MM$+T`$#62N<} zPWAMnDdIs=!DcJZ{fje;r~l+?lk8nYXyyII>1A?T$;%}bb~pFL?v$UPTGB7>ivySeu@oG&50`a?|2q^2Fb^txFlxi1;bG*;(kfk9lcclw zbDLVNKZU5z;?e|yL)zV)pN+YXbD_sde=9H+RhUEVAsW#J&v;0@>JpcGBW0*MnIpP z@G@qFd^A?kkfqv**>p%Uk~{?AnAb}$t$L>s@>kJ(OkVid(^6klbt8YG)`1!i9px8< zj|&)|@-VUO;qj_NLWd9DzMAy)uOO&b3CoKvhsozu7G7ds8czV$2?52^3&bx0t>JsE zSkwsh+^VLODu@NZPLI!qAcZ+l*60C7w<$Bh;xqChVRdqr&T{9$*4At#m!K~y%MDtL zBq!9QKrw}G9=e|mOxT#}G5+pVz}pC6@avw{Uin)*wdw`Y|7wqBdWc=99E@(+kVEp; z8L(bON{^8YN@n)L99y$`hp~?X*x(VOe1~um*Hbw5?bdtE zaS?XZ4KWSXG>0aEi6cMy(?(6Y*6X2JzNf?0p~Cfx%53QU&LY@F_u#gt7OZ*bnd?r_ z6@I~|Ed@c{Vwep}p0x)bYbR*-Y*H_)UHAV^EmD7S%r+#Bx^m3~Q=0gdh3-u!Km9sS z{HyhFH%U^PfM4ZR_HBmKSaOq#9pw2_YB}&xXaz$Q))S(eNSw=l6o*6T-509xf*h?k zl`ap+GPH1M5Ca*({+~DwH^0^hhzarZonDBKg(5vz>cs5r^?5s43jA=s1i1fLX+m+) z4FjF=t=6K?Tt7IB6R{&hj(5~cdPg=M31AF|clz5AZo*+nH%e%2!OBtxL*$6<;!DgUGcK6XmT$tCC zEYvtAMEeJ3kR!cs7ZI2`knQJho>$k&uN~tAoh4>H^3q$U$a7}G2ppagS@9HYcPRQ) zmMtwr6kf^HY)B23nT@A7UleH=;SS4MV z^CKm6-|g+|t@xE8%msp-6>QG@D?is!mRewnE{!o91Djt%3u<)&;S~lx?;HXL_{o84 z;zi$hskmw`clbDOVsLzzKL9`9Bdr+;c=UHf=n4>u1k`N5uQU#9BQe z!LW{e$Mz{Z)=x(CAdx^$hgH)&jBt&pCm1+eh>@l6BGT;dp1!IZ?20KoLj3S-blFVC z7u6Q!+sc$d>GQaVW^fn$k#jO%%2&rXDc++e|GD#mjWwffF-DTIUIK;*0a5EX%V`e= z*=EqMJMf_Kd8`>udb)s;c1Rz0*@;Fi8={1on5uZ%Y&w46@ z9CcfekkX+(-18Fdb>rI&FWqOGgDxu>wN;-I-|cta55E{)zeM2Zt6MS!qv$EqU#;Zs zkmgFi5g---hg0?;+K5|w+j-fhGq#Ix30(3V=L3z4+@Yb4)3uIUSFcE0KOGA-4LPa7 zu5U{lwsnfWG8Zm?RJ!&a%VkK;cckK*!x88z${(&qGWqX1!9qugL_XT?MXdp-AgckS zF*lc7ieIOj5>S%`FULoHv6r{yd!IvCO9CO_*d>fHqNP`MLYfmXfuP^I?2L2gpp&ZU z$n5Sf;BvF!RNe?_HRtLOvy7$^CzG{H_~dcjA%P78$VM)~$y`Lssa=y)B>O6&Aldp(03lUg&ogV!X%#FnJ5=@X>FFuH3y3O3 zw3)5Y6v6u~7mJVl6WrKWt1W?^aLoO7Y_fJZHfdJIWZ zZA8Lzl?ejY|0QiACN#M{*(jsTSA^kFUKh7S3Tz~n1H6P0>RpjWLjVat_P=pKq-Iy6 z$WWT+p_!r=dcb!}W@Eb4c4IY*4Rz%tnYLz85J@^^wmZPIw>iRxFj1v)Iv`Snv4X-| zY%>Gxv6QZ{=#`!xKwOXsWvL`Opyz0vRIaDB7eDI6+6i>^6S=>1g95(vVS%js6^aDWQRNW=e6rtZG4QzOWL2l3y-s4_aU{1sQZ+7?2>y&3j zx_f%tc01}lUAz=sXE+(Pw`+_oq2&;R9;f+i+z~cNO5-)#c(*pga0vC~X zDj=y)Luil5ZXD>$$;4OwZ(I;dQnl*+0A%Lv6+LOjh`^>x9-~)p@{){cWN4(?7*hRC zeISqC%rQUI2<(CEDk1%=jKm@JIZVIl2KO@Q&>}JEzdFZ@* z2Rl4XQ}x|RG=}047XFz>dbJ583P7;iQo}C3C~=8<1SdJdiZD9Wr7!?FQOE~TiN(}- zz8m~^wDj=J!S13g@`_4+O)f?WzgOgmk4(}voGsrv*5I)}0Q zzIS`!88lGPQ7N5d%cHMgIB2XY1b6xx1=q(33G@VJvqBiB4{t-|r^rW#eVyZ19buvvB{FEO|G}&Md-PUr~ zVOaw@>Y*|$*nj0Ull+7s19p*(z)-QNgeOC(xa}`8AI4vTeS*JV_;6N0ZBRQ%JzId= zV{tXfvq%J6IY^VtzSoi$Qo#(_n8>(1^!jxkezM#sn6Fj|(&)2)32^rlS5dZreE%=7 z!VB|m;x{nvgXOZC=oY|ky6lZOP?vYkyw*Z~2r8kISe*-cy_;1W5W4gf5Ptzgy6LqE z>=q9+qtAg31Ziv3fN9ViDci0N;NcT2yrwfYglsaf)mSQ zt)#`bO<*g^E>ZEo3pC19v2o9aLYoSFLKuIA9uFDC&QI2?!+&r!(s|YDdmg{L7+w{( z78kR%#G&a$r66F0AU>D-p=ZUw_RAKSG&{cnuj!0$2%r1*iL_f1!RR5#vN&)y4}nKX zji+h{VZPycz1*hKw*c0r8^4UAVN5uIGD+Mai_$bI*_Qdd{28icZeo!#3>B}uBuE=X zAqw=W@t#8Nf4X)#gwFFl{Sa~~Ip+jb&HOB3#ajYJ(xns@&Jm@#F`1BZ?KL9TiG%lz z)K9&8sg*(-s<=o(eMw&px%7KpD$fm|{)YEB_ce?D(pIBUr7;`Gt-5ii6MfFH*NN7t z?s^ojYEAl`1m-RLUI}9(L;FFjRB3wd~8Z_WJCtP%^MUKgq^uS z`xK#@gqO@~4;lD#ZJdI!r7Z5z8UsP8s;=ZcdKC^y`&PI~91fkUPqg+1qJ>ZeP0<*D z0t~`qh?!c0!n?}MTi^_ki3eR%$_D^8xRx2eD-1U*CeWOZ3hSGK$!_xKC{cOGG^k{V zxtDd_v~85J9VV*WHL_c_9O$1m@AckISJ~wFiR&<48mN^^W`%$hW8m4&sCec~X=(pp zE&>KruA6yDI$fP;&RL&$DzURSzKU*Oq9mW{)+Qo~shn>!{rt$hqhD2yHVU~pSAorr z4fvwfT(-Nwu4%M;(dz5WnMmAkO5G|0|j8*XgVUhi0l4bW}}JApsVCMcVUnSCjzo!r^cDDYSFz3wSF zGMw_M%6tdZEhDY=H*zMY`q#$BMc1c@0ax|sV2IJ&F`?D5lA*V3*x8b}bhx-eHKCK{ zgb^R4>U;dpMA{(79j6z}&XcXQGno5YAbH?=5VJ)@Jfw7fXY?QOScH-VvCEUfMrz%vY z87kOn%rU2ZwP~z+lqzV~v=s&@lc#UYfDtYZBZ5mPKa?;pEA!4cSbyK=oD8aFqmf0~ z=^50C^2Y(DNImnnvy?%3QT)Uqp9`H|O^JataxOgoG5)V&)ydyQ6{+j{4fL#R3Er7M zW(hWX+8L;`Bc8k%IX6Du$N^SKXX`$-h~2L8A`M1dJjRK)|3xdbC(sk^NB>y6ajjgU za8zhyL~xsbPY>OAWzTxph_34j?j<71%YA>W4;fobH~8S>PP^BsHvj3XpdbDfsRc^L zfs93ORX(-V9B85X%sU3Xtk>>;aA%E`S2-}Q(2c)LApQgl!fIQ2p`y)DV22Fd7BKu7 z5km7Yk8be}eBzEVsw`{e?P-HBfUI={ClWddQ%;u=+8caDWIU}-^*-~T&q~uA%O~V+ zR`!Qe)K=4wO{@wIlX;5@V8xx^uPSx#?vZr)ND7lh1@i{O)87mnBfKPHtqJlGY7EHI zq|#`(>ye6~$O6PafW0%IV_75*Ur2Z^yq!?S`&v;>zNY3FTWbH!HmId41?9i#PAzob zgl)wro?%w^*hK?K?QIITcUU)Tg#ypLmKCFDM$@~K;fWm99D+Qf^H4X>Bo^GWAR@fy zOHWp+5Q_mzWRLHxzlvEj#^x=( z9@IV(2UfH0bxoU#!oBY1bM(E0XGeVE?%}`+o6&6{ePu1Hqv@GyX_<7=U?=Dk+M?Uq zn{1?sNU;M1WH9woS~v=LDU0=I$f(Myl37&4wO?lmAxYYrpn;}Vop*cHXr^!xtIsH> zi8zfWaJC>lTBjQP`D!*nkG!og%jMJUnb~AE^@!d}evT!9le=d@O!&013PULxIy6Q` z*m3Sd7Feb(i&XwW13m2)HSCFh!e;Xr__mxT28wPbd0au+ci!N65lWqWxBf-9R}1>z zvKXp@LFhql+fmPt@gDoa6tT1_G=mNe^!u%|yf18*teR#3*7D^fhE$ktF=QF!Dn?_) z068c$@(7gJlUm0SSR`o^2r|Xfj%n(K;&%6;gk`p2)aGU;layxNP=nZk}9^Y zZNk_`9|Ldy_WL*%FS+bpl~%T2)9^x?rqj~`78?<@SoD;L-r%U*ZD--ALvSV^+#geu z0`}jd9dsh&L%irr4P71CCj&>s*E%mkE_UQg)OwIK(gu04w2Bhy$w+MJE4D}vX}83| zT;ClMYgHw&y6K3@W$bPA`B>3vO0>J@h$qP+srXdm}Z6ht10UblGZ=iWk zj>}(O9vTSqe|A|)PSDa@%f&Rop+Ss_)1k@lm zGxCC|2Lhb2SzgH?Jaf_l9K`t(DyNbvS{oa4+=Wrh)zrZt2K4fj@#1XW=mQuCj>(qwfukSce?MkDcEGKJ5H zj2u)Lv^~d+BYDc3CsI0xEp#+>r(?EgurDp){8RM2F9c7pLp>HmHZ$Njag7_*mRX?T zbPy;F^qi^NW=k)bFuEgO%gh)bG2LLvh}MV8HyD+JUukGu>|ZEA0?HdvaiK#Ot#b;%pvC=AHD zV;GE+dgC`5kg>ABw^ol$)}g0cx#n*WovP0Z>vlpHd|hY3?g4ml36aC!k_6`ChV%+e zSjYh-j#mQ_epXi=gM7Eza*N{@o@A?ILakj3`xwQ}{RLR$m})IliC`|xP7w+%WnFsI z*zJQt1(*@T3w0qX`&2G^PIEwq|Ok6R&kexO$pixM7i^sKEsP+ zR`@TIxen|->R!|cfdY!0XMMh&WDpeI#}f4oys7fXpL7>QEZ=F|RprKC-a8)o1REkR z(`cI8y8C@p9{Y$-4T5KiXl}-f-kC3#W#5kEvf&~Z@;3JeqU7H)Y%Z`sgzsR0VV~?S z_N&VC*sdv68+}jAgnLeDk~<)q?Nw34hLMo4lUT~MD~E=cQ*l<_)C4}$*41&$Z357- z4NV$T7h*}~^RdlU?QswBQZtDz#ej$CcKXz0g99g50b**ftVsRgi#(cPk6C5%sU^w?Rj=^HRlrcxp6S;U&UG>h&O?rj zjjEV)AFDW+D4R6@?iN%b>oKqv_IpRz=Ew7blU{0RLQ=#8lM1cV!y=@vT%Zoa5Mv+J z4Ld>4!%FO|pF5UQ8W(^;xa!`H_aG&A=vGIb3>s;yRtINQur&k_pfKCo57UA+RNR-8 zjGL?oZNk1HQbhVv24b!`aWdbm;qvbZ1Fz(3-jbCN@NjVn7vvuy^mAv32u(CQT8Ef+j^WGZz?qMGEY#?;6$#N$*&1qMWjV zpPrCB1}rxZ>Kk@!=#jh$*{u2cRC(032m&I3`?EZNR5pH~*ni4S&`V%ts)1p_)vF~k~l=vZDaOVzKmj=?*u5TkZNF>*VCHvp@G zDBdI;0J^1)O(dk>Qyobzbwr}$Rn{0tfhC8^Nu6G07nIC%w%Z^oT7f#lH=7B)$$@E- z#shQ+nX^!f9g+7QIkCOxlPgRJs#;!uV zh2zUwDikYCH&5S##>1MyF{g#Hb`T^&t~gAmO!bwM>Dm2|0FuZsh+3q$tt&ZlXD-C5 zmMHHw))UGvOe7XjXlGOT0d6TN=KXuM&Pp)~jYEH$F5;dS7R z!~8E_#5*JDmIF%|Z$TVAyi+%1jdpNSDZAuoERC^fw#l){MUY0+ep9@eQN{iGY7VJ$Z5Rrh ze<>vbMQ*%i7v+;;%@?W6Sn*T?D*>=?>>;ac5d90I(9`sD&7{!jujB(3$M75z-E6wN zXYBv0%HByi?@~*(jUCM4 z)!)m@K&pT?JN*hSu^$T}6dhjC*~tqSC}QLdFs)GxUijY=p`H>AZ)0EbFIcowt+Rde z9J;9qpj-&eWtl`dE*fO4;gx75dxW=JbKA|#R4*V<@}BZce1gEP+6#U7)%9JHFb@Ff1_j@#7C=zoKn21sU&fz|{=Hf*go%Y)2G{$1ydaXg< z^|W2zXX9Lju3pilAVXcS5isV40|8h`!}hvOdwe8&Y%T*buQ|O}b)23*8YpNK1XST! zEg^0m1#Dhi%&M?y5KXlk1Wd`O4trO~Q>at+EyNCieOR7acsdSK^|}cr+DUR~*n6jQsx>zjYX!{UXu!_V>9c%?n*?geac>NQp{QYM#0&FF(?-^QGAU9uNLO1l_?@o3-1Sj*F}RP z#&`#HU;X zsUR2bE;9R|Z0zN5DHjM-1{8z=BLKzl^a_L@P3&e8AI6XrpmLr({2$asoXYkjf{@ev znhJM}EM_aVN7sC`I#zw^ekW83uKTpql0+T+VWkAh60gAD+vkHC#Oo$ zp0kCwIvFT&-$`*`2sfQX$-}X49B$8BBi11DN~ksm$0^%jUb`eajlK1=7VWr0HQ;GV zc=q4}UGl5)On@j~S1ht0T4Z^!YA)!gCXjD<^)ZX-vtl@NJYEdc-gvY+fq8TRFy}t% zJViA55%48v*DyA8<_L|OvQ*m(<;G_I*_A+zV8Zf$gU9v%B}c(im*uLCYjjyD^W_cV zimV`GN!i1+BLSj5EcxdHRg?Q4fBD6>(Zm<#t6SAUpE#?}b3Uc&Nlj)=%Jcch)KBTf znzhE%$5`Yn(|u7N$r!J?QEuOX#5w!aR%+5%8KJZd7>hC_l|i?Qmu`H@1?kp@8!7?h_~eShaN;?~=e8+E zf^p!r8lnzQZY6%pK|lv1vz91{QJQhkdHbslgCJ$RvdOWy>>1x#sK1+1tGrN_FT`AM z9$=7!PV56i?wXjlgxpP!6Y~)$i=voR>&W(u*k<`su{BOLs^l~d zd`7N;`@&m*-xM+>l6{~Ukxe#dn5uD4+M8Nn-K*=83wwKL^w)H(n8V?T*7 zCtoSW*|DD~yysC|E)(4RXjO5d=UG@Q5nB-l%g}3E2XFLVe3|QUXpP>%(=&Gr@ap(CTu z&pH+=e~~nFi!csqB0(s_tKHxBbi_&yJ-<(WU<#Pb^Ym~^PCsw>5Bs-dwiVf{DX9|z zH)xqAJBRM@AExfqTqcCCrOZzAR=imtM}QjcUH<=om8goi6TT7b-?@)@GRP%;z!uWK zmvKAJMUO~D!Iu@J5YToLs*~T`zdT>#s#?m~zViBSIQ!5NWF@SkWJIpV+X+fxZ0I(U z@a@t0C&UADUS;h#Zc?_7o;AHNT?;7y#riq`JwU?0HUu4G{sjHT#)4i8*@h!lN}OGz zi`MzlIla4Kcwb;_QW}QX6b)~_tJ==&{0CUitojENrMypCY=lWTBubR)XOEBjO7`Dn z0#1u2qdH_G02Iwi}fvwQUAP!Np6vzy3FYj>3N_sCLyK_j)>A>%*jr?XH zdhl9rz^LNZl0aG8c1(GflNw?~GxO2=RHspFs+f#A#iehJ1Whcf4s*udqzR+(tN8Cm z{I&H?H>J^zXe8oi3iO5~W(-_cB(9`7qQpRb941}%z(=U%+7++TKB6Y02}cc$vtte~I`pWhDIc(M!J;Gry%IAl4Ci#M)NJ;y z-|wFH&2>JQf!gY+fcHM$O`2`2KT#Alk-&=ThYD2?$Y$gryzzavB98O|b)wYG0gnG+ zG~>|20fe?$7<%q{WNDvDj@6sSCqq&|Td;S_H4V{eh~oJ9ez%UJsgIGeX%y&KMM^NQ zw3a}zl$AugQ%->NaMzFWKbgX7bmcr=U6&zm5r9qc{k7NHvalnRC*{;(U%0AEomQEU zX`hn%2X3c}C(I;thuxN%_2i29+6RwH9(pB;X{|pZF|MB1$83v1Cle9LA~{U#g^1>B zE3*iJ05VZ-@0Ll^m8#g{L`?r=5IE~b@-#;O1m)-czHT*oWTIb_LlC)Xj`+v#H~62^ zxuHUR#f*&cOlTkUNMTo`mbbwJH#2n^3bwt%m7P29S_aKSVZ`D2t{-Y`b`jFq&m&Xh z7S83>)X8tR%138Yf7lXRd-9DTqpQmd-JHDvzJsOjp(H)#lr+WdLpe5at}jQcjuEGZ zN#(g&Ss36!+?UWw-1CGDHEVdZ6epG{6qr4nWzNn4nQ3B#r0gI4TRN|d9a7P|9k}yd zrvs#@izg8X(nlf^&bx{>LTSKHps!u#zWOsO#5u}l88J;Mx0vDO^s~Pg)JmRkr(e;# zve1quOsL4+e0bqghdh&*{K5#GuJ)(#`QwMCIGm}8r;QRrDjbbh^E_+*>chu^^H+kd zOVMk%u7%iO3uV-+rqoKbWcvCi2MOUZXYC%`ur|%R@@ws>|%dyh&6ZAqCj@-dy@-#Uv zRjcgxG|io2Ic*gj;I8MRRL4p zm5E8cLWeT#qf0IP8vOjexU*GWMewK9xSEjTxx}yjUngBPT9_k3xY^I98P)07ZisK6 z=1^jw4CzJad=EmwCOMKMEt-&x@oQa=RyJ5;*6PF*(1ZgLe*lOJUp{jed%Kg^Vl_8E zgB)=wcAOj#k#BU~2B}>tjyin_^dufZXzS7q89HvwT9F?som!T|gNHEN8DXmi$X#B6 z;hwrlnZ)LEm)Bb0;xEPrx)AybC|bS1|8ss&V4=frK61@;l+>A@b#0DH>r}*(Tp~OIPQDS@Ysn;#P?GtY7ia>jGUX$_r|J{_$fu3tY<;n2&l|02E(^>Vz8whN$saiO#1MIhb|e*_m+mA8zn zUGq1hdrNDqc?JbB^Fhzs%=w$|S)qB^=x+-*S{4sEJF1lXoSXLvGhzpH5oJ z>IL46L`oEv>rJiim*utOStiA3C0sP$2E+xW{T@$i4B?>zfRfHnGl)%Ib%<6XjsQ&3 ziJz-m2>|KFdl{abpqkC)xk6W(i7cw%zXcQ2cDzPys(mYVr< z3b_dH00U#%WnnRkxy?P6+-yVp$dQ{SH;}!2D zBh`ouQLPNE8vL|jn``A6_oUd6(Z~H>m@>c2u2aZB;6W2g4~O4uL8k+#Ny2B4&^c!vH%PGB%Qx2o+LQvshzXUFW|Oz-!u)8V#2X@%&lykCNCX z^%b^bmn|3_H8ebT>MdhS&K?&iT8?@=8@=4#2Le{52>8u}hEJqZw-avqIZN4ggZ@%W zkj?*3+(U#LV^?%F`$U-=ih9YfYn-UMHl~Mw}VgqnEly$%B+B5D%S&^|4335#MV zoRBd+{PWp6r{s=)A&1G@wTZhyjLe+m{keswzKy(iG5tk17^m<6?Wt!wowJ%=BlAH7 z&cId91V5O>e*ebeC_4>X5X;EbmtO<4H66m^b4J~DrZ)v{Ij54ROp8US&T@HERF;vfB_rSMmoRpzFjC zpM1poS7-)4C2-68f4h#Q>!Y_kt?P~<()7bjN14J8aKuLsX^w4%xIa%QQ%6h$lg!vA zBJ;o5#~f#vT`xS`NhH2de|{M2(Be7+$#*#*zOT+e%TlI~RpV$QRWg=vxSL&?;Xr_n zWuUxKD4PQF*4uy80ZZ)Zv!|@0H`UMi5mGFmn!d{{V1N$K{{J%aVw)U@F>p!S%?5;` z=CgTXwJD}lkP0N=LDUkW8A$)Hr@M!oZ^v(PXgvZAt&_Ja*q|7>`0FzF%3du@FpE{K zt1HB!JWyu8F0iQrRWoIlP4z@kZ7T#Tcb3zR!fMIkK9Ba=>7dFC&<`;(3A5}gpzL-^ z?j&1nPQLC#WbH)+7%_d;B68$0OC zXoXMnpjEQ(-=U|I_HDGKpRNQ}E?AID(spBJe8WV#dpL9GnX$I)hXOSW${j`Ny0E^z z;(o1NTK_Tj+V6s978QHI5xH2&dss8KZ^bYJg+6$& zImbU+&p(OVlPHpKk7L|9?`&xO-FWSN;DQs)7FA-=m|?K4yl$wG-}L`qBYe`L5yEYN zGu_X5ap@t>=Cms+-=7|jIYiDU%Fv7W`rI-->_ti6FP=&#t0Sb3S|}lmTGW>zed^d` z(^scV7pxJUhZ#4H-=z5Xm9H6Zhky7gRk+7$)PqNWnL^V7o9%6YRTN=rpsk)Qnins; zE=zLPY=v|5JDV3QgCI#AP(ccni4t?}RsEdjCBj_gcMj#)E7P=?U(NstIOoX^_DvIK zTiOlllf}iE|G5OS783>^=|AMe1S`A5@iu!T0RTEh1zeY$+|?iMpA?Lu_?UhH@Xk_~ zHc%rb9k5U?R{}Al#jKc>$sy9`M}JoLi#bqz^IbpyTXj^)V=K2R!arQ{qIky?PpV$i zOEdVGhe(mEbcS>A8)GmsfJH}zq$zU0^)L=Ub1kXcN%?B{6zv?~j`Vo4@)T)|z~(`| z0oot4Nu4r8ITg{K*I*uWyglWKmU_un8bhzF+N{0s{=}%WOyOnwz)(CNw<=sCdCs3r9o4w{bdoh^p~`V<1Xzl4F=h=&4! zeTSUP4{M2R6^ZVkn`Um7u=7@Y&0YG>v%i~bv00d~D7Oetl(falBm%o<*@EOoNYIcC zc?W8$PAS|Pa(PV71kM26fkw<+T{;NR3j5nq^p$J}Gyf!9CxtN+azIb~DTIzuiFRe= z8!YC7MLJ(^+h8{q>NO~yC2S6GL^F3h%3e8{B838a!Q{oP6Hpt&8v?pFRy4=Tg@7EF zHjZy8l_NS&UFM_}$@4GqH(tEHcs)UN3v9WM?=*8Xf2-s7sK+V@hdp)psZzz(0>Z->h-;frR`~R`vL!QSQ?7 zC@-LT6(B2z$o@IyO>^gP1oAVar@tKRdoHu+Z3Ka_Fr+?tgo?wty+z~Hq`r;~$vgDH z+v(Ad22^4ITFr`^n^#HlnQk&Vz4tsGm*FYD`g~W({({~czdgKxsqzG9e|}01g<9`% zAPW!dZe#{xEmOO;;xxe#XIsc~cPLcy*v^j;3Ma~m2PfBrU;zDY)k2|AgPH8&G=}+v zBCQvY1-VT0^wc9gxKzy!arEu?GY)9|PP& z=N#~mXGZqxk!>`q8aXnkuP^sw*k(TfV0x$H?g%V&d1RFCW#dnLo@=c?0JS zn*b-xE2Uij_5D>c0_r&zAp@Q9Le5_>y$K-@H=Z%!ye%H=_rR}jI8R&>+c-7)-OJH@ z9u|7vN=npjK&vavu&OEeVjc>RAOzP`dor2#Aql1RpRdxv)~H?LlbCcaG?CS?Eg~ z1-W+%Fme@aQzqw*N;7s^p5PCYpZ6xWc zNKtv?d~zh^M$bWlCSsAQn~XZH0|X<*Qm;lG%ezD$tOyjnrwt@Kyy#$W9zLADYCiLi{y5dRdF3>bH{1|=`huS6rz~kc%8a zT<2_ZS6dBlW49+vp`eGg%sNoL&(oDdaNivmT9pUkzJ|i>M}R3cmuR0yy7a7k$F4Cw8nQHjFMY17!ol#!0ZQzxb3oCgObcotKo$@Z!mDRlBEH< z0ai)pQk$3#;HF~yHk+5fjKtaV_q!M`j-@!KTU-$7wjw~VO?aLbnR-MFBa+gTqKzx# zlP$-)I0;!Aw0h9F=r7fIALYdqFS5)Eh&=Ivh&D&9s1^W#5)qRAv@F zxv(od$qhD59Vr~Q4XlK6q6t<{%Ymks3wMrR(VF*4>EMU&=^EyZ_&0Ved74Z#)m+N$ zF&o>-cE&6NZd`Hn#i0|ve=KHiNEI?tFg(2Ee_*FUIIP@AZ8Ds86PQ+Kf6Mvp=Jwfj z7#eQ63kVNS2^KSU8>jyL2TZMQGm}2CnCmSl%??AVSR-JB&H+n>F+CnnfLY#{79Hdi ztW9By^n087Ap%!G&kxb@TAFJTrKJ$=ddlYpdrW*{zQ{}M*Xj)e?@PGunKqDprcM#V7 z+v~ZTQtj9`ZKha3YX5i4LIygJlJvi{)XE(Jz0eX{yHs%82bK}Z_Nq8!se&&|z)&C2 z?0U%``(jHaV1{>;r!xTI@v%VLaprQb)H>UkpY~-5PUhO54%R4GYjaCM9%cK7dj!|= zki|0DU7`-g8p*k?o&maDa;d)_^-gnT>Volg?SodcwOaB;Ipu?C(S}KI&@*~b-$h$CQ{_v z>G-neai66Jd}n7<7Z7IE5~#bxVgqy_VK9J61gc{*i^va#XfFA^)Zw=y2i)?(RT$hcw85)_4D2Ucj~>M z?`}*soBmQC8MOaJJ~B_VqDXBvf8=8DfYJ%!GL7rF>zMv(N6f~Y@4OqvO_SlN@;``o zo4=bVZI+!*i-@hsh*@A)GrEt`lOKrR)n?UVn*?|ZABAB*0o3RQqWv^UCup3{5O0f) zW>-{u5h1emK4u#$qAsP#rpJRTl6?fvtotHAKePgK>c0ssIaJLB?Vj{~+KG|Sp)UZC zPsOhsgUnO3Gd{OW4h?jS00-iw5EJ7Ge+0Fp{|w?QrX6PyBB!u~`sXzkegRV_+L@vD zhwMzdP1CO9k?nvq47<%xk~iD^^EEZCtKl-YZgy%VK1o8;`G#E<_s2NQjV zEP4%}@c6nR0Km@J<=iM!*k1?Jp*EqO#S4L+;~n^tK?-sB$JjmaLRCEUeu3cI^nuGT z5?N5^dO4*Rcwiw%q|C73Q;x@DKGce7GKF&yVTgvvU-DNTI_7}PeDOXrAP9%cTDjh`c|HDUD08>X&EAA5bpzI8v zQM{Z7*ypf9f)U`e&}#e40x9KiDT;lw<=LN%xD_BZqYUhkW&KB}5n>z*x{DD$=9w4J z4r?Ye7&+Z-wv=uHP~O^-R|$wKU@oPCPD25hC_-b3vg}^eXaD`>1vS|yQ>t0>D5k}&{zwUKK;nTA8%ML416*vcVq7L9c98y)#~p>zVc1Mc zO0Hp3I=|T50_2%WbAQeVEz87_a#s%`4!^|GHr>KcFNO zuB^cMe?6v4xg?>XXJ5xT&)kq+lm1}U+d`xMU)q-h*-6?_bz z6@bQX8@?;D+jANSJ6xk{y{HuYIm=sf+JM~^07z&!FP5!tbBi-SS;H3RiaIK>u>?!|;qvpAeck zMKt&!{o`9oG->o)&$v3N?{rXqc=F4XzN3*^P?nj;?Mw#!)UZ z$EdQ?+0XhWA5@vD$*FQW-6Jp%FN|~Bn+hLcb^|AsLp54X9nxFB5w;_m2|VJ~7-)(H z7_TF=PH#lXwGeH*-oKa0tL+VLV5;(-YDRN>9>>*l+2GeF*XevKlCzg}S4byWPzvnm>rsF*+?2$0COL&3w{_BGFL+M6hRgDlCArE- z>##R?SG}29kuEA7fdcsEa8*yC>d5-^aYos!D^Lrhgz*N($`*St&;6Kq#*Hn=%Amdy zc`c&DAcqWTI#cW1{XBM0_y@C!*vE8=K=gW&c&X%LJN^z1F!Dc6UzcOBPC#x*I8c#7obK$%f?T=5g=M_pDQ9 z&z?IcX-4D7m82MHL~1}0fhUNqdM_*x?cyYO>{Sg#<&Q;*4bfrkfN2j0yJ# z!{i5<$HT84ubNl?X+^cAq~S4H&XJuYcxo%4CNahRqsLE72SUrWz$Dx=Q4|FCxl`|6HNDAJV9D?hbZaH#>=`?nzK zEfwNyNyBqOYat^uY{N4`Zocx0C^`Lolrh)ywqXR1@+-7eGO246yFy(QX80%#`>3Tl zdf_Q&RmqzT%jg1!6(-!OM}pqu>+kp(-TL<}!W9fM_vHOW`=bcgnx++>wyi-^fF|W) zkbpu@ly`A8@)PxhWA3C!0(H?;6hp);YI;!?WYvBldHQt^w%5-|{jKq;+S=UVP}TXT z$*&3)7DIV^D4UhKg2Fn1;x*DtEx3J9Re{NqpyGmT>bH?c5V8V66x$VjO7xA{26**~ zwI3!ZIm>iJ~Id5UVjd+j9R5xiRN&*{5sUU&BBuQcy3v*Bx*sJJmuwlvRqWgrf&!L1Yd9bK8#V&7AHnjm8{ClR0NoE)5- zL#cAI(@7KeN^w%re}OS2SHLc#`!=`kX7nb*sDza zqQ6?oqYjD+RC4gpoZu-<6rYn@#2mA=NfC~_=A7`gNJfxMOXO_;nZCVGe+N`jzJ#<( zjSOz^n|2k!ufO(a0e9}5DE?gE(OmV56Zq;7FsCSD-$%U^bk zBX^9JSDQ)P6$PP|8+?*5Atj^_OiNsSjbn$V|l z3p1cBh@4zluE5*F?Q+=7iRjwXNFg1q`aK5I3wHfIG=^1k+KAJlO)*T}{c?)tRm9ok z0oY)o&8ZK5+)=(jQ2{PAV3l)2p#bLBqKzZAY0xKo+LTXYc`A^KH4o|wS zdE#4wVJ!F)!tHQ=*8i2y2o9`$?l*(V|EV)-QqugAApt#%TPA%KAAjg~jP+;)hv-Q) zM6b(vGyvjr?%S{Hp8Ea;7goFZ zF$aUb(J%(xpND-o6DxiYG?b7lviQWbm*cPbCA1d647nD@#Lgn zoA0MWBS1BmUj#tSW$>O0LgMZ|X*(fy_6W^6rn4HR$$IyL#B7ulp_C{==M_0zEbm-f zB?leS07igKrD^5SK;(;|dqfan%aRVWM{}zC+XvC_Xpm&Y#|Oo(sK=gTUHNC$_-qjg zq?`odMC2sg%#tahKZNp_T6gFNXe7T9PCRw58}#92$*Q@}_mnMnp!sSpN;_a`mLrQ- zHk7_P3hg$Ll|NB?!xw`x9YkVcF*jlO@Hr*=1QZny@M~!qz>I%`c*4fhD7$940XxH* zHf~io(u=%dF<+;-sjy!o44mc7Z1gdvC>?FM**M&dAq17S$U_1CZ#8*epYR(4l<)>H zlfBnf-VVoKDYh{rA7=;ZHFb1R*E>{wxktp+BA_9sthXY-uqw_($`xyk{b+50@upY zYLw}~IRlMtF@$Y>6X_>AUo%X|@P$2jg!Rko@Gv2CHf9vk4cxY$Gj=@(;}kr@UugB$ zS{~yM3agK^CwyEB#XWr=VwO`OJ%TK;$BZ4e(0T95SyTognIkHInDm8jLU#0c|yELz(3#M>sB$$GH`pU{#{T zm|`bWE8&){c!M5K*z0zcJ&B+V+{8>&=G)<@);`ZXD zq;u^J;I?W6qTI_dsR>)%73dcpZXmqlb1e8GFEqG>?arUUBxjkW0c^_ElH9G5tFMv* zb@~}1)rqH8gy7UEli+59j1dwX&8w=b>2eo5)!CP*#Q+#1f46AgUXrReGf)guiv-VP z-2``ba}HNaa@M{slFg4mt$EhFtqB;(A0}#CXW$~e!KS;ej}K+lI&-u*+nJ=s5`iuK zp?zgVpz*0bdNIVkNpvf`xOhXPCS7LiLtr_&THESH>zmV}P!;nG{(Oypz?w8k8@>B! z-zL|c0JFYP*RqL1nd_xSFszxV0;Cv>(-hJ76NIr*)N_dW26fL{Nq>dmt`-wo1x7yW zZXM%IMV!x@|M5v9lz+Zth1@<4Ozhb~RVJ7_BFft#pH5fDk&vI+;MkOX*Zq#!vYvk~ zp|K3U%G_FV$3_dI*d(_Wo_|eeH&XjjcN?a=MplkHP>|o2g`qXRUhBL}i{@g9Ha`$= z@Y=Mc-N;ap%Ji#$77V(WtTQpSVf9z`gAV67wm>UjXDhZn`=L2BQhXN*}yfWIoz`=X^6g@3|)lZQ_MB2C_IDFl@&1xQmGWBq{l zS0v1C@sXA@cX#LHrZr%7*^mK#=mJaJ!-urc1Gj&Gb-NAXq|TgO(i=W)jzIw)+E!cV zx-x?Aak`AUCJfwK%i$7(dQ@9Y5|^d8`qQg77~OplWn6f+pNpkTl&0FI`|(xW;ktMx z3wIf*|026*`Y!7jzJYR#arm+Z+Awa{*kUor_L29|f) z(2a9Z`RpZ?i=C@YQ>K0VRkY)-A-2a33Qq#k2V;zQ>KO()hDVH6JDrg_R5@yDA_s&J z6cKF$?;p;B=6q+(6WqUM`<|c+M)QU-!$bSW)-ZqkleMBVEsrPV`WOa|>J+7zh zJc!4J*>u7@B5#G4_^aGwo17OZVpzH0H>v{|5q=UDO6v#hL0qq5IMx-!k}jiKBwHfu zTnTzx79wu+6G|kT@KhNO$0`dE_@SJID=R0E^bL^RLd8cTpT2^`wv1Y26b|(Po`*#t z)HJ=%(*6x&6i6cF-Z$uYpc$40S8Hx_2pN&p(sK#IHunU}qHe zh26>rGOq1?#CXoGE*ph=j{+OWTZU*Yv@(^A(e|Xh3P zfc8S;Y8?p)tr#=t{q5G0|6F;!VD44X?I7GcEAvg_Lmi$6RP#vO-FHk=(#N@J*~^^w zp!i;oTGhGR?CImW@9?!Bqe(LlaLSn+&2B`>2ew6Q5yidkN{hLW)5K^Lf-%EZUS>0# zZ0)YSz(N_-9B=b4$%oPN?VuPrb2!)JlzJo7UHP7euhafsidepU<$Bun{+cN(#o`A` z5+-iUu&sTuMUb{`Ma=hK@ z(Ia_4+!P=?HhXTI+K27L_LI=RC1l{Pb3ss1f)8W@s)?r}` zwK{fx9NG&izNI8E-u;o-Q9%cAu5^S{1!)w~CK+8Glly|iNhNSYKWsUEaFvw)senqu zD3sG08?EzSshRA%&uy+c04eMQGZDB2O=#;b(oP#i9%_ zd$!nHqSZpi16`TyMDp;4Z(4RpwtKa{H!n~q7jZp}8=GiS*xCcf(F$h_?R`Qm8e$O%6aQo3J$eiCbN&z^TWxn~6@)QF^#Qn{=`941QcmxRnQwyM z6@Hq=;R{PgU^pr3W`XN+d3qe_Ki#ouRl$`ZPAwqwX|Q^0=gWd>&spAKo43g9=qnJZ zT53uxht^>7hScG86Yu%5J`hL@PxC*H%r0k=`pOF~{aielX~K4D?FY}8#&bsT!s#|V zk^m(~yTl^4%p%a&Sqp^U6oQQI^Q+qTPneC!;M}KZc%EOS- zEe^jU$m)&uyQHr#2N}%1*RP^0=Gq8Gbc@5?Mb0JAA2#lBGVos zccp*%TsXRzmEjHldl&C+!qIIMqA;ffp;&Z-K7&g1nN9Z;+}@&Pvx#WPx`$~* zibm>9WMpt#K}HV`7rJz~Z%?=mEPSSzW`GAPVKDD#M*LAwvcVvZ#&6HEi4xt+2=otW z%8Eh4mP!CI){n6b>H#8$SLq7`W-){j63v$uPTCsUJ>0iTR7D|zX+wl*%%$(+W=Ga& z_bR{p9($GxxH47r^?KeJrh8vWPVK-oZJ8}RSW1Za z1s51$OQa}-`YI&IOx>xF<0MrTeNA0TD4BxUPc!YjL>64Sp1OFrCf#OJT?27!P+U)2 zgJVX?6!*5!W3kh6Hm%Kh{2;=@#@r8l55@|r-Kgw*3Da1DCpN?%4Qqf5j#T7(??3;a zV?CK#hu-!?6?m)Fr^(Cdd>Sp*b#6h;LXmv`q$ zVAO&p#Z?GY#7kbr%g{%a)hBVXbLO#PD~bY5uW6pul(w+4Q;pR#S81V{O3CtpH)U&+c1??`ji7=7s6xBN>LHJmW43a znWL*&Qy||z^Wt}OZX*8);*M{gnf~C56ELMk;%nGT!l~ZU)EPlAR)k~d#f6!vv!RGC z?_ak2gm0@2rMX5Lqh3w-knha+Tz*6nEi%%$w}|c_+ZXiL#9Jvsi%S_5aQqCdzZmBh zE1q*cG=O)%AlpypPg}{bFzi^p@J4^L5@y|FPK>)jW{h#?6hvt?(6M7neOE%UE;IrW zBh#O*Fg{#_g3Sg{lgcta^6|HTj9h(>cG%F0Z#Q0iobSW{|KjaDJWNv!v&^ESIU&}{ zx<)pf8lQ;|r0p_}!dYeVM#f_^hrjsc5gi?Z?*XmpIwRH-)XFW#7PcTNQiBf9S_<-Bqp=9E#sO?{X|7=>XoYZwn< z5)1BgZcZ9<86eEUwTdi8zXfuH9n{9~>VLbeRi4cX8Yoq;b`28@h6(YMi%fc{WN#r_ zDGwPEvtkbuDm3s_U~1FT)rB4Ny7Ui=O#pv@wc#nh$ zdSO923JpnQ9^|>!Ais>1pZ$nLFZA=uSqiE%iJ|{eF@m5Rc&!0;KiX-9%b1ewluX#F zpqw}4lv!*mnj#LJHhhkPqGFE5oH6CNiw6s>BaI!x?;V{p}x6a>MQhREdm zxW|bTGda=~+i>5)nP*jP_^udcVYO_}VY|z#i{og@2&;=LDsvU+BPuCY zV0P3gVrXjqs?03aa{Y4}OPSb{>-g3kc;1*E9JY*Z^5#NWpF47~tovOO3+z}1nCus6RcZ6C5g zF9YgHB;`KQ1VD)=n3X>wdG&Z=LRBO`!wZ#V;If@%K0=F^j;|S@Cu`BaZ%>5sM<2wp@F6@;jrk8q zwR9mNbf1O$cj(^#uFGb|Eep*Oln2ayEqdUu&bN=&2k`Y8lL@a2?@cm+RinvzK`ZSYRX@lI(Mi7+mPg?YZ<9+RE%DjL$=N&RX4wWm}A9T9)T zSSEq$5~6D}4%;ae@y=ZE>E)9}M@#;#j1=78Wc?vrfG1+)wG!{g=w}+{^p|9;PpZA{0=9rm2TKl`^xE~h$;31uX$%TAE0X% z&BoyVCC&+d>CAx>9^P*5&UHaD#)Sj1PLJDN`9 ze->`wyjJT;b8xk%7&oji_*;^Ik0OQ{K9?-$pW*pV)g}sY$4Dy`ZOSOG4PLb@;#bG7 z+!XpW%-;hoqFk}!KE;GI^Ig0W38t@BwJiE{fnmVc&>PQwzASwpfaAjZxa48XalZC$ z{v9 zTnRezh(?Y{@+@FD0G;-EscW|qxgL) zK^%`g_WhFmW2J{3kIG@;oYT`y2*Z%+tlgFEzE8-l3w$32*|W5nAQtRXS>qFIMad5T zWaMsIWmyxone0)KVL5Lxng9YlSp(*@#8vVyZMS&QOTWbwnopaB;{eM4xuM+J@P;T= z{CnbRk7jy^Ny9_atFOmaWR9i~giyU-;O~bP#4mWAqVJ|R1enfpQw`Q}_uo`CJV5$+tz!lm?i~ARxe{_@*R-$16x!Sv|7CfL0_4bKFIXn(+L4O@;_cf z4&1yz4!Zfr?s>ge%B)LHR zqCv6bOuLP2o)fUM9CuRm*gG@I#uDo@4xC7ecrh$OpD+ZU^bw`f>`4Bbfm@U!A#g?? z07V>VK^Vqv$1eSS=R3rl#!kj@wj?tt1CG5Mc;-(naZa4ZqD@yrAjnvgyC!UM>Z~#V z=E(t3+R{byoGo4HnK3f5mQv@x3ov#pH-Cs!w7VX|tmPG$$|urMw8C{}idq6xXS+eU z-LT$y*;H#ryEsW6%0RxN`$M~>w*KPj+b~k6)D};kitnb@En>h#+c2n|%C(HCby0)Z ziJQV*c&v=ry3Z_xz)V#<8->lR>W7yi5HjY96+@VoMp#)%V`b{94s%Yd0-8sXJwI(-B{4l=B?qBRG7R=I zvkvai%wK7Z4ss1ePW`e&uw}9Y&}l(ar(L^=N?2nkzwcDlB(P+zVMmlUf(%2;bFkcD z+pst&pfXGH{6(+&VIY&fo^Jd?4@^Am+!AXD_9Olbo9(Znshj^X2noOex=t7=y zN|+IHcRbTaRj6l>BBwltU@^peDT$Hh?oGYEo#lN0)q-a#9nm?4z%e0)7DTl;o^S_P zXE%xhooUj|pUV=kHlfKmp<%+Xb4%}|6x&=bz}Mh!`FvhKBRaaQn_g_g`211R2Gkm% z$bXtfGnsMqUw?-zmM0dogY_%=ErY}!C@G{((Kp`3aR^*$t*hy^m6G6vvrZxjH6T0Tlc01t6{FQlG~79O=;-(^!A84u#X$qJ2elJdAo9-9jG2iW7=<`8YuT9n!1p7?SB0y7^mHObUcxb3h zmi|#85kg-qZp9P2A!$}+HcWa1#|R}do!%H)i$fyqaPnA%fyFNV)(DOr8e#LjR!Khe}K#& zx1Y5Yd>d%}jtjqNHNO2rfiObdZJkk{3(VX#p?r(A8@_DRjSr+P6A^hfQE~a&spQ)ZvG$>cJ?nhDK=1uoQPoSGU3%qM^5t z9%s{7CG*qkcFIK=Q_?9=OJR%WLrQK~;bG)<5A;scHsu0F`#(z5`!q(>k)Sq+$Oh2( zv?_DE%KcEBUnsYlz8nW-fv#W7Z_j`ev`uZBH+@hnz3UG3W4rQ7(nh{tLyBBU15nc= zxcsbHAZgD$%qWkZrPfA@D?@k-9S7?GO41P?VBTha&(kd8(EEC0g>MxYvMLaLK}RpE zsM_OWJPV?y4d)o3KO5B<7S$eJ8pj^vPk;ysKigrn6sCdM1)raetl*$N+g++rB9)Xr zz*(KqwWWoQzGo|i8uThs{k|g#+CU`hBvE@WQ|GpDsUe8Y4lGLl_Sc1D@O2EjdpO*j za$+9BNm>LtKUgx{6=hgveuV*VfkJ*zS4t&0tQv5@Pl$F`Xlf}s`K$5Gn*csQ!M`QZ zzC<)N0(w$z$5-GpY$+m9SZ}zhd1dW)mkG5mQEWyeUG=QI*kVP(0)i{wUWonZ!PPCGAejluJ7A$8$#yFPb)Dpk6Gg%Zn_(l3zZHsKl`TFBd}l>7snArE<95 zmzjS8z;13zT;;cQq6$YiXA`V@8m}BCm;(~E+@(^gOW}Ajirnls88TWoB^aLwv2&xD z-=LCBw{_JOXpgU|SN}rGz2^e1tj9c1!zJZ(k+~L2zN4ZD!Gnyz)AZRejkj*ewgf5J#K>h5W<4jRg9U(CwnOR z=3|8sjGgvM{4kdz2rGlAIlj^JbSxzJ%LrMo(9H(!*^ z2|Z)v3wSr{W`~%)&tziGg>rRp%_Lj*V`Vg6sPVXImcAWxFJiU)dQd4K0udtV3G*m~ zFCQ{I$pfCKQgUg^EQ9$gs8@ViMW{x74=+E1}2Tsx;ybk`ionG8<$FV}%8 zhj3O{K?`HpH=Qe6hl0bQDqYfKL?joxjf^_G3!^KmyJG^wh zC+(IvZ?$;ooshm+g7sAwz6oRVsseyuT_XgJfM_h?WGtn?V6o7Ivq3vFTP-Ch1_(~()VArfe z*%{&`M;=c`Q2O3($3b{oN@;BDSB@W)_F!B)wq9IiW-10z3HRyUM72Xa{c4NEmj0v1 z!%L*Bh`Z!T8%n@RbqjNrNayzY;?XWDd;%C`6-nD=g=;)BKd3ltfmp(yqkhyC!ludi zzokZt9V(+|$(&i_Nc3-W(8CZPJA@Q|@_%D9Du+=vo8wjR z?e);{$@EO9oQTL@2V!i5ahnf41t)@3X5$n8*)I`OO&E*!m5raz*Vml9pHdqH&jv-} zJ2J1S6D!_W{+iN9dJpk57uZ|m$URp?eMpD}eNa__$&;Ysf^3(kno>f7fOrPSOXsv) zQUZa^gaLbn)#5qJB{;H@)(jm1%xC6U4uQxPtQ~y78x@2}S46x-^`8dfGj6r@K;~Up zliG#Sw@S3Bap~YI(IyTM3Hm96;g=}<0m>GEp-zDTHjW9r=B;!35u+(r(%$J)J3{)d zkCU-0U^C_ZO+kE~bh}>#ylYFV=s|Mw^6rmKznfYX?)Jd>(sXbR_gQ-!>YQdb``6`t z6pA2AFp%Ir3>-lR;vD~Oq`0d|t41}R4VGwAZ z@M^kxr8lO07URfY+t&YY&?cD^+P&KGs|)SQgSM2Pt8>N*eAArM&@1lDklyzPhy?^$ zMZH>0m^)+2uz;tM_@igxh`M#}y}r_$zm{X9Fz0D+a|T;5raWZv`P%5$&~2>;3t2#A}|A_54Mh%8O1HQ-6UNu+uJ(> zsUxZzH4bfVG+D(@W%REuH)v(y5Ao?j29jt;1FPC`NBvdCp|_H~1j63DC|`IpYfCf{ zHNiNeZF0PEH-BOjF16L3E0U5#t!Y~Nnv)Jw$e;T(4P7)RbXK2Bub6fk4N2j%n{~*A zi=an!^xt}^CR|}xb_$&T3}ke^*QB-Dihis4&2XdT%V@6F{G;vEk$4MN;%l*ZcaUGU z=;|&gr}b7f;|36hwOg2>TmnHj6qPr~M*(86vwj3W3Pao+S5#R=2s6@G)Hau>qpi#< z8G@cLSgr?oMAs>Ku`4xPhKWG2M%x$?*kW`Zi9m-wpDUa*gwsAFC>|+A$9~YpcVJ1h z!X_PTio&d^qM$8}dwQ!cXE;+$&qY8fl|ZZtEnKqdW_%uKVF1Q89C4u4+qeoFr6=fy zgx$~$(T7j1Z`0n8MW(0ynnWZ+WXJR=3t69?Nhi!E!4QnDF$z`g?yw$0P2do zj&#J}!|Xj?+O~-&4nS74^RjbfXJ#U}D@9XFbwPA0x53cwY*PhkfzZ(V@Q@ zdS{+g%NaG_YWNIxh$S|8@v=7c_LS@qg}6JgvH0SlsvmiBPihJA8CW|5BHBNias9gx z6-I3IzN*0kz}7IK$bmeJ_251TL_x0UEFLZILpGIkid@XHdX%e&l}eOUz`!ASq|U!m zqHd0q1HR`SZ*H0{d8fA^W6(|0f6IB_+H!8UY2 zLtyHMtxeoaH3tmJyYCsKiXg}1AUwJ${{Q4aazzo9I^4o9)qoq!NM)0n20ieUbMUxD zv+);9z~=wg=Uc%=(tBc!%Sus&(G}Ouv_F|6m%(7ORd;#yB6t158wjjGzBf*Q5vdQ) z5onvwXHa@pTPJPwt3bUnyry-sd;)Jr)DuApJmsyp6Q}D+ruk7sQ@|~)(|{gfG2M~w z+|wmteAix|FFZKn>U51UX6C8{F7%>Qqk=h!{JD&i7)^V50TXYgQG5Z$>~Po%OB#F( zKNMa6xSw524%AiG zyAMnPc*vILNKm!#=H2MSH#AOJ#I@C>ytnE#s|4LhD$JI+_~DyS=o^_H>P2b-YWhT& z{0mld?_jI$@LOhf=!P`%TbmjMHQaaUtT%ZUc%6z$d|Xi}y%Fq60xs3DF4vVQOL{|W zRjjd)l8~;R{Ed}p|C4bwhJ?7R&U?qYatmRfFUVypp}%Eijyk#Y((d_uqvXP!v_2KK z$k&l(BK2~L!OLrqe2Z9~&BckAOmssQ&{KX>nGQn=QO{$pu5rz= z+uDZH*I$6N95_1->}i{=73*mYqvcT*oDj}+{LwSH?l)+Sb{in~-LIyWNJX-)0Y$RQ zgZV|begUfh*09+BWhkXQbs8xYw0#du>;cx``uitW*h2OM3p28oqv8Pt&?y#`YeAvzc-Q+Zr|Yb43qXTt$ky}FsBl$!Nx_R}VjMKG*|Q1)Id479L{kHT zM8$O>#*8`(Ud*z7-D)`lNymzd}-bm& z*adhMmMkT&?jwc#olXpM`MgA~}#p5QBV6%@qevsUGg-=p!@^m>E!FyK=NWRFUC)xDy@< z5x4$8S|{Ay0Ab}mhR%-G2+k~R@whZdemC8!F?qU$Qr~rmlQXd;LgE!5ju1d~bhG(q z1M+l8o44yb!{rc`+{?ID@8Ht~1a{cw4NqN3K2CRXuVKe*$i$C;(WJZCLy^rt2j_$m zCowU`t4K#q&8BeI;y!EIRy)B;dV6*JbD zjA-JHzgl&0AJdmK8eZ-i&k)*jbjM0uv6_RO$v7MtK8!Ha zC{MrY)PYO-usu%~SGJ(T+UXQ#GtZ+I2Kn|4k>=*KJNA;Ilcb2nt&s+ThQG=ZQOhec zK8Ti{6fl+D+sEK%ehS-E!ynXiQuF6yIM^ekSL2`tBdl*O1vk4(-;xPsQ7=r33ZqWO z?UM=I4|{PixY5mhKaCVKPp*Djpd(>Zsv0uG+~K@>=+%EiY+7oGEB8C?Q$1b7m#J8} zBdrP6BNsWD_`o{hhdGUDU~}=#F%m!I5C_D%CQmz4nw8vufZEZS9sG&D_jqnY1h&N6 zL79Ek&-V!aSk?(aA3DGYn5MnsF<;eDj;Z5^l}YoO;IIoFnEnq7YIHhaW6DOB~9+K zE{KI#yHU~v5_$rGyCgXxG{duJ)kh<}*Rc5s)JT4djgeP7rIJ>xn$4sr9At@i)iw_V zsc3sue`lF;UIxXPsU6;a>GCfsKihk2pm~>(gT57718ij!<3DK0hqX!8==^!RCqH75H}mYJGNsv#=C=mAtgoj#CEy~S%fPGs&%@yb z*|3PVm9wAviXZLKh1OLN_11x|J79*dDyPgy)PehQvRY~^YOxE+=4uYU3{vN@dog

    ygoP<}>=Qt&>=+%8 zMU@6U&P>dTC@eFS-aW!mW>XuCKOOl{TOAV9j8Wy{`<^B+xufC488`pJX6*76sO=ma zpqppL@r?f2Ob9(CThLP_xZ#jv{j+1C&6z6md3OM&SE_ncYCd{ zp#8I*m#wB7I*Iqr4Wgifbn2@{JeePUPZ%wGWVYez<9|ZoTQ1EU8h(kcSe^0Sus8QW z?uTViJ)x#)xoYOPQp))nY3ID%D<2?E6~@tzf9_CighWh}60ERx-cs zj~r_7{eyFQPjzXCyI6Gf#LqK<0Z)p0R~*Y|Gh~bAfb_Eijj54; zARBHSZs?_nIxgQLr1E5~7`+e|$sKa@#yTZt%1+OJiN8@X7}iJk>l6)n@sNkF+07AO zMql4lo2{9Y|0Sf$95lDLdxTN(E95;Qy5_iukdp*ta%XN>`IzPRyW<1wdKTe7yLKkS z*>ErMowo@>+{Ds}gjBrp$fxo{(PL|&ifZ5%e4F&cQah~n>4Hi#B+D$SSgHf7yPPC~ zS?gqeKwZL;+EY*AUTN^)P! zNU){e2FW&x3Kuwbe8F%D1ar~y(e~JIsoRTID^;tbpsH{eD|<(4$(EJCy!bb0KSMoL z#fooy6CKr#FLm?_2#bVBhoC+KYvIrdKv?wCo((NOC7g;{vO;z#((hShVCk1TbZR9=#l6l)*9TQ9E=YdryD-O2F)m1 zYxK(?&;3(!ENGpNi3W4dPJFhU(xNM}R~E8orzKm9w(3<3WMwTqw*yR2rT}}Vw0H8f zCR1x(an^0?l;$k>BFN*N1yVX+A)IQ(V16Dr`|t{G(*R)>Ei7Pn^PO~iSYy2PS*;)A z+>I+0YTJWoI%pakLZYudG9T1P)-suKukuUpK+6=DF{99Q-U7^I&B2uip`teB*Yc?V zQ3Rad&^OU$tSI66GY@AU)w4qV!(0A>7N@{*=1Oe7wbrP3ZPB%HLH(L%??ZaC#O3XG zas{emtfc`Tpz}@844m3zR!am>p?gr!Yj%y`4U)~uW&FYxJ7Ir;fStBrtId5bSY<7h zQHLX>&5Ajt*mC^oz_oMUJVvb$ME6LHPJO#&Iai=!{$!5pTPp0+C8WvLUO2b? zzB=p_x_iF@NwS=pOY#=?lQb@Gm~cPJp4+2y~R?*yu)DpvEP}B2<4U;%(I% zh3x@|7swmyET31KsLn#$MS1s2a--Z@p8Jo^5Q7lmYDX>O8e_NIaP3CIE2=&e+PeME zI?poaqzDY!k3F1?_+={_tBxDXLSs|b4XNd@2vyD^6Y^)7feS+6SbmJas?r5vTp6MK z*w(wepz|8bY4fG2fVZ~tWc>NC-f4zs9+LQoW#n_~fw*FyStHNMMv*EEcRpsjX@Oph zxOw;;V8ygiaA>h!OI$XVftWWp?@ZT-EV%oit1WW?x=79+wFiF0vUTLQmpS>*m%fdH z-bpG~(*_GwtKOc#Y98!Z$88jle8-SuWJeq^?3S}Gq)ywjo~+EidWzZ0! z!}DBvMi&AnGl}g17zuPFnGu6^5gNb}FR4%>mN>jh>A*vv0ZQu=aR?z5TU++YSWSo| zBj6j5CX7@%fWbeC%6Ist<+(UU1!tk(kFf zld?2%(nf=$#*HU)6iF=m1W7s@L3f~u#St)J9StO^%MYq*YmY4Uji1>#srlDUzj4yP zinoOc`Y=`55}{%Qqg>qdT~lR@$ZF;2Cm%Z!M|>4Zq1opBg~IRpXl(o!N`q zBqT|aDk7NOkWx5IMhkD9gIb4G$=>>ol-G}?8k80?4|JJYx(Rv$E369V1|WRv&W0Pd zrP)_vACuAG_;0zs3uH$FXZmnv>xEX1>uMC)#2zb8?@Cl+!27E_a~iP&zk6bOndh*wXNDR;TpdzM8L1bA&sw31V3i9<{87YUc^vmf@+u>Nv^91$ zHuYmNOriM~lYG_)TlLKW_}bq_kFP16iU(IiH*W$TdAClG7M=f%+|??k(>5aPerS;e z^7F|WRyUq$bw;}vqV?70BfuzO%4i2@9_+6qVdq+3M75UA zK;i_R;pquQ)*yH5)tXyu0>I=tqGUp0lfrI85MbKTn*z|O{Jy}zXsu!n>s{{A8~ax@;}`6NasP(JcvCjn4MU||H;dv~*%4B$Oc9c} zXmRt`z@^3`@-9n--~v{$w)0e#jZ41nk2vVoiqqZ?ChWDr@RcjoCNTEATl4~iMUuJA zo$0yJnUO8sqi^wm$N}@VF)yrf{t1qdLbQmaw?~Ujh)YOFBo2@h9qvVF$7hMPo9qOX zfDe)IWcS~=Jom?wgO~bCaLi0QBk+N}_znNEccSMc`r$p2s@iiTiEBg^88pKE+1lxr_DI0%PT=s=uvGSVXW1xF%rv& z2)f56$i8A}Za|oWRn zSjo^kFF<20NHWX{OvI-hSGQzas@Vj>fIA3l{SE3~ELHz#_Bp53d@xxQ!mMAhRwLyk z@sWHu$RR}@w?RvHH@UjU9|hW@x9DOkHMRuGd9mL=*smL`+{ZH7FmE>Kr)bhKP@@lE z=U;l4ebF79Zgr%@Beu%GuRe^5PKGtFsI6CBQd-Vlfk90uM|zL0@f*bJe^xn`DSeit z=^3ND{YO~lMvo1{>(t?;UBV2{kS^Z4;;+#81axl``kw?=p;UN6x`1@08k!z=sPp;GDc($A$0x)dk}^!c`<$@tKx~9*K3E;7 zT7QMHKVnhDe2pZU)y{IYzb>h=}K>WMik;5Iv<{v(2X_oaI@ZR(~=Se&1WurXj!m zD7NN(8W+1x|Fs7iIf!QY-7ml57bYLkE;6b)X7_#>4el&N3(VX9E_`bmFLBixU9WGsYA)Nw65y9UxJ&W}s{7UOwC@O#~7g}TG0+&m!0_GBdj(f;CLFCF2|g&JD2n zZ&@_Etd{YUkzzMZ&O14D&|DEbi(h5MgN#{_kl2MAoF5h`lUddCeVvM-h_#CxnG7_~ zeLkPfcavY~a(gP0-pUk^fV`E$yG@$}nV9jF$;~-b+q}{uWO&8V)EbBZdi|=3=&D{M ze0j{Q!O^NrVr3OxcGnMZ*!pRE_0FSAPcJv0TVwRVv!2Youei-tD^>-p5g7U>;FNGy zB^n@AC;X=2rF>-a*5Ax>L!&J;>*E)LucXa~>l^V=gVyB}#it6Q02J;P*}>|OPMn<# zgP)~z#T-`3()-ltk-^xtUeuE3d-ZRn;?T70k*f!*u)(eb^Fh4D<}QGrb%wIz`g*E} z{qyg?t<+ugl0UXnB_>lFLf4;dd2UOZ>K5zLOAo&03TfN`GO-jWfHwXo$_=L;#r|kP zgC%3_ffh5Jd@TrYD}XQ!deEE3d=$TJgoD+~y^S8b+WB8~M5^9%EYOATDzINBs>4MZZld5aVvhQaRwdxv=AmB*Tf1TY2z{ zMs#=i8=Ki29k__EjciBj6?D<-bR=YMAmQ1{AkmoalB;OoT#3Wv%M~v2wz`bb0b(+d z2PI~qZVEj&F2FmD%=A9K`WY6(2Y1k64}14`Bf6%niJ7~Um+1C@8N$Hu;w!-FqJfe3yBRi3M<`Ye+Gz;=nbk1Ixlg7`KkH(rC^a=Ji~F zoWFnIp7uiB4Pl6{Got2^WGfUxC5q73e%YAsOyxUY(p=fB8;=LxFjc-Xdb57J1rsKX zZEKPLEWA){6}E{kk~sQl$6j>1YiQ07%BI+ot`m|fnu2@0-M3uGl#U1ys#uK_n5IhQ{vpjFFVepw zq?m6hKj2giCx+U=y)PvB3na4Kxe6rfUNf+00$uU68`{r4pxTlkVOsW+x28J91%V8S zg-s1JDBet#tW@4)q0c3@`h!X73}!z`qiiVXFC|j)?=pcwo+r|@k?gv{8eS^*iWrl0 zCcdSf2M-w;F;Jyqrj{xGtI`XE9P6n#T2eAeF?%eblcl$W0yD-KG>%$W01iXELZTk? z&#U>$6Llbtp={gyjfVCM85PXkMOO9|w742lz2+MCU4f|oEV+8PT;Z(r zwN6|zN0S`ub(>0_;-p}uPoHCsmu8_Yi0fT6G-fu$O;*I(w@OvVvMbyKE2jz~i=vL< zyiFg5?WNMw6tU-C(-Te8WbZmxKozeGx6njI++3iI!2jZKU9!-NFYs(P%oWxwUtmue z*zFEFQp|K`=3!x$S&W!JK#%lx+M4JxhiL%shFbE#1xh2j*R8u=8Fd41Ij1~j!};_a z60Jz7gGqBlmxhCviK;4#np>N-47iIcNtC6ey6wEY4ZAY3Vy!BsvETl?7JoggxPV)i zvGI1x4Q{EZ3bTX`NUGh&r_F|^$HtF(UxAD!>-aVx0kR=Ld9_YXc7FrJkjvR38Z?^>koD+*rhc?%3&-TbfZP_&tLpI#<=lQLr4tK=&fzs3-%>&~z0s@F+tvB{#IPv!e; zK8m32cq`xMhbCu`KygY?cS9ZeH+4uAXl74hO}-dOEH#Wi_W~iz?Z>bIOd?$$h|vd@ z8utVl65MgCQboKJ)bBk^8F)}9<#0hGH789x37&Oh#P6gxu%I=E45Oee!UMLMYK2He zj)gVm$IPl9x~U6}gN~%3j>2oBbC&rH9R-=2qgcR1UP;zG6)M0#+Ci%^&v3%c*$}PL z{}eph-~?b3N5I8NfCv-0glx+Z0o2hiR-^=^!J||aL?hzbgeBVWrJqYyZx{8{T)gez zvO-Gw%jo;*XZSG7MT;#!CT+VM_}aL z_Q6(6`idd?VT`GGZeF6`+gntDReLr=lYu)v-l+xfFdktVX|bT0^5_@ zR%7uTyW^Nv7-y_-U55mi1$(mNQKwg`^7MbJ&>}?Ish!drKVI1dlNt z<2vwBd2WZtt#s;$`(FG_^NUQO_(k;|etS=e1<*5Yg@M3&U_J&890p78a%nJioh7&X zfx{caYh%XVJpwGxc#N(4;p2S)Od3+wTEE6mkgIO`#26G?!F!`kN|qpTXpc{}rW#`S z%0X5qPwB0gi?4_-{^yviJT+WmN*WtX1hYULDlYOUA@oMtL_`pb@J z1fCB|lt*Pd|E|qDI-nAYCRAT>((16~3+O$Hg3godJr=0i?|Brc0YQBN@q#O!^CN0jUkzQwI3>@wD#N_@ekAC?# zfBO)xVV$OdK*DWoV5LLRe#7z?UpYUCY%x|6Ipl`#SAV{pF8P5<>M4k8~I&@JMxlNr9#(@hiBTosiWuOoD zlK!>3WQ*tsFRtGEAi(6w3x*1AEHv~9;A>FVHzBgcm|z4q)8bPOW^*r{_A042yl$5B zL^Cgo3%=g-FqQ+_?1KD}%-6l11;9g55HOmPSSj%ZT0_=;vmT0nxYvP*h9 zx^kY%)BiQYzynpD%6%ckh=1Yb3>%rt0U5}**VgJ&Xe^K?$@}g)9iL*3Ym$%5E1+ka9Ns_%BK1E6!Ye|C8*)n zzec?FM!(k>8Zz0~p6pkSMnf>HO8f+CSL-LB?qW|Sl1e>eRdI>m7y?f(lS<=W1^8LR zL_OHC6%TPIW@j!(HhDM|?ZiYvU*X31fxfQmJ8Lg|#4BCfBC6fpRHhWZgLm=n(l0c9 zbAr^i&AI2@Hz|U3YZ+(44QEoGdEM2lC3_gQLW-EjV}Cq-=*4B!u)y*C0YFJRH*di*NrimnE^CH8a&C1zx&@Q~db)&GJ;v8{o6 zj_lSIxZR;adOZ;yEp_@O>-%X)6Q$sZU+4_hjtsh0G0Z`3lnP2CnTkR&h6(qnX$k!F zN2d!Jg;fcG7IxGjwHH9#*?|52XAqM)V5}q z1W$y4YKg7+8J_urG^lwxwJ`f9t;PIrDrttKo{{QVKIsaH1jWF&&X&vne^c4EOWo)bJ zQSBbVBkn73x);S=W0CQK1JANJtv4~V#Tk!H)IIwSs&j;TlkFPaPNfKhTiS;r^<@py zp^4X;rsH9?Mq;Ez1Sj2&97TDx_B&WlK2te>gRmcWMpzy zLzzGMWG;adM~8>Vhtmz?cwS=zt#l=<$W5!F^E$({?vJ972e{)G?{rSVs)@>=J>-R% zoQtq8CBDm5oQtq`NH!6?RR*y51_LPm$4&c=c4Ii?3_-MXFzOLMsj!a!mKJ_4^YWX5 z`-NAo#faYz5bK!k3K-KV-rb7p>&(|i8^^bg2nOzeV}PzR06k7=D~?NN^!nVG!r2X8 zZ)^_3;%zcHED?NDxlSlAdA~a}Yffxa<38XRYhQ(cz;2iLiBD=?Wnm$AGqVVpgHl~y zJ#sj6{k5{U33=(G)~czF&#;nOrQTK~xIzDpZ14E@odb6j{O~F7fwiX6%=yPaHo&z#Q+# zHcFHM2TP+J>af`zaUl@XUy9^s=A&Aw(mde!x0mWSM#HjZ`E);9{>yxl&`vpK_k79Q zPLhBVCW04c5GD~c&Sau-nIY;cO?_R}7;@7Kxv4Yt*R4O{`^Wn+3@_a5|G9n!<7MK3 zQ<%tZueqTkNx`GT0Ge?pchpl0Tti=k;Cr-L+8=}S)~1RKG%ilWGWOP;sR|MVl!#_V zS$@ro62iU~}M%UTfyuq-LqnEGe<)j|%r zJ&b&TrM|+=klW@oS=bpu!rP+mK1pfI<|$_<`koz}q#QREm6?Ybwx^(ByiWkAcc*1r zk^>bOjjTdk2-BYd+Mcz(4xlMdejFpuOtqQzZN2zT^1>u2^iLXHqlEZb28n3gM8O0R zxUd0RBW0>SsNJat>8&4oZMLC-!?5Fi(0*I@IO<)PJe}yWRbVZwMR}#J7|HSdGMKPS zDD(q3 z0CSCV%wREe$QZp-*Z-IaNj<}buOFI$mYk^WEelpojB*8h_1~EQc>R>mrLI{#9_p$) zffR$=z89|qfFk0%<*b(isjqO0eDS8wiy^eZH} zP*w6je$m!V)-x8LhBse3hw_+I!+(_$yXgO9c%F;OF(mWMZQb#{o;`qwbxCa z6=Rr}rVxkpgQUq+gym`Z0h(%uil^B3VqgtQRxpf9Qm+qbnSTsBMz+kJ3eI5mk>Lqp z%8a%+sgePk)H~LtCZRymx#jO`^sO0$m;a+Gg=~lKs`j78_Hb%Z%j5rbJV^r_XRHH( zt$PedKvb(K^p zXUmL-Vx3`qJM@PY=SEC%p&YPNKtK~ny=fqqk}mpm9NV4((jL%_0I=v?EnX^eplsLT zA}{RxK#O?&@V=H!m6=y%D-r){c#b6SRA5lAB2xl~5Y1~Lca}KVYo9CaLo|vIm2_>| z^(8YC|JZ!u90+TOVaRzXufn49o&n)x>+8v!V0M6*#j*Qt^e_Ei3oL8IpBtuo5pRd8 zk}^4usi@NkCEj8DATxu99!ANdcsU}NhvI=apDEZ;9EzOd{DFt|m^WPDwG!<NfnS)CR=Sb;!h(cL9g|i8sVap@9%{C(^RykZYgQo@heIr_r)A4W zkuT#@1r9mDWN11S1P@g;44A;So~Iae!E9Qoq;g2X1;<2viB#~4a*3-wVmrw9vwpxw z@W)S_q28QoRgnlS+QWIvOzfBT3u{&J3)eVMQSR3;2Dw@0pCWIt3JHDjW-7N?J?7+f zr&R1iF}Itv6%1d4@JBEcD&4wFWCjsDvNBxd1uXq)UHISIScThzsHu8l(GB-Yi#n`lQn= z5cI&@BP4SX;=mm^Q7;t9v>;&tH-+Z-tH^v1au~x^tfd%g#(2EXT1STB2;vhiBnlV9 zE*tT;buJSHFX&-@?K$5AKceZdIbn}SjUjNT7s^)bDM=Cx1#b8;qz)o0rS$)UWJz4` zu|5-9RSuVVzTlw)9_j`xvc%~0?~UJChZd!IP^t29MRZURNx-r{Ib&^_R|?FnS;jhuX8**@;$#lK|UxVq<(oC1&a}Io7^cS zR;*V>3n`+Z*SiuMvqc`44BmER5KF3H&Xnv9*LKwL+PTx%+ia~t1orr!d5qF(Zy*5& zD@oHWS{^;fCn;C;xnvO`aS=R2+a1NH^`tGF*S#QHt|^FIw=e*Xb<@6~JaSDM1v$#r zaRr5~C30~oqehG8G=_=u^J#!|8e4`(5$C#aHk}o`bE_io78>F$hdF8lb6b7^{-yl3 zGz?R{qoJ~~_TY|p_h}=!fwhi$Y3f(7z_|5;y1SMRp!y8XA;3C*E8y)tJ zJ$6W+)1*fWea8VsilfIn9nqB5xnpkb&qfTt`coQp@!7)Um+gDjo*PjLIT1O&-^8t) zS)fXt74TEKTMW~ejnd%;dLmBYZ)1S5RmZ#emP=6FiM}ct>nj!2F;wd@Pmo=-edt>6 zn=%x26`MK%ii4y8GRj{Z+sg{MXG7a@SsZ$m;$KvNG+fSs4h0U`MQZEW+87HbqaYYp zy$IB&++_s%p`9v7^!TqIz5D(*_K* zKQD14l}0X!yk_LO=~KsqBpjYxZ56hJ>7sf|Ml~+D1T+~nfBI;1p?%Eo-T+N#Z2>=- z=F$~ZKH`X;nA=1f41|M#U!sD|Lq04fgexa}-@W34t_V!5}7(&tw{gT)6?6*%3d# z*075Eat2VTg%?!4+&4-D=t$@YE$eIYILij7kOzA$OH>|;>qk5>Hmzd1W1N&x#VJ;+ zDAH%vv4m<`HEJee-3s!Si`=@hCeHi|lCL>=6}UkREJQLprQ;938{DNXYU)`(R+sM% z#!1|TaVRkqT9(AEsB{BKAQf!S6mk5OP6NXJ%;E)xED6nL6-&0M4F*53bz$j{G0}jd zw-fMMq$Sb8t;-6B!+HdTcTlxWnur<#Juj6LAB$0ox+AnLER5sU z3<22b6-2*Zl>h8+(+=J7*d@$b@iowr*WeLonHKt)-rZL|xxK5S zOxb6pN->*beMZ1Ml!_GKK=GWpX}`12BTY@Uja0f(_Mcdk%Z80p6w}{i+)}1*%2M#Y zV{?zo)KAeX-zP?xp&@46d72XJj~qN6LFrf8CtP|)KNstCyclTOQAR>r zvc59g)X^wOF#d$AR}ngexn_vjZt6d7_0o`-kSEa5{Tg02H?zIg+D0TnhCnEv zE_T`HM7ZoVdxX}E`p`P zKWy9_{Uj@c>3uWenj_X^gViKm& z8F+zH9g0oXGz+TIa!uxHW@WO-74w%H^?|{fGH7pxrMj2nCAKvtlfcqIzj4kl;lbr8 zkoM{=^_c;d;W`;tS)^@F;-b?RB3C5c3D~r6E9=k1{`c4hDx2?>?Oy>>l`9vE zvE3_F{XR95Qz;k&X>mJGW@)j%{;sq&_HXxb{BbkVkQt+j1iG%8RaHS~&ksU1b`>tW zlGAG+lKp3$MNfTy+mshE-u{8Oq|-zi1sL_Ce$&J-rXd9%-UGyUfH*2mxO&j3>sb@8 zp8DX;4iHO&so-E$+r$$m&eCru=NYMJqRI@zO^7!b@_TsbxChI@9%Ost2uIi zW)Ee$H<9o&iDC!1mfd~uc&ekdPAa{)1!DE$*R77cGc&{ zfVS)Nk2n&$9d&Oc06;*$zq!Vc#zclB@H!Po`1!aQl9r?{$lQB+j zMu&ziFW)x1dJZ~>%~n-D9`4q+lwf#$S351C@q`c5>wbf5F3=y$CedNUJ>qqOuQ)`P za<sp2wsbpt{cO`IxJv0HA8wh^5_^mBnQi>O}(#CEL$~SmIu{LeR&fJ35 zIe`iAIT;hYbZWs+Sazs!%rurAi{Ot?cJhgfHeO8ri;e5*YgEQsFp5jhR?uyF5tz=gt=IWDj% zB1F(<*o(gU6TDyyEby51fzs+s;J1&)QFtV*@B5kGTma!}inJ|#^X^LW32VnNK_zGF zrEFwt^TrMAg&LpcsEUP|ZiUb?)cle@_cktH31F?Jv)R^9IwTHu&=8UNYmx*f6nk7a zcND;5m4wecY>Ia?AGmK%xu*|%fQJRBt_%zIeVW=@exDXd|GA+508~2xzg`r@-^rrI z&^9krYijP%Gv?^dPB9Nuj~-5~#L`NX!M=v6gQMTlxm!&%3dTm~6`9r6lxz|9!A;SDPybaXW%r`A2$B0#8i&IEE&g>pN1n}LYk``ve{|JUojJX8}jePrST$}(( zCOMJ_E{dxej7f+y-O8Xdz|@QTGFkHv%jB)Z-h53*lp&Lq_VjxcH9H!BX0bPFFE3U0 zf`;^pK;Rh@B{?cY*Z_fyt<@E4fJvO}(1O*C~&=J#m;;vKyGN8;5y(>8i zHUmii8{O7t88WtWC}xZ`jRK^hfhr_ zaW8O!0^`~FI=WAQ#ArGtqig2m;?&`vU&cudWZ3(G0DxW+NBCX zL$YdcqqFVWe(fD4kvrF}?X)miXJ@7|J7M)pMl7FRPrAD~+EuOZ_0*I7;Ex+@Dpf@r@BOh+&2juJB3 z^ESDj4l&{I+n4KmL?f;}CiKw;m1qf*#Cx15U#U*&iNNZ-e=T_WbP3!|fhhtG z8}_itq*)J^^fIvm-LXCC2xG^rP@Hh`h6i={zhd0u=_>fr+`xDH3bL-&fg9Vk%`!J< z8Iscy2xN|CtnPwN#bj4(+7ZcnB7-}By*e8{V77^BaM2q>f9iAg z+m=DKz1!*c4Aisy|B~&_Kz)|n$@Xd3XlN5YkIBphB{Z22A;J`^1~P|%M=+FmH}>Ve zUXSw|J-o0^-u^HbsRd;5ozRjG>8%&z$pvdp}!rT0$Q7rrSh9KfK zELTnwU?nd3awr1S=4+qQvx3j6tei`?q!ZVxP7?3eb%hUtQb+y$f(?V8bQans6c_pdc;s=bMv^#L{s-7B2-tGWx#Y2l^= z?pm{f^SyEyxtEM&tdZdcRrTy%JhFyF*9dwgP1%Y5E?PFNJ%@8Gfo4c4Xj>(Eczs(= zDL!j|8Ytd-=9;6iFhY-veYs%RVcobA16qJ{^GbwC+Io7m0GooDP`nLqp*!m%?_?kf z`CUV)ptv2oP7i{w05RTnz>LW0luxGAprnM5%2OIXZd zV5X9X$&DoeJ?7Bkr#Ro5BPbs=sfN`|I9v~YoK&de8;BM>Nb{;tqa%EmmRf9)6GQScPp?*Iii5{}rg|IwR7O)eLs#9{J*O3pj}^ z&QWg}J}KPU+a`Zc+~}sax2nCx&BpD2mD9hhf|7M+<*9QXN7s0D>sY%CY$+~bRwge0 zb3OALU@jJcmS3a`gAS5uz=}QjkjP&FZ zcy*M3wD&;G$e_wwPvD@dY<~N}f5@MOJ<$&GErx6?dTg>A7Sj74XMy7xe)Ao6d4wD( ztC1Y$(KVszv;&EB^2UXE4cFwSDKzcW=W-89|JWR zf&G+mq;3{F&zWjMSIjnyz3)B=FDu+T&bGH-`SuS_I}2R;*I5K!GO3~Cj?``@8&E`cygy zM7T~ZIB4xy+p*5MBRih?EuVGE$n!(DnP=SNn6+J+E65G0+?GALt?F+8k>GLrSt4e` z%_;GCPXmYa_>Yu%N46u{r3rt~-e%?)GQ(!i~pj z)p+0*zZPs)Y&+=NeFBu`eG($#8yF|Ze*fW^=g~2eKPd2v&$27*8UTV3N1UP&jwgrO ze%%Pey5^!i6GJX(2N3cJ_@y{oQXOhFem-No)4YJT#`3OVMyEw;^SiL(QSiHcTLJ1U zkE!^)Bk%$AdwfbkIs7B5WF?)j`>*}~Yb`Px(MRwBL05}df$zTtRhdeVT@(S> zzhV}_s=X0R;P9#zZ+#XOSg^;NODCZhxM1>$ALS!Xz`(bkslE*>rov3w{cscW1k@RU zm?@?#dPRDH;ds{UsLskbK~%}cig#N})4~dvs9yM0O{?uNOLHC@(>f9Y{_<7=4|G zqnmN_6CFian`ieg)7^R=D*OlME4w;;wErb(|68=(`h9Sa;)cHPdd{uZY3apLXU10alc2uYVV}jZv_bn9}TNO|MwGIRY{8X={LM_ zR;-Ouvdp@XoSfdu4iE-2F&jzD$b&s9Pkzd0+KH8nkrhAlUnYwpE}ZNvy&Hr`xfUKy zVKjwvVZPn$3qK^+N${Xm(>rx;ppwNQ=P>iZ6s{g7(}T#O%#FGk;++EV=#i6EjcR`5 zw35ze<9Ih)QZRKn4gL0D7IcPI!OYG3J%u@r24au!RX|SR5`Pm?FsU7kcSfl|xhyNl zTQs{_s11J*=uB61+e^uwB9}&g*h8PaZ!dRTB|V$-9cBxKbq4-sQX1Pn=mqy&HyMGG znc0gu@s)=@vOM3(PVql~JOUvrml(PUQK@AI(0ra%jX%}r)?BGLK04JT$*SQ<;qDmJ zCMzqpe_Xiwav6yN7gh(k>Ph*5H5+K5*F5=SOd=9Ar3vO~dBdzC2X(TY=`!u0C{c5| z1pPSM9LK2dXi8jH|JGGrQBQ6k&do5PVOjiXgMBuI&`^$NwPer>D=a5J_#v7YvJ6If z6jMD)wH~g3b|_>#$XI;a?U-!}_sF$%4QEMH)ZI~vp5C$z+SRA&yAx9`3Y6y4(>+0C zF6WktGk+_3aj)*2OGu{5Xb&9&n|tI=BqcxCmo}figpu#>JY%A4i>bf_Af;D$t6OVt zwJB{qqlSK-u*T{dBnn?ED5;Fk;a$)U+iZ(dDtecyIeQvs&g}cy;^-k~%j`N?wkn7& zA3XF1^~pvVOVXsvp4m8MN+7MWW7;b(wG}BhQzo4jTZHR}fMTz{+$#4!_Xdu@%1h&k z?4ez!OFD;CMQ5?$p;Vu9lK#TB*S6`j@-nvkT+|;af5ka9?R;g@ zqyqjyhk>K+GYjnd<;{=qLf@oCfi9NbmA-x2qkzWnFY~hYi`9v=qobn@*KCI66Oc|K zfiEHeNe|Fi-tr!%^{ncd2yXl)LiK5&jC+%b)r#6%!!#wAZmDX`71F-Zb|c@0CEv&b zlTlPYIOX?yA?bRLv6$CXc40=M1Pzbl?OtDi$zo6VNlQ_{TKVkNtmK6j18KQ6BpweO zLKMliaMMTCy4(CUACz*GhksWl;RrSHfF?qW94UC)Trq8J);WW?*XMZlw6E2MgLoR7 z2ZmZQfy$%Dkt(_aMlo2X@zXXHx1X#OYMb~WY|pKGBy6>d;elTlBA$Fd5FCTnxfo>h z@avJIq3-2q|1au*K7=vOea$9>nkYAO?e}?5b{~~QZYFu^GPFbU@V;$=xfGxQ)PuLy z+_EjN7pgL?__)&kXK9Tuv(Ut#h9vfqvP1+N@?MaqRgfc>_Xc7i=i~emg$F{t+R|t8 zl|Y{(fPydEP!+sc+e^6{CWeJF57T*fB@@K8K#s;B|`b2C0D1CNl^m8|0A>|D%# z`2m3owBHw=B>pDp)dH}&jbMv5dO90KZ)Kngheq0#FRU{&EkG-C+wu|($xeQ`^}n5y zE8!PLtSZ`6D|md{E|{a!O-{ylVSum%ztK)}%C9snohu!f4c;ww z9jt!^EASf)gC5~1cYI?l9y-8rVzNIA$6W}`3lV!YUjO=@@Mw~r*>IUTE0;W2Y)g7* zYOtTi@w#odHkONfSSE_uJlvC>*ldjz_WveT?LNqSVgQhI!st#y zN$};GWaC_X4cvf)SXQ3}R)d9XGFwy!_=k6r)lKEu#_$73vx z!URYGP~VTFjJB55?vI+KT5+Ki+Oru`{|Xv?wcYn;9zgAk|C1)2Mir;Mi-i zOj+#(b@s_qr~Wqyil0=MDF<%21+F|CJ!R2;@kU&ZHV;I47;uU}*($&`$(sSapGcH( z=zchFvVr!-R8GVng99mVTft&GQ6%kg-X4#DwNOrS++(&kOl@jF#s~Jt(IXh$IZ}#K zrm?cibwM>Gx`^A4n~Zl>og}m3OK_THU+S6N^D3l!3xCxsr?EG~Jv|W`I)9V&os!v{ zv$#zXT>4zFdIn}LXZNkd<#~EbiKTICTme26!P>amQ#1ZKl}2Qgh<2T@J2(5B6oqc> zl!3+xz{Psz0l9i~)-iy79a!^|G%Xs&MdZ_fo7<)HdCf>un%@ikH%tf5ve#xm-0AkT zgg!YqcKF3mU%v@k7A?P5w{15*3~I4h1QZiQ;@H#_6RM{_tIk}mV5;DiP%=-cTcQ8zF5X|rGY&KX zn|mD%bzNxqw!@F=F&wd7iS9Iq_*NqpT+&p91Mc(1a;>r>IFw=dEZyoIVa@t2^1)C6 zqOQ-}*j0oJ=BQ&oT88B|Olo9+mItuy!5KCwk#c`N5f5_qWXNq1;j2&J!pVhPtW%P7 z8XTHthv@5#bKzw@UL0K+b_&63a6!m0Kcte5FgT*9MS^ZalE{tes8tRgg2U?R3FWx% ztBDA{*ulPoAUm(rA|ev|D;@3$S=g_`R|GJDUl?8TimscZE52WkO1aQH=@A0fUdXU40|3~=>;4JJr6kq9ZMJ1&yqST!#&s$7)r^u+`H z!p3K0j)jjUGLiN-@I$pFfu;yb*Y;yzJVsk@EFe!vY15Jah;T-7r=V`}^VS2(aC?OC z+&)UbUp))J^P<*rkHwz!?+9|S_OA;3Xqn(S`XSoWlmD`o8m3g(hGL;W^xEY> zf+z;t!fg-uh#;SYQ;c9;v;u{Tl|!)TEiIANdCi9D`nO_B5mjWwFXVHGc(tlkUH4)f zcDOB?MsTYHY@o){TA=y=o-{`2&l%-I1EBj!>6G0z0l2(Pm@}ZQf3W*(tKO~v70nd& z$M1cqG`nXiXkT9+j`63aCc*Iv7qPbGsI8=jKf7|=LaPeCR@F$f^J!-s(MWt%F~nIt z{I?ud@X-kZ-J1p}N$_C@$O_e>V}U#x*q$3;g}Nl68MHXFxb-aHt$uq%-e%XpR19*M zA`iCS1e)fA6_oxd=%RSX5`<5Y1|M8>qE7>u4f+*STw{DdXlO#di-sS6*|i8NF{0Qz z-QbM(OM*5RQzglggM@r=OJLiEdh-3(ObLjUc5%?X=d7F|$uF!v$X3Eg4p-kRm$~3P zH9NO;%5+4+<-`!0waM1xvW~7N0p3U@ljWdJCIgWFeNgNL4Ku?D_3Dj{VWTh=I~ZjX zMZeFCM^TCy{C7Kqt1Sx+JYpfromk>44D@IjCYGxNM&_C?PMeuq4Ip#AaF_IkHxDJ= zlpZaEA&9AHg@d~s=PkO%67Hylwq&aSEk)~-X=DW!;5YM$Eb=MnmSXe(s%9`N2LFw@U>oZ`o zFBGX8-*+O&Ez@d%*AeV#$IjA?oWe$m9)B8OjI&0fG5C(^3g3Z5D+EMjXyZP>s96oV04V;AP4^c(H-tMTYWh5ULp1a=|wGCZ|h`2>V^|;<0Niv~3Y~{(0B~ z)Jl~%%NQ!CW}W1f8ok?mpMx=Cj#!g`8LBi>x0E>Tl~z;>Z6Pn4Vsti3ml9CeGA9`P ztOrmf%psWVR-wuzZcEw{+zEtMtCdimAGy|Hmo)@=WWsJCYF{(w3w!7xq%i|6BRc8e zmrAUM9NXO4p_SU{1cxYX{Y$3&5$x1B%oV{Hc!E{77@#9Jgliz{K^O4ZTd;KcqAd4> zyM@{)y9%BGjNV6)QIeXM&_z(!r0KRub&)`eL#%2aYoT z#VznYW&j_WIag>O1$}NIbX8Osf z!q(Qxq;IU6gkOI}ity^Mh6veKUT1!p`Wk^S`CtJJLp%s#;Oy$E34DOC3o{y3TY}cS zAer?|R>m9Ow}kD1z`h!#Q_20E6tG_5ddpN?K)HG>_2`2t$9A4gvGp|1S>WCrIF?um z=`zMo4L*CT_83F2wCkROWu1CR?>QFu^{1)Mkda&AUuhHpvzgWl-F8J>z<^XkB^36J zdULkVz@`D;5z5={%P1J z%(`S+1j|{Fhs25dk{pRMR3m7A|Gb=HKB=bSw;mtVQZ&P6ZWU)aqvQI*pP{SoE}f+Z zVj6gf2o}bF%{%e~E$gsLolo;tqtc`6F)Jz??-)uv9vM9&>l2kEHkw9yB zXqms6V#qUCxl@V|FSJ*Uk0Nzc^%HV55}YY>HLv1|+HHfDVZ_YH&%I8waS( zACPfcJz1(VFbg0*Yv{R{n$U@pPldyrWP969XnV0H$pQIgX z@O!Ij3cHgPk(J;g(Xo5a$!IOg?0x3cBG8S0L%Rt3lE8QBX{V@OjIHQG0P^3FQ zcsLa=9_JAK>9c_z!X$SaD2vRb_8K&dk-x^-;hFqXZ=ez|;IT}@0h~E3 z!;hm`kBD%AV4*zrd$WM}OI0LSOc^yhehDTH!qL3i)7Uvnq;tR0qUuMTeQ9oMW+-!t zt3n26mhn-zijoUOzT?8)n3}0~F0X^mJX3S!=3fr0h2hEs!Mx)Dr!ByJoDDxha@u_lLS$0goX-;yiGb@vrlQ03hdV#Q&QXt%%ICB^Zf^uQo_u}b@ zO3#COH!pkcJH<}t%q|(q!DK!3H4KqIU<-xFnu|5#_}(la32fat1)KOaU z%swoxB?M1RwnrJ=hv#i?`W$0Es8Ks8gNJ~37Nwu7(9e-T*<}=i-y2hgTpQuak zr44BK$`kdb)V@2@w;Ph5_y5^qRyz^O(ZPRwhL;yk9GaNgZ5s?$!JW@~z#q2ks`OWe z3Z9G%+bqJAo95k*9bgD;m0kD1_nGo-W07@!zV-hf*ll5=R6#w2hl|1X{Bg7uCbyww z?nB@h8u^o^H94?gRhLBV#NnLcQe7l1^W9mbMSU>~ozr(mLHcf}D)fYW9A+s~+lCr~yLsSQ)4AmO&~74NBu+Zg7@vAOE!MRn z%a}HLT=R6}j7=b2-#SP$UniPzb7NL%TCf(rYBV%)PCt?BFz?*}&2y0^&nU63Tls-n zA_21tE+Iut4;cy1x%K0>@||G^mhQLHN=D)q<+~c0g?E?NS1@ss`?zBjK{R`FJ-n0r zKLSk2jJS5*_WA;Ecc{xS056pk_XqxYWN}llu{k-E7u!do5`j-_Z*9p>viBdb>xGsE zj|9hVzK+QPBOp{4=$~bEgcXBY+h4^HsSX9!J@BJJ+n>XW=D>!S}gE( zyOKj>J)rV6*STij#TMc0ZVwxv%pIi5tdK`fHQUK?|50-{h;~2**%0)aj4tgC zO0&f?2~F0-&XG)P4emvvvCxJ4zHiYeSB2fYpSSU$xc2N%12RflGP_IE31hi^w)ex7 zDWOZWQ4mU0rRzQ<{S6FbemwN2S{74U*;yUCkAih-kA))j9nkKdYpP%2`(I)mx7MG* ze4l#4Kz>IiK(xOi32!Gev0idW5?y^Bbg~@Ze5}c0CbKp)!6Yj*ALaqh zt(J;->CCDbv%Dd2+NW)Jnz!cWKXN)DW5zKJUm|hohw}d)UEGX#MGk*%`ZRL@(jzA0 z=Uve!CnRnEGCOmoW;vvht+i!se74`Zbc)#m{bXK-@`&16WVaj3Y+MebVi*RhIa}%IZn*AuDqBW^+9#{D8des)e)4BjXeq_nFt}Go z6+N1ZHoGaKDB99C%@PyY>;^%<5EdO+)qUihdXeGCZC?dEKi zZDEnIACUV1OlWE?Cj-A>7Q;!aMd4+c>_DWbmKA7YD2W79^8G(|J7$Ys3(b|q!x8NQ z@zL*aNAvT}?gfkMG)+)03xscPAjta36T}$-E{tR0K9Tt=fcw^Cq+hr0tFgu5_{T7` z=k(w4c&s9iyr@dv5(`rQFOVKkKs^J<4imQyyCP% zlaU{XUt+s41_u-EjW5A<8&uS=cY14SZMUatWitnWxrZppb<2xi<>c9S!g?q;(LAHv zmHnD1IVzMmuO`u}&xXrQ1vCyZ+PbNTH}Jx26?9XP8t{M>c4PYI>FTNWKH}ZrQF1m+f%-_D|U>3%YII7#l zZP0vHk+Qy5k%y;I{AZ$-@ZxXzVQBdS;~0=*d7=Aoa^WjY*5v_D$0-!%Ent>RgIPBt zIe4V8;zX;RhowfX+)s`7xpn!pzYvFp16t|ZHk?uwW4urt`OR&E+*vp1OmNn%J`ed* zX46s*0*>0!9yKd}Xtrx|g?PvuEM{~1#EV%B7o8HLA{-?uMR8^2*1dK(KA{Fqb#~WB zT9zJ??Uu^Z9X~Yp`c2Lp#4~U#&rbum z(nmphH-PT-@vHm4aAO}ib{&mee|&R2^I0sdow7OnQN9kt z48E8xqVYPHNa*ak5(9M6MWYK~%>CS3x&1Jm}e;6#EwmL^axEbz}xCjSDwkuEstZ zx=gx2ek`J~ompj9)|-l=rK(W0Oq_u5+n~Ceeb|^?AQh%yw2H~70>g09D4faR?N0Wd zcwH*BVK*=74Y<_qCKyrS&}kHUpb2cASgUz#=vC=(XJ+7o0!z^%w-FStzB@|O2%I;YsXAh6m6PP zx&$5+wD!Q*IWXBqG0BJTGLqw{2(^9(1QMBGTX3ff;k)3>@62>IsSEqhIG0Ay?c|t2 zO?@_)*6C@Nhk~?Sm>>PSqa)&+^M}3Lwiyuj{37Wq`f`dPxXH;{;oI8e!{1}2T$h6I zdA??*az>5xNyR=g ztqpJT{{M``r^f0@Jq6A-?1lVZviA5^0(z&E^2fy3yeII|Gp+L0ZmIeM!~*@lj~H3;^7ZAsvJ+KFGmD(9CTVi&rxe zrkDo|I%1 zkhEK6m(~BJJji{-iYX}z(1(xnJmf+ut~>Ul4xrV0cQ*NU{g$R($rqifkgM$2t{0`9 zHqLDjz=tKEuz^fSvk@A|RSfK6?E8PNivr%{Qu{MwXTE*eB=$_!=!z!%DK9sTD-rTQ_bK#LRDO_3+z2m%QRj72n+&prmo!D5y#8^>ElnB1 z@TTyRKYuR9MSA$EfPDp2wV2w*=t@Qmar*mo1s`1YW*hvP_9s=BqA0g-a08|3>KE?f z$vuTU_f#29?-SUq83aYk%J%cN_dca`g$1C-e#K27U{A2y$wd<&5(?FVQ=2hK54eC{ z3o__j_q)Sev4I&!w%5TEhehKaMitjeC|=fY*v7rcG;*ilz^{Isx!#aY;lGmWYd8T78}LSITZ;%!%kTEcs+WFsJiA+z(_%D zDg&sBX1;OK0H75`bT8060ezO^-;&muO(s2z@lTTa31^(pdQVn0ZCLi0fK$ zDQ6aC44tR5P&xeiBN&Nd(S_@dFco;o&BP`61=q)cFgGogj08w)bkq4)VJ-@$AOKIw zt$N)J!*6hHfkT;@2oKp@p49ev3T*xHudqk_j#xi2XSir|oLn~2PZ-g^kQqLa^>gvK z_1OLQO2!*khz9yuSjKUIboq07Tnx&c?u;dd+4ic8D>r4NV7zH1BO+?DDwF@54ixM5 zr@&_%g11jf+ESnK??(WOv^64+idc(>255?H8Or&aJdINE*RNRbGLDc4=WsiMIs$C` zy+~6jqa4B?qkQKl^EF-BUH7{$!@rewSIQow&1H=k2qs5#P@d`5^f=CLZ1WZ|=nt4S zi$3|~sD#26EK@QpJ+Z#{@%nnPtqE46`pQ#cY>{dOIAmY^ls0ViT&{~TlA}I;OF!=e#XFwFlYmwkMgucZDh=n0^^m?Pb&6k&NQBz!-*@RF=^e-HMA@pzzP;c5RO z8Y7x~+qmH#n@?ed0Id{B-75lnLIU^U-tnFJMet%VOUanUvj9~*z%n_hjXfGcqL~9W z?F;wb2{X;A0*632Kf$H>sg35>I#9Hcbwp^-r~fcOQ-?-^dOcx!tDU{FfmnE|wQ*Zh zD-*mh`eT}un;_H&oR+;RR6|?fn6;Cd-&^0;%trPMd-?_sGLLb ztNOZ@%kzml!d~44%Sy>FwyIC3N`|{q+AJ0J&pD1G_R2u&-=QTWwRseB-w!(@M0Y)N zT*kv=?`rfOgM)Lw7l7}-VvnOXH+1VQ%~wVPmpm0Jo(8xa$O!$lgOJp}!?o!wycLsy z=urio5?7Y{*OKjcSdHg|`UC)Ompc5YFW%Ww7}fXV9;gmzkV`Tik!3=BbHPgn z9#~@$`7DKyzW1e@G(CzOoc!YzQ5nJ1!CW0R`Pa@n6yIFRiwDUX9<@Q3D3am*H2w_s9`e-& zESVxN{3d_dHL*Ccsb`WG!A(rwF&Ld`I|28Lh_s;k?OenQPMm>|HY;8n_LqM%@q6;Z z-gDF?NWk^=`B=?S-w3@(Te~<@2f}dfa0x=|aI%-U8G|T+6U_`Az{lVFYp8y>3|5)H zW!;$+GKK&<$o_NJs2#V>gANX5*1jj`>Ju=b{-%>v0Uq6m=pF;R@X@;hXsM8c2l-H|yo zs>a)zvYh@%uWi8+!w1*daX^?cD)sHZDn8aZZ@4LLK3QJ02}^~%n#=k_SM8&trr(g& z%rmm2&C3gDbR=FfTp$y{HcWK}UFUuJ6;GcFq$M%xag4hHj@7Qa>#H)3^~nWl!EM<367Ha z{BF(=6j7xsEd>qyNf8S8x%Vl$l5?isW;jn{1aG`Fu zwBf?MV|-R$BgM+Cl&uPwBT5g3ZLgOmyBI4T#7?rr4-j6nN^~y6UpJAor^sjCM2Q^0 zTU`LCm^PLF%=&!>?r+KG%l9k+D)MjN#$o7L4&16K73f6)T?e%X3SbcV%;Udm5wO$y^`2NU8>3w-jN(vtT8a z&#@?c-S_{r2U!_lhRQ+^q-wNF+PgVM;KyU@LFRiK8^<_SHNtpVjcqDX1WE%NAV^te zgB3B9(*wr8@#aE+E)AZ-N{ye8g1F7eF^Vv|7XMqrU{$O_u{1*yBK)mlR58R3?Dgz&l#G^)a`e4k$j3 zmUM$n!tKos9=nT%%TNn))iXmlLE4w!R~XDg zjV8vT9MRA5J8T&p0haR!och##3`AObAlX7U8$uKlKj-MIU2S*m+-~6@@MKEc=fw)E zHhLp$`=k)klgvLAEx^`peX-j?;d9E@*CR=`Kfd(pn!tgd!)kjG;2h*Z)VG;+*3^2i8?F+ zDwqn&a)946tT3SI=U6R|<$wYk8@KTNjAnu$S%Gijr?ZcpwdhY?Wa&73(P8@Bv}Beb zlQ+2Co}m*K8n>bMdc*N@^vzo{n|>dLLCW(%_sNbTXngh7)cM9$XGCv0MfKUuU(#xk zsq%DYRbjU2K_w=B0P-TPXJ@YPnZ)jwFL?p@e`U_UKMz!O1$4J$6ly)qhefyEE4lT<)hEk z6quQaN-tU;DaO;e#;UoUEs8Bjx53vFkBC}P4&qEKZ|Nv?0MK%z6LS8}2QOF@N5RFY zCVx_Ic@>sTAOF5)rHUJPg98NS&xHi#D=Hhn~x02%=nhiWE)EgH!| z;yMDe$Q+@cAFmW(v_=itl@;UoC95Dtc?yD^R@+QF0=q*oiRg%12+T1ac!jDZfz}R%iB#T^r ze~7bu0L{o5$1I#*=)+{+>=Ag+afWQxBl(V0gM!ndo%lIHo-1w!d%%}O6%3~%lHS)oyn(4Z= zIg^-Uz3lVl2Vc8{rm(02=3}DRmGy|<@hiUM1!BcfQ@?33%@#vjKbWZGVGS&9VW@<@ zC0-Sxwp0v-ibufOQcXD-m<7nDKPY>KT;8{rp~O|N*>4;~@4S9**vKO4u%ka&JUeng zG~mqF718Nsv_$)*3yeUkfG!v4kjrJAqlopQ#??F;MAGf13LUfK`wmj!msDjI%wjmT zg<}vGm93nTqwnJRZT@o(tnBZo&04=9#OL^>*>ER@g`;E_P%1#wUJA=0bhxPW8=oy0 zA%DsQKn;O8$mAqfS_&!eZy>bSGJiO1@8REcpkMF>p1f8)X6D;yQGP^ zVL5HZ_A>&S9V`^E{V{eLJ`uP~VQop^21JWrIcPBfg_={0G|!0j*2#_3#kwpm$3Q0* z646^uh4L|{=;DVd^I3lyaBbH(YDZG)j-av->T~$K2t6ke0XL48Z~= zu|0=N3=mnnNv?=n=anZY^ZKj;!T!<&SJEkA_|d+bBb>c;SX@i9FHCR=?moD?yIXLF z;O_1aoZwDycXto&?jGFT-7ncY`#t-7-#Pb>`>bb8ude!4bysz-nw~W?)%=yb#GgTQ zrDXQ50B#CZsr@`yG5*USh`Qkj2KJ~LG;}EdAWaY>@&|KfFfmLSmU4=tdLIm^T7nDi z{UG?V=hm+F;Zlxu^WuV(2y1t9KQ<>Le=a629%Xw0>*`)>C$H5T)iTXyI5-QdFc=D`_ zQS8^VE_DBZNqQP5fz|2~rd*QFrUpLwy~|5gY&!3%DI-s?c;L_<~3L#$LuEpv5R(^CxG6YtyNpt@Z&muUh z@*Aj_=2b&p>bZI}E?xG167Sk|?YU|Wk`JfV%42+RX75J(>;lk_NPD)!REE%j5!l#* z#pmLffmA`s+G6(giGItwFA-P%pa>giex^gk#9x1_}kV;RvwsBkZkl6qwuNCKP1QUFpemwdrZeNGS z)K}^*kWlnl7}_RhPuo$3BJ(6CFr+!F{86aTG}BAF?j31iPabh|^8G+B?Fol--YlEm z;K>S8cR>6o4MLP;{ech2_?tA{K>uqw0xou*K*Bp?TA>X;v3jEID$93&*yYywQ_}Sz z782}hq9nO21tZ9V9hNVi!Z?%X<-d*+z;`y%?okE8e$cJ)581)+iMZ+9dX%>9J4W70 z`^EMAQ1DIXI|{p+dJGiIs#_{m)X5hI*2&BQFCwNhFsi^fKN(M@mx8+3JOaiEKoB2c zw%)^0x|Nr_I^bB#tPJt1dF2D`c3d4eq)uOhcAfX4Qj}UZE3TnEmFC9SHC!J*Y0r|1 zondm@kQ;Kc?YL?ri`S1%fNh=ixoVS@hv|l2U3Zjm_|6!*i%d%ByS=8#M`hH_D`n{+ zP=D!fHA-4VP^-Wo(ix(%p>YFzo zsq%y87pUYLXz9AFiU3j%`jWMA-G)1G^#_BauWBPDL!mUo*j_vXD63R&pDpt-QkJPC zcXxH+)F;<&4~aaBFE;S~LK9<$SD_WmJe!sV69lB;Wv##mSmxXd?ASM1i_Qwa&VWzx zf2DNaF{n6dIxiDENbQ&N-r-aH&?ForLrf zgz(qAdVuNTl%Vy!l{-zn%AGb<=%96Rsd*{CdtjirVimCIlh+P?@g4!-9!aDcvjy1| z7_p35?zE@KL}$;ych4zo-y~?P0<)>&aszgAT)wKQ+jm5LCgVNP9NQ_+DD7u=Zk!Dt z!Im)6bsF@}yw>RbBNM|^39ukptm^xF79oC^xtMiKTfHv!x$nOB>2o7Q8JfAJ9*g-M zI+l6PPuXw1?8yeP+INvw?NLAyJt}}|r1a!adJrJN>{a|bKIx{IUn{6uC zLp;Gvb>#@zz~O0q0yR(yrS@-xGcPA?)ar7ZUPQfMW27(mz4Ns;a!Q?&&5aBYB|m|W ztjh7?O~;6s;_`Y8Ka%#!yc&H+33?K;>CR8lA53)54A!Yu6$yfxVVE-(1g{oLL=O~n zL<-l!K_N^VpWFvuMVHhhaJ4fF*rH*$zhW;-+#UP`DB&81(NcHilUk5sx7To zTCgILd&+m72?@^%<+arRqdgc_^|oQ274(6U`E?E+4Q{aJpU?zjK(<(kvG~4V-Z5+++r5^K^ z?kZ5*dBsASR~cWu#xEgMvAAG|M`PTd)EJt19?LicQp)yE3HOO)O?YS};k-Ubs)2({ zfuOiYR_~njUExt=)EBf|aGDACf@GI>r28Nhf*`W;4*?v|dyn5ICm;(Z=C|j|5a`AP zt6w^92DIYEp6HUUZic^5nsAR|l?tGzX~+{6DS0XLCBLH+Y`~m@6uFd%-!Rrl8_Thv zQegwG7=WW}hG#UR#2qtZAy(xn6Ux6BZZwO`O=I5hbZ@UMz#xgR!E53zWcxw#>um$U zIo542-}ah*(-KG-fES$rxp)9kj`rerPe`JuP{#opl=hVj_;oJuu}O(6j$#M(KuiJ_ z6&g3yJ^YD}9G{48ztK6Bwj}rWxiPp|4vCH2w%XFZz8WZ#`b9!X70_ScWdTUr8$*5{4dH&~?D4 zy3ovQclB`Q4K|JzxrydB7?o%$0!fDUN6}Jt4@2^^r8jvQ{7J!>-EN7aOp*Q;F}bBB zu5joX_?tE?BXj)`Mn*ZFBa$KDs}W}D1#TJJlsSCoF{#(9Fl0S}`psI19(_zik3mFZ zBfb^$Nc-kV-5Y&kSQFOMxjojFuD(~)J+r$5Wrn&xof=A}5a1Eay%pOIjZvc^FPLgh zfqTxL$-OVPP`0>0mCJBVCcf0&_;B{Lm$bC&b2AF`G4ydQJ2j=2q z8nBu;u7zT%f;fl37V>^n@^q#s{+Nx#F60ZkQF$zp_ywwU@55tfE_ZwqzPAoOvwFr- zWmsO2EJQ*QOQIdmw3dTd`dK#G_%zi<%pKpGch0SwKhtH22SU+II`s1^Z}X;Nz^f0K zBsOyB#U5irS7sh)M?%-9U<;dVXf!Kfkw#~4kkxX%p>|f2Evb<3F{L)`K&IlLV+cV0 z1N!VqZxvI&6IN44e$Gx6Jq{vuO(Yx_b|;^Mzf48gL~AGs?nd7=X?S@JAI>v{Yl{lu zlKVmIlGj`YwkTy)#Y-isF7h-qzP7xn66z>df_%f^#t!?M$FJ=hU-ngGfCCNd?N3rU zp&_9X>4Vv0SLUV;rn;(5#D|ZKVPSK<&&;tKjl|bO3~Q6KiMj*L#FcS#*^n>2BC4vR zXkRC=S0Ah!_3%ToSDiffOblnoNC9Ri2dN4e zWh;U`rp^*VB>e+&+tR&0@IEb8uanh4n#ZYe~fuzq-i zJV}|m$JtOQ3Hf{@wc~!Q>uc9ak)37qauA-{3$&)$^M=ufT(pj^T5q*MLMLC@ix<6*hwo2`sW z-OD+f-d}|(3lyTfT+7BO=;1Q!DCXc=Vz;)b8D%uoJ5tLTKp7KeoW?i}TwD}#iQwJp zPAGYuVixpjmD)rWHWom8K<#PY0l|$%@qCx)(6Ql5w2p$81-Z6;VIDalGcuDsyx z8h9GFyDmaFip-{+HgP_-(#Sk~CO8gl5%;N&t)pLsGAQhTPhV1+DJ_;*Pr4wZL9GI1 ztXKoPO&dK8)#EFv$|vDzidz#eCQcHX&t7f-0dn=ugPteSJ+E>Y6TRd}zfmOea!hma zJ6WDJc^RL9xp}fw42glN=M$-4*h%+*x?%cwe3Vd*{jo!E!?{gxROPlex&dAJr_9%E zTZ_$LCDM64lEzQP7i2SdckXo(EXpw?0C*=Cvy5`?zK4EQyRYq*$}oo$Kkl@ z6F`~B0FQ+S+&F>B`zmNJFWQ>R7y!pvfcMhza|~cZaTFY#d+Z;#*D$#lLDt`cpIqN~ zRyqB1JAcN zn?ch!n$lIZW%}Ov?PYfGl-KPJ6j=J!Xj*1d3_m(`qL%22*l#v>8TJ)EAmb=o7~>4< zsx`IC&l-U;xW2U8M2Njs#u^TNcXOGyfeeN6c0z0_EjCAFV2+0^e;EU$JI2NsON@ie z1W(~*T1lNF7X6M}xkUcLR6vvcr!$w>;6woTa#Rg8wbt8QcjFNIq<09P>Zm`Sy%<;y zi*=g@uJ7(mu3T~!c$G_V+L0Q@CNmHMdaawL{C4VGN;Ui7p}Ri*RR?&21jMR{0OY+e z+)loD2zZQA>s0=u-sFxI*Ncm{_12{P0}>)641Qi)jiR_jyEg;Rd%q%(BOPXy0gSbR zkSNswh^GhJW;12*E*dxLHS=N+(`*1^|9lY7)EYegVrn8%f3g?1ICEooN;GOpPXrkI0^0nMC?8QyCEZD~BJ^%5jrx?ehYHpl_?p_XxSC;q zX#kLAEXVHWcoS~!TdQp&QZp_TmvOl9Z(UA}n81%ExVZ|ux<@ihZO`dzk@ZnKZdEuZ zLZ*C5YH3hZpIF{dXH)#zxON-`5zh+1af6H(f0&1h^I?D?w)sZnsE5O- zAnZUBf_9~@%!J~2+@VS{2T(iGq2`8qy;)|O#4_;0acfFgr$M;PN54k+QZ=2dt`buvmhobuUJ>E9NDW-T zYaA`pw}ythCDPldA6lP(_G(mVW7y293$inWEX*EjPjjE6a_(O z-@5s>O+%|2DRM(yuojEru1Y7qY;>iKy~H=<|72rg+5j&C&h-4{bRjj&)hOL&pn)Ji zt|zJmAv~6I>l}n%B<{x6J_6XP*Ih#DDpd`1qgS%du-9{d7Pi?I)jE4*xw6>acCGol zkh!_%n*0XW@qitbIi&8FcA}5}7B45LbC_F2eEkBZ@AOXUt zYTRb@D{gFksFWye`#U@$%4QJ~_QW=)=#gS5o3~_;k5; z^Kx`D@Y)cug>q@CI#<*MNyST1=Q$|N?@J$h)`TnDKv_3&%XH%pZzK-$7mK&}Xq`nR z*l~+(bG)I$SHW+ZVJ(Ub43vi33kEe*Z=|Sg@y2GJJ#H1);PKFxbkBe zN(`a|;XNv>bp=q~X-e;(p=3W2p@3QOb!%}g&KBFD$H38RDq>ztNur@4Tr-M6~ zpJ8z}BW+3sf+WQ=4TI7v@{ThbeSUESX)Ve!e>*n3Nc%xOLt}0$G@TZ(T*=KLO}%wu zhQVT&vOPE=ie0GhLyV`!6PwKN+JO8`AFm>k*S>qL(@W+$0E5CVuH=jN7i5_$qLi`0 z%aXGKv2h11{|pkGnRxt+!3wfse#$^gR$YO@j&1`?55DlItqwO0eKUzGd{BkkH-Y-u z2ufMj`cawabOTIvN&zTC`+X$Z_|cZ{G|k>-cJSy;$9>oKu~`hP7qAVS!M9SrKW1>e z*L7oC_poccMmCFC?UK*&#l!a+E;ZS|=*GyoY!q}kFDKcl!` zSR%>~aTHNk#4JRKzkeTewFh9p(B^?gA9W?+dX!1QmJt^oT}on8;SZ=rRAOM{ zgI!RX*PvZO=~U&R?t5yB=DN^El}6x8HS|v;HFeQ-c50;wGp7HPs^Xw9iP3|`3dR7WW`?w^g@EI=RYNdX0t& zNb-V8UKpD9V7E)jZJ@fEPUHK?F)}@zlJxl|8>qth$1`yFTGW)Y&`dF#D6gbbPN|xy z%??l6N)vT=2?%|4zsj76ACQj%G2?jUXgNw9Dd2!A%qNf=HyC9kLBX5sq&TdJceaRO zR>Fm7YBBRdFSZ4x?tOx5vqGOtI#i$pOscB={$2Lw|D`aQPArG#ULbWkZyuKG` zav|u=Q!2iaB-EYRMAxl6y`Am!(lmBGetGXDH|_=2buW_5qde_ZBs(-jx>}C0mMO078YK(9yS zTq{A?rU5^{rzJzayTReSQzM^>Ao{ZY$`%s;TUwF(KfN5~5<{SiW--(Y=sB)t zG1j7S*#0_mL!ew_IzpY4>JXUsR9uzPJO&bo+ilX}vE4>?pyZG8lP_)J?eADheD?J1 z+pUHCJT>oQ>ZZPNrrY3F8BA4JmjrCWb$hf#+a9~3q#jG$?iF?<;ZF9sxo}{La$jsI z*UX7$Y9wF&EQG)|;;ReH8-wZNvxRDZr! zzb*Jh6mRomqi*Oi6l&I=?;+xHL=7DaVK;$32kqVl;2kn=ClOT4mJ>kQCVVEgS|!&Y zH;#n*%YhzXcUHi*ZWZ>6T*H^{IAIlqOS=JdmswW4HeMoT$k@)+XHUr6g5Qn?HE4 zhtDfPlHfR?0I2ajgUB~D-Pg5|P z128e&u_?lW#s0!~_{qHx!;6mA{k%JQ;)JIbyec38C@=7!BnKO7KzZh*J zCH7Mf6p%md?vRzkg$sJZc-K5H?0acGbSzGdOy;h-5~v=y8fCF}dY;atlmX#iu2bVD z!>jQBe9~*-hv6zaPe5YZ7S~S=q`~{~ET{glxwkrYS-4!S=)1BkO&{L<6bTDs06mhCzw9(s)KsgRxXsuXrNpqrHzV{URrGKa5&;H>3+@(7ESw*Z zv+Z!hbhD<6Rn6r*%4>o;7)u6ElXXNQla(KxkK}pM1T43U%q;w$=D^ zm%u_BSsOYy+8gOv{dH-hZw?C$3(det51{&@<70yl}7swEjj(IOEx|WtJ3%wg>SR)cB|*g zi=H}WFOO2{ZH?ZlH4wEW$(fP)RQYsOdAS%>xS9WO)#kQSI&eR-Yx4dJej!Jbwqbc| zkx!Q8eNpFarQ@#e%gi}mWFwW#LR8Cg@4M#J>Gm`_i;mKbGduos)t}}Fe_o)FiOSXzFXyFEwb{Av;0;B-J znxK}7#dipE4MaY)WFF0rK=k^9$nPH_U`|c z$-qq-waMW2IcmtjRSK`i;0gmTZr~z`J8)p<|H6VIN!7fEa`of>BpXe(0d)n+Es)_u zHi&!y>IR$vknKcng8!@7`5!RqnMJoDt~uO@vOmbSLav0lykEIrHuH4R2;1(s+xr&qDF`1{UKC82!@oFM94mDikdfJdxt4)OsF_4PrncQ()iP? zZ*#e(^Jc!pKQyj1oog~J(!9LHsayF4%gKRd?67FQ_$!<046uvRveWx|;*4y|ny6PB zJI>m`<=uEzB3c`jlnqp2_WP~A1BVW?&D%Adtp4Ws{~Ftv{(T$&SNQrnPAEF*JN^~X zelz~W4naK!quD%=~w>2LL!2831e_&SGW# zeX;@A7}x=<3=9Ak7S`YNKf2f$SO83n8~`SE4glLn?|&oM**|*!A^Be@7M8zif9d)y z{~PrO0pR#gi~mr5bAQ|VyKlcsW>${hcK^#0AHDp`6aOy%c;{a>{>Q$Le*M1w?a@D; z`4{Rph3P}zZwvnN#-B0xSMUE&ez(TV{-Num{<~yh{&=hXqv>BW|6qP|{+`wU{pzFk2k}Skzl{Em`hU^>XGco)}_CMNwPu;(%zX$ifHz6KNLm)12Y>v^Pd>^x5^Kv{=Mw^ zuT{&pCJ;vwt40>AWf{)JYOCdjbll~J8G(TYE|r0gD=RYGHLs5I4Zi!1{Yb3bk_?uG zuM?WJ#-|MCamZA~(=e$VNkAkxCt8Qem`Scc&??TP*0hvx&d_ix_BWLLFl=V31{$3@ z;UJM|nq$LrXb&AEuYDrvzWo&{aCiFs72Y$m)T=<<)@VRLTt469gCatLA}~9oOD8?Ng3-?K^8M=r54; z_i5JW!YzCrVw^M@pZBei-l1OTtQtorryV`Rm!QZ;J_P?T4u77>_?Ra;Pdg7Ld59M8 zr{>OAMJnUn&&;n}ndsZ^IfW5z{y}XM?|~^AOR29GmP~A7qD~%EWNcY=i{7&@uwAb% zqreByx(52Yd%Am|Ky zd1?F4_d*zm1mP@-w+*PEn#i8mGW166S~&qiel5Jx9p%`Yr2 zkhhrm;hXmgmWJAz+o$!C_ew|UjgIxY_k$G-fiT@riW+y@ea0tb>G>* z>)4(%r7-$VrEy2gPH2EiD!kilPAuSk z^%|F*H>bm%Am#Tt%_N(;?M(HxDytCU0@)6VKraP?txhvuM+Sm+1&xu1C)$C32=wD? zCcuCPhYdVEteiMU5ovRrbv_zl~sKdfzEFo zBGW4mF>@I(C<5%PPA0$P=kZYo0gpoCl;=qwZ}9%3Ab` zzQcCI&C+~1TW948uvYBcSe#loU&V;SA-iv}g{6Rwb5E&UYD1aLVC7Tarc^!pd{^6v znG_r3Pq;M^pH^$X%|_N9==gX@xX&ah<|#VYu;pMlh*hXIG4|~!l+2xEXp#D7s>!8x z^y5s0yxkj$GprxT)6&d$KUV^rU;aj7K>l(t0|qm3qUko;86dr~w9$-Kft0Wyu1bA0 zrZwLnJCb&=VZ^|6N*yDPozKDM(=)TcMw5=hOS4*S$SJA@g%6{3`)Q@u0JS7&E|bk5 z)*E#V?nBp&VfzO_(Sz{pRyj}5kmJ;5;*o}7+%x9{E>)$^PxanQ?8v=nL)5)j1G=nzUwvRlXCy-!n$Xzh5u3AM^F=-Wjg zJ=;pFZ;eFeMhO9dRUYcINtySa|oZ&rHK=XXM|Z~!ar3dh{xVEIIie9*zlyl!3=+z zv&I6da`13mw?gUxHN@~u#a(MQLxzVF%_&$x;Hx+T5w>2b2CXRBLe2O{WrVK0quAzT*=%WX z1%F*~LNVDwDKb#id|uS+;I(6>sZ`vb+;45`I8jr9F4bpxEYw$>N$Pr=!XTddP}LB&-?G|~NLu_(QS+27p% z%Pq!8pJEN7#R$?^NRa_^vs>zn4P>1?-Xgu%1zN z&6{lU+@fp#(v4a{=zSX;4UkXf6>8r3v7N915GLCcedh?Syb8`K z_UwpkHIBTjYJ9TTN*9L@+W7d8miB!3YYw>y{vYXRdy86l@jhpD8QDD*4F>5H=gbdN zPny#{IanPnr`J1I#82~HdQT}s>m`~Y`SQ^nY*B2%jYQ&$r@$an)2k04oJnplvvD|4 z#`wAwm&piOMF$~6l04=ob76T2E}5z70+et0VP3iziI5Jdq(>6oA!{hCLoLR)&%4U~ z-MSj(Avlh_z+FP}sToBCJxl!NLh6H_jm6d;XMTwAk0hQKf=N}F{xW!XlUm34BG@Ye z^G1V~<|)n4F-Z6f_mAW0vD>XMK|!Okh+y%R4NUbyrFTHyCu;MA?m6fz8d}HMxC`zJ z?e{kFNf`>?1BXqFD0O8U%EEzcUIS;>;+b+qp$R zJ!ry!XC0W|Q?+aKHi-|;IrPEbe?m<9nha)t3-8o1k_g7MkrLnG^lfYbT z`h0*(;DTwn+jx^hy2b@988lPs7nl-QHm2??GVD4$9i|2G;;M^zc%|Qssl6=ia&n%) z&iLY-rE`q9RparA1i-L})*}cMyy){7rI2QqG`%3MdoLAT{~&}xdjJlc^ceRYP=?dd zpaI5Ebj@#3z&mEq^I%CV3yqF-2FMGYA~T(S>))AZbtqF%R&B3ue`9u=$aq=CufZYW zmRq4{lx!`T1Ya7L#K+x_Frj7rW#4&v+z3Isx`Qw*E%^d<=`;n)E0-I=jLZ$#yR6A3 z76Xm{l&~pP`tL`^BMs6FyRuxlr4vXdwoPKd&BYBSCP+)q?Q}o z$sb7Btr{FxLOyvr6HI0!XFdBF39rmO;q!fU6l}a81EkT}ocb#R*caR}zrp&c_^VVb z=;g|35>;nyEd6}9USd`Bt+Fc}yhmJFo>HaETJ*)i8yAuugE%~KkYLDOQgA*tsKL3N z`)+N7N0-EG>Ge9>kG+8Jw;L7XctPTeV5pAN!@-R0Q*Sj~VuPz#?6G$!yGLAWS7q@8 zj^|+Am}aUb{Gro+xjtH$OYInC8zDpXxgBBKAqF@O`A9HfaHQ*=u# zi*zG=UA3dACMlY1h3@X=gamAGTG zWZSfi>Q_tAlOVN7LphxUqt%-$cMhiCBc8kNJo#v2AF*@1u8Cbmz+hwjJ9vKcE;hjn zQd-nTzVPD+?I$HLrUw(yf`x0LwxO{56cVYRA8#T(Zi(HXQ}+HL)AAX`AU{G49rfjG zHZ`o@vb&oo9w)F;!4GO7>Wy)Ec<2Ux7%0m``Q{m4RewHbb%SY3~9 zI~Gxw5-!^9XVX55Q>M}2@dhH4VLqIv-k zFl-C=g|#KHW7C#L#Sl$CUVCOuCh5aH2(vkm%0prTWbPZ7Y_< zAXSmAZq%Em3kfKv~b{gglzBo}@**|BQU^hrzWntR<%&L_T`aM#yR4X?XP zX%E>7YGABsy@+GHxTSXN02rt0I`SV*#9d2#yq8d8ijzBR+ifh5VT5wG(wyu+?3)PZ11TcS)`e5q!ZMzRuYGtmSkJR4TZGIuKpP_!Dbbq7> z_&NVR_(-{*tVeZMEoFC$G-0<|dJm!1C)9g|XXl;US6&{N^R&hh0RzSyE~-C~d&ba8 z7&C^3l~A5~V~t*+)R4eyi%&Ss?9Qi`5v`7hR;;KBf)s}OWo6il(Mc49Z%0JH85Xmz zpk)Z!vu4aDzP%5Xtg=JuFi15B0vl}?=5w)yn;0Y~qB}5G8Nb5*eoQ$xnn6e7_fHvf zC*l=&)A7GT=Os#tnpm%huT+s#Cq>a7HwO>SqE2=gHkbL$8JFWBaS_^zRq@8A-Hzk! z7@W3m^%NVm>bSmnkDe{&nlxs@J%g2C5|xW5Awq~=^WI*_KJElmiOIP(S+G#NK&rq7 zR?&=L=!hQ_yXJ8p5Y=|Ar!C8%wus_Ca2Y5;d}3~94%X~|>j#BEON0>1y?xGMf-r4J z%VE}HsFo5WF5cQ&Re&-nvov3y)3iTOn?Tco$(j%#|7vS>8fCCIt;=^c9vbCzLZv`^ zQkbd8$X5)4bR$2Yqyt59WTpA3D+T$dyJLMhGny**n;bJ}U&h>#$F^^Q4D5nM;Fn@G zfQ!T!@3w*vEB6uDBL?P#n1U_-aN7$?eSXn@dS4EeHN1Gv;jgjy64H*x6VC);U1O(X zOca=+wFnG`-9%vpEc2 z&`YV+CR5beI=?4qUN12c=gX+=*uQn5FziZ<@p0A%Og&hAL65?`o*+d7fU@=qxgMfi zyDW_3l1oDgK_|Dxi#yFD&XbpylP~&2*>(ZePC^ZZU`lR}Eu8_chKVfTt9k47?4o?| zPxYO+NROeevM?NttX3oEebw+;QE03`81N zHy9b~Dvmp&2RjMj!bU}1!_b&cg0G5o)$|p8LJ)+%0@N_~m)Xp#h-1|8X`xpv1MTd8GG! z`sI4qwM%2SM-7n3wsKcNLw-(SoG4u<*7U=o#%{9&^3F2gGMBye3su5XnYqe3@nz@s zEz$4vpo>P!DJ`nm!UQrB|_nF~+GZ8JuwrXoFAd`MniYEuM=Z z!L!tmX2Ru77s> z!R^_5nF9c{lBRUf@=3(EoQ;H*EiWzkBaJ8pqDx(9Bw2r-P z>P4Esrl;z3q_7xo5T}aO;&%G05G}&HQ47Lu@5P9qbcv_w`a-|Z z>tF${Jc{(*K6fK^oZR$0TP455I$&ziwg|-#^YuknzZTMb!ikf^T{zk%!e*N03{`xh_fF7v!O0q@W$%kB()VxGf|{sICpTO@%d`%( zhtp8@%b?JA@#hkeZVk?Pqm3eHO(-0h{Y##*XgoOqTNOyu>!9$eiJ4 zXN_O<`;+#=(8FI0$4UEhr($yfXmTamD9fPZ#k9CgB{5Ye6Gu_oV(47TlV`q{{^-L4 ztc@A-PG@4Khe(+fi={k2UV-N*G&zJtEY7(%QOPn2maiBki;c5L{iG_icsCeRSjY&h z%0xRwex_Hre9<9r znXEl_yiiMZ)6&qESBUejVGTD@RPM!%uXSi{d9rI%z2(?7;)1{-qRu->yoVpB;9-#( zggMgzy#YsA8;C#>Eor2MXO&v(Ov_ik)Khm~SPE)Qcn3OI$M2UyeDrZ=6k8?vnT05J z3|aXzoOzm`JMQE4v92)gS5$M1Vw>Kd>x7*mOPt8d!B=)2&&V${3D?9l;u|TZ54H@9 zf!ugV#M-;;c2um>#{-IT3cQEd(o!h9ONyMKY!}h~UxLsm%!0hsIk*V|b zIrbc)raxhGi>-wPu=5?vV}MB{vB||Lc8>Qj>=(7kaG9=DdJg6-&0%&X(W!r-OIGRO z_|E<<8w%!B<;LM2Lx0TM!9qv4&SftBhd_oa8Tn-ETJX%}m?Tl*vk*CyVS9SCdC9gy zk=ddOk#y*B$S>0@GJ>q-Rtm|unY;2Ar}O>i?p8q&ZVTcee;qz^?aRy_6TBTNMvn{G zc<9HbX45Hcq86WWa7(ApyD!KmKoiJz{wP|Yd~q|&-T9I{(lejf=< zjv&8c4>8v_nq|?Oe&#a!b}E3DLiG_FYQn7M=#T?5wUMPfg9fTp8jt_g1?_f% z2UVGj93RQio)p!(yK*U{=KC`6B=$4pdeD8Ym9-!A=GO&bKlT$Ra`l|1>tI`qMFG5U zLpGK7^g$t=(F`-w;FJ+L#oPUY^FGej_`EzXVk{aNGC0>6&K&)mGQ1azD8MZ+Ksprs zh1C7}+I92T4|>1YF5LWSm^#O<;KxrmR5;6=ez4$_JIrKhoK+Nxksw2G+X?o9pnmsU zHa&P_6F*HjpuEWHmO>F6f`j-kZa0;uk?s>s_{d0;M>_k!quB7@;A-{MyC%%6UOjeO zt}@i~NcU~pE-Z5Fu|s=cWF{$-u2+DkX31cPhm?&5-Fk8st|Wx@f_6Tg<5&>ovgP#C93A=d z2;_IV2pOSF7h|aCW}*GsZ;XGLk->y{FviF2SFRse7Wq^4n%y*Rs z+n=G|qy;PfOtES3vX$l$URVGP*bVG!E@6esQ0$B*nNgZQ9==Y#crFHs;r@OoJaG(@ z1S$tn6DlZBW{)pSo{~_A)`RaBb>+JJ7{fMW9@F;q25Z}_YlYA-Hk0B?hBD*RkpQ9G-j0X7iS%a`b{UKGu(=gtf~o`1T}8jMiva z=|=(7o($c}jn!LcMNkp16N;usArYi1(B zzDvxhU$oLzU)Z@o#WI7G-Zt9Mx?m}9_JKlMRVsf9BUVKJ*^UaqixB+14e7B4;UTac z{H6h0zD`1q%+!lZ9A3@}tUNT8^AcfK40hEzbf-z=CkMDre|(`JS54x$t@S#tD}jS{ z4aFk5BJcDrwAK^XLDB1=ckg&M6zZya`bL4_aBwfb+^7)Ul%lcaNCi(TBeX%B_E<>j z2J+MMS-{T(JI91ZZKB77me@vv9k+C#FWM z-5Y7McjSwP%fmM=zX5YxXd!dXv8|un6}4Ei$X3(Z+7>S8w94igg&(OK^U1nmZ*d|h zugNrv0R;D=$h%kbBK2g>mB)V9e$UNTA!b~JS+$^B zn0xvncq+9s$iNn9?Wa`bsR}u4q~3Ab!mmnS)R-mnBv{>Pn`EAhE7{y>M=@XQ$xylg5(H?)V z@^ct6oF=HOuXB(Vpb7lpR2uN@D<_cht|?=*<>To=nvU_Y$>$eph{PgmZK4@E8kJ*` zrz?J*XpjWCC8GRm6}^m|(=0!n(y>w2iH8) z%tG~*YeK&YhPl61{8TQ!+O`0K$Oscp_%=DEc>v^&whuv;N)>@DO-$f+3(sKO#4Hp%z@8`m1d3M``}RI~ruT^uA#V%y88gkIxwR@wDYX zV~4cn+{45IV{rrA(Kh`DSjq2G;j4v~fm3^IMPly4s&ES@knxo|v_rwd?%|W!OxALT zGTaz78m7inJ%8fuPF{aHd;Ll;f`ufV{(k^JK)}CMP$OES14GWw*KJ`;uLbW7{lK;LG`n68mjqNCN<6angyv{lR6f$OP0}^OoctcQf(K6KJQ~V+8nI z67lM5>)#!1+}fO`Cf2EvQe5bdU&mE)M~ny~7!yoNgCx)g7RO6n9$$jvPyTA#iXB?5 z*>ohjnfa_cNbG;OculB!cGlHrr=utg!%yQ6K)&H)<6nlqQd&Q26qc>qNT@EPY(!%B z5wk%bi9~v|x9j6+{=s2&l6f99dl&*D0!KW?O~;G2vTVS45SzRnHv5|;&mHy|z#`RQ zXRuoIIo|-lH?E3Yw)vqW?f6aqgCq$V^$**PvoS&#TRXoI(KK%B2M2^W*o96~_|1Mp z%f*W`G~eWy~xLqjQOrrxjmtb(=I-kpfw$NjyE>4BHVfEf$yW5+V z2^$LrgeSSp%}a19e^pXao?E&_@@K}wd=!C87nw--4TH3Oj8PMQbgJ#j2B*7)6^#yT z^f-DS&{n3{g^SE_kc1#`s=u=5ZQ}xWG`1Nup5{c6EJCt1|H~bWx~Q9^Kh-Ab%XVY? zIribS?)B9vX28D<1AYb`he`7qmLg(n-nk>t;3$+iKhf71)0d=+#kSQELv8z$2f;C} z5olews%c&(Pi2{CO_h+F%~nrhz0;TkoR-L?E5Yw}glc;7@zWxN>g@%g%^utooG+LG zOJ7P%!l45fRRc3rVoHGgReFfLWzgTVeMVi*`Nae=B3(*nrlSjmLaYd9+d308oXh7D zv;uoDg8P%H-04R#x5F~Q#QnZ;mj|#`Xdwnx%JS6~baj-em1GWyG)+vD4gxC;MvxSS z!W$%OrT`P8i2<@0z$pgeQvK_=y-}Ewa^(K$M$N_$p#|KW>wKTD{vkbR1!7NS$AEI1 zbrLhhmm9(mypWamvNuq7qUW^WD%B_Dx^2b5+NDX-OK%h23+EYxuY}=q-2Jsa^U$G| z^G-h(o(s0C2+y;VC|LRqvm;_M`(lPpB*b;MOtvcm!{V4-r)9ykc*nz%vj6D^J5CC6 zyz6x;;AaaH`gf#vi$fx8zatL9`cv4E`(&GLd&|3fT`t_?jrL@v!uEm9GO7hOXN=8X zlsvgF{h1=MPxQSm{(1PAyRf8zZuqAS)Ka(;L<)%zmo>&>b8N%^; z?^@XGlDhc$BTotEl7t3Xu(8a#J3&_nltv?Q=axFP(cz?j1N)l(IC@%0|?&hMQ%EiUPbb^7azl}lt2DM8qGDt>D zUn~Go_c&*UO9UNl?q-GFWE-Z4Pq}8yB2|B&ngRl8T{3u5?GJB!F3QV7|D=fV2)p$P z1|Oot{h9X{Sg)7(`>{li7ZAJB1Iyag#n8zh>#Wk*;RkjQ=(BL1$EDSCOwd30JVief zU$`THIEDF&h}D{ue^d=uuzLcHzORP;XL1A;L2+YD@LSLavSBJNLD;f=7 zHls-V6P+%h@M31zM$QZ^;7!KVpACaby_}wd!O;ys! zH_i{SsV2Jo8f2+OUF@@$C^s8-e#(xv35|Vb9J(0)+LO%t$!EeSft)~eFO+%n3(x0t zLdBdqo40QXX4`xqMcLjvoC5ev#~Z4{y8rVgKNEj4KRYDCwQ_8}|5r*_-BKG09(fTV zs;vDjbr*}cuBDK_Bw-_0?uIi?OYV1(pkKKG+9)#B(_YTL@y(N#B`THURrk@4?tF39 zi$fxro-ZKl(E7wG)ap0tB_8~02j772guJB0m~1@#XZXj>4n?K%HRm?yuIQj(nOU^0 z$-Y>*?CYZ@XK1I55xDAPHI_-Ags;-&ODB70k$rZ8ZH)6cv`+=1~k7&2vq=S`r*n;pC zqet}SJ`N}h2J#s?7aA|mo(@kCNzg*fNa01_jo{EOZ!6Bv6t(6n@jRGSa%{ z-MPDnH9DZCY(=Sw6I!!Qb=fniJ2`JYzF^65GyYr%p*o)gLq*H3S*HuxfVtgiOE6{|=^b$JYL5uj? zF^KHkoRxDCH$7CNg3)*rk{n|hSFn$v=>rEP5e6&fUAO>I%yA+|h3lYti#=C8gIAmn za-n#s-(yc-n>CV^+C293c#z_G>{eu+(}lRwDb4$%!$>hUZo)i^;A}|sV-*qU#tx%e zehtHQ_xOPTM%sqmLYr}?dn9d|Cok$9r<252ewEyKKn|S769j&I&8EbxM%bADIb5#| zs2MuYWdz|GmO*KJz5so3+akI6?FDZKBj}kFi%)v)Tf& z%90wvv^sofjpmOA(V?$~zUmF7Eiv6@j~cgjdHDbY@A}m1frzxjSlCB2*2+ZM)0hA4 z`~sa9)@P|n2qP~g#JxG_(y$QCd{kO=Z|88MrZ$KA)!h!>aaR_5b>&+grWfiF{5$`U z!-vpK4KCg`mh&LYx*`^zEulx?BJbdY{z+7?fwfXsF4g|Yg;^|}B$q&&%L48P zcyq4)#++hVGC(v}8|fZ;|AaoQzG!(DFw)N~jWbhG4tX#rw}UruYYMHD{homcCKG|% z-sSL8iCDhm9-@p2woIj@+|fXLJnN7rQO%0iWAFmQXxeCOfd9}SCHQC`%TXw$<^a>! z@74pE63yH-V-@eh8o2p|>O9JPkqDglVkx6?6(P^Ioy5@)88g;uTJwmNPx3S>r3-wg z;WlKVe~t7ESDj85&~-+}#pB&v5xg6O-`R=Zt_GE3k(5Z*O->uCD>n&UtcUQ@QG8;b zH57hMnveL-jm^|_x=exxYc^i_LinJDq?udOzpVuhf33<;^(>NK^GO6kRWED%qPvqJ z=%PFWvH=@>V@jajuq1}!q9az4){*AOA}xGW?3Z^4)zUKj%?~g|_gvyVkf48Zos^ct)3H*S?Ij7u@s`-gdoj9hqEF_{go=TVCem`Q|d5 zsq9Rb%WA2}r-!F}`yEDM4L-H;o`n7lALhdCp37_A8m^uS=Q-0h5!p*u934}drrzJL zHfhT7E?h9XlWu?S0^Dq*es|CDWY*p)b@AF}W@7kGl@}~%&S%cZ9rF!g|EMJ+QV(Rw zWNinr1-niAOR!V^^n|A(-lKYaW{_Z>BDD=L^U#;%!DouiB-JzS_2rjkrC&oIV0+d8 zfNX|jvsyT@!C1&O?)~kuY=w50vE8czV@rBu@7?}gptH2Nth{HRR_p~$fiFSCw#)Xp zd#U8SDbu-os|fSk*FbIy81AjBdjvR27|)Nsx{X+a7`@D*LP@2rO?e(O%~)UEwfyN+ zySWIj=7@w8aT=B`h%e&pCiEv^y)tl&d>WyycEgw0a56UcJF`-V?ild`=hy+6@?l6XN8rd)5x_+xh-=4_aj zYf97>Y7J$z4ie%pIe;D_w&r(&Q)PpsF&z%(XN3lNL@(xIH5w15X+vp@s6Lj7Q0KK5 zO+qy)loB%=cu~{Sq_srO}B4fSZgyUOYnU)dE*90!>wtc zS(I2}+qh}pa`zeOQU?x_vC#tfPSdyNf?|XTj`KP>^0B57b4w89u5bBkFgNk(S~;{W zH|sE0OVHnFT;3dKrAax(8Zflp5!(ViB8|l&?c&!r@Dhk|8#yV(Qm`1>2Zg$cf9a6W zWv}sXr6^S~%-r!U^`Y{Hx)a z{I>`qP#4D14WC3@!w7T7*9+EuklldF+0_*sk@@I-4$H|6^|*kNe*kO+Iu>ar6ZLd4 zmQ+}RJK?HR&NC;EfG9u6Pv7_PV;(Pp`x}DCxiDI7&HkYbNc}X8fe*)b3~*gS8za>` zSvF(`Uft@=Y0gBj5Q3Qv?$#a0W>yRzq-9gi)>(`k&9+MXsyb7lXH-L1_3(H7wR(Bn zK?{`^*H}6Gpe;*+gOUIrTYsL#qok@y4hh!p7`GA3EveyT8>X^1;DcML9*51V3P|8} zD27{i1m6x_0^zEZm|tC*iv1JphM^DNFLnaC0M3Y#`E4 zy)GjmB#N7tb2$?H6?(EXVc;XeA?XYvNo`{dW)k9VvD0hv5;E1l2L~E4z(;K2XZYMg z(=EyILRp;3+)xr*dmhi_jd&w;FTrxY%!OxlAs5b{WXp<`8NskE`1^jJ>j5R!KSme% zjHyv7UHv$fM`Yl~N(!b*dM0X%jo0FPU_8~zRMn)pOhUw3y_jf#sFsp@&gr++qN9|D zqC5C=r6ZHSuTF8a*Z^8^}EoLA(sT=ySDEqsp#MUqy^OotGG%+bD zd{R$8p);@v9BBU79&~=b34xvQ&r0};+|Jo0U#UM}HAY>mbd5Lu!V4s0MPc*+&)5TT zCo%yWQx14O$Lmt_wKMHU7M*ALYClq-f8`-{0zF5Sag)$jt@FG|JJ6Qa>hlnL8GS+! zrV`mt@*YmbYT9)8h%x5QA7VxO?fH5$-o-c?JS=XwDzU568dNcA=DC0X^EFs^ zP+^0+Etn-)O?W2d;|C<;s)~B5B)j&ez;fEEb%X}xPZ8rRI}k&9d;aI1%qH}8em+e& z;Y+tICw3<8bUy>Hmhduao~3azOi_LT6)YsoZai<3O6KiuN%c|;HXaFrkt>jiqa_(K z^Z@$OK1{8p?|QeZX&7iC#J?u-IwszaBmY!==07&qRn?TQm3va;;&uwF$I+4ohBDx= zn-GtyaG;Uu_RKE2Kgt^nR!!dZ&=UJJANSNsGJ%#VH$b?WP~K&3y9PRz9CVL5jNR0C=p=XT7K&L*7d>hakT$3|w>Rr_Q*#%F*CcM`B=uo-Ap{Nk{2km@q z6k_Dm!k^FsI+yqsgL$6RDp-xT;tAovDarY#7I#4qfiAA#VLer&F@fdvZ-400Pxfp& z&`j@uHmV!o4=d!)rn+wAtBt!W_$mLm!11_&nBMHZydXz=$_32a8a*>dR4qO3!2T7u z&N?V|Rso)J;Rv;ZMD!yf#lje~W&9Z3T1%GW>fbT;7jmO^sa&o*_>Vv>zv8Du6x4{0 z_0HSHAsa5`Wm5-n+@*5?rK~qNr4?=%pS^gl@z8ag0u(74iC8v52U%h zPx=bBMRy3%My5VMmA_JtMt_R@()6@=+M&gClElC3_)^+lmV`nh+w^&i)6mN%z+&{- zkV$@!T(y&du8j?LV(U}IMjy9H3=s5S<$3u-kg%j_nh*7682NrkKwH`N+~2p1M+^B4 zVWtO}o1XxBmOM?>S*4#+E9?Z3-H6(tz$6;()obgOe*oh@|B^G(T0-8-Ot`j9ya**8 zVAkY2ul=q1G#*XhYAE?Wl`Y`1ae#X_NL7Edh?3`Bg02G7jy=zd_)(mh_WO~*s49wq z*xgEKMP3zDAUJLGz~E11=SdM6$_;Ddjb2{R6@%KPrwYrktWR=*-w=QDnlA?@Wxbbq z1v*MnaF+mOy3&%F71^-XId`+g`^EaUUi+x*A8Hni5QQw&T(=7?TSg@b-36Wgu)5PE zYM4G=4W=EDbQ;35mwm?Id6xl&k_-bIjEdiv0;uA@(d%H$(z7ty@EO0VO)E>u1dt(P zZ&q@l%p)V^y9=Kk?UegF-f9SghMHv%>fFK<`#3hzW^!rOv#XHPxO`lQ#H}2?p`I!m zyekv|mU4htVbh*7EL4Vk?ju(v)>H6sKC-g6)#qGt)Ah>n4RVfoO};M!$;v-rUA?C9 zvM0mAXq?bjZHw@h*_bDr_?m&7JAsM!@5MWbv(RQTLN?uwiZHyF2Vy;47Q~>plnNzL zjJbFHhzU5~@7q^82jPQs5RX;165D2pkQn0ff0MA17pq^~z@O#9UP9`!?k0R!FkyGM z?zqYOqYsrZ$nt2F+_|jq`@QxP|5dc^{H{VOLFUy4G%`X><)Y@HoQkN5Fh0qb2c7iK zw;FS{&u{dXcF;!1O4ijrQKO?NRZnQwcVc0OPXjhGvvdyKq55i*@{xFpuY7+PexBsK z`M-GrcdTzy-x}<} zF12NhTS*4mX~DM}J{a4rCItTW;xM@?Fjj0X!EKjE#X!2lkQnpK4@PJ*la6V>*mZtm zoe3kPO2qGUELcViBN{$_~b8KQa*tNeLN5cv<1bb zz9wZS^=j`Rx1{LOofH^GvjD6m11psUGlf+Biky`RzllD>ZNoszJ9G{@)LPS$Mi;;! zYNxT7k7XZnt_0ZUNvQuh2Opm5qYAh`U7Tg$p-ua`>yp%{SWA)caC!26d1Db3i+@xo z+p7x^fY}*{kg>rkKWxxw4{D@wbQ>Ki9hqqALeko8{xrsI;)h?^qPX#=hUJ@~W=^8r z6>md`4W(!U^;&M=v70cTCVTgk^&Z49v~nu|zU3e!ZUHk4haL$}l|Q7-O6p4Vl$27{ zqX%}gVT2z`uDiPzSGItFBDi7&$}3VHy+iC`>2$7>q7!FG8-w5TEv%GU z@l3H(mRLT%1!4?)6{B)qS+#~w!nWN?pGpQa8Tp{$73(dYe;}iNpG)9axJJ`iH&aS2 zBSaWFzWibVI8o0SV_-2$t-qET()k)0i5-rn=^Aj+uFgX+=tM6Rd~51YxM!*7Dp@II zSsvzZXYxXQB(PWLU!+-ys7QF+I?T}id%ZnwDLwfI9;X2aJ`Oovthcs>4JslpL-ea$riqOS)ngL2Zwm^>U&;oZg6HK& zEVNBG2(3;>+4osq`OWqxA7NA(Z9kt+-ZVlddb)38P|Ugp?B~>P=i(YlmO!FlR5ar z3cdLD`>Fru*O?DRU2jifmS-#a?pS}L`rScYDDQ7_QL?Gx51kYoGMudxW@~9rC*Q%Z zW3rtIBUB6f*_a=0kWSyYLbzosHo8ebZ1p9H-X$V8$62thO<+Li{R!!D?r%+>{qHmK zHChtJ;=p#}!O0|H)qTEj)+B4?Lq!}^iDU$`<<8K9)R4udR1FabAvN%J@nyiV+ZRYY z-&uHCJ&aq$Yt25(XZ5gXKO5=6PloeOcrmwWUtzi)tD?VhtYeD-%b+`sR%~JkJLWCG zOSPYrLw;_g>Dx|-KlF?aZ-)B_mukr~%S9z@El@@7j*_FUjYc1}Q4pc`tB-ND>O_E8 zqb!~mB*Vsuvl$cT}29y6)?eazvYxOkF?cu6Vq95@>sBjMw2Y1 z8VusZn5$O#+wsUr_B($QJU2wpK@*`ELNfyT{ke2_THp5gN>9Fp#<2WhPV3%!$-ShK zHFOMPr&EQxG~96*gO^v7=GVb168=M%<+@rd~H;g)$C$w5_tt9*$`GqiS?x3zDJo*RYbod+(y^Q6-vO1+;&8@`? z%Y$E`_=NMqzO(dqQe8bK&!bkE{b$#qlwTjuLbzv)jBGk}gN(-|r1C(DlIlbBesZ)> zd?i8)oEiZ9VF&Edos8$<*`6}hO%)R%Mo}_7#}lw-V8vIGMdl$NkS(-UvT4@UFUmP$g*J|(C${lE9So- zCvF-Fnz=M3VEcTG2e;bcE#zkeql4!@fuvrt7@LneXTC5!TY(!ssppq75K%VYHaU&u z>1m48#;XNa2|khn3+y|FvEAVw1<;aiHNvUutR`3q^t5qx>HL9eng1Ol%yr2f#xQG)ha zoZHf}6lzc1vC0J(vgWs*q@J%p!>K59RXvZWlLO?26#eVmA6GtbeT%VJ=|;XhG}s^I zPwH^+Lm~^_=#Ub)xn;(WIWNI=(9J%9*JVX7E7~Z(64|Q5C1AO8&6JGw*4N=@(~%Uo zJ{~JT5+Q|ooqSPZ=VhdVtO$Km+gEVElj~O}=Lybat98VHbs@BjxHZ?Iq5DX)csiX0 z-q7*}_$IaJkBcmg(RII)F|vG)z=>QPL0mJ`5>Iy&5v!`UWVW$%AxcX_&qE@QE~@w* z-jw%cYxmt&YSMyezoO$}zQvZ^2x(fqDDxTNsxu`ezVE9|@SlicX7xvnF5bZK48X|a zH==K7r6;X_@>34ebIDfd24b8rAN|y%SfWQP9u5%5FPO2J8@qcW$P;n|lZ3HG8Ym=h z@ThtGe*hCe?7vU*UK?d8ui%3D9sj&%B<`uQn#yznl9g0r&VK(?B}6MShXbgfB3S%@ z`iQ8=N!D%f4koVVnYXSeCD~7CV0I@rQf6=_V~f^Mq9)*I@nJ({X=P6Y9!z9@c3JnQ z3}9uf^6!-@^$X}iM9iV)Yee8trG~jryfeZMWWc7loBq^xtuc+ql<{)J)w2RjC6_WtD_BgC z>v8IOy?AjM*;JW=eyihmDOChb+~tedtUa{9%`* zEEuU8bg0R89hyl3Sm*F7-(?N-F-N zRvaqJmRW9pgsPC=qE8t8_OKVLr6}Dhm-6A6z$IZ)JyfP6wz-pRoqKf>pWjyxvyjUF zD|EW^;C;V)Bw-BTnye+ixx{1Y_tU=cm?9iDzcY{LV@Do=niN3>v_v&3Qo#;i1PG+o z&Zs@|3aZ#FGI_`F&mmVT%|uO${TrK}c0XzL^*+LAhov~}q3zFiW?3gz7DQu;3{xyP{IIVP2V|4W6Sflg3xAvFgyQWPYA1x++ zOu0vgodks3kKw|Ex%L%0BeKHziw{D^6EZm1Dy(ry9v%~coc5%m@lxrJoUZ5j-FtL& z+I`ALk!B~v;6(R7YacxfYT=81*15Nn?E9 z>Cn|`n2DNLgNE)`&H1rYkXxGABy~Uo{^?RB`I^kM=|r8nSORMs+Wc5F0aBY3INoTz8KljoC9 z2UM&t%#l(4T#K=7$nH5#LF*;fC%&l~LZ%GoVBpyk#cI+_MkC2sC>2{pR>kF(1p?5G z9PF>C9QR6H`7tng?wB^oKC@EsS;UFXIcA&PCcbua!Kw-h*5Se zyw%+Z204?!jn&)5>M-MYuLabwuKj@l3_>snH~Bw0K8C8$j!0p+z*0-J)k37~FuzD) zT3C>ecfhQ5m1Ogc4=p3}`}W3Y7U$3(K1TBXPw+4%ir;%s*^du%!i-~6d7yD>?M%pv zf<@3xHk)S4D1`6v7d3DTaX6ReeNj;_VO^q4@ui|NvQs)BH}QGI2FQg23#o(l}o;@ zRVf4<@DUO)ZQoaOefmIyv(ba>ax-X`3)z4*B7<7vU7_m667A<`h zhiw>m40kF2iyoqU@?XINL2@@m!q69j=bLz#hF&rIQUiX=u}n{Ejlcb7=TGC`e5 z!(eL>vH0d7B9bD1u5`FMj1N$td#Oz|OHZKHYcbHxa7Jf#$V~1!mEK+56s^8+8@GMO z2-B^Mb=D=?klRVh>jKcAyU!&%wy@YwL>C-L&vc)%iG1Ze(6{x)wd4bz%rbjkG*&Kf z%|j~H2}ESVz~VrbqWj?{s@XQICgP(O|KLL&<<74+G>$3@bU&z=@cJkO;JO}k-_nh0 zkb3cg80fOr&e6Y^OPcj)C`^^{1^9V})RmMAxL^n84KP2J@q@y|??2kx_m{<=PMApt zDTB~i?FKc~he%fJ?)4TW9nglEL>VG}BMpP;LF@>xRtY!eM5fmDzcVhRl_WGny_ZCg z^89>5IT6X#mef=OsaM}c;zt8?(=`FwV2W5eowHlRaB^G@Qyf7HaW!Bt2immUnRFWR zy(D|?)zhlKgAc6+9ArP{d$9>K*V>9_Bh3N*AuFe!l*72sP>~%5xNMO06FJ4V-yAq8Xm(@swXApF zMW4mKtn_?+gPV_>Mw6Z&X=p#V)9FF-nbdG!0nu&IWu0o1|U-)fb!d^G!2SA0g#^LQ9oyG{p0 zz#_>V8!Trx*6~2b+?WCa$Jg^>4Cn~N{KEZ~hh*su6Y$oYepK4Eg{&2)*ZstwP5s_n z-$_^)86NY;rK#yFdk@IUP!R!U&MwMOg) zRv`O#h{Tsz=2EkMks9FPZmu%mj@}XL0!4QtR-{W}4`K8lwA7F7C%f(X3egEh_&@?Y z2~v}bQ+ePMv!Ie6Uz9U^ActC7ttwUL%+OI>8i`_L;B7e{>fqk3EY{rzSQXp{O6~I^ za3Tl&dyvtzD7n)NqBDAmG3kp&z(Qf(uEu@pk?}o=#V&8h&v4DXlvEMn+c~^ zXHh7?Dj&(F^c0iIeemN4OspEO2B2C=Z1>anP$VNJ)NsSx?DA;I79*0;blm3RrrS{g#CM4y&XrJmie3fS+R|Q9` z*d#g@^~kcqR+pQS`?Dbvy*`aqiZOs^pQ1<3sCuDPHO7lpip(?o_-E##@1O(_Sk zI)c}zN8yDLdO+eAAtbcw-lglwbhkmzCA+jRlCm6C)FQzDc^D}rNx%KulIiYO6eL@h z`OLvw5diD2JyT9Y_KI-j=oNuOYnVHVk1(XOllqMUCJI_|8z9BeJq9jlr|j{voXXnhL{%rmw!Cgn);bzahNgD`oOl#a^&h3}W^$r?((r|8>P>`?R%iM)y zbb|s>W;w4M32=Y7bZBK&{RM5Y9t!vPwFD9q#EFLmnW#ahz7cVsicXfMfT=_g4l@$1 zevGajo3-^Ny>$h54?(VLC}TY`OOuIQW8hExoS8<#qIoOG$(wMHE65X-^PQSUn^i=D zAx5kE>-p;H%j=%iMT>Y(B%9DerhG!i7u&k_K5Rl9_Pjy$*Q#3;nM7U%bhKz*usnE0 z2xe8eo8E7LnFFx%k3g0W6Lit>E%?SvN2SBzy8&69f$xH+Go~UflANPmCur4uk;p|4 zG=C2a0JOQ?1N>xv74LMB<;?ku-bFGTrG$NszX{l7uF7p?ov>>A_f^v1a=|Ehkw#D+ z;7wOAochZGxqIQ&%UY|1%g_F{l|d3;Y}RBKze@o)!U(>g07-iC4Oiyl&gCO~8CkL=P5YwvcxClW>-DX;?116tB&nhJ4bq@b2aJ zep>~+V5ndhU0Kv$z=9gvZPr5XuRZ3iWviHX;A)jlS!=?F#gEJV1AIF zi&AnLfjwc&0`A^+k19y$O0iK-a$!k=)}><_Uid?=FCxA#EK2Cx7F15c8VJ)718(g# zE<*Nrb7nRNqcN>r>SfJaRF}ZkaYE$`XOyJO7i%7Pf_O~Fqfs4^6r(^QhT1ei;xA*_ zp{_f0BY>zg<3_{aJ}5&7uMfRWlz}5$MYt|9%NYUz+Y`O_3egm+8I?}hR>a2jBx8NI z`Ah&>Ns@;bis^8nos(_>K!gr8aACr_1XS68L8vOx^cGHFX7WJUTnS3qa2=uZP}&!{ zWl;A89I6Li>`wT#PfuJW_OqdN{i*hD8Xh+$HqT8p8r;@OlXqy=>-XTnYFu~le+R2Q z8LI8R#5wD08SIJn_h=?1pMf=$)rA3Tv;L5Vo%SD4%Su3x9WIZTtKKk$P0MS{kwuhwqiSRBY>$zee5T1Y}k%UyS$ zlrkCylQKa776dIoH&<2%tzS@q5W8h+szoMGy*$;UKd(r6Fe5$}z6yW&2FX4HlaI`j zDR6SE=m0=oD%#PyJGcK!z0rKjb;w~{7SvVPqu9dU;ub=JJlyOivfz)tt2g(UDUNWD zQF4sKW=DfjK$u0|e2g$<{isH~6dkp^WxX_r_mbO*VMq%q9 zZ)cg?8wyq~4_nyz6(J$XdX`JznEqUhIPgv&kp|SeqmweLG}+Qr5GYFi|;VD zIx0eXU}w=O9%Eu2B(ci2C-ITJN4*ZiiArk64)I;eS%|I2C)@r)!pe;3grF_Guh_Eix#YWh|FM6CMm_)Dp^{Xr-D-9t61@bC@ zWULYbq(&9=uKe@>Zb4kMQm!+-PQ5l8$OTbgIn~HQY&um#+8J4^z`<<;4SW%4ZIn_0 z2hWmSV+zO2*hnsX2^+es2X4%w6|O6yN~Z{e*AApcSPl)bx{yQ#1h^-b7iQlm+R73L zxBN?2Ft|CD%;>w*S5r|sYq6{Cv>uT!r=PSzQjquk-OG$kL$qOfF<|eG0%f?d7jt57A4K@}i$jE8mu(whCth-5HA2Z+tVF;ahukGn_>5 zL)ftYL-mI>n+J2!y{bwaW$98+wD&ueOYfsRYvAUb@njGYq0d~HHvp6SmIFYN^&t>Q zs&AoptpX(wbnv!^QsZ*%=!&IXCO-hSkG7p$146XNQuIGl&qJ910}oavV=a=g8Siqre~qSU2Oc;oeUDcc*`~Vg!iA zOc`8D_kW#Wr$rR?aU3b?f@1Hqt5zEk0>uecQqUS9N{-^4#^-RZcy3)@mS#n7cRI)c z2Oy3XNvieo%$Q$nD+V=^sA`yWv*H+7#ZEn%UBk{rTj~frrp4^REuEZ|r`>*azSfFnx?Z<$8_3he3m@gZm24JP1o~eOt{j1zw1&YEyf-nL4mzkfZ*wYO; zJg?SnqhW!3P;<}xRGscw`$XS4*JUt5ZbiWb**uCc&po$5 z@Yzy=K-~;wcQUR*4bUlZW*Hi1`Ee1nELz&xTl%VyQQ*+A&JwihKrF|5y{XOe==pR^ z6ibg&fNwf-hU^GD!Uojy7`G8{d!UIn*^Oxmu&noEHn#G5|39UC2Ou#F3e8D5DJx`< zy%2EP^K{aKO7LJ=U|IXh{CDgsgdGcpf^VpwEWd>ZUAGT@yiJNbUYy^Gql$zpzbF)e zn9mx2MtvCJwmNO(=-J2)xa6(-x}FZOuc!-31g$ROrF;pEC$Q~~g!sJ;jsTsTQDXlN~YbRX(`RHxlN148QR)jL9P|eiXuo@y}n234? z8i-xXIhr;&2Z( zQm?Qfjr%2uKVn{H?OYT2OAbw>E^YV!w@-`Ws5j#-E{!%3R@UmG6)nN83w-#-FQf zWVvyRkVUh>FD~q0w|3&h{%iZv){`staA1DV2B`3#ghuM^4#{uDyhxcNN1gwT(I*q0 zy<7*fg>J3*v_ev7+Z=jl(3)?8j`IOr@@}P!Tr*aS9rXA?b(`i0k(|~~RF(QlB?#)xlX$ZkDtz~E;$*1lzr?xHH zIKe*b&dHOa3k33dlAl{Mf5^6r64iHo{WfbJ$6S<5Uk-*IF_|a!E$Rv;5Vj0^Yr=Z0 z|9|Y2^u~mOU}Sa>P?bNdNlDHm5|%Sg%|Q_f)8y|wkRNow7ho{@bph?hKy(m}?Axtx zrYoOd1UKrw2XVt%#}odEiC81m4gh^1DFXyKKwZ=&z;>Od0$BA-W9$qcWPz!;V-TLS zj{|)aTJQm?;Prw)e`m$1WkvFL9*&hp&udJ~)oD^}1=bSDM)|0gj*ACCLxSeNHpo^@ za6ma!2q~pA9bRQ|dFucu)zZh{s`Xxkk1W|UtWwE2$)hpuqUhh~$ooK7Xg(8ZEzv=G zxZIt{${`Ruy=|L9U~H;@+j7}MAttXPuq@Lg4kxd^x3>O$ubb>#tU94Tm+OGYbH={d zMH01fR=9}C90zWp3vF7hxHhP*)nUf>GbYXr>wvnwLI^o9 zyX;p=4D7j#R`h95u#J(mZEyR>;*{Bgh04_=9X`IpGO4z%>9vK)k=M zv09x3T;zqF!N77_n^AU-Jb3h~na-NxOp{|mdrlR?>({C5%ZoNg-6B_{52EworKoKl zp_msS2*;LY4BU+RjX~+LM~rpkA9OQ?zkA*e!ZDjD6-wppIxA>yBLDkQ=5Jb5D(m*4 zQW%|dkOEUBRZI}XUGgJrlp3Wb)&w)#8OAfvZly%V99#WK!3YedHNGT@ma;QV`wI?EZv@U!U#V3FhF?7Kb*AXXX!EjVQ7JjI8L5VAZ7CCT%L z+MVITsxH8y*(zX6?WRP@vvTa!$-|Bmd3G8H8;i$9Z%532sSc^lzT?5W0WEw7JUzx( z2yymEb~nu^Xm%aB1avBLD(VPz@x9lERhcp1C#x%^f5J1v|h+3lLBP0kc6xCh&87%Z3%*J9mmZlOL=J)cH2H{PMdR>tSQ_{@p5E<47E|=zUdvv`=5)ZS zbEkDR=|oxQYmLNqP@SQXrav{st?xO&qMR_^@t_s=BKJlpr8gb1Av)v*m|n_rsM;ly zdmUMM?#2hqTECP60$%Ht41I6r8P}^8}y4UT|#J zYq3MfOoz;xiuZrY1>6!f2tZI~ZqYxPSS|h2d5{{1Q5;DR1S1=L1N6TxKN9DVqQ_|- zo#-NY&sibD3pB5cHcLrI3M0?m;EqcsF_W7xq=}skQn2qR()uJhX3L!?_zT8~zTa#O z3(8w^N$nTPin2y;H8GH@qcqXJ{4x}pQ0k?QvesDy#(^<)x@ot-EF#CBfl|zDrwd~p zrAD|O=Ycj;!iOZDH8SKO(WqXggO(qlQ64<%tD<3#?#=dVaMi66$?=D~ys(ikGob`P z)Amw?MBW+&fVtwL*4nov#r#^AgrQoYFWw>0)v@HP3$Q)%ZS-AAg;yglQBYTG2JW{R zT<+kDxh3;f1=cj)-KIVyfs-hTd9kwsJ+gC zgo$kkAUJdhQ1!@2W0Gbx4pLB;XmD3zay8~R^)HE6-8+L){t6t~X~vyofQ5JE)G-)D zy1fI&$sXp27;IB9 zUMX(^h}RC>2=x5J#mQXJeX`Fv(d(J8BAU(*@U>WOxQKaN3dMR)ZLAj^cV%^-8rr}B z(I(mGUDp4Abya{^+z77g&nbhjhEYuYYq$Oh6hlg)2t3zLZ2l6rA+1zHu0U-fjb&Hm z!^Y^0#j){pHU3qngv~-|@w=WuzBqW{=KnoMT`JT@%d=%GfUj8VK`#rquY|Yt%Z#q$-Jj4W2b2nEk3kSeT?@IjGAw&$z7UN<){ZT;*A&C zhNet=O^98Vhj&cu!CS3jFTucmqU-vDKF{dN4zqysSo?u!U$x*i8U`s|+6F8>cROb9 z_IaFM8Iiw6V|jwO^=mt)S5ktd@qh2`YLkXluNqFHNp|s;nH#~qUXlD zpC~qyXjlP)8!~ioC@KT!!z^90a^!Qi79+vl6i%s$o7{#DQ^LN7XN!VZbNgqvj1zxV zD?CnAjjO#N!2787YCU);E#%01r+ z$B49wMi6hdoW(u)4u%itAWG>Ql>s&EaOGV~tpOZ1$2y1|^q+$cJ?2PM!0jl!Ro6mv zvi%)6@zkpQC{AbF%!`2{Ux^1qsP?f)P(zeFF1Z^6h79w1C}J2dXl~1DeG;Jt!q){q zc_M7^MH{Lna8X+S$Rt6x19=(z`#JIURP!l>yk5y5p$(WU-&_zKp9Vj?_fn>7RJ8T( zGfIZ5Z#TZmq>4Ik*racHhNjn*y+wLRv< z`)$h`D8~eNt3W(y&K)iKX+w-UsK;+dfP)Q#yY=;Yg^TL3}UzW&VIVpVO<9nE_YPJV#|bwz%P`S3>2jGt;Iq1(rYmTe5?j-F$zO z;b^PKG4FEm(mGrTryScHp|6_hm0vL+VLD{Vm4Y%+psVc4$D7+T3Tka-b2ImLDfP=$+Q z3xe64Xzo`El|qj2Wf2c-+vwumYEddZn4yqi+V5s&8K;BhjOfaAO%8TH(rwW6|peV5EH{j=?VK z>!H8mTtBGi8kSt>TC=H-i7u`}-T}ybK(TPu znjP+3{jlQJoph*cvsqc4G`&rd#*yqU5(=szg;2p8M@q5foahM!u#*TmNwJUj*>W`L2{AuHeMgM z*u9GW!C5^0!`xMok#$y#1C0Vrm)^nI0ZTzB8f z?Y55fV{>xE<8UV3r7bBI^eGjSBoEhPa@C#1xAgA`vXtDHB@9x$#^?tl_7vWpB8D#@ z{&ZKJWy25_Syk#rizGHtrBYC$$yw?h7BUx4g*;2tles(rc5Dr8e5}uW`V~U+CQRN|=LHA1l*11@agNR{CT~a1lufmOv=Su2;=*Rag3w#}jc?&}Gh* zPM30(NZ}B24w0=iCDeDxibhEu0d+vU>M{Abmvh1}%X8+ykh(fBODLXDd4dGg+Ry~O4mGVW4b-$+sH6j%;VKV}x_1}qK|$GOf+5g9m0-T=8V zj_!WG+r+GqE1(}%+7tzW9k9t6kvY&sj%OweveI9o=KpwH?xQ#iksND zmHSgfadnF(7`UX3V!(a}p8)U>ahUCaz)MHPD(p2i^o;jjyb4*TnR%t2r5d{juI!`% z1HT0Ethp#K&-#F|Z6vXV&2AoL>ImqIvB)9Pt5my&xkJZ5c4?ndn0|5RQ2y{z^-V*3wv|GWF&gxZ(N!z(@5Il>87F;JRg@2nyo-|u~a zSg`!eL_9d~4b(H8C*Ru}_PY$Z%;rP~NUw?pvN?O;*;(*mBFWDdU>!?t8qsy2^sB&1 z7Ofra&ocguZc_C`(Oa&G)yZ*>(WYNk$q&yT*>6Ee2t3S zijc_QCN&s9)2%27S}-eCq#Q+0Q?hZ^Xx4`@4xbO@T4d(dq;dIMPHZL+)$Ui4cjGfe z3mv6M5(M&oF@tf2Ef^&nr2VXAXaiy&Ybe`M)5{}(JTxnQwviw6c8|x?l>Na=3z2|1 zRns$}j_sNtgI5Fh0LffJz5H^HLq0Yt?o30#FVXa7vreJjW8GYMEAI){_DxOs)5=WK zgf1cpyh#r9G=WeWEj=Sx_*ms?J3zY&n^P43`E}>Q;Moq#koF4hfzLkpzk{b_-a!xZ zzJb8;$=~jT)FXl5pIl#2XA4*Pm5Ii)z@{f1@(7g0tzoM)iu>AwvHk?@w?*(_Avb}R zd{ky84#V8Om68*f$(Im)`z2PC1RlSXEsKT+qkMQzb3o|aGs)zdOKLif3uaEnnfrg&bm||J$&{X zIroZoFBU(yy;2{xyxqD_^eV3(}!J znHas2_uXR-=Fxx&-LR<#oGpC;rX{K2%^{JG%Mb@?^Zm@&u2cT+j!K<6On*VG{Ei}8 z1YFZ<3lu}#^Jww){MsGG7VtsMWUHc27(p!3LsG4-n=A#;nT}KBJ~DA(n$I@pScnWX z>r)vaNa!&kAcJ%Okw6t$%2xC;uGsT(H37T~J~T5V>#vCXeKV#62hc$>wrMg@%f}~w zS2b5)FgVho_H9UTmc>}(U&a#c;0I(_42&hJ8t=?J&Xt;sgnhZai9RofaD;8Qh4&&p zvndRxI!^tWS6KO5L?|x6SUN$X(6jg?9nNyn>h0iU4Ww2^SeCVn-e~5jkD;q`y)t}u zwMnMlth(6fjiIcsUqi4s-}X*vetm@!v4q128VAn1Jj^DpI}>O`jXHdr3UeGV1WLSjjT<`7seHwU z*DV>>!G{3P$+U%8QFDJ!khb~WZ4(IsOJuZI_94is#wip<)Z7tHY#-UI!rxJ=~8bKu0Kk${V3m_5p;imBsck5;J>Y+L!LZ1$Q~gc!BUJ=e-iDs;!~ zzu58@#>lsI?fkq#xFm$^IEFyTfA}aC6S`+=%4lRUHLAKfM`b*JEJ>jU>D#=+%K6!yCD8OClki z9yKjdIi@m%AUl<$d$hnI7f2&fns8rJ5hGBd?Q3+a_q2*1>^>pCOST>N=)0=wJ?xy+$`T_QY5 zZ=oUTURq(izGEy*qV~{z0j#A$8v37YUcS~vdl4{tEX4Ej2+*4&@^Ce%>WcUJA~3?P ztE_EGOi5p+GWA4pU^&f@XP5+R07b01$@ovSG(BAv81Lin)lso0 z&Cqu>)BoMM>M*Pp9qK&qq)QzC;N*^gK>Es&dma5Y3Y4K~K*=PT{*9KN$x8S;Qg#GK z!GhJv$#ny{5aRlHvKNAGRt<&SBSG-+fm$rxS}c-TZqtm*vfiJ8js7G0)^zY`-J zpjWujyR6Mwcv2lLzXP8i7>r}nTU-^OD}(tJJZlJPH;in;E~7P4coxHNmR;Vy%~0Fg z?Ea}0{~lol&lR6RDW8 zI97^2xbR8K*B^^en}zFsI7uv6MqJ0DFs!12(Bc!LgvIbm#tQ0v9bQSO-ah~tle`E9 zAw&MtDC5hy_iFV`s02+2_^&*bs|BHIUO3Njbz$H(IgaPk!MnA>&XO!M)-?)kqZX1Un@$jbzT z;h~8Y)kK&4zynRB?Rtzij-k2BHjsm9rm3j#c~*Uja+FpYE_QM6v4k5kIN*O}S61Uu zRqSC0!n*<$eC4eC!s@iTshgxVyjqlsS>RW+F+cfzy`;N@2uJxV(@oyI)Q=b;_#yr; z+Grruj9Z?CA(}Hxwv3{4+DOD%FQlmS5W}AOlT-i6EHKrgYphZ#QwkA2uXHL=Q$s%b zPDP==_v(rX25+%WmS}snTo;WsM^ITT2kHsSqaiPd@RBN)dF)mfnZ{;agVgJw|D-^w z%Qw|k(yuwTQ}oj+L{U z^vCPnzWpE83y3CLoEG;QCUo_ozXh0rRbqqJ?5tBT&i zM|U?#Zkk!p>?nv}1_x#;P=|JDO*MSA3yp{|BkuNUer#R)uGGD}W0?XuCcNI{WqUnJ zi*=Kfqkf1W3z5Rn#Dh9fD@${x?66T$SUw#uBEpNGwS9wl)UCt-y4%>T~ z#T=rX8zkJIiU=C)pexxzcz?32d_N@8Xf;GinN&-cLVw`$h2iyiuNS~~bF zxDV>MAN*`5v0kMGh}o+dbNy zi<+T9ktgFt24EEIRuf!Pk1xRo3oqlgo!3Wlxb3E@!Crbz+-GWGnf~}pCcuYXfoUY! zCjz3zmR48ey8?N2NQE=2hOZFaMVMq`6RtgbU6w43+@H+T&zK8EXtFqA&*^5YK*Yo5 zy0FqOAorxzEr3n(vbep3jIGH#4{IDG8<&bZ1Sf!z;hpnQ|)am_Ja}dqBtujUQdz>#}&BZn?IvJbh(3~ zMc{^iv*VC8n&m(XNU;Y65aKfpZ6i-y3?>K4W0-twt@MT7P!ZaA?*oeDH5!_yQOBhI``S55 z1caKDfun!U;BQI0%~Ykj!3j}bnaw-~Ch_CO-$!-I?Hmu+g*(!?&bIF>P_7VKgX!f> zp{4j46I634bTE(5`Tm`ALn!*EM7G!R#M%_-Z>Gt110wj?-G7z!jE%Qz4OmG|;iX}n zt_(0THCNHR${i@J>{i*+N(O4Y{Y?X}tCOdAhu^&?u*tr!lMS?yNrh$#K%*!l>6h^q zw+M!*dAGz#xC&XwWfgR1rFx(&dV=AABgpTA?D^&JUs3h*%E6K4jw^p2D#M2r ztL(!~zWHg&(6uP_jFI-(mrylD4^ls@3$(*3z`g0;nW|6(uD-8MM+L1M4}~Nfdf(sYAkgmC*cUAQoRQ%7Gwng6*S}Rp z-!0=1Sr2&7hTh?cW2_cX7wEySE8FhALsggBjH18wEg-+v1cpi;}QI`o6+0tY~ViQu8eEi9{w-V9Uzgtb!H)LpCwh!)#C`l+pC&z8_+ZN`vA<>C52N?u+juu90B5C`!PTfqx7t#+4ITfzUcsbPLP!|%+y$1W zR&CZkM2#|0tmE%axhj~f{LVE|wUi!OAMDK@kYga8P;Sq>Q zUwq#SYzEP!l+)DA-i-&@0El#YF2mxb?_K@HU@`Pf^kizHW4MR@A!~%0V-2>y2o>Qh zwOB3+B;|1R^RZwS52Ym+l>qbNcTQNM)B(zjAqW6u?sysZhbFDYzb@}{Q;{%^E zx;eW~&T)1G3sdA>Ch7!A0=T^iL)&lc>T~Dv(!X60`+sV62%niCzegcv*Qwca3c(}9 zK+O*82hY!2wr#icE#c{96y#EGii#}B8;MSC|0BC%rtw!iO?ni8eVlUyqSB!|M9Ig_ zvXx=YTN$D$i_1@wA0~Ypbs?8z2t&-?qqh({yYr8j!~6F7C@}_{-QduO@evFBLEq!k z#GOZ6HzFG*^mmgbXE$aCp{Ha9_J2u7%8?i>`~uF26a%z!iaf02quWlU?5yazB2}cG zQu3utn&%4Z_ci`kOZMUguU_sUCj}V~CTiKW@5@EN=yUg?McOoy5g+e3I-O58(Np+y z5J$scWDSF8^uISci8+T7C5Rk@&K7Hh3#Qojhrl;+wid#OQ6aq`s2+_x=O=32Yi%i# zx_3Vp7^TPxgbVf6O}z%c)jXjJMa_GeoM0Yi@`?6~npK;xy?ri~3*IJTI+kqcx->sL z%fy;KFrJktz()+-FbaD<&Y+i~r9-7?+QX?&L-_b6QNHmbJ`LPG6kt%5_kH{;?9J!y zeX57pf~yzL*}gvSwSL-sSVZ5F2x5$f1|kKu|IqnqnrKg=RfP8`p*~*wna%}TecsyI zq`a*=AyQscvB+IqSdMKdUGP(|=`%kSyzz-GSA+_u6)krC+sSukKJhf_)K+^f^R!Ih z%OPXhRlcWume+|@=KW8Co;*)~MyA5`AFjng43FJ4YY#7PsI+*zqOKH1UseS%>XxQ7 z=AmCq{_I*N@|02Nk($YfWg;G>(b0pENk<|jbVKvyw~GQp-%dGc2E`!z>qg3!AHoqV zrJCfE+XPqlG;l#_SB+e(Xa-WF(PA&T_7q3K1#Ig@E@4tBuNwF5DEKVQtS~qs2{tNl zHj2u0359yFDV7;!Qf-DlqDiQOCFx}DBZK4-Ize5=E5N3!x)*eCzfo$5$M$CRZV)Vi zD{^-t$tyLcGyB)0`3ALrVJA3^gB;RB1C#Oa*^1Yn>=ASz<5l(fy-@?ae`J+<-u|d0 zbY9Us|Gj~@`ojD^Ph;d&T$4*%j_kAKz6cC~PV#N+Jd59XCg!&dwd&0pMO_&FmJ!Sh zOw|@tElwg;k(kV*qZ`$;6Jx%vXz~84nH(^tG}-7YZI{EC%?7qD8k6%2UE~tr5?WH% zfw5v1LF7SiN2=&-lx6xYjctfCFQq5GEiPn7(Yk{0#JQ$D7!@Y`_C~9u=Jbf8tN(Kr z0}4DkW+fnh(Th6-Zr8WdTe2t=;>p!UkQnj0|cU>L(1zHn%da|QKn(iwkvGXNqAL?Oz~oa zNQC69;b@%VR`Dg2fM|F6o;KPt*14-C!P9J?ei9Eo>`(Vf)L)!C*x+G=euYQeJD$)v z-3yf^#ULsBKM|A)j4UE_UQL7?6^Fnv=(E~i+pd;_p3(R3BE+Mq;)pfpysD8dcxST2 zX#lv_xhxz*)#NfYUa(~}5*hq@gA~_`qOG$Z-cU&bc|5@$%w=9wzV4!I`DL&wb>!!} z&$;a!zU?aHwuU7!vK3fsqljAc_3W*0owNgQ8&^mJYl6y_^ z5(+kl1Gmv0kbsd1Z4OK=(2im^eszjhqDAY3*+tVPu-QtwLRX$5ky;_xSAocFML_OE z@jji}_%pLE(P{3F=<{+iAg${CE6JrYMOqepOdQ4aQq_KEh2Gsu|37UbLwO)Y!hzG> zJ!jgST_?PwxM&|Qpwj7Lx$+IrQI@4s(Dg$i;Y5YFHc|j;NIFGy{vsFzDPw_?g?8Z5 z$ENm!kt0$#<<_CIxAJArLK{{~)@0Cnz8i<%bQE;Dn*B1y`;`JwSMdA`XWJV|(^?yBr+j4lX2nnM z?RA|#RM$zu1^$_qlN&*(w1zpL3xbhsf4aVSe-a#=(PbWF(L`g>kr6VILVQW zF{#c`EtMBp0}Yxbz04GOUcl8(|JK_lnbesClU*6-7wA=GVbi&YHFk)!7P!RW+Rir_ zj}tUc^ytyjL`lC-l)KOgt$*Yuh3~65v0*pLJZ~3Wo`4dBL4n9-IUyrC0&=6wF8E0J z$k|PpG}6P-%?&QP$b5LLd)o4GLrgYz?WJfye8l$%KmQM!FS7Tmqp&>P4x5p|_xJ=_ zl%qiDMS%%|<+c(6P)}Dosx@rv=HCcvMz&Y=q&sB(Q@tJ|?f0UfMruE{!4SwZ^YkOc z+yKKh7fg~6>vcJzdne(vB2v(>RC9U9c5D0lf6{2Y!KZ-g=e*mQ!8j;Bhrv;%clkZx z8K)WG9YAi3OTD{`yX;UFadfLqlN1-~feq#aE zb`sWhP~c0Dy8g{nByl=Sa(0PSJavwCoXcQb9@a9$0 z!)Bh=Ay2A8m^w+LqKl%gT}X|;S8Z>bJSiJvl38bIV0dC(r%B3*m;>uWZvD(B$Y$@b zD9UH6=o-Tt0p&C$FY{-_wE~sLdKFK32m@(+B>>|;YN{=9PjE>(dm4-PdizwYsg{PR z2U^%VdeE~>sO zS3<;#4qU_!`ukb4iyp4TJ_y6@3{JfxfrVId;F^!fF(dn(g5T-K*@RO0%rY#dMz00U zikXy3Q>l;~14P`)w$NIpd6HqYUKFFjl+#?}dY)LfS(v|OOQuvT#<`7{j=BLU6P7#B z^%4E}pLGTwKcY8!@n(GW@Mc$bZ{voS5hZSXCF5nSD{%B7F!j*z;}yv=SW_CX=IK~& z1}$CGY{+enzrn0*JAqIXEC_Zy1=_B58-UuCh;I^!3ScfQ!+PgOO(UK%1=dM|vW!0# zNUE?7(t`k@rDMn}DBh!!C@VzH)x3sB0*IPGS%;O*&BFfZZZ7J5VtpV!5|>b^P4a2N z&!Ai@{lrSofyt%JZbr!Bi_B(e6o%{Dv9=ozU45z7`&eTr@S-Lfl4_fTyhG!g^7>I+ z&}VM+f2Hff$Jm_;gDF=zlt*k=DTD+UCIK;{oL{7{j$cS}_pC!aEl!~qkblTNg1`m~ z$6#=@EBnBw8bUX;$V4|%AP+%u{y9?2*)5J6*udzok{}2y=!U>Y+{d9QtUNp9R84$D zYPVIP83)czZEBeP{^8ZFGJy|*ZOFe?!HgBDKr^?io=i5N9&m7W;Nt@OgSFw|Ib!$o zXTpbky*;cIcif=NCM~=vn;1xThNqP(PGmw>tDtxOiKPN1?3jmv@!H9`(lfCWb_zxp z1;78cAsOnMJPaPmd?M#Rj=MGXlU$tR7}fGqwacJk`{7$Bp{+MwL1!xs2C)0#gSD<@z+Nae`tcqu>JHT5TLiA@@s6*8J@7b({K~CYM~z96yhs(8+Q-+bQ>I z;?1?s%Sm*{`;Z~u`-Kqv5uP77L937^MF#U@8%8Nbg2E#C2F1~Y@a(b}{~TNd{yjy( zaaKs1W(U=i5Veg7LaQ}~{r9gJdYJ1qWG?5RRVVps1Ozop7zLx)wd0h`@o*|g z7jzl_*e86sm-BEE+Dn6%MhHWl&9$~>*!5N7jH7sw7EHF(Ah16ZQf7PQOIY&3pE_eN z^6e5PuO-Fu?^Q3ST=>yFWUPn-&XLxZ?D3tbYLk(0#1~0v8f&_4mVq!Qjts-|zR3P) zpPYyr1{#7D?tqODcuFFTIy!ny`PF_=BC+(gn7OpS4NBhyssk>UW%^ea2-4-8QKWA0 zY0twj5YMKFVo@?=PH;B7I2F`-`x=!cH*YAQ3&Hx@ZTNGF_Xz+BC;G$f6g2rAn;-r- z#fQLCASAE22@tz!Ppa<2U{8JF_3-EKbC34TW%ttA%grRY(eWpTJ(ug_cZ{#72R;Bt z78b=@x~wQ-UgT{P(MX+{H0L?Ria!F3}Trb9RR%;8lyGaxPqq18lN2! z^w0D?>uz9QRiK<2l*QUa%R_*LQ@=!CU>x(_ys<1ncU3eLfY$|nzRE8YI2%9h5y?(= zjZXz1yEk-~ODA20ZKCRtPe{KnN)KzK?|oGACRx`&Spdi|QUE$K+Fv_ZuV4n9m4J{Q zVdlXzBj*@?>gm-)%i^%K4bh5|GJQ%Gh_sX29JLG;`;&GYSCof#fSc`)+3LnJjCE6J zRKvWhLgCpDohT^JgzsFrLurCeK~XPWpk*D91B0(+(+ z=RA-W>)xLywdq>%0{jdaK3hW#)tZf5e6>TRVc$>M*SMj;L-l~E!gf6N#O)hsE*Q>N zM(`Hw_PE80yoo=x|5)8A$2Xke0ZVujHFV7}0;&zV^EJc@zLu1ho|G&ozGWsjOEsH% ztucu++JSHIv_LkjbtfE{&~1M%(FDUz7TwObH)LpyE_yma1=cGBUAmn9XYq7y*uMQa$GGpDN6ECXE^b;T7>A z29cL84~%UEp0N12!eH2hB3=IQ=!qrIxrA$Nf6_ciM2yyGm=QfSdFEsM1e9=0bwOyr zHIXE%h!?QnRBmD;3+mbb?aDe$(~Zfs)NYR0{G0^@l|HhIVTOF|*@7xoB48lUOL;xs z5`D5zJY1g&m-TjFk?shUFd3D&P-xC|K1WeRyQ!1vqlwY;E+l~}K|FYazcy@l*#?VL z*NMhEF{RHKL{Yu*ItqKf{8Ld^bJ=N zj_Xb#sZJ}cvD9pm_Umf<6L8f%s*Z)Kq#khBz|!w%of6GNzZ={noeRF?AA8phryk>r z(uoiO&0s~Pq~@9cn!XGYqo2vt4-Y`0CG^?AS~+C~5b5z$-)WozczJ##jm0 z{>(3hkjTOd?!0W24`RN=O^Im1k8h}cq2qsEc6vd5K<|yVv{{a)mDtdcuM)P$j;ryd zF_WM}O7%3cr_|_t(NaY>3Y_RGb|tt!JHJn~%b~0r4ALela`>}IMJCNtqa*x9j3t|i6-@nPSa~Q)>a9ie-tKiu&fiE(ic^4+zItlSgyOoMIvq(Fc6C&jJ zjm&S!mw67?tzvy`z_AUQ`R3*9!7M>Ei|aO#<2cqM#YOuNgvvXU{>d&KekUk0e<}g+ zq$}6u=;p9bU#9`grd>ARVq&%@sTa>tqK0~1^`xs;F{7WFfo*CnqF{g|kDKncQ0W-) zLTHo?khNBeEEO^W@wgnncg%&F)RKBy3# z?dwcYK+25)1D)^=(#1d1Fl3;O#R|bX7}TAvyu+!O#u=)yHbcuO%oUGpPW0ECc^x)L zF_OspuN~hnwtn74O(jY$)5dCkcuCODmCvo*Q7H^)X{tZdylUtqzcpL=(PFb@3pKo` zwR@g{kAWhb1H250u6(i9=HWsQG*BE0>Q10EpZG9tu6(}X9`PVmkCqZSld3O6_La#W zV7WET`B09VB|^V}=C*{O_1Ky(e`LE#1}v+iKoGI=cf*YGU)!0u(~{%F&{>Ca-*y7^ z>L!!?%_|u^!RnyHAeHU|rhrF2DxxAfBSooz4gOB#1I_r6jk3%vj*tLaBx_0pa+|9LHWxc>u=ocKi5)%*F*?< zjY~WEkq13BkpK<-O2s(N8}g9huJD=2d_Sn~-xbG|u*Ym9SZkEkQ(u$)&#T&FB|1!I ze1uv1Gk=7o72rh?Tm0abu0mac(l{_@wTH7klBVbH}YjZ1c7~Ku$sKS^iK`sF$QN#vuloIDE{8=|75z zm6v5%mU@-8s{4{(iMmVvV4Ry)o3b@N1w6xm>^u@-9J1~@Gn-qVG#5+E7f2vS8w7K6 zn)8d0)1ft+|ISTkH5Oa+dI2b))U_PZ z^z2S?$%3!?Z?~1m2L&wu?U%7U?ITpWz@Unq=kAV0CD;um$+Jra%|F-tcN&UxkJZ>s$Y&s?sqk!9q2!nqT!y=B>_$sE2o%pWDrY)hVzUB7u+7 z7Z@!=^KhqI>^UmHTksX~r8W!USPY@FSBRMQ#pgG_WX$py3N`G;9_u2}fFIIQ?N(zW zFdz0H2gjzHJXAK~kEC(M`%hzo&6Zz(@A}*bj;(k5qFh;JExNGK6K=_Hr@{&ETu)8$ zX$naBk=8SR_qw%UcY=%lJD@{b;m|z%ieofBV4G<=&zA7rd+6#=u)NJA+5HbZZWj&p z#40Hadr<)0Q#pI|f990%-648zCm0Be8IG?BAROvr`5BfB6mB~o8G5SU#!riotH#?h z*RO2MMPXA)o#IT2fhn%LwYfe7`C`vrtU<$4U!0O3MnNTVu}Ea#_M-KW^pKlga2cD_ zDQ3DwuSCW7hGT?dufbgMEzdrGv%-aU!)cfTsx$zy|Ii=Y(Ld3b$99n9<7LfvB zc8kYpiF)GG=HFO2h@Qw-B;8IOox=IYD!k){4Pxp+?E<2kGcVVuNSKo~F0taoNDKcr zo$^a+*q568Ou!Dei_w3{-bank)C7am@L>pIMatk3xj3W6BXYujHajPBFsmt%2*ZOM zeG6TTwWSpXT~DhEDM6-4D9aEk;5|CiGT^Z%2a9VK+ZVR@hTIWQAW<#D7bqPO{6tuL}YYv1l4X zp4OR{@-RK-J_Flmo8>NeZ<#p~$}yg}T)p?Vb;V6wz;X3YkX^=&9lZJ6vp!vH1xudqp`!PtNq)t6y2iFR zr-=H_BS5J9&S*X0Y9;dR31Ei%5WfZ~&ve!1YrA}}THcvo0t!#%Zl5qocLBMvtCY~$ z^HGdSU=rE0RXA=6hmTyk95|-0kV*Teka)CVc6%qgNFr3pEmYdfd~+y#$d4kw%9I2~ zq|E*9wn520WD5Aa^({OzFV>*SKC$5txTKXRJw<~{lc(uu*`o&eIg?{tn*!+lXs53? zFb&WXl8Fe8a>r}7Tk&4Do)yJ7ebFm3DOnb(*?6*}aZo+c-x`sCk?FW2v zhWVv5WIN!DVYT)hft(0|M+5FcF_Rn_pOsBbtjt~i7Da*nue9LXSZVmX$s0AcsvJvZ zBDf+goEE1$TUKDD0*l+V3ua&TPHbwP09KBiWo{>HYW z6fQ+<;70Y((XDnPv%H*h!cQtsu8iuP{o+WHeVLi4L^-J1{oYRpS;a{;r{%ko zmVtv}`q;!8NrZ36hvUa+YSk=i8qkTu_-ee$|3GtTm+|ulJ)b(C4F4$v)vn66CKn~+ zM>(w8fQehY=Vr21ig>l=ms;#rUL5rkD3F}kCMO_#T&0s7xx{k=Sy zljFC?F~Zf_nf!39@ERN_lFtujFzA<8*K<~KbYh%KCD%n6B=4gQfuOVq=F}gmU54Av zv!s?qnhspNS1tL8l)r5}Z~6CbnW@di#mb0!Q;ah*e%of7VK$QyzM}9)Uo|J4-dtf^ zRXv(cbpD-=@NHeZ>tO?}(f|N~luLyQWDB7uy-PAVV9lX3ery?J6)4jn=fWT7$CKUk zCuv`JpmDfP;;A$Ce6j!|nvTe9c622;`~waQU+xqHN!w!A{WHicS(<%V#N^#?xg3^R zEX#?W-v zJG<}H1pGc*?~T2zZU8Y6Yt^yDoF3#B=GF`CE(IXza$xgjGFssLpzxvgu2J^E1%fL#hR6kj3VD%N+gWaftC_GFf)xk zRmW0D1SMj?!OKd4mXD!~0r{%)9FjS(J9F7bc$J}|Ze4jS`3{AohTq*n2L~uPh{L#C zzSBp@EyI$|%}o^pH5Nl7WG6hzgsHGV-qGBa(a^oFIKvRoEfd%0h#2z$m*{Sb+IB|f zjABchyPU|E$AL1w7_~aYiU`hA;^Lu3JynR9`G1Tr_E2VNR=Kmyn`fK13$Ur$k!nnxK!A^yApt`^s_snvr1mIxIf1c zoB(+lxt-WO3XO-c4H(10rz9dOp7)>i?%awC4KjKr1Jz+P$ndP} z8Xo-PG?>N}`Y`+YVbM^hBzvGG+3LI}pymO8U4|ajH_T{YfaKKZu^dq#KDF^R`4Xag z)682sbX9G9^CtfGKSl~+hOaUKU_kgYnWJ&KP%9HKN7NnGYaTce1SoHuWXv=~E!hjq zWV?U<0LG%W-n~((_`=EJFlu?OEQ=5ZqR9yfjMhs^(>u(WcCFv{8Wh`Wqo1!;r1DsP zH;N+i0$qCQiy!c6-Ag;$(74%?ND7T2VadpYRsDxzmreILT&PFv`gS@HWVLTK9{Js{V#6dd>T{5YH*A#e0Q*d##5j86-xZ!Be`jmm|`N8vt< znpOGXad(lyDN1<2!~DpzbvEn6jJ{$|cI{dQiVU&4+5*xUxF0>UYkG>ei!RkZj|%IhfEjQg4c_OO z*i5aItqV%h22`27F@RZj-5;%(;u?YK=hSf9Ogk(Fs%&A9%sNSXOd`eGJ2!^hItD;S z{7R-0fsmT`ZUuakIpOJEFW248Pbsjr7~GDg-Rb_eC6Z-$1nXKxQr@zCuLI59ntHqR zGg@IVnm&KC9`cAw+E374-tA!)=f-iYQDvfP=BD%V<4lw!3s>v*Joe95F=tKODqTor zP6X3kyFdQ2xG)ZbixV3E`@8MK6-o+x!{fXvxrwekz0}F#WL~)YU>uq3pGC! zgO)sIX;+?6g)P-eU^3H|+^Pmr(-^`wIXNQuMD#A@7jDI6lVTk`P&}54J88JYuF!9m zif_^8LCzfsJ*RzVPWzEfJ_!v0ppfj<)mJIK#A|OvtZ%WGBUjmv$#G1^o=iw&uGaHL z(|Q%5TLt+#wj3c~#^wD%Nqj>D)78O7Iw**uieb_`_8?Cw+z-ubn$7jNFSS`vPEm&W zeN}=IhX#$mQrQVYt0^Ff3NIqY$25VE0Z9maEH~%=#l?1_7%J+EQOg*r_UP1V^LOWQxb5Tj( zfA{%V+nHNhNO;Bf023aluIDpE*;ltsaj^H9z>X3+b%>r4cZfDNfu|<9!5(ou^UEAaoH77OGvz7SGwKeHokR_UrdV zRqmD|v~+T5y5AJY!?i*nmpf`civ~UACbt4h9~3F9oODTomLiWrYZPX5nPLu_RC|u$f6@d7l&Ub{a$SjJ zO)hkyMhYKc|X& zLoSsSJ1-V*Q@B^p=*7t@kM=zX+<34kmP&UjL`^YovY?Dr=$Zs^jUT+h?>~UQ>Ga?S zEw3{34+5F?*SkDaWfGXco&4k(vQCsYt()Hav*Ep0X5R}{5-NmQ|0v;&N#W}m22hNWC>pX0d$(U$7R-MoS+0aHlGK@E4?g~ALf?*%2o6!044fqwcf$) zz)-C*cEAPq9@YZS%tFe-cHHmKG#eo?U(;odd;`VT?qIk$`VsN!uy5N<7gG`1M@KoOLSQc%wpUjn2 zT6oIvTl#0Xg>!L09`)JeoMGYE=;I!UhPU=wQGm^mFJk-&w`%l{36q9pXLIpf{TtVN~`Yl8wIB zVgJI`Pf(6T;{tG~NM|2<*jAoFv|9VYllKZ~3ZqQ5iuW9yyh6MvQMc2J1CN#%M%fZ2 zBl-Az7tu9ivlnkLRp*afhh%23XWcTwpN?k4RbW*mdc3sONHjI+H+zzE^LFaRT#6BD&n4*5%!PSkw{I3*=KOGgUJo@5Zj{YyqH4E%EGB&c_DTnsA z%PR|j;Gx|K1we-r4PSdRMm1fhQTi`r`G1V&W~9GQi43AXF{GLee0cX>p?4S39C-Jt;C61TYa{gv$AchxN zd`zp38Bqafz^>r0h*GGS$kgaMRhojrFzB^!-mncji#McnoJ!)E(ftZ#|0uUJPsjIG z$3s~ZcI2W3Q&%*tFv^+cM2BKJ|FzMSxZA>)2JG-)X@h|brQT<5A?h2MFt-@=96Y0^ z?pwNug?pg)ab%+2U?vReBlSvIl#;P+?- z%L*gO&km6*F{w)eGBKSg*pW$W3Qcfv!)fPOYzehr2gHw)vxRlO88EcBwLO4C%|<%` zA%X64{G&#ep?;3vb+N1>@Iz4k1d4VCN;Y}%1=!l7QX4cTj=h%1&nf=sdKT9*%M4)) zKk~<$OgxN~%D&hEK3EJ;9JB-MOD)LWKa*FlD4c+EbQr}PL1I-f!jbU?`|_l5DK0-x zZseL8sh@Y3yB8tQ@yf@;1}#M5Fib^fnm>v{O>lolW1<|pUMYk?h{m1|2_1&mKZss9B}zO+_a|I$#PxAx*jJvsOZ%}fs7Pl+1_Bh z4;~k;Hk|8CM-sE0wCYsN2j>ZGFXOqVE!5=wL!7YVc0$LvG6`31_VMaK!z!D_-c@AS z4Qo)dtgYeU_1k@2YvJ;;{M&aKeeKTM48H0-15f>6e9J6o@pg>&Gok4%3FERwI)^K?#xizBfq1nO-O;Eh2#ATu;NGo6>eT{jfQ%f#fpY7uztaSa(q%&i zaN@s;K5E_{f^!$?&T%g2Mz##<8zq{y8X~KQQ}VHV;M^2MuR$3IXm8O!XH1|)wY6j{ z>PCoj8L54lF}*!9Ly%0Tv@Z03#h_3yU1h?ML#d(=S_g9QQMQG4q4iL(soR)Y`i`*hKXnon(gDJJdC35 z6(&CsxpV&d5~C!gl1B7Md7GO+5hWvz)2js4|?UD9t7SVBq z2=JaEikTAlU)*Gge@80NiaAF-eDfGtkd)s}I%Fp9-s*b_dit&vW9iy?U7su6Ld!U? z*XMsRLSTQch8ck(d}NuBT>MTjC|-{2Dur(}lSt_{eh1;AYQh)TOT>P%c^~M#9pXs^ z2oKlnhwr3Q`9_tFX)5l-NIz<-=!rD4B*{kS;EIky87P@Dy0d((2dV5jXfw-~(L^dM zWQv=dA?+qI2YfM;_)shbgygg_twY_!(Xk+IxzSl`INV$_bEY!9@~gDUno7$^=&G^= z`9F%IAj^|a3BDqGh-q_{(Csb6Y^KWEF;6EA_jz5h3U)#fa$*#R{p3 zv-N)>SGNm|x*g8f_7<91a0b0Kidg_(Y`s^2%FQMRDxppfTuF858xlS&_ed^aKeAu8 zhBMjLx#ADTPt5%h6z37nnUEp&KL=dI%*-O2RPRT&aFaRjqzzUpoUMtMKX%h%hbNQ{ z_pQnGyZCOu%jDKUd4?;=Njg9ZwjSoReQ(xAs)$Jy8a4VXk`np zoy%5uD4^9woh0TmIBY*6`-#du=wH>R#2oRCk#{`9c~TAlCg7I&x-v3; z-Z*8^7^fRsUTx|HX6l;?QePF0OPewO+-~Q>L5_{)(P2B0nr4>%$KD;@oy~r+Q7pHN z3a- zYToL+<%xVmN(rV5pa1h>?vLLhaYzm$g52s%ARhTjpq5z!h+96%3Qi86PnLM!K!p%= z9%M&qbns^Qc0u9)v!m0|G${v>l;g~;s)G!3i5qF0kbLn>*?sKGLTiKp64YVjlHFv9Yf9sUA6(ccNTjb=x} zqX#fXcXA+CQq^jHY^Q0iCj7#UeR$E_HR?5P}vEZP3ljvD+QgOs>y!xIej zw_O&ldNTBd5WKL*h*f7Eo5~Zt!x~XetSDyK2RN@U%n%u$#3OSMG(;fp_%(DZUZyNWl8?KYa;(}+FClpyufo()?y(Q-`e;dt>FWG<{sl#m{Mt^bx zLdnZn@tYAbA62a1>aI1NWRGjnEavV-F;c6PTaU>Da)aQ^alYTnV^qO2Om$x-e zM#=#+DPLdtBd+BH5WveOJE;EbOf(w()`+<)*#9+O=%`VWJEZ-TY7ZXV?JyA5;6)Ie zpsBt3Lm_-f@zd3@u4@x?kUnx@`^a)_qptevc7b%u36U7zw6;HL9(GbKKWZGn6YPP{b6+|VSn2NQpj~oclbZ_HXLY? z1JqKAGiYeuy|b~aY`qbRy*?O;3pmp zOGaAAKw#R;Zq8gr?!-$G9#{p}*I`;7Ew|_3TIcKdld?TFE(Umo<0)%UGTvdGiZ&Vd zD&Kdiy8EP`ubrcUKC9evihl1X0p3HSYVk_0f2}9DMg+weCIPR#+s)iH@Z2(6DsC!y7uB6vAb6;=gT>*W% zmZj#aBi?l=ZkoA{h`u;{TkjWM8^MHyz4cXMt-TqTk_pO%HCy9XZ7W9hFgbNIyy-_j zZ)3oYwNeJ&oD^i|rKs2nLd^aeRoU=nyG;}pGIetSlU(|nsH+Gn|NRTN($HN$i3r30RMLHuzuBzIKrVjvU$+Kp zV*d&=b0NTa)LcyaZa(|9t}knmOk@*mr;4EtFhoiL(0>Cc8-_pay`jHB02$LS{H{Oy z0(QoKE1`F`6z_JAbAbB|8Xx+8bWP!)VR$9$Exj0R>C5V(a)ZnCl=2yxRM-{i#4P$$ zMN8L>g)$;NPN?!NGT26$%%<0yWz_15ts2Xp>GT3^+pA<-Tz6XCsL5X;A-q9pEQ-TM z2Uq)kXZU4pW_QhUN1{6d+)0IEJ9D`q*!4)A)zO;EX}sz~Md%wCuwxwpgwu3?O>Ccr zN_&W&&tnx7eWmS*LxVbXR&RIc@JKe0<`dAL-ZCb8^=UgfQal%8hmQrH1@}ZV5q_%s zN^{i>fL0OR!EiO&&iunJ9}V13HbsYGgoh$3}#qxph3T1opw-0YYe~N%4klYmK@@u8UyvEi=XRp$ypCp4^ip5&y-H0)s&H>BA1~J5b%GyMlaK8_wCDmnyKPSiJk{93LV|(d*d;_caol(#y zwJf`qVWRZfnO2G?$U*O#ecNa{@nZ^X7T*B`AKSFUzua~-j}Bk_aGt&mi=Gn`|7~xA zi~Y;96zWbn=elB2nZ86`^b9{5QqzwW^lJOEG8TfscLL2yL}OFW9&vq6Xu9XW{&o)O zm~Oqc+pU^LdR$xy1{Es2&*`R9hkeu(DE+VAXJQ}TB&H2*JR%b&;Jiy7(!k-y9IHmV z>A`s=XUSMOgsutysUtQDjzcrf3PCxTHak`lF-Qntz2}omV!`YO{|uhRYv(K#&fumi zkh**bJzEyx>`L#87(Gyi35?7%812b7!YMFzBW)yq3O~j>sb?MS^hmHtq?@QMVHJ@2 zo;+7yTs(4GO93-uE1_e6__i$%DJqLsVqsGb)t}*W;+Ou*G{RQCmnZz z;^Z~mqK?hB%9}_N7t?Ol$QR-+9Ht!59(z2q7W`cE?w9|;VEc+1Yf{$Z+uPzPunm>3 zp*-~isE^5Y&cav(EqNwNw#J*fu3WP2CHhNx1}>|h>)Dbz5>MTb9OfPGEeKip{9ERB z=2c^+bNcZyDd0=rt6VwKGlBa7<|es}3g$On)kD{@D+!pUiRqLMD1P3!s`6a|N((xD z6G-^P65$k$b&DNN!Pl#d0y;b?Sh;cm*ZF0&Lz!iHx^z{zk%2?)e#L9I@l!3TDsH5* zfJ@+~1OBIwb15Yv_Z+gHXBU!F8bfT*7EOr+stmj)9RB%nIZc4u(JQ7C(v@1q)p0Tv z5;xd#<K)i{2d9RcRpLi7vv5$jKLf(n|8X}{J30I0_93DOpLuz z2N`~e3+dn}i5>Al3|FZkEcFbMZgG$=y=j(zXa7`);RLJMAo6S$$YMCZqIrBR}rCvnI%q29--0X;;vpq%hP z?T1`om&*-Fv&*Xv^YI32BGPRBOKFh;+eZDqo$ccSyt<7xz{?!$`t~IQpOVi=?CDytB@0Qq{B`L5Dse zqQWUi94{hlP)OoW8LmOrT+IDii^%LcQ+hCsW!8No^ZMVw`?k)r6t7j2?axex>dj6h zL#UYTk~)(SDr&ZpH)Vx-vAQ!)K0)v|NPS+L7l`oXICeYZb`1`Z`uTIX~2Kv*GLF$19!qoDWB=f5GjBiU3vHj7p* zl0bz(ulx|SolBJK_#{qIsZG_?*Kvn^%ph3db$q(u!XAv$^F0KqHnQi;4tMD;z1~O$ zls7ajP426>&!(@3na*&3ul0URtMAtThAxC(@mN88Nv9yYXh}lC|m1Fe)flk?oT8s%%+; zflw#4pB~q~N!wu1OgPoGv1LYD%5cw;(o(;qYGvY&)9|EzVpX2i^jTDqa&9zGfi{xc zVku>OHxgMHTEM+DUc6%uQaGvVmCoYNcWW|hlKw;cUO5nAst6dK7;w-kdSuKSDd%l+}R-bQzL(Sovpzr=^ubIs3bb#Wece15d<1X!MIFY^*%;_ zfIXu1JCV0%loa(+_ulT|<%coQmeNHwf~XM*&i0v|4|LM^^wteXRO~*dOI0gbPcKP2 z9^V`#AMdUzx91ArJI@|*VcGw$`5y_(LO%8)bf!1@bd8IclFijw8HE{OW9@ z*KIZ~7f!K9w>LXdYd2_Im}&LiPUwV;m;l*e6^WuXkU=!EPGu*Rl4YxKJDdfGDROt} z38PWZxEta$89mlp6`iYYj<#>xJ>El&Q|6bS{;ts~U$Vc`JqhtEWbI2<49 ziO4{Yui@)HG%eUK&ryNsENV*+l5|dAjHsN(UgqHlm86e=z1{{VLj1smq%^5ZW|kgO zWR=wRWt^_ApM%*?3pyp+$&mj-rGb(I$h+iT3E$v^wTrK$TDH86=s^Z5OJ+JQ*3N4{ zsHePlbK*j^&l+fyJHzHN@$tOLmPL7bjYmZN7hrtqw4>@}CA~288m_r+PK ztV)*IARG*Q!0FuwjvgZw9=ZF2FVe1%8F4{Kpn%O46xX)ofWrypA zC_ugT8jS{Kg5t-b01H6$zwU?G?So0sQ$xmPjy}1nyBnjw+~qk6+SER|4AH5z?4F+w z>=VYXmWF6*uFRM1jamMBta*mk=j!Oj1*KTcO{VNRd>pH)5s?m;s%xuA-NxW4`bW;% z1<46`5OnO53=&Upz}+H-7s&&WO`OUucKP`jtQ*TRUX+yySK&XnqV{i!%KEBWHYbSK zShfx{spjOoQ{=#tzBQ-A?JX)|$3Omp;b)0oJchL>xDtbGU(HV|*#mt5)I5C=;&LI%s!$Rc1w;G3!3L1jtt0Ie5TaK7 zdB6IJC`pBi??;+ma@A5I)}&cHBL0taVrbL%lS9scd&XV&OCdFKUtnD0Ox?gt8Y!rc1#!VfJ%2^oI}{Qx#ea0wag&qO=pPpXfVlyZ$V)pDB60C z6vlR;3m1{8|K9&`BE`5*i z>KQWKZNVweUtTd7hGtyj9-Lf2s%AkkyO(?8h?Nh)`Cx#WCRar6%#B39e?RSxJm8^p zkt7aCZ)G3ub_c0YKJNd%sPcFKE+8S;Zu(=i zH{6lg@m;)(+8z*_oeGY=_kV^Rooz+4n}@0i9Eg;d5ka-37w0aWzW{&6xg=<1V}STd zOwru~#a0Z;ODKFWZ6FzRvhx z+4A2DUXnClKTg96^S0UkBu2WL9pFl~9L$VZl8Ti&zNP4( zSGG)DQ})#7QO6dupF6MFjSY@P+x>XsJp7K4@g9#+CE}30*r6}_+zFS`(^F&gb2}G{ zA#iwU#RStOx}n5%X9OhQ%|n;xE)33$)WJ62>`nXhSLV?j24Mo zk5TnAI9BGw!$?M=?hQDdFxSUSoMvUAn?Fi*+Kf8XVPz>wXxu{Z#u${KFsw;tv6h^GPgd2# zD~ED2xghsA42?(Lp+5+Y9Y7c1q13r4I0q<*5ZYALOQQkjcq4}|QZrS=xAD6@dI(ij zHVbb7YqCH|Ko7Ja)rn9`)M_-^{~6c&&(~iq!1AbsjO%OIFB~C_y&Xuzf(J)oRB_Db zLv+mb9->C_6VDpx-z+9S$PnBN_*`OM6l#gi5}iU9 zt#`A9qg9Fu)4FIgZutf`s<8^}0)PQ~Yx8Q&$2y&_Y)JY?YJqUxAPT@h#8l=SmLAXS zo^4}<%zLP~1)!4!+|&>tfHInvS<3rQ<;oEKO7P@-bnEQZ-rfRT>Hi7#bVS*{zrqpp zy)jhuXdK=JQ9G!9fxc)$Piz(D#~EZ4nO7c=jXi;E5Kjv=v7ds(kfRqi@(0k#s>3gn zLDu7K^M+)oU~Qf#DHvRND+D|hzsP3Gg4^isW-uK1L8O~QZDc{cL8UDll{`-D2eySTy#11b0EHb|r9CrT7v;goGC@o@L+=Y&%X z#Wc(4apkz5wNnrs2;z7pEj+}nup|n3ud6H|szyRJaWJ?Wt#i{6^0Y@Vo5DC|q?QL* zT;NLksM%Wet_IYoD;UJN8sCt}o|eb#DQ28oS|U?!uA)w}O6h!oT<@#e!3su0sH9bM zI55FxvUVd$?y0)iMa@8_O$Ag!+hm~0Mj-I`X`djM+b$wvSLUL3_{$~5|FSZTVZ%`7 z5!5e!LAQkAQ)hhwk$w5cp{)3$<>q)GJlm&O^oUjHY~fjyX>a_z z7p4{RnYPJABsSK4(kT>g9ne)UyY%q$(@mfROe*s}TmV$W+Z!10(uvHRbq5CsX+m;% z(U?Le3fEsTzw1D~J_CIdY6;+(fqZOKQ0D0Oy*clX^`kTqU>FQ2T>pX52qM@Vx3v;CMfa{l@P%2`g!^9gAc!7=VY*Ed&;k`X z-1EMM^f(K>T>D$u#*x~9xdTpqeXHhkr?Bc3S+8C`Q0#peTh$=xx%jOIXhcoLa%WA$< z2(X~Tx;MZqGZ&OiEs=EJP06&NCVYmWCQ3Y4uu+I2U+3eZ9FtlNXjf23sSxDSuQOY243alx=K>;Sj)a7%f<C5C)A@VQGewQa}Hk)5f; z(-hq2M6_?aZK{*@54<}(jCl`Q5?850kpzwsFH5*pGQ_4>Tn#2 ztcp|9qZY=af{1KDv^SY)xtA88D7M)`>0ori1{^G&NOV5I=zmTgeAn)j)}v>NOC^!0 zLwd8s2EOla0M!J)k#`Lm@3Bre)v$vIsqT`NNtLJOb@o(K)Y>X$0Q*s)T-1ag0|cGe z)!U1H-@=o{8s2HdBGLVjS(Weh9w|p70s5k8BTm8(<-vx%EI-7x29wUKD|ndi&c%@o zY3TZf>E6(-T~Mqk9^Fq|B$&zf;0e>|mBve32zTK`fqEwnq&K?4O{Bat9%AkNM@|QFj7zOM!&i>4Ilh+bTl|1(ZlE`6<6hI?0G5 zlHh!~$YhWkQgJS!PDBwnEw|aW1F8o~&t3-FTn`Mw-RYV;N?ljM{Ngwbn|QPBv=1*% zk^O9P)t<=6XPCgdVyI30R2T8MwOZ~zxHjf5JOjaL(z9btB*kS^k z<^ocHSEa=HeNvk1tMtlAA7E!Px1ZsdE@L%_Ez+PTFIsd_3)2X2gkez+VwFOsh_yoM z^~9_>GCM~}R3Ez%e`6+^3K*;o=}?t^2Xb*$D^iDvdPX@}^8_xbOjEY)_Ry~;T9Lli zJfQ`N2yLB140K1>q1Cn5Q{$H3LPy0T(l)c5HfcBAHBnFT#qbF3=mJRdtEzjW$6Ukh zeB&IPIOmImxWleUqa?5sC&^dUpR9)OkoMEQGv7!{(Y1AnvT@ON4klLELAjqfM!X|= z7XJl1E>1u~%a$njP8>*z65aN~>9Ihip>YKD2Lx;xCW@kHt7%9$py}GsNSgPaV}QRV zW{8T}H%cKJqr9C>sjct~1Fr$5l0R5iWy^*9*`kYq4{;8{ecZjV%Mj)N)AS4Fs z==I)9n*1KK?w^cwt0$hM`XNDU=dy3*W=7DsXYC z=XG^!Ph};BTEhXe(tSUeUB*JVm>i!$0jI7CN9`jffs{ibf~jwLimh?$gJy=UNziEm zn3T^?5!Dygq_V#Y{yre0tCuGeEggWBR!dyoPvjVIr^SISN@EPi?6+tw4`IcJq$>5i z6s~u6-y~Xr{5z@-84Y3SCq=eCG#^y?H9igDCwwTcvoQ>=zDsdh2eyCY4|Hk5YZlAa zmhHHeq&JO>_H``Q8s0^gsUIXV@+njy{oAB_tX^g*D0!e5RN?DDPd%--HsnqP?renS zOMz!Dxpbhe6jO|Acvh&7B{2=@iKJ91T5ZS?0^Xpi-Xnub0vAaJaFu>4`fq7 zigTvwuJC#d@Dp0aJZTp(D`ry5d2<*I$XDBB!bDdCJxQHBb288iQO$T40UCab}cxrw=4(wu5)*fZ8-VZ`fsUfxPSoO ztT`rxd8JOkBR=T}=bFi#EvjV!+@Oa`#i5@U%=9Z=hL@6^LYB|O{Vl!FAt&o1!sXuD zj{2zY;uONoS5>|eMGGgSsJb<>l0#Xq95ifePEs%i6RbDMnr+1fo;JQVQv%xTp{tKL z5+v&3j+aBfw5DuiSiHrEq&045XT%ReAS?Fnsq%LHNQ&1(xs@(~d`uzII39v9_hVMnnQXxtE{|xj!v3bO}0Dl@HcuY?1-xZl^E6H=!U#g>z#^h z!eqS~&xHuAg>Zv4W+Fl)?5jJ0T5c+R(UPDnott8*{;+KC4LY5YZRgn9x*tTUN?41X zDRtRUkMbtD6`*tw-*LeJN7&pzZft?yCem^F={Ob*PEC8;6O1w5i-GVVeMW)`YD{=p z8+!Z;Tw}S?3vs(EDPPLng(V^G6YK)OS~|Y(IfeU0c{_MW0!@tOu%;u4QDU(O?Z=#a zzri(w&SVU8^7?%JY!}!uhq9sQ+t%@#sRR%BLp7Ovj9QFtJIS8Lw>(4pEQALcir1K0 zoqLb72_cO*vgUqqD5}ggSt6p|&8ocms!TH9M)T}^Dj@Js%&}zV>X?J+kLxhigf7wA zWHh}jm$4`A-H^jKkMTAO6bF+D&vbwg4+#z|AeD)ao)5eV{_{=w>wQl}5BUv^Vy(dL zj9xX1JsiLWCt@l%u=2oidjCh%dLRb1SicdFx`(B%kU~;F@CoZ=a=PNO6WNw!b1=cf zHdD6)mO;5OA~I0v`l=|jptFDGOsJe-kWIb3dQPW9iLwgtFCkGz0^|bCdNq5`zOKV# zzm*y6%LnBWB9@KQ=jg)NrTqUjMdSk`s<5lzs$c@7tK`%IN!_-+fj@L!Egf5e4g(@0 zY7*5)+r4x%Z%x}VAQAD1ttf;1AzBl^*!@eapD{~(Kr9k))MjwFr9bc zj0dFo;+Aaj=`=4u?YC7ix0FxFP&o<&WaptlhUAXlm}re|h!l9)1aF$xAjw{ZUAQHg zQp^$lD4NaZyDkLYmCg(wO)6#+S|geF8;_jhps8#!Yk1cm;fG?OqG(kuW(A}BT~(D^ zE<(Alc>VDIfgK!27T9{uOcNq=d(eaXlC_AO9u`Z0hSdpM2^+wPB~J%=a@OqzU*Jj^ zbD-oU29Pa!81{MhsK8gz+x}AcAQ1-@-b&}h{^@L~8VrgnQ^wuI(JPjFVE3{oiSa^H zIr%vmSruZG``Ww6IxUKKuMxni&$^ zBE*GZRZryPS$<;*fC~oq+86oIulS&>7SWtBAf{7?xCb#BR!C%XwuT9(GS-gEHIl-$7( z1+HGP^&8;2FN`}{MT-$GplOV*$Yg!d)dS^%oVdf3?@T8?Uo2pGA&-=xHlKw(GMmCt zm$zC+VuY-l182~@gj4n#St5!H2^83VjiY2s+W~vDmMqu`#X9556J;@QZ1)^;PkSg+IbCS1P6azE743c$+I^ zvCZ$MRtUvD?33JDHuRddt+knsROM-*cx5YdX~yWUp$dDbX>7-dviRyOo_QPL3A@>_tzq9qF&lnYegN zI<>lgcd#>1xuW0Z8`=j9io_e+`}3gEjf7J?Z5qn|kJjdZX$Qe%8U^(H3(8)AO%Fj-gte$eiiIGUGXew7cih4D zj4m5`p4HX-Mn&L6aGIQ9%=7P6re=W(BP5cxlqb;*B7l z>!Aq9n|sZ1)T?BQ-qmAljc_tD*ds;5;T&%DveG-sz}2s1;o-!>AnzRvSPZ}#ci)%OP-1mPP(z>vQDRU z=1;gB`oIVqCzZ6cw$9^oJLe03mz~)As!-1b`Z4f@3kX?nM%6>42<*AdfkDjJrq$=b z7P@89qE5;7lmY$hLlkPr$7IvdZ`hCc0CJb#{U*(;Mo21j;>O~f0#RiRhdz9M?^bz4 zSD^Lm!q)VuiuS`C9mdMf8;JQzt7|dR!gH}_hS}#TJ#9FU9iTx^S|i5GE;K@NL3sa& zb_|ZOi|e_IUMcIH1^9_i=4KLV9@#Cw_>k!jHxsRLP}&MvtEgtfO=ZYam}&mec+xX zaz1V`LVmi9hbkpBpJg?-O5(wP&%ud zhZk-ftKu+k;M;m{+6STPW4@DFuhI~+ZFR{>&NhdK#^}6GgQb>wWqAK36vz+b z3OKi!dmi-h@ncbT8<}{yyc)*MU6kl`|E$X(&DCzHKzhh_b#T}^E-QF536+eR zKFebg;GIQ7_D^Wj z$}PoS$!nGYEeNfGf2Z-#)uU99#NrvqJE0Kk{l#S!ql}iTsT%8K^Mdq<|LsFuqi&ew zIb1{o=ibn_!|tBB3O$zta_HT9!ad3QfaJ%O-+9$qBNQ5^035N)r4JOdEUHHG=6Vo+ z!*dv72&4-6HOv-)3D+TTD&@zYLwhh{=Me^!+o*rx-$~nf%Nb(t6k+*No3*+WoAxw_ zirk@OklDgXt-((;*s-pHECWA+b?JAUF2`Vb4BT<@295}sjo{*my;alnTW=_p6UTFP zV!odwoc!fik+|(xaKf5L!i6|Fe-P%2*~fovWehaqhabD_rG{7hqT|cCcg)M*qz%(v zO7&1WnspNWaV$ZMO8v58j~}PP)h-C4)Ebptw%&h+t&px_rErSN`9oT608Bu$zlOr* z2D@>}N&frmJli@Q4_fQ}9QpO{Xqt5z6Rrcd&h%)M4>cAbOqyYTS%2{SXaLv&gVt`M#0ek~zZ*JA zYP*TuR!n2?5gfnR!iMjsPI8)|uLORY*xOOu+|wZ&V4xbf6VUU(Z>d;gA4Vfre5v(cN z2DHE-DgGomyCY&oPOR64-L~RBIIW)fEvA)lg=N&-t8TK(`9Ewoi9rr__Jt%H;g3^C zmiIN0T}2B`TOLXr9+Iq$q9>5n`BF+FSpTQ-_2lZ$_fBzoc3;UT)(6y!M*e^-pC(Za zLmIZ~deCU_&oCSB(7cmwq=EN0Tvyg4hpV>4aeSpML+j@`&AwTTwBg#K_5NmU+eSx?5B3J2N4bns!d1i8A<>LrN+}J8i*@cVW z7Nns?QE+7Li9o7qiXvz{c!;3#ir9E1C$PgUqh~Xz27vppXFj*jYI15$+TdU% zt?p0?F4FoCr)Q$lzod`K=QGEn;ihaZoRHPqv8JNwGaQ1#jt?h{_qm*3t*MMS|Gswz zW;ORve;xgP3a+9VKP|>T0zi>pyq7nkEurV$U?|FIF7Xb7L=s})xC+axnDR60e?2R$ zngkbg>~`Q4P`^1LuIgR(=X_brL^_0b58G(-jeU55=tSHCwPc^=xd!W zgK&27GELaVtO&r@Yn5dRJ}3DPn~985|AuEWJ6&80Q@czn%&9+8xacb8L%lZ=w)rJp zEHYH`h2A-)?oE7?chNfm(pyb*`M3!kP>F+&M{M4|rDNd{Vk-$3K#)gT`|pNG24@H~4X_3hCHl z&d)}l(b?K=o3k6F*xy*|L5nY!+pdKKWlR^3>U-5Z$o1xXV~RTx39~F}sbrkik+YT? z0n#?1q4*~sm7Z}S+2$63&uxt~n}m6`C=6ghwDRF|pOw+gM`o=}daPchWXxzi#W17f zb*ke(^fnc=Z#Qx8lhb|UW-!vh^!aR=t}mKS1-3yk=^g4>;0lZY=&g?w3ijDuX##+? z9nq~8Mo6KVLKt&B{YRtl1Juh3Q06?{mb_N64wo}+<5S|)v z!?<%~WidPw>U9SHJr00jO}^=YH5=wHa@~UL>fwBv=(@XFa-oDDVH95AxjSzsfM=SK z)v;5a0#hNzsn0*B0aj7hbLISrS=R!y(wqaC5ej~8B$rlfTI}8;yJ7w1hl=o9a2ZAb zc%POK)4BwckTAwW^Ixa1%Hi67P`w2(tTK?&jUOyj%X(BH8i%de7kQm*T;;(*Ocg80 z=Q)M;Iq_Mz%d{KuJ{qWT7vY@s;!%r-)ry3B2=faUVSzAlw_#w@k>6oIy^D71Ngwch zyB#zc|B=hTN@}j>+tosH0@5Nf`6(Lx@MJX-+w{J~QU#*loi*E!Fgs754u!m3V?ZW~{|I&RKm+8ttjuhO; z1qN1l*|6L5wA%1$3NLq1AVF?#dC5VV@;MlYj)yXZS-_bBH5x%8bC0AW5BA?h2MHbp z42kxeNct52U#YZ+AwK&oi|$UP@+QV`iogFhV(s znc++=DK}?GG8~*pgUH(ERPV%wuj9fIsH@BCGq&t&Eq6C6_DJW^lNlH!^vgf0-|d4zU+7$wMdQu-WEdd0-S;#3kFavw%lIBT;=I^-c)*r^+;mx) zM$p?LVNK^wW5EG)Tp(PgxIR`5acn>WBvGv?aj6DR5aG6e1~4uy z^(A)K!*bZ(l6+WHBzyKiX`+d-V_%6a1L>J{ft}w?-*~ThudIsP0c7n-UL(D_8KYgL z%C6(9W>JyXpFaQY1)~qdqO8C{KN1Y$y_Hr_Q}oRZ9@4N)WwozmjNN;3hfK$!d62ja@jm~< zTmK;g<)6~w0~19Qulxawl1T@lbGwJ_tvx8!{*Kc_I$-9v7&kMC zodkFg&qqM78XMv^O(u0~fFh4=qWHbBB*KD6`rfmF&KP3va#K2nbnI>{tuHY60?F>|;jL>`?$e zCrTKXB1ahrBMV`7sS)=Hf~&T?3b3t`3r@vo;ly)M&NgG#cE&lGBvg$6j@>OIm1PI| z%M^^=x4F~Ps~H0RahF@;rd?37R;8gPBkQDf!ksTxtWQLt&*=C%qtkUVXxk$+RcPu+ zvXN^Js7K+C4i-{v0;`K2c>0o0WMVOT%V3u!U?{R$GQuMk$`+-jWsCz>st^NJfNiK& z9m?!{@4Xyr##P^)zA*&;H{V>rkAs{7D@*p=A0_FrO!V>iId#tDBWn?t5N8nD(!}T| zreKu^A?hi}+$i9W>lA&>G(=_^)xyc-_#o1;zmfUlev%@^o7aE3GRpuH%W!rEDdDi- zsVDM^T?`dc6pS?iI^9feZ9}ImC7%G`i=B}mb_6*-vYv$}WTb_+6n)v@>$ZAS?zPm9_I8+1Yr9j1yJ>COOa5_y<>4W*M5~=KBr$P0}mIaibK5>>A|wv znc{%Q3BVa8BWo%kdE@@V;+4PcE-_FcKJlRF-$K(L8uYy_!QB@>+=XN@Gq>$S1zphN zkq4s;B6_8%$$0Fq?A1sT9~|AY$WJGA~;C1XgJ zml$$JGkV%kIQ0qQz48XVFnvHm#a2+=%Q9(&0($G4>#Ct(SU(sJSAgdW=YO=mF~EcM zgOe4F82E$lz4e7d2vWe6WT^g!xy#x$rK;ofeFz<=I8Hces`G|)nyW;Sl_xd3L59>qIfQ8AL z!W~~eGtcCKZvMK40T|WQ;qLs;(~I(77_)gT#3fvbl~xxo2Y`E3rZPORyymSxE*#nP zP35M=->%=nh6fCYsPL-h+k5J!rvAByF48zw3N2^=8snR?NhpRI6ZXV33DO%G7N{ON z+xEtl^D36dJH@^TX8?(v&&iLkz63@(7XMJaQWJqbL+ zDP$`=Gw5EnpO5$_{knlPPhZSLu%}o7j1QmCqY9_aZ|Dd$-Mm!|z47=oPU??l5;a;i^*<6mfX8h}Jg zH-)W*b+T8`?c;akbbg27PZ1UqCR3SA0)Gp=J)Peesd6LkxX5|QV1CC=MzDv0p27T@ ziBCjDA#qm0mBifXO>F_G7f!V)n<0S1K&}Z7Vf! zSZZfG8aJzO5-k^l$0e2qXGiRDyO@A{rv#(k$#6n=I>>gS$F$*;^lY_>`)P=PL@%&` z^}GX7uX*Aj8Jdp6p$HoI@|qpJ6Xm9^Kq-;n+noV|L1g@AIt7xi>KwTrw){*8sUx%o z9ca?kp6THF+fB6aBopP zur0}9l$P(O`)16zv(7a`!4%X%4qe>=;_w%vj7I``FSic~hx~+BiXjM8=UH1EsyeF{ zq#^V588PvY`Zdk(2JG%;=v4G)GbHA^UP#}{F1=AxYa^_9rF{m7i&s=n^|?{ap9K8b zhl>iS%Fi4Dz5NF=M_8Ibx;_jxVu4J!g*i{=quP2iMP|{w3%-LT>S+M_To3c* z!8?It5QK6%4D<+yI2xF2S5wIL9)1l~r(hzkIwXj<0fsbu*a&g>R^$n z(zh-+oPG#jA$@zoE7Fegzh(&^7uB_~72d@cIT7EevSH4T1KMg*&5Q&AuXB ziZ9?3K-4q!P5(2?nnn7_4wSj7x{Xo7D)9*WCz&$VCmc`LM`69k;z8&78^RhaMZBse zaWFH26Jn9okLkRZEAP_lZ%a0n4W2w?boHJt%{FOoH#GeZMovvF)rh@}8%wHF4TmHb zvK=F!4sl(zlR9(J6anUN}A7XW*B{`0LStvBmM@+3EQ_tiZ z@lnz&o@puv2XYZAAU=u@<|LPjR(!jAdVc94EO$WgsQW-ZU(t7&V;|aQc4T>n3I(6w zot#+*paC`#w0q{z1Fx$bYdKP@{sKyDFW*2&C1gCKAqQ7H|5*GW^?}msJW`nQLfER2 zj{1H$9$FNZkbL=FNx~!A2Xa5YrNyTm_H1zlww3YZ4dW4m!W7h^*q>_AN4=NtNxZL^ z5XCmrpOw#IivoHY<*h#u0OW3!mq21%ZP?Ud={hHr44*8%`CzDd{nWr=GMwkzYJmBtdYdL%|sy3o=q(FjIJP{0s32f+0yC=&H1BsMrMA;5a)%mfr_w^5Z{wd-@$Pv?#^Xv4;IBK*-Eo=qL%5_@8pq_w+SEm{fO4!CQ*Ww0!aZlX9mw9u@Q1jBARY zb<^taN;(e%u$+PlK_;j0k(ig&JrW}m3#Z1?h|f=7l<<%!Xso2=AM{Gkl$RK` z-tQM`%?J4b@06kWQP8=<0uIbEJ2b3ysKX=17W=RrD<(B{C4+b-wU3U42vCX*#R52-D;EF@ zBBxQtPPuuQ7Hx!8$cICJIc^Exom-CyRHa(8bv5ucoXEWW;fKTKFYZ~%1kYAV{z~)4 zSE{}@Q}kXR;qyAp@!rSPAf%TRRc61;s>WvdD&a-dRuF7djotw z#!PFfUkzdx;a|Q?;jr%P(v#%a>}jyB>db-ly5F3)^gk&@oZ+XV3KcxU&@=F*<30QU zyysd_^CR|t@!nZD-uKqPCM~%Q&_m4ZR`S7@V2Qw>>3ad;(PQ}67t1;G(0}TNm%mDl zYEN{0iWVvelsCSVz}BJ~F?S4S%28s51k0~i!fW!CZj)!5qdjQ^n(Fs1TUfLow}=fs z`>e}q(|PSc_f`92H3L$sWP{!2m#FcD)*$d??SCT6Fs2Vuw;LUp*98(;Ona_h62f%d zz?&`gbj96%H~YVm=NkJUq})4tDDD;=N+ftpyM^1Z!Qgu1uzmN4Na`$?kp^ z_UFAsDs54_bN5aWuaT|PFJI2xK&gIU=N>G!eJ?JzJ^ka`)1)9ZQQ*+k7srl}@WCc= zX^Pr$msM!~AQ2Q>H%AV}9a$BZd>AX2FokACr41u@Vm9SN#|S9-Qgc>dSW_QXmlg=w zasWP`vJr=jLFG@GdDZwW{#A&F(qSn+Dy@!5VA(9p3on+c^4oS}dYZf&JC271I|gtT ziq%r^wOrMO`_|aA{;{PMhiGpB)0Awy((~G+d&*h59ll)p8&4|pl{nlfGu;r%3oiX! zGu5HDUe+H|`kouAg>2Q(R`|oyUe+f`6rg#%8fc8aiuy#=+!;mpOv-P$um%svrXzqk z@}gp5NWiC_GWcf~cM#AcK1*--zq0eY>n}7;)2XFQi%+n52ZvcRV}tqR%U+3-n#!yc zO5Sg)XSr{Y6KsT2F*JHM+sg)4I3Oj(j?w|S$qwPS{6M-WwI8efHtLZXUE4R~*O*>Y z^igKI?j~-0@wA!HWN3gt-_aF!p&7#tyX39^BV2@Uop2R=TDa@83Ik3n6-Y91(KZZ# zgX@JMY~`;KbGiu@YwX70YI2P|^dR8dmQqwqeg>k<`11K~SlvuGY%nOB>yC=!s5)KM zL6_&R;NfAcUyORX9Vp{J9ah%!#Cyd+-ct(q9e`6}?Jwv43843|*xx;R8^&Pv*kNi~ z8dmVpN6~DT&aQskuI?janp$;*F{wmcfQjLlb#h@T-S}Tk{+n`)&o!N10q{c@xehd6 z-jCo(e&&n#g8x}8gOtKz{u$WJ_v27Il5XAwrw)g*1$)t&zYqWZ+N6~nVj?^vU$Cbg z%NbXl3cNlzs@Jx`ygS9KYDkw=D&4F|7Z%>a6ar;X46@>JvFZynIzBaxWFul2MK&AA$n7B)gW1BhkRk235dC*KNx-!cP(oE!$EE)2oi z!6t_anN&^Y!r<@bS+;TSMk~~IW1ZTFzaWNp%c7d>h?lE_2h4)5HcG(sOcEJo25)auOFq%6Ypc zn;8xG8?p@*FnzbkF=QWBm&Wqu(sns5b+RaLqlumQuHn)Ya1J~Fkh*(AJoacN(oqsn zYMaQtvMaQhzu)wq4O`cE+NtxvX4T7;GFqSl40HjP;iQ?TwQDxU)HFTZ*ib6b`6z?n zVkQ{hUSM7gpa}#jJjXw>31y)q^!GdaIP)9NVj%G+6XqxQTQ}s?<@Mi@(rBxIHT-m8|`Ktb&=rBA1 zDWAK0Te)^7Gc-N4t9k6pEBtI+dCKjeU_SsIrU>N{o=ENK8N(&V0}uIJky*Pjd8W?c zT?tE%mVl-XcM({5heY~mv;@s+tTi#g`dt_6(7o^>Al58=cepw6lCtt)4o(-X_4|lROHUe2wS-2&fvt51#&SxVSqBk= zemF9a)%a*wbpLs~^8oQYy5Lx~vGoY`-8iiA0PtdPEm^+$AM}9sWjljQ(z$Np=lRIj zB=qn(-l1X+fi5BH)yVGe?E27k7KL{AL&y)~{VF~d+`raame{WTDDV2MG2Ap5 zyTT$1pIMQjJN;#4q$VSXIDuZPA|-%tBY-6|8yzIgI^o$N$wgO-M$h_=`=Sk(Mp%nRo{ER z`?VwIJ#!iwV=!uf;9UwilTrG|04Evld-r9y2-^60_iC(`DoEEorm+u(!4p~w+q&K* z&db=bN^av_>BIW3X@h{daODI_u$<0MyVRFhQpp`=(DR0i)$~l8G+*IBt;7SaPDbAW z&p!x`srj&qmBr@pIF~xEOe*fR`)o-?~^T+BBZntJC3Cf1QwkKzqGbO zrdwC(6rGD`gnlVcZyTqfmsjRjUi-rv6-eEHjYcGpzmhNNN|rwi9LtZBhnv#PUzxvX zDqVgJCDJq*dcN!)spvK*+7Uhc_iR3Fq@rp=5?)XW!d{1lUBGz?8~_VI^uPW@yC-T*qThJq zb7W?;o>bySJqRec4o9=sQQx^c&$!>dsMl^9L>EExarQ`$=!6gW0;~)sTX!-v?Q#q4 zBsOWqMRk^R!$k(t!x3(~RTbw+`5EB~?K%qTc)4WUv@HQ`K=AYcFq{DdXLCWSWKhQ7 z*7IKeKMN>B4s-FI&VDs5cX(?dinw^$KGYhcUyl21w5JSN81R&FpCGI}_}ycpZOgTj9IOZ;AIUx+Tsw}?`6x_ z&kao%OM8R8{c6_`KnAg0IWvq|EyU z*A43W;)j3PdSu9myR7xR8+7l)tkYg@WG=p4^g7>cP~%fw;`%Mc#mXus{b~xaY7Y== zO@fvuNU$nSR_>P6%)uQ6U7c!46?#iiqF6ZNe|)p@P*o<}G_4F|Tx%IbgOzc%w~&#l zNu}X^vOvw=(clNFp$)mxtWatN4+%(6M`B65s1+p52xD!38(wHX$<2o&lopMK&&60@ zt?$DYG9z%`glamY0xyG3#c}9KH4DL~z1UV`8rJ;tAFE(5U%#ZOu0p_C4|8~^W5sG^ zZzgafOVq%t?R$pCf)|IPA}>Mg$zB}nNXy;;NH#6XWssqZUfv~?rUxUyXc*zm@y;1R zVOcn=(Mpfaq*k6WEJ~1Rz5`%4Kz~}vwa6;vuL0~MSyY)SX~{wPc)k{dx)6-%2HBo+ zl;gAYgifu-rPTmF|42kwiZ`8-4Vwq_2-HS|3NX$QeQ2dW!UlLz!y@T%O5u7nYVc37 zVnU=eIUEYsjiMy)Y22}`{vs-4cbh%N4g_?*gU&Vs-sjKZK;Ot&U#H~IMO=sCi=@x! zL_xo67>?Igmi=@cDOnjFQ%{pt&#&~Y`yB)o?Nwia(yO*yK z^$Oj(DC|G$XlxsV3wj!OfGMq^Jd!Inm*`rt($39JTbCDdSl=s{?s!=11|)b+{YI2O zTV!(65?)KSL>cnaTs)xXwNMte!7Ei=Ih^5F^$)s)odM15s-6=~4VztU{klM-SYuR@ z8dNKgWl3aaUF}=#piue~wiy!i9Ao({Iay5K0u4C?qf$2AeuHPo_2aqCg$#y}3Wl^v zbTF;BG^DrTZH)fy=W|~s7zhww-tn?N79pDV8`^$(s`(WRkN2)>_Cae(o#<|lclH5vSTWgnODgPl+wurx!aY3YjD zl}b!d@?Ya!u2ccxnw!QmpNJ;-?XN&ba-%|Lq7Q<26y;q3zQKio=4Iwg=IwX@f%Z{; zgfngf%k?m2&Fd#(XZzs2YbY$TXdYZq@2TRM=#j$ivNH{v$`L{#P#C_xGifwn2 ze5LZ>fsg==FQVeugElfS|E#+1aU}ndv zO2Cga;F+q9#APy&=^Tc6;hZbd+u=9@?(biB;O@r=C^ug{=qHJ=vztgDz;k5Qv z_Omg=*7XO1#{CeBO!LS=kP+?cNAHB`1)y{oyei2c(Hxvc8Cb`||?DCJI@sBdLy=S+oQp~OsCn5kn6q}V@yD)xk4(!~Nm_^^L2 zL=?wNM0JFW|Bm55RCmQjlt$)AKpXAox&sNXRop zdzSY-Mn6zz`T(ja2(AfSnQJ-4QpiEqB`Lpvwpg#Y1d}fvgp38$tL7<^mXh z;9A}@2BF~{?)y{f!+W?8GBA4RTpsE*XU8s|T@t_wNlAZO{~l{$mBqtt7Kl8fX+;7A zq#a$;!UnardXK9PaQt%g<3wW5ozrf^Fg%IJ{lv*scPphqk`sH($Nt02ps_d_&=0)F z+2UEM0=roIPstP9dH{EnP6?~My^qe%?e`URc7Q-ksP>$+>*ME6i+TpXX$CP1Jzgok zjMyZJpAQMdZ%&IenT6RI(}^_g{^-~!gmaVh_Jd+xn(M`Y&SPzY?2h=oMZLt4DG+ zXMg}IqR@e8A;_Z0b{PFd=g^9AhZ<#%AxRMDykjD<^1<=^8tMgY#lJqLQcYfa;lv72 zL)6?|HS|S4^}2@XT3*`w;7D|B(GXz2zL(-v65f82T;V&5uoW zJLPs68oB#;1|oDNb4nm!l{|9|dfvSxbN=W9t}6~5p+I8IDTr^3@ra~rxY-XP?|{3p z#NMly$(cHMhwU1X0%N0#Vv2^2((ofdu|XUp85nFMZ_3%@CK4c<&ywilw78Um6{I+C zfYMcwf*``zQdptDoRb0`U8Uwetn0%0wo3vcw%rABo^@$bA;*%btE{Na_-|4@Zs%EW zv~Bt=t32xr-0%YFsSmyGeyi%aj$~E}r(AwYpsIbB7G+g7V&FmGNi&PQtr%WG0epd; z84sFBAM2bWB3p>iR*B(4qpjp-Tc*xK|BBK4qFRH~GS-zf2_Z(jCJta94FI^?)pn?$ zINmjdNzwI-$=1U$5REpMhC2Piv9|^NMm!W!loXsR7Bhr7fNYjhnx1+L9`XAqsLufm zBbg{Xj(!;f`2sJU4cS#%&P!FN&FDpm8C~WLQ*1J!Z|u?;3k5k6WGS#xP@tWk!yxJR z62+HnzQfaz(Gz;+d--bbUhGi|Af)4lk5d*Zttjpoh+W{sFG}J;B|#1;v0b*1iGD!=T5^nAHWAUhMxUgL)haBEvY>O{ zwRlb_wRgCT6eS(-#F41m^YCUZJ5N0Ah~B+d+b-JfI%2eZD&QDO{SH<0og#FPWNXNB zAmbRshX>$;xWD%GDXb}JWfmm7m3+oZU4#&)$8)?0v#9fB!@1x)=zI5oTUII(v1=gd zbLMWp@b4x}RmbO9JzPxY2+Kc;Qyi4T-py)+z%qGn(f>C8O|jAxaJ~0HFSU-U?pwMT z4#l}jm&sCcjKTZuAX13$iOh$*$|l*J!esZs;Ad?20>BP&OQJz-k3W^9KpOmgCs2Rw z)IE%~w?bZ25mnOgn^cWIHxFjOYEF!@3wC0G1Q2~Q%jgd|-{(b?7YXS$0Vu5gfm;bx z0oqAlgi){9uGQqqoU{q`btcvv_!AM(s4?GeVz2!ad3Y{VkH38tu<&gEzu*A9h~;rU zOV~&Cr&LN8a_P9kTWZ>M1rMcch@~uaYjDe^D@!L!;9dBPDAiL-z4^5gJL+w*U}kkP zpXbxxOkk=Cq;vx8hu|b+WPu^JF^u!U{!_J6bD9}J_Cw@uck7Qw56?$n2EZV@E=o`X z)(XS=&3l!mLGv0P=@!11^GTs&g6E35&YLxw@w2r;ZGO`UNPJjqM;+6!-6KFLz7Zri z&y()bmVHbI`NdcVur=Av8Tg8_M|UF}j!r1l8npVa%zlkMU4W?74O=T6M}+=fmeI(W z9672S!dqObgmhk{J|x@kKwhmSz_HTxo^xGJ7CuVH$g^>_^OxWF6xcvj zf3n~=h4nIIfnnDIX^9j9NX2Odtb3gb!01Tex^mmTzjHRqEsfD*j=<+<0EGeNA|gS zxrzDaf9AK)4-(V~BMb6mJg$Qm-|yq$AMahIT^Qfb`_A+m7WU3s_r#!D<}nI~KKLpo z6-vh-FVdGkc7a(=tFli)PG_Rv-? zA*n@SC`~)Q3Lj1%_Lr6G>47{_v%)DCHwCt$3~$BkCK2sQYEW9rH#mCQS7j?sW<3fS zfR;~ku`u--%|}f|UB3cdC3a)gr z665Jg#8^RFk7?@(@O(L;H?4lOK0R`K$zIo-1K&JkEHLdf!sk0&{4ms7rLY~szk?7*fb+u#@J?Pm zk>wRf8*kGT$X5%%2X;y?m(2dXw`XAFVU+D0rl^jKLrqCEOO`{ev$MY>`RuRqHbSXo zay~1dwrml;Ka*yhug0atbAhriY5&TF9KZs0bnf~kHaV0cu#b?aL;w&IW<^J-%^U%Y z8~I^IU%-2LXOi-;8sZM45m__Ff@99-UqoB$N0e7TDd9H>R>78LY#O~e1p2IgS#}^M(wpiWPW2S3WN?)z+FqMJl)b1k{Dd^t6$jSF z4=KDZOMoW^Iogi*5Gv(2?+^{#LWaWDKMDJgLzgODl)ncM(LkOb2pB%FZzVEZ<>wy1 zrG+pyKV`qq2ize!2Q&;!ms@|_u2WkH4rpISzNgFC*t~zkivn?QM?xs%nV#v(Mx(Ju z`D~0m_OC93*odz9=v-aNB|&eNkn#=WL^)tRgWXf~x#+pto|Q9R#UoEZHS+~;je+_= zd?w-p6K#xUL&x#WsGbtHMeQ#y}(aui6$g27rZ^LM2Dw*e#5Nirs+}Nt7 zUj!UuJSSiZ0s>kYW~7kXrV*3ml4Lj|*Nt+j!I}ztE99wFT#fLbe4F{Vd2FCnLvj z@z7aY;w(W)o^d7-l&{+P+A@KLjzy{)F;-O7Yye<|s1|g2r7AQe-wBh#Cp;z zdynAxk@Im&TUknC7iI@J3d+y7?0 zKwfMnCL)B$%im&8NfJ~A6Zm#p8*L_a=NU!2cuT$_$(e}?bl-1NngobUmHiDt82pcNN1ofJa30B8C7 zp2JnAoob{|M+pzqwfzECt}SLwvV`2IEGIiI->6xzhQ7514gb})53YhPaa;QGbY62pS`Jw97D zYrNhu1O}Qs0G2XB+};mRDN_Q_DxXk89=RZ)uWRv=4kq3`@8K+(HZ7soQVRQw8UO(~ z_`=5h$Yn%eu3IXi^S?3l9cC@^PP9W+;-|?n4JO%>)2;Dj>a)-sR)GDq%xgGJ(pqo) zgrzuQIJdJge;d(hwBK8~B_?M9ZLIT=^PFirhQ65LOtmHuCUEPS z>WQH_i~a61)zGqik7_#1hCQphDWr>AyCL7uxkZYRX8eALU`M8sjC7jDxyYAGmR6bW z!~`ihm@MZLSypA;&``0w$hz{cldLR~Vxd>*MPlVM?Lk?0_u53(&;KY}_&bNK~R68}G_YtZle7fCFZ`qFt}8yssgyq>;L?7)lA3vwKR~u&GI#xG@JH(j`7s6S(sK5s?J2$U$-@w2PiJL0 zuip4In(hWNiCjx_TVUp}wITm()VyG;`HeyOMg+KzFhpi|+WWX+ngl^r9$-psf}F zQVnF}_$1&D9Uz{kLFAZ)+d@1K-~?Er%XP?hpWjnIx67|`prpHt=)~@mIiftHIQh!- zb|oOSZSxB^f8^n?pJ1x;(M5gk8a6ZHJke`CuW_oJFleuV-=cv^(gm}{Eq_$b`#`{h zkz}S`%m<1cRqe z=?Jg(OYRl%0117D@TQ!|@3h=>6$MMQ2R{#09fiPGTZ4^ueu}cTU~?Ij+Q&*ai;A05MsvmY2I^#|L58+XrKJoT}J%+eG!qt zP_0_l?_xeHO6q#qp6I$l#8kDSc=Yu!6gK1ZeT_c z{2`xDNAs*r>4AmhU4&5tPn;ckNUs`}trM|kF<<@oGrY&Q!>81JYyt5hD+k|&>tq5c z2cPP$6yDoZ$1m;AEuhK`&(Lx;amU4r`)#*l)IYK5O{X>a24lc?KC3VLQw@>_O%Y0O z{)=+>yQY3~8KEra6UMmukw_SyhjR5nMlDQ?uT{Gb>D+DLB?SWzbBn@bXibZ@Tq7!i1;QIrnuH-8+n7 z{-fH@geHz~c)KX{URtj2X{89x$>7~rlAcqf!Jy&q`Mgq9cOb^yGEFq{1e;{X4)t~! zSMp$)As+Fo#m$#KK27iKZl%(bSS0{v91;qz8x;?uaOJeCx^=c=lV)kJ+Li@|OM0Q} z8lwUAvk1yso^Rkv>c}SaHVt_vO}VLDs-2{=(6kO4OH9+3sS2`;wIp4H>z3@_B-9H&b3_T- z1LAG+PgBZEI@i`l4`!NsZtHYM85pX33PO~dAD@mlN%UsCScmPk0MEHxWr<17(>uC- z^Y!Z~mh>8^7IF?n-8YX;EU5EPwc`MoL!WpL;@pBzY0oTPWvc&8>m`|U0t7LzKYIoQbKClEbsN)N4r_p_2P#}i` z*huOTBpZ@`p#O3Nn1ZYbq}T?PE@qN!cJ}oo*)$`@CFPupx@KO-r1J?#Ol;24jgAGc zJr%Yy+U~ehc&LN&UZvTt;%hLz`dxF`#}EiO9nt8{eaNkV40}WbmPUUDmLsj zG19sQN46t+zf4Pbkh9wf1(67X|Acx8!|auPiTfmy2eZQ5L$H)!tvPII?#Mmho~EnU zY{l)?ZX{kS+)Yx(d{#hS2DcuNMH`+d8=+i9&=Th%AySLhvX(inxYVI7OcO{0aVB9e zlBNL)BLW)jJUgBY&lB02K!t0Gr~aAhfg1$RyMhf+2xnPSPA4U-;p|^vtukXk<%F5s z+z)b5FQwjO?b&gzM=S{@WA0wCu~!%VV_WO9;~I_Mj+MB#d$W7S*|EGXEJ#8)u*!yy zVs}4Qxhpf&A=3RoOAwYZkamCJGXb0ct6!Ya>`Nvt-4AS)Ws|(nqDmgrEVg5v3~YMr znJ9M|1x0&x9rqe^Hp}~H782Q722FfbCIFovD?qqV-Fq6KC>c-{yoNu4u31t%GW6>UNF>Km!f5;*|YB zL`w@y6*NrJ0A1+UfB_F#3Q>gKTm9^|<2Z^>_YC8DiA5X}hzxKQds@0-G_ez7n+%XF ze5a`0hIzYS z-YRt=pw@t8$8|HV;#)_QY?ia3?USKV%;`ViaRCjFli({A?5j~k>lwbOobM2Z#AHJvJFf7daG4 zYo7%G#wsX#Gc~uUH^u|ROWmw`b* z?uR2G|$Pa+%pbwXQ{4VvI=CkE0GY<^sN zlU8#EhC4^M?tHu{?z%ekrw7rrLA=dh^1gx+C%&?r^EW(e=ss*7_fawJJSg8|CC!q2 zP1Ocnl(KK2KHmr4IYVDAhiP4Ji%4=pg$5+Ar7|lNIG82uJB%AgpE}ld0X$ImwlVoP z+SiWTIbnd0EfexF9==Mvk7PCBb$du!wlPDL^Qa}b0(0HR8OlCDNjMGb0O|F(iVX@} zmS_i@UQVX)@7P6VgKc;nTwQ$^A$eh%$<@nWxinQt&%7{ogr=f+3dYwqXBxk#yy}IW zMnOJ*bPGAKFq*3*>)50wI5WveJT+H}p59{-*-KB_X8q_rPttP&=%VbbH*5PYE>Ax^w&!RpCVz z5O}SKaMyw!2<;lqsxuAV7<<2lqj6`@gaQfman50a1 zU}_4`(3$|MV9%HsXeaA2gWBTe?b7-oNPR!bKG^6`mO-y?rLSszzWcjOz=L)Rm#+o( zEPre{bbOxk&qb2!Hi0M}+Z}swBaQom#IiCtb&|6{%?0)60EO{wc;)=CBOd0% zFm$G3DOSCc|KCUG8Sa+sNvS$_4Lvt7qUhEJ3k^n63X!=|4<<^Vr5HStAiHLm=NfT} zwg4?9EU9zpkxWU#HUzu%)q(`WXaJ-M`mqs#RB762_brl~VAlKaiEaU~q+tW&+FDk| zRx(qK^NrQ|Ymp0?eH;N~85(?&>KPh@YM4t6DhOQOG9K^W}mrQF7#1CovjIz@r0T&4s z2}hPXMo%KgPgV`<^wuRpn(U*(^FW{t4o|s!2S`w0Op1YQP`7!;+$A@jL=3(Qwd^+o zw?pU>UMBr(0P6qPd^8;9UtN1NSeJ{uqSPQcN>C@+)4nDT-eTZFZ+ZIjdb{y+y&mmC z2kZB1y(q)wF}utj-hbqcCsLv4)(~x>i*&FpPi;jeJ}N&!7c`(wkVBBH+Zxm<9bIY9i zTrj>qN!tQ!(4RWS!`PY&S*L033W}t)+X4{aF?Xd}K47bzf^Ub6!RVJZ2I{r=%lp7K ziC-WUQ3{g1{h3`ZJ5`!_2ZF=BuwYu$WopfuaIWxVzu17fk~#bdNZ7%q2_A_op(nWYUo%@1o@rkSzfUw0XMS|iq_rDt zOdNYGP;vNy>IuDDixcq@P?Y><{}Kuy(QnT)md1rX0=-6=jFpV!Xr)3+lRks}$stjXlu^5 zN2@L$lv*00y=}-uC zjAF*ZSn0kAg~&7_kg;d*S|d&>2N2Dk>NvV|m1Us))nz!|2gSBMirodf*Cux>^pXBV;g0Q9uP=@r@9p-CP0V%Yg zCA!$5A~X>Tq=NQL#j)OrCWmhWScfr?&ziAcAQUk}d;G@MbRidI4Dyi6-xd$g;AxI0 z)FV3XDg%#<*EFbxdy5x_fKDcUWv5xjs$LudVFe{Ut8UH>WB-x_%WezSu~|W}Uvy%p zUnzuxKR>$hIyLM8;Y&X!5sxJ=cE)R{y%zkQgv#~G8buEgSC0Ste<$Nt^;@{cO&{_- zdgpn`;ixTE@jOH>iD1YC8pkD`xSb28?h1-Er8EaE+IZZ*3=%j-Hn<1(C@}X@i{w-J zt?Vh3Q*EBfd0}>M*ZoU+_W`jH;Hd>&0sjdIV5Wc*1g{(=)EGwv?&hN%pi5bk&pqzP z<(JhGV*@t-u*NpeC(wi5)}~^g^OfcUp#JXtY4bQF%OTtFE(B(DILgWC4>mx%hP0%( zUnFELu`2>>fpO?ZzvuadW?P8H ze@$EJi)*pmyl?AATC@&ls3#7iG3mMUJA51TB-5e-%2@Cq;U=MF6uwmcRptJxg34xO zCo4KbJ35g%009l>bT*=GGG3TI>`3=Z4S{Amy8y3bMD|;|X;~{Hp*T_kJYnR#!afyk z@LI_p9$t(6v(sp7T5&jAUtn_S8MKW>JSw)@*8hhSi`}6z89L#2bGz4 zQ%anzrXEZmPyVTN$UB6e1Ono2cMr5&B zH-Zy0lH$A+kx1p@NuOA1l=;IUPk=y42hmvREematat!`c8j?LTm-79W%2`_$n(10q zE0daDVe@arJN0Fiolp{5`w9PYn&~X~r8-9;XJ}$*@!Wh&k_cudYcMG$2IT7PsHeAVZ(LndfI9UpW=|0~UW$U;A-q3y%-cUu+|Lpejv zrM3cj2;UMqEDh#YSFMz%n)aBoR&t0uX@?_^X=}>IpvBSC=JB{qDuFMG<{Ir~7m=!% zTInZ(!9=Y1HAJw&N@OcbPM;$<%PB?!nskqB)K@eNb3_i5#9k7~R(8LS z^X|&3We-J0X&M+YY!7ot>u^)t^?Y#A_3U2?ufn~zI2q1w!5I)Z)ijt zxB9NrUqL%UxJ9CZ>bi{Pd=w9FSk?m`zI;r8QTpZyg}ga3gz{bI-#tLubui0bRLEbf zuB7e=#r96om9`a^Op{}_lZ}N~r*uRrt=lVsQqI?LR^0@n3?DDSzO?t58Y3E|(PImKSz2OIc=~!YO8JaGw-Ad#l6cllDL>*$ z?4pAL?#i%Lq<#LJ`8Ys9#dE2VGFEqHvK)>K<+^)fIa+z!5sFZKT+EV3^LuW1E05cz ze`9}j%#>N4e-l+?hBNcoQm_Q%iEVHdf=DmN>6`%jn*N3t-!Q-Jj~@(N<-gr~1I##v z7hc;Z(qr4tYUxD@V5D=@$IAB+!2V{F0orEV>3YBgJO>N1n0tyk5U#@Zv;@} zO2$&ZZL9&85l6Q0_iZh=DaHxA3NggWnP0b{mO}E7MDahRQy1SRO9^IAcS!YfRj$lP zEV~YS<^pCi@X-D*=?Pd&sS2Gf4OsYYn;r&}WOR#jhblK;H>$t;g%hfLi3Bm{(4l_! zADp5i7k9HQ^HlT!X*}wJ_~r%VKlxbhiQVLE2FS_2vTx`SLg6sHq!4HYYJt7g+ItMN znbL1H#;L6kjW%8>@ss7)!YkFq+4*LtUn+eP9%Zw;0Bg+xX_9h;G=+SM1}Rp>z=hhQ z95pW%Rc0==HB6T)jGCLKGTIMu!$55ijF4B_{gxyjq=TLKx;hN#GYUaVMDU!PCiBqG02_1>WeYc_w$7Pa4Z5gvusTEBcfgFfou zK>UNS*(5N6ErC+K?YE~qNJ_XOXG&$)O*p@tbFCjBdO!IdEH8vtML%T+X%ikuF;O3K z5C{&S6CUCQMH_cflRV~z)e|+^_&68vsUCRggU@Kknq10UrHNa)fr6CZ3x(C(Ks3o| zxVGDv1$l{oD%cjK2;BqCAfoPM%I$5R zK&HH4W1|op=yRLlL@6KD;Z==l|H79pHX=L)_Q+eLnKRRo4SG8I$RHG>^Q=J2rz3YB zZDQ}q^~c}>E&gy9mq|kHw4Mj6!+(kzI07(NA)0nxSUpkpr~%>+$G<4FCg!w0-+$O0hynY|-_whX>zPFVYSzk&;S@%vkkZGISGXU404-i%BviGUK~6=x zNo7xPykGWEZeN8Xg;8pXC3o%6{izgAS(&{^W0FoPF!{wI3e4NbHiU3|ASnuAUh&A9m^FP zp+f6r`X!zt;a2J<{H||~YR90Pxt2tiK~P;EqUio6saGWEB1KSRI*z&!68W0lKwDEb zp#Yg{`>1fAYV2x?iZ(*8u;DiK>p{~nY{h&VORpY8z+VFo^lY4-Z9fw%IbNf2BSFf( z97EJgz*_G4rCw69PJ#dQ^}KDoRC_UmmNBHgawl=I1*zEF#<6kY8C`CFn$UuI%0eVJ zG7O+Vidthocu(0SxBzo#?0OB+GtPRUX=X6QK2X=3C(!9sW?S-nA5QZ-+)G^(+*qsQ@WGR;I#v= z<2?WL-k8a_3lE7ElcHIARCUrxYBn`alaw_5`IEJLYTD!O}jwq_!K1f?s$S+xtTq8*fCR*Gu?^H1xUJxaAI;JX{U1++Lr z$^CoB76H0V>oecKj)C86P`a6p(%)_7{KRLv&huMJsSEs&y+Y$^t~2XUeF#K7SR&fz zGB9&SE40MiK0fM*fea>iO2+t(L%cf;mXdJVZaGGT0L@=@w{95nIziV{-sZHLvTw4w zBL)USkZ}e!u%wmWsY%xvz_EWH)KT{?5Bbb^owD{;>*A4^Dnjo zS@josBhxM>J{Yf4V@qUi`)l>Q9BOZLEG)9wsUX*9()EzDtj75)S3&kJqaj3g7I z`FzYgS+@S5w9K*B=90CH2P~0{atC_b)M_jOb3B(LlqAm409(|GXk4XVl~43dkyi+wG~5SipXhJQSu^QTIk5JlXToIBhNZ z2V!D_EQI;Wk837rYdk>%Y~uRlhI+F{xuZw$?ub2rNFq;r_m&paKSGPdjwvE_U>`%<5N(avet^5Za&Kn1Sz> z;p`c6W8*DucWP4d^h!QG5WVY)|k;i%&YEZ!M2~1en1(62uJt` z`Q{&R-;u4;YAMm80?z(64t6dOX|^1Mg0y2*6|K5O@U5FYl+7caSTRx9rbPV{W8EgvMS1g(%^j(RWj`%V&gwB1SXQ4W#K4yeb*JGwK%0W)VED6dw^+9pk z-CnWrq9sMCB$i-G1KX10{w&n*On|N-KkbwAh1}!3i z=%5HlOZWav%sBuLK=8jf+LID|r85fx7fd5Zt4*T?$@+eX+f=m8(pP}Io4Q3PRyfef zerDU$jy(inY6FGgCajvt<|-f&l=hz#ZSG#w6k44-Hu}(=3&t*s+wBR&%@8=Z1$>}b z_558?X5}*zC`MudGhX<{(l=wpRRg&QdS!V<7m5|+3oA2Q=RF14T<27FzVl@Ihg|jvna6cm%-FVAV(Lvb=gqwBzi(5|HOwvyiUhZbSMw=q5MFa>K&I3+ z2C*hJhvbOYcMnX7O#s+>S+QXmuI}05e&Y23s;=rz{s+A*Gc(|`D)2dgROYOq+8)5# zD|i{hvxOpuMpU!`rL54-G$_uK@RuOJ{)2!SY*VYtQq$S2>&_n3f=8QO0`DG*fyFfp z#m*V6r7;^uKm`ON(Qeh$q>+x4h2|%*Rn0~eDn|hm2`1SP_K{&ZH$RL zwD8P&=BqUhrEl}o~00%xz%X^|M`SL^;fqoKt*VLa#sw&-hzPTV;p9 z3(g6gLdJ!aW11{UF4NDd+<{?U!&uhCS|2tV+qqG}rl{tG6)ZR=BHYTHWB?CU$8{jL z6``UddW9bu16WutqgiOQtNdI-s}u-DfgKJai}wU(>7*OPrpR5=yO|Q^qIRaHwsnCh zY5+yYyQ;d5Nr5wj2Pf+-{Cu~eoXQtrU!|nKCf_{{<}gje9+!~dspt+}?Rp|9AJ7D} zCCV*xieE@e3*WD_JIs5FhI`q5ZU|+0TK=O&1*H6z|DM^F~q}@WZWR zhS4Yi&X$Jn(9Ei|jJg3?R|Gt(Vd>_K-1OxW(Qv|Jg{^EYVj|;zBLzRe<D4mxEr1N(l8r08|Mr88vF^cLjtVF~Y|##9Liku*zPLJT3T|C(R74pL}#s59iWAP z8~mMaGsk+c6gGDDi&gbuj+nW(J#2ZSj-c;xh|Gd=kiF}0zU8Z_Wd5im+WKBbj)%3g z2R6(Bcn%PYg9uSEgk*K8(_sCDB@?ffw&U+5#FFTCR~)u0T(BMi!YS@W4f(K{8A#|P>&#Z+C^7sNK4*1F!ZDYyzi;&? zmA1eH`rn=f&{;>-_oU0vqaK(kt`Oo_&$8M~nB#pf!z=PB2>=koBIkL=W|c?bPm$4I zW&mz`>C0(*^A1&DO~}*V^fcp)5)KX-2N28}L0RRowB~I)p-2GHf8s12 zozX`-IFb=^Zd9gaHxw)IXH|-v4p)rCMIfP-0kI@L%G+@li}pQoj6W|CNiY9|By?x0 zs;OM5NFvYe%CB&Z*30ViUqs1dZY7WuV8s-KPtQc(DaRwASo-S5abjyhcLzDfOtLYf z4V<*xc`au}IAB!&f^*ys))Kl3+gGh_LH8Fo{+^d(1{|u1>;ZO&0k3V;P8R>nb0)f< z$pj656kL@uwN1V77y}Oq@WqOW3xLtJ?>)rBO7MW^Rm1BW0qa1AOAO(lYD{`VMCYL|;6d6k` z?*Y3<&y$|A)Pf9fHYGyNwCtkbx{uw2RuR;IAkh2_kI1|H!1DU(_`pC*V4#MvvvgIz zJ`+|l$Nl~}3|cg4>dQRd!zbPkQR0-prv(B|SiRH*n*)a2l#pn>fz(qqXCCn=W`r|y4> zdJC55er~}S+8&JKY1Axuk%0$Ub!?{Y5wr1uPf7TE!DEt)YPCpOgSv8EMhqD9IE$#6S=sua?I54sZ zs2!>nLP{SV*;%?fD$g=g;dAh9w4{GldBG8uR%@cIE%m0|B99$}6xiJ(xUk!u3-dXW z6NHcDDn>LQmzcGkWh)x1!$b(ohc7KT>&>R!N7v#}#KgeH)DbbqlXXWdnje&|>9SUn z9nkI0qB4*4Qy{K{c6|vI=_%rX1W^QfiXkO$uIAWQEoLCPGDC9Nb5gD3oir*VI{s_u*K_hL z2DJW$pWW!T0h(UDz;xFMH0FrT$SjfZ-@cf0JUp>QS=6ocM7olz1?IXJz71{0N%!B1 z)szoKEPsO?c`}Y@zf-pXf8q$E%nB`Qn{-TdsEmpMFs8+wZ-A+CUE^bnwpde6!=)l= z0+JB8kgIOYM>deA`~KGB_;^#c%-huvRZnAeXymMz6#AaVHq}f#&tTu8v(M3$$B@sH z(sfzd>BZDDrWH$wdTEbq zwJ10%<$H=4`E-VT!q;7ruq~HZTU037-ecw-k)RQ6v#FCEO!~)0A?={Bo?cIiKnV zYh7f_8TE+vlt;(by%Fpzot`__d3N%9!Ey&dr)~>FGD3_XwxWo%sEJ!8gDxOksW;I9 zb+yy0Lks#f^CYI4*lv{?e#RMaf>e}$)jI05fvo2pFau0qqxX&SfKH^3Lsh1-CW22) z@`?w{H}5>JB+yu|Z)IWYjO2PuvNK08jZBtgYpQj0O}}4&k6nS2jcZ?YW^0Y*VImNJ zfZ6=VTeyp>=r^)QxfbK&Eu0A|Dq)b80#7N466#P2)RU}47G2;R+(?X_kp534=C~d1 zoHRcqOn$fVaRGc#)b1)$9y+7Uu8Z83b5&eyyD8a}4V4VoncNTF>^CHI=`@cgR!@6o zvL+IWyp3a?r3EL(e(s=puh@2(jvk|uNYk|(dmSymkeAAC#Mx9n|AqRUpH-z+qT0+9 z&a0`hF&u;QL@NTEMi&oH*y|e#YfqT1HW1-AjNBZY7S(fe> zyZKvK^B;e4KCx0SuF<%;YExgU-TsR*@WS`A1-ZETZzk4}mB-)KnPDtD8TE&bhv{?@ z)4_Day$6_W>I^DxA1*J{Ep#A-T12ANn-Im6+hg@#-^~&>_V1>K&ZTWGcvIT?RZK5H zXL>RPI~K(laipR%p@oLOw>Q*y2SPwf)p2HDn_8bcH;?^ua)orX|77{6$#z9jz8{9> zTSMnDJ&+Z6D8QA&&or!3z2Yc^kV|goy#`NdVF)rg1_2Tr!<)HCHTahdhS|n~rI~?p zu<|+Q?S0)_uyT6A{0G6E3D3m5NbGQI{;H?!)ecC}^>b5bdfq5%*^WkTl1L=)$d#zG z)r_>Ecl}nQji2=BSJLaC*z05Dy&p!Xe2>lOEsqDtUm<4#FN^TqzSHZ0YEeFCZimdz zeeEc02k7z#a}7eL_kX4x%}jzMr(FFgPXEF)kGD0+g+w=~#@>@B7_K zS{T6_qrEYlS6TQ0O%|%nq^v*7WZN>0a^aoTD&Cd-+>RH9YYqEaOAIqUJ56Ey(B|yB zIe<%{XlwD`ZfFDf>;|C3c-UK0XpyZ(M~5Jvn&0$gX9!<6*rMyAO$esIfFV=N$G>{ zcfV3XDk(pnw}0y`=u4FZRp2jzJ|!Il0D#_x9zMmwTxCnWu2%w1#WqRP|abbxT zyBSUSz%cD=$WxVNk$o>$Li;O)P=1pH6(kGeVm9)iD|XGO zXPf)^`aqk?443#6&Vdjxq~zW-WF*j{ zqLoZ-iD^fvxg!uEfMu;~+h9=HsHoQ7Prr)ITZ5El7ym zU|ZvIM#@8OgE}(AP09fkDxd0x0Fq8gozU7w?gq5Ys%Z`BMcK!MW#NsKlf0;1TqE&& zPC-EC67Ex!ndpVz6hYFX(Z45kr2CXVLpYyY09+=K@GMb7mpPQ&xW^UbSLo&5*(Jq?|1#lAXDX9HckC}@Is*8XbV zz#lQXjuEAKZKJL(;k)h)=AjO-zJv;_#v&(xnFHfJ$+;K$7IxefIlV!K({vp(*|N;) z9KIaBz0#`pmj>P`cbA(#oKI7oV(eZaW8j)k`T3lb$h=ETsY=%A@~%c&m8$jagTr-& z-zGe8BDEnsUYs^_9?2L(XY&5+`)NuVK(xQwhkX5IkU>9@l%C#%Qu9A3${IXd{m2T8 z_>ZQyH?jKdT^olm#YmsVPqs0_TW5d)i)VkPT}-!3JTZ~gYYGx9#|mz+NuLJMYHKAi zAo+fcw80w>M2YeKK-ZX_8F?@@M~IGPO7NyW@7O}U?0q}KB$)}=0sRvgI)FO9YZ*^m zND$sR8?H^4S+9DmI_2>Li{4wC9W>f4V%iUb6B`|}PAQ+dFmu0$@Mh(it{eo3JZbd` z<1Cg7w?;cGr@~+cqdD|nc{j|FJchjQ2z6b7P)MKL*^p@ls z25rsA1Yy}b|LE56cwXrbNDUgwOS?K62gCz2GL6P$SceESJfm(#Mgb357W%4qk} zxw>s#Ailf~t{N!qg<>lG6&%xm1acMfSHeL60>d4M7X4JCU~V)!S%Iy3id^cF6`OQp zz?xEKf9sdaN!*j4v_w&cPHnV(POC)Gip>LyEgHYtOQI?k>*y5+51v zr{~jGW*`~ULw@r8nbZ`kdS{PbU5Uc3{3b*D@U3BFt5lh4ak9ktZul+Aa=EttQxp^u zDVlpSfp!EYlJVb^#hW6I6&2E^RRgKq03SOXjr>3;85JBr=A`yk=|;)w*;sxJD*$wA zbVY>EBVC9JxtFIYmANp_j-ntXibmAk~b#};k#J(DWZAB%5cJnVE zy}=lEJR~^TW@hK;zR1*;?3HduLg#()pGX|w_IIl_^K1}SBtA#g3}NJ=w#zTHiITk{ zQ*)*`+jsm~J&i_#aR$PaMCwAl9~@_Y#*~|9gR9)9)L|tC@8o^g)ev+_aQtOSg3!HZ zxknjCSA3b4iDB}vVfuu$PJVe^NFL~J)G(wuHFC`?@yi@9Virt)Ry3JpkiUoI3;{#v zN^7gzAJNaVuS|j9{E&BlaCJ@21XTla5gd;-N%r4HaQ3Qncstculx%|=aJZ@b=|{038% zWA5{%?n2md;{R8%1|4oTJY!w`>8Y5|YlQQ<)~&LcYGrLe_2`;T%zro-(ocg=)f zOxV5v_5XJmmCoE+1FFoJGIj+-OY=3R3t@=h*V#|X3T9|XPn!9l#kmbt7pgSnUssaw zuKXXNHA~nRe4)h1hzbvrZ0>X$v&{j`dPmF70thUuJa&JQ)F+V5!c}p95}Mh~RwbJ? z29o_8UmBQFFUquks@a$ntAFjmF2s3lNQS&Y_`m_NXcx+*-slFr)V+GVzfCvFK}E5`Ua zey|H*;_yP4(npK!YUmUP%?xC5+tCJj%>fhEyz=LgDu*onLgarzVhL@dUj8{EFJ`(&bMM-i*$Cm4?*AV^@hNU zb)j*U*-RCnRwKDXG9Em17S4I(ltyYwJ-l_@KzaRUM@@E!>p6ZYBY_dwHesIN1I-x- zW>{se4Gd-TFbaKY;_DpKYaW?7RT(7-fELM!ZJvwi%FwCg_q()XG%CsV=sS@j=k8|) zyRFw#`8QaE3Q)W%+f9xo3^lB0CD>O@r&1^hcIXvvco#V`DU%4%5w!kGOPhs5np46VtuLU@S{+qNVTl}v8JX= z8d(02`5PSCteI*<_VQ>yjd*=+f!!Z($~$i@Hqq<`YcZxFpMF>2tm4zFuZ~>xeTGuH zoi4GojOL&O6lellf9Dmeg{Gn$0E&q^ys2UIYO~nX{Rh*FukwH zsUMcOI}+!+B}C6O7!0V~?-_p$^VKRQj6E>fm@`#st83GSC!OM(2LDa~*Jc}IK3^v^ z-Z4}7dCmQp^0^gP>hJnOw=QpL4rDgpMc@3lI{`w5ajOkD+0F$*OME9^eBB*_kY(o zQTO{iZ570M%`@PseyqI}@tMfwQ7v1wGhmP=vH}-t*4_M4-#BC_4B{_cj|qhB$k^Ie zzTawam3qAZNE2(Q2i;3!wzHCZ%aP&3eG%iRd& zsnR?_K5aRQ zVh8=rX$4FKAq%c+kF8GpQ$BW`G~_gdU%Q9u%@MQ{Eap7TyyFAf!SYG43mXSK$C~d5 zZS4-HWTUMQ5)kOcebZK0HsLyuwg58F^=aAT`v%a_F-AK#vIeQneTIPy(sd9uHvr=^ zzYKk{z0qKLzS{uny(VFtdIer|+e&H9u3d8b+cXijN7Z`w0oH?m8tYic#1oku(sYW& zGJWC==u!hi@obT)@W7-JZ?XN|4Fa(ec_Dm+Ru;-8Rylc}aof-hYCjf|j6bXF`_m{&3Z(>KvFopkAuV+64}f5v*fa)JE;Q#(bxd zQH_$16eP%sdNmm>99M(WP2dz1e8As*^Nh0zpb8k}jh2`-+7P+Spi2p~fmcuU?jsEz z^`@z1RstbFu#(tb2cQWL<>ZLJw?<1b)CGkvdpzkJ!hE4aUK~I{fKWd7#=mpG!@WaO zK>&gK7ijSeyM0wMw zBX}Vj##uHOElh(~N$DTEMB!{E2|LwQWOG|ym&KNB)z@6wn(owtxEqR_$;U)MzkYf#ryGtY0NKB#5=96h@*>(W zbbqTseb24=$Hx`1qj*gG>2>z8Bi@`Bg{{4eRo8GK@y)o&5?NOGBbfFd_PTp$s6EiHtY1rc`rKK+wd`sWQ>IqI2bOgZ%D$1gMll&lqMsT69A&FH(*0EsoC~`D=3Cndf7G~+z|MY5i6AT;5FAS z7B9;zTo7XHivj8{Us3oa>!t*shl*lYoz4oeSpMS-7wl=el|Y_i55?Gw-Ic$EhF*@1 zy;(RDA3!fwHDPDb=KS&jHr_;Xg)i!^fl5+H>WLLabbkSY5VJ-KPVkFkFX0 zP+1bS_jtb8O9IY`CttcPxcM6Ahc(+9%GIa+v&1$0WZ5O}is1u>bOEpWzpQblt*}&_X8I)8 zwjv6iB5Y2?To%*caqJB{z?#YY1OL(rtaBHsbCbguL}dxj(!-TF;GSXkzhy#2_0Skx z_q$cvpI*@4zWm89R*m@+p{KHHMHD8_L(;rmU6z+_G$($Msil_OpTZ?7Lba^JDV!k- z^u-xeC{qAHOFBvvZJW%7*Gd++tEzZfYk(cG~;P!wP?rqaXXr^tJ_D2Y@m}JS3 zKH2z2ruvE~o^QO;e0`GN{a;sC!MBbiKVdfS*WS1w3zYghVU;IPkooakupi4FdE;SNK7c0xQoiYA^C6<{AMLlyaMa_`-scREtem zh`BB`J!p|kj{uU+Ez8$pJ=@>Ds$I2iQEZ{oNpFbjO{?^^k!KE*9=(7K_Y7~$2y=bn zx0DAtHa&1yH1$fb59>uUB2KsS>criAJ9v*0>o?hOK1sXtpu`hrS#}jmUb_>vgqWy# zb9b5TmvQ}snX*E*Z6Ob|8`OsJOl*GB>S%G9doX=&K+WpzZ>zyHXHor5^(t72jQVFF zFZ)wXYc`v`aDedI8*R{xj9>?`JFC7&V_q2Be&Hyw)70Z(&B-z{<~~Y*%T-oIS9xdU za%O7f*Ab(2T54#tfA{6OzM7l>0*-MAJ~zhb-zE3aN1jghf`18cswEZ9s!|a8uLk#l zE48m_&t+)D=7gbKwZ?OV1KJI{JN?9r+bD)ADmuZ(oy_IZh1K+Tfs%SDGIlT8c$1kA zgJKjd>Qo+6S~r+c%;!ci)dH8ScQVqCn=KVlMQbds-tChv1( z6Em6xoYwIGL`Kf$Cv9nYRHd6Qzvx4VSYOm&W=mjgb(L-A(rl`6q$KF75chh<0d5SL z6sW> z)8NSua1a^UjP_@pm=0SeMg*k6I>(dkdodyP)bRms2oRf3(yX1|4a+@DEOT zmL+olpVUu-@f2!SCB;XS6%lFxv(~aiFggujEIF5gmWm{ZN&RkYG{E2K))pcLB8z3) z<)aB!MN@R)3_Ir*%*e2L5i$Wk7GFOnZVz4Ooi?9-zs?HXh!oYG(CKJm@Xb<*OQl*! z$BS)Z!#lYM!QXT15^5vJ6$8I2;k*;c^7g$Dq(BpFXbkyn`oEygd3ZY*B-<}}5 zfpQ-(6^OwIpIZ;TjytY{2*wC~B7ZH}tNpALv$uSVy~=#9Fx4z5X%(W3&D0BLn)V@7 z#?DpPzYP7*M)!)lKhI}kqqp#S|B~S8k%Za~S-fyVws#3miOMAk`o(Jys_TVE=BnZj zgj12*&x9GD@bJOZnAd~z8g2yl5oa-rDpR6m3cvPmn&_wV`K}8d!%1C!U7&+yA76`a zoL^Xh3vlf|fIAokEievfox)Ok#XP4F$sT>Srrx-YfGHU#0pqY8r|Mdmd*zm}bn zMcg|xMztfEQEKDzILt^_3`;;H5?Gm*=)&;6Tzqz0Uf5m*^OV`|JD!kf`)Og@kUa!O zpwQ?X@Y`N(JG7-KOAZlUE%1a_T-r`SLs3EX>oYyhhQTGsvG00qu3uK1d_Sc z2=^MgY5od8S7)VQvx>$nIz#h$cZqkoXuS%0Fcak1b=j2t6r78LEWtG?)8d3%{j*YD zNI<8~eCdfav)4%C2ho9ckc^I6Qm_UyzGzg3-d(kNo?2kZsy#xsPwv#(ZrGwtQUKv# zK$g|@MmUZVdu%zq(8P~8rwT7W9^M`^kp^>)tH`UcHKP;8V1O(!l`^4&v@KkT57$80 zO8$BI)`Wo6Ccn-no-48DZobWO6Eh=<4LNAN?>t=%VPmk?ZyQJNl#nA(#Q5CfJSSvV zQhleKZI+&XFG5UQT>o2vr_IAzZWW*D$FsMfQod08N9 zB)8pa<jr1EWCO*W6CqEXm3Q{@Hzi{6|D+JX%#02LadP-5T)8>F)3EwU1|NAalh z$f!q3Q$$CUfBZky-mS4>31yGMQ4r#x_X3W?#_PXry-HLT)f(ga@r~`H_BBcp&_NxB zLVb%fro}|KXg4Y(f-gX#_3i-`Y-EwWD&uEUG1Q z(7QO3olm4OJhbY+zN?2`6|R|jM~f%4%~wkuE)3q77g4K(yIkUBLp>7gnacVU(qq5x z4*())-s7T-Keg@04(q}zHhxSD^YZfpW;A%=frTYtvMB5nM7=(p(3qNN37U_HWW44( z?A9f>!=jTa7FP)v2jqlsl0$dAu|3pvLohO(Jq3WpGJmN+rL9>FO(Uyb0YsODf9-=h zExbEG-ZsmW5jXxrHZW4n8J{foX<Cx0+964NF;EVtObBL9>vrGA4j zo#p{l1qt-IDTDRiE*l>7+~nW)#rn!8M953)kWq>Xq#ia(XG`HL+?5OR8&uMO`p;S* zoeiuQ^MVf~Cnlofy2*J*U+rb6W;{#wo}UX6SmmX6dUuAw^Z_bZx3)&sRIqixRINu| zC}Y-vHI9bSb@MTtxIHLv-pg( zMNdP`L22B6THUj3z7y1pan6zh__qEWJ_y!r+!w89im3ECkc}SS=spd1;h{g z)DL8-cu{Zf9NYX>->7~Ar~q2yFCu={79X5St^*k>WI~onlQ|kuM!d{JhDp z5hijCXVY3@S5D5Q&`>uV7Q-T8M}QlvzM(3Q7BjN{QNvVK2-@GI7>|nY+$70YdOx^>X;VIvUgA{Rc3*$)dm@%XA-gSR`1@!X+qFU0~#oT~Hl;-@amH+<|Hb z?Kkd~Vhox!geJw&`+>Jp-cqcg`(penT0IbSXGiAv=fFsT#w15KG*Y;Ltya)c&_BCx zy5%Q(X*>U4wk*+VV8`;Rtru)0ggG-OiHvDoUMv^-!>HG{^mULg{I>s?eceb1@?sX2<5DE1p(9lDWBd_BHAgUlEo*w)SCF@dnMH;+{$2w44 zyQ!NL;%I*x1rP^jlSC97{j1Mz)G(3#@(=EKU|L^d^z%V3J(2)>ogEh#Am40FH{NDIJ~kf+#S?q3E#cg&TCuV300J|3l<;#KM*}`}_ai zH_4BX)z}GUgJmwb+*^TikkQraWIv;0)W-VFMX}eTPH!pL`W;}Df628$x+NHmH}+-y zU?@4>eouoBPy%9w#*+4`Ult-omfQ>;&mLMjA#0v>FT3VRFM+C37gjx?4q;(;%JN5( zUg@GSK%Zh6ZE*ua?`G|*)9gc0x@;=1WA)4IqM>oS$2h4pX>Ti^`wDv+*?ulim6p_ze) z@+?VjolzA!8VgfvD^YajD!vV$KugrRCg!-Pv zrt_NhL44A>C)m+_z?heI(RojG@^O;eV}^1teyoq0+@s=1$h`#qxo&<61DprZO4@vr zDkFx{5iw8e(;Gc}d%O&oO$2ly?pZ`qn%sBgVIK-g;)O3)t1^Hk{03cYONjgHtH$xF zeP#5rG00BgYv5CZV}dOXLb(LV&*c+>6?iyY$|a5S@W0M1Qr;-sR@uHibM%PJ6h3io zWv4cO(>OWkp;;p6BLD^h3;J+!*Lzv1T<|{Rm7FS2zTILfuj6L6r4}s=TKpyjT#Cbw zb^C`wHQZN1PzELB*8eX;piiX5QkeFf3|WZ9De7Y3C6LHfY_Ahc|UxTyG^7-9X+HVAgX7f8#aqb@kK=) z+^9GtWnq~^wGxoV%4?%p!JMMK^$thaD!G@>+G<7%G3ps6VzJOEA+)(gnZ_V^0Y#<` zMdaV;TVdr^&(5y22|#Fmz^@UzAWh243e-XX4HHV0Qee`hLKInS6GlFStgo5bq$Kj7 zAdhnD$)j+)fn0&R72JRT6t-yen(?X9uLI~mkB*ppkKS@8_i*fo0@y*Dy13JQ{=T07 z%k}QI2DM1P`Kt{Q(b8WC6HSoYT6uL^M>^Y|(=o+G-}#&z!~Lyvg^GZs(ERU_g#^%S!Q~{c8PX=H;(5stEco@S2kiB z9#haH0wyN;ecMI}E<$4PROTGCuwWSgg3_>esq`d)?xK2L>Pq5(a%7eOV=f3((oQ=% zGbda3*SicooKR)Qj6?xOzL7hZgcN7awiDMf9+z?z{U051n!oVdtRI^YGU*fd5rWJE zB(F(rT@K2FljQr(4?RpJXZ?*zL<7vj*}{Vu@I+9zvt;`H*cNM?)pdfmzs^kQ>M0Xl z=GSw|78HKH9ancezb(yh&hgI1VPr4`RxY21Fl4wp3)cAaz9B#Krjuzkz z(XspyIHfnu`<%e?^Ud9oCZ4Om2ur+&hQDf_>ZcB6)(rs9sK2dw6RqzQkjwd?2%)#x zshg~yPy>dAE+QxI3Pt5FdR;-QP=XWsuJ#8edmp%(+-DK~^jFgn4m}-|l!J!+{8PL& z3!N1vU9K{4=QqsKFG2u_*>*pA?fn|H*I<{jaY`euI5yvX4dGHPKg($6pF$=Qgk|uy zEG!O%DULE(b-_m!)5Pw!*k8CxPLpk!KM&iL1_zd1y=e!yX{dJrKscs4C%J{k^{OXd zHaT`&xQ{vtCWfKO++*o<&m>W1ozi!+^3h4evyi96{`uTFtE!9qC|}fOGuboFg0OM! z>%@~FWIWSNnnm+NHT)VxWvfJp?>_J;tia<^G*YczOOCG9E*GkId#1}<~CpeJ*z|8>ITcX9ab zNUbs;l&gp*9?O_CAV_$xU$e<|WuG9*ZTOtjYcWvk>;t$DOM@dB%eLsV!2F5J7|_Oi zkFLfAnUZope`JD7T`e30N&QF8*EUtNMr{f{iu)%C}9Q+NeRm<9m=cPmAp(i zbuaRUZi8wbm5q)6lAQ5P`V_d|nRRXAJthGu4mn-RZr!Q3e3L83iCCNmxuzIhpIs0u zQ!I+kE`}rs$6GI8*LEjH>isPr*S*=R3j@kyLJ$OgTB*TQW^HY5jR{7dt0hRo@{s|H7X4& z-BxfGgzssiNGc5rXC>@9%&ih42)BjNgIB^vxfpe<^|QpW!rqZZAtQt?uIGwKH_2CI zv|;Y=a3Fa0O%g;*Ocwa8fHJgDv@Vk3)nCl=a6$TLe+GQ0t865beQDFd4@cbSuzPK% zuHb_5C9x1Pcs<^_2h7bXwOW@w z{E01)P`iC?@-C;3{f0#pu?Ms`pDe`9WaEssknv#8f0i4) z7EWyUSJ>*t9Wbzmc6a`*A|S5@%} zM8A7kFaD_N4lXYSm7e9CKD;OMk0CI}2SQe?7X`&hdLDkT^+dUUO9=0jYgp-8j2sJ< zXLo*o_k%5j<8zHgguUYs?(#rQ^xVyMC*YJl4j(1TfH9AiaT{2oHDFkzX@U#JXXDU> zKOVXcNy)-gmOOAHIcjJ!xo($>N*%0aM*8V1HCMA+P}K!Y@Fg5YodRP7!KIA~qu zG<`nX{YXZ#u?cLU8&24{b%QKrQNLP9)B<(bVy@csW|FFC{6$8o*ZiSuPeWWQ! zE?ILO!}ufgacKV%J3-m0}&iE*P_ASnZY?sY8wOF|xe?Qp`; zn`JN4^O_t-D6Q5a+$oW$eGH~Tm#8QYgfW^O)c@j6F>~@pW+RT|34!r#DFQ%)J_D3_ z%6I5adHP$o?Iubj@@xd_)Yb~sK*Ba)F~a+%dYZoj7jW1=)9xM{-`Hy%$qhk0U}Cg*VcW`vnI$%gp}d=1_`&A>>YF6f71j+!3}4#!=J!``=j@=i0=;yg;KJKaHfu6xKYgn=|3hCA z=*i5)IMO%Cguuni`{v=&U4_wuxAzJWHrAlhB6<&NEx32p%U}fLl|cD=ee_OkfL=H0 zE|Z`tC&2gKKq)q^{jO5;NePy=@W#P??`%B_f6EY7#7JMZ4U`Qqa}lLgu|&2Rpv_bm zmjrS?Gm?p>mte;YWakiFSvQTu)$mpn_J^f#{1B83+tXj14UIM#!^j8^kjR2NtNg3 z^o(A<9G*B-8s{dLua$SeR^(VvJ!ahSSro0Qg0tRucD`u|EEvDr#tnW=8E}^^&8kYc zu7?YGUgkctvw#oZy_5kLKZF1GJN{8H(pfvr0-{f{LYf7{v%Njm=IIu6lYxph>VhE5 z0kZ_bJ5Q(G6Y>>SjV_QbZCm$xs!(4fKA42Lb z5$^P^jj}Pc6oLGjN--zHBtY`BDuyN@2BBv?G(s}ZWBKHbb0|8$d}`sG6OEU}{KcFk zyd6a%%Gn-r`k$M-*iwrWDtedg*MMQE zx6Npfq7g(zT|`ogK4R@=LVBCsp|RJ6u2y-4fJNi|9+l^0vv#00lNnjECC>nB(?y8j z*J$OU>3Kdmt$FgIlfK2hE;;_>nokJEQ)g z^6Sn>9l)HE0v=6-CHvxm`ygVBteANs;JA*yL?UPl!+T8)Y@LBxDcI~Y7-F^tKqMgf z{gqmYba_ULONNoyY!qIq@BDQ(v;{IP405vcw_RzjBjf9%y*Y^h13>)0!v4toJ583) zYi(@YPp`H2I?VeedG#5JSHg}TDH1}{G15a>{pmShx3!Y( zZrI#*A{T{Tz&va#P<&k8F^&_ka3d4NS&k!G@*HL1^5J`5KL);xAsyN8WD)@zV`XP%Fufv+UALeh#%Qu)6C?@rr)aQI z_u^6EvoE><@z}zabhZtd;D9Bi&ieH!@?Oc0(PQtlSie2Wm76Zg{DO>YBc=XqA>3{= zsR64sC-7tna%sx?pS1V$)L6y)%giDw1S3DVf(FifQ-q!gXFt{?Rpp4th8uAXx5emsddG!`;jrnHK{CZk& zf_rvAv{2z)CHkMPV?1{5MH8)=IuOb@RW_2o|eI<`1GT>XMRh zCm@rysX^T-hd>#M-h5kCIQ0a+sEadZI*bGxZNH#b4VHac&-mf~>yV}SxAddqS-O6P zS)zp|$*34eQ=c!E0a}S)R;+g)>bp0S^}=-!?){(L*nA3DlFuJGV{{po=IlbS-><~> zE__8u=yvr)Li3CGaqcj!ElE0h(@K8} zf78nRQ4wBqM4|bGWL73uV{}4L`EGPWCi9#FKA+;z;S5z(5i?@bjCYI$<%QV9wmS`- zwPUU)`H$QRt%OCbc!<_>`EEIuGFH5&opRN%)l?+D5B0`}+}T{Jqi{Vb-=NXDxfbIJm!6Ts zTU@DeLW!fGCbusjGjKZQ!ol$&1d+c&6TG;reB;{1t;?V>r$yR)Q%#0HMkh83py66~ zaGp-4VL0(rS+B0!j--LiBjbxR0g~2)a@mGxT42aqG>!FI@AI9TPn`S<&2t$;c+U_i zJL+5v>S`7R3e`zWeLopEYzZvRoQ+ajgP`b-0z(q2%k4cwnyE0lKh!NhfHk>$zCtpM z$?D135m5(8x;Rpt$`mBA;1>Rv9V97)bS-H5HOB`Ps~?``9BW;iR~U$P68=PC{X($WmG;)|gG54+B-Uz#Kk^6p zAix|AjC9teEo6^{L_-7YOrd+$PT0pv=X;fjj@Y}s#(4!}sD5$=n_hvpBy%cc*8eCE z1-M@Zg=9n@5gyjM?+f+(#a1n>Ryr>0BoR`2<*bQC=tC?OinWYRtLm4= z3qhotZIx6kW!k1cq^va9w==9vE5fn zoFGf#Id#oeL>#9SH(?@AgJjb9Z86fK(G|_wkH0v2JeWLEed}34i!E0To4fZtbf0W$ zc`QDTtRdX(CK8I7GSFI0l_u+$5ej-C_&GMq+?@-uM%l#Hv(7*+ zg*PmpUurcbz-fX(h>-|VK{>XtXZ&K6Ib_Li{aP@b_mx2~gtxD_$s@DtjC)xUST@O! zRyS^K(N?`_!32JBI?$(+p!qTxVz~6Y%v8h}l4g!a0c7wgTbJ+Vv7FNG5 zdjnb;Tfq{cgC_;eh&GZUd04>pQ9MMn2dO)WJYUI_C>=&ivK)0O9}(efa{{t^3C|r> z0~xeVyY`W%{8TMUL(?nYEQ=C-eOg5J!tcs$2REwJ&XI{Q{HOt(5qrk03{E)Np2Sek zipnrm%Wp+;`U}+p&#kNIHP1OeS|Oi`lk8wD6BNQTMIo)ISqQuU9V-d!hZ!+F#VZ~Z zm84u6ojI4r1TY7tD3#S9zSYK>D zgVP_6MYFJhY>$e7yHNTMU8_=R*P{#`$MQq36Tv^aN!5$?W4|<=^u54RvjeS?Oiz8$ z&czJtLAoZvAI9OIlCg%c)N!8!EBlwJl{o>~Sa}`ntzQZJ0yAc5t>h7;Z0f+=zX2pY zu&3ZHYIb7I%cwjj&czL2JZ}0*`#7taRbPv+4lSCXEC5n{-r;e!l|ngYv^%+g-`IX+ z-G*PshID2c&?yOeo}d3&{XkDOZsqDamSK)l^U&FM;se85Gmcl90RjGd-uM$WObwu={+_1^r&tE{98bE9Y+EjDl$l6w%+$Xj*#W(~g`}7+u|f zT{jY`5c`nym+Tm77W~<+nc>DtotH68&Qfc}u>5=z#2)9 z2jP%IHe6QN69lJ3(9=LX=1k)pFPK;efmmW>Z@c8IJ3(dHZc zJE~U?jS;v7i`p|l59 z&HPayfu9enQQRlK0P3nxIgytWMtJ;YQJVk{LDJ>X-pr9z#b z#SB38&dE4{+^UkE$zGcjmv@YqU_z|PkN1FrG zy5zSB#7)y_K7A#o&;Cqux*T!oY4Y>S8t&Ed3i5{917rb%Pr6$UE}k;)XIR8`Kh zt_HcszR&7tOs2UDhl)ZUHCo(8#LvvO5LCM5CMeha?45ZMxNVnzzOnlTXVFjK3cUoF zGo?|aSJ`8!c7if+Ma!(0+fQ?}CC+*r6C?D^ChVsR4flS+JlK`JoTbq;X1RZQ&jH%( z3n>mo{PX`-hp>{^yd>@9<(GtY)EHnN5o>bx)gE>49o}EO)dy;7)kN#v;u(bHvS`uG zMHa)R>Xy!GS(okRNfRi!aEm{6XW=~14>q1*V!Lf#9FQh921P}r9=FLg91}eMCcy-K zj>KjbQ>!n4isIg$6T`B77eOr8IQN*1+&`PLIv5G6rX$6UlO|UP>)!4~I*xN)NcS5- zc~M=;#2elC4riS{V678{s9KpHD{22suS}pImNj%}HBySyPnl63hf^O|T+zVy`r-ol z8NAA=jmrMk#_?(PTA%qs^!$+kN%BD!`TPaWMP`9pJ(Zv%Of|5vz1amTO`mvpBOYT* zwWPW{)XLXT9HMh!bA1&qYoKgggu~eycXX zSP!p}`rnPQ$sG1G<+jFzO&Hsk9%RUHQUTDT+$x^K_e9;w+F#NFefsUVDsv<$prP1|0Donc(}WAuLZE?#AjuU9-IF^qOxz}cl_2E z_FPBA-WSkC$dN(*Zsb{;A|)C*>O!1xq&QD1?AftdFQfUv;bKU3|^<^raoRY`UJYwmX88AvoO`E&ZOXY>PGa$y*o z-1=InkH){3LGOg`|9W{xg01S*J7rjJEqaBQ#F`d)xpuzbUio;u!5pcjIsUk8~szexM3 ze1R0Flk%&ySBy%&&lztH4&&WMioL%qa=p1-uWFB(r)bxuK*9p~LL$BUb7+fy;&dRI zVc1?>^#H(+Mhi=2MZMoshWdtk3tsX|B3Vh3m;8m8bx6TLLN?>0PQ4oL1N~NBYP`XC zhNXhkhp{|qScpIXuITnYpST{aUxRN`?NjTQ%n^S!8mr&A|A^^^VlV>_y zNm@Fq+C-I_Dkl0}+YeZ#-80BHkq3QiXVe9c$A@y=jsEng*&GQGysVn1*h649Uc6Pd z84lm$6OAmLsm2R+#a9}QmxX|nLIq`AKvR<-<R<30K9__1J1^SVD)W30165Y}@Z zZSIX^^|}LO#93myfFL#r8%ClPvb$^C22+Lp-s*MfHOyvM!8&bGr$sA9vnfn9bj*eY zzR#4{n+N4$m#l);%&W+Lu6Y-^y7KG;T#K8WNW-TB0h3RGS4N$A2UD6%(m17xPJSMH zchH>04aH+}L3woUj%6A65Lw7CYRoQ{cjd8LC`rR)4vwNy1}E=u5~VqP@BcKHEk$FG z0{lxWmk11Opc>+1$usbi)<@$mP$P|A>X~x9YbM9B|R z^48_KXKEW%mIVSFd+|9`J`c~l0yRO|STS=kfjm|wD`79Q8E`G9N-%9aqC?TJk8I%M zYAOq5Cb>AA-H$$JcTZH;!-~Nov4}$&0}TnviKOIlx!G~5MiMf&roVykFkc!Mcs~Ez zn!F|ylj@%<;w%l>X5`a+XH^_E48}x#zBkYqSw3;{Vn+nF-q(Ovf&-Wa$Zt4|-3GT$ z(&xBt(#3XB@KGs=P7z9(3G*)u-S4A4XTDI%8a=%5OfZk{g9&o$;aJOnz3y9`3OVYa0Vcs{OMGL?#-iL`ye{ z)O;g7lSz~y;c5{&O)jXJg#i+j+HOGnxx5EKnT)j8o^f=U2}v|SJ0}G#2BR%LD{_RS zU>QJ`ZwBmF4OJ8Tgw&clZg|VtB|jsb9qc09Wm*kMtniqVFW|=;mP+Qh<)#%zFk;I_L1$#fM;12Eu`9(Nh^uU3?{?87p2!jZQ(J*Z!;Z)$T>-6mC{zqF1Nk=nH^l;U* zP+t~Ha1m)3_fx`^<-D+%NjZ|Ob@>(kbggp)g%@RiSG;SI(AFl>zN&CfhqAsI1bwdB*CYvDrs)IjxAb#X(5(f2 zGg32IpPaRBHtHQxqvv6Z@g2I}j}k0pag2HUA1X&~i6-<_%pJLsLSdT{&)55TP2+U2 zqmDO(>S;5?)u^dQ^E&n!{@>ZkR}!?!Y+*o?l&h~d9CLkesE_uX7}hlpCGm*Ic3m-2tRO?#A^A?Nn_e&=VreIFG8&RQ(FDnp-=iqiSAz{D5^#XMl!nxKneBng?)~FBU6HVi3olD zOjEzpb3qQ$>HsB}swZc}f-wtggyTDd4iG`J(?6U7SM5-{1+1q5MIrJ;_BtUMZvWGf zIv-bqDcuHz*eUwfKn%dmySJXmcb_K(hlE6nGT>X-&zq^^L+4pgQDAYskD?96;~#Kr z#@HI1pjXyo9UZE@X*&Fw?2J72cq-Tp1$kW1}i!z}$0M)j8s-KVWm|a50?^{hCgL&*e`z5FL$8BA_^|2Gra9 z$$#~gGy310=&Q2YOVfP#C$qx$(KplwvmI%|h*dG(gVuZcSR6Ho{n$3jjxz%|rCW-(8t>~XJB0B? z_sse!Hy5rLGmYN=Rz`e3e<#Cd#afS_MK)^R`bjU`XDS$6b6lVEW&ODQz0OkTxyVh5 ztp;fH7CX$mGUrs-3#cnMN9{~b<*f%!%`WH_Wp$;C+na?M&dwfyFf9v9^r3OJ`U7c` z)0>KGR^q_s>&5n9%ftWmH*5$i2N#S(i*ZhiC^sSHbSjH~+g70HnGv&Gv>^5tj?8dA z1*CI^k!WshbRJMZ(OzotQWzL^A%IBC?Nn8okOd<6XG+kg7zo#-P88KI>E*+`+*l7rd8M9ctjIL6b<}lRY zOwBl!0u!)?ST11grSUu=Xbli|Y~(jhJ5q49c$8V+D3ejnpH&l3;;M@GWl46@BG9@- zrAj9@9&BS@)G7lp_Ac}uWs!k+izff9i2mtrdo;IhXY}yTsrHeSWm*UFvX|}Iw(0FC z*r}=k*j;HI*H&G|gM9Hc)Zlw`;U1EYckD`L$s6A?Q4F~Ya*JUZWv_RN5avEkYC5ae zYAAh4u%-|jO6>hJ6Q2YM$RLs#%>$kTyOVYjKdEK$WHq+JYCU1MAKrSETJ*C zmW_kfhgEl;C~!640$$kIe7Lo`C4@Sy#MAyVz{2xIgfZKSY%HNEgR-vBG@P8?Jb-rN z26_0a4`A$v1m*bPXODCWiFc!+5+;6Svuwe3-j>bwES>d9T1~SIc>&+QgUs}IeK3}fP@XAphPe(8~A_ z_3!Fa>&+LpO~%do!wXOBvrEp;-tQU_;P+)Pq|4*D=zt0QL6LT$F8RUj#~lgh?(fP0 zh&<9;nN_z7!2<0QFKz=51n`#VZpP*ceLAiMwtcEjGv^$?fZq4!a>0cYF<%G!DzbTO z(eRdzv>I`CfoZWb>}3Y7E50_})chE-$8kRH6f3}+7WQcalEkg!H?ovG|GL1m1-2iS z*wF8rG-dYq|)RCg8vh`)j zM7dWVqmg#Ne9e!i2R+m;btq=sp?~HhrQA-P*nlQtH$QtAw7KyjgB$I_-777I)khoa z4xM91u`WfBiDmpB)5reND>D6#&z3c^Y*8|go+H}%lWn@pwTrwXb{rv}?x>ci$seuk ztA~x}gnfQo|2}LRPzt8z!#Jz9f?_y45DQ=5p!KrAw#jR#i|PM=_cy|t##X{(#tSfSgj01a2|=@p{vgpK)W9zJ8H8#12y}hb=D`sZ2H^mw zerrFh5N*2Eni|w|5%4yU@$-hoN>{-sGp17=8*Q!-Kr&tE^^N2v2NoB^uO(;-W=r~# z@azNHg}MgN#G?w^3=D5V?K=6~hUTOi+y=Ul*#k{t<-I`YE=qs*IIM$k>?5PFc1-Q4QTOpHyve^Ayx@(EOm0V)r4lDkIX zCQR~qq&~`S!3&q;A4K;vYnGlC7Ts*9hHB@Rj==Y|HIp3-w5$W^ZfA6pKW&Lct?&%0 zx?KZa{-l}Oo@}2q+S9o6&+{MwRd}f3N!G`L19IO&$kDZ?Egbso%#o89$OjBLiP?m9 z{(Q4$*5uPm`q1tZJAwl&EDbM;V`g~``p^t<*9iTqL9qEM-5PN$06{>$zy9k^MqrzV z5lHMI4s5}~LxwLFx6dkWe+D>B6E>TS0Ju&Ubj1eFlq4cOO@!9gXahk+0?vsoqlNu* z#{Z%Ni<;NScEbGqSC1r=TpG{dvg$xp)|wCYE@m^xr>yfz5vk`Sd(KU={EX>8Ysyn2 zw>ce}D55PE44lP>L;tk56edgVHebDbcSfi>SGF$@D*5ZC;*InJ015 z-W*?220j0CojNjgFBxmA^qk|?XsF+*9zz;=C6i|QuvQ3zCe$1| zHJzyOJM0I%`Y5TO&Yh9>oh@jHAMF~uhEPLoiIJb%u$Aw+4LBm=`%ASc*&q_&UDV;8 zf2PX;TzGvkYHIv4UX_Er$$X(34{j{kq*UF>o?Gn%WH{S<^IO#Qd_NZ}l9ry9j(2dv zLEl0~gd>;0t~dlu3!x^{N+<^4f%If+a|2(Q+o>;4eB>@|Wew|k`{5$!xeG7jm%j1% zssx}q&{)Z*y*CFCi^^yzdJ3kiJKjoG%ZC##D^f4Vlqtx^9*(k-rqPqwE~c+rQJjp~ zfV2@u+RM}giY$Kg-mzB~I2~vd^9rWIdeTb381DpEMvHVWb9`TwDyg%RGP3U~#i?bp zb*(0nZyWdotZHKT#c9n_(D1qnVLsG^#8xSfG*@3{e4f2v$%zt@$6lFS@W>-RQEBbV zx;Q};6!Ug9e=@&?=RJ9+E#cuIJBv9n?HB66c)?}Ck>Th`$%&KbGhGEOadW zguiB#lO(7>>F(HRafa3=SdDJ?dDV6sSxdW!X4OJW{BUpoenou)b3$7Ee!d1dP?3rG zip%UTWZt_rL-&+b$Y(Uf3@fn`u@h9r<1Q+<*(J$b{Z>s%epR>tYDs&q>AHKTb&HaBw-=aQ&Fw;lXEB~JAu#)P zTc@aj*?PIC#Z05f=`LKnl$)>W|6n2C%tjl6eg!9LZ{d`LC&BVDOL`PDt42*=F?K0c zm-a`jsD3~&P^UCyXdIO6!kp+4x0;;)5?heJ8eq_N+mVT+^5UeqqfrM);d3(-e}gDzjy*dyem zI=N2P$Oo{OqJ_zfYnyn^Za{;28swK#45yY#g8ha@xqu&Wg-|gEZK>d*ioIoDC6uCJ z9y1Z_PD`bbf2vG3XbsJ~Y9$~hnVsF2zix%m>sQ76%Yf}J{SUCL*aINl5Ki_6i`tdW z4_1#clL3bzJs^NMC;Dx3-cL%Z=Hk<9#_=Y}l8jftU#!RXa{04ZIhmoKo=$txxj1}m z$K&(_>$!*l!y;l~;-L-qo7t=vLZG6hkEFRiMbifY_tX|KP6~!vs69lka~ZWGlqF8N ztC=Q06(}lprB`1KeqYf|= zE!Ue8m7w@~R78Kf`8XwC0*9qP0#WkLgDhKsyRb*8{DIn~n%#Q6T%V$DL(YwQZw;uu zCZ3+(3|kbvqt#@H0={pb@HEp%n(@QqIaskx`2Deu>KRegoUhb9HV|!&_M6l>G1~WI zrRhr+r*819$O*9QaXS_RC?|H^r$-&F?vrY{Xbc1p)U`5e-vmf-KaK@2KNqPH9x-G; zT9?(6NLuj-9^=Wextn_=w>Vt#Mg-XR8Za3CX)u))oQ|BW!rCoeBjP9>ywhbsBkquMee)@xTmVnBI%^$SrWIs%l5CUL zIZ`e?o|}YANi}|rJa}RR&D(@1@6XHq+X&|gS;VHjPim-j>icvn9)xe#d&i{{gu|JtXZ_nL zW0FxzH0#2WrcqU&_WXwZHBe)a^!{~6GIO6?Q7X|y0)Ps zO?&<4F!6{S(fBs5kpoWD60lXmvuBy`oFjnr8-y8+g4QBwFxx<5SG!{ysft$( zNep6-_~-UvoDoD+RyD+q36sm*T1?R*@!mFIy=n1sU>?Z-yLY{lT&MFxjcK7As+DJ# zc>Aw#(}Pu}Yg3+-V?fv`7s9;>q4cz$M{eGaACq$RxSirNE2QM+E(nO0pvdKX2fKE7 zTDZZ(T`iJpsKWHVyP&e@r*DHU&`pLbV_r0?W3Aujo?-r+%1Z%n^)qZuEdImF=p*|o zwEYMKVJM4r1r2(`gY`Jm+AruSyO=(A@Y>_vnDlDb)kZ9P{=x{Fmw*d(;*K%g(&Hfv zNEuYAq`NZ6|MTQD)nO?Un|79%f;n-j!PNuJH(_nGIoDutY?MWh2{Wt(Pm-#Y>hc0> zm=R`FEH@d;ZM{E-H&Z;{;kDL$jo%+I!VHF}Swy%)Sci~=Ei1Z@gN)XaF*h+M^2<@V z5bizajP+d&i^dneHeQaP@2vUXF<%V=H{gqIUjG)x99QDg#ym%wm`JPpuCWM;f)xuo+ERv3o`GuTGnCP@QHLBVZ=WzASk~SJg1R7?6uCvR&fe*!Zfm zCH%f@?9XMk;f{2U_?kG3tdbooS)C(>GnaEnAU?@0_%u-A}x`sC>`=>Ah*!7HEb?U&%avx@0-ewgyi9Ud6wf{Kd~(SH`h9AHP_ zYlvqu0_Ywd{%hXsRuu4ggw)iEW}6cB+`5x-a%ko~s2#ml2JDM& z35mXOmJrvjrGwzrcOU{Sjjo_ezk?ooe(qAiM|GAE zeQ+dZ01)cp45s6`Qc)jXpo*f^$VyNP;5GlZxPzROS4pAJ4pIO!dor6lX54KRcCX8h zFlMZju=(YSTejUBd|&-!o8x7Q5~MO@-RRA2M=L=R-e$yvmRj9u4vyBowJ&irNS|dy zW;>9ySqLK@y23+Z{24{q66F>G!XJ{Gbhj8dguX%uGs;e_j(>00# zC(%()=#-ZlJ@)6++o295jZOFLd&PFEN^#^X_f`i+62*p=RNk@Pma>%8+KycK5yM-H zf8N$S+sq;KLiNT>1bE5s!6w6S{(8MGqOC^Uyv|nISt1WBm4yT;LoVQSJB(*deYAm zg;cmB$@I9Z3q_uJf0a}Gpal0*b#=w?P&!=A^_CHwiAgG&6WSZkk2z2X2^N+lk|lpI(Q0wi%4_$omXELgKF(f$k@fPYZ&)GGBvX$1;a3qS1Dn?eeGkKKxweZVqi<L=L^n%xvPoP?G+4O*5}BPqn%a9WA0#aPmI$vP${ zMWQ6MLfJ5Dg;^NI%wc8q^RK18sN4qwKOGCE_9U_J&2oC;0IhsO1flw4xqmGdCwxpo zsa=A#Ej$z5Z-6c43k5oH(PQxPQ&(2N7m3H_s-?ds!KG}99l6`B@w32LN8&M>3ja(O^?zFAZav8QKvm))dYJ3#SDmQ)`Z0k`T6E_ zU9pm|mMu~Iiq%qor1H^jNuqFKvMCbiFwGgdYT#08{aE+l5iW84vfZM<2mr$8V+~QP ziy-bAoyAWb0dD_ctJ4ay$t6yT7dcEKjJcFI01J{_VRh4pJN6+*5c3tM!gcT%mMmjrS9^`EPwU(e-Yc` zxff^&qkatV9#_T$M}@t!UdB3Qe1*o{BDSgT15NX6vgqs0X|-FKbjUgxznih|)%0~$~m zZMSl$#xhavS>$+#P5=L0q@xNCpo{m7xDeE_i*n>u7&Kg%%R0HX>(nv=)H%8_qlLN=!E$+H3;w^=Nty>FcRTkPxg=TaP(}Wg0Hkm2HonMNYzP z#w0Ip68@cMeD@s!((d*;sLjueLEAf=6j=P#)AvCe36$ z?g$g(C5esLDwtS}gMx7WRLGBL3Y&+9mW9$R*94P9X4kP)u~AuX9*%{40t?g+Xm_qw zR_ydqc^muhW9o-@D%)_>L9sbb3V7ZhhGuhX37lMPD5=Qp45jO|F9l&RmqLwXsUC~e z|EipHU}h`KsR!<+#x-PA6I0)Nk35523w0yuj1aN}vyxX-UdF#4WLBEEu`gWqYf|U2 zUFcSVi<`BaNo2PoA)fhmG5_`0qtnQ^-B6P9!y174Bvm|S8fT3-JoIb%a?36i@VWSN zG1>6|YD3+6Wla|UPfNV1ljz#Dn1CBB*uWXY#bSIEl+hJa4M%9bDxu`O4ck3K`Yg4b zq|LHXHH2C1yd2QZIzeGyC5q#(#X(3xYW!~td>1#N4zPxI?*X&i>G&!4S}xs@mAAut zC)FpI4uwGLo{GtLdGC}Az`8doE0Z}vXziyWQ4nxrM$YN0bH$9`2XV>8xTu_l?_AR@ zn6C@J04BLog3wcjT4!RaEH~+BDV%SL5_kVs{=QEU>*N%{-p1gd7O#PelNGaI0b6U@ z)`H}RXs`KEPDecI)oY7h-hsG|UPF(wRMMkAhm(@|%Yq+I<@|Nv7~P}xv$jzRQK}a! zvV`UA=tWR}nFW77dgw!-*Uo>vM`1dBZg6tAbS1E^8&`YNVdicbwXxb+Rok#d;Dc7npNc!0-2U&(tM zn39s6+1s?A@t#|R0UYw$HQ471it{4*DEpwH*A2x{l}a2Uxq0i@Rwg-p#T_zApo|yh zz!9KU3L8_;=H^_yHQgVXdr^4aqSGgb50vTiNBq)kR=bO~t}6z_ugXRa}z%2aL?pgVW1K@z6Rnj57<(!_;7 zY?Lu>R=7}uC~xp=r@r3kWRgSDz~XhgaboXjMk;&x`aT33Imml1meH{i*UXL$q5`AP zhF)un!E|IAx7(&S5g@IzIH^;%$ z|Gue#XvD^2*`31n3-c04Fg-ZC5Su%*XWgR$R5~UKTXn5ZlS9DG`ngEZjaieg&k-Ag zn5=l4@@C`|gSNL32DC-lnz^Hxc<;ykJ27V;yS7p{aiATWZJxF`rcu3V*pd?4$fGc<{Y6k81O*rsVoc;w#!R198MX+3FNHHc$&u;8bwnKrWC3 zLjfEE!I(?R;BNGeCKixBK{Yc6vAhI0EG?L$`$Mf4rQ0M*JW zHi*hnOGAsoAwFwBZ8%HJ7M@IVKdsbC;Sq+4jX-;1)07$|!MNs6w0TKL*z1+6?)WJNE3w|E!k87-rxU5ev|%Di*v-Y5oJvy-H9@ApQn`L?u3SBSi}%Mm4Q$$Wq-78% z&bVV!X~C2PRtn|4XVS8V28vwsU|j;%mvOIW6(==4g&F|u|Eu0);M@<+?!AMcS9W+0 zm~Uu`hgH4B%z)M1J%*e0B}nj+9yIZog9Ud}+XU=71=T-GevA6VBQ{BYrGSNjE z%8+7{qsl&%ufoD;idU^e9~FrPUVpvO%>?(m*Ao`|;+s^%fA z-8D~$o6=F?+@ppW`K*tKGzYbhQ@qN$N0#5U>ZDn1)+z<&C6K0fK)H<>KcRHxfP<=R zElI#8_&w92KKwbU#vhAK<-b!8^tWB|kl$Qc*j73Qp!KtK3_<4JfK#%lnhXI1R-z>g z{Bm`+MzX6H>}1YSG1^6qPLEGo26YmFePjM_b0rdn`B?m7+>EL%^iQ&ba7Q2MxTu@+ zVZMB9t&kgI7aZHZpGgtO5~h3bPY)U!QI^?guQM%pqwtj4OFSt5?T;++o^d^!#J>0h zkYZH${0oWQV9w+FEr)Zuogqd%Q8Y-GPX)c1IJ#PkAUxIyFGizsMzbU(ATsS!io#dS zEb;hnm^o{|JW@Z3EQF3u0}AWgmrxF(P(7`M$dyY0C2Y9j@1jpJD0V9MIMJU+>3-0m zU4mW9*hGo76!nh4M;oVk8Gs%VS-$FN?|b%)h4onis#W15B{CSP6nAi)Dd*#Hj(ihz z9bh}~@?`QnL9kd)91qOVGiLD!))yMO8IuKEYsnVxF3k=2RR0urG_5FAKcX7kj`>*e z))p~WCkQ*OvzfG9=@)SAXkkz`V_o5PA}&)FolvD=XjgzJPAOA{(d6pO^J%5Q{c^J_u`KUMj6|aA3`iW(2NSJ%s*~Fr9vZ7r zx)=CLR_*7-sS0yc2ttT8vOwIreynCr*+bn3^7V2V7lGobr{JD*+e951m|Vf5e=)^K zA>P_&a-W@)U*D~WIj)v{1Y=Kt6_F`^|9Eu4(h}?=NsW1Zrh`|#etXt(F#Sb#3L`1351eKAi%`X-q0_GqQ2Uk+0m7f=I^4u1 ziJwNtnj)5MR21w0*^K9-t{iItXtRU|wR7gykOjq;Noxn~DPym%w6g(+o0a^kH|8xT zt#`8`^{EU40zQOs^a)1-Zt_Dm{=({~R(d8O8T@dZ%aq%w=0*v2d;qVFsYlV0^5X^J z2FOIIToeJ~9g1!lvtxaWQ96fY60f-N0lN~ZjkC?V9OcSpC4V~FZy*+{<2w$3NHTmP zVG?W~<@t~Hr(|t+Mi9YQsB2+*@SK%FpnQ+#fGYw-ZUqxhs%U0?{7XN~4 zG`DS7>n7QbTnEGH0&+K8(bg0j{r7`vcdEH%)gMQ^IBUGEhjmfJwj|~OR>lX!UetYDP~vdg>In->7Q?M>#p`(cO9=2w2IpNRF;!>V>d(~^O2L@O$i7%9Hn z#A-#J?i2H)wOhjkHl`(SlErbYa(snAZ-Y4KLE(N3DV)LyqA z_fh^ZR5TWvVb1{rpKRbSPN$}?WN7=qd3q6b*_JhKXYk;A7=^xIOaNT;=k|#Ur z`2WQT01ZI$zf@#D8;G*4_+s21S2X;1_-OB>RKmyv(zHsCG18B-(mf8kJ`3Xq80jrSJS>>)PFD;&Pfn6`3F7ch~BDzcsoG4*TSNEwamkv*I z3yE(k?~F1OAmMg?Xivt)w67A3LKe@;JAw)kqWTCJ`mcx zH5;Z+{w%maizR;RP>)U8BD>)+EXx`yDnxp`1%3DefA;j_Z_wJ6b0kLD!5fTj7+TOH zz8ZQ0BzMugFrE0bzjZ|~WhQz@_+;wP$YjGe(`O1A=|IQk0?GJO$9 zKV4ysKDa$6anN3n?yC#VTmrJ*8O3q<1fNB^Sn6cdSO1vNNCN1-db`>9tkVuufq8Wq zIVaHAFB4&lEevzS;=-f5dOsN4qU*%A#7e2Jz!Xl>rN(hi4=n=$#0ycZc$#D2`C^2- zgL^N%?{Vbni<%Y=G-vx~Fg*wtDy?NkV#9-{fz^42NND7W?0?IKGBGS+0o~LE945|p z*V97K>g3N_eZ*&YH2RIx#wF(#={3SO^$l-kZoUL61dQ|m-au?j>wWf3Kv4_mx~(!8 zjLgcqG$Qg%YoDD{XhrGH@m&>)ZxXwL0jp`M6O#mO#$d`x&WwdGaokRRocH+6wF3+Z z1Eyqg3OWE+T++^r3L9H6nv_bQUrv3!EefE)cWOx^*bbxo%yyOksj$_DYO`RI+vs^) zZ4trSXw#9c8H;3Wb?w4qrc4l7qIrV-LJqShEQ-sFd2ti20e=mdeeaOyt6uC?tU&V4QiY*Gs0gif^c7->ajnVa zd6{eH2>V++2K}3ETE&vfX)kcBJtN!wGx^Itga^dRZ==&&HG@C7uIVs&9Y#yd1`VID zuSmN^VP@fYXEV6X!?+N)Y0AktvxHq>IZb|n#ei2884oo@0FFgYK#d^S1^|i}{wZM; zej~rA80kefs&C1~7+|To!%IV*qZ3)mX?QkDNa=N-&UW5|abrYs+3xjF)67VDV>zNNH4m6Iv zj*el*@KM!mP4eN<6=yXP0nq1;PF?>9$UI85;GXbdE3Y-GIH(=E^C>7gb_5FEHGGa< zffx3S#tx3QhB0}ft@M9AR_6T?ap#~zl*%6C)t5urFE{F=P zgpiDGAlQqS7EjLq`1R=acL`F1*Sggt(zo(`N*=W09b|L*&as1q$kILlF>F%(d)!7} zSTUa%maJ$%P~AflaPOgZKz(ZWw!~#Y23wwx_58z;J-0#=*Gunr3(#V1!<|R30n~xQ z@3y_)$uX=%n#0#*z}h5@Q<0tnN$7nKEK92Go1HdkG8s5c3fa{w0Ma-@En1$D8IdNi{^!K>~xztKf`_enm;`)P<+ zY~Qt5Le%XcTPW{5J3#$kP<9AH71ZoHCk2x1klIg4V%8fy&sUh+oI`{AXGC6vW%Q^o z{Y#qT?A!0{yX~shASg^Df8fiGE z17$*kBI#N|L~`8Tkwx@e+OnGGY=CH;&suSz@`T0%%fp$L%>#G?|{d`S5mhD%KxUpCEMQIjcc@ zZ8?10W_Z+Kf)^8Y;o>SZK>|E*X6Uf=3Cj<)V@JQ%VhqLwlyCDBhaTq(1_t(?LAa3B zP_pxJy*zxBc@~|HV0IlDwcVTHzOi)Cfg_lc~ zg(E%LEml0$UztSiDCEBkV`_TmhomK&iEZVvv5NvbZOMT}FEZ=GcZ)hLL198PG$$|m zXE+fqI*oU*L$xn9VPkbeZEG&BA2TszXPAA$QGPn@{QxFd}FGXC&AlDZ#3hDNhT%9LCt>gneap8}v6>t(R1 zIV#|kFe>4=uG219+Sc-=8@6MA>>^f#m4je(RQa5XbPh}?jV=%Dp-Khkvr-8R)C_*3 zx$P^%YoJzjWGs9EWbah6lL@ViuOI*+W;9soPLKV~9jRG*I*wHLkwOp;x+6#A zPchTp9UtOss2U>b!R8c&|4U=C{CDZm2i@j8LSX8Ci(!7Ed!}?6_5Qw{Mkk| z&oLR(5yfce59KbNGo!k@#lof{Y+P@=5Ed=?t|2H%!J@@h_ub1^Z({WAWQgAz0QaB* zwWwOnwtbuu>8?TvkUEdoI4rZ(dr95=+8WB z@RKWVTVK60zdI+Doy89`MOEGE;tfYC@Pvzbjn;QbeganvDu6P@gQ|BT99xd8FKbKHE4OF|ch zJ9~E5d#3ZL1VMnsIHg`O{QUasl-sgObAYzmC51KF5~*5$C*$nyuFVd2jHekIJ?f3T z^qepifR&=Sc^)#?PQ6H>wzjv$&lTzx8&WpAwz<&N9m&eG%dnL1strs({=F&IaE?bO zj>`K&%Z94DFF-PW%g6yXVV1L&Rx8+Fi~tvMK*LGMNMZ7H8}Fcc26RjZ{DjQE9)23o z{UIMOg8LfzQTf7D04G8V7hJi03%$ggN9Ei;nsmZ@=@?kFGUiU(je>kD0ng*|Iy9d@k%OfC@;i7c3)E?luM z5`@T2O~N6#_ZOWNNA>zSBejEMIxEE{C4Q!KkP?Bkl<;= z@o=eJmf4&0VzdOzs%=f(mbR}&ybBZ@-FHkrnwj(HbC!Qp!LhcDo$HPSUS=XXgJ=#D znMMZX~I@m$fNOq8bcOsL5pc9M|fSmT0=~F+FM4L8NusdUv%aaJVa+^M5l1ZCxjGP z1MqneitJ!vDN0x3+fRX=ANv52*FGrJAy|YpjT(Ig$^0Fk`2^=G^r-VYI!z;o2~)Rq ziw{`%*N5Tu`_LgvNXvYmNoquuH?q)OSSoJd8&llhj9i0UWCUaH#ItwbH7n1fVs_D) zXea!Ko25d=yVEO#TL__zmeiR;9R-fu)Y=@wWZkW|?RB~aZ8H;G< z?$@^Ri@^D~htW+JZ#kT_j&bpki%?(qBTsgH*9Jgz(;H`GgMPtHf3h)cxufIaB6B5w zni+Kn{27Uar@rmSbSC5({b673FN6bR_)I66M?4bhI5JlFp zdn5lfm&dS=7S6rtui*ZPbSPl$ME-;J=mt1<{hI#a3GuZ&-WZu=Zr(`Wh`=`>tPIIl zG75_ff~We8R0wcj=_M9)e`7k1h2N<2xZTe0$V-A3rl)XywVL6V``DznCS{hiZcuYzdX~QUN@cA7o!FxZ+fJB{#)Kvc(WA56q)o zz+d}de=k!OU9Vlp+y$G30ncLggUJKL%U<^d;YrVyC2I(MD2eQl1#hI2Iq0{k5rU9T?Yv7II78gqu zd!_v?iwW!VA?t#J(?|MmSr$-e*bc*}r+ z`Q-;qTz=#lx{VzbN2R7(aniWmpQ4zay8sQIcYJ?sS$(Ttj5pW#oe+0JPRTj~@bf?z`u zzIBHUaC9WRb+ZZ#BjO!xB80^;xWAwp|7ZZ_&ohFhyZx8vnB5{@qJ82R*qH0dcju_$ z^1yfO`0H1x7$?pfOV~-&!~_AGC68}l`2Y7052vios|^c6p2>r9-E4;_$`h?E3e%e% z$=!Zo{`75uh|uEtcq1V}$;Vuqll6Q#k=$pG_p8xp{@jyWtN~{2H|#|w? z7(mR9&c2BNP`hAU_*!H*KleZdli)35*XolZ*(#zo^ z1Rf*;PO3IMh@nV3wq;vpn(JZ=${E)KN4}r4bB8fZQPV)a+3Z%yDyy-IG*vRY`t3#fzbv)_mhZfmd9Z-NmANyI zkWq~I$3p}vbn;?-C&*BT!a z?)rz-LuJt0)_!ffAP}7+R$?mospuZ%`=)s%u%+7k_1eu^x6z~FS^ch%^y{AS+)TKl zFR1SGp*HS{*Js=9x=dh<_1Lbk$33H*t66G*WF+Naup~R=Ffzr=Jxe`l2{Yu@Hz8G# z9U~dfh>&&zm3`#cGBrhq5PkpXUjMzgm97sukwO~+HIaP5GQjsaoS6-N@0_RJXpoR{ z__ghP0ym}Ff%in8e}G3o9Hk{;d&D=X6C=y8UOkM=@S zm^8kOVlfd)n+ojuJWF>(#P0BvYBO5dv0%sb%hA@^wSmUn4>1{xd*s-kx93NSo&9PgXn!%;0q z#ND>DpQugM{+^%@*W%)^i!hdEVe6x20vIjrnZ7B%cSbCzs%SPI{iH+< zO&+^9{$!7iK`!<236xENqJ4I`JBT3uBk{8`+NZ7lCj<>+rr>tmLCkgI=_EoU#8giq zG#wWyY%k#!X0%1g2V)AkWRSNtA`uD4(!yMh2roKuA{#FS{V~WJR1XTWa#hw2`wzQb zTQf!-H81(?FcYl#80KONFC1Vj^KzT_aP$I}n6S1n8Uqg%X*|tZz%FylqWM^$jVi>f zU(s&#IoCoOMv=QR4yi-zElxKz{KXu?X)y|+5<-=?#T+-fk{$1+gi|LWBLFJ<4g3f zN6Lq5(U57DiFkL?gD7v~4?)xU1k=zcv zDh^2y$r^o-j}>xIuzuq^S_qS@;nzqK>WTh^KC($1b73g3&k4SN`}5G@uZ65O#$jc; z#xqT2`!HYDn#w#*&kK@zX1f=3|J(TrX&7~H`AeC3*}@B4hZ6)tnxWzvj07Clcbrr; zN)7_0`_V}nt8_X#D6fxH`lJ6+3+pi~P81*6R;;{XmsRWpY%_0=RIB!D<5&tp(2a1PT zidd?6)T<#9c|f7WJQ_*aL|I$rw|MHBI!YRDts^q#qaF*Z_JgNbIoTnOmW@>&Q_??s zWt(L$De7NSz?mG?&?#r-4;Y^4gIG>KwrvXzVj&{B^W#N?cg(i#_LGN?aZsIwOHW&0WTc==gA)uAXwhSS2*})XrjaJ3?k-+k+=^!F4-BymhI-*1_0wxR& zIdTJ5xGds$Eg;ZyH00`s8Ih?1!C--yvRb-r@QV)c$$_#9<3@kG&^w8aiTL^v`zlei1K+E6`1stxhL8BDq!JzlxAws6w&_z(=C)$=X2LrA#_f zpjaW+>=oV}mz47_Yf?uzKi1=$T&tofS@dNvQfA)n!+Qe`KiP^67P57sPhqhb7qIq2 zt838VGHMHE@FVxx<`%c9p9Y`a<&6_Ex*7BK)jlSYYaj`<*Z+0zJg5I zJ}JBBK^3*IAV9f=>B-48aj0Fp$bIwdzf&4C{DT0!a&Z=RmuL8D(b8`fe73-qV6KEC zvT;UdKl3Xfv?m#JitleA$I@@2B;mkDlm**fdWPdki1i6J+qht~omQ1p3|2tzh+<(C z>T@)V)t%4G;p#wdtQ7UoXNxu|z087u3up&t>;*l>mptpi8LoyW&sXM{;2n5?2nCH7 zM7IU@I30I|GH{7ulcHKdH^K5?&0EIsa6&0E@NpmX?U*wUoA<;ONHz>!)PhHzLF%Im zN5*EvQ`UF2!C$N7?|oGDWB`gtb^bRK%>N#4;edHrQb7?KN$bGfjpa3t#_Z`F$FIH1 zGKyG4K6KS%cxoNksd&UuDi(D4ML)X9h`iPIom(}xi|(Xjj%KpCNdg@@1~k2jQOK>_*m-GQlWcx?)cTX zd_S8x=?MI()*s6-hk$FJIrqcP8Gwha-t)FkuMk;^eo?!@cNj zETyduNXGb_om{_X0E`%qmGV-A-V@*HuN*gc)NFzrboyq57ptT=fhYt`7%kno`zm)K3)z=B{H^$1nxBrvOlrm*WPC;->ScD>d$|c@S1bpTf4d z1~r^5)u|&=+RFeyK)=72PCm$?ua(F$=K75|mAY}uJ?2H6ULh?uM&0f_>dg8G{Mk0N z-NH0Pm^Cz~#V`)_aM0df+~uGDX3WgXWJUu$d%=Dq;?x23sqDr%d=yE{ zbh0Nq%XYGpQ17mE;xe}%i$hQLlL7}^?B+4PK*xj0cw7c}s3XC>S#fl~g>1!LaLMLx z)$-xpe{@4ap|B`_-1l>jk|ttcI$ZKuypDBRvmiRPP?%U!NEUCiPjIkakL;pp z?}m{%IpGB9mCJSO`lBVw=gyq~Rdia@jwl&zbiaF)L3d2k_G<|`(j&6ZQvRaCCk&&3 zm^Q(GHs+#;V3jE6NK|Q)d(%GU9|ZzhXlSuE-l>xWXp_?h4>L?!;3f2}b@NQqQ~2$t zMK7?F(hN%^VEesm|L?xonfJwolb$A5?SG0r5YKKBige)2d4MdFK-YK@QkH&!{uq>O zKS|^@3?jgv+6|v2%y_S<39|nmF$M`Sd7s&-V5{P$4lOVuu%&CQsvQlUx5_$E=+8xk z*SbN(MuO~Gb?Pb;9$UUN2r=ewQ)q6M3jI#)V z2YHRV_K@qIPv&IJNT))DkSt^A_>ehce3izh`|95rT0`o9Oc1xGv6`7j)zI12L!-JK zpfdH0oKqWw2!~6JmZ=m`-?p@3R3SXADf)<3lJ`SGJM&#N{q&Gr zSlV%mVp*kJ)wa8S7Z@EnI6FW13sqQsg7{JBTR{(k>aMS%=bJmWL8siYQEIAwdAohF z3$IrC7Y1!-W+L9Qs+Dmx(HGg%%$=O2uRI%Qcx;b&7oW+F=7Wab^ix(Sj(9v4YFpAu#!- zV$f)s&MaS0qXnm-P7%szFsvgXa4F8I?GWEH5v)-YOSoE@_E?-uEdBED|Mk2mHTcgN z9-O}%8ftlW(Y(G(eTMT?`=nUSc>)B}zEVHP)Y!tfW`KLgMG}w06k@HD_3DDA>UHqU z;v5|;&Q4SxD0MFaP%*hr5XG2V=o6@+(t@-n9i{Y#&o!QE-*Tj27{aA>obNdP`Ey{k=>s$;U^<@zK{OIKPsHPx7V<4r9lmSwB$!*%)RG!+i!7AD=zMnPiKMZ0 z)+J#U8nuORn5dgV*S@9s#Rmi_g?2qo*TIf1ec5RUp1)9j?X=?fGx z65_38t}vW4us@m#nnVxJ-7C`=2Q1UYLgu>YKP%7~iKOy`tT)8{^34NR3TBS|oMMa( zA*g%%Js}9!cB{|9b*tL*FCc>gP4;T(%?5$zFGxWo=NTcZqZuaiNG-A&vC>MJm#?-P zAxN{Q`v{Z8qe}m6i09$m&e^Wsh578+VIIe$*Gi<@YsssU$JT1-Kk-CKx2^6E+`mlr za}iun46I#(SUnT%CWXz*T?N4yeft^g2(iM}BRTuD>F9du1zam>3D;#B3SH3|4|tH4 z#@&|I+)}EWB1{cpPO3TQupmI=Ebydl!h+0{+Es@(WM9j>-F@4UELnT#gcm*{ApTj^ zzsq2h&;wmWdN_JlF>&*yoaEbbj|+-X|GYH3g7?|e018}T*q<$Wy|<$wu%kJEcW9gZ zeF^p$2FFqjvWYeti&XHI$FxIEX!q%!4S2fC3gKF}2lRw=nShvsSy2lpR7$S_Y$+%) z#t3+Xh7*g;0+6=yv8lXt+D7kYa)Lo+zv0-(0iZXY!W}R33U@D)S5*Wffa9T zaJ#JkaF3*6=0+u9Ti>JmY$(_B4tvgui*hH0ZA8z_bj~{40MU9LLv>fANksD(4tsns ziDedoCk=8x{S-b2OgqT>ywA+6c8!aI7gu;7vyzh$_rkBH(AFa2D}j>#y*jCZKVfoD z0n2zv;}`A}rMO~$Qw9#gmYGx~PnJS6QJ@Vayh;-Ka%9b1oChELM7H#5%2xVPuI05Z zfqSeewxAIplkKpF;@Yc8!!o_T0jFZMyzR50a=I1H+S^*W(#XKAjei8N)g)uS0xB4~ zPHejytJtl@vgn#vc|@;TcfE0T$+7#<}EFh2@X{NYOSz50o7D!s}PCwL5Mo%9A^9Ez(p&8wNj9+ zk1iTq6zman5LoDuNR8~*Uz*3U9OzvIgtClm)_tpoFCQ=i9V!^cdm8$q+T$vc*6H1% z_OYN$s}2XGsnjs_By`hPJ@=?hgL7<#zTJ2XY@Kl!`DW*n5YPy?568`4wu#CdWS+89 zlj2+UwOZ?{WRdw|-zx?4?2BCsHh$T;`N(I|g_Rf%{J9 z!)@f)a=ryD+PEpbDgP$`BCrrMyR;rnt@bsTUcF&oiVzP35pvnJE+>dmlq$)>eTvVB ztrz!bOmGNl@=Q{65$Ma9p!phU2LmHalG@mPHHPhPQdD}-Q|6!(hK187*t{ALc~>hR zQy+mQ%c_f;{&cO-@J|%#zzoM&7|mn_Wm+CsIPqM!(5sUX&}W#-6ipUcJ47RQGu9yk&ktR>~Uw?+p|fV|ioV8Re+;qV1j+ zuM6Y`p8L~e0uLOuU}U%p)3|y{QA@@%la1h!A3c>Cm%rWF$dcR0X_@&2q1Ecm-j;a* zNBrSq6@%h4jgWrgVSnwBq`>q(CRG9p@WPdE1OSo8ZLO=E_Ef2?XueHD#;@Lk_^oh( z3@d|fs{g(F|8mWOqW%*XZKna0XXG==A{Ndyg4amj!hsq2x`6I@7)aR;3jqKp8uKLZF{~4e)-5-_tP?-pwJo@6 z)9I@#)F!+=Xt|9RG11a=8-z3ic9R|JHmkZN^aGUDMGvjKq}?Q%uBM$A8g?YMkXRP$C*Y03*|-%%shcIV`8dLcAnpi|(Pe@e~y!th!)!2+hnb6u0vnclwr;J}`P z@v7ZIcC8~(Htq(Ik)oCZgdPt{)g(NHTQA}*Itjah+Me?3t0>tfaKDvb`9Q?$?WNa@ zu@zkohx)S{8*7G4EByuYTRM(AB0o+s7Lf@gP085G%XcHh?-aaxJ_He&C8+vDOsKE5 zGXL)~VBd^hyN4*AB2LjIZG~}YqQBV7po)|2G)n{wvjNZ@0S&DdZt{+7R0*|~5@Wwp zXuW0L0VAHT8obb&auIio2PH^vKyhmXVX18kJp}20?835={J8YD%e|I7+&EML#?A&L z@Op2=<6ss9KDFL*qQEUsrPW5l`9x013mnQjdH0Ca?XSrv^M-LpM3gp#YV%^q!d-by zlHI|f+)f{|0@`8TuA&HO{tH1JRC6i5?{{xPE|if39S^}b=%Fi&cq;Az1&(4ATK%Oo z)bmeQkSl>3l17s*g6Gan4QjsKSwB*&Fry62uc_i6ILi4qFpO|i%_Kps`4z110)O9h zl4)ILp+q|_bemAU5*0zHi02C(-Aa9_RYbEr!NRBCn5KgCj8Ba$hz%PjEqyPwnre)= z$|j2ik?P!Z6`@=NY4rociOse`9qMJHxjbtF2bg z@K&6u!FCAZSL?tzB}mBoH8*Bj$)-uyMM#YN(M8+U_v|D>N1Yfvq5F-Ka(hpGqWmY4bWIY-?RRIxTva3!3Dx^(b$~G)q%%80!t)NZlIUV+h^9NyS ztNj#FGMjL#1BXaCt_v7!+&b`R&exR~KEGg3^{=!WpjEFTXhHk^Y!8E_3FA|`h+*ml zC|3mPoz*)!<^6*iy{TzwBqp;?P!qIG+~}xYVc$80SZ;Rgzm}p3PM=uiqt&6HS&sMr zV*~h(@va_4-2XpAz=&FSdTXqP(X=v!;r8n6x0)$%jX@$g$qSB{41?Od)u(#%&%jk} zaB7$o+7?W89%gfOi9T0pVmUxH=k803+ z2@a)Lqd6lNpe_-735gJoplyelI5>Oh(;|3p2mKLML9md=D(ZndOb>buO_6Xd7eQj- z_D_Efw1~iY|4DG`S~v-$L>78E3SVu*+Ve0TUY>>`g*ZIg9N zVl9FCBpJ#io2dua?`ndJS6CP5)6*(>Y=GMDeIBg09w&oB-ZqIw4H{sfD-jNAl4aKp zejr=FG|?q5G!Di{U>l)n+wk*;@^V^Ji-pRqdmQnGU4Oj0p(Q^n;0|cbcA6T|n5v+# z<+en=*_=PRa)-?kJVfE&_jqt;!6FOkz7E1;=K3`K>G6;TH!J-y(!J$X|C0D$!OU2eh9!9l2-CBWz zC?_czl+qb4-Hf64QwuUg+Sm71`}5)^^fhoVEM4KgG*( zTW$4#O8zM~wZt8#(MiDstxiuct{T34@GzkW&q&4zHkYehkFV)W;v5@qupT?wiV5X? zd>V)N01q~`C)7+?wIazSzwy(cQ~$sPDBzEeo32np{Wm9PVXK|Ucigz+@|)hh77>*bV?uc`bKIsTU8Qb z!X)G|80#svIJBqW8m31%P=Gb6MZ_O}UsAEUiXkN&*Z;`TK&as6IEGt)&BU~8j;zvK zO-5BPA?Bm?>dOd{bwGfk_PJQ6f-UL&9TcB#3Kddu{l59ey?3)$yr59V>sfw1_7@>! zcfz5Og9{;=6DW$HO7L@i1_A;8^-C6G3; z_SFmih;(4u*fV>ORfqI?9Vw-d0l?1UwIIr)P`WxgfN2DUoe|KPQZAZU;6$bY4WuS5 zVF{MRhE_{FV_TV93jyy&+nnYewxd2!It?@^S)e6aNHb@TP7QBfow=)ZN&{12@ej=J zFKPrQ@#Z~cH6{0jB--zQ)U2LHnQ1jPBCqEBX+>G0$HMag?tc97z3Yom&d6<=;`4pU zCD)a)(PW*AAbMGW1Dk-Xmd-v32`&J@H0~g|c(~lpYvf<}HpRZ8x7xNYeT{B*%0lpv(g&$6fTWrLid3Xe zjwaQy9?Ck!Q#DUik&>2ytU;s#=YD+e>ZFX?!#-Z(0SX4WNAc{&5Iz&|n3{xF_00Kr zp&7u}J?^c)*}Bf+m+x=M82tbxY~$EvP`8;uUYA*}*%Y2>+{b$9@80r@mk zB8&q(a+2eP;^{LbDF9KpC}{i;X+@dYRS6ywIIg0)L4%6z2iO$Z56&MQbKSdjr34Nu zb1M?MgGw0ch=7V|Z`nq!gkltdwtKD;vBrC|7Ciaclkjz60_H7T?S*PBMMa>Yn^!+A z?UIxJOl?_}hFe&CD}PxN80=BrS3b6z?5nkZf+J18NDop1@n^wbCb%}KayPa_A;LN3 zM$C(P%`#^`%ZlY>jc3yJkIOZVG5$oiVYDpj-&a9U$QMS+u8Gm` z?};(1uF<~8$O^$f0g_3-PziuWVxRumX?t@u)BxA*hs!vEfl^BptkJ&BZa>AZ z8bdV?sY;$>%(K03MOS#O$5$ZoDz9?Q+@4g z#XuA+jKhHYB9?l{0og^&doBgyB)w&UA>FLvry6cUb7`DdN^9rQK<5lk6)JP}MQ@}B z(y^I-a#Zz$-I?tUNXor=mjD#BHENAZ@PD|AG(mv~>5q5WH_NXU(OZepMGMHBqAq;S zaYTsQ{)@79S&ZU>$>>TGO{e9{O4i{;kf0$3PXe4iGL9P<{oTsk#!K-TzB(*T?Ds2-8>`>uyJ{5>t`=j-hncI%zIxl*1g7s=MnS)#l9nZQu3ps_e6(1EpW1JD zCY8Qyk{7HdtLe2EV~eajcmt@BR#s{AO-gh^m>2SX5TnAjN)wOi5E)lM+;fcNkglj7 zN_OjEKwCdPhKDzFQ( zOyh52?x`_5$`1B!vSoaEq;;37Y?vEiSf1%h)3N(J+rXXP^6ZPdhs>n_+HzDXhOvuf>#|FOS>AIeI+Z|Lqoe0VPdZ2`0t8xqM6(hK&iSzZOsZR%6cS~P zRzoXA%QjO&b=p;-s0JvSY-lb011IJ0HIjN{B(+dBavY}QnbV`w-)Xr!bhRTmzhgL} zcj>bqggVDk1CiMrT`r?YYW-VgaE$DsO~*UaF7TlaOtFqwDtT3+`>Fp2r-Wf;_g*nP zTv-}D89oQW?Vu}D3vKvOIIw~!dEQg{-*Q-=bxihL{xwCzX+GTrzRvzS^7kjgw{N>6 z47@QkO9bfPPcd)kMw9SC$Kk}TG|)r=>jmk6q7kts_x%w#*vnT)%c)z}F8$KGhx4g^ zuQ6*{ZdMRGq{K|HK6Xb~3Fgb07C3LB!~-SeMgZ%Io=zobrp6IJZ{w-v#&dyvi?~wc zPQ3dFd5;JP6c96Hi}V+- zARA=O?D>VGrcxepOO_yS%e8vw==QY3ZuG;~k{0o6?FDxT*J@*>A3BaUjF#`&Aa@D4 zl7WNv8a>v4t1*;$##S45>^4W?TKmpNNI|%95i;Y!>+`w{bg@B-!P$L*qCYerhUBio z9+PuSXQ*~C6QPeeYS7@DTM7r0oD!ynox77n;du`ZF?EP<78Z%E!GdTN{HOvS;K|LK z&_wrX?Yh@N=E|`Kux44MayYXx9K~Ff%G4ki<=jl%*=>F>hm+9>t9|x5_?i3n4tmDs zO;(%ct){fHoxyDQl1b!AjE*JYr!OhB`(R)c$x)U*?C&5;IN@#-c`p#M{)eCbH2|1# zU!6vWRc@s=Bv51F?Ljc_zZ}r#EFXEvpP@QLRZT64;%X_;jB%@D$EMztH{1*UF~w+N z&a#weV8_|z&J^aJ$JX=KB3)Q{2oo=f)&WXZzhxS_ow;v4QHPNArD=FudKg^f7FLYc zbF=mN&C$ybOKw-bW}nhG<3pd-I%SLis=P+MJ8&2?52Skqx2 z&*Z?$?v3T~rjcmXMv8~NOx9Bhj36g|UwT%iuz0FnK61VBco7VmW_51C+04hRdG z>`VH;$dtKLSegmhbSJb%F$mg_jl2d+O|pu5MtJW1z+0`+IQ&$!2YK3$^;y7ynYbvT zSi`FZ_nak!bLNkZMVwdz*0qQ+j#gdYw(FxY#p?aZGg#!CCq1`|a-zISN%BxZi)zaz z1ueA{Gr7M5Db`nC6r0by?5!VY`=}23uApqnN79e|Dx5t z9b+kGr$QpZz)1g$ds*PoJ2FIwJjsn}@X}uW^d)#vUM5F|Jw`VVj9#I{T5@k(=O>Jh zZ*prCpp~D{fPhq6A0YGs2&+FZViL_+HUb#O@_m4h^9PHavQu+@vON=41r|Bh`YqU6 zz7iJI?FJ5iCEh|YRKO?1HJ1RL65;-nnXPTu@l*N1t8?gLsw51}t~ zae%Gg8**0L5)h3vtDZL8ofvDX5zGN_r=aa**PQ%FqtgjlMM&`J){2^Tt!aT{+^XM4 zQJy1flV{J<9SENkeZnpK2xsOw=eg;>l6enTkS|W4xqzz93OivP)CR~rJ2xTH$C9l0 zG;#rgoY0(dWSESh+$O7kM3eYhIBDb@9$kWi^PSTQSF>SNvYdW4rlsOW{z3A8n}W1l zAomw^I&$HLFBgFdZ-7jA3rRI>@z+y;GDgxLQzwpBlkB*-kB2*0IU-$UEsB*F5s0OQ z$GB)A<-0s==%-W0J+3hVNh4OI%6{TUko}BdCKj^8Uj#UAq7%Zfk}WrL z^T=S+$by_V_y$)RSy0jcNZuWf6J}E*XN!?W#sv=GHo8t2CapS@M@w})hd{RSp5@Ql ztH2aX4FTOEJJf*>PFceG$V`xL5#mxnsGoQRdB9^|2cCpSEiG$Q4Ctg1I8NJ&oss{> z*_f$c^*V|xvI5?xIoNVgQE-yM(lKiC){z+W4i65TUoCLQNmJ?#%{5t>8Rv%|V{;#8 zCi-j^QnXbJ~LS%m{X&k!llqMTfx%gPEe+9KQ}k!%{x? zMK&OmR>06SHM=-;*Ce*RGla#~J+9>}6$PBm>iLBMJLRw`K;@(aOo5ASC!Hyutyc;o zqdArLJhmOnyf>=pS_tZ!jk6@(u-(^Rmm|I}Ax00H3vsbG>iyAg+fvXjoa@X@aJTf! zPKmYqAzJC?JDs4HNuX?<+2&5uP{!aULg z($$W8&_K5HR|}G)Y9;65iY>1IU{F8{B-XpOSxXe0HXm_tWM?_84D9Hnp>LLJ@ffM) zC}Vc?5!r)lD}5YXa)48I|+cWiF~qk z5|??1VLdy;jfOAa5`OGOG*|oc{k@5W_KRqgrO-j_JS0Qj`7Q}smG?z(Ez?zqDQV{IRdRf?_-Ro;7OTF|7>^W;2b6s z`xHjh#vzaCH~o)FlF#WU$2SlP{G6gpChyE_F)SB+JCUhwSM&=450~wd_dOX-&N5v< z2*Uxx|yj0U}9e%Pzf*mR|QIA8je=cBb1WDefE+?MS>&gg|B zv0QzZFTlg6sPWJTx7a6j8>Vy4kAz(Z9(oviuEup7&3{yLd|apvKM^cclj?1JB5C%h z2uILo!`;Ot{z|$^$uCKrob-QmpceTWU$cR^ckaRa5l5Ef!0RUBijU3s_A8&zeKiPwr5 zQi=)oG0`wC0h9x8qGX2u3S9^^HPkIExwGMB2Y>iW=*(peJoQY@=g|ZpzvKNs!Fjn< z(7rTl?gpq98WZy;x?=MS)L{1gL*I%a_ehJBK`A|@mmR_?75Kxx!luZV8fn}CyGIP> ze-W3dmx>@AJ=&6v%`^OI2g0A)+E=*ornyRo2Jr8&Bw!=acre4_Sw8ht=fTS^pP$$P zVDkP}t{k7zA20wI`@v=@J{E-LTKO7*<0d2=R+~6t4DVbRSbm~e6E?+e@C9DTV0~1^ z0*V|X0r&01W!CiJ;>=iJd6N^(dFC@V-8+$iZzs7b1AjZ1fH`LqHr{TU=qmEQ-p-oj zJ`NHD!f7HHCZ}@t>6KuxqXR2Pb)$2v6S*PviD?vUtF$m{UAuEqlc1*!EQCd6!uj%R ziYlh75=Ey1g6z=T*yl7=CkBa3q*YU-uIQ-wUGJ&NfE@&{b5rmGr=8j=`0@Et9iwbw zi<=>z_0nTOIrrcF{6O)&C~s%I@fl*tinllnZj%j~+cKuJ{x4u$7GE&aVoW9t{TI5v zetNfXlQAXE5=3vj!!nDSrHDUYJju3kQ-MJypzO?<_ddMQc*Hr+l<>j5Uuy4~&@qG1 z-toU})UmQtsE{8BIV4XmlPuFMYNdvWr+Yfg|EzK~@Yh+xK1=6EEjr3OFx#6=Ukss% zwD7TTbu=E~7b(KpMds8681P~b89CnhO;_Zp)a0$6LIdziGQ^-y4j?<=j(7=|kHkCT zT%(59PhW3+VKJOQ*u*icBaJV4vioohi8To`h5zOeHYP61O)N`bNQG{RH2D{WZPsm` zv>lDL@0{oJTr{<{@DR4r=li>%;GzN66NtK|d&eBL@`(ff2D+8^*fGmdKTAu0j2amj z*+(v&PJX(C!%80ZBV2|T-)adWY$fWI;;QiJ@*k8QcQJ6na%@960f(qp8i_43S%c3| z00%-=uQ61tTZ`%}fI~yr|Jwppwmp_SQ{It3UFyIFQ;P9F+qJ&e%>&75*U5te-yY_* ziS1pQO+8WjHcYV-k~YKRoTVTL9AcYdMvUD?Wy1Xv%l9Bxb6x4I=KmlaY72Jr>j)O? zRMej04VZ?D(RL}K;!0m8&zd?pSi2Z{E@>qX)!ydGVF$fX3@P(mC55sM<`r2-;eMF7 z-yU6E8ddoz=dFlgTwlUm(J44VfbS$3@B$z_7Jro~d%57w_r(q6-8 zJLQdUg^VWVaF9c?>7>En53ye?-NM=J@MA{}tf@cU^DKsF`$(y9=Klq;J#3xSUEBi` z@>NHQOrQ8}o?Ug+)NR?8ZDr3_)(#+7z0E&`IZlMnrbZf}u!EUX;kk$qUl6);kD@a- zicB+|+Uau+RjND1azogbDJerWΞW(%T)(!!xF5z7|+<#tSa`dC&i&-uQuG;vel7jc{qUX6@{*lO>W3Il7lFpngJ3OTm_4-PXFK zqEK}i3dpB>7fG#Dvz}0gmVO^JfyL8`W0t)c?YY#a_z%Yr7n>{G-c1Qc}_VmTq(LEA_Q%i9>_Pz0l}~h|E85v zU&8I^eH25lgtEeav4TDBg0P+4dnBe>DsJE#D(|MM8nOe$Mg)4wqnd=;-1KmYob5Fi zMo~@HTU!B2ew!K&K{f;5{I*C_;}4=A>sFT~!8f(v7jfNbnFy^tvgfNxJHKvb468NK zq*^OVDyG2PvcOZ1j9JDNc(SB6CJzgXOn;zGmLXxV?VU*$H9+Kw*Md#K&bp?G?S@Sb0nxX$eebLHEP(4o&?&I^kqJGY3K&Ae^DDWQ&v=t;m)e@@$>YJISs(L=j zGokxmA&9^^u$To6q6D$YN{o8+dNK;$WIT|C!Zswt%-q5fZ~+($jilH)V&*iD+qRRf z{i3_{Wd56aAO!i7aIdWg0sckXrL0yK1ROtB6`g7C9p+>_(UX)}8V$VR8Ad|NC}Fbn zG!|;UQttWdF2g~``axz{ApgwXqsewmxQ1&{Z%UPH%qbm2SyM3erhIZW$rWU7=v^*( z>KRBNsVXJGDH6Qkb7Z)t)GiJ;Ee1}iCf~GJJnq@{l6A_yU^jj*idb)EajdXL;;=Pe zYW0}wpg-w48_6svw8s!QS!tH?Unnonv|tW&p8pRMm>iyfR0OXrrAq*l`sv0kDjy1d z7(=Npp|}A!5GF^W>x5~ZWeZ@NPqHs~C(L5LvLHM%r+6?$k1dGVPB_M^F?e`Ywa*M9 zOyJ=+o{*j#NpPiqu>+n;Bsj};5L)V+(+NHPppm^vygSa^;+qR+A6!2OzDhM=__!-lYJgrlo&FTM6yrQl!TP$M_Xd z*Y13>eKfKc9pO^!&?KXnf{9gzNMQ-yo^c~YaBkt=*&mw3Izuh(FK`0Iex_$($Pl|Z z)}@3>nB@y8)D74Oz-f>f~Tw$%UNJz*YYT zXX4Az6EGd2LcdvZPIezBwB1oKPXl;jv*CIA&WXqP=b$ zCx8}>5P{{1xvo2r6>${revBz7EI5iPV*RMG3<5dTcblc>j^l(CGzmz`F8J-v@(~8U zEFO0ByTd5i8s5J_Dd1&FqbZz5FV4_JLpH-70=7=GoM#eSRTYT&#>%=@?=%wuNM{|8WpGz8z`bL3$+{ z0-|Tt7&o4OzRU)px-Eg2|EIQd3mid!XQ5BD7vwI|;iIv0v{lx(_#m`RX8TU;CXwDd z`=ov^%hIS#nHs=*vjmQo#k%*#nY~M=>e+({G7Lz}QaVi5h;KVaSKr-PjJ`p4);|v| z*G(qZRZq^?^-Pw;k#%yssEFJ#r?b_u2DU;N7D-!c5vh zYL^srCg|$Cm2K`XBo_g_XR`nq>+XD(^mU7T@ClZWoUIKE=Il_k`p-*c0q3};)|H`m zXR#xlq}TF}xRNIA-AAP!LJO+{ivCo^Ss35fvcB4WAr{^F+8kIP?e5R76i2I&%^nt` z+fl4WvFySOd7nlQcJ%W+CiL1b<>i}U;0o*0g^%Msj;EHs>kPjafPDFM(-(#pnu??% zf|Q>~CU&M}=0$ENuG`NK0~n}N@EaE4u~7+LA|3|O0a&rWX7uJ}CEkS-d2H?#w@br< zNYoGMj*P%L%Kd`DX%frnJ}7N)W>__lVQw4r4k`K6gPxbJ92&N46d>6*R+P`>gOM=) zQm@!40q&N|&w%;}`nTwPcOy?bkeGOd+*_2{@9OrtK+?VxyDy{v--2soZ>%K}jSfo` zhW0Fk4Cz^w!gC|a$5;Y;Pe5{T(`RAy49!4UnEl-OX{*W@3!qf=mn6GB!mlSn4ANEf z9MacdXE=M`tZP+MIq5JiP}D~&S1PKphl<;l3+CdfU~5+)u7~#b8ykl?l2MpY?bjMk zu2W5rjTnXXDdBe{fC)X-qECo>SKDO>rm)kwTvSgP3vuW$6R>Df<2NnSh*nSI|}rXL&)L^faQxNs7qmfLzX*I~9- zOnE_n(A+9o?U1%l>Y>6Se$N81G)OJXYX-E^vfI4-dUCH*h=Nno{h5s_&Qg1GV1(|u2XlpkA%Kuw^r z0q#55xXd43PBKWglY@)_L93F7I$z^z6hnX<0b~FFSRs3X>X7GlCAfcoIqk~8R<$Vg zCDkWMSO&N^JNq8)t&*~HZf`|w!NPp4W+Tf35O`Tb-zDcZI-*|rRjs2m@q3kcGRwPE zNqQ(%og+Dwdyi83xcD%?m$pVO*P&rS5z0olT$|Z8Cdtx;U}bjvPr8IK`M#zaw6X3! z22_wK@8+0lEoXOjXGV?+v7PbVy^bMJ_lpW>LTF`D6F8=aqq4d9lQsZYo-laoSu|^<^6#r5=cT&3a3H@~qObCYH~Yl@j^0nMc$7gtKlf;w}%9#HghBNgrZ zrjtrGDP+!xHvCk|O@YttL0@Jr4bs|WxA*Q>VV5}4??$~@!x!Rm zAzY7H{r}Kr|JFjntrCi2URV2${PJSTcazPd)gZ9)oh%^MtT*unSk>ZZPQ{wjJ11!m zO%VoS-j(11fF^B-qt<@hp-`ukmMaBJx$p>5Af9po@9N-J+XfbEqGCH!Y0H%JFZz-{ zQ9!f?Ar8)htPctL&J)u=-6?oNvhhR7Op*X8{l8R!ftSc|1$b?IgjCC7<)*Cr_IhG# zMHEY4*P;|4`F^IP=e-ur+P%iW<9{*vM&ADVqEDaM!%>|%fFMAI2^zYX9S6~thex~v zDrkuySn9H(GNKY@Y`cCzyf){ow-YaUxs-ztOPJu7E^?taGYs-!D z?zBGtTxcshgy7Mg@rQ5xinDHd-bgAiaA(+$3q)2%Q2yMi#LpF|ZJ<1zMlJtnsv08k z*Qs)O;hHWXhw76|EVyB3Xlizt*VZTM{1t96vWHRNBjI9d zmj9z^4KJ)rnl#)_lHKcGE^EO|2cbanyL-9>Y_j*gPBPKML-v4=mBb&WyclGVsIhGT zf%X*Tz#+N;!2x`b8=xFnBC+D~2{V2aDV9`)FZ)<*jPL?D8}}d%qOw=wCVU&e{lGon z@E#M3Pi*cm@x&MJc&;p?MlrOeSF|tv12ESg4Ro_S7|`-cMy;UhxTv2aNO-j+9;2mn zt5Oa2zus2|RH2mtnTFWYew6fOhNePKghqDP6$%G{crMj_yWuxDhWHu^1#Iiz*nSDl zlo)TWr3B6f15F*2WBW;;(r}r(dbv}ClZy3q11*V>(>z3GwA4V@>>V>&Mr6A40IHa%M=iJ<3u9yZwDK&zffJ)%JJgb zy{)=?`6}S4R9k6@i!&Q@g_g`_MCwYCe!A|&kZU6#CRz#Xu2NON$ z=KSTv+fTFi_Yt7vKyt)wgA%7}dJ?dOhCL7-ZUe{EdqXOD~YJQkYHKsaRBw{IAWkvPxXoGPdoiVldbodIY z%;j{qZ9ZeXW4bn1-S_93nmz2nN2o3wj5-7XS)4Qic>secp~cyi|DA*k)=)zm2z3%# zFoy^HfK+WBJimbd$`p~=$hYJrt!M}WSQ`H8vceVoKHnt43%@^t`)sm$k$Wj0)iT2H z<$1-)x?(;0H~jzgHih*h+M2-HW5N9cYoJ{T)+r3uX$n3GIQYnJrIbzEuA`VpX;C{m zgchu^iM8?jxcKZg=5T&4^Sk{lB2m@R>#})gtYvuz?(jBr4Xwb+@Tak6L32+=61GVS zxrmRqU(%$D;&2sjAFV@XqjGIsaHkXKi!X-nVWo#L0>sj_Oy(_&yz5uOH7!Ryt%x0o-LHN?}8HMM4aZRpN>D;$>3i$;H{7FT;KQPaVqdOwO1tJB|p zVa%d3aPFQfKuzXut*@zfb zuUKn|o@sz%;o^{!`}4|Z`~B8q(Vz&cTqt~fE2st)}g1qi{l%PEJ{ZC!u6o%kD~HPfY}D!M*GR7j6^o#hD9K4Zd{U!`^|;>3e9GE-sy zeMe6>y6*{|#}(l*=noTRXn3vqY^b=~W1Q_^i{tK}_w#+C7IjX*NjKFFRDLut?Lph8 z!HKss&^$T(GI>23JLEnlu%~n{QJaY&%<+g%SjzJj7*oMrh=HAq288Q_`!pBO;XF$( z2vM3i2H>s#w~yZGG+R%J|K@G8RT@SabW&VDpWGsyFX0yUp64jf<^t&l>9)f2a*iB@ znf#s57J>YNl0^h#X3;;zPSa;M({T z1T=Q5N5>y4njP(JAT<^n@lv0VjI{Sz$v8*-f^w-k)=J`Un1LMe9lYZ^_2#C&Or)l< z0DAmld72WSlBnwd0RgM?c09Jku5b^27ooD&)SEI=b>!expF+GE*y!(Ubuk-go)N2xM5+aGNZpV4RIA{o-7S?J7RUcg2~U5XGP z`%@i>T+Tn=XArM=1=sx9u<-eCtq-n{%Wl{@l)=6pemvw@yj*sTs)%KfCj>8peB=zi z7|j`D(IK??<>Xlnj#x@eXYgS-WvvJek{YQ$*zb9H6H}0b^oY zQdV7Hy4-!3mrg)0KNJFI9n%Izd6a~7JlchmPs7CI6odApVV@!Um;66m#{Cl~Eok5o^rXpNU?`c2W^2S5#_O7R(nSt-XwM zaFr0-*v&D;O9|B=MV9-SQ&X~CAe{u^Q6WK3^(J)K8Cvg;Za>6Y$@MZNbr%c)65`jHRU*72eT!+h@ek%?g?lf8j}WrOot<<0NV^1+ z)rxKXj7ITrII{UCFx&nq9@HqCPWm|OX$yo&{!PX$HIX0>|1tar;d@-@Xnerv05zv+pLwry{@jcRICbM!+Q8q zpfkNbi$!gRl)wT*5DZZlruBS#?#MI6LpUXZ(*6jT8~2YsVSdY|k#SEsXo3-)-AHC` z?5#E)M~$X$!A`V+9^ixm1Wb~S19-MsyXe+*@Vp?Ly#-h%yV5R-ySux)%i!+rKG@*y z?#|%u?lL$G?hNkk&fxBFV69pI+WX#f&-0v1lP{gBH&v;0x+psNI=1{0<#(lLVuB}R zW*!=9Ywq7R{c8B3ErC7uRzTb1yg@&vn1@OZc0>k0-W**IFsyzRNQHd{QK=X)A=Yz| z9PYH?M+1u5*ul^cO@?zB&ZEgZuX2<_c+&kfl)Q#Wyn)AZInnrJEj^R6mR1A z$Y*hSshXq3EEkFze$)H4vYiO6S1Ji84t>&#lQjTJ0X-SP*N91NZlh><*)I_-qWuzP z73paXxsb?B3!IbePTb!!Vo{8gU;Ku+@CWY#v9VwKuc{O%$lxw-6MnNGr0$8RGd zh5B~*WtsP9KIqQ3)Qk0x?@_%9(v^!$V<%0-{CZnBufY!pKFZj#+EsihB8@@|aDN%8 zb6we#zV2N(PW{4fm2Gii>@CK(SCnF$=%d~FHXTuKqnUwBjxI{KJgid2jwk%=^Cl-3 zeU346c^Elk*MRzd*9og|jOqT1Aa!i5+Qboh1!m?zcGxCl9d+M|SO0-eS=d#}buDSl zqFrqW*m3EMZNniJs`w@d0C;yOeh#K!M7bee(c%oFy4boR7uf`vIC2Ihx`Z@IcMdYC z5%z1{9GJ(P)p(|&230xD^l;9>Z@xF}g1bQQz?%36gV6V)MH)6~b**klv;HT(L``HQ z01|l~ns-&CV&QmfJ%h>?B*wDAY*ucbPBfTQf=u==LHp_4GD_uQ`w~X&j*4Tv!(}mE zQ8u{qQ)>B0jAA$F+k%J#YuO_fXxoulhn2{@v;87j^I$de?P)|T<~smiL9mo*ev7pj zy`l3JZ7Rl>YLYFJkRO)He!GLnQ4CpNFRgO#A1JuMqG@3-J_Qa|7 zd=k47aqol!1xY?#PaGR}`AXpK{Vv0C>v+=|l>rvr8n4N1ZMIqhp@-1!*{NH54Rmt5 zjBM4CVaLa&LFlPsC!@SN@n-6aGM-rs+4k-N;dsi>K%s~jwWkL8D;_hyJ8YI?vEi-c zmT42+26ZtW-7oUTJoN%e@UQBFswsT(bS_aqaY00{Py$m&{_o91*w7K+B&wd7K#Rgk zD1?;YL~EElvM#>nuLEeV!CwHEm3j_4LlkvbgI4a^^qqyFCH}F zc?;wktKvKY8&5TD$my{{)_sNxA(s@0M^-d^L1DB5jvZUP-F^T4CUFV(y-Txs#C0E} zA)~ssM+lDsoM`T+3#V;)y7eKW=vy3`vnSX=L!loAxhZTe=LOcWHPU;B@oO!8hKltU ziU{|_6bEFKmWpZVkZanV8e%Tiju-RugOJmSKKJNKc9&7|OOHcP`~-P-)O#1`n}gp> z23^MAkcgie^*~E>tTUbpmFIsHRTyh_+7{E5lJT`gBY#bK0zD6@q@%T#*a~t&u6*AU zXRQBNF|p+c2RiE>x;YSw!4wQOAW9K%1`y9xlxN!MeDu) zBns^#A9d?}@Pbx343ajZu(t33=8`ddpC6M(a=MX2GiV+a;F$RsChKm?BsP`6+ zHtKDtsek(Oh6@2fve9B7e6QS0$PfQShG2Qfue=ITS(;R+*&y_h3Ux)NqPb)a_TYqE zJ8W&>h?$)B)LeQ)1p26;4&v7yIjPiR?~u)j740WqpAa=5&Gk_)5gvKk)wpFhCm^)r zU1YsWy;3m*vvJ5dfMdCmw%_saC)e=Kgw;};n^T{b%e0AK-%GgE!W| zCvczM@HM~@d6BJZM*QApUg}3AC|uzYzf6S!9E5lA0}}(8l4h9fu6QT`8Ej?=v9iaq z9B$@C(%}=IR^wWNPXN&=+wbyKSrfkPmxQ5(0b*A{IOO7q53osAa4pB!Ypw`tVc#U- zPoNrEa&S=%6l@CuYFaHBrW5XMHJ_ZXk5qN#s$~MM9ElsY6IW}+4(lLklr8V@Sy9Ib zqxuWpZ6jZ3Zi*k~E9XFbAxCs^gBv?&9417Hgoej+G4xNKcy{7IBwL3D%#gU!Wvzn6 zGWKFgM81>`DZojl^P%bY4K<28pp*S;r&D1z+9%%8hM4XMo<>vt>1ml626m$?Bjw#^ zIsvPD3p5N)BeQ*CkuB$3+_4`<|y_P0kQP4W4*A-Wl= zH%jYC-+kWWPC90B#3g-djG_*)mM|$eox;e!xefiipa#c9j0Z5qD<6woOY z1xwAX)MQWI$({&E52J6&y%fd0B3Q7xBQoc%kAazH}rfqNF9j?29=a#wAwOGspkRn8MtO_ALcDa5WQu>+4bBDmFkM zd)#nnm^N+|LW5~i+}Z_3K}bwQF(ZD6iQgfN<_Q<%)+bPcK-ZaA?{cA3FZnHF$BGd) z>wr~$7BX21?ow|rN?1^9>y$KS$r>agDq8W-b4Dv%mFQEx;0(U|sL9V{N9y4XH#iAi zw=G}r^;e%-BdZ4^HrqooGAUgh1^Mj$mI%qop_wo3+wcn$4CLTek;eFFJ@S*fT>-|e zfwNAx13iwq%P^v^@p44uDXVX+7B()X^H&%HmT@Q00$2gZ1Sbo&(-l5;tR zth2bA)(9#^ke&Q=NHOFzKz(V_T?KNv3+Y`k#kd8OV=`}79%XE}%`rr}fKP##TxoJ< zy|;T6njrDlq#ocUnYNxcZ)L)N^`RrVO#bTC!;E{_#1JVcYf*?@o=h!s%z0Qc2;hTF zIKe6CHefeX9o50y`Ef5VE?mUIYE>fLlLiLmfkCR4cE9^|1WkU)b@Z4_YaxMTi8aG+ z>QHJ4P|X8WJI+R`bwO2 zI}>h{eAEtf``y$~fiP%Tq0QH=ql~O0oHC!qFSsE@f$7baTcx6Q_<+uJX z=96?=PIc|zLFf|cvXqgWXrxk|f-_d;+G6RMC})UXxyst#!6kG8eLft12;!YElunCZ zNvR~8sDOTgR|lt+GX_iE{@~>W|5)75onR^>xk)~jnyj;s>=elB!H#JAg2}lNcfE$n zH4_yGX(YqQwi8ZLBo}L2+4}B8!AdIpD0ze`8j#A==EWZ@tq)M&A~n}tg$N~Oi&dla z;z~Jast_ixMn`}E6Uqx6(v+R_Sl(i*-*ci(>6kLp35*(AKFAQfME%mL@14lSQ3{(+ zqtgJC)4cfch|<{YPAqJVLXP1^aHT$&mY|qtf!nQ*`|N$DgQZfiOfcD#Oia136#IDA&Z}8fs#>L~myF7` z^o=Q)InN7r8Y;9d+S0>V|cMsnYV1Z6jbdH>A1* zzinMDuRb-voj}7-sc)x0AZ!!vjf79o7r*unD~920%}zv%uU`m+G%H%3 zaW*F_&b}um2)BAz>iBxby=NRBtNNyri5dE29U{Q8*9>$fbM?KcO@l-b$9Ll%g}^m3nE@28Oq7H@pGdIbz_%vkplUh}~JYWXF(7s`w~Rq*xEv#4&f{BU0XjI3qY;#;=a zGK3n!bW1?=N{K}o4O-M|HlDpEu$ZU9?tWSKOr)T1kPe^+0-{{*bKv@Ka^&8HmVJ|H zp>tgCZZ#*1IFs_MfG3Zbe+&#&X{`QWMeB*BguXA&HUl(2sy_7_}1!__BW@ zW#s1-6S=v~3_5Puvpb!%lxSX^vO-#XA!s57__bsoh7*T1b2o>ZFBlN8?tw@MvouS3b zNcOZ#0b!yZ4(OSy)uQDIAy_vA%$3+@&EqnIKgFVzAF)gAW zsL-c~XE%X&qBMyQzx*Cs^D(zLDOB-Gf^V8m^3SHf5*dCBA?z00jK!3b&s!>>pFEo8 z$k6Pq3hJR4C5g7kro7mO>&)!{nRFOHACzR~VmQMKzqdJIr>r&jA#%e-5@ zABQ_}7RbG9t~P)Y@w6sdl-sG3QMBC!(LV?T=}dQ`i4c=GtT_~GiB*iW!;UlaBm5S= zzT(ZKMqJ_1B;x(!v1(GBo=kBXP!YV|QL9A@+FiS+%9P5K23Y*eTx_SUuW1HF`iCNH zvl%gaJJ`dhA=q~eVcyKy_@DuMbIlj4aDqa1!9m`4lq>}f;fNVInnyhRR!lm_q+TFJ z!nE(vVVLDdSUX2Ep0&XEq{VPWbQFcVl;76(E(XQ|Q{^T7%2^LXE`;E<&mi2C7sa6C zQun_{p8d|5Mx^Q<@IG%FlOFg1VVs4bu64Zyzi-~=B)fJ&hatofRuG0Pj9xPxomori z=~bW6pj$G;d~zPH?}m(R(T&u+`83dBh&*KtaWevjgGVj9u%)J+EFfhuI_<#_L@z^O z9hRNsaReh(bSw5|m}tV?W}k-yH>rHNy;!@@$WhQxowd0esb*AGma4V{QcIgKIZ`TO zFSx(x(pIO8n1H&AMuZwj^%$8#)i`fMOdt=z!*+XbNuX_eG-dP@R5}CLhbA-oz{xr{ zph!cSS&_2S*#G#J&C?u-2nP^NLK1ul@h+w!p#ak*h@7?QQOQ|c8rtF#vdN2AGlvHX zWo5pd<+R4-&Pgn+sw1>v9ge+)ZrbRNnA)-*Y{K zZX;jY>=);~k@wU_b^<`;kxoTjGW2lne5LBq&z94@fYZfpHeLop7vy;@YF(- zA}vPIh&^S68?957zS!$|N(x_$2OV9}Q{y(vc^6bxfv5M--`hDDiWRprg+HcdyUE7z zToTs!7ny0I&>nQ;Zf-BwvX+&{(1k;>fXWTI6Qw9NXe+#Vkheo#gkq7BW?uODGg|EK zB_U7c=65pel6pk5ubp<1s5S+h*MMOh75m(T@6*Cqd92UFV zBBTdyw|-OSa&Z$2g7GWGy{c5^#w6%@ko-#auG8EfLKA$q@QEM+(q2OwZ3gYAa@XkNj{1hc3Bbl)j|jZ0H@VA3=6-;62O zj-|(}HklyQDCXXJLva6UagVr#iGMTAm;yb3p=zkNHKL>DLzh~WQGRIseW7TrZ9ewg z4DP$D+pw;7$E!pI)q5~X@>3b*aoinay0^8Q7A^m(V!%%va@A~Qv+6e@(=zy>7~1ja z?p+yzyEApeY`c*r+(i=`I*ZMGW7>(txyYE}6-<6xDOBpF7T#zV5MU@==*k#^VvZ~O z6juW^m)NAN+qI?vo-5vlHICZ*s-{9tE!lyA$3=(O-lCFQ1%AVs)IKo6eqHibF+5i! zLrls0@9*gGmD1s@@*+1zhs|oD;JIWS(n8_3Q&B*0+As^q7G$HGk9%#f$S;$FWr4wo zcJ7oKKq>ju#6hiuQcnx<#hNnx=AheaoH0Mi1A~%~Nyz~~8i#=1Y_##cyp*6^pBqhY zhv6bTj2&4sVU62M6BB9HO}L4jXMhAWg*m&X_8W#EgQc9pILdF~=6wM=svvYa0NQP#n8|<31P|#_SuRg`U*C-8yv56t833h1@=4nuX7;J%@8g(g z6nxCUbf_1IdRF|z+=v2D9{7^f$E^W%^)v9IpUf#NMtxA>2hy8}Uj!S$_^rd$a0k{% z#|cbeBJoI!EJ-qfbJ_Jzntf@MM;{oABt&>o9jcvCsJ*%R7reArW`sp&0R-B5#;ca8 z9#Z*Uc}!>&cnq@cJSNPH-IrE!AzE=z0NciO}hj4l+ z00qo8Ot~$w9r=%)NB<^w1NC`W9;0`|_9&PVr(kZjNrO?c-1Q@BisN7fJb8!n2P(0( z@|eopYIIH`y+$K0TO{-?YimHWy)q#ORuSj|nRghCrvH(lhRxGRc1cXC0NUizGO(53 z?Ht=}J7Iz7pr9s~3z))w-Y(CKf@HM56cUOS_*5wRIfJ{_3tzUS5_LG#2t1IWc}?$U zt*B1Y3fbu^xuz7YnS`Vkf9W-Fclf$*u0VfW{_$d|J>`!b%DEmVO^akbJ7_Pe+T#)B zy2IwHOEYlLTmjH;;4y}b+J8cT^Mmo~Nr|M0qGACxdjDLx!o0e-w|b>1SiG6*zhao^ zuN7(xs#Zfn3l7_~5QT2UXf3*1f}wNKHvUml0!6J1qZhUT;yxZI*D)dI%XN@ZO{=wf zNHt6#z!)Z%S<7!iTCvoByw|FQ;cNxw-dMui_J}=I9CmqT41cH$K?;P7q5|+Ge2lr0$37gna4tXN?K`-Pca~Cg|&$8 zZ6zmVcPE5EiP2ZWx>3Y%m0$sutxVh0WB8jGP_4^Ec9!YhRq7Bu%8*Mz{lMxlYXU;l zNwu1%%1s)qz4rUaL%MxA(5HeXF@_{$)}pI9I05xTIy6em*6BwDPmnElaQr;s`lEum^qlOQzSkzUdcrWk^Mr(<8Ch1^H-%VmjQ+3?5>h$fnogg?c9qX4IuS#f@2~aUXz-EEL*opND6uj2K_jv0U7nnlhN<+-^acj z*?Z?J<-xWK*uY}VEw{!_tHICYb)2FU=3Wv{M{{GI++(|e-mFJePM(vCf!|_?+B$Aa zMv@qTd$<+ew!|w$Q77z{1b5s;(R*|M=CRC{=Yeah5iOpN(oOjl3pkOb{G6z8 zsIsf8+yHTaTd0*CHkSv%px5)&w0DRQ#O378*kcTRM_V&w;TnsAr!cHB*^2mUu*zJ< z@5p$u zJr>>|Jx$pOUlDg?ILq#>T*>iXHW;>c;S@#K0w|J;$aDJIKs=eWjEL>7Z0jhT(RrQE zEJR|Z9q5F__8eo1#&u26y=R=FCavPYu4m_CURD)6&_?DKMmoA{D%`8E58D=kqeti7 z!^cW*ZG>knHz5Q@ky~|Mrfl||s&J_}e))NeOoI|TmGy!ZtMR`%ltlP$&qRZ*DviCb z&R>1kG1mBXb_!4LB?zE)=u|MXz)t=K)R18zK$xew7CUm)3@Z#jDH1eo?;GVc=WN)% zMEhl{u{LF))j{woAYab{@9GW0^mNe!;P#Pv&0hR1^5<{fAL_bPg&+S7lL2%y1#lg( zsG3ikB{|?cV6wU~w6*SGr(8=Ecvo0X#I1?GMW~38EY{7VAmBhF5!O?}6^GP9&&FVm zWb}eBB9bPGCRvn5*m+cjxdWq8Nd1%bm0|J`sz%3RNUsjvJwbi1Z9|r0BI7xmNqHl%~b#Vq`qB zG9al_#VRmt@bhL%2KxZTd+FxWT(idIU{vUVJE@RgZA3*+x;S8K$75jX=PuC42gzmI zsd4}{5r{&qOj+zzX`Sj<=TGT{D_-lu$JIFu=0=B4lW&DIM6C~ z?Ie)6Urqa+gu|CZ65>pGsh^llG>;=YOYzNsmvRtEG{E{{TbHYY?hW#IAiFhPg8u+P z+!SymSToRJgxDTIYeYQ> z$g9SCN?q?tA1DLZKRTz35EV^@P5$5@gsTW3D1TA zrMFg^XI~|PYTmGpk?LI}#jhg3($z^Y1J-5Ra30laea-M9s0b%_1c3SgS?_)sVMgZa zv*dQkgY$A>9N_j9DVfvH-rzMAzfKQ$O7o{tswiwFjGcGXw3hP$SnqUq04_HV64 zb~>q}JlKrL-LtToVO1nTPc*2?x**Kdiu1NgCa_Mto}JpP6JoCuEdmT+p^UAK931V9 zKlVHNJhd?}hlPTLVq{_^U?BLbz{tYR$;|fOOtycR+}s58%5JvC1oWad){er)4uyAH4vIEbvNoL3w2H zCD010{H?9dIKc>6GXP z$yE&FR}2DU$RPu71~dAun#5UtV(jp`p|$ASc1gw=naBy0=y77EdeyPsGkp%7h`EiO z$BRY1h=Unhoad(NXV=4s;y3yCI4YAOr~41$9&{ zf;>deQ0GBJkq9Y`1XWETzV}3lx7Tyy)b?oy#j%Ze6_S!I7OyS2u1v`sl%(z5gSVk((@f zi_r}x`j?@rG+wXa6$W1X;6(~|@Zj$MfdxsLu6+;b>dy@*7el@Yc?H5PkmXB0gnR+w z29!l0*M-~+|5vvAzrko^m)wTA=5Zs+C6I52T?un5WQCFsBVP);5oJ-x^&#*5@0mzC z^t=iCJ9K$dQq@sq=6!@@(@(Sht(DrY zoB6VU@c8mfuE~rj^U5-(9+ej?CkNKCqmubjO?I^zAQ$Bor}vHI8M)SVQSWvRob|!W zyYZZ4w03G~8_43^_ge!8PCXWzw`+PigRSxZPY1{GpSSV9KJ4$?Sjox2@h`Xb$@p_? z3+g)$YcP`t%eZ4&*OaXlC!=C}gT{Pw>ajNbCP8GqJM%4N)^Q zax``L@OupZef-5G_;1=DDgSp=CRPRlW@csr7A6J)R))V5$48l+o#T`KN6#nXGkqf1 z*jWkwsr8vNvH$I*3I3=4KXU#b`5#&TQ2&wnDes^3!TW>a{Adr`hlBqsv9S}dGcggc zF|hnq{y6`G`lK>5a}uzyd~jHq2v}L!2sl3eBCxUkRpSqejp4(d&-#pPf4A`i^>>+( z;KSB`P#@Yp>whL@4$e=z{>oWCYW~}UL%4hmSedeDUKk5IC z`lNhn`$ywv`7dkO*#ETav-Fuh5iEbnW&JB>WnujPb;bYhM$)I&KdmNU{J0MPoPXqh z+V@FeV*Kcd&%XP#=0C>Dzo>sl*I)RLaq~f8`WRKL|H%2PXaDs7Cx+ugGb6*t$$xg) zzvBN<^B?)227OZg#r=EsLH~pJ6#ZY_@Q40iwEyVbzwu1$pCQg)$3LcjH23qea(-SO z#{a4PKhoGfI_z)i=K%OP`@{JxeVX{m|IGg!f4Kj|GyfeueZ(H0>i;*f$EPiSMP;9X z*Pqyfk@-{R|M;2zSN!ppsz2b5D2j>gkH7i5IuijS3)4r0_n)YbKK(oF`8R6uY<6%Y z)mvc2T4}UeX`HE?Bu1s8iwVX*PzvGMubb^E=?8SbsvoUX%Z!$BIW z#m6#?G;Nu94V=xda0zxlT#Ub&=pz#-0eZ2zI850-lx=ra_f^1v_zt}dxFM93Ht<(D zcljh=pvOCcrM39uoD_~~zZaRNwZu_2FU8kffBZuHxP!%1c) zrdR5o@ren!Z)dj~5UD7Wphm`WqSyD`xTXi24-*FdMsYrM?`UzL%fOlMieN9yJNU3h zI2o0`@7;;tL%wH5jxW#6DflMd;!`EP^V85J(cJN?sXlei7M=pe!Rfu19{68OXj8^8 zPj1`T=vKUo3Tb(O!+T`=gsA(U0KQLAb&bWUtl;hLf+ZwBRljr+2Kw|@_*NNdTb{gV zTjCh;lQZQM2eBUWL0h8rTccq&!lF; zo|8TC4*7D92*kyO31GA(`3ix{Aq(>@``V8_*>ODfgBSs8(L#0RL!fy>qPw2 zMiaE{kEZJJ?e$cAb$$3uk1-|!W(XNV9=JtQ{k{144SKQ>93bCP})yxAL9AIcYTzclVdTcBM z@E!R9ywTRd`HlL)r|r7a;oZX$@@WJS;s!*Mz&EM8udsO_kWqUQ;5^Mau4Je=9qKfq zw;>OZWX}a{oI=hIvZx$*T1ZS2L$CPi#9Ngo<2%VHktYW9xKsI@q;B>=R%fn6yaoL^ z*TM9u_r-z?GjRIBMzy}V2OZnT&I%?THKwT@3jNXo#B3l~doBjaXYM`vv}T^f=<#2| zjL}2UOTq21glqDH_sqpMxvdg8d)j)7d>%F-N_$W`oM>&OZT0r&B<$~+S)8yvqNjeNN=cW4XsYF}XS44L{-M-?JG;hOaH zb?vI5nJbx#M_-RHJ0QA^3eu)a^pW+qNOoeL6-^{5X$q!8|3rcUSMR+$pb>eqw;QHJ!+n@b8qe^>#7G`hZuiR z)LP-L2o7m_tbwf#xPaYF5~rs7R0MYaSRiC&T zK-YM60Yn{0TBxy(&Wv&pk)>M~Lv^#7wcI2GinWx?07L>^XMzQNt(A{qmKScc4 zxDYBwR`>O?nu!hz$R-X8gpk^$7QLG&^H)sgM!L>5e}X}K&w>5cQsRo8+wZ=Lfe^H3 zPqK}B%nVK5b1|Edy9-22`J7UYY&urax#2Rd#E;$3Q$pTlNw)1)0oO5L^;0eq#kvCq z6CFFu&k@Ij*0&m~i`$vwPWhH%6Wyzvj?JBUInN-qiEAf67FJPceIr)cUNaD6wu{DY zD{6)zl=WL2dqmE5*zBUk@XSUk;W6?W%}&EL!+)`N^A2}g^&2RQuH<0JkU4XcIBHpz z)p$LoJ^5G?4A0pa@!Mj2_-+31q5Z+E^-chlNc?yD{@BKNN9|h~SD;W@JiVpRn{IM^ z{HozYV_WBUy23Yq5Xyz(FV$m`dQUgJA+~T~Mp{z}^8DX#u+uGn2Bj+6)JOMaB0Mga z)g+ikAFVTyH^;I2x_w1L6+H5aKiOtO;m$k)msVoWROJcor)?ErDo*q(TY3ujF_fvb zg%-3cisOM@K=1cv%Q`ucno0m&mG3maEv<$Voh#K@rOz|R>g95z0!(MsC@IhRoCr?0o+u&o%sli}ML%OlG6zwz&66~K9=xNk z216v5Ogmbf?$RmNN5%^-K+6KDD;*$;e)P2zq0zv*n@|h%#i}ArJ_;<*l@=?;VWpQO zn<+MwMF9F$j0o~=pwdIyGELA-V>HxeTjV zNZFi$w`bL}YR;(QnTueY-4N7-l@`$s)L@x!as`8F5}vAKmicvH0&j<2GaZ+sdI#4O zLm|O(ZBz6svO$FO`h1iX`UDiK+MY^NraV3(!wwYrPGka#0C{tE8XC;~$dHHJNUA<8 za@CTemQQ|_Lv6mf#aw(6MADkcHMfE{L`@8y#T|RX=8oqGP>YYHOFOgQWhnQo1B$no zpRSWd_|P-VDvD<>R5AxHgO)GN72OqH4^^V!cMu12hJa#W(?yfe?2un@sTStbI8=V} zwC$g9?T)bCv=31>n`Q_&I5^`t67Xn|1ygLD!Td&Iy~34w9XJlQ zD;Aq)EM{TRJci$gh5C41Yd?a2c~$T8LCQJs_Ps-|u|N-C_ES(-en1Ei-(q`(O1VcP z;ZWU9Lr8$bwCJyGSwmOWOy*i!cINXzq*@60_&BDP0gp{4no1zpiV_@3vKd&-`Z;#<}=tPntlVa10m0@*+ z$BgoIkw&R+-MN%?nhX7zppDwZ7gQw&Dt&XNov65~>dn5?b$V&N*-lHU9iSRu>xFKX z%fL(Xr=lRG2ATmodzqm@w)O#D zXCl2W@~Z^4}wKpXLu_*9g;mSH>Kdsz_cADUH)5{|F?H{_}X*Qcy zrfvHo&r^duWuR3bccl}roE^yOQHYd9(V^SHr)>&rP;U%?EKdV>086fS@z@cS7Sh8` zGkA!OIH@Fvh7%PjSAOw*`1m)t_?QF8KJEAZr@++a-@L2z*m-|!gmLHP8Z<5uka^r(0@ zGN=cmNXB)>8P*Xq;S zP`vhdrX3%T45EIaSx8BE}q;N~e}9`ZM- z_VPkK2cf>68vcQo&Z)%MgZxEg1UWXwO`6Do-6;?=lCHR$aZKm6<4Cb@JQdRaQYr9M zvd~8&Vlq?E3yS5*US8)hNHkRM6{C1WSrUj01>1Pxpt}xX;!RtdMQI2pcx!TW(Hl+m z=EqNSGv<<)K={+Is@M}SoMzElFgTu}?K03-`AibW!0a)RbZ#zU5p6`}(%&GG3~r2!9%ni8a3Axc%-G0lF!Aq=DZ=w3ZB+SJe$ zZJvg!a!N~ScfR3ik~bgG8=Ye*&2l`k7ywj*)_(g}kH)*dmI#osei z>_Qq?3X#N?r9aIoj^7S$5a9;`EXs^47vApbDI=U72PO}&UD@`P@t2^?7m`(JGnr}_ z)`aNUwkVq|*U3`dA1tDCE_}c<)S?d$S!cRW6HvicJk4(?DvN@-i4<19f9(~W9NKXS z%>3qz{WYL?TiduV~0WPi9C-rN>)?q7YJQ){IBI?^#BMC_9pb^fsP*TkW1U z;B=|@%koi?vfM4S`8Mag;&PN^?NW*tYR&VlPJLpq+qh)#?(`$Py&Y?hJY#A*3ZIna zw9M8hK8^lrKBU2RCQ*iavWzo%#kxc(`hx5)|M2w7pKDyx1})(RBYNAn_xR+R8Tdn8 zK^wiAO$!Xj4Ggi+ADb*k7VI8Cp)?-VY7(+OU9z_#Jzz4zC3Oa<|DN5O2jH;(U5ANj zYN^pD;jN0Ps>D_Cd)LA|-2D}nL`r)hArSm+K4_X+fzX+Iv+f%q$4EIcogE)^J}?)M zMWLeP1=DLnEWsG00}2Jv=w1d^J=A2r{tej9p8YRA+jmDl1&E;0=;#Ze>M{jHZn-J) zG}DN9@fndsU;|tFiD;jPk1q#biQ2^a$TSz|P6;LPKwaUo$nPDt1S9>+|$ob9Z3BYKl^xVo~jZpJ6pdT?0;NID7q&0>}h~ zt2I)l9G5R14co<777vZ5SrWR!4$%huHU}z1Rfv7|F!U4B=&9I9Q{OSmt5v$s=dQGT=K7U3M z%JUbv68k-iQ$YI^YB$*icgjWDfZjo|(R*R@T70QuU_nS^+~i7-i)=m+sm zzfGvHjWjJgm)%gcH^J$&`3k1_0HrDE&YH(Plqeqh3qciFy{;Mx3;1QQ1aPhzsZXf- zOpZ>!tKDw$gwXq`ohY-zb*If^V`{oGo<3XG@4+oPz`K(u)ta#xHzt0Y4-jf_M_mXZ zI_F@Yw#I;(*OLm7ys0(yA5}>i3F`*S4v-!qktVMlw?asFWZW`a@>YH>4W}pOFDD5ZBK-R3A_;( za2;W`*3^sB3tp6=9D*5TQpd0VnJ@g6ZLx4K)F#NSA+Og>oP6&X?C5$%-Q&swEf}KC z3u&=7bBloxDG2-vADK!owGzBhYZG^aBCAsfQo)%PMm3vOjC{hm7{H7+#wnx|-H9U)SZ6y?gC1dL+vg*hgJp`D*0AgudZTB=z2(1F(+u=y6!H0o(hX z+CYW`*s^{`Y>3KVAyGWPlgk0m2gXI_GTb4H<%`hPfrr~}Fg7fyg1XMxF?_r%Ft9qp z=U&mM2*L^$0sRsTe>$ISq>&I8jv`H8OH|LDfU1s=fXY(0V%}zaebtpJDYroDRUwn7 zf<)y`;z#3|zd9i^8r!_}W_Q-Qz@-vu5z^~G;XPbGJi86JYR(~-85aZ`F;gw>f^mhE zyR#)X`grPQJ4@8skdXEFJq8*=!4#~8uiXJSocc?oscboN{YVAc;#LzbdZ7r4>X(8> z(dyET@~vIgnRq_uJ)C^CbxW!-jZX(3o?OghQWW9GIK?Lpj50YNPd6rbgU9o~42 zp^N`%Kwl%7=5xv^`>ifoh5t|MnYiMrR8hTKh@EbEqaf0CjJXrNh55TcuuE5WNuk&S zP6PF)3Q(CkXFpo-gDM{UMS-LJ;H0IbXw`cHh)vV_7-XldV><%brMlp@h+uKlw-$@c zOQWun1WZ{oePkV$F7f7!Gsd&;T4)6D>VaY#DW<7Qir01OnQNm7p2?nK+qh-{!wBZSI(o*o>IwyBS<*O1IZuQlM6(yQZ# zge1ZjANCSQGphXsIb%s$`;F6#(vq@=*K{mq28gto=cgF*%;j!K{Ijfcu%dnERq%5| zWt#;9Xaf)@Z;dh9aS=+D=fO-#*}SuG(y=7<9l2h%Gtp`IrcnwIP`(A^z9E-7!eg2@ zqq^l2G9Yu$Hn$jny6dS-FMH&l1|W;Dk9f54BRS_$UWwx9)18w7PIm&i#5K@`F&L1>b5}h zppfQ&P4`F8ul;($*fKy^$jruk0RKL1Wm+6^Ce^@XCq^M8hQMl^YE1q^$+l=9m&J1w zK~l@j`1$T-wIwX#B3fc&*WP*_FoTq9Mfrv)oPEESz8=_1r9Iq=dVBr zZUb|+-0px7tK3LT209Nb&1%DM5{DvhqfuHCS)Oh!uZ6ujj;um`^P8R>L`*tYAt2On z0r?CHTqeX2l$GDd)7Aaj`mYr21ZaXC*r@P(LeEa!=Nf1130IBJpOy?3rG;EJ6sBwQ z52wt`cJ~LT^IKt`{J#jrG|Drj^Egv6hQ^DH;4N8qYRoQ4rES=DC%2dn91*$XQb`}~ z`moIDVW~ZxyRS>0u(65qD`F=Z&%SJ-6%Ptw=*hy`}ndG=3hetv*F#Obs9dJVC zoAL>2r!)3Azy#l-*xjjT^UEL@+-LgcyXl48)MIte)WYh{V z9#->>^JAH(#%sRw7HV&EG-X{4P&>pOru=UAROeoY5o&%Ix7Emf!EG1JNcar{K zSL|O(-!@|xX4naW zikPUH#H5UZx!1M^{T9a4XCCH&Z};kFr31NL4Wf5JG1saXptU);q&UwKCeEVUTbco2 zQ^Gr_s0>z3u~Ef`lH;aMf70`@uRR0v8sxm$gqif09F=47R2~QnAl(HzO(wF2u z<|Lit9tuh|T-zdC!<*{^s80 z{y@w&n)bXD+V?J}e*BEMt2#0b4Dj?+DX0{X7!G|t;Thj&ilJBPFIgpZ0|(o+7VQ4T zZ`iYsI@mqiy!#?Z&-A$Ud+;b()#S9R(+=K|IL|nX4Zel)`VI28o`_8?sy1a|Bviva zf5nSy7sTqbC^pe2WSw#bFDQ#POmt@<7aC+G8YtI6moXy&GtWBwY}o$=DnQl0HzX`< zC=EQABv<4i!J%)O5~3aCe!1*m6jkC(WK2=vGf&2`<6`yTa6-l56${z^6-g4KqYiVd}=XERL#Kb zgxsqISkqSmM36?zG`u{KxIgQua1B^ygu zw$_?8*#vyH;j6sTt>z=pz9Pk)CrqemW*saf;E4OaUl#hps|=h0%H)w*Mgl$M_Q4}`su#=~L`Y59BQAGN_h((J8 z_d;KcRTo4o(A`FAeGK{IdEVzdaIxUaw~9(8^7NrXe`j9JP~~~y@E;MhTr+CC0<9l} zzTOO^yc3EEHa@*bW5aLhOCpm$4Vr1->Gv{!2N-wlD4nvG_kB#o-sMLsnPu_~~p@RZ^x#E-blq$MLkPv&Z>ZZG+|V;vP^c=;$4M37*8^ zr!UlEVimEfipLoLVtbFR^67AN0O1jpMl#02A6n@2hE+S{{@OO2#u~jTWNM6K(KC)qwXC64UAM3z4ijJvXzOU)Jto*Q@4VZ$$l zWO!bkO&KMLxuUF1`5>?|lbhK~*JicvOa3|j@`{Qz?>wVJyoAiEDsc2Lz%MSy6%gO+ z=B?V4z2jF*Gl7L44mmC82Ilwh44-nu=>cB@((Jb7_nWa6+g-b3fD5i5EFS ziJUW1K83%K>MFgn7;4ae`u%WYpQwwxOdx~G57Jcj{aRQv3V)^gte>@;U+R~+V=(g| zXYY9e(RLfwDb(|*Jt)#;c%UDUr&^GwDnSF#pc`lSIMf;md`)n{veR<1e@#h`?9)Mj zB{J_%W*uF!YE0+ma}2m3R5NVYMXlLSoY@dE>nJA1{_Qk`c_dNrp0;VrsCd9*Xr7y7 z$`A|>js2%nb#3fpbaImyebdmk;ZqDEJfA<`Ehu1j3(*MWGAu=2MH=+Osp47M)r$_g zvKjsaGBre&1ZhG)jfJjYx41IzqI2W7V=x@Q{WYXcneLK_Eg-Z-YPMe+031P1os&FQ z%<(he-4I~kE0WsA`E${3P#8;q%|}MfXG|AB8-fgVb-4gU$A(!hGv2i_$7i{Yz39YU zoy)d5(oGcjqOth64~w0(@9FRQ6lEDPr3NH02;^ZK%jkltu3;i)(8M+$`nwV5iLUWo z7YZ~#d>(&H&Dpe&}p9uIJN35~E-vbg2}FtI@ zJ%kvTscvae;2m)59$lAJp<|V5vR3C1Q#f<$7`GJTWiSCcG&TJKiv8;PGDUAMvO8CJ z!MQR-Xp&6c8zVRUk>+&_G78A}wcHzKG6SwjfYXJJk`u0t3N>yThNRvf3F|T6IEJh8 zSOrUm30w<5rKNC1$CuOHv0Bh@)zq zduniuDEg$_-blCWW6!n0dru^xtrgR{Q)=NfJ)oCDY8eftZwHr^Yb#6|!TvZQL6nOF zRmq@_NENM7N%$eOFdM)18}YjgV{(oc&d_BA$->rjoT4gq& zYW^m9ZJKB9j7768m&RW1SPr+f3dHLgvvbYuZ-L?$!jyM=X8W=J@c7SWR67iZXd2O5 zcC<~OUhC?sN(|0CA)6o+YT!J=Zr9z(*W4ADD&0>lx)!;)D9_@2q};M8 zP2Uo30cvuq>K**ols2sR?=?ee5x0I%sgrZ>sB6n+&tSa(#O=~6|F==SkT2(l9{WfO zCLI|%g@h=nl~!h#A0c>~cdd0)IGaXiRo^GeW^RnGcIvHdKWU7QB}Ynk=~D?I6wLwI zb#V}XPl`V+Nn6GM>*luS67Z=K^lIun|X6!_DRrM(`{)~;!ZFuAs{)(czHX8Q@cuorrmOp!F zCIbDZW9HTuiFFri=btJN3EUx7zYBs0t|YxXQ0UHVOk8P}75C8Fw(y(i;@e$zPmB(d z1L9(9q#2V^PR&)AQD4(HRzoZktB4eTNvaig&;N)JyJ6^iD}0+?OSpk`e@s8uMWE{L@NSH40^=X5hiGi)}R;^gD&%0xUX z{K)kCvF#1_rtMI4o{fJzJyYMk1^?FXYmox@0p{{s91Hrti;)3Hcdm`Kfh`Fzgg||PL1bjb86Nnv-gHfV7V17USBuAhjoPOvZp7EBa zT~Rbh)nl0tA)!a+4#2KyJ~uNaMQXG5S>cV5k{W4=ACs)JqBzbwwsHdvJHY7tx#+h+h2p>;W?MASAmKB$@J@Y)D5+RE3*YpQm@fWv zZ*8bv>br`D@$it_8?~pT^Fc`Oq;-07?&_>lq`RninngFysX=l=L}RT*QF;fzki(Yj z(cc$CZ&SS;WH{=t$u5@9+tV3Eqo`!-PlP1d^lfSvy(smJlLhTthecohHVp(iy0}Xl zg#(edx2l?h;C{&^bCmEa%^+OA&V{^>@6TE#xxTDp|Dl7Vcoa1*6GkPP7{JLsX4JD8 zjk8ZUhVA4%AyS0ISH|@P7flWCzRsEB+sum|LJC%V(pd`UyAD6O(}J}8Kive?28F*s zG#Zh%H5QQ1hezREnr3)cY#AJWfS7<~AIKWbXW4pbA-|&ggI`qvGL~>vg=}F^_ZTZ7 zamwZ^t4VWj=t_CoL(nD-TQ(Ub0Tx1GL1t@Ys7GWvR4nCXD@mkj@&#D$$g(dh!)HLC zA+24$OySe@&St>zntnHgBXVJR4Arp)^nyI}`GFL@VkWNN;gS;1X7B1P2>g#6U+an& zeSJC%=^yE)ixPz5C;ah}uVs;^+WceSb)1b|RdL+HgV3l5k=ZNTMyaJTuV^T^fJC^G z57YJ4HDmfgp=R)8l_c$YB5W5q(!_13H*yr3Mfm*X){+Z-*#u{HzztIJ<|}5ya*i)k z=1;G@Ldk)59E^TT4mtjr-k(7yAwN(PdF2w;h-YP92g3SJoAop|cWV2OD;BSQOXI=> zRYGM-1e9#TjWdOEjWPag6>>K&6Fv^dDww@7!j^?S!C0)k*#c`DM1>xe5a%BX!W#SD z%JL|Q^oLi_tGwD&6w$ZBDEDpsjmYnylyX=gs!<6|_~z}^Ayz>=Ui-|y_h)(g@kyf_|P4h~}oFp9uPC@DN09-$`x zs}c;xpW#l}R`gy04V_~5JM0fnFkJg!6icU40|3pM9({jq!Oa|-_-Ey^cqgWguOg={m^d3!V760`Ce1F=~hMxnF@S{stF5M~?NHUrm z_HHu%p+3U_xu@Ld76n{=N&)3l-R}228DY@cjV!aA!=AOoA(ol3paCQd@bjp zVbuxz>Uh#g#=jZZaVv0@5tlhU(A}L$**^72o#9Qz@3T~P-1lc8vO_Ft!!@9M^**4r zr>dppwW{0LN>9XZ>BU-ruTB=GUM*_VqUyQ{_Z!K?Q%m|MY?xrFTA{q`1J8P<=%>mg z?Bp6`087#XZyd`Md@EFTCiGK7tNeYcDvmY-L@VFL&L^lQ-JBtj8`tCn~8eeaKNwAGOSFC7-3worpfqfs)mpaLm@R> z&MOF?Ie<5a>gW+N7Nh0B1Y@@^+f&`dwRY{CIgJQ2=3 zBsndCssh_|vTXX-kqpjK=x- zc9x?-%{-)qOrH#TyQGl`k1f4%t(KCA4RAKakxSyUb0vP-hl{m zpvL%V77ed)Qc^~X?SN~C2JOO4NA^9}yaAGi%)8+DLeY*uvV7FCu#KVOzoZ$?eZowC)EoJ;$0@L64uKVhnREf(j)YDF zuIqYsS#sR(Pp63D)8|ocLKdxtx55vBF~P?}JNKih6(KPOgTN!HIb{drn_rcF+Ch!` z1zQ;f&~+l`-7MBGmSIJ>u$VA412*Q5`98dnX-mCly+T(u6RX>CVO|6`IeKeb%P))f zM4$6*=GHCFOYE3v_xybYdE{Q-0QsHC?mHWolI~pr9&pQRMRHHSkRXqGuu56yw}ED+ zazP*NkBFD!QyvQ8^~q4pf`zCLR3-U4e^6rGdQl=3u{qT)iF)ee$92uJJsFYGA*2kf z>hU%0Uo~&8N;OvYH%S5m^TQ_$L$=%lZwE=+3i*r zK8I{eY#9R3r3hjaJhos7?9WSXj(SAE1KbgKq3(ssfAv^s2R%U!JMQckfV7|~kSQrv zL0P*Om0FF2ynS-l%U^6(VU5T&=(VpjIkeU(_jQosT4t#_NrIBZC#7`>!^I5dqnqUw zXL$G6g30&4-qnu)VK_A(XJPnlmWyhBL9Y%b-Y~iy33YJ1<&iZ0+=mOXo)!(z9S zuUA3F+Hmm#oRZ81jjBf$9(neF(m>TQrEpPCMxSq9hrI(7x^{XJ@^%=_K`FUU&st#q zNciOtWog4;GsRi&1AW|r355l}j(eRcxCV9omjNFpMep+mBkz(tzwB6@z&IejN?Cn+ zs6v#`sqaKZsUAxGh}cyeX=LNvv`OT)EIl*S1kTzX{|HWJ4^}K2+JA0WhwF}*bU&gg zT7GWlr>2bV=d1P?S z9SU0_wfoKyYK|yCE+KG@94;$vBTyJ@flI|2-j3vt!+8t5`O#jgJf%H-_Nv|?5Kd<6lF2c1 z!dQ+OLDLED4C1{%U@+!Zl5=$b*r1)5h~e9gmRZhwu)dD_(R(R${SitNn{n9OKyJ0J z2#BU|nCa_Ctr$4fg>Q&sYjxYB^8%LqG2&u5et;7Lhx@q#X5tu4^uX=J1jkYB@@M9t z=4`p@lj42Kx4Z-9X$T3yEZxY&v{LEJ>cTd#?@Ky6~mvEuaA=F1M&9>x|HM#qsivEU4`=6I90bEAtNLl zVNL0MnY|yqIOjD2zjjH!zBGJgeg3G!6T6-mCn_>r4)$&k%L4T_@5Am|a)+;riFY%t zV034|S};WJ?pxB}$5%?&IBk|sukJ3({1Q5=(R%;AiK;~%K<=n#ZxW#MJImjHfIH?? zyrrLRXGl{fW=p2eRVhVhy*!HSQs{{Pu!rQ!SCb-r6k?eygRjaj!+ruQpV2l z#5#+0?jb6AzBVhsiRTkztEb#Wsd@I7?LpZA_t?g_{>6{aN}I1@Dr=c;{S>dyW6WZK zSl*Cm?E9K=C}FmhlOw>^mByaxv7O9H*BKb$zAjn{I?h zNAzY+*iV%q#Db5DjeBHJItKqtnlkkJr2e6$dO}A02>Yg>7(I(Aow&TYjB=u?KI&K6 zmYft4O^dK7PD|#zfs8!7)5A2+@6IwbL<8GOZS(bPyBoenHK}NlHi)4g&|q7muk~u@ zh?g9Q#UefdKq_2%aMxpiMd=%vlVs0NR+itTemDZYGnA$mrfZIV zb-V7T{y0=Yu+O&1QY9gYEFifU(8aedTit~MkrmejhdUm^3 z`ctna(hbHA+oR)y&H_H*2wR{7fSc5wTj~hrri&MA_Lw(wHy>D6Le#z2sQ~J{5(hbv z1q3e-QSop1v|NP8(gwoFP$l`N^Y*NXd#MrpfyJBqm2BHT?R#F#9{`DpZfWp(bEU>Y z;vLtGF2@!ooQQ^oR_1o%Ujy(kgym~4fNeiUQ4MQ*2<#zR66=V{>oF+$nez5t_#g!k z%;EYGdOdIX`j&?HSrJPyjKtBVCjCG+9VTx+IL8WQ8if11(2xnQU`SZu#NS}bEeCzA zduiv#s7?(h^UuhNL7204As!(6`bTp+GUB9e`p(N-0=y^S%H*&ipcs;8zON6^8;%V3 zNdbue+62c)`D|<@3EKoqCXP&+s@ZDi|e@`)Ay_K&Jk_n2{snd zZupp6m_GGp>o$aZ9Qk1SzD zoJ7cF76jhc@h)k2{Yo%7QRExb^uijrhff*A-aJ^Ku_czieL}yc%H0oP`^F}8x^Yw? zGB(6R5Scmg(mBX&|7K!m)KN}URNgFitS0ipZDrsJ_vK7cHnE^)#EZeqT>N7=J`Ze| zN?!bf;K((_DO!DQw0~vUbzvvhf%x#xpS#*(SvuU}e%td`QBt|_I z@U6q??YTQ3-Q%^h`0GgFN$s>Ku70LH>hBp?Pj7BZB;R{GLB`8=ds;4Hburn!cK#!3 z2wS8Nb$4q$25=eZARj%&I`LRdvJ9u>G?61`IwzQdvlzqq@cu+(o9b1L2XlJS6T z**fIJ3AR=8Tg*tR~W^J&mSs zHLt8;=Vo8H;H^n!&w~ohBSYcMbM@qm5fE1uCr8Iiwp?{}*}-RL%0_?sY(D%1B(D?m z48n^9+W&mM`u+{=teqWWaN#Y~AOO8BMC#4-$p6&ucuOM0-QGczy#_A8e{mCLd3&8+ zc`|0Vt>^|yxmz(=CI{W1p!Fa^J!_INki&wq*PZYQwPjnsv91M^2WRLU%TQS3&(p*~z zMWcr}@vZCluMOyzBH3^5xyjr!F8WuRt~AEy+)mW-nPc&y<#V)6V*n7q0S5dP^*iD) zK}@88vPA0oes$8eN4^TPpDc}|7xE%;z`+J}Q4$!Q@k-7lnA~_@U5OgTZyHI+-0<{f zyZJ*Tx>4|=nJ1!b`{pGnu6cAuh+#9rmd)&1BPY1zq^l=kf1~>${HN91yaAK#Fhd2G zA3qypK$~W|V{(j``$WeEP{{`xpbS;5j;SZIEoE#05^O0p)@hSJy|y{rRU(-`Sp0eY zeS5Zj4y}@)EqjygtNGY{g0XHz9ZiFg+`-U91j%~hr%;-_viWs*+lV@o zhS&KntJRY4)>Wom!@Of69+Jl-w5!ZfIbJvxR+1X{R**V4+Rm%5_+hR$h&PP+y0$-) zH`gy)`K+wYwQTpeWk+qyv%c}Ldq#)pm!!zCfRk2Z&Gzs`9W2zf${#{Ae&#~VG|lg@0~oHPVS`|>Ba_WzWa1nhLZB-*lq-tprjPt>m=?$fTnDpzE2DE z^v5I^92i{C)B~G_SlYVW-q-OZVeW|+$7HyqDR1>Al&NqlucZ#7r>pLqF1?L^vSsl6 zj52eBIev})Ow^k@@uY;jGNysb22ubv^@e0Kkqo)@?h@EKtG6cH9?ksaq!P;w*)^(> zK%@3-a-m+-H(4c7V*F$4xTcKYke}tieRu}Rc1vu%OQo$N9_*l%crKC68Y%GKql;b$ zLD?FW)o@9Pq30;ugZS~I?wS;wuqCd6*uCw$KJDH+@CzMe`>irB(#D(=>)UI18cR_76seIw5-#^5S)2uW8ngapfQ@G zAI{I3CZ>0Xf=rwu+Dnw+O$o20x~K`Rerrky=oQEi!Ed8gz2w*7x25TXv^bm+10*#M zmMTJa^(8&l&5e1@uyrw$Rjs<;2v8U>uM@+!HTlA#4&Je-sHl$XDd8;~mr?jQ`Hd~Z ze@O{$%Ep{UQPHgSLBGw8D@%oQAU<%-za8di=Oo0bIldMRFfHY-+_u;CFCnZwrGK!d z7Q#R-hcquMlPeXn5A<`_(Ci6tbJlArBdZhN$Px9F%AEZ}o9R(VePQ$gz7@g&So#eo z*f!Fu)%CdcjN_)>Rf+LEyZxkv`ErZy5}*N3w8TC?c5JD(_u`md39h_dQ8gaAWxdEP zQYw;`^|@-l>z+#^_3{%8;fp~3@b*UhbGi>vEA#xSKl8_GtEy1+nZralsp+4-8EIPd z>#(%e#TP&?gCb0|~)asVIjjcl*6y;YTW+((c2Hz0*&l2wxOV1?N{nCa_>S%gn~8pwY=D zP_}B7G1^>E=D0lbmxkwi1I`1B?M-!D=eySop6>h2Z5i|~qY52;ojOHT5Zm`4@yWD) zFx7&uIOCY8xP+(Ec`h2Qmlal%V#mhJ{E|N|l=Ohtf4Wc3$90tFW!1&c; z2C;rmBPK4by?cUeZ#5q*O=N(=tj}f2HJ6&1g4=b0P&)jDol86xvO%YNnDmylu*z1f z=jL^PZNJ@=ckm5owy2~;`@se8Yz)RCnFC(U;y33q8(`Tj(SDJiS%*L#s=d80x3)3h zwhIkj-~$J)hDEe2&7;-vX>;q$_Tp_{a;T-Hq4quikzV-$J8*o`e82REmA{YiAnj*N z<~VcbyftDZd1h=GyvELw6O@Ioo}-OVm};z;x}^N8zvk1YqW|_<6Fxe!p1KhGQm-xp zh}Qtx0u&42SPStS8>@>U-m13mX8egk{?YPKGvVht!W z_EyHoX}^%YG}3{7Nt{$0aQzd(_4*4D()kOC*_+-Oy!!(SGCtuedr6pd=%>{q$2Xq9 zLK+&8ONla~bybDOFzbJMc9gR_71lOkU!_|NASxE$$lL?pI6NPg z2-N%30nKCRtStudnT`y&`vfWwZvj%v*R3f#xY*1_Pipk+D9{#@*fX0Ew?&yrm?fX{=>`zkDfR3TqnIu`X$}@PUXN*TiQu zA(^QP0@+aZoc1BfdJsmM{H_{uq^)ru?+wO)-ve|QrU3buz|uABG{03vqw0;6c4xJ~ zwxP_EPpzwMNb;GY)}8J!6l;FHZU>)DxSiFdJ0$m|qYpACw9vR%`8TkJ^%BtV%=*p` z@zzLFxa(jG1H?O|JPFc@42NDJB}#7Le%w%sV!IM~w8yb}RIqn}CZSih}LSl_U5g}~su8|=7W(%9s z*Yk|^io!S2Xl;A?FuS~$APx;K4A}xjmQ>Iq7bnoI`I++i0gLb~t{#*S>Mm;57*0}O zqmZK`+|VVW%30xCOfDi;g;48*wbRmo6E{ZJ_K0)2XM(R-o{hvTM$VaAUvKhU3AFMr>DYMVV05Ic2IemLWPn2?Jen= z5i5*7zl}#+Uw{>`T)(a>P+XL7`C>u(0T(9RR%X>lq5;pB0AE8OAJoGZRQp9-L39nk z8B}te4-TMSTUEv-?_xruTw~-WO3{D{=BEtAhJ{Y)!qNm6+ARdu!@2_U$Tf?jg+Qg~ zmvs8uyxg1v`VifCI*&xc-!EvdQvbmli~_k`BBY1bF_yKQ3KuYN~(-*k_N|0!WWwYdQuROIR82LdrGkw^x6wmOz~6oO#QB=_J@=k*t|B_hQbT7C0W z7Rqx`Hc>zOi^v~&v>>~l0~*I4`!FHv#>N`{919Smly`A{HHEo~^O}Dx&J1)r`DEpBe79PDSTzJ#PJv+)mN+I#i1Of^ zvryZLi_G3ydg!9_@+O7VRI-dNBMbuDnYrW{B{qW%n#Fc)b(TzL^X}GXXYt1RB`d<_ z{I?AwCT?xp|9KW_aL-hCH60;KJ;?;aEa*^#K$JOyDS9KjBe+#Y`}v+a<8ooM;zY%c z1^QVUo2oHk6p|<@5ZW#FQq-i@^lfAO<*k}Pq}l26SPiS2^^dm%=QI{9=2 zs~VkHD}Z;?az28_ANiNkk_D>2$cmRY20}4gXJ$`$%V1%)MMs>t%M!5zNLYJ+PiwX# zkxF7~Jni_BGP8suyi_)EFRRzzWE6JbTY>iNRQ&QBR`M0L(Mz%InhUQ8N{}S4vSGJC zC3G>e>48Oo65k`>j1kA?YkRpzq@nTWX zTtx73Z@UE@cy4fj3e*Pe6wI%Mff(wWtVqs&QoHMWI9_ ziu1`HUIv*mFtE^hbEiE9#{K9e8(d~)JDX}{kdf#D4ab!d8wlZ#`DSKc;)i{Sw+0?T z<6j&KxI-fFxG-j)h8jMJzB3!Km*|grE&Y6>p5+Hun;O#E)k2IaBE4h@DpgVw%9^tm zBB?D^n{Wv-qfyZ4#+$9XRTVQKq*x^{!x{*VU_MhMD;!o&2zVHJN0a0VfnsP^EYc5Yg0?mPyvfszZnrAcEd4GMCBD+#va7bMq2eqFi{(JG1fYE#Blk9h9YaPO!P`l+x!+2`y!5 z<$dsUh5k*ow0a}KWwXbC9e&mg{>PutJnXgM39%5PN#s3*a89L%md*;VCoZcsz9u)2 zw;3e7o_-ZmbUj_Mq_JF^Gr<^^GS_aD?&g*Pvb|W*L%k{!&t+Dh;7<^cjYfmwXyc?A zy;?LMroXb}1?b0dQNR0xMD@*|6P?Eu)^+0hp4+rBENuQbIqq%7?LN`xMebddUmABE zIiP@*o=+S~p$C%^_pQj~qx367BG?}#pqWZ|ORvgi+hZPE&zfAZgIJK-@G*12`EVc& zFPKX@w@U#~VEvS3g1h^?=-5Wu=1rEFr(`d*XD|gGW6h)fGxVmw-^BHbcBEo5B*htY z9+=YNcE2A_Hwznh_+olE3V8DwJ`Vqtu%64-u>C3?CV5+Zxfvc8Hle?$Uvv7(_xKE) zpS`B{7-cX}s;Nzkp}Oy^5+;NToFTk%Pd%PUqul|A`BCp>x4pBOujfOv#fr|oFY%}0 zBX*5!zA;4O@FTi%5}gEfjylK|nuI}}%8dc^;ppy$3jiyQSvdH^w-hN{1@$-E;s@(q z>G`Rtl~F`?z3$BTKP8e`xHH+H?*0`fwA$G5({?x9|L;B>pT(nS$6h&6dn&uJ9^REw zzAUc-f`4K}?@tSzZgCb4o7md+rU+H@Q7Rh*TF&;kIQjI zbc1whq#RO zCaWqqUkix(rg#6=B`3KHI$ju0g{D|IvP7B9;+PFOUr)_X%>a=`4uHzC8km@Za$So) zFwX~+x;SL3!k!Rr;6x)jwP~9i%5 zJK9hWjQ-(>L|je25#|yg6=Ga=n2MiXXl^xmDS<|qN4GCdhZg|(S#xgPus!156^S@H z$Lv(h+q?YnBc9(O^mKzDW|3Ekly=Z#b6mXJas)R*n$8<-l^yIb`7>qhOUQ$XC5A$V z0=*q5Fjn}HOLVp6tMTMU9HsB`y&Tr7meTs(2y`jpJMjP-LoeYaA9(6|j|vXC*` zqVcW}GmtL>oIRN*BtR&!ez1X|hK<7kNfoIObJ!u>d3FN!wI;z>Sk+C)J+y{elas$o zl`m5@5ZXus=sMPei}XvE{e+j(yN;g(R}JL1+n?A5KGa_DIfgsqjjo?jrq;tlou#P8 z)5S^0D7KA;GM-T-q`xreDtOS~u7xoCy^Kogtm}OTo$5);hjxfg+>VFZGE~Q+nmJV) zSt?R@T&<>-J)fIh-&1q4I^m<3^RD`=tX#fjV}$Gi8tNU3GG*I?0Y7Gj>1sM1 zTnyEp8Op8;D!uJ(`P*{aEn30Sk5I5jWj+fcdE%(BEc1>ED5G&4 z1}8gt`FXBmoPEBNWpqm8b3TEU$9mOV2<(-j)H;c{`pSnEnC)DPomj+W>lBB8?R-?Br`#el02)PV%D{)SP@QsQ(9uui`_S)nM`;YDl8VKntYz8Kx^1XzD8MFZS_ zqlujw6BvEEHpbUTWi*U&x5vUedxPC2EYXR7x{QOH44Cy1t>NLbk%?jG66W~=ybNMc zja*a9A=z)r3g&zU=LB488HQ?urCAtKm`-iv6^6)t2lY=9|jj#{2zg+s=P6Mx7JQ?#-v|F%=zH+Cbv314Ea zF86`$dVM3#g!qFF*;35y(YmdS`}9RvX*1IuWkfBxw{FR_=nrbELoMCEKS;RHSZ|4G zd)z--tskA<)@H6TzFi^ThBZqn*#IsyVk8wMI@nB`ezw9*maAaT6?2}AppcrYc#w^^P?s7HdqLMtDU{FIo6~(sNj%a6JPMX zsceI+FBT#t201l5HAZH{>yF7(e8Jx+j5!aw76b%qpB0FlEttNiXvYPwu$ zeq?6&j;A#Gl#+?s!gn5?f2NS(x4F`8u4$+m#e?-Z*~td|O+hIDP8Vi~AITa|_VKKp zaJ(J-&I||To+0mJb9S0?m&!vdVvP?`4kXyiW%3kQ09%(o08nczH6QtFt(|bq0`T2z z{~B!rTJGz$&r{?~gDaczMk@zdGPlSq7a1DX!m#O#;eH^T-tI7RT&QNAQ<;@0FhGwm zpETwu(emkjH@OAwQNJGgKT$iJjoQ{AFzEM!T#+qhUv0nb`E$4n0DhM!0~bZfAjQs; zt+W?!y^)vH0xj9~d7wHBE_@VgBAO-dja_v*QD9z(iK+qa2j5GLlM*2%-S+*ybNKXm zD(0PH>V9Ykd+)JEU-U}3Xt51a5u`2BIx)*>q9J+|MBP?$Nh82$(0w?EAWXluHF{8= zF=IYFhaXn+b4Xk~S@IrcX?8({#_9`A8Geg6Ag@=6#Lo?s(?jh`oE@oqg>sAyui@AB z<3@%Op0oV}0PM=pZhPIz{8b;Qx=77nIyyiYTb2L%sCyU-Xy(b8X@qcD&JSwAcUQ%K z9Xr;U48;>TkbI+rmG9mk%6y+?usA5Q)fF4zltLoG*J`4G_ob?zxZqrOZLLC75^Z0v zaW=)}G<-Pc5}gW=tv;dSY6!EfL5c88?q!agr>LinRX*sUz830;ozO)u?i!M`sfO}? zYP}OQW(Fij>i*DT#h%cl-G;|?2b3K28@S*&g>7tsHqv@lBh>w!* zp4z?Ymr9+%`j?AZ;&U@H*rCgL4E4b139HpHqJ&+j!I_@QMhVbYac!-$&Km$LOCM00f+XYDhW(+4SR9P>iO_MptiSdR@7ix2V z2GGDqj027&Q&hnYu>y5D7AZK-iaFrE6iaRw4hA-Z%uF2`naT_@P^{ECTy~HEHtSmD z$|`-^Ro}i1sJUUDbf{Ej!NTsIxe5>3YkfLRB-!^tP+9AZqDXsgda^L<$%w;;{S51o zZCKhEQ@F{^sf;eS##j!t@{BLm!ckJYAHl+Qdx`p`RgsmucmI*s&99t;VVH;nutvhs zZnV2z%iKy$U+~>du@PWO7C!x@Kj(B1b^JmSck}En|R8^H@zk$)+e6^yZbC?|nX#Is-#_!`21i(f>Dkw!+$6 z($(MyS8$CVPoUZk%J44|vivq;*S)bvC-s+X!|N7dsL@?*+(u1IM;HIZkx!S}-aVv> zn|DQyk>~1U9;1yr;H|s9QCIO9HnXqwNz7eKdVsWB^+0SIuRL`^CiEidRUE&kfTeDw z0zGa4f!_jfcPs!QB~u`m ze6kn{uqfBv3gobPMvpS6Pi%p2GSq3q5EV^fVhzv)LV@}QY=7b#H2@Phln%*z5p|N0 zY$f}7p8YlO-*d3N+`|%JVc`mS`^d)S5>WChgNC3A)R*4@!SKM_ldIdrru+8{Pbj~o z1J19a;*|b9pFg%o$I<==aPiB*T^#l^erqzf0R$3jT-vRfQCx(Ei?i|%+30hF(_EeN zH^kQPFxej*mVUC-d@=!Xi1Lk2zEiJCWZ>y*Gct z^PpuV@`{T$iZnys6R;&Y^91^iWttJc!0kRXv2*ool`*7P@7hDut;LiS!sv3zbuA7W znM|p7KFRsVgisjsML&AlZ{N|&agKqexN9#UBI64~0ywr5d|5TnFzT>Jf#L%wyg;>@ zOhB;>8Iq4KCImFw;wubsPCNDo4G%uD{!EBkc`KbDHNfjLkI`F#=71NP0|&UIY+8CT z^x0_LN%H>9dQlsD-n7@ z_k$&NVGXn8pMM8AR-9G^YFwpk9p)|W^lCvVzRrEZAD>!zhXHxkB! z^=mH4MLwk{V7l2lIqy|1*AGN;SW9{yld3=M?ejp5J#BCuFiN~@p8+jQaJ}E|1aH2; z+9xG5kvNu&{Dy$ z_%m1c` z@XEz^d6%Krv!Upt!_o)!u9F*teIm)Nwsn~~ZN*0mr}XE@zd7rsrYlQ8_iq2RONZl@ zy`kNx4msb4@-JsalPBc!quPicShr=HUI8TpeT=XOB=R?&Ef^x#C3qs)Owkv;gNtaw z{JjZuF)9s`%2)cHac2P?QYC7g?33u(#1z*ls|S62oIlFEN3d=77w^y|MKh$RQiAxg zpXYCRYw~uoTHAHKo<8mj^tC8RuwG|u6t-l)6?wVlo}-at{V{ zl4Rf(h93iQ!c1{_-Q5caG1@S_sgP`Fu*#p=Y~M5Hr(|V=S(D|==G{cl{{QnNy0|dr zz8hwvOI;wt;@BUEq^@r@{MoF&(=9ytA^p)XAi`J?dy}W`imPuGvPB_A<9ky@jJsA6j9WacIb6UMr=(x%1Xd|n z13L%!d+2-;rXBcyDP*wUH`%?Nt<*>aS;c%_5=CExWjPBOspf!!Lmv&$g6yEXHjTWR zyb4UCSdRAP-b78~iy2fS#n^Cs`&^nzafJIQ`jckP#vn&Xvy}o9jcAyJ`gxErk5VdU zoxxMk65g-NjfcIW()$&TxUOig$p1dN`ZNl~k9(?qh3k9I+LJ+>90o%q*;H$I61oQ3 zh(2a4eLScUcgjwG9|?O)TLuI3LV3DrPS+>g7Mp#jPvPN@>L?Z1XCdtPXCngU-POM4>H=CDu&3a#hWXgA zK%-FfkI0jJ0hRa%uQM&_qzOeGtpPZ{4_CC0w^)(~TiG!2fcW3A&ctEff)MU>Jv%VD z1C18-;Ih}~{RuJxMPzE%w!aNcoFYET7&W-_0pX@o!fB2L;NWtt@GX<%k-Nvw8C*rt z6^Ql!k4#n8E9f)9Z-UOxe`s!I%@Cq+XoB+0H?Ct_hhmg_y_fjsS#}G#N~0vik0}lM z&KWg+e0|$430k%64f57EtNc}olXp}1jB4?nC*?351nHiQ*VTp0nStK>YVz>#kYJYQ z0M1jr#GIDB=vU;ztYcmOrms3rWNc@x%Ds}W=wZ-bt3PSMG-IRO@UP2g7PbG42x@04 zOAz%Y-V)f1H#3-Z981yzZy54C9~eiC@}%=xCeZ*%K(@compHyB z8R9u;)LWP+^I^A_UDx3s^6i;R*W{u z>{|K{J7j1BUZOD{uuxSR15ogLP>rdSLj5k7tc=mxkYsf3VTDs)jf`jI+H5G@e`6=M zW&~Y75{7v>MZ}iFm9xF+O^I*zD@ud4D7r=_TqYN?*T?o6(U|n~VYaYvw=h701V3mK z0SCNuVj@UauoyB4Z59ekX7W`Mq>}%d6A1KrLfLS5r?m7p5=>;CmQ~-a+5TbA=&&>c zyEah(yLlx)&-aSbJTI^s07F1+aXNo>NtRc=!1M3n857Fa+VocKa+IG&!PI}SD%@J0 zdvx2#L+jVe?bz5rhNG!^Ziw0^Q43-uujnR4tWV2*OVr6mKK3r9D6@$BEz@woU%)Nk z4eGx?8;()KZV3I>2eiJ})sG=Sgr3Vs||J(B7=B8E&(Ze_*Qsr{@@0&>W6F z!(6TD8Apsqd^vW!c9AnwCQkwsku@vCt{!C`*-K2@Odk13nr)1@@n0|}OWL0GY$I(? zx}{k`qjJ>@G*}IGEK;td*d)oaXjHI#>sTg&yjJH@FI63US|PvibgQs`5v6h3m;`J8 ziCN>Mm60;p#CbUIoB%>N`*g*5f^pyqmSC}>T?9`oz{Ue`3U<7w82@9sHd|(Sec|c? zFXCG=gni%Lc&gD14UE>_q-fQ8|5t9k34>KhrN@~jrFGfbo01D7GOc_1PS8m$3n|Dz zxZMRC_H%KJAv}7wX^{GR$s<`(~DgV#Pgue*pp8Ge6O4-L##Oin^>Rulp{Sx_qUr;YE95}-MA}v&D z%6IyrbHz(uzOpu0aJ1{W{RcCnePb;kRCg99Q8b+uYiR`=*{YfnBP~kqLAeo{E#x+*4p38}veJ9=Vey3qH zsjEoJiGBU6*8w|i_MQzilnuFHaJ!QWLZ!m{_yOCw3!dahH;WVp$PT7LytUS~-!1g6ITfI$?B76Dnh<=Wb3vW@^ z+6_sJQsPA*qsymuZ|Iv=>X#HC%$!J4YDuwOS%XFlM)|Tx8NPGm(yfLx`T&24fvu%X z`VaUZpA87aw=qO0R^u^GIBoH;oFt_{3KI2kJ7q(?AFxS(JsV7gC}s2)>y z@%7gBMu^30OT6;(p-Jl-m{!#vKco%EeEg8`6!*oZwis)7SC*<{bj@a)ihT7#KEv+_ zCyg3WMPB|jw2oMM;JpRJZw$w1q*P>mvw6Y`b>)4zYBB|^i{gC_!e;_PJy>MW_t5b8 z)yx~FL_W*DudOlWV&nOeL(&W&h4F1U=(4@cCF_|LG!3OV*}RYcl-1vuHaZ{P7YNgK z22})?pn+6%EzE8v+8MIe#%zD>wr%?!Yq^K_u;o<0RF zo>l9+EE3Z5vgFF7OgI}GHRP`EXKe=<*L{gF+S2i^Jh8mpK_KR`8l3vSi_-#zIr}0$ z-t2TU!Az;Z054Sfp#mv|OGb>9^}IwY0!}M2jP73*NJp*7GJpfb6Gg>Z>0mN|Nz%M! z=Lf#mdy;ot-BWOjz?d>Im1|h0q#zQo|Dme^mONZY{a4CwJr%4pfg|@vth;kZBn+h4 z_x~+5d8~)###yL-sCS9Fm`@N~USAlK1gcwKoPk@>0_rBvaa464!U>le&BkWuWwS6< z?cx=fcIf|nP%!lXoxY9VyAQ<4 z=#kP<6}&OHOyu*m#ccx{4p6TU=QX?`1|gsNU?S6d8wx>&3RDLv82*fz#Hy*c-oj^T z8u(QFEdxdY6FTeS!mc=Sv7Bo-+Ro^Uq>2b!*o)?8@*cB`8GH(*9K3}AiCZc3%*)f% zQ?kI2%hhvoR~3!|{ugORiq=T$Vo&)x{_H3U8I{%WkPC?dv$vnTJs$2?LDgfcV4ylg zzTgv8(SM6uTD4AdTA2kc0u=oLRY*e?ld)d;Tz@H#hM9iXsYE5y>gVwVt@(Uxltu!+ zhg=SgJ}sErbcM4g5Jgd2M89DNLl6@O`W6E%D<_sxzLGGhGFa0%9QuHbv=M;TYbryU zLz$zd-6sBU{qm0`yI5)w8PwV;Hx+Bo{X1jgmSIzRgvfDNsMPQ3`yRnpKkGgJf; zg7CozOCRcgN2b@wpw>(<{OzV&erfUjS*fwkL*pY)t<(je$O<5T zZZzxKjzTJxP@?UO0xyy1M^1d^2E+T$F@npUldO<#-tY{Yz>|*sbN+}gA}M<+h_uO+ z9UfZo*H{TnGKkyrNug0)(9Eh;6 zwp=9FQaHPTJpOBa;GNXyC24Y>MlFB-U952M~#6c1_>} zUm~0=^EERIn7cwy=O-0MP(XzDAs2w`y9%++Gdv*1Iz@0=m;<}_yV|bs&GSt60;UN3 zCT{LG5V~ORC5>!vj8?G(0b=@^GXT|y=ceRC+^1CB?P?8Fqiy&8tO8cj?^$7jy?v9s zTb-PIc|_+BL{62_^9iBbbV9wCXxmzNXFS$=A9Hz~lL*H&PR)|uj9i-Kf_ht+jngP4 znxU^~l85p}?bl07BKuRoVW?T?5K36>xM4@nMp(9@YwZ?V@ox0Mj2mYuc1mW)$aO6P zj`Sgg|J!JU_s5YYpieGN^*o(1f;G2f|BQ!cpu`;tD95P#c3esUPm+HEDVqnL)8yh@ z<@sGKDY>DVCC)cwu{P_6lF)HRNhbLaAy6xPI!A5xzy`KjfxQPo`Z!+P6bQ8PqIh8R z-Zz%d2llZL(Qe6u8IXlabkW!?@4qy53c|Roe4nAcW+#c9tH(5$`Lh(^x6}V|PCVgn zjkkt_;_mkdI5o{?m-Sr3y=J&O6om*U-q>8xb!89!9AWmi5@D19aEb1N75YF-hMtOl zt(JN&r`$k=i*SUCAoPBt;KbyRQ9&abX^W>GSiqSenXlLg2zO|A1@n8 z=y&XXVJw{#tJKsWO_(wWiXstj!T{0v!pD-0>}x{rWHG%@mAzkWrST!*v9Ns=*2nn2 z6KEE*WBo5+gaC$aDQ0j^s#d4v#ZpC>6S;wezB=cHNu1q#7u*A>!N^nU(u{8T3*3LW z4WdrEG07dQogQ+s0D;XL_-Q~Jx|4x7v`C(kR!4`fXkUL$l&D$MkiCk!{E{&YdHxQB{V+6KBmQbayS;>&5Iz(E zxH))fn}{F(inqfVS2H2_LEUFaN#)YL1JgBos%vSaJtNNQQsF^p4IGlhO=Lqxd|}Q0 z&tYgRTJuPW?qA47A@#+PO*_0D_U;^=kY@rq& z*vi+XWd;0~FUjihi*jJbMg%r=i+Bg)PE7o(Pb0qUtS{g3pWkiIx?*yCTPQ6{VAsHp zA9>H&3kM`Ct1UB0!a2)oQ{rBh5?e^0EYY&?nDZ zf!UnXO%y5A%G!~zjaq=FmO!#CL9-jl#(7pYCp#8P=b)GJ!_62uJQXtPE-XSK2H040pKmW#F3X^(@=YI z!1Z*lEelVK`dbqN@JIU?JhDb_cBt-)IUV`^^0l3oTH->Hq>2(Sc7>YYQ5|ri{DX~| z!a1te@FAv=Xrxhuz!|jkP6;*a1-pHh7>TqP>FrTkZLblqP&iH zwopt*sWr7q!@LkO+u%DQEMWH#&3>QWLgE;xoWFiQH3~4zdQPisOsflfrbbN4Zg z_bGCLPu%@Q-`!THfY`hZ;mQOUx^NO7f&suIO$55qD=LgXo<7}=mdTq_aBqj}7oy?S z;o8q)FfG5_Zum4yPn~fO5kGLLkFOBl8+P^X`H5rv7Cy!8u=V<_vB-SAk68=?>@_I4 z7)L0!m4r?M$1Xb5!8zFcIHlJ>h4%w@*ggO-nO*X$vy8zYtQ<_ob5Fls^Ug!DT)O%G zdwMkWG-{*f9+DSRn)^;(ZV~gn`JEua7Xj9?y?&fYOahw*7+J)$aR%c^9(FeWhwhP| zTQrdQxpiR*20d-=1&58K!_G(3ZVke=(9ehjDb}P#(YsS+Vb1Ocf*$_P8I9v794e^N zo&k~7e&_lH%vL@4k)zB~$y)sVvAqB7&QDf3Nwy3|II8`LUZ4I&I5d22iP(V6W9s23 z8heI96h}>;V%%S)rYMHQXT_2S9g9_#%6B&9z>+GX25z$7c$$jDD%s9c-+#D=1YA4! zW$uMW^woDgNb7LP{!N2^f(~dr48D>Z{Z(450dEs0Qum5)H^e)}OH#&uyQK)nw6Ej}i^RTSiy8HIt_1fX2oTWKor zUTf;JO>|Lu9b!8~^zU=}DGnQlU?arR(WdD7tQ{Z?r7s z%%9^*imQ+6M)fhv0dU|H;~{m`d<6`uBCQwuiPC3l#%->(C76wT-7jFb=YBnO+`w4U zb#FIS%-m$5gWM-?85w%0a zlPheehjFF8K{Z12uj8}-L4*8y=1TqFEI|hSt$u4R*VM`{FYR}O6Y_}%-Yt>JL*}-y z!AP1DLIrKpP@~S?L@$#A($#>$2gv=_p;qacOyM`{XAd&g>`yvfh%YBb=ez^Qu$|Aj$~B zqaI*F+s(PhSO)ZZCP?9d#~hOvMcMTJt31ifPgL9)8aUL>^cua8YazPrQe-U8EseWC z17ZE4VHtdysqKZWNm^g9+r~d9e@&etC)KVB2^V4)7Qsi+f}7YH^1pmz()DbU*6Ujf zE&T%}1ZINh?ljoE-TZQtzJkK#+h8bewz*JNhE?|S6mril73Ht=en3H_URM1=tH98t zd^4K4o0iI)cV2d1vi>aMB}7x&1rK!$2%6^EFBq#He%vc7VhVjyX zY9iqjs0guR$tm);k;C81N)eUEYHHKDXmOq(z5oM|BKn)z0U;KbwVWBBRAG9RA4sE@ zoHF`4cF3DS+s`D%Ji^zM>3&kUrs(GS<`m)+2fxp(KvGvh7U041Puw@$yJWcUn7 zy%_3LPN(O!JoDLFgFH%#t4u1Wgl*~(d+n6(Q=`A1D9XLgXcmm@=qY>&D@6(fuIUZQ z-7mA*HG?mJ)pRv8=lBkUb$%rU z_yKI_`w&!r2|Iba^l6D;U>whp631GoEME48?u?7Ez~OH^uTWh!LghZ|slf$Y>VsE1 zc}J)j6Ltx0g27|*KKvmFPxjnWkgejnp-l^Q+wW=BP4Oi%0Dq-k*4i)+>SvQ*Y)P#` zUu+@da?IN0t~f{c$hB3NTSdf=aj+I4f6mTIcFd5ApYWu6#Bt^4B}1yhgQh5|Y+w0| z8uM!Gs2KRzXES_D~76$trRzRLBz= zpI&3nNd#h(fCer&&3WZku=>q3T>pM6MSOZ-97#po85G`V4M6e&$Ol(&sY;`T{&=;E zNn?9)^G1>0-%u6$8KzW%PsG@Cz&sHEke(JE_jcs@PwvYgo1gT<22)oG^T6Kk>62;T z)bLPd4^d)00Uj?Ez~zKj^S9tc)1?iR*1lci?&+4|ikQDGz}qDz@?nQg(yFPYn0dW-QUY5slPd?1 zV{60@&40V<*QgTnxppj4VT&UdE_4JC-QdPBkuUfSjtCqglRG=?I{=(e#Zu@fC0z0? zJs+hh^A(Mu9U)t0lwf`w-X-W=W9xKe7HU3Su8z{T$PW$4T!EJVS=R-i*gu5%`&Cfc z_Q@^}Ke5U-q_3f2@l;W&=C_RGdfklb`!n*mm?AI+rBLfqOr1pej4&+rqr*3~-x$~! zku4=JAN`$q`}L@RxhvzUur(A%2qmhCdBQnQ+2jx8OX-@`(VD%(%}{Y{14PBni1UX! z8_KP1OR!M+s)&5ysj)a_liIJFo|O6yJODIj&4&zx@-1`>GxAFF?K-0YH4`306x6z1 z6(A0$+qMouI5y=NY7dJ|*N#Us<kU7dNdaDVe_B;CgFi%~Cy ztI<)-OKr`c2dsV!d1Y0ZNxM+}6O$Lhl{_%h?mt98STz$F#^3C5!>;?xf?tDnTzR*I zDyf&r+i!Uvz%iK0b&k$Y)$?^1LR|JH1au7IoW>PpWc6t75G!_5`(U)eVcrhTSI}Y= z?cSKI>IUtb`!K`dsN`#ay_+$YXK(9lyHZfPLb*bHy8wpYZ~?*jqy;QD&=Xt)dkGCvG`rW|>q+aH6_bp|k0P%eeS&6L3N$e@dTs`0KUrm|Q1 zYKI|cn?jDrS&kVzO}R=rXh4)q(^U2xozz|;G{w>9-<$^VfMk-_LuD&O8(p#FQMHCm=~m9{|&;G>|jv5>lXP-VmKmmkAe z@?FUa#6~lQD-b4-%y(k{#GMsXo(d61WETl0%r2j3ei)Tm?RmR8EPn@98%nG2*7uF{ z>9G3xaf%o#fyvn7rrxaA-nleW@GM$y#T=+x?mdkM|c(nGu< z;^nGLmV}!tezWIe84j?#uXfvB0ma-a36H4cLzLXvxY=4yZVo8ND&d=ImgCUQ6pQh& zGlnHoS4Dky%_qTKheI4(l-;V*Q~xuM>{+w2@}mIx5mIMoc-0&lu@%+UrKG`+;)AV5 z{RD5l!2)ji=!%j{W~PEJdZ=l+;;!{%^wO_(bIPoQ!~R(aY{(z-%;Rh2x;j=S20xlq z#{<^}clj0mf?k&|KU5;o#{IEzLazWPOB(q1pU8+_8DKtT7=U}G(;K_Ftr%-X`HdeM z_QQy`3~rkSCd67ltZPXkTz(ED3lF1>EY}fuu8z*q$o^0K5S#Yzbo{w>*Z>CwPEc1bn}K>y`A^}Y=?$N zRY8nF1k|9pgyp)>D0Y*jySfU?S~y>$g;$#p?u!rTk%HkHBHfNe*KtnXvAlZoRAw_q z6U4{z^8T_nN)$(>*>~8Q0)?6VwBD;Ca$xSs{{L7wU$l&`OjMNr>wdPpN=!SL5 ztZazuNSZNArmJH_U=iP>i|PYUe@iW~T6p*;%Qar1r`$X2E|htbgR0bPZu^fdNz?@Y zKH^JnhxUzwEhWvpH08FntuB6eR$zIKtWSDN&sb5D<4G=OK9>xVNDMqc zvmid8MlE-V$aVHJ5G!>+qEfU;vcxwne{)#%@z6W^c#JBjS)wD>^`F-`H+9vqR@K%;4?)rn%JD=hpJ;ujdCkyQ^@ieb<1@a3HOGIKG1OHfb z5b1p-|IU#MKb4PV$);9SjXW{N^Ub2Lv3mM*9xe<4Fq?aEr3qM)Du1^BZstjKXu>6v zmfw|>bwTTNqFWqjzj#W`izq#2igt?E?k2mQ`3k2}Y~5I>b=0*8PGm9*9oJ0jGzY{% zT-zj{xhIa1EzvVaB$DcccwiLyNg)&|c5K!|ji~&b^44Y9F{He<6=J39u}*T0^BLjs z(!=AF$DttePOgv>zccNwgwCp6IR)=;jaFhCP#cK}hzw0D`{Gg=Q)9y*2rPpuA{pL| z)lW{Il)C`%X9deBvuYZJ8gm(5vZR<^Ze0|x8!2&8HLviBfuS7hAM239G1Z#REeSD7 zO^bMGB%dg!+vu~?r_j1P4F-)$vI$~7NH8fb1m{~YO~3LA-p`6APa5ZL*(!R{_mhm$ z`433Fr5_-Juo7q>R2`~2dEGZB0V*D@778gB zY?lVdf`UyOh^GM5PO)Jzc48&iGf>P=0xUHJT6_#dxETCD=WJbVo z^iopHg~Z|68l@7;KN-V#zq3~;!$HO6Ov}U%HC`@IMbH0%`=4FLO1~D&`MWU<99sMu z+Dwsp6UM5A^0x#u`4XagAa;8Pdm}m*)cmGPhwuNBUHPZ&pq?KJ*MBf=gAr-AI0=9DDI9yP<~l?Z?B$yq#``7QiW^in%BDf*BTM{6 z*ofC#v7^Z?6tJCX*qSkn;Y=+^tV6-$M2RQNbRRtz%Ee=Qeh? zMSvqYt$c~dTOd(Y$3iSzSUy^>`U9himM!ht&Un3bB)*5i2F!Z7_wJxxZg@o`(chS| zq6Te#iwE^ehi)A$dUpO^PJ+vl$6xqzaDSp%|B)?;iadsu_d$gR4(Fngn?jDMTIPjr zlazr*6WkKu6dM{SI{Yv}vg!+L$3+=^t7d-fmt0FvHz=x*W;_M5!0+mb46A4pCxjRX z(kW(D$F$kgNS6I6BJqT97$9ZB8K%Z}4?u|48+RtzTW@dK$VQQ0!Fwo=FMthY$Nw4A zfos7UYtHs}7Ju++qii#jSn_eRSH*HCKCL_V!Lv4kOvK65Im~{e(=M-kpMEqIgit`V zjpK=3D&N`E!l@v%MZUjo^}{S@Z#_F)XN8a{>p(2$Jg}l*o&jzzl9k@GueZZq$|T^O z8;?VcMEB-i($NDg9c2a)Mk1c6IC3x#)5_rTwO8R73lSUX#y{5VKUHc@l{)`5J*AiB zuo?c)#Qze5E9SL}v-Lil+>`MF7k2M>tDM~_EA1CCU?YT>ZDM^mm!I=D&A?$kkf##= zy~PyS0P{m2-Zy3d0H{Rrqy5S6OW^k1j&DkuC9j5DIzv#?T_o^9ECq;ijdY?hMZuEP zysRY??!|JFMVX}=8$_9;E!@hJcx+$#5#heKMJcNI2C`}7SC>ROs zH~9b2W|Iywl(~-{bC9W|q;4nbkaNgUs%016Sl8!+WahQX%5P&<-nW_;G=V|MkVI;rl1N732%u-m@&`J+R!Q=Niq4Ej+2vyz z)0szP$T%fQ`yQx7hO*R^tfamEu}h%SnOde2%MIU~>g?(h8j;(H1gJ>02mc=NBVF>% zy1Tu7;*;2g_wc~oaR&}tENWKS=>3N2v;_n`;<%)Vp|ukGcQ@=*YfQN*yw~Q|CU5<^ zVNxk^7=vUIqZqczG6rGUMUm(iwrv3a2|@#l+7IVT)7N%(1|;!92U4yRyUC`H>QLb9p60d7{ay<+SY^~HX%6m zkN?7a+LnTVxzsBaOyYx8fthFh-sW9Qs#j&z1}sh-D$j;?{6Xo0Vdf&%n4^ef+jmj& z(Eo67acx4!Tox{DdbVdS_Q;bRDM?;YFCI};t?}X-tb2z__3?vodthn2CX*H`xv@zN z+4oE~MFo5q*y~>ksmsVD+(G@Mxqy>3DtiJ1PW9-9M_>O_=7bCxvzMKih|IsQ{``%!{Z^qbY~h~jW?hU#TwM1=%J}t9 z7IM|bRwAD=Uu6VG-Jg5IX1Be2>$HqpNy=1cs5L+Q$g+XncPW=cEF}$0xp<}`j5c= z!p@qwjHwQWu^{uv7;Sa(9kEwPyNuZ-Y=x{v|7|WJnk1inv%p0D5rH(#t)V&#hBR3TEyb;#vzfcwzKk;cJamHM;@qqv~Ee zULwqX%ns5AMfd6KL~`xAb8vmbTPs6EZOYXB1=EQJedg_Nwt4tk zf>aThC)q@j^YmTB*K}N{Pr|9q3Le=^xH11~O`Y+V zI{UeFO2C(|1cPQQosXoN#6kJSbE6qq-0}|Ln95np_sl~#TQO$bNon)|shX~&x14dq zVXqjRrSuH)H6(zsnYQaZ4lA({48*r#8ZG7%9(K>w5}9Agj(4I@foc;q#((2gR`W-y7qOfA1Y5T*^nU_?{M3p^DmQDDZAfEOFv6F`S+XFu_b9Behc2F}|!q}BQM#Rbk8&acxR z2YVB^rcgx@>P#`X$A>Uz4bLs;g$*RPXlR>C8)h0__E1M&s~)#2npN1D|D|_0W)7(j z978-+ra$_M@CV$coh|651_zcx8Y#_>tu3C=1OVU~*zJd4VW26TTFzuj@KyqPBj`)l zB61he1#qC4GBZPxc1jb1KsPyBK4kZ62SHK}1s53uiaI8nBHVcx)IVIJC(mQSJEN}x z$r3ewytHFt5p&AYe0tou&i3Cz8{*J*3rCo`2>FfCtL06^Rt)mhVY~+opJuc>aro%z z`hjIVwejif)Rlu_txhenOMLP#%se}S1a;1Vq8$PA_|p9NbWW7Pvey7~iu+?7_}Mh2 z?<60X5CE0frSs6R>Brt1kWq}*(;T}X6hK-aKXQpH z%FU@tFYCpZC_NaW4YfA!d3W}W_}@%OI}1Y;Hx-FVoX8}bJwsU}3qB(ugYtt7m{fdi zaYUbG2Ay5ksxR~O^tQJQxo%D}y;6iGHy)9a7J02i&2wf9jZlT$t@O^^0(qE z>v1v$h@ySkcy3KtM~j`C<%odmcDts0z8@D}(cd${3G+K_?ViSB`7+K1Z5!%|r1ZJX zVU_;25%_eDJmQDr<_B(};GYs6K^i#nYG~3b9+FcXz2Q^Sh-*KfYMjm~bJk-^Qx1+% ze;`_^P>)_H&TD1U%P^9|o^juw88oMEnN5NhcX6HmR-X_M=%{9EFG}+7x2@bQ4U9?R zWZJ-0J z%s`IXz^g4*3qYi8wKmhw-n~tcCmLXjZ_oRB@Tk%FM+mX5)^qoidu#}xOqz;LI)UJ! zL!+fxm8jV|se?rFuY8xn;(h^|Gcw}s-}ivhW!>#ytP7AxpIDVmf+V3rTQ21;>GZT= zh2&iGA|5ZLzlRH?IQYU&kzr0o1^W%@b3KuI6=)#M^_d?3`?cx^-q@Wza{tVE@B{A~ z8z;S*o}2dlMnymyB`J>0?KLcX+Bz>nO^v4QvpOpDqp;z-yc>9JP$V`Z0l2nU1CQmu zZ=34pM!JR##0=4X(~I9Z;2)_z`Teuqa8?aey8SJ8krkaFUZ&qx0)n?| zY<%WRfH?5u&&5UL<^_O#u_6JEtzUn!*Cz}JFD+8E1vsf37^Q_i(dp%5R~=I^c5Zm9 z7vb@jZQle|7({SN+L=wdp;RXnCU8fPctx=#+6z?1nB z7@A_gC! zZ5iAwJ_or+psn9&M5p)Vje&@82$G0xZGp>(eZWsdOt{P-l;pl?Bv)F$a$p zk*BLV*L@ld288J#hDIXoc?z8q@vuFy6jc%uRvzj^gg$ zjX_2_!?)EQMQ-2`keu>t${ov|$*ME)4@k5!MVvdnRb+2s9vLw|Y(IIF>N$}%6P128 zMbmV)9KU2KbsYb=)TnRt$o7xv93#1JQ+l8}FN#0&drkFw>AaYDadx_Us40lVehPOrN|5BS0Rdn|n_qDR_aOj}f zGQD80--;U|;l*I$rZpw*uN;tn9KMF4mP3VoZm4Wkk!f8yf6UeKTAd~T53(@I!^SnG z55IR-8Zn?$iPxZZx$duzicyb)kJQrxC;YlXls)a+gX|5xjxybj^2Y#mtKYZ!%0mODIKu|l8Eh0P7diD(eTXXpoPPch7wl(b%rjUmQi$Z{-AMkGMn0w7T^J5p{v^jE- zG*=613KOhn@-b|@E6Xp(09x>EV1yE~zv*XqtJk$44OXk*hVzn* z%F6R{XzKB=6mbnsv-_ER8k+dc)~^u2Yfmq6A>|68g1?EXImP{Ta+O9uTBs-G#y_st z{A(uH|CC$&N`9dKU``;6fbFX=A}i-(*G*+?;^5;$!o;k4j=BWdwg2{O?cG~Z zx6L7rXL8gZVA}-5@u)dK%HKypB_60#N-s4+EWA%Rp+lf>jjaGK9Dp6d8t-E-UgkL) z-?Spe$Ru9bv79thV8Te>%Y+|O2k4MYz|f=nmR-n}ueYDzJ8*PjM8_r6X~YHSuM#aFnAt*q)UWf2 z`rSo@w>}59h%~v(pi7NxZkJLl#Mi_cJxaQbKofd;8C4Y(b>PUi zhUyCiPP5UGB=YtdU%KHYju0nKuFNc<>#7y_Z^GQ%o{b5(j{UmBB;}oEG|dvk zun#Da`+!ENabuS~c3Ld>a}JZ=O1@y_JWD9!FSAR2ibA8OP_8_@`xQe9-EXiBWz|W? zBs;)aSyFP_0i$YE;PGiPGp5o3uuyvlU++NqssioaDXHHfoT#!TjhvRHA?=PjqG-|>xia2a@6);t>f@T>o1(YK}X2o~K-VWH70#T%sq$%UN3 z3Y&FaevW2HrMQ^l>B2=(e2#9SJE z2Q-I_r}AA148iXFS+))xr+%vR0ur;zSyG~=i=kIt|Fo=gHE6!DS^xX!COoAr;TmcxQ+afTho*hwGFAivWp0` zi4>Hq(XBV~9^Brdhn?jNgYD>oxDE3TWe6ikA<22^8d?T?e4v~xC{RU*vU#b0SQUd& zx#*1=*$xA><=SD6Q*BD1J?#`?_&9`u5>6?hy%kjkSgA7{~qtib7= z5Jj(nbpjcKZI}Q;rL*!1wppQFh-EIhN|WB`U(YR5UXbHzJ#DL^V?VH^`%P3a^kHsu z0nmSFV7tOu353dD=wsm;G%fXW5{g_IXIMI`ubfd7=L;gy6!2D0JA^0k2@pFh%Lrb{ zT=Un(@WqJXba9P5r{y;i?l=1ecO_+!tGWAzGBEQzLlGL%o@v|o&0e)b|!8w=Kil#UKvz%)ngkT>UzWHk@zE4zT1xQeE7 z8S7se!W;42_pnp*Q_&<^vZezZJOODw89|sml6fN7?Zo)1>hYFIF0Nt6SqPnQSze$4 z?8N!r%87fch@LB_obNHP(MEK>T&8$YF!75z5UL>vJbweYp}EI-Y$GSMo>3&a-OU*^GW`UxhPHkV ze@J~oyBFR0OLqx^bn%-9Ug=bD+rfY!0h4;EF;Q>qWDmf4x`VI>LYRUi=_iL(%K^Rd z87Zfg$-v__rp56g`FvOl6^&vzsJD{&wV!RC;CDYf__t!`)9t>x7rKp-#!t&Z#Pm(Q z5IGFFz97d7-6F*Y;5d1ImrmHGiW8APe}Fp7eBo=mNs5d_V_W6hKl$}2vMQXFu0qb_ z>d!Pih-DBT*Eo)=&~Z-UqD83$`v@#GV?DI5LZ#=ZD4qwW1NH6dLTdq7bd6)wI9MT4 z1ad>#QC#hGikZg0QQmuo8=Wqs-DBRI9Hr3De;0jPh9#p#-or{9xh?Id>k zDzdwM`5lX}i7)hg4s)dew&DXRW{uF1xZBIc;q2d9t1VKB16gG0fJmebIGkTP&N=nW zpTR2c2Wpx#S^#*}^&i-}c{NVY7F^d7<4|!*c;-i_E+5g;eS!zP1J~+@JK#x}p{^e^ zW2flHR}B?!H*S*3T->f89Y#6?qh)9vkZuHajPBj&kSg@?#q(?68dKKJ>t39TWw5tG z-!!4m%fbeu`D=I|Vo5Gh{b{xWeQG4kQ11+i#6Hx?{fE!TqyDgMl!p!ZY(qNeshUL?7HxKP=XQ*C}1^Y_J5$w4fs zcN(-0-&~7cf`FJka&)QEZ+NSRuqK?gDsy>hWRm~`0yngh64c-)NsyK!sD~r{7pT}C z5a{3U0Nr3Q=3J`yRh4NLr=HirZCKgy1#j!_um8HSpOa-67BR?Ei_;u=wlx*bpxgQa z@E#NPxl(>mljdHOEPbtTi57_^08v1$zZU?P^m-bprrLT!+xZz+N>Q}4b+1?s&dc7rz~~92B1hscZgJEw zDn9?7LLm=pe*;d*IJ1%Q?>pQ`0-s?_xd|{|YX^cu^!t^jWV-qmhk*a5MjITg%Had|?sw zosNxmuEQ$(kuyt@e`kEhqojfAi!C+kmm0ttgaaZ&OLK|6tLl<;gfHCd1QBFd3zuh@ z{I4G+Jh0jrv|(s0#IR2!-;ezanF0P-2&GXLE_g`J!Zm5E6^mxA6FUFZ8Ur+@u&$IO zu%Hqr2U?@i6uFkFj}Z>;-x!IX8r0wXV44QET|O9gmtiOr?_z40qP`1bbMYAm9qw~Yv{?+c9$d+9r`x_1107K~1o76V!Z}-V z?Jj{F${sf+fC|?a?IbaAE{>ciTpQbRdk|TtXPt1pC0xpf24|-quOTJH#WE3$g#7GSGA_BGBP|r$%FlzY>w}*g-%zhFW?t+&!f|<4nAaSs8J8 z97P?vrmACqQu$UM9ASz}q{JBM(-1BiEYZ(7K!fo@1t|gi)-VH`a*0TO@znn&zTZ%i zooOpRm8{||HYVf!&pVA}fjbJ4RfPovpXfQ0m)t7lZdOeKs}A_#0qv63qxi$W;9{{>(jS!-6J|G>AWOx&8g7ARz*oOC+9*$8B|v2i7ay_&74Mul>Lu8#nRAR` zA#yd`Y0-Q-jLvC9uv84s@{qR8?^iit0}YqJlS2t*-s*wB{|b2J{;!gz$YxxCp!xy} zkWN^!y>>Kph8puN4!Nu4%GGzSTYno|NERYc(^tWHyM@MaI&%}bg!vucIfXz7k@26L z$mS3L3~CEtv~g(bAFjgCiEm@zcI0`)w1W$uOxcIOM3DPn?`B${SLedUnopF%AuXC` zGNZ5vvX`0aSOu*BU@i8tHxv(P3F-*)lAfHkSF6#SIeMLv=sGwbeciqNCy=m{Y0!zK zr|Jod7wIz1=YtO6pAz^)9SY~7Pcj39F$+)DPhh)`t)3d(V~71c7ydVU7@loq)OvNv za%v1|Nk&P0yHCs>FQfOL#p>|6Ks9S`l@UmQzhStXHQI^QB&X4jvwKwda##0;rKPd~ zk;^VV>ehCwWO;|h^Q3*nKPwgBF?sEaV`HH~LNTQW-kgr#5hY&97_D^NSiP;~rDbJA z8sYL+nvPL*A>-{6uzl{zR=CZIJV+$jyJ$VbM^_;g)h(pX3;4PKWyg}Al=3a7_Ql30 z>u`olkyek>`pMC_VNw1h!?_VSD40LH>=U<~T36m0-Edn!IIqTV5&uayfrPp`nRKzKr(Dlw(g6^9Yl0=GY;Jjxss${U2hldg)u8{5{r(I{&;leoP*%gDJ;#Y_7R zJ1eJ6Amv8ryMQgQq0o{}bZy*=XivmK9?lYO_1m%mmk(2Bf}AJtI%$@0v0hU7>{(i9$oK&WG`9I=5j|pB>2YO565~{f`#}ghgEM~|zMj6MT+Dhy-~mJDvq>mj zr+Q|&4dO>w<~0*&MMO1+FWrWuw(0s*%UXVJP>!qjVBG- zXo#i=vXg$+zNOYy9I}S(a(fp8PcPlkwPiYup~KnC-HgBcMc>|1fI$z7ViR4{pmm&3 zYTN<|_R7Ml9qW|{)l0~C&2(j1@WH8h`D$56@3*+e8JIjymJk-Yn?rSvX9E4CLP6Mz z8CV`%)c&OLW;luBSRF#S6XeSn?nJC?Hv1e>K@?>_Lfxl0k+OnUD@F&GQPdj^bUjy6 ztcz<44;T>$k2FGoGQ9Le?BWq4rpst(Nx}N+I-MhB2VL6z3-mOv{f&nAE-HC_wOLg^ z%3(eaa9osM*qNvwWe?uA9Pk{e87CFeDaFqM0={NGsq z2&#jalT=V+9>PvK!Ia4cGP*QM4I|I-htc@)=F54McRV2{4zrx+emBV@w-Q%Xv>b%n z(&eE)oEuhjJGw{Y0rh;+{h3is_@f<@0Y~80o}Qhr&{kJ2_DW-7f+2;477EKBJjIg{|z6I>>!k>S7GO% zeNUpqr~J*nPphF{L--fuh_bOT9j~AmT|0ReLmPyoItkIM#Oe=fRgFLDpiHuifG+!w zv_goHbuE2)QWwU9M-3QoU!b0r(`sU}C)pGFGXel;KZr9JnnNHL7U>oZ@4@UCNqe<> z>8u|UNBK;m&95JAhyG5MSpcu^IQc&?wxEv0sof(EK26Z! zVjIPFramm@NPVBIYvb=_8dY>C+#A$FqX`59C<^vHp_WRn)6tDp%sc!|SBVRD=4_F- z%<%xkXvkcS^N^Abfd!5u2x0l0M9#~8U^!A<_$3X_g)&BsVEpWgF9@=wbsr3C0W=(U z)tfeO%Lkcsw~?dbG@G0HHuQ!`euOa3?V{?3OBLWwo%yj9;2B>?q#5(X2->Y(%n<96 z-U|5P1JIttirkE$7(ct^JMWrtKSif7lV4nF6%jVzDPMZgJ_irzebgWmPgw^CGm$X* zw%nWOP|puFD#s2r1r0dxX_y2K0}Ea8zUA;_*)gkNJzyew6a3h#$TwiT(L-|Egl7Z# zRb0{H{4zLzJj@(E)MK5)8HCS+@oKQSB;Rt^4P zSY$QzorHl3OEdyGtvE(RV3K`errR1&=)Gn;f*-{iF%AYv_-}^grG`|S&)5_34Dv)Y zi-ilKC@gT9#ucJDH&`53yUxcSIC&}G6P<$I@Io8aFQ1%N*?-j5Esokm(3Pii#n#meLZFK8( zZ`kLzHQmgqQ4g*+=i4%kbu+TeZ)PSnD$Tcr^l@3R*38@hmUAMV>a_} z9N1txxHXS;P6I{|(l(R}q@L{=+ZPu%4`_WXkVVLBHBlPEt4?}(7YHe~0K46uzgBGI z7a$|15ICeuqo5uI8{UK9JLXPwqQ-vL7FbiYW5fki*C{lDM@PxZg>ag0b6x5m{l_fM z&4ZQ4C4Mc&XLl!vgTKgK88kfLehhSrTP`GpTYU;ArN3uMD#j*suR@|>5lG*6=6Gvj zD-;a;QGvRPUw(va#j7wb8#39Bz)Cr zja(1o9j7yoID*E!2$_QxbmnbKy5+cumQK1>(W(OW%QJnkX4l$ABkA`MjDO#r6rr7vA@yRXM9=UT5SRyra;r1XJ+s+V#_r0^oakmuykzbFGmC)Cn|| zLfTP5U3s)j5Iw$Q9m2xY>P3D8H_;;WG2rTUzOJEu`=<{6zAE7WxZ`ZS!WT6K#pRz9 zN%r-vNS_k#hN#e`TNT&q(D_MImV~$OU$d37l|Bz-C}24xr~KI%96Z$EfB_b z6Nt}V?0Jn;&2bDmioe3>uQ5Wb$$$Thho~|~8PxONICIGV;Am>COq6>ZT1OWZ7yc8_ z&wVi+et!JZT_~r>hdF2{k)$v*?{awHXfpk6O+!fO_j(BT! z?fzO*(206yCpA2n-h}aA+PqbtttoMb#jtuN_g{+@^~Q!%Cg>1zrYPF064H$q(>RXNtfte1^az-_(O7vi8^?XYX|)v}Sx+dBKTPUJ`^ z`1w)T%2GPll&JwNT<|U6W=%FlKmwNOnlU#fU*trjYsU4lI37-dlFXECnU6Kv80ONf zK4yiLg3=)(;eC_qS%@#)eswB$1GWGs9MN=dYE1~ed}tydN`TtuR|1*V>O&Jl8+|_W zLQWLWVezuJPHvB_{CPPD;F|1F)v+$z3KrCF=*+)5|G09;maDkphHM^butIK&gdkVy zV-yYqIUXbk=4fP3S+V*6iZ9sY_;T>aR7dz{r-jp~URnu-!+e7hSO+V`)dVaKdqpQC z{;4~;(`im%lJh}$5+6K%fZxQ1poM)I5h?&==dZ*By-z3N{;p~IwyHvm^<$z0tR#h~ z?|AwGuj5d0jtIBKN}-Kd@-reyoCtRJB|RA&GbFkPm;0AhnU$jpxjV>SP9J%dlenEx z2StxYGyXr%!%0XH{JT8op*4dyw_cH2rheqdG7+TF)9wlBbHZU5FZ=l&Reoc#Ohgpe zr)K}FgFbtJaFWGhw5VL;5HS3GSF;*o_hqP4OrzpJt|#%KWT4`0MgovP{`~pR)2`UL z`8CU0`-J8pA#j=o9`!x-T^&w0w|Y`A&l&Lo1XOPmpCP73Gz#})n{q-i38(EDm4_$) zKnP-*l-;CKBkq9L#)p>Rq!Bz14Ah!?(R2#DcwcOsrs11cfSn!kGAt4tU$*dN4VaO8 zDLn-u)rEC#-ri#|-N^N5d`tK3*5CH;`Yd^zjvYXny1R+ZhAN~$3)^8ZZEG}jpJNR^ z?`-FRN~Zbh>AKk;m9)n(wrb)k!L7 zRxa~JQIHfti~nIkH)1O7I_k!p zv(zrGC~c67A6dBYF;y__c(4FMbIk?qG)CVi1fNGGh^UdmjtP0 z%rqU`qx{`(aU~62o#PPtNp$)7ve=R~u9`w(fsmKmM(`U^omV;0vFJ57ETcR?7 zQ6@0FMdi9dD`&cvAyje9lIL~9_IfndWB#b+B269Sy8n%jyTAKWBF=J+zFvrt$>&xa zkIg!Z@2?8zMS6Hf&vBJgy8ta#4EQfA=&#|Nk@+)N0o6EBctxWt1B>bOs!I{{T`4h;D40({ z%9#a!1+5T@*KpLfEb!}LfuPhhoIk`S%y-KA%R(@iv&bbWnF#rB{j=+1?QO7@@vCQP z9v#A$7I5b9v$neU`f;)s0Qi-GPHwDwvCBkMBZ_rwGvl2WOF~anP zVoankrInu)aV#-a5E8mi(YN2d#wZix4IVXRQ+arZo)ByY5!q2JIOoh4Zp?6=?Yjcp z?pM7yZimD;(>`EEo0dO)Y=ixL3GADZ@oN>MbsW-<8encFX++yTUs=;=AK*2_LfEZ`QVciilHxONDfvorNaOlFG>`Kksl5m;f5MB|0P(Q{|eT^39zht ziN8;|DY1viv#I)tx{L5U2$5)XrjN;HoC-YP+nLw)PXd{l&LDtnKTsx=ZLZ%bcpzkY zf1#VaJK~08!GQYAQIVX9-=DPlO{`$LpbnJ)5S&EErBtC935Dkm707TLlX!KdRH2c3 z3&reG#d|SKOejWum~alxl+Y$_2u<)fm?aHZA-t7Eye79d8t=47oVn811#F4m9@^F> zOgy>n`v(g~YmS8Qux|OR-vIrRyUwUmCbsKf0necu)>T}4pH}RN?0ehHD_>Y#{7hUv zlFtbi8L_&>nC!D9ATh*um(MHG%3h<_gNe0Wgd}r$R0@Ui&UYYN^%{*pHInm2U6LF6 zjScNuhk!KL`;1%s`!!vrW#1Q{lk+Xu$x zn(&Jpmu(A_h_5$*NjmLM{FrkEvu`PW$l`!}^>m=|PM&QUoghM^FOHBeVV6S(<_WEH z$rmH=1usHhyiWRwRk;DB#Cqroi9T)u^0Ba1qmOH59+dkse#sgXkrWfjKp_he^b&5@ zR%p6KZxC(BPOSA2ZjKkd;KRJfWV4_erAk(>gT?wGKzGZD&Yv2b+SE3Fgy1R)e^dWL zkZA9p2STK3nP&UKe?HpLE#7)45hNX-T}_U95WJ?-=|MUr@^?KGlxu5LgIsiDkvPr< zQ3qarJtF#l)MiKkfpWv26-lSM2C>%dIep<^vz=SGLM+)wzx5eAsNSX4)Y40P)i?U9 z+kKdg*-^YlGYl+jPrt!$(x^9+3e%&xKO_8Z5!x}Rbx z(Pn7H(aMQ!?6vn2bH{Hik(v$cN*n;o2ZpRAm|Qma-}8(op(ji9)WU_l?~%X!^08Jc z{9IcDjbps{EfqsGQmV~lh^53@rp$E_fl}`Fh}v2Lb9>I_R5K$&OX#ouwbo~lRI6RX zMj;CF-ocx*6n~=yA(*4b+(wzRl$nNXasXzZQoLIpsl2cVwBv%!(@3wfJopjOyul)| zThaJE)hB$&=aBvD$myclprig9bM=`{-IIq~yR99SYjxtq4jB5bfQ9&mY+@Sz$MmQ| znQLeGue;J)73olUyOGpH7cMVPxElrcfW=D)1qG&jhxuH(e>>d;W*M!+^&#k@W*-aD zLW$Yuiwc@QjP|O;|G6bT^lS8WNzo<-m0>+#c}QC9d)090N$;Tl8XRR(t9&4S1A6^4 zVcAlWFgg7z&tfr4OUckZehfJ&RL>gVF6;qjoD7G+N)pXvO^H7DjPm7BoOXYG@`qNU z5pzu7Y^*=m$F^Ggn9zj$mt-B+&gXj-B8)^PszGnL)8rQ(p zq2PN~6a?Y3{ST=h718cN2KbN#A0C(WrACJ^E`aEFJZ3b}M&LGYymD zynmY(!juO@Xe3T*FFq9_s?Z+V)hL^PGbt&Su=4i+>Gw?qFhYgn9>-v%ybMabZlh8a znflwR`4>B+2nIxnljH~4>OSF|;-1`#ap{yyt$!{4gmbPEg&Rr*i}IyNxHa}FZJon8 z09Ofb`AiUQrKjy=60Lm#sPMOJ4j7LVNnA{@=5z2aOSAXVws`^nuTf)-)*d5yuh&Y@ z$AR=1Ub!i@@VkgzNT94x=Ii4ipy}7t0ql96o9r9OOL1i_tI2RHJr25hn=VwKD{`hg zKgx+SW6&HQF2~6yr!aUale5r{kT{%_@5Cr_Xh5h#XN!$Z>}3OdfoOx{oO)P87l~~- zp10k*X~L0*k(ZK4(6|adNE2@Iy&oa!qm5#^Ll@<=_GXRl^H*DZZ=-Y1V0uze$}74A1C8t+hzx&Z7a>1q>Pvfgbg22~__;Z%6KPG@aoLulpGu96}>kv?NV^{+2O z46V4H={

    - * File format for replay files.
    - *
    - * ; unbound.conf options.
    - * ; ...
    - * ; additional commandline options to pass to unbound
    - * COMMANDLINE cmdline_option
    - * ; autotrust key file contents, also adds auto-trust-anchor-file: "x" to cfg
    - * AUTOTRUST_FILE id
    - * ; contents of that file
    - * AUTOTRUST_END
    - * CONFIG_END
    - * ; comment line.
    - * SCENARIO_BEGIN name_of_scenario
    - * RANGE_BEGIN start_time end_time
    - *    ; give ip of the virtual server, it matches any ip if not present.
    - *    ADDRESS ip_address 
    - *    match_entries
    - * RANGE_END
    - * ; more RANGE items.
    - * ; go to the next moment
    - * STEP time_step event_type [ADDRESS ip_address]
    - * ; event_type can be:
    - *	o NOTHING - nothing
    - *	o QUERY - followed by entry
    - *	o CHECK_ANSWER - followed by entry
    - *	o CHECK_OUT_QUERY - followed by entry (if copy-id it is also reply).
    - *	o REPLY - followed by entry
    - *      o TIMEOUT
    - *      o TIME_PASSES ELAPSE [seconds] - increase 'now' time counter, can be 
    - *      			a floating point number.
    - *        TIME_PASSES EVAL [macro] - expanded for seconds to move time.
    - *      o TRAFFIC - like CHECK_ANSWER, causes traffic to flow.
    - *		actually the traffic flows before this step is taken.
    - *		the step waits for traffic to stop.
    - *      o CHECK_AUTOTRUST [id] - followed by FILE_BEGIN [to match] FILE_END.
    - *      	The file contents is macro expanded before match.
    - *      o INFRA_RTT [ip] [dp] [rtt] - update infra cache entry with rtt.
    - *      o ERROR
    - * ; following entry starts on the next line, ENTRY_BEGIN.
    - * ; more STEP items
    - * SCENARIO_END
    - *
    - * Calculations, a macro-like system: ${$myvar + 3600}
    - * STEP 10 ASSIGN myvar = 3600
    - * 	; ASSIGN event. '=' is syntactic sugar here. 3600 is some expression.
    - * ${..} is macro expanded from its expression.  Text substitution.
    - * 	o $var replaced with its value.  var is identifier [azAZ09_]*
    - * 	o number is that number.
    - * 	o ${variables and arithmetic }
    - * 	o +, -, / and *.  Note, evaluated left-to-right. Use ${} for brackets.
    - * 	  So again, no precedence rules, so 2+3*4 == ${2+3}*4 = 20.
    - * 	  Do 2+${3*4} to get 24.
    - * 	o ${function params}
    - *		o ${time} is the current time for the simulated unbound.
    - *		o ${ctime value} is the text ctime(value), Fri 3 Aug 2009, ...
    - *		o ${timeout} is the time until next timeout in comm_timer list.
    - *		o ${range lower value upper} checks if lower<=value<=upper
    - *			returns value if check succeeds.
    - *
    - * ; Example file
    - * SCENARIO_BEGIN Example scenario
    - * RANGE_BEGIN 0 100
    - *   ENTRY_BEGIN
    - *   ; precoded answers to queries.
    - *   ENTRY_END
    - * END_RANGE
    - * STEP 0 QUERY
    - *   ENTRY_BEGIN
    - *   ; query
    - *   ENTRY_END
    - * ; a query is sent out to the network by resolver.
    - * ; precoded answer from range is returned.
    - * ; algorithm will do precoded answers from RANGE immediately, except if
    - * ; the next step specifically checks for that OUT_QUERY.
    - * ; or if none of the precoded answers match.
    - * STEP 1 CHECK_ANSWER
    - *   ENTRY_BEGIN
    - *   ; what the reply should look like
    - *   ENTRY_END
    - * ; successful termination. (if the answer was OK).
    - * ; also, all answers must have been checked with CHECK_ANSWER.
    - * ; and, no more pending out_queries (that have not been checked).
    - * SCENARIO_END
    - * 
    - * 
    - */ - -#ifndef TESTCODE_REPLAY_H -#define TESTCODE_REPLAY_H -#include "util/netevent.h" -#include "testcode/testpkts.h" -#include "util/rbtree.h" -struct replay_answer; -struct replay_moment; -struct replay_range; -struct fake_pending; -struct fake_timer; -struct replay_var; -struct infra_cache; -struct sldns_buffer; - -/** - * A replay scenario. - */ -struct replay_scenario { - /** name of replay scenario. malloced string. */ - char* title; - - /** The list of replay moments. Linked list. Time increases in list. */ - struct replay_moment* mom_first; - /** The last element in list of replay moments. */ - struct replay_moment* mom_last; - - /** - * List of matching answers. This is to ease replay scenario - * creation. It lists queries (to the network) and what answer - * should be returned. The matching answers are valid for a range - * of time steps. - * So: timestep, parts of query, destination --> answer. - */ - struct replay_range* range_list; -}; - -/** - * A replay moment. - * Basically, it consists of events to a fake select() call. - * This is a recording of an event that happens. - * And if output is presented, what is done with that. - */ -struct replay_moment { - /** - * The replay time step number. Starts at 0, time is incremented - * every time the fake select() is run. - */ - int time_step; - /** Next replay moment in list of replay moments. */ - struct replay_moment* mom_next; - - /** what happens this moment? */ - enum replay_event_type { - /** nothing happens, as if this event is not there. */ - repevt_nothing, - /** incoming query */ - repevt_front_query, - /** test fails if reply to query does not match */ - repevt_front_reply, - /** timeout */ - repevt_timeout, - /** time passes */ - repevt_time_passes, - /** reply arrives from the network */ - repevt_back_reply, - /** test fails if query to the network does not match */ - repevt_back_query, - /** check autotrust key file */ - repevt_autotrust_check, - /** an error happens to outbound query */ - repevt_error, - /** assignment to a variable */ - repevt_assign, - /** store infra rtt cache entry: addr and string (int) */ - repevt_infra_rtt, - /** cause traffic to flow */ - repevt_traffic - } - /** variable with what is to happen this moment */ - evt_type; - - /** The sent packet must match this. Incoming events, the data. */ - struct entry* match; - - /** the amount of time that passes */ - struct timeval elapse; - - /** address that must be matched, or packet remote host address. */ - struct sockaddr_storage addr; - /** length of addr, if 0, then any address will do */ - socklen_t addrlen; - - /** macro name, for assign. */ - char* variable; - /** string argument, for assign. */ - char* string; - - /** the autotrust file id to check */ - char* autotrust_id; - /** file contents to match, one string per line */ - struct config_strlist* file_content; -}; - -/** - * Range of timesteps, and canned replies to matching queries. - */ -struct replay_range { - /** time range when this is valid. Including start and end step. */ - int start_step; - /** end step of time range. */ - int end_step; - /** address of where this range is served. */ - struct sockaddr_storage addr; - /** length of addr, if 0, then any address will do */ - socklen_t addrlen; - - /** Matching list */ - struct entry* match; - - /** next in list of time ranges. */ - struct replay_range* next_range; -}; - -/** - * Replay storage of runtime information. - */ -struct replay_runtime { - /** - * The scenario - */ - struct replay_scenario* scenario; - /** - * Current moment. - */ - struct replay_moment* now; - - /** - * List of pending queries in order they were sent out. First - * one has been sent out most recently. Last one in list is oldest. - */ - struct fake_pending* pending_list; - - /** - * List of answers to queries from clients. These need to be checked. - */ - struct replay_answer* answer_list; - - /** last element in answer list. */ - struct replay_answer* answer_last; - - /** list of fake timer callbacks that are pending */ - struct fake_timer* timer_list; - - /** callback to call for incoming queries */ - comm_point_callback_type* callback_query; - /** user argument for incoming query callback */ - void *cb_arg; - - /** ref the infra cache (was passed to outside_network_create) */ - struct infra_cache* infra; - - /** the current time in seconds */ - time_t now_secs; - /** the current time in microseconds */ - struct timeval now_tv; - - /** signal handler callback */ - void (*sig_cb)(int, void*); - /** signal handler user arg */ - void *sig_cb_arg; - /** time to exit cleanly */ - int exit_cleanly; - - /** size of buffers */ - size_t bufsize; - - /** - * Tree of macro values. Of type replay_var - */ - rbtree_type* vars; -}; - -/** - * Pending queries to network, fake replay version. - */ -struct fake_pending { - /** what is important only that we remember the query, copied here. */ - struct sldns_buffer* buffer; - /** and to what address this is sent to. */ - struct sockaddr_storage addr; - /** len of addr */ - socklen_t addrlen; - /** zone name, uncompressed wire format (as used when sent) */ - uint8_t* zone; - /** length of zone name */ - size_t zonelen; - /** qtype */ - int qtype; - /** The callback function to call when answer arrives (or timeout) */ - comm_point_callback_type* callback; - /** callback user argument */ - void* cb_arg; - /** original timeout in seconds from 'then' */ - int timeout; - - /** next in pending list */ - struct fake_pending* next; - /** the buffer parsed into a sldns_pkt */ - uint8_t* pkt; - size_t pkt_len; - /** by what transport was the query sent out */ - enum transport_type transport; - /** if this is a serviced query */ - int serviced; - /** the runtime structure this is part of */ - struct replay_runtime* runtime; -}; - -/** - * An answer that is pending to happen. - */ -struct replay_answer { - /** Next in list */ - struct replay_answer* next; - /** reply information */ - struct comm_reply repinfo; - /** the answer preparsed as ldns pkt */ - uint8_t* pkt; - size_t pkt_len; -}; - -/** - * Timers with callbacks, fake replay version. - */ -struct fake_timer { - /** next in list */ - struct fake_timer* next; - /** the runtime structure this is part of */ - struct replay_runtime* runtime; - /** the callback to call */ - void (*cb)(void*); - /** the callback user argument */ - void* cb_arg; - /** if timer is enabled */ - int enabled; - /** when the timer expires */ - struct timeval tv; -}; - -/** - * Replay macro variable. And its value. - */ -struct replay_var { - /** rbtree node. Key is this structure. Sorted by name. */ - rbnode_type node; - /** the variable name */ - char* name; - /** the variable value */ - char* value; -}; - -/** - * Read a replay scenario from the file. - * @param in: file to read from. - * @param name: name to print in errors. - * @param lineno: incremented for every line read. - * @return: Scenario. NULL if no scenario read. - */ -struct replay_scenario* replay_scenario_read(FILE* in, const char* name, - int* lineno); - -/** - * Delete scenario. - * @param scen: to delete. - */ -void replay_scenario_delete(struct replay_scenario* scen); - -/** compare two replay_vars */ -int replay_var_compare(const void* a, const void* b); - -/** get oldest enabled fake timer */ -struct fake_timer* replay_get_oldest_timer(struct replay_runtime* runtime); - -/** - * Create variable storage - * @return new or NULL on failure. - */ -rbtree_type* macro_store_create(void); - -/** - * Delete variable storage - * @param store: the macro storage to free up. - */ -void macro_store_delete(rbtree_type* store); - -/** - * Apply macro substitution to string. - * @param store: variable store. - * @param runtime: the runtime to look up values as needed. - * @param text: string to work on. - * @return newly malloced string with result. - */ -char* macro_process(rbtree_type* store, struct replay_runtime* runtime, - char* text); - -/** - * Look up a macro value. Like calling ${$name}. - * @param store: variable store - * @param name: macro name - * @return newly malloced string with result or strdup("") if not found. - * or NULL on malloc failure. - */ -char* macro_lookup(rbtree_type* store, char* name); - -/** - * Set macro value. - * @param store: variable store - * @param name: macro name - * @param value: text to set it to. Not expanded. - * @return false on failure. - */ -int macro_assign(rbtree_type* store, char* name, char* value); - -/** Print macro variables stored as debug info */ -void macro_print_debug(rbtree_type* store); - -/** testbounds self test */ -void testbound_selftest(void); - -#endif /* TESTCODE_REPLAY_H */ diff --git a/external/unbound/testcode/run_vm.sh b/external/unbound/testcode/run_vm.sh deleted file mode 100644 index 78649f07a..000000000 --- a/external/unbound/testcode/run_vm.sh +++ /dev/null @@ -1,78 +0,0 @@ -#!/usr/local/bin/bash -# run tpkg tests from within a VM. Looks for loopback addr. -# if run not from within a VM, runs the tests as usual. -# with one argument: run that tpkg, otherwise, run all tpkgs. - -get_lo0_ip4() { - if test -x /sbin/ifconfig - then - LO0_IP4=`/sbin/ifconfig lo0 | grep '[^0-9]127\.' | sed -e 's/^[^1]*\(127\.[0-9][0-9]*\.[0-9][0-9]*\.[0-9][0-9]*\)[^0-9]*.*$/\1/g'` - if ( echo $LO0_IP4 | grep '^127\.[0-9][0-9]*\.[0-9][0-9]*\.[0-9][0-9]*$' > /dev/null ) - then - return - fi - fi - LO0_IP4=127.0.0.1 -} -get_lo0_ip4 -export LO0_IP4 -if test "x$LO0_IP4" = "x127.0.0.1" -then - ALT_LOOPBACK=false -else - ALT_LOOPBACK=true -fi -cd testdata -TPKG=../testcode/mini_tpkg.sh -#RUNLIST=`(ls -1 *.tpkg|grep -v '^0[016]')` -RUNLIST=`(ls -1 *.tpkg)` -if test "$#" = "1"; then RUNLIST="$1"; fi - -# fix up tpkg that was edited on keyboard interrupt. -cleanup() { - echo cleanup - if test -f "$t.bak"; then mv "$t.bak" "$t"; fi - exit 0 -} -trap cleanup SIGINT - -for t in $RUNLIST -do - if ! $ALT_LOOPBACK - then - $TPKG exe $t - continue - fi - # We have alternative 127.0.0.1 number - if ( echo $t | grep '6\.tpkg$' ) # skip IPv6 tests - then - continue - elif test "$t" = "edns_cache.tpkg" # This one is IPv6 too! - then - continue - fi - cp -p "$t" "$t.bak" - tar xzf $t - find "${t%.tpkg}.dir" -type f \ - -exec grep -q -e '127\.0\.0\.1' -e '@localhost' {} \; -print | { - while read f - do - sed "s/127\.0\.0\.1/${LO0_IP4}/g" "$f" > "$f._" - mv "$f._" "$f" - sed "s/@localhost/@${LO0_IP4}/g" "$f" > "$f._" - mv "$f._" "$f" - done - } - find "${t%.tpkg}.dir" -type d -name "127.0.0.1" -print | { - while read d - do - mv -v "$d" "${d%127.0.0.1}${LO0_IP4}" - done - } - tar czf $t "${t%.tpkg}.dir" - rm -fr "${t%.tpkg}.dir" - $TPKG exe $t - mv "$t.bak" "$t" -done -# get out of testdata/ -cd .. diff --git a/external/unbound/testcode/signit.c b/external/unbound/testcode/signit.c deleted file mode 100644 index 0eca0e088..000000000 --- a/external/unbound/testcode/signit.c +++ /dev/null @@ -1,284 +0,0 @@ -/* - * testcode/signit.c - debug tool to sign rrsets with given keys. - * - * Copyright (c) 2007, NLnet Labs. All rights reserved. - * - * This software is open source. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * Redistributions of source code must retain the above copyright notice, - * this list of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, - * this list of conditions and the following disclaimer in the documentation - * and/or other materials provided with the distribution. - * - * Neither the name of the NLNET LABS nor the names of its contributors may - * be used to endorse or promote products derived from this software without - * specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR - * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT - * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED - * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR - * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF - * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING - * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -/** - * \file - * - * This program signs rrsets with the given keys. It can be used to - * construct input to test the validator with. - */ -#include "config.h" -#include -#include - -#define DNSKEY_BIT_ZSK 0x0100 - -/** - * Key settings - */ -struct keysets { - /** signature inception */ - uint32_t incep; - /** signature expiration */ - uint32_t expi; - /** owner name */ - char* owner; - /** keytag */ - uint16_t keytag; - /** DNSKEY flags */ - uint16_t flags; -}; - -/** print usage and exit */ -static void -usage(void) -{ - printf("usage: signit expi ince keytag owner keyfile\n"); - printf("present rrset data on stdin.\n"); - printf("signed data is printed to stdout.\n"); - printf("\n"); - printf("Or use: signit NSEC3PARAM hash flags iter salt\n"); - printf("present names on stdin, hashed names are printed to stdout.\n"); - exit(1); -} - -static time_t -convert_timeval(const char* str) -{ - time_t t; - struct tm tm; - memset(&tm, 0, sizeof(tm)); - if(strlen(str) < 14) - return 0; - if(sscanf(str, "%4d%2d%2d%2d%2d%2d", &tm.tm_year, &tm.tm_mon, - &tm.tm_mday, &tm.tm_hour, &tm.tm_min, &tm.tm_sec) != 6) - return 0; - tm.tm_year -= 1900; - tm.tm_mon--; - /* Check values */ - if (tm.tm_year < 70) return 0; - if (tm.tm_mon < 0 || tm.tm_mon > 11) return 0; - if (tm.tm_mday < 1 || tm.tm_mday > 31) return 0; - if (tm.tm_hour < 0 || tm.tm_hour > 23) return 0; - if (tm.tm_min < 0 || tm.tm_min > 59) return 0; - if (tm.tm_sec < 0 || tm.tm_sec > 59) return 0; - /* call ldns conversion function */ - t = ldns_mktime_from_utc(&tm); - return t; -} - -static void fatal_exit(const char* format, ...) -{ - va_list args; - va_start(args, format); - printf("fatal exit: "); - vprintf(format, args); - va_end(args); - exit(1); -} - -/** read expi ince keytag owner from cmdline */ -static void -parse_cmdline(char *argv[], struct keysets* s) -{ - s->expi = convert_timeval(argv[1]); - s->incep = convert_timeval(argv[2]); - s->keytag = (uint16_t)atoi(argv[3]); - s->owner = argv[4]; - s->flags = DNSKEY_BIT_ZSK; /* to enforce signing */ -} - -/** read all key files, exit on error */ -static ldns_key_list* -read_keys(int num, char* names[], struct keysets* set) -{ - int i; - ldns_key_list* keys = ldns_key_list_new(); - ldns_key* k; - ldns_rdf* rdf; - ldns_status s; - int b; - FILE* in; - - if(!keys) fatal_exit("alloc failure"); - for(i=0; iexpi); - ldns_key_set_inception(k, set->incep); - s = ldns_str2rdf_dname(&rdf, set->owner); - if(s != LDNS_STATUS_OK) - fatal_exit("bad owner name %s: %s", set->owner, - ldns_get_errorstr_by_id(s)); - ldns_key_set_pubkey_owner(k, rdf); - ldns_key_set_flags(k, set->flags); - ldns_key_set_keytag(k, set->keytag); - b = ldns_key_list_push_key(keys, k); - assert(b); - } - return keys; -} - -/** read list of rrs from the file */ -static ldns_rr_list* -read_rrs(FILE* in) -{ - uint32_t my_ttl = 3600; - ldns_rdf *my_origin = NULL; - ldns_rdf *my_prev = NULL; - ldns_status s; - int line_nr = 1; - int b; - - ldns_rr_list* list; - ldns_rr *rr; - - list = ldns_rr_list_new(); - if(!list) fatal_exit("alloc error"); - - while(!feof(in)) { - s = ldns_rr_new_frm_fp_l(&rr, in, &my_ttl, &my_origin, - &my_prev, &line_nr); - if(s == LDNS_STATUS_SYNTAX_TTL || - s == LDNS_STATUS_SYNTAX_ORIGIN || - s == LDNS_STATUS_SYNTAX_EMPTY) - continue; - else if(s != LDNS_STATUS_OK) - fatal_exit("parse error in line %d: %s", line_nr, - ldns_get_errorstr_by_id(s)); - b = ldns_rr_list_push_rr(list, rr); - assert(b); - } - printf("read %d lines\n", line_nr); - - return list; -} - -/** sign the rrs with the keys */ -static void -signit(ldns_rr_list* rrs, ldns_key_list* keys) -{ - ldns_rr_list* rrset; - ldns_rr_list* sigs; - - while(ldns_rr_list_rr_count(rrs) > 0) { - rrset = ldns_rr_list_pop_rrset(rrs); - if(!rrset) fatal_exit("copy alloc failure"); - sigs = ldns_sign_public(rrset, keys); - if(!sigs) fatal_exit("failed to sign"); - ldns_rr_list_print(stdout, rrset); - ldns_rr_list_print(stdout, sigs); - printf("\n"); - ldns_rr_list_free(rrset); - ldns_rr_list_free(sigs); - } -} - -/** process keys and signit */ -static void -process_keys(int argc, char* argv[]) -{ - ldns_rr_list* rrs; - ldns_key_list* keys; - struct keysets settings; - assert(argc == 6); - - parse_cmdline(argv, &settings); - keys = read_keys(1, argv+5, &settings); - rrs = read_rrs(stdin); - signit(rrs, keys); - - ldns_rr_list_deep_free(rrs); - ldns_key_list_free(keys); -} - -/** process nsec3 params and perform hashing */ -static void -process_nsec3(int argc, char* argv[]) -{ - char line[10240]; - ldns_rdf* salt; - ldns_rdf* in, *out; - ldns_status status; - status = ldns_str2rdf_nsec3_salt(&salt, argv[5]); - if(status != LDNS_STATUS_OK) - fatal_exit("Could not parse salt %s: %s", argv[5], - ldns_get_errorstr_by_id(status)); - assert(argc == 6); - while(fgets(line, (int)sizeof(line), stdin)) { - if(strlen(line) > 0) - line[strlen(line)-1] = 0; /* remove trailing newline */ - if(line[0]==0) - continue; - status = ldns_str2rdf_dname(&in, line); - if(status != LDNS_STATUS_OK) - fatal_exit("Could not parse name %s: %s", line, - ldns_get_errorstr_by_id(status)); - ldns_rdf_print(stdout, in); - printf(" -> "); - /* arg 3 is flags, unused */ - out = ldns_nsec3_hash_name(in, (uint8_t)atoi(argv[2]), - (uint16_t)atoi(argv[4]), - ldns_rdf_data(salt)[0], ldns_rdf_data(salt)+1); - if(!out) - fatal_exit("Could not hash %s", line); - ldns_rdf_print(stdout, out); - printf("\n"); - ldns_rdf_deep_free(in); - ldns_rdf_deep_free(out); - } - ldns_rdf_deep_free(salt); -} - -/** main program */ -int main(int argc, char* argv[]) -{ - if(argc != 6) { - usage(); - } - if(strcmp(argv[1], "NSEC3PARAM") == 0) { - process_nsec3(argc, argv); - return 0; - } - process_keys(argc, argv); - return 0; -} diff --git a/external/unbound/testcode/streamtcp.1 b/external/unbound/testcode/streamtcp.1 deleted file mode 100644 index 7c738d9d2..000000000 --- a/external/unbound/testcode/streamtcp.1 +++ /dev/null @@ -1,66 +0,0 @@ -.TH "unbound\-streamtcp" "1" "Mar 21, 2013" "NLnet Labs" "unbound" -.\" -.\" unbound-streamtcp.1 -- unbound DNS lookup utility -.\" -.SH "NAME" -.LP -.B unbound\-streamtcp -\- unbound DNS lookup utility -.SH "SYNOPSIS" -.LP -.B unbound\-streamtcp -.RB [ \-unsh ] -.RB [ \-f -.IR ipaddr[@port] ] -.I name -.I type -.I class -.SH "DESCRIPTION" -.LP -.B unbound\-streamtcp -sends a DNS Query of the given \fBtype\fR and \fBclass\fR for the given \fBname\fR -to the DNS server over TCP and displays the response. -.P -If the server to query is not given using the \fB\-f\fR option then localhost -(127.0.0.1) is used. More queries can be given on one commandline, they -are resolved in sequence. -.P -The available options are: -.TP -.I name -This name is resolved (looked up in the DNS). -.TP -.I type -Specify the type of data to lookup. -.TP -.I class -Specify the class to lookup for. -.TP -.B \-u -Use UDP instead of TCP. No retries are attempted. -.TP -.B \-n -Do not wait for the answer. -.TP -.B \-s -Use SSL. -.TP -.B \-h -Print program usage. -.TP -.B \-f \fIipaddr[@port] -Specify the server to send the queries to. If not specified localhost (127.0.0.1) is used. -.SH "EXAMPLES" -.LP -Some examples of use. -.P -$ unbound\-streamtcp www.example.com A IN -.P -$ unbound\-streamtcp \-f 192.168.1.1 www.example.com SOA IN -.P -$ unbound\-streamtcp \-f 192.168.1.1@1234 153.1.168.192.in\-addr.arpa. PTR IN -.SH "EXIT CODE" -The unbound\-streamtcp program exits with status code 1 on error, -0 on no error. -.SH "AUTHOR" -This manual page was written by Tomas Hozza . diff --git a/external/unbound/testcode/streamtcp.c b/external/unbound/testcode/streamtcp.c deleted file mode 100644 index 34b5c0281..000000000 --- a/external/unbound/testcode/streamtcp.c +++ /dev/null @@ -1,431 +0,0 @@ -/* - * testcode/streamtcp.c - debug program perform multiple DNS queries on tcp. - * - * Copyright (c) 2008, NLnet Labs. All rights reserved. - * - * This software is open source. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * Redistributions of source code must retain the above copyright notice, - * this list of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, - * this list of conditions and the following disclaimer in the documentation - * and/or other materials provided with the distribution. - * - * Neither the name of the NLNET LABS nor the names of its contributors may - * be used to endorse or promote products derived from this software without - * specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR - * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT - * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED - * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR - * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF - * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING - * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -/** - * \file - * - * This program performs multiple DNS queries on a TCP stream. - */ - -#include "config.h" -#ifdef HAVE_GETOPT_H -#include -#endif -#include -#include "util/locks.h" -#include "util/log.h" -#include "util/net_help.h" -#include "util/data/msgencode.h" -#include "util/data/msgparse.h" -#include "util/data/msgreply.h" -#include "util/data/dname.h" -#include "sldns/sbuffer.h" -#include "sldns/str2wire.h" -#include "sldns/wire2str.h" -#include -#include -#include - -#ifndef PF_INET6 -/** define in case streamtcp is compiled on legacy systems */ -#define PF_INET6 10 -#endif - -/** usage information for streamtcp */ -static void usage(char* argv[]) -{ - printf("usage: %s [options] name type class ...\n", argv[0]); - printf(" sends the name-type-class queries over TCP.\n"); - printf("-f server what ipaddr@portnr to send the queries to\n"); - printf("-u use UDP. No retries are attempted.\n"); - printf("-n do not wait for an answer.\n"); - printf("-s use ssl\n"); - printf("-h this help text\n"); - exit(1); -} - -/** open TCP socket to svr */ -static int -open_svr(const char* svr, int udp) -{ - struct sockaddr_storage addr; - socklen_t addrlen; - int fd = -1; - /* svr can be ip@port */ - memset(&addr, 0, sizeof(addr)); - if(!extstrtoaddr(svr, &addr, &addrlen)) { - printf("fatal: bad server specs '%s'\n", svr); - exit(1); - } - fd = socket(addr_is_ip6(&addr, addrlen)?PF_INET6:PF_INET, - udp?SOCK_DGRAM:SOCK_STREAM, 0); - if(fd == -1) { -#ifndef USE_WINSOCK - perror("socket() error"); -#else - printf("socket: %s\n", wsa_strerror(WSAGetLastError())); -#endif - exit(1); - } - if(connect(fd, (struct sockaddr*)&addr, addrlen) < 0) { -#ifndef USE_WINSOCK - perror("connect() error"); -#else - printf("connect: %s\n", wsa_strerror(WSAGetLastError())); -#endif - exit(1); - } - return fd; -} - -/** write a query over the TCP fd */ -static void -write_q(int fd, int udp, SSL* ssl, sldns_buffer* buf, uint16_t id, - const char* strname, const char* strtype, const char* strclass) -{ - struct query_info qinfo; - uint16_t len; - /* qname */ - qinfo.qname = sldns_str2wire_dname(strname, &qinfo.qname_len); - if(!qinfo.qname) { - printf("cannot parse query name: '%s'\n", strname); - exit(1); - } - - /* qtype and qclass */ - qinfo.qtype = sldns_get_rr_type_by_name(strtype); - qinfo.qclass = sldns_get_rr_class_by_name(strclass); - - /* clear local alias */ - qinfo.local_alias = NULL; - - /* make query */ - qinfo_query_encode(buf, &qinfo); - sldns_buffer_write_u16_at(buf, 0, id); - sldns_buffer_write_u16_at(buf, 2, BIT_RD); - - if(1) { - /* add EDNS DO */ - struct edns_data edns; - memset(&edns, 0, sizeof(edns)); - edns.edns_present = 1; - edns.bits = EDNS_DO; - edns.udp_size = 4096; - attach_edns_record(buf, &edns); - } - - /* send it */ - if(!udp) { - len = (uint16_t)sldns_buffer_limit(buf); - len = htons(len); - if(ssl) { - if(SSL_write(ssl, (void*)&len, (int)sizeof(len)) <= 0) { - log_crypto_err("cannot SSL_write"); - exit(1); - } - } else { - if(send(fd, (void*)&len, sizeof(len), 0) < - (ssize_t)sizeof(len)){ -#ifndef USE_WINSOCK - perror("send() len failed"); -#else - printf("send len: %s\n", - wsa_strerror(WSAGetLastError())); -#endif - exit(1); - } - } - } - if(ssl) { - if(SSL_write(ssl, (void*)sldns_buffer_begin(buf), - (int)sldns_buffer_limit(buf)) <= 0) { - log_crypto_err("cannot SSL_write"); - exit(1); - } - } else { - if(send(fd, (void*)sldns_buffer_begin(buf), - sldns_buffer_limit(buf), 0) < - (ssize_t)sldns_buffer_limit(buf)) { -#ifndef USE_WINSOCK - perror("send() data failed"); -#else - printf("send data: %s\n", wsa_strerror(WSAGetLastError())); -#endif - exit(1); - } - } - - free(qinfo.qname); -} - -/** receive DNS datagram over TCP and print it */ -static void -recv_one(int fd, int udp, SSL* ssl, sldns_buffer* buf) -{ - char* pktstr; - uint16_t len; - if(!udp) { - if(ssl) { - if(SSL_read(ssl, (void*)&len, (int)sizeof(len)) <= 0) { - log_crypto_err("could not SSL_read"); - exit(1); - } - } else { - if(recv(fd, (void*)&len, sizeof(len), 0) < - (ssize_t)sizeof(len)) { -#ifndef USE_WINSOCK - perror("read() len failed"); -#else - printf("read len: %s\n", - wsa_strerror(WSAGetLastError())); -#endif - exit(1); - } - } - len = ntohs(len); - sldns_buffer_clear(buf); - sldns_buffer_set_limit(buf, len); - if(ssl) { - int r = SSL_read(ssl, (void*)sldns_buffer_begin(buf), - (int)len); - if(r <= 0) { - log_crypto_err("could not SSL_read"); - exit(1); - } - if(r != (int)len) - fatal_exit("ssl_read %d of %d", r, len); - } else { - if(recv(fd, (void*)sldns_buffer_begin(buf), len, 0) < - (ssize_t)len) { -#ifndef USE_WINSOCK - perror("read() data failed"); -#else - printf("read data: %s\n", - wsa_strerror(WSAGetLastError())); -#endif - exit(1); - } - } - } else { - ssize_t l; - sldns_buffer_clear(buf); - if((l=recv(fd, (void*)sldns_buffer_begin(buf), - sldns_buffer_capacity(buf), 0)) < 0) { -#ifndef USE_WINSOCK - perror("read() data failed"); -#else - printf("read data: %s\n", - wsa_strerror(WSAGetLastError())); -#endif - exit(1); - } - sldns_buffer_set_limit(buf, (size_t)l); - len = (size_t)l; - } - printf("\nnext received packet\n"); - log_buf(0, "data", buf); - - pktstr = sldns_wire2str_pkt(sldns_buffer_begin(buf), len); - printf("%s", pktstr); - free(pktstr); -} - -static int get_random(void) -{ - int r; - if (RAND_bytes((unsigned char*)&r, (int)sizeof(r)) == 1) { - return r; - } - return arc4random(); -} - -/** send the TCP queries and print answers */ -static void -send_em(const char* svr, int udp, int usessl, int noanswer, int num, char** qs) -{ - sldns_buffer* buf = sldns_buffer_new(65553); - int fd = open_svr(svr, udp); - int i; - SSL_CTX* ctx = NULL; - SSL* ssl = NULL; - if(!buf) fatal_exit("out of memory"); - if(usessl) { - ctx = connect_sslctx_create(NULL, NULL, NULL); - if(!ctx) fatal_exit("cannot create ssl ctx"); - ssl = outgoing_ssl_fd(ctx, fd); - if(!ssl) fatal_exit("cannot create ssl"); - while(1) { - int r; - ERR_clear_error(); - if( (r=SSL_do_handshake(ssl)) == 1) - break; - r = SSL_get_error(ssl, r); - if(r != SSL_ERROR_WANT_READ && - r != SSL_ERROR_WANT_WRITE) { - log_crypto_err("could not ssl_handshake"); - exit(1); - } - } - if(1) { - X509* x = SSL_get_peer_certificate(ssl); - if(!x) printf("SSL: no peer certificate\n"); - else { - X509_print_fp(stdout, x); - X509_free(x); - } - } - } - for(i=0; i -#endif -#include "testcode/testpkts.h" -#include "testcode/replay.h" -#include "testcode/fake_event.h" -#include "daemon/remote.h" -#include "util/config_file.h" -#include "sldns/keyraw.h" -#include - -/** signal that this is a testbound compile */ -#define unbound_testbound 1 -/** - * include the main program from the unbound daemon. - * rename main to daemon_main to call it - */ -#define main daemon_main -#include "daemon/unbound.c" -#undef main - -/** maximum line length for lines in the replay file. */ -#define MAX_LINE_LEN 1024 -/** config files (removed at exit) */ -static struct config_strlist* cfgfiles = NULL; - -/** give commandline usage for testbound. */ -static void -testbound_usage(void) -{ - printf("usage: testbound [options]\n"); - printf("\ttest the unbound daemon.\n"); - printf("-h this help\n"); - printf("-p file playback text file\n"); - printf("-1 detect SHA1 support (exit code 0 or 1)\n"); - printf("-2 detect SHA256 support (exit code 0 or 1)\n"); - printf("-g detect GOST support (exit code 0 or 1)\n"); - printf("-e detect ECDSA support (exit code 0 or 1)\n"); - printf("-c detect CLIENT_SUBNET support (exit code 0 or 1)\n"); - printf("-s testbound self-test - unit test of testbound parts.\n"); - printf("-o str unbound commandline options separated by spaces.\n"); - printf("Version %s\n", PACKAGE_VERSION); - printf("BSD licensed, see LICENSE file in source package.\n"); - printf("Report bugs to %s.\n", PACKAGE_BUGREPORT); -} - -/** Max number of arguments to pass to unbound. */ -#define MAXARG 100 - -/** - * Add options from string to passed argc. splits on whitespace. - * @param args: the option argument, "-v -p 12345" or so. - * @param pass_argc: ptr to the argc for unbound. Modified. - * @param pass_argv: the argv to pass to unbound. Modified. - */ -static void -add_opts(const char* args, int* pass_argc, char* pass_argv[]) -{ - const char *p = args, *np; - size_t len; - while(p && isspace((unsigned char)*p)) - p++; - while(p && *p) { - /* find location of next string and length of this one */ - if((np = strchr(p, ' '))) - len = (size_t)(np-p); - else len = strlen(p); - /* allocate and copy option */ - if(*pass_argc >= MAXARG-1) - fatal_exit("too many arguments: '%s'", p); - pass_argv[*pass_argc] = (char*)malloc(len+1); - if(!pass_argv[*pass_argc]) - fatal_exit("add_opts: out of memory"); - memcpy(pass_argv[*pass_argc], p, len); - pass_argv[*pass_argc][len] = 0; - (*pass_argc)++; - /* go to next option */ - p = np; - while(p && isspace((unsigned char)*p)) - p++; - } -} - -/** pretty print commandline for unbound in this test */ -static void -echo_cmdline(int argc, char* argv[]) -{ - int i; - fprintf(stderr, "testbound is starting:"); - for(i=0; ititle); - return scen; -} - -/** remove config file at exit */ -void remove_configfile(void) -{ - struct config_strlist* p; - for(p=cfgfiles; p; p=p->next) - unlink(p->str); - config_delstrlist(cfgfiles); - cfgfiles = NULL; -} - -/** - * Main fake event test program. Setup, teardown and report errors. - * @param argc: arg count. - * @param argv: array of commandline arguments. - * @return program failure if test fails. - */ -int -main(int argc, char* argv[]) -{ - int c, res; - int pass_argc = 0; - char* pass_argv[MAXARG]; - char* playback_file = NULL; - int init_optind = optind; - char* init_optarg = optarg; - struct replay_scenario* scen = NULL; - - /* we do not want the test to depend on the timezone */ - (void)putenv("TZ=UTC"); - - log_init(NULL, 0, NULL); - /* determine commandline options for the daemon */ - pass_argc = 1; - pass_argv[0] = "unbound"; - add_opts("-d", &pass_argc, pass_argv); - while( (c=getopt(argc, argv, "12egho:p:s")) != -1) { - switch(c) { - case 's': - free(pass_argv[1]); - testbound_selftest(); - exit(0); - case '1': -#ifdef USE_SHA1 - printf("SHA1 supported\n"); - exit(0); -#else - printf("SHA1 not supported\n"); - exit(1); -#endif - break; - case '2': -#if (defined(HAVE_EVP_SHA256) || defined(HAVE_NSS) || defined(HAVE_NETTLE)) && defined(USE_SHA2) - printf("SHA256 supported\n"); - exit(0); -#else - printf("SHA256 not supported\n"); - exit(1); -#endif - break; - case 'e': -#if defined(USE_ECDSA) - printf("ECDSA supported\n"); - exit(0); -#else - printf("ECDSA not supported\n"); - exit(1); -#endif - break; - case 'g': -#ifdef USE_GOST - if(sldns_key_EVP_load_gost_id()) { - printf("GOST supported\n"); - exit(0); - } else { - printf("GOST not supported\n"); - exit(1); - } -#else - printf("GOST not supported\n"); - exit(1); -#endif - break; - case 'c': -#ifdef CLIENT_SUBNET - printf("CLIENT_SUBNET supported\n"); - exit(0); -#else - printf("CLIENT_SUBNET not supported\n"); - exit(1); -#endif - break; - case 'p': - playback_file = optarg; - break; - case 'o': - add_opts(optarg, &pass_argc, pass_argv); - break; - case '?': - case 'h': - default: - testbound_usage(); - return 1; - } - } - argc -= optind; - argv += optind; - if(argc != 0) { - testbound_usage(); - return 1; - } - log_info("Start of %s testbound program.", PACKAGE_STRING); - if(atexit(&remove_configfile) != 0) - fatal_exit("atexit() failed: %s", strerror(errno)); - - /* setup test environment */ - scen = setup_playback(playback_file, &pass_argc, pass_argv); - /* init fake event backend */ - fake_event_init(scen); - - pass_argv[pass_argc] = NULL; - echo_cmdline(pass_argc, pass_argv); - - /* reset getopt processing */ - optind = init_optind; - optarg = init_optarg; - - /* run the normal daemon */ - res = daemon_main(pass_argc, pass_argv); - - fake_event_cleanup(); - for(c=1; c -#include -#include -#include "testcode/testpkts.h" -#include "util/net_help.h" -#include "sldns/sbuffer.h" -#include "sldns/rrdef.h" -#include "sldns/pkthdr.h" -#include "sldns/str2wire.h" -#include "sldns/wire2str.h" - -/** max size of a packet */ -#define MAX_PACKETLEN 65536 -/** max line length */ -#define MAX_LINE 10240 -/** string to show in warnings and errors */ -static const char* prog_name = "testpkts"; - -#ifndef UTIL_LOG_H -/** verbosity definition for compat */ -enum verbosity_value { NO_VERBOSE=0 }; -#endif -/** logging routine, provided by caller */ -void verbose(enum verbosity_value lvl, const char* msg, ...) ATTR_FORMAT(printf, 2, 3); - -/** print error and exit */ -static void error(const char* msg, ...) -{ - va_list args; - va_start(args, msg); - fprintf(stderr, "%s error: ", prog_name); - vfprintf(stderr, msg, args); - fprintf(stderr, "\n"); - fflush(stderr); - va_end(args); - exit(EXIT_FAILURE); -} - -/** return if string is empty or comment */ -static int isendline(char c) -{ - if(c == ';' || c == '#' - || c == '\n' || c == 0) - return 1; - return 0; -} - -/** true if the string starts with the keyword given. Moves the str ahead. - * @param str: before keyword, afterwards after keyword and spaces. - * @param keyword: the keyword to match - * @return: true if keyword present. False otherwise, and str unchanged. -*/ -static int str_keyword(char** str, const char* keyword) -{ - size_t len = strlen(keyword); - assert(str && keyword); - if(strncmp(*str, keyword, len) != 0) - return 0; - *str += len; - while(isspace((unsigned char)**str)) - (*str)++; - return 1; -} - -/** Add reply packet to entry */ -static struct reply_packet* -entry_add_reply(struct entry* entry) -{ - struct reply_packet* pkt = (struct reply_packet*)malloc( - sizeof(struct reply_packet)); - struct reply_packet ** p = &entry->reply_list; - if(!pkt) error("out of memory"); - pkt->next = NULL; - pkt->packet_sleep = 0; - pkt->reply_pkt = NULL; - pkt->reply_from_hex = NULL; - pkt->raw_ednsdata = NULL; - /* link at end */ - while(*p) - p = &((*p)->next); - *p = pkt; - return pkt; -} - -/** parse MATCH line */ -static void matchline(char* line, struct entry* e) -{ - char* parse = line; - while(*parse) { - if(isendline(*parse)) - return; - if(str_keyword(&parse, "opcode")) { - e->match_opcode = 1; - } else if(str_keyword(&parse, "qtype")) { - e->match_qtype = 1; - } else if(str_keyword(&parse, "qname")) { - e->match_qname = 1; - } else if(str_keyword(&parse, "rcode")) { - e->match_rcode = 1; - } else if(str_keyword(&parse, "question")) { - e->match_question = 1; - } else if(str_keyword(&parse, "answer")) { - e->match_answer = 1; - } else if(str_keyword(&parse, "subdomain")) { - e->match_subdomain = 1; - } else if(str_keyword(&parse, "all")) { - e->match_all = 1; - } else if(str_keyword(&parse, "ttl")) { - e->match_ttl = 1; - } else if(str_keyword(&parse, "DO")) { - e->match_do = 1; - } else if(str_keyword(&parse, "noedns")) { - e->match_noedns = 1; - } else if(str_keyword(&parse, "ednsdata")) { - e->match_ednsdata_raw = 1; - } else if(str_keyword(&parse, "UDP")) { - e->match_transport = transport_udp; - } else if(str_keyword(&parse, "TCP")) { - e->match_transport = transport_tcp; - } else if(str_keyword(&parse, "serial")) { - e->match_serial = 1; - if(*parse != '=' && *parse != ':') - error("expected = or : in MATCH: %s", line); - parse++; - e->ixfr_soa_serial = (uint32_t)strtol(parse, (char**)&parse, 10); - while(isspace((unsigned char)*parse)) - parse++; - } else { - error("could not parse MATCH: '%s'", parse); - } - } -} - -/** parse REPLY line */ -static void replyline(char* line, uint8_t* reply, size_t reply_len, - int* do_flag) -{ - char* parse = line; - if(reply_len < LDNS_HEADER_SIZE) error("packet too short for header"); - while(*parse) { - if(isendline(*parse)) - return; - /* opcodes */ - if(str_keyword(&parse, "QUERY")) { - LDNS_OPCODE_SET(reply, LDNS_PACKET_QUERY); - } else if(str_keyword(&parse, "IQUERY")) { - LDNS_OPCODE_SET(reply, LDNS_PACKET_IQUERY); - } else if(str_keyword(&parse, "STATUS")) { - LDNS_OPCODE_SET(reply, LDNS_PACKET_STATUS); - } else if(str_keyword(&parse, "NOTIFY")) { - LDNS_OPCODE_SET(reply, LDNS_PACKET_NOTIFY); - } else if(str_keyword(&parse, "UPDATE")) { - LDNS_OPCODE_SET(reply, LDNS_PACKET_UPDATE); - /* rcodes */ - } else if(str_keyword(&parse, "NOERROR")) { - LDNS_RCODE_SET(reply, LDNS_RCODE_NOERROR); - } else if(str_keyword(&parse, "FORMERR")) { - LDNS_RCODE_SET(reply, LDNS_RCODE_FORMERR); - } else if(str_keyword(&parse, "SERVFAIL")) { - LDNS_RCODE_SET(reply, LDNS_RCODE_SERVFAIL); - } else if(str_keyword(&parse, "NXDOMAIN")) { - LDNS_RCODE_SET(reply, LDNS_RCODE_NXDOMAIN); - } else if(str_keyword(&parse, "NOTIMPL")) { - LDNS_RCODE_SET(reply, LDNS_RCODE_NOTIMPL); - } else if(str_keyword(&parse, "REFUSED")) { - LDNS_RCODE_SET(reply, LDNS_RCODE_REFUSED); - } else if(str_keyword(&parse, "YXDOMAIN")) { - LDNS_RCODE_SET(reply, LDNS_RCODE_YXDOMAIN); - } else if(str_keyword(&parse, "YXRRSET")) { - LDNS_RCODE_SET(reply, LDNS_RCODE_YXRRSET); - } else if(str_keyword(&parse, "NXRRSET")) { - LDNS_RCODE_SET(reply, LDNS_RCODE_NXRRSET); - } else if(str_keyword(&parse, "NOTAUTH")) { - LDNS_RCODE_SET(reply, LDNS_RCODE_NOTAUTH); - } else if(str_keyword(&parse, "NOTZONE")) { - LDNS_RCODE_SET(reply, LDNS_RCODE_NOTZONE); - /* flags */ - } else if(str_keyword(&parse, "QR")) { - LDNS_QR_SET(reply); - } else if(str_keyword(&parse, "AA")) { - LDNS_AA_SET(reply); - } else if(str_keyword(&parse, "TC")) { - LDNS_TC_SET(reply); - } else if(str_keyword(&parse, "RD")) { - LDNS_RD_SET(reply); - } else if(str_keyword(&parse, "CD")) { - LDNS_CD_SET(reply); - } else if(str_keyword(&parse, "RA")) { - LDNS_RA_SET(reply); - } else if(str_keyword(&parse, "AD")) { - LDNS_AD_SET(reply); - } else if(str_keyword(&parse, "DO")) { - *do_flag = 1; - } else { - error("could not parse REPLY: '%s'", parse); - } - } -} - -/** parse ADJUST line */ -static void adjustline(char* line, struct entry* e, - struct reply_packet* pkt) -{ - char* parse = line; - while(*parse) { - if(isendline(*parse)) - return; - if(str_keyword(&parse, "copy_id")) { - e->copy_id = 1; - } else if(str_keyword(&parse, "copy_query")) { - e->copy_query = 1; - } else if(str_keyword(&parse, "copy_ednsdata_assume_clientsubnet")) { - e->copy_ednsdata_assume_clientsubnet = 1; - } else if(str_keyword(&parse, "sleep=")) { - e->sleeptime = (unsigned int) strtol(parse, (char**)&parse, 10); - while(isspace((unsigned char)*parse)) - parse++; - } else if(str_keyword(&parse, "packet_sleep=")) { - pkt->packet_sleep = (unsigned int) strtol(parse, (char**)&parse, 10); - while(isspace((unsigned char)*parse)) - parse++; - } else { - error("could not parse ADJUST: '%s'", parse); - } - } -} - -/** create new entry */ -static struct entry* new_entry(void) -{ - struct entry* e = (struct entry*)malloc(sizeof(struct entry)); - if(!e) error("out of memory"); - memset(e, 0, sizeof(*e)); - e->match_opcode = 0; - e->match_qtype = 0; - e->match_qname = 0; - e->match_rcode = 0; - e->match_question = 0; - e->match_answer = 0; - e->match_subdomain = 0; - e->match_all = 0; - e->match_ttl = 0; - e->match_do = 0; - e->match_noedns = 0; - e->match_serial = 0; - e->ixfr_soa_serial = 0; - e->match_transport = transport_any; - e->reply_list = NULL; - e->copy_id = 0; - e->copy_query = 0; - e->copy_ednsdata_assume_clientsubnet = 0; - e->sleeptime = 0; - e->next = NULL; - return e; -} - -/** - * Converts a hex string to binary data - * @param hexstr: string of hex. - * @param len: is the length of the string - * @param buf: is the buffer to store the result in - * @param offset: is the starting position in the result buffer - * @param buf_len: is the length of buf. - * @return This function returns the length of the result - */ -static size_t -hexstr2bin(char *hexstr, int len, uint8_t *buf, size_t offset, size_t buf_len) -{ - char c; - int i; - uint8_t int8 = 0; - int sec = 0; - size_t bufpos = 0; - - if (len % 2 != 0) { - return 0; - } - - for (i=0; i= '0' && c <= '9') { - int8 += c & 0x0f; - } else if (c >= 'a' && c <= 'z') { - int8 += (c & 0x0f) + 9; - } else if (c >= 'A' && c <= 'Z') { - int8 += (c & 0x0f) + 9; - } else { - return 0; - } - - if (sec == 0) { - int8 = int8 << 4; - sec = 1; - } else { - if (bufpos + offset + 1 <= buf_len) { - buf[bufpos+offset] = int8; - int8 = 0; - sec = 0; - bufpos++; - } else { - fprintf(stderr, "Buffer too small in hexstr2bin"); - } - } - } - } - return bufpos; -} - -/** convert hex buffer to binary buffer */ -static sldns_buffer * -hex_buffer2wire(sldns_buffer *data_buffer) -{ - sldns_buffer *wire_buffer = NULL; - int c; - - /* stat hack - * 0 = normal - * 1 = comment (skip to end of line) - * 2 = unprintable character found, read binary data directly - */ - size_t data_buf_pos = 0; - int state = 0; - uint8_t *hexbuf; - int hexbufpos = 0; - size_t wirelen; - uint8_t *data_wire = (uint8_t *) sldns_buffer_begin(data_buffer); - uint8_t *wire = (uint8_t*)malloc(MAX_PACKETLEN); - if(!wire) error("out of memory"); - - hexbuf = (uint8_t*)malloc(MAX_PACKETLEN); - if(!hexbuf) error("out of memory"); - for (data_buf_pos = 0; data_buf_pos < sldns_buffer_position(data_buffer); data_buf_pos++) { - c = (int) data_wire[data_buf_pos]; - - if (state < 2 && !isascii((unsigned char)c)) { - /*verbose("non ascii character found in file: (%d) switching to raw mode\n", c);*/ - state = 2; - } - switch (state) { - case 0: - if ( (c >= '0' && c <= '9') || - (c >= 'a' && c <= 'f') || - (c >= 'A' && c <= 'F') ) - { - if (hexbufpos >= MAX_PACKETLEN) { - error("buffer overflow"); - free(hexbuf); - return 0; - - } - hexbuf[hexbufpos] = (uint8_t) c; - hexbufpos++; - } else if (c == ';') { - state = 1; - } else if (c == ' ' || c == '\t' || c == '\n') { - /* skip whitespace */ - } - break; - case 1: - if (c == '\n' || c == EOF) { - state = 0; - } - break; - case 2: - if (hexbufpos >= MAX_PACKETLEN) { - error("buffer overflow"); - free(hexbuf); - return 0; - } - hexbuf[hexbufpos] = (uint8_t) c; - hexbufpos++; - break; - } - } - - if (hexbufpos >= MAX_PACKETLEN) { - /*verbose("packet size reached\n");*/ - } - - /* lenient mode: length must be multiple of 2 */ - if (hexbufpos % 2 != 0) { - if (hexbufpos >= MAX_PACKETLEN) { - error("buffer overflow"); - free(hexbuf); - return 0; - } - hexbuf[hexbufpos] = (uint8_t) '0'; - hexbufpos++; - } - - if (state < 2) { - wirelen = hexstr2bin((char *) hexbuf, hexbufpos, wire, 0, MAX_PACKETLEN); - wire_buffer = sldns_buffer_new(wirelen); - sldns_buffer_new_frm_data(wire_buffer, wire, wirelen); - } else { - error("Incomplete hex data, not at byte boundary\n"); - } - free(wire); - free(hexbuf); - return wire_buffer; -} - -/** parse ORIGIN */ -static void -get_origin(const char* name, struct sldns_file_parse_state* pstate, char* parse) -{ - /* snip off rest of the text so as to make the parse work in ldns */ - char* end; - char store; - int status; - - end=parse; - while(!isspace((unsigned char)*end) && !isendline(*end)) - end++; - store = *end; - *end = 0; - verbose(3, "parsing '%s'\n", parse); - status = sldns_str2wire_dname_buf(parse, pstate->origin, - &pstate->origin_len); - *end = store; - if(status != 0) - error("%s line %d:\n\t%s: %s", name, pstate->lineno, - sldns_get_errorstr_parse(status), parse); -} - -/** add RR to packet */ -static void add_rr(char* rrstr, uint8_t* pktbuf, size_t pktsize, - size_t* pktlen, struct sldns_file_parse_state* pstate, - sldns_pkt_section add_section, const char* fname) -{ - /* it must be a RR, parse and add to packet. */ - size_t rr_len = pktsize - *pktlen; - size_t dname_len = 0; - int status; - uint8_t* origin = pstate->origin_len?pstate->origin:0; - uint8_t* prev = pstate->prev_rr_len?pstate->prev_rr:0; - if(*pktlen > pktsize || *pktlen < LDNS_HEADER_SIZE) - error("packet overflow"); - - /* parse RR */ - if(add_section == LDNS_SECTION_QUESTION) - status = sldns_str2wire_rr_question_buf(rrstr, pktbuf+*pktlen, - &rr_len, &dname_len, origin, pstate->origin_len, - prev, pstate->prev_rr_len); - else status = sldns_str2wire_rr_buf(rrstr, pktbuf+*pktlen, &rr_len, - &dname_len, pstate->default_ttl, origin, - pstate->origin_len, prev, pstate->prev_rr_len); - if(status != 0) - error("%s line %d:%d %s\n\t%s", fname, pstate->lineno, - LDNS_WIREPARSE_OFFSET(status), - sldns_get_errorstr_parse(status), rrstr); - *pktlen += rr_len; - - /* increase RR count */ - if(add_section == LDNS_SECTION_QUESTION) - sldns_write_uint16(pktbuf+4, LDNS_QDCOUNT(pktbuf)+1); - else if(add_section == LDNS_SECTION_ANSWER) - sldns_write_uint16(pktbuf+6, LDNS_ANCOUNT(pktbuf)+1); - else if(add_section == LDNS_SECTION_AUTHORITY) - sldns_write_uint16(pktbuf+8, LDNS_NSCOUNT(pktbuf)+1); - else if(add_section == LDNS_SECTION_ADDITIONAL) - sldns_write_uint16(pktbuf+10, LDNS_ARCOUNT(pktbuf)+1); - else error("internal error bad section %d", (int)add_section); -} - -/* add EDNS 4096 opt record */ -static void -add_edns(uint8_t* pktbuf, size_t pktsize, int do_flag, uint8_t *ednsdata, - uint16_t ednslen, size_t* pktlen) -{ - uint8_t edns[] = {0x00, /* root label */ - 0x00, LDNS_RR_TYPE_OPT, /* type */ - 0x10, 0x00, /* class is UDPSIZE 4096 */ - 0x00, /* TTL[0] is ext rcode */ - 0x00, /* TTL[1] is edns version */ - (uint8_t)(do_flag?0x80:0x00), 0x00, /* TTL[2-3] is edns flags, DO */ - (uint8_t)((ednslen >> 8) & 0xff), - (uint8_t)(ednslen & 0xff), /* rdatalength */ - }; - if(*pktlen < LDNS_HEADER_SIZE) - return; - if(*pktlen + sizeof(edns) + ednslen > pktsize) - error("not enough space for EDNS OPT record"); - memmove(pktbuf+*pktlen, edns, sizeof(edns)); - memmove(pktbuf+*pktlen+sizeof(edns), ednsdata, ednslen); - sldns_write_uint16(pktbuf+10, LDNS_ARCOUNT(pktbuf)+1); - *pktlen += (sizeof(edns) + ednslen); -} - -/* Reads one entry from file. Returns entry or NULL on error. */ -struct entry* -read_entry(FILE* in, const char* name, struct sldns_file_parse_state* pstate, - int skip_whitespace) -{ - struct entry* current = NULL; - char line[MAX_LINE]; - char* parse; - sldns_pkt_section add_section = LDNS_SECTION_QUESTION; - struct reply_packet *cur_reply = NULL; - int reading_hex = 0; - int reading_hex_ednsdata = 0; - sldns_buffer* hex_data_buffer = NULL; - sldns_buffer* hex_ednsdata_buffer = NULL; - uint8_t pktbuf[MAX_PACKETLEN]; - size_t pktlen = LDNS_HEADER_SIZE; - int do_flag = 0; /* DO flag in EDNS */ - memset(pktbuf, 0, pktlen); /* ID = 0, FLAGS="", and rr counts 0 */ - - while(fgets(line, (int)sizeof(line), in) != NULL) { - line[MAX_LINE-1] = 0; - parse = line; - pstate->lineno++; - - while(isspace((unsigned char)*parse)) - parse++; - /* test for keywords */ - if(isendline(*parse)) - continue; /* skip comment and empty lines */ - if(str_keyword(&parse, "ENTRY_BEGIN")) { - if(current) { - error("%s line %d: previous entry does not ENTRY_END", - name, pstate->lineno); - } - current = new_entry(); - current->lineno = pstate->lineno; - cur_reply = entry_add_reply(current); - continue; - } else if(str_keyword(&parse, "$ORIGIN")) { - get_origin(name, pstate, parse); - continue; - } else if(str_keyword(&parse, "$TTL")) { - pstate->default_ttl = (uint32_t)atoi(parse); - continue; - } - - /* working inside an entry */ - if(!current) { - error("%s line %d: expected ENTRY_BEGIN but got %s", - name, pstate->lineno, line); - } - if(str_keyword(&parse, "MATCH")) { - matchline(parse, current); - } else if(str_keyword(&parse, "REPLY")) { - replyline(parse, pktbuf, pktlen, &do_flag); - } else if(str_keyword(&parse, "ADJUST")) { - adjustline(parse, current, cur_reply); - } else if(str_keyword(&parse, "EXTRA_PACKET")) { - cur_reply = entry_add_reply(current); - } else if(str_keyword(&parse, "SECTION")) { - if(str_keyword(&parse, "QUESTION")) - add_section = LDNS_SECTION_QUESTION; - else if(str_keyword(&parse, "ANSWER")) - add_section = LDNS_SECTION_ANSWER; - else if(str_keyword(&parse, "AUTHORITY")) - add_section = LDNS_SECTION_AUTHORITY; - else if(str_keyword(&parse, "ADDITIONAL")) - add_section = LDNS_SECTION_ADDITIONAL; - else error("%s line %d: bad section %s", name, pstate->lineno, parse); - } else if(str_keyword(&parse, "HEX_ANSWER_BEGIN")) { - hex_data_buffer = sldns_buffer_new(MAX_PACKETLEN); - reading_hex = 1; - } else if(str_keyword(&parse, "HEX_ANSWER_END")) { - if(!reading_hex) { - error("%s line %d: HEX_ANSWER_END read but no HEX_ANSWER_BEGIN keyword seen", name, pstate->lineno); - } - reading_hex = 0; - cur_reply->reply_from_hex = hex_buffer2wire(hex_data_buffer); - sldns_buffer_free(hex_data_buffer); - hex_data_buffer = NULL; - } else if(reading_hex) { - sldns_buffer_printf(hex_data_buffer, "%s", line); - } else if(str_keyword(&parse, "HEX_EDNSDATA_BEGIN")) { - hex_ednsdata_buffer = sldns_buffer_new(MAX_PACKETLEN); - reading_hex_ednsdata = 1; - } else if(str_keyword(&parse, "HEX_EDNSDATA_END")) { - if (!reading_hex_ednsdata) { - error("%s line %d: HEX_EDNSDATA_END read but no" - "HEX_EDNSDATA_BEGIN keyword seen", name, pstate->lineno); - } - reading_hex_ednsdata = 0; - cur_reply->raw_ednsdata = hex_buffer2wire(hex_ednsdata_buffer); - sldns_buffer_free(hex_ednsdata_buffer); - hex_ednsdata_buffer = NULL; - } else if(reading_hex_ednsdata) { - sldns_buffer_printf(hex_ednsdata_buffer, "%s", line); - } else if(str_keyword(&parse, "ENTRY_END")) { - if(hex_data_buffer) - sldns_buffer_free(hex_data_buffer); - if(hex_ednsdata_buffer) - sldns_buffer_free(hex_ednsdata_buffer); - if(pktlen != 0) { - if(do_flag || cur_reply->raw_ednsdata) { - if(cur_reply->raw_ednsdata && - sldns_buffer_limit(cur_reply->raw_ednsdata)) - add_edns(pktbuf, sizeof(pktbuf), do_flag, - sldns_buffer_begin(cur_reply->raw_ednsdata), - (uint16_t)sldns_buffer_limit(cur_reply->raw_ednsdata), - &pktlen); - else - add_edns(pktbuf, sizeof(pktbuf), do_flag, - NULL, 0, &pktlen); - } - cur_reply->reply_pkt = memdup(pktbuf, pktlen); - cur_reply->reply_len = pktlen; - if(!cur_reply->reply_pkt) - error("out of memory"); - } - return current; - } else { - add_rr(skip_whitespace?parse:line, pktbuf, - sizeof(pktbuf), &pktlen, pstate, add_section, - name); - } - - } - if(reading_hex) { - error("%s: End of file reached while still reading hex, " - "missing HEX_ANSWER_END\n", name); - } - if(reading_hex_ednsdata) { - error("%s: End of file reached while still reading edns data, " - "missing HEX_EDNSDATA_END\n", name); - } - if(current) { - error("%s: End of file reached while reading entry. " - "missing ENTRY_END\n", name); - } - return 0; -} - -/* reads the canned reply file and returns a list of structs */ -struct entry* -read_datafile(const char* name, int skip_whitespace) -{ - struct entry* list = NULL; - struct entry* last = NULL; - struct entry* current = NULL; - FILE *in; - struct sldns_file_parse_state pstate; - int entry_num = 0; - memset(&pstate, 0, sizeof(pstate)); - - if((in=fopen(name, "r")) == NULL) { - error("could not open file %s: %s", name, strerror(errno)); - } - - while((current = read_entry(in, name, &pstate, skip_whitespace))) - { - if(last) - last->next = current; - else list = current; - last = current; - entry_num ++; - } - verbose(1, "%s: Read %d entries\n", prog_name, entry_num); - - fclose(in); - return list; -} - -/** get qtype from packet */ -static sldns_rr_type get_qtype(uint8_t* pkt, size_t pktlen) -{ - uint8_t* d; - size_t dl, sl=0; - char* snull = NULL; - if(pktlen < LDNS_HEADER_SIZE) - return 0; - if(LDNS_QDCOUNT(pkt) == 0) - return 0; - /* skip over dname with dname-scan routine */ - d = pkt+LDNS_HEADER_SIZE; - dl = pktlen-LDNS_HEADER_SIZE; - (void)sldns_wire2str_dname_scan(&d, &dl, &snull, &sl, pkt, pktlen); - if(dl < 2) - return 0; - return sldns_read_uint16(d); -} - -/** get qtype from packet */ -static size_t get_qname_len(uint8_t* pkt, size_t pktlen) -{ - uint8_t* d; - size_t dl, sl=0; - char* snull = NULL; - if(pktlen < LDNS_HEADER_SIZE) - return 0; - if(LDNS_QDCOUNT(pkt) == 0) - return 0; - /* skip over dname with dname-scan routine */ - d = pkt+LDNS_HEADER_SIZE; - dl = pktlen-LDNS_HEADER_SIZE; - (void)sldns_wire2str_dname_scan(&d, &dl, &snull, &sl, pkt, pktlen); - return pktlen-dl-LDNS_HEADER_SIZE; -} - -/** returns owner from packet */ -static uint8_t* get_qname(uint8_t* pkt, size_t pktlen) -{ - if(pktlen < LDNS_HEADER_SIZE) - return NULL; - if(LDNS_QDCOUNT(pkt) == 0) - return NULL; - return pkt+LDNS_HEADER_SIZE; -} - -/** returns opcode from packet */ -static int get_opcode(uint8_t* pkt, size_t pktlen) -{ - if(pktlen < LDNS_HEADER_SIZE) - return 0; - return (int)LDNS_OPCODE_WIRE(pkt); -} - -/** returns rcode from packet */ -static int get_rcode(uint8_t* pkt, size_t pktlen) -{ - if(pktlen < LDNS_HEADER_SIZE) - return 0; - return (int)LDNS_RCODE_WIRE(pkt); -} - -/** get authority section SOA serial value */ -static uint32_t get_serial(uint8_t* p, size_t plen) -{ - uint8_t* walk = p; - size_t walk_len = plen, sl=0; - char* snull = NULL; - uint16_t i; - - if(walk_len < LDNS_HEADER_SIZE) - return 0; - walk += LDNS_HEADER_SIZE; - walk_len -= LDNS_HEADER_SIZE; - - /* skip other records with wire2str_scan */ - for(i=0; i < LDNS_QDCOUNT(p); i++) - (void)sldns_wire2str_rrquestion_scan(&walk, &walk_len, - &snull, &sl, p, plen); - for(i=0; i < LDNS_ANCOUNT(p); i++) - (void)sldns_wire2str_rr_scan(&walk, &walk_len, &snull, &sl, - p, plen); - - /* walk through authority section */ - for(i=0; i < LDNS_NSCOUNT(p); i++) { - /* if this is SOA then get serial, skip compressed dname */ - uint8_t* dstart = walk; - size_t dlen = walk_len; - (void)sldns_wire2str_dname_scan(&dstart, &dlen, &snull, &sl, - p, plen); - if(dlen >= 2 && sldns_read_uint16(dstart) == LDNS_RR_TYPE_SOA) { - /* skip type, class, TTL, rdatalen */ - if(dlen < 10) - return 0; - if(dlen < 10 + (size_t)sldns_read_uint16(dstart+8)) - return 0; - dstart += 10; - dlen -= 10; - /* check third rdf */ - (void)sldns_wire2str_dname_scan(&dstart, &dlen, &snull, - &sl, p, plen); - (void)sldns_wire2str_dname_scan(&dstart, &dlen, &snull, - &sl, p, plen); - if(dlen < 4) - return 0; - verbose(3, "found serial %u in msg. ", - (int)sldns_read_uint32(dstart)); - return sldns_read_uint32(dstart); - } - /* move to next RR */ - (void)sldns_wire2str_rr_scan(&walk, &walk_len, &snull, &sl, - p, plen); - } - return 0; -} - -/** get ptr to EDNS OPT record (and remaining length); behind the type u16 */ -static int -pkt_find_edns_opt(uint8_t** p, size_t* plen) -{ - /* walk over the packet with scan routines */ - uint8_t* w = *p; - size_t wlen = *plen, sl=0; - char* snull = NULL; - uint16_t i; - - if(wlen < LDNS_HEADER_SIZE) - return 0; - w += LDNS_HEADER_SIZE; - wlen -= LDNS_HEADER_SIZE; - - /* skip other records with wire2str_scan */ - for(i=0; i < LDNS_QDCOUNT(*p); i++) - (void)sldns_wire2str_rrquestion_scan(&w, &wlen, &snull, &sl, - *p, *plen); - for(i=0; i < LDNS_ANCOUNT(*p); i++) - (void)sldns_wire2str_rr_scan(&w, &wlen, &snull, &sl, *p, *plen); - for(i=0; i < LDNS_NSCOUNT(*p); i++) - (void)sldns_wire2str_rr_scan(&w, &wlen, &snull, &sl, *p, *plen); - - /* walk through additional section */ - for(i=0; i < LDNS_ARCOUNT(*p); i++) { - /* if this is OPT then done */ - uint8_t* dstart = w; - size_t dlen = wlen; - (void)sldns_wire2str_dname_scan(&dstart, &dlen, &snull, &sl, - *p, *plen); - if(dlen >= 2 && sldns_read_uint16(dstart) == LDNS_RR_TYPE_OPT) { - *p = dstart+2; - *plen = dlen-2; - return 1; - } - /* move to next RR */ - (void)sldns_wire2str_rr_scan(&w, &wlen, &snull, &sl, *p, *plen); - } - return 0; -} - -/** return true if the packet has EDNS OPT record */ -static int -get_has_edns(uint8_t* pkt, size_t len) -{ - /* use arguments as temporary variables */ - return pkt_find_edns_opt(&pkt, &len); -} - -/** return true if the DO flag is set */ -static int -get_do_flag(uint8_t* pkt, size_t len) -{ - uint16_t edns_bits; - uint8_t* walk = pkt; - size_t walk_len = len; - if(!pkt_find_edns_opt(&walk, &walk_len)) { - return 0; - } - if(walk_len < 6) - return 0; /* malformed */ - edns_bits = sldns_read_uint16(walk+4); - return (int)(edns_bits&LDNS_EDNS_MASK_DO_BIT); -} - -/** zero TTLs in packet */ -static void -zerottls(uint8_t* pkt, size_t pktlen) -{ - uint8_t* walk = pkt; - size_t walk_len = pktlen, sl=0; - char* snull = NULL; - uint16_t i; - uint16_t num = LDNS_ANCOUNT(pkt)+LDNS_NSCOUNT(pkt)+LDNS_ARCOUNT(pkt); - if(walk_len < LDNS_HEADER_SIZE) - return; - walk += LDNS_HEADER_SIZE; - walk_len -= LDNS_HEADER_SIZE; - for(i=0; i < LDNS_QDCOUNT(pkt); i++) - (void)sldns_wire2str_rrquestion_scan(&walk, &walk_len, - &snull, &sl, pkt, pktlen); - for(i=0; i < num; i++) { - /* wipe TTL */ - uint8_t* dstart = walk; - size_t dlen = walk_len; - (void)sldns_wire2str_dname_scan(&dstart, &dlen, &snull, &sl, - pkt, pktlen); - if(dlen < 8) - return; - sldns_write_uint32(dstart+4, 0); - /* go to next RR */ - (void)sldns_wire2str_rr_scan(&walk, &walk_len, &snull, &sl, - pkt, pktlen); - } -} - -/** get one line (\n) from a string, move next to after the \n, zero \n */ -static int -get_line(char** s, char** n) -{ - /* at end of string? end */ - if(*n == NULL || **n == 0) - return 0; - /* result starts at next string */ - *s = *n; - /* find \n after that */ - *n = strchr(*s, '\n'); - if(*n && **n != 0) { - /* terminate line */ - (*n)[0] = 0; - (*n)++; - } - return 1; -} - -/** match two RR sections without ordering */ -static int -match_noloc_section(char** q, char** nq, char** p, char** np, uint16_t num) -{ - /* for max number of RRs in packet */ - const uint16_t numarray = 3000; - char* qlines[numarray], *plines[numarray]; - uint16_t i, j, numq=0, nump=0; - if(num > numarray) fatal_exit("too many RRs"); - /* gather lines */ - for(i=0; i_dname_count) { - sldns_rdf_type f = sldns_rr_descriptor_field_type(desc, i++); - if(f == LDNS_RDF_TYPE_DNAME) { - lowercase_dname(p, &rdataremain); - dname_count++; - } else if(f == LDNS_RDF_TYPE_STR) { - uint8_t len; - if(rdataremain == 0) return; - len = **p; - *p += len+1; - rdataremain -= len+1; - } else { - int len = 0; - switch(f) { - case LDNS_RDF_TYPE_CLASS: - case LDNS_RDF_TYPE_ALG: - case LDNS_RDF_TYPE_INT8: - len = 1; - break; - case LDNS_RDF_TYPE_INT16: - case LDNS_RDF_TYPE_TYPE: - case LDNS_RDF_TYPE_CERT_ALG: - len = 2; - break; - case LDNS_RDF_TYPE_INT32: - case LDNS_RDF_TYPE_TIME: - case LDNS_RDF_TYPE_A: - case LDNS_RDF_TYPE_PERIOD: - len = 4; - break; - case LDNS_RDF_TYPE_TSIGTIME: - len = 6; - break; - case LDNS_RDF_TYPE_AAAA: - len = 16; - break; - default: error("bad rdf type in lowercase %d", (int)f); - } - *p += len; - rdataremain -= len; - } - } - /* skip remainder of rdata */ - *p += rdataremain; - *remain -= rdatalen; -} - -/** lowercase all names in the message */ -static void lowercase_pkt(uint8_t* pkt, size_t pktlen) -{ - uint16_t i; - uint8_t* p = pkt; - size_t remain = pktlen; - uint16_t t, rdatalen; - if(pktlen < LDNS_HEADER_SIZE) - return; - p += LDNS_HEADER_SIZE; - remain -= LDNS_HEADER_SIZE; - for(i=0; i pslen && strcmp(qs + (qslen-pslen), ps) == 0 && - qslen + 2 >= pslen && /* space for label and dot */ - qs[qslen-pslen-1] == '.') { - unsigned int slashcount = 0; - size_t i = qslen-pslen-2; - while(i>0 && qs[i]=='\\') { - i++; - slashcount++; - } - if(slashcount%1 == 1) return 0; /* . preceded by \ */ - return 1; - } - return 0; -} - -/** Match OPT RDATA (not the EDNS payload size or flags) */ -static int -match_ednsdata(uint8_t* q, size_t qlen, uint8_t* p, size_t plen) -{ - uint8_t* walk_q = q; - size_t walk_qlen = qlen; - uint8_t* walk_p = p; - size_t walk_plen = plen; - - if(!pkt_find_edns_opt(&walk_q, &walk_qlen)) - walk_qlen = 0; - if(!pkt_find_edns_opt(&walk_p, &walk_plen)) - walk_plen = 0; - - /* class + ttl + rdlen = 8 */ - if(walk_qlen <= 8 && walk_plen <= 8) { - verbose(3, "NO edns opt, move on"); - return 1; - } - if(walk_qlen != walk_plen) - return 0; - - return (memcmp(walk_p+8, walk_q+8, walk_qlen-8) == 0); -} - -/* finds entry in list, or returns NULL */ -struct entry* -find_match(struct entry* entries, uint8_t* query_pkt, size_t len, - enum transport_type transport) -{ - struct entry* p = entries; - uint8_t* reply; - size_t rlen; - for(p=entries; p; p=p->next) { - verbose(3, "comparepkt: "); - reply = p->reply_list->reply_pkt; - rlen = p->reply_list->reply_len; - if(p->match_opcode && get_opcode(query_pkt, len) != - get_opcode(reply, rlen)) { - verbose(3, "bad opcode\n"); - continue; - } - if(p->match_qtype && get_qtype(query_pkt, len) != - get_qtype(reply, rlen)) { - verbose(3, "bad qtype %d %d\n", get_qtype(query_pkt, len), get_qtype(reply, rlen)); - continue; - } - if(p->match_qname) { - if(!equal_dname(query_pkt, len, reply, rlen)) { - verbose(3, "bad qname\n"); - continue; - } - } - if(p->match_rcode) { - if(get_rcode(query_pkt, len) != get_rcode(reply, rlen)) { - char *r1 = sldns_wire2str_rcode(get_rcode(query_pkt, len)); - char *r2 = sldns_wire2str_rcode(get_rcode(reply, rlen)); - verbose(3, "bad rcode %s instead of %s\n", - r1, r2); - free(r1); - free(r2); - continue; - } - } - if(p->match_question) { - if(!match_question(query_pkt, len, reply, rlen, - (int)p->match_ttl)) { - verbose(3, "bad question section\n"); - continue; - } - } - if(p->match_answer) { - if(!match_answer(query_pkt, len, reply, rlen, - (int)p->match_ttl)) { - verbose(3, "bad answer section\n"); - continue; - } - } - if(p->match_subdomain) { - if(!subdomain_dname(query_pkt, len, reply, rlen)) { - verbose(3, "bad subdomain\n"); - continue; - } - } - if(p->match_serial && get_serial(query_pkt, len) != p->ixfr_soa_serial) { - verbose(3, "bad serial\n"); - continue; - } - if(p->match_do && !get_do_flag(query_pkt, len)) { - verbose(3, "no DO bit set\n"); - continue; - } - if(p->match_noedns && get_has_edns(query_pkt, len)) { - verbose(3, "bad; EDNS OPT present\n"); - continue; - } - if(p->match_ednsdata_raw && - !match_ednsdata(query_pkt, len, reply, rlen)) { - verbose(3, "bad EDNS data match.\n"); - continue; - } - if(p->match_transport != transport_any && p->match_transport != transport) { - verbose(3, "bad transport\n"); - continue; - } - if(p->match_all && !match_all(query_pkt, len, reply, rlen, - (int)p->match_ttl, 0)) { - verbose(3, "bad allmatch\n"); - continue; - } - verbose(3, "match!\n"); - return p; - } - return NULL; -} - -void -adjust_packet(struct entry* match, uint8_t** answer_pkt, size_t *answer_len, - uint8_t* query_pkt, size_t query_len) -{ - uint8_t* orig = *answer_pkt; - size_t origlen = *answer_len; - uint8_t* res; - size_t reslen; - - /* perform the copy; if possible; must be uncompressed */ - if(match->copy_query && origlen >= LDNS_HEADER_SIZE && - query_len >= LDNS_HEADER_SIZE && LDNS_QDCOUNT(query_pkt)!=0 - && LDNS_QDCOUNT(orig)==0) { - /* no qname in output packet, insert it */ - size_t dlen = get_qname_len(query_pkt, query_len); - reslen = origlen + dlen + 4; - res = (uint8_t*)malloc(reslen); - if(!res) { - verbose(1, "out of memory; send without adjust\n"); - return; - } - /* copy the header, query, remainder */ - memcpy(res, orig, LDNS_HEADER_SIZE); - memmove(res+LDNS_HEADER_SIZE, query_pkt+LDNS_HEADER_SIZE, - dlen+4); - memmove(res+LDNS_HEADER_SIZE+dlen+4, orig+LDNS_HEADER_SIZE, - reslen-(LDNS_HEADER_SIZE+dlen+4)); - /* set QDCOUNT */ - sldns_write_uint16(res+4, 1); - } else if(match->copy_query && origlen >= LDNS_HEADER_SIZE && - query_len >= LDNS_HEADER_SIZE && LDNS_QDCOUNT(query_pkt)!=0 - && get_qname_len(orig, origlen) == 0) { - /* QDCOUNT(orig)!=0 but qlen == 0, therefore, an error */ - verbose(1, "error: malformed qname; send without adjust\n"); - res = memdup(orig, origlen); - reslen = origlen; - } else if(match->copy_query && origlen >= LDNS_HEADER_SIZE && - query_len >= LDNS_HEADER_SIZE && LDNS_QDCOUNT(query_pkt)!=0 - && LDNS_QDCOUNT(orig)!=0) { - /* in this case olen != 0 and QDCOUNT(orig)!=0 */ - /* copy query section */ - size_t dlen = get_qname_len(query_pkt, query_len); - size_t olen = get_qname_len(orig, origlen); - reslen = origlen + dlen - olen; - res = (uint8_t*)malloc(reslen); - if(!res) { - verbose(1, "out of memory; send without adjust\n"); - return; - } - /* copy the header, query, remainder */ - memcpy(res, orig, LDNS_HEADER_SIZE); - memmove(res+LDNS_HEADER_SIZE, query_pkt+LDNS_HEADER_SIZE, - dlen+4); - memmove(res+LDNS_HEADER_SIZE+dlen+4, - orig+LDNS_HEADER_SIZE+olen+4, - reslen-(LDNS_HEADER_SIZE+dlen+4)); - } else { - res = memdup(orig, origlen); - reslen = origlen; - } - if(!res) { - verbose(1, "out of memory; send without adjust\n"); - return; - } - /* copy the ID */ - if(match->copy_id && reslen >= 2) - res[1] = orig[1]; - if(match->copy_id && reslen >= 1) - res[0] = orig[0]; - - if(match->copy_ednsdata_assume_clientsubnet) { - /** Assume there is only one EDNS option, which is ECS. - * Copy source mask from query to scope mask in reply. Assume - * rest of ECS data in response (eg address) matches the query. - */ - uint8_t* walk_q = orig; - size_t walk_qlen = origlen; - uint8_t* walk_p = res; - size_t walk_plen = reslen; - - if(!pkt_find_edns_opt(&walk_q, &walk_qlen)) { - walk_qlen = 0; - } - if(!pkt_find_edns_opt(&walk_p, &walk_plen)) { - walk_plen = 0; - } - /* class + ttl + rdlen + optcode + optlen + ecs fam + ecs source - * + ecs scope = index 15 */ - if(walk_qlen >= 15 && walk_plen >= 15) { - walk_p[15] = walk_q[14]; - } - } - - if(match->sleeptime > 0) { - verbose(3, "sleeping for %d seconds\n", match->sleeptime); -#ifdef HAVE_SLEEP - sleep(match->sleeptime); -#else - Sleep(match->sleeptime * 1000); -#endif - } - *answer_pkt = res; - *answer_len = reslen; -} - -/* - * Parses data buffer to a query, finds the correct answer - * and calls the given function for every packet to send. - */ -void -handle_query(uint8_t* inbuf, ssize_t inlen, struct entry* entries, int* count, - enum transport_type transport, void (*sendfunc)(uint8_t*, size_t, void*), - void* userdata, FILE* verbose_out) -{ - struct reply_packet *p; - uint8_t *outbuf = NULL; - size_t outlen = 0; - struct entry* entry = NULL; - - verbose(1, "query %d: id %d: %s %d bytes: ", ++(*count), - (int)(inlen>=2?LDNS_ID_WIRE(inbuf):0), - (transport==transport_tcp)?"TCP":"UDP", (int)inlen); - if(verbose_out) { - char* out = sldns_wire2str_pkt(inbuf, (size_t)inlen); - printf("%s\n", out); - free(out); - } - - /* fill up answer packet */ - entry = find_match(entries, inbuf, (size_t)inlen, transport); - if(!entry || !entry->reply_list) { - verbose(1, "no answer packet for this query, no reply.\n"); - return; - } - for(p = entry->reply_list; p; p = p->next) - { - verbose(3, "Answer pkt:\n"); - if (p->reply_from_hex) { - /* try to adjust the hex packet, if it can be - * parsed, we can use adjust rules. if not, - * send packet literally */ - /* still try to adjust ID if others fail */ - outlen = sldns_buffer_limit(p->reply_from_hex); - outbuf = sldns_buffer_begin(p->reply_from_hex); - } else { - outbuf = p->reply_pkt; - outlen = p->reply_len; - } - if(!outbuf) { - verbose(1, "out of memory\n"); - return; - } - /* copies outbuf in memory allocation */ - adjust_packet(entry, &outbuf, &outlen, inbuf, (size_t)inlen); - verbose(1, "Answer packet size: %u bytes.\n", (unsigned int)outlen); - if(verbose_out) { - char* out = sldns_wire2str_pkt(outbuf, outlen); - printf("%s\n", out); - free(out); - } - if(p->packet_sleep) { - verbose(3, "sleeping for next packet %d secs\n", - p->packet_sleep); -#ifdef HAVE_SLEEP - sleep(p->packet_sleep); -#else - Sleep(p->packet_sleep * 1000); -#endif - verbose(3, "wakeup for next packet " - "(slept %d secs)\n", p->packet_sleep); - } - sendfunc(outbuf, outlen, userdata); - free(outbuf); - outbuf = NULL; - outlen = 0; - } -} - -/** delete the list of reply packets */ -void delete_replylist(struct reply_packet* replist) -{ - struct reply_packet *p=replist, *np; - while(p) { - np = p->next; - free(p->reply_pkt); - sldns_buffer_free(p->reply_from_hex); - sldns_buffer_free(p->raw_ednsdata); - free(p); - p=np; - } -} - -void delete_entry(struct entry* list) -{ - struct entry *p=list, *np; - while(p) { - np = p->next; - delete_replylist(p->reply_list); - free(p); - p = np; - } -} diff --git a/external/unbound/testcode/testpkts.h b/external/unbound/testcode/testpkts.h deleted file mode 100644 index b175cab06..000000000 --- a/external/unbound/testcode/testpkts.h +++ /dev/null @@ -1,290 +0,0 @@ -/* - * testpkts. Data file parse for test packets, and query matching. - * - * Data storage for specially crafted replies for testing purposes. - * - * (c) NLnet Labs, 2005, 2006, 2007 - * See the file LICENSE for the license - */ - -#ifndef TESTPKTS_H -#define TESTPKTS_H -struct sldns_buffer; -struct sldns_file_parse_state; - -/** - * \file - * - * This is a debugging aid. It is not efficient, especially - * with a long config file, but it can give any reply to any query. - * This can help the developer pre-script replies for queries. - * - * You can specify a packet RR by RR with header flags to return. - * - * Missing features: - * - matching content different from reply content. - * - find way to adjust mangled packets? - * - */ - - /* - The data file format is as follows: - - ; comment. - ; a number of entries, these are processed first to last. - ; a line based format. - - $ORIGIN origin - $TTL default_ttl - - ENTRY_BEGIN - ; first give MATCH lines, that say what queries are matched - ; by this entry. - ; 'opcode' makes the query match the opcode from the reply - ; if you leave it out, any opcode matches this entry. - ; 'qtype' makes the query match the qtype from the reply - ; 'qname' makes the query match the qname from the reply - ; 'subdomain' makes the query match subdomains of qname from the reply - ; 'serial=1023' makes the query match if ixfr serial is 1023. - ; 'all' has to match header byte for byte and all rrs in packet. - ; 'ttl' used with all, rrs in packet must also have matching TTLs. - ; 'DO' will match only queries with DO bit set. - ; 'noedns' matches queries without EDNS OPT records. - ; 'rcode' makes the query match the rcode from the reply - ; 'question' makes the query match the question section - ; 'answer' makes the query match the answer section - ; 'ednsdata' matches queries to HEX_EDNS section. - MATCH [opcode] [qtype] [qname] [serial=] [all] [ttl] - MATCH [UDP|TCP] DO - MATCH ... - ; Then the REPLY header is specified. - REPLY opcode, rcode or flags. - (opcode) QUERY IQUERY STATUS NOTIFY UPDATE - (rcode) NOERROR FORMERR SERVFAIL NXDOMAIN NOTIMPL YXDOMAIN - YXRRSET NXRRSET NOTAUTH NOTZONE - (flags) QR AA TC RD CD RA AD DO - REPLY ... - ; any additional actions to do. - ; 'copy_id' copies the ID from the query to the answer. - ADJUST copy_id - ; 'copy_query' copies the query name, type and class to the answer. - ADJUST copy_query - ; 'sleep=10' sleeps for 10 seconds before giving the answer (TCP is open) - ADJUST [sleep=] ; sleep before giving any reply - ADJUST [packet_sleep=] ; sleep before this packet in sequence - SECTION QUESTION - ; the RRcount is determined automatically. - SECTION ANSWER - - SECTION AUTHORITY - - SECTION ADDITIONAL - - EXTRA_PACKET ; follow with SECTION, REPLY for more packets. - HEX_ANSWER_BEGIN ; follow with hex data - ; this replaces any answer packet constructed - ; with the SECTION keywords (only SECTION QUERY - ; is used to match queries). If the data cannot - ; be parsed, ADJUST rules for the answer packet - ; are ignored. Only copy_id is done. - HEX_ANSWER_END - HEX_EDNS_BEGIN ; follow with hex data. - ; Raw EDNS data to match against. It must be an - ; exact match (all options are matched) and will be - ; evaluated only when 'MATCH ednsdata' given. - HEX_EDNS_END - ENTRY_END - - - Example data file: -$ORIGIN nlnetlabs.nl -$TTL 3600 - -ENTRY_BEGIN -MATCH qname -REPLY NOERROR -ADJUST copy_id -SECTION QUESTION -www.nlnetlabs.nl. IN A -SECTION ANSWER -www.nlnetlabs.nl. IN A 195.169.215.155 -SECTION AUTHORITY -nlnetlabs.nl. IN NS www.nlnetlabs.nl. -ENTRY_END - -ENTRY_BEGIN -MATCH qname -REPLY NOERROR -ADJUST copy_id -SECTION QUESTION -www2.nlnetlabs.nl. IN A -HEX_ANSWER_BEGIN -; 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 -;-- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- - 00 bf 81 80 00 01 00 01 00 02 00 02 03 77 77 77 0b 6b 61 6e ; 1- 20 - 61 72 69 65 70 69 65 74 03 63 6f 6d 00 00 01 00 01 03 77 77 ; 21- 40 - 77 0b 6b 61 6e 61 72 69 65 70 69 65 74 03 63 6f 6d 00 00 01 ; 41- 60 - 00 01 00 01 50 8b 00 04 52 5e ed 32 0b 6b 61 6e 61 72 69 65 ; 61- 80 - 70 69 65 74 03 63 6f 6d 00 00 02 00 01 00 01 50 8b 00 11 03 ; 81- 100 - 6e 73 31 08 68 65 78 6f 6e 2d 69 73 02 6e 6c 00 0b 6b 61 6e ; 101- 120 - 61 72 69 65 70 69 65 74 03 63 6f 6d 00 00 02 00 01 00 01 50 ; 121- 140 - 8b 00 11 03 6e 73 32 08 68 65 78 6f 6e 2d 69 73 02 6e 6c 00 ; 141- 160 - 03 6e 73 31 08 68 65 78 6f 6e 2d 69 73 02 6e 6c 00 00 01 00 ; 161- 180 - 01 00 00 46 53 00 04 52 5e ed 02 03 6e 73 32 08 68 65 78 6f ; 181- 200 - 6e 2d 69 73 02 6e 6c 00 00 01 00 01 00 00 46 53 00 04 d4 cc ; 201- 220 - db 5b -HEX_ANSWER_END -ENTRY_END - - - - note that this file will link with your - void verbose(int level, char* format, ...); output function. -*/ - -/** Type of transport, since some entries match based on UDP or TCP of query */ -enum transport_type {transport_any = 0, transport_udp, transport_tcp }; - -/** struct to keep a linked list of reply packets for a query */ -struct reply_packet { - /** next in list of reply packets, for TCP multiple pkts on wire */ - struct reply_packet* next; - /** the reply pkt */ - uint8_t* reply_pkt; - /** length of reply pkt */ - size_t reply_len; - /** Additional EDNS data for matching queries. */ - struct sldns_buffer* raw_ednsdata; - /** or reply pkt in hex if not parsable */ - struct sldns_buffer* reply_from_hex; - /** seconds to sleep before giving packet */ - unsigned int packet_sleep; -}; - -/** data structure to keep the canned queries in. - format is the 'matching query' and the 'canned answer' */ -struct entry { - /* match */ - /* How to match an incoming query with this canned reply */ - /** match query opcode with answer opcode */ - uint8_t match_opcode; - /** match qtype with answer qtype */ - uint8_t match_qtype; - /** match qname with answer qname */ - uint8_t match_qname; - /** match rcode with answer rcode */ - uint8_t match_rcode; - /** match question section */ - uint8_t match_question; - /** match answer section */ - uint8_t match_answer; - /** match qname as subdomain of answer qname */ - uint8_t match_subdomain; - /** match SOA serial number, from auth section */ - uint8_t match_serial; - /** match all of the packet */ - uint8_t match_all; - /** match ttls in the packet */ - uint8_t match_ttl; - /** match DO bit */ - uint8_t match_do; - /** match absence of EDNS OPT record in query */ - uint8_t match_noedns; - /** match edns data field given in hex */ - uint8_t match_ednsdata_raw; - /** match query serial with this value. */ - uint32_t ixfr_soa_serial; - /** match on UDP/TCP */ - enum transport_type match_transport; - - /** pre canned reply */ - struct reply_packet *reply_list; - - /** how to adjust the reply packet */ - /** copy over the ID from the query into the answer */ - uint8_t copy_id; - /** copy the query nametypeclass from query into the answer */ - uint8_t copy_query; - /** copy ednsdata to reply, assume it is clientsubnet and - * adjust scopemask to match sourcemask */ - uint8_t copy_ednsdata_assume_clientsubnet; - /** in seconds */ - unsigned int sleeptime; - - /** some number that names this entry, line number in file or so */ - int lineno; - - /** next in list */ - struct entry* next; -}; - -/** - * reads the canned reply file and returns a list of structs - * does an exit on error. - * @param name: name of the file to read. - * @param skip_whitespace: skip leftside whitespace. - */ -struct entry* read_datafile(const char* name, int skip_whitespace); - -/** - * Delete linked list of entries. - */ -void delete_entry(struct entry* list); - -/** - * Read one entry from the data file. - * @param in: file to read from. Filepos must be at the start of a new line. - * @param name: name of the file for prettier errors. - * @param pstate: file parse state with lineno, default_ttl, - * origin and prev_rr name. - * @param skip_whitespace: skip leftside whitespace. - * @return: The entry read (malloced) or NULL if no entry could be read. - */ -struct entry* read_entry(FILE* in, const char* name, - struct sldns_file_parse_state* pstate, int skip_whitespace); - -/** - * finds entry in list, or returns NULL. - */ -struct entry* find_match(struct entry* entries, uint8_t* query_pkt, - size_t query_pkt_len, enum transport_type transport); - -/** - * match two packets, all must match - * @param q: packet 1 - * @param qlen: length of q. - * @param p: packet 2 - * @param plen: length of p. - * @param mttl: if true, ttls must match, if false, ttls do not need to match - * @param noloc: if true, rrs may be reordered in their packet-section. - * rrs are then matches without location of the rr being important. - * @return true if matched. - */ -int match_all(uint8_t* q, size_t qlen, uint8_t* p, size_t plen, int mttl, - int noloc); - -/** - * copy & adjust packet, mallocs a copy. - */ -void adjust_packet(struct entry* match, uint8_t** answer_pkt, - size_t* answer_pkt_len, uint8_t* query_pkt, size_t query_pkt_len); - -/** - * Parses data buffer to a query, finds the correct answer - * and calls the given function for every packet to send. - * if verbose_out filename is given, packets are dumped there. - * @param inbuf: the packet that came in - * @param inlen: length of packet. - * @param entries: entries read in from datafile. - * @param count: is increased to count number of queries answered. - * @param transport: set to UDP or TCP to match some types of entries. - * @param sendfunc: called to send answer (buffer, size, userarg). - * @param userdata: userarg to give to sendfunc. - * @param verbose_out: if not NULL, verbose messages are printed there. - */ -void handle_query(uint8_t* inbuf, ssize_t inlen, struct entry* entries, - int* count, enum transport_type transport, - void (*sendfunc)(uint8_t*, size_t, void*), void* userdata, - FILE* verbose_out); - -#endif /* TESTPKTS_H */ diff --git a/external/unbound/testcode/unitanchor.c b/external/unbound/testcode/unitanchor.c deleted file mode 100644 index 8819c5ab6..000000000 --- a/external/unbound/testcode/unitanchor.c +++ /dev/null @@ -1,137 +0,0 @@ -/* - * testcode/unitanchor.c - unit test for trust anchor storage. - * - * Copyright (c) 2007, NLnet Labs. All rights reserved. - * - * This software is open source. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * Redistributions of source code must retain the above copyright notice, - * this list of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, - * this list of conditions and the following disclaimer in the documentation - * and/or other materials provided with the distribution. - * - * Neither the name of the NLNET LABS nor the names of its contributors may - * be used to endorse or promote products derived from this software without - * specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR - * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT - * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED - * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR - * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF - * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING - * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - * - */ -/** - * \file - * Calls trust anchor unit tests. Exits with code 1 on a failure. - */ - -#include "config.h" -#include "util/log.h" -#include "util/data/dname.h" -#include "testcode/unitmain.h" -#include "validator/val_anchor.h" -#include "sldns/sbuffer.h" -#include "sldns/rrdef.h" - -/** test empty set */ -static void -test_anchor_empty(struct val_anchors* a) -{ - uint16_t c = LDNS_RR_CLASS_IN; - unit_assert(anchors_lookup(a, (uint8_t*)"\000", 1, c) == NULL); - unit_assert(anchors_lookup(a, (uint8_t*)"\003com\000", 5, c) == NULL); - unit_assert(anchors_lookup(a, - (uint8_t*)"\007example\003com\000", 11, c) == NULL); - unit_assert(anchors_lookup(a, (uint8_t*)"\002nl\000", 4, c) == NULL); - unit_assert(anchors_lookup(a, - (uint8_t*)"\004labs\002nl\000", 9, c) == NULL); - unit_assert(anchors_lookup(a, - (uint8_t*)"\004fabs\002nl\000", 9, c) == NULL); -} - -/** test set of one anchor */ -static void -test_anchor_one(sldns_buffer* buff, struct val_anchors* a) -{ - struct trust_anchor* ta; - uint16_t c = LDNS_RR_CLASS_IN; - unit_assert(anchor_store_str(a, buff, - "nl. DS 42860 5 1 14D739EB566D2B1A5E216A0BA4D17FA9B038BE4A")); - unit_assert(anchors_lookup(a, (uint8_t*)"\000", 1, c) == NULL); - unit_assert(anchors_lookup(a, (uint8_t*)"\003com\000", 5, c) == NULL); - unit_assert(anchors_lookup(a, - (uint8_t*)"\007example\003com\000", 11, c) == NULL); - - unit_assert((ta=anchors_lookup(a, - (uint8_t*)"\002nl\000", 4, c)) != NULL); - lock_basic_unlock(&ta->lock); - - unit_assert((ta=anchors_lookup(a, - (uint8_t*)"\004labs\002nl\000", 9, c)) != NULL); - lock_basic_unlock(&ta->lock); - - unit_assert((ta=anchors_lookup(a, - (uint8_t*)"\004fabs\002nl\000", 9, c)) != NULL); - lock_basic_unlock(&ta->lock); - - unit_assert(anchors_lookup(a, (uint8_t*)"\002oo\000", 4, c) == NULL); -} - -/** test with several anchors */ -static void -test_anchors(sldns_buffer* buff, struct val_anchors* a) -{ - struct trust_anchor* ta; - uint16_t c = LDNS_RR_CLASS_IN; - unit_assert(anchor_store_str(a, buff, - "labs.nl. DS 42860 5 1 14D739EB566D2B1A5E216A0BA4D17FA9B038BE4A")); - unit_assert(anchors_lookup(a, (uint8_t*)"\000", 1, c) == NULL); - unit_assert(anchors_lookup(a, (uint8_t*)"\003com\000", 5, c) == NULL); - unit_assert(anchors_lookup(a, - (uint8_t*)"\007example\003com\000", 11, c) == NULL); - - unit_assert(ta = anchors_lookup(a, (uint8_t*)"\002nl\000", 4, c)); - unit_assert(query_dname_compare(ta->name, (uint8_t*)"\002nl\000")==0); - lock_basic_unlock(&ta->lock); - - unit_assert(ta = anchors_lookup(a, - (uint8_t*)"\004labs\002nl\000", 9, c)); - unit_assert(query_dname_compare(ta->name, - (uint8_t*)"\004labs\002nl\000") == 0); - lock_basic_unlock(&ta->lock); - - unit_assert(ta = anchors_lookup(a, - (uint8_t*)"\004fabs\002nl\000", 9, c)); - unit_assert(query_dname_compare(ta->name, - (uint8_t*)"\002nl\000") == 0); - lock_basic_unlock(&ta->lock); - - unit_assert(anchors_lookup(a, (uint8_t*)"\002oo\000", 4, c) == NULL); -} - -void anchors_test(void) -{ - sldns_buffer* buff = sldns_buffer_new(65800); - struct val_anchors* a; - unit_show_feature("trust anchor store"); - unit_assert(a = anchors_create()); - sldns_buffer_flip(buff); - test_anchor_empty(a); - test_anchor_one(buff, a); - test_anchors(buff, a); - anchors_delete(a); - sldns_buffer_free(buff); -} diff --git a/external/unbound/testcode/unitdname.c b/external/unbound/testcode/unitdname.c deleted file mode 100644 index 238c3edf7..000000000 --- a/external/unbound/testcode/unitdname.c +++ /dev/null @@ -1,861 +0,0 @@ -/* - * testcode/unitdname.c - unit test for dname routines. - * - * Copyright (c) 2007, NLnet Labs. All rights reserved. - * - * This software is open source. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * Redistributions of source code must retain the above copyright notice, - * this list of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, - * this list of conditions and the following disclaimer in the documentation - * and/or other materials provided with the distribution. - * - * Neither the name of the NLNET LABS nor the names of its contributors may - * be used to endorse or promote products derived from this software without - * specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR - * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT - * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED - * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR - * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF - * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING - * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - * - */ -/** - * \file - * Calls dname unit tests. Exits with code 1 on a failure. - */ - -#include "config.h" -#include "util/log.h" -#include "testcode/unitmain.h" -#include "util/data/dname.h" -#include "sldns/sbuffer.h" -#include "sldns/str2wire.h" - -/** put dname into buffer */ -static sldns_buffer* -dname_to_buf(sldns_buffer* b, const char* str) -{ - int e; - size_t len = sldns_buffer_capacity(b); - sldns_buffer_clear(b); - e = sldns_str2wire_dname_buf(str, sldns_buffer_begin(b), &len); - if(e != 0) - fatal_exit("%s ldns: %s", __func__, - sldns_get_errorstr_parse(e)); - sldns_buffer_set_position(b, len); - sldns_buffer_flip(b); - return b; -} - -/** test query_dname_len function */ -static void -dname_test_qdl(sldns_buffer* buff) -{ - unit_show_func("util/data/dname.c", "query_dname_len"); - unit_assert( query_dname_len(buff) == 0); - unit_assert( query_dname_len(dname_to_buf(buff, ".")) == 1 ); - unit_assert( query_dname_len(dname_to_buf(buff, "bla.foo.")) == 9 ); - unit_assert( query_dname_len(dname_to_buf(buff, "x.y.z.example.com." - )) == 19 ); -} - -/** test query_dname_tolower */ -static void -dname_test_qdtl(sldns_buffer* buff) -{ - unit_show_func("util/data/dname.c", "query_dname_tolower"); - sldns_buffer_write_at(buff, 0, "\012abCDeaBCde\003cOm\000", 16); - query_dname_tolower(sldns_buffer_begin(buff)); - unit_assert( memcmp(sldns_buffer_begin(buff), - "\012abcdeabcde\003com\000", 16) == 0); - - sldns_buffer_write_at(buff, 0, "\001+\012abC{e-ZYXe\003NET\000", 18); - query_dname_tolower(sldns_buffer_begin(buff)); - unit_assert( memcmp(sldns_buffer_begin(buff), - "\001+\012abc{e-zyxe\003net\000", 18) == 0); - - sldns_buffer_write_at(buff, 0, "\000", 1); - query_dname_tolower(sldns_buffer_begin(buff)); - unit_assert( memcmp(sldns_buffer_begin(buff), "\000", 1) == 0); - - sldns_buffer_write_at(buff, 0, "\002NL\000", 4); - query_dname_tolower(sldns_buffer_begin(buff)); - unit_assert( memcmp(sldns_buffer_begin(buff), "\002nl\000", 4) == 0); -} - -/** test query_dname_compare */ -static void -dname_test_query_dname_compare(void) -{ - unit_show_func("util/data/dname.c", "query_dname_compare"); - unit_assert(query_dname_compare((uint8_t*)"", (uint8_t*)"") == 0); - unit_assert(query_dname_compare((uint8_t*)"\001a", - (uint8_t*)"\001a") == 0); - unit_assert(query_dname_compare((uint8_t*)"\003abc\001a", - (uint8_t*)"\003abc\001a") == 0); - unit_assert(query_dname_compare((uint8_t*)"\003aBc\001a", - (uint8_t*)"\003AbC\001A") == 0); - unit_assert(query_dname_compare((uint8_t*)"\003abc", - (uint8_t*)"\003abc\001a") == -1); - unit_assert(query_dname_compare((uint8_t*)"\003abc\001a", - (uint8_t*)"\003abc") == +1); - unit_assert(query_dname_compare((uint8_t*)"\003abc\001a", - (uint8_t*)"") == +1); - unit_assert(query_dname_compare((uint8_t*)"", - (uint8_t*)"\003abc\001a") == -1); - unit_assert(query_dname_compare((uint8_t*)"\003abc\001a", - (uint8_t*)"\003xxx\001a") == -1); - unit_assert(query_dname_compare((uint8_t*)"\003axx\001a", - (uint8_t*)"\003abc\001a") == 1); - unit_assert(query_dname_compare((uint8_t*)"\003abc\001a", - (uint8_t*)"\003abc\001Z") == -1); - unit_assert(query_dname_compare((uint8_t*)"\003abc\001Z", - (uint8_t*)"\003abc\001a") == 1); -} - -/** test dname_count_labels */ -static void -dname_test_count_labels(void) -{ - unit_show_func("util/data/dname.c", "dname_count_labels"); - unit_assert(dname_count_labels((uint8_t*)"") == 1); - unit_assert(dname_count_labels((uint8_t*)"\003com") == 2); - unit_assert(dname_count_labels((uint8_t*)"\003org") == 2); - unit_assert(dname_count_labels((uint8_t*)"\007example\003com") == 3); - unit_assert(dname_count_labels((uint8_t*)"\003bla\007example\003com") - == 4); -} - -/** test dname_count_size_labels */ -static void -dname_test_count_size_labels(void) -{ - size_t sz = 0; - unit_show_func("util/data/dname.c", "dname_count_size_labels"); - unit_assert(dname_count_size_labels((uint8_t*)"", &sz) == 1); - unit_assert(sz == 1); - unit_assert(dname_count_size_labels((uint8_t*)"\003com", &sz) == 2); - unit_assert(sz == 5); - unit_assert(dname_count_size_labels((uint8_t*)"\003org", &sz) == 2); - unit_assert(sz == 5); - unit_assert(dname_count_size_labels((uint8_t*)"\007example\003com", - &sz) == 3); - unit_assert(sz == 13); - unit_assert(dname_count_size_labels((uint8_t*)"\003bla\007example" - "\003com", &sz) == 4); - unit_assert(sz == 17); -} - - -/** test pkt_dname_len */ -static void -dname_test_pkt_dname_len(sldns_buffer* buff) -{ - unit_show_func("util/data/dname.c", "pkt_dname_len"); - sldns_buffer_clear(buff); - sldns_buffer_write(buff, "\000", 1); - sldns_buffer_flip(buff); - unit_assert( pkt_dname_len(buff) == 1 ); - unit_assert( sldns_buffer_position(buff) == 1); - - sldns_buffer_clear(buff); - sldns_buffer_write(buff, "\003org\000", 5); - sldns_buffer_flip(buff); - unit_assert( pkt_dname_len(buff) == 5 ); - unit_assert( sldns_buffer_position(buff) == 5); - - sldns_buffer_clear(buff); - sldns_buffer_write(buff, "\002os\007example\003org\000", 16); - sldns_buffer_flip(buff); - unit_assert( pkt_dname_len(buff) == 16 ); - unit_assert( sldns_buffer_position(buff) == 16); - - /* invalid compression pointer: to self */ - sldns_buffer_clear(buff); - sldns_buffer_write(buff, "\300\000os\007example\003org\000", 17); - sldns_buffer_flip(buff); - unit_assert( pkt_dname_len(buff) == 0 ); - - /* valid compression pointer */ - sldns_buffer_clear(buff); - sldns_buffer_write(buff, "\003com\000\040\300\000", 8); - sldns_buffer_flip(buff); - sldns_buffer_set_position(buff, 6); - unit_assert( pkt_dname_len(buff) == 5 ); - unit_assert( sldns_buffer_position(buff) == 8); - - /* unknown label type */ - sldns_buffer_clear(buff); - sldns_buffer_write(buff, "\002os\107example\003org\000", 16); - sldns_buffer_flip(buff); - unit_assert( pkt_dname_len(buff) == 0 ); - - /* label too long */ - sldns_buffer_clear(buff); - sldns_buffer_write(buff, "\002os\047example\003org\000", 16); - sldns_buffer_flip(buff); - unit_assert( pkt_dname_len(buff) == 0 ); - - /* label exceeds packet */ - sldns_buffer_clear(buff); - sldns_buffer_write(buff, "\002os\007example\007org\004", 16); - sldns_buffer_flip(buff); - unit_assert( pkt_dname_len(buff) == 0 ); - - /* name very long */ - sldns_buffer_clear(buff); - sldns_buffer_write(buff, - "\020a1cdef5555544444" - "\020a2cdef5555544444" - "\020a3cdef5555544444" - "\020a4cdef5555544444" - "\020a5cdef5555544444" - "\020a6cdef5555544444" - "\020a7cdef5555544444" - "\020a8cdef5555544444" - "\020a9cdef5555544444" - "\020aAcdef5555544444" - "\020aBcdef5555544444" - "\020aCcdef5555544444" - "\020aDcdef5555544444" - "\020aEcdef5555544444" /* 238 up to here */ - "\007aabbccd" /* 246 up to here */ - "\007example\000" /* 255 to here */ - , 255); - sldns_buffer_flip(buff); - unit_assert( pkt_dname_len(buff) == 255 ); - unit_assert( sldns_buffer_position(buff) == 255); - - /* name too long */ - sldns_buffer_clear(buff); - sldns_buffer_write(buff, - "\020a1cdef5555544444" - "\020a2cdef5555544444" - "\020a3cdef5555544444" - "\020a4cdef5555544444" - "\020a5cdef5555544444" - "\020a6cdef5555544444" - "\020a7cdef5555544444" - "\020a8cdef5555544444" - "\020a9cdef5555544444" - "\020aAcdef5555544444" - "\020aBcdef5555544444" - "\020aCcdef5555544444" - "\020aXcdef5555544444" - "\020aXcdef5555544444" - "\020aXcdef5555544444" - "\020aDcdef5555544444" - "\020aEcdef5555544444" /* 238 up to here */ - "\007aabbccd" /* 246 up to here */ - "\007example\000" /* 255 to here */ - , 255); - sldns_buffer_flip(buff); - unit_assert( pkt_dname_len(buff) == 0 ); -} - -/** test dname_lab_cmp */ -static void -dname_test_dname_lab_cmp(void) -{ - int ml = 0; /* number of labels that matched exactly */ - unit_show_func("util/data/dname.c", "dname_lab_cmp"); - - /* test for equality succeeds */ - unit_assert(dname_lab_cmp((uint8_t*)"", 1, (uint8_t*)"", 1, &ml) == 0); - unit_assert(ml == 1); - unit_assert(dname_lab_cmp( - (uint8_t*)"\003net", 2, - (uint8_t*)"\003net", 2, - &ml) == 0); - unit_assert(ml == 2); - unit_assert(dname_lab_cmp( - (uint8_t*)"\007example\003net", 3, - (uint8_t*)"\007example\003net", 3, - &ml) == 0); - unit_assert(ml == 3); - unit_assert(dname_lab_cmp( - (uint8_t*)"\004test\007example\003net", 4, - (uint8_t*)"\004test\007example\003net", 4, - &ml) == 0); - unit_assert(ml == 4); - - /* root is smaller than anything else */ - unit_assert(dname_lab_cmp( - (uint8_t*)"", 1, - (uint8_t*)"\003net", 2, - &ml) == -1); - unit_assert(ml == 1); - unit_assert(dname_lab_cmp( - (uint8_t*)"\003net", 2, - (uint8_t*)"", 1, - &ml) == 1); - unit_assert(ml == 1); - unit_assert(dname_lab_cmp( - (uint8_t*)"", 1, - (uint8_t*)"\007example\003net", 3, - &ml) == -1); - unit_assert(ml == 1); - unit_assert(dname_lab_cmp( - (uint8_t*)"\007example\003net", 3, - (uint8_t*)"", 1, - &ml) == 1); - unit_assert(ml == 1); - - /* label length makes a difference */ - unit_assert(dname_lab_cmp( - (uint8_t*)"\004neta", 2, - (uint8_t*)"\003net", 2, - &ml) != 0); - unit_assert(ml == 1); - unit_assert(dname_lab_cmp( - (uint8_t*)"\002ne", 2, - (uint8_t*)"\004neta", 2, - &ml) != 0); - unit_assert(ml == 1); - - /* contents follow the zone apex */ - unit_assert(dname_lab_cmp( - (uint8_t*)"\003bla\007example\003net", 4, - (uint8_t*)"\007example\003net", 3, - &ml) == 1); - unit_assert(ml == 3); - unit_assert(dname_lab_cmp( - (uint8_t*)"\007example\003net", 3, - (uint8_t*)"\003bla\007example\003net", 4, - &ml) == -1); - unit_assert(ml == 3); - - /* label content makes a difference */ - unit_assert(dname_lab_cmp( - (uint8_t*)"\003aag\007example\003net", 4, - (uint8_t*)"\003bla\007example\003net", 4, - &ml) == -1); - unit_assert(ml == 3); - unit_assert(dname_lab_cmp( - (uint8_t*)"\003aag\007example\003net", 4, - (uint8_t*)"\003bla\007example\003net", 4, - &ml) == -1); - unit_assert(ml == 3); - unit_assert(dname_lab_cmp( - (uint8_t*)"\003bla\003aag\007example\003net", 5, - (uint8_t*)"\003aag\003bla\007example\003net", 5, - &ml) == -1); - unit_assert(ml == 3); - unit_assert(dname_lab_cmp( - (uint8_t*)"\02sn\003opt\003aag\007example\003net", 6, - (uint8_t*)"\02sn\003opt\003bla\007example\003net", 6, - &ml) == -1); - unit_assert(ml == 3); - - /* but lowercase/uppercase does not make a difference. */ - unit_assert(dname_lab_cmp( - (uint8_t*)"\003bLa\007examPLe\003net", 4, - (uint8_t*)"\003bla\007eXAmple\003nET", 4, - &ml) == 0); - unit_assert(ml == 4); -} - -/** test dname_subdomain_c */ -static void -dname_test_subdomain(void) -{ - unit_show_func("util/data/dname.c", "dname_subdomain"); - unit_assert(dname_subdomain_c( - (uint8_t*)"", - (uint8_t*)"")); - unit_assert(dname_subdomain_c( - (uint8_t*)"\003com", - (uint8_t*)"")); - unit_assert(!dname_subdomain_c( - (uint8_t*)"", - (uint8_t*)"\003com")); - unit_assert(dname_subdomain_c( - (uint8_t*)"\007example\003com", - (uint8_t*)"\003com")); - unit_assert(!dname_subdomain_c( - (uint8_t*)"\003com", - (uint8_t*)"\007example\003com")); - unit_assert(dname_subdomain_c( - (uint8_t*)"\007example\003com", - (uint8_t*)"")); - unit_assert(!dname_subdomain_c( - (uint8_t*)"\003net", - (uint8_t*)"\003com")); - unit_assert(!dname_subdomain_c( - (uint8_t*)"\003net", - (uint8_t*)"\003org")); - unit_assert(!dname_subdomain_c( - (uint8_t*)"\007example\003net", - (uint8_t*)"\003org")); - unit_assert(!dname_subdomain_c( - (uint8_t*)"\003net", - (uint8_t*)"\007example\003org")); -} - -/** test dname_strict_subdomain */ -static void -dname_test_strict_subdomain(void) -{ - unit_show_func("util/data/dname.c", "dname_strict_subdomain"); - unit_assert(!dname_strict_subdomain( - (uint8_t*)"", 1, - (uint8_t*)"", 1)); - unit_assert(dname_strict_subdomain( - (uint8_t*)"\003com", 2, - (uint8_t*)"", 1)); - unit_assert(!dname_strict_subdomain( - (uint8_t*)"", 1, - (uint8_t*)"\003com", 2)); - unit_assert(dname_strict_subdomain( - (uint8_t*)"\007example\003com", 3, - (uint8_t*)"\003com", 2)); - unit_assert(!dname_strict_subdomain( - (uint8_t*)"\003com", 2, - (uint8_t*)"\007example\003com", 3)); - unit_assert(dname_strict_subdomain( - (uint8_t*)"\007example\003com", 3, - (uint8_t*)"", 1)); - unit_assert(!dname_strict_subdomain( - (uint8_t*)"\003net", 2, - (uint8_t*)"\003com", 2)); - unit_assert(!dname_strict_subdomain( - (uint8_t*)"\003net", 2, - (uint8_t*)"\003org", 2)); - unit_assert(!dname_strict_subdomain( - (uint8_t*)"\007example\003net", 3, - (uint8_t*)"\003org", 2)); - unit_assert(!dname_strict_subdomain( - (uint8_t*)"\003net", 2, - (uint8_t*)"\007example\003org", 3)); -} - -/** test dname_is_root */ -static void -dname_test_isroot(void) -{ - unit_show_func("util/data/dname.c", "dname_isroot"); - unit_assert(dname_is_root((uint8_t*)"\000")); - unit_assert(!dname_is_root((uint8_t*)"\001a\000")); - unit_assert(!dname_is_root((uint8_t*)"\005abvcd\003com\000")); - /* malformed dname in this test, but should work */ - unit_assert(!dname_is_root((uint8_t*)"\077a\000")); - unit_assert(dname_is_root((uint8_t*)"\000")); -} - -/** test dname_remove_label */ -static void -dname_test_removelabel(void) -{ - uint8_t* orig = (uint8_t*)"\007example\003com\000"; - uint8_t* n = orig; - size_t l = 13; - unit_show_func("util/data/dname.c", "dname_remove_label"); - dname_remove_label(&n, &l); - unit_assert( n == orig+8 ); - unit_assert( l == 5 ); - dname_remove_label(&n, &l); - unit_assert( n == orig+12 ); - unit_assert( l == 1 ); - dname_remove_label(&n, &l); - unit_assert( n == orig+12 ); - unit_assert( l == 1 ); -} - -/** test dname_signame_label_count */ -static void -dname_test_sigcount(void) -{ - unit_show_func("util/data/dname.c", "dname_signame_label_count"); - unit_assert(dname_signame_label_count((uint8_t*)"\000") == 0); - unit_assert(dname_signame_label_count((uint8_t*)"\001*\000") == 0); - unit_assert(dname_signame_label_count((uint8_t*)"\003xom\000") == 1); - unit_assert(dname_signame_label_count( - (uint8_t*)"\001*\003xom\000") == 1); - unit_assert(dname_signame_label_count( - (uint8_t*)"\007example\003xom\000") == 2); - unit_assert(dname_signame_label_count( - (uint8_t*)"\001*\007example\003xom\000") == 2); - unit_assert(dname_signame_label_count( - (uint8_t*)"\003www\007example\003xom\000") == 3); - unit_assert(dname_signame_label_count( - (uint8_t*)"\001*\003www\007example\003xom\000") == 3); -} - -/** test dname_is_wild routine */ -static void -dname_test_iswild(void) -{ - unit_show_func("util/data/dname.c", "dname_iswild"); - unit_assert( !dname_is_wild((uint8_t*)"\000") ); - unit_assert( dname_is_wild((uint8_t*)"\001*\000") ); - unit_assert( !dname_is_wild((uint8_t*)"\003net\000") ); - unit_assert( dname_is_wild((uint8_t*)"\001*\003net\000") ); -} - -/** test dname_canonical_compare */ -static void -dname_test_canoncmp(void) -{ - unit_show_func("util/data/dname.c", "dname_canonical_compare"); - /* equality */ - unit_assert( dname_canonical_compare( - (uint8_t*)"\000", - (uint8_t*)"\000" - ) == 0); - unit_assert( dname_canonical_compare( - (uint8_t*)"\003net\000", - (uint8_t*)"\003net\000" - ) == 0); - unit_assert( dname_canonical_compare( - (uint8_t*)"\007example\003net\000", - (uint8_t*)"\007example\003net\000" - ) == 0); - unit_assert( dname_canonical_compare( - (uint8_t*)"\004test\007example\003net\000", - (uint8_t*)"\004test\007example\003net\000" - ) == 0); - - /* subdomains */ - unit_assert( dname_canonical_compare( - (uint8_t*)"\003com", - (uint8_t*)"\000" - ) == 1); - unit_assert( dname_canonical_compare( - (uint8_t*)"\000", - (uint8_t*)"\003com" - ) == -1); - unit_assert( dname_canonical_compare( - (uint8_t*)"\007example\003com", - (uint8_t*)"\003com" - ) == 1); - unit_assert( dname_canonical_compare( - (uint8_t*)"\003com", - (uint8_t*)"\007example\003com" - ) == -1); - unit_assert( dname_canonical_compare( - (uint8_t*)"\007example\003com", - (uint8_t*)"\000" - ) == 1); - unit_assert( dname_canonical_compare( - (uint8_t*)"\000", - (uint8_t*)"\007example\003com" - ) == -1); - - /* compare rightmost label */ - unit_assert( dname_canonical_compare( - (uint8_t*)"\003com", - (uint8_t*)"\003net" - ) == -1); - unit_assert( dname_canonical_compare( - (uint8_t*)"\003net", - (uint8_t*)"\003com" - ) == 1); - unit_assert( dname_canonical_compare( - (uint8_t*)"\003net", - (uint8_t*)"\003org" - ) == -1); - unit_assert( dname_canonical_compare( - (uint8_t*)"\007example\003net", - (uint8_t*)"\003org" - ) == -1); - unit_assert( dname_canonical_compare( - (uint8_t*)"\003org", - (uint8_t*)"\007example\003net" - ) == 1); - - /* label length makes a difference; but only if rest is equal */ - unit_assert( dname_canonical_compare( - (uint8_t*)"\004neta", - (uint8_t*)"\003net" - ) == 1); - unit_assert( dname_canonical_compare( - (uint8_t*)"\002ne", - (uint8_t*)"\004neta" - ) == -1); - - /* label content */ - unit_assert( dname_canonical_compare( - (uint8_t*)"\003aag\007example\003net", - (uint8_t*)"\003bla\007example\003net" - ) == -1); - unit_assert( dname_canonical_compare( - (uint8_t*)"\003bla\007example\003net", - (uint8_t*)"\003aag\007example\003net" - ) == 1); - unit_assert( dname_canonical_compare( - (uint8_t*)"\003bla\003aag\007example\003net", - (uint8_t*)"\003aag\003bla\007example\003net" - ) == -1); - unit_assert( dname_canonical_compare( - (uint8_t*)"\02sn\003opt\003aag\007example\003net", - (uint8_t*)"\02sn\003opt\003bla\007example\003net" - ) == -1); - - /* lowercase during compare */ - unit_assert( dname_canonical_compare( - (uint8_t*)"\003bLa\007examPLe\003net", - (uint8_t*)"\003bla\007eXAmple\003nET" - ) == 0); - - /* example from 4034 */ - /* example a.example yljkjljk.a.example Z.a.example zABC.a.EXAMPLE - z.example \001.z.example *.z.example \200.z.example */ - unit_assert( dname_canonical_compare( - (uint8_t*)"", - (uint8_t*)"\007example" - ) == -1); - unit_assert( dname_canonical_compare( - (uint8_t*)"\007example", - (uint8_t*)"\001a\007example" - ) == -1); - unit_assert( dname_canonical_compare( - (uint8_t*)"\001a\007example", - (uint8_t*)"\010yljkjljk\001a\007example" - ) == -1); - unit_assert( dname_canonical_compare( - (uint8_t*)"\010yljkjljk\001a\007example", - (uint8_t*)"\001Z\001a\007example" - ) == -1); - unit_assert( dname_canonical_compare( - (uint8_t*)"\001Z\001a\007example", - (uint8_t*)"\004zABC\001a\007EXAMPLE" - ) == -1); - unit_assert( dname_canonical_compare( - (uint8_t*)"\004zABC\001a\007EXAMPLE", - (uint8_t*)"\001z\007example" - ) == -1); - unit_assert( dname_canonical_compare( - (uint8_t*)"\001z\007example", - (uint8_t*)"\001\001\001z\007example" - ) == -1); - unit_assert( dname_canonical_compare( - (uint8_t*)"\001\001\001z\007example", - (uint8_t*)"\001*\001z\007example" - ) == -1); - unit_assert( dname_canonical_compare( - (uint8_t*)"\001*\001z\007example", - (uint8_t*)"\001\200\001z\007example" - ) == -1); - /* same example in reverse */ - unit_assert( dname_canonical_compare( - (uint8_t*)"\007example", - (uint8_t*)"" - ) == 1); - unit_assert( dname_canonical_compare( - (uint8_t*)"\001a\007example", - (uint8_t*)"\007example" - ) == 1); - unit_assert( dname_canonical_compare( - (uint8_t*)"\010yljkjljk\001a\007example", - (uint8_t*)"\001a\007example" - ) == 1); - unit_assert( dname_canonical_compare( - (uint8_t*)"\001Z\001a\007example", - (uint8_t*)"\010yljkjljk\001a\007example" - ) == 1); - unit_assert( dname_canonical_compare( - (uint8_t*)"\004zABC\001a\007EXAMPLE", - (uint8_t*)"\001Z\001a\007example" - ) == 1); - unit_assert( dname_canonical_compare( - (uint8_t*)"\001z\007example", - (uint8_t*)"\004zABC\001a\007EXAMPLE" - ) == 1); - unit_assert( dname_canonical_compare( - (uint8_t*)"\001\001\001z\007example", - (uint8_t*)"\001z\007example" - ) == 1); - unit_assert( dname_canonical_compare( - (uint8_t*)"\001*\001z\007example", - (uint8_t*)"\001\001\001z\007example" - ) == 1); - unit_assert( dname_canonical_compare( - (uint8_t*)"\001\200\001z\007example", - (uint8_t*)"\001*\001z\007example" - ) == 1); - /* same example for equality */ - unit_assert( dname_canonical_compare( - (uint8_t*)"\007example", - (uint8_t*)"\007example" - ) == 0); - unit_assert( dname_canonical_compare( - (uint8_t*)"\001a\007example", - (uint8_t*)"\001a\007example" - ) == 0); - unit_assert( dname_canonical_compare( - (uint8_t*)"\010yljkjljk\001a\007example", - (uint8_t*)"\010yljkjljk\001a\007example" - ) == 0); - unit_assert( dname_canonical_compare( - (uint8_t*)"\001Z\001a\007example", - (uint8_t*)"\001Z\001a\007example" - ) == 0); - unit_assert( dname_canonical_compare( - (uint8_t*)"\004zABC\001a\007EXAMPLE", - (uint8_t*)"\004zABC\001a\007EXAMPLE" - ) == 0); - unit_assert( dname_canonical_compare( - (uint8_t*)"\001z\007example", - (uint8_t*)"\001z\007example" - ) == 0); - unit_assert( dname_canonical_compare( - (uint8_t*)"\001\001\001z\007example", - (uint8_t*)"\001\001\001z\007example" - ) == 0); - unit_assert( dname_canonical_compare( - (uint8_t*)"\001*\001z\007example", - (uint8_t*)"\001*\001z\007example" - ) == 0); - unit_assert( dname_canonical_compare( - (uint8_t*)"\001\200\001z\007example", - (uint8_t*)"\001\200\001z\007example" - ) == 0); -} - -/** Test dname_get_shared_topdomain */ -static void -dname_test_topdomain(void) -{ - unit_show_func("util/data/dname.c", "dname_get_shared_topdomain"); - unit_assert( query_dname_compare( - dname_get_shared_topdomain( - (uint8_t*)"", - (uint8_t*)""), - (uint8_t*)"") == 0); - unit_assert( query_dname_compare( - dname_get_shared_topdomain( - (uint8_t*)"\003www\007example\003com", - (uint8_t*)"\003www\007example\003com"), - (uint8_t*)"\003www\007example\003com") == 0); - unit_assert( query_dname_compare( - dname_get_shared_topdomain( - (uint8_t*)"\003www\007example\003com", - (uint8_t*)"\003bla\007example\003com"), - (uint8_t*)"\007example\003com") == 0); -} - -/** Test dname_valid */ -static void -dname_test_valid(void) -{ - unit_show_func("util/data/dname.c", "dname_valid"); - unit_assert( dname_valid( - (uint8_t*)"\003www\007example\003com", 255) == 17); - unit_assert( dname_valid((uint8_t*)"", 255) == 1); - unit_assert( dname_valid( (uint8_t*) - "\020a1cdef5555544444" - "\020a2cdef5555544444" - "\020a3cdef5555544444" - "\020a4cdef5555544444" - "\020a5cdef5555544444" - "\020a6cdef5555544444" - "\020a7cdef5555544444" - "\020a8cdef5555544444" - "\020a9cdef5555544444" - "\020aAcdef5555544444" - "\020aBcdef5555544444" - "\020aCcdef5555544444" - "\020aDcdef5555544444" - "\020aEcdef5555544444" /* 238 up to here */ - "\007aabbccd" /* 246 up to here */ - "\007example\000" /* 255 to here */ - , 255) == 255); - unit_assert( dname_valid( (uint8_t*) - "\020a1cdef5555544444" - "\020a2cdef5555544444" - "\020a3cdef5555544444" - "\020a4cdef5555544444" - "\020a5cdef5555544444" - "\020a6cdef5555544444" - "\020a7cdef5555544444" - "\020a8cdef5555544444" - "\020a9cdef5555544444" - "\020aAcdef5555544444" - "\020aBcdef5555544444" - "\020aCcdef5555544444" - "\020aDcdef5555544444" - "\020aEcdef5555544444" /* 238 up to here */ - "\007aabbccd" /* 246 up to here */ - "\010exampleX\000" /* 256 to here */ - , 4096) == 0); -} - -/** test pkt_dname_tolower */ -static void -dname_test_pdtl(sldns_buffer* loopbuf, sldns_buffer* boundbuf) -{ - unit_show_func("util/data/dname.c", "pkt_dname_tolower"); - pkt_dname_tolower(loopbuf, sldns_buffer_at(loopbuf, 12)); - pkt_dname_tolower(boundbuf, sldns_buffer_at(boundbuf, 12)); -} - -/** setup looped dname and out-of-bounds dname ptr */ -static void -dname_setup_bufs(sldns_buffer* loopbuf, sldns_buffer* boundbuf) -{ - sldns_buffer_write_u16(loopbuf, 0xd54d); /* id */ - sldns_buffer_write_u16(loopbuf, 0x12); /* flags */ - sldns_buffer_write_u16(loopbuf, 1); /* qdcount */ - sldns_buffer_write_u16(loopbuf, 0); /* ancount */ - sldns_buffer_write_u16(loopbuf, 0); /* nscount */ - sldns_buffer_write_u16(loopbuf, 0); /* arcount */ - sldns_buffer_write_u8(loopbuf, 0xc0); /* PTR back at itself */ - sldns_buffer_write_u8(loopbuf, 0x0c); - sldns_buffer_flip(loopbuf); - - sldns_buffer_write_u16(boundbuf, 0xd54d); /* id */ - sldns_buffer_write_u16(boundbuf, 0x12); /* flags */ - sldns_buffer_write_u16(boundbuf, 1); /* qdcount */ - sldns_buffer_write_u16(boundbuf, 0); /* ancount */ - sldns_buffer_write_u16(boundbuf, 0); /* nscount */ - sldns_buffer_write_u16(boundbuf, 0); /* arcount */ - sldns_buffer_write_u8(boundbuf, 0x01); /* len=1 */ - sldns_buffer_write_u8(boundbuf, (uint8_t)'A'); /* A. label */ - sldns_buffer_write_u8(boundbuf, 0xc0); /* PTR out of bounds */ - sldns_buffer_write_u8(boundbuf, 0xcc); - sldns_buffer_flip(boundbuf); -} - -void dname_test(void) -{ - sldns_buffer* loopbuf = sldns_buffer_new(14); - sldns_buffer* boundbuf = sldns_buffer_new(16); - sldns_buffer* buff = sldns_buffer_new(65800); - unit_assert(loopbuf && boundbuf && buff); - sldns_buffer_flip(buff); - dname_setup_bufs(loopbuf, boundbuf); - dname_test_qdl(buff); - dname_test_qdtl(buff); - dname_test_pdtl(loopbuf, boundbuf); - dname_test_query_dname_compare(); - dname_test_count_labels(); - dname_test_count_size_labels(); - dname_test_dname_lab_cmp(); - dname_test_pkt_dname_len(buff); - dname_test_strict_subdomain(); - dname_test_subdomain(); - dname_test_isroot(); - dname_test_removelabel(); - dname_test_sigcount(); - dname_test_iswild(); - dname_test_canoncmp(); - dname_test_topdomain(); - dname_test_valid(); - sldns_buffer_free(buff); - sldns_buffer_free(loopbuf); - sldns_buffer_free(boundbuf); -} diff --git a/external/unbound/testcode/unitecs.c b/external/unbound/testcode/unitecs.c deleted file mode 100644 index 3584b0f98..000000000 --- a/external/unbound/testcode/unitecs.c +++ /dev/null @@ -1,284 +0,0 @@ -/* - * testcode/unitecs.c - unit test for ecs routines. - * - * Copyright (c) 2013, NLnet Labs. All rights reserved. - * - * This software is open source. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * Redistributions of source code must retain the above copyright notice, - * this list of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, - * this list of conditions and the following disclaimer in the documentation - * and/or other materials provided with the distribution. - * - * Neither the name of the NLNET LABS nor the names of its contributors may - * be used to endorse or promote products derived from this software without - * specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED - * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE - * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR - * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - * POSSIBILITY OF SUCH DAMAGE. - * - */ - -/** - * \file - * Calls ecs related unit tests. Exits with code 1 on a failure. - */ - -#include "config.h" - -#ifdef CLIENT_SUBNET - -#include "util/log.h" -#include "util/module.h" -#include "testcode/unitmain.h" -#include "edns-subnet/addrtree.h" -#include "edns-subnet/subnetmod.h" - -/* - void printkey(addrkey_t *k, addrlen_t bits) - { - int byte; - int bytes = bits/8 + ((bits%8)>0); - char msk = 0xFF; - for (byte = 0; byte < bytes; byte++) { - //~ if (byte+1 == bytes) - //~ msk = 0xFF<<(8-bits%8); - printf("%02x ", k[byte]&msk); - } - } - - void print_tree(struct addrnode* node, int indent, int maxdepth) - { - struct addredge* edge; - int i, s, byte; - if (indent == 0) printf("-----Tree-----\n"); - if (indent > maxdepth) { - printf("\n"); - return; - } - printf("[node elem:%d] (%d)\n", node->elem != NULL, node); - for (i = 0; i<2; i++) { - if (node->edge[i]) { - for (s = 0; s < indent; s++) printf(" "); - printkey(node->edge[i]->str, node->edge[i]->len); - printf("(len %d bits, %d bytes) ", node->edge[i]->len, - node->edge[i]->len/8 + ((node->edge[i]->len%8)>0)); - print_tree(node->edge[i]->node, indent+1, maxdepth); - } - } - if (indent == 0) printf("-----Tree-----"); - } -*/ - -/* what should we check? - * X - is it balanced? (a node with 1 child shoudl not have - * a node with 1 child MUST have elem - * child must be sub of parent - * edge must be longer than parent edge - * */ -static int addrtree_inconsistent_subtree(struct addrtree* tree, - struct addredge* parent_edge, addrlen_t depth) -{ - struct addredge* edge; - struct addrnode* node = parent_edge->node; - int childcount, i, r; - if (depth > tree->max_depth) return 15; - childcount = (node->edge[0] != NULL) + (node->edge[1] != NULL); - /* Only nodes with 2 children should possibly have no element. */ - if (childcount < 2 && !node->elem) return 10; - for (i = 0; i<2; i++) { - edge = node->edge[i]; - if (!edge) continue; - if (!edge->node) return 11; - if (!edge->str) return 12; - if (edge->len <= parent_edge->len) return 13; - if (!unittest_wrapper_addrtree_issub(parent_edge->str, - parent_edge->len, edge->str, edge->len, 0)) - return 14; - if ((r = addrtree_inconsistent_subtree(tree, edge, depth+1)) != 0) - return 100+r; - } - return 0; -} - -static int addrtree_inconsistent(struct addrtree* tree) -{ - struct addredge* edge; - int i, r; - - if (!tree) return 0; - if (!tree->root) return 1; - - for (i = 0; i<2; i++) { - edge = tree->root->edge[i]; - if (!edge) continue; - if (!edge->node) return 3; - if (!edge->str) return 4; - if ((r = addrtree_inconsistent_subtree(tree, edge, 1)) != 0) - return r; - } - return 0; -} - -static addrlen_t randomkey(addrkey_t **k, int maxlen) -{ - int byte; - int bits = rand() % maxlen; - int bytes = bits/8 + (bits%8>0); /*ceil*/ - *k = (addrkey_t *) malloc(bytes * sizeof(addrkey_t)); - for (byte = 0; byte < bytes; byte++) { - (*k)[byte] = (addrkey_t)(rand() & 0xFF); - } - return (addrlen_t)bits; -} - -static void elemfree(void *envptr, void *elemptr) -{ - struct reply_info *elem = (struct reply_info *)elemptr; - (void)envptr; - free(elem); -} - -static void consistency_test(void) -{ - addrlen_t l; - time_t i; - unsigned int count; - addrkey_t *k; - struct addrtree* t; - struct module_env env; - struct reply_info *elem; - time_t timenow = 0; - unit_show_func("edns-subnet/addrtree.h", "Tree consistency check"); - srand(9195); /* just some value for reproducibility */ - - t = addrtree_create(100, &elemfree, &unittest_wrapper_subnetmod_sizefunc, &env, 0); - count = t->node_count; - unit_assert(count == 0); - for (i = 0; i < 1000; i++) { - l = randomkey(&k, 128); - elem = (struct reply_info *) calloc(1, sizeof(struct reply_info)); - addrtree_insert(t, k, l, 64, elem, timenow + 10, timenow); - /* This should always hold because no items ever expire. They - * could be overwritten, though. */ - unit_assert( count <= t->node_count ); - count = t->node_count; - free(k); - unit_assert( !addrtree_inconsistent(t) ); - } - addrtree_delete(t); - - unit_show_func("edns-subnet/addrtree.h", "Tree consistency with purge"); - t = addrtree_create(8, &elemfree, &unittest_wrapper_subnetmod_sizefunc, &env, 0); - unit_assert(t->node_count == 0); - for (i = 0; i < 1000; i++) { - l = randomkey(&k, 128); - elem = (struct reply_info *) calloc(1, sizeof(struct reply_info)); - addrtree_insert(t, k, l, 64, elem, i + 10, i); - free(k); - unit_assert( !addrtree_inconsistent(t) ); - } - addrtree_delete(t); - - unit_show_func("edns-subnet/addrtree.h", "Tree consistency with limit"); - t = addrtree_create(8, &elemfree, &unittest_wrapper_subnetmod_sizefunc, &env, 27); - unit_assert(t->node_count == 0); - for (i = 0; i < 1000; i++) { - l = randomkey(&k, 128); - elem = (struct reply_info *) calloc(1, sizeof(struct reply_info)); - addrtree_insert(t, k, l, 64, elem, i + 10, i); - unit_assert( t->node_count <= 27); - free(k); - unit_assert( !addrtree_inconsistent(t) ); - } - addrtree_delete(t); -} - -static void issub_test(void) -{ - addrkey_t k1[] = {0x55, 0x55, 0x5A}; - addrkey_t k2[] = {0x55, 0x5D, 0x5A}; - unit_show_func("edns-subnet/addrtree.h", "issub"); - unit_assert( !unittest_wrapper_addrtree_issub(k1, 24, k2, 24, 0) ); - unit_assert( unittest_wrapper_addrtree_issub(k1, 8, k2, 16, 0) ); - unit_assert( unittest_wrapper_addrtree_issub(k2, 12, k1, 13, 0) ); - unit_assert( !unittest_wrapper_addrtree_issub(k1, 16, k2, 12, 0) ); - unit_assert( unittest_wrapper_addrtree_issub(k1, 12, k2, 12, 0) ); - unit_assert( !unittest_wrapper_addrtree_issub(k1, 13, k2, 13, 0) ); - unit_assert( unittest_wrapper_addrtree_issub(k1, 24, k2, 24, 13) ); - unit_assert( !unittest_wrapper_addrtree_issub(k1, 24, k2, 20, 13) ); - unit_assert( unittest_wrapper_addrtree_issub(k1, 20, k2, 24, 13) ); -} - -static void getbit_test(void) -{ - addrkey_t k1[] = {0x55, 0x55, 0x5A}; - int i; - unit_show_func("edns-subnet/addrtree.h", "getbit"); - for(i = 0; i<20; i++) { - unit_assert( unittest_wrapper_addrtree_getbit(k1, 20, (addrlen_t)i) == (i&1) ); - } -} - -static void bits_common_test(void) -{ - addrkey_t k1[] = {0x12, 0x34, 0x56, 0x78, 0x9A, 0xBC, 0xDE, 0xF0}; - addrkey_t k2[] = {0,0,0,0,0,0,0,0}; - addrlen_t i; - - unit_show_func("edns-subnet/addrtree.h", "bits_common"); - for(i = 0; i<64; i++) { - unit_assert( unittest_wrapper_addrtree_bits_common(k1, 64, k1, 64, i) == 64 ); - } - for(i = 0; i<8; i++) { - k2[i] = k1[i]^(1<= blen*2+2); - for(i=0; i>4]; - s[i*2+1] = h[b[i]&0x0f]; - } - s[blen*2] = '\n'; - s[blen*2+1] = 0; -} - -/** Transform input. - * @param txt_in: input text format. - * @param wire1: output wireformat in hex (txt_in converted to wire). - * @param txt_out: output text format (converted from wire_out). - * @param wire2: output wireformat in hex, txt_out converted back to wireformat. - * @param bufs: size of the text buffers. - */ -static void -rr_transform(char* txt_in, char* wire1, char* txt_out, char* wire2, - size_t bufs) -{ - uint8_t b[65536]; - size_t len; - int err; - - len = sizeof(b); - err = sldns_str2wire_rr_buf(txt_in, b, &len, NULL, 3600, - NULL, 0, NULL, 0); - if(err != 0) { - if(vbmp) printf("sldns_str2wire_rr_buf, pos %d: %s\n", - LDNS_WIREPARSE_OFFSET(err), - sldns_get_errorstr_parse(err)); - } - unit_assert(err == 0); - buf_to_hex(b, len, wire1, bufs); - if(vbmp) printf("wire1: %s", wire1); - - err = sldns_wire2str_rr_buf(b, len, txt_out, bufs); - unit_assert(err < (int)bufs && err > 0); - if(vbmp) printf("txt: %s", txt_out); - - len = sizeof(b); - err = sldns_str2wire_rr_buf(txt_out, b, &len, NULL, 3600, - NULL, 0, NULL, 0); - if(err != 0) { - if(vbmp) printf("sldns_str2wire_rr_buf-2, pos %d: %s\n", - LDNS_WIREPARSE_OFFSET(err), - sldns_get_errorstr_parse(err)); - } - unit_assert(err == 0); - buf_to_hex(b, len, wire2, bufs); - if(vbmp) printf("wire2: %s", wire2); -} - -/** Check if results are correct */ -static void -rr_checks(char* wire_chk, char* txt_chk, char* txt_out, char* wire_out, - char* back) -{ -#ifdef __APPLE__ - /* the wiretostr on ipv6 is weird on apple, we cannot check it. - * skip AAAA on OSX */ - if(strstr(txt_out, "IN AAAA")) - txt_out = txt_chk; /* skip this test, but test wirefmt */ - /* so we know that txt_out back to wire is the same */ -#endif - - if(strcmp(txt_chk, txt_out) != 0 && vbmp) - printf("txt different\n"); - if(strcmp(wire_chk, wire_out) != 0 && vbmp) - printf("wire1 different\n"); - if(strcmp(wire_chk, back) != 0 && vbmp) - printf("wire2 different\n"); - - unit_assert(strcmp(txt_chk, txt_out) == 0); - unit_assert(strcmp(wire_chk, wire_out) == 0); - unit_assert(strcmp(wire_chk, back) == 0); -} - -/** read rrs to and from string, and wireformat - * Skips empty lines and comments. - * @param input: input file with text format. - * @param check: check file with hex and then textformat - */ -static void -rr_test_file(const char* input, const char* check) -{ - size_t bufs = 131072; - FILE* inf, *chf, *of; - int lineno = 0, chlineno = 0; - char* txt_in = (char*)malloc(bufs); - char* txt_out = (char*)malloc(bufs); - char* txt_chk = (char*)malloc(bufs); - char* wire_out = (char*)malloc(bufs); - char* wire_chk = (char*)malloc(bufs); - char* back = (char*)malloc(bufs); - if(!txt_in || !txt_out || !txt_chk || !wire_out || !wire_chk || !back) - fatal_exit("malloc failure"); - inf = fopen(input, "r"); - if(!inf) fatal_exit("cannot open %s: %s", input, strerror(errno)); - chf = fopen(check, "r"); - if(!chf) fatal_exit("cannot open %s: %s", check, strerror(errno)); - - of = NULL; - if(0) { - /* debug: create check file */ - of = fopen("outputfile", "w"); - if(!of) fatal_exit("cannot write output: %s", strerror(errno)); - } - - while(fgets(txt_in, (int)bufs, inf)) { - lineno++; - if(vbmp) printf("\n%s:%d %s", input, lineno, txt_in); - /* skip empty lines and comments */ - if(txt_in[0] == 0 || txt_in[0] == '\n' || txt_in[0] == ';') - continue; - /* read check lines */ - if(!fgets(wire_chk, (int)bufs, chf)) - printf("%s too short\n", check); - if(!fgets(txt_chk, (int)bufs, chf)) - printf("%s too short\n", check); - chlineno += 2; - if(vbmp) printf("%s:%d %s", check, chlineno-1, wire_chk); - if(vbmp) printf("%s:%d %s", check, chlineno, txt_chk); - /* generate results */ - rr_transform(txt_in, wire_out, txt_out, back, bufs); - /* checks */ - if(of) { - fprintf(of, "%s%s", wire_out, txt_out); - } else { - rr_checks(wire_chk, txt_chk, txt_out, wire_out, back); - } - } - - if(of) fclose(of); - fclose(inf); - fclose(chf); - free(txt_in); - free(txt_out); - free(txt_chk); - free(wire_out); - free(wire_chk); - free(back); -} - -/** read rrs to and from string, to and from wireformat */ -static void -rr_tests(void) -{ - rr_test_file("testdata/test_ldnsrr.1", "testdata/test_ldnsrr.c1"); - rr_test_file("testdata/test_ldnsrr.2", "testdata/test_ldnsrr.c2"); - rr_test_file("testdata/test_ldnsrr.3", "testdata/test_ldnsrr.c3"); - rr_test_file("testdata/test_ldnsrr.4", "testdata/test_ldnsrr.c4"); - rr_test_file("testdata/test_ldnsrr.5", "testdata/test_ldnsrr.c5"); -} - -void -ldns_test(void) -{ - unit_show_feature("sldns"); - rr_tests(); -} diff --git a/external/unbound/testcode/unitlruhash.c b/external/unbound/testcode/unitlruhash.c deleted file mode 100644 index e196f0b63..000000000 --- a/external/unbound/testcode/unitlruhash.c +++ /dev/null @@ -1,499 +0,0 @@ -/* - * testcode/unitlruhash.c - unit test for lruhash table. - * - * Copyright (c) 2007, NLnet Labs. All rights reserved. - * - * This software is open source. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * Redistributions of source code must retain the above copyright notice, - * this list of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, - * this list of conditions and the following disclaimer in the documentation - * and/or other materials provided with the distribution. - * - * Neither the name of the NLNET LABS nor the names of its contributors may - * be used to endorse or promote products derived from this software without - * specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR - * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT - * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED - * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR - * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF - * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING - * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - * - */ -/** - * \file - * Tests the locking LRU keeping hash table implementation. - */ - -#include "config.h" -#include "testcode/unitmain.h" -#include "util/log.h" -#include "util/storage/lruhash.h" -#include "util/storage/slabhash.h" /* for the test structures */ - -/** use this type for the lruhash test key */ -typedef struct slabhash_testkey testkey_type; -/** use this type for the lruhash test data */ -typedef struct slabhash_testdata testdata_type; - -/** delete key */ -static void delkey(struct slabhash_testkey* k) { - lock_rw_destroy(&k->entry.lock); free(k);} -/** delete data */ -static void deldata(struct slabhash_testdata* d) {free(d);} - -/** hash func, very bad to improve collisions */ -static hashvalue_type myhash(int id) {return (hashvalue_type)id & 0x0f;} -/** allocate new key, fill in hash */ -static testkey_type* newkey(int id) { - testkey_type* k = (testkey_type*)calloc(1, sizeof(testkey_type)); - if(!k) fatal_exit("out of memory"); - k->id = id; - k->entry.hash = myhash(id); - k->entry.key = k; - lock_rw_init(&k->entry.lock); - return k; -} -/** new data el */ -static testdata_type* newdata(int val) { - testdata_type* d = (testdata_type*)calloc(1, - sizeof(testdata_type)); - if(!d) fatal_exit("out of memory"); - d->data = val; - return d; -} - -/** test bin_find_entry function and bin_overflow_remove */ -static void -test_bin_find_entry(struct lruhash* table) -{ - testkey_type* k = newkey(12); - testdata_type* d = newdata(128); - testkey_type* k2 = newkey(12 + 1024); - testkey_type* k3 = newkey(14); - testkey_type* k4 = newkey(12 + 1024*2); - hashvalue_type h = myhash(12); - struct lruhash_bin bin; - memset(&bin, 0, sizeof(bin)); - bin_init(&bin, 1); - - /* remove from empty list */ - bin_overflow_remove(&bin, &k->entry); - - /* find in empty list */ - unit_assert( bin_find_entry(table, &bin, h, k) == NULL ); - - /* insert */ - lock_quick_lock(&bin.lock); - bin.overflow_list = &k->entry; - lock_quick_unlock(&bin.lock); - - /* find, hash not OK. */ - unit_assert( bin_find_entry(table, &bin, myhash(13), k) == NULL ); - - /* find, hash OK, but cmp not */ - unit_assert( k->entry.hash == k2->entry.hash ); - unit_assert( bin_find_entry(table, &bin, h, k2) == NULL ); - - /* find, hash OK, and cmp too */ - unit_assert( bin_find_entry(table, &bin, h, k) == &k->entry ); - - /* remove the element */ - lock_quick_lock(&bin.lock); - bin_overflow_remove(&bin, &k->entry); - lock_quick_unlock(&bin.lock); - unit_assert( bin_find_entry(table, &bin, h, k) == NULL ); - - /* prepend two different elements; so the list is long */ - /* one has the same hash, but different cmp */ - lock_quick_lock(&bin.lock); - unit_assert( k->entry.hash == k4->entry.hash ); - k4->entry.overflow_next = &k->entry; - k3->entry.overflow_next = &k4->entry; - bin.overflow_list = &k3->entry; - lock_quick_unlock(&bin.lock); - - /* find, hash not OK. */ - unit_assert( bin_find_entry(table, &bin, myhash(13), k) == NULL ); - - /* find, hash OK, but cmp not */ - unit_assert( k->entry.hash == k2->entry.hash ); - unit_assert( bin_find_entry(table, &bin, h, k2) == NULL ); - - /* find, hash OK, and cmp too */ - unit_assert( bin_find_entry(table, &bin, h, k) == &k->entry ); - - /* remove middle element */ - unit_assert( bin_find_entry(table, &bin, k4->entry.hash, k4) - == &k4->entry ); - lock_quick_lock(&bin.lock); - bin_overflow_remove(&bin, &k4->entry); - lock_quick_unlock(&bin.lock); - unit_assert( bin_find_entry(table, &bin, k4->entry.hash, k4) == NULL); - - /* remove last element */ - lock_quick_lock(&bin.lock); - bin_overflow_remove(&bin, &k->entry); - lock_quick_unlock(&bin.lock); - unit_assert( bin_find_entry(table, &bin, h, k) == NULL ); - - lock_quick_destroy(&bin.lock); - delkey(k); - delkey(k2); - delkey(k3); - delkey(k4); - deldata(d); -} - -/** test lru_front lru_remove */ -static void test_lru(struct lruhash* table) -{ - testkey_type* k = newkey(12); - testkey_type* k2 = newkey(14); - lock_quick_lock(&table->lock); - - unit_assert( table->lru_start == NULL && table->lru_end == NULL); - lru_remove(table, &k->entry); - unit_assert( table->lru_start == NULL && table->lru_end == NULL); - - /* add one */ - lru_front(table, &k->entry); - unit_assert( table->lru_start == &k->entry && - table->lru_end == &k->entry); - /* remove it */ - lru_remove(table, &k->entry); - unit_assert( table->lru_start == NULL && table->lru_end == NULL); - - /* add two */ - lru_front(table, &k->entry); - unit_assert( table->lru_start == &k->entry && - table->lru_end == &k->entry); - lru_front(table, &k2->entry); - unit_assert( table->lru_start == &k2->entry && - table->lru_end == &k->entry); - /* remove first in list */ - lru_remove(table, &k2->entry); - unit_assert( table->lru_start == &k->entry && - table->lru_end == &k->entry); - lru_front(table, &k2->entry); - unit_assert( table->lru_start == &k2->entry && - table->lru_end == &k->entry); - /* remove last in list */ - lru_remove(table, &k->entry); - unit_assert( table->lru_start == &k2->entry && - table->lru_end == &k2->entry); - - /* empty the list */ - lru_remove(table, &k2->entry); - unit_assert( table->lru_start == NULL && table->lru_end == NULL); - lock_quick_unlock(&table->lock); - delkey(k); - delkey(k2); -} - -/** test hashtable using short sequence */ -static void -test_short_table(struct lruhash* table) -{ - testkey_type* k = newkey(12); - testkey_type* k2 = newkey(14); - testdata_type* d = newdata(128); - testdata_type* d2 = newdata(129); - - k->entry.data = d; - k2->entry.data = d2; - - lruhash_insert(table, myhash(12), &k->entry, d, NULL); - lruhash_insert(table, myhash(14), &k2->entry, d2, NULL); - - unit_assert( lruhash_lookup(table, myhash(12), k, 0) == &k->entry); - lock_rw_unlock( &k->entry.lock ); - unit_assert( lruhash_lookup(table, myhash(14), k2, 0) == &k2->entry); - lock_rw_unlock( &k2->entry.lock ); - lruhash_remove(table, myhash(12), k); - lruhash_remove(table, myhash(14), k2); -} - -/** number of hash test max */ -#define HASHTESTMAX 25 - -/** test adding a random element */ -static void -testadd(struct lruhash* table, testdata_type* ref[]) -{ - int numtoadd = random() % HASHTESTMAX; - testdata_type* data = newdata(numtoadd); - testkey_type* key = newkey(numtoadd); - key->entry.data = data; - lruhash_insert(table, myhash(numtoadd), &key->entry, data, NULL); - ref[numtoadd] = data; -} - -/** test adding a random element */ -static void -testremove(struct lruhash* table, testdata_type* ref[]) -{ - int num = random() % HASHTESTMAX; - testkey_type* key = newkey(num); - lruhash_remove(table, myhash(num), key); - ref[num] = NULL; - delkey(key); -} - -/** test adding a random element */ -static void -testlookup(struct lruhash* table, testdata_type* ref[]) -{ - int num = random() % HASHTESTMAX; - testkey_type* key = newkey(num); - struct lruhash_entry* en = lruhash_lookup(table, myhash(num), key, 0); - testdata_type* data = en? (testdata_type*)en->data : NULL; - if(en) { - unit_assert(en->key); - unit_assert(en->data); - } - if(0) log_info("lookup %d got %d, expect %d", num, en? data->data :-1, - ref[num]? ref[num]->data : -1); - unit_assert( data == ref[num] ); - if(en) { lock_rw_unlock(&en->lock); } - delkey(key); -} - -/** check integrity of hash table */ -static void -check_table(struct lruhash* table) -{ - struct lruhash_entry* p; - size_t c = 0; - lock_quick_lock(&table->lock); - unit_assert( table->num <= table->size); - unit_assert( table->size_mask == (int)table->size-1 ); - unit_assert( (table->lru_start && table->lru_end) || - (!table->lru_start && !table->lru_end) ); - unit_assert( table->space_used <= table->space_max ); - /* check lru list integrity */ - if(table->lru_start) - unit_assert(table->lru_start->lru_prev == NULL); - if(table->lru_end) - unit_assert(table->lru_end->lru_next == NULL); - p = table->lru_start; - while(p) { - if(p->lru_prev) { - unit_assert(p->lru_prev->lru_next == p); - } - if(p->lru_next) { - unit_assert(p->lru_next->lru_prev == p); - } - c++; - p = p->lru_next; - } - unit_assert(c == table->num); - - /* this assertion is specific to the unit test */ - unit_assert( table->space_used == - table->num * test_slabhash_sizefunc(NULL, NULL) ); - lock_quick_unlock(&table->lock); -} - -/** test adding a random element (unlimited range) */ -static void -testadd_unlim(struct lruhash* table, testdata_type** ref) -{ - int numtoadd = random() % (HASHTESTMAX * 10); - testdata_type* data = newdata(numtoadd); - testkey_type* key = newkey(numtoadd); - key->entry.data = data; - lruhash_insert(table, myhash(numtoadd), &key->entry, data, NULL); - if(ref) - ref[numtoadd] = data; -} - -/** test adding a random element (unlimited range) */ -static void -testremove_unlim(struct lruhash* table, testdata_type** ref) -{ - int num = random() % (HASHTESTMAX*10); - testkey_type* key = newkey(num); - lruhash_remove(table, myhash(num), key); - if(ref) - ref[num] = NULL; - delkey(key); -} - -/** test adding a random element (unlimited range) */ -static void -testlookup_unlim(struct lruhash* table, testdata_type** ref) -{ - int num = random() % (HASHTESTMAX*10); - testkey_type* key = newkey(num); - struct lruhash_entry* en = lruhash_lookup(table, myhash(num), key, 0); - testdata_type* data = en? (testdata_type*)en->data : NULL; - if(en) { - unit_assert(en->key); - unit_assert(en->data); - } - if(0 && ref) log_info("lookup unlim %d got %d, expect %d", num, en ? - data->data :-1, ref[num] ? ref[num]->data : -1); - if(data && ref) { - /* its okay for !data, it fell off the lru */ - unit_assert( data == ref[num] ); - } - if(en) { lock_rw_unlock(&en->lock); } - delkey(key); -} - -/** test with long sequence of adds, removes and updates, and lookups */ -static void -test_long_table(struct lruhash* table) -{ - /* assuming it all fits in the hashtable, this check will work */ - testdata_type* ref[HASHTESTMAX * 100]; - size_t i; - memset(ref, 0, sizeof(ref)); - /* test assumption */ - if(0) log_info(" size %d x %d < %d", (int)test_slabhash_sizefunc(NULL, NULL), - (int)HASHTESTMAX, (int)table->space_max); - unit_assert( test_slabhash_sizefunc(NULL, NULL)*HASHTESTMAX < table->space_max); - if(0) lruhash_status(table, "unit test", 1); - srandom(48); - for(i=0; i<1000; i++) { - /* what to do? */ - if(i == 500) { - lruhash_clear(table); - memset(ref, 0, sizeof(ref)); - continue; - } - switch(random() % 4) { - case 0: - case 3: - testadd(table, ref); - break; - case 1: - testremove(table, ref); - break; - case 2: - testlookup(table, ref); - break; - default: - unit_assert(0); - } - if(0) lruhash_status(table, "unit test", 1); - check_table(table); - unit_assert( table->num <= HASHTESTMAX ); - } - - /* test more, but 'ref' assumption does not hold anymore */ - for(i=0; i<1000; i++) { - /* what to do? */ - switch(random() % 4) { - case 0: - case 3: - testadd_unlim(table, ref); - break; - case 1: - testremove_unlim(table, ref); - break; - case 2: - testlookup_unlim(table, ref); - break; - default: - unit_assert(0); - } - if(0) lruhash_status(table, "unlim", 1); - check_table(table); - } -} - -/** structure to threaded test the lru hash table */ -struct test_thr { - /** thread num, first entry. */ - int num; - /** id */ - ub_thread_type id; - /** hash table */ - struct lruhash* table; -}; - -/** main routine for threaded hash table test */ -static void* -test_thr_main(void* arg) -{ - struct test_thr* t = (struct test_thr*)arg; - int i; - log_thread_set(&t->num); - for(i=0; i<1000; i++) { - switch(random() % 4) { - case 0: - case 3: - testadd_unlim(t->table, NULL); - break; - case 1: - testremove_unlim(t->table, NULL); - break; - case 2: - testlookup_unlim(t->table, NULL); - break; - default: - unit_assert(0); - } - if(0) lruhash_status(t->table, "hashtest", 1); - if(i % 100 == 0) /* because of locking, not all the time */ - check_table(t->table); - } - check_table(t->table); - return NULL; -} - -/** test hash table access by multiple threads */ -static void -test_threaded_table(struct lruhash* table) -{ - int numth = 10; - struct test_thr t[100]; - int i; - - for(i=1; i -#endif - -#ifdef HAVE_OPENSSL_RAND_H -#include -#endif - -#ifdef HAVE_OPENSSL_CONF_H -#include -#endif - -#ifdef HAVE_OPENSSL_ENGINE_H -#include -#endif - -#ifdef HAVE_NSS -/* nss3 */ -#include "nss.h" -#endif - -#include "sldns/rrdef.h" -#include "sldns/keyraw.h" -#include "util/log.h" -#include "testcode/unitmain.h" - -/** number of tests done */ -int testcount = 0; - -#include "util/alloc.h" -/** test alloc code */ -static void -alloc_test(void) { - alloc_special_type *t1, *t2; - struct alloc_cache major, minor1, minor2; - int i; - - unit_show_feature("alloc_special_obtain"); - alloc_init(&major, NULL, 0); - alloc_init(&minor1, &major, 0); - alloc_init(&minor2, &major, 1); - - t1 = alloc_special_obtain(&minor1); - alloc_clear(&minor1); - - alloc_special_release(&minor2, t1); - t2 = alloc_special_obtain(&minor2); - unit_assert( t1 == t2 ); /* reused */ - alloc_special_release(&minor2, t1); - - for(i=0; i<100; i++) { - t1 = alloc_special_obtain(&minor1); - alloc_special_release(&minor2, t1); - } - if(0) { - alloc_stats(&minor1); - alloc_stats(&minor2); - alloc_stats(&major); - } - /* reuse happened */ - unit_assert(minor1.num_quar + minor2.num_quar + major.num_quar == 11); - - alloc_clear(&minor1); - alloc_clear(&minor2); - unit_assert(major.num_quar == 11); - alloc_clear(&major); -} - -#include "util/net_help.h" -/** test net code */ -static void -net_test(void) -{ - const char* t4[] = {"\000\000\000\000", - "\200\000\000\000", - "\300\000\000\000", - "\340\000\000\000", - "\360\000\000\000", - "\370\000\000\000", - "\374\000\000\000", - "\376\000\000\000", - "\377\000\000\000", - "\377\200\000\000", - "\377\300\000\000", - "\377\340\000\000", - "\377\360\000\000", - "\377\370\000\000", - "\377\374\000\000", - "\377\376\000\000", - "\377\377\000\000", - "\377\377\200\000", - "\377\377\300\000", - "\377\377\340\000", - "\377\377\360\000", - "\377\377\370\000", - "\377\377\374\000", - "\377\377\376\000", - "\377\377\377\000", - "\377\377\377\200", - "\377\377\377\300", - "\377\377\377\340", - "\377\377\377\360", - "\377\377\377\370", - "\377\377\377\374", - "\377\377\377\376", - "\377\377\377\377", - "\377\377\377\377", - "\377\377\377\377", - }; - unit_show_func("util/net_help.c", "str_is_ip6"); - unit_assert( str_is_ip6("::") ); - unit_assert( str_is_ip6("::1") ); - unit_assert( str_is_ip6("2001:7b8:206:1:240:f4ff:fe37:8810") ); - unit_assert( str_is_ip6("fe80::240:f4ff:fe37:8810") ); - unit_assert( !str_is_ip6("0.0.0.0") ); - unit_assert( !str_is_ip6("213.154.224.12") ); - unit_assert( !str_is_ip6("213.154.224.255") ); - unit_assert( !str_is_ip6("255.255.255.0") ); - unit_show_func("util/net_help.c", "is_pow2"); - unit_assert( is_pow2(0) ); - unit_assert( is_pow2(1) ); - unit_assert( is_pow2(2) ); - unit_assert( is_pow2(4) ); - unit_assert( is_pow2(8) ); - unit_assert( is_pow2(16) ); - unit_assert( is_pow2(1024) ); - unit_assert( is_pow2(1024*1024) ); - unit_assert( is_pow2(1024*1024*1024) ); - unit_assert( !is_pow2(3) ); - unit_assert( !is_pow2(5) ); - unit_assert( !is_pow2(6) ); - unit_assert( !is_pow2(7) ); - unit_assert( !is_pow2(9) ); - unit_assert( !is_pow2(10) ); - unit_assert( !is_pow2(11) ); - unit_assert( !is_pow2(17) ); - unit_assert( !is_pow2(23) ); - unit_assert( !is_pow2(257) ); - unit_assert( !is_pow2(259) ); - - /* test addr_mask */ - unit_show_func("util/net_help.c", "addr_mask"); - if(1) { - struct sockaddr_in a4; - struct sockaddr_in6 a6; - socklen_t l4 = (socklen_t)sizeof(a4); - socklen_t l6 = (socklen_t)sizeof(a6); - int i; - a4.sin_family = AF_INET; - a6.sin6_family = AF_INET6; - for(i=0; i<35; i++) { - /* address 255.255.255.255 */ - memcpy(&a4.sin_addr, "\377\377\377\377", 4); - addr_mask((struct sockaddr_storage*)&a4, l4, i); - unit_assert(memcmp(&a4.sin_addr, t4[i], 4) == 0); - } - memcpy(&a6.sin6_addr, "\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377", 16); - addr_mask((struct sockaddr_storage*)&a6, l6, 128); - unit_assert(memcmp(&a6.sin6_addr, "\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377", 16) == 0); - addr_mask((struct sockaddr_storage*)&a6, l6, 122); - unit_assert(memcmp(&a6.sin6_addr, "\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\300", 16) == 0); - addr_mask((struct sockaddr_storage*)&a6, l6, 120); - unit_assert(memcmp(&a6.sin6_addr, "\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\000", 16) == 0); - addr_mask((struct sockaddr_storage*)&a6, l6, 64); - unit_assert(memcmp(&a6.sin6_addr, "\377\377\377\377\377\377\377\377\000\000\000\000\000\000\000\000", 16) == 0); - addr_mask((struct sockaddr_storage*)&a6, l6, 0); - unit_assert(memcmp(&a6.sin6_addr, "\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000", 16) == 0); - } - - /* test addr_in_common */ - unit_show_func("util/net_help.c", "addr_in_common"); - if(1) { - struct sockaddr_in a4, b4; - struct sockaddr_in6 a6, b6; - socklen_t l4 = (socklen_t)sizeof(a4); - socklen_t l6 = (socklen_t)sizeof(a6); - int i; - a4.sin_family = AF_INET; - b4.sin_family = AF_INET; - a6.sin6_family = AF_INET6; - b6.sin6_family = AF_INET6; - memcpy(&a4.sin_addr, "abcd", 4); - memcpy(&b4.sin_addr, "abcd", 4); - unit_assert(addr_in_common((struct sockaddr_storage*)&a4, 32, - (struct sockaddr_storage*)&b4, 32, l4) == 32); - unit_assert(addr_in_common((struct sockaddr_storage*)&a4, 34, - (struct sockaddr_storage*)&b4, 32, l4) == 32); - for(i=0; i<=32; i++) { - unit_assert(addr_in_common( - (struct sockaddr_storage*)&a4, 32, - (struct sockaddr_storage*)&b4, i, l4) == i); - unit_assert(addr_in_common( - (struct sockaddr_storage*)&a4, i, - (struct sockaddr_storage*)&b4, 32, l4) == i); - unit_assert(addr_in_common( - (struct sockaddr_storage*)&a4, i, - (struct sockaddr_storage*)&b4, i, l4) == i); - } - for(i=0; i<=32; i++) { - memcpy(&a4.sin_addr, "\377\377\377\377", 4); - memcpy(&b4.sin_addr, t4[i], 4); - unit_assert(addr_in_common( - (struct sockaddr_storage*)&a4, 32, - (struct sockaddr_storage*)&b4, 32, l4) == i); - unit_assert(addr_in_common( - (struct sockaddr_storage*)&b4, 32, - (struct sockaddr_storage*)&a4, 32, l4) == i); - } - memcpy(&a6.sin6_addr, "abcdefghabcdefgh", 16); - memcpy(&b6.sin6_addr, "abcdefghabcdefgh", 16); - unit_assert(addr_in_common((struct sockaddr_storage*)&a6, 128, - (struct sockaddr_storage*)&b6, 128, l6) == 128); - unit_assert(addr_in_common((struct sockaddr_storage*)&a6, 129, - (struct sockaddr_storage*)&b6, 128, l6) == 128); - for(i=0; i<=128; i++) { - unit_assert(addr_in_common( - (struct sockaddr_storage*)&a6, 128, - (struct sockaddr_storage*)&b6, i, l6) == i); - unit_assert(addr_in_common( - (struct sockaddr_storage*)&a6, i, - (struct sockaddr_storage*)&b6, 128, l6) == i); - unit_assert(addr_in_common( - (struct sockaddr_storage*)&a6, i, - (struct sockaddr_storage*)&b6, i, l6) == i); - } - } - /* test sockaddr_cmp_addr */ - unit_show_func("util/net_help.c", "sockaddr_cmp_addr"); - if(1) { - struct sockaddr_storage a, b; - socklen_t alen = (socklen_t)sizeof(a); - socklen_t blen = (socklen_t)sizeof(b); - unit_assert(ipstrtoaddr("127.0.0.0", 53, &a, &alen)); - unit_assert(ipstrtoaddr("127.255.255.255", 53, &b, &blen)); - unit_assert(sockaddr_cmp_addr(&a, alen, &b, blen) < 0); - unit_assert(sockaddr_cmp_addr(&b, blen, &a, alen) > 0); - unit_assert(sockaddr_cmp_addr(&a, alen, &a, alen) == 0); - unit_assert(sockaddr_cmp_addr(&b, blen, &b, blen) == 0); - unit_assert(ipstrtoaddr("192.168.121.5", 53, &a, &alen)); - unit_assert(sockaddr_cmp_addr(&a, alen, &b, blen) > 0); - unit_assert(sockaddr_cmp_addr(&b, blen, &a, alen) < 0); - unit_assert(sockaddr_cmp_addr(&a, alen, &a, alen) == 0); - unit_assert(ipstrtoaddr("2001:3578:ffeb::99", 53, &b, &blen)); - unit_assert(sockaddr_cmp_addr(&b, blen, &b, blen) == 0); - unit_assert(sockaddr_cmp_addr(&a, alen, &b, blen) < 0); - unit_assert(sockaddr_cmp_addr(&b, blen, &a, alen) > 0); - } - /* test addr_is_ip4mapped */ - unit_show_func("util/net_help.c", "addr_is_ip4mapped"); - if(1) { - struct sockaddr_storage a; - socklen_t l = (socklen_t)sizeof(a); - unit_assert(ipstrtoaddr("12.13.14.15", 53, &a, &l)); - unit_assert(!addr_is_ip4mapped(&a, l)); - unit_assert(ipstrtoaddr("fe80::217:31ff:fe91:df", 53, &a, &l)); - unit_assert(!addr_is_ip4mapped(&a, l)); - unit_assert(ipstrtoaddr("ffff::217:31ff:fe91:df", 53, &a, &l)); - unit_assert(!addr_is_ip4mapped(&a, l)); - unit_assert(ipstrtoaddr("::ffff:31ff:fe91:df", 53, &a, &l)); - unit_assert(!addr_is_ip4mapped(&a, l)); - unit_assert(ipstrtoaddr("::fffe:fe91:df", 53, &a, &l)); - unit_assert(!addr_is_ip4mapped(&a, l)); - unit_assert(ipstrtoaddr("::ffff:127.0.0.1", 53, &a, &l)); - unit_assert(addr_is_ip4mapped(&a, l)); - unit_assert(ipstrtoaddr("::ffff:127.0.0.2", 53, &a, &l)); - unit_assert(addr_is_ip4mapped(&a, l)); - unit_assert(ipstrtoaddr("::ffff:192.168.0.2", 53, &a, &l)); - unit_assert(addr_is_ip4mapped(&a, l)); - unit_assert(ipstrtoaddr("2::ffff:192.168.0.2", 53, &a, &l)); - unit_assert(!addr_is_ip4mapped(&a, l)); - } - /* test addr_is_any */ - unit_show_func("util/net_help.c", "addr_is_any"); - if(1) { - struct sockaddr_storage a; - socklen_t l = (socklen_t)sizeof(a); - unit_assert(ipstrtoaddr("0.0.0.0", 53, &a, &l)); - unit_assert(addr_is_any(&a, l)); - unit_assert(ipstrtoaddr("0.0.0.0", 10053, &a, &l)); - unit_assert(addr_is_any(&a, l)); - unit_assert(ipstrtoaddr("0.0.0.0", 0, &a, &l)); - unit_assert(addr_is_any(&a, l)); - unit_assert(ipstrtoaddr("::0", 0, &a, &l)); - unit_assert(addr_is_any(&a, l)); - unit_assert(ipstrtoaddr("::0", 53, &a, &l)); - unit_assert(addr_is_any(&a, l)); - unit_assert(ipstrtoaddr("::1", 53, &a, &l)); - unit_assert(!addr_is_any(&a, l)); - unit_assert(ipstrtoaddr("2001:1667::1", 0, &a, &l)); - unit_assert(!addr_is_any(&a, l)); - unit_assert(ipstrtoaddr("2001::0", 0, &a, &l)); - unit_assert(!addr_is_any(&a, l)); - unit_assert(ipstrtoaddr("10.0.0.0", 0, &a, &l)); - unit_assert(!addr_is_any(&a, l)); - unit_assert(ipstrtoaddr("0.0.0.10", 0, &a, &l)); - unit_assert(!addr_is_any(&a, l)); - unit_assert(ipstrtoaddr("192.0.2.1", 0, &a, &l)); - unit_assert(!addr_is_any(&a, l)); - } -} - -#include "util/config_file.h" -/** test config_file: cfg_parse_memsize */ -static void -config_memsize_test(void) -{ - size_t v = 0; - unit_show_func("util/config_file.c", "cfg_parse_memsize"); - if(0) { - /* these emit errors */ - unit_assert( cfg_parse_memsize("", &v) == 0); - unit_assert( cfg_parse_memsize("bla", &v) == 0); - unit_assert( cfg_parse_memsize("nop", &v) == 0); - unit_assert( cfg_parse_memsize("n0b", &v) == 0); - unit_assert( cfg_parse_memsize("gb", &v) == 0); - unit_assert( cfg_parse_memsize("b", &v) == 0); - unit_assert( cfg_parse_memsize("kb", &v) == 0); - unit_assert( cfg_parse_memsize("kk kb", &v) == 0); - } - unit_assert( cfg_parse_memsize("0", &v) && v==0); - unit_assert( cfg_parse_memsize("1", &v) && v==1); - unit_assert( cfg_parse_memsize("10", &v) && v==10); - unit_assert( cfg_parse_memsize("10b", &v) && v==10); - unit_assert( cfg_parse_memsize("5b", &v) && v==5); - unit_assert( cfg_parse_memsize("1024", &v) && v==1024); - unit_assert( cfg_parse_memsize("1k", &v) && v==1024); - unit_assert( cfg_parse_memsize("1K", &v) && v==1024); - unit_assert( cfg_parse_memsize("1Kb", &v) && v==1024); - unit_assert( cfg_parse_memsize("1kb", &v) && v==1024); - unit_assert( cfg_parse_memsize("1 kb", &v) && v==1024); - unit_assert( cfg_parse_memsize("10 kb", &v) && v==10240); - unit_assert( cfg_parse_memsize("2k", &v) && v==2048); - unit_assert( cfg_parse_memsize("2m", &v) && v==2048*1024); - unit_assert( cfg_parse_memsize("3M", &v) && v==3072*1024); - unit_assert( cfg_parse_memsize("40m", &v) && v==40960*1024); - unit_assert( cfg_parse_memsize("1G", &v) && v==1024*1024*1024); - unit_assert( cfg_parse_memsize("1 Gb", &v) && v==1024*1024*1024); - unit_assert( cfg_parse_memsize("0 Gb", &v) && v==0*1024*1024); -} - -/** test config_file: test tag code */ -static void -config_tag_test(void) -{ - unit_show_func("util/config_file.c", "taglist_intersect"); - unit_assert( taglist_intersect( - (uint8_t*)"\000\000\000", 3, (uint8_t*)"\001\000\001", 3 - ) == 0); - unit_assert( taglist_intersect( - (uint8_t*)"\000\000\001", 3, (uint8_t*)"\001\000\001", 3 - ) == 1); - unit_assert( taglist_intersect( - (uint8_t*)"\001\000\000", 3, (uint8_t*)"\001\000\001", 3 - ) == 1); - unit_assert( taglist_intersect( - (uint8_t*)"\001", 1, (uint8_t*)"\001\000\001", 3 - ) == 1); - unit_assert( taglist_intersect( - (uint8_t*)"\001\000\001", 3, (uint8_t*)"\001", 1 - ) == 1); -} - -#include "util/rtt.h" -/** test RTT code */ -static void -rtt_test(void) -{ - int init = 376; - int i; - struct rtt_info r; - unit_show_func("util/rtt.c", "rtt_timeout"); - rtt_init(&r); - /* initial value sensible */ - unit_assert( rtt_timeout(&r) == init ); - rtt_lost(&r, init); - unit_assert( rtt_timeout(&r) == init*2 ); - rtt_lost(&r, init*2); - unit_assert( rtt_timeout(&r) == init*4 ); - rtt_update(&r, 4000); - unit_assert( rtt_timeout(&r) >= 2000 ); - rtt_lost(&r, rtt_timeout(&r) ); - for(i=0; i<100; i++) { - rtt_lost(&r, rtt_timeout(&r) ); - unit_assert( rtt_timeout(&r) > RTT_MIN_TIMEOUT-1); - unit_assert( rtt_timeout(&r) < RTT_MAX_TIMEOUT+1); - } -} - -#include "services/cache/infra.h" -#include "util/config_file.h" - -/* lookup and get key and data structs easily */ -static struct infra_data* infra_lookup_host(struct infra_cache* infra, - struct sockaddr_storage* addr, socklen_t addrlen, uint8_t* zone, - size_t zonelen, int wr, time_t now, struct infra_key** k) -{ - struct infra_data* d; - struct lruhash_entry* e = infra_lookup_nottl(infra, addr, addrlen, - zone, zonelen, wr); - if(!e) return NULL; - d = (struct infra_data*)e->data; - if(d->ttl < now) { - lock_rw_unlock(&e->lock); - return NULL; - } - *k = (struct infra_key*)e->key; - return d; -} - -/** test host cache */ -static void -infra_test(void) -{ - struct sockaddr_storage one; - socklen_t onelen; - uint8_t* zone = (uint8_t*)"\007example\003com\000"; - size_t zonelen = 13; - struct infra_cache* slab; - struct config_file* cfg = config_create(); - time_t now = 0; - uint8_t edns_lame; - int vs, to; - struct infra_key* k; - struct infra_data* d; - int init = 376; - - unit_show_feature("infra cache"); - unit_assert(ipstrtoaddr("127.0.0.1", 53, &one, &onelen)); - - slab = infra_create(cfg); - unit_assert( infra_host(slab, &one, onelen, zone, zonelen, now, - &vs, &edns_lame, &to) ); - unit_assert( vs == 0 && to == init && edns_lame == 0 ); - - unit_assert( infra_rtt_update(slab, &one, onelen, zone, zonelen, LDNS_RR_TYPE_A, -1, init, now) ); - unit_assert( infra_host(slab, &one, onelen, zone, zonelen, - now, &vs, &edns_lame, &to) ); - unit_assert( vs == 0 && to == init*2 && edns_lame == 0 ); - - unit_assert( infra_edns_update(slab, &one, onelen, zone, zonelen, -1, now) ); - unit_assert( infra_host(slab, &one, onelen, zone, zonelen, - now, &vs, &edns_lame, &to) ); - unit_assert( vs == -1 && to == init*2 && edns_lame == 1); - - now += cfg->host_ttl + 10; - unit_assert( infra_host(slab, &one, onelen, zone, zonelen, - now, &vs, &edns_lame, &to) ); - unit_assert( vs == 0 && to == init && edns_lame == 0 ); - - unit_assert( infra_set_lame(slab, &one, onelen, - zone, zonelen, now, 0, 0, LDNS_RR_TYPE_A) ); - unit_assert( (d=infra_lookup_host(slab, &one, onelen, zone, zonelen, 0, now, &k)) ); - unit_assert( d->ttl == now+cfg->host_ttl ); - unit_assert( d->edns_version == 0 ); - unit_assert(!d->isdnsseclame && !d->rec_lame && d->lame_type_A && - !d->lame_other); - lock_rw_unlock(&k->entry.lock); - - /* test merge of data */ - unit_assert( infra_set_lame(slab, &one, onelen, - zone, zonelen, now, 0, 0, LDNS_RR_TYPE_AAAA) ); - unit_assert( (d=infra_lookup_host(slab, &one, onelen, zone, zonelen, 0, now, &k)) ); - unit_assert(!d->isdnsseclame && !d->rec_lame && d->lame_type_A && - d->lame_other); - lock_rw_unlock(&k->entry.lock); - - /* test that noEDNS cannot overwrite known-yesEDNS */ - now += cfg->host_ttl + 10; - unit_assert( infra_host(slab, &one, onelen, zone, zonelen, - now, &vs, &edns_lame, &to) ); - unit_assert( vs == 0 && to == init && edns_lame == 0 ); - - unit_assert( infra_edns_update(slab, &one, onelen, zone, zonelen, 0, now) ); - unit_assert( infra_host(slab, &one, onelen, zone, zonelen, - now, &vs, &edns_lame, &to) ); - unit_assert( vs == 0 && to == init && edns_lame == 1 ); - - unit_assert( infra_edns_update(slab, &one, onelen, zone, zonelen, -1, now) ); - unit_assert( infra_host(slab, &one, onelen, zone, zonelen, - now, &vs, &edns_lame, &to) ); - unit_assert( vs == 0 && to == init && edns_lame == 1 ); - - infra_delete(slab); - config_delete(cfg); -} - -#include "util/random.h" -/** test randomness */ -static void -rnd_test(void) -{ - struct ub_randstate* r; - int num = 1000, i; - long int a[1000]; - unsigned int seed = (unsigned)time(NULL); - unit_show_feature("ub_random"); - printf("ub_random seed is %u\n", seed); - unit_assert( (r = ub_initstate(seed, NULL)) ); - for(i=0; i= 0); - unit_assert((size_t)a[i] <= (size_t)0x7fffffff); - if(i > 5) - unit_assert(a[i] != a[i-1] || a[i] != a[i-2] || - a[i] != a[i-3] || a[i] != a[i-4] || - a[i] != a[i-5] || a[i] != a[i-6]); - } - a[0] = ub_random_max(r, 1); - unit_assert(a[0] >= 0 && a[0] < 1); - a[0] = ub_random_max(r, 10000); - unit_assert(a[0] >= 0 && a[0] < 10000); - for(i=0; i= 0 && a[i] < 10); - } - ub_randfree(r); -} - -#include "respip/respip.h" -#include "services/localzone.h" -#include "util/data/packed_rrset.h" -typedef struct addr_action {char* ip; char* sact; enum respip_action act;} - addr_action_t; - -/** Utility function that verifies that the respip set has actions as expected */ -static void -verify_respip_set_actions(struct respip_set* set, addr_action_t actions[], - int actions_len) -{ - int i = 0; - struct rbtree_type* tree = respip_set_get_tree(set); - for (i=0; icount); -} - -/** Global respip actions test; apply raw config data and verify that - * all the nodes in the respip set, looked up by address, have expected - * actions */ -static void -respip_conf_actions_test(void) -{ - addr_action_t config_response_ip[] = { - {"192.0.1.0/24", "deny", respip_deny}, - {"192.0.2.0/24", "redirect", respip_redirect}, - {"192.0.3.0/26", "inform", respip_inform}, - {"192.0.4.0/27", "inform_deny", respip_inform_deny}, - {"2001:db8:1::/48", "always_transparent", respip_always_transparent}, - {"2001:db8:2::/49", "always_refuse", respip_always_refuse}, - {"2001:db8:3::/50", "always_nxdomain", respip_always_nxdomain}, - }; - int i; - struct respip_set* set = respip_set_create(); - struct config_file cfg; - int clen = (int)(sizeof(config_response_ip) / sizeof(addr_action_t)); - - unit_assert(set); - unit_show_feature("global respip config actions apply"); - memset(&cfg, 0, sizeof(cfg)); - for(i=0; iname = strdup("view1"); - cv2->name = strdup("view2"); - unit_assert(cv1->name && cv2->name); - cv1->next = cv2; - cfg.views = cv1; - - for(i=0; irespip_actions, ip, sact)) - unit_assert(0); - } - for(i=0; irespip_actions, ip, sact)) - unit_assert(0); - } - views = views_create(); - unit_assert(views); - unit_assert(views_apply_cfg(views, &cfg)); - unit_assert(respip_views_apply_cfg(views, &cfg, &have_respip_cfg)); - - /* now verify the respip sets in each view */ - v = views_find_view(views, "view1", 0); - unit_assert(v); - verify_respip_set_actions(v->respip_set, config_response_ip_view1, clen1); - lock_rw_unlock(&v->lock); - v = views_find_view(views, "view2", 0); - unit_assert(v); - verify_respip_set_actions(v->respip_set, config_response_ip_view2, clen2); - lock_rw_unlock(&v->lock); -} - -typedef struct addr_data {char* ip; char* data;} addr_data_t; - -/** find the respip address node in the specified tree (by address lookup) - * and verify type and address of the specified rdata (by index) in this - * node's rrset */ -static void -verify_rrset(struct respip_set* set, const char* ipstr, - const char* rdatastr, size_t rdi, uint16_t type) -{ - struct sockaddr_storage addr; - int net; - char buf[65536]; - socklen_t addrlen; - struct rbtree_type* tree; - struct resp_addr* node; - const struct ub_packed_rrset_key* rrs; - - netblockstrtoaddr(ipstr, UNBOUND_DNS_PORT, &addr, &addrlen, &net); - tree = respip_set_get_tree(set); - node = (struct resp_addr*)addr_tree_find(tree, &addr, addrlen, net); - unit_assert(node); - unit_assert((rrs = resp_addr_get_rrset(node))); - unit_assert(ntohs(rrs->rk.type) == type); - packed_rr_to_string((struct ub_packed_rrset_key*)rrs, - rdi, 0, buf, sizeof(buf)); - unit_assert(strstr(buf, rdatastr)); -} - -/** Dataset used to test redirect rrset initialization for both - * global and per-view respip redirect configuration */ -static addr_data_t config_response_ip_data[] = { - {"192.0.1.0/24", "A 1.2.3.4"}, - {"192.0.1.0/24", "A 11.12.13.14"}, - {"192.0.2.0/24", "CNAME www.example.com."}, - {"2001:db8:1::/48", "AAAA 2001:db8:1::2:1"}, -}; - -/** Populate raw respip redirect config data, used for both global and - * view-based respip redirect test case */ -static void -cfg_insert_respip_data(struct config_str2list** respip_actions, - struct config_str2list** respip_data) -{ - int clen = (int)(sizeof(config_response_ip_data) / sizeof(addr_data_t)); - int i = 0; - - /* insert actions (duplicate netblocks don't matter) */ - for(i=0; iname = strdup("view1"); - unit_assert(cv->name); - cfg.views = cv; - cfg_insert_respip_data(&cv->respip_actions, &cv->respip_data); - views = views_create(); - unit_assert(views); - unit_assert(views_apply_cfg(views, &cfg)); - - /* apply configuration and verify rrsets */ - unit_assert(respip_views_apply_cfg(views, &cfg, &have_respip_cfg)); - v = views_find_view(views, "view1", 0); - unit_assert(v); - verify_rrset(v->respip_set, "192.0.1.0/24", "1.2.3.4", - 0, LDNS_RR_TYPE_A); - verify_rrset(v->respip_set, "192.0.1.0/24", "11.12.13.14", - 1, LDNS_RR_TYPE_A); - verify_rrset(v->respip_set, "192.0.2.0/24", "www.example.com", - 0, LDNS_RR_TYPE_CNAME); - verify_rrset(v->respip_set, "2001:db8:1::/48", "2001:db8:1::2:1", - 0, LDNS_RR_TYPE_AAAA); -} - -/** respip unit tests */ -static void respip_test(void) -{ - respip_view_conf_data_test(); - respip_conf_data_test(); - respip_view_conf_actions_test(); - respip_conf_actions_test(); -} - -void unit_show_func(const char* file, const char* func) -{ - printf("test %s:%s\n", file, func); -} - -void unit_show_feature(const char* feature) -{ - printf("test %s functions\n", feature); -} - -#ifdef USE_ECDSA_EVP_WORKAROUND -void ecdsa_evp_workaround_init(void); -#endif -/** - * Main unit test program. Setup, teardown and report errors. - * @param argc: arg count. - * @param argv: array of commandline arguments. - * @return program failure if test fails. - */ -int -main(int argc, char* argv[]) -{ - log_init(NULL, 0, NULL); - if(argc != 1) { - printf("usage: %s\n", argv[0]); - printf("\tperforms unit tests.\n"); - return 1; - } - printf("Start of %s unit test.\n", PACKAGE_STRING); -#ifdef HAVE_SSL -# ifdef HAVE_ERR_LOAD_CRYPTO_STRINGS - ERR_load_crypto_strings(); -# endif -# ifdef USE_GOST - (void)sldns_key_EVP_load_gost_id(); -# endif -# ifdef USE_ECDSA_EVP_WORKAROUND - ecdsa_evp_workaround_init(); -# endif -#elif defined(HAVE_NSS) - if(NSS_NoDB_Init(".") != SECSuccess) - fatal_exit("could not init NSS"); -#endif /* HAVE_SSL or HAVE_NSS*/ - checklock_start(); - neg_test(); - rnd_test(); - respip_test(); - verify_test(); - net_test(); - config_memsize_test(); - config_tag_test(); - dname_test(); - rtt_test(); - anchors_test(); - alloc_test(); - regional_test(); - lruhash_test(); - slabhash_test(); - infra_test(); - ldns_test(); - msgparse_test(); -#ifdef CLIENT_SUBNET - ecs_test(); -#endif /* CLIENT_SUBNET */ - checklock_stop(); - printf("%d checks ok.\n", testcount); -#ifdef HAVE_SSL -# if defined(USE_GOST) && defined(HAVE_LDNS_KEY_EVP_UNLOAD_GOST) - sldns_key_EVP_unload_gost(); -# endif -# ifdef HAVE_OPENSSL_CONFIG -# ifdef HAVE_EVP_CLEANUP - EVP_cleanup(); -# endif - ENGINE_cleanup(); - CONF_modules_free(); -# endif -# ifdef HAVE_CRYPTO_CLEANUP_ALL_EX_DATA - CRYPTO_cleanup_all_ex_data(); -# endif -# ifdef HAVE_ERR_FREE_STRINGS - ERR_free_strings(); -# endif -# ifdef HAVE_RAND_CLEANUP - RAND_cleanup(); -# endif -#elif defined(HAVE_NSS) - if(NSS_Shutdown() != SECSuccess) - fatal_exit("could not shutdown NSS"); -#endif /* HAVE_SSL or HAVE_NSS */ -#ifdef HAVE_PTHREAD - /* dlopen frees its thread specific state */ - pthread_exit(NULL); -#endif - return 0; -} diff --git a/external/unbound/testcode/unitmain.h b/external/unbound/testcode/unitmain.h deleted file mode 100644 index d81b603b2..000000000 --- a/external/unbound/testcode/unitmain.h +++ /dev/null @@ -1,82 +0,0 @@ -/* - * testcode/unitmain.h - unit test main program for unbound. - * - * Copyright (c) 2007, NLnet Labs. All rights reserved. - * - * This software is open source. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * Redistributions of source code must retain the above copyright notice, - * this list of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, - * this list of conditions and the following disclaimer in the documentation - * and/or other materials provided with the distribution. - * - * Neither the name of the NLNET LABS nor the names of its contributors may - * be used to endorse or promote products derived from this software without - * specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR - * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT - * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED - * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR - * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF - * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING - * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - * - */ -/** - * \file - * Declarations useful for the unit tests. - */ - -#ifndef TESTCODE_UNITMAIN_H -#define TESTCODE_UNITMAIN_H -#include "util/log.h" - -/** number of tests done */ -extern int testcount; -/** test bool x, exits on failure, increases testcount. */ -#ifdef DEBUG_UNBOUND -#define unit_assert(x) do {testcount++; log_assert(x);} while(0) -#else -#define unit_assert(x) do {testcount++; if(!(x)) { fprintf(stderr, "assertion failure %s:%d\n", __FILE__, __LINE__); exit(1);}} while(0) -#endif - -/** we are now testing this function */ -void unit_show_func(const char* file, const char* func); -/** we are testing this functionality */ -void unit_show_feature(const char* feature); - -/** unit test lruhashtable implementation */ -void lruhash_test(void); -/** unit test slabhashtable implementation */ -void slabhash_test(void); -/** unit test for msgreply and msgparse */ -void msgparse_test(void); -/** unit test dname handling functions */ -void dname_test(void); -/** unit test trust anchor storage functions */ -void anchors_test(void); -/** unit test for verification functions */ -void verify_test(void); -/** unit test for negative cache functions */ -void neg_test(void); -/** unit test for regional allocator functions */ -void regional_test(void); -#ifdef CLIENT_SUBNET -/** Unit test for ECS functions */ -void ecs_test(void); -#endif /* CLIENT_SUBNET */ -/** unit test for ldns functions */ -void ldns_test(void); - -#endif /* TESTCODE_UNITMAIN_H */ diff --git a/external/unbound/testcode/unitmsgparse.c b/external/unbound/testcode/unitmsgparse.c deleted file mode 100644 index 627d10b78..000000000 --- a/external/unbound/testcode/unitmsgparse.c +++ /dev/null @@ -1,542 +0,0 @@ -/* - * testcode/unitmsgparse.c - unit test for msg parse routines. - * - * Copyright (c) 2007, NLnet Labs. All rights reserved. - * - * This software is open source. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * Redistributions of source code must retain the above copyright notice, - * this list of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, - * this list of conditions and the following disclaimer in the documentation - * and/or other materials provided with the distribution. - * - * Neither the name of the NLNET LABS nor the names of its contributors may - * be used to endorse or promote products derived from this software without - * specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR - * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT - * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED - * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR - * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF - * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING - * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - * - */ -/** - * \file - * Calls msg parse unit tests. Exits with code 1 on a failure. - */ - -#include "config.h" -#include -#include "util/log.h" -#include "testcode/unitmain.h" -#include "util/data/msgparse.h" -#include "util/data/msgreply.h" -#include "util/data/msgencode.h" -#include "util/data/dname.h" -#include "util/alloc.h" -#include "util/regional.h" -#include "util/net_help.h" -#include "testcode/readhex.h" -#include "testcode/testpkts.h" -#include "sldns/sbuffer.h" -#include "sldns/str2wire.h" -#include "sldns/wire2str.h" - -/** verbose message parse unit test */ -static int vbmp = 0; -/** do not accept formerr */ -static int check_formerr_gone = 0; -/** if matching within a section should disregard the order of RRs. */ -static int matches_nolocation = 0; -/** see if RRSIGs are properly matched to RRsets. */ -static int check_rrsigs = 0; -/** do not check buffer sameness */ -static int check_nosameness = 0; - -/** see if buffers contain the same packet */ -static int -test_buffers(sldns_buffer* pkt, sldns_buffer* out) -{ - /* check binary same */ - if(sldns_buffer_limit(pkt) == sldns_buffer_limit(out) && - memcmp(sldns_buffer_begin(pkt), sldns_buffer_begin(out), - sldns_buffer_limit(pkt)) == 0) { - if(vbmp) printf("binary the same (length=%u)\n", - (unsigned)sldns_buffer_limit(pkt)); - return 1; - } - - if(vbmp) { - size_t sz = 16; - size_t count; - size_t lim = sldns_buffer_limit(out); - if(sldns_buffer_limit(pkt) < lim) - lim = sldns_buffer_limit(pkt); - for(count=0; countbits & EDNS_DO) ); - unit_assert(ret != 0); /* udp packets should fit */ - attach_edns_record(out, edns); - regional_free_all(r2); - } - if(gettimeofday(&end, NULL) < 0) - fatal_exit("gettimeofday: %s", strerror(errno)); - /* time in millisec */ - dt = (double)(end.tv_sec - start.tv_sec)*1000. + - ((double)end.tv_usec - (double)start.tv_usec)/1000.; - printf("[%d] did %u in %g msec for %f encode/sec size %d\n", num++, - (unsigned)max, dt, (double)max / (dt/1000.), - (int)sldns_buffer_limit(out)); - regional_destroy(r2); -} - -/** perf test a packet */ -static void -perftestpkt(sldns_buffer* pkt, struct alloc_cache* alloc, sldns_buffer* out, - const char* hex) -{ - struct query_info qi; - struct reply_info* rep = 0; - int ret; - uint16_t id; - uint16_t flags; - time_t timenow = 0; - struct regional* region = regional_create(); - struct edns_data edns; - - hex_to_buf(pkt, hex); - memmove(&id, sldns_buffer_begin(pkt), sizeof(id)); - if(sldns_buffer_limit(pkt) < 2) - flags = 0; - else memmove(&flags, sldns_buffer_at(pkt, 2), sizeof(flags)); - flags = ntohs(flags); - ret = reply_info_parse(pkt, alloc, &qi, &rep, region, &edns); - if(ret != 0) { - char rbuf[16]; - sldns_wire2str_rcode_buf(ret, rbuf, sizeof(rbuf)); - if(vbmp) printf("parse code %d: %s\n", ret, rbuf); - if(ret == LDNS_RCODE_FORMERR) - checkformerr(pkt); - unit_assert(ret != LDNS_RCODE_SERVFAIL); - } else { - perf_encode(&qi, rep, id, flags, out, timenow, &edns); - } - - query_info_clear(&qi); - reply_info_parsedelete(rep, alloc); - regional_destroy(region); -} - -/** print packed rrset */ -static void -print_rrset(struct ub_packed_rrset_key* rrset) -{ - struct packed_rrset_data* d = (struct packed_rrset_data*)rrset-> - entry.data; - char buf[65535]; - size_t i; - for(i=0; icount+d->rrsig_count; i++) { - if(!packed_rr_to_string(rrset, i, 0, buf, sizeof(buf))) - printf("failedtoconvert %d\n", (int)i); - else - printf("%s\n", buf); - } -} - -/** debug print a packet that failed */ -static void -print_packet_rrsets(struct query_info* qinfo, struct reply_info* rep) -{ - size_t i; - log_query_info(0, "failed query", qinfo); - printf(";; ANSWER SECTION (%d rrsets)\n", (int)rep->an_numrrsets); - for(i=0; ian_numrrsets; i++) { - printf("; rrset %d\n", (int)i); - print_rrset(rep->rrsets[i]); - } - printf(";; AUTHORITY SECTION (%d rrsets)\n", (int)rep->ns_numrrsets); - for(i=rep->an_numrrsets; ian_numrrsets+rep->ns_numrrsets; i++) { - printf("; rrset %d\n", (int)i); - print_rrset(rep->rrsets[i]); - } - printf(";; ADDITIONAL SECTION (%d rrsets)\n", (int)rep->ar_numrrsets); - for(i=rep->an_numrrsets+rep->ns_numrrsets; irrset_count; i++) { - printf("; rrset %d\n", (int)i); - print_rrset(rep->rrsets[i]); - } - printf(";; packet end\n"); -} - -/** check that there is no data element that matches the RRSIG */ -static int -no_data_for_rrsig(struct reply_info* rep, struct ub_packed_rrset_key* rrsig) -{ - size_t i; - for(i=0; irrset_count; i++) { - if(ntohs(rep->rrsets[i]->rk.type) == LDNS_RR_TYPE_RRSIG) - continue; - if(query_dname_compare(rep->rrsets[i]->rk.dname, - rrsig->rk.dname) == 0) - /* only name is compared right now */ - return 0; - } - return 1; -} - -/** check RRSIGs in packet */ -static void -check_the_rrsigs(struct query_info* qinfo, struct reply_info* rep) -{ - /* every RRSIG must be matched to an RRset */ - size_t i; - for(i=0; irrset_count; i++) { - struct ub_packed_rrset_key* s = rep->rrsets[i]; - if(ntohs(s->rk.type) == LDNS_RR_TYPE_RRSIG) { - /* see if really a problem, i.e. is there a data - * element. */ - if(no_data_for_rrsig(rep, rep->rrsets[i])) - continue; - log_dns_msg("rrsig failed for packet", qinfo, rep); - print_packet_rrsets(qinfo, rep); - printf("failed rrset is nr %d\n", (int)i); - unit_assert(0); - } - } -} - -/** test a packet */ -static void -testpkt(sldns_buffer* pkt, struct alloc_cache* alloc, sldns_buffer* out, - const char* hex) -{ - struct query_info qi; - struct reply_info* rep = 0; - int ret; - uint16_t id; - uint16_t flags; - uint32_t timenow = 0; - struct regional* region = regional_create(); - struct edns_data edns; - - hex_to_buf(pkt, hex); - memmove(&id, sldns_buffer_begin(pkt), sizeof(id)); - if(sldns_buffer_limit(pkt) < 2) - flags = 0; - else memmove(&flags, sldns_buffer_at(pkt, 2), sizeof(flags)); - flags = ntohs(flags); - ret = reply_info_parse(pkt, alloc, &qi, &rep, region, &edns); - if(ret != 0) { - char rbuf[16]; - sldns_wire2str_rcode_buf(ret, rbuf, sizeof(rbuf)); - if(vbmp) printf("parse code %d: %s\n", ret, rbuf); - if(ret == LDNS_RCODE_FORMERR) { - unit_assert(!check_formerr_gone); - checkformerr(pkt); - } - unit_assert(ret != LDNS_RCODE_SERVFAIL); - } else if(!check_formerr_gone) { - const size_t lim = 512; - ret = reply_info_encode(&qi, rep, id, flags, out, timenow, - region, 65535, (int)(edns.bits & EDNS_DO) ); - unit_assert(ret != 0); /* udp packets should fit */ - attach_edns_record(out, &edns); - if(vbmp) printf("inlen %u outlen %u\n", - (unsigned)sldns_buffer_limit(pkt), - (unsigned)sldns_buffer_limit(out)); - if(!check_nosameness) - test_buffers(pkt, out); - if(check_rrsigs) - check_the_rrsigs(&qi, rep); - - if(sldns_buffer_limit(out) > lim) { - ret = reply_info_encode(&qi, rep, id, flags, out, - timenow, region, - lim - calc_edns_field_size(&edns), - (int)(edns.bits & EDNS_DO)); - unit_assert(ret != 0); /* should fit, but with TC */ - attach_edns_record(out, &edns); - if( LDNS_QDCOUNT(sldns_buffer_begin(out)) != - LDNS_QDCOUNT(sldns_buffer_begin(pkt)) || - LDNS_ANCOUNT(sldns_buffer_begin(out)) != - LDNS_ANCOUNT(sldns_buffer_begin(pkt)) || - LDNS_NSCOUNT(sldns_buffer_begin(out)) != - LDNS_NSCOUNT(sldns_buffer_begin(pkt))) - unit_assert( - LDNS_TC_WIRE(sldns_buffer_begin(out))); - /* must set TC bit if shortened */ - unit_assert(sldns_buffer_limit(out) <= lim); - } - } - - query_info_clear(&qi); - reply_info_parsedelete(rep, alloc); - regional_destroy(region); -} - -/** simple test of parsing */ -static void -simpletest(sldns_buffer* pkt, struct alloc_cache* alloc, sldns_buffer* out) -{ - /* a root query drill -q - */ - testpkt(pkt, alloc, out, - " c5 40 01 00 00 01 00 00 00 00 00 00 00 00 02 00 01 "); - - /* very small packet */ - testpkt(pkt, alloc, out, -"; 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19\n" -";-- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --\n" -"74 0c 85 83 00 01 00 00 00 01 00 00 03 62 6c 61 09 6e 6c 6e ; 1- 20\n" -"65 74 6c 61 62 73 02 6e 6c 00 00 0f 00 01 09 6e 6c 6e 65 74 ; 21- 40\n" -"6c 61 62 73 02 6e 6c 00 00 06 00 01 00 00 46 50 00 40 04 6f ; 41- 60\n" -"70 65 6e 09 6e 6c 6e 65 74 6c 61 62 73 02 6e 6c 00 0a 68 6f ; 61- 80\n" -"73 74 6d 61 73 74 65 72 09 6e 6c 6e 65 74 6c 61 62 73 02 6e ; 81- 100\n" -"6c 00 77 a1 02 58 00 00 70 80 00 00 1c 20 00 09 3a 80 00 00 ; 101- 120\n" -"46 50\n"); - - /* a root reply drill -w - */ - testpkt(pkt, alloc, out, - " ; 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19\n" - " ;-- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --\n" - " 97 3f 81 80 00 01 00 0d 00 00 00 02 00 00 02 00 01 00 00 02 ; 1- 20\n" - " 00 01 00 06 6d 38 00 14 01 49 0c 52 4f 4f 54 2d 53 45 52 56 ; 21- 40\n" - " 45 52 53 03 4e 45 54 00 00 00 02 00 01 00 06 6d 38 00 14 01 ; 41- 60\n" - " 4a 0c 52 4f 4f 54 2d 53 45 52 56 45 52 53 03 4e 45 54 00 00 ; 61- 80\n" - " 00 02 00 01 00 06 6d 38 00 14 01 4b 0c 52 4f 4f 54 2d 53 45 ; 81- 100\n" - " 52 56 45 52 53 03 4e 45 54 00 00 00 02 00 01 00 06 6d 38 00 ; 101- 120\n" - " 14 01 4c 0c 52 4f 4f 54 2d 53 45 52 56 45 52 53 03 4e 45 54 ; 121- 140\n" - " 00 00 00 02 00 01 00 06 6d 38 00 14 01 4d 0c 52 4f 4f 54 2d ; 141- 160\n" - " 53 45 52 56 45 52 53 03 4e 45 54 00 00 00 02 00 01 00 06 6d ; 161- 180\n" - " 38 00 14 01 41 0c 52 4f 4f 54 2d 53 45 52 56 45 52 53 03 4e ; 181- 200\n" - " 45 54 00 00 00 02 00 01 00 06 6d 38 00 14 01 42 0c 52 4f 4f ; 201- 220\n" - " 54 2d 53 45 52 56 45 52 53 03 4e 45 54 00 00 00 02 00 01 00 ; 221- 240\n" - " 06 6d 38 00 14 01 43 0c 52 4f 4f 54 2d 53 45 52 56 45 52 53 ; 241- 260\n" - " 03 4e 45 54 00 00 00 02 00 01 00 06 6d 38 00 14 01 44 0c 52 ; 261- 280\n" - " 4f 4f 54 2d 53 45 52 56 45 52 53 03 4e 45 54 00 00 00 02 00 ; 281- 300\n" - " 01 00 06 6d 38 00 14 01 45 0c 52 4f 4f 54 2d 53 45 52 56 45 ; 301- 320\n" - " 52 53 03 4e 45 54 00 00 00 02 00 01 00 06 6d 38 00 14 01 46 ; 321- 340\n" - " 0c 52 4f 4f 54 2d 53 45 52 56 45 52 53 03 4e 45 54 00 00 00 ; 341- 360\n" - " 02 00 01 00 06 6d 38 00 14 01 47 0c 52 4f 4f 54 2d 53 45 52 ; 361- 380\n" - " 56 45 52 53 03 4e 45 54 00 00 00 02 00 01 00 06 6d 38 00 14 ; 381- 400\n" - " 01 48 0c 52 4f 4f 54 2d 53 45 52 56 45 52 53 03 4e 45 54 00 ; 401- 420\n" - " 01 41 0c 52 4f 4f 54 2d 53 45 52 56 45 52 53 03 4e 45 54 00 ; 421- 440\n" - " 00 01 00 01 00 02 64 b9 00 04 c6 29 00 04 01 4a 0c 52 4f 4f ; 441- 460\n" - " 54 2d 53 45 52 56 45 52 53 03 4e 45 54 00 00 01 00 01 00 02 ; 461- 480\n" - " 64 b9 00 04 c0 3a 80 1e "); - - /* root delegation from unbound trace with new AAAA glue */ - perftestpkt(pkt, alloc, out, - "55BC84000001000D00000014000002000100000200010007E900001401610C726F6F742D73657276657273036E65740000000200010007E90000040162C01E00000200010007E90000040163C01E00000200010007E90000040164C01E00000200010007E90000040165C01E00000200010007E90000040166C01E00000200010007E90000040167C01E00000200010007E90000040168C01E00000200010007E90000040169C01E00000200010007E9000004016AC01E00000200010007E9000004016BC01E00000200010007E9000004016CC01E00000200010007E9000004016DC01EC01C000100010007E9000004C6290004C03B000100010007E9000004C0E44FC9C04A000100010007E9000004C021040CC059000100010007E900000480080A5AC068000100010007E9000004C0CBE60AC077000100010007E9000004C00505F1C086000100010007E9000004C0702404C095000100010007E9000004803F0235C0A4000100010007E9000004C0249411C0B3000100010007E9000004C03A801EC0C2000100010007E9000004C1000E81C0D1000100010007E9000004C707532AC0E0000100010007E9000004CA0C1B21C01C001C00010007E900001020010503BA3E00000000000000020030C077001C00010007E900001020010500002F0000000000000000000FC095001C00010007E90000102001050000010000" - "00000000803F0235C0B3001C00010007E9000010200105030C2700000000000000020030C0C2001C00010007E9000010200107FD000000000000000000000001C0E0001C00010007E900001020010DC30000000000000000000000350000291000000000000000" - ); -} - -/** simple test of parsing, pcat file */ -static void -testfromfile(sldns_buffer* pkt, struct alloc_cache* alloc, sldns_buffer* out, - const char* fname) -{ - FILE* in = fopen(fname, "r"); - char buf[102400]; - int no=0; - if(!in) { - perror("fname"); - return; - } - while(fgets(buf, (int)sizeof(buf), in)) { - if(buf[0] == ';') /* comment */ - continue; - if(strlen(buf) < 10) /* skip pcat line numbers. */ - continue; - if(vbmp) { - printf("test no %d: %s", no, buf); - fflush(stdout); - } - testpkt(pkt, alloc, out, buf); - no++; - } - fclose(in); -} - -/** simple test of parsing, drill file */ -static void -testfromdrillfile(sldns_buffer* pkt, struct alloc_cache* alloc, - sldns_buffer* out, const char* fname) -{ - /* ;-- is used to indicate a new message */ - FILE* in = fopen(fname, "r"); - char buf[102400]; - char* np = buf; - buf[0]=0; - if(!in) { - perror("fname"); - return; - } - while(fgets(np, (int)sizeof(buf) - (np-buf), in)) { - if(strncmp(np, ";--", 3) == 0) { - /* new entry */ - /* test previous */ - if(np != buf) - testpkt(pkt, alloc, out, buf); - /* set for new entry */ - np = buf; - buf[0]=0; - continue; - } - if(np[0] == ';') /* comment */ - continue; - np = &np[strlen(np)]; - } - testpkt(pkt, alloc, out, buf); - fclose(in); -} - -void msgparse_test(void) -{ - time_t origttl = MAX_NEG_TTL; - sldns_buffer* pkt = sldns_buffer_new(65553); - sldns_buffer* out = sldns_buffer_new(65553); - struct alloc_cache super_a, alloc; - MAX_NEG_TTL = 86400; - /* init */ - alloc_init(&super_a, NULL, 0); - alloc_init(&alloc, &super_a, 2); - - unit_show_feature("message parse"); - simpletest(pkt, &alloc, out); - /* plain hex dumps, like pcat */ - testfromfile(pkt, &alloc, out, "testdata/test_packets.1"); - testfromfile(pkt, &alloc, out, "testdata/test_packets.2"); - testfromfile(pkt, &alloc, out, "testdata/test_packets.3"); - /* like from drill -w - */ - testfromdrillfile(pkt, &alloc, out, "testdata/test_packets.4"); - testfromdrillfile(pkt, &alloc, out, "testdata/test_packets.5"); - - matches_nolocation = 1; /* RR order not important for the next test */ - testfromdrillfile(pkt, &alloc, out, "testdata/test_packets.6"); - check_rrsigs = 1; - testfromdrillfile(pkt, &alloc, out, "testdata/test_packets.7"); - check_rrsigs = 0; - matches_nolocation = 0; - - check_formerr_gone = 1; - testfromdrillfile(pkt, &alloc, out, "testdata/test_packets.8"); - check_formerr_gone = 0; - - check_rrsigs = 1; - check_nosameness = 1; - testfromdrillfile(pkt, &alloc, out, "testdata/test_packets.9"); - check_nosameness = 0; - check_rrsigs = 0; - - /* cleanup */ - alloc_clear(&alloc); - alloc_clear(&super_a); - sldns_buffer_free(pkt); - sldns_buffer_free(out); - MAX_NEG_TTL = origttl; -} diff --git a/external/unbound/testcode/unitneg.c b/external/unbound/testcode/unitneg.c deleted file mode 100644 index 2b67df182..000000000 --- a/external/unbound/testcode/unitneg.c +++ /dev/null @@ -1,543 +0,0 @@ -/* - * testcode/unitneg.c - unit test for negative cache routines. - * - * Copyright (c) 2008, NLnet Labs. All rights reserved. - * - * This software is open source. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * Redistributions of source code must retain the above copyright notice, - * this list of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, - * this list of conditions and the following disclaimer in the documentation - * and/or other materials provided with the distribution. - * - * Neither the name of the NLNET LABS nor the names of its contributors may - * be used to endorse or promote products derived from this software without - * specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR - * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT - * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED - * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR - * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF - * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING - * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - * - */ -/** - * \file - * Calls negative cache unit tests. Exits with code 1 on a failure. - */ - -#include "config.h" -#include "util/log.h" -#include "util/net_help.h" -#include "util/data/packed_rrset.h" -#include "util/data/dname.h" -#include "testcode/unitmain.h" -#include "validator/val_neg.h" -#include "sldns/rrdef.h" - -/** verbose unit test for negative cache */ -static int negverbose = 0; - -/** debug printout of neg cache */ -static void print_neg_cache(struct val_neg_cache* neg) -{ - char buf[1024]; - struct val_neg_zone* z; - struct val_neg_data* d; - printf("neg_cache print\n"); - printf("memuse %d of %d\n", (int)neg->use, (int)neg->max); - printf("maxiter %d\n", (int)neg->nsec3_max_iter); - printf("%d zones\n", (int)neg->tree.count); - RBTREE_FOR(z, struct val_neg_zone*, &neg->tree) { - dname_str(z->name, buf); - printf("%24s", buf); - printf(" len=%2.2d labs=%d inuse=%d count=%d tree.count=%d\n", - (int)z->len, z->labs, (int)z->in_use, z->count, - (int)z->tree.count); - } - RBTREE_FOR(z, struct val_neg_zone*, &neg->tree) { - printf("\n"); - dname_print(stdout, NULL, z->name); - printf(" zone details\n"); - printf("len=%2.2d labs=%d inuse=%d count=%d tree.count=%d\n", - (int)z->len, z->labs, (int)z->in_use, z->count, - (int)z->tree.count); - if(z->parent) { - printf("parent="); - dname_print(stdout, NULL, z->parent->name); - printf("\n"); - } else { - printf("parent=NULL\n"); - } - - RBTREE_FOR(d, struct val_neg_data*, &z->tree) { - dname_str(d->name, buf); - printf("%24s", buf); - printf(" len=%2.2d labs=%d inuse=%d count=%d\n", - (int)d->len, d->labs, (int)d->in_use, d->count); - } - } -} - -/** get static pointer to random zone name */ -static char* get_random_zone(void) -{ - static char zname[256]; - int labels = random() % 3; - int i; - char* p = zname; - int labnum; - - for(i=0; ilock); - if(negverbose) - log_nametypeclass(0, "add to zone", (uint8_t*)zname, 0, 0); - z = neg_find_zone(neg, (uint8_t*)zname, strlen(zname)+1, - LDNS_RR_CLASS_IN); - if(!z) { - z = neg_create_zone(neg, (uint8_t*)zname, strlen(zname)+1, - LDNS_RR_CLASS_IN); - } - unit_assert(z); - val_neg_zone_take_inuse(z); - - /* construct random NSEC item */ - get_random_data(&from, &to, zname); - - /* create nsec and insert it */ - memset(&rd, 0, sizeof(rd)); - memset(&nsec, 0, sizeof(nsec)); - nsec.rk.dname = (uint8_t*)from; - nsec.rk.dname_len = strlen(from)+1; - nsec.rk.type = htons(LDNS_RR_TYPE_NSEC); - nsec.rk.rrset_class = htons(LDNS_RR_CLASS_IN); - nsec.entry.data = &rd; - rd.security = sec_status_secure; - rd.count = 1; - rd.rr_len = &rr_len; - rr_len = 19; - rd.rr_ttl = &rr_ttl; - rr_ttl = 0; - rd.rr_data = &rr_data; - rr_data = (uint8_t*)to; - - neg_insert_data(neg, z, &nsec); - lock_basic_unlock(&neg->lock); -} - -/** remove a random item */ -static void remove_item(struct val_neg_cache* neg) -{ - int n, i; - struct val_neg_data* d; - rbnode_type* walk; - struct val_neg_zone* z; - - lock_basic_lock(&neg->lock); - if(neg->tree.count == 0) { - lock_basic_unlock(&neg->lock); - return; /* nothing to delete */ - } - - /* pick a random zone */ - walk = rbtree_first(&neg->tree); /* first highest parent, big count */ - z = (struct val_neg_zone*)walk; - n = random() % (int)(z->count); - if(negverbose) - printf("neg stress delete zone %d\n", n); - i=0; - walk = rbtree_first(&neg->tree); - z = (struct val_neg_zone*)walk; - while(i!=n+1 && walk && walk != RBTREE_NULL && !z->in_use) { - walk = rbtree_next(walk); - z = (struct val_neg_zone*)walk; - if(z->in_use) - i++; - } - if(!walk || walk == RBTREE_NULL) { - lock_basic_unlock(&neg->lock); - return; - } - if(!z->in_use) { - lock_basic_unlock(&neg->lock); - return; - } - if(negverbose) - log_nametypeclass(0, "delete zone", z->name, 0, 0); - - /* pick a random nsec item. - that is in use */ - walk = rbtree_first(&z->tree); /* first is highest parent */ - d = (struct val_neg_data*)walk; - n = random() % (int)(d->count); - if(negverbose) - printf("neg stress delete item %d\n", n); - i=0; - walk = rbtree_first(&z->tree); - d = (struct val_neg_data*)walk; - while(i!=n+1 && walk && walk != RBTREE_NULL && !d->in_use) { - walk = rbtree_next(walk); - d = (struct val_neg_data*)walk; - if(d->in_use) - i++; - } - if(!walk || walk == RBTREE_NULL) { - lock_basic_unlock(&neg->lock); - return; - } - if(d->in_use) { - if(negverbose) - log_nametypeclass(0, "neg delete item:", d->name, 0, 0); - neg_delete_data(neg, d); - } - lock_basic_unlock(&neg->lock); -} - -/** sum up the zone trees */ -static size_t sumtrees_all(struct val_neg_cache* neg) -{ - size_t res = 0; - struct val_neg_zone* z; - RBTREE_FOR(z, struct val_neg_zone*, &neg->tree) { - res += z->tree.count; - } - return res; -} - -/** sum up the zone trees, in_use only */ -static size_t sumtrees_inuse(struct val_neg_cache* neg) -{ - size_t res = 0; - struct val_neg_zone* z; - struct val_neg_data* d; - RBTREE_FOR(z, struct val_neg_zone*, &neg->tree) { - /* get count of highest parent for num in use */ - d = (struct val_neg_data*)rbtree_first(&z->tree); - if(d && (rbnode_type*)d!=RBTREE_NULL) - res += d->count; - } - return res; -} - -/** check if lru is still valid */ -static void check_lru(struct val_neg_cache* neg) -{ - struct val_neg_data* p, *np; - size_t num = 0; - size_t inuse; - p = neg->first; - while(p) { - if(!p->prev) { - unit_assert(neg->first == p); - } - np = p->next; - if(np) { - unit_assert(np->prev == p); - } else { - unit_assert(neg->last == p); - } - num++; - p = np; - } - inuse = sumtrees_inuse(neg); - if(negverbose) - printf("num lru %d, inuse %d, all %d\n", - (int)num, (int)sumtrees_inuse(neg), - (int)sumtrees_all(neg)); - unit_assert( num == inuse); - unit_assert( inuse <= sumtrees_all(neg)); -} - -/** sum up number of items inuse in subtree */ -static int sum_subtree_inuse(struct val_neg_zone* zone, - struct val_neg_data* data) -{ - struct val_neg_data* d; - int num = 0; - RBTREE_FOR(d, struct val_neg_data*, &zone->tree) { - if(dname_subdomain_c(d->name, data->name)) { - if(d->in_use) - num++; - } - } - return num; -} - -/** sum up number of items inuse in subtree */ -static int sum_zone_subtree_inuse(struct val_neg_cache* neg, - struct val_neg_zone* zone) -{ - struct val_neg_zone* z; - int num = 0; - RBTREE_FOR(z, struct val_neg_zone*, &neg->tree) { - if(dname_subdomain_c(z->name, zone->name)) { - if(z->in_use) - num++; - } - } - return num; -} - -/** check point in data tree */ -static void check_data(struct val_neg_zone* zone, struct val_neg_data* data) -{ - unit_assert(data->count > 0); - if(data->parent) { - unit_assert(data->parent->count >= data->count); - if(data->parent->in_use) { - unit_assert(data->parent->count > data->count); - } - unit_assert(data->parent->labs == data->labs-1); - /* and parent must be one label shorter */ - unit_assert(data->name[0] == (data->len-data->parent->len-1)); - unit_assert(query_dname_compare(data->name + data->name[0]+1, - data->parent->name) == 0); - } else { - /* must be apex */ - unit_assert(dname_is_root(data->name)); - } - /* tree property: */ - unit_assert(data->count == sum_subtree_inuse(zone, data)); -} - -/** check if tree of data in zone is valid */ -static void checkzonetree(struct val_neg_zone* zone) -{ - struct val_neg_data* d; - - /* check all data in tree */ - RBTREE_FOR(d, struct val_neg_data*, &zone->tree) { - check_data(zone, d); - } -} - -/** check if negative cache is still valid */ -static void check_zone_invariants(struct val_neg_cache* neg, - struct val_neg_zone* zone) -{ - unit_assert(zone->nsec3_hash == 0); - unit_assert(zone->tree.cmp == &val_neg_data_compare); - unit_assert(zone->count != 0); - - if(zone->tree.count == 0) - unit_assert(!zone->in_use); - else { - if(!zone->in_use) { - /* details on error */ - log_nametypeclass(0, "zone", zone->name, 0, 0); - log_err("inuse %d count=%d tree.count=%d", - zone->in_use, zone->count, - (int)zone->tree.count); - if(negverbose) - print_neg_cache(neg); - } - unit_assert(zone->in_use); - } - - if(zone->parent) { - unit_assert(zone->parent->count >= zone->count); - if(zone->parent->in_use) { - unit_assert(zone->parent->count > zone->count); - } - unit_assert(zone->parent->labs == zone->labs-1); - /* and parent must be one label shorter */ - unit_assert(zone->name[0] == (zone->len-zone->parent->len-1)); - unit_assert(query_dname_compare(zone->name + zone->name[0]+1, - zone->parent->name) == 0); - } else { - /* must be apex */ - unit_assert(dname_is_root(zone->name)); - } - /* tree property: */ - unit_assert(zone->count == sum_zone_subtree_inuse(neg, zone)); - - /* check structure of zone data tree */ - checkzonetree(zone); -} - -/** check if negative cache is still valid */ -static void check_neg_invariants(struct val_neg_cache* neg) -{ - struct val_neg_zone* z; - /* check structure of LRU list */ - lock_basic_lock(&neg->lock); - check_lru(neg); - unit_assert(neg->max == 1024*1024); - unit_assert(neg->nsec3_max_iter == 1500); - unit_assert(neg->tree.cmp == &val_neg_zone_compare); - - if(neg->tree.count == 0) { - /* empty */ - unit_assert(neg->tree.count == 0); - unit_assert(neg->first == NULL); - unit_assert(neg->last == NULL); - unit_assert(neg->use == 0); - lock_basic_unlock(&neg->lock); - return; - } - - unit_assert(neg->first != NULL); - unit_assert(neg->last != NULL); - - RBTREE_FOR(z, struct val_neg_zone*, &neg->tree) { - check_zone_invariants(neg, z); - } - lock_basic_unlock(&neg->lock); -} - -/** perform stress test on insert and delete in neg cache */ -static void stress_test(struct val_neg_cache* neg) -{ - int i; - if(negverbose) - printf("negcache test\n"); - for(i=0; i<100; i++) { - if(random() % 10 < 8) - add_item(neg); - else remove_item(neg); - check_neg_invariants(neg); - } - /* empty it */ - if(negverbose) - printf("neg stress empty\n"); - while(neg->first) { - remove_item(neg); - check_neg_invariants(neg); - } - if(negverbose) - printf("neg stress emptied\n"); - unit_assert(neg->first == NULL); - /* insert again */ - for(i=0; i<100; i++) { - if(random() % 10 < 8) - add_item(neg); - else remove_item(neg); - check_neg_invariants(neg); - } -} - -void neg_test(void) -{ - struct val_neg_cache* neg; - srandom(48); - unit_show_feature("negative cache"); - - /* create with defaults */ - neg = val_neg_create(NULL, 1500); - unit_assert(neg); - - stress_test(neg); - - neg_cache_delete(neg); -} diff --git a/external/unbound/testcode/unitregional.c b/external/unbound/testcode/unitregional.c deleted file mode 100644 index 49c8147c9..000000000 --- a/external/unbound/testcode/unitregional.c +++ /dev/null @@ -1,244 +0,0 @@ -/* - * testcode/unitregional.c - unit test for regional allocator. - * - * Copyright (c) 2010, NLnet Labs. All rights reserved. - * - * This software is open source. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * Redistributions of source code must retain the above copyright notice, - * this list of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, - * this list of conditions and the following disclaimer in the documentation - * and/or other materials provided with the distribution. - * - * Neither the name of the NLNET LABS nor the names of its contributors may - * be used to endorse or promote products derived from this software without - * specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR - * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT - * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED - * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR - * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF - * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING - * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - * - */ -/** - * \file - * Tests the regional special purpose allocator. - */ - -#include "config.h" -#include "testcode/unitmain.h" -#include "util/log.h" -#include "util/regional.h" - -/** test regional corner cases, zero, one, end of structure */ -static void -corner_cases(struct regional* r) -{ - size_t s; /* shadow count of allocated memory */ - void* a; - size_t minsize = sizeof(uint64_t); - size_t mysize; - char* str; - unit_assert(r); - /* alloc cases: - * 0, 1, 2. - * smaller than LARGE_OBJECT_SIZE. - * smaller but does not fit in remainder in regional. - * smaller but exactly fits in remainder of regional. - * size is remainder of regional - 8. - * size is remainder of regional + 8. - * larger than LARGE_OBJECT_SIZE. - */ - s = sizeof(struct regional); - unit_assert((s % minsize) == 0); - unit_assert(r->available == r->first_size - s); - unit_assert(r->large_list == NULL); - unit_assert(r->next == NULL); - - /* Note an alloc of 0 gets a pointer to current last - * position (where you should then use 0 bytes) */ - a = regional_alloc(r, 0); - unit_assert(a); - s+=0; - unit_assert(r->available == r->first_size - s); - - a = regional_alloc(r, 1); - unit_assert(a); - memset(a, 0x42, 1); - s+=minsize; - unit_assert(r->available == r->first_size - s); - - a = regional_alloc(r, 2); - unit_assert(a); - memset(a, 0x42, 2); - s+=minsize; - unit_assert(r->available == r->first_size - s); - - a = regional_alloc(r, 128); - unit_assert(a); - memset(a, 0x42, 128); - s+=128; - unit_assert(r->available == r->first_size - s); - - unit_assert(r->large_list == NULL); - a = regional_alloc(r, 10240); - unit_assert(a); - unit_assert(r->large_list != NULL); - memset(a, 0x42, 10240); - /* s does not change */ - unit_assert(r->available == r->first_size - s); - unit_assert(r->total_large == 10240+minsize); - - /* go towards the end of the current chunk */ - while(r->available > 1024) { - a = regional_alloc(r, 1024); - unit_assert(a); - memset(a, 0x42, 1024); - s += 1024; - unit_assert(r->available == r->first_size - s); - } - - unit_assert(r->next == NULL); - mysize = 1280; /* does not fit in current chunk */ - a = regional_alloc(r, mysize); - memset(a, 0x42, mysize); - unit_assert(r->next != NULL); - unit_assert(a); - - /* go towards the end of the current chunk */ - while(r->available > 864) { - a = regional_alloc(r, 864); - unit_assert(a); - memset(a, 0x42, 864); - s += 864; - } - - mysize = r->available; /* exactly fits */ - a = regional_alloc(r, mysize); - memset(a, 0x42, mysize); - unit_assert(a); - unit_assert(r->available == 0); /* implementation does not go ahead*/ - - a = regional_alloc(r, 8192); /* another large allocation */ - unit_assert(a); - memset(a, 0x42, 8192); - unit_assert(r->available == 0); - unit_assert(r->total_large == 10240 + 8192 + 2*minsize); - - a = regional_alloc(r, 32); /* make new chunk */ - unit_assert(a); - memset(a, 0x42, 32); - unit_assert(r->available > 0); - unit_assert(r->total_large == 10240 + 8192 + 2*minsize); - - /* go towards the end of the current chunk */ - while(r->available > 1320) { - a = regional_alloc(r, 1320); - unit_assert(a); - memset(a, 0x42, 1320); - s += 1320; - } - - mysize = r->available + 8; /* exact + 8 ; does not fit */ - a = regional_alloc(r, mysize); - memset(a, 0x42, mysize); - unit_assert(a); - unit_assert(r->available > 0); /* new chunk */ - - /* go towards the end of the current chunk */ - while(r->available > 1480) { - a = regional_alloc(r, 1480); - unit_assert(a); - memset(a, 0x42, 1480); - s += 1480; - } - - mysize = r->available - 8; /* exact - 8 ; fits. */ - a = regional_alloc(r, mysize); - memset(a, 0x42, mysize); - unit_assert(a); - unit_assert(r->available == 8); - - /* test if really copied over */ - str = "test12345"; - a = regional_alloc_init(r, str, 8); - unit_assert(a); - unit_assert(memcmp(a, str, 8) == 0); - - /* test if really zeroed */ - a = regional_alloc_zero(r, 32); - str="\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"; - unit_assert(a); - unit_assert(memcmp(a, str, 32) == 0); - - /* test if copied over (and null byte) */ - str = "an interesting string"; - a = regional_strdup(r, str); - unit_assert(a); - unit_assert(memcmp(a, str, strlen(str)+1) == 0); - - regional_free_all(r); -} - -/** test specific cases */ -static void -specific_cases(void) -{ - struct regional* r = regional_create(); - corner_cases(r); - regional_destroy(r); - r = regional_create_custom(2048); /* a small regional */ - unit_assert(r->first_size == 2048); - unit_assert(regional_get_mem(r) == 2048); - corner_cases(r); - unit_assert(regional_get_mem(r) == 2048); - regional_destroy(r); -} - -/** put random stuff in a region and free it */ -static void -burden_test(size_t max) -{ - size_t get; - void* a; - int i; - struct regional* r = regional_create_custom(2048); - for(i=0; i<1000; i++) { - get = random() % max; - a = regional_alloc(r, get); - unit_assert(a); - memset(a, 0x54, get); - } - regional_free_all(r); - regional_destroy(r); -} - -/** randomly allocate stuff */ -static void -random_burden(void) -{ - size_t max_alloc = 2048 + 128; /* small chance of LARGE */ - int i; - for(i=0; i<100; i++) - burden_test(max_alloc); -} - -void regional_test(void) -{ - unit_show_feature("regional"); - specific_cases(); - random_burden(); -} diff --git a/external/unbound/testcode/unitslabhash.c b/external/unbound/testcode/unitslabhash.c deleted file mode 100644 index 565d36139..000000000 --- a/external/unbound/testcode/unitslabhash.c +++ /dev/null @@ -1,376 +0,0 @@ -/* - * testcode/unitslabhash.c - unit test for slabhash table. - * - * Copyright (c) 2007, NLnet Labs. All rights reserved. - * - * This software is open source. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * Redistributions of source code must retain the above copyright notice, - * this list of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, - * this list of conditions and the following disclaimer in the documentation - * and/or other materials provided with the distribution. - * - * Neither the name of the NLNET LABS nor the names of its contributors may - * be used to endorse or promote products derived from this software without - * specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR - * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT - * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED - * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR - * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF - * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING - * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - * - */ -/** - * \file - * Tests the locking LRU keeping hash table implementation. - */ - -#include "config.h" -#include "testcode/unitmain.h" -#include "util/log.h" -#include "util/storage/slabhash.h" - -/** use this type for the slabhash test key */ -typedef struct slabhash_testkey testkey_type; -/** use this type for the slabhash test data */ -typedef struct slabhash_testdata testdata_type; - -/** delete key */ -static void delkey(struct slabhash_testkey* k) { - lock_rw_destroy(&k->entry.lock); free(k);} - -/** hash func, very bad to improve collisions, both high and low bits */ -static hashvalue_type myhash(int id) { - hashvalue_type h = (hashvalue_type)id & 0x0f; - h |= (h << 28); - return h; -} - -/** allocate new key, fill in hash */ -static testkey_type* newkey(int id) { - testkey_type* k = (testkey_type*)calloc(1, sizeof(testkey_type)); - if(!k) fatal_exit("out of memory"); - k->id = id; - k->entry.hash = myhash(id); - k->entry.key = k; - lock_rw_init(&k->entry.lock); - return k; -} -/** new data el */ -static testdata_type* newdata(int val) { - testdata_type* d = (testdata_type*)calloc(1, - sizeof(testdata_type)); - if(!d) fatal_exit("out of memory"); - d->data = val; - return d; -} - -/** test hashtable using short sequence */ -static void -test_short_table(struct slabhash* table) -{ - testkey_type* k = newkey(12); - testkey_type* k2 = newkey(14); - testdata_type* d = newdata(128); - testdata_type* d2 = newdata(129); - - k->entry.data = d; - k2->entry.data = d2; - - slabhash_insert(table, myhash(12), &k->entry, d, NULL); - slabhash_insert(table, myhash(14), &k2->entry, d2, NULL); - - unit_assert( slabhash_lookup(table, myhash(12), k, 0) == &k->entry); - lock_rw_unlock( &k->entry.lock ); - unit_assert( slabhash_lookup(table, myhash(14), k2, 0) == &k2->entry); - lock_rw_unlock( &k2->entry.lock ); - slabhash_remove(table, myhash(12), k); - slabhash_remove(table, myhash(14), k2); -} - -/** number of hash test max */ -#define HASHTESTMAX 32 - -/** test adding a random element */ -static void -testadd(struct slabhash* table, testdata_type* ref[]) -{ - int numtoadd = random() % HASHTESTMAX; - testdata_type* data = newdata(numtoadd); - testkey_type* key = newkey(numtoadd); - key->entry.data = data; - slabhash_insert(table, myhash(numtoadd), &key->entry, data, NULL); - ref[numtoadd] = data; -} - -/** test adding a random element */ -static void -testremove(struct slabhash* table, testdata_type* ref[]) -{ - int num = random() % HASHTESTMAX; - testkey_type* key = newkey(num); - slabhash_remove(table, myhash(num), key); - ref[num] = NULL; - delkey(key); -} - -/** test adding a random element */ -static void -testlookup(struct slabhash* table, testdata_type* ref[]) -{ - int num = random() % HASHTESTMAX; - testkey_type* key = newkey(num); - struct lruhash_entry* en = slabhash_lookup(table, myhash(num), key, 0); - testdata_type* data = en? (testdata_type*)en->data : NULL; - if(en) { - unit_assert(en->key); - unit_assert(en->data); - } - if(0) log_info("lookup %d got %d, expect %d", num, en? data->data :-1, - ref[num]? ref[num]->data : -1); - unit_assert( data == ref[num] ); - if(en) { lock_rw_unlock(&en->lock); } - delkey(key); -} - -/** check integrity of hash table */ -static void -check_lru_table(struct lruhash* table) -{ - struct lruhash_entry* p; - size_t c = 0; - lock_quick_lock(&table->lock); - unit_assert( table->num <= table->size); - unit_assert( table->size_mask == (int)table->size-1 ); - unit_assert( (table->lru_start && table->lru_end) || - (!table->lru_start && !table->lru_end) ); - unit_assert( table->space_used <= table->space_max ); - /* check lru list integrity */ - if(table->lru_start) - unit_assert(table->lru_start->lru_prev == NULL); - if(table->lru_end) - unit_assert(table->lru_end->lru_next == NULL); - p = table->lru_start; - while(p) { - if(p->lru_prev) { - unit_assert(p->lru_prev->lru_next == p); - } - if(p->lru_next) { - unit_assert(p->lru_next->lru_prev == p); - } - c++; - p = p->lru_next; - } - unit_assert(c == table->num); - - /* this assertion is specific to the unit test */ - unit_assert( table->space_used == - table->num * test_slabhash_sizefunc(NULL, NULL) ); - lock_quick_unlock(&table->lock); -} - -/** check integrity of hash table */ -static void -check_table(struct slabhash* table) -{ - size_t i; - for(i=0; isize; i++) - check_lru_table(table->array[i]); -} - -/** test adding a random element (unlimited range) */ -static void -testadd_unlim(struct slabhash* table, testdata_type** ref) -{ - int numtoadd = random() % (HASHTESTMAX * 10); - testdata_type* data = newdata(numtoadd); - testkey_type* key = newkey(numtoadd); - key->entry.data = data; - slabhash_insert(table, myhash(numtoadd), &key->entry, data, NULL); - if(ref) - ref[numtoadd] = data; -} - -/** test adding a random element (unlimited range) */ -static void -testremove_unlim(struct slabhash* table, testdata_type** ref) -{ - int num = random() % (HASHTESTMAX*10); - testkey_type* key = newkey(num); - slabhash_remove(table, myhash(num), key); - if(ref) - ref[num] = NULL; - delkey(key); -} - -/** test adding a random element (unlimited range) */ -static void -testlookup_unlim(struct slabhash* table, testdata_type** ref) -{ - int num = random() % (HASHTESTMAX*10); - testkey_type* key = newkey(num); - struct lruhash_entry* en = slabhash_lookup(table, myhash(num), key, 0); - testdata_type* data = en? (testdata_type*)en->data : NULL; - if(en) { - unit_assert(en->key); - unit_assert(en->data); - } - if(0 && ref) log_info("lookup unlim %d got %d, expect %d", num, en ? - data->data :-1, ref[num] ? ref[num]->data : -1); - if(data && ref) { - /* its okay for !data, it fell off the lru */ - unit_assert( data == ref[num] ); - } - if(en) { lock_rw_unlock(&en->lock); } - delkey(key); -} - -/** test with long sequence of adds, removes and updates, and lookups */ -static void -test_long_table(struct slabhash* table) -{ - /* assuming it all fits in the hashtable, this check will work */ - testdata_type* ref[HASHTESTMAX * 100]; - size_t i; - memset(ref, 0, sizeof(ref)); - /* test assumption */ - if(0) slabhash_status(table, "unit test", 1); - srandom(48); - for(i=0; i<1000; i++) { - /* what to do? */ - if(i == 500) { - slabhash_clear(table); - memset(ref, 0, sizeof(ref)); - continue; - } - switch(random() % 4) { - case 0: - case 3: - testadd(table, ref); - break; - case 1: - testremove(table, ref); - break; - case 2: - testlookup(table, ref); - break; - default: - unit_assert(0); - } - if(0) slabhash_status(table, "unit test", 1); - check_table(table); - } - - /* test more, but 'ref' assumption does not hold anymore */ - for(i=0; i<1000; i++) { - /* what to do? */ - switch(random() % 4) { - case 0: - case 3: - testadd_unlim(table, ref); - break; - case 1: - testremove_unlim(table, ref); - break; - case 2: - testlookup_unlim(table, ref); - break; - default: - unit_assert(0); - } - if(0) slabhash_status(table, "unlim", 1); - check_table(table); - } -} - -/** structure to threaded test the lru hash table */ -struct slab_test_thr { - /** thread num, first entry. */ - int num; - /** id */ - ub_thread_type id; - /** hash table */ - struct slabhash* table; -}; - -/** main routine for threaded hash table test */ -static void* -test_thr_main(void* arg) -{ - struct slab_test_thr* t = (struct slab_test_thr*)arg; - int i; - log_thread_set(&t->num); - for(i=0; i<1000; i++) { - switch(random() % 4) { - case 0: - case 3: - testadd_unlim(t->table, NULL); - break; - case 1: - testremove_unlim(t->table, NULL); - break; - case 2: - testlookup_unlim(t->table, NULL); - break; - default: - unit_assert(0); - } - if(0) slabhash_status(t->table, "hashtest", 1); - if(i % 100 == 0) /* because of locking, not all the time */ - check_table(t->table); - } - check_table(t->table); - return NULL; -} - -/** test hash table access by multiple threads */ -static void -test_threaded_table(struct slabhash* table) -{ - int numth = 10; - struct slab_test_thr t[100]; - int i; - - for(i=1; ireply_list); - if(e->reply_list->reply_from_hex) { - sldns_buffer_copy(pkt, e->reply_list->reply_from_hex); - } else { - sldns_buffer_clear(pkt); - sldns_buffer_write(pkt, e->reply_list->reply_pkt, - e->reply_list->reply_len); - sldns_buffer_flip(pkt); - } -} - -/** entry to reply info conversion */ -static void -entry_to_repinfo(struct entry* e, struct alloc_cache* alloc, - struct regional* region, sldns_buffer* pkt, struct query_info* qi, - struct reply_info** rep) -{ - int ret; - struct edns_data edns; - entry_to_buf(e, pkt); - /* lock alloc lock to please lock checking software. - * alloc_special_obtain assumes it is talking to a ub-alloc, - * and does not need to perform locking. Here the alloc is - * the only one, so we lock it here */ - lock_quick_lock(&alloc->lock); - ret = reply_info_parse(pkt, alloc, qi, rep, region, &edns); - lock_quick_unlock(&alloc->lock); - if(ret != 0) { - char rcode[16]; - sldns_wire2str_rcode_buf(ret, rcode, sizeof(rcode)); - printf("parse code %d: %s\n", ret, rcode); - unit_assert(ret != 0); - } -} - -/** extract DNSKEY rrset from answer and convert it */ -static struct ub_packed_rrset_key* -extract_keys(struct entry* e, struct alloc_cache* alloc, - struct regional* region, sldns_buffer* pkt) -{ - struct ub_packed_rrset_key* dnskey = NULL; - struct query_info qinfo; - struct reply_info* rep = NULL; - size_t i; - - entry_to_repinfo(e, alloc, region, pkt, &qinfo, &rep); - for(i=0; ian_numrrsets; i++) { - if(ntohs(rep->rrsets[i]->rk.type) == LDNS_RR_TYPE_DNSKEY) { - dnskey = rep->rrsets[i]; - rep->rrsets[i] = NULL; - break; - } - } - unit_assert(dnskey); - - reply_info_parsedelete(rep, alloc); - query_info_clear(&qinfo); - return dnskey; -} - -/** return true if answer should be bogus */ -static int -should_be_bogus(struct ub_packed_rrset_key* rrset, struct query_info* qinfo) -{ - struct packed_rrset_data* d = (struct packed_rrset_data*)rrset-> - entry.data; - if(d->rrsig_count == 0) - return 1; - /* name 'bogus' as first label signals bogus */ - if(rrset->rk.dname_len > 6 && memcmp(rrset->rk.dname+1, "bogus", 5)==0) - return 1; - if(qinfo->qname_len > 6 && memcmp(qinfo->qname+1, "bogus", 5)==0) - return 1; - return 0; -} - -/** return number of rrs in an rrset */ -static size_t -rrset_get_count(struct ub_packed_rrset_key* rrset) -{ - struct packed_rrset_data* d = (struct packed_rrset_data*) - rrset->entry.data; - if(!d) return 0; - return d->count; -} - -/** setup sig alg list from dnskey */ -static void -setup_sigalg(struct ub_packed_rrset_key* dnskey, uint8_t* sigalg) -{ - uint8_t a[ALGO_NEEDS_MAX]; - size_t i, n = 0; - memset(a, 0, sizeof(a)); - for(i=0; irk.dname, ntohs(rrset->rk.type), - ntohs(rrset->rk.rrset_class)); - } - setup_sigalg(dnskey, sigalg); /* check all algorithms in the dnskey */ - sec = dnskeyset_verify_rrset(env, ve, rrset, dnskey, sigalg, &reason); - if(vsig) { - printf("verify outcome is: %s %s\n", sec_status_to_string(sec), - reason?reason:""); - } - if(should_be_bogus(rrset, qinfo)) { - unit_assert(sec == sec_status_bogus); - } else { - unit_assert(sec == sec_status_secure); - } -} - -/** verify and test an entry - every rr in the message */ -static void -verifytest_entry(struct entry* e, struct alloc_cache* alloc, - struct regional* region, sldns_buffer* pkt, - struct ub_packed_rrset_key* dnskey, struct module_env* env, - struct val_env* ve) -{ - struct query_info qinfo; - struct reply_info* rep = NULL; - size_t i; - - regional_free_all(region); - if(vsig) { - char* s = sldns_wire2str_pkt(e->reply_list->reply_pkt, - e->reply_list->reply_len); - printf("verifying pkt:\n%s\n", s?s:"outofmemory"); - free(s); - } - entry_to_repinfo(e, alloc, region, pkt, &qinfo, &rep); - - for(i=0; irrset_count; i++) { - verifytest_rrset(env, ve, rep->rrsets[i], dnskey, &qinfo); - } - - reply_info_parsedelete(rep, alloc); - query_info_clear(&qinfo); -} - -/** find RRset in reply by type */ -static struct ub_packed_rrset_key* -find_rrset_type(struct reply_info* rep, uint16_t type) -{ - size_t i; - for(i=0; irrset_count; i++) { - if(ntohs(rep->rrsets[i]->rk.type) == type) - return rep->rrsets[i]; - } - return NULL; -} - -/** DS sig test an entry - get DNSKEY and DS in entry and verify */ -static void -dstest_entry(struct entry* e, struct alloc_cache* alloc, - struct regional* region, sldns_buffer* pkt, struct module_env* env) -{ - struct query_info qinfo; - struct reply_info* rep = NULL; - struct ub_packed_rrset_key* ds, *dnskey; - int ret; - - regional_free_all(region); - if(vsig) { - char* s = sldns_wire2str_pkt(e->reply_list->reply_pkt, - e->reply_list->reply_len); - printf("verifying DS-DNSKEY match:\n%s\n", s?s:"outofmemory"); - free(s); - } - entry_to_repinfo(e, alloc, region, pkt, &qinfo, &rep); - ds = find_rrset_type(rep, LDNS_RR_TYPE_DS); - dnskey = find_rrset_type(rep, LDNS_RR_TYPE_DNSKEY); - /* check test is OK */ - unit_assert(ds && dnskey); - - ret = ds_digest_match_dnskey(env, dnskey, 0, ds, 0); - if(strncmp((char*)qinfo.qname, "\003yes", 4) == 0) { - if(vsig) { - printf("result(yes)= %s\n", ret?"yes":"no"); - } - unit_assert(ret); - } else if (strncmp((char*)qinfo.qname, "\002no", 3) == 0) { - if(vsig) { - printf("result(no)= %s\n", ret?"yes":"no"); - } - unit_assert(!ret); - verbose(VERB_QUERY, "DS fail: OK; matched unit test"); - } else { - fatal_exit("Bad qname in DS unit test, yes or no"); - } - - reply_info_parsedelete(rep, alloc); - query_info_clear(&qinfo); -} - -/** verify from a file */ -static void -verifytest_file(const char* fname, const char* at_date) -{ - /* - * The file contains a list of ldns-testpkts entries. - * The first entry must be a query for DNSKEY. - * The answer rrset is the keyset that will be used for verification - */ - struct ub_packed_rrset_key* dnskey; - struct regional* region = regional_create(); - struct alloc_cache alloc; - sldns_buffer* buf = sldns_buffer_new(65535); - struct entry* e; - struct entry* list = read_datafile(fname, 1); - struct module_env env; - struct val_env ve; - time_t now = time(NULL); - - if(!list) - fatal_exit("could not read %s: %s", fname, strerror(errno)); - alloc_init(&alloc, NULL, 1); - memset(&env, 0, sizeof(env)); - memset(&ve, 0, sizeof(ve)); - env.scratch = region; - env.scratch_buffer = buf; - env.now = &now; - ve.date_override = cfg_convert_timeval(at_date); - unit_assert(region && buf); - dnskey = extract_keys(list, &alloc, region, buf); - if(vsig) log_nametypeclass(VERB_QUERY, "test dnskey", - dnskey->rk.dname, ntohs(dnskey->rk.type), - ntohs(dnskey->rk.rrset_class)); - /* ready to go! */ - for(e = list->next; e; e = e->next) { - verifytest_entry(e, &alloc, region, buf, dnskey, &env, &ve); - } - - ub_packed_rrset_parsedelete(dnskey, &alloc); - delete_entry(list); - regional_destroy(region); - alloc_clear(&alloc); - sldns_buffer_free(buf); -} - -/** verify DS matches DNSKEY from a file */ -static void -dstest_file(const char* fname) -{ - /* - * The file contains a list of ldns-testpkts entries. - * The first entry must be a query for DNSKEY. - * The answer rrset is the keyset that will be used for verification - */ - struct regional* region = regional_create(); - struct alloc_cache alloc; - sldns_buffer* buf = sldns_buffer_new(65535); - struct entry* e; - struct entry* list = read_datafile(fname, 1); - struct module_env env; - - if(!list) - fatal_exit("could not read %s: %s", fname, strerror(errno)); - alloc_init(&alloc, NULL, 1); - memset(&env, 0, sizeof(env)); - env.scratch = region; - env.scratch_buffer = buf; - unit_assert(region && buf); - - /* ready to go! */ - for(e = list; e; e = e->next) { - dstest_entry(e, &alloc, region, buf, &env); - } - - delete_entry(list); - regional_destroy(region); - alloc_clear(&alloc); - sldns_buffer_free(buf); -} - -/** helper for unittest of NSEC routines */ -static int -unitest_nsec_has_type_rdata(char* bitmap, size_t len, uint16_t type) -{ - return nsecbitmap_has_type_rdata((uint8_t*)bitmap, len, type); -} - -/** Test NSEC type bitmap routine */ -static void -nsectest(void) -{ - /* bitmap starts at type bitmap rdata field */ - /* from rfc 4034 example */ - char* bitmap = "\000\006\100\001\000\000\000\003" - "\004\033\000\000\000\000\000\000" - "\000\000\000\000\000\000\000\000" - "\000\000\000\000\000\000\000\000" - "\000\000\000\000\040"; - size_t len = 37; - - unit_assert(!unitest_nsec_has_type_rdata(bitmap, len, 0)); - unit_assert(unitest_nsec_has_type_rdata(bitmap, len, LDNS_RR_TYPE_A)); - unit_assert(!unitest_nsec_has_type_rdata(bitmap, len, 2)); - unit_assert(!unitest_nsec_has_type_rdata(bitmap, len, 3)); - unit_assert(!unitest_nsec_has_type_rdata(bitmap, len, 4)); - unit_assert(!unitest_nsec_has_type_rdata(bitmap, len, 5)); - unit_assert(!unitest_nsec_has_type_rdata(bitmap, len, 6)); - unit_assert(!unitest_nsec_has_type_rdata(bitmap, len, 7)); - unit_assert(!unitest_nsec_has_type_rdata(bitmap, len, 8)); - unit_assert(!unitest_nsec_has_type_rdata(bitmap, len, 9)); - unit_assert(!unitest_nsec_has_type_rdata(bitmap, len, 10)); - unit_assert(!unitest_nsec_has_type_rdata(bitmap, len, 11)); - unit_assert(!unitest_nsec_has_type_rdata(bitmap, len, 12)); - unit_assert(!unitest_nsec_has_type_rdata(bitmap, len, 13)); - unit_assert(!unitest_nsec_has_type_rdata(bitmap, len, 14)); - unit_assert(unitest_nsec_has_type_rdata(bitmap, len, LDNS_RR_TYPE_MX)); - unit_assert(unitest_nsec_has_type_rdata(bitmap, len, LDNS_RR_TYPE_RRSIG)); - unit_assert(unitest_nsec_has_type_rdata(bitmap, len, LDNS_RR_TYPE_NSEC)); - unit_assert(unitest_nsec_has_type_rdata(bitmap, len, 1234)); - unit_assert(!unitest_nsec_has_type_rdata(bitmap, len, 1233)); - unit_assert(!unitest_nsec_has_type_rdata(bitmap, len, 1235)); - unit_assert(!unitest_nsec_has_type_rdata(bitmap, len, 1236)); - unit_assert(!unitest_nsec_has_type_rdata(bitmap, len, 1237)); - unit_assert(!unitest_nsec_has_type_rdata(bitmap, len, 1238)); - unit_assert(!unitest_nsec_has_type_rdata(bitmap, len, 1239)); - unit_assert(!unitest_nsec_has_type_rdata(bitmap, len, 1240)); - unit_assert(!unitest_nsec_has_type_rdata(bitmap, len, 2230)); -} - -/** Test hash algo - NSEC3 hash it and compare result */ -static void -nsec3_hash_test_entry(struct entry* e, rbtree_type* ct, - struct alloc_cache* alloc, struct regional* region, - sldns_buffer* buf) -{ - struct query_info qinfo; - struct reply_info* rep = NULL; - struct ub_packed_rrset_key* answer, *nsec3; - struct nsec3_cached_hash* hash = NULL; - int ret; - uint8_t* qname; - - if(vsig) { - char* s = sldns_wire2str_pkt(e->reply_list->reply_pkt, - e->reply_list->reply_len); - printf("verifying NSEC3 hash:\n%s\n", s?s:"outofmemory"); - free(s); - } - entry_to_repinfo(e, alloc, region, buf, &qinfo, &rep); - nsec3 = find_rrset_type(rep, LDNS_RR_TYPE_NSEC3); - answer = find_rrset_type(rep, LDNS_RR_TYPE_AAAA); - qname = regional_alloc_init(region, qinfo.qname, qinfo.qname_len); - /* check test is OK */ - unit_assert(nsec3 && answer && qname); - - ret = nsec3_hash_name(ct, region, buf, nsec3, 0, qname, - qinfo.qname_len, &hash); - if(ret != 1) { - printf("Bad nsec3_hash_name retcode %d\n", ret); - unit_assert(ret == 1); - } - unit_assert(hash->dname && hash->hash && hash->hash_len && - hash->b32 && hash->b32_len); - unit_assert(hash->b32_len == (size_t)answer->rk.dname[0]); - /* does not do lowercasing. */ - unit_assert(memcmp(hash->b32, answer->rk.dname+1, hash->b32_len) - == 0); - - reply_info_parsedelete(rep, alloc); - query_info_clear(&qinfo); -} - - -/** Read file to test NSEC3 hash algo */ -static void -nsec3_hash_test(const char* fname) -{ - /* - * The list contains a list of ldns-testpkts entries. - * Every entry is a test. - * The qname is hashed. - * The answer section AAAA RR name is the required result. - * The auth section NSEC3 is used to get hash parameters. - * The hash cache is maintained per file. - * - * The test does not perform canonicalization during the compare. - */ - rbtree_type ct; - struct regional* region = regional_create(); - struct alloc_cache alloc; - sldns_buffer* buf = sldns_buffer_new(65535); - struct entry* e; - struct entry* list = read_datafile(fname, 1); - - if(!list) - fatal_exit("could not read %s: %s", fname, strerror(errno)); - rbtree_init(&ct, &nsec3_hash_cmp); - alloc_init(&alloc, NULL, 1); - unit_assert(region && buf); - - /* ready to go! */ - for(e = list; e; e = e->next) { - nsec3_hash_test_entry(e, &ct, &alloc, region, buf); - } - - delete_entry(list); - regional_destroy(region); - alloc_clear(&alloc); - sldns_buffer_free(buf); -} - -void -verify_test(void) -{ - unit_show_feature("signature verify"); -#ifdef USE_SHA1 - verifytest_file("testdata/test_signatures.1", "20070818005004"); -#endif -#if defined(USE_DSA) && defined(USE_SHA1) - verifytest_file("testdata/test_signatures.2", "20080414005004"); - verifytest_file("testdata/test_signatures.3", "20080416005004"); - verifytest_file("testdata/test_signatures.4", "20080416005004"); - verifytest_file("testdata/test_signatures.5", "20080416005004"); - verifytest_file("testdata/test_signatures.6", "20080416005004"); - verifytest_file("testdata/test_signatures.7", "20070829144150"); -#endif /* USE_DSA */ -#ifdef USE_SHA1 - verifytest_file("testdata/test_signatures.8", "20070829144150"); -#endif -#if (defined(HAVE_EVP_SHA256) || defined(HAVE_NSS) || defined(HAVE_NETTLE)) && defined(USE_SHA2) - verifytest_file("testdata/test_sigs.rsasha256", "20070829144150"); -# ifdef USE_SHA1 - verifytest_file("testdata/test_sigs.sha1_and_256", "20070829144150"); -# endif - verifytest_file("testdata/test_sigs.rsasha256_draft", "20090101000000"); -#endif -#if (defined(HAVE_EVP_SHA512) || defined(HAVE_NSS) || defined(HAVE_NETTLE)) && defined(USE_SHA2) - verifytest_file("testdata/test_sigs.rsasha512_draft", "20070829144150"); -#endif -#ifdef USE_SHA1 - verifytest_file("testdata/test_sigs.hinfo", "20090107100022"); - verifytest_file("testdata/test_sigs.revoked", "20080414005004"); -#endif -#ifdef USE_GOST - if(sldns_key_EVP_load_gost_id()) - verifytest_file("testdata/test_sigs.gost", "20090807060504"); - else printf("Warning: skipped GOST, openssl does not provide gost.\n"); -#endif -#ifdef USE_ECDSA - /* test for support in case we use libNSS and ECC is removed */ - if(dnskey_algo_id_is_supported(LDNS_ECDSAP256SHA256)) { - verifytest_file("testdata/test_sigs.ecdsa_p256", "20100908100439"); - verifytest_file("testdata/test_sigs.ecdsa_p384", "20100908100439"); - } - dstest_file("testdata/test_ds.sha384"); -#endif -#ifdef USE_SHA1 - dstest_file("testdata/test_ds.sha1"); -#endif - nsectest(); - nsec3_hash_test("testdata/test_nsec3_hash.1"); -} diff --git a/external/unbound/util/alloc.c b/external/unbound/util/alloc.c deleted file mode 100644 index 2c6e1a23f..000000000 --- a/external/unbound/util/alloc.c +++ /dev/null @@ -1,654 +0,0 @@ -/* - * util/alloc.c - memory allocation service. - * - * Copyright (c) 2007, NLnet Labs. All rights reserved. - * - * This software is open source. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * Redistributions of source code must retain the above copyright notice, - * this list of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, - * this list of conditions and the following disclaimer in the documentation - * and/or other materials provided with the distribution. - * - * Neither the name of the NLNET LABS nor the names of its contributors may - * be used to endorse or promote products derived from this software without - * specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR - * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT - * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED - * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR - * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF - * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING - * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -/** - * \file - * - * This file contains memory allocation functions. - */ - -#include "config.h" -#include "util/alloc.h" -#include "util/regional.h" -#include "util/data/packed_rrset.h" -#include "util/fptr_wlist.h" - -/** custom size of cached regional blocks */ -#define ALLOC_REG_SIZE 16384 -/** number of bits for ID part of uint64, rest for number of threads. */ -#define THRNUM_SHIFT 48 /* for 65k threads, 2^48 rrsets per thr. */ - -/** setup new special type */ -static void -alloc_setup_special(alloc_special_type* t) -{ - memset(t, 0, sizeof(*t)); - lock_rw_init(&t->entry.lock); - t->entry.key = t; -} - -/** prealloc some entries in the cache. To minimize contention. - * Result is 1 lock per alloc_max newly created entries. - * @param alloc: the structure to fill up. - */ -static void -prealloc_setup(struct alloc_cache* alloc) -{ - alloc_special_type* p; - int i; - for(i=0; iquar); - alloc->quar = p; - alloc->num_quar++; - } -} - -/** prealloc region blocks */ -static void -prealloc_blocks(struct alloc_cache* alloc, size_t num) -{ - size_t i; - struct regional* r; - for(i=0; inext = (char*)alloc->reg_list; - alloc->reg_list = r; - alloc->num_reg_blocks ++; - } -} - -void -alloc_init(struct alloc_cache* alloc, struct alloc_cache* super, - int thread_num) -{ - memset(alloc, 0, sizeof(*alloc)); - alloc->super = super; - alloc->thread_num = thread_num; - alloc->next_id = (uint64_t)thread_num; /* in steps, so that type */ - alloc->next_id <<= THRNUM_SHIFT; /* of *_id is used. */ - alloc->last_id = 1; /* so no 64bit constants, */ - alloc->last_id <<= THRNUM_SHIFT; /* or implicit 'int' ops. */ - alloc->last_id -= 1; /* for compiler portability. */ - alloc->last_id |= alloc->next_id; - alloc->next_id += 1; /* because id=0 is special. */ - alloc->max_reg_blocks = 100; - alloc->num_reg_blocks = 0; - alloc->reg_list = NULL; - alloc->cleanup = NULL; - alloc->cleanup_arg = NULL; - if(alloc->super) - prealloc_blocks(alloc, alloc->max_reg_blocks); - if(!alloc->super) { - lock_quick_init(&alloc->lock); - lock_protect(&alloc->lock, alloc, sizeof(*alloc)); - } -} - -void -alloc_clear(struct alloc_cache* alloc) -{ - alloc_special_type* p, *np; - struct regional* r, *nr; - if(!alloc) - return; - if(!alloc->super) { - lock_quick_destroy(&alloc->lock); - } - if(alloc->super && alloc->quar) { - /* push entire list into super */ - p = alloc->quar; - while(alloc_special_next(p)) /* find last */ - p = alloc_special_next(p); - lock_quick_lock(&alloc->super->lock); - alloc_set_special_next(p, alloc->super->quar); - alloc->super->quar = alloc->quar; - alloc->super->num_quar += alloc->num_quar; - lock_quick_unlock(&alloc->super->lock); - } else { - /* free */ - p = alloc->quar; - while(p) { - np = alloc_special_next(p); - /* deinit special type */ - lock_rw_destroy(&p->entry.lock); - free(p); - p = np; - } - } - alloc->quar = 0; - alloc->num_quar = 0; - r = alloc->reg_list; - while(r) { - nr = (struct regional*)r->next; - free(r); - r = nr; - } - alloc->reg_list = NULL; - alloc->num_reg_blocks = 0; -} - -uint64_t -alloc_get_id(struct alloc_cache* alloc) -{ - uint64_t id = alloc->next_id++; - if(id == alloc->last_id) { - log_warn("rrset alloc: out of 64bit ids. Clearing cache."); - fptr_ok(fptr_whitelist_alloc_cleanup(alloc->cleanup)); - (*alloc->cleanup)(alloc->cleanup_arg); - - /* start back at first number */ /* like in alloc_init*/ - alloc->next_id = (uint64_t)alloc->thread_num; - alloc->next_id <<= THRNUM_SHIFT; /* in steps for comp. */ - alloc->next_id += 1; /* portability. */ - /* and generate new and safe id */ - id = alloc->next_id++; - } - return id; -} - -alloc_special_type* -alloc_special_obtain(struct alloc_cache* alloc) -{ - alloc_special_type* p; - log_assert(alloc); - /* see if in local cache */ - if(alloc->quar) { - p = alloc->quar; - alloc->quar = alloc_special_next(p); - alloc->num_quar--; - p->id = alloc_get_id(alloc); - return p; - } - /* see if in global cache */ - if(alloc->super) { - /* could maybe grab alloc_max/2 entries in one go, - * but really, isn't that just as fast as this code? */ - lock_quick_lock(&alloc->super->lock); - if((p = alloc->super->quar)) { - alloc->super->quar = alloc_special_next(p); - alloc->super->num_quar--; - } - lock_quick_unlock(&alloc->super->lock); - if(p) { - p->id = alloc_get_id(alloc); - return p; - } - } - /* allocate new */ - prealloc_setup(alloc); - if(!(p = (alloc_special_type*)malloc(sizeof(alloc_special_type)))) { - log_err("alloc_special_obtain: out of memory"); - return NULL; - } - alloc_setup_special(p); - p->id = alloc_get_id(alloc); - return p; -} - -/** push mem and some more items to the super */ -static void -pushintosuper(struct alloc_cache* alloc, alloc_special_type* mem) -{ - int i; - alloc_special_type *p = alloc->quar; - log_assert(p); - log_assert(alloc && alloc->super && - alloc->num_quar >= ALLOC_SPECIAL_MAX); - /* push ALLOC_SPECIAL_MAX/2 after mem */ - alloc_set_special_next(mem, alloc->quar); - for(i=1; iquar = alloc_special_next(p); - alloc->num_quar -= ALLOC_SPECIAL_MAX/2; - - /* dump mem+list into the super quar list */ - lock_quick_lock(&alloc->super->lock); - alloc_set_special_next(p, alloc->super->quar); - alloc->super->quar = mem; - alloc->super->num_quar += ALLOC_SPECIAL_MAX/2 + 1; - lock_quick_unlock(&alloc->super->lock); - /* so 1 lock per mem+alloc/2 deletes */ -} - -void -alloc_special_release(struct alloc_cache* alloc, alloc_special_type* mem) -{ - log_assert(alloc); - if(!mem) - return; - if(!alloc->super) { - lock_quick_lock(&alloc->lock); /* superalloc needs locking */ - } - - alloc_special_clean(mem); - if(alloc->super && alloc->num_quar >= ALLOC_SPECIAL_MAX) { - /* push it to the super structure */ - pushintosuper(alloc, mem); - return; - } - - alloc_set_special_next(mem, alloc->quar); - alloc->quar = mem; - alloc->num_quar++; - if(!alloc->super) { - lock_quick_unlock(&alloc->lock); - } -} - -void -alloc_stats(struct alloc_cache* alloc) -{ - log_info("%salloc: %d in cache, %d blocks.", alloc->super?"":"sup", - (int)alloc->num_quar, (int)alloc->num_reg_blocks); -} - -size_t alloc_get_mem(struct alloc_cache* alloc) -{ - alloc_special_type* p; - size_t s = sizeof(*alloc); - if(!alloc->super) { - lock_quick_lock(&alloc->lock); /* superalloc needs locking */ - } - s += sizeof(alloc_special_type) * alloc->num_quar; - for(p = alloc->quar; p; p = alloc_special_next(p)) { - s += lock_get_mem(&p->entry.lock); - } - s += alloc->num_reg_blocks * ALLOC_REG_SIZE; - if(!alloc->super) { - lock_quick_unlock(&alloc->lock); - } - return s; -} - -struct regional* -alloc_reg_obtain(struct alloc_cache* alloc) -{ - if(alloc->num_reg_blocks > 0) { - struct regional* r = alloc->reg_list; - alloc->reg_list = (struct regional*)r->next; - r->next = NULL; - alloc->num_reg_blocks--; - return r; - } - return regional_create_custom(ALLOC_REG_SIZE); -} - -void -alloc_reg_release(struct alloc_cache* alloc, struct regional* r) -{ - if(alloc->num_reg_blocks >= alloc->max_reg_blocks) { - regional_destroy(r); - return; - } - if(!r) return; - regional_free_all(r); - log_assert(r->next == NULL); - r->next = (char*)alloc->reg_list; - alloc->reg_list = r; - alloc->num_reg_blocks++; -} - -void -alloc_set_id_cleanup(struct alloc_cache* alloc, void (*cleanup)(void*), - void* arg) -{ - alloc->cleanup = cleanup; - alloc->cleanup_arg = arg; -} - -/** global debug value to keep track of total memory mallocs */ -size_t unbound_mem_alloc = 0; -/** global debug value to keep track of total memory frees */ -size_t unbound_mem_freed = 0; -#ifdef UNBOUND_ALLOC_STATS -/** special value to know if the memory is being tracked */ -uint64_t mem_special = (uint64_t)0xfeed43327766abcdLL; -#ifdef malloc -#undef malloc -#endif -/** malloc with stats */ -void *unbound_stat_malloc(size_t size) -{ - void* res; - if(size == 0) size = 1; - res = malloc(size+16); - if(!res) return NULL; - unbound_mem_alloc += size; - log_info("stat %p=malloc(%u)", res+16, (unsigned)size); - memcpy(res, &size, sizeof(size)); - memcpy(res+8, &mem_special, sizeof(mem_special)); - return res+16; -} -#ifdef calloc -#undef calloc -#endif -#ifndef INT_MAX -#define INT_MAX (((int)-1)>>1) -#endif -/** calloc with stats */ -void *unbound_stat_calloc(size_t nmemb, size_t size) -{ - size_t s; - void* res; - if(nmemb != 0 && INT_MAX/nmemb < size) - return NULL; /* integer overflow check */ - s = (nmemb*size==0)?(size_t)1:nmemb*size; - res = calloc(1, s+16); - if(!res) return NULL; - log_info("stat %p=calloc(%u, %u)", res+16, (unsigned)nmemb, (unsigned)size); - unbound_mem_alloc += s; - memcpy(res, &s, sizeof(s)); - memcpy(res+8, &mem_special, sizeof(mem_special)); - return res+16; -} -#ifdef free -#undef free -#endif -/** free with stats */ -void unbound_stat_free(void *ptr) -{ - size_t s; - if(!ptr) return; - if(memcmp(ptr-8, &mem_special, sizeof(mem_special)) != 0) { - free(ptr); - return; - } - ptr-=16; - memcpy(&s, ptr, sizeof(s)); - log_info("stat free(%p) size %u", ptr+16, (unsigned)s); - memset(ptr+8, 0, 8); - unbound_mem_freed += s; - free(ptr); -} -#ifdef realloc -#undef realloc -#endif -/** realloc with stats */ -void *unbound_stat_realloc(void *ptr, size_t size) -{ - size_t cursz; - void* res; - if(!ptr) return unbound_stat_malloc(size); - if(memcmp(ptr-8, &mem_special, sizeof(mem_special)) != 0) { - return realloc(ptr, size); - } - if(size==0) { - unbound_stat_free(ptr); - return NULL; - } - ptr -= 16; - memcpy(&cursz, ptr, sizeof(cursz)); - if(cursz == size) { - /* nothing changes */ - return ptr; - } - res = malloc(size+16); - if(!res) return NULL; - unbound_mem_alloc += size; - unbound_mem_freed += cursz; - log_info("stat realloc(%p, %u) from %u", ptr+16, (unsigned)size, (unsigned)cursz); - if(cursz > size) { - memcpy(res+16, ptr+16, size); - } else if(size > cursz) { - memcpy(res+16, ptr+16, cursz); - } - memset(ptr+8, 0, 8); - free(ptr); - memcpy(res, &size, sizeof(size)); - memcpy(res+8, &mem_special, sizeof(mem_special)); - return res+16; -} - -/** log to file where alloc was done */ -void *unbound_stat_malloc_log(size_t size, const char* file, int line, - const char* func) -{ - log_info("%s:%d %s malloc(%u)", file, line, func, (unsigned)size); - return unbound_stat_malloc(size); -} - -/** log to file where alloc was done */ -void *unbound_stat_calloc_log(size_t nmemb, size_t size, const char* file, - int line, const char* func) -{ - log_info("%s:%d %s calloc(%u, %u)", file, line, func, - (unsigned) nmemb, (unsigned)size); - return unbound_stat_calloc(nmemb, size); -} - -/** log to file where free was done */ -void unbound_stat_free_log(void *ptr, const char* file, int line, - const char* func) -{ - if(ptr && memcmp(ptr-8, &mem_special, sizeof(mem_special)) == 0) { - size_t s; - memcpy(&s, ptr-16, sizeof(s)); - log_info("%s:%d %s free(%p) size %u", - file, line, func, ptr, (unsigned)s); - } else - log_info("%s:%d %s unmatched free(%p)", file, line, func, ptr); - unbound_stat_free(ptr); -} - -/** log to file where alloc was done */ -void *unbound_stat_realloc_log(void *ptr, size_t size, const char* file, - int line, const char* func) -{ - log_info("%s:%d %s realloc(%p, %u)", file, line, func, - ptr, (unsigned)size); - return unbound_stat_realloc(ptr, size); -} - -#endif /* UNBOUND_ALLOC_STATS */ -#ifdef UNBOUND_ALLOC_LITE -#undef malloc -#undef calloc -#undef free -#undef realloc -/** length of prefix and suffix */ -static size_t lite_pad = 16; -/** prefix value to check */ -static char* lite_pre = "checkfront123456"; -/** suffix value to check */ -static char* lite_post= "checkafter123456"; - -void *unbound_stat_malloc_lite(size_t size, const char* file, int line, - const char* func) -{ - /* [prefix .. len .. actual data .. suffix] */ - void* res = malloc(size+lite_pad*2+sizeof(size_t)); - if(!res) return NULL; - memmove(res, lite_pre, lite_pad); - memmove(res+lite_pad, &size, sizeof(size_t)); - memset(res+lite_pad+sizeof(size_t), 0x1a, size); /* init the memory */ - memmove(res+lite_pad+size+sizeof(size_t), lite_post, lite_pad); - return res+lite_pad+sizeof(size_t); -} - -void *unbound_stat_calloc_lite(size_t nmemb, size_t size, const char* file, - int line, const char* func) -{ - size_t req; - void* res; - if(nmemb != 0 && INT_MAX/nmemb < size) - return NULL; /* integer overflow check */ - req = nmemb * size; - res = malloc(req+lite_pad*2+sizeof(size_t)); - if(!res) return NULL; - memmove(res, lite_pre, lite_pad); - memmove(res+lite_pad, &req, sizeof(size_t)); - memset(res+lite_pad+sizeof(size_t), 0, req); - memmove(res+lite_pad+req+sizeof(size_t), lite_post, lite_pad); - return res+lite_pad+sizeof(size_t); -} - -void unbound_stat_free_lite(void *ptr, const char* file, int line, - const char* func) -{ - void* real; - size_t orig = 0; - if(!ptr) return; - real = ptr-lite_pad-sizeof(size_t); - if(memcmp(real, lite_pre, lite_pad) != 0) { - log_err("free(): prefix failed %s:%d %s", file, line, func); - log_hex("prefix here", real, lite_pad); - log_hex(" should be", lite_pre, lite_pad); - fatal_exit("alloc assertion failed"); - } - memmove(&orig, real+lite_pad, sizeof(size_t)); - if(memcmp(real+lite_pad+orig+sizeof(size_t), lite_post, lite_pad)!=0){ - log_err("free(): suffix failed %s:%d %s", file, line, func); - log_err("alloc size is %d", (int)orig); - log_hex("suffix here", real+lite_pad+orig+sizeof(size_t), - lite_pad); - log_hex(" should be", lite_post, lite_pad); - fatal_exit("alloc assertion failed"); - } - memset(real, 0xdd, orig+lite_pad*2+sizeof(size_t)); /* mark it */ - free(real); -} - -void *unbound_stat_realloc_lite(void *ptr, size_t size, const char* file, - int line, const char* func) -{ - /* always free and realloc (no growing) */ - void* real, *newa; - size_t orig = 0; - if(!ptr) { - /* like malloc() */ - return unbound_stat_malloc_lite(size, file, line, func); - } - if(!size) { - /* like free() */ - unbound_stat_free_lite(ptr, file, line, func); - return NULL; - } - /* change allocation size and copy */ - real = ptr-lite_pad-sizeof(size_t); - if(memcmp(real, lite_pre, lite_pad) != 0) { - log_err("realloc(): prefix failed %s:%d %s", file, line, func); - log_hex("prefix here", real, lite_pad); - log_hex(" should be", lite_pre, lite_pad); - fatal_exit("alloc assertion failed"); - } - memmove(&orig, real+lite_pad, sizeof(size_t)); - if(memcmp(real+lite_pad+orig+sizeof(size_t), lite_post, lite_pad)!=0){ - log_err("realloc(): suffix failed %s:%d %s", file, line, func); - log_err("alloc size is %d", (int)orig); - log_hex("suffix here", real+lite_pad+orig+sizeof(size_t), - lite_pad); - log_hex(" should be", lite_post, lite_pad); - fatal_exit("alloc assertion failed"); - } - /* new alloc and copy over */ - newa = unbound_stat_malloc_lite(size, file, line, func); - if(!newa) - return NULL; - if(orig < size) - memmove(newa, ptr, orig); - else memmove(newa, ptr, size); - memset(real, 0xdd, orig+lite_pad*2+sizeof(size_t)); /* mark it */ - free(real); - return newa; -} - -char* unbound_strdup_lite(const char* s, const char* file, int line, - const char* func) -{ - /* this routine is made to make sure strdup() uses the malloc_lite */ - size_t l = strlen(s)+1; - char* n = (char*)unbound_stat_malloc_lite(l, file, line, func); - if(!n) return NULL; - memmove(n, s, l); - return n; -} - -char* unbound_lite_wrapstr(char* s) -{ - char* n = unbound_strdup_lite(s, __FILE__, __LINE__, __func__); - free(s); - return n; -} - -#undef sldns_pkt2wire -sldns_status unbound_lite_pkt2wire(uint8_t **dest, const sldns_pkt *p, - size_t *size) -{ - uint8_t* md = NULL; - size_t ms = 0; - sldns_status s = sldns_pkt2wire(&md, p, &ms); - if(md) { - *dest = unbound_stat_malloc_lite(ms, __FILE__, __LINE__, - __func__); - *size = ms; - if(!*dest) { free(md); return LDNS_STATUS_MEM_ERR; } - memcpy(*dest, md, ms); - free(md); - } else { - *dest = NULL; - *size = 0; - } - return s; -} - -#undef i2d_DSA_SIG -int unbound_lite_i2d_DSA_SIG(DSA_SIG* dsasig, unsigned char** sig) -{ - unsigned char* n = NULL; - int r= i2d_DSA_SIG(dsasig, &n); - if(n) { - *sig = unbound_stat_malloc_lite((size_t)r, __FILE__, __LINE__, - __func__); - if(!*sig) return -1; - memcpy(*sig, n, (size_t)r); - free(n); - return r; - } - *sig = NULL; - return r; -} - -#endif /* UNBOUND_ALLOC_LITE */ diff --git a/external/unbound/util/alloc.h b/external/unbound/util/alloc.h deleted file mode 100644 index 9839a4550..000000000 --- a/external/unbound/util/alloc.h +++ /dev/null @@ -1,217 +0,0 @@ -/* - * util/alloc.h - memory allocation service. - * - * Copyright (c) 2007, NLnet Labs. All rights reserved. - * - * This software is open source. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * Redistributions of source code must retain the above copyright notice, - * this list of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, - * this list of conditions and the following disclaimer in the documentation - * and/or other materials provided with the distribution. - * - * Neither the name of the NLNET LABS nor the names of its contributors may - * be used to endorse or promote products derived from this software without - * specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR - * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT - * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED - * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR - * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF - * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING - * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -/** - * \file - * - * This file contains memory allocation functions. - * - * The reasons for this service are: - * o Avoid locking costs of getting global lock to call malloc(). - * o The packed rrset type needs to be kept on special freelists, - * so that they are reused for other packet rrset allocations. - * - */ - -#ifndef UTIL_ALLOC_H -#define UTIL_ALLOC_H - -#include "util/locks.h" -struct ub_packed_rrset_key; -struct regional; - -/** The special type, packed rrset. Not allowed to be used for other memory */ -typedef struct ub_packed_rrset_key alloc_special_type; -/** clean the special type. Pass pointer. */ -#define alloc_special_clean(x) (x)->id = 0; -/** access next pointer. (in available spot). Pass pointer. */ -#define alloc_special_next(x) ((alloc_special_type*)((x)->entry.overflow_next)) -/** set next pointer. (in available spot). Pass pointers. */ -#define alloc_set_special_next(x, y) \ - ((x)->entry.overflow_next) = (struct lruhash_entry*)(y); - -/** how many blocks to cache locally. */ -#define ALLOC_SPECIAL_MAX 10 - -/** - * Structure that provides allocation. Use one per thread. - * The one on top has a NULL super pointer. - */ -struct alloc_cache { - /** lock, only used for the super. */ - lock_quick_type lock; - /** global allocator above this one. NULL for none (malloc/free) */ - struct alloc_cache* super; - /** singly linked lists of special type. These are free for use. */ - alloc_special_type* quar; - /** number of items in quarantine. */ - size_t num_quar; - /** thread number for id creation */ - int thread_num; - /** next id number to pass out */ - uint64_t next_id; - /** last id number possible */ - uint64_t last_id; - /** what function to call to cleanup when last id is reached */ - void (*cleanup)(void*); - /** user arg for cleanup */ - void* cleanup_arg; - - /** how many regional blocks to keep back max */ - size_t max_reg_blocks; - /** how many regional blocks are kept now */ - size_t num_reg_blocks; - /** linked list of regional blocks, using regional->next */ - struct regional* reg_list; -}; - -/** - * Init alloc (zeroes the struct). - * @param alloc: this parameter is allocated by the caller. - * @param super: super to use (init that before with super_init). - * Pass this argument NULL to init the toplevel alloc structure. - * @param thread_num: thread number for id creation of special type. - */ -void alloc_init(struct alloc_cache* alloc, struct alloc_cache* super, - int thread_num); - -/** - * Free the alloc. Pushes all the cached items into the super structure. - * Or deletes them if alloc->super is NULL. - * Does not free the alloc struct itself (it was also allocated by caller). - * @param alloc: is almost zeroed on exit (except some stats). - */ -void alloc_clear(struct alloc_cache* alloc); - -/** - * Get a new special_type element. - * @param alloc: where to alloc it. - * @return: memory block. Will not return NULL (instead fatal_exit). - * The block is zeroed. - */ -alloc_special_type* alloc_special_obtain(struct alloc_cache* alloc); - -/** - * Return special_type back to pool. - * The block is cleaned up (zeroed) which also invalidates the ID inside. - * @param alloc: where to alloc it. - * @param mem: block to free. - */ -void alloc_special_release(struct alloc_cache* alloc, alloc_special_type* mem); - -/** - * Set ID number of special type to a fresh new ID number. - * In case of ID number overflow, the rrset cache has to be cleared. - * @param alloc: the alloc cache - * @return: fresh id is returned. - */ -uint64_t alloc_get_id(struct alloc_cache* alloc); - -/** - * Get memory size of alloc cache, alloc structure including special types. - * @param alloc: on what alloc. - * @return size in bytes. - */ -size_t alloc_get_mem(struct alloc_cache* alloc); - -/** - * Print debug information (statistics). - * @param alloc: on what alloc. - */ -void alloc_stats(struct alloc_cache* alloc); - -/** - * Get a new regional for query states - * @param alloc: where to alloc it. - * @return regional for use or NULL on alloc failure. - */ -struct regional* alloc_reg_obtain(struct alloc_cache* alloc); - -/** - * Put regional for query states back into alloc cache. - * @param alloc: where to alloc it. - * @param r: regional to put back. - */ -void alloc_reg_release(struct alloc_cache* alloc, struct regional* r); - -/** - * Set cleanup on ID overflow callback function. This should remove all - * RRset ID references from the program. Clear the caches. - * @param alloc: the alloc - * @param cleanup: the callback function, called as cleanup(arg). - * @param arg: user argument to callback function. - */ -void alloc_set_id_cleanup(struct alloc_cache* alloc, void (*cleanup)(void*), - void* arg); - -#ifdef UNBOUND_ALLOC_LITE -# include -# include -# ifdef HAVE_OPENSSL_SSL_H -# include -# endif -# define malloc(s) unbound_stat_malloc_lite(s, __FILE__, __LINE__, __func__) -# define calloc(n,s) unbound_stat_calloc_lite(n, s, __FILE__, __LINE__, __func__) -# define free(p) unbound_stat_free_lite(p, __FILE__, __LINE__, __func__) -# define realloc(p,s) unbound_stat_realloc_lite(p, s, __FILE__, __LINE__, __func__) -void *unbound_stat_malloc_lite(size_t size, const char* file, int line, - const char* func); -void *unbound_stat_calloc_lite(size_t nmemb, size_t size, const char* file, - int line, const char* func); -void unbound_stat_free_lite(void *ptr, const char* file, int line, - const char* func); -void *unbound_stat_realloc_lite(void *ptr, size_t size, const char* file, - int line, const char* func); -# ifdef strdup -# undef strdup -# endif -# define strdup(s) unbound_strdup_lite(s, __FILE__, __LINE__, __func__) -char* unbound_strdup_lite(const char* s, const char* file, int line, - const char* func); -char* unbound_lite_wrapstr(char* s); -# define sldns_rr2str(rr) unbound_lite_wrapstr(sldns_rr2str(rr)) -# define sldns_rdf2str(rdf) unbound_lite_wrapstr(sldns_rdf2str(rdf)) -# define sldns_rr_type2str(t) unbound_lite_wrapstr(sldns_rr_type2str(t)) -# define sldns_rr_class2str(c) unbound_lite_wrapstr(sldns_rr_class2str(c)) -# define sldns_rr_list2str(r) unbound_lite_wrapstr(sldns_rr_list2str(r)) -# define sldns_pkt2str(p) unbound_lite_wrapstr(sldns_pkt2str(p)) -# define sldns_pkt_rcode2str(r) unbound_lite_wrapstr(sldns_pkt_rcode2str(r)) -# define sldns_pkt2wire(a, r, s) unbound_lite_pkt2wire(a, r, s) -sldns_status unbound_lite_pkt2wire(uint8_t **dest, const sldns_pkt *p, size_t *size); -# define i2d_DSA_SIG(d, s) unbound_lite_i2d_DSA_SIG(d, s) -int unbound_lite_i2d_DSA_SIG(DSA_SIG* dsasig, unsigned char** sig); -#endif /* UNBOUND_ALLOC_LITE */ - -#endif /* UTIL_ALLOC_H */ diff --git a/external/unbound/util/as112.c b/external/unbound/util/as112.c deleted file mode 100644 index 6ee694046..000000000 --- a/external/unbound/util/as112.c +++ /dev/null @@ -1,143 +0,0 @@ -/* - * util/as112.c - list of local zones. - * - * Copyright (c) 2007, NLnet Labs. All rights reserved. - * - * This software is open source. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * Redistributions of source code must retain the above copyright notice, - * this list of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, - * this list of conditions and the following disclaimer in the documentation - * and/or other materials provided with the distribution. - * - * Neither the name of the NLNET LABS nor the names of its contributors may - * be used to endorse or promote products derived from this software without - * specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR - * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT - * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED - * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR - * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF - * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING - * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -/** - * \file - * - * This file provides a list of lan zones. - */ - -#include "util/as112.h" - -static const char* as112_zone_array[] = { - "10.in-addr.arpa.", - "16.172.in-addr.arpa.", - "17.172.in-addr.arpa.", - "18.172.in-addr.arpa.", - "19.172.in-addr.arpa.", - "20.172.in-addr.arpa.", - "21.172.in-addr.arpa.", - "22.172.in-addr.arpa.", - "23.172.in-addr.arpa.", - "24.172.in-addr.arpa.", - "25.172.in-addr.arpa.", - "26.172.in-addr.arpa.", - "27.172.in-addr.arpa.", - "28.172.in-addr.arpa.", - "29.172.in-addr.arpa.", - "30.172.in-addr.arpa.", - "31.172.in-addr.arpa.", - "168.192.in-addr.arpa.", - "0.in-addr.arpa.", - "64.100.in-addr.arpa.", - "65.100.in-addr.arpa.", - "66.100.in-addr.arpa.", - "67.100.in-addr.arpa.", - "68.100.in-addr.arpa.", - "69.100.in-addr.arpa.", - "70.100.in-addr.arpa.", - "71.100.in-addr.arpa.", - "72.100.in-addr.arpa.", - "73.100.in-addr.arpa.", - "74.100.in-addr.arpa.", - "75.100.in-addr.arpa.", - "76.100.in-addr.arpa.", - "77.100.in-addr.arpa.", - "78.100.in-addr.arpa.", - "79.100.in-addr.arpa.", - "80.100.in-addr.arpa.", - "81.100.in-addr.arpa.", - "82.100.in-addr.arpa.", - "83.100.in-addr.arpa.", - "84.100.in-addr.arpa.", - "85.100.in-addr.arpa.", - "86.100.in-addr.arpa.", - "87.100.in-addr.arpa.", - "88.100.in-addr.arpa.", - "89.100.in-addr.arpa.", - "90.100.in-addr.arpa.", - "91.100.in-addr.arpa.", - "92.100.in-addr.arpa.", - "93.100.in-addr.arpa.", - "94.100.in-addr.arpa.", - "95.100.in-addr.arpa.", - "96.100.in-addr.arpa.", - "97.100.in-addr.arpa.", - "98.100.in-addr.arpa.", - "99.100.in-addr.arpa.", - "100.100.in-addr.arpa.", - "101.100.in-addr.arpa.", - "102.100.in-addr.arpa.", - "103.100.in-addr.arpa.", - "104.100.in-addr.arpa.", - "105.100.in-addr.arpa.", - "106.100.in-addr.arpa.", - "107.100.in-addr.arpa.", - "108.100.in-addr.arpa.", - "109.100.in-addr.arpa.", - "110.100.in-addr.arpa.", - "111.100.in-addr.arpa.", - "112.100.in-addr.arpa.", - "113.100.in-addr.arpa.", - "114.100.in-addr.arpa.", - "115.100.in-addr.arpa.", - "116.100.in-addr.arpa.", - "117.100.in-addr.arpa.", - "118.100.in-addr.arpa.", - "119.100.in-addr.arpa.", - "120.100.in-addr.arpa.", - "121.100.in-addr.arpa.", - "122.100.in-addr.arpa.", - "123.100.in-addr.arpa.", - "124.100.in-addr.arpa.", - "125.100.in-addr.arpa.", - "126.100.in-addr.arpa.", - "127.100.in-addr.arpa.", - "254.169.in-addr.arpa.", - "2.0.192.in-addr.arpa.", - "100.51.198.in-addr.arpa.", - "113.0.203.in-addr.arpa.", - "255.255.255.255.in-addr.arpa.", - "0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa.", - "d.f.ip6.arpa.", - "8.e.f.ip6.arpa.", - "9.e.f.ip6.arpa.", - "a.e.f.ip6.arpa.", - "b.e.f.ip6.arpa.", - "8.b.d.0.1.0.0.2.ip6.arpa.", - 0 -}; - -const char** as112_zones = as112_zone_array; diff --git a/external/unbound/util/as112.h b/external/unbound/util/as112.h deleted file mode 100644 index 7d0329e82..000000000 --- a/external/unbound/util/as112.h +++ /dev/null @@ -1,57 +0,0 @@ -/* - * util/as112.c - list of local zones. - * - * Copyright (c) 2007, NLnet Labs. All rights reserved. - * - * This software is open source. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * Redistributions of source code must retain the above copyright notice, - * this list of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, - * this list of conditions and the following disclaimer in the documentation - * and/or other materials provided with the distribution. - * - * Neither the name of the NLNET LABS nor the names of its contributors may - * be used to endorse or promote products derived from this software without - * specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR - * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT - * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED - * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR - * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF - * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING - * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -/** - * \file - * - * This file provides a list of lan zones - */ - -#ifndef UTIL_AS112_H -#define UTIL_AS112_H - -/** - * Array of text-format domain names of the AS112 zones. - * The array ends with NULL. "AS112" is a service on the internet that - * that this array is named after. The names in this list (or some of them) - * are null-routed by this service to avoid load on central servers caused by - * mistaken lookups for local content on the global internet. - * - * This is the list of names that unbound should not normally be sending - * on towards the internet, because they are local-use. - */ -extern const char** as112_zones; - -#endif diff --git a/external/unbound/util/config_file.c b/external/unbound/util/config_file.c deleted file mode 100644 index af176929d..000000000 --- a/external/unbound/util/config_file.c +++ /dev/null @@ -1,2056 +0,0 @@ -/* - * util/config_file.c - reads and stores the config file for unbound. - * - * Copyright (c) 2007, NLnet Labs. All rights reserved. - * - * This software is open source. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * Redistributions of source code must retain the above copyright notice, - * this list of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, - * this list of conditions and the following disclaimer in the documentation - * and/or other materials provided with the distribution. - * - * Neither the name of the NLNET LABS nor the names of its contributors may - * be used to endorse or promote products derived from this software without - * specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR - * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT - * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED - * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR - * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF - * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING - * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -/** - * \file - * - * This file contains functions for the config file. - */ - -#include "config.h" -#include -#include -#ifdef HAVE_TIME_H -#include -#endif -#include "util/log.h" -#include "util/configyyrename.h" -#include "util/config_file.h" -#include "util/configparser.h" -#include "util/net_help.h" -#include "util/data/msgparse.h" -#include "util/module.h" -#include "util/regional.h" -#include "util/fptr_wlist.h" -#include "util/data/dname.h" -#include "util/rtt.h" -#include "services/cache/infra.h" -#include "sldns/wire2str.h" -#include "sldns/parseutil.h" -#ifdef HAVE_GLOB_H -# include -#endif -#ifdef CLIENT_SUBNET -#include "edns-subnet/edns-subnet.h" -#endif -#ifdef HAVE_PWD_H -#include -#endif - -/** from cfg username, after daemonise setup performed */ -uid_t cfg_uid = (uid_t)-1; -/** from cfg username, after daemonise setup performed */ -gid_t cfg_gid = (gid_t)-1; -/** for debug allow small timeout values for fast rollovers */ -int autr_permit_small_holddown = 0; - -/** global config during parsing */ -struct config_parser_state* cfg_parser = 0; - -/** init ports possible for use */ -static void init_outgoing_availports(int* array, int num); - -struct config_file* -config_create(void) -{ - struct config_file* cfg; - cfg = (struct config_file*)calloc(1, sizeof(struct config_file)); - if(!cfg) - return NULL; - /* the defaults if no config is present */ - cfg->verbosity = 1; - cfg->stat_interval = 0; - cfg->stat_cumulative = 0; - cfg->stat_extended = 0; - cfg->num_threads = 1; - cfg->port = UNBOUND_DNS_PORT; - cfg->do_ip4 = 1; - cfg->do_ip6 = 1; - cfg->do_udp = 1; - cfg->do_tcp = 1; - cfg->tcp_upstream = 0; - cfg->tcp_mss = 0; - cfg->outgoing_tcp_mss = 0; - cfg->ssl_service_key = NULL; - cfg->ssl_service_pem = NULL; - cfg->ssl_port = 853; - cfg->ssl_upstream = 0; - cfg->use_syslog = 1; - cfg->log_identity = NULL; /* changed later with argv[0] */ - cfg->log_time_ascii = 0; - cfg->log_queries = 0; - cfg->log_replies = 0; -#ifndef USE_WINSOCK -# ifdef USE_MINI_EVENT - /* select max 1024 sockets */ - cfg->outgoing_num_ports = 960; - cfg->num_queries_per_thread = 512; -# else - /* libevent can use many sockets */ - cfg->outgoing_num_ports = 4096; - cfg->num_queries_per_thread = 1024; -# endif - cfg->outgoing_num_tcp = 10; - cfg->incoming_num_tcp = 10; -#else - cfg->outgoing_num_ports = 48; /* windows is limited in num fds */ - cfg->num_queries_per_thread = 24; - cfg->outgoing_num_tcp = 2; /* leaves 64-52=12 for: 4if,1stop,thread4 */ - cfg->incoming_num_tcp = 2; -#endif - cfg->edns_buffer_size = 4096; /* 4k from rfc recommendation */ - cfg->msg_buffer_size = 65552; /* 64 k + a small margin */ - cfg->msg_cache_size = 4 * 1024 * 1024; - cfg->msg_cache_slabs = 4; - cfg->jostle_time = 200; - cfg->rrset_cache_size = 4 * 1024 * 1024; - cfg->rrset_cache_slabs = 4; - cfg->host_ttl = 900; - cfg->bogus_ttl = 60; - cfg->min_ttl = 0; - cfg->max_ttl = 3600 * 24; - cfg->max_negative_ttl = 3600; - cfg->prefetch = 0; - cfg->prefetch_key = 0; - cfg->infra_cache_slabs = 4; - cfg->infra_cache_numhosts = 10000; - cfg->infra_cache_min_rtt = 50; - cfg->delay_close = 0; - if(!(cfg->outgoing_avail_ports = (int*)calloc(65536, sizeof(int)))) - goto error_exit; - init_outgoing_availports(cfg->outgoing_avail_ports, 65536); - if(!(cfg->username = strdup(UB_USERNAME))) goto error_exit; -#ifdef HAVE_CHROOT - if(!(cfg->chrootdir = strdup(CHROOT_DIR))) goto error_exit; -#endif - if(!(cfg->directory = strdup(RUN_DIR))) goto error_exit; - if(!(cfg->logfile = strdup(""))) goto error_exit; - if(!(cfg->pidfile = strdup(PIDFILE))) goto error_exit; - if(!(cfg->target_fetch_policy = strdup("3 2 1 0 0"))) goto error_exit; - cfg->donotqueryaddrs = NULL; - cfg->donotquery_localhost = 1; - cfg->root_hints = NULL; - cfg->use_systemd = 0; - cfg->do_daemonize = 1; - cfg->if_automatic = 0; - cfg->so_rcvbuf = 0; - cfg->so_sndbuf = 0; - cfg->so_reuseport = 0; - cfg->ip_transparent = 0; - cfg->ip_freebind = 0; - cfg->num_ifs = 0; - cfg->ifs = NULL; - cfg->num_out_ifs = 0; - cfg->out_ifs = NULL; - cfg->stubs = NULL; - cfg->forwards = NULL; -#ifdef CLIENT_SUBNET - cfg->client_subnet = NULL; - cfg->client_subnet_opcode = LDNS_EDNS_CLIENT_SUBNET; - cfg->client_subnet_always_forward = 0; - cfg->max_client_subnet_ipv4 = 24; - cfg->max_client_subnet_ipv6 = 56; -#endif - cfg->views = NULL; - cfg->acls = NULL; - cfg->harden_short_bufsize = 0; - cfg->harden_large_queries = 0; - cfg->harden_glue = 1; - cfg->harden_dnssec_stripped = 1; - cfg->harden_below_nxdomain = 0; - cfg->harden_referral_path = 0; - cfg->harden_algo_downgrade = 0; - cfg->use_caps_bits_for_id = 0; - cfg->caps_whitelist = NULL; - cfg->private_address = NULL; - cfg->private_domain = NULL; - cfg->unwanted_threshold = 0; - cfg->hide_identity = 0; - cfg->hide_version = 0; - cfg->hide_trustanchor = 0; - cfg->identity = NULL; - cfg->version = NULL; - cfg->auto_trust_anchor_file_list = NULL; - cfg->trust_anchor_file_list = NULL; - cfg->trust_anchor_list = NULL; - cfg->trusted_keys_file_list = NULL; - cfg->dlv_anchor_file = NULL; - cfg->dlv_anchor_list = NULL; - cfg->domain_insecure = NULL; - cfg->val_date_override = 0; - cfg->val_sig_skew_min = 3600; /* at least daylight savings trouble */ - cfg->val_sig_skew_max = 86400; /* at most timezone settings trouble */ - cfg->val_clean_additional = 1; - cfg->val_log_level = 0; - cfg->val_log_squelch = 0; - cfg->val_permissive_mode = 0; - cfg->ignore_cd = 0; - cfg->serve_expired = 0; - cfg->add_holddown = 30*24*3600; - cfg->del_holddown = 30*24*3600; - cfg->keep_missing = 366*24*3600; /* one year plus a little leeway */ - cfg->permit_small_holddown = 0; - cfg->key_cache_size = 4 * 1024 * 1024; - cfg->key_cache_slabs = 4; - cfg->neg_cache_size = 1 * 1024 * 1024; - cfg->local_zones = NULL; - cfg->local_zones_nodefault = NULL; - cfg->local_data = NULL; - cfg->local_zone_overrides = NULL; - cfg->unblock_lan_zones = 0; - cfg->insecure_lan_zones = 0; - cfg->python_script = NULL; - cfg->remote_control_enable = 0; - cfg->control_ifs = NULL; - cfg->control_port = UNBOUND_CONTROL_PORT; - cfg->remote_control_use_cert = 1; - cfg->minimal_responses = 0; - cfg->rrset_roundrobin = 0; - cfg->max_udp_size = 4096; - if(!(cfg->server_key_file = strdup(RUN_DIR"/unbound_server.key"))) - goto error_exit; - if(!(cfg->server_cert_file = strdup(RUN_DIR"/unbound_server.pem"))) - goto error_exit; - if(!(cfg->control_key_file = strdup(RUN_DIR"/unbound_control.key"))) - goto error_exit; - if(!(cfg->control_cert_file = strdup(RUN_DIR"/unbound_control.pem"))) - goto error_exit; - -#ifdef CLIENT_SUBNET - if(!(cfg->module_conf = strdup("subnetcache validator iterator"))) goto error_exit; -#else - if(!(cfg->module_conf = strdup("validator iterator"))) goto error_exit; -#endif - if(!(cfg->val_nsec3_key_iterations = - strdup("1024 150 2048 500 4096 2500"))) goto error_exit; -#if defined(DNSTAP_SOCKET_PATH) - if(!(cfg->dnstap_socket_path = strdup(DNSTAP_SOCKET_PATH))) - goto error_exit; -#endif - cfg->disable_dnssec_lame_check = 0; - cfg->ip_ratelimit = 0; - cfg->ratelimit = 0; - cfg->ip_ratelimit_slabs = 4; - cfg->ratelimit_slabs = 4; - cfg->ip_ratelimit_size = 4*1024*1024; - cfg->ratelimit_size = 4*1024*1024; - cfg->ratelimit_for_domain = NULL; - cfg->ratelimit_below_domain = NULL; - cfg->ip_ratelimit_factor = 10; - cfg->ratelimit_factor = 10; - cfg->qname_minimisation = 0; - cfg->qname_minimisation_strict = 0; - cfg->shm_enable = 0; - cfg->shm_key = 11777; - cfg->dnscrypt = 0; - cfg->dnscrypt_port = 0; - cfg->dnscrypt_provider = NULL; - cfg->dnscrypt_provider_cert = NULL; - cfg->dnscrypt_secret_key = NULL; - return cfg; -error_exit: - config_delete(cfg); - return NULL; -} - -struct config_file* config_create_forlib(void) -{ - struct config_file* cfg = config_create(); - if(!cfg) return NULL; - /* modifications for library use, less verbose, less memory */ - free(cfg->chrootdir); - cfg->chrootdir = NULL; - cfg->verbosity = 0; - cfg->outgoing_num_ports = 16; /* in library use, this is 'reasonable' - and probably within the ulimit(maxfds) of the user */ - cfg->outgoing_num_tcp = 2; - cfg->msg_cache_size = 1024*1024; - cfg->msg_cache_slabs = 1; - cfg->rrset_cache_size = 1024*1024; - cfg->rrset_cache_slabs = 1; - cfg->infra_cache_slabs = 1; - cfg->use_syslog = 0; - cfg->key_cache_size = 1024*1024; - cfg->key_cache_slabs = 1; - cfg->neg_cache_size = 100 * 1024; - cfg->donotquery_localhost = 0; /* allow, so that you can ask a - forward nameserver running on localhost */ - cfg->val_log_level = 2; /* to fill why_bogus with */ - cfg->val_log_squelch = 1; - return cfg; -} - -/** check that the value passed is >= 0 */ -#define IS_NUMBER_OR_ZERO \ - if(atoi(val) == 0 && strcmp(val, "0") != 0) return 0 -/** check that the value passed is > 0 */ -#define IS_NONZERO_NUMBER \ - if(atoi(val) == 0) return 0 -/** check that the value passed is not 0 and a power of 2 */ -#define IS_POW2_NUMBER \ - if(atoi(val) == 0 || !is_pow2((size_t)atoi(val))) return 0 -/** check that the value passed is yes or no */ -#define IS_YES_OR_NO \ - if(strcmp(val, "yes") != 0 && strcmp(val, "no") != 0) return 0 -/** put integer_or_zero into variable */ -#define S_NUMBER_OR_ZERO(str, var) if(strcmp(opt, str) == 0) \ - { IS_NUMBER_OR_ZERO; cfg->var = atoi(val); } -/** put integer_nonzero into variable */ -#define S_NUMBER_NONZERO(str, var) if(strcmp(opt, str) == 0) \ - { IS_NONZERO_NUMBER; cfg->var = atoi(val); } -/** put integer_or_zero into unsigned */ -#define S_UNSIGNED_OR_ZERO(str, var) if(strcmp(opt, str) == 0) \ - { IS_NUMBER_OR_ZERO; cfg->var = (unsigned)atoi(val); } -/** put integer_or_zero into size_t */ -#define S_SIZET_OR_ZERO(str, var) if(strcmp(opt, str) == 0) \ - { IS_NUMBER_OR_ZERO; cfg->var = (size_t)atoi(val); } -/** put integer_nonzero into size_t */ -#define S_SIZET_NONZERO(str, var) if(strcmp(opt, str) == 0) \ - { IS_NONZERO_NUMBER; cfg->var = (size_t)atoi(val); } -/** put yesno into variable */ -#define S_YNO(str, var) if(strcmp(opt, str) == 0) \ - { IS_YES_OR_NO; cfg->var = (strcmp(val, "yes") == 0); } -/** put memsize into variable */ -#define S_MEMSIZE(str, var) if(strcmp(opt, str)==0) \ - { return cfg_parse_memsize(val, &cfg->var); } -/** put pow2 number into variable */ -#define S_POW2(str, var) if(strcmp(opt, str)==0) \ - { IS_POW2_NUMBER; cfg->var = (size_t)atoi(val); } -/** put string into variable */ -#define S_STR(str, var) if(strcmp(opt, str)==0) \ - { free(cfg->var); return (cfg->var = strdup(val)) != NULL; } -/** put string into strlist */ -#define S_STRLIST(str, var) if(strcmp(opt, str)==0) \ - { return cfg_strlist_insert(&cfg->var, strdup(val)); } - -int config_set_option(struct config_file* cfg, const char* opt, - const char* val) -{ - S_NUMBER_OR_ZERO("verbosity:", verbosity) - else if(strcmp(opt, "statistics-interval:") == 0) { - if(strcmp(val, "0") == 0 || strcmp(val, "") == 0) - cfg->stat_interval = 0; - else if(atoi(val) == 0) - return 0; - else cfg->stat_interval = atoi(val); - } else if(strcmp(opt, "num_threads:") == 0) { - /* not supported, library must have 1 thread in bgworker */ - return 0; - } else if(strcmp(opt, "outgoing-port-permit:") == 0) { - return cfg_mark_ports(val, 1, - cfg->outgoing_avail_ports, 65536); - } else if(strcmp(opt, "outgoing-port-avoid:") == 0) { - return cfg_mark_ports(val, 0, - cfg->outgoing_avail_ports, 65536); - } else if(strcmp(opt, "local-zone:") == 0) { - return cfg_parse_local_zone(cfg, val); - } else if(strcmp(opt, "val-override-date:") == 0) { - if(strcmp(val, "") == 0 || strcmp(val, "0") == 0) { - cfg->val_date_override = 0; - } else if(strlen(val) == 14) { - cfg->val_date_override = cfg_convert_timeval(val); - return cfg->val_date_override != 0; - } else { - if(atoi(val) == 0) return 0; - cfg->val_date_override = (uint32_t)atoi(val); - } - } else if(strcmp(opt, "local-data-ptr:") == 0) { - char* ptr = cfg_ptr_reverse((char*)opt); - return cfg_strlist_insert(&cfg->local_data, ptr); - } else if(strcmp(opt, "logfile:") == 0) { - cfg->use_syslog = 0; - free(cfg->logfile); - return (cfg->logfile = strdup(val)) != NULL; - } - else if(strcmp(opt, "log-time-ascii:") == 0) - { IS_YES_OR_NO; cfg->log_time_ascii = (strcmp(val, "yes") == 0); - log_set_time_asc(cfg->log_time_ascii); } - else S_SIZET_NONZERO("max-udp-size:", max_udp_size) - else S_YNO("use-syslog:", use_syslog) - else S_STR("log-identity:", log_identity) - else S_YNO("extended-statistics:", stat_extended) - else S_YNO("statistics-cumulative:", stat_cumulative) - else S_YNO("shm-enable:", shm_enable) - else S_NUMBER_OR_ZERO("shm-key:", shm_key) - else S_YNO("do-ip4:", do_ip4) - else S_YNO("do-ip6:", do_ip6) - else S_YNO("do-udp:", do_udp) - else S_YNO("do-tcp:", do_tcp) - else S_YNO("tcp-upstream:", tcp_upstream) - else S_NUMBER_NONZERO("tcp-mss:", tcp_mss) - else S_NUMBER_NONZERO("outgoing-tcp-mss:", outgoing_tcp_mss) - else S_YNO("ssl-upstream:", ssl_upstream) - else S_STR("ssl-service-key:", ssl_service_key) - else S_STR("ssl-service-pem:", ssl_service_pem) - else S_NUMBER_NONZERO("ssl-port:", ssl_port) - else S_YNO("interface-automatic:", if_automatic) - else S_YNO("use-systemd:", use_systemd) - else S_YNO("do-daemonize:", do_daemonize) - else S_NUMBER_NONZERO("port:", port) - else S_NUMBER_NONZERO("outgoing-range:", outgoing_num_ports) - else S_SIZET_OR_ZERO("outgoing-num-tcp:", outgoing_num_tcp) - else S_SIZET_OR_ZERO("incoming-num-tcp:", incoming_num_tcp) - else S_SIZET_NONZERO("edns-buffer-size:", edns_buffer_size) - else S_SIZET_NONZERO("msg-buffer-size:", msg_buffer_size) - else S_MEMSIZE("msg-cache-size:", msg_cache_size) - else S_POW2("msg-cache-slabs:", msg_cache_slabs) - else S_SIZET_NONZERO("num-queries-per-thread:",num_queries_per_thread) - else S_SIZET_OR_ZERO("jostle-timeout:", jostle_time) - else S_MEMSIZE("so-rcvbuf:", so_rcvbuf) - else S_MEMSIZE("so-sndbuf:", so_sndbuf) - else S_YNO("so-reuseport:", so_reuseport) - else S_YNO("ip-transparent:", ip_transparent) - else S_YNO("ip-freebind:", ip_freebind) - else S_MEMSIZE("rrset-cache-size:", rrset_cache_size) - else S_POW2("rrset-cache-slabs:", rrset_cache_slabs) - else S_YNO("prefetch:", prefetch) - else S_YNO("prefetch-key:", prefetch_key) - else if(strcmp(opt, "cache-max-ttl:") == 0) - { IS_NUMBER_OR_ZERO; cfg->max_ttl = atoi(val); MAX_TTL=(time_t)cfg->max_ttl;} - else if(strcmp(opt, "cache-max-negative-ttl:") == 0) - { IS_NUMBER_OR_ZERO; cfg->max_negative_ttl = atoi(val); MAX_NEG_TTL=(time_t)cfg->max_negative_ttl;} - else if(strcmp(opt, "cache-min-ttl:") == 0) - { IS_NUMBER_OR_ZERO; cfg->min_ttl = atoi(val); MIN_TTL=(time_t)cfg->min_ttl;} - else if(strcmp(opt, "infra-cache-min-rtt:") == 0) { - IS_NUMBER_OR_ZERO; cfg->infra_cache_min_rtt = atoi(val); - RTT_MIN_TIMEOUT=cfg->infra_cache_min_rtt; - } - else S_NUMBER_OR_ZERO("infra-host-ttl:", host_ttl) - else S_POW2("infra-cache-slabs:", infra_cache_slabs) - else S_SIZET_NONZERO("infra-cache-numhosts:", infra_cache_numhosts) - else S_NUMBER_OR_ZERO("delay-close:", delay_close) - else S_STR("chroot:", chrootdir) - else S_STR("username:", username) - else S_STR("directory:", directory) - else S_STR("pidfile:", pidfile) - else S_YNO("hide-identity:", hide_identity) - else S_YNO("hide-version:", hide_version) - else S_YNO("hide-trustanchor:", hide_trustanchor) - else S_STR("identity:", identity) - else S_STR("version:", version) - else S_STRLIST("root-hints:", root_hints) - else S_STR("target-fetch-policy:", target_fetch_policy) - else S_YNO("harden-glue:", harden_glue) - else S_YNO("harden-short-bufsize:", harden_short_bufsize) - else S_YNO("harden-large-queries:", harden_large_queries) - else S_YNO("harden-dnssec-stripped:", harden_dnssec_stripped) - else S_YNO("harden-below-nxdomain:", harden_below_nxdomain) - else S_YNO("harden-referral-path:", harden_referral_path) - else S_YNO("harden-algo-downgrade:", harden_algo_downgrade) - else S_YNO("use-caps-for-id", use_caps_bits_for_id) - else S_STRLIST("caps-whitelist:", caps_whitelist) - else S_SIZET_OR_ZERO("unwanted-reply-threshold:", unwanted_threshold) - else S_STRLIST("private-address:", private_address) - else S_STRLIST("private-domain:", private_domain) - else S_YNO("do-not-query-localhost:", donotquery_localhost) - else S_STRLIST("do-not-query-address:", donotqueryaddrs) - else S_STRLIST("auto-trust-anchor-file:", auto_trust_anchor_file_list) - else S_STRLIST("trust-anchor-file:", trust_anchor_file_list) - else S_STRLIST("trust-anchor:", trust_anchor_list) - else S_STRLIST("trusted-keys-file:", trusted_keys_file_list) - else S_STR("dlv-anchor-file:", dlv_anchor_file) - else S_STRLIST("dlv-anchor:", dlv_anchor_list) - else S_STRLIST("domain-insecure:", domain_insecure) - else S_NUMBER_OR_ZERO("val-bogus-ttl:", bogus_ttl) - else S_YNO("val-clean-additional:", val_clean_additional) - else S_NUMBER_OR_ZERO("val-log-level:", val_log_level) - else S_YNO("val-log-squelch:", val_log_squelch) - else S_YNO("log-queries:", log_queries) - else S_YNO("log-replies:", log_replies) - else S_YNO("val-permissive-mode:", val_permissive_mode) - else S_YNO("ignore-cd-flag:", ignore_cd) - else S_YNO("serve-expired:", serve_expired) - else S_STR("val-nsec3-keysize-iterations:", val_nsec3_key_iterations) - else S_UNSIGNED_OR_ZERO("add-holddown:", add_holddown) - else S_UNSIGNED_OR_ZERO("del-holddown:", del_holddown) - else S_UNSIGNED_OR_ZERO("keep-missing:", keep_missing) - else if(strcmp(opt, "permit-small-holddown:") == 0) - { IS_YES_OR_NO; cfg->permit_small_holddown = (strcmp(val, "yes") == 0); - autr_permit_small_holddown = cfg->permit_small_holddown; } - else S_MEMSIZE("key-cache-size:", key_cache_size) - else S_POW2("key-cache-slabs:", key_cache_slabs) - else S_MEMSIZE("neg-cache-size:", neg_cache_size) - else S_YNO("minimal-responses:", minimal_responses) - else S_YNO("rrset-roundrobin:", rrset_roundrobin) - else S_STRLIST("local-data:", local_data) - else S_YNO("unblock-lan-zones:", unblock_lan_zones) - else S_YNO("insecure-lan-zones:", insecure_lan_zones) - else S_YNO("control-enable:", remote_control_enable) - else S_STRLIST("control-interface:", control_ifs) - else S_NUMBER_NONZERO("control-port:", control_port) - else S_STR("server-key-file:", server_key_file) - else S_STR("server-cert-file:", server_cert_file) - else S_STR("control-key-file:", control_key_file) - else S_STR("control-cert-file:", control_cert_file) - else S_STR("module-config:", module_conf) - else S_STR("python-script:", python_script) - else S_YNO("disable-dnssec-lame-check:", disable_dnssec_lame_check) -#ifdef CLIENT_SUBNET - /* Can't set max subnet prefix here, since that value is used when - * generating the address tree. */ - /* No client-subnet-always-forward here, module registration depends on - * this option. */ -#endif - else if(strcmp(opt, "ip-ratelimit:") == 0) { - IS_NUMBER_OR_ZERO; cfg->ip_ratelimit = atoi(val); - infra_ip_ratelimit=cfg->ip_ratelimit; - } - else if(strcmp(opt, "ratelimit:") == 0) { - IS_NUMBER_OR_ZERO; cfg->ratelimit = atoi(val); - infra_dp_ratelimit=cfg->ratelimit; - } - else S_MEMSIZE("ip-ratelimit-size:", ip_ratelimit_size) - else S_MEMSIZE("ratelimit-size:", ratelimit_size) - else S_POW2("ip-ratelimit-slabs:", ip_ratelimit_slabs) - else S_POW2("ratelimit-slabs:", ratelimit_slabs) - else S_NUMBER_OR_ZERO("ip-ratelimit-factor:", ip_ratelimit_factor) - else S_NUMBER_OR_ZERO("ratelimit-factor:", ratelimit_factor) - else S_YNO("qname-minimisation:", qname_minimisation) - else S_YNO("qname-minimisation-strict:", qname_minimisation_strict) - else if(strcmp(opt, "define-tag:") ==0) { - return config_add_tag(cfg, val); - /* val_sig_skew_min and max are copied into val_env during init, - * so this does not update val_env with set_option */ - } else if(strcmp(opt, "val-sig-skew-min:") == 0) - { IS_NUMBER_OR_ZERO; cfg->val_sig_skew_min = (int32_t)atoi(val); } - else if(strcmp(opt, "val-sig-skew-max:") == 0) - { IS_NUMBER_OR_ZERO; cfg->val_sig_skew_max = (int32_t)atoi(val); } - else if (strcmp(opt, "outgoing-interface:") == 0) { - char* d = strdup(val); - char** oi = - (char**)reallocarray(NULL, (size_t)cfg->num_out_ifs+1, sizeof(char*)); - if(!d || !oi) { free(d); free(oi); return -1; } - if(cfg->out_ifs && cfg->num_out_ifs) { - memmove(oi, cfg->out_ifs, cfg->num_out_ifs*sizeof(char*)); - free(cfg->out_ifs); - } - oi[cfg->num_out_ifs++] = d; - cfg->out_ifs = oi; - } else { - /* unknown or unsupported (from the set_option interface): - * interface, outgoing-interface, access-control, - * stub-zone, name, stub-addr, stub-host, stub-prime - * forward-first, stub-first, forward-ssl-upstream, - * stub-ssl-upstream, forward-zone, - * name, forward-addr, forward-host, - * ratelimit-for-domain, ratelimit-below-domain, - * local-zone-tag, access-control-view - * send-client-subnet client-subnet-always-forward - * max-client-subnet-ipv4 max-client-subnet-ipv6 */ - return 0; - } - return 1; -} - -void config_print_func(char* line, void* arg) -{ - FILE* f = (FILE*)arg; - (void)fprintf(f, "%s\n", line); -} - -/** collate func arg */ -struct config_collate_arg { - /** list of result items */ - struct config_strlist_head list; - /** if a malloc error occurred, 0 is OK */ - int status; -}; - -void config_collate_func(char* line, void* arg) -{ - struct config_collate_arg* m = (struct config_collate_arg*)arg; - if(m->status) - return; - if(!cfg_strlist_append(&m->list, strdup(line))) - m->status = 1; -} - -int config_get_option_list(struct config_file* cfg, const char* opt, - struct config_strlist** list) -{ - struct config_collate_arg m; - memset(&m, 0, sizeof(m)); - *list = NULL; - if(!config_get_option(cfg, opt, config_collate_func, &m)) - return 1; - if(m.status) { - config_delstrlist(m.list.first); - return 2; - } - *list = m.list.first; - return 0; -} - -int -config_get_option_collate(struct config_file* cfg, const char* opt, char** str) -{ - struct config_strlist* list = NULL; - int r; - *str = NULL; - if((r = config_get_option_list(cfg, opt, &list)) != 0) - return r; - *str = config_collate_cat(list); - config_delstrlist(list); - if(!*str) return 2; - return 0; -} - -char* -config_collate_cat(struct config_strlist* list) -{ - size_t total = 0, left; - struct config_strlist* s; - char *r, *w; - if(!list) /* no elements */ - return strdup(""); - if(list->next == NULL) /* one element , no newline at end. */ - return strdup(list->str); - /* count total length */ - for(s=list; s; s=s->next) - total += strlen(s->str) + 1; /* len + newline */ - left = total+1; /* one extra for nul at end */ - r = malloc(left); - if(!r) - return NULL; - w = r; - for(s=list; s; s=s->next) { - size_t this = strlen(s->str); - if(this+2 > left) { /* sanity check */ - free(r); - return NULL; - } - snprintf(w, left, "%s\n", s->str); - this = strlen(w); - w += this; - left -= this; - } - return r; -} - -/** compare and print decimal option */ -#define O_DEC(opt, str, var) if(strcmp(opt, str)==0) \ - {snprintf(buf, len, "%d", (int)cfg->var); \ - func(buf, arg);} -/** compare and print unsigned option */ -#define O_UNS(opt, str, var) if(strcmp(opt, str)==0) \ - {snprintf(buf, len, "%u", (unsigned)cfg->var); \ - func(buf, arg);} -/** compare and print yesno option */ -#define O_YNO(opt, str, var) if(strcmp(opt, str)==0) \ - {func(cfg->var?"yes":"no", arg);} -/** compare and print string option */ -#define O_STR(opt, str, var) if(strcmp(opt, str)==0) \ - {func(cfg->var?cfg->var:"", arg);} -/** compare and print array option */ -#define O_IFC(opt, str, num, arr) if(strcmp(opt, str)==0) \ - {int i; for(i=0; inum; i++) func(cfg->arr[i], arg);} -/** compare and print memorysize option */ -#define O_MEM(opt, str, var) if(strcmp(opt, str)==0) { \ - if(cfg->var > 1024*1024*1024) { \ - size_t f=cfg->var/(size_t)1000000, b=cfg->var%(size_t)1000000; \ - snprintf(buf, len, "%u%6.6u", (unsigned)f, (unsigned)b); \ - } else snprintf(buf, len, "%u", (unsigned)cfg->var); \ - func(buf, arg);} -/** compare and print list option */ -#define O_LST(opt, name, lst) if(strcmp(opt, name)==0) { \ - struct config_strlist* p = cfg->lst; \ - for(p = cfg->lst; p; p = p->next) \ - func(p->str, arg); \ - } -/** compare and print list option */ -#define O_LS2(opt, name, lst) if(strcmp(opt, name)==0) { \ - struct config_str2list* p = cfg->lst; \ - for(p = cfg->lst; p; p = p->next) { \ - snprintf(buf, len, "%s %s", p->str, p->str2); \ - func(buf, arg); \ - } \ - } -/** compare and print list option */ -#define O_LS3(opt, name, lst) if(strcmp(opt, name)==0) { \ - struct config_str3list* p = cfg->lst; \ - for(p = cfg->lst; p; p = p->next) { \ - snprintf(buf, len, "%s %s %s", p->str, p->str2, p->str3); \ - func(buf, arg); \ - } \ - } -/** compare and print taglist option */ -#define O_LTG(opt, name, lst) if(strcmp(opt, name)==0) { \ - char* tmpstr = NULL; \ - struct config_strbytelist *p = cfg->lst; \ - for(p = cfg->lst; p; p = p->next) {\ - tmpstr = config_taglist2str(cfg, p->str2, p->str2len); \ - if(tmpstr) {\ - snprintf(buf, len, "%s %s", p->str, tmpstr); \ - func(buf, arg); \ - free(tmpstr); \ - } \ - } \ - } - -int -config_get_option(struct config_file* cfg, const char* opt, - void (*func)(char*,void*), void* arg) -{ - char buf[1024]; - size_t len = sizeof(buf); - fptr_ok(fptr_whitelist_print_func(func)); - O_DEC(opt, "verbosity", verbosity) - else O_DEC(opt, "statistics-interval", stat_interval) - else O_YNO(opt, "statistics-cumulative", stat_cumulative) - else O_YNO(opt, "extended-statistics", stat_extended) - else O_YNO(opt, "shm-enable", shm_enable) - else O_DEC(opt, "shm-key", shm_key) - else O_YNO(opt, "use-syslog", use_syslog) - else O_STR(opt, "log-identity", log_identity) - else O_YNO(opt, "log-time-ascii", log_time_ascii) - else O_DEC(opt, "num-threads", num_threads) - else O_IFC(opt, "interface", num_ifs, ifs) - else O_IFC(opt, "outgoing-interface", num_out_ifs, out_ifs) - else O_YNO(opt, "interface-automatic", if_automatic) - else O_DEC(opt, "port", port) - else O_DEC(opt, "outgoing-range", outgoing_num_ports) - else O_DEC(opt, "outgoing-num-tcp", outgoing_num_tcp) - else O_DEC(opt, "incoming-num-tcp", incoming_num_tcp) - else O_DEC(opt, "edns-buffer-size", edns_buffer_size) - else O_DEC(opt, "msg-buffer-size", msg_buffer_size) - else O_MEM(opt, "msg-cache-size", msg_cache_size) - else O_DEC(opt, "msg-cache-slabs", msg_cache_slabs) - else O_DEC(opt, "num-queries-per-thread", num_queries_per_thread) - else O_UNS(opt, "jostle-timeout", jostle_time) - else O_MEM(opt, "so-rcvbuf", so_rcvbuf) - else O_MEM(opt, "so-sndbuf", so_sndbuf) - else O_YNO(opt, "so-reuseport", so_reuseport) - else O_YNO(opt, "ip-transparent", ip_transparent) - else O_YNO(opt, "ip-freebind", ip_freebind) - else O_MEM(opt, "rrset-cache-size", rrset_cache_size) - else O_DEC(opt, "rrset-cache-slabs", rrset_cache_slabs) - else O_YNO(opt, "prefetch-key", prefetch_key) - else O_YNO(opt, "prefetch", prefetch) - else O_DEC(opt, "cache-max-ttl", max_ttl) - else O_DEC(opt, "cache-max-negative-ttl", max_negative_ttl) - else O_DEC(opt, "cache-min-ttl", min_ttl) - else O_DEC(opt, "infra-host-ttl", host_ttl) - else O_DEC(opt, "infra-cache-slabs", infra_cache_slabs) - else O_DEC(opt, "infra-cache-min-rtt", infra_cache_min_rtt) - else O_MEM(opt, "infra-cache-numhosts", infra_cache_numhosts) - else O_UNS(opt, "delay-close", delay_close) - else O_YNO(opt, "do-ip4", do_ip4) - else O_YNO(opt, "do-ip6", do_ip6) - else O_YNO(opt, "do-udp", do_udp) - else O_YNO(opt, "do-tcp", do_tcp) - else O_YNO(opt, "tcp-upstream", tcp_upstream) - else O_DEC(opt, "tcp-mss", tcp_mss) - else O_DEC(opt, "outgoing-tcp-mss", outgoing_tcp_mss) - else O_YNO(opt, "ssl-upstream", ssl_upstream) - else O_STR(opt, "ssl-service-key", ssl_service_key) - else O_STR(opt, "ssl-service-pem", ssl_service_pem) - else O_DEC(opt, "ssl-port", ssl_port) - else O_YNO(opt, "use-systemd", use_systemd) - else O_YNO(opt, "do-daemonize", do_daemonize) - else O_STR(opt, "chroot", chrootdir) - else O_STR(opt, "username", username) - else O_STR(opt, "directory", directory) - else O_STR(opt, "logfile", logfile) - else O_YNO(opt, "log-queries", log_queries) - else O_YNO(opt, "log-replies", log_replies) - else O_STR(opt, "pidfile", pidfile) - else O_YNO(opt, "hide-identity", hide_identity) - else O_YNO(opt, "hide-version", hide_version) - else O_YNO(opt, "hide-trustanchor", hide_trustanchor) - else O_STR(opt, "identity", identity) - else O_STR(opt, "version", version) - else O_STR(opt, "target-fetch-policy", target_fetch_policy) - else O_YNO(opt, "harden-short-bufsize", harden_short_bufsize) - else O_YNO(opt, "harden-large-queries", harden_large_queries) - else O_YNO(opt, "harden-glue", harden_glue) - else O_YNO(opt, "harden-dnssec-stripped", harden_dnssec_stripped) - else O_YNO(opt, "harden-below-nxdomain", harden_below_nxdomain) - else O_YNO(opt, "harden-referral-path", harden_referral_path) - else O_YNO(opt, "harden-algo-downgrade", harden_algo_downgrade) - else O_YNO(opt, "use-caps-for-id", use_caps_bits_for_id) - else O_LST(opt, "caps-whitelist", caps_whitelist) - else O_DEC(opt, "unwanted-reply-threshold", unwanted_threshold) - else O_YNO(opt, "do-not-query-localhost", donotquery_localhost) - else O_STR(opt, "module-config", module_conf) - else O_STR(opt, "dlv-anchor-file", dlv_anchor_file) - else O_DEC(opt, "val-bogus-ttl", bogus_ttl) - else O_YNO(opt, "val-clean-additional", val_clean_additional) - else O_DEC(opt, "val-log-level", val_log_level) - else O_YNO(opt, "val-permissive-mode", val_permissive_mode) - else O_YNO(opt, "ignore-cd-flag", ignore_cd) - else O_YNO(opt, "serve-expired", serve_expired) - else O_STR(opt, "val-nsec3-keysize-iterations",val_nsec3_key_iterations) - else O_UNS(opt, "add-holddown", add_holddown) - else O_UNS(opt, "del-holddown", del_holddown) - else O_UNS(opt, "keep-missing", keep_missing) - else O_YNO(opt, "permit-small-holddown", permit_small_holddown) - else O_MEM(opt, "key-cache-size", key_cache_size) - else O_DEC(opt, "key-cache-slabs", key_cache_slabs) - else O_MEM(opt, "neg-cache-size", neg_cache_size) - else O_YNO(opt, "control-enable", remote_control_enable) - else O_DEC(opt, "control-port", control_port) - else O_STR(opt, "server-key-file", server_key_file) - else O_STR(opt, "server-cert-file", server_cert_file) - else O_STR(opt, "control-key-file", control_key_file) - else O_STR(opt, "control-cert-file", control_cert_file) - else O_LST(opt, "root-hints", root_hints) - else O_LS2(opt, "access-control", acls) - else O_LST(opt, "do-not-query-address", donotqueryaddrs) - else O_LST(opt, "private-address", private_address) - else O_LST(opt, "private-domain", private_domain) - else O_LST(opt, "auto-trust-anchor-file", auto_trust_anchor_file_list) - else O_LST(opt, "trust-anchor-file", trust_anchor_file_list) - else O_LST(opt, "trust-anchor", trust_anchor_list) - else O_LST(opt, "trusted-keys-file", trusted_keys_file_list) - else O_LST(opt, "dlv-anchor", dlv_anchor_list) - else O_LST(opt, "control-interface", control_ifs) - else O_LST(opt, "domain-insecure", domain_insecure) - else O_UNS(opt, "val-override-date", val_date_override) - else O_YNO(opt, "minimal-responses", minimal_responses) - else O_YNO(opt, "rrset-roundrobin", rrset_roundrobin) -#ifdef CLIENT_SUBNET - else O_LST(opt, "send-client-subnet", client_subnet) - else O_DEC(opt, "max-client-subnet-ipv4", max_client_subnet_ipv4) - else O_DEC(opt, "max-client-subnet-ipv6", max_client_subnet_ipv6) - else O_YNO(opt, "client-subnet-always-forward:", - client_subnet_always_forward) -#endif - else O_YNO(opt, "unblock-lan-zones", unblock_lan_zones) - else O_YNO(opt, "insecure-lan-zones", insecure_lan_zones) - else O_DEC(opt, "max-udp-size", max_udp_size) - else O_STR(opt, "python-script", python_script) - else O_YNO(opt, "disable-dnssec-lame-check", disable_dnssec_lame_check) - else O_DEC(opt, "ip-ratelimit", ip_ratelimit) - else O_DEC(opt, "ratelimit", ratelimit) - else O_MEM(opt, "ip-ratelimit-size", ip_ratelimit_size) - else O_MEM(opt, "ratelimit-size", ratelimit_size) - else O_DEC(opt, "ip-ratelimit-slabs", ip_ratelimit_slabs) - else O_DEC(opt, "ratelimit-slabs", ratelimit_slabs) - else O_LS2(opt, "ratelimit-for-domain", ratelimit_for_domain) - else O_LS2(opt, "ratelimit-below-domain", ratelimit_below_domain) - else O_DEC(opt, "ip-ratelimit-factor", ip_ratelimit_factor) - else O_DEC(opt, "ratelimit-factor", ratelimit_factor) - else O_DEC(opt, "val-sig-skew-min", val_sig_skew_min) - else O_DEC(opt, "val-sig-skew-max", val_sig_skew_max) - else O_YNO(opt, "qname-minimisation", qname_minimisation) - else O_YNO(opt, "qname-minimisation-strict", qname_minimisation_strict) - else O_IFC(opt, "define-tag", num_tags, tagname) - else O_LTG(opt, "local-zone-tag", local_zone_tags) - else O_LTG(opt, "access-control-tag", acl_tags) - else O_LTG(opt, "response-ip-tag", respip_tags) - else O_LS3(opt, "local-zone-override", local_zone_overrides) - else O_LS3(opt, "access-control-tag-action", acl_tag_actions) - else O_LS3(opt, "access-control-tag-data", acl_tag_datas) - else O_LS2(opt, "access-control-view", acl_view) - /* not here: - * outgoing-permit, outgoing-avoid - have list of ports - * local-zone - zones and nodefault variables - * local-data - see below - * local-data-ptr - converted to local-data entries - * stub-zone, name, stub-addr, stub-host, stub-prime - * forward-zone, name, forward-addr, forward-host - */ - else return 0; - return 1; -} - -/** initialize the global cfg_parser object */ -static void -create_cfg_parser(struct config_file* cfg, char* filename, const char* chroot) -{ - static struct config_parser_state st; - cfg_parser = &st; - cfg_parser->filename = filename; - cfg_parser->line = 1; - cfg_parser->errors = 0; - cfg_parser->cfg = cfg; - cfg_parser->chroot = chroot; - init_cfg_parse(); -} - -int -config_read(struct config_file* cfg, const char* filename, const char* chroot) -{ - FILE *in; - char *fname = (char*)filename; -#ifdef HAVE_GLOB - glob_t g; - size_t i; - int r, flags; -#endif - if(!fname) - return 1; - - /* check for wildcards */ -#ifdef HAVE_GLOB - if(!(!strchr(fname, '*') && !strchr(fname, '?') && !strchr(fname, '[') && - !strchr(fname, '{') && !strchr(fname, '~'))) { - verbose(VERB_QUERY, "wildcard found, processing %s", fname); - flags = 0 -#ifdef GLOB_ERR - | GLOB_ERR -#endif -#ifdef GLOB_NOSORT - | GLOB_NOSORT -#endif -#ifdef GLOB_BRACE - | GLOB_BRACE -#endif -#ifdef GLOB_TILDE - | GLOB_TILDE -#endif - ; - memset(&g, 0, sizeof(g)); - r = glob(fname, flags, NULL, &g); - if(r) { - /* some error */ - globfree(&g); - if(r == GLOB_NOMATCH) { - verbose(VERB_QUERY, "include: " - "no matches for %s", fname); - return 1; - } else if(r == GLOB_NOSPACE) { - log_err("include: %s: " - "fnametern out of memory", fname); - } else if(r == GLOB_ABORTED) { - log_err("wildcard include: %s: expansion " - "aborted (%s)", fname, strerror(errno)); - } else { - log_err("wildcard include: %s: expansion " - "failed (%s)", fname, strerror(errno)); - } - /* ignore globs that yield no files */ - return 1; - } - /* process files found, if any */ - for(i=0; i<(size_t)g.gl_pathc; i++) { - if(!config_read(cfg, g.gl_pathv[i], chroot)) { - log_err("error reading wildcard " - "include: %s", g.gl_pathv[i]); - globfree(&g); - return 0; - } - } - globfree(&g); - return 1; - } -#endif /* HAVE_GLOB */ - - in = fopen(fname, "r"); - if(!in) { - log_err("Could not open %s: %s", fname, strerror(errno)); - return 0; - } - create_cfg_parser(cfg, fname, chroot); - ub_c_in = in; - ub_c_parse(); - fclose(in); - - if(!cfg->dnscrypt) cfg->dnscrypt_port = 0; - - if(cfg_parser->errors != 0) { - fprintf(stderr, "read %s failed: %d errors in configuration file\n", - fname, cfg_parser->errors); - errno=EINVAL; - return 0; - } - - return 1; -} - -struct config_stub* cfg_stub_find(struct config_stub*** pp, const char* nm) -{ - struct config_stub* p = *(*pp); - while(p) { - if(strcmp(p->name, nm) == 0) - return p; - (*pp) = &p->next; - p = p->next; - } - return NULL; -} - -void -config_delstrlist(struct config_strlist* p) -{ - struct config_strlist *np; - while(p) { - np = p->next; - free(p->str); - free(p); - p = np; - } -} - -void -config_deldblstrlist(struct config_str2list* p) -{ - struct config_str2list *np; - while(p) { - np = p->next; - free(p->str); - free(p->str2); - free(p); - p = np; - } -} - -void -config_deltrplstrlist(struct config_str3list* p) -{ - struct config_str3list *np; - while(p) { - np = p->next; - free(p->str); - free(p->str2); - free(p->str3); - free(p); - p = np; - } -} - -void -config_delstub(struct config_stub* p) -{ - if(!p) return; - free(p->name); - config_delstrlist(p->hosts); - config_delstrlist(p->addrs); - free(p); -} - -void -config_delstubs(struct config_stub* p) -{ - struct config_stub* np; - while(p) { - np = p->next; - config_delstub(p); - p = np; - } -} - -void -config_delview(struct config_view* p) -{ - if(!p) return; - free(p->name); - config_deldblstrlist(p->local_zones); - config_delstrlist(p->local_zones_nodefault); - config_delstrlist(p->local_data); - free(p); -} - -void -config_delviews(struct config_view* p) -{ - struct config_view* np; - while(p) { - np = p->next; - config_delview(p); - p = np; - } -} -/** delete string array */ -static void -config_del_strarray(char** array, int num) -{ - int i; - if(!array) - return; - for(i=0; inext; - free(p->str); - free(p->str2); - free(p); - p = np; - } -} - -void -config_delete(struct config_file* cfg) -{ - if(!cfg) return; - free(cfg->username); - free(cfg->chrootdir); - free(cfg->directory); - free(cfg->logfile); - free(cfg->pidfile); - free(cfg->target_fetch_policy); - free(cfg->ssl_service_key); - free(cfg->ssl_service_pem); - free(cfg->log_identity); - config_del_strarray(cfg->ifs, cfg->num_ifs); - config_del_strarray(cfg->out_ifs, cfg->num_out_ifs); - config_delstubs(cfg->stubs); - config_delstubs(cfg->forwards); - config_delviews(cfg->views); - config_delstrlist(cfg->donotqueryaddrs); - config_delstrlist(cfg->root_hints); -#ifdef CLIENT_SUBNET - config_delstrlist(cfg->client_subnet); -#endif - free(cfg->identity); - free(cfg->version); - free(cfg->module_conf); - free(cfg->outgoing_avail_ports); - config_delstrlist(cfg->caps_whitelist); - config_delstrlist(cfg->private_address); - config_delstrlist(cfg->private_domain); - config_delstrlist(cfg->auto_trust_anchor_file_list); - config_delstrlist(cfg->trust_anchor_file_list); - config_delstrlist(cfg->trusted_keys_file_list); - config_delstrlist(cfg->trust_anchor_list); - config_delstrlist(cfg->domain_insecure); - free(cfg->dlv_anchor_file); - config_delstrlist(cfg->dlv_anchor_list); - config_deldblstrlist(cfg->acls); - free(cfg->val_nsec3_key_iterations); - config_deldblstrlist(cfg->local_zones); - config_delstrlist(cfg->local_zones_nodefault); - config_delstrlist(cfg->local_data); - config_deltrplstrlist(cfg->local_zone_overrides); - config_del_strarray(cfg->tagname, cfg->num_tags); - config_del_strbytelist(cfg->local_zone_tags); - config_del_strbytelist(cfg->acl_tags); - config_del_strbytelist(cfg->respip_tags); - config_deltrplstrlist(cfg->acl_tag_actions); - config_deltrplstrlist(cfg->acl_tag_datas); - config_delstrlist(cfg->control_ifs); - free(cfg->server_key_file); - free(cfg->server_cert_file); - free(cfg->control_key_file); - free(cfg->control_cert_file); - free(cfg->dns64_prefix); - free(cfg->dnstap_socket_path); - free(cfg->dnstap_identity); - free(cfg->dnstap_version); - config_deldblstrlist(cfg->ratelimit_for_domain); - config_deldblstrlist(cfg->ratelimit_below_domain); - free(cfg); -} - -static void -init_outgoing_availports(int* a, int num) -{ - /* generated with make iana_update */ - const int iana_assigned[] = { -#include "util/iana_ports.inc" - -1 }; /* end marker to put behind trailing comma */ - - int i; - /* do not use <1024, that could be trouble with the system, privs */ - for(i=1024; i= (int)sizeof(buf) ) { - log_err("cannot parse port number '%s'", str); - return 0; - } - if(mid > str) - memcpy(buf, str, (size_t)(mid-str)); - buf[mid-str] = 0; - low = atoi(buf); - if(low == 0 && strcmp(buf, "0") != 0) { - log_err("cannot parse port number '%s'", buf); - return 0; - } - for(i=low; i<=high; i++) { - if(i < num) - avail[i] = (allow?i:0); - } - return 1; - } - return 1; -} - -int -cfg_scan_ports(int* avail, int num) -{ - int i; - int count = 0; - for(i=0; ioutgoing_avail_ports, 65536); - int i, at = 0; - *avail = NULL; - if(num == 0) - return 0; - *avail = (int*)reallocarray(NULL, (size_t)num, sizeof(int)); - if(!*avail) - return 0; - for(i=0; i<65536; i++) { - if(cfg->outgoing_avail_ports[i]) - (*avail)[at++] = cfg->outgoing_avail_ports[i]; - } - log_assert(at == num); - return num; -} - -/** print error with file and line number */ -static void ub_c_error_va_list(const char *fmt, va_list args) -{ - cfg_parser->errors++; - fprintf(stderr, "%s:%d: error: ", cfg_parser->filename, - cfg_parser->line); - vfprintf(stderr, fmt, args); - fprintf(stderr, "\n"); -} - -/** print error with file and line number */ -void ub_c_error_msg(const char* fmt, ...) -{ - va_list args; - va_start(args, fmt); - ub_c_error_va_list(fmt, args); - va_end(args); -} - -void ub_c_error(const char *str) -{ - cfg_parser->errors++; - fprintf(stderr, "%s:%d: error: %s\n", cfg_parser->filename, - cfg_parser->line, str); -} - -int ub_c_wrap(void) -{ - return 1; -} - -int cfg_strlist_append(struct config_strlist_head* list, char* item) -{ - struct config_strlist *s; - if(!item || !list) - return 0; - s = (struct config_strlist*)calloc(1, sizeof(struct config_strlist)); - if(!s) - return 0; - s->str = item; - s->next = NULL; - if(list->last) - list->last->next = s; - else - list->first = s; - list->last = s; - return 1; -} - -int -cfg_region_strlist_insert(struct regional* region, - struct config_strlist** head, char* item) -{ - struct config_strlist *s; - if(!item || !head) - return 0; - s = (struct config_strlist*)regional_alloc_zero(region, - sizeof(struct config_strlist)); - if(!s) - return 0; - s->str = item; - s->next = *head; - *head = s; - return 1; -} - -int -cfg_strlist_insert(struct config_strlist** head, char* item) -{ - struct config_strlist *s; - if(!item || !head) - return 0; - s = (struct config_strlist*)calloc(1, sizeof(struct config_strlist)); - if(!s) - return 0; - s->str = item; - s->next = *head; - *head = s; - return 1; -} - -int -cfg_str2list_insert(struct config_str2list** head, char* item, char* i2) -{ - struct config_str2list *s; - if(!item || !i2 || !head) - return 0; - s = (struct config_str2list*)calloc(1, sizeof(struct config_str2list)); - if(!s) - return 0; - s->str = item; - s->str2 = i2; - s->next = *head; - *head = s; - return 1; -} - -int -cfg_str3list_insert(struct config_str3list** head, char* item, char* i2, - char* i3) -{ - struct config_str3list *s; - if(!item || !i2 || !i3 || !head) - return 0; - s = (struct config_str3list*)calloc(1, sizeof(struct config_str3list)); - if(!s) - return 0; - s->str = item; - s->str2 = i2; - s->str3 = i3; - s->next = *head; - *head = s; - return 1; -} - -int -cfg_strbytelist_insert(struct config_strbytelist** head, char* item, - uint8_t* i2, size_t i2len) -{ - struct config_strbytelist* s; - if(!item || !i2 || !head) - return 0; - s = (struct config_strbytelist*)calloc(1, sizeof(*s)); - if(!s) - return 0; - s->str = item; - s->str2 = i2; - s->str2len = i2len; - s->next = *head; - *head = s; - return 1; -} - -time_t -cfg_convert_timeval(const char* str) -{ - time_t t; - struct tm tm; - memset(&tm, 0, sizeof(tm)); - if(strlen(str) < 14) - return 0; - if(sscanf(str, "%4d%2d%2d%2d%2d%2d", &tm.tm_year, &tm.tm_mon, - &tm.tm_mday, &tm.tm_hour, &tm.tm_min, &tm.tm_sec) != 6) - return 0; - tm.tm_year -= 1900; - tm.tm_mon--; - /* Check values */ - if (tm.tm_year < 70) return 0; - if (tm.tm_mon < 0 || tm.tm_mon > 11) return 0; - if (tm.tm_mday < 1 || tm.tm_mday > 31) return 0; - if (tm.tm_hour < 0 || tm.tm_hour > 23) return 0; - if (tm.tm_min < 0 || tm.tm_min > 59) return 0; - if (tm.tm_sec < 0 || tm.tm_sec > 59) return 0; - /* call ldns conversion function */ - t = sldns_mktime_from_utc(&tm); - return t; -} - -int -cfg_count_numbers(const char* s) -{ - /* format ::= (sp num)+ sp */ - /* num ::= [-](0-9)+ */ - /* sp ::= (space|tab)* */ - int num = 0; - while(*s) { - while(*s && isspace((unsigned char)*s)) - s++; - if(!*s) /* end of string */ - break; - if(*s == '-') - s++; - if(!*s) /* only - not allowed */ - return 0; - if(!isdigit((unsigned char)*s)) /* bad character */ - return 0; - while(*s && isdigit((unsigned char)*s)) - s++; - num++; - } - return num; -} - -/** all digit number */ -static int isalldigit(const char* str, size_t l) -{ - size_t i; - for(i=0; i0 && str[len-1]==' ') - len--; - if(len > 1 && str[len-1] == 'b') - len--; - else if(len > 1 && str[len-1] == 'B') - len--; - - if(len > 1 && tolower((unsigned char)str[len-1]) == 'g') - mult = 1024*1024*1024; - else if(len > 1 && tolower((unsigned char)str[len-1]) == 'm') - mult = 1024*1024; - else if(len > 1 && tolower((unsigned char)str[len-1]) == 'k') - mult = 1024; - else if(len > 0 && isdigit((unsigned char)str[len-1])) - mult = 1; - else { - log_err("unknown size specifier: '%s'", str); - return 0; - } - while(len>1 && str[len-2]==' ') - len--; - - if(!isalldigit(str, len-1)) { - log_err("unknown size specifier: '%s'", str); - return 0; - } - *res = ((size_t)atol(str)) * mult; - return 1; -} - -int -find_tag_id(struct config_file* cfg, const char* tag) -{ - int i; - for(i=0; inum_tags; i++) { - if(strcmp(cfg->tagname[i], tag) == 0) - return i; - } - return -1; -} - -int -config_add_tag(struct config_file* cfg, const char* tag) -{ - char** newarray; - char* newtag; - if(find_tag_id(cfg, tag) != -1) - return 1; /* nothing to do */ - newarray = (char**)malloc(sizeof(char*)*(cfg->num_tags+1)); - if(!newarray) - return 0; - newtag = strdup(tag); - if(!newtag) { - free(newarray); - return 0; - } - if(cfg->tagname) { - memcpy(newarray, cfg->tagname, sizeof(char*)*cfg->num_tags); - free(cfg->tagname); - } - newarray[cfg->num_tags++] = newtag; - cfg->tagname = newarray; - return 1; -} - -/** set a bit in a bit array */ -static void -cfg_set_bit(uint8_t* bitlist, size_t len, int id) -{ - int pos = id/8; - log_assert((size_t)pos < len); - (void)len; - bitlist[pos] |= 1<<(id%8); -} - -uint8_t* config_parse_taglist(struct config_file* cfg, char* str, - size_t* listlen) -{ - uint8_t* taglist = NULL; - size_t len = 0; - char* p, *s; - - /* allocate */ - if(cfg->num_tags == 0) { - log_err("parse taglist, but no tags defined"); - return 0; - } - len = (size_t)(cfg->num_tags+7)/8; - taglist = calloc(1, len); - if(!taglist) { - log_err("out of memory"); - return 0; - } - - /* parse */ - s = str; - while((p=strsep(&s, " \t\n")) != NULL) { - if(*p) { - int id = find_tag_id(cfg, p); - /* set this bit in the bitlist */ - if(id == -1) { - log_err("unknown tag: %s", p); - free(taglist); - return 0; - } - cfg_set_bit(taglist, len, id); - } - } - - *listlen = len; - return taglist; -} - -char* config_taglist2str(struct config_file* cfg, uint8_t* taglist, - size_t taglen) -{ - char buf[10240]; - size_t i, j, len = 0; - buf[0] = 0; - for(i=0; itagname[id]); - len += strlen(buf+len); - } - } - } - return strdup(buf); -} - -int taglist_intersect(uint8_t* list1, size_t list1len, uint8_t* list2, - size_t list2len) -{ - size_t i; - if(!list1 || !list2) - return 0; - for(i=0; imax_ttl; - MIN_TTL = (time_t)config->min_ttl; - MAX_NEG_TTL = (time_t)config->max_negative_ttl; - RTT_MIN_TIMEOUT = config->infra_cache_min_rtt; - EDNS_ADVERTISED_SIZE = (uint16_t)config->edns_buffer_size; - MINIMAL_RESPONSES = config->minimal_responses; - RRSET_ROUNDROBIN = config->rrset_roundrobin; - log_set_time_asc(config->log_time_ascii); - autr_permit_small_holddown = config->permit_small_holddown; -} - -void config_lookup_uid(struct config_file* cfg) -{ -#ifdef HAVE_GETPWNAM - /* translate username into uid and gid */ - if(cfg->username && cfg->username[0]) { - struct passwd *pwd; - if((pwd = getpwnam(cfg->username)) != NULL) { - cfg_uid = pwd->pw_uid; - cfg_gid = pwd->pw_gid; - } - } -#else - (void)cfg; -#endif -} - -/** - * Calculate string length of full pathname in original filesys - * @param fname: the path name to convert. - * Must not be null or empty. - * @param cfg: config struct for chroot and chdir (if set). - * @param use_chdir: if false, only chroot is applied. - * @return length of string. - * remember to allocate one more for 0 at end in mallocs. - */ -static size_t -strlen_after_chroot(const char* fname, struct config_file* cfg, int use_chdir) -{ - size_t len = 0; - int slashit = 0; - if(cfg->chrootdir && cfg->chrootdir[0] && - strncmp(cfg->chrootdir, fname, strlen(cfg->chrootdir)) == 0) { - /* already full pathname, return it */ - return strlen(fname); - } - /* chroot */ - if(cfg->chrootdir && cfg->chrootdir[0]) { - /* start with chrootdir */ - len += strlen(cfg->chrootdir); - slashit = 1; - } - /* chdir */ -#ifdef UB_ON_WINDOWS - if(fname[0] != 0 && fname[1] == ':') { - /* full path, no chdir */ - } else -#endif - if(fname[0] == '/' || !use_chdir) { - /* full path, no chdir */ - } else if(cfg->directory && cfg->directory[0]) { - /* prepend chdir */ - if(slashit && cfg->directory[0] != '/') - len++; - if(cfg->chrootdir && cfg->chrootdir[0] && - strncmp(cfg->chrootdir, cfg->directory, - strlen(cfg->chrootdir)) == 0) - len += strlen(cfg->directory)-strlen(cfg->chrootdir); - else len += strlen(cfg->directory); - slashit = 1; - } - /* fname */ - if(slashit && fname[0] != '/') - len++; - len += strlen(fname); - return len; -} - -char* -fname_after_chroot(const char* fname, struct config_file* cfg, int use_chdir) -{ - size_t len = strlen_after_chroot(fname, cfg, use_chdir)+1; - int slashit = 0; - char* buf = (char*)malloc(len); - if(!buf) - return NULL; - buf[0] = 0; - /* is fname already in chroot ? */ - if(cfg->chrootdir && cfg->chrootdir[0] && - strncmp(cfg->chrootdir, fname, strlen(cfg->chrootdir)) == 0) { - /* already full pathname, return it */ - (void)strlcpy(buf, fname, len); - buf[len-1] = 0; - return buf; - } - /* chroot */ - if(cfg->chrootdir && cfg->chrootdir[0]) { - /* start with chrootdir */ - (void)strlcpy(buf, cfg->chrootdir, len); - slashit = 1; - } -#ifdef UB_ON_WINDOWS - if(fname[0] != 0 && fname[1] == ':') { - /* full path, no chdir */ - } else -#endif - /* chdir */ - if(fname[0] == '/' || !use_chdir) { - /* full path, no chdir */ - } else if(cfg->directory && cfg->directory[0]) { - /* prepend chdir */ - if(slashit && cfg->directory[0] != '/') - (void)strlcat(buf, "/", len); - /* is the directory already in the chroot? */ - if(cfg->chrootdir && cfg->chrootdir[0] && - strncmp(cfg->chrootdir, cfg->directory, - strlen(cfg->chrootdir)) == 0) - (void)strlcat(buf, cfg->directory+strlen(cfg->chrootdir), - len); - else (void)strlcat(buf, cfg->directory, len); - slashit = 1; - } - /* fname */ - if(slashit && fname[0] != '/') - (void)strlcat(buf, "/", len); - (void)strlcat(buf, fname, len); - buf[len-1] = 0; - return buf; -} - -/** return next space character in string */ -static char* next_space_pos(const char* str) -{ - char* sp = strchr(str, ' '); - char* tab = strchr(str, '\t'); - if(!tab && !sp) - return NULL; - if(!sp) return tab; - if(!tab) return sp; - return (sptab)?sp:tab; -} - -int -cfg_parse_local_zone(struct config_file* cfg, const char* val) -{ - const char *type, *name_end, *name; - char buf[256]; - - /* parse it as: [zone_name] [between stuff] [zone_type] */ - name = val; - while(*name && isspace((unsigned char)*name)) - name++; - if(!*name) { - log_err("syntax error: too short: %s", val); - return 0; - } - name_end = next_space_pos(name); - if(!name_end || !*name_end) { - log_err("syntax error: expected zone type: %s", val); - return 0; - } - if (name_end - name > 255) { - log_err("syntax error: bad zone name: %s", val); - return 0; - } - (void)strlcpy(buf, name, sizeof(buf)); - buf[name_end-name] = '\0'; - - type = last_space_pos(name_end); - while(type && *type && isspace((unsigned char)*type)) - type++; - if(!type || !*type) { - log_err("syntax error: expected zone type: %s", val); - return 0; - } - - if(strcmp(type, "nodefault")==0) { - return cfg_strlist_insert(&cfg->local_zones_nodefault, - strdup(name)); - } else { - return cfg_str2list_insert(&cfg->local_zones, strdup(buf), - strdup(type)); - } -} - -char* cfg_ptr_reverse(char* str) -{ - char* ip, *ip_end; - char* name; - char* result; - char buf[1024]; - struct sockaddr_storage addr; - socklen_t addrlen; - - /* parse it as: [IP] [between stuff] [name] */ - ip = str; - while(*ip && isspace((unsigned char)*ip)) - ip++; - if(!*ip) { - log_err("syntax error: too short: %s", str); - return NULL; - } - ip_end = next_space_pos(ip); - if(!ip_end || !*ip_end) { - log_err("syntax error: expected name: %s", str); - return NULL; - } - - name = last_space_pos(ip_end); - if(!name || !*name) { - log_err("syntax error: expected name: %s", str); - return NULL; - } - - sscanf(ip, "%100s", buf); - buf[sizeof(buf)-1]=0; - - if(!ipstrtoaddr(buf, UNBOUND_DNS_PORT, &addr, &addrlen)) { - log_err("syntax error: cannot parse address: %s", str); - return NULL; - } - - /* reverse IPv4: - * ddd.ddd.ddd.ddd.in-addr-arpa. - * IPv6: (h.){32}.ip6.arpa. */ - - if(addr_is_ip6(&addr, addrlen)) { - uint8_t ad[16]; - const char* hex = "0123456789abcdef"; - char *p = buf; - int i; - memmove(ad, &((struct sockaddr_in6*)&addr)->sin6_addr, - sizeof(ad)); - for(i=15; i>=0; i--) { - uint8_t b = ad[i]; - *p++ = hex[ (b&0x0f) ]; - *p++ = '.'; - *p++ = hex[ (b&0xf0) >> 4 ]; - *p++ = '.'; - } - snprintf(buf+16*4, sizeof(buf)-16*4, "ip6.arpa. "); - } else { - uint8_t ad[4]; - memmove(ad, &((struct sockaddr_in*)&addr)->sin_addr, - sizeof(ad)); - snprintf(buf, sizeof(buf), "%u.%u.%u.%u.in-addr.arpa. ", - (unsigned)ad[3], (unsigned)ad[2], - (unsigned)ad[1], (unsigned)ad[0]); - } - - /* printed the reverse address, now the between goop and name on end */ - while(*ip_end && isspace((unsigned char)*ip_end)) - ip_end++; - if(name>ip_end) { - snprintf(buf+strlen(buf), sizeof(buf)-strlen(buf), "%.*s", - (int)(name-ip_end), ip_end); - } - snprintf(buf+strlen(buf), sizeof(buf)-strlen(buf), " PTR %s", name); - - result = strdup(buf); - if(!result) { - log_err("out of memory parsing %s", str); - return NULL; - } - return result; -} - -#ifdef UB_ON_WINDOWS -char* -w_lookup_reg_str(const char* key, const char* name) -{ - HKEY hk = NULL; - DWORD type = 0; - BYTE buf[1024]; - DWORD len = (DWORD)sizeof(buf); - LONG ret; - char* result = NULL; - ret = RegOpenKeyEx(HKEY_LOCAL_MACHINE, key, 0, KEY_READ, &hk); - if(ret == ERROR_FILE_NOT_FOUND) - return NULL; /* key does not exist */ - else if(ret != ERROR_SUCCESS) { - log_err("RegOpenKeyEx failed"); - return NULL; - } - ret = RegQueryValueEx(hk, (LPCTSTR)name, 0, &type, buf, &len); - if(RegCloseKey(hk)) - log_err("RegCloseKey"); - if(ret == ERROR_FILE_NOT_FOUND) - return NULL; /* name does not exist */ - else if(ret != ERROR_SUCCESS) { - log_err("RegQueryValueEx failed"); - return NULL; - } - if(type == REG_SZ || type == REG_MULTI_SZ || type == REG_EXPAND_SZ) { - buf[sizeof(buf)-1] = 0; - buf[sizeof(buf)-2] = 0; /* for multi_sz */ - result = strdup((char*)buf); - if(!result) log_err("out of memory"); - } - return result; -} - -void w_config_adjust_directory(struct config_file* cfg) -{ - if(cfg->directory && cfg->directory[0]) { - TCHAR dirbuf[2*MAX_PATH+4]; - if(strcmp(cfg->directory, "%EXECUTABLE%") == 0) { - /* get executable path, and if that contains - * directories, snip off the filename part */ - dirbuf[0] = 0; - if(!GetModuleFileName(NULL, dirbuf, MAX_PATH)) - log_err("could not GetModuleFileName"); - if(strrchr(dirbuf, '\\')) { - (strrchr(dirbuf, '\\'))[0] = 0; - } else log_err("GetModuleFileName had no path"); - if(dirbuf[0]) { - /* adjust directory for later lookups to work*/ - free(cfg->directory); - cfg->directory = memdup(dirbuf, strlen(dirbuf)+1); - } - } - } -} -#endif /* UB_ON_WINDOWS */ - -void errinf(struct module_qstate* qstate, const char* str) -{ - struct config_strlist* p; - if(qstate->env->cfg->val_log_level < 2 || !str) - return; - p = (struct config_strlist*)regional_alloc(qstate->region, sizeof(*p)); - if(!p) { - log_err("malloc failure in validator-error-info string"); - return; - } - p->next = NULL; - p->str = regional_strdup(qstate->region, str); - if(!p->str) { - log_err("malloc failure in validator-error-info string"); - return; - } - /* add at end */ - if(qstate->errinf) { - struct config_strlist* q = qstate->errinf; - while(q->next) - q = q->next; - q->next = p; - } else qstate->errinf = p; -} - -void errinf_origin(struct module_qstate* qstate, struct sock_list *origin) -{ - struct sock_list* p; - if(qstate->env->cfg->val_log_level < 2) - return; - for(p=origin; p; p=p->next) { - char buf[256]; - if(p == origin) - snprintf(buf, sizeof(buf), "from "); - else snprintf(buf, sizeof(buf), "and "); - if(p->len == 0) - snprintf(buf+strlen(buf), sizeof(buf)-strlen(buf), - "cache"); - else - addr_to_str(&p->addr, p->len, buf+strlen(buf), - sizeof(buf)-strlen(buf)); - errinf(qstate, buf); - } -} - -char* errinf_to_str(struct module_qstate* qstate) -{ - char buf[20480]; - char* p = buf; - size_t left = sizeof(buf); - struct config_strlist* s; - char dname[LDNS_MAX_DOMAINLEN+1]; - char t[16], c[16]; - sldns_wire2str_type_buf(qstate->qinfo.qtype, t, sizeof(t)); - sldns_wire2str_class_buf(qstate->qinfo.qclass, c, sizeof(c)); - dname_str(qstate->qinfo.qname, dname); - snprintf(p, left, "validation failure <%s %s %s>:", dname, t, c); - left -= strlen(p); p += strlen(p); - if(!qstate->errinf) - snprintf(p, left, " misc failure"); - else for(s=qstate->errinf; s; s=s->next) { - snprintf(p, left, " %s", s->str); - left -= strlen(p); p += strlen(p); - } - p = strdup(buf); - if(!p) - log_err("malloc failure in errinf_to_str"); - return p; -} - -void errinf_rrset(struct module_qstate* qstate, struct ub_packed_rrset_key *rr) -{ - char buf[1024]; - char dname[LDNS_MAX_DOMAINLEN+1]; - char t[16], c[16]; - if(qstate->env->cfg->val_log_level < 2 || !rr) - return; - sldns_wire2str_type_buf(ntohs(rr->rk.type), t, sizeof(t)); - sldns_wire2str_class_buf(ntohs(rr->rk.rrset_class), c, sizeof(c)); - dname_str(rr->rk.dname, dname); - snprintf(buf, sizeof(buf), "for <%s %s %s>", dname, t, c); - errinf(qstate, buf); -} - -void errinf_dname(struct module_qstate* qstate, const char* str, uint8_t* dname) -{ - char b[1024]; - char buf[LDNS_MAX_DOMAINLEN+1]; - if(qstate->env->cfg->val_log_level < 2 || !str || !dname) - return; - dname_str(dname, buf); - snprintf(b, sizeof(b), "%s %s", str, buf); - errinf(qstate, b); -} diff --git a/external/unbound/util/config_file.h b/external/unbound/util/config_file.h deleted file mode 100644 index 79b094894..000000000 --- a/external/unbound/util/config_file.h +++ /dev/null @@ -1,1009 +0,0 @@ -/* - * util/config_file.h - reads and stores the config file for unbound. - * - * Copyright (c) 2007, NLnet Labs. All rights reserved. - * - * This software is open source. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * Redistributions of source code must retain the above copyright notice, - * this list of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, - * this list of conditions and the following disclaimer in the documentation - * and/or other materials provided with the distribution. - * - * Neither the name of the NLNET LABS nor the names of its contributors may - * be used to endorse or promote products derived from this software without - * specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR - * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT - * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED - * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR - * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF - * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING - * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -/** - * \file - * - * This file contains functions for the config file. - */ - -#ifndef UTIL_CONFIG_FILE_H -#define UTIL_CONFIG_FILE_H -struct config_stub; -struct config_view; -struct config_strlist; -struct config_str2list; -struct config_str3list; -struct config_strbytelist; -struct module_qstate; -struct sock_list; -struct ub_packed_rrset_key; -struct regional; - -/** - * The configuration options. - * Strings are malloced. - */ -struct config_file { - /** verbosity level as specified in the config file */ - int verbosity; - - /** statistics interval (in seconds) */ - int stat_interval; - /** if false, statistics values are reset after printing them */ - int stat_cumulative; - /** if true, the statistics are kept in greater detail */ - int stat_extended; - - /** number of threads to create */ - int num_threads; - - /** port on which queries are answered. */ - int port; - /** do ip4 query support. */ - int do_ip4; - /** do ip6 query support. */ - int do_ip6; - /** prefer ip6 upstream queries. */ - int prefer_ip6; - /** do udp query support. */ - int do_udp; - /** do tcp query support. */ - int do_tcp; - /** tcp upstream queries (no UDP upstream queries) */ - int tcp_upstream; - /** maximum segment size of tcp socket which queries are answered */ - int tcp_mss; - /** maximum segment size of tcp socket for outgoing queries */ - int outgoing_tcp_mss; - - /** private key file for dnstcp-ssl service (enabled if not NULL) */ - char* ssl_service_key; - /** public key file for dnstcp-ssl service */ - char* ssl_service_pem; - /** port on which to provide ssl service */ - int ssl_port; - /** if outgoing tcp connections use SSL */ - int ssl_upstream; - - /** outgoing port range number of ports (per thread) */ - int outgoing_num_ports; - /** number of outgoing tcp buffers per (per thread) */ - size_t outgoing_num_tcp; - /** number of incoming tcp buffers per (per thread) */ - size_t incoming_num_tcp; - /** allowed udp port numbers, array with 0 if not allowed */ - int* outgoing_avail_ports; - - /** EDNS buffer size to use */ - size_t edns_buffer_size; - /** number of bytes buffer size for DNS messages */ - size_t msg_buffer_size; - /** size of the message cache */ - size_t msg_cache_size; - /** slabs in the message cache. */ - size_t msg_cache_slabs; - /** number of queries every thread can service */ - size_t num_queries_per_thread; - /** number of msec to wait before items can be jostled out */ - size_t jostle_time; - /** size of the rrset cache */ - size_t rrset_cache_size; - /** slabs in the rrset cache */ - size_t rrset_cache_slabs; - /** host cache ttl in seconds */ - int host_ttl; - /** number of slabs in the infra host cache */ - size_t infra_cache_slabs; - /** max number of hosts in the infra cache */ - size_t infra_cache_numhosts; - /** min value for infra cache rtt */ - int infra_cache_min_rtt; - /** delay close of udp-timeouted ports, if 0 no delayclose. in msec */ - int delay_close; - - /** the target fetch policy for the iterator */ - char* target_fetch_policy; - - /** automatic interface for incoming messages. Uses ipv6 remapping, - * and recvmsg/sendmsg ancillary data to detect interfaces, boolean */ - int if_automatic; - /** SO_RCVBUF size to set on port 53 UDP socket */ - size_t so_rcvbuf; - /** SO_SNDBUF size to set on port 53 UDP socket */ - size_t so_sndbuf; - /** SO_REUSEPORT requested on port 53 sockets */ - int so_reuseport; - /** IP_TRANSPARENT socket option requested on port 53 sockets */ - int ip_transparent; - /** IP_FREEBIND socket option request on port 53 sockets */ - int ip_freebind; - - /** number of interfaces to open. If 0 default all interfaces. */ - int num_ifs; - /** interface description strings (IP addresses) */ - char **ifs; - - /** number of outgoing interfaces to open. - * If 0 default all interfaces. */ - int num_out_ifs; - /** outgoing interface description strings (IP addresses) */ - char **out_ifs; - - /** the root hints */ - struct config_strlist* root_hints; - /** the stub definitions, linked list */ - struct config_stub* stubs; - /** the forward zone definitions, linked list */ - struct config_stub* forwards; - /** the views definitions, linked list */ - struct config_view* views; - /** list of donotquery addresses, linked list */ - struct config_strlist* donotqueryaddrs; -#ifdef CLIENT_SUBNET - /** list of servers we send edns-client-subnet option to and - * accept option from, linked list */ - struct config_strlist* client_subnet; - /** opcode assigned by IANA for edns0-client-subnet option */ - uint16_t client_subnet_opcode; - /** Do not check whitelist if incoming query contains an ECS record */ - int client_subnet_always_forward; - /** Subnet length we are willing to give up privacy for */ - uint8_t max_client_subnet_ipv4; - uint8_t max_client_subnet_ipv6; -#endif - /** list of access control entries, linked list */ - struct config_str2list* acls; - /** use default localhost donotqueryaddr entries */ - int donotquery_localhost; - - /** harden against very small edns buffer sizes */ - int harden_short_bufsize; - /** harden against very large query sizes */ - int harden_large_queries; - /** harden against spoofed glue (out of zone data) */ - int harden_glue; - /** harden against receiving no DNSSEC data for trust anchor */ - int harden_dnssec_stripped; - /** harden against queries that fall under known nxdomain names */ - int harden_below_nxdomain; - /** harden the referral path, query for NS,A,AAAA and validate */ - int harden_referral_path; - /** harden against algorithm downgrade */ - int harden_algo_downgrade; - /** use 0x20 bits in query as random ID bits */ - int use_caps_bits_for_id; - /** 0x20 whitelist, domains that do not use capsforid */ - struct config_strlist* caps_whitelist; - /** strip away these private addrs from answers, no DNS Rebinding */ - struct config_strlist* private_address; - /** allow domain (and subdomains) to use private address space */ - struct config_strlist* private_domain; - /** what threshold for unwanted action. */ - size_t unwanted_threshold; - /** the number of seconds maximal TTL used for RRsets and messages */ - int max_ttl; - /** the number of seconds minimum TTL used for RRsets and messages */ - int min_ttl; - /** the number of seconds maximal negative TTL for SOA in auth */ - int max_negative_ttl; - /** if prefetching of messages should be performed. */ - int prefetch; - /** if prefetching of DNSKEYs should be performed. */ - int prefetch_key; - - /** chrootdir, if not "" or chroot will be done */ - char* chrootdir; - /** username to change to, if not "". */ - char* username; - /** working directory */ - char* directory; - /** filename to log to. */ - char* logfile; - /** pidfile to write pid to. */ - char* pidfile; - - /** should log messages be sent to syslogd */ - int use_syslog; - /** log timestamp in ascii UTC */ - int log_time_ascii; - /** log queries with one line per query */ - int log_queries; - /** log replies with one line per reply */ - int log_replies; - /** log identity to report */ - char* log_identity; - - /** do not report identity (id.server, hostname.bind) */ - int hide_identity; - /** do not report version (version.server, version.bind) */ - int hide_version; - /** do not report trustanchor (trustanchor.unbound) */ - int hide_trustanchor; - /** identity, hostname is returned if "". */ - char* identity; - /** version, package version returned if "". */ - char* version; - - /** the module configuration string */ - char* module_conf; - - /** files with trusted DS and DNSKEYs in zonefile format, list */ - struct config_strlist* trust_anchor_file_list; - /** list of trustanchor keys, linked list */ - struct config_strlist* trust_anchor_list; - /** files with 5011 autotrust tracked keys */ - struct config_strlist* auto_trust_anchor_file_list; - /** files with trusted DNSKEYs in named.conf format, list */ - struct config_strlist* trusted_keys_file_list; - /** DLV anchor file */ - char* dlv_anchor_file; - /** DLV anchor inline */ - struct config_strlist* dlv_anchor_list; - /** insecure domain list */ - struct config_strlist* domain_insecure; - - /** if not 0, this value is the validation date for RRSIGs */ - int32_t val_date_override; - /** the minimum for signature clock skew */ - int32_t val_sig_skew_min; - /** the maximum for signature clock skew */ - int32_t val_sig_skew_max; - /** this value sets the number of seconds before revalidating bogus */ - int bogus_ttl; - /** should validator clean additional section for secure msgs */ - int val_clean_additional; - /** log bogus messages by the validator */ - int val_log_level; - /** squelch val_log_level to log - this is library goes to callback */ - int val_log_squelch; - /** should validator allow bogus messages to go through */ - int val_permissive_mode; - /** ignore the CD flag in incoming queries and refuse them bogus data */ - int ignore_cd; - /** serve expired entries and prefetch them */ - int serve_expired; - /** nsec3 maximum iterations per key size, string */ - char* val_nsec3_key_iterations; - /** autotrust add holddown time, in seconds */ - unsigned int add_holddown; - /** autotrust del holddown time, in seconds */ - unsigned int del_holddown; - /** autotrust keep_missing time, in seconds. 0 is forever. */ - unsigned int keep_missing; - /** permit small holddown values, allowing 5011 rollover very fast */ - int permit_small_holddown; - - /** size of the key cache */ - size_t key_cache_size; - /** slabs in the key cache. */ - size_t key_cache_slabs; - /** size of the neg cache */ - size_t neg_cache_size; - - /** local zones config */ - struct config_str2list* local_zones; - /** local zones nodefault list */ - struct config_strlist* local_zones_nodefault; - /** local data RRs configured */ - struct config_strlist* local_data; - /** local zone override types per netblock */ - struct config_str3list* local_zone_overrides; - /** unblock lan zones (reverse lookups for AS112 zones) */ - int unblock_lan_zones; - /** insecure lan zones (don't validate AS112 zones) */ - int insecure_lan_zones; - /** list of zonename, tagbitlist */ - struct config_strbytelist* local_zone_tags; - /** list of aclname, tagbitlist */ - struct config_strbytelist* acl_tags; - /** list of aclname, tagname, localzonetype */ - struct config_str3list* acl_tag_actions; - /** list of aclname, tagname, redirectdata */ - struct config_str3list* acl_tag_datas; - /** list of aclname, view*/ - struct config_str2list* acl_view; - /** list of IP-netblock, tagbitlist */ - struct config_strbytelist* respip_tags; - /** list of response-driven access control entries, linked list */ - struct config_str2list* respip_actions; - /** RRs configured for response-driven access controls */ - struct config_str2list* respip_data; - /** tag list, array with tagname[i] is malloced string */ - char** tagname; - /** number of items in the taglist */ - int num_tags; - - /** remote control section. enable toggle. */ - int remote_control_enable; - /** the interfaces the remote control should listen on */ - struct config_strlist* control_ifs; - /** port number for the control port */ - int control_port; - /** use certificates for remote control */ - int remote_control_use_cert; - /** private key file for server */ - char* server_key_file; - /** certificate file for server */ - char* server_cert_file; - /** private key file for unbound-control */ - char* control_key_file; - /** certificate file for unbound-control */ - char* control_cert_file; - - /** Python script file */ - char* python_script; - - /** Use systemd socket activation. */ - int use_systemd; - - /** daemonize, i.e. fork into the background. */ - int do_daemonize; - - /* minimal response when positive answer */ - int minimal_responses; - - /* RRSet roundrobin */ - int rrset_roundrobin; - - /* maximum UDP response size */ - size_t max_udp_size; - - /* DNS64 prefix */ - char* dns64_prefix; - - /* Synthetize all AAAA record despite the presence of an authoritative one */ - int dns64_synthall; - - /** true to enable dnstap support */ - int dnstap; - /** dnstap socket path */ - char* dnstap_socket_path; - /** true to send "identity" via dnstap */ - int dnstap_send_identity; - /** true to send "version" via dnstap */ - int dnstap_send_version; - /** dnstap "identity", hostname is used if "". */ - char* dnstap_identity; - /** dnstap "version", package version is used if "". */ - char* dnstap_version; - - /** true to log dnstap RESOLVER_QUERY message events */ - int dnstap_log_resolver_query_messages; - /** true to log dnstap RESOLVER_RESPONSE message events */ - int dnstap_log_resolver_response_messages; - /** true to log dnstap CLIENT_QUERY message events */ - int dnstap_log_client_query_messages; - /** true to log dnstap CLIENT_RESPONSE message events */ - int dnstap_log_client_response_messages; - /** true to log dnstap FORWARDER_QUERY message events */ - int dnstap_log_forwarder_query_messages; - /** true to log dnstap FORWARDER_RESPONSE message events */ - int dnstap_log_forwarder_response_messages; - - /** true to disable DNSSEC lameness check in iterator */ - int disable_dnssec_lame_check; - - /** ratelimit for ip addresses. 0 is off, otherwise qps (unless overridden) */ - int ip_ratelimit; - /** number of slabs for ip_ratelimit cache */ - size_t ip_ratelimit_slabs; - /** memory size in bytes for ip_ratelimit cache */ - size_t ip_ratelimit_size; - /** ip_ratelimit factor, 0 blocks all, 10 allows 1/10 of traffic */ - int ip_ratelimit_factor; - - /** ratelimit for domains. 0 is off, otherwise qps (unless overridden) */ - int ratelimit; - /** number of slabs for ratelimit cache */ - size_t ratelimit_slabs; - /** memory size in bytes for ratelimit cache */ - size_t ratelimit_size; - /** ratelimits for domain (exact match) */ - struct config_str2list* ratelimit_for_domain; - /** ratelimits below domain */ - struct config_str2list* ratelimit_below_domain; - /** ratelimit factor, 0 blocks all, 10 allows 1/10 of traffic */ - int ratelimit_factor; - /** minimise outgoing QNAME and hide original QTYPE if possible */ - int qname_minimisation; - /** minimise QNAME in strict mode, minimise according to RFC. - * Do not apply fallback */ - int qname_minimisation_strict; - /** SHM data - true if shm is enabled */ - int shm_enable; - /** SHM data - key for the shm */ - int shm_key; - - /** DNSCrypt */ - /** true to enable dnscrypt */ - int dnscrypt; - /** port on which to provide dnscrypt service */ - int dnscrypt_port; - /** provider name 2.dnscrypt-cert.example.com */ - char* dnscrypt_provider; - /** dnscrypt secret keys 1.key */ - struct config_strlist* dnscrypt_secret_key; - /** dnscrypt provider certs 1.cert */ - struct config_strlist* dnscrypt_provider_cert; -}; - -/** from cfg username, after daemonise setup performed */ -extern uid_t cfg_uid; -/** from cfg username, after daemonise setup performed */ -extern gid_t cfg_gid; -/** debug and enable small timeouts */ -extern int autr_permit_small_holddown; - -/** - * Stub config options - */ -struct config_stub { - /** next in list */ - struct config_stub* next; - /** domain name (in text) of the stub apex domain */ - char* name; - /** list of stub nameserver hosts (domain name) */ - struct config_strlist* hosts; - /** list of stub nameserver addresses (IP address) */ - struct config_strlist* addrs; - /** if stub-prime is set */ - int isprime; - /** if forward-first is set (failover to without if fails) */ - int isfirst; - /** use SSL for queries to this stub */ - int ssl_upstream; -}; - -/** - * View config options - */ -struct config_view { - /** next in list */ - struct config_view* next; - /** view name */ - char* name; - /** local zones */ - struct config_str2list* local_zones; - /** local data RRs */ - struct config_strlist* local_data; - /** local zones nodefault list */ - struct config_strlist* local_zones_nodefault; - /** Fallback to global local_zones when there is no match in the view - * view specific tree. 1 for yes, 0 for no */ - int isfirst; - /** predefined actions for particular IP address responses */ - struct config_str2list* respip_actions; - /** data complementing the 'redirect' response IP actions */ - struct config_str2list* respip_data; -}; - -/** - * List of strings for config options - */ -struct config_strlist { - /** next item in list */ - struct config_strlist* next; - /** config option string */ - char* str; -}; - -/** - * List of two strings for config options - */ -struct config_str2list { - /** next item in list */ - struct config_str2list* next; - /** first string */ - char* str; - /** second string */ - char* str2; -}; - -/** - * List of three strings for config options - */ -struct config_str3list { - /** next item in list */ - struct config_str3list* next; - /** first string */ - char* str; - /** second string */ - char* str2; - /** third string */ - char* str3; -}; - - -/** - * List of string, bytestring for config options - */ -struct config_strbytelist { - /** next item in list */ - struct config_strbytelist* next; - /** first string */ - char* str; - /** second bytestring */ - uint8_t* str2; - size_t str2len; -}; - -/** List head for strlist processing, used for append operation. */ -struct config_strlist_head { - /** first in list of text items */ - struct config_strlist* first; - /** last in list of text items */ - struct config_strlist* last; -}; - -/** - * Create config file structure. Filled with default values. - * @return: the new structure or NULL on memory error. - */ -struct config_file* config_create(void); - -/** - * Create config file structure for library use. Filled with default values. - * @return: the new structure or NULL on memory error. - */ -struct config_file* config_create_forlib(void); - -/** - * Read the config file from the specified filename. - * @param config: where options are stored into, must be freshly created. - * @param filename: name of configfile. If NULL nothing is done. - * @param chroot: if not NULL, the chroot dir currently in use (for include). - * @return: false on error. In that case errno is set, ENOENT means - * file not found. - */ -int config_read(struct config_file* config, const char* filename, - const char* chroot); - -/** - * Destroy the config file structure. - * @param config: to delete. - */ -void config_delete(struct config_file* config); - -/** - * Apply config to global constants; this routine is called in single thread. - * @param config: to apply. Side effect: global constants change. - */ -void config_apply(struct config_file* config); - -/** - * Find username, sets cfg_uid and cfg_gid. - * @param config: the config structure. - */ -void config_lookup_uid(struct config_file* config); - -/** - * Set the given keyword to the given value. - * @param config: where to store config - * @param option: option name, including the ':' character. - * @param value: value, this string is copied if needed, or parsed. - * The caller owns the value string. - * @return 0 on error (malloc or syntax error). - */ -int config_set_option(struct config_file* config, const char* option, - const char* value); - -/** - * Call print routine for the given option. - * @param cfg: config. - * @param opt: option name without trailing :. - * This is different from config_set_option. - * @param func: print func, called as (str, arg) for every data element. - * @param arg: user argument for print func. - * @return false if the option name is not supported (syntax error). - */ -int config_get_option(struct config_file* cfg, const char* opt, - void (*func)(char*,void*), void* arg); - -/** - * Get an option and return strlist - * @param cfg: config file - * @param opt: option name. - * @param list: list is returned here. malloced, caller must free it. - * @return 0=OK, 1=syntax error, 2=malloc failed. - */ -int config_get_option_list(struct config_file* cfg, const char* opt, - struct config_strlist** list); - -/** - * Get an option and collate results into string - * @param cfg: config file - * @param opt: option name. - * @param str: string. malloced, caller must free it. - * @return 0=OK, 1=syntax error, 2=malloc failed. - */ -int config_get_option_collate(struct config_file* cfg, const char* opt, - char** str); - -/** - * function to print to a file, use as func with config_get_option. - * @param line: text to print. \n appended. - * @param arg: pass a FILE*, like stdout. - */ -void config_print_func(char* line, void* arg); - -/** - * function to collate the text strings into a strlist_head. - * @param line: text to append. - * @param arg: pass a strlist_head structure. zeroed on start. - */ -void config_collate_func(char* line, void* arg); - -/** - * take a strlist_head list and return a malloc string. separated with newline. - * @param list: strlist first to collate. zeroes return "". - * @return NULL on malloc failure. Or if malloc failure happened in strlist. - */ -char* config_collate_cat(struct config_strlist* list); - -/** - * Append text at end of list. - * @param list: list head. zeroed at start. - * @param item: new item. malloced by caller. if NULL the insertion fails. - * @return true on success. - */ -int cfg_strlist_append(struct config_strlist_head* list, char* item); - -/** - * Insert string into strlist. - * @param head: pointer to strlist head variable. - * @param item: new item. malloced by caller. If NULL the insertion fails. - * @return: true on success. - */ -int cfg_strlist_insert(struct config_strlist** head, char* item); - -/** insert with region for allocation. */ -int cfg_region_strlist_insert(struct regional* region, - struct config_strlist** head, char* item); - -/** - * Insert string into str2list. - * @param head: pointer to str2list head variable. - * @param item: new item. malloced by caller. If NULL the insertion fails. - * @param i2: 2nd string, malloced by caller. If NULL the insertion fails. - * @return: true on success. - */ -int cfg_str2list_insert(struct config_str2list** head, char* item, char* i2); - -/** - * Insert string into str3list. - * @param head: pointer to str3list head variable. - * @param item: new item. malloced by caller. If NULL the insertion fails. - * @param i2: 2nd string, malloced by caller. If NULL the insertion fails. - * @param i3: 3rd string, malloced by caller. If NULL the insertion fails. - * @return: true on success. - */ -int cfg_str3list_insert(struct config_str3list** head, char* item, char* i2, - char* i3); - -/** - * Insert string into strbytelist. - * @param head: pointer to strbytelist head variable. - * @param item: new item. malloced by caller. If NULL the insertion fails. - * @param i2: 2nd string, malloced by caller. If NULL the insertion fails. - * @param i2len: length of the i2 bytestring. - * @return: true on success. - */ -int cfg_strbytelist_insert(struct config_strbytelist** head, char* item, - uint8_t* i2, size_t i2len); - -/** - * Find stub in config list, also returns prevptr (for deletion). - * @param pp: call routine with pointer to a pointer to the start of the list, - * if the stub is found, on exit, the value contains a pointer to the - * next pointer that points to the found element (or to the list start - * pointer if it is the first element). - * @param nm: name of stub to find. - * @return: pointer to config_stub if found, or NULL if not found. - */ -struct config_stub* cfg_stub_find(struct config_stub*** pp, const char* nm); - -/** - * Delete items in config string list. - * @param list: list. - */ -void config_delstrlist(struct config_strlist* list); - -/** - * Delete items in config double string list. - * @param list: list. - */ -void config_deldblstrlist(struct config_str2list* list); - -/** - * Delete items in config triple string list. - * @param list: list. - */ -void config_deltrplstrlist(struct config_str3list* list); - -/** delete stringbytelist */ -void config_del_strbytelist(struct config_strbytelist* list); - -/** - * Delete a stub item - * @param p: stub item - */ -void config_delstub(struct config_stub* p); - -/** - * Delete items in config stub list. - * @param list: list. - */ -void config_delstubs(struct config_stub* list); - -/** - * Delete a view item - * @param p: view item - */ -void config_delview(struct config_view* p); - -/** - * Delete items in config view list. - * @param list: list. - */ -void config_delviews(struct config_view* list); - -/** - * Convert 14digit to time value - * @param str: string of 14 digits - * @return time value or 0 for error. - */ -time_t cfg_convert_timeval(const char* str); - -/** - * Count number of values in the string. - * format ::= (sp num)+ sp - * num ::= [-](0-9)+ - * sp ::= (space|tab)* - * - * @param str: string - * @return: 0 on parse error, or empty string, else - * number of integer values in the string. - */ -int cfg_count_numbers(const char* str); - -/** - * Convert a 'nice' memory or file size into a bytecount - * From '100k' to 102400. and so on. Understands kKmMgG. - * k=1024, m=1024*1024, g=1024*1024*1024. - * @param str: string - * @param res: result is stored here, size in bytes. - * @return: true if parsed correctly, or 0 on a parse error (and an error - * is logged). - */ -int cfg_parse_memsize(const char* str, size_t* res); - -/** - * Add a tag name to the config. It is added at the end with a new ID value. - * @param cfg: the config structure. - * @param tag: string (which is copied) with the name. - * @return: false on alloc failure. - */ -int config_add_tag(struct config_file* cfg, const char* tag); - -/** - * Find tag ID in the tag list. - * @param cfg: the config structure. - * @param tag: string with tag name to search for. - * @return: 0..(num_tags-1) with tag ID, or -1 if tagname is not found. - */ -int find_tag_id(struct config_file* cfg, const char* tag); - -/** - * parse taglist from string into bytestring with bitlist. - * @param cfg: the config structure (with tagnames) - * @param str: the string to parse. Parse puts 0 bytes in string. - * @param listlen: returns length of in bytes. - * @return malloced bytes with a bitlist of the tags. or NULL on parse error - * or malloc failure. - */ -uint8_t* config_parse_taglist(struct config_file* cfg, char* str, - size_t* listlen); - -/** - * convert tag bitlist to a malloced string with tag names. For debug output. - * @param cfg: the config structure (with tagnames) - * @param taglist: the tag bitlist. - * @param len: length of the tag bitlist. - * @return malloced string or NULL. - */ -char* config_taglist2str(struct config_file* cfg, uint8_t* taglist, - size_t len); - -/** - * see if two taglists intersect (have tags in common). - * @param list1: first tag bitlist. - * @param list1len: length in bytes of first list. - * @param list2: second tag bitlist. - * @param list2len: length in bytes of second list. - * @return true if there are tags in common, 0 if not. - */ -int taglist_intersect(uint8_t* list1, size_t list1len, uint8_t* list2, - size_t list2len); - -/** - * Parse local-zone directive into two strings and register it in the config. - * @param cfg: to put it in. - * @param val: argument strings to local-zone, "example.com nodefault". - * @return: false on failure - */ -int cfg_parse_local_zone(struct config_file* cfg, const char* val); - -/** - * Mark "number" or "low-high" as available or not in ports array. - * @param str: string in input - * @param allow: give true if this range is permitted. - * @param avail: the array from cfg. - * @param num: size of the array (65536). - * @return: true if parsed correctly, or 0 on a parse error (and an error - * is logged). - */ -int cfg_mark_ports(const char* str, int allow, int* avail, int num); - -/** - * Get a condensed list of ports returned. allocated. - * @param cfg: config file. - * @param avail: the available ports array is returned here. - * @return: number of ports in array or 0 on error. - */ -int cfg_condense_ports(struct config_file* cfg, int** avail); - -/** - * Scan ports available - * @param avail: the array from cfg. - * @param num: size of the array (65536). - * @return the number of ports available for use. - */ -int cfg_scan_ports(int* avail, int num); - -/** - * Convert a filename to full pathname in original filesys - * @param fname: the path name to convert. - * Must not be null or empty. - * @param cfg: config struct for chroot and chdir (if set). - * @param use_chdir: if false, only chroot is applied. - * @return pointer to malloced buffer which is: [chroot][chdir]fname - * or NULL on malloc failure. - */ -char* fname_after_chroot(const char* fname, struct config_file* cfg, - int use_chdir); - -/** - * Convert a ptr shorthand into a full reverse-notation PTR record. - * @param str: input string, "IP name" - * @return: malloced string "reversed-ip-name PTR name" - */ -char* cfg_ptr_reverse(char* str); - -/** - * Append text to the error info for validation. - * @param qstate: query state. - * @param str: copied into query region and appended. - * Failures to allocate are logged. - */ -void errinf(struct module_qstate* qstate, const char* str); - -/** - * Append text to error info: from 1.2.3.4 - * @param qstate: query state. - * @param origin: sock list with origin of trouble. - * Every element added. - * If NULL: nothing is added. - * if 0len element: 'from cache' is added. - */ -void errinf_origin(struct module_qstate* qstate, struct sock_list *origin); - -/** - * Append text to error info: for RRset name type class - * @param qstate: query state. - * @param rr: rrset_key. - */ -void errinf_rrset(struct module_qstate* qstate, struct ub_packed_rrset_key *rr); - -/** - * Append text to error info: str dname - * @param qstate: query state. - * @param str: explanation string - * @param dname: the dname. - */ -void errinf_dname(struct module_qstate* qstate, const char* str, - uint8_t* dname); - -/** - * Create error info in string - * @param qstate: query state. - * @return string or NULL on malloc failure (already logged). - * This string is malloced and has to be freed by caller. - */ -char* errinf_to_str(struct module_qstate* qstate); - -/** - * Used during options parsing - */ -struct config_parser_state { - /** name of file being parser */ - char* filename; - /** line number in the file, starts at 1 */ - int line; - /** number of errors encountered */ - int errors; - /** the result of parsing is stored here. */ - struct config_file* cfg; - /** the current chroot dir (or NULL if none) */ - const char* chroot; -}; - -/** global config parser object used during config parsing */ -extern struct config_parser_state* cfg_parser; -/** init lex state */ -void init_cfg_parse(void); -/** lex in file */ -extern FILE* ub_c_in; -/** lex out file */ -extern FILE* ub_c_out; -/** the yacc lex generated parse function */ -int ub_c_parse(void); -/** the lexer function */ -int ub_c_lex(void); -/** wrap function */ -int ub_c_wrap(void); -/** parsing helpers: print error with file and line numbers */ -void ub_c_error(const char* msg); -/** parsing helpers: print error with file and line numbers */ -void ub_c_error_msg(const char* fmt, ...) ATTR_FORMAT(printf, 1, 2); - -#ifdef UB_ON_WINDOWS -/** - * Obtain registry string (if it exists). - * @param key: key string - * @param name: name of value to fetch. - * @return malloced string with the result or NULL if it did not - * exist on an error (logged with log_err) was encountered. - */ -char* w_lookup_reg_str(const char* key, const char* name); - -/** Modify directory in options for module file name */ -void w_config_adjust_directory(struct config_file* cfg); -#endif /* UB_ON_WINDOWS */ - -/** debug option for unit tests. */ -extern int fake_dsa, fake_sha1; - -#endif /* UTIL_CONFIG_FILE_H */ diff --git a/external/unbound/util/configlexer.c b/external/unbound/util/configlexer.c deleted file mode 100644 index 0043165c2..000000000 --- a/external/unbound/util/configlexer.c +++ /dev/null @@ -1,5212 +0,0 @@ -#include "config.h" -#include "util/configyyrename.h" - -#line 3 "" - -#define YY_INT_ALIGNED short int - -/* A lexical scanner generated by flex */ - -#define FLEX_SCANNER -#define YY_FLEX_MAJOR_VERSION 2 -#define YY_FLEX_MINOR_VERSION 6 -#define YY_FLEX_SUBMINOR_VERSION 0 -#if YY_FLEX_SUBMINOR_VERSION > 0 -#define FLEX_BETA -#endif - -/* First, we deal with platform-specific or compiler-specific issues. */ - -/* begin standard C headers. */ -#include -#include -#include -#include - -/* end standard C headers. */ - -/* flex integer type definitions */ - -#ifndef FLEXINT_H -#define FLEXINT_H - -/* C99 systems have . Non-C99 systems may or may not. */ - -#if defined (__STDC_VERSION__) && __STDC_VERSION__ >= 199901L - -/* C99 says to define __STDC_LIMIT_MACROS before including stdint.h, - * if you want the limit (max/min) macros for int types. - */ -#ifndef __STDC_LIMIT_MACROS -#define __STDC_LIMIT_MACROS 1 -#endif - -#include -typedef int8_t flex_int8_t; -typedef uint8_t flex_uint8_t; -typedef int16_t flex_int16_t; -typedef uint16_t flex_uint16_t; -typedef int32_t flex_int32_t; -typedef uint32_t flex_uint32_t; -#else -typedef signed char flex_int8_t; -typedef short int flex_int16_t; -typedef int flex_int32_t; -typedef unsigned char flex_uint8_t; -typedef unsigned short int flex_uint16_t; -typedef unsigned int flex_uint32_t; - -/* Limits of integral types. */ -#ifndef INT8_MIN -#define INT8_MIN (-128) -#endif -#ifndef INT16_MIN -#define INT16_MIN (-32767-1) -#endif -#ifndef INT32_MIN -#define INT32_MIN (-2147483647-1) -#endif -#ifndef INT8_MAX -#define INT8_MAX (127) -#endif -#ifndef INT16_MAX -#define INT16_MAX (32767) -#endif -#ifndef INT32_MAX -#define INT32_MAX (2147483647) -#endif -#ifndef UINT8_MAX -#define UINT8_MAX (255U) -#endif -#ifndef UINT16_MAX -#define UINT16_MAX (65535U) -#endif -#ifndef UINT32_MAX -#define UINT32_MAX (4294967295U) -#endif - -#endif /* ! C99 */ - -#endif /* ! FLEXINT_H */ - -#ifdef __cplusplus - -/* The "const" storage-class-modifier is valid. */ -#define YY_USE_CONST - -#else /* ! __cplusplus */ - -/* C99 requires __STDC__ to be defined as 1. */ -#if defined (__STDC__) - -#define YY_USE_CONST - -#endif /* defined (__STDC__) */ -#endif /* ! __cplusplus */ - -#ifdef YY_USE_CONST -#define yyconst const -#else -#define yyconst -#endif - -/* Returned upon end-of-file. */ -#define YY_NULL 0 - -/* Promotes a possibly negative, possibly signed char to an unsigned - * integer for use as an array index. If the signed char is negative, - * we want to instead treat it as an 8-bit unsigned char, hence the - * double cast. - */ -#define YY_SC_TO_UI(c) ((unsigned int) (unsigned char) c) - -/* Enter a start condition. This macro really ought to take a parameter, - * but we do it the disgusting crufty way forced on us by the ()-less - * definition of BEGIN. - */ -#define BEGIN (yy_start) = 1 + 2 * - -/* Translate the current start state into a value that can be later handed - * to BEGIN to return to the state. The YYSTATE alias is for lex - * compatibility. - */ -#define YY_START (((yy_start) - 1) / 2) -#define YYSTATE YY_START - -/* Action number for EOF rule of a given start state. */ -#define YY_STATE_EOF(state) (YY_END_OF_BUFFER + state + 1) - -/* Special action meaning "start processing a new file". */ -#define YY_NEW_FILE yyrestart(yyin ) - -#define YY_END_OF_BUFFER_CHAR 0 - -/* Size of default input buffer. */ -#ifndef YY_BUF_SIZE -#ifdef __ia64__ -/* On IA-64, the buffer size is 16k, not 8k. - * Moreover, YY_BUF_SIZE is 2*YY_READ_BUF_SIZE in the general case. - * Ditto for the __ia64__ case accordingly. - */ -#define YY_BUF_SIZE 32768 -#else -#define YY_BUF_SIZE 16384 -#endif /* __ia64__ */ -#endif - -/* The state buf must be large enough to hold one state per character in the main buffer. - */ -#define YY_STATE_BUF_SIZE ((YY_BUF_SIZE + 2) * sizeof(yy_state_type)) - -#ifndef YY_TYPEDEF_YY_BUFFER_STATE -#define YY_TYPEDEF_YY_BUFFER_STATE -typedef struct yy_buffer_state *YY_BUFFER_STATE; -#endif - -#ifndef YY_TYPEDEF_YY_SIZE_T -#define YY_TYPEDEF_YY_SIZE_T -typedef size_t yy_size_t; -#endif - -extern yy_size_t yyleng; - -extern FILE *yyin, *yyout; - -#define EOB_ACT_CONTINUE_SCAN 0 -#define EOB_ACT_END_OF_FILE 1 -#define EOB_ACT_LAST_MATCH 2 - - #define YY_LESS_LINENO(n) - #define YY_LINENO_REWIND_TO(ptr) - -/* Return all but the first "n" matched characters back to the input stream. */ -#define yyless(n) \ - do \ - { \ - /* Undo effects of setting up yytext. */ \ - yy_size_t yyless_macro_arg = (n); \ - YY_LESS_LINENO(yyless_macro_arg);\ - *yy_cp = (yy_hold_char); \ - YY_RESTORE_YY_MORE_OFFSET \ - (yy_c_buf_p) = yy_cp = yy_bp + yyless_macro_arg - YY_MORE_ADJ; \ - YY_DO_BEFORE_ACTION; /* set up yytext again */ \ - } \ - while ( 0 ) - -#define unput(c) yyunput( c, (yytext_ptr) ) - -#ifndef YY_STRUCT_YY_BUFFER_STATE -#define YY_STRUCT_YY_BUFFER_STATE -struct yy_buffer_state - { - FILE *yy_input_file; - - char *yy_ch_buf; /* input buffer */ - char *yy_buf_pos; /* current position in input buffer */ - - /* Size of input buffer in bytes, not including room for EOB - * characters. - */ - yy_size_t yy_buf_size; - - /* Number of characters read into yy_ch_buf, not including EOB - * characters. - */ - yy_size_t yy_n_chars; - - /* Whether we "own" the buffer - i.e., we know we created it, - * and can realloc() it to grow it, and should free() it to - * delete it. - */ - int yy_is_our_buffer; - - /* Whether this is an "interactive" input source; if so, and - * if we're using stdio for input, then we want to use getc() - * instead of fread(), to make sure we stop fetching input after - * each newline. - */ - int yy_is_interactive; - - /* Whether we're considered to be at the beginning of a line. - * If so, '^' rules will be active on the next match, otherwise - * not. - */ - int yy_at_bol; - - int yy_bs_lineno; /**< The line count. */ - int yy_bs_column; /**< The column count. */ - - /* Whether to try to fill the input buffer when we reach the - * end of it. - */ - int yy_fill_buffer; - - int yy_buffer_status; - -#define YY_BUFFER_NEW 0 -#define YY_BUFFER_NORMAL 1 - /* When an EOF's been seen but there's still some text to process - * then we mark the buffer as YY_EOF_PENDING, to indicate that we - * shouldn't try reading from the input source any more. We might - * still have a bunch of tokens to match, though, because of - * possible backing-up. - * - * When we actually see the EOF, we change the status to "new" - * (via yyrestart()), so that the user can continue scanning by - * just pointing yyin at a new input file. - */ -#define YY_BUFFER_EOF_PENDING 2 - - }; -#endif /* !YY_STRUCT_YY_BUFFER_STATE */ - -/* Stack of input buffers. */ -static size_t yy_buffer_stack_top = 0; /**< index of top of stack. */ -static size_t yy_buffer_stack_max = 0; /**< capacity of stack. */ -static YY_BUFFER_STATE * yy_buffer_stack = 0; /**< Stack as an array. */ - -/* We provide macros for accessing buffer states in case in the - * future we want to put the buffer states in a more general - * "scanner state". - * - * Returns the top of the stack, or NULL. - */ -#define YY_CURRENT_BUFFER ( (yy_buffer_stack) \ - ? (yy_buffer_stack)[(yy_buffer_stack_top)] \ - : NULL) - -/* Same as previous macro, but useful when we know that the buffer stack is not - * NULL or when we need an lvalue. For internal use only. - */ -#define YY_CURRENT_BUFFER_LVALUE (yy_buffer_stack)[(yy_buffer_stack_top)] - -/* yy_hold_char holds the character lost when yytext is formed. */ -static char yy_hold_char; -static yy_size_t yy_n_chars; /* number of characters read into yy_ch_buf */ -yy_size_t yyleng; - -/* Points to current character in buffer. */ -static char *yy_c_buf_p = (char *) 0; -static int yy_init = 0; /* whether we need to initialize */ -static int yy_start = 0; /* start state number */ - -/* Flag which is used to allow yywrap()'s to do buffer switches - * instead of setting up a fresh yyin. A bit of a hack ... - */ -static int yy_did_buffer_switch_on_eof; - -void yyrestart (FILE *input_file ); -void yy_switch_to_buffer (YY_BUFFER_STATE new_buffer ); -YY_BUFFER_STATE yy_create_buffer (FILE *file,int size ); -void yy_delete_buffer (YY_BUFFER_STATE b ); -void yy_flush_buffer (YY_BUFFER_STATE b ); -void yypush_buffer_state (YY_BUFFER_STATE new_buffer ); -void yypop_buffer_state (void ); - -static void yyensure_buffer_stack (void ); -static void yy_load_buffer_state (void ); -static void yy_init_buffer (YY_BUFFER_STATE b,FILE *file ); - -#define YY_FLUSH_BUFFER yy_flush_buffer(YY_CURRENT_BUFFER ) - -YY_BUFFER_STATE yy_scan_buffer (char *base,yy_size_t size ); -YY_BUFFER_STATE yy_scan_string (yyconst char *yy_str ); -YY_BUFFER_STATE yy_scan_bytes (yyconst char *bytes,yy_size_t len ); - -void *yyalloc (yy_size_t ); -void *yyrealloc (void *,yy_size_t ); -void yyfree (void * ); - -#define yy_new_buffer yy_create_buffer - -#define yy_set_interactive(is_interactive) \ - { \ - if ( ! YY_CURRENT_BUFFER ){ \ - yyensure_buffer_stack (); \ - YY_CURRENT_BUFFER_LVALUE = \ - yy_create_buffer(yyin,YY_BUF_SIZE ); \ - } \ - YY_CURRENT_BUFFER_LVALUE->yy_is_interactive = is_interactive; \ - } - -#define yy_set_bol(at_bol) \ - { \ - if ( ! YY_CURRENT_BUFFER ){\ - yyensure_buffer_stack (); \ - YY_CURRENT_BUFFER_LVALUE = \ - yy_create_buffer(yyin,YY_BUF_SIZE ); \ - } \ - YY_CURRENT_BUFFER_LVALUE->yy_at_bol = at_bol; \ - } - -#define YY_AT_BOL() (YY_CURRENT_BUFFER_LVALUE->yy_at_bol) - -/* Begin user sect3 */ - -typedef unsigned char YY_CHAR; - -FILE *yyin = (FILE *) 0, *yyout = (FILE *) 0; - -typedef int yy_state_type; - -extern int yylineno; - -int yylineno = 1; - -extern char *yytext; -#ifdef yytext_ptr -#undef yytext_ptr -#endif -#define yytext_ptr yytext - -static yy_state_type yy_get_previous_state (void ); -static yy_state_type yy_try_NUL_trans (yy_state_type current_state ); -static int yy_get_next_buffer (void ); -#if defined(__GNUC__) && __GNUC__ >= 3 -__attribute__((__noreturn__)) -#endif -static void yy_fatal_error (yyconst char msg[] ); - -/* Done after the current pattern has been matched and before the - * corresponding action - sets up yytext. - */ -#define YY_DO_BEFORE_ACTION \ - (yytext_ptr) = yy_bp; \ - (yytext_ptr) -= (yy_more_len); \ - yyleng = (size_t) (yy_cp - (yytext_ptr)); \ - (yy_hold_char) = *yy_cp; \ - *yy_cp = '\0'; \ - (yy_c_buf_p) = yy_cp; - -#define YY_NUM_RULES 221 -#define YY_END_OF_BUFFER 222 -/* This struct is not used in this scanner, - but its presence is necessary. */ -struct yy_trans_info - { - flex_int32_t yy_verify; - flex_int32_t yy_nxt; - }; -static yyconst flex_int16_t yy_accept[2165] = - { 0, - 1, 1, 203, 203, 207, 207, 211, 211, 215, 215, - 1, 1, 222, 219, 1, 201, 201, 220, 2, 219, - 219, 219, 219, 219, 219, 219, 219, 219, 219, 219, - 219, 219, 219, 219, 219, 219, 219, 219, 219, 220, - 203, 204, 204, 205, 220, 207, 208, 208, 209, 220, - 214, 211, 212, 212, 213, 220, 215, 216, 216, 217, - 220, 218, 202, 2, 206, 218, 220, 219, 0, 1, - 2, 2, 2, 2, 219, 219, 219, 219, 219, 219, - 219, 219, 219, 219, 219, 219, 219, 219, 219, 219, - 219, 219, 219, 219, 219, 219, 219, 219, 219, 219, - - 219, 219, 219, 219, 219, 219, 219, 219, 219, 219, - 219, 219, 219, 219, 219, 219, 219, 219, 219, 219, - 219, 219, 219, 219, 219, 219, 219, 219, 219, 219, - 203, 0, 207, 0, 214, 0, 211, 215, 0, 218, - 0, 2, 2, 218, 219, 219, 219, 219, 219, 219, - 219, 219, 219, 219, 219, 219, 219, 219, 219, 219, - 219, 219, 219, 219, 219, 219, 219, 219, 219, 219, - 219, 219, 219, 219, 219, 219, 219, 219, 219, 219, - 219, 219, 219, 219, 219, 219, 219, 219, 219, 219, - 219, 219, 219, 219, 219, 219, 219, 219, 219, 219, - - 219, 219, 219, 219, 219, 219, 219, 219, 219, 219, - 219, 219, 219, 219, 218, 219, 219, 219, 219, 219, - 219, 219, 219, 219, 219, 219, 219, 219, 219, 219, - 219, 219, 219, 219, 219, 219, 219, 219, 219, 219, - 219, 219, 219, 219, 219, 219, 219, 219, 219, 219, - 219, 219, 219, 219, 219, 219, 219, 219, 219, 219, - 219, 219, 219, 219, 219, 219, 219, 219, 219, 219, - 219, 219, 219, 219, 219, 219, 219, 219, 219, 219, - 219, 219, 219, 219, 219, 219, 219, 219, 219, 219, - 219, 219, 219, 219, 219, 219, 219, 219, 219, 219, - - 218, 219, 219, 219, 219, 219, 219, 219, 219, 219, - 219, 219, 219, 219, 219, 219, 219, 219, 219, 219, - 219, 219, 219, 219, 219, 219, 219, 219, 219, 219, - 219, 219, 219, 219, 219, 219, 219, 219, 219, 219, - 219, 219, 219, 219, 219, 219, 219, 219, 219, 219, - 219, 219, 219, 219, 219, 219, 77, 219, 219, 219, - 219, 219, 219, 8, 219, 219, 219, 219, 219, 219, - 219, 219, 219, 219, 219, 219, 219, 219, 219, 219, - 219, 219, 219, 219, 219, 219, 219, 219, 219, 219, - 219, 219, 219, 219, 219, 219, 219, 219, 219, 219, - - 219, 219, 219, 219, 88, 218, 219, 219, 219, 219, - 219, 219, 219, 219, 219, 219, 219, 219, 219, 219, - 219, 219, 219, 219, 219, 219, 219, 219, 219, 219, - 219, 219, 219, 219, 219, 219, 219, 219, 219, 219, - 219, 219, 219, 219, 219, 219, 219, 219, 219, 219, - 219, 219, 219, 219, 219, 219, 219, 219, 219, 219, - 219, 219, 219, 219, 219, 219, 219, 219, 219, 219, - 219, 219, 219, 219, 219, 219, 219, 219, 219, 219, - 219, 219, 219, 219, 219, 219, 219, 219, 219, 219, - 219, 219, 219, 219, 219, 219, 219, 219, 219, 219, - - 219, 219, 219, 219, 219, 219, 219, 219, 219, 219, - 219, 219, 219, 219, 219, 219, 219, 219, 219, 218, - 219, 219, 219, 219, 219, 37, 219, 219, 219, 219, - 219, 219, 219, 219, 219, 219, 219, 219, 168, 219, - 14, 15, 219, 18, 17, 219, 219, 219, 219, 219, - 219, 219, 219, 219, 219, 219, 219, 219, 219, 219, - 219, 219, 219, 219, 219, 219, 219, 219, 219, 219, - 219, 219, 219, 219, 219, 219, 219, 219, 219, 219, - 219, 219, 219, 219, 219, 219, 219, 219, 219, 219, - 219, 219, 219, 219, 154, 219, 219, 219, 219, 219, - - 219, 219, 219, 219, 219, 3, 219, 219, 219, 219, - 219, 219, 219, 219, 219, 219, 219, 219, 219, 219, - 219, 219, 219, 219, 219, 219, 219, 219, 219, 219, - 219, 219, 219, 219, 219, 219, 219, 219, 219, 219, - 219, 218, 219, 219, 219, 219, 219, 219, 219, 219, - 219, 219, 219, 219, 219, 219, 219, 219, 219, 219, - 219, 219, 219, 219, 219, 219, 219, 219, 219, 219, - 219, 219, 219, 219, 219, 219, 219, 219, 219, 219, - 219, 219, 219, 219, 210, 219, 219, 219, 219, 219, - 219, 219, 219, 219, 219, 219, 219, 219, 219, 219, - - 219, 219, 219, 219, 40, 219, 219, 219, 219, 219, - 219, 219, 219, 219, 219, 219, 41, 219, 219, 219, - 219, 219, 219, 219, 219, 219, 219, 219, 219, 219, - 219, 219, 219, 143, 219, 219, 219, 219, 219, 219, - 219, 219, 219, 219, 219, 219, 219, 219, 20, 219, - 219, 219, 219, 219, 219, 219, 219, 219, 219, 219, - 219, 219, 219, 219, 219, 219, 102, 219, 210, 219, - 219, 219, 219, 219, 219, 219, 219, 219, 219, 219, - 219, 219, 219, 219, 219, 219, 219, 219, 219, 219, - 219, 195, 219, 219, 219, 219, 219, 219, 219, 219, - - 219, 219, 219, 118, 219, 219, 219, 219, 219, 219, - 219, 219, 219, 219, 219, 219, 219, 219, 219, 219, - 101, 219, 219, 219, 219, 219, 219, 219, 219, 219, - 219, 219, 219, 219, 219, 219, 219, 219, 219, 219, - 219, 219, 219, 219, 219, 219, 219, 219, 219, 219, - 219, 219, 219, 219, 75, 219, 219, 219, 219, 219, - 219, 219, 219, 219, 219, 219, 219, 219, 219, 219, - 219, 219, 219, 25, 219, 219, 219, 219, 219, 219, - 219, 219, 219, 219, 219, 219, 219, 219, 219, 219, - 219, 219, 38, 219, 219, 219, 219, 219, 219, 219, - - 219, 219, 219, 219, 219, 219, 219, 219, 219, 219, - 219, 219, 219, 219, 219, 219, 219, 219, 39, 219, - 219, 219, 219, 219, 219, 219, 219, 219, 219, 219, - 219, 219, 219, 219, 219, 219, 219, 119, 219, 219, - 219, 219, 219, 219, 219, 219, 219, 219, 219, 219, - 219, 219, 219, 219, 219, 219, 219, 219, 219, 219, - 28, 219, 219, 219, 219, 219, 219, 219, 219, 219, - 219, 219, 219, 219, 219, 219, 219, 219, 219, 219, - 219, 219, 219, 219, 219, 219, 219, 219, 219, 219, - 219, 219, 219, 219, 219, 219, 183, 219, 219, 219, - - 219, 219, 219, 219, 219, 219, 219, 32, 219, 33, - 219, 219, 219, 78, 219, 79, 219, 219, 76, 219, - 219, 219, 219, 219, 219, 219, 219, 219, 219, 219, - 219, 219, 219, 219, 219, 7, 219, 219, 219, 219, - 219, 219, 219, 219, 219, 219, 219, 219, 219, 219, - 219, 161, 219, 219, 219, 219, 104, 219, 219, 219, - 219, 219, 219, 219, 219, 219, 219, 219, 219, 219, - 219, 219, 219, 219, 219, 219, 219, 219, 219, 219, - 219, 219, 219, 219, 219, 219, 219, 219, 219, 219, - 219, 219, 219, 219, 219, 219, 29, 219, 219, 219, - - 219, 219, 219, 219, 135, 219, 134, 219, 219, 219, - 219, 219, 219, 219, 219, 219, 219, 219, 219, 219, - 219, 219, 219, 219, 219, 219, 16, 219, 219, 219, - 219, 219, 219, 219, 219, 219, 219, 42, 219, 219, - 219, 219, 219, 219, 142, 219, 219, 219, 219, 81, - 80, 219, 219, 219, 219, 219, 219, 219, 219, 129, - 219, 219, 219, 219, 219, 219, 219, 219, 89, 219, - 219, 219, 219, 219, 219, 219, 219, 219, 219, 219, - 219, 219, 219, 219, 60, 219, 219, 219, 219, 219, - 219, 219, 219, 219, 219, 219, 219, 219, 219, 219, - - 219, 219, 219, 219, 219, 219, 219, 219, 219, 219, - 219, 219, 219, 219, 64, 219, 219, 219, 219, 219, - 219, 219, 219, 219, 219, 219, 219, 219, 36, 219, - 219, 219, 219, 219, 219, 219, 219, 219, 219, 132, - 133, 219, 219, 219, 219, 219, 219, 219, 219, 219, - 219, 6, 219, 219, 219, 219, 219, 219, 219, 219, - 219, 219, 219, 219, 219, 219, 219, 219, 219, 219, - 193, 219, 219, 219, 219, 219, 219, 219, 219, 219, - 219, 219, 219, 219, 219, 219, 219, 219, 219, 219, - 26, 219, 219, 219, 219, 219, 219, 219, 219, 125, - - 219, 219, 219, 219, 219, 219, 219, 219, 219, 219, - 147, 219, 126, 219, 219, 159, 219, 219, 219, 219, - 219, 219, 219, 219, 219, 219, 219, 219, 219, 219, - 27, 219, 219, 219, 219, 84, 219, 85, 219, 83, - 219, 219, 219, 219, 219, 219, 219, 219, 99, 219, - 219, 219, 219, 219, 219, 219, 219, 219, 219, 219, - 182, 219, 219, 127, 219, 219, 219, 219, 219, 130, - 219, 219, 158, 219, 219, 219, 219, 219, 219, 219, - 219, 219, 219, 219, 219, 219, 74, 219, 219, 219, - 219, 219, 219, 219, 219, 219, 219, 219, 219, 219, - - 219, 219, 219, 219, 219, 34, 219, 219, 22, 219, - 219, 219, 219, 19, 219, 109, 219, 219, 219, 219, - 219, 219, 219, 219, 219, 219, 219, 219, 219, 219, - 49, 51, 219, 219, 219, 219, 219, 219, 219, 219, - 219, 219, 219, 197, 219, 219, 169, 219, 219, 219, - 219, 219, 219, 219, 219, 219, 219, 219, 219, 219, - 86, 219, 219, 219, 219, 219, 219, 219, 98, 219, - 219, 219, 219, 219, 219, 219, 219, 219, 219, 219, - 219, 219, 219, 219, 219, 219, 219, 219, 219, 219, - 219, 219, 103, 219, 219, 219, 219, 219, 219, 219, - - 219, 219, 219, 219, 219, 219, 153, 219, 219, 219, - 219, 219, 219, 219, 219, 219, 219, 219, 219, 219, - 117, 219, 219, 219, 219, 219, 219, 219, 219, 219, - 219, 219, 219, 219, 113, 219, 120, 219, 219, 219, - 219, 219, 92, 219, 219, 70, 219, 219, 219, 145, - 219, 219, 219, 219, 219, 160, 219, 219, 219, 219, - 219, 219, 219, 219, 219, 219, 174, 219, 219, 219, - 219, 219, 219, 219, 219, 219, 219, 219, 219, 219, - 116, 219, 219, 219, 219, 219, 52, 53, 219, 219, - 219, 219, 219, 35, 59, 121, 219, 136, 219, 162, - - 131, 219, 219, 219, 45, 219, 123, 219, 219, 219, - 219, 219, 9, 219, 219, 219, 73, 219, 219, 219, - 219, 187, 219, 144, 219, 219, 219, 219, 219, 219, - 219, 219, 219, 219, 219, 219, 219, 219, 219, 219, - 219, 219, 219, 219, 219, 219, 219, 219, 219, 219, - 219, 219, 219, 219, 219, 219, 219, 219, 219, 219, - 105, 196, 219, 219, 173, 219, 219, 219, 219, 219, - 219, 219, 219, 155, 219, 219, 219, 219, 219, 219, - 219, 219, 219, 219, 219, 219, 219, 219, 219, 219, - 219, 219, 219, 219, 122, 219, 219, 219, 44, 46, - - 219, 219, 219, 219, 219, 219, 219, 72, 219, 219, - 219, 219, 185, 219, 192, 219, 219, 219, 219, 219, - 149, 23, 24, 219, 219, 219, 219, 219, 219, 219, - 219, 69, 219, 219, 219, 219, 219, 219, 219, 219, - 219, 219, 219, 219, 219, 219, 151, 148, 219, 219, - 219, 219, 219, 219, 219, 219, 219, 219, 219, 43, - 219, 219, 219, 219, 219, 219, 219, 219, 100, 13, - 219, 219, 219, 219, 219, 219, 219, 219, 219, 219, - 219, 219, 219, 219, 12, 219, 219, 21, 219, 219, - 219, 191, 219, 194, 47, 219, 157, 219, 150, 219, - - 219, 219, 219, 219, 219, 219, 219, 219, 219, 219, - 219, 112, 111, 219, 219, 219, 219, 219, 219, 152, - 146, 219, 219, 198, 219, 219, 219, 219, 219, 219, - 219, 219, 219, 219, 219, 219, 219, 219, 219, 219, - 219, 219, 219, 219, 54, 219, 219, 219, 186, 219, - 219, 219, 156, 219, 219, 219, 219, 219, 219, 219, - 219, 48, 219, 219, 219, 82, 219, 106, 108, 137, - 219, 219, 219, 110, 219, 219, 163, 219, 219, 219, - 219, 219, 219, 219, 219, 219, 219, 219, 219, 219, - 219, 170, 219, 219, 219, 219, 219, 219, 219, 219, - - 219, 219, 219, 219, 219, 138, 219, 219, 184, 219, - 219, 219, 30, 219, 219, 219, 219, 4, 219, 219, - 93, 219, 219, 219, 219, 219, 219, 219, 219, 219, - 166, 219, 219, 219, 219, 219, 219, 199, 219, 219, - 219, 219, 219, 172, 219, 219, 141, 219, 219, 219, - 219, 219, 219, 219, 219, 57, 219, 31, 190, 167, - 219, 219, 11, 219, 219, 219, 219, 219, 219, 139, - 61, 219, 219, 219, 115, 219, 219, 219, 219, 219, - 95, 219, 219, 219, 219, 219, 219, 219, 171, 90, - 219, 87, 219, 219, 219, 63, 67, 62, 219, 55, - - 219, 219, 10, 219, 219, 219, 188, 219, 219, 114, - 219, 219, 219, 219, 219, 219, 219, 219, 219, 219, - 219, 219, 219, 219, 219, 68, 66, 219, 56, 219, - 219, 219, 128, 219, 219, 140, 219, 219, 219, 219, - 107, 50, 219, 219, 200, 219, 219, 219, 219, 219, - 219, 91, 65, 96, 97, 58, 219, 189, 219, 219, - 219, 165, 219, 219, 219, 219, 219, 219, 219, 219, - 219, 219, 219, 219, 219, 219, 219, 219, 219, 219, - 219, 219, 219, 71, 219, 164, 219, 181, 219, 219, - 219, 219, 219, 219, 5, 219, 219, 219, 219, 219, - - 219, 219, 219, 219, 219, 219, 219, 219, 219, 219, - 219, 219, 94, 219, 219, 219, 219, 219, 219, 124, - 219, 219, 219, 219, 219, 219, 219, 219, 219, 219, - 219, 219, 219, 219, 219, 219, 219, 219, 177, 219, - 219, 219, 219, 219, 219, 219, 219, 219, 219, 219, - 219, 219, 175, 219, 178, 179, 219, 219, 219, 219, - 219, 176, 180, 0 - } ; - -static yyconst YY_CHAR yy_ec[256] = - { 0, - 1, 1, 1, 1, 1, 1, 1, 1, 2, 3, - 1, 1, 4, 1, 1, 1, 1, 1, 1, 1, - 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - 1, 2, 1, 5, 6, 1, 1, 1, 7, 1, - 1, 1, 1, 1, 8, 1, 1, 1, 9, 1, - 10, 11, 1, 12, 1, 1, 1, 13, 1, 1, - 1, 1, 1, 1, 14, 15, 16, 17, 18, 19, - 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, - 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, - 1, 40, 1, 1, 1, 1, 41, 42, 43, 44, - - 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, - 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, - 65, 66, 1, 1, 1, 1, 1, 1, 1, 1, - 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - - 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - 1, 1, 1, 1, 1 - } ; - -static yyconst YY_CHAR yy_meta[67] = - { 0, - 1, 2, 3, 4, 5, 1, 6, 1, 1, 1, - 1, 1, 7, 1, 1, 1, 1, 1, 1, 1, - 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - 1, 1, 1, 1, 1, 1 - } ; - -static yyconst flex_uint16_t yy_base[2179] = - { 0, - 0, 0, 64, 67, 70, 72, 78, 84, 89, 92, - 131, 137, 473, 390, 96, 6214, 6214, 6214, 109, 111, - 142, 180, 86, 133, 138, 172, 50, 151, 91, 181, - 197, 124, 241, 187, 225, 289, 233, 228, 253, 307, - 385, 6214, 6214, 6214, 95, 362, 6214, 6214, 6214, 102, - 331, 364, 6214, 6214, 6214, 311, 317, 6214, 6214, 6214, - 116, 245, 6214, 321, 6214, 265, 328, 221, 334, 160, - 0, 338, 0, 0, 141, 206, 184, 330, 322, 255, - 323, 335, 324, 222, 268, 350, 325, 334, 344, 357, - 358, 352, 367, 364, 389, 160, 361, 388, 394, 214, - - 373, 400, 391, 383, 399, 416, 410, 414, 407, 421, - 437, 424, 448, 425, 434, 178, 431, 464, 441, 460, - 458, 462, 461, 468, 263, 490, 488, 487, 476, 491, - 212, 171, 170, 241, 164, 533, 146, 85, 284, 77, - 539, 543, 0, 509, 511, 534, 526, 536, 523, 530, - 546, 527, 539, 554, 553, 559, 557, 580, 624, 561, - 571, 572, 586, 569, 589, 597, 581, 579, 619, 585, - 609, 610, 646, 612, 627, 570, 622, 661, 630, 626, - 642, 653, 670, 673, 681, 671, 669, 677, 665, 680, - 662, 679, 688, 690, 703, 700, 699, 715, 717, 702, - - 704, 714, 708, 729, 723, 727, 728, 738, 741, 735, - 763, 742, 764, 744, 758, 755, 765, 745, 772, 769, - 760, 784, 761, 789, 778, 782, 792, 810, 813, 578, - 797, 816, 819, 802, 806, 823, 824, 822, 832, 838, - 837, 834, 849, 841, 836, 839, 846, 847, 868, 872, - 853, 866, 859, 881, 873, 876, 883, 886, 878, 902, - 897, 904, 899, 909, 938, 359, 924, 915, 928, 936, - 944, 901, 951, 949, 942, 955, 946, 917, 959, 966, - 961, 971, 970, 984, 987, 977, 994, 996, 999, 998, - 1007, 980, 997, 1017, 1026, 1019, 1071, 1021, 1032, 1043, - - 1030, 1035, 1034, 1044, 1040, 1042, 1055, 1057, 1078, 1084, - 1079, 1100, 1076, 1095, 1101, 1102, 1099, 1092, 1104, 1134, - 1098, 1114, 1121, 1125, 1136, 1140, 1143, 1128, 1142, 1159, - 1149, 1145, 1171, 1151, 1164, 1161, 1174, 1186, 1187, 1173, - 1183, 1189, 1039, 1195, 1202, 1199, 1191, 1200, 1206, 1213, - 1216, 1220, 1230, 1229, 1214, 1236, 6214, 1243, 1227, 1238, - 1240, 1233, 1247, 6214, 1261, 1257, 1255, 1209, 1263, 1273, - 1271, 1260, 1288, 1286, 1296, 1280, 1292, 1295, 1282, 1298, - 1305, 1306, 1310, 1308, 1354, 1316, 1312, 1318, 1345, 1339, - 1329, 1265, 1332, 1347, 1337, 1356, 1363, 1366, 1364, 1383, - - 1387, 1375, 1377, 1393, 6214, 1397, 1376, 1404, 1283, 1395, - 1390, 979, 1411, 1406, 1414, 1415, 1426, 1417, 1425, 1431, - 1420, 1421, 1451, 1442, 1440, 1449, 1465, 1450, 1462, 1470, - 1447, 1466, 1453, 1467, 1469, 1484, 1477, 1483, 1480, 1486, - 1488, 1482, 1476, 1513, 1500, 1504, 1502, 1514, 1517, 1509, - 1529, 1526, 1527, 1533, 1534, 1546, 1542, 1550, 1560, 1561, - 1552, 1555, 1547, 1566, 1573, 1577, 1578, 1557, 1582, 1586, - 1584, 1603, 1588, 1601, 1617, 1595, 1607, 1619, 1602, 1615, - 1622, 1614, 1627, 1636, 1637, 1618, 1648, 1639, 1653, 1642, - 1644, 1649, 1652, 1657, 1647, 1663, 1673, 1667, 1666, 1697, - - 1677, 1679, 1700, 1699, 1704, 1702, 1693, 1692, 1708, 1705, - 1717, 1726, 1732, 1735, 1723, 1736, 1738, 1731, 1742, 1749, - 1752, 1753, 1725, 1774, 1762, 6214, 1758, 1761, 1766, 1787, - 1778, 1776, 1792, 1788, 1779, 1782, 1800, 1843, 6214, 1784, - 6214, 6214, 1795, 6214, 6214, 1822, 1802, 1826, 1815, 1832, - 1805, 1892, 1836, 1819, 1827, 1839, 1847, 1844, 1849, 1860, - 1858, 1879, 1876, 1875, 1885, 1895, 1874, 1906, 1889, 1908, - 1907, 1913, 1903, 1929, 1921, 1920, 1923, 1944, 1941, 1842, - 1934, 1948, 1947, 1949, 1950, 1942, 1959, 1955, 1969, 1963, - 1956, 1971, 1954, 1974, 6214, 1985, 1986, 1996, 1992, 1989, - - 2001, 1990, 1991, 1980, 2022, 6214, 2007, 2008, 2016, 2034, - 2017, 2020, 2019, 2028, 2036, 2046, 2024, 2035, 2044, 2047, - 2043, 2052, 2056, 2062, 2064, 2081, 2092, 2084, 2071, 2083, - 2089, 2072, 2096, 2101, 2099, 2086, 2087, 2106, 2098, 2107, - 2114, 2112, 2120, 2133, 2117, 2116, 2124, 2122, 2125, 2171, - 2156, 2144, 2139, 2143, 2173, 2163, 2167, 2175, 2158, 2179, - 2184, 2181, 2207, 2186, 2183, 2200, 2203, 2219, 2231, 2228, - 75, 2258, 2223, 2224, 2226, 2230, 2244, 2233, 2246, 2247, - 2249, 2251, 2236, 2271, 6214, 2252, 2279, 2273, 2267, 2288, - 2285, 2286, 2287, 2294, 2283, 2307, 2301, 2313, 2302, 2310, - - 2311, 2326, 2327, 2306, 6214, 2325, 2323, 2328, 2329, 2343, - 2352, 2354, 2351, 2340, 2366, 2361, 6214, 2349, 2377, 2379, - 2382, 2375, 2370, 2376, 2369, 2378, 2392, 2373, 2403, 2397, - 2406, 2409, 2415, 6214, 2393, 2407, 2422, 2429, 2430, 2419, - 2440, 2426, 2432, 2425, 2434, 2436, 2453, 2455, 6214, 2450, - 2459, 2454, 2457, 2478, 2480, 2461, 2474, 2483, 2471, 2477, - 2481, 291, 2482, 2485, 2492, 2472, 6214, 2495, 68, 2488, - 2498, 2496, 2531, 2533, 2525, 2532, 2537, 2521, 2522, 2539, - 2538, 2527, 2540, 2541, 2551, 2545, 2561, 2558, 2571, 2559, - 2589, 6214, 2554, 2582, 2583, 2585, 2588, 2566, 2586, 2596, - - 2573, 2602, 2606, 6214, 2620, 2623, 2615, 2616, 2611, 2621, - 2632, 2628, 2618, 2635, 2626, 2643, 2645, 2641, 2653, 2665, - 6214, 2651, 2655, 2667, 2657, 2676, 2678, 2691, 2666, 2683, - 2682, 2688, 2686, 2698, 2684, 2705, 2709, 2710, 2715, 2716, - 2722, 2708, 2718, 2724, 2717, 2712, 2743, 2745, 2747, 2749, - 2772, 2766, 153, 2751, 6214, 2756, 2758, 2750, 2755, 2771, - 2770, 2787, 2782, 2794, 2789, 2791, 2795, 2806, 2785, 2815, - 2807, 2811, 2825, 6214, 2832, 2822, 2817, 2839, 2821, 2840, - 2838, 2829, 2845, 2837, 2853, 2847, 2856, 2859, 2851, 2865, - 2866, 2862, 6214, 2881, 2884, 2885, 2886, 2882, 2876, 2883, - - 2897, 2879, 2887, 2878, 2909, 2905, 2896, 2903, 2906, 2911, - 2926, 2917, 2914, 2913, 2930, 2945, 2928, 2943, 6214, 2940, - 2965, 2941, 2953, 2949, 2956, 2964, 2977, 2967, 2978, 2980, - 2976, 2966, 2973, 2991, 2990, 2992, 2993, 6214, 2998, 2997, - 2970, 3011, 3007, 3012, 3016, 3014, 3025, 3028, 3039, 3029, - 3036, 3048, 3038, 3040, 3043, 3054, 3056, 3066, 3067, 3076, - 6214, 3069, 3074, 3070, 3071, 3080, 3073, 3063, 3113, 3115, - 3072, 3098, 3099, 3101, 3107, 3095, 3104, 3105, 3129, 3108, - 3114, 3124, 3130, 3125, 3132, 3131, 3135, 3134, 3155, 3165, - 3163, 3170, 3156, 3162, 3159, 3185, 6214, 3158, 3184, 3175, - - 3176, 3189, 3186, 3192, 3195, 3182, 3207, 6214, 3199, 6214, - 3216, 3222, 3229, 6214, 3225, 6214, 3228, 3214, 6214, 3232, - 3237, 3224, 3220, 3226, 3231, 3246, 3254, 3256, 3248, 3269, - 3249, 3263, 3273, 3259, 3275, 6214, 3279, 3264, 3285, 3283, - 3287, 3288, 3293, 3294, 3311, 3297, 3320, 3318, 3298, 3307, - 3333, 6214, 3315, 3331, 3332, 3330, 6214, 3328, 3338, 3340, - 3319, 3346, 3345, 3350, 3349, 3368, 3358, 3365, 3372, 3375, - 3357, 3384, 3388, 3389, 3373, 3385, 3383, 3398, 3400, 3399, - 3396, 3401, 3420, 3416, 3411, 3414, 3415, 3410, 3422, 3427, - 3431, 3445, 3430, 3432, 3441, 3443, 6214, 3453, 3440, 3468, - - 3454, 3458, 3466, 3467, 6214, 3484, 6214, 3449, 3486, 3488, - 3487, 3470, 3493, 3491, 3494, 3500, 3497, 3513, 3517, 3508, - 3512, 3510, 3511, 3514, 3526, 3531, 6214, 3520, 3530, 3550, - 3536, 3553, 3549, 3559, 3555, 3565, 3566, 6214, 3570, 3572, - 3573, 3579, 3576, 3582, 6214, 3575, 3578, 3585, 3604, 6214, - 6214, 3577, 3600, 3601, 3602, 3597, 3623, 3603, 3615, 6214, - 3621, 3612, 3622, 3631, 3639, 3640, 3628, 3629, 6214, 3642, - 3638, 3647, 3655, 3656, 3658, 3654, 3660, 3659, 3663, 3674, - 3671, 3651, 3688, 3676, 6214, 3689, 3684, 3696, 3687, 3703, - 3686, 3690, 3704, 3719, 3700, 3698, 3713, 3729, 3726, 3718, - - 3727, 3741, 3749, 3731, 3740, 3723, 3747, 3737, 3760, 3745, - 3763, 3767, 3778, 3774, 6214, 3783, 3762, 3786, 3770, 3779, - 3785, 3787, 3796, 3805, 3800, 3801, 3804, 3806, 6214, 3808, - 3802, 3809, 3811, 3813, 3833, 3822, 3828, 3836, 3825, 6214, - 6214, 3832, 3835, 3854, 3843, 3860, 3862, 3846, 3864, 3848, - 3863, 6214, 3873, 3881, 3866, 3875, 3885, 3889, 3888, 3890, - 3887, 3877, 3884, 3898, 3904, 3900, 3893, 3920, 3911, 3924, - 6214, 3913, 3914, 3916, 3938, 3927, 3930, 3936, 3956, 3949, - 3931, 3947, 3948, 3955, 3964, 3978, 3975, 3954, 3965, 3989, - 6214, 3973, 3982, 3981, 3962, 3995, 3974, 4002, 3991, 6214, - - 4007, 3997, 4006, 4011, 3999, 4020, 4015, 4012, 4022, 4018, - 6214, 4026, 6214, 4029, 4023, 6214, 4024, 4040, 4041, 4034, - 4055, 4057, 4044, 4056, 4048, 4050, 4068, 4071, 4078, 4067, - 6214, 4073, 4062, 4077, 4079, 6214, 4090, 6214, 4093, 6214, - 4087, 4083, 4116, 4101, 4120, 4117, 4122, 4115, 6214, 4124, - 4105, 4126, 4128, 4112, 4129, 4145, 4147, 4108, 4148, 4160, - 6214, 4142, 4150, 6214, 4168, 4138, 4153, 4176, 4175, 6214, - 4169, 4183, 6214, 4174, 4191, 4187, 4189, 4190, 4199, 4202, - 4193, 4203, 4227, 4219, 4212, 4220, 6214, 4214, 4218, 4235, - 4236, 4229, 4222, 4241, 4238, 4246, 4245, 4252, 4260, 4265, - - 4256, 4255, 4266, 4269, 4279, 6214, 4262, 4281, 6214, 4282, - 4270, 4280, 4283, 6214, 4294, 6214, 4296, 4297, 4289, 4306, - 4311, 4310, 4320, 4309, 4326, 4327, 4318, 4340, 4335, 4324, - 6214, 6214, 4334, 4348, 4341, 4352, 4355, 4353, 4342, 4369, - 4361, 4372, 4368, 6214, 4370, 4358, 6214, 4359, 4376, 4371, - 4387, 4386, 4388, 4393, 4389, 4400, 4392, 4405, 4396, 4398, - 6214, 4411, 4401, 4415, 4416, 4419, 4414, 4427, 6214, 4432, - 4445, 4449, 4437, 4441, 4443, 4457, 4460, 4461, 4454, 4465, - 4462, 4482, 4471, 4473, 4480, 4474, 4486, 4477, 4497, 4499, - 4488, 4484, 6214, 4501, 4508, 4498, 4510, 4496, 4513, 4509, - - 4515, 4527, 4526, 4523, 4528, 4532, 6214, 4529, 4525, 4536, - 4530, 4560, 4543, 4564, 4546, 4561, 4553, 4570, 4558, 4575, - 6214, 4557, 4576, 4565, 4573, 4578, 4596, 4602, 4594, 4603, - 4605, 4597, 4588, 4606, 6214, 4598, 6214, 4613, 4615, 4624, - 4626, 4628, 6214, 4629, 4637, 6214, 4640, 4604, 4645, 6214, - 4655, 4654, 4641, 4651, 4660, 6214, 4665, 4664, 4671, 4670, - 4662, 4673, 4668, 4679, 4675, 4682, 6214, 4695, 4701, 4705, - 4703, 4691, 4692, 4700, 4709, 4696, 4710, 4722, 4718, 4707, - 6214, 4717, 4741, 4734, 4739, 4748, 6214, 6214, 4740, 4752, - 4755, 4730, 4761, 6214, 6214, 6214, 4759, 6214, 4745, 6214, - - 6214, 4760, 4764, 4770, 6214, 4771, 6214, 4781, 4777, 4768, - 4772, 4788, 6214, 4782, 4790, 4800, 6214, 4797, 4808, 4789, - 4795, 6214, 4812, 6214, 4813, 4818, 4820, 4817, 4809, 4816, - 4821, 4831, 4832, 4838, 4837, 4824, 4853, 4843, 4844, 4848, - 4857, 4841, 4863, 4858, 4846, 4859, 4864, 4868, 4882, 4873, - 4884, 4880, 4875, 4885, 4900, 4905, 4909, 4878, 4913, 4915, - 6214, 6214, 4899, 4907, 6214, 4901, 4904, 4911, 4919, 4920, - 4930, 4934, 4953, 6214, 4951, 4946, 4940, 4956, 4944, 4947, - 4957, 4960, 4943, 4964, 4968, 4974, 4970, 4978, 4977, 4967, - 4980, 4986, 5003, 5007, 6214, 4989, 4990, 4992, 6214, 6214, - - 4994, 5015, 5012, 5013, 5004, 5024, 5025, 6214, 5017, 5039, - 5026, 5033, 6214, 5047, 6214, 5048, 5031, 5054, 5052, 5061, - 6214, 6214, 6214, 5062, 5042, 5055, 5056, 5066, 5067, 5059, - 5077, 6214, 5081, 5075, 5082, 5086, 5076, 5097, 5093, 5105, - 5111, 5112, 5114, 5103, 5116, 5119, 6214, 6214, 5108, 5131, - 5120, 5127, 5129, 5135, 5141, 5134, 5128, 5146, 5145, 6214, - 5156, 5148, 5147, 5158, 5155, 5160, 5178, 5161, 6214, 6214, - 5162, 5173, 5175, 5190, 5176, 5192, 5184, 5204, 5188, 5205, - 5139, 5210, 5206, 5208, 6214, 5203, 5211, 6214, 5219, 5202, - 5227, 6214, 5217, 6214, 6214, 5225, 6214, 5228, 6214, 5229, - - 5246, 5253, 5254, 5258, 5259, 5260, 5243, 5250, 5267, 5263, - 5262, 6214, 6214, 5272, 5255, 5265, 5270, 5275, 5279, 6214, - 6214, 5290, 5293, 6214, 5276, 5291, 5299, 5289, 5292, 5297, - 5313, 5302, 5306, 5318, 5324, 5329, 5331, 5326, 5338, 5327, - 5323, 5335, 5340, 5341, 6214, 5346, 5352, 5345, 6214, 5366, - 5370, 5368, 6214, 5362, 5378, 5379, 5372, 5369, 5391, 5385, - 5392, 6214, 5394, 5400, 5402, 6214, 5388, 6214, 6214, 6214, - 5411, 5419, 5408, 6214, 5418, 5429, 6214, 5422, 5415, 5412, - 5407, 5443, 5436, 5447, 5437, 5434, 5449, 5440, 5467, 5441, - 5465, 6214, 5450, 5456, 5472, 5460, 5474, 5475, 5464, 5470, - - 5482, 5481, 5477, 5488, 5487, 6214, 5495, 5510, 6214, 5512, - 5502, 5514, 6214, 5520, 5501, 5500, 5505, 6214, 5525, 5517, - 6214, 5513, 5534, 5536, 5530, 5542, 5539, 5538, 5540, 5555, - 6214, 5548, 5544, 5547, 5568, 5569, 5561, 6214, 5573, 5558, - 5585, 5575, 5584, 6214, 5589, 5571, 6214, 5594, 5596, 5583, - 5598, 5607, 5608, 5609, 5610, 6214, 5613, 6214, 6214, 6214, - 5600, 5617, 6214, 5614, 5612, 5611, 5620, 5632, 5628, 6214, - 6214, 5635, 5646, 5645, 6214, 5634, 5637, 5647, 5636, 5659, - 6214, 5658, 5649, 5653, 5651, 5670, 5662, 5663, 6214, 6214, - 5679, 6214, 5682, 5691, 5696, 6214, 6214, 6214, 5701, 6214, - - 5704, 5703, 6214, 5705, 5690, 5697, 6214, 5712, 5698, 6214, - 5702, 5710, 5715, 5721, 5722, 5718, 5731, 5741, 5725, 5729, - 5730, 5748, 5749, 5740, 5755, 6214, 6214, 5761, 6214, 5762, - 5764, 5765, 6214, 5757, 5769, 6214, 5758, 5771, 5768, 5773, - 6214, 6214, 5776, 5784, 6214, 5779, 5788, 5785, 5782, 5786, - 5789, 6214, 6214, 6214, 6214, 6214, 5815, 6214, 5803, 5799, - 5806, 6214, 5800, 5797, 5809, 5821, 5825, 5828, 5812, 5826, - 5831, 5838, 5845, 5856, 5858, 5857, 5855, 5861, 5848, 5847, - 5868, 5863, 5869, 6214, 5864, 6214, 5874, 6214, 5875, 5881, - 5885, 5883, 5886, 5884, 6214, 5891, 5910, 5888, 5896, 5904, - - 5901, 5911, 5922, 5906, 5929, 5934, 5937, 5940, 5941, 5931, - 5944, 5948, 6214, 5952, 5936, 5938, 5956, 5947, 5963, 6214, - 5965, 5961, 5962, 5972, 5977, 5982, 5975, 5990, 5995, 5993, - 5999, 5992, 6000, 6003, 6008, 5997, 6023, 6012, 6214, 6024, - 6027, 6017, 6021, 6033, 6022, 6026, 6046, 6052, 6050, 6062, - 6064, 6058, 6214, 6061, 6214, 6214, 6070, 6059, 6063, 6069, - 6071, 6214, 6214, 6214, 6122, 6129, 6136, 6143, 6150, 100, - 6157, 6164, 6171, 6178, 6185, 6192, 6199, 6206 - } ; - -static yyconst flex_int16_t yy_def[2179] = - { 0, - 2164, 1, 2165, 2165, 2166, 2166, 2167, 2167, 2168, 2168, - 2169, 2169, 2164, 2170, 2164, 2164, 2164, 2164, 2171, 2170, - 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, - 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, - 2172, 2164, 2164, 2164, 2172, 2173, 2164, 2164, 2164, 2173, - 2174, 2164, 2164, 2164, 2164, 2174, 2175, 2164, 2164, 2164, - 2175, 2176, 2164, 2177, 2164, 2176, 2176, 2170, 2170, 2164, - 2178, 2171, 2178, 2171, 2170, 2170, 2170, 2170, 2170, 2170, - 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, - 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, - - 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, - 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, - 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, - 2172, 2172, 2173, 2173, 2174, 2174, 2164, 2175, 2175, 2176, - 2176, 2177, 2177, 2176, 2170, 2170, 2170, 2170, 2170, 2170, - 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, - 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, - 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, - 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, - 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, - - 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, - 2170, 2170, 2170, 2170, 2176, 2170, 2170, 2170, 2170, 2170, - 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, - 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, - 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, - 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, - 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, - 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, - 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, - 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, - - 2176, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, - 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, - 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, - 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, - 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, - 2170, 2170, 2170, 2170, 2170, 2170, 2164, 2170, 2170, 2170, - 2170, 2170, 2170, 2164, 2170, 2170, 2170, 2170, 2170, 2170, - 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, - 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, - 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, - - 2170, 2170, 2170, 2170, 2164, 2176, 2170, 2170, 2170, 2170, - 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, - 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, - 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, - 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, - 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, - 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, - 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, - 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, - 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, - - 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, - 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2176, - 2170, 2170, 2170, 2170, 2170, 2164, 2170, 2170, 2170, 2170, - 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2164, 2170, - 2164, 2164, 2170, 2164, 2164, 2170, 2170, 2170, 2170, 2170, - 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, - 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, - 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, - 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, - 2170, 2170, 2170, 2170, 2164, 2170, 2170, 2170, 2170, 2170, - - 2170, 2170, 2170, 2170, 2170, 2164, 2170, 2170, 2170, 2170, - 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, - 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, - 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, - 2170, 2176, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, - 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, - 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, - 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, - 2170, 2170, 2170, 2170, 2164, 2170, 2170, 2170, 2170, 2170, - 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, - - 2170, 2170, 2170, 2170, 2164, 2170, 2170, 2170, 2170, 2170, - 2170, 2170, 2170, 2170, 2170, 2170, 2164, 2170, 2170, 2170, - 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, - 2170, 2170, 2170, 2164, 2170, 2170, 2170, 2170, 2170, 2170, - 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2164, 2170, - 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, - 2170, 2170, 2170, 2170, 2170, 2170, 2164, 2170, 2176, 2170, - 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, - 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, - 2170, 2164, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, - - 2170, 2170, 2170, 2164, 2170, 2170, 2170, 2170, 2170, 2170, - 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, - 2164, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, - 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, - 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, - 2170, 2170, 2170, 2170, 2164, 2170, 2170, 2170, 2170, 2170, - 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, - 2170, 2170, 2170, 2164, 2170, 2170, 2170, 2170, 2170, 2170, - 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, - 2170, 2170, 2164, 2170, 2170, 2170, 2170, 2170, 2170, 2170, - - 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, - 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2164, 2170, - 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, - 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2164, 2170, 2170, - 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, - 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, - 2164, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, - 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, - 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, - 2170, 2170, 2170, 2170, 2170, 2170, 2164, 2170, 2170, 2170, - - 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2164, 2170, 2164, - 2170, 2170, 2170, 2164, 2170, 2164, 2170, 2170, 2164, 2170, - 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, - 2170, 2170, 2170, 2170, 2170, 2164, 2170, 2170, 2170, 2170, - 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, - 2170, 2164, 2170, 2170, 2170, 2170, 2164, 2170, 2170, 2170, - 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, - 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, - 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, - 2170, 2170, 2170, 2170, 2170, 2170, 2164, 2170, 2170, 2170, - - 2170, 2170, 2170, 2170, 2164, 2170, 2164, 2170, 2170, 2170, - 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, - 2170, 2170, 2170, 2170, 2170, 2170, 2164, 2170, 2170, 2170, - 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2164, 2170, 2170, - 2170, 2170, 2170, 2170, 2164, 2170, 2170, 2170, 2170, 2164, - 2164, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2164, - 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2164, 2170, - 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, - 2170, 2170, 2170, 2170, 2164, 2170, 2170, 2170, 2170, 2170, - 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, - - 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, - 2170, 2170, 2170, 2170, 2164, 2170, 2170, 2170, 2170, 2170, - 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2164, 2170, - 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2164, - 2164, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, - 2170, 2164, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, - 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, - 2164, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, - 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, - 2164, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2164, - - 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, - 2164, 2170, 2164, 2170, 2170, 2164, 2170, 2170, 2170, 2170, - 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, - 2164, 2170, 2170, 2170, 2170, 2164, 2170, 2164, 2170, 2164, - 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2164, 2170, - 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, - 2164, 2170, 2170, 2164, 2170, 2170, 2170, 2170, 2170, 2164, - 2170, 2170, 2164, 2170, 2170, 2170, 2170, 2170, 2170, 2170, - 2170, 2170, 2170, 2170, 2170, 2170, 2164, 2170, 2170, 2170, - 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, - - 2170, 2170, 2170, 2170, 2170, 2164, 2170, 2170, 2164, 2170, - 2170, 2170, 2170, 2164, 2170, 2164, 2170, 2170, 2170, 2170, - 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, - 2164, 2164, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, - 2170, 2170, 2170, 2164, 2170, 2170, 2164, 2170, 2170, 2170, - 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, - 2164, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2164, 2170, - 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, - 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, - 2170, 2170, 2164, 2170, 2170, 2170, 2170, 2170, 2170, 2170, - - 2170, 2170, 2170, 2170, 2170, 2170, 2164, 2170, 2170, 2170, - 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, - 2164, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, - 2170, 2170, 2170, 2170, 2164, 2170, 2164, 2170, 2170, 2170, - 2170, 2170, 2164, 2170, 2170, 2164, 2170, 2170, 2170, 2164, - 2170, 2170, 2170, 2170, 2170, 2164, 2170, 2170, 2170, 2170, - 2170, 2170, 2170, 2170, 2170, 2170, 2164, 2170, 2170, 2170, - 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, - 2164, 2170, 2170, 2170, 2170, 2170, 2164, 2164, 2170, 2170, - 2170, 2170, 2170, 2164, 2164, 2164, 2170, 2164, 2170, 2164, - - 2164, 2170, 2170, 2170, 2164, 2170, 2164, 2170, 2170, 2170, - 2170, 2170, 2164, 2170, 2170, 2170, 2164, 2170, 2170, 2170, - 2170, 2164, 2170, 2164, 2170, 2170, 2170, 2170, 2170, 2170, - 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, - 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, - 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, - 2164, 2164, 2170, 2170, 2164, 2170, 2170, 2170, 2170, 2170, - 2170, 2170, 2170, 2164, 2170, 2170, 2170, 2170, 2170, 2170, - 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, - 2170, 2170, 2170, 2170, 2164, 2170, 2170, 2170, 2164, 2164, - - 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2164, 2170, 2170, - 2170, 2170, 2164, 2170, 2164, 2170, 2170, 2170, 2170, 2170, - 2164, 2164, 2164, 2170, 2170, 2170, 2170, 2170, 2170, 2170, - 2170, 2164, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, - 2170, 2170, 2170, 2170, 2170, 2170, 2164, 2164, 2170, 2170, - 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2164, - 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2164, 2164, - 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, - 2170, 2170, 2170, 2170, 2164, 2170, 2170, 2164, 2170, 2170, - 2170, 2164, 2170, 2164, 2164, 2170, 2164, 2170, 2164, 2170, - - 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, - 2170, 2164, 2164, 2170, 2170, 2170, 2170, 2170, 2170, 2164, - 2164, 2170, 2170, 2164, 2170, 2170, 2170, 2170, 2170, 2170, - 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, - 2170, 2170, 2170, 2170, 2164, 2170, 2170, 2170, 2164, 2170, - 2170, 2170, 2164, 2170, 2170, 2170, 2170, 2170, 2170, 2170, - 2170, 2164, 2170, 2170, 2170, 2164, 2170, 2164, 2164, 2164, - 2170, 2170, 2170, 2164, 2170, 2170, 2164, 2170, 2170, 2170, - 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, - 2170, 2164, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, - - 2170, 2170, 2170, 2170, 2170, 2164, 2170, 2170, 2164, 2170, - 2170, 2170, 2164, 2170, 2170, 2170, 2170, 2164, 2170, 2170, - 2164, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, - 2164, 2170, 2170, 2170, 2170, 2170, 2170, 2164, 2170, 2170, - 2170, 2170, 2170, 2164, 2170, 2170, 2164, 2170, 2170, 2170, - 2170, 2170, 2170, 2170, 2170, 2164, 2170, 2164, 2164, 2164, - 2170, 2170, 2164, 2170, 2170, 2170, 2170, 2170, 2170, 2164, - 2164, 2170, 2170, 2170, 2164, 2170, 2170, 2170, 2170, 2170, - 2164, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2164, 2164, - 2170, 2164, 2170, 2170, 2170, 2164, 2164, 2164, 2170, 2164, - - 2170, 2170, 2164, 2170, 2170, 2170, 2164, 2170, 2170, 2164, - 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, - 2170, 2170, 2170, 2170, 2170, 2164, 2164, 2170, 2164, 2170, - 2170, 2170, 2164, 2170, 2170, 2164, 2170, 2170, 2170, 2170, - 2164, 2164, 2170, 2170, 2164, 2170, 2170, 2170, 2170, 2170, - 2170, 2164, 2164, 2164, 2164, 2164, 2170, 2164, 2170, 2170, - 2170, 2164, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, - 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, - 2170, 2170, 2170, 2164, 2170, 2164, 2170, 2164, 2170, 2170, - 2170, 2170, 2170, 2170, 2164, 2170, 2170, 2170, 2170, 2170, - - 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, - 2170, 2170, 2164, 2170, 2170, 2170, 2170, 2170, 2170, 2164, - 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, - 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2164, 2170, - 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, - 2170, 2170, 2164, 2170, 2164, 2164, 2170, 2170, 2170, 2170, - 2170, 2164, 2164, 0, 2164, 2164, 2164, 2164, 2164, 2164, - 2164, 2164, 2164, 2164, 2164, 2164, 2164, 2164 - } ; - -static yyconst flex_uint16_t yy_nxt[6281] = - { 0, - 14, 15, 16, 17, 18, 19, 18, 14, 14, 14, - 14, 14, 18, 20, 14, 21, 22, 23, 24, 14, - 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, - 35, 36, 37, 38, 39, 14, 14, 14, 14, 40, - 20, 14, 21, 22, 23, 24, 14, 25, 26, 27, - 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, - 38, 39, 14, 14, 14, 14, 42, 43, 44, 42, - 43, 44, 47, 48, 47, 48, 49, 97, 49, 52, - 53, 54, 55, 805, 18, 52, 53, 54, 55, 69, - 18, 58, 59, 60, 58, 59, 60, 70, 131, 131, - - 68, 71, 87, 45, 97, 133, 45, 141, 133, 50, - 73, 50, 73, 73, 69, 73, 141, 56, 99, 138, - 138, 73, 88, 56, 139, 69, 75, 76, 61, 87, - 69, 61, 15, 16, 17, 63, 64, 65, 15, 16, - 17, 63, 64, 65, 77, 99, 89, 137, 74, 88, - 69, 91, 66, 75, 76, 78, 145, 107, 66, 92, - 90, 70, 79, 69, 990, 71, 80, 173, 98, 81, - 67, 77, 69, 89, 131, 131, 67, 69, 91, 66, - 69, 69, 78, 145, 107, 66, 92, 90, 93, 79, - 69, 94, 69, 80, 100, 98, 81, 82, 95, 69, - - 96, 83, 101, 136, 84, 197, 85, 86, 102, 134, - 104, 69, 103, 113, 105, 93, 147, 69, 94, 69, - 69, 100, 146, 69, 82, 95, 69, 96, 83, 101, - 106, 84, 197, 85, 86, 102, 69, 104, 114, 103, - 113, 105, 115, 147, 133, 69, 123, 133, 124, 146, - 179, 132, 116, 69, 126, 117, 157, 106, 108, 127, - 69, 69, 109, 125, 69, 114, 128, 69, 110, 115, - 129, 111, 69, 123, 130, 124, 151, 179, 112, 116, - 69, 126, 117, 157, 141, 108, 127, 138, 138, 109, - 125, 144, 69, 128, 69, 110, 208, 129, 111, 158, - - 897, 130, 69, 151, 141, 112, 118, 69, 68, 119, - 68, 68, 135, 68, 135, 135, 120, 135, 144, 68, - 121, 122, 73, 208, 73, 73, 158, 73, 69, 140, - 69, 140, 140, 118, 140, 68, 119, 68, 68, 73, - 68, 73, 73, 120, 73, 148, 68, 121, 122, 152, - 73, 161, 150, 153, 155, 156, 139, 159, 149, 154, - 143, 69, 69, 69, 69, 137, 162, 163, 166, 69, - 136, 357, 148, 69, 69, 160, 152, 74, 161, 150, - 153, 155, 156, 69, 167, 149, 154, 164, 165, 69, - 168, 69, 174, 162, 163, 166, 69, 69, 69, 180, - - 69, 134, 160, 69, 169, 175, 69, 170, 183, 177, - 182, 167, 69, 178, 164, 165, 181, 168, 184, 174, - 171, 172, 69, 188, 132, 176, 180, 69, 69, 69, - 69, 169, 175, 69, 170, 183, 177, 182, 69, 69, - 178, 185, 186, 181, 187, 184, 69, 171, 172, 69, - 188, 189, 176, 69, 190, 69, 192, 194, 191, 195, - 69, 193, 198, 69, 69, 196, 201, 202, 185, 186, - 69, 187, 2164, 69, 2164, 204, 69, 2164, 189, 2164, - 69, 190, 203, 192, 194, 191, 195, 69, 193, 198, - 199, 206, 196, 201, 200, 205, 207, 69, 2164, 69, - - 69, 69, 204, 69, 209, 211, 213, 69, 214, 203, - 2164, 212, 2164, 2164, 2164, 69, 2164, 199, 206, 2164, - 2164, 200, 205, 207, 215, 210, 69, 69, 216, 69, - 69, 209, 211, 213, 135, 214, 135, 135, 212, 135, - 140, 217, 140, 140, 73, 140, 73, 73, 141, 73, - 69, 215, 210, 218, 220, 216, 219, 221, 2164, 223, - 224, 225, 69, 222, 229, 69, 69, 226, 2164, 69, - 227, 2164, 228, 69, 238, 69, 2164, 258, 69, 2164, - 218, 220, 143, 219, 221, 69, 223, 224, 316, 240, - 222, 230, 69, 69, 226, 231, 69, 227, 69, 228, - - 69, 238, 239, 241, 242, 243, 246, 245, 69, 69, - 69, 69, 232, 2164, 244, 249, 240, 69, 69, 69, - 69, 2164, 231, 2164, 69, 69, 250, 251, 69, 239, - 241, 242, 243, 246, 245, 259, 69, 262, 2164, 232, - 233, 244, 249, 247, 256, 234, 248, 263, 69, 69, - 235, 69, 2164, 250, 251, 257, 236, 237, 69, 252, - 265, 69, 259, 69, 253, 69, 69, 233, 260, 69, - 247, 256, 234, 248, 263, 264, 254, 235, 255, 261, - 267, 69, 257, 236, 237, 69, 252, 266, 268, 2164, - 269, 253, 69, 2164, 270, 271, 274, 272, 273, 275, - - 69, 69, 264, 254, 69, 255, 261, 277, 69, 69, - 69, 284, 69, 276, 266, 287, 69, 269, 69, 69, - 69, 270, 271, 274, 272, 273, 275, 69, 279, 69, - 278, 280, 281, 282, 277, 291, 283, 289, 69, 69, - 276, 69, 69, 69, 285, 286, 290, 69, 294, 297, - 2164, 2164, 304, 69, 69, 279, 69, 278, 280, 281, - 282, 288, 69, 283, 289, 293, 69, 69, 69, 292, - 295, 285, 286, 290, 69, 294, 306, 69, 298, 300, - 69, 69, 301, 69, 69, 303, 302, 307, 288, 305, - 2164, 309, 293, 296, 69, 299, 292, 141, 311, 69, - - 69, 2164, 69, 69, 69, 298, 300, 313, 69, 301, - 308, 69, 303, 302, 307, 310, 305, 69, 309, 312, - 296, 69, 299, 69, 314, 311, 315, 317, 69, 318, - 320, 69, 319, 321, 313, 2164, 69, 308, 322, 325, - 323, 69, 310, 324, 327, 69, 312, 328, 330, 69, - 2164, 314, 69, 315, 317, 69, 318, 320, 69, 319, - 321, 69, 69, 69, 326, 322, 329, 323, 331, 332, - 324, 69, 334, 69, 328, 69, 69, 69, 69, 333, - 69, 335, 338, 337, 2164, 69, 69, 336, 69, 339, - 343, 326, 69, 329, 340, 331, 332, 2164, 69, 334, - - 342, 344, 345, 341, 2164, 69, 333, 69, 335, 338, - 337, 69, 69, 364, 336, 69, 339, 69, 350, 351, - 69, 340, 69, 346, 353, 69, 2164, 342, 344, 345, - 341, 347, 348, 354, 349, 2164, 69, 352, 69, 358, - 69, 69, 2164, 69, 359, 350, 351, 360, 69, 370, - 346, 353, 355, 356, 69, 361, 69, 362, 347, 348, - 354, 349, 366, 69, 352, 363, 358, 69, 365, 367, - 369, 359, 368, 372, 360, 69, 370, 69, 374, 355, - 356, 69, 361, 69, 362, 69, 371, 375, 69, 366, - 69, 526, 363, 373, 69, 365, 367, 369, 69, 368, - - 69, 376, 378, 380, 379, 69, 385, 377, 2164, 69, - 69, 2164, 389, 371, 375, 386, 69, 384, 69, 69, - 373, 2164, 381, 69, 390, 382, 69, 383, 376, 378, - 380, 379, 387, 69, 377, 69, 69, 69, 69, 389, - 388, 392, 386, 391, 384, 394, 69, 410, 402, 381, - 404, 390, 382, 403, 383, 405, 69, 393, 69, 387, - 69, 408, 2164, 406, 452, 69, 407, 388, 392, 141, - 391, 69, 394, 69, 69, 402, 409, 411, 69, 69, - 403, 69, 69, 69, 393, 395, 396, 412, 408, 413, - 406, 452, 2164, 407, 69, 397, 69, 398, 399, 400, - - 2164, 415, 401, 409, 411, 414, 416, 417, 418, 421, - 69, 2164, 395, 396, 412, 69, 413, 69, 69, 419, - 423, 424, 397, 69, 398, 399, 400, 420, 415, 401, - 427, 69, 414, 416, 69, 418, 422, 69, 69, 69, - 69, 69, 428, 69, 425, 426, 419, 423, 424, 429, - 431, 430, 2164, 69, 420, 2164, 432, 427, 435, 433, - 69, 2164, 441, 422, 69, 2164, 2164, 69, 436, 428, - 440, 444, 443, 69, 434, 69, 429, 431, 430, 69, - 437, 69, 69, 432, 69, 435, 433, 442, 69, 441, - 69, 438, 446, 439, 445, 436, 450, 440, 69, 443, - - 69, 434, 447, 69, 448, 449, 451, 437, 453, 454, - 69, 2164, 69, 69, 442, 455, 476, 457, 438, 446, - 439, 445, 69, 450, 456, 69, 69, 458, 69, 447, - 69, 448, 449, 451, 69, 453, 461, 459, 69, 69, - 460, 69, 455, 462, 457, 69, 463, 464, 69, 465, - 2164, 456, 69, 69, 458, 69, 466, 2164, 468, 69, - 467, 469, 2164, 461, 459, 470, 69, 460, 69, 69, - 462, 471, 69, 463, 464, 69, 465, 69, 507, 69, - 480, 475, 69, 466, 477, 468, 69, 467, 469, 474, - 478, 472, 470, 473, 69, 481, 69, 479, 471, 69, - - 69, 482, 69, 483, 69, 507, 485, 480, 475, 486, - 69, 477, 69, 523, 489, 488, 474, 478, 472, 69, - 473, 69, 69, 491, 479, 69, 484, 69, 482, 487, - 2164, 69, 490, 485, 69, 69, 486, 69, 492, 493, - 523, 489, 488, 501, 69, 69, 502, 69, 500, 69, - 491, 69, 503, 484, 505, 69, 487, 69, 2164, 490, - 509, 506, 504, 2164, 510, 492, 493, 494, 69, 508, - 501, 69, 495, 502, 496, 500, 69, 2164, 69, 2164, - 511, 505, 497, 521, 69, 498, 69, 509, 506, 504, - 512, 510, 499, 69, 494, 69, 508, 513, 514, 495, - - 515, 496, 69, 69, 518, 69, 517, 511, 516, 497, - 525, 519, 498, 520, 69, 69, 69, 512, 527, 499, - 524, 529, 69, 2164, 513, 514, 69, 515, 522, 69, - 528, 518, 69, 517, 69, 516, 141, 525, 519, 530, - 520, 531, 533, 69, 532, 69, 534, 524, 535, 537, - 69, 536, 541, 69, 69, 522, 69, 528, 538, 69, - 69, 542, 544, 539, 69, 69, 530, 540, 531, 533, - 69, 532, 543, 534, 545, 535, 537, 546, 536, 69, - 547, 69, 2164, 548, 549, 551, 69, 550, 69, 69, - 69, 552, 69, 553, 540, 557, 2164, 555, 2164, 558, - - 2164, 69, 559, 2164, 69, 69, 69, 547, 69, 69, - 548, 549, 551, 554, 550, 69, 69, 564, 556, 69, - 553, 69, 69, 69, 555, 69, 558, 69, 560, 559, - 563, 566, 565, 561, 567, 568, 569, 562, 2164, 69, - 554, 69, 571, 69, 564, 556, 2164, 570, 69, 572, - 2164, 574, 69, 69, 582, 560, 69, 563, 566, 565, - 561, 567, 568, 575, 562, 69, 69, 2164, 69, 571, - 576, 573, 69, 69, 570, 577, 572, 578, 574, 581, - 580, 69, 579, 2164, 583, 69, 69, 587, 584, 69, - 575, 69, 585, 589, 69, 586, 69, 576, 573, 69, - - 69, 590, 577, 592, 578, 69, 581, 580, 588, 579, - 591, 583, 69, 2164, 587, 584, 69, 69, 593, 585, - 596, 69, 586, 69, 594, 69, 598, 69, 590, 595, - 592, 2164, 597, 599, 69, 588, 600, 601, 603, 2164, - 69, 69, 69, 605, 604, 593, 69, 596, 606, 2164, - 607, 2164, 602, 69, 69, 608, 69, 69, 69, 597, - 599, 69, 609, 600, 601, 603, 69, 611, 617, 2164, - 610, 604, 612, 616, 613, 69, 69, 607, 69, 602, - 614, 69, 608, 69, 615, 2164, 69, 69, 69, 609, - 618, 69, 69, 621, 611, 617, 69, 610, 620, 612, - - 616, 613, 69, 619, 622, 69, 69, 614, 623, 2164, - 624, 615, 69, 625, 2164, 626, 69, 618, 69, 628, - 621, 629, 2164, 630, 632, 620, 2164, 627, 2164, 2164, - 619, 69, 69, 631, 633, 623, 69, 624, 69, 69, - 625, 69, 626, 69, 69, 634, 628, 69, 629, 635, - 630, 632, 636, 637, 627, 638, 69, 640, 645, 639, - 631, 633, 69, 641, 69, 69, 642, 643, 650, 644, - 69, 69, 634, 2164, 69, 69, 635, 69, 2164, 636, - 637, 69, 638, 648, 640, 645, 639, 646, 141, 649, - 641, 69, 69, 642, 643, 647, 644, 69, 651, 655, - - 69, 69, 653, 652, 2164, 69, 654, 2164, 656, 657, - 648, 665, 672, 69, 646, 69, 649, 69, 69, 658, - 668, 69, 647, 69, 666, 651, 69, 69, 670, 653, - 652, 69, 659, 654, 69, 656, 657, 2164, 665, 69, - 2164, 69, 669, 667, 69, 671, 658, 668, 2164, 707, - 2164, 666, 681, 680, 69, 670, 685, 682, 69, 659, - 660, 69, 684, 2164, 661, 69, 69, 662, 686, 669, - 667, 69, 671, 687, 663, 69, 683, 664, 69, 681, - 680, 69, 69, 69, 682, 688, 69, 660, 69, 684, - 691, 661, 689, 690, 662, 686, 2164, 69, 694, 69, - - 687, 663, 692, 683, 664, 673, 674, 2164, 675, 693, - 2164, 676, 688, 69, 69, 69, 677, 691, 69, 689, - 690, 696, 678, 679, 69, 694, 699, 698, 69, 692, - 700, 69, 673, 674, 69, 675, 693, 695, 676, 697, - 704, 708, 69, 677, 703, 69, 69, 69, 696, 678, - 679, 702, 69, 699, 698, 701, 705, 700, 706, 69, - 69, 720, 69, 709, 695, 710, 697, 704, 69, 711, - 712, 703, 713, 69, 715, 717, 714, 718, 702, 2164, - 69, 69, 701, 69, 2164, 706, 69, 69, 69, 69, - 709, 719, 710, 69, 69, 69, 711, 712, 69, 713, - - 716, 715, 69, 714, 718, 721, 722, 723, 69, 725, - 69, 724, 729, 69, 727, 726, 730, 728, 719, 69, - 734, 733, 2164, 2164, 69, 69, 2164, 716, 69, 69, - 69, 69, 721, 722, 723, 69, 725, 731, 724, 729, - 69, 727, 726, 730, 728, 732, 69, 69, 733, 735, - 737, 736, 738, 739, 743, 69, 69, 741, 69, 69, - 740, 69, 742, 69, 731, 745, 744, 69, 749, 747, - 748, 746, 732, 69, 69, 69, 735, 737, 736, 738, - 739, 743, 69, 69, 741, 69, 69, 740, 752, 742, - 751, 69, 745, 744, 750, 69, 747, 748, 746, 753, - - 754, 69, 755, 69, 2164, 759, 758, 756, 761, 760, - 69, 69, 764, 765, 762, 757, 763, 751, 2164, 767, - 69, 750, 69, 69, 769, 69, 69, 754, 69, 755, - 766, 69, 759, 758, 756, 69, 760, 69, 69, 764, - 69, 762, 757, 763, 768, 69, 69, 770, 772, 771, - 774, 141, 773, 69, 775, 69, 69, 766, 776, 69, - 784, 69, 2164, 69, 69, 791, 785, 2164, 2164, 783, - 792, 768, 69, 2164, 770, 772, 771, 774, 69, 773, - 786, 775, 69, 69, 789, 776, 777, 784, 778, 787, - 788, 2164, 779, 785, 780, 69, 783, 69, 2164, 781, - - 794, 790, 69, 798, 782, 793, 69, 786, 795, 799, - 69, 789, 69, 777, 69, 778, 787, 788, 69, 779, - 69, 780, 69, 69, 796, 69, 781, 794, 790, 801, - 798, 782, 793, 800, 797, 795, 799, 802, 803, 69, - 804, 812, 69, 2164, 2164, 2164, 69, 811, 821, 2164, - 816, 796, 813, 2164, 814, 2164, 801, 815, 69, 823, - 800, 797, 69, 69, 802, 69, 817, 69, 812, 69, - 69, 806, 69, 818, 811, 69, 807, 816, 808, 813, - 819, 814, 820, 69, 815, 69, 69, 822, 69, 809, - 69, 69, 826, 817, 824, 827, 810, 69, 806, 2164, - - 818, 2164, 828, 807, 825, 808, 69, 819, 830, 820, - 69, 832, 69, 841, 822, 831, 809, 829, 69, 826, - 2164, 824, 69, 810, 69, 69, 69, 69, 833, 828, - 835, 825, 834, 69, 836, 830, 837, 2164, 832, 2164, - 69, 69, 831, 838, 829, 69, 69, 839, 840, 69, - 69, 842, 69, 850, 843, 833, 845, 835, 844, 834, - 846, 836, 69, 837, 69, 69, 69, 69, 69, 847, - 838, 848, 849, 851, 839, 840, 862, 853, 842, 69, - 850, 843, 69, 845, 854, 844, 852, 846, 69, 855, - 69, 69, 856, 69, 2164, 857, 847, 858, 848, 849, - - 69, 859, 860, 861, 853, 69, 865, 864, 69, 69, - 863, 871, 69, 852, 69, 69, 69, 69, 69, 856, - 866, 69, 857, 868, 858, 867, 869, 2164, 859, 860, - 861, 69, 69, 865, 864, 872, 69, 863, 871, 870, - 873, 874, 69, 882, 2164, 69, 69, 866, 69, 876, - 868, 875, 867, 869, 69, 877, 878, 880, 69, 881, - 2164, 69, 872, 879, 69, 69, 870, 873, 69, 69, - 883, 69, 884, 69, 886, 69, 876, 887, 875, 69, - 885, 888, 877, 878, 880, 889, 881, 890, 891, 69, - 879, 892, 69, 69, 69, 893, 69, 883, 69, 884, - - 69, 886, 894, 895, 887, 896, 899, 885, 888, 901, - 69, 69, 898, 69, 903, 891, 69, 69, 892, 69, - 69, 69, 69, 900, 69, 904, 902, 69, 905, 894, - 895, 69, 896, 899, 69, 69, 901, 69, 906, 898, - 907, 903, 908, 2164, 2164, 2164, 909, 911, 912, 2164, - 900, 2164, 904, 902, 910, 905, 913, 919, 915, 916, - 69, 69, 2164, 2164, 69, 914, 69, 927, 917, 908, - 69, 69, 69, 909, 911, 912, 69, 69, 69, 69, - 69, 910, 918, 913, 69, 915, 916, 920, 921, 922, - 69, 923, 914, 69, 927, 917, 932, 69, 69, 928, - - 69, 2164, 929, 931, 935, 69, 924, 933, 2164, 918, - 69, 930, 69, 934, 920, 921, 922, 925, 923, 936, - 926, 69, 69, 932, 69, 69, 928, 69, 69, 929, - 931, 935, 938, 924, 933, 69, 940, 937, 930, 939, - 934, 69, 942, 941, 925, 69, 936, 926, 943, 946, - 69, 944, 945, 2164, 69, 69, 948, 69, 954, 69, - 69, 949, 69, 940, 937, 69, 939, 69, 947, 942, - 941, 69, 950, 951, 69, 943, 946, 2164, 944, 945, - 69, 955, 69, 948, 69, 952, 953, 956, 949, 957, - 69, 968, 69, 958, 69, 947, 69, 962, 960, 950, - - 951, 965, 959, 961, 69, 69, 69, 964, 955, 963, - 2164, 966, 952, 953, 956, 69, 957, 69, 969, 967, - 958, 69, 69, 69, 962, 69, 970, 69, 965, 959, - 69, 971, 972, 973, 964, 974, 963, 69, 966, 976, - 975, 977, 979, 978, 69, 969, 967, 69, 69, 69, - 980, 69, 981, 970, 69, 69, 69, 69, 971, 972, - 973, 69, 974, 69, 982, 983, 976, 975, 977, 979, - 978, 2164, 992, 2164, 991, 2164, 995, 2164, 996, 989, - 994, 2164, 69, 997, 69, 993, 69, 2164, 69, 69, - 69, 982, 983, 984, 69, 69, 998, 69, 985, 992, - - 986, 991, 987, 995, 988, 69, 989, 994, 999, 69, - 69, 69, 993, 1000, 1001, 1002, 1004, 1003, 2164, 1008, - 984, 69, 1006, 998, 69, 985, 69, 986, 69, 987, - 69, 988, 1007, 69, 69, 999, 1005, 1010, 1009, 1012, - 1000, 1001, 1002, 1004, 1003, 69, 69, 1011, 1013, 1006, - 69, 1014, 1016, 1015, 69, 1017, 69, 1019, 2164, 1007, - 69, 69, 1018, 1005, 69, 1009, 1012, 1022, 69, 1020, - 1021, 69, 1024, 1023, 1011, 1013, 69, 69, 69, 69, - 1015, 1025, 1017, 1026, 69, 1027, 69, 1028, 1029, 1018, - 69, 1030, 69, 1032, 1022, 69, 1020, 1021, 69, 1024, - - 1023, 69, 1031, 1033, 69, 69, 1035, 1034, 1025, 1036, - 1026, 1037, 1027, 1039, 1028, 69, 1040, 69, 69, 1038, - 69, 69, 69, 69, 69, 69, 69, 1044, 1043, 1031, - 1033, 1041, 1045, 1035, 1034, 69, 69, 1042, 1037, 1047, - 1039, 1046, 69, 1050, 69, 69, 1038, 1051, 69, 1048, - 69, 1049, 69, 69, 1044, 1043, 69, 1052, 1041, 1045, - 1054, 2164, 1058, 1053, 1042, 69, 1047, 69, 1046, 69, - 1050, 1055, 1056, 1059, 1051, 1060, 1048, 1057, 1049, 69, - 69, 1063, 69, 1061, 69, 1066, 1062, 1054, 69, 1058, - 1053, 1064, 69, 1065, 2164, 69, 1067, 1069, 1055, 1068, - - 1059, 1077, 1060, 69, 69, 69, 69, 1072, 1063, 69, - 1061, 1070, 69, 1062, 1075, 69, 69, 69, 1064, 69, - 1065, 1071, 1073, 1067, 1069, 1074, 1068, 1076, 1077, 69, - 69, 69, 69, 1079, 1072, 1078, 69, 69, 1070, 1080, - 2164, 1075, 1083, 1081, 2164, 1082, 69, 1084, 1071, 1073, - 69, 69, 1074, 69, 1076, 69, 1085, 1087, 1090, 1086, - 1079, 1088, 1078, 1093, 69, 1089, 1080, 69, 69, 1083, - 1081, 1092, 1082, 1094, 1084, 69, 1091, 69, 69, 69, - 1095, 1097, 69, 1085, 1087, 1090, 1086, 69, 1088, 1096, - 1098, 1099, 1089, 69, 1103, 69, 2164, 1101, 1092, 1102, - - 2164, 1100, 69, 1091, 1108, 69, 69, 1095, 69, 69, - 69, 69, 69, 69, 1112, 69, 1096, 1098, 1099, 69, - 1104, 1103, 1106, 1115, 1101, 1105, 1102, 1107, 1100, 1109, - 1110, 1108, 1111, 1113, 69, 1114, 1116, 69, 69, 1117, - 69, 2164, 2164, 69, 69, 1118, 69, 69, 1124, 1125, - 1115, 1121, 69, 69, 69, 1119, 1109, 1110, 1123, 1111, - 1113, 1120, 1114, 69, 69, 1122, 1117, 2164, 69, 69, - 69, 69, 1118, 69, 69, 1124, 1125, 1127, 1121, 1126, - 1128, 1130, 1119, 1131, 1132, 1123, 1129, 1138, 1120, 1144, - 1136, 2164, 1122, 1139, 69, 69, 2164, 69, 69, 1133, - - 2164, 69, 69, 1134, 69, 1140, 1126, 1128, 1130, 69, - 1131, 1132, 1137, 1129, 69, 69, 1135, 1136, 1141, 1145, - 1139, 69, 1142, 69, 69, 69, 1133, 1143, 69, 1146, - 1134, 69, 1140, 1147, 69, 1148, 1149, 1150, 69, 1137, - 1151, 2164, 1152, 1135, 2164, 1141, 69, 1153, 1158, 1142, - 1154, 1155, 1157, 69, 1143, 69, 1146, 1156, 2164, 69, - 1147, 69, 1148, 69, 69, 69, 1160, 69, 69, 1152, - 69, 69, 1161, 1159, 1153, 1158, 69, 1154, 1155, 1157, - 1162, 2164, 1163, 1164, 1156, 69, 1165, 69, 69, 1166, - 1167, 1169, 1168, 69, 1170, 69, 1172, 2164, 69, 1161, - - 1159, 2164, 69, 69, 1173, 1181, 2164, 1162, 69, 1163, - 1164, 1171, 69, 1165, 69, 1176, 1166, 1167, 69, 1168, - 1174, 1170, 69, 1172, 69, 1175, 69, 69, 1177, 1178, - 2164, 1173, 69, 69, 1179, 1180, 69, 69, 1171, 1182, - 1183, 1184, 1176, 1185, 2164, 2164, 69, 1174, 1187, 1191, - 69, 1189, 1175, 1190, 69, 1177, 1178, 69, 69, 69, - 1193, 1179, 1180, 1186, 1188, 1199, 1182, 69, 1184, 69, - 69, 69, 69, 1192, 1194, 1187, 1191, 69, 1189, 69, - 1190, 1195, 1200, 1196, 69, 69, 1197, 1193, 69, 69, - 1186, 1188, 1202, 1201, 1203, 1205, 69, 69, 1198, 1204, - - 1192, 1194, 1206, 1207, 69, 1210, 1212, 69, 1195, 1200, - 1196, 69, 69, 1197, 69, 1209, 1208, 1211, 1214, 1202, - 1201, 1203, 69, 69, 69, 1198, 1204, 69, 69, 1206, - 1207, 1213, 1215, 1216, 2164, 69, 1220, 69, 69, 69, - 69, 1217, 1209, 1208, 1211, 1214, 1218, 1219, 1221, 69, - 69, 1222, 1224, 69, 69, 69, 1223, 2164, 1213, 69, - 1216, 69, 1225, 1220, 1226, 1229, 69, 1227, 1217, 69, - 69, 69, 1230, 1218, 1219, 1221, 1228, 1233, 1222, 69, - 69, 1232, 69, 1223, 69, 1231, 1239, 1234, 69, 1225, - 1235, 1226, 69, 69, 1227, 1236, 2164, 69, 1240, 1230, - - 1241, 1243, 1242, 1228, 1233, 69, 69, 69, 1232, 69, - 1244, 1237, 1231, 1239, 1234, 1246, 1238, 1235, 1248, 1245, - 1252, 1249, 1236, 69, 1251, 69, 69, 69, 1243, 1242, - 69, 1247, 69, 69, 1250, 1254, 69, 1244, 1237, 69, - 1256, 1255, 1246, 1238, 1253, 1248, 1245, 69, 1249, 69, - 69, 69, 69, 69, 1257, 1258, 69, 1259, 1247, 69, - 1260, 1250, 1254, 1261, 1262, 69, 1264, 1256, 1255, 69, - 69, 1253, 1265, 1270, 1263, 69, 1267, 1272, 1271, 1268, - 1274, 1257, 1258, 1276, 1259, 1279, 1266, 1260, 69, 69, - 1261, 1262, 69, 1264, 69, 1269, 1275, 2164, 69, 1265, - - 1277, 1263, 1273, 1267, 69, 69, 1268, 1278, 1283, 69, - 1280, 69, 69, 1266, 69, 69, 69, 69, 69, 1281, - 1284, 69, 1269, 1275, 69, 1282, 1285, 1277, 1287, 1273, - 1288, 1289, 1286, 1291, 1278, 1283, 69, 1280, 1293, 69, - 69, 69, 69, 69, 1292, 1290, 1281, 1284, 1294, 1297, - 1300, 69, 1282, 1285, 69, 1287, 1295, 1296, 1289, 1286, - 69, 69, 69, 1311, 1298, 1293, 1307, 69, 69, 1299, - 69, 1292, 1290, 1301, 1302, 1294, 1297, 69, 69, 69, - 1303, 69, 1304, 1295, 1296, 1305, 69, 1308, 1313, 1310, - 69, 1298, 1306, 69, 69, 69, 1299, 69, 69, 69, - - 1301, 1302, 69, 1312, 1309, 1315, 1314, 1303, 1316, 1304, - 69, 1317, 1305, 69, 1308, 69, 1310, 1318, 1319, 1306, - 2164, 1323, 1324, 69, 1320, 69, 69, 69, 69, 69, - 1312, 1309, 1315, 1314, 1321, 69, 1322, 69, 1317, 69, - 1325, 2164, 69, 69, 1318, 1319, 1326, 1327, 1323, 1324, - 1329, 1320, 69, 1331, 1330, 1335, 1332, 69, 69, 1336, - 1328, 1321, 69, 1322, 1333, 69, 69, 1325, 69, 1337, - 69, 1334, 1338, 1326, 1327, 1340, 69, 1329, 1339, 69, - 69, 1330, 1335, 1341, 69, 1342, 69, 1328, 69, 1343, - 1344, 1333, 1345, 1346, 1348, 2164, 1337, 1349, 1334, 69, - - 1350, 69, 69, 1351, 2164, 1339, 69, 1347, 2164, 69, - 1341, 1358, 2164, 69, 2164, 1360, 1343, 69, 69, 1345, - 1361, 1348, 69, 1364, 69, 69, 69, 1350, 1362, 1352, - 1353, 1354, 1356, 1357, 1347, 69, 1355, 1370, 1359, 69, - 69, 69, 1363, 69, 69, 69, 1366, 69, 69, 1369, - 69, 1365, 69, 1371, 1367, 1362, 1352, 1353, 1354, 1356, - 1357, 69, 1368, 1355, 69, 1359, 1373, 69, 1372, 1363, - 1374, 69, 69, 1366, 69, 69, 1369, 1378, 1365, 1375, - 1371, 1367, 69, 1376, 1377, 69, 1379, 69, 1382, 1368, - 1381, 1380, 1385, 69, 1384, 1372, 1386, 1374, 1383, 69, - - 1387, 69, 69, 69, 1378, 69, 1375, 1388, 1389, 1390, - 1376, 1377, 69, 1379, 69, 1391, 69, 1381, 1380, 1393, - 69, 1384, 1392, 69, 69, 1383, 69, 69, 69, 69, - 1394, 1395, 69, 1396, 1388, 1389, 1390, 69, 1397, 69, - 1398, 1401, 1391, 69, 1400, 1404, 1393, 1402, 1406, 1392, - 69, 1405, 69, 69, 1403, 69, 1399, 1394, 1395, 69, - 1396, 1409, 1413, 69, 1410, 1397, 69, 1398, 1401, 69, - 69, 1400, 1404, 1411, 1402, 69, 1414, 69, 1405, 1407, - 1412, 1403, 1417, 1399, 1408, 1415, 69, 69, 69, 1419, - 1416, 1410, 1418, 69, 69, 69, 1420, 1421, 1422, 1424, - - 1411, 69, 1425, 69, 69, 1423, 1407, 1412, 1426, 1427, - 1430, 1408, 69, 69, 69, 1428, 1419, 69, 1431, 1418, - 69, 69, 1429, 1432, 1421, 1422, 1424, 1434, 69, 1436, - 69, 1433, 1423, 1435, 69, 1426, 69, 1430, 69, 1438, - 1437, 69, 1428, 1439, 1440, 69, 69, 1441, 1442, 1429, - 69, 69, 2164, 1444, 69, 1445, 1436, 69, 1433, 69, - 1435, 69, 69, 69, 1443, 69, 1438, 1437, 69, 1447, - 1439, 1440, 1446, 69, 1441, 1442, 1448, 1449, 1450, 69, - 69, 1451, 1445, 69, 1452, 1454, 1456, 69, 1453, 69, - 2164, 1443, 1458, 1455, 69, 69, 69, 1457, 1459, 1446, - - 1460, 69, 1461, 1448, 1449, 1450, 69, 69, 1451, 1464, - 69, 1452, 69, 1456, 1463, 1453, 69, 69, 69, 1458, - 1455, 1462, 69, 1465, 1457, 1459, 69, 1460, 2164, 69, - 1466, 1468, 69, 1467, 1469, 1470, 1464, 1472, 2164, 1473, - 69, 1463, 2164, 1471, 69, 1475, 1479, 69, 1462, 1474, - 2164, 69, 1486, 1476, 69, 69, 69, 1466, 1468, 69, - 1467, 69, 1470, 69, 1472, 69, 1473, 69, 69, 1477, - 1471, 1478, 1475, 1479, 1483, 1480, 1474, 69, 1481, 1486, - 1476, 69, 1484, 1487, 69, 1485, 69, 69, 2164, 69, - 1490, 1482, 69, 1488, 1489, 2164, 1477, 1491, 1478, 69, - - 1492, 1483, 1480, 1493, 1496, 1481, 1495, 69, 69, 1484, - 1487, 2164, 1485, 69, 69, 69, 1497, 1490, 1482, 1498, - 1488, 1489, 69, 1499, 1491, 1494, 69, 1492, 69, 69, - 69, 1496, 69, 1495, 1501, 1500, 1502, 1503, 69, 2164, - 1504, 69, 69, 1497, 1506, 1505, 1498, 1507, 1511, 1508, - 1499, 69, 1494, 69, 1510, 1512, 1509, 69, 69, 69, - 1513, 69, 1500, 1502, 1503, 1515, 69, 1504, 69, 1514, - 1519, 1506, 1505, 1516, 69, 69, 1508, 69, 1521, 1524, - 69, 1510, 1512, 1509, 69, 69, 1517, 1513, 1520, 1518, - 1522, 69, 1515, 2164, 69, 69, 1514, 1519, 1525, 69, - - 1516, 69, 1527, 1523, 69, 69, 1524, 1526, 69, 69, - 1528, 1529, 1530, 1517, 1531, 1520, 1518, 1522, 69, 69, - 69, 69, 69, 1535, 1532, 1525, 1533, 1534, 69, 1527, - 1523, 1536, 1537, 69, 1526, 69, 69, 1528, 1529, 1530, - 1538, 1531, 1539, 1541, 1540, 69, 1546, 1542, 69, 69, - 69, 1532, 1543, 1533, 1534, 1544, 1545, 69, 1536, 69, - 2164, 1547, 1549, 69, 1550, 69, 69, 1538, 1551, 1539, - 1541, 1540, 1553, 69, 69, 1548, 1554, 1552, 1555, 69, - 69, 69, 1544, 1545, 1556, 1557, 1558, 69, 1547, 1549, - 1559, 69, 69, 1561, 69, 1551, 1560, 69, 69, 1553, - - 69, 1567, 1548, 1564, 1552, 1555, 1562, 69, 69, 69, - 69, 69, 1557, 1558, 1563, 69, 1568, 1559, 1565, 1569, - 1561, 1566, 1570, 1560, 2164, 69, 69, 69, 69, 1572, - 1564, 69, 69, 1562, 1571, 69, 1574, 69, 1578, 69, - 69, 1563, 1573, 1568, 69, 1565, 1569, 1576, 1566, 1570, - 69, 1575, 1577, 69, 69, 69, 1572, 1581, 69, 1580, - 1579, 1571, 1583, 1574, 1582, 1578, 69, 1584, 1585, 1573, - 1586, 69, 1587, 1588, 1576, 1591, 69, 2164, 1575, 1577, - 69, 1589, 69, 1594, 69, 1595, 1580, 1579, 69, 1583, - 1590, 1582, 1596, 69, 1584, 1585, 69, 1586, 1598, 69, - - 69, 69, 1591, 1592, 69, 1597, 1593, 1599, 1589, 1600, - 69, 1601, 69, 69, 1602, 1603, 69, 1590, 1604, 69, - 1605, 69, 1607, 69, 1610, 69, 1608, 69, 1611, 1606, - 1592, 1609, 1597, 1593, 1599, 69, 69, 69, 69, 1613, - 69, 1602, 1603, 1612, 1617, 1604, 1621, 69, 69, 69, - 1615, 1610, 69, 1608, 69, 1611, 1606, 1614, 1609, 1616, - 1619, 1618, 69, 1620, 69, 69, 69, 69, 69, 69, - 1612, 69, 1622, 1621, 1623, 69, 1624, 1615, 1625, 1629, - 1626, 1631, 69, 1628, 1614, 69, 1616, 1619, 1618, 1630, - 1620, 1627, 69, 1632, 2164, 1642, 69, 69, 1634, 69, - - 69, 1623, 1633, 69, 69, 1625, 1629, 1626, 1631, 69, - 1628, 1635, 69, 1636, 69, 69, 1630, 69, 1627, 1637, - 1632, 1638, 1643, 1641, 1639, 1634, 1640, 69, 1646, 1633, - 1644, 1647, 1655, 69, 1645, 69, 69, 69, 1635, 1648, - 1636, 69, 69, 69, 69, 69, 1637, 1649, 1638, 1643, - 1641, 1639, 69, 1640, 69, 1646, 1652, 1644, 1653, 1655, - 1650, 1645, 1651, 69, 1654, 69, 1648, 69, 69, 1656, - 1657, 1658, 1661, 1659, 1649, 1660, 69, 1662, 1664, 69, - 69, 1663, 1665, 1652, 69, 1653, 1667, 1650, 1666, 1651, - 69, 1654, 1668, 69, 69, 1671, 1656, 1657, 1658, 69, - - 1659, 69, 1660, 69, 69, 1669, 1670, 69, 1663, 69, - 69, 1672, 69, 1667, 69, 1666, 1673, 1674, 69, 1668, - 1675, 69, 1671, 1676, 1677, 1679, 1678, 1681, 1680, 1682, - 69, 69, 1669, 1670, 69, 69, 1683, 1684, 1672, 69, - 69, 1687, 69, 1673, 69, 1685, 69, 1675, 69, 69, - 1676, 1677, 1679, 1678, 1681, 1680, 69, 69, 1686, 1688, - 2164, 69, 1689, 1683, 1684, 1691, 1690, 2164, 1693, 69, - 1692, 1695, 1685, 69, 1694, 1696, 2164, 1697, 69, 69, - 69, 1698, 1699, 1700, 69, 1686, 1688, 69, 1701, 1689, - 1702, 69, 1691, 1690, 69, 1693, 1703, 1692, 69, 69, - - 69, 1694, 1696, 69, 1697, 1705, 1704, 69, 1698, 69, - 69, 69, 1708, 1706, 1707, 1710, 69, 1702, 1709, 1711, - 69, 69, 1712, 1703, 1713, 2164, 1714, 69, 69, 69, - 1715, 1717, 1705, 1704, 69, 1718, 69, 1716, 1720, 69, - 1706, 1707, 1719, 1721, 1722, 1709, 1711, 69, 69, 1712, - 1723, 69, 69, 1714, 1725, 69, 69, 69, 1717, 69, - 69, 1724, 1718, 69, 1716, 1720, 1726, 1727, 1728, 1719, - 69, 69, 1729, 1731, 1730, 1732, 69, 69, 2164, 1733, - 69, 1725, 69, 69, 1734, 69, 1739, 69, 1724, 1736, - 1747, 1735, 69, 1726, 1727, 1728, 69, 69, 69, 1729, - - 1731, 1730, 69, 69, 1737, 1740, 1733, 69, 1738, 1742, - 1741, 1734, 69, 1739, 69, 1744, 1736, 69, 1735, 69, - 1743, 69, 1745, 69, 69, 1748, 1746, 2164, 1749, 1750, - 1751, 1737, 1740, 1752, 1753, 1738, 1742, 1741, 69, 69, - 69, 1756, 1744, 69, 69, 1754, 69, 1743, 69, 1745, - 69, 1755, 69, 1746, 69, 1749, 1750, 1751, 69, 69, - 1752, 1753, 1757, 1760, 1758, 2164, 1759, 1761, 1756, 69, - 1762, 1764, 1754, 69, 1768, 1763, 1769, 1765, 1755, 69, - 1770, 1771, 69, 69, 1775, 69, 69, 1766, 1767, 1757, - 69, 1758, 69, 1759, 1761, 69, 69, 1762, 1764, 69, - - 1772, 1768, 1763, 69, 1765, 1773, 69, 69, 1774, 69, - 1780, 1775, 1776, 69, 1766, 1767, 69, 69, 1777, 69, - 1778, 1779, 1781, 1782, 1785, 69, 1783, 1772, 69, 69, - 1784, 69, 1773, 69, 1787, 1774, 1788, 1780, 1792, 1776, - 1786, 1789, 69, 69, 1790, 1777, 69, 1778, 1779, 1781, - 1782, 69, 69, 1783, 69, 1791, 69, 1784, 1793, 1794, - 1795, 1787, 1796, 69, 69, 69, 1797, 1786, 1789, 1798, - 69, 1790, 69, 1799, 2164, 1800, 1801, 1803, 69, 2164, - 1802, 69, 1791, 1804, 1805, 1793, 69, 69, 1812, 1796, - 1806, 69, 1809, 69, 69, 69, 1798, 1807, 69, 1810, - - 69, 69, 1800, 1801, 1803, 69, 69, 1802, 1808, 1813, - 1804, 1805, 1814, 1811, 69, 69, 69, 1806, 1816, 1809, - 69, 69, 1815, 2164, 1807, 69, 1810, 1818, 1820, 1817, - 1819, 1821, 69, 1822, 1826, 1808, 69, 1825, 1823, 1814, - 1811, 2164, 69, 1824, 69, 1827, 1852, 69, 1831, 1815, - 69, 69, 1828, 69, 1818, 69, 1817, 1819, 69, 69, - 1822, 1830, 1829, 1832, 1825, 1835, 69, 69, 69, 1833, - 69, 1834, 1827, 69, 69, 1831, 1838, 1836, 69, 1828, - 69, 1839, 1841, 1837, 69, 69, 69, 69, 1830, 1829, - 1832, 1840, 1835, 1842, 69, 69, 1833, 69, 1834, 69, - - 69, 69, 1845, 1838, 1836, 1843, 1844, 1846, 1839, 1841, - 1837, 1848, 69, 1847, 69, 69, 1849, 69, 1840, 1850, - 1842, 1851, 1853, 69, 1856, 1855, 1854, 69, 1859, 69, - 1861, 69, 1843, 1844, 1846, 1858, 1857, 1862, 1848, 2164, - 1847, 69, 69, 69, 69, 69, 1850, 69, 1851, 69, - 69, 1856, 1855, 1854, 1860, 1859, 69, 1861, 69, 1865, - 1863, 1864, 1858, 1857, 69, 1866, 69, 69, 69, 1867, - 1868, 1869, 1870, 1871, 1873, 1874, 1872, 1880, 1875, 1876, - 2164, 1860, 69, 1879, 1877, 69, 1865, 1863, 1864, 69, - 1878, 2164, 69, 69, 69, 1882, 1867, 69, 69, 69, - - 1871, 69, 69, 1872, 69, 1875, 69, 1883, 1884, 69, - 1879, 69, 1881, 1885, 69, 69, 1888, 1878, 69, 1889, - 1886, 1887, 1882, 1891, 1890, 1892, 1894, 2164, 69, 69, - 69, 69, 69, 1893, 1883, 1884, 69, 1896, 69, 1881, - 1885, 69, 1897, 1888, 1898, 69, 1889, 1886, 1887, 1895, - 1891, 1890, 69, 1894, 1899, 1900, 1903, 69, 1906, 1901, - 1893, 1902, 69, 69, 1896, 69, 69, 1907, 69, 1897, - 69, 1898, 1904, 1905, 69, 1908, 1895, 69, 1909, 69, - 69, 1899, 1900, 1903, 69, 69, 1901, 1910, 1902, 1911, - 1913, 69, 1912, 1915, 1907, 1914, 1916, 2164, 1917, 1904, - - 1905, 69, 1908, 1918, 2164, 69, 1921, 69, 69, 69, - 1919, 69, 2164, 1920, 1910, 2164, 1911, 69, 69, 1912, - 1915, 1922, 1914, 1916, 69, 1924, 1923, 69, 1925, 1927, - 69, 69, 1926, 69, 1931, 1928, 1932, 1919, 1934, 69, - 1920, 69, 1929, 1936, 1933, 1930, 69, 69, 1922, 1938, - 69, 69, 1924, 1923, 69, 1925, 1927, 69, 69, 1926, - 1935, 69, 1928, 1932, 1937, 1934, 1940, 1939, 69, 1929, - 1941, 1933, 1930, 69, 1942, 69, 69, 1944, 1943, 69, - 69, 1945, 69, 1946, 1947, 1948, 69, 1935, 69, 69, - 1949, 1937, 1951, 1940, 1939, 69, 1950, 1941, 1954, 69, - - 1956, 1952, 1953, 69, 69, 1943, 69, 1958, 1945, 69, - 1946, 69, 1948, 69, 69, 1955, 69, 1949, 1957, 1951, - 69, 69, 1959, 1950, 1960, 1954, 69, 69, 1952, 1953, - 1961, 1962, 1963, 1964, 69, 1965, 1966, 2164, 1967, 69, - 69, 69, 1955, 1968, 69, 1957, 1970, 1969, 1971, 69, - 1975, 69, 69, 69, 1980, 1976, 69, 1961, 1962, 69, - 1964, 1972, 1965, 1966, 69, 1967, 1973, 2164, 1977, 69, - 1968, 1974, 1978, 69, 1969, 69, 1979, 69, 69, 69, - 1981, 69, 1976, 69, 1982, 2164, 69, 69, 1972, 1985, - 1984, 1983, 1986, 1973, 69, 1977, 1989, 69, 1974, 1978, - - 69, 1990, 1991, 1979, 1987, 1988, 1992, 69, 69, 1994, - 69, 1982, 69, 1993, 69, 1995, 1985, 1984, 1983, 1996, - 1997, 1998, 69, 69, 69, 2000, 2003, 1999, 69, 1991, - 2002, 1987, 1988, 69, 2001, 69, 1994, 69, 2004, 69, - 1993, 2006, 1995, 2005, 2007, 2008, 69, 69, 69, 69, - 69, 69, 69, 69, 1999, 2009, 69, 2002, 2010, 69, - 2015, 2001, 2011, 2164, 2014, 2004, 2012, 69, 2006, 2013, - 2005, 69, 2008, 69, 69, 69, 69, 2016, 2017, 2020, - 2024, 2018, 2009, 2019, 69, 69, 69, 2015, 69, 2011, - 69, 2014, 69, 2012, 2026, 2023, 2013, 69, 69, 2021, - - 2022, 69, 69, 2027, 2016, 2017, 2020, 2024, 2018, 69, - 2019, 2025, 2028, 2029, 2030, 2031, 2164, 2033, 69, 2032, - 2034, 69, 2023, 2035, 2036, 2037, 2021, 2022, 2040, 69, - 69, 2039, 2038, 2041, 2042, 69, 69, 69, 2025, 2028, - 69, 69, 69, 69, 69, 2043, 2032, 2034, 2044, 69, - 2035, 69, 2037, 2045, 69, 2040, 2047, 69, 2039, 2038, - 69, 69, 2046, 2048, 69, 2049, 2050, 2052, 69, 69, - 69, 2051, 2043, 2053, 2054, 2044, 2055, 2056, 2057, 69, - 69, 2058, 2059, 2047, 2060, 2062, 2065, 69, 69, 2046, - 2048, 2164, 2049, 2050, 69, 2061, 69, 69, 2051, 2064, - - 69, 69, 2067, 69, 69, 2057, 2063, 69, 69, 2059, - 69, 2060, 69, 2068, 2066, 69, 2069, 2070, 69, 2072, - 2076, 69, 2061, 69, 69, 69, 2064, 69, 69, 2067, - 2071, 2073, 2074, 2063, 2077, 2075, 69, 2164, 69, 69, - 2068, 2066, 69, 2069, 2070, 69, 2072, 2076, 69, 2081, - 2084, 69, 2078, 2082, 69, 2079, 2080, 2071, 2073, 2074, - 69, 2077, 2075, 2083, 69, 69, 2085, 69, 2086, 2088, - 69, 2087, 2089, 2164, 2092, 2093, 2081, 69, 2090, 2078, - 2082, 2095, 2079, 2080, 69, 2091, 69, 69, 2099, 2094, - 2083, 2096, 2100, 2085, 69, 69, 69, 69, 2087, 2089, - - 69, 2092, 69, 69, 2097, 2090, 2098, 69, 69, 2101, - 2164, 2102, 2091, 69, 69, 2103, 2094, 2104, 2096, 2106, - 69, 2107, 69, 69, 69, 69, 2105, 69, 2110, 2108, - 69, 2097, 2109, 2098, 2164, 69, 2101, 2112, 2102, 2111, - 69, 2113, 2103, 69, 2104, 69, 2106, 2114, 2107, 69, - 69, 2119, 2164, 2105, 2115, 2110, 2108, 2116, 2117, 2109, - 2120, 69, 2118, 2124, 2112, 2164, 2111, 2122, 69, 2123, - 69, 2121, 2164, 69, 2114, 69, 69, 69, 2125, 69, - 69, 2115, 2127, 69, 2116, 2117, 69, 69, 2126, 2118, - 2131, 69, 2128, 2129, 2122, 69, 2123, 2130, 2121, 2132, - - 69, 69, 69, 2134, 69, 2125, 2133, 2164, 2135, 2127, - 2136, 69, 2139, 2164, 69, 2126, 69, 2131, 2137, 2128, - 2129, 69, 2140, 2138, 2130, 2164, 2132, 2141, 2142, 69, - 2134, 69, 69, 2133, 69, 2135, 69, 2136, 69, 69, - 2143, 2145, 69, 2144, 2146, 2137, 2149, 69, 2147, 2140, - 2138, 69, 2148, 2150, 2141, 2142, 69, 2151, 2164, 2152, - 69, 69, 69, 69, 2153, 69, 69, 2143, 2145, 2154, - 2144, 2146, 69, 2149, 2155, 2147, 2156, 2157, 2158, 2148, - 2150, 2162, 2164, 2163, 2151, 69, 2152, 2159, 2164, 69, - 2160, 69, 2164, 2164, 2161, 2164, 2154, 69, 69, 2164, - - 69, 69, 69, 69, 2157, 2158, 2164, 2164, 69, 69, - 69, 2164, 2164, 2164, 2159, 2164, 2164, 2160, 2164, 2164, - 2164, 2161, 41, 41, 41, 41, 41, 41, 41, 46, - 46, 46, 46, 46, 46, 46, 51, 51, 51, 51, - 51, 51, 51, 57, 57, 57, 57, 57, 57, 57, - 62, 62, 62, 62, 62, 62, 62, 72, 72, 2164, - 72, 72, 72, 72, 131, 131, 2164, 2164, 2164, 131, - 131, 133, 133, 2164, 2164, 133, 2164, 133, 135, 2164, - 2164, 2164, 2164, 2164, 135, 138, 138, 2164, 2164, 2164, - 138, 138, 140, 2164, 2164, 2164, 2164, 2164, 140, 142, - - 142, 2164, 142, 142, 142, 142, 73, 73, 2164, 73, - 73, 73, 73, 13, 2164, 2164, 2164, 2164, 2164, 2164, - 2164, 2164, 2164, 2164, 2164, 2164, 2164, 2164, 2164, 2164, - 2164, 2164, 2164, 2164, 2164, 2164, 2164, 2164, 2164, 2164, - 2164, 2164, 2164, 2164, 2164, 2164, 2164, 2164, 2164, 2164, - 2164, 2164, 2164, 2164, 2164, 2164, 2164, 2164, 2164, 2164, - 2164, 2164, 2164, 2164, 2164, 2164, 2164, 2164, 2164, 2164, - 2164, 2164, 2164, 2164, 2164, 2164, 2164, 2164, 2164, 2164 - } ; - -static yyconst flex_int16_t yy_chk[6281] = - { 0, - 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - 1, 1, 1, 1, 1, 1, 3, 3, 3, 4, - 4, 4, 5, 5, 6, 6, 5, 27, 6, 7, - 7, 7, 7, 671, 7, 8, 8, 8, 8, 27, - 8, 9, 9, 9, 10, 10, 10, 15, 45, 45, - - 2170, 15, 23, 3, 27, 50, 4, 769, 50, 5, - 19, 6, 19, 19, 671, 19, 140, 7, 29, 61, - 61, 19, 23, 8, 138, 23, 20, 20, 9, 23, - 29, 10, 11, 11, 11, 11, 11, 11, 12, 12, - 12, 12, 12, 12, 20, 29, 24, 137, 19, 23, - 20, 25, 11, 20, 20, 21, 75, 32, 12, 25, - 24, 70, 21, 32, 853, 70, 21, 96, 28, 21, - 11, 20, 24, 24, 132, 132, 12, 25, 25, 11, - 75, 21, 21, 75, 32, 12, 25, 24, 26, 21, - 28, 26, 853, 21, 30, 28, 21, 22, 26, 96, - - 26, 22, 30, 135, 22, 116, 22, 22, 30, 133, - 31, 26, 30, 34, 31, 26, 77, 116, 26, 22, - 30, 30, 76, 77, 22, 26, 34, 26, 22, 30, - 31, 22, 116, 22, 22, 30, 31, 31, 35, 30, - 34, 31, 35, 77, 134, 76, 37, 134, 37, 76, - 100, 131, 35, 100, 38, 35, 84, 31, 33, 38, - 68, 84, 33, 37, 35, 35, 39, 38, 33, 35, - 39, 33, 37, 37, 39, 37, 80, 100, 33, 35, - 33, 38, 35, 84, 62, 33, 38, 139, 139, 33, - 37, 66, 39, 39, 80, 33, 125, 39, 33, 85, - - 762, 39, 125, 80, 66, 33, 36, 85, 40, 36, - 40, 40, 56, 40, 56, 56, 36, 56, 66, 40, - 36, 36, 64, 125, 64, 64, 85, 64, 36, 67, - 762, 67, 67, 36, 67, 69, 36, 69, 69, 72, - 69, 72, 72, 36, 72, 78, 69, 36, 36, 81, - 72, 87, 79, 82, 83, 83, 57, 86, 78, 82, - 64, 79, 81, 83, 87, 52, 88, 89, 92, 78, - 51, 266, 78, 88, 82, 86, 81, 72, 87, 79, - 82, 83, 83, 89, 93, 78, 82, 90, 91, 86, - 94, 92, 97, 88, 89, 92, 90, 91, 266, 101, - - 97, 46, 86, 94, 95, 98, 93, 95, 104, 99, - 103, 93, 101, 99, 90, 91, 102, 94, 105, 97, - 95, 95, 104, 109, 41, 98, 101, 98, 95, 14, - 103, 95, 98, 99, 95, 104, 99, 103, 105, 102, - 99, 106, 107, 102, 108, 105, 109, 95, 95, 107, - 109, 110, 98, 108, 111, 106, 112, 114, 111, 115, - 110, 113, 117, 112, 114, 115, 119, 120, 106, 107, - 117, 108, 13, 115, 0, 122, 111, 0, 110, 0, - 119, 111, 121, 112, 114, 111, 115, 113, 113, 117, - 118, 123, 115, 119, 118, 122, 124, 121, 0, 120, - - 123, 122, 122, 118, 126, 127, 129, 124, 130, 121, - 0, 128, 0, 0, 0, 129, 0, 118, 123, 0, - 0, 118, 122, 124, 144, 126, 128, 127, 145, 126, - 130, 126, 127, 129, 136, 130, 136, 136, 128, 136, - 141, 146, 141, 141, 142, 141, 142, 142, 144, 142, - 145, 144, 126, 147, 149, 145, 148, 150, 0, 152, - 153, 154, 149, 151, 157, 147, 152, 154, 0, 150, - 155, 0, 156, 146, 160, 148, 0, 176, 153, 0, - 147, 149, 142, 148, 150, 151, 152, 153, 230, 162, - 151, 158, 155, 154, 154, 158, 157, 155, 156, 156, - - 160, 160, 161, 163, 164, 165, 168, 167, 164, 176, - 161, 162, 158, 0, 166, 170, 162, 230, 168, 158, - 167, 0, 158, 0, 170, 163, 171, 172, 165, 161, - 163, 164, 165, 168, 167, 177, 166, 179, 0, 158, - 159, 166, 170, 169, 174, 159, 169, 180, 171, 172, - 159, 174, 0, 171, 172, 175, 159, 159, 169, 173, - 182, 177, 177, 159, 173, 180, 175, 159, 178, 179, - 169, 174, 159, 169, 180, 181, 173, 159, 173, 178, - 184, 181, 175, 159, 159, 173, 173, 183, 185, 0, - 186, 173, 182, 0, 187, 188, 191, 189, 190, 192, - - 178, 191, 181, 173, 189, 173, 178, 194, 187, 183, - 186, 201, 184, 193, 183, 203, 188, 186, 192, 190, - 185, 187, 188, 191, 189, 190, 192, 193, 196, 194, - 195, 197, 198, 199, 194, 207, 200, 205, 197, 196, - 193, 200, 195, 201, 202, 202, 206, 203, 210, 212, - 0, 0, 218, 202, 198, 196, 199, 195, 197, 198, - 199, 204, 205, 200, 205, 209, 206, 207, 204, 208, - 211, 202, 202, 206, 210, 210, 220, 208, 213, 214, - 209, 212, 215, 214, 218, 217, 216, 221, 204, 219, - 0, 223, 209, 211, 216, 213, 208, 215, 225, 221, - - 223, 0, 211, 213, 217, 213, 214, 227, 220, 215, - 222, 219, 217, 216, 221, 224, 219, 225, 223, 226, - 211, 226, 213, 222, 228, 225, 229, 231, 224, 232, - 234, 227, 233, 235, 227, 0, 231, 222, 236, 239, - 237, 234, 224, 238, 241, 235, 226, 242, 244, 228, - 0, 228, 229, 229, 231, 232, 232, 234, 233, 233, - 235, 238, 236, 237, 240, 236, 243, 237, 245, 246, - 238, 239, 248, 242, 242, 245, 241, 240, 246, 247, - 244, 249, 252, 251, 0, 247, 248, 250, 243, 253, - 257, 240, 251, 243, 254, 245, 246, 0, 253, 248, - - 256, 258, 259, 255, 0, 252, 247, 249, 249, 252, - 251, 250, 255, 272, 250, 256, 253, 259, 261, 262, - 254, 254, 257, 260, 263, 258, 0, 256, 258, 259, - 255, 260, 260, 264, 260, 0, 261, 262, 263, 267, - 272, 260, 0, 262, 268, 261, 262, 268, 264, 278, - 260, 263, 265, 265, 268, 269, 278, 270, 260, 260, - 264, 260, 274, 267, 262, 271, 267, 269, 273, 275, - 277, 268, 276, 280, 268, 270, 278, 265, 282, 265, - 265, 275, 269, 271, 270, 277, 279, 283, 274, 274, - 273, 412, 271, 281, 276, 273, 275, 277, 279, 276, - - 281, 284, 285, 286, 285, 280, 289, 284, 0, 283, - 282, 0, 292, 279, 283, 290, 286, 288, 412, 292, - 281, 0, 287, 284, 293, 287, 285, 287, 284, 285, - 286, 285, 291, 287, 284, 288, 293, 290, 289, 292, - 291, 295, 290, 294, 288, 296, 291, 305, 298, 287, - 300, 293, 287, 299, 287, 300, 294, 295, 296, 291, - 298, 303, 0, 301, 343, 295, 302, 291, 295, 301, - 294, 299, 296, 303, 302, 298, 304, 306, 343, 305, - 299, 306, 300, 304, 295, 297, 297, 307, 303, 308, - 301, 343, 0, 302, 307, 297, 308, 297, 297, 297, - - 0, 310, 297, 304, 306, 309, 311, 312, 313, 316, - 297, 0, 297, 297, 307, 313, 308, 309, 311, 314, - 318, 319, 297, 310, 297, 297, 297, 315, 310, 297, - 321, 318, 309, 311, 314, 313, 317, 321, 317, 312, - 315, 316, 322, 319, 320, 320, 314, 318, 319, 323, - 325, 324, 0, 322, 315, 0, 326, 321, 328, 327, - 323, 0, 332, 317, 324, 0, 0, 328, 329, 322, - 331, 335, 334, 320, 327, 325, 323, 325, 324, 326, - 330, 329, 327, 326, 332, 328, 327, 333, 331, 332, - 334, 330, 337, 330, 336, 329, 341, 331, 330, 334, - - 336, 327, 338, 335, 339, 340, 342, 330, 344, 345, - 333, 0, 340, 337, 333, 346, 368, 348, 330, 337, - 330, 336, 341, 341, 347, 338, 339, 349, 342, 338, - 347, 339, 340, 342, 344, 344, 352, 350, 346, 348, - 351, 345, 346, 353, 348, 349, 354, 355, 368, 356, - 0, 347, 350, 355, 349, 351, 358, 0, 360, 352, - 359, 361, 0, 352, 350, 362, 359, 351, 354, 353, - 353, 363, 362, 354, 355, 356, 356, 360, 392, 361, - 372, 367, 358, 358, 369, 360, 363, 359, 361, 366, - 370, 365, 362, 365, 367, 373, 366, 371, 363, 372, - - 365, 374, 369, 375, 392, 392, 376, 372, 367, 377, - 371, 369, 370, 409, 380, 379, 366, 370, 365, 376, - 365, 379, 409, 382, 371, 374, 375, 373, 374, 378, - 0, 377, 381, 376, 378, 375, 377, 380, 383, 384, - 409, 380, 379, 387, 381, 382, 388, 384, 386, 383, - 382, 387, 389, 375, 390, 386, 378, 388, 0, 381, - 394, 391, 389, 0, 395, 383, 384, 385, 391, 393, - 387, 393, 385, 388, 385, 386, 395, 0, 390, 0, - 396, 390, 385, 407, 389, 385, 394, 394, 391, 389, - 397, 395, 385, 385, 385, 396, 393, 398, 399, 385, - - 400, 385, 397, 399, 403, 398, 402, 396, 401, 385, - 411, 404, 385, 406, 402, 407, 403, 397, 413, 385, - 410, 415, 400, 0, 398, 399, 401, 400, 408, 411, - 414, 403, 404, 402, 410, 401, 406, 411, 404, 416, - 406, 417, 419, 408, 418, 414, 420, 410, 421, 422, - 413, 421, 425, 415, 416, 408, 418, 414, 423, 421, - 422, 426, 428, 423, 419, 417, 416, 424, 417, 419, - 420, 418, 427, 420, 429, 421, 422, 430, 421, 425, - 431, 424, 0, 432, 433, 435, 431, 434, 426, 428, - 423, 436, 433, 437, 424, 441, 0, 439, 0, 442, - - 0, 429, 443, 0, 427, 432, 434, 431, 435, 430, - 432, 433, 435, 438, 434, 443, 437, 446, 440, 439, - 437, 442, 438, 436, 439, 440, 442, 441, 444, 443, - 445, 448, 447, 444, 449, 450, 451, 444, 0, 445, - 438, 447, 453, 446, 446, 440, 0, 452, 450, 454, - 0, 455, 444, 448, 463, 444, 449, 445, 448, 447, - 444, 449, 450, 456, 444, 452, 453, 0, 451, 453, - 457, 454, 454, 455, 452, 458, 454, 459, 455, 462, - 461, 457, 460, 0, 464, 456, 463, 468, 465, 458, - 456, 461, 466, 470, 462, 467, 468, 457, 454, 459, - - 460, 471, 458, 473, 459, 464, 462, 461, 469, 460, - 472, 464, 465, 0, 468, 465, 466, 467, 474, 466, - 476, 469, 467, 471, 475, 470, 478, 473, 471, 475, - 473, 0, 477, 479, 476, 469, 480, 481, 482, 0, - 474, 479, 472, 484, 483, 474, 477, 476, 484, 0, - 485, 0, 481, 482, 480, 486, 475, 486, 478, 477, - 479, 481, 487, 480, 481, 482, 483, 489, 495, 0, - 488, 483, 490, 494, 491, 484, 485, 485, 488, 481, - 492, 490, 486, 491, 493, 0, 495, 487, 492, 487, - 496, 493, 489, 499, 489, 495, 494, 488, 498, 490, - - 494, 491, 496, 497, 500, 499, 498, 492, 501, 0, - 502, 493, 497, 503, 0, 504, 501, 496, 502, 506, - 499, 507, 0, 508, 510, 498, 0, 505, 0, 0, - 497, 508, 507, 509, 511, 501, 500, 502, 504, 503, - 503, 506, 504, 505, 510, 512, 506, 509, 507, 513, - 508, 510, 514, 515, 505, 516, 511, 518, 523, 517, - 509, 511, 515, 519, 523, 512, 520, 521, 528, 522, - 518, 513, 512, 0, 514, 516, 513, 517, 0, 514, - 515, 519, 516, 525, 518, 523, 517, 524, 520, 527, - 519, 521, 522, 520, 521, 524, 522, 527, 529, 533, - - 528, 525, 531, 530, 0, 529, 532, 0, 534, 535, - 525, 540, 551, 524, 524, 532, 527, 531, 535, 536, - 547, 536, 524, 540, 543, 529, 530, 534, 549, 531, - 530, 533, 537, 532, 543, 534, 535, 0, 540, 537, - 0, 547, 548, 546, 551, 550, 536, 547, 0, 580, - 0, 543, 554, 553, 549, 549, 558, 555, 554, 537, - 538, 546, 557, 0, 538, 548, 555, 538, 559, 548, - 546, 550, 550, 560, 538, 553, 556, 538, 556, 554, - 553, 580, 538, 558, 555, 561, 557, 538, 559, 557, - 564, 538, 562, 563, 538, 559, 0, 561, 567, 560, - - 560, 538, 565, 556, 538, 552, 552, 0, 552, 566, - 0, 552, 561, 567, 564, 563, 552, 564, 562, 562, - 563, 569, 552, 552, 565, 567, 572, 571, 569, 565, - 573, 552, 552, 552, 566, 552, 566, 568, 552, 570, - 577, 581, 573, 552, 576, 568, 571, 570, 569, 552, - 552, 575, 572, 572, 571, 574, 578, 573, 579, 576, - 575, 593, 577, 582, 568, 583, 570, 577, 574, 584, - 585, 576, 586, 581, 588, 590, 587, 591, 575, 0, - 579, 586, 574, 578, 0, 579, 583, 582, 584, 585, - 582, 592, 583, 593, 588, 591, 584, 585, 587, 586, - - 589, 588, 590, 587, 591, 594, 596, 597, 589, 599, - 592, 598, 603, 594, 601, 600, 604, 602, 592, 604, - 608, 607, 0, 0, 596, 597, 0, 589, 600, 602, - 603, 599, 594, 596, 597, 598, 599, 605, 598, 603, - 601, 601, 600, 604, 602, 605, 607, 608, 607, 609, - 611, 610, 612, 613, 617, 609, 611, 615, 613, 612, - 614, 605, 616, 617, 605, 619, 618, 614, 623, 621, - 622, 620, 605, 610, 618, 615, 609, 611, 610, 612, - 613, 617, 621, 619, 615, 616, 620, 614, 626, 616, - 625, 622, 619, 618, 624, 623, 621, 622, 620, 627, - - 628, 624, 629, 625, 0, 632, 631, 630, 634, 633, - 629, 632, 637, 638, 635, 630, 636, 625, 0, 640, - 626, 624, 630, 628, 642, 636, 637, 628, 631, 629, - 639, 627, 632, 631, 630, 633, 633, 639, 635, 637, - 634, 635, 630, 636, 641, 638, 640, 643, 645, 644, - 647, 642, 646, 641, 648, 646, 645, 639, 649, 643, - 652, 648, 0, 647, 649, 659, 653, 0, 0, 651, - 659, 641, 644, 0, 643, 645, 644, 647, 653, 646, - 654, 648, 654, 652, 657, 649, 650, 652, 650, 655, - 656, 0, 650, 653, 650, 651, 651, 659, 0, 650, - - 661, 658, 656, 664, 650, 660, 657, 654, 662, 665, - 650, 657, 655, 650, 658, 650, 655, 656, 660, 650, - 662, 650, 665, 661, 663, 664, 650, 661, 658, 667, - 664, 650, 660, 666, 663, 662, 665, 668, 669, 666, - 670, 674, 667, 0, 0, 0, 663, 673, 683, 0, - 678, 663, 675, 0, 676, 0, 667, 677, 668, 686, - 666, 663, 673, 674, 668, 675, 679, 670, 674, 676, - 669, 672, 678, 680, 673, 683, 672, 678, 672, 675, - 681, 676, 682, 677, 677, 679, 680, 684, 681, 672, - 682, 686, 689, 679, 687, 690, 672, 672, 672, 0, - - 680, 0, 691, 672, 688, 672, 689, 681, 693, 682, - 684, 695, 688, 704, 684, 694, 672, 692, 687, 689, - 0, 687, 695, 672, 691, 692, 693, 690, 696, 691, - 698, 688, 697, 694, 699, 693, 700, 0, 695, 0, - 697, 699, 694, 701, 692, 704, 696, 702, 703, 700, - 701, 706, 698, 714, 707, 696, 709, 698, 708, 697, - 710, 699, 707, 700, 706, 702, 703, 708, 709, 711, - 701, 712, 713, 715, 702, 703, 725, 718, 706, 714, - 714, 707, 710, 709, 719, 708, 716, 710, 718, 719, - 713, 711, 720, 712, 0, 720, 711, 721, 712, 713, - - 716, 722, 723, 724, 718, 715, 728, 727, 725, 723, - 726, 735, 728, 716, 722, 724, 719, 726, 720, 720, - 729, 721, 720, 731, 721, 730, 732, 0, 722, 723, - 724, 727, 735, 728, 727, 736, 730, 726, 735, 733, - 737, 738, 729, 746, 0, 731, 736, 729, 732, 740, - 731, 739, 730, 732, 733, 741, 742, 744, 740, 745, - 0, 737, 736, 743, 744, 742, 733, 737, 738, 739, - 747, 743, 748, 745, 751, 746, 740, 752, 739, 741, - 750, 753, 741, 742, 744, 754, 745, 755, 756, 750, - 743, 757, 747, 752, 748, 758, 753, 747, 751, 748, - - 756, 751, 759, 760, 752, 761, 764, 750, 753, 766, - 759, 766, 763, 757, 770, 756, 760, 754, 757, 755, - 761, 763, 758, 765, 764, 771, 768, 770, 772, 759, - 760, 765, 761, 764, 768, 772, 766, 771, 773, 763, - 774, 770, 775, 0, 0, 0, 776, 778, 779, 0, - 765, 0, 771, 768, 777, 772, 780, 786, 782, 783, - 778, 779, 0, 0, 775, 781, 782, 793, 784, 775, - 773, 776, 774, 776, 778, 779, 777, 781, 780, 783, - 784, 777, 785, 780, 786, 782, 783, 787, 788, 789, - 785, 790, 781, 793, 793, 784, 798, 788, 790, 794, - - 787, 0, 795, 797, 801, 798, 791, 799, 0, 785, - 789, 796, 801, 800, 787, 788, 789, 791, 790, 802, - 791, 794, 795, 798, 796, 799, 794, 797, 791, 795, - 797, 801, 805, 791, 799, 800, 807, 803, 796, 806, - 800, 802, 809, 808, 791, 803, 802, 791, 810, 813, - 809, 811, 812, 0, 807, 808, 815, 813, 822, 805, - 810, 816, 806, 807, 803, 815, 806, 812, 814, 809, - 808, 811, 817, 818, 814, 810, 813, 0, 811, 812, - 818, 823, 816, 815, 817, 819, 820, 824, 816, 825, - 822, 835, 819, 826, 823, 814, 825, 829, 828, 817, - - 818, 832, 827, 828, 820, 829, 824, 831, 823, 830, - 0, 833, 819, 820, 824, 826, 825, 827, 836, 834, - 826, 831, 830, 835, 829, 833, 837, 832, 832, 827, - 828, 838, 839, 840, 831, 841, 830, 834, 833, 843, - 842, 844, 846, 845, 836, 836, 834, 842, 837, 838, - 847, 846, 848, 837, 839, 840, 845, 843, 838, 839, - 840, 841, 841, 844, 849, 850, 843, 842, 844, 846, - 845, 0, 856, 0, 854, 0, 859, 0, 860, 852, - 858, 0, 847, 860, 848, 857, 849, 0, 850, 858, - 854, 849, 850, 851, 859, 856, 861, 857, 851, 856, - - 851, 854, 851, 859, 851, 852, 852, 858, 862, 861, - 860, 851, 857, 863, 864, 865, 867, 866, 0, 871, - 851, 863, 869, 861, 869, 851, 862, 851, 865, 851, - 866, 851, 870, 864, 867, 862, 868, 873, 872, 876, - 863, 864, 865, 867, 866, 868, 871, 875, 877, 869, - 872, 878, 880, 879, 870, 881, 877, 883, 0, 870, - 879, 876, 882, 868, 873, 872, 876, 886, 882, 884, - 885, 875, 888, 887, 875, 877, 884, 881, 878, 880, - 879, 889, 881, 890, 883, 891, 886, 892, 894, 882, - 889, 895, 885, 897, 886, 887, 884, 885, 888, 888, - - 887, 892, 896, 898, 890, 891, 900, 899, 889, 901, - 890, 902, 891, 904, 892, 899, 905, 904, 902, 903, - 894, 898, 900, 895, 896, 897, 903, 908, 907, 896, - 898, 906, 909, 900, 899, 907, 901, 906, 902, 911, - 904, 910, 908, 914, 906, 909, 903, 915, 905, 912, - 910, 913, 914, 913, 908, 907, 912, 916, 906, 909, - 918, 0, 922, 917, 906, 911, 911, 917, 910, 915, - 914, 920, 921, 923, 915, 924, 912, 921, 913, 920, - 922, 926, 918, 925, 916, 929, 925, 918, 924, 922, - 917, 927, 923, 928, 0, 925, 930, 932, 920, 931, - - 923, 941, 924, 926, 921, 932, 928, 935, 926, 941, - 925, 933, 933, 925, 939, 931, 927, 929, 927, 930, - 928, 934, 936, 930, 932, 937, 931, 940, 941, 935, - 934, 936, 937, 943, 935, 942, 940, 939, 933, 944, - 0, 939, 947, 945, 0, 946, 943, 948, 934, 936, - 942, 944, 937, 946, 940, 945, 949, 951, 954, 950, - 943, 952, 942, 957, 947, 953, 944, 948, 950, 947, - 945, 956, 946, 958, 948, 951, 955, 953, 949, 954, - 959, 962, 955, 949, 951, 954, 950, 952, 952, 960, - 963, 964, 953, 956, 968, 957, 0, 966, 956, 967, - - 0, 965, 968, 955, 971, 958, 959, 959, 962, 964, - 965, 971, 967, 963, 975, 960, 960, 963, 964, 966, - 969, 968, 970, 978, 966, 969, 967, 970, 965, 972, - 973, 971, 974, 976, 976, 977, 979, 972, 973, 980, - 974, 0, 0, 977, 978, 981, 975, 980, 987, 988, - 978, 984, 969, 981, 970, 982, 972, 973, 986, 974, - 976, 983, 977, 982, 984, 985, 980, 0, 979, 983, - 986, 985, 981, 988, 987, 987, 988, 990, 984, 989, - 991, 993, 982, 994, 995, 986, 992, 1000, 983, 1006, - 998, 0, 985, 1001, 989, 993, 0, 998, 995, 996, - - 0, 994, 991, 996, 990, 1002, 989, 991, 993, 992, - 994, 995, 999, 992, 1000, 1001, 996, 998, 1003, 1007, - 1001, 1006, 1004, 999, 996, 1003, 996, 1005, 1002, 1009, - 996, 1004, 1002, 1011, 1005, 1012, 1013, 1015, 1009, 999, - 1017, 0, 1018, 996, 0, 1003, 1007, 1020, 1025, 1004, - 1021, 1022, 1024, 1018, 1005, 1011, 1009, 1023, 0, 1023, - 1011, 1012, 1012, 1022, 1015, 1024, 1027, 1017, 1013, 1018, - 1025, 1020, 1028, 1026, 1020, 1025, 1021, 1021, 1022, 1024, - 1029, 0, 1030, 1031, 1023, 1026, 1032, 1029, 1031, 1033, - 1034, 1037, 1035, 1027, 1038, 1028, 1040, 0, 1034, 1028, - - 1026, 0, 1032, 1038, 1041, 1049, 0, 1029, 1030, 1030, - 1031, 1039, 1033, 1032, 1035, 1044, 1033, 1034, 1037, 1035, - 1042, 1038, 1040, 1040, 1039, 1043, 1041, 1042, 1045, 1046, - 0, 1041, 1043, 1044, 1047, 1048, 1046, 1049, 1039, 1050, - 1051, 1053, 1044, 1054, 0, 0, 1050, 1042, 1056, 1061, - 1045, 1059, 1043, 1060, 1053, 1045, 1046, 1048, 1061, 1047, - 1063, 1047, 1048, 1055, 1058, 1067, 1050, 1058, 1053, 1056, - 1054, 1055, 1051, 1062, 1064, 1056, 1061, 1059, 1059, 1060, - 1060, 1065, 1068, 1066, 1063, 1062, 1066, 1063, 1065, 1064, - 1055, 1058, 1070, 1069, 1071, 1073, 1071, 1067, 1066, 1072, - - 1062, 1064, 1074, 1075, 1068, 1078, 1080, 1066, 1065, 1068, - 1066, 1069, 1075, 1066, 1070, 1077, 1076, 1079, 1082, 1070, - 1069, 1071, 1077, 1072, 1076, 1066, 1072, 1073, 1074, 1074, - 1075, 1081, 1083, 1084, 0, 1081, 1088, 1078, 1080, 1079, - 1082, 1085, 1077, 1076, 1079, 1082, 1086, 1087, 1089, 1088, - 1085, 1090, 1092, 1086, 1087, 1084, 1091, 0, 1081, 1083, - 1084, 1089, 1093, 1088, 1094, 1098, 1090, 1095, 1085, 1093, - 1091, 1094, 1099, 1086, 1087, 1089, 1096, 1102, 1090, 1099, - 1095, 1101, 1096, 1091, 1092, 1100, 1108, 1103, 1108, 1093, - 1103, 1094, 1098, 1101, 1095, 1104, 0, 1102, 1109, 1099, - - 1110, 1112, 1111, 1096, 1102, 1103, 1104, 1100, 1101, 1112, - 1113, 1106, 1100, 1108, 1103, 1115, 1106, 1103, 1117, 1114, - 1120, 1117, 1104, 1106, 1119, 1109, 1111, 1110, 1112, 1111, - 1114, 1116, 1113, 1115, 1118, 1122, 1117, 1113, 1106, 1116, - 1124, 1123, 1115, 1106, 1121, 1117, 1114, 1120, 1117, 1122, - 1123, 1121, 1118, 1124, 1125, 1126, 1119, 1128, 1116, 1128, - 1129, 1118, 1122, 1130, 1131, 1125, 1133, 1124, 1123, 1129, - 1126, 1121, 1134, 1137, 1132, 1131, 1135, 1139, 1137, 1135, - 1141, 1125, 1126, 1143, 1128, 1147, 1134, 1129, 1133, 1130, - 1130, 1131, 1132, 1133, 1135, 1136, 1142, 0, 1134, 1134, - - 1144, 1132, 1140, 1135, 1136, 1137, 1135, 1146, 1152, 1139, - 1148, 1140, 1141, 1134, 1146, 1143, 1152, 1147, 1142, 1149, - 1153, 1144, 1136, 1142, 1148, 1149, 1154, 1144, 1156, 1140, - 1157, 1158, 1155, 1161, 1146, 1152, 1156, 1148, 1163, 1153, - 1154, 1155, 1158, 1149, 1162, 1159, 1149, 1153, 1164, 1167, - 1171, 1162, 1149, 1154, 1159, 1156, 1165, 1166, 1158, 1155, - 1161, 1163, 1157, 1182, 1168, 1163, 1178, 1167, 1168, 1170, - 1164, 1162, 1159, 1172, 1173, 1164, 1167, 1171, 1165, 1166, - 1174, 1170, 1175, 1165, 1166, 1176, 1172, 1179, 1184, 1181, - 1182, 1168, 1177, 1176, 1173, 1174, 1170, 1175, 1178, 1177, - - 1172, 1173, 1179, 1183, 1180, 1187, 1186, 1174, 1188, 1175, - 1181, 1189, 1176, 1180, 1179, 1184, 1181, 1190, 1191, 1177, - 0, 1195, 1196, 1187, 1192, 1191, 1189, 1183, 1186, 1192, - 1183, 1180, 1187, 1186, 1193, 1188, 1194, 1196, 1189, 1195, - 1197, 0, 1190, 1193, 1190, 1191, 1198, 1199, 1195, 1196, - 1200, 1192, 1197, 1202, 1201, 1206, 1203, 1200, 1194, 1207, - 1199, 1193, 1206, 1194, 1204, 1199, 1201, 1197, 1198, 1208, - 1204, 1205, 1209, 1198, 1199, 1211, 1208, 1200, 1210, 1205, - 1202, 1201, 1206, 1212, 1210, 1213, 1207, 1199, 1203, 1214, - 1216, 1204, 1217, 1218, 1220, 0, 1208, 1221, 1205, 1209, - - 1222, 1217, 1211, 1223, 0, 1210, 1212, 1219, 0, 1219, - 1212, 1227, 0, 1214, 0, 1230, 1214, 1213, 1220, 1217, - 1230, 1220, 1216, 1233, 1221, 1218, 1222, 1222, 1231, 1224, - 1224, 1224, 1225, 1226, 1219, 1223, 1224, 1239, 1228, 1225, - 1226, 1231, 1232, 1227, 1224, 1228, 1235, 1230, 1232, 1238, - 1233, 1234, 1234, 1242, 1236, 1231, 1224, 1224, 1224, 1225, - 1226, 1236, 1237, 1224, 1239, 1228, 1244, 1237, 1243, 1232, - 1245, 1242, 1235, 1235, 1243, 1238, 1238, 1249, 1234, 1246, - 1242, 1236, 1245, 1247, 1248, 1248, 1250, 1250, 1254, 1237, - 1253, 1251, 1257, 1244, 1256, 1243, 1258, 1245, 1255, 1246, - - 1259, 1247, 1251, 1249, 1249, 1255, 1246, 1260, 1261, 1262, - 1247, 1248, 1253, 1250, 1256, 1263, 1262, 1253, 1251, 1265, - 1254, 1256, 1264, 1263, 1257, 1255, 1261, 1259, 1258, 1260, - 1266, 1267, 1267, 1268, 1260, 1261, 1262, 1264, 1269, 1266, - 1270, 1273, 1263, 1265, 1272, 1276, 1265, 1274, 1278, 1264, - 1269, 1277, 1272, 1273, 1275, 1274, 1270, 1266, 1267, 1268, - 1268, 1280, 1284, 1270, 1281, 1269, 1276, 1270, 1273, 1277, - 1281, 1272, 1276, 1282, 1274, 1278, 1285, 1275, 1277, 1279, - 1283, 1275, 1287, 1270, 1279, 1286, 1282, 1283, 1280, 1289, - 1286, 1281, 1288, 1288, 1284, 1279, 1290, 1292, 1293, 1295, - - 1282, 1295, 1296, 1285, 1289, 1294, 1279, 1283, 1297, 1298, - 1302, 1279, 1292, 1297, 1287, 1299, 1289, 1286, 1303, 1288, - 1294, 1293, 1301, 1304, 1292, 1293, 1295, 1306, 1290, 1308, - 1299, 1305, 1294, 1307, 1296, 1297, 1302, 1302, 1305, 1310, - 1309, 1298, 1299, 1312, 1314, 1303, 1301, 1315, 1317, 1301, - 1304, 1308, 0, 1319, 1307, 1320, 1308, 1310, 1305, 1306, - 1307, 1309, 1315, 1317, 1318, 1312, 1310, 1309, 1314, 1322, - 1312, 1314, 1321, 1320, 1315, 1317, 1323, 1324, 1325, 1318, - 1319, 1326, 1320, 1323, 1327, 1329, 1332, 1325, 1328, 1326, - 0, 1318, 1333, 1330, 1321, 1324, 1322, 1332, 1334, 1321, - - 1335, 1333, 1337, 1323, 1324, 1325, 1330, 1327, 1326, 1342, - 1328, 1327, 1332, 1332, 1341, 1328, 1334, 1329, 1335, 1333, - 1330, 1339, 1342, 1343, 1332, 1334, 1341, 1335, 0, 1337, - 1344, 1346, 1339, 1345, 1347, 1348, 1342, 1351, 0, 1352, - 1344, 1341, 0, 1350, 1351, 1354, 1358, 1358, 1339, 1353, - 0, 1354, 1366, 1355, 1348, 1343, 1346, 1344, 1346, 1345, - 1345, 1347, 1348, 1350, 1351, 1352, 1352, 1353, 1355, 1356, - 1350, 1357, 1354, 1358, 1362, 1359, 1353, 1366, 1360, 1366, - 1355, 1362, 1363, 1367, 1356, 1365, 1357, 1359, 0, 1363, - 1371, 1360, 1367, 1368, 1369, 0, 1356, 1372, 1357, 1360, - - 1374, 1362, 1359, 1375, 1378, 1360, 1377, 1365, 1371, 1363, - 1367, 0, 1365, 1374, 1369, 1368, 1379, 1371, 1360, 1380, - 1368, 1369, 1372, 1381, 1372, 1376, 1376, 1374, 1377, 1378, - 1375, 1378, 1381, 1377, 1383, 1382, 1384, 1385, 1379, 0, - 1386, 1380, 1382, 1379, 1389, 1388, 1380, 1390, 1394, 1391, - 1381, 1385, 1376, 1388, 1393, 1395, 1392, 1389, 1384, 1386, - 1396, 1393, 1382, 1384, 1385, 1398, 1383, 1386, 1392, 1397, - 1401, 1389, 1388, 1399, 1390, 1391, 1391, 1395, 1403, 1407, - 1394, 1393, 1395, 1392, 1397, 1396, 1400, 1396, 1402, 1400, - 1404, 1398, 1398, 0, 1402, 1401, 1397, 1401, 1408, 1399, - - 1399, 1407, 1411, 1405, 1400, 1403, 1407, 1410, 1404, 1411, - 1412, 1413, 1415, 1400, 1417, 1402, 1400, 1404, 1405, 1412, - 1408, 1410, 1413, 1421, 1418, 1408, 1419, 1420, 1419, 1411, - 1405, 1422, 1423, 1415, 1410, 1417, 1418, 1412, 1413, 1415, - 1424, 1417, 1425, 1427, 1426, 1420, 1433, 1428, 1424, 1422, - 1421, 1418, 1428, 1419, 1420, 1429, 1430, 1427, 1422, 1423, - 0, 1434, 1435, 1430, 1436, 1425, 1426, 1424, 1437, 1425, - 1427, 1426, 1439, 1433, 1429, 1434, 1440, 1438, 1441, 1428, - 1435, 1439, 1429, 1430, 1442, 1443, 1445, 1434, 1434, 1435, - 1446, 1436, 1438, 1449, 1437, 1437, 1448, 1446, 1448, 1439, - - 1441, 1455, 1434, 1452, 1438, 1441, 1450, 1443, 1440, 1445, - 1450, 1442, 1443, 1445, 1451, 1449, 1456, 1446, 1453, 1457, - 1449, 1454, 1458, 1448, 0, 1452, 1451, 1453, 1455, 1460, - 1452, 1457, 1454, 1450, 1459, 1459, 1463, 1460, 1467, 1456, - 1463, 1451, 1462, 1456, 1458, 1453, 1457, 1465, 1454, 1458, - 1462, 1464, 1466, 1467, 1464, 1465, 1460, 1471, 1466, 1470, - 1468, 1459, 1473, 1463, 1472, 1467, 1468, 1474, 1475, 1462, - 1476, 1470, 1477, 1478, 1465, 1481, 1473, 0, 1464, 1466, - 1474, 1479, 1475, 1483, 1471, 1484, 1470, 1468, 1472, 1473, - 1480, 1472, 1485, 1479, 1474, 1475, 1476, 1476, 1487, 1477, - - 1478, 1481, 1481, 1482, 1480, 1486, 1482, 1488, 1479, 1489, - 1483, 1490, 1484, 1486, 1491, 1492, 1488, 1480, 1494, 1485, - 1495, 1482, 1497, 1492, 1500, 1487, 1498, 1491, 1501, 1496, - 1482, 1499, 1486, 1482, 1488, 1498, 1489, 1496, 1490, 1502, - 1494, 1491, 1492, 1501, 1506, 1494, 1511, 1495, 1500, 1497, - 1504, 1500, 1499, 1498, 1501, 1501, 1496, 1503, 1499, 1505, - 1509, 1508, 1504, 1510, 1509, 1503, 1502, 1505, 1508, 1511, - 1501, 1506, 1512, 1511, 1513, 1510, 1514, 1504, 1515, 1519, - 1516, 1522, 1513, 1518, 1503, 1515, 1505, 1509, 1508, 1520, - 1510, 1517, 1517, 1523, 0, 1533, 1522, 1519, 1525, 1512, - - 1516, 1513, 1524, 1514, 1524, 1515, 1519, 1516, 1522, 1518, - 1518, 1526, 1525, 1527, 1520, 1523, 1520, 1526, 1517, 1528, - 1523, 1529, 1534, 1532, 1530, 1525, 1531, 1533, 1539, 1524, - 1536, 1540, 1548, 1529, 1538, 1527, 1532, 1536, 1526, 1541, - 1527, 1528, 1530, 1548, 1531, 1534, 1528, 1541, 1529, 1534, - 1532, 1530, 1538, 1531, 1539, 1539, 1544, 1536, 1545, 1548, - 1542, 1538, 1542, 1540, 1547, 1541, 1541, 1542, 1544, 1549, - 1551, 1552, 1555, 1553, 1541, 1554, 1545, 1557, 1559, 1547, - 1553, 1558, 1560, 1544, 1549, 1545, 1562, 1542, 1561, 1542, - 1554, 1547, 1563, 1552, 1551, 1566, 1549, 1551, 1552, 1555, - - 1553, 1561, 1554, 1558, 1557, 1564, 1565, 1563, 1558, 1560, - 1559, 1568, 1562, 1562, 1565, 1561, 1569, 1570, 1564, 1563, - 1571, 1566, 1566, 1572, 1573, 1575, 1574, 1577, 1576, 1578, - 1572, 1573, 1564, 1565, 1568, 1576, 1579, 1580, 1568, 1574, - 1569, 1584, 1571, 1569, 1570, 1582, 1580, 1571, 1575, 1577, - 1572, 1573, 1575, 1574, 1577, 1576, 1582, 1579, 1583, 1585, - 0, 1578, 1586, 1579, 1580, 1590, 1589, 0, 1592, 1592, - 1591, 1597, 1582, 1584, 1593, 1599, 0, 1602, 1585, 1589, - 1583, 1603, 1604, 1606, 1599, 1583, 1585, 1586, 1608, 1586, - 1609, 1590, 1590, 1589, 1591, 1592, 1610, 1591, 1597, 1602, - - 1593, 1593, 1599, 1603, 1602, 1612, 1611, 1610, 1603, 1604, - 1606, 1611, 1616, 1614, 1615, 1619, 1609, 1609, 1618, 1620, - 1608, 1614, 1621, 1610, 1623, 0, 1625, 1612, 1620, 1615, - 1626, 1628, 1612, 1611, 1621, 1629, 1618, 1627, 1631, 1616, - 1614, 1615, 1630, 1632, 1633, 1618, 1620, 1619, 1629, 1621, - 1634, 1623, 1625, 1625, 1636, 1630, 1628, 1626, 1628, 1627, - 1631, 1635, 1629, 1636, 1627, 1631, 1637, 1638, 1639, 1630, - 1632, 1633, 1640, 1642, 1641, 1643, 1635, 1634, 0, 1644, - 1642, 1636, 1638, 1639, 1645, 1645, 1650, 1640, 1635, 1647, - 1658, 1646, 1637, 1637, 1638, 1639, 1641, 1644, 1646, 1640, - - 1642, 1641, 1643, 1647, 1648, 1651, 1644, 1648, 1649, 1653, - 1652, 1645, 1650, 1650, 1653, 1655, 1647, 1658, 1646, 1652, - 1654, 1649, 1656, 1651, 1654, 1659, 1657, 0, 1660, 1663, - 1664, 1648, 1651, 1666, 1667, 1649, 1653, 1652, 1663, 1655, - 1666, 1670, 1655, 1667, 1656, 1668, 1664, 1654, 1657, 1656, - 1668, 1669, 1659, 1657, 1660, 1660, 1663, 1664, 1669, 1670, - 1666, 1667, 1671, 1675, 1672, 0, 1673, 1676, 1670, 1671, - 1677, 1679, 1668, 1672, 1683, 1678, 1684, 1680, 1669, 1677, - 1685, 1686, 1683, 1679, 1690, 1676, 1680, 1681, 1682, 1671, - 1675, 1672, 1673, 1673, 1676, 1678, 1681, 1677, 1679, 1682, - - 1687, 1683, 1678, 1684, 1680, 1688, 1690, 1685, 1689, 1687, - 1696, 1690, 1691, 1686, 1681, 1682, 1689, 1688, 1692, 1691, - 1693, 1694, 1697, 1698, 1703, 1692, 1701, 1687, 1696, 1697, - 1702, 1698, 1688, 1701, 1705, 1689, 1706, 1696, 1711, 1691, - 1704, 1707, 1693, 1705, 1709, 1692, 1694, 1693, 1694, 1697, - 1698, 1703, 1704, 1701, 1702, 1710, 1709, 1702, 1712, 1714, - 1716, 1705, 1717, 1706, 1707, 1711, 1718, 1704, 1707, 1719, - 1717, 1709, 1712, 1720, 0, 1724, 1725, 1727, 1710, 0, - 1726, 1725, 1710, 1728, 1729, 1712, 1714, 1716, 1737, 1717, - 1730, 1719, 1734, 1718, 1726, 1727, 1719, 1731, 1730, 1735, - - 1720, 1724, 1724, 1725, 1727, 1728, 1729, 1726, 1733, 1738, - 1728, 1729, 1739, 1736, 1734, 1737, 1731, 1730, 1741, 1734, - 1733, 1735, 1740, 0, 1731, 1736, 1735, 1743, 1745, 1742, - 1744, 1746, 1739, 1749, 1752, 1733, 1738, 1751, 1750, 1739, - 1736, 0, 1744, 1750, 1740, 1753, 1781, 1749, 1757, 1740, - 1741, 1742, 1754, 1743, 1743, 1745, 1742, 1744, 1746, 1751, - 1749, 1756, 1755, 1758, 1751, 1762, 1752, 1757, 1753, 1759, - 1750, 1761, 1753, 1756, 1754, 1757, 1765, 1763, 1781, 1754, - 1755, 1766, 1768, 1764, 1759, 1758, 1763, 1762, 1756, 1755, - 1758, 1767, 1762, 1771, 1765, 1761, 1759, 1764, 1761, 1766, - - 1768, 1771, 1774, 1765, 1763, 1772, 1773, 1775, 1766, 1768, - 1764, 1777, 1772, 1776, 1773, 1775, 1778, 1767, 1767, 1779, - 1771, 1780, 1782, 1777, 1786, 1784, 1783, 1779, 1790, 1774, - 1793, 1776, 1772, 1773, 1775, 1789, 1787, 1796, 1777, 0, - 1776, 1790, 1786, 1778, 1780, 1783, 1779, 1784, 1780, 1782, - 1787, 1786, 1784, 1783, 1791, 1790, 1793, 1793, 1789, 1801, - 1798, 1800, 1789, 1787, 1796, 1802, 1791, 1798, 1800, 1803, - 1804, 1805, 1806, 1807, 1809, 1810, 1808, 1817, 1811, 1814, - 0, 1791, 1807, 1816, 1814, 1801, 1801, 1798, 1800, 1808, - 1815, 0, 1802, 1803, 1815, 1819, 1803, 1804, 1805, 1806, - - 1807, 1811, 1810, 1808, 1816, 1811, 1809, 1822, 1823, 1817, - 1816, 1814, 1818, 1825, 1818, 1825, 1827, 1815, 1819, 1828, - 1826, 1826, 1819, 1830, 1829, 1831, 1833, 0, 1828, 1822, - 1826, 1829, 1823, 1832, 1822, 1823, 1830, 1835, 1827, 1818, - 1825, 1832, 1836, 1827, 1837, 1833, 1828, 1826, 1826, 1834, - 1830, 1829, 1831, 1833, 1838, 1839, 1842, 1834, 1846, 1840, - 1832, 1841, 1841, 1835, 1835, 1838, 1840, 1847, 1836, 1836, - 1837, 1837, 1843, 1844, 1842, 1848, 1834, 1839, 1850, 1843, - 1844, 1838, 1839, 1842, 1848, 1846, 1840, 1851, 1841, 1852, - 1855, 1847, 1854, 1857, 1847, 1856, 1858, 0, 1859, 1843, - - 1844, 1854, 1848, 1859, 0, 1850, 1863, 1852, 1858, 1851, - 1860, 1857, 0, 1861, 1851, 0, 1852, 1855, 1856, 1854, - 1857, 1864, 1856, 1858, 1860, 1867, 1865, 1867, 1871, 1873, - 1859, 1861, 1872, 1863, 1878, 1875, 1879, 1860, 1881, 1864, - 1861, 1865, 1876, 1883, 1880, 1876, 1881, 1873, 1864, 1885, - 1871, 1880, 1867, 1865, 1879, 1871, 1873, 1875, 1872, 1872, - 1882, 1878, 1875, 1879, 1884, 1881, 1887, 1886, 1876, 1876, - 1888, 1880, 1876, 1886, 1889, 1883, 1885, 1891, 1890, 1888, - 1890, 1893, 1882, 1894, 1895, 1896, 1884, 1882, 1887, 1893, - 1897, 1884, 1899, 1887, 1886, 1894, 1898, 1888, 1902, 1896, - - 1904, 1900, 1901, 1899, 1891, 1890, 1889, 1907, 1893, 1900, - 1894, 1895, 1896, 1897, 1898, 1903, 1903, 1897, 1905, 1899, - 1902, 1901, 1908, 1898, 1910, 1902, 1905, 1904, 1900, 1901, - 1911, 1912, 1914, 1915, 1907, 1916, 1917, 0, 1919, 1916, - 1915, 1911, 1903, 1920, 1917, 1905, 1923, 1922, 1924, 1908, - 1928, 1910, 1922, 1912, 1934, 1929, 1920, 1911, 1912, 1914, - 1915, 1925, 1916, 1917, 1919, 1919, 1926, 0, 1930, 1925, - 1920, 1927, 1932, 1923, 1922, 1924, 1933, 1928, 1927, 1929, - 1935, 1926, 1929, 1933, 1936, 0, 1934, 1932, 1925, 1940, - 1939, 1937, 1941, 1926, 1930, 1930, 1943, 1940, 1927, 1932, - - 1937, 1945, 1946, 1933, 1942, 1942, 1948, 1935, 1936, 1950, - 1946, 1936, 1939, 1949, 1942, 1951, 1940, 1939, 1937, 1952, - 1953, 1954, 1950, 1943, 1941, 1957, 1964, 1955, 1945, 1946, - 1962, 1942, 1942, 1948, 1961, 1949, 1950, 1951, 1965, 1961, - 1949, 1967, 1951, 1966, 1968, 1969, 1952, 1953, 1954, 1955, - 1966, 1965, 1957, 1964, 1955, 1972, 1962, 1962, 1973, 1967, - 1979, 1961, 1974, 0, 1978, 1965, 1976, 1969, 1967, 1977, - 1966, 1968, 1969, 1976, 1972, 1979, 1977, 1980, 1982, 1985, - 1988, 1983, 1972, 1984, 1974, 1973, 1978, 1979, 1983, 1974, - 1985, 1978, 1984, 1976, 1993, 1987, 1977, 1982, 1980, 1986, - - 1986, 1987, 1988, 1994, 1980, 1982, 1985, 1988, 1983, 1986, - 1984, 1991, 1995, 1999, 2001, 2001, 0, 2004, 1991, 2002, - 2005, 1993, 1987, 2006, 2008, 2009, 1986, 1986, 2013, 2005, - 1994, 2012, 2011, 2014, 2015, 1995, 2006, 2009, 1991, 1995, - 1999, 2011, 2002, 2001, 2004, 2016, 2002, 2005, 2017, 2012, - 2006, 2008, 2009, 2018, 2013, 2013, 2020, 2016, 2012, 2011, - 2014, 2015, 2019, 2021, 2019, 2022, 2023, 2025, 2020, 2021, - 2017, 2024, 2016, 2028, 2030, 2017, 2031, 2032, 2034, 2024, - 2018, 2035, 2037, 2020, 2038, 2040, 2046, 2022, 2023, 2019, - 2021, 0, 2022, 2023, 2025, 2039, 2034, 2037, 2024, 2044, - - 2028, 2030, 2048, 2031, 2032, 2034, 2043, 2039, 2035, 2037, - 2038, 2038, 2040, 2049, 2047, 2043, 2050, 2051, 2046, 2059, - 2064, 2049, 2039, 2044, 2048, 2050, 2044, 2047, 2051, 2048, - 2057, 2060, 2061, 2043, 2065, 2063, 2064, 0, 2060, 2063, - 2049, 2047, 2059, 2050, 2051, 2061, 2059, 2064, 2065, 2069, - 2072, 2069, 2066, 2070, 2057, 2067, 2068, 2057, 2060, 2061, - 2066, 2065, 2063, 2071, 2067, 2070, 2073, 2068, 2074, 2076, - 2071, 2075, 2077, 0, 2080, 2081, 2069, 2072, 2078, 2066, - 2070, 2083, 2067, 2068, 2073, 2079, 2080, 2079, 2090, 2082, - 2071, 2085, 2091, 2073, 2077, 2074, 2076, 2075, 2075, 2077, - - 2078, 2080, 2082, 2085, 2087, 2078, 2089, 2081, 2083, 2092, - 0, 2093, 2079, 2087, 2089, 2094, 2082, 2096, 2085, 2098, - 2090, 2099, 2092, 2094, 2091, 2093, 2097, 2098, 2102, 2100, - 2096, 2087, 2101, 2089, 0, 2099, 2092, 2104, 2093, 2103, - 2101, 2105, 2094, 2100, 2096, 2104, 2098, 2106, 2099, 2097, - 2102, 2111, 0, 2097, 2107, 2102, 2100, 2108, 2109, 2101, - 2112, 2103, 2110, 2117, 2104, 0, 2103, 2115, 2105, 2116, - 2110, 2114, 0, 2106, 2106, 2115, 2107, 2116, 2118, 2108, - 2109, 2107, 2121, 2111, 2108, 2109, 2118, 2112, 2119, 2110, - 2125, 2114, 2122, 2123, 2115, 2117, 2116, 2124, 2114, 2126, - - 2122, 2123, 2119, 2128, 2121, 2118, 2127, 0, 2129, 2121, - 2130, 2124, 2133, 0, 2127, 2119, 2125, 2125, 2131, 2122, - 2123, 2126, 2134, 2132, 2124, 0, 2126, 2135, 2136, 2128, - 2128, 2132, 2130, 2127, 2129, 2129, 2136, 2130, 2131, 2133, - 2137, 2140, 2134, 2138, 2141, 2131, 2144, 2135, 2142, 2134, - 2132, 2138, 2143, 2145, 2135, 2136, 2142, 2146, 0, 2147, - 2143, 2145, 2137, 2140, 2148, 2146, 2141, 2137, 2140, 2149, - 2138, 2141, 2144, 2144, 2150, 2142, 2151, 2152, 2154, 2143, - 2145, 2160, 0, 2161, 2146, 2147, 2147, 2157, 0, 2149, - 2158, 2148, 0, 0, 2159, 0, 2149, 2152, 2158, 0, - - 2154, 2150, 2159, 2151, 2152, 2154, 0, 0, 2160, 2157, - 2161, 0, 0, 0, 2157, 0, 0, 2158, 0, 0, - 0, 2159, 2165, 2165, 2165, 2165, 2165, 2165, 2165, 2166, - 2166, 2166, 2166, 2166, 2166, 2166, 2167, 2167, 2167, 2167, - 2167, 2167, 2167, 2168, 2168, 2168, 2168, 2168, 2168, 2168, - 2169, 2169, 2169, 2169, 2169, 2169, 2169, 2171, 2171, 0, - 2171, 2171, 2171, 2171, 2172, 2172, 0, 0, 0, 2172, - 2172, 2173, 2173, 0, 0, 2173, 0, 2173, 2174, 0, - 0, 0, 0, 0, 2174, 2175, 2175, 0, 0, 0, - 2175, 2175, 2176, 0, 0, 0, 0, 0, 2176, 2177, - - 2177, 0, 2177, 2177, 2177, 2177, 2178, 2178, 0, 2178, - 2178, 2178, 2178, 2164, 2164, 2164, 2164, 2164, 2164, 2164, - 2164, 2164, 2164, 2164, 2164, 2164, 2164, 2164, 2164, 2164, - 2164, 2164, 2164, 2164, 2164, 2164, 2164, 2164, 2164, 2164, - 2164, 2164, 2164, 2164, 2164, 2164, 2164, 2164, 2164, 2164, - 2164, 2164, 2164, 2164, 2164, 2164, 2164, 2164, 2164, 2164, - 2164, 2164, 2164, 2164, 2164, 2164, 2164, 2164, 2164, 2164, - 2164, 2164, 2164, 2164, 2164, 2164, 2164, 2164, 2164, 2164 - } ; - -static yy_state_type yy_last_accepting_state; -static char *yy_last_accepting_cpos; - -extern int yy_flex_debug; -int yy_flex_debug = 0; - -/* The intent behind this definition is that it'll catch - * any uses of REJECT which flex missed. - */ -#define REJECT reject_used_but_not_detected -static int yy_more_flag = 0; -static int yy_more_len = 0; -#define yymore() ((yy_more_flag) = 1) -#define YY_MORE_ADJ (yy_more_len) -#define YY_RESTORE_YY_MORE_OFFSET -char *yytext; -#line 1 "util/configlexer.lex" -#line 2 "util/configlexer.lex" -/* - * configlexer.lex - lexical analyzer for unbound config file - * - * Copyright (c) 2001-2006, NLnet Labs. All rights reserved - * - * See LICENSE for the license. - * - */ - -/* because flex keeps having sign-unsigned compare problems that are unfixed*/ -#if defined(__clang__)||(defined(__GNUC__)&&((__GNUC__ >4)||(defined(__GNUC_MINOR__)&&(__GNUC__ ==4)&&(__GNUC_MINOR__ >=2)))) -#pragma GCC diagnostic ignored "-Wsign-compare" -#endif - -#include -#include -#include -#ifdef HAVE_GLOB_H -# include -#endif - -#include "util/config_file.h" -#include "util/configparser.h" -void ub_c_error(const char *message); - -#if 0 -#define LEXOUT(s) printf s /* used ONLY when debugging */ -#else -#define LEXOUT(s) -#endif - -/** avoid warning in about fwrite return value */ -#define ECHO ub_c_error_msg("syntax error at text: %s", yytext) - -/** A parser variable, this is a statement in the config file which is - * of the form variable: value1 value2 ... nargs is the number of values. */ -#define YDVAR(nargs, var) \ - num_args=(nargs); \ - LEXOUT(("v(%s%d) ", yytext, num_args)); \ - if(num_args > 0) { BEGIN(val); } \ - return (var); - -struct inc_state { - char* filename; - int line; - YY_BUFFER_STATE buffer; - struct inc_state* next; -}; -static struct inc_state* config_include_stack = NULL; -static int inc_depth = 0; -static int inc_prev = 0; -static int num_args = 0; - -void init_cfg_parse(void) -{ - config_include_stack = NULL; - inc_depth = 0; - inc_prev = 0; - num_args = 0; -} - -static void config_start_include(const char* filename) -{ - FILE *input; - struct inc_state* s; - char* nm; - if(inc_depth++ > 100000) { - ub_c_error_msg("too many include files"); - return; - } - if(*filename == '\0') { - ub_c_error_msg("empty include file name"); - return; - } - s = (struct inc_state*)malloc(sizeof(*s)); - if(!s) { - ub_c_error_msg("include %s: malloc failure", filename); - return; - } - if(cfg_parser->chroot && strncmp(filename, cfg_parser->chroot, - strlen(cfg_parser->chroot)) == 0) { - filename += strlen(cfg_parser->chroot); - } - nm = strdup(filename); - if(!nm) { - ub_c_error_msg("include %s: strdup failure", filename); - free(s); - return; - } - input = fopen(filename, "r"); - if(!input) { - ub_c_error_msg("cannot open include file '%s': %s", - filename, strerror(errno)); - free(s); - free(nm); - return; - } - LEXOUT(("switch_to_include_file(%s)\n", filename)); - s->filename = cfg_parser->filename; - s->line = cfg_parser->line; - s->buffer = YY_CURRENT_BUFFER; - s->next = config_include_stack; - config_include_stack = s; - cfg_parser->filename = nm; - cfg_parser->line = 1; - yy_switch_to_buffer(yy_create_buffer(input,YY_BUF_SIZE)); -} - -static void config_start_include_glob(const char* filename) -{ - - /* check for wildcards */ -#ifdef HAVE_GLOB - glob_t g; - size_t i; - int r, flags; - if(!(!strchr(filename, '*') && !strchr(filename, '?') && !strchr(filename, '[') && - !strchr(filename, '{') && !strchr(filename, '~'))) { - flags = 0 -#ifdef GLOB_ERR - | GLOB_ERR -#endif -#ifdef GLOB_NOSORT - | GLOB_NOSORT -#endif -#ifdef GLOB_BRACE - | GLOB_BRACE -#endif -#ifdef GLOB_TILDE - | GLOB_TILDE -#endif - ; - memset(&g, 0, sizeof(g)); - if(cfg_parser->chroot && strncmp(filename, cfg_parser->chroot, - strlen(cfg_parser->chroot)) == 0) { - filename += strlen(cfg_parser->chroot); - } - r = glob(filename, flags, NULL, &g); - if(r) { - /* some error */ - globfree(&g); - if(r == GLOB_NOMATCH) - return; /* no matches for pattern */ - config_start_include(filename); /* let original deal with it */ - return; - } - /* process files found, if any */ - for(i=0; i<(size_t)g.gl_pathc; i++) { - config_start_include(g.gl_pathv[i]); - } - globfree(&g); - return; - } -#endif /* HAVE_GLOB */ - - config_start_include(filename); -} - -static void config_end_include(void) -{ - struct inc_state* s = config_include_stack; - --inc_depth; - if(!s) return; - free(cfg_parser->filename); - cfg_parser->filename = s->filename; - cfg_parser->line = s->line; - yy_delete_buffer(YY_CURRENT_BUFFER); - yy_switch_to_buffer(s->buffer); - config_include_stack = s->next; - free(s); -} - -#ifndef yy_set_bol /* compat definition, for flex 2.4.6 */ -#define yy_set_bol(at_bol) \ - { \ - if ( ! yy_current_buffer ) \ - yy_current_buffer = yy_create_buffer(yyin,YY_BUF_SIZE ); \ - yy_current_buffer->yy_ch_buf[0] = ((at_bol)?'\n':' '); \ - } -#endif - -#define YY_NO_INPUT 1 -#line 187 "util/configlexer.lex" -#ifndef YY_NO_UNPUT -#define YY_NO_UNPUT 1 -#endif -#ifndef YY_NO_INPUT -#define YY_NO_INPUT 1 -#endif - -#line 2756 "" - -#define INITIAL 0 -#define quotedstring 1 -#define singlequotedstr 2 -#define include 3 -#define include_quoted 4 -#define val 5 - -#ifndef YY_NO_UNISTD_H -/* Special case for "unistd.h", since it is non-ANSI. We include it way - * down here because we want the user's section 1 to have been scanned first. - * The user has a chance to override it with an option. - */ -#include -#endif - -#ifndef YY_EXTRA_TYPE -#define YY_EXTRA_TYPE void * -#endif - -static int yy_init_globals (void ); - -/* Accessor methods to globals. - These are made visible to non-reentrant scanners for convenience. */ - -int yylex_destroy (void ); - -int yyget_debug (void ); - -void yyset_debug (int debug_flag ); - -YY_EXTRA_TYPE yyget_extra (void ); - -void yyset_extra (YY_EXTRA_TYPE user_defined ); - -FILE *yyget_in (void ); - -void yyset_in (FILE * _in_str ); - -FILE *yyget_out (void ); - -void yyset_out (FILE * _out_str ); - -yy_size_t yyget_leng (void ); - -char *yyget_text (void ); - -int yyget_lineno (void ); - -void yyset_lineno (int _line_number ); - -/* Macros after this point can all be overridden by user definitions in - * section 1. - */ - -#ifndef YY_SKIP_YYWRAP -#ifdef __cplusplus -extern "C" int yywrap (void ); -#else -extern int yywrap (void ); -#endif -#endif - -#ifndef YY_NO_UNPUT - -#endif - -#ifndef yytext_ptr -static void yy_flex_strncpy (char *,yyconst char *,int ); -#endif - -#ifdef YY_NEED_STRLEN -static int yy_flex_strlen (yyconst char * ); -#endif - -#ifndef YY_NO_INPUT - -#ifdef __cplusplus -static int yyinput (void ); -#else -static int input (void ); -#endif - -#endif - -/* Amount of stuff to slurp up with each read. */ -#ifndef YY_READ_BUF_SIZE -#ifdef __ia64__ -/* On IA-64, the buffer size is 16k, not 8k */ -#define YY_READ_BUF_SIZE 16384 -#else -#define YY_READ_BUF_SIZE 8192 -#endif /* __ia64__ */ -#endif - -/* Copy whatever the last rule matched to the standard output. */ -#ifndef ECHO -/* This used to be an fputs(), but since the string might contain NUL's, - * we now use fwrite(). - */ -#define ECHO do { if (fwrite( yytext, yyleng, 1, yyout )) {} } while (0) -#endif - -/* Gets input and stuffs it into "buf". number of characters read, or YY_NULL, - * is returned in "result". - */ -#ifndef YY_INPUT -#define YY_INPUT(buf,result,max_size) \ - if ( YY_CURRENT_BUFFER_LVALUE->yy_is_interactive ) \ - { \ - int c = '*'; \ - size_t n; \ - for ( n = 0; n < max_size && \ - (c = getc( yyin )) != EOF && c != '\n'; ++n ) \ - buf[n] = (char) c; \ - if ( c == '\n' ) \ - buf[n++] = (char) c; \ - if ( c == EOF && ferror( yyin ) ) \ - YY_FATAL_ERROR( "input in flex scanner failed" ); \ - result = n; \ - } \ - else \ - { \ - errno=0; \ - while ( (result = fread(buf, 1, max_size, yyin))==0 && ferror(yyin)) \ - { \ - if( errno != EINTR) \ - { \ - YY_FATAL_ERROR( "input in flex scanner failed" ); \ - break; \ - } \ - errno=0; \ - clearerr(yyin); \ - } \ - }\ -\ - -#endif - -/* No semi-colon after return; correct usage is to write "yyterminate();" - - * we don't want an extra ';' after the "return" because that will cause - * some compilers to complain about unreachable statements. - */ -#ifndef yyterminate -#define yyterminate() return YY_NULL -#endif - -/* Number of entries by which start-condition stack grows. */ -#ifndef YY_START_STACK_INCR -#define YY_START_STACK_INCR 25 -#endif - -/* Report a fatal error. */ -#ifndef YY_FATAL_ERROR -#define YY_FATAL_ERROR(msg) yy_fatal_error( msg ) -#endif - -/* end tables serialization structures and prototypes */ - -/* Default declaration of generated scanner - a define so the user can - * easily add parameters. - */ -#ifndef YY_DECL -#define YY_DECL_IS_OURS 1 - -extern int yylex (void); - -#define YY_DECL int yylex (void) -#endif /* !YY_DECL */ - -/* Code executed at the beginning of each rule, after yytext and yyleng - * have been set up. - */ -#ifndef YY_USER_ACTION -#define YY_USER_ACTION -#endif - -/* Code executed at the end of each rule. */ -#ifndef YY_BREAK -#define YY_BREAK /*LINTED*/break; -#endif - -#define YY_RULE_SETUP \ - YY_USER_ACTION - -/** The main scanner function which does all the work. - */ -YY_DECL -{ - yy_state_type yy_current_state; - char *yy_cp, *yy_bp; - int yy_act; - - if ( !(yy_init) ) - { - (yy_init) = 1; - -#ifdef YY_USER_INIT - YY_USER_INIT; -#endif - - if ( ! (yy_start) ) - (yy_start) = 1; /* first start state */ - - if ( ! yyin ) - yyin = stdin; - - if ( ! yyout ) - yyout = stdout; - - if ( ! YY_CURRENT_BUFFER ) { - yyensure_buffer_stack (); - YY_CURRENT_BUFFER_LVALUE = - yy_create_buffer(yyin,YY_BUF_SIZE ); - } - - yy_load_buffer_state( ); - } - - { -#line 207 "util/configlexer.lex" - -#line 2979 "" - - while ( /*CONSTCOND*/1 ) /* loops until end-of-file is reached */ - { - (yy_more_len) = 0; - if ( (yy_more_flag) ) - { - (yy_more_len) = (yy_c_buf_p) - (yytext_ptr); - (yy_more_flag) = 0; - } - yy_cp = (yy_c_buf_p); - - /* Support of yytext. */ - *yy_cp = (yy_hold_char); - - /* yy_bp points to the position in yy_ch_buf of the start of - * the current run. - */ - yy_bp = yy_cp; - - yy_current_state = (yy_start); -yy_match: - do - { - YY_CHAR yy_c = yy_ec[YY_SC_TO_UI(*yy_cp)] ; - if ( yy_accept[yy_current_state] ) - { - (yy_last_accepting_state) = yy_current_state; - (yy_last_accepting_cpos) = yy_cp; - } - while ( yy_chk[yy_base[yy_current_state] + yy_c] != yy_current_state ) - { - yy_current_state = (int) yy_def[yy_current_state]; - if ( yy_current_state >= 2165 ) - yy_c = yy_meta[(unsigned int) yy_c]; - } - yy_current_state = yy_nxt[yy_base[yy_current_state] + (unsigned int) yy_c]; - ++yy_cp; - } - while ( yy_base[yy_current_state] != 6214 ); - -yy_find_action: - yy_act = yy_accept[yy_current_state]; - if ( yy_act == 0 ) - { /* have to back up */ - yy_cp = (yy_last_accepting_cpos); - yy_current_state = (yy_last_accepting_state); - yy_act = yy_accept[yy_current_state]; - } - - YY_DO_BEFORE_ACTION; - -do_action: /* This label is used only to access EOF actions. */ - - switch ( yy_act ) - { /* beginning of action switch */ - case 0: /* must back up */ - /* undo the effects of YY_DO_BEFORE_ACTION */ - *yy_cp = (yy_hold_char); - yy_cp = (yy_last_accepting_cpos); - yy_current_state = (yy_last_accepting_state); - goto yy_find_action; - -case 1: -YY_RULE_SETUP -#line 208 "util/configlexer.lex" -{ - LEXOUT(("SP ")); /* ignore */ } - YY_BREAK -case 2: -YY_RULE_SETUP -#line 210 "util/configlexer.lex" -{ - /* note that flex makes the longest match and '.' is any but not nl */ - LEXOUT(("comment(%s) ", yytext)); /* ignore */ } - YY_BREAK -case 3: -YY_RULE_SETUP -#line 213 "util/configlexer.lex" -{ YDVAR(0, VAR_SERVER) } - YY_BREAK -case 4: -YY_RULE_SETUP -#line 214 "util/configlexer.lex" -{ YDVAR(1, VAR_QNAME_MINIMISATION) } - YY_BREAK -case 5: -YY_RULE_SETUP -#line 215 "util/configlexer.lex" -{ YDVAR(1, VAR_QNAME_MINIMISATION_STRICT) } - YY_BREAK -case 6: -YY_RULE_SETUP -#line 216 "util/configlexer.lex" -{ YDVAR(1, VAR_NUM_THREADS) } - YY_BREAK -case 7: -YY_RULE_SETUP -#line 217 "util/configlexer.lex" -{ YDVAR(1, VAR_VERBOSITY) } - YY_BREAK -case 8: -YY_RULE_SETUP -#line 218 "util/configlexer.lex" -{ YDVAR(1, VAR_PORT) } - YY_BREAK -case 9: -YY_RULE_SETUP -#line 219 "util/configlexer.lex" -{ YDVAR(1, VAR_OUTGOING_RANGE) } - YY_BREAK -case 10: -YY_RULE_SETUP -#line 220 "util/configlexer.lex" -{ YDVAR(1, VAR_OUTGOING_PORT_PERMIT) } - YY_BREAK -case 11: -YY_RULE_SETUP -#line 221 "util/configlexer.lex" -{ YDVAR(1, VAR_OUTGOING_PORT_AVOID) } - YY_BREAK -case 12: -YY_RULE_SETUP -#line 222 "util/configlexer.lex" -{ YDVAR(1, VAR_OUTGOING_NUM_TCP) } - YY_BREAK -case 13: -YY_RULE_SETUP -#line 223 "util/configlexer.lex" -{ YDVAR(1, VAR_INCOMING_NUM_TCP) } - YY_BREAK -case 14: -YY_RULE_SETUP -#line 224 "util/configlexer.lex" -{ YDVAR(1, VAR_DO_IP4) } - YY_BREAK -case 15: -YY_RULE_SETUP -#line 225 "util/configlexer.lex" -{ YDVAR(1, VAR_DO_IP6) } - YY_BREAK -case 16: -YY_RULE_SETUP -#line 226 "util/configlexer.lex" -{ YDVAR(1, VAR_PREFER_IP6) } - YY_BREAK -case 17: -YY_RULE_SETUP -#line 227 "util/configlexer.lex" -{ YDVAR(1, VAR_DO_UDP) } - YY_BREAK -case 18: -YY_RULE_SETUP -#line 228 "util/configlexer.lex" -{ YDVAR(1, VAR_DO_TCP) } - YY_BREAK -case 19: -YY_RULE_SETUP -#line 229 "util/configlexer.lex" -{ YDVAR(1, VAR_TCP_UPSTREAM) } - YY_BREAK -case 20: -YY_RULE_SETUP -#line 230 "util/configlexer.lex" -{ YDVAR(1, VAR_TCP_MSS) } - YY_BREAK -case 21: -YY_RULE_SETUP -#line 231 "util/configlexer.lex" -{ YDVAR(1, VAR_OUTGOING_TCP_MSS) } - YY_BREAK -case 22: -YY_RULE_SETUP -#line 232 "util/configlexer.lex" -{ YDVAR(1, VAR_SSL_UPSTREAM) } - YY_BREAK -case 23: -YY_RULE_SETUP -#line 233 "util/configlexer.lex" -{ YDVAR(1, VAR_SSL_SERVICE_KEY) } - YY_BREAK -case 24: -YY_RULE_SETUP -#line 234 "util/configlexer.lex" -{ YDVAR(1, VAR_SSL_SERVICE_PEM) } - YY_BREAK -case 25: -YY_RULE_SETUP -#line 235 "util/configlexer.lex" -{ YDVAR(1, VAR_SSL_PORT) } - YY_BREAK -case 26: -YY_RULE_SETUP -#line 236 "util/configlexer.lex" -{ YDVAR(1, VAR_USE_SYSTEMD) } - YY_BREAK -case 27: -YY_RULE_SETUP -#line 237 "util/configlexer.lex" -{ YDVAR(1, VAR_DO_DAEMONIZE) } - YY_BREAK -case 28: -YY_RULE_SETUP -#line 238 "util/configlexer.lex" -{ YDVAR(1, VAR_INTERFACE) } - YY_BREAK -case 29: -YY_RULE_SETUP -#line 239 "util/configlexer.lex" -{ YDVAR(1, VAR_INTERFACE) } - YY_BREAK -case 30: -YY_RULE_SETUP -#line 240 "util/configlexer.lex" -{ YDVAR(1, VAR_OUTGOING_INTERFACE) } - YY_BREAK -case 31: -YY_RULE_SETUP -#line 241 "util/configlexer.lex" -{ YDVAR(1, VAR_INTERFACE_AUTOMATIC) } - YY_BREAK -case 32: -YY_RULE_SETUP -#line 242 "util/configlexer.lex" -{ YDVAR(1, VAR_SO_RCVBUF) } - YY_BREAK -case 33: -YY_RULE_SETUP -#line 243 "util/configlexer.lex" -{ YDVAR(1, VAR_SO_SNDBUF) } - YY_BREAK -case 34: -YY_RULE_SETUP -#line 244 "util/configlexer.lex" -{ YDVAR(1, VAR_SO_REUSEPORT) } - YY_BREAK -case 35: -YY_RULE_SETUP -#line 245 "util/configlexer.lex" -{ YDVAR(1, VAR_IP_TRANSPARENT) } - YY_BREAK -case 36: -YY_RULE_SETUP -#line 246 "util/configlexer.lex" -{ YDVAR(1, VAR_IP_FREEBIND) } - YY_BREAK -case 37: -YY_RULE_SETUP -#line 247 "util/configlexer.lex" -{ YDVAR(1, VAR_CHROOT) } - YY_BREAK -case 38: -YY_RULE_SETUP -#line 248 "util/configlexer.lex" -{ YDVAR(1, VAR_USERNAME) } - YY_BREAK -case 39: -YY_RULE_SETUP -#line 249 "util/configlexer.lex" -{ YDVAR(1, VAR_DIRECTORY) } - YY_BREAK -case 40: -YY_RULE_SETUP -#line 250 "util/configlexer.lex" -{ YDVAR(1, VAR_LOGFILE) } - YY_BREAK -case 41: -YY_RULE_SETUP -#line 251 "util/configlexer.lex" -{ YDVAR(1, VAR_PIDFILE) } - YY_BREAK -case 42: -YY_RULE_SETUP -#line 252 "util/configlexer.lex" -{ YDVAR(1, VAR_ROOT_HINTS) } - YY_BREAK -case 43: -YY_RULE_SETUP -#line 253 "util/configlexer.lex" -{ YDVAR(1, VAR_EDNS_BUFFER_SIZE) } - YY_BREAK -case 44: -YY_RULE_SETUP -#line 254 "util/configlexer.lex" -{ YDVAR(1, VAR_MSG_BUFFER_SIZE) } - YY_BREAK -case 45: -YY_RULE_SETUP -#line 255 "util/configlexer.lex" -{ YDVAR(1, VAR_MSG_CACHE_SIZE) } - YY_BREAK -case 46: -YY_RULE_SETUP -#line 256 "util/configlexer.lex" -{ YDVAR(1, VAR_MSG_CACHE_SLABS) } - YY_BREAK -case 47: -YY_RULE_SETUP -#line 257 "util/configlexer.lex" -{ YDVAR(1, VAR_RRSET_CACHE_SIZE) } - YY_BREAK -case 48: -YY_RULE_SETUP -#line 258 "util/configlexer.lex" -{ YDVAR(1, VAR_RRSET_CACHE_SLABS) } - YY_BREAK -case 49: -YY_RULE_SETUP -#line 259 "util/configlexer.lex" -{ YDVAR(1, VAR_CACHE_MAX_TTL) } - YY_BREAK -case 50: -YY_RULE_SETUP -#line 260 "util/configlexer.lex" -{ YDVAR(1, VAR_CACHE_MAX_NEGATIVE_TTL) } - YY_BREAK -case 51: -YY_RULE_SETUP -#line 261 "util/configlexer.lex" -{ YDVAR(1, VAR_CACHE_MIN_TTL) } - YY_BREAK -case 52: -YY_RULE_SETUP -#line 262 "util/configlexer.lex" -{ YDVAR(1, VAR_INFRA_HOST_TTL) } - YY_BREAK -case 53: -YY_RULE_SETUP -#line 263 "util/configlexer.lex" -{ YDVAR(1, VAR_INFRA_LAME_TTL) } - YY_BREAK -case 54: -YY_RULE_SETUP -#line 264 "util/configlexer.lex" -{ YDVAR(1, VAR_INFRA_CACHE_SLABS) } - YY_BREAK -case 55: -YY_RULE_SETUP -#line 265 "util/configlexer.lex" -{ YDVAR(1, VAR_INFRA_CACHE_NUMHOSTS) } - YY_BREAK -case 56: -YY_RULE_SETUP -#line 266 "util/configlexer.lex" -{ YDVAR(1, VAR_INFRA_CACHE_LAME_SIZE) } - YY_BREAK -case 57: -YY_RULE_SETUP -#line 267 "util/configlexer.lex" -{ YDVAR(1, VAR_INFRA_CACHE_MIN_RTT) } - YY_BREAK -case 58: -YY_RULE_SETUP -#line 268 "util/configlexer.lex" -{ YDVAR(1, VAR_NUM_QUERIES_PER_THREAD) } - YY_BREAK -case 59: -YY_RULE_SETUP -#line 269 "util/configlexer.lex" -{ YDVAR(1, VAR_JOSTLE_TIMEOUT) } - YY_BREAK -case 60: -YY_RULE_SETUP -#line 270 "util/configlexer.lex" -{ YDVAR(1, VAR_DELAY_CLOSE) } - YY_BREAK -case 61: -YY_RULE_SETUP -#line 271 "util/configlexer.lex" -{ YDVAR(1, VAR_TARGET_FETCH_POLICY) } - YY_BREAK -case 62: -YY_RULE_SETUP -#line 272 "util/configlexer.lex" -{ YDVAR(1, VAR_HARDEN_SHORT_BUFSIZE) } - YY_BREAK -case 63: -YY_RULE_SETUP -#line 273 "util/configlexer.lex" -{ YDVAR(1, VAR_HARDEN_LARGE_QUERIES) } - YY_BREAK -case 64: -YY_RULE_SETUP -#line 274 "util/configlexer.lex" -{ YDVAR(1, VAR_HARDEN_GLUE) } - YY_BREAK -case 65: -YY_RULE_SETUP -#line 275 "util/configlexer.lex" -{ YDVAR(1, VAR_HARDEN_DNSSEC_STRIPPED) } - YY_BREAK -case 66: -YY_RULE_SETUP -#line 276 "util/configlexer.lex" -{ YDVAR(1, VAR_HARDEN_BELOW_NXDOMAIN) } - YY_BREAK -case 67: -YY_RULE_SETUP -#line 277 "util/configlexer.lex" -{ YDVAR(1, VAR_HARDEN_REFERRAL_PATH) } - YY_BREAK -case 68: -YY_RULE_SETUP -#line 278 "util/configlexer.lex" -{ YDVAR(1, VAR_HARDEN_ALGO_DOWNGRADE) } - YY_BREAK -case 69: -YY_RULE_SETUP -#line 279 "util/configlexer.lex" -{ YDVAR(1, VAR_USE_CAPS_FOR_ID) } - YY_BREAK -case 70: -YY_RULE_SETUP -#line 280 "util/configlexer.lex" -{ YDVAR(1, VAR_CAPS_WHITELIST) } - YY_BREAK -case 71: -YY_RULE_SETUP -#line 281 "util/configlexer.lex" -{ YDVAR(1, VAR_UNWANTED_REPLY_THRESHOLD) } - YY_BREAK -case 72: -YY_RULE_SETUP -#line 282 "util/configlexer.lex" -{ YDVAR(1, VAR_PRIVATE_ADDRESS) } - YY_BREAK -case 73: -YY_RULE_SETUP -#line 283 "util/configlexer.lex" -{ YDVAR(1, VAR_PRIVATE_DOMAIN) } - YY_BREAK -case 74: -YY_RULE_SETUP -#line 284 "util/configlexer.lex" -{ YDVAR(1, VAR_PREFETCH_KEY) } - YY_BREAK -case 75: -YY_RULE_SETUP -#line 285 "util/configlexer.lex" -{ YDVAR(1, VAR_PREFETCH) } - YY_BREAK -case 76: -YY_RULE_SETUP -#line 286 "util/configlexer.lex" -{ YDVAR(0, VAR_STUB_ZONE) } - YY_BREAK -case 77: -YY_RULE_SETUP -#line 287 "util/configlexer.lex" -{ YDVAR(1, VAR_NAME) } - YY_BREAK -case 78: -YY_RULE_SETUP -#line 288 "util/configlexer.lex" -{ YDVAR(1, VAR_STUB_ADDR) } - YY_BREAK -case 79: -YY_RULE_SETUP -#line 289 "util/configlexer.lex" -{ YDVAR(1, VAR_STUB_HOST) } - YY_BREAK -case 80: -YY_RULE_SETUP -#line 290 "util/configlexer.lex" -{ YDVAR(1, VAR_STUB_PRIME) } - YY_BREAK -case 81: -YY_RULE_SETUP -#line 291 "util/configlexer.lex" -{ YDVAR(1, VAR_STUB_FIRST) } - YY_BREAK -case 82: -YY_RULE_SETUP -#line 292 "util/configlexer.lex" -{ YDVAR(1, VAR_STUB_SSL_UPSTREAM) } - YY_BREAK -case 83: -YY_RULE_SETUP -#line 293 "util/configlexer.lex" -{ YDVAR(0, VAR_FORWARD_ZONE) } - YY_BREAK -case 84: -YY_RULE_SETUP -#line 294 "util/configlexer.lex" -{ YDVAR(1, VAR_FORWARD_ADDR) } - YY_BREAK -case 85: -YY_RULE_SETUP -#line 295 "util/configlexer.lex" -{ YDVAR(1, VAR_FORWARD_HOST) } - YY_BREAK -case 86: -YY_RULE_SETUP -#line 296 "util/configlexer.lex" -{ YDVAR(1, VAR_FORWARD_FIRST) } - YY_BREAK -case 87: -YY_RULE_SETUP -#line 297 "util/configlexer.lex" -{ YDVAR(1, VAR_FORWARD_SSL_UPSTREAM) } - YY_BREAK -case 88: -YY_RULE_SETUP -#line 298 "util/configlexer.lex" -{ YDVAR(0, VAR_VIEW) } - YY_BREAK -case 89: -YY_RULE_SETUP -#line 299 "util/configlexer.lex" -{ YDVAR(1, VAR_VIEW_FIRST) } - YY_BREAK -case 90: -YY_RULE_SETUP -#line 300 "util/configlexer.lex" -{ YDVAR(1, VAR_DO_NOT_QUERY_ADDRESS) } - YY_BREAK -case 91: -YY_RULE_SETUP -#line 301 "util/configlexer.lex" -{ YDVAR(1, VAR_DO_NOT_QUERY_LOCALHOST) } - YY_BREAK -case 92: -YY_RULE_SETUP -#line 302 "util/configlexer.lex" -{ YDVAR(2, VAR_ACCESS_CONTROL) } - YY_BREAK -case 93: -YY_RULE_SETUP -#line 303 "util/configlexer.lex" -{ YDVAR(1, VAR_SEND_CLIENT_SUBNET) } - YY_BREAK -case 94: -YY_RULE_SETUP -#line 304 "util/configlexer.lex" -{ YDVAR(1, VAR_CLIENT_SUBNET_ALWAYS_FORWARD) } - YY_BREAK -case 95: -YY_RULE_SETUP -#line 305 "util/configlexer.lex" -{ YDVAR(1, VAR_CLIENT_SUBNET_OPCODE) } - YY_BREAK -case 96: -YY_RULE_SETUP -#line 306 "util/configlexer.lex" -{ YDVAR(1, VAR_MAX_CLIENT_SUBNET_IPV4) } - YY_BREAK -case 97: -YY_RULE_SETUP -#line 307 "util/configlexer.lex" -{ YDVAR(1, VAR_MAX_CLIENT_SUBNET_IPV6) } - YY_BREAK -case 98: -YY_RULE_SETUP -#line 308 "util/configlexer.lex" -{ YDVAR(1, VAR_HIDE_IDENTITY) } - YY_BREAK -case 99: -YY_RULE_SETUP -#line 309 "util/configlexer.lex" -{ YDVAR(1, VAR_HIDE_VERSION) } - YY_BREAK -case 100: -YY_RULE_SETUP -#line 310 "util/configlexer.lex" -{ YDVAR(1, VAR_HIDE_TRUSTANCHOR) } - YY_BREAK -case 101: -YY_RULE_SETUP -#line 311 "util/configlexer.lex" -{ YDVAR(1, VAR_IDENTITY) } - YY_BREAK -case 102: -YY_RULE_SETUP -#line 312 "util/configlexer.lex" -{ YDVAR(1, VAR_VERSION) } - YY_BREAK -case 103: -YY_RULE_SETUP -#line 313 "util/configlexer.lex" -{ YDVAR(1, VAR_MODULE_CONF) } - YY_BREAK -case 104: -YY_RULE_SETUP -#line 314 "util/configlexer.lex" -{ YDVAR(1, VAR_DLV_ANCHOR) } - YY_BREAK -case 105: -YY_RULE_SETUP -#line 315 "util/configlexer.lex" -{ YDVAR(1, VAR_DLV_ANCHOR_FILE) } - YY_BREAK -case 106: -YY_RULE_SETUP -#line 316 "util/configlexer.lex" -{ YDVAR(1, VAR_TRUST_ANCHOR_FILE) } - YY_BREAK -case 107: -YY_RULE_SETUP -#line 317 "util/configlexer.lex" -{ YDVAR(1, VAR_AUTO_TRUST_ANCHOR_FILE) } - YY_BREAK -case 108: -YY_RULE_SETUP -#line 318 "util/configlexer.lex" -{ YDVAR(1, VAR_TRUSTED_KEYS_FILE) } - YY_BREAK -case 109: -YY_RULE_SETUP -#line 319 "util/configlexer.lex" -{ YDVAR(1, VAR_TRUST_ANCHOR) } - YY_BREAK -case 110: -YY_RULE_SETUP -#line 320 "util/configlexer.lex" -{ YDVAR(1, VAR_VAL_OVERRIDE_DATE) } - YY_BREAK -case 111: -YY_RULE_SETUP -#line 321 "util/configlexer.lex" -{ YDVAR(1, VAR_VAL_SIG_SKEW_MIN) } - YY_BREAK -case 112: -YY_RULE_SETUP -#line 322 "util/configlexer.lex" -{ YDVAR(1, VAR_VAL_SIG_SKEW_MAX) } - YY_BREAK -case 113: -YY_RULE_SETUP -#line 323 "util/configlexer.lex" -{ YDVAR(1, VAR_BOGUS_TTL) } - YY_BREAK -case 114: -YY_RULE_SETUP -#line 324 "util/configlexer.lex" -{ YDVAR(1, VAR_VAL_CLEAN_ADDITIONAL) } - YY_BREAK -case 115: -YY_RULE_SETUP -#line 325 "util/configlexer.lex" -{ YDVAR(1, VAR_VAL_PERMISSIVE_MODE) } - YY_BREAK -case 116: -YY_RULE_SETUP -#line 326 "util/configlexer.lex" -{ YDVAR(1, VAR_IGNORE_CD_FLAG) } - YY_BREAK -case 117: -YY_RULE_SETUP -#line 327 "util/configlexer.lex" -{ YDVAR(1, VAR_SERVE_EXPIRED) } - YY_BREAK -case 118: -YY_RULE_SETUP -#line 328 "util/configlexer.lex" -{ YDVAR(1, VAR_FAKE_DSA) } - YY_BREAK -case 119: -YY_RULE_SETUP -#line 329 "util/configlexer.lex" -{ YDVAR(1, VAR_FAKE_SHA1) } - YY_BREAK -case 120: -YY_RULE_SETUP -#line 330 "util/configlexer.lex" -{ YDVAR(1, VAR_VAL_LOG_LEVEL) } - YY_BREAK -case 121: -YY_RULE_SETUP -#line 331 "util/configlexer.lex" -{ YDVAR(1, VAR_KEY_CACHE_SIZE) } - YY_BREAK -case 122: -YY_RULE_SETUP -#line 332 "util/configlexer.lex" -{ YDVAR(1, VAR_KEY_CACHE_SLABS) } - YY_BREAK -case 123: -YY_RULE_SETUP -#line 333 "util/configlexer.lex" -{ YDVAR(1, VAR_NEG_CACHE_SIZE) } - YY_BREAK -case 124: -YY_RULE_SETUP -#line 334 "util/configlexer.lex" -{ - YDVAR(1, VAR_VAL_NSEC3_KEYSIZE_ITERATIONS) } - YY_BREAK -case 125: -YY_RULE_SETUP -#line 336 "util/configlexer.lex" -{ YDVAR(1, VAR_ADD_HOLDDOWN) } - YY_BREAK -case 126: -YY_RULE_SETUP -#line 337 "util/configlexer.lex" -{ YDVAR(1, VAR_DEL_HOLDDOWN) } - YY_BREAK -case 127: -YY_RULE_SETUP -#line 338 "util/configlexer.lex" -{ YDVAR(1, VAR_KEEP_MISSING) } - YY_BREAK -case 128: -YY_RULE_SETUP -#line 339 "util/configlexer.lex" -{ YDVAR(1, VAR_PERMIT_SMALL_HOLDDOWN) } - YY_BREAK -case 129: -YY_RULE_SETUP -#line 340 "util/configlexer.lex" -{ YDVAR(1, VAR_USE_SYSLOG) } - YY_BREAK -case 130: -YY_RULE_SETUP -#line 341 "util/configlexer.lex" -{ YDVAR(1, VAR_LOG_IDENTITY) } - YY_BREAK -case 131: -YY_RULE_SETUP -#line 342 "util/configlexer.lex" -{ YDVAR(1, VAR_LOG_TIME_ASCII) } - YY_BREAK -case 132: -YY_RULE_SETUP -#line 343 "util/configlexer.lex" -{ YDVAR(1, VAR_LOG_QUERIES) } - YY_BREAK -case 133: -YY_RULE_SETUP -#line 344 "util/configlexer.lex" -{ YDVAR(1, VAR_LOG_REPLIES) } - YY_BREAK -case 134: -YY_RULE_SETUP -#line 345 "util/configlexer.lex" -{ YDVAR(2, VAR_LOCAL_ZONE) } - YY_BREAK -case 135: -YY_RULE_SETUP -#line 346 "util/configlexer.lex" -{ YDVAR(1, VAR_LOCAL_DATA) } - YY_BREAK -case 136: -YY_RULE_SETUP -#line 347 "util/configlexer.lex" -{ YDVAR(1, VAR_LOCAL_DATA_PTR) } - YY_BREAK -case 137: -YY_RULE_SETUP -#line 348 "util/configlexer.lex" -{ YDVAR(1, VAR_UNBLOCK_LAN_ZONES) } - YY_BREAK -case 138: -YY_RULE_SETUP -#line 349 "util/configlexer.lex" -{ YDVAR(1, VAR_INSECURE_LAN_ZONES) } - YY_BREAK -case 139: -YY_RULE_SETUP -#line 350 "util/configlexer.lex" -{ YDVAR(1, VAR_STATISTICS_INTERVAL) } - YY_BREAK -case 140: -YY_RULE_SETUP -#line 351 "util/configlexer.lex" -{ YDVAR(1, VAR_STATISTICS_CUMULATIVE) } - YY_BREAK -case 141: -YY_RULE_SETUP -#line 352 "util/configlexer.lex" -{ YDVAR(1, VAR_EXTENDED_STATISTICS) } - YY_BREAK -case 142: -YY_RULE_SETUP -#line 353 "util/configlexer.lex" -{ YDVAR(1, VAR_SHM_ENABLE) } - YY_BREAK -case 143: -YY_RULE_SETUP -#line 354 "util/configlexer.lex" -{ YDVAR(1, VAR_SHM_KEY) } - YY_BREAK -case 144: -YY_RULE_SETUP -#line 355 "util/configlexer.lex" -{ YDVAR(0, VAR_REMOTE_CONTROL) } - YY_BREAK -case 145: -YY_RULE_SETUP -#line 356 "util/configlexer.lex" -{ YDVAR(1, VAR_CONTROL_ENABLE) } - YY_BREAK -case 146: -YY_RULE_SETUP -#line 357 "util/configlexer.lex" -{ YDVAR(1, VAR_CONTROL_INTERFACE) } - YY_BREAK -case 147: -YY_RULE_SETUP -#line 358 "util/configlexer.lex" -{ YDVAR(1, VAR_CONTROL_PORT) } - YY_BREAK -case 148: -YY_RULE_SETUP -#line 359 "util/configlexer.lex" -{ YDVAR(1, VAR_CONTROL_USE_CERT) } - YY_BREAK -case 149: -YY_RULE_SETUP -#line 360 "util/configlexer.lex" -{ YDVAR(1, VAR_SERVER_KEY_FILE) } - YY_BREAK -case 150: -YY_RULE_SETUP -#line 361 "util/configlexer.lex" -{ YDVAR(1, VAR_SERVER_CERT_FILE) } - YY_BREAK -case 151: -YY_RULE_SETUP -#line 362 "util/configlexer.lex" -{ YDVAR(1, VAR_CONTROL_KEY_FILE) } - YY_BREAK -case 152: -YY_RULE_SETUP -#line 363 "util/configlexer.lex" -{ YDVAR(1, VAR_CONTROL_CERT_FILE) } - YY_BREAK -case 153: -YY_RULE_SETUP -#line 364 "util/configlexer.lex" -{ YDVAR(1, VAR_PYTHON_SCRIPT) } - YY_BREAK -case 154: -YY_RULE_SETUP -#line 365 "util/configlexer.lex" -{ YDVAR(0, VAR_PYTHON) } - YY_BREAK -case 155: -YY_RULE_SETUP -#line 366 "util/configlexer.lex" -{ YDVAR(1, VAR_DOMAIN_INSECURE) } - YY_BREAK -case 156: -YY_RULE_SETUP -#line 367 "util/configlexer.lex" -{ YDVAR(1, VAR_MINIMAL_RESPONSES) } - YY_BREAK -case 157: -YY_RULE_SETUP -#line 368 "util/configlexer.lex" -{ YDVAR(1, VAR_RRSET_ROUNDROBIN) } - YY_BREAK -case 158: -YY_RULE_SETUP -#line 369 "util/configlexer.lex" -{ YDVAR(1, VAR_MAX_UDP_SIZE) } - YY_BREAK -case 159: -YY_RULE_SETUP -#line 370 "util/configlexer.lex" -{ YDVAR(1, VAR_DNS64_PREFIX) } - YY_BREAK -case 160: -YY_RULE_SETUP -#line 371 "util/configlexer.lex" -{ YDVAR(1, VAR_DNS64_SYNTHALL) } - YY_BREAK -case 161: -YY_RULE_SETUP -#line 372 "util/configlexer.lex" -{ YDVAR(1, VAR_DEFINE_TAG) } - YY_BREAK -case 162: -YY_RULE_SETUP -#line 373 "util/configlexer.lex" -{ YDVAR(2, VAR_LOCAL_ZONE_TAG) } - YY_BREAK -case 163: -YY_RULE_SETUP -#line 374 "util/configlexer.lex" -{ YDVAR(2, VAR_ACCESS_CONTROL_TAG) } - YY_BREAK -case 164: -YY_RULE_SETUP -#line 375 "util/configlexer.lex" -{ YDVAR(3, VAR_ACCESS_CONTROL_TAG_ACTION) } - YY_BREAK -case 165: -YY_RULE_SETUP -#line 376 "util/configlexer.lex" -{ YDVAR(3, VAR_ACCESS_CONTROL_TAG_DATA) } - YY_BREAK -case 166: -YY_RULE_SETUP -#line 377 "util/configlexer.lex" -{ YDVAR(2, VAR_ACCESS_CONTROL_VIEW) } - YY_BREAK -case 167: -YY_RULE_SETUP -#line 378 "util/configlexer.lex" -{ YDVAR(3, VAR_LOCAL_ZONE_OVERRIDE) } - YY_BREAK -case 168: -YY_RULE_SETUP -#line 379 "util/configlexer.lex" -{ YDVAR(0, VAR_DNSTAP) } - YY_BREAK -case 169: -YY_RULE_SETUP -#line 380 "util/configlexer.lex" -{ YDVAR(1, VAR_DNSTAP_ENABLE) } - YY_BREAK -case 170: -YY_RULE_SETUP -#line 381 "util/configlexer.lex" -{ YDVAR(1, VAR_DNSTAP_SOCKET_PATH) } - YY_BREAK -case 171: -YY_RULE_SETUP -#line 382 "util/configlexer.lex" -{ YDVAR(1, VAR_DNSTAP_SEND_IDENTITY) } - YY_BREAK -case 172: -YY_RULE_SETUP -#line 383 "util/configlexer.lex" -{ YDVAR(1, VAR_DNSTAP_SEND_VERSION) } - YY_BREAK -case 173: -YY_RULE_SETUP -#line 384 "util/configlexer.lex" -{ YDVAR(1, VAR_DNSTAP_IDENTITY) } - YY_BREAK -case 174: -YY_RULE_SETUP -#line 385 "util/configlexer.lex" -{ YDVAR(1, VAR_DNSTAP_VERSION) } - YY_BREAK -case 175: -YY_RULE_SETUP -#line 386 "util/configlexer.lex" -{ - YDVAR(1, VAR_DNSTAP_LOG_RESOLVER_QUERY_MESSAGES) } - YY_BREAK -case 176: -YY_RULE_SETUP -#line 388 "util/configlexer.lex" -{ - YDVAR(1, VAR_DNSTAP_LOG_RESOLVER_RESPONSE_MESSAGES) } - YY_BREAK -case 177: -YY_RULE_SETUP -#line 390 "util/configlexer.lex" -{ - YDVAR(1, VAR_DNSTAP_LOG_CLIENT_QUERY_MESSAGES) } - YY_BREAK -case 178: -YY_RULE_SETUP -#line 392 "util/configlexer.lex" -{ - YDVAR(1, VAR_DNSTAP_LOG_CLIENT_RESPONSE_MESSAGES) } - YY_BREAK -case 179: -YY_RULE_SETUP -#line 394 "util/configlexer.lex" -{ - YDVAR(1, VAR_DNSTAP_LOG_FORWARDER_QUERY_MESSAGES) } - YY_BREAK -case 180: -YY_RULE_SETUP -#line 396 "util/configlexer.lex" -{ - YDVAR(1, VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MESSAGES) } - YY_BREAK -case 181: -YY_RULE_SETUP -#line 398 "util/configlexer.lex" -{ YDVAR(1, VAR_DISABLE_DNSSEC_LAME_CHECK) } - YY_BREAK -case 182: -YY_RULE_SETUP -#line 399 "util/configlexer.lex" -{ YDVAR(1, VAR_IP_RATELIMIT) } - YY_BREAK -case 183: -YY_RULE_SETUP -#line 400 "util/configlexer.lex" -{ YDVAR(1, VAR_RATELIMIT) } - YY_BREAK -case 184: -YY_RULE_SETUP -#line 401 "util/configlexer.lex" -{ YDVAR(1, VAR_IP_RATELIMIT_SLABS) } - YY_BREAK -case 185: -YY_RULE_SETUP -#line 402 "util/configlexer.lex" -{ YDVAR(1, VAR_RATELIMIT_SLABS) } - YY_BREAK -case 186: -YY_RULE_SETUP -#line 403 "util/configlexer.lex" -{ YDVAR(1, VAR_IP_RATELIMIT_SIZE) } - YY_BREAK -case 187: -YY_RULE_SETUP -#line 404 "util/configlexer.lex" -{ YDVAR(1, VAR_RATELIMIT_SIZE) } - YY_BREAK -case 188: -YY_RULE_SETUP -#line 405 "util/configlexer.lex" -{ YDVAR(2, VAR_RATELIMIT_FOR_DOMAIN) } - YY_BREAK -case 189: -YY_RULE_SETUP -#line 406 "util/configlexer.lex" -{ YDVAR(2, VAR_RATELIMIT_BELOW_DOMAIN) } - YY_BREAK -case 190: -YY_RULE_SETUP -#line 407 "util/configlexer.lex" -{ YDVAR(1, VAR_IP_RATELIMIT_FACTOR) } - YY_BREAK -case 191: -YY_RULE_SETUP -#line 408 "util/configlexer.lex" -{ YDVAR(1, VAR_RATELIMIT_FACTOR) } - YY_BREAK -case 192: -YY_RULE_SETUP -#line 409 "util/configlexer.lex" -{ YDVAR(2, VAR_RESPONSE_IP_TAG) } - YY_BREAK -case 193: -YY_RULE_SETUP -#line 410 "util/configlexer.lex" -{ YDVAR(2, VAR_RESPONSE_IP) } - YY_BREAK -case 194: -YY_RULE_SETUP -#line 411 "util/configlexer.lex" -{ YDVAR(2, VAR_RESPONSE_IP_DATA) } - YY_BREAK -case 195: -YY_RULE_SETUP -#line 412 "util/configlexer.lex" -{ YDVAR(0, VAR_DNSCRYPT) } - YY_BREAK -case 196: -YY_RULE_SETUP -#line 413 "util/configlexer.lex" -{ YDVAR(1, VAR_DNSCRYPT_ENABLE) } - YY_BREAK -case 197: -YY_RULE_SETUP -#line 414 "util/configlexer.lex" -{ YDVAR(1, VAR_DNSCRYPT_PORT) } - YY_BREAK -case 198: -YY_RULE_SETUP -#line 415 "util/configlexer.lex" -{ YDVAR(1, VAR_DNSCRYPT_PROVIDER) } - YY_BREAK -case 199: -YY_RULE_SETUP -#line 416 "util/configlexer.lex" -{ YDVAR(1, VAR_DNSCRYPT_SECRET_KEY) } - YY_BREAK -case 200: -YY_RULE_SETUP -#line 417 "util/configlexer.lex" -{ YDVAR(1, VAR_DNSCRYPT_PROVIDER_CERT) } - YY_BREAK -case 201: -/* rule 201 can match eol */ -YY_RULE_SETUP -#line 418 "util/configlexer.lex" -{ LEXOUT(("NL\n")); cfg_parser->line++; } - YY_BREAK -/* Quoted strings. Strip leading and ending quotes */ -case 202: -YY_RULE_SETUP -#line 421 "util/configlexer.lex" -{ BEGIN(quotedstring); LEXOUT(("QS ")); } - YY_BREAK -case YY_STATE_EOF(quotedstring): -#line 422 "util/configlexer.lex" -{ - yyerror("EOF inside quoted string"); - if(--num_args == 0) { BEGIN(INITIAL); } - else { BEGIN(val); } -} - YY_BREAK -case 203: -YY_RULE_SETUP -#line 427 "util/configlexer.lex" -{ LEXOUT(("STR(%s) ", yytext)); yymore(); } - YY_BREAK -case 204: -/* rule 204 can match eol */ -YY_RULE_SETUP -#line 428 "util/configlexer.lex" -{ yyerror("newline inside quoted string, no end \""); - cfg_parser->line++; BEGIN(INITIAL); } - YY_BREAK -case 205: -YY_RULE_SETUP -#line 430 "util/configlexer.lex" -{ - LEXOUT(("QE ")); - if(--num_args == 0) { BEGIN(INITIAL); } - else { BEGIN(val); } - yytext[yyleng - 1] = '\0'; - yylval.str = strdup(yytext); - if(!yylval.str) - yyerror("out of memory"); - return STRING_ARG; -} - YY_BREAK -/* Single Quoted strings. Strip leading and ending quotes */ -case 206: -YY_RULE_SETUP -#line 442 "util/configlexer.lex" -{ BEGIN(singlequotedstr); LEXOUT(("SQS ")); } - YY_BREAK -case YY_STATE_EOF(singlequotedstr): -#line 443 "util/configlexer.lex" -{ - yyerror("EOF inside quoted string"); - if(--num_args == 0) { BEGIN(INITIAL); } - else { BEGIN(val); } -} - YY_BREAK -case 207: -YY_RULE_SETUP -#line 448 "util/configlexer.lex" -{ LEXOUT(("STR(%s) ", yytext)); yymore(); } - YY_BREAK -case 208: -/* rule 208 can match eol */ -YY_RULE_SETUP -#line 449 "util/configlexer.lex" -{ yyerror("newline inside quoted string, no end '"); - cfg_parser->line++; BEGIN(INITIAL); } - YY_BREAK -case 209: -YY_RULE_SETUP -#line 451 "util/configlexer.lex" -{ - LEXOUT(("SQE ")); - if(--num_args == 0) { BEGIN(INITIAL); } - else { BEGIN(val); } - yytext[yyleng - 1] = '\0'; - yylval.str = strdup(yytext); - if(!yylval.str) - yyerror("out of memory"); - return STRING_ARG; -} - YY_BREAK -/* include: directive */ -case 210: -YY_RULE_SETUP -#line 463 "util/configlexer.lex" -{ - LEXOUT(("v(%s) ", yytext)); inc_prev = YYSTATE; BEGIN(include); } - YY_BREAK -case YY_STATE_EOF(include): -#line 465 "util/configlexer.lex" -{ - yyerror("EOF inside include directive"); - BEGIN(inc_prev); -} - YY_BREAK -case 211: -YY_RULE_SETUP -#line 469 "util/configlexer.lex" -{ LEXOUT(("ISP ")); /* ignore */ } - YY_BREAK -case 212: -/* rule 212 can match eol */ -YY_RULE_SETUP -#line 470 "util/configlexer.lex" -{ LEXOUT(("NL\n")); cfg_parser->line++;} - YY_BREAK -case 213: -YY_RULE_SETUP -#line 471 "util/configlexer.lex" -{ LEXOUT(("IQS ")); BEGIN(include_quoted); } - YY_BREAK -case 214: -YY_RULE_SETUP -#line 472 "util/configlexer.lex" -{ - LEXOUT(("Iunquotedstr(%s) ", yytext)); - config_start_include_glob(yytext); - BEGIN(inc_prev); -} - YY_BREAK -case YY_STATE_EOF(include_quoted): -#line 477 "util/configlexer.lex" -{ - yyerror("EOF inside quoted string"); - BEGIN(inc_prev); -} - YY_BREAK -case 215: -YY_RULE_SETUP -#line 481 "util/configlexer.lex" -{ LEXOUT(("ISTR(%s) ", yytext)); yymore(); } - YY_BREAK -case 216: -/* rule 216 can match eol */ -YY_RULE_SETUP -#line 482 "util/configlexer.lex" -{ yyerror("newline before \" in include name"); - cfg_parser->line++; BEGIN(inc_prev); } - YY_BREAK -case 217: -YY_RULE_SETUP -#line 484 "util/configlexer.lex" -{ - LEXOUT(("IQE ")); - yytext[yyleng - 1] = '\0'; - config_start_include_glob(yytext); - BEGIN(inc_prev); -} - YY_BREAK -case YY_STATE_EOF(INITIAL): -case YY_STATE_EOF(val): -#line 490 "util/configlexer.lex" -{ - LEXOUT(("LEXEOF ")); - yy_set_bol(1); /* Set beginning of line, so "^" rules match. */ - if (!config_include_stack) { - yyterminate(); - } else { - fclose(yyin); - config_end_include(); - } -} - YY_BREAK -case 218: -YY_RULE_SETUP -#line 501 "util/configlexer.lex" -{ LEXOUT(("unquotedstr(%s) ", yytext)); - if(--num_args == 0) { BEGIN(INITIAL); } - yylval.str = strdup(yytext); return STRING_ARG; } - YY_BREAK -case 219: -YY_RULE_SETUP -#line 505 "util/configlexer.lex" -{ - ub_c_error_msg("unknown keyword '%s'", yytext); - } - YY_BREAK -case 220: -YY_RULE_SETUP -#line 509 "util/configlexer.lex" -{ - ub_c_error_msg("stray '%s'", yytext); - } - YY_BREAK -case 221: -YY_RULE_SETUP -#line 513 "util/configlexer.lex" -ECHO; - YY_BREAK -#line 4246 "" - - case YY_END_OF_BUFFER: - { - /* Amount of text matched not including the EOB char. */ - int yy_amount_of_matched_text = (int) (yy_cp - (yytext_ptr)) - 1; - - /* Undo the effects of YY_DO_BEFORE_ACTION. */ - *yy_cp = (yy_hold_char); - YY_RESTORE_YY_MORE_OFFSET - - if ( YY_CURRENT_BUFFER_LVALUE->yy_buffer_status == YY_BUFFER_NEW ) - { - /* We're scanning a new file or input source. It's - * possible that this happened because the user - * just pointed yyin at a new source and called - * yylex(). If so, then we have to assure - * consistency between YY_CURRENT_BUFFER and our - * globals. Here is the right place to do so, because - * this is the first action (other than possibly a - * back-up) that will match for the new input source. - */ - (yy_n_chars) = YY_CURRENT_BUFFER_LVALUE->yy_n_chars; - YY_CURRENT_BUFFER_LVALUE->yy_input_file = yyin; - YY_CURRENT_BUFFER_LVALUE->yy_buffer_status = YY_BUFFER_NORMAL; - } - - /* Note that here we test for yy_c_buf_p "<=" to the position - * of the first EOB in the buffer, since yy_c_buf_p will - * already have been incremented past the NUL character - * (since all states make transitions on EOB to the - * end-of-buffer state). Contrast this with the test - * in input(). - */ - if ( (yy_c_buf_p) <= &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars)] ) - { /* This was really a NUL. */ - yy_state_type yy_next_state; - - (yy_c_buf_p) = (yytext_ptr) + yy_amount_of_matched_text; - - yy_current_state = yy_get_previous_state( ); - - /* Okay, we're now positioned to make the NUL - * transition. We couldn't have - * yy_get_previous_state() go ahead and do it - * for us because it doesn't know how to deal - * with the possibility of jamming (and we don't - * want to build jamming into it because then it - * will run more slowly). - */ - - yy_next_state = yy_try_NUL_trans( yy_current_state ); - - yy_bp = (yytext_ptr) + YY_MORE_ADJ; - - if ( yy_next_state ) - { - /* Consume the NUL. */ - yy_cp = ++(yy_c_buf_p); - yy_current_state = yy_next_state; - goto yy_match; - } - - else - { - yy_cp = (yy_c_buf_p); - goto yy_find_action; - } - } - - else switch ( yy_get_next_buffer( ) ) - { - case EOB_ACT_END_OF_FILE: - { - (yy_did_buffer_switch_on_eof) = 0; - - if ( yywrap( ) ) - { - /* Note: because we've taken care in - * yy_get_next_buffer() to have set up - * yytext, we can now set up - * yy_c_buf_p so that if some total - * hoser (like flex itself) wants to - * call the scanner after we return the - * YY_NULL, it'll still work - another - * YY_NULL will get returned. - */ - (yy_c_buf_p) = (yytext_ptr) + YY_MORE_ADJ; - - yy_act = YY_STATE_EOF(YY_START); - goto do_action; - } - - else - { - if ( ! (yy_did_buffer_switch_on_eof) ) - YY_NEW_FILE; - } - break; - } - - case EOB_ACT_CONTINUE_SCAN: - (yy_c_buf_p) = - (yytext_ptr) + yy_amount_of_matched_text; - - yy_current_state = yy_get_previous_state( ); - - yy_cp = (yy_c_buf_p); - yy_bp = (yytext_ptr) + YY_MORE_ADJ; - goto yy_match; - - case EOB_ACT_LAST_MATCH: - (yy_c_buf_p) = - &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars)]; - - yy_current_state = yy_get_previous_state( ); - - yy_cp = (yy_c_buf_p); - yy_bp = (yytext_ptr) + YY_MORE_ADJ; - goto yy_find_action; - } - break; - } - - default: - YY_FATAL_ERROR( - "fatal flex scanner internal error--no action found" ); - } /* end of action switch */ - } /* end of scanning one token */ - } /* end of user's declarations */ -} /* end of yylex */ - -/* yy_get_next_buffer - try to read in a new buffer - * - * Returns a code representing an action: - * EOB_ACT_LAST_MATCH - - * EOB_ACT_CONTINUE_SCAN - continue scanning from current position - * EOB_ACT_END_OF_FILE - end of file - */ -static int yy_get_next_buffer (void) -{ - char *dest = YY_CURRENT_BUFFER_LVALUE->yy_ch_buf; - char *source = (yytext_ptr); - yy_size_t number_to_move, i; - int ret_val; - - if ( (yy_c_buf_p) > &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars) + 1] ) - YY_FATAL_ERROR( - "fatal flex scanner internal error--end of buffer missed" ); - - if ( YY_CURRENT_BUFFER_LVALUE->yy_fill_buffer == 0 ) - { /* Don't try to fill the buffer, so this is an EOF. */ - if ( (yy_c_buf_p) - (yytext_ptr) - YY_MORE_ADJ == 1 ) - { - /* We matched a single character, the EOB, so - * treat this as a final EOF. - */ - return EOB_ACT_END_OF_FILE; - } - - else - { - /* We matched some text prior to the EOB, first - * process it. - */ - return EOB_ACT_LAST_MATCH; - } - } - - /* Try to read more data. */ - - /* First move last chars to start of buffer. */ - number_to_move = (yy_size_t) ((yy_c_buf_p) - (yytext_ptr)) - 1; - - for ( i = 0; i < number_to_move; ++i ) - *(dest++) = *(source++); - - if ( YY_CURRENT_BUFFER_LVALUE->yy_buffer_status == YY_BUFFER_EOF_PENDING ) - /* don't do the read, it's not guaranteed to return an EOF, - * just force an EOF - */ - YY_CURRENT_BUFFER_LVALUE->yy_n_chars = (yy_n_chars) = 0; - - else - { - int num_to_read = - YY_CURRENT_BUFFER_LVALUE->yy_buf_size - number_to_move - 1; - - while ( num_to_read <= 0 ) - { /* Not enough room in the buffer - grow it. */ - - /* just a shorter name for the current buffer */ - YY_BUFFER_STATE b = YY_CURRENT_BUFFER_LVALUE; - - int yy_c_buf_p_offset = - (int) ((yy_c_buf_p) - b->yy_ch_buf); - - if ( b->yy_is_our_buffer ) - { - yy_size_t new_size = b->yy_buf_size * 2; - - if ( new_size <= 0 ) - b->yy_buf_size += b->yy_buf_size / 8; - else - b->yy_buf_size *= 2; - - b->yy_ch_buf = (char *) - /* Include room in for 2 EOB chars. */ - yyrealloc((void *) b->yy_ch_buf,b->yy_buf_size + 2 ); - } - else - /* Can't grow it, we don't own it. */ - b->yy_ch_buf = 0; - - if ( ! b->yy_ch_buf ) - YY_FATAL_ERROR( - "fatal error - scanner input buffer overflow" ); - - (yy_c_buf_p) = &b->yy_ch_buf[yy_c_buf_p_offset]; - - num_to_read = YY_CURRENT_BUFFER_LVALUE->yy_buf_size - - number_to_move - 1; - - } - - if ( num_to_read > YY_READ_BUF_SIZE ) - num_to_read = YY_READ_BUF_SIZE; - - /* Read in more data. */ - YY_INPUT( (&YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[number_to_move]), - (yy_n_chars), num_to_read ); - - YY_CURRENT_BUFFER_LVALUE->yy_n_chars = (yy_n_chars); - } - - if ( (yy_n_chars) == 0 ) - { - if ( number_to_move == YY_MORE_ADJ ) - { - ret_val = EOB_ACT_END_OF_FILE; - yyrestart(yyin ); - } - - else - { - ret_val = EOB_ACT_LAST_MATCH; - YY_CURRENT_BUFFER_LVALUE->yy_buffer_status = - YY_BUFFER_EOF_PENDING; - } - } - - else - ret_val = EOB_ACT_CONTINUE_SCAN; - - if ((yy_size_t) ((yy_n_chars) + number_to_move) > YY_CURRENT_BUFFER_LVALUE->yy_buf_size) { - /* Extend the array by 50%, plus the number we really need. */ - yy_size_t new_size = (yy_n_chars) + number_to_move + ((yy_n_chars) >> 1); - YY_CURRENT_BUFFER_LVALUE->yy_ch_buf = (char *) yyrealloc((void *) YY_CURRENT_BUFFER_LVALUE->yy_ch_buf,new_size ); - if ( ! YY_CURRENT_BUFFER_LVALUE->yy_ch_buf ) - YY_FATAL_ERROR( "out of dynamic memory in yy_get_next_buffer()" ); - } - - (yy_n_chars) += number_to_move; - YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars)] = YY_END_OF_BUFFER_CHAR; - YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars) + 1] = YY_END_OF_BUFFER_CHAR; - - (yytext_ptr) = &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[0]; - - return ret_val; -} - -/* yy_get_previous_state - get the state just before the EOB char was reached */ - - static yy_state_type yy_get_previous_state (void) -{ - yy_state_type yy_current_state; - char *yy_cp; - - yy_current_state = (yy_start); - - for ( yy_cp = (yytext_ptr) + YY_MORE_ADJ; yy_cp < (yy_c_buf_p); ++yy_cp ) - { - YY_CHAR yy_c = (*yy_cp ? yy_ec[YY_SC_TO_UI(*yy_cp)] : 1); - if ( yy_accept[yy_current_state] ) - { - (yy_last_accepting_state) = yy_current_state; - (yy_last_accepting_cpos) = yy_cp; - } - while ( yy_chk[yy_base[yy_current_state] + yy_c] != yy_current_state ) - { - yy_current_state = (int) yy_def[yy_current_state]; - if ( yy_current_state >= 2165 ) - yy_c = yy_meta[(unsigned int) yy_c]; - } - yy_current_state = yy_nxt[yy_base[yy_current_state] + (unsigned int) yy_c]; - } - - return yy_current_state; -} - -/* yy_try_NUL_trans - try to make a transition on the NUL character - * - * synopsis - * next_state = yy_try_NUL_trans( current_state ); - */ - static yy_state_type yy_try_NUL_trans (yy_state_type yy_current_state ) -{ - int yy_is_jam; - char *yy_cp = (yy_c_buf_p); - - YY_CHAR yy_c = 1; - if ( yy_accept[yy_current_state] ) - { - (yy_last_accepting_state) = yy_current_state; - (yy_last_accepting_cpos) = yy_cp; - } - while ( yy_chk[yy_base[yy_current_state] + yy_c] != yy_current_state ) - { - yy_current_state = (int) yy_def[yy_current_state]; - if ( yy_current_state >= 2165 ) - yy_c = yy_meta[(unsigned int) yy_c]; - } - yy_current_state = yy_nxt[yy_base[yy_current_state] + (unsigned int) yy_c]; - yy_is_jam = (yy_current_state == 2164); - - return yy_is_jam ? 0 : yy_current_state; -} - -#ifndef YY_NO_UNPUT - -#endif - -#ifndef YY_NO_INPUT -#ifdef __cplusplus - static int yyinput (void) -#else - static int input (void) -#endif - -{ - int c; - - *(yy_c_buf_p) = (yy_hold_char); - - if ( *(yy_c_buf_p) == YY_END_OF_BUFFER_CHAR ) - { - /* yy_c_buf_p now points to the character we want to return. - * If this occurs *before* the EOB characters, then it's a - * valid NUL; if not, then we've hit the end of the buffer. - */ - if ( (yy_c_buf_p) < &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars)] ) - /* This was really a NUL. */ - *(yy_c_buf_p) = '\0'; - - else - { /* need more input */ - yy_size_t offset = (yy_c_buf_p) - (yytext_ptr); - ++(yy_c_buf_p); - - switch ( yy_get_next_buffer( ) ) - { - case EOB_ACT_LAST_MATCH: - /* This happens because yy_g_n_b() - * sees that we've accumulated a - * token and flags that we need to - * try matching the token before - * proceeding. But for input(), - * there's no matching to consider. - * So convert the EOB_ACT_LAST_MATCH - * to EOB_ACT_END_OF_FILE. - */ - - /* Reset buffer status. */ - yyrestart(yyin ); - - /*FALLTHROUGH*/ - - case EOB_ACT_END_OF_FILE: - { - if ( yywrap( ) ) - return EOF; - - if ( ! (yy_did_buffer_switch_on_eof) ) - YY_NEW_FILE; -#ifdef __cplusplus - return yyinput(); -#else - return input(); -#endif - } - - case EOB_ACT_CONTINUE_SCAN: - (yy_c_buf_p) = (yytext_ptr) + offset; - break; - } - } - } - - c = *(unsigned char *) (yy_c_buf_p); /* cast for 8-bit char's */ - *(yy_c_buf_p) = '\0'; /* preserve yytext */ - (yy_hold_char) = *++(yy_c_buf_p); - - return c; -} -#endif /* ifndef YY_NO_INPUT */ - -/** Immediately switch to a different input stream. - * @param input_file A readable stream. - * - * @note This function does not reset the start condition to @c INITIAL . - */ - void yyrestart (FILE * input_file ) -{ - - if ( ! YY_CURRENT_BUFFER ){ - yyensure_buffer_stack (); - YY_CURRENT_BUFFER_LVALUE = - yy_create_buffer(yyin,YY_BUF_SIZE ); - } - - yy_init_buffer(YY_CURRENT_BUFFER,input_file ); - yy_load_buffer_state( ); -} - -/** Switch to a different input buffer. - * @param new_buffer The new input buffer. - * - */ - void yy_switch_to_buffer (YY_BUFFER_STATE new_buffer ) -{ - - /* TODO. We should be able to replace this entire function body - * with - * yypop_buffer_state(); - * yypush_buffer_state(new_buffer); - */ - yyensure_buffer_stack (); - if ( YY_CURRENT_BUFFER == new_buffer ) - return; - - if ( YY_CURRENT_BUFFER ) - { - /* Flush out information for old buffer. */ - *(yy_c_buf_p) = (yy_hold_char); - YY_CURRENT_BUFFER_LVALUE->yy_buf_pos = (yy_c_buf_p); - YY_CURRENT_BUFFER_LVALUE->yy_n_chars = (yy_n_chars); - } - - YY_CURRENT_BUFFER_LVALUE = new_buffer; - yy_load_buffer_state( ); - - /* We don't actually know whether we did this switch during - * EOF (yywrap()) processing, but the only time this flag - * is looked at is after yywrap() is called, so it's safe - * to go ahead and always set it. - */ - (yy_did_buffer_switch_on_eof) = 1; -} - -static void yy_load_buffer_state (void) -{ - (yy_n_chars) = YY_CURRENT_BUFFER_LVALUE->yy_n_chars; - (yytext_ptr) = (yy_c_buf_p) = YY_CURRENT_BUFFER_LVALUE->yy_buf_pos; - yyin = YY_CURRENT_BUFFER_LVALUE->yy_input_file; - (yy_hold_char) = *(yy_c_buf_p); -} - -/** Allocate and initialize an input buffer state. - * @param file A readable stream. - * @param size The character buffer size in bytes. When in doubt, use @c YY_BUF_SIZE. - * - * @return the allocated buffer state. - */ - YY_BUFFER_STATE yy_create_buffer (FILE * file, int size ) -{ - YY_BUFFER_STATE b; - - b = (YY_BUFFER_STATE) yyalloc(sizeof( struct yy_buffer_state ) ); - if ( ! b ) - YY_FATAL_ERROR( "out of dynamic memory in yy_create_buffer()" ); - - b->yy_buf_size = (yy_size_t)size; - - /* yy_ch_buf has to be 2 characters longer than the size given because - * we need to put in 2 end-of-buffer characters. - */ - b->yy_ch_buf = (char *) yyalloc(b->yy_buf_size + 2 ); - if ( ! b->yy_ch_buf ) - YY_FATAL_ERROR( "out of dynamic memory in yy_create_buffer()" ); - - b->yy_is_our_buffer = 1; - - yy_init_buffer(b,file ); - - return b; -} - -/** Destroy the buffer. - * @param b a buffer created with yy_create_buffer() - * - */ - void yy_delete_buffer (YY_BUFFER_STATE b ) -{ - - if ( ! b ) - return; - - if ( b == YY_CURRENT_BUFFER ) /* Not sure if we should pop here. */ - YY_CURRENT_BUFFER_LVALUE = (YY_BUFFER_STATE) 0; - - if ( b->yy_is_our_buffer ) - yyfree((void *) b->yy_ch_buf ); - - yyfree((void *) b ); -} - -/* Initializes or reinitializes a buffer. - * This function is sometimes called more than once on the same buffer, - * such as during a yyrestart() or at EOF. - */ - static void yy_init_buffer (YY_BUFFER_STATE b, FILE * file ) - -{ - int oerrno = errno; - - yy_flush_buffer(b ); - - b->yy_input_file = file; - b->yy_fill_buffer = 1; - - /* If b is the current buffer, then yy_init_buffer was _probably_ - * called from yyrestart() or through yy_get_next_buffer. - * In that case, we don't want to reset the lineno or column. - */ - if (b != YY_CURRENT_BUFFER){ - b->yy_bs_lineno = 1; - b->yy_bs_column = 0; - } - - b->yy_is_interactive = file ? (isatty( fileno(file) ) > 0) : 0; - - errno = oerrno; -} - -/** Discard all buffered characters. On the next scan, YY_INPUT will be called. - * @param b the buffer state to be flushed, usually @c YY_CURRENT_BUFFER. - * - */ - void yy_flush_buffer (YY_BUFFER_STATE b ) -{ - if ( ! b ) - return; - - b->yy_n_chars = 0; - - /* We always need two end-of-buffer characters. The first causes - * a transition to the end-of-buffer state. The second causes - * a jam in that state. - */ - b->yy_ch_buf[0] = YY_END_OF_BUFFER_CHAR; - b->yy_ch_buf[1] = YY_END_OF_BUFFER_CHAR; - - b->yy_buf_pos = &b->yy_ch_buf[0]; - - b->yy_at_bol = 1; - b->yy_buffer_status = YY_BUFFER_NEW; - - if ( b == YY_CURRENT_BUFFER ) - yy_load_buffer_state( ); -} - -/** Pushes the new state onto the stack. The new state becomes - * the current state. This function will allocate the stack - * if necessary. - * @param new_buffer The new state. - * - */ -void yypush_buffer_state (YY_BUFFER_STATE new_buffer ) -{ - if (new_buffer == NULL) - return; - - yyensure_buffer_stack(); - - /* This block is copied from yy_switch_to_buffer. */ - if ( YY_CURRENT_BUFFER ) - { - /* Flush out information for old buffer. */ - *(yy_c_buf_p) = (yy_hold_char); - YY_CURRENT_BUFFER_LVALUE->yy_buf_pos = (yy_c_buf_p); - YY_CURRENT_BUFFER_LVALUE->yy_n_chars = (yy_n_chars); - } - - /* Only push if top exists. Otherwise, replace top. */ - if (YY_CURRENT_BUFFER) - (yy_buffer_stack_top)++; - YY_CURRENT_BUFFER_LVALUE = new_buffer; - - /* copied from yy_switch_to_buffer. */ - yy_load_buffer_state( ); - (yy_did_buffer_switch_on_eof) = 1; -} - -/** Removes and deletes the top of the stack, if present. - * The next element becomes the new top. - * - */ -void yypop_buffer_state (void) -{ - if (!YY_CURRENT_BUFFER) - return; - - yy_delete_buffer(YY_CURRENT_BUFFER ); - YY_CURRENT_BUFFER_LVALUE = NULL; - if ((yy_buffer_stack_top) > 0) - --(yy_buffer_stack_top); - - if (YY_CURRENT_BUFFER) { - yy_load_buffer_state( ); - (yy_did_buffer_switch_on_eof) = 1; - } -} - -/* Allocates the stack if it does not exist. - * Guarantees space for at least one push. - */ -static void yyensure_buffer_stack (void) -{ - yy_size_t num_to_alloc; - - if (!(yy_buffer_stack)) { - - /* First allocation is just for 2 elements, since we don't know if this - * scanner will even need a stack. We use 2 instead of 1 to avoid an - * immediate realloc on the next call. - */ - num_to_alloc = 1; /* After all that talk, this was set to 1 anyways... */ - (yy_buffer_stack) = (struct yy_buffer_state**)yyalloc - (num_to_alloc * sizeof(struct yy_buffer_state*) - ); - if ( ! (yy_buffer_stack) ) - YY_FATAL_ERROR( "out of dynamic memory in yyensure_buffer_stack()" ); - - memset((yy_buffer_stack), 0, num_to_alloc * sizeof(struct yy_buffer_state*)); - - (yy_buffer_stack_max) = num_to_alloc; - (yy_buffer_stack_top) = 0; - return; - } - - if ((yy_buffer_stack_top) >= ((yy_buffer_stack_max)) - 1){ - - /* Increase the buffer to prepare for a possible push. */ - yy_size_t grow_size = 8 /* arbitrary grow size */; - - num_to_alloc = (yy_buffer_stack_max) + grow_size; - (yy_buffer_stack) = (struct yy_buffer_state**)yyrealloc - ((yy_buffer_stack), - num_to_alloc * sizeof(struct yy_buffer_state*) - ); - if ( ! (yy_buffer_stack) ) - YY_FATAL_ERROR( "out of dynamic memory in yyensure_buffer_stack()" ); - - /* zero only the new slots.*/ - memset((yy_buffer_stack) + (yy_buffer_stack_max), 0, grow_size * sizeof(struct yy_buffer_state*)); - (yy_buffer_stack_max) = num_to_alloc; - } -} - -/** Setup the input buffer state to scan directly from a user-specified character buffer. - * @param base the character buffer - * @param size the size in bytes of the character buffer - * - * @return the newly allocated buffer state object. - */ -YY_BUFFER_STATE yy_scan_buffer (char * base, yy_size_t size ) -{ - YY_BUFFER_STATE b; - - if ( size < 2 || - base[size-2] != YY_END_OF_BUFFER_CHAR || - base[size-1] != YY_END_OF_BUFFER_CHAR ) - /* They forgot to leave room for the EOB's. */ - return 0; - - b = (YY_BUFFER_STATE) yyalloc(sizeof( struct yy_buffer_state ) ); - if ( ! b ) - YY_FATAL_ERROR( "out of dynamic memory in yy_scan_buffer()" ); - - b->yy_buf_size = size - 2; /* "- 2" to take care of EOB's */ - b->yy_buf_pos = b->yy_ch_buf = base; - b->yy_is_our_buffer = 0; - b->yy_input_file = 0; - b->yy_n_chars = b->yy_buf_size; - b->yy_is_interactive = 0; - b->yy_at_bol = 1; - b->yy_fill_buffer = 0; - b->yy_buffer_status = YY_BUFFER_NEW; - - yy_switch_to_buffer(b ); - - return b; -} - -/** Setup the input buffer state to scan a string. The next call to yylex() will - * scan from a @e copy of @a str. - * @param yystr a NUL-terminated string to scan - * - * @return the newly allocated buffer state object. - * @note If you want to scan bytes that may contain NUL values, then use - * yy_scan_bytes() instead. - */ -YY_BUFFER_STATE yy_scan_string (yyconst char * yystr ) -{ - - return yy_scan_bytes(yystr,strlen(yystr) ); -} - -/** Setup the input buffer state to scan the given bytes. The next call to yylex() will - * scan from a @e copy of @a bytes. - * @param yybytes the byte buffer to scan - * @param _yybytes_len the number of bytes in the buffer pointed to by @a bytes. - * - * @return the newly allocated buffer state object. - */ -YY_BUFFER_STATE yy_scan_bytes (yyconst char * yybytes, yy_size_t _yybytes_len ) -{ - YY_BUFFER_STATE b; - char *buf; - yy_size_t n; - yy_size_t i; - - /* Get memory for full buffer, including space for trailing EOB's. */ - n = _yybytes_len + 2; - buf = (char *) yyalloc(n ); - if ( ! buf ) - YY_FATAL_ERROR( "out of dynamic memory in yy_scan_bytes()" ); - - for ( i = 0; i < _yybytes_len; ++i ) - buf[i] = yybytes[i]; - - buf[_yybytes_len] = buf[_yybytes_len+1] = YY_END_OF_BUFFER_CHAR; - - b = yy_scan_buffer(buf,n ); - if ( ! b ) - YY_FATAL_ERROR( "bad buffer in yy_scan_bytes()" ); - - /* It's okay to grow etc. this buffer, and we should throw it - * away when we're done. - */ - b->yy_is_our_buffer = 1; - - return b; -} - -#ifndef YY_EXIT_FAILURE -#define YY_EXIT_FAILURE 2 -#endif - -static void yy_fatal_error (yyconst char* msg ) -{ - (void) fprintf( stderr, "%s\n", msg ); - exit( YY_EXIT_FAILURE ); -} - -/* Redefine yyless() so it works in section 3 code. */ - -#undef yyless -#define yyless(n) \ - do \ - { \ - /* Undo effects of setting up yytext. */ \ - yy_size_t yyless_macro_arg = (n); \ - YY_LESS_LINENO(yyless_macro_arg);\ - yytext[yyleng] = (yy_hold_char); \ - (yy_c_buf_p) = yytext + yyless_macro_arg; \ - (yy_hold_char) = *(yy_c_buf_p); \ - *(yy_c_buf_p) = '\0'; \ - yyleng = yyless_macro_arg; \ - } \ - while ( 0 ) - -/* Accessor methods (get/set functions) to struct members. */ - -/** Get the current line number. - * - */ -int yyget_lineno (void) -{ - - return yylineno; -} - -/** Get the input stream. - * - */ -FILE *yyget_in (void) -{ - return yyin; -} - -/** Get the output stream. - * - */ -FILE *yyget_out (void) -{ - return yyout; -} - -/** Get the length of the current token. - * - */ -yy_size_t yyget_leng (void) -{ - return yyleng; -} - -/** Get the current token. - * - */ - -char *yyget_text (void) -{ - return yytext; -} - -/** Set the current line number. - * @param _line_number line number - * - */ -void yyset_lineno (int _line_number ) -{ - - yylineno = _line_number; -} - -/** Set the input stream. This does not discard the current - * input buffer. - * @param _in_str A readable stream. - * - * @see yy_switch_to_buffer - */ -void yyset_in (FILE * _in_str ) -{ - yyin = _in_str ; -} - -void yyset_out (FILE * _out_str ) -{ - yyout = _out_str ; -} - -int yyget_debug (void) -{ - return yy_flex_debug; -} - -void yyset_debug (int _bdebug ) -{ - yy_flex_debug = _bdebug ; -} - -static int yy_init_globals (void) -{ - /* Initialization is the same as for the non-reentrant scanner. - * This function is called from yylex_destroy(), so don't allocate here. - */ - - (yy_buffer_stack) = 0; - (yy_buffer_stack_top) = 0; - (yy_buffer_stack_max) = 0; - (yy_c_buf_p) = (char *) 0; - (yy_init) = 0; - (yy_start) = 0; - -/* Defined in main.c */ -#ifdef YY_STDINIT - yyin = stdin; - yyout = stdout; -#else - yyin = (FILE *) 0; - yyout = (FILE *) 0; -#endif - - /* For future reference: Set errno on error, since we are called by - * yylex_init() - */ - return 0; -} - -/* yylex_destroy is for both reentrant and non-reentrant scanners. */ -int yylex_destroy (void) -{ - - /* Pop the buffer stack, destroying each element. */ - while(YY_CURRENT_BUFFER){ - yy_delete_buffer(YY_CURRENT_BUFFER ); - YY_CURRENT_BUFFER_LVALUE = NULL; - yypop_buffer_state(); - } - - /* Destroy the stack itself. */ - yyfree((yy_buffer_stack) ); - (yy_buffer_stack) = NULL; - - /* Reset the globals. This is important in a non-reentrant scanner so the next time - * yylex() is called, initialization will occur. */ - yy_init_globals( ); - - return 0; -} - -/* - * Internal utility routines. - */ - -#ifndef yytext_ptr -static void yy_flex_strncpy (char* s1, yyconst char * s2, int n ) -{ - - int i; - for ( i = 0; i < n; ++i ) - s1[i] = s2[i]; -} -#endif - -#ifdef YY_NEED_STRLEN -static int yy_flex_strlen (yyconst char * s ) -{ - int n; - for ( n = 0; s[n]; ++n ) - ; - - return n; -} -#endif - -void *yyalloc (yy_size_t size ) -{ - return (void *) malloc( size ); -} - -void *yyrealloc (void * ptr, yy_size_t size ) -{ - - /* The cast to (char *) in the following accommodates both - * implementations that use char* generic pointers, and those - * that use void* generic pointers. It works with the latter - * because both ANSI C and C++ allow castless assignment from - * any pointer type to void*, and deal with argument conversions - * as though doing an assignment. - */ - return (void *) realloc( (char *) ptr, size ); -} - -void yyfree (void * ptr ) -{ - free( (char *) ptr ); /* see yyrealloc() for (char *) cast */ -} - -#define YYTABLES_NAME "yytables" - -#line 513 "util/configlexer.lex" - - - diff --git a/external/unbound/util/configlexer.lex b/external/unbound/util/configlexer.lex deleted file mode 100644 index a6323f2c1..000000000 --- a/external/unbound/util/configlexer.lex +++ /dev/null @@ -1,513 +0,0 @@ -%{ -/* - * configlexer.lex - lexical analyzer for unbound config file - * - * Copyright (c) 2001-2006, NLnet Labs. All rights reserved - * - * See LICENSE for the license. - * - */ - -/* because flex keeps having sign-unsigned compare problems that are unfixed*/ -#if defined(__clang__)||(defined(__GNUC__)&&((__GNUC__ >4)||(defined(__GNUC_MINOR__)&&(__GNUC__ ==4)&&(__GNUC_MINOR__ >=2)))) -#pragma GCC diagnostic ignored "-Wsign-compare" -#endif - -#include -#include -#include -#ifdef HAVE_GLOB_H -# include -#endif - -#include "util/config_file.h" -#include "util/configparser.h" -void ub_c_error(const char *message); - -#if 0 -#define LEXOUT(s) printf s /* used ONLY when debugging */ -#else -#define LEXOUT(s) -#endif - -/** avoid warning in about fwrite return value */ -#define ECHO ub_c_error_msg("syntax error at text: %s", yytext) - -/** A parser variable, this is a statement in the config file which is - * of the form variable: value1 value2 ... nargs is the number of values. */ -#define YDVAR(nargs, var) \ - num_args=(nargs); \ - LEXOUT(("v(%s%d) ", yytext, num_args)); \ - if(num_args > 0) { BEGIN(val); } \ - return (var); - -struct inc_state { - char* filename; - int line; - YY_BUFFER_STATE buffer; - struct inc_state* next; -}; -static struct inc_state* config_include_stack = NULL; -static int inc_depth = 0; -static int inc_prev = 0; -static int num_args = 0; - -void init_cfg_parse(void) -{ - config_include_stack = NULL; - inc_depth = 0; - inc_prev = 0; - num_args = 0; -} - -static void config_start_include(const char* filename) -{ - FILE *input; - struct inc_state* s; - char* nm; - if(inc_depth++ > 100000) { - ub_c_error_msg("too many include files"); - return; - } - if(*filename == '\0') { - ub_c_error_msg("empty include file name"); - return; - } - s = (struct inc_state*)malloc(sizeof(*s)); - if(!s) { - ub_c_error_msg("include %s: malloc failure", filename); - return; - } - if(cfg_parser->chroot && strncmp(filename, cfg_parser->chroot, - strlen(cfg_parser->chroot)) == 0) { - filename += strlen(cfg_parser->chroot); - } - nm = strdup(filename); - if(!nm) { - ub_c_error_msg("include %s: strdup failure", filename); - free(s); - return; - } - input = fopen(filename, "r"); - if(!input) { - ub_c_error_msg("cannot open include file '%s': %s", - filename, strerror(errno)); - free(s); - free(nm); - return; - } - LEXOUT(("switch_to_include_file(%s)\n", filename)); - s->filename = cfg_parser->filename; - s->line = cfg_parser->line; - s->buffer = YY_CURRENT_BUFFER; - s->next = config_include_stack; - config_include_stack = s; - cfg_parser->filename = nm; - cfg_parser->line = 1; - yy_switch_to_buffer(yy_create_buffer(input, YY_BUF_SIZE)); -} - -static void config_start_include_glob(const char* filename) -{ - - /* check for wildcards */ -#ifdef HAVE_GLOB - glob_t g; - size_t i; - int r, flags; - if(!(!strchr(filename, '*') && !strchr(filename, '?') && !strchr(filename, '[') && - !strchr(filename, '{') && !strchr(filename, '~'))) { - flags = 0 -#ifdef GLOB_ERR - | GLOB_ERR -#endif -#ifdef GLOB_NOSORT - | GLOB_NOSORT -#endif -#ifdef GLOB_BRACE - | GLOB_BRACE -#endif -#ifdef GLOB_TILDE - | GLOB_TILDE -#endif - ; - memset(&g, 0, sizeof(g)); - if(cfg_parser->chroot && strncmp(filename, cfg_parser->chroot, - strlen(cfg_parser->chroot)) == 0) { - filename += strlen(cfg_parser->chroot); - } - r = glob(filename, flags, NULL, &g); - if(r) { - /* some error */ - globfree(&g); - if(r == GLOB_NOMATCH) - return; /* no matches for pattern */ - config_start_include(filename); /* let original deal with it */ - return; - } - /* process files found, if any */ - for(i=0; i<(size_t)g.gl_pathc; i++) { - config_start_include(g.gl_pathv[i]); - } - globfree(&g); - return; - } -#endif /* HAVE_GLOB */ - - config_start_include(filename); -} - -static void config_end_include(void) -{ - struct inc_state* s = config_include_stack; - --inc_depth; - if(!s) return; - free(cfg_parser->filename); - cfg_parser->filename = s->filename; - cfg_parser->line = s->line; - yy_delete_buffer(YY_CURRENT_BUFFER); - yy_switch_to_buffer(s->buffer); - config_include_stack = s->next; - free(s); -} - -#ifndef yy_set_bol /* compat definition, for flex 2.4.6 */ -#define yy_set_bol(at_bol) \ - { \ - if ( ! yy_current_buffer ) \ - yy_current_buffer = yy_create_buffer( yyin, YY_BUF_SIZE ); \ - yy_current_buffer->yy_ch_buf[0] = ((at_bol)?'\n':' '); \ - } -#endif - -%} -%option noinput -%option nounput -%{ -#ifndef YY_NO_UNPUT -#define YY_NO_UNPUT 1 -#endif -#ifndef YY_NO_INPUT -#define YY_NO_INPUT 1 -#endif -%} - -SPACE [ \t] -LETTER [a-zA-Z] -UNQUOTEDLETTER [^\'\"\n\r \t\\]|\\. -UNQUOTEDLETTER_NOCOLON [^\:\'\"\n\r \t\\]|\\. -NEWLINE [\r\n] -COMMENT \# -COLON \: -DQANY [^\"\n\r\\]|\\. -SQANY [^\'\n\r\\]|\\. - -%x quotedstring singlequotedstr include include_quoted val - -%% -{SPACE}* { - LEXOUT(("SP ")); /* ignore */ } -{SPACE}*{COMMENT}.* { - /* note that flex makes the longest match and '.' is any but not nl */ - LEXOUT(("comment(%s) ", yytext)); /* ignore */ } -server{COLON} { YDVAR(0, VAR_SERVER) } -qname-minimisation{COLON} { YDVAR(1, VAR_QNAME_MINIMISATION) } -qname-minimisation-strict{COLON} { YDVAR(1, VAR_QNAME_MINIMISATION_STRICT) } -num-threads{COLON} { YDVAR(1, VAR_NUM_THREADS) } -verbosity{COLON} { YDVAR(1, VAR_VERBOSITY) } -port{COLON} { YDVAR(1, VAR_PORT) } -outgoing-range{COLON} { YDVAR(1, VAR_OUTGOING_RANGE) } -outgoing-port-permit{COLON} { YDVAR(1, VAR_OUTGOING_PORT_PERMIT) } -outgoing-port-avoid{COLON} { YDVAR(1, VAR_OUTGOING_PORT_AVOID) } -outgoing-num-tcp{COLON} { YDVAR(1, VAR_OUTGOING_NUM_TCP) } -incoming-num-tcp{COLON} { YDVAR(1, VAR_INCOMING_NUM_TCP) } -do-ip4{COLON} { YDVAR(1, VAR_DO_IP4) } -do-ip6{COLON} { YDVAR(1, VAR_DO_IP6) } -prefer-ip6{COLON} { YDVAR(1, VAR_PREFER_IP6) } -do-udp{COLON} { YDVAR(1, VAR_DO_UDP) } -do-tcp{COLON} { YDVAR(1, VAR_DO_TCP) } -tcp-upstream{COLON} { YDVAR(1, VAR_TCP_UPSTREAM) } -tcp-mss{COLON} { YDVAR(1, VAR_TCP_MSS) } -outgoing-tcp-mss{COLON} { YDVAR(1, VAR_OUTGOING_TCP_MSS) } -ssl-upstream{COLON} { YDVAR(1, VAR_SSL_UPSTREAM) } -ssl-service-key{COLON} { YDVAR(1, VAR_SSL_SERVICE_KEY) } -ssl-service-pem{COLON} { YDVAR(1, VAR_SSL_SERVICE_PEM) } -ssl-port{COLON} { YDVAR(1, VAR_SSL_PORT) } -use-systemd{COLON} { YDVAR(1, VAR_USE_SYSTEMD) } -do-daemonize{COLON} { YDVAR(1, VAR_DO_DAEMONIZE) } -interface{COLON} { YDVAR(1, VAR_INTERFACE) } -ip-address{COLON} { YDVAR(1, VAR_INTERFACE) } -outgoing-interface{COLON} { YDVAR(1, VAR_OUTGOING_INTERFACE) } -interface-automatic{COLON} { YDVAR(1, VAR_INTERFACE_AUTOMATIC) } -so-rcvbuf{COLON} { YDVAR(1, VAR_SO_RCVBUF) } -so-sndbuf{COLON} { YDVAR(1, VAR_SO_SNDBUF) } -so-reuseport{COLON} { YDVAR(1, VAR_SO_REUSEPORT) } -ip-transparent{COLON} { YDVAR(1, VAR_IP_TRANSPARENT) } -ip-freebind{COLON} { YDVAR(1, VAR_IP_FREEBIND) } -chroot{COLON} { YDVAR(1, VAR_CHROOT) } -username{COLON} { YDVAR(1, VAR_USERNAME) } -directory{COLON} { YDVAR(1, VAR_DIRECTORY) } -logfile{COLON} { YDVAR(1, VAR_LOGFILE) } -pidfile{COLON} { YDVAR(1, VAR_PIDFILE) } -root-hints{COLON} { YDVAR(1, VAR_ROOT_HINTS) } -edns-buffer-size{COLON} { YDVAR(1, VAR_EDNS_BUFFER_SIZE) } -msg-buffer-size{COLON} { YDVAR(1, VAR_MSG_BUFFER_SIZE) } -msg-cache-size{COLON} { YDVAR(1, VAR_MSG_CACHE_SIZE) } -msg-cache-slabs{COLON} { YDVAR(1, VAR_MSG_CACHE_SLABS) } -rrset-cache-size{COLON} { YDVAR(1, VAR_RRSET_CACHE_SIZE) } -rrset-cache-slabs{COLON} { YDVAR(1, VAR_RRSET_CACHE_SLABS) } -cache-max-ttl{COLON} { YDVAR(1, VAR_CACHE_MAX_TTL) } -cache-max-negative-ttl{COLON} { YDVAR(1, VAR_CACHE_MAX_NEGATIVE_TTL) } -cache-min-ttl{COLON} { YDVAR(1, VAR_CACHE_MIN_TTL) } -infra-host-ttl{COLON} { YDVAR(1, VAR_INFRA_HOST_TTL) } -infra-lame-ttl{COLON} { YDVAR(1, VAR_INFRA_LAME_TTL) } -infra-cache-slabs{COLON} { YDVAR(1, VAR_INFRA_CACHE_SLABS) } -infra-cache-numhosts{COLON} { YDVAR(1, VAR_INFRA_CACHE_NUMHOSTS) } -infra-cache-lame-size{COLON} { YDVAR(1, VAR_INFRA_CACHE_LAME_SIZE) } -infra-cache-min-rtt{COLON} { YDVAR(1, VAR_INFRA_CACHE_MIN_RTT) } -num-queries-per-thread{COLON} { YDVAR(1, VAR_NUM_QUERIES_PER_THREAD) } -jostle-timeout{COLON} { YDVAR(1, VAR_JOSTLE_TIMEOUT) } -delay-close{COLON} { YDVAR(1, VAR_DELAY_CLOSE) } -target-fetch-policy{COLON} { YDVAR(1, VAR_TARGET_FETCH_POLICY) } -harden-short-bufsize{COLON} { YDVAR(1, VAR_HARDEN_SHORT_BUFSIZE) } -harden-large-queries{COLON} { YDVAR(1, VAR_HARDEN_LARGE_QUERIES) } -harden-glue{COLON} { YDVAR(1, VAR_HARDEN_GLUE) } -harden-dnssec-stripped{COLON} { YDVAR(1, VAR_HARDEN_DNSSEC_STRIPPED) } -harden-below-nxdomain{COLON} { YDVAR(1, VAR_HARDEN_BELOW_NXDOMAIN) } -harden-referral-path{COLON} { YDVAR(1, VAR_HARDEN_REFERRAL_PATH) } -harden-algo-downgrade{COLON} { YDVAR(1, VAR_HARDEN_ALGO_DOWNGRADE) } -use-caps-for-id{COLON} { YDVAR(1, VAR_USE_CAPS_FOR_ID) } -caps-whitelist{COLON} { YDVAR(1, VAR_CAPS_WHITELIST) } -unwanted-reply-threshold{COLON} { YDVAR(1, VAR_UNWANTED_REPLY_THRESHOLD) } -private-address{COLON} { YDVAR(1, VAR_PRIVATE_ADDRESS) } -private-domain{COLON} { YDVAR(1, VAR_PRIVATE_DOMAIN) } -prefetch-key{COLON} { YDVAR(1, VAR_PREFETCH_KEY) } -prefetch{COLON} { YDVAR(1, VAR_PREFETCH) } -stub-zone{COLON} { YDVAR(0, VAR_STUB_ZONE) } -name{COLON} { YDVAR(1, VAR_NAME) } -stub-addr{COLON} { YDVAR(1, VAR_STUB_ADDR) } -stub-host{COLON} { YDVAR(1, VAR_STUB_HOST) } -stub-prime{COLON} { YDVAR(1, VAR_STUB_PRIME) } -stub-first{COLON} { YDVAR(1, VAR_STUB_FIRST) } -stub-ssl-upstream{COLON} { YDVAR(1, VAR_STUB_SSL_UPSTREAM) } -forward-zone{COLON} { YDVAR(0, VAR_FORWARD_ZONE) } -forward-addr{COLON} { YDVAR(1, VAR_FORWARD_ADDR) } -forward-host{COLON} { YDVAR(1, VAR_FORWARD_HOST) } -forward-first{COLON} { YDVAR(1, VAR_FORWARD_FIRST) } -forward-ssl-upstream{COLON} { YDVAR(1, VAR_FORWARD_SSL_UPSTREAM) } -view{COLON} { YDVAR(0, VAR_VIEW) } -view-first{COLON} { YDVAR(1, VAR_VIEW_FIRST) } -do-not-query-address{COLON} { YDVAR(1, VAR_DO_NOT_QUERY_ADDRESS) } -do-not-query-localhost{COLON} { YDVAR(1, VAR_DO_NOT_QUERY_LOCALHOST) } -access-control{COLON} { YDVAR(2, VAR_ACCESS_CONTROL) } -send-client-subnet{COLON} { YDVAR(1, VAR_SEND_CLIENT_SUBNET) } -client-subnet-always-forward{COLON} { YDVAR(1, VAR_CLIENT_SUBNET_ALWAYS_FORWARD) } -client-subnet-opcode{COLON} { YDVAR(1, VAR_CLIENT_SUBNET_OPCODE) } -max-client-subnet-ipv4{COLON} { YDVAR(1, VAR_MAX_CLIENT_SUBNET_IPV4) } -max-client-subnet-ipv6{COLON} { YDVAR(1, VAR_MAX_CLIENT_SUBNET_IPV6) } -hide-identity{COLON} { YDVAR(1, VAR_HIDE_IDENTITY) } -hide-version{COLON} { YDVAR(1, VAR_HIDE_VERSION) } -hide-trustanchor{COLON} { YDVAR(1, VAR_HIDE_TRUSTANCHOR) } -identity{COLON} { YDVAR(1, VAR_IDENTITY) } -version{COLON} { YDVAR(1, VAR_VERSION) } -module-config{COLON} { YDVAR(1, VAR_MODULE_CONF) } -dlv-anchor{COLON} { YDVAR(1, VAR_DLV_ANCHOR) } -dlv-anchor-file{COLON} { YDVAR(1, VAR_DLV_ANCHOR_FILE) } -trust-anchor-file{COLON} { YDVAR(1, VAR_TRUST_ANCHOR_FILE) } -auto-trust-anchor-file{COLON} { YDVAR(1, VAR_AUTO_TRUST_ANCHOR_FILE) } -trusted-keys-file{COLON} { YDVAR(1, VAR_TRUSTED_KEYS_FILE) } -trust-anchor{COLON} { YDVAR(1, VAR_TRUST_ANCHOR) } -val-override-date{COLON} { YDVAR(1, VAR_VAL_OVERRIDE_DATE) } -val-sig-skew-min{COLON} { YDVAR(1, VAR_VAL_SIG_SKEW_MIN) } -val-sig-skew-max{COLON} { YDVAR(1, VAR_VAL_SIG_SKEW_MAX) } -val-bogus-ttl{COLON} { YDVAR(1, VAR_BOGUS_TTL) } -val-clean-additional{COLON} { YDVAR(1, VAR_VAL_CLEAN_ADDITIONAL) } -val-permissive-mode{COLON} { YDVAR(1, VAR_VAL_PERMISSIVE_MODE) } -ignore-cd-flag{COLON} { YDVAR(1, VAR_IGNORE_CD_FLAG) } -serve-expired{COLON} { YDVAR(1, VAR_SERVE_EXPIRED) } -fake-dsa{COLON} { YDVAR(1, VAR_FAKE_DSA) } -fake-sha1{COLON} { YDVAR(1, VAR_FAKE_SHA1) } -val-log-level{COLON} { YDVAR(1, VAR_VAL_LOG_LEVEL) } -key-cache-size{COLON} { YDVAR(1, VAR_KEY_CACHE_SIZE) } -key-cache-slabs{COLON} { YDVAR(1, VAR_KEY_CACHE_SLABS) } -neg-cache-size{COLON} { YDVAR(1, VAR_NEG_CACHE_SIZE) } -val-nsec3-keysize-iterations{COLON} { - YDVAR(1, VAR_VAL_NSEC3_KEYSIZE_ITERATIONS) } -add-holddown{COLON} { YDVAR(1, VAR_ADD_HOLDDOWN) } -del-holddown{COLON} { YDVAR(1, VAR_DEL_HOLDDOWN) } -keep-missing{COLON} { YDVAR(1, VAR_KEEP_MISSING) } -permit-small-holddown{COLON} { YDVAR(1, VAR_PERMIT_SMALL_HOLDDOWN) } -use-syslog{COLON} { YDVAR(1, VAR_USE_SYSLOG) } -log-identity{COLON} { YDVAR(1, VAR_LOG_IDENTITY) } -log-time-ascii{COLON} { YDVAR(1, VAR_LOG_TIME_ASCII) } -log-queries{COLON} { YDVAR(1, VAR_LOG_QUERIES) } -log-replies{COLON} { YDVAR(1, VAR_LOG_REPLIES) } -local-zone{COLON} { YDVAR(2, VAR_LOCAL_ZONE) } -local-data{COLON} { YDVAR(1, VAR_LOCAL_DATA) } -local-data-ptr{COLON} { YDVAR(1, VAR_LOCAL_DATA_PTR) } -unblock-lan-zones{COLON} { YDVAR(1, VAR_UNBLOCK_LAN_ZONES) } -insecure-lan-zones{COLON} { YDVAR(1, VAR_INSECURE_LAN_ZONES) } -statistics-interval{COLON} { YDVAR(1, VAR_STATISTICS_INTERVAL) } -statistics-cumulative{COLON} { YDVAR(1, VAR_STATISTICS_CUMULATIVE) } -extended-statistics{COLON} { YDVAR(1, VAR_EXTENDED_STATISTICS) } -shm-enable{COLON} { YDVAR(1, VAR_SHM_ENABLE) } -shm-key{COLON} { YDVAR(1, VAR_SHM_KEY) } -remote-control{COLON} { YDVAR(0, VAR_REMOTE_CONTROL) } -control-enable{COLON} { YDVAR(1, VAR_CONTROL_ENABLE) } -control-interface{COLON} { YDVAR(1, VAR_CONTROL_INTERFACE) } -control-port{COLON} { YDVAR(1, VAR_CONTROL_PORT) } -control-use-cert{COLON} { YDVAR(1, VAR_CONTROL_USE_CERT) } -server-key-file{COLON} { YDVAR(1, VAR_SERVER_KEY_FILE) } -server-cert-file{COLON} { YDVAR(1, VAR_SERVER_CERT_FILE) } -control-key-file{COLON} { YDVAR(1, VAR_CONTROL_KEY_FILE) } -control-cert-file{COLON} { YDVAR(1, VAR_CONTROL_CERT_FILE) } -python-script{COLON} { YDVAR(1, VAR_PYTHON_SCRIPT) } -python{COLON} { YDVAR(0, VAR_PYTHON) } -domain-insecure{COLON} { YDVAR(1, VAR_DOMAIN_INSECURE) } -minimal-responses{COLON} { YDVAR(1, VAR_MINIMAL_RESPONSES) } -rrset-roundrobin{COLON} { YDVAR(1, VAR_RRSET_ROUNDROBIN) } -max-udp-size{COLON} { YDVAR(1, VAR_MAX_UDP_SIZE) } -dns64-prefix{COLON} { YDVAR(1, VAR_DNS64_PREFIX) } -dns64-synthall{COLON} { YDVAR(1, VAR_DNS64_SYNTHALL) } -define-tag{COLON} { YDVAR(1, VAR_DEFINE_TAG) } -local-zone-tag{COLON} { YDVAR(2, VAR_LOCAL_ZONE_TAG) } -access-control-tag{COLON} { YDVAR(2, VAR_ACCESS_CONTROL_TAG) } -access-control-tag-action{COLON} { YDVAR(3, VAR_ACCESS_CONTROL_TAG_ACTION) } -access-control-tag-data{COLON} { YDVAR(3, VAR_ACCESS_CONTROL_TAG_DATA) } -access-control-view{COLON} { YDVAR(2, VAR_ACCESS_CONTROL_VIEW) } -local-zone-override{COLON} { YDVAR(3, VAR_LOCAL_ZONE_OVERRIDE) } -dnstap{COLON} { YDVAR(0, VAR_DNSTAP) } -dnstap-enable{COLON} { YDVAR(1, VAR_DNSTAP_ENABLE) } -dnstap-socket-path{COLON} { YDVAR(1, VAR_DNSTAP_SOCKET_PATH) } -dnstap-send-identity{COLON} { YDVAR(1, VAR_DNSTAP_SEND_IDENTITY) } -dnstap-send-version{COLON} { YDVAR(1, VAR_DNSTAP_SEND_VERSION) } -dnstap-identity{COLON} { YDVAR(1, VAR_DNSTAP_IDENTITY) } -dnstap-version{COLON} { YDVAR(1, VAR_DNSTAP_VERSION) } -dnstap-log-resolver-query-messages{COLON} { - YDVAR(1, VAR_DNSTAP_LOG_RESOLVER_QUERY_MESSAGES) } -dnstap-log-resolver-response-messages{COLON} { - YDVAR(1, VAR_DNSTAP_LOG_RESOLVER_RESPONSE_MESSAGES) } -dnstap-log-client-query-messages{COLON} { - YDVAR(1, VAR_DNSTAP_LOG_CLIENT_QUERY_MESSAGES) } -dnstap-log-client-response-messages{COLON} { - YDVAR(1, VAR_DNSTAP_LOG_CLIENT_RESPONSE_MESSAGES) } -dnstap-log-forwarder-query-messages{COLON} { - YDVAR(1, VAR_DNSTAP_LOG_FORWARDER_QUERY_MESSAGES) } -dnstap-log-forwarder-response-messages{COLON} { - YDVAR(1, VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MESSAGES) } -disable-dnssec-lame-check{COLON} { YDVAR(1, VAR_DISABLE_DNSSEC_LAME_CHECK) } -ip-ratelimit{COLON} { YDVAR(1, VAR_IP_RATELIMIT) } -ratelimit{COLON} { YDVAR(1, VAR_RATELIMIT) } -ip-ratelimit-slabs{COLON} { YDVAR(1, VAR_IP_RATELIMIT_SLABS) } -ratelimit-slabs{COLON} { YDVAR(1, VAR_RATELIMIT_SLABS) } -ip-ratelimit-size{COLON} { YDVAR(1, VAR_IP_RATELIMIT_SIZE) } -ratelimit-size{COLON} { YDVAR(1, VAR_RATELIMIT_SIZE) } -ratelimit-for-domain{COLON} { YDVAR(2, VAR_RATELIMIT_FOR_DOMAIN) } -ratelimit-below-domain{COLON} { YDVAR(2, VAR_RATELIMIT_BELOW_DOMAIN) } -ip-ratelimit-factor{COLON} { YDVAR(1, VAR_IP_RATELIMIT_FACTOR) } -ratelimit-factor{COLON} { YDVAR(1, VAR_RATELIMIT_FACTOR) } -response-ip-tag{COLON} { YDVAR(2, VAR_RESPONSE_IP_TAG) } -response-ip{COLON} { YDVAR(2, VAR_RESPONSE_IP) } -response-ip-data{COLON} { YDVAR(2, VAR_RESPONSE_IP_DATA) } -dnscrypt{COLON} { YDVAR(0, VAR_DNSCRYPT) } -dnscrypt-enable{COLON} { YDVAR(1, VAR_DNSCRYPT_ENABLE) } -dnscrypt-port{COLON} { YDVAR(1, VAR_DNSCRYPT_PORT) } -dnscrypt-provider{COLON} { YDVAR(1, VAR_DNSCRYPT_PROVIDER) } -dnscrypt-secret-key{COLON} { YDVAR(1, VAR_DNSCRYPT_SECRET_KEY) } -dnscrypt-provider-cert{COLON} { YDVAR(1, VAR_DNSCRYPT_PROVIDER_CERT) } -{NEWLINE} { LEXOUT(("NL\n")); cfg_parser->line++; } - - /* Quoted strings. Strip leading and ending quotes */ -\" { BEGIN(quotedstring); LEXOUT(("QS ")); } -<> { - yyerror("EOF inside quoted string"); - if(--num_args == 0) { BEGIN(INITIAL); } - else { BEGIN(val); } -} -{DQANY}* { LEXOUT(("STR(%s) ", yytext)); yymore(); } -{NEWLINE} { yyerror("newline inside quoted string, no end \""); - cfg_parser->line++; BEGIN(INITIAL); } -\" { - LEXOUT(("QE ")); - if(--num_args == 0) { BEGIN(INITIAL); } - else { BEGIN(val); } - yytext[yyleng - 1] = '\0'; - yylval.str = strdup(yytext); - if(!yylval.str) - yyerror("out of memory"); - return STRING_ARG; -} - - /* Single Quoted strings. Strip leading and ending quotes */ -\' { BEGIN(singlequotedstr); LEXOUT(("SQS ")); } -<> { - yyerror("EOF inside quoted string"); - if(--num_args == 0) { BEGIN(INITIAL); } - else { BEGIN(val); } -} -{SQANY}* { LEXOUT(("STR(%s) ", yytext)); yymore(); } -{NEWLINE} { yyerror("newline inside quoted string, no end '"); - cfg_parser->line++; BEGIN(INITIAL); } -\' { - LEXOUT(("SQE ")); - if(--num_args == 0) { BEGIN(INITIAL); } - else { BEGIN(val); } - yytext[yyleng - 1] = '\0'; - yylval.str = strdup(yytext); - if(!yylval.str) - yyerror("out of memory"); - return STRING_ARG; -} - - /* include: directive */ -include{COLON} { - LEXOUT(("v(%s) ", yytext)); inc_prev = YYSTATE; BEGIN(include); } -<> { - yyerror("EOF inside include directive"); - BEGIN(inc_prev); -} -{SPACE}* { LEXOUT(("ISP ")); /* ignore */ } -{NEWLINE} { LEXOUT(("NL\n")); cfg_parser->line++;} -\" { LEXOUT(("IQS ")); BEGIN(include_quoted); } -{UNQUOTEDLETTER}* { - LEXOUT(("Iunquotedstr(%s) ", yytext)); - config_start_include_glob(yytext); - BEGIN(inc_prev); -} -<> { - yyerror("EOF inside quoted string"); - BEGIN(inc_prev); -} -{DQANY}* { LEXOUT(("ISTR(%s) ", yytext)); yymore(); } -{NEWLINE} { yyerror("newline before \" in include name"); - cfg_parser->line++; BEGIN(inc_prev); } -\" { - LEXOUT(("IQE ")); - yytext[yyleng - 1] = '\0'; - config_start_include_glob(yytext); - BEGIN(inc_prev); -} -<> { - LEXOUT(("LEXEOF ")); - yy_set_bol(1); /* Set beginning of line, so "^" rules match. */ - if (!config_include_stack) { - yyterminate(); - } else { - fclose(yyin); - config_end_include(); - } -} - -{UNQUOTEDLETTER}* { LEXOUT(("unquotedstr(%s) ", yytext)); - if(--num_args == 0) { BEGIN(INITIAL); } - yylval.str = strdup(yytext); return STRING_ARG; } - -{UNQUOTEDLETTER_NOCOLON}* { - ub_c_error_msg("unknown keyword '%s'", yytext); - } - -<*>. { - ub_c_error_msg("stray '%s'", yytext); - } - -%% diff --git a/external/unbound/util/configparser.c b/external/unbound/util/configparser.c deleted file mode 100644 index f70b948b7..000000000 --- a/external/unbound/util/configparser.c +++ /dev/null @@ -1,5131 +0,0 @@ -/* A Bison parser, made by GNU Bison 3.0.4. */ - -/* Bison implementation for Yacc-like parsers in C - - Copyright (C) 1984, 1989-1990, 2000-2015 Free Software Foundation, Inc. - - This program is free software: you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation, either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see . */ - -/* As a special exception, you may create a larger work that contains - part or all of the Bison parser skeleton and distribute that work - under terms of your choice, so long as that work isn't itself a - parser generator using the skeleton or a modified version thereof - as a parser skeleton. Alternatively, if you modify or redistribute - the parser skeleton itself, you may (at your option) remove this - special exception, which will cause the skeleton and the resulting - Bison output files to be licensed under the GNU General Public - License without this special exception. - - This special exception was added by the Free Software Foundation in - version 2.2 of Bison. */ - -/* C LALR(1) parser skeleton written by Richard Stallman, by - simplifying the original so-called "semantic" parser. */ - -/* All symbols defined below should begin with yy or YY, to avoid - infringing on user name space. This should be done even for local - variables, as they might otherwise be expanded by user macros. - There are some unavoidable exceptions within include files to - define necessary library symbols; they are noted "INFRINGES ON - USER NAME SPACE" below. */ - -/* Identify Bison output. */ -#define YYBISON 1 - -/* Bison version. */ -#define YYBISON_VERSION "3.0.4" - -/* Skeleton name. */ -#define YYSKELETON_NAME "yacc.c" - -/* Pure parsers. */ -#define YYPURE 0 - -/* Push parsers. */ -#define YYPUSH 0 - -/* Pull parsers. */ -#define YYPULL 1 - - - - -/* Copy the first part of user declarations. */ -#line 38 "util/configparser.y" /* yacc.c:339 */ - -#include "config.h" - -#include -#include -#include -#include -#include - -#include "util/configyyrename.h" -#include "util/config_file.h" -#include "util/net_help.h" - -int ub_c_lex(void); -void ub_c_error(const char *message); - -static void validate_respip_action(const char* action); - -/* these need to be global, otherwise they cannot be used inside yacc */ -extern struct config_parser_state* cfg_parser; - -#if 0 -#define OUTYY(s) printf s /* used ONLY when debugging */ -#else -#define OUTYY(s) -#endif - - -#line 95 "util/configparser.c" /* yacc.c:339 */ - -# ifndef YY_NULLPTR -# if defined __cplusplus && 201103L <= __cplusplus -# define YY_NULLPTR nullptr -# else -# define YY_NULLPTR 0 -# endif -# endif - -/* Enabling verbose error messages. */ -#ifdef YYERROR_VERBOSE -# undef YYERROR_VERBOSE -# define YYERROR_VERBOSE 1 -#else -# define YYERROR_VERBOSE 0 -#endif - -/* In a future release of Bison, this section will be replaced - by #include "configparser.h". */ -#ifndef YY_YY_UTIL_CONFIGPARSER_H_INCLUDED -# define YY_YY_UTIL_CONFIGPARSER_H_INCLUDED -/* Debug traces. */ -#ifndef YYDEBUG -# define YYDEBUG 0 -#endif -#if YYDEBUG -extern int yydebug; -#endif - -/* Token type. */ -#ifndef YYTOKENTYPE -# define YYTOKENTYPE - enum yytokentype - { - SPACE = 258, - LETTER = 259, - NEWLINE = 260, - COMMENT = 261, - COLON = 262, - ANY = 263, - ZONESTR = 264, - STRING_ARG = 265, - VAR_SERVER = 266, - VAR_VERBOSITY = 267, - VAR_NUM_THREADS = 268, - VAR_PORT = 269, - VAR_OUTGOING_RANGE = 270, - VAR_INTERFACE = 271, - VAR_DO_IP4 = 272, - VAR_DO_IP6 = 273, - VAR_PREFER_IP6 = 274, - VAR_DO_UDP = 275, - VAR_DO_TCP = 276, - VAR_TCP_MSS = 277, - VAR_OUTGOING_TCP_MSS = 278, - VAR_CHROOT = 279, - VAR_USERNAME = 280, - VAR_DIRECTORY = 281, - VAR_LOGFILE = 282, - VAR_PIDFILE = 283, - VAR_MSG_CACHE_SIZE = 284, - VAR_MSG_CACHE_SLABS = 285, - VAR_NUM_QUERIES_PER_THREAD = 286, - VAR_RRSET_CACHE_SIZE = 287, - VAR_RRSET_CACHE_SLABS = 288, - VAR_OUTGOING_NUM_TCP = 289, - VAR_INFRA_HOST_TTL = 290, - VAR_INFRA_LAME_TTL = 291, - VAR_INFRA_CACHE_SLABS = 292, - VAR_INFRA_CACHE_NUMHOSTS = 293, - VAR_INFRA_CACHE_LAME_SIZE = 294, - VAR_NAME = 295, - VAR_STUB_ZONE = 296, - VAR_STUB_HOST = 297, - VAR_STUB_ADDR = 298, - VAR_TARGET_FETCH_POLICY = 299, - VAR_HARDEN_SHORT_BUFSIZE = 300, - VAR_HARDEN_LARGE_QUERIES = 301, - VAR_FORWARD_ZONE = 302, - VAR_FORWARD_HOST = 303, - VAR_FORWARD_ADDR = 304, - VAR_DO_NOT_QUERY_ADDRESS = 305, - VAR_HIDE_IDENTITY = 306, - VAR_HIDE_VERSION = 307, - VAR_IDENTITY = 308, - VAR_VERSION = 309, - VAR_HARDEN_GLUE = 310, - VAR_MODULE_CONF = 311, - VAR_TRUST_ANCHOR_FILE = 312, - VAR_TRUST_ANCHOR = 313, - VAR_VAL_OVERRIDE_DATE = 314, - VAR_BOGUS_TTL = 315, - VAR_VAL_CLEAN_ADDITIONAL = 316, - VAR_VAL_PERMISSIVE_MODE = 317, - VAR_INCOMING_NUM_TCP = 318, - VAR_MSG_BUFFER_SIZE = 319, - VAR_KEY_CACHE_SIZE = 320, - VAR_KEY_CACHE_SLABS = 321, - VAR_TRUSTED_KEYS_FILE = 322, - VAR_VAL_NSEC3_KEYSIZE_ITERATIONS = 323, - VAR_USE_SYSLOG = 324, - VAR_OUTGOING_INTERFACE = 325, - VAR_ROOT_HINTS = 326, - VAR_DO_NOT_QUERY_LOCALHOST = 327, - VAR_CACHE_MAX_TTL = 328, - VAR_HARDEN_DNSSEC_STRIPPED = 329, - VAR_ACCESS_CONTROL = 330, - VAR_LOCAL_ZONE = 331, - VAR_LOCAL_DATA = 332, - VAR_INTERFACE_AUTOMATIC = 333, - VAR_STATISTICS_INTERVAL = 334, - VAR_DO_DAEMONIZE = 335, - VAR_USE_CAPS_FOR_ID = 336, - VAR_STATISTICS_CUMULATIVE = 337, - VAR_OUTGOING_PORT_PERMIT = 338, - VAR_OUTGOING_PORT_AVOID = 339, - VAR_DLV_ANCHOR_FILE = 340, - VAR_DLV_ANCHOR = 341, - VAR_NEG_CACHE_SIZE = 342, - VAR_HARDEN_REFERRAL_PATH = 343, - VAR_PRIVATE_ADDRESS = 344, - VAR_PRIVATE_DOMAIN = 345, - VAR_REMOTE_CONTROL = 346, - VAR_CONTROL_ENABLE = 347, - VAR_CONTROL_INTERFACE = 348, - VAR_CONTROL_PORT = 349, - VAR_SERVER_KEY_FILE = 350, - VAR_SERVER_CERT_FILE = 351, - VAR_CONTROL_KEY_FILE = 352, - VAR_CONTROL_CERT_FILE = 353, - VAR_CONTROL_USE_CERT = 354, - VAR_EXTENDED_STATISTICS = 355, - VAR_LOCAL_DATA_PTR = 356, - VAR_JOSTLE_TIMEOUT = 357, - VAR_STUB_PRIME = 358, - VAR_UNWANTED_REPLY_THRESHOLD = 359, - VAR_LOG_TIME_ASCII = 360, - VAR_DOMAIN_INSECURE = 361, - VAR_PYTHON = 362, - VAR_PYTHON_SCRIPT = 363, - VAR_VAL_SIG_SKEW_MIN = 364, - VAR_VAL_SIG_SKEW_MAX = 365, - VAR_CACHE_MIN_TTL = 366, - VAR_VAL_LOG_LEVEL = 367, - VAR_AUTO_TRUST_ANCHOR_FILE = 368, - VAR_KEEP_MISSING = 369, - VAR_ADD_HOLDDOWN = 370, - VAR_DEL_HOLDDOWN = 371, - VAR_SO_RCVBUF = 372, - VAR_EDNS_BUFFER_SIZE = 373, - VAR_PREFETCH = 374, - VAR_PREFETCH_KEY = 375, - VAR_SO_SNDBUF = 376, - VAR_SO_REUSEPORT = 377, - VAR_HARDEN_BELOW_NXDOMAIN = 378, - VAR_IGNORE_CD_FLAG = 379, - VAR_LOG_QUERIES = 380, - VAR_LOG_REPLIES = 381, - VAR_TCP_UPSTREAM = 382, - VAR_SSL_UPSTREAM = 383, - VAR_SSL_SERVICE_KEY = 384, - VAR_SSL_SERVICE_PEM = 385, - VAR_SSL_PORT = 386, - VAR_FORWARD_FIRST = 387, - VAR_STUB_SSL_UPSTREAM = 388, - VAR_FORWARD_SSL_UPSTREAM = 389, - VAR_STUB_FIRST = 390, - VAR_MINIMAL_RESPONSES = 391, - VAR_RRSET_ROUNDROBIN = 392, - VAR_MAX_UDP_SIZE = 393, - VAR_DELAY_CLOSE = 394, - VAR_UNBLOCK_LAN_ZONES = 395, - VAR_INSECURE_LAN_ZONES = 396, - VAR_INFRA_CACHE_MIN_RTT = 397, - VAR_DNS64_PREFIX = 398, - VAR_DNS64_SYNTHALL = 399, - VAR_DNSTAP = 400, - VAR_DNSTAP_ENABLE = 401, - VAR_DNSTAP_SOCKET_PATH = 402, - VAR_DNSTAP_SEND_IDENTITY = 403, - VAR_DNSTAP_SEND_VERSION = 404, - VAR_DNSTAP_IDENTITY = 405, - VAR_DNSTAP_VERSION = 406, - VAR_DNSTAP_LOG_RESOLVER_QUERY_MESSAGES = 407, - VAR_DNSTAP_LOG_RESOLVER_RESPONSE_MESSAGES = 408, - VAR_DNSTAP_LOG_CLIENT_QUERY_MESSAGES = 409, - VAR_DNSTAP_LOG_CLIENT_RESPONSE_MESSAGES = 410, - VAR_DNSTAP_LOG_FORWARDER_QUERY_MESSAGES = 411, - VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MESSAGES = 412, - VAR_RESPONSE_IP_TAG = 413, - VAR_RESPONSE_IP = 414, - VAR_RESPONSE_IP_DATA = 415, - VAR_HARDEN_ALGO_DOWNGRADE = 416, - VAR_IP_TRANSPARENT = 417, - VAR_DISABLE_DNSSEC_LAME_CHECK = 418, - VAR_IP_RATELIMIT = 419, - VAR_IP_RATELIMIT_SLABS = 420, - VAR_IP_RATELIMIT_SIZE = 421, - VAR_RATELIMIT = 422, - VAR_RATELIMIT_SLABS = 423, - VAR_RATELIMIT_SIZE = 424, - VAR_RATELIMIT_FOR_DOMAIN = 425, - VAR_RATELIMIT_BELOW_DOMAIN = 426, - VAR_IP_RATELIMIT_FACTOR = 427, - VAR_RATELIMIT_FACTOR = 428, - VAR_SEND_CLIENT_SUBNET = 429, - VAR_CLIENT_SUBNET_ALWAYS_FORWARD = 430, - VAR_CLIENT_SUBNET_OPCODE = 431, - VAR_MAX_CLIENT_SUBNET_IPV4 = 432, - VAR_MAX_CLIENT_SUBNET_IPV6 = 433, - VAR_CAPS_WHITELIST = 434, - VAR_CACHE_MAX_NEGATIVE_TTL = 435, - VAR_PERMIT_SMALL_HOLDDOWN = 436, - VAR_QNAME_MINIMISATION = 437, - VAR_QNAME_MINIMISATION_STRICT = 438, - VAR_IP_FREEBIND = 439, - VAR_DEFINE_TAG = 440, - VAR_LOCAL_ZONE_TAG = 441, - VAR_ACCESS_CONTROL_TAG = 442, - VAR_LOCAL_ZONE_OVERRIDE = 443, - VAR_ACCESS_CONTROL_TAG_ACTION = 444, - VAR_ACCESS_CONTROL_TAG_DATA = 445, - VAR_VIEW = 446, - VAR_ACCESS_CONTROL_VIEW = 447, - VAR_VIEW_FIRST = 448, - VAR_SERVE_EXPIRED = 449, - VAR_FAKE_DSA = 450, - VAR_FAKE_SHA1 = 451, - VAR_LOG_IDENTITY = 452, - VAR_HIDE_TRUSTANCHOR = 453, - VAR_USE_SYSTEMD = 454, - VAR_SHM_ENABLE = 455, - VAR_SHM_KEY = 456, - VAR_DNSCRYPT = 457, - VAR_DNSCRYPT_ENABLE = 458, - VAR_DNSCRYPT_PORT = 459, - VAR_DNSCRYPT_PROVIDER = 460, - VAR_DNSCRYPT_SECRET_KEY = 461, - VAR_DNSCRYPT_PROVIDER_CERT = 462 - }; -#endif -/* Tokens. */ -#define SPACE 258 -#define LETTER 259 -#define NEWLINE 260 -#define COMMENT 261 -#define COLON 262 -#define ANY 263 -#define ZONESTR 264 -#define STRING_ARG 265 -#define VAR_SERVER 266 -#define VAR_VERBOSITY 267 -#define VAR_NUM_THREADS 268 -#define VAR_PORT 269 -#define VAR_OUTGOING_RANGE 270 -#define VAR_INTERFACE 271 -#define VAR_DO_IP4 272 -#define VAR_DO_IP6 273 -#define VAR_PREFER_IP6 274 -#define VAR_DO_UDP 275 -#define VAR_DO_TCP 276 -#define VAR_TCP_MSS 277 -#define VAR_OUTGOING_TCP_MSS 278 -#define VAR_CHROOT 279 -#define VAR_USERNAME 280 -#define VAR_DIRECTORY 281 -#define VAR_LOGFILE 282 -#define VAR_PIDFILE 283 -#define VAR_MSG_CACHE_SIZE 284 -#define VAR_MSG_CACHE_SLABS 285 -#define VAR_NUM_QUERIES_PER_THREAD 286 -#define VAR_RRSET_CACHE_SIZE 287 -#define VAR_RRSET_CACHE_SLABS 288 -#define VAR_OUTGOING_NUM_TCP 289 -#define VAR_INFRA_HOST_TTL 290 -#define VAR_INFRA_LAME_TTL 291 -#define VAR_INFRA_CACHE_SLABS 292 -#define VAR_INFRA_CACHE_NUMHOSTS 293 -#define VAR_INFRA_CACHE_LAME_SIZE 294 -#define VAR_NAME 295 -#define VAR_STUB_ZONE 296 -#define VAR_STUB_HOST 297 -#define VAR_STUB_ADDR 298 -#define VAR_TARGET_FETCH_POLICY 299 -#define VAR_HARDEN_SHORT_BUFSIZE 300 -#define VAR_HARDEN_LARGE_QUERIES 301 -#define VAR_FORWARD_ZONE 302 -#define VAR_FORWARD_HOST 303 -#define VAR_FORWARD_ADDR 304 -#define VAR_DO_NOT_QUERY_ADDRESS 305 -#define VAR_HIDE_IDENTITY 306 -#define VAR_HIDE_VERSION 307 -#define VAR_IDENTITY 308 -#define VAR_VERSION 309 -#define VAR_HARDEN_GLUE 310 -#define VAR_MODULE_CONF 311 -#define VAR_TRUST_ANCHOR_FILE 312 -#define VAR_TRUST_ANCHOR 313 -#define VAR_VAL_OVERRIDE_DATE 314 -#define VAR_BOGUS_TTL 315 -#define VAR_VAL_CLEAN_ADDITIONAL 316 -#define VAR_VAL_PERMISSIVE_MODE 317 -#define VAR_INCOMING_NUM_TCP 318 -#define VAR_MSG_BUFFER_SIZE 319 -#define VAR_KEY_CACHE_SIZE 320 -#define VAR_KEY_CACHE_SLABS 321 -#define VAR_TRUSTED_KEYS_FILE 322 -#define VAR_VAL_NSEC3_KEYSIZE_ITERATIONS 323 -#define VAR_USE_SYSLOG 324 -#define VAR_OUTGOING_INTERFACE 325 -#define VAR_ROOT_HINTS 326 -#define VAR_DO_NOT_QUERY_LOCALHOST 327 -#define VAR_CACHE_MAX_TTL 328 -#define VAR_HARDEN_DNSSEC_STRIPPED 329 -#define VAR_ACCESS_CONTROL 330 -#define VAR_LOCAL_ZONE 331 -#define VAR_LOCAL_DATA 332 -#define VAR_INTERFACE_AUTOMATIC 333 -#define VAR_STATISTICS_INTERVAL 334 -#define VAR_DO_DAEMONIZE 335 -#define VAR_USE_CAPS_FOR_ID 336 -#define VAR_STATISTICS_CUMULATIVE 337 -#define VAR_OUTGOING_PORT_PERMIT 338 -#define VAR_OUTGOING_PORT_AVOID 339 -#define VAR_DLV_ANCHOR_FILE 340 -#define VAR_DLV_ANCHOR 341 -#define VAR_NEG_CACHE_SIZE 342 -#define VAR_HARDEN_REFERRAL_PATH 343 -#define VAR_PRIVATE_ADDRESS 344 -#define VAR_PRIVATE_DOMAIN 345 -#define VAR_REMOTE_CONTROL 346 -#define VAR_CONTROL_ENABLE 347 -#define VAR_CONTROL_INTERFACE 348 -#define VAR_CONTROL_PORT 349 -#define VAR_SERVER_KEY_FILE 350 -#define VAR_SERVER_CERT_FILE 351 -#define VAR_CONTROL_KEY_FILE 352 -#define VAR_CONTROL_CERT_FILE 353 -#define VAR_CONTROL_USE_CERT 354 -#define VAR_EXTENDED_STATISTICS 355 -#define VAR_LOCAL_DATA_PTR 356 -#define VAR_JOSTLE_TIMEOUT 357 -#define VAR_STUB_PRIME 358 -#define VAR_UNWANTED_REPLY_THRESHOLD 359 -#define VAR_LOG_TIME_ASCII 360 -#define VAR_DOMAIN_INSECURE 361 -#define VAR_PYTHON 362 -#define VAR_PYTHON_SCRIPT 363 -#define VAR_VAL_SIG_SKEW_MIN 364 -#define VAR_VAL_SIG_SKEW_MAX 365 -#define VAR_CACHE_MIN_TTL 366 -#define VAR_VAL_LOG_LEVEL 367 -#define VAR_AUTO_TRUST_ANCHOR_FILE 368 -#define VAR_KEEP_MISSING 369 -#define VAR_ADD_HOLDDOWN 370 -#define VAR_DEL_HOLDDOWN 371 -#define VAR_SO_RCVBUF 372 -#define VAR_EDNS_BUFFER_SIZE 373 -#define VAR_PREFETCH 374 -#define VAR_PREFETCH_KEY 375 -#define VAR_SO_SNDBUF 376 -#define VAR_SO_REUSEPORT 377 -#define VAR_HARDEN_BELOW_NXDOMAIN 378 -#define VAR_IGNORE_CD_FLAG 379 -#define VAR_LOG_QUERIES 380 -#define VAR_LOG_REPLIES 381 -#define VAR_TCP_UPSTREAM 382 -#define VAR_SSL_UPSTREAM 383 -#define VAR_SSL_SERVICE_KEY 384 -#define VAR_SSL_SERVICE_PEM 385 -#define VAR_SSL_PORT 386 -#define VAR_FORWARD_FIRST 387 -#define VAR_STUB_SSL_UPSTREAM 388 -#define VAR_FORWARD_SSL_UPSTREAM 389 -#define VAR_STUB_FIRST 390 -#define VAR_MINIMAL_RESPONSES 391 -#define VAR_RRSET_ROUNDROBIN 392 -#define VAR_MAX_UDP_SIZE 393 -#define VAR_DELAY_CLOSE 394 -#define VAR_UNBLOCK_LAN_ZONES 395 -#define VAR_INSECURE_LAN_ZONES 396 -#define VAR_INFRA_CACHE_MIN_RTT 397 -#define VAR_DNS64_PREFIX 398 -#define VAR_DNS64_SYNTHALL 399 -#define VAR_DNSTAP 400 -#define VAR_DNSTAP_ENABLE 401 -#define VAR_DNSTAP_SOCKET_PATH 402 -#define VAR_DNSTAP_SEND_IDENTITY 403 -#define VAR_DNSTAP_SEND_VERSION 404 -#define VAR_DNSTAP_IDENTITY 405 -#define VAR_DNSTAP_VERSION 406 -#define VAR_DNSTAP_LOG_RESOLVER_QUERY_MESSAGES 407 -#define VAR_DNSTAP_LOG_RESOLVER_RESPONSE_MESSAGES 408 -#define VAR_DNSTAP_LOG_CLIENT_QUERY_MESSAGES 409 -#define VAR_DNSTAP_LOG_CLIENT_RESPONSE_MESSAGES 410 -#define VAR_DNSTAP_LOG_FORWARDER_QUERY_MESSAGES 411 -#define VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MESSAGES 412 -#define VAR_RESPONSE_IP_TAG 413 -#define VAR_RESPONSE_IP 414 -#define VAR_RESPONSE_IP_DATA 415 -#define VAR_HARDEN_ALGO_DOWNGRADE 416 -#define VAR_IP_TRANSPARENT 417 -#define VAR_DISABLE_DNSSEC_LAME_CHECK 418 -#define VAR_IP_RATELIMIT 419 -#define VAR_IP_RATELIMIT_SLABS 420 -#define VAR_IP_RATELIMIT_SIZE 421 -#define VAR_RATELIMIT 422 -#define VAR_RATELIMIT_SLABS 423 -#define VAR_RATELIMIT_SIZE 424 -#define VAR_RATELIMIT_FOR_DOMAIN 425 -#define VAR_RATELIMIT_BELOW_DOMAIN 426 -#define VAR_IP_RATELIMIT_FACTOR 427 -#define VAR_RATELIMIT_FACTOR 428 -#define VAR_SEND_CLIENT_SUBNET 429 -#define VAR_CLIENT_SUBNET_ALWAYS_FORWARD 430 -#define VAR_CLIENT_SUBNET_OPCODE 431 -#define VAR_MAX_CLIENT_SUBNET_IPV4 432 -#define VAR_MAX_CLIENT_SUBNET_IPV6 433 -#define VAR_CAPS_WHITELIST 434 -#define VAR_CACHE_MAX_NEGATIVE_TTL 435 -#define VAR_PERMIT_SMALL_HOLDDOWN 436 -#define VAR_QNAME_MINIMISATION 437 -#define VAR_QNAME_MINIMISATION_STRICT 438 -#define VAR_IP_FREEBIND 439 -#define VAR_DEFINE_TAG 440 -#define VAR_LOCAL_ZONE_TAG 441 -#define VAR_ACCESS_CONTROL_TAG 442 -#define VAR_LOCAL_ZONE_OVERRIDE 443 -#define VAR_ACCESS_CONTROL_TAG_ACTION 444 -#define VAR_ACCESS_CONTROL_TAG_DATA 445 -#define VAR_VIEW 446 -#define VAR_ACCESS_CONTROL_VIEW 447 -#define VAR_VIEW_FIRST 448 -#define VAR_SERVE_EXPIRED 449 -#define VAR_FAKE_DSA 450 -#define VAR_FAKE_SHA1 451 -#define VAR_LOG_IDENTITY 452 -#define VAR_HIDE_TRUSTANCHOR 453 -#define VAR_USE_SYSTEMD 454 -#define VAR_SHM_ENABLE 455 -#define VAR_SHM_KEY 456 -#define VAR_DNSCRYPT 457 -#define VAR_DNSCRYPT_ENABLE 458 -#define VAR_DNSCRYPT_PORT 459 -#define VAR_DNSCRYPT_PROVIDER 460 -#define VAR_DNSCRYPT_SECRET_KEY 461 -#define VAR_DNSCRYPT_PROVIDER_CERT 462 - -/* Value type. */ -#if ! defined YYSTYPE && ! defined YYSTYPE_IS_DECLARED - -union YYSTYPE -{ -#line 66 "util/configparser.y" /* yacc.c:355 */ - - char* str; - -#line 553 "util/configparser.c" /* yacc.c:355 */ -}; - -typedef union YYSTYPE YYSTYPE; -# define YYSTYPE_IS_TRIVIAL 1 -# define YYSTYPE_IS_DECLARED 1 -#endif - - -extern YYSTYPE yylval; - -int yyparse (void); - -#endif /* !YY_YY_UTIL_CONFIGPARSER_H_INCLUDED */ - -/* Copy the second part of user declarations. */ - -#line 570 "util/configparser.c" /* yacc.c:358 */ - -#ifdef short -# undef short -#endif - -#ifdef YYTYPE_UINT8 -typedef YYTYPE_UINT8 yytype_uint8; -#else -typedef unsigned char yytype_uint8; -#endif - -#ifdef YYTYPE_INT8 -typedef YYTYPE_INT8 yytype_int8; -#else -typedef signed char yytype_int8; -#endif - -#ifdef YYTYPE_UINT16 -typedef YYTYPE_UINT16 yytype_uint16; -#else -typedef unsigned short int yytype_uint16; -#endif - -#ifdef YYTYPE_INT16 -typedef YYTYPE_INT16 yytype_int16; -#else -typedef short int yytype_int16; -#endif - -#ifndef YYSIZE_T -# ifdef __SIZE_TYPE__ -# define YYSIZE_T __SIZE_TYPE__ -# elif defined size_t -# define YYSIZE_T size_t -# elif ! defined YYSIZE_T -# include /* INFRINGES ON USER NAME SPACE */ -# define YYSIZE_T size_t -# else -# define YYSIZE_T unsigned int -# endif -#endif - -#define YYSIZE_MAXIMUM ((YYSIZE_T) -1) - -#ifndef YY_ -# if defined YYENABLE_NLS && YYENABLE_NLS -# if ENABLE_NLS -# include /* INFRINGES ON USER NAME SPACE */ -# define YY_(Msgid) dgettext ("bison-runtime", Msgid) -# endif -# endif -# ifndef YY_ -# define YY_(Msgid) Msgid -# endif -#endif - -#ifndef YY_ATTRIBUTE -# if (defined __GNUC__ \ - && (2 < __GNUC__ || (__GNUC__ == 2 && 96 <= __GNUC_MINOR__))) \ - || defined __SUNPRO_C && 0x5110 <= __SUNPRO_C -# define YY_ATTRIBUTE(Spec) __attribute__(Spec) -# else -# define YY_ATTRIBUTE(Spec) /* empty */ -# endif -#endif - -#ifndef YY_ATTRIBUTE_PURE -# define YY_ATTRIBUTE_PURE YY_ATTRIBUTE ((__pure__)) -#endif - -#ifndef YY_ATTRIBUTE_UNUSED -# define YY_ATTRIBUTE_UNUSED YY_ATTRIBUTE ((__unused__)) -#endif - -#if !defined _Noreturn \ - && (!defined __STDC_VERSION__ || __STDC_VERSION__ < 201112) -# if defined _MSC_VER && 1200 <= _MSC_VER -# define _Noreturn __declspec (noreturn) -# else -# define _Noreturn YY_ATTRIBUTE ((__noreturn__)) -# endif -#endif - -/* Suppress unused-variable warnings by "using" E. */ -#if ! defined lint || defined __GNUC__ -# define YYUSE(E) ((void) (E)) -#else -# define YYUSE(E) /* empty */ -#endif - -#if defined __GNUC__ && 407 <= __GNUC__ * 100 + __GNUC_MINOR__ -/* Suppress an incorrect diagnostic about yylval being uninitialized. */ -# define YY_IGNORE_MAYBE_UNINITIALIZED_BEGIN \ - _Pragma ("GCC diagnostic push") \ - _Pragma ("GCC diagnostic ignored \"-Wuninitialized\"")\ - _Pragma ("GCC diagnostic ignored \"-Wmaybe-uninitialized\"") -# define YY_IGNORE_MAYBE_UNINITIALIZED_END \ - _Pragma ("GCC diagnostic pop") -#else -# define YY_INITIAL_VALUE(Value) Value -#endif -#ifndef YY_IGNORE_MAYBE_UNINITIALIZED_BEGIN -# define YY_IGNORE_MAYBE_UNINITIALIZED_BEGIN -# define YY_IGNORE_MAYBE_UNINITIALIZED_END -#endif -#ifndef YY_INITIAL_VALUE -# define YY_INITIAL_VALUE(Value) /* Nothing. */ -#endif - - -#if ! defined yyoverflow || YYERROR_VERBOSE - -/* The parser invokes alloca or malloc; define the necessary symbols. */ - -# ifdef YYSTACK_USE_ALLOCA -# if YYSTACK_USE_ALLOCA -# ifdef __GNUC__ -# define YYSTACK_ALLOC __builtin_alloca -# elif defined __BUILTIN_VA_ARG_INCR -# include /* INFRINGES ON USER NAME SPACE */ -# elif defined _AIX -# define YYSTACK_ALLOC __alloca -# elif defined _MSC_VER -# include /* INFRINGES ON USER NAME SPACE */ -# define alloca _alloca -# else -# define YYSTACK_ALLOC alloca -# if ! defined _ALLOCA_H && ! defined EXIT_SUCCESS -# include /* INFRINGES ON USER NAME SPACE */ - /* Use EXIT_SUCCESS as a witness for stdlib.h. */ -# ifndef EXIT_SUCCESS -# define EXIT_SUCCESS 0 -# endif -# endif -# endif -# endif -# endif - -# ifdef YYSTACK_ALLOC - /* Pacify GCC's 'empty if-body' warning. */ -# define YYSTACK_FREE(Ptr) do { /* empty */; } while (0) -# ifndef YYSTACK_ALLOC_MAXIMUM - /* The OS might guarantee only one guard page at the bottom of the stack, - and a page size can be as small as 4096 bytes. So we cannot safely - invoke alloca (N) if N exceeds 4096. Use a slightly smaller number - to allow for a few compiler-allocated temporary stack slots. */ -# define YYSTACK_ALLOC_MAXIMUM 4032 /* reasonable circa 2006 */ -# endif -# else -# define YYSTACK_ALLOC YYMALLOC -# define YYSTACK_FREE YYFREE -# ifndef YYSTACK_ALLOC_MAXIMUM -# define YYSTACK_ALLOC_MAXIMUM YYSIZE_MAXIMUM -# endif -# if (defined __cplusplus && ! defined EXIT_SUCCESS \ - && ! ((defined YYMALLOC || defined malloc) \ - && (defined YYFREE || defined free))) -# include /* INFRINGES ON USER NAME SPACE */ -# ifndef EXIT_SUCCESS -# define EXIT_SUCCESS 0 -# endif -# endif -# ifndef YYMALLOC -# define YYMALLOC malloc -# if ! defined malloc && ! defined EXIT_SUCCESS -void *malloc (YYSIZE_T); /* INFRINGES ON USER NAME SPACE */ -# endif -# endif -# ifndef YYFREE -# define YYFREE free -# if ! defined free && ! defined EXIT_SUCCESS -void free (void *); /* INFRINGES ON USER NAME SPACE */ -# endif -# endif -# endif -#endif /* ! defined yyoverflow || YYERROR_VERBOSE */ - - -#if (! defined yyoverflow \ - && (! defined __cplusplus \ - || (defined YYSTYPE_IS_TRIVIAL && YYSTYPE_IS_TRIVIAL))) - -/* A type that is properly aligned for any stack member. */ -union yyalloc -{ - yytype_int16 yyss_alloc; - YYSTYPE yyvs_alloc; -}; - -/* The size of the maximum gap between one aligned stack and the next. */ -# define YYSTACK_GAP_MAXIMUM (sizeof (union yyalloc) - 1) - -/* The size of an array large to enough to hold all stacks, each with - N elements. */ -# define YYSTACK_BYTES(N) \ - ((N) * (sizeof (yytype_int16) + sizeof (YYSTYPE)) \ - + YYSTACK_GAP_MAXIMUM) - -# define YYCOPY_NEEDED 1 - -/* Relocate STACK from its old location to the new one. The - local variables YYSIZE and YYSTACKSIZE give the old and new number of - elements in the stack, and YYPTR gives the new location of the - stack. Advance YYPTR to a properly aligned location for the next - stack. */ -# define YYSTACK_RELOCATE(Stack_alloc, Stack) \ - do \ - { \ - YYSIZE_T yynewbytes; \ - YYCOPY (&yyptr->Stack_alloc, Stack, yysize); \ - Stack = &yyptr->Stack_alloc; \ - yynewbytes = yystacksize * sizeof (*Stack) + YYSTACK_GAP_MAXIMUM; \ - yyptr += yynewbytes / sizeof (*yyptr); \ - } \ - while (0) - -#endif - -#if defined YYCOPY_NEEDED && YYCOPY_NEEDED -/* Copy COUNT objects from SRC to DST. The source and destination do - not overlap. */ -# ifndef YYCOPY -# if defined __GNUC__ && 1 < __GNUC__ -# define YYCOPY(Dst, Src, Count) \ - __builtin_memcpy (Dst, Src, (Count) * sizeof (*(Src))) -# else -# define YYCOPY(Dst, Src, Count) \ - do \ - { \ - YYSIZE_T yyi; \ - for (yyi = 0; yyi < (Count); yyi++) \ - (Dst)[yyi] = (Src)[yyi]; \ - } \ - while (0) -# endif -# endif -#endif /* !YYCOPY_NEEDED */ - -/* YYFINAL -- State number of the termination state. */ -#define YYFINAL 2 -/* YYLAST -- Last index in YYTABLE. */ -#define YYLAST 421 - -/* YYNTOKENS -- Number of terminals. */ -#define YYNTOKENS 208 -/* YYNNTS -- Number of nonterminals. */ -#define YYNNTS 223 -/* YYNRULES -- Number of rules. */ -#define YYNRULES 427 -/* YYNSTATES -- Number of states. */ -#define YYNSTATES 643 - -/* YYTRANSLATE[YYX] -- Symbol number corresponding to YYX as returned - by yylex, with out-of-bounds checking. */ -#define YYUNDEFTOK 2 -#define YYMAXUTOK 462 - -#define YYTRANSLATE(YYX) \ - ((unsigned int) (YYX) <= YYMAXUTOK ? yytranslate[YYX] : YYUNDEFTOK) - -/* YYTRANSLATE[TOKEN-NUM] -- Symbol number corresponding to TOKEN-NUM - as returned by yylex, without out-of-bounds checking. */ -static const yytype_uint8 yytranslate[] = -{ - 0, 2, 2, 2, 2, 2, 2, 2, 2, 2, - 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, - 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, - 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, - 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, - 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, - 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, - 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, - 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, - 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, - 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, - 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, - 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, - 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, - 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, - 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, - 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, - 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, - 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, - 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, - 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, - 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, - 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, - 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, - 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, - 2, 2, 2, 2, 2, 2, 1, 2, 3, 4, - 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, - 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, - 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, - 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, - 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, - 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, - 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, - 75, 76, 77, 78, 79, 80, 81, 82, 83, 84, - 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, - 95, 96, 97, 98, 99, 100, 101, 102, 103, 104, - 105, 106, 107, 108, 109, 110, 111, 112, 113, 114, - 115, 116, 117, 118, 119, 120, 121, 122, 123, 124, - 125, 126, 127, 128, 129, 130, 131, 132, 133, 134, - 135, 136, 137, 138, 139, 140, 141, 142, 143, 144, - 145, 146, 147, 148, 149, 150, 151, 152, 153, 154, - 155, 156, 157, 158, 159, 160, 161, 162, 163, 164, - 165, 166, 167, 168, 169, 170, 171, 172, 173, 174, - 175, 176, 177, 178, 179, 180, 181, 182, 183, 184, - 185, 186, 187, 188, 189, 190, 191, 192, 193, 194, - 195, 196, 197, 198, 199, 200, 201, 202, 203, 204, - 205, 206, 207 -}; - -#if YYDEBUG - /* YYRLINE[YYN] -- Source line where rule number YYN was defined. */ -static const yytype_uint16 yyrline[] = -{ - 0, 149, 149, 149, 150, 150, 151, 151, 152, 152, - 152, 154, 158, 163, 164, 165, 165, 165, 166, 166, - 167, 167, 168, 168, 169, 169, 170, 170, 170, 171, - 171, 171, 172, 172, 173, 173, 174, 174, 175, 175, - 176, 176, 177, 177, 178, 178, 179, 179, 180, 180, - 180, 181, 181, 181, 182, 182, 182, 183, 183, 184, - 184, 185, 185, 186, 186, 187, 187, 187, 188, 188, - 189, 189, 190, 190, 190, 191, 191, 192, 192, 193, - 193, 194, 194, 194, 195, 195, 196, 196, 197, 197, - 198, 198, 199, 199, 200, 200, 200, 201, 201, 202, - 202, 202, 203, 203, 203, 204, 204, 204, 205, 205, - 205, 205, 206, 206, 206, 207, 207, 207, 208, 208, - 209, 209, 210, 210, 211, 211, 212, 212, 212, 213, - 213, 214, 214, 215, 216, 216, 217, 217, 218, 219, - 220, 220, 221, 221, 222, 222, 223, 223, 223, 224, - 224, 225, 225, 226, 226, 227, 227, 228, 228, 228, - 229, 229, 229, 230, 230, 230, 231, 233, 245, 246, - 247, 247, 247, 247, 247, 248, 250, 262, 263, 264, - 264, 264, 264, 265, 267, 281, 282, 283, 283, 283, - 283, 284, 284, 284, 286, 295, 304, 315, 324, 333, - 342, 353, 362, 374, 389, 400, 417, 434, 447, 462, - 471, 480, 489, 498, 507, 516, 525, 534, 543, 552, - 561, 570, 579, 588, 597, 604, 611, 620, 629, 638, - 652, 661, 670, 679, 686, 693, 719, 727, 734, 741, - 748, 755, 763, 771, 779, 786, 793, 802, 811, 820, - 827, 834, 842, 850, 860, 870, 880, 893, 904, 912, - 925, 934, 943, 952, 962, 972, 980, 993, 1002, 1010, - 1019, 1027, 1040, 1049, 1056, 1066, 1076, 1086, 1096, 1106, - 1116, 1126, 1136, 1143, 1150, 1157, 1166, 1175, 1184, 1191, - 1201, 1218, 1225, 1243, 1256, 1269, 1278, 1287, 1296, 1305, - 1315, 1325, 1334, 1343, 1356, 1369, 1378, 1385, 1394, 1403, - 1412, 1421, 1429, 1442, 1450, 1478, 1485, 1500, 1510, 1520, - 1527, 1534, 1543, 1557, 1576, 1595, 1607, 1619, 1631, 1642, - 1661, 1671, 1680, 1688, 1696, 1709, 1722, 1735, 1748, 1757, - 1766, 1776, 1786, 1796, 1803, 1810, 1819, 1829, 1839, 1849, - 1856, 1863, 1872, 1882, 1892, 1921, 1931, 1939, 1948, 1963, - 1972, 1977, 1978, 1979, 1979, 1979, 1980, 1980, 1980, 1981, - 1981, 1983, 1993, 2002, 2009, 2019, 2026, 2033, 2040, 2047, - 2052, 2053, 2054, 2054, 2055, 2055, 2056, 2056, 2057, 2058, - 2059, 2060, 2061, 2062, 2064, 2072, 2079, 2087, 2095, 2102, - 2109, 2118, 2127, 2136, 2145, 2154, 2163, 2168, 2169, 2170, - 2172, 2178, 2188, 2195, 2204, 2212, 2218, 2219, 2221, 2221, - 2221, 2222, 2222, 2224, 2233, 2243, 2250, 2257 -}; -#endif - -#if YYDEBUG || YYERROR_VERBOSE || 0 -/* YYTNAME[SYMBOL-NUM] -- String name of the symbol SYMBOL-NUM. - First, the terminals, then, starting at YYNTOKENS, nonterminals. */ -static const char *const yytname[] = -{ - "$end", "error", "$undefined", "SPACE", "LETTER", "NEWLINE", "COMMENT", - "COLON", "ANY", "ZONESTR", "STRING_ARG", "VAR_SERVER", "VAR_VERBOSITY", - "VAR_NUM_THREADS", "VAR_PORT", "VAR_OUTGOING_RANGE", "VAR_INTERFACE", - "VAR_DO_IP4", "VAR_DO_IP6", "VAR_PREFER_IP6", "VAR_DO_UDP", "VAR_DO_TCP", - "VAR_TCP_MSS", "VAR_OUTGOING_TCP_MSS", "VAR_CHROOT", "VAR_USERNAME", - "VAR_DIRECTORY", "VAR_LOGFILE", "VAR_PIDFILE", "VAR_MSG_CACHE_SIZE", - "VAR_MSG_CACHE_SLABS", "VAR_NUM_QUERIES_PER_THREAD", - "VAR_RRSET_CACHE_SIZE", "VAR_RRSET_CACHE_SLABS", "VAR_OUTGOING_NUM_TCP", - "VAR_INFRA_HOST_TTL", "VAR_INFRA_LAME_TTL", "VAR_INFRA_CACHE_SLABS", - "VAR_INFRA_CACHE_NUMHOSTS", "VAR_INFRA_CACHE_LAME_SIZE", "VAR_NAME", - "VAR_STUB_ZONE", "VAR_STUB_HOST", "VAR_STUB_ADDR", - "VAR_TARGET_FETCH_POLICY", "VAR_HARDEN_SHORT_BUFSIZE", - "VAR_HARDEN_LARGE_QUERIES", "VAR_FORWARD_ZONE", "VAR_FORWARD_HOST", - "VAR_FORWARD_ADDR", "VAR_DO_NOT_QUERY_ADDRESS", "VAR_HIDE_IDENTITY", - "VAR_HIDE_VERSION", "VAR_IDENTITY", "VAR_VERSION", "VAR_HARDEN_GLUE", - "VAR_MODULE_CONF", "VAR_TRUST_ANCHOR_FILE", "VAR_TRUST_ANCHOR", - "VAR_VAL_OVERRIDE_DATE", "VAR_BOGUS_TTL", "VAR_VAL_CLEAN_ADDITIONAL", - "VAR_VAL_PERMISSIVE_MODE", "VAR_INCOMING_NUM_TCP", "VAR_MSG_BUFFER_SIZE", - "VAR_KEY_CACHE_SIZE", "VAR_KEY_CACHE_SLABS", "VAR_TRUSTED_KEYS_FILE", - "VAR_VAL_NSEC3_KEYSIZE_ITERATIONS", "VAR_USE_SYSLOG", - "VAR_OUTGOING_INTERFACE", "VAR_ROOT_HINTS", "VAR_DO_NOT_QUERY_LOCALHOST", - "VAR_CACHE_MAX_TTL", "VAR_HARDEN_DNSSEC_STRIPPED", "VAR_ACCESS_CONTROL", - "VAR_LOCAL_ZONE", "VAR_LOCAL_DATA", "VAR_INTERFACE_AUTOMATIC", - "VAR_STATISTICS_INTERVAL", "VAR_DO_DAEMONIZE", "VAR_USE_CAPS_FOR_ID", - "VAR_STATISTICS_CUMULATIVE", "VAR_OUTGOING_PORT_PERMIT", - "VAR_OUTGOING_PORT_AVOID", "VAR_DLV_ANCHOR_FILE", "VAR_DLV_ANCHOR", - "VAR_NEG_CACHE_SIZE", "VAR_HARDEN_REFERRAL_PATH", "VAR_PRIVATE_ADDRESS", - "VAR_PRIVATE_DOMAIN", "VAR_REMOTE_CONTROL", "VAR_CONTROL_ENABLE", - "VAR_CONTROL_INTERFACE", "VAR_CONTROL_PORT", "VAR_SERVER_KEY_FILE", - "VAR_SERVER_CERT_FILE", "VAR_CONTROL_KEY_FILE", "VAR_CONTROL_CERT_FILE", - "VAR_CONTROL_USE_CERT", "VAR_EXTENDED_STATISTICS", "VAR_LOCAL_DATA_PTR", - "VAR_JOSTLE_TIMEOUT", "VAR_STUB_PRIME", "VAR_UNWANTED_REPLY_THRESHOLD", - "VAR_LOG_TIME_ASCII", "VAR_DOMAIN_INSECURE", "VAR_PYTHON", - "VAR_PYTHON_SCRIPT", "VAR_VAL_SIG_SKEW_MIN", "VAR_VAL_SIG_SKEW_MAX", - "VAR_CACHE_MIN_TTL", "VAR_VAL_LOG_LEVEL", "VAR_AUTO_TRUST_ANCHOR_FILE", - "VAR_KEEP_MISSING", "VAR_ADD_HOLDDOWN", "VAR_DEL_HOLDDOWN", - "VAR_SO_RCVBUF", "VAR_EDNS_BUFFER_SIZE", "VAR_PREFETCH", - "VAR_PREFETCH_KEY", "VAR_SO_SNDBUF", "VAR_SO_REUSEPORT", - "VAR_HARDEN_BELOW_NXDOMAIN", "VAR_IGNORE_CD_FLAG", "VAR_LOG_QUERIES", - "VAR_LOG_REPLIES", "VAR_TCP_UPSTREAM", "VAR_SSL_UPSTREAM", - "VAR_SSL_SERVICE_KEY", "VAR_SSL_SERVICE_PEM", "VAR_SSL_PORT", - "VAR_FORWARD_FIRST", "VAR_STUB_SSL_UPSTREAM", "VAR_FORWARD_SSL_UPSTREAM", - "VAR_STUB_FIRST", "VAR_MINIMAL_RESPONSES", "VAR_RRSET_ROUNDROBIN", - "VAR_MAX_UDP_SIZE", "VAR_DELAY_CLOSE", "VAR_UNBLOCK_LAN_ZONES", - "VAR_INSECURE_LAN_ZONES", "VAR_INFRA_CACHE_MIN_RTT", "VAR_DNS64_PREFIX", - "VAR_DNS64_SYNTHALL", "VAR_DNSTAP", "VAR_DNSTAP_ENABLE", - "VAR_DNSTAP_SOCKET_PATH", "VAR_DNSTAP_SEND_IDENTITY", - "VAR_DNSTAP_SEND_VERSION", "VAR_DNSTAP_IDENTITY", "VAR_DNSTAP_VERSION", - "VAR_DNSTAP_LOG_RESOLVER_QUERY_MESSAGES", - "VAR_DNSTAP_LOG_RESOLVER_RESPONSE_MESSAGES", - "VAR_DNSTAP_LOG_CLIENT_QUERY_MESSAGES", - "VAR_DNSTAP_LOG_CLIENT_RESPONSE_MESSAGES", - "VAR_DNSTAP_LOG_FORWARDER_QUERY_MESSAGES", - "VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MESSAGES", "VAR_RESPONSE_IP_TAG", - "VAR_RESPONSE_IP", "VAR_RESPONSE_IP_DATA", "VAR_HARDEN_ALGO_DOWNGRADE", - "VAR_IP_TRANSPARENT", "VAR_DISABLE_DNSSEC_LAME_CHECK", - "VAR_IP_RATELIMIT", "VAR_IP_RATELIMIT_SLABS", "VAR_IP_RATELIMIT_SIZE", - "VAR_RATELIMIT", "VAR_RATELIMIT_SLABS", "VAR_RATELIMIT_SIZE", - "VAR_RATELIMIT_FOR_DOMAIN", "VAR_RATELIMIT_BELOW_DOMAIN", - "VAR_IP_RATELIMIT_FACTOR", "VAR_RATELIMIT_FACTOR", - "VAR_SEND_CLIENT_SUBNET", "VAR_CLIENT_SUBNET_ALWAYS_FORWARD", - "VAR_CLIENT_SUBNET_OPCODE", "VAR_MAX_CLIENT_SUBNET_IPV4", - "VAR_MAX_CLIENT_SUBNET_IPV6", "VAR_CAPS_WHITELIST", - "VAR_CACHE_MAX_NEGATIVE_TTL", "VAR_PERMIT_SMALL_HOLDDOWN", - "VAR_QNAME_MINIMISATION", "VAR_QNAME_MINIMISATION_STRICT", - "VAR_IP_FREEBIND", "VAR_DEFINE_TAG", "VAR_LOCAL_ZONE_TAG", - "VAR_ACCESS_CONTROL_TAG", "VAR_LOCAL_ZONE_OVERRIDE", - "VAR_ACCESS_CONTROL_TAG_ACTION", "VAR_ACCESS_CONTROL_TAG_DATA", - "VAR_VIEW", "VAR_ACCESS_CONTROL_VIEW", "VAR_VIEW_FIRST", - "VAR_SERVE_EXPIRED", "VAR_FAKE_DSA", "VAR_FAKE_SHA1", "VAR_LOG_IDENTITY", - "VAR_HIDE_TRUSTANCHOR", "VAR_USE_SYSTEMD", "VAR_SHM_ENABLE", - "VAR_SHM_KEY", "VAR_DNSCRYPT", "VAR_DNSCRYPT_ENABLE", - "VAR_DNSCRYPT_PORT", "VAR_DNSCRYPT_PROVIDER", "VAR_DNSCRYPT_SECRET_KEY", - "VAR_DNSCRYPT_PROVIDER_CERT", "$accept", "toplevelvars", "toplevelvar", - "serverstart", "contents_server", "content_server", "stubstart", - "contents_stub", "content_stub", "forwardstart", "contents_forward", - "content_forward", "viewstart", "contents_view", "content_view", - "server_num_threads", "server_verbosity", "server_statistics_interval", - "server_statistics_cumulative", "server_extended_statistics", - "server_shm_enable", "server_shm_key", "server_port", - "server_send_client_subnet", "server_client_subnet_always_forward", - "server_client_subnet_opcode", "server_max_client_subnet_ipv4", - "server_max_client_subnet_ipv6", "server_interface", - "server_outgoing_interface", "server_outgoing_range", - "server_outgoing_port_permit", "server_outgoing_port_avoid", - "server_outgoing_num_tcp", "server_incoming_num_tcp", - "server_interface_automatic", "server_do_ip4", "server_do_ip6", - "server_do_udp", "server_do_tcp", "server_prefer_ip6", "server_tcp_mss", - "server_outgoing_tcp_mss", "server_tcp_upstream", "server_ssl_upstream", - "server_ssl_service_key", "server_ssl_service_pem", "server_ssl_port", - "server_use_systemd", "server_do_daemonize", "server_use_syslog", - "server_log_time_ascii", "server_log_queries", "server_log_replies", - "server_chroot", "server_username", "server_directory", "server_logfile", - "server_pidfile", "server_root_hints", "server_dlv_anchor_file", - "server_dlv_anchor", "server_auto_trust_anchor_file", - "server_trust_anchor_file", "server_trusted_keys_file", - "server_trust_anchor", "server_domain_insecure", "server_hide_identity", - "server_hide_version", "server_hide_trustanchor", "server_identity", - "server_version", "server_so_rcvbuf", "server_so_sndbuf", - "server_so_reuseport", "server_ip_transparent", "server_ip_freebind", - "server_edns_buffer_size", "server_msg_buffer_size", - "server_msg_cache_size", "server_msg_cache_slabs", - "server_num_queries_per_thread", "server_jostle_timeout", - "server_delay_close", "server_unblock_lan_zones", - "server_insecure_lan_zones", "server_rrset_cache_size", - "server_rrset_cache_slabs", "server_infra_host_ttl", - "server_infra_lame_ttl", "server_infra_cache_numhosts", - "server_infra_cache_lame_size", "server_infra_cache_slabs", - "server_infra_cache_min_rtt", "server_target_fetch_policy", - "server_harden_short_bufsize", "server_harden_large_queries", - "server_harden_glue", "server_harden_dnssec_stripped", - "server_harden_below_nxdomain", "server_harden_referral_path", - "server_harden_algo_downgrade", "server_use_caps_for_id", - "server_caps_whitelist", "server_private_address", - "server_private_domain", "server_prefetch", "server_prefetch_key", - "server_unwanted_reply_threshold", "server_do_not_query_address", - "server_do_not_query_localhost", "server_access_control", - "server_module_conf", "server_val_override_date", - "server_val_sig_skew_min", "server_val_sig_skew_max", - "server_cache_max_ttl", "server_cache_max_negative_ttl", - "server_cache_min_ttl", "server_bogus_ttl", - "server_val_clean_additional", "server_val_permissive_mode", - "server_ignore_cd_flag", "server_serve_expired", "server_fake_dsa", - "server_fake_sha1", "server_val_log_level", - "server_val_nsec3_keysize_iterations", "server_add_holddown", - "server_del_holddown", "server_keep_missing", - "server_permit_small_holddown", "server_key_cache_size", - "server_key_cache_slabs", "server_neg_cache_size", "server_local_zone", - "server_local_data", "server_local_data_ptr", "server_minimal_responses", - "server_rrset_roundrobin", "server_max_udp_size", "server_dns64_prefix", - "server_dns64_synthall", "server_define_tag", "server_local_zone_tag", - "server_access_control_tag", "server_access_control_tag_action", - "server_access_control_tag_data", "server_local_zone_override", - "server_access_control_view", "server_response_ip_tag", - "server_ip_ratelimit", "server_ratelimit", "server_ip_ratelimit_size", - "server_ratelimit_size", "server_ip_ratelimit_slabs", - "server_ratelimit_slabs", "server_ratelimit_for_domain", - "server_ratelimit_below_domain", "server_ip_ratelimit_factor", - "server_ratelimit_factor", "server_qname_minimisation", - "server_qname_minimisation_strict", "stub_name", "stub_host", - "stub_addr", "stub_first", "stub_ssl_upstream", "stub_prime", - "forward_name", "forward_host", "forward_addr", "forward_first", - "forward_ssl_upstream", "view_name", "view_local_zone", - "view_response_ip", "view_response_ip_data", "view_local_data", - "view_local_data_ptr", "view_first", "rcstart", "contents_rc", - "content_rc", "rc_control_enable", "rc_control_port", - "rc_control_interface", "rc_control_use_cert", "rc_server_key_file", - "rc_server_cert_file", "rc_control_key_file", "rc_control_cert_file", - "dtstart", "contents_dt", "content_dt", "dt_dnstap_enable", - "dt_dnstap_socket_path", "dt_dnstap_send_identity", - "dt_dnstap_send_version", "dt_dnstap_identity", "dt_dnstap_version", - "dt_dnstap_log_resolver_query_messages", - "dt_dnstap_log_resolver_response_messages", - "dt_dnstap_log_client_query_messages", - "dt_dnstap_log_client_response_messages", - "dt_dnstap_log_forwarder_query_messages", - "dt_dnstap_log_forwarder_response_messages", "pythonstart", - "contents_py", "content_py", "py_script", - "server_disable_dnssec_lame_check", "server_log_identity", - "server_response_ip", "server_response_ip_data", "dnscstart", - "contents_dnsc", "content_dnsc", "dnsc_dnscrypt_enable", - "dnsc_dnscrypt_port", "dnsc_dnscrypt_provider", - "dnsc_dnscrypt_provider_cert", "dnsc_dnscrypt_secret_key", YY_NULLPTR -}; -#endif - -# ifdef YYPRINT -/* YYTOKNUM[NUM] -- (External) token number corresponding to the - (internal) symbol number NUM (which must be that of a token). */ -static const yytype_uint16 yytoknum[] = -{ - 0, 256, 257, 258, 259, 260, 261, 262, 263, 264, - 265, 266, 267, 268, 269, 270, 271, 272, 273, 274, - 275, 276, 277, 278, 279, 280, 281, 282, 283, 284, - 285, 286, 287, 288, 289, 290, 291, 292, 293, 294, - 295, 296, 297, 298, 299, 300, 301, 302, 303, 304, - 305, 306, 307, 308, 309, 310, 311, 312, 313, 314, - 315, 316, 317, 318, 319, 320, 321, 322, 323, 324, - 325, 326, 327, 328, 329, 330, 331, 332, 333, 334, - 335, 336, 337, 338, 339, 340, 341, 342, 343, 344, - 345, 346, 347, 348, 349, 350, 351, 352, 353, 354, - 355, 356, 357, 358, 359, 360, 361, 362, 363, 364, - 365, 366, 367, 368, 369, 370, 371, 372, 373, 374, - 375, 376, 377, 378, 379, 380, 381, 382, 383, 384, - 385, 386, 387, 388, 389, 390, 391, 392, 393, 394, - 395, 396, 397, 398, 399, 400, 401, 402, 403, 404, - 405, 406, 407, 408, 409, 410, 411, 412, 413, 414, - 415, 416, 417, 418, 419, 420, 421, 422, 423, 424, - 425, 426, 427, 428, 429, 430, 431, 432, 433, 434, - 435, 436, 437, 438, 439, 440, 441, 442, 443, 444, - 445, 446, 447, 448, 449, 450, 451, 452, 453, 454, - 455, 456, 457, 458, 459, 460, 461, 462 -}; -# endif - -#define YYPACT_NINF -162 - -#define yypact_value_is_default(Yystate) \ - (!!((Yystate) == (-162))) - -#define YYTABLE_NINF -1 - -#define yytable_value_is_error(Yytable_value) \ - 0 - - /* YYPACT[STATE-NUM] -- Index in YYTABLE of the portion describing - STATE-NUM. */ -static const yytype_int16 yypact[] = -{ - -162, 0, -162, -162, -162, -162, -162, -162, -162, -162, - -162, -162, -162, -162, -162, -162, -162, -162, -162, -162, - 191, -38, -34, -39, -64, -130, -105, -161, -3, -2, - -1, 2, 3, 26, 29, 30, 38, 39, 40, 41, - 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, - 53, 54, 56, 57, 58, 59, 60, 61, 62, 63, - 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, - 74, 75, 76, 77, 78, 79, 80, 82, 83, 84, - 86, 89, 91, 92, 93, 94, 95, 96, 98, 99, - 100, 101, 102, 103, 104, 105, 106, 107, 108, 109, - 112, 113, 114, 115, 116, 117, 118, 119, 120, 121, - 122, 123, 124, 125, 126, 127, 128, 129, 130, 131, - 132, 133, 134, 136, 137, 138, 139, 140, 141, 142, - 143, 145, 146, 147, 148, 149, 150, 151, 152, 153, - 154, 155, 156, 157, 158, 159, 160, 161, 162, 163, - 164, 165, 166, 167, 168, 169, 170, 171, 172, 173, - 174, 175, 176, 177, 178, 179, 180, 182, 183, 184, - 185, 186, 187, 188, 189, 190, 221, 222, 223, 224, - -162, -162, -162, -162, -162, -162, -162, -162, -162, -162, - -162, -162, -162, -162, -162, -162, -162, -162, -162, -162, - -162, -162, -162, -162, -162, -162, -162, -162, -162, -162, - -162, -162, -162, -162, -162, -162, -162, -162, -162, -162, - -162, -162, -162, -162, -162, -162, -162, -162, -162, -162, - -162, -162, -162, -162, -162, -162, -162, -162, -162, -162, - -162, -162, -162, -162, -162, -162, -162, -162, -162, -162, - -162, -162, -162, -162, -162, -162, -162, -162, -162, -162, - -162, -162, -162, -162, -162, -162, -162, -162, -162, -162, - -162, -162, -162, -162, -162, -162, -162, -162, -162, -162, - -162, -162, -162, -162, -162, -162, -162, -162, -162, -162, - -162, -162, -162, -162, -162, -162, -162, -162, -162, -162, - -162, -162, -162, -162, -162, -162, -162, -162, -162, -162, - -162, -162, -162, -162, -162, -162, -162, -162, -162, -162, - -162, -162, -162, -162, -162, -162, -162, -162, -162, -162, - -162, -162, -162, 228, 229, 230, 272, 273, 274, -162, - -162, -162, -162, -162, -162, -162, 275, 276, 277, 278, - 279, -162, -162, -162, -162, -162, -162, 280, 284, 288, - 289, 313, 314, 315, -162, -162, -162, -162, -162, -162, - -162, -162, 316, 326, 327, 328, 329, 330, 331, 332, - -162, -162, -162, -162, -162, -162, -162, -162, -162, 333, - 334, 335, 336, 337, 338, 372, 374, 383, 384, 385, - 386, -162, -162, -162, -162, -162, -162, -162, -162, -162, - -162, -162, -162, -162, 387, -162, -162, 388, 389, 390, - 391, 392, -162, -162, -162, -162, -162, -162, -162, -162, - -162, -162, -162, -162, -162, -162, -162, -162, -162, -162, - -162, -162, -162, -162, -162, -162, -162, -162, -162, -162, - -162, -162, -162, -162, -162, -162, -162, -162, -162, -162, - -162, -162, -162, -162, -162, -162, -162, -162, -162, -162, - -162, -162, -162, -162, -162, -162, -162, -162, -162, -162, - -162, -162, -162, -162, 393, 394, -162, -162, -162, -162, - -162, -162, -162, -162, -162, -162, -162, -162, -162, -162, - -162, -162, -162, -162, -162, -162, -162, -162, -162, -162, - -162, -162, -162, -162, -162, -162, -162, -162, -162, -162, - -162, -162, -162, -162, -162, -162, -162, -162, -162, -162, - -162, -162, -162, -162, -162, -162, -162, -162, 395, 396, - 397, -162, -162, -162, -162, -162, -162, -162, -162, -162, - 398, 399, -162, -162, -162, -162, -162, -162, -162, -162, - -162, -162, -162, -162, -162, -162, 400, 401, 402, 403, - 404, 405, -162, -162, -162, -162, -162, -162, -162, -162, - -162, -162, -162, -162, -162, -162, -162, -162, -162, -162, - -162, -162, 406, -162, -162, 407, 408, -162, -162, -162, - -162, -162, -162, -162, -162, -162, -162, -162, -162, -162, - -162, -162, -162, -162, -162, -162, -162, -162, -162, -162, - -162, -162, -162, -162, -162, -162, -162, -162, -162, -162, - -162, -162, -162, 409, 410, 411, -162, -162, -162, -162, - -162, -162, -162 -}; - - /* YYDEFACT[STATE-NUM] -- Default reduction number in state STATE-NUM. - Performed when YYTABLE does not specify something else to do. Zero - means the default is an error. */ -static const yytype_uint16 yydefact[] = -{ - 2, 0, 1, 12, 167, 176, 360, 406, 379, 184, - 415, 3, 14, 169, 178, 186, 362, 381, 408, 417, - 4, 5, 6, 10, 8, 9, 7, 11, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 13, 15, 16, 75, 78, 87, 163, 164, 17, 137, - 138, 139, 140, 141, 26, 66, 18, 79, 80, 37, - 59, 74, 19, 20, 22, 23, 21, 24, 25, 110, - 111, 112, 113, 114, 159, 76, 65, 91, 108, 109, - 27, 28, 29, 30, 31, 67, 81, 82, 97, 53, - 63, 54, 92, 47, 48, 166, 49, 50, 101, 105, - 118, 126, 146, 102, 60, 32, 33, 34, 89, 119, - 120, 121, 35, 36, 38, 39, 41, 42, 40, 124, - 43, 44, 45, 51, 70, 106, 84, 125, 77, 142, - 85, 86, 103, 104, 90, 46, 68, 71, 52, 55, - 93, 94, 69, 143, 95, 56, 57, 58, 107, 156, - 157, 165, 96, 64, 98, 99, 100, 144, 61, 62, - 83, 72, 73, 88, 115, 116, 117, 122, 123, 147, - 148, 150, 152, 153, 151, 154, 160, 127, 128, 131, - 132, 129, 130, 133, 134, 136, 135, 145, 155, 149, - 158, 161, 162, 0, 0, 0, 0, 0, 0, 168, - 170, 171, 172, 174, 175, 173, 0, 0, 0, 0, - 0, 177, 179, 180, 181, 182, 183, 0, 0, 0, - 0, 0, 0, 0, 185, 187, 188, 191, 192, 189, - 193, 190, 0, 0, 0, 0, 0, 0, 0, 0, - 361, 363, 365, 364, 370, 366, 367, 368, 369, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 380, 382, 383, 384, 385, 386, 387, 388, 389, - 390, 391, 392, 393, 0, 407, 409, 0, 0, 0, - 0, 0, 416, 418, 419, 420, 422, 421, 195, 194, - 201, 209, 207, 215, 216, 219, 217, 218, 220, 221, - 233, 234, 235, 236, 237, 258, 259, 260, 265, 266, - 212, 267, 268, 271, 269, 270, 273, 274, 275, 288, - 246, 247, 249, 250, 276, 291, 242, 244, 292, 298, - 299, 300, 213, 257, 311, 312, 243, 306, 229, 208, - 238, 289, 295, 277, 0, 0, 315, 214, 196, 228, - 281, 197, 210, 211, 239, 240, 313, 279, 283, 284, - 198, 316, 261, 287, 230, 245, 293, 294, 297, 305, - 241, 309, 307, 308, 251, 256, 285, 286, 252, 253, - 278, 301, 231, 232, 222, 223, 224, 225, 226, 317, - 318, 319, 262, 263, 264, 272, 320, 321, 0, 0, - 0, 280, 254, 411, 330, 334, 332, 331, 335, 333, - 0, 0, 338, 339, 202, 203, 204, 205, 206, 282, - 296, 310, 340, 341, 255, 322, 0, 0, 0, 0, - 0, 0, 302, 303, 304, 412, 248, 227, 199, 200, - 342, 343, 344, 347, 346, 345, 348, 349, 350, 351, - 352, 353, 0, 357, 358, 0, 0, 359, 371, 373, - 372, 375, 376, 377, 378, 374, 394, 395, 396, 397, - 398, 399, 400, 401, 402, 403, 404, 405, 410, 423, - 424, 425, 427, 426, 290, 314, 329, 413, 414, 336, - 337, 323, 324, 0, 0, 0, 328, 354, 355, 356, - 327, 325, 326 -}; - - /* YYPGOTO[NTERM-NUM]. */ -static const yytype_int16 yypgoto[] = -{ - -162, -162, -162, -162, -162, -162, -162, -162, -162, -162, - -162, -162, -162, -162, -162, -162, -162, -162, -162, -162, - -162, -162, -162, -162, -162, -162, -162, -162, -162, -162, - -162, -162, -162, -162, -162, -162, -162, -162, -162, -162, - -162, -162, -162, -162, -162, -162, -162, -162, -162, -162, - -162, -162, -162, -162, -162, -162, -162, -162, -162, -162, - -162, -162, -162, -162, -162, -162, -162, -162, -162, -162, - -162, -162, -162, -162, -162, -162, -162, -162, -162, -162, - -162, -162, -162, -162, -162, -162, -162, -162, -162, -162, - -162, -162, -162, -162, -162, -162, -162, -162, -162, -162, - -162, -162, -162, -162, -162, -162, -162, -162, -162, -162, - -162, -162, -162, -162, -162, -162, -162, -162, -162, -162, - -162, -162, -162, -162, -162, -162, -162, -162, -162, -162, - -162, -162, -162, -162, -162, -162, -162, -162, -162, -162, - -162, -162, -162, -162, -162, -162, -162, -162, -162, -162, - -162, -162, -162, -162, -162, -162, -162, -162, -162, -162, - -162, -162, -162, -162, -162, -162, -162, -162, -162, -162, - -162, -162, -162, -162, -162, -162, -162, -162, -162, -162, - -162, -162, -162, -162, -162, -162, -162, -162, -162, -162, - -162, -162, -162, -162, -162, -162, -162, -162, -162, -162, - -162, -162, -162, -162, -162, -162, -162, -162, -162, -162, - -162, -162, -162, -162, -162, -162, -162, -162, -162, -162, - -162, -162, -162 -}; - - /* YYDEFGOTO[NTERM-NUM]. */ -static const yytype_int16 yydefgoto[] = -{ - -1, 1, 11, 12, 20, 180, 13, 21, 339, 14, - 22, 351, 15, 23, 364, 181, 182, 183, 184, 185, - 186, 187, 188, 189, 190, 191, 192, 193, 194, 195, - 196, 197, 198, 199, 200, 201, 202, 203, 204, 205, - 206, 207, 208, 209, 210, 211, 212, 213, 214, 215, - 216, 217, 218, 219, 220, 221, 222, 223, 224, 225, - 226, 227, 228, 229, 230, 231, 232, 233, 234, 235, - 236, 237, 238, 239, 240, 241, 242, 243, 244, 245, - 246, 247, 248, 249, 250, 251, 252, 253, 254, 255, - 256, 257, 258, 259, 260, 261, 262, 263, 264, 265, - 266, 267, 268, 269, 270, 271, 272, 273, 274, 275, - 276, 277, 278, 279, 280, 281, 282, 283, 284, 285, - 286, 287, 288, 289, 290, 291, 292, 293, 294, 295, - 296, 297, 298, 299, 300, 301, 302, 303, 304, 305, - 306, 307, 308, 309, 310, 311, 312, 313, 314, 315, - 316, 317, 318, 319, 320, 321, 322, 323, 324, 325, - 326, 327, 328, 340, 341, 342, 343, 344, 345, 352, - 353, 354, 355, 356, 365, 366, 367, 368, 369, 370, - 371, 16, 24, 380, 381, 382, 383, 384, 385, 386, - 387, 388, 17, 25, 401, 402, 403, 404, 405, 406, - 407, 408, 409, 410, 411, 412, 413, 18, 26, 415, - 416, 329, 330, 331, 332, 19, 27, 422, 423, 424, - 425, 426, 427 -}; - - /* YYTABLE[YYPACT[STATE-NUM]] -- What to do in state STATE-NUM. If - positive, shift that token. If negative, reduce the rule whose - number is the opposite. If YYTABLE_NINF, syntax error. */ -static const yytype_uint16 yytable[] = -{ - 2, 357, 333, 414, 334, 335, 346, 428, 429, 430, - 0, 3, 431, 432, 347, 348, 389, 390, 391, 392, - 393, 394, 395, 396, 397, 398, 399, 400, 372, 373, - 374, 375, 376, 377, 378, 379, 433, 358, 359, 434, - 435, 4, 417, 418, 419, 420, 421, 5, 436, 437, - 438, 439, 440, 441, 442, 443, 444, 445, 446, 447, - 448, 449, 360, 450, 451, 336, 452, 453, 454, 455, - 456, 457, 458, 459, 460, 461, 462, 463, 464, 465, - 466, 467, 468, 469, 470, 471, 472, 473, 474, 475, - 476, 6, 477, 478, 479, 337, 480, 338, 349, 481, - 350, 482, 483, 484, 485, 486, 487, 7, 488, 489, - 490, 491, 492, 493, 494, 495, 496, 497, 498, 499, - 361, 362, 500, 501, 502, 503, 504, 505, 506, 507, - 508, 509, 510, 511, 512, 513, 514, 515, 516, 517, - 518, 519, 520, 521, 522, 8, 523, 524, 525, 526, - 527, 528, 529, 530, 363, 531, 532, 533, 534, 535, - 536, 537, 538, 539, 540, 541, 542, 543, 544, 545, - 546, 547, 548, 549, 550, 551, 552, 553, 554, 555, - 556, 557, 558, 559, 560, 561, 562, 563, 564, 565, - 566, 9, 567, 568, 569, 570, 571, 572, 573, 574, - 575, 0, 10, 28, 29, 30, 31, 32, 33, 34, - 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, - 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, - 55, 576, 577, 578, 579, 56, 57, 58, 580, 581, - 582, 59, 60, 61, 62, 63, 64, 65, 66, 67, - 68, 69, 70, 71, 72, 73, 74, 75, 76, 77, - 78, 79, 80, 81, 82, 83, 84, 85, 86, 87, - 88, 89, 90, 91, 92, 93, 94, 95, 96, 97, - 98, 99, 583, 584, 585, 586, 587, 588, 589, 590, - 591, 100, 101, 102, 592, 103, 104, 105, 593, 594, - 106, 107, 108, 109, 110, 111, 112, 113, 114, 115, - 116, 117, 118, 119, 120, 121, 122, 123, 124, 125, - 126, 127, 128, 595, 596, 597, 598, 129, 130, 131, - 132, 133, 134, 135, 136, 137, 599, 600, 601, 602, - 603, 604, 605, 606, 607, 608, 609, 610, 611, 138, - 139, 140, 141, 142, 143, 144, 145, 146, 147, 148, - 149, 150, 151, 152, 153, 154, 155, 156, 157, 158, - 159, 160, 161, 162, 163, 164, 165, 166, 167, 168, - 169, 170, 612, 171, 613, 172, 173, 174, 175, 176, - 177, 178, 179, 614, 615, 616, 617, 618, 619, 620, - 621, 622, 623, 624, 625, 626, 627, 628, 629, 630, - 631, 632, 633, 634, 635, 636, 637, 638, 639, 640, - 641, 642 -}; - -static const yytype_int16 yycheck[] = -{ - 0, 40, 40, 108, 42, 43, 40, 10, 10, 10, - -1, 11, 10, 10, 48, 49, 146, 147, 148, 149, - 150, 151, 152, 153, 154, 155, 156, 157, 92, 93, - 94, 95, 96, 97, 98, 99, 10, 76, 77, 10, - 10, 41, 203, 204, 205, 206, 207, 47, 10, 10, - 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, - 10, 10, 101, 10, 10, 103, 10, 10, 10, 10, - 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, - 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, - 10, 91, 10, 10, 10, 133, 10, 135, 132, 10, - 134, 10, 10, 10, 10, 10, 10, 107, 10, 10, - 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, - 159, 160, 10, 10, 10, 10, 10, 10, 10, 10, - 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, - 10, 10, 10, 10, 10, 145, 10, 10, 10, 10, - 10, 10, 10, 10, 193, 10, 10, 10, 10, 10, - 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, - 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, - 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, - 10, 191, 10, 10, 10, 10, 10, 10, 10, 10, - 10, -1, 202, 12, 13, 14, 15, 16, 17, 18, - 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, - 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, - 39, 10, 10, 10, 10, 44, 45, 46, 10, 10, - 10, 50, 51, 52, 53, 54, 55, 56, 57, 58, - 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, - 69, 70, 71, 72, 73, 74, 75, 76, 77, 78, - 79, 80, 81, 82, 83, 84, 85, 86, 87, 88, - 89, 90, 10, 10, 10, 10, 10, 10, 10, 10, - 10, 100, 101, 102, 10, 104, 105, 106, 10, 10, - 109, 110, 111, 112, 113, 114, 115, 116, 117, 118, - 119, 120, 121, 122, 123, 124, 125, 126, 127, 128, - 129, 130, 131, 10, 10, 10, 10, 136, 137, 138, - 139, 140, 141, 142, 143, 144, 10, 10, 10, 10, - 10, 10, 10, 10, 10, 10, 10, 10, 10, 158, - 159, 160, 161, 162, 163, 164, 165, 166, 167, 168, - 169, 170, 171, 172, 173, 174, 175, 176, 177, 178, - 179, 180, 181, 182, 183, 184, 185, 186, 187, 188, - 189, 190, 10, 192, 10, 194, 195, 196, 197, 198, - 199, 200, 201, 10, 10, 10, 10, 10, 10, 10, - 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, - 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, - 10, 10 -}; - - /* YYSTOS[STATE-NUM] -- The (internal number of the) accessing - symbol of state STATE-NUM. */ -static const yytype_uint16 yystos[] = -{ - 0, 209, 0, 11, 41, 47, 91, 107, 145, 191, - 202, 210, 211, 214, 217, 220, 389, 400, 415, 423, - 212, 215, 218, 221, 390, 401, 416, 424, 12, 13, - 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, - 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, - 34, 35, 36, 37, 38, 39, 44, 45, 46, 50, - 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, - 61, 62, 63, 64, 65, 66, 67, 68, 69, 70, - 71, 72, 73, 74, 75, 76, 77, 78, 79, 80, - 81, 82, 83, 84, 85, 86, 87, 88, 89, 90, - 100, 101, 102, 104, 105, 106, 109, 110, 111, 112, - 113, 114, 115, 116, 117, 118, 119, 120, 121, 122, - 123, 124, 125, 126, 127, 128, 129, 130, 131, 136, - 137, 138, 139, 140, 141, 142, 143, 144, 158, 159, - 160, 161, 162, 163, 164, 165, 166, 167, 168, 169, - 170, 171, 172, 173, 174, 175, 176, 177, 178, 179, - 180, 181, 182, 183, 184, 185, 186, 187, 188, 189, - 190, 192, 194, 195, 196, 197, 198, 199, 200, 201, - 213, 223, 224, 225, 226, 227, 228, 229, 230, 231, - 232, 233, 234, 235, 236, 237, 238, 239, 240, 241, - 242, 243, 244, 245, 246, 247, 248, 249, 250, 251, - 252, 253, 254, 255, 256, 257, 258, 259, 260, 261, - 262, 263, 264, 265, 266, 267, 268, 269, 270, 271, - 272, 273, 274, 275, 276, 277, 278, 279, 280, 281, - 282, 283, 284, 285, 286, 287, 288, 289, 290, 291, - 292, 293, 294, 295, 296, 297, 298, 299, 300, 301, - 302, 303, 304, 305, 306, 307, 308, 309, 310, 311, - 312, 313, 314, 315, 316, 317, 318, 319, 320, 321, - 322, 323, 324, 325, 326, 327, 328, 329, 330, 331, - 332, 333, 334, 335, 336, 337, 338, 339, 340, 341, - 342, 343, 344, 345, 346, 347, 348, 349, 350, 351, - 352, 353, 354, 355, 356, 357, 358, 359, 360, 361, - 362, 363, 364, 365, 366, 367, 368, 369, 370, 419, - 420, 421, 422, 40, 42, 43, 103, 133, 135, 216, - 371, 372, 373, 374, 375, 376, 40, 48, 49, 132, - 134, 219, 377, 378, 379, 380, 381, 40, 76, 77, - 101, 159, 160, 193, 222, 382, 383, 384, 385, 386, - 387, 388, 92, 93, 94, 95, 96, 97, 98, 99, - 391, 392, 393, 394, 395, 396, 397, 398, 399, 146, - 147, 148, 149, 150, 151, 152, 153, 154, 155, 156, - 157, 402, 403, 404, 405, 406, 407, 408, 409, 410, - 411, 412, 413, 414, 108, 417, 418, 203, 204, 205, - 206, 207, 425, 426, 427, 428, 429, 430, 10, 10, - 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, - 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, - 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, - 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, - 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, - 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, - 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, - 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, - 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, - 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, - 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, - 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, - 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, - 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, - 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, - 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, - 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, - 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, - 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, - 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, - 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, - 10, 10, 10 -}; - - /* YYR1[YYN] -- Symbol number of symbol that rule YYN derives. */ -static const yytype_uint16 yyr1[] = -{ - 0, 208, 209, 209, 210, 210, 210, 210, 210, 210, - 210, 210, 211, 212, 212, 213, 213, 213, 213, 213, - 213, 213, 213, 213, 213, 213, 213, 213, 213, 213, - 213, 213, 213, 213, 213, 213, 213, 213, 213, 213, - 213, 213, 213, 213, 213, 213, 213, 213, 213, 213, - 213, 213, 213, 213, 213, 213, 213, 213, 213, 213, - 213, 213, 213, 213, 213, 213, 213, 213, 213, 213, - 213, 213, 213, 213, 213, 213, 213, 213, 213, 213, - 213, 213, 213, 213, 213, 213, 213, 213, 213, 213, - 213, 213, 213, 213, 213, 213, 213, 213, 213, 213, - 213, 213, 213, 213, 213, 213, 213, 213, 213, 213, - 213, 213, 213, 213, 213, 213, 213, 213, 213, 213, - 213, 213, 213, 213, 213, 213, 213, 213, 213, 213, - 213, 213, 213, 213, 213, 213, 213, 213, 213, 213, - 213, 213, 213, 213, 213, 213, 213, 213, 213, 213, - 213, 213, 213, 213, 213, 213, 213, 213, 213, 213, - 213, 213, 213, 213, 213, 213, 213, 214, 215, 215, - 216, 216, 216, 216, 216, 216, 217, 218, 218, 219, - 219, 219, 219, 219, 220, 221, 221, 222, 222, 222, - 222, 222, 222, 222, 223, 224, 225, 226, 227, 228, - 229, 230, 231, 232, 233, 234, 235, 236, 237, 238, - 239, 240, 241, 242, 243, 244, 245, 246, 247, 248, - 249, 250, 251, 252, 253, 254, 255, 256, 257, 258, - 259, 260, 261, 262, 263, 264, 265, 266, 267, 268, - 269, 270, 271, 272, 273, 274, 275, 276, 277, 278, - 279, 280, 281, 282, 283, 284, 285, 286, 287, 288, - 289, 290, 291, 292, 293, 294, 295, 296, 297, 298, - 299, 300, 301, 302, 303, 304, 305, 306, 307, 308, - 309, 310, 311, 312, 313, 314, 315, 316, 317, 318, - 319, 320, 321, 322, 323, 324, 325, 326, 327, 328, - 329, 330, 331, 332, 333, 334, 335, 336, 337, 338, - 339, 340, 341, 342, 343, 344, 345, 346, 347, 348, - 349, 350, 351, 352, 353, 354, 355, 356, 357, 358, - 359, 360, 361, 362, 363, 364, 365, 366, 367, 368, - 369, 370, 371, 372, 373, 374, 375, 376, 377, 378, - 379, 380, 381, 382, 383, 384, 385, 386, 387, 388, - 389, 390, 390, 391, 391, 391, 391, 391, 391, 391, - 391, 392, 393, 394, 395, 396, 397, 398, 399, 400, - 401, 401, 402, 402, 402, 402, 402, 402, 402, 402, - 402, 402, 402, 402, 403, 404, 405, 406, 407, 408, - 409, 410, 411, 412, 413, 414, 415, 416, 416, 417, - 418, 419, 420, 421, 422, 423, 424, 424, 425, 425, - 425, 425, 425, 426, 427, 428, 429, 430 -}; - - /* YYR2[YYN] -- Number of symbols on the right hand side of rule YYN. */ -static const yytype_uint8 yyr2[] = -{ - 0, 2, 0, 2, 2, 2, 2, 2, 2, 2, - 2, 2, 1, 2, 0, 1, 1, 1, 1, 1, - 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - 1, 1, 1, 1, 1, 1, 1, 1, 2, 0, - 1, 1, 1, 1, 1, 1, 1, 2, 0, 1, - 1, 1, 1, 1, 1, 2, 0, 1, 1, 1, - 1, 1, 1, 1, 2, 2, 2, 2, 2, 2, - 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, - 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, - 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, - 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, - 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, - 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, - 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, - 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, - 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, - 3, 2, 2, 2, 2, 2, 2, 2, 2, 2, - 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, - 2, 2, 2, 2, 3, 2, 2, 2, 2, 2, - 2, 2, 2, 3, 3, 4, 4, 4, 3, 3, - 2, 2, 2, 2, 2, 2, 3, 3, 2, 2, - 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, - 2, 2, 2, 2, 3, 3, 3, 2, 2, 2, - 1, 2, 0, 1, 1, 1, 1, 1, 1, 1, - 1, 2, 2, 2, 2, 2, 2, 2, 2, 1, - 2, 0, 1, 1, 1, 1, 1, 1, 1, 1, - 1, 1, 1, 1, 2, 2, 2, 2, 2, 2, - 2, 2, 2, 2, 2, 2, 1, 2, 0, 1, - 2, 2, 2, 3, 3, 1, 2, 0, 1, 1, - 1, 1, 1, 2, 2, 2, 2, 2 -}; - - -#define yyerrok (yyerrstatus = 0) -#define yyclearin (yychar = YYEMPTY) -#define YYEMPTY (-2) -#define YYEOF 0 - -#define YYACCEPT goto yyacceptlab -#define YYABORT goto yyabortlab -#define YYERROR goto yyerrorlab - - -#define YYRECOVERING() (!!yyerrstatus) - -#define YYBACKUP(Token, Value) \ -do \ - if (yychar == YYEMPTY) \ - { \ - yychar = (Token); \ - yylval = (Value); \ - YYPOPSTACK (yylen); \ - yystate = *yyssp; \ - goto yybackup; \ - } \ - else \ - { \ - yyerror (YY_("syntax error: cannot back up")); \ - YYERROR; \ - } \ -while (0) - -/* Error token number */ -#define YYTERROR 1 -#define YYERRCODE 256 - - - -/* Enable debugging if requested. */ -#if YYDEBUG - -# ifndef YYFPRINTF -# include /* INFRINGES ON USER NAME SPACE */ -# define YYFPRINTF fprintf -# endif - -# define YYDPRINTF(Args) \ -do { \ - if (yydebug) \ - YYFPRINTF Args; \ -} while (0) - -/* This macro is provided for backward compatibility. */ -#ifndef YY_LOCATION_PRINT -# define YY_LOCATION_PRINT(File, Loc) ((void) 0) -#endif - - -# define YY_SYMBOL_PRINT(Title, Type, Value, Location) \ -do { \ - if (yydebug) \ - { \ - YYFPRINTF (stderr, "%s ", Title); \ - yy_symbol_print (stderr, \ - Type, Value); \ - YYFPRINTF (stderr, "\n"); \ - } \ -} while (0) - - -/*----------------------------------------. -| Print this symbol's value on YYOUTPUT. | -`----------------------------------------*/ - -static void -yy_symbol_value_print (FILE *yyoutput, int yytype, YYSTYPE const * const yyvaluep) -{ - FILE *yyo = yyoutput; - YYUSE (yyo); - if (!yyvaluep) - return; -# ifdef YYPRINT - if (yytype < YYNTOKENS) - YYPRINT (yyoutput, yytoknum[yytype], *yyvaluep); -# endif - YYUSE (yytype); -} - - -/*--------------------------------. -| Print this symbol on YYOUTPUT. | -`--------------------------------*/ - -static void -yy_symbol_print (FILE *yyoutput, int yytype, YYSTYPE const * const yyvaluep) -{ - YYFPRINTF (yyoutput, "%s %s (", - yytype < YYNTOKENS ? "token" : "nterm", yytname[yytype]); - - yy_symbol_value_print (yyoutput, yytype, yyvaluep); - YYFPRINTF (yyoutput, ")"); -} - -/*------------------------------------------------------------------. -| yy_stack_print -- Print the state stack from its BOTTOM up to its | -| TOP (included). | -`------------------------------------------------------------------*/ - -static void -yy_stack_print (yytype_int16 *yybottom, yytype_int16 *yytop) -{ - YYFPRINTF (stderr, "Stack now"); - for (; yybottom <= yytop; yybottom++) - { - int yybot = *yybottom; - YYFPRINTF (stderr, " %d", yybot); - } - YYFPRINTF (stderr, "\n"); -} - -# define YY_STACK_PRINT(Bottom, Top) \ -do { \ - if (yydebug) \ - yy_stack_print ((Bottom), (Top)); \ -} while (0) - - -/*------------------------------------------------. -| Report that the YYRULE is going to be reduced. | -`------------------------------------------------*/ - -static void -yy_reduce_print (yytype_int16 *yyssp, YYSTYPE *yyvsp, int yyrule) -{ - unsigned long int yylno = yyrline[yyrule]; - int yynrhs = yyr2[yyrule]; - int yyi; - YYFPRINTF (stderr, "Reducing stack by rule %d (line %lu):\n", - yyrule - 1, yylno); - /* The symbols being reduced. */ - for (yyi = 0; yyi < yynrhs; yyi++) - { - YYFPRINTF (stderr, " $%d = ", yyi + 1); - yy_symbol_print (stderr, - yystos[yyssp[yyi + 1 - yynrhs]], - &(yyvsp[(yyi + 1) - (yynrhs)]) - ); - YYFPRINTF (stderr, "\n"); - } -} - -# define YY_REDUCE_PRINT(Rule) \ -do { \ - if (yydebug) \ - yy_reduce_print (yyssp, yyvsp, Rule); \ -} while (0) - -/* Nonzero means print parse trace. It is left uninitialized so that - multiple parsers can coexist. */ -int yydebug; -#else /* !YYDEBUG */ -# define YYDPRINTF(Args) -# define YY_SYMBOL_PRINT(Title, Type, Value, Location) -# define YY_STACK_PRINT(Bottom, Top) -# define YY_REDUCE_PRINT(Rule) -#endif /* !YYDEBUG */ - - -/* YYINITDEPTH -- initial size of the parser's stacks. */ -#ifndef YYINITDEPTH -# define YYINITDEPTH 200 -#endif - -/* YYMAXDEPTH -- maximum size the stacks can grow to (effective only - if the built-in stack extension method is used). - - Do not make this value too large; the results are undefined if - YYSTACK_ALLOC_MAXIMUM < YYSTACK_BYTES (YYMAXDEPTH) - evaluated with infinite-precision integer arithmetic. */ - -#ifndef YYMAXDEPTH -# define YYMAXDEPTH 10000 -#endif - - -#if YYERROR_VERBOSE - -# ifndef yystrlen -# if defined __GLIBC__ && defined _STRING_H -# define yystrlen strlen -# else -/* Return the length of YYSTR. */ -static YYSIZE_T -yystrlen (const char *yystr) -{ - YYSIZE_T yylen; - for (yylen = 0; yystr[yylen]; yylen++) - continue; - return yylen; -} -# endif -# endif - -# ifndef yystpcpy -# if defined __GLIBC__ && defined _STRING_H && defined _GNU_SOURCE -# define yystpcpy stpcpy -# else -/* Copy YYSRC to YYDEST, returning the address of the terminating '\0' in - YYDEST. */ -static char * -yystpcpy (char *yydest, const char *yysrc) -{ - char *yyd = yydest; - const char *yys = yysrc; - - while ((*yyd++ = *yys++) != '\0') - continue; - - return yyd - 1; -} -# endif -# endif - -# ifndef yytnamerr -/* Copy to YYRES the contents of YYSTR after stripping away unnecessary - quotes and backslashes, so that it's suitable for yyerror. The - heuristic is that double-quoting is unnecessary unless the string - contains an apostrophe, a comma, or backslash (other than - backslash-backslash). YYSTR is taken from yytname. If YYRES is - null, do not copy; instead, return the length of what the result - would have been. */ -static YYSIZE_T -yytnamerr (char *yyres, const char *yystr) -{ - if (*yystr == '"') - { - YYSIZE_T yyn = 0; - char const *yyp = yystr; - - for (;;) - switch (*++yyp) - { - case '\'': - case ',': - goto do_not_strip_quotes; - - case '\\': - if (*++yyp != '\\') - goto do_not_strip_quotes; - /* Fall through. */ - default: - if (yyres) - yyres[yyn] = *yyp; - yyn++; - break; - - case '"': - if (yyres) - yyres[yyn] = '\0'; - return yyn; - } - do_not_strip_quotes: ; - } - - if (! yyres) - return yystrlen (yystr); - - return yystpcpy (yyres, yystr) - yyres; -} -# endif - -/* Copy into *YYMSG, which is of size *YYMSG_ALLOC, an error message - about the unexpected token YYTOKEN for the state stack whose top is - YYSSP. - - Return 0 if *YYMSG was successfully written. Return 1 if *YYMSG is - not large enough to hold the message. In that case, also set - *YYMSG_ALLOC to the required number of bytes. Return 2 if the - required number of bytes is too large to store. */ -static int -yysyntax_error (YYSIZE_T *yymsg_alloc, char **yymsg, - yytype_int16 *yyssp, int yytoken) -{ - YYSIZE_T yysize0 = yytnamerr (YY_NULLPTR, yytname[yytoken]); - YYSIZE_T yysize = yysize0; - enum { YYERROR_VERBOSE_ARGS_MAXIMUM = 5 }; - /* Internationalized format string. */ - const char *yyformat = YY_NULLPTR; - /* Arguments of yyformat. */ - char const *yyarg[YYERROR_VERBOSE_ARGS_MAXIMUM]; - /* Number of reported tokens (one for the "unexpected", one per - "expected"). */ - int yycount = 0; - - /* There are many possibilities here to consider: - - If this state is a consistent state with a default action, then - the only way this function was invoked is if the default action - is an error action. In that case, don't check for expected - tokens because there are none. - - The only way there can be no lookahead present (in yychar) is if - this state is a consistent state with a default action. Thus, - detecting the absence of a lookahead is sufficient to determine - that there is no unexpected or expected token to report. In that - case, just report a simple "syntax error". - - Don't assume there isn't a lookahead just because this state is a - consistent state with a default action. There might have been a - previous inconsistent state, consistent state with a non-default - action, or user semantic action that manipulated yychar. - - Of course, the expected token list depends on states to have - correct lookahead information, and it depends on the parser not - to perform extra reductions after fetching a lookahead from the - scanner and before detecting a syntax error. Thus, state merging - (from LALR or IELR) and default reductions corrupt the expected - token list. However, the list is correct for canonical LR with - one exception: it will still contain any token that will not be - accepted due to an error action in a later state. - */ - if (yytoken != YYEMPTY) - { - int yyn = yypact[*yyssp]; - yyarg[yycount++] = yytname[yytoken]; - if (!yypact_value_is_default (yyn)) - { - /* Start YYX at -YYN if negative to avoid negative indexes in - YYCHECK. In other words, skip the first -YYN actions for - this state because they are default actions. */ - int yyxbegin = yyn < 0 ? -yyn : 0; - /* Stay within bounds of both yycheck and yytname. */ - int yychecklim = YYLAST - yyn + 1; - int yyxend = yychecklim < YYNTOKENS ? yychecklim : YYNTOKENS; - int yyx; - - for (yyx = yyxbegin; yyx < yyxend; ++yyx) - if (yycheck[yyx + yyn] == yyx && yyx != YYTERROR - && !yytable_value_is_error (yytable[yyx + yyn])) - { - if (yycount == YYERROR_VERBOSE_ARGS_MAXIMUM) - { - yycount = 1; - yysize = yysize0; - break; - } - yyarg[yycount++] = yytname[yyx]; - { - YYSIZE_T yysize1 = yysize + yytnamerr (YY_NULLPTR, yytname[yyx]); - if (! (yysize <= yysize1 - && yysize1 <= YYSTACK_ALLOC_MAXIMUM)) - return 2; - yysize = yysize1; - } - } - } - } - - switch (yycount) - { -# define YYCASE_(N, S) \ - case N: \ - yyformat = S; \ - break - YYCASE_(0, YY_("syntax error")); - YYCASE_(1, YY_("syntax error, unexpected %s")); - YYCASE_(2, YY_("syntax error, unexpected %s, expecting %s")); - YYCASE_(3, YY_("syntax error, unexpected %s, expecting %s or %s")); - YYCASE_(4, YY_("syntax error, unexpected %s, expecting %s or %s or %s")); - YYCASE_(5, YY_("syntax error, unexpected %s, expecting %s or %s or %s or %s")); -# undef YYCASE_ - } - - { - YYSIZE_T yysize1 = yysize + yystrlen (yyformat); - if (! (yysize <= yysize1 && yysize1 <= YYSTACK_ALLOC_MAXIMUM)) - return 2; - yysize = yysize1; - } - - if (*yymsg_alloc < yysize) - { - *yymsg_alloc = 2 * yysize; - if (! (yysize <= *yymsg_alloc - && *yymsg_alloc <= YYSTACK_ALLOC_MAXIMUM)) - *yymsg_alloc = YYSTACK_ALLOC_MAXIMUM; - return 1; - } - - /* Avoid sprintf, as that infringes on the user's name space. - Don't have undefined behavior even if the translation - produced a string with the wrong number of "%s"s. */ - { - char *yyp = *yymsg; - int yyi = 0; - while ((*yyp = *yyformat) != '\0') - if (*yyp == '%' && yyformat[1] == 's' && yyi < yycount) - { - yyp += yytnamerr (yyp, yyarg[yyi++]); - yyformat += 2; - } - else - { - yyp++; - yyformat++; - } - } - return 0; -} -#endif /* YYERROR_VERBOSE */ - -/*-----------------------------------------------. -| Release the memory associated to this symbol. | -`-----------------------------------------------*/ - -static void -yydestruct (const char *yymsg, int yytype, YYSTYPE *yyvaluep) -{ - YYUSE (yyvaluep); - if (!yymsg) - yymsg = "Deleting"; - YY_SYMBOL_PRINT (yymsg, yytype, yyvaluep, yylocationp); - - YY_IGNORE_MAYBE_UNINITIALIZED_BEGIN - YYUSE (yytype); - YY_IGNORE_MAYBE_UNINITIALIZED_END -} - - - - -/* The lookahead symbol. */ -int yychar; - -/* The semantic value of the lookahead symbol. */ -YYSTYPE yylval; -/* Number of syntax errors so far. */ -int yynerrs; - - -/*----------. -| yyparse. | -`----------*/ - -int -yyparse (void) -{ - int yystate; - /* Number of tokens to shift before error messages enabled. */ - int yyerrstatus; - - /* The stacks and their tools: - 'yyss': related to states. - 'yyvs': related to semantic values. - - Refer to the stacks through separate pointers, to allow yyoverflow - to reallocate them elsewhere. */ - - /* The state stack. */ - yytype_int16 yyssa[YYINITDEPTH]; - yytype_int16 *yyss; - yytype_int16 *yyssp; - - /* The semantic value stack. */ - YYSTYPE yyvsa[YYINITDEPTH]; - YYSTYPE *yyvs; - YYSTYPE *yyvsp; - - YYSIZE_T yystacksize; - - int yyn; - int yyresult; - /* Lookahead token as an internal (translated) token number. */ - int yytoken = 0; - /* The variables used to return semantic value and location from the - action routines. */ - YYSTYPE yyval; - -#if YYERROR_VERBOSE - /* Buffer for error messages, and its allocated size. */ - char yymsgbuf[128]; - char *yymsg = yymsgbuf; - YYSIZE_T yymsg_alloc = sizeof yymsgbuf; -#endif - -#define YYPOPSTACK(N) (yyvsp -= (N), yyssp -= (N)) - - /* The number of symbols on the RHS of the reduced rule. - Keep to zero when no symbol should be popped. */ - int yylen = 0; - - yyssp = yyss = yyssa; - yyvsp = yyvs = yyvsa; - yystacksize = YYINITDEPTH; - - YYDPRINTF ((stderr, "Starting parse\n")); - - yystate = 0; - yyerrstatus = 0; - yynerrs = 0; - yychar = YYEMPTY; /* Cause a token to be read. */ - goto yysetstate; - -/*------------------------------------------------------------. -| yynewstate -- Push a new state, which is found in yystate. | -`------------------------------------------------------------*/ - yynewstate: - /* In all cases, when you get here, the value and location stacks - have just been pushed. So pushing a state here evens the stacks. */ - yyssp++; - - yysetstate: - *yyssp = yystate; - - if (yyss + yystacksize - 1 <= yyssp) - { - /* Get the current used size of the three stacks, in elements. */ - YYSIZE_T yysize = yyssp - yyss + 1; - -#ifdef yyoverflow - { - /* Give user a chance to reallocate the stack. Use copies of - these so that the &'s don't force the real ones into - memory. */ - YYSTYPE *yyvs1 = yyvs; - yytype_int16 *yyss1 = yyss; - - /* Each stack pointer address is followed by the size of the - data in use in that stack, in bytes. This used to be a - conditional around just the two extra args, but that might - be undefined if yyoverflow is a macro. */ - yyoverflow (YY_("memory exhausted"), - &yyss1, yysize * sizeof (*yyssp), - &yyvs1, yysize * sizeof (*yyvsp), - &yystacksize); - - yyss = yyss1; - yyvs = yyvs1; - } -#else /* no yyoverflow */ -# ifndef YYSTACK_RELOCATE - goto yyexhaustedlab; -# else - /* Extend the stack our own way. */ - if (YYMAXDEPTH <= yystacksize) - goto yyexhaustedlab; - yystacksize *= 2; - if (YYMAXDEPTH < yystacksize) - yystacksize = YYMAXDEPTH; - - { - yytype_int16 *yyss1 = yyss; - union yyalloc *yyptr = - (union yyalloc *) YYSTACK_ALLOC (YYSTACK_BYTES (yystacksize)); - if (! yyptr) - goto yyexhaustedlab; - YYSTACK_RELOCATE (yyss_alloc, yyss); - YYSTACK_RELOCATE (yyvs_alloc, yyvs); -# undef YYSTACK_RELOCATE - if (yyss1 != yyssa) - YYSTACK_FREE (yyss1); - } -# endif -#endif /* no yyoverflow */ - - yyssp = yyss + yysize - 1; - yyvsp = yyvs + yysize - 1; - - YYDPRINTF ((stderr, "Stack size increased to %lu\n", - (unsigned long int) yystacksize)); - - if (yyss + yystacksize - 1 <= yyssp) - YYABORT; - } - - YYDPRINTF ((stderr, "Entering state %d\n", yystate)); - - if (yystate == YYFINAL) - YYACCEPT; - - goto yybackup; - -/*-----------. -| yybackup. | -`-----------*/ -yybackup: - - /* Do appropriate processing given the current state. Read a - lookahead token if we need one and don't already have one. */ - - /* First try to decide what to do without reference to lookahead token. */ - yyn = yypact[yystate]; - if (yypact_value_is_default (yyn)) - goto yydefault; - - /* Not known => get a lookahead token if don't already have one. */ - - /* YYCHAR is either YYEMPTY or YYEOF or a valid lookahead symbol. */ - if (yychar == YYEMPTY) - { - YYDPRINTF ((stderr, "Reading a token: ")); - yychar = yylex (); - } - - if (yychar <= YYEOF) - { - yychar = yytoken = YYEOF; - YYDPRINTF ((stderr, "Now at end of input.\n")); - } - else - { - yytoken = YYTRANSLATE (yychar); - YY_SYMBOL_PRINT ("Next token is", yytoken, &yylval, &yylloc); - } - - /* If the proper action on seeing token YYTOKEN is to reduce or to - detect an error, take that action. */ - yyn += yytoken; - if (yyn < 0 || YYLAST < yyn || yycheck[yyn] != yytoken) - goto yydefault; - yyn = yytable[yyn]; - if (yyn <= 0) - { - if (yytable_value_is_error (yyn)) - goto yyerrlab; - yyn = -yyn; - goto yyreduce; - } - - /* Count tokens shifted since error; after three, turn off error - status. */ - if (yyerrstatus) - yyerrstatus--; - - /* Shift the lookahead token. */ - YY_SYMBOL_PRINT ("Shifting", yytoken, &yylval, &yylloc); - - /* Discard the shifted token. */ - yychar = YYEMPTY; - - yystate = yyn; - YY_IGNORE_MAYBE_UNINITIALIZED_BEGIN - *++yyvsp = yylval; - YY_IGNORE_MAYBE_UNINITIALIZED_END - - goto yynewstate; - - -/*-----------------------------------------------------------. -| yydefault -- do the default action for the current state. | -`-----------------------------------------------------------*/ -yydefault: - yyn = yydefact[yystate]; - if (yyn == 0) - goto yyerrlab; - goto yyreduce; - - -/*-----------------------------. -| yyreduce -- Do a reduction. | -`-----------------------------*/ -yyreduce: - /* yyn is the number of a rule to reduce with. */ - yylen = yyr2[yyn]; - - /* If YYLEN is nonzero, implement the default value of the action: - '$$ = $1'. - - Otherwise, the following line sets YYVAL to garbage. - This behavior is undocumented and Bison - users should not rely upon it. Assigning to YYVAL - unconditionally makes the parser a bit smaller, and it avoids a - GCC warning that YYVAL may be used uninitialized. */ - yyval = yyvsp[1-yylen]; - - - YY_REDUCE_PRINT (yyn); - switch (yyn) - { - case 12: -#line 159 "util/configparser.y" /* yacc.c:1646 */ - { - OUTYY(("\nP(server:)\n")); - } -#line 2285 "util/configparser.c" /* yacc.c:1646 */ - break; - - case 167: -#line 234 "util/configparser.y" /* yacc.c:1646 */ - { - struct config_stub* s; - OUTYY(("\nP(stub_zone:)\n")); - s = (struct config_stub*)calloc(1, sizeof(struct config_stub)); - if(s) { - s->next = cfg_parser->cfg->stubs; - cfg_parser->cfg->stubs = s; - } else - yyerror("out of memory"); - } -#line 2300 "util/configparser.c" /* yacc.c:1646 */ - break; - - case 176: -#line 251 "util/configparser.y" /* yacc.c:1646 */ - { - struct config_stub* s; - OUTYY(("\nP(forward_zone:)\n")); - s = (struct config_stub*)calloc(1, sizeof(struct config_stub)); - if(s) { - s->next = cfg_parser->cfg->forwards; - cfg_parser->cfg->forwards = s; - } else - yyerror("out of memory"); - } -#line 2315 "util/configparser.c" /* yacc.c:1646 */ - break; - - case 184: -#line 268 "util/configparser.y" /* yacc.c:1646 */ - { - struct config_view* s; - OUTYY(("\nP(view:)\n")); - s = (struct config_view*)calloc(1, sizeof(struct config_view)); - if(s) { - s->next = cfg_parser->cfg->views; - if(s->next && !s->next->name) - yyerror("view without name"); - cfg_parser->cfg->views = s; - } else - yyerror("out of memory"); - } -#line 2332 "util/configparser.c" /* yacc.c:1646 */ - break; - - case 194: -#line 287 "util/configparser.y" /* yacc.c:1646 */ - { - OUTYY(("P(server_num_threads:%s)\n", (yyvsp[0].str))); - if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) - yyerror("number expected"); - else cfg_parser->cfg->num_threads = atoi((yyvsp[0].str)); - free((yyvsp[0].str)); - } -#line 2344 "util/configparser.c" /* yacc.c:1646 */ - break; - - case 195: -#line 296 "util/configparser.y" /* yacc.c:1646 */ - { - OUTYY(("P(server_verbosity:%s)\n", (yyvsp[0].str))); - if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) - yyerror("number expected"); - else cfg_parser->cfg->verbosity = atoi((yyvsp[0].str)); - free((yyvsp[0].str)); - } -#line 2356 "util/configparser.c" /* yacc.c:1646 */ - break; - - case 196: -#line 305 "util/configparser.y" /* yacc.c:1646 */ - { - OUTYY(("P(server_statistics_interval:%s)\n", (yyvsp[0].str))); - if(strcmp((yyvsp[0].str), "") == 0 || strcmp((yyvsp[0].str), "0") == 0) - cfg_parser->cfg->stat_interval = 0; - else if(atoi((yyvsp[0].str)) == 0) - yyerror("number expected"); - else cfg_parser->cfg->stat_interval = atoi((yyvsp[0].str)); - free((yyvsp[0].str)); - } -#line 2370 "util/configparser.c" /* yacc.c:1646 */ - break; - - case 197: -#line 316 "util/configparser.y" /* yacc.c:1646 */ - { - OUTYY(("P(server_statistics_cumulative:%s)\n", (yyvsp[0].str))); - if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) - yyerror("expected yes or no."); - else cfg_parser->cfg->stat_cumulative = (strcmp((yyvsp[0].str), "yes")==0); - free((yyvsp[0].str)); - } -#line 2382 "util/configparser.c" /* yacc.c:1646 */ - break; - - case 198: -#line 325 "util/configparser.y" /* yacc.c:1646 */ - { - OUTYY(("P(server_extended_statistics:%s)\n", (yyvsp[0].str))); - if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) - yyerror("expected yes or no."); - else cfg_parser->cfg->stat_extended = (strcmp((yyvsp[0].str), "yes")==0); - free((yyvsp[0].str)); - } -#line 2394 "util/configparser.c" /* yacc.c:1646 */ - break; - - case 199: -#line 334 "util/configparser.y" /* yacc.c:1646 */ - { - OUTYY(("P(server_shm_enable:%s)\n", (yyvsp[0].str))); - if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) - yyerror("expected yes or no."); - else cfg_parser->cfg->shm_enable = (strcmp((yyvsp[0].str), "yes")==0); - free((yyvsp[0].str)); - } -#line 2406 "util/configparser.c" /* yacc.c:1646 */ - break; - - case 200: -#line 343 "util/configparser.y" /* yacc.c:1646 */ - { - OUTYY(("P(server_shm_key:%s)\n", (yyvsp[0].str))); - if(strcmp((yyvsp[0].str), "") == 0 || strcmp((yyvsp[0].str), "0") == 0) - cfg_parser->cfg->shm_key = 0; - else if(atoi((yyvsp[0].str)) == 0) - yyerror("number expected"); - else cfg_parser->cfg->shm_key = atoi((yyvsp[0].str)); - free((yyvsp[0].str)); - } -#line 2420 "util/configparser.c" /* yacc.c:1646 */ - break; - - case 201: -#line 354 "util/configparser.y" /* yacc.c:1646 */ - { - OUTYY(("P(server_port:%s)\n", (yyvsp[0].str))); - if(atoi((yyvsp[0].str)) == 0) - yyerror("port number expected"); - else cfg_parser->cfg->port = atoi((yyvsp[0].str)); - free((yyvsp[0].str)); - } -#line 2432 "util/configparser.c" /* yacc.c:1646 */ - break; - - case 202: -#line 363 "util/configparser.y" /* yacc.c:1646 */ - { - #ifdef CLIENT_SUBNET - OUTYY(("P(server_send_client_subnet:%s)\n", (yyvsp[0].str))); - if(!cfg_strlist_insert(&cfg_parser->cfg->client_subnet, (yyvsp[0].str))) - fatal_exit("out of memory adding client-subnet"); - #else - OUTYY(("P(Compiled without edns subnet option, ignoring)\n")); - #endif - } -#line 2446 "util/configparser.c" /* yacc.c:1646 */ - break; - - case 203: -#line 375 "util/configparser.y" /* yacc.c:1646 */ - { - #ifdef CLIENT_SUBNET - OUTYY(("P(server_client_subnet_always_forward:%s)\n", (yyvsp[0].str))); - if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) - yyerror("expected yes or no."); - else - cfg_parser->cfg->client_subnet_always_forward = - (strcmp((yyvsp[0].str), "yes")==0); - #else - OUTYY(("P(Compiled without edns subnet option, ignoring)\n")); - #endif - free((yyvsp[0].str)); - } -#line 2464 "util/configparser.c" /* yacc.c:1646 */ - break; - - case 204: -#line 390 "util/configparser.y" /* yacc.c:1646 */ - { - #ifdef CLIENT_SUBNET - OUTYY(("P(client_subnet_opcode:%s)\n", (yyvsp[0].str))); - OUTYY(("P(Depricated option, ignoring)\n")); - #else - OUTYY(("P(Compiled without edns subnet option, ignoring)\n")); - #endif - free((yyvsp[0].str)); - } -#line 2478 "util/configparser.c" /* yacc.c:1646 */ - break; - - case 205: -#line 401 "util/configparser.y" /* yacc.c:1646 */ - { - #ifdef CLIENT_SUBNET - OUTYY(("P(max_client_subnet_ipv4:%s)\n", (yyvsp[0].str))); - if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) - yyerror("IPv4 subnet length expected"); - else if (atoi((yyvsp[0].str)) > 32) - cfg_parser->cfg->max_client_subnet_ipv4 = 32; - else if (atoi((yyvsp[0].str)) < 0) - cfg_parser->cfg->max_client_subnet_ipv4 = 0; - else cfg_parser->cfg->max_client_subnet_ipv4 = (uint8_t)atoi((yyvsp[0].str)); - #else - OUTYY(("P(Compiled without edns subnet option, ignoring)\n")); - #endif - free((yyvsp[0].str)); - } -#line 2498 "util/configparser.c" /* yacc.c:1646 */ - break; - - case 206: -#line 418 "util/configparser.y" /* yacc.c:1646 */ - { - #ifdef CLIENT_SUBNET - OUTYY(("P(max_client_subnet_ipv6:%s)\n", (yyvsp[0].str))); - if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) - yyerror("Ipv6 subnet length expected"); - else if (atoi((yyvsp[0].str)) > 128) - cfg_parser->cfg->max_client_subnet_ipv6 = 128; - else if (atoi((yyvsp[0].str)) < 0) - cfg_parser->cfg->max_client_subnet_ipv6 = 0; - else cfg_parser->cfg->max_client_subnet_ipv6 = (uint8_t)atoi((yyvsp[0].str)); - #else - OUTYY(("P(Compiled without edns subnet option, ignoring)\n")); - #endif - free((yyvsp[0].str)); - } -#line 2518 "util/configparser.c" /* yacc.c:1646 */ - break; - - case 207: -#line 435 "util/configparser.y" /* yacc.c:1646 */ - { - OUTYY(("P(server_interface:%s)\n", (yyvsp[0].str))); - if(cfg_parser->cfg->num_ifs == 0) - cfg_parser->cfg->ifs = calloc(1, sizeof(char*)); - else cfg_parser->cfg->ifs = realloc(cfg_parser->cfg->ifs, - (cfg_parser->cfg->num_ifs+1)*sizeof(char*)); - if(!cfg_parser->cfg->ifs) - yyerror("out of memory"); - else - cfg_parser->cfg->ifs[cfg_parser->cfg->num_ifs++] = (yyvsp[0].str); - } -#line 2534 "util/configparser.c" /* yacc.c:1646 */ - break; - - case 208: -#line 448 "util/configparser.y" /* yacc.c:1646 */ - { - OUTYY(("P(server_outgoing_interface:%s)\n", (yyvsp[0].str))); - if(cfg_parser->cfg->num_out_ifs == 0) - cfg_parser->cfg->out_ifs = calloc(1, sizeof(char*)); - else cfg_parser->cfg->out_ifs = realloc( - cfg_parser->cfg->out_ifs, - (cfg_parser->cfg->num_out_ifs+1)*sizeof(char*)); - if(!cfg_parser->cfg->out_ifs) - yyerror("out of memory"); - else - cfg_parser->cfg->out_ifs[ - cfg_parser->cfg->num_out_ifs++] = (yyvsp[0].str); - } -#line 2552 "util/configparser.c" /* yacc.c:1646 */ - break; - - case 209: -#line 463 "util/configparser.y" /* yacc.c:1646 */ - { - OUTYY(("P(server_outgoing_range:%s)\n", (yyvsp[0].str))); - if(atoi((yyvsp[0].str)) == 0) - yyerror("number expected"); - else cfg_parser->cfg->outgoing_num_ports = atoi((yyvsp[0].str)); - free((yyvsp[0].str)); - } -#line 2564 "util/configparser.c" /* yacc.c:1646 */ - break; - - case 210: -#line 472 "util/configparser.y" /* yacc.c:1646 */ - { - OUTYY(("P(server_outgoing_port_permit:%s)\n", (yyvsp[0].str))); - if(!cfg_mark_ports((yyvsp[0].str), 1, - cfg_parser->cfg->outgoing_avail_ports, 65536)) - yyerror("port number or range (\"low-high\") expected"); - free((yyvsp[0].str)); - } -#line 2576 "util/configparser.c" /* yacc.c:1646 */ - break; - - case 211: -#line 481 "util/configparser.y" /* yacc.c:1646 */ - { - OUTYY(("P(server_outgoing_port_avoid:%s)\n", (yyvsp[0].str))); - if(!cfg_mark_ports((yyvsp[0].str), 0, - cfg_parser->cfg->outgoing_avail_ports, 65536)) - yyerror("port number or range (\"low-high\") expected"); - free((yyvsp[0].str)); - } -#line 2588 "util/configparser.c" /* yacc.c:1646 */ - break; - - case 212: -#line 490 "util/configparser.y" /* yacc.c:1646 */ - { - OUTYY(("P(server_outgoing_num_tcp:%s)\n", (yyvsp[0].str))); - if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) - yyerror("number expected"); - else cfg_parser->cfg->outgoing_num_tcp = atoi((yyvsp[0].str)); - free((yyvsp[0].str)); - } -#line 2600 "util/configparser.c" /* yacc.c:1646 */ - break; - - case 213: -#line 499 "util/configparser.y" /* yacc.c:1646 */ - { - OUTYY(("P(server_incoming_num_tcp:%s)\n", (yyvsp[0].str))); - if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) - yyerror("number expected"); - else cfg_parser->cfg->incoming_num_tcp = atoi((yyvsp[0].str)); - free((yyvsp[0].str)); - } -#line 2612 "util/configparser.c" /* yacc.c:1646 */ - break; - - case 214: -#line 508 "util/configparser.y" /* yacc.c:1646 */ - { - OUTYY(("P(server_interface_automatic:%s)\n", (yyvsp[0].str))); - if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) - yyerror("expected yes or no."); - else cfg_parser->cfg->if_automatic = (strcmp((yyvsp[0].str), "yes")==0); - free((yyvsp[0].str)); - } -#line 2624 "util/configparser.c" /* yacc.c:1646 */ - break; - - case 215: -#line 517 "util/configparser.y" /* yacc.c:1646 */ - { - OUTYY(("P(server_do_ip4:%s)\n", (yyvsp[0].str))); - if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) - yyerror("expected yes or no."); - else cfg_parser->cfg->do_ip4 = (strcmp((yyvsp[0].str), "yes")==0); - free((yyvsp[0].str)); - } -#line 2636 "util/configparser.c" /* yacc.c:1646 */ - break; - - case 216: -#line 526 "util/configparser.y" /* yacc.c:1646 */ - { - OUTYY(("P(server_do_ip6:%s)\n", (yyvsp[0].str))); - if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) - yyerror("expected yes or no."); - else cfg_parser->cfg->do_ip6 = (strcmp((yyvsp[0].str), "yes")==0); - free((yyvsp[0].str)); - } -#line 2648 "util/configparser.c" /* yacc.c:1646 */ - break; - - case 217: -#line 535 "util/configparser.y" /* yacc.c:1646 */ - { - OUTYY(("P(server_do_udp:%s)\n", (yyvsp[0].str))); - if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) - yyerror("expected yes or no."); - else cfg_parser->cfg->do_udp = (strcmp((yyvsp[0].str), "yes")==0); - free((yyvsp[0].str)); - } -#line 2660 "util/configparser.c" /* yacc.c:1646 */ - break; - - case 218: -#line 544 "util/configparser.y" /* yacc.c:1646 */ - { - OUTYY(("P(server_do_tcp:%s)\n", (yyvsp[0].str))); - if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) - yyerror("expected yes or no."); - else cfg_parser->cfg->do_tcp = (strcmp((yyvsp[0].str), "yes")==0); - free((yyvsp[0].str)); - } -#line 2672 "util/configparser.c" /* yacc.c:1646 */ - break; - - case 219: -#line 553 "util/configparser.y" /* yacc.c:1646 */ - { - OUTYY(("P(server_prefer_ip6:%s)\n", (yyvsp[0].str))); - if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) - yyerror("expected yes or no."); - else cfg_parser->cfg->prefer_ip6 = (strcmp((yyvsp[0].str), "yes")==0); - free((yyvsp[0].str)); - } -#line 2684 "util/configparser.c" /* yacc.c:1646 */ - break; - - case 220: -#line 562 "util/configparser.y" /* yacc.c:1646 */ - { - OUTYY(("P(server_tcp_mss:%s)\n", (yyvsp[0].str))); - if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) - yyerror("number expected"); - else cfg_parser->cfg->tcp_mss = atoi((yyvsp[0].str)); - free((yyvsp[0].str)); - } -#line 2696 "util/configparser.c" /* yacc.c:1646 */ - break; - - case 221: -#line 571 "util/configparser.y" /* yacc.c:1646 */ - { - OUTYY(("P(server_outgoing_tcp_mss:%s)\n", (yyvsp[0].str))); - if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) - yyerror("number expected"); - else cfg_parser->cfg->outgoing_tcp_mss = atoi((yyvsp[0].str)); - free((yyvsp[0].str)); - } -#line 2708 "util/configparser.c" /* yacc.c:1646 */ - break; - - case 222: -#line 580 "util/configparser.y" /* yacc.c:1646 */ - { - OUTYY(("P(server_tcp_upstream:%s)\n", (yyvsp[0].str))); - if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) - yyerror("expected yes or no."); - else cfg_parser->cfg->tcp_upstream = (strcmp((yyvsp[0].str), "yes")==0); - free((yyvsp[0].str)); - } -#line 2720 "util/configparser.c" /* yacc.c:1646 */ - break; - - case 223: -#line 589 "util/configparser.y" /* yacc.c:1646 */ - { - OUTYY(("P(server_ssl_upstream:%s)\n", (yyvsp[0].str))); - if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) - yyerror("expected yes or no."); - else cfg_parser->cfg->ssl_upstream = (strcmp((yyvsp[0].str), "yes")==0); - free((yyvsp[0].str)); - } -#line 2732 "util/configparser.c" /* yacc.c:1646 */ - break; - - case 224: -#line 598 "util/configparser.y" /* yacc.c:1646 */ - { - OUTYY(("P(server_ssl_service_key:%s)\n", (yyvsp[0].str))); - free(cfg_parser->cfg->ssl_service_key); - cfg_parser->cfg->ssl_service_key = (yyvsp[0].str); - } -#line 2742 "util/configparser.c" /* yacc.c:1646 */ - break; - - case 225: -#line 605 "util/configparser.y" /* yacc.c:1646 */ - { - OUTYY(("P(server_ssl_service_pem:%s)\n", (yyvsp[0].str))); - free(cfg_parser->cfg->ssl_service_pem); - cfg_parser->cfg->ssl_service_pem = (yyvsp[0].str); - } -#line 2752 "util/configparser.c" /* yacc.c:1646 */ - break; - - case 226: -#line 612 "util/configparser.y" /* yacc.c:1646 */ - { - OUTYY(("P(server_ssl_port:%s)\n", (yyvsp[0].str))); - if(atoi((yyvsp[0].str)) == 0) - yyerror("port number expected"); - else cfg_parser->cfg->ssl_port = atoi((yyvsp[0].str)); - free((yyvsp[0].str)); - } -#line 2764 "util/configparser.c" /* yacc.c:1646 */ - break; - - case 227: -#line 621 "util/configparser.y" /* yacc.c:1646 */ - { - OUTYY(("P(server_use_systemd:%s)\n", (yyvsp[0].str))); - if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) - yyerror("expected yes or no."); - else cfg_parser->cfg->use_systemd = (strcmp((yyvsp[0].str), "yes")==0); - free((yyvsp[0].str)); - } -#line 2776 "util/configparser.c" /* yacc.c:1646 */ - break; - - case 228: -#line 630 "util/configparser.y" /* yacc.c:1646 */ - { - OUTYY(("P(server_do_daemonize:%s)\n", (yyvsp[0].str))); - if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) - yyerror("expected yes or no."); - else cfg_parser->cfg->do_daemonize = (strcmp((yyvsp[0].str), "yes")==0); - free((yyvsp[0].str)); - } -#line 2788 "util/configparser.c" /* yacc.c:1646 */ - break; - - case 229: -#line 639 "util/configparser.y" /* yacc.c:1646 */ - { - OUTYY(("P(server_use_syslog:%s)\n", (yyvsp[0].str))); - if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) - yyerror("expected yes or no."); - else cfg_parser->cfg->use_syslog = (strcmp((yyvsp[0].str), "yes")==0); -#if !defined(HAVE_SYSLOG_H) && !defined(UB_ON_WINDOWS) - if(strcmp((yyvsp[0].str), "yes") == 0) - yyerror("no syslog services are available. " - "(reconfigure and compile to add)"); -#endif - free((yyvsp[0].str)); - } -#line 2805 "util/configparser.c" /* yacc.c:1646 */ - break; - - case 230: -#line 653 "util/configparser.y" /* yacc.c:1646 */ - { - OUTYY(("P(server_log_time_ascii:%s)\n", (yyvsp[0].str))); - if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) - yyerror("expected yes or no."); - else cfg_parser->cfg->log_time_ascii = (strcmp((yyvsp[0].str), "yes")==0); - free((yyvsp[0].str)); - } -#line 2817 "util/configparser.c" /* yacc.c:1646 */ - break; - - case 231: -#line 662 "util/configparser.y" /* yacc.c:1646 */ - { - OUTYY(("P(server_log_queries:%s)\n", (yyvsp[0].str))); - if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) - yyerror("expected yes or no."); - else cfg_parser->cfg->log_queries = (strcmp((yyvsp[0].str), "yes")==0); - free((yyvsp[0].str)); - } -#line 2829 "util/configparser.c" /* yacc.c:1646 */ - break; - - case 232: -#line 671 "util/configparser.y" /* yacc.c:1646 */ - { - OUTYY(("P(server_log_replies:%s)\n", (yyvsp[0].str))); - if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) - yyerror("expected yes or no."); - else cfg_parser->cfg->log_replies = (strcmp((yyvsp[0].str), "yes")==0); - free((yyvsp[0].str)); - } -#line 2841 "util/configparser.c" /* yacc.c:1646 */ - break; - - case 233: -#line 680 "util/configparser.y" /* yacc.c:1646 */ - { - OUTYY(("P(server_chroot:%s)\n", (yyvsp[0].str))); - free(cfg_parser->cfg->chrootdir); - cfg_parser->cfg->chrootdir = (yyvsp[0].str); - } -#line 2851 "util/configparser.c" /* yacc.c:1646 */ - break; - - case 234: -#line 687 "util/configparser.y" /* yacc.c:1646 */ - { - OUTYY(("P(server_username:%s)\n", (yyvsp[0].str))); - free(cfg_parser->cfg->username); - cfg_parser->cfg->username = (yyvsp[0].str); - } -#line 2861 "util/configparser.c" /* yacc.c:1646 */ - break; - - case 235: -#line 694 "util/configparser.y" /* yacc.c:1646 */ - { - OUTYY(("P(server_directory:%s)\n", (yyvsp[0].str))); - free(cfg_parser->cfg->directory); - cfg_parser->cfg->directory = (yyvsp[0].str); - /* change there right away for includes relative to this */ - if((yyvsp[0].str)[0]) { - char* d; -#ifdef UB_ON_WINDOWS - w_config_adjust_directory(cfg_parser->cfg); -#endif - d = cfg_parser->cfg->directory; - /* adjust directory if we have already chroot, - * like, we reread after sighup */ - if(cfg_parser->chroot && cfg_parser->chroot[0] && - strncmp(d, cfg_parser->chroot, strlen( - cfg_parser->chroot)) == 0) - d += strlen(cfg_parser->chroot); - if(d[0]) { - if(chdir(d)) - log_err("cannot chdir to directory: %s (%s)", - d, strerror(errno)); - } - } - } -#line 2890 "util/configparser.c" /* yacc.c:1646 */ - break; - - case 236: -#line 720 "util/configparser.y" /* yacc.c:1646 */ - { - OUTYY(("P(server_logfile:%s)\n", (yyvsp[0].str))); - free(cfg_parser->cfg->logfile); - cfg_parser->cfg->logfile = (yyvsp[0].str); - cfg_parser->cfg->use_syslog = 0; - } -#line 2901 "util/configparser.c" /* yacc.c:1646 */ - break; - - case 237: -#line 728 "util/configparser.y" /* yacc.c:1646 */ - { - OUTYY(("P(server_pidfile:%s)\n", (yyvsp[0].str))); - free(cfg_parser->cfg->pidfile); - cfg_parser->cfg->pidfile = (yyvsp[0].str); - } -#line 2911 "util/configparser.c" /* yacc.c:1646 */ - break; - - case 238: -#line 735 "util/configparser.y" /* yacc.c:1646 */ - { - OUTYY(("P(server_root_hints:%s)\n", (yyvsp[0].str))); - if(!cfg_strlist_insert(&cfg_parser->cfg->root_hints, (yyvsp[0].str))) - yyerror("out of memory"); - } -#line 2921 "util/configparser.c" /* yacc.c:1646 */ - break; - - case 239: -#line 742 "util/configparser.y" /* yacc.c:1646 */ - { - OUTYY(("P(server_dlv_anchor_file:%s)\n", (yyvsp[0].str))); - free(cfg_parser->cfg->dlv_anchor_file); - cfg_parser->cfg->dlv_anchor_file = (yyvsp[0].str); - } -#line 2931 "util/configparser.c" /* yacc.c:1646 */ - break; - - case 240: -#line 749 "util/configparser.y" /* yacc.c:1646 */ - { - OUTYY(("P(server_dlv_anchor:%s)\n", (yyvsp[0].str))); - if(!cfg_strlist_insert(&cfg_parser->cfg->dlv_anchor_list, (yyvsp[0].str))) - yyerror("out of memory"); - } -#line 2941 "util/configparser.c" /* yacc.c:1646 */ - break; - - case 241: -#line 756 "util/configparser.y" /* yacc.c:1646 */ - { - OUTYY(("P(server_auto_trust_anchor_file:%s)\n", (yyvsp[0].str))); - if(!cfg_strlist_insert(&cfg_parser->cfg-> - auto_trust_anchor_file_list, (yyvsp[0].str))) - yyerror("out of memory"); - } -#line 2952 "util/configparser.c" /* yacc.c:1646 */ - break; - - case 242: -#line 764 "util/configparser.y" /* yacc.c:1646 */ - { - OUTYY(("P(server_trust_anchor_file:%s)\n", (yyvsp[0].str))); - if(!cfg_strlist_insert(&cfg_parser->cfg-> - trust_anchor_file_list, (yyvsp[0].str))) - yyerror("out of memory"); - } -#line 2963 "util/configparser.c" /* yacc.c:1646 */ - break; - - case 243: -#line 772 "util/configparser.y" /* yacc.c:1646 */ - { - OUTYY(("P(server_trusted_keys_file:%s)\n", (yyvsp[0].str))); - if(!cfg_strlist_insert(&cfg_parser->cfg-> - trusted_keys_file_list, (yyvsp[0].str))) - yyerror("out of memory"); - } -#line 2974 "util/configparser.c" /* yacc.c:1646 */ - break; - - case 244: -#line 780 "util/configparser.y" /* yacc.c:1646 */ - { - OUTYY(("P(server_trust_anchor:%s)\n", (yyvsp[0].str))); - if(!cfg_strlist_insert(&cfg_parser->cfg->trust_anchor_list, (yyvsp[0].str))) - yyerror("out of memory"); - } -#line 2984 "util/configparser.c" /* yacc.c:1646 */ - break; - - case 245: -#line 787 "util/configparser.y" /* yacc.c:1646 */ - { - OUTYY(("P(server_domain_insecure:%s)\n", (yyvsp[0].str))); - if(!cfg_strlist_insert(&cfg_parser->cfg->domain_insecure, (yyvsp[0].str))) - yyerror("out of memory"); - } -#line 2994 "util/configparser.c" /* yacc.c:1646 */ - break; - - case 246: -#line 794 "util/configparser.y" /* yacc.c:1646 */ - { - OUTYY(("P(server_hide_identity:%s)\n", (yyvsp[0].str))); - if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) - yyerror("expected yes or no."); - else cfg_parser->cfg->hide_identity = (strcmp((yyvsp[0].str), "yes")==0); - free((yyvsp[0].str)); - } -#line 3006 "util/configparser.c" /* yacc.c:1646 */ - break; - - case 247: -#line 803 "util/configparser.y" /* yacc.c:1646 */ - { - OUTYY(("P(server_hide_version:%s)\n", (yyvsp[0].str))); - if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) - yyerror("expected yes or no."); - else cfg_parser->cfg->hide_version = (strcmp((yyvsp[0].str), "yes")==0); - free((yyvsp[0].str)); - } -#line 3018 "util/configparser.c" /* yacc.c:1646 */ - break; - - case 248: -#line 812 "util/configparser.y" /* yacc.c:1646 */ - { - OUTYY(("P(server_hide_trustanchor:%s)\n", (yyvsp[0].str))); - if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) - yyerror("expected yes or no."); - else cfg_parser->cfg->hide_trustanchor = (strcmp((yyvsp[0].str), "yes")==0); - free((yyvsp[0].str)); - } -#line 3030 "util/configparser.c" /* yacc.c:1646 */ - break; - - case 249: -#line 821 "util/configparser.y" /* yacc.c:1646 */ - { - OUTYY(("P(server_identity:%s)\n", (yyvsp[0].str))); - free(cfg_parser->cfg->identity); - cfg_parser->cfg->identity = (yyvsp[0].str); - } -#line 3040 "util/configparser.c" /* yacc.c:1646 */ - break; - - case 250: -#line 828 "util/configparser.y" /* yacc.c:1646 */ - { - OUTYY(("P(server_version:%s)\n", (yyvsp[0].str))); - free(cfg_parser->cfg->version); - cfg_parser->cfg->version = (yyvsp[0].str); - } -#line 3050 "util/configparser.c" /* yacc.c:1646 */ - break; - - case 251: -#line 835 "util/configparser.y" /* yacc.c:1646 */ - { - OUTYY(("P(server_so_rcvbuf:%s)\n", (yyvsp[0].str))); - if(!cfg_parse_memsize((yyvsp[0].str), &cfg_parser->cfg->so_rcvbuf)) - yyerror("buffer size expected"); - free((yyvsp[0].str)); - } -#line 3061 "util/configparser.c" /* yacc.c:1646 */ - break; - - case 252: -#line 843 "util/configparser.y" /* yacc.c:1646 */ - { - OUTYY(("P(server_so_sndbuf:%s)\n", (yyvsp[0].str))); - if(!cfg_parse_memsize((yyvsp[0].str), &cfg_parser->cfg->so_sndbuf)) - yyerror("buffer size expected"); - free((yyvsp[0].str)); - } -#line 3072 "util/configparser.c" /* yacc.c:1646 */ - break; - - case 253: -#line 851 "util/configparser.y" /* yacc.c:1646 */ - { - OUTYY(("P(server_so_reuseport:%s)\n", (yyvsp[0].str))); - if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) - yyerror("expected yes or no."); - else cfg_parser->cfg->so_reuseport = - (strcmp((yyvsp[0].str), "yes")==0); - free((yyvsp[0].str)); - } -#line 3085 "util/configparser.c" /* yacc.c:1646 */ - break; - - case 254: -#line 861 "util/configparser.y" /* yacc.c:1646 */ - { - OUTYY(("P(server_ip_transparent:%s)\n", (yyvsp[0].str))); - if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) - yyerror("expected yes or no."); - else cfg_parser->cfg->ip_transparent = - (strcmp((yyvsp[0].str), "yes")==0); - free((yyvsp[0].str)); - } -#line 3098 "util/configparser.c" /* yacc.c:1646 */ - break; - - case 255: -#line 871 "util/configparser.y" /* yacc.c:1646 */ - { - OUTYY(("P(server_ip_freebind:%s)\n", (yyvsp[0].str))); - if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) - yyerror("expected yes or no."); - else cfg_parser->cfg->ip_freebind = - (strcmp((yyvsp[0].str), "yes")==0); - free((yyvsp[0].str)); - } -#line 3111 "util/configparser.c" /* yacc.c:1646 */ - break; - - case 256: -#line 881 "util/configparser.y" /* yacc.c:1646 */ - { - OUTYY(("P(server_edns_buffer_size:%s)\n", (yyvsp[0].str))); - if(atoi((yyvsp[0].str)) == 0) - yyerror("number expected"); - else if (atoi((yyvsp[0].str)) < 12) - yyerror("edns buffer size too small"); - else if (atoi((yyvsp[0].str)) > 65535) - cfg_parser->cfg->edns_buffer_size = 65535; - else cfg_parser->cfg->edns_buffer_size = atoi((yyvsp[0].str)); - free((yyvsp[0].str)); - } -#line 3127 "util/configparser.c" /* yacc.c:1646 */ - break; - - case 257: -#line 894 "util/configparser.y" /* yacc.c:1646 */ - { - OUTYY(("P(server_msg_buffer_size:%s)\n", (yyvsp[0].str))); - if(atoi((yyvsp[0].str)) == 0) - yyerror("number expected"); - else if (atoi((yyvsp[0].str)) < 4096) - yyerror("message buffer size too small (use 4096)"); - else cfg_parser->cfg->msg_buffer_size = atoi((yyvsp[0].str)); - free((yyvsp[0].str)); - } -#line 3141 "util/configparser.c" /* yacc.c:1646 */ - break; - - case 258: -#line 905 "util/configparser.y" /* yacc.c:1646 */ - { - OUTYY(("P(server_msg_cache_size:%s)\n", (yyvsp[0].str))); - if(!cfg_parse_memsize((yyvsp[0].str), &cfg_parser->cfg->msg_cache_size)) - yyerror("memory size expected"); - free((yyvsp[0].str)); - } -#line 3152 "util/configparser.c" /* yacc.c:1646 */ - break; - - case 259: -#line 913 "util/configparser.y" /* yacc.c:1646 */ - { - OUTYY(("P(server_msg_cache_slabs:%s)\n", (yyvsp[0].str))); - if(atoi((yyvsp[0].str)) == 0) - yyerror("number expected"); - else { - cfg_parser->cfg->msg_cache_slabs = atoi((yyvsp[0].str)); - if(!is_pow2(cfg_parser->cfg->msg_cache_slabs)) - yyerror("must be a power of 2"); - } - free((yyvsp[0].str)); - } -#line 3168 "util/configparser.c" /* yacc.c:1646 */ - break; - - case 260: -#line 926 "util/configparser.y" /* yacc.c:1646 */ - { - OUTYY(("P(server_num_queries_per_thread:%s)\n", (yyvsp[0].str))); - if(atoi((yyvsp[0].str)) == 0) - yyerror("number expected"); - else cfg_parser->cfg->num_queries_per_thread = atoi((yyvsp[0].str)); - free((yyvsp[0].str)); - } -#line 3180 "util/configparser.c" /* yacc.c:1646 */ - break; - - case 261: -#line 935 "util/configparser.y" /* yacc.c:1646 */ - { - OUTYY(("P(server_jostle_timeout:%s)\n", (yyvsp[0].str))); - if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) - yyerror("number expected"); - else cfg_parser->cfg->jostle_time = atoi((yyvsp[0].str)); - free((yyvsp[0].str)); - } -#line 3192 "util/configparser.c" /* yacc.c:1646 */ - break; - - case 262: -#line 944 "util/configparser.y" /* yacc.c:1646 */ - { - OUTYY(("P(server_delay_close:%s)\n", (yyvsp[0].str))); - if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) - yyerror("number expected"); - else cfg_parser->cfg->delay_close = atoi((yyvsp[0].str)); - free((yyvsp[0].str)); - } -#line 3204 "util/configparser.c" /* yacc.c:1646 */ - break; - - case 263: -#line 953 "util/configparser.y" /* yacc.c:1646 */ - { - OUTYY(("P(server_unblock_lan_zones:%s)\n", (yyvsp[0].str))); - if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) - yyerror("expected yes or no."); - else cfg_parser->cfg->unblock_lan_zones = - (strcmp((yyvsp[0].str), "yes")==0); - free((yyvsp[0].str)); - } -#line 3217 "util/configparser.c" /* yacc.c:1646 */ - break; - - case 264: -#line 963 "util/configparser.y" /* yacc.c:1646 */ - { - OUTYY(("P(server_insecure_lan_zones:%s)\n", (yyvsp[0].str))); - if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) - yyerror("expected yes or no."); - else cfg_parser->cfg->insecure_lan_zones = - (strcmp((yyvsp[0].str), "yes")==0); - free((yyvsp[0].str)); - } -#line 3230 "util/configparser.c" /* yacc.c:1646 */ - break; - - case 265: -#line 973 "util/configparser.y" /* yacc.c:1646 */ - { - OUTYY(("P(server_rrset_cache_size:%s)\n", (yyvsp[0].str))); - if(!cfg_parse_memsize((yyvsp[0].str), &cfg_parser->cfg->rrset_cache_size)) - yyerror("memory size expected"); - free((yyvsp[0].str)); - } -#line 3241 "util/configparser.c" /* yacc.c:1646 */ - break; - - case 266: -#line 981 "util/configparser.y" /* yacc.c:1646 */ - { - OUTYY(("P(server_rrset_cache_slabs:%s)\n", (yyvsp[0].str))); - if(atoi((yyvsp[0].str)) == 0) - yyerror("number expected"); - else { - cfg_parser->cfg->rrset_cache_slabs = atoi((yyvsp[0].str)); - if(!is_pow2(cfg_parser->cfg->rrset_cache_slabs)) - yyerror("must be a power of 2"); - } - free((yyvsp[0].str)); - } -#line 3257 "util/configparser.c" /* yacc.c:1646 */ - break; - - case 267: -#line 994 "util/configparser.y" /* yacc.c:1646 */ - { - OUTYY(("P(server_infra_host_ttl:%s)\n", (yyvsp[0].str))); - if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) - yyerror("number expected"); - else cfg_parser->cfg->host_ttl = atoi((yyvsp[0].str)); - free((yyvsp[0].str)); - } -#line 3269 "util/configparser.c" /* yacc.c:1646 */ - break; - - case 268: -#line 1003 "util/configparser.y" /* yacc.c:1646 */ - { - OUTYY(("P(server_infra_lame_ttl:%s)\n", (yyvsp[0].str))); - verbose(VERB_DETAIL, "ignored infra-lame-ttl: %s (option " - "removed, use infra-host-ttl)", (yyvsp[0].str)); - free((yyvsp[0].str)); - } -#line 3280 "util/configparser.c" /* yacc.c:1646 */ - break; - - case 269: -#line 1011 "util/configparser.y" /* yacc.c:1646 */ - { - OUTYY(("P(server_infra_cache_numhosts:%s)\n", (yyvsp[0].str))); - if(atoi((yyvsp[0].str)) == 0) - yyerror("number expected"); - else cfg_parser->cfg->infra_cache_numhosts = atoi((yyvsp[0].str)); - free((yyvsp[0].str)); - } -#line 3292 "util/configparser.c" /* yacc.c:1646 */ - break; - - case 270: -#line 1020 "util/configparser.y" /* yacc.c:1646 */ - { - OUTYY(("P(server_infra_cache_lame_size:%s)\n", (yyvsp[0].str))); - verbose(VERB_DETAIL, "ignored infra-cache-lame-size: %s " - "(option removed, use infra-cache-numhosts)", (yyvsp[0].str)); - free((yyvsp[0].str)); - } -#line 3303 "util/configparser.c" /* yacc.c:1646 */ - break; - - case 271: -#line 1028 "util/configparser.y" /* yacc.c:1646 */ - { - OUTYY(("P(server_infra_cache_slabs:%s)\n", (yyvsp[0].str))); - if(atoi((yyvsp[0].str)) == 0) - yyerror("number expected"); - else { - cfg_parser->cfg->infra_cache_slabs = atoi((yyvsp[0].str)); - if(!is_pow2(cfg_parser->cfg->infra_cache_slabs)) - yyerror("must be a power of 2"); - } - free((yyvsp[0].str)); - } -#line 3319 "util/configparser.c" /* yacc.c:1646 */ - break; - - case 272: -#line 1041 "util/configparser.y" /* yacc.c:1646 */ - { - OUTYY(("P(server_infra_cache_min_rtt:%s)\n", (yyvsp[0].str))); - if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) - yyerror("number expected"); - else cfg_parser->cfg->infra_cache_min_rtt = atoi((yyvsp[0].str)); - free((yyvsp[0].str)); - } -#line 3331 "util/configparser.c" /* yacc.c:1646 */ - break; - - case 273: -#line 1050 "util/configparser.y" /* yacc.c:1646 */ - { - OUTYY(("P(server_target_fetch_policy:%s)\n", (yyvsp[0].str))); - free(cfg_parser->cfg->target_fetch_policy); - cfg_parser->cfg->target_fetch_policy = (yyvsp[0].str); - } -#line 3341 "util/configparser.c" /* yacc.c:1646 */ - break; - - case 274: -#line 1057 "util/configparser.y" /* yacc.c:1646 */ - { - OUTYY(("P(server_harden_short_bufsize:%s)\n", (yyvsp[0].str))); - if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) - yyerror("expected yes or no."); - else cfg_parser->cfg->harden_short_bufsize = - (strcmp((yyvsp[0].str), "yes")==0); - free((yyvsp[0].str)); - } -#line 3354 "util/configparser.c" /* yacc.c:1646 */ - break; - - case 275: -#line 1067 "util/configparser.y" /* yacc.c:1646 */ - { - OUTYY(("P(server_harden_large_queries:%s)\n", (yyvsp[0].str))); - if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) - yyerror("expected yes or no."); - else cfg_parser->cfg->harden_large_queries = - (strcmp((yyvsp[0].str), "yes")==0); - free((yyvsp[0].str)); - } -#line 3367 "util/configparser.c" /* yacc.c:1646 */ - break; - - case 276: -#line 1077 "util/configparser.y" /* yacc.c:1646 */ - { - OUTYY(("P(server_harden_glue:%s)\n", (yyvsp[0].str))); - if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) - yyerror("expected yes or no."); - else cfg_parser->cfg->harden_glue = - (strcmp((yyvsp[0].str), "yes")==0); - free((yyvsp[0].str)); - } -#line 3380 "util/configparser.c" /* yacc.c:1646 */ - break; - - case 277: -#line 1087 "util/configparser.y" /* yacc.c:1646 */ - { - OUTYY(("P(server_harden_dnssec_stripped:%s)\n", (yyvsp[0].str))); - if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) - yyerror("expected yes or no."); - else cfg_parser->cfg->harden_dnssec_stripped = - (strcmp((yyvsp[0].str), "yes")==0); - free((yyvsp[0].str)); - } -#line 3393 "util/configparser.c" /* yacc.c:1646 */ - break; - - case 278: -#line 1097 "util/configparser.y" /* yacc.c:1646 */ - { - OUTYY(("P(server_harden_below_nxdomain:%s)\n", (yyvsp[0].str))); - if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) - yyerror("expected yes or no."); - else cfg_parser->cfg->harden_below_nxdomain = - (strcmp((yyvsp[0].str), "yes")==0); - free((yyvsp[0].str)); - } -#line 3406 "util/configparser.c" /* yacc.c:1646 */ - break; - - case 279: -#line 1107 "util/configparser.y" /* yacc.c:1646 */ - { - OUTYY(("P(server_harden_referral_path:%s)\n", (yyvsp[0].str))); - if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) - yyerror("expected yes or no."); - else cfg_parser->cfg->harden_referral_path = - (strcmp((yyvsp[0].str), "yes")==0); - free((yyvsp[0].str)); - } -#line 3419 "util/configparser.c" /* yacc.c:1646 */ - break; - - case 280: -#line 1117 "util/configparser.y" /* yacc.c:1646 */ - { - OUTYY(("P(server_harden_algo_downgrade:%s)\n", (yyvsp[0].str))); - if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) - yyerror("expected yes or no."); - else cfg_parser->cfg->harden_algo_downgrade = - (strcmp((yyvsp[0].str), "yes")==0); - free((yyvsp[0].str)); - } -#line 3432 "util/configparser.c" /* yacc.c:1646 */ - break; - - case 281: -#line 1127 "util/configparser.y" /* yacc.c:1646 */ - { - OUTYY(("P(server_use_caps_for_id:%s)\n", (yyvsp[0].str))); - if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) - yyerror("expected yes or no."); - else cfg_parser->cfg->use_caps_bits_for_id = - (strcmp((yyvsp[0].str), "yes")==0); - free((yyvsp[0].str)); - } -#line 3445 "util/configparser.c" /* yacc.c:1646 */ - break; - - case 282: -#line 1137 "util/configparser.y" /* yacc.c:1646 */ - { - OUTYY(("P(server_caps_whitelist:%s)\n", (yyvsp[0].str))); - if(!cfg_strlist_insert(&cfg_parser->cfg->caps_whitelist, (yyvsp[0].str))) - yyerror("out of memory"); - } -#line 3455 "util/configparser.c" /* yacc.c:1646 */ - break; - - case 283: -#line 1144 "util/configparser.y" /* yacc.c:1646 */ - { - OUTYY(("P(server_private_address:%s)\n", (yyvsp[0].str))); - if(!cfg_strlist_insert(&cfg_parser->cfg->private_address, (yyvsp[0].str))) - yyerror("out of memory"); - } -#line 3465 "util/configparser.c" /* yacc.c:1646 */ - break; - - case 284: -#line 1151 "util/configparser.y" /* yacc.c:1646 */ - { - OUTYY(("P(server_private_domain:%s)\n", (yyvsp[0].str))); - if(!cfg_strlist_insert(&cfg_parser->cfg->private_domain, (yyvsp[0].str))) - yyerror("out of memory"); - } -#line 3475 "util/configparser.c" /* yacc.c:1646 */ - break; - - case 285: -#line 1158 "util/configparser.y" /* yacc.c:1646 */ - { - OUTYY(("P(server_prefetch:%s)\n", (yyvsp[0].str))); - if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) - yyerror("expected yes or no."); - else cfg_parser->cfg->prefetch = (strcmp((yyvsp[0].str), "yes")==0); - free((yyvsp[0].str)); - } -#line 3487 "util/configparser.c" /* yacc.c:1646 */ - break; - - case 286: -#line 1167 "util/configparser.y" /* yacc.c:1646 */ - { - OUTYY(("P(server_prefetch_key:%s)\n", (yyvsp[0].str))); - if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) - yyerror("expected yes or no."); - else cfg_parser->cfg->prefetch_key = (strcmp((yyvsp[0].str), "yes")==0); - free((yyvsp[0].str)); - } -#line 3499 "util/configparser.c" /* yacc.c:1646 */ - break; - - case 287: -#line 1176 "util/configparser.y" /* yacc.c:1646 */ - { - OUTYY(("P(server_unwanted_reply_threshold:%s)\n", (yyvsp[0].str))); - if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) - yyerror("number expected"); - else cfg_parser->cfg->unwanted_threshold = atoi((yyvsp[0].str)); - free((yyvsp[0].str)); - } -#line 3511 "util/configparser.c" /* yacc.c:1646 */ - break; - - case 288: -#line 1185 "util/configparser.y" /* yacc.c:1646 */ - { - OUTYY(("P(server_do_not_query_address:%s)\n", (yyvsp[0].str))); - if(!cfg_strlist_insert(&cfg_parser->cfg->donotqueryaddrs, (yyvsp[0].str))) - yyerror("out of memory"); - } -#line 3521 "util/configparser.c" /* yacc.c:1646 */ - break; - - case 289: -#line 1192 "util/configparser.y" /* yacc.c:1646 */ - { - OUTYY(("P(server_do_not_query_localhost:%s)\n", (yyvsp[0].str))); - if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) - yyerror("expected yes or no."); - else cfg_parser->cfg->donotquery_localhost = - (strcmp((yyvsp[0].str), "yes")==0); - free((yyvsp[0].str)); - } -#line 3534 "util/configparser.c" /* yacc.c:1646 */ - break; - - case 290: -#line 1202 "util/configparser.y" /* yacc.c:1646 */ - { - OUTYY(("P(server_access_control:%s %s)\n", (yyvsp[-1].str), (yyvsp[0].str))); - if(strcmp((yyvsp[0].str), "deny")!=0 && strcmp((yyvsp[0].str), "refuse")!=0 && - strcmp((yyvsp[0].str), "deny_non_local")!=0 && - strcmp((yyvsp[0].str), "refuse_non_local")!=0 && - strcmp((yyvsp[0].str), "allow")!=0 && - strcmp((yyvsp[0].str), "allow_snoop")!=0) { - yyerror("expected deny, refuse, deny_non_local, " - "refuse_non_local, allow or allow_snoop " - "in access control action"); - } else { - if(!cfg_str2list_insert(&cfg_parser->cfg->acls, (yyvsp[-1].str), (yyvsp[0].str))) - fatal_exit("out of memory adding acl"); - } - } -#line 3554 "util/configparser.c" /* yacc.c:1646 */ - break; - - case 291: -#line 1219 "util/configparser.y" /* yacc.c:1646 */ - { - OUTYY(("P(server_module_conf:%s)\n", (yyvsp[0].str))); - free(cfg_parser->cfg->module_conf); - cfg_parser->cfg->module_conf = (yyvsp[0].str); - } -#line 3564 "util/configparser.c" /* yacc.c:1646 */ - break; - - case 292: -#line 1226 "util/configparser.y" /* yacc.c:1646 */ - { - OUTYY(("P(server_val_override_date:%s)\n", (yyvsp[0].str))); - if(*(yyvsp[0].str) == '\0' || strcmp((yyvsp[0].str), "0") == 0) { - cfg_parser->cfg->val_date_override = 0; - } else if(strlen((yyvsp[0].str)) == 14) { - cfg_parser->cfg->val_date_override = - cfg_convert_timeval((yyvsp[0].str)); - if(!cfg_parser->cfg->val_date_override) - yyerror("bad date/time specification"); - } else { - if(atoi((yyvsp[0].str)) == 0) - yyerror("number expected"); - cfg_parser->cfg->val_date_override = atoi((yyvsp[0].str)); - } - free((yyvsp[0].str)); - } -#line 3585 "util/configparser.c" /* yacc.c:1646 */ - break; - - case 293: -#line 1244 "util/configparser.y" /* yacc.c:1646 */ - { - OUTYY(("P(server_val_sig_skew_min:%s)\n", (yyvsp[0].str))); - if(*(yyvsp[0].str) == '\0' || strcmp((yyvsp[0].str), "0") == 0) { - cfg_parser->cfg->val_sig_skew_min = 0; - } else { - cfg_parser->cfg->val_sig_skew_min = atoi((yyvsp[0].str)); - if(!cfg_parser->cfg->val_sig_skew_min) - yyerror("number expected"); - } - free((yyvsp[0].str)); - } -#line 3601 "util/configparser.c" /* yacc.c:1646 */ - break; - - case 294: -#line 1257 "util/configparser.y" /* yacc.c:1646 */ - { - OUTYY(("P(server_val_sig_skew_max:%s)\n", (yyvsp[0].str))); - if(*(yyvsp[0].str) == '\0' || strcmp((yyvsp[0].str), "0") == 0) { - cfg_parser->cfg->val_sig_skew_max = 0; - } else { - cfg_parser->cfg->val_sig_skew_max = atoi((yyvsp[0].str)); - if(!cfg_parser->cfg->val_sig_skew_max) - yyerror("number expected"); - } - free((yyvsp[0].str)); - } -#line 3617 "util/configparser.c" /* yacc.c:1646 */ - break; - - case 295: -#line 1270 "util/configparser.y" /* yacc.c:1646 */ - { - OUTYY(("P(server_cache_max_ttl:%s)\n", (yyvsp[0].str))); - if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) - yyerror("number expected"); - else cfg_parser->cfg->max_ttl = atoi((yyvsp[0].str)); - free((yyvsp[0].str)); - } -#line 3629 "util/configparser.c" /* yacc.c:1646 */ - break; - - case 296: -#line 1279 "util/configparser.y" /* yacc.c:1646 */ - { - OUTYY(("P(server_cache_max_negative_ttl:%s)\n", (yyvsp[0].str))); - if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) - yyerror("number expected"); - else cfg_parser->cfg->max_negative_ttl = atoi((yyvsp[0].str)); - free((yyvsp[0].str)); - } -#line 3641 "util/configparser.c" /* yacc.c:1646 */ - break; - - case 297: -#line 1288 "util/configparser.y" /* yacc.c:1646 */ - { - OUTYY(("P(server_cache_min_ttl:%s)\n", (yyvsp[0].str))); - if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) - yyerror("number expected"); - else cfg_parser->cfg->min_ttl = atoi((yyvsp[0].str)); - free((yyvsp[0].str)); - } -#line 3653 "util/configparser.c" /* yacc.c:1646 */ - break; - - case 298: -#line 1297 "util/configparser.y" /* yacc.c:1646 */ - { - OUTYY(("P(server_bogus_ttl:%s)\n", (yyvsp[0].str))); - if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) - yyerror("number expected"); - else cfg_parser->cfg->bogus_ttl = atoi((yyvsp[0].str)); - free((yyvsp[0].str)); - } -#line 3665 "util/configparser.c" /* yacc.c:1646 */ - break; - - case 299: -#line 1306 "util/configparser.y" /* yacc.c:1646 */ - { - OUTYY(("P(server_val_clean_additional:%s)\n", (yyvsp[0].str))); - if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) - yyerror("expected yes or no."); - else cfg_parser->cfg->val_clean_additional = - (strcmp((yyvsp[0].str), "yes")==0); - free((yyvsp[0].str)); - } -#line 3678 "util/configparser.c" /* yacc.c:1646 */ - break; - - case 300: -#line 1316 "util/configparser.y" /* yacc.c:1646 */ - { - OUTYY(("P(server_val_permissive_mode:%s)\n", (yyvsp[0].str))); - if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) - yyerror("expected yes or no."); - else cfg_parser->cfg->val_permissive_mode = - (strcmp((yyvsp[0].str), "yes")==0); - free((yyvsp[0].str)); - } -#line 3691 "util/configparser.c" /* yacc.c:1646 */ - break; - - case 301: -#line 1326 "util/configparser.y" /* yacc.c:1646 */ - { - OUTYY(("P(server_ignore_cd_flag:%s)\n", (yyvsp[0].str))); - if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) - yyerror("expected yes or no."); - else cfg_parser->cfg->ignore_cd = (strcmp((yyvsp[0].str), "yes")==0); - free((yyvsp[0].str)); - } -#line 3703 "util/configparser.c" /* yacc.c:1646 */ - break; - - case 302: -#line 1335 "util/configparser.y" /* yacc.c:1646 */ - { - OUTYY(("P(server_serve_expired:%s)\n", (yyvsp[0].str))); - if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) - yyerror("expected yes or no."); - else cfg_parser->cfg->serve_expired = (strcmp((yyvsp[0].str), "yes")==0); - free((yyvsp[0].str)); - } -#line 3715 "util/configparser.c" /* yacc.c:1646 */ - break; - - case 303: -#line 1344 "util/configparser.y" /* yacc.c:1646 */ - { - OUTYY(("P(server_fake_dsa:%s)\n", (yyvsp[0].str))); - if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) - yyerror("expected yes or no."); -#ifdef HAVE_SSL - else fake_dsa = (strcmp((yyvsp[0].str), "yes")==0); - if(fake_dsa) - log_warn("test option fake_dsa is enabled"); -#endif - free((yyvsp[0].str)); - } -#line 3731 "util/configparser.c" /* yacc.c:1646 */ - break; - - case 304: -#line 1357 "util/configparser.y" /* yacc.c:1646 */ - { - OUTYY(("P(server_fake_sha1:%s)\n", (yyvsp[0].str))); - if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) - yyerror("expected yes or no."); -#ifdef HAVE_SSL - else fake_sha1 = (strcmp((yyvsp[0].str), "yes")==0); - if(fake_sha1) - log_warn("test option fake_sha1 is enabled"); -#endif - free((yyvsp[0].str)); - } -#line 3747 "util/configparser.c" /* yacc.c:1646 */ - break; - - case 305: -#line 1370 "util/configparser.y" /* yacc.c:1646 */ - { - OUTYY(("P(server_val_log_level:%s)\n", (yyvsp[0].str))); - if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) - yyerror("number expected"); - else cfg_parser->cfg->val_log_level = atoi((yyvsp[0].str)); - free((yyvsp[0].str)); - } -#line 3759 "util/configparser.c" /* yacc.c:1646 */ - break; - - case 306: -#line 1379 "util/configparser.y" /* yacc.c:1646 */ - { - OUTYY(("P(server_val_nsec3_keysize_iterations:%s)\n", (yyvsp[0].str))); - free(cfg_parser->cfg->val_nsec3_key_iterations); - cfg_parser->cfg->val_nsec3_key_iterations = (yyvsp[0].str); - } -#line 3769 "util/configparser.c" /* yacc.c:1646 */ - break; - - case 307: -#line 1386 "util/configparser.y" /* yacc.c:1646 */ - { - OUTYY(("P(server_add_holddown:%s)\n", (yyvsp[0].str))); - if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) - yyerror("number expected"); - else cfg_parser->cfg->add_holddown = atoi((yyvsp[0].str)); - free((yyvsp[0].str)); - } -#line 3781 "util/configparser.c" /* yacc.c:1646 */ - break; - - case 308: -#line 1395 "util/configparser.y" /* yacc.c:1646 */ - { - OUTYY(("P(server_del_holddown:%s)\n", (yyvsp[0].str))); - if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) - yyerror("number expected"); - else cfg_parser->cfg->del_holddown = atoi((yyvsp[0].str)); - free((yyvsp[0].str)); - } -#line 3793 "util/configparser.c" /* yacc.c:1646 */ - break; - - case 309: -#line 1404 "util/configparser.y" /* yacc.c:1646 */ - { - OUTYY(("P(server_keep_missing:%s)\n", (yyvsp[0].str))); - if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) - yyerror("number expected"); - else cfg_parser->cfg->keep_missing = atoi((yyvsp[0].str)); - free((yyvsp[0].str)); - } -#line 3805 "util/configparser.c" /* yacc.c:1646 */ - break; - - case 310: -#line 1413 "util/configparser.y" /* yacc.c:1646 */ - { - OUTYY(("P(server_permit_small_holddown:%s)\n", (yyvsp[0].str))); - if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) - yyerror("expected yes or no."); - else cfg_parser->cfg->permit_small_holddown = - (strcmp((yyvsp[0].str), "yes")==0); - free((yyvsp[0].str)); - } -#line 3818 "util/configparser.c" /* yacc.c:1646 */ - break; - - case 311: -#line 1422 "util/configparser.y" /* yacc.c:1646 */ - { - OUTYY(("P(server_key_cache_size:%s)\n", (yyvsp[0].str))); - if(!cfg_parse_memsize((yyvsp[0].str), &cfg_parser->cfg->key_cache_size)) - yyerror("memory size expected"); - free((yyvsp[0].str)); - } -#line 3829 "util/configparser.c" /* yacc.c:1646 */ - break; - - case 312: -#line 1430 "util/configparser.y" /* yacc.c:1646 */ - { - OUTYY(("P(server_key_cache_slabs:%s)\n", (yyvsp[0].str))); - if(atoi((yyvsp[0].str)) == 0) - yyerror("number expected"); - else { - cfg_parser->cfg->key_cache_slabs = atoi((yyvsp[0].str)); - if(!is_pow2(cfg_parser->cfg->key_cache_slabs)) - yyerror("must be a power of 2"); - } - free((yyvsp[0].str)); - } -#line 3845 "util/configparser.c" /* yacc.c:1646 */ - break; - - case 313: -#line 1443 "util/configparser.y" /* yacc.c:1646 */ - { - OUTYY(("P(server_neg_cache_size:%s)\n", (yyvsp[0].str))); - if(!cfg_parse_memsize((yyvsp[0].str), &cfg_parser->cfg->neg_cache_size)) - yyerror("memory size expected"); - free((yyvsp[0].str)); - } -#line 3856 "util/configparser.c" /* yacc.c:1646 */ - break; - - case 314: -#line 1451 "util/configparser.y" /* yacc.c:1646 */ - { - OUTYY(("P(server_local_zone:%s %s)\n", (yyvsp[-1].str), (yyvsp[0].str))); - if(strcmp((yyvsp[0].str), "static")!=0 && strcmp((yyvsp[0].str), "deny")!=0 && - strcmp((yyvsp[0].str), "refuse")!=0 && strcmp((yyvsp[0].str), "redirect")!=0 && - strcmp((yyvsp[0].str), "transparent")!=0 && strcmp((yyvsp[0].str), "nodefault")!=0 - && strcmp((yyvsp[0].str), "typetransparent")!=0 - && strcmp((yyvsp[0].str), "always_transparent")!=0 - && strcmp((yyvsp[0].str), "always_refuse")!=0 - && strcmp((yyvsp[0].str), "always_nxdomain")!=0 - && strcmp((yyvsp[0].str), "inform")!=0 && strcmp((yyvsp[0].str), "inform_deny")!=0) - yyerror("local-zone type: expected static, deny, " - "refuse, redirect, transparent, " - "typetransparent, inform, inform_deny, " - "always_transparent, always_refuse, " - "always_nxdomain or nodefault"); - else if(strcmp((yyvsp[0].str), "nodefault")==0) { - if(!cfg_strlist_insert(&cfg_parser->cfg-> - local_zones_nodefault, (yyvsp[-1].str))) - fatal_exit("out of memory adding local-zone"); - free((yyvsp[0].str)); - } else { - if(!cfg_str2list_insert(&cfg_parser->cfg->local_zones, - (yyvsp[-1].str), (yyvsp[0].str))) - fatal_exit("out of memory adding local-zone"); - } - } -#line 3887 "util/configparser.c" /* yacc.c:1646 */ - break; - - case 315: -#line 1479 "util/configparser.y" /* yacc.c:1646 */ - { - OUTYY(("P(server_local_data:%s)\n", (yyvsp[0].str))); - if(!cfg_strlist_insert(&cfg_parser->cfg->local_data, (yyvsp[0].str))) - fatal_exit("out of memory adding local-data"); - } -#line 3897 "util/configparser.c" /* yacc.c:1646 */ - break; - - case 316: -#line 1486 "util/configparser.y" /* yacc.c:1646 */ - { - char* ptr; - OUTYY(("P(server_local_data_ptr:%s)\n", (yyvsp[0].str))); - ptr = cfg_ptr_reverse((yyvsp[0].str)); - free((yyvsp[0].str)); - if(ptr) { - if(!cfg_strlist_insert(&cfg_parser->cfg-> - local_data, ptr)) - fatal_exit("out of memory adding local-data"); - } else { - yyerror("local-data-ptr could not be reversed"); - } - } -#line 3915 "util/configparser.c" /* yacc.c:1646 */ - break; - - case 317: -#line 1501 "util/configparser.y" /* yacc.c:1646 */ - { - OUTYY(("P(server_minimal_responses:%s)\n", (yyvsp[0].str))); - if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) - yyerror("expected yes or no."); - else cfg_parser->cfg->minimal_responses = - (strcmp((yyvsp[0].str), "yes")==0); - free((yyvsp[0].str)); - } -#line 3928 "util/configparser.c" /* yacc.c:1646 */ - break; - - case 318: -#line 1511 "util/configparser.y" /* yacc.c:1646 */ - { - OUTYY(("P(server_rrset_roundrobin:%s)\n", (yyvsp[0].str))); - if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) - yyerror("expected yes or no."); - else cfg_parser->cfg->rrset_roundrobin = - (strcmp((yyvsp[0].str), "yes")==0); - free((yyvsp[0].str)); - } -#line 3941 "util/configparser.c" /* yacc.c:1646 */ - break; - - case 319: -#line 1521 "util/configparser.y" /* yacc.c:1646 */ - { - OUTYY(("P(server_max_udp_size:%s)\n", (yyvsp[0].str))); - cfg_parser->cfg->max_udp_size = atoi((yyvsp[0].str)); - free((yyvsp[0].str)); - } -#line 3951 "util/configparser.c" /* yacc.c:1646 */ - break; - - case 320: -#line 1528 "util/configparser.y" /* yacc.c:1646 */ - { - OUTYY(("P(dns64_prefix:%s)\n", (yyvsp[0].str))); - free(cfg_parser->cfg->dns64_prefix); - cfg_parser->cfg->dns64_prefix = (yyvsp[0].str); - } -#line 3961 "util/configparser.c" /* yacc.c:1646 */ - break; - - case 321: -#line 1535 "util/configparser.y" /* yacc.c:1646 */ - { - OUTYY(("P(server_dns64_synthall:%s)\n", (yyvsp[0].str))); - if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) - yyerror("expected yes or no."); - else cfg_parser->cfg->dns64_synthall = (strcmp((yyvsp[0].str), "yes")==0); - free((yyvsp[0].str)); - } -#line 3973 "util/configparser.c" /* yacc.c:1646 */ - break; - - case 322: -#line 1544 "util/configparser.y" /* yacc.c:1646 */ - { - char* p, *s = (yyvsp[0].str); - OUTYY(("P(server_define_tag:%s)\n", (yyvsp[0].str))); - while((p=strsep(&s, " \t\n")) != NULL) { - if(*p) { - if(!config_add_tag(cfg_parser->cfg, p)) - yyerror("could not define-tag, " - "out of memory"); - } - } - free((yyvsp[0].str)); - } -#line 3990 "util/configparser.c" /* yacc.c:1646 */ - break; - - case 323: -#line 1558 "util/configparser.y" /* yacc.c:1646 */ - { - size_t len = 0; - uint8_t* bitlist = config_parse_taglist(cfg_parser->cfg, (yyvsp[0].str), - &len); - free((yyvsp[0].str)); - OUTYY(("P(server_local_zone_tag:%s)\n", (yyvsp[-1].str))); - if(!bitlist) - yyerror("could not parse tags, (define-tag them first)"); - if(bitlist) { - if(!cfg_strbytelist_insert( - &cfg_parser->cfg->local_zone_tags, - (yyvsp[-1].str), bitlist, len)) { - yyerror("out of memory"); - free((yyvsp[-1].str)); - } - } - } -#line 4012 "util/configparser.c" /* yacc.c:1646 */ - break; - - case 324: -#line 1577 "util/configparser.y" /* yacc.c:1646 */ - { - size_t len = 0; - uint8_t* bitlist = config_parse_taglist(cfg_parser->cfg, (yyvsp[0].str), - &len); - free((yyvsp[0].str)); - OUTYY(("P(server_access_control_tag:%s)\n", (yyvsp[-1].str))); - if(!bitlist) - yyerror("could not parse tags, (define-tag them first)"); - if(bitlist) { - if(!cfg_strbytelist_insert( - &cfg_parser->cfg->acl_tags, - (yyvsp[-1].str), bitlist, len)) { - yyerror("out of memory"); - free((yyvsp[-1].str)); - } - } - } -#line 4034 "util/configparser.c" /* yacc.c:1646 */ - break; - - case 325: -#line 1596 "util/configparser.y" /* yacc.c:1646 */ - { - OUTYY(("P(server_access_control_tag_action:%s %s %s)\n", (yyvsp[-2].str), (yyvsp[-1].str), (yyvsp[0].str))); - if(!cfg_str3list_insert(&cfg_parser->cfg->acl_tag_actions, - (yyvsp[-2].str), (yyvsp[-1].str), (yyvsp[0].str))) { - yyerror("out of memory"); - free((yyvsp[-2].str)); - free((yyvsp[-1].str)); - free((yyvsp[0].str)); - } - } -#line 4049 "util/configparser.c" /* yacc.c:1646 */ - break; - - case 326: -#line 1608 "util/configparser.y" /* yacc.c:1646 */ - { - OUTYY(("P(server_access_control_tag_data:%s %s %s)\n", (yyvsp[-2].str), (yyvsp[-1].str), (yyvsp[0].str))); - if(!cfg_str3list_insert(&cfg_parser->cfg->acl_tag_datas, - (yyvsp[-2].str), (yyvsp[-1].str), (yyvsp[0].str))) { - yyerror("out of memory"); - free((yyvsp[-2].str)); - free((yyvsp[-1].str)); - free((yyvsp[0].str)); - } - } -#line 4064 "util/configparser.c" /* yacc.c:1646 */ - break; - - case 327: -#line 1620 "util/configparser.y" /* yacc.c:1646 */ - { - OUTYY(("P(server_local_zone_override:%s %s %s)\n", (yyvsp[-2].str), (yyvsp[-1].str), (yyvsp[0].str))); - if(!cfg_str3list_insert(&cfg_parser->cfg->local_zone_overrides, - (yyvsp[-2].str), (yyvsp[-1].str), (yyvsp[0].str))) { - yyerror("out of memory"); - free((yyvsp[-2].str)); - free((yyvsp[-1].str)); - free((yyvsp[0].str)); - } - } -#line 4079 "util/configparser.c" /* yacc.c:1646 */ - break; - - case 328: -#line 1632 "util/configparser.y" /* yacc.c:1646 */ - { - OUTYY(("P(server_access_control_view:%s %s)\n", (yyvsp[-1].str), (yyvsp[0].str))); - if(!cfg_str2list_insert(&cfg_parser->cfg->acl_view, - (yyvsp[-1].str), (yyvsp[0].str))) { - yyerror("out of memory"); - free((yyvsp[-1].str)); - free((yyvsp[0].str)); - } - } -#line 4093 "util/configparser.c" /* yacc.c:1646 */ - break; - - case 329: -#line 1643 "util/configparser.y" /* yacc.c:1646 */ - { - size_t len = 0; - uint8_t* bitlist = config_parse_taglist(cfg_parser->cfg, (yyvsp[0].str), - &len); - free((yyvsp[0].str)); - OUTYY(("P(response_ip_tag:%s)\n", (yyvsp[-1].str))); - if(!bitlist) - yyerror("could not parse tags, (define-tag them first)"); - if(bitlist) { - if(!cfg_strbytelist_insert( - &cfg_parser->cfg->respip_tags, - (yyvsp[-1].str), bitlist, len)) { - yyerror("out of memory"); - free((yyvsp[-1].str)); - } - } - } -#line 4115 "util/configparser.c" /* yacc.c:1646 */ - break; - - case 330: -#line 1662 "util/configparser.y" /* yacc.c:1646 */ - { - OUTYY(("P(server_ip_ratelimit:%s)\n", (yyvsp[0].str))); - if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) - yyerror("number expected"); - else cfg_parser->cfg->ip_ratelimit = atoi((yyvsp[0].str)); - free((yyvsp[0].str)); - } -#line 4127 "util/configparser.c" /* yacc.c:1646 */ - break; - - case 331: -#line 1672 "util/configparser.y" /* yacc.c:1646 */ - { - OUTYY(("P(server_ratelimit:%s)\n", (yyvsp[0].str))); - if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) - yyerror("number expected"); - else cfg_parser->cfg->ratelimit = atoi((yyvsp[0].str)); - free((yyvsp[0].str)); - } -#line 4139 "util/configparser.c" /* yacc.c:1646 */ - break; - - case 332: -#line 1681 "util/configparser.y" /* yacc.c:1646 */ - { - OUTYY(("P(server_ip_ratelimit_size:%s)\n", (yyvsp[0].str))); - if(!cfg_parse_memsize((yyvsp[0].str), &cfg_parser->cfg->ip_ratelimit_size)) - yyerror("memory size expected"); - free((yyvsp[0].str)); - } -#line 4150 "util/configparser.c" /* yacc.c:1646 */ - break; - - case 333: -#line 1689 "util/configparser.y" /* yacc.c:1646 */ - { - OUTYY(("P(server_ratelimit_size:%s)\n", (yyvsp[0].str))); - if(!cfg_parse_memsize((yyvsp[0].str), &cfg_parser->cfg->ratelimit_size)) - yyerror("memory size expected"); - free((yyvsp[0].str)); - } -#line 4161 "util/configparser.c" /* yacc.c:1646 */ - break; - - case 334: -#line 1697 "util/configparser.y" /* yacc.c:1646 */ - { - OUTYY(("P(server_ip_ratelimit_slabs:%s)\n", (yyvsp[0].str))); - if(atoi((yyvsp[0].str)) == 0) - yyerror("number expected"); - else { - cfg_parser->cfg->ip_ratelimit_slabs = atoi((yyvsp[0].str)); - if(!is_pow2(cfg_parser->cfg->ip_ratelimit_slabs)) - yyerror("must be a power of 2"); - } - free((yyvsp[0].str)); - } -#line 4177 "util/configparser.c" /* yacc.c:1646 */ - break; - - case 335: -#line 1710 "util/configparser.y" /* yacc.c:1646 */ - { - OUTYY(("P(server_ratelimit_slabs:%s)\n", (yyvsp[0].str))); - if(atoi((yyvsp[0].str)) == 0) - yyerror("number expected"); - else { - cfg_parser->cfg->ratelimit_slabs = atoi((yyvsp[0].str)); - if(!is_pow2(cfg_parser->cfg->ratelimit_slabs)) - yyerror("must be a power of 2"); - } - free((yyvsp[0].str)); - } -#line 4193 "util/configparser.c" /* yacc.c:1646 */ - break; - - case 336: -#line 1723 "util/configparser.y" /* yacc.c:1646 */ - { - OUTYY(("P(server_ratelimit_for_domain:%s %s)\n", (yyvsp[-1].str), (yyvsp[0].str))); - if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) { - yyerror("number expected"); - } else { - if(!cfg_str2list_insert(&cfg_parser->cfg-> - ratelimit_for_domain, (yyvsp[-1].str), (yyvsp[0].str))) - fatal_exit("out of memory adding " - "ratelimit-for-domain"); - } - } -#line 4209 "util/configparser.c" /* yacc.c:1646 */ - break; - - case 337: -#line 1736 "util/configparser.y" /* yacc.c:1646 */ - { - OUTYY(("P(server_ratelimit_below_domain:%s %s)\n", (yyvsp[-1].str), (yyvsp[0].str))); - if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) { - yyerror("number expected"); - } else { - if(!cfg_str2list_insert(&cfg_parser->cfg-> - ratelimit_below_domain, (yyvsp[-1].str), (yyvsp[0].str))) - fatal_exit("out of memory adding " - "ratelimit-below-domain"); - } - } -#line 4225 "util/configparser.c" /* yacc.c:1646 */ - break; - - case 338: -#line 1749 "util/configparser.y" /* yacc.c:1646 */ - { - OUTYY(("P(server_ip_ratelimit_factor:%s)\n", (yyvsp[0].str))); - if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) - yyerror("number expected"); - else cfg_parser->cfg->ip_ratelimit_factor = atoi((yyvsp[0].str)); - free((yyvsp[0].str)); - } -#line 4237 "util/configparser.c" /* yacc.c:1646 */ - break; - - case 339: -#line 1758 "util/configparser.y" /* yacc.c:1646 */ - { - OUTYY(("P(server_ratelimit_factor:%s)\n", (yyvsp[0].str))); - if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) - yyerror("number expected"); - else cfg_parser->cfg->ratelimit_factor = atoi((yyvsp[0].str)); - free((yyvsp[0].str)); - } -#line 4249 "util/configparser.c" /* yacc.c:1646 */ - break; - - case 340: -#line 1767 "util/configparser.y" /* yacc.c:1646 */ - { - OUTYY(("P(server_qname_minimisation:%s)\n", (yyvsp[0].str))); - if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) - yyerror("expected yes or no."); - else cfg_parser->cfg->qname_minimisation = - (strcmp((yyvsp[0].str), "yes")==0); - free((yyvsp[0].str)); - } -#line 4262 "util/configparser.c" /* yacc.c:1646 */ - break; - - case 341: -#line 1777 "util/configparser.y" /* yacc.c:1646 */ - { - OUTYY(("P(server_qname_minimisation_strict:%s)\n", (yyvsp[0].str))); - if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) - yyerror("expected yes or no."); - else cfg_parser->cfg->qname_minimisation_strict = - (strcmp((yyvsp[0].str), "yes")==0); - free((yyvsp[0].str)); - } -#line 4275 "util/configparser.c" /* yacc.c:1646 */ - break; - - case 342: -#line 1787 "util/configparser.y" /* yacc.c:1646 */ - { - OUTYY(("P(name:%s)\n", (yyvsp[0].str))); - if(cfg_parser->cfg->stubs->name) - yyerror("stub name override, there must be one name " - "for one stub-zone"); - free(cfg_parser->cfg->stubs->name); - cfg_parser->cfg->stubs->name = (yyvsp[0].str); - } -#line 4288 "util/configparser.c" /* yacc.c:1646 */ - break; - - case 343: -#line 1797 "util/configparser.y" /* yacc.c:1646 */ - { - OUTYY(("P(stub-host:%s)\n", (yyvsp[0].str))); - if(!cfg_strlist_insert(&cfg_parser->cfg->stubs->hosts, (yyvsp[0].str))) - yyerror("out of memory"); - } -#line 4298 "util/configparser.c" /* yacc.c:1646 */ - break; - - case 344: -#line 1804 "util/configparser.y" /* yacc.c:1646 */ - { - OUTYY(("P(stub-addr:%s)\n", (yyvsp[0].str))); - if(!cfg_strlist_insert(&cfg_parser->cfg->stubs->addrs, (yyvsp[0].str))) - yyerror("out of memory"); - } -#line 4308 "util/configparser.c" /* yacc.c:1646 */ - break; - - case 345: -#line 1811 "util/configparser.y" /* yacc.c:1646 */ - { - OUTYY(("P(stub-first:%s)\n", (yyvsp[0].str))); - if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) - yyerror("expected yes or no."); - else cfg_parser->cfg->stubs->isfirst=(strcmp((yyvsp[0].str), "yes")==0); - free((yyvsp[0].str)); - } -#line 4320 "util/configparser.c" /* yacc.c:1646 */ - break; - - case 346: -#line 1820 "util/configparser.y" /* yacc.c:1646 */ - { - OUTYY(("P(stub-ssl-upstream:%s)\n", (yyvsp[0].str))); - if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) - yyerror("expected yes or no."); - else cfg_parser->cfg->stubs->ssl_upstream = - (strcmp((yyvsp[0].str), "yes")==0); - free((yyvsp[0].str)); - } -#line 4333 "util/configparser.c" /* yacc.c:1646 */ - break; - - case 347: -#line 1830 "util/configparser.y" /* yacc.c:1646 */ - { - OUTYY(("P(stub-prime:%s)\n", (yyvsp[0].str))); - if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) - yyerror("expected yes or no."); - else cfg_parser->cfg->stubs->isprime = - (strcmp((yyvsp[0].str), "yes")==0); - free((yyvsp[0].str)); - } -#line 4346 "util/configparser.c" /* yacc.c:1646 */ - break; - - case 348: -#line 1840 "util/configparser.y" /* yacc.c:1646 */ - { - OUTYY(("P(name:%s)\n", (yyvsp[0].str))); - if(cfg_parser->cfg->forwards->name) - yyerror("forward name override, there must be one " - "name for one forward-zone"); - free(cfg_parser->cfg->forwards->name); - cfg_parser->cfg->forwards->name = (yyvsp[0].str); - } -#line 4359 "util/configparser.c" /* yacc.c:1646 */ - break; - - case 349: -#line 1850 "util/configparser.y" /* yacc.c:1646 */ - { - OUTYY(("P(forward-host:%s)\n", (yyvsp[0].str))); - if(!cfg_strlist_insert(&cfg_parser->cfg->forwards->hosts, (yyvsp[0].str))) - yyerror("out of memory"); - } -#line 4369 "util/configparser.c" /* yacc.c:1646 */ - break; - - case 350: -#line 1857 "util/configparser.y" /* yacc.c:1646 */ - { - OUTYY(("P(forward-addr:%s)\n", (yyvsp[0].str))); - if(!cfg_strlist_insert(&cfg_parser->cfg->forwards->addrs, (yyvsp[0].str))) - yyerror("out of memory"); - } -#line 4379 "util/configparser.c" /* yacc.c:1646 */ - break; - - case 351: -#line 1864 "util/configparser.y" /* yacc.c:1646 */ - { - OUTYY(("P(forward-first:%s)\n", (yyvsp[0].str))); - if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) - yyerror("expected yes or no."); - else cfg_parser->cfg->forwards->isfirst=(strcmp((yyvsp[0].str), "yes")==0); - free((yyvsp[0].str)); - } -#line 4391 "util/configparser.c" /* yacc.c:1646 */ - break; - - case 352: -#line 1873 "util/configparser.y" /* yacc.c:1646 */ - { - OUTYY(("P(forward-ssl-upstream:%s)\n", (yyvsp[0].str))); - if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) - yyerror("expected yes or no."); - else cfg_parser->cfg->forwards->ssl_upstream = - (strcmp((yyvsp[0].str), "yes")==0); - free((yyvsp[0].str)); - } -#line 4404 "util/configparser.c" /* yacc.c:1646 */ - break; - - case 353: -#line 1883 "util/configparser.y" /* yacc.c:1646 */ - { - OUTYY(("P(name:%s)\n", (yyvsp[0].str))); - if(cfg_parser->cfg->views->name) - yyerror("view name override, there must be one " - "name for one view"); - free(cfg_parser->cfg->views->name); - cfg_parser->cfg->views->name = (yyvsp[0].str); - } -#line 4417 "util/configparser.c" /* yacc.c:1646 */ - break; - - case 354: -#line 1893 "util/configparser.y" /* yacc.c:1646 */ - { - OUTYY(("P(view_local_zone:%s %s)\n", (yyvsp[-1].str), (yyvsp[0].str))); - if(strcmp((yyvsp[0].str), "static")!=0 && strcmp((yyvsp[0].str), "deny")!=0 && - strcmp((yyvsp[0].str), "refuse")!=0 && strcmp((yyvsp[0].str), "redirect")!=0 && - strcmp((yyvsp[0].str), "transparent")!=0 && strcmp((yyvsp[0].str), "nodefault")!=0 - && strcmp((yyvsp[0].str), "typetransparent")!=0 - && strcmp((yyvsp[0].str), "always_transparent")!=0 - && strcmp((yyvsp[0].str), "always_refuse")!=0 - && strcmp((yyvsp[0].str), "always_nxdomain")!=0 - && strcmp((yyvsp[0].str), "inform")!=0 && strcmp((yyvsp[0].str), "inform_deny")!=0) - yyerror("local-zone type: expected static, deny, " - "refuse, redirect, transparent, " - "typetransparent, inform, inform_deny, " - "always_transparent, always_refuse, " - "always_nxdomain or nodefault"); - else if(strcmp((yyvsp[0].str), "nodefault")==0) { - if(!cfg_strlist_insert(&cfg_parser->cfg->views-> - local_zones_nodefault, (yyvsp[-1].str))) - fatal_exit("out of memory adding local-zone"); - free((yyvsp[0].str)); - } else { - if(!cfg_str2list_insert( - &cfg_parser->cfg->views->local_zones, - (yyvsp[-1].str), (yyvsp[0].str))) - fatal_exit("out of memory adding local-zone"); - } - } -#line 4449 "util/configparser.c" /* yacc.c:1646 */ - break; - - case 355: -#line 1922 "util/configparser.y" /* yacc.c:1646 */ - { - OUTYY(("P(view_response_ip:%s %s)\n", (yyvsp[-1].str), (yyvsp[0].str))); - validate_respip_action((yyvsp[0].str)); - if(!cfg_str2list_insert( - &cfg_parser->cfg->views->respip_actions, (yyvsp[-1].str), (yyvsp[0].str))) - fatal_exit("out of memory adding per-view " - "response-ip action"); - } -#line 4462 "util/configparser.c" /* yacc.c:1646 */ - break; - - case 356: -#line 1932 "util/configparser.y" /* yacc.c:1646 */ - { - OUTYY(("P(view_response_ip_data:%s)\n", (yyvsp[-1].str))); - if(!cfg_str2list_insert( - &cfg_parser->cfg->views->respip_data, (yyvsp[-1].str), (yyvsp[0].str))) - fatal_exit("out of memory adding response-ip-data"); - } -#line 4473 "util/configparser.c" /* yacc.c:1646 */ - break; - - case 357: -#line 1940 "util/configparser.y" /* yacc.c:1646 */ - { - OUTYY(("P(view_local_data:%s)\n", (yyvsp[0].str))); - if(!cfg_strlist_insert(&cfg_parser->cfg->views->local_data, (yyvsp[0].str))) { - fatal_exit("out of memory adding local-data"); - free((yyvsp[0].str)); - } - } -#line 4485 "util/configparser.c" /* yacc.c:1646 */ - break; - - case 358: -#line 1949 "util/configparser.y" /* yacc.c:1646 */ - { - char* ptr; - OUTYY(("P(view_local_data_ptr:%s)\n", (yyvsp[0].str))); - ptr = cfg_ptr_reverse((yyvsp[0].str)); - free((yyvsp[0].str)); - if(ptr) { - if(!cfg_strlist_insert(&cfg_parser->cfg->views-> - local_data, ptr)) - fatal_exit("out of memory adding local-data"); - } else { - yyerror("local-data-ptr could not be reversed"); - } - } -#line 4503 "util/configparser.c" /* yacc.c:1646 */ - break; - - case 359: -#line 1964 "util/configparser.y" /* yacc.c:1646 */ - { - OUTYY(("P(view-first:%s)\n", (yyvsp[0].str))); - if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) - yyerror("expected yes or no."); - else cfg_parser->cfg->views->isfirst=(strcmp((yyvsp[0].str), "yes")==0); - free((yyvsp[0].str)); - } -#line 4515 "util/configparser.c" /* yacc.c:1646 */ - break; - - case 360: -#line 1973 "util/configparser.y" /* yacc.c:1646 */ - { - OUTYY(("\nP(remote-control:)\n")); - } -#line 4523 "util/configparser.c" /* yacc.c:1646 */ - break; - - case 371: -#line 1984 "util/configparser.y" /* yacc.c:1646 */ - { - OUTYY(("P(control_enable:%s)\n", (yyvsp[0].str))); - if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) - yyerror("expected yes or no."); - else cfg_parser->cfg->remote_control_enable = - (strcmp((yyvsp[0].str), "yes")==0); - free((yyvsp[0].str)); - } -#line 4536 "util/configparser.c" /* yacc.c:1646 */ - break; - - case 372: -#line 1994 "util/configparser.y" /* yacc.c:1646 */ - { - OUTYY(("P(control_port:%s)\n", (yyvsp[0].str))); - if(atoi((yyvsp[0].str)) == 0) - yyerror("control port number expected"); - else cfg_parser->cfg->control_port = atoi((yyvsp[0].str)); - free((yyvsp[0].str)); - } -#line 4548 "util/configparser.c" /* yacc.c:1646 */ - break; - - case 373: -#line 2003 "util/configparser.y" /* yacc.c:1646 */ - { - OUTYY(("P(control_interface:%s)\n", (yyvsp[0].str))); - if(!cfg_strlist_insert(&cfg_parser->cfg->control_ifs, (yyvsp[0].str))) - yyerror("out of memory"); - } -#line 4558 "util/configparser.c" /* yacc.c:1646 */ - break; - - case 374: -#line 2010 "util/configparser.y" /* yacc.c:1646 */ - { - OUTYY(("P(control_use_cert:%s)\n", (yyvsp[0].str))); - if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) - yyerror("expected yes or no."); - else cfg_parser->cfg->remote_control_use_cert = - (strcmp((yyvsp[0].str), "yes")==0); - free((yyvsp[0].str)); - } -#line 4571 "util/configparser.c" /* yacc.c:1646 */ - break; - - case 375: -#line 2020 "util/configparser.y" /* yacc.c:1646 */ - { - OUTYY(("P(rc_server_key_file:%s)\n", (yyvsp[0].str))); - free(cfg_parser->cfg->server_key_file); - cfg_parser->cfg->server_key_file = (yyvsp[0].str); - } -#line 4581 "util/configparser.c" /* yacc.c:1646 */ - break; - - case 376: -#line 2027 "util/configparser.y" /* yacc.c:1646 */ - { - OUTYY(("P(rc_server_cert_file:%s)\n", (yyvsp[0].str))); - free(cfg_parser->cfg->server_cert_file); - cfg_parser->cfg->server_cert_file = (yyvsp[0].str); - } -#line 4591 "util/configparser.c" /* yacc.c:1646 */ - break; - - case 377: -#line 2034 "util/configparser.y" /* yacc.c:1646 */ - { - OUTYY(("P(rc_control_key_file:%s)\n", (yyvsp[0].str))); - free(cfg_parser->cfg->control_key_file); - cfg_parser->cfg->control_key_file = (yyvsp[0].str); - } -#line 4601 "util/configparser.c" /* yacc.c:1646 */ - break; - - case 378: -#line 2041 "util/configparser.y" /* yacc.c:1646 */ - { - OUTYY(("P(rc_control_cert_file:%s)\n", (yyvsp[0].str))); - free(cfg_parser->cfg->control_cert_file); - cfg_parser->cfg->control_cert_file = (yyvsp[0].str); - } -#line 4611 "util/configparser.c" /* yacc.c:1646 */ - break; - - case 379: -#line 2048 "util/configparser.y" /* yacc.c:1646 */ - { - OUTYY(("\nP(dnstap:)\n")); - } -#line 4619 "util/configparser.c" /* yacc.c:1646 */ - break; - - case 394: -#line 2065 "util/configparser.y" /* yacc.c:1646 */ - { - OUTYY(("P(dt_dnstap_enable:%s)\n", (yyvsp[0].str))); - if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) - yyerror("expected yes or no."); - else cfg_parser->cfg->dnstap = (strcmp((yyvsp[0].str), "yes")==0); - } -#line 4630 "util/configparser.c" /* yacc.c:1646 */ - break; - - case 395: -#line 2073 "util/configparser.y" /* yacc.c:1646 */ - { - OUTYY(("P(dt_dnstap_socket_path:%s)\n", (yyvsp[0].str))); - free(cfg_parser->cfg->dnstap_socket_path); - cfg_parser->cfg->dnstap_socket_path = (yyvsp[0].str); - } -#line 4640 "util/configparser.c" /* yacc.c:1646 */ - break; - - case 396: -#line 2080 "util/configparser.y" /* yacc.c:1646 */ - { - OUTYY(("P(dt_dnstap_send_identity:%s)\n", (yyvsp[0].str))); - if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) - yyerror("expected yes or no."); - else cfg_parser->cfg->dnstap_send_identity = (strcmp((yyvsp[0].str), "yes")==0); - } -#line 4651 "util/configparser.c" /* yacc.c:1646 */ - break; - - case 397: -#line 2088 "util/configparser.y" /* yacc.c:1646 */ - { - OUTYY(("P(dt_dnstap_send_version:%s)\n", (yyvsp[0].str))); - if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) - yyerror("expected yes or no."); - else cfg_parser->cfg->dnstap_send_version = (strcmp((yyvsp[0].str), "yes")==0); - } -#line 4662 "util/configparser.c" /* yacc.c:1646 */ - break; - - case 398: -#line 2096 "util/configparser.y" /* yacc.c:1646 */ - { - OUTYY(("P(dt_dnstap_identity:%s)\n", (yyvsp[0].str))); - free(cfg_parser->cfg->dnstap_identity); - cfg_parser->cfg->dnstap_identity = (yyvsp[0].str); - } -#line 4672 "util/configparser.c" /* yacc.c:1646 */ - break; - - case 399: -#line 2103 "util/configparser.y" /* yacc.c:1646 */ - { - OUTYY(("P(dt_dnstap_version:%s)\n", (yyvsp[0].str))); - free(cfg_parser->cfg->dnstap_version); - cfg_parser->cfg->dnstap_version = (yyvsp[0].str); - } -#line 4682 "util/configparser.c" /* yacc.c:1646 */ - break; - - case 400: -#line 2110 "util/configparser.y" /* yacc.c:1646 */ - { - OUTYY(("P(dt_dnstap_log_resolver_query_messages:%s)\n", (yyvsp[0].str))); - if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) - yyerror("expected yes or no."); - else cfg_parser->cfg->dnstap_log_resolver_query_messages = - (strcmp((yyvsp[0].str), "yes")==0); - } -#line 4694 "util/configparser.c" /* yacc.c:1646 */ - break; - - case 401: -#line 2119 "util/configparser.y" /* yacc.c:1646 */ - { - OUTYY(("P(dt_dnstap_log_resolver_response_messages:%s)\n", (yyvsp[0].str))); - if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) - yyerror("expected yes or no."); - else cfg_parser->cfg->dnstap_log_resolver_response_messages = - (strcmp((yyvsp[0].str), "yes")==0); - } -#line 4706 "util/configparser.c" /* yacc.c:1646 */ - break; - - case 402: -#line 2128 "util/configparser.y" /* yacc.c:1646 */ - { - OUTYY(("P(dt_dnstap_log_client_query_messages:%s)\n", (yyvsp[0].str))); - if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) - yyerror("expected yes or no."); - else cfg_parser->cfg->dnstap_log_client_query_messages = - (strcmp((yyvsp[0].str), "yes")==0); - } -#line 4718 "util/configparser.c" /* yacc.c:1646 */ - break; - - case 403: -#line 2137 "util/configparser.y" /* yacc.c:1646 */ - { - OUTYY(("P(dt_dnstap_log_client_response_messages:%s)\n", (yyvsp[0].str))); - if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) - yyerror("expected yes or no."); - else cfg_parser->cfg->dnstap_log_client_response_messages = - (strcmp((yyvsp[0].str), "yes")==0); - } -#line 4730 "util/configparser.c" /* yacc.c:1646 */ - break; - - case 404: -#line 2146 "util/configparser.y" /* yacc.c:1646 */ - { - OUTYY(("P(dt_dnstap_log_forwarder_query_messages:%s)\n", (yyvsp[0].str))); - if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) - yyerror("expected yes or no."); - else cfg_parser->cfg->dnstap_log_forwarder_query_messages = - (strcmp((yyvsp[0].str), "yes")==0); - } -#line 4742 "util/configparser.c" /* yacc.c:1646 */ - break; - - case 405: -#line 2155 "util/configparser.y" /* yacc.c:1646 */ - { - OUTYY(("P(dt_dnstap_log_forwarder_response_messages:%s)\n", (yyvsp[0].str))); - if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) - yyerror("expected yes or no."); - else cfg_parser->cfg->dnstap_log_forwarder_response_messages = - (strcmp((yyvsp[0].str), "yes")==0); - } -#line 4754 "util/configparser.c" /* yacc.c:1646 */ - break; - - case 406: -#line 2164 "util/configparser.y" /* yacc.c:1646 */ - { - OUTYY(("\nP(python:)\n")); - } -#line 4762 "util/configparser.c" /* yacc.c:1646 */ - break; - - case 410: -#line 2173 "util/configparser.y" /* yacc.c:1646 */ - { - OUTYY(("P(python-script:%s)\n", (yyvsp[0].str))); - free(cfg_parser->cfg->python_script); - cfg_parser->cfg->python_script = (yyvsp[0].str); - } -#line 4772 "util/configparser.c" /* yacc.c:1646 */ - break; - - case 411: -#line 2179 "util/configparser.y" /* yacc.c:1646 */ - { - OUTYY(("P(disable_dnssec_lame_check:%s)\n", (yyvsp[0].str))); - if (strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) - yyerror("expected yes or no."); - else cfg_parser->cfg->disable_dnssec_lame_check = - (strcmp((yyvsp[0].str), "yes")==0); - free((yyvsp[0].str)); - } -#line 4785 "util/configparser.c" /* yacc.c:1646 */ - break; - - case 412: -#line 2189 "util/configparser.y" /* yacc.c:1646 */ - { - OUTYY(("P(server_log_identity:%s)\n", (yyvsp[0].str))); - free(cfg_parser->cfg->log_identity); - cfg_parser->cfg->log_identity = (yyvsp[0].str); - } -#line 4795 "util/configparser.c" /* yacc.c:1646 */ - break; - - case 413: -#line 2196 "util/configparser.y" /* yacc.c:1646 */ - { - OUTYY(("P(server_response_ip:%s %s)\n", (yyvsp[-1].str), (yyvsp[0].str))); - validate_respip_action((yyvsp[0].str)); - if(!cfg_str2list_insert(&cfg_parser->cfg->respip_actions, - (yyvsp[-1].str), (yyvsp[0].str))) - fatal_exit("out of memory adding response-ip"); - } -#line 4807 "util/configparser.c" /* yacc.c:1646 */ - break; - - case 414: -#line 2205 "util/configparser.y" /* yacc.c:1646 */ - { - OUTYY(("P(server_response_ip_data:%s)\n", (yyvsp[-1].str))); - if(!cfg_str2list_insert(&cfg_parser->cfg->respip_data, - (yyvsp[-1].str), (yyvsp[0].str))) - fatal_exit("out of memory adding response-ip-data"); - } -#line 4818 "util/configparser.c" /* yacc.c:1646 */ - break; - - case 415: -#line 2213 "util/configparser.y" /* yacc.c:1646 */ - { - OUTYY(("\nP(dnscrypt:)\n")); - OUTYY(("\nP(dnscrypt:)\n")); - } -#line 4827 "util/configparser.c" /* yacc.c:1646 */ - break; - - case 423: -#line 2225 "util/configparser.y" /* yacc.c:1646 */ - { - OUTYY(("P(dnsc_dnscrypt_enable:%s)\n", (yyvsp[0].str))); - if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) - yyerror("expected yes or no."); - else cfg_parser->cfg->dnscrypt = (strcmp((yyvsp[0].str), "yes")==0); - } -#line 4838 "util/configparser.c" /* yacc.c:1646 */ - break; - - case 424: -#line 2234 "util/configparser.y" /* yacc.c:1646 */ - { - OUTYY(("P(dnsc_dnscrypt_port:%s)\n", (yyvsp[0].str))); - - if(atoi((yyvsp[0].str)) == 0) - yyerror("port number expected"); - else cfg_parser->cfg->dnscrypt_port = atoi((yyvsp[0].str)); - free((yyvsp[0].str)); - } -#line 4851 "util/configparser.c" /* yacc.c:1646 */ - break; - - case 425: -#line 2244 "util/configparser.y" /* yacc.c:1646 */ - { - OUTYY(("P(dnsc_dnscrypt_provider:%s)\n", (yyvsp[0].str))); - free(cfg_parser->cfg->dnscrypt_provider); - cfg_parser->cfg->dnscrypt_provider = (yyvsp[0].str); - } -#line 4861 "util/configparser.c" /* yacc.c:1646 */ - break; - - case 426: -#line 2251 "util/configparser.y" /* yacc.c:1646 */ - { - OUTYY(("P(dnsc_dnscrypt_provider_cert:%s)\n", (yyvsp[0].str))); - if(!cfg_strlist_insert(&cfg_parser->cfg->dnscrypt_provider_cert, (yyvsp[0].str))) - fatal_exit("out of memory adding dnscrypt-provider-cert"); - } -#line 4871 "util/configparser.c" /* yacc.c:1646 */ - break; - - case 427: -#line 2258 "util/configparser.y" /* yacc.c:1646 */ - { - OUTYY(("P(dnsc_dnscrypt_secret_key:%s)\n", (yyvsp[0].str))); - if(!cfg_strlist_insert(&cfg_parser->cfg->dnscrypt_secret_key, (yyvsp[0].str))) - fatal_exit("out of memory adding dnscrypt-secret-key"); - } -#line 4881 "util/configparser.c" /* yacc.c:1646 */ - break; - - -#line 4885 "util/configparser.c" /* yacc.c:1646 */ - default: break; - } - /* User semantic actions sometimes alter yychar, and that requires - that yytoken be updated with the new translation. We take the - approach of translating immediately before every use of yytoken. - One alternative is translating here after every semantic action, - but that translation would be missed if the semantic action invokes - YYABORT, YYACCEPT, or YYERROR immediately after altering yychar or - if it invokes YYBACKUP. In the case of YYABORT or YYACCEPT, an - incorrect destructor might then be invoked immediately. In the - case of YYERROR or YYBACKUP, subsequent parser actions might lead - to an incorrect destructor call or verbose syntax error message - before the lookahead is translated. */ - YY_SYMBOL_PRINT ("-> $$ =", yyr1[yyn], &yyval, &yyloc); - - YYPOPSTACK (yylen); - yylen = 0; - YY_STACK_PRINT (yyss, yyssp); - - *++yyvsp = yyval; - - /* Now 'shift' the result of the reduction. Determine what state - that goes to, based on the state we popped back to and the rule - number reduced by. */ - - yyn = yyr1[yyn]; - - yystate = yypgoto[yyn - YYNTOKENS] + *yyssp; - if (0 <= yystate && yystate <= YYLAST && yycheck[yystate] == *yyssp) - yystate = yytable[yystate]; - else - yystate = yydefgoto[yyn - YYNTOKENS]; - - goto yynewstate; - - -/*--------------------------------------. -| yyerrlab -- here on detecting error. | -`--------------------------------------*/ -yyerrlab: - /* Make sure we have latest lookahead translation. See comments at - user semantic actions for why this is necessary. */ - yytoken = yychar == YYEMPTY ? YYEMPTY : YYTRANSLATE (yychar); - - /* If not already recovering from an error, report this error. */ - if (!yyerrstatus) - { - ++yynerrs; -#if ! YYERROR_VERBOSE - yyerror (YY_("syntax error")); -#else -# define YYSYNTAX_ERROR yysyntax_error (&yymsg_alloc, &yymsg, \ - yyssp, yytoken) - { - char const *yymsgp = YY_("syntax error"); - int yysyntax_error_status; - yysyntax_error_status = YYSYNTAX_ERROR; - if (yysyntax_error_status == 0) - yymsgp = yymsg; - else if (yysyntax_error_status == 1) - { - if (yymsg != yymsgbuf) - YYSTACK_FREE (yymsg); - yymsg = (char *) YYSTACK_ALLOC (yymsg_alloc); - if (!yymsg) - { - yymsg = yymsgbuf; - yymsg_alloc = sizeof yymsgbuf; - yysyntax_error_status = 2; - } - else - { - yysyntax_error_status = YYSYNTAX_ERROR; - yymsgp = yymsg; - } - } - yyerror (yymsgp); - if (yysyntax_error_status == 2) - goto yyexhaustedlab; - } -# undef YYSYNTAX_ERROR -#endif - } - - - - if (yyerrstatus == 3) - { - /* If just tried and failed to reuse lookahead token after an - error, discard it. */ - - if (yychar <= YYEOF) - { - /* Return failure if at end of input. */ - if (yychar == YYEOF) - YYABORT; - } - else - { - yydestruct ("Error: discarding", - yytoken, &yylval); - yychar = YYEMPTY; - } - } - - /* Else will try to reuse lookahead token after shifting the error - token. */ - goto yyerrlab1; - - -/*---------------------------------------------------. -| yyerrorlab -- error raised explicitly by YYERROR. | -`---------------------------------------------------*/ -yyerrorlab: - - /* Pacify compilers like GCC when the user code never invokes - YYERROR and the label yyerrorlab therefore never appears in user - code. */ - if (/*CONSTCOND*/ 0) - goto yyerrorlab; - - /* Do not reclaim the symbols of the rule whose action triggered - this YYERROR. */ - YYPOPSTACK (yylen); - yylen = 0; - YY_STACK_PRINT (yyss, yyssp); - yystate = *yyssp; - goto yyerrlab1; - - -/*-------------------------------------------------------------. -| yyerrlab1 -- common code for both syntax error and YYERROR. | -`-------------------------------------------------------------*/ -yyerrlab1: - yyerrstatus = 3; /* Each real token shifted decrements this. */ - - for (;;) - { - yyn = yypact[yystate]; - if (!yypact_value_is_default (yyn)) - { - yyn += YYTERROR; - if (0 <= yyn && yyn <= YYLAST && yycheck[yyn] == YYTERROR) - { - yyn = yytable[yyn]; - if (0 < yyn) - break; - } - } - - /* Pop the current state because it cannot handle the error token. */ - if (yyssp == yyss) - YYABORT; - - - yydestruct ("Error: popping", - yystos[yystate], yyvsp); - YYPOPSTACK (1); - yystate = *yyssp; - YY_STACK_PRINT (yyss, yyssp); - } - - YY_IGNORE_MAYBE_UNINITIALIZED_BEGIN - *++yyvsp = yylval; - YY_IGNORE_MAYBE_UNINITIALIZED_END - - - /* Shift the error token. */ - YY_SYMBOL_PRINT ("Shifting", yystos[yyn], yyvsp, yylsp); - - yystate = yyn; - goto yynewstate; - - -/*-------------------------------------. -| yyacceptlab -- YYACCEPT comes here. | -`-------------------------------------*/ -yyacceptlab: - yyresult = 0; - goto yyreturn; - -/*-----------------------------------. -| yyabortlab -- YYABORT comes here. | -`-----------------------------------*/ -yyabortlab: - yyresult = 1; - goto yyreturn; - -#if !defined yyoverflow || YYERROR_VERBOSE -/*-------------------------------------------------. -| yyexhaustedlab -- memory exhaustion comes here. | -`-------------------------------------------------*/ -yyexhaustedlab: - yyerror (YY_("memory exhausted")); - yyresult = 2; - /* Fall through. */ -#endif - -yyreturn: - if (yychar != YYEMPTY) - { - /* Make sure we have latest lookahead translation. See comments at - user semantic actions for why this is necessary. */ - yytoken = YYTRANSLATE (yychar); - yydestruct ("Cleanup: discarding lookahead", - yytoken, &yylval); - } - /* Do not reclaim the symbols of the rule whose action triggered - this YYABORT or YYACCEPT. */ - YYPOPSTACK (yylen); - YY_STACK_PRINT (yyss, yyssp); - while (yyssp != yyss) - { - yydestruct ("Cleanup: popping", - yystos[*yyssp], yyvsp); - YYPOPSTACK (1); - } -#ifndef yyoverflow - if (yyss != yyssa) - YYSTACK_FREE (yyss); -#endif -#if YYERROR_VERBOSE - if (yymsg != yymsgbuf) - YYSTACK_FREE (yymsg); -#endif - return yyresult; -} -#line 2264 "util/configparser.y" /* yacc.c:1906 */ - - -/* parse helper routines could be here */ -static void -validate_respip_action(const char* action) -{ - if(strcmp(action, "deny")!=0 && - strcmp(action, "redirect")!=0 && - strcmp(action, "inform")!=0 && - strcmp(action, "inform_deny")!=0 && - strcmp(action, "always_transparent")!=0 && - strcmp(action, "always_refuse")!=0 && - strcmp(action, "always_nxdomain")!=0) - { - yyerror("response-ip action: expected deny, redirect, " - "inform, inform_deny, always_transparent, " - "always_refuse or always_nxdomain"); - } -} diff --git a/external/unbound/util/configparser.h b/external/unbound/util/configparser.h deleted file mode 100644 index 937754cfe..000000000 --- a/external/unbound/util/configparser.h +++ /dev/null @@ -1,484 +0,0 @@ -/* A Bison parser, made by GNU Bison 3.0.4. */ - -/* Bison interface for Yacc-like parsers in C - - Copyright (C) 1984, 1989-1990, 2000-2015 Free Software Foundation, Inc. - - This program is free software: you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation, either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see . */ - -/* As a special exception, you may create a larger work that contains - part or all of the Bison parser skeleton and distribute that work - under terms of your choice, so long as that work isn't itself a - parser generator using the skeleton or a modified version thereof - as a parser skeleton. Alternatively, if you modify or redistribute - the parser skeleton itself, you may (at your option) remove this - special exception, which will cause the skeleton and the resulting - Bison output files to be licensed under the GNU General Public - License without this special exception. - - This special exception was added by the Free Software Foundation in - version 2.2 of Bison. */ - -#ifndef YY_YY_UTIL_CONFIGPARSER_H_INCLUDED -# define YY_YY_UTIL_CONFIGPARSER_H_INCLUDED -/* Debug traces. */ -#ifndef YYDEBUG -# define YYDEBUG 0 -#endif -#if YYDEBUG -extern int yydebug; -#endif - -/* Token type. */ -#ifndef YYTOKENTYPE -# define YYTOKENTYPE - enum yytokentype - { - SPACE = 258, - LETTER = 259, - NEWLINE = 260, - COMMENT = 261, - COLON = 262, - ANY = 263, - ZONESTR = 264, - STRING_ARG = 265, - VAR_SERVER = 266, - VAR_VERBOSITY = 267, - VAR_NUM_THREADS = 268, - VAR_PORT = 269, - VAR_OUTGOING_RANGE = 270, - VAR_INTERFACE = 271, - VAR_DO_IP4 = 272, - VAR_DO_IP6 = 273, - VAR_PREFER_IP6 = 274, - VAR_DO_UDP = 275, - VAR_DO_TCP = 276, - VAR_TCP_MSS = 277, - VAR_OUTGOING_TCP_MSS = 278, - VAR_CHROOT = 279, - VAR_USERNAME = 280, - VAR_DIRECTORY = 281, - VAR_LOGFILE = 282, - VAR_PIDFILE = 283, - VAR_MSG_CACHE_SIZE = 284, - VAR_MSG_CACHE_SLABS = 285, - VAR_NUM_QUERIES_PER_THREAD = 286, - VAR_RRSET_CACHE_SIZE = 287, - VAR_RRSET_CACHE_SLABS = 288, - VAR_OUTGOING_NUM_TCP = 289, - VAR_INFRA_HOST_TTL = 290, - VAR_INFRA_LAME_TTL = 291, - VAR_INFRA_CACHE_SLABS = 292, - VAR_INFRA_CACHE_NUMHOSTS = 293, - VAR_INFRA_CACHE_LAME_SIZE = 294, - VAR_NAME = 295, - VAR_STUB_ZONE = 296, - VAR_STUB_HOST = 297, - VAR_STUB_ADDR = 298, - VAR_TARGET_FETCH_POLICY = 299, - VAR_HARDEN_SHORT_BUFSIZE = 300, - VAR_HARDEN_LARGE_QUERIES = 301, - VAR_FORWARD_ZONE = 302, - VAR_FORWARD_HOST = 303, - VAR_FORWARD_ADDR = 304, - VAR_DO_NOT_QUERY_ADDRESS = 305, - VAR_HIDE_IDENTITY = 306, - VAR_HIDE_VERSION = 307, - VAR_IDENTITY = 308, - VAR_VERSION = 309, - VAR_HARDEN_GLUE = 310, - VAR_MODULE_CONF = 311, - VAR_TRUST_ANCHOR_FILE = 312, - VAR_TRUST_ANCHOR = 313, - VAR_VAL_OVERRIDE_DATE = 314, - VAR_BOGUS_TTL = 315, - VAR_VAL_CLEAN_ADDITIONAL = 316, - VAR_VAL_PERMISSIVE_MODE = 317, - VAR_INCOMING_NUM_TCP = 318, - VAR_MSG_BUFFER_SIZE = 319, - VAR_KEY_CACHE_SIZE = 320, - VAR_KEY_CACHE_SLABS = 321, - VAR_TRUSTED_KEYS_FILE = 322, - VAR_VAL_NSEC3_KEYSIZE_ITERATIONS = 323, - VAR_USE_SYSLOG = 324, - VAR_OUTGOING_INTERFACE = 325, - VAR_ROOT_HINTS = 326, - VAR_DO_NOT_QUERY_LOCALHOST = 327, - VAR_CACHE_MAX_TTL = 328, - VAR_HARDEN_DNSSEC_STRIPPED = 329, - VAR_ACCESS_CONTROL = 330, - VAR_LOCAL_ZONE = 331, - VAR_LOCAL_DATA = 332, - VAR_INTERFACE_AUTOMATIC = 333, - VAR_STATISTICS_INTERVAL = 334, - VAR_DO_DAEMONIZE = 335, - VAR_USE_CAPS_FOR_ID = 336, - VAR_STATISTICS_CUMULATIVE = 337, - VAR_OUTGOING_PORT_PERMIT = 338, - VAR_OUTGOING_PORT_AVOID = 339, - VAR_DLV_ANCHOR_FILE = 340, - VAR_DLV_ANCHOR = 341, - VAR_NEG_CACHE_SIZE = 342, - VAR_HARDEN_REFERRAL_PATH = 343, - VAR_PRIVATE_ADDRESS = 344, - VAR_PRIVATE_DOMAIN = 345, - VAR_REMOTE_CONTROL = 346, - VAR_CONTROL_ENABLE = 347, - VAR_CONTROL_INTERFACE = 348, - VAR_CONTROL_PORT = 349, - VAR_SERVER_KEY_FILE = 350, - VAR_SERVER_CERT_FILE = 351, - VAR_CONTROL_KEY_FILE = 352, - VAR_CONTROL_CERT_FILE = 353, - VAR_CONTROL_USE_CERT = 354, - VAR_EXTENDED_STATISTICS = 355, - VAR_LOCAL_DATA_PTR = 356, - VAR_JOSTLE_TIMEOUT = 357, - VAR_STUB_PRIME = 358, - VAR_UNWANTED_REPLY_THRESHOLD = 359, - VAR_LOG_TIME_ASCII = 360, - VAR_DOMAIN_INSECURE = 361, - VAR_PYTHON = 362, - VAR_PYTHON_SCRIPT = 363, - VAR_VAL_SIG_SKEW_MIN = 364, - VAR_VAL_SIG_SKEW_MAX = 365, - VAR_CACHE_MIN_TTL = 366, - VAR_VAL_LOG_LEVEL = 367, - VAR_AUTO_TRUST_ANCHOR_FILE = 368, - VAR_KEEP_MISSING = 369, - VAR_ADD_HOLDDOWN = 370, - VAR_DEL_HOLDDOWN = 371, - VAR_SO_RCVBUF = 372, - VAR_EDNS_BUFFER_SIZE = 373, - VAR_PREFETCH = 374, - VAR_PREFETCH_KEY = 375, - VAR_SO_SNDBUF = 376, - VAR_SO_REUSEPORT = 377, - VAR_HARDEN_BELOW_NXDOMAIN = 378, - VAR_IGNORE_CD_FLAG = 379, - VAR_LOG_QUERIES = 380, - VAR_LOG_REPLIES = 381, - VAR_TCP_UPSTREAM = 382, - VAR_SSL_UPSTREAM = 383, - VAR_SSL_SERVICE_KEY = 384, - VAR_SSL_SERVICE_PEM = 385, - VAR_SSL_PORT = 386, - VAR_FORWARD_FIRST = 387, - VAR_STUB_SSL_UPSTREAM = 388, - VAR_FORWARD_SSL_UPSTREAM = 389, - VAR_STUB_FIRST = 390, - VAR_MINIMAL_RESPONSES = 391, - VAR_RRSET_ROUNDROBIN = 392, - VAR_MAX_UDP_SIZE = 393, - VAR_DELAY_CLOSE = 394, - VAR_UNBLOCK_LAN_ZONES = 395, - VAR_INSECURE_LAN_ZONES = 396, - VAR_INFRA_CACHE_MIN_RTT = 397, - VAR_DNS64_PREFIX = 398, - VAR_DNS64_SYNTHALL = 399, - VAR_DNSTAP = 400, - VAR_DNSTAP_ENABLE = 401, - VAR_DNSTAP_SOCKET_PATH = 402, - VAR_DNSTAP_SEND_IDENTITY = 403, - VAR_DNSTAP_SEND_VERSION = 404, - VAR_DNSTAP_IDENTITY = 405, - VAR_DNSTAP_VERSION = 406, - VAR_DNSTAP_LOG_RESOLVER_QUERY_MESSAGES = 407, - VAR_DNSTAP_LOG_RESOLVER_RESPONSE_MESSAGES = 408, - VAR_DNSTAP_LOG_CLIENT_QUERY_MESSAGES = 409, - VAR_DNSTAP_LOG_CLIENT_RESPONSE_MESSAGES = 410, - VAR_DNSTAP_LOG_FORWARDER_QUERY_MESSAGES = 411, - VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MESSAGES = 412, - VAR_RESPONSE_IP_TAG = 413, - VAR_RESPONSE_IP = 414, - VAR_RESPONSE_IP_DATA = 415, - VAR_HARDEN_ALGO_DOWNGRADE = 416, - VAR_IP_TRANSPARENT = 417, - VAR_DISABLE_DNSSEC_LAME_CHECK = 418, - VAR_IP_RATELIMIT = 419, - VAR_IP_RATELIMIT_SLABS = 420, - VAR_IP_RATELIMIT_SIZE = 421, - VAR_RATELIMIT = 422, - VAR_RATELIMIT_SLABS = 423, - VAR_RATELIMIT_SIZE = 424, - VAR_RATELIMIT_FOR_DOMAIN = 425, - VAR_RATELIMIT_BELOW_DOMAIN = 426, - VAR_IP_RATELIMIT_FACTOR = 427, - VAR_RATELIMIT_FACTOR = 428, - VAR_SEND_CLIENT_SUBNET = 429, - VAR_CLIENT_SUBNET_ALWAYS_FORWARD = 430, - VAR_CLIENT_SUBNET_OPCODE = 431, - VAR_MAX_CLIENT_SUBNET_IPV4 = 432, - VAR_MAX_CLIENT_SUBNET_IPV6 = 433, - VAR_CAPS_WHITELIST = 434, - VAR_CACHE_MAX_NEGATIVE_TTL = 435, - VAR_PERMIT_SMALL_HOLDDOWN = 436, - VAR_QNAME_MINIMISATION = 437, - VAR_QNAME_MINIMISATION_STRICT = 438, - VAR_IP_FREEBIND = 439, - VAR_DEFINE_TAG = 440, - VAR_LOCAL_ZONE_TAG = 441, - VAR_ACCESS_CONTROL_TAG = 442, - VAR_LOCAL_ZONE_OVERRIDE = 443, - VAR_ACCESS_CONTROL_TAG_ACTION = 444, - VAR_ACCESS_CONTROL_TAG_DATA = 445, - VAR_VIEW = 446, - VAR_ACCESS_CONTROL_VIEW = 447, - VAR_VIEW_FIRST = 448, - VAR_SERVE_EXPIRED = 449, - VAR_FAKE_DSA = 450, - VAR_FAKE_SHA1 = 451, - VAR_LOG_IDENTITY = 452, - VAR_HIDE_TRUSTANCHOR = 453, - VAR_USE_SYSTEMD = 454, - VAR_SHM_ENABLE = 455, - VAR_SHM_KEY = 456, - VAR_DNSCRYPT = 457, - VAR_DNSCRYPT_ENABLE = 458, - VAR_DNSCRYPT_PORT = 459, - VAR_DNSCRYPT_PROVIDER = 460, - VAR_DNSCRYPT_SECRET_KEY = 461, - VAR_DNSCRYPT_PROVIDER_CERT = 462 - }; -#endif -/* Tokens. */ -#define SPACE 258 -#define LETTER 259 -#define NEWLINE 260 -#define COMMENT 261 -#define COLON 262 -#define ANY 263 -#define ZONESTR 264 -#define STRING_ARG 265 -#define VAR_SERVER 266 -#define VAR_VERBOSITY 267 -#define VAR_NUM_THREADS 268 -#define VAR_PORT 269 -#define VAR_OUTGOING_RANGE 270 -#define VAR_INTERFACE 271 -#define VAR_DO_IP4 272 -#define VAR_DO_IP6 273 -#define VAR_PREFER_IP6 274 -#define VAR_DO_UDP 275 -#define VAR_DO_TCP 276 -#define VAR_TCP_MSS 277 -#define VAR_OUTGOING_TCP_MSS 278 -#define VAR_CHROOT 279 -#define VAR_USERNAME 280 -#define VAR_DIRECTORY 281 -#define VAR_LOGFILE 282 -#define VAR_PIDFILE 283 -#define VAR_MSG_CACHE_SIZE 284 -#define VAR_MSG_CACHE_SLABS 285 -#define VAR_NUM_QUERIES_PER_THREAD 286 -#define VAR_RRSET_CACHE_SIZE 287 -#define VAR_RRSET_CACHE_SLABS 288 -#define VAR_OUTGOING_NUM_TCP 289 -#define VAR_INFRA_HOST_TTL 290 -#define VAR_INFRA_LAME_TTL 291 -#define VAR_INFRA_CACHE_SLABS 292 -#define VAR_INFRA_CACHE_NUMHOSTS 293 -#define VAR_INFRA_CACHE_LAME_SIZE 294 -#define VAR_NAME 295 -#define VAR_STUB_ZONE 296 -#define VAR_STUB_HOST 297 -#define VAR_STUB_ADDR 298 -#define VAR_TARGET_FETCH_POLICY 299 -#define VAR_HARDEN_SHORT_BUFSIZE 300 -#define VAR_HARDEN_LARGE_QUERIES 301 -#define VAR_FORWARD_ZONE 302 -#define VAR_FORWARD_HOST 303 -#define VAR_FORWARD_ADDR 304 -#define VAR_DO_NOT_QUERY_ADDRESS 305 -#define VAR_HIDE_IDENTITY 306 -#define VAR_HIDE_VERSION 307 -#define VAR_IDENTITY 308 -#define VAR_VERSION 309 -#define VAR_HARDEN_GLUE 310 -#define VAR_MODULE_CONF 311 -#define VAR_TRUST_ANCHOR_FILE 312 -#define VAR_TRUST_ANCHOR 313 -#define VAR_VAL_OVERRIDE_DATE 314 -#define VAR_BOGUS_TTL 315 -#define VAR_VAL_CLEAN_ADDITIONAL 316 -#define VAR_VAL_PERMISSIVE_MODE 317 -#define VAR_INCOMING_NUM_TCP 318 -#define VAR_MSG_BUFFER_SIZE 319 -#define VAR_KEY_CACHE_SIZE 320 -#define VAR_KEY_CACHE_SLABS 321 -#define VAR_TRUSTED_KEYS_FILE 322 -#define VAR_VAL_NSEC3_KEYSIZE_ITERATIONS 323 -#define VAR_USE_SYSLOG 324 -#define VAR_OUTGOING_INTERFACE 325 -#define VAR_ROOT_HINTS 326 -#define VAR_DO_NOT_QUERY_LOCALHOST 327 -#define VAR_CACHE_MAX_TTL 328 -#define VAR_HARDEN_DNSSEC_STRIPPED 329 -#define VAR_ACCESS_CONTROL 330 -#define VAR_LOCAL_ZONE 331 -#define VAR_LOCAL_DATA 332 -#define VAR_INTERFACE_AUTOMATIC 333 -#define VAR_STATISTICS_INTERVAL 334 -#define VAR_DO_DAEMONIZE 335 -#define VAR_USE_CAPS_FOR_ID 336 -#define VAR_STATISTICS_CUMULATIVE 337 -#define VAR_OUTGOING_PORT_PERMIT 338 -#define VAR_OUTGOING_PORT_AVOID 339 -#define VAR_DLV_ANCHOR_FILE 340 -#define VAR_DLV_ANCHOR 341 -#define VAR_NEG_CACHE_SIZE 342 -#define VAR_HARDEN_REFERRAL_PATH 343 -#define VAR_PRIVATE_ADDRESS 344 -#define VAR_PRIVATE_DOMAIN 345 -#define VAR_REMOTE_CONTROL 346 -#define VAR_CONTROL_ENABLE 347 -#define VAR_CONTROL_INTERFACE 348 -#define VAR_CONTROL_PORT 349 -#define VAR_SERVER_KEY_FILE 350 -#define VAR_SERVER_CERT_FILE 351 -#define VAR_CONTROL_KEY_FILE 352 -#define VAR_CONTROL_CERT_FILE 353 -#define VAR_CONTROL_USE_CERT 354 -#define VAR_EXTENDED_STATISTICS 355 -#define VAR_LOCAL_DATA_PTR 356 -#define VAR_JOSTLE_TIMEOUT 357 -#define VAR_STUB_PRIME 358 -#define VAR_UNWANTED_REPLY_THRESHOLD 359 -#define VAR_LOG_TIME_ASCII 360 -#define VAR_DOMAIN_INSECURE 361 -#define VAR_PYTHON 362 -#define VAR_PYTHON_SCRIPT 363 -#define VAR_VAL_SIG_SKEW_MIN 364 -#define VAR_VAL_SIG_SKEW_MAX 365 -#define VAR_CACHE_MIN_TTL 366 -#define VAR_VAL_LOG_LEVEL 367 -#define VAR_AUTO_TRUST_ANCHOR_FILE 368 -#define VAR_KEEP_MISSING 369 -#define VAR_ADD_HOLDDOWN 370 -#define VAR_DEL_HOLDDOWN 371 -#define VAR_SO_RCVBUF 372 -#define VAR_EDNS_BUFFER_SIZE 373 -#define VAR_PREFETCH 374 -#define VAR_PREFETCH_KEY 375 -#define VAR_SO_SNDBUF 376 -#define VAR_SO_REUSEPORT 377 -#define VAR_HARDEN_BELOW_NXDOMAIN 378 -#define VAR_IGNORE_CD_FLAG 379 -#define VAR_LOG_QUERIES 380 -#define VAR_LOG_REPLIES 381 -#define VAR_TCP_UPSTREAM 382 -#define VAR_SSL_UPSTREAM 383 -#define VAR_SSL_SERVICE_KEY 384 -#define VAR_SSL_SERVICE_PEM 385 -#define VAR_SSL_PORT 386 -#define VAR_FORWARD_FIRST 387 -#define VAR_STUB_SSL_UPSTREAM 388 -#define VAR_FORWARD_SSL_UPSTREAM 389 -#define VAR_STUB_FIRST 390 -#define VAR_MINIMAL_RESPONSES 391 -#define VAR_RRSET_ROUNDROBIN 392 -#define VAR_MAX_UDP_SIZE 393 -#define VAR_DELAY_CLOSE 394 -#define VAR_UNBLOCK_LAN_ZONES 395 -#define VAR_INSECURE_LAN_ZONES 396 -#define VAR_INFRA_CACHE_MIN_RTT 397 -#define VAR_DNS64_PREFIX 398 -#define VAR_DNS64_SYNTHALL 399 -#define VAR_DNSTAP 400 -#define VAR_DNSTAP_ENABLE 401 -#define VAR_DNSTAP_SOCKET_PATH 402 -#define VAR_DNSTAP_SEND_IDENTITY 403 -#define VAR_DNSTAP_SEND_VERSION 404 -#define VAR_DNSTAP_IDENTITY 405 -#define VAR_DNSTAP_VERSION 406 -#define VAR_DNSTAP_LOG_RESOLVER_QUERY_MESSAGES 407 -#define VAR_DNSTAP_LOG_RESOLVER_RESPONSE_MESSAGES 408 -#define VAR_DNSTAP_LOG_CLIENT_QUERY_MESSAGES 409 -#define VAR_DNSTAP_LOG_CLIENT_RESPONSE_MESSAGES 410 -#define VAR_DNSTAP_LOG_FORWARDER_QUERY_MESSAGES 411 -#define VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MESSAGES 412 -#define VAR_RESPONSE_IP_TAG 413 -#define VAR_RESPONSE_IP 414 -#define VAR_RESPONSE_IP_DATA 415 -#define VAR_HARDEN_ALGO_DOWNGRADE 416 -#define VAR_IP_TRANSPARENT 417 -#define VAR_DISABLE_DNSSEC_LAME_CHECK 418 -#define VAR_IP_RATELIMIT 419 -#define VAR_IP_RATELIMIT_SLABS 420 -#define VAR_IP_RATELIMIT_SIZE 421 -#define VAR_RATELIMIT 422 -#define VAR_RATELIMIT_SLABS 423 -#define VAR_RATELIMIT_SIZE 424 -#define VAR_RATELIMIT_FOR_DOMAIN 425 -#define VAR_RATELIMIT_BELOW_DOMAIN 426 -#define VAR_IP_RATELIMIT_FACTOR 427 -#define VAR_RATELIMIT_FACTOR 428 -#define VAR_SEND_CLIENT_SUBNET 429 -#define VAR_CLIENT_SUBNET_ALWAYS_FORWARD 430 -#define VAR_CLIENT_SUBNET_OPCODE 431 -#define VAR_MAX_CLIENT_SUBNET_IPV4 432 -#define VAR_MAX_CLIENT_SUBNET_IPV6 433 -#define VAR_CAPS_WHITELIST 434 -#define VAR_CACHE_MAX_NEGATIVE_TTL 435 -#define VAR_PERMIT_SMALL_HOLDDOWN 436 -#define VAR_QNAME_MINIMISATION 437 -#define VAR_QNAME_MINIMISATION_STRICT 438 -#define VAR_IP_FREEBIND 439 -#define VAR_DEFINE_TAG 440 -#define VAR_LOCAL_ZONE_TAG 441 -#define VAR_ACCESS_CONTROL_TAG 442 -#define VAR_LOCAL_ZONE_OVERRIDE 443 -#define VAR_ACCESS_CONTROL_TAG_ACTION 444 -#define VAR_ACCESS_CONTROL_TAG_DATA 445 -#define VAR_VIEW 446 -#define VAR_ACCESS_CONTROL_VIEW 447 -#define VAR_VIEW_FIRST 448 -#define VAR_SERVE_EXPIRED 449 -#define VAR_FAKE_DSA 450 -#define VAR_FAKE_SHA1 451 -#define VAR_LOG_IDENTITY 452 -#define VAR_HIDE_TRUSTANCHOR 453 -#define VAR_USE_SYSTEMD 454 -#define VAR_SHM_ENABLE 455 -#define VAR_SHM_KEY 456 -#define VAR_DNSCRYPT 457 -#define VAR_DNSCRYPT_ENABLE 458 -#define VAR_DNSCRYPT_PORT 459 -#define VAR_DNSCRYPT_PROVIDER 460 -#define VAR_DNSCRYPT_SECRET_KEY 461 -#define VAR_DNSCRYPT_PROVIDER_CERT 462 - -/* Value type. */ -#if ! defined YYSTYPE && ! defined YYSTYPE_IS_DECLARED - -union YYSTYPE -{ -#line 66 "util/configparser.y" /* yacc.c:1909 */ - - char* str; - -#line 472 "util/configparser.h" /* yacc.c:1909 */ -}; - -typedef union YYSTYPE YYSTYPE; -# define YYSTYPE_IS_TRIVIAL 1 -# define YYSTYPE_IS_DECLARED 1 -#endif - - -extern YYSTYPE yylval; - -int yyparse (void); - -#endif /* !YY_YY_UTIL_CONFIGPARSER_H_INCLUDED */ diff --git a/external/unbound/util/configparser.y b/external/unbound/util/configparser.y deleted file mode 100644 index 4a04367f4..000000000 --- a/external/unbound/util/configparser.y +++ /dev/null @@ -1,2282 +0,0 @@ -/* - * configparser.y -- yacc grammar for unbound configuration files - * - * Copyright (c) 2001-2006, NLnet Labs. All rights reserved. - * - * Copyright (c) 2007, NLnet Labs. All rights reserved. - * - * This software is open source. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * Redistributions of source code must retain the above copyright notice, - * this list of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, - * this list of conditions and the following disclaimer in the documentation - * and/or other materials provided with the distribution. - * - * Neither the name of the NLNET LABS nor the names of its contributors may - * be used to endorse or promote products derived from this software without - * specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR - * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT - * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED - * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR - * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF - * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING - * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -%{ -#include "config.h" - -#include -#include -#include -#include -#include - -#include "util/configyyrename.h" -#include "util/config_file.h" -#include "util/net_help.h" - -int ub_c_lex(void); -void ub_c_error(const char *message); - -static void validate_respip_action(const char* action); - -/* these need to be global, otherwise they cannot be used inside yacc */ -extern struct config_parser_state* cfg_parser; - -#if 0 -#define OUTYY(s) printf s /* used ONLY when debugging */ -#else -#define OUTYY(s) -#endif - -%} -%union { - char* str; -}; - -%token SPACE LETTER NEWLINE COMMENT COLON ANY ZONESTR -%token STRING_ARG -%token VAR_SERVER VAR_VERBOSITY VAR_NUM_THREADS VAR_PORT -%token VAR_OUTGOING_RANGE VAR_INTERFACE -%token VAR_DO_IP4 VAR_DO_IP6 VAR_PREFER_IP6 VAR_DO_UDP VAR_DO_TCP -%token VAR_TCP_MSS VAR_OUTGOING_TCP_MSS -%token VAR_CHROOT VAR_USERNAME VAR_DIRECTORY VAR_LOGFILE VAR_PIDFILE -%token VAR_MSG_CACHE_SIZE VAR_MSG_CACHE_SLABS VAR_NUM_QUERIES_PER_THREAD -%token VAR_RRSET_CACHE_SIZE VAR_RRSET_CACHE_SLABS VAR_OUTGOING_NUM_TCP -%token VAR_INFRA_HOST_TTL VAR_INFRA_LAME_TTL VAR_INFRA_CACHE_SLABS -%token VAR_INFRA_CACHE_NUMHOSTS VAR_INFRA_CACHE_LAME_SIZE VAR_NAME -%token VAR_STUB_ZONE VAR_STUB_HOST VAR_STUB_ADDR VAR_TARGET_FETCH_POLICY -%token VAR_HARDEN_SHORT_BUFSIZE VAR_HARDEN_LARGE_QUERIES -%token VAR_FORWARD_ZONE VAR_FORWARD_HOST VAR_FORWARD_ADDR -%token VAR_DO_NOT_QUERY_ADDRESS VAR_HIDE_IDENTITY VAR_HIDE_VERSION -%token VAR_IDENTITY VAR_VERSION VAR_HARDEN_GLUE VAR_MODULE_CONF -%token VAR_TRUST_ANCHOR_FILE VAR_TRUST_ANCHOR VAR_VAL_OVERRIDE_DATE -%token VAR_BOGUS_TTL VAR_VAL_CLEAN_ADDITIONAL VAR_VAL_PERMISSIVE_MODE -%token VAR_INCOMING_NUM_TCP VAR_MSG_BUFFER_SIZE VAR_KEY_CACHE_SIZE -%token VAR_KEY_CACHE_SLABS VAR_TRUSTED_KEYS_FILE -%token VAR_VAL_NSEC3_KEYSIZE_ITERATIONS VAR_USE_SYSLOG -%token VAR_OUTGOING_INTERFACE VAR_ROOT_HINTS VAR_DO_NOT_QUERY_LOCALHOST -%token VAR_CACHE_MAX_TTL VAR_HARDEN_DNSSEC_STRIPPED VAR_ACCESS_CONTROL -%token VAR_LOCAL_ZONE VAR_LOCAL_DATA VAR_INTERFACE_AUTOMATIC -%token VAR_STATISTICS_INTERVAL VAR_DO_DAEMONIZE VAR_USE_CAPS_FOR_ID -%token VAR_STATISTICS_CUMULATIVE VAR_OUTGOING_PORT_PERMIT -%token VAR_OUTGOING_PORT_AVOID VAR_DLV_ANCHOR_FILE VAR_DLV_ANCHOR -%token VAR_NEG_CACHE_SIZE VAR_HARDEN_REFERRAL_PATH VAR_PRIVATE_ADDRESS -%token VAR_PRIVATE_DOMAIN VAR_REMOTE_CONTROL VAR_CONTROL_ENABLE -%token VAR_CONTROL_INTERFACE VAR_CONTROL_PORT VAR_SERVER_KEY_FILE -%token VAR_SERVER_CERT_FILE VAR_CONTROL_KEY_FILE VAR_CONTROL_CERT_FILE -%token VAR_CONTROL_USE_CERT -%token VAR_EXTENDED_STATISTICS VAR_LOCAL_DATA_PTR VAR_JOSTLE_TIMEOUT -%token VAR_STUB_PRIME VAR_UNWANTED_REPLY_THRESHOLD VAR_LOG_TIME_ASCII -%token VAR_DOMAIN_INSECURE VAR_PYTHON VAR_PYTHON_SCRIPT VAR_VAL_SIG_SKEW_MIN -%token VAR_VAL_SIG_SKEW_MAX VAR_CACHE_MIN_TTL VAR_VAL_LOG_LEVEL -%token VAR_AUTO_TRUST_ANCHOR_FILE VAR_KEEP_MISSING VAR_ADD_HOLDDOWN -%token VAR_DEL_HOLDDOWN VAR_SO_RCVBUF VAR_EDNS_BUFFER_SIZE VAR_PREFETCH -%token VAR_PREFETCH_KEY VAR_SO_SNDBUF VAR_SO_REUSEPORT VAR_HARDEN_BELOW_NXDOMAIN -%token VAR_IGNORE_CD_FLAG VAR_LOG_QUERIES VAR_LOG_REPLIES -%token VAR_TCP_UPSTREAM VAR_SSL_UPSTREAM -%token VAR_SSL_SERVICE_KEY VAR_SSL_SERVICE_PEM VAR_SSL_PORT VAR_FORWARD_FIRST -%token VAR_STUB_SSL_UPSTREAM VAR_FORWARD_SSL_UPSTREAM -%token VAR_STUB_FIRST VAR_MINIMAL_RESPONSES VAR_RRSET_ROUNDROBIN -%token VAR_MAX_UDP_SIZE VAR_DELAY_CLOSE -%token VAR_UNBLOCK_LAN_ZONES VAR_INSECURE_LAN_ZONES -%token VAR_INFRA_CACHE_MIN_RTT -%token VAR_DNS64_PREFIX VAR_DNS64_SYNTHALL -%token VAR_DNSTAP VAR_DNSTAP_ENABLE VAR_DNSTAP_SOCKET_PATH -%token VAR_DNSTAP_SEND_IDENTITY VAR_DNSTAP_SEND_VERSION -%token VAR_DNSTAP_IDENTITY VAR_DNSTAP_VERSION -%token VAR_DNSTAP_LOG_RESOLVER_QUERY_MESSAGES -%token VAR_DNSTAP_LOG_RESOLVER_RESPONSE_MESSAGES -%token VAR_DNSTAP_LOG_CLIENT_QUERY_MESSAGES -%token VAR_DNSTAP_LOG_CLIENT_RESPONSE_MESSAGES -%token VAR_DNSTAP_LOG_FORWARDER_QUERY_MESSAGES -%token VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MESSAGES -%token VAR_RESPONSE_IP_TAG VAR_RESPONSE_IP VAR_RESPONSE_IP_DATA -%token VAR_HARDEN_ALGO_DOWNGRADE VAR_IP_TRANSPARENT -%token VAR_DISABLE_DNSSEC_LAME_CHECK -%token VAR_IP_RATELIMIT VAR_IP_RATELIMIT_SLABS VAR_IP_RATELIMIT_SIZE -%token VAR_RATELIMIT VAR_RATELIMIT_SLABS VAR_RATELIMIT_SIZE -%token VAR_RATELIMIT_FOR_DOMAIN VAR_RATELIMIT_BELOW_DOMAIN -%token VAR_IP_RATELIMIT_FACTOR VAR_RATELIMIT_FACTOR -%token VAR_SEND_CLIENT_SUBNET VAR_CLIENT_SUBNET_ALWAYS_FORWARD -%token VAR_CLIENT_SUBNET_OPCODE -%token VAR_MAX_CLIENT_SUBNET_IPV4 VAR_MAX_CLIENT_SUBNET_IPV6 -%token VAR_CAPS_WHITELIST VAR_CACHE_MAX_NEGATIVE_TTL VAR_PERMIT_SMALL_HOLDDOWN -%token VAR_QNAME_MINIMISATION VAR_QNAME_MINIMISATION_STRICT VAR_IP_FREEBIND -%token VAR_DEFINE_TAG VAR_LOCAL_ZONE_TAG VAR_ACCESS_CONTROL_TAG -%token VAR_LOCAL_ZONE_OVERRIDE VAR_ACCESS_CONTROL_TAG_ACTION -%token VAR_ACCESS_CONTROL_TAG_DATA VAR_VIEW VAR_ACCESS_CONTROL_VIEW -%token VAR_VIEW_FIRST VAR_SERVE_EXPIRED VAR_FAKE_DSA VAR_FAKE_SHA1 -%token VAR_LOG_IDENTITY VAR_HIDE_TRUSTANCHOR -%token VAR_USE_SYSTEMD VAR_SHM_ENABLE VAR_SHM_KEY -%token VAR_DNSCRYPT VAR_DNSCRYPT_ENABLE VAR_DNSCRYPT_PORT VAR_DNSCRYPT_PROVIDER -%token VAR_DNSCRYPT_SECRET_KEY VAR_DNSCRYPT_PROVIDER_CERT - -%% -toplevelvars: /* empty */ | toplevelvars toplevelvar ; -toplevelvar: serverstart contents_server | stubstart contents_stub | - forwardstart contents_forward | pythonstart contents_py | - rcstart contents_rc | dtstart contents_dt | viewstart - contents_view | - dnscstart contents_dnsc - ; - -/* server: declaration */ -serverstart: VAR_SERVER - { - OUTYY(("\nP(server:)\n")); - } - ; -contents_server: contents_server content_server - | ; -content_server: server_num_threads | server_verbosity | server_port | - server_outgoing_range | server_do_ip4 | - server_do_ip6 | server_prefer_ip6 | - server_do_udp | server_do_tcp | - server_tcp_mss | server_outgoing_tcp_mss | - server_interface | server_chroot | server_username | - server_directory | server_logfile | server_pidfile | - server_msg_cache_size | server_msg_cache_slabs | - server_num_queries_per_thread | server_rrset_cache_size | - server_rrset_cache_slabs | server_outgoing_num_tcp | - server_infra_host_ttl | server_infra_lame_ttl | - server_infra_cache_slabs | server_infra_cache_numhosts | - server_infra_cache_lame_size | server_target_fetch_policy | - server_harden_short_bufsize | server_harden_large_queries | - server_do_not_query_address | server_hide_identity | - server_hide_version | server_identity | server_version | - server_harden_glue | server_module_conf | server_trust_anchor_file | - server_trust_anchor | server_val_override_date | server_bogus_ttl | - server_val_clean_additional | server_val_permissive_mode | - server_incoming_num_tcp | server_msg_buffer_size | - server_key_cache_size | server_key_cache_slabs | - server_trusted_keys_file | server_val_nsec3_keysize_iterations | - server_use_syslog | server_outgoing_interface | server_root_hints | - server_do_not_query_localhost | server_cache_max_ttl | - server_harden_dnssec_stripped | server_access_control | - server_local_zone | server_local_data | server_interface_automatic | - server_statistics_interval | server_do_daemonize | - server_use_caps_for_id | server_statistics_cumulative | - server_outgoing_port_permit | server_outgoing_port_avoid | - server_dlv_anchor_file | server_dlv_anchor | server_neg_cache_size | - server_harden_referral_path | server_private_address | - server_private_domain | server_extended_statistics | - server_local_data_ptr | server_jostle_timeout | - server_unwanted_reply_threshold | server_log_time_ascii | - server_domain_insecure | server_val_sig_skew_min | - server_val_sig_skew_max | server_cache_min_ttl | server_val_log_level | - server_auto_trust_anchor_file | server_add_holddown | - server_del_holddown | server_keep_missing | server_so_rcvbuf | - server_edns_buffer_size | server_prefetch | server_prefetch_key | - server_so_sndbuf | server_harden_below_nxdomain | server_ignore_cd_flag | - server_log_queries | server_log_replies | server_tcp_upstream | server_ssl_upstream | - server_ssl_service_key | server_ssl_service_pem | server_ssl_port | - server_minimal_responses | server_rrset_roundrobin | server_max_udp_size | - server_so_reuseport | server_delay_close | - server_unblock_lan_zones | server_insecure_lan_zones | - server_dns64_prefix | server_dns64_synthall | - server_infra_cache_min_rtt | server_harden_algo_downgrade | - server_ip_transparent | server_ip_ratelimit | server_ratelimit | - server_ip_ratelimit_slabs | server_ratelimit_slabs | - server_ip_ratelimit_size | server_ratelimit_size | - server_ratelimit_for_domain | - server_ratelimit_below_domain | server_ratelimit_factor | - server_ip_ratelimit_factor | server_send_client_subnet | - server_client_subnet_always_forward | - server_client_subnet_opcode | - server_max_client_subnet_ipv4 | server_max_client_subnet_ipv6 | - server_caps_whitelist | server_cache_max_negative_ttl | - server_permit_small_holddown | server_qname_minimisation | - server_ip_freebind | server_define_tag | server_local_zone_tag | - server_disable_dnssec_lame_check | server_access_control_tag | - server_local_zone_override | server_access_control_tag_action | - server_access_control_tag_data | server_access_control_view | - server_qname_minimisation_strict | server_serve_expired | - server_fake_dsa | server_log_identity | server_use_systemd | - server_response_ip_tag | server_response_ip | server_response_ip_data | - server_shm_enable | server_shm_key | server_fake_sha1 | - server_hide_trustanchor - ; -stubstart: VAR_STUB_ZONE - { - struct config_stub* s; - OUTYY(("\nP(stub_zone:)\n")); - s = (struct config_stub*)calloc(1, sizeof(struct config_stub)); - if(s) { - s->next = cfg_parser->cfg->stubs; - cfg_parser->cfg->stubs = s; - } else - yyerror("out of memory"); - } - ; -contents_stub: contents_stub content_stub - | ; -content_stub: stub_name | stub_host | stub_addr | stub_prime | stub_first | - stub_ssl_upstream - ; -forwardstart: VAR_FORWARD_ZONE - { - struct config_stub* s; - OUTYY(("\nP(forward_zone:)\n")); - s = (struct config_stub*)calloc(1, sizeof(struct config_stub)); - if(s) { - s->next = cfg_parser->cfg->forwards; - cfg_parser->cfg->forwards = s; - } else - yyerror("out of memory"); - } - ; -contents_forward: contents_forward content_forward - | ; -content_forward: forward_name | forward_host | forward_addr | forward_first | - forward_ssl_upstream - ; -viewstart: VAR_VIEW - { - struct config_view* s; - OUTYY(("\nP(view:)\n")); - s = (struct config_view*)calloc(1, sizeof(struct config_view)); - if(s) { - s->next = cfg_parser->cfg->views; - if(s->next && !s->next->name) - yyerror("view without name"); - cfg_parser->cfg->views = s; - } else - yyerror("out of memory"); - } - ; -contents_view: contents_view content_view - | ; -content_view: view_name | view_local_zone | view_local_data | view_first | - view_response_ip | view_response_ip_data | view_local_data_ptr - ; -server_num_threads: VAR_NUM_THREADS STRING_ARG - { - OUTYY(("P(server_num_threads:%s)\n", $2)); - if(atoi($2) == 0 && strcmp($2, "0") != 0) - yyerror("number expected"); - else cfg_parser->cfg->num_threads = atoi($2); - free($2); - } - ; -server_verbosity: VAR_VERBOSITY STRING_ARG - { - OUTYY(("P(server_verbosity:%s)\n", $2)); - if(atoi($2) == 0 && strcmp($2, "0") != 0) - yyerror("number expected"); - else cfg_parser->cfg->verbosity = atoi($2); - free($2); - } - ; -server_statistics_interval: VAR_STATISTICS_INTERVAL STRING_ARG - { - OUTYY(("P(server_statistics_interval:%s)\n", $2)); - if(strcmp($2, "") == 0 || strcmp($2, "0") == 0) - cfg_parser->cfg->stat_interval = 0; - else if(atoi($2) == 0) - yyerror("number expected"); - else cfg_parser->cfg->stat_interval = atoi($2); - free($2); - } - ; -server_statistics_cumulative: VAR_STATISTICS_CUMULATIVE STRING_ARG - { - OUTYY(("P(server_statistics_cumulative:%s)\n", $2)); - if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0) - yyerror("expected yes or no."); - else cfg_parser->cfg->stat_cumulative = (strcmp($2, "yes")==0); - free($2); - } - ; -server_extended_statistics: VAR_EXTENDED_STATISTICS STRING_ARG - { - OUTYY(("P(server_extended_statistics:%s)\n", $2)); - if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0) - yyerror("expected yes or no."); - else cfg_parser->cfg->stat_extended = (strcmp($2, "yes")==0); - free($2); - } - ; -server_shm_enable: VAR_SHM_ENABLE STRING_ARG - { - OUTYY(("P(server_shm_enable:%s)\n", $2)); - if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0) - yyerror("expected yes or no."); - else cfg_parser->cfg->shm_enable = (strcmp($2, "yes")==0); - free($2); - } - ; -server_shm_key: VAR_SHM_KEY STRING_ARG - { - OUTYY(("P(server_shm_key:%s)\n", $2)); - if(strcmp($2, "") == 0 || strcmp($2, "0") == 0) - cfg_parser->cfg->shm_key = 0; - else if(atoi($2) == 0) - yyerror("number expected"); - else cfg_parser->cfg->shm_key = atoi($2); - free($2); - } - ; -server_port: VAR_PORT STRING_ARG - { - OUTYY(("P(server_port:%s)\n", $2)); - if(atoi($2) == 0) - yyerror("port number expected"); - else cfg_parser->cfg->port = atoi($2); - free($2); - } - ; -server_send_client_subnet: VAR_SEND_CLIENT_SUBNET STRING_ARG - { - #ifdef CLIENT_SUBNET - OUTYY(("P(server_send_client_subnet:%s)\n", $2)); - if(!cfg_strlist_insert(&cfg_parser->cfg->client_subnet, $2)) - fatal_exit("out of memory adding client-subnet"); - #else - OUTYY(("P(Compiled without edns subnet option, ignoring)\n")); - #endif - } - ; -server_client_subnet_always_forward: - VAR_CLIENT_SUBNET_ALWAYS_FORWARD STRING_ARG - { - #ifdef CLIENT_SUBNET - OUTYY(("P(server_client_subnet_always_forward:%s)\n", $2)); - if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0) - yyerror("expected yes or no."); - else - cfg_parser->cfg->client_subnet_always_forward = - (strcmp($2, "yes")==0); - #else - OUTYY(("P(Compiled without edns subnet option, ignoring)\n")); - #endif - free($2); - } - ; -server_client_subnet_opcode: VAR_CLIENT_SUBNET_OPCODE STRING_ARG - { - #ifdef CLIENT_SUBNET - OUTYY(("P(client_subnet_opcode:%s)\n", $2)); - OUTYY(("P(Depricated option, ignoring)\n")); - #else - OUTYY(("P(Compiled without edns subnet option, ignoring)\n")); - #endif - free($2); - } - ; -server_max_client_subnet_ipv4: VAR_MAX_CLIENT_SUBNET_IPV4 STRING_ARG - { - #ifdef CLIENT_SUBNET - OUTYY(("P(max_client_subnet_ipv4:%s)\n", $2)); - if(atoi($2) == 0 && strcmp($2, "0") != 0) - yyerror("IPv4 subnet length expected"); - else if (atoi($2) > 32) - cfg_parser->cfg->max_client_subnet_ipv4 = 32; - else if (atoi($2) < 0) - cfg_parser->cfg->max_client_subnet_ipv4 = 0; - else cfg_parser->cfg->max_client_subnet_ipv4 = (uint8_t)atoi($2); - #else - OUTYY(("P(Compiled without edns subnet option, ignoring)\n")); - #endif - free($2); - } - ; -server_max_client_subnet_ipv6: VAR_MAX_CLIENT_SUBNET_IPV6 STRING_ARG - { - #ifdef CLIENT_SUBNET - OUTYY(("P(max_client_subnet_ipv6:%s)\n", $2)); - if(atoi($2) == 0 && strcmp($2, "0") != 0) - yyerror("Ipv6 subnet length expected"); - else if (atoi($2) > 128) - cfg_parser->cfg->max_client_subnet_ipv6 = 128; - else if (atoi($2) < 0) - cfg_parser->cfg->max_client_subnet_ipv6 = 0; - else cfg_parser->cfg->max_client_subnet_ipv6 = (uint8_t)atoi($2); - #else - OUTYY(("P(Compiled without edns subnet option, ignoring)\n")); - #endif - free($2); - } - ; -server_interface: VAR_INTERFACE STRING_ARG - { - OUTYY(("P(server_interface:%s)\n", $2)); - if(cfg_parser->cfg->num_ifs == 0) - cfg_parser->cfg->ifs = calloc(1, sizeof(char*)); - else cfg_parser->cfg->ifs = realloc(cfg_parser->cfg->ifs, - (cfg_parser->cfg->num_ifs+1)*sizeof(char*)); - if(!cfg_parser->cfg->ifs) - yyerror("out of memory"); - else - cfg_parser->cfg->ifs[cfg_parser->cfg->num_ifs++] = $2; - } - ; -server_outgoing_interface: VAR_OUTGOING_INTERFACE STRING_ARG - { - OUTYY(("P(server_outgoing_interface:%s)\n", $2)); - if(cfg_parser->cfg->num_out_ifs == 0) - cfg_parser->cfg->out_ifs = calloc(1, sizeof(char*)); - else cfg_parser->cfg->out_ifs = realloc( - cfg_parser->cfg->out_ifs, - (cfg_parser->cfg->num_out_ifs+1)*sizeof(char*)); - if(!cfg_parser->cfg->out_ifs) - yyerror("out of memory"); - else - cfg_parser->cfg->out_ifs[ - cfg_parser->cfg->num_out_ifs++] = $2; - } - ; -server_outgoing_range: VAR_OUTGOING_RANGE STRING_ARG - { - OUTYY(("P(server_outgoing_range:%s)\n", $2)); - if(atoi($2) == 0) - yyerror("number expected"); - else cfg_parser->cfg->outgoing_num_ports = atoi($2); - free($2); - } - ; -server_outgoing_port_permit: VAR_OUTGOING_PORT_PERMIT STRING_ARG - { - OUTYY(("P(server_outgoing_port_permit:%s)\n", $2)); - if(!cfg_mark_ports($2, 1, - cfg_parser->cfg->outgoing_avail_ports, 65536)) - yyerror("port number or range (\"low-high\") expected"); - free($2); - } - ; -server_outgoing_port_avoid: VAR_OUTGOING_PORT_AVOID STRING_ARG - { - OUTYY(("P(server_outgoing_port_avoid:%s)\n", $2)); - if(!cfg_mark_ports($2, 0, - cfg_parser->cfg->outgoing_avail_ports, 65536)) - yyerror("port number or range (\"low-high\") expected"); - free($2); - } - ; -server_outgoing_num_tcp: VAR_OUTGOING_NUM_TCP STRING_ARG - { - OUTYY(("P(server_outgoing_num_tcp:%s)\n", $2)); - if(atoi($2) == 0 && strcmp($2, "0") != 0) - yyerror("number expected"); - else cfg_parser->cfg->outgoing_num_tcp = atoi($2); - free($2); - } - ; -server_incoming_num_tcp: VAR_INCOMING_NUM_TCP STRING_ARG - { - OUTYY(("P(server_incoming_num_tcp:%s)\n", $2)); - if(atoi($2) == 0 && strcmp($2, "0") != 0) - yyerror("number expected"); - else cfg_parser->cfg->incoming_num_tcp = atoi($2); - free($2); - } - ; -server_interface_automatic: VAR_INTERFACE_AUTOMATIC STRING_ARG - { - OUTYY(("P(server_interface_automatic:%s)\n", $2)); - if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0) - yyerror("expected yes or no."); - else cfg_parser->cfg->if_automatic = (strcmp($2, "yes")==0); - free($2); - } - ; -server_do_ip4: VAR_DO_IP4 STRING_ARG - { - OUTYY(("P(server_do_ip4:%s)\n", $2)); - if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0) - yyerror("expected yes or no."); - else cfg_parser->cfg->do_ip4 = (strcmp($2, "yes")==0); - free($2); - } - ; -server_do_ip6: VAR_DO_IP6 STRING_ARG - { - OUTYY(("P(server_do_ip6:%s)\n", $2)); - if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0) - yyerror("expected yes or no."); - else cfg_parser->cfg->do_ip6 = (strcmp($2, "yes")==0); - free($2); - } - ; -server_do_udp: VAR_DO_UDP STRING_ARG - { - OUTYY(("P(server_do_udp:%s)\n", $2)); - if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0) - yyerror("expected yes or no."); - else cfg_parser->cfg->do_udp = (strcmp($2, "yes")==0); - free($2); - } - ; -server_do_tcp: VAR_DO_TCP STRING_ARG - { - OUTYY(("P(server_do_tcp:%s)\n", $2)); - if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0) - yyerror("expected yes or no."); - else cfg_parser->cfg->do_tcp = (strcmp($2, "yes")==0); - free($2); - } - ; -server_prefer_ip6: VAR_PREFER_IP6 STRING_ARG - { - OUTYY(("P(server_prefer_ip6:%s)\n", $2)); - if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0) - yyerror("expected yes or no."); - else cfg_parser->cfg->prefer_ip6 = (strcmp($2, "yes")==0); - free($2); - } - ; -server_tcp_mss: VAR_TCP_MSS STRING_ARG - { - OUTYY(("P(server_tcp_mss:%s)\n", $2)); - if(atoi($2) == 0 && strcmp($2, "0") != 0) - yyerror("number expected"); - else cfg_parser->cfg->tcp_mss = atoi($2); - free($2); - } - ; -server_outgoing_tcp_mss: VAR_OUTGOING_TCP_MSS STRING_ARG - { - OUTYY(("P(server_outgoing_tcp_mss:%s)\n", $2)); - if(atoi($2) == 0 && strcmp($2, "0") != 0) - yyerror("number expected"); - else cfg_parser->cfg->outgoing_tcp_mss = atoi($2); - free($2); - } - ; -server_tcp_upstream: VAR_TCP_UPSTREAM STRING_ARG - { - OUTYY(("P(server_tcp_upstream:%s)\n", $2)); - if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0) - yyerror("expected yes or no."); - else cfg_parser->cfg->tcp_upstream = (strcmp($2, "yes")==0); - free($2); - } - ; -server_ssl_upstream: VAR_SSL_UPSTREAM STRING_ARG - { - OUTYY(("P(server_ssl_upstream:%s)\n", $2)); - if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0) - yyerror("expected yes or no."); - else cfg_parser->cfg->ssl_upstream = (strcmp($2, "yes")==0); - free($2); - } - ; -server_ssl_service_key: VAR_SSL_SERVICE_KEY STRING_ARG - { - OUTYY(("P(server_ssl_service_key:%s)\n", $2)); - free(cfg_parser->cfg->ssl_service_key); - cfg_parser->cfg->ssl_service_key = $2; - } - ; -server_ssl_service_pem: VAR_SSL_SERVICE_PEM STRING_ARG - { - OUTYY(("P(server_ssl_service_pem:%s)\n", $2)); - free(cfg_parser->cfg->ssl_service_pem); - cfg_parser->cfg->ssl_service_pem = $2; - } - ; -server_ssl_port: VAR_SSL_PORT STRING_ARG - { - OUTYY(("P(server_ssl_port:%s)\n", $2)); - if(atoi($2) == 0) - yyerror("port number expected"); - else cfg_parser->cfg->ssl_port = atoi($2); - free($2); - } - ; -server_use_systemd: VAR_USE_SYSTEMD STRING_ARG - { - OUTYY(("P(server_use_systemd:%s)\n", $2)); - if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0) - yyerror("expected yes or no."); - else cfg_parser->cfg->use_systemd = (strcmp($2, "yes")==0); - free($2); - } - ; -server_do_daemonize: VAR_DO_DAEMONIZE STRING_ARG - { - OUTYY(("P(server_do_daemonize:%s)\n", $2)); - if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0) - yyerror("expected yes or no."); - else cfg_parser->cfg->do_daemonize = (strcmp($2, "yes")==0); - free($2); - } - ; -server_use_syslog: VAR_USE_SYSLOG STRING_ARG - { - OUTYY(("P(server_use_syslog:%s)\n", $2)); - if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0) - yyerror("expected yes or no."); - else cfg_parser->cfg->use_syslog = (strcmp($2, "yes")==0); -#if !defined(HAVE_SYSLOG_H) && !defined(UB_ON_WINDOWS) - if(strcmp($2, "yes") == 0) - yyerror("no syslog services are available. " - "(reconfigure and compile to add)"); -#endif - free($2); - } - ; -server_log_time_ascii: VAR_LOG_TIME_ASCII STRING_ARG - { - OUTYY(("P(server_log_time_ascii:%s)\n", $2)); - if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0) - yyerror("expected yes or no."); - else cfg_parser->cfg->log_time_ascii = (strcmp($2, "yes")==0); - free($2); - } - ; -server_log_queries: VAR_LOG_QUERIES STRING_ARG - { - OUTYY(("P(server_log_queries:%s)\n", $2)); - if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0) - yyerror("expected yes or no."); - else cfg_parser->cfg->log_queries = (strcmp($2, "yes")==0); - free($2); - } - ; -server_log_replies: VAR_LOG_REPLIES STRING_ARG - { - OUTYY(("P(server_log_replies:%s)\n", $2)); - if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0) - yyerror("expected yes or no."); - else cfg_parser->cfg->log_replies = (strcmp($2, "yes")==0); - free($2); - } - ; -server_chroot: VAR_CHROOT STRING_ARG - { - OUTYY(("P(server_chroot:%s)\n", $2)); - free(cfg_parser->cfg->chrootdir); - cfg_parser->cfg->chrootdir = $2; - } - ; -server_username: VAR_USERNAME STRING_ARG - { - OUTYY(("P(server_username:%s)\n", $2)); - free(cfg_parser->cfg->username); - cfg_parser->cfg->username = $2; - } - ; -server_directory: VAR_DIRECTORY STRING_ARG - { - OUTYY(("P(server_directory:%s)\n", $2)); - free(cfg_parser->cfg->directory); - cfg_parser->cfg->directory = $2; - /* change there right away for includes relative to this */ - if($2[0]) { - char* d; -#ifdef UB_ON_WINDOWS - w_config_adjust_directory(cfg_parser->cfg); -#endif - d = cfg_parser->cfg->directory; - /* adjust directory if we have already chroot, - * like, we reread after sighup */ - if(cfg_parser->chroot && cfg_parser->chroot[0] && - strncmp(d, cfg_parser->chroot, strlen( - cfg_parser->chroot)) == 0) - d += strlen(cfg_parser->chroot); - if(d[0]) { - if(chdir(d)) - log_err("cannot chdir to directory: %s (%s)", - d, strerror(errno)); - } - } - } - ; -server_logfile: VAR_LOGFILE STRING_ARG - { - OUTYY(("P(server_logfile:%s)\n", $2)); - free(cfg_parser->cfg->logfile); - cfg_parser->cfg->logfile = $2; - cfg_parser->cfg->use_syslog = 0; - } - ; -server_pidfile: VAR_PIDFILE STRING_ARG - { - OUTYY(("P(server_pidfile:%s)\n", $2)); - free(cfg_parser->cfg->pidfile); - cfg_parser->cfg->pidfile = $2; - } - ; -server_root_hints: VAR_ROOT_HINTS STRING_ARG - { - OUTYY(("P(server_root_hints:%s)\n", $2)); - if(!cfg_strlist_insert(&cfg_parser->cfg->root_hints, $2)) - yyerror("out of memory"); - } - ; -server_dlv_anchor_file: VAR_DLV_ANCHOR_FILE STRING_ARG - { - OUTYY(("P(server_dlv_anchor_file:%s)\n", $2)); - free(cfg_parser->cfg->dlv_anchor_file); - cfg_parser->cfg->dlv_anchor_file = $2; - } - ; -server_dlv_anchor: VAR_DLV_ANCHOR STRING_ARG - { - OUTYY(("P(server_dlv_anchor:%s)\n", $2)); - if(!cfg_strlist_insert(&cfg_parser->cfg->dlv_anchor_list, $2)) - yyerror("out of memory"); - } - ; -server_auto_trust_anchor_file: VAR_AUTO_TRUST_ANCHOR_FILE STRING_ARG - { - OUTYY(("P(server_auto_trust_anchor_file:%s)\n", $2)); - if(!cfg_strlist_insert(&cfg_parser->cfg-> - auto_trust_anchor_file_list, $2)) - yyerror("out of memory"); - } - ; -server_trust_anchor_file: VAR_TRUST_ANCHOR_FILE STRING_ARG - { - OUTYY(("P(server_trust_anchor_file:%s)\n", $2)); - if(!cfg_strlist_insert(&cfg_parser->cfg-> - trust_anchor_file_list, $2)) - yyerror("out of memory"); - } - ; -server_trusted_keys_file: VAR_TRUSTED_KEYS_FILE STRING_ARG - { - OUTYY(("P(server_trusted_keys_file:%s)\n", $2)); - if(!cfg_strlist_insert(&cfg_parser->cfg-> - trusted_keys_file_list, $2)) - yyerror("out of memory"); - } - ; -server_trust_anchor: VAR_TRUST_ANCHOR STRING_ARG - { - OUTYY(("P(server_trust_anchor:%s)\n", $2)); - if(!cfg_strlist_insert(&cfg_parser->cfg->trust_anchor_list, $2)) - yyerror("out of memory"); - } - ; -server_domain_insecure: VAR_DOMAIN_INSECURE STRING_ARG - { - OUTYY(("P(server_domain_insecure:%s)\n", $2)); - if(!cfg_strlist_insert(&cfg_parser->cfg->domain_insecure, $2)) - yyerror("out of memory"); - } - ; -server_hide_identity: VAR_HIDE_IDENTITY STRING_ARG - { - OUTYY(("P(server_hide_identity:%s)\n", $2)); - if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0) - yyerror("expected yes or no."); - else cfg_parser->cfg->hide_identity = (strcmp($2, "yes")==0); - free($2); - } - ; -server_hide_version: VAR_HIDE_VERSION STRING_ARG - { - OUTYY(("P(server_hide_version:%s)\n", $2)); - if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0) - yyerror("expected yes or no."); - else cfg_parser->cfg->hide_version = (strcmp($2, "yes")==0); - free($2); - } - ; -server_hide_trustanchor: VAR_HIDE_TRUSTANCHOR STRING_ARG - { - OUTYY(("P(server_hide_trustanchor:%s)\n", $2)); - if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0) - yyerror("expected yes or no."); - else cfg_parser->cfg->hide_trustanchor = (strcmp($2, "yes")==0); - free($2); - } - ; -server_identity: VAR_IDENTITY STRING_ARG - { - OUTYY(("P(server_identity:%s)\n", $2)); - free(cfg_parser->cfg->identity); - cfg_parser->cfg->identity = $2; - } - ; -server_version: VAR_VERSION STRING_ARG - { - OUTYY(("P(server_version:%s)\n", $2)); - free(cfg_parser->cfg->version); - cfg_parser->cfg->version = $2; - } - ; -server_so_rcvbuf: VAR_SO_RCVBUF STRING_ARG - { - OUTYY(("P(server_so_rcvbuf:%s)\n", $2)); - if(!cfg_parse_memsize($2, &cfg_parser->cfg->so_rcvbuf)) - yyerror("buffer size expected"); - free($2); - } - ; -server_so_sndbuf: VAR_SO_SNDBUF STRING_ARG - { - OUTYY(("P(server_so_sndbuf:%s)\n", $2)); - if(!cfg_parse_memsize($2, &cfg_parser->cfg->so_sndbuf)) - yyerror("buffer size expected"); - free($2); - } - ; -server_so_reuseport: VAR_SO_REUSEPORT STRING_ARG - { - OUTYY(("P(server_so_reuseport:%s)\n", $2)); - if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0) - yyerror("expected yes or no."); - else cfg_parser->cfg->so_reuseport = - (strcmp($2, "yes")==0); - free($2); - } - ; -server_ip_transparent: VAR_IP_TRANSPARENT STRING_ARG - { - OUTYY(("P(server_ip_transparent:%s)\n", $2)); - if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0) - yyerror("expected yes or no."); - else cfg_parser->cfg->ip_transparent = - (strcmp($2, "yes")==0); - free($2); - } - ; -server_ip_freebind: VAR_IP_FREEBIND STRING_ARG - { - OUTYY(("P(server_ip_freebind:%s)\n", $2)); - if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0) - yyerror("expected yes or no."); - else cfg_parser->cfg->ip_freebind = - (strcmp($2, "yes")==0); - free($2); - } - ; -server_edns_buffer_size: VAR_EDNS_BUFFER_SIZE STRING_ARG - { - OUTYY(("P(server_edns_buffer_size:%s)\n", $2)); - if(atoi($2) == 0) - yyerror("number expected"); - else if (atoi($2) < 12) - yyerror("edns buffer size too small"); - else if (atoi($2) > 65535) - cfg_parser->cfg->edns_buffer_size = 65535; - else cfg_parser->cfg->edns_buffer_size = atoi($2); - free($2); - } - ; -server_msg_buffer_size: VAR_MSG_BUFFER_SIZE STRING_ARG - { - OUTYY(("P(server_msg_buffer_size:%s)\n", $2)); - if(atoi($2) == 0) - yyerror("number expected"); - else if (atoi($2) < 4096) - yyerror("message buffer size too small (use 4096)"); - else cfg_parser->cfg->msg_buffer_size = atoi($2); - free($2); - } - ; -server_msg_cache_size: VAR_MSG_CACHE_SIZE STRING_ARG - { - OUTYY(("P(server_msg_cache_size:%s)\n", $2)); - if(!cfg_parse_memsize($2, &cfg_parser->cfg->msg_cache_size)) - yyerror("memory size expected"); - free($2); - } - ; -server_msg_cache_slabs: VAR_MSG_CACHE_SLABS STRING_ARG - { - OUTYY(("P(server_msg_cache_slabs:%s)\n", $2)); - if(atoi($2) == 0) - yyerror("number expected"); - else { - cfg_parser->cfg->msg_cache_slabs = atoi($2); - if(!is_pow2(cfg_parser->cfg->msg_cache_slabs)) - yyerror("must be a power of 2"); - } - free($2); - } - ; -server_num_queries_per_thread: VAR_NUM_QUERIES_PER_THREAD STRING_ARG - { - OUTYY(("P(server_num_queries_per_thread:%s)\n", $2)); - if(atoi($2) == 0) - yyerror("number expected"); - else cfg_parser->cfg->num_queries_per_thread = atoi($2); - free($2); - } - ; -server_jostle_timeout: VAR_JOSTLE_TIMEOUT STRING_ARG - { - OUTYY(("P(server_jostle_timeout:%s)\n", $2)); - if(atoi($2) == 0 && strcmp($2, "0") != 0) - yyerror("number expected"); - else cfg_parser->cfg->jostle_time = atoi($2); - free($2); - } - ; -server_delay_close: VAR_DELAY_CLOSE STRING_ARG - { - OUTYY(("P(server_delay_close:%s)\n", $2)); - if(atoi($2) == 0 && strcmp($2, "0") != 0) - yyerror("number expected"); - else cfg_parser->cfg->delay_close = atoi($2); - free($2); - } - ; -server_unblock_lan_zones: VAR_UNBLOCK_LAN_ZONES STRING_ARG - { - OUTYY(("P(server_unblock_lan_zones:%s)\n", $2)); - if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0) - yyerror("expected yes or no."); - else cfg_parser->cfg->unblock_lan_zones = - (strcmp($2, "yes")==0); - free($2); - } - ; -server_insecure_lan_zones: VAR_INSECURE_LAN_ZONES STRING_ARG - { - OUTYY(("P(server_insecure_lan_zones:%s)\n", $2)); - if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0) - yyerror("expected yes or no."); - else cfg_parser->cfg->insecure_lan_zones = - (strcmp($2, "yes")==0); - free($2); - } - ; -server_rrset_cache_size: VAR_RRSET_CACHE_SIZE STRING_ARG - { - OUTYY(("P(server_rrset_cache_size:%s)\n", $2)); - if(!cfg_parse_memsize($2, &cfg_parser->cfg->rrset_cache_size)) - yyerror("memory size expected"); - free($2); - } - ; -server_rrset_cache_slabs: VAR_RRSET_CACHE_SLABS STRING_ARG - { - OUTYY(("P(server_rrset_cache_slabs:%s)\n", $2)); - if(atoi($2) == 0) - yyerror("number expected"); - else { - cfg_parser->cfg->rrset_cache_slabs = atoi($2); - if(!is_pow2(cfg_parser->cfg->rrset_cache_slabs)) - yyerror("must be a power of 2"); - } - free($2); - } - ; -server_infra_host_ttl: VAR_INFRA_HOST_TTL STRING_ARG - { - OUTYY(("P(server_infra_host_ttl:%s)\n", $2)); - if(atoi($2) == 0 && strcmp($2, "0") != 0) - yyerror("number expected"); - else cfg_parser->cfg->host_ttl = atoi($2); - free($2); - } - ; -server_infra_lame_ttl: VAR_INFRA_LAME_TTL STRING_ARG - { - OUTYY(("P(server_infra_lame_ttl:%s)\n", $2)); - verbose(VERB_DETAIL, "ignored infra-lame-ttl: %s (option " - "removed, use infra-host-ttl)", $2); - free($2); - } - ; -server_infra_cache_numhosts: VAR_INFRA_CACHE_NUMHOSTS STRING_ARG - { - OUTYY(("P(server_infra_cache_numhosts:%s)\n", $2)); - if(atoi($2) == 0) - yyerror("number expected"); - else cfg_parser->cfg->infra_cache_numhosts = atoi($2); - free($2); - } - ; -server_infra_cache_lame_size: VAR_INFRA_CACHE_LAME_SIZE STRING_ARG - { - OUTYY(("P(server_infra_cache_lame_size:%s)\n", $2)); - verbose(VERB_DETAIL, "ignored infra-cache-lame-size: %s " - "(option removed, use infra-cache-numhosts)", $2); - free($2); - } - ; -server_infra_cache_slabs: VAR_INFRA_CACHE_SLABS STRING_ARG - { - OUTYY(("P(server_infra_cache_slabs:%s)\n", $2)); - if(atoi($2) == 0) - yyerror("number expected"); - else { - cfg_parser->cfg->infra_cache_slabs = atoi($2); - if(!is_pow2(cfg_parser->cfg->infra_cache_slabs)) - yyerror("must be a power of 2"); - } - free($2); - } - ; -server_infra_cache_min_rtt: VAR_INFRA_CACHE_MIN_RTT STRING_ARG - { - OUTYY(("P(server_infra_cache_min_rtt:%s)\n", $2)); - if(atoi($2) == 0 && strcmp($2, "0") != 0) - yyerror("number expected"); - else cfg_parser->cfg->infra_cache_min_rtt = atoi($2); - free($2); - } - ; -server_target_fetch_policy: VAR_TARGET_FETCH_POLICY STRING_ARG - { - OUTYY(("P(server_target_fetch_policy:%s)\n", $2)); - free(cfg_parser->cfg->target_fetch_policy); - cfg_parser->cfg->target_fetch_policy = $2; - } - ; -server_harden_short_bufsize: VAR_HARDEN_SHORT_BUFSIZE STRING_ARG - { - OUTYY(("P(server_harden_short_bufsize:%s)\n", $2)); - if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0) - yyerror("expected yes or no."); - else cfg_parser->cfg->harden_short_bufsize = - (strcmp($2, "yes")==0); - free($2); - } - ; -server_harden_large_queries: VAR_HARDEN_LARGE_QUERIES STRING_ARG - { - OUTYY(("P(server_harden_large_queries:%s)\n", $2)); - if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0) - yyerror("expected yes or no."); - else cfg_parser->cfg->harden_large_queries = - (strcmp($2, "yes")==0); - free($2); - } - ; -server_harden_glue: VAR_HARDEN_GLUE STRING_ARG - { - OUTYY(("P(server_harden_glue:%s)\n", $2)); - if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0) - yyerror("expected yes or no."); - else cfg_parser->cfg->harden_glue = - (strcmp($2, "yes")==0); - free($2); - } - ; -server_harden_dnssec_stripped: VAR_HARDEN_DNSSEC_STRIPPED STRING_ARG - { - OUTYY(("P(server_harden_dnssec_stripped:%s)\n", $2)); - if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0) - yyerror("expected yes or no."); - else cfg_parser->cfg->harden_dnssec_stripped = - (strcmp($2, "yes")==0); - free($2); - } - ; -server_harden_below_nxdomain: VAR_HARDEN_BELOW_NXDOMAIN STRING_ARG - { - OUTYY(("P(server_harden_below_nxdomain:%s)\n", $2)); - if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0) - yyerror("expected yes or no."); - else cfg_parser->cfg->harden_below_nxdomain = - (strcmp($2, "yes")==0); - free($2); - } - ; -server_harden_referral_path: VAR_HARDEN_REFERRAL_PATH STRING_ARG - { - OUTYY(("P(server_harden_referral_path:%s)\n", $2)); - if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0) - yyerror("expected yes or no."); - else cfg_parser->cfg->harden_referral_path = - (strcmp($2, "yes")==0); - free($2); - } - ; -server_harden_algo_downgrade: VAR_HARDEN_ALGO_DOWNGRADE STRING_ARG - { - OUTYY(("P(server_harden_algo_downgrade:%s)\n", $2)); - if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0) - yyerror("expected yes or no."); - else cfg_parser->cfg->harden_algo_downgrade = - (strcmp($2, "yes")==0); - free($2); - } - ; -server_use_caps_for_id: VAR_USE_CAPS_FOR_ID STRING_ARG - { - OUTYY(("P(server_use_caps_for_id:%s)\n", $2)); - if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0) - yyerror("expected yes or no."); - else cfg_parser->cfg->use_caps_bits_for_id = - (strcmp($2, "yes")==0); - free($2); - } - ; -server_caps_whitelist: VAR_CAPS_WHITELIST STRING_ARG - { - OUTYY(("P(server_caps_whitelist:%s)\n", $2)); - if(!cfg_strlist_insert(&cfg_parser->cfg->caps_whitelist, $2)) - yyerror("out of memory"); - } - ; -server_private_address: VAR_PRIVATE_ADDRESS STRING_ARG - { - OUTYY(("P(server_private_address:%s)\n", $2)); - if(!cfg_strlist_insert(&cfg_parser->cfg->private_address, $2)) - yyerror("out of memory"); - } - ; -server_private_domain: VAR_PRIVATE_DOMAIN STRING_ARG - { - OUTYY(("P(server_private_domain:%s)\n", $2)); - if(!cfg_strlist_insert(&cfg_parser->cfg->private_domain, $2)) - yyerror("out of memory"); - } - ; -server_prefetch: VAR_PREFETCH STRING_ARG - { - OUTYY(("P(server_prefetch:%s)\n", $2)); - if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0) - yyerror("expected yes or no."); - else cfg_parser->cfg->prefetch = (strcmp($2, "yes")==0); - free($2); - } - ; -server_prefetch_key: VAR_PREFETCH_KEY STRING_ARG - { - OUTYY(("P(server_prefetch_key:%s)\n", $2)); - if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0) - yyerror("expected yes or no."); - else cfg_parser->cfg->prefetch_key = (strcmp($2, "yes")==0); - free($2); - } - ; -server_unwanted_reply_threshold: VAR_UNWANTED_REPLY_THRESHOLD STRING_ARG - { - OUTYY(("P(server_unwanted_reply_threshold:%s)\n", $2)); - if(atoi($2) == 0 && strcmp($2, "0") != 0) - yyerror("number expected"); - else cfg_parser->cfg->unwanted_threshold = atoi($2); - free($2); - } - ; -server_do_not_query_address: VAR_DO_NOT_QUERY_ADDRESS STRING_ARG - { - OUTYY(("P(server_do_not_query_address:%s)\n", $2)); - if(!cfg_strlist_insert(&cfg_parser->cfg->donotqueryaddrs, $2)) - yyerror("out of memory"); - } - ; -server_do_not_query_localhost: VAR_DO_NOT_QUERY_LOCALHOST STRING_ARG - { - OUTYY(("P(server_do_not_query_localhost:%s)\n", $2)); - if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0) - yyerror("expected yes or no."); - else cfg_parser->cfg->donotquery_localhost = - (strcmp($2, "yes")==0); - free($2); - } - ; -server_access_control: VAR_ACCESS_CONTROL STRING_ARG STRING_ARG - { - OUTYY(("P(server_access_control:%s %s)\n", $2, $3)); - if(strcmp($3, "deny")!=0 && strcmp($3, "refuse")!=0 && - strcmp($3, "deny_non_local")!=0 && - strcmp($3, "refuse_non_local")!=0 && - strcmp($3, "allow")!=0 && - strcmp($3, "allow_snoop")!=0) { - yyerror("expected deny, refuse, deny_non_local, " - "refuse_non_local, allow or allow_snoop " - "in access control action"); - } else { - if(!cfg_str2list_insert(&cfg_parser->cfg->acls, $2, $3)) - fatal_exit("out of memory adding acl"); - } - } - ; -server_module_conf: VAR_MODULE_CONF STRING_ARG - { - OUTYY(("P(server_module_conf:%s)\n", $2)); - free(cfg_parser->cfg->module_conf); - cfg_parser->cfg->module_conf = $2; - } - ; -server_val_override_date: VAR_VAL_OVERRIDE_DATE STRING_ARG - { - OUTYY(("P(server_val_override_date:%s)\n", $2)); - if(*$2 == '\0' || strcmp($2, "0") == 0) { - cfg_parser->cfg->val_date_override = 0; - } else if(strlen($2) == 14) { - cfg_parser->cfg->val_date_override = - cfg_convert_timeval($2); - if(!cfg_parser->cfg->val_date_override) - yyerror("bad date/time specification"); - } else { - if(atoi($2) == 0) - yyerror("number expected"); - cfg_parser->cfg->val_date_override = atoi($2); - } - free($2); - } - ; -server_val_sig_skew_min: VAR_VAL_SIG_SKEW_MIN STRING_ARG - { - OUTYY(("P(server_val_sig_skew_min:%s)\n", $2)); - if(*$2 == '\0' || strcmp($2, "0") == 0) { - cfg_parser->cfg->val_sig_skew_min = 0; - } else { - cfg_parser->cfg->val_sig_skew_min = atoi($2); - if(!cfg_parser->cfg->val_sig_skew_min) - yyerror("number expected"); - } - free($2); - } - ; -server_val_sig_skew_max: VAR_VAL_SIG_SKEW_MAX STRING_ARG - { - OUTYY(("P(server_val_sig_skew_max:%s)\n", $2)); - if(*$2 == '\0' || strcmp($2, "0") == 0) { - cfg_parser->cfg->val_sig_skew_max = 0; - } else { - cfg_parser->cfg->val_sig_skew_max = atoi($2); - if(!cfg_parser->cfg->val_sig_skew_max) - yyerror("number expected"); - } - free($2); - } - ; -server_cache_max_ttl: VAR_CACHE_MAX_TTL STRING_ARG - { - OUTYY(("P(server_cache_max_ttl:%s)\n", $2)); - if(atoi($2) == 0 && strcmp($2, "0") != 0) - yyerror("number expected"); - else cfg_parser->cfg->max_ttl = atoi($2); - free($2); - } - ; -server_cache_max_negative_ttl: VAR_CACHE_MAX_NEGATIVE_TTL STRING_ARG - { - OUTYY(("P(server_cache_max_negative_ttl:%s)\n", $2)); - if(atoi($2) == 0 && strcmp($2, "0") != 0) - yyerror("number expected"); - else cfg_parser->cfg->max_negative_ttl = atoi($2); - free($2); - } - ; -server_cache_min_ttl: VAR_CACHE_MIN_TTL STRING_ARG - { - OUTYY(("P(server_cache_min_ttl:%s)\n", $2)); - if(atoi($2) == 0 && strcmp($2, "0") != 0) - yyerror("number expected"); - else cfg_parser->cfg->min_ttl = atoi($2); - free($2); - } - ; -server_bogus_ttl: VAR_BOGUS_TTL STRING_ARG - { - OUTYY(("P(server_bogus_ttl:%s)\n", $2)); - if(atoi($2) == 0 && strcmp($2, "0") != 0) - yyerror("number expected"); - else cfg_parser->cfg->bogus_ttl = atoi($2); - free($2); - } - ; -server_val_clean_additional: VAR_VAL_CLEAN_ADDITIONAL STRING_ARG - { - OUTYY(("P(server_val_clean_additional:%s)\n", $2)); - if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0) - yyerror("expected yes or no."); - else cfg_parser->cfg->val_clean_additional = - (strcmp($2, "yes")==0); - free($2); - } - ; -server_val_permissive_mode: VAR_VAL_PERMISSIVE_MODE STRING_ARG - { - OUTYY(("P(server_val_permissive_mode:%s)\n", $2)); - if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0) - yyerror("expected yes or no."); - else cfg_parser->cfg->val_permissive_mode = - (strcmp($2, "yes")==0); - free($2); - } - ; -server_ignore_cd_flag: VAR_IGNORE_CD_FLAG STRING_ARG - { - OUTYY(("P(server_ignore_cd_flag:%s)\n", $2)); - if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0) - yyerror("expected yes or no."); - else cfg_parser->cfg->ignore_cd = (strcmp($2, "yes")==0); - free($2); - } - ; -server_serve_expired: VAR_SERVE_EXPIRED STRING_ARG - { - OUTYY(("P(server_serve_expired:%s)\n", $2)); - if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0) - yyerror("expected yes or no."); - else cfg_parser->cfg->serve_expired = (strcmp($2, "yes")==0); - free($2); - } - ; -server_fake_dsa: VAR_FAKE_DSA STRING_ARG - { - OUTYY(("P(server_fake_dsa:%s)\n", $2)); - if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0) - yyerror("expected yes or no."); -#ifdef HAVE_SSL - else fake_dsa = (strcmp($2, "yes")==0); - if(fake_dsa) - log_warn("test option fake_dsa is enabled"); -#endif - free($2); - } - ; -server_fake_sha1: VAR_FAKE_SHA1 STRING_ARG - { - OUTYY(("P(server_fake_sha1:%s)\n", $2)); - if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0) - yyerror("expected yes or no."); -#ifdef HAVE_SSL - else fake_sha1 = (strcmp($2, "yes")==0); - if(fake_sha1) - log_warn("test option fake_sha1 is enabled"); -#endif - free($2); - } - ; -server_val_log_level: VAR_VAL_LOG_LEVEL STRING_ARG - { - OUTYY(("P(server_val_log_level:%s)\n", $2)); - if(atoi($2) == 0 && strcmp($2, "0") != 0) - yyerror("number expected"); - else cfg_parser->cfg->val_log_level = atoi($2); - free($2); - } - ; -server_val_nsec3_keysize_iterations: VAR_VAL_NSEC3_KEYSIZE_ITERATIONS STRING_ARG - { - OUTYY(("P(server_val_nsec3_keysize_iterations:%s)\n", $2)); - free(cfg_parser->cfg->val_nsec3_key_iterations); - cfg_parser->cfg->val_nsec3_key_iterations = $2; - } - ; -server_add_holddown: VAR_ADD_HOLDDOWN STRING_ARG - { - OUTYY(("P(server_add_holddown:%s)\n", $2)); - if(atoi($2) == 0 && strcmp($2, "0") != 0) - yyerror("number expected"); - else cfg_parser->cfg->add_holddown = atoi($2); - free($2); - } - ; -server_del_holddown: VAR_DEL_HOLDDOWN STRING_ARG - { - OUTYY(("P(server_del_holddown:%s)\n", $2)); - if(atoi($2) == 0 && strcmp($2, "0") != 0) - yyerror("number expected"); - else cfg_parser->cfg->del_holddown = atoi($2); - free($2); - } - ; -server_keep_missing: VAR_KEEP_MISSING STRING_ARG - { - OUTYY(("P(server_keep_missing:%s)\n", $2)); - if(atoi($2) == 0 && strcmp($2, "0") != 0) - yyerror("number expected"); - else cfg_parser->cfg->keep_missing = atoi($2); - free($2); - } - ; -server_permit_small_holddown: VAR_PERMIT_SMALL_HOLDDOWN STRING_ARG - { - OUTYY(("P(server_permit_small_holddown:%s)\n", $2)); - if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0) - yyerror("expected yes or no."); - else cfg_parser->cfg->permit_small_holddown = - (strcmp($2, "yes")==0); - free($2); - } -server_key_cache_size: VAR_KEY_CACHE_SIZE STRING_ARG - { - OUTYY(("P(server_key_cache_size:%s)\n", $2)); - if(!cfg_parse_memsize($2, &cfg_parser->cfg->key_cache_size)) - yyerror("memory size expected"); - free($2); - } - ; -server_key_cache_slabs: VAR_KEY_CACHE_SLABS STRING_ARG - { - OUTYY(("P(server_key_cache_slabs:%s)\n", $2)); - if(atoi($2) == 0) - yyerror("number expected"); - else { - cfg_parser->cfg->key_cache_slabs = atoi($2); - if(!is_pow2(cfg_parser->cfg->key_cache_slabs)) - yyerror("must be a power of 2"); - } - free($2); - } - ; -server_neg_cache_size: VAR_NEG_CACHE_SIZE STRING_ARG - { - OUTYY(("P(server_neg_cache_size:%s)\n", $2)); - if(!cfg_parse_memsize($2, &cfg_parser->cfg->neg_cache_size)) - yyerror("memory size expected"); - free($2); - } - ; -server_local_zone: VAR_LOCAL_ZONE STRING_ARG STRING_ARG - { - OUTYY(("P(server_local_zone:%s %s)\n", $2, $3)); - if(strcmp($3, "static")!=0 && strcmp($3, "deny")!=0 && - strcmp($3, "refuse")!=0 && strcmp($3, "redirect")!=0 && - strcmp($3, "transparent")!=0 && strcmp($3, "nodefault")!=0 - && strcmp($3, "typetransparent")!=0 - && strcmp($3, "always_transparent")!=0 - && strcmp($3, "always_refuse")!=0 - && strcmp($3, "always_nxdomain")!=0 - && strcmp($3, "inform")!=0 && strcmp($3, "inform_deny")!=0) - yyerror("local-zone type: expected static, deny, " - "refuse, redirect, transparent, " - "typetransparent, inform, inform_deny, " - "always_transparent, always_refuse, " - "always_nxdomain or nodefault"); - else if(strcmp($3, "nodefault")==0) { - if(!cfg_strlist_insert(&cfg_parser->cfg-> - local_zones_nodefault, $2)) - fatal_exit("out of memory adding local-zone"); - free($3); - } else { - if(!cfg_str2list_insert(&cfg_parser->cfg->local_zones, - $2, $3)) - fatal_exit("out of memory adding local-zone"); - } - } - ; -server_local_data: VAR_LOCAL_DATA STRING_ARG - { - OUTYY(("P(server_local_data:%s)\n", $2)); - if(!cfg_strlist_insert(&cfg_parser->cfg->local_data, $2)) - fatal_exit("out of memory adding local-data"); - } - ; -server_local_data_ptr: VAR_LOCAL_DATA_PTR STRING_ARG - { - char* ptr; - OUTYY(("P(server_local_data_ptr:%s)\n", $2)); - ptr = cfg_ptr_reverse($2); - free($2); - if(ptr) { - if(!cfg_strlist_insert(&cfg_parser->cfg-> - local_data, ptr)) - fatal_exit("out of memory adding local-data"); - } else { - yyerror("local-data-ptr could not be reversed"); - } - } - ; -server_minimal_responses: VAR_MINIMAL_RESPONSES STRING_ARG - { - OUTYY(("P(server_minimal_responses:%s)\n", $2)); - if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0) - yyerror("expected yes or no."); - else cfg_parser->cfg->minimal_responses = - (strcmp($2, "yes")==0); - free($2); - } - ; -server_rrset_roundrobin: VAR_RRSET_ROUNDROBIN STRING_ARG - { - OUTYY(("P(server_rrset_roundrobin:%s)\n", $2)); - if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0) - yyerror("expected yes or no."); - else cfg_parser->cfg->rrset_roundrobin = - (strcmp($2, "yes")==0); - free($2); - } - ; -server_max_udp_size: VAR_MAX_UDP_SIZE STRING_ARG - { - OUTYY(("P(server_max_udp_size:%s)\n", $2)); - cfg_parser->cfg->max_udp_size = atoi($2); - free($2); - } - ; -server_dns64_prefix: VAR_DNS64_PREFIX STRING_ARG - { - OUTYY(("P(dns64_prefix:%s)\n", $2)); - free(cfg_parser->cfg->dns64_prefix); - cfg_parser->cfg->dns64_prefix = $2; - } - ; -server_dns64_synthall: VAR_DNS64_SYNTHALL STRING_ARG - { - OUTYY(("P(server_dns64_synthall:%s)\n", $2)); - if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0) - yyerror("expected yes or no."); - else cfg_parser->cfg->dns64_synthall = (strcmp($2, "yes")==0); - free($2); - } - ; -server_define_tag: VAR_DEFINE_TAG STRING_ARG - { - char* p, *s = $2; - OUTYY(("P(server_define_tag:%s)\n", $2)); - while((p=strsep(&s, " \t\n")) != NULL) { - if(*p) { - if(!config_add_tag(cfg_parser->cfg, p)) - yyerror("could not define-tag, " - "out of memory"); - } - } - free($2); - } - ; -server_local_zone_tag: VAR_LOCAL_ZONE_TAG STRING_ARG STRING_ARG - { - size_t len = 0; - uint8_t* bitlist = config_parse_taglist(cfg_parser->cfg, $3, - &len); - free($3); - OUTYY(("P(server_local_zone_tag:%s)\n", $2)); - if(!bitlist) - yyerror("could not parse tags, (define-tag them first)"); - if(bitlist) { - if(!cfg_strbytelist_insert( - &cfg_parser->cfg->local_zone_tags, - $2, bitlist, len)) { - yyerror("out of memory"); - free($2); - } - } - } - ; -server_access_control_tag: VAR_ACCESS_CONTROL_TAG STRING_ARG STRING_ARG - { - size_t len = 0; - uint8_t* bitlist = config_parse_taglist(cfg_parser->cfg, $3, - &len); - free($3); - OUTYY(("P(server_access_control_tag:%s)\n", $2)); - if(!bitlist) - yyerror("could not parse tags, (define-tag them first)"); - if(bitlist) { - if(!cfg_strbytelist_insert( - &cfg_parser->cfg->acl_tags, - $2, bitlist, len)) { - yyerror("out of memory"); - free($2); - } - } - } - ; -server_access_control_tag_action: VAR_ACCESS_CONTROL_TAG_ACTION STRING_ARG STRING_ARG STRING_ARG - { - OUTYY(("P(server_access_control_tag_action:%s %s %s)\n", $2, $3, $4)); - if(!cfg_str3list_insert(&cfg_parser->cfg->acl_tag_actions, - $2, $3, $4)) { - yyerror("out of memory"); - free($2); - free($3); - free($4); - } - } - ; -server_access_control_tag_data: VAR_ACCESS_CONTROL_TAG_DATA STRING_ARG STRING_ARG STRING_ARG - { - OUTYY(("P(server_access_control_tag_data:%s %s %s)\n", $2, $3, $4)); - if(!cfg_str3list_insert(&cfg_parser->cfg->acl_tag_datas, - $2, $3, $4)) { - yyerror("out of memory"); - free($2); - free($3); - free($4); - } - } - ; -server_local_zone_override: VAR_LOCAL_ZONE_OVERRIDE STRING_ARG STRING_ARG STRING_ARG - { - OUTYY(("P(server_local_zone_override:%s %s %s)\n", $2, $3, $4)); - if(!cfg_str3list_insert(&cfg_parser->cfg->local_zone_overrides, - $2, $3, $4)) { - yyerror("out of memory"); - free($2); - free($3); - free($4); - } - } - ; -server_access_control_view: VAR_ACCESS_CONTROL_VIEW STRING_ARG STRING_ARG - { - OUTYY(("P(server_access_control_view:%s %s)\n", $2, $3)); - if(!cfg_str2list_insert(&cfg_parser->cfg->acl_view, - $2, $3)) { - yyerror("out of memory"); - free($2); - free($3); - } - } - ; -server_response_ip_tag: VAR_RESPONSE_IP_TAG STRING_ARG STRING_ARG - { - size_t len = 0; - uint8_t* bitlist = config_parse_taglist(cfg_parser->cfg, $3, - &len); - free($3); - OUTYY(("P(response_ip_tag:%s)\n", $2)); - if(!bitlist) - yyerror("could not parse tags, (define-tag them first)"); - if(bitlist) { - if(!cfg_strbytelist_insert( - &cfg_parser->cfg->respip_tags, - $2, bitlist, len)) { - yyerror("out of memory"); - free($2); - } - } - } - ; -server_ip_ratelimit: VAR_IP_RATELIMIT STRING_ARG - { - OUTYY(("P(server_ip_ratelimit:%s)\n", $2)); - if(atoi($2) == 0 && strcmp($2, "0") != 0) - yyerror("number expected"); - else cfg_parser->cfg->ip_ratelimit = atoi($2); - free($2); - } - ; - -server_ratelimit: VAR_RATELIMIT STRING_ARG - { - OUTYY(("P(server_ratelimit:%s)\n", $2)); - if(atoi($2) == 0 && strcmp($2, "0") != 0) - yyerror("number expected"); - else cfg_parser->cfg->ratelimit = atoi($2); - free($2); - } - ; -server_ip_ratelimit_size: VAR_IP_RATELIMIT_SIZE STRING_ARG - { - OUTYY(("P(server_ip_ratelimit_size:%s)\n", $2)); - if(!cfg_parse_memsize($2, &cfg_parser->cfg->ip_ratelimit_size)) - yyerror("memory size expected"); - free($2); - } - ; -server_ratelimit_size: VAR_RATELIMIT_SIZE STRING_ARG - { - OUTYY(("P(server_ratelimit_size:%s)\n", $2)); - if(!cfg_parse_memsize($2, &cfg_parser->cfg->ratelimit_size)) - yyerror("memory size expected"); - free($2); - } - ; -server_ip_ratelimit_slabs: VAR_IP_RATELIMIT_SLABS STRING_ARG - { - OUTYY(("P(server_ip_ratelimit_slabs:%s)\n", $2)); - if(atoi($2) == 0) - yyerror("number expected"); - else { - cfg_parser->cfg->ip_ratelimit_slabs = atoi($2); - if(!is_pow2(cfg_parser->cfg->ip_ratelimit_slabs)) - yyerror("must be a power of 2"); - } - free($2); - } - ; -server_ratelimit_slabs: VAR_RATELIMIT_SLABS STRING_ARG - { - OUTYY(("P(server_ratelimit_slabs:%s)\n", $2)); - if(atoi($2) == 0) - yyerror("number expected"); - else { - cfg_parser->cfg->ratelimit_slabs = atoi($2); - if(!is_pow2(cfg_parser->cfg->ratelimit_slabs)) - yyerror("must be a power of 2"); - } - free($2); - } - ; -server_ratelimit_for_domain: VAR_RATELIMIT_FOR_DOMAIN STRING_ARG STRING_ARG - { - OUTYY(("P(server_ratelimit_for_domain:%s %s)\n", $2, $3)); - if(atoi($3) == 0 && strcmp($3, "0") != 0) { - yyerror("number expected"); - } else { - if(!cfg_str2list_insert(&cfg_parser->cfg-> - ratelimit_for_domain, $2, $3)) - fatal_exit("out of memory adding " - "ratelimit-for-domain"); - } - } - ; -server_ratelimit_below_domain: VAR_RATELIMIT_BELOW_DOMAIN STRING_ARG STRING_ARG - { - OUTYY(("P(server_ratelimit_below_domain:%s %s)\n", $2, $3)); - if(atoi($3) == 0 && strcmp($3, "0") != 0) { - yyerror("number expected"); - } else { - if(!cfg_str2list_insert(&cfg_parser->cfg-> - ratelimit_below_domain, $2, $3)) - fatal_exit("out of memory adding " - "ratelimit-below-domain"); - } - } - ; -server_ip_ratelimit_factor: VAR_IP_RATELIMIT_FACTOR STRING_ARG - { - OUTYY(("P(server_ip_ratelimit_factor:%s)\n", $2)); - if(atoi($2) == 0 && strcmp($2, "0") != 0) - yyerror("number expected"); - else cfg_parser->cfg->ip_ratelimit_factor = atoi($2); - free($2); - } - ; -server_ratelimit_factor: VAR_RATELIMIT_FACTOR STRING_ARG - { - OUTYY(("P(server_ratelimit_factor:%s)\n", $2)); - if(atoi($2) == 0 && strcmp($2, "0") != 0) - yyerror("number expected"); - else cfg_parser->cfg->ratelimit_factor = atoi($2); - free($2); - } - ; -server_qname_minimisation: VAR_QNAME_MINIMISATION STRING_ARG - { - OUTYY(("P(server_qname_minimisation:%s)\n", $2)); - if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0) - yyerror("expected yes or no."); - else cfg_parser->cfg->qname_minimisation = - (strcmp($2, "yes")==0); - free($2); - } - ; -server_qname_minimisation_strict: VAR_QNAME_MINIMISATION_STRICT STRING_ARG - { - OUTYY(("P(server_qname_minimisation_strict:%s)\n", $2)); - if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0) - yyerror("expected yes or no."); - else cfg_parser->cfg->qname_minimisation_strict = - (strcmp($2, "yes")==0); - free($2); - } - ; -stub_name: VAR_NAME STRING_ARG - { - OUTYY(("P(name:%s)\n", $2)); - if(cfg_parser->cfg->stubs->name) - yyerror("stub name override, there must be one name " - "for one stub-zone"); - free(cfg_parser->cfg->stubs->name); - cfg_parser->cfg->stubs->name = $2; - } - ; -stub_host: VAR_STUB_HOST STRING_ARG - { - OUTYY(("P(stub-host:%s)\n", $2)); - if(!cfg_strlist_insert(&cfg_parser->cfg->stubs->hosts, $2)) - yyerror("out of memory"); - } - ; -stub_addr: VAR_STUB_ADDR STRING_ARG - { - OUTYY(("P(stub-addr:%s)\n", $2)); - if(!cfg_strlist_insert(&cfg_parser->cfg->stubs->addrs, $2)) - yyerror("out of memory"); - } - ; -stub_first: VAR_STUB_FIRST STRING_ARG - { - OUTYY(("P(stub-first:%s)\n", $2)); - if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0) - yyerror("expected yes or no."); - else cfg_parser->cfg->stubs->isfirst=(strcmp($2, "yes")==0); - free($2); - } - ; -stub_ssl_upstream: VAR_STUB_SSL_UPSTREAM STRING_ARG - { - OUTYY(("P(stub-ssl-upstream:%s)\n", $2)); - if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0) - yyerror("expected yes or no."); - else cfg_parser->cfg->stubs->ssl_upstream = - (strcmp($2, "yes")==0); - free($2); - } - ; -stub_prime: VAR_STUB_PRIME STRING_ARG - { - OUTYY(("P(stub-prime:%s)\n", $2)); - if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0) - yyerror("expected yes or no."); - else cfg_parser->cfg->stubs->isprime = - (strcmp($2, "yes")==0); - free($2); - } - ; -forward_name: VAR_NAME STRING_ARG - { - OUTYY(("P(name:%s)\n", $2)); - if(cfg_parser->cfg->forwards->name) - yyerror("forward name override, there must be one " - "name for one forward-zone"); - free(cfg_parser->cfg->forwards->name); - cfg_parser->cfg->forwards->name = $2; - } - ; -forward_host: VAR_FORWARD_HOST STRING_ARG - { - OUTYY(("P(forward-host:%s)\n", $2)); - if(!cfg_strlist_insert(&cfg_parser->cfg->forwards->hosts, $2)) - yyerror("out of memory"); - } - ; -forward_addr: VAR_FORWARD_ADDR STRING_ARG - { - OUTYY(("P(forward-addr:%s)\n", $2)); - if(!cfg_strlist_insert(&cfg_parser->cfg->forwards->addrs, $2)) - yyerror("out of memory"); - } - ; -forward_first: VAR_FORWARD_FIRST STRING_ARG - { - OUTYY(("P(forward-first:%s)\n", $2)); - if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0) - yyerror("expected yes or no."); - else cfg_parser->cfg->forwards->isfirst=(strcmp($2, "yes")==0); - free($2); - } - ; -forward_ssl_upstream: VAR_FORWARD_SSL_UPSTREAM STRING_ARG - { - OUTYY(("P(forward-ssl-upstream:%s)\n", $2)); - if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0) - yyerror("expected yes or no."); - else cfg_parser->cfg->forwards->ssl_upstream = - (strcmp($2, "yes")==0); - free($2); - } - ; -view_name: VAR_NAME STRING_ARG - { - OUTYY(("P(name:%s)\n", $2)); - if(cfg_parser->cfg->views->name) - yyerror("view name override, there must be one " - "name for one view"); - free(cfg_parser->cfg->views->name); - cfg_parser->cfg->views->name = $2; - } - ; -view_local_zone: VAR_LOCAL_ZONE STRING_ARG STRING_ARG - { - OUTYY(("P(view_local_zone:%s %s)\n", $2, $3)); - if(strcmp($3, "static")!=0 && strcmp($3, "deny")!=0 && - strcmp($3, "refuse")!=0 && strcmp($3, "redirect")!=0 && - strcmp($3, "transparent")!=0 && strcmp($3, "nodefault")!=0 - && strcmp($3, "typetransparent")!=0 - && strcmp($3, "always_transparent")!=0 - && strcmp($3, "always_refuse")!=0 - && strcmp($3, "always_nxdomain")!=0 - && strcmp($3, "inform")!=0 && strcmp($3, "inform_deny")!=0) - yyerror("local-zone type: expected static, deny, " - "refuse, redirect, transparent, " - "typetransparent, inform, inform_deny, " - "always_transparent, always_refuse, " - "always_nxdomain or nodefault"); - else if(strcmp($3, "nodefault")==0) { - if(!cfg_strlist_insert(&cfg_parser->cfg->views-> - local_zones_nodefault, $2)) - fatal_exit("out of memory adding local-zone"); - free($3); - } else { - if(!cfg_str2list_insert( - &cfg_parser->cfg->views->local_zones, - $2, $3)) - fatal_exit("out of memory adding local-zone"); - } - } - ; -view_response_ip: VAR_RESPONSE_IP STRING_ARG STRING_ARG - { - OUTYY(("P(view_response_ip:%s %s)\n", $2, $3)); - validate_respip_action($3); - if(!cfg_str2list_insert( - &cfg_parser->cfg->views->respip_actions, $2, $3)) - fatal_exit("out of memory adding per-view " - "response-ip action"); - } - ; -view_response_ip_data: VAR_RESPONSE_IP_DATA STRING_ARG STRING_ARG - { - OUTYY(("P(view_response_ip_data:%s)\n", $2)); - if(!cfg_str2list_insert( - &cfg_parser->cfg->views->respip_data, $2, $3)) - fatal_exit("out of memory adding response-ip-data"); - } - ; -view_local_data: VAR_LOCAL_DATA STRING_ARG - { - OUTYY(("P(view_local_data:%s)\n", $2)); - if(!cfg_strlist_insert(&cfg_parser->cfg->views->local_data, $2)) { - fatal_exit("out of memory adding local-data"); - free($2); - } - } - ; -view_local_data_ptr: VAR_LOCAL_DATA_PTR STRING_ARG - { - char* ptr; - OUTYY(("P(view_local_data_ptr:%s)\n", $2)); - ptr = cfg_ptr_reverse($2); - free($2); - if(ptr) { - if(!cfg_strlist_insert(&cfg_parser->cfg->views-> - local_data, ptr)) - fatal_exit("out of memory adding local-data"); - } else { - yyerror("local-data-ptr could not be reversed"); - } - } - ; -view_first: VAR_VIEW_FIRST STRING_ARG - { - OUTYY(("P(view-first:%s)\n", $2)); - if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0) - yyerror("expected yes or no."); - else cfg_parser->cfg->views->isfirst=(strcmp($2, "yes")==0); - free($2); - } - ; -rcstart: VAR_REMOTE_CONTROL - { - OUTYY(("\nP(remote-control:)\n")); - } - ; -contents_rc: contents_rc content_rc - | ; -content_rc: rc_control_enable | rc_control_interface | rc_control_port | - rc_server_key_file | rc_server_cert_file | rc_control_key_file | - rc_control_cert_file | rc_control_use_cert - ; -rc_control_enable: VAR_CONTROL_ENABLE STRING_ARG - { - OUTYY(("P(control_enable:%s)\n", $2)); - if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0) - yyerror("expected yes or no."); - else cfg_parser->cfg->remote_control_enable = - (strcmp($2, "yes")==0); - free($2); - } - ; -rc_control_port: VAR_CONTROL_PORT STRING_ARG - { - OUTYY(("P(control_port:%s)\n", $2)); - if(atoi($2) == 0) - yyerror("control port number expected"); - else cfg_parser->cfg->control_port = atoi($2); - free($2); - } - ; -rc_control_interface: VAR_CONTROL_INTERFACE STRING_ARG - { - OUTYY(("P(control_interface:%s)\n", $2)); - if(!cfg_strlist_insert(&cfg_parser->cfg->control_ifs, $2)) - yyerror("out of memory"); - } - ; -rc_control_use_cert: VAR_CONTROL_USE_CERT STRING_ARG - { - OUTYY(("P(control_use_cert:%s)\n", $2)); - if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0) - yyerror("expected yes or no."); - else cfg_parser->cfg->remote_control_use_cert = - (strcmp($2, "yes")==0); - free($2); - } - ; -rc_server_key_file: VAR_SERVER_KEY_FILE STRING_ARG - { - OUTYY(("P(rc_server_key_file:%s)\n", $2)); - free(cfg_parser->cfg->server_key_file); - cfg_parser->cfg->server_key_file = $2; - } - ; -rc_server_cert_file: VAR_SERVER_CERT_FILE STRING_ARG - { - OUTYY(("P(rc_server_cert_file:%s)\n", $2)); - free(cfg_parser->cfg->server_cert_file); - cfg_parser->cfg->server_cert_file = $2; - } - ; -rc_control_key_file: VAR_CONTROL_KEY_FILE STRING_ARG - { - OUTYY(("P(rc_control_key_file:%s)\n", $2)); - free(cfg_parser->cfg->control_key_file); - cfg_parser->cfg->control_key_file = $2; - } - ; -rc_control_cert_file: VAR_CONTROL_CERT_FILE STRING_ARG - { - OUTYY(("P(rc_control_cert_file:%s)\n", $2)); - free(cfg_parser->cfg->control_cert_file); - cfg_parser->cfg->control_cert_file = $2; - } - ; -dtstart: VAR_DNSTAP - { - OUTYY(("\nP(dnstap:)\n")); - } - ; -contents_dt: contents_dt content_dt - | ; -content_dt: dt_dnstap_enable | dt_dnstap_socket_path | - dt_dnstap_send_identity | dt_dnstap_send_version | - dt_dnstap_identity | dt_dnstap_version | - dt_dnstap_log_resolver_query_messages | - dt_dnstap_log_resolver_response_messages | - dt_dnstap_log_client_query_messages | - dt_dnstap_log_client_response_messages | - dt_dnstap_log_forwarder_query_messages | - dt_dnstap_log_forwarder_response_messages - ; -dt_dnstap_enable: VAR_DNSTAP_ENABLE STRING_ARG - { - OUTYY(("P(dt_dnstap_enable:%s)\n", $2)); - if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0) - yyerror("expected yes or no."); - else cfg_parser->cfg->dnstap = (strcmp($2, "yes")==0); - } - ; -dt_dnstap_socket_path: VAR_DNSTAP_SOCKET_PATH STRING_ARG - { - OUTYY(("P(dt_dnstap_socket_path:%s)\n", $2)); - free(cfg_parser->cfg->dnstap_socket_path); - cfg_parser->cfg->dnstap_socket_path = $2; - } - ; -dt_dnstap_send_identity: VAR_DNSTAP_SEND_IDENTITY STRING_ARG - { - OUTYY(("P(dt_dnstap_send_identity:%s)\n", $2)); - if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0) - yyerror("expected yes or no."); - else cfg_parser->cfg->dnstap_send_identity = (strcmp($2, "yes")==0); - } - ; -dt_dnstap_send_version: VAR_DNSTAP_SEND_VERSION STRING_ARG - { - OUTYY(("P(dt_dnstap_send_version:%s)\n", $2)); - if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0) - yyerror("expected yes or no."); - else cfg_parser->cfg->dnstap_send_version = (strcmp($2, "yes")==0); - } - ; -dt_dnstap_identity: VAR_DNSTAP_IDENTITY STRING_ARG - { - OUTYY(("P(dt_dnstap_identity:%s)\n", $2)); - free(cfg_parser->cfg->dnstap_identity); - cfg_parser->cfg->dnstap_identity = $2; - } - ; -dt_dnstap_version: VAR_DNSTAP_VERSION STRING_ARG - { - OUTYY(("P(dt_dnstap_version:%s)\n", $2)); - free(cfg_parser->cfg->dnstap_version); - cfg_parser->cfg->dnstap_version = $2; - } - ; -dt_dnstap_log_resolver_query_messages: VAR_DNSTAP_LOG_RESOLVER_QUERY_MESSAGES STRING_ARG - { - OUTYY(("P(dt_dnstap_log_resolver_query_messages:%s)\n", $2)); - if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0) - yyerror("expected yes or no."); - else cfg_parser->cfg->dnstap_log_resolver_query_messages = - (strcmp($2, "yes")==0); - } - ; -dt_dnstap_log_resolver_response_messages: VAR_DNSTAP_LOG_RESOLVER_RESPONSE_MESSAGES STRING_ARG - { - OUTYY(("P(dt_dnstap_log_resolver_response_messages:%s)\n", $2)); - if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0) - yyerror("expected yes or no."); - else cfg_parser->cfg->dnstap_log_resolver_response_messages = - (strcmp($2, "yes")==0); - } - ; -dt_dnstap_log_client_query_messages: VAR_DNSTAP_LOG_CLIENT_QUERY_MESSAGES STRING_ARG - { - OUTYY(("P(dt_dnstap_log_client_query_messages:%s)\n", $2)); - if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0) - yyerror("expected yes or no."); - else cfg_parser->cfg->dnstap_log_client_query_messages = - (strcmp($2, "yes")==0); - } - ; -dt_dnstap_log_client_response_messages: VAR_DNSTAP_LOG_CLIENT_RESPONSE_MESSAGES STRING_ARG - { - OUTYY(("P(dt_dnstap_log_client_response_messages:%s)\n", $2)); - if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0) - yyerror("expected yes or no."); - else cfg_parser->cfg->dnstap_log_client_response_messages = - (strcmp($2, "yes")==0); - } - ; -dt_dnstap_log_forwarder_query_messages: VAR_DNSTAP_LOG_FORWARDER_QUERY_MESSAGES STRING_ARG - { - OUTYY(("P(dt_dnstap_log_forwarder_query_messages:%s)\n", $2)); - if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0) - yyerror("expected yes or no."); - else cfg_parser->cfg->dnstap_log_forwarder_query_messages = - (strcmp($2, "yes")==0); - } - ; -dt_dnstap_log_forwarder_response_messages: VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MESSAGES STRING_ARG - { - OUTYY(("P(dt_dnstap_log_forwarder_response_messages:%s)\n", $2)); - if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0) - yyerror("expected yes or no."); - else cfg_parser->cfg->dnstap_log_forwarder_response_messages = - (strcmp($2, "yes")==0); - } - ; -pythonstart: VAR_PYTHON - { - OUTYY(("\nP(python:)\n")); - } - ; -contents_py: contents_py content_py - | ; -content_py: py_script - ; -py_script: VAR_PYTHON_SCRIPT STRING_ARG - { - OUTYY(("P(python-script:%s)\n", $2)); - free(cfg_parser->cfg->python_script); - cfg_parser->cfg->python_script = $2; - } -server_disable_dnssec_lame_check: VAR_DISABLE_DNSSEC_LAME_CHECK STRING_ARG - { - OUTYY(("P(disable_dnssec_lame_check:%s)\n", $2)); - if (strcmp($2, "yes") != 0 && strcmp($2, "no") != 0) - yyerror("expected yes or no."); - else cfg_parser->cfg->disable_dnssec_lame_check = - (strcmp($2, "yes")==0); - free($2); - } - ; -server_log_identity: VAR_LOG_IDENTITY STRING_ARG - { - OUTYY(("P(server_log_identity:%s)\n", $2)); - free(cfg_parser->cfg->log_identity); - cfg_parser->cfg->log_identity = $2; - } - ; -server_response_ip: VAR_RESPONSE_IP STRING_ARG STRING_ARG - { - OUTYY(("P(server_response_ip:%s %s)\n", $2, $3)); - validate_respip_action($3); - if(!cfg_str2list_insert(&cfg_parser->cfg->respip_actions, - $2, $3)) - fatal_exit("out of memory adding response-ip"); - } - ; -server_response_ip_data: VAR_RESPONSE_IP_DATA STRING_ARG STRING_ARG - { - OUTYY(("P(server_response_ip_data:%s)\n", $2)); - if(!cfg_str2list_insert(&cfg_parser->cfg->respip_data, - $2, $3)) - fatal_exit("out of memory adding response-ip-data"); - } - ; -dnscstart: VAR_DNSCRYPT - { - OUTYY(("\nP(dnscrypt:)\n")); - OUTYY(("\nP(dnscrypt:)\n")); - } - ; -contents_dnsc: contents_dnsc content_dnsc - | ; -content_dnsc: - dnsc_dnscrypt_enable | dnsc_dnscrypt_port | dnsc_dnscrypt_provider | - dnsc_dnscrypt_secret_key | dnsc_dnscrypt_provider_cert - ; -dnsc_dnscrypt_enable: VAR_DNSCRYPT_ENABLE STRING_ARG - { - OUTYY(("P(dnsc_dnscrypt_enable:%s)\n", $2)); - if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0) - yyerror("expected yes or no."); - else cfg_parser->cfg->dnscrypt = (strcmp($2, "yes")==0); - } - ; - -dnsc_dnscrypt_port: VAR_DNSCRYPT_PORT STRING_ARG - { - OUTYY(("P(dnsc_dnscrypt_port:%s)\n", $2)); - - if(atoi($2) == 0) - yyerror("port number expected"); - else cfg_parser->cfg->dnscrypt_port = atoi($2); - free($2); - } - ; -dnsc_dnscrypt_provider: VAR_DNSCRYPT_PROVIDER STRING_ARG - { - OUTYY(("P(dnsc_dnscrypt_provider:%s)\n", $2)); - free(cfg_parser->cfg->dnscrypt_provider); - cfg_parser->cfg->dnscrypt_provider = $2; - } - ; -dnsc_dnscrypt_provider_cert: VAR_DNSCRYPT_PROVIDER_CERT STRING_ARG - { - OUTYY(("P(dnsc_dnscrypt_provider_cert:%s)\n", $2)); - if(!cfg_strlist_insert(&cfg_parser->cfg->dnscrypt_provider_cert, $2)) - fatal_exit("out of memory adding dnscrypt-provider-cert"); - } - ; -dnsc_dnscrypt_secret_key: VAR_DNSCRYPT_SECRET_KEY STRING_ARG - { - OUTYY(("P(dnsc_dnscrypt_secret_key:%s)\n", $2)); - if(!cfg_strlist_insert(&cfg_parser->cfg->dnscrypt_secret_key, $2)) - fatal_exit("out of memory adding dnscrypt-secret-key"); - } - ; -%% - -/* parse helper routines could be here */ -static void -validate_respip_action(const char* action) -{ - if(strcmp(action, "deny")!=0 && - strcmp(action, "redirect")!=0 && - strcmp(action, "inform")!=0 && - strcmp(action, "inform_deny")!=0 && - strcmp(action, "always_transparent")!=0 && - strcmp(action, "always_refuse")!=0 && - strcmp(action, "always_nxdomain")!=0) - { - yyerror("response-ip action: expected deny, redirect, " - "inform, inform_deny, always_transparent, " - "always_refuse or always_nxdomain"); - } -} diff --git a/external/unbound/util/configyyrename.h b/external/unbound/util/configyyrename.h deleted file mode 100644 index f529be577..000000000 --- a/external/unbound/util/configyyrename.h +++ /dev/null @@ -1,88 +0,0 @@ -/* - * configyyrename.h -- renames for config file yy values to avoid conflicts. - * - * Copyright (c) 2001-2006, NLnet Labs. All rights reserved. - * - * See LICENSE for the license. - * - */ - -#ifndef UTIL_CONFIGYYRENAME_H -#define UTIL_CONFIGYYRENAME_H - -/* defines to change symbols so that no yacc/lex symbols clash */ -#define yymaxdepth ub_c_maxdepth -#define yyparse ub_c_parse -#define yylex ub_c_lex -#define yyerror ub_c_error -#define yylval ub_c_lval -#define yychar ub_c_char -#define yydebug ub_c_debug -#define yypact ub_c_pact -#define yyr1 ub_c_r1 -#define yyr2 ub_c_r2 -#define yydef ub_c_def -#define yychk ub_c_chk -#define yypgo ub_c_pgo -#define yyact ub_c_act -#define yyexca ub_c_exca -#define yyerrflag ub_c_errflag -#define yynerrs ub_c_nerrs -#define yyps ub_c_ps -#define yypv ub_c_pv -#define yys ub_c_s -#define yy_yys ub_c_yys -#define yystate ub_c_state -#define yytmp ub_c_tmp -#define yyv ub_c_v -#define yy_yyv ub_c_yyv -#define yyval ub_c_val -#define yylloc ub_c_lloc -#define yyreds ub_c_reds -#define yytoks ub_c_toks -#define yylhs ub_c_yylhs -#define yylen ub_c_yylen -#define yydefred ub_c_yydefred -#define yydgoto ub_c_yydgoto -#define yysindex ub_c_yysindex -#define yyrindex ub_c_yyrindex -#define yygindex ub_c_yygindex -#define yytable ub_c_yytable -#define yycheck ub_c_yycheck -#define yyname ub_c_yyname -#define yyrule ub_c_yyrule -#define yyin ub_c_in -#define yyout ub_c_out -#define yywrap ub_c_wrap -#define yy_load_buffer_state ub_c_load_buffer_state -#define yy_switch_to_buffer ub_c_switch_to_buffer -#define yy_flush_buffer ub_c_flush_buffer -#define yy_init_buffer ub_c_init_buffer -#define yy_scan_buffer ub_c_scan_buffer -#define yy_scan_bytes ub_c_scan_bytes -#define yy_scan_string ub_c_scan_string -#define yy_create_buffer ub_c_create_buffer -#define yyrestart ub_c_restart -#define yy_delete_buffer ub_c_delete_buffer -#define yypop_buffer_state ub_c_pop_buffer_state -#define yypush_buffer_state ub_c_push_buffer_state -#define yyunput ub_c_unput -#define yyset_in ub_c_set_in -#define yyget_in ub_c_get_in -#define yyset_out ub_c_set_out -#define yyget_out ub_c_get_out -#define yyget_lineno ub_c_get_lineno -#define yyset_lineno ub_c_set_lineno -#define yyset_debug ub_c_set_debug -#define yyget_debug ub_c_get_debug -#define yy_flex_debug ub_c_flex_debug -#define yylex_destroy ub_c_lex_destroy -#define yyfree ub_c_free -#define yyrealloc ub_c_realloc -#define yyalloc ub_c_alloc -#define yymalloc ub_c_malloc -#define yyget_leng ub_c_get_leng -#define yylineno ub_c_lineno -#define yyget_text ub_c_get_text - -#endif /* UTIL_CONFIGYYRENAME_H */ diff --git a/external/unbound/util/data/dname.c b/external/unbound/util/data/dname.c deleted file mode 100644 index 517af2843..000000000 --- a/external/unbound/util/data/dname.c +++ /dev/null @@ -1,788 +0,0 @@ -/* - * util/data/dname.h - domain name handling - * - * Copyright (c) 2007, NLnet Labs. All rights reserved. - * - * This software is open source. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * Redistributions of source code must retain the above copyright notice, - * this list of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, - * this list of conditions and the following disclaimer in the documentation - * and/or other materials provided with the distribution. - * - * Neither the name of the NLNET LABS nor the names of its contributors may - * be used to endorse or promote products derived from this software without - * specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR - * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT - * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED - * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR - * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF - * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING - * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -/** - * \file - * - * This file contains domain name handling functions. - */ - -#include "config.h" -#include -#include "util/data/dname.h" -#include "util/data/msgparse.h" -#include "util/log.h" -#include "util/storage/lookup3.h" -#include "sldns/sbuffer.h" - -/* determine length of a dname in buffer, no compression pointers allowed */ -size_t -query_dname_len(sldns_buffer* query) -{ - size_t len = 0; - size_t labellen; - while(1) { - if(sldns_buffer_remaining(query) < 1) - return 0; /* parse error, need label len */ - labellen = sldns_buffer_read_u8(query); - if(labellen&0xc0) - return 0; /* no compression allowed in queries */ - len += labellen + 1; - if(len > LDNS_MAX_DOMAINLEN) - return 0; /* too long */ - if(labellen == 0) - return len; - if(sldns_buffer_remaining(query) < labellen) - return 0; /* parse error, need content */ - sldns_buffer_skip(query, (ssize_t)labellen); - } -} - -size_t -dname_valid(uint8_t* dname, size_t maxlen) -{ - size_t len = 0; - size_t labellen; - labellen = *dname++; - while(labellen) { - if(labellen&0xc0) - return 0; /* no compression ptrs allowed */ - len += labellen + 1; - if(len >= LDNS_MAX_DOMAINLEN) - return 0; /* too long */ - if(len > maxlen) - return 0; /* does not fit in memory allocation */ - dname += labellen; - labellen = *dname++; - } - len += 1; - if(len > maxlen) - return 0; /* does not fit in memory allocation */ - return len; -} - -/** compare uncompressed, noncanonical, registers are hints for speed */ -int -query_dname_compare(register uint8_t* d1, register uint8_t* d2) -{ - register uint8_t lab1, lab2; - log_assert(d1 && d2); - lab1 = *d1++; - lab2 = *d2++; - while( lab1 != 0 || lab2 != 0 ) { - /* compare label length */ - /* if one dname ends, it has labellength 0 */ - if(lab1 != lab2) { - if(lab1 < lab2) - return -1; - return 1; - } - log_assert(lab1 == lab2 && lab1 != 0); - /* compare lowercased labels. */ - while(lab1--) { - /* compare bytes first for speed */ - if(*d1 != *d2 && - tolower((unsigned char)*d1) != tolower((unsigned char)*d2)) { - if(tolower((unsigned char)*d1) < tolower((unsigned char)*d2)) - return -1; - return 1; - } - d1++; - d2++; - } - /* next pair of labels. */ - lab1 = *d1++; - lab2 = *d2++; - } - return 0; -} - -void -query_dname_tolower(uint8_t* dname) -{ - /* the dname is stored uncompressed */ - uint8_t labellen; - labellen = *dname; - while(labellen) { - dname++; - while(labellen--) { - *dname = (uint8_t)tolower((unsigned char)*dname); - dname++; - } - labellen = *dname; - } -} - -void -pkt_dname_tolower(sldns_buffer* pkt, uint8_t* dname) -{ - uint8_t lablen; - int count = 0; - if(dname >= sldns_buffer_end(pkt)) - return; - lablen = *dname++; - while(lablen) { - if(LABEL_IS_PTR(lablen)) { - if((size_t)PTR_OFFSET(lablen, *dname) - >= sldns_buffer_limit(pkt)) - return; - dname = sldns_buffer_at(pkt, PTR_OFFSET(lablen, *dname)); - lablen = *dname++; - if(count++ > MAX_COMPRESS_PTRS) - return; - continue; - } - if(dname+lablen >= sldns_buffer_end(pkt)) - return; - while(lablen--) { - *dname = (uint8_t)tolower((unsigned char)*dname); - dname++; - } - if(dname >= sldns_buffer_end(pkt)) - return; - lablen = *dname++; - } -} - - -size_t -pkt_dname_len(sldns_buffer* pkt) -{ - size_t len = 0; - int ptrcount = 0; - uint8_t labellen; - size_t endpos = 0; - - /* read dname and determine length */ - /* check compression pointers, loops, out of bounds */ - while(1) { - /* read next label */ - if(sldns_buffer_remaining(pkt) < 1) - return 0; - labellen = sldns_buffer_read_u8(pkt); - if(LABEL_IS_PTR(labellen)) { - /* compression ptr */ - uint16_t ptr; - if(sldns_buffer_remaining(pkt) < 1) - return 0; - ptr = PTR_OFFSET(labellen, sldns_buffer_read_u8(pkt)); - if(ptrcount++ > MAX_COMPRESS_PTRS) - return 0; /* loop! */ - if(sldns_buffer_limit(pkt) <= ptr) - return 0; /* out of bounds! */ - if(!endpos) - endpos = sldns_buffer_position(pkt); - sldns_buffer_set_position(pkt, ptr); - } else { - /* label contents */ - if(labellen > 0x3f) - return 0; /* label too long */ - len += 1 + labellen; - if(len > LDNS_MAX_DOMAINLEN) - return 0; - if(labellen == 0) { - /* end of dname */ - break; - } - if(sldns_buffer_remaining(pkt) < labellen) - return 0; - sldns_buffer_skip(pkt, (ssize_t)labellen); - } - } - if(endpos) - sldns_buffer_set_position(pkt, endpos); - - return len; -} - -int -dname_pkt_compare(sldns_buffer* pkt, uint8_t* d1, uint8_t* d2) -{ - uint8_t len1, len2; - log_assert(pkt && d1 && d2); - len1 = *d1++; - len2 = *d2++; - while( len1 != 0 || len2 != 0 ) { - /* resolve ptrs */ - if(LABEL_IS_PTR(len1)) { - d1 = sldns_buffer_at(pkt, PTR_OFFSET(len1, *d1)); - len1 = *d1++; - continue; - } - if(LABEL_IS_PTR(len2)) { - d2 = sldns_buffer_at(pkt, PTR_OFFSET(len2, *d2)); - len2 = *d2++; - continue; - } - /* check label length */ - log_assert(len1 <= LDNS_MAX_LABELLEN); - log_assert(len2 <= LDNS_MAX_LABELLEN); - if(len1 != len2) { - if(len1 < len2) return -1; - return 1; - } - log_assert(len1 == len2 && len1 != 0); - /* compare labels */ - while(len1--) { - if(tolower((unsigned char)*d1) != tolower((unsigned char)*d2)) { - if(tolower((unsigned char)*d1) < tolower((unsigned char)*d2)) - return -1; - return 1; - } - d1++; - d2++; - } - len1 = *d1++; - len2 = *d2++; - } - return 0; -} - -hashvalue_type -dname_query_hash(uint8_t* dname, hashvalue_type h) -{ - uint8_t labuf[LDNS_MAX_LABELLEN+1]; - uint8_t lablen; - int i; - - /* preserve case of query, make hash label by label */ - lablen = *dname++; - while(lablen) { - log_assert(lablen <= LDNS_MAX_LABELLEN); - labuf[0] = lablen; - i=0; - while(lablen--) { - labuf[++i] = (uint8_t)tolower((unsigned char)*dname); - dname++; - } - h = hashlittle(labuf, labuf[0] + 1, h); - lablen = *dname++; - } - - return h; -} - -hashvalue_type -dname_pkt_hash(sldns_buffer* pkt, uint8_t* dname, hashvalue_type h) -{ - uint8_t labuf[LDNS_MAX_LABELLEN+1]; - uint8_t lablen; - int i; - - /* preserve case of query, make hash label by label */ - lablen = *dname++; - while(lablen) { - if(LABEL_IS_PTR(lablen)) { - /* follow pointer */ - dname = sldns_buffer_at(pkt, PTR_OFFSET(lablen, *dname)); - lablen = *dname++; - continue; - } - log_assert(lablen <= LDNS_MAX_LABELLEN); - labuf[0] = lablen; - i=0; - while(lablen--) { - labuf[++i] = (uint8_t)tolower((unsigned char)*dname); - dname++; - } - h = hashlittle(labuf, labuf[0] + 1, h); - lablen = *dname++; - } - - return h; -} - -void dname_pkt_copy(sldns_buffer* pkt, uint8_t* to, uint8_t* dname) -{ - /* copy over the dname and decompress it at the same time */ - size_t len = 0; - uint8_t lablen; - lablen = *dname++; - while(lablen) { - if(LABEL_IS_PTR(lablen)) { - /* follow pointer */ - dname = sldns_buffer_at(pkt, PTR_OFFSET(lablen, *dname)); - lablen = *dname++; - continue; - } - log_assert(lablen <= LDNS_MAX_LABELLEN); - len += (size_t)lablen+1; - if(len >= LDNS_MAX_DOMAINLEN) { - *to = 0; /* end the result prematurely */ - log_err("bad dname in dname_pkt_copy"); - return; - } - *to++ = lablen; - memmove(to, dname, lablen); - dname += lablen; - to += lablen; - lablen = *dname++; - } - /* copy last \0 */ - *to = 0; -} - -void dname_print(FILE* out, struct sldns_buffer* pkt, uint8_t* dname) -{ - uint8_t lablen; - if(!out) out = stdout; - if(!dname) return; - - lablen = *dname++; - if(!lablen) - fputc('.', out); - while(lablen) { - if(LABEL_IS_PTR(lablen)) { - /* follow pointer */ - if(!pkt) { - fputs("??compressionptr??", out); - return; - } - dname = sldns_buffer_at(pkt, PTR_OFFSET(lablen, *dname)); - lablen = *dname++; - continue; - } - if(lablen > LDNS_MAX_LABELLEN) { - fputs("??extendedlabel??", out); - return; - } - while(lablen--) - fputc((int)*dname++, out); - fputc('.', out); - lablen = *dname++; - } -} - -int -dname_count_labels(uint8_t* dname) -{ - uint8_t lablen; - int labs = 1; - - lablen = *dname++; - while(lablen) { - labs++; - dname += lablen; - lablen = *dname++; - } - return labs; -} - -int -dname_count_size_labels(uint8_t* dname, size_t* size) -{ - uint8_t lablen; - int labs = 1; - size_t sz = 1; - - lablen = *dname++; - while(lablen) { - labs++; - sz += lablen+1; - dname += lablen; - lablen = *dname++; - } - *size = sz; - return labs; -} - -/** - * Compare labels in memory, lowercase while comparing. - * @param p1: label 1 - * @param p2: label 2 - * @param len: number of bytes to compare. - * @return: 0, -1, +1 comparison result. - */ -static int -memlowercmp(uint8_t* p1, uint8_t* p2, uint8_t len) -{ - while(len--) { - if(*p1 != *p2 && tolower((unsigned char)*p1) != tolower((unsigned char)*p2)) { - if(tolower((unsigned char)*p1) < tolower((unsigned char)*p2)) - return -1; - return 1; - } - p1++; - p2++; - } - return 0; -} - -int -dname_lab_cmp(uint8_t* d1, int labs1, uint8_t* d2, int labs2, int* mlabs) -{ - uint8_t len1, len2; - int atlabel = labs1; - int lastmlabs; - int lastdiff = 0; - /* first skip so that we compare same label. */ - if(labs1 > labs2) { - while(atlabel > labs2) { - len1 = *d1++; - d1 += len1; - atlabel--; - } - log_assert(atlabel == labs2); - } else if(labs1 < labs2) { - atlabel = labs2; - while(atlabel > labs1) { - len2 = *d2++; - d2 += len2; - atlabel--; - } - log_assert(atlabel == labs1); - } - lastmlabs = atlabel+1; - /* now at same label in d1 and d2, atlabel */ - /* www.example.com. */ - /* 4 3 2 1 atlabel number */ - /* repeat until at root label (which is always the same) */ - while(atlabel > 1) { - len1 = *d1++; - len2 = *d2++; - if(len1 != len2) { - log_assert(len1 != 0 && len2 != 0); - if(len1 com. */ - if(labs1 > labs2) - return 1; - else if(labs1 < labs2) - return -1; - } - return lastdiff; -} - -int -dname_buffer_write(sldns_buffer* pkt, uint8_t* dname) -{ - uint8_t lablen; - - if(sldns_buffer_remaining(pkt) < 1) - return 0; - lablen = *dname++; - sldns_buffer_write_u8(pkt, lablen); - while(lablen) { - if(sldns_buffer_remaining(pkt) < (size_t)lablen+1) - return 0; - sldns_buffer_write(pkt, dname, lablen); - dname += lablen; - lablen = *dname++; - sldns_buffer_write_u8(pkt, lablen); - } - return 1; -} - -void dname_str(uint8_t* dname, char* str) -{ - size_t len = 0; - uint8_t lablen = 0; - char* s = str; - if(!dname || !*dname) { - *s++ = '.'; - *s = 0; - return; - } - lablen = *dname++; - while(lablen) { - if(lablen > LDNS_MAX_LABELLEN) { - *s++ = '#'; - *s = 0; - return; - } - len += lablen+1; - if(len >= LDNS_MAX_DOMAINLEN-1) { - *s++ = '&'; - *s = 0; - return; - } - while(lablen--) { - if(isalnum((unsigned char)*dname) - || *dname == '-' || *dname == '_' - || *dname == '*') - *s++ = *(char*)dname++; - else { - *s++ = '?'; - dname++; - } - } - *s++ = '.'; - lablen = *dname++; - } - *s = 0; -} - -int -dname_strict_subdomain(uint8_t* d1, int labs1, uint8_t* d2, int labs2) -{ - int m; - /* check subdomain: d1: www.example.com. and d2: example.com. */ - if(labs2 >= labs1) - return 0; - if(dname_lab_cmp(d1, labs1, d2, labs2, &m) > 0) { - /* subdomain if all labels match */ - return (m == labs2); - } - return 0; -} - -int -dname_strict_subdomain_c(uint8_t* d1, uint8_t* d2) -{ - return dname_strict_subdomain(d1, dname_count_labels(d1), d2, - dname_count_labels(d2)); -} - -int -dname_subdomain_c(uint8_t* d1, uint8_t* d2) -{ - int m; - /* check subdomain: d1: www.example.com. and d2: example.com. */ - /* or d1: example.com. and d2: example.com. */ - int labs1 = dname_count_labels(d1); - int labs2 = dname_count_labels(d2); - if(labs2 > labs1) - return 0; - if(dname_lab_cmp(d1, labs1, d2, labs2, &m) < 0) { - /* must have been example.com , www.example.com - wrong */ - /* or otherwise different dnames */ - return 0; - } - return (m == labs2); -} - -int -dname_is_root(uint8_t* dname) -{ - uint8_t len; - log_assert(dname); - len = dname[0]; - log_assert(!LABEL_IS_PTR(len)); - return (len == 0); -} - -void -dname_remove_label(uint8_t** dname, size_t* len) -{ - size_t lablen; - log_assert(dname && *dname && len); - lablen = (*dname)[0]; - log_assert(!LABEL_IS_PTR(lablen)); - log_assert(*len > lablen); - if(lablen == 0) - return; /* do not modify root label */ - *len -= lablen+1; - *dname += lablen+1; -} - -void -dname_remove_labels(uint8_t** dname, size_t* len, int n) -{ - int i; - for(i=0; i len2) - return 1; - return 0; -} - - -int -dname_canon_lab_cmp(uint8_t* d1, int labs1, uint8_t* d2, int labs2, int* mlabs) -{ - /* like dname_lab_cmp, but with different label comparison, - * empty character sorts before \000. - * So ylyly is before z. */ - uint8_t len1, len2; - int atlabel = labs1; - int lastmlabs; - int lastdiff = 0; - int c; - /* first skip so that we compare same label. */ - if(labs1 > labs2) { - while(atlabel > labs2) { - len1 = *d1++; - d1 += len1; - atlabel--; - } - log_assert(atlabel == labs2); - } else if(labs1 < labs2) { - atlabel = labs2; - while(atlabel > labs1) { - len2 = *d2++; - d2 += len2; - atlabel--; - } - log_assert(atlabel == labs1); - } - lastmlabs = atlabel+1; - /* now at same label in d1 and d2, atlabel */ - /* www.example.com. */ - /* 4 3 2 1 atlabel number */ - /* repeat until at root label (which is always the same) */ - while(atlabel > 1) { - len1 = *d1++; - len2 = *d2++; - - if((c=memcanoncmp(d1, len1, d2, len2)) != 0) { - if(c<0) - lastdiff = -1; - else lastdiff = 1; - lastmlabs = atlabel; - } - - d1 += len1; - d2 += len2; - atlabel--; - } - /* last difference atlabel number, so number of labels matching, - * at the right side, is one less. */ - *mlabs = lastmlabs-1; - if(lastdiff == 0) { - /* all labels compared were equal, check if one has more - * labels, so that example.com. > com. */ - if(labs1 > labs2) - return 1; - else if(labs1 < labs2) - return -1; - } - return lastdiff; -} - -int -dname_canonical_compare(uint8_t* d1, uint8_t* d2) -{ - int labs1, labs2, m; - labs1 = dname_count_labels(d1); - labs2 = dname_count_labels(d2); - return dname_canon_lab_cmp(d1, labs1, d2, labs2, &m); -} - -uint8_t* dname_get_shared_topdomain(uint8_t* d1, uint8_t* d2) -{ - int labs1, labs2, m; - size_t len = LDNS_MAX_DOMAINLEN; - labs1 = dname_count_labels(d1); - labs2 = dname_count_labels(d2); - (void)dname_lab_cmp(d1, labs1, d2, labs2, &m); - dname_remove_labels(&d1, &len, labs1-m); - return d1; -} diff --git a/external/unbound/util/data/dname.h b/external/unbound/util/data/dname.h deleted file mode 100644 index 53b341bf7..000000000 --- a/external/unbound/util/data/dname.h +++ /dev/null @@ -1,305 +0,0 @@ -/* - * util/data/dname.h - domain name routines - * - * Copyright (c) 2007, NLnet Labs. All rights reserved. - * - * This software is open source. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * Redistributions of source code must retain the above copyright notice, - * this list of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, - * this list of conditions and the following disclaimer in the documentation - * and/or other materials provided with the distribution. - * - * Neither the name of the NLNET LABS nor the names of its contributors may - * be used to endorse or promote products derived from this software without - * specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR - * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT - * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED - * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR - * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF - * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING - * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -/** - * \file - * - * This file contains functions to deal with domain names (dnames). - * - * Some of the functions deal with domain names as a wireformat buffer, - * with a length. - */ - -#ifndef UTIL_DATA_DNAME_H -#define UTIL_DATA_DNAME_H -#include "util/storage/lruhash.h" -struct sldns_buffer; - -/** max number of compression ptrs to follow */ -#define MAX_COMPRESS_PTRS 256 - -/** - * Determine length of dname in buffer, no compression ptrs allowed, - * @param query: the ldns buffer, current position at start of dname. - * at end, position is at end of the dname. - * @return: 0 on parse failure, or length including ending 0 of dname. - */ -size_t query_dname_len(struct sldns_buffer* query); - -/** - * Determine if dname in memory is correct. no compression ptrs allowed. - * @param dname: where dname starts in memory. - * @param len: dname is not allowed to exceed this length (i.e. of allocation). - * @return length of dname if dname is ok, 0 on a parse error. - */ -size_t dname_valid(uint8_t* dname, size_t len); - -/** lowercase query dname */ -void query_dname_tolower(uint8_t* dname); - -/** - * lowercase pkt dname (follows compression pointers) - * @param pkt: the packet, used to follow compression pointers. Position - * is unchanged. - * @param dname: start of dname in packet. - */ -void pkt_dname_tolower(struct sldns_buffer* pkt, uint8_t* dname); - -/** - * Compare query dnames (uncompressed storage). The Dnames passed do not - * have to be lowercased, comparison routine does this. - * - * This routine is special, in that the comparison that it does corresponds - * with the canonical comparison needed when comparing dnames inside rdata - * for RR types that need canonicalization. That means that the first byte - * that is smaller (possibly after lowercasing) makes an RR smaller, or the - * shortest name makes an RR smaller. - * - * This routine does not compute the canonical order needed for NSEC - * processing. - * - * Dnames have to be valid format. - * @param d1: dname to compare - * @param d2: dname to compare - * @return: -1, 0, or +1 depending on comparison results. - * Sort order is first difference found. not the canonical ordering. - */ -int query_dname_compare(uint8_t* d1, uint8_t* d2); - -/** - * Determine correct, compressed, dname present in packet. - * Checks for parse errors. - * @param pkt: packet to read from (from current start position). - * @return: 0 on parse error. - * At exit the position is right after the (compressed) dname. - * Compression pointers are followed and checked for loops. - * The uncompressed wireformat length is returned. - */ -size_t pkt_dname_len(struct sldns_buffer* pkt); - -/** - * Compare dnames in packet (compressed). Dnames must be valid. - * routine performs lowercasing, so the packet casing is preserved. - * @param pkt: packet, used to resolve compression pointers. - * @param d1: dname to compare - * @param d2: dname to compare - * @return: -1, 0, or +1 depending on comparison results. - * Sort order is first difference found. not the canonical ordering. - */ -int dname_pkt_compare(struct sldns_buffer* pkt, uint8_t* d1, uint8_t* d2); - -/** - * Hash dname, label by label, lowercasing, into hashvalue. - * Dname in query format (not compressed). - * @param dname: dname to hash. - * @param h: initial hash value. - * @return: result hash value. - */ -hashvalue_type dname_query_hash(uint8_t* dname, hashvalue_type h); - -/** - * Hash dname, label by label, lowercasing, into hashvalue. - * Dname in pkt format (compressed). - * @param pkt: packet, for resolving compression pointers. - * @param dname: dname to hash, pointer to the pkt buffer. - * Must be valid format. No loops, etc. - * @param h: initial hash value. - * @return: result hash value. - * Result is the same as dname_query_hash, even if compression is used. - */ -hashvalue_type dname_pkt_hash(struct sldns_buffer* pkt, uint8_t* dname, - hashvalue_type h); - -/** - * Copy over a valid dname and decompress it. - * @param pkt: packet to resolve compression pointers. - * @param to: buffer of size from pkt_len function to hold result. - * @param dname: pointer into packet where dname starts. - */ -void dname_pkt_copy(struct sldns_buffer* pkt, uint8_t* to, uint8_t* dname); - -/** - * Copy over a valid dname to a packet. - * @param pkt: packet to copy to. - * @param dname: dname to copy. - * @return: 0 if not enough space in buffer. - */ -int dname_buffer_write(struct sldns_buffer* pkt, uint8_t* dname); - -/** - * Count the number of labels in an uncompressed dname in memory. - * @param dname: pointer to uncompressed dname. - * @return: count of labels, including root label, "com." has 2 labels. - */ -int dname_count_labels(uint8_t* dname); - -/** - * Count labels and dname length both, for uncompressed dname in memory. - * @param dname: pointer to uncompressed dname. - * @param size: length of dname, including root label. - * @return: count of labels, including root label, "com." has 2 labels. - */ -int dname_count_size_labels(uint8_t* dname, size_t* size); - -/** - * Compare dnames, sorted not canonical, but by label. - * Such that zone contents follows zone apex. - * @param d1: first dname. pointer to uncompressed wireformat. - * @param labs1: number of labels in first dname. - * @param d2: second dname. pointer to uncompressed wireformat. - * @param labs2: number of labels in second dname. - * @param mlabs: number of labels that matched exactly (the shared topdomain). - * @return: 0 for equal, -1 smaller, or +1 d1 larger than d2. - */ -int dname_lab_cmp(uint8_t* d1, int labs1, uint8_t* d2, int labs2, int* mlabs); - -/** - * See if domain name d1 is a strict subdomain of d2. - * That is a subdomain, but not equal. - * @param d1: domain name, uncompressed wireformat - * @param labs1: number of labels in d1, including root label. - * @param d2: domain name, uncompressed wireformat - * @param labs2: number of labels in d2, including root label. - * @return true if d1 is a subdomain of d2, but not equal to d2. - */ -int dname_strict_subdomain(uint8_t* d1, int labs1, uint8_t* d2, int labs2); - -/** - * Like dname_strict_subdomain but counts labels - * @param d1: domain name, uncompressed wireformat - * @param d2: domain name, uncompressed wireformat - * @return true if d1 is a subdomain of d2, but not equal to d2. - */ -int dname_strict_subdomain_c(uint8_t* d1, uint8_t* d2); - -/** - * Counts labels. Tests is d1 is a subdomain of d2. - * @param d1: domain name, uncompressed wireformat - * @param d2: domain name, uncompressed wireformat - * @return true if d1 is a subdomain of d2. - */ -int dname_subdomain_c(uint8_t* d1, uint8_t* d2); - -/** - * Debug helper. Print wireformat dname to output. - * @param out: like stdout or a file. - * @param pkt: if not NULL, the packet for resolving compression ptrs. - * @param dname: pointer to (start of) dname. - */ -void dname_print(FILE* out, struct sldns_buffer* pkt, uint8_t* dname); - -/** - * Debug helper. Print dname to given string buffer (string buffer must - * be at least 255 chars + 1 for the 0, in printable form. - * This may lose information (? for nonprintable characters, or & if - * the name is too long, # for a bad label length). - * @param dname: uncompressed wireformat. - * @param str: buffer of 255+1 length. - */ -void dname_str(uint8_t* dname, char* str); - -/** - * Returns true if the uncompressed wireformat dname is the root "." - * @param dname: the dname to check - * @return true if ".", false if not. - */ -int dname_is_root(uint8_t* dname); - -/** - * Snip off first label from a dname, returning the parent zone. - * @param dname: from what to strip off. uncompressed wireformat. - * @param len: length, adjusted to become less. - * @return stripped off, or "." if input was ".". - */ -void dname_remove_label(uint8_t** dname, size_t* len); - -/** - * Snip off first N labels from a dname, returning the parent zone. - * @param dname: from what to strip off. uncompressed wireformat. - * @param len: length, adjusted to become less. - * @param n: number of labels to strip off (from the left). - * if 0, nothing happens. - * @return stripped off, or "." if input was ".". - */ -void dname_remove_labels(uint8_t** dname, size_t* len, int n); - -/** - * Count labels for the RRSIG signature label field. - * Like a normal labelcount, but "*" wildcard and "." root are not counted. - * @param dname: valid uncompressed wireformat. - * @return number of labels like in RRSIG; '*' and '.' are not counted. - */ -int dname_signame_label_count(uint8_t* dname); - -/** - * Return true if the label is a wildcard, *.example.com. - * @param dname: valid uncompressed wireformat. - * @return true if wildcard, or false. - */ -int dname_is_wild(uint8_t* dname); - -/** - * Compare dnames, Canonical in rfc4034 sense, but by label. - * Such that zone contents follows zone apex. - * - * @param d1: first dname. pointer to uncompressed wireformat. - * @param labs1: number of labels in first dname. - * @param d2: second dname. pointer to uncompressed wireformat. - * @param labs2: number of labels in second dname. - * @param mlabs: number of labels that matched exactly (the shared topdomain). - * @return: 0 for equal, -1 smaller, or +1 d1 larger than d2. - */ -int dname_canon_lab_cmp(uint8_t* d1, int labs1, uint8_t* d2, int labs2, - int* mlabs); - -/** - * Canonical dname compare. Takes care of counting labels. - * Per rfc 4034 canonical order. - * - * @param d1: first dname. pointer to uncompressed wireformat. - * @param d2: second dname. pointer to uncompressed wireformat. - * @return: 0 for equal, -1 smaller, or +1 d1 larger than d2. - */ -int dname_canonical_compare(uint8_t* d1, uint8_t* d2); - -/** - * Get the shared topdomain between two names. Root "." or longer. - * @param d1: first dname. pointer to uncompressed wireformat. - * @param d2: second dname. pointer to uncompressed wireformat. - * @return pointer to shared topdomain. Ptr to a part of d1. - */ -uint8_t* dname_get_shared_topdomain(uint8_t* d1, uint8_t* d2); - -#endif /* UTIL_DATA_DNAME_H */ diff --git a/external/unbound/util/data/msgencode.c b/external/unbound/util/data/msgencode.c deleted file mode 100644 index 1f72a03b8..000000000 --- a/external/unbound/util/data/msgencode.c +++ /dev/null @@ -1,916 +0,0 @@ -/* - * util/data/msgencode.c - Encode DNS messages, queries and replies. - * - * Copyright (c) 2007, NLnet Labs. All rights reserved. - * - * This software is open source. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * Redistributions of source code must retain the above copyright notice, - * this list of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, - * this list of conditions and the following disclaimer in the documentation - * and/or other materials provided with the distribution. - * - * Neither the name of the NLNET LABS nor the names of its contributors may - * be used to endorse or promote products derived from this software without - * specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR - * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT - * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED - * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR - * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF - * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING - * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -/** - * \file - * - * This file contains a routines to encode DNS messages. - */ - -#include "config.h" -#include "util/data/msgencode.h" -#include "util/data/msgreply.h" -#include "util/data/msgparse.h" -#include "util/data/dname.h" -#include "util/log.h" -#include "util/regional.h" -#include "util/net_help.h" -#include "sldns/sbuffer.h" -#include "services/localzone.h" - -/** return code that means the function ran out of memory. negative so it does - * not conflict with DNS rcodes. */ -#define RETVAL_OUTMEM -2 -/** return code that means the data did not fit (completely) in the packet */ -#define RETVAL_TRUNC -4 -/** return code that means all is peachy keen. Equal to DNS rcode NOERROR */ -#define RETVAL_OK 0 - -/** - * Data structure to help domain name compression in outgoing messages. - * A tree of dnames and their offsets in the packet is kept. - * It is kept sorted, not canonical, but by label at least, so that after - * a lookup of a name you know its closest match, and the parent from that - * closest match. These are possible compression targets. - * - * It is a binary tree, not a rbtree or balanced tree, as the effort - * of keeping it balanced probably outweighs usefulness (given typical - * DNS packet size). - */ -struct compress_tree_node { - /** left node in tree, all smaller to this */ - struct compress_tree_node* left; - /** right node in tree, all larger than this */ - struct compress_tree_node* right; - - /** the parent node - not for tree, but zone parent. One less label */ - struct compress_tree_node* parent; - /** the domain name for this node. Pointer to uncompressed memory. */ - uint8_t* dname; - /** number of labels in domain name, kept to help compare func. */ - int labs; - /** offset in packet that points to this dname */ - size_t offset; -}; - -/** - * Find domain name in tree, returns exact and closest match. - * @param tree: root of tree. - * @param dname: pointer to uncompressed dname. - * @param labs: number of labels in domain name. - * @param match: closest or exact match. - * guaranteed to be smaller or equal to the sought dname. - * can be null if the tree is empty. - * @param matchlabels: number of labels that match with closest match. - * can be zero is there is no match. - * @param insertpt: insert location for dname, if not found. - * @return: 0 if no exact match. - */ -static int -compress_tree_search(struct compress_tree_node** tree, uint8_t* dname, - int labs, struct compress_tree_node** match, int* matchlabels, - struct compress_tree_node*** insertpt) -{ - int c, n, closen=0; - struct compress_tree_node* p = *tree; - struct compress_tree_node* close = 0; - struct compress_tree_node** prev = tree; - while(p) { - if((c = dname_lab_cmp(dname, labs, p->dname, p->labs, &n)) - == 0) { - *matchlabels = n; - *match = p; - return 1; - } - if(c<0) { - prev = &p->left; - p = p->left; - } else { - closen = n; - close = p; /* p->dname is smaller than dname */ - prev = &p->right; - p = p->right; - } - } - *insertpt = prev; - *matchlabels = closen; - *match = close; - return 0; -} - -/** - * Lookup a domain name in compression tree. - * @param tree: root of tree (not the node with '.'). - * @param dname: pointer to uncompressed dname. - * @param labs: number of labels in domain name. - * @param insertpt: insert location for dname, if not found. - * @return: 0 if not found or compress treenode with best compression. - */ -static struct compress_tree_node* -compress_tree_lookup(struct compress_tree_node** tree, uint8_t* dname, - int labs, struct compress_tree_node*** insertpt) -{ - struct compress_tree_node* p; - int m; - if(labs <= 1) - return 0; /* do not compress root node */ - if(compress_tree_search(tree, dname, labs, &p, &m, insertpt)) { - /* exact match */ - return p; - } - /* return some ancestor of p that compresses well. */ - if(m>1) { - /* www.example.com. (labs=4) matched foo.example.com.(labs=4) - * then matchcount = 3. need to go up. */ - while(p && p->labs > m) - p = p->parent; - return p; - } - return 0; -} - -/** - * Create node for domain name compression tree. - * @param dname: pointer to uncompressed dname (stored in tree). - * @param labs: number of labels in dname. - * @param offset: offset into packet for dname. - * @param region: how to allocate memory for new node. - * @return new node or 0 on malloc failure. - */ -static struct compress_tree_node* -compress_tree_newnode(uint8_t* dname, int labs, size_t offset, - struct regional* region) -{ - struct compress_tree_node* n = (struct compress_tree_node*) - regional_alloc(region, sizeof(struct compress_tree_node)); - if(!n) return 0; - n->left = 0; - n->right = 0; - n->parent = 0; - n->dname = dname; - n->labs = labs; - n->offset = offset; - return n; -} - -/** - * Store domain name and ancestors into compression tree. - * @param dname: pointer to uncompressed dname (stored in tree). - * @param labs: number of labels in dname. - * @param offset: offset into packet for dname. - * @param region: how to allocate memory for new node. - * @param closest: match from previous lookup, used to compress dname. - * may be NULL if no previous match. - * if the tree has an ancestor of dname already, this must be it. - * @param insertpt: where to insert the dname in tree. - * @return: 0 on memory error. - */ -static int -compress_tree_store(uint8_t* dname, int labs, size_t offset, - struct regional* region, struct compress_tree_node* closest, - struct compress_tree_node** insertpt) -{ - uint8_t lablen; - struct compress_tree_node* newnode; - struct compress_tree_node* prevnode = NULL; - int uplabs = labs-1; /* does not store root in tree */ - if(closest) uplabs = labs - closest->labs; - log_assert(uplabs >= 0); - /* algorithms builds up a vine of dname-labels to hang into tree */ - while(uplabs--) { - if(offset > PTR_MAX_OFFSET) { - /* insertion failed, drop vine */ - return 1; /* compression pointer no longer useful */ - } - if(!(newnode = compress_tree_newnode(dname, labs, offset, - region))) { - /* insertion failed, drop vine */ - return 0; - } - - if(prevnode) { - /* chain nodes together, last one has one label more, - * so is larger than newnode, thus goes right. */ - newnode->right = prevnode; - prevnode->parent = newnode; - } - - /* next label */ - lablen = *dname++; - dname += lablen; - offset += lablen+1; - prevnode = newnode; - labs--; - } - /* if we have a vine, hang the vine into the tree */ - if(prevnode) { - *insertpt = prevnode; - prevnode->parent = closest; - } - return 1; -} - -/** compress a domain name */ -static int -write_compressed_dname(sldns_buffer* pkt, uint8_t* dname, int labs, - struct compress_tree_node* p) -{ - /* compress it */ - int labcopy = labs - p->labs; - uint8_t lablen; - uint16_t ptr; - - if(labs == 1) { - /* write root label */ - if(sldns_buffer_remaining(pkt) < 1) - return 0; - sldns_buffer_write_u8(pkt, 0); - return 1; - } - - /* copy the first couple of labels */ - while(labcopy--) { - lablen = *dname++; - if(sldns_buffer_remaining(pkt) < (size_t)lablen+1) - return 0; - sldns_buffer_write_u8(pkt, lablen); - sldns_buffer_write(pkt, dname, lablen); - dname += lablen; - } - /* insert compression ptr */ - if(sldns_buffer_remaining(pkt) < 2) - return 0; - ptr = PTR_CREATE(p->offset); - sldns_buffer_write_u16(pkt, ptr); - return 1; -} - -/** compress owner name of RR, return RETVAL_OUTMEM RETVAL_TRUNC */ -static int -compress_owner(struct ub_packed_rrset_key* key, sldns_buffer* pkt, - struct regional* region, struct compress_tree_node** tree, - size_t owner_pos, uint16_t* owner_ptr, int owner_labs) -{ - struct compress_tree_node* p; - struct compress_tree_node** insertpt = NULL; - if(!*owner_ptr) { - /* compress first time dname */ - if((p = compress_tree_lookup(tree, key->rk.dname, - owner_labs, &insertpt))) { - if(p->labs == owner_labs) - /* avoid ptr chains, since some software is - * not capable of decoding ptr after a ptr. */ - *owner_ptr = htons(PTR_CREATE(p->offset)); - if(!write_compressed_dname(pkt, key->rk.dname, - owner_labs, p)) - return RETVAL_TRUNC; - /* check if typeclass+4 ttl + rdatalen is available */ - if(sldns_buffer_remaining(pkt) < 4+4+2) - return RETVAL_TRUNC; - } else { - /* no compress */ - if(sldns_buffer_remaining(pkt) < key->rk.dname_len+4+4+2) - return RETVAL_TRUNC; - sldns_buffer_write(pkt, key->rk.dname, - key->rk.dname_len); - if(owner_pos <= PTR_MAX_OFFSET) - *owner_ptr = htons(PTR_CREATE(owner_pos)); - } - if(!compress_tree_store(key->rk.dname, owner_labs, - owner_pos, region, p, insertpt)) - return RETVAL_OUTMEM; - } else { - /* always compress 2nd-further RRs in RRset */ - if(owner_labs == 1) { - if(sldns_buffer_remaining(pkt) < 1+4+4+2) - return RETVAL_TRUNC; - sldns_buffer_write_u8(pkt, 0); - } else { - if(sldns_buffer_remaining(pkt) < 2+4+4+2) - return RETVAL_TRUNC; - sldns_buffer_write(pkt, owner_ptr, 2); - } - } - return RETVAL_OK; -} - -/** compress any domain name to the packet, return RETVAL_* */ -static int -compress_any_dname(uint8_t* dname, sldns_buffer* pkt, int labs, - struct regional* region, struct compress_tree_node** tree) -{ - struct compress_tree_node* p; - struct compress_tree_node** insertpt = NULL; - size_t pos = sldns_buffer_position(pkt); - if((p = compress_tree_lookup(tree, dname, labs, &insertpt))) { - if(!write_compressed_dname(pkt, dname, labs, p)) - return RETVAL_TRUNC; - } else { - if(!dname_buffer_write(pkt, dname)) - return RETVAL_TRUNC; - } - if(!compress_tree_store(dname, labs, pos, region, p, insertpt)) - return RETVAL_OUTMEM; - return RETVAL_OK; -} - -/** return true if type needs domain name compression in rdata */ -static const sldns_rr_descriptor* -type_rdata_compressable(struct ub_packed_rrset_key* key) -{ - uint16_t t = ntohs(key->rk.type); - if(sldns_rr_descript(t) && - sldns_rr_descript(t)->_compress == LDNS_RR_COMPRESS) - return sldns_rr_descript(t); - return 0; -} - -/** compress domain names in rdata, return RETVAL_* */ -static int -compress_rdata(sldns_buffer* pkt, uint8_t* rdata, size_t todolen, - struct regional* region, struct compress_tree_node** tree, - const sldns_rr_descriptor* desc) -{ - int labs, r, rdf = 0; - size_t dname_len, len, pos = sldns_buffer_position(pkt); - uint8_t count = desc->_dname_count; - - sldns_buffer_skip(pkt, 2); /* rdata len fill in later */ - /* space for rdatalen checked for already */ - rdata += 2; - todolen -= 2; - while(todolen > 0 && count) { - switch(desc->_wireformat[rdf]) { - case LDNS_RDF_TYPE_DNAME: - labs = dname_count_size_labels(rdata, &dname_len); - if((r=compress_any_dname(rdata, pkt, labs, region, - tree)) != RETVAL_OK) - return r; - rdata += dname_len; - todolen -= dname_len; - count--; - len = 0; - break; - case LDNS_RDF_TYPE_STR: - len = *rdata + 1; - break; - default: - len = get_rdf_size(desc->_wireformat[rdf]); - } - if(len) { - /* copy over */ - if(sldns_buffer_remaining(pkt) < len) - return RETVAL_TRUNC; - sldns_buffer_write(pkt, rdata, len); - todolen -= len; - rdata += len; - } - rdf++; - } - /* copy remainder */ - if(todolen > 0) { - if(sldns_buffer_remaining(pkt) < todolen) - return RETVAL_TRUNC; - sldns_buffer_write(pkt, rdata, todolen); - } - - /* set rdata len */ - sldns_buffer_write_u16_at(pkt, pos, sldns_buffer_position(pkt)-pos-2); - return RETVAL_OK; -} - -/** Returns true if RR type should be included */ -static int -rrset_belongs_in_reply(sldns_pkt_section s, uint16_t rrtype, uint16_t qtype, - int dnssec) -{ - if(dnssec) - return 1; - /* skip non DNSSEC types, except if directly queried for */ - if(s == LDNS_SECTION_ANSWER) { - if(qtype == LDNS_RR_TYPE_ANY || qtype == rrtype) - return 1; - } - /* check DNSSEC-ness */ - switch(rrtype) { - case LDNS_RR_TYPE_SIG: - case LDNS_RR_TYPE_KEY: - case LDNS_RR_TYPE_NXT: - case LDNS_RR_TYPE_DS: - case LDNS_RR_TYPE_RRSIG: - case LDNS_RR_TYPE_NSEC: - case LDNS_RR_TYPE_DNSKEY: - case LDNS_RR_TYPE_NSEC3: - case LDNS_RR_TYPE_NSEC3PARAMS: - return 0; - } - return 1; -} - -/** store rrset in buffer in wireformat, return RETVAL_* */ -static int -packed_rrset_encode(struct ub_packed_rrset_key* key, sldns_buffer* pkt, - uint16_t* num_rrs, time_t timenow, struct regional* region, - int do_data, int do_sig, struct compress_tree_node** tree, - sldns_pkt_section s, uint16_t qtype, int dnssec, size_t rr_offset) -{ - size_t i, j, owner_pos; - int r, owner_labs; - uint16_t owner_ptr = 0; - struct packed_rrset_data* data = (struct packed_rrset_data*) - key->entry.data; - - /* does this RR type belong in the answer? */ - if(!rrset_belongs_in_reply(s, ntohs(key->rk.type), qtype, dnssec)) - return RETVAL_OK; - - owner_labs = dname_count_labels(key->rk.dname); - owner_pos = sldns_buffer_position(pkt); - - /* For an rrset with a fixed TTL, use the rrset's TTL as given */ - if((key->rk.flags & PACKED_RRSET_FIXEDTTL) != 0) - timenow = 0; - - if(do_data) { - const sldns_rr_descriptor* c = type_rdata_compressable(key); - for(i=0; icount; i++) { - /* rrset roundrobin */ - j = (i + rr_offset) % data->count; - if((r=compress_owner(key, pkt, region, tree, - owner_pos, &owner_ptr, owner_labs)) - != RETVAL_OK) - return r; - sldns_buffer_write(pkt, &key->rk.type, 2); - sldns_buffer_write(pkt, &key->rk.rrset_class, 2); - if(data->rr_ttl[j] < timenow) - sldns_buffer_write_u32(pkt, 0); - else sldns_buffer_write_u32(pkt, - data->rr_ttl[j]-timenow); - if(c) { - if((r=compress_rdata(pkt, data->rr_data[j], - data->rr_len[j], region, tree, c)) - != RETVAL_OK) - return r; - } else { - if(sldns_buffer_remaining(pkt) < data->rr_len[j]) - return RETVAL_TRUNC; - sldns_buffer_write(pkt, data->rr_data[j], - data->rr_len[j]); - } - } - } - /* insert rrsigs */ - if(do_sig && dnssec) { - size_t total = data->count+data->rrsig_count; - for(i=data->count; irr_len[i]) - return RETVAL_TRUNC; - sldns_buffer_write(pkt, &owner_ptr, 2); - } else { - if((r=compress_any_dname(key->rk.dname, - pkt, owner_labs, region, tree)) - != RETVAL_OK) - return r; - if(sldns_buffer_remaining(pkt) < - 4+4+data->rr_len[i]) - return RETVAL_TRUNC; - } - sldns_buffer_write_u16(pkt, LDNS_RR_TYPE_RRSIG); - sldns_buffer_write(pkt, &key->rk.rrset_class, 2); - if(data->rr_ttl[i] < timenow) - sldns_buffer_write_u32(pkt, 0); - else sldns_buffer_write_u32(pkt, - data->rr_ttl[i]-timenow); - /* rrsig rdata cannot be compressed, perform 100+ byte - * memcopy. */ - sldns_buffer_write(pkt, data->rr_data[i], - data->rr_len[i]); - } - } - /* change rrnum only after we are sure it fits */ - if(do_data) - *num_rrs += data->count; - if(do_sig && dnssec) - *num_rrs += data->rrsig_count; - - return RETVAL_OK; -} - -/** store msg section in wireformat buffer, return RETVAL_* */ -static int -insert_section(struct reply_info* rep, size_t num_rrsets, uint16_t* num_rrs, - sldns_buffer* pkt, size_t rrsets_before, time_t timenow, - struct regional* region, struct compress_tree_node** tree, - sldns_pkt_section s, uint16_t qtype, int dnssec, size_t rr_offset) -{ - int r; - size_t i, setstart; - /* we now allow this function to be called multiple times for the - * same section, incrementally updating num_rrs. The caller is - * responsible for initializing it (which is the case in the current - * implementation). */ - - if(s != LDNS_SECTION_ADDITIONAL) { - if(s == LDNS_SECTION_ANSWER && qtype == LDNS_RR_TYPE_ANY) - dnssec = 1; /* include all types in ANY answer */ - for(i=0; irrsets[rrsets_before+i], - pkt, num_rrs, timenow, region, 1, 1, tree, - s, qtype, dnssec, rr_offset)) - != RETVAL_OK) { - /* Bad, but if due to size must set TC bit */ - /* trim off the rrset neatly. */ - sldns_buffer_set_position(pkt, setstart); - return r; - } - } - } else { - for(i=0; irrsets[rrsets_before+i], - pkt, num_rrs, timenow, region, 1, 0, tree, - s, qtype, dnssec, rr_offset)) - != RETVAL_OK) { - sldns_buffer_set_position(pkt, setstart); - return r; - } - } - if(dnssec) - for(i=0; irrsets[rrsets_before+i], - pkt, num_rrs, timenow, region, 0, 1, tree, - s, qtype, dnssec, rr_offset)) - != RETVAL_OK) { - sldns_buffer_set_position(pkt, setstart); - return r; - } - } - } - return RETVAL_OK; -} - -/** store query section in wireformat buffer, return RETVAL */ -static int -insert_query(struct query_info* qinfo, struct compress_tree_node** tree, - sldns_buffer* buffer, struct regional* region) -{ - uint8_t* qname = qinfo->local_alias ? - qinfo->local_alias->rrset->rk.dname : qinfo->qname; - size_t qname_len = qinfo->local_alias ? - qinfo->local_alias->rrset->rk.dname_len : qinfo->qname_len; - if(sldns_buffer_remaining(buffer) < - qinfo->qname_len+sizeof(uint16_t)*2) - return RETVAL_TRUNC; /* buffer too small */ - /* the query is the first name inserted into the tree */ - if(!compress_tree_store(qname, dname_count_labels(qname), - sldns_buffer_position(buffer), region, NULL, tree)) - return RETVAL_OUTMEM; - if(sldns_buffer_current(buffer) == qname) - sldns_buffer_skip(buffer, (ssize_t)qname_len); - else sldns_buffer_write(buffer, qname, qname_len); - sldns_buffer_write_u16(buffer, qinfo->qtype); - sldns_buffer_write_u16(buffer, qinfo->qclass); - return RETVAL_OK; -} - -static int -positive_answer(struct reply_info* rep, uint16_t qtype) { - size_t i; - if (FLAGS_GET_RCODE(rep->flags) != LDNS_RCODE_NOERROR) - return 0; - - for(i=0;ian_numrrsets; i++) { - if(ntohs(rep->rrsets[i]->rk.type) == qtype) { - /* in case it is a wildcard with DNSSEC, there will - * be NSEC/NSEC3 records in the authority section - * that we cannot remove */ - for(i=rep->an_numrrsets; ian_numrrsets+ - rep->ns_numrrsets; i++) { - if(ntohs(rep->rrsets[i]->rk.type) == - LDNS_RR_TYPE_NSEC || - ntohs(rep->rrsets[i]->rk.type) == - LDNS_RR_TYPE_NSEC3) - return 0; - } - return 1; - } - } - return 0; -} - -int -reply_info_encode(struct query_info* qinfo, struct reply_info* rep, - uint16_t id, uint16_t flags, sldns_buffer* buffer, time_t timenow, - struct regional* region, uint16_t udpsize, int dnssec) -{ - uint16_t ancount=0, nscount=0, arcount=0; - struct compress_tree_node* tree = 0; - int r; - size_t rr_offset; - - sldns_buffer_clear(buffer); - if(udpsize < sldns_buffer_limit(buffer)) - sldns_buffer_set_limit(buffer, udpsize); - if(sldns_buffer_remaining(buffer) < LDNS_HEADER_SIZE) - return 0; - - sldns_buffer_write(buffer, &id, sizeof(uint16_t)); - sldns_buffer_write_u16(buffer, flags); - sldns_buffer_write_u16(buffer, rep->qdcount); - /* set an, ns, ar counts to zero in case of small packets */ - sldns_buffer_write(buffer, "\000\000\000\000\000\000", 6); - - /* insert query section */ - if(rep->qdcount) { - if((r=insert_query(qinfo, &tree, buffer, region)) != - RETVAL_OK) { - if(r == RETVAL_TRUNC) { - /* create truncated message */ - sldns_buffer_write_u16_at(buffer, 4, 0); - LDNS_TC_SET(sldns_buffer_begin(buffer)); - sldns_buffer_flip(buffer); - return 1; - } - return 0; - } - } - /* roundrobin offset. using query id for random number. With ntohs - * for different roundrobins for sequential id client senders. */ - rr_offset = RRSET_ROUNDROBIN?ntohs(id):0; - - /* "prepend" any local alias records in the answer section if this - * response is supposed to be authoritative. Currently it should - * be a single CNAME record (sanity-checked in worker_handle_request()) - * but it can be extended if and when we support more variations of - * aliases. */ - if(qinfo->local_alias && (flags & BIT_AA)) { - struct reply_info arep; - time_t timezero = 0; /* to use the 'authoritative' TTL */ - memset(&arep, 0, sizeof(arep)); - arep.flags = rep->flags; - arep.an_numrrsets = 1; - arep.rrset_count = 1; - arep.rrsets = &qinfo->local_alias->rrset; - if((r=insert_section(&arep, 1, &ancount, buffer, 0, - timezero, region, &tree, LDNS_SECTION_ANSWER, - qinfo->qtype, dnssec, rr_offset)) != RETVAL_OK) { - if(r == RETVAL_TRUNC) { - /* create truncated message */ - sldns_buffer_write_u16_at(buffer, 6, ancount); - LDNS_TC_SET(sldns_buffer_begin(buffer)); - sldns_buffer_flip(buffer); - return 1; - } - return 0; - } - } - - /* insert answer section */ - if((r=insert_section(rep, rep->an_numrrsets, &ancount, buffer, - 0, timenow, region, &tree, LDNS_SECTION_ANSWER, qinfo->qtype, - dnssec, rr_offset)) != RETVAL_OK) { - if(r == RETVAL_TRUNC) { - /* create truncated message */ - sldns_buffer_write_u16_at(buffer, 6, ancount); - LDNS_TC_SET(sldns_buffer_begin(buffer)); - sldns_buffer_flip(buffer); - return 1; - } - return 0; - } - sldns_buffer_write_u16_at(buffer, 6, ancount); - - /* if response is positive answer, auth/add sections are not required */ - if( ! (MINIMAL_RESPONSES && positive_answer(rep, qinfo->qtype)) ) { - /* insert auth section */ - if((r=insert_section(rep, rep->ns_numrrsets, &nscount, buffer, - rep->an_numrrsets, timenow, region, &tree, - LDNS_SECTION_AUTHORITY, qinfo->qtype, - dnssec, rr_offset)) != RETVAL_OK) { - if(r == RETVAL_TRUNC) { - /* create truncated message */ - sldns_buffer_write_u16_at(buffer, 8, nscount); - LDNS_TC_SET(sldns_buffer_begin(buffer)); - sldns_buffer_flip(buffer); - return 1; - } - return 0; - } - sldns_buffer_write_u16_at(buffer, 8, nscount); - - /* insert add section */ - if((r=insert_section(rep, rep->ar_numrrsets, &arcount, buffer, - rep->an_numrrsets + rep->ns_numrrsets, timenow, region, - &tree, LDNS_SECTION_ADDITIONAL, qinfo->qtype, - dnssec, rr_offset)) != RETVAL_OK) { - if(r == RETVAL_TRUNC) { - /* no need to set TC bit, this is the additional */ - sldns_buffer_write_u16_at(buffer, 10, arcount); - sldns_buffer_flip(buffer); - return 1; - } - return 0; - } - sldns_buffer_write_u16_at(buffer, 10, arcount); - } - sldns_buffer_flip(buffer); - return 1; -} - -uint16_t -calc_edns_field_size(struct edns_data* edns) -{ - size_t rdatalen = 0; - struct edns_option* opt; - if(!edns || !edns->edns_present) - return 0; - for(opt = edns->opt_list; opt; opt = opt->next) { - rdatalen += 4 + opt->opt_len; - } - /* domain root '.' + type + class + ttl + rdatalen */ - return 1 + 2 + 2 + 4 + 2 + rdatalen; -} - -void -attach_edns_record(sldns_buffer* pkt, struct edns_data* edns) -{ - size_t len; - size_t rdatapos; - struct edns_option* opt; - if(!edns || !edns->edns_present) - return; - /* inc additional count */ - sldns_buffer_write_u16_at(pkt, 10, - sldns_buffer_read_u16_at(pkt, 10) + 1); - len = sldns_buffer_limit(pkt); - sldns_buffer_clear(pkt); - sldns_buffer_set_position(pkt, len); - /* write EDNS record */ - sldns_buffer_write_u8(pkt, 0); /* '.' label */ - sldns_buffer_write_u16(pkt, LDNS_RR_TYPE_OPT); /* type */ - sldns_buffer_write_u16(pkt, edns->udp_size); /* class */ - sldns_buffer_write_u8(pkt, edns->ext_rcode); /* ttl */ - sldns_buffer_write_u8(pkt, edns->edns_version); - sldns_buffer_write_u16(pkt, edns->bits); - rdatapos = sldns_buffer_position(pkt); - sldns_buffer_write_u16(pkt, 0); /* rdatalen */ - /* write rdata */ - for(opt=edns->opt_list; opt; opt=opt->next) { - sldns_buffer_write_u16(pkt, opt->opt_code); - sldns_buffer_write_u16(pkt, opt->opt_len); - if(opt->opt_len != 0) - sldns_buffer_write(pkt, opt->opt_data, opt->opt_len); - } - if(edns->opt_list) - sldns_buffer_write_u16_at(pkt, rdatapos, - sldns_buffer_position(pkt)-rdatapos-2); - sldns_buffer_flip(pkt); -} - -int -reply_info_answer_encode(struct query_info* qinf, struct reply_info* rep, - uint16_t id, uint16_t qflags, sldns_buffer* pkt, time_t timenow, - int cached, struct regional* region, uint16_t udpsize, - struct edns_data* edns, int dnssec, int secure) -{ - uint16_t flags; - int attach_edns = 1; - - if(!cached || rep->authoritative) { - /* original flags, copy RD and CD bits from query. */ - flags = rep->flags | (qflags & (BIT_RD|BIT_CD)); - } else { - /* remove AA bit, copy RD and CD bits from query. */ - flags = (rep->flags & ~BIT_AA) | (qflags & (BIT_RD|BIT_CD)); - } - if(secure && (dnssec || (qflags&BIT_AD))) - flags |= BIT_AD; - /* restore AA bit if we have a local alias and the response can be - * authoritative. Also clear AD bit if set as the local data is the - * primary answer. */ - if(qinf->local_alias && - (FLAGS_GET_RCODE(rep->flags) == LDNS_RCODE_NOERROR || - FLAGS_GET_RCODE(rep->flags) == LDNS_RCODE_NXDOMAIN)) { - flags |= BIT_AA; - flags &= ~BIT_AD; - } - log_assert(flags & BIT_QR); /* QR bit must be on in our replies */ - if(udpsize < LDNS_HEADER_SIZE) - return 0; - if(udpsize < LDNS_HEADER_SIZE + calc_edns_field_size(edns)) { - /* packet too small to contain edns, omit it. */ - attach_edns = 0; - } else { - /* reserve space for edns record */ - udpsize -= calc_edns_field_size(edns); - } - - if(!reply_info_encode(qinf, rep, id, flags, pkt, timenow, region, - udpsize, dnssec)) { - log_err("reply encode: out of memory"); - return 0; - } - if(attach_edns) - attach_edns_record(pkt, edns); - return 1; -} - -void -qinfo_query_encode(sldns_buffer* pkt, struct query_info* qinfo) -{ - uint16_t flags = 0; /* QUERY, NOERROR */ - const uint8_t* qname = qinfo->local_alias ? - qinfo->local_alias->rrset->rk.dname : qinfo->qname; - size_t qname_len = qinfo->local_alias ? - qinfo->local_alias->rrset->rk.dname_len : qinfo->qname_len; - sldns_buffer_clear(pkt); - log_assert(sldns_buffer_remaining(pkt) >= 12+255+4/*max query*/); - sldns_buffer_skip(pkt, 2); /* id done later */ - sldns_buffer_write_u16(pkt, flags); - sldns_buffer_write_u16(pkt, 1); /* query count */ - sldns_buffer_write(pkt, "\000\000\000\000\000\000", 6); /* counts */ - sldns_buffer_write(pkt, qname, qname_len); - sldns_buffer_write_u16(pkt, qinfo->qtype); - sldns_buffer_write_u16(pkt, qinfo->qclass); - sldns_buffer_flip(pkt); -} - -void -error_encode(sldns_buffer* buf, int r, struct query_info* qinfo, - uint16_t qid, uint16_t qflags, struct edns_data* edns) -{ - uint16_t flags; - - sldns_buffer_clear(buf); - sldns_buffer_write(buf, &qid, sizeof(uint16_t)); - flags = (uint16_t)(BIT_QR | BIT_RA | r); /* QR and retcode*/ - flags |= (qflags & (BIT_RD|BIT_CD)); /* copy RD and CD bit */ - sldns_buffer_write_u16(buf, flags); - if(qinfo) flags = 1; - else flags = 0; - sldns_buffer_write_u16(buf, flags); - flags = 0; - sldns_buffer_write(buf, &flags, sizeof(uint16_t)); - sldns_buffer_write(buf, &flags, sizeof(uint16_t)); - sldns_buffer_write(buf, &flags, sizeof(uint16_t)); - if(qinfo) { - const uint8_t* qname = qinfo->local_alias ? - qinfo->local_alias->rrset->rk.dname : qinfo->qname; - size_t qname_len = qinfo->local_alias ? - qinfo->local_alias->rrset->rk.dname_len : - qinfo->qname_len; - if(sldns_buffer_current(buf) == qname) - sldns_buffer_skip(buf, (ssize_t)qname_len); - else sldns_buffer_write(buf, qname, qname_len); - sldns_buffer_write_u16(buf, qinfo->qtype); - sldns_buffer_write_u16(buf, qinfo->qclass); - } - sldns_buffer_flip(buf); - if(edns) { - struct edns_data es = *edns; - es.edns_version = EDNS_ADVERTISED_VERSION; - es.udp_size = EDNS_ADVERTISED_SIZE; - es.ext_rcode = 0; - es.bits &= EDNS_DO; - if(sldns_buffer_limit(buf) + calc_edns_field_size(&es) > - edns->udp_size) - return; - attach_edns_record(buf, &es); - } -} diff --git a/external/unbound/util/data/msgencode.h b/external/unbound/util/data/msgencode.h deleted file mode 100644 index eea129d98..000000000 --- a/external/unbound/util/data/msgencode.h +++ /dev/null @@ -1,131 +0,0 @@ -/* - * util/data/msgencode.h - encode compressed DNS messages. - * - * Copyright (c) 2007, NLnet Labs. All rights reserved. - * - * This software is open source. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * Redistributions of source code must retain the above copyright notice, - * this list of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, - * this list of conditions and the following disclaimer in the documentation - * and/or other materials provided with the distribution. - * - * Neither the name of the NLNET LABS nor the names of its contributors may - * be used to endorse or promote products derived from this software without - * specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR - * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT - * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED - * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR - * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF - * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING - * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -/** - * \file - * - * This file contains temporary data structures and routines to create - * compressed DNS messages. - */ - -#ifndef UTIL_DATA_MSGENCODE_H -#define UTIL_DATA_MSGENCODE_H -struct sldns_buffer; -struct query_info; -struct reply_info; -struct regional; -struct edns_data; - -/** - * Generate answer from reply_info. - * @param qinf: query information that provides query section in packet. - * @param rep: reply to fill in. - * @param id: id word from the query. - * @param qflags: flags word from the query. - * @param dest: buffer to put message into; will truncate if it does not fit. - * @param timenow: time to subtract. - * @param cached: set true if a cached reply (so no AA bit). - * set false for the first reply. - * @param region: where to allocate temp variables (for compression). - * @param udpsize: size of the answer, 512, from EDNS, or 64k for TCP. - * @param edns: EDNS data included in the answer, NULL for none. - * or if edns_present = 0, it is not included. - * @param dnssec: if 0 DNSSEC records are omitted from the answer. - * @param secure: if 1, the AD bit is set in the reply. - * @return: 0 on error (server failure). - */ -int reply_info_answer_encode(struct query_info* qinf, struct reply_info* rep, - uint16_t id, uint16_t qflags, struct sldns_buffer* dest, time_t timenow, - int cached, struct regional* region, uint16_t udpsize, - struct edns_data* edns, int dnssec, int secure); - -/** - * Regenerate the wireformat from the stored msg reply. - * If the buffer is too small then the message is truncated at a whole - * rrset and the TC bit set, or whole rrsets are left out of the additional - * and the TC bit is not set. - * @param qinfo: query info to store. - * @param rep: reply to store. - * @param id: id value to store, network order. - * @param flags: flags value to store, host order. - * @param buffer: buffer to store the packet into. - * @param timenow: time now, to adjust ttl values. - * @param region: to store temporary data in. - * @param udpsize: size of the answer, 512, from EDNS, or 64k for TCP. - * @param dnssec: if 0 DNSSEC records are omitted from the answer. - * @return: nonzero is success, or - * 0 on error: malloc failure (no log_err has been done). - */ -int reply_info_encode(struct query_info* qinfo, struct reply_info* rep, - uint16_t id, uint16_t flags, struct sldns_buffer* buffer, time_t timenow, - struct regional* region, uint16_t udpsize, int dnssec); - -/** - * Encode query packet. Assumes the buffer is large enough. - * @param pkt: where to store the packet. - * @param qinfo: query info. - */ -void qinfo_query_encode(struct sldns_buffer* pkt, struct query_info* qinfo); - -/** - * Estimate size of EDNS record in packet. EDNS record will be no larger. - * @param edns: edns data or NULL. - * @return octets to reserve for EDNS. - */ -uint16_t calc_edns_field_size(struct edns_data* edns); - -/** - * Attach EDNS record to buffer. Buffer has complete packet. There must - * be enough room left for the EDNS record. - * @param pkt: packet added to. - * @param edns: if NULL or present=0, nothing is added to the packet. - */ -void attach_edns_record(struct sldns_buffer* pkt, struct edns_data* edns); - -/** - * Encode an error. With QR and RA set. - * - * @param pkt: where to store the packet. - * @param r: RCODE value to encode. - * @param qinfo: if not NULL, the query is included. - * @param qid: query ID to set in packet. network order. - * @param qflags: original query flags (to copy RD and CD bits). host order. - * @param edns: if not NULL, this is the query edns info, - * and an edns reply is attached. Only attached if EDNS record fits reply. - */ -void error_encode(struct sldns_buffer* pkt, int r, struct query_info* qinfo, - uint16_t qid, uint16_t qflags, struct edns_data* edns); - -#endif /* UTIL_DATA_MSGENCODE_H */ diff --git a/external/unbound/util/data/msgparse.c b/external/unbound/util/data/msgparse.c deleted file mode 100644 index 5381500e1..000000000 --- a/external/unbound/util/data/msgparse.c +++ /dev/null @@ -1,1093 +0,0 @@ -/* - * util/data/msgparse.c - parse wireformat DNS messages. - * - * Copyright (c) 2007, NLnet Labs. All rights reserved. - * - * This software is open source. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * Redistributions of source code must retain the above copyright notice, - * this list of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, - * this list of conditions and the following disclaimer in the documentation - * and/or other materials provided with the distribution. - * - * Neither the name of the NLNET LABS nor the names of its contributors may - * be used to endorse or promote products derived from this software without - * specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR - * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT - * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED - * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR - * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF - * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING - * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/** - * \file - * Routines for message parsing a packet buffer to a descriptive structure. - */ -#include "config.h" -#include "util/data/msgparse.h" -#include "util/data/msgreply.h" -#include "util/data/dname.h" -#include "util/data/packed_rrset.h" -#include "util/storage/lookup3.h" -#include "util/regional.h" -#include "sldns/rrdef.h" -#include "sldns/sbuffer.h" -#include "sldns/parseutil.h" -#include "sldns/wire2str.h" - -/** smart comparison of (compressed, valid) dnames from packet */ -static int -smart_compare(sldns_buffer* pkt, uint8_t* dnow, - uint8_t* dprfirst, uint8_t* dprlast) -{ - if(LABEL_IS_PTR(*dnow)) { - /* ptr points to a previous dname */ - uint8_t* p = sldns_buffer_at(pkt, PTR_OFFSET(dnow[0], dnow[1])); - if( p == dprfirst || p == dprlast ) - return 0; - /* prev dname is also a ptr, both ptrs are the same. */ - if(LABEL_IS_PTR(*dprlast) && - dprlast[0] == dnow[0] && dprlast[1] == dnow[1]) - return 0; - } - return dname_pkt_compare(pkt, dnow, dprlast); -} - -/** - * Allocate new rrset in region, fill with data. - */ -static struct rrset_parse* -new_rrset(struct msg_parse* msg, uint8_t* dname, size_t dnamelen, - uint16_t type, uint16_t dclass, hashvalue_type hash, - uint32_t rrset_flags, sldns_pkt_section section, - struct regional* region) -{ - struct rrset_parse* p = regional_alloc(region, sizeof(*p)); - if(!p) return NULL; - p->rrset_bucket_next = msg->hashtable[hash & (PARSE_TABLE_SIZE-1)]; - msg->hashtable[hash & (PARSE_TABLE_SIZE-1)] = p; - p->rrset_all_next = 0; - if(msg->rrset_last) - msg->rrset_last->rrset_all_next = p; - else msg->rrset_first = p; - msg->rrset_last = p; - p->hash = hash; - p->section = section; - p->dname = dname; - p->dname_len = dnamelen; - p->type = type; - p->rrset_class = dclass; - p->flags = rrset_flags; - p->rr_count = 0; - p->size = 0; - p->rr_first = 0; - p->rr_last = 0; - p->rrsig_count = 0; - p->rrsig_first = 0; - p->rrsig_last = 0; - return p; -} - -/** See if next rrset is nsec at zone apex */ -static int -nsec_at_apex(sldns_buffer* pkt) -{ - /* we are at ttl position in packet. */ - size_t pos = sldns_buffer_position(pkt); - uint16_t rdatalen; - if(sldns_buffer_remaining(pkt) < 7) /* ttl+len+root */ - return 0; /* eek! */ - sldns_buffer_skip(pkt, 4); /* ttl */; - rdatalen = sldns_buffer_read_u16(pkt); - if(sldns_buffer_remaining(pkt) < rdatalen) { - sldns_buffer_set_position(pkt, pos); - return 0; /* parse error happens later */ - } - /* must validate the nsec next domain name format */ - if(pkt_dname_len(pkt) == 0) { - sldns_buffer_set_position(pkt, pos); - return 0; /* parse error */ - } - - /* see if SOA bit is set. */ - if(sldns_buffer_position(pkt) < pos+4+rdatalen) { - /* nsec type bitmap contains items */ - uint8_t win, blen, bits; - /* need: windownum, bitmap len, firstbyte */ - if(sldns_buffer_position(pkt)+3 > pos+4+rdatalen) { - sldns_buffer_set_position(pkt, pos); - return 0; /* malformed nsec */ - } - win = sldns_buffer_read_u8(pkt); - blen = sldns_buffer_read_u8(pkt); - bits = sldns_buffer_read_u8(pkt); - /* 0window always first window. bitlen >=1 or parse - error really. bit 0x2 is SOA. */ - if(win == 0 && blen >= 1 && (bits & 0x02)) { - sldns_buffer_set_position(pkt, pos); - return 1; - } - } - - sldns_buffer_set_position(pkt, pos); - return 0; -} - -/** Calculate rrset flags */ -static uint32_t -pkt_rrset_flags(sldns_buffer* pkt, uint16_t type, sldns_pkt_section sec) -{ - uint32_t f = 0; - if(type == LDNS_RR_TYPE_NSEC && nsec_at_apex(pkt)) { - f |= PACKED_RRSET_NSEC_AT_APEX; - } else if(type == LDNS_RR_TYPE_SOA && sec == LDNS_SECTION_AUTHORITY) { - f |= PACKED_RRSET_SOA_NEG; - } - return f; -} - -hashvalue_type -pkt_hash_rrset(sldns_buffer* pkt, uint8_t* dname, uint16_t type, - uint16_t dclass, uint32_t rrset_flags) -{ - /* note this MUST be identical to rrset_key_hash in packed_rrset.c */ - /* this routine handles compressed names */ - hashvalue_type h = 0xab; - h = dname_pkt_hash(pkt, dname, h); - h = hashlittle(&type, sizeof(type), h); /* host order */ - h = hashlittle(&dclass, sizeof(dclass), h); /* netw order */ - h = hashlittle(&rrset_flags, sizeof(uint32_t), h); - return h; -} - -/** create partial dname hash for rrset hash */ -static hashvalue_type -pkt_hash_rrset_first(sldns_buffer* pkt, uint8_t* dname) -{ - /* works together with pkt_hash_rrset_rest */ - /* note this MUST be identical to rrset_key_hash in packed_rrset.c */ - /* this routine handles compressed names */ - hashvalue_type h = 0xab; - h = dname_pkt_hash(pkt, dname, h); - return h; -} - -/** create a rrset hash from a partial dname hash */ -static hashvalue_type -pkt_hash_rrset_rest(hashvalue_type dname_h, uint16_t type, uint16_t dclass, - uint32_t rrset_flags) -{ - /* works together with pkt_hash_rrset_first */ - /* note this MUST be identical to rrset_key_hash in packed_rrset.c */ - hashvalue_type h; - h = hashlittle(&type, sizeof(type), dname_h); /* host order */ - h = hashlittle(&dclass, sizeof(dclass), h); /* netw order */ - h = hashlittle(&rrset_flags, sizeof(uint32_t), h); - return h; -} - -/** compare rrset_parse with data */ -static int -rrset_parse_equals(struct rrset_parse* p, sldns_buffer* pkt, hashvalue_type h, - uint32_t rrset_flags, uint8_t* dname, size_t dnamelen, - uint16_t type, uint16_t dclass) -{ - if(p->hash == h && p->dname_len == dnamelen && p->type == type && - p->rrset_class == dclass && p->flags == rrset_flags && - dname_pkt_compare(pkt, dname, p->dname) == 0) - return 1; - return 0; -} - - -struct rrset_parse* -msgparse_hashtable_lookup(struct msg_parse* msg, sldns_buffer* pkt, - hashvalue_type h, uint32_t rrset_flags, uint8_t* dname, - size_t dnamelen, uint16_t type, uint16_t dclass) -{ - struct rrset_parse* p = msg->hashtable[h & (PARSE_TABLE_SIZE-1)]; - while(p) { - if(rrset_parse_equals(p, pkt, h, rrset_flags, dname, dnamelen, - type, dclass)) - return p; - p = p->rrset_bucket_next; - } - return NULL; -} - -/** return type networkformat that rrsig in packet covers */ -static int -pkt_rrsig_covered(sldns_buffer* pkt, uint8_t* here, uint16_t* type) -{ - size_t pos = sldns_buffer_position(pkt); - sldns_buffer_set_position(pkt, (size_t)(here-sldns_buffer_begin(pkt))); - /* ttl + len + size of small rrsig(rootlabel, no signature) */ - if(sldns_buffer_remaining(pkt) < 4+2+19) - return 0; - sldns_buffer_skip(pkt, 4); /* ttl */ - if(sldns_buffer_read_u16(pkt) < 19) /* too short */ { - sldns_buffer_set_position(pkt, pos); - return 0; - } - *type = sldns_buffer_read_u16(pkt); - sldns_buffer_set_position(pkt, pos); - return 1; -} - -/** true if covered type equals prevtype */ -static int -pkt_rrsig_covered_equals(sldns_buffer* pkt, uint8_t* here, uint16_t type) -{ - uint16_t t; - if(pkt_rrsig_covered(pkt, here, &t) && t == type) - return 1; - return 0; -} - -void -msgparse_bucket_remove(struct msg_parse* msg, struct rrset_parse* rrset) -{ - struct rrset_parse** p; - p = &msg->hashtable[ rrset->hash & (PARSE_TABLE_SIZE-1) ]; - while(*p) { - if(*p == rrset) { - *p = rrset->rrset_bucket_next; - return; - } - p = &( (*p)->rrset_bucket_next ); - } -} - -/** change section of rrset from previous to current section */ -static void -change_section(struct msg_parse* msg, struct rrset_parse* rrset, - sldns_pkt_section section) -{ - struct rrset_parse *p, *prev; - /* remove from list */ - if(section == rrset->section) - return; - p = msg->rrset_first; - prev = 0; - while(p) { - if(p == rrset) { - if(prev) prev->rrset_all_next = p->rrset_all_next; - else msg->rrset_first = p->rrset_all_next; - if(msg->rrset_last == rrset) - msg->rrset_last = prev; - break; - } - prev = p; - p = p->rrset_all_next; - } - /* remove from count */ - switch(rrset->section) { - case LDNS_SECTION_ANSWER: msg->an_rrsets--; break; - case LDNS_SECTION_AUTHORITY: msg->ns_rrsets--; break; - case LDNS_SECTION_ADDITIONAL: msg->ar_rrsets--; break; - default: log_assert(0); - } - /* insert at end of list */ - rrset->rrset_all_next = 0; - if(msg->rrset_last) - msg->rrset_last->rrset_all_next = rrset; - else msg->rrset_first = rrset; - msg->rrset_last = rrset; - /* up count of new section */ - switch(section) { - case LDNS_SECTION_AUTHORITY: msg->ns_rrsets++; break; - case LDNS_SECTION_ADDITIONAL: msg->ar_rrsets++; break; - default: log_assert(0); - } - rrset->section = section; -} - -/** see if rrset of type RRSIG contains sig over given type */ -static int -rrset_has_sigover(sldns_buffer* pkt, struct rrset_parse* rrset, uint16_t type, - int* hasother) -{ - int res = 0; - struct rr_parse* rr = rrset->rr_first; - log_assert( rrset->type == LDNS_RR_TYPE_RRSIG ); - while(rr) { - if(pkt_rrsig_covered_equals(pkt, rr->ttl_data, type)) - res = 1; - else *hasother = 1; - rr = rr->next; - } - return res; -} - -/** move rrsigs from sigset to dataset */ -static int -moveover_rrsigs(sldns_buffer* pkt, struct regional* region, - struct rrset_parse* sigset, struct rrset_parse* dataset, int duplicate) -{ - struct rr_parse* sig = sigset->rr_first; - struct rr_parse* prev = NULL; - struct rr_parse* insert; - struct rr_parse* nextsig; - while(sig) { - nextsig = sig->next; - if(pkt_rrsig_covered_equals(pkt, sig->ttl_data, - dataset->type)) { - if(duplicate) { - /* new */ - insert = (struct rr_parse*)regional_alloc( - region, sizeof(struct rr_parse)); - if(!insert) return 0; - insert->outside_packet = 0; - insert->ttl_data = sig->ttl_data; - insert->size = sig->size; - /* prev not used */ - } else { - /* remove from sigset */ - if(prev) prev->next = sig->next; - else sigset->rr_first = sig->next; - if(sigset->rr_last == sig) - sigset->rr_last = prev; - sigset->rr_count--; - sigset->size -= sig->size; - insert = sig; - /* prev not changed */ - } - /* add to dataset */ - dataset->rrsig_count++; - insert->next = 0; - if(dataset->rrsig_last) - dataset->rrsig_last->next = insert; - else dataset->rrsig_first = insert; - dataset->rrsig_last = insert; - dataset->size += insert->size; - } else { - prev = sig; - } - sig = nextsig; - } - return 1; -} - -/** change an rrsig rrset for use as data rrset */ -static struct rrset_parse* -change_rrsig_rrset(struct rrset_parse* sigset, struct msg_parse* msg, - sldns_buffer* pkt, uint16_t datatype, uint32_t rrset_flags, - int hasother, sldns_pkt_section section, struct regional* region) -{ - struct rrset_parse* dataset = sigset; - hashvalue_type hash = pkt_hash_rrset(pkt, sigset->dname, datatype, - sigset->rrset_class, rrset_flags); - log_assert( sigset->type == LDNS_RR_TYPE_RRSIG ); - log_assert( datatype != LDNS_RR_TYPE_RRSIG ); - if(hasother) { - /* need to make new rrset to hold data type */ - dataset = new_rrset(msg, sigset->dname, sigset->dname_len, - datatype, sigset->rrset_class, hash, rrset_flags, - section, region); - if(!dataset) - return NULL; - switch(section) { - case LDNS_SECTION_ANSWER: msg->an_rrsets++; break; - case LDNS_SECTION_AUTHORITY: msg->ns_rrsets++; break; - case LDNS_SECTION_ADDITIONAL: msg->ar_rrsets++; break; - default: log_assert(0); - } - if(!moveover_rrsigs(pkt, region, sigset, dataset, - msg->qtype == LDNS_RR_TYPE_RRSIG || - (msg->qtype == LDNS_RR_TYPE_ANY && - section != LDNS_SECTION_ANSWER) )) - return NULL; - return dataset; - } - /* changeover the type of the rrset to data set */ - msgparse_bucket_remove(msg, dataset); - /* insert into new hash bucket */ - dataset->rrset_bucket_next = msg->hashtable[hash&(PARSE_TABLE_SIZE-1)]; - msg->hashtable[hash&(PARSE_TABLE_SIZE-1)] = dataset; - dataset->hash = hash; - /* use section of data item for result */ - change_section(msg, dataset, section); - dataset->type = datatype; - dataset->flags = rrset_flags; - dataset->rrsig_count += dataset->rr_count; - dataset->rr_count = 0; - /* move sigs to end of siglist */ - if(dataset->rrsig_last) - dataset->rrsig_last->next = dataset->rr_first; - else dataset->rrsig_first = dataset->rr_first; - dataset->rrsig_last = dataset->rr_last; - dataset->rr_first = 0; - dataset->rr_last = 0; - return dataset; -} - -/** Find rrset. If equal to previous it is fast. hash if not so. - * @param msg: the message with hash table. - * @param pkt: the packet in wireformat (needed for compression ptrs). - * @param dname: pointer to start of dname (compressed) in packet. - * @param dnamelen: uncompressed wirefmt length of dname. - * @param type: type of current rr. - * @param dclass: class of current rr. - * @param hash: hash value is returned if the rrset could not be found. - * @param rrset_flags: is returned if the rrset could not be found. - * @param prev_dname_first: dname of last seen RR. First seen dname. - * @param prev_dname_last: dname of last seen RR. Last seen dname. - * @param prev_dnamelen: dname len of last seen RR. - * @param prev_type: type of last seen RR. - * @param prev_dclass: class of last seen RR. - * @param rrset_prev: last seen RRset. - * @param section: the current section in the packet. - * @param region: used to allocate temporary parsing data. - * @return 0 on out of memory. - */ -static int -find_rrset(struct msg_parse* msg, sldns_buffer* pkt, uint8_t* dname, - size_t dnamelen, uint16_t type, uint16_t dclass, hashvalue_type* hash, - uint32_t* rrset_flags, - uint8_t** prev_dname_first, uint8_t** prev_dname_last, - size_t* prev_dnamelen, uint16_t* prev_type, - uint16_t* prev_dclass, struct rrset_parse** rrset_prev, - sldns_pkt_section section, struct regional* region) -{ - hashvalue_type dname_h = pkt_hash_rrset_first(pkt, dname); - uint16_t covtype; - if(*rrset_prev) { - /* check if equal to previous item */ - if(type == *prev_type && dclass == *prev_dclass && - dnamelen == *prev_dnamelen && - smart_compare(pkt, dname, *prev_dname_first, - *prev_dname_last) == 0 && - type != LDNS_RR_TYPE_RRSIG) { - /* same as previous */ - *prev_dname_last = dname; - return 1; - } - /* check if rrsig over previous item */ - if(type == LDNS_RR_TYPE_RRSIG && dclass == *prev_dclass && - pkt_rrsig_covered_equals(pkt, sldns_buffer_current(pkt), - *prev_type) && - smart_compare(pkt, dname, *prev_dname_first, - *prev_dname_last) == 0) { - /* covers previous */ - *prev_dname_last = dname; - return 1; - } - } - /* find by hashing and lookup in hashtable */ - *rrset_flags = pkt_rrset_flags(pkt, type, section); - - /* if rrsig - try to lookup matching data set first */ - if(type == LDNS_RR_TYPE_RRSIG && pkt_rrsig_covered(pkt, - sldns_buffer_current(pkt), &covtype)) { - *hash = pkt_hash_rrset_rest(dname_h, covtype, dclass, - *rrset_flags); - *rrset_prev = msgparse_hashtable_lookup(msg, pkt, *hash, - *rrset_flags, dname, dnamelen, covtype, dclass); - if(!*rrset_prev && covtype == LDNS_RR_TYPE_NSEC) { - /* if NSEC try with NSEC apex bit twiddled */ - *rrset_flags ^= PACKED_RRSET_NSEC_AT_APEX; - *hash = pkt_hash_rrset_rest(dname_h, covtype, dclass, - *rrset_flags); - *rrset_prev = msgparse_hashtable_lookup(msg, pkt, - *hash, *rrset_flags, dname, dnamelen, covtype, - dclass); - if(!*rrset_prev) /* untwiddle if not found */ - *rrset_flags ^= PACKED_RRSET_NSEC_AT_APEX; - } - if(!*rrset_prev && covtype == LDNS_RR_TYPE_SOA) { - /* if SOA try with SOA neg flag twiddled */ - *rrset_flags ^= PACKED_RRSET_SOA_NEG; - *hash = pkt_hash_rrset_rest(dname_h, covtype, dclass, - *rrset_flags); - *rrset_prev = msgparse_hashtable_lookup(msg, pkt, - *hash, *rrset_flags, dname, dnamelen, covtype, - dclass); - if(!*rrset_prev) /* untwiddle if not found */ - *rrset_flags ^= PACKED_RRSET_SOA_NEG; - } - if(*rrset_prev) { - *prev_dname_first = (*rrset_prev)->dname; - *prev_dname_last = dname; - *prev_dnamelen = dnamelen; - *prev_type = covtype; - *prev_dclass = dclass; - return 1; - } - } - if(type != LDNS_RR_TYPE_RRSIG) { - int hasother = 0; - /* find matching rrsig */ - *hash = pkt_hash_rrset_rest(dname_h, LDNS_RR_TYPE_RRSIG, - dclass, 0); - *rrset_prev = msgparse_hashtable_lookup(msg, pkt, *hash, - 0, dname, dnamelen, LDNS_RR_TYPE_RRSIG, - dclass); - if(*rrset_prev && rrset_has_sigover(pkt, *rrset_prev, type, - &hasother)) { - /* yes! */ - *prev_dname_first = (*rrset_prev)->dname; - *prev_dname_last = dname; - *prev_dnamelen = dnamelen; - *prev_type = type; - *prev_dclass = dclass; - *rrset_prev = change_rrsig_rrset(*rrset_prev, msg, - pkt, type, *rrset_flags, hasother, section, - region); - if(!*rrset_prev) return 0; - return 1; - } - } - - *hash = pkt_hash_rrset_rest(dname_h, type, dclass, *rrset_flags); - *rrset_prev = msgparse_hashtable_lookup(msg, pkt, *hash, *rrset_flags, - dname, dnamelen, type, dclass); - if(*rrset_prev) - *prev_dname_first = (*rrset_prev)->dname; - else *prev_dname_first = dname; - *prev_dname_last = dname; - *prev_dnamelen = dnamelen; - *prev_type = type; - *prev_dclass = dclass; - return 1; -} - -/** - * Parse query section. - * @param pkt: packet, position at call must be at start of query section. - * at end position is after query section. - * @param msg: store results here. - * @return: 0 if OK, or rcode on error. - */ -static int -parse_query_section(sldns_buffer* pkt, struct msg_parse* msg) -{ - if(msg->qdcount == 0) - return 0; - if(msg->qdcount > 1) - return LDNS_RCODE_FORMERR; - log_assert(msg->qdcount == 1); - if(sldns_buffer_remaining(pkt) <= 0) - return LDNS_RCODE_FORMERR; - msg->qname = sldns_buffer_current(pkt); - if((msg->qname_len = pkt_dname_len(pkt)) == 0) - return LDNS_RCODE_FORMERR; - if(sldns_buffer_remaining(pkt) < sizeof(uint16_t)*2) - return LDNS_RCODE_FORMERR; - msg->qtype = sldns_buffer_read_u16(pkt); - msg->qclass = sldns_buffer_read_u16(pkt); - return 0; -} - -size_t -get_rdf_size(sldns_rdf_type rdf) -{ - switch(rdf) { - case LDNS_RDF_TYPE_CLASS: - case LDNS_RDF_TYPE_ALG: - case LDNS_RDF_TYPE_INT8: - return 1; - break; - case LDNS_RDF_TYPE_INT16: - case LDNS_RDF_TYPE_TYPE: - case LDNS_RDF_TYPE_CERT_ALG: - return 2; - break; - case LDNS_RDF_TYPE_INT32: - case LDNS_RDF_TYPE_TIME: - case LDNS_RDF_TYPE_A: - case LDNS_RDF_TYPE_PERIOD: - return 4; - break; - case LDNS_RDF_TYPE_TSIGTIME: - return 6; - break; - case LDNS_RDF_TYPE_AAAA: - return 16; - break; - default: - log_assert(0); /* add type above */ - /* only types that appear before a domain * - * name are needed. rest is simply copied. */ - } - return 0; -} - -/** calculate the size of one rr */ -static int -calc_size(sldns_buffer* pkt, uint16_t type, struct rr_parse* rr) -{ - const sldns_rr_descriptor* desc; - uint16_t pkt_len; /* length of rr inside the packet */ - rr->size = sizeof(uint16_t); /* the rdatalen */ - sldns_buffer_skip(pkt, 4); /* skip ttl */ - pkt_len = sldns_buffer_read_u16(pkt); - if(sldns_buffer_remaining(pkt) < pkt_len) - return 0; - desc = sldns_rr_descript(type); - if(pkt_len > 0 && desc && desc->_dname_count > 0) { - int count = (int)desc->_dname_count; - int rdf = 0; - size_t len; - size_t oldpos; - /* skip first part. */ - while(pkt_len > 0 && count) { - switch(desc->_wireformat[rdf]) { - case LDNS_RDF_TYPE_DNAME: - /* decompress every domain name */ - oldpos = sldns_buffer_position(pkt); - if((len = pkt_dname_len(pkt)) == 0) - return 0; /* malformed dname */ - if(sldns_buffer_position(pkt)-oldpos > pkt_len) - return 0; /* dname exceeds rdata */ - pkt_len -= sldns_buffer_position(pkt)-oldpos; - rr->size += len; - count--; - len = 0; - break; - case LDNS_RDF_TYPE_STR: - if(pkt_len < 1) { - /* NOTREACHED, due to 'while(>0)' */ - return 0; /* len byte exceeds rdata */ - } - len = sldns_buffer_current(pkt)[0] + 1; - break; - default: - len = get_rdf_size(desc->_wireformat[rdf]); - } - if(len) { - if(pkt_len < len) - return 0; /* exceeds rdata */ - pkt_len -= len; - sldns_buffer_skip(pkt, (ssize_t)len); - rr->size += len; - } - rdf++; - } - } - /* remaining rdata */ - rr->size += pkt_len; - sldns_buffer_skip(pkt, (ssize_t)pkt_len); - return 1; -} - -/** skip rr ttl and rdata */ -static int -skip_ttl_rdata(sldns_buffer* pkt) -{ - uint16_t rdatalen; - if(sldns_buffer_remaining(pkt) < 6) /* ttl + rdatalen */ - return 0; - sldns_buffer_skip(pkt, 4); /* ttl */ - rdatalen = sldns_buffer_read_u16(pkt); - if(sldns_buffer_remaining(pkt) < rdatalen) - return 0; - sldns_buffer_skip(pkt, (ssize_t)rdatalen); - return 1; -} - -/** see if RRSIG is a duplicate of another */ -static int -sig_is_double(sldns_buffer* pkt, struct rrset_parse* rrset, uint8_t* ttldata) -{ - uint16_t rlen, siglen; - size_t pos = sldns_buffer_position(pkt); - struct rr_parse* sig; - if(sldns_buffer_remaining(pkt) < 6) - return 0; - sldns_buffer_skip(pkt, 4); /* ttl */ - rlen = sldns_buffer_read_u16(pkt); - if(sldns_buffer_remaining(pkt) < rlen) { - sldns_buffer_set_position(pkt, pos); - return 0; - } - sldns_buffer_set_position(pkt, pos); - - sig = rrset->rrsig_first; - while(sig) { - /* check if rdatalen is same */ - memmove(&siglen, sig->ttl_data+4, sizeof(siglen)); - siglen = ntohs(siglen); - /* checks if data in packet is exactly the same, this means - * also dname in rdata is the same, but rrsig is not allowed - * to have compressed dnames anyway. If it is compressed anyway - * it will lead to duplicate rrs for qtype=RRSIG. (or ANY). - * - * Cannot use sig->size because size of the other one is not - * calculated yet. - */ - if(siglen == rlen) { - if(siglen>0 && memcmp(sig->ttl_data+6, ttldata+6, - siglen) == 0) { - /* same! */ - return 1; - } - } - sig = sig->next; - } - return 0; -} - -/** Add rr (from packet here) to rrset, skips rr */ -static int -add_rr_to_rrset(struct rrset_parse* rrset, sldns_buffer* pkt, - struct msg_parse* msg, struct regional* region, - sldns_pkt_section section, uint16_t type) -{ - struct rr_parse* rr; - /* check section of rrset. */ - if(rrset->section != section && type != LDNS_RR_TYPE_RRSIG && - rrset->type != LDNS_RR_TYPE_RRSIG) { - /* silently drop it - we drop the last part, since - * trust in rr data depends on the section it is in. - * the less trustworthy part is discarded. - * also the last part is more likely to be incomplete. - * RFC 2181: must put RRset only once in response. */ - /* - verbose(VERB_QUERY, "Packet contains rrset data in " - "multiple sections, dropped last part."); - log_buf(VERB_QUERY, "packet was", pkt); - */ - /* forwards */ - if(!skip_ttl_rdata(pkt)) - return LDNS_RCODE_FORMERR; - return 0; - } - - if( (msg->qtype == LDNS_RR_TYPE_RRSIG || - msg->qtype == LDNS_RR_TYPE_ANY) - && sig_is_double(pkt, rrset, sldns_buffer_current(pkt))) { - if(!skip_ttl_rdata(pkt)) - return LDNS_RCODE_FORMERR; - return 0; - } - - /* create rr */ - if(!(rr = (struct rr_parse*)regional_alloc(region, sizeof(*rr)))) - return LDNS_RCODE_SERVFAIL; - rr->outside_packet = 0; - rr->ttl_data = sldns_buffer_current(pkt); - rr->next = 0; - if(type == LDNS_RR_TYPE_RRSIG && rrset->type != LDNS_RR_TYPE_RRSIG) { - if(rrset->rrsig_last) - rrset->rrsig_last->next = rr; - else rrset->rrsig_first = rr; - rrset->rrsig_last = rr; - rrset->rrsig_count++; - } else { - if(rrset->rr_last) - rrset->rr_last->next = rr; - else rrset->rr_first = rr; - rrset->rr_last = rr; - rrset->rr_count++; - } - - /* calc decompressed size */ - if(!calc_size(pkt, type, rr)) - return LDNS_RCODE_FORMERR; - rrset->size += rr->size; - - return 0; -} - -/** - * Parse packet RR section, for answer, authority and additional sections. - * @param pkt: packet, position at call must be at start of section. - * at end position is after section. - * @param msg: store results here. - * @param region: how to alloc results. - * @param section: section enum. - * @param num_rrs: how many rrs are in the section. - * @param num_rrsets: returns number of rrsets in the section. - * @return: 0 if OK, or rcode on error. - */ -static int -parse_section(sldns_buffer* pkt, struct msg_parse* msg, - struct regional* region, sldns_pkt_section section, - uint16_t num_rrs, size_t* num_rrsets) -{ - uint16_t i; - uint8_t* dname, *prev_dname_f = NULL, *prev_dname_l = NULL; - size_t dnamelen, prev_dnamelen = 0; - uint16_t type, prev_type = 0; - uint16_t dclass, prev_dclass = 0; - uint32_t rrset_flags = 0; - hashvalue_type hash = 0; - struct rrset_parse* rrset = NULL; - int r; - - if(num_rrs == 0) - return 0; - if(sldns_buffer_remaining(pkt) <= 0) - return LDNS_RCODE_FORMERR; - for(i=0; i_name: "??", - (int)type, - sldns_rr_descript(t)? - sldns_rr_descript(t)->_name: "??", - (int)t); - } else - fprintf(stderr, "parse of %s(%d)", - sldns_rr_descript(type)? - sldns_rr_descript(type)->_name: "??", - (int)type); - fprintf(stderr, " %s(%d) ", - sldns_lookup_by_id(sldns_rr_classes, - (int)ntohs(dclass))?sldns_lookup_by_id( - sldns_rr_classes, (int)ntohs(dclass))->name: - "??", (int)ntohs(dclass)); - dname_print(stderr, pkt, dname); - fprintf(stderr, "\n"); - } - - /* see if it is part of an existing RR set */ - if(!find_rrset(msg, pkt, dname, dnamelen, type, dclass, &hash, - &rrset_flags, &prev_dname_f, &prev_dname_l, - &prev_dnamelen, &prev_type, &prev_dclass, &rrset, - section, region)) - return LDNS_RCODE_SERVFAIL; - if(!rrset) { - /* it is a new RR set. hash&flags already calculated.*/ - (*num_rrsets)++; - rrset = new_rrset(msg, dname, dnamelen, type, dclass, - hash, rrset_flags, section, region); - if(!rrset) - return LDNS_RCODE_SERVFAIL; - } - else if(0) { - fprintf(stderr, "is part of existing: "); - dname_print(stderr, pkt, rrset->dname); - fprintf(stderr, " type %s(%d)\n", - sldns_rr_descript(rrset->type)? - sldns_rr_descript(rrset->type)->_name: "??", - (int)rrset->type); - } - /* add to rrset. */ - if((r=add_rr_to_rrset(rrset, pkt, msg, region, section, - type)) != 0) - return r; - } - return 0; -} - -int -parse_packet(sldns_buffer* pkt, struct msg_parse* msg, struct regional* region) -{ - int ret; - if(sldns_buffer_remaining(pkt) < LDNS_HEADER_SIZE) - return LDNS_RCODE_FORMERR; - /* read the header */ - sldns_buffer_read(pkt, &msg->id, sizeof(uint16_t)); - msg->flags = sldns_buffer_read_u16(pkt); - msg->qdcount = sldns_buffer_read_u16(pkt); - msg->ancount = sldns_buffer_read_u16(pkt); - msg->nscount = sldns_buffer_read_u16(pkt); - msg->arcount = sldns_buffer_read_u16(pkt); - if(msg->qdcount > 1) - return LDNS_RCODE_FORMERR; - if((ret = parse_query_section(pkt, msg)) != 0) - return ret; - if((ret = parse_section(pkt, msg, region, LDNS_SECTION_ANSWER, - msg->ancount, &msg->an_rrsets)) != 0) - return ret; - if((ret = parse_section(pkt, msg, region, LDNS_SECTION_AUTHORITY, - msg->nscount, &msg->ns_rrsets)) != 0) - return ret; - if(sldns_buffer_remaining(pkt) == 0 && msg->arcount == 1) { - /* BIND accepts leniently that an EDNS record is missing. - * so, we do too. */ - } else if((ret = parse_section(pkt, msg, region, - LDNS_SECTION_ADDITIONAL, msg->arcount, &msg->ar_rrsets)) != 0) - return ret; - /* if(sldns_buffer_remaining(pkt) > 0) { */ - /* there is spurious data at end of packet. ignore */ - /* } */ - msg->rrset_count = msg->an_rrsets + msg->ns_rrsets + msg->ar_rrsets; - return 0; -} - -/** parse EDNS options from EDNS wireformat rdata */ -static int -parse_edns_options(uint8_t* rdata_ptr, size_t rdata_len, - struct edns_data* edns, struct regional* region) -{ - /* while still more options, and have code+len to read */ - /* ignores partial content (i.e. rdata len 3) */ - while(rdata_len >= 4) { - uint16_t opt_code = sldns_read_uint16(rdata_ptr); - uint16_t opt_len = sldns_read_uint16(rdata_ptr+2); - rdata_ptr += 4; - rdata_len -= 4; - if(opt_len > rdata_len) - break; /* option code partial */ - if(!edns_opt_append(edns, region, opt_code, opt_len, - rdata_ptr)) { - log_err("out of memory"); - return 0; - } - rdata_ptr += opt_len; - rdata_len -= opt_len; - } - return 1; -} - -int -parse_extract_edns(struct msg_parse* msg, struct edns_data* edns, - struct regional* region) -{ - struct rrset_parse* rrset = msg->rrset_first; - struct rrset_parse* prev = 0; - struct rrset_parse* found = 0; - struct rrset_parse* found_prev = 0; - size_t rdata_len; - uint8_t* rdata_ptr; - /* since the class encodes the UDP size, we cannot use hash table to - * find the EDNS OPT record. Scan the packet. */ - while(rrset) { - if(rrset->type == LDNS_RR_TYPE_OPT) { - /* only one OPT RR allowed. */ - if(found) return LDNS_RCODE_FORMERR; - /* found it! */ - found_prev = prev; - found = rrset; - } - prev = rrset; - rrset = rrset->rrset_all_next; - } - if(!found) { - memset(edns, 0, sizeof(*edns)); - edns->udp_size = 512; - return 0; - } - /* check the found RRset */ - /* most lenient check possible. ignore dname, use last opt */ - if(found->section != LDNS_SECTION_ADDITIONAL) - return LDNS_RCODE_FORMERR; - if(found->rr_count == 0) - return LDNS_RCODE_FORMERR; - if(0) { /* strict checking of dname and RRcount */ - if(found->dname_len != 1 || !found->dname - || found->dname[0] != 0) return LDNS_RCODE_FORMERR; - if(found->rr_count != 1) return LDNS_RCODE_FORMERR; - } - log_assert(found->rr_first && found->rr_last); - - /* remove from packet */ - if(found_prev) found_prev->rrset_all_next = found->rrset_all_next; - else msg->rrset_first = found->rrset_all_next; - if(found == msg->rrset_last) - msg->rrset_last = found_prev; - msg->arcount --; - msg->ar_rrsets --; - msg->rrset_count --; - - /* take the data ! */ - edns->edns_present = 1; - edns->ext_rcode = found->rr_last->ttl_data[0]; - edns->edns_version = found->rr_last->ttl_data[1]; - edns->bits = sldns_read_uint16(&found->rr_last->ttl_data[2]); - edns->udp_size = ntohs(found->rrset_class); - edns->opt_list = NULL; - - /* take the options */ - rdata_len = found->rr_first->size; - rdata_ptr = found->rr_first->ttl_data+6; - if(!parse_edns_options(rdata_ptr, rdata_len, edns, region)) - return 0; - - /* ignore rrsigs */ - - return 0; -} - -int -parse_edns_from_pkt(sldns_buffer* pkt, struct edns_data* edns, - struct regional* region) -{ - size_t rdata_len; - uint8_t* rdata_ptr; - log_assert(LDNS_QDCOUNT(sldns_buffer_begin(pkt)) == 1); - log_assert(LDNS_ANCOUNT(sldns_buffer_begin(pkt)) == 0); - log_assert(LDNS_NSCOUNT(sldns_buffer_begin(pkt)) == 0); - /* check edns section is present */ - if(LDNS_ARCOUNT(sldns_buffer_begin(pkt)) > 1) { - return LDNS_RCODE_FORMERR; - } - if(LDNS_ARCOUNT(sldns_buffer_begin(pkt)) == 0) { - memset(edns, 0, sizeof(*edns)); - edns->udp_size = 512; - return 0; - } - /* domain name must be the root of length 1. */ - if(pkt_dname_len(pkt) != 1) - return LDNS_RCODE_FORMERR; - if(sldns_buffer_remaining(pkt) < 10) /* type, class, ttl, rdatalen */ - return LDNS_RCODE_FORMERR; - if(sldns_buffer_read_u16(pkt) != LDNS_RR_TYPE_OPT) - return LDNS_RCODE_FORMERR; - edns->edns_present = 1; - edns->udp_size = sldns_buffer_read_u16(pkt); /* class is udp size */ - edns->ext_rcode = sldns_buffer_read_u8(pkt); /* ttl used for bits */ - edns->edns_version = sldns_buffer_read_u8(pkt); - edns->bits = sldns_buffer_read_u16(pkt); - edns->opt_list = NULL; - - /* take the options */ - rdata_len = sldns_buffer_read_u16(pkt); - if(sldns_buffer_remaining(pkt) < rdata_len) - return LDNS_RCODE_FORMERR; - rdata_ptr = sldns_buffer_current(pkt); - if(!parse_edns_options(rdata_ptr, rdata_len, edns, region)) - return LDNS_RCODE_SERVFAIL; - - /* ignore rrsigs */ - - return 0; -} - -void -log_edns_opt_list(enum verbosity_value level, const char* info_str, - struct edns_option* list) -{ - if(verbosity >= level && list) { - char str[128], *s; - size_t slen; - verbose(level, "%s", info_str); - while(list) { - s = str; - slen = sizeof(str); - (void)sldns_wire2str_edns_option_print(&s, &slen, list->opt_code, - list->opt_data, list->opt_len); - verbose(level, " %s", str); - list = list->next; - } - } -} diff --git a/external/unbound/util/data/msgparse.h b/external/unbound/util/data/msgparse.h deleted file mode 100644 index e21f8504e..000000000 --- a/external/unbound/util/data/msgparse.h +++ /dev/null @@ -1,334 +0,0 @@ -/* - * util/data/msgparse.h - parse wireformat DNS messages. - * - * Copyright (c) 2007, NLnet Labs. All rights reserved. - * - * This software is open source. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * Redistributions of source code must retain the above copyright notice, - * this list of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, - * this list of conditions and the following disclaimer in the documentation - * and/or other materials provided with the distribution. - * - * Neither the name of the NLNET LABS nor the names of its contributors may - * be used to endorse or promote products derived from this software without - * specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR - * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT - * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED - * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR - * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF - * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING - * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/** - * \file - * Contains message parsing data structures. - * These point back into the packet buffer. - * - * During parsing RRSIGS are put together with the rrsets they (claim to) sign. - * This process works as follows: - * o if RRSIG follows the data rrset, it is added to the rrset rrsig list. - * o if no matching data rrset is found, the RRSIG becomes a new rrset. - * o If the data rrset later follows the RRSIG - * o See if the RRSIG rrset contains multiple types, and needs to - * have the rrsig(s) for that data type split off. - * o Put the data rr as data type in the rrset and rrsig in list. - * o RRSIGs are allowed to move to a different section. The section of - * the data item is used for the final rrset. - * o multiple signatures over an RRset are possible. - * - * For queries of qtype=RRSIG, some special handling is needed, to avoid - * splitting the RRSIG in the answer section. - * o duplicate, not split, RRSIGs from the answer section, if qtype=RRSIG. - * o check for doubles in the rrsig list when adding an RRSIG to data, - * so that a data rrset is signed by RRSIGs with different rdata. - * when qtype=RRSIG. - * This will move the RRSIG from the answer section to sign the data further - * in the packet (if possible). If then after that, more RRSIGs are found - * that sign the data as well, doubles are removed. - */ - -#ifndef UTIL_DATA_MSGPARSE_H -#define UTIL_DATA_MSGPARSE_H -#include "util/storage/lruhash.h" -#include "sldns/pkthdr.h" -#include "sldns/rrdef.h" -struct sldns_buffer; -struct rrset_parse; -struct rr_parse; -struct regional; -struct edns_option; - -/** number of buckets in parse rrset hash table. Must be power of 2. */ -#define PARSE_TABLE_SIZE 32 -/** Maximum TTL that is allowed. */ -extern time_t MAX_TTL; -/** Minimum TTL that is allowed. */ -extern time_t MIN_TTL; -/** Maximum Negative TTL that is allowed */ -extern time_t MAX_NEG_TTL; -/** Negative cache time (for entries without any RRs.) */ -#define NORR_TTL 5 /* seconds */ - -/** - * Data stored in scratch pad memory during parsing. - * Stores the data that will enter into the msgreply and packet result. - */ -struct msg_parse { - /** id from message, network format. */ - uint16_t id; - /** flags from message, host format. */ - uint16_t flags; - /** count of RRs, host format */ - uint16_t qdcount; - /** count of RRs, host format */ - uint16_t ancount; - /** count of RRs, host format */ - uint16_t nscount; - /** count of RRs, host format */ - uint16_t arcount; - /** count of RRsets per section. */ - size_t an_rrsets; - /** count of RRsets per section. */ - size_t ns_rrsets; - /** count of RRsets per section. */ - size_t ar_rrsets; - /** total number of rrsets found. */ - size_t rrset_count; - - /** query dname (pointer to start location in packet, NULL if none */ - uint8_t* qname; - /** length of query dname in octets, 0 if none */ - size_t qname_len; - /** query type, host order. 0 if qdcount=0 */ - uint16_t qtype; - /** query class, host order. 0 if qdcount=0 */ - uint16_t qclass; - - /** - * Hash table array used during parsing to lookup rrset types. - * Based on name, type, class. Same hash value as in rrset cache. - */ - struct rrset_parse* hashtable[PARSE_TABLE_SIZE]; - - /** linked list of rrsets that have been found (in order). */ - struct rrset_parse* rrset_first; - /** last element of rrset list. */ - struct rrset_parse* rrset_last; -}; - -/** - * Data stored for an rrset during parsing. - */ -struct rrset_parse { - /** next in hash bucket */ - struct rrset_parse* rrset_bucket_next; - /** next in list of all rrsets */ - struct rrset_parse* rrset_all_next; - /** hash value of rrset */ - hashvalue_type hash; - /** which section was it found in: one of - * LDNS_SECTION_ANSWER, LDNS_SECTION_AUTHORITY, LDNS_SECTION_ADDITIONAL - */ - sldns_pkt_section section; - /** start of (possibly compressed) dname in packet */ - uint8_t* dname; - /** length of the dname uncompressed wireformat */ - size_t dname_len; - /** type, host order. */ - uint16_t type; - /** class, network order. var name so that it is not a c++ keyword. */ - uint16_t rrset_class; - /** the flags for the rrset, like for packedrrset */ - uint32_t flags; - /** number of RRs in the rr list */ - size_t rr_count; - /** sum of RR rdata sizes */ - size_t size; - /** linked list of RRs in this rrset. */ - struct rr_parse* rr_first; - /** last in list of RRs in this rrset. */ - struct rr_parse* rr_last; - /** number of RRSIGs over this rrset. */ - size_t rrsig_count; - /** linked list of RRsig RRs over this rrset. */ - struct rr_parse* rrsig_first; - /** last in list of RRSIG RRs over this rrset. */ - struct rr_parse* rrsig_last; -}; - -/** - * Data stored for an RR during parsing. - */ -struct rr_parse { - /** - * Pointer to the RR. Points to start of TTL value in the packet. - * Rdata length and rdata follow it. - * its dname, type and class are the same and stored for the rrset. - */ - uint8_t* ttl_data; - /** true if ttl_data is not part of the packet, but elsewhere in mem. - * Set for generated CNAMEs for DNAMEs. */ - int outside_packet; - /** the length of the rdata if allocated (with no dname compression)*/ - size_t size; - /** next in list of RRs. */ - struct rr_parse* next; -}; - -/** Check if label length is first octet of a compression pointer, pass u8. */ -#define LABEL_IS_PTR(x) ( ((x)&0xc0) == 0xc0 ) -/** Calculate destination offset of a compression pointer. pass first and - * second octets of the compression pointer. */ -#define PTR_OFFSET(x, y) ( ((x)&0x3f)<<8 | (y) ) -/** create a compression pointer to the given offset. */ -#define PTR_CREATE(offset) ((uint16_t)(0xc000 | (offset))) - -/** error codes, extended with EDNS, so > 15. */ -#define EDNS_RCODE_BADVERS 16 /** bad EDNS version */ -/** largest valid compression offset */ -#define PTR_MAX_OFFSET 0x3fff - -/** - * EDNS data storage - * rdata is parsed in a list (has accessor functions). allocated in a - * region. - */ -struct edns_data { - /** if EDNS OPT record was present */ - int edns_present; - /** Extended RCODE */ - uint8_t ext_rcode; - /** The EDNS version number */ - uint8_t edns_version; - /** the EDNS bits field from ttl (host order): Z */ - uint16_t bits; - /** UDP reassembly size. */ - uint16_t udp_size; - /** rdata element list, or NULL if none */ - struct edns_option* opt_list; -}; - -/** - * EDNS option - */ -struct edns_option { - /** next item in list */ - struct edns_option* next; - /** type of this edns option */ - uint16_t opt_code; - /** length of this edns option (cannot exceed uint16 in encoding) */ - size_t opt_len; - /** data of this edns option; allocated in region, or NULL if len=0 */ - uint8_t* opt_data; -}; - -/** - * Obtain size in the packet of an rr type, that is before dname type. - * Do TYPE_DNAME, and type STR, yourself. Gives size for most regular types. - * @param rdf: the rdf type from the descriptor. - * @return: size in octets. 0 on failure. - */ -size_t get_rdf_size(sldns_rdf_type rdf); - -/** - * Parse the packet. - * @param pkt: packet, position at call must be at start of packet. - * at end position is after packet. - * @param msg: where to store results. - * @param region: how to alloc results. - * @return: 0 if OK, or rcode on error. - */ -int parse_packet(struct sldns_buffer* pkt, struct msg_parse* msg, - struct regional* region); - -/** - * After parsing the packet, extract EDNS data from packet. - * If not present this is noted in the data structure. - * If a parse error happens, an error code is returned. - * - * Quirks: - * o ignores OPT rdata. - * o ignores OPT owner name. - * o ignores extra OPT records, except the last one in the packet. - * - * @param msg: parsed message structure. Modified on exit, if EDNS was present - * it is removed from the additional section. - * @param edns: the edns data is stored here. Does not have to be initialised. - * @param region: region to alloc results in (edns option contents) - * @return: 0 on success. or an RCODE on an error. - * RCODE formerr if OPT in wrong section, and so on. - */ -int parse_extract_edns(struct msg_parse* msg, struct edns_data* edns, - struct regional* region); - -/** - * If EDNS data follows a query section, extract it and initialize edns struct. - * @param pkt: the packet. position at start must be right after the query - * section. At end, right after EDNS data or no movement if failed. - * @param edns: the edns data allocated by the caller. Does not have to be - * initialised. - * @param region: region to alloc results in (edns option contents) - * @return: 0 on success, or an RCODE on error. - * RCODE formerr if OPT is badly formatted and so on. - */ -int parse_edns_from_pkt(struct sldns_buffer* pkt, struct edns_data* edns, - struct regional* region); - -/** - * Calculate hash value for rrset in packet. - * @param pkt: the packet. - * @param dname: pointer to uncompressed dname, or compressed dname in packet. - * @param type: rrset type in host order. - * @param dclass: rrset class in network order. - * @param rrset_flags: rrset flags (same as packed_rrset flags). - * @return hash value - */ -hashvalue_type pkt_hash_rrset(struct sldns_buffer* pkt, uint8_t* dname, - uint16_t type, uint16_t dclass, uint32_t rrset_flags); - -/** - * Lookup in msg hashtable to find a rrset. - * @param msg: with the hashtable. - * @param pkt: packet for compressed names. - * @param h: hash value - * @param rrset_flags: flags of rrset sought for. - * @param dname: name of rrset sought for. - * @param dnamelen: len of dname. - * @param type: rrset type, host order. - * @param dclass: rrset class, network order. - * @return NULL or the rrset_parse if found. - */ -struct rrset_parse* msgparse_hashtable_lookup(struct msg_parse* msg, - struct sldns_buffer* pkt, hashvalue_type h, uint32_t rrset_flags, - uint8_t* dname, size_t dnamelen, uint16_t type, uint16_t dclass); - -/** - * Remove rrset from hash table. - * @param msg: with hashtable. - * @param rrset: with hash value and id info. - */ -void msgparse_bucket_remove(struct msg_parse* msg, struct rrset_parse* rrset); - -/** - * Log the edns options in the edns option list. - * @param level: the verbosity level. - * @param info_str: the informational string to be printed before the options. - * @param list: the edns option list. - */ -void log_edns_opt_list(enum verbosity_value level, const char* info_str, - struct edns_option* list); - -#endif /* UTIL_DATA_MSGPARSE_H */ diff --git a/external/unbound/util/data/msgreply.c b/external/unbound/util/data/msgreply.c deleted file mode 100644 index 2ce898d7f..000000000 --- a/external/unbound/util/data/msgreply.c +++ /dev/null @@ -1,1206 +0,0 @@ -/* - * util/data/msgreply.c - store message and reply data. - * - * Copyright (c) 2007, NLnet Labs. All rights reserved. - * - * This software is open source. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * Redistributions of source code must retain the above copyright notice, - * this list of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, - * this list of conditions and the following disclaimer in the documentation - * and/or other materials provided with the distribution. - * - * Neither the name of the NLNET LABS nor the names of its contributors may - * be used to endorse or promote products derived from this software without - * specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR - * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT - * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED - * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR - * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF - * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING - * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -/** - * \file - * - * This file contains a data structure to store a message and its reply. - */ - -#include "config.h" -#include "util/data/msgreply.h" -#include "util/storage/lookup3.h" -#include "util/log.h" -#include "util/alloc.h" -#include "util/netevent.h" -#include "util/net_help.h" -#include "util/data/dname.h" -#include "util/regional.h" -#include "util/data/msgparse.h" -#include "util/data/msgencode.h" -#include "sldns/sbuffer.h" -#include "sldns/wire2str.h" -#include "util/module.h" -#include "util/fptr_wlist.h" - -/** MAX TTL default for messages and rrsets */ -time_t MAX_TTL = 3600 * 24 * 10; /* ten days */ -/** MIN TTL default for messages and rrsets */ -time_t MIN_TTL = 0; -/** MAX Negative TTL, for SOA records in authority section */ -time_t MAX_NEG_TTL = 3600; /* one hour */ - -/** allocate qinfo, return 0 on error */ -static int -parse_create_qinfo(sldns_buffer* pkt, struct msg_parse* msg, - struct query_info* qinf, struct regional* region) -{ - if(msg->qname) { - if(region) - qinf->qname = (uint8_t*)regional_alloc(region, - msg->qname_len); - else qinf->qname = (uint8_t*)malloc(msg->qname_len); - if(!qinf->qname) return 0; - dname_pkt_copy(pkt, qinf->qname, msg->qname); - } else qinf->qname = 0; - qinf->qname_len = msg->qname_len; - qinf->qtype = msg->qtype; - qinf->qclass = msg->qclass; - qinf->local_alias = NULL; - return 1; -} - -/** constructor for replyinfo */ -struct reply_info* -construct_reply_info_base(struct regional* region, uint16_t flags, size_t qd, - time_t ttl, time_t prettl, size_t an, size_t ns, size_t ar, - size_t total, enum sec_status sec) -{ - struct reply_info* rep; - /* rrset_count-1 because the first ref is part of the struct. */ - size_t s = sizeof(struct reply_info) - sizeof(struct rrset_ref) + - sizeof(struct ub_packed_rrset_key*) * total; - if(total >= RR_COUNT_MAX) return NULL; /* sanity check on numRRS*/ - if(region) - rep = (struct reply_info*)regional_alloc(region, s); - else rep = (struct reply_info*)malloc(s + - sizeof(struct rrset_ref) * (total)); - if(!rep) - return NULL; - rep->flags = flags; - rep->qdcount = qd; - rep->ttl = ttl; - rep->prefetch_ttl = prettl; - rep->an_numrrsets = an; - rep->ns_numrrsets = ns; - rep->ar_numrrsets = ar; - rep->rrset_count = total; - rep->security = sec; - rep->authoritative = 0; - /* array starts after the refs */ - if(region) - rep->rrsets = (struct ub_packed_rrset_key**)&(rep->ref[0]); - else rep->rrsets = (struct ub_packed_rrset_key**)&(rep->ref[total]); - /* zero the arrays to assist cleanup in case of malloc failure */ - memset( rep->rrsets, 0, sizeof(struct ub_packed_rrset_key*) * total); - if(!region) - memset( &rep->ref[0], 0, sizeof(struct rrset_ref) * total); - return rep; -} - -/** allocate replyinfo, return 0 on error */ -static int -parse_create_repinfo(struct msg_parse* msg, struct reply_info** rep, - struct regional* region) -{ - *rep = construct_reply_info_base(region, msg->flags, msg->qdcount, 0, - 0, msg->an_rrsets, msg->ns_rrsets, msg->ar_rrsets, - msg->rrset_count, sec_status_unchecked); - if(!*rep) - return 0; - return 1; -} - -int -reply_info_alloc_rrset_keys(struct reply_info* rep, struct alloc_cache* alloc, - struct regional* region) -{ - size_t i; - for(i=0; irrset_count; i++) { - if(region) { - rep->rrsets[i] = (struct ub_packed_rrset_key*) - regional_alloc(region, - sizeof(struct ub_packed_rrset_key)); - if(rep->rrsets[i]) { - memset(rep->rrsets[i], 0, - sizeof(struct ub_packed_rrset_key)); - rep->rrsets[i]->entry.key = rep->rrsets[i]; - } - } - else rep->rrsets[i] = alloc_special_obtain(alloc); - if(!rep->rrsets[i]) - return 0; - rep->rrsets[i]->entry.data = NULL; - } - return 1; -} - -/** find the minimumttl in the rdata of SOA record */ -static time_t -soa_find_minttl(struct rr_parse* rr) -{ - uint16_t rlen = sldns_read_uint16(rr->ttl_data+4); - if(rlen < 20) - return 0; /* rdata too small for SOA (dname, dname, 5*32bit) */ - /* minimum TTL is the last 32bit value in the rdata of the record */ - /* at position ttl_data + 4(ttl) + 2(rdatalen) + rdatalen - 4(timeval)*/ - return (time_t)sldns_read_uint32(rr->ttl_data+6+rlen-4); -} - -/** do the rdata copy */ -static int -rdata_copy(sldns_buffer* pkt, struct packed_rrset_data* data, uint8_t* to, - struct rr_parse* rr, time_t* rr_ttl, uint16_t type, - sldns_pkt_section section) -{ - uint16_t pkt_len; - const sldns_rr_descriptor* desc; - - *rr_ttl = sldns_read_uint32(rr->ttl_data); - /* RFC 2181 Section 8. if msb of ttl is set treat as if zero. */ - if(*rr_ttl & 0x80000000U) - *rr_ttl = 0; - if(type == LDNS_RR_TYPE_SOA && section == LDNS_SECTION_AUTHORITY) { - /* negative response. see if TTL of SOA record larger than the - * minimum-ttl in the rdata of the SOA record */ - if(*rr_ttl > soa_find_minttl(rr)) - *rr_ttl = soa_find_minttl(rr); - if(*rr_ttl > MAX_NEG_TTL) - *rr_ttl = MAX_NEG_TTL; - } - if(*rr_ttl < MIN_TTL) - *rr_ttl = MIN_TTL; - if(*rr_ttl < data->ttl) - data->ttl = *rr_ttl; - - if(rr->outside_packet) { - /* uncompressed already, only needs copy */ - memmove(to, rr->ttl_data+sizeof(uint32_t), rr->size); - return 1; - } - - sldns_buffer_set_position(pkt, (size_t) - (rr->ttl_data - sldns_buffer_begin(pkt) + sizeof(uint32_t))); - /* insert decompressed size into rdata len stored in memory */ - /* -2 because rdatalen bytes are not included. */ - pkt_len = htons(rr->size - 2); - memmove(to, &pkt_len, sizeof(uint16_t)); - to += 2; - /* read packet rdata len */ - pkt_len = sldns_buffer_read_u16(pkt); - if(sldns_buffer_remaining(pkt) < pkt_len) - return 0; - desc = sldns_rr_descript(type); - if(pkt_len > 0 && desc && desc->_dname_count > 0) { - int count = (int)desc->_dname_count; - int rdf = 0; - size_t len; - size_t oldpos; - /* decompress dnames. */ - while(pkt_len > 0 && count) { - switch(desc->_wireformat[rdf]) { - case LDNS_RDF_TYPE_DNAME: - oldpos = sldns_buffer_position(pkt); - dname_pkt_copy(pkt, to, - sldns_buffer_current(pkt)); - to += pkt_dname_len(pkt); - pkt_len -= sldns_buffer_position(pkt)-oldpos; - count--; - len = 0; - break; - case LDNS_RDF_TYPE_STR: - len = sldns_buffer_current(pkt)[0] + 1; - break; - default: - len = get_rdf_size(desc->_wireformat[rdf]); - break; - } - if(len) { - memmove(to, sldns_buffer_current(pkt), len); - to += len; - sldns_buffer_skip(pkt, (ssize_t)len); - log_assert(len <= pkt_len); - pkt_len -= len; - } - rdf++; - } - } - /* copy remaining rdata */ - if(pkt_len > 0) - memmove(to, sldns_buffer_current(pkt), pkt_len); - - return 1; -} - -/** copy over the data into packed rrset */ -static int -parse_rr_copy(sldns_buffer* pkt, struct rrset_parse* pset, - struct packed_rrset_data* data) -{ - size_t i; - struct rr_parse* rr = pset->rr_first; - uint8_t* nextrdata; - size_t total = pset->rr_count + pset->rrsig_count; - data->ttl = MAX_TTL; - data->count = pset->rr_count; - data->rrsig_count = pset->rrsig_count; - data->trust = rrset_trust_none; - data->security = sec_status_unchecked; - /* layout: struct - rr_len - rr_data - rr_ttl - rdata - rrsig */ - data->rr_len = (size_t*)((uint8_t*)data + - sizeof(struct packed_rrset_data)); - data->rr_data = (uint8_t**)&(data->rr_len[total]); - data->rr_ttl = (time_t*)&(data->rr_data[total]); - nextrdata = (uint8_t*)&(data->rr_ttl[total]); - for(i=0; icount; i++) { - data->rr_len[i] = rr->size; - data->rr_data[i] = nextrdata; - nextrdata += rr->size; - if(!rdata_copy(pkt, data, data->rr_data[i], rr, - &data->rr_ttl[i], pset->type, pset->section)) - return 0; - rr = rr->next; - } - /* if rrsig, its rdata is at nextrdata */ - rr = pset->rrsig_first; - for(i=data->count; irr_len[i] = rr->size; - data->rr_data[i] = nextrdata; - nextrdata += rr->size; - if(!rdata_copy(pkt, data, data->rr_data[i], rr, - &data->rr_ttl[i], LDNS_RR_TYPE_RRSIG, pset->section)) - return 0; - rr = rr->next; - } - return 1; -} - -/** create rrset return 0 on failure */ -static int -parse_create_rrset(sldns_buffer* pkt, struct rrset_parse* pset, - struct packed_rrset_data** data, struct regional* region) -{ - /* allocate */ - size_t s; - if(pset->rr_count > RR_COUNT_MAX || pset->rrsig_count > RR_COUNT_MAX || - pset->size > RR_COUNT_MAX) - return 0; /* protect against integer overflow */ - s = sizeof(struct packed_rrset_data) + - (pset->rr_count + pset->rrsig_count) * - (sizeof(size_t)+sizeof(uint8_t*)+sizeof(time_t)) + - pset->size; - if(region) - *data = regional_alloc(region, s); - else *data = malloc(s); - if(!*data) - return 0; - /* copy & decompress */ - if(!parse_rr_copy(pkt, pset, *data)) { - if(!region) free(*data); - return 0; - } - return 1; -} - -/** get trust value for rrset */ -static enum rrset_trust -get_rrset_trust(struct msg_parse* msg, struct rrset_parse* rrset) -{ - uint16_t AA = msg->flags & BIT_AA; - if(rrset->section == LDNS_SECTION_ANSWER) { - if(AA) { - /* RFC2181 says remainder of CNAME chain is nonauth*/ - if(msg->rrset_first && - msg->rrset_first->section==LDNS_SECTION_ANSWER - && msg->rrset_first->type==LDNS_RR_TYPE_CNAME){ - if(rrset == msg->rrset_first) - return rrset_trust_ans_AA; - else return rrset_trust_ans_noAA; - } - if(msg->rrset_first && - msg->rrset_first->section==LDNS_SECTION_ANSWER - && msg->rrset_first->type==LDNS_RR_TYPE_DNAME){ - if(rrset == msg->rrset_first || - rrset == msg->rrset_first->rrset_all_next) - return rrset_trust_ans_AA; - else return rrset_trust_ans_noAA; - } - return rrset_trust_ans_AA; - } - else return rrset_trust_ans_noAA; - } else if(rrset->section == LDNS_SECTION_AUTHORITY) { - if(AA) return rrset_trust_auth_AA; - else return rrset_trust_auth_noAA; - } else { - /* addit section */ - if(AA) return rrset_trust_add_AA; - else return rrset_trust_add_noAA; - } - /* NOTREACHED */ - return rrset_trust_none; -} - -int -parse_copy_decompress_rrset(sldns_buffer* pkt, struct msg_parse* msg, - struct rrset_parse *pset, struct regional* region, - struct ub_packed_rrset_key* pk) -{ - struct packed_rrset_data* data; - pk->rk.flags = pset->flags; - pk->rk.dname_len = pset->dname_len; - if(region) - pk->rk.dname = (uint8_t*)regional_alloc( - region, pset->dname_len); - else pk->rk.dname = - (uint8_t*)malloc(pset->dname_len); - if(!pk->rk.dname) - return 0; - /** copy & decompress dname */ - dname_pkt_copy(pkt, pk->rk.dname, pset->dname); - /** copy over type and class */ - pk->rk.type = htons(pset->type); - pk->rk.rrset_class = pset->rrset_class; - /** read data part. */ - if(!parse_create_rrset(pkt, pset, &data, region)) - return 0; - pk->entry.data = (void*)data; - pk->entry.key = (void*)pk; - pk->entry.hash = pset->hash; - data->trust = get_rrset_trust(msg, pset); - return 1; -} - -/** - * Copy and decompress rrs - * @param pkt: the packet for compression pointer resolution. - * @param msg: the parsed message - * @param rep: reply info to put rrs into. - * @param region: if not NULL, used for allocation. - * @return 0 on failure. - */ -static int -parse_copy_decompress(sldns_buffer* pkt, struct msg_parse* msg, - struct reply_info* rep, struct regional* region) -{ - size_t i; - struct rrset_parse *pset = msg->rrset_first; - struct packed_rrset_data* data; - log_assert(rep); - rep->ttl = MAX_TTL; - rep->security = sec_status_unchecked; - if(rep->rrset_count == 0) - rep->ttl = NORR_TTL; - - for(i=0; irrset_count; i++) { - if(!parse_copy_decompress_rrset(pkt, msg, pset, region, - rep->rrsets[i])) - return 0; - data = (struct packed_rrset_data*)rep->rrsets[i]->entry.data; - if(data->ttl < rep->ttl) - rep->ttl = data->ttl; - - pset = pset->rrset_all_next; - } - rep->prefetch_ttl = PREFETCH_TTL_CALC(rep->ttl); - return 1; -} - -int -parse_create_msg(sldns_buffer* pkt, struct msg_parse* msg, - struct alloc_cache* alloc, struct query_info* qinf, - struct reply_info** rep, struct regional* region) -{ - log_assert(pkt && msg); - if(!parse_create_qinfo(pkt, msg, qinf, region)) - return 0; - if(!parse_create_repinfo(msg, rep, region)) - return 0; - if(!reply_info_alloc_rrset_keys(*rep, alloc, region)) - return 0; - if(!parse_copy_decompress(pkt, msg, *rep, region)) - return 0; - return 1; -} - -int reply_info_parse(sldns_buffer* pkt, struct alloc_cache* alloc, - struct query_info* qinf, struct reply_info** rep, - struct regional* region, struct edns_data* edns) -{ - /* use scratch pad region-allocator during parsing. */ - struct msg_parse* msg; - int ret; - - qinf->qname = NULL; - qinf->local_alias = NULL; - *rep = NULL; - if(!(msg = regional_alloc(region, sizeof(*msg)))) { - return LDNS_RCODE_SERVFAIL; - } - memset(msg, 0, sizeof(*msg)); - - sldns_buffer_set_position(pkt, 0); - if((ret = parse_packet(pkt, msg, region)) != 0) { - return ret; - } - if((ret = parse_extract_edns(msg, edns, region)) != 0) - return ret; - - /* parse OK, allocate return structures */ - /* this also performs dname decompression */ - if(!parse_create_msg(pkt, msg, alloc, qinf, rep, NULL)) { - query_info_clear(qinf); - reply_info_parsedelete(*rep, alloc); - *rep = NULL; - return LDNS_RCODE_SERVFAIL; - } - return 0; -} - -/** helper compare function to sort in lock order */ -static int -reply_info_sortref_cmp(const void* a, const void* b) -{ - struct rrset_ref* x = (struct rrset_ref*)a; - struct rrset_ref* y = (struct rrset_ref*)b; - if(x->key < y->key) return -1; - if(x->key > y->key) return 1; - return 0; -} - -void -reply_info_sortref(struct reply_info* rep) -{ - qsort(&rep->ref[0], rep->rrset_count, sizeof(struct rrset_ref), - reply_info_sortref_cmp); -} - -void -reply_info_set_ttls(struct reply_info* rep, time_t timenow) -{ - size_t i, j; - rep->ttl += timenow; - rep->prefetch_ttl += timenow; - for(i=0; irrset_count; i++) { - struct packed_rrset_data* data = (struct packed_rrset_data*) - rep->ref[i].key->entry.data; - if(i>0 && rep->ref[i].key == rep->ref[i-1].key) - continue; - data->ttl += timenow; - for(j=0; jcount + data->rrsig_count; j++) { - data->rr_ttl[j] += timenow; - } - } -} - -void -reply_info_parsedelete(struct reply_info* rep, struct alloc_cache* alloc) -{ - size_t i; - if(!rep) - return; - /* no need to lock, since not shared in hashtables. */ - for(i=0; irrset_count; i++) { - ub_packed_rrset_parsedelete(rep->rrsets[i], alloc); - } - free(rep); -} - -int -query_info_parse(struct query_info* m, sldns_buffer* query) -{ - uint8_t* q = sldns_buffer_begin(query); - /* minimum size: header + \0 + qtype + qclass */ - if(sldns_buffer_limit(query) < LDNS_HEADER_SIZE + 5) - return 0; - if(LDNS_OPCODE_WIRE(q) != LDNS_PACKET_QUERY || - LDNS_QDCOUNT(q) != 1 || sldns_buffer_position(query) != 0) - return 0; - sldns_buffer_skip(query, LDNS_HEADER_SIZE); - m->qname = sldns_buffer_current(query); - if((m->qname_len = query_dname_len(query)) == 0) - return 0; /* parse error */ - if(sldns_buffer_remaining(query) < 4) - return 0; /* need qtype, qclass */ - m->qtype = sldns_buffer_read_u16(query); - m->qclass = sldns_buffer_read_u16(query); - m->local_alias = NULL; - return 1; -} - -/** tiny subroutine for msgreply_compare */ -#define COMPARE_IT(x, y) \ - if( (x) < (y) ) return -1; \ - else if( (x) > (y) ) return +1; \ - log_assert( (x) == (y) ); - -int -query_info_compare(void* m1, void* m2) -{ - struct query_info* msg1 = (struct query_info*)m1; - struct query_info* msg2 = (struct query_info*)m2; - int mc; - /* from most different to least different for speed */ - COMPARE_IT(msg1->qtype, msg2->qtype); - if((mc = query_dname_compare(msg1->qname, msg2->qname)) != 0) - return mc; - log_assert(msg1->qname_len == msg2->qname_len); - COMPARE_IT(msg1->qclass, msg2->qclass); - return 0; -#undef COMPARE_IT -} - -void -query_info_clear(struct query_info* m) -{ - free(m->qname); - m->qname = NULL; -} - -size_t -msgreply_sizefunc(void* k, void* d) -{ - struct msgreply_entry* q = (struct msgreply_entry*)k; - struct reply_info* r = (struct reply_info*)d; - size_t s = sizeof(struct msgreply_entry) + sizeof(struct reply_info) - + q->key.qname_len + lock_get_mem(&q->entry.lock) - - sizeof(struct rrset_ref); - s += r->rrset_count * sizeof(struct rrset_ref); - s += r->rrset_count * sizeof(struct ub_packed_rrset_key*); - return s; -} - -void -query_entry_delete(void *k, void* ATTR_UNUSED(arg)) -{ - struct msgreply_entry* q = (struct msgreply_entry*)k; - lock_rw_destroy(&q->entry.lock); - query_info_clear(&q->key); - free(q); -} - -void -reply_info_delete(void* d, void* ATTR_UNUSED(arg)) -{ - struct reply_info* r = (struct reply_info*)d; - free(r); -} - -hashvalue_type -query_info_hash(struct query_info *q, uint16_t flags) -{ - hashvalue_type h = 0xab; - h = hashlittle(&q->qtype, sizeof(q->qtype), h); - if(q->qtype == LDNS_RR_TYPE_AAAA && (flags&BIT_CD)) - h++; - h = hashlittle(&q->qclass, sizeof(q->qclass), h); - h = dname_query_hash(q->qname, h); - return h; -} - -struct msgreply_entry* -query_info_entrysetup(struct query_info* q, struct reply_info* r, - hashvalue_type h) -{ - struct msgreply_entry* e = (struct msgreply_entry*)malloc( - sizeof(struct msgreply_entry)); - if(!e) return NULL; - memcpy(&e->key, q, sizeof(*q)); - e->entry.hash = h; - e->entry.key = e; - e->entry.data = r; - lock_rw_init(&e->entry.lock); - lock_protect(&e->entry.lock, &e->key, sizeof(e->key)); - lock_protect(&e->entry.lock, &e->entry.hash, sizeof(e->entry.hash) + - sizeof(e->entry.key) + sizeof(e->entry.data)); - lock_protect(&e->entry.lock, e->key.qname, e->key.qname_len); - q->qname = NULL; - return e; -} - -/** copy rrsets from replyinfo to dest replyinfo */ -static int -repinfo_copy_rrsets(struct reply_info* dest, struct reply_info* from, - struct regional* region) -{ - size_t i, s; - struct packed_rrset_data* fd, *dd; - struct ub_packed_rrset_key* fk, *dk; - for(i=0; irrset_count; i++) { - fk = from->rrsets[i]; - dk = dest->rrsets[i]; - fd = (struct packed_rrset_data*)fk->entry.data; - dk->entry.hash = fk->entry.hash; - dk->rk = fk->rk; - if(region) { - dk->id = fk->id; - dk->rk.dname = (uint8_t*)regional_alloc_init(region, - fk->rk.dname, fk->rk.dname_len); - } else - dk->rk.dname = (uint8_t*)memdup(fk->rk.dname, - fk->rk.dname_len); - if(!dk->rk.dname) - return 0; - s = packed_rrset_sizeof(fd); - if(region) - dd = (struct packed_rrset_data*)regional_alloc_init( - region, fd, s); - else dd = (struct packed_rrset_data*)memdup(fd, s); - if(!dd) - return 0; - packed_rrset_ptr_fixup(dd); - dk->entry.data = (void*)dd; - } - return 1; -} - -struct reply_info* -reply_info_copy(struct reply_info* rep, struct alloc_cache* alloc, - struct regional* region) -{ - struct reply_info* cp; - cp = construct_reply_info_base(region, rep->flags, rep->qdcount, - rep->ttl, rep->prefetch_ttl, rep->an_numrrsets, - rep->ns_numrrsets, rep->ar_numrrsets, rep->rrset_count, - rep->security); - if(!cp) - return NULL; - /* allocate ub_key structures special or not */ - if(!reply_info_alloc_rrset_keys(cp, alloc, region)) { - if(!region) - reply_info_parsedelete(cp, alloc); - return NULL; - } - if(!repinfo_copy_rrsets(cp, rep, region)) { - if(!region) - reply_info_parsedelete(cp, alloc); - return NULL; - } - return cp; -} - -uint8_t* -reply_find_final_cname_target(struct query_info* qinfo, struct reply_info* rep) -{ - uint8_t* sname = qinfo->qname; - size_t snamelen = qinfo->qname_len; - size_t i; - for(i=0; ian_numrrsets; i++) { - struct ub_packed_rrset_key* s = rep->rrsets[i]; - /* follow CNAME chain (if any) */ - if(ntohs(s->rk.type) == LDNS_RR_TYPE_CNAME && - ntohs(s->rk.rrset_class) == qinfo->qclass && - snamelen == s->rk.dname_len && - query_dname_compare(sname, s->rk.dname) == 0) { - get_cname_target(s, &sname, &snamelen); - } - } - if(sname != qinfo->qname) - return sname; - return NULL; -} - -struct ub_packed_rrset_key* -reply_find_answer_rrset(struct query_info* qinfo, struct reply_info* rep) -{ - uint8_t* sname = qinfo->qname; - size_t snamelen = qinfo->qname_len; - size_t i; - for(i=0; ian_numrrsets; i++) { - struct ub_packed_rrset_key* s = rep->rrsets[i]; - /* first match type, for query of qtype cname */ - if(ntohs(s->rk.type) == qinfo->qtype && - ntohs(s->rk.rrset_class) == qinfo->qclass && - snamelen == s->rk.dname_len && - query_dname_compare(sname, s->rk.dname) == 0) { - return s; - } - /* follow CNAME chain (if any) */ - if(ntohs(s->rk.type) == LDNS_RR_TYPE_CNAME && - ntohs(s->rk.rrset_class) == qinfo->qclass && - snamelen == s->rk.dname_len && - query_dname_compare(sname, s->rk.dname) == 0) { - get_cname_target(s, &sname, &snamelen); - } - } - return NULL; -} - -struct ub_packed_rrset_key* reply_find_rrset_section_an(struct reply_info* rep, - uint8_t* name, size_t namelen, uint16_t type, uint16_t dclass) -{ - size_t i; - for(i=0; ian_numrrsets; i++) { - struct ub_packed_rrset_key* s = rep->rrsets[i]; - if(ntohs(s->rk.type) == type && - ntohs(s->rk.rrset_class) == dclass && - namelen == s->rk.dname_len && - query_dname_compare(name, s->rk.dname) == 0) { - return s; - } - } - return NULL; -} - -struct ub_packed_rrset_key* reply_find_rrset_section_ns(struct reply_info* rep, - uint8_t* name, size_t namelen, uint16_t type, uint16_t dclass) -{ - size_t i; - for(i=rep->an_numrrsets; ian_numrrsets+rep->ns_numrrsets; i++) { - struct ub_packed_rrset_key* s = rep->rrsets[i]; - if(ntohs(s->rk.type) == type && - ntohs(s->rk.rrset_class) == dclass && - namelen == s->rk.dname_len && - query_dname_compare(name, s->rk.dname) == 0) { - return s; - } - } - return NULL; -} - -struct ub_packed_rrset_key* reply_find_rrset(struct reply_info* rep, - uint8_t* name, size_t namelen, uint16_t type, uint16_t dclass) -{ - size_t i; - for(i=0; irrset_count; i++) { - struct ub_packed_rrset_key* s = rep->rrsets[i]; - if(ntohs(s->rk.type) == type && - ntohs(s->rk.rrset_class) == dclass && - namelen == s->rk.dname_len && - query_dname_compare(name, s->rk.dname) == 0) { - return s; - } - } - return NULL; -} - -void -log_dns_msg(const char* str, struct query_info* qinfo, struct reply_info* rep) -{ - /* not particularly fast but flexible, make wireformat and print */ - sldns_buffer* buf = sldns_buffer_new(65535); - struct regional* region = regional_create(); - if(!reply_info_encode(qinfo, rep, 0, rep->flags, buf, 0, - region, 65535, 1)) { - log_info("%s: log_dns_msg: out of memory", str); - } else { - char* s = sldns_wire2str_pkt(sldns_buffer_begin(buf), - sldns_buffer_limit(buf)); - if(!s) { - log_info("%s: log_dns_msg: ldns tostr failed", str); - } else { - log_info("%s %s", str, s); - } - free(s); - } - sldns_buffer_free(buf); - regional_destroy(region); -} - -void -log_reply_info(enum verbosity_value v, struct query_info *qinf, - struct sockaddr_storage *addr, socklen_t addrlen, struct timeval dur, - int cached, struct sldns_buffer *rmsg) -{ - char qname_buf[LDNS_MAX_DOMAINLEN+1]; - char clientip_buf[128]; - char rcode_buf[16]; - char type_buf[16]; - char class_buf[16]; - size_t pktlen; - uint16_t rcode = FLAGS_GET_RCODE(sldns_buffer_read_u16_at(rmsg, 2)); - - if(verbosity < v) - return; - - sldns_wire2str_rcode_buf((int)rcode, rcode_buf, sizeof(rcode_buf)); - addr_to_str(addr, addrlen, clientip_buf, sizeof(clientip_buf)); - if(rcode == LDNS_RCODE_FORMERR) - { - log_info("%s - - - %s - - - ", clientip_buf, rcode_buf); - } else { - dname_str(qinf->qname, qname_buf); - pktlen = sldns_buffer_limit(rmsg); - sldns_wire2str_type_buf(qinf->qtype, type_buf, sizeof(type_buf)); - sldns_wire2str_class_buf(qinf->qclass, class_buf, sizeof(class_buf)); - log_info("%s %s %s %s %s " ARG_LL "d.%6.6d %d %d", - clientip_buf, qname_buf, type_buf, class_buf, - rcode_buf, (long long)dur.tv_sec, (int)dur.tv_usec, cached, (int)pktlen); - } -} - -void -log_query_info(enum verbosity_value v, const char* str, - struct query_info* qinf) -{ - log_nametypeclass(v, str, qinf->qname, qinf->qtype, qinf->qclass); -} - -int -reply_check_cname_chain(struct query_info* qinfo, struct reply_info* rep) -{ - /* check only answer section rrs for matching cname chain. - * the cache may return changed rdata, but owner names are untouched.*/ - size_t i; - uint8_t* sname = qinfo->qname; - size_t snamelen = qinfo->qname_len; - for(i=0; ian_numrrsets; i++) { - uint16_t t = ntohs(rep->rrsets[i]->rk.type); - if(t == LDNS_RR_TYPE_DNAME) - continue; /* skip dnames; note TTL 0 not cached */ - /* verify that owner matches current sname */ - if(query_dname_compare(sname, rep->rrsets[i]->rk.dname) != 0){ - /* cname chain broken */ - return 0; - } - /* if this is a cname; move on */ - if(t == LDNS_RR_TYPE_CNAME) { - get_cname_target(rep->rrsets[i], &sname, &snamelen); - } - } - return 1; -} - -int -reply_all_rrsets_secure(struct reply_info* rep) -{ - size_t i; - for(i=0; irrset_count; i++) { - if( ((struct packed_rrset_data*)rep->rrsets[i]->entry.data) - ->security != sec_status_secure ) - return 0; - } - return 1; -} - -int edns_opt_append(struct edns_data* edns, struct regional* region, - uint16_t code, size_t len, uint8_t* data) -{ - struct edns_option** prevp; - struct edns_option* opt; - - /* allocate new element */ - opt = (struct edns_option*)regional_alloc(region, sizeof(*opt)); - if(!opt) - return 0; - opt->next = NULL; - opt->opt_code = code; - opt->opt_len = len; - opt->opt_data = NULL; - if(len > 0) { - opt->opt_data = regional_alloc_init(region, data, len); - if(!opt->opt_data) - return 0; - } - - /* append at end of list */ - prevp = &edns->opt_list; - while(*prevp != NULL) - prevp = &((*prevp)->next); - *prevp = opt; - return 1; -} - -int edns_opt_list_append(struct edns_option** list, uint16_t code, size_t len, - uint8_t* data, struct regional* region) -{ - struct edns_option** prevp; - struct edns_option* opt; - - /* allocate new element */ - opt = (struct edns_option*)regional_alloc(region, sizeof(*opt)); - if(!opt) - return 0; - opt->next = NULL; - opt->opt_code = code; - opt->opt_len = len; - opt->opt_data = NULL; - if(len > 0) { - opt->opt_data = regional_alloc_init(region, data, len); - if(!opt->opt_data) - return 0; - } - - /* append at end of list */ - prevp = list; - while(*prevp != NULL) { - prevp = &((*prevp)->next); - } - *prevp = opt; - return 1; -} - -int edns_opt_list_remove(struct edns_option** list, uint16_t code) -{ - /* The list should already be allocated in a region. Freeing the - * allocated space in a region is not possible. We just unlink the - * required elements and they will be freed together with the region. */ - - struct edns_option* prev; - struct edns_option* curr; - if(!list || !(*list)) return 0; - - /* Unlink and repoint if the element(s) are first in list */ - while(list && *list && (*list)->opt_code == code) { - *list = (*list)->next; - } - - if(!list || !(*list)) return 1; - /* Unlink elements and reattach the list */ - prev = *list; - curr = (*list)->next; - while(curr != NULL) { - if(curr->opt_code == code) { - prev->next = curr->next; - curr = curr->next; - } else { - prev = curr; - curr = curr->next; - } - } - return 1; -} - -static int inplace_cb_reply_call_generic( - struct inplace_cb* callback_list, enum inplace_cb_list_type type, - struct query_info* qinfo, struct module_qstate* qstate, - struct reply_info* rep, int rcode, struct edns_data* edns, - struct regional* region) -{ - struct inplace_cb* cb; - struct edns_option* opt_list_out = NULL; - if(qstate) - opt_list_out = qstate->edns_opts_front_out; - for(cb=callback_list; cb; cb=cb->next) { - fptr_ok(fptr_whitelist_inplace_cb_reply_generic( - (inplace_cb_reply_func_type*)cb->cb, type)); - (void)(*(inplace_cb_reply_func_type*)cb->cb)(qinfo, qstate, rep, - rcode, edns, &opt_list_out, region, cb->id, cb->cb_arg); - } - edns->opt_list = opt_list_out; - return 1; -} - -int inplace_cb_reply_call(struct module_env* env, struct query_info* qinfo, - struct module_qstate* qstate, struct reply_info* rep, int rcode, - struct edns_data* edns, struct regional* region) -{ - return inplace_cb_reply_call_generic( - env->inplace_cb_lists[inplace_cb_reply], inplace_cb_reply, qinfo, - qstate, rep, rcode, edns, region); -} - -int inplace_cb_reply_cache_call(struct module_env* env, - struct query_info* qinfo, struct module_qstate* qstate, - struct reply_info* rep, int rcode, struct edns_data* edns, - struct regional* region) -{ - return inplace_cb_reply_call_generic( - env->inplace_cb_lists[inplace_cb_reply_cache], inplace_cb_reply_cache, - qinfo, qstate, rep, rcode, edns, region); -} - -int inplace_cb_reply_local_call(struct module_env* env, - struct query_info* qinfo, struct module_qstate* qstate, - struct reply_info* rep, int rcode, struct edns_data* edns, - struct regional* region) -{ - return inplace_cb_reply_call_generic( - env->inplace_cb_lists[inplace_cb_reply_local], inplace_cb_reply_local, - qinfo, qstate, rep, rcode, edns, region); -} - -int inplace_cb_reply_servfail_call(struct module_env* env, - struct query_info* qinfo, struct module_qstate* qstate, - struct reply_info* rep, int rcode, struct edns_data* edns, - struct regional* region) -{ - /* We are going to servfail. Remove any potential edns options. */ - if(qstate) - qstate->edns_opts_front_out = NULL; - return inplace_cb_reply_call_generic( - env->inplace_cb_lists[inplace_cb_reply_servfail], - inplace_cb_reply_servfail, qinfo, qstate, rep, rcode, edns, region); -} - -int inplace_cb_query_call(struct module_env* env, struct query_info* qinfo, - uint16_t flags, struct sockaddr_storage* addr, socklen_t addrlen, - uint8_t* zone, size_t zonelen, struct module_qstate* qstate, - struct regional* region) -{ - struct inplace_cb* cb = env->inplace_cb_lists[inplace_cb_query]; - for(; cb; cb=cb->next) { - fptr_ok(fptr_whitelist_inplace_cb_query( - (inplace_cb_query_func_type*)cb->cb)); - (void)(*(inplace_cb_query_func_type*)cb->cb)(qinfo, flags, - qstate, addr, addrlen, zone, zonelen, region, - cb->id, cb->cb_arg); - } - return 1; -} - -int inplace_cb_edns_back_parsed_call(struct module_env* env, - struct module_qstate* qstate) -{ - struct inplace_cb* cb = - env->inplace_cb_lists[inplace_cb_edns_back_parsed]; - for(; cb; cb=cb->next) { - fptr_ok(fptr_whitelist_inplace_cb_edns_back_parsed( - (inplace_cb_edns_back_parsed_func_type*)cb->cb)); - (void)(*(inplace_cb_edns_back_parsed_func_type*)cb->cb)(qstate, - cb->id, cb->cb_arg); - } - return 1; -} - -int inplace_cb_query_response_call(struct module_env* env, - struct module_qstate* qstate, struct dns_msg* response) { - struct inplace_cb* cb = - env->inplace_cb_lists[inplace_cb_query_response]; - for(; cb; cb=cb->next) { - fptr_ok(fptr_whitelist_inplace_cb_query_response( - (inplace_cb_query_response_func_type*)cb->cb)); - (void)(*(inplace_cb_query_response_func_type*)cb->cb)(qstate, - response, cb->id, cb->cb_arg); - } - return 1; -} - -struct edns_option* edns_opt_copy_region(struct edns_option* list, - struct regional* region) -{ - struct edns_option* result = NULL, *cur = NULL, *s; - while(list) { - /* copy edns option structure */ - s = regional_alloc_init(region, list, sizeof(*list)); - if(!s) return NULL; - s->next = NULL; - - /* copy option data */ - if(s->opt_data) { - s->opt_data = regional_alloc_init(region, s->opt_data, - s->opt_len); - if(!s->opt_data) - return NULL; - } - - /* link into list */ - if(cur) - cur->next = s; - else result = s; - cur = s; - - /* examine next element */ - list = list->next; - } - return result; -} - -int edns_opt_compare(struct edns_option* p, struct edns_option* q) -{ - if(!p && !q) return 0; - if(!p) return -1; - if(!q) return 1; - log_assert(p && q); - if(p->opt_code != q->opt_code) - return (int)q->opt_code - (int)p->opt_code; - if(p->opt_len != q->opt_len) - return (int)q->opt_len - (int)p->opt_len; - if(p->opt_len != 0) - return memcmp(p->opt_data, q->opt_data, p->opt_len); - return 0; -} - -int edns_opt_list_compare(struct edns_option* p, struct edns_option* q) -{ - int r; - while(p && q) { - r = edns_opt_compare(p, q); - if(r != 0) - return r; - p = p->next; - q = q->next; - } - if(p || q) { - /* uneven length lists */ - if(p) return 1; - if(q) return -1; - } - return 0; -} - -void edns_opt_list_free(struct edns_option* list) -{ - struct edns_option* n; - while(list) { - free(list->opt_data); - n = list->next; - free(list); - list = n; - } -} - -struct edns_option* edns_opt_copy_alloc(struct edns_option* list) -{ - struct edns_option* result = NULL, *cur = NULL, *s; - while(list) { - /* copy edns option structure */ - s = memdup(list, sizeof(*list)); - if(!s) { - edns_opt_list_free(result); - return NULL; - } - s->next = NULL; - - /* copy option data */ - if(s->opt_data) { - s->opt_data = memdup(s->opt_data, s->opt_len); - if(!s->opt_data) { - free(s); - edns_opt_list_free(result); - return NULL; - } - } - - /* link into list */ - if(cur) - cur->next = s; - else result = s; - cur = s; - - /* examine next element */ - list = list->next; - } - return result; -} - -struct edns_option* edns_opt_list_find(struct edns_option* list, uint16_t code) -{ - struct edns_option* p; - for(p=list; p; p=p->next) { - if(p->opt_code == code) - return p; - } - return NULL; -} diff --git a/external/unbound/util/data/msgreply.h b/external/unbound/util/data/msgreply.h deleted file mode 100644 index acbdd3deb..000000000 --- a/external/unbound/util/data/msgreply.h +++ /dev/null @@ -1,674 +0,0 @@ -/* - * util/data/msgreply.h - store message and reply data. - * - * Copyright (c) 2007, NLnet Labs. All rights reserved. - * - * This software is open source. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * Redistributions of source code must retain the above copyright notice, - * this list of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, - * this list of conditions and the following disclaimer in the documentation - * and/or other materials provided with the distribution. - * - * Neither the name of the NLNET LABS nor the names of its contributors may - * be used to endorse or promote products derived from this software without - * specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR - * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT - * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED - * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR - * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF - * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING - * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -/** - * \file - * - * This file contains a data structure to store a message and its reply. - */ - -#ifndef UTIL_DATA_MSGREPLY_H -#define UTIL_DATA_MSGREPLY_H -#include "util/storage/lruhash.h" -#include "util/data/packed_rrset.h" -struct sldns_buffer; -struct comm_reply; -struct alloc_cache; -struct iovec; -struct regional; -struct edns_data; -struct edns_option; -struct inplace_cb; -struct module_qstate; -struct module_env; -struct msg_parse; -struct rrset_parse; -struct local_rrset; -struct dns_msg; - -/** calculate the prefetch TTL as 90% of original. Calculation - * without numerical overflow (uin32_t) */ -#define PREFETCH_TTL_CALC(ttl) ((ttl) - (ttl)/10) - -/** - * Structure to store query information that makes answers to queries - * different. - */ -struct query_info { - /** - * Salient data on the query: qname, in wireformat. - * can be allocated or a pointer to outside buffer. - * User has to keep track on the status of this. - */ - uint8_t* qname; - /** length of qname (including last 0 octet) */ - size_t qname_len; - /** qtype, host byte order */ - uint16_t qtype; - /** qclass, host byte order */ - uint16_t qclass; - /** - * Alias local answer(s) for the qname. If 'qname' is an alias defined - * in a local zone, this field will be set to the corresponding local - * RRset when the alias is determined. - * In the initial implementation this can only be a single CNAME RR - * (or NULL), but it could possibly be extended to be a DNAME or a - * chain of aliases. - * Users of this structure are responsible to initialize this field - * to be NULL; otherwise other part of query handling code may be - * confused. - * Users also have to be careful about the lifetime of data. On return - * from local zone lookup, it may point to data derived from - * configuration that may be dynamically invalidated or data allocated - * in an ephemeral regional allocator. A deep copy of the data may - * have to be generated if it has to be kept during iterative - * resolution. */ - struct local_rrset* local_alias; -}; - -/** - * Information to reference an rrset - */ -struct rrset_ref { - /** the key with lock, and ptr to packed data. */ - struct ub_packed_rrset_key* key; - /** id needed */ - rrset_id_type id; -}; - -/** - * Structure to store DNS query and the reply packet. - * To use it, copy over the flags from reply and modify using flags from - * the query (RD,CD if not AA). prepend ID. - * - * Memory layout is: - * o struct - * o rrset_ref array - * o packed_rrset_key* array. - * - * Memory layout is sometimes not packed, when the message is synthesized, - * for easy of the generation. It is allocated packed when it is copied - * from the region allocation to the malloc allocation. - */ -struct reply_info { - /** the flags for the answer, host byte order. */ - uint16_t flags; - - /** - * This flag informs unbound the answer is authoritative and - * the AA flag should be preserved. - */ - uint8_t authoritative; - - /** - * Number of RRs in the query section. - * If qdcount is not 0, then it is 1, and the data that appears - * in the reply is the same as the query_info. - * Host byte order. - */ - uint8_t qdcount; - - /** 32 bit padding to pad struct member alignment to 64 bits. */ - uint32_t padding; - - /** - * TTL of the entire reply (for negative caching). - * only for use when there are 0 RRsets in this message. - * if there are RRsets, check those instead. - */ - time_t ttl; - - /** - * TTL for prefetch. After it has expired, a prefetch is suitable. - * Smaller than the TTL, otherwise the prefetch would not happen. - */ - time_t prefetch_ttl; - - /** - * The security status from DNSSEC validation of this message. - */ - enum sec_status security; - - /** - * Number of RRsets in each section. - * The answer section. Add up the RRs in every RRset to calculate - * the number of RRs, and the count for the dns packet. - * The number of RRs in RRsets can change due to RRset updates. - */ - size_t an_numrrsets; - - /** Count of authority section RRsets */ - size_t ns_numrrsets; - /** Count of additional section RRsets */ - size_t ar_numrrsets; - - /** number of RRsets: an_numrrsets + ns_numrrsets + ar_numrrsets */ - size_t rrset_count; - - /** - * List of pointers (only) to the rrsets in the order in which - * they appear in the reply message. - * Number of elements is ancount+nscount+arcount RRsets. - * This is a pointer to that array. - * Use the accessor function for access. - */ - struct ub_packed_rrset_key** rrsets; - - /** - * Packed array of ids (see counts) and pointers to packed_rrset_key. - * The number equals ancount+nscount+arcount RRsets. - * These are sorted in ascending pointer, the locking order. So - * this list can be locked (and id, ttl checked), to see if - * all the data is available and recent enough. - * - * This is defined as an array of size 1, so that the compiler - * associates the identifier with this position in the structure. - * Array bound overflow on this array then gives access to the further - * elements of the array, which are allocated after the main structure. - * - * It could be more pure to define as array of size 0, ref[0]. - * But ref[1] may be less confusing for compilers. - * Use the accessor function for access. - */ - struct rrset_ref ref[1]; -}; - -/** - * Structure to keep hash table entry for message replies. - */ -struct msgreply_entry { - /** the hash table key */ - struct query_info key; - /** the hash table entry, data is struct reply_info* */ - struct lruhash_entry entry; -}; - -/** - * Constructor for replyinfo. - * @param region: where to allocate the results, pass NULL to use malloc. - * @param flags: flags for the replyinfo. - * @param qd: qd count - * @param ttl: TTL of replyinfo - * @param prettl: prefetch ttl - * @param an: an count - * @param ns: ns count - * @param ar: ar count - * @param total: total rrset count (presumably an+ns+ar). - * @param sec: security status of the reply info. - * @return the reply_info base struct with the array for putting the rrsets - * in. The array has been zeroed. Returns NULL on malloc failure. - */ -struct reply_info* -construct_reply_info_base(struct regional* region, uint16_t flags, size_t qd, - time_t ttl, time_t prettl, size_t an, size_t ns, size_t ar, - size_t total, enum sec_status sec); - -/** - * Parse wire query into a queryinfo structure, return 0 on parse error. - * initialises the (prealloced) queryinfo structure as well. - * This query structure contains a pointer back info the buffer! - * This pointer avoids memory allocation. allocqname does memory allocation. - * @param m: the prealloced queryinfo structure to put query into. - * must be unused, or _clear()ed. - * @param query: the wireformat packet query. starts with ID. - * @return: 0 on format error. - */ -int query_info_parse(struct query_info* m, struct sldns_buffer* query); - -/** - * Parse query reply. - * Fills in preallocated query_info structure (with ptr into buffer). - * Allocates reply_info and packed_rrsets. These are not yet added to any - * caches or anything, this is only parsing. Returns formerror on qdcount > 1. - * @param pkt: the packet buffer. Must be positioned after the query section. - * @param alloc: creates packed rrset key structures. - * @param rep: allocated reply_info is returned (only on no error). - * @param qinf: query_info is returned (only on no error). - * @param region: where to store temporary data (for parsing). - * @param edns: where to store edns information, does not need to be inited. - * @return: zero is OK, or DNS error code in case of error - * o FORMERR for parse errors. - * o SERVFAIL for memory allocation errors. - */ -int reply_info_parse(struct sldns_buffer* pkt, struct alloc_cache* alloc, - struct query_info* qinf, struct reply_info** rep, - struct regional* region, struct edns_data* edns); - -/** - * Allocate and decompress parsed message and rrsets. - * @param pkt: for name decompression. - * @param msg: parsed message in scratch region. - * @param alloc: alloc cache for special rrset key structures. - * Not used if region!=NULL, it can be NULL in that case. - * @param qinf: where to store query info. - * qinf itself is allocated by the caller. - * @param rep: reply info is allocated and returned. - * @param region: if this parameter is NULL then malloc and the alloc is used. - * otherwise, everything is allocated in this region. - * In a region, no special rrset key structures are needed (not shared), - * and no rrset_ref array in the reply is built up. - * @return 0 if allocation failed. - */ -int parse_create_msg(struct sldns_buffer* pkt, struct msg_parse* msg, - struct alloc_cache* alloc, struct query_info* qinf, - struct reply_info** rep, struct regional* region); - -/** - * Sorts the ref array. - * @param rep: reply info. rrsets must be filled in. - */ -void reply_info_sortref(struct reply_info* rep); - -/** - * Set TTLs inside the replyinfo to absolute values. - * @param rep: reply info. rrsets must be filled in. - * Also refs must be filled in. - * @param timenow: the current time. - */ -void reply_info_set_ttls(struct reply_info* rep, time_t timenow); - -/** - * Delete reply_info and packed_rrsets (while they are not yet added to the - * hashtables.). Returns rrsets to the alloc cache. - * @param rep: reply_info to delete. - * @param alloc: where to return rrset structures to. - */ -void reply_info_parsedelete(struct reply_info* rep, struct alloc_cache* alloc); - -/** - * Compare two queryinfo structures, on query and type, class. - * It is _not_ sorted in canonical ordering. - * @param m1: struct query_info* , void* here to ease use as function pointer. - * @param m2: struct query_info* , void* here to ease use as function pointer. - * @return: 0 = same, -1 m1 is smaller, +1 m1 is larger. - */ -int query_info_compare(void* m1, void* m2); - -/** clear out query info structure */ -void query_info_clear(struct query_info* m); - -/** calculate size of struct query_info + reply_info */ -size_t msgreply_sizefunc(void* k, void* d); - -/** delete msgreply_entry key structure */ -void query_entry_delete(void *q, void* arg); - -/** delete reply_info data structure */ -void reply_info_delete(void* d, void* arg); - -/** calculate hash value of query_info, lowercases the qname, - * uses CD flag for AAAA qtype */ -hashvalue_type query_info_hash(struct query_info *q, uint16_t flags); - -/** - * Setup query info entry - * @param q: query info to copy. Emptied as if clear is called. - * @param r: reply to init data. - * @param h: hash value. - * @return: newly allocated message reply cache item. - */ -struct msgreply_entry* query_info_entrysetup(struct query_info* q, - struct reply_info* r, hashvalue_type h); - -/** - * Copy reply_info and all rrsets in it and allocate. - * @param rep: what to copy, probably inside region, no ref[] array in it. - * @param alloc: how to allocate rrset keys. - * Not used if region!=NULL, it can be NULL in that case. - * @param region: if this parameter is NULL then malloc and the alloc is used. - * otherwise, everything is allocated in this region. - * In a region, no special rrset key structures are needed (not shared), - * and no rrset_ref array in the reply is built up. - * @return new reply info or NULL on memory error. - */ -struct reply_info* reply_info_copy(struct reply_info* rep, - struct alloc_cache* alloc, struct regional* region); - -/** - * Allocate (special) rrset keys. - * @param rep: reply info in which the rrset keys to be allocated, rrset[] - * array should have bee allocated with NULL pointers. - * @param alloc: how to allocate rrset keys. - * Not used if region!=NULL, it can be NULL in that case. - * @param region: if this parameter is NULL then the alloc is used. - * otherwise, rrset keys are allocated in this region. - * In a region, no special rrset key structures are needed (not shared). - * and no rrset_ref array in the reply needs to be built up. - * @return 1 on success, 0 on error - */ -int reply_info_alloc_rrset_keys(struct reply_info* rep, - struct alloc_cache* alloc, struct regional* region); - -/** - * Copy a parsed rrset into given key, decompressing and allocating rdata. - * @param pkt: packet for decompression - * @param msg: the parser message (for flags for trust). - * @param pset: the parsed rrset to copy. - * @param region: if NULL - malloc, else data is allocated in this region. - * @param pk: a freshly obtained rrsetkey structure. No dname is set yet, - * will be set on return. - * Note that TTL will still be relative on return. - * @return false on alloc failure. - */ -int parse_copy_decompress_rrset(struct sldns_buffer* pkt, struct msg_parse* msg, - struct rrset_parse *pset, struct regional* region, - struct ub_packed_rrset_key* pk); - -/** - * Find final cname target in reply, the one matching qinfo. Follows CNAMEs. - * @param qinfo: what to start with. - * @param rep: looks in answer section of this message. - * @return: pointer dname, or NULL if not found. - */ -uint8_t* reply_find_final_cname_target(struct query_info* qinfo, - struct reply_info* rep); - -/** - * Check if cname chain in cached reply is still valid. - * @param qinfo: query info with query name. - * @param rep: reply to check. - * @return: true if valid, false if invalid. - */ -int reply_check_cname_chain(struct query_info* qinfo, struct reply_info* rep); - -/** - * Check security status of all RRs in the message. - * @param rep: reply to check - * @return: true if all RRs are secure. False if not. - * True if there are zero RRs. - */ -int reply_all_rrsets_secure(struct reply_info* rep); - -/** - * Find answer rrset in reply, the one matching qinfo. Follows CNAMEs, so the - * result may have a different owner name. - * @param qinfo: what to look for. - * @param rep: looks in answer section of this message. - * @return: pointer to rrset, or NULL if not found. - */ -struct ub_packed_rrset_key* reply_find_answer_rrset(struct query_info* qinfo, - struct reply_info* rep); - -/** - * Find rrset in reply, inside the answer section. Does not follow CNAMEs. - * @param rep: looks in answer section of this message. - * @param name: what to look for. - * @param namelen: length of name. - * @param type: looks for (host order). - * @param dclass: looks for (host order). - * @return: pointer to rrset, or NULL if not found. - */ -struct ub_packed_rrset_key* reply_find_rrset_section_an(struct reply_info* rep, - uint8_t* name, size_t namelen, uint16_t type, uint16_t dclass); - -/** - * Find rrset in reply, inside the authority section. Does not follow CNAMEs. - * @param rep: looks in authority section of this message. - * @param name: what to look for. - * @param namelen: length of name. - * @param type: looks for (host order). - * @param dclass: looks for (host order). - * @return: pointer to rrset, or NULL if not found. - */ -struct ub_packed_rrset_key* reply_find_rrset_section_ns(struct reply_info* rep, - uint8_t* name, size_t namelen, uint16_t type, uint16_t dclass); - -/** - * Find rrset in reply, inside any section. Does not follow CNAMEs. - * @param rep: looks in answer,authority and additional section of this message. - * @param name: what to look for. - * @param namelen: length of name. - * @param type: looks for (host order). - * @param dclass: looks for (host order). - * @return: pointer to rrset, or NULL if not found. - */ -struct ub_packed_rrset_key* reply_find_rrset(struct reply_info* rep, - uint8_t* name, size_t namelen, uint16_t type, uint16_t dclass); - -/** - * Debug send the query info and reply info to the log in readable form. - * @param str: descriptive string printed with packet content. - * @param qinfo: query section. - * @param rep: rest of message. - */ -void log_dns_msg(const char* str, struct query_info* qinfo, - struct reply_info* rep); - -/** - * Print string with neat domain name, type, class, - * status code from, and size of a query response. - * - * @param v: at what verbosity level to print this. - * @param qinf: query section. - * @param addr: address of the client. - * @param addrlen: length of the client address. - * @param dur: how long it took to complete the query. - * @param cached: whether or not the reply is coming from - * the cache, or an outside network. - * @param rmsg: sldns buffer packet. - */ -void log_reply_info(enum verbosity_value v, struct query_info *qinf, - struct sockaddr_storage *addr, socklen_t addrlen, struct timeval dur, - int cached, struct sldns_buffer *rmsg); - -/** - * Print string with neat domain name, type, class from query info. - * @param v: at what verbosity level to print this. - * @param str: string of message. - * @param qinf: query info structure with name, type and class. - */ -void log_query_info(enum verbosity_value v, const char* str, - struct query_info* qinf); - -/** - * Append edns option to edns data structure - * @param edns: the edns data structure to append the edns option to. - * @param region: region to allocate the new edns option. - * @param code: the edns option's code. - * @param len: the edns option's length. - * @param data: the edns option's data. - * @return false on failure. - */ -int edns_opt_append(struct edns_data* edns, struct regional* region, - uint16_t code, size_t len, uint8_t* data); - -/** - * Append edns option to edns option list - * @param list: the edns option list to append the edns option to. - * @param code: the edns option's code. - * @param len: the edns option's length. - * @param data: the edns option's data. - * @param region: region to allocate the new edns option. - * @return false on failure. - */ -int edns_opt_list_append(struct edns_option** list, uint16_t code, size_t len, - uint8_t* data, struct regional* region); - -/** - * Remove any option found on the edns option list that matches the code. - * @param list: the list of edns options. - * @param code: the opt code to remove. - * @return true when at least one edns option was removed, false otherwise. - */ -int edns_opt_list_remove(struct edns_option** list, uint16_t code); - -/** - * Find edns option in edns list - * @param list: list of edns options (eg. edns.opt_list) - * @param code: opt code to find. - * @return NULL or the edns_option element. - */ -struct edns_option* edns_opt_list_find(struct edns_option* list, uint16_t code); - -/** - * Call the registered functions in the inplace_cb_reply linked list. - * This function is going to get called while answering with a resolved query. - * @param env: module environment. - * @param qinfo: query info. - * @param qstate: module qstate. - * @param rep: Reply info. Could be NULL. - * @param rcode: return code. - * @param edns: edns data of the reply. - * @param region: region to store data. - * @return false on failure (a callback function returned an error). - */ -int inplace_cb_reply_call(struct module_env* env, struct query_info* qinfo, - struct module_qstate* qstate, struct reply_info* rep, int rcode, - struct edns_data* edns, struct regional* region); - -/** - * Call the registered functions in the inplace_cb_reply_cache linked list. - * This function is going to get called while answering from cache. - * @param env: module environment. - * @param qinfo: query info. - * @param qstate: module qstate. NULL when replying from cache. - * @param rep: Reply info. - * @param rcode: return code. - * @param edns: edns data of the reply. Edns input can be found here. - * @param region: region to store data. - * @return false on failure (a callback function returned an error). - */ -int inplace_cb_reply_cache_call(struct module_env* env, - struct query_info* qinfo, struct module_qstate* qstate, - struct reply_info* rep, int rcode, struct edns_data* edns, - struct regional* region); - -/** - * Call the registered functions in the inplace_cb_reply_local linked list. - * This function is going to get called while answering with local data. - * @param env: module environment. - * @param qinfo: query info. - * @param qstate: module qstate. NULL when replying from cache. - * @param rep: Reply info. - * @param rcode: return code. - * @param edns: edns data of the reply. Edns input can be found here. - * @param region: region to store data. - * @return false on failure (a callback function returned an error). - */ -int inplace_cb_reply_local_call(struct module_env* env, - struct query_info* qinfo, struct module_qstate* qstate, - struct reply_info* rep, int rcode, struct edns_data* edns, - struct regional* region); - -/** - * Call the registered functions in the inplace_cb_reply linked list. - * This function is going to get called while answering with a servfail. - * @param env: module environment. - * @param qinfo: query info. - * @param qstate: module qstate. Contains the edns option lists. Could be NULL. - * @param rep: Reply info. NULL when servfail. - * @param rcode: return code. LDNS_RCODE_SERVFAIL. - * @param edns: edns data of the reply. Edns input can be found here if qstate - * is NULL. - * @param region: region to store data. - * @return false on failure (a callback function returned an error). - */ -int inplace_cb_reply_servfail_call(struct module_env* env, - struct query_info* qinfo, struct module_qstate* qstate, - struct reply_info* rep, int rcode, struct edns_data* edns, - struct regional* region); - -/** - * Call the registered functions in the inplace_cb_query linked list. - * This function is going to get called just before sending a query to a - * nameserver. - * @param env: module environment. - * @param qinfo: query info. - * @param flags: flags of the query. - * @param addr: to which server to send the query. - * @param addrlen: length of addr. - * @param zone: name of the zone of the delegation point. wireformat dname. - * This is the delegation point name for which the server is deemed - * authoritative. - * @param zonelen: length of zone. - * @param qstate: module qstate. - * @param region: region to store data. - * @return false on failure (a callback function returned an error). - */ -int inplace_cb_query_call(struct module_env* env, struct query_info* qinfo, - uint16_t flags, struct sockaddr_storage* addr, socklen_t addrlen, - uint8_t* zone, size_t zonelen, struct module_qstate* qstate, - struct regional* region); - -/** - * Call the registered functions in the inplace_cb_edns_back_parsed linked list. - * This function is going to get called after parsing the EDNS data on the - * reply from a nameserver. - * @param env: module environment. - * @param qstate: module qstate. - * @return false on failure (a callback function returned an error). - */ -int inplace_cb_edns_back_parsed_call(struct module_env* env, - struct module_qstate* qstate); - -/** - * Call the registered functions in the inplace_cb_query_reponse linked list. - * This function is going to get called after receiving a reply from a - * nameserver. - * @param env: module environment. - * @param qstate: module qstate. - * @param response: received response - * @return false on failure (a callback function returned an error). - */ -int inplace_cb_query_response_call(struct module_env* env, - struct module_qstate* qstate, struct dns_msg* response); - -/** - * Copy edns option list allocated to the new region - */ -struct edns_option* edns_opt_copy_region(struct edns_option* list, - struct regional* region); - -/** - * Copy edns option list allocated with malloc - */ -struct edns_option* edns_opt_copy_alloc(struct edns_option* list); - -/** - * Free edns option list allocated with malloc - */ -void edns_opt_list_free(struct edns_option* list); - -/** - * Compare an edns option. (not entire list). Also compares contents. - */ -int edns_opt_compare(struct edns_option* p, struct edns_option* q); - -/** - * Compare edns option lists, also the order and contents of edns-options. - */ -int edns_opt_list_compare(struct edns_option* p, struct edns_option* q); - -#endif /* UTIL_DATA_MSGREPLY_H */ diff --git a/external/unbound/util/data/packed_rrset.c b/external/unbound/util/data/packed_rrset.c deleted file mode 100644 index 9944087cb..000000000 --- a/external/unbound/util/data/packed_rrset.c +++ /dev/null @@ -1,387 +0,0 @@ -/* - * util/data/packed_rrset.c - data storage for a set of resource records. - * - * Copyright (c) 2007, NLnet Labs. All rights reserved. - * - * This software is open source. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * Redistributions of source code must retain the above copyright notice, - * this list of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, - * this list of conditions and the following disclaimer in the documentation - * and/or other materials provided with the distribution. - * - * Neither the name of the NLNET LABS nor the names of its contributors may - * be used to endorse or promote products derived from this software without - * specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR - * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT - * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED - * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR - * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF - * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING - * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -/** - * \file - * - * This file contains the data storage for RRsets. - */ - -#include "config.h" -#include "util/data/packed_rrset.h" -#include "util/data/dname.h" -#include "util/storage/lookup3.h" -#include "util/log.h" -#include "util/alloc.h" -#include "util/regional.h" -#include "util/net_help.h" -#include "sldns/rrdef.h" -#include "sldns/sbuffer.h" -#include "sldns/wire2str.h" - -void -ub_packed_rrset_parsedelete(struct ub_packed_rrset_key* pkey, - struct alloc_cache* alloc) -{ - if(!pkey) - return; - free(pkey->entry.data); - pkey->entry.data = NULL; - free(pkey->rk.dname); - pkey->rk.dname = NULL; - pkey->id = 0; - alloc_special_release(alloc, pkey); -} - -size_t -ub_rrset_sizefunc(void* key, void* data) -{ - struct ub_packed_rrset_key* k = (struct ub_packed_rrset_key*)key; - struct packed_rrset_data* d = (struct packed_rrset_data*)data; - size_t s = sizeof(struct ub_packed_rrset_key) + k->rk.dname_len; - s += packed_rrset_sizeof(d) + lock_get_mem(&k->entry.lock); - return s; -} - -size_t -packed_rrset_sizeof(struct packed_rrset_data* d) -{ - size_t s; - if(d->rrsig_count > 0) { - s = ((uint8_t*)d->rr_data[d->count+d->rrsig_count-1] - - (uint8_t*)d) + d->rr_len[d->count+d->rrsig_count-1]; - } else { - log_assert(d->count > 0); - s = ((uint8_t*)d->rr_data[d->count-1] - (uint8_t*)d) + - d->rr_len[d->count-1]; - } - return s; -} - -int -ub_rrset_compare(void* k1, void* k2) -{ - struct ub_packed_rrset_key* key1 = (struct ub_packed_rrset_key*)k1; - struct ub_packed_rrset_key* key2 = (struct ub_packed_rrset_key*)k2; - int c; - if(key1 == key2) - return 0; - if(key1->rk.type != key2->rk.type) { - if(key1->rk.type < key2->rk.type) - return -1; - return 1; - } - if(key1->rk.dname_len != key2->rk.dname_len) { - if(key1->rk.dname_len < key2->rk.dname_len) - return -1; - return 1; - } - if((c=query_dname_compare(key1->rk.dname, key2->rk.dname)) != 0) - return c; - if(key1->rk.rrset_class != key2->rk.rrset_class) { - if(key1->rk.rrset_class < key2->rk.rrset_class) - return -1; - return 1; - } - if(key1->rk.flags != key2->rk.flags) { - if(key1->rk.flags < key2->rk.flags) - return -1; - return 1; - } - return 0; -} - -void -ub_rrset_key_delete(void* key, void* userdata) -{ - struct ub_packed_rrset_key* k = (struct ub_packed_rrset_key*)key; - struct alloc_cache* a = (struct alloc_cache*)userdata; - k->id = 0; - free(k->rk.dname); - k->rk.dname = NULL; - alloc_special_release(a, k); -} - -void -rrset_data_delete(void* data, void* ATTR_UNUSED(userdata)) -{ - struct packed_rrset_data* d = (struct packed_rrset_data*)data; - free(d); -} - -int -rrsetdata_equal(struct packed_rrset_data* d1, struct packed_rrset_data* d2) -{ - size_t i; - size_t total; - if(d1->count != d2->count || d1->rrsig_count != d2->rrsig_count) - return 0; - total = d1->count + d1->rrsig_count; - for(i=0; irr_len[i] != d2->rr_len[i]) - return 0; - if(memcmp(d1->rr_data[i], d2->rr_data[i], d1->rr_len[i]) != 0) - return 0; - } - return 1; -} - -hashvalue_type -rrset_key_hash(struct packed_rrset_key* key) -{ - /* type is hashed in host order */ - uint16_t t = ntohs(key->type); - /* Note this MUST be identical to pkt_hash_rrset in msgparse.c */ - /* this routine does not have a compressed name */ - hashvalue_type h = 0xab; - h = dname_query_hash(key->dname, h); - h = hashlittle(&t, sizeof(t), h); - h = hashlittle(&key->rrset_class, sizeof(uint16_t), h); - h = hashlittle(&key->flags, sizeof(uint32_t), h); - return h; -} - -void -packed_rrset_ptr_fixup(struct packed_rrset_data* data) -{ - size_t i; - size_t total = data->count + data->rrsig_count; - uint8_t* nextrdata; - /* fixup pointers in packed rrset data */ - data->rr_len = (size_t*)((uint8_t*)data + - sizeof(struct packed_rrset_data)); - data->rr_data = (uint8_t**)&(data->rr_len[total]); - data->rr_ttl = (time_t*)&(data->rr_data[total]); - nextrdata = (uint8_t*)&(data->rr_ttl[total]); - for(i=0; irr_data[i] = nextrdata; - nextrdata += data->rr_len[i]; - } -} - -void -get_cname_target(struct ub_packed_rrset_key* rrset, uint8_t** dname, - size_t* dname_len) -{ - struct packed_rrset_data* d; - size_t len; - if(ntohs(rrset->rk.type) != LDNS_RR_TYPE_CNAME && - ntohs(rrset->rk.type) != LDNS_RR_TYPE_DNAME) - return; - d = (struct packed_rrset_data*)rrset->entry.data; - if(d->count < 1) - return; - if(d->rr_len[0] < 3) /* at least rdatalen + 0byte root label */ - return; - len = sldns_read_uint16(d->rr_data[0]); - if(len != d->rr_len[0] - sizeof(uint16_t)) - return; - if(dname_valid(d->rr_data[0]+sizeof(uint16_t), len) != len) - return; - *dname = d->rr_data[0]+sizeof(uint16_t); - *dname_len = len; -} - -void -packed_rrset_ttl_add(struct packed_rrset_data* data, time_t add) -{ - size_t i; - size_t total = data->count + data->rrsig_count; - data->ttl += add; - for(i=0; irr_ttl[i] += add; -} - -const char* -rrset_trust_to_string(enum rrset_trust s) -{ - switch(s) { - case rrset_trust_none: return "rrset_trust_none"; - case rrset_trust_add_noAA: return "rrset_trust_add_noAA"; - case rrset_trust_auth_noAA: return "rrset_trust_auth_noAA"; - case rrset_trust_add_AA: return "rrset_trust_add_AA"; - case rrset_trust_nonauth_ans_AA:return "rrset_trust_nonauth_ans_AA"; - case rrset_trust_ans_noAA: return "rrset_trust_ans_noAA"; - case rrset_trust_glue: return "rrset_trust_glue"; - case rrset_trust_auth_AA: return "rrset_trust_auth_AA"; - case rrset_trust_ans_AA: return "rrset_trust_ans_AA"; - case rrset_trust_sec_noglue: return "rrset_trust_sec_noglue"; - case rrset_trust_prim_noglue: return "rrset_trust_prim_noglue"; - case rrset_trust_validated: return "rrset_trust_validated"; - case rrset_trust_ultimate: return "rrset_trust_ultimate"; - } - return "unknown_rrset_trust_value"; -} - -const char* -sec_status_to_string(enum sec_status s) -{ - switch(s) { - case sec_status_unchecked: return "sec_status_unchecked"; - case sec_status_bogus: return "sec_status_bogus"; - case sec_status_indeterminate: return "sec_status_indeterminate"; - case sec_status_insecure: return "sec_status_insecure"; - case sec_status_secure: return "sec_status_secure"; - } - return "unknown_sec_status_value"; -} - -void log_rrset_key(enum verbosity_value v, const char* str, - struct ub_packed_rrset_key* rrset) -{ - if(verbosity >= v) - log_nametypeclass(v, str, rrset->rk.dname, - ntohs(rrset->rk.type), ntohs(rrset->rk.rrset_class)); -} - -int packed_rr_to_string(struct ub_packed_rrset_key* rrset, size_t i, - time_t now, char* dest, size_t dest_len) -{ - struct packed_rrset_data* d = (struct packed_rrset_data*)rrset-> - entry.data; - uint8_t rr[65535]; - size_t rlen = rrset->rk.dname_len + 2 + 2 + 4 + d->rr_len[i]; - log_assert(dest_len > 0 && dest); - if(rlen > dest_len) { - dest[0] = 0; - return 0; - } - memmove(rr, rrset->rk.dname, rrset->rk.dname_len); - if(i < d->count) - memmove(rr+rrset->rk.dname_len, &rrset->rk.type, 2); - else sldns_write_uint16(rr+rrset->rk.dname_len, LDNS_RR_TYPE_RRSIG); - memmove(rr+rrset->rk.dname_len+2, &rrset->rk.rrset_class, 2); - sldns_write_uint32(rr+rrset->rk.dname_len+4, - (uint32_t)(d->rr_ttl[i]-now)); - memmove(rr+rrset->rk.dname_len+8, d->rr_data[i], d->rr_len[i]); - if(sldns_wire2str_rr_buf(rr, rlen, dest, dest_len) == -1) { - log_info("rrbuf failure %d %s", (int)d->rr_len[i], dest); - dest[0] = 0; - return 0; - } - return 1; -} - -void log_packed_rrset(enum verbosity_value v, const char* str, - struct ub_packed_rrset_key* rrset) -{ - struct packed_rrset_data* d = (struct packed_rrset_data*)rrset-> - entry.data; - char buf[65535]; - size_t i; - if(verbosity < v) - return; - for(i=0; icount+d->rrsig_count; i++) { - if(!packed_rr_to_string(rrset, i, 0, buf, sizeof(buf))) { - log_info("%s: rr %d wire2str-error", str, (int)i); - } else { - log_info("%s: %s", str, buf); - } - } -} - -time_t -ub_packed_rrset_ttl(struct ub_packed_rrset_key* key) -{ - struct packed_rrset_data* d = (struct packed_rrset_data*)key-> - entry.data; - return d->ttl; -} - -struct ub_packed_rrset_key* -packed_rrset_copy_region(struct ub_packed_rrset_key* key, - struct regional* region, time_t now) -{ - struct ub_packed_rrset_key* ck = regional_alloc(region, - sizeof(struct ub_packed_rrset_key)); - struct packed_rrset_data* d; - struct packed_rrset_data* data = (struct packed_rrset_data*) - key->entry.data; - size_t dsize, i; - if(!ck) - return NULL; - ck->id = key->id; - memset(&ck->entry, 0, sizeof(ck->entry)); - ck->entry.hash = key->entry.hash; - ck->entry.key = ck; - ck->rk = key->rk; - ck->rk.dname = regional_alloc_init(region, key->rk.dname, - key->rk.dname_len); - if(!ck->rk.dname) - return NULL; - dsize = packed_rrset_sizeof(data); - d = (struct packed_rrset_data*)regional_alloc_init(region, data, dsize); - if(!d) - return NULL; - ck->entry.data = d; - packed_rrset_ptr_fixup(d); - /* make TTLs relative - once per rrset */ - for(i=0; icount + d->rrsig_count; i++) { - if(d->rr_ttl[i] < now) - d->rr_ttl[i] = 0; - else d->rr_ttl[i] -= now; - } - if(d->ttl < now) - d->ttl = 0; - else d->ttl -= now; - return ck; -} - -struct ub_packed_rrset_key* -packed_rrset_copy_alloc(struct ub_packed_rrset_key* key, - struct alloc_cache* alloc, time_t now) -{ - struct packed_rrset_data* fd, *dd; - struct ub_packed_rrset_key* dk = alloc_special_obtain(alloc); - if(!dk) return NULL; - fd = (struct packed_rrset_data*)key->entry.data; - dk->entry.hash = key->entry.hash; - dk->rk = key->rk; - dk->rk.dname = (uint8_t*)memdup(key->rk.dname, key->rk.dname_len); - if(!dk->rk.dname) { - alloc_special_release(alloc, dk); - return NULL; - } - dd = (struct packed_rrset_data*)memdup(fd, packed_rrset_sizeof(fd)); - if(!dd) { - free(dk->rk.dname); - alloc_special_release(alloc, dk); - return NULL; - } - packed_rrset_ptr_fixup(dd); - dk->entry.data = (void*)dd; - packed_rrset_ttl_add(dd, now); - return dk; -} diff --git a/external/unbound/util/data/packed_rrset.h b/external/unbound/util/data/packed_rrset.h deleted file mode 100644 index 28f603d6f..000000000 --- a/external/unbound/util/data/packed_rrset.h +++ /dev/null @@ -1,445 +0,0 @@ -/* - * util/data/packed_rrset.h - data storage for a set of resource records. - * - * Copyright (c) 2007, NLnet Labs. All rights reserved. - * - * This software is open source. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * Redistributions of source code must retain the above copyright notice, - * this list of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, - * this list of conditions and the following disclaimer in the documentation - * and/or other materials provided with the distribution. - * - * Neither the name of the NLNET LABS nor the names of its contributors may - * be used to endorse or promote products derived from this software without - * specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR - * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT - * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED - * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR - * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF - * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING - * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -/** - * \file - * - * This file contains the data storage for RRsets. - */ - -#ifndef UTIL_DATA_PACKED_RRSET_H -#define UTIL_DATA_PACKED_RRSET_H -#include "util/storage/lruhash.h" -struct alloc_cache; -struct regional; - -/** type used to uniquely identify rrsets. Cannot be reused without - * clearing the cache. */ -typedef uint64_t rrset_id_type; - -/** this rrset is NSEC and is at zone apex (at child side of zonecut) */ -#define PACKED_RRSET_NSEC_AT_APEX 0x1 -/** this rrset is A/AAAA and is in-zone-glue (from parent side of zonecut) */ -#define PACKED_RRSET_PARENT_SIDE 0x2 -/** this rrset is SOA and has the negative ttl (from nxdomain or nodata), - * this is set on SOA rrsets in the authority section, to keep its TTL separate - * from the SOA in the answer section from a direct SOA query or ANY query. */ -#define PACKED_RRSET_SOA_NEG 0x4 -/** This rrset is considered to have a fixed TTL; its TTL doesn't have to be - * updated on encoding in a reply. This flag is not expected to be set in - * cached data. */ -#define PACKED_RRSET_FIXEDTTL 0x80000000 - -/** number of rrs and rrsets for integer overflow protection. More than - * this is not really possible (64K packet has much less RRs and RRsets) in - * a message. And this is small enough that also multiplied there is no - * integer overflow. */ -#define RR_COUNT_MAX 0xffffff - -/** - * The identifying information for an RRset. - */ -struct packed_rrset_key { - /** - * The domain name. If not null (for id=0) it is allocated, and - * contains the wireformat domain name. - * This dname is not canonicalized. - */ - uint8_t* dname; - /** - * Length of the domain name, including last 0 root octet. - */ - size_t dname_len; - /** - * Flags. 32bit to be easy for hashing: - * o PACKED_RRSET_NSEC_AT_APEX - * o PACKED_RRSET_PARENT_SIDE - * o PACKED_RRSET_SOA_NEG - * o PACKED_RRSET_FIXEDTTL (not supposed to be cached) - */ - uint32_t flags; - /** the rrset type in network format */ - uint16_t type; - /** the rrset class in network format */ - uint16_t rrset_class; -}; - -/** - * This structure contains an RRset. A set of resource records that - * share the same domain name, type and class. - * - * Due to memory management and threading, the key structure cannot be - * deleted, although the data can be. The id can be set to 0 to store and the - * structure can be recycled with a new id. - */ -struct ub_packed_rrset_key { - /** - * entry into hashtable. Note the lock is never destroyed, - * even when this key is retired to the cache. - * the data pointer (if not null) points to a struct packed_rrset. - */ - struct lruhash_entry entry; - /** - * the ID of this rrset. unique, based on threadid + sequenceno. - * ids are not reused, except after flushing the cache. - * zero is an unused entry, and never a valid id. - * Check this value after getting entry.lock. - * The other values in this struct may only be altered after changing - * the id (which needs a writelock on entry.lock). - */ - rrset_id_type id; - /** key data: dname, type and class */ - struct packed_rrset_key rk; -}; - -/** - * RRset trustworthiness. Bigger value is more trust. RFC 2181. - * The rrset_trust_add_noAA, rrset_trust_auth_noAA, rrset_trust_add_AA, - * are mentioned as the same trustworthiness in 2181, but split up here - * for ease of processing. - * - * rrset_trust_nonauth_ans_AA, rrset_trust_ans_noAA - * are also mentioned as the same trustworthiness in 2181, but split up here - * for ease of processing. - * - * Added trust_none for a sane initial value, smaller than anything else. - * Added validated and ultimate trust for keys and rrsig validated content. - */ -enum rrset_trust { - /** initial value for trust */ - rrset_trust_none = 0, - /** Additional information from non-authoritative answers */ - rrset_trust_add_noAA, - /** Data from the authority section of a non-authoritative answer */ - rrset_trust_auth_noAA, - /** Additional information from an authoritative answer */ - rrset_trust_add_AA, - /** non-authoritative data from the answer section of authoritative - * answers */ - rrset_trust_nonauth_ans_AA, - /** Data from the answer section of a non-authoritative answer */ - rrset_trust_ans_noAA, - /** Glue from a primary zone, or glue from a zone transfer */ - rrset_trust_glue, - /** Data from the authority section of an authoritative answer */ - rrset_trust_auth_AA, - /** The authoritative data included in the answer section of an - * authoritative reply */ - rrset_trust_ans_AA, - /** Data from a zone transfer, other than glue */ - rrset_trust_sec_noglue, - /** Data from a primary zone file, other than glue data */ - rrset_trust_prim_noglue, - /** DNSSEC(rfc4034) validated with trusted keys */ - rrset_trust_validated, - /** ultimately trusted, no more trust is possible; - * trusted keys from the unbound configuration setup. */ - rrset_trust_ultimate -}; - -/** - * Security status from validation for data. - * The order is significant; more secure, more proven later. - */ -enum sec_status { - /** UNCHECKED means that object has yet to be validated. */ - sec_status_unchecked = 0, - /** BOGUS means that the object (RRset or message) failed to validate - * (according to local policy), but should have validated. */ - sec_status_bogus, - /** INDETERMINATE means that the object is insecure, but not - * authoritatively so. Generally this means that the RRset is not - * below a configured trust anchor. */ - sec_status_indeterminate, - /** INSECURE means that the object is authoritatively known to be - * insecure. Generally this means that this RRset is below a trust - * anchor, but also below a verified, insecure delegation. */ - sec_status_insecure, - /** SECURE means that the object (RRset or message) validated - * according to local policy. */ - sec_status_secure -}; - -/** - * RRset data. - * - * The data is packed, stored contiguously in memory. - * - * It is not always stored contiguously, in that case, an unpacked-packed - * rrset has the arrays separate. A bunch of routines work on that, but - * the packed rrset that is contiguous is for the rrset-cache and the - * cache-response routines in daemon/worker.c. - * - * memory layout: - * o base struct - * o rr_len size_t array - * o rr_data uint8_t* array - * o rr_ttl time_t array (after size_t and ptrs because those may be - * 64bit and this array before those would make them unaligned). - * Since the stuff before is 32/64bit, rr_ttl is 32 bit aligned. - * o rr_data rdata wireformats - * o rrsig_data rdata wireformat(s) - * - * Rdata is stored in wireformat. The dname is stored in wireformat. - * TTLs are stored as absolute values (and could be expired). - * - * RRSIGs are stored in the arrays after the regular rrs. - * - * You need the packed_rrset_key to know dname, type, class of the - * resource records in this RRset. (if signed the rrsig gives the type too). - * - * On the wire an RR is: - * name, type, class, ttl, rdlength, rdata. - * So we need to send the following per RR: - * key.dname, ttl, rr_data[i]. - * since key.dname ends with type and class. - * and rr_data starts with the rdlength. - * the ttl value to send changes due to time. - */ -struct packed_rrset_data { - /** TTL (in seconds like time()) of the rrset. - * Same for all RRs see rfc2181(5.2). */ - time_t ttl; - /** number of rrs. */ - size_t count; - /** number of rrsigs, if 0 no rrsigs */ - size_t rrsig_count; - /** the trustworthiness of the rrset data */ - enum rrset_trust trust; - /** security status of the rrset data */ - enum sec_status security; - /** length of every rr's rdata, rr_len[i] is size of rr_data[i]. */ - size_t* rr_len; - /** ttl of every rr. rr_ttl[i] ttl of rr i. */ - time_t *rr_ttl; - /** - * Array of pointers to every rr's rdata. - * The rr_data[i] rdata is stored in uncompressed wireformat. - * The first uint16_t of rr_data[i] is network format rdlength. - * - * rr_data[count] to rr_data[count+rrsig_count] contain the rrsig data. - */ - uint8_t** rr_data; -}; - -/** - * An RRset can be represented using both key and data together. - * Split into key and data structures to simplify implementation of - * caching schemes. - */ -struct packed_rrset { - /** domain name, type and class */ - struct packed_rrset_key* k; - /** ttl, count and rdatas (and rrsig) */ - struct packed_rrset_data* d; -}; - -/** - * list of packed rrsets - */ -struct packed_rrset_list { - /** next in list */ - struct packed_rrset_list* next; - /** rrset key and data */ - struct packed_rrset rrset; -}; - -/** - * Delete packed rrset key and data, not entered in hashtables yet. - * Used during parsing. - * @param pkey: rrset key structure with locks, key and data pointers. - * @param alloc: where to return the unfree-able key structure. - */ -void ub_packed_rrset_parsedelete(struct ub_packed_rrset_key* pkey, - struct alloc_cache* alloc); - -/** - * Memory size of rrset data. RRset data must be filled in correctly. - * @param data: data to examine. - * @return size in bytes. - */ -size_t packed_rrset_sizeof(struct packed_rrset_data* data); - -/** - * Get TTL of rrset. RRset data must be filled in correctly. - * @param key: rrset key, with data to examine. - * @return ttl value. - */ -time_t ub_packed_rrset_ttl(struct ub_packed_rrset_key* key); - -/** - * Calculate memory size of rrset entry. For hash table usage. - * @param key: struct ub_packed_rrset_key*. - * @param data: struct packed_rrset_data*. - * @return size in bytes. - */ -size_t ub_rrset_sizefunc(void* key, void* data); - -/** - * compares two rrset keys. - * @param k1: struct ub_packed_rrset_key*. - * @param k2: struct ub_packed_rrset_key*. - * @return 0 if equal. - */ -int ub_rrset_compare(void* k1, void* k2); - -/** - * compare two rrset data structures. - * Compared rdata and rrsigdata, not the trust or ttl value. - * @param d1: data to compare. - * @param d2: data to compare. - * @return 1 if equal. - */ -int rrsetdata_equal(struct packed_rrset_data* d1, struct packed_rrset_data* d2); - -/** - * Old key to be deleted. RRset keys are recycled via alloc. - * The id is set to 0. So that other threads, after acquiring a lock always - * get the correct value, in this case the 0 deleted-special value. - * @param key: struct ub_packed_rrset_key*. - * @param userdata: alloc structure to use for recycling. - */ -void ub_rrset_key_delete(void* key, void* userdata); - -/** - * Old data to be deleted. - * @param data: what to delete. - * @param userdata: user data ptr. - */ -void rrset_data_delete(void* data, void* userdata); - -/** - * Calculate hash value for a packed rrset key. - * @param key: the rrset key with name, type, class, flags. - * @return hash value. - */ -hashvalue_type rrset_key_hash(struct packed_rrset_key* key); - -/** - * Fixup pointers in fixed data packed_rrset_data blob. - * After a memcpy of the data for example. Will set internal pointers right. - * @param data: rrset data structure. Otherwise correctly filled in. - */ -void packed_rrset_ptr_fixup(struct packed_rrset_data* data); - -/** - * Fixup TTLs in fixed data packed_rrset_data blob. - * @param data: rrset data structure. Otherwise correctly filled in. - * @param add: how many seconds to add, pass time(0) for example. - */ -void packed_rrset_ttl_add(struct packed_rrset_data* data, time_t add); - -/** - * Utility procedure to extract CNAME target name from its rdata. - * Failsafes; it will change passed dname to a valid dname or do nothing. - * @param rrset: the rrset structure. Must be a CNAME. - * Only first RR is used (multiple RRs are technically illegal anyway). - * Also works on type DNAME. Returns target name. - * @param dname: this pointer is updated to point into the cname rdata. - * If a failsafe fails, nothing happens to the pointer (such as the - * rdata was not a valid dname, not a CNAME, ...). - * @param dname_len: length of dname is returned. - */ -void get_cname_target(struct ub_packed_rrset_key* rrset, uint8_t** dname, - size_t* dname_len); - -/** - * Get a printable string for a rrset trust value - * @param s: rrset trust value - * @return printable string. - */ -const char* rrset_trust_to_string(enum rrset_trust s); - -/** - * Get a printable string for a security status value - * @param s: security status - * @return printable string. - */ -const char* sec_status_to_string(enum sec_status s); - -/** - * Print string with neat domain name, type, class from rrset. - * @param v: at what verbosity level to print this. - * @param str: string of message. - * @param rrset: structure with name, type and class. - */ -void log_rrset_key(enum verbosity_value v, const char* str, - struct ub_packed_rrset_key* rrset); - -/** - * Convert RR from RRset to string. - * @param rrset: structure with data. - * @param i: index of rr or RRSIG. - * @param now: time that is subtracted from ttl before printout. Can be 0. - * @param dest: destination string buffer. Must be nonNULL. - * @param dest_len: length of dest buffer (>0). - * @return false on failure. - */ -int packed_rr_to_string(struct ub_packed_rrset_key* rrset, size_t i, - time_t now, char* dest, size_t dest_len); - -/** - * Print the string with prefix, one rr per line. - * @param v: at what verbosity level to print this. - * @param str: string of message. - * @param rrset: with name, and rdata, and rrsigs. - */ -void log_packed_rrset(enum verbosity_value v, const char* str, - struct ub_packed_rrset_key* rrset); - -/** - * Allocate rrset in region - no more locks needed - * @param key: a (just from rrset cache looked up) rrset key + valid, - * packed data record. - * @param region: where to alloc the copy - * @param now: adjust the TTLs to be relative (subtract from all TTLs). - * @return new region-alloced rrset key or NULL on alloc failure. - */ -struct ub_packed_rrset_key* packed_rrset_copy_region( - struct ub_packed_rrset_key* key, struct regional* region, - time_t now); - -/** - * Allocate rrset with malloc (from region or you are holding the lock). - * @param key: key with data entry. - * @param alloc: alloc_cache to create rrset_keys - * @param now: adjust the TTLs to be absolute (add to all TTLs). - * @return new region-alloced rrset key or NULL on alloc failure. - */ -struct ub_packed_rrset_key* packed_rrset_copy_alloc( - struct ub_packed_rrset_key* key, struct alloc_cache* alloc, - time_t now); - -#endif /* UTIL_DATA_PACKED_RRSET_H */ diff --git a/external/unbound/util/fptr_wlist.c b/external/unbound/util/fptr_wlist.c deleted file mode 100644 index 03244a123..000000000 --- a/external/unbound/util/fptr_wlist.c +++ /dev/null @@ -1,532 +0,0 @@ -/* - * util/fptr_wlist.c - function pointer whitelists. - * - * Copyright (c) 2007, NLnet Labs. All rights reserved. - * - * This software is open source. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * Redistributions of source code must retain the above copyright notice, - * this list of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, - * this list of conditions and the following disclaimer in the documentation - * and/or other materials provided with the distribution. - * - * Neither the name of the NLNET LABS nor the names of its contributors may - * be used to endorse or promote products derived from this software without - * specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR - * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT - * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED - * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR - * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF - * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING - * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -/** - * \file - * - * This file contains functions that check function pointers. - * The functions contain a whitelist of known good callback values. - * Any other values lead to an error. - * - * Due to the listing nature, this file violates all the modularization - * boundaries in the program. - */ -#include "config.h" -#include "util/fptr_wlist.h" -#include "util/mini_event.h" -#include "services/outside_network.h" -#include "services/mesh.h" -#include "services/localzone.h" -#include "services/cache/infra.h" -#include "services/cache/rrset.h" -#include "services/view.h" -#include "dns64/dns64.h" -#include "iterator/iterator.h" -#include "iterator/iter_fwd.h" -#include "validator/validator.h" -#include "validator/val_anchor.h" -#include "validator/val_nsec3.h" -#include "validator/val_sigcrypt.h" -#include "validator/val_kentry.h" -#include "validator/val_neg.h" -#include "validator/autotrust.h" -#include "util/data/msgreply.h" -#include "util/data/packed_rrset.h" -#include "util/storage/slabhash.h" -#include "util/storage/dnstree.h" -#include "util/locks.h" -#include "libunbound/libworker.h" -#include "libunbound/context.h" -#include "libunbound/worker.h" -#include "util/tube.h" -#include "util/config_file.h" -#ifdef UB_ON_WINDOWS -#include "winrc/win_svc.h" -#endif -#include "respip/respip.h" - -#ifdef WITH_PYTHONMODULE -#include "pythonmod/pythonmod.h" -#endif -#ifdef USE_CACHEDB -#include "cachedb/cachedb.h" -#endif -#ifdef CLIENT_SUBNET -#include "edns-subnet/subnetmod.h" -#endif - -int -fptr_whitelist_comm_point(comm_point_callback_type *fptr) -{ - if(fptr == &worker_handle_request) return 1; - else if(fptr == &outnet_udp_cb) return 1; - else if(fptr == &outnet_tcp_cb) return 1; - else if(fptr == &tube_handle_listen) return 1; - return 0; -} - -int -fptr_whitelist_comm_point_raw(comm_point_callback_type *fptr) -{ - if(fptr == &tube_handle_listen) return 1; - else if(fptr == &tube_handle_write) return 1; - else if(fptr == &remote_accept_callback) return 1; - else if(fptr == &remote_control_callback) return 1; - return 0; -} - -int -fptr_whitelist_comm_timer(void (*fptr)(void*)) -{ - if(fptr == &pending_udp_timer_cb) return 1; - else if(fptr == &outnet_tcptimer) return 1; - else if(fptr == &pending_udp_timer_delay_cb) return 1; - else if(fptr == &worker_stat_timer_cb) return 1; - else if(fptr == &worker_probe_timer_cb) return 1; -#ifdef UB_ON_WINDOWS - else if(fptr == &wsvc_cron_cb) return 1; -#endif - return 0; -} - -int -fptr_whitelist_comm_signal(void (*fptr)(int, void*)) -{ - if(fptr == &worker_sighandler) return 1; - return 0; -} - -int fptr_whitelist_start_accept(void (*fptr)(void*)) -{ - if(fptr == &worker_start_accept) return 1; - return 0; -} - -int fptr_whitelist_stop_accept(void (*fptr)(void*)) -{ - if(fptr == &worker_stop_accept) return 1; - return 0; -} - -int -fptr_whitelist_event(void (*fptr)(int, short, void *)) -{ - if(fptr == &comm_point_udp_callback) return 1; - else if(fptr == &comm_point_udp_ancil_callback) return 1; - else if(fptr == &comm_point_tcp_accept_callback) return 1; - else if(fptr == &comm_point_tcp_handle_callback) return 1; - else if(fptr == &comm_timer_callback) return 1; - else if(fptr == &comm_signal_callback) return 1; - else if(fptr == &comm_point_local_handle_callback) return 1; - else if(fptr == &comm_point_raw_handle_callback) return 1; - else if(fptr == &tube_handle_signal) return 1; - else if(fptr == &comm_base_handle_slow_accept) return 1; -#ifdef UB_ON_WINDOWS - else if(fptr == &worker_win_stop_cb) return 1; -#endif - return 0; -} - -int -fptr_whitelist_pending_udp(comm_point_callback_type *fptr) -{ - if(fptr == &serviced_udp_callback) return 1; - else if(fptr == &worker_handle_reply) return 1; - else if(fptr == &libworker_handle_reply) return 1; - return 0; -} - -int -fptr_whitelist_pending_tcp(comm_point_callback_type *fptr) -{ - if(fptr == &serviced_tcp_callback) return 1; - else if(fptr == &worker_handle_reply) return 1; - else if(fptr == &libworker_handle_reply) return 1; - return 0; -} - -int -fptr_whitelist_serviced_query(comm_point_callback_type *fptr) -{ - if(fptr == &worker_handle_service_reply) return 1; - else if(fptr == &libworker_handle_service_reply) return 1; - return 0; -} - -int -fptr_whitelist_rbtree_cmp(int (*fptr) (const void *, const void *)) -{ - if(fptr == &mesh_state_compare) return 1; - else if(fptr == &mesh_state_ref_compare) return 1; - else if(fptr == &addr_tree_compare) return 1; - else if(fptr == &local_zone_cmp) return 1; - else if(fptr == &local_data_cmp) return 1; - else if(fptr == &fwd_cmp) return 1; - else if(fptr == &pending_cmp) return 1; - else if(fptr == &serviced_cmp) return 1; - else if(fptr == &name_tree_compare) return 1; - else if(fptr == &order_lock_cmp) return 1; - else if(fptr == &codeline_cmp) return 1; - else if(fptr == &nsec3_hash_cmp) return 1; - else if(fptr == &mini_ev_cmp) return 1; - else if(fptr == &anchor_cmp) return 1; - else if(fptr == &canonical_tree_compare) return 1; - else if(fptr == &context_query_cmp) return 1; - else if(fptr == &val_neg_data_compare) return 1; - else if(fptr == &val_neg_zone_compare) return 1; - else if(fptr == &probetree_cmp) return 1; - else if(fptr == &replay_var_compare) return 1; - else if(fptr == &view_cmp) return 1; - return 0; -} - -int -fptr_whitelist_hash_sizefunc(lruhash_sizefunc_type fptr) -{ - if(fptr == &msgreply_sizefunc) return 1; - else if(fptr == &ub_rrset_sizefunc) return 1; - else if(fptr == &infra_sizefunc) return 1; - else if(fptr == &key_entry_sizefunc) return 1; - else if(fptr == &rate_sizefunc) return 1; - else if(fptr == &ip_rate_sizefunc) return 1; - else if(fptr == &test_slabhash_sizefunc) return 1; -#ifdef CLIENT_SUBNET - else if(fptr == &msg_cache_sizefunc) return 1; -#endif - return 0; -} - -int -fptr_whitelist_hash_compfunc(lruhash_compfunc_type fptr) -{ - if(fptr == &query_info_compare) return 1; - else if(fptr == &ub_rrset_compare) return 1; - else if(fptr == &infra_compfunc) return 1; - else if(fptr == &key_entry_compfunc) return 1; - else if(fptr == &rate_compfunc) return 1; - else if(fptr == &ip_rate_compfunc) return 1; - else if(fptr == &test_slabhash_compfunc) return 1; - return 0; -} - -int -fptr_whitelist_hash_delkeyfunc(lruhash_delkeyfunc_type fptr) -{ - if(fptr == &query_entry_delete) return 1; - else if(fptr == &ub_rrset_key_delete) return 1; - else if(fptr == &infra_delkeyfunc) return 1; - else if(fptr == &key_entry_delkeyfunc) return 1; - else if(fptr == &rate_delkeyfunc) return 1; - else if(fptr == &ip_rate_delkeyfunc) return 1; - else if(fptr == &test_slabhash_delkey) return 1; - return 0; -} - -int -fptr_whitelist_hash_deldatafunc(lruhash_deldatafunc_type fptr) -{ - if(fptr == &reply_info_delete) return 1; - else if(fptr == &rrset_data_delete) return 1; - else if(fptr == &infra_deldatafunc) return 1; - else if(fptr == &key_entry_deldatafunc) return 1; - else if(fptr == &rate_deldatafunc) return 1; - else if(fptr == &test_slabhash_deldata) return 1; -#ifdef CLIENT_SUBNET - else if(fptr == &subnet_data_delete) return 1; -#endif - return 0; -} - -int -fptr_whitelist_hash_markdelfunc(lruhash_markdelfunc_type fptr) -{ - if(fptr == NULL) return 1; - else if(fptr == &rrset_markdel) return 1; - return 0; -} - -/** whitelist env->send_query callbacks */ -int -fptr_whitelist_modenv_send_query(struct outbound_entry* (*fptr)( - struct query_info* qinfo, uint16_t flags, int dnssec, int want_dnssec, - int nocaps, struct sockaddr_storage* addr, socklen_t addrlen, - uint8_t* zone, size_t zonelen, int ssl_upstream, struct module_qstate* q)) -{ - if(fptr == &worker_send_query) return 1; - else if(fptr == &libworker_send_query) return 1; - return 0; -} - -int -fptr_whitelist_modenv_detach_subs(void (*fptr)( - struct module_qstate* qstate)) -{ - if(fptr == &mesh_detach_subs) return 1; - return 0; -} - -int -fptr_whitelist_modenv_attach_sub(int (*fptr)( - struct module_qstate* qstate, struct query_info* qinfo, - uint16_t qflags, int prime, int valrec, struct module_qstate** newq)) -{ - if(fptr == &mesh_attach_sub) return 1; - return 0; -} - -int -fptr_whitelist_modenv_kill_sub(void (*fptr)(struct module_qstate* newq)) -{ - if(fptr == &mesh_state_delete) return 1; - return 0; -} - -int -fptr_whitelist_modenv_detect_cycle(int (*fptr)( - struct module_qstate* qstate, struct query_info* qinfo, - uint16_t flags, int prime, int valrec)) -{ - if(fptr == &mesh_detect_cycle) return 1; - return 0; -} - -int -fptr_whitelist_mod_init(int (*fptr)(struct module_env* env, int id)) -{ - if(fptr == &iter_init) return 1; - else if(fptr == &val_init) return 1; - else if(fptr == &dns64_init) return 1; - else if(fptr == &respip_init) return 1; -#ifdef WITH_PYTHONMODULE - else if(fptr == &pythonmod_init) return 1; -#endif -#ifdef USE_CACHEDB - else if(fptr == &cachedb_init) return 1; -#endif -#ifdef CLIENT_SUBNET - else if(fptr == &subnetmod_init) return 1; -#endif - return 0; -} - -int -fptr_whitelist_mod_deinit(void (*fptr)(struct module_env* env, int id)) -{ - if(fptr == &iter_deinit) return 1; - else if(fptr == &val_deinit) return 1; - else if(fptr == &dns64_deinit) return 1; - else if(fptr == &respip_deinit) return 1; -#ifdef WITH_PYTHONMODULE - else if(fptr == &pythonmod_deinit) return 1; -#endif -#ifdef USE_CACHEDB - else if(fptr == &cachedb_deinit) return 1; -#endif -#ifdef CLIENT_SUBNET - else if(fptr == &subnetmod_deinit) return 1; -#endif - return 0; -} - -int -fptr_whitelist_mod_operate(void (*fptr)(struct module_qstate* qstate, - enum module_ev event, int id, struct outbound_entry* outbound)) -{ - if(fptr == &iter_operate) return 1; - else if(fptr == &val_operate) return 1; - else if(fptr == &dns64_operate) return 1; - else if(fptr == &respip_operate) return 1; -#ifdef WITH_PYTHONMODULE - else if(fptr == &pythonmod_operate) return 1; -#endif -#ifdef USE_CACHEDB - else if(fptr == &cachedb_operate) return 1; -#endif -#ifdef CLIENT_SUBNET - else if(fptr == &subnetmod_operate) return 1; -#endif - return 0; -} - -int -fptr_whitelist_mod_inform_super(void (*fptr)( - struct module_qstate* qstate, int id, struct module_qstate* super)) -{ - if(fptr == &iter_inform_super) return 1; - else if(fptr == &val_inform_super) return 1; - else if(fptr == &dns64_inform_super) return 1; - else if(fptr == &respip_inform_super) return 1; -#ifdef WITH_PYTHONMODULE - else if(fptr == &pythonmod_inform_super) return 1; -#endif -#ifdef USE_CACHEDB - else if(fptr == &cachedb_inform_super) return 1; -#endif -#ifdef CLIENT_SUBNET - else if(fptr == &subnetmod_inform_super) return 1; -#endif - return 0; -} - -int -fptr_whitelist_mod_clear(void (*fptr)(struct module_qstate* qstate, - int id)) -{ - if(fptr == &iter_clear) return 1; - else if(fptr == &val_clear) return 1; - else if(fptr == &dns64_clear) return 1; - else if(fptr == &respip_clear) return 1; -#ifdef WITH_PYTHONMODULE - else if(fptr == &pythonmod_clear) return 1; -#endif -#ifdef USE_CACHEDB - else if(fptr == &cachedb_clear) return 1; -#endif -#ifdef CLIENT_SUBNET - else if(fptr == &subnetmod_clear) return 1; -#endif - return 0; -} - -int -fptr_whitelist_mod_get_mem(size_t (*fptr)(struct module_env* env, int id)) -{ - if(fptr == &iter_get_mem) return 1; - else if(fptr == &val_get_mem) return 1; - else if(fptr == &dns64_get_mem) return 1; - else if(fptr == &respip_get_mem) return 1; -#ifdef WITH_PYTHONMODULE - else if(fptr == &pythonmod_get_mem) return 1; -#endif -#ifdef USE_CACHEDB - else if(fptr == &cachedb_get_mem) return 1; -#endif -#ifdef CLIENT_SUBNET - else if(fptr == &subnetmod_get_mem) return 1; -#endif - return 0; -} - -int -fptr_whitelist_alloc_cleanup(void (*fptr)(void*)) -{ - if(fptr == &worker_alloc_cleanup) return 1; - return 0; -} - -int fptr_whitelist_tube_listen(tube_callback_type* fptr) -{ - if(fptr == &worker_handle_control_cmd) return 1; - else if(fptr == &libworker_handle_control_cmd) return 1; - return 0; -} - -int fptr_whitelist_mesh_cb(mesh_cb_func_type fptr) -{ - if(fptr == &libworker_fg_done_cb) return 1; - else if(fptr == &libworker_bg_done_cb) return 1; - else if(fptr == &libworker_event_done_cb) return 1; - else if(fptr == &probe_answer_cb) return 1; - return 0; -} - -int fptr_whitelist_print_func(void (*fptr)(char*,void*)) -{ - if(fptr == &config_print_func) return 1; - else if(fptr == &config_collate_func) return 1; - else if(fptr == &remote_get_opt_ssl) return 1; - return 0; -} - -int fptr_whitelist_inplace_cb_reply_generic(inplace_cb_reply_func_type* fptr, - enum inplace_cb_list_type type) -{ -#ifndef WITH_PYTHONMODULE - (void)fptr; -#endif - if(type == inplace_cb_reply) { -#ifdef WITH_PYTHONMODULE - if(fptr == &python_inplace_cb_reply_generic) return 1; -#endif - } else if(type == inplace_cb_reply_cache) { -#ifdef WITH_PYTHONMODULE - if(fptr == &python_inplace_cb_reply_generic) return 1; -#endif - } else if(type == inplace_cb_reply_local) { -#ifdef WITH_PYTHONMODULE - if(fptr == &python_inplace_cb_reply_generic) return 1; -#endif - } else if(type == inplace_cb_reply_servfail) { -#ifdef WITH_PYTHONMODULE - if(fptr == &python_inplace_cb_reply_generic) return 1; -#endif - } - return 0; -} - -int fptr_whitelist_inplace_cb_query(inplace_cb_query_func_type* fptr) -{ -#ifdef CLIENT_SUBNET - if(fptr == &ecs_whitelist_check) - return 1; -#else - (void)fptr; -#endif - return 0; -} - -int fptr_whitelist_inplace_cb_edns_back_parsed( - inplace_cb_edns_back_parsed_func_type* fptr) -{ -#ifdef CLIENT_SUBNET - if(fptr == &ecs_edns_back_parsed) - return 1; -#else - (void)fptr; -#endif - return 0; -} - -int fptr_whitelist_inplace_cb_query_response( - inplace_cb_query_response_func_type* fptr) -{ -#ifdef CLIENT_SUBNET - if(fptr == &ecs_query_response) - return 1; -#else - (void)fptr; -#endif - return 0; -} diff --git a/external/unbound/util/fptr_wlist.h b/external/unbound/util/fptr_wlist.h deleted file mode 100644 index 653f8f0e7..000000000 --- a/external/unbound/util/fptr_wlist.h +++ /dev/null @@ -1,391 +0,0 @@ -/* - * util/fptr_wlist.h - function pointer whitelists. - * - * Copyright (c) 2007, NLnet Labs. All rights reserved. - * - * This software is open source. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * Redistributions of source code must retain the above copyright notice, - * this list of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, - * this list of conditions and the following disclaimer in the documentation - * and/or other materials provided with the distribution. - * - * Neither the name of the NLNET LABS nor the names of its contributors may - * be used to endorse or promote products derived from this software without - * specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR - * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT - * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED - * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR - * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF - * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING - * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -/** - * \file - * - * This file contains functions that check function pointers. - * The functions contain a whitelist of known good callback values. - * Any other values lead to an error. - * - * This prevent heap overflow based exploits, where the callback pointer - * is overwritten by a buffer overflow (apart from this defense, buffer - * overflows should be fixed of course). - * - * Function pointers are used in - * o network code callbacks. - * o rbtree, lruhash, region data manipulation - * in lruhash, the assertions are before the critical regions. - * in other places, assertions are before the callback. - * o module operations. - */ - -#ifndef UTIL_FPTR_WLIST_H -#define UTIL_FPTR_WLIST_H -#include "util/netevent.h" -#include "util/storage/lruhash.h" -#include "util/module.h" -#include "util/tube.h" -#include "services/mesh.h" - -/** - * Macro to perform an assertion check for fptr wlist checks. - * Does not get disabled in optimize mode. Check adds security by layers. - */ -#if defined(EXPORT_ALL_SYMBOLS) -#define fptr_ok(x) /* nothing, dll-exe memory layout on win disables it */ -#else -#define fptr_ok(x) \ - do { if(!(x)) \ - fatal_exit("%s:%d: %s: pointer whitelist %s failed", \ - __FILE__, __LINE__, __func__, #x); \ - } while(0); -#endif - -/** - * Check function pointer whitelist for comm_point callback values. - * - * @param fptr: function pointer to check. - * @return false if not in whitelist. - */ -int fptr_whitelist_comm_point(comm_point_callback_type *fptr); - -/** - * Check function pointer whitelist for raw comm_point callback values. - * - * @param fptr: function pointer to check. - * @return false if not in whitelist. - */ -int fptr_whitelist_comm_point_raw(comm_point_callback_type *fptr); - -/** - * Check function pointer whitelist for comm_timer callback values. - * - * @param fptr: function pointer to check. - * @return false if not in whitelist. - */ -int fptr_whitelist_comm_timer(void (*fptr)(void*)); - -/** - * Check function pointer whitelist for comm_signal callback values. - * - * @param fptr: function pointer to check. - * @return false if not in whitelist. - */ -int fptr_whitelist_comm_signal(void (*fptr)(int, void*)); - -/** - * Check function pointer whitelist for start_accept callback values. - * - * @param fptr: function pointer to check. - * @return false if not in whitelist. - */ -int fptr_whitelist_start_accept(void (*fptr)(void*)); - -/** - * Check function pointer whitelist for stop_accept callback values. - * - * @param fptr: function pointer to check. - * @return false if not in whitelist. - */ -int fptr_whitelist_stop_accept(void (*fptr)(void*)); - -/** - * Check function pointer whitelist for event structure callback values. - * This is not called by libevent itself, but checked by netevent. - * - * @param fptr: function pointer to check. - * @return false if not in whitelist. - */ -int fptr_whitelist_event(void (*fptr)(int, short, void *)); - -/** - * Check function pointer whitelist for pending udp callback values. - * - * @param fptr: function pointer to check. - * @return false if not in whitelist. - */ -int fptr_whitelist_pending_udp(comm_point_callback_type *fptr); - -/** - * Check function pointer whitelist for pending tcp callback values. - * - * @param fptr: function pointer to check. - * @return false if not in whitelist. - */ -int fptr_whitelist_pending_tcp(comm_point_callback_type *fptr); - -/** - * Check function pointer whitelist for serviced query callback values. - * - * @param fptr: function pointer to check. - * @return false if not in whitelist. - */ -int fptr_whitelist_serviced_query(comm_point_callback_type *fptr); - -/** - * Check function pointer whitelist for rbtree cmp callback values. - * - * @param fptr: function pointer to check. - * @return false if not in whitelist. - */ -int fptr_whitelist_rbtree_cmp(int (*fptr) (const void *, const void *)); - -/** - * Check function pointer whitelist for lruhash sizefunc callback values. - * - * @param fptr: function pointer to check. - * @return false if not in whitelist. - */ -int fptr_whitelist_hash_sizefunc(lruhash_sizefunc_type fptr); - -/** - * Check function pointer whitelist for lruhash compfunc callback values. - * - * @param fptr: function pointer to check. - * @return false if not in whitelist. - */ -int fptr_whitelist_hash_compfunc(lruhash_compfunc_type fptr); - -/** - * Check function pointer whitelist for lruhash delkeyfunc callback values. - * - * @param fptr: function pointer to check. - * @return false if not in whitelist. - */ -int fptr_whitelist_hash_delkeyfunc(lruhash_delkeyfunc_type fptr); - -/** - * Check function pointer whitelist for lruhash deldata callback values. - * - * @param fptr: function pointer to check. - * @return false if not in whitelist. - */ -int fptr_whitelist_hash_deldatafunc(lruhash_deldatafunc_type fptr); - -/** - * Check function pointer whitelist for lruhash markdel callback values. - * - * @param fptr: function pointer to check. - * @return false if not in whitelist. - */ -int fptr_whitelist_hash_markdelfunc(lruhash_markdelfunc_type fptr); - -/** - * Check function pointer whitelist for module_env send_query callback values. - * - * @param fptr: function pointer to check. - * @return false if not in whitelist. - */ -int fptr_whitelist_modenv_send_query(struct outbound_entry* (*fptr)( - struct query_info* qinfo, uint16_t flags, int dnssec, int want_dnssec, - int nocaps, struct sockaddr_storage* addr, socklen_t addrlen, - uint8_t* zone, size_t zonelen, int ssl_upstream, struct module_qstate* q)); - -/** - * Check function pointer whitelist for module_env detach_subs callback values. - * - * @param fptr: function pointer to check. - * @return false if not in whitelist. - */ -int fptr_whitelist_modenv_detach_subs(void (*fptr)( - struct module_qstate* qstate)); - -/** - * Check function pointer whitelist for module_env attach_sub callback values. - * - * @param fptr: function pointer to check. - * @return false if not in whitelist. - */ -int fptr_whitelist_modenv_attach_sub(int (*fptr)( - struct module_qstate* qstate, struct query_info* qinfo, - uint16_t qflags, int prime, int valrec, struct module_qstate** newq)); - -/** - * Check function pointer whitelist for module_env kill_sub callback values. - * - * @param fptr: function pointer to check. - * @return false if not in whitelist. - */ -int fptr_whitelist_modenv_kill_sub(void (*fptr)(struct module_qstate* newq)); - -/** - * Check function pointer whitelist for module_env detect_cycle callback values. - * - * @param fptr: function pointer to check. - * @return false if not in whitelist. - */ -int fptr_whitelist_modenv_detect_cycle(int (*fptr)( - struct module_qstate* qstate, struct query_info* qinfo, - uint16_t flags, int prime, int valrec)); - -/** - * Check function pointer whitelist for module init call values. - * - * @param fptr: function pointer to check. - * @return false if not in whitelist. - */ -int fptr_whitelist_mod_init(int (*fptr)(struct module_env* env, int id)); - -/** - * Check function pointer whitelist for module deinit call values. - * - * @param fptr: function pointer to check. - * @return false if not in whitelist. - */ -int fptr_whitelist_mod_deinit(void (*fptr)(struct module_env* env, int id)); - -/** - * Check function pointer whitelist for module operate call values. - * - * @param fptr: function pointer to check. - * @return false if not in whitelist. - */ -int fptr_whitelist_mod_operate(void (*fptr)(struct module_qstate* qstate, - enum module_ev event, int id, struct outbound_entry* outbound)); - -/** - * Check function pointer whitelist for module inform_super call values. - * - * @param fptr: function pointer to check. - * @return false if not in whitelist. - */ -int fptr_whitelist_mod_inform_super(void (*fptr)( - struct module_qstate* qstate, int id, struct module_qstate* super)); - -/** - * Check function pointer whitelist for module clear call values. - * - * @param fptr: function pointer to check. - * @return false if not in whitelist. - */ -int fptr_whitelist_mod_clear(void (*fptr)(struct module_qstate* qstate, - int id)); - -/** - * Check function pointer whitelist for module get_mem call values. - * - * @param fptr: function pointer to check. - * @return false if not in whitelist. - */ -int fptr_whitelist_mod_get_mem(size_t (*fptr)(struct module_env* env, int id)); - -/** - * Check function pointer whitelist for alloc clear on id overflow call values. - * - * @param fptr: function pointer to check. - * @return false if not in whitelist. - */ -int fptr_whitelist_alloc_cleanup(void (*fptr)(void*)); - -/** - * Check function pointer whitelist for tube listen handler values. - * - * @param fptr: function pointer to check. - * @return false if not in whitelist. - */ -int fptr_whitelist_tube_listen(tube_callback_type* fptr); - -/** - * Check function pointer whitelist for mesh state callback values. - * - * @param fptr: function pointer to check. - * @return false if not in whitelist. - */ -int fptr_whitelist_mesh_cb(mesh_cb_func_type fptr); - -/** - * Check function pointer whitelist for config_get_option func values. - * @param fptr: function pointer to check. - * @return false if not in whitelist. - */ -int fptr_whitelist_print_func(void (*fptr)(char*,void*)); - -/** - * Check function pointer whitelist for inplace_cb_reply, - * inplace_cb_reply_cache, inplace_cb_reply_local and inplace_cb_reply_servfail - * func values. - * @param fptr: function pointer to check. - * @param type: the type of the callback function. - * @return false if not in whitelist. - */ -int fptr_whitelist_inplace_cb_reply_generic(inplace_cb_reply_func_type* fptr, - enum inplace_cb_list_type type); - -/** - * Check function pointer whitelist for inplace_cb_query func values. - * @param fptr: function pointer to check. - * @return false if not in whitelist. - */ -int fptr_whitelist_inplace_cb_query(inplace_cb_query_func_type* fptr); - -/** - * Check function pointer whitelist for inplace_cb_edns_back_parsed func values. - * @param fptr: function pointer to check. - * @return false if not in whitelist. - */ -int fptr_whitelist_inplace_cb_edns_back_parsed( - inplace_cb_edns_back_parsed_func_type* fptr); - -/** - * Check function pointer whitelist for inplace_cb_query_response func values. - * @param fptr: function pointer to check. - * @return false if not in whitelist. - */ -int fptr_whitelist_inplace_cb_query_response( - inplace_cb_query_response_func_type* fptr); - -/** Due to module breakage by fptr wlist, these test app declarations - * are presented here */ -/** - * compare two order_ids from lock-verify test app - * @param e1: first order_id - * @param e2: second order_id - * @return compare code -1, 0, +1 (like memcmp). - */ -int order_lock_cmp(const void* e1, const void* e2); - -/** - * compare two codeline structs for rbtree from memstats test app - * @param a: codeline - * @param b: codeline - * @return compare code -1, 0, +1 (like memcmp). - */ -int codeline_cmp(const void* a, const void* b); - -/** compare two replay_vars */ -int replay_var_compare(const void* a, const void* b); - -#endif /* UTIL_FPTR_WLIST_H */ diff --git a/external/unbound/util/iana_ports.inc b/external/unbound/util/iana_ports.inc deleted file mode 100644 index 2555b2591..000000000 --- a/external/unbound/util/iana_ports.inc +++ /dev/null @@ -1,5465 +0,0 @@ -1, -2, -3, -5, -7, -9, -11, -13, -17, -18, -19, -20, -21, -22, -23, -24, -25, -27, -29, -31, -33, -35, -37, -38, -39, -41, -42, -43, -44, -45, -46, -47, -48, -49, -50, -52, -53, -54, -55, -56, -57, -58, -59, -61, -62, -63, -64, -65, -66, -67, -68, -69, -70, -71, -72, -73, -74, -75, -76, -77, -78, -79, -80, -82, -83, -84, -85, -86, -87, -88, -89, -90, -91, -92, -93, -94, -95, -96, -97, -98, -99, -101, -102, -103, -104, -105, -106, -107, -108, -109, -110, -111, -112, -113, -115, -116, -117, -118, -119, -120, -121, -122, -123, -124, -125, -126, -127, -128, -129, -130, -131, -132, -133, -134, -135, -136, -137, -138, -139, -140, -141, -142, -143, -144, -145, -146, -147, -148, -149, -150, -151, -152, -153, -154, -155, -156, -157, -158, -159, -160, -161, -162, -163, -164, -165, -166, -167, -168, -169, -170, -171, -172, -173, -174, -175, -176, -177, -178, -179, -180, -181, -182, -183, -184, -185, -186, -187, -188, -189, -190, -191, -192, -193, -194, -195, -196, -197, -198, -199, -200, -201, -202, -203, -204, -205, -206, -207, -208, -209, -210, -211, -212, -213, -214, -215, -216, -217, -218, -219, -220, -221, -222, -223, -224, -242, -243, -244, -245, -246, -247, -248, -256, -257, -259, -260, -261, -262, -263, -264, -265, -266, -267, -268, -269, -270, -280, -281, -282, -283, -284, -286, -287, -308, -309, -310, -311, -312, -313, -314, -315, -316, -317, -318, -319, -320, -321, -322, -333, -344, -345, -346, -347, -348, -349, -350, -351, -352, -353, -354, -355, -356, -357, -358, -359, -360, -361, -362, -363, -364, -365, -366, -367, -368, -369, -370, -371, -372, -373, -374, -375, -376, -377, -378, -379, -380, -381, -382, -383, -384, -385, -386, -387, -388, -389, -390, -391, -392, -393, -394, -395, -396, -397, -398, -399, -400, -401, -402, -403, -404, -405, -406, -407, -408, -409, -410, -411, -412, -413, -414, -415, -416, -417, -418, -419, -420, -421, -422, -423, -424, -425, -426, -427, -428, -429, -430, -431, -432, -433, -434, -435, -436, -437, -438, -439, -440, -441, -442, -443, -444, -445, -446, -447, -448, -449, -450, -451, -452, -453, -454, -455, -456, -457, -458, -459, -460, -461, -462, -463, -464, -465, -466, -467, -468, -469, -470, -471, -472, -473, -474, -475, -476, -477, -478, -479, -480, -481, -482, -483, -484, -485, -486, -487, -488, -489, -490, -491, -492, -493, -494, -495, -496, -497, -498, -499, -500, -501, -502, -503, -504, -505, -506, -507, -508, -509, -510, -511, -512, -513, -514, -515, -516, -517, -518, -519, -520, -521, -522, -523, -524, -525, -526, -527, -528, -529, -530, -531, -532, -533, -534, -535, -536, -537, -538, -539, -540, -541, -542, -543, -544, -545, -546, -547, -548, -549, -550, -551, -552, -553, -554, -555, -556, -557, -558, -559, -560, -561, -562, -563, -564, -565, -566, -567, -568, -569, -570, -571, -572, -573, -574, -575, -576, -577, -578, -579, -580, -581, -582, -583, -584, -586, -587, -588, -589, -590, -591, -592, -593, -594, -595, -596, -597, -598, -599, -600, -601, -602, -603, -604, -605, -606, -607, -608, -609, -610, -611, -612, -613, -614, -615, -616, -617, -618, -619, -620, -621, -622, -623, -624, -625, -626, -627, -628, -629, -630, -631, -632, -633, -634, -635, -636, -637, -638, -639, -640, -641, -642, -643, -644, -645, -646, -647, -648, -649, -650, -651, -652, -653, -654, -655, -656, -657, -658, -660, -661, -662, -663, -664, -665, -666, -667, -668, -669, -670, -671, -672, -673, -674, -675, -676, -677, -678, -679, -680, -681, -682, -683, -684, -685, -686, -687, -688, -689, -690, -691, -692, -693, -694, -695, -696, -697, -698, -699, -700, -701, -702, -704, -705, -706, -707, -709, -710, -711, -712, -713, -714, -715, -716, -729, -730, -731, -741, -742, -744, -747, -748, -749, -750, -751, -752, -753, -754, -758, -759, -760, -761, -762, -763, -764, -765, -767, -769, -770, -771, -772, -773, -774, -775, -776, -777, -780, -800, -801, -802, -810, -828, -829, -830, -831, -832, -833, -847, -848, -853, -854, -860, -861, -862, -873, -886, -887, -888, -900, -901, -902, -903, -910, -911, -912, -913, -989, -990, -991, -992, -993, -995, -996, -997, -998, -999, -1000, -1008, -1010, -1021, -1022, -1025, -1026, -1027, -1029, -1033, -1034, -1035, -1036, -1037, -1038, -1039, -1040, -1041, -1042, -1043, -1044, -1045, -1046, -1047, -1048, -1049, -1050, -1051, -1052, -1053, -1054, -1055, -1056, -1057, -1058, -1059, -1060, -1061, -1062, -1063, -1064, -1065, -1066, -1067, -1068, -1069, -1070, -1071, -1072, -1073, -1074, -1075, -1076, -1077, -1078, -1079, -1080, -1081, -1082, -1083, -1084, -1085, -1086, -1087, -1088, -1089, -1090, -1091, -1092, -1093, -1094, -1095, -1096, -1097, -1098, -1099, -1100, -1101, -1102, -1103, -1104, -1105, -1106, -1107, -1108, -1110, -1111, -1112, -1113, -1114, -1115, -1116, -1117, -1118, -1119, -1120, -1121, -1122, -1123, -1124, -1125, -1126, -1127, -1128, -1129, -1130, -1131, -1132, -1133, -1134, -1135, -1136, -1137, -1138, -1139, -1140, -1141, -1142, -1143, -1144, -1145, -1146, -1147, -1148, -1149, -1150, -1151, -1152, -1153, -1154, -1155, -1156, -1157, -1158, -1159, -1160, -1161, -1162, -1163, -1164, -1165, -1166, -1167, -1168, -1169, -1170, -1171, -1172, -1173, -1174, -1175, -1176, -1177, -1178, -1179, -1180, -1181, -1182, -1183, -1184, -1185, -1186, -1187, -1188, -1189, -1190, -1191, -1192, -1193, -1194, -1195, -1196, -1197, -1198, -1199, -1200, -1201, -1202, -1203, -1204, -1205, -1206, -1207, -1208, -1209, -1210, -1211, -1212, -1213, -1214, -1215, -1216, -1217, -1218, -1219, -1220, -1221, -1222, -1223, -1224, -1225, -1226, -1227, -1228, -1229, -1230, -1231, -1232, -1233, -1234, -1235, -1236, -1237, -1238, -1239, -1240, -1241, -1242, -1243, -1244, -1245, -1246, -1247, -1248, -1249, -1250, -1251, -1252, -1253, -1254, -1255, -1256, -1257, -1258, -1259, -1260, -1261, -1262, -1263, -1264, -1265, -1266, -1267, -1268, -1269, -1270, -1271, -1272, -1273, -1274, -1275, -1277, -1278, -1279, -1280, -1281, -1282, -1283, -1284, -1285, -1286, -1287, -1288, -1289, -1290, -1291, -1292, -1293, -1294, -1295, -1296, -1297, -1298, -1299, -1300, -1301, -1302, -1303, -1304, -1305, -1306, -1307, -1308, -1309, -1310, -1311, -1312, -1313, -1314, -1315, -1316, -1317, -1318, -1319, -1320, -1321, -1322, -1323, -1324, -1325, -1326, -1327, -1328, -1329, -1330, -1331, -1332, -1333, -1334, -1335, -1336, -1337, -1338, -1339, -1340, -1341, -1342, -1343, -1344, -1345, -1346, -1347, -1348, -1349, -1350, -1351, -1352, -1353, -1354, -1355, -1356, -1357, -1358, -1359, -1360, -1361, -1362, -1363, -1364, -1365, -1366, -1367, -1368, -1369, -1370, -1371, -1372, -1373, -1374, -1375, -1376, -1377, -1378, -1379, -1380, -1381, -1382, -1383, -1384, -1385, -1386, -1387, -1388, -1389, -1390, -1391, -1392, -1393, -1394, -1395, -1396, -1397, -1398, -1399, -1400, -1401, -1402, -1403, -1404, -1405, -1406, -1408, -1409, -1410, -1411, -1412, -1413, -1414, -1415, -1416, -1417, -1418, -1419, -1420, -1421, -1422, -1423, -1424, -1425, -1426, -1427, -1428, -1429, -1430, -1431, -1432, -1433, -1434, -1435, -1436, -1437, -1438, -1439, -1440, -1441, -1442, -1443, -1444, -1445, -1446, -1447, -1448, -1449, -1450, -1451, -1452, -1453, -1454, -1455, -1456, -1457, -1458, -1459, -1460, -1461, -1462, -1463, -1464, -1465, -1466, -1467, -1468, -1469, -1470, -1471, -1472, -1473, -1474, -1475, -1476, -1477, -1478, -1479, -1480, -1481, -1482, -1483, -1484, -1485, -1486, -1487, -1488, -1489, -1490, -1492, -1493, -1494, -1495, -1496, -1497, -1498, -1499, -1500, -1501, -1502, -1503, -1504, -1505, -1506, -1507, -1508, -1509, -1510, -1511, -1512, -1513, -1514, -1515, -1516, -1517, -1518, -1519, -1520, -1521, -1522, -1523, -1524, -1525, -1526, -1527, -1528, -1529, -1530, -1531, -1532, -1533, -1534, -1535, -1536, -1537, -1538, -1539, -1540, -1541, -1542, -1543, -1544, -1545, -1546, -1547, -1548, -1549, -1550, -1551, -1552, -1553, -1554, -1555, -1556, -1557, -1558, -1559, -1560, -1561, -1562, -1563, -1564, -1565, -1566, -1567, -1568, -1569, -1570, -1571, -1572, -1573, -1574, -1575, -1576, -1577, -1578, -1579, -1580, -1581, -1582, -1583, -1584, -1585, -1586, -1587, -1588, -1589, -1590, -1591, -1592, -1593, -1594, -1595, -1596, -1597, -1598, -1599, -1600, -1601, -1602, -1603, -1604, -1605, -1606, -1607, -1608, -1609, -1610, -1611, -1612, -1613, -1614, -1615, -1616, -1617, -1618, -1619, -1620, -1621, -1622, -1623, -1624, -1625, -1626, -1627, -1628, -1629, -1630, -1631, -1632, -1633, -1634, -1635, -1636, -1637, -1638, -1639, -1640, -1641, -1642, -1643, -1644, -1645, -1646, -1647, -1648, -1649, -1650, -1651, -1652, -1653, -1654, -1655, -1656, -1657, -1658, -1659, -1660, -1661, -1662, -1663, -1664, -1665, -1666, -1667, -1668, -1669, -1670, -1671, -1672, -1673, -1674, -1675, -1676, -1677, -1678, -1679, -1680, -1681, -1682, -1683, -1684, -1685, -1686, -1687, -1688, -1689, -1690, -1691, -1692, -1693, -1694, -1695, -1696, -1697, -1698, -1699, -1700, -1701, -1702, -1703, -1704, -1705, -1706, -1707, -1708, -1709, -1710, -1711, -1712, -1713, -1714, -1715, -1716, -1717, -1718, -1719, -1720, -1721, -1722, -1723, -1724, -1725, -1726, -1727, -1728, -1729, -1730, -1731, -1732, -1733, -1734, -1735, -1736, -1737, -1738, -1739, -1740, -1741, -1742, -1743, -1744, -1745, -1746, -1747, -1748, -1749, -1750, -1751, -1752, -1754, -1755, -1756, -1757, -1758, -1759, -1760, -1761, -1762, -1763, -1764, -1765, -1766, -1767, -1768, -1769, -1770, -1771, -1772, -1773, -1774, -1776, -1777, -1778, -1779, -1780, -1781, -1782, -1784, -1785, -1786, -1787, -1788, -1789, -1790, -1791, -1792, -1793, -1794, -1795, -1796, -1797, -1798, -1799, -1800, -1801, -1802, -1803, -1804, -1805, -1806, -1807, -1808, -1809, -1810, -1811, -1812, -1813, -1814, -1815, -1816, -1817, -1818, -1819, -1820, -1821, -1822, -1823, -1824, -1825, -1826, -1827, -1828, -1829, -1830, -1831, -1832, -1833, -1834, -1835, -1836, -1837, -1838, -1839, -1840, -1841, -1842, -1843, -1844, -1845, -1846, -1847, -1848, -1849, -1850, -1851, -1852, -1853, -1854, -1855, -1856, -1857, -1858, -1859, -1860, -1861, -1862, -1863, -1864, -1865, -1866, -1867, -1868, -1869, -1870, -1871, -1872, -1873, -1874, -1875, -1876, -1877, -1878, -1879, -1880, -1881, -1882, -1883, -1884, -1885, -1886, -1887, -1888, -1889, -1890, -1891, -1892, -1893, -1894, -1896, -1897, -1898, -1899, -1900, -1901, -1902, -1903, -1904, -1905, -1906, -1907, -1908, -1909, -1910, -1911, -1912, -1913, -1914, -1915, -1916, -1917, -1918, -1919, -1920, -1921, -1922, -1923, -1924, -1925, -1926, -1927, -1928, -1929, -1930, -1931, -1932, -1933, -1934, -1935, -1936, -1937, -1938, -1939, -1940, -1941, -1942, -1943, -1944, -1945, -1946, -1947, -1948, -1949, -1950, -1951, -1952, -1953, -1954, -1955, -1956, -1957, -1958, -1959, -1960, -1961, -1962, -1963, -1964, -1965, -1966, -1967, -1968, -1969, -1970, -1971, -1972, -1973, -1974, -1975, -1976, -1977, -1978, -1979, -1980, -1981, -1982, -1983, -1984, -1985, -1986, -1987, -1988, -1989, -1990, -1991, -1992, -1993, -1994, -1995, -1996, -1997, -1998, -1999, -2000, -2001, -2002, -2003, -2004, -2005, -2006, -2007, -2008, -2009, -2010, -2011, -2012, -2013, -2014, -2015, -2016, -2017, -2018, -2019, -2020, -2021, -2022, -2023, -2024, -2025, -2026, -2027, -2028, -2029, -2030, -2031, -2032, -2033, -2034, -2035, -2036, -2037, -2038, -2039, -2040, -2041, -2042, -2043, -2044, -2045, -2046, -2047, -2048, -2049, -2050, -2051, -2052, -2053, -2054, -2055, -2056, -2057, -2058, -2059, -2060, -2061, -2062, -2063, -2064, -2065, -2066, -2067, -2068, -2069, -2070, -2071, -2072, -2073, -2074, -2075, -2076, -2077, -2078, -2079, -2080, -2081, -2082, -2083, -2084, -2085, -2086, -2087, -2088, -2089, -2090, -2091, -2092, -2093, -2094, -2095, -2096, -2097, -2098, -2099, -2100, -2101, -2102, -2103, -2104, -2105, -2106, -2107, -2108, -2109, -2110, -2111, -2112, -2113, -2114, -2115, -2116, -2117, -2118, -2119, -2120, -2121, -2122, -2123, -2124, -2125, -2126, -2127, -2128, -2129, -2130, -2131, -2132, -2133, -2134, -2135, -2136, -2137, -2138, -2139, -2140, -2141, -2142, -2143, -2144, -2145, -2146, -2147, -2148, -2149, -2150, -2151, -2152, -2153, -2154, -2155, -2156, -2157, -2158, -2159, -2160, -2161, -2162, -2163, -2164, -2165, -2166, -2167, -2168, -2169, -2170, -2171, -2172, -2173, -2174, -2175, -2176, -2177, -2178, -2179, -2180, -2181, -2182, -2183, -2184, -2185, -2186, -2187, -2190, -2191, -2192, -2193, -2197, -2198, -2199, -2200, -2201, -2202, -2203, -2204, -2205, -2206, -2207, -2208, -2209, -2210, -2211, -2212, -2213, -2214, -2215, -2216, -2217, -2218, -2219, -2220, -2221, -2222, -2223, -2224, -2226, -2227, -2228, -2229, -2230, -2231, -2232, -2233, -2234, -2235, -2236, -2237, -2238, -2239, -2240, -2241, -2242, -2243, -2244, -2245, -2246, -2247, -2248, -2249, -2250, -2251, -2252, -2253, -2254, -2255, -2256, -2257, -2258, -2260, -2261, -2262, -2263, -2264, -2265, -2266, -2267, -2268, -2269, -2270, -2271, -2272, -2273, -2274, -2275, -2276, -2277, -2278, -2279, -2280, -2281, -2282, -2283, -2284, -2285, -2286, -2287, -2288, -2289, -2290, -2291, -2292, -2293, -2294, -2295, -2296, -2297, -2298, -2299, -2300, -2301, -2302, -2303, -2304, -2305, -2306, -2307, -2308, -2309, -2310, -2311, -2312, -2313, -2314, -2315, -2316, -2317, -2318, -2319, -2320, -2321, -2322, -2323, -2324, -2325, -2326, -2327, -2328, -2329, -2330, -2331, -2332, -2333, -2334, -2335, -2336, -2337, -2338, -2339, -2340, -2341, -2342, -2343, -2344, -2345, -2346, -2347, -2348, -2349, -2350, -2351, -2352, -2353, -2354, -2355, -2356, -2357, -2358, -2359, -2360, -2361, -2362, -2363, -2364, -2365, -2366, -2367, -2368, -2370, -2372, -2381, -2382, -2383, -2384, -2385, -2386, -2387, -2388, -2389, -2390, -2391, -2392, -2393, -2394, -2395, -2396, -2397, -2398, -2399, -2400, -2401, -2402, -2403, -2404, -2405, -2406, -2407, -2409, -2410, -2411, -2412, -2413, -2414, -2415, -2416, -2417, -2418, -2419, -2420, -2421, -2422, -2423, -2424, -2425, -2426, -2427, -2428, -2429, -2430, -2431, -2432, -2433, -2434, -2435, -2436, -2437, -2438, -2439, -2440, -2441, -2442, -2443, -2444, -2445, -2446, -2447, -2448, -2449, -2450, -2451, -2452, -2453, -2454, -2455, -2456, -2457, -2458, -2459, -2460, -2461, -2462, -2463, -2464, -2465, -2466, -2467, -2468, -2469, -2470, -2471, -2472, -2473, -2474, -2475, -2476, -2477, -2478, -2479, -2480, -2481, -2482, -2483, -2484, -2485, -2486, -2487, -2488, -2489, -2490, -2491, -2492, -2493, -2494, -2495, -2496, -2497, -2498, -2499, -2500, -2501, -2502, -2503, -2504, -2505, -2506, -2507, -2508, -2509, -2510, -2511, -2512, -2513, -2514, -2515, -2516, -2517, -2518, -2519, -2520, -2521, -2522, -2523, -2524, -2525, -2526, -2527, -2528, -2529, -2530, -2531, -2532, -2533, -2534, -2535, -2536, -2537, -2538, -2539, -2540, -2541, -2542, -2543, -2544, -2545, -2546, -2547, -2548, -2549, -2550, -2551, -2552, -2553, -2554, -2555, -2556, -2557, -2558, -2559, -2560, -2561, -2562, -2563, -2564, -2565, -2566, -2567, -2568, -2569, -2570, -2571, -2572, -2573, -2574, -2575, -2576, -2577, -2578, -2579, -2580, -2581, -2582, -2583, -2584, -2585, -2586, -2587, -2588, -2589, -2590, -2591, -2592, -2593, -2594, -2595, -2596, -2597, -2598, -2599, -2600, -2601, -2602, -2603, -2604, -2605, -2606, -2607, -2608, -2609, -2610, -2611, -2612, -2613, -2614, -2615, -2616, -2617, -2618, -2619, -2620, -2621, -2622, -2623, -2624, -2625, -2626, -2627, -2628, -2629, -2630, -2631, -2632, -2633, -2634, -2635, -2636, -2637, -2638, -2639, -2640, -2641, -2642, -2643, -2644, -2645, -2646, -2647, -2648, -2649, -2650, -2651, -2652, -2653, -2654, -2655, -2656, -2657, -2658, -2659, -2660, -2661, -2662, -2663, -2664, -2665, -2666, -2667, -2668, -2669, -2670, -2671, -2672, -2673, -2674, -2675, -2676, -2677, -2678, -2679, -2680, -2681, -2683, -2684, -2685, -2686, -2687, -2688, -2689, -2690, -2691, -2692, -2694, -2695, -2696, -2697, -2698, -2699, -2700, -2701, -2702, -2703, -2704, -2705, -2706, -2707, -2708, -2709, -2710, -2711, -2712, -2713, -2714, -2715, -2716, -2717, -2718, -2719, -2720, -2721, -2722, -2723, -2724, -2725, -2726, -2727, -2728, -2729, -2730, -2731, -2732, -2733, -2734, -2735, -2736, -2737, -2738, -2739, -2740, -2741, -2742, -2743, -2744, -2745, -2746, -2747, -2748, -2749, -2750, -2751, -2752, -2753, -2754, -2755, -2756, -2757, -2758, -2759, -2760, -2761, -2762, -2763, -2764, -2765, -2766, -2767, -2768, -2769, -2770, -2771, -2772, -2773, -2774, -2775, -2776, -2777, -2778, -2779, -2780, -2781, -2782, -2783, -2784, -2785, -2786, -2787, -2788, -2789, -2790, -2791, -2792, -2793, -2795, -2796, -2797, -2798, -2799, -2800, -2801, -2802, -2803, -2804, -2805, -2806, -2807, -2808, -2809, -2810, -2811, -2812, -2813, -2814, -2815, -2816, -2817, -2818, -2819, -2820, -2821, -2822, -2823, -2824, -2826, -2827, -2828, -2829, -2830, -2831, -2832, -2833, -2834, -2835, -2836, -2837, -2838, -2839, -2840, -2841, -2842, -2843, -2844, -2845, -2846, -2847, -2848, -2849, -2850, -2851, -2852, -2853, -2854, -2856, -2857, -2858, -2859, -2860, -2861, -2862, -2863, -2864, -2865, -2866, -2867, -2868, -2869, -2870, -2871, -2872, -2874, -2875, -2876, -2877, -2878, -2879, -2880, -2881, -2882, -2883, -2884, -2885, -2886, -2887, -2888, -2889, -2890, -2891, -2892, -2893, -2894, -2895, -2896, -2897, -2898, -2899, -2900, -2901, -2902, -2903, -2904, -2906, -2907, -2908, -2909, -2910, -2911, -2912, -2913, -2914, -2915, -2916, -2917, -2918, -2919, -2920, -2921, -2922, -2923, -2924, -2926, -2927, -2928, -2929, -2930, -2931, -2932, -2933, -2934, -2935, -2936, -2937, -2938, -2939, -2940, -2941, -2942, -2943, -2944, -2945, -2946, -2947, -2948, -2949, -2950, -2951, -2952, -2953, -2954, -2955, -2956, -2957, -2958, -2959, -2960, -2961, -2962, -2963, -2964, -2965, -2966, -2967, -2968, -2969, -2970, -2971, -2972, -2973, -2974, -2975, -2976, -2977, -2978, -2979, -2980, -2981, -2982, -2983, -2984, -2985, -2986, -2987, -2988, -2989, -2990, -2991, -2992, -2993, -2994, -2995, -2996, -2997, -2998, -3000, -3002, -3003, -3004, -3005, -3006, -3007, -3008, -3009, -3010, -3011, -3012, -3013, -3014, -3015, -3016, -3017, -3018, -3019, -3020, -3021, -3022, -3023, -3024, -3025, -3026, -3027, -3028, -3029, -3030, -3031, -3032, -3033, -3034, -3035, -3036, -3037, -3038, -3039, -3040, -3041, -3042, -3043, -3044, -3045, -3046, -3047, -3048, -3049, -3050, -3051, -3052, -3053, -3054, -3055, -3056, -3057, -3058, -3059, -3060, -3061, -3062, -3063, -3064, -3065, -3066, -3067, -3068, -3069, -3070, -3071, -3072, -3073, -3074, -3075, -3076, -3077, -3078, -3079, -3080, -3081, -3082, -3083, -3084, -3085, -3086, -3087, -3088, -3089, -3090, -3091, -3093, -3094, -3095, -3096, -3098, -3099, -3100, -3101, -3102, -3103, -3104, -3105, -3106, -3107, -3108, -3109, -3110, -3111, -3112, -3113, -3114, -3115, -3116, -3117, -3118, -3119, -3120, -3122, -3123, -3124, -3125, -3127, -3128, -3129, -3130, -3131, -3132, -3133, -3134, -3135, -3136, -3137, -3138, -3139, -3140, -3141, -3142, -3143, -3144, -3145, -3146, -3147, -3148, -3149, -3150, -3151, -3152, -3153, -3154, -3155, -3156, -3157, -3158, -3159, -3160, -3161, -3162, -3163, -3164, -3165, -3166, -3167, -3168, -3169, -3170, -3171, -3172, -3173, -3174, -3175, -3176, -3177, -3178, -3179, -3180, -3181, -3182, -3183, -3184, -3185, -3186, -3187, -3188, -3189, -3190, -3191, -3192, -3193, -3194, -3195, -3196, -3197, -3198, -3199, -3200, -3201, -3202, -3203, -3204, -3205, -3206, -3207, -3208, -3209, -3210, -3211, -3212, -3213, -3214, -3215, -3216, -3217, -3218, -3219, -3220, -3221, -3222, -3223, -3224, -3225, -3226, -3227, -3228, -3229, -3230, -3231, -3232, -3233, -3234, -3235, -3236, -3237, -3238, -3239, -3240, -3241, -3242, -3243, -3244, -3245, -3246, -3247, -3248, -3249, -3250, -3251, -3252, -3253, -3254, -3255, -3256, -3257, -3258, -3259, -3260, -3261, -3262, -3263, -3264, -3265, -3266, -3267, -3268, -3269, -3270, -3271, -3272, -3273, -3274, -3275, -3276, -3277, -3278, -3279, -3280, -3281, -3282, -3283, -3284, -3285, -3286, -3287, -3288, -3289, -3290, -3291, -3292, -3293, -3294, -3295, -3296, -3297, -3298, -3299, -3302, -3303, -3304, -3305, -3306, -3307, -3308, -3309, -3310, -3311, -3312, -3313, -3314, -3315, -3316, -3317, -3318, -3319, -3320, -3321, -3326, -3327, -3328, -3329, -3330, -3331, -3332, -3333, -3334, -3335, -3336, -3337, -3338, -3339, -3340, -3341, -3342, -3343, -3344, -3345, -3346, -3347, -3348, -3349, -3350, -3351, -3352, -3353, -3354, -3355, -3356, -3357, -3358, -3359, -3360, -3361, -3362, -3363, -3364, -3365, -3366, -3372, -3373, -3374, -3375, -3376, -3377, -3378, -3379, -3380, -3381, -3382, -3383, -3384, -3385, -3386, -3387, -3388, -3389, -3390, -3391, -3392, -3393, -3394, -3395, -3396, -3397, -3398, -3399, -3400, -3401, -3402, -3405, -3406, -3407, -3408, -3409, -3410, -3411, -3412, -3413, -3414, -3415, -3416, -3417, -3418, -3419, -3420, -3421, -3422, -3423, -3424, -3425, -3426, -3427, -3428, -3429, -3430, -3431, -3432, -3433, -3434, -3435, -3436, -3437, -3438, -3439, -3440, -3441, -3442, -3443, -3444, -3445, -3446, -3447, -3448, -3449, -3450, -3451, -3452, -3453, -3454, -3455, -3456, -3457, -3458, -3459, -3460, -3461, -3462, -3463, -3464, -3465, -3466, -3467, -3468, -3469, -3470, -3471, -3472, -3473, -3474, -3475, -3476, -3477, -3478, -3479, -3480, -3481, -3482, -3483, -3484, -3485, -3486, -3487, -3488, -3489, -3490, -3491, -3492, -3493, -3494, -3495, -3496, -3497, -3498, -3499, -3500, -3501, -3502, -3503, -3504, -3505, -3506, -3507, -3508, -3509, -3510, -3511, -3512, -3513, -3514, -3515, -3516, -3517, -3518, -3519, -3520, -3521, -3522, -3523, -3524, -3525, -3526, -3527, -3528, -3529, -3530, -3531, -3532, -3533, -3534, -3535, -3536, -3537, -3538, -3539, -3540, -3541, -3542, -3543, -3544, -3545, -3547, -3548, -3549, -3550, -3551, -3552, -3553, -3554, -3555, -3556, -3557, -3558, -3559, -3560, -3561, -3562, -3563, -3564, -3567, -3568, -3569, -3570, -3571, -3572, -3573, -3574, -3575, -3576, -3577, -3578, -3579, -3580, -3581, -3582, -3583, -3584, -3585, -3586, -3587, -3588, -3589, -3590, -3591, -3592, -3593, -3594, -3595, -3596, -3597, -3598, -3599, -3600, -3601, -3602, -3603, -3604, -3605, -3606, -3607, -3608, -3609, -3610, -3611, -3612, -3613, -3614, -3615, -3616, -3617, -3618, -3619, -3620, -3621, -3622, -3623, -3624, -3625, -3626, -3627, -3628, -3629, -3630, -3631, -3632, -3633, -3634, -3635, -3636, -3637, -3638, -3639, -3640, -3641, -3642, -3643, -3644, -3645, -3646, -3647, -3648, -3649, -3650, -3651, -3652, -3653, -3654, -3655, -3656, -3657, -3658, -3659, -3660, -3661, -3662, -3663, -3664, -3665, -3666, -3667, -3668, -3669, -3670, -3671, -3672, -3673, -3674, -3675, -3676, -3677, -3678, -3679, -3680, -3681, -3682, -3683, -3684, -3685, -3686, -3687, -3688, -3689, -3690, -3691, -3692, -3695, -3696, -3697, -3698, -3699, -3700, -3701, -3702, -3703, -3704, -3705, -3706, -3707, -3708, -3709, -3710, -3711, -3712, -3713, -3714, -3715, -3716, -3717, -3718, -3719, -3720, -3721, -3722, -3723, -3724, -3725, -3726, -3727, -3728, -3729, -3730, -3731, -3732, -3733, -3734, -3735, -3736, -3738, -3739, -3740, -3741, -3742, -3743, -3744, -3745, -3746, -3747, -3748, -3749, -3750, -3751, -3752, -3753, -3754, -3755, -3756, -3757, -3758, -3759, -3760, -3761, -3762, -3763, -3764, -3765, -3767, -3768, -3769, -3770, -3771, -3772, -3773, -3774, -3775, -3776, -3777, -3778, -3779, -3780, -3781, -3782, -3783, -3784, -3785, -3786, -3787, -3788, -3789, -3790, -3791, -3792, -3793, -3794, -3795, -3796, -3797, -3798, -3799, -3800, -3801, -3802, -3803, -3804, -3805, -3806, -3807, -3808, -3809, -3810, -3811, -3812, -3813, -3814, -3815, -3816, -3817, -3818, -3819, -3820, -3821, -3822, -3823, -3824, -3825, -3826, -3827, -3828, -3829, -3830, -3831, -3832, -3833, -3834, -3835, -3836, -3837, -3838, -3839, -3840, -3842, -3843, -3844, -3845, -3846, -3847, -3848, -3849, -3850, -3851, -3852, -3853, -3854, -3855, -3856, -3857, -3858, -3859, -3860, -3861, -3862, -3863, -3865, -3866, -3867, -3869, -3870, -3871, -3872, -3873, -3874, -3875, -3876, -3877, -3878, -3879, -3880, -3881, -3882, -3883, -3884, -3885, -3886, -3887, -3888, -3889, -3890, -3891, -3892, -3893, -3894, -3895, -3896, -3897, -3898, -3899, -3900, -3901, -3902, -3903, -3904, -3905, -3906, -3907, -3908, -3909, -3910, -3911, -3912, -3913, -3914, -3915, -3916, -3917, -3918, -3919, -3920, -3921, -3922, -3923, -3924, -3925, -3926, -3927, -3928, -3929, -3930, -3931, -3932, -3933, -3934, -3935, -3936, -3937, -3938, -3939, -3940, -3941, -3942, -3943, -3944, -3945, -3946, -3947, -3948, -3949, -3950, -3951, -3952, -3953, -3954, -3955, -3956, -3957, -3958, -3959, -3960, -3961, -3962, -3963, -3964, -3965, -3966, -3967, -3968, -3969, -3970, -3971, -3972, -3973, -3974, -3975, -3976, -3977, -3978, -3979, -3980, -3981, -3982, -3983, -3984, -3985, -3986, -3987, -3988, -3989, -3990, -3991, -3992, -3993, -3995, -3996, -3997, -3998, -3999, -4000, -4001, -4002, -4003, -4004, -4005, -4006, -4007, -4008, -4009, -4010, -4011, -4012, -4013, -4014, -4015, -4016, -4017, -4018, -4019, -4020, -4021, -4022, -4023, -4024, -4025, -4026, -4027, -4028, -4029, -4030, -4031, -4032, -4033, -4034, -4035, -4036, -4037, -4038, -4039, -4040, -4041, -4042, -4043, -4044, -4045, -4046, -4047, -4049, -4050, -4051, -4052, -4053, -4054, -4055, -4056, -4057, -4058, -4059, -4060, -4061, -4062, -4063, -4064, -4065, -4066, -4067, -4068, -4069, -4070, -4071, -4072, -4073, -4074, -4075, -4076, -4077, -4079, -4080, -4081, -4082, -4083, -4084, -4086, -4089, -4090, -4091, -4092, -4093, -4094, -4095, -4096, -4097, -4098, -4099, -4100, -4101, -4102, -4103, -4104, -4105, -4106, -4107, -4108, -4109, -4110, -4111, -4112, -4113, -4114, -4115, -4116, -4117, -4118, -4119, -4121, -4122, -4123, -4124, -4125, -4126, -4127, -4128, -4129, -4130, -4131, -4132, -4133, -4134, -4135, -4136, -4137, -4138, -4139, -4140, -4141, -4142, -4143, -4145, -4146, -4147, -4148, -4149, -4150, -4151, -4152, -4153, -4154, -4155, -4156, -4157, -4158, -4159, -4160, -4161, -4162, -4163, -4164, -4165, -4166, -4167, -4168, -4169, -4172, -4173, -4174, -4177, -4178, -4179, -4180, -4181, -4182, -4183, -4184, -4185, -4188, -4191, -4192, -4197, -4199, -4300, -4301, -4302, -4303, -4304, -4305, -4306, -4307, -4308, -4309, -4310, -4320, -4321, -4322, -4323, -4325, -4326, -4327, -4328, -4333, -4340, -4341, -4342, -4343, -4344, -4345, -4346, -4347, -4348, -4349, -4350, -4351, -4352, -4353, -4354, -4355, -4356, -4357, -4358, -4359, -4361, -4362, -4366, -4368, -4369, -4370, -4371, -4372, -4373, -4375, -4376, -4377, -4378, -4379, -4389, -4390, -4394, -4395, -4400, -4401, -4402, -4403, -4404, -4405, -4406, -4412, -4413, -4416, -4418, -4420, -4425, -4426, -4430, -4432, -4441, -4442, -4443, -4444, -4445, -4446, -4447, -4448, -4449, -4450, -4451, -4452, -4453, -4454, -4455, -4456, -4457, -4458, -4484, -4486, -4488, -4500, -4534, -4535, -4536, -4537, -4538, -4545, -4546, -4547, -4548, -4549, -4550, -4551, -4552, -4554, -4555, -4556, -4557, -4558, -4559, -4566, -4567, -4568, -4569, -4591, -4592, -4593, -4594, -4595, -4596, -4597, -4598, -4599, -4600, -4601, -4621, -4658, -4659, -4660, -4661, -4662, -4663, -4664, -4665, -4666, -4667, -4668, -4669, -4670, -4671, -4672, -4673, -4674, -4675, -4676, -4677, -4678, -4679, -4680, -4681, -4682, -4683, -4684, -4685, -4686, -4687, -4688, -4689, -4690, -4691, -4692, -4700, -4701, -4702, -4711, -4725, -4726, -4727, -4728, -4729, -4730, -4732, -4737, -4738, -4739, -4740, -4741, -4742, -4743, -4744, -4745, -4746, -4747, -4749, -4750, -4751, -4752, -4753, -4754, -4755, -4784, -4785, -4789, -4790, -4791, -4800, -4801, -4802, -4803, -4804, -4827, -4837, -4838, -4839, -4840, -4841, -4842, -4843, -4844, -4845, -4846, -4847, -4848, -4849, -4850, -4851, -4867, -4868, -4869, -4870, -4871, -4876, -4877, -4878, -4881, -4882, -4884, -4885, -4894, -4899, -4900, -4914, -4936, -4937, -4940, -4941, -4942, -4949, -4950, -4951, -4952, -4969, -4970, -4980, -4986, -4987, -4988, -4989, -4990, -4991, -4999, -5000, -5001, -5002, -5003, -5004, -5005, -5006, -5007, -5008, -5009, -5010, -5011, -5012, -5013, -5014, -5020, -5021, -5022, -5023, -5024, -5025, -5026, -5027, -5029, -5030, -5031, -5042, -5043, -5044, -5046, -5047, -5049, -5050, -5051, -5052, -5053, -5055, -5056, -5057, -5058, -5059, -5060, -5061, -5062, -5064, -5065, -5066, -5067, -5069, -5070, -5071, -5072, -5073, -5074, -5078, -5079, -5080, -5081, -5082, -5083, -5084, -5085, -5092, -5093, -5094, -5099, -5100, -5101, -5102, -5104, -5105, -5111, -5112, -5116, -5120, -5133, -5136, -5137, -5145, -5150, -5151, -5152, -5154, -5155, -5164, -5165, -5166, -5167, -5168, -5190, -5191, -5192, -5193, -5200, -5201, -5202, -5203, -5223, -5224, -5225, -5226, -5227, -5234, -5235, -5236, -5237, -5245, -5246, -5247, -5248, -5249, -5250, -5251, -5252, -5264, -5265, -5270, -5271, -5272, -5282, -5298, -5299, -5300, -5301, -5302, -5303, -5304, -5305, -5306, -5307, -5308, -5309, -5310, -5312, -5313, -5314, -5315, -5343, -5344, -5349, -5350, -5351, -5352, -5353, -5354, -5355, -5356, -5357, -5358, -5359, -5360, -5361, -5362, -5363, -5364, -5397, -5398, -5399, -5400, -5401, -5402, -5403, -5404, -5405, -5406, -5407, -5408, -5409, -5410, -5411, -5412, -5413, -5414, -5415, -5416, -5417, -5418, -5419, -5420, -5421, -5422, -5423, -5424, -5425, -5426, -5427, -5428, -5429, -5430, -5431, -5432, -5433, -5434, -5435, -5436, -5437, -5443, -5450, -5453, -5454, -5455, -5456, -5461, -5462, -5463, -5464, -5465, -5474, -5500, -5501, -5502, -5503, -5504, -5505, -5506, -5553, -5554, -5555, -5556, -5567, -5568, -5569, -5573, -5580, -5581, -5582, -5583, -5584, -5585, -5597, -5598, -5599, -5600, -5601, -5602, -5603, -5604, -5605, -5627, -5628, -5629, -5630, -5631, -5632, -5633, -5634, -5670, -5671, -5672, -5673, -5674, -5675, -5676, -5677, -5678, -5679, -5680, -5681, -5682, -5683, -5684, -5687, -5688, -5689, -5713, -5714, -5715, -5716, -5717, -5718, -5719, -5720, -5721, -5722, -5723, -5724, -5728, -5729, -5730, -5741, -5742, -5743, -5744, -5745, -5746, -5747, -5748, -5750, -5755, -5757, -5766, -5767, -5768, -5769, -5770, -5771, -5777, -5781, -5782, -5783, -5784, -5785, -5786, -5787, -5793, -5794, -5813, -5814, -5859, -5863, -5900, -5910, -5911, -5912, -5913, -5963, -5968, -5969, -5984, -5985, -5986, -5987, -5988, -5989, -5990, -5991, -5992, -5999, -6000, -6064, -6065, -6066, -6069, -6070, -6071, -6072, -6073, -6074, -6080, -6081, -6082, -6083, -6085, -6086, -6087, -6088, -6100, -6101, -6102, -6103, -6104, -6105, -6106, -6107, -6108, -6109, -6110, -6111, -6112, -6118, -6122, -6123, -6124, -6133, -6140, -6141, -6142, -6143, -6144, -6145, -6146, -6147, -6148, -6149, -6160, -6161, -6162, -6163, -6200, -6201, -6209, -6222, -6241, -6242, -6243, -6244, -6251, -6252, -6253, -6268, -6269, -6300, -6301, -6306, -6315, -6316, -6317, -6320, -6321, -6322, -6324, -6343, -6346, -6347, -6350, -6355, -6360, -6363, -6370, -6382, -6389, -6390, -6417, -6419, -6420, -6421, -6443, -6444, -6445, -6446, -6455, -6456, -6464, -6471, -6480, -6481, -6482, -6483, -6484, -6485, -6486, -6487, -6488, -6489, -6500, -6501, -6502, -6503, -6505, -6506, -6507, -6508, -6509, -6510, -6511, -6514, -6515, -6543, -6544, -6547, -6548, -6549, -6550, -6551, -6558, -6566, -6568, -6579, -6580, -6581, -6582, -6583, -6619, -6620, -6621, -6622, -6623, -6626, -6627, -6628, -6629, -6633, -6634, -6635, -6636, -6653, -6657, -6670, -6671, -6672, -6673, -6678, -6679, -6689, -6696, -6701, -6702, -6703, -6714, -6715, -6767, -6768, -6769, -6770, -6771, -6784, -6785, -6786, -6787, -6788, -6790, -6791, -6801, -6831, -6841, -6842, -6850, -6868, -6888, -6935, -6936, -6946, -6951, -6961, -6962, -6963, -6964, -6965, -6966, -6969, -6997, -6998, -6999, -7000, -7001, -7002, -7003, -7004, -7005, -7006, -7007, -7008, -7009, -7010, -7011, -7012, -7013, -7014, -7015, -7016, -7019, -7020, -7021, -7022, -7023, -7024, -7025, -7030, -7040, -7070, -7071, -7080, -7088, -7095, -7099, -7100, -7101, -7107, -7121, -7128, -7129, -7161, -7162, -7163, -7164, -7165, -7166, -7169, -7170, -7171, -7174, -7181, -7200, -7201, -7227, -7235, -7244, -7262, -7272, -7273, -7274, -7275, -7276, -7277, -7278, -7279, -7280, -7281, -7282, -7365, -7391, -7392, -7393, -7394, -7395, -7397, -7400, -7401, -7402, -7410, -7411, -7421, -7426, -7427, -7428, -7429, -7430, -7431, -7437, -7443, -7473, -7491, -7500, -7501, -7510, -7511, -7542, -7543, -7544, -7545, -7546, -7547, -7548, -7549, -7550, -7560, -7566, -7570, -7574, -7588, -7606, -7624, -7627, -7628, -7629, -7633, -7648, -7674, -7675, -7676, -7677, -7680, -7689, -7697, -7707, -7708, -7720, -7724, -7725, -7726, -7727, -7728, -7734, -7738, -7741, -7743, -7744, -7747, -7777, -7778, -7779, -7781, -7784, -7786, -7787, -7789, -7794, -7797, -7798, -7799, -7800, -7801, -7802, -7810, -7845, -7846, -7872, -7880, -7887, -7900, -7901, -7902, -7903, -7913, -7932, -7933, -7962, -7967, -7979, -7980, -7982, -7998, -7999, -8000, -8001, -8002, -8003, -8005, -8006, -8008, -8019, -8020, -8021, -8022, -8025, -8026, -8032, -8033, -8034, -8040, -8052, -8053, -8054, -8055, -8056, -8057, -8058, -8059, -8060, -8074, -8080, -8081, -8082, -8083, -8086, -8087, -8088, -8097, -8100, -8115, -8116, -8118, -8121, -8122, -8128, -8129, -8130, -8131, -8132, -8148, -8149, -8160, -8161, -8182, -8184, -8192, -8194, -8195, -8199, -8200, -8201, -8202, -8204, -8205, -8206, -8207, -8208, -8230, -8231, -8232, -8243, -8276, -8280, -8282, -8292, -8294, -8300, -8301, -8320, -8321, -8322, -8351, -8376, -8377, -8378, -8379, -8380, -8383, -8384, -8400, -8401, -8402, -8403, -8416, -8417, -8442, -8443, -8444, -8445, -8450, -8472, -8473, -8474, -8500, -8501, -8503, -8554, -8555, -8567, -8600, -8609, -8610, -8611, -8612, -8613, -8614, -8675, -8686, -8732, -8733, -8763, -8764, -8765, -8766, -8770, -8786, -8787, -8793, -8800, -8804, -8808, -8873, -8880, -8883, -8888, -8889, -8890, -8891, -8892, -8893, -8894, -8899, -8900, -8901, -8910, -8911, -8912, -8913, -8954, -8980, -8981, -8989, -8990, -8991, -8999, -9000, -9001, -9002, -9006, -9007, -9009, -9020, -9021, -9022, -9023, -9024, -9025, -9026, -9060, -9080, -9084, -9085, -9086, -9087, -9088, -9089, -9090, -9091, -9092, -9100, -9101, -9102, -9103, -9104, -9105, -9106, -9119, -9131, -9160, -9161, -9162, -9163, -9164, -9191, -9200, -9201, -9202, -9203, -9204, -9205, -9206, -9207, -9208, -9209, -9210, -9211, -9212, -9213, -9214, -9215, -9216, -9217, -9222, -9255, -9277, -9278, -9279, -9280, -9281, -9282, -9283, -9284, -9285, -9286, -9287, -9292, -9293, -9294, -9295, -9300, -9318, -9321, -9343, -9344, -9346, -9374, -9380, -9396, -9397, -9400, -9401, -9402, -9418, -9443, -9444, -9450, -9500, -9522, -9535, -9536, -9555, -9592, -9593, -9594, -9595, -9596, -9597, -9598, -9599, -9600, -9612, -9618, -9628, -9629, -9632, -9667, -9668, -9694, -9695, -9700, -9747, -9750, -9753, -9762, -9800, -9801, -9802, -9875, -9878, -9888, -9889, -9898, -9899, -9900, -9901, -9903, -9909, -9911, -9950, -9951, -9952, -9953, -9955, -9956, -9966, -9987, -9990, -9991, -9992, -9993, -9994, -9995, -9996, -9997, -9998, -9999, -10000, -10001, -10002, -10003, -10007, -10008, -10009, -10023, -10050, -10051, -10080, -10081, -10100, -10101, -10102, -10103, -10104, -10107, -10110, -10111, -10113, -10114, -10115, -10116, -10117, -10128, -10160, -10161, -10162, -10200, -10201, -10252, -10253, -10260, -10288, -10439, -10500, -10540, -10541, -10542, -10543, -10544, -10800, -10805, -10810, -10860, -10880, -10990, -11000, -11001, -11095, -11106, -11108, -11111, -11112, -11161, -11162, -11163, -11164, -11165, -11171, -11201, -11208, -11211, -11319, -11320, -11321, -11367, -11371, -11430, -11600, -11720, -11723, -11751, -11796, -11876, -11877, -11967, -12000, -12001, -12002, -12003, -12004, -12005, -12006, -12007, -12008, -12009, -12012, -12013, -12109, -12121, -12168, -12172, -12300, -12321, -12322, -12345, -12753, -13160, -13216, -13217, -13218, -13223, -13224, -13400, -13720, -13721, -13722, -13724, -13782, -13783, -13785, -13786, -13818, -13819, -13820, -13821, -13822, -13894, -13929, -14000, -14001, -14002, -14033, -14034, -14141, -14142, -14145, -14149, -14154, -14250, -14414, -14936, -14937, -15000, -15118, -15345, -15363, -15555, -15660, -15740, -15998, -16003, -16161, -16309, -16310, -16311, -16360, -16361, -16367, -16368, -16384, -16666, -16900, -16950, -16991, -16992, -16993, -16994, -16995, -17007, -17185, -17219, -17220, -17221, -17222, -17224, -17225, -17234, -17235, -17500, -17729, -17754, -17755, -17756, -18000, -18181, -18182, -18183, -18184, -18185, -18186, -18187, -18241, -18262, -18463, -18634, -18635, -18668, -18769, -18881, -18888, -19000, -19007, -19191, -19194, -19220, -19283, -19315, -19398, -19410, -19411, -19412, -19539, -19540, -19541, -19788, -19999, -20000, -20001, -20002, -20003, -20005, -20012, -20014, -20034, -20046, -20048, -20049, -20167, -20202, -20222, -20480, -20670, -20999, -21000, -21554, -21590, -21800, -21845, -21846, -21847, -21848, -21849, -22000, -22001, -22002, -22003, -22004, -22005, -22273, -22305, -22335, -22343, -22347, -22350, -22555, -22763, -22800, -22951, -23000, -23001, -23002, -23003, -23004, -23005, -23272, -23294, -23333, -23400, -23401, -23402, -24000, -24001, -24002, -24003, -24004, -24005, -24006, -24242, -24249, -24321, -24322, -24386, -24465, -24554, -24577, -24676, -24677, -24678, -24680, -24850, -24922, -25000, -25001, -25002, -25003, -25004, -25005, -25006, -25007, -25008, -25009, -25793, -25900, -25901, -25902, -25903, -25954, -25955, -26000, -26133, -26208, -26260, -26261, -26262, -26263, -26486, -26487, -26489, -27345, -27442, -27504, -27782, -27999, -28000, -28119, -28200, -28240, -29167, -30001, -30002, -30003, -30004, -30260, -30832, -30999, -31016, -31029, -31416, -31457, -31620, -31765, -31948, -31949, -32034, -32249, -32483, -32635, -32636, -32767, -32768, -32769, -32770, -32771, -32772, -32773, -32774, -32775, -32776, -32777, -32801, -32896, -33123, -33331, -33334, -33434, -33656, -34249, -34378, -34379, -34567, -34962, -34963, -34964, -34980, -35001, -35004, -35100, -35355, -36001, -36411, -36865, -37475, -37654, -38002, -38201, -38202, -38203, -39681, -40000, -40023, -40841, -40842, -40843, -40853, -41111, -41230, -41794, -41795, -42508, -42509, -42510, -43000, -43188, -43189, -43190, -43210, -43439, -43440, -43441, -44321, -44322, -44544, -44553, -44600, -44818, -44900, -45000, -45054, -45514, -45678, -45825, -45966, -46999, -47000, -47100, -47557, -47624, -47806, -47808, -47809, -48000, -48001, -48002, -48003, -48128, -48129, -48556, -48619, -48653, diff --git a/external/unbound/util/locks.c b/external/unbound/util/locks.c deleted file mode 100644 index b65a02bdc..000000000 --- a/external/unbound/util/locks.c +++ /dev/null @@ -1,264 +0,0 @@ -/** - * util/locks.c - unbound locking primitives - * - * Copyright (c) 2007, NLnet Labs. All rights reserved. - * - * This software is open source. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * Redistributions of source code must retain the above copyright notice, - * this list of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, - * this list of conditions and the following disclaimer in the documentation - * and/or other materials provided with the distribution. - * - * Neither the name of the NLNET LABS nor the names of its contributors may - * be used to endorse or promote products derived from this software without - * specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR - * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT - * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED - * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR - * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF - * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING - * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -/** - * \file - * Implementation of locking and threading support. - * A place for locking debug code since most locking functions are macros. - */ - -#include "config.h" -#include "util/locks.h" -#include -#ifdef HAVE_SYS_WAIT_H -#include -#endif - -/** block all signals, masks them away. */ -void -ub_thread_blocksigs(void) -{ -#if defined(HAVE_PTHREAD) || defined(HAVE_SOLARIS_THREADS) || defined(HAVE_SIGPROCMASK) -# if defined(HAVE_PTHREAD) || defined(HAVE_SOLARIS_THREADS) - int err; -# endif - sigset_t sigset; - sigfillset(&sigset); -#ifdef HAVE_PTHREAD - if((err=pthread_sigmask(SIG_SETMASK, &sigset, NULL))) - fatal_exit("pthread_sigmask: %s", strerror(err)); -#else -# ifdef HAVE_SOLARIS_THREADS - if((err=thr_sigsetmask(SIG_SETMASK, &sigset, NULL))) - fatal_exit("thr_sigsetmask: %s", strerror(err)); -# else - /* have nothing, do single process signal mask */ - if(sigprocmask(SIG_SETMASK, &sigset, NULL)) - fatal_exit("sigprocmask: %s", strerror(errno)); -# endif /* HAVE_SOLARIS_THREADS */ -#endif /* HAVE_PTHREAD */ -#endif /* have signal stuff */ -} - -/** unblock one signal, so we can catch it */ -void ub_thread_sig_unblock(int sig) -{ -#if defined(HAVE_PTHREAD) || defined(HAVE_SOLARIS_THREADS) || defined(HAVE_SIGPROCMASK) -# if defined(HAVE_PTHREAD) || defined(HAVE_SOLARIS_THREADS) - int err; -# endif - sigset_t sigset; - sigemptyset(&sigset); - sigaddset(&sigset, sig); -#ifdef HAVE_PTHREAD - if((err=pthread_sigmask(SIG_UNBLOCK, &sigset, NULL))) - fatal_exit("pthread_sigmask: %s", strerror(err)); -#else -# ifdef HAVE_SOLARIS_THREADS - if((err=thr_sigsetmask(SIG_UNBLOCK, &sigset, NULL))) - fatal_exit("thr_sigsetmask: %s", strerror(err)); -# else - /* have nothing, do single thread case */ - if(sigprocmask(SIG_UNBLOCK, &sigset, NULL)) - fatal_exit("sigprocmask: %s", strerror(errno)); -# endif /* HAVE_SOLARIS_THREADS */ -#endif /* HAVE_PTHREAD */ -#else - (void)sig; -#endif /* have signal stuff */ -} - -#if !defined(HAVE_PTHREAD) && !defined(HAVE_SOLARIS_THREADS) && !defined(HAVE_WINDOWS_THREADS) -/** - * No threading available: fork a new process. - * This means no shared data structure, and no locking. - * Only the main thread ever returns. Exits on errors. - * @param thr: the location where to store the thread-id. - * @param func: function body of the thread. Return value of func is lost. - * @param arg: user argument to func. - */ -void -ub_thr_fork_create(ub_thread_type* thr, void* (*func)(void*), void* arg) -{ - pid_t pid = fork(); - switch(pid) { - default: /* main */ - *thr = (ub_thread_type)pid; - return; - case 0: /* child */ - *thr = (ub_thread_type)getpid(); - (void)(*func)(arg); - exit(0); - case -1: /* error */ - fatal_exit("could not fork: %s", strerror(errno)); - } -} - -/** - * There is no threading. Wait for a process to terminate. - * Note that ub_thread_type is defined as pid_t. - * @param thread: the process id to wait for. - */ -void ub_thr_fork_wait(ub_thread_type thread) -{ - int status = 0; - if(waitpid((pid_t)thread, &status, 0) == -1) - log_err("waitpid(%d): %s", (int)thread, strerror(errno)); - if(status != 0) - log_warn("process %d abnormal exit with status %d", - (int)thread, status); -} -#endif /* !defined(HAVE_PTHREAD) && !defined(HAVE_SOLARIS_THREADS) && !defined(HAVE_WINDOWS_THREADS) */ - -#ifdef HAVE_SOLARIS_THREADS -void* ub_thread_key_get(ub_thread_key_type key) -{ - void* ret=NULL; - LOCKRET(thr_getspecific(key, &ret)); - return ret; -} -#endif - -#ifdef HAVE_WINDOWS_THREADS -/** log a windows GetLastError message */ -static void log_win_err(const char* str, DWORD err) -{ - LPTSTR buf; - if(FormatMessage(FORMAT_MESSAGE_FROM_SYSTEM | - FORMAT_MESSAGE_IGNORE_INSERTS | FORMAT_MESSAGE_ALLOCATE_BUFFER, - NULL, err, 0, (LPTSTR)&buf, 0, NULL) == 0) { - /* could not format error message */ - log_err("%s, GetLastError=%d", str, (int)err); - return; - } - log_err("%s, (err=%d): %s", str, (int)err, buf); - LocalFree(buf); -} - -void lock_basic_init(lock_basic_type* lock) -{ - /* implement own lock, because windows HANDLE as Mutex usage - * uses too many handles and would bog down the whole system. */ - (void)InterlockedExchange(lock, 0); -} - -void lock_basic_destroy(lock_basic_type* lock) -{ - (void)InterlockedExchange(lock, 0); -} - -void lock_basic_lock(lock_basic_type* lock) -{ - LONG wait = 1; /* wait 1 msec at first */ - - while(InterlockedExchange(lock, 1)) { - /* if the old value was 1 then if was already locked */ - Sleep(wait); /* wait with sleep */ - wait *= 2; /* exponential backoff for waiting */ - } - /* the old value was 0, but we inserted 1, we locked it! */ -} - -void lock_basic_unlock(lock_basic_type* lock) -{ - /* unlock it by inserting the value of 0. xchg for cache coherency. */ - (void)InterlockedExchange(lock, 0); -} - -void ub_thread_key_create(ub_thread_key_type* key, void* f) -{ - *key = TlsAlloc(); - if(*key == TLS_OUT_OF_INDEXES) { - *key = 0; - log_win_err("TlsAlloc Failed(OUT_OF_INDEXES)", GetLastError()); - } - else ub_thread_key_set(*key, f); -} - -void ub_thread_key_set(ub_thread_key_type key, void* v) -{ - if(!TlsSetValue(key, v)) { - log_win_err("TlsSetValue failed", GetLastError()); - } -} - -void* ub_thread_key_get(ub_thread_key_type key) -{ - void* ret = (void*)TlsGetValue(key); - if(ret == NULL && GetLastError() != ERROR_SUCCESS) { - log_win_err("TlsGetValue failed", GetLastError()); - } - return ret; -} - -void ub_thread_create(ub_thread_type* thr, void* (*func)(void*), void* arg) -{ -#ifndef HAVE__BEGINTHREADEX - *thr = CreateThread(NULL, /* default security (no inherit handle) */ - 0, /* default stack size */ - (LPTHREAD_START_ROUTINE)func, arg, - 0, /* default flags, run immediately */ - NULL); /* do not store thread identifier anywhere */ -#else - /* the beginthreadex routine setups for the C lib; aligns stack */ - *thr=(ub_thread_type)_beginthreadex(NULL, 0, (void*)func, arg, 0, NULL); -#endif - if(*thr == NULL) { - log_win_err("CreateThread failed", GetLastError()); - fatal_exit("thread create failed"); - } -} - -ub_thread_type ub_thread_self(void) -{ - return GetCurrentThread(); -} - -void ub_thread_join(ub_thread_type thr) -{ - DWORD ret = WaitForSingleObject(thr, INFINITE); - if(ret == WAIT_FAILED) { - log_win_err("WaitForSingleObject(Thread):WAIT_FAILED", - GetLastError()); - } else if(ret == WAIT_TIMEOUT) { - log_win_err("WaitForSingleObject(Thread):WAIT_TIMEOUT", - GetLastError()); - } - /* and close the handle to the thread */ - if(!CloseHandle(thr)) { - log_win_err("CloseHandle(Thread) failed", GetLastError()); - } -} -#endif /* HAVE_WINDOWS_THREADS */ diff --git a/external/unbound/util/locks.h b/external/unbound/util/locks.h deleted file mode 100644 index d86ee4923..000000000 --- a/external/unbound/util/locks.h +++ /dev/null @@ -1,313 +0,0 @@ -/** - * util/locks.h - unbound locking primitives - * - * Copyright (c) 2007, NLnet Labs. All rights reserved. - * - * This software is open source. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * Redistributions of source code must retain the above copyright notice, - * this list of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, - * this list of conditions and the following disclaimer in the documentation - * and/or other materials provided with the distribution. - * - * Neither the name of the NLNET LABS nor the names of its contributors may - * be used to endorse or promote products derived from this software without - * specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR - * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT - * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED - * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR - * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF - * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING - * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -#ifndef UTIL_LOCKS_H -#define UTIL_LOCKS_H - -/** - * \file - * Locking primitives. - * If pthreads is available, these are used. - * If no locking exists, they do nothing. - * - * The idea is to have different sorts of locks for different tasks. - * This allows the locking code to be ported more easily. - * - * Types of locks that are supported. - * o lock_rw: lock that has many readers and one writer (to a data entry). - * o lock_basic: simple mutex. Blocking, one person has access only. - * This lock is meant for non performance sensitive uses. - * o lock_quick: speed lock. For performance sensitive locking of critical - * sections. Could be implemented by a mutex or a spinlock. - * - * Also thread creation and deletion functions are defined here. - */ - -/* if you define your own LOCKRET before including locks.h, you can get most - * locking functions without the dependency on log_err. */ -#ifndef LOCKRET -#include "util/log.h" -/** - * The following macro is used to check the return value of the - * pthread calls. They return 0 on success and an errno on error. - * The errno is logged to the logfile with a descriptive comment. - */ -#define LOCKRET(func) do {\ - int lockret_err; \ - if( (lockret_err=(func)) != 0) \ - log_err("%s at %d could not " #func ": %s", \ - __FILE__, __LINE__, strerror(lockret_err)); \ - } while(0) -#endif - -/** DEBUG: use thread debug whenever possible */ -#if defined(HAVE_PTHREAD) && defined(HAVE_PTHREAD_SPINLOCK_T) && defined(ENABLE_LOCK_CHECKS) -# define USE_THREAD_DEBUG -#endif - -#ifdef USE_THREAD_DEBUG -/******************* THREAD DEBUG ************************/ -/* (some) checking; to detect races and deadlocks. */ -#include "testcode/checklocks.h" - -#else /* USE_THREAD_DEBUG */ -#define lock_protect(lock, area, size) /* nop */ -#define lock_unprotect(lock, area) /* nop */ -#define lock_get_mem(lock) (0) /* nothing */ -#define checklock_start() /* nop */ -#define checklock_stop() /* nop */ - -#ifdef HAVE_PTHREAD -#include - -/******************* PTHREAD ************************/ - -/** use pthread mutex for basic lock */ -typedef pthread_mutex_t lock_basic_type; -/** small front for pthread init func, NULL is default attrs. */ -#define lock_basic_init(lock) LOCKRET(pthread_mutex_init(lock, NULL)) -#define lock_basic_destroy(lock) LOCKRET(pthread_mutex_destroy(lock)) -#define lock_basic_lock(lock) LOCKRET(pthread_mutex_lock(lock)) -#define lock_basic_unlock(lock) LOCKRET(pthread_mutex_unlock(lock)) - -#ifndef HAVE_PTHREAD_RWLOCK_T -/** in case rwlocks are not supported, use a mutex. */ -typedef pthread_mutex_t lock_rw_type; -#define lock_rw_init(lock) LOCKRET(pthread_mutex_init(lock, NULL)) -#define lock_rw_destroy(lock) LOCKRET(pthread_mutex_destroy(lock)) -#define lock_rw_rdlock(lock) LOCKRET(pthread_mutex_lock(lock)) -#define lock_rw_wrlock(lock) LOCKRET(pthread_mutex_lock(lock)) -#define lock_rw_unlock(lock) LOCKRET(pthread_mutex_unlock(lock)) -#else /* HAVE_PTHREAD_RWLOCK_T */ -/** we use the pthread rwlock */ -typedef pthread_rwlock_t lock_rw_type; -/** small front for pthread init func, NULL is default attrs. */ -#define lock_rw_init(lock) LOCKRET(pthread_rwlock_init(lock, NULL)) -#define lock_rw_destroy(lock) LOCKRET(pthread_rwlock_destroy(lock)) -#define lock_rw_rdlock(lock) LOCKRET(pthread_rwlock_rdlock(lock)) -#define lock_rw_wrlock(lock) LOCKRET(pthread_rwlock_wrlock(lock)) -#define lock_rw_unlock(lock) LOCKRET(pthread_rwlock_unlock(lock)) -#endif /* HAVE_PTHREAD_RWLOCK_T */ - -#ifndef HAVE_PTHREAD_SPINLOCK_T -/** in case spinlocks are not supported, use a mutex. */ -typedef pthread_mutex_t lock_quick_type; -/** small front for pthread init func, NULL is default attrs. */ -#define lock_quick_init(lock) LOCKRET(pthread_mutex_init(lock, NULL)) -#define lock_quick_destroy(lock) LOCKRET(pthread_mutex_destroy(lock)) -#define lock_quick_lock(lock) LOCKRET(pthread_mutex_lock(lock)) -#define lock_quick_unlock(lock) LOCKRET(pthread_mutex_unlock(lock)) - -#else /* HAVE_PTHREAD_SPINLOCK_T */ -/** use pthread spinlock for the quick lock */ -typedef pthread_spinlock_t lock_quick_type; -/** - * allocate process private since this is available whether - * Thread Process-Shared Synchronization is supported or not. - * This means only threads inside this process may access the lock. - * (not threads from another process that shares memory). - * spinlocks are not supported on all pthread platforms. - */ -#define lock_quick_init(lock) LOCKRET(pthread_spin_init(lock, PTHREAD_PROCESS_PRIVATE)) -#define lock_quick_destroy(lock) LOCKRET(pthread_spin_destroy(lock)) -#define lock_quick_lock(lock) LOCKRET(pthread_spin_lock(lock)) -#define lock_quick_unlock(lock) LOCKRET(pthread_spin_unlock(lock)) - -#endif /* HAVE SPINLOCK */ - -/** Thread creation */ -typedef pthread_t ub_thread_type; -/** On alpine linux default thread stack size is 80 Kb. See -http://wiki.musl-libc.org/wiki/Functional_differences_from_glibc#Thread_stack_size -This is not enough and cause segfault. Other linux distros have 2 Mb at least. -Wrapper for set up thread stack size */ -#define PTHREADSTACKSIZE 2*1024*1024 -#define PTHREADCREATE(thr, stackrequired, func, arg) do {\ - pthread_attr_t attr; \ - size_t stacksize; \ - LOCKRET(pthread_attr_init(&attr)); \ - LOCKRET(pthread_attr_getstacksize(&attr, &stacksize)); \ - if (stacksize < stackrequired) { \ - LOCKRET(pthread_attr_setstacksize(&attr, stackrequired)); \ - LOCKRET(pthread_create(thr, &attr, func, arg)); \ - LOCKRET(pthread_attr_getstacksize(&attr, &stacksize)); \ - verbose(VERB_ALGO, "Thread stack size set to %u", (unsigned)stacksize); \ - } else {LOCKRET(pthread_create(thr, NULL, func, arg));} \ - } while(0) -/** Use wrapper for set thread stack size on attributes. */ -#define ub_thread_create(thr, func, arg) PTHREADCREATE(thr, PTHREADSTACKSIZE, func, arg) -/** get self id. */ -#define ub_thread_self() pthread_self() -/** wait for another thread to terminate */ -#define ub_thread_join(thread) LOCKRET(pthread_join(thread, NULL)) -typedef pthread_key_t ub_thread_key_type; -#define ub_thread_key_create(key, f) LOCKRET(pthread_key_create(key, f)) -#define ub_thread_key_set(key, v) LOCKRET(pthread_setspecific(key, v)) -#define ub_thread_key_get(key) pthread_getspecific(key) - -#else /* we do not HAVE_PTHREAD */ -#ifdef HAVE_SOLARIS_THREADS - -/******************* SOLARIS THREADS ************************/ -#include -#include - -typedef rwlock_t lock_rw_type; -#define lock_rw_init(lock) LOCKRET(rwlock_init(lock, USYNC_THREAD, NULL)) -#define lock_rw_destroy(lock) LOCKRET(rwlock_destroy(lock)) -#define lock_rw_rdlock(lock) LOCKRET(rw_rdlock(lock)) -#define lock_rw_wrlock(lock) LOCKRET(rw_wrlock(lock)) -#define lock_rw_unlock(lock) LOCKRET(rw_unlock(lock)) - -/** use basic mutex */ -typedef mutex_t lock_basic_type; -#define lock_basic_init(lock) LOCKRET(mutex_init(lock, USYNC_THREAD, NULL)) -#define lock_basic_destroy(lock) LOCKRET(mutex_destroy(lock)) -#define lock_basic_lock(lock) LOCKRET(mutex_lock(lock)) -#define lock_basic_unlock(lock) LOCKRET(mutex_unlock(lock)) - -/** No spinlocks in solaris threads API. Use a mutex. */ -typedef mutex_t lock_quick_type; -#define lock_quick_init(lock) LOCKRET(mutex_init(lock, USYNC_THREAD, NULL)) -#define lock_quick_destroy(lock) LOCKRET(mutex_destroy(lock)) -#define lock_quick_lock(lock) LOCKRET(mutex_lock(lock)) -#define lock_quick_unlock(lock) LOCKRET(mutex_unlock(lock)) - -/** Thread creation, create a default thread. */ -typedef thread_t ub_thread_type; -#define ub_thread_create(thr, func, arg) LOCKRET(thr_create(NULL, NULL, func, arg, NULL, thr)) -#define ub_thread_self() thr_self() -#define ub_thread_join(thread) LOCKRET(thr_join(thread, NULL, NULL)) -typedef thread_key_t ub_thread_key_type; -#define ub_thread_key_create(key, f) LOCKRET(thr_keycreate(key, f)) -#define ub_thread_key_set(key, v) LOCKRET(thr_setspecific(key, v)) -void* ub_thread_key_get(ub_thread_key_type key); - - -#else /* we do not HAVE_SOLARIS_THREADS and no PTHREADS */ -/******************* WINDOWS THREADS ************************/ -#ifdef HAVE_WINDOWS_THREADS -#include - -/* Use a mutex */ -typedef LONG lock_rw_type; -#define lock_rw_init(lock) lock_basic_init(lock) -#define lock_rw_destroy(lock) lock_basic_destroy(lock) -#define lock_rw_rdlock(lock) lock_basic_lock(lock) -#define lock_rw_wrlock(lock) lock_basic_lock(lock) -#define lock_rw_unlock(lock) lock_basic_unlock(lock) - -/** the basic lock is a mutex, implemented opaquely, for error handling. */ -typedef LONG lock_basic_type; -void lock_basic_init(lock_basic_type* lock); -void lock_basic_destroy(lock_basic_type* lock); -void lock_basic_lock(lock_basic_type* lock); -void lock_basic_unlock(lock_basic_type* lock); - -/** on windows no spinlock, use mutex too. */ -typedef LONG lock_quick_type; -#define lock_quick_init(lock) lock_basic_init(lock) -#define lock_quick_destroy(lock) lock_basic_destroy(lock) -#define lock_quick_lock(lock) lock_basic_lock(lock) -#define lock_quick_unlock(lock) lock_basic_unlock(lock) - -/** Thread creation, create a default thread. */ -typedef HANDLE ub_thread_type; -void ub_thread_create(ub_thread_type* thr, void* (*func)(void*), void* arg); -ub_thread_type ub_thread_self(void); -void ub_thread_join(ub_thread_type thr); -typedef DWORD ub_thread_key_type; -void ub_thread_key_create(ub_thread_key_type* key, void* f); -void ub_thread_key_set(ub_thread_key_type key, void* v); -void* ub_thread_key_get(ub_thread_key_type key); - -#else /* we do not HAVE_SOLARIS_THREADS, PTHREADS or WINDOWS_THREADS */ - -/******************* NO THREADS ************************/ -#define THREADS_DISABLED 1 -/** In case there is no thread support, define locks to do nothing */ -typedef int lock_rw_type; -#define lock_rw_init(lock) /* nop */ -#define lock_rw_destroy(lock) /* nop */ -#define lock_rw_rdlock(lock) /* nop */ -#define lock_rw_wrlock(lock) /* nop */ -#define lock_rw_unlock(lock) /* nop */ - -/** define locks to do nothing */ -typedef int lock_basic_type; -#define lock_basic_init(lock) /* nop */ -#define lock_basic_destroy(lock) /* nop */ -#define lock_basic_lock(lock) /* nop */ -#define lock_basic_unlock(lock) /* nop */ - -/** define locks to do nothing */ -typedef int lock_quick_type; -#define lock_quick_init(lock) /* nop */ -#define lock_quick_destroy(lock) /* nop */ -#define lock_quick_lock(lock) /* nop */ -#define lock_quick_unlock(lock) /* nop */ - -/** Thread creation, threads do not exist */ -typedef pid_t ub_thread_type; -/** ub_thread_create is simulated with fork (extremely heavy threads, - * with no shared memory). */ -#define ub_thread_create(thr, func, arg) \ - ub_thr_fork_create(thr, func, arg) -#define ub_thread_self() getpid() -#define ub_thread_join(thread) ub_thr_fork_wait(thread) -void ub_thr_fork_wait(ub_thread_type thread); -void ub_thr_fork_create(ub_thread_type* thr, void* (*func)(void*), void* arg); -typedef void* ub_thread_key_type; -#define ub_thread_key_create(key, f) (*(key)) = NULL -#define ub_thread_key_set(key, v) (key) = (v) -#define ub_thread_key_get(key) (key) - -#endif /* HAVE_WINDOWS_THREADS */ -#endif /* HAVE_SOLARIS_THREADS */ -#endif /* HAVE_PTHREAD */ -#endif /* USE_THREAD_DEBUG */ - -/** - * Block all signals for this thread. - * fatal exit on error. - */ -void ub_thread_blocksigs(void); - -/** - * unblock one signal for this thread. - */ -void ub_thread_sig_unblock(int sig); - -#endif /* UTIL_LOCKS_H */ diff --git a/external/unbound/util/log.c b/external/unbound/util/log.c deleted file mode 100644 index 439541a7c..000000000 --- a/external/unbound/util/log.c +++ /dev/null @@ -1,493 +0,0 @@ -/* - * util/log.c - implementation of the log code - * - * Copyright (c) 2007, NLnet Labs. All rights reserved. - * - * This software is open source. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * Redistributions of source code must retain the above copyright notice, - * this list of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, - * this list of conditions and the following disclaimer in the documentation - * and/or other materials provided with the distribution. - * - * Neither the name of the NLNET LABS nor the names of its contributors may - * be used to endorse or promote products derived from this software without - * specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR - * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT - * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED - * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR - * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF - * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING - * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/** - * \file - * Implementation of log.h. - */ - -#include "config.h" -#include "util/log.h" -#include "util/locks.h" -#include "sldns/sbuffer.h" -#include -#ifdef HAVE_TIME_H -#include -#endif -#ifdef HAVE_SYSLOG_H -# include -#else -/**define LOG_ constants */ -# define LOG_CRIT 2 -# define LOG_ERR 3 -# define LOG_WARNING 4 -# define LOG_NOTICE 5 -# define LOG_INFO 6 -# define LOG_DEBUG 7 -#endif -#ifdef UB_ON_WINDOWS -# include "winrc/win_svc.h" -#endif - -/* default verbosity */ -enum verbosity_value verbosity = 0; -/** the file logged to. */ -static FILE* logfile = 0; -/** if key has been created */ -static int key_created = 0; -/** pthread key for thread ids in logfile */ -static ub_thread_key_type logkey; -#ifndef THREADS_DISABLED -/** pthread mutex to protect FILE* */ -static lock_quick_type log_lock; -#endif -/** the identity of this executable/process */ -static const char* ident="unbound"; -#if defined(HAVE_SYSLOG_H) || defined(UB_ON_WINDOWS) -/** are we using syslog(3) to log to */ -static int logging_to_syslog = 0; -#endif /* HAVE_SYSLOG_H */ -/** time to print in log, if NULL, use time(2) */ -static time_t* log_now = NULL; -/** print time in UTC or in secondsfrom1970 */ -static int log_time_asc = 0; - -void -log_init(const char* filename, int use_syslog, const char* chrootdir) -{ - FILE *f; - if(!key_created) { - key_created = 1; - ub_thread_key_create(&logkey, NULL); - lock_quick_init(&log_lock); - } - lock_quick_lock(&log_lock); - if(logfile -#if defined(HAVE_SYSLOG_H) || defined(UB_ON_WINDOWS) - || logging_to_syslog -#endif - ) { - lock_quick_unlock(&log_lock); /* verbose() needs the lock */ - verbose(VERB_QUERY, "switching log to %s", - use_syslog?"syslog":(filename&&filename[0]?filename:"stderr")); - lock_quick_lock(&log_lock); - } - if(logfile && logfile != stderr) - fclose(logfile); -#ifdef HAVE_SYSLOG_H - if(logging_to_syslog) { - closelog(); - logging_to_syslog = 0; - } - if(use_syslog) { - /* do not delay opening until first write, because we may - * chroot and no longer be able to access dev/log and so on */ - openlog(ident, LOG_NDELAY, LOG_DAEMON); - logging_to_syslog = 1; - lock_quick_unlock(&log_lock); - return; - } -#elif defined(UB_ON_WINDOWS) - if(logging_to_syslog) { - logging_to_syslog = 0; - } - if(use_syslog) { - logging_to_syslog = 1; - lock_quick_unlock(&log_lock); - return; - } -#endif /* HAVE_SYSLOG_H */ - if(!filename || !filename[0]) { - logfile = stderr; - lock_quick_unlock(&log_lock); - return; - } - /* open the file for logging */ - if(chrootdir && chrootdir[0] && strncmp(filename, chrootdir, - strlen(chrootdir)) == 0) - filename += strlen(chrootdir); - f = fopen(filename, "a"); - if(!f) { - lock_quick_unlock(&log_lock); - log_err("Could not open logfile %s: %s", filename, - strerror(errno)); - return; - } -#ifndef UB_ON_WINDOWS - /* line buffering does not work on windows */ - setvbuf(f, NULL, (int)_IOLBF, 0); -#endif - logfile = f; - lock_quick_unlock(&log_lock); -} - -void log_file(FILE *f) -{ - lock_quick_lock(&log_lock); - logfile = f; - lock_quick_unlock(&log_lock); -} - -void log_thread_set(int* num) -{ - ub_thread_key_set(logkey, num); -} - -int log_thread_get(void) -{ - unsigned int* tid; - if(!key_created) return 0; - tid = (unsigned int*)ub_thread_key_get(logkey); - return (int)(tid?*tid:0); -} - -void log_ident_set(const char* id) -{ - ident = id; -} - -void log_set_time(time_t* t) -{ - log_now = t; -} - -void log_set_time_asc(int use_asc) -{ - log_time_asc = use_asc; -} - -void -log_vmsg(int pri, const char* type, - const char *format, va_list args) -{ - char message[MAXSYSLOGMSGLEN]; - unsigned int* tid = (unsigned int*)ub_thread_key_get(logkey); - time_t now; -#if defined(HAVE_STRFTIME) && defined(HAVE_LOCALTIME_R) - char tmbuf[32]; - struct tm tm; -#elif defined(UB_ON_WINDOWS) - char tmbuf[128], dtbuf[128]; -#endif - (void)pri; - vsnprintf(message, sizeof(message), format, args); -#ifdef HAVE_SYSLOG_H - if(logging_to_syslog) { - syslog(pri, "[%d:%x] %s: %s", - (int)getpid(), tid?*tid:0, type, message); - return; - } -#elif defined(UB_ON_WINDOWS) - if(logging_to_syslog) { - char m[32768]; - HANDLE* s; - LPCTSTR str = m; - DWORD tp = MSG_GENERIC_ERR; - WORD wt = EVENTLOG_ERROR_TYPE; - if(strcmp(type, "info") == 0) { - tp=MSG_GENERIC_INFO; - wt=EVENTLOG_INFORMATION_TYPE; - } else if(strcmp(type, "warning") == 0) { - tp=MSG_GENERIC_WARN; - wt=EVENTLOG_WARNING_TYPE; - } else if(strcmp(type, "notice") == 0 - || strcmp(type, "debug") == 0) { - tp=MSG_GENERIC_SUCCESS; - wt=EVENTLOG_SUCCESS; - } - snprintf(m, sizeof(m), "[%s:%x] %s: %s", - ident, tid?*tid:0, type, message); - s = RegisterEventSource(NULL, SERVICE_NAME); - if(!s) return; - ReportEvent(s, wt, 0, tp, NULL, 1, 0, &str, NULL); - DeregisterEventSource(s); - return; - } -#endif /* HAVE_SYSLOG_H */ - lock_quick_lock(&log_lock); - if(!logfile) { - lock_quick_unlock(&log_lock); - return; - } - if(log_now) - now = (time_t)*log_now; - else now = (time_t)time(NULL); -#if defined(HAVE_STRFTIME) && defined(HAVE_LOCALTIME_R) - if(log_time_asc && strftime(tmbuf, sizeof(tmbuf), "%b %d %H:%M:%S", - localtime_r(&now, &tm))%(sizeof(tmbuf)) != 0) { - /* %sizeof buf!=0 because old strftime returned max on error */ - fprintf(logfile, "%s %s[%d:%x] %s: %s\n", tmbuf, - ident, (int)getpid(), tid?*tid:0, type, message); - } else -#elif defined(UB_ON_WINDOWS) - if(log_time_asc && GetTimeFormat(LOCALE_USER_DEFAULT, 0, NULL, NULL, - tmbuf, sizeof(tmbuf)) && GetDateFormat(LOCALE_USER_DEFAULT, 0, - NULL, NULL, dtbuf, sizeof(dtbuf))) { - fprintf(logfile, "%s %s %s[%d:%x] %s: %s\n", dtbuf, tmbuf, - ident, (int)getpid(), tid?*tid:0, type, message); - } else -#endif - fprintf(logfile, "[" ARG_LL "d] %s[%d:%x] %s: %s\n", (long long)now, - ident, (int)getpid(), tid?*tid:0, type, message); -#ifdef UB_ON_WINDOWS - /* line buffering does not work on windows */ - fflush(logfile); -#endif - lock_quick_unlock(&log_lock); -} - -/** - * implementation of log_info - * @param format: format string printf-style. - */ -void -log_info(const char *format, ...) -{ - va_list args; - va_start(args, format); - log_vmsg(LOG_INFO, "info", format, args); - va_end(args); -} - -/** - * implementation of log_err - * @param format: format string printf-style. - */ -void -log_err(const char *format, ...) -{ - va_list args; - va_start(args, format); - log_vmsg(LOG_ERR, "error", format, args); - va_end(args); -} - -/** - * implementation of log_warn - * @param format: format string printf-style. - */ -void -log_warn(const char *format, ...) -{ - va_list args; - va_start(args, format); - log_vmsg(LOG_WARNING, "warning", format, args); - va_end(args); -} - -/** - * implementation of fatal_exit - * @param format: format string printf-style. - */ -void -fatal_exit(const char *format, ...) -{ - va_list args; - va_start(args, format); - log_vmsg(LOG_CRIT, "fatal error", format, args); - va_end(args); - exit(1); -} - -/** - * implementation of verbose - * @param level: verbose level for the message. - * @param format: format string printf-style. - */ -void -verbose(enum verbosity_value level, const char* format, ...) -{ - va_list args; - va_start(args, format); - if(verbosity >= level) { - if(level == VERB_OPS) - log_vmsg(LOG_NOTICE, "notice", format, args); - else if(level == VERB_DETAIL) - log_vmsg(LOG_INFO, "info", format, args); - else log_vmsg(LOG_DEBUG, "debug", format, args); - } - va_end(args); -} - -/** log hex data */ -static void -log_hex_f(enum verbosity_value v, const char* msg, void* data, size_t length) -{ - size_t i, j; - uint8_t* data8 = (uint8_t*)data; - const char* hexchar = "0123456789ABCDEF"; - char buf[1024+1]; /* alloc blocksize hex chars + \0 */ - const size_t blocksize = 512; - size_t len; - - if(length == 0) { - verbose(v, "%s[%u]", msg, (unsigned)length); - return; - } - - for(i=0; i> 4 ]; - buf[j*2 + 1] = hexchar[ data8[i+j] & 0xF ]; - } - buf[len*2] = 0; - verbose(v, "%s[%u:%u] %.*s", msg, (unsigned)length, - (unsigned)i, (int)len*2, buf); - } -} - -void -log_hex(const char* msg, void* data, size_t length) -{ - log_hex_f(verbosity, msg, data, length); -} - -void log_buf(enum verbosity_value level, const char* msg, sldns_buffer* buf) -{ - if(verbosity < level) - return; - log_hex_f(level, msg, sldns_buffer_begin(buf), sldns_buffer_limit(buf)); -} - -#ifdef USE_WINSOCK -char* wsa_strerror(DWORD err) -{ - static char unknown[32]; - - switch(err) { - case WSA_INVALID_HANDLE: return "Specified event object handle is invalid."; - case WSA_NOT_ENOUGH_MEMORY: return "Insufficient memory available."; - case WSA_INVALID_PARAMETER: return "One or more parameters are invalid."; - case WSA_OPERATION_ABORTED: return "Overlapped operation aborted."; - case WSA_IO_INCOMPLETE: return "Overlapped I/O event object not in signaled state."; - case WSA_IO_PENDING: return "Overlapped operations will complete later."; - case WSAEINTR: return "Interrupted function call."; - case WSAEBADF: return "File handle is not valid."; - case WSAEACCES: return "Permission denied."; - case WSAEFAULT: return "Bad address."; - case WSAEINVAL: return "Invalid argument."; - case WSAEMFILE: return "Too many open files."; - case WSAEWOULDBLOCK: return "Resource temporarily unavailable."; - case WSAEINPROGRESS: return "Operation now in progress."; - case WSAEALREADY: return "Operation already in progress."; - case WSAENOTSOCK: return "Socket operation on nonsocket."; - case WSAEDESTADDRREQ: return "Destination address required."; - case WSAEMSGSIZE: return "Message too long."; - case WSAEPROTOTYPE: return "Protocol wrong type for socket."; - case WSAENOPROTOOPT: return "Bad protocol option."; - case WSAEPROTONOSUPPORT: return "Protocol not supported."; - case WSAESOCKTNOSUPPORT: return "Socket type not supported."; - case WSAEOPNOTSUPP: return "Operation not supported."; - case WSAEPFNOSUPPORT: return "Protocol family not supported."; - case WSAEAFNOSUPPORT: return "Address family not supported by protocol family."; - case WSAEADDRINUSE: return "Address already in use."; - case WSAEADDRNOTAVAIL: return "Cannot assign requested address."; - case WSAENETDOWN: return "Network is down."; - case WSAENETUNREACH: return "Network is unreachable."; - case WSAENETRESET: return "Network dropped connection on reset."; - case WSAECONNABORTED: return "Software caused connection abort."; - case WSAECONNRESET: return "Connection reset by peer."; - case WSAENOBUFS: return "No buffer space available."; - case WSAEISCONN: return "Socket is already connected."; - case WSAENOTCONN: return "Socket is not connected."; - case WSAESHUTDOWN: return "Cannot send after socket shutdown."; - case WSAETOOMANYREFS: return "Too many references."; - case WSAETIMEDOUT: return "Connection timed out."; - case WSAECONNREFUSED: return "Connection refused."; - case WSAELOOP: return "Cannot translate name."; - case WSAENAMETOOLONG: return "Name too long."; - case WSAEHOSTDOWN: return "Host is down."; - case WSAEHOSTUNREACH: return "No route to host."; - case WSAENOTEMPTY: return "Directory not empty."; - case WSAEPROCLIM: return "Too many processes."; - case WSAEUSERS: return "User quota exceeded."; - case WSAEDQUOT: return "Disk quota exceeded."; - case WSAESTALE: return "Stale file handle reference."; - case WSAEREMOTE: return "Item is remote."; - case WSASYSNOTREADY: return "Network subsystem is unavailable."; - case WSAVERNOTSUPPORTED: return "Winsock.dll version out of range."; - case WSANOTINITIALISED: return "Successful WSAStartup not yet performed."; - case WSAEDISCON: return "Graceful shutdown in progress."; - case WSAENOMORE: return "No more results."; - case WSAECANCELLED: return "Call has been canceled."; - case WSAEINVALIDPROCTABLE: return "Procedure call table is invalid."; - case WSAEINVALIDPROVIDER: return "Service provider is invalid."; - case WSAEPROVIDERFAILEDINIT: return "Service provider failed to initialize."; - case WSASYSCALLFAILURE: return "System call failure."; - case WSASERVICE_NOT_FOUND: return "Service not found."; - case WSATYPE_NOT_FOUND: return "Class type not found."; - case WSA_E_NO_MORE: return "No more results."; - case WSA_E_CANCELLED: return "Call was canceled."; - case WSAEREFUSED: return "Database query was refused."; - case WSAHOST_NOT_FOUND: return "Host not found."; - case WSATRY_AGAIN: return "Nonauthoritative host not found."; - case WSANO_RECOVERY: return "This is a nonrecoverable error."; - case WSANO_DATA: return "Valid name, no data record of requested type."; - case WSA_QOS_RECEIVERS: return "QOS receivers."; - case WSA_QOS_SENDERS: return "QOS senders."; - case WSA_QOS_NO_SENDERS: return "No QOS senders."; - case WSA_QOS_NO_RECEIVERS: return "QOS no receivers."; - case WSA_QOS_REQUEST_CONFIRMED: return "QOS request confirmed."; - case WSA_QOS_ADMISSION_FAILURE: return "QOS admission error."; - case WSA_QOS_POLICY_FAILURE: return "QOS policy failure."; - case WSA_QOS_BAD_STYLE: return "QOS bad style."; - case WSA_QOS_BAD_OBJECT: return "QOS bad object."; - case WSA_QOS_TRAFFIC_CTRL_ERROR: return "QOS traffic control error."; - case WSA_QOS_GENERIC_ERROR: return "QOS generic error."; - case WSA_QOS_ESERVICETYPE: return "QOS service type error."; - case WSA_QOS_EFLOWSPEC: return "QOS flowspec error."; - case WSA_QOS_EPROVSPECBUF: return "Invalid QOS provider buffer."; - case WSA_QOS_EFILTERSTYLE: return "Invalid QOS filter style."; - case WSA_QOS_EFILTERTYPE: return "Invalid QOS filter type."; - case WSA_QOS_EFILTERCOUNT: return "Incorrect QOS filter count."; - case WSA_QOS_EOBJLENGTH: return "Invalid QOS object length."; - case WSA_QOS_EFLOWCOUNT: return "Incorrect QOS flow count."; - /*case WSA_QOS_EUNKOWNPSOBJ: return "Unrecognized QOS object.";*/ - case WSA_QOS_EPOLICYOBJ: return "Invalid QOS policy object."; - case WSA_QOS_EFLOWDESC: return "Invalid QOS flow descriptor."; - case WSA_QOS_EPSFLOWSPEC: return "Invalid QOS provider-specific flowspec."; - case WSA_QOS_EPSFILTERSPEC: return "Invalid QOS provider-specific filterspec."; - case WSA_QOS_ESDMODEOBJ: return "Invalid QOS shape discard mode object."; - case WSA_QOS_ESHAPERATEOBJ: return "Invalid QOS shaping rate object."; - case WSA_QOS_RESERVED_PETYPE: return "Reserved policy QOS element type."; - default: - snprintf(unknown, sizeof(unknown), - "unknown WSA error code %d", (int)err); - return unknown; - } -} -#endif /* USE_WINSOCK */ diff --git a/external/unbound/util/log.h b/external/unbound/util/log.h deleted file mode 100644 index 8e85ee620..000000000 --- a/external/unbound/util/log.h +++ /dev/null @@ -1,207 +0,0 @@ -/* - * util/log.h - logging service - * - * Copyright (c) 2007, NLnet Labs. All rights reserved. - * - * This software is open source. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * Redistributions of source code must retain the above copyright notice, - * this list of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, - * this list of conditions and the following disclaimer in the documentation - * and/or other materials provided with the distribution. - * - * Neither the name of the NLNET LABS nor the names of its contributors may - * be used to endorse or promote products derived from this software without - * specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR - * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT - * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED - * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR - * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF - * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING - * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -/** - * \file - * - * This file contains logging functions. - */ - -#ifndef UTIL_LOG_H -#define UTIL_LOG_H -struct sldns_buffer; - -/** - * verbosity value: - */ -enum verbosity_value { - /** 0 - no verbose messages */ - NO_VERBOSE = 0, - /** 1 - operational information */ - VERB_OPS, - /** 2 - detailed information */ - VERB_DETAIL, - /** 3 - query level information */ - VERB_QUERY, - /** 4 - algorithm level information */ - VERB_ALGO, - /** 5 - querier client information */ - VERB_CLIENT -}; - -/** The global verbosity setting */ -extern enum verbosity_value verbosity; - -/** - * log a verbose message, pass the level for this message. - * It has printf formatted arguments. No trailing newline is needed. - * @param level: verbosity level for this message, compared to global - * verbosity setting. - * @param format: printf-style format string. Arguments follow. - */ -void verbose(enum verbosity_value level, - const char* format, ...) ATTR_FORMAT(printf, 2, 3); - -/** - * call this to initialize logging services. - * @param filename: if NULL stderr is used. - * @param use_syslog: set to true to ignore filename and use syslog(3). - * @param chrootdir: to which directory we have been chrooted, if any. - */ -void log_init(const char* filename, int use_syslog, const char* chrootdir); - -/** - * Set logging to go to the specified file *. - * This setting does not affect the use_syslog setting. - * @param f: to that file, or pass NULL to disable logging. - */ -void log_file(FILE *f); - -/** - * Init a thread (will print this number for the thread log entries). - * Must be called from the thread itself. If not called 0 is printed. - * @param num: number to print for this thread. Owned by caller, must - * continue to exist. - */ -void log_thread_set(int* num); - -/** - * Get the thread id from logging system. Set after log_init is - * initialised, or log_thread_set for newly created threads. - * This initialisation happens in unbound as a daemon, in daemon - * startup code, when that spawns threads. - * @return thread number, from 0 and up. Before initialised, returns 0. - */ -int log_thread_get(void); - -/** - * Set identity to print, default is 'unbound'. - * @param id: string to print. Name of executable. - */ -void log_ident_set(const char* id); - -/** - * Set the time value to print in log entries. - * @param t: the point is copied and used to find the time. - * if NULL, time(2) is used. - */ -void log_set_time(time_t* t); - -/** - * Set if the time value is printed ascii or decimal in log entries. - * @param use_asc: if true, ascii is printed, otherwise decimal. - * If the conversion fails or you have no time functions, - * decimal is printed. - */ -void log_set_time_asc(int use_asc); - -/** - * Log informational message. - * Pass printf formatted arguments. No trailing newline is needed. - * @param format: printf-style format string. Arguments follow. - */ -void log_info(const char* format, ...) ATTR_FORMAT(printf, 1, 2); - -/** - * Log error message. - * Pass printf formatted arguments. No trailing newline is needed. - * @param format: printf-style format string. Arguments follow. - */ -void log_err(const char* format, ...) ATTR_FORMAT(printf, 1, 2); - -/** - * Log warning message. - * Pass printf formatted arguments. No trailing newline is needed. - * @param format: printf-style format string. Arguments follow. - */ -void log_warn(const char* format, ...) ATTR_FORMAT(printf, 1, 2); - -/** - * Log a hex-string to the log. Can be any length. - * performs mallocs to do so, slow. But debug useful. - * @param msg: string desc to accompany the hexdump. - * @param data: data to dump in hex format. - * @param length: length of data. - */ -void log_hex(const char* msg, void* data, size_t length); - -/** - * Easy alternative for log_hex, takes a sldns_buffer. - * @param level: verbosity level for this message, compared to global - * verbosity setting. - * @param msg: string desc to print - * @param buf: the buffer. - */ -void log_buf(enum verbosity_value level, const char* msg, struct sldns_buffer* buf); - -/** - * Log fatal error message, and exit the current process. - * Pass printf formatted arguments. No trailing newline is needed. - * @param format: printf-style format string. Arguments follow. - */ -void fatal_exit(const char* format, ...) ATTR_FORMAT(printf, 1, 2); - -/** - * va_list argument version of log_info. - * @param pri: priority type, for example 5 (INFO). - * @param type: string to designate type of message (info, error). - * @param format: the printf style format to print. no newline. - * @param args: arguments for format string. - */ -void log_vmsg(int pri, const char* type, const char* format, va_list args); - -/** - * an assertion that is thrown to the logfile. - */ -#ifdef UNBOUND_DEBUG -# define log_assert(x) \ - do { if(!(x)) \ - fatal_exit("%s:%d: %s: assertion %s failed", \ - __FILE__, __LINE__, __func__, #x); \ - } while(0); -#else -# define log_assert(x) /*nothing*/ -#endif - -#ifdef USE_WINSOCK -/** - * Convert WSA error into string. - * @param err: from WSAGetLastError() - * @return: string. - */ -char* wsa_strerror(DWORD err); -#endif /* USE_WINSOCK */ - -#endif /* UTIL_LOG_H */ diff --git a/external/unbound/util/mini_event.c b/external/unbound/util/mini_event.c deleted file mode 100644 index 14e9efe47..000000000 --- a/external/unbound/util/mini_event.c +++ /dev/null @@ -1,391 +0,0 @@ -/* - * mini_event.c - implementation of part of libevent api, portably. - * - * Copyright (c) 2007, NLnet Labs. All rights reserved. - * - * This software is open source. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * Redistributions of source code must retain the above copyright notice, - * this list of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, - * this list of conditions and the following disclaimer in the documentation - * and/or other materials provided with the distribution. - * - * Neither the name of the NLNET LABS nor the names of its contributors may - * be used to endorse or promote products derived from this software without - * specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR - * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT - * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED - * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR - * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF - * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING - * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - * - */ - -/** - * \file - * fake libevent implementation. Less broad in functionality, and only - * supports select(2). - */ - -#include "config.h" -#ifdef HAVE_TIME_H -#include -#endif -#include - -#if defined(USE_MINI_EVENT) && !defined(USE_WINSOCK) -#include -#include "util/mini_event.h" -#include "util/fptr_wlist.h" - -/** compare events in tree, based on timevalue, ptr for uniqueness */ -int mini_ev_cmp(const void* a, const void* b) -{ - const struct event *e = (const struct event*)a; - const struct event *f = (const struct event*)b; - if(e->ev_timeout.tv_sec < f->ev_timeout.tv_sec) - return -1; - if(e->ev_timeout.tv_sec > f->ev_timeout.tv_sec) - return 1; - if(e->ev_timeout.tv_usec < f->ev_timeout.tv_usec) - return -1; - if(e->ev_timeout.tv_usec > f->ev_timeout.tv_usec) - return 1; - if(e < f) - return -1; - if(e > f) - return 1; - return 0; -} - -/** set time */ -static int -settime(struct event_base* base) -{ - if(gettimeofday(base->time_tv, NULL) < 0) { - return -1; - } -#ifndef S_SPLINT_S - *base->time_secs = (time_t)base->time_tv->tv_sec; -#endif - return 0; -} - -/** create event base */ -void *event_init(time_t* time_secs, struct timeval* time_tv) -{ - struct event_base* base = (struct event_base*)malloc( - sizeof(struct event_base)); - if(!base) - return NULL; - memset(base, 0, sizeof(*base)); - base->time_secs = time_secs; - base->time_tv = time_tv; - if(settime(base) < 0) { - event_base_free(base); - return NULL; - } - base->times = rbtree_create(mini_ev_cmp); - if(!base->times) { - event_base_free(base); - return NULL; - } - base->capfd = MAX_FDS; -#ifdef FD_SETSIZE - if((int)FD_SETSIZE < base->capfd) - base->capfd = (int)FD_SETSIZE; -#endif - base->fds = (struct event**)calloc((size_t)base->capfd, - sizeof(struct event*)); - if(!base->fds) { - event_base_free(base); - return NULL; - } - base->signals = (struct event**)calloc(MAX_SIG, sizeof(struct event*)); - if(!base->signals) { - event_base_free(base); - return NULL; - } -#ifndef S_SPLINT_S - FD_ZERO(&base->reads); - FD_ZERO(&base->writes); -#endif - return base; -} - -/** get version */ -const char *event_get_version(void) -{ - return "mini-event-"PACKAGE_VERSION; -} - -/** get polling method, select */ -const char *event_get_method(void) -{ - return "select"; -} - -/** call timeouts handlers, and return how long to wait for next one or -1 */ -static void handle_timeouts(struct event_base* base, struct timeval* now, - struct timeval* wait) -{ - struct event* p; -#ifndef S_SPLINT_S - wait->tv_sec = (time_t)-1; -#endif - - while((rbnode_type*)(p = (struct event*)rbtree_first(base->times)) - !=RBTREE_NULL) { -#ifndef S_SPLINT_S - if(p->ev_timeout.tv_sec > now->tv_sec || - (p->ev_timeout.tv_sec==now->tv_sec && - p->ev_timeout.tv_usec > now->tv_usec)) { - /* there is a next larger timeout. wait for it */ - wait->tv_sec = p->ev_timeout.tv_sec - now->tv_sec; - if(now->tv_usec > p->ev_timeout.tv_usec) { - wait->tv_sec--; - wait->tv_usec = 1000000 - (now->tv_usec - - p->ev_timeout.tv_usec); - } else { - wait->tv_usec = p->ev_timeout.tv_usec - - now->tv_usec; - } - return; - } -#endif - /* event times out, remove it */ - (void)rbtree_delete(base->times, p); - p->ev_events &= ~EV_TIMEOUT; - fptr_ok(fptr_whitelist_event(p->ev_callback)); - (*p->ev_callback)(p->ev_fd, EV_TIMEOUT, p->ev_arg); - } -} - -/** call select and callbacks for that */ -static int handle_select(struct event_base* base, struct timeval* wait) -{ - fd_set r, w; - int ret, i; - -#ifndef S_SPLINT_S - if(wait->tv_sec==(time_t)-1) - wait = NULL; -#endif - memmove(&r, &base->reads, sizeof(fd_set)); - memmove(&w, &base->writes, sizeof(fd_set)); - memmove(&base->ready, &base->content, sizeof(fd_set)); - - if((ret = select(base->maxfd+1, &r, &w, NULL, wait)) == -1) { - ret = errno; - if(settime(base) < 0) - return -1; - errno = ret; - if(ret == EAGAIN || ret == EINTR) - return 0; - return -1; - } - if(settime(base) < 0) - return -1; - - for(i=0; imaxfd+1; i++) { - short bits = 0; - if(!base->fds[i] || !(FD_ISSET(i, &base->ready))) { - continue; - } - if(FD_ISSET(i, &r)) { - bits |= EV_READ; - ret--; - } - if(FD_ISSET(i, &w)) { - bits |= EV_WRITE; - ret--; - } - bits &= base->fds[i]->ev_events; - if(bits) { - fptr_ok(fptr_whitelist_event( - base->fds[i]->ev_callback)); - (*base->fds[i]->ev_callback)(base->fds[i]->ev_fd, - bits, base->fds[i]->ev_arg); - if(ret==0) - break; - } - } - return 0; -} - -/** run select in a loop */ -int event_base_dispatch(struct event_base* base) -{ - struct timeval wait; - if(settime(base) < 0) - return -1; - while(!base->need_to_exit) - { - /* see if timeouts need handling */ - handle_timeouts(base, base->time_tv, &wait); - if(base->need_to_exit) - return 0; - /* do select */ - if(handle_select(base, &wait) < 0) { - if(base->need_to_exit) - return 0; - return -1; - } - } - return 0; -} - -/** exit that loop */ -int event_base_loopexit(struct event_base* base, - struct timeval* ATTR_UNUSED(tv)) -{ - base->need_to_exit = 1; - return 0; -} - -/* free event base, free events yourself */ -void event_base_free(struct event_base* base) -{ - if(!base) - return; - free(base->times); - free(base->fds); - free(base->signals); - free(base); -} - -/** set content of event */ -void event_set(struct event* ev, int fd, short bits, - void (*cb)(int, short, void *), void* arg) -{ - ev->node.key = ev; - ev->ev_fd = fd; - ev->ev_events = bits; - ev->ev_callback = cb; - fptr_ok(fptr_whitelist_event(ev->ev_callback)); - ev->ev_arg = arg; - ev->added = 0; -} - -/* add event to a base */ -int event_base_set(struct event_base* base, struct event* ev) -{ - ev->ev_base = base; - ev->added = 0; - return 0; -} - -/* add event to make it active, you may not change it with event_set anymore */ -int event_add(struct event* ev, struct timeval* tv) -{ - if(ev->added) - event_del(ev); - if(ev->ev_fd != -1 && ev->ev_fd >= ev->ev_base->capfd) - return -1; - if( (ev->ev_events&(EV_READ|EV_WRITE)) && ev->ev_fd != -1) { - ev->ev_base->fds[ev->ev_fd] = ev; - if(ev->ev_events&EV_READ) { - FD_SET(FD_SET_T ev->ev_fd, &ev->ev_base->reads); - } - if(ev->ev_events&EV_WRITE) { - FD_SET(FD_SET_T ev->ev_fd, &ev->ev_base->writes); - } - FD_SET(FD_SET_T ev->ev_fd, &ev->ev_base->content); - FD_CLR(FD_SET_T ev->ev_fd, &ev->ev_base->ready); - if(ev->ev_fd > ev->ev_base->maxfd) - ev->ev_base->maxfd = ev->ev_fd; - } - if(tv && (ev->ev_events&EV_TIMEOUT)) { -#ifndef S_SPLINT_S - struct timeval *now = ev->ev_base->time_tv; - ev->ev_timeout.tv_sec = tv->tv_sec + now->tv_sec; - ev->ev_timeout.tv_usec = tv->tv_usec + now->tv_usec; - while(ev->ev_timeout.tv_usec > 1000000) { - ev->ev_timeout.tv_usec -= 1000000; - ev->ev_timeout.tv_sec++; - } -#endif - (void)rbtree_insert(ev->ev_base->times, &ev->node); - } - ev->added = 1; - return 0; -} - -/* remove event, you may change it again */ -int event_del(struct event* ev) -{ - if(ev->ev_fd != -1 && ev->ev_fd >= ev->ev_base->capfd) - return -1; - if((ev->ev_events&EV_TIMEOUT)) - (void)rbtree_delete(ev->ev_base->times, &ev->node); - if((ev->ev_events&(EV_READ|EV_WRITE)) && ev->ev_fd != -1) { - ev->ev_base->fds[ev->ev_fd] = NULL; - FD_CLR(FD_SET_T ev->ev_fd, &ev->ev_base->reads); - FD_CLR(FD_SET_T ev->ev_fd, &ev->ev_base->writes); - FD_CLR(FD_SET_T ev->ev_fd, &ev->ev_base->ready); - FD_CLR(FD_SET_T ev->ev_fd, &ev->ev_base->content); - } - ev->added = 0; - return 0; -} - -/** which base gets to handle signals */ -static struct event_base* signal_base = NULL; -/** signal handler */ -static RETSIGTYPE sigh(int sig) -{ - struct event* ev; - if(!signal_base || sig < 0 || sig >= MAX_SIG) - return; - ev = signal_base->signals[sig]; - if(!ev) - return; - fptr_ok(fptr_whitelist_event(ev->ev_callback)); - (*ev->ev_callback)(sig, EV_SIGNAL, ev->ev_arg); -} - -/** install signal handler */ -int signal_add(struct event* ev, struct timeval* ATTR_UNUSED(tv)) -{ - if(ev->ev_fd == -1 || ev->ev_fd >= MAX_SIG) - return -1; - signal_base = ev->ev_base; - ev->ev_base->signals[ev->ev_fd] = ev; - ev->added = 1; - if(signal(ev->ev_fd, sigh) == SIG_ERR) { - return -1; - } - return 0; -} - -/** remove signal handler */ -int signal_del(struct event* ev) -{ - if(ev->ev_fd == -1 || ev->ev_fd >= MAX_SIG) - return -1; - ev->ev_base->signals[ev->ev_fd] = NULL; - ev->added = 0; - return 0; -} - -#else /* USE_MINI_EVENT */ -#ifndef USE_WINSOCK -int mini_ev_cmp(const void* ATTR_UNUSED(a), const void* ATTR_UNUSED(b)) -{ - return 0; -} -#endif /* not USE_WINSOCK */ -#endif /* USE_MINI_EVENT */ diff --git a/external/unbound/util/mini_event.h b/external/unbound/util/mini_event.h deleted file mode 100644 index 204894d97..000000000 --- a/external/unbound/util/mini_event.h +++ /dev/null @@ -1,192 +0,0 @@ -/* - * mini-event.h - micro implementation of libevent api, using select() only. - * - * Copyright (c) 2007, NLnet Labs. All rights reserved. - * - * This software is open source. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * Redistributions of source code must retain the above copyright notice, - * this list of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, - * this list of conditions and the following disclaimer in the documentation - * and/or other materials provided with the distribution. - * - * Neither the name of the NLNET LABS nor the names of its contributors may - * be used to endorse or promote products derived from this software without - * specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR - * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT - * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED - * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR - * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF - * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING - * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -/** - * \file - * This file implements part of the event(3) libevent api. - * The back end is only select. Max number of fds is limited. - * Max number of signals is limited, one handler per signal only. - * And one handler per fd. - * - * Although limited to select() and a max (1024) open fds, it - * is efficient: - * o dispatch call caches fd_sets to use. - * o handler calling takes time ~ to the number of fds. - * o timeouts are stored in a redblack tree, sorted, so take log(n). - * Timeouts are only accurate to the second (no subsecond accuracy). - * To avoid cpu hogging, fractional timeouts are rounded up to a whole second. - */ - -#ifndef MINI_EVENT_H -#define MINI_EVENT_H - -#if defined(USE_MINI_EVENT) && !defined(USE_WINSOCK) - -#ifndef HAVE_EVENT_BASE_FREE -#define HAVE_EVENT_BASE_FREE -#endif - -/* redefine to use our own namespace so that on platforms where - * linkers crosslink library-private symbols with other symbols, it works */ -#define event_init minievent_init -#define event_get_version minievent_get_version -#define event_get_method minievent_get_method -#define event_base_dispatch minievent_base_dispatch -#define event_base_loopexit minievent_base_loopexit -#define event_base_free minievent_base_free -#define event_set minievent_set -#define event_base_set minievent_base_set -#define event_add minievent_add -#define event_del minievent_del -#define signal_add minisignal_add -#define signal_del minisignal_del - -/** event timeout */ -#define EV_TIMEOUT 0x01 -/** event fd readable */ -#define EV_READ 0x02 -/** event fd writable */ -#define EV_WRITE 0x04 -/** event signal */ -#define EV_SIGNAL 0x08 -/** event must persist */ -#define EV_PERSIST 0x10 - -/* needs our redblack tree */ -#include "rbtree.h" - -/** max number of file descriptors to support */ -#define MAX_FDS 1024 -/** max number of signals to support */ -#define MAX_SIG 32 - -/** event base */ -struct event_base -{ - /** sorted by timeout (absolute), ptr */ - rbtree_type* times; - /** array of 0 - maxfd of ptr to event for it */ - struct event** fds; - /** max fd in use */ - int maxfd; - /** capacity - size of the fds array */ - int capfd; - /* fdset for read write, for fds ready, and added */ - fd_set - /** fds for reading */ - reads, - /** fds for writing */ - writes, - /** fds determined ready for use */ - ready, - /** ready plus newly added events. */ - content; - /** array of 0 - maxsig of ptr to event for it */ - struct event** signals; - /** if we need to exit */ - int need_to_exit; - /** where to store time in seconds */ - time_t* time_secs; - /** where to store time in microseconds */ - struct timeval* time_tv; -}; - -/** - * Event structure. Has some of the event elements. - */ -struct event { - /** node in timeout rbtree */ - rbnode_type node; - /** is event already added */ - int added; - - /** event base it belongs to */ - struct event_base *ev_base; - /** fd to poll or -1 for timeouts. signal number for sigs. */ - int ev_fd; - /** what events this event is interested in, see EV_.. above. */ - short ev_events; - /** timeout value */ - struct timeval ev_timeout; - - /** callback to call: fd, eventbits, userarg */ - void (*ev_callback)(int, short, void *arg); - /** callback user arg */ - void *ev_arg; -}; - -/* function prototypes (some are as they appear in event.h) */ -/** create event base */ -void *event_init(time_t* time_secs, struct timeval* time_tv); -/** get version */ -const char *event_get_version(void); -/** get polling method, select */ -const char *event_get_method(void); -/** run select in a loop */ -int event_base_dispatch(struct event_base *); -/** exit that loop */ -int event_base_loopexit(struct event_base *, struct timeval *); -/** free event base. Free events yourself */ -void event_base_free(struct event_base *); -/** set content of event */ -void event_set(struct event *, int, short, void (*)(int, short, void *), void *); -/** add event to a base. You *must* call this for every event. */ -int event_base_set(struct event_base *, struct event *); -/** add event to make it active. You may not change it with event_set anymore */ -int event_add(struct event *, struct timeval *); -/** remove event. You may change it again */ -int event_del(struct event *); - -/** add a timer */ -#define evtimer_add(ev, tv) event_add(ev, tv) -/** remove a timer */ -#define evtimer_del(ev) event_del(ev) - -/* uses different implementation. Cannot mix fd/timeouts and signals inside - * the same struct event. create several event structs for that. */ -/** install signal handler */ -int signal_add(struct event *, struct timeval *); -/** set signal event contents */ -#define signal_set(ev, x, cb, arg) \ - event_set(ev, x, EV_SIGNAL|EV_PERSIST, cb, arg) -/** remove signal handler */ -int signal_del(struct event *); - -#endif /* USE_MINI_EVENT and not USE_WINSOCK */ - -/** compare events in tree, based on timevalue, ptr for uniqueness */ -int mini_ev_cmp(const void* a, const void* b); - -#endif /* MINI_EVENT_H */ diff --git a/external/unbound/util/module.c b/external/unbound/util/module.c deleted file mode 100644 index f4b715d14..000000000 --- a/external/unbound/util/module.c +++ /dev/null @@ -1,238 +0,0 @@ -/* - * util/module.c - module interface - * - * Copyright (c) 2007, NLnet Labs. All rights reserved. - * - * This software is open source. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * Redistributions of source code must retain the above copyright notice, - * this list of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, - * this list of conditions and the following disclaimer in the documentation - * and/or other materials provided with the distribution. - * - * Neither the name of the NLNET LABS nor the names of its contributors may - * be used to endorse or promote products derived from this software without - * specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR - * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT - * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED - * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR - * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF - * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING - * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/** - * \file - * Implementation of module.h. - */ - -#include "config.h" -#include "util/module.h" -#include "sldns/wire2str.h" - -const char* -strextstate(enum module_ext_state s) -{ - switch(s) { - case module_state_initial: return "module_state_initial"; - case module_wait_reply: return "module_wait_reply"; - case module_wait_module: return "module_wait_module"; - case module_restart_next: return "module_restart_next"; - case module_wait_subquery: return "module_wait_subquery"; - case module_error: return "module_error"; - case module_finished: return "module_finished"; - } - return "bad_extstate_value"; -} - -const char* -strmodulevent(enum module_ev e) -{ - switch(e) { - case module_event_new: return "module_event_new"; - case module_event_pass: return "module_event_pass"; - case module_event_reply: return "module_event_reply"; - case module_event_noreply: return "module_event_noreply"; - case module_event_capsfail: return "module_event_capsfail"; - case module_event_moddone: return "module_event_moddone"; - case module_event_error: return "module_event_error"; - } - return "bad_event_value"; -} - -int -edns_known_options_init(struct module_env* env) -{ - env->edns_known_options_num = 0; - env->edns_known_options = (struct edns_known_option*)calloc( - MAX_KNOWN_EDNS_OPTS, sizeof(struct edns_known_option)); - if(!env->edns_known_options) return 0; - return 1; -} - -void -edns_known_options_delete(struct module_env* env) -{ - free(env->edns_known_options); - env->edns_known_options = NULL; - env->edns_known_options_num = 0; -} - -int -edns_register_option(uint16_t opt_code, int bypass_cache_stage, - int no_aggregation, struct module_env* env) -{ - size_t i; - if(env->worker) { - log_err("invalid edns registration: " - "trying to register option after module init phase"); - return 0; - } - - /** - * Checking if we are full first is faster but it does not provide - * the option to change the flags when the array is full. - * It only impacts unbound initialization, leave it for now. - */ - /* Check if the option is already registered. */ - for(i=0; iedns_known_options_num; i++) - if(env->edns_known_options[i].opt_code == opt_code) - break; - /* If it is not yet registered check if we have space to add a new one. */ - if(i == env->edns_known_options_num) { - if(env->edns_known_options_num >= MAX_KNOWN_EDNS_OPTS) { - log_err("invalid edns registration: maximum options reached"); - return 0; - } - env->edns_known_options_num++; - } - env->edns_known_options[i].opt_code = opt_code; - env->edns_known_options[i].bypass_cache_stage = bypass_cache_stage; - env->edns_known_options[i].no_aggregation = no_aggregation; - return 1; -} - -int -inplace_cb_register(void* cb, enum inplace_cb_list_type type, void* cbarg, - struct module_env* env, int id) -{ - struct inplace_cb* callback; - struct inplace_cb** prevp; - if(env->worker) { - log_err("invalid edns callback registration: " - "trying to register callback after module init phase"); - return 0; - } - - callback = (struct inplace_cb*)calloc(1, sizeof(*callback)); - if(callback == NULL) { - log_err("out of memory during edns callback registration."); - return 0; - } - callback->id = id; - callback->next = NULL; - callback->cb = cb; - callback->cb_arg = cbarg; - - prevp = (struct inplace_cb**) &env->inplace_cb_lists[type]; - /* append at end of list */ - while(*prevp != NULL) - prevp = &((*prevp)->next); - *prevp = callback; - return 1; -} - -void -inplace_cb_delete(struct module_env* env, enum inplace_cb_list_type type, - int id) -{ - struct inplace_cb* temp = env->inplace_cb_lists[type]; - struct inplace_cb* prev = NULL; - - while(temp) { - if(temp->id == id) { - if(!prev) { - env->inplace_cb_lists[type] = temp->next; - free(temp); - temp = env->inplace_cb_lists[type]; - } - else { - prev->next = temp->next; - free(temp); - temp = prev->next; - } - } - else { - prev = temp; - temp = temp->next; - } - } -} - -struct edns_known_option* -edns_option_is_known(uint16_t opt_code, struct module_env* env) -{ - size_t i; - for(i=0; iedns_known_options_num; i++) - if(env->edns_known_options[i].opt_code == opt_code) - return env->edns_known_options + i; - return NULL; -} - -int -edns_bypass_cache_stage(struct edns_option* list, struct module_env* env) -{ - size_t i; - for(; list; list=list->next) - for(i=0; iedns_known_options_num; i++) - if(env->edns_known_options[i].opt_code == list->opt_code && - env->edns_known_options[i].bypass_cache_stage == 1) - return 1; - return 0; -} - -int -unique_mesh_state(struct edns_option* list, struct module_env* env) -{ - size_t i; - if(env->unique_mesh) - return 1; - for(; list; list=list->next) - for(i=0; iedns_known_options_num; i++) - if(env->edns_known_options[i].opt_code == list->opt_code && - env->edns_known_options[i].no_aggregation == 1) - return 1; - return 0; -} - -void -log_edns_known_options(enum verbosity_value level, struct module_env* env) -{ - size_t i; - char str[32], *s; - size_t slen; - if(env->edns_known_options_num > 0 && verbosity >= level) { - verbose(level, "EDNS known options:"); - verbose(level, " Code: Bypass_cache_stage: Aggregate_mesh:"); - for(i=0; iedns_known_options_num; i++) { - s = str; - slen = sizeof(str); - (void)sldns_wire2str_edns_option_code_print(&s, &slen, - env->edns_known_options[i].opt_code); - verbose(level, " %-8.8s %-19s %-15s", str, - env->edns_known_options[i].bypass_cache_stage?"YES":"NO", - env->edns_known_options[i].no_aggregation?"NO":"YES"); - } - } -} diff --git a/external/unbound/util/module.h b/external/unbound/util/module.h deleted file mode 100644 index 82b50ccd7..000000000 --- a/external/unbound/util/module.h +++ /dev/null @@ -1,778 +0,0 @@ -/* - * util/module.h - DNS handling module interface - * - * Copyright (c) 2007, NLnet Labs. All rights reserved. - * - * This software is open source. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * Redistributions of source code must retain the above copyright notice, - * this list of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, - * this list of conditions and the following disclaimer in the documentation - * and/or other materials provided with the distribution. - * - * Neither the name of the NLNET LABS nor the names of its contributors may - * be used to endorse or promote products derived from this software without - * specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR - * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT - * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED - * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR - * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF - * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING - * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -/** - * \file - * - * This file contains the interface for DNS handling modules. - * - * The module interface uses the DNS modules as state machines. The - * state machines are activated in sequence to operate on queries. Once - * they are done, the reply is passed back. In the usual setup the mesh - * is the caller of the state machines and once things are done sends replies - * and invokes result callbacks. - * - * The module provides a number of functions, listed in the module_func_block. - * The module is inited and destroyed and memory usage queries, for the - * module as a whole, for entire-module state (such as a cache). And per-query - * functions are called, operate to move the state machine and cleanup of - * the per-query state. - * - * Most per-query state should simply be allocated in the query region. - * This is destroyed at the end of the query. - * - * The module environment contains services and information and caches - * shared by the modules and the rest of the system. It also contains - * function pointers for module-specific tasks (like sending queries). - * - * *** Example module calls for a normal query - * - * In this example, the query does not need recursion, all the other data - * can be found in the cache. This makes the example shorter. - * - * At the start of the program the iterator module is initialised. - * The iterator module sets up its global state, such as donotquery lists - * and private address trees. - * - * A query comes in, and a mesh entry is created for it. The mesh - * starts the resolution process. The validator module is the first - * in the list of modules, and it is started on this new query. The - * operate() function is called. The validator decides it needs not do - * anything yet until there is a result and returns wait_module, that - * causes the next module in the list to be started. - * - * The next module is the iterator. It is started on the passed query and - * decides to perform a lookup. For this simple example, the delegation - * point information is available, and all the iterator wants to do is - * send a UDP query. The iterator uses env.send_query() to send the - * query. Then the iterator suspends (returns from the operate call). - * - * When the UDP reply comes back (and on errors and timeouts), the - * operate function is called for the query, on the iterator module, - * with the event that there is a reply. The iterator decides that this - * is enough, the work is done. It returns the value finished from the - * operate call, which causes the previous module to be started. - * - * The previous module, the validator module, is started with the event - * that the iterator module is done. The validator decides to validate - * the query. Once it is done (which could take recursive lookups, but - * in this example no recursive lookups are needed), it returns from the - * operate function with finished. - * - * There is no previous module from the validator module, and the mesh - * takes this to mean that the query is finally done. The mesh invokes - * callbacks and sends packets to queriers. - * - * If other modules had been waiting (recursively) on the answer to this - * query, then the mesh will tell them about it. It calls the inform_super - * routine on all the waiting modules, and once that is done it calls all of - * them with the operate() call. During inform_super the query that is done - * still exists and information can be copied from it (but the module should - * not really re-entry codepoints and services). During the operate call - * the modules can use stored state to continue operation with the results. - * (network buffers are used to contain the answer packet during the - * inform_super phase, but after that the network buffers will be cleared - * of their contents so that other tasks can be performed). - * - * *** Example module calls for recursion - * - * A module is called in operate, and it decides that it wants to perform - * recursion. That is, it wants the full state-machine-list to operate on - * a different query. It calls env.attach_sub() to create a new query state. - * The routine returns the newly created state, and potentially the module - * can edit the module-states for the newly created query (i.e. pass along - * some information, like delegation points). The module then suspends, - * returns from the operate routine. - * - * The mesh meanwhile will have the newly created query (or queries) on - * a waiting list, and will call operate() on this query (or queries). - * It starts again at the start of the module list for them. The query - * (or queries) continue to operate their state machines, until they are - * done. When they are done the mesh calls inform_super on the module that - * wanted the recursion. After that the mesh calls operate() on the module - * that wanted to do the recursion, and during this phase the module could, - * for example, decide to create more recursions. - * - * If the module decides it no longer wants the recursive information - * it can call detach_subs. Those queries will still run to completion, - * potentially filling the cache with information. Inform_super is not - * called any more. - * - * The iterator module will fetch items from the cache, so a recursion - * attempt may complete very quickly if the item is in cache. The calling - * module has to wait for completion or eventual timeout. A recursive query - * that times out returns a servfail rcode (servfail is also returned for - * other errors during the lookup). - * - * Results are passed in the qstate, the rcode member is used to pass - * errors without requiring memory allocation, so that the code can continue - * in out-of-memory conditions. If the rcode member is 0 (NOERROR) then - * the dns_msg entry contains a filled out message. This message may - * also contain an rcode that is nonzero, but in this case additional - * information (query, additional) can be passed along. - * - * The rcode and dns_msg are used to pass the result from the the rightmost - * module towards the leftmost modules and then towards the user. - * - * If you want to avoid recursion-cycles where queries need other queries - * that need the first one, use detect_cycle() to see if that will happen. - * - */ - -#ifndef UTIL_MODULE_H -#define UTIL_MODULE_H -#include "util/storage/lruhash.h" -#include "util/data/msgreply.h" -#include "util/data/msgparse.h" -struct sldns_buffer; -struct alloc_cache; -struct rrset_cache; -struct key_cache; -struct config_file; -struct slabhash; -struct query_info; -struct edns_data; -struct regional; -struct worker; -struct module_qstate; -struct ub_randstate; -struct mesh_area; -struct mesh_state; -struct val_anchors; -struct val_neg_cache; -struct iter_forwards; -struct iter_hints; -struct respip_set; -struct respip_client_info; -struct respip_addr_info; - -/** Maximum number of modules in operation */ -#define MAX_MODULE 16 - -/** Maximum number of known edns options */ -#define MAX_KNOWN_EDNS_OPTS 256 - -enum inplace_cb_list_type { - /* Inplace callbacks for when a resolved reply is ready to be sent to the - * front.*/ - inplace_cb_reply = 0, - /* Inplace callbacks for when a reply is given from the cache. */ - inplace_cb_reply_cache, - /* Inplace callbacks for when a reply is given with local data - * (or Chaos reply). */ - inplace_cb_reply_local, - /* Inplace callbacks for when the reply is servfail. */ - inplace_cb_reply_servfail, - /* Inplace callbacks for when a query is ready to be sent to the back.*/ - inplace_cb_query, - /* Inplace callback for when a reply is received from the back. */ - inplace_cb_query_response, - /* Inplace callback for when EDNS is parsed on a reply received from the - * back. */ - inplace_cb_edns_back_parsed, - /* Total number of types. Used for array initialization. - * Should always be last. */ - inplace_cb_types_total -}; - - -/** Known edns option. Can be populated during modules' init. */ -struct edns_known_option { - /** type of this edns option */ - uint16_t opt_code; - /** whether the option needs to bypass the cache stage */ - int bypass_cache_stage; - /** whether the option needs mesh aggregation */ - int no_aggregation; -}; - -/** - * Inplace callback list of registered routines to be called. - */ -struct inplace_cb { - /** next in list */ - struct inplace_cb* next; - /** Inplace callback routine */ - void* cb; - void* cb_arg; - /** module id */ - int id; -}; - -/** - * Inplace callback function called before replying. - * Called as func(edns, qstate, opt_list_out, qinfo, reply_info, rcode, - * region, python_callback) - * Where: - * qinfo: the query info. - * qstate: the module state. NULL when calling before the query reaches the - * mesh states. - * rep: reply_info. Could be NULL. - * rcode: the return code. - * edns: the edns_data of the reply. When qstate is NULL, it is also used as - * the edns input. - * opt_list_out: the edns options list for the reply. - * region: region to store data. - * python_callback: only used for registering a python callback function. - */ -typedef int inplace_cb_reply_func_type(struct query_info* qinfo, - struct module_qstate* qstate, struct reply_info* rep, int rcode, - struct edns_data* edns, struct edns_option** opt_list_out, - struct regional* region, int id, void* callback); - -/** - * Inplace callback function called before sending the query to a nameserver. - * Called as func(qinfo, flags, qstate, addr, addrlen, zone, zonelen, region, - * python_callback) - * Where: - * qinfo: query info. - * flags: flags of the query. - * qstate: query state. - * addr: to which server to send the query. - * addrlen: length of addr. - * zone: name of the zone of the delegation point. wireformat dname. - * This is the delegation point name for which the server is deemed - * authoritative. - * zonelen: length of zone. - * region: region to store data. - * python_callback: only used for registering a python callback function. - */ -typedef int inplace_cb_query_func_type(struct query_info* qinfo, uint16_t flags, - struct module_qstate* qstate, struct sockaddr_storage* addr, - socklen_t addrlen, uint8_t* zone, size_t zonelen, struct regional* region, - int id, void* callback); - -/** - * Inplace callback function called after parsing edns on query reply. - * Called as func(qstate, cb_args) - * Where: - * qstate: the query state - * id: module id - * cb_args: argument passed when registering callback. - */ -typedef int inplace_cb_edns_back_parsed_func_type(struct module_qstate* qstate, - int id, void* cb_args); - -/** - * Inplace callback function called after parsing query response. - * Called as func(qstate, id, cb_args) - * Where: - * qstate: the query state - * response: query response - * id: module id - * cb_args: argument passed when registering callback. - */ -typedef int inplace_cb_query_response_func_type(struct module_qstate* qstate, - struct dns_msg* response, int id, void* cb_args); - -/** - * Module environment. - * Services and data provided to the module. - */ -struct module_env { - /* --- data --- */ - /** config file with config options */ - struct config_file* cfg; - /** shared message cache */ - struct slabhash* msg_cache; - /** shared rrset cache */ - struct rrset_cache* rrset_cache; - /** shared infrastructure cache (edns, lameness) */ - struct infra_cache* infra_cache; - /** shared key cache */ - struct key_cache* key_cache; - - /* --- services --- */ - /** - * Send serviced DNS query to server. UDP/TCP and EDNS is handled. - * operate() should return with wait_reply. Later on a callback - * will cause operate() to be called with event timeout or reply. - * The time until a timeout is calculated from roundtrip timing, - * several UDP retries are attempted. - * @param qinfo: query info. - * @param flags: host order flags word, with opcode and CD bit. - * @param dnssec: if set, EDNS record will have bits set. - * If EDNS_DO bit is set, DO bit is set in EDNS records. - * If BIT_CD is set, CD bit is set in queries with EDNS records. - * @param want_dnssec: if set, the validator wants DNSSEC. Without - * EDNS, the answer is likely to be useless for this domain. - * @param nocaps: do not use caps_for_id, use the qname as given. - * (ignored if caps_for_id is disabled). - * @param addr: where to. - * @param addrlen: length of addr. - * @param zone: delegation point name. - * @param zonelen: length of zone name. - * @param ssl_upstream: use SSL for upstream queries. - * @param q: wich query state to reactivate upon return. - * @return: false on failure (memory or socket related). no query was - * sent. Or returns an outbound entry with qsent and qstate set. - * This outbound_entry will be used on later module invocations - * that involve this query (timeout, error or reply). - */ - struct outbound_entry* (*send_query)(struct query_info* qinfo, - uint16_t flags, int dnssec, int want_dnssec, int nocaps, - struct sockaddr_storage* addr, socklen_t addrlen, - uint8_t* zone, size_t zonelen, int ssl_upstream, - struct module_qstate* q); - - /** - * Detach-subqueries. - * Remove all sub-query references from this query state. - * Keeps super-references of those sub-queries correct. - * Updates stat items in mesh_area structure. - * @param qstate: used to find mesh state. - */ - void (*detach_subs)(struct module_qstate* qstate); - - /** - * Attach subquery. - * Creates it if it does not exist already. - * Keeps sub and super references correct. - * Updates stat items in mesh_area structure. - * Pass if it is priming query or not. - * return: - * o if error (malloc) happened. - * o need to initialise the new state (module init; it is a new state). - * so that the next run of the query with this module is successful. - * o no init needed, attachment successful. - * - * @param qstate: the state to find mesh state, and that wants to - * receive the results from the new subquery. - * @param qinfo: what to query for (copied). - * @param qflags: what flags to use (RD, CD flag or not). - * @param prime: if it is a (stub) priming query. - * @param valrec: validation lookup recursion, does not need validation - * @param newq: If the new subquery needs initialisation, it is - * returned, otherwise NULL is returned. - * @return: false on error, true if success (and init may be needed). - */ - int (*attach_sub)(struct module_qstate* qstate, - struct query_info* qinfo, uint16_t qflags, int prime, - int valrec, struct module_qstate** newq); - - /** - * Kill newly attached sub. If attach_sub returns newq for - * initialisation, but that fails, then this routine will cleanup and - * delete the fresly created sub. - * @param newq: the new subquery that is no longer needed. - * It is removed. - */ - void (*kill_sub)(struct module_qstate* newq); - - /** - * Detect if adding a dependency for qstate on name,type,class will - * create a dependency cycle. - * @param qstate: given mesh querystate. - * @param qinfo: query info for dependency. - * @param flags: query flags of dependency, RD/CD flags. - * @param prime: if dependency is a priming query or not. - * @param valrec: validation lookup recursion, does not need validation - * @return true if the name,type,class exists and the given - * qstate mesh exists as a dependency of that name. Thus - * if qstate becomes dependent on name,type,class then a - * cycle is created. - */ - int (*detect_cycle)(struct module_qstate* qstate, - struct query_info* qinfo, uint16_t flags, int prime, - int valrec); - - /** region for temporary usage. May be cleared after operate() call. */ - struct regional* scratch; - /** buffer for temporary usage. May be cleared after operate() call. */ - struct sldns_buffer* scratch_buffer; - /** internal data for daemon - worker thread. */ - struct worker* worker; - /** mesh area with query state dependencies */ - struct mesh_area* mesh; - /** allocation service */ - struct alloc_cache* alloc; - /** random table to generate random numbers */ - struct ub_randstate* rnd; - /** time in seconds, converted to integer */ - time_t* now; - /** time in microseconds. Relatively recent. */ - struct timeval* now_tv; - /** is validation required for messages, controls client-facing - * validation status (AD bits) and servfails */ - int need_to_validate; - /** trusted key storage; these are the configured keys, if not NULL, - * otherwise configured by validator. These are the trust anchors, - * and are not primed and ready for validation, but on the bright - * side, they are read only memory, thus no locks and fast. */ - struct val_anchors* anchors; - /** negative cache, configured by the validator. if not NULL, - * contains NSEC record lookup trees. */ - struct val_neg_cache* neg_cache; - /** the 5011-probe timer (if any) */ - struct comm_timer* probe_timer; - /** Mapping of forwarding zones to targets. - * iterator forwarder information. per-thread, created by worker */ - struct iter_forwards* fwds; - /** - * iterator forwarder information. per-thread, created by worker. - * The hints -- these aren't stored in the cache because they don't - * expire. The hints are always used to "prime" the cache. Note - * that both root hints and stub zone "hints" are stored in this - * data structure. - */ - struct iter_hints* hints; - /** module specific data. indexed by module id. */ - void* modinfo[MAX_MODULE]; - - /* Shared linked list of inplace callback functions */ - struct inplace_cb* inplace_cb_lists[inplace_cb_types_total]; - - /** - * Shared array of known edns options (size MAX_KNOWN_EDNS_OPTS). - * Filled by edns literate modules during init. - */ - struct edns_known_option* edns_known_options; - /* Number of known edns options */ - size_t edns_known_options_num; - - /* Make every mesh state unique, do not aggregate mesh states. */ - int unique_mesh; -}; - -/** - * External visible states of the module state machine - * Modules may also have an internal state. - * Modules are supposed to run to completion or until blocked. - */ -enum module_ext_state { - /** initial state - new query */ - module_state_initial = 0, - /** waiting for reply to outgoing network query */ - module_wait_reply, - /** module is waiting for another module */ - module_wait_module, - /** module is waiting for another module; that other is restarted */ - module_restart_next, - /** module is waiting for sub-query */ - module_wait_subquery, - /** module could not finish the query */ - module_error, - /** module is finished with query */ - module_finished -}; - -/** - * Events that happen to modules, that start or wakeup modules. - */ -enum module_ev { - /** new query */ - module_event_new = 0, - /** query passed by other module */ - module_event_pass, - /** reply inbound from server */ - module_event_reply, - /** no reply, timeout or other error */ - module_event_noreply, - /** reply is there, but capitalisation check failed */ - module_event_capsfail, - /** next module is done, and its reply is awaiting you */ - module_event_moddone, - /** error */ - module_event_error -}; - -/** - * Linked list of sockaddrs - * May be allocated such that only 'len' bytes of addr exist for the structure. - */ -struct sock_list { - /** next in list */ - struct sock_list* next; - /** length of addr */ - socklen_t len; - /** sockaddr */ - struct sockaddr_storage addr; -}; - -struct respip_action_info; - -/** - * Module state, per query. - */ -struct module_qstate { - /** which query is being answered: name, type, class */ - struct query_info qinfo; - /** flags uint16 from query */ - uint16_t query_flags; - /** if this is a (stub or root) priming query (with hints) */ - int is_priming; - /** if this is a validation recursion query that does not get - * validation itself */ - int is_valrec; - - /** comm_reply contains server replies */ - struct comm_reply* reply; - /** the reply message, with message for client and calling module */ - struct dns_msg* return_msg; - /** the rcode, in case of error, instead of a reply message */ - int return_rcode; - /** origin of the reply (can be NULL from cache, list for cnames) */ - struct sock_list* reply_origin; - /** IP blacklist for queries */ - struct sock_list* blacklist; - /** region for this query. Cleared when query process finishes. */ - struct regional* region; - /** failure reason information if val-log-level is high */ - struct config_strlist* errinf; - - /** which module is executing */ - int curmod; - /** module states */ - enum module_ext_state ext_state[MAX_MODULE]; - /** module specific data for query. indexed by module id. */ - void* minfo[MAX_MODULE]; - /** environment for this query */ - struct module_env* env; - /** mesh related information for this query */ - struct mesh_state* mesh_info; - /** how many seconds before expiry is this prefetched (0 if not) */ - time_t prefetch_leeway; - - /** incoming edns options from the front end */ - struct edns_option* edns_opts_front_in; - /** outgoing edns options to the back end */ - struct edns_option* edns_opts_back_out; - /** incoming edns options from the back end */ - struct edns_option* edns_opts_back_in; - /** outgoing edns options to the front end */ - struct edns_option* edns_opts_front_out; - /** whether modules should answer from the cache */ - int no_cache_lookup; - /** whether modules should store answer in the cache */ - int no_cache_store; - - /** - * Attributes of clients that share the qstate that may affect IP-based - * actions. - */ - struct respip_client_info* client_info; - - /** Extended result of response-ip action processing, mainly - * for logging purposes. */ - struct respip_action_info* respip_action_info; - - /** whether the reply should be dropped */ - int is_drop; -}; - -/** - * Module functionality block - */ -struct module_func_block { - /** text string name of module */ - const char* name; - - /** - * init the module. Called once for the global state. - * This is the place to apply settings from the config file. - * @param env: module environment. - * @param id: module id number. - * return: 0 on error - */ - int (*init)(struct module_env* env, int id); - - /** - * de-init, delete, the module. Called once for the global state. - * @param env: module environment. - * @param id: module id number. - */ - void (*deinit)(struct module_env* env, int id); - - /** - * accept a new query, or work further on existing query. - * Changes the qstate->ext_state to be correct on exit. - * @param ev: event that causes the module state machine to - * (re-)activate. - * @param qstate: the query state. - * Note that this method is not allowed to change the - * query state 'identity', that is query info, qflags, - * and priming status. - * Attach a subquery to get results to a different query. - * @param id: module id number that operate() is called on. - * @param outbound: if not NULL this event is due to the reply/timeout - * or error on this outbound query. - * @return: if at exit the ext_state is: - * o wait_module: next module is started. (with pass event). - * o error or finished: previous module is resumed. - * o otherwise it waits until that event happens (assumes - * the service routine to make subrequest or send message - * have been called. - */ - void (*operate)(struct module_qstate* qstate, enum module_ev event, - int id, struct outbound_entry* outbound); - - /** - * inform super querystate about the results from this subquerystate. - * Is called when the querystate is finished. The method invoked is - * the one from the current module active in the super querystate. - * @param qstate: the query state that is finished. - * Examine return_rcode and return_reply in the qstate. - * @param id: module id for this module. - * This coincides with the current module for the super qstate. - * @param super: the super querystate that needs to be informed. - */ - void (*inform_super)(struct module_qstate* qstate, int id, - struct module_qstate* super); - - /** - * clear module specific data - */ - void (*clear)(struct module_qstate* qstate, int id); - - /** - * How much memory is the module specific data using. - * @param env: module environment. - * @param id: the module id. - * @return the number of bytes that are alloced. - */ - size_t (*get_mem)(struct module_env* env, int id); -}; - -/** - * Debug utility: module external qstate to string - * @param s: the state value. - * @return descriptive string. - */ -const char* strextstate(enum module_ext_state s); - -/** - * Debug utility: module event to string - * @param e: the module event value. - * @return descriptive string. - */ -const char* strmodulevent(enum module_ev e); - -/** - * Initialize the edns known options by allocating the required space. - * @param env: the module environment. - * @return false on failure (no memory). - */ -int edns_known_options_init(struct module_env* env); - -/** - * Free the allocated space for the known edns options. - * @param env: the module environment. - */ -void edns_known_options_delete(struct module_env* env); - -/** - * Register a known edns option. Overwrite the flags if it is already - * registered. Used before creating workers to register known edns options. - * @param opt_code: the edns option code. - * @param bypass_cache_stage: whether the option interacts with the cache. - * @param no_aggregation: whether the option implies more specific - * aggregation. - * @param env: the module environment. - * @return true on success, false on failure (registering more options than - * allowed or trying to register after the environment is copied to the - * threads.) - */ -int edns_register_option(uint16_t opt_code, int bypass_cache_stage, - int no_aggregation, struct module_env* env); - -/** - * Register an inplace callback function. - * @param cb: pointer to the callback function. - * @param type: inplace callback type. - * @param cbarg: argument for the callback function, or NULL. - * @param env: the module environment. - * @param id: module id. - * @return true on success, false on failure (out of memory or trying to - * register after the environment is copied to the threads.) - */ -int -inplace_cb_register(void* cb, enum inplace_cb_list_type type, void* cbarg, - struct module_env* env, int id); - -/** - * Delete callback for specified type and module id. - * @param env: the module environment. - * @param type: inplace callback type. - * @param id: module id. - */ -void -inplace_cb_delete(struct module_env* env, enum inplace_cb_list_type type, - int id); - -/** - * Delete all the inplace callback linked lists. - * @param env: the module environment. - */ -void inplace_cb_lists_delete(struct module_env* env); - -/** - * Check if an edns option is known. - * @param opt_code: the edns option code. - * @param env: the module environment. - * @return pointer to registered option if the edns option is known, - * NULL otherwise. - */ -struct edns_known_option* edns_option_is_known(uint16_t opt_code, - struct module_env* env); - -/** - * Check if an edns option needs to bypass the reply from cache stage. - * @param list: the edns options. - * @param env: the module environment. - * @return true if an edns option needs to bypass the cache stage, - * false otherwise. - */ -int edns_bypass_cache_stage(struct edns_option* list, - struct module_env* env); - -/** - * Check if an unique mesh state is required. Might be triggered by EDNS option - * or set for the complete env. - * @param list: the edns options. - * @param env: the module environment. - * @return true if an edns option needs a unique mesh state, - * false otherwise. - */ -int unique_mesh_state(struct edns_option* list, struct module_env* env); - -/** - * Log the known edns options. - * @param level: the desired verbosity level. - * @param env: the module environment. - */ -void log_edns_known_options(enum verbosity_value level, - struct module_env* env); - -#endif /* UTIL_MODULE_H */ diff --git a/external/unbound/util/net_help.c b/external/unbound/util/net_help.c deleted file mode 100644 index 6c0d68e31..000000000 --- a/external/unbound/util/net_help.c +++ /dev/null @@ -1,840 +0,0 @@ -/* - * util/net_help.c - implementation of the network helper code - * - * Copyright (c) 2007, NLnet Labs. All rights reserved. - * - * This software is open source. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * Redistributions of source code must retain the above copyright notice, - * this list of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, - * this list of conditions and the following disclaimer in the documentation - * and/or other materials provided with the distribution. - * - * Neither the name of the NLNET LABS nor the names of its contributors may - * be used to endorse or promote products derived from this software without - * specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR - * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT - * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED - * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR - * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF - * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING - * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/** - * \file - * Implementation of net_help.h. - */ - -#include "config.h" -#include "util/net_help.h" -#include "util/log.h" -#include "util/data/dname.h" -#include "util/module.h" -#include "util/regional.h" -#include "sldns/parseutil.h" -#include "sldns/wire2str.h" -#include -#ifdef HAVE_OPENSSL_SSL_H -#include -#endif -#ifdef HAVE_OPENSSL_ERR_H -#include -#endif - -/** max length of an IP address (the address portion) that we allow */ -#define MAX_ADDR_STRLEN 128 /* characters */ -/** default value for EDNS ADVERTISED size */ -uint16_t EDNS_ADVERTISED_SIZE = 4096; - -/** minimal responses when positive answer: default is no */ -int MINIMAL_RESPONSES = 0; - -/** rrset order roundrobin: default is no */ -int RRSET_ROUNDROBIN = 0; - -/* returns true is string addr is an ip6 specced address */ -int -str_is_ip6(const char* str) -{ - if(strchr(str, ':')) - return 1; - else return 0; -} - -int -fd_set_nonblock(int s) -{ -#ifdef HAVE_FCNTL - int flag; - if((flag = fcntl(s, F_GETFL)) == -1) { - log_err("can't fcntl F_GETFL: %s", strerror(errno)); - flag = 0; - } - flag |= O_NONBLOCK; - if(fcntl(s, F_SETFL, flag) == -1) { - log_err("can't fcntl F_SETFL: %s", strerror(errno)); - return 0; - } -#elif defined(HAVE_IOCTLSOCKET) - unsigned long on = 1; - if(ioctlsocket(s, FIONBIO, &on) != 0) { - log_err("can't ioctlsocket FIONBIO on: %s", - wsa_strerror(WSAGetLastError())); - } -#endif - return 1; -} - -int -fd_set_block(int s) -{ -#ifdef HAVE_FCNTL - int flag; - if((flag = fcntl(s, F_GETFL)) == -1) { - log_err("cannot fcntl F_GETFL: %s", strerror(errno)); - flag = 0; - } - flag &= ~O_NONBLOCK; - if(fcntl(s, F_SETFL, flag) == -1) { - log_err("cannot fcntl F_SETFL: %s", strerror(errno)); - return 0; - } -#elif defined(HAVE_IOCTLSOCKET) - unsigned long off = 0; - if(ioctlsocket(s, FIONBIO, &off) != 0) { - log_err("can't ioctlsocket FIONBIO off: %s", - wsa_strerror(WSAGetLastError())); - } -#endif - return 1; -} - -int -is_pow2(size_t num) -{ - if(num == 0) return 1; - return (num & (num-1)) == 0; -} - -void* -memdup(void* data, size_t len) -{ - void* d; - if(!data) return NULL; - if(len == 0) return NULL; - d = malloc(len); - if(!d) return NULL; - memcpy(d, data, len); - return d; -} - -void -log_addr(enum verbosity_value v, const char* str, - struct sockaddr_storage* addr, socklen_t addrlen) -{ - uint16_t port; - const char* family = "unknown"; - char dest[100]; - int af = (int)((struct sockaddr_in*)addr)->sin_family; - void* sinaddr = &((struct sockaddr_in*)addr)->sin_addr; - if(verbosity < v) - return; - switch(af) { - case AF_INET: family="ip4"; break; - case AF_INET6: family="ip6"; - sinaddr = &((struct sockaddr_in6*)addr)->sin6_addr; - break; - case AF_LOCAL: - dest[0]=0; - (void)inet_ntop(af, sinaddr, dest, - (socklen_t)sizeof(dest)); - verbose(v, "%s local %s", str, dest); - return; /* do not continue and try to get port */ - default: break; - } - if(inet_ntop(af, sinaddr, dest, (socklen_t)sizeof(dest)) == 0) { - (void)strlcpy(dest, "(inet_ntop error)", sizeof(dest)); - } - dest[sizeof(dest)-1] = 0; - port = ntohs(((struct sockaddr_in*)addr)->sin_port); - if(verbosity >= 4) - verbose(v, "%s %s %s port %d (len %d)", str, family, dest, - (int)port, (int)addrlen); - else verbose(v, "%s %s port %d", str, dest, (int)port); -} - -int -extstrtoaddr(const char* str, struct sockaddr_storage* addr, - socklen_t* addrlen) -{ - char* s; - int port = UNBOUND_DNS_PORT; - if((s=strchr(str, '@'))) { - char buf[MAX_ADDR_STRLEN]; - if(s-str >= MAX_ADDR_STRLEN) { - return 0; - } - (void)strlcpy(buf, str, sizeof(buf)); - buf[s-str] = 0; - port = atoi(s+1); - if(port == 0 && strcmp(s+1,"0")!=0) { - return 0; - } - return ipstrtoaddr(buf, port, addr, addrlen); - } - return ipstrtoaddr(str, port, addr, addrlen); -} - - -int -ipstrtoaddr(const char* ip, int port, struct sockaddr_storage* addr, - socklen_t* addrlen) -{ - uint16_t p; - if(!ip) return 0; - p = (uint16_t) port; - if(str_is_ip6(ip)) { - char buf[MAX_ADDR_STRLEN]; - char* s; - struct sockaddr_in6* sa = (struct sockaddr_in6*)addr; - *addrlen = (socklen_t)sizeof(struct sockaddr_in6); - memset(sa, 0, *addrlen); - sa->sin6_family = AF_INET6; - sa->sin6_port = (in_port_t)htons(p); - if((s=strchr(ip, '%'))) { /* ip6%interface, rfc 4007 */ - if(s-ip >= MAX_ADDR_STRLEN) - return 0; - (void)strlcpy(buf, ip, sizeof(buf)); - buf[s-ip]=0; - sa->sin6_scope_id = (uint32_t)atoi(s+1); - ip = buf; - } - if(inet_pton((int)sa->sin6_family, ip, &sa->sin6_addr) <= 0) { - return 0; - } - } else { /* ip4 */ - struct sockaddr_in* sa = (struct sockaddr_in*)addr; - *addrlen = (socklen_t)sizeof(struct sockaddr_in); - memset(sa, 0, *addrlen); - sa->sin_family = AF_INET; - sa->sin_port = (in_port_t)htons(p); - if(inet_pton((int)sa->sin_family, ip, &sa->sin_addr) <= 0) { - return 0; - } - } - return 1; -} - -int netblockstrtoaddr(const char* str, int port, struct sockaddr_storage* addr, - socklen_t* addrlen, int* net) -{ - char* s = NULL; - *net = (str_is_ip6(str)?128:32); - if((s=strchr(str, '/'))) { - if(atoi(s+1) > *net) { - log_err("netblock too large: %s", str); - return 0; - } - *net = atoi(s+1); - if(*net == 0 && strcmp(s+1, "0") != 0) { - log_err("cannot parse netblock: '%s'", str); - return 0; - } - if(!(s = strdup(str))) { - log_err("out of memory"); - return 0; - } - *strchr(s, '/') = '\0'; - } - if(!ipstrtoaddr(s?s:str, port, addr, addrlen)) { - free(s); - log_err("cannot parse ip address: '%s'", str); - return 0; - } - if(s) { - free(s); - addr_mask(addr, *addrlen, *net); - } - return 1; -} - -void -log_nametypeclass(enum verbosity_value v, const char* str, uint8_t* name, - uint16_t type, uint16_t dclass) -{ - char buf[LDNS_MAX_DOMAINLEN+1]; - char t[12], c[12]; - const char *ts, *cs; - if(verbosity < v) - return; - dname_str(name, buf); - if(type == LDNS_RR_TYPE_TSIG) ts = "TSIG"; - else if(type == LDNS_RR_TYPE_IXFR) ts = "IXFR"; - else if(type == LDNS_RR_TYPE_AXFR) ts = "AXFR"; - else if(type == LDNS_RR_TYPE_MAILB) ts = "MAILB"; - else if(type == LDNS_RR_TYPE_MAILA) ts = "MAILA"; - else if(type == LDNS_RR_TYPE_ANY) ts = "ANY"; - else if(sldns_rr_descript(type) && sldns_rr_descript(type)->_name) - ts = sldns_rr_descript(type)->_name; - else { - snprintf(t, sizeof(t), "TYPE%d", (int)type); - ts = t; - } - if(sldns_lookup_by_id(sldns_rr_classes, (int)dclass) && - sldns_lookup_by_id(sldns_rr_classes, (int)dclass)->name) - cs = sldns_lookup_by_id(sldns_rr_classes, (int)dclass)->name; - else { - snprintf(c, sizeof(c), "CLASS%d", (int)dclass); - cs = c; - } - log_info("%s %s %s %s", str, buf, ts, cs); -} - -void log_name_addr(enum verbosity_value v, const char* str, uint8_t* zone, - struct sockaddr_storage* addr, socklen_t addrlen) -{ - uint16_t port; - const char* family = "unknown_family "; - char namebuf[LDNS_MAX_DOMAINLEN+1]; - char dest[100]; - int af = (int)((struct sockaddr_in*)addr)->sin_family; - void* sinaddr = &((struct sockaddr_in*)addr)->sin_addr; - if(verbosity < v) - return; - switch(af) { - case AF_INET: family=""; break; - case AF_INET6: family=""; - sinaddr = &((struct sockaddr_in6*)addr)->sin6_addr; - break; - case AF_LOCAL: family="local "; break; - default: break; - } - if(inet_ntop(af, sinaddr, dest, (socklen_t)sizeof(dest)) == 0) { - (void)strlcpy(dest, "(inet_ntop error)", sizeof(dest)); - } - dest[sizeof(dest)-1] = 0; - port = ntohs(((struct sockaddr_in*)addr)->sin_port); - dname_str(zone, namebuf); - if(af != AF_INET && af != AF_INET6) - verbose(v, "%s <%s> %s%s#%d (addrlen %d)", - str, namebuf, family, dest, (int)port, (int)addrlen); - else verbose(v, "%s <%s> %s%s#%d", - str, namebuf, family, dest, (int)port); -} - -void log_err_addr(const char* str, const char* err, - struct sockaddr_storage* addr, socklen_t addrlen) -{ - uint16_t port; - char dest[100]; - int af = (int)((struct sockaddr_in*)addr)->sin_family; - void* sinaddr = &((struct sockaddr_in*)addr)->sin_addr; - if(af == AF_INET6) - sinaddr = &((struct sockaddr_in6*)addr)->sin6_addr; - if(inet_ntop(af, sinaddr, dest, (socklen_t)sizeof(dest)) == 0) { - (void)strlcpy(dest, "(inet_ntop error)", sizeof(dest)); - } - dest[sizeof(dest)-1] = 0; - port = ntohs(((struct sockaddr_in*)addr)->sin_port); - if(verbosity >= 4) - log_err("%s: %s for %s port %d (len %d)", str, err, dest, - (int)port, (int)addrlen); - else log_err("%s: %s for %s", str, err, dest); -} - -int -sockaddr_cmp(struct sockaddr_storage* addr1, socklen_t len1, - struct sockaddr_storage* addr2, socklen_t len2) -{ - struct sockaddr_in* p1_in = (struct sockaddr_in*)addr1; - struct sockaddr_in* p2_in = (struct sockaddr_in*)addr2; - struct sockaddr_in6* p1_in6 = (struct sockaddr_in6*)addr1; - struct sockaddr_in6* p2_in6 = (struct sockaddr_in6*)addr2; - if(len1 < len2) - return -1; - if(len1 > len2) - return 1; - log_assert(len1 == len2); - if( p1_in->sin_family < p2_in->sin_family) - return -1; - if( p1_in->sin_family > p2_in->sin_family) - return 1; - log_assert( p1_in->sin_family == p2_in->sin_family ); - /* compare ip4 */ - if( p1_in->sin_family == AF_INET ) { - /* just order it, ntohs not required */ - if(p1_in->sin_port < p2_in->sin_port) - return -1; - if(p1_in->sin_port > p2_in->sin_port) - return 1; - log_assert(p1_in->sin_port == p2_in->sin_port); - return memcmp(&p1_in->sin_addr, &p2_in->sin_addr, INET_SIZE); - } else if (p1_in6->sin6_family == AF_INET6) { - /* just order it, ntohs not required */ - if(p1_in6->sin6_port < p2_in6->sin6_port) - return -1; - if(p1_in6->sin6_port > p2_in6->sin6_port) - return 1; - log_assert(p1_in6->sin6_port == p2_in6->sin6_port); - return memcmp(&p1_in6->sin6_addr, &p2_in6->sin6_addr, - INET6_SIZE); - } else { - /* eek unknown type, perform this comparison for sanity. */ - return memcmp(addr1, addr2, len1); - } -} - -int -sockaddr_cmp_addr(struct sockaddr_storage* addr1, socklen_t len1, - struct sockaddr_storage* addr2, socklen_t len2) -{ - struct sockaddr_in* p1_in = (struct sockaddr_in*)addr1; - struct sockaddr_in* p2_in = (struct sockaddr_in*)addr2; - struct sockaddr_in6* p1_in6 = (struct sockaddr_in6*)addr1; - struct sockaddr_in6* p2_in6 = (struct sockaddr_in6*)addr2; - if(len1 < len2) - return -1; - if(len1 > len2) - return 1; - log_assert(len1 == len2); - if( p1_in->sin_family < p2_in->sin_family) - return -1; - if( p1_in->sin_family > p2_in->sin_family) - return 1; - log_assert( p1_in->sin_family == p2_in->sin_family ); - /* compare ip4 */ - if( p1_in->sin_family == AF_INET ) { - return memcmp(&p1_in->sin_addr, &p2_in->sin_addr, INET_SIZE); - } else if (p1_in6->sin6_family == AF_INET6) { - return memcmp(&p1_in6->sin6_addr, &p2_in6->sin6_addr, - INET6_SIZE); - } else { - /* eek unknown type, perform this comparison for sanity. */ - return memcmp(addr1, addr2, len1); - } -} - -int -addr_is_ip6(struct sockaddr_storage* addr, socklen_t len) -{ - if(len == (socklen_t)sizeof(struct sockaddr_in6) && - ((struct sockaddr_in6*)addr)->sin6_family == AF_INET6) - return 1; - else return 0; -} - -void -addr_mask(struct sockaddr_storage* addr, socklen_t len, int net) -{ - uint8_t mask[8] = {0x0, 0x80, 0xc0, 0xe0, 0xf0, 0xf8, 0xfc, 0xfe}; - int i, max; - uint8_t* s; - if(addr_is_ip6(addr, len)) { - s = (uint8_t*)&((struct sockaddr_in6*)addr)->sin6_addr; - max = 128; - } else { - s = (uint8_t*)&((struct sockaddr_in*)addr)->sin_addr; - max = 32; - } - if(net >= max) - return; - for(i=net/8+1; isin6_addr; - s2 = (uint8_t*)&((struct sockaddr_in6*)addr2)->sin6_addr; - to = 16; - } else { - s1 = (uint8_t*)&((struct sockaddr_in*)addr1)->sin_addr; - s2 = (uint8_t*)&((struct sockaddr_in*)addr2)->sin_addr; - to = 4; - } - /* match = bits_in_common(s1, s2, to); */ - for(i=0; i min) match = min; - return match; -} - -void -addr_to_str(struct sockaddr_storage* addr, socklen_t addrlen, - char* buf, size_t len) -{ - int af = (int)((struct sockaddr_in*)addr)->sin_family; - void* sinaddr = &((struct sockaddr_in*)addr)->sin_addr; - if(addr_is_ip6(addr, addrlen)) - sinaddr = &((struct sockaddr_in6*)addr)->sin6_addr; - if(inet_ntop(af, sinaddr, buf, (socklen_t)len) == 0) { - snprintf(buf, len, "(inet_ntop_error)"); - } -} - -int -addr_is_ip4mapped(struct sockaddr_storage* addr, socklen_t addrlen) -{ - /* prefix for ipv4 into ipv6 mapping is ::ffff:x.x.x.x */ - const uint8_t map_prefix[16] = - {0,0,0,0, 0,0,0,0, 0,0,0xff,0xff, 0,0,0,0}; - uint8_t* s; - if(!addr_is_ip6(addr, addrlen)) - return 0; - /* s is 16 octet ipv6 address string */ - s = (uint8_t*)&((struct sockaddr_in6*)addr)->sin6_addr; - return (memcmp(s, map_prefix, 12) == 0); -} - -int addr_is_broadcast(struct sockaddr_storage* addr, socklen_t addrlen) -{ - int af = (int)((struct sockaddr_in*)addr)->sin_family; - void* sinaddr = &((struct sockaddr_in*)addr)->sin_addr; - return af == AF_INET && addrlen>=(socklen_t)sizeof(struct sockaddr_in) - && memcmp(sinaddr, "\377\377\377\377", 4) == 0; -} - -int addr_is_any(struct sockaddr_storage* addr, socklen_t addrlen) -{ - int af = (int)((struct sockaddr_in*)addr)->sin_family; - void* sinaddr = &((struct sockaddr_in*)addr)->sin_addr; - void* sin6addr = &((struct sockaddr_in6*)addr)->sin6_addr; - if(af == AF_INET && addrlen>=(socklen_t)sizeof(struct sockaddr_in) - && memcmp(sinaddr, "\000\000\000\000", 4) == 0) - return 1; - else if(af==AF_INET6 && addrlen>=(socklen_t)sizeof(struct sockaddr_in6) - && memcmp(sin6addr, "\000\000\000\000\000\000\000\000" - "\000\000\000\000\000\000\000\000", 16) == 0) - return 1; - return 0; -} - -void sock_list_insert(struct sock_list** list, struct sockaddr_storage* addr, - socklen_t len, struct regional* region) -{ - struct sock_list* add = (struct sock_list*)regional_alloc(region, - sizeof(*add) - sizeof(add->addr) + (size_t)len); - if(!add) { - log_err("out of memory in socketlist insert"); - return; - } - log_assert(list); - add->next = *list; - add->len = len; - *list = add; - if(len) memmove(&add->addr, addr, len); -} - -void sock_list_prepend(struct sock_list** list, struct sock_list* add) -{ - struct sock_list* last = add; - if(!last) - return; - while(last->next) - last = last->next; - last->next = *list; - *list = add; -} - -int sock_list_find(struct sock_list* list, struct sockaddr_storage* addr, - socklen_t len) -{ - while(list) { - if(len == list->len) { - if(len == 0 || sockaddr_cmp_addr(addr, len, - &list->addr, list->len) == 0) - return 1; - } - list = list->next; - } - return 0; -} - -void sock_list_merge(struct sock_list** list, struct regional* region, - struct sock_list* add) -{ - struct sock_list* p; - for(p=add; p; p=p->next) { - if(!sock_list_find(*list, &p->addr, p->len)) - sock_list_insert(list, &p->addr, p->len, region); - } -} - -void -log_crypto_err(const char* str) -{ -#ifdef HAVE_SSL - /* error:[error code]:[library name]:[function name]:[reason string] */ - char buf[128]; - unsigned long e; - ERR_error_string_n(ERR_get_error(), buf, sizeof(buf)); - log_err("%s crypto %s", str, buf); - while( (e=ERR_get_error()) ) { - ERR_error_string_n(e, buf, sizeof(buf)); - log_err("and additionally crypto %s", buf); - } -#else - (void)str; -#endif /* HAVE_SSL */ -} - -void* listen_sslctx_create(char* key, char* pem, char* verifypem) -{ -#ifdef HAVE_SSL - SSL_CTX* ctx = SSL_CTX_new(SSLv23_server_method()); - if(!ctx) { - log_crypto_err("could not SSL_CTX_new"); - return NULL; - } - /* no SSLv2, SSLv3 because has defects */ - if((SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2) & SSL_OP_NO_SSLv2) - != SSL_OP_NO_SSLv2){ - log_crypto_err("could not set SSL_OP_NO_SSLv2"); - SSL_CTX_free(ctx); - return NULL; - } - if((SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv3) & SSL_OP_NO_SSLv3) - != SSL_OP_NO_SSLv3){ - log_crypto_err("could not set SSL_OP_NO_SSLv3"); - SSL_CTX_free(ctx); - return NULL; - } - if(!SSL_CTX_use_certificate_chain_file(ctx, pem)) { - log_err("error for cert file: %s", pem); - log_crypto_err("error in SSL_CTX use_certificate_chain_file"); - SSL_CTX_free(ctx); - return NULL; - } - if(!SSL_CTX_use_PrivateKey_file(ctx, key, SSL_FILETYPE_PEM)) { - log_err("error for private key file: %s", key); - log_crypto_err("Error in SSL_CTX use_PrivateKey_file"); - SSL_CTX_free(ctx); - return NULL; - } - if(!SSL_CTX_check_private_key(ctx)) { - log_err("error for key file: %s", key); - log_crypto_err("Error in SSL_CTX check_private_key"); - SSL_CTX_free(ctx); - return NULL; - } -#if HAVE_DECL_SSL_CTX_SET_ECDH_AUTO - if(!SSL_CTX_set_ecdh_auto(ctx,1)) { - log_crypto_err("Error in SSL_CTX_ecdh_auto, not enabling ECDHE"); - } -#elif defined(USE_ECDSA) - if(1) { - EC_KEY *ecdh = EC_KEY_new_by_curve_name (NID_X9_62_prime256v1); - if (!ecdh) { - log_crypto_err("could not find p256, not enabling ECDHE"); - } else { - if (1 != SSL_CTX_set_tmp_ecdh (ctx, ecdh)) { - log_crypto_err("Error in SSL_CTX_set_tmp_ecdh, not enabling ECDHE"); - } - EC_KEY_free (ecdh); - } - } -#endif - - if(verifypem && verifypem[0]) { - if(!SSL_CTX_load_verify_locations(ctx, verifypem, NULL)) { - log_crypto_err("Error in SSL_CTX verify locations"); - SSL_CTX_free(ctx); - return NULL; - } - SSL_CTX_set_client_CA_list(ctx, SSL_load_client_CA_file( - verifypem)); - SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, NULL); - } - return ctx; -#else - (void)key; (void)pem; (void)verifypem; - return NULL; -#endif -} - -void* connect_sslctx_create(char* key, char* pem, char* verifypem) -{ -#ifdef HAVE_SSL - SSL_CTX* ctx = SSL_CTX_new(SSLv23_client_method()); - if(!ctx) { - log_crypto_err("could not allocate SSL_CTX pointer"); - return NULL; - } - if((SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2) & SSL_OP_NO_SSLv2) - != SSL_OP_NO_SSLv2) { - log_crypto_err("could not set SSL_OP_NO_SSLv2"); - SSL_CTX_free(ctx); - return NULL; - } - if((SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv3) & SSL_OP_NO_SSLv3) - != SSL_OP_NO_SSLv3) { - log_crypto_err("could not set SSL_OP_NO_SSLv3"); - SSL_CTX_free(ctx); - return NULL; - } - if(key && key[0]) { - if(!SSL_CTX_use_certificate_chain_file(ctx, pem)) { - log_err("error in client certificate %s", pem); - log_crypto_err("error in certificate file"); - SSL_CTX_free(ctx); - return NULL; - } - if(!SSL_CTX_use_PrivateKey_file(ctx, key, SSL_FILETYPE_PEM)) { - log_err("error in client private key %s", key); - log_crypto_err("error in key file"); - SSL_CTX_free(ctx); - return NULL; - } - if(!SSL_CTX_check_private_key(ctx)) { - log_err("error in client key %s", key); - log_crypto_err("error in SSL_CTX_check_private_key"); - SSL_CTX_free(ctx); - return NULL; - } - } - if(verifypem && verifypem[0]) { - if(!SSL_CTX_load_verify_locations(ctx, verifypem, NULL)) { - log_crypto_err("error in SSL_CTX verify"); - SSL_CTX_free(ctx); - return NULL; - } - SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, NULL); - } - return ctx; -#else - (void)key; (void)pem; (void)verifypem; - return NULL; -#endif -} - -void* incoming_ssl_fd(void* sslctx, int fd) -{ -#ifdef HAVE_SSL - SSL* ssl = SSL_new((SSL_CTX*)sslctx); - if(!ssl) { - log_crypto_err("could not SSL_new"); - return NULL; - } - SSL_set_accept_state(ssl); - (void)SSL_set_mode(ssl, SSL_MODE_AUTO_RETRY); - if(!SSL_set_fd(ssl, fd)) { - log_crypto_err("could not SSL_set_fd"); - SSL_free(ssl); - return NULL; - } - return ssl; -#else - (void)sslctx; (void)fd; - return NULL; -#endif -} - -void* outgoing_ssl_fd(void* sslctx, int fd) -{ -#ifdef HAVE_SSL - SSL* ssl = SSL_new((SSL_CTX*)sslctx); - if(!ssl) { - log_crypto_err("could not SSL_new"); - return NULL; - } - SSL_set_connect_state(ssl); - (void)SSL_set_mode(ssl, SSL_MODE_AUTO_RETRY); - if(!SSL_set_fd(ssl, fd)) { - log_crypto_err("could not SSL_set_fd"); - SSL_free(ssl); - return NULL; - } - return ssl; -#else - (void)sslctx; (void)fd; - return NULL; -#endif -} - -#if defined(HAVE_SSL) && defined(OPENSSL_THREADS) && !defined(THREADS_DISABLED) && defined(CRYPTO_LOCK) && OPENSSL_VERSION_NUMBER < 0x10100000L -/** global lock list for openssl locks */ -static lock_basic_type *ub_openssl_locks = NULL; - -/** callback that gets thread id for openssl */ -static unsigned long -ub_crypto_id_cb(void) -{ - return (unsigned long)log_thread_get(); -} - -static void -ub_crypto_lock_cb(int mode, int type, const char *ATTR_UNUSED(file), - int ATTR_UNUSED(line)) -{ - if((mode&CRYPTO_LOCK)) { - lock_basic_lock(&ub_openssl_locks[type]); - } else { - lock_basic_unlock(&ub_openssl_locks[type]); - } -} -#endif /* OPENSSL_THREADS */ - -int ub_openssl_lock_init(void) -{ -#if defined(HAVE_SSL) && defined(OPENSSL_THREADS) && !defined(THREADS_DISABLED) && defined(CRYPTO_LOCK) && OPENSSL_VERSION_NUMBER < 0x10100000L - int i; - ub_openssl_locks = (lock_basic_type*)reallocarray( - NULL, (size_t)CRYPTO_num_locks(), sizeof(lock_basic_type)); - if(!ub_openssl_locks) - return 0; - for(i=0; i -#endif -#ifdef HAVE_OPENSSL_ERR_H -#include -#endif - -/* -------- Start of local definitions -------- */ -/** if CMSG_ALIGN is not defined on this platform, a workaround */ -#ifndef CMSG_ALIGN -# ifdef __CMSG_ALIGN -# define CMSG_ALIGN(n) __CMSG_ALIGN(n) -# elif defined(CMSG_DATA_ALIGN) -# define CMSG_ALIGN _CMSG_DATA_ALIGN -# else -# define CMSG_ALIGN(len) (((len)+sizeof(long)-1) & ~(sizeof(long)-1)) -# endif -#endif - -/** if CMSG_LEN is not defined on this platform, a workaround */ -#ifndef CMSG_LEN -# define CMSG_LEN(len) (CMSG_ALIGN(sizeof(struct cmsghdr))+(len)) -#endif - -/** if CMSG_SPACE is not defined on this platform, a workaround */ -#ifndef CMSG_SPACE -# ifdef _CMSG_HDR_ALIGN -# define CMSG_SPACE(l) (CMSG_ALIGN(l)+_CMSG_HDR_ALIGN(sizeof(struct cmsghdr))) -# else -# define CMSG_SPACE(l) (CMSG_ALIGN(l)+CMSG_ALIGN(sizeof(struct cmsghdr))) -# endif -#endif - -/** The TCP reading or writing query timeout in milliseconds */ -#define TCP_QUERY_TIMEOUT 120000 -/** The TCP timeout in msec for fast queries, above half are used */ -#define TCP_QUERY_TIMEOUT_FAST 200 - -#ifndef NONBLOCKING_IS_BROKEN -/** number of UDP reads to perform per read indication from select */ -#define NUM_UDP_PER_SELECT 100 -#else -#define NUM_UDP_PER_SELECT 1 -#endif - -/** - * The internal event structure for keeping ub_event info for the event. - * Possibly other structures (list, tree) this is part of. - */ -struct internal_event { - /** the comm base */ - struct comm_base* base; - /** ub_event event type */ - struct ub_event* ev; -}; - -/** - * Internal base structure, so that every thread has its own events. - */ -struct internal_base { - /** ub_event event_base type. */ - struct ub_event_base* base; - /** seconds time pointer points here */ - time_t secs; - /** timeval with current time */ - struct timeval now; - /** the event used for slow_accept timeouts */ - struct ub_event* slow_accept; - /** true if slow_accept is enabled */ - int slow_accept_enabled; -}; - -/** - * Internal timer structure, to store timer event in. - */ -struct internal_timer { - /** the super struct from which derived */ - struct comm_timer super; - /** the comm base */ - struct comm_base* base; - /** ub_event event type */ - struct ub_event* ev; - /** is timer enabled */ - uint8_t enabled; -}; - -/** - * Internal signal structure, to store signal event in. - */ -struct internal_signal { - /** ub_event event type */ - struct ub_event* ev; - /** next in signal list */ - struct internal_signal* next; -}; - -/** create a tcp handler with a parent */ -static struct comm_point* comm_point_create_tcp_handler( - struct comm_base *base, struct comm_point* parent, size_t bufsize, - comm_point_callback_type* callback, void* callback_arg); - -/* -------- End of local definitions -------- */ - -struct comm_base* -comm_base_create(int sigs) -{ - struct comm_base* b = (struct comm_base*)calloc(1, - sizeof(struct comm_base)); - const char *evnm="event", *evsys="", *evmethod=""; - - if(!b) - return NULL; - b->eb = (struct internal_base*)calloc(1, sizeof(struct internal_base)); - if(!b->eb) { - free(b); - return NULL; - } - b->eb->base = ub_default_event_base(sigs, &b->eb->secs, &b->eb->now); - if(!b->eb->base) { - free(b->eb); - free(b); - return NULL; - } - ub_comm_base_now(b); - ub_get_event_sys(b->eb->base, &evnm, &evsys, &evmethod); - verbose(VERB_ALGO, "%s %s user %s method.", evnm, evsys, evmethod); - return b; -} - -struct comm_base* -comm_base_create_event(struct ub_event_base* base) -{ - struct comm_base* b = (struct comm_base*)calloc(1, - sizeof(struct comm_base)); - if(!b) - return NULL; - b->eb = (struct internal_base*)calloc(1, sizeof(struct internal_base)); - if(!b->eb) { - free(b); - return NULL; - } - b->eb->base = base; - ub_comm_base_now(b); - return b; -} - -void -comm_base_delete(struct comm_base* b) -{ - if(!b) - return; - if(b->eb->slow_accept_enabled) { - if(ub_event_del(b->eb->slow_accept) != 0) { - log_err("could not event_del slow_accept"); - } - ub_event_free(b->eb->slow_accept); - } - ub_event_base_free(b->eb->base); - b->eb->base = NULL; - free(b->eb); - free(b); -} - -void -comm_base_delete_no_base(struct comm_base* b) -{ - if(!b) - return; - if(b->eb->slow_accept_enabled) { - if(ub_event_del(b->eb->slow_accept) != 0) { - log_err("could not event_del slow_accept"); - } - ub_event_free(b->eb->slow_accept); - } - b->eb->base = NULL; - free(b->eb); - free(b); -} - -void -comm_base_timept(struct comm_base* b, time_t** tt, struct timeval** tv) -{ - *tt = &b->eb->secs; - *tv = &b->eb->now; -} - -void -comm_base_dispatch(struct comm_base* b) -{ - int retval; - retval = ub_event_base_dispatch(b->eb->base); - if(retval < 0) { - fatal_exit("event_dispatch returned error %d, " - "errno is %s", retval, strerror(errno)); - } -} - -void comm_base_exit(struct comm_base* b) -{ - if(ub_event_base_loopexit(b->eb->base) != 0) { - log_err("Could not loopexit"); - } -} - -void comm_base_set_slow_accept_handlers(struct comm_base* b, - void (*stop_acc)(void*), void (*start_acc)(void*), void* arg) -{ - b->stop_accept = stop_acc; - b->start_accept = start_acc; - b->cb_arg = arg; -} - -struct ub_event_base* comm_base_internal(struct comm_base* b) -{ - return b->eb->base; -} - -/** see if errno for udp has to be logged or not uses globals */ -static int -udp_send_errno_needs_log(struct sockaddr* addr, socklen_t addrlen) -{ - /* do not log transient errors (unless high verbosity) */ -#if defined(ENETUNREACH) || defined(EHOSTDOWN) || defined(EHOSTUNREACH) || defined(ENETDOWN) - switch(errno) { -# ifdef ENETUNREACH - case ENETUNREACH: -# endif -# ifdef EHOSTDOWN - case EHOSTDOWN: -# endif -# ifdef EHOSTUNREACH - case EHOSTUNREACH: -# endif -# ifdef ENETDOWN - case ENETDOWN: -# endif - if(verbosity < VERB_ALGO) - return 0; - default: - break; - } -#endif - /* permission denied is gotten for every send if the - * network is disconnected (on some OS), squelch it */ - if( ((errno == EPERM) -# ifdef EADDRNOTAVAIL - /* 'Cannot assign requested address' also when disconnected */ - || (errno == EADDRNOTAVAIL) -# endif - ) && verbosity < VERB_DETAIL) - return 0; - /* squelch errors where people deploy AAAA ::ffff:bla for - * authority servers, which we try for intranets. */ - if(errno == EINVAL && addr_is_ip4mapped( - (struct sockaddr_storage*)addr, addrlen) && - verbosity < VERB_DETAIL) - return 0; - /* SO_BROADCAST sockopt can give access to 255.255.255.255, - * but a dns cache does not need it. */ - if(errno == EACCES && addr_is_broadcast( - (struct sockaddr_storage*)addr, addrlen) && - verbosity < VERB_DETAIL) - return 0; - return 1; -} - -int tcp_connect_errno_needs_log(struct sockaddr* addr, socklen_t addrlen) -{ - return udp_send_errno_needs_log(addr, addrlen); -} - -/* send a UDP reply */ -int -comm_point_send_udp_msg(struct comm_point *c, sldns_buffer* packet, - struct sockaddr* addr, socklen_t addrlen) -{ - ssize_t sent; - log_assert(c->fd != -1); -#ifdef UNBOUND_DEBUG - if(sldns_buffer_remaining(packet) == 0) - log_err("error: send empty UDP packet"); -#endif - log_assert(addr && addrlen > 0); - sent = sendto(c->fd, (void*)sldns_buffer_begin(packet), - sldns_buffer_remaining(packet), 0, - addr, addrlen); - if(sent == -1) { - /* try again and block, waiting for IO to complete, - * we want to send the answer, and we will wait for - * the ethernet interface buffer to have space. */ -#ifndef USE_WINSOCK - if(errno == EAGAIN || -# ifdef EWOULDBLOCK - errno == EWOULDBLOCK || -# endif - errno == ENOBUFS) { -#else - if(WSAGetLastError() == WSAEINPROGRESS || - WSAGetLastError() == WSAENOBUFS || - WSAGetLastError() == WSAEWOULDBLOCK) { -#endif - int e; - fd_set_block(c->fd); - sent = sendto(c->fd, (void*)sldns_buffer_begin(packet), - sldns_buffer_remaining(packet), 0, - addr, addrlen); - e = errno; - fd_set_nonblock(c->fd); - errno = e; - } - } - if(sent == -1) { - if(!udp_send_errno_needs_log(addr, addrlen)) - return 0; -#ifndef USE_WINSOCK - verbose(VERB_OPS, "sendto failed: %s", strerror(errno)); -#else - verbose(VERB_OPS, "sendto failed: %s", - wsa_strerror(WSAGetLastError())); -#endif - log_addr(VERB_OPS, "remote address is", - (struct sockaddr_storage*)addr, addrlen); - return 0; - } else if((size_t)sent != sldns_buffer_remaining(packet)) { - log_err("sent %d in place of %d bytes", - (int)sent, (int)sldns_buffer_remaining(packet)); - return 0; - } - return 1; -} - -#if defined(AF_INET6) && defined(IPV6_PKTINFO) && (defined(HAVE_RECVMSG) || defined(HAVE_SENDMSG)) -/** print debug ancillary info */ -static void p_ancil(const char* str, struct comm_reply* r) -{ - if(r->srctype != 4 && r->srctype != 6) { - log_info("%s: unknown srctype %d", str, r->srctype); - return; - } - if(r->srctype == 6) { - char buf[1024]; - if(inet_ntop(AF_INET6, &r->pktinfo.v6info.ipi6_addr, - buf, (socklen_t)sizeof(buf)) == 0) { - (void)strlcpy(buf, "(inet_ntop error)", sizeof(buf)); - } - buf[sizeof(buf)-1]=0; - log_info("%s: %s %d", str, buf, r->pktinfo.v6info.ipi6_ifindex); - } else if(r->srctype == 4) { -#ifdef IP_PKTINFO - char buf1[1024], buf2[1024]; - if(inet_ntop(AF_INET, &r->pktinfo.v4info.ipi_addr, - buf1, (socklen_t)sizeof(buf1)) == 0) { - (void)strlcpy(buf1, "(inet_ntop error)", sizeof(buf1)); - } - buf1[sizeof(buf1)-1]=0; -#ifdef HAVE_STRUCT_IN_PKTINFO_IPI_SPEC_DST - if(inet_ntop(AF_INET, &r->pktinfo.v4info.ipi_spec_dst, - buf2, (socklen_t)sizeof(buf2)) == 0) { - (void)strlcpy(buf2, "(inet_ntop error)", sizeof(buf2)); - } - buf2[sizeof(buf2)-1]=0; -#else - buf2[0]=0; -#endif - log_info("%s: %d %s %s", str, r->pktinfo.v4info.ipi_ifindex, - buf1, buf2); -#elif defined(IP_RECVDSTADDR) - char buf1[1024]; - if(inet_ntop(AF_INET, &r->pktinfo.v4addr, - buf1, (socklen_t)sizeof(buf1)) == 0) { - (void)strlcpy(buf1, "(inet_ntop error)", sizeof(buf1)); - } - buf1[sizeof(buf1)-1]=0; - log_info("%s: %s", str, buf1); -#endif /* IP_PKTINFO or PI_RECVDSTDADDR */ - } -} -#endif /* AF_INET6 && IPV6_PKTINFO && HAVE_RECVMSG||HAVE_SENDMSG */ - -/** send a UDP reply over specified interface*/ -static int -comm_point_send_udp_msg_if(struct comm_point *c, sldns_buffer* packet, - struct sockaddr* addr, socklen_t addrlen, struct comm_reply* r) -{ -#if defined(AF_INET6) && defined(IPV6_PKTINFO) && defined(HAVE_SENDMSG) - ssize_t sent; - struct msghdr msg; - struct iovec iov[1]; - char control[256]; -#ifndef S_SPLINT_S - struct cmsghdr *cmsg; -#endif /* S_SPLINT_S */ - - log_assert(c->fd != -1); -#ifdef UNBOUND_DEBUG - if(sldns_buffer_remaining(packet) == 0) - log_err("error: send empty UDP packet"); -#endif - log_assert(addr && addrlen > 0); - - msg.msg_name = addr; - msg.msg_namelen = addrlen; - iov[0].iov_base = sldns_buffer_begin(packet); - iov[0].iov_len = sldns_buffer_remaining(packet); - msg.msg_iov = iov; - msg.msg_iovlen = 1; - msg.msg_control = control; -#ifndef S_SPLINT_S - msg.msg_controllen = sizeof(control); -#endif /* S_SPLINT_S */ - msg.msg_flags = 0; - -#ifndef S_SPLINT_S - cmsg = CMSG_FIRSTHDR(&msg); - if(r->srctype == 4) { -#ifdef IP_PKTINFO - void* cmsg_data; - msg.msg_controllen = CMSG_SPACE(sizeof(struct in_pktinfo)); - log_assert(msg.msg_controllen <= sizeof(control)); - cmsg->cmsg_level = IPPROTO_IP; - cmsg->cmsg_type = IP_PKTINFO; - memmove(CMSG_DATA(cmsg), &r->pktinfo.v4info, - sizeof(struct in_pktinfo)); - /* unset the ifindex to not bypass the routing tables */ - cmsg_data = CMSG_DATA(cmsg); - ((struct in_pktinfo *) cmsg_data)->ipi_ifindex = 0; - cmsg->cmsg_len = CMSG_LEN(sizeof(struct in_pktinfo)); -#elif defined(IP_SENDSRCADDR) - msg.msg_controllen = CMSG_SPACE(sizeof(struct in_addr)); - log_assert(msg.msg_controllen <= sizeof(control)); - cmsg->cmsg_level = IPPROTO_IP; - cmsg->cmsg_type = IP_SENDSRCADDR; - memmove(CMSG_DATA(cmsg), &r->pktinfo.v4addr, - sizeof(struct in_addr)); - cmsg->cmsg_len = CMSG_LEN(sizeof(struct in_addr)); -#else - verbose(VERB_ALGO, "no IP_PKTINFO or IP_SENDSRCADDR"); - msg.msg_control = NULL; -#endif /* IP_PKTINFO or IP_SENDSRCADDR */ - } else if(r->srctype == 6) { - void* cmsg_data; - msg.msg_controllen = CMSG_SPACE(sizeof(struct in6_pktinfo)); - log_assert(msg.msg_controllen <= sizeof(control)); - cmsg->cmsg_level = IPPROTO_IPV6; - cmsg->cmsg_type = IPV6_PKTINFO; - memmove(CMSG_DATA(cmsg), &r->pktinfo.v6info, - sizeof(struct in6_pktinfo)); - /* unset the ifindex to not bypass the routing tables */ - cmsg_data = CMSG_DATA(cmsg); - ((struct in6_pktinfo *) cmsg_data)->ipi6_ifindex = 0; - cmsg->cmsg_len = CMSG_LEN(sizeof(struct in6_pktinfo)); - } else { - /* try to pass all 0 to use default route */ - msg.msg_controllen = CMSG_SPACE(sizeof(struct in6_pktinfo)); - log_assert(msg.msg_controllen <= sizeof(control)); - cmsg->cmsg_level = IPPROTO_IPV6; - cmsg->cmsg_type = IPV6_PKTINFO; - memset(CMSG_DATA(cmsg), 0, sizeof(struct in6_pktinfo)); - cmsg->cmsg_len = CMSG_LEN(sizeof(struct in6_pktinfo)); - } -#endif /* S_SPLINT_S */ - if(verbosity >= VERB_ALGO) - p_ancil("send_udp over interface", r); - sent = sendmsg(c->fd, &msg, 0); - if(sent == -1) { - /* try again and block, waiting for IO to complete, - * we want to send the answer, and we will wait for - * the ethernet interface buffer to have space. */ -#ifndef USE_WINSOCK - if(errno == EAGAIN || -# ifdef EWOULDBLOCK - errno == EWOULDBLOCK || -# endif - errno == ENOBUFS) { -#else - if(WSAGetLastError() == WSAEINPROGRESS || - WSAGetLastError() == WSAENOBUFS || - WSAGetLastError() == WSAEWOULDBLOCK) { -#endif - int e; - fd_set_block(c->fd); - sent = sendmsg(c->fd, &msg, 0); - e = errno; - fd_set_nonblock(c->fd); - errno = e; - } - } - if(sent == -1) { - if(!udp_send_errno_needs_log(addr, addrlen)) - return 0; - verbose(VERB_OPS, "sendmsg failed: %s", strerror(errno)); - log_addr(VERB_OPS, "remote address is", - (struct sockaddr_storage*)addr, addrlen); -#ifdef __NetBSD__ - /* netbsd 7 has IP_PKTINFO for recv but not send */ - if(errno == EINVAL && r->srctype == 4) - log_err("sendmsg: No support for sendmsg(IP_PKTINFO). " - "Please disable interface-automatic"); -#endif - return 0; - } else if((size_t)sent != sldns_buffer_remaining(packet)) { - log_err("sent %d in place of %d bytes", - (int)sent, (int)sldns_buffer_remaining(packet)); - return 0; - } - return 1; -#else - (void)c; - (void)packet; - (void)addr; - (void)addrlen; - (void)r; - log_err("sendmsg: IPV6_PKTINFO not supported"); - return 0; -#endif /* AF_INET6 && IPV6_PKTINFO && HAVE_SENDMSG */ -} - -void -comm_point_udp_ancil_callback(int fd, short event, void* arg) -{ -#if defined(AF_INET6) && defined(IPV6_PKTINFO) && defined(HAVE_RECVMSG) - struct comm_reply rep; - struct msghdr msg; - struct iovec iov[1]; - ssize_t rcv; - char ancil[256]; - int i; -#ifndef S_SPLINT_S - struct cmsghdr* cmsg; -#endif /* S_SPLINT_S */ - - rep.c = (struct comm_point*)arg; - log_assert(rep.c->type == comm_udp); - - if(!(event&UB_EV_READ)) - return; - log_assert(rep.c && rep.c->buffer && rep.c->fd == fd); - ub_comm_base_now(rep.c->ev->base); - for(i=0; ibuffer); - rep.addrlen = (socklen_t)sizeof(rep.addr); - log_assert(fd != -1); - log_assert(sldns_buffer_remaining(rep.c->buffer) > 0); - msg.msg_name = &rep.addr; - msg.msg_namelen = (socklen_t)sizeof(rep.addr); - iov[0].iov_base = sldns_buffer_begin(rep.c->buffer); - iov[0].iov_len = sldns_buffer_remaining(rep.c->buffer); - msg.msg_iov = iov; - msg.msg_iovlen = 1; - msg.msg_control = ancil; -#ifndef S_SPLINT_S - msg.msg_controllen = sizeof(ancil); -#endif /* S_SPLINT_S */ - msg.msg_flags = 0; - rcv = recvmsg(fd, &msg, 0); - if(rcv == -1) { - if(errno != EAGAIN && errno != EINTR) { - log_err("recvmsg failed: %s", strerror(errno)); - } - return; - } - rep.addrlen = msg.msg_namelen; - sldns_buffer_skip(rep.c->buffer, rcv); - sldns_buffer_flip(rep.c->buffer); - rep.srctype = 0; -#ifndef S_SPLINT_S - for(cmsg = CMSG_FIRSTHDR(&msg); cmsg != NULL; - cmsg = CMSG_NXTHDR(&msg, cmsg)) { - if( cmsg->cmsg_level == IPPROTO_IPV6 && - cmsg->cmsg_type == IPV6_PKTINFO) { - rep.srctype = 6; - memmove(&rep.pktinfo.v6info, CMSG_DATA(cmsg), - sizeof(struct in6_pktinfo)); - break; -#ifdef IP_PKTINFO - } else if( cmsg->cmsg_level == IPPROTO_IP && - cmsg->cmsg_type == IP_PKTINFO) { - rep.srctype = 4; - memmove(&rep.pktinfo.v4info, CMSG_DATA(cmsg), - sizeof(struct in_pktinfo)); - break; -#elif defined(IP_RECVDSTADDR) - } else if( cmsg->cmsg_level == IPPROTO_IP && - cmsg->cmsg_type == IP_RECVDSTADDR) { - rep.srctype = 4; - memmove(&rep.pktinfo.v4addr, CMSG_DATA(cmsg), - sizeof(struct in_addr)); - break; -#endif /* IP_PKTINFO or IP_RECVDSTADDR */ - } - } - if(verbosity >= VERB_ALGO) - p_ancil("receive_udp on interface", &rep); -#endif /* S_SPLINT_S */ - fptr_ok(fptr_whitelist_comm_point(rep.c->callback)); - if((*rep.c->callback)(rep.c, rep.c->cb_arg, NETEVENT_NOERROR, &rep)) { - /* send back immediate reply */ - (void)comm_point_send_udp_msg_if(rep.c, rep.c->buffer, - (struct sockaddr*)&rep.addr, rep.addrlen, &rep); - } - if(rep.c->fd == -1) /* commpoint closed */ - break; - } -#else - (void)fd; - (void)event; - (void)arg; - fatal_exit("recvmsg: No support for IPV6_PKTINFO; IP_PKTINFO or IP_RECVDSTADDR. " - "Please disable interface-automatic"); -#endif /* AF_INET6 && IPV6_PKTINFO && HAVE_RECVMSG */ -} - -void -comm_point_udp_callback(int fd, short event, void* arg) -{ - struct comm_reply rep; - ssize_t rcv; - int i; - struct sldns_buffer *buffer; - - rep.c = (struct comm_point*)arg; - log_assert(rep.c->type == comm_udp); - - if(!(event&UB_EV_READ)) - return; - log_assert(rep.c && rep.c->buffer && rep.c->fd == fd); - ub_comm_base_now(rep.c->ev->base); - for(i=0; ibuffer); - rep.addrlen = (socklen_t)sizeof(rep.addr); - log_assert(fd != -1); - log_assert(sldns_buffer_remaining(rep.c->buffer) > 0); - rcv = recvfrom(fd, (void*)sldns_buffer_begin(rep.c->buffer), - sldns_buffer_remaining(rep.c->buffer), 0, - (struct sockaddr*)&rep.addr, &rep.addrlen); - if(rcv == -1) { -#ifndef USE_WINSOCK - if(errno != EAGAIN && errno != EINTR) - log_err("recvfrom %d failed: %s", - fd, strerror(errno)); -#else - if(WSAGetLastError() != WSAEINPROGRESS && - WSAGetLastError() != WSAECONNRESET && - WSAGetLastError()!= WSAEWOULDBLOCK) - log_err("recvfrom failed: %s", - wsa_strerror(WSAGetLastError())); -#endif - return; - } - sldns_buffer_skip(rep.c->buffer, rcv); - sldns_buffer_flip(rep.c->buffer); - rep.srctype = 0; - fptr_ok(fptr_whitelist_comm_point(rep.c->callback)); - if((*rep.c->callback)(rep.c, rep.c->cb_arg, NETEVENT_NOERROR, &rep)) { - /* send back immediate reply */ -#ifdef USE_DNSCRYPT - buffer = rep.c->dnscrypt_buffer; -#else - buffer = rep.c->buffer; -#endif - (void)comm_point_send_udp_msg(rep.c, buffer, - (struct sockaddr*)&rep.addr, rep.addrlen); - } - if(rep.c->fd != fd) /* commpoint closed to -1 or reused for - another UDP port. Note rep.c cannot be reused with TCP fd. */ - break; - } -} - -/** Use a new tcp handler for new query fd, set to read query */ -static void -setup_tcp_handler(struct comm_point* c, int fd, int cur, int max) -{ - log_assert(c->type == comm_tcp); - log_assert(c->fd == -1); - sldns_buffer_clear(c->buffer); -#ifdef USE_DNSCRYPT - if (c->dnscrypt) - sldns_buffer_clear(c->dnscrypt_buffer); -#endif - c->tcp_is_reading = 1; - c->tcp_byte_count = 0; - c->tcp_timeout_msec = TCP_QUERY_TIMEOUT; - /* if more than half the tcp handlers are in use, use a shorter - * timeout for this TCP connection, we need to make space for - * other connections to be able to get attention */ - if(cur > max/2) - c->tcp_timeout_msec = TCP_QUERY_TIMEOUT_FAST; - comm_point_start_listening(c, fd, c->tcp_timeout_msec); -} - -void comm_base_handle_slow_accept(int ATTR_UNUSED(fd), - short ATTR_UNUSED(event), void* arg) -{ - struct comm_base* b = (struct comm_base*)arg; - /* timeout for the slow accept, re-enable accepts again */ - if(b->start_accept) { - verbose(VERB_ALGO, "wait is over, slow accept disabled"); - fptr_ok(fptr_whitelist_start_accept(b->start_accept)); - (*b->start_accept)(b->cb_arg); - b->eb->slow_accept_enabled = 0; - } -} - -int comm_point_perform_accept(struct comm_point* c, - struct sockaddr_storage* addr, socklen_t* addrlen) -{ - int new_fd; - *addrlen = (socklen_t)sizeof(*addr); - new_fd = accept(c->fd, (struct sockaddr*)addr, addrlen); - if(new_fd == -1) { -#ifndef USE_WINSOCK - /* EINTR is signal interrupt. others are closed connection. */ - if( errno == EINTR || errno == EAGAIN -#ifdef EWOULDBLOCK - || errno == EWOULDBLOCK -#endif -#ifdef ECONNABORTED - || errno == ECONNABORTED -#endif -#ifdef EPROTO - || errno == EPROTO -#endif /* EPROTO */ - ) - return -1; -#if defined(ENFILE) && defined(EMFILE) - if(errno == ENFILE || errno == EMFILE) { - /* out of file descriptors, likely outside of our - * control. stop accept() calls for some time */ - if(c->ev->base->stop_accept) { - struct comm_base* b = c->ev->base; - struct timeval tv; - verbose(VERB_ALGO, "out of file descriptors: " - "slow accept"); - b->eb->slow_accept_enabled = 1; - fptr_ok(fptr_whitelist_stop_accept( - b->stop_accept)); - (*b->stop_accept)(b->cb_arg); - /* set timeout, no mallocs */ - tv.tv_sec = NETEVENT_SLOW_ACCEPT_TIME/1000; - tv.tv_usec = (NETEVENT_SLOW_ACCEPT_TIME%1000)*1000; - b->eb->slow_accept = ub_event_new(b->eb->base, - -1, UB_EV_TIMEOUT, - comm_base_handle_slow_accept, b); - if(b->eb->slow_accept == NULL) { - /* we do not want to log here, because - * that would spam the logfiles. - * error: "event_base_set failed." */ - } - else if(ub_event_add(b->eb->slow_accept, &tv) - != 0) { - /* we do not want to log here, - * error: "event_add failed." */ - } - } - return -1; - } -#endif - log_err_addr("accept failed", strerror(errno), addr, *addrlen); -#else /* USE_WINSOCK */ - if(WSAGetLastError() == WSAEINPROGRESS || - WSAGetLastError() == WSAECONNRESET) - return -1; - if(WSAGetLastError() == WSAEWOULDBLOCK) { - ub_winsock_tcp_wouldblock(c->ev->ev, UB_EV_READ); - return -1; - } - log_err_addr("accept failed", wsa_strerror(WSAGetLastError()), - addr, *addrlen); -#endif - return -1; - } - fd_set_nonblock(new_fd); - return new_fd; -} - -#ifdef USE_WINSOCK -static long win_bio_cb(BIO *b, int oper, const char* ATTR_UNUSED(argp), - int ATTR_UNUSED(argi), long argl, long retvalue) -{ - verbose(VERB_ALGO, "bio_cb %d, %s %s %s", oper, - (oper&BIO_CB_RETURN)?"return":"before", - (oper&BIO_CB_READ)?"read":((oper&BIO_CB_WRITE)?"write":"other"), - WSAGetLastError()==WSAEWOULDBLOCK?"wsawb":""); - /* on windows, check if previous operation caused EWOULDBLOCK */ - if( (oper == (BIO_CB_READ|BIO_CB_RETURN) && argl == 0) || - (oper == (BIO_CB_GETS|BIO_CB_RETURN) && argl == 0)) { - if(WSAGetLastError() == WSAEWOULDBLOCK) - ub_winsock_tcp_wouldblock((struct ub_event*) - BIO_get_callback_arg(b), UB_EV_READ); - } - if( (oper == (BIO_CB_WRITE|BIO_CB_RETURN) && argl == 0) || - (oper == (BIO_CB_PUTS|BIO_CB_RETURN) && argl == 0)) { - if(WSAGetLastError() == WSAEWOULDBLOCK) - ub_winsock_tcp_wouldblock((struct ub_event*) - BIO_get_callback_arg(b), UB_EV_WRITE); - } - /* return original return value */ - return retvalue; -} - -/** set win bio callbacks for nonblocking operations */ -void -comm_point_tcp_win_bio_cb(struct comm_point* c, void* thessl) -{ - SSL* ssl = (SSL*)thessl; - /* set them both just in case, but usually they are the same BIO */ - BIO_set_callback(SSL_get_rbio(ssl), &win_bio_cb); - BIO_set_callback_arg(SSL_get_rbio(ssl), (char*)c->ev->ev); - BIO_set_callback(SSL_get_wbio(ssl), &win_bio_cb); - BIO_set_callback_arg(SSL_get_wbio(ssl), (char*)c->ev->ev); -} -#endif - -void -comm_point_tcp_accept_callback(int fd, short event, void* arg) -{ - struct comm_point* c = (struct comm_point*)arg, *c_hdl; - int new_fd; - log_assert(c->type == comm_tcp_accept); - if(!(event & UB_EV_READ)) { - log_info("ignoring tcp accept event %d", (int)event); - return; - } - ub_comm_base_now(c->ev->base); - /* find free tcp handler. */ - if(!c->tcp_free) { - log_warn("accepted too many tcp, connections full"); - return; - } - /* accept incoming connection. */ - c_hdl = c->tcp_free; - log_assert(fd != -1); - (void)fd; - new_fd = comm_point_perform_accept(c, &c_hdl->repinfo.addr, - &c_hdl->repinfo.addrlen); - if(new_fd == -1) - return; - if(c->ssl) { - c_hdl->ssl = incoming_ssl_fd(c->ssl, new_fd); - if(!c_hdl->ssl) { - c_hdl->fd = new_fd; - comm_point_close(c_hdl); - return; - } - c_hdl->ssl_shake_state = comm_ssl_shake_read; -#ifdef USE_WINSOCK - comm_point_tcp_win_bio_cb(c_hdl, c_hdl->ssl); -#endif - } - - /* grab the tcp handler buffers */ - c->cur_tcp_count++; - c->tcp_free = c_hdl->tcp_free; - if(!c->tcp_free) { - /* stop accepting incoming queries for now. */ - comm_point_stop_listening(c); - } - setup_tcp_handler(c_hdl, new_fd, c->cur_tcp_count, c->max_tcp_count); -} - -/** Make tcp handler free for next assignment */ -static void -reclaim_tcp_handler(struct comm_point* c) -{ - log_assert(c->type == comm_tcp); - if(c->ssl) { -#ifdef HAVE_SSL - SSL_shutdown(c->ssl); - SSL_free(c->ssl); - c->ssl = NULL; -#endif - } - comm_point_close(c); - if(c->tcp_parent) { - c->tcp_parent->cur_tcp_count--; - c->tcp_free = c->tcp_parent->tcp_free; - c->tcp_parent->tcp_free = c; - if(!c->tcp_free) { - /* re-enable listening on accept socket */ - comm_point_start_listening(c->tcp_parent, -1, -1); - } - } -} - -/** do the callback when writing is done */ -static void -tcp_callback_writer(struct comm_point* c) -{ - log_assert(c->type == comm_tcp); - sldns_buffer_clear(c->buffer); - if(c->tcp_do_toggle_rw) - c->tcp_is_reading = 1; - c->tcp_byte_count = 0; - /* switch from listening(write) to listening(read) */ - comm_point_stop_listening(c); - comm_point_start_listening(c, -1, -1); -} - -/** do the callback when reading is done */ -static void -tcp_callback_reader(struct comm_point* c) -{ - log_assert(c->type == comm_tcp || c->type == comm_local); - sldns_buffer_flip(c->buffer); - if(c->tcp_do_toggle_rw) - c->tcp_is_reading = 0; - c->tcp_byte_count = 0; - if(c->type == comm_tcp) - comm_point_stop_listening(c); - fptr_ok(fptr_whitelist_comm_point(c->callback)); - if( (*c->callback)(c, c->cb_arg, NETEVENT_NOERROR, &c->repinfo) ) { - comm_point_start_listening(c, -1, c->tcp_timeout_msec); - } -} - -/** continue ssl handshake */ -#ifdef HAVE_SSL -static int -ssl_handshake(struct comm_point* c) -{ - int r; - if(c->ssl_shake_state == comm_ssl_shake_hs_read) { - /* read condition satisfied back to writing */ - comm_point_listen_for_rw(c, 1, 1); - c->ssl_shake_state = comm_ssl_shake_none; - return 1; - } - if(c->ssl_shake_state == comm_ssl_shake_hs_write) { - /* write condition satisfied, back to reading */ - comm_point_listen_for_rw(c, 1, 0); - c->ssl_shake_state = comm_ssl_shake_none; - return 1; - } - - ERR_clear_error(); - r = SSL_do_handshake(c->ssl); - if(r != 1) { - int want = SSL_get_error(c->ssl, r); - if(want == SSL_ERROR_WANT_READ) { - if(c->ssl_shake_state == comm_ssl_shake_read) - return 1; - c->ssl_shake_state = comm_ssl_shake_read; - comm_point_listen_for_rw(c, 1, 0); - return 1; - } else if(want == SSL_ERROR_WANT_WRITE) { - if(c->ssl_shake_state == comm_ssl_shake_write) - return 1; - c->ssl_shake_state = comm_ssl_shake_write; - comm_point_listen_for_rw(c, 0, 1); - return 1; - } else if(r == 0) { - return 0; /* closed */ - } else if(want == SSL_ERROR_SYSCALL) { - /* SYSCALL and errno==0 means closed uncleanly */ - if(errno != 0) - log_err("SSL_handshake syscall: %s", - strerror(errno)); - return 0; - } else { - log_crypto_err("ssl handshake failed"); - log_addr(1, "ssl handshake failed", &c->repinfo.addr, - c->repinfo.addrlen); - return 0; - } - } - /* this is where peer verification could take place */ - log_addr(VERB_ALGO, "SSL DNS connection", &c->repinfo.addr, - c->repinfo.addrlen); - - /* setup listen rw correctly */ - if(c->tcp_is_reading) { - if(c->ssl_shake_state != comm_ssl_shake_read) - comm_point_listen_for_rw(c, 1, 0); - } else { - comm_point_listen_for_rw(c, 1, 1); - } - c->ssl_shake_state = comm_ssl_shake_none; - return 1; -} -#endif /* HAVE_SSL */ - -/** ssl read callback on TCP */ -static int -ssl_handle_read(struct comm_point* c) -{ -#ifdef HAVE_SSL - int r; - if(c->ssl_shake_state != comm_ssl_shake_none) { - if(!ssl_handshake(c)) - return 0; - if(c->ssl_shake_state != comm_ssl_shake_none) - return 1; - } - if(c->tcp_byte_count < sizeof(uint16_t)) { - /* read length bytes */ - ERR_clear_error(); - if((r=SSL_read(c->ssl, (void*)sldns_buffer_at(c->buffer, - c->tcp_byte_count), (int)(sizeof(uint16_t) - - c->tcp_byte_count))) <= 0) { - int want = SSL_get_error(c->ssl, r); - if(want == SSL_ERROR_ZERO_RETURN) { - return 0; /* shutdown, closed */ - } else if(want == SSL_ERROR_WANT_READ) { - return 1; /* read more later */ - } else if(want == SSL_ERROR_WANT_WRITE) { - c->ssl_shake_state = comm_ssl_shake_hs_write; - comm_point_listen_for_rw(c, 0, 1); - return 1; - } else if(want == SSL_ERROR_SYSCALL) { - if(errno != 0) - log_err("SSL_read syscall: %s", - strerror(errno)); - return 0; - } - log_crypto_err("could not SSL_read"); - return 0; - } - c->tcp_byte_count += r; - if(c->tcp_byte_count != sizeof(uint16_t)) - return 1; - if(sldns_buffer_read_u16_at(c->buffer, 0) > - sldns_buffer_capacity(c->buffer)) { - verbose(VERB_QUERY, "ssl: dropped larger than buffer"); - return 0; - } - sldns_buffer_set_limit(c->buffer, - sldns_buffer_read_u16_at(c->buffer, 0)); - if(sldns_buffer_limit(c->buffer) < LDNS_HEADER_SIZE) { - verbose(VERB_QUERY, "ssl: dropped bogus too short."); - return 0; - } - verbose(VERB_ALGO, "Reading ssl tcp query of length %d", - (int)sldns_buffer_limit(c->buffer)); - } - log_assert(sldns_buffer_remaining(c->buffer) > 0); - ERR_clear_error(); - r = SSL_read(c->ssl, (void*)sldns_buffer_current(c->buffer), - (int)sldns_buffer_remaining(c->buffer)); - if(r <= 0) { - int want = SSL_get_error(c->ssl, r); - if(want == SSL_ERROR_ZERO_RETURN) { - return 0; /* shutdown, closed */ - } else if(want == SSL_ERROR_WANT_READ) { - return 1; /* read more later */ - } else if(want == SSL_ERROR_WANT_WRITE) { - c->ssl_shake_state = comm_ssl_shake_hs_write; - comm_point_listen_for_rw(c, 0, 1); - return 1; - } else if(want == SSL_ERROR_SYSCALL) { - if(errno != 0) - log_err("SSL_read syscall: %s", - strerror(errno)); - return 0; - } - log_crypto_err("could not SSL_read"); - return 0; - } - sldns_buffer_skip(c->buffer, (ssize_t)r); - if(sldns_buffer_remaining(c->buffer) <= 0) { - tcp_callback_reader(c); - } - return 1; -#else - (void)c; - return 0; -#endif /* HAVE_SSL */ -} - -/** ssl write callback on TCP */ -static int -ssl_handle_write(struct comm_point* c) -{ -#ifdef HAVE_SSL - int r; - if(c->ssl_shake_state != comm_ssl_shake_none) { - if(!ssl_handshake(c)) - return 0; - if(c->ssl_shake_state != comm_ssl_shake_none) - return 1; - } - /* ignore return, if fails we may simply block */ - (void)SSL_set_mode(c->ssl, SSL_MODE_ENABLE_PARTIAL_WRITE); - if(c->tcp_byte_count < sizeof(uint16_t)) { - uint16_t len = htons(sldns_buffer_limit(c->buffer)); - ERR_clear_error(); - r = SSL_write(c->ssl, - (void*)(((uint8_t*)&len)+c->tcp_byte_count), - (int)(sizeof(uint16_t)-c->tcp_byte_count)); - if(r <= 0) { - int want = SSL_get_error(c->ssl, r); - if(want == SSL_ERROR_ZERO_RETURN) { - return 0; /* closed */ - } else if(want == SSL_ERROR_WANT_READ) { - c->ssl_shake_state = comm_ssl_shake_read; - comm_point_listen_for_rw(c, 1, 0); - return 1; /* wait for read condition */ - } else if(want == SSL_ERROR_WANT_WRITE) { - return 1; /* write more later */ - } else if(want == SSL_ERROR_SYSCALL) { - if(errno != 0) - log_err("SSL_write syscall: %s", - strerror(errno)); - return 0; - } - log_crypto_err("could not SSL_write"); - return 0; - } - c->tcp_byte_count += r; - if(c->tcp_byte_count < sizeof(uint16_t)) - return 1; - sldns_buffer_set_position(c->buffer, c->tcp_byte_count - - sizeof(uint16_t)); - if(sldns_buffer_remaining(c->buffer) == 0) { - tcp_callback_writer(c); - return 1; - } - } - log_assert(sldns_buffer_remaining(c->buffer) > 0); - ERR_clear_error(); - r = SSL_write(c->ssl, (void*)sldns_buffer_current(c->buffer), - (int)sldns_buffer_remaining(c->buffer)); - if(r <= 0) { - int want = SSL_get_error(c->ssl, r); - if(want == SSL_ERROR_ZERO_RETURN) { - return 0; /* closed */ - } else if(want == SSL_ERROR_WANT_READ) { - c->ssl_shake_state = comm_ssl_shake_read; - comm_point_listen_for_rw(c, 1, 0); - return 1; /* wait for read condition */ - } else if(want == SSL_ERROR_WANT_WRITE) { - return 1; /* write more later */ - } else if(want == SSL_ERROR_SYSCALL) { - if(errno != 0) - log_err("SSL_write syscall: %s", - strerror(errno)); - return 0; - } - log_crypto_err("could not SSL_write"); - return 0; - } - sldns_buffer_skip(c->buffer, (ssize_t)r); - - if(sldns_buffer_remaining(c->buffer) == 0) { - tcp_callback_writer(c); - } - return 1; -#else - (void)c; - return 0; -#endif /* HAVE_SSL */ -} - -/** handle ssl tcp connection with dns contents */ -static int -ssl_handle_it(struct comm_point* c) -{ - if(c->tcp_is_reading) - return ssl_handle_read(c); - return ssl_handle_write(c); -} - -/** Handle tcp reading callback. - * @param fd: file descriptor of socket. - * @param c: comm point to read from into buffer. - * @param short_ok: if true, very short packets are OK (for comm_local). - * @return: 0 on error - */ -static int -comm_point_tcp_handle_read(int fd, struct comm_point* c, int short_ok) -{ - ssize_t r; - log_assert(c->type == comm_tcp || c->type == comm_local); - if(c->ssl) - return ssl_handle_it(c); - if(!c->tcp_is_reading) - return 0; - - log_assert(fd != -1); - if(c->tcp_byte_count < sizeof(uint16_t)) { - /* read length bytes */ - r = recv(fd,(void*)sldns_buffer_at(c->buffer,c->tcp_byte_count), - sizeof(uint16_t)-c->tcp_byte_count, 0); - if(r == 0) - return 0; - else if(r == -1) { -#ifndef USE_WINSOCK - if(errno == EINTR || errno == EAGAIN) - return 1; -#ifdef ECONNRESET - if(errno == ECONNRESET && verbosity < 2) - return 0; /* silence reset by peer */ -#endif - log_err_addr("read (in tcp s)", strerror(errno), - &c->repinfo.addr, c->repinfo.addrlen); -#else /* USE_WINSOCK */ - if(WSAGetLastError() == WSAECONNRESET) - return 0; - if(WSAGetLastError() == WSAEINPROGRESS) - return 1; - if(WSAGetLastError() == WSAEWOULDBLOCK) { - ub_winsock_tcp_wouldblock(c->ev->ev, - UB_EV_READ); - return 1; - } - log_err_addr("read (in tcp s)", - wsa_strerror(WSAGetLastError()), - &c->repinfo.addr, c->repinfo.addrlen); -#endif - return 0; - } - c->tcp_byte_count += r; - if(c->tcp_byte_count != sizeof(uint16_t)) - return 1; - if(sldns_buffer_read_u16_at(c->buffer, 0) > - sldns_buffer_capacity(c->buffer)) { - verbose(VERB_QUERY, "tcp: dropped larger than buffer"); - return 0; - } - sldns_buffer_set_limit(c->buffer, - sldns_buffer_read_u16_at(c->buffer, 0)); - if(!short_ok && - sldns_buffer_limit(c->buffer) < LDNS_HEADER_SIZE) { - verbose(VERB_QUERY, "tcp: dropped bogus too short."); - return 0; - } - verbose(VERB_ALGO, "Reading tcp query of length %d", - (int)sldns_buffer_limit(c->buffer)); - } - - log_assert(sldns_buffer_remaining(c->buffer) > 0); - r = recv(fd, (void*)sldns_buffer_current(c->buffer), - sldns_buffer_remaining(c->buffer), 0); - if(r == 0) { - return 0; - } else if(r == -1) { -#ifndef USE_WINSOCK - if(errno == EINTR || errno == EAGAIN) - return 1; - log_err_addr("read (in tcp r)", strerror(errno), - &c->repinfo.addr, c->repinfo.addrlen); -#else /* USE_WINSOCK */ - if(WSAGetLastError() == WSAECONNRESET) - return 0; - if(WSAGetLastError() == WSAEINPROGRESS) - return 1; - if(WSAGetLastError() == WSAEWOULDBLOCK) { - ub_winsock_tcp_wouldblock(c->ev->ev, UB_EV_READ); - return 1; - } - log_err_addr("read (in tcp r)", - wsa_strerror(WSAGetLastError()), - &c->repinfo.addr, c->repinfo.addrlen); -#endif - return 0; - } - sldns_buffer_skip(c->buffer, r); - if(sldns_buffer_remaining(c->buffer) <= 0) { - tcp_callback_reader(c); - } - return 1; -} - -/** - * Handle tcp writing callback. - * @param fd: file descriptor of socket. - * @param c: comm point to write buffer out of. - * @return: 0 on error - */ -static int -comm_point_tcp_handle_write(int fd, struct comm_point* c) -{ - ssize_t r; - struct sldns_buffer *buffer; - log_assert(c->type == comm_tcp); -#ifdef USE_DNSCRYPT - buffer = c->dnscrypt_buffer; -#else - buffer = c->buffer; -#endif - if(c->tcp_is_reading && !c->ssl) - return 0; - log_assert(fd != -1); - if(c->tcp_byte_count == 0 && c->tcp_check_nb_connect) { - /* check for pending error from nonblocking connect */ - /* from Stevens, unix network programming, vol1, 3rd ed, p450*/ - int error = 0; - socklen_t len = (socklen_t)sizeof(error); - if(getsockopt(fd, SOL_SOCKET, SO_ERROR, (void*)&error, - &len) < 0){ -#ifndef USE_WINSOCK - error = errno; /* on solaris errno is error */ -#else /* USE_WINSOCK */ - error = WSAGetLastError(); -#endif - } -#ifndef USE_WINSOCK -#if defined(EINPROGRESS) && defined(EWOULDBLOCK) - if(error == EINPROGRESS || error == EWOULDBLOCK) - return 1; /* try again later */ - else -#endif - if(error != 0 && verbosity < 2) - return 0; /* silence lots of chatter in the logs */ - else if(error != 0) { - log_err_addr("tcp connect", strerror(error), - &c->repinfo.addr, c->repinfo.addrlen); -#else /* USE_WINSOCK */ - /* examine error */ - if(error == WSAEINPROGRESS) - return 1; - else if(error == WSAEWOULDBLOCK) { - ub_winsock_tcp_wouldblock(c->ev->ev, UB_EV_WRITE); - return 1; - } else if(error != 0 && verbosity < 2) - return 0; - else if(error != 0) { - log_err_addr("tcp connect", wsa_strerror(error), - &c->repinfo.addr, c->repinfo.addrlen); -#endif /* USE_WINSOCK */ - return 0; - } - } - if(c->ssl) - return ssl_handle_it(c); - -#ifdef USE_MSG_FASTOPEN - /* Only try this on first use of a connection that uses tfo, - otherwise fall through to normal write */ - /* Also, TFO support on WINDOWS not implemented at the moment */ - if(c->tcp_do_fastopen == 1) { - /* this form of sendmsg() does both a connect() and send() so need to - look for various flavours of error*/ - uint16_t len = htons(sldns_buffer_limit(buffer)); - struct msghdr msg; - struct iovec iov[2]; - c->tcp_do_fastopen = 0; - memset(&msg, 0, sizeof(msg)); - iov[0].iov_base = (uint8_t*)&len + c->tcp_byte_count; - iov[0].iov_len = sizeof(uint16_t) - c->tcp_byte_count; - iov[1].iov_base = sldns_buffer_begin(buffer); - iov[1].iov_len = sldns_buffer_limit(buffer); - log_assert(iov[0].iov_len > 0); - log_assert(iov[1].iov_len > 0); - msg.msg_name = &c->repinfo.addr; - msg.msg_namelen = c->repinfo.addrlen; - msg.msg_iov = iov; - msg.msg_iovlen = 2; - r = sendmsg(fd, &msg, MSG_FASTOPEN); - if (r == -1) { -#if defined(EINPROGRESS) && defined(EWOULDBLOCK) - /* Handshake is underway, maybe because no TFO cookie available. - Come back to write the messsage*/ - if(errno == EINPROGRESS || errno == EWOULDBLOCK) - return 1; -#endif - if(errno == EINTR || errno == EAGAIN) - return 1; - /* Not handling EISCONN here as shouldn't ever hit that case.*/ - if(errno != 0 && verbosity < 2) - return 0; /* silence lots of chatter in the logs */ - else if(errno != 0) - log_err_addr("tcp sendmsg", strerror(errno), - &c->repinfo.addr, c->repinfo.addrlen); - return 0; - } else { - c->tcp_byte_count += r; - if(c->tcp_byte_count < sizeof(uint16_t)) - return 1; - sldns_buffer_set_position(buffer, c->tcp_byte_count - - sizeof(uint16_t)); - if(sldns_buffer_remaining(buffer) == 0) { - tcp_callback_writer(c); - return 1; - } - } - } -#endif /* USE_MSG_FASTOPEN */ - - if(c->tcp_byte_count < sizeof(uint16_t)) { - uint16_t len = htons(sldns_buffer_limit(buffer)); -#ifdef HAVE_WRITEV - struct iovec iov[2]; - iov[0].iov_base = (uint8_t*)&len + c->tcp_byte_count; - iov[0].iov_len = sizeof(uint16_t) - c->tcp_byte_count; - iov[1].iov_base = sldns_buffer_begin(buffer); - iov[1].iov_len = sldns_buffer_limit(buffer); - log_assert(iov[0].iov_len > 0); - log_assert(iov[1].iov_len > 0); - r = writev(fd, iov, 2); -#else /* HAVE_WRITEV */ - r = send(fd, (void*)(((uint8_t*)&len)+c->tcp_byte_count), - sizeof(uint16_t)-c->tcp_byte_count, 0); -#endif /* HAVE_WRITEV */ - if(r == -1) { -#ifndef USE_WINSOCK -# ifdef EPIPE - if(errno == EPIPE && verbosity < 2) - return 0; /* silence 'broken pipe' */ - #endif - if(errno == EINTR || errno == EAGAIN) - return 1; -# ifdef HAVE_WRITEV - log_err_addr("tcp writev", strerror(errno), - &c->repinfo.addr, c->repinfo.addrlen); -# else /* HAVE_WRITEV */ - log_err_addr("tcp send s", strerror(errno), - &c->repinfo.addr, c->repinfo.addrlen); -# endif /* HAVE_WRITEV */ -#else - if(WSAGetLastError() == WSAENOTCONN) - return 1; - if(WSAGetLastError() == WSAEINPROGRESS) - return 1; - if(WSAGetLastError() == WSAEWOULDBLOCK) { - ub_winsock_tcp_wouldblock(c->ev->ev, - UB_EV_WRITE); - return 1; - } - log_err_addr("tcp send s", - wsa_strerror(WSAGetLastError()), - &c->repinfo.addr, c->repinfo.addrlen); -#endif - return 0; - } - c->tcp_byte_count += r; - if(c->tcp_byte_count < sizeof(uint16_t)) - return 1; - sldns_buffer_set_position(buffer, c->tcp_byte_count - - sizeof(uint16_t)); - if(sldns_buffer_remaining(buffer) == 0) { - tcp_callback_writer(c); - return 1; - } - } - log_assert(sldns_buffer_remaining(buffer) > 0); - r = send(fd, (void*)sldns_buffer_current(buffer), - sldns_buffer_remaining(buffer), 0); - if(r == -1) { -#ifndef USE_WINSOCK - if(errno == EINTR || errno == EAGAIN) - return 1; - log_err_addr("tcp send r", strerror(errno), - &c->repinfo.addr, c->repinfo.addrlen); -#else - if(WSAGetLastError() == WSAEINPROGRESS) - return 1; - if(WSAGetLastError() == WSAEWOULDBLOCK) { - ub_winsock_tcp_wouldblock(c->ev->ev, UB_EV_WRITE); - return 1; - } - log_err_addr("tcp send r", wsa_strerror(WSAGetLastError()), - &c->repinfo.addr, c->repinfo.addrlen); -#endif - return 0; - } - sldns_buffer_skip(buffer, r); - - if(sldns_buffer_remaining(buffer) == 0) { - tcp_callback_writer(c); - } - - return 1; -} - -void -comm_point_tcp_handle_callback(int fd, short event, void* arg) -{ - struct comm_point* c = (struct comm_point*)arg; - log_assert(c->type == comm_tcp); - ub_comm_base_now(c->ev->base); - -#ifdef USE_DNSCRYPT - /* Initialize if this is a dnscrypt socket */ - if(c->tcp_parent) { - c->dnscrypt = c->tcp_parent->dnscrypt; - } - if(c->dnscrypt && c->dnscrypt_buffer == c->buffer) { - c->dnscrypt_buffer = sldns_buffer_new(sldns_buffer_capacity(c->buffer)); - if(!c->dnscrypt_buffer) { - log_err("Could not allocate dnscrypt buffer"); - return; - } - } -#endif - - if(event&UB_EV_READ) { - if(!comm_point_tcp_handle_read(fd, c, 0)) { - reclaim_tcp_handler(c); - if(!c->tcp_do_close) { - fptr_ok(fptr_whitelist_comm_point( - c->callback)); - (void)(*c->callback)(c, c->cb_arg, - NETEVENT_CLOSED, NULL); - } - } - return; - } - if(event&UB_EV_WRITE) { - if(!comm_point_tcp_handle_write(fd, c)) { - reclaim_tcp_handler(c); - if(!c->tcp_do_close) { - fptr_ok(fptr_whitelist_comm_point( - c->callback)); - (void)(*c->callback)(c, c->cb_arg, - NETEVENT_CLOSED, NULL); - } - } - return; - } - if(event&UB_EV_TIMEOUT) { - verbose(VERB_QUERY, "tcp took too long, dropped"); - reclaim_tcp_handler(c); - if(!c->tcp_do_close) { - fptr_ok(fptr_whitelist_comm_point(c->callback)); - (void)(*c->callback)(c, c->cb_arg, - NETEVENT_TIMEOUT, NULL); - } - return; - } - log_err("Ignored event %d for tcphdl.", event); -} - -void comm_point_local_handle_callback(int fd, short event, void* arg) -{ - struct comm_point* c = (struct comm_point*)arg; - log_assert(c->type == comm_local); - ub_comm_base_now(c->ev->base); - - if(event&UB_EV_READ) { - if(!comm_point_tcp_handle_read(fd, c, 1)) { - fptr_ok(fptr_whitelist_comm_point(c->callback)); - (void)(*c->callback)(c, c->cb_arg, NETEVENT_CLOSED, - NULL); - } - return; - } - log_err("Ignored event %d for localhdl.", event); -} - -void comm_point_raw_handle_callback(int ATTR_UNUSED(fd), - short event, void* arg) -{ - struct comm_point* c = (struct comm_point*)arg; - int err = NETEVENT_NOERROR; - log_assert(c->type == comm_raw); - ub_comm_base_now(c->ev->base); - - if(event&UB_EV_TIMEOUT) - err = NETEVENT_TIMEOUT; - fptr_ok(fptr_whitelist_comm_point_raw(c->callback)); - (void)(*c->callback)(c, c->cb_arg, err, NULL); -} - -struct comm_point* -comm_point_create_udp(struct comm_base *base, int fd, sldns_buffer* buffer, - comm_point_callback_type* callback, void* callback_arg) -{ - struct comm_point* c = (struct comm_point*)calloc(1, - sizeof(struct comm_point)); - short evbits; - if(!c) - return NULL; - c->ev = (struct internal_event*)calloc(1, - sizeof(struct internal_event)); - if(!c->ev) { - free(c); - return NULL; - } - c->ev->base = base; - c->fd = fd; - c->buffer = buffer; - c->timeout = NULL; - c->tcp_is_reading = 0; - c->tcp_byte_count = 0; - c->tcp_parent = NULL; - c->max_tcp_count = 0; - c->cur_tcp_count = 0; - c->tcp_handlers = NULL; - c->tcp_free = NULL; - c->type = comm_udp; - c->tcp_do_close = 0; - c->do_not_close = 0; - c->tcp_do_toggle_rw = 0; - c->tcp_check_nb_connect = 0; -#ifdef USE_MSG_FASTOPEN - c->tcp_do_fastopen = 0; -#endif -#ifdef USE_DNSCRYPT - c->dnscrypt = 0; - c->dnscrypt_buffer = buffer; -#endif - c->inuse = 0; - c->callback = callback; - c->cb_arg = callback_arg; - evbits = UB_EV_READ | UB_EV_PERSIST; - /* ub_event stuff */ - c->ev->ev = ub_event_new(base->eb->base, c->fd, evbits, - comm_point_udp_callback, c); - if(c->ev->ev == NULL) { - log_err("could not baseset udp event"); - comm_point_delete(c); - return NULL; - } - if(fd!=-1 && ub_event_add(c->ev->ev, c->timeout) != 0 ) { - log_err("could not add udp event"); - comm_point_delete(c); - return NULL; - } - return c; -} - -struct comm_point* -comm_point_create_udp_ancil(struct comm_base *base, int fd, - sldns_buffer* buffer, - comm_point_callback_type* callback, void* callback_arg) -{ - struct comm_point* c = (struct comm_point*)calloc(1, - sizeof(struct comm_point)); - short evbits; - if(!c) - return NULL; - c->ev = (struct internal_event*)calloc(1, - sizeof(struct internal_event)); - if(!c->ev) { - free(c); - return NULL; - } - c->ev->base = base; - c->fd = fd; - c->buffer = buffer; - c->timeout = NULL; - c->tcp_is_reading = 0; - c->tcp_byte_count = 0; - c->tcp_parent = NULL; - c->max_tcp_count = 0; - c->cur_tcp_count = 0; - c->tcp_handlers = NULL; - c->tcp_free = NULL; - c->type = comm_udp; - c->tcp_do_close = 0; - c->do_not_close = 0; -#ifdef USE_DNSCRYPT - c->dnscrypt = 0; - c->dnscrypt_buffer = buffer; -#endif - c->inuse = 0; - c->tcp_do_toggle_rw = 0; - c->tcp_check_nb_connect = 0; -#ifdef USE_MSG_FASTOPEN - c->tcp_do_fastopen = 0; -#endif - c->callback = callback; - c->cb_arg = callback_arg; - evbits = UB_EV_READ | UB_EV_PERSIST; - /* ub_event stuff */ - c->ev->ev = ub_event_new(base->eb->base, c->fd, evbits, - comm_point_udp_ancil_callback, c); - if(c->ev->ev == NULL) { - log_err("could not baseset udp event"); - comm_point_delete(c); - return NULL; - } - if(fd!=-1 && ub_event_add(c->ev->ev, c->timeout) != 0 ) { - log_err("could not add udp event"); - comm_point_delete(c); - return NULL; - } - return c; -} - -static struct comm_point* -comm_point_create_tcp_handler(struct comm_base *base, - struct comm_point* parent, size_t bufsize, - comm_point_callback_type* callback, void* callback_arg) -{ - struct comm_point* c = (struct comm_point*)calloc(1, - sizeof(struct comm_point)); - short evbits; - if(!c) - return NULL; - c->ev = (struct internal_event*)calloc(1, - sizeof(struct internal_event)); - if(!c->ev) { - free(c); - return NULL; - } - c->ev->base = base; - c->fd = -1; - c->buffer = sldns_buffer_new(bufsize); - if(!c->buffer) { - free(c->ev); - free(c); - return NULL; - } - c->timeout = (struct timeval*)malloc(sizeof(struct timeval)); - if(!c->timeout) { - sldns_buffer_free(c->buffer); - free(c->ev); - free(c); - return NULL; - } - c->tcp_is_reading = 0; - c->tcp_byte_count = 0; - c->tcp_parent = parent; - c->max_tcp_count = 0; - c->cur_tcp_count = 0; - c->tcp_handlers = NULL; - c->tcp_free = NULL; - c->type = comm_tcp; - c->tcp_do_close = 0; - c->do_not_close = 0; - c->tcp_do_toggle_rw = 1; - c->tcp_check_nb_connect = 0; -#ifdef USE_MSG_FASTOPEN - c->tcp_do_fastopen = 0; -#endif -#ifdef USE_DNSCRYPT - c->dnscrypt = 0; - // We don't know just yet if this is a dnscrypt channel. Allocation - // will be done when handling the callback. - c->dnscrypt_buffer = c->buffer; -#endif - c->repinfo.c = c; - c->callback = callback; - c->cb_arg = callback_arg; - /* add to parent free list */ - c->tcp_free = parent->tcp_free; - parent->tcp_free = c; - /* ub_event stuff */ - evbits = UB_EV_PERSIST | UB_EV_READ | UB_EV_TIMEOUT; - c->ev->ev = ub_event_new(base->eb->base, c->fd, evbits, - comm_point_tcp_handle_callback, c); - if(c->ev->ev == NULL) - { - log_err("could not basetset tcphdl event"); - parent->tcp_free = c->tcp_free; - free(c->ev); - free(c); - return NULL; - } - return c; -} - -struct comm_point* -comm_point_create_tcp(struct comm_base *base, int fd, int num, size_t bufsize, - comm_point_callback_type* callback, void* callback_arg) -{ - struct comm_point* c = (struct comm_point*)calloc(1, - sizeof(struct comm_point)); - short evbits; - int i; - /* first allocate the TCP accept listener */ - if(!c) - return NULL; - c->ev = (struct internal_event*)calloc(1, - sizeof(struct internal_event)); - if(!c->ev) { - free(c); - return NULL; - } - c->ev->base = base; - c->fd = fd; - c->buffer = NULL; - c->timeout = NULL; - c->tcp_is_reading = 0; - c->tcp_byte_count = 0; - c->tcp_parent = NULL; - c->max_tcp_count = num; - c->cur_tcp_count = 0; - c->tcp_handlers = (struct comm_point**)calloc((size_t)num, - sizeof(struct comm_point*)); - if(!c->tcp_handlers) { - free(c->ev); - free(c); - return NULL; - } - c->tcp_free = NULL; - c->type = comm_tcp_accept; - c->tcp_do_close = 0; - c->do_not_close = 0; - c->tcp_do_toggle_rw = 0; - c->tcp_check_nb_connect = 0; -#ifdef USE_MSG_FASTOPEN - c->tcp_do_fastopen = 0; -#endif -#ifdef USE_DNSCRYPT - c->dnscrypt = 0; - c->dnscrypt_buffer = NULL; -#endif - c->callback = NULL; - c->cb_arg = NULL; - evbits = UB_EV_READ | UB_EV_PERSIST; - /* ub_event stuff */ - c->ev->ev = ub_event_new(base->eb->base, c->fd, evbits, - comm_point_tcp_accept_callback, c); - if(c->ev->ev == NULL) { - log_err("could not baseset tcpacc event"); - comm_point_delete(c); - return NULL; - } - if (ub_event_add(c->ev->ev, c->timeout) != 0) { - log_err("could not add tcpacc event"); - comm_point_delete(c); - return NULL; - } - /* now prealloc the tcp handlers */ - for(i=0; itcp_handlers[i] = comm_point_create_tcp_handler(base, - c, bufsize, callback, callback_arg); - if(!c->tcp_handlers[i]) { - comm_point_delete(c); - return NULL; - } - } - - return c; -} - -struct comm_point* -comm_point_create_tcp_out(struct comm_base *base, size_t bufsize, - comm_point_callback_type* callback, void* callback_arg) -{ - struct comm_point* c = (struct comm_point*)calloc(1, - sizeof(struct comm_point)); - short evbits; - if(!c) - return NULL; - c->ev = (struct internal_event*)calloc(1, - sizeof(struct internal_event)); - if(!c->ev) { - free(c); - return NULL; - } - c->ev->base = base; - c->fd = -1; - c->buffer = sldns_buffer_new(bufsize); - if(!c->buffer) { - free(c->ev); - free(c); - return NULL; - } - c->timeout = NULL; - c->tcp_is_reading = 0; - c->tcp_byte_count = 0; - c->tcp_parent = NULL; - c->max_tcp_count = 0; - c->cur_tcp_count = 0; - c->tcp_handlers = NULL; - c->tcp_free = NULL; - c->type = comm_tcp; - c->tcp_do_close = 0; - c->do_not_close = 0; - c->tcp_do_toggle_rw = 1; - c->tcp_check_nb_connect = 1; -#ifdef USE_MSG_FASTOPEN - c->tcp_do_fastopen = 1; -#endif -#ifdef USE_DNSCRYPT - c->dnscrypt = 0; - c->dnscrypt_buffer = c->buffer; -#endif - c->repinfo.c = c; - c->callback = callback; - c->cb_arg = callback_arg; - evbits = UB_EV_PERSIST | UB_EV_WRITE; - c->ev->ev = ub_event_new(base->eb->base, c->fd, evbits, - comm_point_tcp_handle_callback, c); - if(c->ev->ev == NULL) - { - log_err("could not baseset tcpout event"); - sldns_buffer_free(c->buffer); - free(c->ev); - free(c); - return NULL; - } - - return c; -} - -struct comm_point* -comm_point_create_local(struct comm_base *base, int fd, size_t bufsize, - comm_point_callback_type* callback, void* callback_arg) -{ - struct comm_point* c = (struct comm_point*)calloc(1, - sizeof(struct comm_point)); - short evbits; - if(!c) - return NULL; - c->ev = (struct internal_event*)calloc(1, - sizeof(struct internal_event)); - if(!c->ev) { - free(c); - return NULL; - } - c->ev->base = base; - c->fd = fd; - c->buffer = sldns_buffer_new(bufsize); - if(!c->buffer) { - free(c->ev); - free(c); - return NULL; - } - c->timeout = NULL; - c->tcp_is_reading = 1; - c->tcp_byte_count = 0; - c->tcp_parent = NULL; - c->max_tcp_count = 0; - c->cur_tcp_count = 0; - c->tcp_handlers = NULL; - c->tcp_free = NULL; - c->type = comm_local; - c->tcp_do_close = 0; - c->do_not_close = 1; - c->tcp_do_toggle_rw = 0; - c->tcp_check_nb_connect = 0; -#ifdef USE_MSG_FASTOPEN - c->tcp_do_fastopen = 0; -#endif -#ifdef USE_DNSCRYPT - c->dnscrypt = 0; - c->dnscrypt_buffer = c->buffer; -#endif - c->callback = callback; - c->cb_arg = callback_arg; - /* ub_event stuff */ - evbits = UB_EV_PERSIST | UB_EV_READ; - c->ev->ev = ub_event_new(base->eb->base, c->fd, evbits, - comm_point_local_handle_callback, c); - if(c->ev->ev == NULL) { - log_err("could not baseset localhdl event"); - free(c->ev); - free(c); - return NULL; - } - if (ub_event_add(c->ev->ev, c->timeout) != 0) { - log_err("could not add localhdl event"); - ub_event_free(c->ev->ev); - free(c->ev); - free(c); - return NULL; - } - return c; -} - -struct comm_point* -comm_point_create_raw(struct comm_base* base, int fd, int writing, - comm_point_callback_type* callback, void* callback_arg) -{ - struct comm_point* c = (struct comm_point*)calloc(1, - sizeof(struct comm_point)); - short evbits; - if(!c) - return NULL; - c->ev = (struct internal_event*)calloc(1, - sizeof(struct internal_event)); - if(!c->ev) { - free(c); - return NULL; - } - c->ev->base = base; - c->fd = fd; - c->buffer = NULL; - c->timeout = NULL; - c->tcp_is_reading = 0; - c->tcp_byte_count = 0; - c->tcp_parent = NULL; - c->max_tcp_count = 0; - c->cur_tcp_count = 0; - c->tcp_handlers = NULL; - c->tcp_free = NULL; - c->type = comm_raw; - c->tcp_do_close = 0; - c->do_not_close = 1; - c->tcp_do_toggle_rw = 0; - c->tcp_check_nb_connect = 0; -#ifdef USE_MSG_FASTOPEN - c->tcp_do_fastopen = 0; -#endif -#ifdef USE_DNSCRYPT - c->dnscrypt = 0; - c->dnscrypt_buffer = c->buffer; -#endif - c->callback = callback; - c->cb_arg = callback_arg; - /* ub_event stuff */ - if(writing) - evbits = UB_EV_PERSIST | UB_EV_WRITE; - else evbits = UB_EV_PERSIST | UB_EV_READ; - c->ev->ev = ub_event_new(base->eb->base, c->fd, evbits, - comm_point_raw_handle_callback, c); - if(c->ev->ev == NULL) { - log_err("could not baseset rawhdl event"); - free(c->ev); - free(c); - return NULL; - } - if (ub_event_add(c->ev->ev, c->timeout) != 0) { - log_err("could not add rawhdl event"); - ub_event_free(c->ev->ev); - free(c->ev); - free(c); - return NULL; - } - return c; -} - -void -comm_point_close(struct comm_point* c) -{ - if(!c) - return; - if(c->fd != -1) - if(ub_event_del(c->ev->ev) != 0) { - log_err("could not event_del on close"); - } - /* close fd after removing from event lists, or epoll.. is messed up */ - if(c->fd != -1 && !c->do_not_close) { - verbose(VERB_ALGO, "close fd %d", c->fd); -#ifndef USE_WINSOCK - close(c->fd); -#else - closesocket(c->fd); -#endif - } - c->fd = -1; -} - -void -comm_point_delete(struct comm_point* c) -{ - if(!c) - return; - if(c->type == comm_tcp && c->ssl) { -#ifdef HAVE_SSL - SSL_shutdown(c->ssl); - SSL_free(c->ssl); -#endif - } - comm_point_close(c); - if(c->tcp_handlers) { - int i; - for(i=0; imax_tcp_count; i++) - comm_point_delete(c->tcp_handlers[i]); - free(c->tcp_handlers); - } - free(c->timeout); - if(c->type == comm_tcp || c->type == comm_local) { - sldns_buffer_free(c->buffer); -#ifdef USE_DNSCRYPT - if(c->dnscrypt && c->dnscrypt_buffer != c->buffer) { - sldns_buffer_free(c->dnscrypt_buffer); - } -#endif - } - ub_event_free(c->ev->ev); - free(c->ev); - free(c); -} - -void -comm_point_send_reply(struct comm_reply *repinfo) -{ - struct sldns_buffer* buffer; - log_assert(repinfo && repinfo->c); -#ifdef USE_DNSCRYPT - buffer = repinfo->c->dnscrypt_buffer; - if(!dnsc_handle_uncurved_request(repinfo)) { - return; - } -#else - buffer = repinfo->c->buffer; -#endif - if(repinfo->c->type == comm_udp) { - if(repinfo->srctype) - comm_point_send_udp_msg_if(repinfo->c, - buffer, (struct sockaddr*)&repinfo->addr, - repinfo->addrlen, repinfo); - else - comm_point_send_udp_msg(repinfo->c, buffer, - (struct sockaddr*)&repinfo->addr, repinfo->addrlen); -#ifdef USE_DNSTAP - if(repinfo->c->dtenv != NULL && - repinfo->c->dtenv->log_client_response_messages) - dt_msg_send_client_response(repinfo->c->dtenv, - &repinfo->addr, repinfo->c->type, repinfo->c->buffer); -#endif - } else { -#ifdef USE_DNSTAP - if(repinfo->c->tcp_parent->dtenv != NULL && - repinfo->c->tcp_parent->dtenv->log_client_response_messages) - dt_msg_send_client_response(repinfo->c->tcp_parent->dtenv, - &repinfo->addr, repinfo->c->type, repinfo->c->buffer); -#endif - comm_point_start_listening(repinfo->c, -1, - repinfo->c->tcp_timeout_msec); - } -} - -void -comm_point_drop_reply(struct comm_reply* repinfo) -{ - if(!repinfo) - return; - log_assert(repinfo && repinfo->c); - log_assert(repinfo->c->type != comm_tcp_accept); - if(repinfo->c->type == comm_udp) - return; - reclaim_tcp_handler(repinfo->c); -} - -void -comm_point_stop_listening(struct comm_point* c) -{ - verbose(VERB_ALGO, "comm point stop listening %d", c->fd); - if(ub_event_del(c->ev->ev) != 0) { - log_err("event_del error to stoplisten"); - } -} - -void -comm_point_start_listening(struct comm_point* c, int newfd, int msec) -{ - verbose(VERB_ALGO, "comm point start listening %d", - c->fd==-1?newfd:c->fd); - if(c->type == comm_tcp_accept && !c->tcp_free) { - /* no use to start listening no free slots. */ - return; - } - if(msec != -1 && msec != 0) { - if(!c->timeout) { - c->timeout = (struct timeval*)malloc(sizeof( - struct timeval)); - if(!c->timeout) { - log_err("cpsl: malloc failed. No net read."); - return; - } - } - ub_event_add_bits(c->ev->ev, UB_EV_TIMEOUT); -#ifndef S_SPLINT_S /* splint fails on struct timeval. */ - c->timeout->tv_sec = msec/1000; - c->timeout->tv_usec = (msec%1000)*1000; -#endif /* S_SPLINT_S */ - } - if(c->type == comm_tcp) { - ub_event_del_bits(c->ev->ev, UB_EV_READ|UB_EV_WRITE); - if(c->tcp_is_reading) - ub_event_add_bits(c->ev->ev, UB_EV_READ); - else ub_event_add_bits(c->ev->ev, UB_EV_WRITE); - } - if(newfd != -1) { - if(c->fd != -1) { -#ifndef USE_WINSOCK - close(c->fd); -#else - closesocket(c->fd); -#endif - } - c->fd = newfd; - ub_event_set_fd(c->ev->ev, c->fd); - } - if(ub_event_add(c->ev->ev, msec==0?NULL:c->timeout) != 0) { - log_err("event_add failed. in cpsl."); - } -} - -void comm_point_listen_for_rw(struct comm_point* c, int rd, int wr) -{ - verbose(VERB_ALGO, "comm point listen_for_rw %d %d", c->fd, wr); - if(ub_event_del(c->ev->ev) != 0) { - log_err("event_del error to cplf"); - } - ub_event_del_bits(c->ev->ev, UB_EV_READ|UB_EV_WRITE); - if(rd) ub_event_add_bits(c->ev->ev, UB_EV_READ); - if(wr) ub_event_add_bits(c->ev->ev, UB_EV_WRITE); - if(ub_event_add(c->ev->ev, c->timeout) != 0) { - log_err("event_add failed. in cplf."); - } -} - -size_t comm_point_get_mem(struct comm_point* c) -{ - size_t s; - if(!c) - return 0; - s = sizeof(*c) + sizeof(*c->ev); - if(c->timeout) - s += sizeof(*c->timeout); - if(c->type == comm_tcp || c->type == comm_local) { - s += sizeof(*c->buffer) + sldns_buffer_capacity(c->buffer); -#ifdef USE_DNSCRYPT - s += sizeof(*c->dnscrypt_buffer); - if(c->buffer != c->dnscrypt_buffer) { - s += sldns_buffer_capacity(c->dnscrypt_buffer); - } -#endif - } - if(c->type == comm_tcp_accept) { - int i; - for(i=0; imax_tcp_count; i++) - s += comm_point_get_mem(c->tcp_handlers[i]); - } - return s; -} - -struct comm_timer* -comm_timer_create(struct comm_base* base, void (*cb)(void*), void* cb_arg) -{ - struct internal_timer *tm = (struct internal_timer*)calloc(1, - sizeof(struct internal_timer)); - if(!tm) { - log_err("malloc failed"); - return NULL; - } - tm->super.ev_timer = tm; - tm->base = base; - tm->super.callback = cb; - tm->super.cb_arg = cb_arg; - tm->ev = ub_event_new(base->eb->base, -1, UB_EV_TIMEOUT, - comm_timer_callback, &tm->super); - if(tm->ev == NULL) { - log_err("timer_create: event_base_set failed."); - free(tm); - return NULL; - } - return &tm->super; -} - -void -comm_timer_disable(struct comm_timer* timer) -{ - if(!timer) - return; - ub_timer_del(timer->ev_timer->ev); - timer->ev_timer->enabled = 0; -} - -void -comm_timer_set(struct comm_timer* timer, struct timeval* tv) -{ - log_assert(tv); - if(timer->ev_timer->enabled) - comm_timer_disable(timer); - if(ub_timer_add(timer->ev_timer->ev, timer->ev_timer->base->eb->base, - comm_timer_callback, timer, tv) != 0) - log_err("comm_timer_set: evtimer_add failed."); - timer->ev_timer->enabled = 1; -} - -void -comm_timer_delete(struct comm_timer* timer) -{ - if(!timer) - return; - comm_timer_disable(timer); - /* Free the sub struct timer->ev_timer derived from the super struct timer. - * i.e. assert(timer == timer->ev_timer) - */ - ub_event_free(timer->ev_timer->ev); - free(timer->ev_timer); -} - -void -comm_timer_callback(int ATTR_UNUSED(fd), short event, void* arg) -{ - struct comm_timer* tm = (struct comm_timer*)arg; - if(!(event&UB_EV_TIMEOUT)) - return; - ub_comm_base_now(tm->ev_timer->base); - tm->ev_timer->enabled = 0; - fptr_ok(fptr_whitelist_comm_timer(tm->callback)); - (*tm->callback)(tm->cb_arg); -} - -int -comm_timer_is_set(struct comm_timer* timer) -{ - return (int)timer->ev_timer->enabled; -} - -size_t -comm_timer_get_mem(struct comm_timer* ATTR_UNUSED(timer)) -{ - return sizeof(struct internal_timer); -} - -struct comm_signal* -comm_signal_create(struct comm_base* base, - void (*callback)(int, void*), void* cb_arg) -{ - struct comm_signal* com = (struct comm_signal*)malloc( - sizeof(struct comm_signal)); - if(!com) { - log_err("malloc failed"); - return NULL; - } - com->base = base; - com->callback = callback; - com->cb_arg = cb_arg; - com->ev_signal = NULL; - return com; -} - -void -comm_signal_callback(int sig, short event, void* arg) -{ - struct comm_signal* comsig = (struct comm_signal*)arg; - if(!(event & UB_EV_SIGNAL)) - return; - ub_comm_base_now(comsig->base); - fptr_ok(fptr_whitelist_comm_signal(comsig->callback)); - (*comsig->callback)(sig, comsig->cb_arg); -} - -int -comm_signal_bind(struct comm_signal* comsig, int sig) -{ - struct internal_signal* entry = (struct internal_signal*)calloc(1, - sizeof(struct internal_signal)); - if(!entry) { - log_err("malloc failed"); - return 0; - } - log_assert(comsig); - /* add signal event */ - entry->ev = ub_signal_new(comsig->base->eb->base, sig, - comm_signal_callback, comsig); - if(entry->ev == NULL) { - log_err("Could not create signal event"); - free(entry); - return 0; - } - if(ub_signal_add(entry->ev, NULL) != 0) { - log_err("Could not add signal handler"); - ub_event_free(entry->ev); - free(entry); - return 0; - } - /* link into list */ - entry->next = comsig->ev_signal; - comsig->ev_signal = entry; - return 1; -} - -void -comm_signal_delete(struct comm_signal* comsig) -{ - struct internal_signal* p, *np; - if(!comsig) - return; - p=comsig->ev_signal; - while(p) { - np = p->next; - ub_signal_del(p->ev); - ub_event_free(p->ev); - free(p); - p = np; - } - free(comsig); -} diff --git a/external/unbound/util/netevent.h b/external/unbound/util/netevent.h deleted file mode 100644 index cb8eb86b9..000000000 --- a/external/unbound/util/netevent.h +++ /dev/null @@ -1,731 +0,0 @@ -/* - * util/netevent.h - event notification - * - * Copyright (c) 2007, NLnet Labs. All rights reserved. - * - * This software is open source. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * Redistributions of source code must retain the above copyright notice, - * this list of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, - * this list of conditions and the following disclaimer in the documentation - * and/or other materials provided with the distribution. - * - * Neither the name of the NLNET LABS nor the names of its contributors may - * be used to endorse or promote products derived from this software without - * specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR - * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT - * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED - * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR - * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF - * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING - * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -/** - * \file - * - * This file contains event notification functions. - * - * There are three types of communication points - * o UDP socket - perthread buffer. - * o TCP-accept socket - array of TCP-sockets, socketcount. - * o TCP socket - own buffer, parent-TCPaccept, read/write state, - * number of bytes read/written, timeout. - * - * There are sockets aimed towards our clients and towards the internet. - * o frontside - aimed towards our clients, queries come in, answers back. - * o behind - aimed towards internet, to the authoritative DNS servers. - * - * Several event types are available: - * o comm_base - for thread safety of the comm points, one per thread. - * o comm_point - udp and tcp networking, with callbacks. - * o comm_timer - a timeout with callback. - * o comm_signal - callbacks when signal is caught. - * o comm_reply - holds reply info during networking callback. - * - */ - -#ifndef NET_EVENT_H -#define NET_EVENT_H - -#include "dnscrypt/dnscrypt.h" - -struct sldns_buffer; -struct comm_point; -struct comm_reply; -struct ub_event_base; - -/* internal event notification data storage structure. */ -struct internal_event; -struct internal_base; -struct internal_timer; /* A sub struct of the comm_timer super struct */ - -/** callback from communication point function type */ -typedef int comm_point_callback_type(struct comm_point*, void*, int, - struct comm_reply*); - -/** to pass no_error to callback function */ -#define NETEVENT_NOERROR 0 -/** to pass closed connection to callback function */ -#define NETEVENT_CLOSED -1 -/** to pass timeout happened to callback function */ -#define NETEVENT_TIMEOUT -2 -/** to pass fallback from capsforID to callback function; 0x20 failed */ -#define NETEVENT_CAPSFAIL -3 - -/** timeout to slow accept calls when not possible, in msec. */ -#define NETEVENT_SLOW_ACCEPT_TIME 2000 - -/** - * A communication point dispatcher. Thread specific. - */ -struct comm_base { - /** behind the scenes structure. with say libevent info. alloced */ - struct internal_base* eb; - /** callback to stop listening on accept sockets, - * performed when accept() will not function properly */ - void (*stop_accept)(void*); - /** callback to start listening on accept sockets, performed - * after stop_accept() then a timeout has passed. */ - void (*start_accept)(void*); - /** user argument for stop_accept and start_accept functions */ - void* cb_arg; -}; - -/** - * Reply information for a communication point. - */ -struct comm_reply { - /** the comm_point with fd to send reply on to. */ - struct comm_point* c; - /** the address (for UDP based communication) */ - struct sockaddr_storage addr; - /** length of address */ - socklen_t addrlen; - /** return type 0 (none), 4(IP4), 6(IP6) */ - int srctype; - /* DnsCrypt context */ -#ifdef USE_DNSCRYPT - uint8_t client_nonce[crypto_box_HALF_NONCEBYTES]; - uint8_t nmkey[crypto_box_BEFORENMBYTES]; - const KeyPair *keypair; - int is_dnscrypted; -#endif - /** the return source interface data */ - union { -#ifdef IPV6_PKTINFO - struct in6_pktinfo v6info; -#endif -#ifdef IP_PKTINFO - struct in_pktinfo v4info; -#elif defined(IP_RECVDSTADDR) - struct in_addr v4addr; -#endif - } - /** variable with return source data */ - pktinfo; - /** max udp size for udp packets */ - size_t max_udp_size; -}; - -/** - * Communication point to the network - * These behaviours can be accomplished by setting the flags - * and passing return values from the callback. - * udp frontside: called after readdone. sendafter. - * tcp frontside: called readdone, sendafter. close. - * udp behind: called after readdone. No send after. - * tcp behind: write done, read done, then called. No send after. - */ -struct comm_point { - /** behind the scenes structure, with say libevent info. alloced. */ - struct internal_event* ev; - - /** file descriptor for communication point */ - int fd; - - /** timeout (NULL if it does not). Malloced. */ - struct timeval* timeout; - - /** buffer pointer. Either to perthread, or own buffer or NULL */ - struct sldns_buffer* buffer; - - /* -------- TCP Handler -------- */ - /** Read/Write state for TCP */ - int tcp_is_reading; - /** The current read/write count for TCP */ - size_t tcp_byte_count; - /** parent communication point (for TCP sockets) */ - struct comm_point* tcp_parent; - /** sockaddr from peer, for TCP handlers */ - struct comm_reply repinfo; - - /* -------- TCP Accept -------- */ - /** the number of TCP handlers for this tcp-accept socket */ - int max_tcp_count; - /** current number of tcp handler in-use for this accept socket */ - int cur_tcp_count; - /** malloced array of tcp handlers for a tcp-accept, - of size max_tcp_count. */ - struct comm_point** tcp_handlers; - /** linked list of free tcp_handlers to use for new queries. - For tcp_accept the first entry, for tcp_handlers the next one. */ - struct comm_point* tcp_free; - - /* -------- SSL TCP DNS ------- */ - /** the SSL object with rw bio (owned) or for commaccept ctx ref */ - void* ssl; - /** handshake state for init and renegotiate */ - enum { - /** no handshake, it has been done */ - comm_ssl_shake_none = 0, - /** ssl initial handshake wants to read */ - comm_ssl_shake_read, - /** ssl initial handshake wants to write */ - comm_ssl_shake_write, - /** ssl_write wants to read */ - comm_ssl_shake_hs_read, - /** ssl_read wants to write */ - comm_ssl_shake_hs_write - } ssl_shake_state; - - /* -------- dnstap ------- */ - /** the dnstap environment */ - struct dt_env* dtenv; - - /** is this a UDP, TCP-accept or TCP socket. */ - enum comm_point_type { - /** UDP socket - handle datagrams. */ - comm_udp, - /** TCP accept socket - only creates handlers if readable. */ - comm_tcp_accept, - /** TCP handler socket - handle byteperbyte readwrite. */ - comm_tcp, - /** AF_UNIX socket - for internal commands. */ - comm_local, - /** raw - not DNS format - for pipe readers and writers */ - comm_raw - } - /** variable with type of socket, UDP,TCP-accept,TCP,pipe */ - type; - - /* ---------- Behaviour ----------- */ - /** if set the connection is NOT closed on delete. */ - int do_not_close; - - /** if set, the connection is closed on error, on timeout, - and after read/write completes. No callback is done. */ - int tcp_do_close; - - /** if set, read/write completes: - read/write state of tcp is toggled. - buffer reset/bytecount reset. - this flag cleared. - So that when that is done the callback is called. */ - int tcp_do_toggle_rw; - - /** timeout in msec for TCP wait times for this connection */ - int tcp_timeout_msec; - - /** if set, checks for pending error from nonblocking connect() call.*/ - int tcp_check_nb_connect; - -#ifdef USE_MSG_FASTOPEN - /** used to track if the sendto() call should be done when using TFO. */ - int tcp_do_fastopen; -#endif - -#ifdef USE_DNSCRYPT - /** Is this a dnscrypt channel */ - int dnscrypt; - /** encrypted buffer pointer. Either to perthread, or own buffer or NULL */ - struct sldns_buffer* dnscrypt_buffer; -#endif - /** number of queries outstanding on this socket, used by - * outside network for udp ports */ - int inuse; - - /** callback when done. - tcp_accept does not get called back, is NULL then. - If a timeout happens, callback with timeout=1 is called. - If an error happens, callback is called with error set - nonzero. If not NETEVENT_NOERROR, it is an errno value. - If the connection is closed (by remote end) then the - callback is called with error set to NETEVENT_CLOSED=-1. - If a timeout happens on the connection, the error is set to - NETEVENT_TIMEOUT=-2. - The reply_info can be copied if the reply needs to happen at a - later time. It consists of a struct with commpoint and address. - It can be passed to a msg send routine some time later. - Note the reply information is temporary and must be copied. - NULL is passed for_reply info, in cases where error happened. - - declare as: - int my_callback(struct comm_point* c, void* my_arg, int error, - struct comm_reply *reply_info); - - if the routine returns 0, nothing is done. - Notzero, the buffer will be sent back to client. - For UDP this is done without changing the commpoint. - In TCP it sets write state. - */ - comm_point_callback_type* callback; - /** argument to pass to callback. */ - void *cb_arg; -}; - -/** - * Structure only for making timeout events. - */ -struct comm_timer { - /** the internal event stuff (derived) */ - struct internal_timer* ev_timer; - - /** callback function, takes user arg only */ - void (*callback)(void*); - - /** callback user argument */ - void* cb_arg; -}; - -/** - * Structure only for signal events. - */ -struct comm_signal { - /** the communication base */ - struct comm_base* base; - - /** the internal event stuff */ - struct internal_signal* ev_signal; - - /** callback function, takes signal number and user arg */ - void (*callback)(int, void*); - - /** callback user argument */ - void* cb_arg; -}; - -/** - * Create a new comm base. - * @param sigs: if true it attempts to create a default loop for - * signal handling. - * @return: the new comm base. NULL on error. - */ -struct comm_base* comm_base_create(int sigs); - -/** - * Create comm base that uses the given ub_event_base (underlying pluggable - * event mechanism pointer). - * @param base: underlying pluggable event base. - * @return: the new comm base. NULL on error. - */ -struct comm_base* comm_base_create_event(struct ub_event_base* base); - -/** - * Delete comm base structure but not the underlying lib event base. - * All comm points must have been deleted. - * @param b: the base to delete. - */ -void comm_base_delete_no_base(struct comm_base* b); - -/** - * Destroy a comm base. - * All comm points must have been deleted. - * @param b: the base to delete. - */ -void comm_base_delete(struct comm_base* b); - -/** - * Obtain two pointers. The pointers never change (until base_delete()). - * The pointers point to time values that are updated regularly. - * @param b: the communication base that will update the time values. - * @param tt: pointer to time in seconds is returned. - * @param tv: pointer to time in microseconds is returned. - */ -void comm_base_timept(struct comm_base* b, time_t** tt, struct timeval** tv); - -/** - * Dispatch the comm base events. - * @param b: the communication to perform. - */ -void comm_base_dispatch(struct comm_base* b); - -/** - * Exit from dispatch loop. - * @param b: the communication base that is in dispatch(). - */ -void comm_base_exit(struct comm_base* b); - -/** - * Set the slow_accept mode handlers. You can not provide these if you do - * not perform accept() calls. - * @param b: comm base - * @param stop_accept: function that stops listening to accept fds. - * @param start_accept: function that resumes listening to accept fds. - * @param arg: callback arg to pass to the functions. - */ -void comm_base_set_slow_accept_handlers(struct comm_base* b, - void (*stop_accept)(void*), void (*start_accept)(void*), void* arg); - -/** - * Access internal data structure (for util/tube.c on windows) - * @param b: comm base - * @return ub_event_base. - */ -struct ub_event_base* comm_base_internal(struct comm_base* b); - -/** - * Create an UDP comm point. Calls malloc. - * setups the structure with the parameters you provide. - * @param base: in which base to alloc the commpoint. - * @param fd : file descriptor of open UDP socket. - * @param buffer: shared buffer by UDP sockets from this thread. - * @param callback: callback function pointer. - * @param callback_arg: will be passed to your callback function. - * @return: returns the allocated communication point. NULL on error. - * Sets timeout to NULL. Turns off TCP options. - */ -struct comm_point* comm_point_create_udp(struct comm_base* base, - int fd, struct sldns_buffer* buffer, - comm_point_callback_type* callback, void* callback_arg); - -/** - * Create an UDP with ancillary data comm point. Calls malloc. - * Uses recvmsg instead of recv to get udp message. - * setups the structure with the parameters you provide. - * @param base: in which base to alloc the commpoint. - * @param fd : file descriptor of open UDP socket. - * @param buffer: shared buffer by UDP sockets from this thread. - * @param callback: callback function pointer. - * @param callback_arg: will be passed to your callback function. - * @return: returns the allocated communication point. NULL on error. - * Sets timeout to NULL. Turns off TCP options. - */ -struct comm_point* comm_point_create_udp_ancil(struct comm_base* base, - int fd, struct sldns_buffer* buffer, - comm_point_callback_type* callback, void* callback_arg); - -/** - * Create a TCP listener comm point. Calls malloc. - * Setups the structure with the parameters you provide. - * Also Creates TCP Handlers, pre allocated for you. - * Uses the parameters you provide. - * @param base: in which base to alloc the commpoint. - * @param fd: file descriptor of open TCP socket set to listen nonblocking. - * @param num: becomes max_tcp_count, the routine allocates that - * many tcp handler commpoints. - * @param bufsize: size of buffer to create for handlers. - * @param callback: callback function pointer for TCP handlers. - * @param callback_arg: will be passed to your callback function. - * @return: returns the TCP listener commpoint. You can find the - * TCP handlers in the array inside the listener commpoint. - * returns NULL on error. - * Inits timeout to NULL. All handlers are on the free list. - */ -struct comm_point* comm_point_create_tcp(struct comm_base* base, - int fd, int num, size_t bufsize, - comm_point_callback_type* callback, void* callback_arg); - -/** - * Create an outgoing TCP commpoint. No file descriptor is opened, left at -1. - * @param base: in which base to alloc the commpoint. - * @param bufsize: size of buffer to create for handlers. - * @param callback: callback function pointer for the handler. - * @param callback_arg: will be passed to your callback function. - * @return: the commpoint or NULL on error. - */ -struct comm_point* comm_point_create_tcp_out(struct comm_base* base, - size_t bufsize, comm_point_callback_type* callback, void* callback_arg); - -/** - * Create commpoint to listen to a local domain file descriptor. - * @param base: in which base to alloc the commpoint. - * @param fd: file descriptor of open AF_UNIX socket set to listen nonblocking. - * @param bufsize: size of buffer to create for handlers. - * @param callback: callback function pointer for the handler. - * @param callback_arg: will be passed to your callback function. - * @return: the commpoint or NULL on error. - */ -struct comm_point* comm_point_create_local(struct comm_base* base, - int fd, size_t bufsize, - comm_point_callback_type* callback, void* callback_arg); - -/** - * Create commpoint to listen to a local domain pipe descriptor. - * @param base: in which base to alloc the commpoint. - * @param fd: file descriptor. - * @param writing: true if you want to listen to writes, false for reads. - * @param callback: callback function pointer for the handler. - * @param callback_arg: will be passed to your callback function. - * @return: the commpoint or NULL on error. - */ -struct comm_point* comm_point_create_raw(struct comm_base* base, - int fd, int writing, - comm_point_callback_type* callback, void* callback_arg); - -/** - * Close a comm point fd. - * @param c: comm point to close. - */ -void comm_point_close(struct comm_point* c); - -/** - * Close and deallocate (free) the comm point. If the comm point is - * a tcp-accept point, also its tcp-handler points are deleted. - * @param c: comm point to delete. - */ -void comm_point_delete(struct comm_point* c); - -/** - * Send reply. Put message into commpoint buffer. - * @param repinfo: The reply info copied from a commpoint callback call. - */ -void comm_point_send_reply(struct comm_reply* repinfo); - -/** - * Drop reply. Cleans up. - * @param repinfo: The reply info copied from a commpoint callback call. - */ -void comm_point_drop_reply(struct comm_reply* repinfo); - -/** - * Send an udp message over a commpoint. - * @param c: commpoint to send it from. - * @param packet: what to send. - * @param addr: where to send it to. - * @param addrlen: length of addr. - * @return: false on a failure. - */ -int comm_point_send_udp_msg(struct comm_point* c, struct sldns_buffer* packet, - struct sockaddr* addr, socklen_t addrlen); - -/** - * Stop listening for input on the commpoint. No callbacks will happen. - * @param c: commpoint to disable. The fd is not closed. - */ -void comm_point_stop_listening(struct comm_point* c); - -/** - * Start listening again for input on the comm point. - * @param c: commpoint to enable again. - * @param newfd: new fd, or -1 to leave fd be. - * @param msec: timeout in milliseconds, or -1 for no (change to the) timeout. - * So seconds*1000. - */ -void comm_point_start_listening(struct comm_point* c, int newfd, int msec); - -/** - * Stop listening and start listening again for reading or writing. - * @param c: commpoint - * @param rd: if true, listens for reading. - * @param wr: if true, listens for writing. - */ -void comm_point_listen_for_rw(struct comm_point* c, int rd, int wr); - -/** - * Get size of memory used by comm point. - * For TCP handlers this includes subhandlers. - * For UDP handlers, this does not include the (shared) UDP buffer. - * @param c: commpoint. - * @return size in bytes. - */ -size_t comm_point_get_mem(struct comm_point* c); - -/** - * create timer. Not active upon creation. - * @param base: event handling base. - * @param cb: callback function: void myfunc(void* myarg); - * @param cb_arg: user callback argument. - * @return: the new timer or NULL on error. - */ -struct comm_timer* comm_timer_create(struct comm_base* base, - void (*cb)(void*), void* cb_arg); - -/** - * disable timer. Stops callbacks from happening. - * @param timer: to disable. - */ -void comm_timer_disable(struct comm_timer* timer); - -/** - * reset timevalue for timer. - * @param timer: timer to (re)set. - * @param tv: when the timer should activate. if NULL timer is disabled. - */ -void comm_timer_set(struct comm_timer* timer, struct timeval* tv); - -/** - * delete timer. - * @param timer: to delete. - */ -void comm_timer_delete(struct comm_timer* timer); - -/** - * see if timeout has been set to a value. - * @param timer: the timer to examine. - * @return: false if disabled or not set. - */ -int comm_timer_is_set(struct comm_timer* timer); - -/** - * Get size of memory used by comm timer. - * @param timer: the timer to examine. - * @return size in bytes. - */ -size_t comm_timer_get_mem(struct comm_timer* timer); - -/** - * Create a signal handler. Call signal_bind() later to bind to a signal. - * @param base: communication base to use. - * @param callback: called when signal is caught. - * @param cb_arg: user argument to callback - * @return: the signal struct or NULL on error. - */ -struct comm_signal* comm_signal_create(struct comm_base* base, - void (*callback)(int, void*), void* cb_arg); - -/** - * Bind signal struct to catch a signal. A signle comm_signal can be bound - * to multiple signals, calling comm_signal_bind multiple times. - * @param comsig: the communication point, with callback information. - * @param sig: signal number. - * @return: true on success. false on error. - */ -int comm_signal_bind(struct comm_signal* comsig, int sig); - -/** - * Delete the signal communication point. - * @param comsig: to delete. - */ -void comm_signal_delete(struct comm_signal* comsig); - -/** - * perform accept(2) with error checking. - * @param c: commpoint with accept fd. - * @param addr: remote end returned here. - * @param addrlen: length of remote end returned here. - * @return new fd, or -1 on error. - * if -1, error message has been printed if necessary, simply drop - * out of the reading handler. - */ -int comm_point_perform_accept(struct comm_point* c, - struct sockaddr_storage* addr, socklen_t* addrlen); - -/**** internal routines ****/ - -/** - * This routine is published for checks and tests, and is only used internally. - * handle libevent callback for udp comm point. - * @param fd: file descriptor. - * @param event: event bits from libevent: - * EV_READ, EV_WRITE, EV_SIGNAL, EV_TIMEOUT. - * @param arg: the comm_point structure. - */ -void comm_point_udp_callback(int fd, short event, void* arg); - -/** - * This routine is published for checks and tests, and is only used internally. - * handle libevent callback for udp ancillary data comm point. - * @param fd: file descriptor. - * @param event: event bits from libevent: - * EV_READ, EV_WRITE, EV_SIGNAL, EV_TIMEOUT. - * @param arg: the comm_point structure. - */ -void comm_point_udp_ancil_callback(int fd, short event, void* arg); - -/** - * This routine is published for checks and tests, and is only used internally. - * handle libevent callback for tcp accept comm point - * @param fd: file descriptor. - * @param event: event bits from libevent: - * EV_READ, EV_WRITE, EV_SIGNAL, EV_TIMEOUT. - * @param arg: the comm_point structure. - */ -void comm_point_tcp_accept_callback(int fd, short event, void* arg); - -/** - * This routine is published for checks and tests, and is only used internally. - * handle libevent callback for tcp data comm point - * @param fd: file descriptor. - * @param event: event bits from libevent: - * EV_READ, EV_WRITE, EV_SIGNAL, EV_TIMEOUT. - * @param arg: the comm_point structure. - */ -void comm_point_tcp_handle_callback(int fd, short event, void* arg); - -/** - * This routine is published for checks and tests, and is only used internally. - * handle libevent callback for timer comm. - * @param fd: file descriptor (always -1). - * @param event: event bits from libevent: - * EV_READ, EV_WRITE, EV_SIGNAL, EV_TIMEOUT. - * @param arg: the comm_timer structure. - */ -void comm_timer_callback(int fd, short event, void* arg); - -/** - * This routine is published for checks and tests, and is only used internally. - * handle libevent callback for signal comm. - * @param fd: file descriptor (used for the signal number). - * @param event: event bits from libevent: - * EV_READ, EV_WRITE, EV_SIGNAL, EV_TIMEOUT. - * @param arg: the internal commsignal structure. - */ -void comm_signal_callback(int fd, short event, void* arg); - -/** - * This routine is published for checks and tests, and is only used internally. - * libevent callback for AF_UNIX fds - * @param fd: file descriptor. - * @param event: event bits from libevent: - * EV_READ, EV_WRITE, EV_SIGNAL, EV_TIMEOUT. - * @param arg: the comm_point structure. - */ -void comm_point_local_handle_callback(int fd, short event, void* arg); - -/** - * This routine is published for checks and tests, and is only used internally. - * libevent callback for raw fd access. - * @param fd: file descriptor. - * @param event: event bits from libevent: - * EV_READ, EV_WRITE, EV_SIGNAL, EV_TIMEOUT. - * @param arg: the comm_point structure. - */ -void comm_point_raw_handle_callback(int fd, short event, void* arg); - -/** - * This routine is published for checks and tests, and is only used internally. - * libevent callback for timeout on slow accept. - * @param fd: file descriptor. - * @param event: event bits from libevent: - * EV_READ, EV_WRITE, EV_SIGNAL, EV_TIMEOUT. - * @param arg: the comm_point structure. - */ -void comm_base_handle_slow_accept(int fd, short event, void* arg); - -#ifdef USE_WINSOCK -/** - * Callback for openssl BIO to on windows detect WSAEWOULDBLOCK and notify - * the winsock_event of this for proper TCP nonblocking implementation. - * @param c: comm_point, fd must be set its struct event is registered. - * @param ssl: openssl SSL, fd must be set so it has a bio. - */ -void comm_point_tcp_win_bio_cb(struct comm_point* c, void* ssl); -#endif - -/** see if errno for tcp connect has to be logged or not. This uses errno */ -int tcp_connect_errno_needs_log(struct sockaddr* addr, socklen_t addrlen); - -#endif /* NET_EVENT_H */ diff --git a/external/unbound/util/random.c b/external/unbound/util/random.c deleted file mode 100644 index 8332960b4..000000000 --- a/external/unbound/util/random.c +++ /dev/null @@ -1,233 +0,0 @@ -/* - * util/random.c - thread safe random generator, which is reasonably secure. - * - * Copyright (c) 2007, NLnet Labs. All rights reserved. - * - * This software is open source. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * Redistributions of source code must retain the above copyright notice, - * this list of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, - * this list of conditions and the following disclaimer in the documentation - * and/or other materials provided with the distribution. - * - * Neither the name of the NLNET LABS nor the names of its contributors may - * be used to endorse or promote products derived from this software without - * specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR - * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT - * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED - * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR - * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF - * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING - * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -/** - * \file - * Thread safe random functions. Similar to arc4random() with an explicit - * initialisation routine. - * - * The code in this file is based on arc4random from - * openssh-4.0p1/openbsd-compat/bsd-arc4random.c - * That code is also BSD licensed. Here is their statement: - * - * Copyright (c) 1996, David Mazieres - * Copyright (c) 2008, Damien Miller - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR - * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN - * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF - * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ -#include "config.h" -#include "util/random.h" -#include "util/log.h" -#include - -#ifdef HAVE_NSS -/* nspr4 */ -#include "prerror.h" -/* nss3 */ -#include "secport.h" -#include "pk11pub.h" -#elif defined(HAVE_NETTLE) -#include "yarrow.h" -#endif - -/** - * Max random value. Similar to RAND_MAX, but more portable - * (mingw uses only 15 bits random). - */ -#define MAX_VALUE 0x7fffffff - -#if defined(HAVE_SSL) -void -ub_systemseed(unsigned int ATTR_UNUSED(seed)) -{ - /* arc4random_uniform does not need seeds, it gets kernel entropy */ -} - -struct ub_randstate* -ub_initstate(unsigned int ATTR_UNUSED(seed), - struct ub_randstate* ATTR_UNUSED(from)) -{ - struct ub_randstate* s = (struct ub_randstate*)malloc(1); - if(!s) { - log_err("malloc failure in random init"); - return NULL; - } - return s; -} - -long int -ub_random(struct ub_randstate* ATTR_UNUSED(s)) -{ - /* This relies on MAX_VALUE being 0x7fffffff. */ - return (long)arc4random() & MAX_VALUE; -} - -long int -ub_random_max(struct ub_randstate* state, long int x) -{ - (void)state; - /* on OpenBSD, this does not need _seed(), or _stir() calls */ - return (long)arc4random_uniform((uint32_t)x); -} - -#elif defined(HAVE_NSS) - -/* not much to remember for NSS since we use its pk11_random, placeholder */ -struct ub_randstate { - int ready; -}; - -void ub_systemseed(unsigned int ATTR_UNUSED(seed)) -{ -} - -struct ub_randstate* ub_initstate(unsigned int ATTR_UNUSED(seed), - struct ub_randstate* ATTR_UNUSED(from)) -{ - struct ub_randstate* s = (struct ub_randstate*)calloc(1, sizeof(*s)); - if(!s) { - log_err("malloc failure in random init"); - return NULL; - } - return s; -} - -long int ub_random(struct ub_randstate* ATTR_UNUSED(state)) -{ - long int x; - /* random 31 bit value. */ - SECStatus s = PK11_GenerateRandom((unsigned char*)&x, (int)sizeof(x)); - if(s != SECSuccess) { - log_err("PK11_GenerateRandom error: %s", - PORT_ErrorToString(PORT_GetError())); - } - return x & MAX_VALUE; -} - -#elif defined(HAVE_NETTLE) - -/** - * libnettle implements a Yarrow-256 generator (SHA256 + AES), - * and we have to ensure it is seeded before use. - */ -struct ub_randstate { - struct yarrow256_ctx ctx; - int seeded; -}; - -void ub_systemseed(unsigned int ATTR_UNUSED(seed)) -{ -/** - * We seed on init and not here, as we need the ctx to re-seed. - * This also means that re-seeding is not supported. - */ - log_err("Re-seeding not supported, generator untouched"); -} - -struct ub_randstate* ub_initstate(unsigned int seed, - struct ub_randstate* ATTR_UNUSED(from)) -{ - struct ub_randstate* s = (struct ub_randstate*)calloc(1, sizeof(*s)); - uint8_t buf[YARROW256_SEED_FILE_SIZE]; - if(!s) { - log_err("malloc failure in random init"); - return NULL; - } - /* Setup Yarrow context */ - yarrow256_init(&s->ctx, 0, NULL); - - if(getentropy(buf, sizeof(buf)) != -1) { - /* got entropy */ - yarrow256_seed(&s->ctx, YARROW256_SEED_FILE_SIZE, buf); - s->seeded = yarrow256_is_seeded(&s->ctx); - } else { - /* Stretch the uint32 input seed and feed it to Yarrow */ - uint32_t v = seed; - size_t i; - for(i=0; i < (YARROW256_SEED_FILE_SIZE/sizeof(seed)); i++) { - memmove(buf+i*sizeof(seed), &v, sizeof(seed)); - v = v*seed + (uint32_t)i; - } - yarrow256_seed(&s->ctx, YARROW256_SEED_FILE_SIZE, buf); - s->seeded = yarrow256_is_seeded(&s->ctx); - } - - return s; -} - -long int ub_random(struct ub_randstate* s) -{ - /* random 31 bit value. */ - long int x = 0; - if (!s || !s->seeded) { - log_err("Couldn't generate randomness, Yarrow-256 generator not yet seeded"); - } else { - yarrow256_random(&s->ctx, sizeof(x), (uint8_t *)&x); - } - return x & MAX_VALUE; -} -#endif /* HAVE_SSL or HAVE_NSS or HAVE_NETTLE */ - - -#if defined(HAVE_NSS) || defined(HAVE_NETTLE) -long int -ub_random_max(struct ub_randstate* state, long int x) -{ - /* make sure we fetch in a range that is divisible by x. ignore - * values from d .. MAX_VALUE, instead draw a new number */ - long int d = MAX_VALUE - (MAX_VALUE % x); /* d is divisible by x */ - long int v = ub_random(state); - while(d <= v) - v = ub_random(state); - return (v % x); -} -#endif /* HAVE_NSS or HAVE_NETTLE */ - -void -ub_randfree(struct ub_randstate* s) -{ - free(s); - /* user app must do RAND_cleanup(); */ -} diff --git a/external/unbound/util/random.h b/external/unbound/util/random.h deleted file mode 100644 index a05a994a3..000000000 --- a/external/unbound/util/random.h +++ /dev/null @@ -1,93 +0,0 @@ -/* - * util/random.h - thread safe random generator, which is reasonably secure. - * - * Copyright (c) 2007, NLnet Labs. All rights reserved. - * - * This software is open source. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * Redistributions of source code must retain the above copyright notice, - * this list of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, - * this list of conditions and the following disclaimer in the documentation - * and/or other materials provided with the distribution. - * - * Neither the name of the NLNET LABS nor the names of its contributors may - * be used to endorse or promote products derived from this software without - * specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR - * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT - * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED - * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR - * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF - * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING - * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -#ifndef UTIL_RANDOM_H -#define UTIL_RANDOM_H - -/** - * \file - * Thread safe random functions. Similar to arc4random() with an explicit - * initialisation routine. - */ - -/** - * random state structure. - */ -struct ub_randstate; - -/** - * Initialize the system randomness. Obtains entropy from the system - * before a chroot or privilege makes it unavailable. - * You do not have to call this, otherwise ub_initstate does so. - * @param seed: seed value to create state (if no good entropy is found). - */ -void ub_systemseed(unsigned int seed); - -/** - * Initialize a random generator state for use - * @param seed: seed value to create state contents. - * (ignored for arc4random). - * @param from: if not NULL, the seed is taken from this random structure. - * can be used to seed random states via a parent-random-state that - * is itself seeded with entropy. - * @return new state or NULL alloc failure. - */ -struct ub_randstate* ub_initstate(unsigned int seed, - struct ub_randstate* from); - -/** - * Generate next random number from the state passed along. - * Thread safe, so random numbers are repeatable. - * @param state: must have been initialised with ub_initstate. - * @return: random 31 bit value. - */ -long int ub_random(struct ub_randstate* state); - -/** - * Generate random number between 0 and x-1. No modulo bias. - * @param state: must have been initialised with ub_initstate. - * @param x: an upper limit. not (negative or zero). must be smaller than 2**31. - * @return: random value between 0..x-1. Possibly more than one - * random number is picked from the random stream to satisfy this. - */ -long int ub_random_max(struct ub_randstate* state, long int x); - -/** - * Delete the random state. - * @param state: to delete. - */ -void ub_randfree(struct ub_randstate* state); - -#endif /* UTIL_RANDOM_H */ diff --git a/external/unbound/util/rbtree.c b/external/unbound/util/rbtree.c deleted file mode 100644 index f031c9a13..000000000 --- a/external/unbound/util/rbtree.c +++ /dev/null @@ -1,626 +0,0 @@ -/* - * rbtree.c -- generic red black tree - * - * Copyright (c) 2001-2007, NLnet Labs. All rights reserved. - * - * This software is open source. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * Redistributions of source code must retain the above copyright notice, - * this list of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, - * this list of conditions and the following disclaimer in the documentation - * and/or other materials provided with the distribution. - * - * Neither the name of the NLNET LABS nor the names of its contributors may - * be used to endorse or promote products derived from this software without - * specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR - * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT - * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED - * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR - * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF - * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING - * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - * - */ - -/** - * \file - * Implementation of a redblack tree. - */ - -#include "config.h" -#include "log.h" -#include "fptr_wlist.h" -#include "util/rbtree.h" - -/** Node colour black */ -#define BLACK 0 -/** Node colour red */ -#define RED 1 - -/** the NULL node, global alloc */ -rbnode_type rbtree_null_node = { - RBTREE_NULL, /* Parent. */ - RBTREE_NULL, /* Left. */ - RBTREE_NULL, /* Right. */ - NULL, /* Key. */ - BLACK /* Color. */ -}; - -/** rotate subtree left (to preserve redblack property) */ -static void rbtree_rotate_left(rbtree_type *rbtree, rbnode_type *node); -/** rotate subtree right (to preserve redblack property) */ -static void rbtree_rotate_right(rbtree_type *rbtree, rbnode_type *node); -/** Fixup node colours when insert happened */ -static void rbtree_insert_fixup(rbtree_type *rbtree, rbnode_type *node); -/** Fixup node colours when delete happened */ -static void rbtree_delete_fixup(rbtree_type* rbtree, rbnode_type* child, - rbnode_type* child_parent); - -/* - * Creates a new red black tree, initializes and returns a pointer to it. - * - * Return NULL on failure. - * - */ -rbtree_type * -rbtree_create (int (*cmpf)(const void *, const void *)) -{ - rbtree_type *rbtree; - - /* Allocate memory for it */ - rbtree = (rbtree_type *) malloc(sizeof(rbtree_type)); - if (!rbtree) { - return NULL; - } - - /* Initialize it */ - rbtree_init(rbtree, cmpf); - - return rbtree; -} - -void -rbtree_init(rbtree_type *rbtree, int (*cmpf)(const void *, const void *)) -{ - /* Initialize it */ - rbtree->root = RBTREE_NULL; - rbtree->count = 0; - rbtree->cmp = cmpf; -} - -/* - * Rotates the node to the left. - * - */ -static void -rbtree_rotate_left(rbtree_type *rbtree, rbnode_type *node) -{ - rbnode_type *right = node->right; - node->right = right->left; - if (right->left != RBTREE_NULL) - right->left->parent = node; - - right->parent = node->parent; - - if (node->parent != RBTREE_NULL) { - if (node == node->parent->left) { - node->parent->left = right; - } else { - node->parent->right = right; - } - } else { - rbtree->root = right; - } - right->left = node; - node->parent = right; -} - -/* - * Rotates the node to the right. - * - */ -static void -rbtree_rotate_right(rbtree_type *rbtree, rbnode_type *node) -{ - rbnode_type *left = node->left; - node->left = left->right; - if (left->right != RBTREE_NULL) - left->right->parent = node; - - left->parent = node->parent; - - if (node->parent != RBTREE_NULL) { - if (node == node->parent->right) { - node->parent->right = left; - } else { - node->parent->left = left; - } - } else { - rbtree->root = left; - } - left->right = node; - node->parent = left; -} - -static void -rbtree_insert_fixup(rbtree_type *rbtree, rbnode_type *node) -{ - rbnode_type *uncle; - - /* While not at the root and need fixing... */ - while (node != rbtree->root && node->parent->color == RED) { - /* If our parent is left child of our grandparent... */ - if (node->parent == node->parent->parent->left) { - uncle = node->parent->parent->right; - - /* If our uncle is red... */ - if (uncle->color == RED) { - /* Paint the parent and the uncle black... */ - node->parent->color = BLACK; - uncle->color = BLACK; - - /* And the grandparent red... */ - node->parent->parent->color = RED; - - /* And continue fixing the grandparent */ - node = node->parent->parent; - } else { /* Our uncle is black... */ - /* Are we the right child? */ - if (node == node->parent->right) { - node = node->parent; - rbtree_rotate_left(rbtree, node); - } - /* Now we're the left child, repaint and rotate... */ - node->parent->color = BLACK; - node->parent->parent->color = RED; - rbtree_rotate_right(rbtree, node->parent->parent); - } - } else { - uncle = node->parent->parent->left; - - /* If our uncle is red... */ - if (uncle->color == RED) { - /* Paint the parent and the uncle black... */ - node->parent->color = BLACK; - uncle->color = BLACK; - - /* And the grandparent red... */ - node->parent->parent->color = RED; - - /* And continue fixing the grandparent */ - node = node->parent->parent; - } else { /* Our uncle is black... */ - /* Are we the right child? */ - if (node == node->parent->left) { - node = node->parent; - rbtree_rotate_right(rbtree, node); - } - /* Now we're the right child, repaint and rotate... */ - node->parent->color = BLACK; - node->parent->parent->color = RED; - rbtree_rotate_left(rbtree, node->parent->parent); - } - } - } - rbtree->root->color = BLACK; -} - - -/* - * Inserts a node into a red black tree. - * - * Returns NULL on failure or the pointer to the newly added node - * otherwise. - */ -rbnode_type * -rbtree_insert (rbtree_type *rbtree, rbnode_type *data) -{ - /* XXX Not necessary, but keeps compiler quiet... */ - int r = 0; - - /* We start at the root of the tree */ - rbnode_type *node = rbtree->root; - rbnode_type *parent = RBTREE_NULL; - - fptr_ok(fptr_whitelist_rbtree_cmp(rbtree->cmp)); - /* Lets find the new parent... */ - while (node != RBTREE_NULL) { - /* Compare two keys, do we have a duplicate? */ - if ((r = rbtree->cmp(data->key, node->key)) == 0) { - return NULL; - } - parent = node; - - if (r < 0) { - node = node->left; - } else { - node = node->right; - } - } - - /* Initialize the new node */ - data->parent = parent; - data->left = data->right = RBTREE_NULL; - data->color = RED; - rbtree->count++; - - /* Insert it into the tree... */ - if (parent != RBTREE_NULL) { - if (r < 0) { - parent->left = data; - } else { - parent->right = data; - } - } else { - rbtree->root = data; - } - - /* Fix up the red-black properties... */ - rbtree_insert_fixup(rbtree, data); - - return data; -} - -/* - * Searches the red black tree, returns the data if key is found or NULL otherwise. - * - */ -rbnode_type * -rbtree_search (rbtree_type *rbtree, const void *key) -{ - rbnode_type *node; - - if (rbtree_find_less_equal(rbtree, key, &node)) { - return node; - } else { - return NULL; - } -} - -/** helpers for delete: swap node colours */ -static void swap_int8(uint8_t* x, uint8_t* y) -{ - uint8_t t = *x; *x = *y; *y = t; -} - -/** helpers for delete: swap node pointers */ -static void swap_np(rbnode_type** x, rbnode_type** y) -{ - rbnode_type* t = *x; *x = *y; *y = t; -} - -/** Update parent pointers of child trees of 'parent' */ -static void change_parent_ptr(rbtree_type* rbtree, rbnode_type* parent, - rbnode_type* old, rbnode_type* new) -{ - if(parent == RBTREE_NULL) - { - log_assert(rbtree->root == old); - if(rbtree->root == old) rbtree->root = new; - return; - } - log_assert(parent->left == old || parent->right == old - || parent->left == new || parent->right == new); - if(parent->left == old) parent->left = new; - if(parent->right == old) parent->right = new; -} -/** Update parent pointer of a node 'child' */ -static void change_child_ptr(rbnode_type* child, rbnode_type* old, - rbnode_type* new) -{ - if(child == RBTREE_NULL) return; - log_assert(child->parent == old || child->parent == new); - if(child->parent == old) child->parent = new; -} - -rbnode_type* -rbtree_delete(rbtree_type *rbtree, const void *key) -{ - rbnode_type *to_delete; - rbnode_type *child; - if((to_delete = rbtree_search(rbtree, key)) == 0) return 0; - rbtree->count--; - - /* make sure we have at most one non-leaf child */ - if(to_delete->left != RBTREE_NULL && to_delete->right != RBTREE_NULL) - { - /* swap with smallest from right subtree (or largest from left) */ - rbnode_type *smright = to_delete->right; - while(smright->left != RBTREE_NULL) - smright = smright->left; - /* swap the smright and to_delete elements in the tree, - * but the rbnode_type is first part of user data struct - * so cannot just swap the keys and data pointers. Instead - * readjust the pointers left,right,parent */ - - /* swap colors - colors are tied to the position in the tree */ - swap_int8(&to_delete->color, &smright->color); - - /* swap child pointers in parents of smright/to_delete */ - change_parent_ptr(rbtree, to_delete->parent, to_delete, smright); - if(to_delete->right != smright) - change_parent_ptr(rbtree, smright->parent, smright, to_delete); - - /* swap parent pointers in children of smright/to_delete */ - change_child_ptr(smright->left, smright, to_delete); - change_child_ptr(smright->left, smright, to_delete); - change_child_ptr(smright->right, smright, to_delete); - change_child_ptr(smright->right, smright, to_delete); - change_child_ptr(to_delete->left, to_delete, smright); - if(to_delete->right != smright) - change_child_ptr(to_delete->right, to_delete, smright); - if(to_delete->right == smright) - { - /* set up so after swap they work */ - to_delete->right = to_delete; - smright->parent = smright; - } - - /* swap pointers in to_delete/smright nodes */ - swap_np(&to_delete->parent, &smright->parent); - swap_np(&to_delete->left, &smright->left); - swap_np(&to_delete->right, &smright->right); - - /* now delete to_delete (which is at the location where the smright previously was) */ - } - log_assert(to_delete->left == RBTREE_NULL || to_delete->right == RBTREE_NULL); - - if(to_delete->left != RBTREE_NULL) child = to_delete->left; - else child = to_delete->right; - - /* unlink to_delete from the tree, replace to_delete with child */ - change_parent_ptr(rbtree, to_delete->parent, to_delete, child); - change_child_ptr(child, to_delete, to_delete->parent); - - if(to_delete->color == RED) - { - /* if node is red then the child (black) can be swapped in */ - } - else if(child->color == RED) - { - /* change child to BLACK, removing a RED node is no problem */ - if(child!=RBTREE_NULL) child->color = BLACK; - } - else rbtree_delete_fixup(rbtree, child, to_delete->parent); - - /* unlink completely */ - to_delete->parent = RBTREE_NULL; - to_delete->left = RBTREE_NULL; - to_delete->right = RBTREE_NULL; - to_delete->color = BLACK; - return to_delete; -} - -static void rbtree_delete_fixup(rbtree_type* rbtree, rbnode_type* child, - rbnode_type* child_parent) -{ - rbnode_type* sibling; - int go_up = 1; - - /* determine sibling to the node that is one-black short */ - if(child_parent->right == child) sibling = child_parent->left; - else sibling = child_parent->right; - - while(go_up) - { - if(child_parent == RBTREE_NULL) - { - /* removed parent==black from root, every path, so ok */ - return; - } - - if(sibling->color == RED) - { /* rotate to get a black sibling */ - child_parent->color = RED; - sibling->color = BLACK; - if(child_parent->right == child) - rbtree_rotate_right(rbtree, child_parent); - else rbtree_rotate_left(rbtree, child_parent); - /* new sibling after rotation */ - if(child_parent->right == child) sibling = child_parent->left; - else sibling = child_parent->right; - } - - if(child_parent->color == BLACK - && sibling->color == BLACK - && sibling->left->color == BLACK - && sibling->right->color == BLACK) - { /* fixup local with recolor of sibling */ - if(sibling != RBTREE_NULL) - sibling->color = RED; - - child = child_parent; - child_parent = child_parent->parent; - /* prepare to go up, new sibling */ - if(child_parent->right == child) sibling = child_parent->left; - else sibling = child_parent->right; - } - else go_up = 0; - } - - if(child_parent->color == RED - && sibling->color == BLACK - && sibling->left->color == BLACK - && sibling->right->color == BLACK) - { - /* move red to sibling to rebalance */ - if(sibling != RBTREE_NULL) - sibling->color = RED; - child_parent->color = BLACK; - return; - } - log_assert(sibling != RBTREE_NULL); - - /* get a new sibling, by rotating at sibling. See which child - of sibling is red */ - if(child_parent->right == child - && sibling->color == BLACK - && sibling->right->color == RED - && sibling->left->color == BLACK) - { - sibling->color = RED; - sibling->right->color = BLACK; - rbtree_rotate_left(rbtree, sibling); - /* new sibling after rotation */ - if(child_parent->right == child) sibling = child_parent->left; - else sibling = child_parent->right; - } - else if(child_parent->left == child - && sibling->color == BLACK - && sibling->left->color == RED - && sibling->right->color == BLACK) - { - sibling->color = RED; - sibling->left->color = BLACK; - rbtree_rotate_right(rbtree, sibling); - /* new sibling after rotation */ - if(child_parent->right == child) sibling = child_parent->left; - else sibling = child_parent->right; - } - - /* now we have a black sibling with a red child. rotate and exchange colors. */ - sibling->color = child_parent->color; - child_parent->color = BLACK; - if(child_parent->right == child) - { - log_assert(sibling->left->color == RED); - sibling->left->color = BLACK; - rbtree_rotate_right(rbtree, child_parent); - } - else - { - log_assert(sibling->right->color == RED); - sibling->right->color = BLACK; - rbtree_rotate_left(rbtree, child_parent); - } -} - -int -rbtree_find_less_equal(rbtree_type *rbtree, const void *key, - rbnode_type **result) -{ - int r; - rbnode_type *node; - - log_assert(result); - - /* We start at root... */ - node = rbtree->root; - - *result = NULL; - fptr_ok(fptr_whitelist_rbtree_cmp(rbtree->cmp)); - - /* While there are children... */ - while (node != RBTREE_NULL) { - r = rbtree->cmp(key, node->key); - if (r == 0) { - /* Exact match */ - *result = node; - return 1; - } - if (r < 0) { - node = node->left; - } else { - /* Temporary match */ - *result = node; - node = node->right; - } - } - return 0; -} - -/* - * Finds the first element in the red black tree - * - */ -rbnode_type * -rbtree_first (rbtree_type *rbtree) -{ - rbnode_type *node; - - for (node = rbtree->root; node->left != RBTREE_NULL; node = node->left); - return node; -} - -rbnode_type * -rbtree_last (rbtree_type *rbtree) -{ - rbnode_type *node; - - for (node = rbtree->root; node->right != RBTREE_NULL; node = node->right); - return node; -} - -/* - * Returns the next node... - * - */ -rbnode_type * -rbtree_next (rbnode_type *node) -{ - rbnode_type *parent; - - if (node->right != RBTREE_NULL) { - /* One right, then keep on going left... */ - for (node = node->right; node->left != RBTREE_NULL; node = node->left); - } else { - parent = node->parent; - while (parent != RBTREE_NULL && node == parent->right) { - node = parent; - parent = parent->parent; - } - node = parent; - } - return node; -} - -rbnode_type * -rbtree_previous(rbnode_type *node) -{ - rbnode_type *parent; - - if (node->left != RBTREE_NULL) { - /* One left, then keep on going right... */ - for (node = node->left; node->right != RBTREE_NULL; node = node->right); - } else { - parent = node->parent; - while (parent != RBTREE_NULL && node == parent->left) { - node = parent; - parent = parent->parent; - } - node = parent; - } - return node; -} - -/** recursive descent traverse */ -static void -traverse_post(void (*func)(rbnode_type*, void*), void* arg, rbnode_type* node) -{ - if(!node || node == RBTREE_NULL) - return; - /* recurse */ - traverse_post(func, arg, node->left); - traverse_post(func, arg, node->right); - /* call user func */ - (*func)(node, arg); -} - -void -traverse_postorder(rbtree_type* tree, void (*func)(rbnode_type*, void*), - void* arg) -{ - traverse_post(func, arg, tree->root); -} diff --git a/external/unbound/util/rbtree.h b/external/unbound/util/rbtree.h deleted file mode 100644 index dfcf09ac6..000000000 --- a/external/unbound/util/rbtree.h +++ /dev/null @@ -1,192 +0,0 @@ -/* - * rbtree.h -- generic red-black tree - * - * Copyright (c) 2001-2007, NLnet Labs. All rights reserved. - * - * This software is open source. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * Redistributions of source code must retain the above copyright notice, - * this list of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, - * this list of conditions and the following disclaimer in the documentation - * and/or other materials provided with the distribution. - * - * Neither the name of the NLNET LABS nor the names of its contributors may - * be used to endorse or promote products derived from this software without - * specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR - * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT - * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED - * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR - * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF - * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING - * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - * - */ - -/** - * \file - * Red black tree. Implementation taken from NSD 3.0.5, adjusted for use - * in unbound (memory allocation, logging and so on). - */ - -#ifndef UTIL_RBTREE_H_ -#define UTIL_RBTREE_H_ - -/** - * This structure must be the first member of the data structure in - * the rbtree. This allows easy casting between an rbnode_type and the - * user data (poor man's inheritance). - */ -typedef struct rbnode_type rbnode_type; -/** - * The rbnode_type struct definition. - */ -struct rbnode_type { - /** parent in rbtree, RBTREE_NULL for root */ - rbnode_type *parent; - /** left node (smaller items) */ - rbnode_type *left; - /** right node (larger items) */ - rbnode_type *right; - /** pointer to sorting key */ - const void *key; - /** colour of this node */ - uint8_t color; -}; - -/** The nullpointer, points to empty node */ -#define RBTREE_NULL &rbtree_null_node -/** the global empty node */ -extern rbnode_type rbtree_null_node; - -/** An entire red black tree */ -typedef struct rbtree_type rbtree_type; -/** definition for tree struct */ -struct rbtree_type { - /** The root of the red-black tree */ - rbnode_type *root; - - /** The number of the nodes in the tree */ - size_t count; - - /** - * Key compare function. <0,0,>0 like strcmp. - * Return 0 on two NULL ptrs. - */ - int (*cmp) (const void *, const void *); -}; - -/** - * Create new tree (malloced) with given key compare function. - * @param cmpf: compare function (like strcmp) takes pointers to two keys. - * @return: new tree, empty. - */ -rbtree_type *rbtree_create(int (*cmpf)(const void *, const void *)); - -/** - * Init a new tree (malloced by caller) with given key compare function. - * @param rbtree: uninitialised memory for new tree, returned empty. - * @param cmpf: compare function (like strcmp) takes pointers to two keys. - */ -void rbtree_init(rbtree_type *rbtree, int (*cmpf)(const void *, const void *)); - -/** - * Insert data into the tree. - * @param rbtree: tree to insert to. - * @param data: element to insert. - * @return: data ptr or NULL if key already present. - */ -rbnode_type *rbtree_insert(rbtree_type *rbtree, rbnode_type *data); - -/** - * Delete element from tree. - * @param rbtree: tree to delete from. - * @param key: key of item to delete. - * @return: node that is now unlinked from the tree. User to delete it. - * returns 0 if node not present - */ -rbnode_type *rbtree_delete(rbtree_type *rbtree, const void *key); - -/** - * Find key in tree. Returns NULL if not found. - * @param rbtree: tree to find in. - * @param key: key that must match. - * @return: node that fits or NULL. - */ -rbnode_type *rbtree_search(rbtree_type *rbtree, const void *key); - -/** - * Find, but match does not have to be exact. - * @param rbtree: tree to find in. - * @param key: key to find position of. - * @param result: set to the exact node if present, otherwise to element that - * precedes the position of key in the tree. NULL if no smaller element. - * @return: true if exact match in result. Else result points to <= element, - * or NULL if key is smaller than the smallest key. - */ -int rbtree_find_less_equal(rbtree_type *rbtree, const void *key, - rbnode_type **result); - -/** - * Returns first (smallest) node in the tree - * @param rbtree: tree - * @return: smallest element or NULL if tree empty. - */ -rbnode_type *rbtree_first(rbtree_type *rbtree); - -/** - * Returns last (largest) node in the tree - * @param rbtree: tree - * @return: largest element or NULL if tree empty. - */ -rbnode_type *rbtree_last(rbtree_type *rbtree); - -/** - * Returns next larger node in the tree - * @param rbtree: tree - * @return: next larger element or NULL if no larger in tree. - */ -rbnode_type *rbtree_next(rbnode_type *rbtree); - -/** - * Returns previous smaller node in the tree - * @param rbtree: tree - * @return: previous smaller element or NULL if no previous in tree. - */ -rbnode_type *rbtree_previous(rbnode_type *rbtree); - -/** - * Call with node=variable of struct* with rbnode_type as first element. - * with type is the type of a pointer to that struct. - */ -#define RBTREE_FOR(node, type, rbtree) \ - for(node=(type)rbtree_first(rbtree); \ - (rbnode_type*)node != RBTREE_NULL; \ - node = (type)rbtree_next((rbnode_type*)node)) - -/** - * Call function for all elements in the redblack tree, such that - * leaf elements are called before parent elements. So that all - * elements can be safely free()d. - * Note that your function must not remove the nodes from the tree. - * Since that may trigger rebalances of the rbtree. - * @param tree: the tree - * @param func: function called with element and user arg. - * The function must not alter the rbtree. - * @param arg: user argument. - */ -void traverse_postorder(rbtree_type* tree, void (*func)(rbnode_type*, void*), - void* arg); - -#endif /* UTIL_RBTREE_H_ */ diff --git a/external/unbound/util/regional.c b/external/unbound/util/regional.c deleted file mode 100644 index 899a54edb..000000000 --- a/external/unbound/util/regional.c +++ /dev/null @@ -1,223 +0,0 @@ -/* - * regional.c -- region based memory allocator. - * - * Copyright (c) 2001-2006, NLnet Labs. All rights reserved. - * - * Copyright (c) 2007, NLnet Labs. All rights reserved. - * - * This software is open source. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * Redistributions of source code must retain the above copyright notice, - * this list of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, - * this list of conditions and the following disclaimer in the documentation - * and/or other materials provided with the distribution. - * - * Neither the name of the NLNET LABS nor the names of its contributors may - * be used to endorse or promote products derived from this software without - * specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR - * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT - * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED - * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR - * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF - * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING - * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -/** - * \file - * Regional allocator. Allocates small portions of of larger chunks. - */ - -#include "config.h" -#include "util/log.h" -#include "util/regional.h" - -#ifdef ALIGNMENT -# undef ALIGNMENT -#endif -/** increase size until it fits alignment of s bytes */ -#define ALIGN_UP(x, s) (((x) + s - 1) & (~(s - 1))) -/** what size to align on; make sure a char* fits in it. */ -#define ALIGNMENT (sizeof(uint64_t)) - -/** Default reasonable size for chunks */ -#define REGIONAL_CHUNK_SIZE 8192 -#ifdef UNBOUND_ALLOC_NONREGIONAL -/** All objects allocated outside of chunks, for debug */ -#define REGIONAL_LARGE_OBJECT_SIZE 0 -#else -/** Default size for large objects - allocated outside of chunks. */ -#define REGIONAL_LARGE_OBJECT_SIZE 2048 -#endif - -struct regional* -regional_create(void) -{ - return regional_create_custom(REGIONAL_CHUNK_SIZE); -} - -/** init regional struct with first block */ -static void -regional_init(struct regional* r) -{ - size_t a = ALIGN_UP(sizeof(struct regional), ALIGNMENT); - r->data = (char*)r + a; - r->available = r->first_size - a; - r->next = NULL; - r->large_list = NULL; - r->total_large = 0; -} - -struct regional* -regional_create_custom(size_t size) -{ - struct regional* r = (struct regional*)malloc(size); - log_assert(sizeof(struct regional) <= size); - if(!r) return NULL; - r->first_size = size; - regional_init(r); - return r; -} - -void -regional_free_all(struct regional *r) -{ - char* p = r->next, *np; - while(p) { - np = *(char**)p; - free(p); - p = np; - } - p = r->large_list; - while(p) { - np = *(char**)p; - free(p); - p = np; - } - regional_init(r); -} - -void -regional_destroy(struct regional *r) -{ - if(!r) return; - regional_free_all(r); - free(r); -} - -void * -regional_alloc(struct regional *r, size_t size) -{ - size_t a = ALIGN_UP(size, ALIGNMENT); - void *s; - /* large objects */ - if(a > REGIONAL_LARGE_OBJECT_SIZE) { - s = malloc(ALIGNMENT + size); - if(!s) return NULL; - r->total_large += ALIGNMENT+size; - *(char**)s = r->large_list; - r->large_list = (char*)s; - return (char*)s+ALIGNMENT; - } - /* create a new chunk */ - if(a > r->available) { - s = malloc(REGIONAL_CHUNK_SIZE); - if(!s) return NULL; - *(char**)s = r->next; - r->next = (char*)s; - r->data = (char*)s + ALIGNMENT; - r->available = REGIONAL_CHUNK_SIZE - ALIGNMENT; - } - /* put in this chunk */ - r->available -= a; - s = r->data; - r->data += a; - return s; -} - -void * -regional_alloc_init(struct regional* r, const void *init, size_t size) -{ - void *s = regional_alloc(r, size); - if(!s) return NULL; - memcpy(s, init, size); - return s; -} - -void * -regional_alloc_zero(struct regional *r, size_t size) -{ - void *s = regional_alloc(r, size); - if(!s) return NULL; - memset(s, 0, size); - return s; -} - -char * -regional_strdup(struct regional *r, const char *string) -{ - return (char*)regional_alloc_init(r, string, strlen(string)+1); -} - -/** - * reasonably slow, but stats and get_mem are not supposed to be fast - * count the number of chunks in use - */ -static size_t -count_chunks(struct regional* r) -{ - size_t c = 1; - char* p = r->next; - while(p) { - c++; - p = *(char**)p; - } - return c; -} - -/** - * also reasonably slow, counts the number of large objects - */ -static size_t -count_large(struct regional* r) -{ - size_t c = 0; - char* p = r->large_list; - while(p) { - c++; - p = *(char**)p; - } - return c; -} - -void -regional_log_stats(struct regional *r) -{ - /* some basic assertions put here (non time critical code) */ - log_assert(ALIGNMENT >= sizeof(char*)); - log_assert(REGIONAL_CHUNK_SIZE > ALIGNMENT); - log_assert(REGIONAL_CHUNK_SIZE-ALIGNMENT > REGIONAL_LARGE_OBJECT_SIZE); - log_assert(REGIONAL_CHUNK_SIZE >= sizeof(struct regional)); - /* debug print */ - log_info("regional %u chunks, %u large", - (unsigned)count_chunks(r), (unsigned)count_large(r)); -} - -size_t -regional_get_mem(struct regional* r) -{ - return r->first_size + (count_chunks(r)-1)*REGIONAL_CHUNK_SIZE - + r->total_large; -} diff --git a/external/unbound/util/regional.h b/external/unbound/util/regional.h deleted file mode 100644 index e8b2cb8d0..000000000 --- a/external/unbound/util/regional.h +++ /dev/null @@ -1,150 +0,0 @@ -/* - * regional.h -- region based memory allocator. - * - * Copyright (c) 2007, NLnet Labs. All rights reserved. - * - * This software is open source. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * Redistributions of source code must retain the above copyright notice, - * this list of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, - * this list of conditions and the following disclaimer in the documentation - * and/or other materials provided with the distribution. - * - * Neither the name of the NLNET LABS nor the names of its contributors may - * be used to endorse or promote products derived from this software without - * specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR - * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT - * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED - * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR - * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF - * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING - * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -/** - * \file - * Regional allocator. Allocates small portions of of larger chunks. - * Based on region-allocator from NSD, but rewritten to be light. - * - * Different from (nsd) region-allocator.h - * o does not have recycle bin - * o does not collect stats; just enough to answer get_mem() in use. - * o does not keep cleanup list - * o does not have function pointers to setup - * o allocs the regional struct inside the first block. - * o can take a block to create regional from. - * o blocks and large allocations are kept on singly linked lists. - */ - -#ifndef UTIL_REGIONAL_H_ -#define UTIL_REGIONAL_H_ - -/** - * the regional* is the first block*. - * every block has a ptr to the next in first bytes. - * and so does the regional struct, which is the first block. - */ -struct regional -{ - /** - * next chunk. NULL if first chunk is the only chunk. - * first inside that chunk is the char* next pointer. - * When regional_free_all() has been called this value is NULL. - */ - char* next; - /** first large object, cast to char** to obtain next ptr */ - char* large_list; - /** total large size */ - size_t total_large; - /** initial chunk size */ - size_t first_size; - /** number of bytes available in the current chunk. */ - size_t available; - /** current chunk data position. */ - char* data; -}; - -/** - * Create a new regional. - * @return: newly allocated regional. - */ -struct regional* regional_create(void); - -/** - * Create a new region, with custom settings. - * @param size: length of first block. - * @return: newly allocated regional. - */ -struct regional* regional_create_custom(size_t size); - -/** - * Free all memory associated with regional. Only keeps the first block with - * the regional inside it. - * @param r: the region. - */ -void regional_free_all(struct regional *r); - -/** - * Destroy regional. All memory associated with regional is freed as if - * regional_free_all was called, as well as destroying the regional struct. - * @param r: to delete. - */ -void regional_destroy(struct regional *r); - -/** - * Allocate size bytes of memory inside regional. The memory is - * deallocated when region_free_all is called for this region. - * @param r: the region. - * @param size: number of bytes. - * @return: pointer to memory allocated. - */ -void *regional_alloc(struct regional *r, size_t size); - -/** - * Allocate size bytes of memory inside regional and copy INIT into it. - * The memory is deallocated when region_free_all is called for this - * region. - * @param r: the region. - * @param init: to copy. - * @param size: number of bytes. - * @return: pointer to memory allocated. - */ -void *regional_alloc_init(struct regional* r, const void *init, size_t size); - -/** - * Allocate size bytes of memory inside regional that are initialized to - * 0. The memory is deallocated when region_free_all is called for - * this region. - * @param r: the region. - * @param size: number of bytes. - * @return: pointer to memory allocated. - */ -void *regional_alloc_zero(struct regional *r, size_t size); - -/** - * Duplicate string and allocate the result in regional. - * @param r: the region. - * @param string: null terminated string. - * @return: pointer to memory allocated. - */ -char *regional_strdup(struct regional *r, const char *string); - -/** Debug print regional statistics to log */ -void regional_log_stats(struct regional *r); - -/** get total memory size in use by region */ -size_t regional_get_mem(struct regional* r); - -#endif /* UTIL_REGIONAL_H_ */ diff --git a/external/unbound/util/rtt.c b/external/unbound/util/rtt.c deleted file mode 100644 index 5d86f1337..000000000 --- a/external/unbound/util/rtt.c +++ /dev/null @@ -1,121 +0,0 @@ -/* - * util/rtt.c - UDP round trip time estimator for resend timeouts. - * - * Copyright (c) 2007, NLnet Labs. All rights reserved. - * - * This software is open source. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * Redistributions of source code must retain the above copyright notice, - * this list of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, - * this list of conditions and the following disclaimer in the documentation - * and/or other materials provided with the distribution. - * - * Neither the name of the NLNET LABS nor the names of its contributors may - * be used to endorse or promote products derived from this software without - * specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR - * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT - * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED - * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR - * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF - * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING - * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -/** - * \file - * - * This file contains a data type and functions to help estimate good - * round trip times for UDP resend timeout values. - */ -#include "config.h" -#include "util/rtt.h" - -/* overwritten by config: infra_cache_min_rtt: */ -int RTT_MIN_TIMEOUT = 50; -/** calculate RTO from rtt information */ -static int -calc_rto(const struct rtt_info* rtt) -{ - /* From Stevens, Unix Network Programming, Vol1, 3rd ed., p.598 */ - int rto = rtt->srtt + 4*rtt->rttvar; - if(rto < RTT_MIN_TIMEOUT) - rto = RTT_MIN_TIMEOUT; - if(rto > RTT_MAX_TIMEOUT) - rto = RTT_MAX_TIMEOUT; - return rto; -} - -void -rtt_init(struct rtt_info* rtt) -{ - rtt->srtt = 0; - rtt->rttvar = 94; - rtt->rto = calc_rto(rtt); - /* default value from the book is 0 + 4*0.75 = 3 seconds */ - /* first RTO is 0 + 4*0.094 = 0.376 seconds */ -} - -int -rtt_timeout(const struct rtt_info* rtt) -{ - return rtt->rto; -} - -int -rtt_unclamped(const struct rtt_info* rtt) -{ - if(calc_rto(rtt) != rtt->rto) { - /* timeout fallback has happened */ - return rtt->rto; - } - /* return unclamped value */ - return rtt->srtt + 4*rtt->rttvar; -} - -void -rtt_update(struct rtt_info* rtt, int ms) -{ - int delta = ms - rtt->srtt; - rtt->srtt += delta / 8; /* g = 1/8 */ - if(delta < 0) - delta = -delta; /* |delta| */ - rtt->rttvar += (delta - rtt->rttvar) / 4; /* h = 1/4 */ - rtt->rto = calc_rto(rtt); -} - -void -rtt_lost(struct rtt_info* rtt, int orig) -{ - /* exponential backoff */ - - /* if a query succeeded and put down the rto meanwhile, ignore this */ - if(rtt->rto < orig) - return; - - /* the original rto is doubled, not the current one to make sure - * that the values in the cache are not increased by lots of - * queries simultaneously as they time out at the same time */ - orig *= 2; - if(rtt->rto <= orig) { - rtt->rto = orig; - if(rtt->rto > RTT_MAX_TIMEOUT) - rtt->rto = RTT_MAX_TIMEOUT; - } -} - -int rtt_notimeout(const struct rtt_info* rtt) -{ - return calc_rto(rtt); -} diff --git a/external/unbound/util/rtt.h b/external/unbound/util/rtt.h deleted file mode 100644 index 07e65ee1d..000000000 --- a/external/unbound/util/rtt.h +++ /dev/null @@ -1,107 +0,0 @@ -/* - * util/rtt.h - UDP round trip time estimator for resend timeouts. - * - * Copyright (c) 2007, NLnet Labs. All rights reserved. - * - * This software is open source. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * Redistributions of source code must retain the above copyright notice, - * this list of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, - * this list of conditions and the following disclaimer in the documentation - * and/or other materials provided with the distribution. - * - * Neither the name of the NLNET LABS nor the names of its contributors may - * be used to endorse or promote products derived from this software without - * specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR - * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT - * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED - * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR - * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF - * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING - * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -/** - * \file - * - * This file contains a data type and functions to help estimate good - * round trip times for UDP resend timeout values. - */ - -#ifndef UTIL_RTT_H -#define UTIL_RTT_H - -/** - * RTT information. Keeps packet Round Trip Time. - */ -struct rtt_info { - /** smoothed rtt estimator, in milliseconds */ - int srtt; - /** smoothed mean deviation, in milliseconds */ - int rttvar; - /** current RTO in use, in milliseconds */ - int rto; -}; - -/** min retransmit timeout value, in milliseconds */ -extern int RTT_MIN_TIMEOUT; -/** max retransmit timeout value, in milliseconds */ -#define RTT_MAX_TIMEOUT 120000 - -/** - * Initialize RTT estimators. - * @param rtt: The structure. Caller is responsible for allocation of it. - */ -void rtt_init(struct rtt_info* rtt); - -/** - * Get timeout to use for sending a UDP packet. - * @param rtt: round trip statistics structure. - * @return: timeout to use in milliseconds. Relative time value. - */ -int rtt_timeout(const struct rtt_info* rtt); - -/** - * Get unclamped timeout to use for server selection. - * Recent timeouts are reflected in the returned value. - * @param rtt: round trip statistics structure. - * @return: value to use in milliseconds. - */ -int rtt_unclamped(const struct rtt_info* rtt); - -/** - * RTT for valid responses. Without timeouts. - * @param rtt: round trip statistics structure. - * @return: value in msec. - */ -int rtt_notimeout(const struct rtt_info* rtt); - -/** - * Update the statistics with a new roundtrip estimate observation. - * @param rtt: round trip statistics structure. - * @param ms: estimate of roundtrip time in milliseconds. - */ -void rtt_update(struct rtt_info* rtt, int ms); - -/** - * Update the statistics with a new timeout expired observation. - * @param rtt: round trip statistics structure. - * @param orig: original rtt time given for the query that timed out. - * Used to calculate the maximum responsible backed off time that - * can reasonably be applied. - */ -void rtt_lost(struct rtt_info* rtt, int orig); - -#endif /* UTIL_RTT_H */ diff --git a/external/unbound/util/shm_side/shm_main.c b/external/unbound/util/shm_side/shm_main.c deleted file mode 100644 index cab9aed56..000000000 --- a/external/unbound/util/shm_side/shm_main.c +++ /dev/null @@ -1,286 +0,0 @@ -/* - * util/shm_side/shm_main.c - SHM for statistics transport - * - * Copyright (c) 2017, NLnet Labs. All rights reserved. - * - * This software is open source. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * Redistributions of source code must retain the above copyright notice, - * this list of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, - * this list of conditions and the following disclaimer in the documentation - * and/or other materials provided with the distribution. - * - * Neither the name of the NLNET LABS nor the names of its contributors may - * be used to endorse or promote products derived from this software without - * specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR - * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT - * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED - * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR - * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF - * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING - * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -/** - * \file - * - * This file contains functions for the SHM implementation. - */ - -#include "config.h" -#include -#include -#ifdef HAVE_SYS_IPC_H -#include -#endif -#ifdef HAVE_SYS_SHM_H -#include -#endif -#include -#include -#include "shm_main.h" -#include "daemon/daemon.h" -#include "daemon/worker.h" -#include "daemon/stats.h" -#include "services/mesh.h" -#include "services/cache/rrset.h" -#include "services/cache/infra.h" -#include "validator/validator.h" -#include "util/config_file.h" -#include "util/fptr_wlist.h" -#include "util/log.h" - -#ifdef HAVE_SHMGET -/** subtract timers and the values do not overflow or become negative */ -static void -timeval_subtract(struct timeval* d, const struct timeval* end, - const struct timeval* start) -{ -#ifndef S_SPLINT_S - time_t end_usec = end->tv_usec; - d->tv_sec = end->tv_sec - start->tv_sec; - if(end_usec < start->tv_usec) { - end_usec += 1000000; - d->tv_sec--; - } - d->tv_usec = end_usec - start->tv_usec; -#endif -} -#endif /* HAVE_SHMGET */ - -int shm_main_init(struct daemon* daemon) -{ -#ifdef HAVE_SHMGET - struct shm_stat_info *shm_stat; - size_t shm_size; - - /* sanitize */ - if(!daemon) - return 0; - if(!daemon->cfg->shm_enable) - return 1; - if(daemon->cfg->stat_interval == 0) - log_warn("shm-enable is yes but statistics-interval is 0"); - - /* Statistics to maintain the number of thread + total */ - shm_size = (sizeof(struct stats_info) * (daemon->num + 1)); - - /* Allocation of needed memory */ - daemon->shm_info = (struct shm_main_info*)calloc(1, shm_size); - - /* Sanitize */ - if(!daemon->shm_info) { - log_err("shm fail: malloc failure"); - return 0; - } - - daemon->shm_info->key = daemon->cfg->shm_key; - - /* Check for previous create SHM */ - daemon->shm_info->id_ctl = shmget(daemon->shm_info->key, sizeof(int), SHM_R); - daemon->shm_info->id_arr = shmget(daemon->shm_info->key + 1, sizeof(int), SHM_R); - - /* Destroy previous SHM */ - if (daemon->shm_info->id_ctl >= 0) - shmctl(daemon->shm_info->id_ctl, IPC_RMID, NULL); - - /* Destroy previous SHM */ - if (daemon->shm_info->id_arr >= 0) - shmctl(daemon->shm_info->id_arr, IPC_RMID, NULL); - - /* SHM: Create the segment */ - daemon->shm_info->id_ctl = shmget(daemon->shm_info->key, sizeof(struct shm_stat_info), IPC_CREAT | 0666); - - if (daemon->shm_info->id_ctl < 0) - { - log_err("SHM failed(id_ctl) cannot shmget(key %d) %s", - daemon->shm_info->key, strerror(errno)); - - /* Just release memory unused */ - free(daemon->shm_info); - - return 0; - } - - daemon->shm_info->id_arr = shmget(daemon->shm_info->key + 1, shm_size, IPC_CREAT | 0666); - - if (daemon->shm_info->id_arr < 0) - { - log_err("SHM failed(id_arr) cannot shmget(key %d + 1) %s", - daemon->shm_info->key, strerror(errno)); - - /* Just release memory unused */ - free(daemon->shm_info); - - return 0; - } - - /* SHM: attach the segment */ - daemon->shm_info->ptr_ctl = (struct shm_stat_info*) - shmat(daemon->shm_info->id_ctl, NULL, 0); - if(daemon->shm_info->ptr_ctl == (void *) -1) { - log_err("SHM failed(ctl) cannot shmat(%d) %s", - daemon->shm_info->id_ctl, strerror(errno)); - - /* Just release memory unused */ - free(daemon->shm_info); - - return 0; - } - - daemon->shm_info->ptr_arr = (struct stats_info*) - shmat(daemon->shm_info->id_arr, NULL, 0); - - if (daemon->shm_info->ptr_arr == (void *) -1) - { - log_err("SHM failed(arr) cannot shmat(%d) %s", - daemon->shm_info->id_arr, strerror(errno)); - - /* Just release memory unused */ - free(daemon->shm_info); - - return 0; - } - - /* Zero fill SHM to stand clean while is not filled by other events */ - memset(daemon->shm_info->ptr_ctl, 0, sizeof(struct shm_stat_info)); - memset(daemon->shm_info->ptr_arr, 0, shm_size); - - shm_stat = daemon->shm_info->ptr_ctl; - shm_stat->num_threads = daemon->num; - -#else - (void)daemon; -#endif /* HAVE_SHMGET */ - return 1; -} - -void shm_main_shutdown(struct daemon* daemon) -{ -#ifdef HAVE_SHMGET - /* web are OK, just disabled */ - if(!daemon->cfg->shm_enable) - return; - - verbose(VERB_DETAIL, "SHM shutdown - KEY [%d] - ID CTL [%d] ARR [%d] - PTR CTL [%p] ARR [%p]", - daemon->shm_info->key, daemon->shm_info->id_ctl, daemon->shm_info->id_arr, daemon->shm_info->ptr_ctl, daemon->shm_info->ptr_arr); - - /* Destroy previous SHM */ - if (daemon->shm_info->id_ctl >= 0) - shmctl(daemon->shm_info->id_ctl, IPC_RMID, NULL); - - if (daemon->shm_info->id_arr >= 0) - shmctl(daemon->shm_info->id_arr, IPC_RMID, NULL); - - if (daemon->shm_info->ptr_ctl) - shmdt(daemon->shm_info->ptr_ctl); - - if (daemon->shm_info->ptr_arr) - shmdt(daemon->shm_info->ptr_arr); - -#else - (void)daemon; -#endif /* HAVE_SHMGET */ -} - -void shm_main_run(struct worker *worker) -{ -#ifdef HAVE_SHMGET - struct shm_stat_info *shm_stat; - struct stats_info *stat_total; - struct stats_info *stat_info; - int modstack; - int offset; - - verbose(VERB_DETAIL, "SHM run - worker [%d] - daemon [%p] - timenow(%u) - timeboot(%u)", - worker->thread_num, worker->daemon, (unsigned)worker->env.now_tv->tv_sec, (unsigned)worker->daemon->time_boot.tv_sec); - - offset = worker->thread_num + 1; - stat_total = worker->daemon->shm_info->ptr_arr; - stat_info = worker->daemon->shm_info->ptr_arr + offset; - - /* Copy data to the current position */ - server_stats_compile(worker, stat_info, 0); - - /* First thread, zero fill total, and copy general info */ - if (worker->thread_num == 0) { - - /* Copy data to the current position */ - memset(stat_total, 0, sizeof(struct stats_info)); - - /* Point to data into SHM */ - shm_stat = worker->daemon->shm_info->ptr_ctl; - shm_stat->time.now = *worker->env.now_tv; - - timeval_subtract(&shm_stat->time.up, &shm_stat->time.now, &worker->daemon->time_boot); - timeval_subtract(&shm_stat->time.elapsed, &shm_stat->time.now, &worker->daemon->time_last_stat); - - shm_stat->mem.msg = slabhash_get_mem(worker->env.msg_cache); - shm_stat->mem.rrset = slabhash_get_mem(&worker->env.rrset_cache->table); - shm_stat->mem.val = 0; - shm_stat->mem.iter = 0; - - modstack = modstack_find(&worker->env.mesh->mods, "validator"); - if(modstack != -1) { - fptr_ok(fptr_whitelist_mod_get_mem(worker->env.mesh->mods.mod[modstack]->get_mem)); - shm_stat->mem.val = (*worker->env.mesh->mods.mod[modstack]->get_mem)(&worker->env, modstack); - } - modstack = modstack_find(&worker->env.mesh->mods, "iterator"); - if(modstack != -1) { - fptr_ok(fptr_whitelist_mod_get_mem(worker->env.mesh->mods.mod[modstack]->get_mem)); - shm_stat->mem.iter = (*worker->env.mesh->mods.mod[modstack]->get_mem)(&worker->env, modstack); - } - /* subnet mem value is available in shm, also when not enabled, - * to make the struct easier to memmap by other applications, - * independent of the configuration of unbound */ - shm_stat->mem.subnet = 0; -#ifdef CLIENT_SUBNET - modstack = modstack_find(&worker->env.mesh->mods, "subnet"); - if(modstack != -1) { - fptr_ok(fptr_whitelist_mod_get_mem(worker->env.mesh->mods.mod[modstack]->get_mem)); - shm_stat->mem.subnet = (*worker->env.mesh->mods.mod[modstack]->get_mem)(&worker->env, modstack); - } -#endif - } - - server_stats_add(stat_total, stat_info); - - /* print the thread statistics */ - stat_total->mesh_time_median /= (double)worker->daemon->num; - -#else - (void)worker; -#endif /* HAVE_SHMGET */ -} diff --git a/external/unbound/util/shm_side/shm_main.h b/external/unbound/util/shm_side/shm_main.h deleted file mode 100644 index 8e4f4d051..000000000 --- a/external/unbound/util/shm_side/shm_main.h +++ /dev/null @@ -1,86 +0,0 @@ -/* - * util/shm_side/shm_main.h - control the shared memory for unbound. - * - * Copyright (c) 2007, NLnet Labs. All rights reserved. - * - * This software is open source. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * Redistributions of source code must retain the above copyright notice, - * this list of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, - * this list of conditions and the following disclaimer in the documentation - * and/or other materials provided with the distribution. - * - * Neither the name of the NLNET LABS nor the names of its contributors may - * be used to endorse or promote products derived from this software without - * specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR - * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT - * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED - * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR - * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF - * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING - * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -/** - * \file - * - * This file contains functions for the SHM side. - */ - -#ifndef UTIL_SHM_SIDE_MAIN_H -#define UTIL_SHM_SIDE_MAIN_H -struct daemon; -struct worker; - -/** Some global statistics that are not in struct stats_info, - * this struct is shared on a shm segment */ -struct shm_stat_info { - - int num_threads; - - struct { - struct timeval now; - struct timeval up; - struct timeval elapsed; - } time; - - struct { - size_t msg; - size_t rrset; - size_t val; - size_t iter; - size_t subnet; - } mem; -}; - -/** - * The SHM info. - */ -struct shm_main_info { - /** stats_info array, shared memory segment. - * [0] is totals, [1..thread_num] are per-thread stats */ - struct stats_info* ptr_arr; - /** the global stats block, shared memory segment */ - struct shm_stat_info* ptr_ctl; - int key; - int id_ctl; - int id_arr; -}; - -int shm_main_init(struct daemon* daemon); -void shm_main_shutdown(struct daemon* daemon); -void shm_main_run(struct worker *worker); - -#endif /* UTIL_SHM_SIDE_MAIN_H */ diff --git a/external/unbound/util/storage/dnstree.c b/external/unbound/util/storage/dnstree.c deleted file mode 100644 index 190369d85..000000000 --- a/external/unbound/util/storage/dnstree.c +++ /dev/null @@ -1,295 +0,0 @@ -/* - * util/storage/dnstree.c - support for rbtree types suitable for DNS code. - * - * Copyright (c) 2008, NLnet Labs. All rights reserved. - * - * This software is open source. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * Redistributions of source code must retain the above copyright notice, - * this list of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, - * this list of conditions and the following disclaimer in the documentation - * and/or other materials provided with the distribution. - * - * Neither the name of the NLNET LABS nor the names of its contributors may - * be used to endorse or promote products derived from this software without - * specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR - * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT - * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED - * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR - * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF - * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING - * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -/** - * \file - * - * This file contains structures combining types and functions to - * manipulate those structures that help building DNS lookup trees. - */ -#include "config.h" -#include "util/storage/dnstree.h" -#include "util/data/dname.h" -#include "util/net_help.h" - -int name_tree_compare(const void* k1, const void* k2) -{ - struct name_tree_node* x = (struct name_tree_node*)k1; - struct name_tree_node* y = (struct name_tree_node*)k2; - int m; - if(x->dclass != y->dclass) { - if(x->dclass < y->dclass) - return -1; - return 1; - } - return dname_lab_cmp(x->name, x->labs, y->name, y->labs, &m); -} - -int addr_tree_compare(const void* k1, const void* k2) -{ - struct addr_tree_node* n1 = (struct addr_tree_node*)k1; - struct addr_tree_node* n2 = (struct addr_tree_node*)k2; - int r = sockaddr_cmp_addr(&n1->addr, n1->addrlen, &n2->addr, - n2->addrlen); - if(r != 0) return r; - if(n1->net < n2->net) - return -1; - if(n1->net > n2->net) - return 1; - return 0; -} - -void name_tree_init(rbtree_type* tree) -{ - rbtree_init(tree, &name_tree_compare); -} - -void addr_tree_init(rbtree_type* tree) -{ - rbtree_init(tree, &addr_tree_compare); -} - -int name_tree_insert(rbtree_type* tree, struct name_tree_node* node, - uint8_t* name, size_t len, int labs, uint16_t dclass) -{ - node->node.key = node; - node->name = name; - node->len = len; - node->labs = labs; - node->dclass = dclass; - node->parent = NULL; - return rbtree_insert(tree, &node->node) != NULL; -} - -int addr_tree_insert(rbtree_type* tree, struct addr_tree_node* node, - struct sockaddr_storage* addr, socklen_t addrlen, int net) -{ - node->node.key = node; - memcpy(&node->addr, addr, addrlen); - node->addrlen = addrlen; - node->net = net; - node->parent = NULL; - return rbtree_insert(tree, &node->node) != NULL; -} - -void addr_tree_init_parents(rbtree_type* tree) -{ - struct addr_tree_node* node, *prev = NULL, *p; - int m; - RBTREE_FOR(node, struct addr_tree_node*, tree) { - node->parent = NULL; - if(!prev || prev->addrlen != node->addrlen) { - prev = node; - continue; - } - m = addr_in_common(&prev->addr, prev->net, &node->addr, - node->net, node->addrlen); - /* sort order like: ::/0, 1::/2, 1::/4, ... 2::/2 */ - /* find the previous, or parent-parent-parent */ - for(p = prev; p; p = p->parent) - if(p->net <= m) { - /* ==: since prev matched m, this is closest*/ - /* <: prev matches more, but is not a parent, - * this one is a (grand)parent */ - node->parent = p; - break; - } - prev = node; - } -} - -void name_tree_init_parents(rbtree_type* tree) -{ - struct name_tree_node* node, *prev = NULL, *p; - int m; - RBTREE_FOR(node, struct name_tree_node*, tree) { - node->parent = NULL; - if(!prev || prev->dclass != node->dclass) { - prev = node; - continue; - } - (void)dname_lab_cmp(prev->name, prev->labs, node->name, - node->labs, &m); /* we know prev is smaller */ - /* sort order like: . com. bla.com. zwb.com. net. */ - /* find the previous, or parent-parent-parent */ - for(p = prev; p; p = p->parent) - if(p->labs <= m) { - /* ==: since prev matched m, this is closest*/ - /* <: prev matches more, but is not a parent, - * this one is a (grand)parent */ - node->parent = p; - break; - } - prev = node; - } -} - -struct name_tree_node* name_tree_find(rbtree_type* tree, uint8_t* name, - size_t len, int labs, uint16_t dclass) -{ - struct name_tree_node key; - key.node.key = &key; - key.name = name; - key.len = len; - key.labs = labs; - key.dclass = dclass; - return (struct name_tree_node*)rbtree_search(tree, &key); -} - -struct name_tree_node* name_tree_lookup(rbtree_type* tree, uint8_t* name, - size_t len, int labs, uint16_t dclass) -{ - rbnode_type* res = NULL; - struct name_tree_node *result; - struct name_tree_node key; - key.node.key = &key; - key.name = name; - key.len = len; - key.labs = labs; - key.dclass = dclass; - if(rbtree_find_less_equal(tree, &key, &res)) { - /* exact */ - result = (struct name_tree_node*)res; - } else { - /* smaller element (or no element) */ - int m; - result = (struct name_tree_node*)res; - if(!result || result->dclass != dclass) - return NULL; - /* count number of labels matched */ - (void)dname_lab_cmp(result->name, result->labs, key.name, - key.labs, &m); - while(result) { /* go up until qname is subdomain of stub */ - if(result->labs <= m) - break; - result = result->parent; - } - } - return result; -} - -struct addr_tree_node* addr_tree_lookup(rbtree_type* tree, - struct sockaddr_storage* addr, socklen_t addrlen) -{ - rbnode_type* res = NULL; - struct addr_tree_node* result; - struct addr_tree_node key; - key.node.key = &key; - memcpy(&key.addr, addr, addrlen); - key.addrlen = addrlen; - key.net = (addr_is_ip6(addr, addrlen)?128:32); - if(rbtree_find_less_equal(tree, &key, &res)) { - /* exact */ - return (struct addr_tree_node*)res; - } else { - /* smaller element (or no element) */ - int m; - result = (struct addr_tree_node*)res; - if(!result || result->addrlen != addrlen) - return 0; - /* count number of bits matched */ - m = addr_in_common(&result->addr, result->net, addr, - key.net, addrlen); - while(result) { /* go up until addr is inside netblock */ - if(result->net <= m) - break; - result = result->parent; - } - } - return result; -} - -struct addr_tree_node* addr_tree_find(rbtree_type* tree, - struct sockaddr_storage* addr, socklen_t addrlen, int net) -{ - rbnode_type* res = NULL; - struct addr_tree_node key; - key.node.key = &key; - memcpy(&key.addr, addr, addrlen); - key.addrlen = addrlen; - key.net = net; - res = rbtree_search(tree, &key); - return (struct addr_tree_node*)res; -} - -int -name_tree_next_root(rbtree_type* tree, uint16_t* dclass) -{ - struct name_tree_node key; - rbnode_type* n; - struct name_tree_node* p; - if(*dclass == 0) { - /* first root item is first item in tree */ - n = rbtree_first(tree); - if(n == RBTREE_NULL) - return 0; - p = (struct name_tree_node*)n; - if(dname_is_root(p->name)) { - *dclass = p->dclass; - return 1; - } - /* root not first item? search for higher items */ - *dclass = p->dclass + 1; - return name_tree_next_root(tree, dclass); - } - /* find class n in tree, we may get a direct hit, or if we don't - * this is the last item of the previous class so rbtree_next() takes - * us to the next root (if any) */ - key.node.key = &key; - key.name = (uint8_t*)"\000"; - key.len = 1; - key.labs = 0; - key.dclass = *dclass; - n = NULL; - if(rbtree_find_less_equal(tree, &key, &n)) { - /* exact */ - return 1; - } else { - /* smaller element */ - if(!n || n == RBTREE_NULL) - return 0; /* nothing found */ - n = rbtree_next(n); - if(n == RBTREE_NULL) - return 0; /* no higher */ - p = (struct name_tree_node*)n; - if(dname_is_root(p->name)) { - *dclass = p->dclass; - return 1; - } - /* not a root node, return next higher item */ - *dclass = p->dclass+1; - return name_tree_next_root(tree, dclass); - } -} diff --git a/external/unbound/util/storage/dnstree.h b/external/unbound/util/storage/dnstree.h deleted file mode 100644 index 782644b63..000000000 --- a/external/unbound/util/storage/dnstree.h +++ /dev/null @@ -1,203 +0,0 @@ -/* - * util/storage/dnstree.h - support for rbtree types suitable for DNS code. - * - * Copyright (c) 2008, NLnet Labs. All rights reserved. - * - * This software is open source. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * Redistributions of source code must retain the above copyright notice, - * this list of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, - * this list of conditions and the following disclaimer in the documentation - * and/or other materials provided with the distribution. - * - * Neither the name of the NLNET LABS nor the names of its contributors may - * be used to endorse or promote products derived from this software without - * specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR - * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT - * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED - * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR - * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF - * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING - * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -/** - * \file - * - * This file contains structures combining types and functions to - * manipulate those structures that help building DNS lookup trees. - */ - -#ifndef UTIL_STORAGE_DNSTREE_H -#define UTIL_STORAGE_DNSTREE_H -#include "util/rbtree.h" - -/** - * Tree of domain names. Sorted first by class then by name. - * This is not sorted canonically, but fast. - * This can be looked up to obtain a closest encloser parent name. - * - * The tree itself is a rbtree_type. - * This is the element node put as first entry in the client structure. - */ -struct name_tree_node { - /** rbtree node, key is this struct : dclass and name */ - rbnode_type node; - /** parent in tree */ - struct name_tree_node* parent; - /** name in uncompressed wireformat */ - uint8_t* name; - /** length of name */ - size_t len; - /** labels in name */ - int labs; - /** the class of the name (host order) */ - uint16_t dclass; -}; - -/** - * Tree of IP addresses. Sorted first by protocol, then by bits. - * This can be looked up to obtain the enclosing subnet. - * - * The tree itself is a rbtree_type. - * This is the element node put as first entry in the client structure. - */ -struct addr_tree_node { - /** rbtree node, key is this struct : proto and subnet */ - rbnode_type node; - /** parent in tree */ - struct addr_tree_node* parent; - /** address */ - struct sockaddr_storage addr; - /** length of addr */ - socklen_t addrlen; - /** netblock size */ - int net; -}; - -/** - * Init a name tree to be empty - * @param tree: to init. - */ -void name_tree_init(rbtree_type* tree); - -/** - * insert element into name tree. - * @param tree: name tree - * @param node: node element (at start of a structure that caller - * has allocated). - * @param name: name to insert (wireformat) - * this node has been allocated by the caller and it itself inserted. - * @param len: length of name - * @param labs: labels in name - * @param dclass: class of name - * @return false on error (duplicate element). - */ -int name_tree_insert(rbtree_type* tree, struct name_tree_node* node, - uint8_t* name, size_t len, int labs, uint16_t dclass); - -/** - * Initialize parent pointers in name tree. - * Should be performed after insertions are done, before lookups - * @param tree: name tree - */ -void name_tree_init_parents(rbtree_type* tree); - -/** - * Lookup exact match in name tree - * @param tree: name tree - * @param name: wireformat name - * @param len: length of name - * @param labs: labels in name - * @param dclass: class of name - * @return node or NULL if not found. - */ -struct name_tree_node* name_tree_find(rbtree_type* tree, uint8_t* name, - size_t len, int labs, uint16_t dclass); - -/** - * Lookup closest encloser in name tree. - * @param tree: name tree - * @param name: wireformat name - * @param len: length of name - * @param labs: labels in name - * @param dclass: class of name - * @return closest enclosing node (could be equal) or NULL if not found. - */ -struct name_tree_node* name_tree_lookup(rbtree_type* tree, uint8_t* name, - size_t len, int labs, uint16_t dclass); - -/** - * Find next root item in name tree. - * @param tree: the nametree. - * @param dclass: the class to look for next (or higher). - * @return false if no classes found, true means class put into c. - */ -int name_tree_next_root(rbtree_type* tree, uint16_t* dclass); - -/** - * Init addr tree to be empty. - * @param tree: to init. - */ -void addr_tree_init(rbtree_type* tree); - -/** - * insert element into addr tree. - * @param tree: addr tree - * @param node: node element (at start of a structure that caller - * has allocated). - * @param addr: to insert (copied). - * @param addrlen: length of addr - * @param net: size of subnet. - * @return false on error (duplicate element). - */ -int addr_tree_insert(rbtree_type* tree, struct addr_tree_node* node, - struct sockaddr_storage* addr, socklen_t addrlen, int net); - -/** - * Initialize parent pointers in addr tree. - * Should be performed after insertions are done, before lookups - * @param tree: addr tree - */ -void addr_tree_init_parents(rbtree_type* tree); - -/** - * Lookup closest encloser in addr tree. - * @param tree: addr tree - * @param addr: to lookup. - * @param addrlen: length of addr - * @return closest enclosing node (could be equal) or NULL if not found. - */ -struct addr_tree_node* addr_tree_lookup(rbtree_type* tree, - struct sockaddr_storage* addr, socklen_t addrlen); - -/** - * Find element in addr tree. (search a netblock, not a match for an address) - * @param tree: addr tree - * @param addr: netblock to lookup. - * @param addrlen: length of addr - * @param net: size of subnet - * @return addr tree element, or NULL if not found. - */ -struct addr_tree_node* addr_tree_find(rbtree_type* tree, - struct sockaddr_storage* addr, socklen_t addrlen, int net); - -/** compare name tree nodes */ -int name_tree_compare(const void* k1, const void* k2); - -/** compare addr tree nodes */ -int addr_tree_compare(const void* k1, const void* k2); - -#endif /* UTIL_STORAGE_DNSTREE_H */ diff --git a/external/unbound/util/storage/lookup3.c b/external/unbound/util/storage/lookup3.c deleted file mode 100644 index e9b05af37..000000000 --- a/external/unbound/util/storage/lookup3.c +++ /dev/null @@ -1,1032 +0,0 @@ -/* - February 2013(Wouter) patch defines for BSD endianness, from Brad Smith. - January 2012(Wouter) added randomised initial value, fallout from 28c3. - March 2007(Wouter) adapted from lookup3.c original, add config.h include. - added #ifdef VALGRIND to remove 298,384,660 'unused variable k8' warnings. - added include of lookup3.h to check definitions match declarations. - removed include of stdint - config.h takes care of platform independence. - url http://burtleburtle.net/bob/hash/index.html. -*/ -/* -------------------------------------------------------------------------------- -lookup3.c, by Bob Jenkins, May 2006, Public Domain. - -These are functions for producing 32-bit hashes for hash table lookup. -hashword(), hashlittle(), hashlittle2(), hashbig(), mix(), and final() -are externally useful functions. Routines to test the hash are included -if SELF_TEST is defined. You can use this free for any purpose. It's in -the public domain. It has no warranty. - -You probably want to use hashlittle(). hashlittle() and hashbig() -hash byte arrays. hashlittle() is is faster than hashbig() on -little-endian machines. Intel and AMD are little-endian machines. -On second thought, you probably want hashlittle2(), which is identical to -hashlittle() except it returns two 32-bit hashes for the price of one. -You could implement hashbig2() if you wanted but I haven't bothered here. - -If you want to find a hash of, say, exactly 7 integers, do - a = i1; b = i2; c = i3; - mix(a,b,c); - a += i4; b += i5; c += i6; - mix(a,b,c); - a += i7; - final(a,b,c); -then use c as the hash value. If you have a variable length array of -4-byte integers to hash, use hashword(). If you have a byte array (like -a character string), use hashlittle(). If you have several byte arrays, or -a mix of things, see the comments above hashlittle(). - -Why is this so big? I read 12 bytes at a time into 3 4-byte integers, -then mix those integers. This is fast (you can do a lot more thorough -mixing with 12*3 instructions on 3 integers than you can with 3 instructions -on 1 byte), but shoehorning those bytes into integers efficiently is messy. -------------------------------------------------------------------------------- -*/ -/*#define SELF_TEST 1*/ - -#include "config.h" -#include "util/storage/lookup3.h" -#include /* defines printf for tests */ -#include /* defines time_t for timings in the test */ -/*#include defines uint32_t etc (from config.h) */ -#include /* attempt to define endianness */ -#ifdef HAVE_SYS_TYPES_H -# include /* attempt to define endianness (solaris) */ -#endif -#if defined(linux) || defined(__OpenBSD__) -# ifdef HAVE_ENDIAN_H -# include /* attempt to define endianness */ -# else -# include /* on older OpenBSD */ -# endif -#endif -#if defined(__FreeBSD__) || defined(__NetBSD__) || defined(__DragonFly__) -#include /* attempt to define endianness */ -#endif - -/* random initial value */ -static uint32_t raninit = (uint32_t)0xdeadbeef; - -void -hash_set_raninit(uint32_t v) -{ - raninit = v; -} - -/* - * My best guess at if you are big-endian or little-endian. This may - * need adjustment. - */ -#if (defined(__BYTE_ORDER) && defined(__LITTLE_ENDIAN) && \ - __BYTE_ORDER == __LITTLE_ENDIAN) || \ - (defined(i386) || defined(__i386__) || defined(__i486__) || \ - defined(__i586__) || defined(__i686__) || defined(vax) || defined(MIPSEL) || defined(__x86)) -# define HASH_LITTLE_ENDIAN 1 -# define HASH_BIG_ENDIAN 0 -#elif (defined(__BYTE_ORDER) && defined(__BIG_ENDIAN) && \ - __BYTE_ORDER == __BIG_ENDIAN) || \ - (defined(sparc) || defined(__sparc) || defined(__sparc__) || defined(POWERPC) || defined(mc68000) || defined(sel)) -# define HASH_LITTLE_ENDIAN 0 -# define HASH_BIG_ENDIAN 1 -#elif defined(_MACHINE_ENDIAN_H_) -/* test for machine_endian_h protects failure if some are empty strings */ -# if defined(_BYTE_ORDER) && defined(_BIG_ENDIAN) && _BYTE_ORDER == _BIG_ENDIAN -# define HASH_LITTLE_ENDIAN 0 -# define HASH_BIG_ENDIAN 1 -# endif -# if defined(_BYTE_ORDER) && defined(_LITTLE_ENDIAN) && _BYTE_ORDER == _LITTLE_ENDIAN -# define HASH_LITTLE_ENDIAN 1 -# define HASH_BIG_ENDIAN 0 -# endif /* _MACHINE_ENDIAN_H_ */ -#else -# define HASH_LITTLE_ENDIAN 0 -# define HASH_BIG_ENDIAN 0 -#endif - -#define hashsize(n) ((uint32_t)1<<(n)) -#define hashmask(n) (hashsize(n)-1) -#define rot(x,k) (((x)<<(k)) | ((x)>>(32-(k)))) - -/* -------------------------------------------------------------------------------- -mix -- mix 3 32-bit values reversibly. - -This is reversible, so any information in (a,b,c) before mix() is -still in (a,b,c) after mix(). - -If four pairs of (a,b,c) inputs are run through mix(), or through -mix() in reverse, there are at least 32 bits of the output that -are sometimes the same for one pair and different for another pair. -This was tested for: -* pairs that differed by one bit, by two bits, in any combination - of top bits of (a,b,c), or in any combination of bottom bits of - (a,b,c). -* "differ" is defined as +, -, ^, or ~^. For + and -, I transformed - the output delta to a Gray code (a^(a>>1)) so a string of 1's (as - is commonly produced by subtraction) look like a single 1-bit - difference. -* the base values were pseudorandom, all zero but one bit set, or - all zero plus a counter that starts at zero. - -Some k values for my "a-=c; a^=rot(c,k); c+=b;" arrangement that -satisfy this are - 4 6 8 16 19 4 - 9 15 3 18 27 15 - 14 9 3 7 17 3 -Well, "9 15 3 18 27 15" didn't quite get 32 bits diffing -for "differ" defined as + with a one-bit base and a two-bit delta. I -used http://burtleburtle.net/bob/hash/avalanche.html to choose -the operations, constants, and arrangements of the variables. - -This does not achieve avalanche. There are input bits of (a,b,c) -that fail to affect some output bits of (a,b,c), especially of a. The -most thoroughly mixed value is c, but it doesn't really even achieve -avalanche in c. - -This allows some parallelism. Read-after-writes are good at doubling -the number of bits affected, so the goal of mixing pulls in the opposite -direction as the goal of parallelism. I did what I could. Rotates -seem to cost as much as shifts on every machine I could lay my hands -on, and rotates are much kinder to the top and bottom bits, so I used -rotates. -------------------------------------------------------------------------------- -*/ -#define mix(a,b,c) \ -{ \ - a -= c; a ^= rot(c, 4); c += b; \ - b -= a; b ^= rot(a, 6); a += c; \ - c -= b; c ^= rot(b, 8); b += a; \ - a -= c; a ^= rot(c,16); c += b; \ - b -= a; b ^= rot(a,19); a += c; \ - c -= b; c ^= rot(b, 4); b += a; \ -} - -/* -------------------------------------------------------------------------------- -final -- final mixing of 3 32-bit values (a,b,c) into c - -Pairs of (a,b,c) values differing in only a few bits will usually -produce values of c that look totally different. This was tested for -* pairs that differed by one bit, by two bits, in any combination - of top bits of (a,b,c), or in any combination of bottom bits of - (a,b,c). -* "differ" is defined as +, -, ^, or ~^. For + and -, I transformed - the output delta to a Gray code (a^(a>>1)) so a string of 1's (as - is commonly produced by subtraction) look like a single 1-bit - difference. -* the base values were pseudorandom, all zero but one bit set, or - all zero plus a counter that starts at zero. - -These constants passed: - 14 11 25 16 4 14 24 - 12 14 25 16 4 14 24 -and these came close: - 4 8 15 26 3 22 24 - 10 8 15 26 3 22 24 - 11 8 15 26 3 22 24 -------------------------------------------------------------------------------- -*/ -#define final(a,b,c) \ -{ \ - c ^= b; c -= rot(b,14); \ - a ^= c; a -= rot(c,11); \ - b ^= a; b -= rot(a,25); \ - c ^= b; c -= rot(b,16); \ - a ^= c; a -= rot(c,4); \ - b ^= a; b -= rot(a,14); \ - c ^= b; c -= rot(b,24); \ -} - -/* --------------------------------------------------------------------- - This works on all machines. To be useful, it requires - -- that the key be an array of uint32_t's, and - -- that the length be the number of uint32_t's in the key - - The function hashword() is identical to hashlittle() on little-endian - machines, and identical to hashbig() on big-endian machines, - except that the length has to be measured in uint32_ts rather than in - bytes. hashlittle() is more complicated than hashword() only because - hashlittle() has to dance around fitting the key bytes into registers. --------------------------------------------------------------------- -*/ -uint32_t hashword( -const uint32_t *k, /* the key, an array of uint32_t values */ -size_t length, /* the length of the key, in uint32_ts */ -uint32_t initval) /* the previous hash, or an arbitrary value */ -{ - uint32_t a,b,c; - - /* Set up the internal state */ - a = b = c = raninit + (((uint32_t)length)<<2) + initval; - - /*------------------------------------------------- handle most of the key */ - while (length > 3) - { - a += k[0]; - b += k[1]; - c += k[2]; - mix(a,b,c); - length -= 3; - k += 3; - } - - /*------------------------------------------- handle the last 3 uint32_t's */ - switch(length) /* all the case statements fall through */ - { - case 3 : c+=k[2]; - case 2 : b+=k[1]; - case 1 : a+=k[0]; - final(a,b,c); - case 0: /* case 0: nothing left to add */ - break; - } - /*------------------------------------------------------ report the result */ - return c; -} - - -#ifdef SELF_TEST - -/* --------------------------------------------------------------------- -hashword2() -- same as hashword(), but take two seeds and return two -32-bit values. pc and pb must both be nonnull, and *pc and *pb must -both be initialized with seeds. If you pass in (*pb)==0, the output -(*pc) will be the same as the return value from hashword(). --------------------------------------------------------------------- -*/ -void hashword2 ( -const uint32_t *k, /* the key, an array of uint32_t values */ -size_t length, /* the length of the key, in uint32_ts */ -uint32_t *pc, /* IN: seed OUT: primary hash value */ -uint32_t *pb) /* IN: more seed OUT: secondary hash value */ -{ - uint32_t a,b,c; - - /* Set up the internal state */ - a = b = c = raninit + ((uint32_t)(length<<2)) + *pc; - c += *pb; - - /*------------------------------------------------- handle most of the key */ - while (length > 3) - { - a += k[0]; - b += k[1]; - c += k[2]; - mix(a,b,c); - length -= 3; - k += 3; - } - - /*------------------------------------------- handle the last 3 uint32_t's */ - switch(length) /* all the case statements fall through */ - { - case 3 : c+=k[2]; - case 2 : b+=k[1]; - case 1 : a+=k[0]; - final(a,b,c); - case 0: /* case 0: nothing left to add */ - break; - } - /*------------------------------------------------------ report the result */ - *pc=c; *pb=b; -} - -#endif /* SELF_TEST */ - -/* -------------------------------------------------------------------------------- -hashlittle() -- hash a variable-length key into a 32-bit value - k : the key (the unaligned variable-length array of bytes) - length : the length of the key, counting by bytes - initval : can be any 4-byte value -Returns a 32-bit value. Every bit of the key affects every bit of -the return value. Two keys differing by one or two bits will have -totally different hash values. - -The best hash table sizes are powers of 2. There is no need to do -mod a prime (mod is sooo slow!). If you need less than 32 bits, -use a bitmask. For example, if you need only 10 bits, do - h = (h & hashmask(10)); -In which case, the hash table should have hashsize(10) elements. - -If you are hashing n strings (uint8_t **)k, do it like this: - for (i=0, h=0; i 12) - { - a += k[0]; - b += k[1]; - c += k[2]; - mix(a,b,c); - length -= 12; - k += 3; - } - - /*----------------------------- handle the last (probably partial) block */ - /* - * "k[2]&0xffffff" actually reads beyond the end of the string, but - * then masks off the part it's not allowed to read. Because the - * string is aligned, the masked-off tail is in the same word as the - * rest of the string. Every machine with memory protection I've seen - * does it on word boundaries, so is OK with this. But VALGRIND will - * still catch it and complain. The masking trick does make the hash - * noticeably faster for short strings (like English words). - */ -#ifndef VALGRIND - - switch(length) - { - case 12: c+=k[2]; b+=k[1]; a+=k[0]; break; - case 11: c+=k[2]&0xffffff; b+=k[1]; a+=k[0]; break; - case 10: c+=k[2]&0xffff; b+=k[1]; a+=k[0]; break; - case 9 : c+=k[2]&0xff; b+=k[1]; a+=k[0]; break; - case 8 : b+=k[1]; a+=k[0]; break; - case 7 : b+=k[1]&0xffffff; a+=k[0]; break; - case 6 : b+=k[1]&0xffff; a+=k[0]; break; - case 5 : b+=k[1]&0xff; a+=k[0]; break; - case 4 : a+=k[0]; break; - case 3 : a+=k[0]&0xffffff; break; - case 2 : a+=k[0]&0xffff; break; - case 1 : a+=k[0]&0xff; break; - case 0 : return c; /* zero length strings require no mixing */ - } - -#else /* make valgrind happy */ - - k8 = (const uint8_t *)k; - switch(length) - { - case 12: c+=k[2]; b+=k[1]; a+=k[0]; break; - case 11: c+=((uint32_t)k8[10])<<16; /* fall through */ - case 10: c+=((uint32_t)k8[9])<<8; /* fall through */ - case 9 : c+=k8[8]; /* fall through */ - case 8 : b+=k[1]; a+=k[0]; break; - case 7 : b+=((uint32_t)k8[6])<<16; /* fall through */ - case 6 : b+=((uint32_t)k8[5])<<8; /* fall through */ - case 5 : b+=k8[4]; /* fall through */ - case 4 : a+=k[0]; break; - case 3 : a+=((uint32_t)k8[2])<<16; /* fall through */ - case 2 : a+=((uint32_t)k8[1])<<8; /* fall through */ - case 1 : a+=k8[0]; break; - case 0 : return c; - } - -#endif /* !valgrind */ - - } else if (HASH_LITTLE_ENDIAN && ((u.i & 0x1) == 0)) { - const uint16_t *k = (const uint16_t *)key; /* read 16-bit chunks */ - const uint8_t *k8; - - /*--------------- all but last block: aligned reads and different mixing */ - while (length > 12) - { - a += k[0] + (((uint32_t)k[1])<<16); - b += k[2] + (((uint32_t)k[3])<<16); - c += k[4] + (((uint32_t)k[5])<<16); - mix(a,b,c); - length -= 12; - k += 6; - } - - /*----------------------------- handle the last (probably partial) block */ - k8 = (const uint8_t *)k; - switch(length) - { - case 12: c+=k[4]+(((uint32_t)k[5])<<16); - b+=k[2]+(((uint32_t)k[3])<<16); - a+=k[0]+(((uint32_t)k[1])<<16); - break; - case 11: c+=((uint32_t)k8[10])<<16; /* fall through */ - case 10: c+=k[4]; - b+=k[2]+(((uint32_t)k[3])<<16); - a+=k[0]+(((uint32_t)k[1])<<16); - break; - case 9 : c+=k8[8]; /* fall through */ - case 8 : b+=k[2]+(((uint32_t)k[3])<<16); - a+=k[0]+(((uint32_t)k[1])<<16); - break; - case 7 : b+=((uint32_t)k8[6])<<16; /* fall through */ - case 6 : b+=k[2]; - a+=k[0]+(((uint32_t)k[1])<<16); - break; - case 5 : b+=k8[4]; /* fall through */ - case 4 : a+=k[0]+(((uint32_t)k[1])<<16); - break; - case 3 : a+=((uint32_t)k8[2])<<16; /* fall through */ - case 2 : a+=k[0]; - break; - case 1 : a+=k8[0]; - break; - case 0 : return c; /* zero length requires no mixing */ - } - - } else { /* need to read the key one byte at a time */ - const uint8_t *k = (const uint8_t *)key; - - /*--------------- all but the last block: affect some 32 bits of (a,b,c) */ - while (length > 12) - { - a += k[0]; - a += ((uint32_t)k[1])<<8; - a += ((uint32_t)k[2])<<16; - a += ((uint32_t)k[3])<<24; - b += k[4]; - b += ((uint32_t)k[5])<<8; - b += ((uint32_t)k[6])<<16; - b += ((uint32_t)k[7])<<24; - c += k[8]; - c += ((uint32_t)k[9])<<8; - c += ((uint32_t)k[10])<<16; - c += ((uint32_t)k[11])<<24; - mix(a,b,c); - length -= 12; - k += 12; - } - - /*-------------------------------- last block: affect all 32 bits of (c) */ - switch(length) /* all the case statements fall through */ - { - case 12: c+=((uint32_t)k[11])<<24; - case 11: c+=((uint32_t)k[10])<<16; - case 10: c+=((uint32_t)k[9])<<8; - case 9 : c+=k[8]; - case 8 : b+=((uint32_t)k[7])<<24; - case 7 : b+=((uint32_t)k[6])<<16; - case 6 : b+=((uint32_t)k[5])<<8; - case 5 : b+=k[4]; - case 4 : a+=((uint32_t)k[3])<<24; - case 3 : a+=((uint32_t)k[2])<<16; - case 2 : a+=((uint32_t)k[1])<<8; - case 1 : a+=k[0]; - break; - case 0 : return c; - } - } - - final(a,b,c); - return c; -} - -#ifdef SELF_TEST - -/* - * hashlittle2: return 2 32-bit hash values - * - * This is identical to hashlittle(), except it returns two 32-bit hash - * values instead of just one. This is good enough for hash table - * lookup with 2^^64 buckets, or if you want a second hash if you're not - * happy with the first, or if you want a probably-unique 64-bit ID for - * the key. *pc is better mixed than *pb, so use *pc first. If you want - * a 64-bit value do something like "*pc + (((uint64_t)*pb)<<32)". - */ -void hashlittle2( - const void *key, /* the key to hash */ - size_t length, /* length of the key */ - uint32_t *pc, /* IN: primary initval, OUT: primary hash */ - uint32_t *pb) /* IN: secondary initval, OUT: secondary hash */ -{ - uint32_t a,b,c; /* internal state */ - union { const void *ptr; size_t i; } u; /* needed for Mac Powerbook G4 */ - - /* Set up the internal state */ - a = b = c = raninit + ((uint32_t)length) + *pc; - c += *pb; - - u.ptr = key; - if (HASH_LITTLE_ENDIAN && ((u.i & 0x3) == 0)) { - const uint32_t *k = (const uint32_t *)key; /* read 32-bit chunks */ -#ifdef VALGRIND - const uint8_t *k8; -#endif - - /*------ all but last block: aligned reads and affect 32 bits of (a,b,c) */ - while (length > 12) - { - a += k[0]; - b += k[1]; - c += k[2]; - mix(a,b,c); - length -= 12; - k += 3; - } - - /*----------------------------- handle the last (probably partial) block */ - /* - * "k[2]&0xffffff" actually reads beyond the end of the string, but - * then masks off the part it's not allowed to read. Because the - * string is aligned, the masked-off tail is in the same word as the - * rest of the string. Every machine with memory protection I've seen - * does it on word boundaries, so is OK with this. But VALGRIND will - * still catch it and complain. The masking trick does make the hash - * noticeably faster for short strings (like English words). - */ -#ifndef VALGRIND - - switch(length) - { - case 12: c+=k[2]; b+=k[1]; a+=k[0]; break; - case 11: c+=k[2]&0xffffff; b+=k[1]; a+=k[0]; break; - case 10: c+=k[2]&0xffff; b+=k[1]; a+=k[0]; break; - case 9 : c+=k[2]&0xff; b+=k[1]; a+=k[0]; break; - case 8 : b+=k[1]; a+=k[0]; break; - case 7 : b+=k[1]&0xffffff; a+=k[0]; break; - case 6 : b+=k[1]&0xffff; a+=k[0]; break; - case 5 : b+=k[1]&0xff; a+=k[0]; break; - case 4 : a+=k[0]; break; - case 3 : a+=k[0]&0xffffff; break; - case 2 : a+=k[0]&0xffff; break; - case 1 : a+=k[0]&0xff; break; - case 0 : *pc=c; *pb=b; return; /* zero length strings require no mixing */ - } - -#else /* make valgrind happy */ - - k8 = (const uint8_t *)k; - switch(length) - { - case 12: c+=k[2]; b+=k[1]; a+=k[0]; break; - case 11: c+=((uint32_t)k8[10])<<16; /* fall through */ - case 10: c+=((uint32_t)k8[9])<<8; /* fall through */ - case 9 : c+=k8[8]; /* fall through */ - case 8 : b+=k[1]; a+=k[0]; break; - case 7 : b+=((uint32_t)k8[6])<<16; /* fall through */ - case 6 : b+=((uint32_t)k8[5])<<8; /* fall through */ - case 5 : b+=k8[4]; /* fall through */ - case 4 : a+=k[0]; break; - case 3 : a+=((uint32_t)k8[2])<<16; /* fall through */ - case 2 : a+=((uint32_t)k8[1])<<8; /* fall through */ - case 1 : a+=k8[0]; break; - case 0 : *pc=c; *pb=b; return; /* zero length strings require no mixing */ - } - -#endif /* !valgrind */ - - } else if (HASH_LITTLE_ENDIAN && ((u.i & 0x1) == 0)) { - const uint16_t *k = (const uint16_t *)key; /* read 16-bit chunks */ - const uint8_t *k8; - - /*--------------- all but last block: aligned reads and different mixing */ - while (length > 12) - { - a += k[0] + (((uint32_t)k[1])<<16); - b += k[2] + (((uint32_t)k[3])<<16); - c += k[4] + (((uint32_t)k[5])<<16); - mix(a,b,c); - length -= 12; - k += 6; - } - - /*----------------------------- handle the last (probably partial) block */ - k8 = (const uint8_t *)k; - switch(length) - { - case 12: c+=k[4]+(((uint32_t)k[5])<<16); - b+=k[2]+(((uint32_t)k[3])<<16); - a+=k[0]+(((uint32_t)k[1])<<16); - break; - case 11: c+=((uint32_t)k8[10])<<16; /* fall through */ - case 10: c+=k[4]; - b+=k[2]+(((uint32_t)k[3])<<16); - a+=k[0]+(((uint32_t)k[1])<<16); - break; - case 9 : c+=k8[8]; /* fall through */ - case 8 : b+=k[2]+(((uint32_t)k[3])<<16); - a+=k[0]+(((uint32_t)k[1])<<16); - break; - case 7 : b+=((uint32_t)k8[6])<<16; /* fall through */ - case 6 : b+=k[2]; - a+=k[0]+(((uint32_t)k[1])<<16); - break; - case 5 : b+=k8[4]; /* fall through */ - case 4 : a+=k[0]+(((uint32_t)k[1])<<16); - break; - case 3 : a+=((uint32_t)k8[2])<<16; /* fall through */ - case 2 : a+=k[0]; - break; - case 1 : a+=k8[0]; - break; - case 0 : *pc=c; *pb=b; return; /* zero length strings require no mixing */ - } - - } else { /* need to read the key one byte at a time */ - const uint8_t *k = (const uint8_t *)key; - - /*--------------- all but the last block: affect some 32 bits of (a,b,c) */ - while (length > 12) - { - a += k[0]; - a += ((uint32_t)k[1])<<8; - a += ((uint32_t)k[2])<<16; - a += ((uint32_t)k[3])<<24; - b += k[4]; - b += ((uint32_t)k[5])<<8; - b += ((uint32_t)k[6])<<16; - b += ((uint32_t)k[7])<<24; - c += k[8]; - c += ((uint32_t)k[9])<<8; - c += ((uint32_t)k[10])<<16; - c += ((uint32_t)k[11])<<24; - mix(a,b,c); - length -= 12; - k += 12; - } - - /*-------------------------------- last block: affect all 32 bits of (c) */ - switch(length) /* all the case statements fall through */ - { - case 12: c+=((uint32_t)k[11])<<24; - case 11: c+=((uint32_t)k[10])<<16; - case 10: c+=((uint32_t)k[9])<<8; - case 9 : c+=k[8]; - case 8 : b+=((uint32_t)k[7])<<24; - case 7 : b+=((uint32_t)k[6])<<16; - case 6 : b+=((uint32_t)k[5])<<8; - case 5 : b+=k[4]; - case 4 : a+=((uint32_t)k[3])<<24; - case 3 : a+=((uint32_t)k[2])<<16; - case 2 : a+=((uint32_t)k[1])<<8; - case 1 : a+=k[0]; - break; - case 0 : *pc=c; *pb=b; return; /* zero length strings require no mixing */ - } - } - - final(a,b,c); - *pc=c; *pb=b; -} - -#endif /* SELF_TEST */ - -#if 0 /* currently not used */ - -/* - * hashbig(): - * This is the same as hashword() on big-endian machines. It is different - * from hashlittle() on all machines. hashbig() takes advantage of - * big-endian byte ordering. - */ -uint32_t hashbig( const void *key, size_t length, uint32_t initval) -{ - uint32_t a,b,c; - union { const void *ptr; size_t i; } u; /* to cast key to (size_t) happily */ - - /* Set up the internal state */ - a = b = c = raninit + ((uint32_t)length) + initval; - - u.ptr = key; - if (HASH_BIG_ENDIAN && ((u.i & 0x3) == 0)) { - const uint32_t *k = (const uint32_t *)key; /* read 32-bit chunks */ -#ifdef VALGRIND - const uint8_t *k8; -#endif - - /*------ all but last block: aligned reads and affect 32 bits of (a,b,c) */ - while (length > 12) - { - a += k[0]; - b += k[1]; - c += k[2]; - mix(a,b,c); - length -= 12; - k += 3; - } - - /*----------------------------- handle the last (probably partial) block */ - /* - * "k[2]<<8" actually reads beyond the end of the string, but - * then shifts out the part it's not allowed to read. Because the - * string is aligned, the illegal read is in the same word as the - * rest of the string. Every machine with memory protection I've seen - * does it on word boundaries, so is OK with this. But VALGRIND will - * still catch it and complain. The masking trick does make the hash - * noticeably faster for short strings (like English words). - */ -#ifndef VALGRIND - - switch(length) - { - case 12: c+=k[2]; b+=k[1]; a+=k[0]; break; - case 11: c+=k[2]&0xffffff00; b+=k[1]; a+=k[0]; break; - case 10: c+=k[2]&0xffff0000; b+=k[1]; a+=k[0]; break; - case 9 : c+=k[2]&0xff000000; b+=k[1]; a+=k[0]; break; - case 8 : b+=k[1]; a+=k[0]; break; - case 7 : b+=k[1]&0xffffff00; a+=k[0]; break; - case 6 : b+=k[1]&0xffff0000; a+=k[0]; break; - case 5 : b+=k[1]&0xff000000; a+=k[0]; break; - case 4 : a+=k[0]; break; - case 3 : a+=k[0]&0xffffff00; break; - case 2 : a+=k[0]&0xffff0000; break; - case 1 : a+=k[0]&0xff000000; break; - case 0 : return c; /* zero length strings require no mixing */ - } - -#else /* make valgrind happy */ - - k8 = (const uint8_t *)k; - switch(length) /* all the case statements fall through */ - { - case 12: c+=k[2]; b+=k[1]; a+=k[0]; break; - case 11: c+=((uint32_t)k8[10])<<8; /* fall through */ - case 10: c+=((uint32_t)k8[9])<<16; /* fall through */ - case 9 : c+=((uint32_t)k8[8])<<24; /* fall through */ - case 8 : b+=k[1]; a+=k[0]; break; - case 7 : b+=((uint32_t)k8[6])<<8; /* fall through */ - case 6 : b+=((uint32_t)k8[5])<<16; /* fall through */ - case 5 : b+=((uint32_t)k8[4])<<24; /* fall through */ - case 4 : a+=k[0]; break; - case 3 : a+=((uint32_t)k8[2])<<8; /* fall through */ - case 2 : a+=((uint32_t)k8[1])<<16; /* fall through */ - case 1 : a+=((uint32_t)k8[0])<<24; break; - case 0 : return c; - } - -#endif /* !VALGRIND */ - - } else { /* need to read the key one byte at a time */ - const uint8_t *k = (const uint8_t *)key; - - /*--------------- all but the last block: affect some 32 bits of (a,b,c) */ - while (length > 12) - { - a += ((uint32_t)k[0])<<24; - a += ((uint32_t)k[1])<<16; - a += ((uint32_t)k[2])<<8; - a += ((uint32_t)k[3]); - b += ((uint32_t)k[4])<<24; - b += ((uint32_t)k[5])<<16; - b += ((uint32_t)k[6])<<8; - b += ((uint32_t)k[7]); - c += ((uint32_t)k[8])<<24; - c += ((uint32_t)k[9])<<16; - c += ((uint32_t)k[10])<<8; - c += ((uint32_t)k[11]); - mix(a,b,c); - length -= 12; - k += 12; - } - - /*-------------------------------- last block: affect all 32 bits of (c) */ - switch(length) /* all the case statements fall through */ - { - case 12: c+=k[11]; - case 11: c+=((uint32_t)k[10])<<8; - case 10: c+=((uint32_t)k[9])<<16; - case 9 : c+=((uint32_t)k[8])<<24; - case 8 : b+=k[7]; - case 7 : b+=((uint32_t)k[6])<<8; - case 6 : b+=((uint32_t)k[5])<<16; - case 5 : b+=((uint32_t)k[4])<<24; - case 4 : a+=k[3]; - case 3 : a+=((uint32_t)k[2])<<8; - case 2 : a+=((uint32_t)k[1])<<16; - case 1 : a+=((uint32_t)k[0])<<24; - break; - case 0 : return c; - } - } - - final(a,b,c); - return c; -} - -#endif /* 0 == currently not used */ - -#ifdef SELF_TEST - -/* used for timings */ -void driver1(void) -{ - uint8_t buf[256]; - uint32_t i; - uint32_t h=0; - time_t a,z; - - time(&a); - for (i=0; i<256; ++i) buf[i] = 'x'; - for (i=0; i<1; ++i) - { - h = hashlittle(&buf[0],1,h); - } - time(&z); - if (z-a > 0) printf("time %d %.8x\n", z-a, h); -} - -/* check that every input bit changes every output bit half the time */ -#define HASHSTATE 1 -#define HASHLEN 1 -#define MAXPAIR 60 -#define MAXLEN 70 -void driver2(void) -{ - uint8_t qa[MAXLEN+1], qb[MAXLEN+2], *a = &qa[0], *b = &qb[1]; - uint32_t c[HASHSTATE], d[HASHSTATE], i=0, j=0, k, l, m=0, z; - uint32_t e[HASHSTATE],f[HASHSTATE],g[HASHSTATE],h[HASHSTATE]; - uint32_t x[HASHSTATE],y[HASHSTATE]; - uint32_t hlen; - - printf("No more than %d trials should ever be needed \n",MAXPAIR/2); - for (hlen=0; hlen < MAXLEN; ++hlen) - { - z=0; - for (i=0; i>(8-j)); - c[0] = hashlittle(a, hlen, m); - b[i] ^= ((k+1)<>(8-j)); - d[0] = hashlittle(b, hlen, m); - /* check every bit is 1, 0, set, and not set at least once */ - for (l=0; lz) z=k; - if (k==MAXPAIR) - { - printf("Some bit didn't change: "); - printf("%.8x %.8x %.8x %.8x %.8x %.8x ", - e[0],f[0],g[0],h[0],x[0],y[0]); - printf("i %d j %d m %d len %d\n", i, j, m, hlen); - } - if (z==MAXPAIR) goto done; - } - } - } - done: - if (z < MAXPAIR) - { - printf("Mix success %2d bytes %2d initvals ",i,m); - printf("required %d trials\n", z/2); - } - } - printf("\n"); -} - -/* Check for reading beyond the end of the buffer and alignment problems */ -void driver3(void) -{ - uint8_t buf[MAXLEN+20], *b; - uint32_t len; - uint8_t q[] = "This is the time for all good men to come to the aid of their country..."; - uint32_t h; - uint8_t qq[] = "xThis is the time for all good men to come to the aid of their country..."; - uint32_t i; - uint8_t qqq[] = "xxThis is the time for all good men to come to the aid of their country..."; - uint32_t j; - uint8_t qqqq[] = "xxxThis is the time for all good men to come to the aid of their country..."; - uint32_t ref,x,y; - uint8_t *p; - - printf("Endianness. These lines should all be the same (for values filled in):\n"); - printf("%.8x %.8x %.8x\n", - hashword((const uint32_t *)q, (sizeof(q)-1)/4, 13), - hashword((const uint32_t *)q, (sizeof(q)-5)/4, 13), - hashword((const uint32_t *)q, (sizeof(q)-9)/4, 13)); - p = q; - printf("%.8x %.8x %.8x %.8x %.8x %.8x %.8x %.8x %.8x %.8x %.8x %.8x\n", - hashlittle(p, sizeof(q)-1, 13), hashlittle(p, sizeof(q)-2, 13), - hashlittle(p, sizeof(q)-3, 13), hashlittle(p, sizeof(q)-4, 13), - hashlittle(p, sizeof(q)-5, 13), hashlittle(p, sizeof(q)-6, 13), - hashlittle(p, sizeof(q)-7, 13), hashlittle(p, sizeof(q)-8, 13), - hashlittle(p, sizeof(q)-9, 13), hashlittle(p, sizeof(q)-10, 13), - hashlittle(p, sizeof(q)-11, 13), hashlittle(p, sizeof(q)-12, 13)); - p = &qq[1]; - printf("%.8x %.8x %.8x %.8x %.8x %.8x %.8x %.8x %.8x %.8x %.8x %.8x\n", - hashlittle(p, sizeof(q)-1, 13), hashlittle(p, sizeof(q)-2, 13), - hashlittle(p, sizeof(q)-3, 13), hashlittle(p, sizeof(q)-4, 13), - hashlittle(p, sizeof(q)-5, 13), hashlittle(p, sizeof(q)-6, 13), - hashlittle(p, sizeof(q)-7, 13), hashlittle(p, sizeof(q)-8, 13), - hashlittle(p, sizeof(q)-9, 13), hashlittle(p, sizeof(q)-10, 13), - hashlittle(p, sizeof(q)-11, 13), hashlittle(p, sizeof(q)-12, 13)); - p = &qqq[2]; - printf("%.8x %.8x %.8x %.8x %.8x %.8x %.8x %.8x %.8x %.8x %.8x %.8x\n", - hashlittle(p, sizeof(q)-1, 13), hashlittle(p, sizeof(q)-2, 13), - hashlittle(p, sizeof(q)-3, 13), hashlittle(p, sizeof(q)-4, 13), - hashlittle(p, sizeof(q)-5, 13), hashlittle(p, sizeof(q)-6, 13), - hashlittle(p, sizeof(q)-7, 13), hashlittle(p, sizeof(q)-8, 13), - hashlittle(p, sizeof(q)-9, 13), hashlittle(p, sizeof(q)-10, 13), - hashlittle(p, sizeof(q)-11, 13), hashlittle(p, sizeof(q)-12, 13)); - p = &qqqq[3]; - printf("%.8x %.8x %.8x %.8x %.8x %.8x %.8x %.8x %.8x %.8x %.8x %.8x\n", - hashlittle(p, sizeof(q)-1, 13), hashlittle(p, sizeof(q)-2, 13), - hashlittle(p, sizeof(q)-3, 13), hashlittle(p, sizeof(q)-4, 13), - hashlittle(p, sizeof(q)-5, 13), hashlittle(p, sizeof(q)-6, 13), - hashlittle(p, sizeof(q)-7, 13), hashlittle(p, sizeof(q)-8, 13), - hashlittle(p, sizeof(q)-9, 13), hashlittle(p, sizeof(q)-10, 13), - hashlittle(p, sizeof(q)-11, 13), hashlittle(p, sizeof(q)-12, 13)); - printf("\n"); - - /* check that hashlittle2 and hashlittle produce the same results */ - i=47; j=0; - hashlittle2(q, sizeof(q), &i, &j); - if (hashlittle(q, sizeof(q), 47) != i) - printf("hashlittle2 and hashlittle mismatch\n"); - - /* check that hashword2 and hashword produce the same results */ - len = raninit; - i=47, j=0; - hashword2(&len, 1, &i, &j); - if (hashword(&len, 1, 47) != i) - printf("hashword2 and hashword mismatch %x %x\n", - i, hashword(&len, 1, 47)); - - /* check hashlittle doesn't read before or after the ends of the string */ - for (h=0, b=buf+1; h<8; ++h, ++b) - { - for (i=0; ilock); - table->sizefunc = sizefunc; - table->compfunc = compfunc; - table->delkeyfunc = delkeyfunc; - table->deldatafunc = deldatafunc; - table->cb_arg = arg; - table->size = start_size; - table->size_mask = (int)(start_size-1); - table->lru_start = NULL; - table->lru_end = NULL; - table->num = 0; - table->space_used = 0; - table->space_max = maxmem; - table->array = calloc(table->size, sizeof(struct lruhash_bin)); - if(!table->array) { - lock_quick_destroy(&table->lock); - free(table); - return NULL; - } - bin_init(table->array, table->size); - lock_protect(&table->lock, table, sizeof(*table)); - lock_protect(&table->lock, table->array, - table->size*sizeof(struct lruhash_bin)); - return table; -} - -void -bin_delete(struct lruhash* table, struct lruhash_bin* bin) -{ - struct lruhash_entry* p, *np; - void *d; - if(!bin) - return; - lock_quick_destroy(&bin->lock); - p = bin->overflow_list; - bin->overflow_list = NULL; - while(p) { - np = p->overflow_next; - d = p->data; - (*table->delkeyfunc)(p->key, table->cb_arg); - (*table->deldatafunc)(d, table->cb_arg); - p = np; - } -} - -void -bin_split(struct lruhash* table, struct lruhash_bin* newa, - int newmask) -{ - size_t i; - struct lruhash_entry *p, *np; - struct lruhash_bin* newbin; - /* move entries to new table. Notice that since hash x is mapped to - * bin x & mask, and new mask uses one more bit, so all entries in - * one bin will go into the old bin or bin | newbit */ -#ifndef THREADS_DISABLED - int newbit = newmask - table->size_mask; -#endif - /* so, really, this task could also be threaded, per bin. */ - /* LRU list is not changed */ - for(i=0; isize; i++) - { - lock_quick_lock(&table->array[i].lock); - p = table->array[i].overflow_list; - /* lock both destination bins */ - lock_quick_lock(&newa[i].lock); - lock_quick_lock(&newa[newbit|i].lock); - while(p) { - np = p->overflow_next; - /* link into correct new bin */ - newbin = &newa[p->hash & newmask]; - p->overflow_next = newbin->overflow_list; - newbin->overflow_list = p; - p=np; - } - lock_quick_unlock(&newa[i].lock); - lock_quick_unlock(&newa[newbit|i].lock); - lock_quick_unlock(&table->array[i].lock); - } -} - -void -lruhash_delete(struct lruhash* table) -{ - size_t i; - if(!table) - return; - /* delete lock on hashtable to force check its OK */ - lock_quick_destroy(&table->lock); - for(i=0; isize; i++) - bin_delete(table, &table->array[i]); - free(table->array); - free(table); -} - -void -bin_overflow_remove(struct lruhash_bin* bin, struct lruhash_entry* entry) -{ - struct lruhash_entry* p = bin->overflow_list; - struct lruhash_entry** prevp = &bin->overflow_list; - while(p) { - if(p == entry) { - *prevp = p->overflow_next; - return; - } - prevp = &p->overflow_next; - p = p->overflow_next; - } -} - -void -reclaim_space(struct lruhash* table, struct lruhash_entry** list) -{ - struct lruhash_entry* d; - struct lruhash_bin* bin; - log_assert(table); - /* does not delete MRU entry, so table will not be empty. */ - while(table->num > 1 && table->space_used > table->space_max) { - /* notice that since we hold the hashtable lock, nobody - can change the lru chain. So it cannot be deleted underneath - us. We still need the hashbin and entry write lock to make - sure we flush all users away from the entry. - which is unlikely, since it is LRU, if someone got a rdlock - it would be moved to front, but to be sure. */ - d = table->lru_end; - /* specialised, delete from end of double linked list, - and we know num>1, so there is a previous lru entry. */ - log_assert(d && d->lru_prev); - table->lru_end = d->lru_prev; - d->lru_prev->lru_next = NULL; - /* schedule entry for deletion */ - bin = &table->array[d->hash & table->size_mask]; - table->num --; - lock_quick_lock(&bin->lock); - bin_overflow_remove(bin, d); - d->overflow_next = *list; - *list = d; - lock_rw_wrlock(&d->lock); - table->space_used -= table->sizefunc(d->key, d->data); - if(table->markdelfunc) - (*table->markdelfunc)(d->key); - lock_rw_unlock(&d->lock); - lock_quick_unlock(&bin->lock); - } -} - -struct lruhash_entry* -bin_find_entry(struct lruhash* table, - struct lruhash_bin* bin, hashvalue_type hash, void* key) -{ - struct lruhash_entry* p = bin->overflow_list; - while(p) { - if(p->hash == hash && table->compfunc(p->key, key) == 0) - return p; - p = p->overflow_next; - } - return NULL; -} - -void -table_grow(struct lruhash* table) -{ - struct lruhash_bin* newa; - int newmask; - size_t i; - if(table->size_mask == (int)(((size_t)-1)>>1)) { - log_err("hash array malloc: size_t too small"); - return; - } - /* try to allocate new array, if not fail */ - newa = calloc(table->size*2, sizeof(struct lruhash_bin)); - if(!newa) { - log_err("hash grow: malloc failed"); - /* continue with smaller array. Though its slower. */ - return; - } - bin_init(newa, table->size*2); - newmask = (table->size_mask << 1) | 1; - bin_split(table, newa, newmask); - /* delete the old bins */ - lock_unprotect(&table->lock, table->array); - for(i=0; isize; i++) { - lock_quick_destroy(&table->array[i].lock); - } - free(table->array); - - table->size *= 2; - table->size_mask = newmask; - table->array = newa; - lock_protect(&table->lock, table->array, - table->size*sizeof(struct lruhash_bin)); - return; -} - -void -lru_front(struct lruhash* table, struct lruhash_entry* entry) -{ - entry->lru_prev = NULL; - entry->lru_next = table->lru_start; - if(!table->lru_start) - table->lru_end = entry; - else table->lru_start->lru_prev = entry; - table->lru_start = entry; -} - -void -lru_remove(struct lruhash* table, struct lruhash_entry* entry) -{ - if(entry->lru_prev) - entry->lru_prev->lru_next = entry->lru_next; - else table->lru_start = entry->lru_next; - if(entry->lru_next) - entry->lru_next->lru_prev = entry->lru_prev; - else table->lru_end = entry->lru_prev; -} - -void -lru_touch(struct lruhash* table, struct lruhash_entry* entry) -{ - log_assert(table && entry); - if(entry == table->lru_start) - return; /* nothing to do */ - /* remove from current lru position */ - lru_remove(table, entry); - /* add at front */ - lru_front(table, entry); -} - -void -lruhash_insert(struct lruhash* table, hashvalue_type hash, - struct lruhash_entry* entry, void* data, void* cb_arg) -{ - struct lruhash_bin* bin; - struct lruhash_entry* found, *reclaimlist=NULL; - size_t need_size; - fptr_ok(fptr_whitelist_hash_sizefunc(table->sizefunc)); - fptr_ok(fptr_whitelist_hash_delkeyfunc(table->delkeyfunc)); - fptr_ok(fptr_whitelist_hash_deldatafunc(table->deldatafunc)); - fptr_ok(fptr_whitelist_hash_compfunc(table->compfunc)); - fptr_ok(fptr_whitelist_hash_markdelfunc(table->markdelfunc)); - need_size = table->sizefunc(entry->key, data); - if(cb_arg == NULL) cb_arg = table->cb_arg; - - /* find bin */ - lock_quick_lock(&table->lock); - bin = &table->array[hash & table->size_mask]; - lock_quick_lock(&bin->lock); - - /* see if entry exists already */ - if(!(found=bin_find_entry(table, bin, hash, entry->key))) { - /* if not: add to bin */ - entry->overflow_next = bin->overflow_list; - bin->overflow_list = entry; - lru_front(table, entry); - table->num++; - table->space_used += need_size; - } else { - /* if so: update data - needs a writelock */ - table->space_used += need_size - - (*table->sizefunc)(found->key, found->data); - (*table->delkeyfunc)(entry->key, cb_arg); - lru_touch(table, found); - lock_rw_wrlock(&found->lock); - (*table->deldatafunc)(found->data, cb_arg); - found->data = data; - lock_rw_unlock(&found->lock); - } - lock_quick_unlock(&bin->lock); - if(table->space_used > table->space_max) - reclaim_space(table, &reclaimlist); - if(table->num >= table->size) - table_grow(table); - lock_quick_unlock(&table->lock); - - /* finish reclaim if any (outside of critical region) */ - while(reclaimlist) { - struct lruhash_entry* n = reclaimlist->overflow_next; - void* d = reclaimlist->data; - (*table->delkeyfunc)(reclaimlist->key, cb_arg); - (*table->deldatafunc)(d, cb_arg); - reclaimlist = n; - } -} - -struct lruhash_entry* -lruhash_lookup(struct lruhash* table, hashvalue_type hash, void* key, int wr) -{ - struct lruhash_entry* entry; - struct lruhash_bin* bin; - fptr_ok(fptr_whitelist_hash_compfunc(table->compfunc)); - - lock_quick_lock(&table->lock); - bin = &table->array[hash & table->size_mask]; - lock_quick_lock(&bin->lock); - if((entry=bin_find_entry(table, bin, hash, key))) - lru_touch(table, entry); - lock_quick_unlock(&table->lock); - - if(entry) { - if(wr) { lock_rw_wrlock(&entry->lock); } - else { lock_rw_rdlock(&entry->lock); } - } - lock_quick_unlock(&bin->lock); - return entry; -} - -void -lruhash_remove(struct lruhash* table, hashvalue_type hash, void* key) -{ - struct lruhash_entry* entry; - struct lruhash_bin* bin; - void *d; - fptr_ok(fptr_whitelist_hash_sizefunc(table->sizefunc)); - fptr_ok(fptr_whitelist_hash_delkeyfunc(table->delkeyfunc)); - fptr_ok(fptr_whitelist_hash_deldatafunc(table->deldatafunc)); - fptr_ok(fptr_whitelist_hash_compfunc(table->compfunc)); - fptr_ok(fptr_whitelist_hash_markdelfunc(table->markdelfunc)); - - lock_quick_lock(&table->lock); - bin = &table->array[hash & table->size_mask]; - lock_quick_lock(&bin->lock); - if((entry=bin_find_entry(table, bin, hash, key))) { - bin_overflow_remove(bin, entry); - lru_remove(table, entry); - } else { - lock_quick_unlock(&table->lock); - lock_quick_unlock(&bin->lock); - return; - } - table->num--; - table->space_used -= (*table->sizefunc)(entry->key, entry->data); - lock_quick_unlock(&table->lock); - lock_rw_wrlock(&entry->lock); - if(table->markdelfunc) - (*table->markdelfunc)(entry->key); - lock_rw_unlock(&entry->lock); - lock_quick_unlock(&bin->lock); - /* finish removal */ - d = entry->data; - (*table->delkeyfunc)(entry->key, table->cb_arg); - (*table->deldatafunc)(d, table->cb_arg); -} - -/** clear bin, respecting locks, does not do space, LRU */ -static void -bin_clear(struct lruhash* table, struct lruhash_bin* bin) -{ - struct lruhash_entry* p, *np; - void *d; - lock_quick_lock(&bin->lock); - p = bin->overflow_list; - while(p) { - lock_rw_wrlock(&p->lock); - np = p->overflow_next; - d = p->data; - if(table->markdelfunc) - (*table->markdelfunc)(p->key); - lock_rw_unlock(&p->lock); - (*table->delkeyfunc)(p->key, table->cb_arg); - (*table->deldatafunc)(d, table->cb_arg); - p = np; - } - bin->overflow_list = NULL; - lock_quick_unlock(&bin->lock); -} - -void -lruhash_clear(struct lruhash* table) -{ - size_t i; - if(!table) - return; - fptr_ok(fptr_whitelist_hash_delkeyfunc(table->delkeyfunc)); - fptr_ok(fptr_whitelist_hash_deldatafunc(table->deldatafunc)); - fptr_ok(fptr_whitelist_hash_markdelfunc(table->markdelfunc)); - - lock_quick_lock(&table->lock); - for(i=0; isize; i++) { - bin_clear(table, &table->array[i]); - } - table->lru_start = NULL; - table->lru_end = NULL; - table->num = 0; - table->space_used = 0; - lock_quick_unlock(&table->lock); -} - -void -lruhash_status(struct lruhash* table, const char* id, int extended) -{ - lock_quick_lock(&table->lock); - log_info("%s: %u entries, memory %u / %u", - id, (unsigned)table->num, (unsigned)table->space_used, - (unsigned)table->space_max); - log_info(" itemsize %u, array %u, mask %d", - (unsigned)(table->num? table->space_used/table->num : 0), - (unsigned)table->size, table->size_mask); - if(extended) { - size_t i; - int min=(int)table->size*2, max=-2; - for(i=0; isize; i++) { - int here = 0; - struct lruhash_entry *en; - lock_quick_lock(&table->array[i].lock); - en = table->array[i].overflow_list; - while(en) { - here ++; - en = en->overflow_next; - } - lock_quick_unlock(&table->array[i].lock); - if(extended >= 2) - log_info("bin[%d] %d", (int)i, here); - if(here > max) max = here; - if(here < min) min = here; - } - log_info(" bin min %d, avg %.2lf, max %d", min, - (double)table->num/(double)table->size, max); - } - lock_quick_unlock(&table->lock); -} - -size_t -lruhash_get_mem(struct lruhash* table) -{ - size_t s; - lock_quick_lock(&table->lock); - s = sizeof(struct lruhash) + table->space_used; -#ifdef USE_THREAD_DEBUG - if(table->size != 0) { - size_t i; - for(i=0; isize; i++) - s += sizeof(struct lruhash_bin) + - lock_get_mem(&table->array[i].lock); - } -#else /* no THREAD_DEBUG */ - if(table->size != 0) - s += (table->size)*(sizeof(struct lruhash_bin) + - lock_get_mem(&table->array[0].lock)); -#endif - lock_quick_unlock(&table->lock); - s += lock_get_mem(&table->lock); - return s; -} - -void -lruhash_setmarkdel(struct lruhash* table, lruhash_markdelfunc_type md) -{ - lock_quick_lock(&table->lock); - table->markdelfunc = md; - lock_quick_unlock(&table->lock); -} - -void -lruhash_traverse(struct lruhash* h, int wr, - void (*func)(struct lruhash_entry*, void*), void* arg) -{ - size_t i; - struct lruhash_entry* e; - - lock_quick_lock(&h->lock); - for(i=0; isize; i++) { - lock_quick_lock(&h->array[i].lock); - for(e = h->array[i].overflow_list; e; e = e->overflow_next) { - if(wr) { - lock_rw_wrlock(&e->lock); - } else { - lock_rw_rdlock(&e->lock); - } - (*func)(e, arg); - lock_rw_unlock(&e->lock); - } - lock_quick_unlock(&h->array[i].lock); - } - lock_quick_unlock(&h->lock); -} - -/* - * Demote: the opposite of touch, move an entry to the bottom - * of the LRU pile. - */ - -void -lru_demote(struct lruhash* table, struct lruhash_entry* entry) -{ - log_assert(table && entry); - if (entry == table->lru_end) - return; /* nothing to do */ - /* remove from current lru position */ - lru_remove(table, entry); - /* add at end */ - entry->lru_next = NULL; - entry->lru_prev = table->lru_end; - - if (table->lru_end == NULL) - { - table->lru_start = entry; - } - else - { - table->lru_end->lru_next = entry; - } - table->lru_end = entry; -} - -struct lruhash_entry* -lruhash_insert_or_retrieve(struct lruhash* table, hashvalue_type hash, - struct lruhash_entry* entry, void* data, void* cb_arg) -{ - struct lruhash_bin* bin; - struct lruhash_entry* found, *reclaimlist = NULL; - size_t need_size; - fptr_ok(fptr_whitelist_hash_sizefunc(table->sizefunc)); - fptr_ok(fptr_whitelist_hash_delkeyfunc(table->delkeyfunc)); - fptr_ok(fptr_whitelist_hash_deldatafunc(table->deldatafunc)); - fptr_ok(fptr_whitelist_hash_compfunc(table->compfunc)); - fptr_ok(fptr_whitelist_hash_markdelfunc(table->markdelfunc)); - need_size = table->sizefunc(entry->key, data); - if (cb_arg == NULL) cb_arg = table->cb_arg; - - /* find bin */ - lock_quick_lock(&table->lock); - bin = &table->array[hash & table->size_mask]; - lock_quick_lock(&bin->lock); - - /* see if entry exists already */ - if ((found = bin_find_entry(table, bin, hash, entry->key)) != NULL) { - /* if so: keep the existing data - acquire a writelock */ - lock_rw_wrlock(&found->lock); - } - else - { - /* if not: add to bin */ - entry->overflow_next = bin->overflow_list; - bin->overflow_list = entry; - lru_front(table, entry); - table->num++; - table->space_used += need_size; - /* return the entry that was presented, and lock it */ - found = entry; - lock_rw_wrlock(&found->lock); - } - lock_quick_unlock(&bin->lock); - if (table->space_used > table->space_max) - reclaim_space(table, &reclaimlist); - if (table->num >= table->size) - table_grow(table); - lock_quick_unlock(&table->lock); - - /* finish reclaim if any (outside of critical region) */ - while (reclaimlist) { - struct lruhash_entry* n = reclaimlist->overflow_next; - void* d = reclaimlist->data; - (*table->delkeyfunc)(reclaimlist->key, cb_arg); - (*table->deldatafunc)(d, cb_arg); - reclaimlist = n; - } - - /* return the entry that was selected */ - return found; -} - diff --git a/external/unbound/util/storage/lruhash.h b/external/unbound/util/storage/lruhash.h deleted file mode 100644 index 4759b5001..000000000 --- a/external/unbound/util/storage/lruhash.h +++ /dev/null @@ -1,446 +0,0 @@ -/* - * util/storage/lruhash.h - hashtable, hash function, LRU keeping. - * - * Copyright (c) 2007, NLnet Labs. All rights reserved. - * - * This software is open source. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * Redistributions of source code must retain the above copyright notice, - * this list of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, - * this list of conditions and the following disclaimer in the documentation - * and/or other materials provided with the distribution. - * - * Neither the name of the NLNET LABS nor the names of its contributors may - * be used to endorse or promote products derived from this software without - * specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR - * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT - * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED - * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR - * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF - * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING - * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -/** - * \file - * - * This file contains a hashtable with LRU keeping of entries. - * - * The hash table keeps a maximum memory size. Old entries are removed - * to make space for new entries. - * - * The locking strategy is as follows: - * o since (almost) every read also implies a LRU update, the - * hashtable lock is a spinlock, not rwlock. - * o the idea is to move every thread through the hash lock quickly, - * so that the next thread can access the lookup table. - * o User performs hash function. - * - * For read: - * o lock hashtable. - * o lookup hash bin. - * o lock hash bin. - * o find entry (if failed, unlock hash, unl bin, exit). - * o swizzle pointers for LRU update. - * o unlock hashtable. - * o lock entry (rwlock). - * o unlock hash bin. - * o work on entry. - * o unlock entry. - * - * To update an entry, gain writelock and change the entry. - * (the entry must keep the same hashvalue, so a data update.) - * (you cannot upgrade a readlock to a writelock, because the item may - * be deleted, it would cause race conditions. So instead, unlock and - * relookup it in the hashtable.) - * - * To delete an entry: - * o unlock the entry if you hold the lock already. - * o lock hashtable. - * o lookup hash bin. - * o lock hash bin. - * o find entry (if failed, unlock hash, unl bin, exit). - * o remove entry from hashtable bin overflow chain. - * o unlock hashtable. - * o lock entry (writelock). - * o unlock hash bin. - * o unlock entry (nobody else should be waiting for this lock, - * since you removed it from hashtable, and you got writelock while - * holding the hashbinlock so you are the only one.) - * Note you are only allowed to obtain a lock while holding hashbinlock. - * o delete entry. - * - * The above sequence is: - * o race free, works with read, write and delete. - * o but has a queue, imagine someone needing a writelock on an item. - * but there are still readlocks. The writelocker waits, but holds - * the hashbinlock. The next thread that comes in and needs the same - * hashbin will wait for the lock while holding the hashtable lock. - * thus halting the entire system on hashtable. - * This is because of the delete protection. - * Readlocks will be easier on the rwlock on entries. - * While the writer is holding writelock, similar problems happen with - * a reader or writer needing the same item. - * the scenario requires more than three threads. - * o so the queue length is 3 threads in a bad situation. The fourth is - * unable to use the hashtable. - * - * If you need to acquire locks on multiple items from the hashtable. - * o you MUST release all locks on items from the hashtable before - * doing the next lookup/insert/delete/whatever. - * o To acquire multiple items you should use a special routine that - * obtains the locks on those multiple items in one go. - */ - -#ifndef UTIL_STORAGE_LRUHASH_H -#define UTIL_STORAGE_LRUHASH_H -#include "util/locks.h" -struct lruhash_bin; -struct lruhash_entry; - -/** default start size for hash arrays */ -#define HASH_DEFAULT_STARTARRAY 1024 /* entries in array */ -/** default max memory for hash arrays */ -#define HASH_DEFAULT_MAXMEM 4*1024*1024 /* bytes */ - -/** the type of a hash value */ -typedef uint32_t hashvalue_type; - -/** - * Type of function that calculates the size of an entry. - * Result must include the size of struct lruhash_entry. - * Keys that are identical must also calculate to the same size. - * size = func(key, data). - */ -typedef size_t (*lruhash_sizefunc_type)(void*, void*); - -/** type of function that compares two keys. return 0 if equal. */ -typedef int (*lruhash_compfunc_type)(void*, void*); - -/** old keys are deleted. - * The RRset type has to revoke its ID number, markdel() is used first. - * This function is called: func(key, userarg) */ -typedef void (*lruhash_delkeyfunc_type)(void*, void*); - -/** old data is deleted. This function is called: func(data, userarg). */ -typedef void (*lruhash_deldatafunc_type)(void*, void*); - -/** mark a key as pending to be deleted (and not to be used by anyone). - * called: func(key) */ -typedef void (*lruhash_markdelfunc_type)(void*); - -/** - * Hash table that keeps LRU list of entries. - */ -struct lruhash { - /** lock for exclusive access, to the lookup array */ - lock_quick_type lock; - /** the size function for entries in this table */ - lruhash_sizefunc_type sizefunc; - /** the compare function for entries in this table. */ - lruhash_compfunc_type compfunc; - /** how to delete keys. */ - lruhash_delkeyfunc_type delkeyfunc; - /** how to delete data. */ - lruhash_deldatafunc_type deldatafunc; - /** how to mark a key pending deletion */ - lruhash_markdelfunc_type markdelfunc; - /** user argument for user functions */ - void* cb_arg; - - /** the size of the lookup array */ - size_t size; - /** size bitmask - since size is a power of 2 */ - int size_mask; - /** lookup array of bins */ - struct lruhash_bin* array; - - /** the lru list, start and end, noncyclical double linked list. */ - struct lruhash_entry* lru_start; - /** lru list end item (least recently used) */ - struct lruhash_entry* lru_end; - - /** the number of entries in the hash table. */ - size_t num; - /** the amount of space used, roughly the number of bytes in use. */ - size_t space_used; - /** the amount of space the hash table is maximally allowed to use. */ - size_t space_max; -}; - -/** - * A single bin with a linked list of entries in it. - */ -struct lruhash_bin { - /** - * Lock for exclusive access to the linked list - * This lock makes deletion of items safe in this overflow list. - */ - lock_quick_type lock; - /** linked list of overflow entries */ - struct lruhash_entry* overflow_list; -}; - -/** - * An entry into the hash table. - * To change overflow_next you need to hold the bin lock. - * To change the lru items you need to hold the hashtable lock. - * This structure is designed as part of key struct. And key pointer helps - * to get the surrounding structure. Data should be allocated on its own. - */ -struct lruhash_entry { - /** - * rwlock for access to the contents of the entry - * Note that it does _not_ cover the lru_ and overflow_ ptrs. - * Even with a writelock, you cannot change hash and key. - * You need to delete it to change hash or key. - */ - lock_rw_type lock; - /** next entry in overflow chain. Covered by hashlock and binlock. */ - struct lruhash_entry* overflow_next; - /** next entry in lru chain. covered by hashlock. */ - struct lruhash_entry* lru_next; - /** prev entry in lru chain. covered by hashlock. */ - struct lruhash_entry* lru_prev; - /** hash value of the key. It may not change, until entry deleted. */ - hashvalue_type hash; - /** key */ - void* key; - /** data */ - void* data; -}; - -/** - * Create new hash table. - * @param start_size: size of hashtable array at start, must be power of 2. - * @param maxmem: maximum amount of memory this table is allowed to use. - * @param sizefunc: calculates memory usage of entries. - * @param compfunc: compares entries, 0 on equality. - * @param delkeyfunc: deletes key. - * Calling both delkey and deldata will also free the struct lruhash_entry. - * Make it part of the key structure and delete it in delkeyfunc. - * @param deldatafunc: deletes data. - * @param arg: user argument that is passed to user function calls. - * @return: new hash table or NULL on malloc failure. - */ -struct lruhash* lruhash_create(size_t start_size, size_t maxmem, - lruhash_sizefunc_type sizefunc, lruhash_compfunc_type compfunc, - lruhash_delkeyfunc_type delkeyfunc, - lruhash_deldatafunc_type deldatafunc, void* arg); - -/** - * Delete hash table. Entries are all deleted. - * @param table: to delete. - */ -void lruhash_delete(struct lruhash* table); - -/** - * Clear hash table. Entries are all deleted, while locking them before - * doing so. At end the table is empty. - * @param table: to make empty. - */ -void lruhash_clear(struct lruhash* table); - -/** - * Insert a new element into the hashtable. - * If key is already present data pointer in that entry is updated. - * The space calculation function is called with the key, data. - * If necessary the least recently used entries are deleted to make space. - * If necessary the hash array is grown up. - * - * @param table: hash table. - * @param hash: hash value. User calculates the hash. - * @param entry: identifies the entry. - * If key already present, this entry->key is deleted immediately. - * But entry->data is set to NULL before deletion, and put into - * the existing entry. The data is then freed. - * @param data: the data. - * @param cb_override: if not null overrides the cb_arg for the deletefunc. - */ -void lruhash_insert(struct lruhash* table, hashvalue_type hash, - struct lruhash_entry* entry, void* data, void* cb_override); - -/** - * Lookup an entry in the hashtable. - * At the end of the function you hold a (read/write)lock on the entry. - * The LRU is updated for the entry (if found). - * @param table: hash table. - * @param hash: hash of key. - * @param key: what to look for, compared against entries in overflow chain. - * the hash value must be set, and must work with compare function. - * @param wr: set to true if you desire a writelock on the entry. - * with a writelock you can update the data part. - * @return: pointer to the entry or NULL. The entry is locked. - * The user must unlock the entry when done. - */ -struct lruhash_entry* lruhash_lookup(struct lruhash* table, - hashvalue_type hash, void* key, int wr); - -/** - * Touch entry, so it becomes the most recently used in the LRU list. - * Caller must hold hash table lock. The entry must be inserted already. - * @param table: hash table. - * @param entry: entry to make first in LRU. - */ -void lru_touch(struct lruhash* table, struct lruhash_entry* entry); - -/** - * Set the markdelfunction (or NULL) - */ -void lruhash_setmarkdel(struct lruhash* table, lruhash_markdelfunc_type md); - -/************************* getdns functions ************************/ -/*** these are used by getdns only and not by unbound. ***/ - -/** - * Demote entry, so it becomes the least recently used in the LRU list. - * Caller must hold hash table lock. The entry must be inserted already. - * @param table: hash table. - * @param entry: entry to make last in LRU. - */ -void lru_demote(struct lruhash* table, struct lruhash_entry* entry); - -/** - * Insert a new element into the hashtable, or retrieve the corresponding - * element of it exits. - * - * If key is already present data pointer in that entry is kept. - * If it is not present, a new entry is created. In that case, - * the space calculation function is called with the key, data. - * If necessary the least recently used entries are deleted to make space. - * If necessary the hash array is grown up. - * - * @param table: hash table. - * @param hash: hash value. User calculates the hash. - * @param entry: identifies the entry. - * @param data: the data. - * @param cb_arg: if not null overrides the cb_arg for the deletefunc. - * @return: pointer to the existing entry if the key was already present, - * or to the entry argument if it was not. - */ -struct lruhash_entry* lruhash_insert_or_retrieve(struct lruhash* table, hashvalue_type hash, - struct lruhash_entry* entry, void* data, void* cb_arg); - -/************************* Internal functions ************************/ -/*** these are only exposed for unit tests. ***/ - -/** - * Remove entry from hashtable. Does nothing if not found in hashtable. - * Delfunc is called for the entry. - * @param table: hash table. - * @param hash: hash of key. - * @param key: what to look for. - */ -void lruhash_remove(struct lruhash* table, hashvalue_type hash, void* key); - -/** init the hash bins for the table */ -void bin_init(struct lruhash_bin* array, size_t size); - -/** delete the hash bin and entries inside it */ -void bin_delete(struct lruhash* table, struct lruhash_bin* bin); - -/** - * Find entry in hash bin. You must have locked the bin. - * @param table: hash table with function pointers. - * @param bin: hash bin to look into. - * @param hash: hash value to look for. - * @param key: key to look for. - * @return: the entry or NULL if not found. - */ -struct lruhash_entry* bin_find_entry(struct lruhash* table, - struct lruhash_bin* bin, hashvalue_type hash, void* key); - -/** - * Remove entry from bin overflow chain. - * You must have locked the bin. - * @param bin: hash bin to look into. - * @param entry: entry ptr that needs removal. - */ -void bin_overflow_remove(struct lruhash_bin* bin, - struct lruhash_entry* entry); - -/** - * Split hash bin into two new ones. Based on increased size_mask. - * Caller must hold hash table lock. - * At the end the routine acquires all hashbin locks (in the old array). - * This makes it wait for other threads to finish with the bins. - * So the bins are ready to be deleted after this function. - * @param table: hash table with function pointers. - * @param newa: new increased array. - * @param newmask: new lookup mask. - */ -void bin_split(struct lruhash* table, struct lruhash_bin* newa, - int newmask); - -/** - * Try to make space available by deleting old entries. - * Assumes that the lock on the hashtable is being held by caller. - * Caller must not hold bin locks. - * @param table: hash table. - * @param list: list of entries that are to be deleted later. - * Entries have been removed from the hash table and writelock is held. - */ -void reclaim_space(struct lruhash* table, struct lruhash_entry** list); - -/** - * Grow the table lookup array. Becomes twice as large. - * Caller must hold the hash table lock. Must not hold any bin locks. - * Tries to grow, on malloc failure, nothing happened. - * @param table: hash table. - */ -void table_grow(struct lruhash* table); - -/** - * Put entry at front of lru. entry must be unlinked from lru. - * Caller must hold hash table lock. - * @param table: hash table with lru head and tail. - * @param entry: entry to make most recently used. - */ -void lru_front(struct lruhash* table, struct lruhash_entry* entry); - -/** - * Remove entry from lru list. - * Caller must hold hash table lock. - * @param table: hash table with lru head and tail. - * @param entry: entry to remove from lru. - */ -void lru_remove(struct lruhash* table, struct lruhash_entry* entry); - -/** - * Output debug info to the log as to state of the hash table. - * @param table: hash table. - * @param id: string printed with table to identify the hash table. - * @param extended: set to true to print statistics on overflow bin lengths. - */ -void lruhash_status(struct lruhash* table, const char* id, int extended); - -/** - * Get memory in use now by the lruhash table. - * @param table: hash table. Will be locked before use. And unlocked after. - * @return size in bytes. - */ -size_t lruhash_get_mem(struct lruhash* table); - -/** - * Traverse a lruhash. Call back for every element in the table. - * @param h: hash table. Locked before use. - * @param wr: if true writelock is obtained on element, otherwise readlock. - * @param func: function for every element. Do not lock or unlock elements. - * @param arg: user argument to func. - */ -void lruhash_traverse(struct lruhash* h, int wr, - void (*func)(struct lruhash_entry*, void*), void* arg); - -#endif /* UTIL_STORAGE_LRUHASH_H */ diff --git a/external/unbound/util/storage/slabhash.c b/external/unbound/util/storage/slabhash.c deleted file mode 100644 index ae63b9772..000000000 --- a/external/unbound/util/storage/slabhash.c +++ /dev/null @@ -1,231 +0,0 @@ -/* - * util/storage/slabhash.c - hashtable consisting of several smaller tables. - * - * Copyright (c) 2007, NLnet Labs. All rights reserved. - * - * This software is open source. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * Redistributions of source code must retain the above copyright notice, - * this list of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, - * this list of conditions and the following disclaimer in the documentation - * and/or other materials provided with the distribution. - * - * Neither the name of the NLNET LABS nor the names of its contributors may - * be used to endorse or promote products derived from this software without - * specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR - * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT - * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED - * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR - * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF - * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING - * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -/** - * \file - * - * Implementation of hash table that consists of smaller hash tables. - * This results in a partitioned lruhash table. - * It cannot grow, but that gives it the ability to have multiple - * locks. Also this means there are multiple LRU lists. - */ - -#include "config.h" -#include "util/storage/slabhash.h" - -struct slabhash* slabhash_create(size_t numtables, size_t start_size, - size_t maxmem, lruhash_sizefunc_type sizefunc, - lruhash_compfunc_type compfunc, lruhash_delkeyfunc_type delkeyfunc, - lruhash_deldatafunc_type deldatafunc, void* arg) -{ - size_t i; - struct slabhash* sl = (struct slabhash*)calloc(1, - sizeof(struct slabhash)); - if(!sl) return NULL; - sl->size = numtables; - log_assert(sl->size > 0); - sl->array = (struct lruhash**)calloc(sl->size, sizeof(struct lruhash*)); - if(!sl->array) { - free(sl); - return NULL; - } - sl->mask = (uint32_t)(sl->size - 1); - if(sl->mask == 0) { - sl->shift = 0; - } else { - log_assert( (sl->size & sl->mask) == 0 - /* size must be power of 2 */ ); - sl->shift = 0; - while(!(sl->mask & 0x80000000)) { - sl->mask <<= 1; - sl->shift ++; - } - } - for(i=0; isize; i++) { - sl->array[i] = lruhash_create(start_size, maxmem / sl->size, - sizefunc, compfunc, delkeyfunc, deldatafunc, arg); - if(!sl->array[i]) { - slabhash_delete(sl); - return NULL; - } - } - return sl; -} - -void slabhash_delete(struct slabhash* sl) -{ - if(!sl) - return; - if(sl->array) { - size_t i; - for(i=0; isize; i++) - lruhash_delete(sl->array[i]); - free(sl->array); - } - free(sl); -} - -void slabhash_clear(struct slabhash* sl) -{ - size_t i; - if(!sl) - return; - for(i=0; isize; i++) - lruhash_clear(sl->array[i]); -} - -/** helper routine to calculate the slabhash index */ -static unsigned int -slab_idx(struct slabhash* sl, hashvalue_type hash) -{ - return ((hash & sl->mask) >> sl->shift); -} - -void slabhash_insert(struct slabhash* sl, hashvalue_type hash, - struct lruhash_entry* entry, void* data, void* arg) -{ - lruhash_insert(sl->array[slab_idx(sl, hash)], hash, entry, data, arg); -} - -struct lruhash_entry* slabhash_lookup(struct slabhash* sl, - hashvalue_type hash, void* key, int wr) -{ - return lruhash_lookup(sl->array[slab_idx(sl, hash)], hash, key, wr); -} - -void slabhash_remove(struct slabhash* sl, hashvalue_type hash, void* key) -{ - lruhash_remove(sl->array[slab_idx(sl, hash)], hash, key); -} - -void slabhash_status(struct slabhash* sl, const char* id, int extended) -{ - size_t i; - char num[17]; - log_info("Slabhash %s: %u tables mask=%x shift=%d", - id, (unsigned)sl->size, (unsigned)sl->mask, sl->shift); - for(i=0; isize; i++) { - snprintf(num, sizeof(num), "table %u", (unsigned)i); - lruhash_status(sl->array[i], num, extended); - } -} - -size_t slabhash_get_size(struct slabhash* sl) -{ - size_t i, total = 0; - for(i=0; isize; i++) { - lock_quick_lock(&sl->array[i]->lock); - total += sl->array[i]->space_max; - lock_quick_unlock(&sl->array[i]->lock); - } - return total; -} - -size_t slabhash_get_mem(struct slabhash* sl) -{ - size_t i, total = sizeof(*sl); - total += sizeof(struct lruhash*)*sl->size; - for(i=0; isize; i++) { - total += lruhash_get_mem(sl->array[i]); - } - return total; -} - -struct lruhash* slabhash_gettable(struct slabhash* sl, hashvalue_type hash) -{ - return sl->array[slab_idx(sl, hash)]; -} - -/* test code, here to avoid linking problems with fptr_wlist */ -/** delete key */ -static void delkey(struct slabhash_testkey* k) { - lock_rw_destroy(&k->entry.lock); free(k);} -/** delete data */ -static void deldata(struct slabhash_testdata* d) {free(d);} - -size_t test_slabhash_sizefunc(void* ATTR_UNUSED(key), void* ATTR_UNUSED(data)) -{ - return sizeof(struct slabhash_testkey) + - sizeof(struct slabhash_testdata); -} - -int test_slabhash_compfunc(void* key1, void* key2) -{ - struct slabhash_testkey* k1 = (struct slabhash_testkey*)key1; - struct slabhash_testkey* k2 = (struct slabhash_testkey*)key2; - if(k1->id == k2->id) - return 0; - if(k1->id > k2->id) - return 1; - return -1; -} - -void test_slabhash_delkey(void* key, void* ATTR_UNUSED(arg)) -{ - delkey((struct slabhash_testkey*)key); -} - -void test_slabhash_deldata(void* data, void* ATTR_UNUSED(arg)) -{ - deldata((struct slabhash_testdata*)data); -} - -void slabhash_setmarkdel(struct slabhash* sl, lruhash_markdelfunc_type md) -{ - size_t i; - for(i=0; isize; i++) { - lruhash_setmarkdel(sl->array[i], md); - } -} - -void slabhash_traverse(struct slabhash* sh, int wr, - void (*func)(struct lruhash_entry*, void*), void* arg) -{ - size_t i; - for(i=0; isize; i++) - lruhash_traverse(sh->array[i], wr, func, arg); -} - -size_t count_slabhash_entries(struct slabhash* sh) -{ - size_t slab, cnt = 0; - - for(slab=0; slabsize; slab++) { - lock_quick_lock(&sh->array[slab]->lock); - cnt += sh->array[slab]->num; - lock_quick_unlock(&sh->array[slab]->lock); - } - return cnt; -} diff --git a/external/unbound/util/storage/slabhash.h b/external/unbound/util/storage/slabhash.h deleted file mode 100644 index d00983fc1..000000000 --- a/external/unbound/util/storage/slabhash.h +++ /dev/null @@ -1,218 +0,0 @@ -/* - * util/storage/slabhash.h - hashtable consisting of several smaller tables. - * - * Copyright (c) 2007, NLnet Labs. All rights reserved. - * - * This software is open source. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * Redistributions of source code must retain the above copyright notice, - * this list of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, - * this list of conditions and the following disclaimer in the documentation - * and/or other materials provided with the distribution. - * - * Neither the name of the NLNET LABS nor the names of its contributors may - * be used to endorse or promote products derived from this software without - * specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR - * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT - * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED - * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR - * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF - * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING - * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -/** - * \file - * - * Hash table that consists of smaller hash tables. - * It cannot grow, but that gives it the ability to have multiple - * locks. Also this means there are multiple LRU lists. - */ - -#ifndef UTIL_STORAGE_SLABHASH_H -#define UTIL_STORAGE_SLABHASH_H -#include "util/storage/lruhash.h" - -/** default number of slabs */ -#define HASH_DEFAULT_SLABS 4 - -/** - * Hash table formed from several smaller ones. - * This results in a partitioned lruhash table, a 'slashtable'. - * None of the data inside the slabhash may be altered. - * Therefore, no locks are needed to access the structure. - */ -struct slabhash { - /** the size of the array - must be power of 2 */ - size_t size; - /** size bitmask - uses high bits. */ - uint32_t mask; - /** shift right this many bits to get index into array. */ - unsigned int shift; - /** lookup array of hash tables */ - struct lruhash** array; -}; - -/** - * Create new slabbed hash table. - * @param numtables: number of hash tables to use, other parameters used to - * initialize these smaller hashtables. - * @param start_size: size of hashtable array at start, must be power of 2. - * @param maxmem: maximum amount of memory this table is allowed to use. - * so every table gets maxmem/numtables to use for itself. - * @param sizefunc: calculates memory usage of entries. - * @param compfunc: compares entries, 0 on equality. - * @param delkeyfunc: deletes key. - * @param deldatafunc: deletes data. - * @param arg: user argument that is passed to user function calls. - * @return: new hash table or NULL on malloc failure. - */ -struct slabhash* slabhash_create(size_t numtables, size_t start_size, - size_t maxmem, lruhash_sizefunc_type sizefunc, - lruhash_compfunc_type compfunc, lruhash_delkeyfunc_type delkeyfunc, - lruhash_deldatafunc_type deldatafunc, void* arg); - -/** - * Delete hash table. Entries are all deleted. - * @param table: to delete. - */ -void slabhash_delete(struct slabhash* table); - -/** - * Clear hash table. Entries are all deleted. - * @param table: to make empty. - */ -void slabhash_clear(struct slabhash* table); - -/** - * Insert a new element into the hashtable, uses lruhash_insert. - * If key is already present data pointer in that entry is updated. - * - * @param table: hash table. - * @param hash: hash value. User calculates the hash. - * @param entry: identifies the entry. - * If key already present, this entry->key is deleted immediately. - * But entry->data is set to NULL before deletion, and put into - * the existing entry. The data is then freed. - * @param data: the data. - * @param cb_override: if not NULL overrides the cb_arg for deletfunc. - */ -void slabhash_insert(struct slabhash* table, hashvalue_type hash, - struct lruhash_entry* entry, void* data, void* cb_override); - -/** - * Lookup an entry in the hashtable. Uses lruhash_lookup. - * At the end of the function you hold a (read/write)lock on the entry. - * The LRU is updated for the entry (if found). - * @param table: hash table. - * @param hash: hash of key. - * @param key: what to look for, compared against entries in overflow chain. - * the hash value must be set, and must work with compare function. - * @param wr: set to true if you desire a writelock on the entry. - * with a writelock you can update the data part. - * @return: pointer to the entry or NULL. The entry is locked. - * The user must unlock the entry when done. - */ -struct lruhash_entry* slabhash_lookup(struct slabhash* table, - hashvalue_type hash, void* key, int wr); - -/** - * Remove entry from hashtable. Does nothing if not found in hashtable. - * Delfunc is called for the entry. Uses lruhash_remove. - * @param table: hash table. - * @param hash: hash of key. - * @param key: what to look for. - */ -void slabhash_remove(struct slabhash* table, hashvalue_type hash, void* key); - -/** - * Output debug info to the log as to state of the hash table. - * @param table: hash table. - * @param id: string printed with table to identify the hash table. - * @param extended: set to true to print statistics on overflow bin lengths. - */ -void slabhash_status(struct slabhash* table, const char* id, int extended); - -/** - * Retrieve slab hash total size. - * @param table: hash table. - * @return size configured as max. - */ -size_t slabhash_get_size(struct slabhash* table); - -/** - * Retrieve slab hash current memory use. - * @param table: hash table. - * @return memory in use. - */ -size_t slabhash_get_mem(struct slabhash* table); - -/** - * Get lruhash table for a given hash value - * @param table: slabbed hash table. - * @param hash: hash value. - * @return the lru hash table. - */ -struct lruhash* slabhash_gettable(struct slabhash* table, hashvalue_type hash); - -/** - * Set markdel function - * @param table: slabbed hash table. - * @param md: markdel function ptr. - */ -void slabhash_setmarkdel(struct slabhash* table, lruhash_markdelfunc_type md); - -/** - * Traverse a slabhash. - * @param table: slabbed hash table. - * @param wr: if true, writelock is obtained, otherwise readlock. - * @param func: function to call for every element. - * @param arg: user argument to function. - */ -void slabhash_traverse(struct slabhash* table, int wr, - void (*func)(struct lruhash_entry*, void*), void* arg); - -/* - * Count entries in slabhash. - * @param table: slabbed hash table; - * @return the number of items - */ -size_t count_slabhash_entries(struct slabhash* table); - -/* --- test representation --- */ -/** test structure contains test key */ -struct slabhash_testkey { - /** the key id */ - int id; - /** the entry */ - struct lruhash_entry entry; -}; -/** test structure contains test data */ -struct slabhash_testdata { - /** data value */ - int data; -}; - -/** test sizefunc for lruhash */ -size_t test_slabhash_sizefunc(void*, void*); -/** test comparefunc for lruhash */ -int test_slabhash_compfunc(void*, void*); -/** test delkey for lruhash */ -void test_slabhash_delkey(void*, void*); -/** test deldata for lruhash */ -void test_slabhash_deldata(void*, void*); -/* --- end test representation --- */ - -#endif /* UTIL_STORAGE_SLABHASH_H */ diff --git a/external/unbound/util/timehist.c b/external/unbound/util/timehist.c deleted file mode 100644 index dbf5b9841..000000000 --- a/external/unbound/util/timehist.c +++ /dev/null @@ -1,247 +0,0 @@ -/* - * util/timehist.c - make histogram of time values. - * - * Copyright (c) 2007, NLnet Labs. All rights reserved. - * - * This software is open source. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * Redistributions of source code must retain the above copyright notice, - * this list of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, - * this list of conditions and the following disclaimer in the documentation - * and/or other materials provided with the distribution. - * - * Neither the name of the NLNET LABS nor the names of its contributors may - * be used to endorse or promote products derived from this software without - * specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR - * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT - * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED - * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR - * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF - * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING - * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -/** - * \file - * - * This file contains functions to make a histogram of time values. - */ -#include "config.h" -#ifdef HAVE_TIME_H -#include -#endif -#include -#include -#include "util/timehist.h" -#include "util/log.h" - -/** special timestwo operation for time values in histogram setup */ -static void -timestwo(struct timeval* v) -{ -#ifndef S_SPLINT_S - if(v->tv_sec == 0 && v->tv_usec == 0) { - v->tv_usec = 1; - return; - } - v->tv_sec *= 2; - v->tv_usec *= 2; - if(v->tv_usec == 1024*1024) { - /* nice values and easy to compute */ - v->tv_sec = 1; - v->tv_usec = 0; - } -#endif -} - -/** do setup exponentially */ -static void -dosetup(struct timehist* hist) -{ - struct timeval last; - size_t i; - memset(&last, 0, sizeof(last)); - for(i=0; inum; i++) { - hist->buckets[i].lower = last; - timestwo(&last); - hist->buckets[i].upper = last; - hist->buckets[i].count = 0; - } -} - -struct timehist* timehist_setup(void) -{ - struct timehist* hist = (struct timehist*)calloc(1, - sizeof(struct timehist)); - if(!hist) - return NULL; - hist->num = NUM_BUCKETS_HIST; - hist->buckets = (struct th_buck*)calloc(hist->num, - sizeof(struct th_buck)); - if(!hist->buckets) { - free(hist); - return NULL; - } - /* setup the buckets */ - dosetup(hist); - return hist; -} - -void timehist_delete(struct timehist* hist) -{ - if(!hist) - return; - free(hist->buckets); - free(hist); -} - -void timehist_clear(struct timehist* hist) -{ - size_t i; - for(i=0; inum; i++) - hist->buckets[i].count = 0; -} - -/** histogram compare of time values */ -static int -timeval_smaller(const struct timeval* x, const struct timeval* y) -{ -#ifndef S_SPLINT_S - if(x->tv_sec < y->tv_sec) - return 1; - else if(x->tv_sec == y->tv_sec) { - if(x->tv_usec <= y->tv_usec) - return 1; - else return 0; - } - else return 0; -#endif -} - - -void timehist_insert(struct timehist* hist, struct timeval* tv) -{ - size_t i; - for(i=0; inum; i++) { - if(timeval_smaller(tv, &hist->buckets[i].upper)) { - hist->buckets[i].count++; - return; - } - } - /* dump in last bucket */ - hist->buckets[hist->num-1].count++; -} - -void timehist_print(struct timehist* hist) -{ -#ifndef S_SPLINT_S - size_t i; - for(i=0; inum; i++) { - if(hist->buckets[i].count != 0) { - printf("%4d.%6.6d %4d.%6.6d %u\n", - (int)hist->buckets[i].lower.tv_sec, - (int)hist->buckets[i].lower.tv_usec, - (int)hist->buckets[i].upper.tv_sec, - (int)hist->buckets[i].upper.tv_usec, - (unsigned)hist->buckets[i].count); - } - } -#endif -} - -void timehist_log(struct timehist* hist, const char* name) -{ -#ifndef S_SPLINT_S - size_t i; - log_info("[25%%]=%g median[50%%]=%g [75%%]=%g", - timehist_quartile(hist, 0.25), - timehist_quartile(hist, 0.50), - timehist_quartile(hist, 0.75)); - /* 0000.000000 0000.000000 0 */ - log_info("lower(secs) upper(secs) %s", name); - for(i=0; inum; i++) { - if(hist->buckets[i].count != 0) { - log_info("%4d.%6.6d %4d.%6.6d %u", - (int)hist->buckets[i].lower.tv_sec, - (int)hist->buckets[i].lower.tv_usec, - (int)hist->buckets[i].upper.tv_sec, - (int)hist->buckets[i].upper.tv_usec, - (unsigned)hist->buckets[i].count); - } - } -#endif -} - -/** total number in histogram */ -static size_t -timehist_count(struct timehist* hist) -{ - size_t i, res = 0; - for(i=0; inum; i++) - res += hist->buckets[i].count; - return res; -} - -double -timehist_quartile(struct timehist* hist, double q) -{ - double lookfor, passed, res; - double low = 0, up = 0; - size_t i; - if(!hist || hist->num == 0) - return 0.; - /* look for i'th element, interpolated */ - lookfor = (double)timehist_count(hist); - if(lookfor < 4) - return 0.; /* not enough elements for a good estimate */ - lookfor *= q; - passed = 0; - i = 0; - while(i+1 < hist->num && - passed+(double)hist->buckets[i].count < lookfor) { - passed += (double)hist->buckets[i++].count; - } - /* got the right bucket */ -#ifndef S_SPLINT_S - low = (double)hist->buckets[i].lower.tv_sec + - (double)hist->buckets[i].lower.tv_usec/1000000.; - up = (double)hist->buckets[i].upper.tv_sec + - (double)hist->buckets[i].upper.tv_usec/1000000.; -#endif - res = (lookfor - passed)*(up-low)/((double)hist->buckets[i].count); - return low+res; -} - -void -timehist_export(struct timehist* hist, size_t* array, size_t sz) -{ - size_t i; - if(!hist) return; - if(sz > hist->num) - sz = hist->num; - for(i=0; ibuckets[i].count; -} - -void -timehist_import(struct timehist* hist, size_t* array, size_t sz) -{ - size_t i; - if(!hist) return; - if(sz > hist->num) - sz = hist->num; - for(i=0; ibuckets[i].count = array[i]; -} diff --git a/external/unbound/util/timehist.h b/external/unbound/util/timehist.h deleted file mode 100644 index 5c65048b9..000000000 --- a/external/unbound/util/timehist.h +++ /dev/null @@ -1,134 +0,0 @@ -/* - * util/timehist.h - make histogram of time values. - * - * Copyright (c) 2007, NLnet Labs. All rights reserved. - * - * This software is open source. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * Redistributions of source code must retain the above copyright notice, - * this list of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, - * this list of conditions and the following disclaimer in the documentation - * and/or other materials provided with the distribution. - * - * Neither the name of the NLNET LABS nor the names of its contributors may - * be used to endorse or promote products derived from this software without - * specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR - * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT - * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED - * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR - * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF - * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING - * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -/** - * \file - * - * This file contains functions to make a histogram of time values. - */ - -#ifndef UTIL_TIMEHIST_H -#define UTIL_TIMEHIST_H - -/** Number of buckets in a histogram */ -#define NUM_BUCKETS_HIST 40 - -/** - * Bucket of time history information - */ -struct th_buck { - /** lower bound */ - struct timeval lower; - /** upper bound */ - struct timeval upper; - /** number of items */ - size_t count; -}; - -/** - * Keep histogram of time values. - */ -struct timehist { - /** number of buckets */ - size_t num; - /** bucket array */ - struct th_buck* buckets; -}; - -/** - * Setup a histogram, default - * @return histogram or NULL on malloc failure. - */ -struct timehist* timehist_setup(void); - -/** - * Delete histogram - * @param hist: to delete - */ -void timehist_delete(struct timehist* hist); - -/** - * Clear histogram - * @param hist: to clear all data from - */ -void timehist_clear(struct timehist* hist); - -/** - * Add time value to histogram. - * @param hist: histogram - * @param tv: time value - */ -void timehist_insert(struct timehist* hist, struct timeval* tv); - -/** - * Find time value for given quartile, such as 0.25, 0.50, 0.75. - * The looks up the value for the i-th element in the sorted list of time - * values, as approximated using the histogram. - * @param hist: histogram. Interpolated information is used from it. - * @param q: quartile, 0.50 results in the median. Must be >0 and <1. - * @return: the time in seconds for that percentage. - */ -double timehist_quartile(struct timehist* hist, double q); - -/** - * Printout histogram - * @param hist: histogram - */ -void timehist_print(struct timehist* hist); - -/** - * Log histogram, print it to the logfile. - * @param hist: histogram - * @param name: the name of the value column - */ -void timehist_log(struct timehist* hist, const char* name); - -/** - * Export histogram to an array. - * @param hist: histogram - * @param array: the array to export to. - * @param sz: number of items in array. - */ -void timehist_export(struct timehist* hist, size_t* array, size_t sz); - -/** - * Import histogram from an array. - * @param hist: histogram - * @param array: the array to import from. - * @param sz: number of items in array. - */ -void timehist_import(struct timehist* hist, size_t* array, size_t sz); - -#endif /* UTIL_TIMEHIST_H */ diff --git a/external/unbound/util/tube.c b/external/unbound/util/tube.c deleted file mode 100644 index f42d22cb3..000000000 --- a/external/unbound/util/tube.c +++ /dev/null @@ -1,731 +0,0 @@ -/* - * util/tube.c - pipe service - * - * Copyright (c) 2008, NLnet Labs. All rights reserved. - * - * This software is open source. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * Redistributions of source code must retain the above copyright notice, - * this list of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, - * this list of conditions and the following disclaimer in the documentation - * and/or other materials provided with the distribution. - * - * Neither the name of the NLNET LABS nor the names of its contributors may - * be used to endorse or promote products derived from this software without - * specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR - * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT - * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED - * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR - * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF - * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING - * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -/** - * \file - * - * This file contains pipe service functions. - */ -#include "config.h" -#include "util/tube.h" -#include "util/log.h" -#include "util/net_help.h" -#include "util/netevent.h" -#include "util/fptr_wlist.h" -#include "util/ub_event.h" - -#ifndef USE_WINSOCK -/* on unix */ - -#ifndef HAVE_SOCKETPAIR -/** no socketpair() available, like on Minix 3.1.7, use pipe */ -#define socketpair(f, t, p, sv) pipe(sv) -#endif /* HAVE_SOCKETPAIR */ - -struct tube* tube_create(void) -{ - struct tube* tube = (struct tube*)calloc(1, sizeof(*tube)); - int sv[2]; - if(!tube) { - int err = errno; - log_err("tube_create: out of memory"); - errno = err; - return NULL; - } - tube->sr = -1; - tube->sw = -1; - if(socketpair(AF_UNIX, SOCK_STREAM, 0, sv) == -1) { - int err = errno; - log_err("socketpair: %s", strerror(errno)); - free(tube); - errno = err; - return NULL; - } - tube->sr = sv[0]; - tube->sw = sv[1]; - if(!fd_set_nonblock(tube->sr) || !fd_set_nonblock(tube->sw)) { - int err = errno; - log_err("tube: cannot set nonblocking"); - tube_delete(tube); - errno = err; - return NULL; - } - return tube; -} - -void tube_delete(struct tube* tube) -{ - if(!tube) return; - tube_remove_bg_listen(tube); - tube_remove_bg_write(tube); - /* close fds after deleting commpoints, to be sure. - * Also epoll does not like closing fd before event_del */ - tube_close_read(tube); - tube_close_write(tube); - free(tube); -} - -void tube_close_read(struct tube* tube) -{ - if(tube->sr != -1) { - close(tube->sr); - tube->sr = -1; - } -} - -void tube_close_write(struct tube* tube) -{ - if(tube->sw != -1) { - close(tube->sw); - tube->sw = -1; - } -} - -void tube_remove_bg_listen(struct tube* tube) -{ - if(tube->listen_com) { - comm_point_delete(tube->listen_com); - tube->listen_com = NULL; - } - free(tube->cmd_msg); - tube->cmd_msg = NULL; -} - -void tube_remove_bg_write(struct tube* tube) -{ - if(tube->res_com) { - comm_point_delete(tube->res_com); - tube->res_com = NULL; - } - if(tube->res_list) { - struct tube_res_list* np, *p = tube->res_list; - tube->res_list = NULL; - tube->res_last = NULL; - while(p) { - np = p->next; - free(p->buf); - free(p); - p = np; - } - } -} - -int -tube_handle_listen(struct comm_point* c, void* arg, int error, - struct comm_reply* ATTR_UNUSED(reply_info)) -{ - struct tube* tube = (struct tube*)arg; - ssize_t r; - if(error != NETEVENT_NOERROR) { - fptr_ok(fptr_whitelist_tube_listen(tube->listen_cb)); - (*tube->listen_cb)(tube, NULL, 0, error, tube->listen_arg); - return 0; - } - - if(tube->cmd_read < sizeof(tube->cmd_len)) { - /* complete reading the length of control msg */ - r = read(c->fd, ((uint8_t*)&tube->cmd_len) + tube->cmd_read, - sizeof(tube->cmd_len) - tube->cmd_read); - if(r==0) { - /* error has happened or */ - /* parent closed pipe, must have exited somehow */ - fptr_ok(fptr_whitelist_tube_listen(tube->listen_cb)); - (*tube->listen_cb)(tube, NULL, 0, NETEVENT_CLOSED, - tube->listen_arg); - return 0; - } - if(r==-1) { - if(errno != EAGAIN && errno != EINTR) { - log_err("rpipe error: %s", strerror(errno)); - } - /* nothing to read now, try later */ - return 0; - } - tube->cmd_read += r; - if(tube->cmd_read < sizeof(tube->cmd_len)) { - /* not complete, try later */ - return 0; - } - tube->cmd_msg = (uint8_t*)calloc(1, tube->cmd_len); - if(!tube->cmd_msg) { - log_err("malloc failure"); - tube->cmd_read = 0; - return 0; - } - } - /* cmd_len has been read, read remainder */ - r = read(c->fd, tube->cmd_msg+tube->cmd_read-sizeof(tube->cmd_len), - tube->cmd_len - (tube->cmd_read - sizeof(tube->cmd_len))); - if(r==0) { - /* error has happened or */ - /* parent closed pipe, must have exited somehow */ - fptr_ok(fptr_whitelist_tube_listen(tube->listen_cb)); - (*tube->listen_cb)(tube, NULL, 0, NETEVENT_CLOSED, - tube->listen_arg); - return 0; - } - if(r==-1) { - /* nothing to read now, try later */ - if(errno != EAGAIN && errno != EINTR) { - log_err("rpipe error: %s", strerror(errno)); - } - return 0; - } - tube->cmd_read += r; - if(tube->cmd_read < sizeof(tube->cmd_len) + tube->cmd_len) { - /* not complete, try later */ - return 0; - } - tube->cmd_read = 0; - - fptr_ok(fptr_whitelist_tube_listen(tube->listen_cb)); - (*tube->listen_cb)(tube, tube->cmd_msg, tube->cmd_len, - NETEVENT_NOERROR, tube->listen_arg); - /* also frees the buf */ - tube->cmd_msg = NULL; - return 0; -} - -int -tube_handle_write(struct comm_point* c, void* arg, int error, - struct comm_reply* ATTR_UNUSED(reply_info)) -{ - struct tube* tube = (struct tube*)arg; - struct tube_res_list* item = tube->res_list; - ssize_t r; - if(error != NETEVENT_NOERROR) { - log_err("tube_handle_write net error %d", error); - return 0; - } - - if(!item) { - comm_point_stop_listening(c); - return 0; - } - - if(tube->res_write < sizeof(item->len)) { - r = write(c->fd, ((uint8_t*)&item->len) + tube->res_write, - sizeof(item->len) - tube->res_write); - if(r == -1) { - if(errno != EAGAIN && errno != EINTR) { - log_err("wpipe error: %s", strerror(errno)); - } - return 0; /* try again later */ - } - if(r == 0) { - /* error on pipe, must have exited somehow */ - /* cannot signal this to pipe user */ - return 0; - } - tube->res_write += r; - if(tube->res_write < sizeof(item->len)) - return 0; - } - r = write(c->fd, item->buf + tube->res_write - sizeof(item->len), - item->len - (tube->res_write - sizeof(item->len))); - if(r == -1) { - if(errno != EAGAIN && errno != EINTR) { - log_err("wpipe error: %s", strerror(errno)); - } - return 0; /* try again later */ - } - if(r == 0) { - /* error on pipe, must have exited somehow */ - /* cannot signal this to pipe user */ - return 0; - } - tube->res_write += r; - if(tube->res_write < sizeof(item->len) + item->len) - return 0; - /* done this result, remove it */ - free(item->buf); - item->buf = NULL; - tube->res_list = tube->res_list->next; - free(item); - if(!tube->res_list) { - tube->res_last = NULL; - comm_point_stop_listening(c); - } - tube->res_write = 0; - return 0; -} - -int tube_write_msg(struct tube* tube, uint8_t* buf, uint32_t len, - int nonblock) -{ - ssize_t r, d; - int fd = tube->sw; - - /* test */ - if(nonblock) { - r = write(fd, &len, sizeof(len)); - if(r == -1) { - if(errno==EINTR || errno==EAGAIN) - return -1; - log_err("tube msg write failed: %s", strerror(errno)); - return -1; /* can still continue, perhaps */ - } - } else r = 0; - if(!fd_set_block(fd)) - return 0; - /* write remainder */ - d = r; - while(d != (ssize_t)sizeof(len)) { - if((r=write(fd, ((char*)&len)+d, sizeof(len)-d)) == -1) { - if(errno == EAGAIN) - continue; /* temporarily unavail: try again*/ - log_err("tube msg write failed: %s", strerror(errno)); - (void)fd_set_nonblock(fd); - return 0; - } - d += r; - } - d = 0; - while(d != (ssize_t)len) { - if((r=write(fd, buf+d, len-d)) == -1) { - if(errno == EAGAIN) - continue; /* temporarily unavail: try again*/ - log_err("tube msg write failed: %s", strerror(errno)); - (void)fd_set_nonblock(fd); - return 0; - } - d += r; - } - if(!fd_set_nonblock(fd)) - return 0; - return 1; -} - -int tube_read_msg(struct tube* tube, uint8_t** buf, uint32_t* len, - int nonblock) -{ - ssize_t r, d; - int fd = tube->sr; - - /* test */ - *len = 0; - if(nonblock) { - r = read(fd, len, sizeof(*len)); - if(r == -1) { - if(errno==EINTR || errno==EAGAIN) - return -1; - log_err("tube msg read failed: %s", strerror(errno)); - return -1; /* we can still continue, perhaps */ - } - if(r == 0) /* EOF */ - return 0; - } else r = 0; - if(!fd_set_block(fd)) - return 0; - /* read remainder */ - d = r; - while(d != (ssize_t)sizeof(*len)) { - if((r=read(fd, ((char*)len)+d, sizeof(*len)-d)) == -1) { - log_err("tube msg read failed: %s", strerror(errno)); - (void)fd_set_nonblock(fd); - return 0; - } - if(r == 0) /* EOF */ { - (void)fd_set_nonblock(fd); - return 0; - } - d += r; - } - log_assert(*len < 65536*2); - *buf = (uint8_t*)malloc(*len); - if(!*buf) { - log_err("tube read out of memory"); - (void)fd_set_nonblock(fd); - return 0; - } - d = 0; - while(d < (ssize_t)*len) { - if((r=read(fd, (*buf)+d, (size_t)((ssize_t)*len)-d)) == -1) { - log_err("tube msg read failed: %s", strerror(errno)); - (void)fd_set_nonblock(fd); - free(*buf); - return 0; - } - if(r == 0) { /* EOF */ - (void)fd_set_nonblock(fd); - free(*buf); - return 0; - } - d += r; - } - if(!fd_set_nonblock(fd)) { - free(*buf); - return 0; - } - return 1; -} - -/** perform a select() on the fd */ -static int -pollit(int fd, struct timeval* t) -{ - fd_set r; -#ifndef S_SPLINT_S - FD_ZERO(&r); - FD_SET(FD_SET_T fd, &r); -#endif - if(select(fd+1, &r, NULL, NULL, t) == -1) { - return 0; - } - errno = 0; - return (int)(FD_ISSET(fd, &r)); -} - -int tube_poll(struct tube* tube) -{ - struct timeval t; - memset(&t, 0, sizeof(t)); - return pollit(tube->sr, &t); -} - -int tube_wait(struct tube* tube) -{ - return pollit(tube->sr, NULL); -} - -int tube_read_fd(struct tube* tube) -{ - return tube->sr; -} - -int tube_setup_bg_listen(struct tube* tube, struct comm_base* base, - tube_callback_type* cb, void* arg) -{ - tube->listen_cb = cb; - tube->listen_arg = arg; - if(!(tube->listen_com = comm_point_create_raw(base, tube->sr, - 0, tube_handle_listen, tube))) { - int err = errno; - log_err("tube_setup_bg_l: commpoint creation failed"); - errno = err; - return 0; - } - return 1; -} - -int tube_setup_bg_write(struct tube* tube, struct comm_base* base) -{ - if(!(tube->res_com = comm_point_create_raw(base, tube->sw, - 1, tube_handle_write, tube))) { - int err = errno; - log_err("tube_setup_bg_w: commpoint creation failed"); - errno = err; - return 0; - } - return 1; -} - -int tube_queue_item(struct tube* tube, uint8_t* msg, size_t len) -{ - struct tube_res_list* item = - (struct tube_res_list*)malloc(sizeof(*item)); - if(!item) { - free(msg); - log_err("out of memory for async answer"); - return 0; - } - item->buf = msg; - item->len = len; - item->next = NULL; - /* add at back of list, since the first one may be partially written */ - if(tube->res_last) - tube->res_last->next = item; - else tube->res_list = item; - tube->res_last = item; - if(tube->res_list == tube->res_last) { - /* first added item, start the write process */ - comm_point_start_listening(tube->res_com, -1, -1); - } - return 1; -} - -void tube_handle_signal(int ATTR_UNUSED(fd), short ATTR_UNUSED(events), - void* ATTR_UNUSED(arg)) -{ - log_assert(0); -} - -#else /* USE_WINSOCK */ -/* on windows */ - - -struct tube* tube_create(void) -{ - /* windows does not have forks like unix, so we only support - * threads on windows. And thus the pipe need only connect - * threads. We use a mutex and a list of datagrams. */ - struct tube* tube = (struct tube*)calloc(1, sizeof(*tube)); - if(!tube) { - int err = errno; - log_err("tube_create: out of memory"); - errno = err; - return NULL; - } - tube->event = WSACreateEvent(); - if(tube->event == WSA_INVALID_EVENT) { - free(tube); - log_err("WSACreateEvent: %s", wsa_strerror(WSAGetLastError())); - } - if(!WSAResetEvent(tube->event)) { - log_err("WSAResetEvent: %s", wsa_strerror(WSAGetLastError())); - } - lock_basic_init(&tube->res_lock); - verbose(VERB_ALGO, "tube created"); - return tube; -} - -void tube_delete(struct tube* tube) -{ - if(!tube) return; - tube_remove_bg_listen(tube); - tube_remove_bg_write(tube); - tube_close_read(tube); - tube_close_write(tube); - if(!WSACloseEvent(tube->event)) - log_err("WSACloseEvent: %s", wsa_strerror(WSAGetLastError())); - lock_basic_destroy(&tube->res_lock); - verbose(VERB_ALGO, "tube deleted"); - free(tube); -} - -void tube_close_read(struct tube* ATTR_UNUSED(tube)) -{ - verbose(VERB_ALGO, "tube close_read"); -} - -void tube_close_write(struct tube* ATTR_UNUSED(tube)) -{ - verbose(VERB_ALGO, "tube close_write"); - /* wake up waiting reader with an empty queue */ - if(!WSASetEvent(tube->event)) { - log_err("WSASetEvent: %s", wsa_strerror(WSAGetLastError())); - } -} - -void tube_remove_bg_listen(struct tube* tube) -{ - verbose(VERB_ALGO, "tube remove_bg_listen"); - ub_winsock_unregister_wsaevent(tube->ev_listen); -} - -void tube_remove_bg_write(struct tube* tube) -{ - verbose(VERB_ALGO, "tube remove_bg_write"); - if(tube->res_list) { - struct tube_res_list* np, *p = tube->res_list; - tube->res_list = NULL; - tube->res_last = NULL; - while(p) { - np = p->next; - free(p->buf); - free(p); - p = np; - } - } -} - -int tube_write_msg(struct tube* tube, uint8_t* buf, uint32_t len, - int ATTR_UNUSED(nonblock)) -{ - uint8_t* a; - verbose(VERB_ALGO, "tube write_msg len %d", (int)len); - a = (uint8_t*)memdup(buf, len); - if(!a) { - log_err("out of memory in tube_write_msg"); - return 0; - } - /* always nonblocking, this pipe cannot get full */ - return tube_queue_item(tube, a, len); -} - -int tube_read_msg(struct tube* tube, uint8_t** buf, uint32_t* len, - int nonblock) -{ - struct tube_res_list* item = NULL; - verbose(VERB_ALGO, "tube read_msg %s", nonblock?"nonblock":"blocking"); - *buf = NULL; - if(!tube_poll(tube)) { - verbose(VERB_ALGO, "tube read_msg nodata"); - /* nothing ready right now, wait if we want to */ - if(nonblock) - return -1; /* would block waiting for items */ - if(!tube_wait(tube)) - return 0; - } - lock_basic_lock(&tube->res_lock); - if(tube->res_list) { - item = tube->res_list; - tube->res_list = item->next; - if(tube->res_last == item) { - /* the list is now empty */ - tube->res_last = NULL; - verbose(VERB_ALGO, "tube read_msg lastdata"); - if(!WSAResetEvent(tube->event)) { - log_err("WSAResetEvent: %s", - wsa_strerror(WSAGetLastError())); - } - } - } - lock_basic_unlock(&tube->res_lock); - if(!item) - return 0; /* would block waiting for items */ - *buf = item->buf; - *len = item->len; - free(item); - verbose(VERB_ALGO, "tube read_msg len %d", (int)*len); - return 1; -} - -int tube_poll(struct tube* tube) -{ - struct tube_res_list* item = NULL; - lock_basic_lock(&tube->res_lock); - item = tube->res_list; - lock_basic_unlock(&tube->res_lock); - if(item) - return 1; - return 0; -} - -int tube_wait(struct tube* tube) -{ - /* block on eventhandle */ - DWORD res = WSAWaitForMultipleEvents( - 1 /* one event in array */, - &tube->event /* the event to wait for, our pipe signal */, - 0 /* wait for all events is false */, - WSA_INFINITE /* wait, no timeout */, - 0 /* we are not alertable for IO completion routines */ - ); - if(res == WSA_WAIT_TIMEOUT) { - return 0; - } - if(res == WSA_WAIT_IO_COMPLETION) { - /* a bit unexpected, since we were not alertable */ - return 0; - } - return 1; -} - -int tube_read_fd(struct tube* ATTR_UNUSED(tube)) -{ - /* nothing sensible on Windows */ - return -1; -} - -int -tube_handle_listen(struct comm_point* ATTR_UNUSED(c), void* ATTR_UNUSED(arg), - int ATTR_UNUSED(error), struct comm_reply* ATTR_UNUSED(reply_info)) -{ - log_assert(0); - return 0; -} - -int -tube_handle_write(struct comm_point* ATTR_UNUSED(c), void* ATTR_UNUSED(arg), - int ATTR_UNUSED(error), struct comm_reply* ATTR_UNUSED(reply_info)) -{ - log_assert(0); - return 0; -} - -int tube_setup_bg_listen(struct tube* tube, struct comm_base* base, - tube_callback_type* cb, void* arg) -{ - tube->listen_cb = cb; - tube->listen_arg = arg; - if(!comm_base_internal(base)) - return 1; /* ignore when no comm base - testing */ - tube->ev_listen = ub_winsock_register_wsaevent( - comm_base_internal(base), tube->event, &tube_handle_signal, tube); - return tube->ev_listen ? 1 : 0; -} - -int tube_setup_bg_write(struct tube* ATTR_UNUSED(tube), - struct comm_base* ATTR_UNUSED(base)) -{ - /* the queue item routine performs the signaling */ - return 1; -} - -int tube_queue_item(struct tube* tube, uint8_t* msg, size_t len) -{ - struct tube_res_list* item = - (struct tube_res_list*)malloc(sizeof(*item)); - verbose(VERB_ALGO, "tube queue_item len %d", (int)len); - if(!item) { - free(msg); - log_err("out of memory for async answer"); - return 0; - } - item->buf = msg; - item->len = len; - item->next = NULL; - lock_basic_lock(&tube->res_lock); - /* add at back of list, since the first one may be partially written */ - if(tube->res_last) - tube->res_last->next = item; - else tube->res_list = item; - tube->res_last = item; - /* signal the eventhandle */ - if(!WSASetEvent(tube->event)) { - log_err("WSASetEvent: %s", wsa_strerror(WSAGetLastError())); - } - lock_basic_unlock(&tube->res_lock); - return 1; -} - -void tube_handle_signal(int ATTR_UNUSED(fd), short ATTR_UNUSED(events), - void* arg) -{ - struct tube* tube = (struct tube*)arg; - uint8_t* buf; - uint32_t len = 0; - verbose(VERB_ALGO, "tube handle_signal"); - while(tube_poll(tube)) { - if(tube_read_msg(tube, &buf, &len, 1)) { - fptr_ok(fptr_whitelist_tube_listen(tube->listen_cb)); - (*tube->listen_cb)(tube, buf, len, NETEVENT_NOERROR, - tube->listen_arg); - } - } -} - -#endif /* USE_WINSOCK */ diff --git a/external/unbound/util/tube.h b/external/unbound/util/tube.h deleted file mode 100644 index 5b1fdb8e8..000000000 --- a/external/unbound/util/tube.h +++ /dev/null @@ -1,272 +0,0 @@ -/* - * util/tube.h - pipe service - * - * Copyright (c) 2008, NLnet Labs. All rights reserved. - * - * This software is open source. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * Redistributions of source code must retain the above copyright notice, - * this list of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, - * this list of conditions and the following disclaimer in the documentation - * and/or other materials provided with the distribution. - * - * Neither the name of the NLNET LABS nor the names of its contributors may - * be used to endorse or promote products derived from this software without - * specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR - * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT - * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED - * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR - * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF - * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING - * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -/** - * \file - * - * This file contains pipe service functions. - */ - -#ifndef UTIL_TUBE_H -#define UTIL_TUBE_H -struct comm_reply; -struct comm_point; -struct comm_base; -struct tube; -struct tube_res_list; -#ifdef USE_WINSOCK -#include "util/locks.h" -#endif - -/** - * Callback from pipe listen function - * void mycallback(tube, msg, len, error, user_argument); - * if error is true (NETEVENT_*), msg is probably NULL. - */ -typedef void tube_callback_type(struct tube*, uint8_t*, size_t, int, void*); - -/** - * A pipe - */ -struct tube { -#ifndef USE_WINSOCK - /** pipe end to read from */ - int sr; - /** pipe end to write on */ - int sw; - - /** listen commpoint */ - struct comm_point* listen_com; - /** listen callback */ - tube_callback_type* listen_cb; - /** listen callback user arg */ - void* listen_arg; - /** are we currently reading a command, 0 if not, else bytecount */ - size_t cmd_read; - /** size of current read command, may be partially read */ - uint32_t cmd_len; - /** the current read command content, malloced, can be partially read*/ - uint8_t* cmd_msg; - - /** background write queue, commpoint to write results back */ - struct comm_point* res_com; - /** are we currently writing a result, 0 if not, else bytecount into - * the res_list first entry. */ - size_t res_write; - /** list of outstanding results to be written back */ - struct tube_res_list* res_list; - /** last in list */ - struct tube_res_list* res_last; - -#else /* USE_WINSOCK */ - /** listen callback */ - tube_callback_type* listen_cb; - /** listen callback user arg */ - void* listen_arg; - /** the windows sockets event (signaled if items in pipe) */ - WSAEVENT event; - /** winsock event storage when registered with event base */ - struct ub_event* ev_listen; - - /** lock on the list of outstanding items */ - lock_basic_type res_lock; - /** list of outstanding results on pipe */ - struct tube_res_list* res_list; - /** last in list */ - struct tube_res_list* res_last; -#endif /* USE_WINSOCK */ -}; - -/** - * List of results (arbitrary command serializations) to write back - */ -struct tube_res_list { - /** next in list */ - struct tube_res_list* next; - /** serialized buffer to write */ - uint8_t* buf; - /** length to write */ - uint32_t len; -}; - -/** - * Create a pipe - * @return: new tube struct or NULL on error. - */ -struct tube* tube_create(void); - -/** - * Delete and destroy a pipe - * @param tube: to delete - */ -void tube_delete(struct tube* tube); - -/** - * Write length bytes followed by message. - * @param tube: the tube to write on. - * If that tube is a pipe, its write fd is used as - * the socket to write on. Is nonblocking. - * Set to blocking by the function, - * and back to non-blocking at exit of function. - * @param buf: the message. - * @param len: length of message. - * @param nonblock: if set to true, the first write is nonblocking. - * If the first write fails the function returns -1. - * If set false, the first write is blocking. - * @return: all remainder writes are nonblocking. - * return 0 on error, in that case blocking/nonblocking of socket is - * unknown. - * return 1 if all OK. - */ -int tube_write_msg(struct tube* tube, uint8_t* buf, uint32_t len, - int nonblock); - -/** - * Read length bytes followed by message. - * @param tube: The tube to read on. - * If that tube is a pipe, its read fd is used as - * the socket to read on. Is nonblocking. - * Set to blocking by the function, - * and back to non-blocking at exit of function. - * @param buf: the message, malloced. - * @param len: length of message, returned. - * @param nonblock: if set to true, the first read is nonblocking. - * If the first read fails the function returns -1. - * If set false, the first read is blocking. - * @return: all remainder reads are nonblocking. - * return 0 on error, in that case blocking/nonblocking of socket is - * unknown. On EOF 0 is returned. - * return 1 if all OK. - */ -int tube_read_msg(struct tube* tube, uint8_t** buf, uint32_t* len, - int nonblock); - -/** - * Close read part of the pipe. - * The tube can no longer be read from. - * @param tube: tube to operate on. - */ -void tube_close_read(struct tube* tube); - -/** - * Close write part of the pipe. - * The tube can no longer be written to. - * @param tube: tube to operate on. - */ -void tube_close_write(struct tube* tube); - -/** - * See if data is ready for reading on the tube without blocking. - * @param tube: tube to check for readable items - * @return true if readable items are present. False if not (or error). - * true on pipe_closed. - */ -int tube_poll(struct tube* tube); - -/** - * Wait for data to be ready for reading on the tube. is blocking. - * No timeout. - * @param tube: the tube to wait on. - * @return: if there was something to read (false on error). - * true on pipe_closed. - */ -int tube_wait(struct tube* tube); - -/** - * Get FD that is readable when new information arrives. - * @param tube - * @return file descriptor. - */ -int tube_read_fd(struct tube* tube); - -/** - * Start listening for information over the pipe. - * Background registration of a read listener, callback when read completed. - * Do not mix with tube_read_msg style direct reads from the pipe. - * @param tube: tube to listen on - * @param base: what base to register event callback. - * @param cb: callback routine. - * @param arg: user argument for callback routine. - * @return true if successful, false on error. - */ -int tube_setup_bg_listen(struct tube* tube, struct comm_base* base, - tube_callback_type* cb, void* arg); - -/** - * Remove bg listen setup from event base. - * @param tube: what tube to cleanup - */ -void tube_remove_bg_listen(struct tube* tube); - -/** - * Start background write handler for the pipe. - * Do not mix with tube_write_msg style direct writes to the pipe. - * @param tube: tube to write on - * @param base: what base to register event handler on. - * @return true if successful, false on error. - */ -int tube_setup_bg_write(struct tube* tube, struct comm_base* base); - -/** - * Remove bg write setup from event base. - * @param tube: what tube to cleanup - */ -void tube_remove_bg_write(struct tube* tube); - - -/** - * Append data item to background list of writes. - * Mallocs a list entry behind the scenes. - * Not locked behind the scenes, call from one thread or lock on outside. - * @param tube: what tube to queue on. - * @param msg: memory message to send. Is free()d after use. - * Put at the end of the to-send queue. - * @param len: length of item. - * @return 0 on failure (msg freed). - */ -int tube_queue_item(struct tube* tube, uint8_t* msg, size_t len); - -/** for fptr wlist, callback function */ -int tube_handle_listen(struct comm_point* c, void* arg, int error, - struct comm_reply* reply_info); - -/** for fptr wlist, callback function */ -int tube_handle_write(struct comm_point* c, void* arg, int error, - struct comm_reply* reply_info); - -/** for fptr wlist, winsock signal event callback function */ -void tube_handle_signal(int fd, short events, void* arg); - -#endif /* UTIL_TUBE_H */ diff --git a/external/unbound/util/ub_event.c b/external/unbound/util/ub_event.c deleted file mode 100644 index 3b92be1a3..000000000 --- a/external/unbound/util/ub_event.c +++ /dev/null @@ -1,444 +0,0 @@ -/* - * util/ub_event.c - directly call libevent (compatability) functions - * - * Copyright (c) 2007, NLnet Labs. All rights reserved. - * - * This software is open source. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * Redistributions of source code must retain the above copyright notice, - * this list of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, - * this list of conditions and the following disclaimer in the documentation - * and/or other materials provided with the distribution. - * - * Neither the name of the NLNET LABS nor the names of its contributors may - * be used to endorse or promote products derived from this software without - * specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR - * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT - * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED - * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR - * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF - * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING - * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -/** - * \file - * - * This file contains and implementation for the indirection layer for pluggable - * events that transparently passes it either directly to libevent, or calls - * the libevent compatibility layer functions. - */ -#include "config.h" -#include -#include "util/ub_event.h" -#include "util/log.h" -#include "util/netevent.h" -#include "util/tube.h" - -/* We define libevent structures here to hide the libevent stuff. */ - -#ifdef USE_MINI_EVENT -# ifdef USE_WINSOCK -# include "util/winsock_event.h" -# else -# include "util/mini_event.h" -# endif /* USE_WINSOCK */ -#else /* USE_MINI_EVENT */ - /* we use libevent */ -# ifdef HAVE_EVENT_H -# include -# else -# include "event2/event.h" -# include "event2/event_struct.h" -# include "event2/event_compat.h" -# endif -#endif /* USE_MINI_EVENT */ - -#if UB_EV_TIMEOUT != EV_TIMEOUT || UB_EV_READ != EV_READ || \ - UB_EV_WRITE != EV_WRITE || UB_EV_SIGNAL != EV_SIGNAL || \ - UB_EV_PERSIST != EV_PERSIST -/* Only necessary for libev */ -# define NATIVE_BITS(b) ( \ - (((b) & UB_EV_TIMEOUT) ? EV_TIMEOUT : 0) \ - | (((b) & UB_EV_READ ) ? EV_READ : 0) \ - | (((b) & UB_EV_WRITE ) ? EV_WRITE : 0) \ - | (((b) & UB_EV_SIGNAL ) ? EV_SIGNAL : 0) \ - | (((b) & UB_EV_PERSIST) ? EV_PERSIST : 0)) - -# define UB_EV_BITS(b) ( \ - (((b) & EV_TIMEOUT) ? UB_EV_TIMEOUT : 0) \ - | (((b) & EV_READ ) ? UB_EV_READ : 0) \ - | (((b) & EV_WRITE ) ? UB_EV_WRITE : 0) \ - | (((b) & EV_SIGNAL ) ? UB_EV_SIGNAL : 0) \ - | (((b) & EV_PERSIST) ? UB_EV_PERSIST : 0)) - -# define UB_EV_BITS_CB(C) void my_ ## C (int fd, short bits, void *arg) \ - { (C)(fd, UB_EV_BITS(bits), arg); } - -UB_EV_BITS_CB(comm_point_udp_callback); -UB_EV_BITS_CB(comm_point_udp_ancil_callback) -UB_EV_BITS_CB(comm_point_tcp_accept_callback) -UB_EV_BITS_CB(comm_point_tcp_handle_callback) -UB_EV_BITS_CB(comm_timer_callback) -UB_EV_BITS_CB(comm_signal_callback) -UB_EV_BITS_CB(comm_point_local_handle_callback) -UB_EV_BITS_CB(comm_point_raw_handle_callback) -UB_EV_BITS_CB(tube_handle_signal) -UB_EV_BITS_CB(comm_base_handle_slow_accept) - -static void (*NATIVE_BITS_CB(void (*cb)(int, short, void*)))(int, short, void*) -{ - if(cb == comm_point_udp_callback) - return my_comm_point_udp_callback; - else if(cb == comm_point_udp_ancil_callback) - return my_comm_point_udp_ancil_callback; - else if(cb == comm_point_tcp_accept_callback) - return my_comm_point_tcp_accept_callback; - else if(cb == comm_point_tcp_handle_callback) - return my_comm_point_tcp_handle_callback; - else if(cb == comm_timer_callback) - return my_comm_timer_callback; - else if(cb == comm_signal_callback) - return my_comm_signal_callback; - else if(cb == comm_point_local_handle_callback) - return my_comm_point_local_handle_callback; - else if(cb == comm_point_raw_handle_callback) - return my_comm_point_raw_handle_callback; - else if(cb == tube_handle_signal) - return my_tube_handle_signal; - else if(cb == comm_base_handle_slow_accept) - return my_comm_base_handle_slow_accept; - else - return NULL; -} -#else -# define NATIVE_BITS(b) (b) -# define NATIVE_BITS_CB(c) (c) -#endif - -#ifndef EVFLAG_AUTO -#define EVFLAG_AUTO 0 -#endif - -#define AS_EVENT_BASE(x) ((struct event_base*)x) -#define AS_UB_EVENT_BASE(x) ((struct ub_event_base*)x) -#define AS_EVENT(x) ((struct event*)x) -#define AS_UB_EVENT(x) ((struct ub_event*)x) - -const char* ub_event_get_version(void) -{ - return event_get_version(); -} - -#if (defined(HAVE_EV_LOOP) || defined(HAVE_EV_DEFAULT_LOOP)) && defined(EVBACKEND_SELECT) -static const char* ub_ev_backend2str(int b) -{ - switch(b) { - case EVBACKEND_SELECT: return "select"; - case EVBACKEND_POLL: return "poll"; - case EVBACKEND_EPOLL: return "epoll"; - case EVBACKEND_KQUEUE: return "kqueue"; - case EVBACKEND_DEVPOLL: return "devpoll"; - case EVBACKEND_PORT: return "evport"; - } - return "unknown"; -} -#endif - -void -ub_get_event_sys(struct ub_event_base* base, const char** n, const char** s, - const char** m) -{ -#ifdef USE_WINSOCK - (void)base; - *n = "event"; - *s = "winsock"; - *m = "WSAWaitForMultipleEvents"; -#elif defined(USE_MINI_EVENT) - (void)base; - *n = "mini-event"; - *s = "internal"; - *m = "select"; -#else - struct event_base* b = AS_EVENT_BASE(base); - *s = event_get_version(); -# if defined(HAVE_EV_LOOP) || defined(HAVE_EV_DEFAULT_LOOP) - *n = "libev"; - if (!b) - b = (struct event_base*)ev_default_loop(EVFLAG_AUTO); -# ifdef EVBACKEND_SELECT - *m = ub_ev_backend2str(ev_backend((struct ev_loop*)b)); -# else - *m = "not obtainable"; -# endif -# elif defined(HAVE_EVENT_BASE_GET_METHOD) - *n = "libevent"; - if (!b) - b = event_base_new(); - *m = event_base_get_method(b); -# else - *n = "unknown"; - *m = "not obtainable"; - (void)b; -# endif -# ifdef HAVE_EVENT_BASE_FREE - if (b && b != AS_EVENT_BASE(base)) - event_base_free(b); -# endif -#endif -} - -struct ub_event_base* -ub_default_event_base(int sigs, time_t* time_secs, struct timeval* time_tv) -{ - void* base; - - (void)base; -#ifdef USE_MINI_EVENT - (void)sigs; - /* use mini event time-sharing feature */ - base = event_init(time_secs, time_tv); -#else - (void)time_secs; - (void)time_tv; -# if defined(HAVE_EV_LOOP) || defined(HAVE_EV_DEFAULT_LOOP) - /* libev */ - if(sigs) - base = ev_default_loop(EVFLAG_AUTO); - else - base = ev_loop_new(EVFLAG_AUTO); -# else - (void)sigs; -# ifdef HAVE_EVENT_BASE_NEW - base = event_base_new(); -# else - base = event_init(); -# endif -# endif -#endif - return (struct ub_event_base*)base; -} - -struct ub_event_base * -ub_libevent_event_base(struct event_base* libevent_base) -{ -#ifdef USE_MINI_EVENT - (void)libevent_base; - return NULL; -#else - return AS_UB_EVENT_BASE(libevent_base); -#endif -} - -struct event_base * -ub_libevent_get_event_base(struct ub_event_base* base) -{ -#ifdef USE_MINI_EVENT - (void)base; - return NULL; -#else - return AS_EVENT_BASE(base); -#endif -} - -void -ub_event_base_free(struct ub_event_base* base) -{ -#ifdef USE_MINI_EVENT - event_base_free(AS_EVENT_BASE(base)); -#elif defined(HAVE_EVENT_BASE_FREE) && defined(HAVE_EVENT_BASE_ONCE) - /* only libevent 1.2+ has it, but in 1.2 it is broken - - assertion fails on signal handling ev that is not deleted - in libevent 1.3c (event_base_once appears) this is fixed. */ - event_base_free(AS_EVENT_BASE(base)); -#else - (void)base; -#endif /* HAVE_EVENT_BASE_FREE and HAVE_EVENT_BASE_ONCE */ -} - -int -ub_event_base_dispatch(struct ub_event_base* base) -{ - return event_base_dispatch(AS_EVENT_BASE(base)); -} - -int -ub_event_base_loopexit(struct ub_event_base* base) -{ - return event_base_loopexit(AS_EVENT_BASE(base), NULL); -} - -struct ub_event* -ub_event_new(struct ub_event_base* base, int fd, short bits, - void (*cb)(int, short, void*), void* arg) -{ - struct event *ev = (struct event*)calloc(1, sizeof(struct event)); - - if (!ev) - return NULL; - - event_set(ev, fd, NATIVE_BITS(bits), NATIVE_BITS_CB(cb), arg); - if (event_base_set(AS_EVENT_BASE(base), ev) != 0) { - free(ev); - return NULL; - } - return AS_UB_EVENT(ev); -} - -struct ub_event* -ub_signal_new(struct ub_event_base* base, int fd, - void (*cb)(int, short, void*), void* arg) -{ - struct event *ev = (struct event*)calloc(1, sizeof(struct event)); - - if (!ev) - return NULL; - - signal_set(ev, fd, NATIVE_BITS_CB(cb), arg); - if (event_base_set(AS_EVENT_BASE(base), ev) != 0) { - free(ev); - return NULL; - } - return AS_UB_EVENT(ev); -} - -struct ub_event* -ub_winsock_register_wsaevent(struct ub_event_base* base, void* wsaevent, - void (*cb)(int, short, void*), void* arg) -{ -#if defined(USE_MINI_EVENT) && defined(USE_WINSOCK) - struct event *ev = (struct event*)calloc(1, sizeof(struct event)); - - if (!ev) - return NULL; - - if (winsock_register_wsaevent(AS_EVENT_BASE(base), ev, wsaevent, cb, - arg)) - return AS_UB_EVENT(ev); - free(ev); - return NULL; -#else - (void)base; - (void)wsaevent; - (void)cb; - (void)arg; - return NULL; -#endif -} - -void -ub_event_add_bits(struct ub_event* ev, short bits) -{ - AS_EVENT(ev)->ev_events |= NATIVE_BITS(bits); -} - -void -ub_event_del_bits(struct ub_event* ev, short bits) -{ - AS_EVENT(ev)->ev_events &= ~NATIVE_BITS(bits); -} - -void -ub_event_set_fd(struct ub_event* ev, int fd) -{ - AS_EVENT(ev)->ev_fd = fd; -} - -void -ub_event_free(struct ub_event* ev) -{ - if (ev) - free(AS_EVENT(ev)); -} - -int -ub_event_add(struct ub_event* ev, struct timeval* tv) -{ - return event_add(AS_EVENT(ev), tv); -} - -int -ub_event_del(struct ub_event* ev) -{ - return event_del(AS_EVENT(ev)); -} - -int -ub_timer_add(struct ub_event* ev, struct ub_event_base* base, - void (*cb)(int, short, void*), void* arg, struct timeval* tv) -{ - event_set(AS_EVENT(ev), -1, EV_TIMEOUT, NATIVE_BITS_CB(cb), arg); - if (event_base_set(AS_EVENT_BASE(base), AS_EVENT(ev)) != 0) - return -1; - return evtimer_add(AS_EVENT(ev), tv); -} - -int -ub_timer_del(struct ub_event* ev) -{ - return evtimer_del(AS_EVENT(ev)); -} - -int -ub_signal_add(struct ub_event* ev, struct timeval* tv) -{ - return signal_add(AS_EVENT(ev), tv); -} - -int -ub_signal_del(struct ub_event* ev) -{ - return signal_del(AS_EVENT(ev)); -} - -void -ub_winsock_unregister_wsaevent(struct ub_event* ev) -{ -#if defined(USE_MINI_EVENT) && defined(USE_WINSOCK) - winsock_unregister_wsaevent(AS_EVENT(ev)); - free(AS_EVENT(ev)); -#else - (void)ev; -#endif -} - -void -ub_winsock_tcp_wouldblock(struct ub_event* ev, int eventbits) -{ -#if defined(USE_MINI_EVENT) && defined(USE_WINSOCK) - winsock_tcp_wouldblock(AS_EVENT(ev), NATIVE_BITS(eventbits)); -#else - (void)ev; - (void)eventbits; -#endif -} - -void ub_comm_base_now(struct comm_base* cb) -{ - #ifdef USE_MINI_EVENT -/** minievent updates the time when it blocks. */ - (void)cb; /* nothing to do */ -#else /* !USE_MINI_EVENT */ -/** fillup the time values in the event base */ - time_t *tt; - struct timeval *tv; - comm_base_timept(cb, &tt, &tv); - if(gettimeofday(tv, NULL) < 0) { - log_err("gettimeofday: %s", strerror(errno)); - } - *tt = tv->tv_sec; -#endif /* USE_MINI_EVENT */ -} - diff --git a/external/unbound/util/ub_event.h b/external/unbound/util/ub_event.h deleted file mode 100644 index 9739e6d83..000000000 --- a/external/unbound/util/ub_event.h +++ /dev/null @@ -1,127 +0,0 @@ -/* - * util/ub_event.h - indirection layer for pluggable events - * - * Copyright (c) 2007, NLnet Labs. All rights reserved. - * - * This software is open source. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * Redistributions of source code must retain the above copyright notice, - * this list of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, - * this list of conditions and the following disclaimer in the documentation - * and/or other materials provided with the distribution. - * - * Neither the name of the NLNET LABS nor the names of its contributors may - * be used to endorse or promote products derived from this software without - * specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR - * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT - * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED - * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR - * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF - * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING - * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -/** - * \file - * - * This file contains prototypes for event loop functions. - * - */ - -#ifndef UB_EVENT_H -#define UB_EVENT_H - -struct ub_event_base; -struct ub_event; -struct comm_base; -struct event_base; - -/** event timeout */ -#define UB_EV_TIMEOUT 0x01 -/** event fd readable */ -#define UB_EV_READ 0x02 -/** event fd writable */ -#define UB_EV_WRITE 0x04 -/** event signal */ -#define UB_EV_SIGNAL 0x08 -/** event must persist */ -#define UB_EV_PERSIST 0x10 - -/** Returns event-base type. Could be "mini-event", "winsock-event" for the - * daemon compile, and will be "pluggable-event" for - * libunbound. - */ -const char* ub_event_get_version(void); -/** Return the name, system and method for the pluggable event base */ -void ub_get_event_sys(struct ub_event_base*, const char** n, const char** s, - const char** m); -/** Return a default event base. In the deamon thess will be the only event - * bases used. - */ -struct ub_event_base* ub_default_event_base(int, time_t*, struct timeval*); -/** Return an ub_event_base constructed for the given libevent event base */ -struct ub_event_base* ub_libevent_event_base(struct event_base*); -/** Return the libevent base underlying the given ub_event_base. Will return - * NULL when the ub_event_base does not have an underlying libevent event base - */ -struct event_base* ub_libevent_get_event_base(struct ub_event_base*); -/** Free event base. Free events yourself */ -void ub_event_base_free(struct ub_event_base*); -/** Run the event base */ -int ub_event_base_dispatch(struct ub_event_base*); -/** exit that loop */ -int ub_event_base_loopexit(struct ub_event_base*); - -/** Create a new ub_event for the event base */ -struct ub_event* ub_event_new(struct ub_event_base*, - int fd, short bits, void (*cb)(int, short, void*), void* arg); -/** Create a new ub_event signal for the event base */ -struct ub_event* ub_signal_new(struct ub_event_base*, int fd, - void (*cb)(int, short, void*), void* arg); -/** Create a new ub_event associated with the wsaevent for the event base */ -struct ub_event* ub_winsock_register_wsaevent(struct ub_event_base*, - void* wsaevent, void (*cb)(int, short, void*), void* arg); - -/** Add event bits for this event to fire on */ -void ub_event_add_bits(struct ub_event*, short bits); - /** Configure the event so it will not longer fire on given bits */ -void ub_event_del_bits(struct ub_event*, short bits); -/** Change or set the file descriptor on the event */ -void ub_event_set_fd(struct ub_event*, int fd); -/** free the event */ -void ub_event_free(struct ub_event*); -/** Activate the event. The given timeval is an timeout value. */ -int ub_event_add(struct ub_event*, struct timeval*); -/** Deactivate the event */ -int ub_event_del(struct ub_event*); -/** Reconfigure and activate a timeout event */ -int ub_timer_add(struct ub_event*, struct ub_event_base*, - void (*cb)(int, short, void*), void* arg, struct timeval*); -/** Deactivate the timeout event */ -int ub_timer_del(struct ub_event*); -/** Activate a signal event */ -int ub_signal_add(struct ub_event*, struct timeval*); -/** Deactivate a signal event */ -int ub_signal_del(struct ub_event*); -/** Free a with a wsaevent associated event */ -void ub_winsock_unregister_wsaevent(struct ub_event* ev); -/** Signal the eventloop when a TCP windows socket will block on next read - * or write (given by the eventbits) - */ -void ub_winsock_tcp_wouldblock(struct ub_event*, int bits); -/** Equip the comm_base with the current time */ -void ub_comm_base_now(struct comm_base* cb); - -#endif /* UB_EVENT_H */ diff --git a/external/unbound/util/ub_event_pluggable.c b/external/unbound/util/ub_event_pluggable.c deleted file mode 100644 index 4a9451263..000000000 --- a/external/unbound/util/ub_event_pluggable.c +++ /dev/null @@ -1,692 +0,0 @@ -/* - * util/ub_event_pluggable.c - call registered pluggable event functions - * - * Copyright (c) 2007, NLnet Labs. All rights reserved. - * - * This software is open source. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * Redistributions of source code must retain the above copyright notice, - * this list of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, - * this list of conditions and the following disclaimer in the documentation - * and/or other materials provided with the distribution. - * - * Neither the name of the NLNET LABS nor the names of its contributors may - * be used to endorse or promote products derived from this software without - * specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR - * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT - * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED - * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR - * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF - * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING - * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -/** - * \file - * - * This file contains an implementation for the indirection layer for pluggable - * events that calls the registered pluggable event loop. It also defines a - * default pluggable event loop based on the default libevent (compatibility) - * functions. - */ -#include "config.h" -#include -#include "util/ub_event.h" -#include "libunbound/unbound-event.h" -#include "util/netevent.h" -#include "util/log.h" -#include "util/fptr_wlist.h" - -/* We define libevent structures here to hide the libevent stuff. */ - -#ifdef USE_MINI_EVENT -# ifdef USE_WINSOCK -# include "util/winsock_event.h" -# else -# include "util/mini_event.h" -# endif /* USE_WINSOCK */ -#else /* USE_MINI_EVENT */ - /* we use libevent */ -# ifdef HAVE_EVENT_H -# include -# else -# include "event2/event.h" -# include "event2/event_struct.h" -# include "event2/event_compat.h" -# endif -#endif /* USE_MINI_EVENT */ - -#if UB_EV_TIMEOUT != EV_TIMEOUT || UB_EV_READ != EV_READ || \ - UB_EV_WRITE != EV_WRITE || UB_EV_SIGNAL != EV_SIGNAL || \ - UB_EV_PERSIST != EV_PERSIST -/* Only necessary for libev */ -# define NATIVE_BITS(b) ( \ - (((b) & UB_EV_TIMEOUT) ? EV_TIMEOUT : 0) \ - | (((b) & UB_EV_READ ) ? EV_READ : 0) \ - | (((b) & UB_EV_WRITE ) ? EV_WRITE : 0) \ - | (((b) & UB_EV_SIGNAL ) ? EV_SIGNAL : 0) \ - | (((b) & UB_EV_PERSIST) ? EV_PERSIST : 0)) - -# define UB_EV_BITS(b) ( \ - (((b) & EV_TIMEOUT) ? UB_EV_TIMEOUT : 0) \ - | (((b) & EV_READ ) ? UB_EV_READ : 0) \ - | (((b) & EV_WRITE ) ? UB_EV_WRITE : 0) \ - | (((b) & EV_SIGNAL ) ? UB_EV_SIGNAL : 0) \ - | (((b) & EV_PERSIST) ? UB_EV_PERSIST : 0)) - -# define UB_EV_BITS_CB(C) void my_ ## C (int fd, short bits, void *arg) \ - { (C)(fd, UB_EV_BITS(bits), arg); } - -UB_EV_BITS_CB(comm_point_udp_callback); -UB_EV_BITS_CB(comm_point_udp_ancil_callback) -UB_EV_BITS_CB(comm_point_tcp_accept_callback) -UB_EV_BITS_CB(comm_point_tcp_handle_callback) -UB_EV_BITS_CB(comm_timer_callback) -UB_EV_BITS_CB(comm_signal_callback) -UB_EV_BITS_CB(comm_point_local_handle_callback) -UB_EV_BITS_CB(comm_point_raw_handle_callback) -UB_EV_BITS_CB(tube_handle_signal) -UB_EV_BITS_CB(comm_base_handle_slow_accept) - -static void (*NATIVE_BITS_CB(void (*cb)(int, short, void*)))(int, short, void*) -{ - if(cb == comm_point_udp_callback) - return my_comm_point_udp_callback; - else if(cb == comm_point_udp_ancil_callback) - return my_comm_point_udp_ancil_callback; - else if(cb == comm_point_tcp_accept_callback) - return my_comm_point_tcp_accept_callback; - else if(cb == comm_point_tcp_handle_callback) - return my_comm_point_tcp_handle_callback; - else if(cb == comm_timer_callback) - return my_comm_timer_callback; - else if(cb == comm_signal_callback) - return my_comm_signal_callback; - else if(cb == comm_point_local_handle_callback) - return my_comm_point_local_handle_callback; - else if(cb == comm_point_raw_handle_callback) - return my_comm_point_raw_handle_callback; - else if(cb == tube_handle_signal) - return my_tube_handle_signal; - else if(cb == comm_base_handle_slow_accept) - return my_comm_base_handle_slow_accept; - else - return NULL; -} -#else -# define NATIVE_BITS(b) (b) -# define NATIVE_BITS_CB(c) (c) -#endif - -#ifndef EVFLAG_AUTO -#define EVFLAG_AUTO 0 -#endif - -struct my_event_base { - struct ub_event_base super; - struct event_base* base; -}; - -struct my_event { - struct ub_event super; - struct event ev; -}; - -#define AS_MY_EVENT_BASE(x) ((struct my_event_base*)x) -#define AS_MY_EVENT(x) ((struct my_event*)x) - -const char* ub_event_get_version(void) -{ - return "pluggable-event"PACKAGE_VERSION; -} - -static void -my_event_add_bits(struct ub_event* ev, short bits) -{ - AS_MY_EVENT(ev)->ev.ev_events |= NATIVE_BITS(bits); -} - -static void -my_event_del_bits(struct ub_event* ev, short bits) -{ - AS_MY_EVENT(ev)->ev.ev_events &= ~NATIVE_BITS(bits); -} - -static void -my_event_set_fd(struct ub_event* ev, int fd) -{ - AS_MY_EVENT(ev)->ev.ev_fd = fd; -} - -static void -my_event_free(struct ub_event* ev) -{ - free(AS_MY_EVENT(ev)); -} - -static int -my_event_add(struct ub_event* ev, struct timeval* tv) -{ - return event_add(&AS_MY_EVENT(ev)->ev, tv); -} - -static int -my_event_del(struct ub_event* ev) -{ - return event_del(&AS_MY_EVENT(ev)->ev); -} - -static int -my_timer_add(struct ub_event* ev, struct ub_event_base* base, - void (*cb)(int, short, void*), void* arg, struct timeval* tv) -{ - event_set(&AS_MY_EVENT(ev)->ev, -1, EV_TIMEOUT,NATIVE_BITS_CB(cb),arg); - if (event_base_set(AS_MY_EVENT_BASE(base)->base, &AS_MY_EVENT(ev)->ev) - != 0) - return -1; - return evtimer_add(&AS_MY_EVENT(ev)->ev, tv); -} - -static int -my_timer_del(struct ub_event* ev) -{ - return evtimer_del(&AS_MY_EVENT(ev)->ev); -} - -static int -my_signal_add(struct ub_event* ev, struct timeval* tv) -{ - return signal_add(&AS_MY_EVENT(ev)->ev, tv); -} - -static int -my_signal_del(struct ub_event* ev) -{ - return signal_del(&AS_MY_EVENT(ev)->ev); -} - -static void -my_winsock_unregister_wsaevent(struct ub_event* ev) -{ -#if defined(USE_MINI_EVENT) && defined(USE_WINSOCK) - winsock_unregister_wsaevent(&AS_MY_EVENT(ev)->ev); - free(AS_MY_EVENT(ev)); -#else - (void)ev; -#endif -} - -static void -my_winsock_tcp_wouldblock(struct ub_event* ev, int eventbits) -{ -#if defined(USE_MINI_EVENT) && defined(USE_WINSOCK) - winsock_tcp_wouldblock(&AS_MY_EVENT(ev)->ev, NATIVE_BITS(eventbits)); -#else - (void)ev; - (void)eventbits; -#endif -} - -static struct ub_event_vmt default_event_vmt = { - my_event_add_bits, my_event_del_bits, my_event_set_fd, - my_event_free, my_event_add, my_event_del, - my_timer_add, my_timer_del, my_signal_add, my_signal_del, - my_winsock_unregister_wsaevent, my_winsock_tcp_wouldblock -}; - -static void -my_event_base_free(struct ub_event_base* base) -{ -#ifdef USE_MINI_EVENT - event_base_free(AS_MY_EVENT_BASE(base)->base); -#elif defined(HAVE_EVENT_BASE_FREE) && defined(HAVE_EVENT_BASE_ONCE) - /* only libevent 1.2+ has it, but in 1.2 it is broken - - assertion fails on signal handling ev that is not deleted - in libevent 1.3c (event_base_once appears) this is fixed. */ - event_base_free(AS_MY_EVENT_BASE(base)->base); -#endif /* HAVE_EVENT_BASE_FREE and HAVE_EVENT_BASE_ONCE */ - free(AS_MY_EVENT_BASE(base)); -} - -static int -my_event_base_dispatch(struct ub_event_base* base) -{ - return event_base_dispatch(AS_MY_EVENT_BASE(base)->base); -} - -static int -my_event_base_loopexit(struct ub_event_base* base, struct timeval* tv) -{ - return event_base_loopexit(AS_MY_EVENT_BASE(base)->base, tv); -} - -static struct ub_event* -my_event_new(struct ub_event_base* base, int fd, short bits, - void (*cb)(int, short, void*), void* arg) -{ - struct my_event *my_ev = (struct my_event*)calloc(1, - sizeof(struct my_event)); - - if (!my_ev) - return NULL; - - event_set(&my_ev->ev, fd, NATIVE_BITS(bits), NATIVE_BITS_CB(cb), arg); - if (event_base_set(AS_MY_EVENT_BASE(base)->base, &my_ev->ev) != 0) { - free(my_ev); - return NULL; - } - my_ev->super.magic = UB_EVENT_MAGIC; - my_ev->super.vmt = &default_event_vmt; - return &my_ev->super; -} - -static struct ub_event* -my_signal_new(struct ub_event_base* base, int fd, - void (*cb)(int, short, void*), void* arg) -{ - struct my_event *my_ev = (struct my_event*)calloc(1, - sizeof(struct my_event)); - - if (!my_ev) - return NULL; - - signal_set(&my_ev->ev, fd, NATIVE_BITS_CB(cb), arg); - if (event_base_set(AS_MY_EVENT_BASE(base)->base, &my_ev->ev) != 0) { - free(my_ev); - return NULL; - } - my_ev->super.magic = UB_EVENT_MAGIC; - my_ev->super.vmt = &default_event_vmt; - return &my_ev->super; -} - -static struct ub_event* -my_winsock_register_wsaevent(struct ub_event_base* base, void* wsaevent, - void (*cb)(int, short, void*), void* arg) -{ -#if defined(USE_MINI_EVENT) && defined(USE_WINSOCK) - struct my_event *my_ev = (struct my_event*)calloc(1, - sizeof(struct my_event)); - - if (!my_ev) - return NULL; - - if (!winsock_register_wsaevent(AS_MY_EVENT_BASE(base)->base, - &my_ev->ev, wsaevent, cb, arg)) { - free(my_ev); - return NULL; - - } - my_ev->super.magic = UB_EVENT_MAGIC; - my_ev->super.vmt = &default_event_vmt; - return &my_ev->super; -#else - (void)base; - (void)wsaevent; - (void)cb; - (void)arg; - return NULL; -#endif -} - -static struct ub_event_base_vmt default_event_base_vmt = { - my_event_base_free, my_event_base_dispatch, - my_event_base_loopexit, my_event_new, my_signal_new, - my_winsock_register_wsaevent -}; - -struct ub_event_base* -ub_default_event_base(int sigs, time_t* time_secs, struct timeval* time_tv) -{ - struct my_event_base* my_base = (struct my_event_base*)calloc(1, - sizeof(struct my_event_base)); - - if (!my_base) - return NULL; - -#ifdef USE_MINI_EVENT - (void)sigs; - /* use mini event time-sharing feature */ - my_base->base = event_init(time_secs, time_tv); -#else - (void)time_secs; - (void)time_tv; -# if defined(HAVE_EV_LOOP) || defined(HAVE_EV_DEFAULT_LOOP) - /* libev */ - if(sigs) - my_base->base = (struct event_base*)ev_default_loop(EVFLAG_AUTO); - else - my_base->base = (struct event_base*)ev_loop_new(EVFLAG_AUTO); -# else - (void)sigs; -# ifdef HAVE_EVENT_BASE_NEW - my_base->base = event_base_new(); -# else - my_base->base = event_init(); -# endif -# endif -#endif - if (!my_base->base) { - free(my_base); - return NULL; - } - my_base->super.magic = UB_EVENT_MAGIC; - my_base->super.vmt = &default_event_base_vmt; - return &my_base->super; -} - -struct ub_event_base* -ub_libevent_event_base(struct event_base* base) -{ -#ifdef USE_MINI_EVENT - (void)base; - return NULL; -#else - struct my_event_base* my_base = (struct my_event_base*)calloc(1, - sizeof(struct my_event_base)); - - if (!my_base) - return NULL; - my_base->super.magic = UB_EVENT_MAGIC; - my_base->super.vmt = &default_event_base_vmt; - my_base->base = base; - return &my_base->super; -#endif -} - -struct event_base* -ub_libevent_get_event_base(struct ub_event_base* base) -{ -#ifndef USE_MINI_EVENT - if (base->vmt == &default_event_base_vmt) - return AS_MY_EVENT_BASE(base)->base; -#else - (void)base; -#endif - return NULL; -} - -#if (defined(HAVE_EV_LOOP) || defined(HAVE_EV_DEFAULT_LOOP)) && defined(EVBACKEND_SELECT) -static const char* ub_ev_backend2str_pluggable(int b) -{ - switch(b) { - case EVBACKEND_SELECT: return "select"; - case EVBACKEND_POLL: return "poll"; - case EVBACKEND_EPOLL: return "epoll"; - case EVBACKEND_KQUEUE: return "kqueue"; - case EVBACKEND_DEVPOLL: return "devpoll"; - case EVBACKEND_PORT: return "evport"; - } - return "unknown"; -} -#endif - -void -ub_get_event_sys(struct ub_event_base* ub_base, const char** n, const char** s, - const char** m) -{ -#ifdef USE_WINSOCK - (void)ub_base; - *n = "pluggable-event"; - *s = "winsock"; - *m = "WSAWaitForMultipleEvents"; -#elif defined(USE_MINI_EVENT) - (void)ub_base; - *n = "pluggable-event"; - *s = "internal"; - *m = "select"; -#else - struct event_base* b = ub_libevent_get_event_base(ub_base); - /* This function is only called from comm_base_create, so - * ub_base is guaranteed to exist and to be the default - * event base. - */ - assert(b); - *n = "pluggable-event"; - *s = event_get_version(); -# if defined(HAVE_EV_LOOP) || defined(HAVE_EV_DEFAULT_LOOP) - *n = "pluggable-libev"; -# ifdef EVBACKEND_SELECT - *m = ub_ev_backend2str_pluggable(ev_backend((struct ev_loop*)b)); -# else - *m = "not obtainable"; -# endif -# elif defined(HAVE_EVENT_BASE_GET_METHOD) - *n = "pluggable-libevent"; - *m = event_base_get_method(b); -# else - *m = "not obtainable"; -# endif -#endif -} - -void -ub_event_base_free(struct ub_event_base* base) -{ - if (base && base->magic == UB_EVENT_MAGIC) { - fptr_ok(base->vmt != &default_event_base_vmt || - base->vmt->free == my_event_base_free); - (*base->vmt->free)(base); - } -} - -int -ub_event_base_dispatch(struct ub_event_base* base) -{ - if (base->magic == UB_EVENT_MAGIC) { - fptr_ok(base->vmt != &default_event_base_vmt || - base->vmt->dispatch == my_event_base_dispatch); - return (*base->vmt->dispatch)(base); - } - return -1; -} - -int -ub_event_base_loopexit(struct ub_event_base* base) -{ - if (base->magic == UB_EVENT_MAGIC) { - fptr_ok(base->vmt != &default_event_base_vmt || - base->vmt->loopexit == my_event_base_loopexit); - return (*base->vmt->loopexit)(base, NULL); - } - return -1; -} - -struct ub_event* -ub_event_new(struct ub_event_base* base, int fd, short bits, - void (*cb)(int, short, void*), void* arg) -{ - if (base->magic == UB_EVENT_MAGIC) { - fptr_ok(base->vmt != &default_event_base_vmt || - base->vmt->new_event == my_event_new); - return (*base->vmt->new_event)(base, fd, bits, cb, arg); - } - return NULL; -} - -struct ub_event* -ub_signal_new(struct ub_event_base* base, int fd, - void (*cb)(int, short, void*), void* arg) -{ - if (base->magic == UB_EVENT_MAGIC) { - fptr_ok(base->vmt != &default_event_base_vmt || - base->vmt->new_signal == my_signal_new); - return (*base->vmt->new_signal)(base, fd, cb, arg); - } - return NULL; -} - -struct ub_event* -ub_winsock_register_wsaevent(struct ub_event_base* base, void* wsaevent, - void (*cb)(int, short, void*), void* arg) -{ - if (base->magic == UB_EVENT_MAGIC) { - fptr_ok(base->vmt != &default_event_base_vmt || - base->vmt->winsock_register_wsaevent == - my_winsock_register_wsaevent); - return (*base->vmt->winsock_register_wsaevent)(base, wsaevent, cb, arg); - } - return NULL; -} - -void -ub_event_add_bits(struct ub_event* ev, short bits) -{ - if (ev->magic == UB_EVENT_MAGIC) { - fptr_ok(ev->vmt != &default_event_vmt || - ev->vmt->add_bits == my_event_add_bits); - (*ev->vmt->add_bits)(ev, bits); - } -} - -void -ub_event_del_bits(struct ub_event* ev, short bits) -{ - if (ev->magic == UB_EVENT_MAGIC) { - fptr_ok(ev->vmt != &default_event_vmt || - ev->vmt->del_bits == my_event_del_bits); - (*ev->vmt->del_bits)(ev, bits); - } -} - -void -ub_event_set_fd(struct ub_event* ev, int fd) -{ - if (ev->magic == UB_EVENT_MAGIC) { - fptr_ok(ev->vmt != &default_event_vmt || - ev->vmt->set_fd == my_event_set_fd); - (*ev->vmt->set_fd)(ev, fd); - } -} - -void -ub_event_free(struct ub_event* ev) -{ - if (ev && ev->magic == UB_EVENT_MAGIC) { - fptr_ok(ev->vmt != &default_event_vmt || - ev->vmt->free == my_event_free); - (*ev->vmt->free)(ev); - } -} - -int -ub_event_add(struct ub_event* ev, struct timeval* tv) -{ - if (ev->magic == UB_EVENT_MAGIC) { - fptr_ok(ev->vmt != &default_event_vmt || - ev->vmt->add == my_event_add); - return (*ev->vmt->add)(ev, tv); - } - return -1; -} - -int -ub_event_del(struct ub_event* ev) -{ - if (ev && ev->magic == UB_EVENT_MAGIC) { - fptr_ok(ev->vmt != &default_event_vmt || - ev->vmt->del == my_event_del); - return (*ev->vmt->del)(ev); - } - return -1; -} - -int -ub_timer_add(struct ub_event* ev, struct ub_event_base* base, - void (*cb)(int, short, void*), void* arg, struct timeval* tv) -{ - if (ev->magic == UB_EVENT_MAGIC) { - fptr_ok(ev->vmt != &default_event_vmt || - ev->vmt->add_timer == my_timer_add); - return (*ev->vmt->add_timer)(ev, base, cb, arg, tv); - } - return -1; -} - -int -ub_timer_del(struct ub_event* ev) -{ - if (ev && ev->magic == UB_EVENT_MAGIC) { - fptr_ok(ev->vmt != &default_event_vmt || - ev->vmt->del_timer == my_timer_del); - return (*ev->vmt->del_timer)(ev); - } - return -1; -} - -int -ub_signal_add(struct ub_event* ev, struct timeval* tv) -{ - if (ev->magic == UB_EVENT_MAGIC) { - fptr_ok(ev->vmt != &default_event_vmt || - ev->vmt->add_signal == my_signal_add); - return (*ev->vmt->add_signal)(ev, tv); - } - return -1; -} - -int -ub_signal_del(struct ub_event* ev) -{ - if (ev && ev->magic == UB_EVENT_MAGIC) { - fptr_ok(ev->vmt != &default_event_vmt || - ev->vmt->del_signal == my_signal_del); - return (*ev->vmt->del_signal)(ev); - } - return -1; -} - -void -ub_winsock_unregister_wsaevent(struct ub_event* ev) -{ - if (ev && ev->magic == UB_EVENT_MAGIC) { - fptr_ok(ev->vmt != &default_event_vmt || - ev->vmt->winsock_unregister_wsaevent == - my_winsock_unregister_wsaevent); - (*ev->vmt->winsock_unregister_wsaevent)(ev); - } -} - -void -ub_winsock_tcp_wouldblock(struct ub_event* ev, int eventbits) -{ - if (ev->magic == UB_EVENT_MAGIC) { - fptr_ok(ev->vmt != &default_event_vmt || - ev->vmt->winsock_tcp_wouldblock == - my_winsock_tcp_wouldblock); - (*ev->vmt->winsock_tcp_wouldblock)(ev, eventbits); - } -} - -void ub_comm_base_now(struct comm_base* cb) -{ - time_t *tt; - struct timeval *tv; - -#ifdef USE_MINI_EVENT -/** minievent updates the time when it blocks. */ - if (comm_base_internal(cb)->magic == UB_EVENT_MAGIC && - comm_base_internal(cb)->vmt == &default_event_base_vmt) - return; /* Actually using mini event, so do not set time */ -#endif /* USE_MINI_EVENT */ - -/** fillup the time values in the event base */ - comm_base_timept(cb, &tt, &tv); - if(gettimeofday(tv, NULL) < 0) { - log_err("gettimeofday: %s", strerror(errno)); - } - *tt = tv->tv_sec; -} - diff --git a/external/unbound/util/winsock_event.c b/external/unbound/util/winsock_event.c deleted file mode 100644 index 63d98796d..000000000 --- a/external/unbound/util/winsock_event.c +++ /dev/null @@ -1,694 +0,0 @@ -/* - * util/winsock_event.c - implementation of the unbound winsock event handler. - * - * Copyright (c) 2008, NLnet Labs. All rights reserved. - * - * This software is open source. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * Redistributions of source code must retain the above copyright notice, - * this list of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, - * this list of conditions and the following disclaimer in the documentation - * and/or other materials provided with the distribution. - * - * Neither the name of the NLNET LABS nor the names of its contributors may - * be used to endorse or promote products derived from this software without - * specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR - * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT - * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED - * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR - * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF - * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING - * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/** - * \file - * Implementation of the unbound WinSock2 API event notification handler - * for the Windows port. - */ - -#include "config.h" -#ifdef USE_WINSOCK -#include -#ifdef HAVE_TIME_H -#include -#endif -#include -#include "util/winsock_event.h" -#include "util/fptr_wlist.h" - -int mini_ev_cmp(const void* a, const void* b) -{ - const struct event *e = (const struct event*)a; - const struct event *f = (const struct event*)b; - if(e->ev_timeout.tv_sec < f->ev_timeout.tv_sec) - return -1; - if(e->ev_timeout.tv_sec > f->ev_timeout.tv_sec) - return 1; - if(e->ev_timeout.tv_usec < f->ev_timeout.tv_usec) - return -1; - if(e->ev_timeout.tv_usec > f->ev_timeout.tv_usec) - return 1; - if(e < f) - return -1; - if(e > f) - return 1; - return 0; -} - -/** set time */ -static int -settime(struct event_base* base) -{ - if(gettimeofday(base->time_tv, NULL) < 0) { - return -1; - } -#ifndef S_SPLINT_S - *base->time_secs = (time_t)base->time_tv->tv_sec; -#endif - return 0; -} - -#ifdef UNBOUND_DEBUG -/** - * Find a fd in the list of items. - * Note that not all items have a fd associated (those are -1). - * Signals are stored separately, and not searched. - * @param base: event base to look in. - * @param fd: what socket to look for. - * @return the index in the array, or -1 on failure. - */ -static int -find_fd(struct event_base* base, int fd) -{ - int i; - for(i=0; imax; i++) { - if(base->items[i]->ev_fd == fd) - return i; - } - return -1; -} -#endif - -/** Find ptr in base array */ -static void -zero_waitfor(WSAEVENT waitfor[], WSAEVENT x) -{ - int i; - for(i=0; itime_secs = time_secs; - base->time_tv = time_tv; - if(settime(base) < 0) { - event_base_free(base); - return NULL; - } - base->items = (struct event**)calloc(WSK_MAX_ITEMS, - sizeof(struct event*)); - if(!base->items) { - event_base_free(base); - return NULL; - } - base->cap = WSK_MAX_ITEMS; - base->max = 0; - base->times = rbtree_create(mini_ev_cmp); - if(!base->times) { - event_base_free(base); - return NULL; - } - base->signals = (struct event**)calloc(MAX_SIG, sizeof(struct event*)); - if(!base->signals) { - event_base_free(base); - return NULL; - } - base->tcp_stickies = 0; - base->tcp_reinvigorated = 0; - verbose(VERB_CLIENT, "winsock_event inited"); - return base; -} - -const char *event_get_version(void) -{ - return "winsock-event-"PACKAGE_VERSION; -} - -const char *event_get_method(void) -{ - return "WSAWaitForMultipleEvents"; -} - -/** call timeouts handlers, and return how long to wait for next one or -1 */ -static void handle_timeouts(struct event_base* base, struct timeval* now, - struct timeval* wait) -{ - struct event* p; -#ifndef S_SPLINT_S - wait->tv_sec = (time_t)-1; -#endif - verbose(VERB_CLIENT, "winsock_event handle_timeouts"); - - while((rbnode_type*)(p = (struct event*)rbtree_first(base->times)) - !=RBTREE_NULL) { -#ifndef S_SPLINT_S - if(p->ev_timeout.tv_sec > now->tv_sec || - (p->ev_timeout.tv_sec==now->tv_sec && - p->ev_timeout.tv_usec > now->tv_usec)) { - /* there is a next larger timeout. wait for it */ - wait->tv_sec = p->ev_timeout.tv_sec - now->tv_sec; - if(now->tv_usec > p->ev_timeout.tv_usec) { - wait->tv_sec--; - wait->tv_usec = 1000000 - (now->tv_usec - - p->ev_timeout.tv_usec); - } else { - wait->tv_usec = p->ev_timeout.tv_usec - - now->tv_usec; - } - verbose(VERB_CLIENT, "winsock_event wait=" ARG_LL "d.%6.6d", - (long long)wait->tv_sec, (int)wait->tv_usec); - return; - } -#endif - /* event times out, remove it */ - (void)rbtree_delete(base->times, p); - p->ev_events &= ~EV_TIMEOUT; - fptr_ok(fptr_whitelist_event(p->ev_callback)); - (*p->ev_callback)(p->ev_fd, EV_TIMEOUT, p->ev_arg); - } - verbose(VERB_CLIENT, "winsock_event wait=(-1)"); -} - -/** handle is_signal events and see if signalled */ -static void handle_signal(struct event* ev) -{ - DWORD ret; - log_assert(ev->is_signal && ev->hEvent); - /* see if the event is signalled */ - ret = WSAWaitForMultipleEvents(1, &ev->hEvent, 0 /* any object */, - 0 /* return immediately */, 0 /* not alertable for IOcomple*/); - if(ret == WSA_WAIT_IO_COMPLETION || ret == WSA_WAIT_FAILED) { - log_err("WSAWaitForMultipleEvents(signal) failed: %s", - wsa_strerror(WSAGetLastError())); - return; - } - if(ret == WSA_WAIT_TIMEOUT) { - /* not signalled */ - return; - } - - /* reset the signal */ - if(!WSAResetEvent(ev->hEvent)) - log_err("WSAResetEvent failed: %s", - wsa_strerror(WSAGetLastError())); - /* do the callback (which may set the signal again) */ - fptr_ok(fptr_whitelist_event(ev->ev_callback)); - (*ev->ev_callback)(ev->ev_fd, ev->ev_events, ev->ev_arg); -} - -/** call select and callbacks for that */ -static int handle_select(struct event_base* base, struct timeval* wait) -{ - DWORD timeout = 0; /* in milliseconds */ - DWORD ret; - struct event* eventlist[WSK_MAX_ITEMS]; - WSANETWORKEVENTS netev; - int i, numwait = 0, startidx = 0, was_timeout = 0; - int newstickies = 0; - struct timeval nultm; - - verbose(VERB_CLIENT, "winsock_event handle_select"); - -#ifndef S_SPLINT_S - if(wait->tv_sec==(time_t)-1) - wait = NULL; - if(wait) - timeout = wait->tv_sec*1000 + wait->tv_usec/1000; - if(base->tcp_stickies) { - wait = &nultm; - nultm.tv_sec = 0; - nultm.tv_usec = 0; - timeout = 0; /* no waiting, we have sticky events */ - } -#endif - - /* prepare event array */ - for(i=0; imax; i++) { - if(base->items[i]->ev_fd == -1 && !base->items[i]->is_signal) - continue; /* skip timer only events */ - eventlist[numwait] = base->items[i]; - base->waitfor[numwait++] = base->items[i]->hEvent; - if(numwait == WSK_MAX_ITEMS) - break; /* sanity check */ - } - log_assert(numwait <= WSA_MAXIMUM_WAIT_EVENTS); - verbose(VERB_CLIENT, "winsock_event bmax=%d numwait=%d wait=%s " - "timeout=%d", base->max, numwait, (wait?"":""), - (int)timeout); - - /* do the wait */ - if(numwait == 0) { - /* WSAWaitFor.. doesn't like 0 event objects */ - if(wait) { - Sleep(timeout); - } - was_timeout = 1; - } else { - ret = WSAWaitForMultipleEvents(numwait, base->waitfor, - 0 /* do not wait for all, just one will do */, - wait?timeout:WSA_INFINITE, - 0); /* we are not alertable (IO completion events) */ - if(ret == WSA_WAIT_IO_COMPLETION) { - log_err("WSAWaitForMultipleEvents failed: WSA_WAIT_IO_COMPLETION"); - return -1; - } else if(ret == WSA_WAIT_FAILED) { - log_err("WSAWaitForMultipleEvents failed: %s", - wsa_strerror(WSAGetLastError())); - return -1; - } else if(ret == WSA_WAIT_TIMEOUT) { - was_timeout = 1; - } else - startidx = ret - WSA_WAIT_EVENT_0; - } - verbose(VERB_CLIENT, "winsock_event wake was_timeout=%d startidx=%d", - was_timeout, startidx); - - /* get new time after wait */ - if(settime(base) < 0) - return -1; - - /* callbacks */ - if(base->tcp_stickies) - startidx = 0; /* process all events, some are sticky */ - for(i=startidx; ijust_checked = 1; - - verbose(VERB_CLIENT, "winsock_event signals"); - for(i=startidx; iwaitfor[i]) - continue; /* was deleted */ - if(eventlist[i]->is_signal) { - eventlist[i]->just_checked = 0; - handle_signal(eventlist[i]); - } - } - /* early exit - do not process network, exit quickly */ - if(base->need_to_exit) - return 0; - - verbose(VERB_CLIENT, "winsock_event net"); - for(i=startidx; iwaitfor[i]) - continue; /* was deleted */ - if(!eventlist[i]->just_checked) - continue; /* added by other callback */ - if(eventlist[i]->is_signal) - continue; /* not a network event at all */ - eventlist[i]->just_checked = 0; - - if(WSAEnumNetworkEvents(eventlist[i]->ev_fd, - base->waitfor[i], /* reset the event handle */ - /*NULL,*/ /* do not reset the event handle */ - &netev) != 0) { - log_err("WSAEnumNetworkEvents failed: %s", - wsa_strerror(WSAGetLastError())); - return -1; - } - if((netev.lNetworkEvents & FD_READ)) { - if(netev.iErrorCode[FD_READ_BIT] != 0) - verbose(VERB_ALGO, "FD_READ_BIT error: %s", - wsa_strerror(netev.iErrorCode[FD_READ_BIT])); - bits |= EV_READ; - } - if((netev.lNetworkEvents & FD_WRITE)) { - if(netev.iErrorCode[FD_WRITE_BIT] != 0) - verbose(VERB_ALGO, "FD_WRITE_BIT error: %s", - wsa_strerror(netev.iErrorCode[FD_WRITE_BIT])); - bits |= EV_WRITE; - } - if((netev.lNetworkEvents & FD_CONNECT)) { - if(netev.iErrorCode[FD_CONNECT_BIT] != 0) - verbose(VERB_ALGO, "FD_CONNECT_BIT error: %s", - wsa_strerror(netev.iErrorCode[FD_CONNECT_BIT])); - bits |= EV_READ; - bits |= EV_WRITE; - } - if((netev.lNetworkEvents & FD_ACCEPT)) { - if(netev.iErrorCode[FD_ACCEPT_BIT] != 0) - verbose(VERB_ALGO, "FD_ACCEPT_BIT error: %s", - wsa_strerror(netev.iErrorCode[FD_ACCEPT_BIT])); - bits |= EV_READ; - } - if((netev.lNetworkEvents & FD_CLOSE)) { - if(netev.iErrorCode[FD_CLOSE_BIT] != 0) - verbose(VERB_ALGO, "FD_CLOSE_BIT error: %s", - wsa_strerror(netev.iErrorCode[FD_CLOSE_BIT])); - bits |= EV_READ; - bits |= EV_WRITE; - } - if(eventlist[i]->is_tcp && eventlist[i]->stick_events) { - verbose(VERB_ALGO, "winsock %d pass sticky %s%s", - eventlist[i]->ev_fd, - (eventlist[i]->old_events&EV_READ)?"EV_READ":"", - (eventlist[i]->old_events&EV_WRITE)?"EV_WRITE":""); - bits |= eventlist[i]->old_events; - } - if(eventlist[i]->is_tcp && bits) { - eventlist[i]->old_events = bits; - eventlist[i]->stick_events = 1; - if((eventlist[i]->ev_events & bits)) { - newstickies = 1; - } - verbose(VERB_ALGO, "winsock %d store sticky %s%s", - eventlist[i]->ev_fd, - (eventlist[i]->old_events&EV_READ)?"EV_READ":"", - (eventlist[i]->old_events&EV_WRITE)?"EV_WRITE":""); - } - if((bits & eventlist[i]->ev_events)) { - verbose(VERB_ALGO, "winsock event callback %p fd=%d " - "%s%s%s%s%s ; %s%s%s", - eventlist[i], eventlist[i]->ev_fd, - (netev.lNetworkEvents&FD_READ)?" FD_READ":"", - (netev.lNetworkEvents&FD_WRITE)?" FD_WRITE":"", - (netev.lNetworkEvents&FD_CONNECT)? - " FD_CONNECT":"", - (netev.lNetworkEvents&FD_ACCEPT)? - " FD_ACCEPT":"", - (netev.lNetworkEvents&FD_CLOSE)?" FD_CLOSE":"", - (bits&EV_READ)?" EV_READ":"", - (bits&EV_WRITE)?" EV_WRITE":"", - (bits&EV_TIMEOUT)?" EV_TIMEOUT":""); - - fptr_ok(fptr_whitelist_event( - eventlist[i]->ev_callback)); - (*eventlist[i]->ev_callback)(eventlist[i]->ev_fd, - bits & eventlist[i]->ev_events, - eventlist[i]->ev_arg); - } - if(eventlist[i]->is_tcp && bits) - verbose(VERB_ALGO, "winsock %d got sticky %s%s", - eventlist[i]->ev_fd, - (eventlist[i]->old_events&EV_READ)?"EV_READ":"", - (eventlist[i]->old_events&EV_WRITE)?"EV_WRITE":""); - } - verbose(VERB_CLIENT, "winsock_event net"); - if(base->tcp_reinvigorated) { - verbose(VERB_CLIENT, "winsock_event reinvigorated"); - base->tcp_reinvigorated = 0; - newstickies = 1; - } - base->tcp_stickies = newstickies; - verbose(VERB_CLIENT, "winsock_event handle_select end"); - return 0; -} - -int event_base_dispatch(struct event_base *base) -{ - struct timeval wait; - if(settime(base) < 0) - return -1; - while(!base->need_to_exit) - { - /* see if timeouts need handling */ - handle_timeouts(base, base->time_tv, &wait); - if(base->need_to_exit) - return 0; - /* do select */ - if(handle_select(base, &wait) < 0) { - if(base->need_to_exit) - return 0; - return -1; - } - } - return 0; -} - -int event_base_loopexit(struct event_base *base, - struct timeval * ATTR_UNUSED(tv)) -{ - verbose(VERB_CLIENT, "winsock_event loopexit"); - base->need_to_exit = 1; - return 0; -} - -void event_base_free(struct event_base *base) -{ - verbose(VERB_CLIENT, "winsock_event event_base_free"); - if(!base) - return; - free(base->items); - free(base->times); - free(base->signals); - free(base); -} - -void event_set(struct event *ev, int fd, short bits, - void (*cb)(int, short, void *), void *arg) -{ - ev->node.key = ev; - ev->ev_fd = fd; - ev->ev_events = bits; - ev->ev_callback = cb; - fptr_ok(fptr_whitelist_event(ev->ev_callback)); - ev->ev_arg = arg; - ev->just_checked = 0; - ev->added = 0; -} - -int event_base_set(struct event_base *base, struct event *ev) -{ - ev->ev_base = base; - ev->old_events = 0; - ev->stick_events = 0; - ev->added = 0; - return 0; -} - -int event_add(struct event *ev, struct timeval *tv) -{ - verbose(VERB_ALGO, "event_add %p added=%d fd=%d tv=" ARG_LL "d %s%s%s", - ev, ev->added, ev->ev_fd, - (tv?(long long)tv->tv_sec*1000+(long long)tv->tv_usec/1000:-1), - (ev->ev_events&EV_READ)?" EV_READ":"", - (ev->ev_events&EV_WRITE)?" EV_WRITE":"", - (ev->ev_events&EV_TIMEOUT)?" EV_TIMEOUT":""); - if(ev->added) - event_del(ev); - log_assert(ev->ev_fd==-1 || find_fd(ev->ev_base, ev->ev_fd) == -1); - ev->is_tcp = 0; - ev->is_signal = 0; - ev->just_checked = 0; - - if((ev->ev_events&(EV_READ|EV_WRITE)) && ev->ev_fd != -1) { - BOOL b=0; - int t, l; - long events = 0; - - if(ev->ev_base->max == ev->ev_base->cap) - return -1; - ev->idx = ev->ev_base->max++; - ev->ev_base->items[ev->idx] = ev; - - if( (ev->ev_events&EV_READ) ) - events |= FD_READ; - if( (ev->ev_events&EV_WRITE) ) - events |= FD_WRITE; - l = sizeof(t); - if(getsockopt(ev->ev_fd, SOL_SOCKET, SO_TYPE, - (void*)&t, &l) != 0) - log_err("getsockopt(SO_TYPE) failed: %s", - wsa_strerror(WSAGetLastError())); - if(t == SOCK_STREAM) { - /* TCP socket */ - ev->is_tcp = 1; - events |= FD_CLOSE; - if( (ev->ev_events&EV_WRITE) ) - events |= FD_CONNECT; - l = sizeof(b); - if(getsockopt(ev->ev_fd, SOL_SOCKET, SO_ACCEPTCONN, - (void*)&b, &l) != 0) - log_err("getsockopt(SO_ACCEPTCONN) failed: %s", - wsa_strerror(WSAGetLastError())); - if(b) /* TCP accept socket */ - events |= FD_ACCEPT; - } - ev->hEvent = WSACreateEvent(); - if(ev->hEvent == WSA_INVALID_EVENT) - log_err("WSACreateEvent failed: %s", - wsa_strerror(WSAGetLastError())); - /* automatically sets fd to nonblocking mode. - * nonblocking cannot be disabled, until wsaES(fd, NULL, 0) */ - if(WSAEventSelect(ev->ev_fd, ev->hEvent, events) != 0) { - log_err("WSAEventSelect failed: %s", - wsa_strerror(WSAGetLastError())); - } - if(ev->is_tcp && ev->stick_events && - (ev->ev_events & ev->old_events)) { - /* go to processing the sticky event right away */ - ev->ev_base->tcp_reinvigorated = 1; - } - } - - if(tv && (ev->ev_events&EV_TIMEOUT)) { -#ifndef S_SPLINT_S - struct timeval *now = ev->ev_base->time_tv; - ev->ev_timeout.tv_sec = tv->tv_sec + now->tv_sec; - ev->ev_timeout.tv_usec = tv->tv_usec + now->tv_usec; - while(ev->ev_timeout.tv_usec > 1000000) { - ev->ev_timeout.tv_usec -= 1000000; - ev->ev_timeout.tv_sec++; - } -#endif - (void)rbtree_insert(ev->ev_base->times, &ev->node); - } - ev->added = 1; - return 0; -} - -int event_del(struct event *ev) -{ - verbose(VERB_ALGO, "event_del %p added=%d fd=%d tv=" ARG_LL "d %s%s%s", - ev, ev->added, ev->ev_fd, - (ev->ev_events&EV_TIMEOUT)?(long long)ev->ev_timeout.tv_sec*1000+ - (long long)ev->ev_timeout.tv_usec/1000:-1, - (ev->ev_events&EV_READ)?" EV_READ":"", - (ev->ev_events&EV_WRITE)?" EV_WRITE":"", - (ev->ev_events&EV_TIMEOUT)?" EV_TIMEOUT":""); - if(!ev->added) - return 0; - log_assert(ev->added); - if((ev->ev_events&EV_TIMEOUT)) - (void)rbtree_delete(ev->ev_base->times, &ev->node); - if((ev->ev_events&(EV_READ|EV_WRITE)) && ev->ev_fd != -1) { - log_assert(ev->ev_base->max > 0); - /* remove item and compact the list */ - ev->ev_base->items[ev->idx] = - ev->ev_base->items[ev->ev_base->max-1]; - ev->ev_base->items[ev->ev_base->max-1] = NULL; - ev->ev_base->max--; - if(ev->idx < ev->ev_base->max) - ev->ev_base->items[ev->idx]->idx = ev->idx; - zero_waitfor(ev->ev_base->waitfor, ev->hEvent); - - if(WSAEventSelect(ev->ev_fd, ev->hEvent, 0) != 0) - log_err("WSAEventSelect(disable) failed: %s", - wsa_strerror(WSAGetLastError())); - if(!WSACloseEvent(ev->hEvent)) - log_err("WSACloseEvent failed: %s", - wsa_strerror(WSAGetLastError())); - } - ev->just_checked = 0; - ev->added = 0; - return 0; -} - -/** which base gets to handle signals */ -static struct event_base* signal_base = NULL; -/** signal handler */ -static RETSIGTYPE sigh(int sig) -{ - struct event* ev; - if(!signal_base || sig < 0 || sig >= MAX_SIG) - return; - ev = signal_base->signals[sig]; - if(!ev) - return; - fptr_ok(fptr_whitelist_event(ev->ev_callback)); - (*ev->ev_callback)(sig, EV_SIGNAL, ev->ev_arg); -} - -int signal_add(struct event *ev, struct timeval * ATTR_UNUSED(tv)) -{ - if(ev->ev_fd == -1 || ev->ev_fd >= MAX_SIG) - return -1; - signal_base = ev->ev_base; - ev->ev_base->signals[ev->ev_fd] = ev; - ev->added = 1; - if(signal(ev->ev_fd, sigh) == SIG_ERR) { - return -1; - } - return 0; -} - -int signal_del(struct event *ev) -{ - if(ev->ev_fd == -1 || ev->ev_fd >= MAX_SIG) - return -1; - ev->ev_base->signals[ev->ev_fd] = NULL; - ev->added = 0; - return 0; -} - -void winsock_tcp_wouldblock(struct event* ev, int eventbits) -{ - verbose(VERB_ALGO, "winsock: tcp wouldblock %s", - eventbits==EV_READ?"EV_READ":"EV_WRITE"); - ev->old_events &= (~eventbits); - if(ev->old_events == 0) - ev->stick_events = 0; - /* in case this is the last sticky event, we could - * possibly run an empty handler loop to reset the base - * tcp_stickies variable - */ -} - -int winsock_register_wsaevent(struct event_base* base, struct event* ev, - WSAEVENT wsaevent, void (*cb)(int, short, void*), void* arg) -{ - if(base->max == base->cap) - return 0; - memset(ev, 0, sizeof(*ev)); - ev->ev_fd = -1; - ev->ev_events = EV_READ; - ev->ev_callback = cb; - ev->ev_arg = arg; - ev->is_signal = 1; - ev->hEvent = wsaevent; - ev->added = 1; - ev->ev_base = base; - ev->idx = ev->ev_base->max++; - ev->ev_base->items[ev->idx] = ev; - return 1; -} - -void winsock_unregister_wsaevent(struct event* ev) -{ - if(!ev || !ev->added) return; - log_assert(ev->added && ev->ev_base->max > 0) - /* remove item and compact the list */ - ev->ev_base->items[ev->idx] = ev->ev_base->items[ev->ev_base->max-1]; - ev->ev_base->items[ev->ev_base->max-1] = NULL; - ev->ev_base->max--; - if(ev->idx < ev->ev_base->max) - ev->ev_base->items[ev->idx]->idx = ev->idx; - ev->added = 0; -} - -#else /* USE_WINSOCK */ -/** symbol so this codefile defines symbols. pleasing ranlib on OSX 10.5 */ -int winsock_unused_symbol = 1; -#endif /* USE_WINSOCK */ diff --git a/external/unbound/util/winsock_event.h b/external/unbound/util/winsock_event.h deleted file mode 100644 index d6dafac8c..000000000 --- a/external/unbound/util/winsock_event.h +++ /dev/null @@ -1,279 +0,0 @@ -/* - * util/winsock_event.h - unbound event handling for winsock on windows - * - * Copyright (c) 2008, NLnet Labs. All rights reserved. - * - * This software is open source. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * Redistributions of source code must retain the above copyright notice, - * this list of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, - * this list of conditions and the following disclaimer in the documentation - * and/or other materials provided with the distribution. - * - * Neither the name of the NLNET LABS nor the names of its contributors may - * be used to endorse or promote products derived from this software without - * specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR - * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT - * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED - * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR - * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF - * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING - * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -/** - * \file - * - * This file contains interface functions with the WinSock2 API on Windows. - * It uses the winsock WSAWaitForMultipleEvents interface on a number of - * sockets. - * - * Note that windows can only wait for max 64 events at one time. - * - * Also, file descriptors cannot be waited for. - * - * Named pipes are not easily available (and are not usable in select() ). - * For interprocess communication, it is possible to wait for a hEvent to - * be signaled by another thread. - * - * When a socket becomes readable, then it will not be flagged as - * readable again until you have gotten WOULDBLOCK from a recv routine. - * That means the event handler must store the readability (edge notify) - * and process the incoming data until it blocks. - * The function performing recv then has to inform the event handler that - * the socket has blocked, and the event handler can mark it as such. - * Thus, this file transforms the edge notify from windows to a level notify - * that is compatible with UNIX. - * The WSAEventSelect page says that it does do level notify, as long - * as you call a recv/write/accept at least once when it is signalled. - * This last bit is not true, even though documented in server2008 api docs - * from microsoft, it does not happen at all. Instead you have to test for - * WSAEWOULDBLOCK on a tcp stream, and only then retest the socket. - * And before that remember the previous result as still valid. - * - * To stay 'fair', instead of emptying a socket completely, the event handler - * can test the other (marked as blocking) sockets for new events. - * - * Additionally, TCP accept sockets get special event support. - * - * Socket numbers are not starting small, they can be any number (say 33060). - * Therefore, bitmaps are not used, but arrays. - * - * on winsock, you must use recv() and send() for TCP reads and writes, - * not read() and write(), those work only on files. - * - * Also fseek and fseeko do not work if a FILE is not fopen-ed in binary mode. - * - * When under a high load windows gives out lots of errors, from recvfrom - * on udp sockets for example (WSAECONNRESET). Even though the udp socket - * has no connection per se. - */ - -#ifndef UTIL_WINSOCK_EVENT_H -#define UTIL_WINSOCK_EVENT_H - -#ifdef USE_WINSOCK - -#ifndef HAVE_EVENT_BASE_FREE -#define HAVE_EVENT_BASE_FREE -#endif - -/* redefine the calls to different names so that there is no name - * collision with other code that uses libevent names. (that uses libunbound)*/ -#define event_init winsockevent_init -#define event_get_version winsockevent_get_version -#define event_get_method winsockevent_get_method -#define event_base_dispatch winsockevent_base_dispatch -#define event_base_loopexit winsockevent_base_loopexit -#define event_base_free winsockevent_base_free -#define event_set winsockevent_set -#define event_base_set winsockevent_base_set -#define event_add winsockevent_add -#define event_del winsockevent_del -#define signal_add winsocksignal_add -#define signal_del winsocksignal_del - -/** event timeout */ -#define EV_TIMEOUT 0x01 -/** event fd readable */ -#define EV_READ 0x02 -/** event fd writable */ -#define EV_WRITE 0x04 -/** event signal */ -#define EV_SIGNAL 0x08 -/** event must persist */ -#define EV_PERSIST 0x10 - -/* needs our redblack tree */ -#include "rbtree.h" - -/** max number of signals to support */ -#define MAX_SIG 32 - -/** The number of items that the winsock event handler can service. - * Windows cannot handle more anyway */ -#define WSK_MAX_ITEMS 64 - -/** - * event base for winsock event handler - */ -struct event_base -{ - /** sorted by timeout (absolute), ptr */ - rbtree_type* times; - /** array (first part in use) of handles to work on */ - struct event** items; - /** number of items in use in array */ - int max; - /** capacity of array, size of array in items */ - int cap; - /** array of 0 - maxsig of ptr to event for it */ - struct event** signals; - /** if we need to exit */ - int need_to_exit; - /** where to store time in seconds */ - time_t* time_secs; - /** where to store time in microseconds */ - struct timeval* time_tv; - /** - * TCP streams have sticky events to them, these are not - * reported by the windows event system anymore, we have to - * keep reporting those events as present until wouldblock() is - * signalled by the handler back to use. - */ - int tcp_stickies; - /** - * should next cycle process reinvigorated stickies, - * these are stickies that have been stored, but due to a new - * event_add a sudden interest in the event has incepted. - */ - int tcp_reinvigorated; - /** The list of events that is currently being processed. */ - WSAEVENT waitfor[WSK_MAX_ITEMS]; -}; - -/** - * Event structure. Has some of the event elements. - */ -struct event { - /** node in timeout rbtree */ - rbnode_type node; - /** is event already added */ - int added; - - /** event base it belongs to */ - struct event_base *ev_base; - /** fd to poll or -1 for timeouts. signal number for sigs. */ - int ev_fd; - /** what events this event is interested in, see EV_.. above. */ - short ev_events; - /** timeout value */ - struct timeval ev_timeout; - - /** callback to call: fd, eventbits, userarg */ - void (*ev_callback)(int, short, void *); - /** callback user arg */ - void *ev_arg; - - /* ----- nonpublic part, for winsock_event only ----- */ - /** index of this event in the items array (if added) */ - int idx; - /** the event handle to wait for new events to become ready */ - WSAEVENT hEvent; - /** true if this filedes is a TCP socket and needs special attention */ - int is_tcp; - /** remembered EV_ values */ - short old_events; - /** should remembered EV_ values be used for TCP streams. - * Reset after WOULDBLOCK is signaled using the function. */ - int stick_events; - - /** true if this event is a signaling WSAEvent by the user. - * User created and user closed WSAEvent. Only signaled/unsignaled, - * no read/write/distinctions needed. */ - int is_signal; - /** used during callbacks to see which events were just checked */ - int just_checked; -}; - -/** create event base */ -void *event_init(time_t* time_secs, struct timeval* time_tv); -/** get version */ -const char *event_get_version(void); -/** get polling method (select,epoll) */ -const char *event_get_method(void); -/** run select in a loop */ -int event_base_dispatch(struct event_base *); -/** exit that loop */ -int event_base_loopexit(struct event_base *, struct timeval *); -/** free event base. Free events yourself */ -void event_base_free(struct event_base *); -/** set content of event */ -void event_set(struct event *, int, short, void (*)(int, short, void *), void *); - -/** add event to a base. You *must* call this for every event. */ -int event_base_set(struct event_base *, struct event *); -/** add event to make it active. You may not change it with event_set anymore */ -int event_add(struct event *, struct timeval *); -/** remove event. You may change it again */ -int event_del(struct event *); - -#define evtimer_add(ev, tv) event_add(ev, tv) -#define evtimer_del(ev) event_del(ev) - -/* uses different implementation. Cannot mix fd/timeouts and signals inside - * the same struct event. create several event structs for that. */ -/** install signal handler */ -int signal_add(struct event *, struct timeval *); -/** set signal event contents */ -#define signal_set(ev, x, cb, arg) \ - event_set(ev, x, EV_SIGNAL|EV_PERSIST, cb, arg) -/** remove signal handler */ -int signal_del(struct event *); - -/** compare events in tree, based on timevalue, ptr for uniqueness */ -int mini_ev_cmp(const void* a, const void* b); - -/** - * Routine for windows only, where the handling layer can signal that - * a TCP stream encountered WSAEWOULDBLOCK for a stream and thus needs - * retesting the event. - * Pass if EV_READ or EV_WRITE gave wouldblock. - */ -void winsock_tcp_wouldblock(struct event* ev, int eventbit); - -/** - * Routine for windows only. where you pass a signal WSAEvent that - * you wait for. When the event is signaled, the callback gets called. - * The callback has to WSAResetEvent to disable the signal. - * @param base: the event base. - * @param ev: the event structure for data storage - * can be passed uninitialised. - * @param wsaevent: the WSAEvent that gets signaled. - * @param cb: callback routine. - * @param arg: user argument to callback routine. - * @return false on error. - */ -int winsock_register_wsaevent(struct event_base* base, struct event* ev, - WSAEVENT wsaevent, void (*cb)(int, short, void*), void* arg); - -/** - * Unregister a wsaevent. User has to close the WSAEVENT itself. - * @param ev: event data storage. - */ -void winsock_unregister_wsaevent(struct event* ev); - -#endif /* USE_WINSOCK */ -#endif /* UTIL_WINSOCK_EVENT_H */ diff --git a/external/unbound/validator/autotrust.c b/external/unbound/validator/autotrust.c deleted file mode 100644 index a533733c7..000000000 --- a/external/unbound/validator/autotrust.c +++ /dev/null @@ -1,2416 +0,0 @@ -/* - * validator/autotrust.c - RFC5011 trust anchor management for unbound. - * - * Copyright (c) 2009, NLnet Labs. All rights reserved. - * - * This software is open source. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * Redistributions of source code must retain the above copyright notice, - * this list of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, - * this list of conditions and the following disclaimer in the documentation - * and/or other materials provided with the distribution. - * - * Neither the name of the NLNET LABS nor the names of its contributors may - * be used to endorse or promote products derived from this software without - * specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR - * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT - * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED - * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR - * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF - * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING - * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -/** - * \file - * - * Contains autotrust implementation. The implementation was taken from - * the autotrust daemon (BSD licensed), written by Matthijs Mekking. - * It was modified to fit into unbound. The state table process is the same. - */ -#include "config.h" -#include "validator/autotrust.h" -#include "validator/val_anchor.h" -#include "validator/val_utils.h" -#include "validator/val_sigcrypt.h" -#include "util/data/dname.h" -#include "util/data/packed_rrset.h" -#include "util/log.h" -#include "util/module.h" -#include "util/net_help.h" -#include "util/config_file.h" -#include "util/regional.h" -#include "util/random.h" -#include "util/data/msgparse.h" -#include "services/mesh.h" -#include "services/cache/rrset.h" -#include "validator/val_kcache.h" -#include "sldns/sbuffer.h" -#include "sldns/wire2str.h" -#include "sldns/str2wire.h" -#include "sldns/keyraw.h" -#include "sldns/rrdef.h" -#include -#include - -/** number of times a key must be seen before it can become valid */ -#define MIN_PENDINGCOUNT 2 - -/** Event: Revoked */ -static void do_revoked(struct module_env* env, struct autr_ta* anchor, int* c); - -struct autr_global_data* autr_global_create(void) -{ - struct autr_global_data* global; - global = (struct autr_global_data*)malloc(sizeof(*global)); - if(!global) - return NULL; - rbtree_init(&global->probe, &probetree_cmp); - return global; -} - -void autr_global_delete(struct autr_global_data* global) -{ - if(!global) - return; - /* elements deleted by parent */ - memset(global, 0, sizeof(*global)); - free(global); -} - -int probetree_cmp(const void* x, const void* y) -{ - struct trust_anchor* a = (struct trust_anchor*)x; - struct trust_anchor* b = (struct trust_anchor*)y; - log_assert(a->autr && b->autr); - if(a->autr->next_probe_time < b->autr->next_probe_time) - return -1; - if(a->autr->next_probe_time > b->autr->next_probe_time) - return 1; - /* time is equal, sort on trust point identity */ - return anchor_cmp(x, y); -} - -size_t -autr_get_num_anchors(struct val_anchors* anchors) -{ - size_t res = 0; - if(!anchors) - return 0; - lock_basic_lock(&anchors->lock); - if(anchors->autr) - res = anchors->autr->probe.count; - lock_basic_unlock(&anchors->lock); - return res; -} - -/** Position in string */ -static int -position_in_string(char *str, const char* sub) -{ - char* pos = strstr(str, sub); - if(pos) - return (int)(pos-str)+(int)strlen(sub); - return -1; -} - -/** Debug routine to print pretty key information */ -static void -verbose_key(struct autr_ta* ta, enum verbosity_value level, - const char* format, ...) ATTR_FORMAT(printf, 3, 4); - -/** - * Implementation of debug pretty key print - * @param ta: trust anchor key with DNSKEY data. - * @param level: verbosity level to print at. - * @param format: printf style format string. - */ -static void -verbose_key(struct autr_ta* ta, enum verbosity_value level, - const char* format, ...) -{ - va_list args; - va_start(args, format); - if(verbosity >= level) { - char* str = sldns_wire2str_dname(ta->rr, ta->dname_len); - int keytag = (int)sldns_calc_keytag_raw(sldns_wirerr_get_rdata( - ta->rr, ta->rr_len, ta->dname_len), - sldns_wirerr_get_rdatalen(ta->rr, ta->rr_len, - ta->dname_len)); - char msg[MAXSYSLOGMSGLEN]; - vsnprintf(msg, sizeof(msg), format, args); - verbose(level, "%s key %d %s", str?str:"??", keytag, msg); - free(str); - } - va_end(args); -} - -/** - * Parse comments - * @param str: to parse - * @param ta: trust key autotrust metadata - * @return false on failure. - */ -static int -parse_comments(char* str, struct autr_ta* ta) -{ - int len = (int)strlen(str), pos = 0, timestamp = 0; - char* comment = (char*) malloc(sizeof(char)*len+1); - char* comments = comment; - if(!comment) { - log_err("malloc failure in parse"); - return 0; - } - /* skip over whitespace and data at start of line */ - while (*str != '\0' && *str != ';') - str++; - if (*str == ';') - str++; - /* copy comments */ - while (*str != '\0') - { - *comments = *str; - comments++; - str++; - } - *comments = '\0'; - - comments = comment; - - /* read state */ - pos = position_in_string(comments, "state="); - if (pos >= (int) strlen(comments)) - { - log_err("parse error"); - free(comment); - return 0; - } - if (pos <= 0) - ta->s = AUTR_STATE_VALID; - else - { - int s = (int) comments[pos] - '0'; - switch(s) - { - case AUTR_STATE_START: - case AUTR_STATE_ADDPEND: - case AUTR_STATE_VALID: - case AUTR_STATE_MISSING: - case AUTR_STATE_REVOKED: - case AUTR_STATE_REMOVED: - ta->s = s; - break; - default: - verbose_key(ta, VERB_OPS, "has undefined " - "state, considered NewKey"); - ta->s = AUTR_STATE_START; - break; - } - } - /* read pending count */ - pos = position_in_string(comments, "count="); - if (pos >= (int) strlen(comments)) - { - log_err("parse error"); - free(comment); - return 0; - } - if (pos <= 0) - ta->pending_count = 0; - else - { - comments += pos; - ta->pending_count = (uint8_t)atoi(comments); - } - - /* read last change */ - pos = position_in_string(comments, "lastchange="); - if (pos >= (int) strlen(comments)) - { - log_err("parse error"); - free(comment); - return 0; - } - if (pos >= 0) - { - comments += pos; - timestamp = atoi(comments); - } - if (pos < 0 || !timestamp) - ta->last_change = 0; - else - ta->last_change = (time_t)timestamp; - - free(comment); - return 1; -} - -/** Check if a line contains data (besides comments) */ -static int -str_contains_data(char* str, char comment) -{ - while (*str != '\0') { - if (*str == comment || *str == '\n') - return 0; - if (*str != ' ' && *str != '\t') - return 1; - str++; - } - return 0; -} - -/** Get DNSKEY flags - * rdata without rdatalen in front of it. */ -static int -dnskey_flags(uint16_t t, uint8_t* rdata, size_t len) -{ - uint16_t f; - if(t != LDNS_RR_TYPE_DNSKEY) - return 0; - if(len < 2) - return 0; - memmove(&f, rdata, 2); - f = ntohs(f); - return (int)f; -} - -/** Check if KSK DNSKEY. - * pass rdata without rdatalen in front of it */ -static int -rr_is_dnskey_sep(uint16_t t, uint8_t* rdata, size_t len) -{ - return (dnskey_flags(t, rdata, len)&DNSKEY_BIT_SEP); -} - -/** Check if TA is KSK DNSKEY */ -static int -ta_is_dnskey_sep(struct autr_ta* ta) -{ - return (dnskey_flags( - sldns_wirerr_get_type(ta->rr, ta->rr_len, ta->dname_len), - sldns_wirerr_get_rdata(ta->rr, ta->rr_len, ta->dname_len), - sldns_wirerr_get_rdatalen(ta->rr, ta->rr_len, ta->dname_len) - ) & DNSKEY_BIT_SEP); -} - -/** Check if REVOKED DNSKEY - * pass rdata without rdatalen in front of it */ -static int -rr_is_dnskey_revoked(uint16_t t, uint8_t* rdata, size_t len) -{ - return (dnskey_flags(t, rdata, len)&LDNS_KEY_REVOKE_KEY); -} - -/** create ta */ -static struct autr_ta* -autr_ta_create(uint8_t* rr, size_t rr_len, size_t dname_len) -{ - struct autr_ta* ta = (struct autr_ta*)calloc(1, sizeof(*ta)); - if(!ta) { - free(rr); - return NULL; - } - ta->rr = rr; - ta->rr_len = rr_len; - ta->dname_len = dname_len; - return ta; -} - -/** create tp */ -static struct trust_anchor* -autr_tp_create(struct val_anchors* anchors, uint8_t* own, size_t own_len, - uint16_t dc) -{ - struct trust_anchor* tp = (struct trust_anchor*)calloc(1, sizeof(*tp)); - if(!tp) return NULL; - tp->name = memdup(own, own_len); - if(!tp->name) { - free(tp); - return NULL; - } - tp->namelen = own_len; - tp->namelabs = dname_count_labels(tp->name); - tp->node.key = tp; - tp->dclass = dc; - tp->autr = (struct autr_point_data*)calloc(1, sizeof(*tp->autr)); - if(!tp->autr) { - free(tp->name); - free(tp); - return NULL; - } - tp->autr->pnode.key = tp; - - lock_basic_lock(&anchors->lock); - if(!rbtree_insert(anchors->tree, &tp->node)) { - lock_basic_unlock(&anchors->lock); - log_err("trust anchor presented twice"); - free(tp->name); - free(tp->autr); - free(tp); - return NULL; - } - if(!rbtree_insert(&anchors->autr->probe, &tp->autr->pnode)) { - (void)rbtree_delete(anchors->tree, tp); - lock_basic_unlock(&anchors->lock); - log_err("trust anchor in probetree twice"); - free(tp->name); - free(tp->autr); - free(tp); - return NULL; - } - lock_basic_unlock(&anchors->lock); - lock_basic_init(&tp->lock); - lock_protect(&tp->lock, tp, sizeof(*tp)); - lock_protect(&tp->lock, tp->autr, sizeof(*tp->autr)); - return tp; -} - -/** delete assembled rrsets */ -static void -autr_rrset_delete(struct ub_packed_rrset_key* r) -{ - if(r) { - free(r->rk.dname); - free(r->entry.data); - free(r); - } -} - -void autr_point_delete(struct trust_anchor* tp) -{ - if(!tp) - return; - lock_unprotect(&tp->lock, tp); - lock_unprotect(&tp->lock, tp->autr); - lock_basic_destroy(&tp->lock); - autr_rrset_delete(tp->ds_rrset); - autr_rrset_delete(tp->dnskey_rrset); - if(tp->autr) { - struct autr_ta* p = tp->autr->keys, *np; - while(p) { - np = p->next; - free(p->rr); - free(p); - p = np; - } - free(tp->autr->file); - free(tp->autr); - } - free(tp->name); - free(tp); -} - -/** find or add a new trust point for autotrust */ -static struct trust_anchor* -find_add_tp(struct val_anchors* anchors, uint8_t* rr, size_t rr_len, - size_t dname_len) -{ - struct trust_anchor* tp; - tp = anchor_find(anchors, rr, dname_count_labels(rr), dname_len, - sldns_wirerr_get_class(rr, rr_len, dname_len)); - if(tp) { - if(!tp->autr) { - log_err("anchor cannot be with and without autotrust"); - lock_basic_unlock(&tp->lock); - return NULL; - } - return tp; - } - tp = autr_tp_create(anchors, rr, dname_len, sldns_wirerr_get_class(rr, - rr_len, dname_len)); - if(!tp) - return NULL; - lock_basic_lock(&tp->lock); - return tp; -} - -/** Add trust anchor from RR */ -static struct autr_ta* -add_trustanchor_frm_rr(struct val_anchors* anchors, uint8_t* rr, size_t rr_len, - size_t dname_len, struct trust_anchor** tp) -{ - struct autr_ta* ta = autr_ta_create(rr, rr_len, dname_len); - if(!ta) - return NULL; - *tp = find_add_tp(anchors, rr, rr_len, dname_len); - if(!*tp) { - free(ta->rr); - free(ta); - return NULL; - } - /* add ta to tp */ - ta->next = (*tp)->autr->keys; - (*tp)->autr->keys = ta; - lock_basic_unlock(&(*tp)->lock); - return ta; -} - -/** - * Add new trust anchor from a string in file. - * @param anchors: all anchors - * @param str: string with anchor and comments, if any comments. - * @param tp: trust point returned. - * @param origin: what to use for @ - * @param origin_len: length of origin - * @param prev: previous rr name - * @param prev_len: length of prev - * @param skip: if true, the result is NULL, but not an error, skip it. - * @return new key in trust point. - */ -static struct autr_ta* -add_trustanchor_frm_str(struct val_anchors* anchors, char* str, - struct trust_anchor** tp, uint8_t* origin, size_t origin_len, - uint8_t** prev, size_t* prev_len, int* skip) -{ - uint8_t rr[LDNS_RR_BUF_SIZE]; - size_t rr_len = sizeof(rr), dname_len; - uint8_t* drr; - int lstatus; - if (!str_contains_data(str, ';')) { - *skip = 1; - return NULL; /* empty line */ - } - if(0 != (lstatus = sldns_str2wire_rr_buf(str, rr, &rr_len, &dname_len, - 0, origin, origin_len, *prev, *prev_len))) - { - log_err("ldns error while converting string to RR at%d: %s: %s", - LDNS_WIREPARSE_OFFSET(lstatus), - sldns_get_errorstr_parse(lstatus), str); - return NULL; - } - free(*prev); - *prev = memdup(rr, dname_len); - *prev_len = dname_len; - if(!*prev) { - log_err("malloc failure in add_trustanchor"); - return NULL; - } - if(sldns_wirerr_get_type(rr, rr_len, dname_len)!=LDNS_RR_TYPE_DNSKEY && - sldns_wirerr_get_type(rr, rr_len, dname_len)!=LDNS_RR_TYPE_DS) { - *skip = 1; - return NULL; /* only DS and DNSKEY allowed */ - } - drr = memdup(rr, rr_len); - if(!drr) { - log_err("malloc failure in add trustanchor"); - return NULL; - } - return add_trustanchor_frm_rr(anchors, drr, rr_len, dname_len, tp); -} - -/** - * Load single anchor - * @param anchors: all points. - * @param str: comments line - * @param fname: filename - * @param origin: the $ORIGIN. - * @param origin_len: length of origin - * @param prev: passed to ldns. - * @param prev_len: length of prev - * @param skip: if true, the result is NULL, but not an error, skip it. - * @return false on failure, otherwise the tp read. - */ -static struct trust_anchor* -load_trustanchor(struct val_anchors* anchors, char* str, const char* fname, - uint8_t* origin, size_t origin_len, uint8_t** prev, size_t* prev_len, - int* skip) -{ - struct autr_ta* ta = NULL; - struct trust_anchor* tp = NULL; - - ta = add_trustanchor_frm_str(anchors, str, &tp, origin, origin_len, - prev, prev_len, skip); - if(!ta) - return NULL; - lock_basic_lock(&tp->lock); - if(!parse_comments(str, ta)) { - lock_basic_unlock(&tp->lock); - return NULL; - } - if(!tp->autr->file) { - tp->autr->file = strdup(fname); - if(!tp->autr->file) { - lock_basic_unlock(&tp->lock); - log_err("malloc failure"); - return NULL; - } - } - lock_basic_unlock(&tp->lock); - return tp; -} - -/** iterator for DSes from keylist. return true if a next element exists */ -static int -assemble_iterate_ds(struct autr_ta** list, uint8_t** rr, size_t* rr_len, - size_t* dname_len) -{ - while(*list) { - if(sldns_wirerr_get_type((*list)->rr, (*list)->rr_len, - (*list)->dname_len) == LDNS_RR_TYPE_DS) { - *rr = (*list)->rr; - *rr_len = (*list)->rr_len; - *dname_len = (*list)->dname_len; - *list = (*list)->next; - return 1; - } - *list = (*list)->next; - } - return 0; -} - -/** iterator for DNSKEYs from keylist. return true if a next element exists */ -static int -assemble_iterate_dnskey(struct autr_ta** list, uint8_t** rr, size_t* rr_len, - size_t* dname_len) -{ - while(*list) { - if(sldns_wirerr_get_type((*list)->rr, (*list)->rr_len, - (*list)->dname_len) != LDNS_RR_TYPE_DS && - ((*list)->s == AUTR_STATE_VALID || - (*list)->s == AUTR_STATE_MISSING)) { - *rr = (*list)->rr; - *rr_len = (*list)->rr_len; - *dname_len = (*list)->dname_len; - *list = (*list)->next; - return 1; - } - *list = (*list)->next; - } - return 0; -} - -/** see if iterator-list has any elements in it, or it is empty */ -static int -assemble_iterate_hasfirst(int iter(struct autr_ta**, uint8_t**, size_t*, - size_t*), struct autr_ta* list) -{ - uint8_t* rr = NULL; - size_t rr_len = 0, dname_len = 0; - return iter(&list, &rr, &rr_len, &dname_len); -} - -/** number of elements in iterator list */ -static size_t -assemble_iterate_count(int iter(struct autr_ta**, uint8_t**, size_t*, - size_t*), struct autr_ta* list) -{ - uint8_t* rr = NULL; - size_t i = 0, rr_len = 0, dname_len = 0; - while(iter(&list, &rr, &rr_len, &dname_len)) { - i++; - } - return i; -} - -/** - * Create a ub_packed_rrset_key allocated on the heap. - * It therefore does not have the correct ID value, and cannot be used - * inside the cache. It can be used in storage outside of the cache. - * Keys for the cache have to be obtained from alloc.h . - * @param iter: iterator over the elements in the list. It filters elements. - * @param list: the list. - * @return key allocated or NULL on failure. - */ -static struct ub_packed_rrset_key* -ub_packed_rrset_heap_key(int iter(struct autr_ta**, uint8_t**, size_t*, - size_t*), struct autr_ta* list) -{ - uint8_t* rr = NULL; - size_t rr_len = 0, dname_len = 0; - struct ub_packed_rrset_key* k; - if(!iter(&list, &rr, &rr_len, &dname_len)) - return NULL; - k = (struct ub_packed_rrset_key*)calloc(1, sizeof(*k)); - if(!k) - return NULL; - k->rk.type = htons(sldns_wirerr_get_type(rr, rr_len, dname_len)); - k->rk.rrset_class = htons(sldns_wirerr_get_class(rr, rr_len, dname_len)); - k->rk.dname_len = dname_len; - k->rk.dname = memdup(rr, dname_len); - if(!k->rk.dname) { - free(k); - return NULL; - } - return k; -} - -/** - * Create packed_rrset data on the heap. - * @param iter: iterator over the elements in the list. It filters elements. - * @param list: the list. - * @return data allocated or NULL on failure. - */ -static struct packed_rrset_data* -packed_rrset_heap_data(int iter(struct autr_ta**, uint8_t**, size_t*, - size_t*), struct autr_ta* list) -{ - uint8_t* rr = NULL; - size_t rr_len = 0, dname_len = 0; - struct packed_rrset_data* data; - size_t count=0, rrsig_count=0, len=0, i, total; - uint8_t* nextrdata; - struct autr_ta* list_i; - time_t ttl = 0; - - list_i = list; - while(iter(&list_i, &rr, &rr_len, &dname_len)) { - if(sldns_wirerr_get_type(rr, rr_len, dname_len) == - LDNS_RR_TYPE_RRSIG) - rrsig_count++; - else count++; - /* sizeof the rdlength + rdatalen */ - len += 2 + sldns_wirerr_get_rdatalen(rr, rr_len, dname_len); - ttl = (time_t)sldns_wirerr_get_ttl(rr, rr_len, dname_len); - } - if(count == 0 && rrsig_count == 0) - return NULL; - - /* allocate */ - total = count + rrsig_count; - len += sizeof(*data) + total*(sizeof(size_t) + sizeof(time_t) + - sizeof(uint8_t*)); - data = (struct packed_rrset_data*)calloc(1, len); - if(!data) - return NULL; - - /* fill it */ - data->ttl = ttl; - data->count = count; - data->rrsig_count = rrsig_count; - data->rr_len = (size_t*)((uint8_t*)data + - sizeof(struct packed_rrset_data)); - data->rr_data = (uint8_t**)&(data->rr_len[total]); - data->rr_ttl = (time_t*)&(data->rr_data[total]); - nextrdata = (uint8_t*)&(data->rr_ttl[total]); - - /* fill out len, ttl, fields */ - list_i = list; - i = 0; - while(iter(&list_i, &rr, &rr_len, &dname_len)) { - data->rr_ttl[i] = (time_t)sldns_wirerr_get_ttl(rr, rr_len, - dname_len); - if(data->rr_ttl[i] < data->ttl) - data->ttl = data->rr_ttl[i]; - data->rr_len[i] = 2 /* the rdlength */ + - sldns_wirerr_get_rdatalen(rr, rr_len, dname_len); - i++; - } - - /* fixup rest of ptrs */ - for(i=0; irr_data[i] = nextrdata; - nextrdata += data->rr_len[i]; - } - - /* copy data in there */ - list_i = list; - i = 0; - while(iter(&list_i, &rr, &rr_len, &dname_len)) { - memmove(data->rr_data[i], - sldns_wirerr_get_rdatawl(rr, rr_len, dname_len), - data->rr_len[i]); - i++; - } - - if(data->rrsig_count && data->count == 0) { - data->count = data->rrsig_count; /* rrset type is RRSIG */ - data->rrsig_count = 0; - } - return data; -} - -/** - * Assemble the trust anchors into DS and DNSKEY packed rrsets. - * Uses only VALID and MISSING DNSKEYs. - * Read the sldns_rrs and builds packed rrsets - * @param tp: the trust point. Must be locked. - * @return false on malloc failure. - */ -static int -autr_assemble(struct trust_anchor* tp) -{ - struct ub_packed_rrset_key* ubds=NULL, *ubdnskey=NULL; - - /* make packed rrset keys - malloced with no ID number, they - * are not in the cache */ - /* make packed rrset data (if there is a key) */ - if(assemble_iterate_hasfirst(assemble_iterate_ds, tp->autr->keys)) { - ubds = ub_packed_rrset_heap_key( - assemble_iterate_ds, tp->autr->keys); - if(!ubds) - goto error_cleanup; - ubds->entry.data = packed_rrset_heap_data( - assemble_iterate_ds, tp->autr->keys); - if(!ubds->entry.data) - goto error_cleanup; - } - - /* make packed DNSKEY data */ - if(assemble_iterate_hasfirst(assemble_iterate_dnskey, tp->autr->keys)) { - ubdnskey = ub_packed_rrset_heap_key( - assemble_iterate_dnskey, tp->autr->keys); - if(!ubdnskey) - goto error_cleanup; - ubdnskey->entry.data = packed_rrset_heap_data( - assemble_iterate_dnskey, tp->autr->keys); - if(!ubdnskey->entry.data) { - error_cleanup: - autr_rrset_delete(ubds); - autr_rrset_delete(ubdnskey); - return 0; - } - } - - /* we have prepared the new keys so nothing can go wrong any more. - * And we are sure we cannot be left without trustanchor after - * any errors. Put in the new keys and remove old ones. */ - - /* free the old data */ - autr_rrset_delete(tp->ds_rrset); - autr_rrset_delete(tp->dnskey_rrset); - - /* assign the data to replace the old */ - tp->ds_rrset = ubds; - tp->dnskey_rrset = ubdnskey; - tp->numDS = assemble_iterate_count(assemble_iterate_ds, - tp->autr->keys); - tp->numDNSKEY = assemble_iterate_count(assemble_iterate_dnskey, - tp->autr->keys); - return 1; -} - -/** parse integer */ -static unsigned int -parse_int(char* line, int* ret) -{ - char *e; - unsigned int x = (unsigned int)strtol(line, &e, 10); - if(line == e) { - *ret = -1; /* parse error */ - return 0; - } - *ret = 1; /* matched */ - return x; -} - -/** parse id sequence for anchor */ -static struct trust_anchor* -parse_id(struct val_anchors* anchors, char* line) -{ - struct trust_anchor *tp; - int r; - uint16_t dclass; - uint8_t* dname; - size_t dname_len; - /* read the owner name */ - char* next = strchr(line, ' '); - if(!next) - return NULL; - next[0] = 0; - dname = sldns_str2wire_dname(line, &dname_len); - if(!dname) - return NULL; - - /* read the class */ - dclass = parse_int(next+1, &r); - if(r == -1) { - free(dname); - return NULL; - } - - /* find the trust point */ - tp = autr_tp_create(anchors, dname, dname_len, dclass); - free(dname); - return tp; -} - -/** - * Parse variable from trustanchor header - * @param line: to parse - * @param anchors: the anchor is added to this, if "id:" is seen. - * @param anchor: the anchor as result value or previously returned anchor - * value to read the variable lines into. - * @return: 0 no match, -1 failed syntax error, +1 success line read. - * +2 revoked trust anchor file. - */ -static int -parse_var_line(char* line, struct val_anchors* anchors, - struct trust_anchor** anchor) -{ - struct trust_anchor* tp = *anchor; - int r = 0; - if(strncmp(line, ";;id: ", 6) == 0) { - *anchor = parse_id(anchors, line+6); - if(!*anchor) return -1; - else return 1; - } else if(strncmp(line, ";;REVOKED", 9) == 0) { - if(tp) { - log_err("REVOKED statement must be at start of file"); - return -1; - } - return 2; - } else if(strncmp(line, ";;last_queried: ", 16) == 0) { - if(!tp) return -1; - lock_basic_lock(&tp->lock); - tp->autr->last_queried = (time_t)parse_int(line+16, &r); - lock_basic_unlock(&tp->lock); - } else if(strncmp(line, ";;last_success: ", 16) == 0) { - if(!tp) return -1; - lock_basic_lock(&tp->lock); - tp->autr->last_success = (time_t)parse_int(line+16, &r); - lock_basic_unlock(&tp->lock); - } else if(strncmp(line, ";;next_probe_time: ", 19) == 0) { - if(!tp) return -1; - lock_basic_lock(&anchors->lock); - lock_basic_lock(&tp->lock); - (void)rbtree_delete(&anchors->autr->probe, tp); - tp->autr->next_probe_time = (time_t)parse_int(line+19, &r); - (void)rbtree_insert(&anchors->autr->probe, &tp->autr->pnode); - lock_basic_unlock(&tp->lock); - lock_basic_unlock(&anchors->lock); - } else if(strncmp(line, ";;query_failed: ", 16) == 0) { - if(!tp) return -1; - lock_basic_lock(&tp->lock); - tp->autr->query_failed = (uint8_t)parse_int(line+16, &r); - lock_basic_unlock(&tp->lock); - } else if(strncmp(line, ";;query_interval: ", 18) == 0) { - if(!tp) return -1; - lock_basic_lock(&tp->lock); - tp->autr->query_interval = (time_t)parse_int(line+18, &r); - lock_basic_unlock(&tp->lock); - } else if(strncmp(line, ";;retry_time: ", 14) == 0) { - if(!tp) return -1; - lock_basic_lock(&tp->lock); - tp->autr->retry_time = (time_t)parse_int(line+14, &r); - lock_basic_unlock(&tp->lock); - } - return r; -} - -/** handle origin lines */ -static int -handle_origin(char* line, uint8_t** origin, size_t* origin_len) -{ - size_t len = 0; - while(isspace((unsigned char)*line)) - line++; - if(strncmp(line, "$ORIGIN", 7) != 0) - return 0; - free(*origin); - line += 7; - while(isspace((unsigned char)*line)) - line++; - *origin = sldns_str2wire_dname(line, &len); - *origin_len = len; - if(!*origin) - log_warn("malloc failure or parse error in $ORIGIN"); - return 1; -} - -/** Read one line and put multiline RRs onto one line string */ -static int -read_multiline(char* buf, size_t len, FILE* in, int* linenr) -{ - char* pos = buf; - size_t left = len; - int depth = 0; - buf[len-1] = 0; - while(left > 0 && fgets(pos, (int)left, in) != NULL) { - size_t i, poslen = strlen(pos); - (*linenr)++; - - /* check what the new depth is after the line */ - /* this routine cannot handle braces inside quotes, - say for TXT records, but this routine only has to read keys */ - for(i=0; i0) - pos[poslen-1] = 0; /* strip newline */ - if(strchr(pos, ';')) - strchr(pos, ';')[0] = 0; /* strip comments */ - - /* move to paste other lines behind this one */ - poslen = strlen(pos); - pos += poslen; - left -= poslen; - /* the newline is changed into a space */ - if(left <= 2 /* space and eos */) { - log_err("line too long"); - return -1; - } - pos[0] = ' '; - pos[1] = 0; - pos += 1; - left -= 1; - } - if(depth != 0) { - log_err("mismatch: too many '('"); - return -1; - } - if(pos != buf) - return 1; - return 0; -} - -int autr_read_file(struct val_anchors* anchors, const char* nm) -{ - /* the file descriptor */ - FILE* fd; - /* keep track of line numbers */ - int line_nr = 0; - /* single line */ - char line[10240]; - /* trust point being read */ - struct trust_anchor *tp = NULL, *tp2; - int r; - /* for $ORIGIN parsing */ - uint8_t *origin=NULL, *prev=NULL; - size_t origin_len=0, prev_len=0; - - if (!(fd = fopen(nm, "r"))) { - log_err("unable to open %s for reading: %s", - nm, strerror(errno)); - return 0; - } - verbose(VERB_ALGO, "reading autotrust anchor file %s", nm); - while ( (r=read_multiline(line, sizeof(line), fd, &line_nr)) != 0) { - if(r == -1 || (r = parse_var_line(line, anchors, &tp)) == -1) { - log_err("could not parse auto-trust-anchor-file " - "%s line %d", nm, line_nr); - fclose(fd); - free(origin); - free(prev); - return 0; - } else if(r == 1) { - continue; - } else if(r == 2) { - log_warn("trust anchor %s has been revoked", nm); - fclose(fd); - free(origin); - free(prev); - return 1; - } - if (!str_contains_data(line, ';')) - continue; /* empty lines allowed */ - if(handle_origin(line, &origin, &origin_len)) - continue; - r = 0; - if(!(tp2=load_trustanchor(anchors, line, nm, origin, - origin_len, &prev, &prev_len, &r))) { - if(!r) log_err("failed to load trust anchor from %s " - "at line %i, skipping", nm, line_nr); - /* try to do the rest */ - continue; - } - if(tp && tp != tp2) { - log_err("file %s has mismatching data inside: " - "the file may only contain keys for one name, " - "remove keys for other domain names", nm); - fclose(fd); - free(origin); - free(prev); - return 0; - } - tp = tp2; - } - fclose(fd); - free(origin); - free(prev); - if(!tp) { - log_err("failed to read %s", nm); - return 0; - } - - /* now assemble the data into DNSKEY and DS packed rrsets */ - lock_basic_lock(&tp->lock); - if(!autr_assemble(tp)) { - lock_basic_unlock(&tp->lock); - log_err("malloc failure assembling %s", nm); - return 0; - } - lock_basic_unlock(&tp->lock); - return 1; -} - -/** string for a trustanchor state */ -static const char* -trustanchor_state2str(autr_state_type s) -{ - switch (s) { - case AUTR_STATE_START: return " START "; - case AUTR_STATE_ADDPEND: return " ADDPEND "; - case AUTR_STATE_VALID: return " VALID "; - case AUTR_STATE_MISSING: return " MISSING "; - case AUTR_STATE_REVOKED: return " REVOKED "; - case AUTR_STATE_REMOVED: return " REMOVED "; - } - return " UNKNOWN "; -} - -/** print ID to file */ -static int -print_id(FILE* out, char* fname, uint8_t* nm, size_t nmlen, uint16_t dclass) -{ - char* s = sldns_wire2str_dname(nm, nmlen); - if(!s) { - log_err("malloc failure in write to %s", fname); - return 0; - } - if(fprintf(out, ";;id: %s %d\n", s, (int)dclass) < 0) { - log_err("could not write to %s: %s", fname, strerror(errno)); - free(s); - return 0; - } - free(s); - return 1; -} - -static int -autr_write_contents(FILE* out, char* fn, struct trust_anchor* tp) -{ - char tmi[32]; - struct autr_ta* ta; - char* str; - - /* write pretty header */ - if(fprintf(out, "; autotrust trust anchor file\n") < 0) { - log_err("could not write to %s: %s", fn, strerror(errno)); - return 0; - } - if(tp->autr->revoked) { - if(fprintf(out, ";;REVOKED\n") < 0 || - fprintf(out, "; The zone has all keys revoked, and is\n" - "; considered as if it has no trust anchors.\n" - "; the remainder of the file is the last probe.\n" - "; to restart the trust anchor, overwrite this file.\n" - "; with one containing valid DNSKEYs or DSes.\n") < 0) { - log_err("could not write to %s: %s", fn, strerror(errno)); - return 0; - } - } - if(!print_id(out, fn, tp->name, tp->namelen, tp->dclass)) { - return 0; - } - if(fprintf(out, ";;last_queried: %u ;;%s", - (unsigned int)tp->autr->last_queried, - ctime_r(&(tp->autr->last_queried), tmi)) < 0 || - fprintf(out, ";;last_success: %u ;;%s", - (unsigned int)tp->autr->last_success, - ctime_r(&(tp->autr->last_success), tmi)) < 0 || - fprintf(out, ";;next_probe_time: %u ;;%s", - (unsigned int)tp->autr->next_probe_time, - ctime_r(&(tp->autr->next_probe_time), tmi)) < 0 || - fprintf(out, ";;query_failed: %d\n", (int)tp->autr->query_failed)<0 - || fprintf(out, ";;query_interval: %d\n", - (int)tp->autr->query_interval) < 0 || - fprintf(out, ";;retry_time: %d\n", (int)tp->autr->retry_time) < 0) { - log_err("could not write to %s: %s", fn, strerror(errno)); - return 0; - } - - /* write anchors */ - for(ta=tp->autr->keys; ta; ta=ta->next) { - /* by default do not store START and REMOVED keys */ - if(ta->s == AUTR_STATE_START) - continue; - if(ta->s == AUTR_STATE_REMOVED) - continue; - /* only store keys */ - if(sldns_wirerr_get_type(ta->rr, ta->rr_len, ta->dname_len) - != LDNS_RR_TYPE_DNSKEY) - continue; - str = sldns_wire2str_rr(ta->rr, ta->rr_len); - if(!str || !str[0]) { - free(str); - log_err("malloc failure writing %s", fn); - return 0; - } - str[strlen(str)-1] = 0; /* remove newline */ - if(fprintf(out, "%s ;;state=%d [%s] ;;count=%d " - ";;lastchange=%u ;;%s", str, (int)ta->s, - trustanchor_state2str(ta->s), (int)ta->pending_count, - (unsigned int)ta->last_change, - ctime_r(&(ta->last_change), tmi)) < 0) { - log_err("could not write to %s: %s", fn, strerror(errno)); - free(str); - return 0; - } - free(str); - } - return 1; -} - -void autr_write_file(struct module_env* env, struct trust_anchor* tp) -{ - FILE* out; - char* fname = tp->autr->file; - char tempf[2048]; - log_assert(tp->autr); - if(!env) { - log_err("autr_write_file: Module environment is NULL."); - return; - } - /* unique name with pid number and thread number */ - snprintf(tempf, sizeof(tempf), "%s.%d-%d", fname, (int)getpid(), - env->worker?*(int*)env->worker:0); - verbose(VERB_ALGO, "autotrust: write to disk: %s", tempf); - out = fopen(tempf, "w"); - if(!out) { - fatal_exit("could not open autotrust file for writing, %s: %s", - tempf, strerror(errno)); - return; - } - if(!autr_write_contents(out, tempf, tp)) { - /* failed to write contents (completely) */ - fclose(out); - unlink(tempf); - fatal_exit("could not completely write: %s", fname); - return; - } - if(fflush(out) != 0) - log_err("could not fflush(%s): %s", fname, strerror(errno)); -#ifdef HAVE_FSYNC - if(fsync(fileno(out)) != 0) - log_err("could not fsync(%s): %s", fname, strerror(errno)); -#else - FlushFileBuffers((HANDLE)_get_osfhandle(_fileno(out))); -#endif - if(fclose(out) != 0) { - fatal_exit("could not complete write: %s: %s", - fname, strerror(errno)); - unlink(tempf); - return; - } - /* success; overwrite actual file */ - verbose(VERB_ALGO, "autotrust: replaced %s", fname); -#ifdef UB_ON_WINDOWS - (void)unlink(fname); /* windows does not replace file with rename() */ -#endif - if(rename(tempf, fname) < 0) { - fatal_exit("rename(%s to %s): %s", tempf, fname, strerror(errno)); - } -} - -/** - * Verify if dnskey works for trust point - * @param env: environment (with time) for verification - * @param ve: validator environment (with options) for verification. - * @param tp: trust point to verify with - * @param rrset: DNSKEY rrset to verify. - * @return false on failure, true if verification successful. - */ -static int -verify_dnskey(struct module_env* env, struct val_env* ve, - struct trust_anchor* tp, struct ub_packed_rrset_key* rrset) -{ - char* reason = NULL; - uint8_t sigalg[ALGO_NEEDS_MAX+1]; - int downprot = env->cfg->harden_algo_downgrade; - enum sec_status sec = val_verify_DNSKEY_with_TA(env, ve, rrset, - tp->ds_rrset, tp->dnskey_rrset, downprot?sigalg:NULL, &reason); - /* sigalg is ignored, it returns algorithms signalled to exist, but - * in 5011 there are no other rrsets to check. if downprot is - * enabled, then it checks that the DNSKEY is signed with all - * algorithms available in the trust store. */ - verbose(VERB_ALGO, "autotrust: validate DNSKEY with anchor: %s", - sec_status_to_string(sec)); - return sec == sec_status_secure; -} - -static int32_t -rrsig_get_expiry(uint8_t* d, size_t len) -{ - /* rrsig: 2(rdlen), 2(type) 1(alg) 1(v) 4(origttl), then 4(expi), (4)incep) */ - if(len < 2+8+4) - return 0; - return sldns_read_uint32(d+2+8); -} - -/** Find minimum expiration interval from signatures */ -static time_t -min_expiry(struct module_env* env, struct packed_rrset_data* dd) -{ - size_t i; - int32_t t, r = 15 * 24 * 3600; /* 15 days max */ - for(i=dd->count; icount+dd->rrsig_count; i++) { - t = rrsig_get_expiry(dd->rr_data[i], dd->rr_len[i]); - if((int32_t)t - (int32_t)*env->now > 0) { - t -= (int32_t)*env->now; - if(t < r) - r = t; - } - } - return (time_t)r; -} - -/** Is rr self-signed revoked key */ -static int -rr_is_selfsigned_revoked(struct module_env* env, struct val_env* ve, - struct ub_packed_rrset_key* dnskey_rrset, size_t i) -{ - enum sec_status sec; - char* reason = NULL; - verbose(VERB_ALGO, "seen REVOKE flag, check self-signed, rr %d", - (int)i); - /* no algorithm downgrade protection necessary, if it is selfsigned - * revoked it can be removed. */ - sec = dnskey_verify_rrset(env, ve, dnskey_rrset, dnskey_rrset, i, - &reason); - return (sec == sec_status_secure); -} - -/** Set fetched value */ -static void -seen_trustanchor(struct autr_ta* ta, uint8_t seen) -{ - ta->fetched = seen; - if(ta->pending_count < 250) /* no numerical overflow, please */ - ta->pending_count++; -} - -/** set revoked value */ -static void -seen_revoked_trustanchor(struct autr_ta* ta, uint8_t revoked) -{ - ta->revoked = revoked; -} - -/** revoke a trust anchor */ -static void -revoke_dnskey(struct autr_ta* ta, int off) -{ - uint16_t flags; - uint8_t* data; - if(sldns_wirerr_get_type(ta->rr, ta->rr_len, ta->dname_len) != - LDNS_RR_TYPE_DNSKEY) - return; - if(sldns_wirerr_get_rdatalen(ta->rr, ta->rr_len, ta->dname_len) < 2) - return; - data = sldns_wirerr_get_rdata(ta->rr, ta->rr_len, ta->dname_len); - flags = sldns_read_uint16(data); - if (off && (flags&LDNS_KEY_REVOKE_KEY)) - flags ^= LDNS_KEY_REVOKE_KEY; /* flip */ - else - flags |= LDNS_KEY_REVOKE_KEY; - sldns_write_uint16(data, flags); -} - -/** Compare two RRs skipping the REVOKED bit. Pass rdata(no len) */ -static int -dnskey_compare_skip_revbit(uint8_t* a, size_t a_len, uint8_t* b, size_t b_len) -{ - size_t i; - if(a_len != b_len) - return -1; - /* compare RRs RDATA byte for byte. */ - for(i = 0; i < a_len; i++) - { - uint8_t rdf1, rdf2; - rdf1 = a[i]; - rdf2 = b[i]; - if(i==1) { - /* this is the second part of the flags field */ - rdf1 |= LDNS_KEY_REVOKE_KEY; - rdf2 |= LDNS_KEY_REVOKE_KEY; - } - if (rdf1 < rdf2) return -1; - else if (rdf1 > rdf2) return 1; - } - return 0; -} - - -/** compare trust anchor with rdata, 0 if equal. Pass rdata(no len) */ -static int -ta_compare(struct autr_ta* a, uint16_t t, uint8_t* b, size_t b_len) -{ - if(!a) return -1; - else if(!b) return -1; - else if(sldns_wirerr_get_type(a->rr, a->rr_len, a->dname_len) != t) - return (int)sldns_wirerr_get_type(a->rr, a->rr_len, - a->dname_len) - (int)t; - else if(t == LDNS_RR_TYPE_DNSKEY) { - return dnskey_compare_skip_revbit( - sldns_wirerr_get_rdata(a->rr, a->rr_len, a->dname_len), - sldns_wirerr_get_rdatalen(a->rr, a->rr_len, - a->dname_len), b, b_len); - } - else if(t == LDNS_RR_TYPE_DS) { - if(sldns_wirerr_get_rdatalen(a->rr, a->rr_len, a->dname_len) != - b_len) - return -1; - return memcmp(sldns_wirerr_get_rdata(a->rr, - a->rr_len, a->dname_len), b, b_len); - } - return -1; -} - -/** - * Find key - * @param tp: to search in - * @param t: rr type of the rdata. - * @param rdata: to look for (no rdatalen in it) - * @param rdata_len: length of rdata - * @param result: returns NULL or the ta key looked for. - * @return false on malloc failure during search. if true examine result. - */ -static int -find_key(struct trust_anchor* tp, uint16_t t, uint8_t* rdata, size_t rdata_len, - struct autr_ta** result) -{ - struct autr_ta* ta; - if(!tp || !rdata) { - *result = NULL; - return 0; - } - for(ta=tp->autr->keys; ta; ta=ta->next) { - if(ta_compare(ta, t, rdata, rdata_len) == 0) { - *result = ta; - return 1; - } - } - *result = NULL; - return 1; -} - -/** add key and clone RR and tp already locked. rdata without rdlen. */ -static struct autr_ta* -add_key(struct trust_anchor* tp, uint32_t ttl, uint8_t* rdata, size_t rdata_len) -{ - struct autr_ta* ta; - uint8_t* rr; - size_t rr_len, dname_len; - uint16_t rrtype = htons(LDNS_RR_TYPE_DNSKEY); - uint16_t rrclass = htons(LDNS_RR_CLASS_IN); - uint16_t rdlen = htons(rdata_len); - dname_len = tp->namelen; - ttl = htonl(ttl); - rr_len = dname_len + 10 /* type,class,ttl,rdatalen */ + rdata_len; - rr = (uint8_t*)malloc(rr_len); - if(!rr) return NULL; - memmove(rr, tp->name, tp->namelen); - memmove(rr+dname_len, &rrtype, 2); - memmove(rr+dname_len+2, &rrclass, 2); - memmove(rr+dname_len+4, &ttl, 4); - memmove(rr+dname_len+8, &rdlen, 2); - memmove(rr+dname_len+10, rdata, rdata_len); - ta = autr_ta_create(rr, rr_len, dname_len); - if(!ta) { - /* rr freed in autr_ta_create */ - return NULL; - } - /* link in, tp already locked */ - ta->next = tp->autr->keys; - tp->autr->keys = ta; - return ta; -} - -/** get TTL from DNSKEY rrset */ -static time_t -key_ttl(struct ub_packed_rrset_key* k) -{ - struct packed_rrset_data* d = (struct packed_rrset_data*)k->entry.data; - return d->ttl; -} - -/** update the time values for the trustpoint */ -static void -set_tp_times(struct trust_anchor* tp, time_t rrsig_exp_interval, - time_t origttl, int* changed) -{ - time_t x, qi = tp->autr->query_interval, rt = tp->autr->retry_time; - - /* x = MIN(15days, ttl/2, expire/2) */ - x = 15 * 24 * 3600; - if(origttl/2 < x) - x = origttl/2; - if(rrsig_exp_interval/2 < x) - x = rrsig_exp_interval/2; - /* MAX(1hr, x) */ - if(!autr_permit_small_holddown) { - if(x < 3600) - tp->autr->query_interval = 3600; - else tp->autr->query_interval = x; - } else tp->autr->query_interval = x; - - /* x= MIN(1day, ttl/10, expire/10) */ - x = 24 * 3600; - if(origttl/10 < x) - x = origttl/10; - if(rrsig_exp_interval/10 < x) - x = rrsig_exp_interval/10; - /* MAX(1hr, x) */ - if(!autr_permit_small_holddown) { - if(x < 3600) - tp->autr->retry_time = 3600; - else tp->autr->retry_time = x; - } else tp->autr->retry_time = x; - - if(qi != tp->autr->query_interval || rt != tp->autr->retry_time) { - *changed = 1; - verbose(VERB_ALGO, "orig_ttl is %d", (int)origttl); - verbose(VERB_ALGO, "rrsig_exp_interval is %d", - (int)rrsig_exp_interval); - verbose(VERB_ALGO, "query_interval: %d, retry_time: %d", - (int)tp->autr->query_interval, - (int)tp->autr->retry_time); - } -} - -/** init events to zero */ -static void -init_events(struct trust_anchor* tp) -{ - struct autr_ta* ta; - for(ta=tp->autr->keys; ta; ta=ta->next) { - ta->fetched = 0; - } -} - -/** check for revoked keys without trusting any other information */ -static void -check_contains_revoked(struct module_env* env, struct val_env* ve, - struct trust_anchor* tp, struct ub_packed_rrset_key* dnskey_rrset, - int* changed) -{ - struct packed_rrset_data* dd = (struct packed_rrset_data*) - dnskey_rrset->entry.data; - size_t i; - log_assert(ntohs(dnskey_rrset->rk.type) == LDNS_RR_TYPE_DNSKEY); - for(i=0; icount; i++) { - struct autr_ta* ta = NULL; - if(!rr_is_dnskey_sep(ntohs(dnskey_rrset->rk.type), - dd->rr_data[i]+2, dd->rr_len[i]-2) || - !rr_is_dnskey_revoked(ntohs(dnskey_rrset->rk.type), - dd->rr_data[i]+2, dd->rr_len[i]-2)) - continue; /* not a revoked KSK */ - if(!find_key(tp, ntohs(dnskey_rrset->rk.type), - dd->rr_data[i]+2, dd->rr_len[i]-2, &ta)) { - log_err("malloc failure"); - continue; /* malloc fail in compare*/ - } - if(!ta) - continue; /* key not found */ - if(rr_is_selfsigned_revoked(env, ve, dnskey_rrset, i)) { - /* checked if there is an rrsig signed by this key. */ - /* same keytag, but stored can be revoked already, so - * compare keytags, with +0 or +128(REVOKE flag) */ - log_assert(dnskey_calc_keytag(dnskey_rrset, i)-128 == - sldns_calc_keytag_raw(sldns_wirerr_get_rdata( - ta->rr, ta->rr_len, ta->dname_len), - sldns_wirerr_get_rdatalen(ta->rr, ta->rr_len, - ta->dname_len)) || - dnskey_calc_keytag(dnskey_rrset, i) == - sldns_calc_keytag_raw(sldns_wirerr_get_rdata( - ta->rr, ta->rr_len, ta->dname_len), - sldns_wirerr_get_rdatalen(ta->rr, ta->rr_len, - ta->dname_len))); /* checks conversion*/ - verbose_key(ta, VERB_ALGO, "is self-signed revoked"); - if(!ta->revoked) - *changed = 1; - seen_revoked_trustanchor(ta, 1); - do_revoked(env, ta, changed); - } - } -} - -/** See if a DNSKEY is verified by one of the DSes */ -static int -key_matches_a_ds(struct module_env* env, struct val_env* ve, - struct ub_packed_rrset_key* dnskey_rrset, size_t key_idx, - struct ub_packed_rrset_key* ds_rrset) -{ - struct packed_rrset_data* dd = (struct packed_rrset_data*) - ds_rrset->entry.data; - size_t ds_idx, num = dd->count; - int d = val_favorite_ds_algo(ds_rrset); - char* reason = ""; - for(ds_idx=0; ds_idxentry.data; - size_t i; - log_assert(ntohs(dnskey_rrset->rk.type) == LDNS_RR_TYPE_DNSKEY); - init_events(tp); - for(i=0; icount; i++) { - struct autr_ta* ta = NULL; - if(!rr_is_dnskey_sep(ntohs(dnskey_rrset->rk.type), - dd->rr_data[i]+2, dd->rr_len[i]-2)) - continue; - if(rr_is_dnskey_revoked(ntohs(dnskey_rrset->rk.type), - dd->rr_data[i]+2, dd->rr_len[i]-2)) { - /* self-signed revoked keys already detected before, - * other revoked keys are not 'added' again */ - continue; - } - /* is a key of this type supported?. Note rr_list and - * packed_rrset are in the same order. */ - if(!dnskey_algo_is_supported(dnskey_rrset, i)) { - /* skip unknown algorithm key, it is useless to us */ - log_nametypeclass(VERB_DETAIL, "trust point has " - "unsupported algorithm at", - tp->name, LDNS_RR_TYPE_DNSKEY, tp->dclass); - continue; - } - - /* is it new? if revocation bit set, find the unrevoked key */ - if(!find_key(tp, ntohs(dnskey_rrset->rk.type), - dd->rr_data[i]+2, dd->rr_len[i]-2, &ta)) { - return 0; - } - if(!ta) { - ta = add_key(tp, (uint32_t)dd->rr_ttl[i], - dd->rr_data[i]+2, dd->rr_len[i]-2); - *changed = 1; - /* first time seen, do we have DSes? if match: VALID */ - if(ta && tp->ds_rrset && key_matches_a_ds(env, ve, - dnskey_rrset, i, tp->ds_rrset)) { - verbose_key(ta, VERB_ALGO, "verified by DS"); - ta->s = AUTR_STATE_VALID; - } - } - if(!ta) { - return 0; - } - seen_trustanchor(ta, 1); - verbose_key(ta, VERB_ALGO, "in DNS response"); - } - set_tp_times(tp, min_expiry(env, dd), key_ttl(dnskey_rrset), changed); - return 1; -} - -/** - * Check if the holddown time has already exceeded - * setting: add-holddown: add holddown timer - * setting: del-holddown: del holddown timer - * @param env: environment with current time - * @param ta: trust anchor to check for. - * @param holddown: the timer value - * @return number of seconds the holddown has passed. - */ -static time_t -check_holddown(struct module_env* env, struct autr_ta* ta, - unsigned int holddown) -{ - time_t elapsed; - if(*env->now < ta->last_change) { - log_warn("time goes backwards. delaying key holddown"); - return 0; - } - elapsed = *env->now - ta->last_change; - if (elapsed > (time_t)holddown) { - return elapsed-(time_t)holddown; - } - verbose_key(ta, VERB_ALGO, "holddown time " ARG_LL "d seconds to go", - (long long) ((time_t)holddown-elapsed)); - return 0; -} - - -/** Set last_change to now */ -static void -reset_holddown(struct module_env* env, struct autr_ta* ta, int* changed) -{ - ta->last_change = *env->now; - *changed = 1; -} - -/** Set the state for this trust anchor */ -static void -set_trustanchor_state(struct module_env* env, struct autr_ta* ta, int* changed, - autr_state_type s) -{ - verbose_key(ta, VERB_ALGO, "update: %s to %s", - trustanchor_state2str(ta->s), trustanchor_state2str(s)); - ta->s = s; - reset_holddown(env, ta, changed); -} - - -/** Event: NewKey */ -static void -do_newkey(struct module_env* env, struct autr_ta* anchor, int* c) -{ - if (anchor->s == AUTR_STATE_START) - set_trustanchor_state(env, anchor, c, AUTR_STATE_ADDPEND); -} - -/** Event: AddTime */ -static void -do_addtime(struct module_env* env, struct autr_ta* anchor, int* c) -{ - /* This not according to RFC, this is 30 days, but the RFC demands - * MAX(30days, TTL expire time of first DNSKEY set with this key), - * The value may be too small if a very large TTL was used. */ - time_t exceeded = check_holddown(env, anchor, env->cfg->add_holddown); - if (exceeded && anchor->s == AUTR_STATE_ADDPEND) { - verbose_key(anchor, VERB_ALGO, "add-holddown time exceeded " - ARG_LL "d seconds ago, and pending-count %d", - (long long)exceeded, anchor->pending_count); - if(anchor->pending_count >= MIN_PENDINGCOUNT) { - set_trustanchor_state(env, anchor, c, AUTR_STATE_VALID); - anchor->pending_count = 0; - return; - } - verbose_key(anchor, VERB_ALGO, "add-holddown time sanity check " - "failed (pending count: %d)", anchor->pending_count); - } -} - -/** Event: RemTime */ -static void -do_remtime(struct module_env* env, struct autr_ta* anchor, int* c) -{ - time_t exceeded = check_holddown(env, anchor, env->cfg->del_holddown); - if(exceeded && anchor->s == AUTR_STATE_REVOKED) { - verbose_key(anchor, VERB_ALGO, "del-holddown time exceeded " - ARG_LL "d seconds ago", (long long)exceeded); - set_trustanchor_state(env, anchor, c, AUTR_STATE_REMOVED); - } -} - -/** Event: KeyRem */ -static void -do_keyrem(struct module_env* env, struct autr_ta* anchor, int* c) -{ - if(anchor->s == AUTR_STATE_ADDPEND) { - set_trustanchor_state(env, anchor, c, AUTR_STATE_START); - anchor->pending_count = 0; - } else if(anchor->s == AUTR_STATE_VALID) - set_trustanchor_state(env, anchor, c, AUTR_STATE_MISSING); -} - -/** Event: KeyPres */ -static void -do_keypres(struct module_env* env, struct autr_ta* anchor, int* c) -{ - if(anchor->s == AUTR_STATE_MISSING) - set_trustanchor_state(env, anchor, c, AUTR_STATE_VALID); -} - -/* Event: Revoked */ -static void -do_revoked(struct module_env* env, struct autr_ta* anchor, int* c) -{ - if(anchor->s == AUTR_STATE_VALID || anchor->s == AUTR_STATE_MISSING) { - set_trustanchor_state(env, anchor, c, AUTR_STATE_REVOKED); - verbose_key(anchor, VERB_ALGO, "old id, prior to revocation"); - revoke_dnskey(anchor, 0); - verbose_key(anchor, VERB_ALGO, "new id, after revocation"); - } -} - -/** Do statestable transition matrix for anchor */ -static void -anchor_state_update(struct module_env* env, struct autr_ta* anchor, int* c) -{ - log_assert(anchor); - switch(anchor->s) { - /* START */ - case AUTR_STATE_START: - /* NewKey: ADDPEND */ - if (anchor->fetched) - do_newkey(env, anchor, c); - break; - /* ADDPEND */ - case AUTR_STATE_ADDPEND: - /* KeyRem: START */ - if (!anchor->fetched) - do_keyrem(env, anchor, c); - /* AddTime: VALID */ - else do_addtime(env, anchor, c); - break; - /* VALID */ - case AUTR_STATE_VALID: - /* RevBit: REVOKED */ - if (anchor->revoked) - do_revoked(env, anchor, c); - /* KeyRem: MISSING */ - else if (!anchor->fetched) - do_keyrem(env, anchor, c); - else if(!anchor->last_change) { - verbose_key(anchor, VERB_ALGO, "first seen"); - reset_holddown(env, anchor, c); - } - break; - /* MISSING */ - case AUTR_STATE_MISSING: - /* RevBit: REVOKED */ - if (anchor->revoked) - do_revoked(env, anchor, c); - /* KeyPres */ - else if (anchor->fetched) - do_keypres(env, anchor, c); - break; - /* REVOKED */ - case AUTR_STATE_REVOKED: - if (anchor->fetched) - reset_holddown(env, anchor, c); - /* RemTime: REMOVED */ - else do_remtime(env, anchor, c); - break; - /* REMOVED */ - case AUTR_STATE_REMOVED: - default: - break; - } -} - -/** if ZSK init then trust KSKs */ -static int -init_zsk_to_ksk(struct module_env* env, struct trust_anchor* tp, int* changed) -{ - /* search for VALID ZSKs */ - struct autr_ta* anchor; - int validzsk = 0; - int validksk = 0; - for(anchor = tp->autr->keys; anchor; anchor = anchor->next) { - /* last_change test makes sure it was manually configured */ - if(sldns_wirerr_get_type(anchor->rr, anchor->rr_len, - anchor->dname_len) == LDNS_RR_TYPE_DNSKEY && - anchor->last_change == 0 && - !ta_is_dnskey_sep(anchor) && - anchor->s == AUTR_STATE_VALID) - validzsk++; - } - if(validzsk == 0) - return 0; - for(anchor = tp->autr->keys; anchor; anchor = anchor->next) { - if (ta_is_dnskey_sep(anchor) && - anchor->s == AUTR_STATE_ADDPEND) { - verbose_key(anchor, VERB_ALGO, "trust KSK from " - "ZSK(config)"); - set_trustanchor_state(env, anchor, changed, - AUTR_STATE_VALID); - validksk++; - } - } - return validksk; -} - -/** Remove missing trustanchors so the list does not grow forever */ -static void -remove_missing_trustanchors(struct module_env* env, struct trust_anchor* tp, - int* changed) -{ - struct autr_ta* anchor; - time_t exceeded; - int valid = 0; - /* see if we have anchors that are valid */ - for(anchor = tp->autr->keys; anchor; anchor = anchor->next) { - /* Only do KSKs */ - if (!ta_is_dnskey_sep(anchor)) - continue; - if (anchor->s == AUTR_STATE_VALID) - valid++; - } - /* if there are no SEP Valid anchors, see if we started out with - * a ZSK (last-change=0) anchor, which is VALID and there are KSKs - * now that can be made valid. Do this immediately because there - * is no guarantee that the ZSKs get announced long enough. Usually - * this is immediately after init with a ZSK trusted, unless the domain - * was not advertising any KSKs at all. In which case we perfectly - * track the zero number of KSKs. */ - if(valid == 0) { - valid = init_zsk_to_ksk(env, tp, changed); - if(valid == 0) - return; - } - - for(anchor = tp->autr->keys; anchor; anchor = anchor->next) { - /* ignore ZSKs if newly added */ - if(anchor->s == AUTR_STATE_START) - continue; - /* remove ZSKs if a KSK is present */ - if (!ta_is_dnskey_sep(anchor)) { - if(valid > 0) { - verbose_key(anchor, VERB_ALGO, "remove ZSK " - "[%d key(s) VALID]", valid); - set_trustanchor_state(env, anchor, changed, - AUTR_STATE_REMOVED); - } - continue; - } - /* Only do MISSING keys */ - if (anchor->s != AUTR_STATE_MISSING) - continue; - if(env->cfg->keep_missing == 0) - continue; /* keep forever */ - - exceeded = check_holddown(env, anchor, env->cfg->keep_missing); - /* If keep_missing has exceeded and we still have more than - * one valid KSK: remove missing trust anchor */ - if (exceeded && valid > 0) { - verbose_key(anchor, VERB_ALGO, "keep-missing time " - "exceeded " ARG_LL "d seconds ago, [%d key(s) VALID]", - (long long)exceeded, valid); - set_trustanchor_state(env, anchor, changed, - AUTR_STATE_REMOVED); - } - } -} - -/** Do the statetable from RFC5011 transition matrix */ -static int -do_statetable(struct module_env* env, struct trust_anchor* tp, int* changed) -{ - struct autr_ta* anchor; - for(anchor = tp->autr->keys; anchor; anchor = anchor->next) { - /* Only do KSKs */ - if(!ta_is_dnskey_sep(anchor)) - continue; - anchor_state_update(env, anchor, changed); - } - remove_missing_trustanchors(env, tp, changed); - return 1; -} - -/** See if time alone makes ADDPEND to VALID transition */ -static void -autr_holddown_exceed(struct module_env* env, struct trust_anchor* tp, int* c) -{ - struct autr_ta* anchor; - for(anchor = tp->autr->keys; anchor; anchor = anchor->next) { - if(ta_is_dnskey_sep(anchor) && - anchor->s == AUTR_STATE_ADDPEND) - do_addtime(env, anchor, c); - } -} - -/** cleanup key list */ -static void -autr_cleanup_keys(struct trust_anchor* tp) -{ - struct autr_ta* p, **prevp; - prevp = &tp->autr->keys; - p = tp->autr->keys; - while(p) { - /* do we want to remove this key? */ - if(p->s == AUTR_STATE_START || p->s == AUTR_STATE_REMOVED || - sldns_wirerr_get_type(p->rr, p->rr_len, p->dname_len) - != LDNS_RR_TYPE_DNSKEY) { - struct autr_ta* np = p->next; - /* remove */ - free(p->rr); - free(p); - /* snip and go to next item */ - *prevp = np; - p = np; - continue; - } - /* remove pending counts if no longer pending */ - if(p->s != AUTR_STATE_ADDPEND) - p->pending_count = 0; - prevp = &p->next; - p = p->next; - } -} - -/** calculate next probe time */ -static time_t -calc_next_probe(struct module_env* env, time_t wait) -{ - /* make it random, 90-100% */ - time_t rnd, rest; - if(!autr_permit_small_holddown) { - if(wait < 3600) - wait = 3600; - } else { - if(wait == 0) wait = 1; - } - rnd = wait/10; - rest = wait-rnd; - rnd = (time_t)ub_random_max(env->rnd, (long int)rnd); - return (time_t)(*env->now + rest + rnd); -} - -/** what is first probe time (anchors must be locked) */ -static time_t -wait_probe_time(struct val_anchors* anchors) -{ - rbnode_type* t = rbtree_first(&anchors->autr->probe); - if(t != RBTREE_NULL) - return ((struct trust_anchor*)t->key)->autr->next_probe_time; - return 0; -} - -/** reset worker timer */ -static void -reset_worker_timer(struct module_env* env) -{ - struct timeval tv; -#ifndef S_SPLINT_S - time_t next = (time_t)wait_probe_time(env->anchors); - /* in case this is libunbound, no timer */ - if(!env->probe_timer) - return; - if(next > *env->now) - tv.tv_sec = (time_t)(next - *env->now); - else tv.tv_sec = 0; -#endif - tv.tv_usec = 0; - comm_timer_set(env->probe_timer, &tv); - verbose(VERB_ALGO, "scheduled next probe in " ARG_LL "d sec", (long long)tv.tv_sec); -} - -/** set next probe for trust anchor */ -static int -set_next_probe(struct module_env* env, struct trust_anchor* tp, - struct ub_packed_rrset_key* dnskey_rrset) -{ - struct trust_anchor key, *tp2; - time_t mold, mnew; - /* use memory allocated in rrset for temporary name storage */ - key.node.key = &key; - key.name = dnskey_rrset->rk.dname; - key.namelen = dnskey_rrset->rk.dname_len; - key.namelabs = dname_count_labels(key.name); - key.dclass = tp->dclass; - lock_basic_unlock(&tp->lock); - - /* fetch tp again and lock anchors, so that we can modify the trees */ - lock_basic_lock(&env->anchors->lock); - tp2 = (struct trust_anchor*)rbtree_search(env->anchors->tree, &key); - if(!tp2) { - verbose(VERB_ALGO, "trustpoint was deleted in set_next_probe"); - lock_basic_unlock(&env->anchors->lock); - return 0; - } - log_assert(tp == tp2); - lock_basic_lock(&tp->lock); - - /* schedule */ - mold = wait_probe_time(env->anchors); - (void)rbtree_delete(&env->anchors->autr->probe, tp); - tp->autr->next_probe_time = calc_next_probe(env, - tp->autr->query_interval); - (void)rbtree_insert(&env->anchors->autr->probe, &tp->autr->pnode); - mnew = wait_probe_time(env->anchors); - - lock_basic_unlock(&env->anchors->lock); - verbose(VERB_ALGO, "next probe set in %d seconds", - (int)tp->autr->next_probe_time - (int)*env->now); - if(mold != mnew) { - reset_worker_timer(env); - } - return 1; -} - -/** Revoke and Delete a trust point */ -static void -autr_tp_remove(struct module_env* env, struct trust_anchor* tp, - struct ub_packed_rrset_key* dnskey_rrset) -{ - struct trust_anchor* del_tp; - struct trust_anchor key; - struct autr_point_data pd; - time_t mold, mnew; - - log_nametypeclass(VERB_OPS, "trust point was revoked", - tp->name, LDNS_RR_TYPE_DNSKEY, tp->dclass); - tp->autr->revoked = 1; - - /* use space allocated for dnskey_rrset to save name of anchor */ - memset(&key, 0, sizeof(key)); - memset(&pd, 0, sizeof(pd)); - key.autr = &pd; - key.node.key = &key; - pd.pnode.key = &key; - pd.next_probe_time = tp->autr->next_probe_time; - key.name = dnskey_rrset->rk.dname; - key.namelen = tp->namelen; - key.namelabs = tp->namelabs; - key.dclass = tp->dclass; - - /* unlock */ - lock_basic_unlock(&tp->lock); - - /* take from tree. It could be deleted by someone else,hence (void). */ - lock_basic_lock(&env->anchors->lock); - del_tp = (struct trust_anchor*)rbtree_delete(env->anchors->tree, &key); - mold = wait_probe_time(env->anchors); - (void)rbtree_delete(&env->anchors->autr->probe, &key); - mnew = wait_probe_time(env->anchors); - anchors_init_parents_locked(env->anchors); - lock_basic_unlock(&env->anchors->lock); - - /* if !del_tp then the trust point is no longer present in the tree, - * it was deleted by someone else, who will write the zonefile and - * clean up the structure */ - if(del_tp) { - /* save on disk */ - del_tp->autr->next_probe_time = 0; /* no more probing for it */ - autr_write_file(env, del_tp); - - /* delete */ - autr_point_delete(del_tp); - } - if(mold != mnew) { - reset_worker_timer(env); - } -} - -int autr_process_prime(struct module_env* env, struct val_env* ve, - struct trust_anchor* tp, struct ub_packed_rrset_key* dnskey_rrset) -{ - int changed = 0; - log_assert(tp && tp->autr); - /* autotrust update trust anchors */ - /* the tp is locked, and stays locked unless it is deleted */ - - /* we could just catch the anchor here while another thread - * is busy deleting it. Just unlock and let the other do its job */ - if(tp->autr->revoked) { - log_nametypeclass(VERB_ALGO, "autotrust not processed, " - "trust point revoked", tp->name, - LDNS_RR_TYPE_DNSKEY, tp->dclass); - lock_basic_unlock(&tp->lock); - return 0; /* it is revoked */ - } - - /* query_dnskeys(): */ - tp->autr->last_queried = *env->now; - - log_nametypeclass(VERB_ALGO, "autotrust process for", - tp->name, LDNS_RR_TYPE_DNSKEY, tp->dclass); - /* see if time alone makes some keys valid */ - autr_holddown_exceed(env, tp, &changed); - if(changed) { - verbose(VERB_ALGO, "autotrust: morekeys, reassemble"); - if(!autr_assemble(tp)) { - log_err("malloc failure assembling autotrust keys"); - return 1; /* unchanged */ - } - } - /* did we get any data? */ - if(!dnskey_rrset) { - verbose(VERB_ALGO, "autotrust: no dnskey rrset"); - /* no update of query_failed, because then we would have - * to write to disk. But we cannot because we maybe are - * still 'initialising' with DS records, that we cannot write - * in the full format (which only contains KSKs). */ - return 1; /* trust point exists */ - } - /* check for revoked keys to remove immediately */ - check_contains_revoked(env, ve, tp, dnskey_rrset, &changed); - if(changed) { - verbose(VERB_ALGO, "autotrust: revokedkeys, reassemble"); - if(!autr_assemble(tp)) { - log_err("malloc failure assembling autotrust keys"); - return 1; /* unchanged */ - } - if(!tp->ds_rrset && !tp->dnskey_rrset) { - /* no more keys, all are revoked */ - /* this is a success for this probe attempt */ - tp->autr->last_success = *env->now; - autr_tp_remove(env, tp, dnskey_rrset); - return 0; /* trust point removed */ - } - } - /* verify the dnskey rrset and see if it is valid. */ - if(!verify_dnskey(env, ve, tp, dnskey_rrset)) { - verbose(VERB_ALGO, "autotrust: dnskey did not verify."); - /* only increase failure count if this is not the first prime, - * this means there was a previous successful probe */ - if(tp->autr->last_success) { - tp->autr->query_failed += 1; - autr_write_file(env, tp); - } - return 1; /* trust point exists */ - } - - tp->autr->last_success = *env->now; - tp->autr->query_failed = 0; - - /* Add new trust anchors to the data structure - * - note which trust anchors are seen this probe. - * Set trustpoint query_interval and retry_time. - * - find minimum rrsig expiration interval - */ - if(!update_events(env, ve, tp, dnskey_rrset, &changed)) { - log_err("malloc failure in autotrust update_events. " - "trust point unchanged."); - return 1; /* trust point unchanged, so exists */ - } - - /* - for every SEP key do the 5011 statetable. - * - remove missing trustanchors (if veryold and we have new anchors). - */ - if(!do_statetable(env, tp, &changed)) { - log_err("malloc failure in autotrust do_statetable. " - "trust point unchanged."); - return 1; /* trust point unchanged, so exists */ - } - - autr_cleanup_keys(tp); - if(!set_next_probe(env, tp, dnskey_rrset)) - return 0; /* trust point does not exist */ - autr_write_file(env, tp); - if(changed) { - verbose(VERB_ALGO, "autotrust: changed, reassemble"); - if(!autr_assemble(tp)) { - log_err("malloc failure assembling autotrust keys"); - return 1; /* unchanged */ - } - if(!tp->ds_rrset && !tp->dnskey_rrset) { - /* no more keys, all are revoked */ - autr_tp_remove(env, tp, dnskey_rrset); - return 0; /* trust point removed */ - } - } else verbose(VERB_ALGO, "autotrust: no changes"); - - return 1; /* trust point exists */ -} - -/** debug print a trust anchor key */ -static void -autr_debug_print_ta(struct autr_ta* ta) -{ - char buf[32]; - char* str = sldns_wire2str_rr(ta->rr, ta->rr_len); - if(!str) { - log_info("out of memory in debug_print_ta"); - return; - } - if(str && str[0]) str[strlen(str)-1]=0; /* remove newline */ - ctime_r(&ta->last_change, buf); - if(buf[0]) buf[strlen(buf)-1]=0; /* remove newline */ - log_info("[%s] %s ;;state:%d ;;pending_count:%d%s%s last:%s", - trustanchor_state2str(ta->s), str, ta->s, ta->pending_count, - ta->fetched?" fetched":"", ta->revoked?" revoked":"", buf); - free(str); -} - -/** debug print a trust point */ -static void -autr_debug_print_tp(struct trust_anchor* tp) -{ - struct autr_ta* ta; - char buf[257]; - if(!tp->autr) - return; - dname_str(tp->name, buf); - log_info("trust point %s : %d", buf, (int)tp->dclass); - log_info("assembled %d DS and %d DNSKEYs", - (int)tp->numDS, (int)tp->numDNSKEY); - if(tp->ds_rrset) { - log_packed_rrset(0, "DS:", tp->ds_rrset); - } - if(tp->dnskey_rrset) { - log_packed_rrset(0, "DNSKEY:", tp->dnskey_rrset); - } - log_info("file %s", tp->autr->file); - ctime_r(&tp->autr->last_queried, buf); - if(buf[0]) buf[strlen(buf)-1]=0; /* remove newline */ - log_info("last_queried: %u %s", (unsigned)tp->autr->last_queried, buf); - ctime_r(&tp->autr->last_success, buf); - if(buf[0]) buf[strlen(buf)-1]=0; /* remove newline */ - log_info("last_success: %u %s", (unsigned)tp->autr->last_success, buf); - ctime_r(&tp->autr->next_probe_time, buf); - if(buf[0]) buf[strlen(buf)-1]=0; /* remove newline */ - log_info("next_probe_time: %u %s", (unsigned)tp->autr->next_probe_time, - buf); - log_info("query_interval: %u", (unsigned)tp->autr->query_interval); - log_info("retry_time: %u", (unsigned)tp->autr->retry_time); - log_info("query_failed: %u", (unsigned)tp->autr->query_failed); - - for(ta=tp->autr->keys; ta; ta=ta->next) { - autr_debug_print_ta(ta); - } -} - -void -autr_debug_print(struct val_anchors* anchors) -{ - struct trust_anchor* tp; - lock_basic_lock(&anchors->lock); - RBTREE_FOR(tp, struct trust_anchor*, anchors->tree) { - lock_basic_lock(&tp->lock); - autr_debug_print_tp(tp); - lock_basic_unlock(&tp->lock); - } - lock_basic_unlock(&anchors->lock); -} - -void probe_answer_cb(void* arg, int ATTR_UNUSED(rcode), - sldns_buffer* ATTR_UNUSED(buf), enum sec_status ATTR_UNUSED(sec), - char* ATTR_UNUSED(why_bogus)) -{ - /* retry was set before the query was done, - * re-querytime is set when query succeeded, but that may not - * have reset this timer because the query could have been - * handled by another thread. In that case, this callback would - * get called after the original timeout is done. - * By not resetting the timer, it may probe more often, but not - * less often. - * Unless the new lookup resulted in smaller TTLs and thus smaller - * timeout values. In that case one old TTL could be mistakenly done. - */ - struct module_env* env = (struct module_env*)arg; - verbose(VERB_ALGO, "autotrust probe answer cb"); - reset_worker_timer(env); -} - -/** probe a trust anchor DNSKEY and unlocks tp */ -static void -probe_anchor(struct module_env* env, struct trust_anchor* tp) -{ - struct query_info qinfo; - uint16_t qflags = BIT_RD; - struct edns_data edns; - sldns_buffer* buf = env->scratch_buffer; - qinfo.qname = regional_alloc_init(env->scratch, tp->name, tp->namelen); - if(!qinfo.qname) { - log_err("out of memory making 5011 probe"); - return; - } - qinfo.qname_len = tp->namelen; - qinfo.qtype = LDNS_RR_TYPE_DNSKEY; - qinfo.qclass = tp->dclass; - qinfo.local_alias = NULL; - log_query_info(VERB_ALGO, "autotrust probe", &qinfo); - verbose(VERB_ALGO, "retry probe set in %d seconds", - (int)tp->autr->next_probe_time - (int)*env->now); - edns.edns_present = 1; - edns.ext_rcode = 0; - edns.edns_version = 0; - edns.bits = EDNS_DO; - edns.opt_list = NULL; - if(sldns_buffer_capacity(buf) < 65535) - edns.udp_size = (uint16_t)sldns_buffer_capacity(buf); - else edns.udp_size = 65535; - - /* can't hold the lock while mesh_run is processing */ - lock_basic_unlock(&tp->lock); - - /* delete the DNSKEY from rrset and key cache so an active probe - * is done. First the rrset so another thread does not use it - * to recreate the key entry in a race condition. */ - rrset_cache_remove(env->rrset_cache, qinfo.qname, qinfo.qname_len, - qinfo.qtype, qinfo.qclass, 0); - key_cache_remove(env->key_cache, qinfo.qname, qinfo.qname_len, - qinfo.qclass); - - if(!mesh_new_callback(env->mesh, &qinfo, qflags, &edns, buf, 0, - &probe_answer_cb, env)) { - log_err("out of memory making 5011 probe"); - } -} - -/** fetch first to-probe trust-anchor and lock it and set retrytime */ -static struct trust_anchor* -todo_probe(struct module_env* env, time_t* next) -{ - struct trust_anchor* tp; - rbnode_type* el; - /* get first one */ - lock_basic_lock(&env->anchors->lock); - if( (el=rbtree_first(&env->anchors->autr->probe)) == RBTREE_NULL) { - /* in case of revoked anchors */ - lock_basic_unlock(&env->anchors->lock); - /* signal that there are no anchors to probe */ - *next = 0; - return NULL; - } - tp = (struct trust_anchor*)el->key; - lock_basic_lock(&tp->lock); - - /* is it eligible? */ - if((time_t)tp->autr->next_probe_time > *env->now) { - /* no more to probe */ - *next = (time_t)tp->autr->next_probe_time - *env->now; - lock_basic_unlock(&tp->lock); - lock_basic_unlock(&env->anchors->lock); - return NULL; - } - - /* reset its next probe time */ - (void)rbtree_delete(&env->anchors->autr->probe, tp); - tp->autr->next_probe_time = calc_next_probe(env, tp->autr->retry_time); - (void)rbtree_insert(&env->anchors->autr->probe, &tp->autr->pnode); - lock_basic_unlock(&env->anchors->lock); - - return tp; -} - -time_t -autr_probe_timer(struct module_env* env) -{ - struct trust_anchor* tp; - time_t next_probe = 3600; - int num = 0; - if(autr_permit_small_holddown) next_probe = 1; - verbose(VERB_ALGO, "autotrust probe timer callback"); - /* while there are still anchors to probe */ - while( (tp = todo_probe(env, &next_probe)) ) { - /* make a probe for this anchor */ - probe_anchor(env, tp); - num++; - } - regional_free_all(env->scratch); - if(next_probe == 0) - return 0; /* no trust points to probe */ - verbose(VERB_ALGO, "autotrust probe timer %d callbacks done", num); - return next_probe; -} diff --git a/external/unbound/validator/autotrust.h b/external/unbound/validator/autotrust.h deleted file mode 100644 index dbaf5126a..000000000 --- a/external/unbound/validator/autotrust.h +++ /dev/null @@ -1,208 +0,0 @@ -/* - * validator/autotrust.h - RFC5011 trust anchor management for unbound. - * - * Copyright (c) 2009, NLnet Labs. All rights reserved. - * - * This software is open source. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * Redistributions of source code must retain the above copyright notice, - * this list of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, - * this list of conditions and the following disclaimer in the documentation - * and/or other materials provided with the distribution. - * - * Neither the name of the NLNET LABS nor the names of its contributors may - * be used to endorse or promote products derived from this software without - * specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR - * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT - * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED - * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR - * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF - * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING - * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -/** - * \file - * - * Contains autotrust definitions. - */ - -#ifndef VALIDATOR_AUTOTRUST_H -#define VALIDATOR_AUTOTRUST_H -#include "util/rbtree.h" -#include "util/data/packed_rrset.h" -struct val_anchors; -struct trust_anchor; -struct ub_packed_rrset_key; -struct module_env; -struct val_env; -struct sldns_buffer; - -/** Autotrust anchor states */ -typedef enum { - AUTR_STATE_START = 0, - AUTR_STATE_ADDPEND = 1, - AUTR_STATE_VALID = 2, - AUTR_STATE_MISSING = 3, - AUTR_STATE_REVOKED = 4, - AUTR_STATE_REMOVED = 5 -} autr_state_type; - -/** - * Autotrust metadata for one trust anchor key. - */ -struct autr_ta { - /** next key */ - struct autr_ta* next; - /** the RR */ - uint8_t* rr; - /** length of rr */ - size_t rr_len, dname_len; - /** last update of key state (new pending count keeps date the same) */ - time_t last_change; - /** 5011 state */ - autr_state_type s; - /** pending count */ - uint8_t pending_count; - /** fresh TA was seen */ - uint8_t fetched; - /** revoked TA was seen */ - uint8_t revoked; -}; - -/** - * Autotrust metadata for a trust point. - * This is part of the struct trust_anchor data. - */ -struct autr_point_data { - /** file to store the trust point in. chrootdir already applied. */ - char* file; - /** rbtree node for probe sort, key is struct trust_anchor */ - rbnode_type pnode; - - /** the keys */ - struct autr_ta* keys; - - /** last queried DNSKEY set - * Not all failures are captured in this entry. - * If the validator did not even start (e.g. timeout or localservfail), - * then the last_queried and query_failed values are not updated. - */ - time_t last_queried; - /** last successful DNSKEY set */ - time_t last_success; - /** next probe time */ - time_t next_probe_time; - - /** when to query if !failed */ - time_t query_interval; - /** when to retry if failed */ - time_t retry_time; - - /** - * How many times did it fail. diagnostic only (has no effect). - * Only updated if there was a dnskey rrset that failed to verify. - */ - uint8_t query_failed; - /** true if the trust point has been revoked */ - uint8_t revoked; -}; - -/** - * Autotrust global metadata. - */ -struct autr_global_data { - /** rbtree of autotrust anchors sorted by next probe time. - * When time is equal, sorted by anchor class, name. */ - rbtree_type probe; -}; - -/** - * Create new global 5011 data structure. - * @return new structure or NULL on malloc failure. - */ -struct autr_global_data* autr_global_create(void); - -/** - * Delete global 5011 data structure. - * @param global: global autotrust state to delete. - */ -void autr_global_delete(struct autr_global_data* global); - -/** - * See if autotrust anchors are configured and how many. - * @param anchors: the trust anchors structure. - * @return number of autotrust trust anchors - */ -size_t autr_get_num_anchors(struct val_anchors* anchors); - -/** - * Process probe timer. Add new probes if needed. - * @param env: module environment with time, with anchors and with the mesh. - * @return time of next probe (in seconds from now). - * If 0, then there is no next probe anymore (trust points deleted). - */ -time_t autr_probe_timer(struct module_env* env); - -/** probe tree compare function */ -int probetree_cmp(const void* x, const void* y); - -/** - * Read autotrust file. - * @param anchors: the anchors structure. - * @param nm: name of the file (copied). - * @return false on failure. - */ -int autr_read_file(struct val_anchors* anchors, const char* nm); - -/** - * Write autotrust file. - * @param env: environment with scratch space. - * @param tp: trust point to write. - */ -void autr_write_file(struct module_env* env, struct trust_anchor* tp); - -/** - * Delete autr anchor, deletes the autr data but does not do - * unlinking from trees, caller does that. - * @param tp: trust point to delete. - */ -void autr_point_delete(struct trust_anchor* tp); - -/** - * Perform autotrust processing. - * @param env: qstate environment with the anchors structure. - * @param ve: validator environment for verification of rrsigs. - * @param tp: trust anchor to process. - * @param dnskey_rrset: DNSKEY rrset probed (can be NULL if bad prime result). - * allocated in a region. Has not been validated yet. - * @return false if trust anchor was revoked completely. - * Otherwise logs errors to log, does not change return value. - * On errors, likely the trust point has been unchanged. - */ -int autr_process_prime(struct module_env* env, struct val_env* ve, - struct trust_anchor* tp, struct ub_packed_rrset_key* dnskey_rrset); - -/** - * Debug printout of rfc5011 tracked anchors - * @param anchors: all the anchors. - */ -void autr_debug_print(struct val_anchors* anchors); - -/** callback for query answer to 5011 probe */ -void probe_answer_cb(void* arg, int rcode, struct sldns_buffer* buf, - enum sec_status sec, char* errinf); - -#endif /* VALIDATOR_AUTOTRUST_H */ diff --git a/external/unbound/validator/val_anchor.c b/external/unbound/validator/val_anchor.c deleted file mode 100644 index 6c6322447..000000000 --- a/external/unbound/validator/val_anchor.c +++ /dev/null @@ -1,1311 +0,0 @@ -/* - * validator/val_anchor.c - validator trust anchor storage. - * - * Copyright (c) 2007, NLnet Labs. All rights reserved. - * - * This software is open source. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * Redistributions of source code must retain the above copyright notice, - * this list of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, - * this list of conditions and the following disclaimer in the documentation - * and/or other materials provided with the distribution. - * - * Neither the name of the NLNET LABS nor the names of its contributors may - * be used to endorse or promote products derived from this software without - * specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR - * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT - * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED - * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR - * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF - * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING - * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -/** - * \file - * - * This file contains storage for the trust anchors for the validator. - */ -#include "config.h" -#include -#include "validator/val_anchor.h" -#include "validator/val_sigcrypt.h" -#include "validator/autotrust.h" -#include "util/data/packed_rrset.h" -#include "util/data/dname.h" -#include "util/log.h" -#include "util/net_help.h" -#include "util/config_file.h" -#include "util/as112.h" -#include "sldns/sbuffer.h" -#include "sldns/rrdef.h" -#include "sldns/str2wire.h" -#ifdef HAVE_GLOB_H -#include -#endif - -int -anchor_cmp(const void* k1, const void* k2) -{ - int m; - struct trust_anchor* n1 = (struct trust_anchor*)k1; - struct trust_anchor* n2 = (struct trust_anchor*)k2; - /* no need to ntohs(class) because sort order is irrelevant */ - if(n1->dclass != n2->dclass) { - if(n1->dclass < n2->dclass) - return -1; - return 1; - } - return dname_lab_cmp(n1->name, n1->namelabs, n2->name, n2->namelabs, - &m); -} - -struct val_anchors* -anchors_create(void) -{ - struct val_anchors* a = (struct val_anchors*)calloc(1, sizeof(*a)); - if(!a) - return NULL; - a->tree = rbtree_create(anchor_cmp); - if(!a->tree) { - anchors_delete(a); - return NULL; - } - a->autr = autr_global_create(); - if(!a->autr) { - anchors_delete(a); - return NULL; - } - lock_basic_init(&a->lock); - lock_protect(&a->lock, a, sizeof(*a)); - lock_protect(&a->lock, a->autr, sizeof(*a->autr)); - return a; -} - -/** delete assembled rrset */ -static void -assembled_rrset_delete(struct ub_packed_rrset_key* pkey) -{ - if(!pkey) return; - if(pkey->entry.data) { - struct packed_rrset_data* pd = (struct packed_rrset_data*) - pkey->entry.data; - free(pd->rr_data); - free(pd->rr_ttl); - free(pd->rr_len); - free(pd); - } - free(pkey->rk.dname); - free(pkey); -} - -/** destroy locks in tree and delete autotrust anchors */ -static void -anchors_delfunc(rbnode_type* elem, void* ATTR_UNUSED(arg)) -{ - struct trust_anchor* ta = (struct trust_anchor*)elem; - if(!ta) return; - if(ta->autr) { - autr_point_delete(ta); - } else { - struct ta_key* p, *np; - lock_basic_destroy(&ta->lock); - free(ta->name); - p = ta->keylist; - while(p) { - np = p->next; - free(p->data); - free(p); - p = np; - } - assembled_rrset_delete(ta->ds_rrset); - assembled_rrset_delete(ta->dnskey_rrset); - free(ta); - } -} - -void -anchors_delete(struct val_anchors* anchors) -{ - if(!anchors) - return; - lock_unprotect(&anchors->lock, anchors->autr); - lock_unprotect(&anchors->lock, anchors); - lock_basic_destroy(&anchors->lock); - if(anchors->tree) - traverse_postorder(anchors->tree, anchors_delfunc, NULL); - free(anchors->tree); - autr_global_delete(anchors->autr); - free(anchors); -} - -void -anchors_init_parents_locked(struct val_anchors* anchors) -{ - struct trust_anchor* node, *prev = NULL, *p; - int m; - /* nobody else can grab locks because we hold the main lock. - * Thus the previous items, after unlocked, are not deleted */ - RBTREE_FOR(node, struct trust_anchor*, anchors->tree) { - lock_basic_lock(&node->lock); - node->parent = NULL; - if(!prev || prev->dclass != node->dclass) { - prev = node; - lock_basic_unlock(&node->lock); - continue; - } - (void)dname_lab_cmp(prev->name, prev->namelabs, node->name, - node->namelabs, &m); /* we know prev is smaller */ - /* sort order like: . com. bla.com. zwb.com. net. */ - /* find the previous, or parent-parent-parent */ - for(p = prev; p; p = p->parent) - /* looking for name with few labels, a parent */ - if(p->namelabs <= m) { - /* ==: since prev matched m, this is closest*/ - /* <: prev matches more, but is not a parent, - * this one is a (grand)parent */ - node->parent = p; - break; - } - lock_basic_unlock(&node->lock); - prev = node; - } -} - -/** initialise parent pointers in the tree */ -static void -init_parents(struct val_anchors* anchors) -{ - lock_basic_lock(&anchors->lock); - anchors_init_parents_locked(anchors); - lock_basic_unlock(&anchors->lock); -} - -struct trust_anchor* -anchor_find(struct val_anchors* anchors, uint8_t* name, int namelabs, - size_t namelen, uint16_t dclass) -{ - struct trust_anchor key; - rbnode_type* n; - if(!name) return NULL; - key.node.key = &key; - key.name = name; - key.namelabs = namelabs; - key.namelen = namelen; - key.dclass = dclass; - lock_basic_lock(&anchors->lock); - n = rbtree_search(anchors->tree, &key); - if(n) { - lock_basic_lock(&((struct trust_anchor*)n->key)->lock); - } - lock_basic_unlock(&anchors->lock); - if(!n) - return NULL; - return (struct trust_anchor*)n->key; -} - -/** create new trust anchor object */ -static struct trust_anchor* -anchor_new_ta(struct val_anchors* anchors, uint8_t* name, int namelabs, - size_t namelen, uint16_t dclass, int lockit) -{ -#ifdef UNBOUND_DEBUG - rbnode_type* r; -#endif - struct trust_anchor* ta = (struct trust_anchor*)malloc( - sizeof(struct trust_anchor)); - if(!ta) - return NULL; - memset(ta, 0, sizeof(*ta)); - ta->node.key = ta; - ta->name = memdup(name, namelen); - if(!ta->name) { - free(ta); - return NULL; - } - ta->namelabs = namelabs; - ta->namelen = namelen; - ta->dclass = dclass; - lock_basic_init(&ta->lock); - if(lockit) { - lock_basic_lock(&anchors->lock); - } -#ifdef UNBOUND_DEBUG - r = -#else - (void) -#endif - rbtree_insert(anchors->tree, &ta->node); - if(lockit) { - lock_basic_unlock(&anchors->lock); - } - log_assert(r != NULL); - return ta; -} - -/** find trustanchor key by exact data match */ -static struct ta_key* -anchor_find_key(struct trust_anchor* ta, uint8_t* rdata, size_t rdata_len, - uint16_t type) -{ - struct ta_key* k; - for(k = ta->keylist; k; k = k->next) { - if(k->type == type && k->len == rdata_len && - memcmp(k->data, rdata, rdata_len) == 0) - return k; - } - return NULL; -} - -/** create new trustanchor key */ -static struct ta_key* -anchor_new_ta_key(uint8_t* rdata, size_t rdata_len, uint16_t type) -{ - struct ta_key* k = (struct ta_key*)malloc(sizeof(*k)); - if(!k) - return NULL; - memset(k, 0, sizeof(*k)); - k->data = memdup(rdata, rdata_len); - if(!k->data) { - free(k); - return NULL; - } - k->len = rdata_len; - k->type = type; - return k; -} - -/** - * This routine adds a new RR to a trust anchor. The trust anchor may not - * exist yet, and is created if not. The RR can be DS or DNSKEY. - * This routine will also remove duplicates; storing them only once. - * @param anchors: anchor storage. - * @param name: name of trust anchor (wireformat) - * @param type: type or RR - * @param dclass: class of RR - * @param rdata: rdata wireformat, starting with rdlength. - * If NULL, nothing is stored, but an entry is created. - * @param rdata_len: length of rdata including rdlength. - * @return: NULL on error, else the trust anchor. - */ -static struct trust_anchor* -anchor_store_new_key(struct val_anchors* anchors, uint8_t* name, uint16_t type, - uint16_t dclass, uint8_t* rdata, size_t rdata_len) -{ - struct ta_key* k; - struct trust_anchor* ta; - int namelabs; - size_t namelen; - namelabs = dname_count_size_labels(name, &namelen); - if(type != LDNS_RR_TYPE_DS && type != LDNS_RR_TYPE_DNSKEY) { - log_err("Bad type for trust anchor"); - return 0; - } - /* lookup or create trustanchor */ - ta = anchor_find(anchors, name, namelabs, namelen, dclass); - if(!ta) { - ta = anchor_new_ta(anchors, name, namelabs, namelen, dclass, 1); - if(!ta) - return NULL; - lock_basic_lock(&ta->lock); - } - if(!rdata) { - lock_basic_unlock(&ta->lock); - return ta; - } - /* look for duplicates */ - if(anchor_find_key(ta, rdata, rdata_len, type)) { - lock_basic_unlock(&ta->lock); - return ta; - } - k = anchor_new_ta_key(rdata, rdata_len, type); - if(!k) { - lock_basic_unlock(&ta->lock); - return NULL; - } - /* add new key */ - if(type == LDNS_RR_TYPE_DS) - ta->numDS++; - else ta->numDNSKEY++; - k->next = ta->keylist; - ta->keylist = k; - lock_basic_unlock(&ta->lock); - return ta; -} - -/** - * Add new RR. It converts ldns RR to wire format. - * @param anchors: anchor storage. - * @param rr: the wirerr. - * @param rl: length of rr. - * @param dl: length of dname. - * @return NULL on error, else the trust anchor. - */ -static struct trust_anchor* -anchor_store_new_rr(struct val_anchors* anchors, uint8_t* rr, size_t rl, - size_t dl) -{ - struct trust_anchor* ta; - if(!(ta=anchor_store_new_key(anchors, rr, - sldns_wirerr_get_type(rr, rl, dl), - sldns_wirerr_get_class(rr, rl, dl), - sldns_wirerr_get_rdatawl(rr, rl, dl), - sldns_wirerr_get_rdatalen(rr, rl, dl)+2))) { - return NULL; - } - log_nametypeclass(VERB_QUERY, "adding trusted key", - rr, sldns_wirerr_get_type(rr, rl, dl), - sldns_wirerr_get_class(rr, rl, dl)); - return ta; -} - -/** - * Insert insecure anchor - * @param anchors: anchor storage. - * @param str: the domain name. - * @return NULL on error, Else last trust anchor point - */ -static struct trust_anchor* -anchor_insert_insecure(struct val_anchors* anchors, const char* str) -{ - struct trust_anchor* ta; - size_t dname_len = 0; - uint8_t* nm = sldns_str2wire_dname(str, &dname_len); - if(!nm) { - log_err("parse error in domain name '%s'", str); - return NULL; - } - ta = anchor_store_new_key(anchors, nm, LDNS_RR_TYPE_DS, - LDNS_RR_CLASS_IN, NULL, 0); - free(nm); - return ta; -} - -struct trust_anchor* -anchor_store_str(struct val_anchors* anchors, sldns_buffer* buffer, - const char* str) -{ - struct trust_anchor* ta; - uint8_t* rr = sldns_buffer_begin(buffer); - size_t len = sldns_buffer_capacity(buffer), dname_len = 0; - int status = sldns_str2wire_rr_buf(str, rr, &len, &dname_len, - 0, NULL, 0, NULL, 0); - if(status != 0) { - log_err("error parsing trust anchor %s: at %d: %s", - str, LDNS_WIREPARSE_OFFSET(status), - sldns_get_errorstr_parse(status)); - return NULL; - } - if(!(ta=anchor_store_new_rr(anchors, rr, len, dname_len))) { - log_err("out of memory"); - return NULL; - } - return ta; -} - -/** - * Read a file with trust anchors - * @param anchors: anchor storage. - * @param buffer: parsing buffer. - * @param fname: string. - * @param onlyone: only one trust anchor allowed in file. - * @return NULL on error. Else last trust-anchor point. - */ -static struct trust_anchor* -anchor_read_file(struct val_anchors* anchors, sldns_buffer* buffer, - const char* fname, int onlyone) -{ - struct trust_anchor* ta = NULL, *tanew; - struct sldns_file_parse_state pst; - int status; - size_t len, dname_len; - uint8_t* rr = sldns_buffer_begin(buffer); - int ok = 1; - FILE* in = fopen(fname, "r"); - if(!in) { - log_err("error opening file %s: %s", fname, strerror(errno)); - return 0; - } - memset(&pst, 0, sizeof(pst)); - pst.default_ttl = 3600; - pst.lineno = 1; - while(!feof(in)) { - len = sldns_buffer_capacity(buffer); - dname_len = 0; - status = sldns_fp2wire_rr_buf(in, rr, &len, &dname_len, &pst); - if(len == 0) /* empty, $TTL, $ORIGIN */ - continue; - if(status != 0) { - log_err("parse error in %s:%d:%d : %s", fname, - pst.lineno, LDNS_WIREPARSE_OFFSET(status), - sldns_get_errorstr_parse(status)); - ok = 0; - break; - } - if(sldns_wirerr_get_type(rr, len, dname_len) != - LDNS_RR_TYPE_DS && sldns_wirerr_get_type(rr, len, - dname_len) != LDNS_RR_TYPE_DNSKEY) { - continue; - } - if(!(tanew=anchor_store_new_rr(anchors, rr, len, dname_len))) { - log_err("mem error at %s line %d", fname, pst.lineno); - ok = 0; - break; - } - if(onlyone && ta && ta != tanew) { - log_err("error at %s line %d: no multiple anchor " - "domains allowed (you can have multiple " - "keys, but they must have the same name).", - fname, pst.lineno); - ok = 0; - break; - } - ta = tanew; - } - fclose(in); - if(!ok) return NULL; - /* empty file is OK when multiple anchors are allowed */ - if(!onlyone && !ta) return (struct trust_anchor*)1; - return ta; -} - -/** skip file to end of line */ -static void -skip_to_eol(FILE* in) -{ - int c; - while((c = getc(in)) != EOF ) { - if(c == '\n') - return; - } -} - -/** true for special characters in bind configs */ -static int -is_bind_special(int c) -{ - switch(c) { - case '{': - case '}': - case '"': - case ';': - return 1; - } - return 0; -} - -/** - * Read a keyword skipping bind comments; spaces, specials, restkeywords. - * The file is split into the following tokens: - * * special characters, on their own, rdlen=1, { } doublequote ; - * * whitespace becomes a single ' ' or tab. Newlines become spaces. - * * other words ('keywords') - * * comments are skipped if desired - * / / C++ style comment to end of line - * # to end of line - * / * C style comment * / - * @param in: file to read from. - * @param buf: buffer, what is read is stored after current buffer position. - * Space is left in the buffer to write a terminating 0. - * @param line: line number is increased per line, for error reports. - * @param comments: if 0, comments are not possible and become text. - * if 1, comments are skipped entirely. - * In BIND files, this is when reading quoted strings, for example - * " base 64 text with / / in there " - * @return the number of character written to the buffer. - * 0 on end of file. - */ -static int -readkeyword_bindfile(FILE* in, sldns_buffer* buf, int* line, int comments) -{ - int c; - int numdone = 0; - while((c = getc(in)) != EOF ) { - if(comments && c == '#') { /* # blabla */ - skip_to_eol(in); - (*line)++; - continue; - } else if(comments && c=='/' && numdone>0 && /* /_/ bla*/ - sldns_buffer_read_u8_at(buf, - sldns_buffer_position(buf)-1) == '/') { - sldns_buffer_skip(buf, -1); - numdone--; - skip_to_eol(in); - (*line)++; - continue; - } else if(comments && c=='*' && numdone>0 && /* /_* bla *_/ */ - sldns_buffer_read_u8_at(buf, - sldns_buffer_position(buf)-1) == '/') { - sldns_buffer_skip(buf, -1); - numdone--; - /* skip to end of comment */ - while(c != EOF && (c=getc(in)) != EOF ) { - if(c == '*') { - if((c=getc(in)) == '/') - break; - } - if(c == '\n') - (*line)++; - } - continue; - } - /* not a comment, complete the keyword */ - if(numdone > 0) { - /* check same type */ - if(isspace((unsigned char)c)) { - ungetc(c, in); - return numdone; - } - if(is_bind_special(c)) { - ungetc(c, in); - return numdone; - } - } - if(c == '\n') { - c = ' '; - (*line)++; - } - /* space for 1 char + 0 string terminator */ - if(sldns_buffer_remaining(buf) < 2) { - fatal_exit("trusted-keys, %d, string too long", *line); - } - sldns_buffer_write_u8(buf, (uint8_t)c); - numdone++; - if(isspace((unsigned char)c)) { - /* collate whitespace into ' ' */ - while((c = getc(in)) != EOF ) { - if(c == '\n') - (*line)++; - if(!isspace((unsigned char)c)) { - ungetc(c, in); - break; - } - } - return numdone; - } - if(is_bind_special(c)) - return numdone; - } - return numdone; -} - -/** skip through file to { or ; */ -static int -skip_to_special(FILE* in, sldns_buffer* buf, int* line, int spec) -{ - int rdlen; - sldns_buffer_clear(buf); - while((rdlen=readkeyword_bindfile(in, buf, line, 1))) { - if(rdlen == 1 && isspace((unsigned char)*sldns_buffer_begin(buf))) { - sldns_buffer_clear(buf); - continue; - } - if(rdlen != 1 || *sldns_buffer_begin(buf) != (uint8_t)spec) { - sldns_buffer_write_u8(buf, 0); - log_err("trusted-keys, line %d, expected %c", - *line, spec); - return 0; - } - return 1; - } - log_err("trusted-keys, line %d, expected %c got EOF", *line, spec); - return 0; -} - -/** - * read contents of trusted-keys{ ... ; clauses and insert keys into storage. - * @param anchors: where to store keys - * @param buf: buffer to use - * @param line: line number in file - * @param in: file to read from. - * @return 0 on error. - */ -static int -process_bind_contents(struct val_anchors* anchors, sldns_buffer* buf, - int* line, FILE* in) -{ - /* loop over contents, collate strings before ; */ - /* contents is (numbered): 0 1 2 3 4 5 6 7 8 */ - /* name. 257 3 5 base64 base64 */ - /* quoted value: 0 "111" 0 0 0 0 0 0 0 */ - /* comments value: 1 "000" 1 1 1 "0 0 0 0" 1 */ - int contnum = 0; - int quoted = 0; - int comments = 1; - int rdlen; - char* str = 0; - sldns_buffer_clear(buf); - while((rdlen=readkeyword_bindfile(in, buf, line, comments))) { - if(rdlen == 1 && sldns_buffer_position(buf) == 1 - && isspace((unsigned char)*sldns_buffer_begin(buf))) { - /* starting whitespace is removed */ - sldns_buffer_clear(buf); - continue; - } else if(rdlen == 1 && sldns_buffer_current(buf)[-1] == '"') { - /* remove " from the string */ - if(contnum == 0) { - quoted = 1; - comments = 0; - } - sldns_buffer_skip(buf, -1); - if(contnum > 0 && quoted) { - if(sldns_buffer_remaining(buf) < 8+1) { - log_err("line %d, too long", *line); - return 0; - } - sldns_buffer_write(buf, " DNSKEY ", 8); - quoted = 0; - comments = 1; - } else if(contnum > 0) - comments = !comments; - continue; - } else if(rdlen == 1 && sldns_buffer_current(buf)[-1] == ';') { - - if(contnum < 5) { - sldns_buffer_write_u8(buf, 0); - log_err("line %d, bad key", *line); - return 0; - } - sldns_buffer_skip(buf, -1); - sldns_buffer_write_u8(buf, 0); - str = strdup((char*)sldns_buffer_begin(buf)); - if(!str) { - log_err("line %d, allocation failure", *line); - return 0; - } - if(!anchor_store_str(anchors, buf, str)) { - log_err("line %d, bad key", *line); - free(str); - return 0; - } - free(str); - sldns_buffer_clear(buf); - contnum = 0; - quoted = 0; - comments = 1; - continue; - } else if(rdlen == 1 && sldns_buffer_current(buf)[-1] == '}') { - if(contnum > 0) { - sldns_buffer_write_u8(buf, 0); - log_err("line %d, bad key before }", *line); - return 0; - } - return 1; - } else if(rdlen == 1 && - isspace((unsigned char)sldns_buffer_current(buf)[-1])) { - /* leave whitespace here */ - } else { - /* not space or whatnot, so actual content */ - contnum ++; - if(contnum == 1 && !quoted) { - if(sldns_buffer_remaining(buf) < 8+1) { - log_err("line %d, too long", *line); - return 0; - } - sldns_buffer_write(buf, " DNSKEY ", 8); - } - } - } - - log_err("line %d, EOF before }", *line); - return 0; -} - -/** - * Read a BIND9 like file with trust anchors in named.conf format. - * @param anchors: anchor storage. - * @param buffer: parsing buffer. - * @param fname: string. - * @return false on error. - */ -static int -anchor_read_bind_file(struct val_anchors* anchors, sldns_buffer* buffer, - const char* fname) -{ - int line_nr = 1; - FILE* in = fopen(fname, "r"); - int rdlen = 0; - if(!in) { - log_err("error opening file %s: %s", fname, strerror(errno)); - return 0; - } - verbose(VERB_QUERY, "reading in bind-compat-mode: '%s'", fname); - /* scan for trusted-keys keyword, ignore everything else */ - sldns_buffer_clear(buffer); - while((rdlen=readkeyword_bindfile(in, buffer, &line_nr, 1)) != 0) { - if(rdlen != 12 || strncmp((char*)sldns_buffer_begin(buffer), - "trusted-keys", 12) != 0) { - sldns_buffer_clear(buffer); - /* ignore everything but trusted-keys */ - continue; - } - if(!skip_to_special(in, buffer, &line_nr, '{')) { - log_err("error in trusted key: \"%s\"", fname); - fclose(in); - return 0; - } - /* process contents */ - if(!process_bind_contents(anchors, buffer, &line_nr, in)) { - log_err("error in trusted key: \"%s\"", fname); - fclose(in); - return 0; - } - if(!skip_to_special(in, buffer, &line_nr, ';')) { - log_err("error in trusted key: \"%s\"", fname); - fclose(in); - return 0; - } - sldns_buffer_clear(buffer); - } - fclose(in); - return 1; -} - -/** - * Read a BIND9 like files with trust anchors in named.conf format. - * Performs wildcard processing of name. - * @param anchors: anchor storage. - * @param buffer: parsing buffer. - * @param pat: pattern string. (can be wildcarded) - * @return false on error. - */ -static int -anchor_read_bind_file_wild(struct val_anchors* anchors, sldns_buffer* buffer, - const char* pat) -{ -#ifdef HAVE_GLOB - glob_t g; - size_t i; - int r, flags; - if(!strchr(pat, '*') && !strchr(pat, '?') && !strchr(pat, '[') && - !strchr(pat, '{') && !strchr(pat, '~')) { - return anchor_read_bind_file(anchors, buffer, pat); - } - verbose(VERB_QUERY, "wildcard found, processing %s", pat); - flags = 0 -#ifdef GLOB_ERR - | GLOB_ERR -#endif -#ifdef GLOB_NOSORT - | GLOB_NOSORT -#endif -#ifdef GLOB_BRACE - | GLOB_BRACE -#endif -#ifdef GLOB_TILDE - | GLOB_TILDE -#endif - ; - memset(&g, 0, sizeof(g)); - r = glob(pat, flags, NULL, &g); - if(r) { - /* some error */ - if(r == GLOB_NOMATCH) { - verbose(VERB_QUERY, "trusted-keys-file: " - "no matches for %s", pat); - return 1; - } else if(r == GLOB_NOSPACE) { - log_err("wildcard trusted-keys-file %s: " - "pattern out of memory", pat); - } else if(r == GLOB_ABORTED) { - log_err("wildcard trusted-keys-file %s: expansion " - "aborted (%s)", pat, strerror(errno)); - } else { - log_err("wildcard trusted-keys-file %s: expansion " - "failed (%s)", pat, strerror(errno)); - } - /* ignore globs that yield no files */ - return 1; - } - /* process files found, if any */ - for(i=0; i<(size_t)g.gl_pathc; i++) { - if(!anchor_read_bind_file(anchors, buffer, g.gl_pathv[i])) { - log_err("error reading wildcard " - "trusted-keys-file: %s", g.gl_pathv[i]); - globfree(&g); - return 0; - } - } - globfree(&g); - return 1; -#else /* not HAVE_GLOB */ - return anchor_read_bind_file(anchors, buffer, pat); -#endif /* HAVE_GLOB */ -} - -/** - * Assemble an rrset structure for the type - * @param ta: trust anchor. - * @param num: number of items to fetch from list. - * @param type: fetch only items of this type. - * @return rrset or NULL on error. - */ -static struct ub_packed_rrset_key* -assemble_it(struct trust_anchor* ta, size_t num, uint16_t type) -{ - struct ub_packed_rrset_key* pkey = (struct ub_packed_rrset_key*) - malloc(sizeof(*pkey)); - struct packed_rrset_data* pd; - struct ta_key* tk; - size_t i; - if(!pkey) - return NULL; - memset(pkey, 0, sizeof(*pkey)); - pkey->rk.dname = memdup(ta->name, ta->namelen); - if(!pkey->rk.dname) { - free(pkey); - return NULL; - } - - pkey->rk.dname_len = ta->namelen; - pkey->rk.type = htons(type); - pkey->rk.rrset_class = htons(ta->dclass); - /* The rrset is build in an uncompressed way. This means it - * cannot be copied in the normal way. */ - pd = (struct packed_rrset_data*)malloc(sizeof(*pd)); - if(!pd) { - free(pkey->rk.dname); - free(pkey); - return NULL; - } - memset(pd, 0, sizeof(*pd)); - pd->count = num; - pd->trust = rrset_trust_ultimate; - pd->rr_len = (size_t*)reallocarray(NULL, num, sizeof(size_t)); - if(!pd->rr_len) { - free(pd); - free(pkey->rk.dname); - free(pkey); - return NULL; - } - pd->rr_ttl = (time_t*)reallocarray(NULL, num, sizeof(time_t)); - if(!pd->rr_ttl) { - free(pd->rr_len); - free(pd); - free(pkey->rk.dname); - free(pkey); - return NULL; - } - pd->rr_data = (uint8_t**)reallocarray(NULL, num, sizeof(uint8_t*)); - if(!pd->rr_data) { - free(pd->rr_ttl); - free(pd->rr_len); - free(pd); - free(pkey->rk.dname); - free(pkey); - return NULL; - } - /* fill in rrs */ - i=0; - for(tk = ta->keylist; tk; tk = tk->next) { - if(tk->type != type) - continue; - pd->rr_len[i] = tk->len; - /* reuse data ptr to allocation in talist */ - pd->rr_data[i] = tk->data; - pd->rr_ttl[i] = 0; - i++; - } - pkey->entry.data = (void*)pd; - return pkey; -} - -/** - * Assemble structures for the trust DS and DNSKEY rrsets. - * @param ta: trust anchor - * @return: false on error. - */ -static int -anchors_assemble(struct trust_anchor* ta) -{ - if(ta->numDS > 0) { - ta->ds_rrset = assemble_it(ta, ta->numDS, LDNS_RR_TYPE_DS); - if(!ta->ds_rrset) - return 0; - } - if(ta->numDNSKEY > 0) { - ta->dnskey_rrset = assemble_it(ta, ta->numDNSKEY, - LDNS_RR_TYPE_DNSKEY); - if(!ta->dnskey_rrset) - return 0; - } - return 1; -} - -/** - * Check DS algos for support, warn if not. - * @param ta: trust anchor - * @return number of DS anchors with unsupported algorithms. - */ -static size_t -anchors_ds_unsupported(struct trust_anchor* ta) -{ - size_t i, num = 0; - for(i=0; inumDS; i++) { - if(!ds_digest_algo_is_supported(ta->ds_rrset, i) || - !ds_key_algo_is_supported(ta->ds_rrset, i)) - num++; - } - return num; -} - -/** - * Check DNSKEY algos for support, warn if not. - * @param ta: trust anchor - * @return number of DNSKEY anchors with unsupported algorithms. - */ -static size_t -anchors_dnskey_unsupported(struct trust_anchor* ta) -{ - size_t i, num = 0; - for(i=0; inumDNSKEY; i++) { - if(!dnskey_algo_is_supported(ta->dnskey_rrset, i)) - num++; - } - return num; -} - -/** - * Assemble the rrsets in the anchors, ready for use by validator. - * @param anchors: trust anchor storage. - * @return: false on error. - */ -static int -anchors_assemble_rrsets(struct val_anchors* anchors) -{ - struct trust_anchor* ta; - struct trust_anchor* next; - size_t nods, nokey; - lock_basic_lock(&anchors->lock); - ta=(struct trust_anchor*)rbtree_first(anchors->tree); - while((rbnode_type*)ta != RBTREE_NULL) { - next = (struct trust_anchor*)rbtree_next(&ta->node); - lock_basic_lock(&ta->lock); - if(ta->autr || (ta->numDS == 0 && ta->numDNSKEY == 0)) { - lock_basic_unlock(&ta->lock); - ta = next; /* skip */ - continue; - } - if(!anchors_assemble(ta)) { - log_err("out of memory"); - lock_basic_unlock(&ta->lock); - lock_basic_unlock(&anchors->lock); - return 0; - } - nods = anchors_ds_unsupported(ta); - nokey = anchors_dnskey_unsupported(ta); - if(nods) { - log_nametypeclass(0, "warning: unsupported " - "algorithm for trust anchor", - ta->name, LDNS_RR_TYPE_DS, ta->dclass); - } - if(nokey) { - log_nametypeclass(0, "warning: unsupported " - "algorithm for trust anchor", - ta->name, LDNS_RR_TYPE_DNSKEY, ta->dclass); - } - if(nods == ta->numDS && nokey == ta->numDNSKEY) { - char b[257]; - dname_str(ta->name, b); - log_warn("trust anchor %s has no supported algorithms," - " the anchor is ignored (check if you need to" - " upgrade unbound and " -#ifdef HAVE_LIBRESSL - "libressl" -#else - "openssl" -#endif - ")", b); - (void)rbtree_delete(anchors->tree, &ta->node); - lock_basic_unlock(&ta->lock); - if(anchors->dlv_anchor == ta) - anchors->dlv_anchor = NULL; - anchors_delfunc(&ta->node, NULL); - ta = next; - continue; - } - lock_basic_unlock(&ta->lock); - ta = next; - } - lock_basic_unlock(&anchors->lock); - return 1; -} - -int -anchors_apply_cfg(struct val_anchors* anchors, struct config_file* cfg) -{ - struct config_strlist* f; - const char** zstr; - char* nm; - sldns_buffer* parsebuf = sldns_buffer_new(65535); - if(cfg->insecure_lan_zones) { - for(zstr = as112_zones; *zstr; zstr++) { - if(!anchor_insert_insecure(anchors, *zstr)) { - log_err("error in insecure-lan-zones: %s", *zstr); - sldns_buffer_free(parsebuf); - return 0; - } - } - } - for(f = cfg->domain_insecure; f; f = f->next) { - if(!f->str || f->str[0] == 0) /* empty "" */ - continue; - if(!anchor_insert_insecure(anchors, f->str)) { - log_err("error in domain-insecure: %s", f->str); - sldns_buffer_free(parsebuf); - return 0; - } - } - for(f = cfg->trust_anchor_file_list; f; f = f->next) { - if(!f->str || f->str[0] == 0) /* empty "" */ - continue; - nm = f->str; - if(cfg->chrootdir && cfg->chrootdir[0] && strncmp(nm, - cfg->chrootdir, strlen(cfg->chrootdir)) == 0) - nm += strlen(cfg->chrootdir); - if(!anchor_read_file(anchors, parsebuf, nm, 0)) { - log_err("error reading trust-anchor-file: %s", f->str); - sldns_buffer_free(parsebuf); - return 0; - } - } - for(f = cfg->trusted_keys_file_list; f; f = f->next) { - if(!f->str || f->str[0] == 0) /* empty "" */ - continue; - nm = f->str; - if(cfg->chrootdir && cfg->chrootdir[0] && strncmp(nm, - cfg->chrootdir, strlen(cfg->chrootdir)) == 0) - nm += strlen(cfg->chrootdir); - if(!anchor_read_bind_file_wild(anchors, parsebuf, nm)) { - log_err("error reading trusted-keys-file: %s", f->str); - sldns_buffer_free(parsebuf); - return 0; - } - } - for(f = cfg->trust_anchor_list; f; f = f->next) { - if(!f->str || f->str[0] == 0) /* empty "" */ - continue; - if(!anchor_store_str(anchors, parsebuf, f->str)) { - log_err("error in trust-anchor: \"%s\"", f->str); - sldns_buffer_free(parsebuf); - return 0; - } - } - if(cfg->dlv_anchor_file && cfg->dlv_anchor_file[0] != 0) { - struct trust_anchor* dlva; - nm = cfg->dlv_anchor_file; - if(cfg->chrootdir && cfg->chrootdir[0] && strncmp(nm, - cfg->chrootdir, strlen(cfg->chrootdir)) == 0) - nm += strlen(cfg->chrootdir); - if(!(dlva = anchor_read_file(anchors, parsebuf, - nm, 1))) { - log_err("error reading dlv-anchor-file: %s", - cfg->dlv_anchor_file); - sldns_buffer_free(parsebuf); - return 0; - } - lock_basic_lock(&anchors->lock); - anchors->dlv_anchor = dlva; - lock_basic_unlock(&anchors->lock); - } - for(f = cfg->dlv_anchor_list; f; f = f->next) { - struct trust_anchor* dlva; - if(!f->str || f->str[0] == 0) /* empty "" */ - continue; - if(!(dlva = anchor_store_str( - anchors, parsebuf, f->str))) { - log_err("error in dlv-anchor: \"%s\"", f->str); - sldns_buffer_free(parsebuf); - return 0; - } - lock_basic_lock(&anchors->lock); - anchors->dlv_anchor = dlva; - lock_basic_unlock(&anchors->lock); - } - /* do autr last, so that it sees what anchors are filled by other - * means can can print errors about double config for the name */ - for(f = cfg->auto_trust_anchor_file_list; f; f = f->next) { - if(!f->str || f->str[0] == 0) /* empty "" */ - continue; - nm = f->str; - if(cfg->chrootdir && cfg->chrootdir[0] && strncmp(nm, - cfg->chrootdir, strlen(cfg->chrootdir)) == 0) - nm += strlen(cfg->chrootdir); - if(!autr_read_file(anchors, nm)) { - log_err("error reading auto-trust-anchor-file: %s", - f->str); - sldns_buffer_free(parsebuf); - return 0; - } - } - /* first assemble, since it may delete useless anchors */ - anchors_assemble_rrsets(anchors); - init_parents(anchors); - sldns_buffer_free(parsebuf); - if(verbosity >= VERB_ALGO) autr_debug_print(anchors); - return 1; -} - -struct trust_anchor* -anchors_lookup(struct val_anchors* anchors, - uint8_t* qname, size_t qname_len, uint16_t qclass) -{ - struct trust_anchor key; - struct trust_anchor* result; - rbnode_type* res = NULL; - key.node.key = &key; - key.name = qname; - key.namelabs = dname_count_labels(qname); - key.namelen = qname_len; - key.dclass = qclass; - lock_basic_lock(&anchors->lock); - if(rbtree_find_less_equal(anchors->tree, &key, &res)) { - /* exact */ - result = (struct trust_anchor*)res; - } else { - /* smaller element (or no element) */ - int m; - result = (struct trust_anchor*)res; - if(!result || result->dclass != qclass) { - lock_basic_unlock(&anchors->lock); - return NULL; - } - /* count number of labels matched */ - (void)dname_lab_cmp(result->name, result->namelabs, key.name, - key.namelabs, &m); - while(result) { /* go up until qname is subdomain of stub */ - if(result->namelabs <= m) - break; - result = result->parent; - } - } - if(result) { - lock_basic_lock(&result->lock); - } - lock_basic_unlock(&anchors->lock); - return result; -} - -size_t -anchors_get_mem(struct val_anchors* anchors) -{ - struct trust_anchor *ta; - size_t s = sizeof(*anchors); - if(!anchors) - return 0; - RBTREE_FOR(ta, struct trust_anchor*, anchors->tree) { - s += sizeof(*ta) + ta->namelen; - /* keys and so on */ - } - return s; -} - -int -anchors_add_insecure(struct val_anchors* anchors, uint16_t c, uint8_t* nm) -{ - struct trust_anchor key; - key.node.key = &key; - key.name = nm; - key.namelabs = dname_count_size_labels(nm, &key.namelen); - key.dclass = c; - lock_basic_lock(&anchors->lock); - if(rbtree_search(anchors->tree, &key)) { - lock_basic_unlock(&anchors->lock); - /* nothing to do, already an anchor or insecure point */ - return 1; - } - if(!anchor_new_ta(anchors, nm, key.namelabs, key.namelen, c, 0)) { - log_err("out of memory"); - lock_basic_unlock(&anchors->lock); - return 0; - } - /* no other contents in new ta, because it is insecure point */ - anchors_init_parents_locked(anchors); - lock_basic_unlock(&anchors->lock); - return 1; -} - -void -anchors_delete_insecure(struct val_anchors* anchors, uint16_t c, - uint8_t* nm) -{ - struct trust_anchor key; - struct trust_anchor* ta; - key.node.key = &key; - key.name = nm; - key.namelabs = dname_count_size_labels(nm, &key.namelen); - key.dclass = c; - lock_basic_lock(&anchors->lock); - if(!(ta=(struct trust_anchor*)rbtree_search(anchors->tree, &key))) { - lock_basic_unlock(&anchors->lock); - /* nothing there */ - return; - } - /* lock it to drive away other threads that use it */ - lock_basic_lock(&ta->lock); - /* see if its really an insecure point */ - if(ta->keylist || ta->autr || ta->numDS || ta->numDNSKEY) { - lock_basic_unlock(&anchors->lock); - lock_basic_unlock(&ta->lock); - /* its not an insecure point, do not remove it */ - return; - } - - /* remove from tree */ - (void)rbtree_delete(anchors->tree, &ta->node); - anchors_init_parents_locked(anchors); - lock_basic_unlock(&anchors->lock); - - /* actual free of data */ - lock_basic_unlock(&ta->lock); - anchors_delfunc(&ta->node, NULL); -} - -/** compare two keytags, return -1, 0 or 1 */ -static int -keytag_compare(const void* x, const void* y) -{ - if(*(uint16_t*)x == *(uint16_t*)y) - return 0; - if(*(uint16_t*)x > *(uint16_t*)y) - return 1; - return -1; -} - -size_t -anchor_list_keytags(struct trust_anchor* ta, uint16_t* list, size_t num) -{ - size_t i, ret = 0; - if(ta->numDS == 0 && ta->numDNSKEY == 0) - return 0; /* insecure point */ - if(ta->numDS != 0 && ta->ds_rrset) { - struct packed_rrset_data* d=(struct packed_rrset_data*) - ta->ds_rrset->entry.data; - for(i=0; icount; i++) { - if(ret == num) continue; - list[ret++] = ds_get_keytag(ta->ds_rrset, i); - } - } - if(ta->numDNSKEY != 0 && ta->dnskey_rrset) { - struct packed_rrset_data* d=(struct packed_rrset_data*) - ta->dnskey_rrset->entry.data; - for(i=0; icount; i++) { - if(ret == num) continue; - list[ret++] = dnskey_calc_keytag(ta->dnskey_rrset, i); - } - } - qsort(list, ret, sizeof(*list), keytag_compare); - return ret; -} diff --git a/external/unbound/validator/val_anchor.h b/external/unbound/validator/val_anchor.h deleted file mode 100644 index 318a2b227..000000000 --- a/external/unbound/validator/val_anchor.h +++ /dev/null @@ -1,230 +0,0 @@ -/* - * validator/val_anchor.h - validator trust anchor storage. - * - * Copyright (c) 2007, NLnet Labs. All rights reserved. - * - * This software is open source. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * Redistributions of source code must retain the above copyright notice, - * this list of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, - * this list of conditions and the following disclaimer in the documentation - * and/or other materials provided with the distribution. - * - * Neither the name of the NLNET LABS nor the names of its contributors may - * be used to endorse or promote products derived from this software without - * specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR - * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT - * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED - * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR - * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF - * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING - * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -/** - * \file - * - * This file contains storage for the trust anchors for the validator. - */ - -#ifndef VALIDATOR_VAL_ANCHOR_H -#define VALIDATOR_VAL_ANCHOR_H -#include "util/rbtree.h" -#include "util/locks.h" -struct trust_anchor; -struct config_file; -struct ub_packed_rrset_key; -struct autr_point_data; -struct autr_global_data; -struct sldns_buffer; - -/** - * Trust anchor store. - * The tree must be locked, while no other locks (from trustanchors) are held. - * And then an anchor searched for. Which can be locked or deleted. Then - * the tree can be unlocked again. This means you have to release the lock - * on a trust anchor and look it up again to delete it. - */ -struct val_anchors { - /** lock on trees */ - lock_basic_type lock; - /** - * Anchors are store in this tree. Sort order is chosen, so that - * dnames are in nsec-like order. A lookup on class, name will return - * an exact match of the closest match, with the ancestor needed. - * contents of type trust_anchor. - */ - rbtree_type* tree; - /** The DLV trust anchor (if one is configured, else NULL) */ - struct trust_anchor* dlv_anchor; - /** Autotrust global data, anchors sorted by next probe time */ - struct autr_global_data* autr; -}; - -/** - * Trust anchor key - */ -struct ta_key { - /** next in list */ - struct ta_key* next; - /** rdata, in wireformat of the key RR. starts with rdlength. */ - uint8_t* data; - /** length of the rdata (including rdlength). */ - size_t len; - /** DNS type (host format) of the key, DS or DNSKEY */ - uint16_t type; -}; - -/** - * A trust anchor in the trust anchor store. - * Unique by name, class. - */ -struct trust_anchor { - /** rbtree node, key is this structure */ - rbnode_type node; - /** lock on the entire anchor and its keys; for autotrust changes */ - lock_basic_type lock; - /** name of this trust anchor */ - uint8_t* name; - /** length of name */ - size_t namelen; - /** number of labels in name of rrset */ - int namelabs; - /** the ancestor in the trustanchor tree */ - struct trust_anchor* parent; - /** - * List of DS or DNSKEY rrs that form the trust anchor. - */ - struct ta_key* keylist; - /** Autotrust anchor point data, or NULL */ - struct autr_point_data* autr; - /** number of DSs in the keylist */ - size_t numDS; - /** number of DNSKEYs in the keylist */ - size_t numDNSKEY; - /** the DS RRset */ - struct ub_packed_rrset_key* ds_rrset; - /** The DNSKEY RRset */ - struct ub_packed_rrset_key* dnskey_rrset; - /** class of the trust anchor */ - uint16_t dclass; -}; - -/** - * Create trust anchor storage - * @return new storage or NULL on error. - */ -struct val_anchors* anchors_create(void); - -/** - * Delete trust anchor storage. - * @param anchors: to delete. - */ -void anchors_delete(struct val_anchors* anchors); - -/** - * Process trust anchor config. - * @param anchors: struct anchor storage - * @param cfg: config options. - * @return 0 on error. - */ -int anchors_apply_cfg(struct val_anchors* anchors, struct config_file* cfg); - -/** - * Recalculate parent pointers. The caller must hold the lock on the - * anchors structure (say after removing an item from the rbtree). - * Caller must not hold any locks on trust anchors. - * After the call is complete the parent pointers are updated and an item - * just removed is no longer referenced in parent pointers. - * @param anchors: the structure to update. - */ -void anchors_init_parents_locked(struct val_anchors* anchors); - -/** - * Given a qname/qclass combination, find the trust anchor closest above it. - * Or return NULL if none exists. - * - * @param anchors: struct anchor storage - * @param qname: query name, uncompressed wireformat. - * @param qname_len: length of qname. - * @param qclass: class to query for. - * @return the trust anchor or NULL if none is found. The anchor is locked. - */ -struct trust_anchor* anchors_lookup(struct val_anchors* anchors, - uint8_t* qname, size_t qname_len, uint16_t qclass); - -/** - * Find a trust anchor. Exact matching. - * @param anchors: anchor storage. - * @param name: name of trust anchor (wireformat) - * @param namelabs: labels in name - * @param namelen: length of name - * @param dclass: class of trust anchor - * @return NULL if not found. The anchor is locked. - */ -struct trust_anchor* anchor_find(struct val_anchors* anchors, - uint8_t* name, int namelabs, size_t namelen, uint16_t dclass); - -/** - * Store one string as trust anchor RR. - * @param anchors: anchor storage. - * @param buffer: parsing buffer, to generate the RR wireformat in. - * @param str: string. - * @return NULL on error. - */ -struct trust_anchor* anchor_store_str(struct val_anchors* anchors, - struct sldns_buffer* buffer, const char* str); - -/** - * Get memory in use by the trust anchor storage - * @param anchors: anchor storage. - * @return memory in use in bytes. - */ -size_t anchors_get_mem(struct val_anchors* anchors); - -/** compare two trust anchors */ -int anchor_cmp(const void* k1, const void* k2); - -/** - * Add insecure point trust anchor. For external use (locks and init_parents) - * @param anchors: anchor storage. - * @param c: class. - * @param nm: name of insecure trust point. - * @return false on alloc failure. - */ -int anchors_add_insecure(struct val_anchors* anchors, uint16_t c, uint8_t* nm); - -/** - * Delete insecure point trust anchor. Does not remove if no such point. - * For external use (locks and init_parents) - * @param anchors: anchor storage. - * @param c: class. - * @param nm: name of insecure trust point. - */ -void anchors_delete_insecure(struct val_anchors* anchors, uint16_t c, - uint8_t* nm); - -/** - * Get a list of keytags for the trust anchor. Zero tags for insecure points. - * @param ta: trust anchor (locked by caller). - * @param list: array of uint16_t. - * @param num: length of array. - * @return number of keytags filled into array. If total number of keytags is - * bigger than the array, it is truncated at num. On errors, less keytags - * are filled in. The array is sorted. - */ -size_t anchor_list_keytags(struct trust_anchor* ta, uint16_t* list, size_t num); - -#endif /* VALIDATOR_VAL_ANCHOR_H */ diff --git a/external/unbound/validator/val_kcache.c b/external/unbound/validator/val_kcache.c deleted file mode 100644 index 22070cc6a..000000000 --- a/external/unbound/validator/val_kcache.c +++ /dev/null @@ -1,172 +0,0 @@ -/* - * validator/val_kcache.c - validator key shared cache with validated keys - * - * Copyright (c) 2007, NLnet Labs. All rights reserved. - * - * This software is open source. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * Redistributions of source code must retain the above copyright notice, - * this list of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, - * this list of conditions and the following disclaimer in the documentation - * and/or other materials provided with the distribution. - * - * Neither the name of the NLNET LABS nor the names of its contributors may - * be used to endorse or promote products derived from this software without - * specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR - * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT - * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED - * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR - * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF - * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING - * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -/** - * \file - * - * This file contains functions for dealing with the validator key cache. - */ -#include "config.h" -#include "validator/val_kcache.h" -#include "validator/val_kentry.h" -#include "util/log.h" -#include "util/config_file.h" -#include "util/data/dname.h" -#include "util/module.h" - -struct key_cache* -key_cache_create(struct config_file* cfg) -{ - struct key_cache* kcache = (struct key_cache*)calloc(1, - sizeof(*kcache)); - size_t numtables, start_size, maxmem; - if(!kcache) { - log_err("malloc failure"); - return NULL; - } - numtables = cfg->key_cache_slabs; - start_size = HASH_DEFAULT_STARTARRAY; - maxmem = cfg->key_cache_size; - kcache->slab = slabhash_create(numtables, start_size, maxmem, - &key_entry_sizefunc, &key_entry_compfunc, - &key_entry_delkeyfunc, &key_entry_deldatafunc, NULL); - if(!kcache->slab) { - log_err("malloc failure"); - free(kcache); - return NULL; - } - return kcache; -} - -void -key_cache_delete(struct key_cache* kcache) -{ - if(!kcache) - return; - slabhash_delete(kcache->slab); - free(kcache); -} - -void -key_cache_insert(struct key_cache* kcache, struct key_entry_key* kkey, - struct module_qstate* qstate) -{ - struct key_entry_key* k = key_entry_copy(kkey); - if(!k) - return; - if(key_entry_isbad(k) && qstate->errinf && - qstate->env->cfg->val_log_level >= 2) { - /* on malloc failure there is simply no reason string */ - key_entry_set_reason(k, errinf_to_str(qstate)); - } - key_entry_hash(k); - slabhash_insert(kcache->slab, k->entry.hash, &k->entry, - k->entry.data, NULL); -} - -/** - * Lookup exactly in the key cache. Returns pointer to locked entry. - * Caller must unlock it after use. - * @param kcache: the key cache. - * @param name: for what name to look; uncompressed wireformat - * @param namelen: length of the name. - * @param key_class: class of the key. - * @param wr: set true to get a writelock. - * @return key entry, locked, or NULL if not found. No TTL checking is - * performed. - */ -static struct key_entry_key* -key_cache_search(struct key_cache* kcache, uint8_t* name, size_t namelen, - uint16_t key_class, int wr) -{ - struct lruhash_entry* e; - struct key_entry_key lookfor; - lookfor.entry.key = &lookfor; - lookfor.name = name; - lookfor.namelen = namelen; - lookfor.key_class = key_class; - key_entry_hash(&lookfor); - e = slabhash_lookup(kcache->slab, lookfor.entry.hash, &lookfor, wr); - if(!e) - return NULL; - return (struct key_entry_key*)e->key; -} - -struct key_entry_key* -key_cache_obtain(struct key_cache* kcache, uint8_t* name, size_t namelen, - uint16_t key_class, struct regional* region, time_t now) -{ - /* keep looking until we find a nonexpired entry */ - while(1) { - struct key_entry_key* k = key_cache_search(kcache, name, - namelen, key_class, 0); - if(k) { - /* see if TTL is OK */ - struct key_entry_data* d = (struct key_entry_data*) - k->entry.data; - if(now <= d->ttl) { - /* copy and return it */ - struct key_entry_key* retkey = - key_entry_copy_toregion(k, region); - lock_rw_unlock(&k->entry.lock); - return retkey; - } - lock_rw_unlock(&k->entry.lock); - } - /* snip off first label to continue */ - if(dname_is_root(name)) - break; - dname_remove_label(&name, &namelen); - } - return NULL; -} - -size_t -key_cache_get_mem(struct key_cache* kcache) -{ - return sizeof(*kcache) + slabhash_get_mem(kcache->slab); -} - -void key_cache_remove(struct key_cache* kcache, - uint8_t* name, size_t namelen, uint16_t key_class) -{ - struct key_entry_key lookfor; - lookfor.entry.key = &lookfor; - lookfor.name = name; - lookfor.namelen = namelen; - lookfor.key_class = key_class; - key_entry_hash(&lookfor); - slabhash_remove(kcache->slab, lookfor.entry.hash, &lookfor); -} diff --git a/external/unbound/validator/val_kcache.h b/external/unbound/validator/val_kcache.h deleted file mode 100644 index 76c9dd094..000000000 --- a/external/unbound/validator/val_kcache.h +++ /dev/null @@ -1,118 +0,0 @@ -/* - * validator/val_kcache.h - validator key shared cache with validated keys - * - * Copyright (c) 2007, NLnet Labs. All rights reserved. - * - * This software is open source. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * Redistributions of source code must retain the above copyright notice, - * this list of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, - * this list of conditions and the following disclaimer in the documentation - * and/or other materials provided with the distribution. - * - * Neither the name of the NLNET LABS nor the names of its contributors may - * be used to endorse or promote products derived from this software without - * specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR - * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT - * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED - * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR - * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF - * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING - * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -/** - * \file - * - * This file contains functions for caching validated key entries. - */ - -#ifndef VALIDATOR_VAL_KCACHE_H -#define VALIDATOR_VAL_KCACHE_H -#include "util/storage/slabhash.h" -struct key_entry_key; -struct key_entry_data; -struct config_file; -struct regional; -struct module_qstate; - -/** - * Key cache - */ -struct key_cache { - /** uses slabhash for storage, type key_entry_key, key_entry_data */ - struct slabhash* slab; -}; - -/** - * Create the key cache - * @param cfg: config settings for the key cache. - * @return new key cache or NULL on malloc failure. - */ -struct key_cache* key_cache_create(struct config_file* cfg); - -/** - * Delete the key cache - * @param kcache: to delete - */ -void key_cache_delete(struct key_cache* kcache); - -/** - * Insert or update a key cache entry. Note that the insert may silently - * fail if there is not enough memory. - * - * @param kcache: the key cache. - * @param kkey: key entry key, assumed malloced in a region, is copied - * to perform update or insertion. Its data pointer is also copied. - * @param qstate: store errinf reason in case its bad. - */ -void key_cache_insert(struct key_cache* kcache, struct key_entry_key* kkey, - struct module_qstate* qstate); - -/** - * Remove an entry from the key cache. - * @param kcache: the key cache. - * @param name: for what name to look; uncompressed wireformat - * @param namelen: length of the name. - * @param key_class: class of the key. - */ -void key_cache_remove(struct key_cache* kcache, - uint8_t* name, size_t namelen, uint16_t key_class); - -/** - * Lookup key entry in the cache. Looks up the closest key entry above the - * given name. - * @param kcache: the key cache. - * @param name: for what name to look; uncompressed wireformat - * @param namelen: length of the name. - * @param key_class: class of the key. - * @param region: a copy of the key_entry is allocated in this region. - * @param now: current time. - * @return pointer to a newly allocated key_entry copy in the region, if - * a key entry could be found, and allocation succeeded and TTL was OK. - * Otherwise, NULL is returned. - */ -struct key_entry_key* key_cache_obtain(struct key_cache* kcache, - uint8_t* name, size_t namelen, uint16_t key_class, - struct regional* region, time_t now); - -/** - * Get memory in use by the key cache. - * @param kcache: the key cache. - * @return memory in use in bytes. - */ -size_t key_cache_get_mem(struct key_cache* kcache); - -#endif /* VALIDATOR_VAL_KCACHE_H */ diff --git a/external/unbound/validator/val_kentry.c b/external/unbound/validator/val_kentry.c deleted file mode 100644 index 93fe2145e..000000000 --- a/external/unbound/validator/val_kentry.c +++ /dev/null @@ -1,413 +0,0 @@ -/* - * validator/val_kentry.c - validator key entry definition. - * - * Copyright (c) 2007, NLnet Labs. All rights reserved. - * - * This software is open source. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * Redistributions of source code must retain the above copyright notice, - * this list of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, - * this list of conditions and the following disclaimer in the documentation - * and/or other materials provided with the distribution. - * - * Neither the name of the NLNET LABS nor the names of its contributors may - * be used to endorse or promote products derived from this software without - * specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR - * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT - * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED - * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR - * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF - * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING - * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -/** - * \file - * - * This file contains functions for dealing with validator key entries. - */ -#include "config.h" -#include "validator/val_kentry.h" -#include "util/data/packed_rrset.h" -#include "util/data/dname.h" -#include "util/storage/lookup3.h" -#include "util/regional.h" -#include "util/net_help.h" -#include "sldns/rrdef.h" -#include "sldns/keyraw.h" - -size_t -key_entry_sizefunc(void* key, void* data) -{ - struct key_entry_key* kk = (struct key_entry_key*)key; - struct key_entry_data* kd = (struct key_entry_data*)data; - size_t s = sizeof(*kk) + kk->namelen; - s += sizeof(*kd) + lock_get_mem(&kk->entry.lock); - if(kd->rrset_data) - s += packed_rrset_sizeof(kd->rrset_data); - if(kd->reason) - s += strlen(kd->reason)+1; - if(kd->algo) - s += strlen((char*)kd->algo)+1; - return s; -} - -int -key_entry_compfunc(void* k1, void* k2) -{ - struct key_entry_key* n1 = (struct key_entry_key*)k1; - struct key_entry_key* n2 = (struct key_entry_key*)k2; - if(n1->key_class != n2->key_class) { - if(n1->key_class < n2->key_class) - return -1; - return 1; - } - return query_dname_compare(n1->name, n2->name); -} - -void -key_entry_delkeyfunc(void* key, void* ATTR_UNUSED(userarg)) -{ - struct key_entry_key* kk = (struct key_entry_key*)key; - if(!key) - return; - lock_rw_destroy(&kk->entry.lock); - free(kk->name); - free(kk); -} - -void -key_entry_deldatafunc(void* data, void* ATTR_UNUSED(userarg)) -{ - struct key_entry_data* kd = (struct key_entry_data*)data; - free(kd->reason); - free(kd->rrset_data); - free(kd->algo); - free(kd); -} - -void -key_entry_hash(struct key_entry_key* kk) -{ - kk->entry.hash = 0x654; - kk->entry.hash = hashlittle(&kk->key_class, sizeof(kk->key_class), - kk->entry.hash); - kk->entry.hash = dname_query_hash(kk->name, kk->entry.hash); -} - -struct key_entry_key* -key_entry_copy_toregion(struct key_entry_key* kkey, struct regional* region) -{ - struct key_entry_key* newk; - newk = regional_alloc_init(region, kkey, sizeof(*kkey)); - if(!newk) - return NULL; - newk->name = regional_alloc_init(region, kkey->name, kkey->namelen); - if(!newk->name) - return NULL; - newk->entry.key = newk; - if(newk->entry.data) { - /* copy data element */ - struct key_entry_data *d = (struct key_entry_data*) - kkey->entry.data; - struct key_entry_data *newd; - newd = regional_alloc_init(region, d, sizeof(*d)); - if(!newd) - return NULL; - /* copy rrset */ - if(d->rrset_data) { - newd->rrset_data = regional_alloc_init(region, - d->rrset_data, - packed_rrset_sizeof(d->rrset_data)); - if(!newd->rrset_data) - return NULL; - packed_rrset_ptr_fixup(newd->rrset_data); - } - if(d->reason) { - newd->reason = regional_strdup(region, d->reason); - if(!newd->reason) - return NULL; - } - if(d->algo) { - newd->algo = (uint8_t*)regional_strdup(region, - (char*)d->algo); - if(!newd->algo) - return NULL; - } - newk->entry.data = newd; - } - return newk; -} - -struct key_entry_key* -key_entry_copy(struct key_entry_key* kkey) -{ - struct key_entry_key* newk; - if(!kkey) - return NULL; - newk = memdup(kkey, sizeof(*kkey)); - if(!newk) - return NULL; - newk->name = memdup(kkey->name, kkey->namelen); - if(!newk->name) { - free(newk); - return NULL; - } - lock_rw_init(&newk->entry.lock); - newk->entry.key = newk; - if(newk->entry.data) { - /* copy data element */ - struct key_entry_data *d = (struct key_entry_data*) - kkey->entry.data; - struct key_entry_data *newd; - newd = memdup(d, sizeof(*d)); - if(!newd) { - free(newk->name); - free(newk); - return NULL; - } - /* copy rrset */ - if(d->rrset_data) { - newd->rrset_data = memdup(d->rrset_data, - packed_rrset_sizeof(d->rrset_data)); - if(!newd->rrset_data) { - free(newd); - free(newk->name); - free(newk); - return NULL; - } - packed_rrset_ptr_fixup(newd->rrset_data); - } - if(d->reason) { - newd->reason = strdup(d->reason); - if(!newd->reason) { - free(newd->rrset_data); - free(newd); - free(newk->name); - free(newk); - return NULL; - } - } - if(d->algo) { - newd->algo = (uint8_t*)strdup((char*)d->algo); - if(!newd->algo) { - free(newd->rrset_data); - free(newd->reason); - free(newd); - free(newk->name); - free(newk); - return NULL; - } - } - newk->entry.data = newd; - } - return newk; -} - -int -key_entry_isnull(struct key_entry_key* kkey) -{ - struct key_entry_data* d = (struct key_entry_data*)kkey->entry.data; - return (!d->isbad && d->rrset_data == NULL); -} - -int -key_entry_isgood(struct key_entry_key* kkey) -{ - struct key_entry_data* d = (struct key_entry_data*)kkey->entry.data; - return (!d->isbad && d->rrset_data != NULL); -} - -int -key_entry_isbad(struct key_entry_key* kkey) -{ - struct key_entry_data* d = (struct key_entry_data*)kkey->entry.data; - return (int)(d->isbad); -} - -void -key_entry_set_reason(struct key_entry_key* kkey, char* reason) -{ - struct key_entry_data* d = (struct key_entry_data*)kkey->entry.data; - d->reason = reason; -} - -char* -key_entry_get_reason(struct key_entry_key* kkey) -{ - struct key_entry_data* d = (struct key_entry_data*)kkey->entry.data; - return d->reason; -} - -/** setup key entry in region */ -static int -key_entry_setup(struct regional* region, - uint8_t* name, size_t namelen, uint16_t dclass, - struct key_entry_key** k, struct key_entry_data** d) -{ - *k = regional_alloc(region, sizeof(**k)); - if(!*k) - return 0; - memset(*k, 0, sizeof(**k)); - (*k)->entry.key = *k; - (*k)->name = regional_alloc_init(region, name, namelen); - if(!(*k)->name) - return 0; - (*k)->namelen = namelen; - (*k)->key_class = dclass; - *d = regional_alloc(region, sizeof(**d)); - if(!*d) - return 0; - (*k)->entry.data = *d; - return 1; -} - -struct key_entry_key* -key_entry_create_null(struct regional* region, - uint8_t* name, size_t namelen, uint16_t dclass, time_t ttl, - time_t now) -{ - struct key_entry_key* k; - struct key_entry_data* d; - if(!key_entry_setup(region, name, namelen, dclass, &k, &d)) - return NULL; - d->ttl = now + ttl; - d->isbad = 0; - d->reason = NULL; - d->rrset_type = LDNS_RR_TYPE_DNSKEY; - d->rrset_data = NULL; - d->algo = NULL; - return k; -} - -struct key_entry_key* -key_entry_create_rrset(struct regional* region, - uint8_t* name, size_t namelen, uint16_t dclass, - struct ub_packed_rrset_key* rrset, uint8_t* sigalg, time_t now) -{ - struct key_entry_key* k; - struct key_entry_data* d; - struct packed_rrset_data* rd = (struct packed_rrset_data*) - rrset->entry.data; - if(!key_entry_setup(region, name, namelen, dclass, &k, &d)) - return NULL; - d->ttl = rd->ttl + now; - d->isbad = 0; - d->reason = NULL; - d->rrset_type = ntohs(rrset->rk.type); - d->rrset_data = (struct packed_rrset_data*)regional_alloc_init(region, - rd, packed_rrset_sizeof(rd)); - if(!d->rrset_data) - return NULL; - if(sigalg) { - d->algo = (uint8_t*)regional_strdup(region, (char*)sigalg); - if(!d->algo) - return NULL; - } else d->algo = NULL; - packed_rrset_ptr_fixup(d->rrset_data); - return k; -} - -struct key_entry_key* -key_entry_create_bad(struct regional* region, - uint8_t* name, size_t namelen, uint16_t dclass, time_t ttl, - time_t now) -{ - struct key_entry_key* k; - struct key_entry_data* d; - if(!key_entry_setup(region, name, namelen, dclass, &k, &d)) - return NULL; - d->ttl = now + ttl; - d->isbad = 1; - d->reason = NULL; - d->rrset_type = LDNS_RR_TYPE_DNSKEY; - d->rrset_data = NULL; - d->algo = NULL; - return k; -} - -struct ub_packed_rrset_key* -key_entry_get_rrset(struct key_entry_key* kkey, struct regional* region) -{ - struct key_entry_data* d = (struct key_entry_data*)kkey->entry.data; - struct ub_packed_rrset_key* rrk; - struct packed_rrset_data* rrd; - if(!d || !d->rrset_data) - return NULL; - rrk = regional_alloc(region, sizeof(*rrk)); - if(!rrk) - return NULL; - memset(rrk, 0, sizeof(*rrk)); - rrk->rk.dname = regional_alloc_init(region, kkey->name, kkey->namelen); - if(!rrk->rk.dname) - return NULL; - rrk->rk.dname_len = kkey->namelen; - rrk->rk.type = htons(d->rrset_type); - rrk->rk.rrset_class = htons(kkey->key_class); - rrk->entry.key = rrk; - rrd = regional_alloc_init(region, d->rrset_data, - packed_rrset_sizeof(d->rrset_data)); - if(!rrd) - return NULL; - rrk->entry.data = rrd; - packed_rrset_ptr_fixup(rrd); - return rrk; -} - -/** Get size of key in keyset */ -static size_t -dnskey_get_keysize(struct packed_rrset_data* data, size_t idx) -{ - unsigned char* pk; - unsigned int pklen = 0; - int algo; - if(data->rr_len[idx] < 2+5) - return 0; - algo = (int)data->rr_data[idx][2+3]; - pk = (unsigned char*)data->rr_data[idx]+2+4; - pklen = (unsigned)data->rr_len[idx]-2-4; - return sldns_rr_dnskey_key_size_raw(pk, pklen, algo); -} - -/** get dnskey flags from data */ -static uint16_t -kd_get_flags(struct packed_rrset_data* data, size_t idx) -{ - uint16_t f; - if(data->rr_len[idx] < 2+2) - return 0; - memmove(&f, data->rr_data[idx]+2, 2); - f = ntohs(f); - return f; -} - -size_t -key_entry_keysize(struct key_entry_key* kkey) -{ - struct packed_rrset_data* d; - /* compute size of smallest ZSK key in the rrset */ - size_t i; - size_t bits = 0; - if(!key_entry_isgood(kkey)) - return 0; - d = ((struct key_entry_data*)kkey->entry.data)->rrset_data; - for(i=0; icount; i++) { - if(!(kd_get_flags(d, i) & DNSKEY_BIT_ZSK)) - continue; - if(i==0 || dnskey_get_keysize(d, i) < bits) - bits = dnskey_get_keysize(d, i); - } - return bits; -} diff --git a/external/unbound/validator/val_kentry.h b/external/unbound/validator/val_kentry.h deleted file mode 100644 index ade65571a..000000000 --- a/external/unbound/validator/val_kentry.h +++ /dev/null @@ -1,220 +0,0 @@ -/* - * validator/val_kentry.h - validator key entry definition. - * - * Copyright (c) 2007, NLnet Labs. All rights reserved. - * - * This software is open source. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * Redistributions of source code must retain the above copyright notice, - * this list of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, - * this list of conditions and the following disclaimer in the documentation - * and/or other materials provided with the distribution. - * - * Neither the name of the NLNET LABS nor the names of its contributors may - * be used to endorse or promote products derived from this software without - * specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR - * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT - * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED - * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR - * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF - * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING - * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -/** - * \file - * - * This file contains functions for dealing with validator key entries. - */ - -#ifndef VALIDATOR_VAL_KENTRY_H -#define VALIDATOR_VAL_KENTRY_H -struct packed_rrset_data; -struct regional; -struct ub_packed_rrset_key; -#include "util/storage/lruhash.h" - -/** - * A key entry for the validator. - * This may or may not be a trusted key. - * This is what is stored in the key cache. - * This is the key part for the cache; the key entry key. - */ -struct key_entry_key { - /** lru hash entry */ - struct lruhash_entry entry; - /** name of the key */ - uint8_t* name; - /** length of name */ - size_t namelen; - /** class of the key, host byteorder */ - uint16_t key_class; -}; - -/** - * Key entry for the validator. - * Contains key status. - * This is the data part for the cache, the key entry data. - * - * Can be in three basic states: - * isbad=0: good key - * isbad=1: bad key - * isbad=0 && rrset=0: insecure space. - */ -struct key_entry_data { - /** the TTL of this entry (absolute time) */ - time_t ttl; - /** the key rrdata. can be NULL to signal keyless name. */ - struct packed_rrset_data* rrset_data; - /** not NULL sometimes to give reason why bogus */ - char* reason; - /** list of algorithms signalled, ends with 0, or NULL */ - uint8_t* algo; - /** DNS RR type of the rrset data (host order) */ - uint16_t rrset_type; - /** if the key is bad: Bogus or malformed */ - uint8_t isbad; -}; - -/** function for lruhash operation */ -size_t key_entry_sizefunc(void* key, void* data); - -/** function for lruhash operation */ -int key_entry_compfunc(void* k1, void* k2); - -/** function for lruhash operation */ -void key_entry_delkeyfunc(void* key, void* userarg); - -/** function for lruhash operation */ -void key_entry_deldatafunc(void* data, void* userarg); - -/** calculate hash for key entry - * @param kk: key entry. The lruhash entry.hash value is filled in. - */ -void key_entry_hash(struct key_entry_key* kk); - -/** - * Copy a key entry, to be region-allocated. - * @param kkey: the key entry key (and data pointer) to copy. - * @param region: where to allocate it - * @return newly region-allocated entry or NULL on a failure to allocate. - */ -struct key_entry_key* key_entry_copy_toregion(struct key_entry_key* kkey, - struct regional* region); - -/** - * Copy a key entry, malloced. - * @param kkey: the key entry key (and data pointer) to copy. - * @return newly allocated entry or NULL on a failure to allocate memory. - */ -struct key_entry_key* key_entry_copy(struct key_entry_key* kkey); - -/** - * See if this is a null entry. Does not do locking. - * @param kkey: must have data pointer set correctly - * @return true if it is a NULL rrset entry. - */ -int key_entry_isnull(struct key_entry_key* kkey); - -/** - * See if this entry is good. Does not do locking. - * @param kkey: must have data pointer set correctly - * @return true if it is good. - */ -int key_entry_isgood(struct key_entry_key* kkey); - -/** - * See if this entry is bad. Does not do locking. - * @param kkey: must have data pointer set correctly - * @return true if it is bad. - */ -int key_entry_isbad(struct key_entry_key* kkey); - -/** - * Set reason why a key is bad. - * @param kkey: bad key. - * @param reason: string to attach, you must allocate it. - * Not safe to call twice unless you deallocate it yourself. - */ -void key_entry_set_reason(struct key_entry_key* kkey, char* reason); - -/** - * Get reason why a key is bad. - * @param kkey: bad key - * @return pointer to string. - * String is part of key entry and is deleted with it. - */ -char* key_entry_get_reason(struct key_entry_key* kkey); - -/** - * Create a null entry, in the given region. - * @param region: where to allocate - * @param name: the key name - * @param namelen: length of name - * @param dclass: class of key entry. (host order); - * @param ttl: what ttl should the key have. relative. - * @param now: current time (added to ttl). - * @return new key entry or NULL on alloc failure - */ -struct key_entry_key* key_entry_create_null(struct regional* region, - uint8_t* name, size_t namelen, uint16_t dclass, time_t ttl, - time_t now); - -/** - * Create a key entry from an rrset, in the given region. - * @param region: where to allocate. - * @param name: the key name - * @param namelen: length of name - * @param dclass: class of key entry. (host order); - * @param rrset: data for key entry. This is copied to the region. - * @param sigalg: signalled algorithm list (or NULL). - * @param now: current time (added to ttl of rrset) - * @return new key entry or NULL on alloc failure - */ -struct key_entry_key* key_entry_create_rrset(struct regional* region, - uint8_t* name, size_t namelen, uint16_t dclass, - struct ub_packed_rrset_key* rrset, uint8_t* sigalg, time_t now); - -/** - * Create a bad entry, in the given region. - * @param region: where to allocate - * @param name: the key name - * @param namelen: length of name - * @param dclass: class of key entry. (host order); - * @param ttl: what ttl should the key have. relative. - * @param now: current time (added to ttl). - * @return new key entry or NULL on alloc failure - */ -struct key_entry_key* key_entry_create_bad(struct regional* region, - uint8_t* name, size_t namelen, uint16_t dclass, time_t ttl, - time_t now); - -/** - * Obtain rrset from a key entry, allocated in region. - * @param kkey: key entry to convert to a rrset. - * @param region: where to allocate rrset - * @return rrset copy; if no rrset or alloc error returns NULL. - */ -struct ub_packed_rrset_key* key_entry_get_rrset(struct key_entry_key* kkey, - struct regional* region); - -/** - * Get keysize of the keyentry. - * @param kkey: key, must be a good key, with contents. - * @return size in bits of the key. - */ -size_t key_entry_keysize(struct key_entry_key* kkey); - -#endif /* VALIDATOR_VAL_KENTRY_H */ diff --git a/external/unbound/validator/val_neg.c b/external/unbound/validator/val_neg.c deleted file mode 100644 index fe57ac2c4..000000000 --- a/external/unbound/validator/val_neg.c +++ /dev/null @@ -1,1470 +0,0 @@ -/* - * validator/val_neg.c - validator aggressive negative caching functions. - * - * Copyright (c) 2008, NLnet Labs. All rights reserved. - * - * This software is open source. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * Redistributions of source code must retain the above copyright notice, - * this list of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, - * this list of conditions and the following disclaimer in the documentation - * and/or other materials provided with the distribution. - * - * Neither the name of the NLNET LABS nor the names of its contributors may - * be used to endorse or promote products derived from this software without - * specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR - * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT - * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED - * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR - * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF - * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING - * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -/** - * \file - * - * This file contains helper functions for the validator module. - * The functions help with aggressive negative caching. - * This creates new denials of existence, and proofs for absence of types - * from cached NSEC records. - */ -#include "config.h" -#ifdef HAVE_OPENSSL_SSL_H -#include "openssl/ssl.h" -#define NSEC3_SHA_LEN SHA_DIGEST_LENGTH -#else -#define NSEC3_SHA_LEN 20 -#endif -#include "validator/val_neg.h" -#include "validator/val_nsec.h" -#include "validator/val_nsec3.h" -#include "validator/val_utils.h" -#include "util/data/dname.h" -#include "util/data/msgreply.h" -#include "util/log.h" -#include "util/net_help.h" -#include "util/config_file.h" -#include "services/cache/rrset.h" -#include "services/cache/dns.h" -#include "sldns/rrdef.h" -#include "sldns/sbuffer.h" - -int val_neg_data_compare(const void* a, const void* b) -{ - struct val_neg_data* x = (struct val_neg_data*)a; - struct val_neg_data* y = (struct val_neg_data*)b; - int m; - return dname_canon_lab_cmp(x->name, x->labs, y->name, y->labs, &m); -} - -int val_neg_zone_compare(const void* a, const void* b) -{ - struct val_neg_zone* x = (struct val_neg_zone*)a; - struct val_neg_zone* y = (struct val_neg_zone*)b; - int m; - if(x->dclass != y->dclass) { - if(x->dclass < y->dclass) - return -1; - return 1; - } - return dname_canon_lab_cmp(x->name, x->labs, y->name, y->labs, &m); -} - -struct val_neg_cache* val_neg_create(struct config_file* cfg, size_t maxiter) -{ - struct val_neg_cache* neg = (struct val_neg_cache*)calloc(1, - sizeof(*neg)); - if(!neg) { - log_err("Could not create neg cache: out of memory"); - return NULL; - } - neg->nsec3_max_iter = maxiter; - neg->max = 1024*1024; /* 1 M is thousands of entries */ - if(cfg) neg->max = cfg->neg_cache_size; - rbtree_init(&neg->tree, &val_neg_zone_compare); - lock_basic_init(&neg->lock); - lock_protect(&neg->lock, neg, sizeof(*neg)); - return neg; -} - -size_t val_neg_get_mem(struct val_neg_cache* neg) -{ - size_t result; - lock_basic_lock(&neg->lock); - result = sizeof(*neg) + neg->use; - lock_basic_unlock(&neg->lock); - return result; -} - -/** clear datas on cache deletion */ -static void -neg_clear_datas(rbnode_type* n, void* ATTR_UNUSED(arg)) -{ - struct val_neg_data* d = (struct val_neg_data*)n; - free(d->name); - free(d); -} - -/** clear zones on cache deletion */ -static void -neg_clear_zones(rbnode_type* n, void* ATTR_UNUSED(arg)) -{ - struct val_neg_zone* z = (struct val_neg_zone*)n; - /* delete all the rrset entries in the tree */ - traverse_postorder(&z->tree, &neg_clear_datas, NULL); - free(z->nsec3_salt); - free(z->name); - free(z); -} - -void neg_cache_delete(struct val_neg_cache* neg) -{ - if(!neg) return; - lock_basic_destroy(&neg->lock); - /* delete all the zones in the tree */ - traverse_postorder(&neg->tree, &neg_clear_zones, NULL); - free(neg); -} - -/** - * Put data element at the front of the LRU list. - * @param neg: negative cache with LRU start and end. - * @param data: this data is fronted. - */ -static void neg_lru_front(struct val_neg_cache* neg, - struct val_neg_data* data) -{ - data->prev = NULL; - data->next = neg->first; - if(!neg->first) - neg->last = data; - else neg->first->prev = data; - neg->first = data; -} - -/** - * Remove data element from LRU list. - * @param neg: negative cache with LRU start and end. - * @param data: this data is removed from the list. - */ -static void neg_lru_remove(struct val_neg_cache* neg, - struct val_neg_data* data) -{ - if(data->prev) - data->prev->next = data->next; - else neg->first = data->next; - if(data->next) - data->next->prev = data->prev; - else neg->last = data->prev; -} - -/** - * Touch LRU for data element, put it at the start of the LRU list. - * @param neg: negative cache with LRU start and end. - * @param data: this data is used. - */ -static void neg_lru_touch(struct val_neg_cache* neg, - struct val_neg_data* data) -{ - if(data == neg->first) - return; /* nothing to do */ - /* remove from current lru position */ - neg_lru_remove(neg, data); - /* add at front */ - neg_lru_front(neg, data); -} - -/** - * Delete a zone element from the negative cache. - * May delete other zone elements to keep tree coherent, or - * only mark the element as 'not in use'. - * @param neg: negative cache. - * @param z: zone element to delete. - */ -static void neg_delete_zone(struct val_neg_cache* neg, struct val_neg_zone* z) -{ - struct val_neg_zone* p, *np; - if(!z) return; - log_assert(z->in_use); - log_assert(z->count > 0); - z->in_use = 0; - - /* go up the tree and reduce counts */ - p = z; - while(p) { - log_assert(p->count > 0); - p->count --; - p = p->parent; - } - - /* remove zones with zero count */ - p = z; - while(p && p->count == 0) { - np = p->parent; - (void)rbtree_delete(&neg->tree, &p->node); - neg->use -= p->len + sizeof(*p); - free(p->nsec3_salt); - free(p->name); - free(p); - p = np; - } -} - -void neg_delete_data(struct val_neg_cache* neg, struct val_neg_data* el) -{ - struct val_neg_zone* z; - struct val_neg_data* p, *np; - if(!el) return; - z = el->zone; - log_assert(el->in_use); - log_assert(el->count > 0); - el->in_use = 0; - - /* remove it from the lru list */ - neg_lru_remove(neg, el); - - /* go up the tree and reduce counts */ - p = el; - while(p) { - log_assert(p->count > 0); - p->count --; - p = p->parent; - } - - /* delete 0 count items from tree */ - p = el; - while(p && p->count == 0) { - np = p->parent; - (void)rbtree_delete(&z->tree, &p->node); - neg->use -= p->len + sizeof(*p); - free(p->name); - free(p); - p = np; - } - - /* check if the zone is now unused */ - if(z->tree.count == 0) { - neg_delete_zone(neg, z); - } -} - -/** - * Create more space in negative cache - * The oldest elements are deleted until enough space is present. - * Empty zones are deleted. - * @param neg: negative cache. - * @param need: how many bytes are needed. - */ -static void neg_make_space(struct val_neg_cache* neg, size_t need) -{ - /* delete elements until enough space or its empty */ - while(neg->last && neg->max < neg->use + need) { - neg_delete_data(neg, neg->last); - } -} - -struct val_neg_zone* neg_find_zone(struct val_neg_cache* neg, - uint8_t* nm, size_t len, uint16_t dclass) -{ - struct val_neg_zone lookfor; - struct val_neg_zone* result; - lookfor.node.key = &lookfor; - lookfor.name = nm; - lookfor.len = len; - lookfor.labs = dname_count_labels(lookfor.name); - lookfor.dclass = dclass; - - result = (struct val_neg_zone*) - rbtree_search(&neg->tree, lookfor.node.key); - return result; -} - -/** - * Find the given data - * @param zone: negative zone - * @param nm: what to look for. - * @param len: length of nm - * @param labs: labels in nm - * @return data or NULL if not found. - */ -static struct val_neg_data* neg_find_data(struct val_neg_zone* zone, - uint8_t* nm, size_t len, int labs) -{ - struct val_neg_data lookfor; - struct val_neg_data* result; - lookfor.node.key = &lookfor; - lookfor.name = nm; - lookfor.len = len; - lookfor.labs = labs; - - result = (struct val_neg_data*) - rbtree_search(&zone->tree, lookfor.node.key); - return result; -} - -/** - * Calculate space needed for the data and all its parents - * @param rep: NSEC entries. - * @return size. - */ -static size_t calc_data_need(struct reply_info* rep) -{ - uint8_t* d; - size_t i, len, res = 0; - - for(i=rep->an_numrrsets; ian_numrrsets+rep->ns_numrrsets; i++) { - if(ntohs(rep->rrsets[i]->rk.type) == LDNS_RR_TYPE_NSEC) { - d = rep->rrsets[i]->rk.dname; - len = rep->rrsets[i]->rk.dname_len; - res = sizeof(struct val_neg_data) + len; - while(!dname_is_root(d)) { - log_assert(len > 1); /* not root label */ - dname_remove_label(&d, &len); - res += sizeof(struct val_neg_data) + len; - } - } - } - return res; -} - -/** - * Calculate space needed for zone and all its parents - * @param d: name of zone - * @param len: length of name - * @return size. - */ -static size_t calc_zone_need(uint8_t* d, size_t len) -{ - size_t res = sizeof(struct val_neg_zone) + len; - while(!dname_is_root(d)) { - log_assert(len > 1); /* not root label */ - dname_remove_label(&d, &len); - res += sizeof(struct val_neg_zone) + len; - } - return res; -} - -/** - * Find closest existing parent zone of the given name. - * @param neg: negative cache. - * @param nm: name to look for - * @param nm_len: length of nm - * @param labs: labelcount of nm. - * @param qclass: class. - * @return the zone or NULL if none found. - */ -static struct val_neg_zone* neg_closest_zone_parent(struct val_neg_cache* neg, - uint8_t* nm, size_t nm_len, int labs, uint16_t qclass) -{ - struct val_neg_zone key; - struct val_neg_zone* result; - rbnode_type* res = NULL; - key.node.key = &key; - key.name = nm; - key.len = nm_len; - key.labs = labs; - key.dclass = qclass; - if(rbtree_find_less_equal(&neg->tree, &key, &res)) { - /* exact match */ - result = (struct val_neg_zone*)res; - } else { - /* smaller element (or no element) */ - int m; - result = (struct val_neg_zone*)res; - if(!result || result->dclass != qclass) - return NULL; - /* count number of labels matched */ - (void)dname_lab_cmp(result->name, result->labs, key.name, - key.labs, &m); - while(result) { /* go up until qname is subdomain of stub */ - if(result->labs <= m) - break; - result = result->parent; - } - } - return result; -} - -/** - * Find closest existing parent data for the given name. - * @param zone: to look in. - * @param nm: name to look for - * @param nm_len: length of nm - * @param labs: labelcount of nm. - * @return the data or NULL if none found. - */ -static struct val_neg_data* neg_closest_data_parent( - struct val_neg_zone* zone, uint8_t* nm, size_t nm_len, int labs) -{ - struct val_neg_data key; - struct val_neg_data* result; - rbnode_type* res = NULL; - key.node.key = &key; - key.name = nm; - key.len = nm_len; - key.labs = labs; - if(rbtree_find_less_equal(&zone->tree, &key, &res)) { - /* exact match */ - result = (struct val_neg_data*)res; - } else { - /* smaller element (or no element) */ - int m; - result = (struct val_neg_data*)res; - if(!result) - return NULL; - /* count number of labels matched */ - (void)dname_lab_cmp(result->name, result->labs, key.name, - key.labs, &m); - while(result) { /* go up until qname is subdomain of stub */ - if(result->labs <= m) - break; - result = result->parent; - } - } - return result; -} - -/** - * Create a single zone node - * @param nm: name for zone (copied) - * @param nm_len: length of name - * @param labs: labels in name. - * @param dclass: class of zone, host order. - * @return new zone or NULL on failure - */ -static struct val_neg_zone* neg_setup_zone_node( - uint8_t* nm, size_t nm_len, int labs, uint16_t dclass) -{ - struct val_neg_zone* zone = - (struct val_neg_zone*)calloc(1, sizeof(*zone)); - if(!zone) { - return NULL; - } - zone->node.key = zone; - zone->name = memdup(nm, nm_len); - if(!zone->name) { - free(zone); - return NULL; - } - zone->len = nm_len; - zone->labs = labs; - zone->dclass = dclass; - - rbtree_init(&zone->tree, &val_neg_data_compare); - return zone; -} - -/** - * Create a linked list of parent zones, starting at longname ending on - * the parent (can be NULL, creates to the root). - * @param nm: name for lowest in chain - * @param nm_len: length of name - * @param labs: labels in name. - * @param dclass: class of zone. - * @param parent: NULL for to root, else so it fits under here. - * @return zone; a chain of zones and their parents up to the parent. - * or NULL on malloc failure - */ -static struct val_neg_zone* neg_zone_chain( - uint8_t* nm, size_t nm_len, int labs, uint16_t dclass, - struct val_neg_zone* parent) -{ - int i; - int tolabs = parent?parent->labs:0; - struct val_neg_zone* zone, *prev = NULL, *first = NULL; - - /* create the new subtree, i is labelcount of current creation */ - /* this creates a 'first' to z->parent=NULL list of zones */ - for(i=labs; i!=tolabs; i--) { - /* create new item */ - zone = neg_setup_zone_node(nm, nm_len, i, dclass); - if(!zone) { - /* need to delete other allocations in this routine!*/ - struct val_neg_zone* p=first, *np; - while(p) { - np = p->parent; - free(p->name); - free(p); - p = np; - } - return NULL; - } - if(i == labs) { - first = zone; - } else { - prev->parent = zone; - } - /* prepare for next name */ - prev = zone; - dname_remove_label(&nm, &nm_len); - } - return first; -} - -void val_neg_zone_take_inuse(struct val_neg_zone* zone) -{ - if(!zone->in_use) { - struct val_neg_zone* p; - zone->in_use = 1; - /* increase usage count of all parents */ - for(p=zone; p; p = p->parent) { - p->count++; - } - } -} - -struct val_neg_zone* neg_create_zone(struct val_neg_cache* neg, - uint8_t* nm, size_t nm_len, uint16_t dclass) -{ - struct val_neg_zone* zone; - struct val_neg_zone* parent; - struct val_neg_zone* p, *np; - int labs = dname_count_labels(nm); - - /* find closest enclosing parent zone that (still) exists */ - parent = neg_closest_zone_parent(neg, nm, nm_len, labs, dclass); - if(parent && query_dname_compare(parent->name, nm) == 0) - return parent; /* already exists, weird */ - /* if parent exists, it is in use */ - log_assert(!parent || parent->count > 0); - zone = neg_zone_chain(nm, nm_len, labs, dclass, parent); - if(!zone) { - return NULL; - } - - /* insert the list of zones into the tree */ - p = zone; - while(p) { - np = p->parent; - /* mem use */ - neg->use += sizeof(struct val_neg_zone) + p->len; - /* insert in tree */ - (void)rbtree_insert(&neg->tree, &p->node); - /* last one needs proper parent pointer */ - if(np == NULL) - p->parent = parent; - p = np; - } - return zone; -} - -/** find zone name of message, returns the SOA record */ -static struct ub_packed_rrset_key* reply_find_soa(struct reply_info* rep) -{ - size_t i; - for(i=rep->an_numrrsets; i< rep->an_numrrsets+rep->ns_numrrsets; i++){ - if(ntohs(rep->rrsets[i]->rk.type) == LDNS_RR_TYPE_SOA) - return rep->rrsets[i]; - } - return NULL; -} - -/** see if the reply has NSEC records worthy of caching */ -static int reply_has_nsec(struct reply_info* rep) -{ - size_t i; - struct packed_rrset_data* d; - if(rep->security != sec_status_secure) - return 0; - for(i=rep->an_numrrsets; i< rep->an_numrrsets+rep->ns_numrrsets; i++){ - if(ntohs(rep->rrsets[i]->rk.type) == LDNS_RR_TYPE_NSEC) { - d = (struct packed_rrset_data*)rep->rrsets[i]-> - entry.data; - if(d->security == sec_status_secure) - return 1; - } - } - return 0; -} - - -/** - * Create single node of data element. - * @param nm: name (copied) - * @param nm_len: length of name - * @param labs: labels in name. - * @return element with name nm, or NULL malloc failure. - */ -static struct val_neg_data* neg_setup_data_node( - uint8_t* nm, size_t nm_len, int labs) -{ - struct val_neg_data* el; - el = (struct val_neg_data*)calloc(1, sizeof(*el)); - if(!el) { - return NULL; - } - el->node.key = el; - el->name = memdup(nm, nm_len); - if(!el->name) { - free(el); - return NULL; - } - el->len = nm_len; - el->labs = labs; - return el; -} - -/** - * Create chain of data element and parents - * @param nm: name - * @param nm_len: length of name - * @param labs: labels in name. - * @param parent: up to where to make, if NULL up to root label. - * @return lowest element with name nm, or NULL malloc failure. - */ -static struct val_neg_data* neg_data_chain( - uint8_t* nm, size_t nm_len, int labs, struct val_neg_data* parent) -{ - int i; - int tolabs = parent?parent->labs:0; - struct val_neg_data* el, *first = NULL, *prev = NULL; - - /* create the new subtree, i is labelcount of current creation */ - /* this creates a 'first' to z->parent=NULL list of zones */ - for(i=labs; i!=tolabs; i--) { - /* create new item */ - el = neg_setup_data_node(nm, nm_len, i); - if(!el) { - /* need to delete other allocations in this routine!*/ - struct val_neg_data* p = first, *np; - while(p) { - np = p->parent; - free(p->name); - free(p); - p = np; - } - return NULL; - } - if(i == labs) { - first = el; - } else { - prev->parent = el; - } - - /* prepare for next name */ - prev = el; - dname_remove_label(&nm, &nm_len); - } - return first; -} - -/** - * Remove NSEC records between start and end points. - * By walking the tree, the tree is sorted canonically. - * @param neg: negative cache. - * @param zone: the zone - * @param el: element to start walking at. - * @param nsec: the nsec record with the end point - */ -static void wipeout(struct val_neg_cache* neg, struct val_neg_zone* zone, - struct val_neg_data* el, struct ub_packed_rrset_key* nsec) -{ - struct packed_rrset_data* d = (struct packed_rrset_data*)nsec-> - entry.data; - uint8_t* end; - size_t end_len; - int end_labs, m; - rbnode_type* walk, *next; - struct val_neg_data* cur; - uint8_t buf[257]; - /* get endpoint */ - if(!d || d->count == 0 || d->rr_len[0] < 2+1) - return; - if(ntohs(nsec->rk.type) == LDNS_RR_TYPE_NSEC) { - end = d->rr_data[0]+2; - end_len = dname_valid(end, d->rr_len[0]-2); - end_labs = dname_count_labels(end); - } else { - /* NSEC3 */ - if(!nsec3_get_nextowner_b32(nsec, 0, buf, sizeof(buf))) - return; - end = buf; - end_labs = dname_count_size_labels(end, &end_len); - } - - /* sanity check, both owner and end must be below the zone apex */ - if(!dname_subdomain_c(el->name, zone->name) || - !dname_subdomain_c(end, zone->name)) - return; - - /* detect end of zone NSEC ; wipe until the end of zone */ - if(query_dname_compare(end, zone->name) == 0) { - end = NULL; - } - - walk = rbtree_next(&el->node); - while(walk && walk != RBTREE_NULL) { - cur = (struct val_neg_data*)walk; - /* sanity check: must be larger than start */ - if(dname_canon_lab_cmp(cur->name, cur->labs, - el->name, el->labs, &m) <= 0) { - /* r == 0 skip original record. */ - /* r < 0 too small! */ - walk = rbtree_next(walk); - continue; - } - /* stop at endpoint, also data at empty nonterminals must be - * removed (no NSECs there) so everything between - * start and end */ - if(end && dname_canon_lab_cmp(cur->name, cur->labs, - end, end_labs, &m) >= 0) { - break; - } - /* this element has to be deleted, but we cannot do it - * now, because we are walking the tree still ... */ - /* get the next element: */ - next = rbtree_next(walk); - /* now delete the original element, this may trigger - * rbtree rebalances, but really, the next element is - * the one we need. - * But it may trigger delete of other data and the - * entire zone. However, if that happens, this is done - * by deleting the *parents* of the element for deletion, - * and maybe also the entire zone if it is empty. - * But parents are smaller in canonical compare, thus, - * if a larger element exists, then it is not a parent, - * it cannot get deleted, the zone cannot get empty. - * If the next==NULL, then zone can be empty. */ - if(cur->in_use) - neg_delete_data(neg, cur); - walk = next; - } -} - -void neg_insert_data(struct val_neg_cache* neg, - struct val_neg_zone* zone, struct ub_packed_rrset_key* nsec) -{ - struct packed_rrset_data* d; - struct val_neg_data* parent; - struct val_neg_data* el; - uint8_t* nm = nsec->rk.dname; - size_t nm_len = nsec->rk.dname_len; - int labs = dname_count_labels(nsec->rk.dname); - - d = (struct packed_rrset_data*)nsec->entry.data; - if( !(d->security == sec_status_secure || - (d->security == sec_status_unchecked && d->rrsig_count > 0))) - return; - log_nametypeclass(VERB_ALGO, "negcache rr", - nsec->rk.dname, ntohs(nsec->rk.type), - ntohs(nsec->rk.rrset_class)); - - /* find closest enclosing parent data that (still) exists */ - parent = neg_closest_data_parent(zone, nm, nm_len, labs); - if(parent && query_dname_compare(parent->name, nm) == 0) { - /* perfect match already exists */ - log_assert(parent->count > 0); - el = parent; - } else { - struct val_neg_data* p, *np; - - /* create subtree for perfect match */ - /* if parent exists, it is in use */ - log_assert(!parent || parent->count > 0); - - el = neg_data_chain(nm, nm_len, labs, parent); - if(!el) { - log_err("out of memory inserting NSEC negative cache"); - return; - } - el->in_use = 0; /* set on below */ - - /* insert the list of zones into the tree */ - p = el; - while(p) { - np = p->parent; - /* mem use */ - neg->use += sizeof(struct val_neg_data) + p->len; - /* insert in tree */ - p->zone = zone; - (void)rbtree_insert(&zone->tree, &p->node); - /* last one needs proper parent pointer */ - if(np == NULL) - p->parent = parent; - p = np; - } - } - - if(!el->in_use) { - struct val_neg_data* p; - - el->in_use = 1; - /* increase usage count of all parents */ - for(p=el; p; p = p->parent) { - p->count++; - } - - neg_lru_front(neg, el); - } else { - /* in use, bring to front, lru */ - neg_lru_touch(neg, el); - } - - /* if nsec3 store last used parameters */ - if(ntohs(nsec->rk.type) == LDNS_RR_TYPE_NSEC3) { - int h; - uint8_t* s; - size_t slen, it; - if(nsec3_get_params(nsec, 0, &h, &it, &s, &slen) && - it <= neg->nsec3_max_iter && - (h != zone->nsec3_hash || it != zone->nsec3_iter || - slen != zone->nsec3_saltlen || - memcmp(zone->nsec3_salt, s, slen) != 0)) { - - if(slen > 0) { - uint8_t* sa = memdup(s, slen); - if(sa) { - free(zone->nsec3_salt); - zone->nsec3_salt = sa; - zone->nsec3_saltlen = slen; - zone->nsec3_iter = it; - zone->nsec3_hash = h; - } - } else { - free(zone->nsec3_salt); - zone->nsec3_salt = NULL; - zone->nsec3_saltlen = 0; - zone->nsec3_iter = it; - zone->nsec3_hash = h; - } - } - } - - /* wipe out the cache items between NSEC start and end */ - wipeout(neg, zone, el, nsec); -} - -void val_neg_addreply(struct val_neg_cache* neg, struct reply_info* rep) -{ - size_t i, need; - struct ub_packed_rrset_key* soa; - struct val_neg_zone* zone; - /* see if secure nsecs inside */ - if(!reply_has_nsec(rep)) - return; - /* find the zone name in message */ - soa = reply_find_soa(rep); - if(!soa) - return; - - log_nametypeclass(VERB_ALGO, "negcache insert for zone", - soa->rk.dname, LDNS_RR_TYPE_SOA, ntohs(soa->rk.rrset_class)); - - /* ask for enough space to store all of it */ - need = calc_data_need(rep) + - calc_zone_need(soa->rk.dname, soa->rk.dname_len); - lock_basic_lock(&neg->lock); - neg_make_space(neg, need); - - /* find or create the zone entry */ - zone = neg_find_zone(neg, soa->rk.dname, soa->rk.dname_len, - ntohs(soa->rk.rrset_class)); - if(!zone) { - if(!(zone = neg_create_zone(neg, soa->rk.dname, - soa->rk.dname_len, ntohs(soa->rk.rrset_class)))) { - lock_basic_unlock(&neg->lock); - log_err("out of memory adding negative zone"); - return; - } - } - val_neg_zone_take_inuse(zone); - - /* insert the NSECs */ - for(i=rep->an_numrrsets; i< rep->an_numrrsets+rep->ns_numrrsets; i++){ - if(ntohs(rep->rrsets[i]->rk.type) != LDNS_RR_TYPE_NSEC) - continue; - if(!dname_subdomain_c(rep->rrsets[i]->rk.dname, - zone->name)) continue; - /* insert NSEC into this zone's tree */ - neg_insert_data(neg, zone, rep->rrsets[i]); - } - if(zone->tree.count == 0) { - /* remove empty zone if inserts failed */ - neg_delete_zone(neg, zone); - } - lock_basic_unlock(&neg->lock); -} - -/** - * Lookup closest data record. For NSEC denial. - * @param zone: zone to look in - * @param qname: name to look for. - * @param len: length of name - * @param labs: labels in name - * @param data: data element, exact or smaller or NULL - * @return true if exact match. - */ -static int neg_closest_data(struct val_neg_zone* zone, - uint8_t* qname, size_t len, int labs, struct val_neg_data** data) -{ - struct val_neg_data key; - rbnode_type* r; - key.node.key = &key; - key.name = qname; - key.len = len; - key.labs = labs; - if(rbtree_find_less_equal(&zone->tree, &key, &r)) { - /* exact match */ - *data = (struct val_neg_data*)r; - return 1; - } else { - /* smaller match */ - *data = (struct val_neg_data*)r; - return 0; - } -} - -int val_neg_dlvlookup(struct val_neg_cache* neg, uint8_t* qname, size_t len, - uint16_t qclass, struct rrset_cache* rrset_cache, time_t now) -{ - /* lookup closest zone */ - struct val_neg_zone* zone; - struct val_neg_data* data; - int labs; - struct ub_packed_rrset_key* nsec; - struct packed_rrset_data* d; - uint32_t flags; - uint8_t* wc; - struct query_info qinfo; - if(!neg) return 0; - - log_nametypeclass(VERB_ALGO, "negcache dlvlookup", qname, - LDNS_RR_TYPE_DLV, qclass); - - labs = dname_count_labels(qname); - lock_basic_lock(&neg->lock); - zone = neg_closest_zone_parent(neg, qname, len, labs, qclass); - while(zone && !zone->in_use) - zone = zone->parent; - if(!zone) { - lock_basic_unlock(&neg->lock); - return 0; - } - log_nametypeclass(VERB_ALGO, "negcache zone", zone->name, 0, - zone->dclass); - - /* DLV is defined to use NSEC only */ - if(zone->nsec3_hash) { - lock_basic_unlock(&neg->lock); - return 0; - } - - /* lookup closest data record */ - (void)neg_closest_data(zone, qname, len, labs, &data); - while(data && !data->in_use) - data = data->parent; - if(!data) { - lock_basic_unlock(&neg->lock); - return 0; - } - log_nametypeclass(VERB_ALGO, "negcache rr", data->name, - LDNS_RR_TYPE_NSEC, zone->dclass); - - /* lookup rrset in rrset cache */ - flags = 0; - if(query_dname_compare(data->name, zone->name) == 0) - flags = PACKED_RRSET_NSEC_AT_APEX; - nsec = rrset_cache_lookup(rrset_cache, data->name, data->len, - LDNS_RR_TYPE_NSEC, zone->dclass, flags, now, 0); - - /* check if secure and TTL ok */ - if(!nsec) { - lock_basic_unlock(&neg->lock); - return 0; - } - d = (struct packed_rrset_data*)nsec->entry.data; - if(!d || now > d->ttl) { - lock_rw_unlock(&nsec->entry.lock); - /* delete data record if expired */ - neg_delete_data(neg, data); - lock_basic_unlock(&neg->lock); - return 0; - } - if(d->security != sec_status_secure) { - lock_rw_unlock(&nsec->entry.lock); - neg_delete_data(neg, data); - lock_basic_unlock(&neg->lock); - return 0; - } - verbose(VERB_ALGO, "negcache got secure rrset"); - - /* check NSEC security */ - /* check if NSEC proves no DLV type exists */ - /* check if NSEC proves NXDOMAIN for qname */ - qinfo.qname = qname; - qinfo.qtype = LDNS_RR_TYPE_DLV; - qinfo.qclass = qclass; - qinfo.local_alias = NULL; - if(!nsec_proves_nodata(nsec, &qinfo, &wc) && - !val_nsec_proves_name_error(nsec, qname)) { - /* the NSEC is not a denial for the DLV */ - lock_rw_unlock(&nsec->entry.lock); - lock_basic_unlock(&neg->lock); - verbose(VERB_ALGO, "negcache not proven"); - return 0; - } - /* so the NSEC was a NODATA proof, or NXDOMAIN proof. */ - - /* no need to check for wildcard NSEC; no wildcards in DLV repos */ - /* no need to lookup SOA record for client; no response message */ - - lock_rw_unlock(&nsec->entry.lock); - /* if OK touch the LRU for neg_data element */ - neg_lru_touch(neg, data); - lock_basic_unlock(&neg->lock); - verbose(VERB_ALGO, "negcache DLV denial proven"); - return 1; -} - -/** see if the reply has signed NSEC records and return the signer */ -static uint8_t* reply_nsec_signer(struct reply_info* rep, size_t* signer_len, - uint16_t* dclass) -{ - size_t i; - struct packed_rrset_data* d; - uint8_t* s; - for(i=rep->an_numrrsets; i< rep->an_numrrsets+rep->ns_numrrsets; i++){ - if(ntohs(rep->rrsets[i]->rk.type) == LDNS_RR_TYPE_NSEC || - ntohs(rep->rrsets[i]->rk.type) == LDNS_RR_TYPE_NSEC3) { - d = (struct packed_rrset_data*)rep->rrsets[i]-> - entry.data; - /* return first signer name of first NSEC */ - if(d->rrsig_count != 0) { - val_find_rrset_signer(rep->rrsets[i], - &s, signer_len); - if(s && *signer_len) { - *dclass = ntohs(rep->rrsets[i]-> - rk.rrset_class); - return s; - } - } - } - } - return 0; -} - -void val_neg_addreferral(struct val_neg_cache* neg, struct reply_info* rep, - uint8_t* zone_name) -{ - size_t i, need; - uint8_t* signer; - size_t signer_len; - uint16_t dclass; - struct val_neg_zone* zone; - /* no SOA in this message, find RRSIG over NSEC's signer name. - * note the NSEC records are maybe not validated yet */ - signer = reply_nsec_signer(rep, &signer_len, &dclass); - if(!signer) - return; - if(!dname_subdomain_c(signer, zone_name)) { - /* the signer is not in the bailiwick, throw it out */ - return; - } - - log_nametypeclass(VERB_ALGO, "negcache insert referral ", - signer, LDNS_RR_TYPE_NS, dclass); - - /* ask for enough space to store all of it */ - need = calc_data_need(rep) + calc_zone_need(signer, signer_len); - lock_basic_lock(&neg->lock); - neg_make_space(neg, need); - - /* find or create the zone entry */ - zone = neg_find_zone(neg, signer, signer_len, dclass); - if(!zone) { - if(!(zone = neg_create_zone(neg, signer, signer_len, - dclass))) { - lock_basic_unlock(&neg->lock); - log_err("out of memory adding negative zone"); - return; - } - } - val_neg_zone_take_inuse(zone); - - /* insert the NSECs */ - for(i=rep->an_numrrsets; i< rep->an_numrrsets+rep->ns_numrrsets; i++){ - if(ntohs(rep->rrsets[i]->rk.type) != LDNS_RR_TYPE_NSEC && - ntohs(rep->rrsets[i]->rk.type) != LDNS_RR_TYPE_NSEC3) - continue; - if(!dname_subdomain_c(rep->rrsets[i]->rk.dname, - zone->name)) continue; - /* insert NSEC into this zone's tree */ - neg_insert_data(neg, zone, rep->rrsets[i]); - } - if(zone->tree.count == 0) { - /* remove empty zone if inserts failed */ - neg_delete_zone(neg, zone); - } - lock_basic_unlock(&neg->lock); -} - -/** - * Check that an NSEC3 rrset does not have a type set. - * None of the nsec3s in a hash-collision are allowed to have the type. - * (since we do not know which one is the nsec3 looked at, flags, ..., we - * ignore the cached item and let it bypass negative caching). - * @param k: the nsec3 rrset to check. - * @param t: type to check - * @return true if no RRs have the type. - */ -static int nsec3_no_type(struct ub_packed_rrset_key* k, uint16_t t) -{ - int count = (int)((struct packed_rrset_data*)k->entry.data)->count; - int i; - for(i=0; ientry.data; - if(d->ttl < now) { - lock_rw_unlock(&k->entry.lock); - return NULL; - } - /* only secure or unchecked records that have signatures. */ - if( ! ( d->security == sec_status_secure || - (d->security == sec_status_unchecked && - d->rrsig_count > 0) ) ) { - lock_rw_unlock(&k->entry.lock); - return NULL; - } - /* check if checktype is absent */ - if(checkbit && ( - (qtype == LDNS_RR_TYPE_NSEC && nsec_has_type(k, checktype)) || - (qtype == LDNS_RR_TYPE_NSEC3 && !nsec3_no_type(k, checktype)) - )) { - lock_rw_unlock(&k->entry.lock); - return NULL; - } - /* looks OK! copy to region and return it */ - r = packed_rrset_copy_region(k, region, now); - /* if it failed, we return the NULL */ - lock_rw_unlock(&k->entry.lock); - return r; -} - -/** find nsec3 closest encloser in neg cache */ -static struct val_neg_data* -neg_find_nsec3_ce(struct val_neg_zone* zone, uint8_t* qname, size_t qname_len, - int qlabs, sldns_buffer* buf, uint8_t* hashnc, size_t* nclen) -{ - struct val_neg_data* data; - uint8_t hashce[NSEC3_SHA_LEN]; - uint8_t b32[257]; - size_t celen, b32len; - - *nclen = 0; - while(qlabs > 0) { - /* hash */ - if(!(celen=nsec3_get_hashed(buf, qname, qname_len, - zone->nsec3_hash, zone->nsec3_iter, zone->nsec3_salt, - zone->nsec3_saltlen, hashce, sizeof(hashce)))) - return NULL; - if(!(b32len=nsec3_hash_to_b32(hashce, celen, zone->name, - zone->len, b32, sizeof(b32)))) - return NULL; - - /* lookup (exact match only) */ - data = neg_find_data(zone, b32, b32len, zone->labs+1); - if(data && data->in_use) { - /* found ce match! */ - return data; - } - - *nclen = celen; - memmove(hashnc, hashce, celen); - dname_remove_label(&qname, &qname_len); - qlabs --; - } - return NULL; -} - -/** check nsec3 parameters on nsec3 rrset with current zone values */ -static int -neg_params_ok(struct val_neg_zone* zone, struct ub_packed_rrset_key* rrset) -{ - int h; - uint8_t* s; - size_t slen, it; - if(!nsec3_get_params(rrset, 0, &h, &it, &s, &slen)) - return 0; - return (h == zone->nsec3_hash && it == zone->nsec3_iter && - slen == zone->nsec3_saltlen && - memcmp(zone->nsec3_salt, s, slen) == 0); -} - -/** get next closer for nsec3 proof */ -static struct ub_packed_rrset_key* -neg_nsec3_getnc(struct val_neg_zone* zone, uint8_t* hashnc, size_t nclen, - struct rrset_cache* rrset_cache, struct regional* region, - time_t now, uint8_t* b32, size_t maxb32) -{ - struct ub_packed_rrset_key* nc_rrset; - struct val_neg_data* data; - size_t b32len; - - if(!(b32len=nsec3_hash_to_b32(hashnc, nclen, zone->name, - zone->len, b32, maxb32))) - return NULL; - (void)neg_closest_data(zone, b32, b32len, zone->labs+1, &data); - if(!data && zone->tree.count != 0) { - /* could be before the first entry ; return the last - * entry (possibly the rollover nsec3 at end) */ - data = (struct val_neg_data*)rbtree_last(&zone->tree); - } - while(data && !data->in_use) - data = data->parent; - if(!data) - return NULL; - /* got a data element in tree, grab it */ - nc_rrset = grab_nsec(rrset_cache, data->name, data->len, - LDNS_RR_TYPE_NSEC3, zone->dclass, 0, region, 0, 0, now); - if(!nc_rrset) - return NULL; - if(!neg_params_ok(zone, nc_rrset)) - return NULL; - return nc_rrset; -} - -/** neg cache nsec3 proof procedure*/ -static struct dns_msg* -neg_nsec3_proof_ds(struct val_neg_zone* zone, uint8_t* qname, size_t qname_len, - int qlabs, sldns_buffer* buf, struct rrset_cache* rrset_cache, - struct regional* region, time_t now, uint8_t* topname) -{ - struct dns_msg* msg; - struct val_neg_data* data; - uint8_t hashnc[NSEC3_SHA_LEN]; - size_t nclen; - struct ub_packed_rrset_key* ce_rrset, *nc_rrset; - struct nsec3_cached_hash c; - uint8_t nc_b32[257]; - - /* for NSEC3 ; determine the closest encloser for which we - * can find an exact match. Remember the hashed lower name, - * since that is the one we need a closest match for. - * If we find a match straight away, then it becomes NODATA. - * Otherwise, NXDOMAIN or if OPTOUT, an insecure delegation. - * Also check that parameters are the same on closest encloser - * and on closest match. - */ - if(!zone->nsec3_hash) - return NULL; /* not nsec3 zone */ - - if(!(data=neg_find_nsec3_ce(zone, qname, qname_len, qlabs, buf, - hashnc, &nclen))) { - return NULL; - } - - /* grab the ce rrset */ - ce_rrset = grab_nsec(rrset_cache, data->name, data->len, - LDNS_RR_TYPE_NSEC3, zone->dclass, 0, region, 1, - LDNS_RR_TYPE_DS, now); - if(!ce_rrset) - return NULL; - if(!neg_params_ok(zone, ce_rrset)) - return NULL; - - if(nclen == 0) { - /* exact match, just check the type bits */ - /* need: -SOA, -DS, +NS */ - if(nsec3_has_type(ce_rrset, 0, LDNS_RR_TYPE_SOA) || - nsec3_has_type(ce_rrset, 0, LDNS_RR_TYPE_DS) || - !nsec3_has_type(ce_rrset, 0, LDNS_RR_TYPE_NS)) - return NULL; - if(!(msg = dns_msg_create(qname, qname_len, - LDNS_RR_TYPE_DS, zone->dclass, region, 1))) - return NULL; - /* TTL reduced in grab_nsec */ - if(!dns_msg_authadd(msg, region, ce_rrset, 0)) - return NULL; - return msg; - } - - /* optout is not allowed without knowing the trust-anchor in use, - * otherwise the optout could spoof away that anchor */ - if(!topname) - return NULL; - - /* if there is no exact match, it must be in an optout span - * (an existing DS implies an NSEC3 must exist) */ - nc_rrset = neg_nsec3_getnc(zone, hashnc, nclen, rrset_cache, - region, now, nc_b32, sizeof(nc_b32)); - if(!nc_rrset) - return NULL; - if(!neg_params_ok(zone, nc_rrset)) - return NULL; - if(!nsec3_has_optout(nc_rrset, 0)) - return NULL; - c.hash = hashnc; - c.hash_len = nclen; - c.b32 = nc_b32+1; - c.b32_len = (size_t)nc_b32[0]; - if(nsec3_covers(zone->name, &c, nc_rrset, 0, buf)) { - /* nc_rrset covers the next closer name. - * ce_rrset equals a closer encloser. - * nc_rrset is optout. - * No need to check wildcard for type DS */ - /* capacity=3: ce + nc + soa(if needed) */ - if(!(msg = dns_msg_create(qname, qname_len, - LDNS_RR_TYPE_DS, zone->dclass, region, 3))) - return NULL; - /* now=0 because TTL was reduced in grab_nsec */ - if(!dns_msg_authadd(msg, region, ce_rrset, 0)) - return NULL; - if(!dns_msg_authadd(msg, region, nc_rrset, 0)) - return NULL; - return msg; - } - return NULL; -} - -/** - * Add SOA record for external responses. - * @param rrset_cache: to look into. - * @param now: current time. - * @param region: where to perform the allocation - * @param msg: current msg with NSEC. - * @param zone: val_neg_zone if we have one. - * @return false on lookup or alloc failure. - */ -static int add_soa(struct rrset_cache* rrset_cache, time_t now, - struct regional* region, struct dns_msg* msg, struct val_neg_zone* zone) -{ - struct ub_packed_rrset_key* soa; - uint8_t* nm; - size_t nmlen; - uint16_t dclass; - if(zone) { - nm = zone->name; - nmlen = zone->len; - dclass = zone->dclass; - } else { - /* Assumes the signer is the zone SOA to add */ - nm = reply_nsec_signer(msg->rep, &nmlen, &dclass); - if(!nm) - return 0; - } - soa = rrset_cache_lookup(rrset_cache, nm, nmlen, LDNS_RR_TYPE_SOA, - dclass, PACKED_RRSET_SOA_NEG, now, 0); - if(!soa) - return 0; - if(!dns_msg_authadd(msg, region, soa, now)) { - lock_rw_unlock(&soa->entry.lock); - return 0; - } - lock_rw_unlock(&soa->entry.lock); - return 1; -} - -struct dns_msg* -val_neg_getmsg(struct val_neg_cache* neg, struct query_info* qinfo, - struct regional* region, struct rrset_cache* rrset_cache, - sldns_buffer* buf, time_t now, int addsoa, uint8_t* topname) -{ - struct dns_msg* msg; - struct ub_packed_rrset_key* rrset; - uint8_t* zname; - size_t zname_len; - int zname_labs; - struct val_neg_zone* zone; - - /* only for DS queries */ - if(qinfo->qtype != LDNS_RR_TYPE_DS) - return NULL; - log_assert(!topname || dname_subdomain_c(qinfo->qname, topname)); - - /* see if info from neg cache is available - * For NSECs, because there is no optout; a DS next to a delegation - * always has exactly an NSEC for it itself; check its DS bit. - * flags=0 (not the zone apex). - */ - rrset = grab_nsec(rrset_cache, qinfo->qname, qinfo->qname_len, - LDNS_RR_TYPE_NSEC, qinfo->qclass, 0, region, 1, - qinfo->qtype, now); - if(rrset) { - /* return msg with that rrset */ - if(!(msg = dns_msg_create(qinfo->qname, qinfo->qname_len, - qinfo->qtype, qinfo->qclass, region, 2))) - return NULL; - /* TTL already subtracted in grab_nsec */ - if(!dns_msg_authadd(msg, region, rrset, 0)) - return NULL; - if(addsoa && !add_soa(rrset_cache, now, region, msg, NULL)) - return NULL; - return msg; - } - - /* check NSEC3 neg cache for type DS */ - /* need to look one zone higher for DS type */ - zname = qinfo->qname; - zname_len = qinfo->qname_len; - dname_remove_label(&zname, &zname_len); - zname_labs = dname_count_labels(zname); - - /* lookup closest zone */ - lock_basic_lock(&neg->lock); - zone = neg_closest_zone_parent(neg, zname, zname_len, zname_labs, - qinfo->qclass); - while(zone && !zone->in_use) - zone = zone->parent; - /* check that the zone is not too high up so that we do not pick data - * out of a zone that is above the last-seen key (or trust-anchor). */ - if(zone && topname) { - if(!dname_subdomain_c(zone->name, topname)) - zone = NULL; - } - if(!zone) { - lock_basic_unlock(&neg->lock); - return NULL; - } - - msg = neg_nsec3_proof_ds(zone, qinfo->qname, qinfo->qname_len, - zname_labs+1, buf, rrset_cache, region, now, topname); - if(msg && addsoa && !add_soa(rrset_cache, now, region, msg, zone)) { - lock_basic_unlock(&neg->lock); - return NULL; - } - lock_basic_unlock(&neg->lock); - return msg; -} diff --git a/external/unbound/validator/val_neg.h b/external/unbound/validator/val_neg.h deleted file mode 100644 index 6ae71306c..000000000 --- a/external/unbound/validator/val_neg.h +++ /dev/null @@ -1,315 +0,0 @@ -/* - * validator/val_neg.h - validator aggressive negative caching functions. - * - * Copyright (c) 2008, NLnet Labs. All rights reserved. - * - * This software is open source. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * Redistributions of source code must retain the above copyright notice, - * this list of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, - * this list of conditions and the following disclaimer in the documentation - * and/or other materials provided with the distribution. - * - * Neither the name of the NLNET LABS nor the names of its contributors may - * be used to endorse or promote products derived from this software without - * specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR - * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT - * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED - * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR - * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF - * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING - * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -/** - * \file - * - * This file contains helper functions for the validator module. - * The functions help with aggressive negative caching. - * This creates new denials of existence, and proofs for absence of types - * from cached NSEC records. - */ - -#ifndef VALIDATOR_VAL_NEG_H -#define VALIDATOR_VAL_NEG_H -#include "util/locks.h" -#include "util/rbtree.h" -struct sldns_buffer; -struct val_neg_data; -struct config_file; -struct reply_info; -struct rrset_cache; -struct regional; -struct query_info; -struct dns_msg; -struct ub_packed_rrset_key; - -/** - * The negative cache. It is shared between the threads, so locked. - * Kept as validator-environ-state. It refers back to the rrset cache for - * data elements. It can be out of date and contain conflicting data - * from zone content changes. - * It contains a tree of zones, every zone has a tree of data elements. - * The data elements are part of one big LRU list, with one memory counter. - */ -struct val_neg_cache { - /** the big lock on the negative cache. Because we use a rbtree - * for the data (quick lookup), we need a big lock */ - lock_basic_type lock; - /** The zone rbtree. contents sorted canonical, type val_neg_zone */ - rbtree_type tree; - /** the first in linked list of LRU of val_neg_data */ - struct val_neg_data* first; - /** last in lru (least recently used element) */ - struct val_neg_data* last; - /** current memory in use (bytes) */ - size_t use; - /** max memory to use (bytes) */ - size_t max; - /** max nsec3 iterations allowed */ - size_t nsec3_max_iter; -}; - -/** - * Per Zone aggressive negative caching data. - */ -struct val_neg_zone { - /** rbtree node element, key is this struct: the name, class */ - rbnode_type node; - /** name; the key */ - uint8_t* name; - /** length of name */ - size_t len; - /** labels in name */ - int labs; - - /** pointer to parent zone in the negative cache */ - struct val_neg_zone* parent; - - /** the number of elements, including this one and the ones whose - * parents (-parents) include this one, that are in_use - * No elements have a count of zero, those are removed. */ - int count; - - /** if 0: NSEC zone, else NSEC3 hash algorithm in use */ - int nsec3_hash; - /** nsec3 iteration count in use */ - size_t nsec3_iter; - /** nsec3 salt in use */ - uint8_t* nsec3_salt; - /** length of salt in bytes */ - size_t nsec3_saltlen; - - /** tree of NSEC data for this zone, sorted canonical - * by NSEC owner name */ - rbtree_type tree; - - /** class of node; host order */ - uint16_t dclass; - /** if this element is in use, boolean */ - uint8_t in_use; -}; - -/** - * Data element for aggressive negative caching. - * The tree of these elements acts as an index onto the rrset cache. - * It shows the NSEC records that (may) exist and are (possibly) secure. - * The rbtree allows for logN search for a covering NSEC record. - * To make tree insertion and deletion logN too, all the parent (one label - * less than the name) data elements are also in the rbtree, with a usage - * count for every data element. - * There is no actual data stored in this data element, if it is in_use, - * then the data can (possibly) be found in the rrset cache. - */ -struct val_neg_data { - /** rbtree node element, key is this struct: the name */ - rbnode_type node; - /** name; the key */ - uint8_t* name; - /** length of name */ - size_t len; - /** labels in name */ - int labs; - - /** pointer to parent node in the negative cache */ - struct val_neg_data* parent; - - /** the number of elements, including this one and the ones whose - * parents (-parents) include this one, that are in use - * No elements have a count of zero, those are removed. */ - int count; - - /** the zone that this denial is part of */ - struct val_neg_zone* zone; - - /** previous in LRU */ - struct val_neg_data* prev; - /** next in LRU (next element was less recently used) */ - struct val_neg_data* next; - - /** if this element is in use, boolean */ - uint8_t in_use; -}; - -/** - * Create negative cache - * @param cfg: config options. - * @param maxiter: max nsec3 iterations allowed. - * @return neg cache, empty or NULL on failure. - */ -struct val_neg_cache* val_neg_create(struct config_file* cfg, size_t maxiter); - -/** - * see how much memory is in use by the negative cache. - * @param neg: negative cache - * @return number of bytes in use. - */ -size_t val_neg_get_mem(struct val_neg_cache* neg); - -/** - * Destroy negative cache. There must no longer be any other threads. - * @param neg: negative cache. - */ -void neg_cache_delete(struct val_neg_cache* neg); - -/** - * Comparison function for rbtree val neg data elements - */ -int val_neg_data_compare(const void* a, const void* b); - -/** - * Comparison function for rbtree val neg zone elements - */ -int val_neg_zone_compare(const void* a, const void* b); - -/** - * Insert NSECs from this message into the negative cache for reference. - * @param neg: negative cache - * @param rep: reply with NSECs. - * Errors are ignored, means that storage is omitted. - */ -void val_neg_addreply(struct val_neg_cache* neg, struct reply_info* rep); - -/** - * Insert NSECs from this referral into the negative cache for reference. - * @param neg: negative cache - * @param rep: referral reply with NS, NSECs. - * @param zone: bailiwick for the referral. - * Errors are ignored, means that storage is omitted. - */ -void val_neg_addreferral(struct val_neg_cache* neg, struct reply_info* rep, - uint8_t* zone); - -/** - * Perform a DLV style lookup - * During the lookup, we could find out that data has expired. In that - * case the neg_cache entries are removed, and lookup fails. - * - * @param neg: negative cache. - * @param qname: name to look for - * @param len: length of qname. - * @param qclass: class to look in. - * @param rrset_cache: the rrset cache, for NSEC lookups. - * @param now: current time for ttl checks. - * @return - * 0 on error - * 0 if no proof of negative - * 1 if indeed negative was proven - * thus, qname DLV qclass does not exist. - */ -int val_neg_dlvlookup(struct val_neg_cache* neg, uint8_t* qname, size_t len, - uint16_t qclass, struct rrset_cache* rrset_cache, time_t now); - -/** - * For the given query, try to get a reply out of the negative cache. - * The reply still needs to be validated. - * @param neg: negative cache. - * @param qinfo: query - * @param region: where to allocate reply. - * @param rrset_cache: rrset cache. - * @param buf: temporary buffer. - * @param now: to check TTLs against. - * @param addsoa: if true, produce result for external consumption. - * if false, do not add SOA - for unbound-internal consumption. - * @param topname: do not look higher than this name, - * so that the result cannot be taken from a zone above the current - * trust anchor. Which could happen with multiple islands of trust. - * if NULL, then no trust anchor is used, but also the algorithm becomes - * more conservative, especially for opt-out zones, since the receiver - * may have a trust-anchor below the optout and thus the optout cannot - * be used to create a proof from the negative cache. - * @return a reply message if something was found. - * This reply may still need validation. - * NULL if nothing found (or out of memory). - */ -struct dns_msg* val_neg_getmsg(struct val_neg_cache* neg, - struct query_info* qinfo, struct regional* region, - struct rrset_cache* rrset_cache, struct sldns_buffer* buf, time_t now, - int addsoa, uint8_t* topname); - - -/**** functions exposed for unit test ****/ -/** - * Insert data into the data tree of a zone - * Does not do locking. - * @param neg: negative cache - * @param zone: zone to insert into - * @param nsec: record to insert. - */ -void neg_insert_data(struct val_neg_cache* neg, - struct val_neg_zone* zone, struct ub_packed_rrset_key* nsec); - -/** - * Delete a data element from the negative cache. - * May delete other data elements to keep tree coherent, or - * only mark the element as 'not in use'. - * Does not do locking. - * @param neg: negative cache. - * @param el: data element to delete. - */ -void neg_delete_data(struct val_neg_cache* neg, struct val_neg_data* el); - -/** - * Find the given zone, from the SOA owner name and class - * Does not do locking. - * @param neg: negative cache - * @param nm: what to look for. - * @param len: length of nm - * @param dclass: class to look for. - * @return zone or NULL if not found. - */ -struct val_neg_zone* neg_find_zone(struct val_neg_cache* neg, - uint8_t* nm, size_t len, uint16_t dclass); - -/** - * Create a new zone. - * Does not do locking. - * @param neg: negative cache - * @param nm: what to look for. - * @param nm_len: length of name. - * @param dclass: class of zone, host order. - * @return zone or NULL if out of memory. - */ -struct val_neg_zone* neg_create_zone(struct val_neg_cache* neg, - uint8_t* nm, size_t nm_len, uint16_t dclass); - -/** - * take a zone into use. increases counts of parents. - * Does not do locking. - * @param zone: zone to take into use. - */ -void val_neg_zone_take_inuse(struct val_neg_zone* zone); - -#endif /* VALIDATOR_VAL_NEG_H */ diff --git a/external/unbound/validator/val_nsec.c b/external/unbound/validator/val_nsec.c deleted file mode 100644 index 1e4f440ff..000000000 --- a/external/unbound/validator/val_nsec.c +++ /dev/null @@ -1,624 +0,0 @@ -/* - * validator/val_nsec.c - validator NSEC denial of existence functions. - * - * Copyright (c) 2007, NLnet Labs. All rights reserved. - * - * This software is open source. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * Redistributions of source code must retain the above copyright notice, - * this list of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, - * this list of conditions and the following disclaimer in the documentation - * and/or other materials provided with the distribution. - * - * Neither the name of the NLNET LABS nor the names of its contributors may - * be used to endorse or promote products derived from this software without - * specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR - * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT - * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED - * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR - * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF - * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING - * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -/** - * \file - * - * This file contains helper functions for the validator module. - * The functions help with NSEC checking, the different NSEC proofs - * for denial of existence, and proofs for presence of types. - */ -#include "config.h" -#include "validator/val_nsec.h" -#include "validator/val_utils.h" -#include "util/data/msgreply.h" -#include "util/data/dname.h" -#include "util/net_help.h" -#include "util/module.h" -#include "services/cache/rrset.h" - -/** get ttl of rrset */ -static uint32_t -rrset_get_ttl(struct ub_packed_rrset_key* k) -{ - struct packed_rrset_data* d = (struct packed_rrset_data*)k->entry.data; - return d->ttl; -} - -int -nsecbitmap_has_type_rdata(uint8_t* bitmap, size_t len, uint16_t type) -{ - /* Check type present in NSEC typemap with bitmap arg */ - /* bitmasks for determining type-lowerbits presence */ - uint8_t masks[8] = {0x80, 0x40, 0x20, 0x10, 0x08, 0x04, 0x02, 0x01}; - uint8_t type_window = type>>8; - uint8_t type_low = type&0xff; - uint8_t win, winlen; - /* read each of the type bitmap windows and see if the searched - * type is amongst it */ - while(len > 0) { - if(len < 3) /* bad window, at least window# winlen bitmap */ - return 0; - win = *bitmap++; - winlen = *bitmap++; - len -= 2; - if(len < winlen || winlen < 1 || winlen > 32) - return 0; /* bad window length */ - if(win == type_window) { - /* search window bitmap for the correct byte */ - /* mybyte is 0 if we need the first byte */ - size_t mybyte = type_low>>3; - if(winlen <= mybyte) - return 0; /* window too short */ - return (int)(bitmap[mybyte] & masks[type_low&0x7]); - } else { - /* not the window we are looking for */ - bitmap += winlen; - len -= winlen; - } - } - /* end of bitmap reached, no type found */ - return 0; -} - -int -nsec_has_type(struct ub_packed_rrset_key* nsec, uint16_t type) -{ - struct packed_rrset_data* d = (struct packed_rrset_data*)nsec-> - entry.data; - size_t len; - if(!d || d->count == 0 || d->rr_len[0] < 2+1) - return 0; - len = dname_valid(d->rr_data[0]+2, d->rr_len[0]-2); - if(!len) - return 0; - return nsecbitmap_has_type_rdata(d->rr_data[0]+2+len, - d->rr_len[0]-2-len, type); -} - -/** - * Get next owner name from nsec record - * @param nsec: the nsec RRset. - * If there are multiple RRs, then this will only return one of them. - * @param nm: the next name is returned. - * @param ln: length of nm is returned. - * @return false on a bad NSEC RR (too short, malformed dname). - */ -static int -nsec_get_next(struct ub_packed_rrset_key* nsec, uint8_t** nm, size_t* ln) -{ - struct packed_rrset_data* d = (struct packed_rrset_data*)nsec-> - entry.data; - if(!d || d->count == 0 || d->rr_len[0] < 2+1) { - *nm = 0; - *ln = 0; - return 0; - } - *nm = d->rr_data[0]+2; - *ln = dname_valid(*nm, d->rr_len[0]-2); - if(!*ln) { - *nm = 0; - *ln = 0; - return 0; - } - return 1; -} - -/** - * For an NSEC that matches the DS queried for, check absence of DS type. - * - * @param nsec: NSEC for proof, must be trusted. - * @param qinfo: what is queried for. - * @return if secure the nsec proves that no DS is present, or - * insecure if it proves it is not a delegation point. - * or bogus if something was wrong. - */ -static enum sec_status -val_nsec_proves_no_ds(struct ub_packed_rrset_key* nsec, - struct query_info* qinfo) -{ - log_assert(qinfo->qtype == LDNS_RR_TYPE_DS); - log_assert(ntohs(nsec->rk.type) == LDNS_RR_TYPE_NSEC); - - if(nsec_has_type(nsec, LDNS_RR_TYPE_SOA) && qinfo->qname_len != 1) { - /* SOA present means that this is the NSEC from the child, - * not the parent (so it is the wrong one). */ - return sec_status_bogus; - } - if(nsec_has_type(nsec, LDNS_RR_TYPE_DS)) { - /* DS present means that there should have been a positive - * response to the DS query, so there is something wrong. */ - return sec_status_bogus; - } - - if(!nsec_has_type(nsec, LDNS_RR_TYPE_NS)) { - /* If there is no NS at this point at all, then this - * doesn't prove anything one way or the other. */ - return sec_status_insecure; - } - /* Otherwise, this proves no DS. */ - return sec_status_secure; -} - -/** check security status from cache or verify rrset, returns true if secure */ -static int -nsec_verify_rrset(struct module_env* env, struct val_env* ve, - struct ub_packed_rrset_key* nsec, struct key_entry_key* kkey, - char** reason) -{ - struct packed_rrset_data* d = (struct packed_rrset_data*) - nsec->entry.data; - if(d->security == sec_status_secure) - return 1; - rrset_check_sec_status(env->rrset_cache, nsec, *env->now); - if(d->security == sec_status_secure) - return 1; - d->security = val_verify_rrset_entry(env, ve, nsec, kkey, reason); - if(d->security == sec_status_secure) { - rrset_update_sec_status(env->rrset_cache, nsec, *env->now); - return 1; - } - return 0; -} - -enum sec_status -val_nsec_prove_nodata_dsreply(struct module_env* env, struct val_env* ve, - struct query_info* qinfo, struct reply_info* rep, - struct key_entry_key* kkey, time_t* proof_ttl, char** reason) -{ - struct ub_packed_rrset_key* nsec = reply_find_rrset_section_ns( - rep, qinfo->qname, qinfo->qname_len, LDNS_RR_TYPE_NSEC, - qinfo->qclass); - enum sec_status sec; - size_t i; - uint8_t* wc = NULL, *ce = NULL; - int valid_nsec = 0; - struct ub_packed_rrset_key* wc_nsec = NULL; - - /* If we have a NSEC at the same name, it must prove one - * of two things - * -- - * 1) this is a delegation point and there is no DS - * 2) this is not a delegation point */ - if(nsec) { - if(!nsec_verify_rrset(env, ve, nsec, kkey, reason)) { - verbose(VERB_ALGO, "NSEC RRset for the " - "referral did not verify."); - return sec_status_bogus; - } - sec = val_nsec_proves_no_ds(nsec, qinfo); - if(sec == sec_status_bogus) { - /* something was wrong. */ - *reason = "NSEC does not prove absence of DS"; - return sec; - } else if(sec == sec_status_insecure) { - /* this wasn't a delegation point. */ - return sec; - } else if(sec == sec_status_secure) { - /* this proved no DS. */ - *proof_ttl = ub_packed_rrset_ttl(nsec); - return sec; - } - /* if unchecked, fall through to next proof */ - } - - /* Otherwise, there is no NSEC at qname. This could be an ENT. - * (ENT=empty non terminal). If not, this is broken. */ - - /* verify NSEC rrsets in auth section */ - for(i=rep->an_numrrsets; i < rep->an_numrrsets+rep->ns_numrrsets; - i++) { - if(rep->rrsets[i]->rk.type != htons(LDNS_RR_TYPE_NSEC)) - continue; - if(!nsec_verify_rrset(env, ve, rep->rrsets[i], kkey, reason)) { - verbose(VERB_ALGO, "NSEC for empty non-terminal " - "did not verify."); - return sec_status_bogus; - } - if(nsec_proves_nodata(rep->rrsets[i], qinfo, &wc)) { - verbose(VERB_ALGO, "NSEC for empty non-terminal " - "proved no DS."); - *proof_ttl = rrset_get_ttl(rep->rrsets[i]); - if(wc && dname_is_wild(rep->rrsets[i]->rk.dname)) - wc_nsec = rep->rrsets[i]; - valid_nsec = 1; - } - if(val_nsec_proves_name_error(rep->rrsets[i], qinfo->qname)) { - ce = nsec_closest_encloser(qinfo->qname, - rep->rrsets[i]); - } - } - if(wc && !ce) - valid_nsec = 0; - else if(wc && ce) { - /* ce and wc must match */ - if(query_dname_compare(wc, ce) != 0) - valid_nsec = 0; - else if(!wc_nsec) - valid_nsec = 0; - } - if(valid_nsec) { - if(wc) { - /* check if this is a delegation */ - *reason = "NSEC for wildcard does not prove absence of DS"; - return val_nsec_proves_no_ds(wc_nsec, qinfo); - } - /* valid nsec proves empty nonterminal */ - return sec_status_insecure; - } - - /* NSEC proof did not conclusively point to DS or no DS */ - return sec_status_unchecked; -} - -int nsec_proves_nodata(struct ub_packed_rrset_key* nsec, - struct query_info* qinfo, uint8_t** wc) -{ - log_assert(wc); - if(query_dname_compare(nsec->rk.dname, qinfo->qname) != 0) { - uint8_t* nm; - size_t ln; - - /* empty-non-terminal checking. - * Done before wildcard, because this is an exact match, - * and would prevent a wildcard from matching. */ - - /* If the nsec is proving that qname is an ENT, the nsec owner - * will be less than qname, and the next name will be a child - * domain of the qname. */ - if(!nsec_get_next(nsec, &nm, &ln)) - return 0; /* bad nsec */ - if(dname_strict_subdomain_c(nm, qinfo->qname) && - dname_canonical_compare(nsec->rk.dname, - qinfo->qname) < 0) { - return 1; /* proves ENT */ - } - - /* wildcard checking. */ - - /* If this is a wildcard NSEC, make sure that a) it was - * possible to have generated qname from the wildcard and - * b) the type map does not contain qtype. Note that this - * does NOT prove that this wildcard was the applicable - * wildcard. */ - if(dname_is_wild(nsec->rk.dname)) { - /* the purported closest encloser. */ - uint8_t* ce = nsec->rk.dname; - size_t ce_len = nsec->rk.dname_len; - dname_remove_label(&ce, &ce_len); - - /* The qname must be a strict subdomain of the - * closest encloser, for the wildcard to apply - */ - if(dname_strict_subdomain_c(qinfo->qname, ce)) { - /* here we have a matching NSEC for the qname, - * perform matching NSEC checks */ - if(nsec_has_type(nsec, LDNS_RR_TYPE_CNAME)) { - /* should have gotten the wildcard CNAME */ - return 0; - } - if(nsec_has_type(nsec, LDNS_RR_TYPE_NS) && - !nsec_has_type(nsec, LDNS_RR_TYPE_SOA)) { - /* wrong parentside (wildcard) NSEC used */ - return 0; - } - if(nsec_has_type(nsec, qinfo->qtype)) { - return 0; - } - *wc = ce; - return 1; - } - } else { - /* See if the next owner name covers a wildcard - * empty non-terminal. */ - while (dname_canonical_compare(nsec->rk.dname, nm) < 0) { - /* wildcard does not apply if qname below - * the name that exists under the '*' */ - if (dname_subdomain_c(qinfo->qname, nm)) - break; - /* but if it is a wildcard and qname is below - * it, then the wildcard applies. The wildcard - * is an empty nonterminal. nodata proven. */ - if (dname_is_wild(nm)) { - size_t ce_len = ln; - uint8_t* ce = nm; - dname_remove_label(&ce, &ce_len); - if(dname_strict_subdomain_c(qinfo->qname, ce)) { - *wc = ce; - return 1; - } - } - dname_remove_label(&nm, &ln); - } - } - - /* Otherwise, this NSEC does not prove ENT and is not a - * wildcard, so it does not prove NODATA. */ - return 0; - } - - /* If the qtype exists, then we should have gotten it. */ - if(nsec_has_type(nsec, qinfo->qtype)) { - return 0; - } - - /* if the name is a CNAME node, then we should have gotten the CNAME*/ - if(nsec_has_type(nsec, LDNS_RR_TYPE_CNAME)) { - return 0; - } - - /* If an NS set exists at this name, and NOT a SOA (so this is a - * zone cut, not a zone apex), then we should have gotten a - * referral (or we just got the wrong NSEC). - * The reverse of this check is used when qtype is DS, since that - * must use the NSEC from above the zone cut. */ - if(qinfo->qtype != LDNS_RR_TYPE_DS && - nsec_has_type(nsec, LDNS_RR_TYPE_NS) && - !nsec_has_type(nsec, LDNS_RR_TYPE_SOA)) { - return 0; - } else if(qinfo->qtype == LDNS_RR_TYPE_DS && - nsec_has_type(nsec, LDNS_RR_TYPE_SOA) && - !dname_is_root(qinfo->qname)) { - return 0; - } - - return 1; -} - -int -val_nsec_proves_name_error(struct ub_packed_rrset_key* nsec, uint8_t* qname) -{ - uint8_t* owner = nsec->rk.dname; - uint8_t* next; - size_t nlen; - if(!nsec_get_next(nsec, &next, &nlen)) - return 0; - - /* If NSEC owner == qname, then this NSEC proves that qname exists. */ - if(query_dname_compare(qname, owner) == 0) { - return 0; - } - - /* If NSEC is a parent of qname, we need to check the type map - * If the parent name has a DNAME or is a delegation point, then - * this NSEC is being misused. */ - if(dname_subdomain_c(qname, owner) && - (nsec_has_type(nsec, LDNS_RR_TYPE_DNAME) || - (nsec_has_type(nsec, LDNS_RR_TYPE_NS) - && !nsec_has_type(nsec, LDNS_RR_TYPE_SOA)) - )) { - return 0; - } - - if(query_dname_compare(owner, next) == 0) { - /* this nsec is the only nsec */ - /* zone.name NSEC zone.name, disproves everything else */ - /* but only for subdomains of that zone */ - if(dname_strict_subdomain_c(qname, next)) - return 1; - } - else if(dname_canonical_compare(owner, next) > 0) { - /* this is the last nsec, ....(bigger) NSEC zonename(smaller) */ - /* the names after the last (owner) name do not exist - * there are no names before the zone name in the zone - * but the qname must be a subdomain of the zone name(next). */ - if(dname_canonical_compare(owner, qname) < 0 && - dname_strict_subdomain_c(qname, next)) - return 1; - } else { - /* regular NSEC, (smaller) NSEC (larger) */ - if(dname_canonical_compare(owner, qname) < 0 && - dname_canonical_compare(qname, next) < 0) { - return 1; - } - } - return 0; -} - -int val_nsec_proves_insecuredelegation(struct ub_packed_rrset_key* nsec, - struct query_info* qinfo) -{ - if(nsec_has_type(nsec, LDNS_RR_TYPE_NS) && - !nsec_has_type(nsec, LDNS_RR_TYPE_DS) && - !nsec_has_type(nsec, LDNS_RR_TYPE_SOA)) { - /* see if nsec signals an insecure delegation */ - if(qinfo->qtype == LDNS_RR_TYPE_DS) { - /* if type is DS and qname is equal to nsec, then it - * is an exact match nsec, result not insecure */ - if(dname_strict_subdomain_c(qinfo->qname, - nsec->rk.dname)) - return 1; - } else { - if(dname_subdomain_c(qinfo->qname, nsec->rk.dname)) - return 1; - } - } - return 0; -} - -uint8_t* -nsec_closest_encloser(uint8_t* qname, struct ub_packed_rrset_key* nsec) -{ - uint8_t* next; - size_t nlen; - uint8_t* common1, *common2; - if(!nsec_get_next(nsec, &next, &nlen)) - return NULL; - /* longest common with owner or next name */ - common1 = dname_get_shared_topdomain(nsec->rk.dname, qname); - common2 = dname_get_shared_topdomain(next, qname); - if(dname_count_labels(common1) > dname_count_labels(common2)) - return common1; - return common2; -} - -int val_nsec_proves_positive_wildcard(struct ub_packed_rrset_key* nsec, - struct query_info* qinf, uint8_t* wc) -{ - uint8_t* ce; - /* 1) prove that qname doesn't exist and - * 2) that the correct wildcard was used - * nsec has been verified already. */ - if(!val_nsec_proves_name_error(nsec, qinf->qname)) - return 0; - /* check wildcard name */ - ce = nsec_closest_encloser(qinf->qname, nsec); - if(!ce) - return 0; - if(query_dname_compare(wc, ce) != 0) { - return 0; - } - return 1; -} - -int -val_nsec_proves_no_wc(struct ub_packed_rrset_key* nsec, uint8_t* qname, - size_t qnamelen) -{ - /* Determine if a NSEC record proves the non-existence of a - * wildcard that could have produced qname. */ - int labs; - int i; - uint8_t* ce = nsec_closest_encloser(qname, nsec); - uint8_t* strip; - size_t striplen; - uint8_t buf[LDNS_MAX_DOMAINLEN+3]; - if(!ce) - return 0; - /* we can subtract the closest encloser count - since that is the - * largest shared topdomain with owner and next NSEC name, - * because the NSEC is no proof for names shorter than the owner - * and next names. */ - labs = dname_count_labels(qname) - dname_count_labels(ce); - - for(i=labs; i>0; i--) { - /* i is number of labels to strip off qname, prepend * wild */ - strip = qname; - striplen = qnamelen; - dname_remove_labels(&strip, &striplen, i); - if(striplen > LDNS_MAX_DOMAINLEN-2) - continue; /* too long to prepend wildcard */ - buf[0] = 1; - buf[1] = (uint8_t)'*'; - memmove(buf+2, strip, striplen); - if(val_nsec_proves_name_error(nsec, buf)) { - return 1; - } - } - return 0; -} - -/** - * Find shared topdomain that exists - */ -static void -dlv_topdomain(struct ub_packed_rrset_key* nsec, uint8_t* qname, - uint8_t** nm, size_t* nm_len) -{ - /* make sure reply is part of nm */ - /* take shared topdomain with left of NSEC. */ - - /* because, if empty nonterminal, then right is subdomain of qname. - * and any shared topdomain would be empty nonterminals. - * - * If nxdomain, then the right is bigger, and could have an - * interesting shared topdomain, but if it does have one, it is - * an empty nonterminal. An empty nonterminal shared with the left - * one. */ - int n; - uint8_t* common = dname_get_shared_topdomain(qname, nsec->rk.dname); - n = dname_count_labels(*nm) - dname_count_labels(common); - dname_remove_labels(nm, nm_len, n); -} - -int val_nsec_check_dlv(struct query_info* qinfo, - struct reply_info* rep, uint8_t** nm, size_t* nm_len) -{ - uint8_t* next; - size_t i, nlen; - int c; - /* we should now have a NOERROR/NODATA or NXDOMAIN message */ - if(rep->an_numrrsets != 0) { - return 0; - } - /* is this NOERROR ? */ - if(FLAGS_GET_RCODE(rep->flags) == LDNS_RCODE_NOERROR) { - /* it can be a plain NSEC match - go up one more level. */ - /* or its an empty nonterminal - go up to nonempty level */ - for(i=0; ins_numrrsets; i++) { - if(htons(rep->rrsets[i]->rk.type)!=LDNS_RR_TYPE_NSEC || - !nsec_get_next(rep->rrsets[i], &next, &nlen)) - continue; - c = dname_canonical_compare( - rep->rrsets[i]->rk.dname, qinfo->qname); - if(c == 0) { - /* plain match */ - if(nsec_has_type(rep->rrsets[i], - LDNS_RR_TYPE_DLV)) - return 0; - dname_remove_label(nm, nm_len); - return 1; - } else if(c < 0 && - dname_strict_subdomain_c(next, qinfo->qname)) { - /* ENT */ - dlv_topdomain(rep->rrsets[i], qinfo->qname, - nm, nm_len); - return 1; - } - } - return 0; - } - - /* is this NXDOMAIN ? */ - if(FLAGS_GET_RCODE(rep->flags) == LDNS_RCODE_NXDOMAIN) { - /* find the qname denial NSEC record. It can tell us - * a closest encloser name; or that we not need bother */ - for(i=0; ins_numrrsets; i++) { - if(htons(rep->rrsets[i]->rk.type) != LDNS_RR_TYPE_NSEC) - continue; - if(val_nsec_proves_name_error(rep->rrsets[i], - qinfo->qname)) { - log_nametypeclass(VERB_ALGO, "topdomain on", - rep->rrsets[i]->rk.dname, - ntohs(rep->rrsets[i]->rk.type), 0); - dlv_topdomain(rep->rrsets[i], qinfo->qname, - nm, nm_len); - return 1; - } - } - return 0; - } - return 0; -} diff --git a/external/unbound/validator/val_nsec.h b/external/unbound/validator/val_nsec.h deleted file mode 100644 index c031c9a3b..000000000 --- a/external/unbound/validator/val_nsec.h +++ /dev/null @@ -1,182 +0,0 @@ -/* - * validator/val_nsec.h - validator NSEC denial of existence functions. - * - * Copyright (c) 2007, NLnet Labs. All rights reserved. - * - * This software is open source. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * Redistributions of source code must retain the above copyright notice, - * this list of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, - * this list of conditions and the following disclaimer in the documentation - * and/or other materials provided with the distribution. - * - * Neither the name of the NLNET LABS nor the names of its contributors may - * be used to endorse or promote products derived from this software without - * specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR - * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT - * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED - * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR - * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF - * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING - * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -/** - * \file - * - * This file contains helper functions for the validator module. - * The functions help with NSEC checking, the different NSEC proofs - * for denial of existence, and proofs for presence of types. - */ - -#ifndef VALIDATOR_VAL_NSEC_H -#define VALIDATOR_VAL_NSEC_H -#include "util/data/packed_rrset.h" -struct val_env; -struct module_env; -struct ub_packed_rrset_key; -struct reply_info; -struct query_info; -struct key_entry_key; - -/** - * Check DS absence. - * There is a NODATA reply to a DS that needs checking. - * NSECs can prove this is not a delegation point, or successfully prove - * that there is no DS. Or this fails. - * - * @param env: module env for rrsig verification routines. - * @param ve: validator env for rrsig verification routines. - * @param qinfo: the DS queried for. - * @param rep: reply received. - * @param kkey: key entry to use for verification of signatures. - * @param proof_ttl: if secure, the TTL of how long this proof lasts. - * @param reason: string explaining why bogus. - * @return security status. - * SECURE: proved absence of DS. - * INSECURE: proved that this was not a delegation point. - * BOGUS: crypto bad, or no absence of DS proven. - * UNCHECKED: there was no way to prove anything (no NSECs, unknown algo). - */ -enum sec_status val_nsec_prove_nodata_dsreply(struct module_env* env, - struct val_env* ve, struct query_info* qinfo, - struct reply_info* rep, struct key_entry_key* kkey, - time_t* proof_ttl, char** reason); - -/** - * nsec typemap check, takes an NSEC-type bitmap as argument, checks for type. - * @param bitmap: pointer to the bitmap part of wireformat rdata. - * @param len: length of the bitmap, in bytes. - * @param type: the type (in host order) to check for. - * @return true if the type bit was set in the bitmap. false if not, or - * if the bitmap was malformed in some way. - */ -int nsecbitmap_has_type_rdata(uint8_t* bitmap, size_t len, uint16_t type); - -/** - * Check if type is present in the NSEC typemap - * @param nsec: the nsec RRset. - * If there are multiple RRs, then each must have the same typemap, - * since the typemap represents the types at this domain node. - * @param type: type to check for, host order. - * @return true if present - */ -int nsec_has_type(struct ub_packed_rrset_key* nsec, uint16_t type); - -/** - * Determine if a NSEC proves the NOERROR/NODATA conditions. This will also - * handle the empty non-terminal (ENT) case and partially handle the - * wildcard case. If the ownername of 'nsec' is a wildcard, the validator - * must still be provided proof that qname did not directly exist and that - * the wildcard is, in fact, *.closest_encloser. - * - * @param nsec: the nsec record to check against. - * @param qinfo: the query info. - * @param wc: if the nodata is proven for a wildcard match, the wildcard - * closest encloser is returned, else NULL (wc is unchanged). - * This closest encloser must then match the nameerror given for the - * nextcloser of qname. - * @return true if NSEC proves this. - */ -int nsec_proves_nodata(struct ub_packed_rrset_key* nsec, - struct query_info* qinfo, uint8_t** wc); - -/** - * Determine if the given NSEC proves a NameError (NXDOMAIN) for a given - * qname. - * - * @param nsec: the nsec to check - * @param qname: what was queried. - * @return true if proven. - */ -int val_nsec_proves_name_error(struct ub_packed_rrset_key* nsec, - uint8_t* qname); - -/** - * Determine if the given NSEC proves a positive wildcard response. - * @param nsec: the nsec to check - * @param qinf: what was queried. - * @param wc: wildcard (without *. label) - * @return true if proven. - */ -int val_nsec_proves_positive_wildcard(struct ub_packed_rrset_key* nsec, - struct query_info* qinf, uint8_t* wc); - -/** - * Determine closest encloser of a query name and the NSEC that covers it - * (and thus disproved it). - * A name error must have been proven already, otherwise this will be invalid. - * @param qname: the name queried for. - * @param nsec: the nsec RRset. - * @return closest encloser dname or NULL on error (bad nsec RRset). - */ -uint8_t* nsec_closest_encloser(uint8_t* qname, - struct ub_packed_rrset_key* nsec); - -/** - * Determine if the given NSEC proves that a wildcard match does not exist. - * - * @param nsec: the nsec RRset. - * @param qname: the name queried for. - * @param qnamelen: length of qname. - * @return true if proven. - */ -int val_nsec_proves_no_wc(struct ub_packed_rrset_key* nsec, uint8_t* qname, - size_t qnamelen); - -/** - * Determine the DLV result, what to do with NSEC DLV reply. - * @param qinfo: what was queried for. - * @param rep: the nonpositive reply. - * @param nm: dlv lookup name, to adjust for new lookup name (if needed). - * @param nm_len: length of lookup name. - * @return 0 on error, 1 if a higher point is found. - * If the higher point is above the dlv repo anchor, the qname does - * not exist. - */ -int val_nsec_check_dlv(struct query_info* qinfo, - struct reply_info* rep, uint8_t** nm, size_t* nm_len); - -/** - * Determine if an nsec proves an insecure delegation towards the qname. - * @param nsec: nsec rrset. - * @param qinfo: what was queries for. - * @return 0 if not, 1 if an NSEC that signals an insecure delegation to - * the qname. - */ -int val_nsec_proves_insecuredelegation(struct ub_packed_rrset_key* nsec, - struct query_info* qinfo); - -#endif /* VALIDATOR_VAL_NSEC_H */ diff --git a/external/unbound/validator/val_nsec3.c b/external/unbound/validator/val_nsec3.c deleted file mode 100644 index 4d978372a..000000000 --- a/external/unbound/validator/val_nsec3.c +++ /dev/null @@ -1,1434 +0,0 @@ -/* - * validator/val_nsec3.c - validator NSEC3 denial of existence functions. - * - * Copyright (c) 2007, NLnet Labs. All rights reserved. - * - * This software is open source. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * Redistributions of source code must retain the above copyright notice, - * this list of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, - * this list of conditions and the following disclaimer in the documentation - * and/or other materials provided with the distribution. - * - * Neither the name of the NLNET LABS nor the names of its contributors may - * be used to endorse or promote products derived from this software without - * specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR - * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT - * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED - * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR - * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF - * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING - * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -/** - * \file - * - * This file contains helper functions for the validator module. - * The functions help with NSEC3 checking, the different NSEC3 proofs - * for denial of existence, and proofs for presence of types. - */ -#include "config.h" -#include -#include "validator/val_nsec3.h" -#include "validator/val_secalgo.h" -#include "validator/validator.h" -#include "validator/val_kentry.h" -#include "services/cache/rrset.h" -#include "util/regional.h" -#include "util/rbtree.h" -#include "util/module.h" -#include "util/net_help.h" -#include "util/data/packed_rrset.h" -#include "util/data/dname.h" -#include "util/data/msgreply.h" -/* we include nsec.h for the bitmap_has_type function */ -#include "validator/val_nsec.h" -#include "sldns/sbuffer.h" - -/** - * This function we get from ldns-compat or from base system - * it returns the number of data bytes stored at the target, or <0 on error. - */ -int sldns_b32_ntop_extended_hex(uint8_t const *src, size_t srclength, - char *target, size_t targsize); -/** - * This function we get from ldns-compat or from base system - * it returns the number of data bytes stored at the target, or <0 on error. - */ -int sldns_b32_pton_extended_hex(char const *src, size_t hashed_owner_str_len, - uint8_t *target, size_t targsize); - -/** - * Closest encloser (ce) proof results - * Contains the ce and the next-closer (nc) proof. - */ -struct ce_response { - /** the closest encloser name */ - uint8_t* ce; - /** length of ce */ - size_t ce_len; - /** NSEC3 record that proved ce. rrset */ - struct ub_packed_rrset_key* ce_rrset; - /** NSEC3 record that proved ce. rr number */ - int ce_rr; - /** NSEC3 record that proved nc. rrset */ - struct ub_packed_rrset_key* nc_rrset; - /** NSEC3 record that proved nc. rr*/ - int nc_rr; -}; - -/** - * Filter conditions for NSEC3 proof - * Used to iterate over the applicable NSEC3 RRs. - */ -struct nsec3_filter { - /** Zone name, only NSEC3 records for this zone are considered */ - uint8_t* zone; - /** length of the zonename */ - size_t zone_len; - /** the list of NSEC3s to filter; array */ - struct ub_packed_rrset_key** list; - /** number of rrsets in list */ - size_t num; - /** class of records for the NSEC3, only this class applies */ - uint16_t fclass; -}; - -/** return number of rrs in an rrset */ -static size_t -rrset_get_count(struct ub_packed_rrset_key* rrset) -{ - struct packed_rrset_data* d = (struct packed_rrset_data*) - rrset->entry.data; - if(!d) return 0; - return d->count; -} - -/** return if nsec3 RR has unknown flags */ -static int -nsec3_unknown_flags(struct ub_packed_rrset_key* rrset, int r) -{ - struct packed_rrset_data* d = (struct packed_rrset_data*) - rrset->entry.data; - log_assert(d && r < (int)d->count); - if(d->rr_len[r] < 2+2) - return 0; /* malformed */ - return (int)(d->rr_data[r][2+1] & NSEC3_UNKNOWN_FLAGS); -} - -int -nsec3_has_optout(struct ub_packed_rrset_key* rrset, int r) -{ - struct packed_rrset_data* d = (struct packed_rrset_data*) - rrset->entry.data; - log_assert(d && r < (int)d->count); - if(d->rr_len[r] < 2+2) - return 0; /* malformed */ - return (int)(d->rr_data[r][2+1] & NSEC3_OPTOUT); -} - -/** return nsec3 RR algorithm */ -static int -nsec3_get_algo(struct ub_packed_rrset_key* rrset, int r) -{ - struct packed_rrset_data* d = (struct packed_rrset_data*) - rrset->entry.data; - log_assert(d && r < (int)d->count); - if(d->rr_len[r] < 2+1) - return 0; /* malformed */ - return (int)(d->rr_data[r][2+0]); -} - -/** return if nsec3 RR has known algorithm */ -static int -nsec3_known_algo(struct ub_packed_rrset_key* rrset, int r) -{ - struct packed_rrset_data* d = (struct packed_rrset_data*) - rrset->entry.data; - log_assert(d && r < (int)d->count); - if(d->rr_len[r] < 2+1) - return 0; /* malformed */ - switch(d->rr_data[r][2+0]) { - case NSEC3_HASH_SHA1: - return 1; - } - return 0; -} - -/** return nsec3 RR iteration count */ -static size_t -nsec3_get_iter(struct ub_packed_rrset_key* rrset, int r) -{ - uint16_t i; - struct packed_rrset_data* d = (struct packed_rrset_data*) - rrset->entry.data; - log_assert(d && r < (int)d->count); - if(d->rr_len[r] < 2+4) - return 0; /* malformed */ - memmove(&i, d->rr_data[r]+2+2, sizeof(i)); - i = ntohs(i); - return (size_t)i; -} - -/** return nsec3 RR salt */ -static int -nsec3_get_salt(struct ub_packed_rrset_key* rrset, int r, - uint8_t** salt, size_t* saltlen) -{ - struct packed_rrset_data* d = (struct packed_rrset_data*) - rrset->entry.data; - log_assert(d && r < (int)d->count); - if(d->rr_len[r] < 2+5) { - *salt = 0; - *saltlen = 0; - return 0; /* malformed */ - } - *saltlen = (size_t)d->rr_data[r][2+4]; - if(d->rr_len[r] < 2+5+(size_t)*saltlen) { - *salt = 0; - *saltlen = 0; - return 0; /* malformed */ - } - *salt = d->rr_data[r]+2+5; - return 1; -} - -int nsec3_get_params(struct ub_packed_rrset_key* rrset, int r, - int* algo, size_t* iter, uint8_t** salt, size_t* saltlen) -{ - if(!nsec3_known_algo(rrset, r) || nsec3_unknown_flags(rrset, r)) - return 0; - if(!nsec3_get_salt(rrset, r, salt, saltlen)) - return 0; - *algo = nsec3_get_algo(rrset, r); - *iter = nsec3_get_iter(rrset, r); - return 1; -} - -int -nsec3_get_nextowner(struct ub_packed_rrset_key* rrset, int r, - uint8_t** next, size_t* nextlen) -{ - size_t saltlen; - struct packed_rrset_data* d = (struct packed_rrset_data*) - rrset->entry.data; - log_assert(d && r < (int)d->count); - if(d->rr_len[r] < 2+5) { - *next = 0; - *nextlen = 0; - return 0; /* malformed */ - } - saltlen = (size_t)d->rr_data[r][2+4]; - if(d->rr_len[r] < 2+5+saltlen+1) { - *next = 0; - *nextlen = 0; - return 0; /* malformed */ - } - *nextlen = (size_t)d->rr_data[r][2+5+saltlen]; - if(d->rr_len[r] < 2+5+saltlen+1+*nextlen) { - *next = 0; - *nextlen = 0; - return 0; /* malformed */ - } - *next = d->rr_data[r]+2+5+saltlen+1; - return 1; -} - -size_t nsec3_hash_to_b32(uint8_t* hash, size_t hashlen, uint8_t* zone, - size_t zonelen, uint8_t* buf, size_t max) -{ - /* write b32 of name, leave one for length */ - int ret; - if(max < hashlen*2+1) /* quick approx of b32, as if hexb16 */ - return 0; - ret = sldns_b32_ntop_extended_hex(hash, hashlen, (char*)buf+1, max-1); - if(ret < 1) - return 0; - buf[0] = (uint8_t)ret; /* length of b32 label */ - ret++; - if(max - ret < zonelen) - return 0; - memmove(buf+ret, zone, zonelen); - return zonelen+(size_t)ret; -} - -size_t nsec3_get_nextowner_b32(struct ub_packed_rrset_key* rrset, int r, - uint8_t* buf, size_t max) -{ - uint8_t* nm, *zone; - size_t nmlen, zonelen; - if(!nsec3_get_nextowner(rrset, r, &nm, &nmlen)) - return 0; - /* append zone name; the owner name must be .zone */ - zone = rrset->rk.dname; - zonelen = rrset->rk.dname_len; - dname_remove_label(&zone, &zonelen); - return nsec3_hash_to_b32(nm, nmlen, zone, zonelen, buf, max); -} - -int -nsec3_has_type(struct ub_packed_rrset_key* rrset, int r, uint16_t type) -{ - uint8_t* bitmap; - size_t bitlen, skiplen; - struct packed_rrset_data* d = (struct packed_rrset_data*) - rrset->entry.data; - log_assert(d && r < (int)d->count); - skiplen = 2+4; - /* skip salt */ - if(d->rr_len[r] < skiplen+1) - return 0; /* malformed, too short */ - skiplen += 1+(size_t)d->rr_data[r][skiplen]; - /* skip next hashed owner */ - if(d->rr_len[r] < skiplen+1) - return 0; /* malformed, too short */ - skiplen += 1+(size_t)d->rr_data[r][skiplen]; - if(d->rr_len[r] < skiplen) - return 0; /* malformed, too short */ - bitlen = d->rr_len[r] - skiplen; - bitmap = d->rr_data[r]+skiplen; - return nsecbitmap_has_type_rdata(bitmap, bitlen, type); -} - -/** - * Iterate through NSEC3 list, per RR - * This routine gives the next RR in the list (or sets rrset null). - * Usage: - * - * size_t rrsetnum; - * int rrnum; - * struct ub_packed_rrset_key* rrset; - * for(rrset=filter_first(filter, &rrsetnum, &rrnum); rrset; - * rrset=filter_next(filter, &rrsetnum, &rrnum)) - * do_stuff; - * - * Also filters out - * o unknown flag NSEC3s - * o unknown algorithm NSEC3s. - * @param filter: nsec3 filter structure. - * @param rrsetnum: in/out rrset number to look at. - * @param rrnum: in/out rr number in rrset to look at. - * @returns ptr to the next rrset (or NULL at end). - */ -static struct ub_packed_rrset_key* -filter_next(struct nsec3_filter* filter, size_t* rrsetnum, int* rrnum) -{ - size_t i; - int r; - uint8_t* nm; - size_t nmlen; - if(!filter->zone) /* empty list */ - return NULL; - for(i=*rrsetnum; inum; i++) { - /* see if RRset qualifies */ - if(ntohs(filter->list[i]->rk.type) != LDNS_RR_TYPE_NSEC3 || - ntohs(filter->list[i]->rk.rrset_class) != - filter->fclass) - continue; - /* check RRset zone */ - nm = filter->list[i]->rk.dname; - nmlen = filter->list[i]->rk.dname_len; - dname_remove_label(&nm, &nmlen); - if(query_dname_compare(nm, filter->zone) != 0) - continue; - if(i == *rrsetnum) - r = (*rrnum) + 1; /* continue at next RR */ - else r = 0; /* new RRset start at first RR */ - for(; r < (int)rrset_get_count(filter->list[i]); r++) { - /* skip unknown flags, algo */ - if(nsec3_unknown_flags(filter->list[i], r) || - !nsec3_known_algo(filter->list[i], r)) - continue; - /* this one is a good target */ - *rrsetnum = i; - *rrnum = r; - return filter->list[i]; - } - } - return NULL; -} - -/** - * Start iterating over NSEC3 records. - * @param filter: the filter structure, must have been filter_init-ed. - * @param rrsetnum: can be undefined on call, initialised. - * @param rrnum: can be undefined on call, initialised. - * @return first rrset of an NSEC3, together with rrnum this points to - * the first RR to examine. Is NULL on empty list. - */ -static struct ub_packed_rrset_key* -filter_first(struct nsec3_filter* filter, size_t* rrsetnum, int* rrnum) -{ - *rrsetnum = 0; - *rrnum = -1; - return filter_next(filter, rrsetnum, rrnum); -} - -/** see if at least one RR is known (flags, algo) */ -static int -nsec3_rrset_has_known(struct ub_packed_rrset_key* s) -{ - int r; - for(r=0; r < (int)rrset_get_count(s); r++) { - if(!nsec3_unknown_flags(s, r) && nsec3_known_algo(s, r)) - return 1; - } - return 0; -} - -/** - * Initialize the filter structure. - * Finds the zone by looking at available NSEC3 records and best match. - * (skips the unknown flag and unknown algo NSEC3s). - * - * @param filter: nsec3 filter structure. - * @param list: list of rrsets, an array of them. - * @param num: number of rrsets in list. - * @param qinfo: - * query name to match a zone for. - * query type (if DS a higher zone must be chosen) - * qclass, to filter NSEC3s with. - */ -static void -filter_init(struct nsec3_filter* filter, struct ub_packed_rrset_key** list, - size_t num, struct query_info* qinfo) -{ - size_t i; - uint8_t* nm; - size_t nmlen; - filter->zone = NULL; - filter->zone_len = 0; - filter->list = list; - filter->num = num; - filter->fclass = qinfo->qclass; - for(i=0; irk.type) != LDNS_RR_TYPE_NSEC3 || - ntohs(list[i]->rk.rrset_class) != qinfo->qclass) - continue; - /* skip unknown flags, algo */ - if(!nsec3_rrset_has_known(list[i])) - continue; - - /* since NSEC3s are base32.zonename, we can find the zone - * name by stripping off the first label of the record */ - nm = list[i]->rk.dname; - nmlen = list[i]->rk.dname_len; - dname_remove_label(&nm, &nmlen); - /* if we find a domain that can prove about the qname, - * and if this domain is closer to the qname */ - if(dname_subdomain_c(qinfo->qname, nm) && (!filter->zone || - dname_subdomain_c(nm, filter->zone))) { - /* for a type DS do not accept a zone equal to qname*/ - if(qinfo->qtype == LDNS_RR_TYPE_DS && - query_dname_compare(qinfo->qname, nm) == 0 && - !dname_is_root(qinfo->qname)) - continue; - filter->zone = nm; - filter->zone_len = nmlen; - } - } -} - -/** - * Find max iteration count using config settings and key size - * @param ve: validator environment with iteration count config settings. - * @param bits: key size - * @return max iteration count - */ -static size_t -get_max_iter(struct val_env* ve, size_t bits) -{ - int i; - log_assert(ve->nsec3_keyiter_count > 0); - /* round up to nearest config keysize, linear search, keep it small */ - for(i=0; insec3_keyiter_count; i++) { - if(bits <= ve->nsec3_keysize[i]) - return ve->nsec3_maxiter[i]; - } - /* else, use value for biggest key */ - return ve->nsec3_maxiter[ve->nsec3_keyiter_count-1]; -} - -/** - * Determine if any of the NSEC3 rrs iteration count is too high, from key. - * @param ve: validator environment with iteration count config settings. - * @param filter: what NSEC3s to loop over. - * @param kkey: key entry used for verification; used for iteration counts. - * @return 1 if some nsec3s are above the max iteration count. - */ -static int -nsec3_iteration_count_high(struct val_env* ve, struct nsec3_filter* filter, - struct key_entry_key* kkey) -{ - size_t rrsetnum; - int rrnum; - struct ub_packed_rrset_key* rrset; - /* first determine the max number of iterations */ - size_t bits = key_entry_keysize(kkey); - size_t max_iter = get_max_iter(ve, bits); - verbose(VERB_ALGO, "nsec3: keysize %d bits, max iterations %d", - (int)bits, (int)max_iter); - - for(rrset=filter_first(filter, &rrsetnum, &rrnum); rrset; - rrset=filter_next(filter, &rrsetnum, &rrnum)) { - if(nsec3_get_iter(rrset, rrnum) > max_iter) - return 1; - } - return 0; -} - -/* nsec3_cache_compare for rbtree */ -int -nsec3_hash_cmp(const void* c1, const void* c2) -{ - struct nsec3_cached_hash* h1 = (struct nsec3_cached_hash*)c1; - struct nsec3_cached_hash* h2 = (struct nsec3_cached_hash*)c2; - uint8_t* s1, *s2; - size_t s1len, s2len; - int c = query_dname_compare(h1->dname, h2->dname); - if(c != 0) - return c; - /* compare parameters */ - /* if both malformed, its equal, robustness */ - if(nsec3_get_algo(h1->nsec3, h1->rr) != - nsec3_get_algo(h2->nsec3, h2->rr)) { - if(nsec3_get_algo(h1->nsec3, h1->rr) < - nsec3_get_algo(h2->nsec3, h2->rr)) - return -1; - return 1; - } - if(nsec3_get_iter(h1->nsec3, h1->rr) != - nsec3_get_iter(h2->nsec3, h2->rr)) { - if(nsec3_get_iter(h1->nsec3, h1->rr) < - nsec3_get_iter(h2->nsec3, h2->rr)) - return -1; - return 1; - } - (void)nsec3_get_salt(h1->nsec3, h1->rr, &s1, &s1len); - (void)nsec3_get_salt(h2->nsec3, h2->rr, &s2, &s2len); - if(s1len != s2len) { - if(s1len < s2len) - return -1; - return 1; - } - return memcmp(s1, s2, s1len); -} - -size_t -nsec3_get_hashed(sldns_buffer* buf, uint8_t* nm, size_t nmlen, int algo, - size_t iter, uint8_t* salt, size_t saltlen, uint8_t* res, size_t max) -{ - size_t i, hash_len; - /* prepare buffer for first iteration */ - sldns_buffer_clear(buf); - sldns_buffer_write(buf, nm, nmlen); - query_dname_tolower(sldns_buffer_begin(buf)); - sldns_buffer_write(buf, salt, saltlen); - sldns_buffer_flip(buf); - hash_len = nsec3_hash_algo_size_supported(algo); - if(hash_len == 0) { - log_err("nsec3 hash of unknown algo %d", algo); - return 0; - } - if(hash_len > max) - return 0; - if(!secalgo_nsec3_hash(algo, (unsigned char*)sldns_buffer_begin(buf), - sldns_buffer_limit(buf), (unsigned char*)res)) - return 0; - for(i=0; insec3, c->rr); - size_t iter = nsec3_get_iter(c->nsec3, c->rr); - uint8_t* salt; - size_t saltlen, i; - if(!nsec3_get_salt(c->nsec3, c->rr, &salt, &saltlen)) - return -1; - /* prepare buffer for first iteration */ - sldns_buffer_clear(buf); - sldns_buffer_write(buf, c->dname, c->dname_len); - query_dname_tolower(sldns_buffer_begin(buf)); - sldns_buffer_write(buf, salt, saltlen); - sldns_buffer_flip(buf); - c->hash_len = nsec3_hash_algo_size_supported(algo); - if(c->hash_len == 0) { - log_err("nsec3 hash of unknown algo %d", algo); - return -1; - } - c->hash = (uint8_t*)regional_alloc(region, c->hash_len); - if(!c->hash) - return 0; - (void)secalgo_nsec3_hash(algo, (unsigned char*)sldns_buffer_begin(buf), - sldns_buffer_limit(buf), (unsigned char*)c->hash); - for(i=0; ihash, c->hash_len); - sldns_buffer_write(buf, salt, saltlen); - sldns_buffer_flip(buf); - (void)secalgo_nsec3_hash(algo, - (unsigned char*)sldns_buffer_begin(buf), - sldns_buffer_limit(buf), (unsigned char*)c->hash); - } - return 1; -} - -/** perform b32 encoding of hash */ -static int -nsec3_calc_b32(struct regional* region, sldns_buffer* buf, - struct nsec3_cached_hash* c) -{ - int r; - sldns_buffer_clear(buf); - r = sldns_b32_ntop_extended_hex(c->hash, c->hash_len, - (char*)sldns_buffer_begin(buf), sldns_buffer_limit(buf)); - if(r < 1) { - log_err("b32_ntop_extended_hex: error in encoding: %d", r); - return 0; - } - c->b32_len = (size_t)r; - c->b32 = regional_alloc_init(region, sldns_buffer_begin(buf), - c->b32_len); - if(!c->b32) - return 0; - return 1; -} - -int -nsec3_hash_name(rbtree_type* table, struct regional* region, sldns_buffer* buf, - struct ub_packed_rrset_key* nsec3, int rr, uint8_t* dname, - size_t dname_len, struct nsec3_cached_hash** hash) -{ - struct nsec3_cached_hash* c; - struct nsec3_cached_hash looki; -#ifdef UNBOUND_DEBUG - rbnode_type* n; -#endif - int r; - looki.node.key = &looki; - looki.nsec3 = nsec3; - looki.rr = rr; - looki.dname = dname; - looki.dname_len = dname_len; - /* lookup first in cache */ - c = (struct nsec3_cached_hash*)rbtree_search(table, &looki); - if(c) { - *hash = c; - return 1; - } - /* create a new entry */ - c = (struct nsec3_cached_hash*)regional_alloc(region, sizeof(*c)); - if(!c) return 0; - c->node.key = c; - c->nsec3 = nsec3; - c->rr = rr; - c->dname = dname; - c->dname_len = dname_len; - r = nsec3_calc_hash(region, buf, c); - if(r != 1) - return r; - r = nsec3_calc_b32(region, buf, c); - if(r != 1) - return r; -#ifdef UNBOUND_DEBUG - n = -#else - (void) -#endif - rbtree_insert(table, &c->node); - log_assert(n); /* cannot be duplicate, just did lookup */ - *hash = c; - return 1; -} - -/** - * compare a label lowercased - */ -static int -label_compare_lower(uint8_t* lab1, uint8_t* lab2, size_t lablen) -{ - size_t i; - for(i=0; irk.dname; - /* compare, does hash of name based on params in this NSEC3 - * match the owner name of this NSEC3? - * name must be: base32 . zone name - * so; first label must not be root label (not zero length), - * and match the b32 encoded hash length, - * and the label content match the b32 encoded hash - * and the rest must be the zone name. - */ - if(hash->b32_len != 0 && (size_t)nm[0] == hash->b32_len && - label_compare_lower(nm+1, hash->b32, hash->b32_len) == 0 && - query_dname_compare(nm+(size_t)nm[0]+1, flt->zone) == 0) { - return 1; - } - return 0; -} - -/** - * Find matching NSEC3 - * Find the NSEC3Record that matches a hash of a name. - * @param env: module environment with temporary region and buffer. - * @param flt: the NSEC3 RR filter, contains zone name and RRs. - * @param ct: cached hashes table. - * @param nm: name to look for. - * @param nmlen: length of name. - * @param rrset: nsec3 that matches is returned here. - * @param rr: rr number in nsec3 rrset that matches. - * @return true if a matching NSEC3 is found, false if not. - */ -static int -find_matching_nsec3(struct module_env* env, struct nsec3_filter* flt, - rbtree_type* ct, uint8_t* nm, size_t nmlen, - struct ub_packed_rrset_key** rrset, int* rr) -{ - size_t i_rs; - int i_rr; - struct ub_packed_rrset_key* s; - struct nsec3_cached_hash* hash; - int r; - - /* this loop skips other-zone and unknown NSEC3s, also non-NSEC3 RRs */ - for(s=filter_first(flt, &i_rs, &i_rr); s; - s=filter_next(flt, &i_rs, &i_rr)) { - /* get name hashed for this NSEC3 RR */ - r = nsec3_hash_name(ct, env->scratch, env->scratch_buffer, - s, i_rr, nm, nmlen, &hash); - if(r == 0) { - log_err("nsec3: malloc failure"); - break; /* alloc failure */ - } else if(r < 0) - continue; /* malformed NSEC3 */ - else if(nsec3_hash_matches_owner(flt, hash, s)) { - *rrset = s; /* rrset with this name */ - *rr = i_rr; /* matches hash with these parameters */ - return 1; - } - } - *rrset = NULL; - *rr = 0; - return 0; -} - -int -nsec3_covers(uint8_t* zone, struct nsec3_cached_hash* hash, - struct ub_packed_rrset_key* rrset, int rr, sldns_buffer* buf) -{ - uint8_t* next, *owner; - size_t nextlen; - int len; - if(!nsec3_get_nextowner(rrset, rr, &next, &nextlen)) - return 0; /* malformed RR proves nothing */ - - /* check the owner name is a hashed value . apex - * base32 encoded values must have equal length. - * hash_value and next hash value must have equal length. */ - if(nextlen != hash->hash_len || hash->hash_len==0||hash->b32_len==0|| - (size_t)*rrset->rk.dname != hash->b32_len || - query_dname_compare(rrset->rk.dname+1+ - (size_t)*rrset->rk.dname, zone) != 0) - return 0; /* bad lengths or owner name */ - - /* This is the "normal case: owner < next and owner < hash < next */ - if(label_compare_lower(rrset->rk.dname+1, hash->b32, - hash->b32_len) < 0 && - memcmp(hash->hash, next, nextlen) < 0) - return 1; - - /* convert owner name from text to binary */ - sldns_buffer_clear(buf); - owner = sldns_buffer_begin(buf); - len = sldns_b32_pton_extended_hex((char*)rrset->rk.dname+1, - hash->b32_len, owner, sldns_buffer_limit(buf)); - if(len<1) - return 0; /* bad owner name in some way */ - if((size_t)len != hash->hash_len || (size_t)len != nextlen) - return 0; /* wrong length */ - - /* this is the end of zone case: next <= owner && - * (hash > owner || hash < next) - * this also covers the only-apex case of next==owner. - */ - if(memcmp(next, owner, nextlen) <= 0 && - ( memcmp(hash->hash, owner, nextlen) > 0 || - memcmp(hash->hash, next, nextlen) < 0)) { - return 1; - } - return 0; -} - -/** - * findCoveringNSEC3 - * Given a name, find a covering NSEC3 from among a list of NSEC3s. - * - * @param env: module environment with temporary region and buffer. - * @param flt: the NSEC3 RR filter, contains zone name and RRs. - * @param ct: cached hashes table. - * @param nm: name to check if covered. - * @param nmlen: length of name. - * @param rrset: covering NSEC3 rrset is returned here. - * @param rr: rr of cover is returned here. - * @return true if a covering NSEC3 is found, false if not. - */ -static int -find_covering_nsec3(struct module_env* env, struct nsec3_filter* flt, - rbtree_type* ct, uint8_t* nm, size_t nmlen, - struct ub_packed_rrset_key** rrset, int* rr) -{ - size_t i_rs; - int i_rr; - struct ub_packed_rrset_key* s; - struct nsec3_cached_hash* hash; - int r; - - /* this loop skips other-zone and unknown NSEC3s, also non-NSEC3 RRs */ - for(s=filter_first(flt, &i_rs, &i_rr); s; - s=filter_next(flt, &i_rs, &i_rr)) { - /* get name hashed for this NSEC3 RR */ - r = nsec3_hash_name(ct, env->scratch, env->scratch_buffer, - s, i_rr, nm, nmlen, &hash); - if(r == 0) { - log_err("nsec3: malloc failure"); - break; /* alloc failure */ - } else if(r < 0) - continue; /* malformed NSEC3 */ - else if(nsec3_covers(flt->zone, hash, s, i_rr, - env->scratch_buffer)) { - *rrset = s; /* rrset with this name */ - *rr = i_rr; /* covers hash with these parameters */ - return 1; - } - } - *rrset = NULL; - *rr = 0; - return 0; -} - -/** - * findClosestEncloser - * Given a name and a list of NSEC3s, find the candidate closest encloser. - * This will be the first ancestor of 'name' (including itself) to have a - * matching NSEC3 RR. - * @param env: module environment with temporary region and buffer. - * @param flt: the NSEC3 RR filter, contains zone name and RRs. - * @param ct: cached hashes table. - * @param qinfo: query that is verified for. - * @param ce: closest encloser information is returned in here. - * @return true if a closest encloser candidate is found, false if not. - */ -static int -nsec3_find_closest_encloser(struct module_env* env, struct nsec3_filter* flt, - rbtree_type* ct, struct query_info* qinfo, struct ce_response* ce) -{ - uint8_t* nm = qinfo->qname; - size_t nmlen = qinfo->qname_len; - - /* This scans from longest name to shortest, so the first match - * we find is the only viable candidate. */ - - /* (David:) FIXME: modify so that the NSEC3 matching the zone apex need - * not be present. (Mark Andrews idea). - * (Wouter:) But make sure you check for DNAME bit in zone apex, - * if the NSEC3 you find is the only NSEC3 in the zone, then this - * may be the case. */ - - while(dname_subdomain_c(nm, flt->zone)) { - if(find_matching_nsec3(env, flt, ct, nm, nmlen, - &ce->ce_rrset, &ce->ce_rr)) { - ce->ce = nm; - ce->ce_len = nmlen; - return 1; - } - dname_remove_label(&nm, &nmlen); - } - return 0; -} - -/** - * Given a qname and its proven closest encloser, calculate the "next - * closest" name. Basically, this is the name that is one label longer than - * the closest encloser that is still a subdomain of qname. - * - * @param qname: query name. - * @param qnamelen: length of qname. - * @param ce: closest encloser - * @param nm: result name. - * @param nmlen: length of nm. - */ -static void -next_closer(uint8_t* qname, size_t qnamelen, uint8_t* ce, - uint8_t** nm, size_t* nmlen) -{ - int strip = dname_count_labels(qname) - dname_count_labels(ce) -1; - *nm = qname; - *nmlen = qnamelen; - if(strip>0) - dname_remove_labels(nm, nmlen, strip); -} - -/** - * proveClosestEncloser - * Given a List of nsec3 RRs, find and prove the closest encloser to qname. - * @param env: module environment with temporary region and buffer. - * @param flt: the NSEC3 RR filter, contains zone name and RRs. - * @param ct: cached hashes table. - * @param qinfo: query that is verified for. - * @param prove_does_not_exist: If true, then if the closest encloser - * turns out to be qname, then null is returned. - * If set true, and the return value is true, then you can be - * certain that the ce.nc_rrset and ce.nc_rr are set properly. - * @param ce: closest encloser information is returned in here. - * @return bogus if no closest encloser could be proven. - * secure if a closest encloser could be proven, ce is set. - * insecure if the closest-encloser candidate turns out to prove - * that an insecure delegation exists above the qname. - */ -static enum sec_status -nsec3_prove_closest_encloser(struct module_env* env, struct nsec3_filter* flt, - rbtree_type* ct, struct query_info* qinfo, int prove_does_not_exist, - struct ce_response* ce) -{ - uint8_t* nc; - size_t nc_len; - /* robust: clean out ce, in case it gets abused later */ - memset(ce, 0, sizeof(*ce)); - - if(!nsec3_find_closest_encloser(env, flt, ct, qinfo, ce)) { - verbose(VERB_ALGO, "nsec3 proveClosestEncloser: could " - "not find a candidate for the closest encloser."); - return sec_status_bogus; - } - log_nametypeclass(VERB_ALGO, "ce candidate", ce->ce, 0, 0); - - if(query_dname_compare(ce->ce, qinfo->qname) == 0) { - if(prove_does_not_exist) { - verbose(VERB_ALGO, "nsec3 proveClosestEncloser: " - "proved that qname existed, bad"); - return sec_status_bogus; - } - /* otherwise, we need to nothing else to prove that qname - * is its own closest encloser. */ - return sec_status_secure; - } - - /* If the closest encloser is actually a delegation, then the - * response should have been a referral. If it is a DNAME, then - * it should have been a DNAME response. */ - if(nsec3_has_type(ce->ce_rrset, ce->ce_rr, LDNS_RR_TYPE_NS) && - !nsec3_has_type(ce->ce_rrset, ce->ce_rr, LDNS_RR_TYPE_SOA)) { - if(!nsec3_has_type(ce->ce_rrset, ce->ce_rr, LDNS_RR_TYPE_DS)) { - verbose(VERB_ALGO, "nsec3 proveClosestEncloser: " - "closest encloser is insecure delegation"); - return sec_status_insecure; - } - verbose(VERB_ALGO, "nsec3 proveClosestEncloser: closest " - "encloser was a delegation, bad"); - return sec_status_bogus; - } - if(nsec3_has_type(ce->ce_rrset, ce->ce_rr, LDNS_RR_TYPE_DNAME)) { - verbose(VERB_ALGO, "nsec3 proveClosestEncloser: closest " - "encloser was a DNAME, bad"); - return sec_status_bogus; - } - - /* Otherwise, we need to show that the next closer name is covered. */ - next_closer(qinfo->qname, qinfo->qname_len, ce->ce, &nc, &nc_len); - if(!find_covering_nsec3(env, flt, ct, nc, nc_len, - &ce->nc_rrset, &ce->nc_rr)) { - verbose(VERB_ALGO, "nsec3: Could not find proof that the " - "candidate encloser was the closest encloser"); - return sec_status_bogus; - } - return sec_status_secure; -} - -/** allocate a wildcard for the closest encloser */ -static uint8_t* -nsec3_ce_wildcard(struct regional* region, uint8_t* ce, size_t celen, - size_t* len) -{ - uint8_t* nm; - if(celen > LDNS_MAX_DOMAINLEN - 2) - return 0; /* too long */ - nm = (uint8_t*)regional_alloc(region, celen+2); - if(!nm) { - log_err("nsec3 wildcard: out of memory"); - return 0; /* alloc failure */ - } - nm[0] = 1; - nm[1] = (uint8_t)'*'; /* wildcard label */ - memmove(nm+2, ce, celen); - *len = celen+2; - return nm; -} - -/** Do the name error proof */ -static enum sec_status -nsec3_do_prove_nameerror(struct module_env* env, struct nsec3_filter* flt, - rbtree_type* ct, struct query_info* qinfo) -{ - struct ce_response ce; - uint8_t* wc; - size_t wclen; - struct ub_packed_rrset_key* wc_rrset; - int wc_rr; - enum sec_status sec; - - /* First locate and prove the closest encloser to qname. We will - * use the variant that fails if the closest encloser turns out - * to be qname. */ - sec = nsec3_prove_closest_encloser(env, flt, ct, qinfo, 1, &ce); - if(sec != sec_status_secure) { - if(sec == sec_status_bogus) - verbose(VERB_ALGO, "nsec3 nameerror proof: failed " - "to prove a closest encloser"); - else verbose(VERB_ALGO, "nsec3 nameerror proof: closest " - "nsec3 is an insecure delegation"); - return sec; - } - log_nametypeclass(VERB_ALGO, "nsec3 namerror: proven ce=", ce.ce,0,0); - - /* At this point, we know that qname does not exist. Now we need - * to prove that the wildcard does not exist. */ - log_assert(ce.ce); - wc = nsec3_ce_wildcard(env->scratch, ce.ce, ce.ce_len, &wclen); - if(!wc || !find_covering_nsec3(env, flt, ct, wc, wclen, - &wc_rrset, &wc_rr)) { - verbose(VERB_ALGO, "nsec3 nameerror proof: could not prove " - "that the applicable wildcard did not exist."); - return sec_status_bogus; - } - - if(ce.nc_rrset && nsec3_has_optout(ce.nc_rrset, ce.nc_rr)) { - verbose(VERB_ALGO, "nsec3 nameerror proof: nc has optout"); - return sec_status_insecure; - } - return sec_status_secure; -} - -enum sec_status -nsec3_prove_nameerror(struct module_env* env, struct val_env* ve, - struct ub_packed_rrset_key** list, size_t num, - struct query_info* qinfo, struct key_entry_key* kkey) -{ - rbtree_type ct; - struct nsec3_filter flt; - - if(!list || num == 0 || !kkey || !key_entry_isgood(kkey)) - return sec_status_bogus; /* no valid NSEC3s, bogus */ - rbtree_init(&ct, &nsec3_hash_cmp); /* init names-to-hash cache */ - filter_init(&flt, list, num, qinfo); /* init RR iterator */ - if(!flt.zone) - return sec_status_bogus; /* no RRs */ - if(nsec3_iteration_count_high(ve, &flt, kkey)) - return sec_status_insecure; /* iteration count too high */ - log_nametypeclass(VERB_ALGO, "start nsec3 nameerror proof, zone", - flt.zone, 0, 0); - return nsec3_do_prove_nameerror(env, &flt, &ct, qinfo); -} - -/* - * No code to handle qtype=NSEC3 specially. - * This existed in early drafts, but was later (-05) removed. - */ - -/** Do the nodata proof */ -static enum sec_status -nsec3_do_prove_nodata(struct module_env* env, struct nsec3_filter* flt, - rbtree_type* ct, struct query_info* qinfo) -{ - struct ce_response ce; - uint8_t* wc; - size_t wclen; - struct ub_packed_rrset_key* rrset; - int rr; - enum sec_status sec; - - if(find_matching_nsec3(env, flt, ct, qinfo->qname, qinfo->qname_len, - &rrset, &rr)) { - /* cases 1 and 2 */ - if(nsec3_has_type(rrset, rr, qinfo->qtype)) { - verbose(VERB_ALGO, "proveNodata: Matching NSEC3 " - "proved that type existed, bogus"); - return sec_status_bogus; - } else if(nsec3_has_type(rrset, rr, LDNS_RR_TYPE_CNAME)) { - verbose(VERB_ALGO, "proveNodata: Matching NSEC3 " - "proved that a CNAME existed, bogus"); - return sec_status_bogus; - } - - /* - * If type DS: filter_init zone find already found a parent - * zone, so this nsec3 is from a parent zone. - * o can be not a delegation (unusual query for normal name, - * no DS anyway, but we can verify that). - * o can be a delegation (which is the usual DS check). - * o may not have the SOA bit set (only the top of the - * zone, which must have been above the name, has that). - * Except for the root; which is checked by itself. - * - * If not type DS: matching nsec3 must not be a delegation. - */ - if(qinfo->qtype == LDNS_RR_TYPE_DS && qinfo->qname_len != 1 - && nsec3_has_type(rrset, rr, LDNS_RR_TYPE_SOA) && - !dname_is_root(qinfo->qname)) { - verbose(VERB_ALGO, "proveNodata: apex NSEC3 " - "abused for no DS proof, bogus"); - return sec_status_bogus; - } else if(qinfo->qtype != LDNS_RR_TYPE_DS && - nsec3_has_type(rrset, rr, LDNS_RR_TYPE_NS) && - !nsec3_has_type(rrset, rr, LDNS_RR_TYPE_SOA)) { - if(!nsec3_has_type(rrset, rr, LDNS_RR_TYPE_DS)) { - verbose(VERB_ALGO, "proveNodata: matching " - "NSEC3 is insecure delegation"); - return sec_status_insecure; - } - verbose(VERB_ALGO, "proveNodata: matching " - "NSEC3 is a delegation, bogus"); - return sec_status_bogus; - } - return sec_status_secure; - } - - /* For cases 3 - 5, we need the proven closest encloser, and it - * can't match qname. Although, at this point, we know that it - * won't since we just checked that. */ - sec = nsec3_prove_closest_encloser(env, flt, ct, qinfo, 1, &ce); - if(sec == sec_status_bogus) { - verbose(VERB_ALGO, "proveNodata: did not match qname, " - "nor found a proven closest encloser."); - return sec_status_bogus; - } else if(sec==sec_status_insecure && qinfo->qtype!=LDNS_RR_TYPE_DS){ - verbose(VERB_ALGO, "proveNodata: closest nsec3 is insecure " - "delegation."); - return sec_status_insecure; - } - - /* Case 3: removed */ - - /* Case 4: */ - log_assert(ce.ce); - wc = nsec3_ce_wildcard(env->scratch, ce.ce, ce.ce_len, &wclen); - if(wc && find_matching_nsec3(env, flt, ct, wc, wclen, &rrset, &rr)) { - /* found wildcard */ - if(nsec3_has_type(rrset, rr, qinfo->qtype)) { - verbose(VERB_ALGO, "nsec3 nodata proof: matching " - "wildcard had qtype, bogus"); - return sec_status_bogus; - } else if(nsec3_has_type(rrset, rr, LDNS_RR_TYPE_CNAME)) { - verbose(VERB_ALGO, "nsec3 nodata proof: matching " - "wildcard had a CNAME, bogus"); - return sec_status_bogus; - } - if(qinfo->qtype == LDNS_RR_TYPE_DS && qinfo->qname_len != 1 - && nsec3_has_type(rrset, rr, LDNS_RR_TYPE_SOA)) { - verbose(VERB_ALGO, "nsec3 nodata proof: matching " - "wildcard for no DS proof has a SOA, bogus"); - return sec_status_bogus; - } else if(qinfo->qtype != LDNS_RR_TYPE_DS && - nsec3_has_type(rrset, rr, LDNS_RR_TYPE_NS) && - !nsec3_has_type(rrset, rr, LDNS_RR_TYPE_SOA)) { - verbose(VERB_ALGO, "nsec3 nodata proof: matching " - "wildcard is a delegation, bogus"); - return sec_status_bogus; - } - /* everything is peachy keen, except for optout spans */ - if(ce.nc_rrset && nsec3_has_optout(ce.nc_rrset, ce.nc_rr)) { - verbose(VERB_ALGO, "nsec3 nodata proof: matching " - "wildcard is in optout range, insecure"); - return sec_status_insecure; - } - return sec_status_secure; - } - - /* Case 5: */ - /* Due to forwarders, cnames, and other collating effects, we - * can see the ordinary unsigned data from a zone beneath an - * insecure delegation under an optout here */ - if(!ce.nc_rrset) { - verbose(VERB_ALGO, "nsec3 nodata proof: no next closer nsec3"); - return sec_status_bogus; - } - - /* We need to make sure that the covering NSEC3 is opt-out. */ - log_assert(ce.nc_rrset); - if(!nsec3_has_optout(ce.nc_rrset, ce.nc_rr)) { - if(qinfo->qtype == LDNS_RR_TYPE_DS) - verbose(VERB_ALGO, "proveNodata: covering NSEC3 was not " - "opt-out in an opt-out DS NOERROR/NODATA case."); - else verbose(VERB_ALGO, "proveNodata: could not find matching " - "NSEC3, nor matching wildcard, nor optout NSEC3 " - "-- no more options, bogus."); - return sec_status_bogus; - } - /* RFC5155 section 9.2: if nc has optout then no AD flag set */ - return sec_status_insecure; -} - -enum sec_status -nsec3_prove_nodata(struct module_env* env, struct val_env* ve, - struct ub_packed_rrset_key** list, size_t num, - struct query_info* qinfo, struct key_entry_key* kkey) -{ - rbtree_type ct; - struct nsec3_filter flt; - - if(!list || num == 0 || !kkey || !key_entry_isgood(kkey)) - return sec_status_bogus; /* no valid NSEC3s, bogus */ - rbtree_init(&ct, &nsec3_hash_cmp); /* init names-to-hash cache */ - filter_init(&flt, list, num, qinfo); /* init RR iterator */ - if(!flt.zone) - return sec_status_bogus; /* no RRs */ - if(nsec3_iteration_count_high(ve, &flt, kkey)) - return sec_status_insecure; /* iteration count too high */ - return nsec3_do_prove_nodata(env, &flt, &ct, qinfo); -} - -enum sec_status -nsec3_prove_wildcard(struct module_env* env, struct val_env* ve, - struct ub_packed_rrset_key** list, size_t num, - struct query_info* qinfo, struct key_entry_key* kkey, uint8_t* wc) -{ - rbtree_type ct; - struct nsec3_filter flt; - struct ce_response ce; - uint8_t* nc; - size_t nc_len; - size_t wclen; - (void)dname_count_size_labels(wc, &wclen); - - if(!list || num == 0 || !kkey || !key_entry_isgood(kkey)) - return sec_status_bogus; /* no valid NSEC3s, bogus */ - rbtree_init(&ct, &nsec3_hash_cmp); /* init names-to-hash cache */ - filter_init(&flt, list, num, qinfo); /* init RR iterator */ - if(!flt.zone) - return sec_status_bogus; /* no RRs */ - if(nsec3_iteration_count_high(ve, &flt, kkey)) - return sec_status_insecure; /* iteration count too high */ - - /* We know what the (purported) closest encloser is by just - * looking at the supposed generating wildcard. - * The *. has already been removed from the wc name. - */ - memset(&ce, 0, sizeof(ce)); - ce.ce = wc; - ce.ce_len = wclen; - - /* Now we still need to prove that the original data did not exist. - * Otherwise, we need to show that the next closer name is covered. */ - next_closer(qinfo->qname, qinfo->qname_len, ce.ce, &nc, &nc_len); - if(!find_covering_nsec3(env, &flt, &ct, nc, nc_len, - &ce.nc_rrset, &ce.nc_rr)) { - verbose(VERB_ALGO, "proveWildcard: did not find a covering " - "NSEC3 that covered the next closer name."); - return sec_status_bogus; - } - if(ce.nc_rrset && nsec3_has_optout(ce.nc_rrset, ce.nc_rr)) { - verbose(VERB_ALGO, "proveWildcard: NSEC3 optout"); - return sec_status_insecure; - } - return sec_status_secure; -} - -/** test if list is all secure */ -static int -list_is_secure(struct module_env* env, struct val_env* ve, - struct ub_packed_rrset_key** list, size_t num, - struct key_entry_key* kkey, char** reason) -{ - struct packed_rrset_data* d; - size_t i; - for(i=0; ientry.data; - if(list[i]->rk.type != htons(LDNS_RR_TYPE_NSEC3)) - continue; - if(d->security == sec_status_secure) - continue; - rrset_check_sec_status(env->rrset_cache, list[i], *env->now); - if(d->security == sec_status_secure) - continue; - d->security = val_verify_rrset_entry(env, ve, list[i], kkey, - reason); - if(d->security != sec_status_secure) { - verbose(VERB_ALGO, "NSEC3 did not verify"); - return 0; - } - rrset_update_sec_status(env->rrset_cache, list[i], *env->now); - } - return 1; -} - -enum sec_status -nsec3_prove_nods(struct module_env* env, struct val_env* ve, - struct ub_packed_rrset_key** list, size_t num, - struct query_info* qinfo, struct key_entry_key* kkey, char** reason) -{ - rbtree_type ct; - struct nsec3_filter flt; - struct ce_response ce; - struct ub_packed_rrset_key* rrset; - int rr; - log_assert(qinfo->qtype == LDNS_RR_TYPE_DS); - - if(!list || num == 0 || !kkey || !key_entry_isgood(kkey)) { - *reason = "no valid NSEC3s"; - return sec_status_bogus; /* no valid NSEC3s, bogus */ - } - if(!list_is_secure(env, ve, list, num, kkey, reason)) - return sec_status_bogus; /* not all NSEC3 records secure */ - rbtree_init(&ct, &nsec3_hash_cmp); /* init names-to-hash cache */ - filter_init(&flt, list, num, qinfo); /* init RR iterator */ - if(!flt.zone) { - *reason = "no NSEC3 records"; - return sec_status_bogus; /* no RRs */ - } - if(nsec3_iteration_count_high(ve, &flt, kkey)) - return sec_status_insecure; /* iteration count too high */ - - /* Look for a matching NSEC3 to qname -- this is the normal - * NODATA case. */ - if(find_matching_nsec3(env, &flt, &ct, qinfo->qname, qinfo->qname_len, - &rrset, &rr)) { - /* If the matching NSEC3 has the SOA bit set, it is from - * the wrong zone (the child instead of the parent). If - * it has the DS bit set, then we were lied to. */ - if(nsec3_has_type(rrset, rr, LDNS_RR_TYPE_SOA) && - qinfo->qname_len != 1) { - verbose(VERB_ALGO, "nsec3 provenods: NSEC3 is from" - " child zone, bogus"); - *reason = "NSEC3 from child zone"; - return sec_status_bogus; - } else if(nsec3_has_type(rrset, rr, LDNS_RR_TYPE_DS)) { - verbose(VERB_ALGO, "nsec3 provenods: NSEC3 has qtype" - " DS, bogus"); - *reason = "NSEC3 has DS in bitmap"; - return sec_status_bogus; - } - /* If the NSEC3 RR doesn't have the NS bit set, then - * this wasn't a delegation point. */ - if(!nsec3_has_type(rrset, rr, LDNS_RR_TYPE_NS)) - return sec_status_indeterminate; - /* Otherwise, this proves no DS. */ - return sec_status_secure; - } - - /* Otherwise, we are probably in the opt-out case. */ - if(nsec3_prove_closest_encloser(env, &flt, &ct, qinfo, 1, &ce) - != sec_status_secure) { - /* an insecure delegation *above* the qname does not prove - * anything about this qname exactly, and bogus is bogus */ - verbose(VERB_ALGO, "nsec3 provenods: did not match qname, " - "nor found a proven closest encloser."); - *reason = "no NSEC3 closest encloser"; - return sec_status_bogus; - } - - /* robust extra check */ - if(!ce.nc_rrset) { - verbose(VERB_ALGO, "nsec3 nods proof: no next closer nsec3"); - *reason = "no NSEC3 next closer"; - return sec_status_bogus; - } - - /* we had the closest encloser proof, then we need to check that the - * covering NSEC3 was opt-out -- the proveClosestEncloser step already - * checked to see if the closest encloser was a delegation or DNAME. - */ - log_assert(ce.nc_rrset); - if(!nsec3_has_optout(ce.nc_rrset, ce.nc_rr)) { - verbose(VERB_ALGO, "nsec3 provenods: covering NSEC3 was not " - "opt-out in an opt-out DS NOERROR/NODATA case."); - *reason = "covering NSEC3 was not opt-out in an opt-out " - "DS NOERROR/NODATA case"; - return sec_status_bogus; - } - /* RFC5155 section 9.2: if nc has optout then no AD flag set */ - return sec_status_insecure; -} - -enum sec_status -nsec3_prove_nxornodata(struct module_env* env, struct val_env* ve, - struct ub_packed_rrset_key** list, size_t num, - struct query_info* qinfo, struct key_entry_key* kkey, int* nodata) -{ - enum sec_status sec, secnx; - rbtree_type ct; - struct nsec3_filter flt; - *nodata = 0; - - if(!list || num == 0 || !kkey || !key_entry_isgood(kkey)) - return sec_status_bogus; /* no valid NSEC3s, bogus */ - rbtree_init(&ct, &nsec3_hash_cmp); /* init names-to-hash cache */ - filter_init(&flt, list, num, qinfo); /* init RR iterator */ - if(!flt.zone) - return sec_status_bogus; /* no RRs */ - if(nsec3_iteration_count_high(ve, &flt, kkey)) - return sec_status_insecure; /* iteration count too high */ - - /* try nxdomain and nodata after another, while keeping the - * hash cache intact */ - - secnx = nsec3_do_prove_nameerror(env, &flt, &ct, qinfo); - if(secnx==sec_status_secure) - return sec_status_secure; - sec = nsec3_do_prove_nodata(env, &flt, &ct, qinfo); - if(sec==sec_status_secure) { - *nodata = 1; - } else if(sec == sec_status_insecure) { - *nodata = 1; - } else if(secnx == sec_status_insecure) { - sec = sec_status_insecure; - } - return sec; -} diff --git a/external/unbound/validator/val_nsec3.h b/external/unbound/validator/val_nsec3.h deleted file mode 100644 index 27e9f9eac..000000000 --- a/external/unbound/validator/val_nsec3.h +++ /dev/null @@ -1,380 +0,0 @@ -/* - * validator/val_nsec3.h - validator NSEC3 denial of existence functions. - * - * Copyright (c) 2007, NLnet Labs. All rights reserved. - * - * This software is open source. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * Redistributions of source code must retain the above copyright notice, - * this list of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, - * this list of conditions and the following disclaimer in the documentation - * and/or other materials provided with the distribution. - * - * Neither the name of the NLNET LABS nor the names of its contributors may - * be used to endorse or promote products derived from this software without - * specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR - * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT - * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED - * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR - * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF - * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING - * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -/** - * \file - * - * This file contains helper functions for the validator module. - * The functions help with NSEC3 checking, the different NSEC3 proofs - * for denial of existence, and proofs for presence of types. - * - * NSEC3 - * 1 1 1 1 1 1 1 1 1 1 2 2 2 2 2 2 2 2 2 2 3 3 - * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 - * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ - * | Hash Alg. | Flags | Iterations | - * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ - * | Salt Length | Salt / - * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ - * | Hash Length | Next Hashed Owner Name / - * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ - * / Type Bit Maps / - * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ - * - * NSEC3PARAM - * 1 1 1 1 1 1 1 1 1 1 2 2 2 2 2 2 2 2 2 2 3 3 - * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 - * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ - * | Hash Alg. | Flags | Iterations | - * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ - * | Salt Length | Salt / - * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ - * - */ - -#ifndef VALIDATOR_VAL_NSEC3_H -#define VALIDATOR_VAL_NSEC3_H -#include "util/rbtree.h" -#include "util/data/packed_rrset.h" -struct val_env; -struct regional; -struct module_env; -struct ub_packed_rrset_key; -struct reply_info; -struct query_info; -struct key_entry_key; -struct sldns_buffer; - -/** - * 0 1 2 3 4 5 6 7 - * +-+-+-+-+-+-+-+-+ - * | |O| - * +-+-+-+-+-+-+-+-+ - * The OPT-OUT bit in the NSEC3 flags field. - * If enabled, there can be zero or more unsigned delegations in the span. - * If disabled, there are zero unsigned delegations in the span. - */ -#define NSEC3_OPTOUT 0x01 -/** - * The unknown flags in the NSEC3 flags field. - * They must be zero, or the NSEC3 is ignored. - */ -#define NSEC3_UNKNOWN_FLAGS 0xFE - -/** The SHA1 hash algorithm for NSEC3 */ -#define NSEC3_HASH_SHA1 0x01 - -/** - * Determine if the set of NSEC3 records provided with a response prove NAME - * ERROR. This means that the NSEC3s prove a) the closest encloser exists, - * b) the direct child of the closest encloser towards qname doesn't exist, - * and c) *.closest encloser does not exist. - * - * @param env: module environment with temporary region and buffer. - * @param ve: validator environment, with iteration count settings. - * @param list: array of RRsets, some of which are NSEC3s. - * @param num: number of RRsets in the array to examine. - * @param qinfo: query that is verified for. - * @param kkey: key entry that signed the NSEC3s. - * @return: - * sec_status SECURE of the Name Error is proven by the NSEC3 RRs, - * BOGUS if not, INSECURE if all of the NSEC3s could be validly ignored. - */ -enum sec_status -nsec3_prove_nameerror(struct module_env* env, struct val_env* ve, - struct ub_packed_rrset_key** list, size_t num, - struct query_info* qinfo, struct key_entry_key* kkey); - -/** - * Determine if the NSEC3s provided in a response prove the NOERROR/NODATA - * status. There are a number of different variants to this: - * - * 1) Normal NODATA -- qname is matched to an NSEC3 record, type is not - * present. - * - * 2) ENT NODATA -- because there must be NSEC3 record for - * empty-non-terminals, this is the same as #1. - * - * 3) NSEC3 ownername NODATA -- qname matched an existing, lone NSEC3 - * ownername, but qtype was not NSEC3. NOTE: as of nsec-05, this case no - * longer exists. - * - * 4) Wildcard NODATA -- A wildcard matched the name, but not the type. - * - * 5) Opt-In DS NODATA -- the qname is covered by an opt-in span and qtype == - * DS. (or maybe some future record with the same parent-side-only property) - * - * @param env: module environment with temporary region and buffer. - * @param ve: validator environment, with iteration count settings. - * @param list: array of RRsets, some of which are NSEC3s. - * @param num: number of RRsets in the array to examine. - * @param qinfo: query that is verified for. - * @param kkey: key entry that signed the NSEC3s. - * @return: - * sec_status SECURE of the proposition is proven by the NSEC3 RRs, - * BOGUS if not, INSECURE if all of the NSEC3s could be validly ignored. - */ -enum sec_status -nsec3_prove_nodata(struct module_env* env, struct val_env* ve, - struct ub_packed_rrset_key** list, size_t num, - struct query_info* qinfo, struct key_entry_key* kkey); - - -/** - * Prove that a positive wildcard match was appropriate (no direct match - * RRset). - * - * @param env: module environment with temporary region and buffer. - * @param ve: validator environment, with iteration count settings. - * @param list: array of RRsets, some of which are NSEC3s. - * @param num: number of RRsets in the array to examine. - * @param qinfo: query that is verified for. - * @param kkey: key entry that signed the NSEC3s. - * @param wc: The purported wildcard that matched. This is the wildcard name - * as *.wildcard.name., with the *. label already removed. - * @return: - * sec_status SECURE of the proposition is proven by the NSEC3 RRs, - * BOGUS if not, INSECURE if all of the NSEC3s could be validly ignored. - */ -enum sec_status -nsec3_prove_wildcard(struct module_env* env, struct val_env* ve, - struct ub_packed_rrset_key** list, size_t num, - struct query_info* qinfo, struct key_entry_key* kkey, uint8_t* wc); - -/** - * Prove that a DS response either had no DS, or wasn't a delegation point. - * - * Fundamentally there are two cases here: normal NODATA and Opt-In NODATA. - * - * @param env: module environment with temporary region and buffer. - * @param ve: validator environment, with iteration count settings. - * @param list: array of RRsets, some of which are NSEC3s. - * @param num: number of RRsets in the array to examine. - * @param qinfo: query that is verified for. - * @param kkey: key entry that signed the NSEC3s. - * @param reason: string for bogus result. - * @return: - * sec_status SECURE of the proposition is proven by the NSEC3 RRs, - * BOGUS if not, INSECURE if all of the NSEC3s could be validly ignored. - * or if there was no DS in an insecure (i.e., opt-in) way, - * INDETERMINATE if it was clear that this wasn't a delegation point. - */ -enum sec_status -nsec3_prove_nods(struct module_env* env, struct val_env* ve, - struct ub_packed_rrset_key** list, size_t num, - struct query_info* qinfo, struct key_entry_key* kkey, char** reason); - -/** - * Prove NXDOMAIN or NODATA. - * - * @param env: module environment with temporary region and buffer. - * @param ve: validator environment, with iteration count settings. - * @param list: array of RRsets, some of which are NSEC3s. - * @param num: number of RRsets in the array to examine. - * @param qinfo: query that is verified for. - * @param kkey: key entry that signed the NSEC3s. - * @param nodata: if return value is secure, this indicates if nodata or - * nxdomain was proven. - * @return: - * sec_status SECURE of the proposition is proven by the NSEC3 RRs, - * BOGUS if not, INSECURE if all of the NSEC3s could be validly ignored. - */ -enum sec_status -nsec3_prove_nxornodata(struct module_env* env, struct val_env* ve, - struct ub_packed_rrset_key** list, size_t num, - struct query_info* qinfo, struct key_entry_key* kkey, int* nodata); - -/** - * The NSEC3 hash result storage. - * Consists of an rbtree, with these nodes in it. - * The nodes detail how a set of parameters (from nsec3 rr) plus - * a dname result in a hash. - */ -struct nsec3_cached_hash { - /** rbtree node, key is this structure */ - rbnode_type node; - /** where are the parameters for conversion, in this rrset data */ - struct ub_packed_rrset_key* nsec3; - /** where are the parameters for conversion, this RR number in data */ - int rr; - /** the name to convert */ - uint8_t* dname; - /** length of the dname */ - size_t dname_len; - /** the hash result (not base32 encoded) */ - uint8_t* hash; - /** length of hash in bytes */ - size_t hash_len; - /** the hash result in base32 encoding */ - uint8_t* b32; - /** length of base32 encoding (as a label) */ - size_t b32_len; -}; - -/** - * Rbtree for hash cache comparison function. - * @param c1: key 1. - * @param c2: key 2. - * @return: comparison code, -1, 0, 1, of the keys. - */ -int nsec3_hash_cmp(const void* c1, const void* c2); - -/** - * Obtain the hash of an owner name. - * Used internally by the nsec3 proof functions in this file. - * published to enable unit testing of hash algorithms and cache. - * - * @param table: the cache table. Must be initialised at start. - * @param region: scratch region to use for allocation. - * This region holds the tree, if you wipe the region, reinit the tree. - * @param buf: temporary buffer. - * @param nsec3: the rrset with parameters - * @param rr: rr number from d that has the NSEC3 parameters to hash to. - * @param dname: name to hash - * This pointer is used inside the tree, assumed region-alloced. - * @param dname_len: the length of the name. - * @param hash: the hash node is returned on success. - * @return: - * 1 on success, either from cache or newly hashed hash is returned. - * 0 on a malloc failure. - * -1 if the NSEC3 rr was badly formatted (i.e. formerr). - */ -int nsec3_hash_name(rbtree_type* table, struct regional* region, - struct sldns_buffer* buf, struct ub_packed_rrset_key* nsec3, int rr, - uint8_t* dname, size_t dname_len, struct nsec3_cached_hash** hash); - -/** - * Get next owner name, converted to base32 encoding and with the - * zone name (taken from the nsec3 owner name) appended. - * @param rrset: the NSEC3 rrset. - * @param r: the rr num of the nsec3 in the rrset. - * @param buf: buffer to store name in - * @param max: size of buffer. - * @return length of name on success. 0 on failure (buffer too short or - * bad format nsec3 record). - */ -size_t nsec3_get_nextowner_b32(struct ub_packed_rrset_key* rrset, int r, - uint8_t* buf, size_t max); - -/** - * Convert hash into base32 encoding and with the - * zone name appended. - * @param hash: hashed buffer - * @param hashlen: length of hash - * @param zone: name of zone - * @param zonelen: length of zonename. - * @param buf: buffer to store name in - * @param max: size of buffer. - * @return length of name on success. 0 on failure (buffer too short or - * bad format nsec3 record). - */ -size_t nsec3_hash_to_b32(uint8_t* hash, size_t hashlen, uint8_t* zone, - size_t zonelen, uint8_t* buf, size_t max); - -/** - * Get NSEC3 parameters out of rr. - * @param rrset: the NSEC3 rrset. - * @param r: the rr num of the nsec3 in the rrset. - * @param algo: nsec3 hash algo. - * @param iter: iteration count. - * @param salt: ptr to salt inside rdata. - * @param saltlen: length of salt. - * @return 0 if bad formatted, unknown nsec3 hash algo, or unknown flags set. - */ -int nsec3_get_params(struct ub_packed_rrset_key* rrset, int r, - int* algo, size_t* iter, uint8_t** salt, size_t* saltlen); - -/** - * Get NSEC3 hashed in a buffer - * @param buf: buffer for temp use. - * @param nm: name to hash - * @param nmlen: length of nm. - * @param algo: algo to use, must be known. - * @param iter: iterations - * @param salt: salt for nsec3 - * @param saltlen: length of salt. - * @param res: result of hash stored here. - * @param max: maximum space for result. - * @return 0 on failure, otherwise bytelength stored. - */ -size_t nsec3_get_hashed(struct sldns_buffer* buf, uint8_t* nm, size_t nmlen, - int algo, size_t iter, uint8_t* salt, size_t saltlen, uint8_t* res, - size_t max); - -/** - * see if NSEC3 RR contains given type - * @param rrset: NSEC3 rrset - * @param r: RR in rrset - * @param type: in host order to check bit for. - * @return true if bit set, false if not or error. - */ -int nsec3_has_type(struct ub_packed_rrset_key* rrset, int r, uint16_t type); - -/** - * return if nsec3 RR has the optout flag - * @param rrset: NSEC3 rrset - * @param r: RR in rrset - * @return true if optout, false on error or not optout - */ -int nsec3_has_optout(struct ub_packed_rrset_key* rrset, int r); - -/** - * Return nsec3 RR next hashed owner name - * @param rrset: NSEC3 rrset - * @param r: RR in rrset - * @param next: ptr into rdata to next owner hash - * @param nextlen: length of hash. - * @return false on malformed - */ -int nsec3_get_nextowner(struct ub_packed_rrset_key* rrset, int r, - uint8_t** next, size_t* nextlen); - -/** - * nsec3Covers - * Given a hash and a candidate NSEC3Record, determine if that NSEC3Record - * covers the hash. Covers specifically means that the hash is in between - * the owner and next hashes and does not equal either. - * - * @param zone: the zone name. - * @param hash: the hash of the name - * @param rrset: the rrset of the NSEC3. - * @param rr: which rr in the rrset. - * @param buf: temporary buffer. - * @return true if covers, false if not. - */ -int nsec3_covers(uint8_t* zone, struct nsec3_cached_hash* hash, - struct ub_packed_rrset_key* rrset, int rr, struct sldns_buffer* buf); - -#endif /* VALIDATOR_VAL_NSEC3_H */ diff --git a/external/unbound/validator/val_secalgo.c b/external/unbound/validator/val_secalgo.c deleted file mode 100644 index be88ff438..000000000 --- a/external/unbound/validator/val_secalgo.c +++ /dev/null @@ -1,1753 +0,0 @@ -/* - * validator/val_secalgo.c - validator security algorithm functions. - * - * Copyright (c) 2012, NLnet Labs. All rights reserved. - * - * This software is open source. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * Redistributions of source code must retain the above copyright notice, - * this list of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, - * this list of conditions and the following disclaimer in the documentation - * and/or other materials provided with the distribution. - * - * Neither the name of the NLNET LABS nor the names of its contributors may - * be used to endorse or promote products derived from this software without - * specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR - * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT - * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED - * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR - * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF - * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING - * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -/** - * \file - * - * This file contains helper functions for the validator module. - * These functions take raw data buffers, formatted for crypto verification, - * and do the library calls (for the crypto library in use). - */ -#include "config.h" -/* packed_rrset on top to define enum types (forced by c99 standard) */ -#include "util/data/packed_rrset.h" -#include "validator/val_secalgo.h" -#include "validator/val_nsec3.h" -#include "util/log.h" -#include "sldns/rrdef.h" -#include "sldns/keyraw.h" -#include "sldns/sbuffer.h" - -#if !defined(HAVE_SSL) && !defined(HAVE_NSS) && !defined(HAVE_NETTLE) -#error "Need crypto library to do digital signature cryptography" -#endif - -/* OpenSSL implementation */ -#ifdef HAVE_SSL -#ifdef HAVE_OPENSSL_ERR_H -#include -#endif - -#ifdef HAVE_OPENSSL_RAND_H -#include -#endif - -#ifdef HAVE_OPENSSL_CONF_H -#include -#endif - -#ifdef HAVE_OPENSSL_ENGINE_H -#include -#endif - -/** fake DSA support for unit tests */ -int fake_dsa = 0; -/** fake SHA1 support for unit tests */ -int fake_sha1 = 0; - -/* return size of digest if supported, or 0 otherwise */ -size_t -nsec3_hash_algo_size_supported(int id) -{ - switch(id) { - case NSEC3_HASH_SHA1: - return SHA_DIGEST_LENGTH; - default: - return 0; - } -} - -/* perform nsec3 hash. return false on failure */ -int -secalgo_nsec3_hash(int algo, unsigned char* buf, size_t len, - unsigned char* res) -{ - switch(algo) { - case NSEC3_HASH_SHA1: - (void)SHA1(buf, len, res); - return 1; - default: - return 0; - } -} - -void -secalgo_hash_sha256(unsigned char* buf, size_t len, unsigned char* res) -{ - (void)SHA256(buf, len, res); -} - -/** - * Return size of DS digest according to its hash algorithm. - * @param algo: DS digest algo. - * @return size in bytes of digest, or 0 if not supported. - */ -size_t -ds_digest_size_supported(int algo) -{ - switch(algo) { - case LDNS_SHA1: -#if defined(HAVE_EVP_SHA1) && defined(USE_SHA1) - return SHA_DIGEST_LENGTH; -#else - if(fake_sha1) return 20; - return 0; -#endif -#ifdef HAVE_EVP_SHA256 - case LDNS_SHA256: - return SHA256_DIGEST_LENGTH; -#endif -#ifdef USE_GOST - case LDNS_HASH_GOST: - /* we support GOST if it can be loaded */ - (void)sldns_key_EVP_load_gost_id(); - if(EVP_get_digestbyname("md_gost94")) - return 32; - else return 0; -#endif -#ifdef USE_ECDSA - case LDNS_SHA384: - return SHA384_DIGEST_LENGTH; -#endif - default: break; - } - return 0; -} - -#ifdef USE_GOST -/** Perform GOST hash */ -static int -do_gost94(unsigned char* data, size_t len, unsigned char* dest) -{ - const EVP_MD* md = EVP_get_digestbyname("md_gost94"); - if(!md) - return 0; - return sldns_digest_evp(data, (unsigned int)len, dest, md); -} -#endif - -int -secalgo_ds_digest(int algo, unsigned char* buf, size_t len, - unsigned char* res) -{ - switch(algo) { -#if defined(HAVE_EVP_SHA1) && defined(USE_SHA1) - case LDNS_SHA1: - (void)SHA1(buf, len, res); - return 1; -#endif -#ifdef HAVE_EVP_SHA256 - case LDNS_SHA256: - (void)SHA256(buf, len, res); - return 1; -#endif -#ifdef USE_GOST - case LDNS_HASH_GOST: - if(do_gost94(buf, len, res)) - return 1; - break; -#endif -#ifdef USE_ECDSA - case LDNS_SHA384: - (void)SHA384(buf, len, res); - return 1; -#endif - default: - verbose(VERB_QUERY, "unknown DS digest algorithm %d", - algo); - break; - } - return 0; -} - -/** return true if DNSKEY algorithm id is supported */ -int -dnskey_algo_id_is_supported(int id) -{ - switch(id) { - case LDNS_RSAMD5: - /* RFC 6725 deprecates RSAMD5 */ - return 0; - case LDNS_DSA: - case LDNS_DSA_NSEC3: -#if defined(USE_DSA) && defined(USE_SHA1) - return 1; -#else - if(fake_dsa || fake_sha1) return 1; - return 0; -#endif - - case LDNS_RSASHA1: - case LDNS_RSASHA1_NSEC3: -#ifdef USE_SHA1 - return 1; -#else - if(fake_sha1) return 1; - return 0; -#endif - -#if defined(HAVE_EVP_SHA256) && defined(USE_SHA2) - case LDNS_RSASHA256: -#endif -#if defined(HAVE_EVP_SHA512) && defined(USE_SHA2) - case LDNS_RSASHA512: -#endif -#ifdef USE_ECDSA - case LDNS_ECDSAP256SHA256: - case LDNS_ECDSAP384SHA384: -#endif -#if (defined(HAVE_EVP_SHA256) && defined(USE_SHA2)) || (defined(HAVE_EVP_SHA512) && defined(USE_SHA2)) || defined(USE_ECDSA) - return 1; -#endif - -#ifdef USE_GOST - case LDNS_ECC_GOST: - /* we support GOST if it can be loaded */ - return sldns_key_EVP_load_gost_id(); -#endif - default: - return 0; - } -} - -/** - * Output a libcrypto openssl error to the logfile. - * @param str: string to add to it. - * @param e: the error to output, error number from ERR_get_error(). - */ -static void -log_crypto_error(const char* str, unsigned long e) -{ - char buf[128]; - /* or use ERR_error_string if ERR_error_string_n is not avail TODO */ - ERR_error_string_n(e, buf, sizeof(buf)); - /* buf now contains */ - /* error:[error code]:[library name]:[function name]:[reason string] */ - log_err("%s crypto %s", str, buf); -} - -#ifdef USE_DSA -/** - * Setup DSA key digest in DER encoding ... - * @param sig: input is signature output alloced ptr (unless failure). - * caller must free alloced ptr if this routine returns true. - * @param len: input is initial siglen, output is output len. - * @return false on failure. - */ -static int -setup_dsa_sig(unsigned char** sig, unsigned int* len) -{ - unsigned char* orig = *sig; - unsigned int origlen = *len; - int newlen; - BIGNUM *R, *S; - DSA_SIG *dsasig; - - /* extract the R and S field from the sig buffer */ - if(origlen < 1 + 2*SHA_DIGEST_LENGTH) - return 0; - R = BN_new(); - if(!R) return 0; - (void) BN_bin2bn(orig + 1, SHA_DIGEST_LENGTH, R); - S = BN_new(); - if(!S) return 0; - (void) BN_bin2bn(orig + 21, SHA_DIGEST_LENGTH, S); - dsasig = DSA_SIG_new(); - if(!dsasig) return 0; - -#ifdef HAVE_DSA_SIG_SET0 - if(!DSA_SIG_set0(dsasig, R, S)) return 0; -#else - dsasig->r = R; - dsasig->s = S; -#endif - *sig = NULL; - newlen = i2d_DSA_SIG(dsasig, sig); - if(newlen < 0) { - DSA_SIG_free(dsasig); - free(*sig); - return 0; - } - *len = (unsigned int)newlen; - DSA_SIG_free(dsasig); - return 1; -} -#endif /* USE_DSA */ - -#ifdef USE_ECDSA -/** - * Setup the ECDSA signature in its encoding that the library wants. - * Converts from plain numbers to ASN formatted. - * @param sig: input is signature, output alloced ptr (unless failure). - * caller must free alloced ptr if this routine returns true. - * @param len: input is initial siglen, output is output len. - * @return false on failure. - */ -static int -setup_ecdsa_sig(unsigned char** sig, unsigned int* len) -{ - /* convert from two BIGNUMs in the rdata buffer, to ASN notation. - * ASN preable: 30440220 0220 - * the '20' is the length of that field (=bnsize). -i * the '44' is the total remaining length. - * if negative, start with leading zero. - * if starts with 00s, remove them from the number. - */ - uint8_t pre[] = {0x30, 0x44, 0x02, 0x20}; - int pre_len = 4; - uint8_t mid[] = {0x02, 0x20}; - int mid_len = 2; - int raw_sig_len, r_high, s_high, r_rem=0, s_rem=0; - int bnsize = (int)((*len)/2); - unsigned char* d = *sig; - uint8_t* p; - /* if too short or not even length, fails */ - if(*len < 16 || bnsize*2 != (int)*len) - return 0; - - /* strip leading zeroes from r (but not last one) */ - while(r_rem < bnsize-1 && d[r_rem] == 0) - r_rem++; - /* strip leading zeroes from s (but not last one) */ - while(s_rem < bnsize-1 && d[bnsize+s_rem] == 0) - s_rem++; - - r_high = ((d[0+r_rem]&0x80)?1:0); - s_high = ((d[bnsize+s_rem]&0x80)?1:0); - raw_sig_len = pre_len + r_high + bnsize - r_rem + mid_len + - s_high + bnsize - s_rem; - *sig = (unsigned char*)malloc((size_t)raw_sig_len); - if(!*sig) - return 0; - p = (uint8_t*)*sig; - p[0] = pre[0]; - p[1] = (uint8_t)(raw_sig_len-2); - p[2] = pre[2]; - p[3] = (uint8_t)(bnsize + r_high - r_rem); - p += 4; - if(r_high) { - *p = 0; - p += 1; - } - memmove(p, d+r_rem, (size_t)bnsize-r_rem); - p += bnsize-r_rem; - memmove(p, mid, (size_t)mid_len-1); - p += mid_len-1; - *p = (uint8_t)(bnsize + s_high - s_rem); - p += 1; - if(s_high) { - *p = 0; - p += 1; - } - memmove(p, d+bnsize+s_rem, (size_t)bnsize-s_rem); - *len = (unsigned int)raw_sig_len; - return 1; -} -#endif /* USE_ECDSA */ - -#ifdef USE_ECDSA_EVP_WORKAROUND -static EVP_MD ecdsa_evp_256_md; -static EVP_MD ecdsa_evp_384_md; -void ecdsa_evp_workaround_init(void) -{ - /* openssl before 1.0.0 fixes RSA with the SHA256 - * hash in EVP. We create one for ecdsa_sha256 */ - ecdsa_evp_256_md = *EVP_sha256(); - ecdsa_evp_256_md.required_pkey_type[0] = EVP_PKEY_EC; - ecdsa_evp_256_md.verify = (void*)ECDSA_verify; - - ecdsa_evp_384_md = *EVP_sha384(); - ecdsa_evp_384_md.required_pkey_type[0] = EVP_PKEY_EC; - ecdsa_evp_384_md.verify = (void*)ECDSA_verify; -} -#endif /* USE_ECDSA_EVP_WORKAROUND */ - -/** - * Setup key and digest for verification. Adjust sig if necessary. - * - * @param algo: key algorithm - * @param evp_key: EVP PKEY public key to create. - * @param digest_type: digest type to use - * @param key: key to setup for. - * @param keylen: length of key. - * @return false on failure. - */ -static int -setup_key_digest(int algo, EVP_PKEY** evp_key, const EVP_MD** digest_type, - unsigned char* key, size_t keylen) -{ -#if defined(USE_DSA) && defined(USE_SHA1) - DSA* dsa; -#endif - RSA* rsa; - - switch(algo) { -#if defined(USE_DSA) && defined(USE_SHA1) - case LDNS_DSA: - case LDNS_DSA_NSEC3: - *evp_key = EVP_PKEY_new(); - if(!*evp_key) { - log_err("verify: malloc failure in crypto"); - return 0; - } - dsa = sldns_key_buf2dsa_raw(key, keylen); - if(!dsa) { - verbose(VERB_QUERY, "verify: " - "sldns_key_buf2dsa_raw failed"); - return 0; - } - if(EVP_PKEY_assign_DSA(*evp_key, dsa) == 0) { - verbose(VERB_QUERY, "verify: " - "EVP_PKEY_assign_DSA failed"); - return 0; - } -#ifdef HAVE_EVP_DSS1 - *digest_type = EVP_dss1(); -#else - *digest_type = EVP_sha1(); -#endif - - break; -#endif /* USE_DSA && USE_SHA1 */ - -#if defined(USE_SHA1) || (defined(HAVE_EVP_SHA256) && defined(USE_SHA2)) || (defined(HAVE_EVP_SHA512) && defined(USE_SHA2)) -#ifdef USE_SHA1 - case LDNS_RSASHA1: - case LDNS_RSASHA1_NSEC3: -#endif -#if defined(HAVE_EVP_SHA256) && defined(USE_SHA2) - case LDNS_RSASHA256: -#endif -#if defined(HAVE_EVP_SHA512) && defined(USE_SHA2) - case LDNS_RSASHA512: -#endif - *evp_key = EVP_PKEY_new(); - if(!*evp_key) { - log_err("verify: malloc failure in crypto"); - return 0; - } - rsa = sldns_key_buf2rsa_raw(key, keylen); - if(!rsa) { - verbose(VERB_QUERY, "verify: " - "sldns_key_buf2rsa_raw SHA failed"); - return 0; - } - if(EVP_PKEY_assign_RSA(*evp_key, rsa) == 0) { - verbose(VERB_QUERY, "verify: " - "EVP_PKEY_assign_RSA SHA failed"); - return 0; - } - - /* select SHA version */ -#if defined(HAVE_EVP_SHA256) && defined(USE_SHA2) - if(algo == LDNS_RSASHA256) - *digest_type = EVP_sha256(); - else -#endif -#if defined(HAVE_EVP_SHA512) && defined(USE_SHA2) - if(algo == LDNS_RSASHA512) - *digest_type = EVP_sha512(); - else -#endif -#ifdef USE_SHA1 - *digest_type = EVP_sha1(); -#else - { verbose(VERB_QUERY, "no digest available"); return 0; } -#endif - break; -#endif /* defined(USE_SHA1) || (defined(HAVE_EVP_SHA256) && defined(USE_SHA2)) || (defined(HAVE_EVP_SHA512) && defined(USE_SHA2)) */ - - case LDNS_RSAMD5: - *evp_key = EVP_PKEY_new(); - if(!*evp_key) { - log_err("verify: malloc failure in crypto"); - return 0; - } - rsa = sldns_key_buf2rsa_raw(key, keylen); - if(!rsa) { - verbose(VERB_QUERY, "verify: " - "sldns_key_buf2rsa_raw MD5 failed"); - return 0; - } - if(EVP_PKEY_assign_RSA(*evp_key, rsa) == 0) { - verbose(VERB_QUERY, "verify: " - "EVP_PKEY_assign_RSA MD5 failed"); - return 0; - } - *digest_type = EVP_md5(); - - break; -#ifdef USE_GOST - case LDNS_ECC_GOST: - *evp_key = sldns_gost2pkey_raw(key, keylen); - if(!*evp_key) { - verbose(VERB_QUERY, "verify: " - "sldns_gost2pkey_raw failed"); - return 0; - } - *digest_type = EVP_get_digestbyname("md_gost94"); - if(!*digest_type) { - verbose(VERB_QUERY, "verify: " - "EVP_getdigest md_gost94 failed"); - return 0; - } - break; -#endif -#ifdef USE_ECDSA - case LDNS_ECDSAP256SHA256: - *evp_key = sldns_ecdsa2pkey_raw(key, keylen, - LDNS_ECDSAP256SHA256); - if(!*evp_key) { - verbose(VERB_QUERY, "verify: " - "sldns_ecdsa2pkey_raw failed"); - return 0; - } -#ifdef USE_ECDSA_EVP_WORKAROUND - *digest_type = &ecdsa_evp_256_md; -#else - *digest_type = EVP_sha256(); -#endif - break; - case LDNS_ECDSAP384SHA384: - *evp_key = sldns_ecdsa2pkey_raw(key, keylen, - LDNS_ECDSAP384SHA384); - if(!*evp_key) { - verbose(VERB_QUERY, "verify: " - "sldns_ecdsa2pkey_raw failed"); - return 0; - } -#ifdef USE_ECDSA_EVP_WORKAROUND - *digest_type = &ecdsa_evp_384_md; -#else - *digest_type = EVP_sha384(); -#endif - break; -#endif /* USE_ECDSA */ - default: - verbose(VERB_QUERY, "verify: unknown algorithm %d", - algo); - return 0; - } - return 1; -} - -/** - * Check a canonical sig+rrset and signature against a dnskey - * @param buf: buffer with data to verify, the first rrsig part and the - * canonicalized rrset. - * @param algo: DNSKEY algorithm. - * @param sigblock: signature rdata field from RRSIG - * @param sigblock_len: length of sigblock data. - * @param key: public key data from DNSKEY RR. - * @param keylen: length of keydata. - * @param reason: bogus reason in more detail. - * @return secure if verification succeeded, bogus on crypto failure, - * unchecked on format errors and alloc failures. - */ -enum sec_status -verify_canonrrset(sldns_buffer* buf, int algo, unsigned char* sigblock, - unsigned int sigblock_len, unsigned char* key, unsigned int keylen, - char** reason) -{ - const EVP_MD *digest_type; - EVP_MD_CTX* ctx; - int res, dofree = 0, docrypto_free = 0; - EVP_PKEY *evp_key = NULL; - -#ifndef USE_DSA - if((algo == LDNS_DSA || algo == LDNS_DSA_NSEC3) &&(fake_dsa||fake_sha1)) - return sec_status_secure; -#endif -#ifndef USE_SHA1 - if(fake_sha1 && (algo == LDNS_DSA || algo == LDNS_DSA_NSEC3 || algo == LDNS_RSASHA1 || algo == LDNS_RSASHA1_NSEC3)) - return sec_status_secure; -#endif - - if(!setup_key_digest(algo, &evp_key, &digest_type, key, keylen)) { - verbose(VERB_QUERY, "verify: failed to setup key"); - *reason = "use of key for crypto failed"; - EVP_PKEY_free(evp_key); - return sec_status_bogus; - } -#ifdef USE_DSA - /* if it is a DSA signature in bind format, convert to DER format */ - if((algo == LDNS_DSA || algo == LDNS_DSA_NSEC3) && - sigblock_len == 1+2*SHA_DIGEST_LENGTH) { - if(!setup_dsa_sig(&sigblock, &sigblock_len)) { - verbose(VERB_QUERY, "verify: failed to setup DSA sig"); - *reason = "use of key for DSA crypto failed"; - EVP_PKEY_free(evp_key); - return sec_status_bogus; - } - docrypto_free = 1; - } -#endif -#if defined(USE_ECDSA) && defined(USE_DSA) - else -#endif -#ifdef USE_ECDSA - if(algo == LDNS_ECDSAP256SHA256 || algo == LDNS_ECDSAP384SHA384) { - /* EVP uses ASN prefix on sig, which is not in the wire data */ - if(!setup_ecdsa_sig(&sigblock, &sigblock_len)) { - verbose(VERB_QUERY, "verify: failed to setup ECDSA sig"); - *reason = "use of signature for ECDSA crypto failed"; - EVP_PKEY_free(evp_key); - return sec_status_bogus; - } - dofree = 1; - } -#endif /* USE_ECDSA */ - - /* do the signature cryptography work */ -#ifdef HAVE_EVP_MD_CTX_NEW - ctx = EVP_MD_CTX_new(); -#else - ctx = (EVP_MD_CTX*)malloc(sizeof(*ctx)); - if(ctx) EVP_MD_CTX_init(ctx); -#endif - if(!ctx) { - log_err("EVP_MD_CTX_new: malloc failure"); - EVP_PKEY_free(evp_key); - if(dofree) free(sigblock); - else if(docrypto_free) OPENSSL_free(sigblock); - return sec_status_unchecked; - } - if(EVP_VerifyInit(ctx, digest_type) == 0) { - verbose(VERB_QUERY, "verify: EVP_VerifyInit failed"); - EVP_MD_CTX_destroy(ctx); - EVP_PKEY_free(evp_key); - if(dofree) free(sigblock); - else if(docrypto_free) OPENSSL_free(sigblock); - return sec_status_unchecked; - } - if(EVP_VerifyUpdate(ctx, (unsigned char*)sldns_buffer_begin(buf), - (unsigned int)sldns_buffer_limit(buf)) == 0) { - verbose(VERB_QUERY, "verify: EVP_VerifyUpdate failed"); - EVP_MD_CTX_destroy(ctx); - EVP_PKEY_free(evp_key); - if(dofree) free(sigblock); - else if(docrypto_free) OPENSSL_free(sigblock); - return sec_status_unchecked; - } - - res = EVP_VerifyFinal(ctx, sigblock, sigblock_len, evp_key); -#ifdef HAVE_EVP_MD_CTX_NEW - EVP_MD_CTX_destroy(ctx); -#else - EVP_MD_CTX_cleanup(ctx); - free(ctx); -#endif - EVP_PKEY_free(evp_key); - - if(dofree) free(sigblock); - else if(docrypto_free) OPENSSL_free(sigblock); - - if(res == 1) { - return sec_status_secure; - } else if(res == 0) { - verbose(VERB_QUERY, "verify: signature mismatch"); - *reason = "signature crypto failed"; - return sec_status_bogus; - } - - log_crypto_error("verify:", ERR_get_error()); - return sec_status_unchecked; -} - -/**************************************************/ -#elif defined(HAVE_NSS) -/* libnss implementation */ -/* nss3 */ -#include "sechash.h" -#include "pk11pub.h" -#include "keyhi.h" -#include "secerr.h" -#include "cryptohi.h" -/* nspr4 */ -#include "prerror.h" - -/* return size of digest if supported, or 0 otherwise */ -size_t -nsec3_hash_algo_size_supported(int id) -{ - switch(id) { - case NSEC3_HASH_SHA1: - return SHA1_LENGTH; - default: - return 0; - } -} - -/* perform nsec3 hash. return false on failure */ -int -secalgo_nsec3_hash(int algo, unsigned char* buf, size_t len, - unsigned char* res) -{ - switch(algo) { - case NSEC3_HASH_SHA1: - (void)HASH_HashBuf(HASH_AlgSHA1, res, buf, (unsigned long)len); - return 1; - default: - return 0; - } -} - -void -secalgo_hash_sha256(unsigned char* buf, size_t len, unsigned char* res) -{ - (void)HASH_HashBuf(HASH_AlgSHA256, res, buf, (unsigned long)len); -} - -size_t -ds_digest_size_supported(int algo) -{ - /* uses libNSS */ - switch(algo) { -#ifdef USE_SHA1 - case LDNS_SHA1: - return SHA1_LENGTH; -#endif -#ifdef USE_SHA2 - case LDNS_SHA256: - return SHA256_LENGTH; -#endif -#ifdef USE_ECDSA - case LDNS_SHA384: - return SHA384_LENGTH; -#endif - /* GOST not supported in NSS */ - case LDNS_HASH_GOST: - default: break; - } - return 0; -} - -int -secalgo_ds_digest(int algo, unsigned char* buf, size_t len, - unsigned char* res) -{ - /* uses libNSS */ - switch(algo) { -#ifdef USE_SHA1 - case LDNS_SHA1: - return HASH_HashBuf(HASH_AlgSHA1, res, buf, len) - == SECSuccess; -#endif -#if defined(USE_SHA2) - case LDNS_SHA256: - return HASH_HashBuf(HASH_AlgSHA256, res, buf, len) - == SECSuccess; -#endif -#ifdef USE_ECDSA - case LDNS_SHA384: - return HASH_HashBuf(HASH_AlgSHA384, res, buf, len) - == SECSuccess; -#endif - case LDNS_HASH_GOST: - default: - verbose(VERB_QUERY, "unknown DS digest algorithm %d", - algo); - break; - } - return 0; -} - -int -dnskey_algo_id_is_supported(int id) -{ - /* uses libNSS */ - switch(id) { - case LDNS_RSAMD5: - /* RFC 6725 deprecates RSAMD5 */ - return 0; -#if defined(USE_SHA1) || defined(USE_SHA2) -#if defined(USE_DSA) && defined(USE_SHA1) - case LDNS_DSA: - case LDNS_DSA_NSEC3: -#endif -#ifdef USE_SHA1 - case LDNS_RSASHA1: - case LDNS_RSASHA1_NSEC3: -#endif -#ifdef USE_SHA2 - case LDNS_RSASHA256: -#endif -#ifdef USE_SHA2 - case LDNS_RSASHA512: -#endif - return 1; -#endif /* SHA1 or SHA2 */ - -#ifdef USE_ECDSA - case LDNS_ECDSAP256SHA256: - case LDNS_ECDSAP384SHA384: - return PK11_TokenExists(CKM_ECDSA); -#endif - case LDNS_ECC_GOST: - default: - return 0; - } -} - -/* return a new public key for NSS */ -static SECKEYPublicKey* nss_key_create(KeyType ktype) -{ - SECKEYPublicKey* key; - PLArenaPool* arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); - if(!arena) { - log_err("out of memory, PORT_NewArena failed"); - return NULL; - } - key = PORT_ArenaZNew(arena, SECKEYPublicKey); - if(!key) { - log_err("out of memory, PORT_ArenaZNew failed"); - PORT_FreeArena(arena, PR_FALSE); - return NULL; - } - key->arena = arena; - key->keyType = ktype; - key->pkcs11Slot = NULL; - key->pkcs11ID = CK_INVALID_HANDLE; - return key; -} - -static SECKEYPublicKey* nss_buf2ecdsa(unsigned char* key, size_t len, int algo) -{ - SECKEYPublicKey* pk; - SECItem pub = {siBuffer, NULL, 0}; - SECItem params = {siBuffer, NULL, 0}; - static unsigned char param256[] = { - /* OBJECTIDENTIFIER 1.2.840.10045.3.1.7 (P-256) - * {iso(1) member-body(2) us(840) ansi-x962(10045) curves(3) prime(1) prime256v1(7)} */ - 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07 - }; - static unsigned char param384[] = { - /* OBJECTIDENTIFIER 1.3.132.0.34 (P-384) - * {iso(1) identified-organization(3) certicom(132) curve(0) ansip384r1(34)} */ - 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x22 - }; - unsigned char buf[256+2]; /* sufficient for 2*384/8+1 */ - - /* check length, which uncompressed must be 2 bignums */ - if(algo == LDNS_ECDSAP256SHA256) { - if(len != 2*256/8) return NULL; - /* ECCurve_X9_62_PRIME_256V1 */ - } else if(algo == LDNS_ECDSAP384SHA384) { - if(len != 2*384/8) return NULL; - /* ECCurve_X9_62_PRIME_384R1 */ - } else return NULL; - - buf[0] = 0x04; /* POINT_FORM_UNCOMPRESSED */ - memmove(buf+1, key, len); - pub.data = buf; - pub.len = len+1; - if(algo == LDNS_ECDSAP256SHA256) { - params.data = param256; - params.len = sizeof(param256); - } else { - params.data = param384; - params.len = sizeof(param384); - } - - pk = nss_key_create(ecKey); - if(!pk) - return NULL; - pk->u.ec.size = (len/2)*8; - if(SECITEM_CopyItem(pk->arena, &pk->u.ec.publicValue, &pub)) { - SECKEY_DestroyPublicKey(pk); - return NULL; - } - if(SECITEM_CopyItem(pk->arena, &pk->u.ec.DEREncodedParams, ¶ms)) { - SECKEY_DestroyPublicKey(pk); - return NULL; - } - - return pk; -} - -static SECKEYPublicKey* nss_buf2dsa(unsigned char* key, size_t len) -{ - SECKEYPublicKey* pk; - uint8_t T; - uint16_t length; - uint16_t offset; - SECItem Q = {siBuffer, NULL, 0}; - SECItem P = {siBuffer, NULL, 0}; - SECItem G = {siBuffer, NULL, 0}; - SECItem Y = {siBuffer, NULL, 0}; - - if(len == 0) - return NULL; - T = (uint8_t)key[0]; - length = (64 + T * 8); - offset = 1; - - if (T > 8) { - return NULL; - } - if(len < (size_t)1 + SHA1_LENGTH + 3*length) - return NULL; - - Q.data = key+offset; - Q.len = SHA1_LENGTH; - offset += SHA1_LENGTH; - - P.data = key+offset; - P.len = length; - offset += length; - - G.data = key+offset; - G.len = length; - offset += length; - - Y.data = key+offset; - Y.len = length; - offset += length; - - pk = nss_key_create(dsaKey); - if(!pk) - return NULL; - if(SECITEM_CopyItem(pk->arena, &pk->u.dsa.params.prime, &P)) { - SECKEY_DestroyPublicKey(pk); - return NULL; - } - if(SECITEM_CopyItem(pk->arena, &pk->u.dsa.params.subPrime, &Q)) { - SECKEY_DestroyPublicKey(pk); - return NULL; - } - if(SECITEM_CopyItem(pk->arena, &pk->u.dsa.params.base, &G)) { - SECKEY_DestroyPublicKey(pk); - return NULL; - } - if(SECITEM_CopyItem(pk->arena, &pk->u.dsa.publicValue, &Y)) { - SECKEY_DestroyPublicKey(pk); - return NULL; - } - return pk; -} - -static SECKEYPublicKey* nss_buf2rsa(unsigned char* key, size_t len) -{ - SECKEYPublicKey* pk; - uint16_t exp; - uint16_t offset; - uint16_t int16; - SECItem modulus = {siBuffer, NULL, 0}; - SECItem exponent = {siBuffer, NULL, 0}; - if(len == 0) - return NULL; - if(key[0] == 0) { - if(len < 3) - return NULL; - /* the exponent is too large so it's places further */ - memmove(&int16, key+1, 2); - exp = ntohs(int16); - offset = 3; - } else { - exp = key[0]; - offset = 1; - } - - /* key length at least one */ - if(len < (size_t)offset + exp + 1) - return NULL; - - exponent.data = key+offset; - exponent.len = exp; - offset += exp; - modulus.data = key+offset; - modulus.len = (len - offset); - - pk = nss_key_create(rsaKey); - if(!pk) - return NULL; - if(SECITEM_CopyItem(pk->arena, &pk->u.rsa.modulus, &modulus)) { - SECKEY_DestroyPublicKey(pk); - return NULL; - } - if(SECITEM_CopyItem(pk->arena, &pk->u.rsa.publicExponent, &exponent)) { - SECKEY_DestroyPublicKey(pk); - return NULL; - } - return pk; -} - -/** - * Setup key and digest for verification. Adjust sig if necessary. - * - * @param algo: key algorithm - * @param evp_key: EVP PKEY public key to create. - * @param digest_type: digest type to use - * @param key: key to setup for. - * @param keylen: length of key. - * @param prefix: if returned, the ASN prefix for the hashblob. - * @param prefixlen: length of the prefix. - * @return false on failure. - */ -static int -nss_setup_key_digest(int algo, SECKEYPublicKey** pubkey, HASH_HashType* htype, - unsigned char* key, size_t keylen, unsigned char** prefix, - size_t* prefixlen) -{ - /* uses libNSS */ - - /* hash prefix for md5, RFC2537 */ - static unsigned char p_md5[] = {0x30, 0x20, 0x30, 0x0c, 0x06, 0x08, 0x2a, - 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x02, 0x05, 0x05, 0x00, 0x04, 0x10}; - /* hash prefix to prepend to hash output, from RFC3110 */ - static unsigned char p_sha1[] = {0x30, 0x21, 0x30, 0x09, 0x06, 0x05, 0x2B, - 0x0E, 0x03, 0x02, 0x1A, 0x05, 0x00, 0x04, 0x14}; - /* from RFC5702 */ - static unsigned char p_sha256[] = {0x30, 0x31, 0x30, 0x0d, 0x06, 0x09, 0x60, - 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01, 0x05, 0x00, 0x04, 0x20}; - static unsigned char p_sha512[] = {0x30, 0x51, 0x30, 0x0d, 0x06, 0x09, 0x60, - 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x03, 0x05, 0x00, 0x04, 0x40}; - /* from RFC6234 */ - /* for future RSASHA384 .. - static unsigned char p_sha384[] = {0x30, 0x51, 0x30, 0x0d, 0x06, 0x09, 0x60, - 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x02, 0x05, 0x00, 0x04, 0x30}; - */ - - switch(algo) { - -#if defined(USE_SHA1) || defined(USE_SHA2) -#if defined(USE_DSA) && defined(USE_SHA1) - case LDNS_DSA: - case LDNS_DSA_NSEC3: - *pubkey = nss_buf2dsa(key, keylen); - if(!*pubkey) { - log_err("verify: malloc failure in crypto"); - return 0; - } - *htype = HASH_AlgSHA1; - /* no prefix for DSA verification */ - break; -#endif -#ifdef USE_SHA1 - case LDNS_RSASHA1: - case LDNS_RSASHA1_NSEC3: -#endif -#ifdef USE_SHA2 - case LDNS_RSASHA256: -#endif -#ifdef USE_SHA2 - case LDNS_RSASHA512: -#endif - *pubkey = nss_buf2rsa(key, keylen); - if(!*pubkey) { - log_err("verify: malloc failure in crypto"); - return 0; - } - /* select SHA version */ -#ifdef USE_SHA2 - if(algo == LDNS_RSASHA256) { - *htype = HASH_AlgSHA256; - *prefix = p_sha256; - *prefixlen = sizeof(p_sha256); - } else -#endif -#ifdef USE_SHA2 - if(algo == LDNS_RSASHA512) { - *htype = HASH_AlgSHA512; - *prefix = p_sha512; - *prefixlen = sizeof(p_sha512); - } else -#endif -#ifdef USE_SHA1 - { - *htype = HASH_AlgSHA1; - *prefix = p_sha1; - *prefixlen = sizeof(p_sha1); - } -#else - { - verbose(VERB_QUERY, "verify: no digest algo"); - return 0; - } -#endif - - break; -#endif /* SHA1 or SHA2 */ - - case LDNS_RSAMD5: - *pubkey = nss_buf2rsa(key, keylen); - if(!*pubkey) { - log_err("verify: malloc failure in crypto"); - return 0; - } - *htype = HASH_AlgMD5; - *prefix = p_md5; - *prefixlen = sizeof(p_md5); - - break; -#ifdef USE_ECDSA - case LDNS_ECDSAP256SHA256: - *pubkey = nss_buf2ecdsa(key, keylen, - LDNS_ECDSAP256SHA256); - if(!*pubkey) { - log_err("verify: malloc failure in crypto"); - return 0; - } - *htype = HASH_AlgSHA256; - /* no prefix for DSA verification */ - break; - case LDNS_ECDSAP384SHA384: - *pubkey = nss_buf2ecdsa(key, keylen, - LDNS_ECDSAP384SHA384); - if(!*pubkey) { - log_err("verify: malloc failure in crypto"); - return 0; - } - *htype = HASH_AlgSHA384; - /* no prefix for DSA verification */ - break; -#endif /* USE_ECDSA */ - case LDNS_ECC_GOST: - default: - verbose(VERB_QUERY, "verify: unknown algorithm %d", - algo); - return 0; - } - return 1; -} - -/** - * Check a canonical sig+rrset and signature against a dnskey - * @param buf: buffer with data to verify, the first rrsig part and the - * canonicalized rrset. - * @param algo: DNSKEY algorithm. - * @param sigblock: signature rdata field from RRSIG - * @param sigblock_len: length of sigblock data. - * @param key: public key data from DNSKEY RR. - * @param keylen: length of keydata. - * @param reason: bogus reason in more detail. - * @return secure if verification succeeded, bogus on crypto failure, - * unchecked on format errors and alloc failures. - */ -enum sec_status -verify_canonrrset(sldns_buffer* buf, int algo, unsigned char* sigblock, - unsigned int sigblock_len, unsigned char* key, unsigned int keylen, - char** reason) -{ - /* uses libNSS */ - /* large enough for the different hashes */ - unsigned char hash[HASH_LENGTH_MAX]; - unsigned char hash2[HASH_LENGTH_MAX*2]; - HASH_HashType htype = 0; - SECKEYPublicKey* pubkey = NULL; - SECItem secsig = {siBuffer, sigblock, sigblock_len}; - SECItem sechash = {siBuffer, hash, 0}; - SECStatus res; - unsigned char* prefix = NULL; /* prefix for hash, RFC3110, RFC5702 */ - size_t prefixlen = 0; - int err; - - if(!nss_setup_key_digest(algo, &pubkey, &htype, key, keylen, - &prefix, &prefixlen)) { - verbose(VERB_QUERY, "verify: failed to setup key"); - *reason = "use of key for crypto failed"; - SECKEY_DestroyPublicKey(pubkey); - return sec_status_bogus; - } - -#if defined(USE_DSA) && defined(USE_SHA1) - /* need to convert DSA, ECDSA signatures? */ - if((algo == LDNS_DSA || algo == LDNS_DSA_NSEC3)) { - if(sigblock_len == 1+2*SHA1_LENGTH) { - secsig.data ++; - secsig.len --; - } else { - SECItem* p = DSAU_DecodeDerSig(&secsig); - if(!p) { - verbose(VERB_QUERY, "verify: failed DER decode"); - *reason = "signature DER decode failed"; - SECKEY_DestroyPublicKey(pubkey); - return sec_status_bogus; - } - if(SECITEM_CopyItem(pubkey->arena, &secsig, p)) { - log_err("alloc failure in DER decode"); - SECKEY_DestroyPublicKey(pubkey); - SECITEM_FreeItem(p, PR_TRUE); - return sec_status_unchecked; - } - SECITEM_FreeItem(p, PR_TRUE); - } - } -#endif /* USE_DSA */ - - /* do the signature cryptography work */ - /* hash the data */ - sechash.len = HASH_ResultLen(htype); - if(sechash.len > sizeof(hash)) { - verbose(VERB_QUERY, "verify: hash too large for buffer"); - SECKEY_DestroyPublicKey(pubkey); - return sec_status_unchecked; - } - if(HASH_HashBuf(htype, hash, (unsigned char*)sldns_buffer_begin(buf), - (unsigned int)sldns_buffer_limit(buf)) != SECSuccess) { - verbose(VERB_QUERY, "verify: HASH_HashBuf failed"); - SECKEY_DestroyPublicKey(pubkey); - return sec_status_unchecked; - } - if(prefix) { - int hashlen = sechash.len; - if(prefixlen+hashlen > sizeof(hash2)) { - verbose(VERB_QUERY, "verify: hashprefix too large"); - SECKEY_DestroyPublicKey(pubkey); - return sec_status_unchecked; - } - sechash.data = hash2; - sechash.len = prefixlen+hashlen; - memcpy(sechash.data, prefix, prefixlen); - memmove(sechash.data+prefixlen, hash, hashlen); - } - - /* verify the signature */ - res = PK11_Verify(pubkey, &secsig, &sechash, NULL /*wincx*/); - SECKEY_DestroyPublicKey(pubkey); - - if(res == SECSuccess) { - return sec_status_secure; - } - err = PORT_GetError(); - if(err != SEC_ERROR_BAD_SIGNATURE) { - /* failed to verify */ - verbose(VERB_QUERY, "verify: PK11_Verify failed: %s", - PORT_ErrorToString(err)); - /* if it is not supported, like ECC is removed, we get, - * SEC_ERROR_NO_MODULE */ - if(err == SEC_ERROR_NO_MODULE) - return sec_status_unchecked; - /* but other errors are commonly returned - * for a bad signature from NSS. Thus we return bogus, - * not unchecked */ - *reason = "signature crypto failed"; - return sec_status_bogus; - } - verbose(VERB_QUERY, "verify: signature mismatch: %s", - PORT_ErrorToString(err)); - *reason = "signature crypto failed"; - return sec_status_bogus; -} - -#elif defined(HAVE_NETTLE) - -#include "sha.h" -#include "bignum.h" -#include "macros.h" -#include "rsa.h" -#include "dsa.h" -#ifdef HAVE_NETTLE_DSA_COMPAT_H -#include "dsa-compat.h" -#endif -#include "asn1.h" -#ifdef USE_ECDSA -#include "ecdsa.h" -#include "ecc-curve.h" -#endif - -static int -_digest_nettle(int algo, uint8_t* buf, size_t len, - unsigned char* res) -{ - switch(algo) { - case SHA1_DIGEST_SIZE: - { - struct sha1_ctx ctx; - sha1_init(&ctx); - sha1_update(&ctx, len, buf); - sha1_digest(&ctx, SHA1_DIGEST_SIZE, res); - return 1; - } - case SHA256_DIGEST_SIZE: - { - struct sha256_ctx ctx; - sha256_init(&ctx); - sha256_update(&ctx, len, buf); - sha256_digest(&ctx, SHA256_DIGEST_SIZE, res); - return 1; - } - case SHA384_DIGEST_SIZE: - { - struct sha384_ctx ctx; - sha384_init(&ctx); - sha384_update(&ctx, len, buf); - sha384_digest(&ctx, SHA384_DIGEST_SIZE, res); - return 1; - } - case SHA512_DIGEST_SIZE: - { - struct sha512_ctx ctx; - sha512_init(&ctx); - sha512_update(&ctx, len, buf); - sha512_digest(&ctx, SHA512_DIGEST_SIZE, res); - return 1; - } - default: - break; - } - return 0; -} - -/* return size of digest if supported, or 0 otherwise */ -size_t -nsec3_hash_algo_size_supported(int id) -{ - switch(id) { - case NSEC3_HASH_SHA1: - return SHA1_DIGEST_SIZE; - default: - return 0; - } -} - -/* perform nsec3 hash. return false on failure */ -int -secalgo_nsec3_hash(int algo, unsigned char* buf, size_t len, - unsigned char* res) -{ - switch(algo) { - case NSEC3_HASH_SHA1: - return _digest_nettle(SHA1_DIGEST_SIZE, (uint8_t*)buf, len, - res); - default: - return 0; - } -} - -void -secalgo_hash_sha256(unsigned char* buf, size_t len, unsigned char* res) -{ - _digest_nettle(SHA256_DIGEST_SIZE, (uint8_t*)buf, len, res); -} - -/** - * Return size of DS digest according to its hash algorithm. - * @param algo: DS digest algo. - * @return size in bytes of digest, or 0 if not supported. - */ -size_t -ds_digest_size_supported(int algo) -{ - switch(algo) { - case LDNS_SHA1: -#ifdef USE_SHA1 - return SHA1_DIGEST_SIZE; -#else - if(fake_sha1) return 20; - return 0; -#endif -#ifdef USE_SHA2 - case LDNS_SHA256: - return SHA256_DIGEST_SIZE; -#endif -#ifdef USE_ECDSA - case LDNS_SHA384: - return SHA384_DIGEST_SIZE; -#endif - /* GOST not supported */ - case LDNS_HASH_GOST: - default: - break; - } - return 0; -} - -int -secalgo_ds_digest(int algo, unsigned char* buf, size_t len, - unsigned char* res) -{ - switch(algo) { -#ifdef USE_SHA1 - case LDNS_SHA1: - return _digest_nettle(SHA1_DIGEST_SIZE, buf, len, res); -#endif -#if defined(USE_SHA2) - case LDNS_SHA256: - return _digest_nettle(SHA256_DIGEST_SIZE, buf, len, res); -#endif -#ifdef USE_ECDSA - case LDNS_SHA384: - return _digest_nettle(SHA384_DIGEST_SIZE, buf, len, res); - -#endif - case LDNS_HASH_GOST: - default: - verbose(VERB_QUERY, "unknown DS digest algorithm %d", - algo); - break; - } - return 0; -} - -int -dnskey_algo_id_is_supported(int id) -{ - /* uses libnettle */ - switch(id) { -#if defined(USE_DSA) && defined(USE_SHA1) - case LDNS_DSA: - case LDNS_DSA_NSEC3: -#endif -#ifdef USE_SHA1 - case LDNS_RSASHA1: - case LDNS_RSASHA1_NSEC3: -#endif -#ifdef USE_SHA2 - case LDNS_RSASHA256: - case LDNS_RSASHA512: -#endif -#ifdef USE_ECDSA - case LDNS_ECDSAP256SHA256: - case LDNS_ECDSAP384SHA384: -#endif - return 1; - case LDNS_RSAMD5: /* RFC 6725 deprecates RSAMD5 */ - case LDNS_ECC_GOST: - default: - return 0; - } -} - -#if defined(USE_DSA) && defined(USE_SHA1) -static char * -_verify_nettle_dsa(sldns_buffer* buf, unsigned char* sigblock, - unsigned int sigblock_len, unsigned char* key, unsigned int keylen) -{ - uint8_t digest[SHA1_DIGEST_SIZE]; - uint8_t key_t_value; - int res = 0; - size_t offset; - struct dsa_public_key pubkey; - struct dsa_signature signature; - unsigned int expected_len; - - /* Extract DSA signature from the record */ - nettle_dsa_signature_init(&signature); - /* Signature length: 41 bytes - RFC 2536 sec. 3 */ - if(sigblock_len == 41) { - if(key[0] != sigblock[0]) - return "invalid T value in DSA signature or pubkey"; - nettle_mpz_set_str_256_u(signature.r, 20, sigblock+1); - nettle_mpz_set_str_256_u(signature.s, 20, sigblock+1+20); - } else { - /* DER encoded, decode the ASN1 notated R and S bignums */ - /* SEQUENCE { r INTEGER, s INTEGER } */ - struct asn1_der_iterator i, seq; - if(asn1_der_iterator_first(&i, sigblock_len, - (uint8_t*)sigblock) != ASN1_ITERATOR_CONSTRUCTED - || i.type != ASN1_SEQUENCE) - return "malformed DER encoded DSA signature"; - /* decode this element of i using the seq iterator */ - if(asn1_der_decode_constructed(&i, &seq) != - ASN1_ITERATOR_PRIMITIVE || seq.type != ASN1_INTEGER) - return "malformed DER encoded DSA signature"; - if(!asn1_der_get_bignum(&seq, signature.r, 20*8)) - return "malformed DER encoded DSA signature"; - if(asn1_der_iterator_next(&seq) != ASN1_ITERATOR_PRIMITIVE - || seq.type != ASN1_INTEGER) - return "malformed DER encoded DSA signature"; - if(!asn1_der_get_bignum(&seq, signature.s, 20*8)) - return "malformed DER encoded DSA signature"; - if(asn1_der_iterator_next(&i) != ASN1_ITERATOR_END) - return "malformed DER encoded DSA signature"; - } - - /* Validate T values constraints - RFC 2536 sec. 2 & sec. 3 */ - key_t_value = key[0]; - if (key_t_value > 8) { - return "invalid T value in DSA pubkey"; - } - - /* Pubkey minimum length: 21 bytes - RFC 2536 sec. 2 */ - if (keylen < 21) { - return "DSA pubkey too short"; - } - - expected_len = 1 + /* T */ - 20 + /* Q */ - (64 + key_t_value*8) + /* P */ - (64 + key_t_value*8) + /* G */ - (64 + key_t_value*8); /* Y */ - if (keylen != expected_len ) { - return "invalid DSA pubkey length"; - } - - /* Extract DSA pubkey from the record */ - nettle_dsa_public_key_init(&pubkey); - offset = 1; - nettle_mpz_set_str_256_u(pubkey.q, 20, key+offset); - offset += 20; - nettle_mpz_set_str_256_u(pubkey.p, (64 + key_t_value*8), key+offset); - offset += (64 + key_t_value*8); - nettle_mpz_set_str_256_u(pubkey.g, (64 + key_t_value*8), key+offset); - offset += (64 + key_t_value*8); - nettle_mpz_set_str_256_u(pubkey.y, (64 + key_t_value*8), key+offset); - - /* Digest content of "buf" and verify its DSA signature in "sigblock"*/ - res = _digest_nettle(SHA1_DIGEST_SIZE, (unsigned char*)sldns_buffer_begin(buf), - (unsigned int)sldns_buffer_limit(buf), (unsigned char*)digest); - res &= dsa_sha1_verify_digest(&pubkey, digest, &signature); - - /* Clear and return */ - nettle_dsa_signature_clear(&signature); - nettle_dsa_public_key_clear(&pubkey); - if (!res) - return "DSA signature verification failed"; - else - return NULL; -} -#endif /* USE_DSA */ - -static char * -_verify_nettle_rsa(sldns_buffer* buf, unsigned int digest_size, char* sigblock, - unsigned int sigblock_len, uint8_t* key, unsigned int keylen) -{ - uint16_t exp_len = 0; - size_t exp_offset = 0, mod_offset = 0; - struct rsa_public_key pubkey; - mpz_t signature; - int res = 0; - - /* RSA pubkey parsing as per RFC 3110 sec. 2 */ - if( keylen <= 1) { - return "null RSA key"; - } - if (key[0] != 0) { - /* 1-byte length */ - exp_len = key[0]; - exp_offset = 1; - } else { - /* 1-byte NUL + 2-bytes exponent length */ - if (keylen < 3) { - return "incorrect RSA key length"; - } - exp_len = READ_UINT16(key+1); - if (exp_len == 0) - return "null RSA exponent length"; - exp_offset = 3; - } - /* Check that we are not over-running input length */ - if (keylen < exp_offset + exp_len + 1) { - return "RSA key content shorter than expected"; - } - mod_offset = exp_offset + exp_len; - nettle_rsa_public_key_init(&pubkey); - pubkey.size = keylen - mod_offset; - nettle_mpz_set_str_256_u(pubkey.e, exp_len, &key[exp_offset]); - nettle_mpz_set_str_256_u(pubkey.n, pubkey.size, &key[mod_offset]); - - /* Digest content of "buf" and verify its RSA signature in "sigblock"*/ - nettle_mpz_init_set_str_256_u(signature, sigblock_len, (uint8_t*)sigblock); - switch (digest_size) { - case SHA1_DIGEST_SIZE: - { - uint8_t digest[SHA1_DIGEST_SIZE]; - res = _digest_nettle(SHA1_DIGEST_SIZE, (unsigned char*)sldns_buffer_begin(buf), - (unsigned int)sldns_buffer_limit(buf), (unsigned char*)digest); - res &= rsa_sha1_verify_digest(&pubkey, digest, signature); - break; - } - case SHA256_DIGEST_SIZE: - { - uint8_t digest[SHA256_DIGEST_SIZE]; - res = _digest_nettle(SHA256_DIGEST_SIZE, (unsigned char*)sldns_buffer_begin(buf), - (unsigned int)sldns_buffer_limit(buf), (unsigned char*)digest); - res &= rsa_sha256_verify_digest(&pubkey, digest, signature); - break; - } - case SHA512_DIGEST_SIZE: - { - uint8_t digest[SHA512_DIGEST_SIZE]; - res = _digest_nettle(SHA512_DIGEST_SIZE, (unsigned char*)sldns_buffer_begin(buf), - (unsigned int)sldns_buffer_limit(buf), (unsigned char*)digest); - res &= rsa_sha512_verify_digest(&pubkey, digest, signature); - break; - } - default: - break; - } - - /* Clear and return */ - nettle_rsa_public_key_clear(&pubkey); - mpz_clear(signature); - if (!res) { - return "RSA signature verification failed"; - } else { - return NULL; - } -} - -#ifdef USE_ECDSA -static char * -_verify_nettle_ecdsa(sldns_buffer* buf, unsigned int digest_size, unsigned char* sigblock, - unsigned int sigblock_len, unsigned char* key, unsigned int keylen) -{ - int res = 0; - struct ecc_point pubkey; - struct dsa_signature signature; - - /* Always matched strength, as per RFC 6605 sec. 1 */ - if (sigblock_len != 2*digest_size || keylen != 2*digest_size) { - return "wrong ECDSA signature length"; - } - - /* Parse ECDSA signature as per RFC 6605 sec. 4 */ - nettle_dsa_signature_init(&signature); - switch (digest_size) { - case SHA256_DIGEST_SIZE: - { - uint8_t digest[SHA256_DIGEST_SIZE]; - mpz_t x, y; - nettle_ecc_point_init(&pubkey, &nettle_secp_256r1); - nettle_mpz_init_set_str_256_u(x, SHA256_DIGEST_SIZE, key); - nettle_mpz_init_set_str_256_u(y, SHA256_DIGEST_SIZE, key+SHA256_DIGEST_SIZE); - nettle_mpz_set_str_256_u(signature.r, SHA256_DIGEST_SIZE, sigblock); - nettle_mpz_set_str_256_u(signature.s, SHA256_DIGEST_SIZE, sigblock+SHA256_DIGEST_SIZE); - res = _digest_nettle(SHA256_DIGEST_SIZE, (unsigned char*)sldns_buffer_begin(buf), - (unsigned int)sldns_buffer_limit(buf), (unsigned char*)digest); - res &= nettle_ecc_point_set(&pubkey, x, y); - res &= nettle_ecdsa_verify (&pubkey, SHA256_DIGEST_SIZE, digest, &signature); - mpz_clear(x); - mpz_clear(y); - break; - } - case SHA384_DIGEST_SIZE: - { - uint8_t digest[SHA384_DIGEST_SIZE]; - mpz_t x, y; - nettle_ecc_point_init(&pubkey, &nettle_secp_384r1); - nettle_mpz_init_set_str_256_u(x, SHA384_DIGEST_SIZE, key); - nettle_mpz_init_set_str_256_u(y, SHA384_DIGEST_SIZE, key+SHA384_DIGEST_SIZE); - nettle_mpz_set_str_256_u(signature.r, SHA384_DIGEST_SIZE, sigblock); - nettle_mpz_set_str_256_u(signature.s, SHA384_DIGEST_SIZE, sigblock+SHA384_DIGEST_SIZE); - res = _digest_nettle(SHA384_DIGEST_SIZE, (unsigned char*)sldns_buffer_begin(buf), - (unsigned int)sldns_buffer_limit(buf), (unsigned char*)digest); - res &= nettle_ecc_point_set(&pubkey, x, y); - res &= nettle_ecdsa_verify (&pubkey, SHA384_DIGEST_SIZE, digest, &signature); - mpz_clear(x); - mpz_clear(y); - nettle_ecc_point_clear(&pubkey); - break; - } - default: - return "unknown ECDSA algorithm"; - } - - /* Clear and return */ - nettle_dsa_signature_clear(&signature); - if (!res) - return "ECDSA signature verification failed"; - else - return NULL; -} -#endif - -/** - * Check a canonical sig+rrset and signature against a dnskey - * @param buf: buffer with data to verify, the first rrsig part and the - * canonicalized rrset. - * @param algo: DNSKEY algorithm. - * @param sigblock: signature rdata field from RRSIG - * @param sigblock_len: length of sigblock data. - * @param key: public key data from DNSKEY RR. - * @param keylen: length of keydata. - * @param reason: bogus reason in more detail. - * @return secure if verification succeeded, bogus on crypto failure, - * unchecked on format errors and alloc failures. - */ -enum sec_status -verify_canonrrset(sldns_buffer* buf, int algo, unsigned char* sigblock, - unsigned int sigblock_len, unsigned char* key, unsigned int keylen, - char** reason) -{ - unsigned int digest_size = 0; - - if (sigblock_len == 0 || keylen == 0) { - *reason = "null signature"; - return sec_status_bogus; - } - - switch(algo) { -#if defined(USE_DSA) && defined(USE_SHA1) - case LDNS_DSA: - case LDNS_DSA_NSEC3: - *reason = _verify_nettle_dsa(buf, sigblock, sigblock_len, key, keylen); - if (*reason != NULL) - return sec_status_bogus; - else - return sec_status_secure; -#endif /* USE_DSA */ - -#ifdef USE_SHA1 - case LDNS_RSASHA1: - case LDNS_RSASHA1_NSEC3: - digest_size = (digest_size ? digest_size : SHA1_DIGEST_SIZE); -#endif -#ifdef USE_SHA2 - case LDNS_RSASHA256: - digest_size = (digest_size ? digest_size : SHA256_DIGEST_SIZE); - case LDNS_RSASHA512: - digest_size = (digest_size ? digest_size : SHA512_DIGEST_SIZE); - -#endif - *reason = _verify_nettle_rsa(buf, digest_size, (char*)sigblock, - sigblock_len, key, keylen); - if (*reason != NULL) - return sec_status_bogus; - else - return sec_status_secure; - -#ifdef USE_ECDSA - case LDNS_ECDSAP256SHA256: - digest_size = (digest_size ? digest_size : SHA256_DIGEST_SIZE); - case LDNS_ECDSAP384SHA384: - digest_size = (digest_size ? digest_size : SHA384_DIGEST_SIZE); - *reason = _verify_nettle_ecdsa(buf, digest_size, sigblock, - sigblock_len, key, keylen); - if (*reason != NULL) - return sec_status_bogus; - else - return sec_status_secure; -#endif - case LDNS_RSAMD5: - case LDNS_ECC_GOST: - default: - *reason = "unable to verify signature, unknown algorithm"; - return sec_status_bogus; - } -} - -#endif /* HAVE_SSL or HAVE_NSS or HAVE_NETTLE */ diff --git a/external/unbound/validator/val_secalgo.h b/external/unbound/validator/val_secalgo.h deleted file mode 100644 index 52aaeb9f6..000000000 --- a/external/unbound/validator/val_secalgo.h +++ /dev/null @@ -1,107 +0,0 @@ -/* - * validator/val_secalgo.h - validator security algorithm functions. - * - * Copyright (c) 2012, NLnet Labs. All rights reserved. - * - * This software is open source. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * Redistributions of source code must retain the above copyright notice, - * this list of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, - * this list of conditions and the following disclaimer in the documentation - * and/or other materials provided with the distribution. - * - * Neither the name of the NLNET LABS nor the names of its contributors may - * be used to endorse or promote products derived from this software without - * specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR - * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT - * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED - * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR - * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF - * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING - * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -/** - * \file - * - * This file contains helper functions for the validator module. - * The functions take buffers with raw data and convert to library calls. - */ - -#ifndef VALIDATOR_VAL_SECALGO_H -#define VALIDATOR_VAL_SECALGO_H -struct sldns_buffer; - -/** Return size of nsec3 hash algorithm, 0 if not supported */ -size_t nsec3_hash_algo_size_supported(int id); - -/** - * Hash a single hash call of an NSEC3 hash algorithm. - * Iterations and salt are done by the caller. - * @param algo: nsec3 hash algorithm. - * @param buf: the buffer to digest - * @param len: length of buffer to digest. - * @param res: result stored here (must have sufficient space). - * @return false on failure. -*/ -int secalgo_nsec3_hash(int algo, unsigned char* buf, size_t len, - unsigned char* res); - -/** - * Calculate the sha256 hash for the data buffer into the result. - * @param buf: buffer to digest. - * @param len: length of the buffer to digest. - * @param res: result is stored here (space 256/8 bytes). - */ -void secalgo_hash_sha256(unsigned char* buf, size_t len, unsigned char* res); - -/** - * Return size of DS digest according to its hash algorithm. - * @param algo: DS digest algo. - * @return size in bytes of digest, or 0 if not supported. - */ -size_t ds_digest_size_supported(int algo); - -/** - * @param algo: the DS digest algo - * @param buf: the buffer to digest - * @param len: length of buffer to digest. - * @param res: result stored here (must have sufficient space). - * @return false on failure. - */ -int secalgo_ds_digest(int algo, unsigned char* buf, size_t len, - unsigned char* res); - -/** return true if DNSKEY algorithm id is supported */ -int dnskey_algo_id_is_supported(int id); - -/** - * Check a canonical sig+rrset and signature against a dnskey - * @param buf: buffer with data to verify, the first rrsig part and the - * canonicalized rrset. - * @param algo: DNSKEY algorithm. - * @param sigblock: signature rdata field from RRSIG - * @param sigblock_len: length of sigblock data. - * @param key: public key data from DNSKEY RR. - * @param keylen: length of keydata. - * @param reason: bogus reason in more detail. - * @return secure if verification succeeded, bogus on crypto failure, - * unchecked on format errors and alloc failures. - */ -enum sec_status verify_canonrrset(struct sldns_buffer* buf, int algo, - unsigned char* sigblock, unsigned int sigblock_len, - unsigned char* key, unsigned int keylen, char** reason); - -#endif /* VALIDATOR_VAL_SECALGO_H */ diff --git a/external/unbound/validator/val_sigcrypt.c b/external/unbound/validator/val_sigcrypt.c deleted file mode 100644 index 25278a8f3..000000000 --- a/external/unbound/validator/val_sigcrypt.c +++ /dev/null @@ -1,1451 +0,0 @@ -/* - * validator/val_sigcrypt.c - validator signature crypto functions. - * - * Copyright (c) 2007, NLnet Labs. All rights reserved. - * - * This software is open source. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * Redistributions of source code must retain the above copyright notice, - * this list of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, - * this list of conditions and the following disclaimer in the documentation - * and/or other materials provided with the distribution. - * - * Neither the name of the NLNET LABS nor the names of its contributors may - * be used to endorse or promote products derived from this software without - * specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR - * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT - * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED - * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR - * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF - * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING - * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -/** - * \file - * - * This file contains helper functions for the validator module. - * The functions help with signature verification and checking, the - * bridging between RR wireformat data and crypto calls. - */ -#include "config.h" -#include "validator/val_sigcrypt.h" -#include "validator/val_secalgo.h" -#include "validator/validator.h" -#include "util/data/msgreply.h" -#include "util/data/msgparse.h" -#include "util/data/dname.h" -#include "util/rbtree.h" -#include "util/module.h" -#include "util/net_help.h" -#include "util/regional.h" -#include "util/config_file.h" -#include "sldns/keyraw.h" -#include "sldns/sbuffer.h" -#include "sldns/parseutil.h" -#include "sldns/wire2str.h" - -#include -#if !defined(HAVE_SSL) && !defined(HAVE_NSS) && !defined(HAVE_NETTLE) -#error "Need crypto library to do digital signature cryptography" -#endif - -#ifdef HAVE_OPENSSL_ERR_H -#include -#endif - -#ifdef HAVE_OPENSSL_RAND_H -#include -#endif - -#ifdef HAVE_OPENSSL_CONF_H -#include -#endif - -#ifdef HAVE_OPENSSL_ENGINE_H -#include -#endif - -/** return number of rrs in an rrset */ -static size_t -rrset_get_count(struct ub_packed_rrset_key* rrset) -{ - struct packed_rrset_data* d = (struct packed_rrset_data*) - rrset->entry.data; - if(!d) return 0; - return d->count; -} - -/** - * Get RR signature count - */ -static size_t -rrset_get_sigcount(struct ub_packed_rrset_key* k) -{ - struct packed_rrset_data* d = (struct packed_rrset_data*)k->entry.data; - return d->rrsig_count; -} - -/** - * Get signature keytag value - * @param k: rrset (with signatures) - * @param sig_idx: signature index. - * @return keytag or 0 if malformed rrsig. - */ -static uint16_t -rrset_get_sig_keytag(struct ub_packed_rrset_key* k, size_t sig_idx) -{ - uint16_t t; - struct packed_rrset_data* d = (struct packed_rrset_data*)k->entry.data; - log_assert(sig_idx < d->rrsig_count); - if(d->rr_len[d->count + sig_idx] < 2+18) - return 0; - memmove(&t, d->rr_data[d->count + sig_idx]+2+16, 2); - return ntohs(t); -} - -/** - * Get signature signing algorithm value - * @param k: rrset (with signatures) - * @param sig_idx: signature index. - * @return algo or 0 if malformed rrsig. - */ -static int -rrset_get_sig_algo(struct ub_packed_rrset_key* k, size_t sig_idx) -{ - struct packed_rrset_data* d = (struct packed_rrset_data*)k->entry.data; - log_assert(sig_idx < d->rrsig_count); - if(d->rr_len[d->count + sig_idx] < 2+3) - return 0; - return (int)d->rr_data[d->count + sig_idx][2+2]; -} - -/** get rdata pointer and size */ -static void -rrset_get_rdata(struct ub_packed_rrset_key* k, size_t idx, uint8_t** rdata, - size_t* len) -{ - struct packed_rrset_data* d = (struct packed_rrset_data*)k->entry.data; - log_assert(d && idx < (d->count + d->rrsig_count)); - *rdata = d->rr_data[idx]; - *len = d->rr_len[idx]; -} - -uint16_t -dnskey_get_flags(struct ub_packed_rrset_key* k, size_t idx) -{ - uint8_t* rdata; - size_t len; - uint16_t f; - rrset_get_rdata(k, idx, &rdata, &len); - if(len < 2+2) - return 0; - memmove(&f, rdata+2, 2); - f = ntohs(f); - return f; -} - -/** - * Get DNSKEY protocol value from rdata - * @param k: DNSKEY rrset. - * @param idx: which key. - * @return protocol octet value - */ -static int -dnskey_get_protocol(struct ub_packed_rrset_key* k, size_t idx) -{ - uint8_t* rdata; - size_t len; - rrset_get_rdata(k, idx, &rdata, &len); - if(len < 2+4) - return 0; - return (int)rdata[2+2]; -} - -int -dnskey_get_algo(struct ub_packed_rrset_key* k, size_t idx) -{ - uint8_t* rdata; - size_t len; - rrset_get_rdata(k, idx, &rdata, &len); - if(len < 2+4) - return 0; - return (int)rdata[2+3]; -} - -/** get public key rdata field from a dnskey RR and do some checks */ -static void -dnskey_get_pubkey(struct ub_packed_rrset_key* k, size_t idx, - unsigned char** pk, unsigned int* pklen) -{ - uint8_t* rdata; - size_t len; - rrset_get_rdata(k, idx, &rdata, &len); - if(len < 2+5) { - *pk = NULL; - *pklen = 0; - return; - } - *pk = (unsigned char*)rdata+2+4; - *pklen = (unsigned)len-2-4; -} - -int -ds_get_key_algo(struct ub_packed_rrset_key* k, size_t idx) -{ - uint8_t* rdata; - size_t len; - rrset_get_rdata(k, idx, &rdata, &len); - if(len < 2+3) - return 0; - return (int)rdata[2+2]; -} - -int -ds_get_digest_algo(struct ub_packed_rrset_key* k, size_t idx) -{ - uint8_t* rdata; - size_t len; - rrset_get_rdata(k, idx, &rdata, &len); - if(len < 2+4) - return 0; - return (int)rdata[2+3]; -} - -uint16_t -ds_get_keytag(struct ub_packed_rrset_key* ds_rrset, size_t ds_idx) -{ - uint16_t t; - uint8_t* rdata; - size_t len; - rrset_get_rdata(ds_rrset, ds_idx, &rdata, &len); - if(len < 2+2) - return 0; - memmove(&t, rdata+2, 2); - return ntohs(t); -} - -/** - * Return pointer to the digest in a DS RR. - * @param k: DS rrset. - * @param idx: which DS. - * @param digest: digest data is returned. - * on error, this is NULL. - * @param len: length of digest is returned. - * on error, the length is 0. - */ -static void -ds_get_sigdata(struct ub_packed_rrset_key* k, size_t idx, uint8_t** digest, - size_t* len) -{ - uint8_t* rdata; - size_t rdlen; - rrset_get_rdata(k, idx, &rdata, &rdlen); - if(rdlen < 2+5) { - *digest = NULL; - *len = 0; - return; - } - *digest = rdata + 2 + 4; - *len = rdlen - 2 - 4; -} - -/** - * Return size of DS digest according to its hash algorithm. - * @param k: DS rrset. - * @param idx: which DS. - * @return size in bytes of digest, or 0 if not supported. - */ -static size_t -ds_digest_size_algo(struct ub_packed_rrset_key* k, size_t idx) -{ - return ds_digest_size_supported(ds_get_digest_algo(k, idx)); -} - -/** - * Create a DS digest for a DNSKEY entry. - * - * @param env: module environment. Uses scratch space. - * @param dnskey_rrset: DNSKEY rrset. - * @param dnskey_idx: index of RR in rrset. - * @param ds_rrset: DS rrset - * @param ds_idx: index of RR in DS rrset. - * @param digest: digest is returned in here (must be correctly sized). - * @return false on error. - */ -static int -ds_create_dnskey_digest(struct module_env* env, - struct ub_packed_rrset_key* dnskey_rrset, size_t dnskey_idx, - struct ub_packed_rrset_key* ds_rrset, size_t ds_idx, - uint8_t* digest) -{ - sldns_buffer* b = env->scratch_buffer; - uint8_t* dnskey_rdata; - size_t dnskey_len; - rrset_get_rdata(dnskey_rrset, dnskey_idx, &dnskey_rdata, &dnskey_len); - - /* create digest source material in buffer - * digest = digest_algorithm( DNSKEY owner name | DNSKEY RDATA); - * DNSKEY RDATA = Flags | Protocol | Algorithm | Public Key. */ - sldns_buffer_clear(b); - sldns_buffer_write(b, dnskey_rrset->rk.dname, - dnskey_rrset->rk.dname_len); - query_dname_tolower(sldns_buffer_begin(b)); - sldns_buffer_write(b, dnskey_rdata+2, dnskey_len-2); /* skip rdatalen*/ - sldns_buffer_flip(b); - - return secalgo_ds_digest(ds_get_digest_algo(ds_rrset, ds_idx), - (unsigned char*)sldns_buffer_begin(b), sldns_buffer_limit(b), - (unsigned char*)digest); -} - -int ds_digest_match_dnskey(struct module_env* env, - struct ub_packed_rrset_key* dnskey_rrset, size_t dnskey_idx, - struct ub_packed_rrset_key* ds_rrset, size_t ds_idx) -{ - uint8_t* ds; /* DS digest */ - size_t dslen; - uint8_t* digest; /* generated digest */ - size_t digestlen = ds_digest_size_algo(ds_rrset, ds_idx); - - if(digestlen == 0) { - verbose(VERB_QUERY, "DS fail: not supported, or DS RR " - "format error"); - return 0; /* not supported, or DS RR format error */ - } -#ifndef USE_SHA1 - if(fake_sha1 && ds_get_digest_algo(ds_rrset, ds_idx)==LDNS_SHA1) - return 1; -#endif - - /* check digest length in DS with length from hash function */ - ds_get_sigdata(ds_rrset, ds_idx, &ds, &dslen); - if(!ds || dslen != digestlen) { - verbose(VERB_QUERY, "DS fail: DS RR algo and digest do not " - "match each other"); - return 0; /* DS algorithm and digest do not match */ - } - - digest = regional_alloc(env->scratch, digestlen); - if(!digest) { - verbose(VERB_QUERY, "DS fail: out of memory"); - return 0; /* mem error */ - } - if(!ds_create_dnskey_digest(env, dnskey_rrset, dnskey_idx, ds_rrset, - ds_idx, digest)) { - verbose(VERB_QUERY, "DS fail: could not calc key digest"); - return 0; /* digest algo failed */ - } - if(memcmp(digest, ds, dslen) != 0) { - verbose(VERB_QUERY, "DS fail: digest is different"); - return 0; /* digest different */ - } - return 1; -} - -int -ds_digest_algo_is_supported(struct ub_packed_rrset_key* ds_rrset, - size_t ds_idx) -{ - return (ds_digest_size_algo(ds_rrset, ds_idx) != 0); -} - -int -ds_key_algo_is_supported(struct ub_packed_rrset_key* ds_rrset, - size_t ds_idx) -{ - return dnskey_algo_id_is_supported(ds_get_key_algo(ds_rrset, ds_idx)); -} - -uint16_t -dnskey_calc_keytag(struct ub_packed_rrset_key* dnskey_rrset, size_t dnskey_idx) -{ - uint8_t* data; - size_t len; - rrset_get_rdata(dnskey_rrset, dnskey_idx, &data, &len); - /* do not pass rdatalen to ldns */ - return sldns_calc_keytag_raw(data+2, len-2); -} - -int dnskey_algo_is_supported(struct ub_packed_rrset_key* dnskey_rrset, - size_t dnskey_idx) -{ - return dnskey_algo_id_is_supported(dnskey_get_algo(dnskey_rrset, - dnskey_idx)); -} - -void algo_needs_init_dnskey_add(struct algo_needs* n, - struct ub_packed_rrset_key* dnskey, uint8_t* sigalg) -{ - uint8_t algo; - size_t i, total = n->num; - size_t num = rrset_get_count(dnskey); - - for(i=0; ineeds[algo] == 0) { - n->needs[algo] = 1; - sigalg[total] = algo; - total++; - } - } - sigalg[total] = 0; - n->num = total; -} - -void algo_needs_init_list(struct algo_needs* n, uint8_t* sigalg) -{ - uint8_t algo; - size_t total = 0; - - memset(n->needs, 0, sizeof(uint8_t)*ALGO_NEEDS_MAX); - while( (algo=*sigalg++) != 0) { - log_assert(dnskey_algo_id_is_supported((int)algo)); - log_assert(n->needs[algo] == 0); - n->needs[algo] = 1; - total++; - } - n->num = total; -} - -void algo_needs_init_ds(struct algo_needs* n, struct ub_packed_rrset_key* ds, - int fav_ds_algo, uint8_t* sigalg) -{ - uint8_t algo; - size_t i, total = 0; - size_t num = rrset_get_count(ds); - - memset(n->needs, 0, sizeof(uint8_t)*ALGO_NEEDS_MAX); - for(i=0; ineeds[algo] == 0) { - n->needs[algo] = 1; - sigalg[total] = algo; - total++; - } - } - sigalg[total] = 0; - n->num = total; -} - -int algo_needs_set_secure(struct algo_needs* n, uint8_t algo) -{ - if(n->needs[algo]) { - n->needs[algo] = 0; - n->num --; - if(n->num == 0) /* done! */ - return 1; - } - return 0; -} - -void algo_needs_set_bogus(struct algo_needs* n, uint8_t algo) -{ - if(n->needs[algo]) n->needs[algo] = 2; /* need it, but bogus */ -} - -size_t algo_needs_num_missing(struct algo_needs* n) -{ - return n->num; -} - -int algo_needs_missing(struct algo_needs* n) -{ - int i; - /* first check if a needed algo was bogus - report that */ - for(i=0; ineeds[i] == 2) - return 0; - /* now check which algo is missing */ - for(i=0; ineeds[i] == 1) - return i; - return 0; -} - -enum sec_status -dnskeyset_verify_rrset(struct module_env* env, struct val_env* ve, - struct ub_packed_rrset_key* rrset, struct ub_packed_rrset_key* dnskey, - uint8_t* sigalg, char** reason) -{ - enum sec_status sec; - size_t i, num; - rbtree_type* sortree = NULL; - /* make sure that for all DNSKEY algorithms there are valid sigs */ - struct algo_needs needs; - int alg; - - num = rrset_get_sigcount(rrset); - if(num == 0) { - verbose(VERB_QUERY, "rrset failed to verify due to a lack of " - "signatures"); - *reason = "no signatures"; - return sec_status_bogus; - } - - if(sigalg) { - algo_needs_init_list(&needs, sigalg); - if(algo_needs_num_missing(&needs) == 0) { - verbose(VERB_QUERY, "zone has no known algorithms"); - *reason = "zone has no known algorithms"; - return sec_status_insecure; - } - } - for(i=0; inow, rrset, - dnskey, i, &sortree, reason); - /* see which algorithm has been fixed up */ - if(sec == sec_status_secure) { - if(!sigalg) - return sec; /* done! */ - else if(algo_needs_set_secure(&needs, - (uint8_t)rrset_get_sig_algo(rrset, i))) - return sec; /* done! */ - } else if(sigalg && sec == sec_status_bogus) { - algo_needs_set_bogus(&needs, - (uint8_t)rrset_get_sig_algo(rrset, i)); - } - } - if(sigalg && (alg=algo_needs_missing(&needs)) != 0) { - verbose(VERB_ALGO, "rrset failed to verify: " - "no valid signatures for %d algorithms", - (int)algo_needs_num_missing(&needs)); - algo_needs_reason(env, alg, reason, "no signatures"); - } else { - verbose(VERB_ALGO, "rrset failed to verify: " - "no valid signatures"); - } - return sec_status_bogus; -} - -void algo_needs_reason(struct module_env* env, int alg, char** reason, char* s) -{ - char buf[256]; - sldns_lookup_table *t = sldns_lookup_by_id(sldns_algorithms, alg); - if(t&&t->name) - snprintf(buf, sizeof(buf), "%s with algorithm %s", s, t->name); - else snprintf(buf, sizeof(buf), "%s with algorithm ALG%u", s, - (unsigned)alg); - *reason = regional_strdup(env->scratch, buf); - if(!*reason) - *reason = s; -} - -enum sec_status -dnskey_verify_rrset(struct module_env* env, struct val_env* ve, - struct ub_packed_rrset_key* rrset, struct ub_packed_rrset_key* dnskey, - size_t dnskey_idx, char** reason) -{ - enum sec_status sec; - size_t i, num, numchecked = 0; - rbtree_type* sortree = NULL; - int buf_canon = 0; - uint16_t tag = dnskey_calc_keytag(dnskey, dnskey_idx); - int algo = dnskey_get_algo(dnskey, dnskey_idx); - - num = rrset_get_sigcount(rrset); - if(num == 0) { - verbose(VERB_QUERY, "rrset failed to verify due to a lack of " - "signatures"); - *reason = "no signatures"; - return sec_status_bogus; - } - for(i=0; iscratch, - env->scratch_buffer, ve, *env->now, rrset, - dnskey, dnskey_idx, i, &sortree, &buf_canon, reason); - if(sec == sec_status_secure) - return sec; - numchecked ++; - } - verbose(VERB_ALGO, "rrset failed to verify: all signatures are bogus"); - if(!numchecked) *reason = "signature missing"; - return sec_status_bogus; -} - -enum sec_status -dnskeyset_verify_rrset_sig(struct module_env* env, struct val_env* ve, - time_t now, struct ub_packed_rrset_key* rrset, - struct ub_packed_rrset_key* dnskey, size_t sig_idx, - struct rbtree_type** sortree, char** reason) -{ - /* find matching keys and check them */ - enum sec_status sec = sec_status_bogus; - uint16_t tag = rrset_get_sig_keytag(rrset, sig_idx); - int algo = rrset_get_sig_algo(rrset, sig_idx); - size_t i, num = rrset_get_count(dnskey); - size_t numchecked = 0; - int buf_canon = 0; - verbose(VERB_ALGO, "verify sig %d %d", (int)tag, algo); - if(!dnskey_algo_id_is_supported(algo)) { - verbose(VERB_QUERY, "verify sig: unknown algorithm"); - return sec_status_insecure; - } - - for(i=0; iscratch, - env->scratch_buffer, ve, now, rrset, dnskey, i, - sig_idx, sortree, &buf_canon, reason); - if(sec == sec_status_secure) - return sec; - } - if(numchecked == 0) { - *reason = "signatures from unknown keys"; - verbose(VERB_QUERY, "verify: could not find appropriate key"); - return sec_status_bogus; - } - return sec_status_bogus; -} - -/** - * RR entries in a canonical sorted tree of RRs - */ -struct canon_rr { - /** rbtree node, key is this structure */ - rbnode_type node; - /** rrset the RR is in */ - struct ub_packed_rrset_key* rrset; - /** which RR in the rrset */ - size_t rr_idx; -}; - -/** - * Compare two RR for canonical order, in a field-style sweep. - * @param d: rrset data - * @param desc: ldns wireformat descriptor. - * @param i: first RR to compare - * @param j: first RR to compare - * @return comparison code. - */ -static int -canonical_compare_byfield(struct packed_rrset_data* d, - const sldns_rr_descriptor* desc, size_t i, size_t j) -{ - /* sweep across rdata, keep track of some state: - * which rr field, and bytes left in field. - * current position in rdata, length left. - * are we in a dname, length left in a label. - */ - int wfi = -1; /* current wireformat rdata field (rdf) */ - int wfj = -1; - uint8_t* di = d->rr_data[i]+2; /* ptr to current rdata byte */ - uint8_t* dj = d->rr_data[j]+2; - size_t ilen = d->rr_len[i]-2; /* length left in rdata */ - size_t jlen = d->rr_len[j]-2; - int dname_i = 0; /* true if these bytes are part of a name */ - int dname_j = 0; - size_t lablen_i = 0; /* 0 for label length byte,for first byte of rdf*/ - size_t lablen_j = 0; /* otherwise remaining length of rdf or label */ - int dname_num_i = (int)desc->_dname_count; /* decreased at root label */ - int dname_num_j = (int)desc->_dname_count; - - /* loop while there are rdata bytes available for both rrs, - * and still some lowercasing needs to be done; either the dnames - * have not been reached yet, or they are currently being processed */ - while(ilen > 0 && jlen > 0 && (dname_num_i > 0 || dname_num_j > 0)) { - /* compare these two bytes */ - /* lowercase if in a dname and not a label length byte */ - if( ((dname_i && lablen_i)?(uint8_t)tolower((int)*di):*di) - != ((dname_j && lablen_j)?(uint8_t)tolower((int)*dj):*dj) - ) { - if(((dname_i && lablen_i)?(uint8_t)tolower((int)*di):*di) - < ((dname_j && lablen_j)?(uint8_t)tolower((int)*dj):*dj)) - return -1; - return 1; - } - ilen--; - jlen--; - /* bytes are equal */ - - /* advance field i */ - /* lablen 0 means that this byte is the first byte of the - * next rdata field; inspect this rdata field and setup - * to process the rest of this rdata field. - * The reason to first read the byte, then setup the rdf, - * is that we are then sure the byte is available and short - * rdata is handled gracefully (even if it is a formerr). */ - if(lablen_i == 0) { - if(dname_i) { - /* scan this dname label */ - /* capture length to lowercase */ - lablen_i = (size_t)*di; - if(lablen_i == 0) { - /* end root label */ - dname_i = 0; - dname_num_i--; - /* if dname num is 0, then the - * remainder is binary only */ - if(dname_num_i == 0) - lablen_i = ilen; - } - } else { - /* scan this rdata field */ - wfi++; - if(desc->_wireformat[wfi] - == LDNS_RDF_TYPE_DNAME) { - dname_i = 1; - lablen_i = (size_t)*di; - if(lablen_i == 0) { - dname_i = 0; - dname_num_i--; - if(dname_num_i == 0) - lablen_i = ilen; - } - } else if(desc->_wireformat[wfi] - == LDNS_RDF_TYPE_STR) - lablen_i = (size_t)*di; - else lablen_i = get_rdf_size( - desc->_wireformat[wfi]) - 1; - } - } else lablen_i--; - - /* advance field j; same as for i */ - if(lablen_j == 0) { - if(dname_j) { - lablen_j = (size_t)*dj; - if(lablen_j == 0) { - dname_j = 0; - dname_num_j--; - if(dname_num_j == 0) - lablen_j = jlen; - } - } else { - wfj++; - if(desc->_wireformat[wfj] - == LDNS_RDF_TYPE_DNAME) { - dname_j = 1; - lablen_j = (size_t)*dj; - if(lablen_j == 0) { - dname_j = 0; - dname_num_j--; - if(dname_num_j == 0) - lablen_j = jlen; - } - } else if(desc->_wireformat[wfj] - == LDNS_RDF_TYPE_STR) - lablen_j = (size_t)*dj; - else lablen_j = get_rdf_size( - desc->_wireformat[wfj]) - 1; - } - } else lablen_j--; - di++; - dj++; - } - /* end of the loop; because we advanced byte by byte; now we have - * that the rdata has ended, or that there is a binary remainder */ - /* shortest first */ - if(ilen == 0 && jlen == 0) - return 0; - if(ilen == 0) - return -1; - if(jlen == 0) - return 1; - /* binary remainder, capture comparison in wfi variable */ - if((wfi = memcmp(di, dj, (ilen. - */ -static int -canonical_compare(struct ub_packed_rrset_key* rrset, size_t i, size_t j) -{ - struct packed_rrset_data* d = (struct packed_rrset_data*) - rrset->entry.data; - const sldns_rr_descriptor* desc; - uint16_t type = ntohs(rrset->rk.type); - size_t minlen; - int c; - - if(i==j) - return 0; - - switch(type) { - /* These RR types have only a name as RDATA. - * This name has to be canonicalized.*/ - case LDNS_RR_TYPE_NS: - case LDNS_RR_TYPE_MD: - case LDNS_RR_TYPE_MF: - case LDNS_RR_TYPE_CNAME: - case LDNS_RR_TYPE_MB: - case LDNS_RR_TYPE_MG: - case LDNS_RR_TYPE_MR: - case LDNS_RR_TYPE_PTR: - case LDNS_RR_TYPE_DNAME: - /* the wireread function has already checked these - * dname's for correctness, and this double checks */ - if(!dname_valid(d->rr_data[i]+2, d->rr_len[i]-2) || - !dname_valid(d->rr_data[j]+2, d->rr_len[j]-2)) - return 0; - return query_dname_compare(d->rr_data[i]+2, - d->rr_data[j]+2); - - /* These RR types have STR and fixed size rdata fields - * before one or more name fields that need canonicalizing, - * and after that a byte-for byte remainder can be compared. - */ - /* type starts with the name; remainder is binary compared */ - case LDNS_RR_TYPE_NXT: - /* use rdata field formats */ - case LDNS_RR_TYPE_MINFO: - case LDNS_RR_TYPE_RP: - case LDNS_RR_TYPE_SOA: - case LDNS_RR_TYPE_RT: - case LDNS_RR_TYPE_AFSDB: - case LDNS_RR_TYPE_KX: - case LDNS_RR_TYPE_MX: - case LDNS_RR_TYPE_SIG: - /* RRSIG signer name has to be downcased */ - case LDNS_RR_TYPE_RRSIG: - case LDNS_RR_TYPE_PX: - case LDNS_RR_TYPE_NAPTR: - case LDNS_RR_TYPE_SRV: - desc = sldns_rr_descript(type); - log_assert(desc); - /* this holds for the types that need canonicalizing */ - log_assert(desc->_minimum == desc->_maximum); - return canonical_compare_byfield(d, desc, i, j); - - case LDNS_RR_TYPE_HINFO: /* no longer downcased */ - case LDNS_RR_TYPE_NSEC: - default: - /* For unknown RR types, or types not listed above, - * no canonicalization is needed, do binary compare */ - /* byte for byte compare, equal means shortest first*/ - minlen = d->rr_len[i]-2; - if(minlen > d->rr_len[j]-2) - minlen = d->rr_len[j]-2; - c = memcmp(d->rr_data[i]+2, d->rr_data[j]+2, minlen); - if(c!=0) - return c; - /* rdata equal, shortest is first */ - if(d->rr_len[i] < d->rr_len[j]) - return -1; - if(d->rr_len[i] > d->rr_len[j]) - return 1; - /* rdata equal, length equal */ - break; - } - return 0; -} - -int -canonical_tree_compare(const void* k1, const void* k2) -{ - struct canon_rr* r1 = (struct canon_rr*)k1; - struct canon_rr* r2 = (struct canon_rr*)k2; - log_assert(r1->rrset == r2->rrset); - return canonical_compare(r1->rrset, r1->rr_idx, r2->rr_idx); -} - -/** - * Sort RRs for rrset in canonical order. - * Does not actually canonicalize the RR rdatas. - * Does not touch rrsigs. - * @param rrset: to sort. - * @param d: rrset data. - * @param sortree: tree to sort into. - * @param rrs: rr storage. - */ -static void -canonical_sort(struct ub_packed_rrset_key* rrset, struct packed_rrset_data* d, - rbtree_type* sortree, struct canon_rr* rrs) -{ - size_t i; - /* insert into rbtree to sort and detect duplicates */ - for(i=0; icount; i++) { - rrs[i].node.key = &rrs[i]; - rrs[i].rrset = rrset; - rrs[i].rr_idx = i; - if(!rbtree_insert(sortree, &rrs[i].node)) { - /* this was a duplicate */ - } - } -} - -/** - * Inser canonical owner name into buffer. - * @param buf: buffer to insert into at current position. - * @param k: rrset with its owner name. - * @param sig: signature with signer name and label count. - * must be length checked, at least 18 bytes long. - * @param can_owner: position in buffer returned for future use. - * @param can_owner_len: length of canonical owner name. - */ -static void -insert_can_owner(sldns_buffer* buf, struct ub_packed_rrset_key* k, - uint8_t* sig, uint8_t** can_owner, size_t* can_owner_len) -{ - int rrsig_labels = (int)sig[3]; - int fqdn_labels = dname_signame_label_count(k->rk.dname); - *can_owner = sldns_buffer_current(buf); - if(rrsig_labels == fqdn_labels) { - /* no change */ - sldns_buffer_write(buf, k->rk.dname, k->rk.dname_len); - query_dname_tolower(*can_owner); - *can_owner_len = k->rk.dname_len; - return; - } - log_assert(rrsig_labels < fqdn_labels); - /* *. | fqdn(rightmost rrsig_labels) */ - if(rrsig_labels < fqdn_labels) { - int i; - uint8_t* nm = k->rk.dname; - size_t len = k->rk.dname_len; - /* so skip fqdn_labels-rrsig_labels */ - for(i=0; irk.type)) { - case LDNS_RR_TYPE_NXT: - case LDNS_RR_TYPE_NS: - case LDNS_RR_TYPE_MD: - case LDNS_RR_TYPE_MF: - case LDNS_RR_TYPE_CNAME: - case LDNS_RR_TYPE_MB: - case LDNS_RR_TYPE_MG: - case LDNS_RR_TYPE_MR: - case LDNS_RR_TYPE_PTR: - case LDNS_RR_TYPE_DNAME: - /* type only has a single argument, the name */ - query_dname_tolower(datstart); - return; - case LDNS_RR_TYPE_MINFO: - case LDNS_RR_TYPE_RP: - case LDNS_RR_TYPE_SOA: - /* two names after another */ - query_dname_tolower(datstart); - query_dname_tolower(datstart + - dname_valid(datstart, len-2)); - return; - case LDNS_RR_TYPE_RT: - case LDNS_RR_TYPE_AFSDB: - case LDNS_RR_TYPE_KX: - case LDNS_RR_TYPE_MX: - /* skip fixed part */ - if(len < 2+2+1) /* rdlen, skiplen, 1byteroot */ - return; - datstart += 2; - query_dname_tolower(datstart); - return; - case LDNS_RR_TYPE_SIG: - /* downcase the RRSIG, compat with BIND (kept it from SIG) */ - case LDNS_RR_TYPE_RRSIG: - /* skip fixed part */ - if(len < 2+18+1) - return; - datstart += 18; - query_dname_tolower(datstart); - return; - case LDNS_RR_TYPE_PX: - /* skip, then two names after another */ - if(len < 2+2+1) - return; - datstart += 2; - query_dname_tolower(datstart); - query_dname_tolower(datstart + - dname_valid(datstart, len-2-2)); - return; - case LDNS_RR_TYPE_NAPTR: - if(len < 2+4) - return; - len -= 2+4; - datstart += 4; - if(len < (size_t)datstart[0]+1) /* skip text field */ - return; - len -= (size_t)datstart[0]+1; - datstart += (size_t)datstart[0]+1; - if(len < (size_t)datstart[0]+1) /* skip text field */ - return; - len -= (size_t)datstart[0]+1; - datstart += (size_t)datstart[0]+1; - if(len < (size_t)datstart[0]+1) /* skip text field */ - return; - len -= (size_t)datstart[0]+1; - datstart += (size_t)datstart[0]+1; - if(len < 1) /* check name is at least 1 byte*/ - return; - query_dname_tolower(datstart); - return; - case LDNS_RR_TYPE_SRV: - /* skip fixed part */ - if(len < 2+6+1) - return; - datstart += 6; - query_dname_tolower(datstart); - return; - - /* do not canonicalize NSEC rdata name, compat with - * from bind 9.4 signer, where it does not do so */ - case LDNS_RR_TYPE_NSEC: /* type starts with the name */ - case LDNS_RR_TYPE_HINFO: /* not downcased */ - /* A6 not supported */ - default: - /* nothing to do for unknown types */ - return; - } -} - -int rrset_canonical_equal(struct regional* region, - struct ub_packed_rrset_key* k1, struct ub_packed_rrset_key* k2) -{ - struct rbtree_type sortree1, sortree2; - struct canon_rr *rrs1, *rrs2, *p1, *p2; - struct packed_rrset_data* d1=(struct packed_rrset_data*)k1->entry.data; - struct packed_rrset_data* d2=(struct packed_rrset_data*)k2->entry.data; - struct ub_packed_rrset_key fk; - struct packed_rrset_data fd; - size_t flen[2]; - uint8_t* fdata[2]; - - /* basic compare */ - if(k1->rk.dname_len != k2->rk.dname_len || - k1->rk.flags != k2->rk.flags || - k1->rk.type != k2->rk.type || - k1->rk.rrset_class != k2->rk.rrset_class || - query_dname_compare(k1->rk.dname, k2->rk.dname) != 0) - return 0; - if(d1->ttl != d2->ttl || - d1->count != d2->count || - d1->rrsig_count != d2->rrsig_count || - d1->trust != d2->trust || - d1->security != d2->security) - return 0; - - /* init */ - memset(&fk, 0, sizeof(fk)); - memset(&fd, 0, sizeof(fd)); - fk.entry.data = &fd; - fd.count = 2; - fd.rr_len = flen; - fd.rr_data = fdata; - rbtree_init(&sortree1, &canonical_tree_compare); - rbtree_init(&sortree2, &canonical_tree_compare); - if(d1->count > RR_COUNT_MAX || d2->count > RR_COUNT_MAX) - return 1; /* protection against integer overflow */ - rrs1 = regional_alloc(region, sizeof(struct canon_rr)*d1->count); - rrs2 = regional_alloc(region, sizeof(struct canon_rr)*d2->count); - if(!rrs1 || !rrs2) return 1; /* alloc failure */ - - /* sort */ - canonical_sort(k1, d1, &sortree1, rrs1); - canonical_sort(k2, d2, &sortree2, rrs2); - - /* compare canonical-sorted RRs for canonical-equality */ - if(sortree1.count != sortree2.count) - return 0; - p1 = (struct canon_rr*)rbtree_first(&sortree1); - p2 = (struct canon_rr*)rbtree_first(&sortree2); - while(p1 != (struct canon_rr*)RBTREE_NULL && - p2 != (struct canon_rr*)RBTREE_NULL) { - flen[0] = d1->rr_len[p1->rr_idx]; - flen[1] = d2->rr_len[p2->rr_idx]; - fdata[0] = d1->rr_data[p1->rr_idx]; - fdata[1] = d2->rr_data[p2->rr_idx]; - - if(canonical_compare(&fk, 0, 1) != 0) - return 0; - p1 = (struct canon_rr*)rbtree_next(&p1->node); - p2 = (struct canon_rr*)rbtree_next(&p2->node); - } - return 1; -} - -/** - * Create canonical form of rrset in the scratch buffer. - * @param region: temporary region. - * @param buf: the buffer to use. - * @param k: the rrset to insert. - * @param sig: RRSIG rdata to include. - * @param siglen: RRSIG rdata len excluding signature field, but inclusive - * signer name length. - * @param sortree: if NULL is passed a new sorted rrset tree is built. - * Otherwise it is reused. - * @return false on alloc error. - */ -static int -rrset_canonical(struct regional* region, sldns_buffer* buf, - struct ub_packed_rrset_key* k, uint8_t* sig, size_t siglen, - struct rbtree_type** sortree) -{ - struct packed_rrset_data* d = (struct packed_rrset_data*)k->entry.data; - uint8_t* can_owner = NULL; - size_t can_owner_len = 0; - struct canon_rr* walk; - struct canon_rr* rrs; - - if(!*sortree) { - *sortree = (struct rbtree_type*)regional_alloc(region, - sizeof(rbtree_type)); - if(!*sortree) - return 0; - if(d->count > RR_COUNT_MAX) - return 0; /* integer overflow protection */ - rrs = regional_alloc(region, sizeof(struct canon_rr)*d->count); - if(!rrs) { - *sortree = NULL; - return 0; - } - rbtree_init(*sortree, &canonical_tree_compare); - canonical_sort(k, d, *sortree, rrs); - } - - sldns_buffer_clear(buf); - sldns_buffer_write(buf, sig, siglen); - /* canonicalize signer name */ - query_dname_tolower(sldns_buffer_begin(buf)+18); - RBTREE_FOR(walk, struct canon_rr*, (*sortree)) { - /* see if there is enough space left in the buffer */ - if(sldns_buffer_remaining(buf) < can_owner_len + 2 + 2 + 4 - + d->rr_len[walk->rr_idx]) { - log_err("verify: failed to canonicalize, " - "rrset too big"); - return 0; - } - /* determine canonical owner name */ - if(can_owner) - sldns_buffer_write(buf, can_owner, can_owner_len); - else insert_can_owner(buf, k, sig, &can_owner, - &can_owner_len); - sldns_buffer_write(buf, &k->rk.type, 2); - sldns_buffer_write(buf, &k->rk.rrset_class, 2); - sldns_buffer_write(buf, sig+4, 4); - sldns_buffer_write(buf, d->rr_data[walk->rr_idx], - d->rr_len[walk->rr_idx]); - canonicalize_rdata(buf, k, d->rr_len[walk->rr_idx]); - } - sldns_buffer_flip(buf); - return 1; -} - -/** pretty print rrsig error with dates */ -static void -sigdate_error(const char* str, int32_t expi, int32_t incep, int32_t now) -{ - struct tm tm; - char expi_buf[16]; - char incep_buf[16]; - char now_buf[16]; - time_t te, ti, tn; - - if(verbosity < VERB_QUERY) - return; - te = (time_t)expi; - ti = (time_t)incep; - tn = (time_t)now; - memset(&tm, 0, sizeof(tm)); - if(gmtime_r(&te, &tm) && strftime(expi_buf, 15, "%Y%m%d%H%M%S", &tm) - &&gmtime_r(&ti, &tm) && strftime(incep_buf, 15, "%Y%m%d%H%M%S", &tm) - &&gmtime_r(&tn, &tm) && strftime(now_buf, 15, "%Y%m%d%H%M%S", &tm)) { - log_info("%s expi=%s incep=%s now=%s", str, expi_buf, - incep_buf, now_buf); - } else - log_info("%s expi=%u incep=%u now=%u", str, (unsigned)expi, - (unsigned)incep, (unsigned)now); -} - -/** check rrsig dates */ -static int -check_dates(struct val_env* ve, uint32_t unow, - uint8_t* expi_p, uint8_t* incep_p, char** reason) -{ - /* read out the dates */ - int32_t expi, incep, now; - memmove(&expi, expi_p, sizeof(expi)); - memmove(&incep, incep_p, sizeof(incep)); - expi = ntohl(expi); - incep = ntohl(incep); - - /* get current date */ - if(ve->date_override) { - if(ve->date_override == -1) { - verbose(VERB_ALGO, "date override: ignore date"); - return 1; - } - now = ve->date_override; - verbose(VERB_ALGO, "date override option %d", (int)now); - } else now = (int32_t)unow; - - /* check them */ - if(incep - expi > 0) { - sigdate_error("verify: inception after expiration, " - "signature bad", expi, incep, now); - *reason = "signature inception after expiration"; - return 0; - } - if(incep - now > 0) { - /* within skew ? (calc here to avoid calculation normally) */ - int32_t skew = (expi-incep)/10; - if(skew < ve->skew_min) skew = ve->skew_min; - if(skew > ve->skew_max) skew = ve->skew_max; - if(incep - now > skew) { - sigdate_error("verify: signature bad, current time is" - " before inception date", expi, incep, now); - *reason = "signature before inception date"; - return 0; - } - sigdate_error("verify warning suspicious signature inception " - " or bad local clock", expi, incep, now); - } - if(now - expi > 0) { - int32_t skew = (expi-incep)/10; - if(skew < ve->skew_min) skew = ve->skew_min; - if(skew > ve->skew_max) skew = ve->skew_max; - if(now - expi > skew) { - sigdate_error("verify: signature expired", expi, - incep, now); - *reason = "signature expired"; - return 0; - } - sigdate_error("verify warning suspicious signature expiration " - " or bad local clock", expi, incep, now); - } - return 1; -} - -/** adjust rrset TTL for verified rrset, compare to original TTL and expi */ -static void -adjust_ttl(struct val_env* ve, uint32_t unow, - struct ub_packed_rrset_key* rrset, uint8_t* orig_p, - uint8_t* expi_p, uint8_t* incep_p) -{ - struct packed_rrset_data* d = - (struct packed_rrset_data*)rrset->entry.data; - /* read out the dates */ - int32_t origttl, expittl, expi, incep, now; - memmove(&origttl, orig_p, sizeof(origttl)); - memmove(&expi, expi_p, sizeof(expi)); - memmove(&incep, incep_p, sizeof(incep)); - expi = ntohl(expi); - incep = ntohl(incep); - origttl = ntohl(origttl); - - /* get current date */ - if(ve->date_override) { - now = ve->date_override; - } else now = (int32_t)unow; - expittl = expi - now; - - /* so now: - * d->ttl: rrset ttl read from message or cache. May be reduced - * origttl: original TTL from signature, authoritative TTL max. - * MIN_TTL: minimum TTL from config. - * expittl: TTL until the signature expires. - * - * Use the smallest of these, but don't let origttl set the TTL - * below the minimum. - */ - if(MIN_TTL > (time_t)origttl && d->ttl > MIN_TTL) { - verbose(VERB_QUERY, "rrset TTL larger than original and minimum" - " TTL, adjusting TTL downwards to minimum ttl"); - d->ttl = MIN_TTL; - } - else if(MIN_TTL <= origttl && d->ttl > (time_t)origttl) { - verbose(VERB_QUERY, "rrset TTL larger than original TTL, " - "adjusting TTL downwards to original ttl"); - d->ttl = origttl; - } - - if(expittl > 0 && d->ttl > (time_t)expittl) { - verbose(VERB_ALGO, "rrset TTL larger than sig expiration ttl," - " adjusting TTL downwards"); - d->ttl = expittl; - } -} - -enum sec_status -dnskey_verify_rrset_sig(struct regional* region, sldns_buffer* buf, - struct val_env* ve, time_t now, - struct ub_packed_rrset_key* rrset, struct ub_packed_rrset_key* dnskey, - size_t dnskey_idx, size_t sig_idx, - struct rbtree_type** sortree, int* buf_canon, char** reason) -{ - enum sec_status sec; - uint8_t* sig; /* RRSIG rdata */ - size_t siglen; - size_t rrnum = rrset_get_count(rrset); - uint8_t* signer; /* rrsig signer name */ - size_t signer_len; - unsigned char* sigblock; /* signature rdata field */ - unsigned int sigblock_len; - uint16_t ktag; /* DNSKEY key tag */ - unsigned char* key; /* public key rdata field */ - unsigned int keylen; - rrset_get_rdata(rrset, rrnum + sig_idx, &sig, &siglen); - /* min length of rdatalen, fixed rrsig, root signer, 1 byte sig */ - if(siglen < 2+20) { - verbose(VERB_QUERY, "verify: signature too short"); - *reason = "signature too short"; - return sec_status_bogus; - } - - if(!(dnskey_get_flags(dnskey, dnskey_idx) & DNSKEY_BIT_ZSK)) { - verbose(VERB_QUERY, "verify: dnskey without ZSK flag"); - *reason = "dnskey without ZSK flag"; - return sec_status_bogus; - } - - if(dnskey_get_protocol(dnskey, dnskey_idx) != LDNS_DNSSEC_KEYPROTO) { - /* RFC 4034 says DNSKEY PROTOCOL MUST be 3 */ - verbose(VERB_QUERY, "verify: dnskey has wrong key protocol"); - *reason = "dnskey has wrong protocolnumber"; - return sec_status_bogus; - } - - /* verify as many fields in rrsig as possible */ - signer = sig+2+18; - signer_len = dname_valid(signer, siglen-2-18); - if(!signer_len) { - verbose(VERB_QUERY, "verify: malformed signer name"); - *reason = "signer name malformed"; - return sec_status_bogus; /* signer name invalid */ - } - if(!dname_subdomain_c(rrset->rk.dname, signer)) { - verbose(VERB_QUERY, "verify: signer name is off-tree"); - *reason = "signer name off-tree"; - return sec_status_bogus; /* signer name offtree */ - } - sigblock = (unsigned char*)signer+signer_len; - if(siglen < 2+18+signer_len+1) { - verbose(VERB_QUERY, "verify: too short, no signature data"); - *reason = "signature too short, no signature data"; - return sec_status_bogus; /* sig rdf is < 1 byte */ - } - sigblock_len = (unsigned int)(siglen - 2 - 18 - signer_len); - - /* verify key dname == sig signer name */ - if(query_dname_compare(signer, dnskey->rk.dname) != 0) { - verbose(VERB_QUERY, "verify: wrong key for rrsig"); - log_nametypeclass(VERB_QUERY, "RRSIG signername is", - signer, 0, 0); - log_nametypeclass(VERB_QUERY, "the key name is", - dnskey->rk.dname, 0, 0); - *reason = "signer name mismatches key name"; - return sec_status_bogus; - } - - /* verify covered type */ - /* memcmp works because type is in network format for rrset */ - if(memcmp(sig+2, &rrset->rk.type, 2) != 0) { - verbose(VERB_QUERY, "verify: wrong type covered"); - *reason = "signature covers wrong type"; - return sec_status_bogus; - } - /* verify keytag and sig algo (possibly again) */ - if((int)sig[2+2] != dnskey_get_algo(dnskey, dnskey_idx)) { - verbose(VERB_QUERY, "verify: wrong algorithm"); - *reason = "signature has wrong algorithm"; - return sec_status_bogus; - } - ktag = htons(dnskey_calc_keytag(dnskey, dnskey_idx)); - if(memcmp(sig+2+16, &ktag, 2) != 0) { - verbose(VERB_QUERY, "verify: wrong keytag"); - *reason = "signature has wrong keytag"; - return sec_status_bogus; - } - - /* verify labels is in a valid range */ - if((int)sig[2+3] > dname_signame_label_count(rrset->rk.dname)) { - verbose(VERB_QUERY, "verify: labelcount out of range"); - *reason = "signature labelcount out of range"; - return sec_status_bogus; - } - - /* original ttl, always ok */ - - if(!*buf_canon) { - /* create rrset canonical format in buffer, ready for - * signature */ - if(!rrset_canonical(region, buf, rrset, sig+2, - 18 + signer_len, sortree)) { - log_err("verify: failed due to alloc error"); - return sec_status_unchecked; - } - *buf_canon = 1; - } - - /* check that dnskey is available */ - dnskey_get_pubkey(dnskey, dnskey_idx, &key, &keylen); - if(!key) { - verbose(VERB_QUERY, "verify: short DNSKEY RR"); - return sec_status_unchecked; - } - - /* verify */ - sec = verify_canonrrset(buf, (int)sig[2+2], - sigblock, sigblock_len, key, keylen, reason); - - if(sec == sec_status_secure) { - /* check if TTL is too high - reduce if so */ - adjust_ttl(ve, now, rrset, sig+2+4, sig+2+8, sig+2+12); - - /* verify inception, expiration dates - * Do this last so that if you ignore expired-sigs the - * rest is sure to be OK. */ - if(!check_dates(ve, now, sig+2+8, sig+2+12, reason)) { - return sec_status_bogus; - } - } - - return sec; -} diff --git a/external/unbound/validator/val_sigcrypt.h b/external/unbound/validator/val_sigcrypt.h deleted file mode 100644 index 5a975acff..000000000 --- a/external/unbound/validator/val_sigcrypt.h +++ /dev/null @@ -1,323 +0,0 @@ -/* - * validator/val_sigcrypt.h - validator signature crypto functions. - * - * Copyright (c) 2007, NLnet Labs. All rights reserved. - * - * This software is open source. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * Redistributions of source code must retain the above copyright notice, - * this list of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, - * this list of conditions and the following disclaimer in the documentation - * and/or other materials provided with the distribution. - * - * Neither the name of the NLNET LABS nor the names of its contributors may - * be used to endorse or promote products derived from this software without - * specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR - * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT - * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED - * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR - * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF - * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING - * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -/** - * \file - * - * This file contains helper functions for the validator module. - * The functions help with signature verification and checking, the - * bridging between RR wireformat data and crypto calls. - */ - -#ifndef VALIDATOR_VAL_SIGCRYPT_H -#define VALIDATOR_VAL_SIGCRYPT_H -#include "util/data/packed_rrset.h" -struct val_env; -struct module_env; -struct ub_packed_rrset_key; -struct rbtree_type; -struct regional; -struct sldns_buffer; - -/** number of entries in algorithm needs array */ -#define ALGO_NEEDS_MAX 256 - -/** - * Storage for algorithm needs. DNSKEY algorithms. - */ -struct algo_needs { - /** the algorithms (8-bit) with each a number. - * 0: not marked. - * 1: marked 'necessary but not yet fulfilled' - * 2: marked bogus. - * Indexed by algorithm number. - */ - uint8_t needs[ALGO_NEEDS_MAX]; - /** the number of entries in the array that are unfulfilled */ - size_t num; -}; - -/** - * Initialize algo needs structure, set algos from rrset as needed. - * Results are added to an existing need structure. - * @param n: struct with storage. - * @param dnskey: algos from this struct set as necessary. DNSKEY set. - * @param sigalg: adds to signalled algorithm list too. - */ -void algo_needs_init_dnskey_add(struct algo_needs* n, - struct ub_packed_rrset_key* dnskey, uint8_t* sigalg); - -/** - * Initialize algo needs structure from a signalled algo list. - * @param n: struct with storage. - * @param sigalg: signalled algorithm list, numbers ends with 0. - */ -void algo_needs_init_list(struct algo_needs* n, uint8_t* sigalg); - -/** - * Initialize algo needs structure, set algos from rrset as needed. - * @param n: struct with storage. - * @param ds: algos from this struct set as necessary. DS set. - * @param fav_ds_algo: filter to use only this DS algo. - * @param sigalg: list of signalled algos, constructed as output, - * provide size ALGO_NEEDS_MAX+1. list of algonumbers, ends with a zero. - */ -void algo_needs_init_ds(struct algo_needs* n, struct ub_packed_rrset_key* ds, - int fav_ds_algo, uint8_t* sigalg); - -/** - * Mark this algorithm as a success, sec_secure, and see if we are done. - * @param n: storage structure processed. - * @param algo: the algorithm processed to be secure. - * @return if true, processing has finished successfully, we are satisfied. - */ -int algo_needs_set_secure(struct algo_needs* n, uint8_t algo); - -/** - * Mark this algorithm a failure, sec_bogus. It can later be overridden - * by a success for this algorithm (with a different signature). - * @param n: storage structure processed. - * @param algo: the algorithm processed to be bogus. - */ -void algo_needs_set_bogus(struct algo_needs* n, uint8_t algo); - -/** - * See how many algorithms are missing (not bogus or secure, but not processed) - * @param n: storage structure processed. - * @return number of algorithms missing after processing. - */ -size_t algo_needs_num_missing(struct algo_needs* n); - -/** - * See which algo is missing. - * @param n: struct after processing. - * @return if 0 an algorithm was bogus, if a number, this algorithm was - * missing. So on 0, report why that was bogus, on number report a missing - * algorithm. There could be multiple missing, this reports the first one. - */ -int algo_needs_missing(struct algo_needs* n); - -/** - * Format error reason for algorithm missing. - * @param env: module env with scratch for temp storage of string. - * @param alg: DNSKEY-algorithm missing. - * @param reason: destination. - * @param s: string, appended with 'with algorithm ..'. - */ -void algo_needs_reason(struct module_env* env, int alg, char** reason, char* s); - -/** - * Check if dnskey matches a DS digest - * Does not check dnskey-keyid footprint, just the digest. - * @param env: module environment. Uses scratch space. - * @param dnskey_rrset: DNSKEY rrset. - * @param dnskey_idx: index of RR in rrset. - * @param ds_rrset: DS rrset - * @param ds_idx: index of RR in DS rrset. - * @return true if it matches, false on error, not supported or no match. - */ -int ds_digest_match_dnskey(struct module_env* env, - struct ub_packed_rrset_key* dnskey_rrset, size_t dnskey_idx, - struct ub_packed_rrset_key* ds_rrset, size_t ds_idx); - -/** - * Get dnskey keytag, footprint value - * @param dnskey_rrset: DNSKEY rrset. - * @param dnskey_idx: index of RR in rrset. - * @return the keytag or 0 for badly formatted DNSKEYs. - */ -uint16_t dnskey_calc_keytag(struct ub_packed_rrset_key* dnskey_rrset, - size_t dnskey_idx); - -/** - * Get DS keytag, footprint value that matches the DNSKEY keytag it signs. - * @param ds_rrset: DS rrset - * @param ds_idx: index of RR in DS rrset. - * @return the keytag or 0 for badly formatted DSs. - */ -uint16_t ds_get_keytag(struct ub_packed_rrset_key* ds_rrset, size_t ds_idx); - -/** - * See if DNSKEY algorithm is supported - * @param dnskey_rrset: DNSKEY rrset. - * @param dnskey_idx: index of RR in rrset. - * @return true if supported. - */ -int dnskey_algo_is_supported(struct ub_packed_rrset_key* dnskey_rrset, - size_t dnskey_idx); - -/** - * See if DS digest algorithm is supported - * @param ds_rrset: DS rrset - * @param ds_idx: index of RR in DS rrset. - * @return true if supported. - */ -int ds_digest_algo_is_supported(struct ub_packed_rrset_key* ds_rrset, - size_t ds_idx); - -/** - * Get DS RR digest algorithm - * @param ds_rrset: DS rrset. - * @param ds_idx: which DS. - * @return algorithm or 0 if DS too short. - */ -int ds_get_digest_algo(struct ub_packed_rrset_key* ds_rrset, size_t ds_idx); - -/** - * See if DS key algorithm is supported - * @param ds_rrset: DS rrset - * @param ds_idx: index of RR in DS rrset. - * @return true if supported. - */ -int ds_key_algo_is_supported(struct ub_packed_rrset_key* ds_rrset, - size_t ds_idx); - -/** - * Get DS RR key algorithm. This value should match with the DNSKEY algo. - * @param k: DS rrset. - * @param idx: which DS. - * @return algorithm or 0 if DS too short. - */ -int ds_get_key_algo(struct ub_packed_rrset_key* k, size_t idx); - -/** - * Get DNSKEY RR signature algorithm - * @param k: DNSKEY rrset. - * @param idx: which DNSKEY RR. - * @return algorithm or 0 if DNSKEY too short. - */ -int dnskey_get_algo(struct ub_packed_rrset_key* k, size_t idx); - -/** - * Get DNSKEY RR flags - * @param k: DNSKEY rrset. - * @param idx: which DNSKEY RR. - * @return flags or 0 if DNSKEY too short. - */ -uint16_t dnskey_get_flags(struct ub_packed_rrset_key* k, size_t idx); - -/** - * Verify rrset against dnskey rrset. - * @param env: module environment, scratch space is used. - * @param ve: validator environment, date settings. - * @param rrset: to be validated. - * @param dnskey: DNSKEY rrset, keyset to try. - * @param sigalg: if nonNULL provide downgrade protection otherwise one - * algorithm is enough. - * @param reason: if bogus, a string returned, fixed or alloced in scratch. - * @return SECURE if one key in the set verifies one rrsig. - * UNCHECKED on allocation errors, unsupported algorithms, malformed data, - * and BOGUS on verification failures (no keys match any signatures). - */ -enum sec_status dnskeyset_verify_rrset(struct module_env* env, - struct val_env* ve, struct ub_packed_rrset_key* rrset, - struct ub_packed_rrset_key* dnskey, uint8_t* sigalg, char** reason); - -/** - * verify rrset against one specific dnskey (from rrset) - * @param env: module environment, scratch space is used. - * @param ve: validator environment, date settings. - * @param rrset: to be validated. - * @param dnskey: DNSKEY rrset, keyset. - * @param dnskey_idx: which key from the rrset to try. - * @param reason: if bogus, a string returned, fixed or alloced in scratch. - * @return secure if *this* key signs any of the signatures on rrset. - * unchecked on error or and bogus on bad signature. - */ -enum sec_status dnskey_verify_rrset(struct module_env* env, - struct val_env* ve, struct ub_packed_rrset_key* rrset, - struct ub_packed_rrset_key* dnskey, size_t dnskey_idx, char** reason); - -/** - * verify rrset, with dnskey rrset, for a specific rrsig in rrset - * @param env: module environment, scratch space is used. - * @param ve: validator environment, date settings. - * @param now: current time for validation (can be overridden). - * @param rrset: to be validated. - * @param dnskey: DNSKEY rrset, keyset to try. - * @param sig_idx: which signature to try to validate. - * @param sortree: reused sorted order. Stored in region. Pass NULL at start, - * and for a new rrset. - * @param reason: if bogus, a string returned, fixed or alloced in scratch. - * @return secure if any key signs *this* signature. bogus if no key signs it, - * or unchecked on error. - */ -enum sec_status dnskeyset_verify_rrset_sig(struct module_env* env, - struct val_env* ve, time_t now, struct ub_packed_rrset_key* rrset, - struct ub_packed_rrset_key* dnskey, size_t sig_idx, - struct rbtree_type** sortree, char** reason); - -/** - * verify rrset, with specific dnskey(from set), for a specific rrsig - * @param region: scratch region used for temporary allocation. - * @param buf: scratch buffer used for canonicalized rrset data. - * @param ve: validator environment, date settings. - * @param now: current time for validation (can be overridden). - * @param rrset: to be validated. - * @param dnskey: DNSKEY rrset, keyset. - * @param dnskey_idx: which key from the rrset to try. - * @param sig_idx: which signature to try to validate. - * @param sortree: pass NULL at start, the sorted rrset order is returned. - * pass it again for the same rrset. - * @param buf_canon: if true, the buffer is already canonical. - * pass false at start. pass old value only for same rrset and same - * signature (but perhaps different key) for reuse. - * @param reason: if bogus, a string returned, fixed or alloced in scratch. - * @return secure if this key signs this signature. unchecked on error or - * bogus if it did not validate. - */ -enum sec_status dnskey_verify_rrset_sig(struct regional* region, - struct sldns_buffer* buf, struct val_env* ve, time_t now, - struct ub_packed_rrset_key* rrset, struct ub_packed_rrset_key* dnskey, - size_t dnskey_idx, size_t sig_idx, - struct rbtree_type** sortree, int* buf_canon, char** reason); - -/** - * canonical compare for two tree entries - */ -int canonical_tree_compare(const void* k1, const void* k2); - -/** - * Compare two rrsets and see if they are the same, canonicalised. - * The rrsets are not altered. - * @param region: temporary region. - * @param k1: rrset1 - * @param k2: rrset2 - * @return true if equal. - */ -int rrset_canonical_equal(struct regional* region, - struct ub_packed_rrset_key* k1, struct ub_packed_rrset_key* k2); - -#endif /* VALIDATOR_VAL_SIGCRYPT_H */ diff --git a/external/unbound/validator/val_utils.c b/external/unbound/validator/val_utils.c deleted file mode 100644 index e3677e1d9..000000000 --- a/external/unbound/validator/val_utils.c +++ /dev/null @@ -1,1151 +0,0 @@ -/* - * validator/val_utils.c - validator utility functions. - * - * Copyright (c) 2007, NLnet Labs. All rights reserved. - * - * This software is open source. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * Redistributions of source code must retain the above copyright notice, - * this list of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, - * this list of conditions and the following disclaimer in the documentation - * and/or other materials provided with the distribution. - * - * Neither the name of the NLNET LABS nor the names of its contributors may - * be used to endorse or promote products derived from this software without - * specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR - * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT - * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED - * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR - * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF - * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING - * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -/** - * \file - * - * This file contains helper functions for the validator module. - */ -#include "config.h" -#include "validator/val_utils.h" -#include "validator/validator.h" -#include "validator/val_kentry.h" -#include "validator/val_sigcrypt.h" -#include "validator/val_anchor.h" -#include "validator/val_nsec.h" -#include "validator/val_neg.h" -#include "services/cache/rrset.h" -#include "services/cache/dns.h" -#include "util/data/msgreply.h" -#include "util/data/packed_rrset.h" -#include "util/data/dname.h" -#include "util/net_help.h" -#include "util/module.h" -#include "util/regional.h" -#include "sldns/wire2str.h" -#include "sldns/parseutil.h" - -enum val_classification -val_classify_response(uint16_t query_flags, struct query_info* origqinf, - struct query_info* qinf, struct reply_info* rep, size_t skip) -{ - int rcode = (int)FLAGS_GET_RCODE(rep->flags); - size_t i; - - /* Normal Name Error's are easy to detect -- but don't mistake a CNAME - * chain ending in NXDOMAIN. */ - if(rcode == LDNS_RCODE_NXDOMAIN && rep->an_numrrsets == 0) - return VAL_CLASS_NAMEERROR; - - /* check for referral: nonRD query and it looks like a nodata */ - if(!(query_flags&BIT_RD) && rep->an_numrrsets == 0 && - rcode == LDNS_RCODE_NOERROR) { - /* SOA record in auth indicates it is NODATA instead. - * All validation requiring NODATA messages have SOA in - * authority section. */ - /* uses fact that answer section is empty */ - int saw_ns = 0; - for(i=0; ins_numrrsets; i++) { - if(ntohs(rep->rrsets[i]->rk.type) == LDNS_RR_TYPE_SOA) - return VAL_CLASS_NODATA; - if(ntohs(rep->rrsets[i]->rk.type) == LDNS_RR_TYPE_DS) - return VAL_CLASS_REFERRAL; - if(ntohs(rep->rrsets[i]->rk.type) == LDNS_RR_TYPE_NS) - saw_ns = 1; - } - return saw_ns?VAL_CLASS_REFERRAL:VAL_CLASS_NODATA; - } - /* root referral where NS set is in the answer section */ - if(!(query_flags&BIT_RD) && rep->ns_numrrsets == 0 && - rep->an_numrrsets == 1 && rcode == LDNS_RCODE_NOERROR && - ntohs(rep->rrsets[0]->rk.type) == LDNS_RR_TYPE_NS && - query_dname_compare(rep->rrsets[0]->rk.dname, - origqinf->qname) != 0) - return VAL_CLASS_REFERRAL; - - /* dump bad messages */ - if(rcode != LDNS_RCODE_NOERROR && rcode != LDNS_RCODE_NXDOMAIN) - return VAL_CLASS_UNKNOWN; - /* next check if the skip into the answer section shows no answer */ - if(skip>0 && rep->an_numrrsets <= skip) - return VAL_CLASS_CNAMENOANSWER; - - /* Next is NODATA */ - if(rcode == LDNS_RCODE_NOERROR && rep->an_numrrsets == 0) - return VAL_CLASS_NODATA; - - /* We distinguish between CNAME response and other positive/negative - * responses because CNAME answers require extra processing. */ - - /* We distinguish between ANY and CNAME or POSITIVE because - * ANY responses are validated differently. */ - if(rcode == LDNS_RCODE_NOERROR && qinf->qtype == LDNS_RR_TYPE_ANY) - return VAL_CLASS_ANY; - - /* Note that DNAMEs will be ignored here, unless qtype=DNAME. Unless - * qtype=CNAME, this will yield a CNAME response. */ - for(i=skip; ian_numrrsets; i++) { - if(rcode == LDNS_RCODE_NOERROR && - ntohs(rep->rrsets[i]->rk.type) == qinf->qtype) - return VAL_CLASS_POSITIVE; - if(ntohs(rep->rrsets[i]->rk.type) == LDNS_RR_TYPE_CNAME) - return VAL_CLASS_CNAME; - } - log_dns_msg("validator: error. failed to classify response message: ", - qinf, rep); - return VAL_CLASS_UNKNOWN; -} - -/** Get signer name from RRSIG */ -static void -rrsig_get_signer(uint8_t* data, size_t len, uint8_t** sname, size_t* slen) -{ - /* RRSIG rdata is not allowed to be compressed, it is stored - * uncompressed in memory as well, so return a ptr to the name */ - if(len < 21) { - /* too short RRSig: - * short, byte, byte, long, long, long, short, "." is - * 2 1 1 4 4 4 2 1 = 19 - * and a skip of 18 bytes to the name. - * +2 for the rdatalen is 21 bytes len for root label */ - *sname = NULL; - *slen = 0; - return; - } - data += 20; /* skip the fixed size bits */ - len -= 20; - *slen = dname_valid(data, len); - if(!*slen) { - /* bad dname in this rrsig. */ - *sname = NULL; - return; - } - *sname = data; -} - -void -val_find_rrset_signer(struct ub_packed_rrset_key* rrset, uint8_t** sname, - size_t* slen) -{ - struct packed_rrset_data* d = (struct packed_rrset_data*) - rrset->entry.data; - /* return signer for first signature, or NULL */ - if(d->rrsig_count == 0) { - *sname = NULL; - *slen = 0; - return; - } - /* get rrsig signer name out of the signature */ - rrsig_get_signer(d->rr_data[d->count], d->rr_len[d->count], - sname, slen); -} - -/** - * Find best signer name in this set of rrsigs. - * @param rrset: which rrsigs to look through. - * @param qinf: the query name that needs validation. - * @param signer_name: the best signer_name. Updated if a better one is found. - * @param signer_len: length of signer name. - * @param matchcount: count of current best name (starts at 0 for no match). - * Updated if match is improved. - */ -static void -val_find_best_signer(struct ub_packed_rrset_key* rrset, - struct query_info* qinf, uint8_t** signer_name, size_t* signer_len, - int* matchcount) -{ - struct packed_rrset_data* d = (struct packed_rrset_data*) - rrset->entry.data; - uint8_t* sign; - size_t i; - int m; - for(i=d->count; icount+d->rrsig_count; i++) { - sign = d->rr_data[i]+2+18; - /* look at signatures that are valid (long enough), - * and have a signer name that is a superdomain of qname, - * and then check the number of labels in the shared topdomain - * improve the match if possible */ - if(d->rr_len[i] > 2+19 && /* rdata, sig + root label*/ - dname_subdomain_c(qinf->qname, sign)) { - (void)dname_lab_cmp(qinf->qname, - dname_count_labels(qinf->qname), - sign, dname_count_labels(sign), &m); - if(m > *matchcount) { - *matchcount = m; - *signer_name = sign; - (void)dname_count_size_labels(*signer_name, - signer_len); - } - } - } -} - -void -val_find_signer(enum val_classification subtype, struct query_info* qinf, - struct reply_info* rep, size_t skip, uint8_t** signer_name, - size_t* signer_len) -{ - size_t i; - - if(subtype == VAL_CLASS_POSITIVE) { - /* check for the answer rrset */ - for(i=skip; ian_numrrsets; i++) { - if(query_dname_compare(qinf->qname, - rep->rrsets[i]->rk.dname) == 0) { - val_find_rrset_signer(rep->rrsets[i], - signer_name, signer_len); - return; - } - } - *signer_name = NULL; - *signer_len = 0; - } else if(subtype == VAL_CLASS_CNAME) { - /* check for the first signed cname/dname rrset */ - for(i=skip; ian_numrrsets; i++) { - val_find_rrset_signer(rep->rrsets[i], - signer_name, signer_len); - if(*signer_name) - return; - if(ntohs(rep->rrsets[i]->rk.type) != LDNS_RR_TYPE_DNAME) - break; /* only check CNAME after a DNAME */ - } - *signer_name = NULL; - *signer_len = 0; - } else if(subtype == VAL_CLASS_NAMEERROR - || subtype == VAL_CLASS_NODATA) { - /*Check to see if the AUTH section NSEC record(s) have rrsigs*/ - for(i=rep->an_numrrsets; i< - rep->an_numrrsets+rep->ns_numrrsets; i++) { - if(ntohs(rep->rrsets[i]->rk.type) == LDNS_RR_TYPE_NSEC - || ntohs(rep->rrsets[i]->rk.type) == - LDNS_RR_TYPE_NSEC3) { - val_find_rrset_signer(rep->rrsets[i], - signer_name, signer_len); - return; - } - } - } else if(subtype == VAL_CLASS_CNAMENOANSWER) { - /* find closest superdomain signer name in authority section - * NSEC and NSEC3s */ - int matchcount = 0; - *signer_name = NULL; - *signer_len = 0; - for(i=rep->an_numrrsets; ian_numrrsets+rep-> - ns_numrrsets; i++) { - if(ntohs(rep->rrsets[i]->rk.type) == LDNS_RR_TYPE_NSEC - || ntohs(rep->rrsets[i]->rk.type) == - LDNS_RR_TYPE_NSEC3) { - val_find_best_signer(rep->rrsets[i], qinf, - signer_name, signer_len, &matchcount); - } - } - } else if(subtype == VAL_CLASS_ANY) { - /* check for one of the answer rrset that has signatures, - * or potentially a DNAME is in use with a different qname */ - for(i=skip; ian_numrrsets; i++) { - if(query_dname_compare(qinf->qname, - rep->rrsets[i]->rk.dname) == 0) { - val_find_rrset_signer(rep->rrsets[i], - signer_name, signer_len); - if(*signer_name) - return; - } - } - /* no answer RRSIGs with qname, try a DNAME */ - if(skip < rep->an_numrrsets && - ntohs(rep->rrsets[skip]->rk.type) == - LDNS_RR_TYPE_DNAME) { - val_find_rrset_signer(rep->rrsets[skip], - signer_name, signer_len); - if(*signer_name) - return; - } - *signer_name = NULL; - *signer_len = 0; - } else if(subtype == VAL_CLASS_REFERRAL) { - /* find keys for the item at skip */ - if(skip < rep->rrset_count) { - val_find_rrset_signer(rep->rrsets[skip], - signer_name, signer_len); - return; - } - *signer_name = NULL; - *signer_len = 0; - } else { - verbose(VERB_QUERY, "find_signer: could not find signer name" - " for unknown type response"); - *signer_name = NULL; - *signer_len = 0; - } -} - -/** return number of rrs in an rrset */ -static size_t -rrset_get_count(struct ub_packed_rrset_key* rrset) -{ - struct packed_rrset_data* d = (struct packed_rrset_data*) - rrset->entry.data; - if(!d) return 0; - return d->count; -} - -/** return TTL of rrset */ -static uint32_t -rrset_get_ttl(struct ub_packed_rrset_key* rrset) -{ - struct packed_rrset_data* d = (struct packed_rrset_data*) - rrset->entry.data; - if(!d) return 0; - return d->ttl; -} - -enum sec_status -val_verify_rrset(struct module_env* env, struct val_env* ve, - struct ub_packed_rrset_key* rrset, struct ub_packed_rrset_key* keys, - uint8_t* sigalg, char** reason) -{ - enum sec_status sec; - struct packed_rrset_data* d = (struct packed_rrset_data*)rrset-> - entry.data; - if(d->security == sec_status_secure) { - /* re-verify all other statuses, because keyset may change*/ - log_nametypeclass(VERB_ALGO, "verify rrset cached", - rrset->rk.dname, ntohs(rrset->rk.type), - ntohs(rrset->rk.rrset_class)); - return d->security; - } - /* check in the cache if verification has already been done */ - rrset_check_sec_status(env->rrset_cache, rrset, *env->now); - if(d->security == sec_status_secure) { - log_nametypeclass(VERB_ALGO, "verify rrset from cache", - rrset->rk.dname, ntohs(rrset->rk.type), - ntohs(rrset->rk.rrset_class)); - return d->security; - } - log_nametypeclass(VERB_ALGO, "verify rrset", rrset->rk.dname, - ntohs(rrset->rk.type), ntohs(rrset->rk.rrset_class)); - sec = dnskeyset_verify_rrset(env, ve, rrset, keys, sigalg, reason); - verbose(VERB_ALGO, "verify result: %s", sec_status_to_string(sec)); - regional_free_all(env->scratch); - - /* update rrset security status - * only improves security status - * and bogus is set only once, even if we rechecked the status */ - if(sec > d->security) { - d->security = sec; - if(sec == sec_status_secure) - d->trust = rrset_trust_validated; - else if(sec == sec_status_bogus) { - size_t i; - /* update ttl for rrset to fixed value. */ - d->ttl = ve->bogus_ttl; - for(i=0; icount+d->rrsig_count; i++) - d->rr_ttl[i] = ve->bogus_ttl; - /* leave RR specific TTL: not used for determine - * if RRset timed out and clients see proper value. */ - lock_basic_lock(&ve->bogus_lock); - ve->num_rrset_bogus++; - lock_basic_unlock(&ve->bogus_lock); - } - /* if status updated - store in cache for reuse */ - rrset_update_sec_status(env->rrset_cache, rrset, *env->now); - } - - return sec; -} - -enum sec_status -val_verify_rrset_entry(struct module_env* env, struct val_env* ve, - struct ub_packed_rrset_key* rrset, struct key_entry_key* kkey, - char** reason) -{ - /* temporary dnskey rrset-key */ - struct ub_packed_rrset_key dnskey; - struct key_entry_data* kd = (struct key_entry_data*)kkey->entry.data; - enum sec_status sec; - dnskey.rk.type = htons(kd->rrset_type); - dnskey.rk.rrset_class = htons(kkey->key_class); - dnskey.rk.flags = 0; - dnskey.rk.dname = kkey->name; - dnskey.rk.dname_len = kkey->namelen; - dnskey.entry.key = &dnskey; - dnskey.entry.data = kd->rrset_data; - sec = val_verify_rrset(env, ve, rrset, &dnskey, kd->algo, reason); - return sec; -} - -/** verify that a DS RR hashes to a key and that key signs the set */ -static enum sec_status -verify_dnskeys_with_ds_rr(struct module_env* env, struct val_env* ve, - struct ub_packed_rrset_key* dnskey_rrset, - struct ub_packed_rrset_key* ds_rrset, size_t ds_idx, char** reason) -{ - enum sec_status sec = sec_status_bogus; - size_t i, num, numchecked = 0, numhashok = 0; - num = rrset_get_count(dnskey_rrset); - for(i=0; i digest_algo) - digest_algo = d; - } - return digest_algo; -} - -enum sec_status -val_verify_DNSKEY_with_DS(struct module_env* env, struct val_env* ve, - struct ub_packed_rrset_key* dnskey_rrset, - struct ub_packed_rrset_key* ds_rrset, uint8_t* sigalg, char** reason) -{ - /* as long as this is false, we can consider this DS rrset to be - * equivalent to no DS rrset. */ - int has_useful_ds = 0, digest_algo, alg; - struct algo_needs needs; - size_t i, num; - enum sec_status sec; - - if(dnskey_rrset->rk.dname_len != ds_rrset->rk.dname_len || - query_dname_compare(dnskey_rrset->rk.dname, ds_rrset->rk.dname) - != 0) { - verbose(VERB_QUERY, "DNSKEY RRset did not match DS RRset " - "by name"); - *reason = "DNSKEY RRset did not match DS RRset by name"; - return sec_status_bogus; - } - - if(sigalg) { - /* harden against algo downgrade is enabled */ - digest_algo = val_favorite_ds_algo(ds_rrset); - algo_needs_init_ds(&needs, ds_rrset, digest_algo, sigalg); - } else { - /* accept any key algo, any digest algo */ - digest_algo = -1; - } - num = rrset_get_count(ds_rrset); - for(i=0; irk.dname, ds_rrset->rk.dname_len, - ntohs(ds_rrset->rk.rrset_class), dnskey_rrset, - downprot?sigalg:NULL, *env->now); - } else if(sec == sec_status_insecure) { - return key_entry_create_null(region, ds_rrset->rk.dname, - ds_rrset->rk.dname_len, - ntohs(ds_rrset->rk.rrset_class), - rrset_get_ttl(ds_rrset), *env->now); - } - return key_entry_create_bad(region, ds_rrset->rk.dname, - ds_rrset->rk.dname_len, ntohs(ds_rrset->rk.rrset_class), - BOGUS_KEY_TTL, *env->now); -} - -enum sec_status -val_verify_DNSKEY_with_TA(struct module_env* env, struct val_env* ve, - struct ub_packed_rrset_key* dnskey_rrset, - struct ub_packed_rrset_key* ta_ds, - struct ub_packed_rrset_key* ta_dnskey, uint8_t* sigalg, char** reason) -{ - /* as long as this is false, we can consider this anchor to be - * equivalent to no anchor. */ - int has_useful_ta = 0, digest_algo = 0, alg; - struct algo_needs needs; - size_t i, num; - enum sec_status sec; - - if(ta_ds && (dnskey_rrset->rk.dname_len != ta_ds->rk.dname_len || - query_dname_compare(dnskey_rrset->rk.dname, ta_ds->rk.dname) - != 0)) { - verbose(VERB_QUERY, "DNSKEY RRset did not match DS RRset " - "by name"); - *reason = "DNSKEY RRset did not match DS RRset by name"; - return sec_status_bogus; - } - if(ta_dnskey && (dnskey_rrset->rk.dname_len != ta_dnskey->rk.dname_len - || query_dname_compare(dnskey_rrset->rk.dname, ta_dnskey->rk.dname) - != 0)) { - verbose(VERB_QUERY, "DNSKEY RRset did not match anchor RRset " - "by name"); - *reason = "DNSKEY RRset did not match anchor RRset by name"; - return sec_status_bogus; - } - - if(ta_ds) - digest_algo = val_favorite_ds_algo(ta_ds); - if(sigalg) { - if(ta_ds) - algo_needs_init_ds(&needs, ta_ds, digest_algo, sigalg); - else memset(&needs, 0, sizeof(needs)); - if(ta_dnskey) - algo_needs_init_dnskey_add(&needs, ta_dnskey, sigalg); - } - if(ta_ds) { - num = rrset_get_count(ta_ds); - for(i=0; irk.dname, dnskey_rrset->rk.dname_len, - ntohs(dnskey_rrset->rk.rrset_class), dnskey_rrset, - downprot?sigalg:NULL, *env->now); - } else if(sec == sec_status_insecure) { - return key_entry_create_null(region, dnskey_rrset->rk.dname, - dnskey_rrset->rk.dname_len, - ntohs(dnskey_rrset->rk.rrset_class), - rrset_get_ttl(dnskey_rrset), *env->now); - } - return key_entry_create_bad(region, dnskey_rrset->rk.dname, - dnskey_rrset->rk.dname_len, ntohs(dnskey_rrset->rk.rrset_class), - BOGUS_KEY_TTL, *env->now); -} - -int -val_dsset_isusable(struct ub_packed_rrset_key* ds_rrset) -{ - size_t i; - for(i=0; iname); - else snprintf(herr, sizeof(herr), "%d", - (int)ds_get_digest_algo(ds_rrset, i)); - lt = sldns_lookup_by_id(sldns_algorithms, - (int)ds_get_key_algo(ds_rrset, i)); - if(lt) snprintf(aerr, sizeof(aerr), "%s", lt->name); - else snprintf(aerr, sizeof(aerr), "%d", - (int)ds_get_key_algo(ds_rrset, i)); - verbose(VERB_ALGO, "DS unsupported, hash %s %s, " - "key algorithm %s %s", herr, - (ds_digest_algo_is_supported(ds_rrset, 0)? - "(supported)":"(unsupported)"), aerr, - (ds_key_algo_is_supported(ds_rrset, 0)? - "(supported)":"(unsupported)")); - } - return 0; -} - -/** get label count for a signature */ -static uint8_t -rrsig_get_labcount(struct packed_rrset_data* d, size_t sig) -{ - if(d->rr_len[sig] < 2+4) - return 0; /* bad sig length */ - return d->rr_data[sig][2+3]; -} - -int -val_rrset_wildcard(struct ub_packed_rrset_key* rrset, uint8_t** wc) -{ - struct packed_rrset_data* d = (struct packed_rrset_data*)rrset-> - entry.data; - uint8_t labcount; - int labdiff; - uint8_t* wn; - size_t i, wl; - if(d->rrsig_count == 0) { - return 1; - } - labcount = rrsig_get_labcount(d, d->count + 0); - /* check rest of signatures identical */ - for(i=1; irrsig_count; i++) { - if(labcount != rrsig_get_labcount(d, d->count + i)) { - return 0; - } - } - /* OK the rrsigs check out */ - /* if the RRSIG label count is shorter than the number of actual - * labels, then this rrset was synthesized from a wildcard. - * Note that the RRSIG label count doesn't count the root label. */ - wn = rrset->rk.dname; - wl = rrset->rk.dname_len; - /* skip a leading wildcard label in the dname (RFC4035 2.2) */ - if(dname_is_wild(wn)) { - wn += 2; - wl -= 2; - } - labdiff = (dname_count_labels(wn) - 1) - (int)labcount; - if(labdiff > 0) { - *wc = wn; - dname_remove_labels(wc, &wl, labdiff); - return 1; - } - return 1; -} - -int -val_chase_cname(struct query_info* qchase, struct reply_info* rep, - size_t* cname_skip) { - size_t i; - /* skip any DNAMEs, go to the CNAME for next part */ - for(i = *cname_skip; i < rep->an_numrrsets; i++) { - if(ntohs(rep->rrsets[i]->rk.type) == LDNS_RR_TYPE_CNAME && - query_dname_compare(qchase->qname, rep->rrsets[i]-> - rk.dname) == 0) { - qchase->qname = NULL; - get_cname_target(rep->rrsets[i], &qchase->qname, - &qchase->qname_len); - if(!qchase->qname) - return 0; /* bad CNAME rdata */ - (*cname_skip) = i+1; - return 1; - } - } - return 0; /* CNAME classified but no matching CNAME ?! */ -} - -/** see if rrset has signer name as one of the rrsig signers */ -static int -rrset_has_signer(struct ub_packed_rrset_key* rrset, uint8_t* name, size_t len) -{ - struct packed_rrset_data* d = (struct packed_rrset_data*)rrset-> - entry.data; - size_t i; - for(i = d->count; i< d->count+d->rrsig_count; i++) { - if(d->rr_len[i] > 2+18+len) { - /* at least rdatalen + signature + signame (+1 sig)*/ - if(!dname_valid(d->rr_data[i]+2+18, d->rr_len[i]-2-18)) - continue; - if(query_dname_compare(name, d->rr_data[i]+2+18) == 0) - { - return 1; - } - } - } - return 0; -} - -void -val_fill_reply(struct reply_info* chase, struct reply_info* orig, - size_t skip, uint8_t* name, size_t len, uint8_t* signer) -{ - size_t i; - int seen_dname = 0; - chase->rrset_count = 0; - chase->an_numrrsets = 0; - chase->ns_numrrsets = 0; - chase->ar_numrrsets = 0; - /* ANSWER section */ - for(i=skip; ian_numrrsets; i++) { - if(!signer) { - if(query_dname_compare(name, - orig->rrsets[i]->rk.dname) == 0) - chase->rrsets[chase->an_numrrsets++] = - orig->rrsets[i]; - } else if(seen_dname && ntohs(orig->rrsets[i]->rk.type) == - LDNS_RR_TYPE_CNAME) { - chase->rrsets[chase->an_numrrsets++] = orig->rrsets[i]; - seen_dname = 0; - } else if(rrset_has_signer(orig->rrsets[i], name, len)) { - chase->rrsets[chase->an_numrrsets++] = orig->rrsets[i]; - if(ntohs(orig->rrsets[i]->rk.type) == - LDNS_RR_TYPE_DNAME) { - seen_dname = 1; - } - } - } - /* AUTHORITY section */ - for(i = (skip > orig->an_numrrsets)?skip:orig->an_numrrsets; - ian_numrrsets+orig->ns_numrrsets; - i++) { - if(!signer) { - if(query_dname_compare(name, - orig->rrsets[i]->rk.dname) == 0) - chase->rrsets[chase->an_numrrsets+ - chase->ns_numrrsets++] = orig->rrsets[i]; - } else if(rrset_has_signer(orig->rrsets[i], name, len)) { - chase->rrsets[chase->an_numrrsets+ - chase->ns_numrrsets++] = orig->rrsets[i]; - } - } - /* ADDITIONAL section */ - for(i= (skip>orig->an_numrrsets+orig->ns_numrrsets)? - skip:orig->an_numrrsets+orig->ns_numrrsets; - irrset_count; i++) { - if(!signer) { - if(query_dname_compare(name, - orig->rrsets[i]->rk.dname) == 0) - chase->rrsets[chase->an_numrrsets - +orig->ns_numrrsets+chase->ar_numrrsets++] - = orig->rrsets[i]; - } else if(rrset_has_signer(orig->rrsets[i], name, len)) { - chase->rrsets[chase->an_numrrsets+orig->ns_numrrsets+ - chase->ar_numrrsets++] = orig->rrsets[i]; - } - } - chase->rrset_count = chase->an_numrrsets + chase->ns_numrrsets + - chase->ar_numrrsets; -} - -void val_reply_remove_auth(struct reply_info* rep, size_t index) -{ - log_assert(index < rep->rrset_count); - log_assert(index >= rep->an_numrrsets); - log_assert(index < rep->an_numrrsets+rep->ns_numrrsets); - memmove(rep->rrsets+index, rep->rrsets+index+1, - sizeof(struct ub_packed_rrset_key*)* - (rep->rrset_count - index - 1)); - rep->ns_numrrsets--; - rep->rrset_count--; -} - -void -val_check_nonsecure(struct val_env* ve, struct reply_info* rep) -{ - size_t i; - /* authority */ - for(i=rep->an_numrrsets; ian_numrrsets+rep->ns_numrrsets; i++) { - if(((struct packed_rrset_data*)rep->rrsets[i]->entry.data) - ->security != sec_status_secure) { - /* because we want to return the authentic original - * message when presented with CD-flagged queries, - * we need to preserve AUTHORITY section data. - * However, this rrset is not signed or signed - * with the wrong keys. Validation has tried to - * verify this rrset with the keysets of import. - * But this rrset did not verify. - * Therefore the message is bogus. - */ - - /* check if authority consists of only an NS record - * which is bad, and there is an answer section with - * data. In that case, delete NS and additional to - * be lenient and make a minimal response */ - if(rep->an_numrrsets != 0 && rep->ns_numrrsets == 1 && - ntohs(rep->rrsets[i]->rk.type) - == LDNS_RR_TYPE_NS) { - verbose(VERB_ALGO, "truncate to minimal"); - rep->ns_numrrsets = 0; - rep->ar_numrrsets = 0; - rep->rrset_count = rep->an_numrrsets; - return; - } - - log_nametypeclass(VERB_QUERY, "message is bogus, " - "non secure rrset", - rep->rrsets[i]->rk.dname, - ntohs(rep->rrsets[i]->rk.type), - ntohs(rep->rrsets[i]->rk.rrset_class)); - rep->security = sec_status_bogus; - return; - } - } - /* additional */ - if(!ve->clean_additional) - return; - for(i=rep->an_numrrsets+rep->ns_numrrsets; irrset_count; i++) { - if(((struct packed_rrset_data*)rep->rrsets[i]->entry.data) - ->security != sec_status_secure) { - /* This does not cause message invalidation. It was - * simply unsigned data in the additional. The - * RRSIG must have been truncated off the message. - * - * However, we do not want to return possible bogus - * data to clients that rely on this service for - * their authentication. - */ - /* remove this unneeded additional rrset */ - memmove(rep->rrsets+i, rep->rrsets+i+1, - sizeof(struct ub_packed_rrset_key*)* - (rep->rrset_count - i - 1)); - rep->ar_numrrsets--; - rep->rrset_count--; - i--; - } - } -} - -/** check no anchor and unlock */ -static int -check_no_anchor(struct val_anchors* anchors, uint8_t* nm, size_t l, uint16_t c) -{ - struct trust_anchor* ta; - if((ta=anchors_lookup(anchors, nm, l, c))) { - lock_basic_unlock(&ta->lock); - } - return !ta; -} - -void -val_mark_indeterminate(struct reply_info* rep, struct val_anchors* anchors, - struct rrset_cache* r, struct module_env* env) -{ - size_t i; - struct packed_rrset_data* d; - for(i=0; irrset_count; i++) { - d = (struct packed_rrset_data*)rep->rrsets[i]->entry.data; - if(d->security == sec_status_unchecked && - check_no_anchor(anchors, rep->rrsets[i]->rk.dname, - rep->rrsets[i]->rk.dname_len, - ntohs(rep->rrsets[i]->rk.rrset_class))) - { - /* mark as indeterminate */ - d->security = sec_status_indeterminate; - rrset_update_sec_status(r, rep->rrsets[i], *env->now); - } - } -} - -void -val_mark_insecure(struct reply_info* rep, uint8_t* kname, - struct rrset_cache* r, struct module_env* env) -{ - size_t i; - struct packed_rrset_data* d; - for(i=0; irrset_count; i++) { - d = (struct packed_rrset_data*)rep->rrsets[i]->entry.data; - if(d->security == sec_status_unchecked && - dname_subdomain_c(rep->rrsets[i]->rk.dname, kname)) { - /* mark as insecure */ - d->security = sec_status_insecure; - rrset_update_sec_status(r, rep->rrsets[i], *env->now); - } - } -} - -size_t -val_next_unchecked(struct reply_info* rep, size_t skip) -{ - size_t i; - struct packed_rrset_data* d; - for(i=skip+1; irrset_count; i++) { - d = (struct packed_rrset_data*)rep->rrsets[i]->entry.data; - if(d->security == sec_status_unchecked) { - return i; - } - } - return rep->rrset_count; -} - -const char* -val_classification_to_string(enum val_classification subtype) -{ - switch(subtype) { - case VAL_CLASS_UNTYPED: return "untyped"; - case VAL_CLASS_UNKNOWN: return "unknown"; - case VAL_CLASS_POSITIVE: return "positive"; - case VAL_CLASS_CNAME: return "cname"; - case VAL_CLASS_NODATA: return "nodata"; - case VAL_CLASS_NAMEERROR: return "nameerror"; - case VAL_CLASS_CNAMENOANSWER: return "cnamenoanswer"; - case VAL_CLASS_REFERRAL: return "referral"; - case VAL_CLASS_ANY: return "qtype_any"; - default: - return "bad_val_classification"; - } -} - -/** log a sock_list entry */ -static void -sock_list_logentry(enum verbosity_value v, const char* s, struct sock_list* p) -{ - if(p->len) - log_addr(v, s, &p->addr, p->len); - else verbose(v, "%s cache", s); -} - -void val_blacklist(struct sock_list** blacklist, struct regional* region, - struct sock_list* origin, int cross) -{ - /* debug printout */ - if(verbosity >= VERB_ALGO) { - struct sock_list* p; - for(p=*blacklist; p; p=p->next) - sock_list_logentry(VERB_ALGO, "blacklist", p); - if(!origin) - verbose(VERB_ALGO, "blacklist add: cache"); - for(p=origin; p; p=p->next) - sock_list_logentry(VERB_ALGO, "blacklist add", p); - } - /* blacklist the IPs or the cache */ - if(!origin) { - /* only add if nothing there. anything else also stops cache*/ - if(!*blacklist) - sock_list_insert(blacklist, NULL, 0, region); - } else if(!cross) - sock_list_prepend(blacklist, origin); - else sock_list_merge(blacklist, region, origin); -} - -int val_has_signed_nsecs(struct reply_info* rep, char** reason) -{ - size_t i, num_nsec = 0, num_nsec3 = 0; - struct packed_rrset_data* d; - for(i=rep->an_numrrsets; ian_numrrsets+rep->ns_numrrsets; i++) { - if(rep->rrsets[i]->rk.type == htons(LDNS_RR_TYPE_NSEC)) - num_nsec++; - else if(rep->rrsets[i]->rk.type == htons(LDNS_RR_TYPE_NSEC3)) - num_nsec3++; - else continue; - d = (struct packed_rrset_data*)rep->rrsets[i]->entry.data; - if(d && d->rrsig_count != 0) { - return 1; - } - } - if(num_nsec == 0 && num_nsec3 == 0) - *reason = "no DNSSEC records"; - else if(num_nsec != 0) - *reason = "no signatures over NSECs"; - else *reason = "no signatures over NSEC3s"; - return 0; -} - -struct dns_msg* -val_find_DS(struct module_env* env, uint8_t* nm, size_t nmlen, uint16_t c, - struct regional* region, uint8_t* topname) -{ - struct dns_msg* msg; - struct query_info qinfo; - struct ub_packed_rrset_key *rrset = rrset_cache_lookup( - env->rrset_cache, nm, nmlen, LDNS_RR_TYPE_DS, c, 0, - *env->now, 0); - if(rrset) { - /* DS rrset exists. Return it to the validator immediately*/ - struct ub_packed_rrset_key* copy = packed_rrset_copy_region( - rrset, region, *env->now); - lock_rw_unlock(&rrset->entry.lock); - if(!copy) - return NULL; - msg = dns_msg_create(nm, nmlen, LDNS_RR_TYPE_DS, c, region, 1); - if(!msg) - return NULL; - msg->rep->rrsets[0] = copy; - msg->rep->rrset_count++; - msg->rep->an_numrrsets++; - return msg; - } - /* lookup in rrset and negative cache for NSEC/NSEC3 */ - qinfo.qname = nm; - qinfo.qname_len = nmlen; - qinfo.qtype = LDNS_RR_TYPE_DS; - qinfo.qclass = c; - qinfo.local_alias = NULL; - /* do not add SOA to reply message, it is going to be used internal */ - msg = val_neg_getmsg(env->neg_cache, &qinfo, region, env->rrset_cache, - env->scratch_buffer, *env->now, 0, topname); - return msg; -} diff --git a/external/unbound/validator/val_utils.h b/external/unbound/validator/val_utils.h deleted file mode 100644 index 051824aba..000000000 --- a/external/unbound/validator/val_utils.h +++ /dev/null @@ -1,410 +0,0 @@ -/* - * validator/val_utils.h - validator utility functions. - * - * Copyright (c) 2007, NLnet Labs. All rights reserved. - * - * This software is open source. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * Redistributions of source code must retain the above copyright notice, - * this list of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, - * this list of conditions and the following disclaimer in the documentation - * and/or other materials provided with the distribution. - * - * Neither the name of the NLNET LABS nor the names of its contributors may - * be used to endorse or promote products derived from this software without - * specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR - * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT - * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED - * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR - * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF - * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING - * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -/** - * \file - * - * This file contains helper functions for the validator module. - */ - -#ifndef VALIDATOR_VAL_UTILS_H -#define VALIDATOR_VAL_UTILS_H -#include "util/data/packed_rrset.h" -struct query_info; -struct reply_info; -struct val_env; -struct module_env; -struct ub_packed_rrset_key; -struct key_entry_key; -struct regional; -struct val_anchors; -struct rrset_cache; -struct sock_list; - -/** - * Response classifications for the validator. The different types of proofs. - */ -enum val_classification { - /** Not subtyped yet. */ - VAL_CLASS_UNTYPED = 0, - /** Not a recognized subtype. */ - VAL_CLASS_UNKNOWN, - /** A positive, direct, response */ - VAL_CLASS_POSITIVE, - /** A positive response, with a CNAME/DNAME chain. */ - VAL_CLASS_CNAME, - /** A NOERROR/NODATA response. */ - VAL_CLASS_NODATA, - /** A NXDOMAIN response. */ - VAL_CLASS_NAMEERROR, - /** A CNAME/DNAME chain, and the offset is at the end of it, - * but there is no answer here, it can be NAMERROR or NODATA. */ - VAL_CLASS_CNAMENOANSWER, - /** A referral, from cache with a nonRD query. */ - VAL_CLASS_REFERRAL, - /** A response to a qtype=ANY query. */ - VAL_CLASS_ANY -}; - -/** - * Given a response, classify ANSWER responses into a subtype. - * @param query_flags: query flags for the original query. - * @param origqinf: query info. The original query name. - * @param qinf: query info. The chased query name. - * @param rep: response. The original response. - * @param skip: offset into the original response answer section. - * @return A subtype, all values possible except UNTYPED . - * Once CNAME type is returned you can increase skip. - * Then, another CNAME type, CNAME_NOANSWER or POSITIVE are possible. - */ -enum val_classification val_classify_response(uint16_t query_flags, - struct query_info* origqinf, struct query_info* qinf, - struct reply_info* rep, size_t skip); - -/** - * Given a response, determine the name of the "signer". This is primarily - * to determine if the response is, in fact, signed at all, and, if so, what - * is the name of the most pertinent keyset. - * - * @param subtype: the type from classify. - * @param qinf: query, the chased query name. - * @param rep: response to that, original response. - * @param cname_skip: how many answer rrsets have been skipped due to CNAME - * chains being chased around. - * @param signer_name: signer name, if the response is signed - * (even partially), or null if the response isn't signed. - * @param signer_len: length of signer_name of 0 if signer_name is NULL. - */ -void val_find_signer(enum val_classification subtype, - struct query_info* qinf, struct reply_info* rep, - size_t cname_skip, uint8_t** signer_name, size_t* signer_len); - -/** - * Verify RRset with keys - * @param env: module environment (scratch buffer) - * @param ve: validator environment (verification settings) - * @param rrset: what to verify - * @param keys: dnskey rrset to verify with. - * @param sigalg: if nonNULL provide downgrade protection otherwise one - * algorithm is enough. Algo list is constructed in here. - * @param reason: reason of failure. Fixed string or alloced in scratch. - * @return security status of verification. - */ -enum sec_status val_verify_rrset(struct module_env* env, struct val_env* ve, - struct ub_packed_rrset_key* rrset, struct ub_packed_rrset_key* keys, - uint8_t* sigalg, char** reason); - -/** - * Verify RRset with keys from a keyset. - * @param env: module environment (scratch buffer) - * @param ve: validator environment (verification settings) - * @param rrset: what to verify - * @param kkey: key_entry to verify with. - * @param reason: reason of failure. Fixed string or alloced in scratch. - * @return security status of verification. - */ -enum sec_status val_verify_rrset_entry(struct module_env* env, - struct val_env* ve, struct ub_packed_rrset_key* rrset, - struct key_entry_key* kkey, char** reason); - -/** - * Verify DNSKEYs with DS rrset. Like val_verify_new_DNSKEYs but - * returns a sec_status instead of a key_entry. - * @param env: module environment (scratch buffer) - * @param ve: validator environment (verification settings) - * @param dnskey_rrset: DNSKEY rrset to verify - * @param ds_rrset: DS rrset to verify with. - * @param sigalg: if nonNULL provide downgrade protection otherwise one - * algorithm is enough. The list of signalled algorithms is returned, - * must have enough space for ALGO_NEEDS_MAX+1. - * @param reason: reason of failure. Fixed string or alloced in scratch. - * @return: sec_status_secure if a DS matches. - * sec_status_insecure if end of trust (i.e., unknown algorithms). - * sec_status_bogus if it fails. - */ -enum sec_status val_verify_DNSKEY_with_DS(struct module_env* env, - struct val_env* ve, struct ub_packed_rrset_key* dnskey_rrset, - struct ub_packed_rrset_key* ds_rrset, uint8_t* sigalg, char** reason); - -/** - * Verify DNSKEYs with DS and DNSKEY rrset. Like val_verify_DNSKEY_with_DS - * but for a trust anchor. - * @param env: module environment (scratch buffer) - * @param ve: validator environment (verification settings) - * @param dnskey_rrset: DNSKEY rrset to verify - * @param ta_ds: DS rrset to verify with. - * @param ta_dnskey: DNSKEY rrset to verify with. - * @param sigalg: if nonNULL provide downgrade protection otherwise one - * algorithm is enough. The list of signalled algorithms is returned, - * must have enough space for ALGO_NEEDS_MAX+1. - * @param reason: reason of failure. Fixed string or alloced in scratch. - * @return: sec_status_secure if a DS matches. - * sec_status_insecure if end of trust (i.e., unknown algorithms). - * sec_status_bogus if it fails. - */ -enum sec_status val_verify_DNSKEY_with_TA(struct module_env* env, - struct val_env* ve, struct ub_packed_rrset_key* dnskey_rrset, - struct ub_packed_rrset_key* ta_ds, - struct ub_packed_rrset_key* ta_dnskey, uint8_t* sigalg, char** reason); - -/** - * Verify new DNSKEYs with DS rrset. The DS contains hash values that should - * match the DNSKEY keys. - * match the DS to a DNSKEY and verify the DNSKEY rrset with that key. - * - * @param region: where to allocate key entry result. - * @param env: module environment (scratch buffer) - * @param ve: validator environment (verification settings) - * @param dnskey_rrset: DNSKEY rrset to verify - * @param ds_rrset: DS rrset to verify with. - * @param downprot: if true provide downgrade protection otherwise one - * algorithm is enough. - * @param reason: reason of failure. Fixed string or alloced in scratch. - * @return a KeyEntry. This will either contain the now trusted - * dnskey_rrset, a "null" key entry indicating that this DS - * rrset/DNSKEY pair indicate an secure end to the island of trust - * (i.e., unknown algorithms), or a "bad" KeyEntry if the dnskey - * rrset fails to verify. Note that the "null" response should - * generally only occur in a private algorithm scenario: normally - * this sort of thing is checked before fetching the matching DNSKEY - * rrset. - * if downprot is set, a key entry with an algo list is made. - */ -struct key_entry_key* val_verify_new_DNSKEYs(struct regional* region, - struct module_env* env, struct val_env* ve, - struct ub_packed_rrset_key* dnskey_rrset, - struct ub_packed_rrset_key* ds_rrset, int downprot, char** reason); - - -/** - * Verify rrset with trust anchor: DS and DNSKEY rrset. - * - * @param region: where to allocate key entry result. - * @param env: module environment (scratch buffer) - * @param ve: validator environment (verification settings) - * @param dnskey_rrset: DNSKEY rrset to verify - * @param ta_ds_rrset: DS rrset to verify with. - * @param ta_dnskey_rrset: the DNSKEY rrset to verify with. - * @param downprot: if true provide downgrade protection otherwise one - * algorithm is enough. - * @param reason: reason of failure. Fixed string or alloced in scratch. - * @return a KeyEntry. This will either contain the now trusted - * dnskey_rrset, a "null" key entry indicating that this DS - * rrset/DNSKEY pair indicate an secure end to the island of trust - * (i.e., unknown algorithms), or a "bad" KeyEntry if the dnskey - * rrset fails to verify. Note that the "null" response should - * generally only occur in a private algorithm scenario: normally - * this sort of thing is checked before fetching the matching DNSKEY - * rrset. - * if downprot is set, a key entry with an algo list is made. - */ -struct key_entry_key* val_verify_new_DNSKEYs_with_ta(struct regional* region, - struct module_env* env, struct val_env* ve, - struct ub_packed_rrset_key* dnskey_rrset, - struct ub_packed_rrset_key* ta_ds_rrset, - struct ub_packed_rrset_key* ta_dnskey_rrset, - int downprot, char** reason); - -/** - * Determine if DS rrset is usable for validator or not. - * Returns true if the algorithms for key and DShash are supported, - * for at least one RR. - * - * @param ds_rrset: the newly received DS rrset. - * @return true or false if not usable. - */ -int val_dsset_isusable(struct ub_packed_rrset_key* ds_rrset); - -/** - * Determine by looking at a signed RRset whether or not the RRset name was - * the result of a wildcard expansion. If so, return the name of the - * generating wildcard. - * - * @param rrset The rrset to chedck. - * @param wc: the wildcard name, if the rrset was synthesized from a wildcard. - * unchanged if not. The wildcard name, without "*." in front, is - * returned. This is a pointer into the rrset owner name. - * @return false if the signatures are inconsistent in indicating the - * wildcard status; possible spoofing of wildcard response for other - * responses is being tried. We lost the status which rrsig was verified - * after the verification routine finished, so we simply check if - * the signatures are consistent; inserting a fake signature is a denial - * of service; but in that you could also have removed the real - * signature anyway. - */ -int val_rrset_wildcard(struct ub_packed_rrset_key* rrset, uint8_t** wc); - -/** - * Chase the cname to the next query name. - * @param qchase: the current query name, updated to next target. - * @param rep: original message reply to look at CNAMEs. - * @param cname_skip: the skip into the answer section. Updated to skip - * DNAME and CNAME to the next part of the answer. - * @return false on error (bad rdata). - */ -int val_chase_cname(struct query_info* qchase, struct reply_info* rep, - size_t* cname_skip); - -/** - * Fill up the chased reply with the content from the original reply; - * as pointers to those rrsets. Select the part after the cname_skip into - * the answer section, NS and AR sections that are signed with same signer. - * - * @param chase: chased reply, filled up. - * @param orig: original reply. - * @param cname_skip: which part of the answer section to skip. - * The skipped part contains CNAME(and DNAME)s that have been chased. - * @param name: the signer name to look for. - * @param len: length of name. - * @param signer: signer name or NULL if an unsigned RRset is considered. - * If NULL, rrsets with the lookup name are copied over. - */ -void val_fill_reply(struct reply_info* chase, struct reply_info* orig, - size_t cname_skip, uint8_t* name, size_t len, uint8_t* signer); - -/** - * Remove rrset with index from reply, from the authority section. - * @param rep: reply to remove it from. - * @param index: rrset to remove, must be in the authority section. - */ -void val_reply_remove_auth(struct reply_info* rep, size_t index); - -/** - * Remove all unsigned or non-secure status rrsets from NS and AR sections. - * So that unsigned data does not get let through to clients, when we have - * found the data to be secure. - * - * @param ve: validator environment with cleaning options. - * @param rep: reply to dump all nonsecure stuff out of. - */ -void val_check_nonsecure(struct val_env* ve, struct reply_info* rep); - -/** - * Mark all unchecked rrset entries not below a trust anchor as indeterminate. - * Only security==unchecked rrsets are updated. - * @param rep: the reply with rrsets. - * @param anchors: the trust anchors. - * @param r: rrset cache to store updated security status into. - * @param env: module environment - */ -void val_mark_indeterminate(struct reply_info* rep, - struct val_anchors* anchors, struct rrset_cache* r, - struct module_env* env); - -/** - * Mark all unchecked rrset entries below a NULL key entry as insecure. - * Only security==unchecked rrsets are updated. - * @param rep: the reply with rrsets. - * @param kname: end of secure space name. - * @param r: rrset cache to store updated security status into. - * @param env: module environment - */ -void val_mark_insecure(struct reply_info* rep, uint8_t* kname, - struct rrset_cache* r, struct module_env* env); - -/** - * Find next unchecked rrset position, return it for skip. - * @param rep: the original reply to look into. - * @param skip: the skip now. - * @return new skip, which may be at the rep->rrset_count position to signal - * there are no unchecked items. - */ -size_t val_next_unchecked(struct reply_info* rep, size_t skip); - -/** - * Find the signer name for an RRset. - * @param rrset: the rrset. - * @param sname: signer name is returned or NULL if not signed. - * @param slen: length of sname (or 0). - */ -void val_find_rrset_signer(struct ub_packed_rrset_key* rrset, uint8_t** sname, - size_t* slen); - -/** - * Get string to denote the classification result. - * @param subtype: from classification function. - * @return static string to describe the classification. - */ -const char* val_classification_to_string(enum val_classification subtype); - -/** - * Add existing list to blacklist. - * @param blacklist: the blacklist with result - * @param region: the region where blacklist is allocated. - * Allocation failures are logged. - * @param origin: origin list to add, if NULL, a cache-entry is added to - * the blacklist to stop cache from being used. - * @param cross: if true this is a cross-qstate copy, and the 'origin' - * list is not allocated in the same region as the blacklist. - */ -void val_blacklist(struct sock_list** blacklist, struct regional* region, - struct sock_list* origin, int cross); - -/** - * check if has dnssec info, and if it has signed nsecs. gives error reason. - * @param rep: reply to check. - * @param reason: returned on fail. - * @return false if message has no signed nsecs. Can not prove negatives. - */ -int val_has_signed_nsecs(struct reply_info* rep, char** reason); - -/** - * Return algo number for favorite (best) algorithm that we support in DS. - * @param ds_rrset: the DSes in this rrset are inspected and best algo chosen. - * @return algo number or 0 if none supported. 0 is unused as algo number. - */ -int val_favorite_ds_algo(struct ub_packed_rrset_key* ds_rrset); - -/** - * Find DS denial message in cache. Saves new qstate allocation and allows - * the validator to use partial content which is not enough to construct a - * message for network (or user) consumption. Without SOA for example, - * which is a common occurrence in the unbound code since the referrals contain - * NSEC/NSEC3 rrs without the SOA element, thus do not allow synthesis of a - * full negative reply, but do allow synthesis of sufficient proof. - * @param env: query env with caches and time. - * @param nm: name of DS record sought. - * @param nmlen: length of name. - * @param c: class of DS RR. - * @param region: where to allocate result. - * @param topname: name of the key that is currently in use, that will get - * used to validate the result, and thus no higher entries from the - * negative cache need to be examined. - * @return a dns_msg on success. NULL on failure. - */ -struct dns_msg* val_find_DS(struct module_env* env, uint8_t* nm, size_t nmlen, - uint16_t c, struct regional* region, uint8_t* topname); - -#endif /* VALIDATOR_VAL_UTILS_H */ diff --git a/external/unbound/validator/validator.c b/external/unbound/validator/validator.c deleted file mode 100644 index 81ba5fa17..000000000 --- a/external/unbound/validator/validator.c +++ /dev/null @@ -1,3079 +0,0 @@ -/* - * validator/validator.c - secure validator DNS query response module - * - * Copyright (c) 2007, NLnet Labs. All rights reserved. - * - * This software is open source. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * Redistributions of source code must retain the above copyright notice, - * this list of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, - * this list of conditions and the following disclaimer in the documentation - * and/or other materials provided with the distribution. - * - * Neither the name of the NLNET LABS nor the names of its contributors may - * be used to endorse or promote products derived from this software without - * specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR - * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT - * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED - * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR - * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF - * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING - * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -/** - * \file - * - * This file contains a module that performs validation of DNS queries. - * According to RFC 4034. - */ -#include "config.h" -#include "validator/validator.h" -#include "validator/val_anchor.h" -#include "validator/val_kcache.h" -#include "validator/val_kentry.h" -#include "validator/val_utils.h" -#include "validator/val_nsec.h" -#include "validator/val_nsec3.h" -#include "validator/val_neg.h" -#include "validator/val_sigcrypt.h" -#include "validator/autotrust.h" -#include "services/cache/dns.h" -#include "util/data/dname.h" -#include "util/module.h" -#include "util/log.h" -#include "util/net_help.h" -#include "util/regional.h" -#include "util/config_file.h" -#include "util/fptr_wlist.h" -#include "sldns/rrdef.h" -#include "sldns/wire2str.h" - -/* forward decl for cache response and normal super inform calls of a DS */ -static void process_ds_response(struct module_qstate* qstate, - struct val_qstate* vq, int id, int rcode, struct dns_msg* msg, - struct query_info* qinfo, struct sock_list* origin); - -/** fill up nsec3 key iterations config entry */ -static int -fill_nsec3_iter(struct val_env* ve, char* s, int c) -{ - char* e; - int i; - free(ve->nsec3_keysize); - free(ve->nsec3_maxiter); - ve->nsec3_keysize = (size_t*)calloc(sizeof(size_t), (size_t)c); - ve->nsec3_maxiter = (size_t*)calloc(sizeof(size_t), (size_t)c); - if(!ve->nsec3_keysize || !ve->nsec3_maxiter) { - log_err("out of memory"); - return 0; - } - for(i=0; insec3_keysize[i] = (size_t)strtol(s, &e, 10); - if(s == e) { - log_err("cannot parse: %s", s); - return 0; - } - s = e; - ve->nsec3_maxiter[i] = (size_t)strtol(s, &e, 10); - if(s == e) { - log_err("cannot parse: %s", s); - return 0; - } - s = e; - if(i>0 && ve->nsec3_keysize[i-1] >= ve->nsec3_keysize[i]) { - log_err("nsec3 key iterations not ascending: %d %d", - (int)ve->nsec3_keysize[i-1], - (int)ve->nsec3_keysize[i]); - return 0; - } - verbose(VERB_ALGO, "validator nsec3cfg keysz %d mxiter %d", - (int)ve->nsec3_keysize[i], (int)ve->nsec3_maxiter[i]); - } - return 1; -} - -/** apply config settings to validator */ -static int -val_apply_cfg(struct module_env* env, struct val_env* val_env, - struct config_file* cfg) -{ - int c; - val_env->bogus_ttl = (uint32_t)cfg->bogus_ttl; - val_env->clean_additional = cfg->val_clean_additional; - val_env->permissive_mode = cfg->val_permissive_mode; - if(!env->anchors) - env->anchors = anchors_create(); - if(!env->anchors) { - log_err("out of memory"); - return 0; - } - if(!val_env->kcache) - val_env->kcache = key_cache_create(cfg); - if(!val_env->kcache) { - log_err("out of memory"); - return 0; - } - env->key_cache = val_env->kcache; - if(!anchors_apply_cfg(env->anchors, cfg)) { - log_err("validator: error in trustanchors config"); - return 0; - } - val_env->date_override = cfg->val_date_override; - val_env->skew_min = cfg->val_sig_skew_min; - val_env->skew_max = cfg->val_sig_skew_max; - c = cfg_count_numbers(cfg->val_nsec3_key_iterations); - if(c < 1 || (c&1)) { - log_err("validator: unparseable or odd nsec3 key " - "iterations: %s", cfg->val_nsec3_key_iterations); - return 0; - } - val_env->nsec3_keyiter_count = c/2; - if(!fill_nsec3_iter(val_env, cfg->val_nsec3_key_iterations, c/2)) { - log_err("validator: cannot apply nsec3 key iterations"); - return 0; - } - if(!val_env->neg_cache) - val_env->neg_cache = val_neg_create(cfg, - val_env->nsec3_maxiter[val_env->nsec3_keyiter_count-1]); - if(!val_env->neg_cache) { - log_err("out of memory"); - return 0; - } - env->neg_cache = val_env->neg_cache; - return 1; -} - -#ifdef USE_ECDSA_EVP_WORKAROUND -void ecdsa_evp_workaround_init(void); -#endif -int -val_init(struct module_env* env, int id) -{ - struct val_env* val_env = (struct val_env*)calloc(1, - sizeof(struct val_env)); - if(!val_env) { - log_err("malloc failure"); - return 0; - } - env->modinfo[id] = (void*)val_env; - env->need_to_validate = 1; - val_env->permissive_mode = 0; - lock_basic_init(&val_env->bogus_lock); - lock_protect(&val_env->bogus_lock, &val_env->num_rrset_bogus, - sizeof(val_env->num_rrset_bogus)); -#ifdef USE_ECDSA_EVP_WORKAROUND - ecdsa_evp_workaround_init(); -#endif - if(!val_apply_cfg(env, val_env, env->cfg)) { - log_err("validator: could not apply configuration settings."); - return 0; - } - - return 1; -} - -void -val_deinit(struct module_env* env, int id) -{ - struct val_env* val_env; - if(!env || !env->modinfo[id]) - return; - val_env = (struct val_env*)env->modinfo[id]; - lock_basic_destroy(&val_env->bogus_lock); - anchors_delete(env->anchors); - env->anchors = NULL; - key_cache_delete(val_env->kcache); - neg_cache_delete(val_env->neg_cache); - free(val_env->nsec3_keysize); - free(val_env->nsec3_maxiter); - free(val_env); - env->modinfo[id] = NULL; -} - -/** fill in message structure */ -static struct val_qstate* -val_new_getmsg(struct module_qstate* qstate, struct val_qstate* vq) -{ - if(!qstate->return_msg || qstate->return_rcode != LDNS_RCODE_NOERROR) { - /* create a message to verify */ - verbose(VERB_ALGO, "constructing reply for validation"); - vq->orig_msg = (struct dns_msg*)regional_alloc(qstate->region, - sizeof(struct dns_msg)); - if(!vq->orig_msg) - return NULL; - vq->orig_msg->qinfo = qstate->qinfo; - vq->orig_msg->rep = (struct reply_info*)regional_alloc( - qstate->region, sizeof(struct reply_info)); - if(!vq->orig_msg->rep) - return NULL; - memset(vq->orig_msg->rep, 0, sizeof(struct reply_info)); - vq->orig_msg->rep->flags = (uint16_t)(qstate->return_rcode&0xf) - |BIT_QR|BIT_RA|(qstate->query_flags|(BIT_CD|BIT_RD)); - vq->orig_msg->rep->qdcount = 1; - } else { - vq->orig_msg = qstate->return_msg; - } - vq->qchase = qstate->qinfo; - /* chase reply will be an edited (sub)set of the orig msg rrset ptrs */ - vq->chase_reply = regional_alloc_init(qstate->region, - vq->orig_msg->rep, - sizeof(struct reply_info) - sizeof(struct rrset_ref)); - if(!vq->chase_reply) - return NULL; - if(vq->orig_msg->rep->rrset_count > RR_COUNT_MAX) - return NULL; /* protect against integer overflow */ - vq->chase_reply->rrsets = regional_alloc_init(qstate->region, - vq->orig_msg->rep->rrsets, sizeof(struct ub_packed_rrset_key*) - * vq->orig_msg->rep->rrset_count); - if(!vq->chase_reply->rrsets) - return NULL; - vq->rrset_skip = 0; - return vq; -} - -/** allocate new validator query state */ -static struct val_qstate* -val_new(struct module_qstate* qstate, int id) -{ - struct val_qstate* vq = (struct val_qstate*)regional_alloc( - qstate->region, sizeof(*vq)); - log_assert(!qstate->minfo[id]); - if(!vq) - return NULL; - memset(vq, 0, sizeof(*vq)); - qstate->minfo[id] = vq; - vq->state = VAL_INIT_STATE; - return val_new_getmsg(qstate, vq); -} - -/** - * Exit validation with an error status - * - * @param qstate: query state - * @param id: validator id. - * @return false, for use by caller to return to stop processing. - */ -static int -val_error(struct module_qstate* qstate, int id) -{ - qstate->ext_state[id] = module_error; - qstate->return_rcode = LDNS_RCODE_SERVFAIL; - return 0; -} - -/** - * Check to see if a given response needs to go through the validation - * process. Typical reasons for this routine to return false are: CD bit was - * on in the original request, or the response is a kind of message that - * is unvalidatable (i.e., SERVFAIL, REFUSED, etc.) - * - * @param qstate: query state. - * @param ret_rc: rcode for this message (if noerror - examine ret_msg). - * @param ret_msg: return msg, can be NULL; look at rcode instead. - * @return true if the response could use validation (although this does not - * mean we can actually validate this response). - */ -static int -needs_validation(struct module_qstate* qstate, int ret_rc, - struct dns_msg* ret_msg) -{ - int rcode; - - /* If the CD bit is on in the original request, then you could think - * that we don't bother to validate anything. - * But this is signalled internally with the valrec flag. - * User queries are validated with BIT_CD to make our cache clean - * so that bogus messages get retried by the upstream also for - * downstream validators that set BIT_CD. - * For DNS64 bit_cd signals no dns64 processing, but we want to - * provide validation there too */ - /* - if(qstate->query_flags & BIT_CD) { - verbose(VERB_ALGO, "not validating response due to CD bit"); - return 0; - } - */ - if(qstate->is_valrec) { - verbose(VERB_ALGO, "not validating response, is valrec" - "(validation recursion lookup)"); - return 0; - } - - if(ret_rc != LDNS_RCODE_NOERROR || !ret_msg) - rcode = ret_rc; - else rcode = (int)FLAGS_GET_RCODE(ret_msg->rep->flags); - - if(rcode != LDNS_RCODE_NOERROR && rcode != LDNS_RCODE_NXDOMAIN) { - if(verbosity >= VERB_ALGO) { - char rc[16]; - rc[0]=0; - (void)sldns_wire2str_rcode_buf(rcode, rc, sizeof(rc)); - verbose(VERB_ALGO, "cannot validate non-answer, rcode %s", rc); - } - return 0; - } - - /* cannot validate positive RRSIG response. (negatives can) */ - if(qstate->qinfo.qtype == LDNS_RR_TYPE_RRSIG && - rcode == LDNS_RCODE_NOERROR && ret_msg && - ret_msg->rep->an_numrrsets > 0) { - verbose(VERB_ALGO, "cannot validate RRSIG, no sigs on sigs."); - return 0; - } - return 1; -} - -/** - * Check to see if the response has already been validated. - * @param ret_msg: return msg, can be NULL - * @return true if the response has already been validated - */ -static int -already_validated(struct dns_msg* ret_msg) -{ - /* validate unchecked, and re-validate bogus messages */ - if (ret_msg && ret_msg->rep->security > sec_status_bogus) - { - verbose(VERB_ALGO, "response has already been validated: %s", - sec_status_to_string(ret_msg->rep->security)); - return 1; - } - return 0; -} - -/** - * Generate a request for DNS data. - * - * @param qstate: query state that is the parent. - * @param id: module id. - * @param name: what name to query for. - * @param namelen: length of name. - * @param qtype: query type. - * @param qclass: query class. - * @param flags: additional flags, such as the CD bit (BIT_CD), or 0. - * @return false on alloc failure. - */ -static int -generate_request(struct module_qstate* qstate, int id, uint8_t* name, - size_t namelen, uint16_t qtype, uint16_t qclass, uint16_t flags) -{ - struct val_qstate* vq = (struct val_qstate*)qstate->minfo[id]; - struct module_qstate* newq; - struct query_info ask; - int valrec; - ask.qname = name; - ask.qname_len = namelen; - ask.qtype = qtype; - ask.qclass = qclass; - ask.local_alias = NULL; - log_query_info(VERB_ALGO, "generate request", &ask); - fptr_ok(fptr_whitelist_modenv_attach_sub(qstate->env->attach_sub)); - /* enable valrec flag to avoid recursion to the same validation - * routine, this lookup is simply a lookup. DLVs need validation */ - if(qtype == LDNS_RR_TYPE_DLV) - valrec = 0; - else valrec = 1; - if(!(*qstate->env->attach_sub)(qstate, &ask, - (uint16_t)(BIT_RD|flags), 0, valrec, &newq)){ - log_err("Could not generate request: out of memory"); - return 0; - } - /* newq; validator does not need state created for that - * query, and its a 'normal' for iterator as well */ - if(newq) { - /* add our blacklist to the query blacklist */ - sock_list_merge(&newq->blacklist, newq->region, - vq->chain_blacklist); - } - qstate->ext_state[id] = module_wait_subquery; - return 1; -} - -/** - * Prime trust anchor for use. - * Generate and dispatch a priming query for the given trust anchor. - * The trust anchor can be DNSKEY or DS and does not have to be signed. - * - * @param qstate: query state. - * @param vq: validator query state. - * @param id: module id. - * @param toprime: what to prime. - * @return false on a processing error. - */ -static int -prime_trust_anchor(struct module_qstate* qstate, struct val_qstate* vq, - int id, struct trust_anchor* toprime) -{ - int ret = generate_request(qstate, id, toprime->name, toprime->namelen, - LDNS_RR_TYPE_DNSKEY, toprime->dclass, BIT_CD); - if(!ret) { - log_err("Could not prime trust anchor: out of memory"); - return 0; - } - /* ignore newq; validator does not need state created for that - * query, and its a 'normal' for iterator as well */ - vq->wait_prime_ta = 1; /* to elicit PRIME_RESP_STATE processing - from the validator inform_super() routine */ - /* store trust anchor name for later lookup when prime returns */ - vq->trust_anchor_name = regional_alloc_init(qstate->region, - toprime->name, toprime->namelen); - vq->trust_anchor_len = toprime->namelen; - vq->trust_anchor_labs = toprime->namelabs; - if(!vq->trust_anchor_name) { - log_err("Could not prime trust anchor: out of memory"); - return 0; - } - return 1; -} - -/** - * Validate if the ANSWER and AUTHORITY sections contain valid rrsets. - * They must be validly signed with the given key. - * Tries to validate ADDITIONAL rrsets as well, but only to check them. - * Allows unsigned CNAME after a DNAME that expands the DNAME. - * - * Note that by the time this method is called, the process of finding the - * trusted DNSKEY rrset that signs this response must already have been - * completed. - * - * @param qstate: query state. - * @param env: module env for verify. - * @param ve: validator env for verify. - * @param qchase: query that was made. - * @param chase_reply: answer to validate. - * @param key_entry: the key entry, which is trusted, and which matches - * the signer of the answer. The key entry isgood(). - * @return false if any of the rrsets in the an or ns sections of the message - * fail to verify. The message is then set to bogus. - */ -static int -validate_msg_signatures(struct module_qstate* qstate, struct module_env* env, - struct val_env* ve, struct query_info* qchase, - struct reply_info* chase_reply, struct key_entry_key* key_entry) -{ - uint8_t* sname; - size_t i, slen; - struct ub_packed_rrset_key* s; - enum sec_status sec; - int dname_seen = 0; - char* reason = NULL; - - /* validate the ANSWER section */ - for(i=0; ian_numrrsets; i++) { - s = chase_reply->rrsets[i]; - /* Skip the CNAME following a (validated) DNAME. - * Because of the normalization routines in the iterator, - * there will always be an unsigned CNAME following a DNAME - * (unless qtype=DNAME). */ - if(dname_seen && ntohs(s->rk.type) == LDNS_RR_TYPE_CNAME) { - dname_seen = 0; - /* CNAME was synthesized by our own iterator */ - /* since the DNAME verified, mark the CNAME as secure */ - ((struct packed_rrset_data*)s->entry.data)->security = - sec_status_secure; - ((struct packed_rrset_data*)s->entry.data)->trust = - rrset_trust_validated; - continue; - } - - /* Verify the answer rrset */ - sec = val_verify_rrset_entry(env, ve, s, key_entry, &reason); - /* If the (answer) rrset failed to validate, then this - * message is BAD. */ - if(sec != sec_status_secure) { - log_nametypeclass(VERB_QUERY, "validator: response " - "has failed ANSWER rrset:", s->rk.dname, - ntohs(s->rk.type), ntohs(s->rk.rrset_class)); - errinf(qstate, reason); - if(ntohs(s->rk.type) == LDNS_RR_TYPE_CNAME) - errinf(qstate, "for CNAME"); - else if(ntohs(s->rk.type) == LDNS_RR_TYPE_DNAME) - errinf(qstate, "for DNAME"); - errinf_origin(qstate, qstate->reply_origin); - chase_reply->security = sec_status_bogus; - return 0; - } - - /* Notice a DNAME that should be followed by an unsigned - * CNAME. */ - if(qchase->qtype != LDNS_RR_TYPE_DNAME && - ntohs(s->rk.type) == LDNS_RR_TYPE_DNAME) { - dname_seen = 1; - } - } - - /* validate the AUTHORITY section */ - for(i=chase_reply->an_numrrsets; ian_numrrsets+ - chase_reply->ns_numrrsets; i++) { - s = chase_reply->rrsets[i]; - sec = val_verify_rrset_entry(env, ve, s, key_entry, &reason); - /* If anything in the authority section fails to be secure, - * we have a bad message. */ - if(sec != sec_status_secure) { - log_nametypeclass(VERB_QUERY, "validator: response " - "has failed AUTHORITY rrset:", s->rk.dname, - ntohs(s->rk.type), ntohs(s->rk.rrset_class)); - errinf(qstate, reason); - errinf_origin(qstate, qstate->reply_origin); - errinf_rrset(qstate, s); - chase_reply->security = sec_status_bogus; - return 0; - } - } - - /* attempt to validate the ADDITIONAL section rrsets */ - if(!ve->clean_additional) - return 1; - for(i=chase_reply->an_numrrsets+chase_reply->ns_numrrsets; - irrset_count; i++) { - s = chase_reply->rrsets[i]; - /* only validate rrs that have signatures with the key */ - /* leave others unchecked, those get removed later on too */ - val_find_rrset_signer(s, &sname, &slen); - if(sname && query_dname_compare(sname, key_entry->name)==0) - (void)val_verify_rrset_entry(env, ve, s, key_entry, - &reason); - /* the additional section can fail to be secure, - * it is optional, check signature in case we need - * to clean the additional section later. */ - } - - return 1; -} - -/** - * Detect wrong truncated response (say from BIND 9.6.1 that is forwarding - * and saw the NS record without signatures from a referral). - * The positive response has a mangled authority section. - * Remove that authority section and the additional section. - * @param rep: reply - * @return true if a wrongly truncated response. - */ -static int -detect_wrongly_truncated(struct reply_info* rep) -{ - size_t i; - /* only NS in authority, and it is bogus */ - if(rep->ns_numrrsets != 1 || rep->an_numrrsets == 0) - return 0; - if(ntohs(rep->rrsets[ rep->an_numrrsets ]->rk.type) != LDNS_RR_TYPE_NS) - return 0; - if(((struct packed_rrset_data*)rep->rrsets[ rep->an_numrrsets ] - ->entry.data)->security == sec_status_secure) - return 0; - /* answer section is present and secure */ - for(i=0; ian_numrrsets; i++) { - if(((struct packed_rrset_data*)rep->rrsets[ i ] - ->entry.data)->security != sec_status_secure) - return 0; - } - verbose(VERB_ALGO, "truncating to minimal response"); - return 1; -} - -/** - * For messages that are not referrals, if the chase reply contains an - * unsigned NS record in the authority section it could have been - * inserted by a (BIND) forwarder that thinks the zone is insecure, and - * that has an NS record without signatures in cache. Remove the NS - * record since the reply does not hinge on that record (in the authority - * section), but do not remove it if it removes the last record from the - * answer+authority sections. - * @param chase_reply: the chased reply, we have a key for this contents, - * so we should have signatures for these rrsets and not having - * signatures means it will be bogus. - * @param orig_reply: original reply, remove NS from there as well because - * we cannot mark the NS record as DNSSEC valid because it is not - * validated by signatures. - */ -static void -remove_spurious_authority(struct reply_info* chase_reply, - struct reply_info* orig_reply) -{ - size_t i, found = 0; - int remove = 0; - /* if no answer and only 1 auth RRset, do not remove that one */ - if(chase_reply->an_numrrsets == 0 && chase_reply->ns_numrrsets == 1) - return; - /* search authority section for unsigned NS records */ - for(i = chase_reply->an_numrrsets; - i < chase_reply->an_numrrsets+chase_reply->ns_numrrsets; i++) { - struct packed_rrset_data* d = (struct packed_rrset_data*) - chase_reply->rrsets[i]->entry.data; - if(ntohs(chase_reply->rrsets[i]->rk.type) == LDNS_RR_TYPE_NS - && d->rrsig_count == 0) { - found = i; - remove = 1; - break; - } - } - /* see if we found the entry */ - if(!remove) return; - log_rrset_key(VERB_ALGO, "Removing spurious unsigned NS record " - "(likely inserted by forwarder)", chase_reply->rrsets[found]); - - /* find rrset in orig_reply */ - for(i = orig_reply->an_numrrsets; - i < orig_reply->an_numrrsets+orig_reply->ns_numrrsets; i++) { - if(ntohs(orig_reply->rrsets[i]->rk.type) == LDNS_RR_TYPE_NS - && query_dname_compare(orig_reply->rrsets[i]->rk.dname, - chase_reply->rrsets[found]->rk.dname) == 0) { - /* remove from orig_msg */ - val_reply_remove_auth(orig_reply, i); - break; - } - } - /* remove rrset from chase_reply */ - val_reply_remove_auth(chase_reply, found); -} - -/** - * Given a "positive" response -- a response that contains an answer to the - * question, and no CNAME chain, validate this response. - * - * The answer and authority RRsets must already be verified as secure. - * - * @param env: module env for verify. - * @param ve: validator env for verify. - * @param qchase: query that was made. - * @param chase_reply: answer to that query to validate. - * @param kkey: the key entry, which is trusted, and which matches - * the signer of the answer. The key entry isgood(). - */ -static void -validate_positive_response(struct module_env* env, struct val_env* ve, - struct query_info* qchase, struct reply_info* chase_reply, - struct key_entry_key* kkey) -{ - uint8_t* wc = NULL; - int wc_NSEC_ok = 0; - int nsec3s_seen = 0; - size_t i; - struct ub_packed_rrset_key* s; - - /* validate the ANSWER section - this will be the answer itself */ - for(i=0; ian_numrrsets; i++) { - s = chase_reply->rrsets[i]; - - /* Check to see if the rrset is the result of a wildcard - * expansion. If so, an additional check will need to be - * made in the authority section. */ - if(!val_rrset_wildcard(s, &wc)) { - log_nametypeclass(VERB_QUERY, "Positive response has " - "inconsistent wildcard sigs:", s->rk.dname, - ntohs(s->rk.type), ntohs(s->rk.rrset_class)); - chase_reply->security = sec_status_bogus; - return; - } - } - - /* validate the AUTHORITY section as well - this will generally be - * the NS rrset (which could be missing, no problem) */ - for(i=chase_reply->an_numrrsets; ian_numrrsets+ - chase_reply->ns_numrrsets; i++) { - s = chase_reply->rrsets[i]; - - /* If this is a positive wildcard response, and we have a - * (just verified) NSEC record, try to use it to 1) prove - * that qname doesn't exist and 2) that the correct wildcard - * was used. */ - if(wc != NULL && ntohs(s->rk.type) == LDNS_RR_TYPE_NSEC) { - if(val_nsec_proves_positive_wildcard(s, qchase, wc)) { - wc_NSEC_ok = 1; - } - /* if not, continue looking for proof */ - } - - /* Otherwise, if this is a positive wildcard response and - * we have NSEC3 records */ - if(wc != NULL && ntohs(s->rk.type) == LDNS_RR_TYPE_NSEC3) { - nsec3s_seen = 1; - } - } - - /* If this was a positive wildcard response that we haven't already - * proven, and we have NSEC3 records, try to prove it using the NSEC3 - * records. */ - if(wc != NULL && !wc_NSEC_ok && nsec3s_seen) { - enum sec_status sec = nsec3_prove_wildcard(env, ve, - chase_reply->rrsets+chase_reply->an_numrrsets, - chase_reply->ns_numrrsets, qchase, kkey, wc); - if(sec == sec_status_insecure) { - verbose(VERB_ALGO, "Positive wildcard response is " - "insecure"); - chase_reply->security = sec_status_insecure; - return; - } else if(sec == sec_status_secure) - wc_NSEC_ok = 1; - } - - /* If after all this, we still haven't proven the positive wildcard - * response, fail. */ - if(wc != NULL && !wc_NSEC_ok) { - verbose(VERB_QUERY, "positive response was wildcard " - "expansion and did not prove original data " - "did not exist"); - chase_reply->security = sec_status_bogus; - return; - } - - verbose(VERB_ALGO, "Successfully validated positive response"); - chase_reply->security = sec_status_secure; -} - -/** - * Validate a NOERROR/NODATA signed response -- a response that has a - * NOERROR Rcode but no ANSWER section RRsets. This consists of making - * certain that the authority section NSEC/NSEC3s proves that the qname - * does exist and the qtype doesn't. - * - * The answer and authority RRsets must already be verified as secure. - * - * @param env: module env for verify. - * @param ve: validator env for verify. - * @param qchase: query that was made. - * @param chase_reply: answer to that query to validate. - * @param kkey: the key entry, which is trusted, and which matches - * the signer of the answer. The key entry isgood(). - */ -static void -validate_nodata_response(struct module_env* env, struct val_env* ve, - struct query_info* qchase, struct reply_info* chase_reply, - struct key_entry_key* kkey) -{ - /* Since we are here, there must be nothing in the ANSWER section to - * validate. */ - /* (Note: CNAME/DNAME responses will not directly get here -- - * instead, they are chased down into individual CNAME validations, - * and at the end of the cname chain a POSITIVE, or CNAME_NOANSWER - * validation.) */ - - /* validate the AUTHORITY section */ - int has_valid_nsec = 0; /* If true, then the NODATA has been proven.*/ - uint8_t* ce = NULL; /* for wildcard nodata responses. This is the - proven closest encloser. */ - uint8_t* wc = NULL; /* for wildcard nodata responses. wildcard nsec */ - int nsec3s_seen = 0; /* nsec3s seen */ - struct ub_packed_rrset_key* s; - size_t i; - - for(i=chase_reply->an_numrrsets; ian_numrrsets+ - chase_reply->ns_numrrsets; i++) { - s = chase_reply->rrsets[i]; - /* If we encounter an NSEC record, try to use it to prove - * NODATA. - * This needs to handle the ENT NODATA case. */ - if(ntohs(s->rk.type) == LDNS_RR_TYPE_NSEC) { - if(nsec_proves_nodata(s, qchase, &wc)) { - has_valid_nsec = 1; - /* sets wc-encloser if wildcard applicable */ - } - if(val_nsec_proves_name_error(s, qchase->qname)) { - ce = nsec_closest_encloser(qchase->qname, s); - } - if(val_nsec_proves_insecuredelegation(s, qchase)) { - verbose(VERB_ALGO, "delegation is insecure"); - chase_reply->security = sec_status_insecure; - return; - } - } else if(ntohs(s->rk.type) == LDNS_RR_TYPE_NSEC3) { - nsec3s_seen = 1; - } - } - - /* check to see if we have a wildcard NODATA proof. */ - - /* The wildcard NODATA is 1 NSEC proving that qname does not exist - * (and also proving what the closest encloser is), and 1 NSEC - * showing the matching wildcard, which must be *.closest_encloser. */ - if(wc && !ce) - has_valid_nsec = 0; - else if(wc && ce) { - if(query_dname_compare(wc, ce) != 0) { - has_valid_nsec = 0; - } - } - - if(!has_valid_nsec && nsec3s_seen) { - enum sec_status sec = nsec3_prove_nodata(env, ve, - chase_reply->rrsets+chase_reply->an_numrrsets, - chase_reply->ns_numrrsets, qchase, kkey); - if(sec == sec_status_insecure) { - verbose(VERB_ALGO, "NODATA response is insecure"); - chase_reply->security = sec_status_insecure; - return; - } else if(sec == sec_status_secure) - has_valid_nsec = 1; - } - - if(!has_valid_nsec) { - verbose(VERB_QUERY, "NODATA response failed to prove NODATA " - "status with NSEC/NSEC3"); - if(verbosity >= VERB_ALGO) - log_dns_msg("Failed NODATA", qchase, chase_reply); - chase_reply->security = sec_status_bogus; - return; - } - - verbose(VERB_ALGO, "successfully validated NODATA response."); - chase_reply->security = sec_status_secure; -} - -/** - * Validate a NAMEERROR signed response -- a response that has a NXDOMAIN - * Rcode. - * This consists of making certain that the authority section NSEC proves - * that the qname doesn't exist and the covering wildcard also doesn't exist.. - * - * The answer and authority RRsets must have already been verified as secure. - * - * @param env: module env for verify. - * @param ve: validator env for verify. - * @param qchase: query that was made. - * @param chase_reply: answer to that query to validate. - * @param kkey: the key entry, which is trusted, and which matches - * the signer of the answer. The key entry isgood(). - * @param rcode: adjusted RCODE, in case of RCODE/proof mismatch leniency. - */ -static void -validate_nameerror_response(struct module_env* env, struct val_env* ve, - struct query_info* qchase, struct reply_info* chase_reply, - struct key_entry_key* kkey, int* rcode) -{ - int has_valid_nsec = 0; - int has_valid_wnsec = 0; - int nsec3s_seen = 0; - struct ub_packed_rrset_key* s; - size_t i; - - for(i=chase_reply->an_numrrsets; ian_numrrsets+ - chase_reply->ns_numrrsets; i++) { - s = chase_reply->rrsets[i]; - if(ntohs(s->rk.type) == LDNS_RR_TYPE_NSEC) { - if(val_nsec_proves_name_error(s, qchase->qname)) - has_valid_nsec = 1; - if(val_nsec_proves_no_wc(s, qchase->qname, - qchase->qname_len)) - has_valid_wnsec = 1; - if(val_nsec_proves_insecuredelegation(s, qchase)) { - verbose(VERB_ALGO, "delegation is insecure"); - chase_reply->security = sec_status_insecure; - return; - } - } else if(ntohs(s->rk.type) == LDNS_RR_TYPE_NSEC3) - nsec3s_seen = 1; - } - - if((!has_valid_nsec || !has_valid_wnsec) && nsec3s_seen) { - /* use NSEC3 proof, both answer and auth rrsets, in case - * NSEC3s end up in the answer (due to qtype=NSEC3 or so) */ - chase_reply->security = nsec3_prove_nameerror(env, ve, - chase_reply->rrsets, chase_reply->an_numrrsets+ - chase_reply->ns_numrrsets, qchase, kkey); - if(chase_reply->security != sec_status_secure) { - verbose(VERB_QUERY, "NameError response failed nsec, " - "nsec3 proof was %s", sec_status_to_string( - chase_reply->security)); - return; - } - has_valid_nsec = 1; - has_valid_wnsec = 1; - } - - /* If the message fails to prove either condition, it is bogus. */ - if(!has_valid_nsec) { - verbose(VERB_QUERY, "NameError response has failed to prove: " - "qname does not exist"); - chase_reply->security = sec_status_bogus; - /* Be lenient with RCODE in NSEC NameError responses */ - validate_nodata_response(env, ve, qchase, chase_reply, kkey); - if (chase_reply->security == sec_status_secure) - *rcode = LDNS_RCODE_NOERROR; - return; - } - - if(!has_valid_wnsec) { - verbose(VERB_QUERY, "NameError response has failed to prove: " - "covering wildcard does not exist"); - chase_reply->security = sec_status_bogus; - /* Be lenient with RCODE in NSEC NameError responses */ - validate_nodata_response(env, ve, qchase, chase_reply, kkey); - if (chase_reply->security == sec_status_secure) - *rcode = LDNS_RCODE_NOERROR; - return; - } - - /* Otherwise, we consider the message secure. */ - verbose(VERB_ALGO, "successfully validated NAME ERROR response."); - chase_reply->security = sec_status_secure; -} - -/** - * Given a referral response, validate rrsets and take least trusted rrset - * as the current validation status. - * - * Note that by the time this method is called, the process of finding the - * trusted DNSKEY rrset that signs this response must already have been - * completed. - * - * @param chase_reply: answer to validate. - */ -static void -validate_referral_response(struct reply_info* chase_reply) -{ - size_t i; - enum sec_status s; - /* message security equals lowest rrset security */ - chase_reply->security = sec_status_secure; - for(i=0; irrset_count; i++) { - s = ((struct packed_rrset_data*)chase_reply->rrsets[i] - ->entry.data)->security; - if(s < chase_reply->security) - chase_reply->security = s; - } - verbose(VERB_ALGO, "validated part of referral response as %s", - sec_status_to_string(chase_reply->security)); -} - -/** - * Given an "ANY" response -- a response that contains an answer to a - * qtype==ANY question, with answers. This does no checking that all - * types are present. - * - * NOTE: it may be possible to get parent-side delegation point records - * here, which won't all be signed. Right now, this routine relies on the - * upstream iterative resolver to not return these responses -- instead - * treating them as referrals. - * - * NOTE: RFC 4035 is silent on this issue, so this may change upon - * clarification. Clarification draft -05 says to not check all types are - * present. - * - * Note that by the time this method is called, the process of finding the - * trusted DNSKEY rrset that signs this response must already have been - * completed. - * - * @param env: module env for verify. - * @param ve: validator env for verify. - * @param qchase: query that was made. - * @param chase_reply: answer to that query to validate. - * @param kkey: the key entry, which is trusted, and which matches - * the signer of the answer. The key entry isgood(). - */ -static void -validate_any_response(struct module_env* env, struct val_env* ve, - struct query_info* qchase, struct reply_info* chase_reply, - struct key_entry_key* kkey) -{ - /* all answer and auth rrsets already verified */ - /* but check if a wildcard response is given, then check NSEC/NSEC3 - * for qname denial to see if wildcard is applicable */ - uint8_t* wc = NULL; - int wc_NSEC_ok = 0; - int nsec3s_seen = 0; - size_t i; - struct ub_packed_rrset_key* s; - - if(qchase->qtype != LDNS_RR_TYPE_ANY) { - log_err("internal error: ANY validation called for non-ANY"); - chase_reply->security = sec_status_bogus; - return; - } - - /* validate the ANSWER section - this will be the answer itself */ - for(i=0; ian_numrrsets; i++) { - s = chase_reply->rrsets[i]; - - /* Check to see if the rrset is the result of a wildcard - * expansion. If so, an additional check will need to be - * made in the authority section. */ - if(!val_rrset_wildcard(s, &wc)) { - log_nametypeclass(VERB_QUERY, "Positive ANY response" - " has inconsistent wildcard sigs:", - s->rk.dname, ntohs(s->rk.type), - ntohs(s->rk.rrset_class)); - chase_reply->security = sec_status_bogus; - return; - } - } - - /* if it was a wildcard, check for NSEC/NSEC3s in both answer - * and authority sections (NSEC may be moved to the ANSWER section) */ - if(wc != NULL) - for(i=0; ian_numrrsets+chase_reply->ns_numrrsets; - i++) { - s = chase_reply->rrsets[i]; - - /* If this is a positive wildcard response, and we have a - * (just verified) NSEC record, try to use it to 1) prove - * that qname doesn't exist and 2) that the correct wildcard - * was used. */ - if(ntohs(s->rk.type) == LDNS_RR_TYPE_NSEC) { - if(val_nsec_proves_positive_wildcard(s, qchase, wc)) { - wc_NSEC_ok = 1; - } - /* if not, continue looking for proof */ - } - - /* Otherwise, if this is a positive wildcard response and - * we have NSEC3 records */ - if(ntohs(s->rk.type) == LDNS_RR_TYPE_NSEC3) { - nsec3s_seen = 1; - } - } - - /* If this was a positive wildcard response that we haven't already - * proven, and we have NSEC3 records, try to prove it using the NSEC3 - * records. */ - if(wc != NULL && !wc_NSEC_ok && nsec3s_seen) { - /* look both in answer and auth section for NSEC3s */ - enum sec_status sec = nsec3_prove_wildcard(env, ve, - chase_reply->rrsets, - chase_reply->an_numrrsets+chase_reply->ns_numrrsets, - qchase, kkey, wc); - if(sec == sec_status_insecure) { - verbose(VERB_ALGO, "Positive ANY wildcard response is " - "insecure"); - chase_reply->security = sec_status_insecure; - return; - } else if(sec == sec_status_secure) - wc_NSEC_ok = 1; - } - - /* If after all this, we still haven't proven the positive wildcard - * response, fail. */ - if(wc != NULL && !wc_NSEC_ok) { - verbose(VERB_QUERY, "positive ANY response was wildcard " - "expansion and did not prove original data " - "did not exist"); - chase_reply->security = sec_status_bogus; - return; - } - - verbose(VERB_ALGO, "Successfully validated positive ANY response"); - chase_reply->security = sec_status_secure; -} - -/** - * Validate CNAME response, or DNAME+CNAME. - * This is just like a positive proof, except that this is about a - * DNAME+CNAME. Possible wildcard proof. - * Difference with positive proof is that this routine refuses - * wildcarded DNAMEs. - * - * The answer and authority rrsets must already be verified as secure. - * - * @param env: module env for verify. - * @param ve: validator env for verify. - * @param qchase: query that was made. - * @param chase_reply: answer to that query to validate. - * @param kkey: the key entry, which is trusted, and which matches - * the signer of the answer. The key entry isgood(). - */ -static void -validate_cname_response(struct module_env* env, struct val_env* ve, - struct query_info* qchase, struct reply_info* chase_reply, - struct key_entry_key* kkey) -{ - uint8_t* wc = NULL; - int wc_NSEC_ok = 0; - int nsec3s_seen = 0; - size_t i; - struct ub_packed_rrset_key* s; - - /* validate the ANSWER section - this will be the CNAME (+DNAME) */ - for(i=0; ian_numrrsets; i++) { - s = chase_reply->rrsets[i]; - - /* Check to see if the rrset is the result of a wildcard - * expansion. If so, an additional check will need to be - * made in the authority section. */ - if(!val_rrset_wildcard(s, &wc)) { - log_nametypeclass(VERB_QUERY, "Cname response has " - "inconsistent wildcard sigs:", s->rk.dname, - ntohs(s->rk.type), ntohs(s->rk.rrset_class)); - chase_reply->security = sec_status_bogus; - return; - } - - /* Refuse wildcarded DNAMEs rfc 4597. - * Do not follow a wildcarded DNAME because - * its synthesized CNAME expansion is underdefined */ - if(qchase->qtype != LDNS_RR_TYPE_DNAME && - ntohs(s->rk.type) == LDNS_RR_TYPE_DNAME && wc) { - log_nametypeclass(VERB_QUERY, "cannot validate a " - "wildcarded DNAME:", s->rk.dname, - ntohs(s->rk.type), ntohs(s->rk.rrset_class)); - chase_reply->security = sec_status_bogus; - return; - } - - /* If we have found a CNAME, stop looking for one. - * The iterator has placed the CNAME chain in correct - * order. */ - if (ntohs(s->rk.type) == LDNS_RR_TYPE_CNAME) { - break; - } - } - - /* AUTHORITY section */ - for(i=chase_reply->an_numrrsets; ian_numrrsets+ - chase_reply->ns_numrrsets; i++) { - s = chase_reply->rrsets[i]; - - /* If this is a positive wildcard response, and we have a - * (just verified) NSEC record, try to use it to 1) prove - * that qname doesn't exist and 2) that the correct wildcard - * was used. */ - if(wc != NULL && ntohs(s->rk.type) == LDNS_RR_TYPE_NSEC) { - if(val_nsec_proves_positive_wildcard(s, qchase, wc)) { - wc_NSEC_ok = 1; - } - /* if not, continue looking for proof */ - } - - /* Otherwise, if this is a positive wildcard response and - * we have NSEC3 records */ - if(wc != NULL && ntohs(s->rk.type) == LDNS_RR_TYPE_NSEC3) { - nsec3s_seen = 1; - } - } - - /* If this was a positive wildcard response that we haven't already - * proven, and we have NSEC3 records, try to prove it using the NSEC3 - * records. */ - if(wc != NULL && !wc_NSEC_ok && nsec3s_seen) { - enum sec_status sec = nsec3_prove_wildcard(env, ve, - chase_reply->rrsets+chase_reply->an_numrrsets, - chase_reply->ns_numrrsets, qchase, kkey, wc); - if(sec == sec_status_insecure) { - verbose(VERB_ALGO, "wildcard CNAME response is " - "insecure"); - chase_reply->security = sec_status_insecure; - return; - } else if(sec == sec_status_secure) - wc_NSEC_ok = 1; - } - - /* If after all this, we still haven't proven the positive wildcard - * response, fail. */ - if(wc != NULL && !wc_NSEC_ok) { - verbose(VERB_QUERY, "CNAME response was wildcard " - "expansion and did not prove original data " - "did not exist"); - chase_reply->security = sec_status_bogus; - return; - } - - verbose(VERB_ALGO, "Successfully validated CNAME response"); - chase_reply->security = sec_status_secure; -} - -/** - * Validate CNAME NOANSWER response, no more data after a CNAME chain. - * This can be a NODATA or a NAME ERROR case, but not both at the same time. - * We don't know because the rcode has been set to NOERROR by the CNAME. - * - * The answer and authority rrsets must already be verified as secure. - * - * @param env: module env for verify. - * @param ve: validator env for verify. - * @param qchase: query that was made. - * @param chase_reply: answer to that query to validate. - * @param kkey: the key entry, which is trusted, and which matches - * the signer of the answer. The key entry isgood(). - */ -static void -validate_cname_noanswer_response(struct module_env* env, struct val_env* ve, - struct query_info* qchase, struct reply_info* chase_reply, - struct key_entry_key* kkey) -{ - int nodata_valid_nsec = 0; /* If true, then NODATA has been proven.*/ - uint8_t* ce = NULL; /* for wildcard nodata responses. This is the - proven closest encloser. */ - uint8_t* wc = NULL; /* for wildcard nodata responses. wildcard nsec */ - int nxdomain_valid_nsec = 0; /* if true, namerror has been proven */ - int nxdomain_valid_wnsec = 0; - int nsec3s_seen = 0; /* nsec3s seen */ - struct ub_packed_rrset_key* s; - size_t i; - - /* the AUTHORITY section */ - for(i=chase_reply->an_numrrsets; ian_numrrsets+ - chase_reply->ns_numrrsets; i++) { - s = chase_reply->rrsets[i]; - - /* If we encounter an NSEC record, try to use it to prove - * NODATA. This needs to handle the ENT NODATA case. - * Also try to prove NAMEERROR, and absence of a wildcard */ - if(ntohs(s->rk.type) == LDNS_RR_TYPE_NSEC) { - if(nsec_proves_nodata(s, qchase, &wc)) { - nodata_valid_nsec = 1; - /* set wc encloser if wildcard applicable */ - } - if(val_nsec_proves_name_error(s, qchase->qname)) { - ce = nsec_closest_encloser(qchase->qname, s); - nxdomain_valid_nsec = 1; - } - if(val_nsec_proves_no_wc(s, qchase->qname, - qchase->qname_len)) - nxdomain_valid_wnsec = 1; - if(val_nsec_proves_insecuredelegation(s, qchase)) { - verbose(VERB_ALGO, "delegation is insecure"); - chase_reply->security = sec_status_insecure; - return; - } - } else if(ntohs(s->rk.type) == LDNS_RR_TYPE_NSEC3) { - nsec3s_seen = 1; - } - } - - /* check to see if we have a wildcard NODATA proof. */ - - /* The wildcard NODATA is 1 NSEC proving that qname does not exists - * (and also proving what the closest encloser is), and 1 NSEC - * showing the matching wildcard, which must be *.closest_encloser. */ - if(wc && !ce) - nodata_valid_nsec = 0; - else if(wc && ce) { - if(query_dname_compare(wc, ce) != 0) { - nodata_valid_nsec = 0; - } - } - if(nxdomain_valid_nsec && !nxdomain_valid_wnsec) { - /* name error is missing wildcard denial proof */ - nxdomain_valid_nsec = 0; - } - - if(nodata_valid_nsec && nxdomain_valid_nsec) { - verbose(VERB_QUERY, "CNAMEchain to noanswer proves that name " - "exists and not exists, bogus"); - chase_reply->security = sec_status_bogus; - return; - } - if(!nodata_valid_nsec && !nxdomain_valid_nsec && nsec3s_seen) { - int nodata; - enum sec_status sec = nsec3_prove_nxornodata(env, ve, - chase_reply->rrsets+chase_reply->an_numrrsets, - chase_reply->ns_numrrsets, qchase, kkey, &nodata); - if(sec == sec_status_insecure) { - verbose(VERB_ALGO, "CNAMEchain to noanswer response " - "is insecure"); - chase_reply->security = sec_status_insecure; - return; - } else if(sec == sec_status_secure) { - if(nodata) - nodata_valid_nsec = 1; - else nxdomain_valid_nsec = 1; - } - } - - if(!nodata_valid_nsec && !nxdomain_valid_nsec) { - verbose(VERB_QUERY, "CNAMEchain to noanswer response failed " - "to prove status with NSEC/NSEC3"); - if(verbosity >= VERB_ALGO) - log_dns_msg("Failed CNAMEnoanswer", qchase, chase_reply); - chase_reply->security = sec_status_bogus; - return; - } - - if(nodata_valid_nsec) - verbose(VERB_ALGO, "successfully validated CNAME chain to a " - "NODATA response."); - else verbose(VERB_ALGO, "successfully validated CNAME chain to a " - "NAMEERROR response."); - chase_reply->security = sec_status_secure; -} - -/** - * Process init state for validator. - * Process the INIT state. First tier responses start in the INIT state. - * This is where they are vetted for validation suitability, and the initial - * key search is done. - * - * Currently, events the come through this routine will be either promoted - * to FINISHED/CNAME_RESP (no validation needed), FINDKEY (next step to - * validation), or will be (temporarily) retired and a new priming request - * event will be generated. - * - * @param qstate: query state. - * @param vq: validator query state. - * @param ve: validator shared global environment. - * @param id: module id. - * @return true if the event should be processed further on return, false if - * not. - */ -static int -processInit(struct module_qstate* qstate, struct val_qstate* vq, - struct val_env* ve, int id) -{ - uint8_t* lookup_name; - size_t lookup_len; - struct trust_anchor* anchor; - enum val_classification subtype = val_classify_response( - qstate->query_flags, &qstate->qinfo, &vq->qchase, - vq->orig_msg->rep, vq->rrset_skip); - if(vq->restart_count > VAL_MAX_RESTART_COUNT) { - verbose(VERB_ALGO, "restart count exceeded"); - return val_error(qstate, id); - } - verbose(VERB_ALGO, "validator classification %s", - val_classification_to_string(subtype)); - if(subtype == VAL_CLASS_REFERRAL && - vq->rrset_skip < vq->orig_msg->rep->rrset_count) { - /* referral uses the rrset name as qchase, to find keys for - * that rrset */ - vq->qchase.qname = vq->orig_msg->rep-> - rrsets[vq->rrset_skip]->rk.dname; - vq->qchase.qname_len = vq->orig_msg->rep-> - rrsets[vq->rrset_skip]->rk.dname_len; - vq->qchase.qtype = ntohs(vq->orig_msg->rep-> - rrsets[vq->rrset_skip]->rk.type); - vq->qchase.qclass = ntohs(vq->orig_msg->rep-> - rrsets[vq->rrset_skip]->rk.rrset_class); - } - lookup_name = vq->qchase.qname; - lookup_len = vq->qchase.qname_len; - /* for type DS look at the parent side for keys/trustanchor */ - /* also for NSEC not at apex */ - if(vq->qchase.qtype == LDNS_RR_TYPE_DS || - (vq->qchase.qtype == LDNS_RR_TYPE_NSEC && - vq->orig_msg->rep->rrset_count > vq->rrset_skip && - ntohs(vq->orig_msg->rep->rrsets[vq->rrset_skip]->rk.type) == - LDNS_RR_TYPE_NSEC && - !(vq->orig_msg->rep->rrsets[vq->rrset_skip]-> - rk.flags&PACKED_RRSET_NSEC_AT_APEX))) { - dname_remove_label(&lookup_name, &lookup_len); - } - - val_mark_indeterminate(vq->chase_reply, qstate->env->anchors, - qstate->env->rrset_cache, qstate->env); - vq->key_entry = NULL; - vq->empty_DS_name = NULL; - vq->ds_rrset = 0; - anchor = anchors_lookup(qstate->env->anchors, - lookup_name, lookup_len, vq->qchase.qclass); - - /* Determine the signer/lookup name */ - val_find_signer(subtype, &vq->qchase, vq->orig_msg->rep, - vq->rrset_skip, &vq->signer_name, &vq->signer_len); - if(vq->signer_name != NULL && - !dname_subdomain_c(lookup_name, vq->signer_name)) { - log_nametypeclass(VERB_ALGO, "this signer name is not a parent " - "of lookupname, omitted", vq->signer_name, 0, 0); - vq->signer_name = NULL; - } - if(vq->signer_name == NULL) { - log_nametypeclass(VERB_ALGO, "no signer, using", lookup_name, - 0, 0); - } else { - lookup_name = vq->signer_name; - lookup_len = vq->signer_len; - log_nametypeclass(VERB_ALGO, "signer is", lookup_name, 0, 0); - } - - /* for NXDOMAIN it could be signed by a parent of the trust anchor */ - if(subtype == VAL_CLASS_NAMEERROR && vq->signer_name && - anchor && dname_strict_subdomain_c(anchor->name, lookup_name)){ - lock_basic_unlock(&anchor->lock); - anchor = anchors_lookup(qstate->env->anchors, - lookup_name, lookup_len, vq->qchase.qclass); - if(!anchor) { /* unsigned parent denies anchor*/ - verbose(VERB_QUERY, "unsigned parent zone denies" - " trust anchor, indeterminate"); - vq->chase_reply->security = sec_status_indeterminate; - vq->state = VAL_FINISHED_STATE; - return 1; - } - verbose(VERB_ALGO, "trust anchor NXDOMAIN by signed parent"); - } else if(subtype == VAL_CLASS_POSITIVE && - qstate->qinfo.qtype == LDNS_RR_TYPE_DNSKEY && - query_dname_compare(lookup_name, qstate->qinfo.qname) == 0) { - /* is a DNSKEY so lookup a bit higher since we want to - * get it from a parent or from trustanchor */ - dname_remove_label(&lookup_name, &lookup_len); - } - - if(vq->rrset_skip > 0 || subtype == VAL_CLASS_CNAME || - subtype == VAL_CLASS_REFERRAL) { - /* extract this part of orig_msg into chase_reply for - * the eventual VALIDATE stage */ - val_fill_reply(vq->chase_reply, vq->orig_msg->rep, - vq->rrset_skip, lookup_name, lookup_len, - vq->signer_name); - if(verbosity >= VERB_ALGO) - log_dns_msg("chased extract", &vq->qchase, - vq->chase_reply); - } - - vq->key_entry = key_cache_obtain(ve->kcache, lookup_name, lookup_len, - vq->qchase.qclass, qstate->region, *qstate->env->now); - - /* there is no key(from DLV) and no trust anchor */ - if(vq->key_entry == NULL && anchor == NULL) { - /*response isn't under a trust anchor, so we cannot validate.*/ - vq->chase_reply->security = sec_status_indeterminate; - /* go to finished state to cache this result */ - vq->state = VAL_FINISHED_STATE; - return 1; - } - /* if not key, or if keyentry is *above* the trustanchor, i.e. - * the keyentry is based on another (higher) trustanchor */ - else if(vq->key_entry == NULL || (anchor && - dname_strict_subdomain_c(anchor->name, vq->key_entry->name))) { - /* trust anchor is an 'unsigned' trust anchor */ - if(anchor && anchor->numDS == 0 && anchor->numDNSKEY == 0) { - vq->chase_reply->security = sec_status_insecure; - val_mark_insecure(vq->chase_reply, anchor->name, - qstate->env->rrset_cache, qstate->env); - lock_basic_unlock(&anchor->lock); - vq->dlv_checked=1; /* skip DLV check */ - /* go to finished state to cache this result */ - vq->state = VAL_FINISHED_STATE; - return 1; - } - /* fire off a trust anchor priming query. */ - verbose(VERB_DETAIL, "prime trust anchor"); - if(!prime_trust_anchor(qstate, vq, id, anchor)) { - lock_basic_unlock(&anchor->lock); - return val_error(qstate, id); - } - lock_basic_unlock(&anchor->lock); - /* and otherwise, don't continue processing this event. - * (it will be reactivated when the priming query returns). */ - vq->state = VAL_FINDKEY_STATE; - return 0; - } - if(anchor) { - lock_basic_unlock(&anchor->lock); - } - - if(key_entry_isnull(vq->key_entry)) { - /* response is under a null key, so we cannot validate - * However, we do set the status to INSECURE, since it is - * essentially proven insecure. */ - vq->chase_reply->security = sec_status_insecure; - val_mark_insecure(vq->chase_reply, vq->key_entry->name, - qstate->env->rrset_cache, qstate->env); - /* go to finished state to cache this result */ - vq->state = VAL_FINISHED_STATE; - return 1; - } else if(key_entry_isbad(vq->key_entry)) { - /* key is bad, chain is bad, reply is bogus */ - errinf_dname(qstate, "key for validation", vq->key_entry->name); - errinf(qstate, "is marked as invalid"); - if(key_entry_get_reason(vq->key_entry)) { - errinf(qstate, "because of a previous"); - errinf(qstate, key_entry_get_reason(vq->key_entry)); - } - /* no retries, stop bothering the authority until timeout */ - vq->restart_count = VAL_MAX_RESTART_COUNT; - vq->chase_reply->security = sec_status_bogus; - vq->state = VAL_FINISHED_STATE; - return 1; - } - - /* otherwise, we have our "closest" cached key -- continue - * processing in the next state. */ - vq->state = VAL_FINDKEY_STATE; - return 1; -} - -/** - * Process the FINDKEY state. Generally this just calculates the next name - * to query and either issues a DS or a DNSKEY query. It will check to see - * if the correct key has already been reached, in which case it will - * advance the event to the next state. - * - * @param qstate: query state. - * @param vq: validator query state. - * @param id: module id. - * @return true if the event should be processed further on return, false if - * not. - */ -static int -processFindKey(struct module_qstate* qstate, struct val_qstate* vq, int id) -{ - uint8_t* target_key_name, *current_key_name; - size_t target_key_len; - int strip_lab; - - log_query_info(VERB_ALGO, "validator: FindKey", &vq->qchase); - /* We know that state.key_entry is not 0 or bad key -- if it were, - * then previous processing should have directed this event to - * a different state. - * It could be an isnull key, which signals that a DLV was just - * done and the DNSKEY after the DLV failed with dnssec-retry state - * and the DNSKEY has to be performed again. */ - log_assert(vq->key_entry && !key_entry_isbad(vq->key_entry)); - if(key_entry_isnull(vq->key_entry)) { - if(!generate_request(qstate, id, vq->ds_rrset->rk.dname, - vq->ds_rrset->rk.dname_len, LDNS_RR_TYPE_DNSKEY, - vq->qchase.qclass, BIT_CD)) { - log_err("mem error generating DNSKEY request"); - return val_error(qstate, id); - } - return 0; - } - - target_key_name = vq->signer_name; - target_key_len = vq->signer_len; - if(!target_key_name) { - target_key_name = vq->qchase.qname; - target_key_len = vq->qchase.qname_len; - } - - current_key_name = vq->key_entry->name; - - /* If our current key entry matches our target, then we are done. */ - if(query_dname_compare(target_key_name, current_key_name) == 0) { - vq->state = VAL_VALIDATE_STATE; - return 1; - } - - if(vq->empty_DS_name) { - /* if the last empty nonterminal/emptyDS name we detected is - * below the current key, use that name to make progress - * along the chain of trust */ - if(query_dname_compare(target_key_name, - vq->empty_DS_name) == 0) { - /* do not query for empty_DS_name again */ - verbose(VERB_ALGO, "Cannot retrieve DS for signature"); - errinf(qstate, "no signatures"); - errinf_origin(qstate, qstate->reply_origin); - vq->chase_reply->security = sec_status_bogus; - vq->state = VAL_FINISHED_STATE; - return 1; - } - current_key_name = vq->empty_DS_name; - } - - log_nametypeclass(VERB_ALGO, "current keyname", current_key_name, - LDNS_RR_TYPE_DNSKEY, LDNS_RR_CLASS_IN); - log_nametypeclass(VERB_ALGO, "target keyname", target_key_name, - LDNS_RR_TYPE_DNSKEY, LDNS_RR_CLASS_IN); - /* assert we are walking down the DNS tree */ - if(!dname_subdomain_c(target_key_name, current_key_name)) { - verbose(VERB_ALGO, "bad signer name"); - vq->chase_reply->security = sec_status_bogus; - vq->state = VAL_FINISHED_STATE; - return 1; - } - /* so this value is >= -1 */ - strip_lab = dname_count_labels(target_key_name) - - dname_count_labels(current_key_name) - 1; - log_assert(strip_lab >= -1); - verbose(VERB_ALGO, "striplab %d", strip_lab); - if(strip_lab > 0) { - dname_remove_labels(&target_key_name, &target_key_len, - strip_lab); - } - log_nametypeclass(VERB_ALGO, "next keyname", target_key_name, - LDNS_RR_TYPE_DNSKEY, LDNS_RR_CLASS_IN); - - /* The next step is either to query for the next DS, or to query - * for the next DNSKEY. */ - if(vq->ds_rrset) - log_nametypeclass(VERB_ALGO, "DS RRset", vq->ds_rrset->rk.dname, LDNS_RR_TYPE_DS, LDNS_RR_CLASS_IN); - else verbose(VERB_ALGO, "No DS RRset"); - - if(vq->ds_rrset && query_dname_compare(vq->ds_rrset->rk.dname, - vq->key_entry->name) != 0) { - if(!generate_request(qstate, id, vq->ds_rrset->rk.dname, - vq->ds_rrset->rk.dname_len, LDNS_RR_TYPE_DNSKEY, - vq->qchase.qclass, BIT_CD)) { - log_err("mem error generating DNSKEY request"); - return val_error(qstate, id); - } - return 0; - } - - if(!vq->ds_rrset || query_dname_compare(vq->ds_rrset->rk.dname, - target_key_name) != 0) { - /* check if there is a cache entry : pick up an NSEC if - * there is no DS, check if that NSEC has DS-bit unset, and - * thus can disprove the secure delegation we seek. - * We can then use that NSEC even in the absence of a SOA - * record that would be required by the iterator to supply - * a completely protocol-correct response. - * Uses negative cache for NSEC3 lookup of DS responses. */ - /* only if cache not blacklisted, of course */ - struct dns_msg* msg; - if(!qstate->blacklist && !vq->chain_blacklist && - (msg=val_find_DS(qstate->env, target_key_name, - target_key_len, vq->qchase.qclass, qstate->region, - vq->key_entry->name)) ) { - verbose(VERB_ALGO, "Process cached DS response"); - process_ds_response(qstate, vq, id, LDNS_RCODE_NOERROR, - msg, &msg->qinfo, NULL); - return 1; /* continue processing ds-response results */ - } - if(!generate_request(qstate, id, target_key_name, - target_key_len, LDNS_RR_TYPE_DS, vq->qchase.qclass, - BIT_CD)) { - log_err("mem error generating DS request"); - return val_error(qstate, id); - } - return 0; - } - - /* Otherwise, it is time to query for the DNSKEY */ - if(!generate_request(qstate, id, vq->ds_rrset->rk.dname, - vq->ds_rrset->rk.dname_len, LDNS_RR_TYPE_DNSKEY, - vq->qchase.qclass, BIT_CD)) { - log_err("mem error generating DNSKEY request"); - return val_error(qstate, id); - } - - return 0; -} - -/** - * Process the VALIDATE stage, the init and findkey stages are finished, - * and the right keys are available to validate the response. - * Or, there are no keys available, in order to invalidate the response. - * - * After validation, the status is recorded in the message and rrsets, - * and finished state is started. - * - * @param qstate: query state. - * @param vq: validator query state. - * @param ve: validator shared global environment. - * @param id: module id. - * @return true if the event should be processed further on return, false if - * not. - */ -static int -processValidate(struct module_qstate* qstate, struct val_qstate* vq, - struct val_env* ve, int id) -{ - enum val_classification subtype; - int rcode; - - if(!vq->key_entry) { - verbose(VERB_ALGO, "validate: no key entry, failed"); - return val_error(qstate, id); - } - - /* This is the default next state. */ - vq->state = VAL_FINISHED_STATE; - - /* Unsigned responses must be underneath a "null" key entry.*/ - if(key_entry_isnull(vq->key_entry)) { - verbose(VERB_DETAIL, "Verified that %sresponse is INSECURE", - vq->signer_name?"":"unsigned "); - vq->chase_reply->security = sec_status_insecure; - val_mark_insecure(vq->chase_reply, vq->key_entry->name, - qstate->env->rrset_cache, qstate->env); - key_cache_insert(ve->kcache, vq->key_entry, qstate); - return 1; - } - - if(key_entry_isbad(vq->key_entry)) { - log_nametypeclass(VERB_DETAIL, "Could not establish a chain " - "of trust to keys for", vq->key_entry->name, - LDNS_RR_TYPE_DNSKEY, vq->key_entry->key_class); - vq->chase_reply->security = sec_status_bogus; - errinf(qstate, "while building chain of trust"); - if(vq->restart_count >= VAL_MAX_RESTART_COUNT) - key_cache_insert(ve->kcache, vq->key_entry, qstate); - return 1; - } - - /* signerName being null is the indicator that this response was - * unsigned */ - if(vq->signer_name == NULL) { - log_query_info(VERB_ALGO, "processValidate: state has no " - "signer name", &vq->qchase); - verbose(VERB_DETAIL, "Could not establish validation of " - "INSECURE status of unsigned response."); - errinf(qstate, "no signatures"); - errinf_origin(qstate, qstate->reply_origin); - vq->chase_reply->security = sec_status_bogus; - return 1; - } - subtype = val_classify_response(qstate->query_flags, &qstate->qinfo, - &vq->qchase, vq->orig_msg->rep, vq->rrset_skip); - if(subtype != VAL_CLASS_REFERRAL) - remove_spurious_authority(vq->chase_reply, vq->orig_msg->rep); - - /* check signatures in the message; - * answer and authority must be valid, additional is only checked. */ - if(!validate_msg_signatures(qstate, qstate->env, ve, &vq->qchase, - vq->chase_reply, vq->key_entry)) { - /* workaround bad recursor out there that truncates (even - * with EDNS4k) to 512 by removing RRSIG from auth section - * for positive replies*/ - if((subtype == VAL_CLASS_POSITIVE || subtype == VAL_CLASS_ANY - || subtype == VAL_CLASS_CNAME) && - detect_wrongly_truncated(vq->orig_msg->rep)) { - /* truncate the message some more */ - vq->orig_msg->rep->ns_numrrsets = 0; - vq->orig_msg->rep->ar_numrrsets = 0; - vq->orig_msg->rep->rrset_count = - vq->orig_msg->rep->an_numrrsets; - vq->chase_reply->ns_numrrsets = 0; - vq->chase_reply->ar_numrrsets = 0; - vq->chase_reply->rrset_count = - vq->chase_reply->an_numrrsets; - qstate->errinf = NULL; - } - else { - verbose(VERB_DETAIL, "Validate: message contains " - "bad rrsets"); - return 1; - } - } - - switch(subtype) { - case VAL_CLASS_POSITIVE: - verbose(VERB_ALGO, "Validating a positive response"); - validate_positive_response(qstate->env, ve, - &vq->qchase, vq->chase_reply, vq->key_entry); - verbose(VERB_DETAIL, "validate(positive): %s", - sec_status_to_string( - vq->chase_reply->security)); - break; - - case VAL_CLASS_NODATA: - verbose(VERB_ALGO, "Validating a nodata response"); - validate_nodata_response(qstate->env, ve, - &vq->qchase, vq->chase_reply, vq->key_entry); - verbose(VERB_DETAIL, "validate(nodata): %s", - sec_status_to_string( - vq->chase_reply->security)); - break; - - case VAL_CLASS_NAMEERROR: - rcode = (int)FLAGS_GET_RCODE(vq->orig_msg->rep->flags); - verbose(VERB_ALGO, "Validating a nxdomain response"); - validate_nameerror_response(qstate->env, ve, - &vq->qchase, vq->chase_reply, vq->key_entry, &rcode); - verbose(VERB_DETAIL, "validate(nxdomain): %s", - sec_status_to_string( - vq->chase_reply->security)); - FLAGS_SET_RCODE(vq->orig_msg->rep->flags, rcode); - FLAGS_SET_RCODE(vq->chase_reply->flags, rcode); - break; - - case VAL_CLASS_CNAME: - verbose(VERB_ALGO, "Validating a cname response"); - validate_cname_response(qstate->env, ve, - &vq->qchase, vq->chase_reply, vq->key_entry); - verbose(VERB_DETAIL, "validate(cname): %s", - sec_status_to_string( - vq->chase_reply->security)); - break; - - case VAL_CLASS_CNAMENOANSWER: - verbose(VERB_ALGO, "Validating a cname noanswer " - "response"); - validate_cname_noanswer_response(qstate->env, ve, - &vq->qchase, vq->chase_reply, vq->key_entry); - verbose(VERB_DETAIL, "validate(cname_noanswer): %s", - sec_status_to_string( - vq->chase_reply->security)); - break; - - case VAL_CLASS_REFERRAL: - verbose(VERB_ALGO, "Validating a referral response"); - validate_referral_response(vq->chase_reply); - verbose(VERB_DETAIL, "validate(referral): %s", - sec_status_to_string( - vq->chase_reply->security)); - break; - - case VAL_CLASS_ANY: - verbose(VERB_ALGO, "Validating a positive ANY " - "response"); - validate_any_response(qstate->env, ve, &vq->qchase, - vq->chase_reply, vq->key_entry); - verbose(VERB_DETAIL, "validate(positive_any): %s", - sec_status_to_string( - vq->chase_reply->security)); - break; - - default: - log_err("validate: unhandled response subtype: %d", - subtype); - } - if(vq->chase_reply->security == sec_status_bogus) { - if(subtype == VAL_CLASS_POSITIVE) - errinf(qstate, "wildcard"); - else errinf(qstate, val_classification_to_string(subtype)); - errinf(qstate, "proof failed"); - errinf_origin(qstate, qstate->reply_origin); - } - - return 1; -} - -/** - * Init DLV check. - * DLV is going to be decommissioned, but the code is still here for some time. - * - * Called when a query is determined by other trust anchors to be insecure - * (or indeterminate). Then we look if there is a key in the DLV. - * Performs aggressive negative cache check to see if there is no key. - * Otherwise, spawns a DLV query, and changes to the DLV wait state. - * - * @param qstate: query state. - * @param vq: validator query state. - * @param ve: validator shared global environment. - * @param id: module id. - * @return true if there is no DLV. - * false: processing is finished for the validator operate(). - * This function may exit in three ways: - * o no DLV (aggressive cache), so insecure. (true) - * o error - stop processing (false) - * o DLV lookup was started, stop processing (false) - */ -static int -val_dlv_init(struct module_qstate* qstate, struct val_qstate* vq, - struct val_env* ve, int id) -{ - uint8_t* nm; - size_t nm_len; - /* there must be a DLV configured */ - log_assert(qstate->env->anchors->dlv_anchor); - /* this bool is true to avoid looping in the DLV checks */ - log_assert(vq->dlv_checked); - - /* init the DLV lookup variables */ - vq->dlv_lookup_name = NULL; - vq->dlv_lookup_name_len = 0; - vq->dlv_insecure_at = NULL; - vq->dlv_insecure_at_len = 0; - - /* Determine the name for which we want to lookup DLV. - * This name is for the current message, or - * for the current RRset for CNAME, referral subtypes. - * If there is a signer, use that, otherwise the domain name */ - if(vq->signer_name) { - nm = vq->signer_name; - nm_len = vq->signer_len; - } else { - /* use qchase */ - nm = vq->qchase.qname; - nm_len = vq->qchase.qname_len; - if(vq->qchase.qtype == LDNS_RR_TYPE_DS) - dname_remove_label(&nm, &nm_len); - } - log_nametypeclass(VERB_ALGO, "DLV init look", nm, LDNS_RR_TYPE_DS, - vq->qchase.qclass); - log_assert(nm && nm_len); - /* sanity check: no DLV lookups below the DLV anchor itself. - * Like, an securely insecure delegation there makes no sense. */ - if(dname_subdomain_c(nm, qstate->env->anchors->dlv_anchor->name)) { - verbose(VERB_ALGO, "DLV lookup within DLV repository denied"); - return 1; - } - /* concat name (minus root label) + dlv name */ - vq->dlv_lookup_name_len = nm_len - 1 + - qstate->env->anchors->dlv_anchor->namelen; - vq->dlv_lookup_name = regional_alloc(qstate->region, - vq->dlv_lookup_name_len); - if(!vq->dlv_lookup_name) { - log_err("Out of memory preparing DLV lookup"); - return val_error(qstate, id); - } - memmove(vq->dlv_lookup_name, nm, nm_len-1); - memmove(vq->dlv_lookup_name+nm_len-1, - qstate->env->anchors->dlv_anchor->name, - qstate->env->anchors->dlv_anchor->namelen); - log_nametypeclass(VERB_ALGO, "DLV name", vq->dlv_lookup_name, - LDNS_RR_TYPE_DLV, vq->qchase.qclass); - - /* determine where the insecure point was determined, the DLV must - * be equal or below that to continue building the trust chain - * down. May be NULL if no trust chain was built yet */ - nm = NULL; - if(vq->key_entry && key_entry_isnull(vq->key_entry)) { - nm = vq->key_entry->name; - nm_len = vq->key_entry->namelen; - } - if(nm) { - vq->dlv_insecure_at_len = nm_len - 1 + - qstate->env->anchors->dlv_anchor->namelen; - vq->dlv_insecure_at = regional_alloc(qstate->region, - vq->dlv_insecure_at_len); - if(!vq->dlv_insecure_at) { - log_err("Out of memory preparing DLV lookup"); - return val_error(qstate, id); - } - memmove(vq->dlv_insecure_at, nm, nm_len-1); - memmove(vq->dlv_insecure_at+nm_len-1, - qstate->env->anchors->dlv_anchor->name, - qstate->env->anchors->dlv_anchor->namelen); - log_nametypeclass(VERB_ALGO, "insecure_at", - vq->dlv_insecure_at, 0, vq->qchase.qclass); - } - - /* If we can find the name in the aggressive negative cache, - * give up; insecure is the answer */ - while(val_neg_dlvlookup(ve->neg_cache, vq->dlv_lookup_name, - vq->dlv_lookup_name_len, vq->qchase.qclass, - qstate->env->rrset_cache, *qstate->env->now)) { - /* go up */ - dname_remove_label(&vq->dlv_lookup_name, - &vq->dlv_lookup_name_len); - /* too high? */ - if(!dname_subdomain_c(vq->dlv_lookup_name, - qstate->env->anchors->dlv_anchor->name)) { - verbose(VERB_ALGO, "ask above dlv repo"); - return 1; /* Above the repo is insecure */ - } - /* above chain of trust? */ - if(vq->dlv_insecure_at && !dname_subdomain_c( - vq->dlv_lookup_name, vq->dlv_insecure_at)) { - verbose(VERB_ALGO, "ask above insecure endpoint"); - return 1; - } - } - - /* perform a lookup for the DLV; with validation */ - vq->state = VAL_DLVLOOKUP_STATE; - if(!generate_request(qstate, id, vq->dlv_lookup_name, - vq->dlv_lookup_name_len, LDNS_RR_TYPE_DLV, - vq->qchase.qclass, 0)) { - return val_error(qstate, id); - } - - /* Find the closest encloser DLV from the repository. - * then that is used to build another chain of trust - * This may first require a query 'too low' that has NSECs in - * the answer, from which we determine the closest encloser DLV. - * When determine the closest encloser, skip empty nonterminals, - * since we want a nonempty node in the DLV repository. */ - - return 0; -} - -/** - * The Finished state. The validation status (good or bad) has been determined. - * - * @param qstate: query state. - * @param vq: validator query state. - * @param ve: validator shared global environment. - * @param id: module id. - * @return true if the event should be processed further on return, false if - * not. - */ -static int -processFinished(struct module_qstate* qstate, struct val_qstate* vq, - struct val_env* ve, int id) -{ - enum val_classification subtype = val_classify_response( - qstate->query_flags, &qstate->qinfo, &vq->qchase, - vq->orig_msg->rep, vq->rrset_skip); - - /* if the result is insecure or indeterminate and we have not - * checked the DLV yet, check the DLV */ - if((vq->chase_reply->security == sec_status_insecure || - vq->chase_reply->security == sec_status_indeterminate) && - qstate->env->anchors->dlv_anchor && !vq->dlv_checked) { - vq->dlv_checked = 1; - if(!val_dlv_init(qstate, vq, ve, id)) - return 0; - } - - /* store overall validation result in orig_msg */ - if(vq->rrset_skip == 0) - vq->orig_msg->rep->security = vq->chase_reply->security; - else if(subtype != VAL_CLASS_REFERRAL || - vq->rrset_skip < vq->orig_msg->rep->an_numrrsets + - vq->orig_msg->rep->ns_numrrsets) { - /* ignore sec status of additional section if a referral - * type message skips there and - * use the lowest security status as end result. */ - if(vq->chase_reply->security < vq->orig_msg->rep->security) - vq->orig_msg->rep->security = - vq->chase_reply->security; - } - - if(subtype == VAL_CLASS_REFERRAL) { - /* for a referral, move to next unchecked rrset and check it*/ - vq->rrset_skip = val_next_unchecked(vq->orig_msg->rep, - vq->rrset_skip); - if(vq->rrset_skip < vq->orig_msg->rep->rrset_count) { - /* and restart for this rrset */ - verbose(VERB_ALGO, "validator: go to next rrset"); - vq->chase_reply->security = sec_status_unchecked; - vq->dlv_checked = 0; /* can do DLV for this RR */ - vq->state = VAL_INIT_STATE; - return 1; - } - /* referral chase is done */ - } - if(vq->chase_reply->security != sec_status_bogus && - subtype == VAL_CLASS_CNAME) { - /* chase the CNAME; process next part of the message */ - if(!val_chase_cname(&vq->qchase, vq->orig_msg->rep, - &vq->rrset_skip)) { - verbose(VERB_ALGO, "validator: failed to chase CNAME"); - vq->orig_msg->rep->security = sec_status_bogus; - } else { - /* restart process for new qchase at rrset_skip */ - log_query_info(VERB_ALGO, "validator: chased to", - &vq->qchase); - vq->chase_reply->security = sec_status_unchecked; - vq->dlv_checked = 0; /* can do DLV for this RR */ - vq->state = VAL_INIT_STATE; - return 1; - } - } - - if(vq->orig_msg->rep->security == sec_status_secure) { - /* If the message is secure, check that all rrsets are - * secure (i.e. some inserted RRset for CNAME chain with - * a different signer name). And drop additional rrsets - * that are not secure (if clean-additional option is set) */ - /* this may cause the msg to be marked bogus */ - val_check_nonsecure(ve, vq->orig_msg->rep); - if(vq->orig_msg->rep->security == sec_status_secure) { - log_query_info(VERB_DETAIL, "validation success", - &qstate->qinfo); - } - } - - /* if the result is bogus - set message ttl to bogus ttl to avoid - * endless bogus revalidation */ - if(vq->orig_msg->rep->security == sec_status_bogus) { - /* see if we can try again to fetch data */ - if(vq->restart_count < VAL_MAX_RESTART_COUNT) { - int restart_count = vq->restart_count+1; - verbose(VERB_ALGO, "validation failed, " - "blacklist and retry to fetch data"); - val_blacklist(&qstate->blacklist, qstate->region, - qstate->reply_origin, 0); - qstate->reply_origin = NULL; - qstate->errinf = NULL; - memset(vq, 0, sizeof(*vq)); - vq->restart_count = restart_count; - vq->state = VAL_INIT_STATE; - verbose(VERB_ALGO, "pass back to next module"); - qstate->ext_state[id] = module_restart_next; - return 0; - } - - vq->orig_msg->rep->ttl = ve->bogus_ttl; - vq->orig_msg->rep->prefetch_ttl = - PREFETCH_TTL_CALC(vq->orig_msg->rep->ttl); - if(qstate->env->cfg->val_log_level >= 1 && - !qstate->env->cfg->val_log_squelch) { - if(qstate->env->cfg->val_log_level < 2) - log_query_info(0, "validation failure", - &qstate->qinfo); - else { - char* err = errinf_to_str(qstate); - if(err) log_info("%s", err); - free(err); - } - } - /* If we are in permissive mode, bogus gets indeterminate */ - if(ve->permissive_mode) - vq->orig_msg->rep->security = sec_status_indeterminate; - } - - /* store results in cache */ - if(qstate->query_flags&BIT_RD) { - /* if secure, this will override cache anyway, no need - * to check if from parentNS */ - if(!qstate->no_cache_store) { - if(!dns_cache_store(qstate->env, &vq->orig_msg->qinfo, - vq->orig_msg->rep, 0, qstate->prefetch_leeway, 0, NULL, - qstate->query_flags)) { - log_err("out of memory caching validator results"); - } - } - } else { - /* for a referral, store the verified RRsets */ - /* and this does not get prefetched, so no leeway */ - if(!dns_cache_store(qstate->env, &vq->orig_msg->qinfo, - vq->orig_msg->rep, 1, 0, 0, NULL, - qstate->query_flags)) { - log_err("out of memory caching validator results"); - } - } - qstate->return_rcode = LDNS_RCODE_NOERROR; - qstate->return_msg = vq->orig_msg; - qstate->ext_state[id] = module_finished; - return 0; -} - -/** - * The DLVLookup state. Process DLV lookups. - * - * @param qstate: query state. - * @param vq: validator query state. - * @param ve: validator shared global environment. - * @param id: module id. - * @return true if the event should be processed further on return, false if - * not. - */ -static int -processDLVLookup(struct module_qstate* qstate, struct val_qstate* vq, - struct val_env* ve, int id) -{ - /* see if this we are ready to continue normal resolution */ - /* we may need more DLV lookups */ - if(vq->dlv_status==dlv_error) - verbose(VERB_ALGO, "DLV woke up with status dlv_error"); - else if(vq->dlv_status==dlv_success) - verbose(VERB_ALGO, "DLV woke up with status dlv_success"); - else if(vq->dlv_status==dlv_ask_higher) - verbose(VERB_ALGO, "DLV woke up with status dlv_ask_higher"); - else if(vq->dlv_status==dlv_there_is_no_dlv) - verbose(VERB_ALGO, "DLV woke up with status dlv_there_is_no_dlv"); - else verbose(VERB_ALGO, "DLV woke up with status unknown"); - - if(vq->dlv_status == dlv_error) { - verbose(VERB_QUERY, "failed DLV lookup"); - return val_error(qstate, id); - } else if(vq->dlv_status == dlv_success) { - uint8_t* nm; - size_t nmlen; - /* chain continues with DNSKEY, continue in FINDKEY */ - vq->state = VAL_FINDKEY_STATE; - - /* strip off the DLV suffix from the name; could result in . */ - log_assert(dname_subdomain_c(vq->ds_rrset->rk.dname, - qstate->env->anchors->dlv_anchor->name)); - nmlen = vq->ds_rrset->rk.dname_len - - qstate->env->anchors->dlv_anchor->namelen + 1; - nm = regional_alloc_init(qstate->region, - vq->ds_rrset->rk.dname, nmlen); - if(!nm) { - log_err("Out of memory in DLVLook"); - return val_error(qstate, id); - } - nm[nmlen-1] = 0; - - vq->ds_rrset->rk.dname = nm; - vq->ds_rrset->rk.dname_len = nmlen; - - /* create a nullentry for the key so the dnskey lookup - * can be retried after a validation failure for it */ - vq->key_entry = key_entry_create_null(qstate->region, - nm, nmlen, vq->qchase.qclass, 0, 0); - if(!vq->key_entry) { - log_err("Out of memory in DLVLook"); - return val_error(qstate, id); - } - - if(!generate_request(qstate, id, vq->ds_rrset->rk.dname, - vq->ds_rrset->rk.dname_len, LDNS_RR_TYPE_DNSKEY, - vq->qchase.qclass, BIT_CD)) { - log_err("mem error generating DNSKEY request"); - return val_error(qstate, id); - } - return 0; - } else if(vq->dlv_status == dlv_there_is_no_dlv) { - /* continue with the insecure result we got */ - vq->state = VAL_FINISHED_STATE; - return 1; - } - log_assert(vq->dlv_status == dlv_ask_higher); - - /* ask higher, make sure we stay in DLV repo, below dlv_at */ - if(!dname_subdomain_c(vq->dlv_lookup_name, - qstate->env->anchors->dlv_anchor->name)) { - /* just like, there is no DLV */ - verbose(VERB_ALGO, "ask above dlv repo"); - vq->state = VAL_FINISHED_STATE; - return 1; - } - if(vq->dlv_insecure_at && !dname_subdomain_c(vq->dlv_lookup_name, - vq->dlv_insecure_at)) { - /* already checked a chain lower than dlv_lookup_name */ - verbose(VERB_ALGO, "ask above insecure endpoint"); - log_nametypeclass(VERB_ALGO, "enpt", vq->dlv_insecure_at, 0, 0); - vq->state = VAL_FINISHED_STATE; - return 1; - } - - /* check negative cache before making new request */ - if(val_neg_dlvlookup(ve->neg_cache, vq->dlv_lookup_name, - vq->dlv_lookup_name_len, vq->qchase.qclass, - qstate->env->rrset_cache, *qstate->env->now)) { - /* does not exist, go up one (go higher). */ - dname_remove_label(&vq->dlv_lookup_name, - &vq->dlv_lookup_name_len); - /* limit number of labels, limited number of recursion */ - return processDLVLookup(qstate, vq, ve, id); - } - - if(!generate_request(qstate, id, vq->dlv_lookup_name, - vq->dlv_lookup_name_len, LDNS_RR_TYPE_DLV, - vq->qchase.qclass, 0)) { - return val_error(qstate, id); - } - - return 0; -} - -/** - * Handle validator state. - * If a method returns true, the next state is started. If false, then - * processing will stop. - * @param qstate: query state. - * @param vq: validator query state. - * @param ve: validator shared global environment. - * @param id: module id. - */ -static void -val_handle(struct module_qstate* qstate, struct val_qstate* vq, - struct val_env* ve, int id) -{ - int cont = 1; - while(cont) { - verbose(VERB_ALGO, "val handle processing q with state %s", - val_state_to_string(vq->state)); - switch(vq->state) { - case VAL_INIT_STATE: - cont = processInit(qstate, vq, ve, id); - break; - case VAL_FINDKEY_STATE: - cont = processFindKey(qstate, vq, id); - break; - case VAL_VALIDATE_STATE: - cont = processValidate(qstate, vq, ve, id); - break; - case VAL_FINISHED_STATE: - cont = processFinished(qstate, vq, ve, id); - break; - case VAL_DLVLOOKUP_STATE: - cont = processDLVLookup(qstate, vq, ve, id); - break; - default: - log_warn("validator: invalid state %d", - vq->state); - cont = 0; - break; - } - } -} - -void -val_operate(struct module_qstate* qstate, enum module_ev event, int id, - struct outbound_entry* outbound) -{ - struct val_env* ve = (struct val_env*)qstate->env->modinfo[id]; - struct val_qstate* vq = (struct val_qstate*)qstate->minfo[id]; - verbose(VERB_QUERY, "validator[module %d] operate: extstate:%s " - "event:%s", id, strextstate(qstate->ext_state[id]), - strmodulevent(event)); - log_query_info(VERB_QUERY, "validator operate: query", - &qstate->qinfo); - if(vq && qstate->qinfo.qname != vq->qchase.qname) - log_query_info(VERB_QUERY, "validator operate: chased to", - &vq->qchase); - (void)outbound; - if(event == module_event_new || - (event == module_event_pass && vq == NULL)) { - - /* pass request to next module, to get it */ - verbose(VERB_ALGO, "validator: pass to next module"); - qstate->ext_state[id] = module_wait_module; - return; - } - if(event == module_event_moddone) { - /* check if validation is needed */ - verbose(VERB_ALGO, "validator: nextmodule returned"); - - if(!needs_validation(qstate, qstate->return_rcode, - qstate->return_msg)) { - /* no need to validate this */ - if(qstate->return_msg) - qstate->return_msg->rep->security = - sec_status_indeterminate; - qstate->ext_state[id] = module_finished; - return; - } - if(already_validated(qstate->return_msg)) { - qstate->ext_state[id] = module_finished; - return; - } - /* qclass ANY should have validation result from spawned - * queries. If we get here, it is bogus or an internal error */ - if(qstate->qinfo.qclass == LDNS_RR_CLASS_ANY) { - verbose(VERB_ALGO, "cannot validate classANY: bogus"); - if(qstate->return_msg) - qstate->return_msg->rep->security = - sec_status_bogus; - qstate->ext_state[id] = module_finished; - return; - } - /* create state to start validation */ - qstate->ext_state[id] = module_error; /* override this */ - if(!vq) { - vq = val_new(qstate, id); - if(!vq) { - log_err("validator: malloc failure"); - qstate->ext_state[id] = module_error; - return; - } - } else if(!vq->orig_msg) { - if(!val_new_getmsg(qstate, vq)) { - log_err("validator: malloc failure"); - qstate->ext_state[id] = module_error; - return; - } - } - val_handle(qstate, vq, ve, id); - return; - } - if(event == module_event_pass) { - qstate->ext_state[id] = module_error; /* override this */ - /* continue processing, since val_env exists */ - val_handle(qstate, vq, ve, id); - return; - } - log_err("validator: bad event %s", strmodulevent(event)); - qstate->ext_state[id] = module_error; - return; -} - -/** - * Evaluate the response to a priming request. - * - * @param dnskey_rrset: DNSKEY rrset (can be NULL if none) in prime reply. - * (this rrset is allocated in the wrong region, not the qstate). - * @param ta: trust anchor. - * @param qstate: qstate that needs key. - * @param id: module id. - * @return new key entry or NULL on allocation failure. - * The key entry will either contain a validated DNSKEY rrset, or - * represent a Null key (query failed, but validation did not), or a - * Bad key (validation failed). - */ -static struct key_entry_key* -primeResponseToKE(struct ub_packed_rrset_key* dnskey_rrset, - struct trust_anchor* ta, struct module_qstate* qstate, int id) -{ - struct val_env* ve = (struct val_env*)qstate->env->modinfo[id]; - struct key_entry_key* kkey = NULL; - enum sec_status sec = sec_status_unchecked; - char* reason = NULL; - int downprot = qstate->env->cfg->harden_algo_downgrade; - - if(!dnskey_rrset) { - log_nametypeclass(VERB_OPS, "failed to prime trust anchor -- " - "could not fetch DNSKEY rrset", - ta->name, LDNS_RR_TYPE_DNSKEY, ta->dclass); - if(qstate->env->cfg->harden_dnssec_stripped) { - errinf(qstate, "no DNSKEY rrset"); - kkey = key_entry_create_bad(qstate->region, ta->name, - ta->namelen, ta->dclass, BOGUS_KEY_TTL, - *qstate->env->now); - } else kkey = key_entry_create_null(qstate->region, ta->name, - ta->namelen, ta->dclass, NULL_KEY_TTL, - *qstate->env->now); - if(!kkey) { - log_err("out of memory: allocate fail prime key"); - return NULL; - } - return kkey; - } - /* attempt to verify with trust anchor DS and DNSKEY */ - kkey = val_verify_new_DNSKEYs_with_ta(qstate->region, qstate->env, ve, - dnskey_rrset, ta->ds_rrset, ta->dnskey_rrset, downprot, - &reason); - if(!kkey) { - log_err("out of memory: verifying prime TA"); - return NULL; - } - if(key_entry_isgood(kkey)) - sec = sec_status_secure; - else - sec = sec_status_bogus; - verbose(VERB_DETAIL, "validate keys with anchor(DS): %s", - sec_status_to_string(sec)); - - if(sec != sec_status_secure) { - log_nametypeclass(VERB_OPS, "failed to prime trust anchor -- " - "DNSKEY rrset is not secure", - ta->name, LDNS_RR_TYPE_DNSKEY, ta->dclass); - /* NOTE: in this case, we should probably reject the trust - * anchor for longer, perhaps forever. */ - if(qstate->env->cfg->harden_dnssec_stripped) { - errinf(qstate, reason); - kkey = key_entry_create_bad(qstate->region, ta->name, - ta->namelen, ta->dclass, BOGUS_KEY_TTL, - *qstate->env->now); - } else kkey = key_entry_create_null(qstate->region, ta->name, - ta->namelen, ta->dclass, NULL_KEY_TTL, - *qstate->env->now); - if(!kkey) { - log_err("out of memory: allocate null prime key"); - return NULL; - } - return kkey; - } - - log_nametypeclass(VERB_DETAIL, "Successfully primed trust anchor", - ta->name, LDNS_RR_TYPE_DNSKEY, ta->dclass); - return kkey; -} - -/** - * In inform supers, with the resulting message and rcode and the current - * keyset in the super state, validate the DS response, returning a KeyEntry. - * - * @param qstate: query state that is validating and asked for a DS. - * @param vq: validator query state - * @param id: module id. - * @param rcode: rcode result value. - * @param msg: result message (if rcode is OK). - * @param qinfo: from the sub query state, query info. - * @param ke: the key entry to return. It returns - * is_bad if the DS response fails to validate, is_null if the - * DS response indicated an end to secure space, is_good if the DS - * validated. It returns ke=NULL if the DS response indicated that the - * request wasn't a delegation point. - * @return 0 on servfail error (malloc failure). - */ -static int -ds_response_to_ke(struct module_qstate* qstate, struct val_qstate* vq, - int id, int rcode, struct dns_msg* msg, struct query_info* qinfo, - struct key_entry_key** ke) -{ - struct val_env* ve = (struct val_env*)qstate->env->modinfo[id]; - char* reason = NULL; - enum val_classification subtype; - if(rcode != LDNS_RCODE_NOERROR) { - char rc[16]; - rc[0]=0; - (void)sldns_wire2str_rcode_buf(rcode, rc, sizeof(rc)); - /* errors here pretty much break validation */ - verbose(VERB_DETAIL, "DS response was error, thus bogus"); - errinf(qstate, rc); - errinf(qstate, "no DS"); - goto return_bogus; - } - - subtype = val_classify_response(BIT_RD, qinfo, qinfo, msg->rep, 0); - if(subtype == VAL_CLASS_POSITIVE) { - struct ub_packed_rrset_key* ds; - enum sec_status sec; - ds = reply_find_answer_rrset(qinfo, msg->rep); - /* If there was no DS rrset, then we have mis-classified - * this message. */ - if(!ds) { - log_warn("internal error: POSITIVE DS response was " - "missing DS."); - errinf(qstate, "no DS record"); - goto return_bogus; - } - /* Verify only returns BOGUS or SECURE. If the rrset is - * bogus, then we are done. */ - sec = val_verify_rrset_entry(qstate->env, ve, ds, - vq->key_entry, &reason); - if(sec != sec_status_secure) { - verbose(VERB_DETAIL, "DS rrset in DS response did " - "not verify"); - errinf(qstate, reason); - goto return_bogus; - } - - /* If the DS rrset validates, we still have to make sure - * that they are usable. */ - if(!val_dsset_isusable(ds)) { - /* If they aren't usable, then we treat it like - * there was no DS. */ - *ke = key_entry_create_null(qstate->region, - qinfo->qname, qinfo->qname_len, qinfo->qclass, - ub_packed_rrset_ttl(ds), *qstate->env->now); - return (*ke) != NULL; - } - - /* Otherwise, we return the positive response. */ - log_query_info(VERB_DETAIL, "validated DS", qinfo); - *ke = key_entry_create_rrset(qstate->region, - qinfo->qname, qinfo->qname_len, qinfo->qclass, ds, - NULL, *qstate->env->now); - return (*ke) != NULL; - } else if(subtype == VAL_CLASS_NODATA || - subtype == VAL_CLASS_NAMEERROR) { - /* NODATA means that the qname exists, but that there was - * no DS. This is a pretty normal case. */ - time_t proof_ttl = 0; - enum sec_status sec; - - /* make sure there are NSECs or NSEC3s with signatures */ - if(!val_has_signed_nsecs(msg->rep, &reason)) { - verbose(VERB_ALGO, "no NSECs: %s", reason); - errinf(qstate, reason); - goto return_bogus; - } - - /* For subtype Name Error. - * attempt ANS 2.8.1.0 compatibility where it sets rcode - * to nxdomain, but really this is an Nodata/Noerror response. - * Find and prove the empty nonterminal in that case */ - - /* Try to prove absence of the DS with NSEC */ - sec = val_nsec_prove_nodata_dsreply( - qstate->env, ve, qinfo, msg->rep, vq->key_entry, - &proof_ttl, &reason); - switch(sec) { - case sec_status_secure: - verbose(VERB_DETAIL, "NSEC RRset for the " - "referral proved no DS."); - *ke = key_entry_create_null(qstate->region, - qinfo->qname, qinfo->qname_len, - qinfo->qclass, proof_ttl, - *qstate->env->now); - return (*ke) != NULL; - case sec_status_insecure: - verbose(VERB_DETAIL, "NSEC RRset for the " - "referral proved not a delegation point"); - *ke = NULL; - return 1; - case sec_status_bogus: - verbose(VERB_DETAIL, "NSEC RRset for the " - "referral did not prove no DS."); - errinf(qstate, reason); - goto return_bogus; - case sec_status_unchecked: - default: - /* NSEC proof did not work, try next */ - break; - } - - sec = nsec3_prove_nods(qstate->env, ve, - msg->rep->rrsets + msg->rep->an_numrrsets, - msg->rep->ns_numrrsets, qinfo, vq->key_entry, &reason); - switch(sec) { - case sec_status_insecure: - /* case insecure also continues to unsigned - * space. If nsec3-iter-count too high or - * optout, then treat below as unsigned */ - case sec_status_secure: - verbose(VERB_DETAIL, "NSEC3s for the " - "referral proved no DS."); - *ke = key_entry_create_null(qstate->region, - qinfo->qname, qinfo->qname_len, - qinfo->qclass, proof_ttl, - *qstate->env->now); - return (*ke) != NULL; - case sec_status_indeterminate: - verbose(VERB_DETAIL, "NSEC3s for the " - "referral proved no delegation"); - *ke = NULL; - return 1; - case sec_status_bogus: - verbose(VERB_DETAIL, "NSEC3s for the " - "referral did not prove no DS."); - errinf(qstate, reason); - goto return_bogus; - case sec_status_unchecked: - default: - /* NSEC3 proof did not work */ - break; - } - - /* Apparently, no available NSEC/NSEC3 proved NODATA, so - * this is BOGUS. */ - verbose(VERB_DETAIL, "DS %s ran out of options, so return " - "bogus", val_classification_to_string(subtype)); - errinf(qstate, "no DS but also no proof of that"); - goto return_bogus; - } else if(subtype == VAL_CLASS_CNAME || - subtype == VAL_CLASS_CNAMENOANSWER) { - /* if the CNAME matches the exact name we want and is signed - * properly, then also, we are sure that no DS exists there, - * much like a NODATA proof */ - enum sec_status sec; - struct ub_packed_rrset_key* cname; - cname = reply_find_rrset_section_an(msg->rep, qinfo->qname, - qinfo->qname_len, LDNS_RR_TYPE_CNAME, qinfo->qclass); - if(!cname) { - errinf(qstate, "validator classified CNAME but no " - "CNAME of the queried name for DS"); - goto return_bogus; - } - if(((struct packed_rrset_data*)cname->entry.data)->rrsig_count - == 0) { - if(msg->rep->an_numrrsets != 0 && ntohs(msg->rep-> - rrsets[0]->rk.type)==LDNS_RR_TYPE_DNAME) { - errinf(qstate, "DS got DNAME answer"); - } else { - errinf(qstate, "DS got unsigned CNAME answer"); - } - goto return_bogus; - } - sec = val_verify_rrset_entry(qstate->env, ve, cname, - vq->key_entry, &reason); - if(sec == sec_status_secure) { - verbose(VERB_ALGO, "CNAME validated, " - "proof that DS does not exist"); - /* and that it is not a referral point */ - *ke = NULL; - return 1; - } - errinf(qstate, "CNAME in DS response was not secure."); - errinf(qstate, reason); - goto return_bogus; - } else { - verbose(VERB_QUERY, "Encountered an unhandled type of " - "DS response, thus bogus."); - errinf(qstate, "no DS and"); - if(FLAGS_GET_RCODE(msg->rep->flags) != LDNS_RCODE_NOERROR) { - char rc[16]; - rc[0]=0; - (void)sldns_wire2str_rcode_buf((int)FLAGS_GET_RCODE( - msg->rep->flags), rc, sizeof(rc)); - errinf(qstate, rc); - } else errinf(qstate, val_classification_to_string(subtype)); - errinf(qstate, "message fails to prove that"); - goto return_bogus; - } -return_bogus: - *ke = key_entry_create_bad(qstate->region, qinfo->qname, - qinfo->qname_len, qinfo->qclass, - BOGUS_KEY_TTL, *qstate->env->now); - return (*ke) != NULL; -} - -/** - * Process DS response. Called from inform_supers. - * Because it is in inform_supers, the mesh itself is busy doing callbacks - * for a state that is to be deleted soon; don't touch the mesh; instead - * set a state in the super, as the super will be reactivated soon. - * Perform processing to determine what state to set in the super. - * - * @param qstate: query state that is validating and asked for a DS. - * @param vq: validator query state - * @param id: module id. - * @param rcode: rcode result value. - * @param msg: result message (if rcode is OK). - * @param qinfo: from the sub query state, query info. - * @param origin: the origin of msg. - */ -static void -process_ds_response(struct module_qstate* qstate, struct val_qstate* vq, - int id, int rcode, struct dns_msg* msg, struct query_info* qinfo, - struct sock_list* origin) -{ - struct key_entry_key* dske = NULL; - uint8_t* olds = vq->empty_DS_name; - vq->empty_DS_name = NULL; - if(!ds_response_to_ke(qstate, vq, id, rcode, msg, qinfo, &dske)) { - log_err("malloc failure in process_ds_response"); - vq->key_entry = NULL; /* make it error */ - vq->state = VAL_VALIDATE_STATE; - return; - } - if(dske == NULL) { - vq->empty_DS_name = regional_alloc_init(qstate->region, - qinfo->qname, qinfo->qname_len); - if(!vq->empty_DS_name) { - log_err("malloc failure in empty_DS_name"); - vq->key_entry = NULL; /* make it error */ - vq->state = VAL_VALIDATE_STATE; - return; - } - vq->empty_DS_len = qinfo->qname_len; - vq->chain_blacklist = NULL; - /* ds response indicated that we aren't on a delegation point. - * Keep the forState.state on FINDKEY. */ - } else if(key_entry_isgood(dske)) { - vq->ds_rrset = key_entry_get_rrset(dske, qstate->region); - if(!vq->ds_rrset) { - log_err("malloc failure in process DS"); - vq->key_entry = NULL; /* make it error */ - vq->state = VAL_VALIDATE_STATE; - return; - } - vq->chain_blacklist = NULL; /* fresh blacklist for next part*/ - /* Keep the forState.state on FINDKEY. */ - } else if(key_entry_isbad(dske) - && vq->restart_count < VAL_MAX_RESTART_COUNT) { - vq->empty_DS_name = olds; - val_blacklist(&vq->chain_blacklist, qstate->region, origin, 1); - qstate->errinf = NULL; - vq->restart_count++; - } else { - if(key_entry_isbad(dske)) { - errinf_origin(qstate, origin); - errinf_dname(qstate, "for DS", qinfo->qname); - } - /* NOTE: the reason for the DS to be not good (that is, - * either bad or null) should have been logged by - * dsResponseToKE. */ - vq->key_entry = dske; - /* The FINDKEY phase has ended, so move on. */ - vq->state = VAL_VALIDATE_STATE; - } -} - -/** - * Process DNSKEY response. Called from inform_supers. - * Sets the key entry in the state. - * Because it is in inform_supers, the mesh itself is busy doing callbacks - * for a state that is to be deleted soon; don't touch the mesh; instead - * set a state in the super, as the super will be reactivated soon. - * Perform processing to determine what state to set in the super. - * - * @param qstate: query state that is validating and asked for a DNSKEY. - * @param vq: validator query state - * @param id: module id. - * @param rcode: rcode result value. - * @param msg: result message (if rcode is OK). - * @param qinfo: from the sub query state, query info. - * @param origin: the origin of msg. - */ -static void -process_dnskey_response(struct module_qstate* qstate, struct val_qstate* vq, - int id, int rcode, struct dns_msg* msg, struct query_info* qinfo, - struct sock_list* origin) -{ - struct val_env* ve = (struct val_env*)qstate->env->modinfo[id]; - struct key_entry_key* old = vq->key_entry; - struct ub_packed_rrset_key* dnskey = NULL; - int downprot; - char* reason = NULL; - - if(rcode == LDNS_RCODE_NOERROR) - dnskey = reply_find_answer_rrset(qinfo, msg->rep); - - if(dnskey == NULL) { - /* bad response */ - verbose(VERB_DETAIL, "Missing DNSKEY RRset in response to " - "DNSKEY query."); - if(vq->restart_count < VAL_MAX_RESTART_COUNT) { - val_blacklist(&vq->chain_blacklist, qstate->region, - origin, 1); - qstate->errinf = NULL; - vq->restart_count++; - return; - } - vq->key_entry = key_entry_create_bad(qstate->region, - qinfo->qname, qinfo->qname_len, qinfo->qclass, - BOGUS_KEY_TTL, *qstate->env->now); - if(!vq->key_entry) { - log_err("alloc failure in missing dnskey response"); - /* key_entry is NULL for failure in Validate */ - } - errinf(qstate, "No DNSKEY record"); - errinf_origin(qstate, origin); - errinf_dname(qstate, "for key", qinfo->qname); - vq->state = VAL_VALIDATE_STATE; - return; - } - if(!vq->ds_rrset) { - log_err("internal error: no DS rrset for new DNSKEY response"); - vq->key_entry = NULL; - vq->state = VAL_VALIDATE_STATE; - return; - } - downprot = qstate->env->cfg->harden_algo_downgrade; - vq->key_entry = val_verify_new_DNSKEYs(qstate->region, qstate->env, - ve, dnskey, vq->ds_rrset, downprot, &reason); - - if(!vq->key_entry) { - log_err("out of memory in verify new DNSKEYs"); - vq->state = VAL_VALIDATE_STATE; - return; - } - /* If the key entry isBad or isNull, then we can move on to the next - * state. */ - if(!key_entry_isgood(vq->key_entry)) { - if(key_entry_isbad(vq->key_entry)) { - if(vq->restart_count < VAL_MAX_RESTART_COUNT) { - val_blacklist(&vq->chain_blacklist, - qstate->region, origin, 1); - qstate->errinf = NULL; - vq->restart_count++; - vq->key_entry = old; - return; - } - verbose(VERB_DETAIL, "Did not match a DS to a DNSKEY, " - "thus bogus."); - errinf(qstate, reason); - errinf_origin(qstate, origin); - errinf_dname(qstate, "for key", qinfo->qname); - } - vq->chain_blacklist = NULL; - vq->state = VAL_VALIDATE_STATE; - return; - } - vq->chain_blacklist = NULL; - qstate->errinf = NULL; - - /* The DNSKEY validated, so cache it as a trusted key rrset. */ - key_cache_insert(ve->kcache, vq->key_entry, qstate); - - /* If good, we stay in the FINDKEY state. */ - log_query_info(VERB_DETAIL, "validated DNSKEY", qinfo); -} - -/** - * Process prime response - * Sets the key entry in the state. - * - * @param qstate: query state that is validating and primed a trust anchor. - * @param vq: validator query state - * @param id: module id. - * @param rcode: rcode result value. - * @param msg: result message (if rcode is OK). - * @param origin: the origin of msg. - */ -static void -process_prime_response(struct module_qstate* qstate, struct val_qstate* vq, - int id, int rcode, struct dns_msg* msg, struct sock_list* origin) -{ - struct val_env* ve = (struct val_env*)qstate->env->modinfo[id]; - struct ub_packed_rrset_key* dnskey_rrset = NULL; - struct trust_anchor* ta = anchor_find(qstate->env->anchors, - vq->trust_anchor_name, vq->trust_anchor_labs, - vq->trust_anchor_len, vq->qchase.qclass); - if(!ta) { - /* trust anchor revoked, restart with less anchors */ - vq->state = VAL_INIT_STATE; - if(!vq->trust_anchor_name) - vq->state = VAL_VALIDATE_STATE; /* break a loop */ - vq->trust_anchor_name = NULL; - return; - } - /* Fetch and validate the keyEntry that corresponds to the - * current trust anchor. */ - if(rcode == LDNS_RCODE_NOERROR) { - dnskey_rrset = reply_find_rrset_section_an(msg->rep, - ta->name, ta->namelen, LDNS_RR_TYPE_DNSKEY, - ta->dclass); - } - if(ta->autr) { - if(!autr_process_prime(qstate->env, ve, ta, dnskey_rrset)) { - /* trust anchor revoked, restart with less anchors */ - vq->state = VAL_INIT_STATE; - vq->trust_anchor_name = NULL; - return; - } - } - vq->key_entry = primeResponseToKE(dnskey_rrset, ta, qstate, id); - lock_basic_unlock(&ta->lock); - if(vq->key_entry) { - if(key_entry_isbad(vq->key_entry) - && vq->restart_count < VAL_MAX_RESTART_COUNT) { - val_blacklist(&vq->chain_blacklist, qstate->region, - origin, 1); - qstate->errinf = NULL; - vq->restart_count++; - vq->key_entry = NULL; - vq->state = VAL_INIT_STATE; - return; - } - vq->chain_blacklist = NULL; - errinf_origin(qstate, origin); - errinf_dname(qstate, "for trust anchor", ta->name); - /* store the freshly primed entry in the cache */ - key_cache_insert(ve->kcache, vq->key_entry, qstate); - } - - /* If the result of the prime is a null key, skip the FINDKEY state.*/ - if(!vq->key_entry || key_entry_isnull(vq->key_entry) || - key_entry_isbad(vq->key_entry)) { - vq->state = VAL_VALIDATE_STATE; - } - /* the qstate will be reactivated after inform_super is done */ -} - -/** - * Process DLV response. Called from inform_supers. - * Because it is in inform_supers, the mesh itself is busy doing callbacks - * for a state that is to be deleted soon; don't touch the mesh; instead - * set a state in the super, as the super will be reactivated soon. - * Perform processing to determine what state to set in the super. - * - * @param qstate: query state that is validating and asked for a DLV. - * @param vq: validator query state - * @param id: module id. - * @param rcode: rcode result value. - * @param msg: result message (if rcode is OK). - * @param qinfo: from the sub query state, query info. - */ -static void -process_dlv_response(struct module_qstate* qstate, struct val_qstate* vq, - int id, int rcode, struct dns_msg* msg, struct query_info* qinfo) -{ - struct val_env* ve = (struct val_env*)qstate->env->modinfo[id]; - - verbose(VERB_ALGO, "process dlv response to super"); - if(rcode != LDNS_RCODE_NOERROR) { - /* lookup failed, set in vq to give up */ - vq->dlv_status = dlv_error; - verbose(VERB_ALGO, "response is error"); - return; - } - if(msg->rep->security != sec_status_secure) { - vq->dlv_status = dlv_error; - verbose(VERB_ALGO, "response is not secure, %s", - sec_status_to_string(msg->rep->security)); - return; - } - /* was the lookup a success? validated DLV? */ - if(FLAGS_GET_RCODE(msg->rep->flags) == LDNS_RCODE_NOERROR && - msg->rep->an_numrrsets == 1 && - msg->rep->security == sec_status_secure && - ntohs(msg->rep->rrsets[0]->rk.type) == LDNS_RR_TYPE_DLV && - ntohs(msg->rep->rrsets[0]->rk.rrset_class) == qinfo->qclass && - query_dname_compare(msg->rep->rrsets[0]->rk.dname, - vq->dlv_lookup_name) == 0) { - /* yay! it is just like a DS */ - vq->ds_rrset = (struct ub_packed_rrset_key*) - regional_alloc_init(qstate->region, - msg->rep->rrsets[0], sizeof(*vq->ds_rrset)); - if(!vq->ds_rrset) { - log_err("out of memory in process_dlv"); - return; - } - vq->ds_rrset->entry.key = vq->ds_rrset; - vq->ds_rrset->rk.dname = (uint8_t*)regional_alloc_init( - qstate->region, vq->ds_rrset->rk.dname, - vq->ds_rrset->rk.dname_len); - if(!vq->ds_rrset->rk.dname) { - log_err("out of memory in process_dlv"); - vq->dlv_status = dlv_error; - return; - } - vq->ds_rrset->entry.data = regional_alloc_init(qstate->region, - vq->ds_rrset->entry.data, - packed_rrset_sizeof(vq->ds_rrset->entry.data)); - if(!vq->ds_rrset->entry.data) { - log_err("out of memory in process_dlv"); - vq->dlv_status = dlv_error; - return; - } - packed_rrset_ptr_fixup(vq->ds_rrset->entry.data); - /* make vq do a DNSKEY query next up */ - vq->dlv_status = dlv_success; - return; - } - /* store NSECs into negative cache */ - val_neg_addreply(ve->neg_cache, msg->rep); - - /* was the lookup a failure? - * if we have to go up into the DLV for a higher DLV anchor - * then set this in the vq, so it can make queries when activated. - * See if the NSECs indicate that we should look for higher DLV - * or, that there is no DLV securely */ - if(!val_nsec_check_dlv(qinfo, msg->rep, &vq->dlv_lookup_name, - &vq->dlv_lookup_name_len)) { - vq->dlv_status = dlv_error; - verbose(VERB_ALGO, "nsec error"); - return; - } - if(!dname_subdomain_c(vq->dlv_lookup_name, - qstate->env->anchors->dlv_anchor->name)) { - vq->dlv_status = dlv_there_is_no_dlv; - return; - } - vq->dlv_status = dlv_ask_higher; -} - -/* - * inform validator super. - * - * @param qstate: query state that finished. - * @param id: module id. - * @param super: the qstate to inform. - */ -void -val_inform_super(struct module_qstate* qstate, int id, - struct module_qstate* super) -{ - struct val_qstate* vq = (struct val_qstate*)super->minfo[id]; - log_query_info(VERB_ALGO, "validator: inform_super, sub is", - &qstate->qinfo); - log_query_info(VERB_ALGO, "super is", &super->qinfo); - if(!vq) { - verbose(VERB_ALGO, "super: has no validator state"); - return; - } - if(vq->wait_prime_ta) { - vq->wait_prime_ta = 0; - process_prime_response(super, vq, id, qstate->return_rcode, - qstate->return_msg, qstate->reply_origin); - return; - } - if(qstate->qinfo.qtype == LDNS_RR_TYPE_DS) { - process_ds_response(super, vq, id, qstate->return_rcode, - qstate->return_msg, &qstate->qinfo, - qstate->reply_origin); - return; - } else if(qstate->qinfo.qtype == LDNS_RR_TYPE_DNSKEY) { - process_dnskey_response(super, vq, id, qstate->return_rcode, - qstate->return_msg, &qstate->qinfo, - qstate->reply_origin); - return; - } else if(qstate->qinfo.qtype == LDNS_RR_TYPE_DLV) { - process_dlv_response(super, vq, id, qstate->return_rcode, - qstate->return_msg, &qstate->qinfo); - return; - } - log_err("internal error in validator: no inform_supers possible"); -} - -void -val_clear(struct module_qstate* qstate, int id) -{ - if(!qstate) - return; - /* everything is allocated in the region, so assign NULL */ - qstate->minfo[id] = NULL; -} - -size_t -val_get_mem(struct module_env* env, int id) -{ - struct val_env* ve = (struct val_env*)env->modinfo[id]; - if(!ve) - return 0; - return sizeof(*ve) + key_cache_get_mem(ve->kcache) + - val_neg_get_mem(ve->neg_cache) + - sizeof(size_t)*2*ve->nsec3_keyiter_count; -} - -/** - * The validator function block - */ -static struct module_func_block val_block = { - "validator", - &val_init, &val_deinit, &val_operate, &val_inform_super, &val_clear, - &val_get_mem -}; - -struct module_func_block* -val_get_funcblock(void) -{ - return &val_block; -} - -const char* -val_state_to_string(enum val_state state) -{ - switch(state) { - case VAL_INIT_STATE: return "VAL_INIT_STATE"; - case VAL_FINDKEY_STATE: return "VAL_FINDKEY_STATE"; - case VAL_VALIDATE_STATE: return "VAL_VALIDATE_STATE"; - case VAL_FINISHED_STATE: return "VAL_FINISHED_STATE"; - case VAL_DLVLOOKUP_STATE: return "VAL_DLVLOOKUP_STATE"; - } - return "UNKNOWN VALIDATOR STATE"; -} - diff --git a/external/unbound/validator/validator.h b/external/unbound/validator/validator.h deleted file mode 100644 index 23d307242..000000000 --- a/external/unbound/validator/validator.h +++ /dev/null @@ -1,294 +0,0 @@ -/* - * validator/validator.h - secure validator DNS query response module - * - * Copyright (c) 2007, NLnet Labs. All rights reserved. - * - * This software is open source. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * Redistributions of source code must retain the above copyright notice, - * this list of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, - * this list of conditions and the following disclaimer in the documentation - * and/or other materials provided with the distribution. - * - * Neither the name of the NLNET LABS nor the names of its contributors may - * be used to endorse or promote products derived from this software without - * specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR - * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT - * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED - * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR - * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF - * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING - * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -/** - * \file - * - * This file contains a module that performs validation of DNS queries. - * According to RFC 4034. - */ - -#ifndef VALIDATOR_VALIDATOR_H -#define VALIDATOR_VALIDATOR_H -#include "util/module.h" -#include "util/data/msgreply.h" -#include "validator/val_utils.h" -struct val_anchors; -struct key_cache; -struct key_entry_key; -struct val_neg_cache; -struct config_strlist; - -/** - * This is the TTL to use when a trust anchor fails to prime. A trust anchor - * will be primed no more often than this interval. Used when harden- - * dnssec-stripped is off and the trust anchor fails. - */ -#define NULL_KEY_TTL 60 /* seconds */ - -/** - * TTL for bogus key entries. When a DS or DNSKEY fails in the chain of - * trust the entire zone for that name is blacked out for this TTL. - */ -#define BOGUS_KEY_TTL 60 /* seconds */ - -/** max number of query restarts, number of IPs to probe */ -#define VAL_MAX_RESTART_COUNT 5 - -/** - * Global state for the validator. - */ -struct val_env { - /** key cache; these are validated keys. trusted keys only - * end up here after being primed. */ - struct key_cache* kcache; - - /** aggressive negative cache. index into NSECs in rrset cache. */ - struct val_neg_cache* neg_cache; - - /** for debug testing a fixed validation date can be entered. - * if 0, current time is used for rrsig validation */ - int32_t date_override; - - /** clock skew min for signatures */ - int32_t skew_min; - - /** clock skew max for signatures */ - int32_t skew_max; - - /** TTL for bogus data; used instead of untrusted TTL from data. - * Bogus data will not be verified more often than this interval. - * seconds. */ - uint32_t bogus_ttl; - - /** If set, the validator should clean the additional section of - * secure messages. - */ - int clean_additional; - - /** - * If set, the validator will not make messages bogus, instead - * indeterminate is issued, so that no clients receive SERVFAIL. - * This allows an operator to run validation 'shadow' without - * hurting responses to clients. - */ - int permissive_mode; - - /** - * Number of entries in the NSEC3 maximum iteration count table. - * Keep this table short, and sorted by size - */ - int nsec3_keyiter_count; - - /** - * NSEC3 maximum iteration count per signing key size. - * This array contains key size values (in increasing order) - */ - size_t* nsec3_keysize; - - /** - * NSEC3 maximum iteration count per signing key size. - * This array contains the maximum iteration count for the keysize - * in the keysize array. - */ - size_t* nsec3_maxiter; - - /** lock on bogus counter */ - lock_basic_type bogus_lock; - /** number of times rrsets marked bogus */ - size_t num_rrset_bogus; -}; - -/** - * State of the validator for a query. - */ -enum val_state { - /** initial state for validation */ - VAL_INIT_STATE = 0, - /** find the proper keys for validation, follow trust chain */ - VAL_FINDKEY_STATE, - /** validate the answer, using found key entry */ - VAL_VALIDATE_STATE, - /** finish up */ - VAL_FINISHED_STATE, - /** DLV lookup state, processing DLV queries */ - VAL_DLVLOOKUP_STATE -}; - -/** - * Per query state for the validator module. - */ -struct val_qstate { - /** - * State of the validator module. - */ - enum val_state state; - - /** - * The original message we have been given to validate. - */ - struct dns_msg* orig_msg; - - /** - * The query restart count - */ - int restart_count; - /** The blacklist saved for chainoftrust elements */ - struct sock_list* chain_blacklist; - - /** - * The query name we have chased to; qname after following CNAMEs - */ - struct query_info qchase; - - /** - * The chased reply, extract from original message. Can be: - * o CNAME - * o DNAME + CNAME - * o answer - * plus authority, additional (nsecs) that have same signature. - */ - struct reply_info* chase_reply; - - /** - * The cname skip value; the number of rrsets that have been skipped - * due to chasing cnames. This is the offset into the - * orig_msg->rep->rrsets array, into the answer section. - * starts at 0 - for the full original message. - * if it is >0 - qchase followed the cname, chase_reply setup to be - * that message and relevant authority rrsets. - * - * The skip is also used for referral messages, where it will - * range from 0, over the answer, authority and additional sections. - */ - size_t rrset_skip; - - /** trust anchor name */ - uint8_t* trust_anchor_name; - /** trust anchor labels */ - int trust_anchor_labs; - /** trust anchor length */ - size_t trust_anchor_len; - - /** the DS rrset */ - struct ub_packed_rrset_key* ds_rrset; - - /** domain name for empty nonterminal detection */ - uint8_t* empty_DS_name; - /** length of empty_DS_name */ - size_t empty_DS_len; - - /** the current key entry */ - struct key_entry_key* key_entry; - - /** subtype */ - enum val_classification subtype; - - /** signer name */ - uint8_t* signer_name; - /** length of signer_name */ - size_t signer_len; - - /** true if this state is waiting to prime a trust anchor */ - int wait_prime_ta; - - /** have we already checked the DLV? */ - int dlv_checked; - /** The name for which the DLV is looked up. For the current message - * or for the current RRset (for CNAME, REFERRAL types). - * If there is signer name, that may be it, else a domain name */ - uint8_t* dlv_lookup_name; - /** length of dlv lookup name */ - size_t dlv_lookup_name_len; - /** Name at which chain of trust stopped with insecure, starting DLV - * DLV must result in chain going further down */ - uint8_t* dlv_insecure_at; - /** length of dlv insecure point name */ - size_t dlv_insecure_at_len; - /** status of DLV lookup. Indication to VAL_DLV_STATE what to do */ - enum dlv_status { - dlv_error, /* server failure */ - dlv_success, /* got a DLV */ - dlv_ask_higher, /* ask again */ - dlv_there_is_no_dlv /* got no DLV, sure of it */ - } dlv_status; -}; - -/** - * Get the validator function block. - * @return: function block with function pointers to validator methods. - */ -struct module_func_block* val_get_funcblock(void); - -/** - * Get validator state as a string - * @param state: to convert - * @return constant string that is printable. - */ -const char* val_state_to_string(enum val_state state); - -/** validator init */ -int val_init(struct module_env* env, int id); - -/** validator deinit */ -void val_deinit(struct module_env* env, int id); - -/** validator operate on a query */ -void val_operate(struct module_qstate* qstate, enum module_ev event, int id, - struct outbound_entry* outbound); - -/** - * inform validator super. - * - * @param qstate: query state that finished. - * @param id: module id. - * @param super: the qstate to inform. - */ -void val_inform_super(struct module_qstate* qstate, int id, - struct module_qstate* super); - -/** validator cleanup query state */ -void val_clear(struct module_qstate* qstate, int id); - -/** - * Debug helper routine that assists worker in determining memory in - * use. - * @param env: module environment - * @param id: module id. - * @return memory in use in bytes. - */ -size_t val_get_mem(struct module_env* env, int id); - -#endif /* VALIDATOR_VALIDATOR_H */ diff --git a/external/unbound/winrc/README.txt b/external/unbound/winrc/README.txt deleted file mode 100644 index d36fff14c..000000000 --- a/external/unbound/winrc/README.txt +++ /dev/null @@ -1,100 +0,0 @@ -README for Unbound on Windows. - -(C) 2009, W.C.A. Wijngaards, NLnet Labs. - -See LICENSE for the license text file. - - -+++ Introduction - -Unbound is a recursive DNS server. It does caching, full recursion, stub -recursion, DNSSEC validation, NSEC3, IPv6. More information can be found -at the http://unbound.net site. Unbound has been built and tested on -Windows XP, Vista, 7 and 8. - -At http://unbound.net/documentation is an install and configuration manual -for windows. - -email: unbound-bugs@nlnetlabs.nl - - -+++ How to use it - -In ControlPanels\SystemTasks\Services you can start/stop the daemon. -In ControlPanels\SystemTasks\Logbooks you can see log entries (unless you -configured unbound to log to file). - -By default the daemon provides service only to localhost. See the manual -on how to change that (you need to edit the config file). - -To change options, edit the service.conf file. The example.conf file -contains information on the various configuration options. The config -file is the same as on Unix. The options log-time-ascii, chroot, username -and pidfile are not supported on windows. - - -+++ How to compile - -Unbound is open source under the BSD license. You can compile it yourself. - -1. Install MinGW and MSYS. http://www.mingw.org -This is a free, open source, compiler and build environment. -Note, if your username contains a space, create a directory -C:\msys\...\home\user to work in (click on MSYS; type: mkdir /home/user ). - -2. Install openssl, or compile it yourself. http://www.openssl.org -Unbounds need the header files and libraries. Static linking makes -things easier. This is an open source library for cryptographic functions. -And libexpat is needed. - -3. Compile Unbound -Get the source code tarball http://unbound.net -Move it into the C:\msys\...\home\user directory. -Double click on the MSYS icon and give these commands -$ cd /home/user -$ tar xzvf unbound-xxx.tar.gz -$ cd unbound-xxx -$ ./configure --enable-static-exe -If you compiled openssl yourself, pass --with-ssl=../openssl-xxx too. -If you compiled libexpat yourself, pass --with-libexpat=../expat-install too. -The configure options for libevent or threads are not applicable for -windows, because builtin alternatives for the windows platform are used. -$ make -And you have unbound.exe - -If you run unbound-service-install.exe (double click in the explorer), -unbound is installed as a service in the controlpanels\systemtasks\services, -from the current directory. unbound-service-remove.exe uninstalls the service. - -Unbound and its utilities also work from the commandline (like on unix) if -you prefer. - - -+++ Cross compile - -You can crosscompile unbound. This results in .exe files. -Install the packages: mingw32-binutils mingw32-cpp mingw32-filesystem -mingw32-gcc mingw32-openssl mingw32-openssl-static mingw32-runtime zip -mingw32-termcap mingw32-w32api mingw32-zlib mingw32-zlib-static mingw32-nsis -(package names for fedora 11). - -For dynamic linked executables -$ mingw32-configure -$ make -$ mkdir /home/user/installdir -$ make install DESTDIR=/home/user/installdir -Find the dlls and exes in /home/user/installdir and -crypto in /usr/i686-pc-mingw32/sys-root/mingw/bin - -For static linked executables -Use --enable-staticexe for mingw32-configure, see above. Or use makedist.sh, -copy System.dll from the windows dist of NSIS to /usr/share/nsis/Plugins/ -Then do ./makedist.sh -w and the setup.exe is created using nsis. - - -+++ CREDITS - -Unbound was written in portable C by Wouter Wijngaards (NLnet Labs). -See the CREDITS file in the source package for more contributor information. -Email unbound-bugs@nlnetlabs.nl - diff --git a/external/unbound/winrc/anchor-update.c b/external/unbound/winrc/anchor-update.c deleted file mode 100644 index 13d44fda6..000000000 --- a/external/unbound/winrc/anchor-update.c +++ /dev/null @@ -1,152 +0,0 @@ -/* - * winrc/anchor-update.c - windows trust anchor update util - * - * Copyright (c) 2009, NLnet Labs. All rights reserved. - * - * This software is open source. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * Redistributions of source code must retain the above copyright notice, - * this list of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, - * this list of conditions and the following disclaimer in the documentation - * and/or other materials provided with the distribution. - * - * Neither the name of the NLNET LABS nor the names of its contributors may - * be used to endorse or promote products derived from this software without - * specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR - * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT - * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED - * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR - * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF - * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING - * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -/** - * \file - * - * This file is made because contrib/update-anchor.sh does not work on - * windows (no shell). - */ -#include "config.h" -#include "libunbound/unbound.h" -#include "sldns/rrdef.h" -#include "sldns/pkthdr.h" -#include "sldns/wire2str.h" - -/** usage */ -static void -usage(void) -{ - printf("usage: { name-of-domain filename }+ \n"); - printf("exit codes: 0 anchors updated, 1 no changes, 2 errors.\n"); - exit(1); -} - -/** fatal exit */ -static void fatal(const char* str) -{ - printf("fatal error: %s\n", str); - exit(2); -} - -/** lookup data */ -static struct ub_result* -do_lookup(struct ub_ctx* ctx, char* domain) -{ - struct ub_result* result = NULL; - int r; - r = ub_resolve(ctx, domain, LDNS_RR_TYPE_DNSKEY, LDNS_RR_CLASS_IN, - &result); - if(r) { - printf("failed to lookup %s\n", ub_strerror(r)); - fatal("ub_resolve failed"); - } - if(!result->havedata && (result->rcode == LDNS_RCODE_SERVFAIL || - result->rcode == LDNS_RCODE_REFUSED)) - return NULL; /* probably no internet connection */ - if(!result->havedata) fatal("result has no data"); - if(!result->secure) fatal("result is not secure"); - return result; -} - -/** print result to file */ -static void -do_print(struct ub_result* result, char* file) -{ - FILE* out = fopen(file, "w"); - char s[65535], t[32]; - int i; - if(!out) { - perror(file); - fatal("fopen failed"); - } - i = 0; - if(result->havedata) - while(result->data[i]) { - sldns_wire2str_rdata_buf((uint8_t*)result->data[i], - (size_t)result->len[i], s, sizeof(s), - (uint16_t)result->qtype); - sldns_wire2str_type_buf((uint16_t)result->qtype, t, sizeof(t)); - fprintf(out, "%s\t%s\t%s\n", result->qname, t, s); - i++; - } - fclose(out); -} - -/** update domain to file */ -static int -do_update(char* domain, char* file) -{ - struct ub_ctx* ctx; - struct ub_result* result; - int r; - printf("updating %s to %s\n", domain, file); - ctx = ub_ctx_create(); - if(!ctx) fatal("ub_ctx_create failed"); - - if((r=ub_ctx_add_ta_file(ctx, file))) { - printf("%s\n", ub_strerror(r)); - fatal("ub_ctx_add_ta_file failed"); - } - - if(!(result=do_lookup(ctx, domain))) { - ub_ctx_delete(ctx); - return 1; - } - ub_ctx_delete(ctx); - do_print(result, file); - ub_resolve_free(result); - return 0; -} - -/** anchor update main */ -int main(int argc, char** argv) -{ - int retcode = 1; - if(argc == 1) { - usage(); - } - argc--; - argv++; - while(argc > 0) { - int r = do_update(argv[0], argv[1]); - if(r == 0) retcode = 0; - - /* next */ - argc-=2; - argv+=2; - } - return retcode; -} diff --git a/external/unbound/winrc/combined.ico b/external/unbound/winrc/combined.ico deleted file mode 100644 index aa65d11e2e6f1bc7b94fb338204b08f6de018186..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 10534 zcmeHN2~?BU@}IDVC1Fz_VUZ=RqPQSRKtaU>6^d3AEmDLcs1ZaZ(6Uq!fmYl_WvK{K zwJt0dQ46@l55x@&qOqU_W8A>jU0-Xh5d6;)iq3St+0WbjoY;3yPzo-E$!oFd{0LPiImklse17O^^uJ!;^fKFq80f;fA zarmR0Zmj>p_<%73^omdb@{43 zaoMSAqxqAiX$jTU=Xh8BYPVTh9w<2_wKS5}54;*At+teQ&EoI>rTt`szj63`?I$KS zUQxH7)HS{Yef@vsNgVOA^!5lTU8rH;FC36MiRex%^9d zI-K-2_P5;P{hgt_rJ0HC5yEjCq4ze!yK+fPRl1#%zR>fecLwZ;k}IRDS2tZ(7Yg00 z*?S}kY=1YV5XRIB4Rt?83*?fpEg9fE#%;?uwHA7o3RxeaU<`A`7Ei;$N^G|@71VA_ zPv2SV?Q};qNy(h+%=BT2mRp>4={d<;B=f~1HpktU8nUA#bO+Va?0$Y(LG>_Lrli~Q zD4U0?TNbGgyRH(5?zqle*>pMi`m44w3792H&I)%2k!adAmYHI$_ zj`%=*BVm>*b%ERsL9ni;Ej{fNYbl;L!gWuvnF#Y;Q-q)j&hT8EpE^hmU!Upr@MyI=We4Y4Iy$Y|h6uD#Gz) zpsP0*a&n4sO=3`I0$BI^1>cL&)-P~Q0U(OVf`EW_Ffu5I*qD8ozdCXLN_c^O(AFM> z7!8!Q7oI!o=ZGn2uLa|P_|;(?{N1bltc@l5N0XMg;OxP_RXF9FZ~ zCg|(tgRWK>e4RwlcbTB3?g%?}998A(PW1mvj9Vr8wiDMui7}_eOhf-F(Wm#&S3|(S zs2=Bd1$~f?>spF7>LK3?j9)tb=L1vQ5BfVihSbyw;Fzz6r@uXeox9FJ-MMRE+V=?P z>#c!NZfihSXBCE09{T7dVpf8VeiA6rXB~KcbfCZ0)xA;2BCxPZ1s9iPxK}o!y?M~T z|8$IxdW=yC2*&@3^PYx!Lt*ADI)?gyso7P~(oTV2@7~3GLL;u-pXk2?Ff+XbEcPzs z`D>#7?~{NRNl^kS_yaBFod`W0%HvVN9|#aGLcu2o@IFvHRYUFY36xV?K8#-;dFW`_ z0ri9C)S~w^1k0=6?K2)grHyEbiJctnLuI|IA+jpetY=^Fx0LxOJK3wB51m|i@?8%F zhlTaz##T6W{K7f*4|4_{yTGJwzCA3zDW@p@^tZaue~}ZZ;|~|GqY7q^-hPnkFXRa* z^sKRQWENs?Tuw8%`i7sk#cPq^CN*o6f<1erM(W`MKGe;~%@j|-yT0-UMeS&^?w2&O z;thY6kfPS;xRX*2d-h!mjhWmu>buBbo*>IBm=gLNy>pduckUDCZhoN`wT8Lp>CyS0}?ob|i-1&gTTx=V~^ES?6#lW*z8m8^4lvbM-_2h|v%5^ayn zgPot$7NmCZe@o4B)lIiu1@+TxlOGI;{q0f7muEg_U7CKUI7#D)^WaI7mTBn+&6dVY zR`JWJAMb2`u;ejJvt9i7NcksEucXZLU02yK|0<)xe%PdigPrwJ^uXMQ7YkMVH>oCW z-`$eO`T4f>wh5tk2YHMTR6#nu13Mkf!9#)4LBW(GtK2DmMD&Oud&{4WEm>CbXk*N& zzS~+JUJRf`pPbNTj0)0xb)UuEdq<`gMt|?m+0=TckJZ{r=XohtPVKhQCK*)}@AoWY z+|{q>CY5Ho_Kep0plcx)wzl38i7anFow@%>Nyp;+wakR zS)~EZ-8z2x_vKdm_G`^c8GGuN26Z25z&m^YJhdX%(J$rEy!#?c^#q#-r5+y7=B%wK zdGuTC(@%5TeiVfEkWUSu0?Sx)_WhxyHPq(&2c=8KJw6+4cdu6ezF*&`{YFndO3^vv zZ5lvnwmoDOkC}6VddKZ<7Eu{CK=j+vedeqjBlu zKmC0BC8{kqwIE0={w1ensNvC`dz0c(f~+kR?;jaXPG4;m%btuiY@(Vj;Jyr6J9_8t zbKJH=6z<-)h{qEMy=rh#s5I_x%PQgq`A{Z>lSj{)GLzl%Z114ubvV+4B6*mNGS^TM zU!VJF=svr$MvAJlX<@H!=(jWHfX%K%%p8Iq019`u3Ds!1{ipG+35M2G*aV7<+SKy% z0>!i4dAn9nUYIL-kRUQMoJuoX(C0|0(ePPR*p|&d28`PJEGK6-=RimyRfCD82UQ6s zP)&vky>id=RePu~AVYKko~H7iF#lDNTnx)C8JcfEkZs{`%N<+|*g`xRWQyj^wv3RSf#%LHa5+;q~h@KgJ|)5!LAa zl@p(OCy!T!QjG_52R5|Wq}Qu8QlV8ezi}`gda6xjJmJk=!2~Rz+)UP3vp$Vm{Y#&5 zYX9h|Tj&+;_0~p2GX(-+f42?X(Q#v9&VBrA;5(s3YwAG)N*G3^Z6CP$xz*1f|Efu4 z_ZaP^QFW6#x^&=})mA9|1K4q$rY~i$9&`9y2(tG$gL)B8;nGasj_ffDLVo?MYn^&! z>+Z~=BJ`{Vj#Y<`5b%Pg!T6M(4`1z9Yk?S+lS{O~D$r4r`j7c<;Y}?L~N3k3?GrgO$}!i2YGji@tcF zgg;+&z#mvo>FTAwt~-@j1H4^(vh;W3{eK(QBlE!4<|@{9>#=rd$GJ}g2Zwto*B7d* zFM^fjN!0I-HNq~qa8Zu+$tbK%>*2{io`XX1D}L8I36GvU!QjBzR+PUH>#d)0ydA#zrVQ=a zfpzW~T*vRg-(L>f3ywnHK6|jPu7wx)%~V6f75@0+1%5ji3-0a(IJXG&Z64|xfxZmJ zHQj`D;%OK$BIk9Dsi%jr^{UQfv5u%}&6xp*RQ09~`n3b={&w^$gW(SL_CH{KD1t>% z*;uPOV2sYj8aWJOI1<-Vf-*5S(btBC`%&jioL?#2`31k(8tek5?qZCWDCAv=Hf6)o zrTbvx#@!G;|1!ozDfs$sMxJCG_Xn22A^Z*?hL8K7L3<^*KMtvCQzh2_YyrW5@2D`T;?j`a=HIP&tDCfRW7Kh$&_#2{PzU7T9cp=&V;!AJ-jQ|I8r7S zOD2%bu771AI+yfn9G}%(Gg&gbNh+D5yE)y>48vlnAnk5t^Oku`o&3;j|8M>xGGs=CU$t>)z}SVr3HT zWVT;!LVUs)ziROg(%hSXH1|wGruH(z70Jo@_51yJwvA5ld-c{w6Z!jGA!t8| zN9b7P)`%*}R((xRkH(mo4Ypa;GGbNJT*^gfi@1cv3KnsjsOS3f@v_)Tln&F5*esI4gbLqfEg$_X67_3z}(Td z*vV5olN<_>yOJPOt#|w2r`_PT0LN}T*EOVUq~ypx<}?}((*gzaT@uy`+sw@!(EuId z-mFsXnGl0^2dGq|@Zy+mJUMhSMRG*2vkQ*+*3`JY1M~CS%mdOlIEbCe6m4;~YSvwL z)0V{?j9=A_XBm^Nrvn8l^=QE~iV7U-c_Kew7|y=xOK@R=R$s4n^5TF*`(V@&zkmFTbF9vMfC>y_JQ4a zH_}%+$i-fTM-LiOabIYf6iq|}5I-=<;gq8zN}|!|(G7FF^IV#|T4mc;yuvq=vz($c zXH19E`dh_fF(b6dEYu-BhsNjUoN_6mu?R+&Ioa}-v)9`PE>?S!TI3{J8h*wp?-Rr? zCe~!8*df=>rOE6>4vo*>ve#ivTN}NYF>`QF4tb^8byT+mInkEdIvsR6hjCd>`ViJ!W*Pf!LEo0motWapy zh1w0o6+{D!^c=2dv***Q(@0H(JjK%DH5gyyL`Q0i8>+ZC(f?+kzn6ZLNd<>fQc|bu zv{q;?ypaEWeP~pmy;uhw-r{a8BF(NnQdbC3(_BD4A; zE{Uk=EuD_9*&&lU4a}h>*f1+*Btb9nD*W=8h*;B}WpAvmBFEC?Muad=Xn=!ZBfN z!VU61;d#t2<(C~QAF+$8Ru_8Xvbp2Wo^_kZ4x)Y9FDc&1Y2{u|wx-sSv8T89b|B)x z$0fo1vKot&@grnSem6K~Cyb<+xs635#mRnIxgL9qTns`LOQz3|5P9jl0o-K|cJoOk z(XNi=aOzS&%SQKA4$mYL{D*wwSyZGK8yXi^XX=I7*tK^&Uu4njMtnG-E}S~b|K`os zXyWE-QAxi1nqd+ed#NHWE>3YwzwRt4@BLm^#y$CM=`vXp=NrvE0|duGMywBUMOJ0T zGJD2S1)@z%6k1h`Da5LGd@!yd1`J0tZm_98)6md|7&mi+N-N2f))}V9q7)`kQG<^a z()!=GpUVy6E|!^2&WMKSy*q4ln=T^W*#0vd)2sKP>x!0D!6YxlB#s6C~Of0#tqg~rB3 zjSa+;==c-git;S4z46; z#nM3u@$t*g{eW<8d0Nn`(xdB9$}N>wW*&BHE`8@dOm98Hawbz{(!}uigrs_oKgirM zL_d)D2q$i$WnJ(^X0eJRvXQ+`vUh*c!I}rG+w-dSc_<*K9If(IZVU76FhR4qwxs; zcZ?_Gqz&2Lr0X3XjtQoY*51o?{hyhFXSbp#F+7}CAFHqzpCzOJ8S{H%uH|Hc!ZXps aBdK0bF+)6sU{&#N5Pezw5B>l3z<&WINN^JX diff --git a/external/unbound/winrc/gen_msg.bin b/external/unbound/winrc/gen_msg.bin deleted file mode 100644 index 6e560057c26813430527e8906f6388206e0c7e82..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 116 zcmZQ!U|?WmU{nBM6Cj(3fiVGuU4U$62F3*-90FvsFfcv<;S?ZS0H{Ni!H|KMfeXkZ Goeu!`+XqPi diff --git a/external/unbound/winrc/gen_msg.mc b/external/unbound/winrc/gen_msg.mc deleted file mode 100644 index bde32176e..000000000 --- a/external/unbound/winrc/gen_msg.mc +++ /dev/null @@ -1,44 +0,0 @@ -; for Unbound -; severity default Success Informational Warning Error - -; .bin file created with: -; "/c/Program Files/Microsoft SDKs/Windows/v6.1/Bin/mc" -c gen_msg.mc -; mv MSG00001.bin gen_msg.bin -; rm gen_msg.h -; and pasted contents of gen_msg.rc into rsrc_unbound.rc - -FacilityNames=(Server=0x1) -MessageIdTypeDef=DWORD - -MessageID=0x1 -Severity=Success -Facility=Server -SymbolicName=MSG_GENERIC_SUCCESS -Language=English -%1 -. - -MessageID=0x2 -Severity=Informational -Facility=Server -SymbolicName=MSG_GENERIC_INFO -Language=English -%1 -. - -MessageID=0x3 -Severity=Warning -Facility=Server -SymbolicName=MSG_GENERIC_WARN -Language=English -%1 -. - -MessageID=0x4 -Severity=Error -Facility=Server -SymbolicName=MSG_GENERIC_ERR -Language=English -%1 -. - diff --git a/external/unbound/winrc/rsrc_anchorupd.rc b/external/unbound/winrc/rsrc_anchorupd.rc deleted file mode 100644 index 2419bfad5..000000000 --- a/external/unbound/winrc/rsrc_anchorupd.rc +++ /dev/null @@ -1,40 +0,0 @@ -/* - Unbound resource file for windows. For use with windres -*/ -#include "winver.h" -#include "config.h" - -1 ICON "winrc/combined.ico" - -1 VERSIONINFO -FILEVERSION RSRC_PACKAGE_VERSION -PRODUCTVERSION RSRC_PACKAGE_VERSION -FILEFLAGSMASK 0 -FILEFLAGS 0 -FILEOS VOS__WINDOWS32 -FILETYPE VFT_APP -FILESUBTYPE 0 -BEGIN - BLOCK "StringFileInfo" - BEGIN - BLOCK "040904E4" - BEGIN - VALUE "CompanyName", "NLnet Labs" - VALUE "FileDescription", "Unbound trust anchor tool" - VALUE "FileVersion", PACKAGE_VERSION - VALUE "InternalName", "anchor-update" - VALUE "OriginalFilename", "anchor-update.exe" - VALUE "ProductName", "unbound" - VALUE "ProductVersion", PACKAGE_VERSION - VALUE "LegalCopyright", "(C) 2009 NLnet Labs. Source is BSD licensed." - END - END - BLOCK "VarFileInfo" - BEGIN - /* English(409), windows ANSI codepage (1252) */ - VALUE "Translation", 0x409, 0x1252 - END -END - -/* vista administrator access, show UAC prompt */ -1 RT_MANIFEST "winrc/vista_user.manifest" diff --git a/external/unbound/winrc/rsrc_svcinst.rc b/external/unbound/winrc/rsrc_svcinst.rc deleted file mode 100644 index cb325f4c4..000000000 --- a/external/unbound/winrc/rsrc_svcinst.rc +++ /dev/null @@ -1,45 +0,0 @@ -/* - Unbound resource file for windows. For use with windres -*/ -#include "winver.h" -#include "config.h" - -1 ICON "winrc/combined.ico" - -1 VERSIONINFO -FILEVERSION RSRC_PACKAGE_VERSION -PRODUCTVERSION RSRC_PACKAGE_VERSION -FILEFLAGSMASK 0 -FILEFLAGS 0 -FILEOS VOS__WINDOWS32 -FILETYPE VFT_APP -FILESUBTYPE 0 -BEGIN - BLOCK "StringFileInfo" - BEGIN - BLOCK "040904E4" - BEGIN - VALUE "CompanyName", "NLnet Labs" - VALUE "FileDescription", "Unbound Service Install Util" - VALUE "FileVersion", PACKAGE_VERSION - VALUE "InternalName", "unbound-service-install" - VALUE "OriginalFilename", "unbound-service-install.exe" - VALUE "ProductName", "unbound" - VALUE "ProductVersion", PACKAGE_VERSION - VALUE "LegalCopyright", "(C) 2009 NLnet Labs. Source is BSD licensed." - END - END - BLOCK "VarFileInfo" - BEGIN - /* English(409), windows ANSI codepage (1252) */ - VALUE "Translation", 0x409, 0x1252 - END -END - -/* error message formats */ -LANGUAGE 0x9,0x1 -1 11 "winrc/gen_msg.bin" - -/* vista administrator access, show UAC prompt */ -1 RT_MANIFEST "winrc/vista_admin.manifest" - diff --git a/external/unbound/winrc/rsrc_svcuninst.rc b/external/unbound/winrc/rsrc_svcuninst.rc deleted file mode 100644 index ecff8dcd3..000000000 --- a/external/unbound/winrc/rsrc_svcuninst.rc +++ /dev/null @@ -1,45 +0,0 @@ -/* - Unbound resource file for windows. For use with windres -*/ -#include "winver.h" -#include "config.h" - -1 ICON "winrc/combined.ico" - -1 VERSIONINFO -FILEVERSION RSRC_PACKAGE_VERSION -PRODUCTVERSION RSRC_PACKAGE_VERSION -FILEFLAGSMASK 0 -FILEFLAGS 0 -FILEOS VOS__WINDOWS32 -FILETYPE VFT_APP -FILESUBTYPE 0 -BEGIN - BLOCK "StringFileInfo" - BEGIN - BLOCK "040904E4" - BEGIN - VALUE "CompanyName", "NLnet Labs" - VALUE "FileDescription", "Unbound Service Remove Util" - VALUE "FileVersion", PACKAGE_VERSION - VALUE "InternalName", "unbound-service-remove" - VALUE "OriginalFilename", "unbound-service-remove.exe" - VALUE "ProductName", "unbound" - VALUE "ProductVersion", PACKAGE_VERSION - VALUE "LegalCopyright", "(C) 2009 NLnet Labs. Source is BSD licensed." - END - END - BLOCK "VarFileInfo" - BEGIN - /* English(409), windows ANSI codepage (1252) */ - VALUE "Translation", 0x409, 0x1252 - END -END - -/* error message formats */ -LANGUAGE 0x9,0x1 -1 11 "winrc/gen_msg.bin" - -/* vista administrator access, show UAC prompt */ -1 RT_MANIFEST "winrc/vista_admin.manifest" - diff --git a/external/unbound/winrc/rsrc_unbound.rc b/external/unbound/winrc/rsrc_unbound.rc deleted file mode 100644 index cc05d0eeb..000000000 --- a/external/unbound/winrc/rsrc_unbound.rc +++ /dev/null @@ -1,48 +0,0 @@ -/* - Unbound resource file for windows. For use with windres -*/ -#include "winver.h" -#include "config.h" - -1 ICON "winrc/combined.ico" -/* -1 ICON "winrc/unbound64.ico" -2 ICON "winrc/unbound48.ico" -3 ICON "winrc/unbound32.ico" -4 ICON "winrc/unbound16.ico" -*/ - -1 VERSIONINFO -FILEVERSION RSRC_PACKAGE_VERSION -PRODUCTVERSION RSRC_PACKAGE_VERSION -FILEFLAGSMASK 0 -FILEFLAGS 0 -FILEOS VOS__WINDOWS32 -FILETYPE VFT_APP -FILESUBTYPE 0 -BEGIN - BLOCK "StringFileInfo" - BEGIN - BLOCK "040904E4" - BEGIN - VALUE "CompanyName", "NLnet Labs" - VALUE "FileDescription", "Unbound DNS Server" - VALUE "FileVersion", PACKAGE_VERSION - VALUE "InternalName", "unbound" - VALUE "OriginalFilename", "unbound.exe" - VALUE "ProductName", "unbound" - VALUE "ProductVersion", PACKAGE_VERSION - VALUE "LegalCopyright", "(C) 2009 NLnet Labs. Source is BSD licensed." - END - END - BLOCK "VarFileInfo" - BEGIN - /* English(409), windows ANSI codepage (1252) */ - VALUE "Translation", 0x409, 0x1252 - END -END - -/* error message formats */ -LANGUAGE 0x9,0x1 -/* id=1 type=RT_MESSAGETABLE */ -1 11 "winrc/gen_msg.bin" diff --git a/external/unbound/winrc/rsrc_unbound_anchor.rc b/external/unbound/winrc/rsrc_unbound_anchor.rc deleted file mode 100644 index 76b96b785..000000000 --- a/external/unbound/winrc/rsrc_unbound_anchor.rc +++ /dev/null @@ -1,37 +0,0 @@ -/* - Unbound resource file for windows. For use with windres -*/ -#include "winver.h" -#include "config.h" - -1 ICON "winrc/combined.ico" - -1 VERSIONINFO -FILEVERSION RSRC_PACKAGE_VERSION -PRODUCTVERSION RSRC_PACKAGE_VERSION -FILEFLAGSMASK 0 -FILEFLAGS 0 -FILEOS VOS__WINDOWS32 -FILETYPE VFT_APP -FILESUBTYPE 0 -BEGIN - BLOCK "StringFileInfo" - BEGIN - BLOCK "040904E4" - BEGIN - VALUE "CompanyName", "NLnet Labs" - VALUE "FileDescription", "Unbound Anchor Utility" - VALUE "FileVersion", PACKAGE_VERSION - VALUE "InternalName", "unbound-anchor" - VALUE "OriginalFilename", "unbound-anchor.exe" - VALUE "ProductName", "unbound" - VALUE "ProductVersion", PACKAGE_VERSION - VALUE "LegalCopyright", "(C) 2010 NLnet Labs. Source is BSD licensed." - END - END - BLOCK "VarFileInfo" - BEGIN - /* English(409), windows ANSI codepage (1252) */ - VALUE "Translation", 0x409, 0x1252 - END -END diff --git a/external/unbound/winrc/rsrc_unbound_checkconf.rc b/external/unbound/winrc/rsrc_unbound_checkconf.rc deleted file mode 100644 index de61900bf..000000000 --- a/external/unbound/winrc/rsrc_unbound_checkconf.rc +++ /dev/null @@ -1,37 +0,0 @@ -/* - Unbound resource file for windows. For use with windres -*/ -#include "winver.h" -#include "config.h" - -1 ICON "winrc/combined.ico" - -1 VERSIONINFO -FILEVERSION RSRC_PACKAGE_VERSION -PRODUCTVERSION RSRC_PACKAGE_VERSION -FILEFLAGSMASK 0 -FILEFLAGS 0 -FILEOS VOS__WINDOWS32 -FILETYPE VFT_APP -FILESUBTYPE 0 -BEGIN - BLOCK "StringFileInfo" - BEGIN - BLOCK "040904E4" - BEGIN - VALUE "CompanyName", "NLnet Labs" - VALUE "FileDescription", "Unbound Configuration Checker" - VALUE "FileVersion", PACKAGE_VERSION - VALUE "InternalName", "unbound-checkconf" - VALUE "OriginalFilename", "unbound-checkconf.exe" - VALUE "ProductName", "unbound" - VALUE "ProductVersion", PACKAGE_VERSION - VALUE "LegalCopyright", "(C) 2009 NLnet Labs. Source is BSD licensed." - END - END - BLOCK "VarFileInfo" - BEGIN - /* English(409), windows ANSI codepage (1252) */ - VALUE "Translation", 0x409, 0x1252 - END -END diff --git a/external/unbound/winrc/rsrc_unbound_control.rc b/external/unbound/winrc/rsrc_unbound_control.rc deleted file mode 100644 index f9e1245db..000000000 --- a/external/unbound/winrc/rsrc_unbound_control.rc +++ /dev/null @@ -1,37 +0,0 @@ -/* - Unbound resource file for windows. For use with windres -*/ -#include "winver.h" -#include "config.h" - -1 ICON "winrc/combined.ico" - -1 VERSIONINFO -FILEVERSION RSRC_PACKAGE_VERSION -PRODUCTVERSION RSRC_PACKAGE_VERSION -FILEFLAGSMASK 0 -FILEFLAGS 0 -FILEOS VOS__WINDOWS32 -FILETYPE VFT_APP -FILESUBTYPE 0 -BEGIN - BLOCK "StringFileInfo" - BEGIN - BLOCK "040904E4" - BEGIN - VALUE "CompanyName", "NLnet Labs" - VALUE "FileDescription", "Unbound Remote Control Tool" - VALUE "FileVersion", PACKAGE_VERSION - VALUE "InternalName", "unbound-control" - VALUE "OriginalFilename", "unbound-control.exe" - VALUE "ProductName", "unbound" - VALUE "ProductVersion", PACKAGE_VERSION - VALUE "LegalCopyright", "(C) 2009 NLnet Labs. Source is BSD licensed." - END - END - BLOCK "VarFileInfo" - BEGIN - /* English(409), windows ANSI codepage (1252) */ - VALUE "Translation", 0x409, 0x1252 - END -END diff --git a/external/unbound/winrc/rsrc_unbound_host.rc b/external/unbound/winrc/rsrc_unbound_host.rc deleted file mode 100644 index d00f95cf4..000000000 --- a/external/unbound/winrc/rsrc_unbound_host.rc +++ /dev/null @@ -1,37 +0,0 @@ -/* - Unbound resource file for windows. For use with windres -*/ -#include "winver.h" -#include "config.h" - -1 ICON "winrc/combined.ico" - -1 VERSIONINFO -FILEVERSION RSRC_PACKAGE_VERSION -PRODUCTVERSION RSRC_PACKAGE_VERSION -FILEFLAGSMASK 0 -FILEFLAGS 0 -FILEOS VOS__WINDOWS32 -FILETYPE VFT_APP -FILESUBTYPE 0 -BEGIN - BLOCK "StringFileInfo" - BEGIN - BLOCK "040904E4" - BEGIN - VALUE "CompanyName", "NLnet Labs" - VALUE "FileDescription", "Unbound Lookup Utility" - VALUE "FileVersion", PACKAGE_VERSION - VALUE "InternalName", "unbound-host" - VALUE "OriginalFilename", "unbound-host.exe" - VALUE "ProductName", "unbound" - VALUE "ProductVersion", PACKAGE_VERSION - VALUE "LegalCopyright", "(C) 2009 NLnet Labs. Source is BSD licensed." - END - END - BLOCK "VarFileInfo" - BEGIN - /* English(409), windows ANSI codepage (1252) */ - VALUE "Translation", 0x409, 0x1252 - END -END diff --git a/external/unbound/winrc/service.conf b/external/unbound/winrc/service.conf deleted file mode 100644 index e0118a63a..000000000 --- a/external/unbound/winrc/service.conf +++ /dev/null @@ -1,13 +0,0 @@ -# Unbound configuration file on windows. -# See example.conf for more settings and syntax -server: - # verbosity level 0-4 of logging - verbosity: 0 - - # if you want to log to a file use - #logfile: "C:\unbound.log" - - # on Windows, this setting makes reports go into the Application log - # found in ControlPanels - System tasks - Logs - #use-syslog: yes - diff --git a/external/unbound/winrc/setup.nsi b/external/unbound/winrc/setup.nsi deleted file mode 100644 index c5d6b2ceb..000000000 --- a/external/unbound/winrc/setup.nsi +++ /dev/null @@ -1,210 +0,0 @@ -# The NSIS (http://nsis.sourceforge.net) install script. -# This script is BSD licensed. - -# use the default compression to help anti-virus in scanning us -#SetCompressor /solid /final lzma - -!include LogicLib.nsh -!include MUI2.nsh - -!define VERSION "0.0.0" -!define QUADVERSION "0.0.0.0" - -outFile "unbound_setup_${VERSION}.exe" -Name "Unbound" - -# default install directory -installDir "$PROGRAMFILES\Unbound" -installDirRegKey HKLM "Software\Unbound" "InstallLocation" -RequestExecutionLevel admin -#give credits to Nullsoft: BrandingText "" -VIAddVersionKey "ProductName" "Unbound" -VIAddVersionKey "CompanyName" "NLnet Labs" -VIAddVersionKey "FileDescription" "(un)install the unbound DNS resolver" -VIAddVersionKey "LegalCopyright" "Copyright 2009, NLnet Labs" -VIAddVersionKey "FileVersion" "${QUADVERSION}" -VIAddVersionKey "ProductVersion" "${QUADVERSION}" -VIProductVersion "${QUADVERSION}" - -# Global Variables -Var StartMenuFolder - -# use ReserveFile for files required before actual installation -# makes the installer start faster -#ReserveFile "System.dll" -#ReserveFile "NsExec.dll" - -!define MUI_ICON "${NSISDIR}\Contrib\Graphics\Icons\orange-install-nsis.ico" -!define MUI_UNICON "${NSISDIR}\Contrib\Graphics\Icons\orange-uninstall-nsis.ico" - -!define MUI_HEADERIMAGE -!define MUI_HEADERIMAGE_RIGHT -!define MUI_HEADERIMAGE_BITMAP "setup_top.bmp" -!define MUI_WELCOMEFINISHPAGE_BITMAP "setup_left.bmp" -!define MUI_ABORTWARNING -#!define MUI_FINISHPAGE_NOAUTOCLOSE # so we can inspect install log. - -!insertmacro MUI_PAGE_WELCOME -!insertmacro MUI_PAGE_LICENSE "..\LICENSE" -!insertmacro MUI_PAGE_COMPONENTS -!insertmacro MUI_PAGE_DIRECTORY - -!define MUI_STARTMENUPAGE_REGISTRY_ROOT "HKLM" -!define MUI_STARTMENUPAGE_REGISTRY_KEY "Software\Unbound" -!define MUI_STARTMENUPAGE_REGISTRY_VALUENAME "Start Menu Folder" -!define MUI_STARTMENUPAGE_DEFAULTFOLDER "Unbound" -!insertmacro MUI_PAGE_STARTMENU UnboundStartMenu $StartMenuFolder - -!insertmacro MUI_PAGE_INSTFILES -!insertmacro MUI_PAGE_FINISH - -!define MUI_WELCOMEPAGE_TEXT "This wizard will guide you through the uninstallation of Unbound.$\r$\n$\r$\nClick Next to continue." -!insertmacro MUI_UNPAGE_WELCOME -!insertmacro MUI_UNPAGE_CONFIRM -!insertmacro MUI_UNPAGE_INSTFILES -!insertmacro MUI_UNPAGE_FINISH - -!insertmacro MUI_LANGUAGE "English" - -# default section, one per component, we have one component. -section "Unbound" SectionUnbound - SectionIn RO # cannot unselect this one - # real work in postinstall -sectionEnd - -section "Root anchor - DNSSEC" SectionRootKey - # add estimated size for key (Kb) - AddSize 2 -sectionEnd - -section "-hidden.postinstall" - # copy files - setOutPath $INSTDIR - File "..\LICENSE" - File "README.txt" - File "..\unbound.exe" - File "..\unbound-checkconf.exe" - File "..\unbound-control.exe" - File "..\unbound-host.exe" - File "..\unbound-anchor.exe" - File "..\unbound-service-install.exe" - File "..\unbound-service-remove.exe" - File "..\anchor-update.exe" - File "unbound-control-setup.cmd" - File "unbound-website.url" - File "..\doc\example.conf" - File "..\doc\Changelog" - - # Does service.conf already exist? - IfFileExists "$INSTDIR\service.conf" 0 service_conf_not_found - # if so, leave it be and place the shipped file under another name - File /oname=service.conf.shipped "service.conf" - goto end_service_conf_not_found - # or, it is not there, place it and fill it. - service_conf_not_found: - File "service.conf" - - # Store Root Key choice - SectionGetFlags ${SectionRootKey} $R0 - IntOp $R0 $R0 & ${SF_SELECTED} - ${If} $R0 == ${SF_SELECTED} - ClearErrors - FileOpen $R1 "$INSTDIR\service.conf" a - IfErrors done_rk - FileSeek $R1 0 END - FileWrite $R1 "$\nserver: auto-trust-anchor-file: $\"$INSTDIR\root.key$\"$\n" - FileClose $R1 - done_rk: - WriteRegStr HKLM "Software\Unbound" "RootAnchor" "$\"$INSTDIR\unbound-anchor.exe$\" -a $\"$INSTDIR\root.key$\" -c $\"$INSTDIR\icannbundle.pem$\"" - ${Else} - WriteRegStr HKLM "Software\Unbound" "RootAnchor" "" - ${EndIf} - end_service_conf_not_found: - - # store installation folder - WriteRegStr HKLM "Software\Unbound" "InstallLocation" "$INSTDIR" - WriteRegStr HKLM "Software\Unbound" "ConfigFile" "$INSTDIR\service.conf" - WriteRegStr HKLM "Software\Unbound" "CronAction" "" - WriteRegDWORD HKLM "Software\Unbound" "CronTime" 86400 - - # uninstaller - WriteUninstaller "uninst.exe" - - # register uninstaller - WriteRegStr HKLM "Software\Microsoft\Windows\CurrentVersion\Uninstall\Unbound" "DisplayName" "Unbound" - WriteRegStr HKLM "Software\Microsoft\Windows\CurrentVersion\Uninstall\Unbound" "UninstallString" "$\"$INSTDIR\uninst.exe$\"" - WriteRegStr HKLM "Software\Microsoft\Windows\CurrentVersion\Uninstall\Unbound" "QuietUninstallString" "$\"$INSTDIR\uninst.exe$\" /S" - WriteRegDWORD HKLM "Software\Microsoft\Windows\CurrentVersion\Uninstall\Unbound" "NoModify" "1" - WriteRegDWORD HKLM "Software\Microsoft\Windows\CurrentVersion\Uninstall\Unbound" "NoRepair" "1" - WriteRegStr HKLM "Software\Microsoft\Windows\CurrentVersion\Uninstall\Unbound" "URLInfoAbout" "http://unbound.net" - WriteRegStr HKLM "Software\Microsoft\Windows\CurrentVersion\Uninstall\Unbound" "Publisher" "NLnet Labs" - - # start menu items - !insertmacro MUI_STARTMENU_WRITE_BEGIN UnboundStartMenu - CreateDirectory "$SMPROGRAMS\$StartMenuFolder" - CreateShortCut "$SMPROGRAMS\$StartMenuFolder\unbound.net website.lnk" "$INSTDIR\unbound-website.url" "" "$INSTDIR\unbound.exe" "" "" "" "Visit the unbound website" - CreateShortCut "$SMPROGRAMS\$StartMenuFolder\Uninstall.lnk" "$INSTDIR\uninst.exe" "" "" "" "" "" "Uninstall unbound" - !insertmacro MUI_STARTMENU_WRITE_END - - # install service entry - nsExec::ExecToLog '"$INSTDIR\unbound-service-install.exe"' - Pop $0 # return value/error/timeout - # start unbound service - nsExec::ExecToLog '"$INSTDIR\unbound-service-install.exe" start' - Pop $0 # return value/error/timeout -sectionEnd - -# set section descriptions -LangString DESC_unbound ${LANG_ENGLISH} "The base unbound DNS(SEC) validating caching resolver. $\r$\n$\r$\nStarted at boot from the Services control panel, logs to the Application Log, and the config file is its Program Files folder." -LangString DESC_rootkey ${LANG_ENGLISH} "Set up to use the DNSSEC root trust anchor. It is automatically updated. $\r$\n$\r$\nThis provides the main key that is used for security verification." - -!insertmacro MUI_FUNCTION_DESCRIPTION_BEGIN - !insertmacro MUI_DESCRIPTION_TEXT ${SectionUnbound} $(DESC_unbound) - !insertmacro MUI_DESCRIPTION_TEXT ${SectionRootKey} $(DESC_rootkey) -!insertmacro MUI_FUNCTION_DESCRIPTION_END - -# setup macros for uninstall functions. -!ifdef UN -!undef UN -!endif -!define UN "un." - -# uninstaller section -section "un.Unbound" - # stop unbound service - nsExec::ExecToLog '"$INSTDIR\unbound-service-remove.exe" stop' - Pop $0 # return value/error/timeout - # uninstall service entry - nsExec::ExecToLog '"$INSTDIR\unbound-service-remove.exe"' - Pop $0 # return value/error/timeout - # deregister uninstall - DeleteRegKey HKLM "Software\Microsoft\Windows\CurrentVersion\Uninstall\Unbound" - Delete "$INSTDIR\uninst.exe" # delete self - Delete "$INSTDIR\LICENSE" - Delete "$INSTDIR\README.txt" - Delete "$INSTDIR\unbound.exe" - Delete "$INSTDIR\unbound-checkconf.exe" - Delete "$INSTDIR\unbound-control.exe" - Delete "$INSTDIR\unbound-host.exe" - Delete "$INSTDIR\unbound-anchor.exe" - Delete "$INSTDIR\unbound-service-install.exe" - Delete "$INSTDIR\unbound-service-remove.exe" - Delete "$INSTDIR\anchor-update.exe" - Delete "$INSTDIR\unbound-control-setup.cmd" - Delete "$INSTDIR\unbound-website.url" - # keep the service.conf with potential local modifications - #Delete "$INSTDIR\service.conf" - Delete "$INSTDIR\service.conf.shipped" - Delete "$INSTDIR\example.conf" - Delete "$INSTDIR\Changelog" - Delete "$INSTDIR\root.key" - RMDir "$INSTDIR" - - # start menu items - !insertmacro MUI_STARTMENU_GETFOLDER UnboundStartMenu $StartMenuFolder - Delete "$SMPROGRAMS\$StartMenuFolder\Uninstall.lnk" - Delete "$SMPROGRAMS\$StartMenuFolder\unbound.net website.lnk" - RMDir "$SMPROGRAMS\$StartMenuFolder" - - DeleteRegKey HKLM "Software\Unbound" -sectionEnd diff --git a/external/unbound/winrc/setup_left.bmp b/external/unbound/winrc/setup_left.bmp deleted file mode 100644 index ddc17d07969aa673f16ec9510d7bb49c44604af7..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 154542 zcmeI52b5LSxyRL*#FUk+Bqo|=TgLLt(r2Q$EIi9oqj|O%eO6Rd9#$-&i3n1pBORnj z?;U0k7?Iv)=r98V12Zu64l@j8fEmd9ox5Rsa@yP(xI@YRFx>T>efQaCpa1{ty}$i^ z-`@A3r^dW;(FM+NC;xBa{~-QXyzqhxF1+A!q~PP9I)s1_5CTF#2nYcoAOwVf5D)@F zKnMr{As_^VfDjM@LO=)z0U;m+gn$qb0zyCt2mv7=1cZPP5CTF#2nYcoAOwVf5D)@F zKnMr{As_^VfDjM@LO=)z0U;m+gn$qb0zyCt2mv7=1cZPP5CTF#2nYcoAOwVf5D)@F zKnMr{As_^VfDjM@LO=)z0U;m+gn$qb0zyCt2mv7=1cZPP5CTF#2nYcoAOwVf5D)@F zKnMr{As_^VfDjM@LO=)z0U;m+gn$qb0zyCt2mv7=1cZPP5CTF#2nYcoAOwVf5D)@F zKnMr{As_^VfDjM@LO=)z0U;m+gn$qb0zyCt2mv7=1cZPP5CTF#2nYcoAOwVf5D)@F zKnMr{As_^VfDjM@LO=)z0U;m+gn$qb0zyCt2mv7=1cZPP5CTF#2nYcoAOwVf5D)@F zKnMr{As_^VfDjM@LO=)z0U;m+gn$qb0zyCt2mv7=1cZPP5CTF#2nYcoAOwVf5D)@F zKnMr{As_^VfDjM@LO=)z0U;m+gn$qb0zyCt2mv7=1cZPP5CTF#2nYcoAOwVf5D)@F zKnMr{As_^VfDjM@LO=)z0U;m+gn$qb0zyCt2mv7=1cZPP5CTF#2nYcoAOwVf5D)@F zKnMr{As_^VfDjM@LO=)z0U;m+gn$qb0zyCt2mv7=1cZPP5CTF#2nYcoAOwVf5D)@F zKnMr{As_^VfDjM@LO=)z0U;m+gn$qb0zyCt2mv7=1cZPP5CTF#2nYcoAOwVf5D)@F zKnMr{As_^VfDjM@LO=)z0U;m+gn$qb0zyCt2mv7=1cZPP5CTF#2nYcoAOwVf5D)@F zKnMr{As_^VfDjM@LO=)z0U;m+gn$qb0%rjNTeoh_Jx#~@_3Ql)v}MbdufF=~op;`; zT)FaxAAX3ua^*@-w*373?%lhaJay~Voi=US@#DumdHkpQ_wP?jOY7IKU*pD&t5vJ^ z`s=U1_S$O{(x5?ufddDwUcK6XN&G3<+1UdI45(MH-dk_IMX^>JaQU`9_x(cDF=*YLT`y47PKwh?L+Kl+dMVzkRyrS^%0feIBBPJ*Eop;`O!D%{v^rIh9pgoFe?70k zjvYJf-<`Jw(l>3(nze8w>2R8vJr`k3?xKy`vex7-+_iU;bGm+!c`=R_9p1cs4JjN6 z;`-RJV=un=qJ=0>c<{jo=?Wfx_~F2BLHmObJ}{LupRf;ofte!`fBy5IH*em&sK|NS zBMusDjT$w`98r}0>c>C+ai>mBGmPhG+~wJ6X@k2DtucIJtLn|~rJa7!<$sf=bZXS; z?-2Jzm*)x&?6zEwoBGw9#bahK95s1ve+u_=y=mL(scD1v?%Ph2KYsj}<$A@M**kWx zU$-e^>y8{QEKjamw{C5bi4cDCo8SE42R{hQK>KooNiPwWv&8g!@4Yv=fz#ELScp3V zuVTxVE#1`%le-T7Xz;iu&AY!mW5Mu-ot~b(Xw+wI|0iSh%my8wqK&ug@d~}J<$C6V z;S;8JpD?4x{AJ@Q(9iXr{B5-Q+|A2pFB(k-%Qe0C`YoBO*Dct!cQfhb#x>*bFMjb0 zH!{e8Q=viyhU||%`sksD9t!J$FS_WW2OfCf^2;yhlGDgFrQLAD4JZ#`j4&v8DqP|z zZ|RH~Gr|hA>6^E&Zr1Iku0uXPeB|J=RnzIrX}o+(WA8NJ{iQ3XAg|6{XcG4y*gJYs zyQC?d4;Joo^2{4TLq=e{rllV`ydQb_n%Ok`oqIMS(~35q&tSkq4-YFTS`>pFZY}=9Aw0x#ynq4~tJd^%NP7968dpYuEekyU%^e zskCcT9|%2gz(K%&__?NTS6+GLlTSYR(n~MhefQlwg6E+)z3Z;K{6(F$DSobLSv*%6 zj-UMGC+0C}ydGHU)TtAQ0NtR6?swmP*XBgiwladB>)-$W_o(;06|}FMoSa>;BO@cD zM~@!&+;fkoWK*TL-+tR&rj^}X|LkW!d+)vX7A;!jo(`;CyVkE-a0~ym!j@?TdTCn} zn%MX0F4-nB3fs&!(IXr?e$11?>2dy@Jlyihw19TqxpQYUnX(@N__nB$6+J;;lqb-z4cc2 zqapX|)yrR+I|V)YAI<)&LC3!_pPHIBsLq#v`FeOQdfK7mTcD(&Vv#u`Yv!Qj#t8Jx zy+?l9f6V85^S5zI$G&b;Is)qSm`Ux?!+8@@mnKh|(|5yGXX?6POD0`6!oK~xmad%2 zy^aEOCz z#fq7knf|ZbDRe}h(wNq{Gx+89ec$?KTDNw6t4^BTw{F|NuFOfT-~I{sLN{Z0ZPxWg z=&-ukl+*!JQwQ+^%!#R9e%*|h0iw6>&YdxTIQO!;8Cn^0?d%OpcI@83Y<>U1y%b(} zcz>d~u3x{t8xZ<-=GuM`NJ%u;++x(IQJ$`YroC#FW1w&!bOK?ObZ2YSsFC~8kV$c8 z@XIt_Gv^vHu{Cop+9N5+Q#!}yT$^Kau059PanrhGE(thP7be6y!040nN4ZCNJ0=Ft*{E^^3`w zyJ+Qjlkj8!%uy@rr0@i=D26jKwY(JRdk!!J-`1bAFg@)Yp=c5 zO%uZkxBk8!B}w#4fBfSg-6a_LvBw@O>C&_4`vh^#6EgAPwRht~2k5bKmk-xe2G5AQ zCdg~noUjr{lfk^NR;^m@_tut!(w?5~D9I%rv_aG)lZ`&sOuLR9FE$Pi((zCjI|(u^ z)HG^j8nW?aARjoGXJ%69@VHS(;h??S%=8j`YNFP2sqTe)`j&T5u3( z;P>Bu|Jbo(nbVP>+_-Mls+GGM$avEXED@jM$B)0}nrl24+S7LJ+C^Mzzrqk&qxpSx zT0hJfI(BkLTpsQE{2v@`+m*{8ZiuksHCNGr&ssRjTyDqfxl59gr*^?EN`9PNQ&R`h z`QzJ~yJRe065b#3GfbnOBjDIVW;#ZPhKy}3Z=d4;N+{QqkH(7$!ZTa~*VR{F-K<%& zO`A4(zB-NbYwm6jG$_lF5k`-8?8#xrzJ2@X3OseQC6HdddiAhtJ?UTedL3=5(}4G| za>F<(6LiB={9H4L<2PZ(joJo@-_7ZdGYgN{+Ko%Gm!jC4DYoT$)!KQy2B>QJ1v_Az zhQDp+Iwt0c=Gr{?^y$-|dFB~9Jqwo+a2R>;Oc2+D2M_k#df2dG9#ZV-(xpoy9BK?q zrBdT@Sfg*Fo{datLj#8zJYV>lLe)xn|e8M$O6AUu&&YUZ2-F&837|dau${Vg} z%O~et>1bsb#+^Q7=URIH^5NRRxO3;u4jnq&e*5hne%&l2i0j_Hd%N#~JYvKMORif; zN=m{;>d9^jddsZGkp(S%J+*R>&O_RhMvS|4v zX5V--C(i5%^uwdK7S!|qH z7Dgi^i0h_Jn|f}Pl9FQUV+9n6KsAhOc|V_j{`qa&9Mff~4h$N^DomL>0A&ewMt$2h zWA!XbC^)c(zTIe3n7mAY3h9_PAU3Jw}?sm6s?URdlMxBtlz@`KBG`6rKwkDMYZro;*jdrrDxb$J#F@ks|tG zyx62NK_h=GgVTgftP!VlAf{w4#Qkj=JNCcnKy5qCueC-F^GNI=FwU${~KEtED&sl{!AfuyvD#q zxk8|<5JzUjFO zN}~q{)QJ-9pPoVjPl+KujxJ#}o`RDc7QvIdiU}!>DSs`r9jbV{c9i*WmW@%P*JM zx|!s95RPyg`MD1CM0)`Ds|4H;9n6!BU}H~B;=v)F_Zfc&^P_G<{(&(hkn6N%;|3%( zT#-G87CnA?cMK-87LK3^5Ba7U3N|TdWzL-Iz+Skf6A0uQZEd>~TbPdK2Jf_PWX1wJ z=R#FW9M?dHi7X<-3$!17^idDO1dw}Ju%~{mF>2wVwi)~a3jeQu^()UUe)qfI`7QIW zzWS;s+w9rSq&4iw$;o;A@yFu{9!3do(WBC*Up@jIfn1}67xO z(>6`~@X+zinV`WqzD{}uM&UrNQ3JSyXi`*h-VihahJ%<&kcAG9w!m1QP_9Am*T4QX z^aVC>LU}##ayoP7%rJQUT$3Mb3|&EB6d5yUKha#$q)8M1Er?I{R0gx2KN~4Ttq`DY z;@;!o8o;ro&^AqJa~6#;E-FT0%$w*=q%#*@n2~}dJZ1@*i{Xp6f>XHTO&|lY2P7Jm z49mIkZIQlj|8D$f2$X~JW_(*1PiWD`0?*xH-{@(H(9IaHJ-A(V*<~!vz<7mg8}|oc zPJ!`Yv^ZlYr}F+IkZW@zVvi{wQy8zxgb5Rf9wBDcuWON+bqAg>Hgh9Fi9B_NP2N(p zN0R}8n!oYJ8~Dg<&Um=?KggL%DIcyaIMD(Yj|dzhxQ;H?e#=yA+&E`Fh5w+n`j@D1 zAv115mv6f1roeCGcOEM>$DOFy<4rBWw4;uB(J)00{jA-n} z`%F9oYP@ljFmR)38~Na&{FC#q;}l5q=R#C&V%z8zoI;9^atmXzNd(toKWn=MYRaeSC{9IXE6GVlYIcR?XbUE&CDKnmcVeV+S z2JMtDC&&TmTN~3-<6B* zy>+M2!wVceJm2WyN1QoVV)Sr>C%xj+Pe1JjCrrj05>MoSpKA;qM4qFbg_Ug5>4#Yd z8o{#t3LTFX3elzUEiBU?PMkQ=UKlN$YKi4KceBHWrv{`xvKS$_n7~-(lxXUR~W=dYMVnt6-jVT-h3&B)GSe00a zJA>`R2{LTo?`^oITgI>5V_3~Tqw10~uw6Ux2~#@5I0Llh`pD5k#2yn^$R%88+cnJ@ z&n9*=Y$j;wq|=9ES!HA=CJhG)a)SDB_md(s5VKagfB*h%+qOkX?$V_Tp25;m5XQB+ z7iNvcix+c?FJnjFzJ2GCC$P-ZT!;?9SI8)G z&JZ8-ZIKNdnwi-pLN^P0Bqv zI3)Dbj@M{Yem@t}BK%wEf<41T6bnnDvpm6KFwXmr|HCzqLqnjHxcC^M{|u5P9IL7so6Kf zwrkuabnLA7!$BFyHBJpi{CVl)QQhg!>CAay2r#2*Lo^x!PYEl?I z2^>O3gTgSv2#$;$n-Ff30S1j(n^U@LGbv-Phq>FBwXuAX$7F_CGtc6bR%~qG$Xtb1 zhCmz(beqf?uMH0W4xi$>99SmmAm);Gww`0brr8gN6qfv$t#1}&q!6cseT>G=dQ7xy z%v@9q65z96!>k(+P#y&<%=Z}G#X&32C*61Zn+vh@TEF^M>YlA~V zKkazk>g!iWPioIv04C9n2V}zFv~^p4$!u#b(VXmRg{C@!FV@Da1_5I7N1Jx7cAfLt`&8 zc872u>t7TxtkW{={tt&*yb5D)@FKnMr{ArKD&n2wooFm**8CE5qsDkt$= z9+)Q<)w2t;HU*l9g1~Hni7dcm`Cix``g7n_VTstv*o{1_G;D5x7oxF;T~da0e602^ z80*4Hz|d#2c?29ffmgNbQ`M8xe`-vKy+_rp+vd?X>fG>h^(*XOr5abhR{PqIn%qr1 zHd}MEW2aS6{pEO4V0PrUZR)pw{Pj<+GX+u_fA2Qd0b|>W5+l%v6SkG{3)bb~ zxpmkn+uuo;)%y;brFU0c_c1ao1=ciAwcfpq$R)PtMw>jMcTm)WKrS47cY#y1( z1+muE8dV6q)}IJaAAWHsMrr(jo}%2RG@r4PJ5~PV5B?I|DU?>N@g4jci!oojOR(~3 z&9Oc_+z2+lweO!7uPJ!jwbp% z=9-XHtqVNWyCGeN0o@GyR>rPnux?#YFy>MX`p;wwrhU$>djAY41C`B z6T`T!-KunbMWVT8GmTekT@%l9oqt@jISkv6L_9m-v$ma`_HiMhA>b=SZEM{58IRf) z$Teo`=pN+{QKUnQyywpQmK*Nj~D>HGq%66Mg{CtDdsjxaoa_3XWdw{c-0*Ss74 zGHptw8dtIRAg>KCn{8`};~F1ymAa)Er_M93vHXAB^d1YoM`+RGm3ZdA1WvQ#A6p38 z*T4$&2A(qQ=?9JPAoSYiBtC>;v|*>e^8zG7HzQ=_?fU;|?;ej(Hm+Z(c@=StgeJ!M zXZD3KI3#q=#U`9#Pt7D6kCNr0Y(kHrHNwg_K4pKgu@xC7oK603%ch63;O_mnCz7_p zW##&6hDCqP<4H*<*Vsesqj?0vy5gx`bRIS=@)T=NV;myw-^1Dj6dZ(;~MWq z{Lfxu&IK+rzG;tVs$COn#Ey0)RyaDtS;aN`gm}6*drBm2;DdO4AH?GYX2TU#=gUXJ z{@$o_ec)9lMBml{;f!#Nv#i_D>VY+MC*rVUYVS_*$Y&MTAAWI{U4P_87@66tr{?Cg zYQ3A?IoX3ZFxx+xR&;0c$o$Yo;8jFmdUBo-uGxxjbQ==dgRwW1n-RJN8#!R1FaowycTOwwD|Mcn=9F!SY#u9= zGuN!Sj)!Q%$W0B;Ij({Fy#{|~-vF#1DKmSr>vA9$CXv{9ON0^NC@?>!W4kShy@cs1 z7VN z+nc9m-BU!@$5+_%BQo%+u$smK$R2*+ugBIC;T+-`S7517W#e@Ble*=B zNsUWYl%Qjg$3p~0WIAT( znH`^qG>(&_dhH%(9jm_(n=<5^rnUm{3#XlH)^gfkVzPBJ!r8_(`szEM-x~NgW5IA! zXLe0zT{*^W4^5n+O|g-(U4H0!*uYZ)N};Jv>%U-d@N@K5y_-7^tj3Dhz-v8;3=RGg zOv+pJZV7&<`6nLAQeA%&EVc(J-JZan zlIinvH?LqNvQyxaWCV0DyHeGYIpp*>bKXF@6XECb+=y@s^8?2rbvx^Hv#@%eE9oo* zV5Z|?fzw2D&A7&XbkQiC)9pI?(azMj(CxR_B$R6gnt0+~#C0NG3CH*JuklEU;~EnX zyI#ce6yiD_l**8Y<(d2xi|x!4#C7G`e=xt298V3!bv!7QEe|0C>{?^!P6XF1D|0V< zEU}W}x;*2zw?B2exRnj-R5o zDwWoXqb;pi2epc}2(m$O0iuA&%HV(A10z^PTlEk2!{vqCym#My_nz-P=bm$4US`fM z_jn0Qli|NDyw<_%EqJ~Bk_r5OcY;Qj4*r( z;h`!BN!8QUrOrQIDG+=|rEVpYzcVpAZfvpsm%Iy4QTIPMb%fzR5Y~f5m8zba+FR+X z^51x48;QJ|OgXA=aL(MU($4NOop#XIH+w`69~9Zpd`2fbNPTbEY^PS=ZSOvGxZKTk zpM}|G3i(Gp-7`jp7oF?4X00+ zbt{$NmOj4XXH??9$q@7H|CxjyX7s?_RQHrsH6CY}tCG@n);W=JpbNSf&50Sx-{>KgbXS2b3oE)6pm;-; z{(}rv3Z?qaoo*!>V*|-2w`pi_u2%Mx6yJ=F$saT3Yd!K2J^exh!wO^LOU5P@28M+c z%3&gDy)Ieuv18({uk)H)+R)+hFSP!d^8U{;ti5z=?p!&Y9x!`$QqhIFCzLPfUrTG( zo^OjkTkxHU$sT>(llle~M#h&-OfDH4m+0#qBa^8?tZ)s+`zv zH7M<0MU4^CWA@g&^(epS>6aK9*BY4uy-FkfLNfUfp16*pE1EMqanIgkciK9!DzIvX zUIF{s@?tYYVYGL4Z`yod(&YKZMl;8al~PEd2yP9Dm_s5TM38l%;%`95`fFov9ym5N zckcSS$kB1XiP86Z`lt1cs*OyqnwiuY8x`y69V3!=;gC4CjVLlAtGKvUp@K=WSL-ws zhfC%~W(YF9cK!CpABwd{zxnbjlu@JT+B$BpYAq+=gArm5h4KfH^s~7|^7Z<=C~Fh| zEUc)N3iY}3H$>umJF9&Ly7`6%6{aTF%uR2Ym{jQ*oF!5Y;*m^UUD1O1@|>I#ciK8o z#qFgv@NKvde6ek5N0;)md8>7_onLu%{L8Osje5lphjY=^S~&XESqOP6gIcAl{}&nA zy?SLHFa!{dO&vRT6wP)#U}$hi&+t!UlWV5tjb^6TjEqXiy1$V~J4l2$J3DcF+|Kgy ztLO?goP#RgaAkLI6uroLc8|7@_Pfl-%X9`%q^PC%x{_)*XZh>A(IY}2w#wO0~a}`A3Rvl zb{7=y1xqh7!_>522&Anf+~==oIXHggc;e(AGiI#96XXPZ0)h)-uzvaElWr?^gR#*8 z5^1}Uak-hrZ3|kPsl|1D!%|&JK8d)Eh(wPYFP6){uDjfbIXRfS`GO&Qas5&-a1zNu zgtQ;x04*)9Q0T8x^~`#I1478u*71Mk)fpsWs)NH7Yj*SWcj}0wZA|736Vn<)-9id6 zmx!!3HVRs{e9fUB&))6q#0=&=i}|7fg!Vo^J?xuB9*~J3^|e>Q>T^J92_f#d<%3=|0}kO$lb z>|>vt28wIIC)M$jHDtW6zEoGY(AeY>?m)fd!v-DN8a}Mc|^sDYcg_mQ|f8t@`6?eN`Vb7!t~^ z^6E2XRc9|&p1#$5Q&T5eqgvgqXuDQlSzdj%tnv@oO8d66U0rD4qAC2ZGtZ472nqU{ z@jvg7v^T^VuZh2~7kzFYy4H5Z8k>-n6V~tcEUi6(u1@x<1lrl|p!k`7aw}gsd;53M zC__}Js;l+Y+;D4Qf|Z|a>@O#G!zo1j}m+H#Z?HHK1s~LG`piG_d+Lk=E%JhSl$T?uLPQBJOE?? zOfSg9(mi4r6W_NQHQHpfmj18ZhKYn4EALH;l;%V{pP~USV$nLolk5D?df|NSJGY zA)3&0TUu{;NbO;#n~0VB)6U+V^^KRrDYG~dOP-X)54ZFPx8_AM`BEDXsf{4gdWk># z@|B9=$PjH4Ao=;XUA{^7;tV@chJDCdYrhmWFB}GnR$J#4 zZ0+qae6=VrZn|%ZC1BjKKL+Z71l3)uuZDAlz%bSJSB&9~eR8jOORofmAcnEj-`YLs z^<@DzZepfqyoDf^A&6zO?Z!}P*6kg4x9?7yFw>Ms7UGH9^(Z+c;ureH-m@0lx=E;f zDT5n9_lkbK?rJGqNTu#h$Xvvg(m@Fq`?Dm83u99`E&*fQ!)WeObN4X1C+MLPWf-w? zt~{Z~$w$kk4K&eBH%w;xgZHd?{NH z$?j!{)$p|cp1mHbZ?`n~L`@D^V;j20HYm+jB>y-!Z%5sg%3HS@YHBa;Kb#d9IoC6u z6}XZakYXFLe#*_;m!TJ6B!QuioaHNLW$lmF^b7Qm6K3h1#OP%RmJ4MV$MQ;`2PM7L z&{U&RD%$ThXKu-y?`i8DOBKY@7W>&bIW4~4P_w{&{DikD7VL3&d=P<L;G_in zrTZZ=+PsPav4;7F-37Pjt|gK2>NnrGOX z3XGvNeGV{mmoQgv7{HJhZU^Sq6=k>+Q2$wy?-60g31co_!HiDfUb|kcQguV61?TpA zL|A(OLqAjxHQjug%(G|M^ZnsXzDd?Wt89W++Q`0K-rCj#eFBX_H}oE>s|C{=e@%U*Z>v0B5=Db(6owT*NI9z}> zF2IuUsZ_oIRE{g9`o_N5)_%LF>^MKdh8s?G3$;9d;W%nb(5)wHU!ohRA~2NnF$_EJD!$-y%$gtX7!tzd} zV+{A)W5|LDFjzJf7`C)_I5}kzku(FN0OtUEx}j=SmP50J_4SRFt0 zm%iSN(OR>#be3sp^QTS;%>89M2pANPFSV_x{_}kCF>W}E2e?G+qS69vz(J$cJ93iT zBs4dPg+TJAQVBPnRN-l}-6V83F=OS1{_|lyS7HZjT|$_-KY}e)$<{A(7qh?!N643I zYJ(aJ3J>z6);wV7J8T((=N2667?8#aOtXy6d|##RK!@|+l1i-zj+^Bt122>rzu_ae z;SMgif6R2Dj0p@ezZ4ZAykI^AVZiL?FYndEo~-O-&_mC7YH;#fjW?T|op%wC6dV#y z)?E$^J)-HJajboZzL0&%<;PG_LHfR@QmOauJ)o;+Gy2unbjcs=*>m)C;m^EqCg!_X z|5bAGTyefTxG&)}w}A|^_9X!sm_IcP!%`g|%8(-lJ=8E%ic>xSwFE~rF@txn_h@%e zhT&|U)N+Zh<#5$QrBdM=^{#&k(?7*hwq*`*cql{YO;nn*FKAsdGc03jx1vL>R`|!f zBTR-pz%UBycOOG=_PpX5zB21yPoTDRdv>w_Wk~aidV9g5&+&v*0zOek$4}32Iyc-7 z7LnNDQodCWe75dSiv{)T|YU?PsWmM1%~KM_|OClePnbXCRzod7cf-%MZY6VWP%I2 zIXe_)PMAPo2$WWyhS&l;7-784$+P=mPgZs!c%izR^Ft?hbhV-kB@Fj4 zs%xlKe_OgeI|-&fl%W`%51~5}xud(7<|d}gGCk4h9h>2=)|Yui*t?79%Yzw5j-m#C z-S$wJT7jW!u-)nNKciPhBVN$MAGl#wV7C|h3{O4mV;J!+=9;jQH+|X{!aodRRN7*Q z`h-cW(3KE+wZmeEU-UF#63r`-79f8uuV71;qOH5Tee2#xG?GZP;Dy`NTrL7JY}+g6 z#V|bMXuKH9w`PB6YPy_aFx74n%O~E!Bbv&Org=%;y4&6Yi#ptp3A|`C5SSp!KKtOx zD>q6Sn=YUJ^H9|4dAtZF0CW{uY}g(H!{uD@QCF1JgABLrO@yhhKSQzn6E_jfRZMjc z9rJDOy3Wo!3Pt;_{mGm#EB8>kvyfR_R)|(u^y~6qCU~l##vYPM2lKM7H&iv;tjW$z z<4V|^aF+9MXDCc&f{{%6YVKeRQ=NrL3{bp~^vS3m_9%U$rgA?%-UP2mmH@(tNGs1+2+3i%TMMF@9#KqQB*R6-*q8ey zHkYao|N8ZkASO4`oEKq%s$7I6Kf;;|(_n--7vcjkLl8Q>xuqV)#kmXlt|FA7OUM8{ z#2A7HL-i0(?$txF>=PFe-BnC;5u3Y&GK7&+f)b{ITDk&Q5uG1AtrJ~ALs#G8SMpp# zm>iKM3;{Ug8fxt>vUNip9auDAI{C1M<$Tzyhd$C75DEwr8A)G(Eq&zDd}OLKc$=`? zvLbDgh9SCe7H{bm$^?1C9OxNG_l#wE#xPu0*qtuS14CF*e)F@XOTD5P{1`evn#qrX z*^dFb2az5x+QMZ8BYBOVQUR#Z1nWiF`!_8W+HfQgM$kCn4AhAUr-Kxi2GN9~4=-OS zM~z&M8W_5SqP~kuh-H6UiZVorQ9VSHd;L;T^2aVB3n)C_(`;!V(?x9N8bWsqrMiYN z76>eVJ9QYlGFmBw6p{qzB>{Ap&mr~)lBky>h7o58{?jmK2tJKZ*bE>eOkgB#L>Z#p zd02`}amLom7{RG1LzTMAM?7blpTjcW@u{Et$yWzDd)qAZu~;ai`AFYCbv6$cG%sAZ z@!Gfyhe^)dNZ^J}K9gpe%=fTd;B7wNlgeN5cFqr*6!!r3T~n>TSavopO|aO@VV(zd zp1^z_AJlK=H~TX0-fhvetEjkOv0%KjV63xXd~xYnOpW27I&06WMIH`L9uB;qSqdfU zc!k6*a`G4pdty^OS7wS9@@?mG&F8w&IRWqGpX^<^)70A2+1ZwJV6&I#gHO5ic|40b z?zDMaD_92r8|x$-o_Yw42ZqA184$dA$1@T(%pQbcgxnc44YuHvi7+36J}4FNed#XP zl<1O%`c7MGWp(L|`YW))0rz*$oV&udP9q{)#!hqthTwm4MfUmmKQ%WuR#lf>zi~yO zK+n1_z}_6{#lV+o)E%Aem#@@R)s)}5)u>j1e}lOh_ew(oC2B!>iM-KIJ`&HgQ-*5MTGMfERSTiX={vVyIsRYfOJbM6c zZvexE-i+bQP%;BbRuaJLfnBM z8F-w(?Hl8`5j0*T%{Oi$xb}nhZ@3*jfiVOhc!3x5((q)chH1fD^gb*+dqgv1Gr^~U zuP{73Nt2xgF*HF8H6R&$nmd>_4PXchWIMk(XJVX6K>mjy+X;jW9UY%Z69sXpL41s% zPt0V{Lu{A~IPu}v8yA8<%LdC^yy(=F>patD%IvK1r*&>BC-`hw&IX9oQ~() zQ-xQrH*VgUyugbNwul@2W=Ch=lShBQz_8q-K7RU#`5e|~e2Y((F)r1?y{Bg|`kpOA zOm3A`rNt$G!d6*bGKe5+FIN>`JO^88`FU)`3N4F0Nd&H+`t#3^>glGCkWECwW>^u` z*5Q5dK|p;&GjzG3;YRVr!s3$iWfgy6uHYbk%plhvnnSIvw@WS-mX!QiQhL6tt1pgy z%BDOAhELZbB|HZ$lONHifET)vfP94~$h39b9cPC&HML@dpRW4<;@QKBp}MEDOBEIU zJrR-P2%8c7Mm!-w8@J5KDWatnf{*{FpD1|YFb^k&T^*{xz}+N5DjwMgF$9hftF5zG zAV`8|AkZcM-oF=4!q30KL&s1vnWKv$>YlspT>`-lA|gYG>j{J}@c1a4j&ndjYDWir zrFSF^CV`=2c)wL@RdY+n@@1RJ1Q`KYhbOGX<05eQ`I4};3iyeaXW_Zszt(>-H`EN_ z7V53$j)e;{;b$h`v0VaT6&@Fc;O580Z^C|TVnhcYKk9~(A@ET(G`7wDWHmxaA`mhO zgmgSE6hY>$&DgDkXQ%IL;0VdVNDduC2<;jh?|k%OI-Zb7K-LiO>F~S~iTLS;ufBr- zf5e0iMs47+p<~!|tNp_d)8Tnf0$~jvFT?8uP$;v%{^kg1;0VBhkRJ1Ch!}#mxpa9Z z0Uw1vwo8c9(eW}i`gH#f$FLiK=(@{@^?VGteusyEA$mu4$M&Omybl2vgU3tY33{r< z{G&(DqW5L*!yBR457VI8Az|2~3Jy-w(O#;h>request.cfg -echo default_bits=%BITS%>>request.cfg -echo default_md=%HASH%>>request.cfg -echo prompt=no>>request.cfg -echo distinguished_name=req_distinguished_name>>request.cfg -echo.>>request.cfg -echo [req_distinguished_name]>>request.cfg -echo commonName=%SERVERNAME%>>request.cfg - -if not exist request.cfg ( -echo could not create request.cfg -exit 1 -) - -echo create %SVR_BASE%.pem (self signed certificate) -"%SSL_PROGRAM%" req -key %SVR_BASE%.key -config request.cfg -new -x509 -days %DAYS% -out %SVR_BASE%.pem || echo could not create %SVR_BASE%.pem && exit 1 -rem create trusted usage pem -"%SSL_PROGRAM%" x509 -in %SVR_BASE%.pem -addtrust serverAuth -out %SVR_BASE%_trust.pem - -rem create client request and sign it -if exist request.cfg (del /F /Q /S request.cfg) -echo [req]>>request.cfg -echo default_bits=%BITS%>>request.cfg -echo default_md=%HASH%>>request.cfg -echo prompt=no>>request.cfg -echo distinguished_name=req_distinguished_name>>request.cfg -echo.>>request.cfg -echo [req_distinguished_name]>>request.cfg -echo commonName=%CLIENTNAME%>>request.cfg - -if not exist request.cfg ( -echo could not create request.cfg -exit 1 -) - -echo create %CTL_BASE%.pem (signed client certificate) -"%SSL_PROGRAM%" req -key %CTL_BASE%.key -config request.cfg -new | "%SSL_PROGRAM%" x509 -req -days %DAYS% -CA %SVR_BASE%_trust.pem -CAkey %SVR_BASE%.key -CAcreateserial -%HASH% -out %CTL_BASE%.pem - -if not exist %CTL_BASE%.pem ( -echo could not create %CTL_BASE%.pem -exit 1 -) -rem create trusted usage pem -rem "%SSL_PROGRAM%" x509 -in %CTL_BASE%.pem -addtrust clientAuth -out %CTL_BASE%_trust.pem - -rem see details with "%SSL_PROGRAM%" x509 -noout -text < %SVR_BASE%.pem -rem echo "create %CTL_BASE%_browser.pfx (web client certificate)" -rem echo "create webbrowser PKCSrem12 .PFX certificate file. In Firefox import in:" -rem echo "preferences - advanced - encryption - view certificates - your certs" -rem echo "empty password is used, simply click OK on the password dialog box." -rem "%SSL_PROGRAM%" pkcs12 -export -in %CTL_BASE%_trust.pem -inkey %CTL_BASE%.key -name "unbound remote control client cert" -out %CTL_BASE%_browser.pfx -password "pass:" || echo could not create browser certificate && exit 1 - -rem remove crap -del /F /Q /S request.cfg -del /F /Q /S %CTL_BASE%_trust.pem -del /F /Q /S %SVR_BASE%_trust.pem -del /F /Q /S %SVR_BASE%_trust.srl - -echo Setup success. Certificates created. Enable in unbound.conf file to use - -exit 0 - -:help -echo unbound-control-setup.cmd - setup SSL keys for unbound-control -echo -d dir use directory to store keys and certificates. -echo default: %DESTDIR% -echo please run this command using the same user id that the -echo unbound daemon uses, it needs read privileges. -exit 1 diff --git a/external/unbound/winrc/unbound-service-install.c b/external/unbound/winrc/unbound-service-install.c deleted file mode 100644 index a6ce11a2a..000000000 --- a/external/unbound/winrc/unbound-service-install.c +++ /dev/null @@ -1,65 +0,0 @@ -/* - * winrc/unbound-service-install.c - windows services installation util - * - * Copyright (c) 2009, NLnet Labs. All rights reserved. - * - * This software is open source. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * Redistributions of source code must retain the above copyright notice, - * this list of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, - * this list of conditions and the following disclaimer in the documentation - * and/or other materials provided with the distribution. - * - * Neither the name of the NLNET LABS nor the names of its contributors may - * be used to endorse or promote products derived from this software without - * specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR - * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT - * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED - * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR - * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF - * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING - * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -/** - * \file - * - * This file contains functions to integrate with the windows services API. - * This means it handles the commandline switches to install and remove - * the service (via CreateService and DeleteService), it handles - * the ServiceMain() main service entry point when started as a service, - * and it handles the Handler[_ex]() to process requests to the service - * (such as start and stop and status). - */ -#include "config.h" -#include "winrc/w_inst.h" - -/** Install service main */ -int main(int argc, char** argv) -{ - FILE* out = stdout; - /* out = fopen("unbound-service-install.log", "w");*/ - if(argc == 2 && strcmp(argv[1], "start")==0) { - wsvc_rc_start(out); - return 0; - } - if(argc != 1) { - if(out) fprintf(out, "Usage: %s [start]\n", argv[0]); - else printf("Usage: %s [start]\n", argv[0]); - return 1; - } - wsvc_install(out, "unbound-service-install.exe"); - return 0; -} diff --git a/external/unbound/winrc/unbound-service-remove.c b/external/unbound/winrc/unbound-service-remove.c deleted file mode 100644 index 2a285b09a..000000000 --- a/external/unbound/winrc/unbound-service-remove.c +++ /dev/null @@ -1,65 +0,0 @@ -/* - * winrc/unbound-service-remove.c - windows services installation util - * - * Copyright (c) 2009, NLnet Labs. All rights reserved. - * - * This software is open source. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * Redistributions of source code must retain the above copyright notice, - * this list of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, - * this list of conditions and the following disclaimer in the documentation - * and/or other materials provided with the distribution. - * - * Neither the name of the NLNET LABS nor the names of its contributors may - * be used to endorse or promote products derived from this software without - * specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR - * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT - * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED - * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR - * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF - * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING - * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -/** - * \file - * - * This file contains functions to integrate with the windows services API. - * This means it handles the commandline switches to install and remove - * the service (via CreateService and DeleteService), it handles - * the ServiceMain() main service entry point when started as a service, - * and it handles the Handler[_ex]() to process requests to the service - * (such as start and stop and status). - */ -#include "config.h" -#include "winrc/w_inst.h" - -/** Remove service main */ -int main(int argc, char** argv) -{ - FILE* out = stdout; - /* out = fopen("unbound-service-remove.log", "w");*/ - if(argc == 2 && strcmp(argv[1], "stop")==0) { - wsvc_rc_stop(out); - return 0; - } - if(argc != 1) { - if(out) fprintf(out, "Usage: %s [stop]\n", argv[0]); - else printf("Usage: %s [stop]\n", argv[0]); - return 1; - } - wsvc_remove(NULL); - return 0; -} diff --git a/external/unbound/winrc/unbound-website.url b/external/unbound/winrc/unbound-website.url deleted file mode 100644 index ef4685a73..000000000 --- a/external/unbound/winrc/unbound-website.url +++ /dev/null @@ -1,3 +0,0 @@ -[InternetShortcut] -URL=http://unbound.net/ - diff --git a/external/unbound/winrc/unbound16.ico b/external/unbound/winrc/unbound16.ico deleted file mode 100644 index e62634b70641ed375494e4d7a032fdc302e1b1e9..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 894 zcmZQzU<5(|0R|u`!H~hsz#zuJz@P!dKp_SNAO?wpfCEqt9sI`tfByXa{rlhFzyB~~ z@Cp0_0#tb*|IZ&3vERS{{Qv*AuWw&S@Pb>no&l9ZGy&}b+K8+hsQ35pzd(@(4_hJgu*PoR{||#Ks>#{saZpGB9v6F|jhUgllTv6cD%*8@uJefd@fBN2H}MaB)3m zW4q1Hz7^t(DN`;oFhq!o^2f)e@$wc)O0INt{4XQ3laq5FFV7oh<`X0<%hMpftr diff --git a/external/unbound/winrc/unbound32.ico b/external/unbound/winrc/unbound32.ico deleted file mode 100644 index 64272eed44b941591533744807161590c2d1f590..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 3262 zcmd^Bdr(wm6hC)&@7?>@d+**|7IsfdWoe$KG2j3CoJp*#H5l4k%mu9OMD5tCN{pQ~9JKyj8 z&iT%F&H@nl3l9ez?XblJ5C{MR@xdv$2Oo7_l^1cXw{-pwL{U0DUY`dauMgc-Znn#c z?=MK7&!?chn<@zSPeR^ELs@*6Ef4%t=e%aw8_t zO^*jX?aRIfUjM^Mih7>o)>bFw|V_%aqWJb#}I1s?H%pcD&Pz*qgs2r zx>{CN2k@LAalXenpt|B!6t_xP(PDD?mkX;_Ror=p>TECZpP-s2 z8jXGX8c1q7XL^ShzZS*4g7`VZWbUgzj0#?_w^LCtsk(jfc-&uob9m;=o%TTVw3KFQ zuK`zG!&LmdtZMF@%u%E6ljV_=aT3esNYb~Gxn8o?0KAu&xEa;j+uhv}ZaUMPn^zSZ zTSQS?2%^GbX_V!Qkr6FD@sT-x9z683%k?Zk2tnxZw(AHRNj+$!<~r=(4v0K&m5%X3 zrOlReqVcSsiKn9S=#x+FbU2XkPMWQAI?qM+yCO$i2njvyu>aJJuSMh7@$(^}j|1Fh zFxV-QGOA*y=_z`0y470zz<6(TRI@Cf0is~`tnFKi>PFnP842rj6*k++$jB>^{V&P# zuTICY09!R>{170k7ye_@wgAjyn2`j*`%4uCz|h7gjm#{PS{WaAW^9~$*sUD{qZ@Sk zEJ9brv4_GVnxmuJ`t@rGasC__ST6`)=yY#kKFeW=$uHz;_!{}f#&cH7Ya(B2WTqi_ zm>iM!#@aXE%(pwTIC>pLFLXLeN00Fg8`d^%yvHmS1_gaOWN>Fh*x4Za5sP(?kx~g$ z)H7qo%wNBuxTWQ<;A;u6`-_8meV*A|DM=ViLq^7Yw0@=a>MhY(1Tl*wpD0kwceTEQ=)bb~*f1%<#*PPVErHLL;+;G&~y@m->D|N%O_# zu4t&muxFXl-kUF6b~<0RJASx5rX@J^G(#5w%%qu=0a1BFhvi2_uQp4`n5aSa>R`u- z$y0p8V}2y5#du!H$y*T_gN(4&53!6Fx;F;CBCh=-`p+>YBCdwp*mtg9o?Sf{u}fr8WDH9zWh> zVpC0Au^@gO5Ktuw8yF^yBp1tadP_?y;`BUO4YtRKi|R3{h0tGIrcV2SVY9sP3&J7u+|QFI1J zCsWkDIvrbHUXEMbZa0qQ75ho@KAKK6acM?6h38WMre|bq!lgd(70tUdO_v7^ewiTB zICeI}Jpv%iPfbzxV$JVD$a@_xNUWZm!EjGg^h|(pAAQ_cYeUC1@GGrtci){2kjk3o zG29FQ+2tD9(b1tcs;-Lf^{N3}zkYi_zzBc=SaOq+)V|h-_&Zl;M~7#^Lu&zEGVzNU z23ZXamm^P}Y{ZS&TD9$J6H-%M{XBcFsdU$82M*M$t+C6xf4zH9)sdKgyE0=&0l*rw z^sy)w>h+J>Y+<#vHK?F=!)v7Hq@SKkaMy*22DI$tM8WqF5}78xh(~g z2n8hhqS-v9yj%nSo3PxtEsgoc!tVf<3Ve}?FQne&rH4{BmO4)9}a&2 D`6sgx diff --git a/external/unbound/winrc/unbound48.ico b/external/unbound/winrc/unbound48.ico deleted file mode 100644 index 074d12ebcfd3b47118a61f99fdd43d8bbf90620b..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 7358 zcmeHLd0bT09zXZa+xP-sfZe@j7tt+-MPZRzHQ247}oVS9IqA|_db6CaPCec;fKfI%az)hxjTEEa3iy16g|b_S*;CFdYC zie=^q!uu?@5TR73b6jcJNes#NKd=OJ`@s&q-d5m&p2pc_ z2%(Gt1LnX0Og&x(HbED!J!=M{v7mWl3ud3cdFQvMl9N7Z?^#F?*?)uwd$teM0A@6G zVEmRX`w<$%3)4g?Pf|XUmF=>;Lsg1JAx9FD_LQE0F<5ah(96o}z`!Z}jSv@F-0*C5 zT~6-q`}-{ur3DBTviw&;=0pD-4?xj0#iJS;nhqQ&FZy&-#?*I>RDXs`5yf0dDN&T& zic%&kI}}qfLYXPa`4~?Vn5GsKG?u`~y&y_k3zolZ~tG_1orh{!gQ>s5KL*-~z{ zpKv%TwIMgS!7QIhaxnB-%s zxy)=T0g7Imy&hyXHZ)z{r$C@||LMt-*GERaM-tg2xn5FsnXTmxTSbWTSGT9e9eS>< z=Zv#Wh1Gia24KKWyk6+fUQ$d^eG!T^Qjtc=WFQR$flDm|>0;Tzr13$HNt30*=$NWr zy}Wj7rPX@UYAdCv{HUlI)z$SNp}O|sM}>RiA1zSiMF{0H9FX~)-G0*Ptn#$`Ewp`g zJ5RMMq|#;sUG^%`lA|kM0olml|WE=ORM}&BhxIF$7_TvXUSP zhH66)z><|^Msw_oH2WOIOn2BmAC}P6{}G?tRefhKUsS|NL0C>2(h;$gVM;7P2W@SB zaC^>#guOTL;J}R<$=&(R+>?xjGEQ)V+?sy?AtS-cPI@nyUn7)u13$0zd7G^=I)8zGa?fM!+ z%n-yB13j9hCWu0ASoq=YJ$!EWnTPv(ha@yREZb;ihRIZ9F&&lFt&)T-gcsf;P&z_` z+qF$dp77?bvVD3efVc#i2qa&jr3D`Ttgmm1j()>H6`0g7C1q=nx=CclAVd|d$HxC# z_4!Xe-Q{w=K#-$oW(?1a=b0C1cDlv9@wQGsyFFDgooh!w7wF#e1Z)Sz&Q#@(6`??2 z!9t#9+4#Qw{*{}z_P292`ig+T>ub7(7X7QM?{R$=B15j({EbN|6{S5UwS=Xf39{bP zr}xD0urZ|Z38Ue8mPwVRS3=sp9u>7vRwfDT5~p)lc!x@7o614)zJ%dT!Pd`c?p2nb zL{cNnrh#ec^Y-jH(2~;pK3^jQe_Ur=slcyB(DJO?b8_M;gx<6{_C!Sd>~Njr_Odbwb0ZcWvNs|8$Cj2Hze=5?2I=Uu&i9x|wL=#W7FM*@BOUW|>+zb)bo ztNkUOA4^js8EO#2JWNx)NfgJhlO=hb#j+c+Qs=0%2?>GQyBy}YMPOZK^9qD!_vo2< zvAz-Ske+F;CF92LdPQ1M@mo|>Dnc_QrN|QewbS{XE9CnS*Rde=T?3Oq(L-r^07E}W z(cK9{C_-ktwM$6IIEGndHf>hTyDXMN_uSodcc0pzpfwzmDe-S9L0|(ZSu<9{s(L=U z@$xt7)ggU5%}H+Jvb?Sap8wM z5E?J3g(hX2s_qI2IeuraT6f#81#SUDXDae?nq6qKO*nPx46NA-inKCCJ5L2J);Hwk z7eCa0io@|VWf%!Qi%@?95lWCAmg{CwlWo?*VCNT58D_nTqf<=GRD|A8l?}4;r4sZ_ zyU-({o-#$rVb~0won;DwGCL_N>mwMcJI;;BxV}#V1iOrjG2IdTRlihi`)c>9!lE^+ zH_Th`fxxG9j4BV0s;d1eK{rWfP0Z2GB;HnHzwV0nCLMNtw3`I_tPNg1qh1tAcmOkXT zq`jrbKn(bCzkZnrO_G&WvQ(r>n`LDKl(ho)I?GMwnDOBL6!X;1okz97H|zBpKp2cQ zz!#j={oZ;_siKVsjAWu}n(b;kUsaa2F@Hs}i`=29HRmtrYHizokYPr0{A@|em4%gp zn8%54L(<{6DFUBJ(<2aiXx{u!VX%H$0j*ovG@>+BYHBaVM9(BphRr_9Y=Xf1I4^*; zPZ*Z)wkE&1$%i*0HEjuGZ9&T9xH+6KmlbAl{8WerP%Q|;^I(A^M=gM1z`VW-t-yl` z!c{QjP?(iC9>U0YL7t_GFR|d4?}Y;d97Ftdml}KA`7A;Mc_9V1 ziRCglb_&C$FOLQ6}V1OuA1rQzXn(@4@!wa~M1;}=o4 z#Q~EfX+x-8JI{lgiob#W>#MJp`PYAH%wRChRaJF8x=lxD3M)^;l>;-DrU&utKfr7T zJsuAR14aY?SBtpn1y0&nqq@4fjhi+uT=f3OA8$BwPCF{LCc^_7IAepH^R*54#m$2( zuc#{p0b<%~6g7fj??#Bfr}tg87jVGQexJAs0ya6#BD6lZLA`Tz`3I2|dbCkjD{=iZ zOw~;|0FDA1*3jr3I1mnTStiqmqPSX;R!ZVhS)PKByIZ%|Uw-`+MBF6jdXNXdfOa*u z>p}e9qrt(5pg~RR_m6z)-;fj(1;Bj7iz|8YJxQL0(6HO12Ub*KhiXki{C%C9ebVX0 zzaij2oID=a<|`EYo=rOl56298d1=WfDalw~q7Bj!u|5=okkP(pa< z!1ALwXx!RuYEe=TXbTsAiO4C6m8!X!l~)L2KF==^`PoLp(=O+uWo1WTY0Xb>5rp5xLYV!#{e=wt2R`hW0{{R3 diff --git a/external/unbound/winrc/unbound64.ico b/external/unbound/winrc/unbound64.ico deleted file mode 100644 index c02f68f0a1960b9447de4262fb7f3b0a0730d3c3..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 12862 zcmeHN2YeLO*1t15edgXNyPKX(rxSdD0!jddP^3#!K#?v8krF_GP(qQ8^zf7xAb>PA z6crQ|jTDs@1rZvMa8UlRCB0)L7Giv4~#{671*NzuMp^2^P8 z59cR<1n9-Z#qe)4@(-9LKmFsz!}zV(?=ANGih&2O&4ta4y(9qt|3U-oMP6TVk>6kB zFZTMpMP9fnrbj@r9%dduZHj$fKnSwV_xcKoN@VV{S$N3tQ=Ru07Z&-}zq6xb`!}Ab zF}zmN@Ls*0LWpzZ(<{{7yoR|{TvK7(P}GpL_~Nn@E|2=x`k z=LZa0bfd^eEy4@^XxBf|0VwVb1Lu5mELg$*?@qop zbaP_G8TU>N;NG%Y@D*&*=Pjgo#*A5wP)9`@swmS`ZH0rKOuOFir-Q7HxYWJ z-Luo6XE9Y-FRX$cq3shzKt&NCPk*KtC3m1F4I(!c{nFKfHEZ^_Yn2(|n#iD;qP&)l zzPCnAH9#1qrO~OVsIaK;2G#$?OFl-ZxvHfq$`lP}X&`+46GC!y@`X;`C;AFmoMxH5 zzS;LPbOw_FLX=d12|7Dm+lM^``~dN<(CaIr9ZO=$w+GLT8NH=)<>`Vjo<&O)b*o|R zG!5#X@43MgK2Z4IqyYm1Yr1LkUWDq2N>4?ZsA^eQ|B&c8MBlBGuXXY{);AhB3!#)( zhh)JJZ&9Ib1_5^jU~h^atdep^&HT41^70C@H|9RuVYxeK3PN*bVXdWa2iVxiHC#Wq zTvQ%(T!b( zu~#?t>-smE@d+l`0ynL6+^Z+fT!!g@R%hrgMjB?lsLrPWO?Zuw!A7C!;(U0-gW$8AyA*bR92WyS{A2#+EI6dcvzZ z7$-t3-JBwUWhw}KE0$}as;Qd#chDKP`y03WTf_LyB;R6lho*mQ;FSpVpEh$V&;i{G zSV2H>ieO17M-+Mf^}_c*__kx`Ojqb+5IE1hqwCuZ>np=L;I@7Y4mutdb~@T~AujrI zLiCk{=u7_^Is6LXp~06mt3Ruh*bbpm2!$bJv5d+&1dihvmKPiqRk1b8HI${7RC%VZ zZwL?H7aMadH0WmwA2zK0y1B#BH#^wLf2%tB>NRRI5JSPGfcpxpDL_Abl@4bA=vqISm;Sl`SBc|2tOGNMWkL81$RBZRydpiv2+2I(0hSy5e^ku=#~#Zsop8zR zJnl4)xq|oU#-{|o&2lNrvv$Lzg*OTU%9x+;+p_ih&Rw%Y!$D7Gar|oC_{6dRcCO3$ zV^Hvk@W|8A(U)SPuSUoI8WnvmJn|QJ*bkQLfMM*?$+o-Wry_!RAjo#@Is>63NvJOf z)mcXz%a{o9wCEAQ&mhhbt;o+g#3rnxr7RCo)rH~VyXz(wG;HXPjXv*o{}dVdOGwxO zoor>82~XCVT1Z#Gf9%-hH)d_CQ*(|kPII8es{Em4?Xa9*JDs_~!ABz^&P2srjElRJ zkZ>_J=A0+;R9M(ix9gy3>>>Jgj6Wn~jjk`c8-7rCP)hi9;-rlTwNa$jGFO*#{EcNJ z5Rz@^fL>u30p#ys0e?qHXwM6+d8vo2Om|valIvf2zLURNwQCU(Clg|?B$PVo3d+&Q z5>U2c-Pa#3y zyUhKjzJusnRsCHJuQc#NqD|%;uiOjtO zhRdRhWm%4km!%gap|>pe;DnxnJc{6~M-sp9(%s*(wJ$#Aa(vw7Cu;dBl>6Br8z9Cp zj{Yn&PgFNpR*q%u)m?|&p+7}=&d0~)B_!mRioYHceF?Y@4nATz4;tpzgls4HL#(aS z@KO!W6Qz*|y?~hH=(x6b!yj<$DSg)PQwb0k>r_{w$32y1gSH_lxGea1N zFS(V|)s0t1D9Q|?%o3Dgyg1g>)+AOq+@htw){})XQ5ULLD`?fuU-hvQrtyxfjF;tE zW#Z13DtEnnxxxyiZzRNA3G@8o4*tP%=IZ87YV2e)*4Ary8NqWEaTJR>A(R{!|4izj z$$R!3{4EmQ5q}`d%Ff=;aYM15rQ>&rzFEf^4Es2E9+nkB;wdR9Fc$I%IOkozQNG-0 zhMj0=nNFOg;@4Rr6|1vCg16PG^J|?a{jsqZ%9p>~x{beC^FmMLF03qY@MB8F?<-f< z8x?gfEbNHeI$|2&qdv#@V-;ts>M9+-h4Cbg>x)n`S!vL)VZY4G_b%QPIN*nnbT=*n z_@_;StT>Gr>kPcvw)f4V&=;`;z>AWQdmtB(-?(wZTUd1ETEU}_j+2pY*FiBF)GO-plD|f^bC$MAlwMcVjIfX&E&Y&T8H{{R(S^$4q+Ioc2iIHuPj|llx zH8z=KDR@!9A0JyfFOTNl5QE@+y})1n@ic^<=Oj2fN>Wcn>@5lX6?Lx5`9a0R)0Hac zg-4vMl9<=2hrd-@pC@t$!Si^2w5qSNwCzOQNbqt(1wPq91>RIq>NRZCCo^;7rSl~j zKEzO{X8`Qq5)2CTE-iq6{J8fJ8mXJvrViS;Lnk>F`P8K?VVEQpM=Z!(as0%&-Cup5 z@#e-RP13R4mFHiQq`r!ns)~ax0#Tr!D5V)>1=wuqvcE*foQjFO(6~uqkKXSK(+ZMo|xo8JM z!!={QX>K>IJto<&>R(~=3l~|$IhwLuRk!;YEVp1#Q%L>=;T1_5sK~=iBRw)|LWPPM zWy;K!l~*)*o@u-v8+S0F)T!W*V^#llwMTb{gjy@6{dE9axQVfVA z-vn7}MPUfXb`iy1lG0zssYHJ*ICN}6=~-2(EPkxo;zu6Ih>w3=Rr|=|XhO1F?k_!_ zAH%}FkBL0hthu*mZ-{G06}(1KCh&ZBS$>IO`ZjJlG4BT57#0-Tg)b`UTekf71iXYV zyD!vp{B@t2!l0>!b4%F@Ki5qzu3qa}OzAUD_X*4SlVyG;fx{#NoyN%M=y8ucvarVE zE34PYtWaUL$CGZD{baQpFT5ZMDT+EvBO8N5zwtyI4hcT;Nac&2I{VwU%?l69k;R3Q zG{Vx~vIqp4LC?0CQBVkb7=R5BKxOU+^zCaBNSHITa#*GxA*(~eb~i}Q>)OTNsgu8X zGhb4j{2Dd$D_6}eTVYA{DvN8@SX}kdC8f$t4-OfoX?-QJs~~pZg*FbpslY#{s%a`- zW?G*H2jx25xe*b^8aMED>FTdi%yDC>c-sI`4?b;N#ZtZW>q_{zSfA#8LmMcFcHgcTd93ZPb zMFFyi4wCSUC_F6)^?1G}&n78yClycEwD(-rPFKiYr|bK~au?gQ@jw0aweXN_nv%f_ zBM8ng^cAW$QxLjs`d}a6gq=0)neI{H@5EQho@MX8pF%=<2#$13U!#ysrZXor^gy)d zf1;v)@_3GULO&9fexm#$FSZw@)`HMX;2R1;ZCW8zuh4>ht@(;+9>h_#PQ{e4bIIxKvi18UQzi@}_ zi7$09%Cp-vvNSvq%8!aX!O$}>egmX5|IH6!V8D&sKlH!|+kpWWU`W0~+nVV8y!`8X z_Z?ijZp-X>%O*~mH*Z$v$k7=DcMf&GSFPIRsMvGPpdW*RJ~#ACgnEq~yDmU$MA|BZ zy3^{evL3Q2tbd{#Ij-Q{VWGP$W4)@pA%xs@l0`3 z^@9W40QCg4f@j+l+$w2-NIh-}?9qlthwps!v5W4|BUaG2LC$Tuyof>F)~?Het`PT6 zoxV~!p^v~1(zQjJ_6{NM8+aR-gK2Kn@oLyFsPbr08Y~I}h&qy&2AO8(-0x1p*g!D7 zIpO_&-b7DXvDtyxLQ4mB%kGQ_IvivjGR#f9G}W+r ze|zu*Oj(dmjcE4V_hBna@FYcBjKP-i1|4tG$lEGjs3_A_d6cYx3cW0IU3s}X6y6ss z+ybKlBD!DPxAYIJfgQ^O+|a@~B;T+gMfu+1MvZ18G{7(?MtL%fpi!ziGs5|aX}yiO zVdWDCU&+e{Qcw&8LFV7^)~YoaD%Bd9tZ9EI>Jm*|u4oHnZMLFLl;x3 zYl~2$uHENQ{B!~A6}L~f0K31h{~%)1fovAW&z}1+i~3@1tkX3vG-M1`UqO5;UhEuX zPJ`z!Jzkm*eZYl5z8rvff!*=m{lA2T^yl~yuse1dqYNEV(C0<5Im1@r9aS`; z@s_PLlG1u6Md0%mP?pojFM(G}M5VhZ4U*(ESs5)UqriA2`87d$mExBNC~_}`>EMa# ze(E&c;o1c>VBwD~0H^>+0?I1IRCliC6(!T`uAiiX-i{*jt5AR7x%NEwlpvIY(qhwQ zt?2;BgP}W}nwkxqK$jXdhD}OcS?MB4FUxW&h+U?~Yrv5xrz$e!;oxk$1i4>4di0b{ zgt`y=fU5^=G?%3`ii_-LMky)F5PF$t>5}@IA`el-J_6U7jECAeTpT`f(&K@^(Ew5-S?VcE{Uiyv7$``fIVrM~0`hloFGNN4ICX|@2W?DX!bNpjG9}OGKH>OR6Zm>}W zyfyzA=d1Hv6NRc=4?%iakb4VKPeJT1h}~qV8wAIsn!{|qS#YZ(%^v?D6J&*mn2A-TRQk!ya<|unl)`o$Jp(6 z^HI71+n+mo1%sfPT2E5i3*rmB_`D!I%ZaTVQaf3OYDw)m^ESfp2lbzHA{#dq9PkcL zTYy^jrf*G>A_-}-JVsJp6XpJb)I$*4Iryg_bA#k3JRrcL|j+cQ!S_us%>*pZ6z0D%`=Akf(U<)Pr< z6kdR2c%&i?7o}8QdWjc02tp%HsLDBlIgZcHeh+#Ug5Ljr(wq2gCsvZ5fBjW%a&kL{ zfwClFX!;i>h-JHV8+ra53No z*!A^3+7lG^=1UZ}lexz$TWKKB(#OR9qyKZhQsPLCNrz|aqM9MflSHAvNG0E#=aK|I z4#20Trb16Dc^kZKt+&kusBT{rY9X+)zu%`o(hilq-!jJAsND6U1aQF2sq)-(cPCF@ zeWJ!V7HUEIQcYWp@ft&0O|-d!(3f%47Q_Sq-=%w}62+#=W()Us69w+ydb`9UgGGaw zC}>(+v*R65_#L~qj=aNnoBYi=fElR1K(C9J^Xu1#M^Qs{V==}nG`v>TR%sYs63DBYb5y)i z)|RTud{r5*sQ|uCqb9vBU!~Sv5+eUQ(0`ki3J}0k4TM)>`mf~BKpiizCBKqrD?x1( zJX@0|5Vb!-HR~sL|MhYn9YWLNTloKt-hcQDg-=ZhKE{lGhhb6-eXgdh1hGRwo+w$G z2Cwvt)6{|RIInJUmrEDv!)V(F+Rla!|L--(%i!HRJ7`Xw`o4orfeHh`OW|QC)>dF; z8CK^h%6L^9gwT_9pX_?!0<8}`9BM;_Rt%dY8~mJwpK*>K&QPU^s@$JJ4XadXfBg7a U=o#1yJ`CU?bpF-;A4}kW0TYi24`oo`Axc_B1X^B9Cj=4#A!NK$a;G!z{TtpN z``jC%0TM*uy?U!^SDoy0viDlwz4lt)HC*wj;JrsF#in20!#6Lum_?0Ada@CrQ6QGK zINHWD?G+;e8=DP!PFTqoZ@rcNg$ps(5@^l;ZK41~1f>+-SdRY7)4AyDUu3s}Dbpqn z1ci`8C@P_>J$=ftET3g$%^I${^in29#|X40vF63L=a5A`^&cis7-Ko{!izcYtN+Z7 zmZK3{5~aW^0wrX$P!^#d;kaU+ZTH^G-(T=ns^jB?I>1@`V%hSXWIq7J3t9=r7*2cF zdwJb;|H!6xgDQ}SAYPGkif*Ur5>3B@lZyqm{r0z9b@8RtCMHl? zz;}+9sHi_Y;RS>=E;!@(tE)fBt3P-ZTc&H&MS};g6iPu}prVC-2d^rW+5C&uth)GO z8Z*;qt-w0Gq}P0@ig@q$J)hZ69fiGfcoCHIeEVos0+?%Dj)4}M6lSjIVrQh$W=OGXZ?SqBJF3Y^C&#XG-tJ%?X(K95XKlW2v- z6Qal<uFU1%yn(*6 z&SKN_46Ps_2DB(LD9Q-^qNpfEf1$v?-E=eWzWj0$n;=^8R7ZO$$^HNw;0GQc)VRcv zEqC*G|Nb2cC!fOBsVYV(oKHb0_y8xGJ#m|0C9AJq6gzGfzs^V`Xpa@%UjS7JOLy~;PF1?2v$LCV{$rTc-?xgd+UW{o_L%>F=R?SDhX(N$25*f2V)+F z#j`z0xc>St@xc#XiM2L0K=wCse*k2k;T>_-p|!#q!+$<-Klk2$AJx%u77h(@@@r0G z#mZOVoq+R5@H_(G@CZKD7r_C}SppsK=mYoiwYR*D?BoQwD1$YQ7M2>0s)GrHaU44= zObFa`%PpLD?zyQa1p2@LbnKsXcYKUrmJ-Ay+VgxOTrg8<=K6SVmBaLi^2j}y>=#u~%2v(M$SuYH9v@xmAKv{Q=C_(0pU<*L2?H4V zy`$_cCGA+2%klf$ZsX@Sd<)>9>A1e;nrp6kW&}D%=Yw=UTX6(vob@bx<#7brhzEam zH|0%I zDn)+~QE-l&K%|67Ad3*8&?vMqG^eYa`L4ePrNF0*_9C~{tr1#%+fMH7mU4>aRDwlg(8h9C#UJ)Sd16{ql$(qSd( zle_qHpW%ozU(ZCXN+y7uc#0|@r#eK*!cY`3IX%s_pZEj-UTJ*CTOERTAX?#U!so7h zKaK6%S&+|B^p2819#4eqI|M>W6Ka4EH=48>t$kqf%(cjKC+V^;TWbQm^#u7MmwfRH z$oxTE!;lprn+XYXS#+Q&X+_Q?9Ir!~Kl>%?SKp0RohRixao;#Z!S}BFJP+M*Crk1f zdYz+3pd=6}&>do;@o1PMKy7OY^I3AaY)8pIqX&5LC_wr20G_?{C0`!V8^N90U>oT7|00R zTd(pe8*`@4@Cu!!5E{BoLIjL#c?^Kj#~$OJfBhy)f`E#%6tyCw(}&p z0;O1y%aAFT$ciA!@t`q0()2VjOnJ-CC--uPhrwAc;D3GP>&Wmh z^Skntog$Ay z>NNSfB9CX;o=F~BeK-I6N8e{jCZgm5N}`A~L}+?)W%}mzG1+ReH)+st9-BDkM-e#} zGp%5EY&iejms9K?z?eguP#si5#CKe3+xm5U_6=`j;rIm0iV=D5=n6BGqAZ0lgHmZW zcszmIrbn6b5IaXKir9H#4^4qOo|>~v+w}U!m5RL5#w?eB!62d>K;#UCFwfyjk0R== zuyNxi*6to-?FOc75h5ZcbMxmM@3pZp{%&N`der3I8e#OCX>0FbgXOu~Kt`fn`qo~}?aucw;gT4oGzx{&GMBbH&+r)$d1e5-M}XmnA0ezx zQtT>XJj~2YqYcCo(^i_zPIL401jFJuthX0eYhfETDtLM$OWclWPF0!A>>;WY=_*$! z1p(SS29%~pX}Zc~idqxTv?>tP5Ql@}0b{#&qJcm(&OzH-975tVJeerIRo~0jVxBL2 z^~=2OwP!IgJi_B^*RbX%x3g{auL(_ySVN}SMm1w5C+oCro3e9sMHzZ?IZ9Cotv1Cl zPiDb92w~UG?d+=7s9K1`a%@=O2y2x{9n19rAb7?!=&VI)&8=5o%|q8-%kf=h@=g)ps4L4}7xCRzlb^>ej#~0^ z);zS1LOzdoE*-1IO|JgSGkNm92Ot~ZfdT>AD>B}3WT<#qHqUVj1}O!K>9IXjdghZq zX*q7H#)J1i$l9qX##&8|&PNQ{3^U#^rJxB+;@RG8@T9Rc^LdUw<8;ox^zEE+&UqAi zyHXoEja8-7X6_&Q!9jUIzPp6?^+EWFl_*~?%u(ZPi*Cw<;M^w30eiX z#E?xaD`mH4UeTws^efH0a*3XN0n@0XwI&+q1ErbRwwsB`8dIjtyeMR4 zu7Yj0&{~o64i`JRm1m%kXSs#(w&l?~@8XMh-o>|%csVCs_-4+!>|&NJKOWubJ{yy6 zuxPF4YK4Ph41-4=i46i;-V@`oO4#OwH73T3BBK;>tIapQ`Hd9SFdzsuUTI9dfs;1f z&azS$SengKQl4_4=*#C>eE1^5T$X07PPSMg=q`~A?_uliT@1SfV+|({F64;rE_%C4 z%**CETr%{BA@g*=A_qg_I5HB>D3y7AsmS1tt=x0nKk?y{&tTP?&f~W4ewXQqNrE7l zYsFh@(-`-ROt8~iuaAy!{i|P1Wq6o{IuFWmTioDx?SxT;Deux?8w8xVY#F&q853pc zRnWb5EklhNdI?bkjL;%yJx7N{Ub%P?FFSGx$!zpGQ0U^!`aolFc)@ig8Vq>X0OUpyUd0Ng>7taievDmP+-C{S6(#v1Q$>*QX zxo^LWqmDan&I6vE3R{QLikq(d0PDW;WtMjLuq$q{y4hq@6eG^E*MkKRq1UJHX9G_c zaBe2cLh(eRF+k#C4$~3Gm3w*BU#uio%2MC32~(|8S+s!IIo3bEg@>zEwwV?ya(Rvl zG!cq&lqZ|bp(9P;9qlBhX$EK!P6 zgOI%Q7%hlR7}ScTL6#GaSi;g1SK=losjYbk6ciWCW7nQ(*6-ZOW)ric-DIf~7Ue^F zG6nKLR#~!PL@~^h3qzC=ycgOgp=lDDNkVKA8qU$Mj;4p2PrafBj3fzLTWy8~x|b|I z2r8_=C5C~ckK&Y%Ud4Al@=<&?kHVu#2uUMplKz^>b`v9M4Pg+B2vc}sYv@rzMKt|k z$l&~bh!dJSc2iGU6r&uYBV+8Gnq)7AF(F$g8@+*IpqQaRo9Q^A zAR+lMB$tT@bwC(s3Q6kWM28Sh|poYv?# zal6fo2$QXZMk`^sTBrZC*YMg^s~`-Sx$=Gd{-?L_$p5^RT@S9Mr(I(xm!+Ijgs~+P zw^c4%wJ{p^SKa}?fniI}Gi*{|A zwfEgmyR#kYv|t1h56~HXd*~Cz05*vopusqp<>gn9gL5UlOzce1bFXh#|d$4 zz$AF@h(wW9icF}^J2n7!Xe^C1Y`($?DsFdP2KfZ~tUVANT*RP`nw1BoK z5~Xkg;w(o?$WcK^%{EyaWLPGOB~ielVv(*WgVdYE%{GnD(eR#0r`b@Qrm=DbAOF=o zgoPsBbp|HRBU*K$w`cr`Cs=>;t!%pa$28Wir@z%;s8FDs&5#j8(FSByNDyhFAV6!u z>$J7yjHhW0HJcn70J9*>PIsI28Gd=&ZT$4cn^^O^HEi9zi%D(W1c>rqnVI%T#2RXgvT0f z#tuJ%kKgwnlm~_|&VzzruA)ot-|;n{Q>)k8Y;EVLkn=Izz=A z-BFgTgDemRiXha4Iv^wAp#v}n1SwB)&Z0!2)IN?q%N^GJ>`qpleGV_nXIO$}krMiJ z+UpNV$7)SrS{&0(^FVcqlRo+}F8%!HNIJbeFX=qONr$#Rbv&h9>e7zRY$DYmZZvr8 zSO3Af@Ba^mf3ceU*f{f|90R!=UE&c8QJ~3oW(?0sd^&m|P`YEZ$NA2-R;T!w7#pJi zlvIFrDXTQz6L)6zo|LT2AdJLqlI|W(efvcn;{=&q&=En+ZjQ)Pbx@!@N_jjMXH%qf zKF2ZVoXauiyovEm8(DYb&20F|Ej+qm1B+tAU?EFMY4XlKcL3&!h}r3r76hF(BTTw6 zzIXc$Nh{aW4Ja1v>qRKLWqg^_i{r=jPN} zAv(=i>1Bet zd%*=Pzu>KmY}~-Q@BM(yx83ol0Px2mosBZnd0%_x52a&l=kcPj9@;=63h!Y?S*Ap@ zv)N$Y$)|Aq>tCOm^gQksi&6;Syv10Hl7PWi9LwNmj^(tEeE3gTka#-r9^c6f%TGH6 zx+=uRq+2B3W4)v891Uk^TSvR?7{zn$s`sHXQM&bc2#byfD+)!VA_7rZ=P=HZuXI1( z0Hm(2mEf#rXvMLd^0)8i@i?ZY6wOf6(2AylMyQzdp7pH;XTI+WPJQcz>1Mh9^K6!T z5u5_2Kr0~-L7aQ;Y4GXq1c(DCSS8q6jc>pA3hw#dchf~FQ8+v^-Z7QQaORa)@XpVE z79|-R9`u11X#aGzI%c|k%U)id0}(o;n|2y1-XuJD#~nOy<4x?@x)lP=(DGwA?b6Fw ze%dLxPP9MRk@lai82k2>|C|6o3WD>g+kwZ~HsTc$L_kWKP%^jA^Fqs?9RL9DIyHm_ zM5V=|b0~be&x|P7h8cBTmBEnn2(2&y={a50000< KMNUMnLSTZZ`u^1b diff --git a/external/unbound/winrc/vista_admin.manifest b/external/unbound/winrc/vista_admin.manifest deleted file mode 100644 index 32eb1d6aa..000000000 --- a/external/unbound/winrc/vista_admin.manifest +++ /dev/null @@ -1,35 +0,0 @@ - - - - Installs or removes the unbound service in the services control panel - - - - - - - - - - - - - - - - - - - - - - - diff --git a/external/unbound/winrc/vista_user.manifest b/external/unbound/winrc/vista_user.manifest deleted file mode 100644 index 24f5164aa..000000000 --- a/external/unbound/winrc/vista_user.manifest +++ /dev/null @@ -1,16 +0,0 @@ - - - - Retrieve latest version of trust anchor - - - - - - - - - diff --git a/external/unbound/winrc/w_inst.c b/external/unbound/winrc/w_inst.c deleted file mode 100644 index 023490631..000000000 --- a/external/unbound/winrc/w_inst.c +++ /dev/null @@ -1,321 +0,0 @@ -/* - * winrc/w_inst.h - install and remove functions - * - * Copyright (c) 2009, NLnet Labs. All rights reserved. - * - * This software is open source. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * Redistributions of source code must retain the above copyright notice, - * this list of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, - * this list of conditions and the following disclaimer in the documentation - * and/or other materials provided with the distribution. - * - * Neither the name of the NLNET LABS nor the names of its contributors may - * be used to endorse or promote products derived from this software without - * specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR - * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT - * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED - * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR - * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF - * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING - * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -/** - * \file - * - * Contains install and remove functions that manipulate the - * windows services API and windows registry. - */ -#include "config.h" -#include "winrc/w_inst.h" -#include "winrc/win_svc.h" - -void wsvc_err2str(char* str, size_t len, const char* fixed, DWORD err) -{ - LPTSTR buf; - if(FormatMessage(FORMAT_MESSAGE_FROM_SYSTEM | - FORMAT_MESSAGE_IGNORE_INSERTS | FORMAT_MESSAGE_ALLOCATE_BUFFER, - NULL, err, 0, (LPTSTR)&buf, 0, NULL) == 0) { - /* could not format error message */ - snprintf(str, len, "%s GetLastError=%d", fixed, (int)err); - return; - } - snprintf(str, len, "%s (err=%d): %s", fixed, (int)err, buf); - LocalFree(buf); -} - -/** exit with windows error */ -static void -fatal_win(FILE* out, const char* str) -{ - char e[256]; - wsvc_err2str(e, sizeof(e), str, (int)GetLastError()); - if(out) fprintf(out, "%s\n", e); - else fprintf(stderr, "%s\n", e); - exit(1); -} - -/** install registry entries for eventlog */ -static void -event_reg_install(FILE* out, const char* pathname) -{ - char buf[1024]; - HKEY hk; - DWORD t; - if(out) fprintf(out, "install reg entries for %s\n", pathname); - snprintf(buf, sizeof(buf), "SYSTEM\\CurrentControlSet\\Services" - "\\EventLog\\Application\\%s", SERVICE_NAME); - if(RegCreateKeyEx(HKEY_LOCAL_MACHINE, (LPCTSTR)buf, - 0, /* reserved, mustbezero */ - NULL, /* class of key, ignored */ - REG_OPTION_NON_VOLATILE, /* values saved on disk */ - KEY_WRITE, /* we want write permission */ - NULL, /* use default security descriptor */ - &hk, /* result */ - NULL)) /* not interested if key new or existing */ - fatal_win(out, "could not create registry key"); - - /* message file */ - if(RegSetValueEx(hk, (LPCTSTR)"EventMessageFile", - 0, /* reserved, mustbezero */ - REG_EXPAND_SZ, /* value type (string w env subst) */ - (BYTE*)pathname, /* data */ - (DWORD)strlen(pathname)+1)) /* length of data */ - { - RegCloseKey(hk); - fatal_win(out, "could not registry set EventMessageFile"); - } - - /* event types */ - t = EVENTLOG_SUCCESS | EVENTLOG_ERROR_TYPE | EVENTLOG_WARNING_TYPE - | EVENTLOG_INFORMATION_TYPE; - if(RegSetValueEx(hk, (LPCTSTR)"TypesSupported", 0, REG_DWORD, - (LPBYTE)&t, sizeof(t))) { - RegCloseKey(hk); - fatal_win(out, "could not registry set TypesSupported"); - } - - /* category message file */ - if(RegSetValueEx(hk, (LPCTSTR)"CategoryMessageFile", 0, REG_EXPAND_SZ, - (BYTE*)pathname, (DWORD)strlen(pathname)+1)) { - RegCloseKey(hk); - fatal_win(out, "could not registry set CategoryMessageFile"); - } - t = 1; - if(RegSetValueEx(hk, (LPCTSTR)"CategoryCount", 0, REG_DWORD, - (LPBYTE)&t, sizeof(t))) { - RegCloseKey(hk); - fatal_win(out, "could not registry set CategoryCount"); - } - - - RegCloseKey(hk); - if(out) fprintf(out, "installed reg entries\n"); -} - -/** remove registry entries for eventlog */ -static void -event_reg_remove(FILE* out) -{ - char buf[1024]; - HKEY hk; - if(out) fprintf(out, "remove reg entries\n"); - snprintf(buf, sizeof(buf), "SYSTEM\\CurrentControlSet\\Services" - "\\EventLog\\Application"); - if(RegCreateKeyEx(HKEY_LOCAL_MACHINE, (LPCTSTR)buf, - 0, /* reserved, mustbezero */ - NULL, /* class of key, ignored */ - REG_OPTION_NON_VOLATILE, /* values saved on disk */ - DELETE, /* we want key delete permission */ - NULL, /* use default security descriptor */ - &hk, /* result */ - NULL)) /* not interested if key new or existing */ - fatal_win(out, "could not open registry key"); - if(RegDeleteKey(hk, (LPCTSTR)SERVICE_NAME)) { - RegCloseKey(hk); - fatal_win(out, "could not delete registry key"); - } - RegCloseKey(hk); - if(out) fprintf(out, "removed reg entries\n"); -} - -/** - * put quotes around string. Needs one space in front - * @param out: debugfile - * @param str: to be quoted. - * @param maxlen: max length of the string buffer. - */ -static void -quote_it(FILE* out, char* str, size_t maxlen) -{ - if(strlen(str) == maxlen) { - if(out) fprintf(out, "string too long %s", str); - exit(1); - } - str[0]='"'; - str[strlen(str)+1]=0; - str[strlen(str)]='"'; -} - -/** change suffix */ -static void -change(FILE* out, char* path, size_t max, const char* from, const char* to) -{ - size_t fromlen = strlen(from); - size_t tolen = strlen(to); - size_t pathlen = strlen(path); - if(pathlen - fromlen + tolen >= max) { - if(out) fprintf(out, "string too long %s", path); - exit(1); - } - snprintf(path+pathlen-fromlen, max-(pathlen-fromlen), "%s", to); -} - -/* Install service in servicecontrolmanager */ -void -wsvc_install(FILE* out, const char* rename) -{ - SC_HANDLE scm; - SC_HANDLE sv; - TCHAR path[2*MAX_PATH+4+256]; - TCHAR path_config[2*MAX_PATH+4+256]; - if(out) fprintf(out, "installing unbound service\n"); - if(!GetModuleFileName(NULL, path+1, MAX_PATH)) - fatal_win(out, "could not GetModuleFileName"); - /* change 'unbound-service-install' to 'unbound' */ - if(rename) { - change(out, path+1, sizeof(path)-1, rename, "unbound.exe"); - memmove(path_config+1, path+1, sizeof(path)-1); - change(out, path_config+1, sizeof(path_config)-1, - "unbound.exe", "service.conf"); - } - - event_reg_install(out, path+1); - - /* have to quote it because of spaces in directory names */ - /* could append arguments to be sent to ServiceMain */ - quote_it(out, path, sizeof(path)); - - /* if we started in a different directory, also read config from it. */ - if(rename) { - quote_it(out, path_config, sizeof(path_config)); - strcat(path, " -c "); - strcat(path, path_config); - } - - strcat(path, " -w service"); - scm = OpenSCManager(NULL, NULL, (int)SC_MANAGER_CREATE_SERVICE); - if(!scm) fatal_win(out, "could not OpenSCManager"); - sv = CreateService( - scm, - SERVICE_NAME, /* name of service */ - "Unbound DNS validator", /* display name */ - SERVICE_ALL_ACCESS, /* desired access */ - SERVICE_WIN32_OWN_PROCESS, /* service type */ - SERVICE_AUTO_START, /* start type */ - SERVICE_ERROR_NORMAL, /* error control type */ - path, /* path to service's binary */ - NULL, /* no load ordering group */ - NULL, /* no tag identifier */ - NULL, /* no deps */ - NULL, /* on LocalSystem */ - NULL /* no password */ - ); - if(!sv) { - CloseServiceHandle(scm); - fatal_win(out, "could not CreateService"); - } - CloseServiceHandle(sv); - CloseServiceHandle(scm); - if(out) fprintf(out, "unbound service installed\n"); -} - - -/* Remove installed service from servicecontrolmanager */ -void -wsvc_remove(FILE* out) -{ - SC_HANDLE scm; - SC_HANDLE sv; - if(out) fprintf(out, "removing unbound service\n"); - scm = OpenSCManager(NULL, NULL, (int)SC_MANAGER_ALL_ACCESS); - if(!scm) fatal_win(out, "could not OpenSCManager"); - sv = OpenService(scm, SERVICE_NAME, DELETE); - if(!sv) { - CloseServiceHandle(scm); - fatal_win(out, "could not OpenService"); - } - if(!DeleteService(sv)) { - CloseServiceHandle(sv); - CloseServiceHandle(scm); - fatal_win(out, "could not DeleteService"); - } - CloseServiceHandle(sv); - CloseServiceHandle(scm); - event_reg_remove(out); - if(out) fprintf(out, "unbound service removed\n"); -} - - -/* Start daemon */ -void -wsvc_rc_start(FILE* out) -{ - SC_HANDLE scm; - SC_HANDLE sv; - if(out) fprintf(out, "start unbound service\n"); - scm = OpenSCManager(NULL, NULL, SC_MANAGER_ALL_ACCESS); - if(!scm) fatal_win(out, "could not OpenSCManager"); - sv = OpenService(scm, SERVICE_NAME, SERVICE_START); - if(!sv) { - CloseServiceHandle(scm); - fatal_win(out, "could not OpenService"); - } - if(!StartService(sv, 0, NULL)) { - CloseServiceHandle(sv); - CloseServiceHandle(scm); - fatal_win(out, "could not StartService"); - } - CloseServiceHandle(sv); - CloseServiceHandle(scm); - if(out) fprintf(out, "unbound service started\n"); -} - - -/* Stop daemon */ -void -wsvc_rc_stop(FILE* out) -{ - SC_HANDLE scm; - SC_HANDLE sv; - SERVICE_STATUS st; - if(out) fprintf(out, "stop unbound service\n"); - scm = OpenSCManager(NULL, NULL, SC_MANAGER_ALL_ACCESS); - if(!scm) fatal_win(out, "could not OpenSCManager"); - sv = OpenService(scm, SERVICE_NAME, SERVICE_STOP); - if(!sv) { - CloseServiceHandle(scm); - fatal_win(out, "could not OpenService"); - } - if(!ControlService(sv, SERVICE_CONTROL_STOP, &st)) { - CloseServiceHandle(sv); - CloseServiceHandle(scm); - fatal_win(out, "could not ControlService"); - } - CloseServiceHandle(sv); - CloseServiceHandle(scm); - if(out) fprintf(out, "unbound service stopped\n"); -} diff --git a/external/unbound/winrc/w_inst.h b/external/unbound/winrc/w_inst.h deleted file mode 100644 index cc06c5a3f..000000000 --- a/external/unbound/winrc/w_inst.h +++ /dev/null @@ -1,80 +0,0 @@ -/* - * winrc/w_inst.h - install and remove functions - * - * Copyright (c) 2009, NLnet Labs. All rights reserved. - * - * This software is open source. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * Redistributions of source code must retain the above copyright notice, - * this list of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, - * this list of conditions and the following disclaimer in the documentation - * and/or other materials provided with the distribution. - * - * Neither the name of the NLNET LABS nor the names of its contributors may - * be used to endorse or promote products derived from this software without - * specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR - * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT - * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED - * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR - * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF - * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING - * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -/** - * \file - * - * Contains install and remove functions that manipulate the - * windows services API and windows registry. - */ - -#ifndef WINRC_W_INST_H -#define WINRC_W_INST_H - -/** - * Install service in servicecontrolmanager, setup registry - * @param out: debug output printed here (errors). or NULL. - * @param rename: if nonNULL this executable is not unbound.exe but this name. - */ -void wsvc_install(FILE* out, const char* rename); - -/** - * Remove installed service from servicecontrolmanager, registry entries - * @param out: debug output printed here (errors). or NULL. - */ -void wsvc_remove(FILE* out); - -/** - * Start the service from servicecontrolmanager, tells OS to start daemon. - * @param out: debug output printed here (errors). or NULL. - */ -void wsvc_rc_start(FILE* out); - -/** - * Stop the service from servicecontrolmanager, tells OS to stop daemon. - * @param out: debug output printed here (errors). or NULL. - */ -void wsvc_rc_stop(FILE* out); - -/** - * Convert windows GetLastError() value to a neat string. - * @param str: destination buffer - * @param len: length of dest buffer - * @param fixed: fixed text to prepend to string. - * @param err: the GetLastError() value. - */ -void wsvc_err2str(char* str, size_t len, const char* fixed, DWORD err); - -#endif /* WINRC_W_INST_H */ diff --git a/external/unbound/winrc/win_svc.c b/external/unbound/winrc/win_svc.c deleted file mode 100644 index b755fb543..000000000 --- a/external/unbound/winrc/win_svc.c +++ /dev/null @@ -1,622 +0,0 @@ -/* - * winrc/win_svc.c - windows services API implementation for unbound - * - * Copyright (c) 2009, NLnet Labs. All rights reserved. - * - * This software is open source. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * Redistributions of source code must retain the above copyright notice, - * this list of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, - * this list of conditions and the following disclaimer in the documentation - * and/or other materials provided with the distribution. - * - * Neither the name of the NLNET LABS nor the names of its contributors may - * be used to endorse or promote products derived from this software without - * specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR - * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT - * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED - * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR - * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF - * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING - * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -/** - * \file - * - * This file contains functions to integrate with the windows services API. - * This means it handles the commandline switches to install and remove - * the service (via CreateService and DeleteService), it handles - * the ServiceMain() main service entry point when started as a service, - * and it handles the Handler[_ex]() to process requests to the service - * (such as start and stop and status). - */ -#include "config.h" -#include "winrc/win_svc.h" -#include "winrc/w_inst.h" -#include "daemon/daemon.h" -#include "daemon/worker.h" -#include "daemon/remote.h" -#include "util/config_file.h" -#include "util/netevent.h" -#include "util/ub_event.h" - -/** global service status */ -static SERVICE_STATUS service_status; -/** global service status handle */ -static SERVICE_STATUS_HANDLE service_status_handle; -/** global service stop event */ -static WSAEVENT service_stop_event = NULL; -/** event struct for stop callbacks */ -static struct ub_event* service_stop_ev = NULL; -/** if stop even means shutdown or restart */ -static int service_stop_shutdown = 0; -/** config file to open. global communication to service_main() */ -static char* service_cfgfile = CONFIGFILE; -/** commandline verbosity. global communication to service_main() */ -static int service_cmdline_verbose = 0; -/** the cron callback */ -static struct comm_timer* service_cron = NULL; -/** the cron thread */ -static ub_thread_type cron_thread = NULL; -/** if cron has already done its quick check */ -static int cron_was_quick = 0; - -/** - * Report current service status to service control manager - * @param state: current state - * @param exitcode: error code (when stopped) - * @param wait: pending operation estimated time in milliseconds. - */ -static void report_status(DWORD state, DWORD exitcode, DWORD wait) -{ - static DWORD checkpoint = 1; - service_status.dwCurrentState = state; - service_status.dwWin32ExitCode = exitcode; - service_status.dwWaitHint = wait; - if(state == SERVICE_START_PENDING) - service_status.dwControlsAccepted = 0; - else service_status.dwControlsAccepted = SERVICE_ACCEPT_STOP; - if(state == SERVICE_RUNNING || state == SERVICE_STOPPED) - service_status.dwCheckPoint = 0; - else service_status.dwCheckPoint = checkpoint++; - SetServiceStatus(service_status_handle, &service_status); -} - -/** - * Service control handler. Called by serviceControlManager when a control - * code is sent to the service (with ControlService). - * @param ctrl: control code - */ -static void -hdlr(DWORD ctrl) -{ - if(ctrl == SERVICE_CONTROL_STOP) { - report_status(SERVICE_STOP_PENDING, NO_ERROR, 0); - service_stop_shutdown = 1; - /* send signal to stop */ - if(!WSASetEvent(service_stop_event)) - log_err("Could not WSASetEvent: %s", - wsa_strerror(WSAGetLastError())); - return; - } else { - /* ctrl == SERVICE_CONTROL_INTERROGATE or whatever */ - /* update status */ - report_status(service_status.dwCurrentState, NO_ERROR, 0); - } -} - -/** - * report event to system event log - * For use during startup and shutdown. - * @param str: the error - */ -static void -reportev(const char* str) -{ - char b[256]; - char e[256]; - HANDLE* s; - LPCTSTR msg = b; - /* print quickly to keep GetLastError value */ - wsvc_err2str(e, sizeof(e), str, GetLastError()); - snprintf(b, sizeof(b), "%s: %s", SERVICE_NAME, e); - s = RegisterEventSource(NULL, SERVICE_NAME); - if(!s) return; - ReportEvent(s, /* event log */ - EVENTLOG_ERROR_TYPE, /* event type */ - 0, /* event category */ - MSG_GENERIC_ERR, /* event ID (from gen_msg.mc) */ - NULL, /* user security context */ - 1, /* numstrings */ - 0, /* binary size */ - &msg, /* strings */ - NULL); /* binary data */ - DeregisterEventSource(s); -} - -/** - * Obtain registry string (if it exists). - * @param key: key string - * @param name: name of value to fetch. - * @return malloced string with the result or NULL if it did not - * exist on an error (logged) was encountered. - */ -static char* -lookup_reg_str(const char* key, const char* name) -{ - HKEY hk = NULL; - DWORD type = 0; - BYTE buf[1024]; - DWORD len = (DWORD)sizeof(buf); - LONG ret; - char* result = NULL; - ret = RegOpenKeyEx(HKEY_LOCAL_MACHINE, key, 0, KEY_READ, &hk); - if(ret == ERROR_FILE_NOT_FOUND) - return NULL; /* key does not exist */ - else if(ret != ERROR_SUCCESS) { - reportev("RegOpenKeyEx failed"); - return NULL; - } - ret = RegQueryValueEx(hk, (LPCTSTR)name, 0, &type, buf, &len); - if(RegCloseKey(hk)) - reportev("RegCloseKey"); - if(ret == ERROR_FILE_NOT_FOUND) - return NULL; /* name does not exist */ - else if(ret != ERROR_SUCCESS) { - reportev("RegQueryValueEx failed"); - return NULL; - } - if(type == REG_SZ || type == REG_MULTI_SZ || type == REG_EXPAND_SZ) { - buf[sizeof(buf)-1] = 0; - buf[sizeof(buf)-2] = 0; /* for multi_sz */ - result = strdup((char*)buf); - if(!result) reportev("out of memory"); - } - return result; -} - -/** - * Obtain registry integer (if it exists). - * @param key: key string - * @param name: name of value to fetch. - * @return integer value (if it exists), or 0 on error. - */ -static int -lookup_reg_int(const char* key, const char* name) -{ - HKEY hk = NULL; - DWORD type = 0; - BYTE buf[1024]; - DWORD len = (DWORD)sizeof(buf); - LONG ret; - int result = 0; - ret = RegOpenKeyEx(HKEY_LOCAL_MACHINE, key, 0, KEY_READ, &hk); - if(ret == ERROR_FILE_NOT_FOUND) - return 0; /* key does not exist */ - else if(ret != ERROR_SUCCESS) { - reportev("RegOpenKeyEx failed"); - return 0; - } - ret = RegQueryValueEx(hk, (LPCTSTR)name, 0, &type, buf, &len); - if(RegCloseKey(hk)) - reportev("RegCloseKey"); - if(ret == ERROR_FILE_NOT_FOUND) - return 0; /* name does not exist */ - else if(ret != ERROR_SUCCESS) { - reportev("RegQueryValueEx failed"); - return 0; - } - if(type == REG_SZ || type == REG_MULTI_SZ || type == REG_EXPAND_SZ) { - buf[sizeof(buf)-1] = 0; - buf[sizeof(buf)-2] = 0; /* for multi_sz */ - result = atoi((char*)buf); - } else if(type == REG_DWORD) { - DWORD r; - memmove(&r, buf, sizeof(r)); - result = r; - } - return result; -} - -/** wait for unbound-anchor process to finish */ -static void -waitforubanchor(PROCESS_INFORMATION* pinfo) -{ - /* we have 5 seconds scheduled for it, usually it will be very fast, - * with only a UDP message or two (100 msec or so), but the https - * connections could take some time */ - DWORD count = 7900; - DWORD ret = WAIT_TIMEOUT; - /* decrease timer every 1/10 second, we are still starting up */ - while(ret == WAIT_TIMEOUT) { - ret = WaitForSingleObject(pinfo->hProcess, 100); - if(count > 4000) count -= 100; - else count--; /* go slow, it is taking long */ - if(count > 3000) - report_status(SERVICE_START_PENDING, NO_ERROR, count); - } - verbose(VERB_ALGO, "unbound-anchor done"); - if(ret != WAIT_OBJECT_0) { - return; /* did not end successfully */ - } - if(!GetExitCodeProcess(pinfo->hProcess, &ret)) { - log_err("GetExitCodeProcess failed"); - return; - } - verbose(VERB_ALGO, "unbound-anchor exit code is %d", (int)ret); - if(ret != 0) { - log_info("The root trust anchor has been updated."); - } -} - - -/** - * Perform root anchor update if so configured, by calling that process - */ -static void -call_root_update(void) -{ - char* rootanchor; - rootanchor = lookup_reg_str("Software\\Unbound", "RootAnchor"); - if(rootanchor && strlen(rootanchor)>0) { - STARTUPINFO sinfo; - PROCESS_INFORMATION pinfo; - memset(&pinfo, 0, sizeof(pinfo)); - memset(&sinfo, 0, sizeof(sinfo)); - sinfo.cb = sizeof(sinfo); - verbose(VERB_ALGO, "rootanchor: %s", rootanchor); - report_status(SERVICE_START_PENDING, NO_ERROR, 8000); - if(!CreateProcess(NULL, rootanchor, NULL, NULL, 0, - CREATE_NO_WINDOW, NULL, NULL, &sinfo, &pinfo)) - log_err("CreateProcess error for unbound-anchor.exe"); - else { - waitforubanchor(&pinfo); - CloseHandle(pinfo.hProcess); - CloseHandle(pinfo.hThread); - } - } - free(rootanchor); -} - -/** - * Init service. Keeps calling status pending to tell service control - * manager that this process is not hanging. - * @param r: restart, true on restart - * @param d: daemon returned here. - * @param c: config file returned here. - * @return false if failed. - */ -static int -service_init(int r, struct daemon** d, struct config_file** c) -{ - struct config_file* cfg = NULL; - struct daemon* daemon = NULL; - - if(!service_cfgfile) { - char* newf = lookup_reg_str("Software\\Unbound", "ConfigFile"); - if(newf) service_cfgfile = newf; - else service_cfgfile = strdup(CONFIGFILE); - if(!service_cfgfile) fatal_exit("out of memory"); - } - - /* create daemon */ - if(r) daemon = *d; - else daemon = daemon_init(); - if(!daemon) return 0; - if(!r) report_status(SERVICE_START_PENDING, NO_ERROR, 2800); - - /* read config */ - cfg = config_create(); - if(!cfg) return 0; - if(!config_read(cfg, service_cfgfile, daemon->chroot)) { - if(errno != ENOENT) { - log_err("error in config file"); - return 0; - } - log_warn("could not open config file, using defaults"); - } - if(!r) report_status(SERVICE_START_PENDING, NO_ERROR, 2600); - - verbose(VERB_QUERY, "winservice - apply settings"); - /* apply settings and init */ - verbosity = cfg->verbosity + service_cmdline_verbose; - w_config_adjust_directory(cfg); - if(cfg->directory && cfg->directory[0]) { - char* dir = cfg->directory; - if(chdir(dir)) { - log_err("could not chdir to %s: %s", - dir, strerror(errno)); - if(errno != ENOENT) - return 0; - log_warn("could not change directory - continuing"); - } else - verbose(VERB_QUERY, "chdir to %s", dir); - } - log_init(cfg->logfile, cfg->use_syslog, cfg->chrootdir); - if(!r) report_status(SERVICE_START_PENDING, NO_ERROR, 2400); - verbose(VERB_QUERY, "winservice - apply cfg"); - daemon_apply_cfg(daemon, cfg); - - if(!r) report_status(SERVICE_START_PENDING, NO_ERROR, 2300); - if(!(daemon->rc = daemon_remote_create(cfg))) { - log_err("could not set up remote-control"); - daemon_delete(daemon); - config_delete(cfg); - return 0; - } - - /* open ports */ - /* keep reporting that we are busy starting */ - if(!r) report_status(SERVICE_START_PENDING, NO_ERROR, 2200); - verbose(VERB_QUERY, "winservice - open ports"); - if(!daemon_open_shared_ports(daemon)) return 0; - verbose(VERB_QUERY, "winservice - ports opened"); - if(!r) report_status(SERVICE_START_PENDING, NO_ERROR, 2000); - - *d = daemon; - *c = cfg; - return 1; -} - -/** - * Deinit the service - */ -static void -service_deinit(struct daemon* daemon, struct config_file* cfg) -{ - daemon_cleanup(daemon); - config_delete(cfg); - daemon_delete(daemon); -} - -#ifdef DOXYGEN -#define ATTR_UNUSED(x) x -#endif -/** - * The main function for the service. - * Called by the services API when starting unbound on windows in background. - * Arguments could have been present in the string 'path'. - * @param argc: nr args - * @param argv: arg text. - */ -static void -service_main(DWORD ATTR_UNUSED(argc), LPTSTR* ATTR_UNUSED(argv)) -{ - struct config_file* cfg = NULL; - struct daemon* daemon = NULL; - - service_status_handle = RegisterServiceCtrlHandler(SERVICE_NAME, - (LPHANDLER_FUNCTION)hdlr); - if(!service_status_handle) { - reportev("Could not RegisterServiceCtrlHandler"); - return; - } - - service_status.dwServiceType = SERVICE_WIN32_OWN_PROCESS; - service_status.dwServiceSpecificExitCode = 0; - - /* see if we have root anchor update enabled */ - call_root_update(); - - /* we are now starting up */ - report_status(SERVICE_START_PENDING, NO_ERROR, 3000); - if(!service_init(0, &daemon, &cfg)) { - reportev("Could not service_init"); - report_status(SERVICE_STOPPED, NO_ERROR, 0); - return; - } - - /* event that gets signalled when we want to quit; it - * should get registered in the worker-0 waiting loop. */ - service_stop_event = WSACreateEvent(); - if(service_stop_event == WSA_INVALID_EVENT) { - log_err("WSACreateEvent: %s", wsa_strerror(WSAGetLastError())); - reportev("Could not WSACreateEvent"); - report_status(SERVICE_STOPPED, NO_ERROR, 0); - return; - } - if(!WSAResetEvent(service_stop_event)) { - log_err("WSAResetEvent: %s", wsa_strerror(WSAGetLastError())); - } - - /* SetServiceStatus SERVICE_RUNNING;*/ - report_status(SERVICE_RUNNING, NO_ERROR, 0); - verbose(VERB_QUERY, "winservice - init complete"); - - /* daemon performs work */ - while(!service_stop_shutdown) { - daemon_fork(daemon); - if(!service_stop_shutdown) { - daemon_cleanup(daemon); - config_delete(cfg); cfg=NULL; - if(!service_init(1, &daemon, &cfg)) { - reportev("Could not service_init"); - report_status(SERVICE_STOPPED, NO_ERROR, 0); - return; - } - } - } - - /* exit */ - verbose(VERB_ALGO, "winservice - cleanup."); - report_status(SERVICE_STOP_PENDING, NO_ERROR, 0); - if(service_stop_event) (void)WSACloseEvent(service_stop_event); - service_deinit(daemon, cfg); - free(service_cfgfile); - verbose(VERB_QUERY, "winservice - full stop"); - report_status(SERVICE_STOPPED, NO_ERROR, 0); -} - -/** start the service */ -static void -service_start(const char* cfgfile, int v, int c) -{ - SERVICE_TABLE_ENTRY myservices[2] = { - {SERVICE_NAME, (LPSERVICE_MAIN_FUNCTION)service_main}, - {NULL, NULL} }; - verbosity=v; - if(verbosity >= VERB_QUERY) { - /* log to file about start sequence */ - fclose(fopen("C:\\unbound.log", "w")); - log_init("C:\\unbound.log", 0, 0); - verbose(VERB_QUERY, "open logfile"); - } else log_init(0, 1, 0); /* otherwise, use Application log */ - if(c) { - service_cfgfile = strdup(cfgfile); - if(!service_cfgfile) fatal_exit("out of memory"); - } else service_cfgfile = NULL; - service_cmdline_verbose = v; - /* this call returns when service has stopped. */ - if(!StartServiceCtrlDispatcher(myservices)) { - reportev("Could not StartServiceCtrlDispatcher"); - } -} - -void -wsvc_command_option(const char* wopt, const char* cfgfile, int v, int c) -{ - if(strcmp(wopt, "install") == 0) - wsvc_install(stdout, NULL); - else if(strcmp(wopt, "remove") == 0) - wsvc_remove(stdout); - else if(strcmp(wopt, "service") == 0) - service_start(cfgfile, v, c); - else if(strcmp(wopt, "start") == 0) - wsvc_rc_start(stdout); - else if(strcmp(wopt, "stop") == 0) - wsvc_rc_stop(stdout); - else fatal_exit("unknown option: %s", wopt); - exit(0); -} - -void -worker_win_stop_cb(int ATTR_UNUSED(fd), short ATTR_UNUSED(ev), void* arg) -{ - struct worker* worker = (struct worker*)arg; - verbose(VERB_QUERY, "caught stop signal (wsaevent)"); - worker->need_to_exit = 1; - comm_base_exit(worker->base); -} - -/** wait for cron process to finish */ -static void -waitforit(PROCESS_INFORMATION* pinfo) -{ - DWORD ret = WaitForSingleObject(pinfo->hProcess, INFINITE); - verbose(VERB_ALGO, "cronaction done"); - if(ret != WAIT_OBJECT_0) { - return; /* did not end successfully */ - } - if(!GetExitCodeProcess(pinfo->hProcess, &ret)) { - log_err("GetExitCodeProcess failed"); - return; - } - verbose(VERB_ALGO, "exit code is %d", (int)ret); - if(ret != 1) { - if(!WSASetEvent(service_stop_event)) - log_err("Could not WSASetEvent: %s", - wsa_strerror(WSAGetLastError())); - } -} - -/** Do the cron action and wait for result exit value */ -static void* -win_do_cron(void* ATTR_UNUSED(arg)) -{ - int mynum=65; - char* cronaction; - log_thread_set(&mynum); - cronaction = lookup_reg_str("Software\\Unbound", "CronAction"); - if(cronaction && strlen(cronaction)>0) { - STARTUPINFO sinfo; - PROCESS_INFORMATION pinfo; - memset(&pinfo, 0, sizeof(pinfo)); - memset(&sinfo, 0, sizeof(sinfo)); - sinfo.cb = sizeof(sinfo); - verbose(VERB_ALGO, "cronaction: %s", cronaction); - if(!CreateProcess(NULL, cronaction, NULL, NULL, 0, - CREATE_NO_WINDOW, NULL, NULL, &sinfo, &pinfo)) - log_err("CreateProcess error"); - else { - waitforit(&pinfo); - CloseHandle(pinfo.hProcess); - CloseHandle(pinfo.hThread); - } - } - free(cronaction); - /* stop self */ - CloseHandle(cron_thread); - cron_thread = NULL; - return NULL; -} - -/** Set the timer for cron for the next wake up */ -static void -set_cron_timer(void) -{ - struct timeval tv; - int crontime; - if(cron_was_quick == 0) { - cron_was_quick = 1; - crontime = 3600; /* first update some time after boot */ - } else { - crontime = lookup_reg_int("Software\\Unbound", "CronTime"); - if(crontime == 0) crontime = 60*60*24; /* 24 hours */ - } - memset(&tv, 0, sizeof(tv)); - tv.tv_sec = (time_t)crontime; - comm_timer_set(service_cron, &tv); -} - -void -wsvc_cron_cb(void* arg) -{ - struct worker* worker = (struct worker*)arg; - /* perform cronned operation */ - verbose(VERB_ALGO, "cron timer callback"); - if(cron_thread == NULL) { - /* create new thread to do it */ - ub_thread_create(&cron_thread, win_do_cron, worker); - } - /* reschedule */ - set_cron_timer(); -} - -void wsvc_setup_worker(struct worker* worker) -{ - /* if not started with -w service, do nothing */ - if(!service_stop_event) - return; - if(!(service_stop_ev = ub_winsock_register_wsaevent( - comm_base_internal(worker->base), service_stop_event, - &worker_win_stop_cb, worker))) { - fatal_exit("could not register wsaevent"); - return; - } - if(!service_cron) { - service_cron = comm_timer_create(worker->base, - wsvc_cron_cb, worker); - if(!service_cron) - fatal_exit("could not create cron timer"); - set_cron_timer(); - } -} - -void wsvc_desetup_worker(struct worker* ATTR_UNUSED(worker)) -{ - comm_timer_delete(service_cron); - service_cron = NULL; -} diff --git a/external/unbound/winrc/win_svc.h b/external/unbound/winrc/win_svc.h deleted file mode 100644 index 3c7e90e75..000000000 --- a/external/unbound/winrc/win_svc.h +++ /dev/null @@ -1,90 +0,0 @@ -/* - * winrc/win_svc.h - windows services API implementation for unbound - * - * Copyright (c) 2009, NLnet Labs. All rights reserved. - * - * This software is open source. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * Redistributions of source code must retain the above copyright notice, - * this list of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, - * this list of conditions and the following disclaimer in the documentation - * and/or other materials provided with the distribution. - * - * Neither the name of the NLNET LABS nor the names of its contributors may - * be used to endorse or promote products derived from this software without - * specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR - * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT - * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED - * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR - * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF - * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING - * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -/** - * \file - * - * This file contains functions to integrate with the windows services API. - * This means it handles the commandline switches to install and remove - * the service (via CreateService and DeleteService), it handles - * the ServiceMain() main service entry point when started as a service, - * and it handles the Handler[_ex]() to process requests to the service - * (such as start and stop and status). - */ - -#ifndef WINRC_WIN_SVC_H -#define WINRC_WIN_SVC_H -struct worker; - -/** service name for unbound (internal to ServiceManager) */ -#define SERVICE_NAME "unbound" - -/** from gen_msg.h - success message record for windows message log */ -#define MSG_GENERIC_SUCCESS ((DWORD)0x20010001L) -/** from gen_msg.h - informational message record for windows message log */ -#define MSG_GENERIC_INFO ((DWORD)0x60010002L) -/** from gen_msg.h - warning message record for windows message log */ -#define MSG_GENERIC_WARN ((DWORD)0xA0010003L) -/** from gen_msg.h - error message record for windows message log */ -#define MSG_GENERIC_ERR ((DWORD)0xE0010004L) - -/** - * Handle commandline service for windows. - * @param wopt: windows option string (install, remove, service). - * @param cfgfile: configfile to open (default or passed with -c). - * @param v: amount of commandline verbosity added with -v. - * @param c: true if cfgfile was set by commandline -c option. - */ -void wsvc_command_option(const char* wopt, const char* cfgfile, int v, int c); - -/** - * Setup lead worker events. - * @param worker: the worker - */ -void wsvc_setup_worker(struct worker* worker); - -/** - * Desetup lead worker events. - * @param worker: the worker - */ -void wsvc_desetup_worker(struct worker* worker); - -/** windows worker stop event callback handler */ -void worker_win_stop_cb(int fd, short ev, void* arg); - -/** windows cron timer callback handler */ -void wsvc_cron_cb(void* arg); - -#endif /* WINRC_WIN_SVC_H */

    *L~vx^d@>0hTF=R+5Mrp0NkZQNlS{o88tmW(FF?F86!$`L#ci7Szb}U zhjJ_#e21yVv4>dpwr~t&I=VNX^0O*y1_b7Lvy|+Ducm^^jvsDQxvYaL#v=)PT2qL9 z8))UuO)Nr+ElV-df^N$`r)_9~|LB;8W&5GJ_VB~=ZExEvFlPea_&Jhof@2S&MEZa3 znQF&B6i8|#_DJ$%GtV`;yp9t&>Z9X~-Z&pfSrbt#9kp-a7Hj_bzp=cm?w?*|%yk4Z z@U?{~UZXl19T7aH@Gi!V5Eh_j>Pd)MVXdv2K40hXq2Ol~_Nb+|HemIf52^XZ)0R6$ zPKCx`$b4x+nF=mm`1C0lGWMY>{0agjc9!rh#LuF-WqGX2H7K;^i&qqvAsC5UFQN}^Ks{&kQ~W}s4Bb_EYrp9 zw0W{6r()O$8o0Ki$2*j%ssxNJOf}L7{GQu-nM4ZmPN$$zq?0&=hg4hk2T6{_!xASZ zXNXzB>8!dehzY+jo~(TNgQ?v2aldgrY;6cj1W%{#)>gJq3%pN+HXLjDGN>v)sH4I9 zV8%dyt4E5F1`=Yopv^S~{ucWyR|+3Jm9;hXh>rs#yJUFk6m|@jq}S8gXI`ZYYIQij zT>!GY!SKXB1sEH$2KPmU4mRH?;`EMe3 zUMOSp9nX#e{%fBFVC~Z6j008h9C2xA*OdWVG?qS2Ta9iGNGkvNWL`3;qsZ)F9Y5{A zM2yt;NoJ*sx7;PRBzLmDi#2Rwj!qt#00}_$zm%n{F>49<+Y!dmIC>(?a$dQ=6~iF^?4WT}sz8(f`90qdh~$=V0~$(=Z;sSWg=k_T7U3nwtzPeuyN2 zNe}o)!!~dvVpbS}sdFKGc9O>W%_>arP{JWvhI|~J~>=qX%Guj z7f49A4(o+8I&njeC_vr~&XteU<8dYFdaXREL!TdL zPVpr8K)UXnl2-$|AvX*W93lP(uwuQ`-#xR^FJx9&lHnVbF%WZ}NUPdE#MMqT1@tgy z1$4FAr?Gf@{yQlPGQ&kkeK8;YJk`UV)I)h~|B~c^}J2WpV>sYN^k(t6PU(p4YZ?96&iJKdRyEaGl}9q`LCwrzarO zRUz90=@%wE3&+5e@!arfAcBfUq~S`D3_CRMZE{r#Rkk0Eqi;D$=nvC7F)QZn@#pZQ zzdQ*0;F-_#bWcA)B48ka&|dM`KpM+>5TvqTHcyoFoRo-Kn&*sf9;PP$B2aFOqG|tl zJT*Eu%V2%ygUFs1hNg>*@${o^iM92pAW+2X$`>G|*zxDz?{c7xA7dx&>_7;@UCi6N zZ!@fq8@OTW40xsc>bW3DPcM!PFKN9;pmg-z*$U_vGWTN7B+BhoRQDTxzbQqqp0y4L z#nb^O95)UAX)6uNbVgj?n6)8m_0_7yt07gK-*c(ySXwJr2|~%~U7pD5W}#}PdGJ~G zwr_NK1Nj+<-C?HU494oHnTYuTTN@n}Ic{9I}fs8HZm^!T@gu92hEDGQuJ%&6aq zsl7Nd0?Uic*Xy@SE>Vs>4s@F2hIX&b2R;{qiNXCNTc<0yelKno?^usxMqDE_Y^w&z zo$c;ns2figlplP)cny)HFt<;^K2DcvMTZ$psRxWB;FSV!pm-UgoXTKEB@yAx1%Kh& zqaZto(#}Yj^%$_P)&V*yV^dm<=l3P|-8>v^EyxW(ndbwMu*vNJ5AH2Gy(Te{5C$I?20ETJSvM6CAr7$C~WAvfw9SIQxxa?-!24EyLqoHbRL`%VIkafw%%%X?YF~8yk`Rk2LuJC&ga_jN337 z^=}KVA2=&4QMs+pdq9HVGn?;kW!B#x7|c;V>P&8@w52DnLLQyWQ$Q|KmbR6ucH)n^ zOKQ{8Nhe*dVvm}oCIOSS&7Z(^OVN}3BuR_8!pfTGb4W9N;T^*~|CY3%5&({(^~ee^ z7kC2WR58@^QVIY_K8lYdyNGOTgK53TZzF-RcmjSU&2;d>U=Yh?LyhXC8T_=(bUBzt?8W z^Bi1Z=%Lm$ANs^Pk}B?jqbo}F@%Py}Z{%&FHMY;n^~5y71b}c%wt0doy8Rdmr`uar zt2@JzIAI^yPhbLJGtLV~gGG-{Mhu92tSy~k1ARnp@-9#t z=hdH}g&-nE*sZ1_Wrv{(9yv?oOb-W-fkAp%Q>>IeWU=-d88@(H!(?3VUfb`CBz`w+ z4lO0&fD0Jes*`oaVK@o=@B__0<8_2B6->n!yjSq}XLu{(ck;Utl|=r;I^_qnegD)7 zs%~;Xs0%qWUa`4~ZZpT-MsGa=ErxLjmb}a`p?pwLAPHGYuV}VGg0pf6b!|oPJ&Cg! z%9RFR_d^~eenR!*)>*Y<&-Xeaxvh89aF0cYYRwzwM3hdX?SUCbF@G)RAVWG(p-ph? z&TZl6F5h|jDErN?LDQ)d%j6_G8jZI8Foum`916(@I$D2jA~FX{M(l{vIdS#c+?->V zJ-0L-Z#G#R8-t7X4Po!cjUgbHMJ|%Sw=DLW-XVAsF8v@Fec7=LlKOIh?wVqxBd0)z zaF8U&mU8d{*hO5UMyYPY*}%w%=X>;L$A)8Ltg%dpC)c+{t|jI}As zn#vC@$uBlJqC+$(G31;~y@mV<1UO$@gXjMDX!HU!(nO8X_tQov-m>ZTU}^($H z^)yCkH5%;<;|BV+!~u02@t`@_zVOIiTUC^LEp6my@JR}(iR*$kmv@c`tCHgk8e-XL z_0?K$%_nD(-=NS-ofl-4UA$(PjRz#{j8+;f6Pjic<|qHKRv~$7uWND{4!URool%#3 zUvX3XGrsrlte79u_hNSdbBIl_li?#wlD(~?FL2_RY5=>m{BQY*6a#W7`H&8D^8T6` z`}K$?sP@btoK(mMt9)oQ@2ohMUgiquZ8Q87A&t@1nzm9q7(}Tj-^&kAE7MN~HQU`E z2SP2{l;a#3Sm-Z4inHsufAspWA_A7vN}+Tm)?x9qML-^5vk*PI71AWMb|Q@K3$fd5 zPgtoESldLbbWFF<#@}inaf7Z&cmYPd=7#Ly2Jpag5K-%r$I=Dd_EuodK3rS2TEou99tGcr@roc;0u(M40j&@0o8H@wXy49!IBJ zy|>tYX>#(iR8F;m5-^%MyU$ukTEr`TyxlOIP-GbfGc+`q?9H~!UeRwcJ0me9s*F}` zqsaXIZjlXu1%D+du8;M8f5|9SNUQmphm8IyS_-R7v>1H3&gr^y++Kzp48LN@S{?-3=I0&J(l&8OQBKfG4ZuDg5If6@XD0Pq`_YuNc{c0gY&?5 zglX=1Z?m9P0$Ar(@4MRK!-Ql26)1_c1U4Ch(sDn#vO}w};90K5%Us^tHyE!E@{2~s zNC;OLZcRuU#aQ}TTaL*GKKdw&lyOP2EnF&rzh1riZfqk1W#+L3CHa)gRG4dH{t_;@ zcsIZe4Q9U1tsn~QGs!Hth)}IqP2Gkc=TikJ-Sgq8?7du52`b~&L zse1Dg=ObQ%vK%hwOAs>aF9@127r;|g(TAr*6uJXuxvAMru@`r+`<@=Go7yNa&mA;b1ilXrvY4~%pzaFWOq1Fx3XjR+DfKE<;gbPsU59c(i~noJd?2&#-Z1gw?5 zR1$`=ed(6^*{4M2dEqf-!l2AY+gB|!pO2xE%MNV-2H~{B`z|;knH0#;`NymxRO#i! zW0u13mr?dAF^=)}##F~U*i@t9wNs4O;o(+5@ptryM=KPzw$%UbK;RbD!?HaOf4b88 zB2@)Yblj+{v-19!g{ZrroN78>c_0)2Wbn*I{h5iK4) zL12wf{pEmXc%5=#)gd zV}y$v1w9!}C`HUC{5XxSGRs{1!GJ5h+m(6LrFjF@*9%Qu;c^d_Eb6}P9vOy2^kk-`fzg7N>(-IM6OhWc7$dodbX!j9T6GySX6+6-Xoy0 z5F!T9eK1zfwZdaFjMczl9z<6+tnFk;K^LOk_b(pH&m_2l_p`L6@_lg-LIV4N#sNKi zm-(9EO#?n0u);59l&~DM*(vkuUUO(st6&%NZNvKlfm$}SnIQr5RglB`%q9TX>6j>69hBV^gz> zh~Xsam0z?6*6X=$Es?V?T=1t*Wv;HEm`L{~OWpo+GBIC3YT_vkynX65ZGm<<d*=(+IOWV}s2PKWt~6s>)jW6qbFt-giCpp+)G z#r2GwSa_OoD--uE>&n2#N{7A~UyC9k`oFDm#UU(m2wyF@aC74e&F7};0?3J<>p)}T?61MV+4WYV?jwV3!;YnAN)4(D%o*kI)m|cVaq;y_S9!Wqp zxA&Q3T7X60Y=&L353?fEbRb!B1S36H;9D9PokRSW+26tALtU3XUC_75!t4PzDRjl_>$2<^xxp@h$JYZBtL~;)~(X4UGK5f{27S@WyobUOFM|8Co}@p5a%q)IOX-ZP9tR zb%dHk56|5XLc>avX?GYA-EpuvgqKoB13%AE%faIL4Cu#MdtPAxfUZ&aTD zsLk3&y^8PqR2ad0C<)ER-T;zKET$$Jb}*%l<#tci}#Jl;COUzwQ7p}P!#l%jYu z>fr^4keJkfMF}Q0WQo1C1!K||-VHKFE$3jRPemnpT!n2Di-qnhIDeawH$#bbV#z76 z{IU~rDM{x2-Tk@W^h2vs@I3m>Dw>_&r31<8=BiRQ4gejIs{iMQI8To;1d(p<@9v|J z^{$3>3l}IN9|%Qpg+Wj$xiWf+LB{e~m7fN>RNWdqrymBF5mGSi{Z%*8hRPK0xn>6(@JHfH7%S;E2 zwqR*>gOJx!-7sb{x1})NBj{s&u|*q%*x$rN>d=<4>74&@!;*Anr({p5BC*pVE|^no z%zI;C^GJ^tng9#X*&RtAK8F9K=@)>^-KBo!I9&_hKe2T_rpxe+JoI)?(d&5NY6f6{ z@Gww}`xU^<5~oVGf~Nk}V>aSXmk&KTU+jvYTL{IkF}#`z%!XUvBe1$*l|~h_`@P(< zU214GE;P9*SZbUf=Wtgw!RMoj|C1j}>TIQsSVYW{Lce=sJxlcDaK1q1a8^V!w^?Zo zW+5B45&iXf)Eqoy95T_n-y8yheuDU&$Qf0|VsxE(QF+Koi@+NgS*+;#p2eLL`Zhm=^Pk9wUdl%k@&hauK|Wb_1|C}Wobq8$nhMj` zdz>&w9x*pQJ)PbnGQAoMd|W3jVl|T_Ud0!~H2H+36!sP<+0Zx^B&P>5Nny=!R85Ca zUcxa-X?@@u$RYPVlDbO_uLOV6U2^+{d>RdLZsHs=ep<*T6$Iz6Ghi(g8zh-e5>DP7xpdK z27nVQcxh+jIPAA$+8r*pCz!{Ka;U=BA#7*R2UB%Cblxrv4ds#|ShdA`@tE&Jf*YxQe#Y$byY1h0VSZLy&3rhb<>pmSsOSo@|*e-zLQ% zU=uOMco*;~XG!?rX((-wou~n$cX0g-p*?vo$ble-s+dQ&tq%TJPX6S9ccJZSXl6XTv73|Zj#+CJ zbAMbemR|rlK*qnL12}p^W>l&-6B?@2L>O}LwdI$21TMVyJelYtHF$LD8cCT z@wi;|&=jv2v0j2G!W!cUOjg?g^fy{PaM`N50`n}2H*u3N&-J1g#(io=sF%D#3DVon zZ@_uO$d^NBfmBucyX*(+Xa0EY@SaPiXqOg=f+K=*oIH^#mL7>BscWqYwURXVL?`U95FK% za2(OZ7PrncuV$_D(t*oF?t#gI4ETq4B*}yC{`tfTc!0OB~3nngrHzf`TIQYWj0MH^4X=L|9Gu|lio>YAey zwaWKw$~Lx^xv0jdF?QRO#knQ&3%)*H+$>}-?k4?Lmg6f-Vw>bt^(a(hXSCHE1U#5e z5Jb#4r6^ChCDD;=vg#6y!X!Ff?Ni2+u&}+3c=IA4YLxD2j|_HH;S={SZZGQjRlH{! zU>s>A=NiLaN}cx6F0lU6QPV1tKsfPWfzzS%XIoy=hxfYQjnE?9g9e0o7i3vZY*IO%p<*Ws_c`@O0xc-+ytA;1{(0dv$gQ&@WJzqkR(U8OKHEDxH59$$?~tsKP@v1f zwhVA*TL_nI5L*G#y296oGQ~XkCOm`?wL6Qbhtw<8^8ukn0d5Q3(V3kR7pQ^3jT1*Lo*azh(f-JU3fQl?oH zlBR@$%q*RB-P3=5jFa1il{!0Zera}Aya-5hrkTb+{YAht%SjIP+nyJGn~CK_XIR5C z9U`RjS^ljZ)|bE8{auWPf@1s=hKn51Qa+q05HAIqvECFrg_3SpyuU!%0-= zEs=@o(MrvSvS15QOhMcW+s1?Mqv_67)xQhH0D79K=hfXXIS3yVF~ink3zi85Wb`fC zV0<0~Ls?}>xqK^3l|S0wRbB-mK4b*5oM_12;#Xgv)afLCbMF~#R*N3Nye73e0U2~< zREaO@_V!x~ITCF#std+7)DxCc*WIEGd&dJJ?JblgRvD6|o@%1GVrj({P&_v@CyAnT zuxEn=5aY$=^9P0dXCq48xM$=NIAkbxYas#kmIA}`4s%hajb_1n60^l)p zTfTbHi3TPQkMz@=Xt}_Sts~yWDHIN4sR|6Oi0%J5rc-vQiY7?vbHiutwC*e~WKK%D zqVl3CMjDJ5Jj+a84DQVNu$JQExu%jHh}b9+gLLs3YkPzg05Tzlyojln9N#*UBe;64 zW!~TqH<)Pu=Nt&j!Od)j8kF@jh@sfcu~p57sj6Wph^FF0U4ikgmONeRH6uM#mA8b! ziMx3&7A`Jo+;1=Pwquktvxe7J0~AFIdOaicclnZDJPf0tHU~v)3uf(C`Vp$dD#Sk{ z;yu|N5s>E7>W-AO1Ol_z%;%(plF+tj&bh8?Ny=afIU=2~`xc*>NNc9=^Be7ruElHV z1~>8Dw>=h*g4{*d=D>Tuq)hjN%D9o} zfNpq08wqex@45^K86}& zgn_lN$om|=kR+Z=0W7>8SiR3EGWDP;yTG`sR8aB}knQ1Ywz9J67iO!l_d<1i1JPM8 zKNDM7aMIu!)T%oS)f^DdB0YC-gE_c~Gnybl1MXAL(4`J*%b*s9(gtNm`H0ehrR`##(Qsd!EF&twpEOzX8hM}7R@kG5X1iZHv z>vY8%aL@<~HJU&1f-CL9H(!-;{L~8NwS*F*hGL!?SdaBwq7mbJ_h0qZARq)uJm2>a z^~XGSb$jQZqI~;9o_P|G!91eM9fzj{Nszc=H@jb|;;G5pOh5{l=$(%2nNn?A>fR#U z4(op4yRs;+e`2~3YDneJJ zTjK`M4bIX64$uXTM0*AqywGzhT(GwCI4e$BWz~cFOvW{HW!c=ezNF%nXTuPBAcWeQ zbREGoDs$1szd_eyf9fabI%d(Xar+CRx%r)w2o>p;RjW67mmBfPHKoO4`u=4?@~EEo zYUU!(u!7UrR=k-zAWesPftdvuGWi^JP?`pv=uO*rna)`Q z?LpL$S!0+3=S%m`w82_;^z+ATW)?>W;XUn&HpH_JLw#V9?)2l84%+|NBaN#EBY47f z*6Gwfi9#Hi56OW1Cr&IY7&sQ>W+1 zUjj6ZN^>G=qBkWGpH6S6&KY_hU2)!4t?V$U?iO0C{&;?)%3E)v-^=jwVZm%Oy~e1QgO$^cJo>)k%8# z+R35hlA!ABX5QAF?9j_GOu9GX3 zzg;hL89A}$6pdKi-fI)h94*`#ypYGQ#e(RmV`pKu}Kt7n7+}bP=Xd9E_ z_lSawhhA$4xCEry@voauP85>q+cobcQ6&~Mk6cNaiO#wVAWN1prkTZk?ILYx?wT~q z)l9B7Wvcp5FM)XdPl#l1hijN=AxE%DM%p$1;&OeGo0K@XMkQzzuW z8{-8n8w3g%E!ZIjn}A@GyZ~OMUKblH^c$&`XCL|@p!0}en<*0+?=k{Y_l_<|@$rsq zP@mPFP-B;F;6N1@c6nqs`z1~e6TEJ-IYz^l1BQdjOtVQU&-M^hS1u-Fj@RKGAx_4> zLQ_+Wzy19pgt7$H^egt;n{AA~C%bCf$z6sm^LfLYAdnPDp%9-)EtyrJs~7@ zYcl>Hk+TP79}CKpeN6&jsP?X^;Q?E+^>E(6(*>Qq4oc918j*Y$*g9U_WFbxSchycc zvG@H*(5v!D^sGMW+CwT+JR@6Net`FL+G6A^87a6a-;v}dIvYY)tUBas#(L7KUBbgc zC;h%exnZz2S#FrZf*w$pN4j*yTPM&)yx4JSz|eg_50;nLO3aKtz$seP`LRa)l*wNf z7LvIT*#xsnojDNl?BMa-3E@}wf#KUs=hm7)ItdThSLn|YEBkDR$k`o>(fw{j+ihTO zx~&e7o*5QCTTrkJS^zZTk%6zguI^1y+Fz{A2bJPHPfCz-t>2Ez0IF;+tohKi&Z%xs_KkYJcEfN3~@kgV3XqAv&SS!AFx` z>u+2mPDyQxY>@Io)*ig;1C5Q3zbH~Z61tga_GXZeo3b$3Yd+R`(3~I%Ubg1Xi;CXL z`!(VCfP;4DvALP6p&;y#7Q*@RngaislSH5~-Jx^xbDYyl37cw)(~EXHHw3p8Q*K+_ z3vwM`JVfbeG+c>j8~(pC6(0Lz8@xg2i`nRN_asy5>0m4$#IO3=$d-aJ-NC!;x?#_+rv>g@2fZ88GoPb*v=a zzJCIq>l|fS|8TngBMU*-RE3btIlxkvK?iT9Tga)`Eq&v*KB6H-mJ^eTNvEXpkXWR3c(u@>g2N6V9xGxw=7tR{ z&nb3Ek0+Tnwhst8#J;W0UEV@)lH=lt9vBRC5*I9Pnvg$Z1eTCNHAg`UxHh5tdMDE+g`ma{Ox#_e8^rk}9# zzFfLa;O}_^$0*;Gz0}{N*ev;H!XHebX3Y1&0>7z|d=tS+7fR2>1Yj(ujHbCZI|@a?__cMK#WNBvI^jf3u_V0uQl ztiSi!zGOs?rPm3$%2{0ed$yZFzWA564@)Jb_TBm}{)=qw1L~d<^4;@L# zT$H;ntTgiKVV2?ID}fTOdaw2#xd`5C87OjaQ_y}i_^{!nr=a7Ib0<9S_nX^7=(@Q4 zo~{VcW^uXR1m!gTQ|-d}iHszM3Se3Dk=6W8U9cb!>6 zjE!I83gEko#nom8)6;VHrPe2f@&rd+WLNHH{Lm4b*tM~pE2_$7SD#|y6)qtLjY^xR zkLj0A^|&PdFRRp0+Co!=CJtEu{jQw<=2v?s>(Ze{F`D-)_0{*oV&Z@!+-J=m`En$+Zm3>i{lo`{kbct})(shmI_-W zI0Ok7EyX9#BsHtj@sK6Y4iCh~y1`VLsE;Be^*)E>hy4?|cA&Hix)t*txCgLWc(S#h z4LWB7+8!8tSgQY&a@jz&eTu}l*dKV)AO~!mUidW3U#YTfeD?feOCqntR9s(0mfL~T z449nAu}Fv@4=M|3u^^z>$zJ63$$ACL;5rVLFgGzQHFC03!_87rO}VX+2`*F1xt#9n z`WPOUxs`yb0dIeGU`%>)cwQjue~G1Dkk0>54z@9EQJz7|Y-J9P3i+8_B$p$TN`Tft z=~3}Ux~gcSrRTkF;bcgaR*FSnS}=fyfN-LvUpI^W5Oi<((6&74>qU@aFlN(B7uZOD ztFtwl9ENz&Wpt;+8u*8A0KmC}{JKp)4h`@SC>DJ?`i3b^Aoa`mgio2_uakm;P1{_j zN(CHtyL*42os*8}ja~pDx6}&HQ~?iUZerc#3k|Z+dM=}T)rCNni`HH8^}^A5!0ll# zRkU2S&a)oYQ!(?#bR)zcwA8kF^s&4p8m(Ufr;$GL@V!0Qk^yv8FWq5}_uS9zGF?s0 zAweC_4!WtSXZu$#K8h{tU+fjb`F0&%xZKmt(`ur@{TVuu(!@Ayi`WG}OdU)Z&g(y{ zV#Ri&!iJ1B8!hy>3?cNqRUym9^=lkm*X?&2ya_2K)D8|M6%{PtBH4NjB&K^hVpoP8 z-0>M_cz8HF(@Da+khq@N8DMaK-GsJ;WK_h4aixBQ6P2;@_3Zs+G84|S&!Q@l zH5IR_*P%ddpny;R1k$`XB&xdc(`(P{0liK*Tyi_2^7HCU?P-(4%SE-iNGN|Vk}My~ z5PCJgvw@q&P8?iP6);xSFjv3iIeVs{*;xl+&?k>e#hujBQqmL(<kFE-$x{sFjp;7!5SlCKYr!*a-4kQ~ zIx@yM7u!o!wS7A&>LgBJjLmB`%#Y-bs;S%9YQX!pbtmo>QSeD>Kn&s8uBuRQFZBp7 z%jjiwOlR!K_L@v$YJhy0TP5rp2d#-T)YJd|oWFEPpeGi46on2haJ~L1Y?Q~$)b!EU zc*csgQ)(Wndi8(frDuYU5w8=PYNe;mvNKzE{6NYNA$Me+B9!+FkOUH;)7lNq6mMiY zH1_ymuku|X0_g5j;IDwKt-IO_zY%9x7WYIgXd((qis@|pPY6>fK=1AO1^~sv{2s~niM$?Z$;c;^B^<5T26%$#V(LRkfskSC+@qiQZLCg@mh2;nd=m8H^Ea|Y6(B~Zmj;QQW9v&w-@VSe zV$(qZgg01X=eJ7;oFW?D`-I@uEGKpza*ul@-l{wedP4e-Be4CMv-%^01=MgeXDsv5 zd}0gIL%+CTIl*geBkQs&5FUBbUd)$n8Z#P{?+JL#wlcLu6?=$NxC^dk5cG$H2k%1C zK|has)qW9ZbxXB;kc@zkZc!B0uWNXJNI9~AK_ep1&z6Z#7ymdZxIJYX`KImn@;!Uo zJX#j{MAlTZy$;7#p(Ji!9QSW@TP`cPcIb;x#{@Hg;h0I{m*L<`dz(29KV9)7gc)T# zl2l8y~&ZpG)faHmzaGbmY562oaAVW`JK^tx)EO zAe^qkG+N%>`Uf}_HYyYz6w@kg{Q6f>Y=P5dcYtGzPqck(B&5nZy6j?-hm?DSa&K^J z_Wrq=HB8byM{>bfbieV9BrvuW9=MBt-uZMr)B=Ji1Oytb?bN#O{LQef@~4)@*^qht zXe`YUAcc98E-&?=-q@bG=~`SA z1^prAX5+W7;izvjE_(^SDk4e?`9&B`8xSFI!NX8?wvA7|dAo@lY)7G59*g_=Sxx1M z`Zq1W3xrsMEMh#d@lJ5qWZ-811F2Xdp?h==l2S#Ybrt2k@j*F{!9@iAynK%9n$No9 z`hUPMBzZ?t+=$1G^?x@dl?KpYT*86%HfGL53W;~-^!V}mBrc#D795w(n%m$svT1S3 z;P64(Ujtc(FE6(Eyw)>yiuNQ#)m&TE%J;RG6GAoVUE0H@1Lxt&MhOw(?WHvS(yuiO zl+7g$W<*Ypy;?mC0kiFIUi1$D@!UCL;zuX&s%;Mge-o1Wy_yDdwmwfZ=@l{?bpx5 zCUVjddSsja(lwEPOUb~8LxsPwG=rmsi({vpdjq6Z{ki2Jk~vTWRO#gb04X_<0ZeV4+&a7PL!&y>vSPN+luMU^L);Hg-t}>_HQ3QCf6E zqu8J^>XQ}>{~0XbhHbW>ZrntSJT`Y!zA~eV0zo!*f`pK@{sOra(;A5cWT8%O4oC22 zhcw{cFeht%kdKdr62p2VdEl{gV~`@-hJL)5=vY`76pzWje&#|kp3mdnDxQ3%%C_su zzTRn;jjD5}tM))xk+}|-`caQ&RwM~h538}wv4?1FgW&v}TBs)-qEV$~MbCq`1iqal z*wazXq!RSCDhLczZ2-9 zCk1tG&;&lDzhsGBmN1tr_=60XxmIfbZ3?3~=;;H#EDAqz?^T0n_Rl73yz)G>TB8on z>|-+$rPXoc*Z%2Yq<3uAj-~0?pFV#|>e$byI|g;n@`VMZ1xxAR0R)b*V)X)BQzU|h z5-$##x0X)4PQdmoLX$wVm4DuaaTUR}iyuMWCy8FbC-vzERO_>nTY*}<-R^}q-OLRy z$wIKCi*3r4_2K*t`n5_bL~erL!Kf{JpQl3%?wA6R$pjtja{Vl_;B?yugXwT3Y+d{? zE1S0~Q15w142`n5HOH@w%u)1HrOd#5{)V_sZiXn2rm5oK*w)RN<&h8ykAWAvaaxfn+GGWOcM4{{-#$FxVtKjCpzIP{g_ZD(XraH9T zEMa+azG@bszfjFe$VP1J?80cJHf5r6T`MAca`G~GyM3re#p~m-AvXXi!Kw1rQfpPVSg0Llj9e_FuYdQv}%UY3APj&6H;`{R*p*36u z+C<}Bp;zgY>Lr};hVTQL()WO;6NE1>Mna4Z_dSkt_z-sYFz#5|GTg8o-UIO~#fd!7 zV5=Zzp%2&WVZV)WFY3*@kn1N1?LR{lzy@ONP-JS*p!nlCHSYP<yTUtY+(bLDr@hzV}!m5XHx0=-^aBdU{xozxCZ{R8IU(Ajvh#GRy z`p^xhZr#6(>AyUw4F(nEUW_}MNkZVTk)f!}Zlb5!*)Nv8qaW%mCQAwdsJ>EGsvOO} zUw9dwdCO3mo9WDXm*<(><{?w-V!B$YraE-e=PGVQT~9Z@E*AN9p^3^-{p0zUgd6GG z3%|uXwumN<=V+{vr5Y?gBt}h})O-OT7>f9d_e7{r1OsSEeaviPc(QQAC=`1gEc7n| zG2_P0BG?>I{28T*a(^TM6I5-;GhiiN!z=mH zkZKq577+N{ERZ*9FFy_=A^J_>E z0Hw*Z!fASpCF5Pj(Y1~ABJE7yzC9vkYh|l1%OZ$D@Sqp` zP4$a2$nL9m2ov8RW!d~A zf=ikC^r^qld7o?!rYrBp?Iv2s#(xlboN2XNkne+mlz&cZ6Uu09!DbZ(#8`zZ0F!{p zxeA6Xmh@6Y&g4MM4J}C=?`=oATLB}l0HzAXa)af9s*O;hIn#03f&XpF)6$8u&k!h~}(x3wLv_|a1YZ$UTD#-$pn z8fWi}hDPQ$V@c9HMQlmARATwjpAd(#Tq@8A1$C)MWm|XHf#uaqm{hP=n-3p@0OWGQ z|106~?@$w}!Rn;;c>IG6`%76}H?3TCD1;|h6E&1ITWys#NP$E&!vRcs#^Yr|gQL)& zD$bh_kx*L@8P5>KX=M}&)Pj$^tZjhB+Ml)BD+C4rjFqt}748=p zzG>6Z9+(h(u%GM++Q^4vJMzPb@jXyW?#hC2h}*fJ1LBAl@7=R`VH~&JP9)=Hm)Fo0 zN5U5I39mUVBGv%S#I3q_`#c)_m1R=3rG2oRE8uIpq=}dDOo^+R#m)c_z$Nq#Tks&5 zmJv~Qijc+E3YMa*5cZS;k?V$$U*J1my%2yp2WTQysU9RoFJ%>|=Gmg_6?$Ky_o(m+ zT2f9;R2g)%tFs%Wuv%-R*;=b>lYnt z1ZGZ9Bt6#ApX`3K)8>!AOjX{HO_x8M#5rEkcAtqXzY%x4Y);vlu8IEN_G})|4X)FP zR8@*3G#Aojv96ZCEo?kBNJunqB_Th>(%E0)z4z%|-Guox{_;2A!{^tYJ=uV1y3;Ip zEBBbOsy~XNU{6 z{Nra83E=zLwT?M@?b0Nw_#dgap#|q9b_jlCQD2hOq}FngYwL!(!mSEVMPFV32|)J0 zdWaRxJK#j^)LgK9u7s8#hs)&^z*~h^Wy*ZS3*JF`<0s&p*cu(-=lG<9v(;o=LvjlX z8fgJP)=_)A*anFhv9XYIpt)NZqoroEDb7BCmQc4Ca;>x7IVhOE z@)yZWL8{=u{G+W-hsPtt#aVM6!a}vbk=4Qvp098cCFD(~Q_>>Y!#das7AT+aPYaIh z8%eI-_<#UEDD7v~Pi};!)_*YiKlnv78%KQkjKY7zsLT=*BICk{WPmO#8`UXG_Jh_J zgZAaGr#P65YcEQ6r%I0d-0F=j?r!R`(%h)DNKp zg@J=&>C+xE>wew^bwa)6G>(zArpv^DMZRJ0(p&v>^2dY|=`xog={vl*99~q;HpET- zA(6dvJ+HHAmyY>C{~OEiphgq1JRIaF4Tr*hwN^5y<-%N5(J4j(cJvP#;Q2$tm>H*b zLv-x^!MGvjh{Z_>P}Un}o_HM97)fFcdX3YCx%2+FIkEU_(EN(siXpr0@UfOPMi$X; zEuvmYL?13h#R5$Hx&>{TL?NM6Az)KZ=M1g~i1>FD=+hR?A{%ohA$j2SH4~iK8vcts zY-it8lrBiBFO9e(Pjm&Ik3W&xf@6%Oo+hCE5Bs}UP(Jlt7mh@_TYsr5pco=4v`+_F_A5Ql&>D8gnnYh^pa&6HN=^4N(-`J(*P1QhH7dL z`koAwdRB(P_6DLCIac@uS5toHhtf8*TU}7*%-XmE;t~gVUe3c=C!7(h@zq-!R<;;E zLtpnCHT2J{;#KBez5O^CIT|yspEafU76{3jVsPJbW~`K@axyThslG^DPW#+I>hNV;4shs?vvDtO*Fu#bQCu0C%`0_)qe1ltBs*i zOY6vz0lTrGvbAQwm(C7A0X>eAM( z+=0EIL-_cYc{@|EMCfF2OEvzo_VD-AD;@{h8`BG zR$(va)*geKoyd$vWy*=(?Los%=kBBmUG_x8&*C2875);4Ldnz|}5IL9$KAcx(3>OV`2gu-%AA(c4)7}>Le5U7FgmVF)7AcndsJjSr zN3|j-WpR>Akn!Be)@ML^23)ckeGFpXEqoYJ?ubGd zYMNJUulo_tv_a=mIVdJ?rwi=+>CTMy*jp)rXRrmJda^>HBsqR6u8rbZna|jsPB7}# zlLclY$5+(5Rjr1L97bE&Wh>0&G?|DCJ-l761rTciXHl{V%nSxD;z5`#7M^b2sY@Mw z(<83M#pU0Fi=r2a&K7pzqXC;!)!Db5grlT?e|r_+)ohh4-m^eB^9_Y$TV01Q$(-mM z#irRwyepz8S>_Zb+1*(=^*V$kLY~g%P}_#ODLpI1?0nSHi89l5DCFIE>e}*{VfJn& zHw>T~XEl)*lOu0XUPO7DP}F{&_;*b1Uz1D@(CBfOO4$*y$MIP-!kYkNEPsr_0++ck zjG~Ex1I4IKc6bE05-jF%;keL)Pt%fQ`oQw>W4j%77)Swfx1`Er3Hp^TQr53Lo?_e? zZ>dfW|l@+!vY_SOh~g09atoLuJcl3ITXkfOQM}q zh8UK&EJS_oy6fgit6P%axZ>P=(#1aW2o`&-+qCsJIq&c?E*EE1oY&cLW^91#qL312(9KuZd(&UV!z zeC8MVHlEHK?K*qYzJM%S904Ug?<42=XWs=Pqt{P}*l4MG0pZoIi%Sq62;NyLyc!Js z4>xXmHCfDG6Yp`*1+_6=Pr|rGx4FB?MzAGRd3{Dj%*X^s-5vm)8${Ge%=Ttu?=wy2 zrQPKZRMi!~_AN{JWNl3(#uvgSJz=sRDQsqe7CX}?VICD;X3V3vkz1JcStvj1h#r;D zGAn#i7LEEX)&ZoQX-t?VDdSQtU;1vjq7^>+UflmQ*EA!8{PYSbZJ0Hnj1VuD9x5F% ztVp7>t(^j;6O7PN*HfNuo|e zSn~e%W2k)a(>&{r6T2x&0ki~+r-V`mb1-5JEhDB*G$m<=jAXEje4u?+C>!=?a)AXl z7LWcCks?(|NOD}Hf`9Yl?M_0(yULRxxUVmvtHOy05H26V<6?BVBe)dO9nmp+-Tzio zs2|)Q`w6YaK!s~LhCK!38Owy*VJ)*)LdV_Ze4|*;4&Tk$q<6q8wXMH%sMB-n-ivzr z`1RfSci_C<8+}A8>lR!$l+KKW7f4W2W;y%5NJ`6dBGccdX&~PpHYx-q*&BaNh(}$A z#gh!cEdl2*!hhI=a~Ox5UQ&t7#Omgn)Y*F7HIH=5x zXp2`$mhL62*vZJodHqlS1B(-A5N*p~?=d@#VTV1ulX=8h%7?8;O!_4y3{dJ2+Yp<% ztN?OPzHoGId#^u`;4m}bfMQZ0YgXJO&YyMH^zZI55{9$1{VbQkg~{^CIe4dU(^ixf zNav!V-lhBk;E2HRVJ;M0Uy}xbAeznUO6>HD$>(Ldf8^0cCGh7w9bD z7ArOKcbS0C+Ft2)Fy4p_XpAgiKzkNb%}1q0`84y~9ww$xZM4M_4B?d4(ZpBCLd}CG zjpO{6K%5|@`Tmx-+uj_-^VdoDjz3&u=*e_+r6#5Qik@qtwY2=ElB0`U-}-maP(+ln z;WLcswVKHKge3_I3lTkY)DXwUAEgw@o#>9GgiWk(arghcrAGqCO|(w6wN;IFRQh8+ zzxfw}c~(h8HNBPFyWIEzfU^k$?+$nJ1GXY=9(sy%tQ`5Y4}^G4>sV4pDD2?0{XMdZ zcj++;q`%v&K^RwLP&Q)_g2F)JA0XRm6Lzd3|$cYo-9I+FCmCYCd;GlQ0guE1dKC=oNc^-TUpX}fBj9NFn3pW(Jq|= z`6%7Ywu{GUP=U7a*>%s^(p;9imAu^t)0Yps zZ$_)TO+5S9C277P7g_?d5C^t4&>N2Rj6@Yj(}1=7f9W+lRi$A9=4~ z_v+KImVFhj+RaYIv72&?b*!BKYbd_9W|BGc!DV%AuA77#apxC|JNk6`Km^Mq6w8;9 z!hgfZ2gnRBYf~VIA+n3Rx{jcXH|!N)y}UcBuRF|!o?nS>t~jzyA;JjvUT=BStQ53& zBUJ2Mzg3ym60xPdF+Iss7cPx>rzuFWkC&lMMWB*xUTux8RXYu<(^!8a6|Nn!`{Lh+ z0aD6KtmWa2R*vdn!g2yBdIY+ipnDiI;*o9dkiH?~yuV*xBiRiFZFtQJu!mA@JW}~8 zb(fl$;^8d*{V`pu>Y=PNcjbaa_CrA!C)WlqgTX`~?7s0Z9J8?2fG9tD<258YEW1)z zt&e`a24Z^d0JVc53PF_*1*Z5?wUdyV40Zsgf z{)x*Ku`1kHsYNJmKF^IVmVe1^>;edzsJ#*0$%YyKj z_vhz<$RBEiF$-%wXAG_vJdYp(*;{eKH-77#389 z&bz{>1#`iy&P$Q;0hw>Gtl^Z?q@na{cF^svRR5+yZda5#%5oTcD%|fpe|58b^87j~ zZCx?4dhZPIbS**{`wYZCt>ZpsGrqD7+k$Q9#R_|dC-w=>p&vUDSC=LMiactp@=Jq0 z3t<>AYUb$CM^dMv?^a&3Dw)Kgc#Om3$PfIfn4R49PwC}!+JCJVRXGOWTnb%42Y5k^ zHfRdE>J@VbgS7NeH&a29H;r-ASPjYRp)&Isd{{67Il75OFUQX3^#6xhrj}zGwp*H6 z@@~@{=)RLOBk9`NqjN+a`*Sw$7bg(TiL>tADhE|wSvvr6P!Kt@+|Ss`efv-P>8bw@ zrKsOF!Y^k^R(YOhoBy|cy#+n+P#~RU0vL2@Uewfph;z(_V=FYO5{DQX2;lMR z{k~ez+hJc>$X`k!=UPW9{U;7#W%&N>&lp{Z+N?*W$n)XBLB{t}eNl+1&3E~xuKS-! z=*iCcfkz3FXzNmPo(4&OUL|Krf4C4&cBX{~#AJ`Da0SEb-APhA?)0zM8GdAIojXGm z;&&E3!w2~-(kH^y>k??X82n}i5B|*LV$t0vyLxu)+K%|~zBf?h|7{ua87=-&a?i0r zC)M79s0V)56ptuGm$zUv8NlrC#hkwt=Ixq@zx^$GFBS>Vk7Z@NC zeybacPyIH7K@lbhflKWqoB~qkAur}Or4LIs4rj3axL-dTC@FWuu$Z=GdD59z4C;Qm z?JXmF3m00BY3v5f%_S%BT?UAnN{orxU5>M>&tg|IwC(TVKBlr92{Q-OyVk*ADW1>n zdJxcJf@W2>lb#sLzr5XAiGMdo*yk?=`Lpdw;D#(qs0}??NN9-_W_FGlIU3x_OPLM1 zu%O?*kVo7(?Gf3M=~!uK{H9SGWn1(uMNwsa3iQ8o%Re78o9Cj_S9}N|9fSnej&eah zmC)FG4|Fob{k$i^Rz*2jVBuA_z(#%?cRaUzTOPAr>4t6v;uUp+kh29b+@G{-_2PMv zoL9T<2hXw~zN`@@H5Zl9Q!aGXPW7Op;I`#4Iek#!>0&nwW+=`xj2_%d-9R&UWe+e^B0l#gl$JW>4mRDUVVEOBWx7=?&&M1kTI8&RaLanRvP&2WKugVSj}8b zotS>avfMWqe1Q31uJ91VVA@)*yCenA`d|*40?bWc@@psp$devue>`h*e7sc>VCdBU zl3HYZ>JRXYVs_0}@E4rke;E>*VFki%HjBXC``#f#19{_@%}82cgh**leZqMM{4_^M zQBCDXI}g0EfaxYgF&$HP>=X-BQ#pOk{g$1(j({t-WFI#hIJb^>qfCS)a5eH?LG>~- zBTaMIBQ3Wc+J8@J_5_O)?Qa#Yd&W;XtY{rZ&7GHktSDIJrIf9da4B^0F0W$w346Q2 z=b)iAwX|uEHrIy}uOatcJYX>wh$pCXqy)caR-A;W%FH(~SV6&W1HN~3%^?_`EO`<7 zh(_-l{UgO@FWN|M`a)n>#IA3C5Trwx8b>AlGzA;S{RnhZglg|cob1!cp%a}Jt7+4I zkK=)Au-HZ|43aTbR)i#DLTEtnZZKmHazc?hbrY(i=b;3 z6-ypD0lIu9P?ncVWas4BmP(;q1tvt{NXq*eKfh|%oYi^`z$5CSGbhxm1;Vm+p|tX2`v^$tD}h04J3lJF|9;Uo7RBP zMnnhJ#j=z=4zp5;lv(o68H)NgOj~x6thWDCRB_LT8o1YfNr)Li;_-uxxo8^fgl(v^ z1-_~{-~XTFHr0hp+koPsn(jR00Lz=i3dK7-$QMJzK|+c7CkfPAEZ1_K;+esOW9`}9 zZ^hEX_UahjoTsnb4+GD_LEgkSH`+D?32|ufulCZ(dV8J4{d^<^_`%r$wJ}wWbY^y; z%1sq@*vVQBmkro%yz%!L^a$dUz)+r2hVUI;}&WDf9(u%TS-3w}vgz0(j)7IJ7 zcX5p*^%{u;Z)LNZ^2&5b&YeN^IZo%#PP%$woIrBx_lVf{xaMC{i61!kouogHJ?WCX z%+Ff23d&l}vL9+F4~EdedaU7zD;w>nbT}s=ssCbB<0AFALV?+Naf4s7VCh$raXr{hTlL{eYAp z+uJfa@5UbMoCd=DX)cT3fBdA>!bGgClVknd;cq zoea_FcInl0U*X6s{gy^aPif`D*I)dYF-K`cmtR-PnZvTEVEtsu@I}Is#_Xeed!L6> z@N+gG_k0wa2}b7|(Sd$p$$~U{05w3$zxK`X0vG4Wn?91)Z;j55%l}?HaD5F%+rnN7 z3FX~t$rFsK!p3~^8IBFr(AFd+cN!$F0Ns?BbEM&(!KYe^XAAXF?eJwjB8Sr@C!hudwhQcw1{UC|<>M0EB5^$Wu&=Pm+h0>VYmUrRKk7cRnKN<^VyD^I%3+Ts2~45>HI+Zf^vpSjh7Y6jKX& zqXdacXr0LtT;Tvy`HDHSy~);$L1Hy#Lvksv(Hz*?{P68e!wWK4$s>##GwuW3E5^D* z=!G=!ttMDCS(iEbNmU?H+x%@;^A0EK!(+jO#`5w~q|^(VbC!(jl{Qt*u1TW7m@l*O zzBO|ep@Xc^7p}2(nsH|__!X$K1ze6S8vo0w%#I6U`$a#(3>K;?$Ph zm6KglrsvE*r54?&=?40e#PW()hnH)*mzrIFeYrC(i3!!JzB3nFL_x{mYanJ+I(r&U z*|jz(Uber~F3%yl;}P+>$p+6v7JtuAD(8FiZga7Wnb{pVsTqDB!4@_I6NBqu<$0zB z_>^BCp=n9yk&xV@Hhy|OFN7q9$blZpxX$r>w1u%9U<~jbELtU}YQ1f@?|HY0ZP8FtAtN@aH z?|8N3c%U?|YX;syj-$7<%5eMIJ2V^cp+wZaQpMp&BH708JQU(m?Mf=N^h^9erz+0t znnlOx)lulSC0iHjXVX>*S?`$Cg{n+c2=BM8z#he&SoucdtSkrYG!7^xq&2Tm-C+RD zEl@fueA_qSRVgZ<)~#66thQG&_f4w&-POwi+)+u2B*Q-wW+T)?c|MCvo4z&P1h>f8 zDq>IvOI}!MRVk)fd;zCYKL}0+3^jdzSe+^yyFemVK3FwK9sce7TFZ^{t%XZpgRm#G z4@v2)z`ehPAp)I$V=xjqN6uK8u@>_Ss&CCyW$tkvS^Obs3$Me9N)r&KGZ#iroq4}F z$B4lFaE9myu$tHGA$VpU;h+NMY|m;kpTZII?AgC)S;|v5>|JRCp)AoJos03}fJiwf zuV;}qZ~S-6cZxM7^uOILo|RtJxh7V2AKrk6QmvI#p10MAT$h$1+nO$+*hC<;!obVH z;Ng22*ezhd6f5TEED6oAtD~Ra%^fwDNq~UgBo1Tr=8zgfnZc4aa{w@UcRkohPAgTH zzMp)UgB+T{N*`(mM_tZ{>*T0tn@`}PDxE)SwX9|jYs5YqgCXq=`$%IlSZmseDCG@6 zga$LKwH$!?LX0l>b=1PG_eD8Djl%pw7Vc!f}p zU%NZwE?BoWx~q5DMiey$e;7iUaFwP8!&EW(xwR4wg{ek128d9}PtTfy&%A?t!5Vyt zGkkb@?5<R&W!hB~ORAq5fBrP#Z>w-d*R9dROCNV6$i#(;K?iYZWLsyUZzXKZNN2 zz^Y{8xPtG%z59U^3YBn)59#t-Fe$)$3k&HLSPfYQnVSgsX_ldiv6R?S#o0-sQK&(4 zicb?gPs(fH3aybzR8sC)W*>Ri{A#wXQk0g{79eMw+G&WmwuiMI#pjx6N>DB-*9c1r zBDer4$?Uw<9*@y)@>w+mbS?NQSzxSFY^daErZ)$hM0&{I5CT~2yPIa43o4qMm=$JU z$yU;C$v|>n0pM{M|AtU@<`&c2lL)?3h$;zGF@e4ox|bPN-)cN;Wxa$(DJ36b>oG@_ zb7cR(SY~sp2AdlQR;&xYBY^Hn0t^e}slZw;8NY7&dmOJI_GGK)q{~11Q8jSzI@#Ee zrY@cZ?BcqWGh;PW9YCCB2I4JD$FtA^42F$tK*%L4>@i16KfrY26{ozDC~I8aQk>JO zi7%K7)GAFkNrIl=pb}_ILpuyV>PSd9NF7GY4wS-;v~)#C^vttE zITH`o3*akTna+7Ihu{Zb|R_~S_<6| ziEkztv&d#E zECzzd> zE*6hhzRs%5Z*ru0v!~xd@dA@|ZmZOuY=*!R*|=bOx1!=t6%7qbtNxP!UZ!z`3 zs4=!{A;X`(aawgY%jn|H>q0jKX5WQ|-w%J_+#En3(>nAaM4_A>CT@S;OVCIsoN7x; zDbElNUC>j_A|VB;Hd?q+;aTZso!ad%rVod>WMa8gp(D2p8Eb8xm&IgBanUO1Y{>36 zYa$i*yKF_r-&2;Bl6g%bbINz|GVmh!!wu_1>pCLp0=E_usXkx-mJ$S$qr+ySghyzw`z{rqxOw$Hzggy$=jfZ|ue9p@XD zEu|~I54XPBgrDAk^vplKi?DDjhDnsZPzoAh z_CI|iJUDBBIB%w~;wZ7H$*CGDW>8drqzT($w2B7~iQHRCxRafSjX`vV08{vvSSYdj z%-HZMX`*`S4q&oBy#HDGh4 z>&?o@4c6&zu{hAhuyA^rU2R-Q?X+~pU>sAU%{cOm*_<#m%1%T^2jVxUR(rfHpAR>l zQ?a#1ReW3~9b$D~2S0I*6?#*3&bX%=fP3h;9$o=IBi%#43%26Y-7Y_z*!894^Siv4 z9j&!P`7*0P_PTw7rofx$;&KtKanm2|BWsG@BQ?6soB97KG}b;^rQW%q(~V;|5%9%o z;+n8jEjC)otqDIth19=;=F^Z2Jm}xHSxEPeB;>Jr23JVk1rJT>VJ}9~Qv)k?tqX-T zUas9*_~MsY`_>G#2?JmaN=UIYVvX)3aKNiB88a(O-L*wWsjh7C486xC1>bAQ%2G60%1WjdPS8@(_c}QBi1j;Ez>wviF;lgI%2Ht~-bJxVVi2~9B>(3zh8G(}s4_osN zePm7Y4Iw`|H5nJU&v;>fNp8daR{Eli&u}5r+EBR=GMH787arP29XAbAxQRV6WXpry zxLz?C9X~7&>cLqqH+rF9+}gi-igqfL7OnfMnXrY@ic-89Y-aiz!89cqiQ&Z7 zJUjs0fpL$3a`H$nU4BM61Ch$M?`^cQ=4>RPdDyxNA?j-yRw=Y1-H@zf{a}&jCT~C$ z$=-Mjk>wj9n)+O^_*H;|v?>G1kJ2q$Vj{Q1aDaIgZX6tZ_JGbXO|0p9pqdxpX}Ja) zL9zWNK!VG1_F+ru(D#LvHpnk;4{!5WA<==f0=i9@h;1eN%*|X%$5ALe^Y}$a7VcyG zjLfqKDMl`H!%XVunG>*FmDrjTgjUV^iYuW|hSt$SGNyz@qnPf*jIB#&l^&HCz;!n6 z19u8A3N1c}j{d0DcC6|0p+aptuPm%Y@vwkTx`EDQ7J4GjUa?#&C1 z)+0+V*n}H4+RT)Zq{*$E6yC=Vj3LQ@1>D_i4&oZSUNfWG$kD+D(}tpf$|3ctwx5uzrZmp}?QpjnTF;rl;p&a))n1aW#VbM#+JUpXeI zgJ%$De^*ECnlW%9pjHYVB-JwNTnZN51`l5|yVGp2AiwX2pgvgKmDXDKszlDv9h;dN z#OTFmD&RhdVw4EL;N|0QD4#iF)-yZJ1qKwYLq5pLAtRrr7;)7*fjBCY@Iw>J!f(I( zB{zy2u-)};J^xxWN|47%pJFQ{zXxLS*2%^c4cuHDbZ?HWx#S1KR8CHOnw)@^oq+b@ zw)Wzm{pie;ywMIp3g}q=c>U%ncz^t}7A>Xs$}A;mhiYemng{JDf(MX=%J(!&1B{vM z;7arN#60JLHskwI@w!>6YVn!#|3XJ$1f{h5a6}cs_x9jKmtCE>Lju0`;BI8D&XV0& z`;cu#W1uBVGIi{;hrI~17#J^#j|cY#G>_aCLB`MaIKVz!JogD3#)OG);y|#T9_B*$ z#n}_3;4tLG$2*pKhb2>+B}{jHJG4fWOI(z{VtV8>| zH;$Bk`@r67izLn7Hzyd!(_7WCKOg~SGL|RC|7aU+C)=!E`OcxI9gOijW>uy&+@Mv07sJo%lCA3Q3mjyW9@-;haE81PRL z>f3t%+FbKC1Lftyc+Z4%2g}_IU1VA#g@)G+ey|tXVkVdf3Av!JkP?Ai5Dl*Py$VtI zm)#P=k(;+c!Fnc;J{$gG`8nK7dIJJnzOTZ7S0dCyZ~>b0>%9`Zpqo)yDin=zE!~m& zBTIypCA>r^SQtI93lFh-UwO3|!M*T(N|e!?R!T$dURcZ@_M_ zeQO9Mq^TpXaracvN#^tt65}_{(6wB?u(-TaSO}x!#Rqx0b@2QpP1!|{~L=@M0WY=uVd@r+v$*lBALpp<7?iI{P-~NQp!Nkjxd_ zS_oHclAeU30EQ9KkzhIb9`N*nFYWgXQn%IqE^0Fy^!fKHtG>fKN{r zPG8tvqD#TTF8<=W$%W8s-^H%f!^V_8NKbTa%P2QR$qGjKLu^=-1FQ-6f)#hLNH!w2BF2#DpQJQ)QcF>bON zNmkb<32V4Zum?QLlvl5f;FEJp{v;S8lO(i@2o8RbRH(p|G}2OfBzR5Pu}86T0?oE%;!}$WN z*8~PH7XA^Y^GzPxwcr0}2nkUjIsS+MTNG8(SYg2G2D<}_VqkQI*Km(!uJ`7GOg_?? z+7;IJi~>Wdk%8Mgf3FUOQwXjqun;re416|V`p}T%`Eb-d`DzssnFZbSM4p6n^Diq? zGh*UKY3qfZ*D%~D7(gq%&l8SWE&gf15?4P>cyub+IlT}-PP`V8e&ulA28RHWQCKlX znMn7I<8#M*7Lv^Q_JuzMSUY}&5s^e1p zx}*WH57+$P!4r2iEdi+D2Rz*|+_^zWD;R`Osb5wA5?`Sg+S#yTyoaFUPOIga-qcp7*Zym6xUkZu;&llr3yB{g-)+`a zOcel#aTi^Iau3L6pR5iYvo6wc;9aOqT$$uYm9I>PTdHh|ZA=VxVCiYt8q4i;l1;~{ zUJc{Umxjad{1gIkufdX+Wy?(Bneu0hL;M(LV~RFY-?UE_GOYx?0D_PLZ!^XJ;oDkV zf#TX5AtSL>=3WICxYHtArpNW9{vS-S8QIEBaiAerj>sRh`AT!9p&>doL2J*GY0dE3 zhM*L8kriU-zYXW>MpdxK%qk1#85v*~Qp7c*;lZy}${_jAz2Zz(E~-6NOlG8OU{#!4nDR0XIXm9YQ4|jcUPTAbb|{j0H`jhsAV*#!b50z z#rWMpSC3q;7J3hE5BRQChyf}$9BfM9qVlKY#ll}RZd7MHGtezlbNk(TzTSK!8N!QF zXumm5_&Yswey6pDc4FaKT`bA2m3o!(m=>*${2a^Wr(hY3;~9AcX~8edIb-OYYNUIC z1gD#VlbrYcP{}wgorv?8oG16w6Wny`wh$4DYwoNh;yNsMl={lR3CE<6QprC}(k#K- z487ijA(@n(&`wMlYawjvx8rPV7R{3ejh>BFC}Upc2NsR{b~&EfrTCb;b$XJ92MhLo z02OqR)zbQuVL`r8*KhTDYt#{DIcxb_BfE2(lzhAf#nw67cQ>d>Q)M8-qfZ%yJfXjJ zt2#I?OW_nNil%8I6c_#Ib441X?yv13;T{6ANFq_Nq>>oOTq^oE0&s>dy(O%38NGtm zzA#C~Ak>~M^j)3=e*hjv2qtBAMhxaHQju@?ksvHhv}B28T#utgsG1P^8S=%KB7@K5 zlghncj)@Tmza=Z^&{&gI$xY8O+V)ytujI&YWHdc@RePP{SYN3+{CwCv) zC&KjU^+jsmV_*NWHrG>aTI&2PF)_m;&*C_UZ^~U(0tx-;L6tRL!2kwazNm z)JMQ>5UYp0=H+{SVR=dI~YNgwA!3G9~LNT#nz9xhdm#~n#hI=25f(`T2!aE{_2_lCe#SezZaL&(=OXo2om8plO=m!P-fk~u-3I}`G z7nhUNsLQeXUyr&*U+P`D+f!~KF)FbU^})a`pOs_&Uq=2+X`ha9HEJD##?w)bMl%sl zYy=v0`DYZd&meW|9SW*XyTM&jg-fbDIzj3)1bZYw7Lba#UC7bn+Vf)~9hDaq^~g%& z=SZsjiXw0$BwA6%?^ns->yoo}H~mlUmb#~9v8FFK$IIY7RSELjHfW?V64#UCCSdI4 zaz~?S9+*#%dNZu91y0dwH|XtIT`Z)&jvVr3Nx$Bl2`=o^{h~)7&i?MzN{P+dhA7HI z;ZmpgZ#j}RaF6{m+C_$~l73dQ$j0z49)d1UcIB1t8AqvXVaU-i+1H zqn{uQFGjsz$p^O%E)dMT+2Kg7*NXaMEWkQu zQ|x#6ukA?qrszB1U6lD>gqZz{dyr(3OV3g0RR7^Kq)PPs!E8XRwqosE7lo$TuMDf< zh$tPTeF38tqw6@xxR9C^L4ec;X;f*w$ed`zZVpZBodj>mzro9uVq8iiOT`gx^>NNV zGs4Q}wZk{%hCCKr(|-MzCXa-rP$72ksaK~sPL$-emdJ&nmH6O72>*Sf?7U{^M8rC# zZYqs)hGnx)1G~IxjdE2i1~?lV>GuhI(~oXCM>1*nNM6UlqM(C%4G+V(ecw43;c`v{ zmG-`ad*<4u#9_3 zI%`al2b+Uh@m~qV5XXu?QfCHFO5Iqy1h#|LwR|jhlx~4xu7BgF3@4y;8v5rBQgjj{ z*6A=1gbZecc25d|vb5{bMPk^Fc}5p21hAtm0SwF0ZQEi|4W;Qv(Q8c_*M>+QgTVKW zll>(OEevMbp8Y1kRF*JXTinK!cuK%+a+jLQq#LiSf6kj!>NV@DJBa&pDpJiX#xoh* z-yyN*5X>6ockeVw|J=4 z%77Apv=)canUl|P=7%zn1~KtU+WcF4j8`F#^$wYaUe4o+;%4=eXS;bIz7Vp6q-*WU za;yo_@*Boaov{;Pk!)aj`%qG8O5qD{GISH>37hj_Wme-zN_S{*5gb?D?LDhvhmz+m zR(#>H3>YDVW00Q=3dha@@?WOHf~;%!~8tvbGA$ z*0os<39patpH_Bhn%b`{a2)B=Ttx?U1L4j{e^q+p9g75pErJEbaT{*T?oAXm2x|sP zJz52ohg!~1FuKO1)Q;VH`;v_?Wu*LrXMsHWAs8yUcpIJFfd4B@jHd7VI+&c^uxXwQ zb@k>?JBut*#Vq$&jt(6uQyifQ)nHZBbRXM(KEsp9bOe{@%m9!) z-xawQ;-n^~TquE9`qJ5rvo^^=c74Vw%nuH2nM#`Lj6pRKQ!nm3%{(o?pcshM1AyHtatHHcnkZ|r zmNGp7RLe?lY>-!-y0)WQOiRv?JBBxlPSCGPmM-v;4dC~o+n+~7e^I_W;%A@hdJ`gB z57?FeA5dTYF^Y10@BZf10F|E9TlD?mU-P+B{%8Wd)2`CL$lk%{xG7muvF!XDetc{_|TQZC@l zYs4HR^9tHNsB^WFFU@r&?y2)tF@D?QNZ$=kQu$%skRpXRc9Q_AB&qn)e7y@^%8Pn!HT0NpM9$Bor*@vA}WT|(l1cLX+ zOKkVAccgnleRWd=`3RP?u?f|bgw^EwHH%1_?Fl8G1e@`XYQM4K4bIOva^(o*H^-TZ zcTheqhbxYyh6ZF%d{W{U@;`sSv7uRqw`*Yh}qm-g8fsN9mo(pa8IvuLX4n(*Ql@g{}%g!-?grL>aPpY3MRYytUZu z>@XR}e$i$@A;9@h6Ql$BQ9^h|sokn`ayjfpxl8ZIV%dWaE083ra&9R481dNv!nQ% zwW}(Fzj-V$TSc)J5=TQRJ;`~E(`3=l*(1Kkfb)urEf!PHqVmcFdwC^?8TmGd8<0TH z^l>4)vX8>`o@DX=$sQV;!BL8HGDexBf}>k?JwhhaT)eBaKVXPez`#H`p|DxnqD?f~ zjDa^vj?x{4&IbfR5AtJb`!!8+_GbZWZRU`&Kz%o`bZ9VeL-~g7lk!koa5r%=_VlD@ z9%C5S*wL^mVy=P`o<922JxfQ<{}QQeTs8}K1b z#8<)Bpij)9LwqO8sz=m4VaEP8f%T^%js%Ie=AMNw^}?bo8G9WXi0Pl|rWTvxW3fEX zmmexGXvHh0u zi1GdWzW?MnXs(j6ep=Ea6Nfv_4XG{s0d1C?US>gKr0?FzuJ`)qLtlPcP_8?xgx?rE z7vb>d-rHd;zn*?|EZa^6+D2-x1M7cwt!rLIoWEIf`IAKUrN&C~q77M2-85hp^a!<$ zdA5bMBjW0&);WZ4+fPk&1g^o+6Ocu+RU2<;%@uY3SwmEdN^k+SXQ{@7AlVdPVZgA z+|~noX83h_O^)Q@hGV(~c!qItDaf%e0pwU4#xD}833fC1w1EclC**Vip_=;XbJ1;IWl0#)h`r@?%kgB z)0Pj3EY&QrRh5h`e^xD?kB9O-kH4VJ z{WShhup+1D7vjgC|`XROyrh}+;N?9>6&Vqw7>vCh&oaxd2OHkhr&tb z9rR!4i|(Wl)5w!=nYvMnOFy618%J{)fb-X>PVW$TpH0AGms2TP(x@B#`%SqN%PF1< z`*W#I>7_AEz17t1v@lc3vWd*c1EjIC@aR9>4c2uAPA&r`_`#sS0Ey3%iQjHF0{G5k z^a(Vy$7bpa%PgVEfGVIIYpb9BfQ>K=E1`QF=wrjk&x6^-?sx4FjZUwo;QU8gI-&Nn zS}68n?=a;~;Fc4#ZBm69ju^3~AcKm1!mej}CCbPg+x?|l*!d4!Ilr2d*b0%Y{b>DN z(A{)DZGu=CNhTmLpA4vtXMUJ?C~tDsf0llUZpB@@i{kcnndfZtA;|mrrj>X^lWO`e zHEq3a_x@OJo0<1fky<=mTr}goSSg8+wmhY~rMWg~+@a1>{V=4+lIyGI@~{FRA%Tq% zf(BtbXDq2MeM4@xwj@~_lr^Nbtm%FQ#$eRvn?A4rlxU_^jOD)h+!dr9yCi}h8>oIHzuF=w*NO(Avs zK@VNu$p{i#RZvTJlrvY>AfU?yfK?^Pi2V`Gn{%*lC%Odl&tD;pT~lxBAVhDa4Szb9^><`}6~gq)T?w2PB%Wq> z{_K~kn0~Am!q-YWSsE}~|4HGp0gcRruNW!{yb1l6670YoJg@}C+>0KHz37Y5*j)1? z#-Iv*&{tD5j80Erlcp%bXs-u?u5&84a9dA2f|I;+;FO!JE&5#(p0!#ov$Ez|f@zEW zz!U_-zQ`eWarN^)XULXd(OeuP-g=Q$ksuT5(ATh!KDF%jajZ9_cL*&Kq|Lzg3JRo7 zBbZZM#_Y<|o1!aNDdhJS+Q%r@F!<3HKm;W>5Y%-^$UBMSs=-?qyWU;=3dG^CqJ1IlA|m&4jKSDJ4(pL~MM|qhr~8vKr`v>SB$FWRhWTyHE)gS8 z6FoLem$BL%4gLyZaxM)iwFpp@86_Q|7}rGD3>%)05mofN*7QZcNPX({hVeV0XuzsCoH7zwvX zA#g2N9&~vx5Nb@ZW9DleU%s}pG4dn&SLYV#>^?8%5Jpz@6DtSx8CV#2Io!tCuh}*I zleq>|vD4|v>x%{!#GA$f$i>fSF6no$TK=Xa(#%KMlz53ggIcE?!Oy^%LhY@4lr$u< z7d6QwqMXZGxXWsB?2`a<>4D+7O9gdkq@k4ONW;Jq;QrKvVQZ|i#J6-Ho$7t*hD2c2 zlO>~o_jbyKKHm*S0@4Fa<=sMx7BNpm{pbkbwSP$$y@C<{Fl|Jag(59l2xHtk zCqFelw;aypwaCjz%QDk{C9#gKV#fvjKKWGUhUn+tQe0a%E)58^I7uz;mIzf21N}1@ z{HYAD%#_T37Jt<8PQU0$!K`>52;x>zmF7O?A5g%b@?w`Zv_`_{5a8&!8S|}4uDNSz zXiN+b^LR~E7#gbPFf_AL>rZ<{nem^Tnfx(AbF+xEp{w$)Lkt}aijmaB>MU81!s@;40ZjjiB^Jmta!35YH zxC;%$Wdfzy>V!PSldF~Z67zkt&Nw6gqn>7T2lTF&D{xv})-Ck^%{`gGVq2voah34X?sKx7|JqWEosTpow zu~vkAIEYmJ8K*+iyjZU(T~HAkv7~($7#seLk3QA_S#`| zfBP%8{?VtUA)QKGtjz8&V>~*Ho-`9*_NUQ&Hc9GM{3(-f`L}scEj|^Jx#wTL7g<9; z<#~ULMm5tqGxzE$^1pS0zbpk!S{63<3veJ7eY253t1mPL`p%S;wYiP!XEJQrG4344 z#-2n;WK}UP`04oD|3@F{OxXO#V7fz3?ydq5%xjok=*B`G+n-ZZvFB^0Mu;>-NoYtx%QO#dn*h`LkY1_P#@cXJa6?&%I#iD0>T~T?iCgqpa55 zLJ8$wk+fppH5BPPNo_ZCw4H@&S*>@J!%aKC?Vij!+LY%OI(l$Ka5HyO*FpZO}O7Gv}W;)Ms~oGEx` z$J#y=-Dh4Wd)T5H2~oG6ap1h3C`aI|eX!Y{m2Hz|I_g~7WDqbWZK#kWX}Hm=3wRH@ z%H3Rm?D3SQY%^4QC95%nbLv*sKE){aYgOi=M zO%sUU$OZkq*o~{=Z78}1i`A8VKGvc8JfSrH(}$`yzfHYux(3ylUBATy{UAyX@QtSm zhCk0;0na!%h2XRIj%NpZKk2RJjFW`lRx9=brHqV3ch-zgnv52Ma$qmfh8@JS@pNZv^4If5c?{WU_QrhMC`U%m${MIYpJh8~}WqZT`Ej^Z_0!BHaZ}YpPOYv?;ARbp_f0Jm+gVq`&`c|!BH74ytMG1i&a6oi9<2WBAwvG- z9u+7ajPOA#&19U*-^pe0zp_J9bCnC`veN}_PxI2x28$xtKJ#1{IAO8>O5z2pKJ*;! z9cSMZksQ`Da_H0q-Ss-+%)2JAAtr3w%b0yl$gz(4yrY=x+24VGcA!;x^m6xItGsG~ zvUuDP_Yf@seT63OzFeA0u9v&LN1A1kOlk_;^0NIm=v7-FkZC2-Nv<7ps(=atKcP8d$MgLY&%=9^FUeLeH@7tYEl z2bU~3Wqr~`@JLCEwUH<@k_uJV>IMGaovThu3R#sVr-+rx+UeZyY1K^@H46;t_Azj1 zL)?iUM;%Mv5EbWh;hCtc11aNhzc=a~G9YWSZ2aU|dGP5Mr zrtfa=ymaT3a0Q8TvRnRi;Y{4@PSy6e%z^0A&%fr*JG#05af9r?)W2q5=2(Vtr@+UY zO2n=oIWA);@Pr)fz0JO^8l4RG=6NjL`!D|jyAC71-)_)puE->(s;Q263&~*{HEPGv zhtq5N#b08;55Bus+$@TB>X_S7=hw-Yb>uqExXsvZ%wjEtAdqFdK7UU2pZWt@>R{m( zSx^5eH-xTSU8howuA)Ez_KX&CsycDjtmE<64J|LN3I7-`@NoLDN5Lr|LPmVMP|Leh zeoP$cUg`TcSs6%Dpe89|sCyIkEdpBJi+J$~eB8(tGtAZj6KQdnenwC$IB*2#Ba5_S zh+_%Q+A~G=ik$qG!bIFiWJ#d>5TPb7zznK&KtdM*AGA;Dl@LF8A0y^N4UV%#mCdVJIvk zp1Ayo-9{HWF8V>mO(0!;0ly!YMRGRW1Doo}>BH4ZV1iIuhi4lRUEXZbyQ>a7*dU^< zmHYkVF4EKbKYmKum!?W;mA+_Y@$^m~&0B8}A6Usx^Y=x;Hk;KLLhTui z_b4ETDvdgo2_V`O=&z%=2{^G?IDL|2+TIr$U^$=<=}$nx*Fvd!p*L|cc8LG=LyV8y z%W7D-QRB`M>o7VwBl4{w1bV|d0MSvm(~ASI+0@p??&7cfs6H-ND^2u9K3|oIkomGG zvd3Gyg?@Z6S368P6bJtP6U+;z%*daQZb~#nyJh*Cdhw-CJbiZHZjc10g7_}!evts zws112&KR?l$yncfp)pkk9ryn&gBz%V?tm$rl(&)dvG=RH2mI1Lr3ie?vyU5XXsR*Y z#r(xn2dCDy%h=bAv(iI}^6&MwqH3(G3hSk?^b^&4p1nscf63sP1p!3hBB+ALSo6C% zQ1FxXMEeu{J%ZK8D)FY^v=zLD)9&o)YrHop!ILeW+5UNCY`cieepgjXy?AfWUSPR5 zGNsZ2odnd_L--={|NGEG-%eq8qu3HQ|H@*)Ii9K^G8{XJBO7nuZteweJB&{3@ABNYNsqheeI4$7pyyW#Ux9^zs(rW0(Z)XnkCxe2 z$r)SCttK8#GmBqS%nHmwrX=%5wK4FgUE_N8l2o?i3b}SFic8Ou0i66KPTS}jAN*7C zC!bO{pS*oa5+OEapl3M00n7<^U0~_@C{$(b3$L@H%;mg@3K1GnIHxl46M9|=U8de+3-m-gC86f z6A9+jWW*yjmikF6ng_2Ah!r@3@R>%UFVJ#Wb~Dd!L#{3q3MF-jO<5^gT2J>46NANm zk1abP{Za2cQFVcW6h4h`o@#6Zp{ts+jsFTJ0bMl~o9=oNb6g&}7HVQ4#DO&d5qhkHlG7J_Cv6$?{F z9I!CKlJ(G;8qcd8Ia#V5FOkQEB^#S>k&=5@bqOj=e@sV5YNXfR2&0Rc^m|UsdP9iK zW{L*Tx~0BdY;iRm|KiHci#7Cnzxzo<<{+M6(=6jWZm%gAD7&O|Oug^Jh{RS^DHlp# z@2)OXh?en)Bk_92HZUhp0dpDre}<)ReB;kEM7>kef|N-uPu@d-s2hxOj2Lffb0T;U z>Td0dGA6vPsg|qE>1mm})NaSnp^6s#y;HAAcL_B2W>(iHYrXuM5BOy}gH=oob-1KX zVkAK7pVmQwpwZzh8heCpimG2E!2p43D*qK`;QF&8UM!C1NxA3rC;keV>OFB$N|&Ml z?7WY{M5jt{m%UWw)3_wLX_8T<5*~lui7j_>4+5e)yz*&xVc>s4FOkEts>t8PwhVy= zEe)-`(A9MYS(Ikq3%ZS4j-TtJAQ(wEw1WxjU#vjcxqt;j0^ue0bgtRXwIbw$%m%vm}*T%EfSer-$yJf zMdM5a?Tj%6kzy)X=m9O$E7ILvsvty~; z_1DLKy*D_`J3C1DQ>P7u=8Si*_?MqBN3gj(vAI>?y0!3}eotEqeaDw-4Ds*D#as6y_!H9{>N9 zf)qISXOhxGeY(U_ttFZ&7tK6CYWG&2-7frhf$IvYC=da*H!ynxyKMVzkLVk2i2u$a zZoKp27q$zF`#dc3NlQ(1*sze|8Xqzk`9E{i=h;_bm9;sit0qI(TCxjf{1Rc`bvRM3 zENh1u-;Lz<%HzW#770rt780ny%~U8WVa{T#O{4%fK*+yMzN&0nws&zbWY{Ru4n-|n zFFsWZ9(BrGzESbnKh^<)8@z$x=y}h81bP@UnJ>>~&%GozObYFHXo#TLEo1fpz#}Ai zGg79ziCNGuV5hwB)BYx|#f-wUJ4#gI`zx&DT;^zVLq!+RMC4(XAp#K%gv$s~>L~jJ z(HIc)Hk2`S{0bBR%=pJ?CpMY)sLM#a{#s|K%vqbW;CK`hR?N7K#F*(arONA%*Y`GZ z>1ktXm#{81b5{qF2?4_mT~Pis4nF;O>;ZKye@?>~;=eE(SRvzC-cGE)|8rFmD3||@ z=`{7+7Pa1XN5T?vdJ%&8qDyI~4WXPm5GxgI;A|*?)(4>=709&W9nX&aub~ml|2o5v z(vMnq&mDK5aO!m5G73I19b#GI7OvG)K?>=**1PptB{20WhUXM?NbsJGYz&#OSyJTS zo6|kG?+QFCePw-n)>HG25B8rg>nnq##7K39N8nnZUfWx9FINO~#1W6rG4g~Ys&ASq zi<7dORs6Y(#f4DYGh%lb$i@4mGPFP~1o@(B9!BA9rrz>ew#s{{$$nHUC_lvQJuAI4 zEsw#Z`Zt`pduGZ~(H~#?rUAvBb?h>TI_)&i1Wat0q+lLt2hzt|tk&CMfVYrvA_)ai zJ9lcuP5iM9r&;ySLCi}I)#5;=LcolAzv&f~PXDGoZ^Z_;?C+0w-r0KgBsT@g@TCWW zYWnc2{N@W0XX6#BA6;@>mx&2FL}9?iq=%lu$iQtn&@h6Af+dLml_5Fpj+C)#c8cB< zhv^lsZn6${4VLHhjI+jH(&!DQR#U{{I}XG!rO{DUS2pus-LFyDJ<(tNlO} zw=kx)t!B}P>gv{s`8V#SbmH-QRjgj~2!HUYF~1qe&a5hume9ToY&u}L4kW28V~?T= zIgHKQd`-JarTmO@$p?^O?{%ICU#gM{aen6kUsK&(=1f-Smm>%P%CWg|0$Q2tfY)V^ z+{lClx^zE~WJ9Ol-06cS#I+$#;U{BbVoiip@pKRqooOeOxO|)iJt5U_(rthNDod^W zkI5F}mEc<@Bg8A$74u|qBHEdY&fobaJVMgiGTD2E&|-8V>sbZHJ|UWf*sUVth$%6S zXkd0qr6AxdP1766c<&hF(4mWuQp+iBN21YP`hBkg*SC>Ra<^c}b`v)V4H9rNl(O1S zm@HuWKqrX;gI;u$V#aX}T0$6dS>m(?wu0>0%nlc(rY<0cIg+I2+HMbrN3yMJ1~Jr8 zAyDjo;jXZ;Jm8CIIg(~}j0g(rP=bhUs|t1y8ev?%)ouE4vkA0*U&Qy)$j<$gp^L*( zKJ{3B2T?c-Xu#B9X7l$Zlr50>0lUwshnw+p6EfBYZN8T+^k~hFW{U0DS6O)mF|g-; z-=zw+mhg63^EuCGsf92xKYCNANsU8fRjk6zR?ResBB4{n)_+@i(t*u$?f@5XB>fMEJe`2J3&yOp@5p9WRe4_RG?+gHk%1rg~YiRF-ci z;4$GOaAqhEayyN+Qct@=(r3?r$mc@4iZ}B@gxkih85v|3J}e3M z1Vl9Ne%Jf)I4i0F9Kb^s!|OTVy_*NtS9++l;k`R;`dFN3>H3;=!x0E`Rk1S9KwD@A zCAw`$8*a6fQsDAy2Qa;%pggWsS^?s0sg3_<@{$Yf+1bmZdF4>rL9WRj{1gb2&)zYj zq&C!(uT#d|_#$6{emSUI!{}4j&xSbX-UG*YQ4mtN0GwgoRySmLVq*daLB62qYFykq z*k^twsrRhT!$6X;;)g}StRHQbR6L|sg8@p4*s~AJ0pyY6mx&EIYge}4tnlNQo0Dpe z;&`)r6lOL+C=v3hLZ|GeqWmuy6IGj#(D{h*6MzW^UL8Wgc(EPuTAk(2q;=w%Ejq2s z0ka+zDkR=mFc=sW3803LWR{%g(8dY;vZl?@tGHK-wmQu_`$`LI1s&O}UOacMM!yLd)H^3c1))%IN8b8?l6ALRV}5vIkq9=a-Z)Lo&@~3V;fR^Hilfh)#l2Mi;-G?Jz4|2iM%p#D?&5@b5<_ZP=NT1Cfqi)SVj zem2aNGXzyD`UQ1XO#8zww4r+R+`(tfg`DkN4As z$M&1oqL5O#el2axO=E(=Djor>>4^N~@1gy-(cT4MtEPszvPpJR9j@_mA9fy%MEyUo zjP`__Ct)?D2qYh$KFN?jQXZ$YI`hvKFe zN5sN^_9Bnm5T#^ILE{0>M2pv_l}?+#YpUvBkg)>p>lIZMe=6&s!rtH&}caN=y% zGl6jC1AZR9Dw8WlbQI*Z-;j|kD{cJq#Dz9j;7SE;QL#RFO4oEt3NH6jbY_sk{y}l8?8&g@GuW!nMKXd3hY8lnq8< zcbBF5Q`5ntR6rl3J8?xML$9)N)(SCEpTrJBPH}~eTuP~AmLJ%NIApx+4Q@u}sICRM z@i?avy-y4*o6ePI=AeV-*WRF=ON0^ZC%}J(e>n8$J5Z^xx7cKt{BF^aV6*T2h;+(O zuWH>NV|S9*rTTw@ZcNe(tf!n08v;?!Is-|unwjOHawTdHFiydAP)^1_E1oYE{Sd?) zs5r^hWp;$meQ z_+5{la0)7vy9X{qDZcnQYCWUMj&qx-%hA#Fd2F0@-TX10`H(~ug-PD2FHor1fIJlb z(VFi3@5sac8F8zBfCIwsp?z=w>?K6x;@1+IMwUnJF+G{c=x01ZrL0J&+DT)zD`v9H(8j2H z%@z;K_1OPFO$AAr0Xd@=0p9w4EGXE7CwE%{8%>vw}j zM-xs7SSJ~shQlgr@>+oA5o`@Bi=x~bd?bq-IGsx>JIQY=PdH<=##~NCnIC?cyL;{o zv?cwHzh$GF>Hc`|0e*~8*zpG@M;ER>$=R1-n)-UlqjFj=^kDV~DW9u7iBNgn<+V}m zWSukSJfS8}Fl0?gsMlc&c*YU63!IFyQ8mu!VYLF~y{h+%8i^k)+1_?O9WDTd8DHNm z2^xnkTnRO|tn_}Y^q=gw+O%g*JItjmlkDazT658yNglpVnT1>8I)iemmmu^F8k_4W z#wvRuoW!DGQFrro;Kd(op_GFe2`CQS96p@NzDUfim%rXflh@W6NT_!!)_vNVGbO=x zf{SXe%nFgjKNqS)YjOR5ZL(jEPQ>^tZ^>P5|M?B?xWKbipKqPJbn!*q)vzY;DOcE4 z*@={cBxXytc>pVc7j;b`n7BGri)}=&r2#`_{8#4fu4}(ljKM1uj zDb}_hzFDfP7OK~lU2{j`l`+F?6XS2COQDC|vc`^`mO@>+ZXO*YJRP6+!s#+@(3gvy~Bam6D?5FCA! z8OCVL!yJ(>9^0Pi4$~iLI?93_J8%qpK$p(K9^4O+x11StY^_-p%{m~_moi@j{(#+$ zC)GqucuQ}2%;14X>VpXuun`b@;(LLj5@knz+J~R3eH^Jk-EAjq0t}&r;7IH-JZTBp zSbk*?w3pMSVgz&xBF2gKZVjkNX4GbzrWYN@WPA3W(|XPM7=HA_@i4A4 z=5%M)pd*n}K9B&rLFMfu8P5~h>$iaK7HP&LZ)6nwhOj&Ek?gn-NwBim5Z;fu3*3Y+ z9e{-Ue42uG#pc)Scq~ti$5SkAC?l+OjFoOAJ9DrV&_F7Gb!uB+DB4y0h2I)Pf0kqy z3w@2sqF!o2>L_-pd74+(hu98ZKC$Rf>hDcCKm%hIU-N?0xJm!dR5DYVfFJ*(^PZ0w+XF}A==M43UXnP^!I^@Qrj zp~P7ecr%%$Y3=#qylenVP~fFRhp0kG@;MGK2Id^)B-DRTbCDPY8~G!%7?XS6JWS;`^b&JkLS z6D`k??zb=wJovMGo-g&BS%OYnd(kzB{kI%xLQBDT)eS6L?WkO*O)(Tt{5iF9ph~Wq zzwm%ul__Zc^Oq`&H#C~nI8gpU4jIL7O!m4mLizcPg-fQf+lwR<&DJBTgEZODgp(+p zvN$qK{-QUoUZwg9GeH@wt=~taKM;=j{?J)lMJn^Y?N_KbCNi2%784|66;tBqe3W7( z<;FD?qE9qx)B^5CUXfx;B^)oHOpw(yH8qEghnTc<49MV2tm5!FGJIlqDW5m%@bGE@ zqyPkk!=rvS!U*&eHUu~%nFRW|sO;#ZTVqOsPhY}u(jGLuOs>_qNzj-XXhtxT>6-l1 zRQm2bNKK|a4#T#Bmd&J{f*5jRw>A0;&@=IGKM1rkEqg_=hnJjzExG+eXs}_uj3b@7 z@f}ODoe%S+ewYNPO#>Qozz`@!6UCcJ0z2R?yA@*QF)3}{1|SUEdPH6*nWvV`y>*%RxGJsQk_JDD#Sef>T}`w2 zs(`>o$D&U1cU|N!b*{kB8taRN)tFX z&2FZg=gL_I?Rwe`KieP!43zeqpfkveRY(GB_?K--mkYE6C8z<}F~C1Z(#+H0^i_?u zlVIWA1)`tL3~F`=@p$04mn;%H4t9dD*CjT&M&{PjMv8V!sxtmheqISlo*~)PH5=rg z3MOaQWkr-Jft*$txJj6|M^gGLPlA(0(E_yu$GCfRpxBBw8f9{1@GLS9a8WBAE^r62 zCBG|+uzUoEjcQ|$-9$Erv7KXGztiYq%?uP)&y=>;!j8HEM!(#YA!4rY_^5Tzp75R# zb~?5=sL@4uI&A@t6T62X@2Z-q-KH_^BVC_2h2Z(Myx&DJJbSFFK9TG+oB0&*dD|aU z69aix(2{{S=sTy|?R(y{Dtj0vR|`UaHOA+6IIs{JIf)y^Mj{=U(Kk;$nQMngQUHbU zT#GDDXt==WGdJW;s^EdJmn*UpOLlWwlHbaps|y&|HBKBH1s6U-Ep%2vm6)MaXa0Q@ z5yK%=iwq(=?C~cg{HlH%Q=#Ad`EVUIFIDBW&0imN(@!6v6cl>Ke(eTN4k<5s8#KYy zIeEnn-lZ!LRvuDEZTnXyRH%(MmObzC;^$@f@Qzw&#^E?cAq`wQQqby4XSPimT@e|_ z31cfYUPr*{885__#)L-C&_6{gO!bIUU0)E)u;l{nmszC|e|vZ#WNe}$q#;lq|1r40 zwecMB!638KuMGd$FUfU!kW3s}gEQDjqnE=aA*yuw+6oH4MA0kodMmW1xzeD z5Ez%q!z;JLsUdqE!Zz^zJ{E!Fqr#m01;}4+Q$vuFFgwx1)FUC8fVkJ`8(h-bJ~w7Z zHlhoQ1)iSw;QM?HN$>xOk1HjaQ2s=ni-aNoC3p3(Uu@Xok<=3~bc`ihp-boLM&^`% zD&6Znl5e&hRLw5fs^)VCBI@@h9@CarH5O3JJ@59y^5n}M*y9MJ?h{{_=E)1RV+ZTR zc)@DH=}F41=;vOm2e3V`>U762P+jvT^6+4wV8;Ac>yXmeN4?jWew*28-DIj8ut_mJ z-azDSqVFaiAfM0RryiZ0Gvsmm%fVDH1kx{(3jaSkum>R#F0*%}R`7jH8jg#I_M93T&HTanRNTh8vz+)d&#B;Od*_ZJo`Y7guLFeuaBc* z*4Yd+H}wc1&?hkbyihSycbt56MsGEIyXHv>^M;X?nF}4}j%v|(kl}jhLHTaNCRUGl z5>}HI=nqljm3vd<>!ilWNq`CJ-uJgY)rlZ&JWmRq7DgRln+Qsv=sK%E$A<31 ziR~^b5E&1Y50Zb?hIms(YYo)y0=`0VYSs3mGiP^%Dr5OelFaHjftCzJZ$sLudrBu4 zno8u41*}ohG#Y49HCIzLTr)xzgKhuzU=2yEo*Hq?9W~E1E*UwQ3)qD;J^FqM?8&`~ zIZ5Zq%w}B;)y9@piOH55S-(w%gQcpuL$jnLy;N=!_>K$)Df5PUJn&RL}n?UzGUnQtWxFc2A@^6 zgg4u6Oq(-zRM{6ei}?iev>fpl%W>dM_;oE%hMidv#i!io$wP!IEWNheFVd4I7)!DN5n+& z{EGAx^OZ6WXJrSBS$JKodO((bTXSbiX%x)awhjf{OF|+6ul0|DUe2(jeM5}jiTd)E zJ(j+sjq7mFVW|3>^o*TjzXeY_tLIA_uOl;}zdq_T7TO$d`i40j`FVPgj#>ZnNIV?) z)*Cyh3aU%{`bk$%r1p$NaI}10$s4nefdU~UoM&dBFCHw)?m0ExL<@KXuzjM zeU^jyrh?=DmK-uXgjURD+S#Ut6cfeIRx<1~s~9PjS_#fK6ec!sBS_ANdO85F?^`eK z$H~_zdIAmjORYeYO(@qTwvg^Tcb}jzG)53$Hk3mt>w^xHh1NWvkcs+6#>(6EcnB+R zT@DNqvn7V=AC?tvXY{k+S}P=F=Hb>1a+8kpUwxEVNJzTNZD+}P>(2k?=GW2m!sURY zm4@Q3=|pAU;6@RORD%4hWmqiJ=^ZTpeez7P4B5nV}AHR z70rpB+M!}BV1R4#YOuEfTa|ATR(x{K>56Wn$ zx;rV+%UsTfBL=Wo1puLuS$Lb35?|QGre^X6m?Wl*-S3}FGXg;1?Oyf&2|zW&$BxKE zK`rH#vKSA`w@{-fbK30YFt^vG z86OdJFS>k{#(BG(T6Rkg*2tGQ_fj5XwbivExju@@Mhg3durkLlP<4DsBYg$RP&&Vj+QG(3zGi6~g>~v#w%U$9@@xm_Va%gEdTC@T3C*Zuo z=}gNkz#0(U8V8_;|Jols$IR1#pmL7${SS9dVAAqG z8ku6Qqn41XYUC`ckh&;L9wK-!Lv6ujZ=aq-PyDDS6A)>_wuB*nRYW2(aTv2OD5UgUaJ&g=oyyXt_i}dT7VHq-K!q)s*uv?~_)Q&So z63TqV5za>j9-p?h63_OUmKIcuTZ^cvbkEms9r$0Rjm3fkY-fr8bkmWkwyd|WMv2&t z>}!_o))iP!wTvR;nDtlZ5Hj?LQnzXy&@7`F_WZ9Un=Ns|odaOgOtUkhXDth^tiLJg zHfeVoeobqiWC8JIngQ9ec1<@?EO`wu(fTX9oM-4HKjQp-gedoDbYR*ksHpMBZ){4G zVK9A#oA!2a3v9g$N4cRlJsaWn*vv05yt!>awnhjGVujW_qBjcb84=;Ws1BVIxEvt0 z6+aq}pV_@eV`6(tcNOh8?{KwSQ^%R(sSKOvM}qP8LgcDJ!a%Ei=JZTZSz#VdmdVNA zjB)w>e`0_nYGZ7<0U{h4iC0U0lSbbKpQc5y?jf@xNTA3`?&zJH2#x5f(hW&)1oV?t zpJ`XMsX+&gXQe&@qwoyN*KcqN^62(WF8E=nmeu~>_6rxB%D=AG{{(ad(mrzC*RSi5 z6mpNzI-_Wy52XGv^59P#2r#Xxb6Mn8v67U=jKJU=LCTsDcTyfh)2u-fXQ6wV{d0TN zCHKZ!V%$&r!F%XJfai;FKz=KSrVFrrx|Gg27*7Tro5PsDuMffWvc&@t>0^~t( zsurVCPxxSf%~O5BBBIr7<4>di`Wf}iP(!GBx^M>_gww(pBG3ii-_o+`vbSOj5u5hi z6!47cJnoB?=n3pKeATNvLz=GL6*)k=Ks2od{G9#+y;|z&cEzy5M%t|SE_B+71>VE# zhgkESd`p2V3<3Fcw+yei6OQy)pQuHMWi<%yKZ^=lQDmy1f}+ImHamvCCOZOcr-rB# zNm&KF`LNT5KykCnJtn@Bx`F^koK&uO4a!mPL2;AnxFDBjwDE_=LWZd!=)4Ft&$gwk z2P=k5X+o4qYi)!&Q0mz+Ol@?Jhes*Uu;XvseNlRJ@$e~FRz+n8kd50UPTW*)kk{ng z=uOp+t&bgAw=TfqZCNB31!1%BX5J3A>^EFV>&#v$e4>%#V-*|}2lxB9cYDb|-4M=A z8#gePoCJ3&iwp%xUABApaDSloxlVfc1R^&yiJHGCD6jEt=9A)<2$Akbr4Yqpew8CR zupMD?I5^HJv}HR=un98gGNE_bJd&~!oVeQ@cVnwas`e!ue7TL10x||IgcugrSAm%l zT6C{M50%xEPXx0>0pQU1U~csJ9)5c`)R9bsTC=I-{8_h58La)CiqRL-yH5N1%gOmG8`}(cS}2ok ztvYPLuF7nM^~eGqW+YbrNolD;O`AefJ$#b&^&I+FJvciU5DqFn2n$w_MawHCj%tmF zT;@(AGgUOl=WzLW^L&CutrzOy2Nidg99dT_VQ+-j%Mgi7y2$CK-kFFG|&WFcm?nKpJLhf3Hdw z(1`%R#v77Gb>PXFL9UQRw@l!zb_@-`b~(gXP``9V4c`lJ!DZ8;gEE$Tl}A}tvk?dB zDKddGcGVeh>P2*D_H07)%S;veB;Q^?UM6lJ9D((MUi9Cw3ZMMIv}}4JET~D#U3`w* zHC7(CjR$T(Y3A5i7f6iW=j)Txz5t zsw4zAp|ogRc3VU?>6*~Y4BuIt{}f!h8P9K*o&imz|?`I=Bl`7Fb_ z$K$WliW~Qe{odLYNj{pgYuW4lST;?3X+^y;l`I;Ed0{_1pSi+0ml#dw7uc7!i@eQ~ zve%sLu6}|~&Whg$$4eo4nv3rrNJmem(T$t^e|o35<%X%bW!k}FJ9W^h(jsX!%}ywY zjop%f2F@EBNU$Xw+j#{9;F|Sk9Bqx{aB;(g?xm@t|Ind*=AJpJv^?je3}NKGFIa3B zu;}sl>63FX8+wMjA%ipR1^RL4@Luu?#9hGJto8+^$eLSzw^q6&TDZDDN&j*~JF~~Q zh3IZq>Z(?_=K5e0+yLMg<0A*Aj+sHs#??33S$MqFBgA;yHpw{pbCyQwYG;Dvmv0q) z{vi}LkKImSc|I=rOF#44mj{GN5kKc#;&BnaN($}ki_J{_^FG?WjM>hh8Ts&F1vH}T z9C9K}pr$7hg}k4P;J#GkPsqBc{r!N>3K46YDljk`a-Gg0_kJ_aD2=+q)#Ob4W*m&|4$VNQor!%Unn zvJvYIErm;cjjY(03a8`3h!9wr}^Cju~ z7yf#uTklx7{2X)X>=^tVmBsGt4>Pl}zF6E5eR`f%oWl<34%HaXT?(xbYf$)Mq+WJx zha<3@uL8|}py**ea+JZlg(R?6$g~61?t-TDxtyLi%g2QP^#U8-SS1h^ z+qn8*cUF-=84GVa!9?a^X!C?o1~GEHsNrGVJ%Fw*!;gnd9#9biZ~jnSAU7zwF(6-aix$B+j5{;BNyjXBzS}O|*S_AV;!xN32a_?$R4;z5t~@6mxc;`FoeiOG8h7LeL^`bJHu!JF zkasJq1jJ7sxg=~o=~dhUYK`B(Sv$K1J?j8#g&C=^c5Z|8G3?_iW?OkGN*ocrY)sGK z)MGH+<}vKLt5XKZ&h~y;t&6m#=*1bz2RBttZ2?m4#LZHXe~^T} z!#SYYK-DZy?=)3t$2En45gtAEDTFr3u9*m3Ld5g^RBQ~?WVb>(%mUgY$7~G8pln)t zzmGTALt*fA01^|AgG$d{w{WfSgJPc;XSw&uk!CQJA~FjSNQL~RW@n#lL9DLH+r-Cg zH_Km?NSav@nmDPTm6d}Sm+lm25B|=PSdF!1lmBm|?L9k3`~l&h$^sBW`8DKk|!Z%U(=L$BGkNn-fbJ z*7W~;-+z{~x6v_g@z5$*!#dgP=0hDiC}`wLGbbodKH&Y-H)?ymv*r$koCQ$Nf*Ds3 zHBRj5;q~_Pd191KCKlgZ!PPu_%{89NB>I3`0~kcje0|5b8v;+9^!_5Q9n^$a{E%Cd zpoA3oi668eHk4GA*8A?=TQ%Kw4d$I&lC{=&xS<_7a()5fO)h22f>n))s)AqG;aF7b zV+^r=aRJlI%kA$+-6-kT5!DZB&gWL6W}>mKw^`lKij+H38XaGJ3Vbufur6FRF8#LQ6r>JmU7=I)wpp<{HXN795^WsG(*UHRfLfri@#YEH0;|#l2Ild~lHf+o z(hZqbYb^$ip*Onc)(nOyU5AA=@Yqb}pm^eHtw^v5exwe;*9ZSiKpvvBTXU9;!RBIt zEG09A2U^uLWfe6ow;(PbMw{AmmGt-KNxpCnSYV&hb*ns~O>Daog>rvcqpZKC!)`rk zN7x-|?cCQ8E)^E7tAM`)B7rYtK)L;mlQ)6WQOw#zJhbI~ut&)*n-_*7>WaGB9Blf* z6v-k_G7YWkmA!=8Ne2C@FgS!$QWTUN! z@oI)}))v!)OotUDt-F+27}lbdsr1@023}etah3BOHym!8ukRf3 zLn@h%E}sV#FRt$ME*5gYUzcpFDo(U|rJ~z!U=zW01b3~nh6~c6Y1%7-(2-leLFKd zKQ9xLr$|Ux!w^tJzLLLP;syTgq$xpnu(Vq2K7vy6gw&PD**xCIgFsX$)>JUQt^W0Y z(86K%39s+PLWMu}LH`)a#ob%!(L&yW)a8o~OSpxHGaf!Jnzrv{cdfSf+yW|ybu&=6 zHU-cYj$?zn`*LHpT4DK1XBMdDo@ePf%6wh`SKyr+_6b6!o-WACo&Q}Dj^_A#t3`iN zTPS{?uEY46wNa*_0DxLIjHrN1nQpRqF>UV@fwnW^UE7LLDC51vyF9c`tf>%!Y7v%X zQ%(d+MIMZv*2|>pLx{1IcmocUd3;@5SR$wRr#2FCC*Qo*B9y)OFxzFXTd93e13z`W z+RGrTYnRLiq80=<842%W7)g%A;%%(Hi9b=iuZ8(>B7N2C-1`8o^&zGYOw%jm7HD)1 zWp%uy!ZNp>^YMWs2&MF+N87X36iIB0UFhsIy25|HA#-T;^lXAkYeRHCHM>Zh_bm6d zJ?VhF#Y`K40jv0ajzLb{4rlj1LZiz)L@KSMY4N7qtiU8rheY4;Fx}1I4c8shE>I5| zMA7e7?rG1#Rm;^91=}dxG#mv*sX6RrMQYJ;fq_FNOEUxLFDE-ZuuSQ)`k%$q=k1Nz z#zZ+tFnzzLgZlRY+}VfJLcbJCg@7ZNWzX1Dikd3BW$nD+1&_s^vDz)bg{d>K)Xq2$qr~~FATWe zv?^C&RFRkAte=L9o%M--oOrY4C3q5og(}Yb(9SwZwEk|3Gp?n=sNy!dae}!DR zl+nhRZ`q|b09@LFkCQ<*Xv}IyISFfrL|x8q+S?D%7s96W0N^0a1*ZmsXBcrHxOK2_ zJQ>`QaEmI3X9i90 zwQ}LfcS|Om6o+^eb{Uf`eHAr4UvA)&GH3`v0ZlmY22Sb1t&eaDnuOOmCC}q>%lzHW zfoA0$v@msSm?dzt%s@u$InQI3G}{y%t~G>ennUQv?2XXIwG=_iy8?#7gqrdjP=A01 zTmm6s^_5T*1XeIY?0u2OkVuJp<7-yk=veXj?TJ_mb3Z0kyw{xn5|VLp7RMtRM}1D= zR%zF_uI&EGFofTy5?70qgU)3?%0vYoPXr%Y=6nti*C?hM>OV{OGV)j7Okk=CwW$25 zUwqEyV@i%&AT>s8?eWy-51houm22aF{btu)>LrCcnH1?N>v@qhA9c_1 z@y5Y`EkXP2%GgdQ@P{6?96EOU>nzOPrpA98MQi&{qLgV@Cx_&YDgi34c=By3Arpy924Pch z5H=85SZso)V`Zho+J*C!82rQ$o~Gw*bg{2^5=-;gP-kq{o1N3KoXnbF5huQ{*p=2pqEcS0WJC#tUb14#Loq(LH$fv zmvSqfDw6oC_4fEIGjBo{Z>&vAhRql02Xd_kB>{_0sk{yeq(>#fDcQ+qZa7Xvw%FIC z2`E=ba#G#Llt0imHCJvK{vW>(dspRF@!sQ=gB3`s3QotomFB1e*L|w#Ow#lAUP{s4 zvf*flv_X)bBTxCb>rUo8iN%g1Y$B&Snhj$%QS4iiq13SWurL5m1RykBGxnv6$rr0r zN#dQZFZ1M&FEH$W-(b7Nh_CK!ISU!jDy9*G;GZ_ptOP&#{3dl}Z_Eghh2L$4Epz(o z=#dCiOR0j#Lnl_3x&;;R3`@J({sU1wte747#}HCg&Mlj17ow{1 zT$6PVPA7o$jnne>&$lPQS1L0(z}qf$y;=+DA5R5NXKUcIb#apRhamu?D)z4sT~==y z7D}mHZyBzS*Zn6OeI;PbaL{*idi&{OOXj@tv4#-lG@ok@ugW2A3&MyjI<%#_eNo-=2HT_Qoy!+ z2@#VN886$&{z`UgiZuj0=HmA%Jx{coS#B=!CH7c>ipsS~lJA&9*QH_>DjODgV zggNI~q);1|$XBHrZTQliV54=mI8p+&UVD5Zg?TUMcJg)qz!xpmczBJ61eNKcOdylC zv2CPIDb;ADm#{269p;?@hec?xyl}DnVfD7Z$ep!E)40J1hh`QSk*|V~%$GcFWQSR{ zHSF_Bv0BitU?5?nNz5W|Wzj%TLz{S$PBsVMsOw}^=KEUtG>UZU(0e{0Gp@d{&OF65 z+%(G|Lik@9yw+sBw1d(j)anFl2OVd3-p$Jvg;nt|L>+eSS=tk(d-DY3myp55WbC6D=~Je=^bw45;>pzYTOeX)~9E7|>_Iy}DBmnvz-b z8){=SqC(yYc%e31oN5RW=dTU%Bw1*DSLKU>FGi~og#})qB4_1X$&p`N2X={C_w4?? zDQ9G$0d7i!vsnJAor!?;^Kf&uzhPdzJ%_`5ac&Awrv#@@P@~))a-@lB zWmvY;xJ$}CEhPA!*VteMwYK?tn%qgALlDniX~d+<%fBTgCmi6BAM(TKK_hR`SJW0T zFHb8S7plx+H?}~sgzJKZd!o%Q^+TMo$9&(H)$jER_aacN_=FrHIhn7E2=~>kHRLyg@_tf% zpf?Re5A6}lqH<=Ys{<1<%z=SXJ(@ZoVmA7&q98=5|s zCw~D^X7V0>Xhq!J1$m3Y6yM7EeyUq6k-Prhs|ee6p9PGm5>Hz-bg&$(gIYRd(Jx*k za3gwNec*rBO$75MVWo^}jnwvK)q^wTE;PJ_xQ8v&2`M8AmQf*MzvG^I4fSbuBp?-J zi7^YBJ%<%Npc_7kFy^1mj)0E4yCo48RX^%?_=x}Y7ec1$Tut1zTTe*5)9>HC+=`u& zE!hYJ4Ot(4__P$h&Ddb*&pR7UN9qXXzV1b$P-vIzNbL4n7lDg|RKyyv$faN|E4m_n zwQ{X+#H>QjtG)n%_M0@}C~JGav$|1R=-T>rFFJ@d@+ZlPG@}z_S)p!ni=0|B^E-$g z%61w+@xvEjAqrbQ;c4*j{QnI~rCR9yEPoFC%Muw9$Cg>x8(B9 zjOMGzgNv@aD>jm{i2p7uhaIv#1G?r>z1pOv1z5>XQa|g?f5|f(fJCMq2s#W9dM| zp}B6k;ziHIucP%X#UzS;#nZ@U$*Vu&94g1~-GphckP={1sR6Qi&hu8DVN5P(-RVui z%a$zEm?moNp^{=t+)naASWl1=jW<;j+*gyVz*D7ahlzO|IIVCd+T0 zj3eNybk$bYI>b+`p7;06)nSQ(YR-TrOR{UW4a!jJKchYcT4rU;AO}EQ%TAXe6HMOh zoA+J&zNBVq*2Co}izm#?Cg@~%f#na;A`!8V-wqc-1>}PIZy!U@7^psWQ9FxjslEih!B+;GAWL$U*7mja6hG4^iZn$U1ZyK!I8!#^Qz(&?e#HI=xEADhJhM|@YK z7{_z00p3M6fS|NdQIG~#@OrMR%OBT6I^P~@6d3(p=ClIT)pOdz?c~cdZre-qYAX?{ zUq2T>+F>2ns;)Z&x(kgJrOv-xhti_1Lyh@r4*SNM-4iN=G5eS0HX?dAuNf85xnc}N zm+e1$-K*Vy7|y2Etqc?pMo5ou<51Us++jf#Zs5T>-k`e0pPQ|_W3U9hTWp~d9MK$& zC{5m4RQsXtueIqAQ!CE(ULo*?R@D(dxT zHY~DxVOU_e2JE=hVcBNuY)mKYW|t3gS`smX$^HdyQFOX|VR=28o5VrV(TTL#2M4gNywSj^E)y|Ie5Hc)XSIcN9HF zWoV=Bwn^ZSq$VX4W*U$FnoFBPG8xc+4~a2n3?(+Bwr)p)JoO*?Iy@3Eqey4a%#G>t zMa>H=Y!5r7>rtL}j4)K3ke3mygR;^)6!OP#Nv^_{0qfB;Hf{*-92|wId&D9{=$Rwuaq~I8n9N8au_c%I0ld7*qNw zA$J3tM4}oT68!oV&Ytu3>Wz0Oe#kd~x{%VVYQS*HS>!(i2hX?L#n!|s1&uWaLT*^S zydx&RLEKJpwKW^qwqq$|Usrv79g>r}SAy`gOkvrrw(tkjP0LJ)F{z z%ht_8Q@wp?Cd{t#$FSLq510yFwJvv#_fu=6@kl3QY>4YFAA!-5v@(n~DThTAVL^b) z@GSZ@>}0?>-|x7*m>B~+Pw!{Bdyk6(>F{BxX=q=*Ev2DDSn>0 ze9fKX@Sj$XjBAj11sQCM?)_#6Ck1$(1IYC7x&@_Ja1%ZC))q;0GV-1)plv%UGW4g2 z%|X=a*yLpy;3F=-BLT(eyzW>q7f>2OmD~xDx~O9{=GW6(8vBqeD@kc3Y6piJwv$O`95Wb-`9?oP7M)h7V~$g@pVU2&_}VNqxad0Fs<^lrQTBySM2@yly` zoLG^#lX${B22xSrHDB!8Lx7e!%$`){i+wVnnK&OpbaVgDK1CWj$Ha=nagIUfnQ?ih zjaJ|RZF5v>{mSYRKdHO31+zeC=PpMJ&$t8?O+4*Pn!Xzh{z?fpIO#9YifD(wq{cbPrgqcc|e_6qo>KBsV`*W6Q)u!yqnh6|MI%iXRa9M+%lYPY`e!72citB zB4;PNmW_A`bQ|cty~57_DtfdpU!sbVCV()rh8KwQFv$IhGfN89cXl?~(D#Q{uhXeW zix>pORF%tNdz5^<#A!a7)qhz{`a@nNxk8XX5Xt#OPeSRx2KHV+z$JWe+YY0rL5F)Z zVlZ9jg7{NoE>Dj*y?}md$_UXMU}D4sCw3LK6jD=E2PGNY-CjT^NmX;u*DUk13dhh) zjdS{$YHGsCCcIV^id1QRT|Q^{4SwO4U+G)h9P2?mS=4)e5r5PiU8$8^v17KkqXovb{WCOgS!lwF=~PH^e+C8-j_X z)5bVKlfP_=CP90B2++{R?0mq+BkSwPm%9RCd;@s~2)(o%{!;vly5KPkyweJQYXzpj z18|BdJG#|Tfjy3ga0hE zz_I_qu8*NS{pnH2fn2b&Y8KE5Xj-jPMOx+Te(|786vOLsY=c5|GT-OIal2x)BVdL0 z?UV^njzT$D56R)H!;Ch_5mX<|l?d8y`(g+nAP!~O(o{#}wwtOH$sxx;c)3L}u5kLl z#r5cSE9J0*a{@inT8#o0lIaD>6@CCeP0#^gti5`f_aB@E?Er$s4Gst6w!^4P3Lq?{ zg8sv}8iurQ{B?Jt=+9M!ne@u$q3urbPiEm74X;ttEd-&BuaSeMVX~S4Pe&rr;vKkG zRY4FeYb;480U-&{157tQKh81U?SZXe=F2!=>hE$aTQmVeHGUL0zWkQlHYwc2eweVE zah^ZX;&RZQoasD3X>&);FgMQ&LgM(VeY`@@wlT_QfXmHPdx}5bqIX^IJjQ1Lef7x z{=4jxP?{}JW|jgN6D6bQBKv6ywk0sLmE5K#O)TC=ir7x8@QV@Z3uujDKp3$(zu1)v zR-rAG{o)5wIg&PDz(DSn=xYo9^?fM4wd$}1HI*w4w{*f%0;4lxm^i>Jw={(_|7dLbd`WHPi5~k;bf_Ypsb03kX|s zsBsI{>({pv(x4$B6__S>w02$|qoykd`~|Bi_?Gmei>OvLcyzMFZ-cKA9u|_0m|jrAEVb)8_=SBFlS`lai$Y<&|~? zTnb2QzFZwv&YyzXT*5OYwp-X+=EuCny)C#{*&``syNY2N13>@BfB{vi6jrNI)={2k zJWcC9G#-6Y@jXl+Jd9q=Q13&mMM5Zg9e0Jga4^v)vrwj|5;PNtAV-X0K0Ev~2T^|C zgs7AH&>iYh1jhJ>AW86MtU%Wj_PmeuFdfEOp~|BZdHu0ANAi4B&o|L>WU`E=wS6d^ z>i|J>x(Py9{gA}pHSns zY=Vrfe|s_&Ryv8Q2%Rv0Cxr*?9duPKDz3yOiZDjk)`66Nt-llw;zxH}&tGR3aR#N) z6Vrmh3-;^qu2>)klp?^I^rO7rUOw6}}0D@`BT8?}xr9$BVnhMcv4#HuZn4s2e zBg&+1WnxGb_aoaNJ7%1fF^C8(cYTQOB6=4J(c50BW=VY(2i%&u-fYk$`x-3Rp@wM( zK8W)M?e&!K7ZEQ-So=gboYNwQXhqn<6NR-snA39)&q^m$6&NaxJ6y8=i)>a^$rb-) zbaf@$Ga-8^3b0TB2cGL2eIRLKC4|h4M?Bm{&w=PP9O|*1!iy3udm|tDis^*H?KkBz z)ZFU$w>5sQL4=w1t>d{w+zqN9`=P{D&2lDH^;`=Vr({MWLQPOcup+8?2F1T-MbVVV zJ&U@;iven?W`g=7mpsODVg#aZv% zOq>``(cMf@62Y33KP;Ygj#}s`R`_#F*r#>g?i3n~ees7bMAa`VH>@fLXyndU%dXm9 zi@>-4gBdba4_GKRcmIi-A=|FXF7e8A)EwHw;4B3M9Iadk4FbuC>Kh68qEb+FqFmet z2i=7Kc@+Mx7i%ODfWxa5GjsrY3V!1yXWhwIu^wGdxuilKbs&3N%)|iw)b#8^3c2Hn zlirkB*VM*o==;X<18s z2K(ob2xg{JBie7fcJE7MeiuS$I@BZPP{w8=Ik%NyLk|)^tkdO}+ofvaMY|P{HK}yq z5b(;IovHa^!nnC#qmj;4H~+#O=sZV4s%rc-arMI&dn@PHtw<(u@7){P7kIzP6|D{Y zcUmwf4=5jdLVPFsj~kH0QR1g`r1;{Bep;7_*g`WbQ=xs%BWY$-qNmD^?(Q3-5WWf_ zvxmhcvUJ`WpcY{*jzSq|VeZr_mvVBK%lXD%l%$q6YLN2WVjUM7T_SnjC`3{KqFX$4c<3;0LpzKy*w8{LJ;Qeic zKS{-c3_?;SmCGLmDe`BqSuv==uHNZ&Prb!o0=?y7f+I#Sx-G9L?=Fv(@UruS0KUmm zant$q_yhc)JN?aEVwo=Z8NZL-xul5@mYqsMeaUu?DI*B!^zmkcY}sEs@rD6+AhXP3Od95U#s&8yTM+zw|6+{ z*P$GB)Y0cK*EeJS++sKaNnm06AP#xE5F850^XfL#Ri?(I=!;W8+6cCAnfJzpxlKt) zu-LRBWkrT9T3ZQkH7>p~l6Y%SNnKsC?mjpr1~9LS38JkT_R z&+NCg`PhqvqqHB2GYkyqgG8S5fZGDh!9MEeXW^zz&bsl zBA#m!$;(EZtPUXKj#Tut-ou$`RDxw+JdS|}^^2Y=FNU9hCdn~8K{?HO-=M*|c$q(` z%hf{lk2LYnq-`Dix}tN$#h#vMAkD)f-*cB&NTOPOC%7V?H-(*P{(B~_2A@&acF`xT z1OSkDkx}?m6fTXy72_K$OIZwC*X>)JiwVRwS038%X+1;{R1|o8TYHJ4=3b}8g>Q<@ zw{|LSg}^L#7B+b7)NVIy3nE{Y=xO1WYm`c*iC`7%}7RXxSjt9B|WFe<0*TG{T%#xX`(XfsLcN@-=jw5nPAqDWaJxV{pu zV||P=TCCWKCv<{$!HNg2Z4wQfbYfXTH!qOCxt{f>pvbG3MrT!KYADZ2%4;KJjKxY& zx9e##?3@#I1#9p93e^A8T_HOtH>68+Z2peWar%#v8h;8%-WduDNkB((q?3 z*67W?FmoFx{?>6pZKW&?epox;x#1X7B0m-@34e=7`=DTDF&2`&IxQi<+&c=d4~~N} z%0Ec@!vssf$MFMDT@+n$eW=`$C{2p_b}e13A`xdK{}zN4zWk89g&oIYi4)|^BPZrH zQxsDPzRxAcB0c+6i^geDp`Z;MsnK+`kA?TY&R5eWC3AFxHRD@qAr?7m`7qydW@p!(b&IpM&~1>3D|xmTi5qPLN?)}vzqo5!Vz3WE^XDY&7a&Svn9><9;FPzrQVIQtE_ z1MFw-=T`0Gde$EgIEOAEr_8*R6$R3Pa!sg&{ALsng*mHR&$x9voaUS~7@IVT@OXG=Uy;ESP}sib3Rms{8s^Xuu6)Di@6_OUz_ zb1WCT3vp<`)OL4rx~!TPASS1g6vuLg9q#7DUtz!(V86+M*m?#&#Ex=d6Z%VloGHfR znd#oT;h=>m4%QgfR>o#+#AM2%IZ-XZxzqK|v{LLCj2+0MGIsba|usU2@0W!S{%)Dpz>DP+5^*z?YFC z$Gx|VLT?x4o(UG!+DR1O@Zxm&!b=@!gKb02@b5g9RCyt2$#l?16)0>Ka~m12iAz;W zqiIN9>25@C^7m$af4Xr2^_{jcySN9@r2iG$BIyO%pxv~siM$S1IW2T}VP(U)6xr}Y ztRl5YV=0O)J#X6Vn(kPiD0R8h#|8P#B@q9!3viT?0n7Y`O3=&L3M)FLd|--RynJpz z*96h$2+*6iJ>7vsVSu33P&tX}V@Wt>Qq82K0cb#+DRy@6bT4YeI%QPt>3BMrxcZ*Ra7}|iVn?az(aqR7GPX9 z1!_K{Ed+m1&hX1Sbr;(R3*qcGM1D|S|6KVwR9RnB3N*QeKv1nf zBT$3Qtz<2}G`aT0QfWJ=rj!76A*}$mMmZT@ckq=xLQd?4dkCsQmIn`R8pjkP!P}3W z0&NBxcQ_8>-)UauC^TkpqN9!)xBC9=XzV7pC68-Y(bF_-V>X~$SW3ylNaUg<{k!>n z3?tph^4J{)o3jb7O@Jsm&a^3vjAfolBMXquE~d07Oe-O>I?4 z_o(9ZgE%>lKHhRyFBVTi$7?hQ-K(r`kN49m-}s-ru%U2=TMVTO_nDXn>bzLvJH2l4 z;q<0kx);>+^~uv#72q24%Nr9*QY>BpO?@*9flQ^&=oJu8gOV}jf>>_ub=K;0{V9up zBo~%{ROt>@C96a>9?RN+xX>py5OzHzal?|61+Bqe-RUd=0m4RD<6aoVB=+h(f46*` zc%eO(BzImHP(||0oFQ&h|m75D&($?rwU!&9>R=1HEOFkAE-A(-WL_B^E=_F1b&(HadpZId)vrv*3YIXVsr zx$PCXUNeOWKi{I5CzWDsP>=;RnNGf12bOQzkGYXUuPm0RP;|mtD|V{X;tmHWp7m@8 zb`bH6GCbMS;A5aCyK^@Dmthv~e*8keV!SpM-`|EW{*J7$qE^RRcok!|oB5NsaUtMo zM>=-BjkkBA@wA3<2`;A1T(1VB{D7uRw@;=njI(jTzZK#hBIIcPTkI|65N5R0ZTU6j zb5Udz$Y0oXb)nC>0l7_OMHifyuhU^_&BDtnW!Sq=-&Q%ad20oJSXmp1*Qd%?i6p+YNSZi`-hrH$*7VUas$ihnnSC9yw^Os1HucYabw;Km%$|%0o-s%AF`GYqCrMs-yYI?h>JnEAOa#tPIhKja%D% zoalzU(d_9W3(Q6K-O3)ND0-YTLYXTk+2mQl5vFj|=qz`r;KB(bS1r?&Kvr<0vNj!+ z!{t{;j_LwCeUNEDC7ezF-n_0#frG0#BVCRPv*DoGs(?+1w#>#ORGpoa33vsqk%<;A z+SKBa@LBTo&I~tG4M+R=mA2Pj&BYK5ZZ1)Ry(~ylDNNW<>3IYLF1iWb zlkI18l!Vfh#T=DhHZ1Y-!Aao}tr$Oyh44{pb^$RKd@Kvm-d-Af)SsbhK05?kAFO4y zH={vCnDcHFKy8lPMFH$5fMD28DSX@>Mjz%%3!C32YZ_~UAz>o16xJ)M_f{5 zI`%(_=A?b71LG5H5sqeG6LIj+dkjCinnEZudNmD4xx}^@zUbeU=NMKr&+k(o|N34_ zK5@wy#->wyX~=csp4+(9sZJQFP%^KQTXhVIzcY)sG!}Y9({%;@u2ysgM*LV(I{;xb1K4p;7wz~*REU63zA`{a z#UtpULR7!mELO_}I5-ei9rVmS-~HhB^341nEJoGIXVAW+1aHn|Z^$?y0m^WMs6WX# zARg?|rw)UI4c<1Aq!fgBew z^L@(SuK&eX>nHigPex9qV?PU$1r8-4N>-?-y7(LGx1PLs zMxj&Q)PadtNJ@oAr&}rdiBr734cRz6h{jxl`3keS9!PFkDPy@0jf)JlE=_t6C416s z+A>KloA|aAbNjAiJ#+uxwSYo}%6^|d0$6%YjsAKrm}zUTs|NaFD*jjCHRG?G0Rmfw zt!d(oSQ)^rMk6)H`%MQgzgGEs*)iPAzQt=RXQ_^bZeDYCqxg}%9GDDw3_2((1uy3X zO6Bxy0olnDRr!xyP4#(G6gk`JjL;3nC}O`yC6LMvrFm7X2Yr(?fh7aS!!PUvX!s34`EK6S_94Jd)qjB7&xJVwx~+OQ7EtfIF9cKM7!+5@t%q&3)_9C>P0vjN3?_M=DM zC5DV+oBz*l^g3J-^I=u=>T(vkzavbaSoXO0rvC%%Kw5L|NASg3&kiqtiSDXSf=kHU z__ycDk^ykvJo+^K?;Q38%6AqBE35yP@-oOVW{;zf%#$+hpooq{ShT(v!~rIRi;;kL z(|ul`pYLZfK4@!rxkXNd!^vU$Ca?MK%Y(DcPZ&u>`~8(QLEIgkai|Lm?I9t1p&}uD zNV5~_yyGEY4OJw7&(c@x4BmC<*gO-lwh4+Kj$&{nF%R1H(?aO$2>C!Uk;wNkw80hdJaRwc}&^sA9%fq=!h+_Xq1n zA3l5)XT_Q&@GKH9$qocku129Qa<31;4z;_U?n$qUoQMI-`^l6dblp&YsmXR_;?iCA z%PMnYoqnMy?NYIcCH-b3k*@aTyrPecR8P}zR$qtweEl3<@N4Uu>bA#(uF!Rs+ZQtp z%wBURgR04vo32-fmJg$Eu#w`P9ufQePmEjwN_w(zj5W^x1sB7uS-w~1rn{ci4Of+A zm4TQ-&!|*gJyF;Vs~caI!Q$~LcQC1Mlc9?JOr8E|ygZjNmdY*iGG8@SA`?_^5N9z> zKbG6C$aF3nN(EBngMg5gP|xon=2>$`<6D)-rAy=&ifyt8wy3(;VkER#6Y`aA4J%jB zD~>{LS~jt)l~*+HjxuvZk!ALDOen*(69hhq5U9{^L*I-2P0357_2IdofrM~@;p*kv zGeDpvV(w%czxujIG<%T|wT$}y%SG?6XY)W`fW>8`@HtODczPAZ zdqiw^k?-R%pG4n5WLE}U-xNSv6)$(opn`ow-JiMI3TGv>1as`VkSphLB{e5%H=vFQ zIl=z2h1$3V&Nq8QA%ElJ+7qlMj`(eu9RqWDy3sRJ@5xRPMz| z5wM2~CoQhT7!m>Vyeiu$0+lQfua?&B||@M<{OZTs0?%N8dlxDLtu zCKI|kYO~ILfcsdwxWg3CTrT%SuyzZws{@oL%F| zX=rFMJH)SJ+HeUvo!xoqiT;fa(gMVmXI>=^@x0zs9+ramlb!Wp+u##YuIk~?FlTf8BYFpn%^h5;`AYWFQmZv z!2GS!vH!NpVH9xY;StB?W#i+q{x#ATKOT5UD;Z|aBB*u*&oEI6nE$4d@Z3d3k#QZQ zKZ`&#)GUPr7utEO$DG7eCF+eSd@A`qJ8`UCP<*w6BTp&9w#*=656ZH1+-0k?Li&)# zIgu+J#*}>5DK-bEOf{Ii!|uf4Dxmt1EC<%dC7J&&8dn7*rQt%OZRf%NFmFNFhud$Q z#0ZOw`k$+hU@S(k4$ve14Z=BkR{7fGc`JE6`Wy6~;0uFcD6qDO&vB=~it9-h_-zRN z&E;(zxWlb6<}wzpNA<~k!q+Rq73UD(&EoPE?e$T6b9)a*O~X8KI@-K5uwmZ}?N*zH zNK7ASUpT!GC~kR3{87mx79xQ$PtraFM>9G;>V{yRf`C^5ZLCBGOFEr82{OZf0~~e& z?1*s-6GR;|q{@Dkd2-~wdq2t!?8LCO{VH?jD#hR8-W0@e&1KRg@iBHEzBW2W>NJ^!%ge@S@+%FJedcNOoM z-K6rNVxqbL$+3()^YT)J4{}F81daUbg13qhXg%AQ*MxDP{hTa1b&`qj8l~&id;kp3 z@Wbv1%b_R~xXd9%x12JxP>XwQkCKK&DyXdRVf|vS+$InygN#(gvpD>WZ1zW^kA;OLm*;Zp!iE&)=CX9f?OL7X~pHEhPO0vfk} z7}js8=KPD*8z{8=S_ z5>Tvi5mS}&Udgp<+?E2piqO6CYx*-HTveZT#M<2IQANua5T~$G=|P1i_`LVmN_aMr zxVafw>(!otiO+(uw134#on*2#9c^No+#!YxR^6A8Oi~MBMF|shk0FdRr(wvu zjAA6DL-))66a&o%LFN=U=Jjg91iTP>VdWhbu8pslc4R9mYt_(=_=pLloM8Oy-qkTZ zia1DmXtwp*H$t}!fmV>hS3>Xa$~9vhkuPEU*>drPiWi>+b#*_kQhe_Lf@4hTxQhQe zQ0~h%=zY5hTv$e_WOEp8L<3tfY>b*+Z?~k@c66t^;ovDS2oOJ5BCvWPL`WMf`>se)j`B+KW@mcPzDZWdxS}?RI?oEh5gY%MF zAt2CpZW}#J=seMJgO6+ypHWQAxx$Z=7&D?ZSv`{q?@1$wP(~Q3p(taptw&xy7aLYu z!(X-WNjjQMDi&o?PttMN_>$VXq=GP1P?q6xfz_PdP0z`FXJIJBtfxZuoa({NEIQ|4 zDcC!w@e zpXbH{la0(M(l{ZZ7p9E!vFwQ>p+6S53urix*N;98F4#)*N zI!P>SvkIUeu+RD3%E!x-UykG+eBHZ0y#+&iGu8&&8t~{Je7z7f+5w_BN3mDL4dQh- zipn6AYy7WUf0O*Jf@zj_cIYq)?=UE~xf`-(BViXHD<<}a0p-Kft%L%^F#zh0gq)c@Ap`&j4#8m3 z6eMK>%NaFNQ(rrIiUQ;k6+LG97X(m%y9=MsUk?(EpvCZ1?rR*oHM;y|)P~D)>g_`- zw_uIb2JwehuzVX^hzdv6x$z(0sXN<3>6dCd-{o|t_Q!eC%5AeE%7 zgBj2Nl6i4fG}w5@sKvBYwC6W~ABGQ|UWIiVsX@0&IPRq}s2s~yK5;iD@&ARe%geO0Ex7GBwpOXaO5+?-~~^*(ivqcc`q$(l<$X4#bT zfJ>e6EFBKr|8Z?JU~r|li~4!bf2?Hq?J=--JW0vD*A5ygYD^k~?8DBPLB%X%Tk7nJ zu~OLM61ZdaWWg&86k+y?5uOQ#4JVbdNX@!doQ>+Eu_PZGo8_82On zU(SkAya?d(YW_G;2_qjkEg%%H?S5g4_{^lRX;{xa%{H)y#choVf}qA_#Cuwvr)v*s zI%nGHB5JFEwKd0r%F-Da|5K~{SmA%F0G0FA1L)PtQ%ht+W=LoNCWwSXsj0r5-lQz! z2`<)uva+ZO73#p)?Ge|C*wbS*e_KAzLVcOEt{fLsgb{b~5PQ##68x!=BG$E}mVknQ z6wG{AYhUn$@3Q=F_l-;YaeD^P)~o7>x5}(eca0R}-c(lcgTvAUw;}aV;$M8soT_5J zt39VDcYqXUfEhY`Bof!O?G|r^zqH$WA~YF=`u4NhP?E50rWyCd`jpHc$BWK_4qz?d zTcj+uLaZMIq{W=j8FT-R3&9cY1M;wdp#m}hQqTj7+jiw|k7J<9?1;Fhj03_iP|N4+ zVnM3-%Z&t&q#88apW}VsB?UYZ_$5qVo>HSoh^C z>nC|W=2GkKg?G09lqLRlowAhd_Qwc?Q5-`PB$eB=gy57gZ3nwacfYV;{}nB*5&HDM z23;!}ezRq7@0@#cI6MLw50@%b95(-E^nueR~6p%5S&0#+s9l87)X z$-#%#sxj%!Dw>_&r7d2pH6L?u_gW#`B3}x#w|K!Wq4d=1_Z&+M`(V$(@1mM(dC)JZ zY)=iuOOxjrPEJomH7&LZ^ZLeTWMuZuMVgYhgg=&p(>AG*V=0z!P_}NcI32(03a;&@%rA3H{u!3?5B!)=3(9CHH2= zJQswW*@%q1xG36J!FZz`B2peA@Ob=NNvciURv~LyjNe!D_S*tUP={)qz%nF0`Uyi! zJtEPl9$EkF75tm|tX9dC6Nd^t!eSm7W!EEbr$gs}G$Pzf)IZ6@y-6gNqh3XyG1!LB ztU6YQ%CE7(ac?5$c*bIJ2^DwMS8s;Uv0?@T3FRFnx9jp?Gp7cE_Em3LgLpX`U+%!} zy-!`?kv>{XDZadmhY=-4xSI3J5B}shI9IzMJaUm@l|5?ILX?qG>SQ0jjI_0e?l0!) zibt%2UR@CqrsVs#wUU+puA!?ng+IVE1W|9o%sip-w~j~^C@?uZ?Czb({LFnQe1}I+ zWYv@Oe1#y_B`4`+)v*3R;Aqy^4*x9}Na4ge$Ol^z0eDM_ zM-|7pR59WpBNPg=Dpy?`#pF{jat;G~ntn91RtOvyjaav#$w?jz9>#m}?xc)!xdv^y6iEc_R`*H5n|&_a`%FKP%@BDfEj~k zd!b2dKgLR5i5W)>Bx*pZ#oLDOX=*PrNfd|eU*}fqB;w4Ox!1$9Q}w_ps8w0NOvHQE z5UCcPe7<;|{NkyE^&TlmQ>M=44b7dorHoj%mT+%+pY7!nLphs zM)ZO$*o6;0qFhZ$hx@s(R=BCb;OrB^X1cDj(Nt*EGfT~5h1`p2Lh%}3U;#Zt8|Bvk z<-0I)7D%vEhWE#R7C5gMzIE$)QvvO=QJ-x{tq{Gq9TzaT=Ka}CNXJ~|nXhP7Ia*we zBxE9#kO0K?%y%ny{e5d250nh!RX5KI`(>M{1_utuXPs_+O#Bq`R?fp*miT=xGq91< z4YoOl$kK4Po1+EzK37ilRbZBxhG0qmv2nG}Gx*!K=%W`}lfMSiA|Clg1C{5o z0$#5LFej(ANssYRSU!$l^ z4VUoG&l06-dEF$t{R;l%av>6Gj1 z7;u`Kk^kNiNJ^H~^N(_-+DKBqWPY(TFMCLo&Eo&YmbwF#1!=xFLALYD2@rl`LiQOw zH?e4K{UPet7_7TB(*p{x82n40r{knmSyicjX8p1t9K!*Vj3BC?Qv_vhI!>a$*Fhk4dBbBbR<8r>BOi%)W|^NM&TsIamFsKuA%OK5bWpca-N| z7zmRFjWODj@w0fEM`*b?SHqxxaV0(pj*Qw>V(*p;KD{7l0q+J1Z{H!BB?2qX zdaR0;$WdWfiH&bGkV0{{!ix@_-O81>W$Gqg0z^~dHi?EvE!2yURC6LT|fxU`_q(Y6cfXKK%OY9reyvN!61 z7M=2obIILu_&ZweLoLBEw}fX`eR{cGbD`FL435kZ77!sl<5d7(2u zx3>ul|H91IBzO-CIVd8g7{-pv5?Pa=@0v3>-wzv;r$W^6olkh9<=8#>#7BoAOn6>+ z*nko^8jdX>z4hjH3@L9|1T57UsY`34ZxQ!6~#cUVP)3u4k55cT%v@#@ySpS;#To^TF2+07X zx=81El3wvV=Cf1LtKCfYIk1G!BG)i|GCxl zrX_|uLNjHrP7*9B41-E-9K zCI7ahZJ6FPj@;F(m_kM}5dy2Y7~jy5woe`6?u1bYIAYYjoH|Dfe&d1~_1julL_$T3 zzj{W(PK4qFjR85oQgyqKw041{9HC{QifmMfqp< zwd6`N_gsC*n9W7Ba^Umx2KQPzvE*gRXrzap3hy8l768)(a6e@=#t(10)PdMi&BdeT z9bkt=@qTP9Tv%)0MHa(G*oo$)oF(8(s~5Vm(_0@r&>hVoEYIhD{BTzTyJ--N@qmSh z=CZsN7ho7~ft;i0-WIDJ_m5J-94TEed`>xiCnXE*M%D?vlTv$Eta?LPid9?atIsl1 zpnG>E5XQ`$=H{%_CZ=#3sdDtm9bZn+kxn%xPdzLQ9apcxXCylmids-f7pxrG!aj>+ zTkaZuSzPQq{MS3D64NNc%X}}yeLh|vm4_6(Y|u|rc8rVo2r(EeipiO%=u^Jb1Y#X~ z=?jWPy^grYwa*4JOCv7xLfH6)@*mYY zLSqh%rDfl=f`&9YG8?Pynog$Bm&p_lGZqjQu{7C*_0|XfA39 z+-kM$>%M!iZ^&=hriVxY+34v}+KSh2vaK{k*~&m)XT{I|&iNq+I&kImr?|AL<>SMg zk1*9wb^Hb{B*j|WO#LK-2#u1Tme>D^41??gl>= z5B@6O(P|O>kzceY;gQy>L3@wNwNa~rjmQPXSQtpA{SHx0X2EZ_1`81ZM9(lLcI8`G z3!yVZRuyPSg%qoyrim6}P#Ig$iKCkz{Z+2VYo99YYPL2$-Q2vQBS!jM1nD}sO>5TJ zAQCg$&N{)S@%cP>K1pXq5&XuW=8IQtY`)b7V_Nz7t^%C26*Yka46@mJ%FNl6XgIzz z)UbhojuW3^IfdES=p`&aV+e}2qd9VZxvDdZ#O7MVID$_3Ax$hW4Q=rT1w-UAg5&srY;Opu z#_6?6LsbFu-;O8XsiUw8f+$c1@^b`@-h&qC>x=2Bo-$~^M^b?|rQT6e`!!Qy3mR=B zO=a;hrPtF3Wu|NhgBbNob)6V{PLzoQD~ay3waQmFwbAb)0d5f}m?abrJ~$qlZ7elq z1khN~16Vr*K8>M+l~N%7gK2nw!7agNCKNR^KRq7nwA7dZAB!~Y`Vfv`ZG2s3>D#;y zAs6&(*n)2D+VhLJ@}Np-S*yk;DmqT86&U3Tkc{AD%uW1_zm0`}U7olCOlX5paS1mx z@n8Wl=9Ag70mX9B@vN@{&;{}RlF+lmrC{o9Dyp;A^0H3u;T~m`Goo~(BhaSNH-olIuw&=%q#E!aaKro^m|uIKa#H88T32a> zyJv?XqVljx%9yDX(#dLwzhU@{A6P+iZQt{rX1qU$2RSi^s3C50a}xpRgob zF%vu>OD;@1FIO`}|DYuX?5u$fBvD}b=9eiJ9bgHIg2^VmfFZ;)sH$h_9Z zN3BrZBAs_tXjwhvBNd$%!dDxY3-;RMn5Zvh)6}SF$SQ2*Ly+m%R*@93uV5?(MoT&b z&P?~usXMeG{pWV6@3NZQgh6h@YS&NYNdj$2Ea5a;wV==MoJN&nbHcZu!EZTJSO#Kj z7N2NBgLBbk41-y{SD1A1Z1)1??(;WDB;`vqJQwpmKl~!lhmw2fjKH?*LTIU_m{}`B z!Jh-?&3d{Do|v+EO?+_#JJ9C2@KVvlFl=W)N;1$N0`}KrijN!D-)7WpMDnU5d06A? z+L$XCaz+2R^bB8-vOpf?N}-?Uy$QeXyJAC5PUslWieWw5 z@1tpCqF#CV{u1AF8PM~%ehfod;XLqVC8JNQR234H*uA1oT?Yxn)%*pQ#e~q)GgSXD zT*Vo(oW@{0cx@fiAP>aIp?7(4S7apq>phN}@-^ART2H!XncrWI<`9=RE~a*Y&9X|6 z4-3Ig*WG}w?{inW5a9I~{v?#5n|m3VBvIkbbo&AM57Z5wr zIO6A`2#z&Z(``OD%#7{l2i`;0zXCGgLRc6zRl_?63;HYLmS4-GBUzv#VtpF%%@xli zfIYWoQzD&d-}Q|4fSbusd}8tQzvmQnIwYmt{J?f;5hu@|gp*IM;c|&AgQpFo-m)`S z$o$1>Wptklo+W9)07^i$zvJSo=PLSo-=UECZU&%*ISW$7C6M-?OQoG+lf$<~wFQ4f zb55G3`Eq(=HJeo^%gGRDAR?06UE(fixK~-q1ETS+jSm(OQ`8BJLtJY%oQKBn7yZRN zN$c3%?XNfLnu8LIvV2s&@9rJOUoRl;+Nyc(ZpYfHLxoiM^j6aI3=L;BksV9q6ZW$- z-gy&edtO|KH*yM}$hu>o(Xa7I1xBGD+5z_CyzT8cBTC#MR#5CJH@~U>S++I%eNng$B$H2NvMEeTnq?zG&Px-^m}1487-0pHZ^zjauMjOKkXuTqMo?u$RT zJL9e>^O06t&|gWff<4R=mR6)cuJ;GAF(mzrAm7i#DO3I;P%Rgfr>Gy4)5C5tam zrQZgtMCfB6ZFbR#o;nklG>%n2kyYciVRM{^!2zQ}|FUA6F;Let9RDf!H* zMbYqPhLr13{q#dX=cRT>gn_5BcZH(+-?$f!dixF6h64IZ_nFFF$Ar*^@~M zx+*~{T}M-nQZRImeE0&|7AS59=A$hQ{(}?GcCG&ATZOHt-)Jc4=>~dgk>C!|^qZ7< z&SZNHS+scI2Vy$tY=NJ>+VBWom5ELe)HioxkFJx2FzdnVs2qn|f2RXD0`)~^FwEI6 zD@~+Ep0%2Q;*g@cN~1`ixYBFQNCg*pUB7{p&+ zxGL(IRFKrxU>b0G5LIn`nrHSRYGf@*Y@Nm8?wY~v_h)KtF6&oQZa%|QX?BZqG8nfj z2xE0>G*@Ku%201^{#qfbq@*1_>-CckQ2e-RQa2e?V9%g@Dv3|@Ci*4-;}MBq?RBuG z%gvNm->6JJ(_e9XRdr+nM?IJ%#ebQZ{@Ce>D3+}&Obzem;j~)im~bA^s4K(Y%d7!B zdQ03(172hBl#)uvOKM}Dp$reUV7c+4&Ks=ZLinswyY_Vl%DHJOdDvL=pKmSx^8g9A zZ!i2&hTui@mERyZEG3luP*Omj@TZU7)nPZ<;oq+78g@gqNa-#^-1ki$+{||5gZ)fE zwyU&G{T>gJnC}w+tQX%v9IoBT=bZ8!s9BbSw*_+T4jsa4X^ALcv+04(|20g)%Auz9 z#lE5&WwYiwgBQ|iR6KX5y5y$skk*V?$Gw@!h53MmM3n|P`yM{8lBuHa^5&Dvp{FVR zgJZ9*cm$jU14c6O={?4ik(M*pAC>Krvods=Z-=F3&ewu2{5I-ng+H{)%~ahN*x1KO zkm2j+Msf@E%$PuZ21R~hX3MX(O30C=-+B?}96xkL8KLQZ*4fZ%zn4T`I(cno&Vdje zKBvUzWcF@wu9wkPjh5y1(s_-#&|(WUtGwLlw3&>S)l) z0A>Yh#@7_E_FO8dg>Qy}(#ok}YHQLD2otBNKRZ;ag>E8Ss>IW2ipPtPIkjh2HXt&* zx*DU5bLz`bD}JSB{$R>yQxou=v6fNUhs|aWxTsoR)dCQPMAHfgVofG)iV6>ckL>u8 znkM5}gR@EB^!?v)h|jmktz>Pg9QeCV2HF@`s_qd~xVZ{FJXdvgo5^214$XX<*P~cK z*!cd$4UmXvOY0f`j&$37Cnk`6hJ<|4F@2hUb z*ju&Lp~q%$0P!4R(^hs6VppXYuH;4oFWOXpbvM+Qjp^(RP)M1AVfrsEMfdL=a|{Pyd+Ii^@0( zQCvCoaF*+a3TF^+2U5dJZ^8>-UrliJ#Q+vgn^b_zq!_2 zB#Xzq~p%imz`p6pl7qpt*RLiH2 z9;Mpo6y`e(SGXjcEDLa%!mOj1#*Eb4e8H*~6fFWdK9<5Vj^+P&#G)Z-w)}=b)pUp4isDAgAgtHB6uFEm zE!#gG$^4K?*!bWFJ~-b(qwzy4dr;(!7fIhWtDaeSzZ3u5f*3V*&-ez1vTfHhV<#^{ z0e3*FBeO?=$)Pk7Tk)PW5%%hE;%HJ@H*h7is~fh7j-7uR4cZBgv>|C+o@n`P_^T4D zLw(tqFr*0cqC1J962g2Aw@nOZYtsaGSh=j%D8f;Wng7AzxMIPwKs84>3}=6p+RB5< zF;pi?#VLM7>1~7dy%O+;D35kXR3rM!xk}x{jryYIf6vBpo!%qAG^p3CM z7pE4ZUfcvK16$X#o@})9rGvB&$C^oRZ#Z%Q*}>2hb|#btQ;_#Em;Sl(U!@z!rttoZ zGk2XIAMVQ-o=2`lMc`S3q!%md1flF*)NJXYp7R@8sYpVLkw=cKU=B4%E8`}tezJ_| zd;tfzQ1^22h$B-sy}d7s_N4HH(nf$uQUw}DM{TG@{%8e+T=A0*{|!xV`Z^W=5a2dm zaz`jwFVu%HRY^{}F(~8=wCR#^C+JQT;bci{)&|KAeW4@Dqky=mJFKGz!jkTWXugZQ zdbJH>2a}!b1fae2!_8KR=sBxQkjbAcr_?@W3ph*1eQHEB%5V{9d3*8Jo3xt78}m<` z61+mTS-h0Y)8O)IZOut$x!Ct_GP#T}tE22*B5;Lk6%rt|be~3}gFX5b=c-GyE}PnL z&a_g=$|*}&j|Y1sIGT+kHH`*ZX%2u6J(U_&zuc4`fs0@k6K}uH+!maY2!eLueYqeF zrv`FNk=VTX=fJ`e?7bEHwEiUsvr-+0<#DeID4$EqxVm;M4XV0;7yQY~q-nY_1IDEI z;{j#Nv(J$5t4DNliBmKNd_>;^l58|bY93N_x(YLBTaZ4CVx=5MvpZv=twPF{SdRM0 z$YYBe`4%wTq>K0!C7e>etLZ0mA7aNX;Jn?3sG$EU{)#`r)RTUw-GuS}l09svxy5U$ zHBK)*41?O+!r7~U4aZz>`B)+Kv%DqoLfFng^Ua+#Qsn6g2{fn3d)lsY1D?TBB_FEe z>uN(kW2*mw^LRFkgziT6l9dQX-a@-09r@?^(Z z`1=0jJ|*}vW5*~E4TbKyM?O%i`>;#QR*$>p&+f{>K?*aLeDp1?Eu~sUCLpppT#cnm zN3M3B)Qv^jHbt}rgimNdNu%ZK*nclGDy6^3LRRd@Ym<2tiz-J5&^L4>8u>en9G!yeCI4wWv z=AsPlywj1`!FiqJ^Fu5ApNx>dxCp=d8e2k*MDN!a2shHVVcpCekRz2cRESm_KS43<^Ybh_bx%y%FJ>^+cdC zdP|b!1Cqwqdyv%x?u9F3m31x|SLo@>6wO$keUM8pye87R3;khQ(i_ zX^KpG>nPU<3@km}_1KjXg)S^QG_3$Tov&rss98uOg;8{W9!BIneavUL9UIDZNIm%{ z$$H#9FGC5Gv?tSn*@%RR7Cb>$n^5ABvHNTrptEW%Jzc)U_NrI&2QG*3w}z`+)al-1 z5E8oY)}^uZzV6F{kXTfSp-4VSvy0`7=D>Ppp;FH5-nx>=1ny--Ne1r4?1i6o?p^&abFKuL*r1;%iCVcOCBVFtmr z?YGE>)?&k1Jl1n1psX9Yp4sdZXW;37;b?b-GX%^y)GecoH#m#jdNQE#re#-hjDMBd zWdx*{Vy+a--gb)(+8w3=EiajrB1^d_Md(u zT)ZGrQTlQ1Q$JuOD;HqFcclbs-*$E2N!;xJCcw@$OFwU)mG=tt~U*2RgZ+u(`^S zyjGWEPCZb@S^CPf$4LuxzmU?_rn2*}K>^rIsO)4+R6?9RPLiFpS6(stDjgbDnaN<2 zg;o>`m6;m|duNM@?qh7QZ5mXQm_wOLC{_L(YunMDD2)DCnRDh`nIM9Dn_jHe60HPi(c8U%# z0N*o=ldlE{S#%**&L~8~7Wyy;{q&!Hd_-~S%fm5}%HYDHWj4@^?yT`Zx<_Jdtl|MM zqNX$)=GH#!2r58|p3a+v6UyPg+Zwjqf0tQQ<~6JHCaP#E z#xZ_4*&p*1e899!B=h_}mwiBg0{RX>0x&~VG&#yJy7YUgp0>AYns+a>_-O&@Yjb8&nB>_Thtp{S)aKxxxEhJE5{RAFPp4#)6a!Q? z0EE!ZI!126sxhFxp`*4BGN4E-0Vp06bSBQ|Zp_f%I;<>bykzJylE#Gg{cbbDESHcS zrA7H#44{~OV1F3*huJ8NqWAL)Nw%F2QeLQ&F9O_}atY*%0%#JN6!8<=y$V9;ZFi^l z1dVdNI3N;y4~1pMU*B4qfe0ZJ#dh1N`gpTZ&>KchrM#77N5a3&-qap55SCu?Pt&6~ ziz9dmppSpdvR`^_FQCqX>z&zkCyH{`mGTsDHnCHz)vqyasFmbc!lT$8WY`j#;Fi^G z^;vZBL&CKUP0ENO*;H^`kWC*!_5L|jVz;qN-Ao1C4~s9`%p6~sBfIylCS3I8VrXk? zPpbfb3^B&$BC3WQlQZ8r-t%>9c_4j6=d+XJSm8L3 zWX0?~2=yj3EAM15DK9;cMcc%_;g}@qg*l@Jk3tsE!-5?`|K^0fL9R zl$pW-TMsS=AO~OPH*x>03#TBHlTfAxu~?eE6PZygl)-wJ2z*fyktCEp@7U}qA!U$H za%&9n&AE)#MbUE8BY$UmJGngrtlbfNyR0!nw^*j%8I_b9m1UF(O5dWM^OL8js3G&` zxH^pdnPGm?>!<(V$(Qn8>vb)wmn`x^nq~L$-v6ItVL2829Fc7KwGzOUA_yT!!%0QY z@LQ%Gm&a5y7cX;VeA>s}wiMM;@teC!UhiaO_SiD$U@B+JS6>4yIcclnt7B?fbI8mf z@;oTAXj$lXL;bian^K6lWk6rzV2)#^g817T;o)ApHGw*5wD|0e3kxw4q*ky%6Iops zeE;`iWH=T_$B=MV*hh%TBL_izHBa5Xr&C6CsN=2Jt~^~n>f-Y~I=@td)ckEF%Df}w zvi3bJmtzVf6``cqxhU1?gBUN4r8u*M=)v?=A6AI&)ORP-i?UVYgV^eSgDU>!lNs|( zIHKYH>TrPkO5;&mcjx{nt4fyyk*#mlrUQ@@$uA z9IA!`V_v4FvT8e3gFB=aKaf)g7x_F}?eX2SAZJq_lVm=}w0UcdPMj7F?|(HfSKXz5 zEe4c@z!3Axp$|v#m*9Kyr-7`$93ExK)Gw_r^Ihdaq+q>AogMNz2fIFA%D0g(q!GfI zZ@Ve~ISxg>XDoH1Ym!0=c-yP82T~|8cVmI~Ya}ir@u0BwJJ?{1xydpAq#6GxsT@F~ zU4o`Z(2K=`|H)^Gx{xGaa29OkF|ItpA-g%P0Q`;T?w8}7^0z3wG)l*+1)R8d%UH0x z%cS|ejR~NXbos?nc(Id9dudUGzI3g%@#Yv&dwb-@%SpB^&7&ziQ#>MRk9&(_&G@Tm zB&>t8=PjSSNchqb!vl1dflZI};{EirYr`DC&VzLeLf6ORPw{|2@M}cjXO3gcudh?t zzc;*E8mUBsqSskC1^iW09)?z*|1*lpB*ptj^Sem9Y)xHed?1>juFCl%idF~=4|_@i zVFq;Aok3=r>Q`bX)Ol7bR{eeyP(wm(u0c?AiRmNr0#Z1kch$vIAJ{a~jGjYZa&G(c z`_1KTH@{N;z<1o(_7h7xoOOSwx2ui)6^D~G#?=W7VvRO~*)&k0L7kU*?;cbG6n zLXU#IZzzm#I`b~RkVOL}R(8~?Z%*Jta+qGv?IzrOFZHt;Lnq!(2U*Ed>m|tC=)Q@b z;gtdXl$h8}1kyX&;%hbi_JOZF6;6M`-eBeFQxX!ct);=(@)f+3JTaDNV%9`FyLCBD zpDDYMZ_rSGDbKk;N^)Rm#y%$A)3vfhtI%}`&@=6+76vQ!X$>+l?qQc!1){nvHm2LB zoEyvc`9V0t&hiQnBqhXlAHE&Q$qW#Y6w1p zkCE}@!Z)}X*}ZZJ4M+OD`+bIkO8^kX{%TtpTi$|&KrF)k3Cr`D6(93q5Pb@B5NL`u*3RDDTxJ?>K zxU0E^vwfA=G3An!8V_BhrYHd#b)#S_E&15kNoLHG8EF_R&OC`mUEiS3IUlZX=xRm= zaO2o12>aSS@n3(QyJlc=#%SpvtjjJg%y^Un1_Hi;G>YTP_xs`vTw*_iRndyZ9Za!8 z_GnrPkib~<21ToI535B0;yf>kNlCm3+4*qAV?VV##wJ;8>E36sXf$cQv7jh$OJ`PR zulM=CoBi`pRP7IXk|I0DTuEvViMC9+c4^xYvl@nZ5_IpPAtn4sTWQ`=I8qCl>4*@= ztMTq&7S2U7q0DMTNA}U&k^Q+YH5`S>KI3mcpSWCNb@3xD^o!i}k@-DTU=EHnPVNg8 zrJ@fD0ltC3zL?-grWBG&l1;1qRDk)$ZL0ZjrF4hRn_!srML`mRH72FELx{Q!x`JtA z9Ls_zY4pyA!!ak-1`Mp*@;TYzh7H_vYHL;=yu7yG%LhfFegVR!hAc)_*M zU~wd|kBL++I4tY>w*Md#Yb!OnNg-f~Fx!)#W0M!#c;HyXLx3GYU%B*~-1kmD>Za75 z6dt)2!cm=ue2Ms>#uyz?{z+bURf~pSY!{AqC@hISi&HG-$j}d_j>5H719SMi;{Eg{ zr{V0N_?v>0{)){sKw2ReV#1|61{5(|zSh-Gp{wiM1+r-NPO$R={<`-Nm=eV(?YsiDTIeID~m?^m27{%VQ=M9gfp;Rs?Xk$=_86s zps)_R_%MFrRk`HR*pT^n*!e#>(kMKjSZxVj@CM$|?|Fceg*HAaT6oHAb;To9f=DBn ziUZcIPi#>fjpKIu#<3oZ`~n)Ph0+t-15~fMUoppg6q+=amcnB9>{Z#qbSa@5m3pjD zD~<>Ix;FlI(=w2LFMLGF94$v`A6cKYa+X%5TFAnX?TDObN6QRTAO|wqH)j`rYswrrLxs5+MsiS z86Xw_Mt|^;*U~qTdVPLBj3I?bA7ACBWqeo-a`g^BLr1L=1NWHY#V`ZUm+)L$k27l9 zuu)?;$(+TiWzxFVMgx1~>9dRbg*rUEh%l7NM)0cUskUNpMfKa+hdKgMkLT0XuZet5fI_*Z7@wfr^?;XKdTc1;aMl;D|uT zDi&#lk%`>0y@?Z(=|NsnyrPJQrV;a_#^`Z4*#E0dis&%ePj4)7tpKeNrHM^}32RMr za~%y-bJ8Xw%nnfxbMz_UoWf&q&YU%{>u%PjfYpC^qslqp zJ}}>l?f7w``99G-5Nr{Aj#fBK1F%t@!lpofOUgjQ_bx;J5r0s>tn6yTp80PFJ4BJY->&(-Iw95X&P` z1%|A(Z%@J-+(hCimdbwW(#>014Y#MZpT+H|FD*u%fQk~7qULeqZy7-UlRbbXL-6L? zC)t(~p=D(hkAx~ChGHGuNM?e_18je*q^_WvJIdeg{2@d>8<7* zp0-mxu8XL_R;OwB;npFPaKUX0(mQKo!{huJ0N*ufxmH9b_VUlrUn#%Fh!K5U^x2mUYe~cCnpQL&`aS4qy(38J(5Rsw$|GY=ZJ64w541rvRr(RQ zWRpn-)Z?wY`v)XUnMdHtK`U3IDtHd%O4hdEK)hqE0_38k1NsF3>FV2`*X5Pn8l@k( z160ILRSWG^bq4-0it?%i0El5N^trO?mz2r)QSu|10dmE>IFyPvgYswvKk{D?1G^_Q zW5@T)V}ouvhw{?cYq3Fa0e4LF=$@;g3pfe@2nf2~48mf1Sdl8xNxC+&q(j5~FILDD z+rYP3z#1mTR2@Vb%)WD5Wp>o>j;HJ3+rcjJ_A5XM6HfQlKNmSG1`^&{E^3(T#I~d) zI8sa0O)Vv|zqJcRRveB>qQX*ynkZFNbnR@ueufm-8wz^b+-U_v2ByZ71sV*2AH=q> zUy3l?0gTc6%rpfQe^HdFpZN5=z$!|aAQy``Z|U3WBtG|2|ztul^~6+k`ghJtlAVtcWWt8TSh32Bb>wtyKFY zQ~xP$(;f{}&w&}GT$^}rk*6aE`vvq+N7&f}$yoDi&kwFSvU6!%vGym8t;N;}9FbHr z?5-#SiQJnQry&}+Vd7Z}Jf2~>kIxU+-IQ(J?*cc8=e=+N>qMUN&?hA#H6URnrPcsS zj7yD4%*n+FYrRq|VY4u(m%F#dDt(jE6LbeF(U(YnDt=?+F=i%umG98e#%eb?#S~_wm8~GO#?8e$T(W-a%Osrx%le#<`0!LOC z2K9nX-0L3(;rbVd`(k|sKgYxvje`)~uqUf;PD+bX6=MCz73!6inoOAlRp-}b7Y}*v` zV6{Hqt-xCMxD$}g5aQA_E_l`ErgCZP(wiKF!-1e76dGZ_ZgP5a+KHAXzlF^gk{WQYyZ$3u{rWRe{cLG< zEK&r)1V?Z2>EU5rL;j)S!v^Cn{&zTUaw)7jIAdWg8#^RN^mFe%b3aAlokVjoxmjIC zXA)MY-18$NaIVLwdYsQ=k02ae=O7jU9_jB+T{wQ?tbX;+jsQjtonXroJ1Fn%)??-n z5-TZ)GO$?Q;7kB|3LKEfB;-07qROiCEb@`MdkI{rVE(aiH4sds4~g{$z_iKo}Q z+`CL(ZD<2PSIq#D6u00^>)?C2rf9-pIFMpwF=fjC?N**r&@nS7y z>vQ=C)%2Z827`8+OkOzuGVdENZ&{WV4W_zK;v^rGLu37eeXyA}+hK0q0qH`rg{*yw zzDo^_5<>9wYNA7&sXRyZk}Ry;Q&?8+)mp0ij#&R7gyx+vT1zo?H7ef5!2%IrG|C${ zzHNgU@(njXcw}bvi5kY$gGt0Y2693rV(t}tuXgWS73Lv>0~CYHtw%|i#6F(Ufx*T# zgFPSpzRUIZdVXGgGrNDtdo?A|P;X>ZRK3J&Io>%9B$<)^!$%tn>%aR*c+4=Wc{IN9 zn9@(3A=mw_>E0<+bY?cGcxqOnAHBTtr(4fqDW`RwJme<$G<{K!Gw6ZG>4?hG4b)q9 zSVE0<%oaNzV5_K5RzVUWAbNviw;(hpCCt6|o|Hm=Yr(P+skE@7s-p_|97x38bMCGs z0MX&O$AKP+IgRXk523^jj*A78tHvfIN+_Ef%b@YP3PS{@D|Lf%Z-d+)f#!_qkxOY(%@%3G&^=cwmSv!Z%*>953M0Yg-^O_&(k57be z9pw1`XLy&v%$?ol$ev=GdvpP(0erPu=fEGQ13&gTQqxr9T}-0sX z%4F4pCrCVano1aeFZ&`{D;~UO{?@wCLAj*X?f64Ycs6aOH~=2ofbIgFi;o6(p0?yV z69=z37|W11z&mVZno?oI?yxkZl-o&pZ>9K zPyf8U107Gz5VanKLXDjmfIOE(;M1Ng=?GmXxks>&6rzv$jPPcKd&}1S=1<+SmXnIH z8euGkA8XZI(pk@!4gIZ#y;8L>l>cCMi);PHj5}{R$*FDdBNnJKec{_&5zpv`;1kNH ztP)7Gz50EI9suae|Ina6t?$sgE_I(fo20@tUp%wiHK`Ar%9X3dpYTz_p)?^7y`5u6 zqeu?LYiN3q(IB}zx#jDX*#XrrD$q#v9@7gD{B6-SJp!h2^E-_q__$3y#SGOJziSO| z;OU-UIoL=vclY(Gv{k3qh{t07ynNfTLpd#*Cka?s6`8kCQs+L4K$e#jXy18(C%<&z z;#cf`*VNY^?x_{jE^U*;ih1tlt)dA8IMdiexpv7FEt86C?reuUa!jr1@j+68kI#1|-{h{dp)POwumFkXS1XXkFvLpm z6*_6e(Otwa13vHmV}x>=VR8*bX#r~ymQ&y$Qd6qZd67!G-LBC%)Sc#jKS5^!usLe?9|;kx_p-Q1DnsY zHdC{G{quDIj1cjHu@`5~U`h7#nmya`QV3D<64Ive)wfRªh^b6o%1$` z5^nnL;K1Ba6&nY=SMkm!&6-G}W7H16koKMiMACD-Gm(@aBew18E?EK1#Sg_0|4;WM zGUba#XUdfa%reYB@;`bMmA8R_s{LB&oGOS~K$_WC8Q)&Yf6nhbfNx_LZW`(DWfBII z8%`$j-7f(M&}t!oxR(ukrG$E=uyP3MwnEzN^ZzrpN{1WNapdFg-2yxAYNN&%%oXwA zDHl7?UA_J9r->hxRkrk;>|&T{sOqM%{)#MJPvH(^89q<&hWiH{W}>4%{! zfG-iEFSKR=5=z^@VO>j$yu9AR=8Zud4C@2=g@XJ$k0>maFoojAE(6ntZ|0aAc%6KO!|{ExfrnWdTKk5 z*2kS6S(N}b$1!NBFK zdMBN1z+J$4hJN2l62B3)^U>mJtw2E0zg&`~0xuL8pgsvhsrR*vms>B%y(u<1!uRqPoyB=vQ$#= zksRN1;=71kB*QM56JUL4$inRTM`W;f>q%0~JN<1a`|&P7qy|nqQ6u=x&~FW01-8 ze45$yJ3P7w*rHOrcDlII*?3X#`iNpa^I$Li`EU#J*${ep^)mj?8V zDEs?7U5`S~x7=b#)($~mLqg`xH}@nt^RKCbo=>i(;0nAk<*m6vJwI&b&!M1cYUMdd z*EK4-Cof1@MO!1$T(E#%j*z{7!d_%0KAhrYwAm$j2aqo)B^QejLJLI=5NqNG&ir#=vZXaW$ z`3y*Rq=gsm%3S|LElW0~L@`!a<${K3y&Z-M>$(K@k!UAba~qJ{^Ftr?g|lepZ`Z5| z5YDX~?{zW;TG25&dRME?K)ys{0=}}=* z3uqxAK%Fkdp_I=4CI#>3;D=uvH7#bU5%W(LsXAiU>b8>Ce@kS0#t(SDHxnn|C59UV z0St&k-*(IS7^m!Uc4R_=WGq5hg(7Q{@{?@Y!K0m#>$=UrM2AgdUO9jTggdR>w(JQ1 zO6W2w{1l&XFNd43MQn(24M0-_()>yhLnuKf$Ksv^z0(KE z{33q$U%37uCo^_wI!8wgLG8JN^0Cj*PR2kVs6?v&NCj;9E23UMNCah=T8)DxJ}0O) z9~zPxdl~I1WN;LH$^H4U`ZxEOjb`Ah5+eo(V3sKPt5w>9O3q|<60H~UG?>9I2 z9WPfH`}R%#7O`&5R`qqe9ZPi~p4dRr`;obqj?)_K=;D`3VIQ0c1^0w%d4%>kxgT&* z@w%S5u6-vbWY2C73rIpppO;U&#vz&lA-Csw#uq+d3Q;7Oxdtx6vq4@2LyQ)oOEyTq zbi2RI@HZ{@uz~(iz+*El8*i3N~?2ANKm;}`hf&Pu!2m@d}r((w@wUQZ@vcj@*5w;E+ zKXz+@8x znGYJV`1rOLV$rs!^)4fg^DCbOCn~}*3#qYyQ^XHII^>2y5w(ic5;wv2-p-4O`sTbast$Dcl;%4c=>loaM(dlSYh z6-rj5-K^P^3zr3@E~_40vzVW<&^=#w|o@e2AtO?+YL&F;wWz_2|=P){)S1Djt3N6znrg{;Od6)P{ zzaA?RG?}b5a{ou7zREn4Lt-w`rJl#VTIaOSixn!?98LBFcq^5v;i=h&o`Zdba_tK~ zHA;dYJUV{+{p0!$O~{zeL|HPcmaYirzJ*W|9E=~#zt6AJvVn>HMSor02(m6PNJGAV zEVAPkEw8Gk%EJ5=`?hF)^6JnfA?7g;{W}*9>;)Xe2K}`-r=2t?$m|9wfv>3R?3$h5 zLdp`cWy$6FKcKF(f3HQfmm`bJ1MeZ6bg-DNt0K-tJ88Ur_Nih=st66>BDt zo$r%POXb5|jDcCzQa}qB@;*IpDWxQEkhZbyU|hML4ZhgtMS~9#XIqn%&0u#zJy=NQ z0ZJ(BYp~NT9yAo<2EIkPxW(gqt`TbfACZUV&G>#3++<#L=Q9eQFwW-b-X0cb@78qD zKrZ{w#?1l1T&nCVAUbB&yWem{Y4;V#H`(6QjW}r=%B1{`w~}M#-v}GoWWdCjMJ}iZ zB;wMPs546>-X*0orn`9zgdm0aD%B9A9hP)9wl-Pl-Y^GXI}bckCx3D)yE8kMED&H~ zHkl5pp5mn4>YCf0ui~FN;Zn5oI7P*tm>)IdvtyXNT${?D*$bV)B|aG(0|W32KgCTz z(ide@@$|mMbaF$jTR%|CX%0=gxMyt*LD^T?LF8(jv|dW{GW8GXa0$_Rv#Ka$J#%2k%oPRqZqPdd@7==pw$=I!Zxcq;MfqRoh`bZ|`7$88#7?~O*cq<4Z z18aD>krqPmCr`D#F>n_O{das6ahGUFK|D>LH2*T{>qLmR3qVEMFNFKG zG%lmy`S7~)2Te{VY&Bn|c8N2~n=7-!&~<@np5naf89pT{BZVwY@uIa(g76>`bA zd!~3}!1OoFQ4LTYfs|_%buCsFK@@*E9?n);a>QTp^^Jkr|1|3=Psj0*$Yk_~*VlIV z;q>ciS8R7^bKT=Rk^fA*`)EAg@dD%IT4!jEpuBIj(Eb7>gfm(!%2?&z7)qRVQ(0jc zq~7@knEA8z^EIrBhY;->%Xv-|d3#Km4QeysEKan(A$h0xJnah-C=JK>UdB7=n@;?o zcSD7VL6}f~+iVf)Oks`6kEA^Lfiop3GN5n73I~B9FgvgUJf;e|R8U|6bV;ZfuKHlr zrgG#EhQsJYd>8OTEFG(;+rAKucsTrgrcKmFf|iY9ZZG-N^5x)5c5A0fWq4}V&^jHLsxf;>qQXeQtsdxRRwU`lQk6muzLBp=to ziMHjf)QoxH363tTth=p?Vu0O*4qo#hHxg4anwN3O1_v~d@>RV|H>2M+wj~rpb)taM zL7c#(VV<~mge4+%L2fFMQ0bqO5Y=4(Y^R1P9CtiNx|^CLEaTuEFK)ac*7hc_DSeSv zM{XmOOZ6QJwap5=@9DN5CL}nW`e>z65zm>kjLk{aPI{}vreWYXp|^3FZocnZ14d7@ zll-$$P{U0C&BfYjjLyzn(9oDrV1( z#&kqeij^)JR8!!9C4UQ9RF|B%sM7UQM!JDhwYUqXb&~;az(Ue0F$CVO`ObO_ZqvB0Oe{|V@i2et5JV3 z9X~zMxgDDQ5*kY?F7!L{U|M2>42R$ZbKGU3C6OinO2zhPaz1yXGi^?M5+ zJTAYIk$8~%52IjgeSY$IYX`?3szngSFqmWdajQ$(Nrzbm$%5J->)>OIfm2L~pEL+o ztDVTFM4En+xLhBrKADIk=Nfp?)nGZ4hoZbuH1;PJ+p=fse-%eKeKHup@%WW5$bzo{ zDnUC_#EcMiHvWoK%xBY#ArVC*qmMg_+cVDWN~vfe!W+k!D~AY?wN%8W5KK_cI(qp@ zTk>Bff@cKPm=5_b|8f8D=s$fs@B?{TmQr|dhsRgWJ>Z0S0#a%9qZaW2@r-J$trm*T z*t>f814!)vhD4>2>Y6m3aJ~rOWTqMyXiczt36&jqloZ009+rz;(XAL4B z`k;w_;<|+k{nY z_8J4V(tfbn)CDDt=qgFabXxWKgojfD2BEPxYvil z=Q>$>8@}dSrr-{r24mOQB4SxcgK1k`g5;!D zx)gE?U=K3aIhn;n9n9@-BK($xUDn0v4z#EhG3_?X$NM<=QJ^)L)4~NV}slERzgg=^|l4O{c|}} zt788l$(H*#qS#pt?jwissmro$7!m2Pz3?pm$9&z9ZOvr|d3yt}?0?Ph04aSF)T}Uw zgbZ1PLZKu2LU@wLLkm$)CQN#h4jW&^lV%~k0B)?ia&42bqk6G5TeEm;fveWT0m1oVrr z;}xtomC+41-?v?*uob-O$F6m|xOg=gmYfc$zZ(J#9W)wNhT72<*DWXMSpiMcNz33=ZuP@i&Q7uOXJ=?K9DgnOG#t6&>lx$mO{dMJjt$L zbCAA#77?3wvN7d^vjSz5UfQYg-D!Je;yvfYCiE;oun(wzh5_v`V&VD%scy;Ft8w`B zF3SE()+*1hvtTY0hrRP_%P{ghMCblS&^l6FcBnqz-afp@l^;Wpl+MX#A5bTObNz6; z&5+c>!yNG-MYO=Zg9Ux_eoJP@YLh&*Uil}G{kn`Hbz%ivv?^u3i1Z2d5~;ipty4#%)o>B2|Sq4=h);o8d#%eR({T-}g8r zMJb_Dq(OEv`+`b#vhS3NjIqRsk)=|-D@xWBQg+#sr7T%05vh};ojbfS zCXH$C(U{yY%U$tbm4}j9$Ah28$iEHuDhiqs#139-yulyoCBgOS+ki1#`_XM3wKrci zo;YaLTJ#7KzRJtjJe!)~xh5Uxf4BD#Q@HP5GRyXX_IpwKl#GGYkoWS&qHaw*;*mkO z#BIcMiCs#sup7{Zl?J#?x&|q|0dI4I!c+b9(we?}tJ3>=z4~0V^lgQZ=5%|O^SM?s zt9fd*VZy(>FMLTByWT6WepwT2&dm&$5?GwUY+^t#i2X| z+r_DqZwHQFV;gGr2_lD$hqjwN_v~tMZb>f{)J@xItE*1wBjvdljDCBYH?FnW>D-oL zjXhkpDa~V2o`)_6`o&xETVC5TSKNDPed^U)yu2OoL95f^FU&*W9q}-HadJ}I`Lg%Y zClmc5el_W4X`C!oJ%^0V{&arx{x?pOgebOY;13xl2~VSkB;IaXi4|&+-?aX8AnKtS_x#f9_LDWwyPZZ zllQr5UBh3z-O#Nb-Ul;^mYov_F3BQ>yx3ogh+>_@eHm@x^f{HCt$U$eorA3TsAqss z{$cv|x<=uawebY+g@xh;1VpJMxKY$C66Q^%ZQgSmvr=Jy7Ef*7^rW?3$Y z_T(P^AcGt;gl#N%!Q0l=M%{k$!>Wl>_uDT%U^<1ZvgK*_%>AHgVHCQmLeleBQA1pT zoxf_Rsrue+HlIEF1GmoJ`4-Ey@$^<$Y;1!oNZBunl|G;T2d*4l@UCaT?$Uelv7EPge7;)8OCJcVjkyW_r8Yym zqBiG^hy%BM>^Qvdp0JAAI;&W&UAxIP*TnHtyycrK5!SFU4)t`FL!2MH4mHj5#>X@+ zOm3YcR(uNylXUVPwRUQ}d#gcv|I`js_q=)a4VqD3a!POQP%QVT?g|@B@|u2rCh=iX zx6sU^tK0GY+tv%^bU9txU}NF$dr)frsMlEZ$<0Sa-&Z>dD_+n1-YjvWO87^%l~k74 z{X<#jORkS|%*u-O>B^jDX%fa6uuZDgz3s98YCQifJd||G$7c(-w@5>cDqqo!iD*02 z-Y3p$2s+BhOzw2E!c7A*RlQPUXP(8{X(z5*x3Qc2;2d&#A8(S(o=J;Ht>%ZEv#ZZU z8qTm!PiD;)>%`3nU4G`&OpFo`9RGj~(u*`3^43z>qa!7C*Kr}N zpu|^uLDbF4J0}h#eIoayf*##yIj&VIFgM{XQuZRgWXwqGlJ5*LNJK6qF5VtL{>=P< zvY2_49WxUu|B>qVCs#VR3wFzySvE&{+!s~g4xJm4n_1v_?pRx^Y&DYXawAtKx2Ii` zb>e=;VTD#M`GOv2r!u3?Y->wOj>SaQecKt=lZf7ZrRBai`hA)nTg&uTTv5si55=i` zOK(TL>#X2Bry4O7g&{~3i6#C}g3CN*+m)#Ge)r=pwBZ%Fp!I-xO=()1_dTBq=QE>I zJVhCUMU}_Zv4K{Zr1M9r;Oykpo1MS%UVcAPB)x&%?;Bxz@6TV))i^ZrRYE$wjt{=* zjjcu*mNVZt-1Uk`y4w9&*0JKBf>mc`HpW;;jyV))a&jjAaHzG({-K~D)t-K;4$bC2 zd8tP6JR!<;qws4_<5QYD91`^XPzG*O81K znWy+pGk5!8r(tt7%-gyxzY?-+nMad&J)|}5ygup%`58HS{OsFRloUUbcU+~SK9kF=$y6*lL#&=} zw)OcTm(aj0Ok{)Lbr^Z{-GeQ|XCou(4s;E!KNxi2X1c)Zv>v0lZtT;YC%3#F7HPSz zvCXeOlTT*v}&_M}0bm`+mbG>;Mjzg=BUTF-lQnto*$BB=%UY2yA)ya^&G-J2{N#kbd{U= z8}Ha}xFhgGeQlJHhhFKX=#+gErv(Ipl`1?HLfn{0QX2Q8)^Z%(xH{q5R!x1cXko|D zy#6Uqu9|V1$}N{S?BATCSaK}HJfP>g;(DZvg2Y!}4@voWe;)qyiIKI$*D+kvcyWzs z|I&<}wf2px+<&C8HI<|V!@b@;!3Y7ma>cjA{{68)qB9B=)*v z9~kzJJF|KGI(CYy;>M8jQ!TQDR_mc1repj1x0>ABs#BQv7;dqPR8+HtyIx-UC&yI& zkP_lrVb{k?zGcU9@Oajy5ucPjmT3^JwG3-uT{Bb>6+8dNwV{vOFSOu&Xaop z_clFa@H2-~K~>jLN8#!=!3;sBu%CXqy!|Ey``%<0t#K=?D(B=LA@LnqxX^XGV zdM!DV&Hi~thiHu}xpKX~YmHCzjHH534zF}d$^`1o$5=5vN^WtZn|bIKC#23teVNlL zZF9Covips!Zk6xviEWBg%5y{x-sCjn-}=!22mZsjiO$*Yq9NZ`dvsks!F`>=?v1a` zkGn`9x1(HHeJ?(oJSBZF=JZ5wTt`rSM~Km_`s|D9+W+j*YC2r~iuBbO&&Km(Cb8^u z*i-nNTYQ7F@v+pl>zfTqMFK305^sLLd%O4SzE#JVBi;^3ez4qg`u?XJse?OY!ro_H z*z5Y?zEwoHlH%c}TXXo0I+?lkAq`47ESD%j@}Ybz!tI}3q|H@JKDMSa?RcqOH5d3+ zjvMpt#&GL5zL)^(mSJ(EQ)p;ZV*{tf`wH0z*?G<$U)Arg*r!tx18>Tw*tPC_rxcZ4 z-$9mw)%efuSnoH!xgLGN%#b1|eKnF@-kWS_7kVb@Olo2I1yiSaCocHh8f|%*BMUE{ zg{Au>ZH^X^Af2_~c4XP7AK$0l@R@?B!?$!s-M6rIJ>%@Nz^^o0BUh)BFL}njZ@sbO zEC1-Wz4{x^V`r69$2$csdS1|fKXgCXo?I*GpMQ1h=&OgL+0NR&8YZkMTnRkWEWg4U z>cu-L^0qwAkK{r`BIAT!**(4?#G2LkHRg(bM8%~Kd{@F>8Sw|Yh9yk$KM3AcvaN#f z%%x@P^}zEIm4{{dQtSlKdWMC8++Xt2&gsR$t6%x^sQT&6nh%mBShnQE?==!ZWF_pb z6O1o6IpZ$NndZR9x_5hJ*%jmDA@A#&u5;)4h+p1RdBKyf&fbtqv-u<*dUD&x<}Tv! zxNYNSCUQbJ%m;3&AFh_xb#dzI$2G6X_ZNoidL?yx6!R>Z3NF?^SjYFEN;JB!UWEz! z*v0A%LHeg<{pH{Y4w=2BIwOi>4VL1{_6c7Pd687y_+CFP1DA71F(28P%VM=IGCd#S zZDvhM8^gQbwwOP1*;mJ1A(ZSJ8v9oHioX+C^>(otM)SR-}h?6{3#{U1&o6rEYy{)>|{bn~liOglG? ztKPZ18F8h|Y=%($inwYz_a@TXXoED9PU@``&YU4~X(E&SZoR}atZl@hE;CZ$bGMs; z`JQt8Az8Yohf`2O+T~15GOss^jaTu-r{|~(JZ>H)d%iuLAD?9Vlsl#4m{MW4^M(eO z^)YAaNZq^TH%@A_)HD}`=fG6MKfgQi;jVp4?Y*He<^##5P8>W}t2F2L-Ed?=Pjg9) zeBY@KUe4ULyLzbWU8Vnav+~#bJ0y8uGFh-@TyVXSd-=k-KP*+9XS5$3Q_{ zS!#nD=Uq%T@3;abt#G0uFFETi>zPA&4(Vq$N18T^i?gLa@)NSSyFU;^_}tb$sJzck z(l7T}ke~V4@>kCm1{~G*x@R#F53f0SUaY0BL+odHxK17K4qjzT5-)$*+XrUjeI-xH z$vFk@BAbG-A-OZ`*HW*CO))>$Sl?M0HuK!;#5lQK{|qwVMcMv01kV=+rHES6>N9&W z!ZU1Zl0Ay%c*`A{-fZ+b!CZfm@I}ZwfvkUeOC2XsSKYqiZ; zH=f9`V3Lfx;Ra&HLGezEHOmtp^;({fYvTufNNh()@Bb*4z1P_bXTqa_S%>aKT-}#eAz26_o8uA#mqJd zUc+wo+k>woCC@T<4c{2I)8BQvkfk*x+iMd$b7S@0xSoU!ual09+AAnygiXt)9-4mM znyxU>V4JQh`aPk6Yfae%Yock#=$0fz__5kuAeBD*k74)Yo`|T8xA4*Yh({)Gld9qz!uIbW5#%S{|ThhqJf#V;Fd z(5Cg%Ga+x^j`ilHxcj7tFM3^jKF;k<4DxY4r6x7Xy2OHZQvSu8sGY zMQ@61^2kl+p%<6B6qp~0|CBXaeZ}Vy?~ts4<$#QzGuNJk`fMZ9>`;LMS!wkfUg`E> zhff5XaKr}I$+J!lZ0IT&9wM<%T4#8bA4xyRoY3+3ip=*xizju)>3a}cP-h%mYUkCT znW+0BvbTi@mY8g;Q6q7S-kbMA-J$I|l^ zh7a_FZ=ooTu~xJS4|(DG&GvCV3=TTF;AR#iwGaZ-FIeJ`e+_vLF} zyFIe+*@lJfvh9j)jhqs&SbN7X_d#*+jFGmRQdP*SFXx|#Rk1~6dCy-^To=5rwN+Ls zm8X!!INFiA8nxRtx-HXc1$_sqMd5^H=}VU;0zzNsC4H8KJUEh_!FFdA3jEpB-wr ztryr+x|hAFO*|1P_|x>~)adDA_<=9&zGs`aKb=bMxse|tP^r0k_4?p|LD^I#r;`0$ zM-7?Yai4oNP;kK@664>vhMf^|ebUp2x4JjQRb=h!LTj-Q%H%W4tgT zTaAq`+(Gt9?#*UJVZMO;ny!$EGA%@tPGCJxNS!e9f$8gKqtA;y$9uDuv^K>)amkR zwb3oDENWbW61GaF_UnQwg4I0PWrXi3sYkuy^RIr<_YLpOFCZ53tgrv1*Byn8A>q|M zC&!C4uCV{x!Yk+s(4&rdl`05?L{|5Wje98^5eTV%**E6ptso#9Qr$Q3zjh)NL_>NI z-Wx(*9QV=|cy@f8S0KFlTa!~KoL zdsQq%TaX%kny5*0S<-4N@&IBEn*o9z>aZSUNUt4=z)aO$w=g$&F9lgI_G_+`R;>w22l%~T5I(~JfRi4J39t-ayoAgS$)qKnF z{N2@KlXdZtTg#-h$!w_!3llc(grjKk{C8PBo1VJ=7}-#?Zv1cXT8tA$9ySzeJcBxx zTwBT7od`vT{~X4Q$tEriRF_AfpeO-?2Q~gVxVcl5?XBIG1C_S*QX7fEETWh>*i!7> zLBxaNEzK`#FN_ufeg8i|kr+4(g+jqF7z_*phf{we;NS}$071tRO9+LE2BF~Kuw^pn ziNxWTu$CG8hbIHpZ=Qf3#FP3PzB~y6*kW)^^Mg!kkpxl___oxutTLz{G6Z_I%lQm_;sisWpycWg*#{bcsR@~a0+qk4 z8k8JCYFLgoP@Y8FMu9dY&vHK+q&Bqu7|^Ee$AZCW`*DE(Qa@uVg!xw(n5?EV0k)Jf zK~WDhaWL@tJ+P)T2tBk-Gz^-|l32!WAY{@;O#lGSMvsAop&j zr8R`fs;V0SbuVgsv4sJ?0x?@`;b17L5*J$_c2IRpZJ}{6@cBI~;Djc?z-O5j1L7Ig zjHuWc5S6Iwy4V7X@$V=Y;P3RDFa#L*EOWvlVBqt+g@R!hIjzi&Aujax32m7O+J!XN zvvDLIhk!KZpz1|YH==-~8Gvb&t?x!YZbYPjol#a_MGc%Xh+bd=)^xTe5tWyonoCb5 z$dwpW{jV^~2NZokx#&3h)^5<@fIzd7hD3L=hud+YI}n0K9ne9=dhtX8tuhY8V<@66 zokY~#$R4gR=m=y4263}?ad(9{ANPjIDg%fL@sz`HqM^DH5EDjm^H@9&KpvtDGy^1X zhb>tOz3g;GvY4OzH_E=GCVJVy-u>GO{+ksK@&u~)Fi1}mWB;qAUveJ?>1jOhzgqew zzoVBPN_Cdw$A7c*$Ukn+)P41LWdHAVT99M^!S0cNNytI|G3HRqHGhHbshK0lKIrWp zY$tz(-GfrxA1nu)#QqNH|7iE%EcsVRkNso32S>HPL;63)dr%MfE2PK$(e817iQR+h z$sfEH_m{+b+#lmT4mzFu1@RsaS@?>0kB2hPzd?HHIgfF-!b6ehZ;*cJBuT&5;-N_N zH%L!Ce>3Wy@Ryvez>iXe{|em`{9QVbF!vA0S00VgA(a7cU!9fRG zsPMnEzks^H^3Rg(E;qrGdaPb7TrEQpOObuK4Ph;XOBxXMR7FonQvzH@q~`w&SW70j zi~^q2OqCvsn*Py)s5un_Xr)}#-Jc$dx}`FJR%(J8{OPf%5tRY7w1_m)Q+=Nvi|SAe zpp{x(D)uOoJwVL}D%sP=6a=*n$zU4F*5HzwOj<5Ckw9H(x!S}?O}CjTgL`;zdk#}j zQ&m%g!_fpd9IFC{XLs6D~4plFT*1!^1$TrA6i3Yo3Pad79nj14FtOb83B3aCLF zi(UE+aRQW39}@IoAzX+fAOH_I3j6`VQE-SeRSXBRiwabg6IYRg5D^GC5`jeGFmNe2 zLJSTUlVH?@mmATJgB?`$(VzehcrN|Guow)e_d#9Y2a7}^pzIkQvb8R?HWNBtWH7dRjCBa!pzopd~=jfEEVFp%GBwnjVHlL#1U}7#4{_ zz*o>>(NKYx77vaiz@hRnEez0tf$3oo9^{X-cyK&|0B4W|(4xT&+X_6W=uc0JK_eLW z0b20($x1w^{7p}bN5dJ`2#&|E&;fv9p`@6B7I@VP7y-|qKRBKMU$N$R0$5B&S^^5X zSfL+-fML`Dm>YhD?(qaHRM4QKCBUI=gARs8g6T5q1>iw}m7W&3!U}#UG<0}mz{9Q3 zGXVuwlMxS1y;P#7MI%=DB>}zCj|gZCv_~<};#c?r0gYebg9HrX4>06Pei-x$yCPuF zP%=(GE(Qy2^$alFig-W(yY>p1K~!Bq3p|ry46sH>sBA(%1{MikZDN4oP>j9>XwfTd zjQ|{-VLia5B%aYu0WFqMrvPt7+yD`Mh0g$5JY#%;@EBtWxOv1uDIM+Hu;9*@F}?si zJaj!ui-&+?P>k{cS_GpGAUx<&i=Gw>Q0ZX+01TBLh5$PSbm>J;3#P^(3!ud?+C8}S z1bY}GEddW*rqc2Qv^Ylp1+S~&p^HdbJOmgON{VS=fEHLZJq+N1eV7r3#1R;;PfQI-)88kiA=gW+o z6dt-)rqclqjfB!(1{i^H%@H7ZVzeOu1FOkMi@|_bUKsdcaE$Q^1tJcCVJ!g+WNGxY z0ES}R7f?v>ssw{hQAlXf>1ok8BnWIPVT`s5@K)^mXrL=b-$DZ&Fxn6nfyXoYK7awk zq8}FvA_U_;gGIurFD=mO9t1xWqyGZfiW~&MaExmNMe&s}0=r^A0zN~a^%;trHF$T_ zjf0(f9qix(ZnL2@7#u)k4asEa${QHX^7{*#E_P%90jBjEq5@8W3TXHN3|fhRRwdxE zYDg6|tcsE -.LP -\fIstruct ub_ctx *\fR -\fBub_ctx_create\fR(\fIvoid\fR); -.LP -\fIvoid\fR -\fBub_ctx_delete\fR(\fIstruct ub_ctx*\fR ctx); -.LP -\fIint\fR -\fBub_ctx_set_option\fR(\fIstruct ub_ctx*\fR ctx, \fIchar*\fR opt, \fIchar*\fR val); -.LP -\fIint\fR -\fBub_ctx_get_option\fR(\fIstruct ub_ctx*\fR ctx, \fIchar*\fR opt, \fIchar**\fR val); -.LP -\fIint\fR -\fBub_ctx_config\fR(\fIstruct ub_ctx*\fR ctx, \fIchar*\fR fname); -.LP -\fIint\fR -\fBub_ctx_set_fwd\fR(\fIstruct ub_ctx*\fR ctx, \fIchar*\fR addr); -.LP -\fIint\fR -\fBub_ctx_set_stub\fR(\fIstruct ub_ctx*\fR ctx, \fIchar*\fR zone, -\fIchar*\fR addr, -.br - \fIint\fR isprime); -.LP -\fIint\fR -\fBub_ctx_resolvconf\fR(\fIstruct ub_ctx*\fR ctx, \fIchar*\fR fname); -.LP -\fIint\fR -\fBub_ctx_hosts\fR(\fIstruct ub_ctx*\fR ctx, \fIchar*\fR fname); -.LP -\fIint\fR -\fBub_ctx_add_ta\fR(\fIstruct ub_ctx*\fR ctx, \fIchar*\fR ta); -.LP -\fIint\fR -\fBub_ctx_add_ta_autr\fR(\fIstruct ub_ctx*\fR ctx, \fIchar*\fR fname); -.LP -\fIint\fR -\fBub_ctx_add_ta_file\fR(\fIstruct ub_ctx*\fR ctx, \fIchar*\fR fname); -.LP -\fIint\fR -\fBub_ctx_trustedkeys\fR(\fIstruct ub_ctx*\fR ctx, \fIchar*\fR fname); -.LP -\fIint\fR -\fBub_ctx_debugout\fR(\fIstruct ub_ctx*\fR ctx, \fIFILE*\fR out); -.LP -\fIint\fR -\fBub_ctx_debuglevel\fR(\fIstruct ub_ctx*\fR ctx, \fIint\fR d); -.LP -\fIint\fR -\fBub_ctx_async\fR(\fIstruct ub_ctx*\fR ctx, \fIint\fR dothread); -.LP -\fIint\fR -\fBub_poll\fR(\fIstruct ub_ctx*\fR ctx); -.LP -\fIint\fR -\fBub_wait\fR(\fIstruct ub_ctx*\fR ctx); -.LP -\fIint\fR -\fBub_fd\fR(\fIstruct ub_ctx*\fR ctx); -.LP -\fIint\fR -\fBub_process\fR(\fIstruct ub_ctx*\fR ctx); -.LP -\fIint\fR -\fBub_resolve\fR(\fIstruct ub_ctx*\fR ctx, \fIchar*\fR name, -.br - \fIint\fR rrtype, \fIint\fR rrclass, \fIstruct ub_result**\fR result); -.LP -\fIint\fR -\fBub_resolve_async\fR(\fIstruct ub_ctx*\fR ctx, \fIchar*\fR name, -.br - \fIint\fR rrtype, \fIint\fR rrclass, \fIvoid*\fR mydata, -.br - \fIub_callback_type\fR callback, \fIint*\fR async_id); -.LP -\fIint\fR -\fBub_cancel\fR(\fIstruct ub_ctx*\fR ctx, \fIint\fR async_id); -.LP -\fIvoid\fR -\fBub_resolve_free\fR(\fIstruct ub_result*\fR result); -.LP -\fIconst char *\fR -\fBub_strerror\fR(\fIint\fR err); -.LP -\fIint\fR -\fBub_ctx_print_local_zones\fR(\fIstruct ub_ctx*\fR ctx); -.LP -\fIint\fR -\fBub_ctx_zone_add\fR(\fIstruct ub_ctx*\fR ctx, \fIchar*\fR zone_name, \fIchar*\fR zone_type); -.LP -\fIint\fR -\fBub_ctx_zone_remove\fR(\fIstruct ub_ctx*\fR ctx, \fIchar*\fR zone_name); -.LP -\fIint\fR -\fBub_ctx_data_add\fR(\fIstruct ub_ctx*\fR ctx, \fIchar*\fR data); -.LP -\fIint\fR -\fBub_ctx_data_remove\fR(\fIstruct ub_ctx*\fR ctx, \fIchar*\fR data); -.SH "DESCRIPTION" -.B Unbound -is an implementation of a DNS resolver, that does caching and -DNSSEC validation. This is the library API, for using the \-lunbound library. -The server daemon is described in \fIunbound\fR(8). -The library can be used to convert hostnames to ip addresses, and back, -and obtain other information from the DNS. The library performs public\-key -validation of results with DNSSEC. -.P -The library uses a variable of type \fIstruct ub_ctx\fR to keep context -between calls. The user must maintain it, creating it with -.B ub_ctx_create -and deleting it with -.B ub_ctx_delete\fR. -It can be created and deleted at any time. Creating it anew removes any -previous configuration (such as trusted keys) and clears any cached results. -.P -The functions are thread\-safe, and a context an be used in a threaded (as -well as in a non\-threaded) environment. Also resolution (and validation) -can be performed blocking and non\-blocking (also called asynchronous). -The async method returns from the call immediately, so that processing -can go on, while the results become available later. -.P -The functions are discussed in turn below. -.SH "FUNCTIONS" -.TP -.B ub_ctx_create -Create a new context, initialised with defaults. -The information from /etc/resolv.conf and /etc/hosts is not utilised -by default. Use -.B ub_ctx_resolvconf -and -.B ub_ctx_hosts -to read them. -Before you call this, use the openssl functions CRYPTO_set_id_callback and -CRYPTO_set_locking_callback to set up asynchronous operation if you use -lib openssl (the application calls these functions once for initialisation). -Openssl 1.0.0 or later uses the CRYPTO_THREADID_set_callback function. -.TP -.B ub_ctx_delete -Delete validation context and free associated resources. -Outstanding async queries are killed and callbacks are not called for them. -.TP -.B ub_ctx_set_option -A power\-user interface that lets you specify one of the options from the -config file format, see \fIunbound.conf\fR(5). Not all options are -relevant. For some specific options, such as adding trust anchors, special -routines exist. Pass the option name with the trailing ':'. -.TP -.B ub_ctx_get_option -A power\-user interface that gets an option value. Some options cannot be -gotten, and others return a newline separated list. Pass the option name -without trailing ':'. The returned value must be free(2)d by the caller. -.TP -.B ub_ctx_config -A power\-user interface that lets you specify an unbound config file, see -\fIunbound.conf\fR(5), which is read for configuration. Not all options are -relevant. For some specific options, such as adding trust anchors, special -routines exist. -.TP -.B ub_ctx_set_fwd -Set machine to forward DNS queries to, the caching resolver to use. -IP4 or IP6 address. Forwards all DNS requests to that machine, which -is expected to run a recursive resolver. If the proxy is not -DNSSEC capable, validation may fail. Can be called several times, in -that case the addresses are used as backup servers. -At this time it is only possible to set configuration before the -first resolve is done. -.TP -.B ub_ctx_set_stub -Set a stub zone, authoritative dns servers to use for a particular zone. -IP4 or IP6 address. If the address is NULL the stub entry is removed. -Set isprime true if you configure root hints with it. Otherwise similar to -the stub zone item from unbound's config file. Can be called several times, -for different zones, or to add multiple addresses for a particular zone. -At this time it is only possible to set configuration before the -first resolve is done. -.TP -.B ub_ctx_resolvconf -By default the root servers are queried and full resolver mode is used, but -you can use this call to read the list of nameservers to use from the -filename given. -Usually "/etc/resolv.conf". Uses those nameservers as caching proxies. -If they do not support DNSSEC, validation may fail. -Only nameservers are picked up, the searchdomain, ndots and other -settings from \fIresolv.conf\fR(5) are ignored. -If fname NULL is passed, "/etc/resolv.conf" is used (if on Windows, -the system\-wide configured nameserver is picked instead). -At this time it is only possible to set configuration before the -first resolve is done. -.TP -.B ub_ctx_hosts -Read list of hosts from the filename given. -Usually "/etc/hosts". When queried for, these addresses are not marked -DNSSEC secure. If fname NULL is passed, "/etc/hosts" is used -(if on Windows, etc/hosts from WINDIR is picked instead). -At this time it is only possible to set configuration before the -first resolve is done. -.TP -.B -ub_ctx_add_ta -Add a trust anchor to the given context. -At this time it is only possible to add trusted keys before the -first resolve is done. -The format is a string, similar to the zone\-file format, -[domainname] [type] [rdata contents]. Both DS and DNSKEY records are accepted. -.TP -.B ub_ctx_add_ta_autr -Add filename with automatically tracked trust anchor to the given context. -Pass name of a file with the managed trust anchor. You can create this -file with \fIunbound\-anchor\fR(8) for the root anchor. You can also -create it with an initial file with one line with a DNSKEY or DS record. -If the file is writable, it is updated when the trust anchor changes. -At this time it is only possible to add trusted keys before the -first resolve is done. -.TP -.B ub_ctx_add_ta_file -Add trust anchors to the given context. -Pass name of a file with DS and DNSKEY records in zone file format. -At this time it is only possible to add trusted keys before the -first resolve is done. -.TP -.B ub_ctx_trustedkeys -Add trust anchors to the given context. -Pass the name of a bind\-style config file with trusted\-keys{}. -At this time it is only possible to add trusted keys before the -first resolve is done. -.TP -.B ub_ctx_debugout -Set debug and error log output to the given stream. Pass NULL to disable -output. Default is stderr. File\-names or using syslog can be enabled -using config options, this routine is for using your own stream. -.TP -.B ub_ctx_debuglevel -Set debug verbosity for the context. Output is directed to stderr. -Higher debug level gives more output. -.TP -.B ub_ctx_async -Set a context behaviour for asynchronous action. -if set to true, enables threading and a call to -.B ub_resolve_async -creates a thread to handle work in the background. -If false, a process is forked to handle work in the background. -Changes to this setting after -.B ub_resolve_async -calls have been made have no effect (delete and re\-create the context -to change). -.TP -.B ub_poll -Poll a context to see if it has any new results. -Do not poll in a loop, instead extract the fd below to poll for readiness, -and then check, or wait using the wait routine. -Returns 0 if nothing to read, or nonzero if a result is available. -If nonzero, call -.B ub_process -to do callbacks. -.TP -.B ub_wait -Wait for a context to finish with results. Calls -.B ub_process -after the wait for you. After the wait, there are no more outstanding -asynchronous queries. -.TP -.B ub_fd -Get file descriptor. Wait for it to become readable, at this point -answers are returned from the asynchronous validating resolver. -Then call the \fBub_process\fR to continue processing. -.TP -.B ub_process -Call this routine to continue processing results from the validating -resolver (when the fd becomes readable). -Will perform necessary callbacks. -.TP -.B ub_resolve -Perform resolution and validation of the target name. -The name is a domain name in a zero terminated text string. -The rrtype and rrclass are DNS type and class codes. -The result structure is newly allocated with the resulting data. -.TP -.B ub_resolve_async -Perform asynchronous resolution and validation of the target name. -Arguments mean the same as for \fBub_resolve\fR except no -data is returned immediately, instead a callback is called later. -The callback receives a copy of the mydata pointer, that you can use to pass -information to the callback. The callback type is a function pointer to -a function declared as -.IP -void my_callback_function(void* my_arg, int err, -.br - struct ub_result* result); -.IP -The async_id is returned so you can (at your option) decide to track it -and cancel the request if needed. If you pass a NULL pointer the async_id -is not returned. -.TP -.B ub_cancel -Cancel an async query in progress. This may return an error if the query -does not exist, or the query is already being delivered, in that case you -may still get a callback for the query. -.TP -.B ub_resolve_free -Free struct ub_result contents after use. -.TP -.B ub_strerror -Convert error value from one of the unbound library functions -to a human readable string. -.TP -.B ub_ctx_print_local_zones -Debug printout the local authority information to debug output. -.TP -.B ub_ctx_zone_add -Add new zone to local authority info, like local\-zone \fIunbound.conf\fR(5) -statement. -.TP -.B ub_ctx_zone_remove -Delete zone from local authority info. -.TP -.B ub_ctx_data_add -Add resource record data to local authority info, like local\-data -\fIunbound.conf\fR(5) statement. -.TP -.B ub_ctx_data_remove -Delete local authority data from the name given. -.SH "RESULT DATA STRUCTURE" -The result of the DNS resolution and validation is returned as -\fIstruct ub_result\fR. The result structure contains the following entries. -.P -.nf - struct ub_result { - char* qname; /* text string, original question */ - int qtype; /* type code asked for */ - int qclass; /* class code asked for */ - char** data; /* array of rdata items, NULL terminated*/ - int* len; /* array with lengths of rdata items */ - char* canonname; /* canonical name of result */ - int rcode; /* additional error code in case of no data */ - void* answer_packet; /* full network format answer packet */ - int answer_len; /* length of packet in octets */ - int havedata; /* true if there is data */ - int nxdomain; /* true if nodata because name does not exist */ - int secure; /* true if result is secure */ - int bogus; /* true if a security failure happened */ - char* why_bogus; /* string with error if bogus */ - int ttl; /* number of seconds the result is valid */ - }; -.fi -.P -If both secure and bogus are false, security was not enabled for the -domain of the query. Else, they are not both true, one of them is true. -.SH "RETURN VALUES" -Many routines return an error code. The value 0 (zero) denotes no error -happened. Other values can be passed to -.B ub_strerror -to obtain a readable error string. -.B ub_strerror -returns a zero terminated string. -.B ub_ctx_create -returns NULL on an error (a malloc failure). -.B ub_poll -returns true if some information may be available, false otherwise. -.B ub_fd -returns a file descriptor or \-1 on error. -.SH "SEE ALSO" -\fIunbound.conf\fR(5), -\fIunbound\fR(8). -.SH "AUTHORS" -.B Unbound -developers are mentioned in the CREDITS file in the distribution. diff --git a/external/unbound/doc/requirements.txt b/external/unbound/doc/requirements.txt deleted file mode 100644 index a66962d4a..000000000 --- a/external/unbound/doc/requirements.txt +++ /dev/null @@ -1,294 +0,0 @@ -Requirements for Recursive Caching Resolver - (a.k.a. Treeshrew, Unbound-C) -By W.C.A. Wijngaards, NLnet Labs, October 2006. - -Contents -1. Introduction -2. History -3. Goals -4. Non-Goals - - -1. Introduction ---------------- -This is the requirements document for a DNS name server and aims to -document the goals and non-goals of the project. The DNS (the Domain -Name System) is a global, replicated database that uses a hierarchical -structure for queries. - -Data in the DNS is stored in Resource Record sets (RR sets), and has a -time to live (TTL). During this time the data can be cached. It is -thus useful to cache data to speed up future lookups. A server that -looks up data in the DNS for clients and caches previous answers to -speed up processing is called a caching, recursive nameserver. - -This project aims to develop such a nameserver in modular components, so -that also DNSSEC (secure DNS) validation and stub-resolvers (that do not -run as a server, but a linked into an application) are easily possible. - -The main components are the Validator that validates the security -fingerprints on data sets, the Iterator that sends queries to the -hierarchical DNS servers that own the data and the Cache that stores -data from previous queries. The networking and query management code -then interface with the modules to perform the necessary processing. - -In Section 2 the origins of the Unbound project are documented. Section -3 lists the goals, while Section 4 lists the explicit non-goals of the -project. Section 5 discusses choices made during development. - - -2. History ----------- -The unbound resolver project started by Bill Manning, David Blacka, and -Matt Larson (from the University of California and from Verisign), that -created a Java based prototype resolver called Unbound. The basic -design decisions of clean modules was executed. - -The Java prototype worked very well, with contributions from Geoff -Sisson and Roy Arends from Nominet. Around 2006 the idea came to create -a full-fledged C implementation ready for deployed use. NLnet Labs -volunteered to write this implementation. - - -3. Goals --------- -o A validating recursive DNS resolver. -o Code diversity in the DNS resolver monoculture. -o Drop-in replacement for BIND apart from config. -o DNSSEC support. -o Fully RFC compliant. -o High performance - * even with validation. -o Used as - * stub resolver. - * full caching name server. - * resolver library. -o Elegant design of validator, resolver, cache modules. - * provide the ability to pick and choose modules. -o Robust. -o In C, open source: The BSD license. -o Highly portable, targets include modern Unix systems, such as *BSD, -solaris, linux, and maybe also the windows platform. -o Smallest as possible component that does the job. -o Stub-zones can be configured (local data or AS112 zones). - - -4. Non-Goals ------------- -o An authoritative name server. -o Too many Features. - - -5. Choices ----------- -o rfc2181 decourages duplicates RRs in RRsets. unbound does not create - duplicates, but when presented with duplicates on the wire from the - authoritative servers, does not perform duplicate removal. - It does do some rrsig duplicate removal, in the msgparser, for dnssec qtype - rrsig and any, because of special rrsig processing in the msgparser. -o The harden-glue feature, when yes all out of zone glue is deleted, when - no out of zone glue is used for further resolving, is more complicated - than that, see below. - Main points: - * rfc2182 trust handling is used. - * data is let through only in very specific cases - * spoofability remains possible. - Not all glue is let through (despite the name of the option). Only glue - which is present in a delegation, of type A and AAAA, where the name is - present in the NS record in the authority section is let through. - The glue that is let through is stored in the cache (marked as 'from the - additional section'). And will then be used for sending queries to. It - will not be present in the reply to the client (if RD is off). - A direct query for that name will attempt to get a msg into the message - cache. Since A and AAAA queries are not synthesized by the unbound cache, - this query will be (eventually) sent to the authoritative server and its - answer will be put in the cache, marked as 'from the answer section' and - thus remove the 'from the additional section' data, and this record is - returned to the client. - The message has a TTL smaller or equal to the TTL of the answer RR. - If the cache memory is low; the answer RR may be dropped, and a glue - RR may be inserted, within the message TTL time, and thus return the - spoofed glue to a client. When the message expires, it is refetched and - the cached RR is updated with the correct content. - The server can be spoofed by getting it to visit a especially prepared - domain. This domain then inserts an address for another authoritative - server into the cache, when visiting that other domain, this address may - then be used to send queries to. And fake answers may be returned. - If the other domain is signed by DNSSEC, the fakes will be detected. - - In summary, the harden glue feature presents a security risk if - disabled. Disabling the feature leads to possible better performance - as more glue is present for the recursive service to use. The feature - is implemented so as to minimise the security risk, while trying to - keep this performance gain. -o The method by which dnssec-lameness is detected is not secure. DNSSEC lame - is when a server has the zone in question, but lacks dnssec data, such as - signatures. The method to detect dnssec lameness looks at nonvalidated - data from the parent of a zone. This can be used, by spoofing the parent, - to create a false sense of dnssec-lameness in the child, or a false sense - or dnssec-non-lameness in the child. The first results in the server marked - lame, and not used for 900 seconds, and the second will result in a - validator failure (SERVFAIL again), when the query is validated later on. - - Concluding, a spoof of the parent delegation can be used for many cases - of denial of service. I.e. a completely different NS set could be returned, - or the information withheld. All of these alterations can be caught by - the validator if the parent is signed, and result in 900 seconds bogus. - The dnssec-lameness detection is used to detect operator failures, - before the validator will properly verify the messages. - - Also for zones for which no chain of trust exists, but a DS is given by the - parent, dnssec-lameness detection enables. This delivers dnssec to our - clients when possible (for client validators). - - The following issue needs to be resolved: - a server that serves both a parent and child zone, where - parent is signed, but child is not. The server must not be marked - lame for the parent zone, because the child answer is not signed. - Instead of a false positive, we want false negatives; failure to - detect dnssec-lameness is less of a problem than marking honest - servers lame. dnssec-lameness is a config error and deserves the trouble. - So, only messages that identify the zone are used to mark the zone - lame. The zone is identified by SOA or NS RRsets in the answer/auth. - That includes almost all negative responses and also A, AAAA qtypes. - That would be most responses from servers. - For referrals, delegations that add a single label can be checked to be - from their zone, this covers most delegation-centric zones. - - So possibly, for complicated setups, with multiple (parent-child) zones - on a server, dnssec-lameness detection does not work - no dnssec-lameness - is detected. Instead the zone that is dnssec-lame becomes bogus. - -o authority features. - This is a recursive server, and authority features are out of scope. - However, some authority features are expected in a recursor. Things like - localhost, reverse lookup for 127.0.0.1, or blocking AS112 traffic. - Also redirection of domain names with fixed data is needed by service - providers. Limited support is added specifically to address this. - - Adding full authority support, requires much more code, and more complex - maintenance. - - The limited support allows adding some static data (for localhost and so), - and to respond with a fixed rcode (NXDOMAIN) for domains (such as AS112). - - You can put authority data on a separate server, and set the server in - unbound.conf as stub for those zones, this allows clients to access data - from the server without making unbound authoritative for the zones. - -o the access control denies queries before any other processing. - This denies queries that are not authoritative, or version.bind, or any. - And thus prevents cache-snooping (denied hosts cannot make non-recursive - queries and get answers from the cache). - -o If a client makes a query without RD bit, in the case of a returned - message from cache which is: - answer section: empty - auth section: NS record present, no SOA record, no DS record, - maybe NSEC or NSEC3 records present. - additional: A records or other relevant records. - A SOA record would indicate that this was a NODATA answer. - A DS records would indicate a referral. - Absence of NS record would indicate a NODATA answer as well. - - Then the receiver does not know whether this was a referral - with attempt at no-DS proof) or a nodata answer with attempt - at no-data proof. It could be determined by attempting to prove - either condition; and looking if only one is valid, but both - proofs could be valid, or neither could be valid, which creates - doubt. This case is validated by unbound as a 'referral' which - ascertains that RRSIGs are OK (and not omitted), but does not - check NSEC/NSEC3. - -o Case preservation - Unbound preserves the casing received from authority servers as best - as possible. It compresses without case, so case can get lost there. - The casing from the query name is used in preference to the casing - of the authority server. This is the same as BIND. RFC4343 allows either - behaviour. - -o Denial of service protection - If many queries are made, and they are made to names for which the - authority servers do not respond, then the requestlist for unbound - fills up fast. This results in denial of service for new queries. - To combat this the first 50% of the requestlist can run to completion. - The last 50% of the requestlist get (200 msec) at least and are replaced - by newer queries when older (LIFO). - When a new query comes in, and a place in the first 50% is available, this - is preferred. Otherwise, it can replace older queries out of the last 50%. - Thus, even long queries get a 50% chance to be resolved. And many 'short' - one or two round-trip resolves can be done in the last 50% of the list. - The timeout can be configured. - -o EDNS fallback. Is done according to the EDNS RFC (and update draft-00). - Unbound assumes EDNS 0 support for the first query. Then it can detect - support (if the servers replies) or non-support (on a NOTIMPL or FORMERR). - Some middleboxes drop EDNS 0 queries, mainly when forwarding, not when - routing packets. To detect this, when timeouts keep happening, as the - timeout approached 5-10 seconds, and EDNS status has not been detected yet, - a single probe query is sent. This probe has a sub-second timeout, and - if the server responds (quickly) without EDNS, this is cached for 15 min. - This works very well when detecting an address that you use much - like - a forwarder address - which is where the middleboxes need to be detected. - Otherwise, it results in a 5 second wait time before EDNS timeout is - detected, which is slow but it works at least. - It minimizes the chances of a dropped query making a (DNSSEC) EDNS server - falsely EDNS-nonsupporting, and thus DNSSEC-bogus, works well with - middleboxes, and can detect the occasional authority that drops EDNS. - For some boxes it is necessary to probe for every failing query, a - reassurance that the DNS server does EDNS does not mean that path can - take large DNS answers. - -o 0x20 backoff. - The draft describes to back off to the next server, and go through all - servers several times. Unbound goes on get the full list of nameserver - addresses, and then makes 3 * number of addresses queries. - They are sent to a random server, but no one address more than 4 times. - It succeeds if one has 0x20 intact, or else all are equal. - Otherwise, servfail is returned to the client. - -o NXDOMAIN and SOA serial numbers. - Unbound keeps TTL values for message formats, and thus rcodes, such - as NXDOMAIN. Also it keeps the latest rrsets in the rrset cache. - So it will faithfully negative cache for the exact TTL as originally - specified for an NXDOMAIN message, but send a newer SOA record if - this has been found in the mean time. In point, this could lead to a - negative cached NXDOMAIN reply with a SOA RR where the serial number - indicates a zone version where this domain is not any longer NXDOMAIN. - These situations become consistent once the original TTL expires. - If the domain is DNSSEC signed, by the way, then NSEC records are - updated more carefully. If one of the NSEC records in an NXDOMAIN is - updated from another query, the NXDOMAIN is dropped from the cache, - and queried for again, so that its proof can be checked again. - -o SOA records in negative cached answers for DS queries. - The current unbound code uses a negative cache for queries for type DS. - This speeds up building chains of trust, and uses NSEC and NSEC3 - (optout) information to speed up lookups. When used internally, - the bare NSEC(3) information is sufficient, probably picked up from - a referral. When answering to clients, a SOA record is needed for - the correct message format, a SOA record is picked from the cache - (and may not actually match the serial number of the SOA for which the - NSEC and NSEC3 records were obtained) if available otherwise network - queries are performed to get the data. - -o Parent and child with different nameserver information. - A misconfiguration that sometimes happens is where the parent and child - have different NS, glue information. The child is authoritative, and - unbound will not trust information from the parent nameservers as the - final answer. To help lookups, unbound will however use the parent-side - version of the glue as a last resort lookup. This resolves lookups for - those misconfigured domains where the servers reported by the parent - are the only ones working, and servers reported by the child do not. - -o Failure of validation and probing. - Retries on a validation failure are now 5x to a different nameserver IP - (if possible), and then it gives up, for one name, type, class entry in - the message cache. If a DNSKEY or DS fails in the chain of trust in the - key cache additionally, after the probing, a bad key entry is created that - makes the entire zone bogus for 900 seconds. This is a fixed value at - this time and is conservative in sending probes. It makes the compound - effect of many resolvers less and easier to handle, but penalizes - individual resolvers by having less probes and a longer time before fixes - are picked up. - diff --git a/external/unbound/doc/unbound-anchor.8.in b/external/unbound/doc/unbound-anchor.8.in deleted file mode 100644 index f96a9e6c2..000000000 --- a/external/unbound/doc/unbound-anchor.8.in +++ /dev/null @@ -1,177 +0,0 @@ -.TH "unbound-anchor" "8" "Jun 13, 2017" "NLnet Labs" "unbound 1.6.3" -.\" -.\" unbound-anchor.8 -- unbound anchor maintenance utility manual -.\" -.\" Copyright (c) 2008, NLnet Labs. All rights reserved. -.\" -.\" See LICENSE for the license. -.\" -.\" -.SH "NAME" -.B unbound\-anchor -\- Unbound anchor utility. -.SH "SYNOPSIS" -.B unbound\-anchor -.RB [ opts ] -.SH "DESCRIPTION" -.B Unbound\-anchor -performs setup or update of the root trust anchor for DNSSEC validation. -The program fetches the trust anchor with the method from RFC7958 when -regular RFC5011 update fails to bring it up to date. -It can be run (as root) from the commandline, or run as part of startup -scripts. Before you start the \fIunbound\fR(8) DNS server. -.P -Suggested usage: -.P -.nf - # in the init scripts. - # provide or update the root anchor (if necessary) - unbound-anchor \-a "@UNBOUND_ROOTKEY_FILE@" - # Please note usage of this root anchor is at your own risk - # and under the terms of our LICENSE (see source). - # - # start validating resolver - # the unbound.conf contains: - # auto-trust-anchor-file: "@UNBOUND_ROOTKEY_FILE@" - unbound \-c unbound.conf -.fi -.P -This tool provides builtin default contents for the root anchor and root -update certificate files. -.P -It tests if the root anchor file works, and if not, and an update is possible, -attempts to update the root anchor using the root update certificate. -It performs a https fetch of root-anchors.xml and checks the results (RFC7958), -if all checks are successful, it updates the root anchor file. Otherwise -the root anchor file is unchanged. It performs RFC5011 tracking if the -DNSSEC information available via the DNS makes that possible. -.P -It does not perform an update if the certificate is expired, if the network -is down or other errors occur. -.P -The available options are: -.TP -.B \-a \fIfile -The root anchor key file, that is read in and written out. -Default is @UNBOUND_ROOTKEY_FILE@. -If the file does not exist, or is empty, a builtin root key is written to it. -.TP -.B \-c \fIfile -The root update certificate file, that is read in. -Default is @UNBOUND_ROOTCERT_FILE@. -If the file does not exist, or is empty, a builtin certificate is used. -.TP -.B \-l -List the builtin root key and builtin root update certificate on stdout. -.TP -.B \-u \fIname -The server name, it connects to https://name. Specify without https:// prefix. -The default is "data.iana.org". It connects to the port specified with \-P. -You can pass an IPv4 address or IPv6 address (no brackets) if you want. -.TP -.B \-x \fIpath -The pathname to the root\-anchors.xml file on the server. (forms URL with \-u). -The default is /root\-anchors/root\-anchors.xml. -.TP -.B \-s \fIpath -The pathname to the root\-anchors.p7s file on the server. (forms URL with \-u). -The default is /root\-anchors/root\-anchors.p7s. This file has to be a PKCS7 -signature over the xml file, using the pem file (\-c) as trust anchor. -.TP -.B \-n \fIname -The emailAddress for the Subject of the signer's certificate from the p7s -signature file. Only signatures from this name are allowed. default is -dnssec@iana.org. If you pass "" then the emailAddress is not checked. -.TP -.B \-4 -Use IPv4 for domain resolution and contacting the server on https. Default is -to use IPv4 and IPv6 where appropriate. -.TP -.B \-6 -Use IPv6 for domain resolution and contacting the server on https. Default is -to use IPv4 and IPv6 where appropriate. -.TP -.B \-f \fIresolv.conf -Use the given resolv.conf file. Not enabled by default, but you could try to -pass /etc/resolv.conf on some systems. It contains the IP addresses of the -recursive nameservers to use. However, since this tool could be used to -bootstrap that very recursive nameserver, it would not be useful (since -that server is not up yet, since we are bootstrapping it). It could be -useful in a situation where you know an upstream cache is deployed (and -running) and in captive portal situations. -.TP -.B \-r \fIroot.hints -Use the given root.hints file (same syntax as the BIND and Unbound root hints -file) to bootstrap domain resolution. By default a list of builtin root -hints is used. Unbound\-anchor goes to the network itself for these roots, -to resolve the server (\-u option) and to check the root DNSKEY records. -It does so, because the tool when used for bootstrapping the recursive -resolver, cannot use that recursive resolver itself because it is bootstrapping -that server. -.TP -.B \-v -More verbose. Once prints informational messages, multiple times may enable -large debug amounts (such as full certificates or byte\-dumps of downloaded -files). By default it prints almost nothing. It also prints nothing on -errors by default; in that case the original root anchor file is simply -left undisturbed, so that a recursive server can start right after it. -.TP -.B \-C \fIunbound.conf -Debug option to read unbound.conf into the resolver process used. -.TP -.B \-P \fIport -Set the port number to use for the https connection. The default is 443. -.TP -.B \-F -Debug option to force update of the root anchor through downloading the xml -file and verifying it with the certificate. By default it first tries to -update by contacting the DNS, which uses much less bandwidth, is much -faster (200 msec not 2 sec), and is nicer to the deployed infrastructure. -With this option, it still attempts to do so (and may verbosely tell you), -but then ignores the result and goes on to use the xml fallback method. -.TP -.B \-h -Show the version and commandline option help. -.SH "EXIT CODE" -This tool exits with value 1 if the root anchor was updated using the -certificate or if the builtin root-anchor was used. It exits with code -0 if no update was necessary, if the update was possible with RFC5011 -tracking, or if an error occurred. -.P -You can check the exit value in this manner: -.nf - unbound-anchor \-a "root.key" || logger "Please check root.key" -.fi -Or something more suitable for your operational environment. -.SH "TRUST" -The root keys and update certificate included in this tool -are provided for convenience and under the terms of our -license (see the LICENSE file in the source distribution or -http://unbound.nlnetlabs.nl/svn/trunk/LICENSE) and might be stale or -not suitable to your purpose. -.P -By running "unbound\-anchor \-l" the keys and certificate that are -configured in the code are printed for your convenience. -.P -The build\-in configuration can be overridden by providing a root\-cert -file and a rootkey file. -.SH "FILES" -.TP -.I @UNBOUND_ROOTKEY_FILE@ -The root anchor file, updated with 5011 tracking, and read and written to. -The file is created if it does not exist. -.TP -.I @UNBOUND_ROOTCERT_FILE@ -The trusted self\-signed certificate that is used to verify the downloaded -DNSSEC root trust anchor. You can update it by fetching it from -https://data.iana.org/root\-anchors/icannbundle.pem (and validate it). -If the file does not exist or is empty, a builtin version is used. -.TP -.I https://data.iana.org/root\-anchors/root\-anchors.xml -Source for the root key information. -.TP -.I https://data.iana.org/root\-anchors/root\-anchors.p7s -Signature on the root key information. -.SH "SEE ALSO" -\fIunbound.conf\fR(5), -\fIunbound\fR(8). diff --git a/external/unbound/doc/unbound-checkconf.8.in b/external/unbound/doc/unbound-checkconf.8.in deleted file mode 100644 index 523784b5c..000000000 --- a/external/unbound/doc/unbound-checkconf.8.in +++ /dev/null @@ -1,52 +0,0 @@ -.TH "unbound-checkconf" "8" "Jun 13, 2017" "NLnet Labs" "unbound 1.6.3" -.\" -.\" unbound-checkconf.8 -- unbound configuration checker manual -.\" -.\" Copyright (c) 2007, NLnet Labs. All rights reserved. -.\" -.\" See LICENSE for the license. -.\" -.\" -.SH "NAME" -unbound\-checkconf -\- Check unbound configuration file for errors. -.SH "SYNOPSIS" -.B unbound\-checkconf -.RB [ \-h ] -.RB [ \-f ] -.RB [ \-o -.IR option ] -.RI [ cfgfile ] -.SH "DESCRIPTION" -.B Unbound\-checkconf -checks the configuration file for the -\fIunbound\fR(8) -DNS resolver for syntax and other errors. -The config file syntax is described in -\fIunbound.conf\fR(5). -.P -The available options are: -.TP -.B \-h -Show the version and commandline option help. -.TP -.B \-f -Print full pathname, with chroot applied to it. Use with the \-o option. -.TP -.B \-o\fI option -If given, after checking the config file the value of this option is -printed to stdout. For "" (disabled) options an empty line is printed. -.TP -.I cfgfile -The config file to read with settings for unbound. It is checked. -If omitted, the config file at the default location is checked. -.SH "EXIT CODE" -The unbound\-checkconf program exits with status code 1 on error, -0 for a correct config file. -.SH "FILES" -.TP -.I @ub_conf_file@ -unbound configuration file. -.SH "SEE ALSO" -\fIunbound.conf\fR(5), -\fIunbound\fR(8). diff --git a/external/unbound/doc/unbound-control.8.in b/external/unbound/doc/unbound-control.8.in deleted file mode 100644 index 47d2a4861..000000000 --- a/external/unbound/doc/unbound-control.8.in +++ /dev/null @@ -1,555 +0,0 @@ -.TH "unbound-control" "8" "Jun 13, 2017" "NLnet Labs" "unbound 1.6.3" -.\" -.\" unbound-control.8 -- unbound remote control manual -.\" -.\" Copyright (c) 2008, NLnet Labs. All rights reserved. -.\" -.\" See LICENSE for the license. -.\" -.\" -.SH "NAME" -.B unbound\-control, -.B unbound\-control\-setup -\- Unbound remote server control utility. -.SH "SYNOPSIS" -.B unbound\-control -.RB [ \-hq ] -.RB [ \-c -.IR cfgfile ] -.RB [ \-s -.IR server ] -.IR command -.SH "DESCRIPTION" -.B Unbound\-control -performs remote administration on the \fIunbound\fR(8) DNS server. -It reads the configuration file, contacts the unbound server over SSL -sends the command and displays the result. -.P -The available options are: -.TP -.B \-h -Show the version and commandline option help. -.TP -.B \-c \fIcfgfile -The config file to read with settings. If not given the default -config file @ub_conf_file@ is used. -.TP -.B \-s \fIserver[@port] -IPv4 or IPv6 address of the server to contact. If not given, the -address is read from the config file. -.TP -.B \-q -quiet, if the option is given it does not print anything if it works ok. -.SH "COMMANDS" -There are several commands that the server understands. -.TP -.B start -Start the server. Simply execs \fIunbound\fR(8). The unbound executable -is searched for in the \fBPATH\fR set in the environment. It is started -with the config file specified using \fI\-c\fR or the default config file. -.TP -.B stop -Stop the server. The server daemon exits. -.TP -.B reload -Reload the server. This flushes the cache and reads the config file fresh. -.TP -.B verbosity \fInumber -Change verbosity value for logging. Same values as \fBverbosity\fR keyword in -\fIunbound.conf\fR(5). This new setting lasts until the server is issued -a reload (taken from config file again), or the next verbosity control command. -.TP -.B log_reopen -Reopen the logfile, close and open it. Useful for logrotation to make the -daemon release the file it is logging to. If you are using syslog it will -attempt to close and open the syslog (which may not work if chrooted). -.TP -.B stats -Print statistics. Resets the internal counters to zero, this can be -controlled using the \fBstatistics\-cumulative\fR config statement. -Statistics are printed with one [name]: [value] per line. -.TP -.B stats_noreset -Peek at statistics. Prints them like the \fBstats\fR command does, but does not -reset the internal counters to zero. -.TP -.B status -Display server status. Exit code 3 if not running (the connection to the -port is refused), 1 on error, 0 if running. -.TP -.B local_zone \fIname\fR \fItype -Add new local zone with name and type. Like \fBlocal\-zone\fR config statement. -If the zone already exists, the type is changed to the given argument. -.TP -.B local_zone_remove \fIname -Remove the local zone with the given name. Removes all local data inside -it. If the zone does not exist, the command succeeds. -.TP -.B local_data \fIRR data... -Add new local data, the given resource record. Like \fBlocal\-data\fR -config statement, except for when no covering zone exists. In that case -this remote control command creates a transparent zone with the same -name as this record. This command is not good at returning detailed syntax -errors. -.TP -.B local_data_remove \fIname -Remove all RR data from local name. If the name already has no items, -nothing happens. Often results in NXDOMAIN for the name (in a static zone), -but if the name has become an empty nonterminal (there is still data in -domain names below the removed name), NOERROR nodata answers are the -result for that name. -.TP -.B local_zones -Add local zones read from stdin of unbound\-control. Input is read per line, -with name space type on a line. For bulk additions. -.TP -.B local_zones_remove -Remove local zones read from stdin of unbound\-control. Input is one name per -line. For bulk removals. -.TP -.B local_datas -Add local data RRs read from stdin of unbound\-control. Input is one RR per -line. For bulk additions. -.TP -.B local_datas_remove -Remove local data RRs read from stdin of unbound\-control. Input is one name per -line. For bulk removals. -.TP -.B dump_cache -The contents of the cache is printed in a text format to stdout. You can -redirect it to a file to store the cache in a file. -.TP -.B load_cache -The contents of the cache is loaded from stdin. Uses the same format as -dump_cache uses. Loading the cache with old, or wrong data can result -in old or wrong data returned to clients. Loading data into the cache -in this way is supported in order to aid with debugging. -.TP -.B lookup \fIname -Print to stdout the name servers that would be used to look up the -name specified. -.TP -.B flush \fIname -Remove the name from the cache. Removes the types -A, AAAA, NS, SOA, CNAME, DNAME, MX, PTR, SRV and NAPTR. -Because that is fast to do. Other record types can be removed using -.B flush_type -or -.B flush_zone\fR. -.TP -.B flush_type \fIname\fR \fItype -Remove the name, type information from the cache. -.TP -.B flush_zone \fIname -Remove all information at or below the name from the cache. -The rrsets and key entries are removed so that new lookups will be performed. -This needs to walk and inspect the entire cache, and is a slow operation. -.TP -.B flush_bogus -Remove all bogus data from the cache. -.TP -.B flush_negative -Remove all negative data from the cache. This is nxdomain answers, -nodata answers and servfail answers. Also removes bad key entries -(which could be due to failed lookups) from the dnssec key cache, and -iterator last-resort lookup failures from the rrset cache. -.TP -.B flush_stats -Reset statistics to zero. -.TP -.B flush_requestlist -Drop the queries that are worked on. Stops working on the queries that the -server is working on now. The cache is unaffected. No reply is sent for -those queries, probably making those users request again later. -Useful to make the server restart working on queries with new settings, -such as a higher verbosity level. -.TP -.B dump_requestlist -Show what is worked on. Prints all queries that the server is currently -working on. Prints the time that users have been waiting. For internal -requests, no time is printed. And then prints out the module status. -This prints the queries from the first thread, and not queries that are -being serviced from other threads. -.TP -.B flush_infra \fIall|IP -If all then entire infra cache is emptied. If a specific IP address, the -entry for that address is removed from the cache. It contains EDNS, ping -and lameness data. -.TP -.B dump_infra -Show the contents of the infra cache. -.TP -.B set_option \fIopt: val -Set the option to the given value without a reload. The cache is -therefore not flushed. The option must end with a ':' and whitespace -must be between the option and the value. Some values may not have an -effect if set this way, the new values are not written to the config file, -not all options are supported. This is different from the set_option call -in libunbound, where all values work because unbound has not been initialized. -.IP -The values that work are: statistics\-interval, statistics\-cumulative, -do\-not\-query\-localhost, harden\-short\-bufsize, harden\-large\-queries, -harden\-glue, harden\-dnssec\-stripped, harden\-below\-nxdomain, -harden\-referral\-path, prefetch, prefetch\-key, log\-queries, -hide\-identity, hide\-version, identity, version, val\-log\-level, -val\-log\-squelch, ignore\-cd\-flag, add\-holddown, del\-holddown, -keep\-missing, tcp\-upstream, ssl\-upstream, max\-udp\-size, ratelimit, -ip\-ratelimit, cache\-max\-ttl, cache\-min\-ttl, cache\-max\-negative\-ttl. -.TP -.B get_option \fIopt -Get the value of the option. Give the option name without a trailing ':'. -The value is printed. If the value is "", nothing is printed -and the connection closes. On error 'error ...' is printed (it gives -a syntax error on unknown option). For some options a list of values, -one on each line, is printed. The options are shown from the config file -as modified with set_option. For some options an override may have been -taken that does not show up with this command, not results from e.g. the -verbosity and forward control commands. Not all options work, see list_stubs, -list_forwards, list_local_zones and list_local_data for those. -.TP -.B list_stubs -List the stub zones in use. These are printed one by one to the output. -This includes the root hints in use. -.TP -.B list_forwards -List the forward zones in use. These are printed zone by zone to the output. -.TP -.B list_insecure -List the zones with domain\-insecure. -.TP -.B list_local_zones -List the local zones in use. These are printed one per line with zone type. -.TP -.B list_local_data -List the local data RRs in use. The resource records are printed. -.TP -.B insecure_add \fIzone -Add a \fBdomain\-insecure\fR for the given zone, like the statement in unbound.conf. -Adds to the running unbound without affecting the cache contents (which may -still be bogus, use \fBflush_zone\fR to remove it), does not affect the config file. -.TP -.B insecure_remove \fIzone -Removes domain\-insecure for the given zone. -.TP -.B forward_add \fR[\fI+i\fR] \fIzone addr ... -Add a new forward zone to running unbound. With +i option also adds a -\fIdomain\-insecure\fR for the zone (so it can resolve insecurely if you have -a DNSSEC root trust anchor configured for other names). -The addr can be IP4, IP6 or nameserver names, like \fIforward-zone\fR config -in unbound.conf. -.TP -.B forward_remove \fR[\fI+i\fR] \fIzone -Remove a forward zone from running unbound. The +i also removes a -\fIdomain\-insecure\fR for the zone. -.TP -.B stub_add \fR[\fI+ip\fR] \fIzone addr ... -Add a new stub zone to running unbound. With +i option also adds a -\fIdomain\-insecure\fR for the zone. With +p the stub zone is set to prime, -without it it is set to notprime. The addr can be IP4, IP6 or nameserver -names, like the \fIstub-zone\fR config in unbound.conf. -.TP -.B stub_remove \fR[\fI+i\fR] \fIzone -Remove a stub zone from running unbound. The +i also removes a -\fIdomain\-insecure\fR for the zone. -.TP -.B forward \fR[\fIoff\fR | \fIaddr ...\fR ] -Setup forwarding mode. Configures if the server should ask other upstream -nameservers, should go to the internet root nameservers itself, or show -the current config. You could pass the nameservers after a DHCP update. -.IP -Without arguments the current list of addresses used to forward all queries -to is printed. On startup this is from the forward\-zone "." configuration. -Afterwards it shows the status. It prints off when no forwarding is used. -.IP -If \fIoff\fR is passed, forwarding is disabled and the root nameservers -are used. This can be used to avoid to avoid buggy or non\-DNSSEC supporting -nameservers returned from DHCP. But may not work in hotels or hotspots. -.IP -If one or more IPv4 or IPv6 addresses are given, those are then used to forward -queries to. The addresses must be separated with spaces. With '@port' the -port number can be set explicitly (default port is 53 (DNS)). -.IP -By default the forwarder information from the config file for the root "." is -used. The config file is not changed, so after a reload these changes are -gone. Other forward zones from the config file are not affected by this command. -.TP -.B ratelimit_list \fR[\fI+a\fR] -List the domains that are ratelimited. Printed one per line with current -estimated qps and qps limit from config. With +a it prints all domains, not -just the ratelimited domains, with their estimated qps. The ratelimited -domains return an error for uncached (new) queries, but cached queries work -as normal. -.TP -.B ip_ratelimit_list \fR[\fI+a\fR] -List the ip addresses that are ratelimited. Printed one per line with current -estimated qps and qps limit from config. With +a it prints all ips, not -just the ratelimited ips, with their estimated qps. The ratelimited -ips are dropped before checking the cache. -.TP -.B view_list_local_zones \fIview\fR -\fIlist_local_zones\fR for given view. -.TP -.B view_local_zone \fIview\fR \fIname\fR \fItype -\fIlocal_zone\fR for given view. -.TP -.B view_local_zone_remove \fIview\fR \fIname -\fIlocal_zone_remove\fR for given view. -.TP -.B view_list_local_data \fIview\fR -\fIlist_local_data\fR for given view. -.TP -.B view_local_data \fIview\fR \fIRR data... -\fIlocal_data\fR for given view. -.TP -.B view_local_data_remove \fIview\fR \fIname -\fIlocal_data_remove\fR for given view. -.SH "EXIT CODE" -The unbound\-control program exits with status code 1 on error, 0 on success. -.SH "SET UP" -The setup requires a self\-signed certificate and private keys for both -the server and client. The script \fIunbound\-control\-setup\fR generates -these in the default run directory, or with \-d in another directory. -If you change the access control permissions on the key files you can decide -who can use unbound\-control, by default owner and group but not all users. -Run the script under the same username as you have configured in unbound.conf -or as root, so that the daemon is permitted to read the files, for example with: -.nf - sudo \-u unbound unbound\-control\-setup -.fi -If you have not configured -a username in unbound.conf, the keys need read permission for the user -credentials under which the daemon is started. -The script preserves private keys present in the directory. -After running the script as root, turn on \fBcontrol\-enable\fR in -\fIunbound.conf\fR. -.SH "STATISTIC COUNTERS" -The \fIstats\fR command shows a number of statistic counters. -.TP -.I threadX.num.queries -number of queries received by thread -.TP -.I threadX.num.queries_ip_ratelimited -number of queries rate limited by thread -.TP -.I threadX.num.cachehits -number of queries that were successfully answered using a cache lookup -.TP -.I threadX.num.cachemiss -number of queries that needed recursive processing -.TP -.I threadX.num.prefetch -number of cache prefetches performed. This number is included in -cachehits, as the original query had the unprefetched answer from cache, -and resulted in recursive processing, taking a slot in the requestlist. -Not part of the recursivereplies (or the histogram thereof) or cachemiss, -as a cache response was sent. -.TP -.I threadX.num.zero_ttl -number of replies with ttl zero, because they served an expired cache entry. -.TP -.I threadX.num.recursivereplies -The number of replies sent to queries that needed recursive processing. Could be smaller than threadX.num.cachemiss if due to timeouts no replies were sent for some queries. -.TP -.I threadX.requestlist.avg -The average number of requests in the internal recursive processing request list on insert of a new incoming recursive processing query. -.TP -.I threadX.requestlist.max -Maximum size attained by the internal recursive processing request list. -.TP -.I threadX.requestlist.overwritten -Number of requests in the request list that were overwritten by newer entries. This happens if there is a flood of queries that recursive processing and the server has a hard time. -.TP -.I threadX.requestlist.exceeded -Queries that were dropped because the request list was full. This happens if a flood of queries need recursive processing, and the server can not keep up. -.TP -.I threadX.requestlist.current.all -Current size of the request list, includes internally generated queries (such -as priming queries and glue lookups). -.TP -.I threadX.requestlist.current.user -Current size of the request list, only the requests from client queries. -.TP -.I threadX.recursion.time.avg -Average time it took to answer queries that needed recursive processing. Note that queries that were answered from the cache are not in this average. -.TP -.I threadX.recursion.time.median -The median of the time it took to answer queries that needed recursive -processing. The median means that 50% of the user queries were answered in -less than this time. Because of big outliers (usually queries to non -responsive servers), the average can be bigger than the median. This median -has been calculated by interpolation from a histogram. -.TP -.I threadX.tcpusage -The currently held tcp buffers for incoming connections. A spot value on -the time of the request. This helps you spot if the incoming\-num\-tcp -buffers are full. -.TP -.I total.num.queries -summed over threads. -.TP -.I total.num.cachehits -summed over threads. -.TP -.I total.num.cachemiss -summed over threads. -.TP -.I total.num.prefetch -summed over threads. -.TP -.I total.num.zero_ttl -summed over threads. -.TP -.I total.num.recursivereplies -summed over threads. -.TP -.I total.requestlist.avg -averaged over threads. -.TP -.I total.requestlist.max -the maximum of the thread requestlist.max values. -.TP -.I total.requestlist.overwritten -summed over threads. -.TP -.I total.requestlist.exceeded -summed over threads. -.TP -.I total.requestlist.current.all -summed over threads. -.TP -.I total.recursion.time.median -averaged over threads. -.TP -.I total.tcpusage -summed over threads. -.TP -.I time.now -current time in seconds since 1970. -.TP -.I time.up -uptime since server boot in seconds. -.TP -.I time.elapsed -time since last statistics printout, in seconds. -.SH EXTENDED STATISTICS -.TP -.I mem.cache.rrset -Memory in bytes in use by the RRset cache. -.TP -.I mem.cache.message -Memory in bytes in use by the message cache. -.TP -.I mem.mod.iterator -Memory in bytes in use by the iterator module. -.TP -.I mem.mod.validator -Memory in bytes in use by the validator module. Includes the key cache and -negative cache. -.TP -.I histogram...to.. -Shows a histogram, summed over all threads. Every element counts the -recursive queries whose reply time fit between the lower and upper bound. -Times larger or equal to the lowerbound, and smaller than the upper bound. -There are 40 buckets, with bucket sizes doubling. -.TP -.I num.query.type.A -The total number of queries over all threads with query type A. -Printed for the other query types as well, but only for the types for which -queries were received, thus =0 entries are omitted for brevity. -.TP -.I num.query.type.other -Number of queries with query types 256\-65535. -.TP -.I num.query.class.IN -The total number of queries over all threads with query class IN (internet). -Also printed for other classes (such as CH (CHAOS) sometimes used for -debugging), or NONE, ANY, used by dynamic update. -num.query.class.other is printed for classes 256\-65535. -.TP -.I num.query.opcode.QUERY -The total number of queries over all threads with query opcode QUERY. -Also printed for other opcodes, UPDATE, ... -.TP -.I num.query.tcp -Number of queries that were made using TCP towards the unbound server. -.TP -.I num.query.tcpout -Number of queries that the unbound server made using TCP outgoing towards -other servers. -.TP -.I num.query.ipv6 -Number of queries that were made using IPv6 towards the unbound server. -.TP -.I num.query.flags.RD -The number of queries that had the RD flag set in the header. -Also printed for flags QR, AA, TC, RA, Z, AD, CD. -Note that queries with flags QR, AA or TC may have been rejected -because of that. -.TP -.I num.query.edns.present -number of queries that had an EDNS OPT record present. -.TP -.I num.query.edns.DO -number of queries that had an EDNS OPT record with the DO (DNSSEC OK) bit set. -These queries are also included in the num.query.edns.present number. -.TP -.I num.answer.rcode.NXDOMAIN -The number of answers to queries, from cache or from recursion, that had the -return code NXDOMAIN. Also printed for the other return codes. -.TP -.I num.answer.rcode.nodata -The number of answers to queries that had the pseudo return code nodata. -This means the actual return code was NOERROR, but additionally, no data was -carried in the answer (making what is called a NOERROR/NODATA answer). -These queries are also included in the num.answer.rcode.NOERROR number. -Common for AAAA lookups when an A record exists, and no AAAA. -.TP -.I num.answer.secure -Number of answers that were secure. The answer validated correctly. -The AD bit might have been set in some of these answers, where the client -signalled (with DO or AD bit in the query) that they were ready to accept -the AD bit in the answer. -.TP -.I num.answer.bogus -Number of answers that were bogus. These answers resulted in SERVFAIL -to the client because the answer failed validation. -.TP -.I num.rrset.bogus -The number of rrsets marked bogus by the validator. Increased for every -RRset inspection that fails. -.TP -.I unwanted.queries -Number of queries that were refused or dropped because they failed the -access control settings. -.TP -.I unwanted.replies -Replies that were unwanted or unsolicited. Could have been random traffic, -delayed duplicates, very late answers, or could be spoofing attempts. -Some low level of late answers and delayed duplicates are to be expected -with the UDP protocol. Very high values could indicate a threat (spoofing). -.TP -.I msg.cache.count -The number of items (DNS replies) in the message cache. -.TP -.I rrset.cache.count -The number of RRsets in the rrset cache. This includes rrsets used by -the messages in the message cache, but also delegation information. -.TP -.I infra.cache.count -The number of items in the infra cache. These are IP addresses with their -timing and protocol support information. -.TP -.I key.cache.count -The number of items in the key cache. These are DNSSEC keys, one item -per delegation point, and their validation status. -.SH "FILES" -.TP -.I @ub_conf_file@ -unbound configuration file. -.TP -.I @UNBOUND_RUN_DIR@ -directory with private keys (unbound_server.key and unbound_control.key) and -self\-signed certificates (unbound_server.pem and unbound_control.pem). -.SH "SEE ALSO" -\fIunbound.conf\fR(5), -\fIunbound\fR(8). diff --git a/external/unbound/doc/unbound-host.1.in b/external/unbound/doc/unbound-host.1.in deleted file mode 100644 index 1d698e16d..000000000 --- a/external/unbound/doc/unbound-host.1.in +++ /dev/null @@ -1,116 +0,0 @@ -.TH "unbound\-host" "1" "Jun 13, 2017" "NLnet Labs" "unbound 1.6.3" -.\" -.\" unbound-host.1 -- unbound DNS lookup utility -.\" -.\" Copyright (c) 2007, NLnet Labs. All rights reserved. -.\" -.\" See LICENSE for the license. -.\" -.\" -.SH "NAME" -.B unbound\-host -\- unbound DNS lookup utility -.SH "SYNOPSIS" -.B unbound\-host -.RB [ \-vdhr46D ] -.RB [ \-c -.IR class ] -.RB [ \-t -.IR type ] -.I hostname -.RB [ \-y -.IR key ] -.RB [ \-f -.IR keyfile ] -.RB [ \-F -.IR namedkeyfile ] -.RB [ \-C -.IR configfile ] -.SH "DESCRIPTION" -.B Unbound\-host -uses the unbound validating resolver to query for the hostname and display -results. With the \fB\-v\fR option it displays validation -status: secure, insecure, bogus (security failure). -.P -By default it reads no configuration file whatsoever. It attempts to reach -the internet root servers. With \fB\-C\fR an unbound config file and with -\fB\-r\fR resolv.conf can be read. -.P -The available options are: -.TP -.I hostname -This name is resolved (looked up in the DNS). -If a IPv4 or IPv6 address is given, a reverse lookup is performed. -.TP -.B \-h -Show the version and commandline option help. -.TP -.B \-v -Enable verbose output and it shows validation results, on every line. -Secure means that the NXDOMAIN (no such domain name), nodata (no such data) -or positive data response validated correctly with one of the keys. -Insecure means that that domain name has no security set up for it. -Bogus (security failure) means that the response failed one or more checks, -it is likely wrong, outdated, tampered with, or broken. -.TP -.B \-d -Enable debug output to stderr. One \-d shows what the resolver and validator -are doing and may tell you what is going on. More times, \-d \-d, gives a -lot of output, with every packet sent and received. -.TP -.B \-c \fIclass -Specify the class to lookup for, the default is IN the internet class. -.TP -.B \-t \fItype -Specify the type of data to lookup. The default looks for IPv4, IPv6 and -mail handler data, or domain name pointers for reverse queries. -.TP -.B \-y \fIkey -Specify a public key to use as trust anchor. This is the base for a chain -of trust that is built up from the trust anchor to the response, in order -to validate the response message. Can be given as a DS or DNSKEY record. -For example \-y "example.com DS 31560 5 1 1CFED84787E6E19CCF9372C1187325972FE546CD". -.TP -.B \-D -Enables DNSSEC validation. Reads the root anchor from the default configured -root anchor at the default location, \fI@UNBOUND_ROOTKEY_FILE@\fR. -.TP -.B \-f \fIkeyfile -Reads keys from a file. Every line has a DS or DNSKEY record, in the format -as for \-y. The zone file format, the same as dig and drill produce. -.TP -.B \-F \fInamedkeyfile -Reads keys from a BIND\-style named.conf file. Only the trusted\-key {}; entries -are read. -.TP -.B \-C \fIconfigfile -Uses the specified unbound.conf to prime -.IR libunbound (3). -.TP -.B \-r -Read /etc/resolv.conf, and use the forward DNS servers from there (those could -have been set by DHCP). More info in -.IR resolv.conf (5). -Breaks validation if those servers do not support DNSSEC. -.TP -.B \-4 -Use solely the IPv4 network for sending packets. -.TP -.B \-6 -Use solely the IPv6 network for sending packets. -.SH "EXAMPLES" -Some examples of use. The keys shown below are fakes, thus a security failure -is encountered. -.P -$ unbound\-host www.example.com -.P -$ unbound\-host \-v \-y "example.com DS 31560 5 1 1CFED84787E6E19CCF9372C1187325972FE546CD" www.example.com -.P -$ unbound\-host \-v \-y "example.com DS 31560 5 1 1CFED84787E6E19CCF9372C1187325972FE546CD" 192.0.2.153 -.SH "EXIT CODE" -The unbound\-host program exits with status code 1 on error, -0 on no error. The data may not be available on exit code 0, exit code 1 -means the lookup encountered a fatal error. -.SH "SEE ALSO" -\fIunbound.conf\fR(5), -\fIunbound\fR(8). diff --git a/external/unbound/doc/unbound.8.in b/external/unbound/doc/unbound.8.in deleted file mode 100644 index cca759b62..000000000 --- a/external/unbound/doc/unbound.8.in +++ /dev/null @@ -1,79 +0,0 @@ -.TH "unbound" "8" "Jun 13, 2017" "NLnet Labs" "unbound 1.6.3" -.\" -.\" unbound.8 -- unbound manual -.\" -.\" Copyright (c) 2007, NLnet Labs. All rights reserved. -.\" -.\" See LICENSE for the license. -.\" -.\" -.SH "NAME" -.B unbound -\- Unbound DNS validating resolver 1.6.3. -.SH "SYNOPSIS" -.B unbound -.RB [ \-h ] -.RB [ \-d ] -.RB [ \-v ] -.RB [ \-c -.IR cfgfile ] -.SH "DESCRIPTION" -.B Unbound -is a caching DNS resolver. -.P -It uses a built in list of authoritative nameservers for the root zone (.), -the so called root hints. -On receiving a DNS query it will ask the root nameservers for -an answer and will in almost all cases receive a delegation to a top level -domain (TLD) authoritative nameserver. -It will then ask that nameserver for an answer. -It will recursively continue until an answer is found or no answer is -available (NXDOMAIN). -For performance and efficiency reasons that answer is cached for a -certain time (the answer's time\-to\-live or TTL). -A second query for the same name will then be answered from the cache. -Unbound can also do DNSSEC validation. -.P -To use a locally running -.B Unbound -for resolving put -.sp -.RS 6n -nameserver 127.0.0.1 -.RE -.sp -into -.IR resolv.conf (5). -.P -If authoritative DNS is needed as well using -.IR nsd (8), -careful setup is required because authoritative nameservers and -resolvers are using the same port number (53). -.P -The available options are: -.TP -.B \-h -Show the version and commandline option help. -.TP -.B \-c\fI cfgfile -Set the config file with settings for unbound to read instead of reading the -file at the default location, @ub_conf_file@. The syntax is -described in \fIunbound.conf\fR(5). -.TP -.B \-d -Debug flag: do not fork into the background, but stay attached to -the console. This flag will also delay writing to the log file until -the thread\-spawn time, so that most config and setup errors appear on -stderr. If given twice or more, logging does not switch to the log file -or to syslog, but the log messages are printed to stderr all the time. -.TP -.B \-v -Increase verbosity. If given multiple times, more information is logged. -This is in addition to the verbosity (if any) from the config file. -.SH "SEE ALSO" -\fIunbound.conf\fR(5), -\fIunbound\-checkconf\fR(8), -\fInsd\fR(8). -.SH "AUTHORS" -.B Unbound -developers are mentioned in the CREDITS file in the distribution. diff --git a/external/unbound/doc/unbound.conf.5.in b/external/unbound/doc/unbound.conf.5.in deleted file mode 100644 index b2c76ac95..000000000 --- a/external/unbound/doc/unbound.conf.5.in +++ /dev/null @@ -1,1578 +0,0 @@ -.TH "unbound.conf" "5" "Jun 13, 2017" "NLnet Labs" "unbound 1.6.3" -.\" -.\" unbound.conf.5 -- unbound.conf manual -.\" -.\" Copyright (c) 2007, NLnet Labs. All rights reserved. -.\" -.\" See LICENSE for the license. -.\" -.\" -.SH "NAME" -.B unbound.conf -\- Unbound configuration file. -.SH "SYNOPSIS" -.B unbound.conf -.SH "DESCRIPTION" -.B unbound.conf -is used to configure -\fIunbound\fR(8). -The file format has attributes and values. Some attributes have attributes inside them. -The notation is: attribute: value. -.P -Comments start with # and last to the end of line. Empty lines are -ignored as is whitespace at the beginning of a line. -.P -The utility -\fIunbound\-checkconf\fR(8) -can be used to check unbound.conf prior to usage. -.SH "EXAMPLE" -An example config file is shown below. Copy this to /etc/unbound/unbound.conf -and start the server with: -.P -.nf - $ unbound \-c /etc/unbound/unbound.conf -.fi -.P -Most settings are the defaults. Stop the server with: -.P -.nf - $ kill `cat /etc/unbound/unbound.pid` -.fi -.P -Below is a minimal config file. The source distribution contains an extensive -example.conf file with all the options. -.P -.nf -# unbound.conf(5) config file for unbound(8). -server: - directory: "/etc/unbound" - username: unbound - # make sure unbound can access entropy from inside the chroot. - # e.g. on linux the use these commands (on BSD, devfs(8) is used): - # mount \-\-bind \-n /dev/random /etc/unbound/dev/random - # and mount \-\-bind \-n /dev/log /etc/unbound/dev/log - chroot: "/etc/unbound" - # logfile: "/etc/unbound/unbound.log" #uncomment to use logfile. - pidfile: "/etc/unbound/unbound.pid" - # verbosity: 1 # uncomment and increase to get more logging. - # listen on all interfaces, answer queries from the local subnet. - interface: 0.0.0.0 - interface: ::0 - access\-control: 10.0.0.0/8 allow - access\-control: 2001:DB8::/64 allow -.fi -.SH "FILE FORMAT" -There must be whitespace between keywords. Attribute keywords end with a colon ':'. An attribute -is followed by its containing attributes, or a value. -.P -Files can be included using the -.B include: -directive. It can appear anywhere, it accepts a single file name as argument. -Processing continues as if the text from the included file was copied into -the config file at that point. If also using chroot, using full path names -for the included files works, relative pathnames for the included names work -if the directory where the daemon is started equals its chroot/working -directory or is specified before the include statement with directory: dir. -Wildcards can be used to include multiple files, see \fIglob\fR(7). -.SS "Server Options" -These options are part of the -.B server: -clause. -.TP -.B verbosity: \fI -The verbosity number, level 0 means no verbosity, only errors. Level 1 -gives operational information. Level 2 gives detailed operational -information. Level 3 gives query level information, output per query. -Level 4 gives algorithm level information. Level 5 logs client -identification for cache misses. Default is level 1. -The verbosity can also be increased from the commandline, see \fIunbound\fR(8). -.TP -.B statistics\-interval: \fI -The number of seconds between printing statistics to the log for every thread. -Disable with value 0 or "". Default is disabled. The histogram statistics -are only printed if replies were sent during the statistics interval, -requestlist statistics are printed for every interval (but can be 0). -This is because the median calculation requires data to be present. -.TP -.B statistics\-cumulative: \fI -If enabled, statistics are cumulative since starting unbound, without clearing -the statistics counters after logging the statistics. Default is no. -.TP -.B extended\-statistics: \fI -If enabled, extended statistics are printed from \fIunbound\-control\fR(8). -Default is off, because keeping track of more statistics takes time. The -counters are listed in \fIunbound\-control\fR(8). -.TP -.B num\-threads: \fI -The number of threads to create to serve clients. Use 1 for no threading. -.TP -.B port: \fI -The port number, default 53, on which the server responds to queries. -.TP -.B interface: \fI -Interface to use to connect to the network. This interface is listened to -for queries from clients, and answers to clients are given from it. -Can be given multiple times to work on several interfaces. If none are -given the default is to listen to localhost. -The interfaces are not changed on a reload (kill \-HUP) but only on restart. -A port number can be specified with @port (without spaces between -interface and port number), if not specified the default port (from -\fBport\fR) is used. -.TP -.B ip\-address: \fI -Same as interface: (for easy of compatibility with nsd.conf). -.TP -.B interface\-automatic: \fI -Detect source interface on UDP queries and copy them to replies. This -feature is experimental, and needs support in your OS for particular socket -options. Default value is no. -.TP -.B outgoing\-interface: \fI -Interface to use to connect to the network. This interface is used to send -queries to authoritative servers and receive their replies. Can be given -multiple times to work on several interfaces. If none are given the -default (all) is used. You can specify the same interfaces in -.B interface: -and -.B outgoing\-interface: -lines, the interfaces are then used for both purposes. Outgoing queries are -sent via a random outgoing interface to counter spoofing. -.IP -If an IPv6 netblock is specified instead of an individual IPv6 address, -outgoing UDP queries will use a randomised source address taken from the -netblock to counter spoofing. Requires the IPv6 netblock to be routed to the -host running unbound, and requires OS support for unprivileged non-local binds -(currently only supported on Linux). Several netblocks may be specified with -multiple -.B outgoing\-interface: -options, but do not specify both an individual IPv6 address and an IPv6 -netblock, or the randomisation will be compromised. Consider combining with -.B prefer\-ip6: yes -to increase the likelihood of IPv6 nameservers being selected for queries. -On Linux you need these two commands to be able to use the freebind socket -option to receive traffic for the ip6 netblock: -ip \-6 addr add mynetblock/64 dev lo && -ip \-6 route add local mynetblock/64 dev lo -.TP -.B outgoing\-range: \fI -Number of ports to open. This number of file descriptors can be opened per -thread. Must be at least 1. Default depends on compile options. Larger -numbers need extra resources from the operating system. For performance a -very large value is best, use libevent to make this possible. -.TP -.B outgoing\-port\-permit: \fI -Permit unbound to open this port or range of ports for use to send queries. -A larger number of permitted outgoing ports increases resilience against -spoofing attempts. Make sure these ports are not needed by other daemons. -By default only ports above 1024 that have not been assigned by IANA are used. -Give a port number or a range of the form "low\-high", without spaces. -.IP -The \fBoutgoing\-port\-permit\fR and \fBoutgoing\-port\-avoid\fR statements -are processed in the line order of the config file, adding the permitted ports -and subtracting the avoided ports from the set of allowed ports. The -processing starts with the non IANA allocated ports above 1024 in the set -of allowed ports. -.TP -.B outgoing\-port\-avoid: \fI -Do not permit unbound to open this port or range of ports for use to send -queries. Use this to make sure unbound does not grab a port that another -daemon needs. The port is avoided on all outgoing interfaces, both IP4 and IP6. -By default only ports above 1024 that have not been assigned by IANA are used. -Give a port number or a range of the form "low\-high", without spaces. -.TP -.B outgoing\-num\-tcp: \fI -Number of outgoing TCP buffers to allocate per thread. Default is 10. If -set to 0, or if do\-tcp is "no", no TCP queries to authoritative servers -are done. For larger installations increasing this value is a good idea. -.TP -.B incoming\-num\-tcp: \fI -Number of incoming TCP buffers to allocate per thread. Default is -10. If set to 0, or if do\-tcp is "no", no TCP queries from clients are -accepted. For larger installations increasing this value is a good idea. -.TP -.B edns\-buffer\-size: \fI -Number of bytes size to advertise as the EDNS reassembly buffer size. -This is the value put into datagrams over UDP towards peers. The actual -buffer size is determined by msg\-buffer\-size (both for TCP and UDP). Do -not set higher than that value. Default is 4096 which is RFC recommended. -If you have fragmentation reassembly problems, usually seen as timeouts, -then a value of 1480 can fix it. Setting to 512 bypasses even the most -stringent path MTU problems, but is seen as extreme, since the amount -of TCP fallback generated is excessive (probably also for this resolver, -consider tuning the outgoing tcp number). -.TP -.B max\-udp\-size: \fI -Maximum UDP response size (not applied to TCP response). 65536 disables the -udp response size maximum, and uses the choice from the client, always. -Suggested values are 512 to 4096. Default is 4096. -.TP -.B msg\-buffer\-size: \fI -Number of bytes size of the message buffers. Default is 65552 bytes, enough -for 64 Kb packets, the maximum DNS message size. No message larger than this -can be sent or received. Can be reduced to use less memory, but some requests -for DNS data, such as for huge resource records, will result in a SERVFAIL -reply to the client. -.TP -.B msg\-cache\-size: \fI -Number of bytes size of the message cache. Default is 4 megabytes. -A plain number is in bytes, append 'k', 'm' or 'g' for kilobytes, megabytes -or gigabytes (1024*1024 bytes in a megabyte). -.TP -.B msg\-cache\-slabs: \fI -Number of slabs in the message cache. Slabs reduce lock contention by threads. -Must be set to a power of 2. Setting (close) to the number of cpus is a -reasonable guess. -.TP -.B num\-queries\-per\-thread: \fI -The number of queries that every thread will service simultaneously. -If more queries arrive that need servicing, and no queries can be jostled out -(see \fIjostle\-timeout\fR), then the queries are dropped. This forces -the client to resend after a timeout; allowing the server time to work on -the existing queries. Default depends on compile options, 512 or 1024. -.TP -.B jostle\-timeout: \fI -Timeout used when the server is very busy. Set to a value that usually -results in one roundtrip to the authority servers. If too many queries -arrive, then 50% of the queries are allowed to run to completion, and -the other 50% are replaced with the new incoming query if they have already -spent more than their allowed time. This protects against denial of -service by slow queries or high query rates. Default 200 milliseconds. -The effect is that the qps for long-lasting queries is about -(numqueriesperthread / 2) / (average time for such long queries) qps. -The qps for short queries can be about (numqueriesperthread / 2) -/ (jostletimeout in whole seconds) qps per thread, about (1024/2)*5 = 2560 -qps by default. -.TP -.B delay\-close: \fI -Extra delay for timeouted UDP ports before they are closed, in msec. -Default is 0, and that disables it. This prevents very delayed answer -packets from the upstream (recursive) servers from bouncing against -closed ports and setting off all sort of close-port counters, with -eg. 1500 msec. When timeouts happen you need extra sockets, it checks -the ID and remote IP of packets, and unwanted packets are added to the -unwanted packet counter. -.TP -.B so\-rcvbuf: \fI -If not 0, then set the SO_RCVBUF socket option to get more buffer -space on UDP port 53 incoming queries. So that short spikes on busy -servers do not drop packets (see counter in netstat \-su). Default is -0 (use system value). Otherwise, the number of bytes to ask for, try -"4m" on a busy server. The OS caps it at a maximum, on linux unbound -needs root permission to bypass the limit, or the admin can use sysctl -net.core.rmem_max. On BSD change kern.ipc.maxsockbuf in /etc/sysctl.conf. -On OpenBSD change header and recompile kernel. On Solaris ndd \-set -/dev/udp udp_max_buf 8388608. -.TP -.B so\-sndbuf: \fI -If not 0, then set the SO_SNDBUF socket option to get more buffer space on -UDP port 53 outgoing queries. This for very busy servers handles spikes -in answer traffic, otherwise 'send: resource temporarily unavailable' -can get logged, the buffer overrun is also visible by netstat \-su. -Default is 0 (use system value). Specify the number of bytes to ask -for, try "4m" on a very busy server. The OS caps it at a maximum, on -linux unbound needs root permission to bypass the limit, or the admin -can use sysctl net.core.wmem_max. On BSD, Solaris changes are similar -to so\-rcvbuf. -.TP -.B so\-reuseport: \fI -If yes, then open dedicated listening sockets for incoming queries for each -thread and try to set the SO_REUSEPORT socket option on each socket. May -distribute incoming queries to threads more evenly. Default is no. On Linux -it is supported in kernels >= 3.9. On other systems, FreeBSD, OSX it may -also work. You can enable it (on any platform and kernel), -it then attempts to open the port and passes the option if it was available -at compile time, if that works it is used, if it fails, it continues -silently (unless verbosity 3) without the option. -.TP -.B ip\-transparent: \fI -If yes, then use IP_TRANSPARENT socket option on sockets where unbound -is listening for incoming traffic. Default no. Allows you to bind to -non\-local interfaces. For example for non\-existant IP addresses that -are going to exist later on, with host failover configuration. This is -a lot like interface\-automatic, but that one services all interfaces -and with this option you can select which (future) interfaces unbound -provides service on. This option needs unbound to be started with root -permissions on some systems. The option uses IP_BINDANY on FreeBSD systems. -.TP -.B ip\-freebind: \fI -If yes, then use IP_FREEBIND socket option on sockets where unbound -is listening to incoming traffic. Default no. Allows you to bind to -IP addresses that are nonlocal or do not exist, like when the network -interface or IP address is down. Exists only on Linux, where the similar -ip\-transparent option is also available. -.TP -.B rrset\-cache\-size: \fI -Number of bytes size of the RRset cache. Default is 4 megabytes. -A plain number is in bytes, append 'k', 'm' or 'g' for kilobytes, megabytes -or gigabytes (1024*1024 bytes in a megabyte). -.TP -.B rrset\-cache\-slabs: \fI -Number of slabs in the RRset cache. Slabs reduce lock contention by threads. -Must be set to a power of 2. -.TP -.B cache\-max\-ttl: \fI -Time to live maximum for RRsets and messages in the cache. Default is -86400 seconds (1 day). If the maximum kicks in, responses to clients -still get decrementing TTLs based on the original (larger) values. -When the internal TTL expires, the cache item has expired. -Can be set lower to force the resolver to query for data often, and not -trust (very large) TTL values. -.TP -.B cache\-min\-ttl: \fI -Time to live minimum for RRsets and messages in the cache. Default is 0. -If the minimum kicks in, the data is cached for longer than the domain -owner intended, and thus less queries are made to look up the data. -Zero makes sure the data in the cache is as the domain owner intended, -higher values, especially more than an hour or so, can lead to trouble as -the data in the cache does not match up with the actual data any more. -.TP -.B cache\-max\-negative\-ttl: \fI -Time to live maximum for negative responses, these have a SOA in the -authority section that is limited in time. Default is 3600. -.TP -.B infra\-host\-ttl: \fI -Time to live for entries in the host cache. The host cache contains -roundtrip timing, lameness and EDNS support information. Default is 900. -.TP -.B infra\-cache\-slabs: \fI -Number of slabs in the infrastructure cache. Slabs reduce lock contention -by threads. Must be set to a power of 2. -.TP -.B infra\-cache\-numhosts: \fI -Number of hosts for which information is cached. Default is 10000. -.TP -.B infra\-cache\-min\-rtt: \fI -Lower limit for dynamic retransmit timeout calculation in infrastructure -cache. Default is 50 milliseconds. Increase this value if using forwarders -needing more time to do recursive name resolution. -.TP -.B define\-tag: \fI<"list of tags"> -Define the tags that can be used with local\-zone and access\-control. -Enclose the list between quotes ("") and put spaces between tags. -.TP -.B do\-ip4: \fI -Enable or disable whether ip4 queries are answered or issued. Default is yes. -.TP -.B do\-ip6: \fI -Enable or disable whether ip6 queries are answered or issued. Default is yes. -If disabled, queries are not answered on IPv6, and queries are not sent on -IPv6 to the internet nameservers. With this option you can disable the -ipv6 transport for sending DNS traffic, it does not impact the contents of -the DNS traffic, which may have ip4 and ip6 addresses in it. -.TP -.B prefer\-ip6: \fI -If enabled, prefer IPv6 transport for sending DNS queries to internet -nameservers. Default is no. -.TP -.B do\-udp: \fI -Enable or disable whether UDP queries are answered or issued. Default is yes. -.TP -.B do\-tcp: \fI -Enable or disable whether TCP queries are answered or issued. Default is yes. -.TP -.B tcp\-mss: \fI -Maximum segment size (MSS) of TCP socket on which the server responds -to queries. Value lower than common MSS on Ethernet -(1220 for example) will address path MTU problem. -Note that not all platform supports socket option to set MSS (TCP_MAXSEG). -Default is system default MSS determined by interface MTU and -negotiation between server and client. -.TP -.B outgoing\-tcp\-mss: \fI -Maximum segment size (MSS) of TCP socket for outgoing queries -(from Unbound to other servers). Value lower than -common MSS on Ethernet (1220 for example) will address path MTU problem. -Note that not all platform supports socket option to set MSS (TCP_MAXSEG). -Default is system default MSS determined by interface MTU and -negotiation between Unbound and other servers. -.TP -.B tcp\-upstream: \fI -Enable or disable whether the upstream queries use TCP only for transport. -Default is no. Useful in tunneling scenarios. -.TP -.B ssl\-upstream: \fI -Enabled or disable whether the upstream queries use SSL only for transport. -Default is no. Useful in tunneling scenarios. The SSL contains plain DNS in -TCP wireformat. The other server must support this (see \fBssl\-service\-key\fR). -.TP -.B ssl\-service-key: \fI -If enabled, the server provider SSL service on its TCP sockets. The clients -have to use ssl\-upstream: yes. The file is the private key for the TLS -session. The public certificate is in the ssl\-service\-pem file. Default -is "", turned off. Requires a restart (a reload is not enough) if changed, -because the private key is read while root permissions are held and before -chroot (if any). Normal DNS TCP service is not provided and gives errors, -this service is best run with a different \fBport:\fR config or \fI@port\fR -suffixes in the \fBinterface\fR config. -.TP -.B ssl\-service\-pem: \fI -The public key certificate pem file for the ssl service. Default is "", -turned off. -.TP -.B ssl\-port: \fI -The port number on which to provide TCP SSL service, default 853, only -interfaces configured with that port number as @number get the SSL service. -.TP -.B use\-systemd: \fI -Enable or disable systemd socket activation. -Default is no. -.TP -.B do\-daemonize: \fI -Enable or disable whether the unbound server forks into the background as -a daemon. Set the value to \fIno\fR when unbound runs as systemd service. -Default is yes. -.TP -.B access\-control: \fI -The netblock is given as an IP4 or IP6 address with /size appended for a -classless network block. The action can be \fIdeny\fR, \fIrefuse\fR, -\fIallow\fR, \fIallow_snoop\fR, \fIdeny_non_local\fR or \fIrefuse_non_local\fR. -The most specific netblock match is used, if none match \fIdeny\fR is used. -.IP -The action \fIdeny\fR stops queries from hosts from that netblock. -.IP -The action \fIrefuse\fR stops queries too, but sends a DNS rcode REFUSED -error message back. -.IP -The action \fIallow\fR gives access to clients from that netblock. -It gives only access for recursion clients (which is -what almost all clients need). Nonrecursive queries are refused. -.IP -The \fIallow\fR action does allow nonrecursive queries to access the -local\-data that is configured. The reason is that this does not involve -the unbound server recursive lookup algorithm, and static data is served -in the reply. This supports normal operations where nonrecursive queries -are made for the authoritative data. For nonrecursive queries any replies -from the dynamic cache are refused. -.IP -The action \fIallow_snoop\fR gives nonrecursive access too. This give -both recursive and non recursive access. The name \fIallow_snoop\fR refers -to cache snooping, a technique to use nonrecursive queries to examine -the cache contents (for malicious acts). However, nonrecursive queries can -also be a valuable debugging tool (when you want to examine the cache -contents). In that case use \fIallow_snoop\fR for your administration host. -.IP -By default only localhost is \fIallow\fRed, the rest is \fIrefuse\fRd. -The default is \fIrefuse\fRd, because that is protocol\-friendly. The DNS -protocol is not designed to handle dropped packets due to policy, and -dropping may result in (possibly excessive) retried queries. -.IP -The deny_non_local and refuse_non_local settings are for hosts that are -only allowed to query for the authoritative local\-data, they are not -allowed full recursion but only the static data. With deny_non_local, -messages that are disallowed are dropped, with refuse_non_local they -receive error code REFUSED. -.TP -.B access\-control\-tag: \fI <"list of tags"> -Assign tags to access-control elements. Clients using this access control -element use localzones that are tagged with one of these tags. Tags must be -defined in \fIdefine\-tags\fR. Enclose list of tags in quotes ("") and put -spaces between tags. If access\-control\-tag is configured for a netblock that -does not have an access\-control, an access\-control element with action -\fIallow\fR is configured for this netblock. -.TP -.B access\-control\-tag\-action: \fI -Set action for particular tag for given access control element. If you have -multiple tag values, the tag used to lookup the action is the first tag match -between access\-control\-tag and local\-zone\-tag where "first" comes from the -order of the define-tag values. -.TP -.B access\-control\-tag\-data: \fI <"resource record string"> -Set redirect data for particular tag for given access control element. -.TP -.B access\-control\-view: \fI -Set view for given access control element. -.TP -.B chroot: \fI -If chroot is enabled, you should pass the configfile (from the -commandline) as a full path from the original root. After the -chroot has been performed the now defunct portion of the config -file path is removed to be able to reread the config after a reload. -.IP -All other file paths (working dir, logfile, roothints, and -key files) can be specified in several ways: -as an absolute path relative to the new root, -as a relative path to the working directory, or -as an absolute path relative to the original root. -In the last case the path is adjusted to remove the unused portion. -.IP -The pidfile can be either a relative path to the working directory, or -an absolute path relative to the original root. It is written just prior -to chroot and dropping permissions. This allows the pidfile to be -/var/run/unbound.pid and the chroot to be /var/unbound, for example. -.IP -Additionally, unbound may need to access /dev/random (for entropy) -from inside the chroot. -.IP -If given a chroot is done to the given directory. The default is -"@UNBOUND_CHROOT_DIR@". If you give "" no chroot is performed. -.TP -.B username: \fI -If given, after binding the port the user privileges are dropped. Default is -"@UNBOUND_USERNAME@". If you give username: "" no user change is performed. -.IP -If this user is not capable of binding the -port, reloads (by signal HUP) will still retain the opened ports. -If you change the port number in the config file, and that new port number -requires privileges, then a reload will fail; a restart is needed. -.TP -.B directory: \fI -Sets the working directory for the program. Default is "@UNBOUND_RUN_DIR@". -On Windows the string "%EXECUTABLE%" tries to change to the directory -that unbound.exe resides in. -If you give a server: directory: dir before include: file statements -then those includes can be relative to the working directory. -.TP -.B logfile: \fI -If "" is given, logging goes to stderr, or nowhere once daemonized. -The logfile is appended to, in the following format: -.nf -[seconds since 1970] unbound[pid:tid]: type: message. -.fi -If this option is given, the use\-syslog is option is set to "no". -The logfile is reopened (for append) when the config file is reread, on -SIGHUP. -.TP -.B use\-syslog: \fI -Sets unbound to send log messages to the syslogd, using -\fIsyslog\fR(3). -The log facility LOG_DAEMON is used, with identity "unbound". -The logfile setting is overridden when use\-syslog is turned on. -The default is to log to syslog. -.TP -.B log\-identity: \fI -If "" is given (default), then the name of the executable, usually "unbound" -is used to report to the log. Enter a string to override it -with that, which is useful on systems that run more than one instance of -unbound, with different configurations, so that the logs can be easily -distinguished against. -.TP -.B log\-time\-ascii: \fI -Sets logfile lines to use a timestamp in UTC ascii. Default is no, which -prints the seconds since 1970 in brackets. No effect if using syslog, in -that case syslog formats the timestamp printed into the log files. -.TP -.B log\-queries: \fI -Prints one line per query to the log, with the log timestamp and IP address, -name, type and class. Default is no. Note that it takes time to print these -lines which makes the server (significantly) slower. Odd (nonprintable) -characters in names are printed as '?'. -.TP -.B log\-replies: \fI -Prints one line per reply to the log, with the log timestamp and IP address, -name, type, class, return code, time to resolve, from cache and response size. -Default is no. Note that it takes time to print these -lines which makes the server (significantly) slower. Odd (nonprintable) -characters in names are printed as '?'. -.TP -.B pidfile: \fI -The process id is written to the file. Default is "@UNBOUND_PIDFILE@". -So, -.nf -kill \-HUP `cat @UNBOUND_PIDFILE@` -.fi -triggers a reload, -.nf -kill \-TERM `cat @UNBOUND_PIDFILE@` -.fi -gracefully terminates. -.TP -.B root\-hints: \fI -Read the root hints from this file. Default is nothing, using builtin hints -for the IN class. The file has the format of zone files, with root -nameserver names and addresses only. The default may become outdated, -when servers change, therefore it is good practice to use a root\-hints file. -.TP -.B hide\-identity: \fI -If enabled id.server and hostname.bind queries are refused. -.TP -.B identity: \fI -Set the identity to report. If set to "", the default, then the hostname -of the server is returned. -.TP -.B hide\-version: \fI -If enabled version.server and version.bind queries are refused. -.TP -.B version: \fI -Set the version to report. If set to "", the default, then the package -version is returned. -.TP -.B hide\-trustanchor: \fI -If enabled trustanchor.unbound queries are refused. -.TP -.B target\-fetch\-policy: \fI<"list of numbers"> -Set the target fetch policy used by unbound to determine if it should fetch -nameserver target addresses opportunistically. The policy is described per -dependency depth. -.IP -The number of values determines the maximum dependency depth -that unbound will pursue in answering a query. -A value of \-1 means to fetch all targets opportunistically for that dependency -depth. A value of 0 means to fetch on demand only. A positive value fetches -that many targets opportunistically. -.IP -Enclose the list between quotes ("") and put spaces between numbers. -The default is "3 2 1 0 0". Setting all zeroes, "0 0 0 0 0" gives behaviour -closer to that of BIND 9, while setting "\-1 \-1 \-1 \-1 \-1" gives behaviour -rumoured to be closer to that of BIND 8. -.TP -.B harden\-short\-bufsize: \fI -Very small EDNS buffer sizes from queries are ignored. Default is off, since -it is legal protocol wise to send these, and unbound tries to give very -small answers to these queries, where possible. -.TP -.B harden\-large\-queries: \fI -Very large queries are ignored. Default is off, since it is legal protocol -wise to send these, and could be necessary for operation if TSIG or EDNS -payload is very large. -.TP -.B harden\-glue: \fI -Will trust glue only if it is within the servers authority. Default is on. -.TP -.B harden\-dnssec\-stripped: \fI -Require DNSSEC data for trust\-anchored zones, if such data is absent, -the zone becomes bogus. If turned off, and no DNSSEC data is received -(or the DNSKEY data fails to validate), then the zone is made insecure, -this behaves like there is no trust anchor. You could turn this off if -you are sometimes behind an intrusive firewall (of some sort) that -removes DNSSEC data from packets, or a zone changes from signed to -unsigned to badly signed often. If turned off you run the risk of a -downgrade attack that disables security for a zone. Default is on. -.TP -.B harden\-below\-nxdomain: \fI -From RFC 8020 (with title "NXDOMAIN: There Really Is Nothing Underneath"), -returns nxdomain to queries for a name -below another name that is already known to be nxdomain. DNSSEC mandates -noerror for empty nonterminals, hence this is possible. Very old software -might return nxdomain for empty nonterminals (that usually happen for reverse -IP address lookups), and thus may be incompatible with this. To try to avoid -this only DNSSEC-secure nxdomains are used, because the old software does not -have DNSSEC. Default is off. -The nxdomain must be secure, this means nsec3 with optout is insufficient. -.TP -.B harden\-referral\-path: \fI -Harden the referral path by performing additional queries for -infrastructure data. Validates the replies if trust anchors are configured -and the zones are signed. This enforces DNSSEC validation on nameserver -NS sets and the nameserver addresses that are encountered on the referral -path to the answer. -Default off, because it burdens the authority servers, and it is -not RFC standard, and could lead to performance problems because of the -extra query load that is generated. Experimental option. -If you enable it consider adding more numbers after the target\-fetch\-policy -to increase the max depth that is checked to. -.TP -.B harden\-algo\-downgrade: \fI -Harden against algorithm downgrade when multiple algorithms are -advertised in the DS record. If no, allows the weakest algorithm to -validate the zone. Default is no. Zone signers must produce zones -that allow this feature to work, but sometimes they do not, and turning -this option off avoids that validation failure. -.TP -.B use\-caps\-for\-id: \fI -Use 0x20\-encoded random bits in the query to foil spoof attempts. -This perturbs the lowercase and uppercase of query names sent to -authority servers and checks if the reply still has the correct casing. -Disabled by default. -This feature is an experimental implementation of draft dns\-0x20. -.TP -.B caps\-whitelist: \fI -Whitelist the domain so that it does not receive caps\-for\-id perturbed -queries. For domains that do not support 0x20 and also fail with fallback -because they keep sending different answers, like some load balancers. -Can be given multiple times, for different domains. -.TP -.B qname\-minimisation: \fI -Send minimum amount of information to upstream servers to enhance privacy. -Only sent minimum required labels of the QNAME and set QTYPE to NS when -possible. Best effort approach; full QNAME and original QTYPE will be sent when -upstream replies with a RCODE other than NOERROR, except when receiving -NXDOMAIN from a DNSSEC signed zone. Default is off. -.TP -.B qname\-minimisation\-strict: \fI -QNAME minimisation in strict mode. Do not fall-back to sending full QNAME to -potentially broken nameservers. A lot of domains will not be resolvable when -this option in enabled. Only use if you know what you are doing. -This option only has effect when qname-minimisation is enabled. Default is off. -.TP -.B private\-address: \fI -Give IPv4 of IPv6 addresses or classless subnets. These are addresses -on your private network, and are not allowed to be returned for -public internet names. Any occurrence of such addresses are removed -from DNS answers. Additionally, the DNSSEC validator may mark the -answers bogus. This protects against so\-called DNS Rebinding, where -a user browser is turned into a network proxy, allowing remote access -through the browser to other parts of your private network. Some names -can be allowed to contain your private addresses, by default all the -\fBlocal\-data\fR that you configured is allowed to, and you can specify -additional names using \fBprivate\-domain\fR. No private addresses are -enabled by default. We consider to enable this for the RFC1918 private -IP address space by default in later releases. That would enable private -addresses for 10.0.0.0/8 172.16.0.0/12 192.168.0.0/16 169.254.0.0/16 -fd00::/8 and fe80::/10, since the RFC standards say these addresses -should not be visible on the public internet. Turning on 127.0.0.0/8 -would hinder many spamblocklists as they use that. Adding ::ffff:0:0/96 -stops IPv4-mapped IPv6 addresses from bypassing the filter. -.TP -.B private\-domain: \fI -Allow this domain, and all its subdomains to contain private addresses. -Give multiple times to allow multiple domain names to contain private -addresses. Default is none. -.TP -.B unwanted\-reply\-threshold: \fI -If set, a total number of unwanted replies is kept track of in every thread. -When it reaches the threshold, a defensive action is taken and a warning -is printed to the log. The defensive action is to clear the rrset and -message caches, hopefully flushing away any poison. A value of 10 million -is suggested. Default is 0 (turned off). -.TP -.B do\-not\-query\-address: \fI -Do not query the given IP address. Can be IP4 or IP6. Append /num to -indicate a classless delegation netblock, for example like -10.2.3.4/24 or 2001::11/64. -.TP -.B do\-not\-query\-localhost: \fI -If yes, localhost is added to the do\-not\-query\-address entries, both -IP6 ::1 and IP4 127.0.0.1/8. If no, then localhost can be used to send -queries to. Default is yes. -.TP -.B prefetch: \fI -If yes, message cache elements are prefetched before they expire to -keep the cache up to date. Default is no. Turning it on gives about -10 percent more traffic and load on the machine, but popular items do -not expire from the cache. -.TP -.B prefetch-key: \fI -If yes, fetch the DNSKEYs earlier in the validation process, when a DS -record is encountered. This lowers the latency of requests. It does use -a little more CPU. Also if the cache is set to 0, it is no use. Default is no. -.TP -.B rrset-roundrobin: \fI -If yes, Unbound rotates RRSet order in response (the random number is taken -from the query ID, for speed and thread safety). Default is no. -.TP -.B minimal-responses: \fI -If yes, Unbound doesn't insert authority/additional sections into response -messages when those sections are not required. This reduces response -size significantly, and may avoid TCP fallback for some responses. -This may cause a slight speedup. The default is no, because the DNS -protocol RFCs mandate these sections, and the additional content could -be of use and save roundtrips for clients. -.TP -.B disable-dnssec-lame-check: \fI -If true, disables the DNSSEC lameness check in the iterator. This check -sees if RRSIGs are present in the answer, when dnssec is expected, -and retries another authority if RRSIGs are unexpectedly missing. -The validator will insist in RRSIGs for DNSSEC signed domains regardless -of this setting, if a trust anchor is loaded. -.TP -.B module\-config: \fI<"module names"> -Module configuration, a list of module names separated by spaces, surround -the string with quotes (""). The modules can be validator, iterator. -Setting this to "iterator" will result in a non\-validating server. -Setting this to "validator iterator" will turn on DNSSEC validation. -The ordering of the modules is important. -You must also set trust\-anchors for validation to be useful. -.TP -.B trust\-anchor\-file: \fI -File with trusted keys for validation. Both DS and DNSKEY entries can appear -in the file. The format of the file is the standard DNS Zone file format. -Default is "", or no trust anchor file. -.TP -.B auto\-trust\-anchor\-file: \fI -File with trust anchor for one zone, which is tracked with RFC5011 probes. -The probes are several times per month, thus the machine must be online -frequently. The initial file can be one with contents as described in -\fBtrust\-anchor\-file\fR. The file is written to when the anchor is updated, -so the unbound user must have write permission. Write permission to the file, -but also to the directory it is in (to create a temporary file, which is -necessary to deal with filesystem full events), it must also be inside the -chroot (if that is used). -.TP -.B trust\-anchor: \fI<"Resource Record"> -A DS or DNSKEY RR for a key to use for validation. Multiple entries can be -given to specify multiple trusted keys, in addition to the trust\-anchor\-files. -The resource record is entered in the same format as 'dig' or 'drill' prints -them, the same format as in the zone file. Has to be on a single line, with -"" around it. A TTL can be specified for ease of cut and paste, but is ignored. -A class can be specified, but class IN is default. -.TP -.B trusted\-keys\-file: \fI -File with trusted keys for validation. Specify more than one file -with several entries, one file per entry. Like \fBtrust\-anchor\-file\fR -but has a different file format. Format is BIND\-9 style format, -the trusted\-keys { name flag proto algo "key"; }; clauses are read. -It is possible to use wildcards with this statement, the wildcard is -expanded on start and on reload. -.TP -.B dlv\-anchor\-file: \fI -This option was used during early days DNSSEC deployment when no parent-side -DS record registrations were easily available. Nowadays, it is best to have -DS records registered with the parent zone (many top level zones are signed). -File with trusted keys for DLV (DNSSEC Lookaside Validation). Both DS and -DNSKEY entries can be used in the file, in the same format as for -\fItrust\-anchor\-file:\fR statements. Only one DLV can be configured, more -would be slow. The DLV configured is used as a root trusted DLV, this -means that it is a lookaside for the root. Default is "", or no dlv anchor file. -DLV is going to be decommissioned. Please do not use it any more. -.TP -.B dlv\-anchor: \fI<"Resource Record"> -Much like trust\-anchor, this is a DLV anchor with the DS or DNSKEY inline. -DLV is going to be decommissioned. Please do not use it any more. -.TP -.B domain\-insecure: \fI -Sets domain name to be insecure, DNSSEC chain of trust is ignored towards -the domain name. So a trust anchor above the domain name can not make the -domain secure with a DS record, such a DS record is then ignored. -Also keys from DLV are ignored for the domain. Can be given multiple times -to specify multiple domains that are treated as if unsigned. If you set -trust anchors for the domain they override this setting (and the domain -is secured). -.IP -This can be useful if you want to make sure a trust anchor for external -lookups does not affect an (unsigned) internal domain. A DS record -externally can create validation failures for that internal domain. -.TP -.B val\-override\-date: \fI -Default is "" or "0", which disables this debugging feature. If enabled by -giving a RRSIG style date, that date is used for verifying RRSIG inception -and expiration dates, instead of the current date. Do not set this unless -you are debugging signature inception and expiration. The value \-1 ignores -the date altogether, useful for some special applications. -.TP -.B val\-sig\-skew\-min: \fI -Minimum number of seconds of clock skew to apply to validated signatures. -A value of 10% of the signature lifetime (expiration \- inception) is -used, capped by this setting. Default is 3600 (1 hour) which allows for -daylight savings differences. Lower this value for more strict checking -of short lived signatures. -.TP -.B val\-sig\-skew\-max: \fI -Maximum number of seconds of clock skew to apply to validated signatures. -A value of 10% of the signature lifetime (expiration \- inception) -is used, capped by this setting. Default is 86400 (24 hours) which -allows for timezone setting problems in stable domains. Setting both -min and max very low disables the clock skew allowances. Setting both -min and max very high makes the validator check the signature timestamps -less strictly. -.TP -.B val\-bogus\-ttl: \fI -The time to live for bogus data. This is data that has failed validation; -due to invalid signatures or other checks. The TTL from that data cannot be -trusted, and this value is used instead. The value is in seconds, default 60. -The time interval prevents repeated revalidation of bogus data. -.TP -.B val\-clean\-additional: \fI -Instruct the validator to remove data from the additional section of secure -messages that are not signed properly. Messages that are insecure, bogus, -indeterminate or unchecked are not affected. Default is yes. Use this setting -to protect the users that rely on this validator for authentication from -potentially bad data in the additional section. -.TP -.B val\-log\-level: \fI -Have the validator print validation failures to the log. Regardless of -the verbosity setting. Default is 0, off. At 1, for every user query -that fails a line is printed to the logs. This way you can monitor what -happens with validation. Use a diagnosis tool, such as dig or drill, -to find out why validation is failing for these queries. At 2, not only -the query that failed is printed but also the reason why unbound thought -it was wrong and which server sent the faulty data. -.TP -.B val\-permissive\-mode: \fI -Instruct the validator to mark bogus messages as indeterminate. The security -checks are performed, but if the result is bogus (failed security), the -reply is not withheld from the client with SERVFAIL as usual. The client -receives the bogus data. For messages that are found to be secure the AD bit -is set in replies. Also logging is performed as for full validation. -The default value is "no". -.TP -.B ignore\-cd\-flag: \fI -Instruct unbound to ignore the CD flag from clients and refuse to -return bogus answers to them. Thus, the CD (Checking Disabled) flag -does not disable checking any more. This is useful if legacy (w2008) -servers that set the CD flag but cannot validate DNSSEC themselves are -the clients, and then unbound provides them with DNSSEC protection. -The default value is "no". -.TP -.B serve\-expired: \fI -If enabled, unbound attempts to serve old responses from cache with a -TTL of 0 in the response without waiting for the actual resolution to finish. -The actual resolution answer ends up in the cache later on. Default is "no". -.TP -.B val\-nsec3\-keysize\-iterations: \fI<"list of values"> -List of keysize and iteration count values, separated by spaces, surrounded -by quotes. Default is "1024 150 2048 500 4096 2500". This determines the -maximum allowed NSEC3 iteration count before a message is simply marked -insecure instead of performing the many hashing iterations. The list must -be in ascending order and have at least one entry. If you set it to -"1024 65535" there is no restriction to NSEC3 iteration values. -This table must be kept short; a very long list could cause slower operation. -.TP -.B add\-holddown: \fI -Instruct the \fBauto\-trust\-anchor\-file\fR probe mechanism for RFC5011 -autotrust updates to add new trust anchors only after they have been -visible for this time. Default is 30 days as per the RFC. -.TP -.B del\-holddown: \fI -Instruct the \fBauto\-trust\-anchor\-file\fR probe mechanism for RFC5011 -autotrust updates to remove revoked trust anchors after they have been -kept in the revoked list for this long. Default is 30 days as per -the RFC. -.TP -.B keep\-missing: \fI -Instruct the \fBauto\-trust\-anchor\-file\fR probe mechanism for RFC5011 -autotrust updates to remove missing trust anchors after they have been -unseen for this long. This cleans up the state file if the target zone -does not perform trust anchor revocation, so this makes the auto probe -mechanism work with zones that perform regular (non\-5011) rollovers. -The default is 366 days. The value 0 does not remove missing anchors, -as per the RFC. -.TP -.B permit\-small\-holddown: \fI -Debug option that allows the autotrust 5011 rollover timers to assume -very small values. Default is no. -.TP -.B key\-cache\-size: \fI -Number of bytes size of the key cache. Default is 4 megabytes. -A plain number is in bytes, append 'k', 'm' or 'g' for kilobytes, megabytes -or gigabytes (1024*1024 bytes in a megabyte). -.TP -.B key\-cache\-slabs: \fI -Number of slabs in the key cache. Slabs reduce lock contention by threads. -Must be set to a power of 2. Setting (close) to the number of cpus is a -reasonable guess. -.TP -.B neg\-cache\-size: \fI -Number of bytes size of the aggressive negative cache. Default is 1 megabyte. -A plain number is in bytes, append 'k', 'm' or 'g' for kilobytes, megabytes -or gigabytes (1024*1024 bytes in a megabyte). -.TP -.B unblock\-lan\-zones: \fI -Default is disabled. If enabled, then for private address space, -the reverse lookups are no longer filtered. This allows unbound when -running as dns service on a host where it provides service for that host, -to put out all of the queries for the 'lan' upstream. When enabled, -only localhost, 127.0.0.1 reverse and ::1 reverse zones are configured -with default local zones. Disable the option when unbound is running -as a (DHCP-) DNS network resolver for a group of machines, where such -lookups should be filtered (RFC compliance), this also stops potential -data leakage about the local network to the upstream DNS servers. -.TP -.B insecure\-lan\-zones: \fI -Default is disabled. If enabled, then reverse lookups in private -address space are not validated. This is usually required whenever -\fIunblock\-lan\-zones\fR is used. -.TP -.B local\-zone: \fI -Configure a local zone. The type determines the answer to give if -there is no match from local\-data. The types are deny, refuse, static, -transparent, redirect, nodefault, typetransparent, inform, inform_deny, -always_transparent, always_refuse, always_nxdomain, -and are explained below. After that the default settings are listed. Use -local\-data: to enter data into the local zone. Answers for local zones -are authoritative DNS answers. By default the zones are class IN. -.IP -If you need more complicated authoritative data, with referrals, wildcards, -CNAME/DNAME support, or DNSSEC authoritative service, setup a stub\-zone for -it as detailed in the stub zone section below. -.TP 10 -\h'5'\fIdeny\fR -Do not send an answer, drop the query. -If there is a match from local data, the query is answered. -.TP 10 -\h'5'\fIrefuse\fR -Send an error message reply, with rcode REFUSED. -If there is a match from local data, the query is answered. -.TP 10 -\h'5'\fIstatic\fR -If there is a match from local data, the query is answered. -Otherwise, the query is answered with nodata or nxdomain. -For a negative answer a SOA is included in the answer if present -as local\-data for the zone apex domain. -.TP 10 -\h'5'\fItransparent\fR -If there is a match from local data, the query is answered. -Otherwise if the query has a different name, the query is resolved normally. -If the query is for a name given in localdata but no such type of data is -given in localdata, then a noerror nodata answer is returned. -If no local\-zone is given local\-data causes a transparent zone -to be created by default. -.TP 10 -\h'5'\fItypetransparent\fR -If there is a match from local data, the query is answered. If the query -is for a different name, or for the same name but for a different type, -the query is resolved normally. So, similar to transparent but types -that are not listed in local data are resolved normally, so if an A record -is in the local data that does not cause a nodata reply for AAAA queries. -.TP 10 -\h'5'\fIredirect\fR -The query is answered from the local data for the zone name. -There may be no local data beneath the zone name. -This answers queries for the zone, and all subdomains of the zone -with the local data for the zone. -It can be used to redirect a domain to return a different address record -to the end user, with -local\-zone: "example.com." redirect and -local\-data: "example.com. A 127.0.0.1" -queries for www.example.com and www.foo.example.com are redirected, so -that users with web browsers cannot access sites with suffix example.com. -.TP 10 -\h'5'\fIinform\fR -The query is answered normally, same as transparent. The client IP -address (@portnumber) is printed to the logfile. The log message is: -timestamp, unbound-pid, info: zonename inform IP@port queryname type -class. This option can be used for normal resolution, but machines -looking up infected names are logged, eg. to run antivirus on them. -.TP 10 -\h'5'\fIinform_deny\fR -The query is dropped, like 'deny', and logged, like 'inform'. Ie. find -infected machines without answering the queries. -.TP 10 -\h'5'\fIalways_transparent\fR -Like transparent, but ignores local data and resolves normally. -.TP 10 -\h'5'\fIalways_refuse\fR -Like refuse, but ignores local data and refuses the query. -.TP 10 -\h'5'\fIalways_nxdomain\fR -Like static, but ignores local data and returns nxdomain for the query. -.TP 10 -\h'5'\fInodefault\fR -Used to turn off default contents for AS112 zones. The other types -also turn off default contents for the zone. The 'nodefault' option -has no other effect than turning off default contents for the -given zone. Use \fInodefault\fR if you use exactly that zone, if you want to -use a subzone, use \fItransparent\fR. -.P -The default zones are localhost, reverse 127.0.0.1 and ::1, the onion and -the AS112 zones. The AS112 zones are reverse DNS zones for private use and -reserved IP addresses for which the servers on the internet cannot provide -correct answers. They are configured by default to give nxdomain (no reverse -information) answers. The defaults can be turned off by specifying your -own local\-zone of that name, or using the 'nodefault' type. Below is a -list of the default zone contents. -.TP 10 -\h'5'\fIlocalhost\fR -The IP4 and IP6 localhost information is given. NS and SOA records are provided -for completeness and to satisfy some DNS update tools. Default content: -.nf -local\-zone: "localhost." static -local\-data: "localhost. 10800 IN NS localhost." -local\-data: "localhost. 10800 IN - SOA localhost. nobody.invalid. 1 3600 1200 604800 10800" -local\-data: "localhost. 10800 IN A 127.0.0.1" -local\-data: "localhost. 10800 IN AAAA ::1" -.fi -.TP 10 -\h'5'\fIreverse IPv4 loopback\fR -Default content: -.nf -local\-zone: "127.in\-addr.arpa." static -local\-data: "127.in\-addr.arpa. 10800 IN NS localhost." -local\-data: "127.in\-addr.arpa. 10800 IN - SOA localhost. nobody.invalid. 1 3600 1200 604800 10800" -local\-data: "1.0.0.127.in\-addr.arpa. 10800 IN - PTR localhost." -.fi -.TP 10 -\h'5'\fIreverse IPv6 loopback\fR -Default content: -.nf -local\-zone: "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0. - 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa." static -local\-data: "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0. - 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa. 10800 IN - NS localhost." -local\-data: "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0. - 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa. 10800 IN - SOA localhost. nobody.invalid. 1 3600 1200 604800 10800" -local\-data: "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0. - 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa. 10800 IN - PTR localhost." -.fi -.TP 10 -\h'5'\fIonion (RFC 7686)\fR -Default content: -.nf -local\-zone: "onion." static -local\-data: "onion. 10800 IN NS localhost." -local\-data: "onion. 10800 IN - SOA localhost. nobody.invalid. 1 3600 1200 604800 10800" -.fi -.TP 10 -\h'5'\fIreverse RFC1918 local use zones\fR -Reverse data for zones 10.in\-addr.arpa, 16.172.in\-addr.arpa to -31.172.in\-addr.arpa, 168.192.in\-addr.arpa. -The \fBlocal\-zone:\fR is set static and as \fBlocal\-data:\fR SOA and NS -records are provided. -.TP 10 -\h'5'\fIreverse RFC3330 IP4 this, link\-local, testnet and broadcast\fR -Reverse data for zones 0.in\-addr.arpa, 254.169.in\-addr.arpa, -2.0.192.in\-addr.arpa (TEST NET 1), 100.51.198.in\-addr.arpa (TEST NET 2), -113.0.203.in\-addr.arpa (TEST NET 3), 255.255.255.255.in\-addr.arpa. -And from 64.100.in\-addr.arpa to 127.100.in\-addr.arpa (Shared Address Space). -.TP 10 -\h'5'\fIreverse RFC4291 IP6 unspecified\fR -Reverse data for zone -.nf -0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0. -0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa. -.fi -.TP 10 -\h'5'\fIreverse RFC4193 IPv6 Locally Assigned Local Addresses\fR -Reverse data for zone D.F.ip6.arpa. -.TP 10 -\h'5'\fIreverse RFC4291 IPv6 Link Local Addresses\fR -Reverse data for zones 8.E.F.ip6.arpa to B.E.F.ip6.arpa. -.TP 10 -\h'5'\fIreverse IPv6 Example Prefix\fR -Reverse data for zone 8.B.D.0.1.0.0.2.ip6.arpa. This zone is used for -tutorials and examples. You can remove the block on this zone with: -.nf - local\-zone: 8.B.D.0.1.0.0.2.ip6.arpa. nodefault -.fi -You can also selectively unblock a part of the zone by making that part -transparent with a local\-zone statement. -This also works with the other default zones. -.\" End of local-zone listing. -.TP 5 -.B local\-data: \fI"" -Configure local data, which is served in reply to queries for it. -The query has to match exactly unless you configure the local\-zone as -redirect. If not matched exactly, the local\-zone type determines -further processing. If local\-data is configured that is not a subdomain of -a local\-zone, a transparent local\-zone is configured. -For record types such as TXT, use single quotes, as in -local\-data: 'example. TXT "text"'. -.IP -If you need more complicated authoritative data, with referrals, wildcards, -CNAME/DNAME support, or DNSSEC authoritative service, setup a stub\-zone for -it as detailed in the stub zone section below. -.TP 5 -.B local\-data\-ptr: \fI"IPaddr name" -Configure local data shorthand for a PTR record with the reversed IPv4 or -IPv6 address and the host name. For example "192.0.2.4 www.example.com". -TTL can be inserted like this: "2001:DB8::4 7200 www.example.com" -.TP 5 -.B local\-zone\-tag: \fI <"list of tags"> -Assign tags to localzones. Tagged localzones will only be applied when the -used access-control element has a matching tag. Tags must be defined in -\fIdefine\-tags\fR. Enclose list of tags in quotes ("") and put spaces between -tags. -.TP 5 -.B local\-zone\-override: \fI -Override the localzone type for queries from addresses matching netblock. -Use this localzone type, regardless the type configured for the local-zone -(both tagged and untagged) and regardless the type configured using -access\-control\-tag\-action. -.TP 5 -.B ratelimit: \fI -Enable ratelimiting of queries sent to nameserver for performing recursion. -If 0, the default, it is disabled. This option is experimental at this time. -The ratelimit is in queries per second that are allowed. More queries are -turned away with an error (servfail). This stops recursive floods, eg. random -query names, but not spoofed reflection floods. Cached responses are not -ratelimited by this setting. The zone of the query is determined by examining -the nameservers for it, the zone name is used to keep track of the rate. -For example, 1000 may be a suitable value to stop the server from being -overloaded with random names, and keeps unbound from sending traffic to the -nameservers for those zones. -.TP 5 -.B ratelimit\-size: \fI -Give the size of the data structure in which the current ongoing rates are -kept track in. Default 4m. In bytes or use m(mega), k(kilo), g(giga). -The ratelimit structure is small, so this data structure likely does -not need to be large. -.TP 5 -.B ratelimit\-slabs: \fI -Give power of 2 number of slabs, this is used to reduce lock contention -in the ratelimit tracking data structure. Close to the number of cpus is -a fairly good setting. -.TP 5 -.B ratelimit\-factor: \fI -Set the amount of queries to rate limit when the limit is exceeded. -If set to 0, all queries are dropped for domains where the limit is -exceeded. If set to another value, 1 in that number is allowed through -to complete. Default is 10, allowing 1/10 traffic to flow normally. -This can make ordinary queries complete (if repeatedly queried for), -and enter the cache, whilst also mitigating the traffic flow by the -factor given. -.TP 5 -.B ratelimit\-for\-domain: \fI -Override the global ratelimit for an exact match domain name with the listed -number. You can give this for any number of names. For example, for -a top\-level\-domain you may want to have a higher limit than other names. -.TP 5 -.B ratelimit\-below\-domain: \fI -Override the global ratelimit for a domain name that ends in this name. -You can give this multiple times, it then describes different settings -in different parts of the namespace. The closest matching suffix is used -to determine the qps limit. The rate for the exact matching domain name -is not changed, use ratelimit\-for\-domain to set that, you might want -to use different settings for a top\-level\-domain and subdomains. -.TP 5 -.B ip\-ratelimit: \fI -Enable global ratelimiting of queries accepted per ip address. -If 0, the default, it is disabled. This option is experimental at this time. -The ratelimit is in queries per second that are allowed. More queries are -completely dropped and will not receive a reply, SERVFAIL or otherwise. -IP ratelimiting happens before looking in the cache. This may be useful for -mitigating amplification attacks. -.TP 5 -.B ip\-ratelimit\-size: \fI -Give the size of the data structure in which the current ongoing rates are -kept track in. Default 4m. In bytes or use m(mega), k(kilo), g(giga). -The ip ratelimit structure is small, so this data structure likely does -not need to be large. -.TP 5 -.B ip\-ratelimit\-slabs: \fI -Give power of 2 number of slabs, this is used to reduce lock contention -in the ip ratelimit tracking data structure. Close to the number of cpus is -a fairly good setting. -.TP 5 -.B ip\-ratelimit\-factor: \fI -Set the amount of queries to rate limit when the limit is exceeded. -If set to 0, all queries are dropped for addresses where the limit is -exceeded. If set to another value, 1 in that number is allowed through -to complete. Default is 10, allowing 1/10 traffic to flow normally. -This can make ordinary queries complete (if repeatedly queried for), -and enter the cache, whilst also mitigating the traffic flow by the -factor given. -.SS "Remote Control Options" -In the -.B remote\-control: -clause are the declarations for the remote control facility. If this is -enabled, the \fIunbound\-control\fR(8) utility can be used to send -commands to the running unbound server. The server uses these clauses -to setup SSLv3 / TLSv1 security for the connection. The -\fIunbound\-control\fR(8) utility also reads the \fBremote\-control\fR -section for options. To setup the correct self\-signed certificates use the -\fIunbound\-control\-setup\fR(8) utility. -.TP 5 -.B control\-enable: \fI -The option is used to enable remote control, default is "no". -If turned off, the server does not listen for control commands. -.TP 5 -.B control\-interface: \fI -Give IPv4 or IPv6 addresses or local socket path to listen on for -control commands. -By default localhost (127.0.0.1 and ::1) is listened to. -Use 0.0.0.0 and ::0 to listen to all interfaces. -If you change this and permissions have been dropped, you must restart -the server for the change to take effect. -.TP 5 -.B control\-port: \fI -The port number to listen on for IPv4 or IPv6 control interfaces, -default is 8953. -If you change this and permissions have been dropped, you must restart -the server for the change to take effect. -.TP 5 -.B control\-use\-cert: \fI -Whether to require certificate authentication of control connections. -The default is "yes". -This should not be changed unless there are other mechanisms in place -to prevent untrusted users from accessing the remote control -interface. -.TP 5 -.B server\-key\-file: \fI -Path to the server private key, by default unbound_server.key. -This file is generated by the \fIunbound\-control\-setup\fR utility. -This file is used by the unbound server, but not by \fIunbound\-control\fR. -.TP 5 -.B server\-cert\-file: \fI -Path to the server self signed certificate, by default unbound_server.pem. -This file is generated by the \fIunbound\-control\-setup\fR utility. -This file is used by the unbound server, and also by \fIunbound\-control\fR. -.TP 5 -.B control\-key\-file: \fI -Path to the control client private key, by default unbound_control.key. -This file is generated by the \fIunbound\-control\-setup\fR utility. -This file is used by \fIunbound\-control\fR. -.TP 5 -.B control\-cert\-file: \fI -Path to the control client certificate, by default unbound_control.pem. -This certificate has to be signed with the server certificate. -This file is generated by the \fIunbound\-control\-setup\fR utility. -This file is used by \fIunbound\-control\fR. -.SS "Stub Zone Options" -.LP -There may be multiple -.B stub\-zone: -clauses. Each with a name: and zero or more hostnames or IP addresses. -For the stub zone this list of nameservers is used. Class IN is assumed. -The servers should be authority servers, not recursors; unbound performs -the recursive processing itself for stub zones. -.P -The stub zone can be used to configure authoritative data to be used -by the resolver that cannot be accessed using the public internet servers. -This is useful for company\-local data or private zones. Setup an -authoritative server on a different host (or different port). Enter a config -entry for unbound with -.B stub\-addr: -. -The unbound resolver can then access the data, without referring to the -public internet for it. -.P -This setup allows DNSSEC signed zones to be served by that -authoritative server, in which case a trusted key entry with the public key -can be put in config, so that unbound can validate the data and set the AD -bit on replies for the private zone (authoritative servers do not set the -AD bit). This setup makes unbound capable of answering queries for the -private zone, and can even set the AD bit ('authentic'), but the AA -('authoritative') bit is not set on these replies. -.P -Consider adding \fBserver:\fR statements for \fBdomain\-insecure:\fR and -for \fBlocal\-zone:\fI name nodefault\fR for the zone if it is a locally -served zone. The insecure clause stops DNSSEC from invalidating the -zone. The local zone nodefault (or \fItransparent\fR) clause makes the -(reverse\-) zone bypass unbound's filtering of RFC1918 zones. -.TP -.B name: \fI -Name of the stub zone. -.TP -.B stub\-host: \fI -Name of stub zone nameserver. Is itself resolved before it is used. -.TP -.B stub\-addr: \fI -IP address of stub zone nameserver. Can be IP 4 or IP 6. -To use a nondefault port for DNS communication append '@' with the port number. -.TP -.B stub\-prime: \fI -This option is by default off. If enabled it performs NS set priming, -which is similar to root hints, where it starts using the list of nameservers -currently published by the zone. Thus, if the hint list is slightly outdated, -the resolver picks up a correct list online. -.TP -.B stub\-first: \fI -If enabled, a query is attempted without the stub clause if it fails. -The data could not be retrieved and would have caused SERVFAIL because -the servers are unreachable, instead it is tried without this clause. -The default is no. -.TP -.B stub\-ssl\-upstream: \fI -Enabled or disable whether the queries to this stub use SSL for transport. -Default is no. -.SS "Forward Zone Options" -.LP -There may be multiple -.B forward\-zone: -clauses. Each with a \fBname:\fR and zero or more hostnames or IP -addresses. For the forward zone this list of nameservers is used to -forward the queries to. The servers listed as \fBforward\-host:\fR and -\fBforward\-addr:\fR have to handle further recursion for the query. Thus, -those servers are not authority servers, but are (just like unbound is) -recursive servers too; unbound does not perform recursion itself for the -forward zone, it lets the remote server do it. Class IN is assumed. -A forward\-zone entry with name "." and a forward\-addr target will -forward all queries to that other server (unless it can answer from -the cache). -.TP -.B name: \fI -Name of the forward zone. -.TP -.B forward\-host: \fI -Name of server to forward to. Is itself resolved before it is used. -.TP -.B forward\-addr: \fI -IP address of server to forward to. Can be IP 4 or IP 6. -To use a nondefault port for DNS communication append '@' with the port number. -.TP -.B forward\-first: \fI -If enabled, a query is attempted without the forward clause if it fails. -The data could not be retrieved and would have caused SERVFAIL because -the servers are unreachable, instead it is tried without this clause. -The default is no. -.TP -.B forward\-ssl\-upstream: \fI -Enabled or disable whether the queries to this forwarder use SSL for transport. -Default is no. -.SS "View Options" -.LP -There may be multiple -.B view: -clauses. Each with a \fBname:\fR and zero or more \fBlocal\-zone\fR and -\fBlocal\-data\fR elements. View can be mapped to requests by specifying the view -name in an \fBaccess\-control\-view\fR element. Options from matching views will -override global options. Global options will be used if no matching view -is found. -.TP -.B name: \fI -Name of the view. Must be unique. This name is used in access\-control\-view -elements. -.TP -.B local\-zone: \fI -View specific local\-zone elements. Has the same types and behaviour as the -global local\-zone elements. -.TP -.B local\-data: \fI"" -View specific local\-data elements. Has the same behaviour as the global -local\-data elements. -.TP -.B local\-data\-ptr: \fI"IPaddr name" -View specific local\-data\-ptr elements. Has the same behaviour as the global -local\-data\-ptr elements. -.TP -.B view\-first: \fI -If enabled, it attempts to use the global local\-zone and local\-data if there -is no match in the view specific options. -The default is no. -.SS "Python Module Options" -.LP -The -.B python: -clause gives the settings for the \fIpython\fR(1) script module. This module -acts like the iterator and validator modules do, on queries and answers. -To enable the script module it has to be compiled into the daemon, -and the word "python" has to be put in the \fBmodule\-config:\fR option -(usually first, or between the validator and iterator). -.LP -If the \fBchroot:\fR option is enabled, you should make sure Python's -library directory structure is bind mounted in the new root environment, see -\fImount\fR(8). Also the \fBpython\-script:\fR path should be specified as an -absolute path relative to the new root, or as a relative path to the working -directory. -.TP -.B python\-script: \fI\fR -The script file to load. -.SS "DNS64 Module Options" -.LP -The dns64 module must be configured in the \fBmodule\-config:\fR "dns64 -validator iterator" directive and be compiled into the daemon to be -enabled. These settings go in the \fBserver:\fR section. -.TP -.B dns64\-prefix: \fI\fR -This sets the DNS64 prefix to use to synthesize AAAA records with. -It must be /96 or shorter. The default prefix is 64:ff9b::/96. -.TP -.B dns64\-synthall: \fI\fR -Debug option, default no. If enabled, synthesize all AAAA records -despite the presence of actual AAAA records. -.SS "DNSCrypt Options" -.LP -The -.B dnscrypt: -clause give the settings of the dnscrypt channel. While those options are -available, they are only meaningful if unbound was compiled with -\fB\-\-enable\-dnscrypt\fR. -Currently certificate and secret/public keys cannot be generated by unbound. -You can use dnscrypt-wrapper to generate those: https://github.com/cofyc/dnscrypt-wrapper/blob/master/README.md#usage -.TP -.B dnscrypt\-enable: \fI\fR -Whether or not the \fBdnscrypt\fR config should be enabled. You may define -configuration but not activate it. -The default is no. -.TP -.B dnscrypt\-port: \fI -On which port should \fBdnscrypt\fR should be activated. Note that you should -have a matching \fBinterface\fR option defined in the \fBserver\fR section for -this port. -.TP -.B dnscrypt\-provider: \fI\fR -The provider name to use to distribute certificates. This is of the form: -\fB2.dnscrypt-cert.example.com.\fR. The name \fIMUST\fR end with a dot. -.TP -.B dnscrypt\-secret\-key: \fI\fR -Path to the time limited secret key file. This option may be specified multiple -times. -.TP -.B dnscrypt\-provider\-cert: \fI\fR -Path to the certificate related to the \fBdnscrypt\-secret\-key\fRs. This option -may be specified multiple times. -.SS "EDNS Client Subnet Module Options" -.LP -The ECS module must be configured in the \fBmodule\-config:\fR "subnetcache -validator iterator" directive and be compiled into the daemon to be -enabled. These settings go in the \fBserver:\fR section. -.LP -If the destination address is whitelisted with Unbound will add the EDNS0 option -to the query containing the relevant part of the client's address. When an -answer contains the ECS option the response and the option are placed in a -specialized cache. If the authority indicated no support, the response is stored -in the regular cache. -.LP -Additionally, when a client includes the option in its queries, Unbound will -forward the option to the authority regardless of the authorities presence in -the whitelist. In this case the lookup in the regular cache is skipped. -.LP -The maximum size of the ECS cache is controlled by 'msg-cache-size' in the -configuration file. On top of that, for each query only 100 different subnets -are allowed to be stored for each address family. Exceeding that number, older -entries will be purged from cache. -.TP -.B send\-client\-subnet: \fI\fR -Send client source address to this authority. Append /num to indicate a -classless delegation netblock, for example like 10.2.3.4/24 or 2001::11/64. Can -be given multiple times. Authorities not listed will not receive edns-subnet -information. -.TP -.B client\-subnet\-always\-forward: \fI\fR -Specify whether the ECS whitelist check (configured using -\fBsend\-client\-subnet\fR) is applied for all queries, even if the triggering -query contains an ECS record, or only for queries for which the ECS record is -generated using the querier address (and therefore did not contain ECS data in -the client query). If enabled, the whitelist check is skipped when the client -query contains an ECS record. Default is no. -.TP -.B max\-client\-subnet\-ipv6: \fI\fR -Specifies the maximum prefix length of the client source address we are willing -to expose to third parties for IPv6. Defaults to 56. -.TP -.B max\-client\-subnet\-ipv4: \fI\fR -Specifies the maximum prefix length of the client source address we are willing -to expose to third parties for IPv4. Defaults to 24. -.SH "MEMORY CONTROL EXAMPLE" -In the example config settings below memory usage is reduced. Some service -levels are lower, notable very large data and a high TCP load are no longer -supported. Very large data and high TCP loads are exceptional for the DNS. -DNSSEC validation is enabled, just add trust anchors. -If you do not have to worry about programs using more than 3 Mb of memory, -the below example is not for you. Use the defaults to receive full service, -which on BSD\-32bit tops out at 30\-40 Mb after heavy usage. -.P -.nf -# example settings that reduce memory usage -server: - num\-threads: 1 - outgoing\-num\-tcp: 1 # this limits TCP service, uses less buffers. - incoming\-num\-tcp: 1 - outgoing\-range: 60 # uses less memory, but less performance. - msg\-buffer\-size: 8192 # note this limits service, 'no huge stuff'. - msg\-cache\-size: 100k - msg\-cache\-slabs: 1 - rrset\-cache\-size: 100k - rrset\-cache\-slabs: 1 - infra\-cache\-numhosts: 200 - infra\-cache\-slabs: 1 - key\-cache\-size: 100k - key\-cache\-slabs: 1 - neg\-cache\-size: 10k - num\-queries\-per\-thread: 30 - target\-fetch\-policy: "2 1 0 0 0 0" - harden\-large\-queries: "yes" - harden\-short\-bufsize: "yes" -.fi -.SH "FILES" -.TP -.I @UNBOUND_RUN_DIR@ -default unbound working directory. -.TP -.I @UNBOUND_CHROOT_DIR@ -default -\fIchroot\fR(2) -location. -.TP -.I @ub_conf_file@ -unbound configuration file. -.TP -.I @UNBOUND_PIDFILE@ -default unbound pidfile with process ID of the running daemon. -.TP -.I unbound.log -unbound log file. default is to log to -\fIsyslog\fR(3). -.SH "SEE ALSO" -\fIunbound\fR(8), -\fIunbound\-checkconf\fR(8). -.SH "AUTHORS" -.B Unbound -was written by NLnet Labs. Please see CREDITS file -in the distribution for further details. diff --git a/external/unbound/doc/unbound.doxygen b/external/unbound/doc/unbound.doxygen deleted file mode 100644 index fe3987681..000000000 --- a/external/unbound/doc/unbound.doxygen +++ /dev/null @@ -1,1650 +0,0 @@ -# Doxyfile 1.7.1 - -# This file describes the settings to be used by the documentation system -# doxygen (www.doxygen.org) for a project -# -# All text after a hash (#) is considered a comment and will be ignored -# The format is: -# TAG = value [value, ...] -# For lists items can also be appended using: -# TAG += value [value, ...] -# Values that contain spaces should be placed between quotes (" ") - -#--------------------------------------------------------------------------- -# Project related configuration options -#--------------------------------------------------------------------------- - -# This tag specifies the encoding used for all characters in the config file -# that follow. The default is UTF-8 which is also the encoding used for all -# text before the first occurrence of this tag. Doxygen uses libiconv (or the -# iconv built into libc) for the transcoding. See -# http://www.gnu.org/software/libiconv for the list of possible encodings. - -DOXYFILE_ENCODING = UTF-8 - -# The PROJECT_NAME tag is a single word (or a sequence of words surrounded -# by quotes) that should identify the project. - -PROJECT_NAME = unbound - -# The PROJECT_NUMBER tag can be used to enter a project or revision number. -# This could be handy for archiving the generated documentation or -# if some version control system is used. - -PROJECT_NUMBER = 0.1 - -# The OUTPUT_DIRECTORY tag is used to specify the (relative or absolute) -# base path where the generated documentation will be put. -# If a relative path is entered, it will be relative to the location -# where doxygen was started. If left blank the current directory will be used. - -OUTPUT_DIRECTORY = doc - -# If the CREATE_SUBDIRS tag is set to YES, then doxygen will create -# 4096 sub-directories (in 2 levels) under the output directory of each output -# format and will distribute the generated files over these directories. -# Enabling this option can be useful when feeding doxygen a huge amount of -# source files, where putting all generated files in the same directory would -# otherwise cause performance problems for the file system. - -CREATE_SUBDIRS = NO - -# The OUTPUT_LANGUAGE tag is used to specify the language in which all -# documentation generated by doxygen is written. Doxygen will use this -# information to generate all constant output in the proper language. -# The default language is English, other supported languages are: -# Afrikaans, Arabic, Brazilian, Catalan, Chinese, Chinese-Traditional, -# Croatian, Czech, Danish, Dutch, Esperanto, Farsi, Finnish, French, German, -# Greek, Hungarian, Italian, Japanese, Japanese-en (Japanese with English -# messages), Korean, Korean-en, Lithuanian, Norwegian, Macedonian, Persian, -# Polish, Portuguese, Romanian, Russian, Serbian, Serbian-Cyrilic, Slovak, -# Slovene, Spanish, Swedish, Ukrainian, and Vietnamese. - -OUTPUT_LANGUAGE = English - -# If the BRIEF_MEMBER_DESC tag is set to YES (the default) Doxygen will -# include brief member descriptions after the members that are listed in -# the file and class documentation (similar to JavaDoc). -# Set to NO to disable this. - -BRIEF_MEMBER_DESC = YES - -# If the REPEAT_BRIEF tag is set to YES (the default) Doxygen will prepend -# the brief description of a member or function before the detailed description. -# Note: if both HIDE_UNDOC_MEMBERS and BRIEF_MEMBER_DESC are set to NO, the -# brief descriptions will be completely suppressed. - -REPEAT_BRIEF = YES - -# This tag implements a quasi-intelligent brief description abbreviator -# that is used to form the text in various listings. Each string -# in this list, if found as the leading text of the brief description, will be -# stripped from the text and the result after processing the whole list, is -# used as the annotated text. Otherwise, the brief description is used as-is. -# If left blank, the following values are used ("$name" is automatically -# replaced with the name of the entity): "The $name class" "The $name widget" -# "The $name file" "is" "provides" "specifies" "contains" -# "represents" "a" "an" "the" - -ABBREVIATE_BRIEF = - -# If the ALWAYS_DETAILED_SEC and REPEAT_BRIEF tags are both set to YES then -# Doxygen will generate a detailed section even if there is only a brief -# description. - -ALWAYS_DETAILED_SEC = NO - -# If the INLINE_INHERITED_MEMB tag is set to YES, doxygen will show all -# inherited members of a class in the documentation of that class as if those -# members were ordinary class members. Constructors, destructors and assignment -# operators of the base classes will not be shown. - -INLINE_INHERITED_MEMB = NO - -# If the FULL_PATH_NAMES tag is set to YES then Doxygen will prepend the full -# path before files name in the file list and in the header files. If set -# to NO the shortest path that makes the file name unique will be used. - -FULL_PATH_NAMES = YES - -# If the FULL_PATH_NAMES tag is set to YES then the STRIP_FROM_PATH tag -# can be used to strip a user-defined part of the path. Stripping is -# only done if one of the specified strings matches the left-hand part of -# the path. The tag can be used to show relative paths in the file list. -# If left blank the directory from which doxygen is run is used as the -# path to strip. - -STRIP_FROM_PATH = - -# The STRIP_FROM_INC_PATH tag can be used to strip a user-defined part of -# the path mentioned in the documentation of a class, which tells -# the reader which header file to include in order to use a class. -# If left blank only the name of the header file containing the class -# definition is used. Otherwise one should specify the include paths that -# are normally passed to the compiler using the -I flag. - -STRIP_FROM_INC_PATH = - -# If the SHORT_NAMES tag is set to YES, doxygen will generate much shorter -# (but less readable) file names. This can be useful is your file systems -# doesn't support long names like on DOS, Mac, or CD-ROM. - -SHORT_NAMES = NO - -# If the JAVADOC_AUTOBRIEF tag is set to YES then Doxygen -# will interpret the first line (until the first dot) of a JavaDoc-style -# comment as the brief description. If set to NO, the JavaDoc -# comments will behave just like regular Qt-style comments -# (thus requiring an explicit @brief command for a brief description.) - -JAVADOC_AUTOBRIEF = YES - -# If the QT_AUTOBRIEF tag is set to YES then Doxygen will -# interpret the first line (until the first dot) of a Qt-style -# comment as the brief description. If set to NO, the comments -# will behave just like regular Qt-style comments (thus requiring -# an explicit \brief command for a brief description.) - -QT_AUTOBRIEF = NO - -# The MULTILINE_CPP_IS_BRIEF tag can be set to YES to make Doxygen -# treat a multi-line C++ special comment block (i.e. a block of //! or /// -# comments) as a brief description. This used to be the default behaviour. -# The new default is to treat a multi-line C++ comment block as a detailed -# description. Set this tag to YES if you prefer the old behaviour instead. - -MULTILINE_CPP_IS_BRIEF = NO - -# If the INHERIT_DOCS tag is set to YES (the default) then an undocumented -# member inherits the documentation from any documented member that it -# re-implements. - -INHERIT_DOCS = YES - -# If the SEPARATE_MEMBER_PAGES tag is set to YES, then doxygen will produce -# a new page for each member. If set to NO, the documentation of a member will -# be part of the file/class/namespace that contains it. - -SEPARATE_MEMBER_PAGES = NO - -# The TAB_SIZE tag can be used to set the number of spaces in a tab. -# Doxygen uses this value to replace tabs by spaces in code fragments. - -TAB_SIZE = 8 - -# This tag can be used to specify a number of aliases that acts -# as commands in the documentation. An alias has the form "name=value". -# For example adding "sideeffect=\par Side Effects:\n" will allow you to -# put the command \sideeffect (or @sideeffect) in the documentation, which -# will result in a user-defined paragraph with heading "Side Effects:". -# You can put \n's in the value part of an alias to insert newlines. - -ALIASES = - -# Set the OPTIMIZE_OUTPUT_FOR_C tag to YES if your project consists of C -# sources only. Doxygen will then generate output that is more tailored for C. -# For instance, some of the names that are used will be different. The list -# of all members will be omitted, etc. - -OPTIMIZE_OUTPUT_FOR_C = YES - -# Set the OPTIMIZE_OUTPUT_JAVA tag to YES if your project consists of Java -# sources only. Doxygen will then generate output that is more tailored for -# Java. For instance, namespaces will be presented as packages, qualified -# scopes will look different, etc. - -OPTIMIZE_OUTPUT_JAVA = NO - -# Set the OPTIMIZE_FOR_FORTRAN tag to YES if your project consists of Fortran -# sources only. Doxygen will then generate output that is more tailored for -# Fortran. - -OPTIMIZE_FOR_FORTRAN = NO - -# Set the OPTIMIZE_OUTPUT_VHDL tag to YES if your project consists of VHDL -# sources. Doxygen will then generate output that is tailored for -# VHDL. - -OPTIMIZE_OUTPUT_VHDL = NO - -# Doxygen selects the parser to use depending on the extension of the files it -# parses. With this tag you can assign which parser to use for a given extension. -# Doxygen has a built-in mapping, but you can override or extend it using this -# tag. The format is ext=language, where ext is a file extension, and language -# is one of the parsers supported by doxygen: IDL, Java, Javascript, CSharp, C, -# C++, D, PHP, Objective-C, Python, Fortran, VHDL, C, C++. For instance to make -# doxygen treat .inc files as Fortran files (default is PHP), and .f files as C -# (default is Fortran), use: inc=Fortran f=C. Note that for custom extensions -# you also need to set FILE_PATTERNS otherwise the files are not read by doxygen. - -EXTENSION_MAPPING = - -# If you use STL classes (i.e. std::string, std::vector, etc.) but do not want -# to include (a tag file for) the STL sources as input, then you should -# set this tag to YES in order to let doxygen match functions declarations and -# definitions whose arguments contain STL classes (e.g. func(std::string); v.s. -# func(std::string) {}). This also make the inheritance and collaboration -# diagrams that involve STL classes more complete and accurate. - -BUILTIN_STL_SUPPORT = NO - -# If you use Microsoft's C++/CLI language, you should set this option to YES to -# enable parsing support. - -CPP_CLI_SUPPORT = NO - -# Set the SIP_SUPPORT tag to YES if your project consists of sip sources only. -# Doxygen will parse them like normal C++ but will assume all classes use public -# instead of private inheritance when no explicit protection keyword is present. - -SIP_SUPPORT = NO - -# For Microsoft's IDL there are propget and propput attributes to indicate getter -# and setter methods for a property. Setting this option to YES (the default) -# will make doxygen to replace the get and set methods by a property in the -# documentation. This will only work if the methods are indeed getting or -# setting a simple type. If this is not the case, or you want to show the -# methods anyway, you should set this option to NO. - -IDL_PROPERTY_SUPPORT = YES - -# If member grouping is used in the documentation and the DISTRIBUTE_GROUP_DOC -# tag is set to YES, then doxygen will reuse the documentation of the first -# member in the group (if any) for the other members of the group. By default -# all members of a group must be documented explicitly. - -DISTRIBUTE_GROUP_DOC = NO - -# Set the SUBGROUPING tag to YES (the default) to allow class member groups of -# the same type (for instance a group of public functions) to be put as a -# subgroup of that type (e.g. under the Public Functions section). Set it to -# NO to prevent subgrouping. Alternatively, this can be done per class using -# the \nosubgrouping command. - -SUBGROUPING = YES - -# When TYPEDEF_HIDES_STRUCT is enabled, a typedef of a struct, union, or enum -# is documented as struct, union, or enum with the name of the typedef. So -# typedef struct TypeS {} TypeT, will appear in the documentation as a struct -# with name TypeT. When disabled the typedef will appear as a member of a file, -# namespace, or class. And the struct will be named TypeS. This can typically -# be useful for C code in case the coding convention dictates that all compound -# types are typedef'ed and only the typedef is referenced, never the tag name. - -TYPEDEF_HIDES_STRUCT = NO - -# The SYMBOL_CACHE_SIZE determines the size of the internal cache use to -# determine which symbols to keep in memory and which to flush to disk. -# When the cache is full, less often used symbols will be written to disk. -# For small to medium size projects (<1000 input files) the default value is -# probably good enough. For larger projects a too small cache size can cause -# doxygen to be busy swapping symbols to and from disk most of the time -# causing a significant performance penality. -# If the system has enough physical memory increasing the cache will improve the -# performance by keeping more symbols in memory. Note that the value works on -# a logarithmic scale so increasing the size by one will rougly double the -# memory usage. The cache size is given by this formula: -# 2^(16+SYMBOL_CACHE_SIZE). The valid range is 0..9, the default is 0, -# corresponding to a cache size of 2^16 = 65536 symbols - -#SYMBOL_CACHE_SIZE = 0 - -#--------------------------------------------------------------------------- -# Build related configuration options -#--------------------------------------------------------------------------- - -# If the EXTRACT_ALL tag is set to YES doxygen will assume all entities in -# documentation are documented, even if no documentation was available. -# Private class members and static file members will be hidden unless -# the EXTRACT_PRIVATE and EXTRACT_STATIC tags are set to YES - -EXTRACT_ALL = NO - -# If the EXTRACT_PRIVATE tag is set to YES all private members of a class -# will be included in the documentation. - -EXTRACT_PRIVATE = YES - -# If the EXTRACT_STATIC tag is set to YES all static members of a file -# will be included in the documentation. - -EXTRACT_STATIC = YES - -# If the EXTRACT_LOCAL_CLASSES tag is set to YES classes (and structs) -# defined locally in source files will be included in the documentation. -# If set to NO only classes defined in header files are included. - -EXTRACT_LOCAL_CLASSES = YES - -# This flag is only useful for Objective-C code. When set to YES local -# methods, which are defined in the implementation section but not in -# the interface are included in the documentation. -# If set to NO (the default) only methods in the interface are included. - -EXTRACT_LOCAL_METHODS = YES - -# If this flag is set to YES, the members of anonymous namespaces will be -# extracted and appear in the documentation as a namespace called -# 'anonymous_namespace{file}', where file will be replaced with the base -# name of the file that contains the anonymous namespace. By default -# anonymous namespace are hidden. - -EXTRACT_ANON_NSPACES = NO - -# If the HIDE_UNDOC_MEMBERS tag is set to YES, Doxygen will hide all -# undocumented members of documented classes, files or namespaces. -# If set to NO (the default) these members will be included in the -# various overviews, but no documentation section is generated. -# This option has no effect if EXTRACT_ALL is enabled. - -HIDE_UNDOC_MEMBERS = NO - -# If the HIDE_UNDOC_CLASSES tag is set to YES, Doxygen will hide all -# undocumented classes that are normally visible in the class hierarchy. -# If set to NO (the default) these classes will be included in the various -# overviews. This option has no effect if EXTRACT_ALL is enabled. - -HIDE_UNDOC_CLASSES = NO - -# If the HIDE_FRIEND_COMPOUNDS tag is set to YES, Doxygen will hide all -# friend (class|struct|union) declarations. -# If set to NO (the default) these declarations will be included in the -# documentation. - -HIDE_FRIEND_COMPOUNDS = NO - -# If the HIDE_IN_BODY_DOCS tag is set to YES, Doxygen will hide any -# documentation blocks found inside the body of a function. -# If set to NO (the default) these blocks will be appended to the -# function's detailed documentation block. - -HIDE_IN_BODY_DOCS = NO - -# The INTERNAL_DOCS tag determines if documentation -# that is typed after a \internal command is included. If the tag is set -# to NO (the default) then the documentation will be excluded. -# Set it to YES to include the internal documentation. - -INTERNAL_DOCS = NO - -# If the CASE_SENSE_NAMES tag is set to NO then Doxygen will only generate -# file names in lower-case letters. If set to YES upper-case letters are also -# allowed. This is useful if you have classes or files whose names only differ -# in case and if your file system supports case sensitive file names. Windows -# and Mac users are advised to set this option to NO. - -CASE_SENSE_NAMES = YES - -# If the HIDE_SCOPE_NAMES tag is set to NO (the default) then Doxygen -# will show members with their full class and namespace scopes in the -# documentation. If set to YES the scope will be hidden. - -HIDE_SCOPE_NAMES = NO - -# If the SHOW_INCLUDE_FILES tag is set to YES (the default) then Doxygen -# will put a list of the files that are included by a file in the documentation -# of that file. - -SHOW_INCLUDE_FILES = YES - -# If the FORCE_LOCAL_INCLUDES tag is set to YES then Doxygen -# will list include files with double quotes in the documentation -# rather than with sharp brackets. - -FORCE_LOCAL_INCLUDES = NO - -# If the INLINE_INFO tag is set to YES (the default) then a tag [inline] -# is inserted in the documentation for inline members. - -INLINE_INFO = YES - -# If the SORT_MEMBER_DOCS tag is set to YES (the default) then doxygen -# will sort the (detailed) documentation of file and class members -# alphabetically by member name. If set to NO the members will appear in -# declaration order. - -SORT_MEMBER_DOCS = NO - -# If the SORT_BRIEF_DOCS tag is set to YES then doxygen will sort the -# brief documentation of file, namespace and class members alphabetically -# by member name. If set to NO (the default) the members will appear in -# declaration order. - -SORT_BRIEF_DOCS = NO - -# If the SORT_MEMBERS_CTORS_1ST tag is set to YES then doxygen -# will sort the (brief and detailed) documentation of class members so that -# constructors and destructors are listed first. If set to NO (the default) -# the constructors will appear in the respective orders defined by -# SORT_MEMBER_DOCS and SORT_BRIEF_DOCS. -# This tag will be ignored for brief docs if SORT_BRIEF_DOCS is set to NO -# and ignored for detailed docs if SORT_MEMBER_DOCS is set to NO. - -SORT_MEMBERS_CTORS_1ST = NO - -# If the SORT_GROUP_NAMES tag is set to YES then doxygen will sort the -# hierarchy of group names into alphabetical order. If set to NO (the default) -# the group names will appear in their defined order. - -SORT_GROUP_NAMES = NO - -# If the SORT_BY_SCOPE_NAME tag is set to YES, the class list will be -# sorted by fully-qualified names, including namespaces. If set to -# NO (the default), the class list will be sorted only by class name, -# not including the namespace part. -# Note: This option is not very useful if HIDE_SCOPE_NAMES is set to YES. -# Note: This option applies only to the class list, not to the -# alphabetical list. - -SORT_BY_SCOPE_NAME = NO - -# The GENERATE_TODOLIST tag can be used to enable (YES) or -# disable (NO) the todo list. This list is created by putting \todo -# commands in the documentation. - -GENERATE_TODOLIST = YES - -# The GENERATE_TESTLIST tag can be used to enable (YES) or -# disable (NO) the test list. This list is created by putting \test -# commands in the documentation. - -GENERATE_TESTLIST = YES - -# The GENERATE_BUGLIST tag can be used to enable (YES) or -# disable (NO) the bug list. This list is created by putting \bug -# commands in the documentation. - -GENERATE_BUGLIST = YES - -# The GENERATE_DEPRECATEDLIST tag can be used to enable (YES) or -# disable (NO) the deprecated list. This list is created by putting -# \deprecated commands in the documentation. - -GENERATE_DEPRECATEDLIST= YES - -# The ENABLED_SECTIONS tag can be used to enable conditional -# documentation sections, marked by \if sectionname ... \endif. - -ENABLED_SECTIONS = - -# The MAX_INITIALIZER_LINES tag determines the maximum number of lines -# the initial value of a variable or define consists of for it to appear in -# the documentation. If the initializer consists of more lines than specified -# here it will be hidden. Use a value of 0 to hide initializers completely. -# The appearance of the initializer of individual variables and defines in the -# documentation can be controlled using \showinitializer or \hideinitializer -# command in the documentation regardless of this setting. - -MAX_INITIALIZER_LINES = 30 - -# Set the SHOW_USED_FILES tag to NO to disable the list of files generated -# at the bottom of the documentation of classes and structs. If set to YES the -# list will mention the files that were used to generate the documentation. - -SHOW_USED_FILES = YES - -# If the sources in your project are distributed over multiple directories -# then setting the SHOW_DIRECTORIES tag to YES will show the directory hierarchy -# in the documentation. The default is NO. - -#SHOW_DIRECTORIES = YES - -# Set the SHOW_FILES tag to NO to disable the generation of the Files page. -# This will remove the Files entry from the Quick Index and from the -# Folder Tree View (if specified). The default is YES. - -SHOW_FILES = YES - -# Set the SHOW_NAMESPACES tag to NO to disable the generation of the -# Namespaces page. -# This will remove the Namespaces entry from the Quick Index -# and from the Folder Tree View (if specified). The default is YES. - -SHOW_NAMESPACES = YES - -# The FILE_VERSION_FILTER tag can be used to specify a program or script that -# doxygen should invoke to get the current version for each file (typically from -# the version control system). Doxygen will invoke the program by executing (via -# popen()) the command , where is the value of -# the FILE_VERSION_FILTER tag, and is the name of an input file -# provided by doxygen. Whatever the program writes to standard output -# is used as the file version. See the manual for examples. - -FILE_VERSION_FILTER = - -# The LAYOUT_FILE tag can be used to specify a layout file which will be parsed -# by doxygen. The layout file controls the global structure of the generated -# output files in an output format independent way. The create the layout file -# that represents doxygen's defaults, run doxygen with the -l option. -# You can optionally specify a file name after the option, if omitted -# DoxygenLayout.xml will be used as the name of the layout file. - -LAYOUT_FILE = - -#--------------------------------------------------------------------------- -# configuration options related to warning and progress messages -#--------------------------------------------------------------------------- - -# The QUIET tag can be used to turn on/off the messages that are generated -# by doxygen. Possible values are YES and NO. If left blank NO is used. - -QUIET = YES - -# The WARNINGS tag can be used to turn on/off the warning messages that are -# generated by doxygen. Possible values are YES and NO. If left blank -# NO is used. - -WARNINGS = YES - -# If WARN_IF_UNDOCUMENTED is set to YES, then doxygen will generate warnings -# for undocumented members. If EXTRACT_ALL is set to YES then this flag will -# automatically be disabled. - -WARN_IF_UNDOCUMENTED = NO - -# If WARN_IF_DOC_ERROR is set to YES, doxygen will generate warnings for -# potential errors in the documentation, such as not documenting some -# parameters in a documented function, or documenting parameters that -# don't exist or using markup commands wrongly. - -WARN_IF_DOC_ERROR = YES - -# This WARN_NO_PARAMDOC option can be abled to get warnings for -# functions that are documented, but have no documentation for their parameters -# or return value. If set to NO (the default) doxygen will only warn about -# wrong or incomplete parameter documentation, but not about the absence of -# documentation. - -WARN_NO_PARAMDOC = YES - -# The WARN_FORMAT tag determines the format of the warning messages that -# doxygen can produce. The string should contain the $file, $line, and $text -# tags, which will be replaced by the file and line number from which the -# warning originated and the warning text. Optionally the format may contain -# $version, which will be replaced by the version of the file (if it could -# be obtained via FILE_VERSION_FILTER) - -WARN_FORMAT = "$file:$line: $text" - -# The WARN_LOGFILE tag can be used to specify a file to which warning -# and error messages should be written. If left blank the output is written -# to stderr. - -WARN_LOGFILE = - -#--------------------------------------------------------------------------- -# configuration options related to the input files -#--------------------------------------------------------------------------- - -# The INPUT tag can be used to specify the files and/or directories that contain -# documented source files. You may enter file names like "myfile.cpp" or -# directories like "/usr/src/myproject". Separate the files or directories -# with spaces. - -INPUT = . - -# This tag can be used to specify the character encoding of the source files -# that doxygen parses. Internally doxygen uses the UTF-8 encoding, which is -# also the default input encoding. Doxygen uses libiconv (or the iconv built -# into libc) for the transcoding. See http://www.gnu.org/software/libiconv for -# the list of possible encodings. - -INPUT_ENCODING = UTF-8 - -# If the value of the INPUT tag contains directories, you can use the -# FILE_PATTERNS tag to specify one or more wildcard pattern (like *.cpp -# and *.h) to filter out the source-files in the directories. If left -# blank the following patterns are tested: -# *.c *.cc *.cxx *.cpp *.c++ *.java *.ii *.ixx *.ipp *.i++ *.inl *.h *.hh *.hxx -# *.hpp *.h++ *.idl *.odl *.cs *.php *.php3 *.inc *.m *.mm *.py *.f90 - -FILE_PATTERNS = - -# The RECURSIVE tag can be used to turn specify whether or not subdirectories -# should be searched for input files as well. Possible values are YES and NO. -# If left blank NO is used. - -RECURSIVE = YES - -# The EXCLUDE tag can be used to specify files and/or directories that should -# excluded from the INPUT source files. This way you can easily exclude a -# subdirectory from a directory tree whose root is specified with the INPUT tag. - -EXCLUDE = ./build \ - ./compat \ - util/configparser.c \ - util/configparser.h \ - util/configlexer.c \ - util/locks.h \ - pythonmod/unboundmodule.py \ - pythonmod/interface.h \ - pythonmod/examples/resgen.py \ - pythonmod/examples/resmod.py \ - pythonmod/examples/resip.py \ - libunbound/python/unbound.py \ - libunbound/python/libunbound_wrap.c \ - ./ldns-src \ - doc/control_proto_spec.txt \ - doc/requirements.txt - -# The EXCLUDE_SYMLINKS tag can be used select whether or not files or -# directories that are symbolic links (a Unix filesystem feature) are excluded -# from the input. - -EXCLUDE_SYMLINKS = NO - -# If the value of the INPUT tag contains directories, you can use the -# EXCLUDE_PATTERNS tag to specify one or more wildcard patterns to exclude -# certain files from those directories. Note that the wildcards are matched -# against the file with absolute path, so to exclude all test directories -# for example use the pattern */test/* - -EXCLUDE_PATTERNS = - -# The EXCLUDE_SYMBOLS tag can be used to specify one or more symbol names -# (namespaces, classes, functions, etc.) that should be excluded from the -# output. The symbol name can be a fully qualified name, a word, or if the -# wildcard * is used, a substring. Examples: ANamespace, AClass, -# AClass::ANamespace, ANamespace::*Test - -EXCLUDE_SYMBOLS = - -# The EXAMPLE_PATH tag can be used to specify one or more files or -# directories that contain example code fragments that are included (see -# the \include command). - -EXAMPLE_PATH = - -# If the value of the EXAMPLE_PATH tag contains directories, you can use the -# EXAMPLE_PATTERNS tag to specify one or more wildcard pattern (like *.cpp -# and *.h) to filter out the source-files in the directories. If left -# blank all files are included. - -EXAMPLE_PATTERNS = - -# If the EXAMPLE_RECURSIVE tag is set to YES then subdirectories will be -# searched for input files to be used with the \include or \dontinclude -# commands irrespective of the value of the RECURSIVE tag. -# Possible values are YES and NO. If left blank NO is used. - -EXAMPLE_RECURSIVE = NO - -# The IMAGE_PATH tag can be used to specify one or more files or -# directories that contain image that are included in the documentation (see -# the \image command). - -IMAGE_PATH = - -# The INPUT_FILTER tag can be used to specify a program that doxygen should -# invoke to filter for each input file. Doxygen will invoke the filter program -# by executing (via popen()) the command , where -# is the value of the INPUT_FILTER tag, and is the name of an -# input file. Doxygen will then use the output that the filter program writes -# to standard output. -# If FILTER_PATTERNS is specified, this tag will be -# ignored. - -INPUT_FILTER = - -# The FILTER_PATTERNS tag can be used to specify filters on a per file pattern -# basis. -# Doxygen will compare the file name with each pattern and apply the -# filter if there is a match. -# The filters are a list of the form: -# pattern=filter (like *.cpp=my_cpp_filter). See INPUT_FILTER for further -# info on how filters are used. If FILTER_PATTERNS is empty, INPUT_FILTER -# is applied to all files. - -FILTER_PATTERNS = - -# If the FILTER_SOURCE_FILES tag is set to YES, the input filter (if set using -# INPUT_FILTER) will be used to filter the input files when producing source -# files to browse (i.e. when SOURCE_BROWSER is set to YES). - -FILTER_SOURCE_FILES = NO - -#--------------------------------------------------------------------------- -# configuration options related to source browsing -#--------------------------------------------------------------------------- - -# If the SOURCE_BROWSER tag is set to YES then a list of source files will -# be generated. Documented entities will be cross-referenced with these sources. -# Note: To get rid of all source code in the generated output, make sure also -# VERBATIM_HEADERS is set to NO. - -SOURCE_BROWSER = NO - -# Setting the INLINE_SOURCES tag to YES will include the body -# of functions and classes directly in the documentation. - -INLINE_SOURCES = NO - -# Setting the STRIP_CODE_COMMENTS tag to YES (the default) will instruct -# doxygen to hide any special comment blocks from generated source code -# fragments. Normal C and C++ comments will always remain visible. - -STRIP_CODE_COMMENTS = YES - -# If the REFERENCED_BY_RELATION tag is set to YES -# then for each documented function all documented -# functions referencing it will be listed. - -REFERENCED_BY_RELATION = YES - -# If the REFERENCES_RELATION tag is set to YES -# then for each documented function all documented entities -# called/used by that function will be listed. - -REFERENCES_RELATION = YES - -# If the REFERENCES_LINK_SOURCE tag is set to YES (the default) -# and SOURCE_BROWSER tag is set to YES, then the hyperlinks from -# functions in REFERENCES_RELATION and REFERENCED_BY_RELATION lists will -# link to the source code. -# Otherwise they will link to the documentation. - -REFERENCES_LINK_SOURCE = YES - -# If the USE_HTAGS tag is set to YES then the references to source code -# will point to the HTML generated by the htags(1) tool instead of doxygen -# built-in source browser. The htags tool is part of GNU's global source -# tagging system (see http://www.gnu.org/software/global/global.html). You -# will need version 4.8.6 or higher. - -USE_HTAGS = NO - -# If the VERBATIM_HEADERS tag is set to YES (the default) then Doxygen -# will generate a verbatim copy of the header file for each class for -# which an include is specified. Set to NO to disable this. - -VERBATIM_HEADERS = NO - -#--------------------------------------------------------------------------- -# configuration options related to the alphabetical class index -#--------------------------------------------------------------------------- - -# If the ALPHABETICAL_INDEX tag is set to YES, an alphabetical index -# of all compounds will be generated. Enable this if the project -# contains a lot of classes, structs, unions or interfaces. - -ALPHABETICAL_INDEX = YES - -# If the alphabetical index is enabled (see ALPHABETICAL_INDEX) then -# the COLS_IN_ALPHA_INDEX tag can be used to specify the number of columns -# in which this list will be split (can be a number in the range [1..20]) - -COLS_IN_ALPHA_INDEX = 5 - -# In case all classes in a project start with a common prefix, all -# classes will be put under the same header in the alphabetical index. -# The IGNORE_PREFIX tag can be used to specify one or more prefixes that -# should be ignored while generating the index headers. - -IGNORE_PREFIX = - -#--------------------------------------------------------------------------- -# configuration options related to the HTML output -#--------------------------------------------------------------------------- - -# If the GENERATE_HTML tag is set to YES (the default) Doxygen will -# generate HTML output. - -GENERATE_HTML = YES - -# The HTML_OUTPUT tag is used to specify where the HTML docs will be put. -# If a relative path is entered the value of OUTPUT_DIRECTORY will be -# put in front of it. If left blank `html' will be used as the default path. - -HTML_OUTPUT = html - -# The HTML_FILE_EXTENSION tag can be used to specify the file extension for -# each generated HTML page (for example: .htm,.php,.asp). If it is left blank -# doxygen will generate files with .html extension. - -HTML_FILE_EXTENSION = .html - -# The HTML_HEADER tag can be used to specify a personal HTML header for -# each generated HTML page. If it is left blank doxygen will generate a -# standard header. - -HTML_HEADER = - -# The HTML_FOOTER tag can be used to specify a personal HTML footer for -# each generated HTML page. If it is left blank doxygen will generate a -# standard footer. - -HTML_FOOTER = - -# If the HTML_TIMESTAMP tag is set to YES then the generated HTML -# documentation will contain the timesstamp. - -HTML_TIMESTAMP = NO - -# The HTML_STYLESHEET tag can be used to specify a user-defined cascading -# style sheet that is used by each HTML page. It can be used to -# fine-tune the look of the HTML output. If the tag is left blank doxygen -# will generate a default style sheet. Note that doxygen will try to copy -# the style sheet file to the HTML output directory, so don't put your own -# stylesheet in the HTML output directory as well, or it will be erased! - -HTML_STYLESHEET = - -# The HTML_COLORSTYLE_HUE tag controls the color of the HTML output. -# Doxygen will adjust the colors in the stylesheet and background images -# according to this color. Hue is specified as an angle on a colorwheel, -# see http://en.wikipedia.org/wiki/Hue for more information. -# For instance the value 0 represents red, 60 is yellow, 120 is green, -# 180 is cyan, 240 is blue, 300 purple, and 360 is red again. -# The allowed range is 0 to 359. - -#HTML_COLORSTYLE_HUE = 220 - -# The HTML_COLORSTYLE_SAT tag controls the purity (or saturation) of -# the colors in the HTML output. For a value of 0 the output will use -# grayscales only. A value of 255 will produce the most vivid colors. - -#HTML_COLORSTYLE_SAT = 100 - -# The HTML_COLORSTYLE_GAMMA tag controls the gamma correction applied to -# the luminance component of the colors in the HTML output. Values below -# 100 gradually make the output lighter, whereas values above 100 make -# the output darker. The value divided by 100 is the actual gamma applied, -# so 80 represents a gamma of 0.8, The value 220 represents a gamma of 2.2, -# and 100 does not change the gamma. - -#HTML_COLORSTYLE_GAMMA = 80 - -# If the HTML_TIMESTAMP tag is set to YES then the footer of each generated HTML -# page will contain the date and time when the page was generated. Setting -# this to NO can help when comparing the output of multiple runs. - -HTML_TIMESTAMP = YES - -# If the HTML_ALIGN_MEMBERS tag is set to YES, the members of classes, -# files or namespaces will be aligned in HTML using tables. If set to -# NO a bullet list will be used. - -#HTML_ALIGN_MEMBERS = YES - -# If the HTML_DYNAMIC_SECTIONS tag is set to YES then the generated HTML -# documentation will contain sections that can be hidden and shown after the -# page has loaded. For this to work a browser that supports -# JavaScript and DHTML is required (for instance Mozilla 1.0+, Firefox -# Netscape 6.0+, Internet explorer 5.0+, Konqueror, or Safari). - -HTML_DYNAMIC_SECTIONS = NO - -# If the GENERATE_DOCSET tag is set to YES, additional index files -# will be generated that can be used as input for Apple's Xcode 3 -# integrated development environment, introduced with OSX 10.5 (Leopard). -# To create a documentation set, doxygen will generate a Makefile in the -# HTML output directory. Running make will produce the docset in that -# directory and running "make install" will install the docset in -# ~/Library/Developer/Shared/Documentation/DocSets so that Xcode will find -# it at startup. -# See http://developer.apple.com/tools/creatingdocsetswithdoxygen.html -# for more information. - -GENERATE_DOCSET = NO - -# When GENERATE_DOCSET tag is set to YES, this tag determines the name of the -# feed. A documentation feed provides an umbrella under which multiple -# documentation sets from a single provider (such as a company or product suite) -# can be grouped. - -DOCSET_FEEDNAME = "Doxygen generated docs" - -# When GENERATE_DOCSET tag is set to YES, this tag specifies a string that -# should uniquely identify the documentation set bundle. This should be a -# reverse domain-name style string, e.g. com.mycompany.MyDocSet. Doxygen -# will append .docset to the name. - -DOCSET_BUNDLE_ID = org.doxygen.Project - -# When GENERATE_PUBLISHER_ID tag specifies a string that should uniquely identify -# the documentation publisher. This should be a reverse domain-name style -# string, e.g. com.mycompany.MyDocSet.documentation. - -#DOCSET_PUBLISHER_ID = org.doxygen.Publisher - -# The GENERATE_PUBLISHER_NAME tag identifies the documentation publisher. - -#DOCSET_PUBLISHER_NAME = Publisher - -# If the GENERATE_HTMLHELP tag is set to YES, additional index files -# will be generated that can be used as input for tools like the -# Microsoft HTML help workshop to generate a compiled HTML help file (.chm) -# of the generated HTML documentation. - -GENERATE_HTMLHELP = NO - -# If the GENERATE_HTMLHELP tag is set to YES, the CHM_FILE tag can -# be used to specify the file name of the resulting .chm file. You -# can add a path in front of the file if the result should not be -# written to the html output directory. - -CHM_FILE = - -# If the GENERATE_HTMLHELP tag is set to YES, the HHC_LOCATION tag can -# be used to specify the location (absolute path including file name) of -# the HTML help compiler (hhc.exe). If non-empty doxygen will try to run -# the HTML help compiler on the generated index.hhp. - -HHC_LOCATION = - -# If the GENERATE_HTMLHELP tag is set to YES, the GENERATE_CHI flag -# controls if a separate .chi index file is generated (YES) or that -# it should be included in the master .chm file (NO). - -GENERATE_CHI = NO - -# If the GENERATE_HTMLHELP tag is set to YES, the CHM_INDEX_ENCODING -# is used to encode HtmlHelp index (hhk), content (hhc) and project file -# content. - -CHM_INDEX_ENCODING = - -# If the GENERATE_HTMLHELP tag is set to YES, the BINARY_TOC flag -# controls whether a binary table of contents is generated (YES) or a -# normal table of contents (NO) in the .chm file. - -BINARY_TOC = NO - -# The TOC_EXPAND flag can be set to YES to add extra items for group members -# to the contents of the HTML help documentation and to the tree view. - -TOC_EXPAND = NO - -# If the GENERATE_QHP tag is set to YES and both QHP_NAMESPACE and -# QHP_VIRTUAL_FOLDER are set, an additional index file will be generated -# that can be used as input for Qt's qhelpgenerator to generate a -# Qt Compressed Help (.qch) of the generated HTML documentation. - -GENERATE_QHP = NO - -# If the QHG_LOCATION tag is specified, the QCH_FILE tag can -# be used to specify the file name of the resulting .qch file. -# The path specified is relative to the HTML output folder. - -QCH_FILE = - -# The QHP_NAMESPACE tag specifies the namespace to use when generating -# Qt Help Project output. For more information please see -# http://doc.trolltech.com/qthelpproject.html#namespace - -QHP_NAMESPACE = org.doxygen.Project - -# The QHP_VIRTUAL_FOLDER tag specifies the namespace to use when generating -# Qt Help Project output. For more information please see -# http://doc.trolltech.com/qthelpproject.html#virtual-folders - -QHP_VIRTUAL_FOLDER = doc - -# If QHP_CUST_FILTER_NAME is set, it specifies the name of a custom filter to -# add. For more information please see -# http://doc.trolltech.com/qthelpproject.html#custom-filters - -QHP_CUST_FILTER_NAME = - -# The QHP_CUST_FILT_ATTRS tag specifies the list of the attributes of the -# custom filter to add. For more information please see -# -# Qt Help Project / Custom Filters. - -QHP_CUST_FILTER_ATTRS = - -# The QHP_SECT_FILTER_ATTRS tag specifies the list of the attributes this -# project's -# filter section matches. -# -# Qt Help Project / Filter Attributes. - -QHP_SECT_FILTER_ATTRS = - -# If the GENERATE_QHP tag is set to YES, the QHG_LOCATION tag can -# be used to specify the location of Qt's qhelpgenerator. -# If non-empty doxygen will try to run qhelpgenerator on the generated -# .qhp file. - -QHG_LOCATION = - -# If the GENERATE_ECLIPSEHELP tag is set to YES, additional index files -# will be generated, which together with the HTML files, form an Eclipse help -# plugin. To install this plugin and make it available under the help contents -# menu in Eclipse, the contents of the directory containing the HTML and XML -# files needs to be copied into the plugins directory of eclipse. The name of -# the directory within the plugins directory should be the same as -# the ECLIPSE_DOC_ID value. After copying Eclipse needs to be restarted before -# the help appears. - -GENERATE_ECLIPSEHELP = NO - -# A unique identifier for the eclipse help plugin. When installing the plugin -# the directory name containing the HTML and XML files should also have -# this name. - -ECLIPSE_DOC_ID = org.doxygen.Project - -# The DISABLE_INDEX tag can be used to turn on/off the condensed index at -# top of each HTML page. The value NO (the default) enables the index and -# the value YES disables it. - -DISABLE_INDEX = NO - -# This tag can be used to set the number of enum values (range [1..20]) -# that doxygen will group on one line in the generated HTML documentation. - -ENUM_VALUES_PER_LINE = 4 - -# The GENERATE_TREEVIEW tag is used to specify whether a tree-like index -# structure should be generated to display hierarchical information. -# If the tag value is set to YES, a side panel will be generated -# containing a tree-like index structure (just like the one that -# is generated for HTML Help). For this to work a browser that supports -# JavaScript, DHTML, CSS and frames is required (i.e. any modern browser). -# Windows users are probably better off using the HTML help feature. - -GENERATE_TREEVIEW = NO - -# By enabling USE_INLINE_TREES, doxygen will generate the Groups, Directories, -# and Class Hierarchy pages using a tree view instead of an ordered list. - -#USE_INLINE_TREES = NO - -# If the treeview is enabled (see GENERATE_TREEVIEW) then this tag can be -# used to set the initial width (in pixels) of the frame in which the tree -# is shown. - -TREEVIEW_WIDTH = 250 - -# When the EXT_LINKS_IN_WINDOW option is set to YES doxygen will open -# links to external symbols imported via tag files in a separate window. - -#EXT_LINKS_IN_WINDOW = NO - -# Use this tag to change the font size of Latex formulas included -# as images in the HTML documentation. The default is 10. Note that -# when you change the font size after a successful doxygen run you need -# to manually remove any form_*.png images from the HTML output directory -# to force them to be regenerated. - -FORMULA_FONTSIZE = 10 - -# Use the FORMULA_TRANPARENT tag to determine whether or not the images -# generated for formulas are transparent PNGs. Transparent PNGs are -# not supported properly for IE 6.0, but are supported on all modern browsers. -# Note that when changing this option you need to delete any form_*.png files -# in the HTML output before the changes have effect. - -#FORMULA_TRANSPARENT = YES - -# When the SEARCHENGINE tag is enabled doxygen will generate a search box -# for the HTML output. The underlying search engine uses javascript -# and DHTML and should work on any modern browser. Note that when using -# HTML help (GENERATE_HTMLHELP), Qt help (GENERATE_QHP), or docsets -# (GENERATE_DOCSET) there is already a search function so this one should -# typically be disabled. For large projects the javascript based search engine -# can be slow, then enabling SERVER_BASED_SEARCH may provide a better solution. - -SEARCHENGINE = NO - -# When the SERVER_BASED_SEARCH tag is enabled the search engine will be -# implemented using a PHP enabled web server instead of at the web client -# using Javascript. Doxygen will generate the search PHP script and index -# file to put on the web server. The advantage of the server -# based approach is that it scales better to large projects and allows -# full text search. The disadvances is that it is more difficult to setup -# and does not have live searching capabilities. - -SERVER_BASED_SEARCH = NO - -#--------------------------------------------------------------------------- -# configuration options related to the LaTeX output -#--------------------------------------------------------------------------- - -# If the GENERATE_LATEX tag is set to YES (the default) Doxygen will -# generate Latex output. - -GENERATE_LATEX = NO - -# The LATEX_OUTPUT tag is used to specify where the LaTeX docs will be put. -# If a relative path is entered the value of OUTPUT_DIRECTORY will be -# put in front of it. If left blank `latex' will be used as the default path. - -LATEX_OUTPUT = latex - -# The LATEX_CMD_NAME tag can be used to specify the LaTeX command name to be -# invoked. If left blank `latex' will be used as the default command name. -# Note that when enabling USE_PDFLATEX this option is only used for -# generating bitmaps for formulas in the HTML output, but not in the -# Makefile that is written to the output directory. - -LATEX_CMD_NAME = latex - -# The MAKEINDEX_CMD_NAME tag can be used to specify the command name to -# generate index for LaTeX. If left blank `makeindex' will be used as the -# default command name. - -MAKEINDEX_CMD_NAME = makeindex - -# If the COMPACT_LATEX tag is set to YES Doxygen generates more compact -# LaTeX documents. This may be useful for small projects and may help to -# save some trees in general. - -COMPACT_LATEX = NO - -# The PAPER_TYPE tag can be used to set the paper type that is used -# by the printer. Possible values are: a4, a4wide, letter, legal and -# executive. If left blank a4wide will be used. - -PAPER_TYPE = a4wide - -# The EXTRA_PACKAGES tag can be to specify one or more names of LaTeX -# packages that should be included in the LaTeX output. - -EXTRA_PACKAGES = - -# The LATEX_HEADER tag can be used to specify a personal LaTeX header for -# the generated latex document. The header should contain everything until -# the first chapter. If it is left blank doxygen will generate a -# standard header. Notice: only use this tag if you know what you are doing! - -LATEX_HEADER = - -# If the PDF_HYPERLINKS tag is set to YES, the LaTeX that is generated -# is prepared for conversion to pdf (using ps2pdf). The pdf file will -# contain links (just like the HTML output) instead of page references -# This makes the output suitable for online browsing using a pdf viewer. - -PDF_HYPERLINKS = NO - -# If the USE_PDFLATEX tag is set to YES, pdflatex will be used instead of -# plain latex in the generated Makefile. Set this option to YES to get a -# higher quality PDF documentation. - -USE_PDFLATEX = NO - -# If the LATEX_BATCHMODE tag is set to YES, doxygen will add the \\batchmode. -# command to the generated LaTeX files. This will instruct LaTeX to keep -# running if errors occur, instead of asking the user for help. -# This option is also used when generating formulas in HTML. - -LATEX_BATCHMODE = NO - -# If LATEX_HIDE_INDICES is set to YES then doxygen will not -# include the index chapters (such as File Index, Compound Index, etc.) -# in the output. - -LATEX_HIDE_INDICES = NO - -# If LATEX_SOURCE_CODE is set to YES then doxygen will include -# source code with syntax highlighting in the LaTeX output. -# Note that which sources are shown also depends on other settings -# such as SOURCE_BROWSER. - -LATEX_SOURCE_CODE = NO - -#--------------------------------------------------------------------------- -# configuration options related to the RTF output -#--------------------------------------------------------------------------- - -# If the GENERATE_RTF tag is set to YES Doxygen will generate RTF output -# The RTF output is optimized for Word 97 and may not look very pretty with -# other RTF readers or editors. - -GENERATE_RTF = NO - -# The RTF_OUTPUT tag is used to specify where the RTF docs will be put. -# If a relative path is entered the value of OUTPUT_DIRECTORY will be -# put in front of it. If left blank `rtf' will be used as the default path. - -RTF_OUTPUT = rtf - -# If the COMPACT_RTF tag is set to YES Doxygen generates more compact -# RTF documents. This may be useful for small projects and may help to -# save some trees in general. - -COMPACT_RTF = NO - -# If the RTF_HYPERLINKS tag is set to YES, the RTF that is generated -# will contain hyperlink fields. The RTF file will -# contain links (just like the HTML output) instead of page references. -# This makes the output suitable for online browsing using WORD or other -# programs which support those fields. -# Note: wordpad (write) and others do not support links. - -RTF_HYPERLINKS = NO - -# Load stylesheet definitions from file. Syntax is similar to doxygen's -# config file, i.e. a series of assignments. You only have to provide -# replacements, missing definitions are set to their default value. - -RTF_STYLESHEET_FILE = - -# Set optional variables used in the generation of an rtf document. -# Syntax is similar to doxygen's config file. - -RTF_EXTENSIONS_FILE = - -#--------------------------------------------------------------------------- -# configuration options related to the man page output -#--------------------------------------------------------------------------- - -# If the GENERATE_MAN tag is set to YES (the default) Doxygen will -# generate man pages - -GENERATE_MAN = NO - -# The MAN_OUTPUT tag is used to specify where the man pages will be put. -# If a relative path is entered the value of OUTPUT_DIRECTORY will be -# put in front of it. If left blank `man' will be used as the default path. - -MAN_OUTPUT = man - -# The MAN_EXTENSION tag determines the extension that is added to -# the generated man pages (default is the subroutine's section .3) - -MAN_EXTENSION = .3 - -# If the MAN_LINKS tag is set to YES and Doxygen generates man output, -# then it will generate one additional man file for each entity -# documented in the real man page(s). These additional files -# only source the real man page, but without them the man command -# would be unable to find the correct page. The default is NO. - -MAN_LINKS = NO - -#--------------------------------------------------------------------------- -# configuration options related to the XML output -#--------------------------------------------------------------------------- - -# If the GENERATE_XML tag is set to YES Doxygen will -# generate an XML file that captures the structure of -# the code including all documentation. - -GENERATE_XML = YES - -# The XML_OUTPUT tag is used to specify where the XML pages will be put. -# If a relative path is entered the value of OUTPUT_DIRECTORY will be -# put in front of it. If left blank `xml' will be used as the default path. - -XML_OUTPUT = xml - -# The XML_SCHEMA tag can be used to specify an XML schema, -# which can be used by a validating XML parser to check the -# syntax of the XML files. - -#XML_SCHEMA = - -# The XML_DTD tag can be used to specify an XML DTD, -# which can be used by a validating XML parser to check the -# syntax of the XML files. - -#XML_DTD = - -# If the XML_PROGRAMLISTING tag is set to YES Doxygen will -# dump the program listings (including syntax highlighting -# and cross-referencing information) to the XML output. Note that -# enabling this will significantly increase the size of the XML output. - -XML_PROGRAMLISTING = YES - -#--------------------------------------------------------------------------- -# configuration options for the AutoGen Definitions output -#--------------------------------------------------------------------------- - -# If the GENERATE_AUTOGEN_DEF tag is set to YES Doxygen will -# generate an AutoGen Definitions (see autogen.sf.net) file -# that captures the structure of the code including all -# documentation. Note that this feature is still experimental -# and incomplete at the moment. - -GENERATE_AUTOGEN_DEF = NO - -#--------------------------------------------------------------------------- -# configuration options related to the Perl module output -#--------------------------------------------------------------------------- - -# If the GENERATE_PERLMOD tag is set to YES Doxygen will -# generate a Perl module file that captures the structure of -# the code including all documentation. Note that this -# feature is still experimental and incomplete at the -# moment. - -GENERATE_PERLMOD = NO - -# If the PERLMOD_LATEX tag is set to YES Doxygen will generate -# the necessary Makefile rules, Perl scripts and LaTeX code to be able -# to generate PDF and DVI output from the Perl module output. - -PERLMOD_LATEX = NO - -# If the PERLMOD_PRETTY tag is set to YES the Perl module output will be -# nicely formatted so it can be parsed by a human reader. -# This is useful -# if you want to understand what is going on. -# On the other hand, if this -# tag is set to NO the size of the Perl module output will be much smaller -# and Perl will parse it just the same. - -PERLMOD_PRETTY = YES - -# The names of the make variables in the generated doxyrules.make file -# are prefixed with the string contained in PERLMOD_MAKEVAR_PREFIX. -# This is useful so different doxyrules.make files included by the same -# Makefile don't overwrite each other's variables. - -PERLMOD_MAKEVAR_PREFIX = - -#--------------------------------------------------------------------------- -# Configuration options related to the preprocessor -#--------------------------------------------------------------------------- - -# If the ENABLE_PREPROCESSING tag is set to YES (the default) Doxygen will -# evaluate all C-preprocessor directives found in the sources and include -# files. - -ENABLE_PREPROCESSING = YES - -# If the MACRO_EXPANSION tag is set to YES Doxygen will expand all macro -# names in the source code. If set to NO (the default) only conditional -# compilation will be performed. Macro expansion can be done in a controlled -# way by setting EXPAND_ONLY_PREDEF to YES. - -MACRO_EXPANSION = YES - -# If the EXPAND_ONLY_PREDEF and MACRO_EXPANSION tags are both set to YES -# then the macro expansion is limited to the macros specified with the -# PREDEFINED and EXPAND_AS_DEFINED tags. - -EXPAND_ONLY_PREDEF = YES - -# If the SEARCH_INCLUDES tag is set to YES (the default) the includes files -# in the INCLUDE_PATH (see below) will be search if a #include is found. - -SEARCH_INCLUDES = YES - -# The INCLUDE_PATH tag can be used to specify one or more directories that -# contain include files that are not input files but should be processed by -# the preprocessor. - -INCLUDE_PATH = - -# You can use the INCLUDE_FILE_PATTERNS tag to specify one or more wildcard -# patterns (like *.h and *.hpp) to filter out the header-files in the -# directories. If left blank, the patterns specified with FILE_PATTERNS will -# be used. - -INCLUDE_FILE_PATTERNS = *.h - -# The PREDEFINED tag can be used to specify one or more macro names that -# are defined before the preprocessor is started (similar to the -D option of -# gcc). The argument of the tag is a list of macros of the form: name -# or name=definition (no spaces). If the definition and the = are -# omitted =1 is assumed. To prevent a macro definition from being -# undefined via #undef or recursively expanded use the := operator -# instead of the = operator. - -PREDEFINED = DOXYGEN - -# If the MACRO_EXPANSION and EXPAND_ONLY_PREDEF tags are set to YES then -# this tag can be used to specify a list of macro names that should be expanded. -# The macro definition that is found in the sources will be used. -# Use the PREDEFINED tag if you want to use a different macro definition. - -EXPAND_AS_DEFINED = ATTR_UNUSED - -# If the SKIP_FUNCTION_MACROS tag is set to YES (the default) then -# doxygen's preprocessor will remove all function-like macros that are alone -# on a line, have an all uppercase name, and do not end with a semicolon. Such -# function macros are typically used for boiler-plate code, and will confuse -# the parser if not removed. - -SKIP_FUNCTION_MACROS = YES - -#--------------------------------------------------------------------------- -# Configuration::additions related to external references -#--------------------------------------------------------------------------- - -# The TAGFILES option can be used to specify one or more tagfiles. -# Optionally an initial location of the external documentation -# can be added for each tagfile. The format of a tag file without -# this location is as follows: -# -# TAGFILES = file1 file2 ... -# Adding location for the tag files is done as follows: -# -# TAGFILES = file1=loc1 "file2 = loc2" ... -# where "loc1" and "loc2" can be relative or absolute paths or -# URLs. If a location is present for each tag, the installdox tool -# does not have to be run to correct the links. -# Note that each tag file must have a unique name -# (where the name does NOT include the path) -# If a tag file is not located in the directory in which doxygen -# is run, you must also specify the path to the tagfile here. - -TAGFILES = - -# When a file name is specified after GENERATE_TAGFILE, doxygen will create -# a tag file that is based on the input files it reads. - -GENERATE_TAGFILE = - -# If the ALLEXTERNALS tag is set to YES all external classes will be listed -# in the class index. If set to NO only the inherited external classes -# will be listed. - -ALLEXTERNALS = NO - -# If the EXTERNAL_GROUPS tag is set to YES all external groups will be listed -# in the modules index. If set to NO, only the current project's groups will -# be listed. - -EXTERNAL_GROUPS = YES - -# The PERL_PATH should be the absolute path and name of the perl script -# interpreter (i.e. the result of `which perl'). - -PERL_PATH = /usr/bin/perl - -#--------------------------------------------------------------------------- -# Configuration options related to the dot tool -#--------------------------------------------------------------------------- - -# If the CLASS_DIAGRAMS tag is set to YES (the default) Doxygen will -# generate a inheritance diagram (in HTML, RTF and LaTeX) for classes with base -# or super classes. Setting the tag to NO turns the diagrams off. Note that -# this option is superseded by the HAVE_DOT option below. This is only a -# fallback. It is recommended to install and use dot, since it yields more -# powerful graphs. - -CLASS_DIAGRAMS = YES - -# You can define message sequence charts within doxygen comments using the \msc -# command. Doxygen will then run the mscgen tool (see -# http://www.mcternan.me.uk/mscgen/) to produce the chart and insert it in the -# documentation. The MSCGEN_PATH tag allows you to specify the directory where -# the mscgen tool resides. If left empty the tool is assumed to be found in the -# default search path. - -MSCGEN_PATH = - -# If set to YES, the inheritance and collaboration graphs will hide -# inheritance and usage relations if the target is undocumented -# or is not a class. - -HIDE_UNDOC_RELATIONS = YES - -# If you set the HAVE_DOT tag to YES then doxygen will assume the dot tool is -# available from the path. This tool is part of Graphviz, a graph visualization -# toolkit from AT&T and Lucent Bell Labs. The other options in this section -# have no effect if this option is set to NO (the default) - -HAVE_DOT = NO - -# The DOT_NUM_THREADS specifies the number of dot invocations doxygen is -# allowed to run in parallel. When set to 0 (the default) doxygen will -# base this on the number of processors available in the system. You can set it -# explicitly to a value larger than 0 to get control over the balance -# between CPU load and processing speed. - -#DOT_NUM_THREADS = 0 - -# By default doxygen will write a font called FreeSans.ttf to the output -# directory and reference it in all dot files that doxygen generates. This -# font does not include all possible unicode characters however, so when you need -# these (or just want a differently looking font) you can specify the font name -# using DOT_FONTNAME. You need need to make sure dot is able to find the font, -# which can be done by putting it in a standard location or by setting the -# DOTFONTPATH environment variable or by setting DOT_FONTPATH to the directory -# containing the font. - -#DOT_FONTNAME = FreeSans.ttf - -# The DOT_FONTSIZE tag can be used to set the size of the font of dot graphs. -# The default size is 10pt. - -DOT_FONTSIZE = 10 - -# By default doxygen will tell dot to use the output directory to look for the -# FreeSans.ttf font (which doxygen will put there itself). If you specify a -# different font using DOT_FONTNAME you can set the path where dot -# can find it using this tag. - -DOT_FONTPATH = - -# If the CLASS_GRAPH and HAVE_DOT tags are set to YES then doxygen -# will generate a graph for each documented class showing the direct and -# indirect inheritance relations. Setting this tag to YES will force the -# the CLASS_DIAGRAMS tag to NO. - -CLASS_GRAPH = YES - -# If the COLLABORATION_GRAPH and HAVE_DOT tags are set to YES then doxygen -# will generate a graph for each documented class showing the direct and -# indirect implementation dependencies (inheritance, containment, and -# class references variables) of the class with other documented classes. - -COLLABORATION_GRAPH = YES - -# If the GROUP_GRAPHS and HAVE_DOT tags are set to YES then doxygen -# will generate a graph for groups, showing the direct groups dependencies - -GROUP_GRAPHS = YES - -# If the UML_LOOK tag is set to YES doxygen will generate inheritance and -# collaboration diagrams in a style similar to the OMG's Unified Modeling -# Language. - -UML_LOOK = NO - -# If set to YES, the inheritance and collaboration graphs will show the -# relations between templates and their instances. - -TEMPLATE_RELATIONS = NO - -# If the ENABLE_PREPROCESSING, SEARCH_INCLUDES, INCLUDE_GRAPH, and HAVE_DOT -# tags are set to YES then doxygen will generate a graph for each documented -# file showing the direct and indirect include dependencies of the file with -# other documented files. - -INCLUDE_GRAPH = YES - -# If the ENABLE_PREPROCESSING, SEARCH_INCLUDES, INCLUDED_BY_GRAPH, and -# HAVE_DOT tags are set to YES then doxygen will generate a graph for each -# documented header file showing the documented files that directly or -# indirectly include this file. - -INCLUDED_BY_GRAPH = YES - -# If the CALL_GRAPH and HAVE_DOT options are set to YES then -# doxygen will generate a call dependency graph for every global function -# or class method. Note that enabling this option will significantly increase -# the time of a run. So in most cases it will be better to enable call graphs -# for selected functions only using the \callgraph command. - -CALL_GRAPH = NO - -# If the CALLER_GRAPH and HAVE_DOT tags are set to YES then -# doxygen will generate a caller dependency graph for every global function -# or class method. Note that enabling this option will significantly increase -# the time of a run. So in most cases it will be better to enable caller -# graphs for selected functions only using the \callergraph command. - -CALLER_GRAPH = NO - -# If the GRAPHICAL_HIERARCHY and HAVE_DOT tags are set to YES then doxygen -# will graphical hierarchy of all classes instead of a textual one. - -GRAPHICAL_HIERARCHY = YES - -# If the DIRECTORY_GRAPH, SHOW_DIRECTORIES and HAVE_DOT tags are set to YES -# then doxygen will show the dependencies a directory has on other directories -# in a graphical way. The dependency relations are determined by the #include -# relations between the files in the directories. - -DIRECTORY_GRAPH = YES - -# The DOT_IMAGE_FORMAT tag can be used to set the image format of the images -# generated by dot. Possible values are png, jpg, or gif -# If left blank png will be used. - -DOT_IMAGE_FORMAT = png - -# The tag DOT_PATH can be used to specify the path where the dot tool can be -# found. If left blank, it is assumed the dot tool can be found in the path. - -DOT_PATH = - -# The DOTFILE_DIRS tag can be used to specify one or more directories that -# contain dot files that are included in the documentation (see the -# \dotfile command). - -DOTFILE_DIRS = - -# The DOT_GRAPH_MAX_NODES tag can be used to set the maximum number of -# nodes that will be shown in the graph. If the number of nodes in a graph -# becomes larger than this value, doxygen will truncate the graph, which is -# visualized by representing a node as a red box. Note that doxygen if the -# number of direct children of the root node in a graph is already larger than -# DOT_GRAPH_MAX_NODES then the graph will not be shown at all. Also note -# that the size of a graph can be further restricted by MAX_DOT_GRAPH_DEPTH. - -DOT_GRAPH_MAX_NODES = 50 - -# The MAX_DOT_GRAPH_DEPTH tag can be used to set the maximum depth of the -# graphs generated by dot. A depth value of 3 means that only nodes reachable -# from the root by following a path via at most 3 edges will be shown. Nodes -# that lay further from the root node will be omitted. Note that setting this -# option to 1 or 2 may greatly reduce the computation time needed for large -# code bases. Also note that the size of a graph can be further restricted by -# DOT_GRAPH_MAX_NODES. Using a depth of 0 means no depth restriction. - -MAX_DOT_GRAPH_DEPTH = 0 - -# Set the DOT_TRANSPARENT tag to YES to generate images with a transparent -# background. This is disabled by default, because dot on Windows does not -# seem to support this out of the box. Warning: Depending on the platform used, -# enabling this option may lead to badly anti-aliased labels on the edges of -# a graph (i.e. they become hard to read). - -DOT_TRANSPARENT = NO - -# Set the DOT_MULTI_TARGETS tag to YES allow dot to generate multiple output -# files in one run (i.e. multiple -o and -T options on the command line). This -# makes dot run faster, but since only newer versions of dot (>1.8.10) -# support this, this feature is disabled by default. - -DOT_MULTI_TARGETS = NO - -# If the GENERATE_LEGEND tag is set to YES (the default) Doxygen will -# generate a legend page explaining the meaning of the various boxes and -# arrows in the dot generated graphs. - -GENERATE_LEGEND = YES - -# If the DOT_CLEANUP tag is set to YES (the default) Doxygen will -# remove the intermediate dot files that are used to generate -# the various graphs. - -DOT_CLEANUP = YES diff --git a/external/unbound/install-sh b/external/unbound/install-sh deleted file mode 100755 index 0b0fdcbba..000000000 --- a/external/unbound/install-sh +++ /dev/null @@ -1,501 +0,0 @@ -#!/bin/sh -# install - install a program, script, or datafile - -scriptversion=2013-12-25.23; # UTC - -# This originates from X11R5 (mit/util/scripts/install.sh), which was -# later released in X11R6 (xc/config/util/install.sh) with the -# following copyright and license. -# -# Copyright (C) 1994 X Consortium -# -# Permission is hereby granted, free of charge, to any person obtaining a copy -# of this software and associated documentation files (the "Software"), to -# deal in the Software without restriction, including without limitation the -# rights to use, copy, modify, merge, publish, distribute, sublicense, and/or -# sell copies of the Software, and to permit persons to whom the Software is -# furnished to do so, subject to the following conditions: -# -# The above copyright notice and this permission notice shall be included in -# all copies or substantial portions of the Software. -# -# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -# X CONSORTIUM BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN -# AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNEC- -# TION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. -# -# Except as contained in this notice, the name of the X Consortium shall not -# be used in advertising or otherwise to promote the sale, use or other deal- -# ings in this Software without prior written authorization from the X Consor- -# tium. -# -# -# FSF changes to this file are in the public domain. -# -# Calling this script install-sh is preferred over install.sh, to prevent -# 'make' implicit rules from creating a file called install from it -# when there is no Makefile. -# -# This script is compatible with the BSD install script, but was written -# from scratch. - -tab=' ' -nl=' -' -IFS=" $tab$nl" - -# Set DOITPROG to "echo" to test this script. - -doit=${DOITPROG-} -doit_exec=${doit:-exec} - -# Put in absolute file names if you don't have them in your path; -# or use environment vars. - -chgrpprog=${CHGRPPROG-chgrp} -chmodprog=${CHMODPROG-chmod} -chownprog=${CHOWNPROG-chown} -cmpprog=${CMPPROG-cmp} -cpprog=${CPPROG-cp} -mkdirprog=${MKDIRPROG-mkdir} -mvprog=${MVPROG-mv} -rmprog=${RMPROG-rm} -stripprog=${STRIPPROG-strip} - -posix_mkdir= - -# Desired mode of installed file. -mode=0755 - -chgrpcmd= -chmodcmd=$chmodprog -chowncmd= -mvcmd=$mvprog -rmcmd="$rmprog -f" -stripcmd= - -src= -dst= -dir_arg= -dst_arg= - -copy_on_change=false -is_target_a_directory=possibly - -usage="\ -Usage: $0 [OPTION]... [-T] SRCFILE DSTFILE - or: $0 [OPTION]... SRCFILES... DIRECTORY - or: $0 [OPTION]... -t DIRECTORY SRCFILES... - or: $0 [OPTION]... -d DIRECTORIES... - -In the 1st form, copy SRCFILE to DSTFILE. -In the 2nd and 3rd, copy all SRCFILES to DIRECTORY. -In the 4th, create DIRECTORIES. - -Options: - --help display this help and exit. - --version display version info and exit. - - -c (ignored) - -C install only if different (preserve the last data modification time) - -d create directories instead of installing files. - -g GROUP $chgrpprog installed files to GROUP. - -m MODE $chmodprog installed files to MODE. - -o USER $chownprog installed files to USER. - -s $stripprog installed files. - -t DIRECTORY install into DIRECTORY. - -T report an error if DSTFILE is a directory. - -Environment variables override the default commands: - CHGRPPROG CHMODPROG CHOWNPROG CMPPROG CPPROG MKDIRPROG MVPROG - RMPROG STRIPPROG -" - -while test $# -ne 0; do - case $1 in - -c) ;; - - -C) copy_on_change=true;; - - -d) dir_arg=true;; - - -g) chgrpcmd="$chgrpprog $2" - shift;; - - --help) echo "$usage"; exit $?;; - - -m) mode=$2 - case $mode in - *' '* | *"$tab"* | *"$nl"* | *'*'* | *'?'* | *'['*) - echo "$0: invalid mode: $mode" >&2 - exit 1;; - esac - shift;; - - -o) chowncmd="$chownprog $2" - shift;; - - -s) stripcmd=$stripprog;; - - -t) - is_target_a_directory=always - dst_arg=$2 - # Protect names problematic for 'test' and other utilities. - case $dst_arg in - -* | [=\(\)!]) dst_arg=./$dst_arg;; - esac - shift;; - - -T) is_target_a_directory=never;; - - --version) echo "$0 $scriptversion"; exit $?;; - - --) shift - break;; - - -*) echo "$0: invalid option: $1" >&2 - exit 1;; - - *) break;; - esac - shift -done - -# We allow the use of options -d and -T together, by making -d -# take the precedence; this is for compatibility with GNU install. - -if test -n "$dir_arg"; then - if test -n "$dst_arg"; then - echo "$0: target directory not allowed when installing a directory." >&2 - exit 1 - fi -fi - -if test $# -ne 0 && test -z "$dir_arg$dst_arg"; then - # When -d is used, all remaining arguments are directories to create. - # When -t is used, the destination is already specified. - # Otherwise, the last argument is the destination. Remove it from $@. - for arg - do - if test -n "$dst_arg"; then - # $@ is not empty: it contains at least $arg. - set fnord "$@" "$dst_arg" - shift # fnord - fi - shift # arg - dst_arg=$arg - # Protect names problematic for 'test' and other utilities. - case $dst_arg in - -* | [=\(\)!]) dst_arg=./$dst_arg;; - esac - done -fi - -if test $# -eq 0; then - if test -z "$dir_arg"; then - echo "$0: no input file specified." >&2 - exit 1 - fi - # It's OK to call 'install-sh -d' without argument. - # This can happen when creating conditional directories. - exit 0 -fi - -if test -z "$dir_arg"; then - if test $# -gt 1 || test "$is_target_a_directory" = always; then - if test ! -d "$dst_arg"; then - echo "$0: $dst_arg: Is not a directory." >&2 - exit 1 - fi - fi -fi - -if test -z "$dir_arg"; then - do_exit='(exit $ret); exit $ret' - trap "ret=129; $do_exit" 1 - trap "ret=130; $do_exit" 2 - trap "ret=141; $do_exit" 13 - trap "ret=143; $do_exit" 15 - - # Set umask so as not to create temps with too-generous modes. - # However, 'strip' requires both read and write access to temps. - case $mode in - # Optimize common cases. - *644) cp_umask=133;; - *755) cp_umask=22;; - - *[0-7]) - if test -z "$stripcmd"; then - u_plus_rw= - else - u_plus_rw='% 200' - fi - cp_umask=`expr '(' 777 - $mode % 1000 ')' $u_plus_rw`;; - *) - if test -z "$stripcmd"; then - u_plus_rw= - else - u_plus_rw=,u+rw - fi - cp_umask=$mode$u_plus_rw;; - esac -fi - -for src -do - # Protect names problematic for 'test' and other utilities. - case $src in - -* | [=\(\)!]) src=./$src;; - esac - - if test -n "$dir_arg"; then - dst=$src - dstdir=$dst - test -d "$dstdir" - dstdir_status=$? - else - - # Waiting for this to be detected by the "$cpprog $src $dsttmp" command - # might cause directories to be created, which would be especially bad - # if $src (and thus $dsttmp) contains '*'. - if test ! -f "$src" && test ! -d "$src"; then - echo "$0: $src does not exist." >&2 - exit 1 - fi - - if test -z "$dst_arg"; then - echo "$0: no destination specified." >&2 - exit 1 - fi - dst=$dst_arg - - # If destination is a directory, append the input filename; won't work - # if double slashes aren't ignored. - if test -d "$dst"; then - if test "$is_target_a_directory" = never; then - echo "$0: $dst_arg: Is a directory" >&2 - exit 1 - fi - dstdir=$dst - dst=$dstdir/`basename "$src"` - dstdir_status=0 - else - dstdir=`dirname "$dst"` - test -d "$dstdir" - dstdir_status=$? - fi - fi - - obsolete_mkdir_used=false - - if test $dstdir_status != 0; then - case $posix_mkdir in - '') - # Create intermediate dirs using mode 755 as modified by the umask. - # This is like FreeBSD 'install' as of 1997-10-28. - umask=`umask` - case $stripcmd.$umask in - # Optimize common cases. - *[2367][2367]) mkdir_umask=$umask;; - .*0[02][02] | .[02][02] | .[02]) mkdir_umask=22;; - - *[0-7]) - mkdir_umask=`expr $umask + 22 \ - - $umask % 100 % 40 + $umask % 20 \ - - $umask % 10 % 4 + $umask % 2 - `;; - *) mkdir_umask=$umask,go-w;; - esac - - # With -d, create the new directory with the user-specified mode. - # Otherwise, rely on $mkdir_umask. - if test -n "$dir_arg"; then - mkdir_mode=-m$mode - else - mkdir_mode= - fi - - posix_mkdir=false - case $umask in - *[123567][0-7][0-7]) - # POSIX mkdir -p sets u+wx bits regardless of umask, which - # is incompatible with FreeBSD 'install' when (umask & 300) != 0. - ;; - *) - tmpdir=${TMPDIR-/tmp}/ins$RANDOM-$$ - trap 'ret=$?; rmdir "$tmpdir/d" "$tmpdir" 2>/dev/null; exit $ret' 0 - - if (umask $mkdir_umask && - exec $mkdirprog $mkdir_mode -p -- "$tmpdir/d") >/dev/null 2>&1 - then - if test -z "$dir_arg" || { - # Check for POSIX incompatibilities with -m. - # HP-UX 11.23 and IRIX 6.5 mkdir -m -p sets group- or - # other-writable bit of parent directory when it shouldn't. - # FreeBSD 6.1 mkdir -m -p sets mode of existing directory. - ls_ld_tmpdir=`ls -ld "$tmpdir"` - case $ls_ld_tmpdir in - d????-?r-*) different_mode=700;; - d????-?--*) different_mode=755;; - *) false;; - esac && - $mkdirprog -m$different_mode -p -- "$tmpdir" && { - ls_ld_tmpdir_1=`ls -ld "$tmpdir"` - test "$ls_ld_tmpdir" = "$ls_ld_tmpdir_1" - } - } - then posix_mkdir=: - fi - rmdir "$tmpdir/d" "$tmpdir" - else - # Remove any dirs left behind by ancient mkdir implementations. - rmdir ./$mkdir_mode ./-p ./-- 2>/dev/null - fi - trap '' 0;; - esac;; - esac - - if - $posix_mkdir && ( - umask $mkdir_umask && - $doit_exec $mkdirprog $mkdir_mode -p -- "$dstdir" - ) - then : - else - - # The umask is ridiculous, or mkdir does not conform to POSIX, - # or it failed possibly due to a race condition. Create the - # directory the slow way, step by step, checking for races as we go. - - case $dstdir in - /*) prefix='/';; - [-=\(\)!]*) prefix='./';; - *) prefix='';; - esac - - oIFS=$IFS - IFS=/ - set -f - set fnord $dstdir - shift - set +f - IFS=$oIFS - - prefixes= - - for d - do - test X"$d" = X && continue - - prefix=$prefix$d - if test -d "$prefix"; then - prefixes= - else - if $posix_mkdir; then - (umask=$mkdir_umask && - $doit_exec $mkdirprog $mkdir_mode -p -- "$dstdir") && break - # Don't fail if two instances are running concurrently. - test -d "$prefix" || exit 1 - else - case $prefix in - *\'*) qprefix=`echo "$prefix" | sed "s/'/'\\\\\\\\''/g"`;; - *) qprefix=$prefix;; - esac - prefixes="$prefixes '$qprefix'" - fi - fi - prefix=$prefix/ - done - - if test -n "$prefixes"; then - # Don't fail if two instances are running concurrently. - (umask $mkdir_umask && - eval "\$doit_exec \$mkdirprog $prefixes") || - test -d "$dstdir" || exit 1 - obsolete_mkdir_used=true - fi - fi - fi - - if test -n "$dir_arg"; then - { test -z "$chowncmd" || $doit $chowncmd "$dst"; } && - { test -z "$chgrpcmd" || $doit $chgrpcmd "$dst"; } && - { test "$obsolete_mkdir_used$chowncmd$chgrpcmd" = false || - test -z "$chmodcmd" || $doit $chmodcmd $mode "$dst"; } || exit 1 - else - - # Make a couple of temp file names in the proper directory. - dsttmp=$dstdir/_inst.$$_ - rmtmp=$dstdir/_rm.$$_ - - # Trap to clean up those temp files at exit. - trap 'ret=$?; rm -f "$dsttmp" "$rmtmp" && exit $ret' 0 - - # Copy the file name to the temp name. - (umask $cp_umask && $doit_exec $cpprog "$src" "$dsttmp") && - - # and set any options; do chmod last to preserve setuid bits. - # - # If any of these fail, we abort the whole thing. If we want to - # ignore errors from any of these, just make sure not to ignore - # errors from the above "$doit $cpprog $src $dsttmp" command. - # - { test -z "$chowncmd" || $doit $chowncmd "$dsttmp"; } && - { test -z "$chgrpcmd" || $doit $chgrpcmd "$dsttmp"; } && - { test -z "$stripcmd" || $doit $stripcmd "$dsttmp"; } && - { test -z "$chmodcmd" || $doit $chmodcmd $mode "$dsttmp"; } && - - # If -C, don't bother to copy if it wouldn't change the file. - if $copy_on_change && - old=`LC_ALL=C ls -dlL "$dst" 2>/dev/null` && - new=`LC_ALL=C ls -dlL "$dsttmp" 2>/dev/null` && - set -f && - set X $old && old=:$2:$4:$5:$6 && - set X $new && new=:$2:$4:$5:$6 && - set +f && - test "$old" = "$new" && - $cmpprog "$dst" "$dsttmp" >/dev/null 2>&1 - then - rm -f "$dsttmp" - else - # Rename the file to the real destination. - $doit $mvcmd -f "$dsttmp" "$dst" 2>/dev/null || - - # The rename failed, perhaps because mv can't rename something else - # to itself, or perhaps because mv is so ancient that it does not - # support -f. - { - # Now remove or move aside any old file at destination location. - # We try this two ways since rm can't unlink itself on some - # systems and the destination file might be busy for other - # reasons. In this case, the final cleanup might fail but the new - # file should still install successfully. - { - test ! -f "$dst" || - $doit $rmcmd -f "$dst" 2>/dev/null || - { $doit $mvcmd -f "$dst" "$rmtmp" 2>/dev/null && - { $doit $rmcmd -f "$rmtmp" 2>/dev/null; :; } - } || - { echo "$0: cannot unlink or rename $dst" >&2 - (exit 1); exit 1 - } - } && - - # Now rename the file to the real destination. - $doit $mvcmd "$dsttmp" "$dst" - } - fi || exit 1 - - trap '' 0 - fi -done - -# Local variables: -# eval: (add-hook 'write-file-hooks 'time-stamp) -# time-stamp-start: "scriptversion=" -# time-stamp-format: "%:y-%02m-%02d.%02H" -# time-stamp-time-zone: "UTC" -# time-stamp-end: "; # UTC" -# End: diff --git a/external/unbound/iterator/iter_delegpt.c b/external/unbound/iterator/iter_delegpt.c deleted file mode 100644 index ecf88b293..000000000 --- a/external/unbound/iterator/iter_delegpt.c +++ /dev/null @@ -1,648 +0,0 @@ -/* - * iterator/iter_delegpt.c - delegation point with NS and address information. - * - * Copyright (c) 2007, NLnet Labs. All rights reserved. - * - * This software is open source. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * Redistributions of source code must retain the above copyright notice, - * this list of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, - * this list of conditions and the following disclaimer in the documentation - * and/or other materials provided with the distribution. - * - * Neither the name of the NLNET LABS nor the names of its contributors may - * be used to endorse or promote products derived from this software without - * specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR - * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT - * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED - * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR - * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF - * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING - * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -/** - * \file - * - * This file implements the Delegation Point. It contains a list of name servers - * and their addresses if known. - */ -#include "config.h" -#include "iterator/iter_delegpt.h" -#include "services/cache/dns.h" -#include "util/regional.h" -#include "util/data/dname.h" -#include "util/data/packed_rrset.h" -#include "util/data/msgreply.h" -#include "util/net_help.h" -#include "sldns/rrdef.h" -#include "sldns/sbuffer.h" - -struct delegpt* -delegpt_create(struct regional* region) -{ - struct delegpt* dp=(struct delegpt*)regional_alloc( - region, sizeof(*dp)); - if(!dp) - return NULL; - memset(dp, 0, sizeof(*dp)); - return dp; -} - -struct delegpt* delegpt_copy(struct delegpt* dp, struct regional* region) -{ - struct delegpt* copy = delegpt_create(region); - struct delegpt_ns* ns; - struct delegpt_addr* a; - if(!copy) - return NULL; - if(!delegpt_set_name(copy, region, dp->name)) - return NULL; - copy->bogus = dp->bogus; - copy->has_parent_side_NS = dp->has_parent_side_NS; - copy->ssl_upstream = dp->ssl_upstream; - for(ns = dp->nslist; ns; ns = ns->next) { - if(!delegpt_add_ns(copy, region, ns->name, ns->lame)) - return NULL; - copy->nslist->resolved = ns->resolved; - copy->nslist->got4 = ns->got4; - copy->nslist->got6 = ns->got6; - copy->nslist->done_pside4 = ns->done_pside4; - copy->nslist->done_pside6 = ns->done_pside6; - } - for(a = dp->target_list; a; a = a->next_target) { - if(!delegpt_add_addr(copy, region, &a->addr, a->addrlen, - a->bogus, a->lame)) - return NULL; - } - return copy; -} - -int -delegpt_set_name(struct delegpt* dp, struct regional* region, uint8_t* name) -{ - log_assert(!dp->dp_type_mlc); - dp->namelabs = dname_count_size_labels(name, &dp->namelen); - dp->name = regional_alloc_init(region, name, dp->namelen); - return dp->name != 0; -} - -int -delegpt_add_ns(struct delegpt* dp, struct regional* region, uint8_t* name, - uint8_t lame) -{ - struct delegpt_ns* ns; - size_t len; - (void)dname_count_size_labels(name, &len); - log_assert(!dp->dp_type_mlc); - /* slow check for duplicates to avoid counting failures when - * adding the same server as a dependency twice */ - if(delegpt_find_ns(dp, name, len)) - return 1; - ns = (struct delegpt_ns*)regional_alloc(region, - sizeof(struct delegpt_ns)); - if(!ns) - return 0; - ns->next = dp->nslist; - ns->namelen = len; - dp->nslist = ns; - ns->name = regional_alloc_init(region, name, ns->namelen); - ns->resolved = 0; - ns->got4 = 0; - ns->got6 = 0; - ns->lame = lame; - ns->done_pside4 = 0; - ns->done_pside6 = 0; - return ns->name != 0; -} - -struct delegpt_ns* -delegpt_find_ns(struct delegpt* dp, uint8_t* name, size_t namelen) -{ - struct delegpt_ns* p = dp->nslist; - while(p) { - if(namelen == p->namelen && - query_dname_compare(name, p->name) == 0) { - return p; - } - p = p->next; - } - return NULL; -} - -struct delegpt_addr* -delegpt_find_addr(struct delegpt* dp, struct sockaddr_storage* addr, - socklen_t addrlen) -{ - struct delegpt_addr* p = dp->target_list; - while(p) { - if(sockaddr_cmp_addr(addr, addrlen, &p->addr, p->addrlen)==0 - && ((struct sockaddr_in*)addr)->sin_port == - ((struct sockaddr_in*)&p->addr)->sin_port) { - return p; - } - p = p->next_target; - } - return NULL; -} - -int -delegpt_add_target(struct delegpt* dp, struct regional* region, - uint8_t* name, size_t namelen, struct sockaddr_storage* addr, - socklen_t addrlen, uint8_t bogus, uint8_t lame) -{ - struct delegpt_ns* ns = delegpt_find_ns(dp, name, namelen); - log_assert(!dp->dp_type_mlc); - if(!ns) { - /* ignore it */ - return 1; - } - if(!lame) { - if(addr_is_ip6(addr, addrlen)) - ns->got6 = 1; - else ns->got4 = 1; - if(ns->got4 && ns->got6) - ns->resolved = 1; - } - return delegpt_add_addr(dp, region, addr, addrlen, bogus, lame); -} - -int -delegpt_add_addr(struct delegpt* dp, struct regional* region, - struct sockaddr_storage* addr, socklen_t addrlen, uint8_t bogus, - uint8_t lame) -{ - struct delegpt_addr* a; - log_assert(!dp->dp_type_mlc); - /* check for duplicates */ - if((a = delegpt_find_addr(dp, addr, addrlen))) { - if(bogus) - a->bogus = bogus; - if(!lame) - a->lame = 0; - return 1; - } - - a = (struct delegpt_addr*)regional_alloc(region, - sizeof(struct delegpt_addr)); - if(!a) - return 0; - a->next_target = dp->target_list; - dp->target_list = a; - a->next_result = 0; - a->next_usable = dp->usable_list; - dp->usable_list = a; - memcpy(&a->addr, addr, addrlen); - a->addrlen = addrlen; - a->attempts = 0; - a->bogus = bogus; - a->lame = lame; - a->dnsseclame = 0; - return 1; -} - -void -delegpt_count_ns(struct delegpt* dp, size_t* numns, size_t* missing) -{ - struct delegpt_ns* ns; - *numns = 0; - *missing = 0; - for(ns = dp->nslist; ns; ns = ns->next) { - (*numns)++; - if(!ns->resolved) - (*missing)++; - } -} - -void -delegpt_count_addr(struct delegpt* dp, size_t* numaddr, size_t* numres, - size_t* numavail) -{ - struct delegpt_addr* a; - *numaddr = 0; - *numres = 0; - *numavail = 0; - for(a = dp->target_list; a; a = a->next_target) { - (*numaddr)++; - } - for(a = dp->result_list; a; a = a->next_result) { - (*numres)++; - } - for(a = dp->usable_list; a; a = a->next_usable) { - (*numavail)++; - } -} - -void delegpt_log(enum verbosity_value v, struct delegpt* dp) -{ - char buf[LDNS_MAX_DOMAINLEN+1]; - struct delegpt_ns* ns; - struct delegpt_addr* a; - size_t missing=0, numns=0, numaddr=0, numres=0, numavail=0; - if(verbosity < v) - return; - dname_str(dp->name, buf); - if(dp->nslist == NULL && dp->target_list == NULL) { - log_info("DelegationPoint<%s>: empty", buf); - return; - } - delegpt_count_ns(dp, &numns, &missing); - delegpt_count_addr(dp, &numaddr, &numres, &numavail); - log_info("DelegationPoint<%s>: %u names (%u missing), " - "%u addrs (%u result, %u avail)%s", - buf, (unsigned)numns, (unsigned)missing, - (unsigned)numaddr, (unsigned)numres, (unsigned)numavail, - (dp->has_parent_side_NS?" parentNS":" cacheNS")); - if(verbosity >= VERB_ALGO) { - for(ns = dp->nslist; ns; ns = ns->next) { - dname_str(ns->name, buf); - log_info(" %s %s%s%s%s%s%s%s", buf, - (ns->resolved?"*":""), - (ns->got4?" A":""), (ns->got6?" AAAA":""), - (dp->bogus?" BOGUS":""), (ns->lame?" PARENTSIDE":""), - (ns->done_pside4?" PSIDE_A":""), - (ns->done_pside6?" PSIDE_AAAA":"")); - } - for(a = dp->target_list; a; a = a->next_target) { - const char* str = " "; - if(a->bogus && a->lame) str = " BOGUS ADDR_LAME "; - else if(a->bogus) str = " BOGUS "; - else if(a->lame) str = " ADDR_LAME "; - log_addr(VERB_ALGO, str, &a->addr, a->addrlen); - } - } -} - -void -delegpt_add_unused_targets(struct delegpt* dp) -{ - struct delegpt_addr* usa = dp->usable_list; - dp->usable_list = NULL; - while(usa) { - usa->next_result = dp->result_list; - dp->result_list = usa; - usa = usa->next_usable; - } -} - -size_t -delegpt_count_targets(struct delegpt* dp) -{ - struct delegpt_addr* a; - size_t n = 0; - for(a = dp->target_list; a; a = a->next_target) - n++; - return n; -} - -size_t -delegpt_count_missing_targets(struct delegpt* dp) -{ - struct delegpt_ns* ns; - size_t n = 0; - for(ns = dp->nslist; ns; ns = ns->next) - if(!ns->resolved) - n++; - return n; -} - -/** find NS rrset in given list */ -static struct ub_packed_rrset_key* -find_NS(struct reply_info* rep, size_t from, size_t to) -{ - size_t i; - for(i=from; irrsets[i]->rk.type) == LDNS_RR_TYPE_NS) - return rep->rrsets[i]; - } - return NULL; -} - -struct delegpt* -delegpt_from_message(struct dns_msg* msg, struct regional* region) -{ - struct ub_packed_rrset_key* ns_rrset = NULL; - struct delegpt* dp; - size_t i; - /* look for NS records in the authority section... */ - ns_rrset = find_NS(msg->rep, msg->rep->an_numrrsets, - msg->rep->an_numrrsets+msg->rep->ns_numrrsets); - - /* In some cases (even legitimate, perfectly legal cases), the - * NS set for the "referral" might be in the answer section. */ - if(!ns_rrset) - ns_rrset = find_NS(msg->rep, 0, msg->rep->an_numrrsets); - - /* If there was no NS rrset in the authority section, then this - * wasn't a referral message. (It might not actually be a - * referral message anyway) */ - if(!ns_rrset) - return NULL; - - /* If we found any, then Yay! we have a delegation point. */ - dp = delegpt_create(region); - if(!dp) - return NULL; - dp->has_parent_side_NS = 1; /* created from message */ - if(!delegpt_set_name(dp, region, ns_rrset->rk.dname)) - return NULL; - if(!delegpt_rrset_add_ns(dp, region, ns_rrset, 0)) - return NULL; - - /* add glue, A and AAAA in answer and additional section */ - for(i=0; irep->rrset_count; i++) { - struct ub_packed_rrset_key* s = msg->rep->rrsets[i]; - /* skip auth section. FIXME really needed?*/ - if(msg->rep->an_numrrsets <= i && - i < (msg->rep->an_numrrsets+msg->rep->ns_numrrsets)) - continue; - - if(ntohs(s->rk.type) == LDNS_RR_TYPE_A) { - if(!delegpt_add_rrset_A(dp, region, s, 0)) - return NULL; - } else if(ntohs(s->rk.type) == LDNS_RR_TYPE_AAAA) { - if(!delegpt_add_rrset_AAAA(dp, region, s, 0)) - return NULL; - } - } - return dp; -} - -int -delegpt_rrset_add_ns(struct delegpt* dp, struct regional* region, - struct ub_packed_rrset_key* ns_rrset, uint8_t lame) -{ - struct packed_rrset_data* nsdata = (struct packed_rrset_data*) - ns_rrset->entry.data; - size_t i; - log_assert(!dp->dp_type_mlc); - if(nsdata->security == sec_status_bogus) - dp->bogus = 1; - for(i=0; icount; i++) { - if(nsdata->rr_len[i] < 2+1) continue; /* len + root label */ - if(dname_valid(nsdata->rr_data[i]+2, nsdata->rr_len[i]-2) != - (size_t)sldns_read_uint16(nsdata->rr_data[i])) - continue; /* bad format */ - /* add rdata of NS (= wirefmt dname), skip rdatalen bytes */ - if(!delegpt_add_ns(dp, region, nsdata->rr_data[i]+2, lame)) - return 0; - } - return 1; -} - -int -delegpt_add_rrset_A(struct delegpt* dp, struct regional* region, - struct ub_packed_rrset_key* ak, uint8_t lame) -{ - struct packed_rrset_data* d=(struct packed_rrset_data*)ak->entry.data; - size_t i; - struct sockaddr_in sa; - socklen_t len = (socklen_t)sizeof(sa); - log_assert(!dp->dp_type_mlc); - memset(&sa, 0, len); - sa.sin_family = AF_INET; - sa.sin_port = (in_port_t)htons(UNBOUND_DNS_PORT); - for(i=0; icount; i++) { - if(d->rr_len[i] != 2 + INET_SIZE) - continue; - memmove(&sa.sin_addr, d->rr_data[i]+2, INET_SIZE); - if(!delegpt_add_target(dp, region, ak->rk.dname, - ak->rk.dname_len, (struct sockaddr_storage*)&sa, - len, (d->security==sec_status_bogus), lame)) - return 0; - } - return 1; -} - -int -delegpt_add_rrset_AAAA(struct delegpt* dp, struct regional* region, - struct ub_packed_rrset_key* ak, uint8_t lame) -{ - struct packed_rrset_data* d=(struct packed_rrset_data*)ak->entry.data; - size_t i; - struct sockaddr_in6 sa; - socklen_t len = (socklen_t)sizeof(sa); - log_assert(!dp->dp_type_mlc); - memset(&sa, 0, len); - sa.sin6_family = AF_INET6; - sa.sin6_port = (in_port_t)htons(UNBOUND_DNS_PORT); - for(i=0; icount; i++) { - if(d->rr_len[i] != 2 + INET6_SIZE) /* rdatalen + len of IP6 */ - continue; - memmove(&sa.sin6_addr, d->rr_data[i]+2, INET6_SIZE); - if(!delegpt_add_target(dp, region, ak->rk.dname, - ak->rk.dname_len, (struct sockaddr_storage*)&sa, - len, (d->security==sec_status_bogus), lame)) - return 0; - } - return 1; -} - -int -delegpt_add_rrset(struct delegpt* dp, struct regional* region, - struct ub_packed_rrset_key* rrset, uint8_t lame) -{ - if(!rrset) - return 1; - if(ntohs(rrset->rk.type) == LDNS_RR_TYPE_NS) - return delegpt_rrset_add_ns(dp, region, rrset, lame); - else if(ntohs(rrset->rk.type) == LDNS_RR_TYPE_A) - return delegpt_add_rrset_A(dp, region, rrset, lame); - else if(ntohs(rrset->rk.type) == LDNS_RR_TYPE_AAAA) - return delegpt_add_rrset_AAAA(dp, region, rrset, lame); - log_warn("Unknown rrset type added to delegpt"); - return 1; -} - -void delegpt_add_neg_msg(struct delegpt* dp, struct msgreply_entry* msg) -{ - struct reply_info* rep = (struct reply_info*)msg->entry.data; - if(!rep) return; - - /* if error or no answers */ - if(FLAGS_GET_RCODE(rep->flags) != 0 || rep->an_numrrsets == 0) { - struct delegpt_ns* ns = delegpt_find_ns(dp, msg->key.qname, - msg->key.qname_len); - if(ns) { - if(msg->key.qtype == LDNS_RR_TYPE_A) - ns->got4 = 1; - else if(msg->key.qtype == LDNS_RR_TYPE_AAAA) - ns->got6 = 1; - if(ns->got4 && ns->got6) - ns->resolved = 1; - } - } -} - -void delegpt_no_ipv6(struct delegpt* dp) -{ - struct delegpt_ns* ns; - for(ns = dp->nslist; ns; ns = ns->next) { - /* no ipv6, so only ipv4 is enough to resolve a nameserver */ - if(ns->got4) - ns->resolved = 1; - } -} - -void delegpt_no_ipv4(struct delegpt* dp) -{ - struct delegpt_ns* ns; - for(ns = dp->nslist; ns; ns = ns->next) { - /* no ipv4, so only ipv6 is enough to resolve a nameserver */ - if(ns->got6) - ns->resolved = 1; - } -} - -struct delegpt* delegpt_create_mlc(uint8_t* name) -{ - struct delegpt* dp=(struct delegpt*)calloc(1, sizeof(*dp)); - if(!dp) - return NULL; - dp->dp_type_mlc = 1; - if(name) { - dp->namelabs = dname_count_size_labels(name, &dp->namelen); - dp->name = memdup(name, dp->namelen); - if(!dp->name) { - free(dp); - return NULL; - } - } - return dp; -} - -void delegpt_free_mlc(struct delegpt* dp) -{ - struct delegpt_ns* n, *nn; - struct delegpt_addr* a, *na; - if(!dp) return; - log_assert(dp->dp_type_mlc); - n = dp->nslist; - while(n) { - nn = n->next; - free(n->name); - free(n); - n = nn; - } - a = dp->target_list; - while(a) { - na = a->next_target; - free(a); - a = na; - } - free(dp->name); - free(dp); -} - -int delegpt_set_name_mlc(struct delegpt* dp, uint8_t* name) -{ - log_assert(dp->dp_type_mlc); - dp->namelabs = dname_count_size_labels(name, &dp->namelen); - dp->name = memdup(name, dp->namelen); - return (dp->name != NULL); -} - -int delegpt_add_ns_mlc(struct delegpt* dp, uint8_t* name, uint8_t lame) -{ - struct delegpt_ns* ns; - size_t len; - (void)dname_count_size_labels(name, &len); - log_assert(dp->dp_type_mlc); - /* slow check for duplicates to avoid counting failures when - * adding the same server as a dependency twice */ - if(delegpt_find_ns(dp, name, len)) - return 1; - ns = (struct delegpt_ns*)malloc(sizeof(struct delegpt_ns)); - if(!ns) - return 0; - ns->namelen = len; - ns->name = memdup(name, ns->namelen); - if(!ns->name) { - free(ns); - return 0; - } - ns->next = dp->nslist; - dp->nslist = ns; - ns->resolved = 0; - ns->got4 = 0; - ns->got6 = 0; - ns->lame = (uint8_t)lame; - ns->done_pside4 = 0; - ns->done_pside6 = 0; - return 1; -} - -int delegpt_add_addr_mlc(struct delegpt* dp, struct sockaddr_storage* addr, - socklen_t addrlen, uint8_t bogus, uint8_t lame) -{ - struct delegpt_addr* a; - log_assert(dp->dp_type_mlc); - /* check for duplicates */ - if((a = delegpt_find_addr(dp, addr, addrlen))) { - if(bogus) - a->bogus = bogus; - if(!lame) - a->lame = 0; - return 1; - } - - a = (struct delegpt_addr*)malloc(sizeof(struct delegpt_addr)); - if(!a) - return 0; - a->next_target = dp->target_list; - dp->target_list = a; - a->next_result = 0; - a->next_usable = dp->usable_list; - dp->usable_list = a; - memcpy(&a->addr, addr, addrlen); - a->addrlen = addrlen; - a->attempts = 0; - a->bogus = bogus; - a->lame = lame; - a->dnsseclame = 0; - return 1; -} - -int delegpt_add_target_mlc(struct delegpt* dp, uint8_t* name, size_t namelen, - struct sockaddr_storage* addr, socklen_t addrlen, uint8_t bogus, - uint8_t lame) -{ - struct delegpt_ns* ns = delegpt_find_ns(dp, name, namelen); - log_assert(dp->dp_type_mlc); - if(!ns) { - /* ignore it */ - return 1; - } - if(!lame) { - if(addr_is_ip6(addr, addrlen)) - ns->got6 = 1; - else ns->got4 = 1; - if(ns->got4 && ns->got6) - ns->resolved = 1; - } - return delegpt_add_addr_mlc(dp, addr, addrlen, bogus, lame); -} - -size_t delegpt_get_mem(struct delegpt* dp) -{ - struct delegpt_ns* ns; - size_t s; - if(!dp) return 0; - s = sizeof(*dp) + dp->namelen + - delegpt_count_targets(dp)*sizeof(struct delegpt_addr); - for(ns=dp->nslist; ns; ns=ns->next) - s += sizeof(*ns)+ns->namelen; - return s; -} diff --git a/external/unbound/iterator/iter_delegpt.h b/external/unbound/iterator/iter_delegpt.h deleted file mode 100644 index 4bd79c81a..000000000 --- a/external/unbound/iterator/iter_delegpt.h +++ /dev/null @@ -1,419 +0,0 @@ -/* - * iterator/iter_delegpt.h - delegation point with NS and address information. - * - * Copyright (c) 2007, NLnet Labs. All rights reserved. - * - * This software is open source. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * Redistributions of source code must retain the above copyright notice, - * this list of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, - * this list of conditions and the following disclaimer in the documentation - * and/or other materials provided with the distribution. - * - * Neither the name of the NLNET LABS nor the names of its contributors may - * be used to endorse or promote products derived from this software without - * specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR - * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT - * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED - * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR - * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF - * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING - * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -/** - * \file - * - * This file implements the Delegation Point. It contains a list of name servers - * and their addresses if known. - */ - -#ifndef ITERATOR_ITER_DELEGPT_H -#define ITERATOR_ITER_DELEGPT_H -#include "util/log.h" -struct regional; -struct delegpt_ns; -struct delegpt_addr; -struct dns_msg; -struct ub_packed_rrset_key; -struct msgreply_entry; - -/** - * Delegation Point. - * For a domain name, the NS rrset, and the A and AAAA records for those. - */ -struct delegpt { - /** the domain name of the delegation point. */ - uint8_t* name; - /** length of the delegation point name */ - size_t namelen; - /** number of labels in delegation point */ - int namelabs; - - /** the nameservers, names from the NS RRset rdata. */ - struct delegpt_ns* nslist; - /** the target addresses for delegation */ - struct delegpt_addr* target_list; - /** the list of usable targets; subset of target_list - * the items in this list are not part of the result list. */ - struct delegpt_addr* usable_list; - /** the list of returned targets; subset of target_list */ - struct delegpt_addr* result_list; - - /** if true, the NS RRset was bogus. All info is bad. */ - int bogus; - /** if true, the parent-side NS record has been applied: - * its names have been added and their addresses can follow later. - * Also true if the delegationpoint was created from a delegation - * message and thus contains the parent-side-info already. */ - uint8_t has_parent_side_NS; - /** for assertions on type of delegpt */ - uint8_t dp_type_mlc; - /** use SSL for upstream query */ - uint8_t ssl_upstream; -}; - -/** - * Nameservers for a delegation point. - */ -struct delegpt_ns { - /** next in list */ - struct delegpt_ns* next; - /** name of nameserver */ - uint8_t* name; - /** length of name */ - size_t namelen; - /** - * If the name has been resolved. false if not queried for yet. - * true if the A, AAAA queries have been generated. - * marked true if those queries fail. - * and marked true if got4 and got6 are both true. - */ - int resolved; - /** if the ipv4 address is in the delegpt */ - uint8_t got4; - /** if the ipv6 address is in the delegpt */ - uint8_t got6; - /** - * If the name is parent-side only and thus dispreferred. - * Its addresses become dispreferred as well - */ - uint8_t lame; - /** if the parent-side ipv4 address has been looked up (last resort). - * Also enabled if a parent-side cache entry exists, or a parent-side - * negative-cache entry exists. */ - uint8_t done_pside4; - /** if the parent-side ipv6 address has been looked up (last resort). - * Also enabled if a parent-side cache entry exists, or a parent-side - * negative-cache entry exists. */ - uint8_t done_pside6; -}; - -/** - * Address of target nameserver in delegation point. - */ -struct delegpt_addr { - /** next delegation point in results */ - struct delegpt_addr* next_result; - /** next delegation point in usable list */ - struct delegpt_addr* next_usable; - /** next delegation point in all targets list */ - struct delegpt_addr* next_target; - - /** delegation point address */ - struct sockaddr_storage addr; - /** length of addr */ - socklen_t addrlen; - /** number of attempts for this addr */ - int attempts; - /** rtt stored here in the selection algorithm */ - int sel_rtt; - /** if true, the A or AAAA RR was bogus, so this address is bad. - * Also check the dp->bogus to see if everything is bogus. */ - uint8_t bogus; - /** if true, this address is dispreferred: it is a lame IP address */ - uint8_t lame; - /** if the address is dnsseclame, but this cannot be cached, this - * option is useful to mark the address dnsseclame. - * This value is not copied in addr-copy and dp-copy. */ - uint8_t dnsseclame; -}; - -/** - * Create new delegation point. - * @param regional: where to allocate it. - * @return new delegation point or NULL on error. - */ -struct delegpt* delegpt_create(struct regional* regional); - -/** - * Create a copy of a delegation point. - * @param dp: delegation point to copy. - * @param regional: where to allocate it. - * @return new delegation point or NULL on error. - */ -struct delegpt* delegpt_copy(struct delegpt* dp, struct regional* regional); - -/** - * Set name of delegation point. - * @param dp: delegation point. - * @param regional: where to allocate the name copy. - * @param name: name to use. - * @return false on error. - */ -int delegpt_set_name(struct delegpt* dp, struct regional* regional, - uint8_t* name); - -/** - * Add a name to the delegation point. - * @param dp: delegation point. - * @param regional: where to allocate the info. - * @param name: domain name in wire format. - * @param lame: name is lame, disprefer it. - * @return false on error. - */ -int delegpt_add_ns(struct delegpt* dp, struct regional* regional, - uint8_t* name, uint8_t lame); - -/** - * Add NS rrset; calls add_ns repeatedly. - * @param dp: delegation point. - * @param regional: where to allocate the info. - * @param ns_rrset: NS rrset. - * @param lame: rrset is lame, disprefer it. - * @return 0 on alloc error. - */ -int delegpt_rrset_add_ns(struct delegpt* dp, struct regional* regional, - struct ub_packed_rrset_key* ns_rrset, uint8_t lame); - -/** - * Add target address to the delegation point. - * @param dp: delegation point. - * @param regional: where to allocate the info. - * @param name: name for which target was found (must be in nslist). - * This name is marked resolved. - * @param namelen: length of name. - * @param addr: the address. - * @param addrlen: the length of addr. - * @param bogus: security status for the address, pass true if bogus. - * @param lame: address is lame. - * @return false on error. - */ -int delegpt_add_target(struct delegpt* dp, struct regional* regional, - uint8_t* name, size_t namelen, struct sockaddr_storage* addr, - socklen_t addrlen, uint8_t bogus, uint8_t lame); - -/** - * Add A RRset to delegpt. - * @param dp: delegation point. - * @param regional: where to allocate the info. - * @param rrset: RRset A to add. - * @param lame: rrset is lame, disprefer it. - * @return 0 on alloc error. - */ -int delegpt_add_rrset_A(struct delegpt* dp, struct regional* regional, - struct ub_packed_rrset_key* rrset, uint8_t lame); - -/** - * Add AAAA RRset to delegpt. - * @param dp: delegation point. - * @param regional: where to allocate the info. - * @param rrset: RRset AAAA to add. - * @param lame: rrset is lame, disprefer it. - * @return 0 on alloc error. - */ -int delegpt_add_rrset_AAAA(struct delegpt* dp, struct regional* regional, - struct ub_packed_rrset_key* rrset, uint8_t lame); - -/** - * Add any RRset to delegpt. - * Does not check for duplicates added. - * @param dp: delegation point. - * @param regional: where to allocate the info. - * @param rrset: RRset to add, NS, A, AAAA. - * @param lame: rrset is lame, disprefer it. - * @return 0 on alloc error. - */ -int delegpt_add_rrset(struct delegpt* dp, struct regional* regional, - struct ub_packed_rrset_key* rrset, uint8_t lame); - -/** - * Add address to the delegation point. No servername is associated or checked. - * @param dp: delegation point. - * @param regional: where to allocate the info. - * @param addr: the address. - * @param addrlen: the length of addr. - * @param bogus: if address is bogus. - * @param lame: if address is lame. - * @return false on error. - */ -int delegpt_add_addr(struct delegpt* dp, struct regional* regional, - struct sockaddr_storage* addr, socklen_t addrlen, - uint8_t bogus, uint8_t lame); - -/** - * Find NS record in name list of delegation point. - * @param dp: delegation point. - * @param name: name of nameserver to look for, uncompressed wireformat. - * @param namelen: length of name. - * @return the ns structure or NULL if not found. - */ -struct delegpt_ns* delegpt_find_ns(struct delegpt* dp, uint8_t* name, - size_t namelen); - -/** - * Find address record in total list of delegation point. - * @param dp: delegation point. - * @param addr: address - * @param addrlen: length of addr - * @return the addr structure or NULL if not found. - */ -struct delegpt_addr* delegpt_find_addr(struct delegpt* dp, - struct sockaddr_storage* addr, socklen_t addrlen); - -/** - * Print the delegation point to the log. For debugging. - * @param v: verbosity value that is needed to emit to log. - * @param dp: delegation point. - */ -void delegpt_log(enum verbosity_value v, struct delegpt* dp); - -/** count NS and number missing for logging */ -void delegpt_count_ns(struct delegpt* dp, size_t* numns, size_t* missing); - -/** count addresses, and number in result and available lists, for logging */ -void delegpt_count_addr(struct delegpt* dp, size_t* numaddr, size_t* numres, - size_t* numavail); - -/** - * Add all usable targets to the result list. - * @param dp: delegation point. - */ -void delegpt_add_unused_targets(struct delegpt* dp); - -/** - * Count number of missing targets. These are ns names with no resolved flag. - * @param dp: delegation point. - * @return number of missing targets (or 0). - */ -size_t delegpt_count_missing_targets(struct delegpt* dp); - -/** count total number of targets in dp */ -size_t delegpt_count_targets(struct delegpt* dp); - -/** - * Create new delegation point from a dns message - * - * Note that this method does not actually test to see if the message is an - * actual referral. It really is just checking to see if it can construct a - * delegation point, so the message could be of some other type (some ANSWER - * messages, some CNAME messages, generally.) Note that the resulting - * DelegationPoint will contain targets for all "relevant" glue (i.e., - * address records whose ownernames match the target of one of the NS - * records), so if policy dictates that some glue should be discarded beyond - * that, discard it before calling this method. Note that this method will - * find "glue" in either the ADDITIONAL section or the ANSWER section. - * - * @param msg: the dns message, referral. - * @param regional: where to allocate delegation point. - * @return new delegation point or NULL on alloc error, or if the - * message was not appropriate. - */ -struct delegpt* delegpt_from_message(struct dns_msg* msg, - struct regional* regional); - -/** - * Add negative message to delegation point. - * @param dp: delegation point. - * @param msg: the message added, marks off A or AAAA from an NS entry. - */ -void delegpt_add_neg_msg(struct delegpt* dp, struct msgreply_entry* msg); - -/** - * Register the fact that there is no ipv6 and thus AAAAs are not going - * to be queried for or be useful. - * @param dp: the delegation point. Updated to reflect no ipv6. - */ -void delegpt_no_ipv6(struct delegpt* dp); - -/** - * Register the fact that there is no ipv4 and thus As are not going - * to be queried for or be useful. - * @param dp: the delegation point. Updated to reflect no ipv4. - */ -void delegpt_no_ipv4(struct delegpt* dp); - -/** - * create malloced delegation point, with the given name - * @param name: uncompressed wireformat of delegpt name. - * @return NULL on alloc failure - */ -struct delegpt* delegpt_create_mlc(uint8_t* name); - -/** - * free malloced delegation point. - * @param dp: must have been created with delegpt_create_mlc, free'd. - */ -void delegpt_free_mlc(struct delegpt* dp); - -/** - * Set name of delegation point. - * @param dp: delegation point. malloced. - * @param name: name to use. - * @return false on error. - */ -int delegpt_set_name_mlc(struct delegpt* dp, uint8_t* name); - -/** - * add a name to malloced delegation point. - * @param dp: must have been created with delegpt_create_mlc. - * @param name: the name to add. - * @param lame: the name is lame, disprefer. - * @return false on error. - */ -int delegpt_add_ns_mlc(struct delegpt* dp, uint8_t* name, uint8_t lame); - -/** - * add an address to a malloced delegation point. - * @param dp: must have been created with delegpt_create_mlc. - * @param addr: the address. - * @param addrlen: the length of addr. - * @param bogus: if address is bogus. - * @param lame: if address is lame. - * @return false on error. - */ -int delegpt_add_addr_mlc(struct delegpt* dp, struct sockaddr_storage* addr, - socklen_t addrlen, uint8_t bogus, uint8_t lame); - -/** - * Add target address to the delegation point. - * @param dp: must have been created with delegpt_create_mlc. - * @param name: name for which target was found (must be in nslist). - * This name is marked resolved. - * @param namelen: length of name. - * @param addr: the address. - * @param addrlen: the length of addr. - * @param bogus: security status for the address, pass true if bogus. - * @param lame: address is lame. - * @return false on error. - */ -int delegpt_add_target_mlc(struct delegpt* dp, uint8_t* name, size_t namelen, - struct sockaddr_storage* addr, socklen_t addrlen, uint8_t bogus, - uint8_t lame); - -/** get memory in use by dp */ -size_t delegpt_get_mem(struct delegpt* dp); - -#endif /* ITERATOR_ITER_DELEGPT_H */ diff --git a/external/unbound/iterator/iter_donotq.c b/external/unbound/iterator/iter_donotq.c deleted file mode 100644 index 40ffb45c4..000000000 --- a/external/unbound/iterator/iter_donotq.c +++ /dev/null @@ -1,153 +0,0 @@ -/* - * iterator/iter_donotq.c - iterative resolver donotqueryaddresses storage. - * - * Copyright (c) 2007, NLnet Labs. All rights reserved. - * - * This software is open source. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * Redistributions of source code must retain the above copyright notice, - * this list of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, - * this list of conditions and the following disclaimer in the documentation - * and/or other materials provided with the distribution. - * - * Neither the name of the NLNET LABS nor the names of its contributors may - * be used to endorse or promote products derived from this software without - * specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR - * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT - * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED - * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR - * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF - * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING - * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -/** - * \file - * - * This file contains functions to assist the iterator module. - * The donotqueryaddresses are stored and looked up. These addresses - * (like 127.0.0.1) must not be used to send queries to, and can be - * discarded immediately from the server selection. - */ -#include "config.h" -#include "iterator/iter_donotq.h" -#include "util/regional.h" -#include "util/log.h" -#include "util/config_file.h" -#include "util/net_help.h" - -struct iter_donotq* -donotq_create(void) -{ - struct iter_donotq* dq = (struct iter_donotq*)calloc(1, - sizeof(struct iter_donotq)); - if(!dq) - return NULL; - dq->region = regional_create(); - if(!dq->region) { - donotq_delete(dq); - return NULL; - } - return dq; -} - -void -donotq_delete(struct iter_donotq* dq) -{ - if(!dq) - return; - regional_destroy(dq->region); - free(dq); -} - -/** insert new address into donotq structure */ -static int -donotq_insert(struct iter_donotq* dq, struct sockaddr_storage* addr, - socklen_t addrlen, int net) -{ - struct addr_tree_node* node = (struct addr_tree_node*)regional_alloc( - dq->region, sizeof(*node)); - if(!node) - return 0; - if(!addr_tree_insert(&dq->tree, node, addr, addrlen, net)) { - verbose(VERB_QUERY, "duplicate donotquery address ignored."); - } - return 1; -} - -/** apply donotq string */ -static int -donotq_str_cfg(struct iter_donotq* dq, const char* str) -{ - struct sockaddr_storage addr; - int net; - socklen_t addrlen; - verbose(VERB_ALGO, "donotq: %s", str); - if(!netblockstrtoaddr(str, UNBOUND_DNS_PORT, &addr, &addrlen, &net)) { - log_err("cannot parse donotquery netblock: %s", str); - return 0; - } - if(!donotq_insert(dq, &addr, addrlen, net)) { - log_err("out of memory"); - return 0; - } - return 1; -} - -/** read donotq config */ -static int -read_donotq(struct iter_donotq* dq, struct config_file* cfg) -{ - struct config_strlist* p; - for(p = cfg->donotqueryaddrs; p; p = p->next) { - log_assert(p->str); - if(!donotq_str_cfg(dq, p->str)) - return 0; - } - return 1; -} - -int -donotq_apply_cfg(struct iter_donotq* dq, struct config_file* cfg) -{ - regional_free_all(dq->region); - addr_tree_init(&dq->tree); - if(!read_donotq(dq, cfg)) - return 0; - if(cfg->donotquery_localhost) { - if(!donotq_str_cfg(dq, "127.0.0.0/8")) - return 0; - if(cfg->do_ip6) { - if(!donotq_str_cfg(dq, "::1")) - return 0; - } - } - addr_tree_init_parents(&dq->tree); - return 1; -} - -int -donotq_lookup(struct iter_donotq* donotq, struct sockaddr_storage* addr, - socklen_t addrlen) -{ - return addr_tree_lookup(&donotq->tree, addr, addrlen) != NULL; -} - -size_t -donotq_get_mem(struct iter_donotq* donotq) -{ - if(!donotq) return 0; - return sizeof(*donotq) + regional_get_mem(donotq->region); -} diff --git a/external/unbound/iterator/iter_donotq.h b/external/unbound/iterator/iter_donotq.h deleted file mode 100644 index 14105073a..000000000 --- a/external/unbound/iterator/iter_donotq.h +++ /dev/null @@ -1,101 +0,0 @@ -/* - * iterator/iter_donotq.h - iterative resolver donotqueryaddresses storage. - * - * Copyright (c) 2007, NLnet Labs. All rights reserved. - * - * This software is open source. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * Redistributions of source code must retain the above copyright notice, - * this list of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, - * this list of conditions and the following disclaimer in the documentation - * and/or other materials provided with the distribution. - * - * Neither the name of the NLNET LABS nor the names of its contributors may - * be used to endorse or promote products derived from this software without - * specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR - * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT - * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED - * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR - * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF - * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING - * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -/** - * \file - * - * This file contains functions to assist the iterator module. - * Keep track of the donotquery addresses and lookup fast. - */ - -#ifndef ITERATOR_ITER_DONOTQ_H -#define ITERATOR_ITER_DONOTQ_H -#include "util/storage/dnstree.h" -struct iter_env; -struct config_file; -struct regional; - -/** - * Iterator donotqueryaddresses structure - */ -struct iter_donotq { - /** regional for allocation */ - struct regional* region; - /** - * Tree of the address spans that are blocked. - * contents of type addr_tree_node. Each node is an address span - * that must not be used to send queries to. - */ - rbtree_type tree; -}; - -/** - * Create donotqueryaddresses structure - * @return new structure or NULL on error. - */ -struct iter_donotq* donotq_create(void); - -/** - * Delete donotqueryaddresses structure. - * @param donotq: to delete. - */ -void donotq_delete(struct iter_donotq* donotq); - -/** - * Process donotqueryaddresses config. - * @param donotq: where to store. - * @param cfg: config options. - * @return 0 on error. - */ -int donotq_apply_cfg(struct iter_donotq* donotq, struct config_file* cfg); - -/** - * See if an address is blocked. - * @param donotq: structure for address storage. - * @param addr: address to check - * @param addrlen: length of addr. - * @return: true if the address must not be queried. false if unlisted. - */ -int donotq_lookup(struct iter_donotq* donotq, struct sockaddr_storage* addr, - socklen_t addrlen); - -/** - * Get memory used by donotqueryaddresses structure. - * @param donotq: structure for address storage. - * @return bytes in use. - */ -size_t donotq_get_mem(struct iter_donotq* donotq); - -#endif /* ITERATOR_ITER_DONOTQ_H */ diff --git a/external/unbound/iterator/iter_fwd.c b/external/unbound/iterator/iter_fwd.c deleted file mode 100644 index 0ba6c6ddf..000000000 --- a/external/unbound/iterator/iter_fwd.c +++ /dev/null @@ -1,509 +0,0 @@ -/* - * iterator/iter_fwd.c - iterative resolver module forward zones. - * - * Copyright (c) 2007, NLnet Labs. All rights reserved. - * - * This software is open source. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * Redistributions of source code must retain the above copyright notice, - * this list of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, - * this list of conditions and the following disclaimer in the documentation - * and/or other materials provided with the distribution. - * - * Neither the name of the NLNET LABS nor the names of its contributors may - * be used to endorse or promote products derived from this software without - * specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR - * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT - * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED - * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR - * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF - * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING - * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -/** - * \file - * - * This file contains functions to assist the iterator module. - * Keep track of forward zones and config settings. - */ -#include "config.h" -#include "iterator/iter_fwd.h" -#include "iterator/iter_delegpt.h" -#include "util/log.h" -#include "util/config_file.h" -#include "util/net_help.h" -#include "util/data/dname.h" -#include "sldns/rrdef.h" -#include "sldns/str2wire.h" - -int -fwd_cmp(const void* k1, const void* k2) -{ - int m; - struct iter_forward_zone* n1 = (struct iter_forward_zone*)k1; - struct iter_forward_zone* n2 = (struct iter_forward_zone*)k2; - if(n1->dclass != n2->dclass) { - if(n1->dclass < n2->dclass) - return -1; - return 1; - } - return dname_lab_cmp(n1->name, n1->namelabs, n2->name, n2->namelabs, - &m); -} - -struct iter_forwards* -forwards_create(void) -{ - struct iter_forwards* fwd = (struct iter_forwards*)calloc(1, - sizeof(struct iter_forwards)); - if(!fwd) - return NULL; - return fwd; -} - -static void fwd_zone_free(struct iter_forward_zone* n) -{ - if(!n) return; - delegpt_free_mlc(n->dp); - free(n->name); - free(n); -} - -static void delfwdnode(rbnode_type* n, void* ATTR_UNUSED(arg)) -{ - struct iter_forward_zone* node = (struct iter_forward_zone*)n; - fwd_zone_free(node); -} - -static void fwd_del_tree(struct iter_forwards* fwd) -{ - if(fwd->tree) - traverse_postorder(fwd->tree, &delfwdnode, NULL); - free(fwd->tree); -} - -void -forwards_delete(struct iter_forwards* fwd) -{ - if(!fwd) - return; - fwd_del_tree(fwd); - free(fwd); -} - -/** insert info into forward structure */ -static int -forwards_insert_data(struct iter_forwards* fwd, uint16_t c, uint8_t* nm, - size_t nmlen, int nmlabs, struct delegpt* dp) -{ - struct iter_forward_zone* node = (struct iter_forward_zone*)malloc( - sizeof(struct iter_forward_zone)); - if(!node) { - delegpt_free_mlc(dp); - return 0; - } - node->node.key = node; - node->dclass = c; - node->name = memdup(nm, nmlen); - if(!node->name) { - delegpt_free_mlc(dp); - free(node); - return 0; - } - node->namelen = nmlen; - node->namelabs = nmlabs; - node->dp = dp; - if(!rbtree_insert(fwd->tree, &node->node)) { - char buf[257]; - dname_str(nm, buf); - log_err("duplicate forward zone %s ignored.", buf); - delegpt_free_mlc(dp); - free(node->name); - free(node); - } - return 1; -} - -/** insert new info into forward structure given dp */ -static int -forwards_insert(struct iter_forwards* fwd, uint16_t c, struct delegpt* dp) -{ - return forwards_insert_data(fwd, c, dp->name, dp->namelen, - dp->namelabs, dp); -} - -/** initialise parent pointers in the tree */ -static void -fwd_init_parents(struct iter_forwards* fwd) -{ - struct iter_forward_zone* node, *prev = NULL, *p; - int m; - RBTREE_FOR(node, struct iter_forward_zone*, fwd->tree) { - node->parent = NULL; - if(!prev || prev->dclass != node->dclass) { - prev = node; - continue; - } - (void)dname_lab_cmp(prev->name, prev->namelabs, node->name, - node->namelabs, &m); /* we know prev is smaller */ - /* sort order like: . com. bla.com. zwb.com. net. */ - /* find the previous, or parent-parent-parent */ - for(p = prev; p; p = p->parent) - /* looking for name with few labels, a parent */ - if(p->namelabs <= m) { - /* ==: since prev matched m, this is closest*/ - /* <: prev matches more, but is not a parent, - * this one is a (grand)parent */ - node->parent = p; - break; - } - prev = node; - } -} - -/** set zone name */ -static struct delegpt* -read_fwds_name(struct config_stub* s) -{ - struct delegpt* dp; - uint8_t* dname; - size_t dname_len; - if(!s->name) { - log_err("forward zone without a name (use name \".\" to forward everything)"); - return NULL; - } - dname = sldns_str2wire_dname(s->name, &dname_len); - if(!dname) { - log_err("cannot parse forward zone name %s", s->name); - return NULL; - } - if(!(dp=delegpt_create_mlc(dname))) { - free(dname); - log_err("out of memory"); - return NULL; - } - free(dname); - return dp; -} - -/** set fwd host names */ -static int -read_fwds_host(struct config_stub* s, struct delegpt* dp) -{ - struct config_strlist* p; - uint8_t* dname; - size_t dname_len; - for(p = s->hosts; p; p = p->next) { - log_assert(p->str); - dname = sldns_str2wire_dname(p->str, &dname_len); - if(!dname) { - log_err("cannot parse forward %s server name: '%s'", - s->name, p->str); - return 0; - } - if(!delegpt_add_ns_mlc(dp, dname, 0)) { - free(dname); - log_err("out of memory"); - return 0; - } - free(dname); - } - return 1; -} - -/** set fwd server addresses */ -static int -read_fwds_addr(struct config_stub* s, struct delegpt* dp) -{ - struct config_strlist* p; - struct sockaddr_storage addr; - socklen_t addrlen; - for(p = s->addrs; p; p = p->next) { - log_assert(p->str); - if(!extstrtoaddr(p->str, &addr, &addrlen)) { - log_err("cannot parse forward %s ip address: '%s'", - s->name, p->str); - return 0; - } - if(!delegpt_add_addr_mlc(dp, &addr, addrlen, 0, 0)) { - log_err("out of memory"); - return 0; - } - } - return 1; -} - -/** read forwards config */ -static int -read_forwards(struct iter_forwards* fwd, struct config_file* cfg) -{ - struct config_stub* s; - for(s = cfg->forwards; s; s = s->next) { - struct delegpt* dp; - if(!(dp=read_fwds_name(s))) - return 0; - if(!read_fwds_host(s, dp) || !read_fwds_addr(s, dp)) { - delegpt_free_mlc(dp); - return 0; - } - /* set flag that parent side NS information is included. - * Asking a (higher up) server on the internet is not useful */ - /* the flag is turned off for 'forward-first' so that the - * last resort will ask for parent-side NS record and thus - * fallback to the internet name servers on a failure */ - dp->has_parent_side_NS = (uint8_t)!s->isfirst; - /* use SSL for queries to this forwarder */ - dp->ssl_upstream = (uint8_t)s->ssl_upstream; - verbose(VERB_QUERY, "Forward zone server list:"); - delegpt_log(VERB_QUERY, dp); - if(!forwards_insert(fwd, LDNS_RR_CLASS_IN, dp)) - return 0; - } - return 1; -} - -/** insert a stub hole (if necessary) for stub name */ -static int -fwd_add_stub_hole(struct iter_forwards* fwd, uint16_t c, uint8_t* nm) -{ - struct iter_forward_zone key; - key.node.key = &key; - key.dclass = c; - key.name = nm; - key.namelabs = dname_count_size_labels(key.name, &key.namelen); - return forwards_insert_data(fwd, key.dclass, key.name, - key.namelen, key.namelabs, NULL); -} - -/** make NULL entries for stubs */ -static int -make_stub_holes(struct iter_forwards* fwd, struct config_file* cfg) -{ - struct config_stub* s; - uint8_t* dname; - size_t dname_len; - for(s = cfg->stubs; s; s = s->next) { - if(!s->name) continue; - dname = sldns_str2wire_dname(s->name, &dname_len); - if(!dname) { - log_err("cannot parse stub name '%s'", s->name); - return 0; - } - if(!fwd_add_stub_hole(fwd, LDNS_RR_CLASS_IN, dname)) { - free(dname); - log_err("out of memory"); - return 0; - } - free(dname); - } - return 1; -} - -int -forwards_apply_cfg(struct iter_forwards* fwd, struct config_file* cfg) -{ - fwd_del_tree(fwd); - fwd->tree = rbtree_create(fwd_cmp); - if(!fwd->tree) - return 0; - - /* read forward zones */ - if(!read_forwards(fwd, cfg)) - return 0; - if(!make_stub_holes(fwd, cfg)) - return 0; - fwd_init_parents(fwd); - return 1; -} - -struct delegpt* -forwards_find(struct iter_forwards* fwd, uint8_t* qname, uint16_t qclass) -{ - rbnode_type* res = NULL; - struct iter_forward_zone key; - key.node.key = &key; - key.dclass = qclass; - key.name = qname; - key.namelabs = dname_count_size_labels(qname, &key.namelen); - res = rbtree_search(fwd->tree, &key); - if(res) return ((struct iter_forward_zone*)res)->dp; - return NULL; -} - -struct delegpt* -forwards_lookup(struct iter_forwards* fwd, uint8_t* qname, uint16_t qclass) -{ - /* lookup the forward zone in the tree */ - rbnode_type* res = NULL; - struct iter_forward_zone *result; - struct iter_forward_zone key; - key.node.key = &key; - key.dclass = qclass; - key.name = qname; - key.namelabs = dname_count_size_labels(qname, &key.namelen); - if(rbtree_find_less_equal(fwd->tree, &key, &res)) { - /* exact */ - result = (struct iter_forward_zone*)res; - } else { - /* smaller element (or no element) */ - int m; - result = (struct iter_forward_zone*)res; - if(!result || result->dclass != qclass) - return NULL; - /* count number of labels matched */ - (void)dname_lab_cmp(result->name, result->namelabs, key.name, - key.namelabs, &m); - while(result) { /* go up until qname is subdomain of stub */ - if(result->namelabs <= m) - break; - result = result->parent; - } - } - if(result) - return result->dp; - return NULL; -} - -struct delegpt* -forwards_lookup_root(struct iter_forwards* fwd, uint16_t qclass) -{ - uint8_t root = 0; - return forwards_lookup(fwd, &root, qclass); -} - -int -forwards_next_root(struct iter_forwards* fwd, uint16_t* dclass) -{ - struct iter_forward_zone key; - rbnode_type* n; - struct iter_forward_zone* p; - if(*dclass == 0) { - /* first root item is first item in tree */ - n = rbtree_first(fwd->tree); - if(n == RBTREE_NULL) - return 0; - p = (struct iter_forward_zone*)n; - if(dname_is_root(p->name)) { - *dclass = p->dclass; - return 1; - } - /* root not first item? search for higher items */ - *dclass = p->dclass + 1; - return forwards_next_root(fwd, dclass); - } - /* find class n in tree, we may get a direct hit, or if we don't - * this is the last item of the previous class so rbtree_next() takes - * us to the next root (if any) */ - key.node.key = &key; - key.name = (uint8_t*)"\000"; - key.namelen = 1; - key.namelabs = 0; - key.dclass = *dclass; - n = NULL; - if(rbtree_find_less_equal(fwd->tree, &key, &n)) { - /* exact */ - return 1; - } else { - /* smaller element */ - if(!n || n == RBTREE_NULL) - return 0; /* nothing found */ - n = rbtree_next(n); - if(n == RBTREE_NULL) - return 0; /* no higher */ - p = (struct iter_forward_zone*)n; - if(dname_is_root(p->name)) { - *dclass = p->dclass; - return 1; - } - /* not a root node, return next higher item */ - *dclass = p->dclass+1; - return forwards_next_root(fwd, dclass); - } -} - -size_t -forwards_get_mem(struct iter_forwards* fwd) -{ - struct iter_forward_zone* p; - size_t s; - if(!fwd) - return 0; - s = sizeof(*fwd) + sizeof(*fwd->tree); - RBTREE_FOR(p, struct iter_forward_zone*, fwd->tree) { - s += sizeof(*p) + p->namelen + delegpt_get_mem(p->dp); - } - return s; -} - -static struct iter_forward_zone* -fwd_zone_find(struct iter_forwards* fwd, uint16_t c, uint8_t* nm) -{ - struct iter_forward_zone key; - key.node.key = &key; - key.dclass = c; - key.name = nm; - key.namelabs = dname_count_size_labels(nm, &key.namelen); - return (struct iter_forward_zone*)rbtree_search(fwd->tree, &key); -} - -int -forwards_add_zone(struct iter_forwards* fwd, uint16_t c, struct delegpt* dp) -{ - struct iter_forward_zone *z; - if((z=fwd_zone_find(fwd, c, dp->name)) != NULL) { - (void)rbtree_delete(fwd->tree, &z->node); - fwd_zone_free(z); - } - if(!forwards_insert(fwd, c, dp)) - return 0; - fwd_init_parents(fwd); - return 1; -} - -void -forwards_delete_zone(struct iter_forwards* fwd, uint16_t c, uint8_t* nm) -{ - struct iter_forward_zone *z; - if(!(z=fwd_zone_find(fwd, c, nm))) - return; /* nothing to do */ - (void)rbtree_delete(fwd->tree, &z->node); - fwd_zone_free(z); - fwd_init_parents(fwd); -} - -int -forwards_add_stub_hole(struct iter_forwards* fwd, uint16_t c, uint8_t* nm) -{ - if(!fwd_add_stub_hole(fwd, c, nm)) { - return 0; - } - fwd_init_parents(fwd); - return 1; -} - -void -forwards_delete_stub_hole(struct iter_forwards* fwd, uint16_t c, uint8_t* nm) -{ - struct iter_forward_zone *z; - if(!(z=fwd_zone_find(fwd, c, nm))) - return; /* nothing to do */ - if(z->dp != NULL) - return; /* not a stub hole */ - (void)rbtree_delete(fwd->tree, &z->node); - fwd_zone_free(z); - fwd_init_parents(fwd); -} - diff --git a/external/unbound/iterator/iter_fwd.h b/external/unbound/iterator/iter_fwd.h deleted file mode 100644 index e90b74c16..000000000 --- a/external/unbound/iterator/iter_fwd.h +++ /dev/null @@ -1,199 +0,0 @@ -/* - * iterator/iter_fwd.h - iterative resolver module forward zones. - * - * Copyright (c) 2007, NLnet Labs. All rights reserved. - * - * This software is open source. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * Redistributions of source code must retain the above copyright notice, - * this list of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, - * this list of conditions and the following disclaimer in the documentation - * and/or other materials provided with the distribution. - * - * Neither the name of the NLNET LABS nor the names of its contributors may - * be used to endorse or promote products derived from this software without - * specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR - * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT - * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED - * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR - * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF - * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING - * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -/** - * \file - * - * This file contains functions to assist the iterator module. - * Keep track of forward zones, and read those from config. - */ - -#ifndef ITERATOR_ITER_FWD_H -#define ITERATOR_ITER_FWD_H -#include "util/rbtree.h" -struct config_file; -struct delegpt; - -/** - * Iterator forward zones structure - */ -struct iter_forwards { - /** - * Zones are stored in this tree. Sort order is specially chosen. - * first sorted on qclass. Then on dname in nsec-like order, so that - * a lookup on class, name will return an exact match or the closest - * match which gives the ancestor needed. - * contents of type iter_forward_zone. - */ - rbtree_type* tree; -}; - -/** - * Iterator forward servers for a particular zone. - */ -struct iter_forward_zone { - /** redblacktree node, key is this structure: class and name */ - rbnode_type node; - /** name */ - uint8_t* name; - /** length of name */ - size_t namelen; - /** number of labels in name */ - int namelabs; - /** delegation point with forward server information for this zone. - * If NULL then this forward entry is used to indicate that a - * stub-zone with the same name exists, and should be used. - * This delegation point is malloced. - */ - struct delegpt* dp; - /** pointer to parent in tree (or NULL if none) */ - struct iter_forward_zone* parent; - /** class. host order. */ - uint16_t dclass; -}; - -/** - * Create forwards - * @return new forwards or NULL on error. - */ -struct iter_forwards* forwards_create(void); - -/** - * Delete forwards. - * @param fwd: to delete. - */ -void forwards_delete(struct iter_forwards* fwd); - -/** - * Process forwards config. - * @param fwd: where to store. - * @param cfg: config options. - * @return 0 on error. - */ -int forwards_apply_cfg(struct iter_forwards* fwd, struct config_file* cfg); - -/** - * Find forward zone exactly by name - * @param fwd: forward storage. - * @param qname: The qname of the query. - * @param qclass: The qclass of the query. - * @return: A delegation point or null. - */ -struct delegpt* forwards_find(struct iter_forwards* fwd, uint8_t* qname, - uint16_t qclass); - -/** - * Find forward zone information - * For this qname/qclass find forward zone information, returns delegation - * point with server names and addresses, or NULL if no forwarding is needed. - * - * @param fwd: forward storage. - * @param qname: The qname of the query. - * @param qclass: The qclass of the query. - * @return: A delegation point if the query has to be forwarded to that list, - * otherwise null. - */ -struct delegpt* forwards_lookup(struct iter_forwards* fwd, - uint8_t* qname, uint16_t qclass); - -/** - * Same as forwards_lookup, but for the root only - * @param fwd: forward storage. - * @param qclass: The qclass of the query. - * @return: A delegation point if root forward exists, otherwise null. - */ -struct delegpt* forwards_lookup_root(struct iter_forwards* fwd, - uint16_t qclass); - -/** - * Find next root item in forwards lookup tree. - * @param fwd: the forward storage - * @param qclass: class to look at next, or higher. - * @return false if none found, or if true stored in qclass. - */ -int forwards_next_root(struct iter_forwards* fwd, uint16_t* qclass); - -/** - * Get memory in use by forward storage - * @param fwd: forward storage. - * @return bytes in use - */ -size_t forwards_get_mem(struct iter_forwards* fwd); - -/** compare two fwd entries */ -int fwd_cmp(const void* k1, const void* k2); - -/** - * Add zone to forward structure. For external use since it recalcs - * the tree parents. - * @param fwd: the forward data structure - * @param c: class of zone - * @param dp: delegation point with name and target nameservers for new - * forward zone. malloced. - * @return false on failure (out of memory); - */ -int forwards_add_zone(struct iter_forwards* fwd, uint16_t c, - struct delegpt* dp); - -/** - * Remove zone from forward structure. For external use since it - * recalcs the tree parents. - * @param fwd: the forward data structure - * @param c: class of zone - * @param nm: name of zone (in uncompressed wireformat). - */ -void forwards_delete_zone(struct iter_forwards* fwd, uint16_t c, uint8_t* nm); - -/** - * Add stub hole (empty entry in forward table, that makes resolution skip - * a forward-zone because the stub zone should override the forward zone). - * Does not add one if not necessary. - * @param fwd: the forward data structure - * @param c: class of zone - * @param nm: name of zone (in uncompressed wireformat). - * @return false on failure (out of memory); - */ -int forwards_add_stub_hole(struct iter_forwards* fwd, uint16_t c, uint8_t* nm); - -/** - * Remove stub hole, if one exists. - * @param fwd: the forward data structure - * @param c: class of zone - * @param nm: name of zone (in uncompressed wireformat). - */ -void forwards_delete_stub_hole(struct iter_forwards* fwd, uint16_t c, - uint8_t* nm); - -#endif /* ITERATOR_ITER_FWD_H */ diff --git a/external/unbound/iterator/iter_hints.c b/external/unbound/iterator/iter_hints.c deleted file mode 100644 index 74869d355..000000000 --- a/external/unbound/iterator/iter_hints.c +++ /dev/null @@ -1,546 +0,0 @@ -/* - * iterator/iter_hints.c - iterative resolver module stub and root hints. - * - * Copyright (c) 2007, NLnet Labs. All rights reserved. - * - * This software is open source. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * Redistributions of source code must retain the above copyright notice, - * this list of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, - * this list of conditions and the following disclaimer in the documentation - * and/or other materials provided with the distribution. - * - * Neither the name of the NLNET LABS nor the names of its contributors may - * be used to endorse or promote products derived from this software without - * specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR - * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT - * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED - * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR - * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF - * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING - * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -/** - * \file - * - * This file contains functions to assist the iterator module. - * Keep track of stub and root hints, and read those from config. - */ -#include "config.h" -#include "iterator/iter_hints.h" -#include "iterator/iter_delegpt.h" -#include "util/log.h" -#include "util/config_file.h" -#include "util/net_help.h" -#include "util/data/dname.h" -#include "sldns/rrdef.h" -#include "sldns/str2wire.h" -#include "sldns/wire2str.h" - -struct iter_hints* -hints_create(void) -{ - struct iter_hints* hints = (struct iter_hints*)calloc(1, - sizeof(struct iter_hints)); - if(!hints) - return NULL; - return hints; -} - -static void hints_stub_free(struct iter_hints_stub* s) -{ - if(!s) return; - delegpt_free_mlc(s->dp); - free(s); -} - -static void delhintnode(rbnode_type* n, void* ATTR_UNUSED(arg)) -{ - struct iter_hints_stub* node = (struct iter_hints_stub*)n; - hints_stub_free(node); -} - -static void hints_del_tree(struct iter_hints* hints) -{ - traverse_postorder(&hints->tree, &delhintnode, NULL); -} - -void -hints_delete(struct iter_hints* hints) -{ - if(!hints) - return; - hints_del_tree(hints); - free(hints); -} - -/** add hint to delegation hints */ -static int -ah(struct delegpt* dp, const char* sv, const char* ip) -{ - struct sockaddr_storage addr; - socklen_t addrlen; - size_t dname_len; - uint8_t* dname = sldns_str2wire_dname(sv, &dname_len); - if(!dname) { - log_err("could not parse %s", sv); - return 0; - } - if(!delegpt_add_ns_mlc(dp, dname, 0) || - !extstrtoaddr(ip, &addr, &addrlen) || - !delegpt_add_target_mlc(dp, dname, dname_len, - &addr, addrlen, 0, 0)) { - free(dname); - return 0; - } - free(dname); - return 1; -} - -/** obtain compiletime provided root hints */ -static struct delegpt* -compile_time_root_prime(int do_ip4, int do_ip6) -{ - /* from: - ; This file is made available by InterNIC - ; under anonymous FTP as - ; file /domain/named.cache - ; on server FTP.INTERNIC.NET - ; -OR- RS.INTERNIC.NET - ; - ; related version of root zone: changes-on-20120103 - */ - struct delegpt* dp = delegpt_create_mlc((uint8_t*)"\000"); - if(!dp) - return NULL; - dp->has_parent_side_NS = 1; - if(do_ip4) { - if(!ah(dp, "A.ROOT-SERVERS.NET.", "198.41.0.4")) goto failed; - if(!ah(dp, "B.ROOT-SERVERS.NET.", "192.228.79.201")) goto failed; - if(!ah(dp, "C.ROOT-SERVERS.NET.", "192.33.4.12")) goto failed; - if(!ah(dp, "D.ROOT-SERVERS.NET.", "199.7.91.13")) goto failed; - if(!ah(dp, "E.ROOT-SERVERS.NET.", "192.203.230.10")) goto failed; - if(!ah(dp, "F.ROOT-SERVERS.NET.", "192.5.5.241")) goto failed; - if(!ah(dp, "G.ROOT-SERVERS.NET.", "192.112.36.4")) goto failed; - if(!ah(dp, "H.ROOT-SERVERS.NET.", "198.97.190.53")) goto failed; - if(!ah(dp, "I.ROOT-SERVERS.NET.", "192.36.148.17")) goto failed; - if(!ah(dp, "J.ROOT-SERVERS.NET.", "192.58.128.30")) goto failed; - if(!ah(dp, "K.ROOT-SERVERS.NET.", "193.0.14.129")) goto failed; - if(!ah(dp, "L.ROOT-SERVERS.NET.", "199.7.83.42")) goto failed; - if(!ah(dp, "M.ROOT-SERVERS.NET.", "202.12.27.33")) goto failed; - } - if(do_ip6) { - if(!ah(dp, "A.ROOT-SERVERS.NET.", "2001:503:ba3e::2:30")) goto failed; - if(!ah(dp, "B.ROOT-SERVERS.NET.", "2001:500:84::b")) goto failed; - if(!ah(dp, "C.ROOT-SERVERS.NET.", "2001:500:2::c")) goto failed; - if(!ah(dp, "D.ROOT-SERVERS.NET.", "2001:500:2d::d")) goto failed; - if(!ah(dp, "E.ROOT-SERVERS.NET.", "2001:500:a8::e")) goto failed; - if(!ah(dp, "F.ROOT-SERVERS.NET.", "2001:500:2f::f")) goto failed; - if(!ah(dp, "G.ROOT-SERVERS.NET.", "2001:500:12::d0d")) goto failed; - if(!ah(dp, "H.ROOT-SERVERS.NET.", "2001:500:1::53")) goto failed; - if(!ah(dp, "I.ROOT-SERVERS.NET.", "2001:7fe::53")) goto failed; - if(!ah(dp, "J.ROOT-SERVERS.NET.", "2001:503:c27::2:30")) goto failed; - if(!ah(dp, "K.ROOT-SERVERS.NET.", "2001:7fd::1")) goto failed; - if(!ah(dp, "L.ROOT-SERVERS.NET.", "2001:500:9f::42")) goto failed; - if(!ah(dp, "M.ROOT-SERVERS.NET.", "2001:dc3::35")) goto failed; - } - return dp; -failed: - delegpt_free_mlc(dp); - return 0; -} - -/** insert new hint info into hint structure */ -static int -hints_insert(struct iter_hints* hints, uint16_t c, struct delegpt* dp, - int noprime) -{ - struct iter_hints_stub* node = (struct iter_hints_stub*)malloc( - sizeof(struct iter_hints_stub)); - if(!node) { - delegpt_free_mlc(dp); - return 0; - } - node->dp = dp; - node->noprime = (uint8_t)noprime; - if(!name_tree_insert(&hints->tree, &node->node, dp->name, dp->namelen, - dp->namelabs, c)) { - char buf[257]; - dname_str(dp->name, buf); - log_err("second hints for zone %s ignored.", buf); - delegpt_free_mlc(dp); - free(node); - } - return 1; -} - -/** set stub name */ -static struct delegpt* -read_stubs_name(struct config_stub* s) -{ - struct delegpt* dp; - size_t dname_len; - uint8_t* dname; - if(!s->name) { - log_err("stub zone without a name"); - return NULL; - } - dname = sldns_str2wire_dname(s->name, &dname_len); - if(!dname) { - log_err("cannot parse stub zone name %s", s->name); - return NULL; - } - if(!(dp=delegpt_create_mlc(dname))) { - free(dname); - log_err("out of memory"); - return NULL; - } - free(dname); - return dp; -} - -/** set stub host names */ -static int -read_stubs_host(struct config_stub* s, struct delegpt* dp) -{ - struct config_strlist* p; - size_t dname_len; - uint8_t* dname; - for(p = s->hosts; p; p = p->next) { - log_assert(p->str); - dname = sldns_str2wire_dname(p->str, &dname_len); - if(!dname) { - log_err("cannot parse stub %s nameserver name: '%s'", - s->name, p->str); - return 0; - } - if(!delegpt_add_ns_mlc(dp, dname, 0)) { - free(dname); - log_err("out of memory"); - return 0; - } - free(dname); - } - return 1; -} - -/** set stub server addresses */ -static int -read_stubs_addr(struct config_stub* s, struct delegpt* dp) -{ - struct config_strlist* p; - struct sockaddr_storage addr; - socklen_t addrlen; - for(p = s->addrs; p; p = p->next) { - log_assert(p->str); - if(!extstrtoaddr(p->str, &addr, &addrlen)) { - log_err("cannot parse stub %s ip address: '%s'", - s->name, p->str); - return 0; - } - if(!delegpt_add_addr_mlc(dp, &addr, addrlen, 0, 0)) { - log_err("out of memory"); - return 0; - } - } - return 1; -} - -/** read stubs config */ -static int -read_stubs(struct iter_hints* hints, struct config_file* cfg) -{ - struct config_stub* s; - struct delegpt* dp; - for(s = cfg->stubs; s; s = s->next) { - if(!(dp=read_stubs_name(s))) - return 0; - if(!read_stubs_host(s, dp) || !read_stubs_addr(s, dp)) { - delegpt_free_mlc(dp); - return 0; - } - /* the flag is turned off for 'stub-first' so that the - * last resort will ask for parent-side NS record and thus - * fallback to the internet name servers on a failure */ - dp->has_parent_side_NS = (uint8_t)!s->isfirst; - /* ssl_upstream */ - dp->ssl_upstream = (uint8_t)s->ssl_upstream; - delegpt_log(VERB_QUERY, dp); - if(!hints_insert(hints, LDNS_RR_CLASS_IN, dp, !s->isprime)) - return 0; - } - return 1; -} - -/** read root hints from file */ -static int -read_root_hints(struct iter_hints* hints, char* fname) -{ - struct sldns_file_parse_state pstate; - struct delegpt* dp; - uint8_t rr[LDNS_RR_BUF_SIZE]; - size_t rr_len, dname_len; - int status; - uint16_t c = LDNS_RR_CLASS_IN; - FILE* f = fopen(fname, "r"); - if(!f) { - log_err("could not read root hints %s: %s", - fname, strerror(errno)); - return 0; - } - dp = delegpt_create_mlc(NULL); - if(!dp) { - log_err("out of memory reading root hints"); - fclose(f); - return 0; - } - verbose(VERB_QUERY, "Reading root hints from %s", fname); - memset(&pstate, 0, sizeof(pstate)); - pstate.lineno = 1; - dp->has_parent_side_NS = 1; - while(!feof(f)) { - rr_len = sizeof(rr); - dname_len = 0; - status = sldns_fp2wire_rr_buf(f, rr, &rr_len, &dname_len, - &pstate); - if(status != 0) { - log_err("reading root hints %s %d:%d: %s", fname, - pstate.lineno, LDNS_WIREPARSE_OFFSET(status), - sldns_get_errorstr_parse(status)); - goto stop_read; - } - if(rr_len == 0) - continue; /* EMPTY line, TTL or ORIGIN */ - if(sldns_wirerr_get_type(rr, rr_len, dname_len) - == LDNS_RR_TYPE_NS) { - if(!delegpt_add_ns_mlc(dp, sldns_wirerr_get_rdata(rr, - rr_len, dname_len), 0)) { - log_err("out of memory reading root hints"); - goto stop_read; - } - c = sldns_wirerr_get_class(rr, rr_len, dname_len); - if(!dp->name) { - if(!delegpt_set_name_mlc(dp, rr)) { - log_err("out of memory."); - goto stop_read; - } - } - } else if(sldns_wirerr_get_type(rr, rr_len, dname_len) - == LDNS_RR_TYPE_A && sldns_wirerr_get_rdatalen(rr, - rr_len, dname_len) == INET_SIZE) { - struct sockaddr_in sa; - socklen_t len = (socklen_t)sizeof(sa); - memset(&sa, 0, len); - sa.sin_family = AF_INET; - sa.sin_port = (in_port_t)htons(UNBOUND_DNS_PORT); - memmove(&sa.sin_addr, - sldns_wirerr_get_rdata(rr, rr_len, dname_len), - INET_SIZE); - if(!delegpt_add_target_mlc(dp, rr, dname_len, - (struct sockaddr_storage*)&sa, len, - 0, 0)) { - log_err("out of memory reading root hints"); - goto stop_read; - } - } else if(sldns_wirerr_get_type(rr, rr_len, dname_len) - == LDNS_RR_TYPE_AAAA && sldns_wirerr_get_rdatalen(rr, - rr_len, dname_len) == INET6_SIZE) { - struct sockaddr_in6 sa; - socklen_t len = (socklen_t)sizeof(sa); - memset(&sa, 0, len); - sa.sin6_family = AF_INET6; - sa.sin6_port = (in_port_t)htons(UNBOUND_DNS_PORT); - memmove(&sa.sin6_addr, - sldns_wirerr_get_rdata(rr, rr_len, dname_len), - INET6_SIZE); - if(!delegpt_add_target_mlc(dp, rr, dname_len, - (struct sockaddr_storage*)&sa, len, - 0, 0)) { - log_err("out of memory reading root hints"); - goto stop_read; - } - } else { - char buf[17]; - sldns_wire2str_type_buf(sldns_wirerr_get_type(rr, - rr_len, dname_len), buf, sizeof(buf)); - log_warn("root hints %s:%d skipping type %s", - fname, pstate.lineno, buf); - } - } - fclose(f); - if(!dp->name) { - log_warn("root hints %s: no NS content", fname); - delegpt_free_mlc(dp); - return 1; - } - if(!hints_insert(hints, c, dp, 0)) { - return 0; - } - delegpt_log(VERB_QUERY, dp); - return 1; - -stop_read: - delegpt_free_mlc(dp); - fclose(f); - return 0; -} - -/** read root hints list */ -static int -read_root_hints_list(struct iter_hints* hints, struct config_file* cfg) -{ - struct config_strlist* p; - for(p = cfg->root_hints; p; p = p->next) { - log_assert(p->str); - if(p->str && p->str[0]) { - char* f = p->str; - if(cfg->chrootdir && cfg->chrootdir[0] && - strncmp(p->str, cfg->chrootdir, - strlen(cfg->chrootdir)) == 0) - f += strlen(cfg->chrootdir); - if(!read_root_hints(hints, f)) - return 0; - } - } - return 1; -} - -int -hints_apply_cfg(struct iter_hints* hints, struct config_file* cfg) -{ - hints_del_tree(hints); - name_tree_init(&hints->tree); - - /* read root hints */ - if(!read_root_hints_list(hints, cfg)) - return 0; - - /* read stub hints */ - if(!read_stubs(hints, cfg)) - return 0; - - /* use fallback compiletime root hints */ - if(!hints_lookup_root(hints, LDNS_RR_CLASS_IN)) { - struct delegpt* dp = compile_time_root_prime(cfg->do_ip4, - cfg->do_ip6); - verbose(VERB_ALGO, "no config, using builtin root hints."); - if(!dp) - return 0; - if(!hints_insert(hints, LDNS_RR_CLASS_IN, dp, 0)) - return 0; - } - - name_tree_init_parents(&hints->tree); - return 1; -} - -struct delegpt* -hints_lookup_root(struct iter_hints* hints, uint16_t qclass) -{ - uint8_t rootlab = 0; - struct iter_hints_stub *stub; - stub = (struct iter_hints_stub*)name_tree_find(&hints->tree, - &rootlab, 1, 1, qclass); - if(!stub) - return NULL; - return stub->dp; -} - -struct iter_hints_stub* -hints_lookup_stub(struct iter_hints* hints, uint8_t* qname, - uint16_t qclass, struct delegpt* cache_dp) -{ - size_t len; - int labs; - struct iter_hints_stub *r; - - /* first lookup the stub */ - labs = dname_count_size_labels(qname, &len); - r = (struct iter_hints_stub*)name_tree_lookup(&hints->tree, qname, - len, labs, qclass); - if(!r) return NULL; - - /* If there is no cache (root prime situation) */ - if(cache_dp == NULL) { - if(r->dp->namelabs != 1) - return r; /* no cache dp, use any non-root stub */ - return NULL; - } - - /* - * If the stub is same as the delegation we got - * And has noprime set, we need to 'prime' to use this stub instead. - */ - if(r->noprime && query_dname_compare(cache_dp->name, r->dp->name)==0) - return r; /* use this stub instead of cached dp */ - - /* - * If our cached delegation point is above the hint, we need to prime. - */ - if(dname_strict_subdomain(r->dp->name, r->dp->namelabs, - cache_dp->name, cache_dp->namelabs)) - return r; /* need to prime this stub */ - return NULL; -} - -int hints_next_root(struct iter_hints* hints, uint16_t* qclass) -{ - return name_tree_next_root(&hints->tree, qclass); -} - -size_t -hints_get_mem(struct iter_hints* hints) -{ - size_t s; - struct iter_hints_stub* p; - if(!hints) return 0; - s = sizeof(*hints); - RBTREE_FOR(p, struct iter_hints_stub*, &hints->tree) { - s += sizeof(*p) + delegpt_get_mem(p->dp); - } - return s; -} - -int -hints_add_stub(struct iter_hints* hints, uint16_t c, struct delegpt* dp, - int noprime) -{ - struct iter_hints_stub *z; - if((z=(struct iter_hints_stub*)name_tree_find(&hints->tree, - dp->name, dp->namelen, dp->namelabs, c)) != NULL) { - (void)rbtree_delete(&hints->tree, &z->node); - hints_stub_free(z); - } - if(!hints_insert(hints, c, dp, noprime)) - return 0; - name_tree_init_parents(&hints->tree); - return 1; -} - -void -hints_delete_stub(struct iter_hints* hints, uint16_t c, uint8_t* nm) -{ - struct iter_hints_stub *z; - size_t len; - int labs = dname_count_size_labels(nm, &len); - if(!(z=(struct iter_hints_stub*)name_tree_find(&hints->tree, - nm, len, labs, c))) - return; /* nothing to do */ - (void)rbtree_delete(&hints->tree, &z->node); - hints_stub_free(z); - name_tree_init_parents(&hints->tree); -} - diff --git a/external/unbound/iterator/iter_hints.h b/external/unbound/iterator/iter_hints.h deleted file mode 100644 index 06b4b9667..000000000 --- a/external/unbound/iterator/iter_hints.h +++ /dev/null @@ -1,161 +0,0 @@ -/* - * iterator/iter_hints.h - iterative resolver module stub and root hints. - * - * Copyright (c) 2007, NLnet Labs. All rights reserved. - * - * This software is open source. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * Redistributions of source code must retain the above copyright notice, - * this list of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, - * this list of conditions and the following disclaimer in the documentation - * and/or other materials provided with the distribution. - * - * Neither the name of the NLNET LABS nor the names of its contributors may - * be used to endorse or promote products derived from this software without - * specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR - * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT - * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED - * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR - * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF - * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING - * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -/** - * \file - * - * This file contains functions to assist the iterator module. - * Keep track of stub and root hints, and read those from config. - */ - -#ifndef ITERATOR_ITER_HINTS_H -#define ITERATOR_ITER_HINTS_H -#include "util/storage/dnstree.h" -struct iter_env; -struct config_file; -struct delegpt; - -/** - * Iterator hints structure - */ -struct iter_hints { - /** - * Hints are stored in this tree. Sort order is specially chosen. - * first sorted on qclass. Then on dname in nsec-like order, so that - * a lookup on class, name will return an exact match or the closest - * match which gives the ancestor needed. - * contents of type iter_hints_stub. The class IN root is in here. - * uses name_tree_node from dnstree.h. - */ - rbtree_type tree; -}; - -/** - * Iterator hints for a particular stub. - */ -struct iter_hints_stub { - /** tree sorted by name, class */ - struct name_tree_node node; - /** delegation point with hint information for this stub. malloced. */ - struct delegpt* dp; - /** does the stub need to forego priming (like on other ports) */ - uint8_t noprime; -}; - -/** - * Create hints - * @return new hints or NULL on error. - */ -struct iter_hints* hints_create(void); - -/** - * Delete hints. - * @param hints: to delete. - */ -void hints_delete(struct iter_hints* hints); - -/** - * Process hints config. Sets default values for root hints if no config. - * @param hints: where to store. - * @param cfg: config options. - * @return 0 on error. - */ -int hints_apply_cfg(struct iter_hints* hints, struct config_file* cfg); - -/** - * Find root hints for the given class. - * @param hints: hint storage. - * @param qclass: class for which root hints are requested. host order. - * @return: NULL if no hints, or a ptr to stored hints. - */ -struct delegpt* hints_lookup_root(struct iter_hints* hints, uint16_t qclass); - -/** - * Find next root hints (to cycle through all root hints). - * @param hints: hint storage - * @param qclass: class for which root hints are sought. - * 0 means give the first available root hints class. - * x means, give class x or a higher class if any. - * returns the found class in this variable. - * @return true if a root hint class is found. - * false if not root hint class is found (qclass may have been changed). - */ -int hints_next_root(struct iter_hints* hints, uint16_t* qclass); - -/** - * Given a qname/qclass combination, and the delegation point from the cache - * for this qname/qclass, determine if this combination indicates that a - * stub hint exists and must be primed. - * - * @param hints: hint storage. - * @param qname: The qname that generated the delegation point. - * @param qclass: The qclass that generated the delegation point. - * @param dp: The cache generated delegation point. - * @return: A priming delegation point if there is a stub hint that must - * be primed, otherwise null. - */ -struct iter_hints_stub* hints_lookup_stub(struct iter_hints* hints, - uint8_t* qname, uint16_t qclass, struct delegpt* dp); - -/** - * Get memory in use by hints - * @param hints: hint storage. - * @return bytes in use - */ -size_t hints_get_mem(struct iter_hints* hints); - -/** - * Add stub to hints structure. For external use since it recalcs - * the tree parents. - * @param hints: the hints data structure - * @param c: class of zone - * @param dp: delegation point with name and target nameservers for new - * hints stub. malloced. - * @param noprime: set noprime option to true or false on new hint stub. - * @return false on failure (out of memory); - */ -int hints_add_stub(struct iter_hints* hints, uint16_t c, struct delegpt* dp, - int noprime); - -/** - * Remove stub from hints structure. For external use since it - * recalcs the tree parents. - * @param hints: the hints data structure - * @param c: class of stub zone - * @param nm: name of stub zone (in uncompressed wireformat). - */ -void hints_delete_stub(struct iter_hints* hints, uint16_t c, uint8_t* nm); - -#endif /* ITERATOR_ITER_HINTS_H */ diff --git a/external/unbound/iterator/iter_priv.c b/external/unbound/iterator/iter_priv.c deleted file mode 100644 index 90bea1746..000000000 --- a/external/unbound/iterator/iter_priv.c +++ /dev/null @@ -1,296 +0,0 @@ -/* - * iterator/iter_priv.c - iterative resolver private address and domain store - * - * Copyright (c) 2008, NLnet Labs. All rights reserved. - * - * This software is open source. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * Redistributions of source code must retain the above copyright notice, - * this list of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, - * this list of conditions and the following disclaimer in the documentation - * and/or other materials provided with the distribution. - * - * Neither the name of the NLNET LABS nor the names of its contributors may - * be used to endorse or promote products derived from this software without - * specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR - * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT - * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED - * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR - * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF - * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING - * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -/** - * \file - * - * This file contains functions to assist the iterator module. - * Keep track of the private addresses and lookup fast. - */ - -#include "config.h" -#include "iterator/iter_priv.h" -#include "util/regional.h" -#include "util/log.h" -#include "util/config_file.h" -#include "util/data/dname.h" -#include "util/data/msgparse.h" -#include "util/net_help.h" -#include "util/storage/dnstree.h" -#include "sldns/str2wire.h" -#include "sldns/sbuffer.h" - -struct iter_priv* priv_create(void) -{ - struct iter_priv* priv = (struct iter_priv*)calloc(1, sizeof(*priv)); - if(!priv) - return NULL; - priv->region = regional_create(); - if(!priv->region) { - priv_delete(priv); - return NULL; - } - addr_tree_init(&priv->a); - name_tree_init(&priv->n); - return priv; -} - -void priv_delete(struct iter_priv* priv) -{ - if(!priv) return; - regional_destroy(priv->region); - free(priv); -} - -/** Read private-addr declarations from config */ -static int read_addrs(struct iter_priv* priv, struct config_file* cfg) -{ - /* parse addresses, report errors, insert into tree */ - struct config_strlist* p; - struct addr_tree_node* n; - struct sockaddr_storage addr; - int net; - socklen_t addrlen; - - for(p = cfg->private_address; p; p = p->next) { - log_assert(p->str); - if(!netblockstrtoaddr(p->str, UNBOUND_DNS_PORT, &addr, - &addrlen, &net)) { - log_err("cannot parse private-address: %s", p->str); - return 0; - } - n = (struct addr_tree_node*)regional_alloc(priv->region, - sizeof(*n)); - if(!n) { - log_err("out of memory"); - return 0; - } - if(!addr_tree_insert(&priv->a, n, &addr, addrlen, net)) { - verbose(VERB_QUERY, "ignoring duplicate " - "private-address: %s", p->str); - } - } - return 1; -} - -/** Read private-domain declarations from config */ -static int read_names(struct iter_priv* priv, struct config_file* cfg) -{ - /* parse names, report errors, insert into tree */ - struct config_strlist* p; - struct name_tree_node* n; - uint8_t* nm, *nmr; - size_t nm_len; - int nm_labs; - - for(p = cfg->private_domain; p; p = p->next) { - log_assert(p->str); - nm = sldns_str2wire_dname(p->str, &nm_len); - if(!nm) { - log_err("cannot parse private-domain: %s", p->str); - return 0; - } - nm_labs = dname_count_size_labels(nm, &nm_len); - nmr = (uint8_t*)regional_alloc_init(priv->region, nm, nm_len); - free(nm); - if(!nmr) { - log_err("out of memory"); - return 0; - } - n = (struct name_tree_node*)regional_alloc(priv->region, - sizeof(*n)); - if(!n) { - log_err("out of memory"); - return 0; - } - if(!name_tree_insert(&priv->n, n, nmr, nm_len, nm_labs, - LDNS_RR_CLASS_IN)) { - verbose(VERB_QUERY, "ignoring duplicate " - "private-domain: %s", p->str); - } - } - return 1; -} - -int priv_apply_cfg(struct iter_priv* priv, struct config_file* cfg) -{ - /* empty the current contents */ - regional_free_all(priv->region); - addr_tree_init(&priv->a); - name_tree_init(&priv->n); - - /* read new contents */ - if(!read_addrs(priv, cfg)) - return 0; - if(!read_names(priv, cfg)) - return 0; - - /* prepare for lookups */ - addr_tree_init_parents(&priv->a); - name_tree_init_parents(&priv->n); - return 1; -} - -/** - * See if an address is blocked. - * @param priv: structure for address storage. - * @param addr: address to check - * @param addrlen: length of addr. - * @return: true if the address must not be queried. false if unlisted. - */ -static int -priv_lookup_addr(struct iter_priv* priv, struct sockaddr_storage* addr, - socklen_t addrlen) -{ - return addr_tree_lookup(&priv->a, addr, addrlen) != NULL; -} - -/** - * See if a name is whitelisted. - * @param priv: structure for address storage. - * @param pkt: the packet (for compression ptrs). - * @param name: name to check. - * @param name_len: uncompressed length of the name to check. - * @param dclass: class to check. - * @return: true if the name is OK. false if unlisted. - */ -static int -priv_lookup_name(struct iter_priv* priv, sldns_buffer* pkt, - uint8_t* name, size_t name_len, uint16_t dclass) -{ - size_t len; - uint8_t decomp[256]; - int labs; - if(name_len >= sizeof(decomp)) - return 0; - dname_pkt_copy(pkt, decomp, name); - labs = dname_count_size_labels(decomp, &len); - log_assert(name_len == len); - return name_tree_lookup(&priv->n, decomp, len, labs, dclass) != NULL; -} - -size_t priv_get_mem(struct iter_priv* priv) -{ - if(!priv) return 0; - return sizeof(*priv) + regional_get_mem(priv->region); -} - -/** remove RR from msgparse RRset, return true if rrset is entirely bad */ -static int -remove_rr(const char* str, sldns_buffer* pkt, struct rrset_parse* rrset, - struct rr_parse* prev, struct rr_parse** rr, struct sockaddr_storage* addr, socklen_t addrlen) -{ - if(verbosity >= VERB_QUERY && rrset->dname_len <= LDNS_MAX_DOMAINLEN && str) { - uint8_t buf[LDNS_MAX_DOMAINLEN+1]; - dname_pkt_copy(pkt, buf, rrset->dname); - log_name_addr(VERB_QUERY, str, buf, addr, addrlen); - } - if(prev) - prev->next = (*rr)->next; - else rrset->rr_first = (*rr)->next; - if(rrset->rr_last == *rr) - rrset->rr_last = prev; - rrset->rr_count --; - rrset->size -= (*rr)->size; - /* rr struct still exists, but is unlinked, so that in the for loop - * the rr->next works fine to continue. */ - return rrset->rr_count == 0; -} - -int priv_rrset_bad(struct iter_priv* priv, sldns_buffer* pkt, - struct rrset_parse* rrset) -{ - if(priv->a.count == 0) - return 0; /* there are no blocked addresses */ - - /* see if it is a private name, that is allowed to have any */ - if(priv_lookup_name(priv, pkt, rrset->dname, rrset->dname_len, - ntohs(rrset->rrset_class))) { - return 0; - } else { - /* so its a public name, check the address */ - socklen_t len; - struct rr_parse* rr, *prev = NULL; - if(rrset->type == LDNS_RR_TYPE_A) { - struct sockaddr_storage addr; - struct sockaddr_in sa; - - len = (socklen_t)sizeof(sa); - memset(&sa, 0, len); - sa.sin_family = AF_INET; - sa.sin_port = (in_port_t)htons(UNBOUND_DNS_PORT); - for(rr = rrset->rr_first; rr; rr = rr->next) { - if(sldns_read_uint16(rr->ttl_data+4) - != INET_SIZE) { - prev = rr; - continue; - } - memmove(&sa.sin_addr, rr->ttl_data+4+2, - INET_SIZE); - memmove(&addr, &sa, len); - if(priv_lookup_addr(priv, &addr, len)) { - if(remove_rr("sanitize: removing public name with private address", pkt, rrset, prev, &rr, &addr, len)) - return 1; - continue; - } - prev = rr; - } - } else if(rrset->type == LDNS_RR_TYPE_AAAA) { - struct sockaddr_storage addr; - struct sockaddr_in6 sa; - len = (socklen_t)sizeof(sa); - memset(&sa, 0, len); - sa.sin6_family = AF_INET6; - sa.sin6_port = (in_port_t)htons(UNBOUND_DNS_PORT); - for(rr = rrset->rr_first; rr; rr = rr->next) { - if(sldns_read_uint16(rr->ttl_data+4) - != INET6_SIZE) { - prev = rr; - continue; - } - memmove(&sa.sin6_addr, rr->ttl_data+4+2, - INET6_SIZE); - memmove(&addr, &sa, len); - if(priv_lookup_addr(priv, &addr, len)) { - if(remove_rr("sanitize: removing public name with private address", pkt, rrset, prev, &rr, &addr, len)) - return 1; - continue; - } - prev = rr; - } - } - } - return 0; -} diff --git a/external/unbound/iterator/iter_priv.h b/external/unbound/iterator/iter_priv.h deleted file mode 100644 index 0430d57e3..000000000 --- a/external/unbound/iterator/iter_priv.h +++ /dev/null @@ -1,112 +0,0 @@ -/* - * iterator/iter_priv.h - iterative resolver private address and domain store - * - * Copyright (c) 2008, NLnet Labs. All rights reserved. - * - * This software is open source. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * Redistributions of source code must retain the above copyright notice, - * this list of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, - * this list of conditions and the following disclaimer in the documentation - * and/or other materials provided with the distribution. - * - * Neither the name of the NLNET LABS nor the names of its contributors may - * be used to endorse or promote products derived from this software without - * specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR - * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT - * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED - * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR - * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF - * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING - * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -/** - * \file - * - * This file contains functions to assist the iterator module. - * Keep track of the private addresses and lookup fast. - */ - -#ifndef ITERATOR_ITER_PRIV_H -#define ITERATOR_ITER_PRIV_H -#include "util/rbtree.h" -struct sldns_buffer; -struct iter_env; -struct config_file; -struct regional; -struct rrset_parse; - -/** - * Iterator priv structure - */ -struct iter_priv { - /** regional for allocation */ - struct regional* region; - /** - * Tree of the address spans that are blocked. - * contents of type addr_tree_node. - * No further data need, only presence or absence. - */ - rbtree_type a; - /** - * Tree of the domains spans that are allowed to contain - * the blocked address spans. - * contents of type name_tree_node. - * No further data need, only presence or absence. - */ - rbtree_type n; -}; - -/** - * Create priv structure - * @return new structure or NULL on error. - */ -struct iter_priv* priv_create(void); - -/** - * Delete priv structure. - * @param priv: to delete. - */ -void priv_delete(struct iter_priv* priv); - -/** - * Process priv config. - * @param priv: where to store. - * @param cfg: config options. - * @return 0 on error. - */ -int priv_apply_cfg(struct iter_priv* priv, struct config_file* cfg); - -/** - * See if rrset is bad. - * Will remove individual RRs that are bad (if possible) to - * sanitize the RRset without removing it completely. - * @param priv: structure for private address storage. - * @param pkt: packet to decompress rrset name in. - * @param rrset: the rrset to examine, A or AAAA. - * @return true if the rrset is bad and should be removed. - */ -int priv_rrset_bad(struct iter_priv* priv, struct sldns_buffer* pkt, - struct rrset_parse* rrset); - -/** - * Get memory used by priv structure. - * @param priv: structure for address storage. - * @return bytes in use. - */ -size_t priv_get_mem(struct iter_priv* priv); - -#endif /* ITERATOR_ITER_PRIV_H */ diff --git a/external/unbound/iterator/iter_resptype.c b/external/unbound/iterator/iter_resptype.c deleted file mode 100644 index f146a2b6b..000000000 --- a/external/unbound/iterator/iter_resptype.c +++ /dev/null @@ -1,287 +0,0 @@ -/* - * iterator/iter_resptype.c - response type information and classification. - * - * Copyright (c) 2007, NLnet Labs. All rights reserved. - * - * This software is open source. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * Redistributions of source code must retain the above copyright notice, - * this list of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, - * this list of conditions and the following disclaimer in the documentation - * and/or other materials provided with the distribution. - * - * Neither the name of the NLNET LABS nor the names of its contributors may - * be used to endorse or promote products derived from this software without - * specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR - * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT - * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED - * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR - * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF - * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING - * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -/** - * \file - * - * This file defines the response type. DNS Responses can be classified as - * one of the response types. - */ -#include "config.h" -#include "iterator/iter_resptype.h" -#include "iterator/iter_delegpt.h" -#include "services/cache/dns.h" -#include "util/net_help.h" -#include "util/data/dname.h" -#include "sldns/rrdef.h" -#include "sldns/pkthdr.h" - -enum response_type -response_type_from_cache(struct dns_msg* msg, - struct query_info* request) -{ - /* If the message is NXDOMAIN, then it is an ANSWER. */ - if(FLAGS_GET_RCODE(msg->rep->flags) == LDNS_RCODE_NXDOMAIN) - return RESPONSE_TYPE_ANSWER; - if(request->qtype == LDNS_RR_TYPE_ANY) - return RESPONSE_TYPE_ANSWER; - - /* First we look at the answer section. This can tell us if this is - * CNAME or positive ANSWER. */ - if(msg->rep->an_numrrsets > 0) { - /* Now look at the answer section first. 3 states: - * o our answer is there directly, - * o our answer is there after a cname, - * o or there is just a cname. */ - uint8_t* mname = request->qname; - size_t mname_len = request->qname_len; - size_t i; - for(i=0; irep->an_numrrsets; i++) { - struct ub_packed_rrset_key* s = msg->rep->rrsets[i]; - - /* If we have encountered an answer (before or - * after a CNAME), then we are done! Note that - * if qtype == CNAME then this will be noted as - * an ANSWER before it gets treated as a CNAME, - * as it should */ - if(ntohs(s->rk.type) == request->qtype && - ntohs(s->rk.rrset_class) == request->qclass && - query_dname_compare(mname, s->rk.dname) == 0) { - return RESPONSE_TYPE_ANSWER; - } - - /* If we have encountered a CNAME, make sure that - * it is relevant. */ - if(ntohs(s->rk.type) == LDNS_RR_TYPE_CNAME && - query_dname_compare(mname, s->rk.dname) == 0) { - get_cname_target(s, &mname, &mname_len); - } - } - - /* if we encountered a CNAME (or a bunch of CNAMEs), and - * still got to here, then it is a CNAME response. (i.e., - * the CNAME chain didn't terminate in an answer rrset.) */ - if(mname != request->qname) { - return RESPONSE_TYPE_CNAME; - } - } - - /* At this point, since we don't need to detect REFERRAL or LAME - * messages, it can only be an ANSWER. */ - return RESPONSE_TYPE_ANSWER; -} - -enum response_type -response_type_from_server(int rdset, - struct dns_msg* msg, struct query_info* request, struct delegpt* dp) -{ - uint8_t* origzone = (uint8_t*)"\000"; /* the default */ - struct ub_packed_rrset_key* s; - size_t i; - - if(!msg || !request) - return RESPONSE_TYPE_THROWAWAY; - - /* If the message is NXDOMAIN, then it answers the question. */ - if(FLAGS_GET_RCODE(msg->rep->flags) == LDNS_RCODE_NXDOMAIN) { - /* make sure its not recursive when we don't want it to */ - if( (msg->rep->flags&BIT_RA) && - !(msg->rep->flags&BIT_AA) && !rdset) - return RESPONSE_TYPE_REC_LAME; - /* it could be a CNAME with NXDOMAIN rcode */ - for(i=0; irep->an_numrrsets; i++) { - s = msg->rep->rrsets[i]; - if(ntohs(s->rk.type) == LDNS_RR_TYPE_CNAME && - query_dname_compare(request->qname, - s->rk.dname) == 0) { - return RESPONSE_TYPE_CNAME; - } - } - return RESPONSE_TYPE_ANSWER; - } - - /* Other response codes mean (so far) to throw the response away as - * meaningless and move on to the next nameserver. */ - if(FLAGS_GET_RCODE(msg->rep->flags) != LDNS_RCODE_NOERROR) - return RESPONSE_TYPE_THROWAWAY; - - /* Note: TC bit has already been handled */ - - if(dp) { - origzone = dp->name; - } - - /* First we look at the answer section. This can tell us if this is a - * CNAME or ANSWER or (provisional) ANSWER. */ - if(msg->rep->an_numrrsets > 0) { - uint8_t* mname = request->qname; - size_t mname_len = request->qname_len; - - /* Now look at the answer section first. 3 states: our - * answer is there directly, our answer is there after - * a cname, or there is just a cname. */ - for(i=0; irep->an_numrrsets; i++) { - s = msg->rep->rrsets[i]; - - /* if the answer section has NS rrset, and qtype ANY - * and the delegation is lower, and no CNAMEs followed, - * this is a referral where the NS went to AN section */ - if((request->qtype == LDNS_RR_TYPE_ANY || - request->qtype == LDNS_RR_TYPE_NS) && - ntohs(s->rk.type) == LDNS_RR_TYPE_NS && - ntohs(s->rk.rrset_class) == request->qclass && - dname_strict_subdomain_c(s->rk.dname, - origzone)) { - if((msg->rep->flags&BIT_AA)) - return RESPONSE_TYPE_ANSWER; - return RESPONSE_TYPE_REFERRAL; - } - - /* If we have encountered an answer (before or - * after a CNAME), then we are done! Note that - * if qtype == CNAME then this will be noted as an - * ANSWER before it gets treated as a CNAME, as - * it should. */ - if(ntohs(s->rk.type) == request->qtype && - ntohs(s->rk.rrset_class) == request->qclass && - query_dname_compare(mname, s->rk.dname) == 0) { - if((msg->rep->flags&BIT_AA)) - return RESPONSE_TYPE_ANSWER; - /* If the AA bit isn't on, and we've seen - * the answer, we only provisionally say - * 'ANSWER' -- it very well could be a - * REFERRAL. */ - break; - } - - /* If we have encountered a CNAME, make sure that - * it is relevant. */ - if(ntohs(s->rk.type) == LDNS_RR_TYPE_CNAME && - query_dname_compare(mname, s->rk.dname) == 0) { - get_cname_target(s, &mname, &mname_len); - } - } - /* not a referral, and qtype any, thus an answer */ - if(request->qtype == LDNS_RR_TYPE_ANY) - return RESPONSE_TYPE_ANSWER; - /* if we encountered a CNAME (or a bunch of CNAMEs), and - * still got to here, then it is a CNAME response. - * (This is regardless of the AA bit at this point) */ - if(mname != request->qname) { - return RESPONSE_TYPE_CNAME; - } - } - - /* Looking at the authority section, we just look and see if - * there is a SOA record, that means a NOERROR/NODATA */ - for(i = msg->rep->an_numrrsets; i < (msg->rep->an_numrrsets + - msg->rep->ns_numrrsets); i++) { - s = msg->rep->rrsets[i]; - - /* The normal way of detecting NOERROR/NODATA. */ - if(ntohs(s->rk.type) == LDNS_RR_TYPE_SOA && - dname_subdomain_c(request->qname, s->rk.dname)) { - /* we do our own recursion, thank you */ - if( (msg->rep->flags&BIT_RA) && - !(msg->rep->flags&BIT_AA) && !rdset) - return RESPONSE_TYPE_REC_LAME; - return RESPONSE_TYPE_ANSWER; - } - } - /* Looking at the authority section, we just look and see if - * there is a delegation NS set, turning it into a delegation. - * Otherwise, we will have to conclude ANSWER (either it is - * NOERROR/NODATA, or an non-authoritative answer). */ - for(i = msg->rep->an_numrrsets; i < (msg->rep->an_numrrsets + - msg->rep->ns_numrrsets); i++) { - s = msg->rep->rrsets[i]; - - /* Detect REFERRAL/LAME/ANSWER based on the relationship - * of the NS set to the originating zone name. */ - if(ntohs(s->rk.type) == LDNS_RR_TYPE_NS) { - /* If we are getting an NS set for the zone we - * thought we were contacting, then it is an answer.*/ - if(query_dname_compare(s->rk.dname, origzone) == 0) { - /* see if mistakenly a recursive server was - * deployed and is responding nonAA */ - if( (msg->rep->flags&BIT_RA) && - !(msg->rep->flags&BIT_AA) && !rdset) - return RESPONSE_TYPE_REC_LAME; - /* Or if a lame server is deployed, - * which gives ns==zone delegation from cache - * without AA bit as well, with nodata nosoa*/ - /* real answer must be +AA and SOA RFC(2308), - * so this is wrong, and we SERVFAIL it if - * this is the only possible reply, if it - * is misdeployed the THROWAWAY makes us pick - * the next server from the selection */ - if(msg->rep->an_numrrsets==0 && - !(msg->rep->flags&BIT_AA) && !rdset) - return RESPONSE_TYPE_THROWAWAY; - return RESPONSE_TYPE_ANSWER; - } - /* If we are getting a referral upwards (or to - * the same zone), then the server is 'lame'. */ - if(dname_subdomain_c(origzone, s->rk.dname)) { - if(rdset) /* forward or reclame not LAME */ - return RESPONSE_TYPE_THROWAWAY; - return RESPONSE_TYPE_LAME; - } - /* If the NS set is below the delegation point we - * are on, and it is non-authoritative, then it is - * a referral, otherwise it is an answer. */ - if(dname_subdomain_c(s->rk.dname, origzone)) { - /* NOTE: I no longer remember in what case - * we would like this to be an answer. - * NODATA should have a SOA or nothing, - * not an NS rrset. - * True, referrals should not have the AA - * bit set, but... */ - - /* if((msg->rep->flags&BIT_AA)) - return RESPONSE_TYPE_ANSWER; */ - return RESPONSE_TYPE_REFERRAL; - } - /* Otherwise, the NS set is irrelevant. */ - } - } - - /* If we've gotten this far, this is NOERROR/NODATA (which could - * be an entirely empty message) */ - /* check if recursive answer; saying it has empty cache */ - if( (msg->rep->flags&BIT_RA) && !(msg->rep->flags&BIT_AA) && !rdset) - return RESPONSE_TYPE_REC_LAME; - return RESPONSE_TYPE_ANSWER; -} diff --git a/external/unbound/iterator/iter_resptype.h b/external/unbound/iterator/iter_resptype.h deleted file mode 100644 index fee9ef35f..000000000 --- a/external/unbound/iterator/iter_resptype.h +++ /dev/null @@ -1,127 +0,0 @@ -/* - * iterator/iter_resptype.h - response type information and classification. - * - * Copyright (c) 2007, NLnet Labs. All rights reserved. - * - * This software is open source. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * Redistributions of source code must retain the above copyright notice, - * this list of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, - * this list of conditions and the following disclaimer in the documentation - * and/or other materials provided with the distribution. - * - * Neither the name of the NLNET LABS nor the names of its contributors may - * be used to endorse or promote products derived from this software without - * specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR - * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT - * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED - * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR - * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF - * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING - * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -/** - * \file - * - * This file defines the response type. DNS Responses can be classified as - * one of the response types. - */ - -#ifndef ITERATOR_ITER_RESPTYPE_H -#define ITERATOR_ITER_RESPTYPE_H -struct dns_msg; -struct query_info; -struct delegpt; - -/** - * The response type is used to interpret the response. - */ -enum response_type { - /** - * 'untyped' means that the type of this response hasn't been - * assigned. - */ - RESPONSE_TYPE_UNTYPED = 0, - - /** - * 'answer' means that the response terminates the resolution - * process. - */ - RESPONSE_TYPE_ANSWER, - - /** 'delegation' means that the response is a delegation. */ - RESPONSE_TYPE_REFERRAL, - - /** - * 'cname' means that the response is a cname without the final - * answer, and thus must be restarted. - */ - RESPONSE_TYPE_CNAME, - - /** - * 'throwaway' means that this particular response should be - * discarded and the next nameserver should be contacted - */ - RESPONSE_TYPE_THROWAWAY, - - /** - * 'lame' means that this particular response indicates that - * the nameserver knew nothing about the question. - */ - RESPONSE_TYPE_LAME, - - /** - * Recursion lame means that the nameserver is some sort of - * open recursor, and not authoritative for the question. - * It may know something, but not authoritatively. - */ - RESPONSE_TYPE_REC_LAME -}; - -/** - * Classifies a response message from cache based on the current request. - * Note that this routine assumes that THROWAWAY or LAME responses will not - * occur. Also, it will not detect REFERRAL type messages, since those are - * (currently) automatically classified based on how they came from the - * cache (findDelegation() instead of lookup()). - * - * @param msg: the message from the cache. - * @param request: the request that generated the response. - * @return the response type (CNAME or ANSWER). - */ -enum response_type response_type_from_cache(struct dns_msg* msg, - struct query_info* request); - -/** - * Classifies a response message (from the wire) based on the current - * request. - * - * NOTE: currently this routine uses the AA bit in the response to help - * distinguish between some non-standard referrals and answers. It also - * relies somewhat on the originating zone to be accurate (for lameness - * detection, mostly). - * - * @param rdset: if RD bit was sent in query sent by unbound. - * @param msg: the message from the cache. - * @param request: the request that generated the response. - * @param dp: The delegation point that was being queried - * when the response was returned. - * @return the response type (CNAME or ANSWER). - */ -enum response_type response_type_from_server(int rdset, - struct dns_msg* msg, struct query_info* request, struct delegpt* dp); - -#endif /* ITERATOR_ITER_RESPTYPE_H */ diff --git a/external/unbound/iterator/iter_scrub.c b/external/unbound/iterator/iter_scrub.c deleted file mode 100644 index 1bee85c0b..000000000 --- a/external/unbound/iterator/iter_scrub.c +++ /dev/null @@ -1,792 +0,0 @@ -/* - * iterator/iter_scrub.c - scrubbing, normalization, sanitization of DNS msgs. - * - * Copyright (c) 2007, NLnet Labs. All rights reserved. - * - * This software is open source. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * Redistributions of source code must retain the above copyright notice, - * this list of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, - * this list of conditions and the following disclaimer in the documentation - * and/or other materials provided with the distribution. - * - * Neither the name of the NLNET LABS nor the names of its contributors may - * be used to endorse or promote products derived from this software without - * specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR - * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT - * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED - * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR - * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF - * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING - * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -/** - * \file - * - * This file has routine(s) for cleaning up incoming DNS messages from - * possible useless or malicious junk in it. - */ -#include "config.h" -#include "iterator/iter_scrub.h" -#include "iterator/iterator.h" -#include "iterator/iter_priv.h" -#include "services/cache/rrset.h" -#include "util/log.h" -#include "util/net_help.h" -#include "util/regional.h" -#include "util/config_file.h" -#include "util/module.h" -#include "util/data/msgparse.h" -#include "util/data/dname.h" -#include "util/data/msgreply.h" -#include "util/alloc.h" -#include "sldns/sbuffer.h" - -/** RRset flag used during scrubbing. The RRset is OK. */ -#define RRSET_SCRUB_OK 0x80 - -/** remove rrset, update loop variables */ -static void -remove_rrset(const char* str, sldns_buffer* pkt, struct msg_parse* msg, - struct rrset_parse* prev, struct rrset_parse** rrset) -{ - if(verbosity >= VERB_QUERY && str - && (*rrset)->dname_len <= LDNS_MAX_DOMAINLEN) { - uint8_t buf[LDNS_MAX_DOMAINLEN+1]; - dname_pkt_copy(pkt, buf, (*rrset)->dname); - log_nametypeclass(VERB_QUERY, str, buf, - (*rrset)->type, ntohs((*rrset)->rrset_class)); - } - if(prev) - prev->rrset_all_next = (*rrset)->rrset_all_next; - else msg->rrset_first = (*rrset)->rrset_all_next; - if(msg->rrset_last == *rrset) - msg->rrset_last = prev; - msg->rrset_count --; - switch((*rrset)->section) { - case LDNS_SECTION_ANSWER: msg->an_rrsets--; break; - case LDNS_SECTION_AUTHORITY: msg->ns_rrsets--; break; - case LDNS_SECTION_ADDITIONAL: msg->ar_rrsets--; break; - default: log_assert(0); - } - msgparse_bucket_remove(msg, *rrset); - *rrset = (*rrset)->rrset_all_next; -} - -/** return true if rr type has additional names in it */ -static int -has_additional(uint16_t t) -{ - switch(t) { - case LDNS_RR_TYPE_MB: - case LDNS_RR_TYPE_MD: - case LDNS_RR_TYPE_MF: - case LDNS_RR_TYPE_NS: - case LDNS_RR_TYPE_MX: - case LDNS_RR_TYPE_KX: - case LDNS_RR_TYPE_SRV: - return 1; - case LDNS_RR_TYPE_NAPTR: - /* TODO: NAPTR not supported, glue stripped off */ - return 0; - } - return 0; -} - -/** get additional name from rrset RR, return false if no name present */ -static int -get_additional_name(struct rrset_parse* rrset, struct rr_parse* rr, - uint8_t** nm, size_t* nmlen, sldns_buffer* pkt) -{ - size_t offset = 0; - size_t len, oldpos; - switch(rrset->type) { - case LDNS_RR_TYPE_MB: - case LDNS_RR_TYPE_MD: - case LDNS_RR_TYPE_MF: - case LDNS_RR_TYPE_NS: - offset = 0; - break; - case LDNS_RR_TYPE_MX: - case LDNS_RR_TYPE_KX: - offset = 2; - break; - case LDNS_RR_TYPE_SRV: - offset = 6; - break; - case LDNS_RR_TYPE_NAPTR: - /* TODO: NAPTR not supported, glue stripped off */ - return 0; - default: - return 0; - } - len = sldns_read_uint16(rr->ttl_data+sizeof(uint32_t)); - if(len < offset+1) - return 0; /* rdata field too small */ - *nm = rr->ttl_data+sizeof(uint32_t)+sizeof(uint16_t)+offset; - oldpos = sldns_buffer_position(pkt); - sldns_buffer_set_position(pkt, (size_t)(*nm - sldns_buffer_begin(pkt))); - *nmlen = pkt_dname_len(pkt); - sldns_buffer_set_position(pkt, oldpos); - if(*nmlen == 0) - return 0; - return 1; -} - -/** Place mark on rrsets in additional section they are OK */ -static void -mark_additional_rrset(sldns_buffer* pkt, struct msg_parse* msg, - struct rrset_parse* rrset) -{ - /* Mark A and AAAA for NS as appropriate additional section info. */ - uint8_t* nm = NULL; - size_t nmlen = 0; - struct rr_parse* rr; - - if(!has_additional(rrset->type)) - return; - for(rr = rrset->rr_first; rr; rr = rr->next) { - if(get_additional_name(rrset, rr, &nm, &nmlen, pkt)) { - /* mark A */ - hashvalue_type h = pkt_hash_rrset(pkt, nm, - LDNS_RR_TYPE_A, rrset->rrset_class, 0); - struct rrset_parse* r = msgparse_hashtable_lookup( - msg, pkt, h, 0, nm, nmlen, - LDNS_RR_TYPE_A, rrset->rrset_class); - if(r && r->section == LDNS_SECTION_ADDITIONAL) { - r->flags |= RRSET_SCRUB_OK; - } - - /* mark AAAA */ - h = pkt_hash_rrset(pkt, nm, LDNS_RR_TYPE_AAAA, - rrset->rrset_class, 0); - r = msgparse_hashtable_lookup(msg, pkt, h, 0, nm, - nmlen, LDNS_RR_TYPE_AAAA, rrset->rrset_class); - if(r && r->section == LDNS_SECTION_ADDITIONAL) { - r->flags |= RRSET_SCRUB_OK; - } - } - } -} - -/** Get target name of a CNAME */ -static int -parse_get_cname_target(struct rrset_parse* rrset, uint8_t** sname, - size_t* snamelen) -{ - if(rrset->rr_count != 1) { - struct rr_parse* sig; - verbose(VERB_ALGO, "Found CNAME rrset with " - "size > 1: %u", (unsigned)rrset->rr_count); - /* use the first CNAME! */ - rrset->rr_count = 1; - rrset->size = rrset->rr_first->size; - for(sig=rrset->rrsig_first; sig; sig=sig->next) - rrset->size += sig->size; - rrset->rr_last = rrset->rr_first; - rrset->rr_first->next = NULL; - } - if(rrset->rr_first->size < sizeof(uint16_t)+1) - return 0; /* CNAME rdata too small */ - *sname = rrset->rr_first->ttl_data + sizeof(uint32_t) - + sizeof(uint16_t); /* skip ttl, rdatalen */ - *snamelen = rrset->rr_first->size - sizeof(uint16_t); - return 1; -} - -/** Synthesize CNAME from DNAME, false if too long */ -static int -synth_cname(uint8_t* qname, size_t qnamelen, struct rrset_parse* dname_rrset, - uint8_t* alias, size_t* aliaslen, sldns_buffer* pkt) -{ - /* we already know that sname is a strict subdomain of DNAME owner */ - uint8_t* dtarg = NULL; - size_t dtarglen; - if(!parse_get_cname_target(dname_rrset, &dtarg, &dtarglen)) - return 0; - log_assert(qnamelen > dname_rrset->dname_len); - /* DNAME from com. to net. with qname example.com. -> example.net. */ - /* so: \3com\0 to \3net\0 and qname \7example\3com\0 */ - *aliaslen = qnamelen + dtarglen - dname_rrset->dname_len; - if(*aliaslen > LDNS_MAX_DOMAINLEN) - return 0; /* should have been RCODE YXDOMAIN */ - /* decompress dnames into buffer, we know it fits */ - dname_pkt_copy(pkt, alias, qname); - dname_pkt_copy(pkt, alias+(qnamelen-dname_rrset->dname_len), dtarg); - return 1; -} - -/** synthesize a CNAME rrset */ -static struct rrset_parse* -synth_cname_rrset(uint8_t** sname, size_t* snamelen, uint8_t* alias, - size_t aliaslen, struct regional* region, struct msg_parse* msg, - struct rrset_parse* rrset, struct rrset_parse* prev, - struct rrset_parse* nx, sldns_buffer* pkt) -{ - struct rrset_parse* cn = (struct rrset_parse*)regional_alloc(region, - sizeof(struct rrset_parse)); - if(!cn) - return NULL; - memset(cn, 0, sizeof(*cn)); - cn->rr_first = (struct rr_parse*)regional_alloc(region, - sizeof(struct rr_parse)); - if(!cn->rr_first) - return NULL; - cn->rr_last = cn->rr_first; - /* CNAME from sname to alias */ - cn->dname = (uint8_t*)regional_alloc(region, *snamelen); - if(!cn->dname) - return NULL; - dname_pkt_copy(pkt, cn->dname, *sname); - cn->dname_len = *snamelen; - cn->type = LDNS_RR_TYPE_CNAME; - cn->section = rrset->section; - cn->rrset_class = rrset->rrset_class; - cn->rr_count = 1; - cn->size = sizeof(uint16_t) + aliaslen; - cn->hash=pkt_hash_rrset(pkt, cn->dname, cn->type, cn->rrset_class, 0); - /* allocate TTL + rdatalen + uncompressed dname */ - memset(cn->rr_first, 0, sizeof(struct rr_parse)); - cn->rr_first->outside_packet = 1; - cn->rr_first->ttl_data = (uint8_t*)regional_alloc(region, - sizeof(uint32_t)+sizeof(uint16_t)+aliaslen); - if(!cn->rr_first->ttl_data) - return NULL; - sldns_write_uint32(cn->rr_first->ttl_data, 0); /* TTL = 0 */ - sldns_write_uint16(cn->rr_first->ttl_data+4, aliaslen); - memmove(cn->rr_first->ttl_data+6, alias, aliaslen); - cn->rr_first->size = sizeof(uint16_t)+aliaslen; - - /* link it in */ - cn->rrset_all_next = nx; - if(prev) - prev->rrset_all_next = cn; - else msg->rrset_first = cn; - if(nx == NULL) - msg->rrset_last = cn; - msg->rrset_count ++; - msg->an_rrsets++; - /* it is not inserted in the msg hashtable. */ - - *sname = cn->rr_first->ttl_data + sizeof(uint32_t)+sizeof(uint16_t); - *snamelen = aliaslen; - return cn; -} - -/** check if DNAME applies to a name */ -static int -pkt_strict_sub(sldns_buffer* pkt, uint8_t* sname, uint8_t* dr) -{ - uint8_t buf1[LDNS_MAX_DOMAINLEN+1]; - uint8_t buf2[LDNS_MAX_DOMAINLEN+1]; - /* decompress names */ - dname_pkt_copy(pkt, buf1, sname); - dname_pkt_copy(pkt, buf2, dr); - return dname_strict_subdomain_c(buf1, buf2); -} - -/** check subdomain with decompression */ -static int -pkt_sub(sldns_buffer* pkt, uint8_t* comprname, uint8_t* zone) -{ - uint8_t buf[LDNS_MAX_DOMAINLEN+1]; - dname_pkt_copy(pkt, buf, comprname); - return dname_subdomain_c(buf, zone); -} - -/** check subdomain with decompression, compressed is parent */ -static int -sub_of_pkt(sldns_buffer* pkt, uint8_t* zone, uint8_t* comprname) -{ - uint8_t buf[LDNS_MAX_DOMAINLEN+1]; - dname_pkt_copy(pkt, buf, comprname); - return dname_subdomain_c(zone, buf); -} - -/** - * This routine normalizes a response. This includes removing "irrelevant" - * records from the answer and additional sections and (re)synthesizing - * CNAMEs from DNAMEs, if present. - * - * @param pkt: packet. - * @param msg: msg to normalize. - * @param qinfo: original query. - * @param region: where to allocate synthesized CNAMEs. - * @return 0 on error. - */ -static int -scrub_normalize(sldns_buffer* pkt, struct msg_parse* msg, - struct query_info* qinfo, struct regional* region) -{ - uint8_t* sname = qinfo->qname; - size_t snamelen = qinfo->qname_len; - struct rrset_parse* rrset, *prev, *nsset=NULL; - - if(FLAGS_GET_RCODE(msg->flags) != LDNS_RCODE_NOERROR && - FLAGS_GET_RCODE(msg->flags) != LDNS_RCODE_NXDOMAIN) - return 1; - - /* For the ANSWER section, remove all "irrelevant" records and add - * synthesized CNAMEs from DNAMEs - * This will strip out-of-order CNAMEs as well. */ - - /* walk through the parse packet rrset list, keep track of previous - * for insert and delete ease, and examine every RRset */ - prev = NULL; - rrset = msg->rrset_first; - while(rrset && rrset->section == LDNS_SECTION_ANSWER) { - if(rrset->type == LDNS_RR_TYPE_DNAME && - pkt_strict_sub(pkt, sname, rrset->dname)) { - /* check if next rrset is correct CNAME. else, - * synthesize a CNAME */ - struct rrset_parse* nx = rrset->rrset_all_next; - uint8_t alias[LDNS_MAX_DOMAINLEN+1]; - size_t aliaslen = 0; - if(rrset->rr_count != 1) { - verbose(VERB_ALGO, "Found DNAME rrset with " - "size > 1: %u", - (unsigned)rrset->rr_count); - return 0; - } - if(!synth_cname(sname, snamelen, rrset, alias, - &aliaslen, pkt)) { - verbose(VERB_ALGO, "synthesized CNAME " - "too long"); - return 0; - } - if(nx && nx->type == LDNS_RR_TYPE_CNAME && - dname_pkt_compare(pkt, sname, nx->dname) == 0) { - /* check next cname */ - uint8_t* t = NULL; - size_t tlen = 0; - if(!parse_get_cname_target(nx, &t, &tlen)) - return 0; - if(dname_pkt_compare(pkt, alias, t) == 0) { - /* it's OK and better capitalized */ - prev = rrset; - rrset = nx; - continue; - } - /* synth ourselves */ - } - /* synth a CNAME rrset */ - prev = synth_cname_rrset(&sname, &snamelen, alias, - aliaslen, region, msg, rrset, rrset, nx, pkt); - if(!prev) { - log_err("out of memory synthesizing CNAME"); - return 0; - } - /* FIXME: resolve the conflict between synthesized - * CNAME ttls and the cache. */ - rrset = nx; - continue; - - } - - /* The only records in the ANSWER section not allowed to */ - if(dname_pkt_compare(pkt, sname, rrset->dname) != 0) { - remove_rrset("normalize: removing irrelevant RRset:", - pkt, msg, prev, &rrset); - continue; - } - - /* Follow the CNAME chain. */ - if(rrset->type == LDNS_RR_TYPE_CNAME) { - struct rrset_parse* nx = rrset->rrset_all_next; - uint8_t* oldsname = sname; - /* see if the next one is a DNAME, if so, swap them */ - if(nx && nx->section == LDNS_SECTION_ANSWER && - nx->type == LDNS_RR_TYPE_DNAME && - nx->rr_count == 1 && - pkt_strict_sub(pkt, sname, nx->dname)) { - /* there is a DNAME after this CNAME, it - * is in the ANSWER section, and the DNAME - * applies to the name we cover */ - /* check if the alias of the DNAME equals - * this CNAME */ - uint8_t alias[LDNS_MAX_DOMAINLEN+1]; - size_t aliaslen = 0; - uint8_t* t = NULL; - size_t tlen = 0; - if(synth_cname(sname, snamelen, nx, alias, - &aliaslen, pkt) && - parse_get_cname_target(rrset, &t, &tlen) && - dname_pkt_compare(pkt, alias, t) == 0) { - /* the synthesized CNAME equals the - * current CNAME. This CNAME is the - * one that the DNAME creates, and this - * CNAME is better capitalised */ - verbose(VERB_ALGO, "normalize: re-order of DNAME and its CNAME"); - if(prev) prev->rrset_all_next = nx; - else msg->rrset_first = nx; - if(nx->rrset_all_next == NULL) - msg->rrset_last = rrset; - rrset->rrset_all_next = - nx->rrset_all_next; - nx->rrset_all_next = rrset; - prev = nx; - } - } - - /* move to next name in CNAME chain */ - if(!parse_get_cname_target(rrset, &sname, &snamelen)) - return 0; - prev = rrset; - rrset = rrset->rrset_all_next; - /* in CNAME ANY response, can have data after CNAME */ - if(qinfo->qtype == LDNS_RR_TYPE_ANY) { - while(rrset && rrset->section == - LDNS_SECTION_ANSWER && - dname_pkt_compare(pkt, oldsname, - rrset->dname) == 0) { - prev = rrset; - rrset = rrset->rrset_all_next; - } - } - continue; - } - - /* Otherwise, make sure that the RRset matches the qtype. */ - if(qinfo->qtype != LDNS_RR_TYPE_ANY && - qinfo->qtype != rrset->type) { - remove_rrset("normalize: removing irrelevant RRset:", - pkt, msg, prev, &rrset); - continue; - } - - /* Mark the additional names from relevant rrset as OK. */ - /* only for RRsets that match the query name, other ones - * will be removed by sanitize, so no additional for them */ - if(dname_pkt_compare(pkt, qinfo->qname, rrset->dname) == 0) - mark_additional_rrset(pkt, msg, rrset); - - prev = rrset; - rrset = rrset->rrset_all_next; - } - - /* Mark additional names from AUTHORITY */ - while(rrset && rrset->section == LDNS_SECTION_AUTHORITY) { - if(rrset->type==LDNS_RR_TYPE_DNAME || - rrset->type==LDNS_RR_TYPE_CNAME || - rrset->type==LDNS_RR_TYPE_A || - rrset->type==LDNS_RR_TYPE_AAAA) { - remove_rrset("normalize: removing irrelevant " - "RRset:", pkt, msg, prev, &rrset); - continue; - } - /* only one NS set allowed in authority section */ - if(rrset->type==LDNS_RR_TYPE_NS) { - /* NS set must be pertinent to the query */ - if(!sub_of_pkt(pkt, qinfo->qname, rrset->dname)) { - remove_rrset("normalize: removing irrelevant " - "RRset:", pkt, msg, prev, &rrset); - continue; - } - if(nsset == NULL) { - nsset = rrset; - } else { - remove_rrset("normalize: removing irrelevant " - "RRset:", pkt, msg, prev, &rrset); - continue; - } - } - mark_additional_rrset(pkt, msg, rrset); - prev = rrset; - rrset = rrset->rrset_all_next; - } - - /* For each record in the additional section, remove it if it is an - * address record and not in the collection of additional names - * found in ANSWER and AUTHORITY. */ - /* These records have not been marked OK previously */ - while(rrset && rrset->section == LDNS_SECTION_ADDITIONAL) { - /* FIXME: what about other types? */ - if(rrset->type==LDNS_RR_TYPE_A || - rrset->type==LDNS_RR_TYPE_AAAA) - { - if((rrset->flags & RRSET_SCRUB_OK)) { - /* remove flag to clean up flags variable */ - rrset->flags &= ~RRSET_SCRUB_OK; - } else { - remove_rrset("normalize: removing irrelevant " - "RRset:", pkt, msg, prev, &rrset); - continue; - } - } - if(rrset->type==LDNS_RR_TYPE_DNAME || - rrset->type==LDNS_RR_TYPE_CNAME || - rrset->type==LDNS_RR_TYPE_NS) { - remove_rrset("normalize: removing irrelevant " - "RRset:", pkt, msg, prev, &rrset); - continue; - } - prev = rrset; - rrset = rrset->rrset_all_next; - } - - return 1; -} - -/** - * Store potential poison in the cache (only if hardening disabled). - * The rrset is stored in the cache but removed from the message. - * So that it will be used for infrastructure purposes, but not be - * returned to the client. - * @param pkt: packet - * @param msg: message parsed - * @param env: environment with cache - * @param rrset: to store. - */ -static void -store_rrset(sldns_buffer* pkt, struct msg_parse* msg, struct module_env* env, - struct rrset_parse* rrset) -{ - struct ub_packed_rrset_key* k; - struct packed_rrset_data* d; - struct rrset_ref ref; - time_t now = *env->now; - - k = alloc_special_obtain(env->alloc); - if(!k) - return; - k->entry.data = NULL; - if(!parse_copy_decompress_rrset(pkt, msg, rrset, NULL, k)) { - alloc_special_release(env->alloc, k); - return; - } - d = (struct packed_rrset_data*)k->entry.data; - packed_rrset_ttl_add(d, now); - ref.key = k; - ref.id = k->id; - /*ignore ret: it was in the cache, ref updated */ - (void)rrset_cache_update(env->rrset_cache, &ref, env->alloc, now); -} - -/** Check if there are SOA records in the authority section (negative) */ -static int -soa_in_auth(struct msg_parse* msg) -{ - struct rrset_parse* rrset; - for(rrset = msg->rrset_first; rrset; rrset = rrset->rrset_all_next) - if(rrset->type == LDNS_RR_TYPE_SOA && - rrset->section == LDNS_SECTION_AUTHORITY) - return 1; - return 0; -} - -/** - * Check if right hand name in NSEC is within zone - * @param rrset: the NSEC rrset - * @param zonename: the zone name. - * @return true if BAD. - */ -static int sanitize_nsec_is_overreach(struct rrset_parse* rrset, - uint8_t* zonename) -{ - struct rr_parse* rr; - uint8_t* rhs; - size_t len; - log_assert(rrset->type == LDNS_RR_TYPE_NSEC); - for(rr = rrset->rr_first; rr; rr = rr->next) { - rhs = rr->ttl_data+4+2; - len = sldns_read_uint16(rr->ttl_data+4); - if(!dname_valid(rhs, len)) { - /* malformed domain name in rdata */ - return 1; - } - if(!dname_subdomain_c(rhs, zonename)) { - /* overreaching */ - return 1; - } - } - /* all NSEC RRs OK */ - return 0; -} - -/** - * Given a response event, remove suspect RRsets from the response. - * "Suspect" rrsets are potentially poison. Note that this routine expects - * the response to be in a "normalized" state -- that is, all "irrelevant" - * RRsets have already been removed, CNAMEs are in order, etc. - * - * @param pkt: packet. - * @param msg: msg to normalize. - * @param qinfo: the question originally asked. - * @param zonename: name of server zone. - * @param env: module environment with config and cache. - * @param ie: iterator environment with private address data. - * @return 0 on error. - */ -static int -scrub_sanitize(sldns_buffer* pkt, struct msg_parse* msg, - struct query_info* qinfo, uint8_t* zonename, struct module_env* env, - struct iter_env* ie) -{ - int del_addi = 0; /* if additional-holding rrsets are deleted, we - do not trust the normalized additional-A-AAAA any more */ - struct rrset_parse* rrset, *prev; - prev = NULL; - rrset = msg->rrset_first; - - /* the first DNAME is allowed to stay. It needs checking before - * it can be used from the cache. After normalization, an initial - * DNAME will have a correctly synthesized CNAME after it. */ - if(rrset && rrset->type == LDNS_RR_TYPE_DNAME && - rrset->section == LDNS_SECTION_ANSWER && - pkt_strict_sub(pkt, qinfo->qname, rrset->dname) && - pkt_sub(pkt, rrset->dname, zonename)) { - prev = rrset; /* DNAME allowed to stay in answer section */ - rrset = rrset->rrset_all_next; - } - - /* remove all records from the answer section that are - * not the same domain name as the query domain name. - * The answer section should contain rrsets with the same name - * as the question. For DNAMEs a CNAME has been synthesized. - * Wildcards have the query name in answer section. - * ANY queries get query name in answer section. - * Remainders of CNAME chains are cut off and resolved by iterator. */ - while(rrset && rrset->section == LDNS_SECTION_ANSWER) { - if(dname_pkt_compare(pkt, qinfo->qname, rrset->dname) != 0) { - if(has_additional(rrset->type)) del_addi = 1; - remove_rrset("sanitize: removing extraneous answer " - "RRset:", pkt, msg, prev, &rrset); - continue; - } - prev = rrset; - rrset = rrset->rrset_all_next; - } - - /* At this point, we brutally remove ALL rrsets that aren't - * children of the originating zone. The idea here is that, - * as far as we know, the server that we contacted is ONLY - * authoritative for the originating zone. It, of course, MAY - * be authoritative for any other zones, and of course, MAY - * NOT be authoritative for some subdomains of the originating - * zone. */ - prev = NULL; - rrset = msg->rrset_first; - while(rrset) { - - /* remove private addresses */ - if( (rrset->type == LDNS_RR_TYPE_A || - rrset->type == LDNS_RR_TYPE_AAAA)) { - - /* do not set servfail since this leads to too - * many drops of other people using rfc1918 space */ - /* also do not remove entire rrset, unless all records - * in it are bad */ - if(priv_rrset_bad(ie->priv, pkt, rrset)) { - remove_rrset(NULL, pkt, msg, prev, &rrset); - continue; - } - } - - /* skip DNAME records -- they will always be followed by a - * synthesized CNAME, which will be relevant. - * FIXME: should this do something differently with DNAME - * rrsets NOT in Section.ANSWER? */ - /* But since DNAME records are also subdomains of the zone, - * same check can be used */ - - if(!pkt_sub(pkt, rrset->dname, zonename)) { - if(msg->an_rrsets == 0 && - rrset->type == LDNS_RR_TYPE_NS && - rrset->section == LDNS_SECTION_AUTHORITY && - FLAGS_GET_RCODE(msg->flags) == - LDNS_RCODE_NOERROR && !soa_in_auth(msg) && - sub_of_pkt(pkt, zonename, rrset->dname)) { - /* noerror, nodata and this NS rrset is above - * the zone. This is LAME! - * Leave in the NS for lame classification. */ - /* remove everything from the additional - * (we dont want its glue that was approved - * during the normalize action) */ - del_addi = 1; - } else if(!env->cfg->harden_glue && ( - rrset->type == LDNS_RR_TYPE_A || - rrset->type == LDNS_RR_TYPE_AAAA)) { - /* store in cache! Since it is relevant - * (from normalize) it will be picked up - * from the cache to be used later */ - store_rrset(pkt, msg, env, rrset); - remove_rrset("sanitize: storing potential " - "poison RRset:", pkt, msg, prev, &rrset); - continue; - } else { - if(has_additional(rrset->type)) del_addi = 1; - remove_rrset("sanitize: removing potential " - "poison RRset:", pkt, msg, prev, &rrset); - continue; - } - } - if(del_addi && rrset->section == LDNS_SECTION_ADDITIONAL) { - remove_rrset("sanitize: removing potential " - "poison reference RRset:", pkt, msg, prev, &rrset); - continue; - } - /* check if right hand side of NSEC is within zone */ - if(rrset->type == LDNS_RR_TYPE_NSEC && - sanitize_nsec_is_overreach(rrset, zonename)) { - remove_rrset("sanitize: removing overreaching NSEC " - "RRset:", pkt, msg, prev, &rrset); - continue; - } - prev = rrset; - rrset = rrset->rrset_all_next; - } - return 1; -} - -int -scrub_message(sldns_buffer* pkt, struct msg_parse* msg, - struct query_info* qinfo, uint8_t* zonename, struct regional* region, - struct module_env* env, struct iter_env* ie) -{ - /* basic sanity checks */ - log_nametypeclass(VERB_ALGO, "scrub for", zonename, LDNS_RR_TYPE_NS, - qinfo->qclass); - if(msg->qdcount > 1) - return 0; - if( !(msg->flags&BIT_QR) ) - return 0; - msg->flags &= ~(BIT_AD|BIT_Z); /* force off bit AD and Z */ - - /* make sure that a query is echoed back when NOERROR or NXDOMAIN */ - /* this is not required for basic operation but is a forgery - * resistance (security) feature */ - if((FLAGS_GET_RCODE(msg->flags) == LDNS_RCODE_NOERROR || - FLAGS_GET_RCODE(msg->flags) == LDNS_RCODE_NXDOMAIN) && - msg->qdcount == 0) - return 0; - - /* if a query is echoed back, make sure it is correct. Otherwise, - * this may be not a reply to our query. */ - if(msg->qdcount == 1) { - if(dname_pkt_compare(pkt, msg->qname, qinfo->qname) != 0) - return 0; - if(msg->qtype != qinfo->qtype || msg->qclass != qinfo->qclass) - return 0; - } - - /* normalize the response, this cleans up the additional. */ - if(!scrub_normalize(pkt, msg, qinfo, region)) - return 0; - /* delete all out-of-zone information */ - if(!scrub_sanitize(pkt, msg, qinfo, zonename, env, ie)) - return 0; - return 1; -} diff --git a/external/unbound/iterator/iter_scrub.h b/external/unbound/iterator/iter_scrub.h deleted file mode 100644 index cbbaf73c9..000000000 --- a/external/unbound/iterator/iter_scrub.h +++ /dev/null @@ -1,69 +0,0 @@ -/* - * iterator/iter_scrub.h - scrubbing, normalization, sanitization of DNS msgs. - * - * Copyright (c) 2007, NLnet Labs. All rights reserved. - * - * This software is open source. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * Redistributions of source code must retain the above copyright notice, - * this list of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, - * this list of conditions and the following disclaimer in the documentation - * and/or other materials provided with the distribution. - * - * Neither the name of the NLNET LABS nor the names of its contributors may - * be used to endorse or promote products derived from this software without - * specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR - * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT - * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED - * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR - * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF - * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING - * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -/** - * \file - * - * This file has routine(s) for cleaning up incoming DNS messages from - * possible useless or malicious junk in it. - */ - -#ifndef ITERATOR_ITER_SCRUB_H -#define ITERATOR_ITER_SCRUB_H -struct sldns_buffer; -struct msg_parse; -struct query_info; -struct regional; -struct module_env; -struct iter_env; - -/** - * Cleanup the passed dns message. - * @param pkt: the packet itself, for resolving name compression pointers. - * the packet buffer is unaltered. - * @param msg: the parsed packet, this structure is cleaned up. - * @param qinfo: the query info that was sent to the server. Checked. - * @param zonename: the name of the last delegation point. - * Used to determine out of bailiwick information. - * @param regional: where to allocate (new) parts of the message. - * @param env: module environment with config settings and cache. - * @param ie: iterator module environment data. - * @return: false if the message is total waste. true if scrubbed with success. - */ -int scrub_message(struct sldns_buffer* pkt, struct msg_parse* msg, - struct query_info* qinfo, uint8_t* zonename, struct regional* regional, - struct module_env* env, struct iter_env* ie); - -#endif /* ITERATOR_ITER_SCRUB_H */ diff --git a/external/unbound/iterator/iter_utils.c b/external/unbound/iterator/iter_utils.c deleted file mode 100644 index 0b1b45611..000000000 --- a/external/unbound/iterator/iter_utils.c +++ /dev/null @@ -1,1170 +0,0 @@ -/* - * iterator/iter_utils.c - iterative resolver module utility functions. - * - * Copyright (c) 2007, NLnet Labs. All rights reserved. - * - * This software is open source. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * Redistributions of source code must retain the above copyright notice, - * this list of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, - * this list of conditions and the following disclaimer in the documentation - * and/or other materials provided with the distribution. - * - * Neither the name of the NLNET LABS nor the names of its contributors may - * be used to endorse or promote products derived from this software without - * specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR - * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT - * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED - * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR - * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF - * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING - * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -/** - * \file - * - * This file contains functions to assist the iterator module. - * Configuration options. Forward zones. - */ -#include "config.h" -#include "iterator/iter_utils.h" -#include "iterator/iterator.h" -#include "iterator/iter_hints.h" -#include "iterator/iter_fwd.h" -#include "iterator/iter_donotq.h" -#include "iterator/iter_delegpt.h" -#include "iterator/iter_priv.h" -#include "services/cache/infra.h" -#include "services/cache/dns.h" -#include "services/cache/rrset.h" -#include "util/net_help.h" -#include "util/module.h" -#include "util/log.h" -#include "util/config_file.h" -#include "util/regional.h" -#include "util/data/msgparse.h" -#include "util/data/dname.h" -#include "util/random.h" -#include "util/fptr_wlist.h" -#include "validator/val_anchor.h" -#include "validator/val_kcache.h" -#include "validator/val_kentry.h" -#include "validator/val_utils.h" -#include "validator/val_sigcrypt.h" -#include "sldns/sbuffer.h" -#include "sldns/str2wire.h" - -/** time when nameserver glue is said to be 'recent' */ -#define SUSPICION_RECENT_EXPIRY 86400 -/** penalty to validation failed blacklisted IPs */ -#define BLACKLIST_PENALTY (USEFUL_SERVER_TOP_TIMEOUT*4) - -/** fillup fetch policy array */ -static void -fetch_fill(struct iter_env* ie, const char* str) -{ - char* s = (char*)str, *e; - int i; - for(i=0; imax_dependency_depth+1; i++) { - ie->target_fetch_policy[i] = strtol(s, &e, 10); - if(s == e) - fatal_exit("cannot parse fetch policy number %s", s); - s = e; - } -} - -/** Read config string that represents the target fetch policy */ -static int -read_fetch_policy(struct iter_env* ie, const char* str) -{ - int count = cfg_count_numbers(str); - if(count < 1) { - log_err("Cannot parse target fetch policy: \"%s\"", str); - return 0; - } - ie->max_dependency_depth = count - 1; - ie->target_fetch_policy = (int*)calloc( - (size_t)ie->max_dependency_depth+1, sizeof(int)); - if(!ie->target_fetch_policy) { - log_err("alloc fetch policy: out of memory"); - return 0; - } - fetch_fill(ie, str); - return 1; -} - -/** apply config caps whitelist items to name tree */ -static int -caps_white_apply_cfg(rbtree_type* ntree, struct config_file* cfg) -{ - struct config_strlist* p; - for(p=cfg->caps_whitelist; p; p=p->next) { - struct name_tree_node* n; - size_t len; - uint8_t* nm = sldns_str2wire_dname(p->str, &len); - if(!nm) { - log_err("could not parse %s", p->str); - return 0; - } - n = (struct name_tree_node*)calloc(1, sizeof(*n)); - if(!n) { - log_err("out of memory"); - free(nm); - return 0; - } - n->node.key = n; - n->name = nm; - n->len = len; - n->labs = dname_count_labels(nm); - n->dclass = LDNS_RR_CLASS_IN; - if(!name_tree_insert(ntree, n, nm, len, n->labs, n->dclass)) { - /* duplicate element ignored, idempotent */ - free(n->name); - free(n); - } - } - name_tree_init_parents(ntree); - return 1; -} - -int -iter_apply_cfg(struct iter_env* iter_env, struct config_file* cfg) -{ - int i; - /* target fetch policy */ - if(!read_fetch_policy(iter_env, cfg->target_fetch_policy)) - return 0; - for(i=0; imax_dependency_depth+1; i++) - verbose(VERB_QUERY, "target fetch policy for level %d is %d", - i, iter_env->target_fetch_policy[i]); - - if(!iter_env->donotq) - iter_env->donotq = donotq_create(); - if(!iter_env->donotq || !donotq_apply_cfg(iter_env->donotq, cfg)) { - log_err("Could not set donotqueryaddresses"); - return 0; - } - if(!iter_env->priv) - iter_env->priv = priv_create(); - if(!iter_env->priv || !priv_apply_cfg(iter_env->priv, cfg)) { - log_err("Could not set private addresses"); - return 0; - } - if(cfg->caps_whitelist) { - if(!iter_env->caps_white) - iter_env->caps_white = rbtree_create(name_tree_compare); - if(!iter_env->caps_white || !caps_white_apply_cfg( - iter_env->caps_white, cfg)) { - log_err("Could not set capsforid whitelist"); - return 0; - } - - } - iter_env->supports_ipv6 = cfg->do_ip6; - iter_env->supports_ipv4 = cfg->do_ip4; - return 1; -} - -/** filter out unsuitable targets - * @param iter_env: iterator environment with ipv6-support flag. - * @param env: module environment with infra cache. - * @param name: zone name - * @param namelen: length of name - * @param qtype: query type (host order). - * @param now: current time - * @param a: address in delegation point we are examining. - * @return an integer that signals the target suitability. - * as follows: - * -1: The address should be omitted from the list. - * Because: - * o The address is bogus (DNSSEC validation failure). - * o Listed as donotquery - * o is ipv6 but no ipv6 support (in operating system). - * o is ipv4 but no ipv4 support (in operating system). - * o is lame - * Otherwise, an rtt in milliseconds. - * 0 .. USEFUL_SERVER_TOP_TIMEOUT-1 - * The roundtrip time timeout estimate. less than 2 minutes. - * Note that util/rtt.c has a MIN_TIMEOUT of 50 msec, thus - * values 0 .. 49 are not used, unless that is changed. - * USEFUL_SERVER_TOP_TIMEOUT - * This value exactly is given for unresponsive blacklisted. - * USEFUL_SERVER_TOP_TIMEOUT+1 - * For non-blacklisted servers: huge timeout, but has traffic. - * USEFUL_SERVER_TOP_TIMEOUT*1 .. - * parent-side lame servers get this penalty. A dispreferential - * server. (lame in delegpt). - * USEFUL_SERVER_TOP_TIMEOUT*2 .. - * dnsseclame servers get penalty - * USEFUL_SERVER_TOP_TIMEOUT*3 .. - * recursion lame servers get penalty - * UNKNOWN_SERVER_NICENESS - * If no information is known about the server, this is - * returned. 376 msec or so. - * +BLACKLIST_PENALTY (of USEFUL_TOP_TIMEOUT*4) for dnssec failed IPs. - * - * When a final value is chosen that is dnsseclame ; dnsseclameness checking - * is turned off (so we do not discard the reply). - * When a final value is chosen that is recursionlame; RD bit is set on query. - * Because of the numbers this means recursionlame also have dnssec lameness - * checking turned off. - */ -static int -iter_filter_unsuitable(struct iter_env* iter_env, struct module_env* env, - uint8_t* name, size_t namelen, uint16_t qtype, time_t now, - struct delegpt_addr* a) -{ - int rtt, lame, reclame, dnsseclame; - if(a->bogus) - return -1; /* address of server is bogus */ - if(donotq_lookup(iter_env->donotq, &a->addr, a->addrlen)) { - log_addr(VERB_ALGO, "skip addr on the donotquery list", - &a->addr, a->addrlen); - return -1; /* server is on the donotquery list */ - } - if(!iter_env->supports_ipv6 && addr_is_ip6(&a->addr, a->addrlen)) { - return -1; /* there is no ip6 available */ - } - if(!iter_env->supports_ipv4 && !addr_is_ip6(&a->addr, a->addrlen)) { - return -1; /* there is no ip4 available */ - } - /* check lameness - need zone , class info */ - if(infra_get_lame_rtt(env->infra_cache, &a->addr, a->addrlen, - name, namelen, qtype, &lame, &dnsseclame, &reclame, - &rtt, now)) { - log_addr(VERB_ALGO, "servselect", &a->addr, a->addrlen); - verbose(VERB_ALGO, " rtt=%d%s%s%s%s", rtt, - lame?" LAME":"", - dnsseclame?" DNSSEC_LAME":"", - reclame?" REC_LAME":"", - a->lame?" ADDR_LAME":""); - if(lame) - return -1; /* server is lame */ - else if(rtt >= USEFUL_SERVER_TOP_TIMEOUT) - /* server is unresponsive, - * we used to return TOP_TIMEOUT, but fairly useless, - * because if == TOP_TIMEOUT is dropped because - * blacklisted later, instead, remove it here, so - * other choices (that are not blacklisted) can be - * tried */ - return -1; - /* select remainder from worst to best */ - else if(reclame) - return rtt+USEFUL_SERVER_TOP_TIMEOUT*3; /* nonpref */ - else if(dnsseclame || a->dnsseclame) - return rtt+USEFUL_SERVER_TOP_TIMEOUT*2; /* nonpref */ - else if(a->lame) - return rtt+USEFUL_SERVER_TOP_TIMEOUT+1; /* nonpref */ - else return rtt; - } - /* no server information present */ - if(a->dnsseclame) - return UNKNOWN_SERVER_NICENESS+USEFUL_SERVER_TOP_TIMEOUT*2; /* nonpref */ - else if(a->lame) - return USEFUL_SERVER_TOP_TIMEOUT+1+UNKNOWN_SERVER_NICENESS; /* nonpref */ - return UNKNOWN_SERVER_NICENESS; -} - -/** lookup RTT information, and also store fastest rtt (if any) */ -static int -iter_fill_rtt(struct iter_env* iter_env, struct module_env* env, - uint8_t* name, size_t namelen, uint16_t qtype, time_t now, - struct delegpt* dp, int* best_rtt, struct sock_list* blacklist) -{ - int got_it = 0; - struct delegpt_addr* a; - if(dp->bogus) - return 0; /* NS bogus, all bogus, nothing found */ - for(a=dp->result_list; a; a = a->next_result) { - a->sel_rtt = iter_filter_unsuitable(iter_env, env, - name, namelen, qtype, now, a); - if(a->sel_rtt != -1) { - if(sock_list_find(blacklist, &a->addr, a->addrlen)) - a->sel_rtt += BLACKLIST_PENALTY; - - if(!got_it) { - *best_rtt = a->sel_rtt; - got_it = 1; - } else if(a->sel_rtt < *best_rtt) { - *best_rtt = a->sel_rtt; - } - } - } - return got_it; -} - -/** filter the address list, putting best targets at front, - * returns number of best targets (or 0, no suitable targets) */ -static int -iter_filter_order(struct iter_env* iter_env, struct module_env* env, - uint8_t* name, size_t namelen, uint16_t qtype, time_t now, - struct delegpt* dp, int* selected_rtt, int open_target, - struct sock_list* blacklist) -{ - int got_num = 0, low_rtt = 0, swap_to_front; - struct delegpt_addr* a, *n, *prev=NULL; - - /* fillup sel_rtt and find best rtt in the bunch */ - got_num = iter_fill_rtt(iter_env, env, name, namelen, qtype, now, dp, - &low_rtt, blacklist); - if(got_num == 0) - return 0; - if(low_rtt >= USEFUL_SERVER_TOP_TIMEOUT && - (delegpt_count_missing_targets(dp) > 0 || open_target > 0)) { - verbose(VERB_ALGO, "Bad choices, trying to get more choice"); - return 0; /* we want more choice. The best choice is a bad one. - return 0 to force the caller to fetch more */ - } - - got_num = 0; - a = dp->result_list; - while(a) { - /* skip unsuitable targets */ - if(a->sel_rtt == -1) { - prev = a; - a = a->next_result; - continue; - } - /* classify the server address and determine what to do */ - swap_to_front = 0; - if(a->sel_rtt >= low_rtt && a->sel_rtt - low_rtt <= RTT_BAND) { - got_num++; - swap_to_front = 1; - } else if(a->sel_rttsel_rtt<=RTT_BAND) { - got_num++; - swap_to_front = 1; - } - /* swap to front if necessary, or move to next result */ - if(swap_to_front && prev) { - n = a->next_result; - prev->next_result = n; - a->next_result = dp->result_list; - dp->result_list = a; - a = n; - } else { - prev = a; - a = a->next_result; - } - } - *selected_rtt = low_rtt; - - if (env->cfg->prefer_ip6) { - int got_num6 = 0; - int low_rtt6 = 0; - int i; - prev = NULL; - a = dp->result_list; - for(i = 0; i < got_num; i++) { - swap_to_front = 0; - if(a->addr.ss_family == AF_INET6) { - got_num6++; - swap_to_front = 1; - if(low_rtt6 == 0 || a->sel_rtt < low_rtt6) { - low_rtt6 = a->sel_rtt; - } - } - /* swap to front if IPv6, or move to next result */ - if(swap_to_front && prev) { - n = a->next_result; - prev->next_result = n; - a->next_result = dp->result_list; - dp->result_list = a; - a = n; - } else { - prev = a; - a = a->next_result; - } - } - if(got_num6 > 0) { - got_num = got_num6; - *selected_rtt = low_rtt6; - } - } - return got_num; -} - -struct delegpt_addr* -iter_server_selection(struct iter_env* iter_env, - struct module_env* env, struct delegpt* dp, - uint8_t* name, size_t namelen, uint16_t qtype, int* dnssec_lame, - int* chase_to_rd, int open_target, struct sock_list* blacklist) -{ - int sel; - int selrtt; - struct delegpt_addr* a, *prev; - int num = iter_filter_order(iter_env, env, name, namelen, qtype, - *env->now, dp, &selrtt, open_target, blacklist); - - if(num == 0) - return NULL; - verbose(VERB_ALGO, "selrtt %d", selrtt); - if(selrtt > BLACKLIST_PENALTY) { - if(selrtt-BLACKLIST_PENALTY > USEFUL_SERVER_TOP_TIMEOUT*3) { - verbose(VERB_ALGO, "chase to " - "blacklisted recursion lame server"); - *chase_to_rd = 1; - } - if(selrtt-BLACKLIST_PENALTY > USEFUL_SERVER_TOP_TIMEOUT*2) { - verbose(VERB_ALGO, "chase to " - "blacklisted dnssec lame server"); - *dnssec_lame = 1; - } - } else { - if(selrtt > USEFUL_SERVER_TOP_TIMEOUT*3) { - verbose(VERB_ALGO, "chase to recursion lame server"); - *chase_to_rd = 1; - } - if(selrtt > USEFUL_SERVER_TOP_TIMEOUT*2) { - verbose(VERB_ALGO, "chase to dnssec lame server"); - *dnssec_lame = 1; - } - if(selrtt == USEFUL_SERVER_TOP_TIMEOUT) { - verbose(VERB_ALGO, "chase to blacklisted lame server"); - return NULL; - } - } - - if(num == 1) { - a = dp->result_list; - if(++a->attempts < OUTBOUND_MSG_RETRY) - return a; - dp->result_list = a->next_result; - return a; - } - - /* randomly select a target from the list */ - log_assert(num > 1); - /* grab secure random number, to pick unexpected server. - * also we need it to be threadsafe. */ - sel = ub_random_max(env->rnd, num); - a = dp->result_list; - prev = NULL; - while(sel > 0 && a) { - prev = a; - a = a->next_result; - sel--; - } - if(!a) /* robustness */ - return NULL; - if(++a->attempts < OUTBOUND_MSG_RETRY) - return a; - /* remove it from the delegation point result list */ - if(prev) - prev->next_result = a->next_result; - else dp->result_list = a->next_result; - return a; -} - -struct dns_msg* -dns_alloc_msg(sldns_buffer* pkt, struct msg_parse* msg, - struct regional* region) -{ - struct dns_msg* m = (struct dns_msg*)regional_alloc(region, - sizeof(struct dns_msg)); - if(!m) - return NULL; - memset(m, 0, sizeof(*m)); - if(!parse_create_msg(pkt, msg, NULL, &m->qinfo, &m->rep, region)) { - log_err("malloc failure: allocating incoming dns_msg"); - return NULL; - } - return m; -} - -struct dns_msg* -dns_copy_msg(struct dns_msg* from, struct regional* region) -{ - struct dns_msg* m = (struct dns_msg*)regional_alloc(region, - sizeof(struct dns_msg)); - if(!m) - return NULL; - m->qinfo = from->qinfo; - if(!(m->qinfo.qname = regional_alloc_init(region, from->qinfo.qname, - from->qinfo.qname_len))) - return NULL; - if(!(m->rep = reply_info_copy(from->rep, NULL, region))) - return NULL; - return m; -} - -void -iter_dns_store(struct module_env* env, struct query_info* msgqinf, - struct reply_info* msgrep, int is_referral, time_t leeway, int pside, - struct regional* region, uint16_t flags) -{ - if(!dns_cache_store(env, msgqinf, msgrep, is_referral, leeway, - pside, region, flags)) - log_err("out of memory: cannot store data in cache"); -} - -int -iter_ns_probability(struct ub_randstate* rnd, int n, int m) -{ - int sel; - if(n == m) /* 100% chance */ - return 1; - /* we do not need secure random numbers here, but - * we do need it to be threadsafe, so we use this */ - sel = ub_random_max(rnd, m); - return (sel < n); -} - -/** detect dependency cycle for query and target */ -static int -causes_cycle(struct module_qstate* qstate, uint8_t* name, size_t namelen, - uint16_t t, uint16_t c) -{ - struct query_info qinf; - qinf.qname = name; - qinf.qname_len = namelen; - qinf.qtype = t; - qinf.qclass = c; - qinf.local_alias = NULL; - fptr_ok(fptr_whitelist_modenv_detect_cycle( - qstate->env->detect_cycle)); - return (*qstate->env->detect_cycle)(qstate, &qinf, - (uint16_t)(BIT_RD|BIT_CD), qstate->is_priming, - qstate->is_valrec); -} - -void -iter_mark_cycle_targets(struct module_qstate* qstate, struct delegpt* dp) -{ - struct delegpt_ns* ns; - for(ns = dp->nslist; ns; ns = ns->next) { - if(ns->resolved) - continue; - /* see if this ns as target causes dependency cycle */ - if(causes_cycle(qstate, ns->name, ns->namelen, - LDNS_RR_TYPE_AAAA, qstate->qinfo.qclass) || - causes_cycle(qstate, ns->name, ns->namelen, - LDNS_RR_TYPE_A, qstate->qinfo.qclass)) { - log_nametypeclass(VERB_QUERY, "skipping target due " - "to dependency cycle (harden-glue: no may " - "fix some of the cycles)", - ns->name, LDNS_RR_TYPE_A, - qstate->qinfo.qclass); - ns->resolved = 1; - } - } -} - -void -iter_mark_pside_cycle_targets(struct module_qstate* qstate, struct delegpt* dp) -{ - struct delegpt_ns* ns; - for(ns = dp->nslist; ns; ns = ns->next) { - if(ns->done_pside4 && ns->done_pside6) - continue; - /* see if this ns as target causes dependency cycle */ - if(causes_cycle(qstate, ns->name, ns->namelen, - LDNS_RR_TYPE_A, qstate->qinfo.qclass)) { - log_nametypeclass(VERB_QUERY, "skipping target due " - "to dependency cycle", ns->name, - LDNS_RR_TYPE_A, qstate->qinfo.qclass); - ns->done_pside4 = 1; - } - if(causes_cycle(qstate, ns->name, ns->namelen, - LDNS_RR_TYPE_AAAA, qstate->qinfo.qclass)) { - log_nametypeclass(VERB_QUERY, "skipping target due " - "to dependency cycle", ns->name, - LDNS_RR_TYPE_AAAA, qstate->qinfo.qclass); - ns->done_pside6 = 1; - } - } -} - -int -iter_dp_is_useless(struct query_info* qinfo, uint16_t qflags, - struct delegpt* dp) -{ - struct delegpt_ns* ns; - /* check: - * o RD qflag is on. - * o no addresses are provided. - * o all NS items are required glue. - * OR - * o RD qflag is on. - * o no addresses are provided. - * o the query is for one of the nameservers in dp, - * and that nameserver is a glue-name for this dp. - */ - if(!(qflags&BIT_RD)) - return 0; - /* either available or unused targets */ - if(dp->usable_list || dp->result_list) - return 0; - - /* see if query is for one of the nameservers, which is glue */ - if( (qinfo->qtype == LDNS_RR_TYPE_A || - qinfo->qtype == LDNS_RR_TYPE_AAAA) && - dname_subdomain_c(qinfo->qname, dp->name) && - delegpt_find_ns(dp, qinfo->qname, qinfo->qname_len)) - return 1; - - for(ns = dp->nslist; ns; ns = ns->next) { - if(ns->resolved) /* skip failed targets */ - continue; - if(!dname_subdomain_c(ns->name, dp->name)) - return 0; /* one address is not required glue */ - } - return 1; -} - -int -iter_indicates_dnssec_fwd(struct module_env* env, struct query_info *qinfo) -{ - struct trust_anchor* a; - if(!env || !env->anchors || !qinfo || !qinfo->qname) - return 0; - /* a trust anchor exists above the name? */ - if((a=anchors_lookup(env->anchors, qinfo->qname, qinfo->qname_len, - qinfo->qclass))) { - if(a->numDS == 0 && a->numDNSKEY == 0) { - /* insecure trust point */ - lock_basic_unlock(&a->lock); - return 0; - } - lock_basic_unlock(&a->lock); - return 1; - } - /* no trust anchor above it. */ - return 0; -} - -int -iter_indicates_dnssec(struct module_env* env, struct delegpt* dp, - struct dns_msg* msg, uint16_t dclass) -{ - struct trust_anchor* a; - /* information not available, !env->anchors can be common */ - if(!env || !env->anchors || !dp || !dp->name) - return 0; - /* a trust anchor exists with this name, RRSIGs expected */ - if((a=anchor_find(env->anchors, dp->name, dp->namelabs, dp->namelen, - dclass))) { - lock_basic_unlock(&a->lock); - return 1; - } - /* see if DS rrset was given, in AUTH section */ - if(msg && msg->rep && - reply_find_rrset_section_ns(msg->rep, dp->name, dp->namelen, - LDNS_RR_TYPE_DS, dclass)) - return 1; - /* look in key cache */ - if(env->key_cache) { - struct key_entry_key* kk = key_cache_obtain(env->key_cache, - dp->name, dp->namelen, dclass, env->scratch, *env->now); - if(kk) { - if(query_dname_compare(kk->name, dp->name) == 0) { - if(key_entry_isgood(kk) || key_entry_isbad(kk)) { - regional_free_all(env->scratch); - return 1; - } else if(key_entry_isnull(kk)) { - regional_free_all(env->scratch); - return 0; - } - } - regional_free_all(env->scratch); - } - } - return 0; -} - -int -iter_msg_has_dnssec(struct dns_msg* msg) -{ - size_t i; - if(!msg || !msg->rep) - return 0; - for(i=0; irep->an_numrrsets + msg->rep->ns_numrrsets; i++) { - if(((struct packed_rrset_data*)msg->rep->rrsets[i]-> - entry.data)->rrsig_count > 0) - return 1; - } - /* empty message has no DNSSEC info, with DNSSEC the reply is - * not empty (NSEC) */ - return 0; -} - -int iter_msg_from_zone(struct dns_msg* msg, struct delegpt* dp, - enum response_type type, uint16_t dclass) -{ - if(!msg || !dp || !msg->rep || !dp->name) - return 0; - /* SOA RRset - always from reply zone */ - if(reply_find_rrset_section_an(msg->rep, dp->name, dp->namelen, - LDNS_RR_TYPE_SOA, dclass) || - reply_find_rrset_section_ns(msg->rep, dp->name, dp->namelen, - LDNS_RR_TYPE_SOA, dclass)) - return 1; - if(type == RESPONSE_TYPE_REFERRAL) { - size_t i; - /* if it adds a single label, i.e. we expect .com, - * and referral to example.com. NS ... , then origin zone - * is .com. For a referral to sub.example.com. NS ... then - * we do not know, since example.com. may be in between. */ - for(i=0; irep->an_numrrsets+msg->rep->ns_numrrsets; - i++) { - struct ub_packed_rrset_key* s = msg->rep->rrsets[i]; - if(ntohs(s->rk.type) == LDNS_RR_TYPE_NS && - ntohs(s->rk.rrset_class) == dclass) { - int l = dname_count_labels(s->rk.dname); - if(l == dp->namelabs + 1 && - dname_strict_subdomain(s->rk.dname, - l, dp->name, dp->namelabs)) - return 1; - } - } - return 0; - } - log_assert(type==RESPONSE_TYPE_ANSWER || type==RESPONSE_TYPE_CNAME); - /* not a referral, and not lame delegation (upwards), so, - * any NS rrset must be from the zone itself */ - if(reply_find_rrset_section_an(msg->rep, dp->name, dp->namelen, - LDNS_RR_TYPE_NS, dclass) || - reply_find_rrset_section_ns(msg->rep, dp->name, dp->namelen, - LDNS_RR_TYPE_NS, dclass)) - return 1; - /* a DNSKEY set is expected at the zone apex as well */ - /* this is for 'minimal responses' for DNSKEYs */ - if(reply_find_rrset_section_an(msg->rep, dp->name, dp->namelen, - LDNS_RR_TYPE_DNSKEY, dclass)) - return 1; - return 0; -} - -/** - * check equality of two rrsets - * @param k1: rrset - * @param k2: rrset - * @return true if equal - */ -static int -rrset_equal(struct ub_packed_rrset_key* k1, struct ub_packed_rrset_key* k2) -{ - struct packed_rrset_data* d1 = (struct packed_rrset_data*) - k1->entry.data; - struct packed_rrset_data* d2 = (struct packed_rrset_data*) - k2->entry.data; - size_t i, t; - if(k1->rk.dname_len != k2->rk.dname_len || - k1->rk.flags != k2->rk.flags || - k1->rk.type != k2->rk.type || - k1->rk.rrset_class != k2->rk.rrset_class || - query_dname_compare(k1->rk.dname, k2->rk.dname) != 0) - return 0; - if( /* do not check ttl: d1->ttl != d2->ttl || */ - d1->count != d2->count || - d1->rrsig_count != d2->rrsig_count || - d1->trust != d2->trust || - d1->security != d2->security) - return 0; - t = d1->count + d1->rrsig_count; - for(i=0; irr_len[i] != d2->rr_len[i] || - /* no ttl check: d1->rr_ttl[i] != d2->rr_ttl[i] ||*/ - memcmp(d1->rr_data[i], d2->rr_data[i], - d1->rr_len[i]) != 0) - return 0; - } - return 1; -} - -int -reply_equal(struct reply_info* p, struct reply_info* q, struct regional* region) -{ - size_t i; - if(p->flags != q->flags || - p->qdcount != q->qdcount || - /* do not check TTL, this may differ */ - /* - p->ttl != q->ttl || - p->prefetch_ttl != q->prefetch_ttl || - */ - p->security != q->security || - p->an_numrrsets != q->an_numrrsets || - p->ns_numrrsets != q->ns_numrrsets || - p->ar_numrrsets != q->ar_numrrsets || - p->rrset_count != q->rrset_count) - return 0; - for(i=0; irrset_count; i++) { - if(!rrset_equal(p->rrsets[i], q->rrsets[i])) { - if(!rrset_canonical_equal(region, p->rrsets[i], - q->rrsets[i])) { - regional_free_all(region); - return 0; - } - regional_free_all(region); - } - } - return 1; -} - -void -caps_strip_reply(struct reply_info* rep) -{ - size_t i; - if(!rep) return; - /* see if message is a referral, in which case the additional and - * NS record cannot be removed */ - /* referrals have the AA flag unset (strict check, not elsewhere in - * unbound, but for 0x20 this is very convenient). */ - if(!(rep->flags&BIT_AA)) - return; - /* remove the additional section from the reply */ - if(rep->ar_numrrsets != 0) { - verbose(VERB_ALGO, "caps fallback: removing additional section"); - rep->rrset_count -= rep->ar_numrrsets; - rep->ar_numrrsets = 0; - } - /* is there an NS set in the authority section to remove? */ - /* the failure case (Cisco firewalls) only has one rrset in authsec */ - for(i=rep->an_numrrsets; ian_numrrsets+rep->ns_numrrsets; i++) { - struct ub_packed_rrset_key* s = rep->rrsets[i]; - if(ntohs(s->rk.type) == LDNS_RR_TYPE_NS) { - /* remove NS rrset and break from loop (loop limits - * have changed) */ - /* move last rrset into this position (there is no - * additional section any more) */ - verbose(VERB_ALGO, "caps fallback: removing NS rrset"); - if(i < rep->rrset_count-1) - rep->rrsets[i]=rep->rrsets[rep->rrset_count-1]; - rep->rrset_count --; - rep->ns_numrrsets --; - break; - } - } -} - -int caps_failed_rcode(struct reply_info* rep) -{ - return !(FLAGS_GET_RCODE(rep->flags) == LDNS_RCODE_NOERROR || - FLAGS_GET_RCODE(rep->flags) == LDNS_RCODE_NXDOMAIN); -} - -void -iter_store_parentside_rrset(struct module_env* env, - struct ub_packed_rrset_key* rrset) -{ - struct rrset_ref ref; - rrset = packed_rrset_copy_alloc(rrset, env->alloc, *env->now); - if(!rrset) { - log_err("malloc failure in store_parentside_rrset"); - return; - } - rrset->rk.flags |= PACKED_RRSET_PARENT_SIDE; - rrset->entry.hash = rrset_key_hash(&rrset->rk); - ref.key = rrset; - ref.id = rrset->id; - /* ignore ret: if it was in the cache, ref updated */ - (void)rrset_cache_update(env->rrset_cache, &ref, env->alloc, *env->now); -} - -/** fetch NS record from reply, if any */ -static struct ub_packed_rrset_key* -reply_get_NS_rrset(struct reply_info* rep) -{ - size_t i; - for(i=0; irrset_count; i++) { - if(rep->rrsets[i]->rk.type == htons(LDNS_RR_TYPE_NS)) { - return rep->rrsets[i]; - } - } - return NULL; -} - -void -iter_store_parentside_NS(struct module_env* env, struct reply_info* rep) -{ - struct ub_packed_rrset_key* rrset = reply_get_NS_rrset(rep); - if(rrset) { - log_rrset_key(VERB_ALGO, "store parent-side NS", rrset); - iter_store_parentside_rrset(env, rrset); - } -} - -void iter_store_parentside_neg(struct module_env* env, - struct query_info* qinfo, struct reply_info* rep) -{ - /* TTL: NS from referral in iq->deleg_msg, - * or first RR from iq->response, - * or servfail5secs if !iq->response */ - time_t ttl = NORR_TTL; - struct ub_packed_rrset_key* neg; - struct packed_rrset_data* newd; - if(rep) { - struct ub_packed_rrset_key* rrset = reply_get_NS_rrset(rep); - if(!rrset && rep->rrset_count != 0) rrset = rep->rrsets[0]; - if(rrset) ttl = ub_packed_rrset_ttl(rrset); - } - /* create empty rrset to store */ - neg = (struct ub_packed_rrset_key*)regional_alloc(env->scratch, - sizeof(struct ub_packed_rrset_key)); - if(!neg) { - log_err("out of memory in store_parentside_neg"); - return; - } - memset(&neg->entry, 0, sizeof(neg->entry)); - neg->entry.key = neg; - neg->rk.type = htons(qinfo->qtype); - neg->rk.rrset_class = htons(qinfo->qclass); - neg->rk.flags = 0; - neg->rk.dname = regional_alloc_init(env->scratch, qinfo->qname, - qinfo->qname_len); - if(!neg->rk.dname) { - log_err("out of memory in store_parentside_neg"); - return; - } - neg->rk.dname_len = qinfo->qname_len; - neg->entry.hash = rrset_key_hash(&neg->rk); - newd = (struct packed_rrset_data*)regional_alloc_zero(env->scratch, - sizeof(struct packed_rrset_data) + sizeof(size_t) + - sizeof(uint8_t*) + sizeof(time_t) + sizeof(uint16_t)); - if(!newd) { - log_err("out of memory in store_parentside_neg"); - return; - } - neg->entry.data = newd; - newd->ttl = ttl; - /* entry must have one RR, otherwise not valid in cache. - * put in one RR with empty rdata: those are ignored as nameserver */ - newd->count = 1; - newd->rrsig_count = 0; - newd->trust = rrset_trust_ans_noAA; - newd->rr_len = (size_t*)((uint8_t*)newd + - sizeof(struct packed_rrset_data)); - newd->rr_len[0] = 0 /* zero len rdata */ + sizeof(uint16_t); - packed_rrset_ptr_fixup(newd); - newd->rr_ttl[0] = newd->ttl; - sldns_write_uint16(newd->rr_data[0], 0 /* zero len rdata */); - /* store it */ - log_rrset_key(VERB_ALGO, "store parent-side negative", neg); - iter_store_parentside_rrset(env, neg); -} - -int -iter_lookup_parent_NS_from_cache(struct module_env* env, struct delegpt* dp, - struct regional* region, struct query_info* qinfo) -{ - struct ub_packed_rrset_key* akey; - akey = rrset_cache_lookup(env->rrset_cache, dp->name, - dp->namelen, LDNS_RR_TYPE_NS, qinfo->qclass, - PACKED_RRSET_PARENT_SIDE, *env->now, 0); - if(akey) { - log_rrset_key(VERB_ALGO, "found parent-side NS in cache", akey); - dp->has_parent_side_NS = 1; - /* and mark the new names as lame */ - if(!delegpt_rrset_add_ns(dp, region, akey, 1)) { - lock_rw_unlock(&akey->entry.lock); - return 0; - } - lock_rw_unlock(&akey->entry.lock); - } - return 1; -} - -int iter_lookup_parent_glue_from_cache(struct module_env* env, - struct delegpt* dp, struct regional* region, struct query_info* qinfo) -{ - struct ub_packed_rrset_key* akey; - struct delegpt_ns* ns; - size_t num = delegpt_count_targets(dp); - for(ns = dp->nslist; ns; ns = ns->next) { - /* get cached parentside A */ - akey = rrset_cache_lookup(env->rrset_cache, ns->name, - ns->namelen, LDNS_RR_TYPE_A, qinfo->qclass, - PACKED_RRSET_PARENT_SIDE, *env->now, 0); - if(akey) { - log_rrset_key(VERB_ALGO, "found parent-side", akey); - ns->done_pside4 = 1; - /* a negative-cache-element has no addresses it adds */ - if(!delegpt_add_rrset_A(dp, region, akey, 1)) - log_err("malloc failure in lookup_parent_glue"); - lock_rw_unlock(&akey->entry.lock); - } - /* get cached parentside AAAA */ - akey = rrset_cache_lookup(env->rrset_cache, ns->name, - ns->namelen, LDNS_RR_TYPE_AAAA, qinfo->qclass, - PACKED_RRSET_PARENT_SIDE, *env->now, 0); - if(akey) { - log_rrset_key(VERB_ALGO, "found parent-side", akey); - ns->done_pside6 = 1; - /* a negative-cache-element has no addresses it adds */ - if(!delegpt_add_rrset_AAAA(dp, region, akey, 1)) - log_err("malloc failure in lookup_parent_glue"); - lock_rw_unlock(&akey->entry.lock); - } - } - /* see if new (but lame) addresses have become available */ - return delegpt_count_targets(dp) != num; -} - -int -iter_get_next_root(struct iter_hints* hints, struct iter_forwards* fwd, - uint16_t* c) -{ - uint16_t c1 = *c, c2 = *c; - int r1 = hints_next_root(hints, &c1); - int r2 = forwards_next_root(fwd, &c2); - if(!r1 && !r2) /* got none, end of list */ - return 0; - else if(!r1) /* got one, return that */ - *c = c2; - else if(!r2) - *c = c1; - else if(c1 < c2) /* got both take smallest */ - *c = c1; - else *c = c2; - return 1; -} - -void -iter_scrub_ds(struct dns_msg* msg, struct ub_packed_rrset_key* ns, uint8_t* z) -{ - /* Only the DS record for the delegation itself is expected. - * We allow DS for everything between the bailiwick and the - * zonecut, thus DS records must be at or above the zonecut. - * And the DS records must be below the server authority zone. - * The answer section is already scrubbed. */ - size_t i = msg->rep->an_numrrsets; - while(i < (msg->rep->an_numrrsets + msg->rep->ns_numrrsets)) { - struct ub_packed_rrset_key* s = msg->rep->rrsets[i]; - if(ntohs(s->rk.type) == LDNS_RR_TYPE_DS && - (!ns || !dname_subdomain_c(ns->rk.dname, s->rk.dname) - || query_dname_compare(z, s->rk.dname) == 0)) { - log_nametypeclass(VERB_ALGO, "removing irrelevant DS", - s->rk.dname, ntohs(s->rk.type), - ntohs(s->rk.rrset_class)); - memmove(msg->rep->rrsets+i, msg->rep->rrsets+i+1, - sizeof(struct ub_packed_rrset_key*) * - (msg->rep->rrset_count-i-1)); - msg->rep->ns_numrrsets--; - msg->rep->rrset_count--; - /* stay at same i, but new record */ - continue; - } - i++; - } -} - -void iter_dec_attempts(struct delegpt* dp, int d) -{ - struct delegpt_addr* a; - for(a=dp->target_list; a; a = a->next_target) { - if(a->attempts >= OUTBOUND_MSG_RETRY) { - /* add back to result list */ - a->next_result = dp->result_list; - dp->result_list = a; - } - if(a->attempts > d) - a->attempts -= d; - else a->attempts = 0; - } -} - -void iter_merge_retry_counts(struct delegpt* dp, struct delegpt* old) -{ - struct delegpt_addr* a, *o, *prev; - for(a=dp->target_list; a; a = a->next_target) { - o = delegpt_find_addr(old, &a->addr, a->addrlen); - if(o) { - log_addr(VERB_ALGO, "copy attempt count previous dp", - &a->addr, a->addrlen); - a->attempts = o->attempts; - } - } - prev = NULL; - a = dp->usable_list; - while(a) { - if(a->attempts >= OUTBOUND_MSG_RETRY) { - log_addr(VERB_ALGO, "remove from usable list dp", - &a->addr, a->addrlen); - /* remove from result list */ - if(prev) - prev->next_usable = a->next_usable; - else dp->usable_list = a->next_usable; - /* prev stays the same */ - a = a->next_usable; - continue; - } - prev = a; - a = a->next_usable; - } -} - -int -iter_ds_toolow(struct dns_msg* msg, struct delegpt* dp) -{ - /* if for query example.com, there is example.com SOA or a subdomain - * of example.com, then we are too low and need to fetch NS. */ - size_t i; - /* if we have a DNAME or CNAME we are probably wrong */ - /* if we have a qtype DS in the answer section, its fine */ - for(i=0; i < msg->rep->an_numrrsets; i++) { - struct ub_packed_rrset_key* s = msg->rep->rrsets[i]; - if(ntohs(s->rk.type) == LDNS_RR_TYPE_DNAME || - ntohs(s->rk.type) == LDNS_RR_TYPE_CNAME) { - /* not the right answer, maybe too low, check the - * RRSIG signer name (if there is any) for a hint - * that it is from the dp zone anyway */ - uint8_t* sname; - size_t slen; - val_find_rrset_signer(s, &sname, &slen); - if(sname && query_dname_compare(dp->name, sname)==0) - return 0; /* it is fine, from the right dp */ - return 1; - } - if(ntohs(s->rk.type) == LDNS_RR_TYPE_DS) - return 0; /* fine, we have a DS record */ - } - for(i=msg->rep->an_numrrsets; - i < msg->rep->an_numrrsets + msg->rep->ns_numrrsets; i++) { - struct ub_packed_rrset_key* s = msg->rep->rrsets[i]; - if(ntohs(s->rk.type) == LDNS_RR_TYPE_SOA) { - if(dname_subdomain_c(s->rk.dname, msg->qinfo.qname)) - return 1; /* point is too low */ - if(query_dname_compare(s->rk.dname, dp->name)==0) - return 0; /* right dp */ - } - if(ntohs(s->rk.type) == LDNS_RR_TYPE_NSEC || - ntohs(s->rk.type) == LDNS_RR_TYPE_NSEC3) { - uint8_t* sname; - size_t slen; - val_find_rrset_signer(s, &sname, &slen); - if(sname && query_dname_compare(dp->name, sname)==0) - return 0; /* it is fine, from the right dp */ - return 1; - } - } - /* we do not know */ - return 1; -} - -int iter_dp_cangodown(struct query_info* qinfo, struct delegpt* dp) -{ - /* no delegation point, do not see how we can go down, - * robust check, it should really exist */ - if(!dp) return 0; - - /* see if dp equals the qname, then we cannot go down further */ - if(query_dname_compare(qinfo->qname, dp->name) == 0) - return 0; - /* if dp is one label above the name we also cannot go down further */ - if(dname_count_labels(qinfo->qname) == dp->namelabs+1) - return 0; - return 1; -} diff --git a/external/unbound/iterator/iter_utils.h b/external/unbound/iterator/iter_utils.h deleted file mode 100644 index 50c5fc093..000000000 --- a/external/unbound/iterator/iter_utils.h +++ /dev/null @@ -1,368 +0,0 @@ -/* - * iterator/iter_utils.h - iterative resolver module utility functions. - * - * Copyright (c) 2007, NLnet Labs. All rights reserved. - * - * This software is open source. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * Redistributions of source code must retain the above copyright notice, - * this list of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, - * this list of conditions and the following disclaimer in the documentation - * and/or other materials provided with the distribution. - * - * Neither the name of the NLNET LABS nor the names of its contributors may - * be used to endorse or promote products derived from this software without - * specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR - * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT - * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED - * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR - * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF - * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING - * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -/** - * \file - * - * This file contains functions to assist the iterator module. - * Configuration options. Forward zones. - */ - -#ifndef ITERATOR_ITER_UTILS_H -#define ITERATOR_ITER_UTILS_H -#include "iterator/iter_resptype.h" -struct sldns_buffer; -struct iter_env; -struct iter_hints; -struct iter_forwards; -struct config_file; -struct module_env; -struct delegpt_addr; -struct delegpt; -struct regional; -struct msg_parse; -struct ub_randstate; -struct query_info; -struct reply_info; -struct module_qstate; -struct sock_list; -struct ub_packed_rrset_key; - -/** - * Process config options and set iterator module state. - * Sets default values if no config is found. - * @param iter_env: iterator module state. - * @param cfg: config options. - * @return 0 on error. - */ -int iter_apply_cfg(struct iter_env* iter_env, struct config_file* cfg); - -/** - * Select a valid, nice target to send query to. - * Sorting and removing unsuitable targets is combined. - * - * @param iter_env: iterator module global state, with ip6 enabled and - * do-not-query-addresses. - * @param env: environment with infra cache (lameness, rtt info). - * @param dp: delegation point with result list. - * @param name: zone name (for lameness check). - * @param namelen: length of name. - * @param qtype: query type that we want to send. - * @param dnssec_lame: set to 1, if a known dnssec-lame server is selected - * these are not preferred, but are used as a last resort. - * @param chase_to_rd: set to 1 if a known recursion lame server is selected - * these are not preferred, but are used as a last resort. - * @param open_target: number of currently outstanding target queries. - * If we wait for these, perhaps more server addresses become available. - * @param blacklist: the IP blacklist to use. - * @return best target or NULL if no target. - * if not null, that target is removed from the result list in the dp. - */ -struct delegpt_addr* iter_server_selection(struct iter_env* iter_env, - struct module_env* env, struct delegpt* dp, uint8_t* name, - size_t namelen, uint16_t qtype, int* dnssec_lame, - int* chase_to_rd, int open_target, struct sock_list* blacklist); - -/** - * Allocate dns_msg from parsed msg, in regional. - * @param pkt: packet. - * @param msg: parsed message (cleaned and ready for regional allocation). - * @param regional: regional to use for allocation. - * @return newly allocated dns_msg, or NULL on memory error. - */ -struct dns_msg* dns_alloc_msg(struct sldns_buffer* pkt, struct msg_parse* msg, - struct regional* regional); - -/** - * Copy a dns_msg to this regional. - * @param from: dns message, also in regional. - * @param regional: regional to use for allocation. - * @return newly allocated dns_msg, or NULL on memory error. - */ -struct dns_msg* dns_copy_msg(struct dns_msg* from, struct regional* regional); - -/** - * Allocate a dns_msg with malloc/alloc structure and store in dns cache. - * @param env: environment, with alloc structure and dns cache. - * @param qinf: query info, the query for which answer is stored. - * @param rep: reply in dns_msg from dns_alloc_msg for example. - * @param is_referral: If true, then the given message to be stored is a - * referral. The cache implementation may use this as a hint. - * @param leeway: prefetch TTL leeway to expire old rrsets quicker. - * @param pside: true if dp is parentside, thus message is 'fresh' and NS - * can be prefetch-updates. - * @param region: to copy modified (cache is better) rrs back to. - * @param flags: with BIT_CD for dns64 AAAA translated queries. - * @return void, because we are not interested in alloc errors, - * the iterator and validator can operate on the results in their - * scratch space (the qstate.region) and are not dependent on the cache. - * It is useful to log the alloc failure (for the server operator), - * but the query resolution can continue without cache storage. - */ -void iter_dns_store(struct module_env* env, struct query_info* qinf, - struct reply_info* rep, int is_referral, time_t leeway, int pside, - struct regional* region, uint16_t flags); - -/** - * Select randomly with n/m probability. - * For shuffle NS records for address fetching. - * @param rnd: random table - * @param n: probability. - * @param m: divisor for probability. - * @return true with n/m probability. - */ -int iter_ns_probability(struct ub_randstate* rnd, int n, int m); - -/** - * Mark targets that result in a dependency cycle as done, so they - * will not get selected as targets. - * @param qstate: query state. - * @param dp: delegpt to mark ns in. - */ -void iter_mark_cycle_targets(struct module_qstate* qstate, struct delegpt* dp); - -/** - * Mark targets that result in a dependency cycle as done, so they - * will not get selected as targets. For the parent-side lookups. - * @param qstate: query state. - * @param dp: delegpt to mark ns in. - */ -void iter_mark_pside_cycle_targets(struct module_qstate* qstate, - struct delegpt* dp); - -/** - * See if delegation is useful or offers immediately no targets for - * further recursion. - * @param qinfo: query name and type - * @param qflags: query flags with RD flag - * @param dp: delegpt to check. - * @return true if dp is useless. - */ -int iter_dp_is_useless(struct query_info* qinfo, uint16_t qflags, - struct delegpt* dp); - -/** - * See if qname has DNSSEC needs in the forwarding case. This is true if - * there is a trust anchor above it. Whether there is an insecure delegation - * to the data is unknown, but CD-retry is needed. - * @param env: environment with anchors. - * @param qinfo: query name and class. - * @return true if trust anchor above qname, false if no anchor or insecure - * point above qname. - */ -int iter_indicates_dnssec_fwd(struct module_env* env, - struct query_info *qinfo); - -/** - * See if delegation is expected to have DNSSEC information (RRSIGs) in - * its answers, or not. Inspects delegation point (name), trust anchors, - * and delegation message (DS RRset) to determine this. - * @param env: module env with trust anchors. - * @param dp: delegation point. - * @param msg: delegation message, with DS if a secure referral. - * @param dclass: class of query. - * @return 1 if dnssec is expected, 0 if not. - */ -int iter_indicates_dnssec(struct module_env* env, struct delegpt* dp, - struct dns_msg* msg, uint16_t dclass); - -/** - * See if a message contains DNSSEC. - * This is examined by looking for RRSIGs. With DNSSEC a valid answer, - * nxdomain, nodata, referral or cname reply has RRSIGs in answer or auth - * sections, sigs on answer data, SOA, DS, or NSEC/NSEC3 records. - * @param msg: message to examine. - * @return true if DNSSEC information was found. - */ -int iter_msg_has_dnssec(struct dns_msg* msg); - -/** - * See if a message is known to be from a certain zone. - * This looks for SOA or NS rrsets, for answers. - * For referrals, when one label is delegated, the zone is detected. - * Does not look at signatures. - * @param msg: the message to inspect. - * @param dp: delegation point with zone name to look for. - * @param type: type of message. - * @param dclass: class of query. - * @return true if message is certain to be from zone in dp->name. - * false if not sure (empty msg), or not from the zone. - */ -int iter_msg_from_zone(struct dns_msg* msg, struct delegpt* dp, - enum response_type type, uint16_t dclass); - -/** - * Check if two replies are equal - * For fallback procedures - * @param p: reply one. The reply has rrset data pointers in region. - * Does not check rrset-IDs - * @param q: reply two - * @param region: scratch buffer. - * @return if one and two are equal. - */ -int reply_equal(struct reply_info* p, struct reply_info* q, struct regional* region); - -/** - * Remove unused bits from the reply if possible. - * So that caps-for-id (0x20) fallback is more likely to be successful. - * This removes like, the additional section, and NS record in the authority - * section if those records are gratuitous (not for a referral). - * @param rep: the reply to strip stuff out of. - */ -void caps_strip_reply(struct reply_info* rep); - -/** - * see if reply has a 'useful' rcode for capsforid comparison, so - * not SERVFAIL or REFUSED, and thus NOERROR or NXDOMAIN. - * @param rep: reply to check. - * @return true if the rcode is a bad type of message. - */ -int caps_failed_rcode(struct reply_info* rep); - -/** - * Store parent-side rrset in seperate rrset cache entries for later - * last-resort * lookups in case the child-side versions of this information - * fails. - * @param env: environment with cache, time, ... - * @param rrset: the rrset to store (copied). - * Failure to store is logged, but otherwise ignored. - */ -void iter_store_parentside_rrset(struct module_env* env, - struct ub_packed_rrset_key* rrset); - -/** - * Store parent-side NS records from a referral message - * @param env: environment with cache, time, ... - * @param rep: response with NS rrset. - * Failure to store is logged, but otherwise ignored. - */ -void iter_store_parentside_NS(struct module_env* env, struct reply_info* rep); - -/** - * Store parent-side negative element, the parentside rrset does not exist, - * creates an rrset with empty rdata in the rrset cache with PARENTSIDE flag. - * @param env: environment with cache, time, ... - * @param qinfo: the identity of the rrset that is missing. - * @param rep: delegation response or answer response, to glean TTL from. - * (malloc) failure is logged but otherwise ignored. - */ -void iter_store_parentside_neg(struct module_env* env, - struct query_info* qinfo, struct reply_info* rep); - -/** - * Add parent NS record if that exists in the cache. This is both new - * information and acts like a timeout throttle on retries. - * @param env: query env with rrset cache and time. - * @param dp: delegation point to store result in. Also this dp is used to - * see which NS name is needed. - * @param region: region to alloc result in. - * @param qinfo: pertinent information, the qclass. - * @return false on malloc failure. - * if true, the routine worked and if such cached information - * existed dp->has_parent_side_NS is set true. - */ -int iter_lookup_parent_NS_from_cache(struct module_env* env, - struct delegpt* dp, struct regional* region, struct query_info* qinfo); - -/** - * Add parent-side glue if that exists in the cache. This is both new - * information and acts like a timeout throttle on retries to fetch them. - * @param env: query env with rrset cache and time. - * @param dp: delegation point to store result in. Also this dp is used to - * see which NS name is needed. - * @param region: region to alloc result in. - * @param qinfo: pertinent information, the qclass. - * @return: true, it worked, no malloc failures, and new addresses (lame) - * have been added, giving extra options as query targets. - */ -int iter_lookup_parent_glue_from_cache(struct module_env* env, - struct delegpt* dp, struct regional* region, struct query_info* qinfo); - -/** - * Lookup next root-hint or root-forward entry. - * @param hints: the hints. - * @param fwd: the forwards. - * @param c: the class to start searching at. 0 means find first one. - * @return false if no classes found, true if found and returned in c. - */ -int iter_get_next_root(struct iter_hints* hints, struct iter_forwards* fwd, - uint16_t* c); - -/** - * Remove DS records that are inappropriate before they are cached. - * @param msg: the response to scrub. - * @param ns: RRSET that is the NS record for the referral. - * if NULL, then all DS records are removed from the authority section. - * @param z: zone name that the response is from. - */ -void iter_scrub_ds(struct dns_msg* msg, struct ub_packed_rrset_key* ns, - uint8_t* z); - -/** - * Remove query attempts from all available ips. For 0x20. - * @param dp: delegpt. - * @param d: decrease. - */ -void iter_dec_attempts(struct delegpt* dp, int d); - -/** - * Add retry counts from older delegpt to newer delegpt. - * Does not waste time on timeout'd (or other failing) addresses. - * @param dp: new delegationpoint. - * @param old: old delegationpoint. - */ -void iter_merge_retry_counts(struct delegpt* dp, struct delegpt* old); - -/** - * See if a DS response (type ANSWER) is too low: a nodata answer with - * a SOA record in the authority section at-or-below the qchase.qname. - * Also returns true if we are not sure (i.e. empty message, CNAME nosig). - * @param msg: the response. - * @param dp: the dp name is used to check if the RRSIG gives a clue that - * it was originated from the correct nameserver. - * @return true if too low. - */ -int iter_ds_toolow(struct dns_msg* msg, struct delegpt* dp); - -/** - * See if delegpt can go down a step to the qname or not - * @param qinfo: the query name looked up. - * @param dp: checked if the name can go lower to the qname - * @return true if can go down, false if that would not be possible. - * the current response seems to be the one and only, best possible, response. - */ -int iter_dp_cangodown(struct query_info* qinfo, struct delegpt* dp); - -#endif /* ITERATOR_ITER_UTILS_H */ diff --git a/external/unbound/iterator/iterator.c b/external/unbound/iterator/iterator.c deleted file mode 100644 index 43b3d30c3..000000000 --- a/external/unbound/iterator/iterator.c +++ /dev/null @@ -1,3432 +0,0 @@ -/* - * iterator/iterator.c - iterative resolver DNS query response module - * - * Copyright (c) 2007, NLnet Labs. All rights reserved. - * - * This software is open source. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * Redistributions of source code must retain the above copyright notice, - * this list of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, - * this list of conditions and the following disclaimer in the documentation - * and/or other materials provided with the distribution. - * - * Neither the name of the NLNET LABS nor the names of its contributors may - * be used to endorse or promote products derived from this software without - * specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR - * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT - * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED - * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR - * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF - * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING - * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -/** - * \file - * - * This file contains a module that performs recusive iterative DNS query - * processing. - */ - -#include "config.h" -#include "iterator/iterator.h" -#include "iterator/iter_utils.h" -#include "iterator/iter_hints.h" -#include "iterator/iter_fwd.h" -#include "iterator/iter_donotq.h" -#include "iterator/iter_delegpt.h" -#include "iterator/iter_resptype.h" -#include "iterator/iter_scrub.h" -#include "iterator/iter_priv.h" -#include "validator/val_neg.h" -#include "services/cache/dns.h" -#include "services/cache/infra.h" -#include "util/module.h" -#include "util/netevent.h" -#include "util/net_help.h" -#include "util/regional.h" -#include "util/data/dname.h" -#include "util/data/msgencode.h" -#include "util/fptr_wlist.h" -#include "util/config_file.h" -#include "util/random.h" -#include "sldns/rrdef.h" -#include "sldns/wire2str.h" -#include "sldns/str2wire.h" -#include "sldns/parseutil.h" -#include "sldns/sbuffer.h" - -int -iter_init(struct module_env* env, int id) -{ - struct iter_env* iter_env = (struct iter_env*)calloc(1, - sizeof(struct iter_env)); - if(!iter_env) { - log_err("malloc failure"); - return 0; - } - env->modinfo[id] = (void*)iter_env; - if(!iter_apply_cfg(iter_env, env->cfg)) { - log_err("iterator: could not apply configuration settings."); - return 0; - } - - return 1; -} - -/** delete caps_whitelist element */ -static void -caps_free(struct rbnode_type* n, void* ATTR_UNUSED(d)) -{ - if(n) { - free(((struct name_tree_node*)n)->name); - free(n); - } -} - -void -iter_deinit(struct module_env* env, int id) -{ - struct iter_env* iter_env; - if(!env || !env->modinfo[id]) - return; - iter_env = (struct iter_env*)env->modinfo[id]; - free(iter_env->target_fetch_policy); - priv_delete(iter_env->priv); - donotq_delete(iter_env->donotq); - if(iter_env->caps_white) { - traverse_postorder(iter_env->caps_white, caps_free, NULL); - free(iter_env->caps_white); - } - free(iter_env); - env->modinfo[id] = NULL; -} - -/** new query for iterator */ -static int -iter_new(struct module_qstate* qstate, int id) -{ - struct iter_qstate* iq = (struct iter_qstate*)regional_alloc( - qstate->region, sizeof(struct iter_qstate)); - qstate->minfo[id] = iq; - if(!iq) - return 0; - memset(iq, 0, sizeof(*iq)); - iq->state = INIT_REQUEST_STATE; - iq->final_state = FINISHED_STATE; - iq->an_prepend_list = NULL; - iq->an_prepend_last = NULL; - iq->ns_prepend_list = NULL; - iq->ns_prepend_last = NULL; - iq->dp = NULL; - iq->depth = 0; - iq->num_target_queries = 0; - iq->num_current_queries = 0; - iq->query_restart_count = 0; - iq->referral_count = 0; - iq->sent_count = 0; - iq->ratelimit_ok = 0; - iq->target_count = NULL; - iq->wait_priming_stub = 0; - iq->refetch_glue = 0; - iq->dnssec_expected = 0; - iq->dnssec_lame_query = 0; - iq->chase_flags = qstate->query_flags; - /* Start with the (current) qname. */ - iq->qchase = qstate->qinfo; - outbound_list_init(&iq->outlist); - iq->minimise_count = 0; - iq->minimise_timeout_count = 0; - if (qstate->env->cfg->qname_minimisation) - iq->minimisation_state = INIT_MINIMISE_STATE; - else - iq->minimisation_state = DONOT_MINIMISE_STATE; - - memset(&iq->qinfo_out, 0, sizeof(struct query_info)); - return 1; -} - -/** - * Transition to the next state. This can be used to advance a currently - * processing event. It cannot be used to reactivate a forEvent. - * - * @param iq: iterator query state - * @param nextstate The state to transition to. - * @return true. This is so this can be called as the return value for the - * actual process*State() methods. (Transitioning to the next state - * implies further processing). - */ -static int -next_state(struct iter_qstate* iq, enum iter_state nextstate) -{ - /* If transitioning to a "response" state, make sure that there is a - * response */ - if(iter_state_is_responsestate(nextstate)) { - if(iq->response == NULL) { - log_err("transitioning to response state sans " - "response."); - } - } - iq->state = nextstate; - return 1; -} - -/** - * Transition an event to its final state. Final states always either return - * a result up the module chain, or reactivate a dependent event. Which - * final state to transition to is set in the module state for the event when - * it was created, and depends on the original purpose of the event. - * - * The response is stored in the qstate->buf buffer. - * - * @param iq: iterator query state - * @return false. This is so this method can be used as the return value for - * the processState methods. (Transitioning to the final state - */ -static int -final_state(struct iter_qstate* iq) -{ - return next_state(iq, iq->final_state); -} - -/** - * Callback routine to handle errors in parent query states - * @param qstate: query state that failed. - * @param id: module id. - * @param super: super state. - */ -static void -error_supers(struct module_qstate* qstate, int id, struct module_qstate* super) -{ - struct iter_qstate* super_iq = (struct iter_qstate*)super->minfo[id]; - - if(qstate->qinfo.qtype == LDNS_RR_TYPE_A || - qstate->qinfo.qtype == LDNS_RR_TYPE_AAAA) { - /* mark address as failed. */ - struct delegpt_ns* dpns = NULL; - super_iq->num_target_queries--; - if(super_iq->dp) - dpns = delegpt_find_ns(super_iq->dp, - qstate->qinfo.qname, qstate->qinfo.qname_len); - if(!dpns) { - /* not interested */ - verbose(VERB_ALGO, "subq error, but not interested"); - log_query_info(VERB_ALGO, "superq", &super->qinfo); - if(super_iq->dp) - delegpt_log(VERB_ALGO, super_iq->dp); - log_assert(0); - return; - } else { - /* see if the failure did get (parent-lame) info */ - if(!cache_fill_missing(super->env, super_iq->qchase.qclass, - super->region, super_iq->dp)) - log_err("out of memory adding missing"); - } - dpns->resolved = 1; /* mark as failed */ - } - if(qstate->qinfo.qtype == LDNS_RR_TYPE_NS) { - /* prime failed to get delegation */ - super_iq->dp = NULL; - } - /* evaluate targets again */ - super_iq->state = QUERYTARGETS_STATE; - /* super becomes runnable, and will process this change */ -} - -/** - * Return an error to the client - * @param qstate: our query state - * @param id: module id - * @param rcode: error code (DNS errcode). - * @return: 0 for use by caller, to make notation easy, like: - * return error_response(..). - */ -static int -error_response(struct module_qstate* qstate, int id, int rcode) -{ - verbose(VERB_QUERY, "return error response %s", - sldns_lookup_by_id(sldns_rcodes, rcode)? - sldns_lookup_by_id(sldns_rcodes, rcode)->name:"??"); - qstate->return_rcode = rcode; - qstate->return_msg = NULL; - qstate->ext_state[id] = module_finished; - return 0; -} - -/** - * Return an error to the client and cache the error code in the - * message cache (so per qname, qtype, qclass). - * @param qstate: our query state - * @param id: module id - * @param rcode: error code (DNS errcode). - * @return: 0 for use by caller, to make notation easy, like: - * return error_response(..). - */ -static int -error_response_cache(struct module_qstate* qstate, int id, int rcode) -{ - if(!qstate->no_cache_store) { - /* store in cache */ - struct reply_info err; - if(qstate->prefetch_leeway > NORR_TTL) { - verbose(VERB_ALGO, "error response for prefetch in cache"); - /* attempt to adjust the cache entry prefetch */ - if(dns_cache_prefetch_adjust(qstate->env, &qstate->qinfo, - NORR_TTL, qstate->query_flags)) - return error_response(qstate, id, rcode); - /* if that fails (not in cache), fall through to store err */ - } - memset(&err, 0, sizeof(err)); - err.flags = (uint16_t)(BIT_QR | BIT_RA); - FLAGS_SET_RCODE(err.flags, rcode); - err.qdcount = 1; - err.ttl = NORR_TTL; - err.prefetch_ttl = PREFETCH_TTL_CALC(err.ttl); - /* do not waste time trying to validate this servfail */ - err.security = sec_status_indeterminate; - verbose(VERB_ALGO, "store error response in message cache"); - iter_dns_store(qstate->env, &qstate->qinfo, &err, 0, 0, 0, NULL, - qstate->query_flags); - } - return error_response(qstate, id, rcode); -} - -/** check if prepend item is duplicate item */ -static int -prepend_is_duplicate(struct ub_packed_rrset_key** sets, size_t to, - struct ub_packed_rrset_key* dup) -{ - size_t i; - for(i=0; irk.type == dup->rk.type && - sets[i]->rk.rrset_class == dup->rk.rrset_class && - sets[i]->rk.dname_len == dup->rk.dname_len && - query_dname_compare(sets[i]->rk.dname, dup->rk.dname) - == 0) - return 1; - } - return 0; -} - -/** prepend the prepend list in the answer and authority section of dns_msg */ -static int -iter_prepend(struct iter_qstate* iq, struct dns_msg* msg, - struct regional* region) -{ - struct iter_prep_list* p; - struct ub_packed_rrset_key** sets; - size_t num_an = 0, num_ns = 0;; - for(p = iq->an_prepend_list; p; p = p->next) - num_an++; - for(p = iq->ns_prepend_list; p; p = p->next) - num_ns++; - if(num_an + num_ns == 0) - return 1; - verbose(VERB_ALGO, "prepending %d rrsets", (int)num_an + (int)num_ns); - if(num_an > RR_COUNT_MAX || num_ns > RR_COUNT_MAX || - msg->rep->rrset_count > RR_COUNT_MAX) return 0; /* overflow */ - sets = regional_alloc(region, (num_an+num_ns+msg->rep->rrset_count) * - sizeof(struct ub_packed_rrset_key*)); - if(!sets) - return 0; - /* ANSWER section */ - num_an = 0; - for(p = iq->an_prepend_list; p; p = p->next) { - sets[num_an++] = p->rrset; - } - memcpy(sets+num_an, msg->rep->rrsets, msg->rep->an_numrrsets * - sizeof(struct ub_packed_rrset_key*)); - /* AUTH section */ - num_ns = 0; - for(p = iq->ns_prepend_list; p; p = p->next) { - if(prepend_is_duplicate(sets+msg->rep->an_numrrsets+num_an, - num_ns, p->rrset) || prepend_is_duplicate( - msg->rep->rrsets+msg->rep->an_numrrsets, - msg->rep->ns_numrrsets, p->rrset)) - continue; - sets[msg->rep->an_numrrsets + num_an + num_ns++] = p->rrset; - } - memcpy(sets + num_an + msg->rep->an_numrrsets + num_ns, - msg->rep->rrsets + msg->rep->an_numrrsets, - (msg->rep->ns_numrrsets + msg->rep->ar_numrrsets) * - sizeof(struct ub_packed_rrset_key*)); - - /* NXDOMAIN rcode can stay if we prepended DNAME/CNAMEs, because - * this is what recursors should give. */ - msg->rep->rrset_count += num_an + num_ns; - msg->rep->an_numrrsets += num_an; - msg->rep->ns_numrrsets += num_ns; - msg->rep->rrsets = sets; - return 1; -} - -/** - * Find rrset in ANSWER prepend list. - * to avoid duplicate DNAMEs when a DNAME is traversed twice. - * @param iq: iterator query state. - * @param rrset: rrset to add. - * @return false if not found - */ -static int -iter_find_rrset_in_prepend_answer(struct iter_qstate* iq, - struct ub_packed_rrset_key* rrset) -{ - struct iter_prep_list* p = iq->an_prepend_list; - while(p) { - if(ub_rrset_compare(p->rrset, rrset) == 0 && - rrsetdata_equal((struct packed_rrset_data*)p->rrset - ->entry.data, (struct packed_rrset_data*)rrset - ->entry.data)) - return 1; - p = p->next; - } - return 0; -} - -/** - * Add rrset to ANSWER prepend list - * @param qstate: query state. - * @param iq: iterator query state. - * @param rrset: rrset to add. - * @return false on failure (malloc). - */ -static int -iter_add_prepend_answer(struct module_qstate* qstate, struct iter_qstate* iq, - struct ub_packed_rrset_key* rrset) -{ - struct iter_prep_list* p = (struct iter_prep_list*)regional_alloc( - qstate->region, sizeof(struct iter_prep_list)); - if(!p) - return 0; - p->rrset = rrset; - p->next = NULL; - /* add at end */ - if(iq->an_prepend_last) - iq->an_prepend_last->next = p; - else iq->an_prepend_list = p; - iq->an_prepend_last = p; - return 1; -} - -/** - * Add rrset to AUTHORITY prepend list - * @param qstate: query state. - * @param iq: iterator query state. - * @param rrset: rrset to add. - * @return false on failure (malloc). - */ -static int -iter_add_prepend_auth(struct module_qstate* qstate, struct iter_qstate* iq, - struct ub_packed_rrset_key* rrset) -{ - struct iter_prep_list* p = (struct iter_prep_list*)regional_alloc( - qstate->region, sizeof(struct iter_prep_list)); - if(!p) - return 0; - p->rrset = rrset; - p->next = NULL; - /* add at end */ - if(iq->ns_prepend_last) - iq->ns_prepend_last->next = p; - else iq->ns_prepend_list = p; - iq->ns_prepend_last = p; - return 1; -} - -/** - * Given a CNAME response (defined as a response containing a CNAME or DNAME - * that does not answer the request), process the response, modifying the - * state as necessary. This follows the CNAME/DNAME chain and returns the - * final query name. - * - * sets the new query name, after following the CNAME/DNAME chain. - * @param qstate: query state. - * @param iq: iterator query state. - * @param msg: the response. - * @param mname: returned target new query name. - * @param mname_len: length of mname. - * @return false on (malloc) error. - */ -static int -handle_cname_response(struct module_qstate* qstate, struct iter_qstate* iq, - struct dns_msg* msg, uint8_t** mname, size_t* mname_len) -{ - size_t i; - /* Start with the (current) qname. */ - *mname = iq->qchase.qname; - *mname_len = iq->qchase.qname_len; - - /* Iterate over the ANSWER rrsets in order, looking for CNAMEs and - * DNAMES. */ - for(i=0; irep->an_numrrsets; i++) { - struct ub_packed_rrset_key* r = msg->rep->rrsets[i]; - /* If there is a (relevant) DNAME, add it to the list. - * We always expect there to be CNAME that was generated - * by this DNAME following, so we don't process the DNAME - * directly. */ - if(ntohs(r->rk.type) == LDNS_RR_TYPE_DNAME && - dname_strict_subdomain_c(*mname, r->rk.dname) && - !iter_find_rrset_in_prepend_answer(iq, r)) { - if(!iter_add_prepend_answer(qstate, iq, r)) - return 0; - continue; - } - - if(ntohs(r->rk.type) == LDNS_RR_TYPE_CNAME && - query_dname_compare(*mname, r->rk.dname) == 0 && - !iter_find_rrset_in_prepend_answer(iq, r)) { - /* Add this relevant CNAME rrset to the prepend list.*/ - if(!iter_add_prepend_answer(qstate, iq, r)) - return 0; - get_cname_target(r, mname, mname_len); - } - - /* Other rrsets in the section are ignored. */ - } - /* add authority rrsets to authority prepend, for wildcarded CNAMEs */ - for(i=msg->rep->an_numrrsets; irep->an_numrrsets + - msg->rep->ns_numrrsets; i++) { - struct ub_packed_rrset_key* r = msg->rep->rrsets[i]; - /* only add NSEC/NSEC3, as they may be needed for validation */ - if(ntohs(r->rk.type) == LDNS_RR_TYPE_NSEC || - ntohs(r->rk.type) == LDNS_RR_TYPE_NSEC3) { - if(!iter_add_prepend_auth(qstate, iq, r)) - return 0; - } - } - return 1; -} - -/** see if target name is caps-for-id whitelisted */ -static int -is_caps_whitelisted(struct iter_env* ie, struct iter_qstate* iq) -{ - if(!ie->caps_white) return 0; /* no whitelist, or no capsforid */ - return name_tree_lookup(ie->caps_white, iq->qchase.qname, - iq->qchase.qname_len, dname_count_labels(iq->qchase.qname), - iq->qchase.qclass) != NULL; -} - -/** create target count structure for this query */ -static void -target_count_create(struct iter_qstate* iq) -{ - if(!iq->target_count) { - iq->target_count = (int*)calloc(2, sizeof(int)); - /* if calloc fails we simply do not track this number */ - if(iq->target_count) - iq->target_count[0] = 1; - } -} - -static void -target_count_increase(struct iter_qstate* iq, int num) -{ - target_count_create(iq); - if(iq->target_count) - iq->target_count[1] += num; -} - -/** - * Generate a subrequest. - * Generate a local request event. Local events are tied to this module, and - * have a corresponding (first tier) event that is waiting for this event to - * resolve to continue. - * - * @param qname The query name for this request. - * @param qnamelen length of qname - * @param qtype The query type for this request. - * @param qclass The query class for this request. - * @param qstate The event that is generating this event. - * @param id: module id. - * @param iq: The iterator state that is generating this event. - * @param initial_state The initial response state (normally this - * is QUERY_RESP_STATE, unless it is known that the request won't - * need iterative processing - * @param finalstate The final state for the response to this request. - * @param subq_ret: if newly allocated, the subquerystate, or NULL if it does - * not need initialisation. - * @param v: if true, validation is done on the subquery. - * @return false on error (malloc). - */ -static int -generate_sub_request(uint8_t* qname, size_t qnamelen, uint16_t qtype, - uint16_t qclass, struct module_qstate* qstate, int id, - struct iter_qstate* iq, enum iter_state initial_state, - enum iter_state finalstate, struct module_qstate** subq_ret, int v) -{ - struct module_qstate* subq = NULL; - struct iter_qstate* subiq = NULL; - uint16_t qflags = 0; /* OPCODE QUERY, no flags */ - struct query_info qinf; - int prime = (finalstate == PRIME_RESP_STATE)?1:0; - int valrec = 0; - qinf.qname = qname; - qinf.qname_len = qnamelen; - qinf.qtype = qtype; - qinf.qclass = qclass; - qinf.local_alias = NULL; - - /* RD should be set only when sending the query back through the INIT - * state. */ - if(initial_state == INIT_REQUEST_STATE) - qflags |= BIT_RD; - /* We set the CD flag so we can send this through the "head" of - * the resolution chain, which might have a validator. We are - * uninterested in validating things not on the direct resolution - * path. */ - if(!v) { - qflags |= BIT_CD; - valrec = 1; - } - - /* attach subquery, lookup existing or make a new one */ - fptr_ok(fptr_whitelist_modenv_attach_sub(qstate->env->attach_sub)); - if(!(*qstate->env->attach_sub)(qstate, &qinf, qflags, prime, valrec, - &subq)) { - return 0; - } - *subq_ret = subq; - if(subq) { - /* initialise the new subquery */ - subq->curmod = id; - subq->ext_state[id] = module_state_initial; - subq->minfo[id] = regional_alloc(subq->region, - sizeof(struct iter_qstate)); - if(!subq->minfo[id]) { - log_err("init subq: out of memory"); - fptr_ok(fptr_whitelist_modenv_kill_sub( - qstate->env->kill_sub)); - (*qstate->env->kill_sub)(subq); - return 0; - } - subiq = (struct iter_qstate*)subq->minfo[id]; - memset(subiq, 0, sizeof(*subiq)); - subiq->num_target_queries = 0; - target_count_create(iq); - subiq->target_count = iq->target_count; - if(iq->target_count) - iq->target_count[0] ++; /* extra reference */ - subiq->num_current_queries = 0; - subiq->depth = iq->depth+1; - outbound_list_init(&subiq->outlist); - subiq->state = initial_state; - subiq->final_state = finalstate; - subiq->qchase = subq->qinfo; - subiq->chase_flags = subq->query_flags; - subiq->refetch_glue = 0; - if(qstate->env->cfg->qname_minimisation) - subiq->minimisation_state = INIT_MINIMISE_STATE; - else - subiq->minimisation_state = DONOT_MINIMISE_STATE; - memset(&subiq->qinfo_out, 0, sizeof(struct query_info)); - } - return 1; -} - -/** - * Generate and send a root priming request. - * @param qstate: the qtstate that triggered the need to prime. - * @param iq: iterator query state. - * @param id: module id. - * @param qclass: the class to prime. - * @return 0 on failure - */ -static int -prime_root(struct module_qstate* qstate, struct iter_qstate* iq, int id, - uint16_t qclass) -{ - struct delegpt* dp; - struct module_qstate* subq; - verbose(VERB_DETAIL, "priming . %s NS", - sldns_lookup_by_id(sldns_rr_classes, (int)qclass)? - sldns_lookup_by_id(sldns_rr_classes, (int)qclass)->name:"??"); - dp = hints_lookup_root(qstate->env->hints, qclass); - if(!dp) { - verbose(VERB_ALGO, "Cannot prime due to lack of hints"); - return 0; - } - /* Priming requests start at the QUERYTARGETS state, skipping - * the normal INIT state logic (which would cause an infloop). */ - if(!generate_sub_request((uint8_t*)"\000", 1, LDNS_RR_TYPE_NS, - qclass, qstate, id, iq, QUERYTARGETS_STATE, PRIME_RESP_STATE, - &subq, 0)) { - verbose(VERB_ALGO, "could not prime root"); - return 0; - } - if(subq) { - struct iter_qstate* subiq = - (struct iter_qstate*)subq->minfo[id]; - /* Set the initial delegation point to the hint. - * copy dp, it is now part of the root prime query. - * dp was part of in the fixed hints structure. */ - subiq->dp = delegpt_copy(dp, subq->region); - if(!subiq->dp) { - log_err("out of memory priming root, copydp"); - fptr_ok(fptr_whitelist_modenv_kill_sub( - qstate->env->kill_sub)); - (*qstate->env->kill_sub)(subq); - return 0; - } - /* there should not be any target queries. */ - subiq->num_target_queries = 0; - subiq->dnssec_expected = iter_indicates_dnssec( - qstate->env, subiq->dp, NULL, subq->qinfo.qclass); - } - - /* this module stops, our submodule starts, and does the query. */ - qstate->ext_state[id] = module_wait_subquery; - return 1; -} - -/** - * Generate and process a stub priming request. This method tests for the - * need to prime a stub zone, so it is safe to call for every request. - * - * @param qstate: the qtstate that triggered the need to prime. - * @param iq: iterator query state. - * @param id: module id. - * @param qname: request name. - * @param qclass: request class. - * @return true if a priming subrequest was made, false if not. The will only - * issue a priming request if it detects an unprimed stub. - * Uses value of 2 to signal during stub-prime in root-prime situation - * that a noprime-stub is available and resolution can continue. - */ -static int -prime_stub(struct module_qstate* qstate, struct iter_qstate* iq, int id, - uint8_t* qname, uint16_t qclass) -{ - /* Lookup the stub hint. This will return null if the stub doesn't - * need to be re-primed. */ - struct iter_hints_stub* stub; - struct delegpt* stub_dp; - struct module_qstate* subq; - - if(!qname) return 0; - stub = hints_lookup_stub(qstate->env->hints, qname, qclass, iq->dp); - /* The stub (if there is one) does not need priming. */ - if(!stub) - return 0; - stub_dp = stub->dp; - - /* is it a noprime stub (always use) */ - if(stub->noprime) { - int r = 0; - if(iq->dp == NULL) r = 2; - /* copy the dp out of the fixed hints structure, so that - * it can be changed when servicing this query */ - iq->dp = delegpt_copy(stub_dp, qstate->region); - if(!iq->dp) { - log_err("out of memory priming stub"); - (void)error_response(qstate, id, LDNS_RCODE_SERVFAIL); - return 1; /* return 1 to make module stop, with error */ - } - log_nametypeclass(VERB_DETAIL, "use stub", stub_dp->name, - LDNS_RR_TYPE_NS, qclass); - return r; - } - - /* Otherwise, we need to (re)prime the stub. */ - log_nametypeclass(VERB_DETAIL, "priming stub", stub_dp->name, - LDNS_RR_TYPE_NS, qclass); - - /* Stub priming events start at the QUERYTARGETS state to avoid the - * redundant INIT state processing. */ - if(!generate_sub_request(stub_dp->name, stub_dp->namelen, - LDNS_RR_TYPE_NS, qclass, qstate, id, iq, - QUERYTARGETS_STATE, PRIME_RESP_STATE, &subq, 0)) { - verbose(VERB_ALGO, "could not prime stub"); - (void)error_response(qstate, id, LDNS_RCODE_SERVFAIL); - return 1; /* return 1 to make module stop, with error */ - } - if(subq) { - struct iter_qstate* subiq = - (struct iter_qstate*)subq->minfo[id]; - - /* Set the initial delegation point to the hint. */ - /* make copy to avoid use of stub dp by different qs/threads */ - subiq->dp = delegpt_copy(stub_dp, subq->region); - if(!subiq->dp) { - log_err("out of memory priming stub, copydp"); - fptr_ok(fptr_whitelist_modenv_kill_sub( - qstate->env->kill_sub)); - (*qstate->env->kill_sub)(subq); - (void)error_response(qstate, id, LDNS_RCODE_SERVFAIL); - return 1; /* return 1 to make module stop, with error */ - } - /* there should not be any target queries -- although there - * wouldn't be anyway, since stub hints never have - * missing targets. */ - subiq->num_target_queries = 0; - subiq->wait_priming_stub = 1; - subiq->dnssec_expected = iter_indicates_dnssec( - qstate->env, subiq->dp, NULL, subq->qinfo.qclass); - } - - /* this module stops, our submodule starts, and does the query. */ - qstate->ext_state[id] = module_wait_subquery; - return 1; -} - -/** - * Generate A and AAAA checks for glue that is in-zone for the referral - * we just got to obtain authoritative information on the adresses. - * - * @param qstate: the qtstate that triggered the need to prime. - * @param iq: iterator query state. - * @param id: module id. - */ -static void -generate_a_aaaa_check(struct module_qstate* qstate, struct iter_qstate* iq, - int id) -{ - struct iter_env* ie = (struct iter_env*)qstate->env->modinfo[id]; - struct module_qstate* subq; - size_t i; - struct reply_info* rep = iq->response->rep; - struct ub_packed_rrset_key* s; - log_assert(iq->dp); - - if(iq->depth == ie->max_dependency_depth) - return; - /* walk through additional, and check if in-zone, - * only relevant A, AAAA are left after scrub anyway */ - for(i=rep->an_numrrsets+rep->ns_numrrsets; irrset_count; i++) { - s = rep->rrsets[i]; - /* check *ALL* addresses that are transmitted in additional*/ - /* is it an address ? */ - if( !(ntohs(s->rk.type)==LDNS_RR_TYPE_A || - ntohs(s->rk.type)==LDNS_RR_TYPE_AAAA)) { - continue; - } - /* is this query the same as the A/AAAA check for it */ - if(qstate->qinfo.qtype == ntohs(s->rk.type) && - qstate->qinfo.qclass == ntohs(s->rk.rrset_class) && - query_dname_compare(qstate->qinfo.qname, - s->rk.dname)==0 && - (qstate->query_flags&BIT_RD) && - !(qstate->query_flags&BIT_CD)) - continue; - - /* generate subrequest for it */ - log_nametypeclass(VERB_ALGO, "schedule addr fetch", - s->rk.dname, ntohs(s->rk.type), - ntohs(s->rk.rrset_class)); - if(!generate_sub_request(s->rk.dname, s->rk.dname_len, - ntohs(s->rk.type), ntohs(s->rk.rrset_class), - qstate, id, iq, - INIT_REQUEST_STATE, FINISHED_STATE, &subq, 1)) { - verbose(VERB_ALGO, "could not generate addr check"); - return; - } - /* ignore subq - not need for more init */ - } -} - -/** - * Generate a NS check request to obtain authoritative information - * on an NS rrset. - * - * @param qstate: the qtstate that triggered the need to prime. - * @param iq: iterator query state. - * @param id: module id. - */ -static void -generate_ns_check(struct module_qstate* qstate, struct iter_qstate* iq, int id) -{ - struct iter_env* ie = (struct iter_env*)qstate->env->modinfo[id]; - struct module_qstate* subq; - log_assert(iq->dp); - - if(iq->depth == ie->max_dependency_depth) - return; - /* is this query the same as the nscheck? */ - if(qstate->qinfo.qtype == LDNS_RR_TYPE_NS && - query_dname_compare(iq->dp->name, qstate->qinfo.qname)==0 && - (qstate->query_flags&BIT_RD) && !(qstate->query_flags&BIT_CD)){ - /* spawn off A, AAAA queries for in-zone glue to check */ - generate_a_aaaa_check(qstate, iq, id); - return; - } - - log_nametypeclass(VERB_ALGO, "schedule ns fetch", - iq->dp->name, LDNS_RR_TYPE_NS, iq->qchase.qclass); - if(!generate_sub_request(iq->dp->name, iq->dp->namelen, - LDNS_RR_TYPE_NS, iq->qchase.qclass, qstate, id, iq, - INIT_REQUEST_STATE, FINISHED_STATE, &subq, 1)) { - verbose(VERB_ALGO, "could not generate ns check"); - return; - } - if(subq) { - struct iter_qstate* subiq = - (struct iter_qstate*)subq->minfo[id]; - - /* make copy to avoid use of stub dp by different qs/threads */ - /* refetch glue to start higher up the tree */ - subiq->refetch_glue = 1; - subiq->dp = delegpt_copy(iq->dp, subq->region); - if(!subiq->dp) { - log_err("out of memory generating ns check, copydp"); - fptr_ok(fptr_whitelist_modenv_kill_sub( - qstate->env->kill_sub)); - (*qstate->env->kill_sub)(subq); - return; - } - } -} - -/** - * Generate a DNSKEY prefetch query to get the DNSKEY for the DS record we - * just got in a referral (where we have dnssec_expected, thus have trust - * anchors above it). Note that right after calling this routine the - * iterator detached subqueries (because of following the referral), and thus - * the DNSKEY query becomes detached, its return stored in the cache for - * later lookup by the validator. This cache lookup by the validator avoids - * the roundtrip incurred by the DNSKEY query. The DNSKEY query is now - * performed at about the same time the original query is sent to the domain, - * thus the two answers are likely to be returned at about the same time, - * saving a roundtrip from the validated lookup. - * - * @param qstate: the qtstate that triggered the need to prime. - * @param iq: iterator query state. - * @param id: module id. - */ -static void -generate_dnskey_prefetch(struct module_qstate* qstate, - struct iter_qstate* iq, int id) -{ - struct module_qstate* subq; - log_assert(iq->dp); - - /* is this query the same as the prefetch? */ - if(qstate->qinfo.qtype == LDNS_RR_TYPE_DNSKEY && - query_dname_compare(iq->dp->name, qstate->qinfo.qname)==0 && - (qstate->query_flags&BIT_RD) && !(qstate->query_flags&BIT_CD)){ - return; - } - - /* if the DNSKEY is in the cache this lookup will stop quickly */ - log_nametypeclass(VERB_ALGO, "schedule dnskey prefetch", - iq->dp->name, LDNS_RR_TYPE_DNSKEY, iq->qchase.qclass); - if(!generate_sub_request(iq->dp->name, iq->dp->namelen, - LDNS_RR_TYPE_DNSKEY, iq->qchase.qclass, qstate, id, iq, - INIT_REQUEST_STATE, FINISHED_STATE, &subq, 0)) { - /* we'll be slower, but it'll work */ - verbose(VERB_ALGO, "could not generate dnskey prefetch"); - return; - } - if(subq) { - struct iter_qstate* subiq = - (struct iter_qstate*)subq->minfo[id]; - /* this qstate has the right delegation for the dnskey lookup*/ - /* make copy to avoid use of stub dp by different qs/threads */ - subiq->dp = delegpt_copy(iq->dp, subq->region); - /* if !subiq->dp, it'll start from the cache, no problem */ - } -} - -/** - * See if the query needs forwarding. - * - * @param qstate: query state. - * @param iq: iterator query state. - * @return true if the request is forwarded, false if not. - * If returns true but, iq->dp is NULL then a malloc failure occurred. - */ -static int -forward_request(struct module_qstate* qstate, struct iter_qstate* iq) -{ - struct delegpt* dp; - uint8_t* delname = iq->qchase.qname; - size_t delnamelen = iq->qchase.qname_len; - if(iq->refetch_glue) { - delname = iq->dp->name; - delnamelen = iq->dp->namelen; - } - /* strip one label off of DS query to lookup higher for it */ - if( (iq->qchase.qtype == LDNS_RR_TYPE_DS || iq->refetch_glue) - && !dname_is_root(iq->qchase.qname)) - dname_remove_label(&delname, &delnamelen); - dp = forwards_lookup(qstate->env->fwds, delname, iq->qchase.qclass); - if(!dp) - return 0; - /* send recursion desired to forward addr */ - iq->chase_flags |= BIT_RD; - iq->dp = delegpt_copy(dp, qstate->region); - /* iq->dp checked by caller */ - verbose(VERB_ALGO, "forwarding request"); - return 1; -} - -/** - * Process the initial part of the request handling. This state roughly - * corresponds to resolver algorithms steps 1 (find answer in cache) and 2 - * (find the best servers to ask). - * - * Note that all requests start here, and query restarts revisit this state. - * - * This state either generates: 1) a response, from cache or error, 2) a - * priming event, or 3) forwards the request to the next state (init2, - * generally). - * - * @param qstate: query state. - * @param iq: iterator query state. - * @param ie: iterator shared global environment. - * @param id: module id. - * @return true if the event needs more request processing immediately, - * false if not. - */ -static int -processInitRequest(struct module_qstate* qstate, struct iter_qstate* iq, - struct iter_env* ie, int id) -{ - uint8_t* delname; - size_t delnamelen; - struct dns_msg* msg = NULL; - - log_query_info(VERB_DETAIL, "resolving", &qstate->qinfo); - /* check effort */ - - /* We enforce a maximum number of query restarts. This is primarily a - * cheap way to prevent CNAME loops. */ - if(iq->query_restart_count > MAX_RESTART_COUNT) { - verbose(VERB_QUERY, "request has exceeded the maximum number" - " of query restarts with %d", iq->query_restart_count); - return error_response(qstate, id, LDNS_RCODE_SERVFAIL); - } - - /* We enforce a maximum recursion/dependency depth -- in general, - * this is unnecessary for dependency loops (although it will - * catch those), but it provides a sensible limit to the amount - * of work required to answer a given query. */ - verbose(VERB_ALGO, "request has dependency depth of %d", iq->depth); - if(iq->depth > ie->max_dependency_depth) { - verbose(VERB_QUERY, "request has exceeded the maximum " - "dependency depth with depth of %d", iq->depth); - return error_response(qstate, id, LDNS_RCODE_SERVFAIL); - } - - /* If the request is qclass=ANY, setup to generate each class */ - if(qstate->qinfo.qclass == LDNS_RR_CLASS_ANY) { - iq->qchase.qclass = 0; - return next_state(iq, COLLECT_CLASS_STATE); - } - - /* Resolver Algorithm Step 1 -- Look for the answer in local data. */ - - /* This either results in a query restart (CNAME cache response), a - * terminating response (ANSWER), or a cache miss (null). */ - - if(qstate->blacklist) { - /* if cache, or anything else, was blacklisted then - * getting older results from cache is a bad idea, no cache */ - verbose(VERB_ALGO, "cache blacklisted, going to the network"); - msg = NULL; - } else if(!qstate->no_cache_lookup) { - msg = dns_cache_lookup(qstate->env, iq->qchase.qname, - iq->qchase.qname_len, iq->qchase.qtype, - iq->qchase.qclass, qstate->query_flags, - qstate->region, qstate->env->scratch); - if(!msg && qstate->env->neg_cache) { - /* lookup in negative cache; may result in - * NOERROR/NODATA or NXDOMAIN answers that need validation */ - msg = val_neg_getmsg(qstate->env->neg_cache, &iq->qchase, - qstate->region, qstate->env->rrset_cache, - qstate->env->scratch_buffer, - *qstate->env->now, 1/*add SOA*/, NULL); - } - /* item taken from cache does not match our query name, thus - * security needs to be re-examined later */ - if(msg && query_dname_compare(qstate->qinfo.qname, - iq->qchase.qname) != 0) - msg->rep->security = sec_status_unchecked; - } - if(msg) { - /* handle positive cache response */ - enum response_type type = response_type_from_cache(msg, - &iq->qchase); - if(verbosity >= VERB_ALGO) { - log_dns_msg("msg from cache lookup", &msg->qinfo, - msg->rep); - verbose(VERB_ALGO, "msg ttl is %d, prefetch ttl %d", - (int)msg->rep->ttl, - (int)msg->rep->prefetch_ttl); - } - - if(type == RESPONSE_TYPE_CNAME) { - uint8_t* sname = 0; - size_t slen = 0; - verbose(VERB_ALGO, "returning CNAME response from " - "cache"); - if(!handle_cname_response(qstate, iq, msg, - &sname, &slen)) - return error_response(qstate, id, - LDNS_RCODE_SERVFAIL); - iq->qchase.qname = sname; - iq->qchase.qname_len = slen; - /* This *is* a query restart, even if it is a cheap - * one. */ - iq->dp = NULL; - iq->refetch_glue = 0; - iq->query_restart_count++; - iq->sent_count = 0; - sock_list_insert(&qstate->reply_origin, NULL, 0, qstate->region); - if(qstate->env->cfg->qname_minimisation) - iq->minimisation_state = INIT_MINIMISE_STATE; - return next_state(iq, INIT_REQUEST_STATE); - } - - /* if from cache, NULL, else insert 'cache IP' len=0 */ - if(qstate->reply_origin) - sock_list_insert(&qstate->reply_origin, NULL, 0, qstate->region); - /* it is an answer, response, to final state */ - verbose(VERB_ALGO, "returning answer from cache."); - iq->response = msg; - return final_state(iq); - } - - /* attempt to forward the request */ - if(forward_request(qstate, iq)) - { - if(!iq->dp) { - log_err("alloc failure for forward dp"); - return error_response(qstate, id, LDNS_RCODE_SERVFAIL); - } - iq->refetch_glue = 0; - iq->minimisation_state = DONOT_MINIMISE_STATE; - /* the request has been forwarded. - * forwarded requests need to be immediately sent to the - * next state, QUERYTARGETS. */ - return next_state(iq, QUERYTARGETS_STATE); - } - - /* Resolver Algorithm Step 2 -- find the "best" servers. */ - - /* first, adjust for DS queries. To avoid the grandparent problem, - * we just look for the closest set of server to the parent of qname. - * When re-fetching glue we also need to ask the parent. - */ - if(iq->refetch_glue) { - if(!iq->dp) { - log_err("internal or malloc fail: no dp for refetch"); - return error_response(qstate, id, LDNS_RCODE_SERVFAIL); - } - delname = iq->dp->name; - delnamelen = iq->dp->namelen; - } else { - delname = iq->qchase.qname; - delnamelen = iq->qchase.qname_len; - } - if(iq->qchase.qtype == LDNS_RR_TYPE_DS || iq->refetch_glue || - (iq->qchase.qtype == LDNS_RR_TYPE_NS && qstate->prefetch_leeway)) { - /* remove first label from delname, root goes to hints, - * but only to fetch glue, not for qtype=DS. */ - /* also when prefetching an NS record, fetch it again from - * its parent, just as if it expired, so that you do not - * get stuck on an older nameserver that gives old NSrecords */ - if(dname_is_root(delname) && (iq->refetch_glue || - (iq->qchase.qtype == LDNS_RR_TYPE_NS && - qstate->prefetch_leeway))) - delname = NULL; /* go to root priming */ - else dname_remove_label(&delname, &delnamelen); - } - /* delname is the name to lookup a delegation for. If NULL rootprime */ - while(1) { - - /* Lookup the delegation in the cache. If null, then the - * cache needs to be primed for the qclass. */ - if(delname) - iq->dp = dns_cache_find_delegation(qstate->env, delname, - delnamelen, iq->qchase.qtype, iq->qchase.qclass, - qstate->region, &iq->deleg_msg, - *qstate->env->now+qstate->prefetch_leeway); - else iq->dp = NULL; - - /* If the cache has returned nothing, then we have a - * root priming situation. */ - if(iq->dp == NULL) { - /* if there is a stub, then no root prime needed */ - int r = prime_stub(qstate, iq, id, delname, - iq->qchase.qclass); - if(r == 2) - break; /* got noprime-stub-zone, continue */ - else if(r) - return 0; /* stub prime request made */ - if(forwards_lookup_root(qstate->env->fwds, - iq->qchase.qclass)) { - /* forward zone root, no root prime needed */ - /* fill in some dp - safety belt */ - iq->dp = hints_lookup_root(qstate->env->hints, - iq->qchase.qclass); - if(!iq->dp) { - log_err("internal error: no hints dp"); - return error_response(qstate, id, - LDNS_RCODE_SERVFAIL); - } - iq->dp = delegpt_copy(iq->dp, qstate->region); - if(!iq->dp) { - log_err("out of memory in safety belt"); - return error_response(qstate, id, - LDNS_RCODE_SERVFAIL); - } - return next_state(iq, INIT_REQUEST_2_STATE); - } - /* Note that the result of this will set a new - * DelegationPoint based on the result of priming. */ - if(!prime_root(qstate, iq, id, iq->qchase.qclass)) - return error_response(qstate, id, - LDNS_RCODE_REFUSED); - - /* priming creates and sends a subordinate query, with - * this query as the parent. So further processing for - * this event will stop until reactivated by the - * results of priming. */ - return 0; - } - if(!iq->ratelimit_ok && qstate->prefetch_leeway) - iq->ratelimit_ok = 1; /* allow prefetches, this keeps - otherwise valid data in the cache */ - if(!iq->ratelimit_ok && infra_ratelimit_exceeded( - qstate->env->infra_cache, iq->dp->name, - iq->dp->namelen, *qstate->env->now)) { - /* and increment the rate, so that the rate for time - * now will also exceed the rate, keeping cache fresh */ - (void)infra_ratelimit_inc(qstate->env->infra_cache, - iq->dp->name, iq->dp->namelen, - *qstate->env->now); - /* see if we are passed through with slip factor */ - if(qstate->env->cfg->ratelimit_factor != 0 && - ub_random_max(qstate->env->rnd, - qstate->env->cfg->ratelimit_factor) == 1) { - iq->ratelimit_ok = 1; - log_nametypeclass(VERB_ALGO, "ratelimit allowed through for " - "delegation point", iq->dp->name, - LDNS_RR_TYPE_NS, LDNS_RR_CLASS_IN); - } else { - log_nametypeclass(VERB_ALGO, "ratelimit exceeded with " - "delegation point", iq->dp->name, - LDNS_RR_TYPE_NS, LDNS_RR_CLASS_IN); - return error_response(qstate, id, LDNS_RCODE_SERVFAIL); - } - } - - /* see if this dp not useless. - * It is useless if: - * o all NS items are required glue. - * or the query is for NS item that is required glue. - * o no addresses are provided. - * o RD qflag is on. - * Instead, go up one level, and try to get even further - * If the root was useless, use safety belt information. - * Only check cache returns, because replies for servers - * could be useless but lead to loops (bumping into the - * same server reply) if useless-checked. - */ - if(iter_dp_is_useless(&qstate->qinfo, qstate->query_flags, - iq->dp)) { - if(dname_is_root(iq->dp->name)) { - /* use safety belt */ - verbose(VERB_QUERY, "Cache has root NS but " - "no addresses. Fallback to the safety belt."); - iq->dp = hints_lookup_root(qstate->env->hints, - iq->qchase.qclass); - /* note deleg_msg is from previous lookup, - * but RD is on, so it is not used */ - if(!iq->dp) { - log_err("internal error: no hints dp"); - return error_response(qstate, id, - LDNS_RCODE_REFUSED); - } - iq->dp = delegpt_copy(iq->dp, qstate->region); - if(!iq->dp) { - log_err("out of memory in safety belt"); - return error_response(qstate, id, - LDNS_RCODE_SERVFAIL); - } - break; - } else { - verbose(VERB_ALGO, - "cache delegation was useless:"); - delegpt_log(VERB_ALGO, iq->dp); - /* go up */ - delname = iq->dp->name; - delnamelen = iq->dp->namelen; - dname_remove_label(&delname, &delnamelen); - } - } else break; - } - - verbose(VERB_ALGO, "cache delegation returns delegpt"); - delegpt_log(VERB_ALGO, iq->dp); - - /* Otherwise, set the current delegation point and move on to the - * next state. */ - return next_state(iq, INIT_REQUEST_2_STATE); -} - -/** - * Process the second part of the initial request handling. This state - * basically exists so that queries that generate root priming events have - * the same init processing as ones that do not. Request events that reach - * this state must have a valid currentDelegationPoint set. - * - * This part is primarly handling stub zone priming. Events that reach this - * state must have a current delegation point. - * - * @param qstate: query state. - * @param iq: iterator query state. - * @param id: module id. - * @return true if the event needs more request processing immediately, - * false if not. - */ -static int -processInitRequest2(struct module_qstate* qstate, struct iter_qstate* iq, - int id) -{ - uint8_t* delname; - size_t delnamelen; - log_query_info(VERB_QUERY, "resolving (init part 2): ", - &qstate->qinfo); - - if(iq->refetch_glue) { - if(!iq->dp) { - log_err("internal or malloc fail: no dp for refetch"); - return error_response(qstate, id, LDNS_RCODE_SERVFAIL); - } - delname = iq->dp->name; - delnamelen = iq->dp->namelen; - } else { - delname = iq->qchase.qname; - delnamelen = iq->qchase.qname_len; - } - if(iq->qchase.qtype == LDNS_RR_TYPE_DS || iq->refetch_glue) { - if(!dname_is_root(delname)) - dname_remove_label(&delname, &delnamelen); - iq->refetch_glue = 0; /* if CNAME causes restart, no refetch */ - } - /* Check to see if we need to prime a stub zone. */ - if(prime_stub(qstate, iq, id, delname, iq->qchase.qclass)) { - /* A priming sub request was made */ - return 0; - } - - /* most events just get forwarded to the next state. */ - return next_state(iq, INIT_REQUEST_3_STATE); -} - -/** - * Process the third part of the initial request handling. This state exists - * as a separate state so that queries that generate stub priming events - * will get the tail end of the init process but not repeat the stub priming - * check. - * - * @param qstate: query state. - * @param iq: iterator query state. - * @param id: module id. - * @return true, advancing the event to the QUERYTARGETS_STATE. - */ -static int -processInitRequest3(struct module_qstate* qstate, struct iter_qstate* iq, - int id) -{ - log_query_info(VERB_QUERY, "resolving (init part 3): ", - &qstate->qinfo); - /* if the cache reply dp equals a validation anchor or msg has DS, - * then DNSSEC RRSIGs are expected in the reply */ - iq->dnssec_expected = iter_indicates_dnssec(qstate->env, iq->dp, - iq->deleg_msg, iq->qchase.qclass); - - /* If the RD flag wasn't set, then we just finish with the - * cached referral as the response. */ - if(!(qstate->query_flags & BIT_RD) && iq->deleg_msg) { - iq->response = iq->deleg_msg; - if(verbosity >= VERB_ALGO && iq->response) - log_dns_msg("no RD requested, using delegation msg", - &iq->response->qinfo, iq->response->rep); - if(qstate->reply_origin) - sock_list_insert(&qstate->reply_origin, NULL, 0, qstate->region); - return final_state(iq); - } - /* After this point, unset the RD flag -- this query is going to - * be sent to an auth. server. */ - iq->chase_flags &= ~BIT_RD; - - /* if dnssec expected, fetch key for the trust-anchor or cached-DS */ - if(iq->dnssec_expected && qstate->env->cfg->prefetch_key && - !(qstate->query_flags&BIT_CD)) { - generate_dnskey_prefetch(qstate, iq, id); - fptr_ok(fptr_whitelist_modenv_detach_subs( - qstate->env->detach_subs)); - (*qstate->env->detach_subs)(qstate); - } - - /* Jump to the next state. */ - return next_state(iq, QUERYTARGETS_STATE); -} - -/** - * Given a basic query, generate a parent-side "target" query. - * These are subordinate queries for missing delegation point target addresses, - * for which only the parent of the delegation provides correct IP addresses. - * - * @param qstate: query state. - * @param iq: iterator query state. - * @param id: module id. - * @param name: target qname. - * @param namelen: target qname length. - * @param qtype: target qtype (either A or AAAA). - * @param qclass: target qclass. - * @return true on success, false on failure. - */ -static int -generate_parentside_target_query(struct module_qstate* qstate, - struct iter_qstate* iq, int id, uint8_t* name, size_t namelen, - uint16_t qtype, uint16_t qclass) -{ - struct module_qstate* subq; - if(!generate_sub_request(name, namelen, qtype, qclass, qstate, - id, iq, INIT_REQUEST_STATE, FINISHED_STATE, &subq, 0)) - return 0; - if(subq) { - struct iter_qstate* subiq = - (struct iter_qstate*)subq->minfo[id]; - /* blacklist the cache - we want to fetch parent stuff */ - sock_list_insert(&subq->blacklist, NULL, 0, subq->region); - subiq->query_for_pside_glue = 1; - if(dname_subdomain_c(name, iq->dp->name)) { - subiq->dp = delegpt_copy(iq->dp, subq->region); - subiq->dnssec_expected = iter_indicates_dnssec( - qstate->env, subiq->dp, NULL, - subq->qinfo.qclass); - subiq->refetch_glue = 1; - } else { - subiq->dp = dns_cache_find_delegation(qstate->env, - name, namelen, qtype, qclass, subq->region, - &subiq->deleg_msg, - *qstate->env->now+subq->prefetch_leeway); - /* if no dp, then it's from root, refetch unneeded */ - if(subiq->dp) { - subiq->dnssec_expected = iter_indicates_dnssec( - qstate->env, subiq->dp, NULL, - subq->qinfo.qclass); - subiq->refetch_glue = 1; - } - } - } - log_nametypeclass(VERB_QUERY, "new pside target", name, qtype, qclass); - return 1; -} - -/** - * Given a basic query, generate a "target" query. These are subordinate - * queries for missing delegation point target addresses. - * - * @param qstate: query state. - * @param iq: iterator query state. - * @param id: module id. - * @param name: target qname. - * @param namelen: target qname length. - * @param qtype: target qtype (either A or AAAA). - * @param qclass: target qclass. - * @return true on success, false on failure. - */ -static int -generate_target_query(struct module_qstate* qstate, struct iter_qstate* iq, - int id, uint8_t* name, size_t namelen, uint16_t qtype, uint16_t qclass) -{ - struct module_qstate* subq; - if(!generate_sub_request(name, namelen, qtype, qclass, qstate, - id, iq, INIT_REQUEST_STATE, FINISHED_STATE, &subq, 0)) - return 0; - log_nametypeclass(VERB_QUERY, "new target", name, qtype, qclass); - return 1; -} - -/** - * Given an event at a certain state, generate zero or more target queries - * for it's current delegation point. - * - * @param qstate: query state. - * @param iq: iterator query state. - * @param ie: iterator shared global environment. - * @param id: module id. - * @param maxtargets: The maximum number of targets to query for. - * if it is negative, there is no maximum number of targets. - * @param num: returns the number of queries generated and processed, - * which may be zero if there were no missing targets. - * @return false on error. - */ -static int -query_for_targets(struct module_qstate* qstate, struct iter_qstate* iq, - struct iter_env* ie, int id, int maxtargets, int* num) -{ - int query_count = 0; - struct delegpt_ns* ns; - int missing; - int toget = 0; - - if(iq->depth == ie->max_dependency_depth) - return 0; - if(iq->depth > 0 && iq->target_count && - iq->target_count[1] > MAX_TARGET_COUNT) { - char s[LDNS_MAX_DOMAINLEN+1]; - dname_str(qstate->qinfo.qname, s); - verbose(VERB_QUERY, "request %s has exceeded the maximum " - "number of glue fetches %d", s, iq->target_count[1]); - return 0; - } - - iter_mark_cycle_targets(qstate, iq->dp); - missing = (int)delegpt_count_missing_targets(iq->dp); - log_assert(maxtargets != 0); /* that would not be useful */ - - /* Generate target requests. Basically, any missing targets - * are queried for here, regardless if it is necessary to do - * so to continue processing. */ - if(maxtargets < 0 || maxtargets > missing) - toget = missing; - else toget = maxtargets; - if(toget == 0) { - *num = 0; - return 1; - } - /* select 'toget' items from the total of 'missing' items */ - log_assert(toget <= missing); - - /* loop over missing targets */ - for(ns = iq->dp->nslist; ns; ns = ns->next) { - if(ns->resolved) - continue; - - /* randomly select this item with probability toget/missing */ - if(!iter_ns_probability(qstate->env->rnd, toget, missing)) { - /* do not select this one, next; select toget number - * of items from a list one less in size */ - missing --; - continue; - } - - if(ie->supports_ipv6 && !ns->got6) { - /* Send the AAAA request. */ - if(!generate_target_query(qstate, iq, id, - ns->name, ns->namelen, - LDNS_RR_TYPE_AAAA, iq->qchase.qclass)) { - *num = query_count; - if(query_count > 0) - qstate->ext_state[id] = module_wait_subquery; - return 0; - } - query_count++; - } - /* Send the A request. */ - if(ie->supports_ipv4 && !ns->got4) { - if(!generate_target_query(qstate, iq, id, - ns->name, ns->namelen, - LDNS_RR_TYPE_A, iq->qchase.qclass)) { - *num = query_count; - if(query_count > 0) - qstate->ext_state[id] = module_wait_subquery; - return 0; - } - query_count++; - } - - /* mark this target as in progress. */ - ns->resolved = 1; - missing--; - toget--; - if(toget == 0) - break; - } - *num = query_count; - if(query_count > 0) - qstate->ext_state[id] = module_wait_subquery; - - return 1; -} - -/** see if last resort is possible - does config allow queries to parent */ -static int -can_have_last_resort(struct module_env* env, struct delegpt* dp, - struct iter_qstate* iq) -{ - struct delegpt* fwddp; - struct iter_hints_stub* stub; - /* do not process a last resort (the parent side) if a stub - * or forward is configured, because we do not want to go 'above' - * the configured servers */ - if(!dname_is_root(dp->name) && (stub = (struct iter_hints_stub*) - name_tree_find(&env->hints->tree, dp->name, dp->namelen, - dp->namelabs, iq->qchase.qclass)) && - /* has_parent side is turned off for stub_first, where we - * are allowed to go to the parent */ - stub->dp->has_parent_side_NS) { - verbose(VERB_QUERY, "configured stub servers failed -- returning SERVFAIL"); - return 0; - } - if((fwddp = forwards_find(env->fwds, dp->name, iq->qchase.qclass)) && - /* has_parent_side is turned off for forward_first, where - * we are allowed to go to the parent */ - fwddp->has_parent_side_NS) { - verbose(VERB_QUERY, "configured forward servers failed -- returning SERVFAIL"); - return 0; - } - return 1; -} - -/** - * Called by processQueryTargets when it would like extra targets to query - * but it seems to be out of options. At last resort some less appealing - * options are explored. If there are no more options, the result is SERVFAIL - * - * @param qstate: query state. - * @param iq: iterator query state. - * @param ie: iterator shared global environment. - * @param id: module id. - * @return true if the event requires more request processing immediately, - * false if not. - */ -static int -processLastResort(struct module_qstate* qstate, struct iter_qstate* iq, - struct iter_env* ie, int id) -{ - struct delegpt_ns* ns; - int query_count = 0; - verbose(VERB_ALGO, "No more query targets, attempting last resort"); - log_assert(iq->dp); - - if(!can_have_last_resort(qstate->env, iq->dp, iq)) { - /* fail -- no more targets, no more hope of targets, no hope - * of a response. */ - return error_response_cache(qstate, id, LDNS_RCODE_SERVFAIL); - } - if(!iq->dp->has_parent_side_NS && dname_is_root(iq->dp->name)) { - struct delegpt* p = hints_lookup_root(qstate->env->hints, - iq->qchase.qclass); - if(p) { - struct delegpt_ns* ns; - struct delegpt_addr* a; - iq->chase_flags &= ~BIT_RD; /* go to authorities */ - for(ns = p->nslist; ns; ns=ns->next) { - (void)delegpt_add_ns(iq->dp, qstate->region, - ns->name, ns->lame); - } - for(a = p->target_list; a; a=a->next_target) { - (void)delegpt_add_addr(iq->dp, qstate->region, - &a->addr, a->addrlen, a->bogus, - a->lame); - } - } - iq->dp->has_parent_side_NS = 1; - } else if(!iq->dp->has_parent_side_NS) { - if(!iter_lookup_parent_NS_from_cache(qstate->env, iq->dp, - qstate->region, &qstate->qinfo) - || !iq->dp->has_parent_side_NS) { - /* if: malloc failure in lookup go up to try */ - /* if: no parent NS in cache - go up one level */ - verbose(VERB_ALGO, "try to grab parent NS"); - iq->store_parent_NS = iq->dp; - iq->chase_flags &= ~BIT_RD; /* go to authorities */ - iq->deleg_msg = NULL; - iq->refetch_glue = 1; - iq->query_restart_count++; - iq->sent_count = 0; - if(qstate->env->cfg->qname_minimisation) - iq->minimisation_state = INIT_MINIMISE_STATE; - return next_state(iq, INIT_REQUEST_STATE); - } - } - /* see if that makes new names available */ - if(!cache_fill_missing(qstate->env, iq->qchase.qclass, - qstate->region, iq->dp)) - log_err("out of memory in cache_fill_missing"); - if(iq->dp->usable_list) { - verbose(VERB_ALGO, "try parent-side-name, w. glue from cache"); - return next_state(iq, QUERYTARGETS_STATE); - } - /* try to fill out parent glue from cache */ - if(iter_lookup_parent_glue_from_cache(qstate->env, iq->dp, - qstate->region, &qstate->qinfo)) { - /* got parent stuff from cache, see if we can continue */ - verbose(VERB_ALGO, "try parent-side glue from cache"); - return next_state(iq, QUERYTARGETS_STATE); - } - /* query for an extra name added by the parent-NS record */ - if(delegpt_count_missing_targets(iq->dp) > 0) { - int qs = 0; - verbose(VERB_ALGO, "try parent-side target name"); - if(!query_for_targets(qstate, iq, ie, id, 1, &qs)) { - return error_response(qstate, id, LDNS_RCODE_SERVFAIL); - } - iq->num_target_queries += qs; - target_count_increase(iq, qs); - if(qs != 0) { - qstate->ext_state[id] = module_wait_subquery; - return 0; /* and wait for them */ - } - } - if(iq->depth == ie->max_dependency_depth) { - verbose(VERB_QUERY, "maxdepth and need more nameservers, fail"); - return error_response_cache(qstate, id, LDNS_RCODE_SERVFAIL); - } - if(iq->depth > 0 && iq->target_count && - iq->target_count[1] > MAX_TARGET_COUNT) { - char s[LDNS_MAX_DOMAINLEN+1]; - dname_str(qstate->qinfo.qname, s); - verbose(VERB_QUERY, "request %s has exceeded the maximum " - "number of glue fetches %d", s, iq->target_count[1]); - return error_response_cache(qstate, id, LDNS_RCODE_SERVFAIL); - } - /* mark cycle targets for parent-side lookups */ - iter_mark_pside_cycle_targets(qstate, iq->dp); - /* see if we can issue queries to get nameserver addresses */ - /* this lookup is not randomized, but sequential. */ - for(ns = iq->dp->nslist; ns; ns = ns->next) { - /* query for parent-side A and AAAA for nameservers */ - if(ie->supports_ipv6 && !ns->done_pside6) { - /* Send the AAAA request. */ - if(!generate_parentside_target_query(qstate, iq, id, - ns->name, ns->namelen, - LDNS_RR_TYPE_AAAA, iq->qchase.qclass)) - return error_response(qstate, id, - LDNS_RCODE_SERVFAIL); - ns->done_pside6 = 1; - query_count++; - } - if(ie->supports_ipv4 && !ns->done_pside4) { - /* Send the A request. */ - if(!generate_parentside_target_query(qstate, iq, id, - ns->name, ns->namelen, - LDNS_RR_TYPE_A, iq->qchase.qclass)) - return error_response(qstate, id, - LDNS_RCODE_SERVFAIL); - ns->done_pside4 = 1; - query_count++; - } - if(query_count != 0) { /* suspend to await results */ - verbose(VERB_ALGO, "try parent-side glue lookup"); - iq->num_target_queries += query_count; - target_count_increase(iq, query_count); - qstate->ext_state[id] = module_wait_subquery; - return 0; - } - } - - /* if this was a parent-side glue query itself, then store that - * failure in cache. */ - if(!qstate->no_cache_store && iq->query_for_pside_glue - && !iq->pside_glue) - iter_store_parentside_neg(qstate->env, &qstate->qinfo, - iq->deleg_msg?iq->deleg_msg->rep: - (iq->response?iq->response->rep:NULL)); - - verbose(VERB_QUERY, "out of query targets -- returning SERVFAIL"); - /* fail -- no more targets, no more hope of targets, no hope - * of a response. */ - return error_response_cache(qstate, id, LDNS_RCODE_SERVFAIL); -} - -/** - * Try to find the NS record set that will resolve a qtype DS query. Due - * to grandparent/grandchild reasons we did not get a proper lookup right - * away. We need to create type NS queries until we get the right parent - * for this lookup. We remove labels from the query to find the right point. - * If we end up at the old dp name, then there is no solution. - * - * @param qstate: query state. - * @param iq: iterator query state. - * @param id: module id. - * @return true if the event requires more immediate processing, false if - * not. This is generally only true when forwarding the request to - * the final state (i.e., on answer). - */ -static int -processDSNSFind(struct module_qstate* qstate, struct iter_qstate* iq, int id) -{ - struct module_qstate* subq = NULL; - verbose(VERB_ALGO, "processDSNSFind"); - - if(!iq->dsns_point) { - /* initialize */ - iq->dsns_point = iq->qchase.qname; - iq->dsns_point_len = iq->qchase.qname_len; - } - /* robustcheck for internal error: we are not underneath the dp */ - if(!dname_subdomain_c(iq->dsns_point, iq->dp->name)) { - return error_response_cache(qstate, id, LDNS_RCODE_SERVFAIL); - } - - /* go up one (more) step, until we hit the dp, if so, end */ - dname_remove_label(&iq->dsns_point, &iq->dsns_point_len); - if(query_dname_compare(iq->dsns_point, iq->dp->name) == 0) { - /* there was no inbetween nameserver, use the old delegation - * point again. And this time, because dsns_point is nonNULL - * we are going to accept the (bad) result */ - iq->state = QUERYTARGETS_STATE; - return 1; - } - iq->state = DSNS_FIND_STATE; - - /* spawn NS lookup (validation not needed, this is for DS lookup) */ - log_nametypeclass(VERB_ALGO, "fetch nameservers", - iq->dsns_point, LDNS_RR_TYPE_NS, iq->qchase.qclass); - if(!generate_sub_request(iq->dsns_point, iq->dsns_point_len, - LDNS_RR_TYPE_NS, iq->qchase.qclass, qstate, id, iq, - INIT_REQUEST_STATE, FINISHED_STATE, &subq, 0)) { - return error_response_cache(qstate, id, LDNS_RCODE_SERVFAIL); - } - - return 0; -} - -/** - * This is the request event state where the request will be sent to one of - * its current query targets. This state also handles issuing target lookup - * queries for missing target IP addresses. Queries typically iterate on - * this state, both when they are just trying different targets for a given - * delegation point, and when they change delegation points. This state - * roughly corresponds to RFC 1034 algorithm steps 3 and 4. - * - * @param qstate: query state. - * @param iq: iterator query state. - * @param ie: iterator shared global environment. - * @param id: module id. - * @return true if the event requires more request processing immediately, - * false if not. This state only returns true when it is generating - * a SERVFAIL response because the query has hit a dead end. - */ -static int -processQueryTargets(struct module_qstate* qstate, struct iter_qstate* iq, - struct iter_env* ie, int id) -{ - int tf_policy; - struct delegpt_addr* target; - struct outbound_entry* outq; - - /* NOTE: a request will encounter this state for each target it - * needs to send a query to. That is, at least one per referral, - * more if some targets timeout or return throwaway answers. */ - - log_query_info(VERB_QUERY, "processQueryTargets:", &qstate->qinfo); - verbose(VERB_ALGO, "processQueryTargets: targetqueries %d, " - "currentqueries %d sentcount %d", iq->num_target_queries, - iq->num_current_queries, iq->sent_count); - - /* Make sure that we haven't run away */ - /* FIXME: is this check even necessary? */ - if(iq->referral_count > MAX_REFERRAL_COUNT) { - verbose(VERB_QUERY, "request has exceeded the maximum " - "number of referrrals with %d", iq->referral_count); - return error_response(qstate, id, LDNS_RCODE_SERVFAIL); - } - if(iq->sent_count > MAX_SENT_COUNT) { - verbose(VERB_QUERY, "request has exceeded the maximum " - "number of sends with %d", iq->sent_count); - return error_response(qstate, id, LDNS_RCODE_SERVFAIL); - } - - /* Make sure we have a delegation point, otherwise priming failed - * or another failure occurred */ - if(!iq->dp) { - verbose(VERB_QUERY, "Failed to get a delegation, giving up"); - return error_response(qstate, id, LDNS_RCODE_SERVFAIL); - } - if(!ie->supports_ipv6) - delegpt_no_ipv6(iq->dp); - if(!ie->supports_ipv4) - delegpt_no_ipv4(iq->dp); - delegpt_log(VERB_ALGO, iq->dp); - - if(iq->num_current_queries>0) { - /* already busy answering a query, this restart is because - * more delegpt addrs became available, wait for existing - * query. */ - verbose(VERB_ALGO, "woke up, but wait for outstanding query"); - qstate->ext_state[id] = module_wait_reply; - return 0; - } - - tf_policy = 0; - /* < not <=, because although the array is large enough for <=, the - * generated query will immediately be discarded due to depth and - * that servfail is cached, which is not good as opportunism goes. */ - if(iq->depth < ie->max_dependency_depth - && iq->sent_count < TARGET_FETCH_STOP) { - tf_policy = ie->target_fetch_policy[iq->depth]; - } - - /* if in 0x20 fallback get as many targets as possible */ - if(iq->caps_fallback) { - int extra = 0; - size_t naddr, nres, navail; - if(!query_for_targets(qstate, iq, ie, id, -1, &extra)) { - return error_response(qstate, id, LDNS_RCODE_SERVFAIL); - } - iq->num_target_queries += extra; - target_count_increase(iq, extra); - if(iq->num_target_queries > 0) { - /* wait to get all targets, we want to try em */ - verbose(VERB_ALGO, "wait for all targets for fallback"); - qstate->ext_state[id] = module_wait_reply; - return 0; - } - /* did we do enough fallback queries already? */ - delegpt_count_addr(iq->dp, &naddr, &nres, &navail); - /* the current caps_server is the number of fallbacks sent. - * the original query is one that matched too, so we have - * caps_server+1 number of matching queries now */ - if(iq->caps_server+1 >= naddr*3 || - iq->caps_server*2+2 >= MAX_SENT_COUNT) { - /* *2 on sentcount check because ipv6 may fail */ - /* we're done, process the response */ - verbose(VERB_ALGO, "0x20 fallback had %d responses " - "match for %d wanted, done.", - (int)iq->caps_server+1, (int)naddr*3); - iq->response = iq->caps_response; - iq->caps_fallback = 0; - iter_dec_attempts(iq->dp, 3); /* space for fallback */ - iq->num_current_queries++; /* RespState decrements it*/ - iq->referral_count++; /* make sure we don't loop */ - iq->sent_count = 0; - iq->state = QUERY_RESP_STATE; - return 1; - } - verbose(VERB_ALGO, "0x20 fallback number %d", - (int)iq->caps_server); - - /* if there is a policy to fetch missing targets - * opportunistically, do it. we rely on the fact that once a - * query (or queries) for a missing name have been issued, - * they will not show up again. */ - } else if(tf_policy != 0) { - int extra = 0; - verbose(VERB_ALGO, "attempt to get extra %d targets", - tf_policy); - (void)query_for_targets(qstate, iq, ie, id, tf_policy, &extra); - /* errors ignored, these targets are not strictly necessary for - * this result, we do not have to reply with SERVFAIL */ - iq->num_target_queries += extra; - target_count_increase(iq, extra); - } - - /* Add the current set of unused targets to our queue. */ - delegpt_add_unused_targets(iq->dp); - - /* Select the next usable target, filtering out unsuitable targets. */ - target = iter_server_selection(ie, qstate->env, iq->dp, - iq->dp->name, iq->dp->namelen, iq->qchase.qtype, - &iq->dnssec_lame_query, &iq->chase_to_rd, - iq->num_target_queries, qstate->blacklist); - - /* If no usable target was selected... */ - if(!target) { - /* Here we distinguish between three states: generate a new - * target query, just wait, or quit (with a SERVFAIL). - * We have the following information: number of active - * target queries, number of active current queries, - * the presence of missing targets at this delegation - * point, and the given query target policy. */ - - /* Check for the wait condition. If this is true, then - * an action must be taken. */ - if(iq->num_target_queries==0 && iq->num_current_queries==0) { - /* If there is nothing to wait for, then we need - * to distinguish between generating (a) new target - * query, or failing. */ - if(delegpt_count_missing_targets(iq->dp) > 0) { - int qs = 0; - verbose(VERB_ALGO, "querying for next " - "missing target"); - if(!query_for_targets(qstate, iq, ie, id, - 1, &qs)) { - return error_response(qstate, id, - LDNS_RCODE_SERVFAIL); - } - if(qs == 0 && - delegpt_count_missing_targets(iq->dp) == 0){ - /* it looked like there were missing - * targets, but they did not turn up. - * Try the bad choices again (if any), - * when we get back here missing==0, - * so this is not a loop. */ - return 1; - } - iq->num_target_queries += qs; - target_count_increase(iq, qs); - } - /* Since a target query might have been made, we - * need to check again. */ - if(iq->num_target_queries == 0) { - /* if in capsforid fallback, instead of last - * resort, we agree with the current reply - * we have (if any) (our count of addrs bad)*/ - if(iq->caps_fallback && iq->caps_reply) { - /* we're done, process the response */ - verbose(VERB_ALGO, "0x20 fallback had %d responses, " - "but no more servers except " - "last resort, done.", - (int)iq->caps_server+1); - iq->response = iq->caps_response; - iq->caps_fallback = 0; - iter_dec_attempts(iq->dp, 3); /* space for fallback */ - iq->num_current_queries++; /* RespState decrements it*/ - iq->referral_count++; /* make sure we don't loop */ - iq->sent_count = 0; - iq->state = QUERY_RESP_STATE; - return 1; - } - return processLastResort(qstate, iq, ie, id); - } - } - - /* otherwise, we have no current targets, so submerge - * until one of the target or direct queries return. */ - if(iq->num_target_queries>0 && iq->num_current_queries>0) { - verbose(VERB_ALGO, "no current targets -- waiting " - "for %d targets to resolve or %d outstanding" - " queries to respond", iq->num_target_queries, - iq->num_current_queries); - qstate->ext_state[id] = module_wait_reply; - } else if(iq->num_target_queries>0) { - verbose(VERB_ALGO, "no current targets -- waiting " - "for %d targets to resolve.", - iq->num_target_queries); - qstate->ext_state[id] = module_wait_subquery; - } else { - verbose(VERB_ALGO, "no current targets -- waiting " - "for %d outstanding queries to respond.", - iq->num_current_queries); - qstate->ext_state[id] = module_wait_reply; - } - return 0; - } - - /* if not forwarding, check ratelimits per delegationpoint name */ - if(!(iq->chase_flags & BIT_RD) && !iq->ratelimit_ok) { - if(!infra_ratelimit_inc(qstate->env->infra_cache, iq->dp->name, - iq->dp->namelen, *qstate->env->now)) { - verbose(VERB_ALGO, "query exceeded ratelimits"); - return error_response(qstate, id, LDNS_RCODE_SERVFAIL); - } - } - - if(iq->minimisation_state == INIT_MINIMISE_STATE) { - /* (Re)set qinfo_out to (new) delegation point, except when - * qinfo_out is already a subdomain of dp. This happens when - * increasing by more than one label at once (QNAMEs with more - * than MAX_MINIMISE_COUNT labels). */ - if(!(iq->qinfo_out.qname_len - && dname_subdomain_c(iq->qchase.qname, - iq->qinfo_out.qname) - && dname_subdomain_c(iq->qinfo_out.qname, - iq->dp->name))) { - iq->qinfo_out.qname = iq->dp->name; - iq->qinfo_out.qname_len = iq->dp->namelen; - iq->qinfo_out.qtype = LDNS_RR_TYPE_A; - iq->qinfo_out.qclass = iq->qchase.qclass; - iq->qinfo_out.local_alias = NULL; - iq->minimise_count = 0; - } - - iq->minimisation_state = MINIMISE_STATE; - } - if(iq->minimisation_state == MINIMISE_STATE) { - int qchaselabs = dname_count_labels(iq->qchase.qname); - int labdiff = qchaselabs - - dname_count_labels(iq->qinfo_out.qname); - - iq->qinfo_out.qname = iq->qchase.qname; - iq->qinfo_out.qname_len = iq->qchase.qname_len; - iq->minimise_count++; - iq->minimise_timeout_count = 0; - - iter_dec_attempts(iq->dp, 1); - - /* Limit number of iterations for QNAMEs with more - * than MAX_MINIMISE_COUNT labels. Send first MINIMISE_ONE_LAB - * labels of QNAME always individually. - */ - if(qchaselabs > MAX_MINIMISE_COUNT && labdiff > 1 && - iq->minimise_count > MINIMISE_ONE_LAB) { - if(iq->minimise_count < MAX_MINIMISE_COUNT) { - int multilabs = qchaselabs - 1 - - MINIMISE_ONE_LAB; - int extralabs = multilabs / - MINIMISE_MULTIPLE_LABS; - - if (MAX_MINIMISE_COUNT - iq->minimise_count >= - multilabs % MINIMISE_MULTIPLE_LABS) - /* Default behaviour is to add 1 label - * every iteration. Therefore, decrement - * the extralabs by 1 */ - extralabs--; - if (extralabs < labdiff) - labdiff -= extralabs; - else - labdiff = 1; - } - /* Last minimised iteration, send all labels with - * QTYPE=NS */ - else - labdiff = 1; - } - - if(labdiff > 1) { - verbose(VERB_QUERY, "removing %d labels", labdiff-1); - dname_remove_labels(&iq->qinfo_out.qname, - &iq->qinfo_out.qname_len, - labdiff-1); - } - if(labdiff < 1 || (labdiff < 2 - && (iq->qchase.qtype == LDNS_RR_TYPE_DS - || iq->qchase.qtype == LDNS_RR_TYPE_A))) - /* Stop minimising this query, resolve "as usual" */ - iq->minimisation_state = DONOT_MINIMISE_STATE; - else if(!qstate->no_cache_lookup) { - struct dns_msg* msg = dns_cache_lookup(qstate->env, - iq->qinfo_out.qname, iq->qinfo_out.qname_len, - iq->qinfo_out.qtype, iq->qinfo_out.qclass, - qstate->query_flags, qstate->region, - qstate->env->scratch); - if(msg && msg->rep->an_numrrsets == 0 - && FLAGS_GET_RCODE(msg->rep->flags) == - LDNS_RCODE_NOERROR) - /* no need to send query if it is already - * cached as NOERROR/NODATA */ - return 1; - } - } - if(iq->minimisation_state == SKIP_MINIMISE_STATE) { - iq->minimise_timeout_count++; - if(iq->minimise_timeout_count < MAX_MINIMISE_TIMEOUT_COUNT) - /* Do not increment qname, continue incrementing next - * iteration */ - iq->minimisation_state = MINIMISE_STATE; - else if(!qstate->env->cfg->qname_minimisation_strict) - /* Too many time-outs detected for this QNAME and QTYPE. - * We give up, disable QNAME minimisation. */ - iq->minimisation_state = DONOT_MINIMISE_STATE; - } - if(iq->minimisation_state == DONOT_MINIMISE_STATE) - iq->qinfo_out = iq->qchase; - - /* We have a valid target. */ - if(verbosity >= VERB_QUERY) { - log_query_info(VERB_QUERY, "sending query:", &iq->qinfo_out); - log_name_addr(VERB_QUERY, "sending to target:", iq->dp->name, - &target->addr, target->addrlen); - verbose(VERB_ALGO, "dnssec status: %s%s", - iq->dnssec_expected?"expected": "not expected", - iq->dnssec_lame_query?" but lame_query anyway": ""); - } - fptr_ok(fptr_whitelist_modenv_send_query(qstate->env->send_query)); - outq = (*qstate->env->send_query)(&iq->qinfo_out, - iq->chase_flags | (iq->chase_to_rd?BIT_RD:0), - /* unset CD if to forwarder(RD set) and not dnssec retry - * (blacklist nonempty) and no trust-anchors are configured - * above the qname or on the first attempt when dnssec is on */ - EDNS_DO| ((iq->chase_to_rd||(iq->chase_flags&BIT_RD)!=0)&& - !qstate->blacklist&&(!iter_indicates_dnssec_fwd(qstate->env, - &iq->qinfo_out)||target->attempts==1)?0:BIT_CD), - iq->dnssec_expected, iq->caps_fallback || is_caps_whitelisted( - ie, iq), &target->addr, target->addrlen, - iq->dp->name, iq->dp->namelen, - (iq->dp->ssl_upstream || qstate->env->cfg->ssl_upstream), qstate); - if(!outq) { - log_addr(VERB_DETAIL, "error sending query to auth server", - &target->addr, target->addrlen); - if(!(iq->chase_flags & BIT_RD) && !iq->ratelimit_ok) - infra_ratelimit_dec(qstate->env->infra_cache, iq->dp->name, - iq->dp->namelen, *qstate->env->now); - return next_state(iq, QUERYTARGETS_STATE); - } - outbound_list_insert(&iq->outlist, outq); - iq->num_current_queries++; - iq->sent_count++; - qstate->ext_state[id] = module_wait_reply; - - return 0; -} - -/** find NS rrset in given list */ -static struct ub_packed_rrset_key* -find_NS(struct reply_info* rep, size_t from, size_t to) -{ - size_t i; - for(i=from; irrsets[i]->rk.type) == LDNS_RR_TYPE_NS) - return rep->rrsets[i]; - } - return NULL; -} - - -/** - * Process the query response. All queries end up at this state first. This - * process generally consists of analyzing the response and routing the - * event to the next state (either bouncing it back to a request state, or - * terminating the processing for this event). - * - * @param qstate: query state. - * @param iq: iterator query state. - * @param id: module id. - * @return true if the event requires more immediate processing, false if - * not. This is generally only true when forwarding the request to - * the final state (i.e., on answer). - */ -static int -processQueryResponse(struct module_qstate* qstate, struct iter_qstate* iq, - int id) -{ - int dnsseclame = 0; - enum response_type type; - iq->num_current_queries--; - - if(!inplace_cb_query_response_call(qstate->env, qstate, iq->response)) - log_err("unable to call query_response callback"); - - if(iq->response == NULL) { - /* Don't increment qname when QNAME minimisation is enabled */ - if(qstate->env->cfg->qname_minimisation) - iq->minimisation_state = SKIP_MINIMISE_STATE; - iq->chase_to_rd = 0; - iq->dnssec_lame_query = 0; - verbose(VERB_ALGO, "query response was timeout"); - return next_state(iq, QUERYTARGETS_STATE); - } - type = response_type_from_server( - (int)((iq->chase_flags&BIT_RD) || iq->chase_to_rd), - iq->response, &iq->qchase, iq->dp); - iq->chase_to_rd = 0; - if(type == RESPONSE_TYPE_REFERRAL && (iq->chase_flags&BIT_RD)) { - /* When forwarding (RD bit is set), we handle referrals - * differently. No queries should be sent elsewhere */ - type = RESPONSE_TYPE_ANSWER; - } - if(!qstate->env->cfg->disable_dnssec_lame_check && iq->dnssec_expected - && !iq->dnssec_lame_query && - !(iq->chase_flags&BIT_RD) - && iq->sent_count < DNSSEC_LAME_DETECT_COUNT - && type != RESPONSE_TYPE_LAME - && type != RESPONSE_TYPE_REC_LAME - && type != RESPONSE_TYPE_THROWAWAY - && type != RESPONSE_TYPE_UNTYPED) { - /* a possible answer, see if it is missing DNSSEC */ - /* but not when forwarding, so we dont mark fwder lame */ - if(!iter_msg_has_dnssec(iq->response)) { - /* Mark this address as dnsseclame in this dp, - * because that will make serverselection disprefer - * it, but also, once it is the only final option, - * use dnssec-lame-bypass if it needs to query there.*/ - if(qstate->reply) { - struct delegpt_addr* a = delegpt_find_addr( - iq->dp, &qstate->reply->addr, - qstate->reply->addrlen); - if(a) a->dnsseclame = 1; - } - /* test the answer is from the zone we expected, - * otherwise, (due to parent,child on same server), we - * might mark the server,zone lame inappropriately */ - if(!iter_msg_from_zone(iq->response, iq->dp, type, - iq->qchase.qclass)) - qstate->reply = NULL; - type = RESPONSE_TYPE_LAME; - dnsseclame = 1; - } - } else iq->dnssec_lame_query = 0; - /* see if referral brings us close to the target */ - if(type == RESPONSE_TYPE_REFERRAL) { - struct ub_packed_rrset_key* ns = find_NS( - iq->response->rep, iq->response->rep->an_numrrsets, - iq->response->rep->an_numrrsets - + iq->response->rep->ns_numrrsets); - if(!ns) ns = find_NS(iq->response->rep, 0, - iq->response->rep->an_numrrsets); - if(!ns || !dname_strict_subdomain_c(ns->rk.dname, iq->dp->name) - || !dname_subdomain_c(iq->qchase.qname, ns->rk.dname)){ - verbose(VERB_ALGO, "bad referral, throwaway"); - type = RESPONSE_TYPE_THROWAWAY; - } else - iter_scrub_ds(iq->response, ns, iq->dp->name); - } else iter_scrub_ds(iq->response, NULL, NULL); - if(type == RESPONSE_TYPE_THROWAWAY && - FLAGS_GET_RCODE(iq->response->rep->flags) == LDNS_RCODE_YXDOMAIN) { - /* YXDOMAIN is a permanent error, no need to retry */ - type = RESPONSE_TYPE_ANSWER; - } - if(type == RESPONSE_TYPE_CNAME && iq->response->rep->an_numrrsets >= 1 - && ntohs(iq->response->rep->rrsets[0]->rk.type) == LDNS_RR_TYPE_DNAME) { - uint8_t* sname = NULL; - size_t snamelen = 0; - get_cname_target(iq->response->rep->rrsets[0], &sname, - &snamelen); - if(snamelen && dname_subdomain_c(sname, iq->response->rep->rrsets[0]->rk.dname)) { - /* DNAME to a subdomain loop; do not recurse */ - type = RESPONSE_TYPE_ANSWER; - } - } - - /* handle each of the type cases */ - if(type == RESPONSE_TYPE_ANSWER) { - /* ANSWER type responses terminate the query algorithm, - * so they sent on their */ - if(verbosity >= VERB_DETAIL) { - verbose(VERB_DETAIL, "query response was %s", - FLAGS_GET_RCODE(iq->response->rep->flags) - ==LDNS_RCODE_NXDOMAIN?"NXDOMAIN ANSWER": - (iq->response->rep->an_numrrsets?"ANSWER": - "nodata ANSWER")); - } - /* if qtype is DS, check we have the right level of answer, - * like grandchild answer but we need the middle, reject it */ - if(iq->qchase.qtype == LDNS_RR_TYPE_DS && !iq->dsns_point - && !(iq->chase_flags&BIT_RD) - && iter_ds_toolow(iq->response, iq->dp) - && iter_dp_cangodown(&iq->qchase, iq->dp)) { - /* close down outstanding requests to be discarded */ - outbound_list_clear(&iq->outlist); - iq->num_current_queries = 0; - fptr_ok(fptr_whitelist_modenv_detach_subs( - qstate->env->detach_subs)); - (*qstate->env->detach_subs)(qstate); - iq->num_target_queries = 0; - return processDSNSFind(qstate, iq, id); - } - if(!qstate->no_cache_store) - iter_dns_store(qstate->env, &iq->response->qinfo, - iq->response->rep, 0, qstate->prefetch_leeway, - iq->dp&&iq->dp->has_parent_side_NS, - qstate->region, qstate->query_flags); - /* close down outstanding requests to be discarded */ - outbound_list_clear(&iq->outlist); - iq->num_current_queries = 0; - fptr_ok(fptr_whitelist_modenv_detach_subs( - qstate->env->detach_subs)); - (*qstate->env->detach_subs)(qstate); - iq->num_target_queries = 0; - if(qstate->reply) - sock_list_insert(&qstate->reply_origin, - &qstate->reply->addr, qstate->reply->addrlen, - qstate->region); - if(iq->minimisation_state != DONOT_MINIMISE_STATE) { - if(FLAGS_GET_RCODE(iq->response->rep->flags) != - LDNS_RCODE_NOERROR) { - if(qstate->env->cfg->qname_minimisation_strict) - return final_state(iq); - /* Best effort qname-minimisation. - * Stop minimising and send full query when - * RCODE is not NOERROR. */ - iq->minimisation_state = DONOT_MINIMISE_STATE; - } - if(FLAGS_GET_RCODE(iq->response->rep->flags) == - LDNS_RCODE_NXDOMAIN) { - /* Stop resolving when NXDOMAIN is DNSSEC - * signed. Based on assumption that namservers - * serving signed zones do not return NXDOMAIN - * for empty-non-terminals. */ - if(iq->dnssec_expected) - return final_state(iq); - /* Make subrequest to validate intermediate - * NXDOMAIN if harden-below-nxdomain is - * enabled. */ - if(qstate->env->cfg->harden_below_nxdomain) { - struct module_qstate* subq = NULL; - log_query_info(VERB_QUERY, - "schedule NXDOMAIN validation:", - &iq->response->qinfo); - if(!generate_sub_request( - iq->response->qinfo.qname, - iq->response->qinfo.qname_len, - iq->response->qinfo.qtype, - iq->response->qinfo.qclass, - qstate, id, iq, - INIT_REQUEST_STATE, - FINISHED_STATE, &subq, 1)) - verbose(VERB_ALGO, - "could not validate NXDOMAIN " - "response"); - } - } - return next_state(iq, QUERYTARGETS_STATE); - } - return final_state(iq); - } else if(type == RESPONSE_TYPE_REFERRAL) { - /* REFERRAL type responses get a reset of the - * delegation point, and back to the QUERYTARGETS_STATE. */ - verbose(VERB_DETAIL, "query response was REFERRAL"); - - if(!(iq->chase_flags & BIT_RD) && !iq->ratelimit_ok) { - /* we have a referral, no ratelimit, we can send - * our queries to the given name */ - infra_ratelimit_dec(qstate->env->infra_cache, - iq->dp->name, iq->dp->namelen, - *qstate->env->now); - } - - /* if hardened, only store referral if we asked for it */ - if(!qstate->no_cache_store && - (!qstate->env->cfg->harden_referral_path || - ( qstate->qinfo.qtype == LDNS_RR_TYPE_NS - && (qstate->query_flags&BIT_RD) - && !(qstate->query_flags&BIT_CD) - /* we know that all other NS rrsets are scrubbed - * away, thus on referral only one is left. - * see if that equals the query name... */ - && ( /* auth section, but sometimes in answer section*/ - reply_find_rrset_section_ns(iq->response->rep, - iq->qchase.qname, iq->qchase.qname_len, - LDNS_RR_TYPE_NS, iq->qchase.qclass) - || reply_find_rrset_section_an(iq->response->rep, - iq->qchase.qname, iq->qchase.qname_len, - LDNS_RR_TYPE_NS, iq->qchase.qclass) - ) - ))) { - /* Store the referral under the current query */ - /* no prefetch-leeway, since its not the answer */ - iter_dns_store(qstate->env, &iq->response->qinfo, - iq->response->rep, 1, 0, 0, NULL, 0); - if(iq->store_parent_NS) - iter_store_parentside_NS(qstate->env, - iq->response->rep); - if(qstate->env->neg_cache) - val_neg_addreferral(qstate->env->neg_cache, - iq->response->rep, iq->dp->name); - } - /* store parent-side-in-zone-glue, if directly queried for */ - if(!qstate->no_cache_store && iq->query_for_pside_glue - && !iq->pside_glue) { - iq->pside_glue = reply_find_rrset(iq->response->rep, - iq->qchase.qname, iq->qchase.qname_len, - iq->qchase.qtype, iq->qchase.qclass); - if(iq->pside_glue) { - log_rrset_key(VERB_ALGO, "found parent-side " - "glue", iq->pside_glue); - iter_store_parentside_rrset(qstate->env, - iq->pside_glue); - } - } - - /* Reset the event state, setting the current delegation - * point to the referral. */ - iq->deleg_msg = iq->response; - iq->dp = delegpt_from_message(iq->response, qstate->region); - if (qstate->env->cfg->qname_minimisation) - iq->minimisation_state = INIT_MINIMISE_STATE; - if(!iq->dp) - return error_response(qstate, id, LDNS_RCODE_SERVFAIL); - if(!cache_fill_missing(qstate->env, iq->qchase.qclass, - qstate->region, iq->dp)) - return error_response(qstate, id, LDNS_RCODE_SERVFAIL); - if(iq->store_parent_NS && query_dname_compare(iq->dp->name, - iq->store_parent_NS->name) == 0) - iter_merge_retry_counts(iq->dp, iq->store_parent_NS); - delegpt_log(VERB_ALGO, iq->dp); - /* Count this as a referral. */ - iq->referral_count++; - iq->sent_count = 0; - /* see if the next dp is a trust anchor, or a DS was sent - * along, indicating dnssec is expected for next zone */ - iq->dnssec_expected = iter_indicates_dnssec(qstate->env, - iq->dp, iq->response, iq->qchase.qclass); - /* if dnssec, validating then also fetch the key for the DS */ - if(iq->dnssec_expected && qstate->env->cfg->prefetch_key && - !(qstate->query_flags&BIT_CD)) - generate_dnskey_prefetch(qstate, iq, id); - - /* spawn off NS and addr to auth servers for the NS we just - * got in the referral. This gets authoritative answer - * (answer section trust level) rrset. - * right after, we detach the subs, answer goes to cache. */ - if(qstate->env->cfg->harden_referral_path) - generate_ns_check(qstate, iq, id); - - /* stop current outstanding queries. - * FIXME: should the outstanding queries be waited for and - * handled? Say by a subquery that inherits the outbound_entry. - */ - outbound_list_clear(&iq->outlist); - iq->num_current_queries = 0; - fptr_ok(fptr_whitelist_modenv_detach_subs( - qstate->env->detach_subs)); - (*qstate->env->detach_subs)(qstate); - iq->num_target_queries = 0; - verbose(VERB_ALGO, "cleared outbound list for next round"); - return next_state(iq, QUERYTARGETS_STATE); - } else if(type == RESPONSE_TYPE_CNAME) { - uint8_t* sname = NULL; - size_t snamelen = 0; - /* CNAME type responses get a query restart (i.e., get a - * reset of the query state and go back to INIT_REQUEST_STATE). - */ - verbose(VERB_DETAIL, "query response was CNAME"); - if(verbosity >= VERB_ALGO) - log_dns_msg("cname msg", &iq->response->qinfo, - iq->response->rep); - /* if qtype is DS, check we have the right level of answer, - * like grandchild answer but we need the middle, reject it */ - if(iq->qchase.qtype == LDNS_RR_TYPE_DS && !iq->dsns_point - && !(iq->chase_flags&BIT_RD) - && iter_ds_toolow(iq->response, iq->dp) - && iter_dp_cangodown(&iq->qchase, iq->dp)) { - outbound_list_clear(&iq->outlist); - iq->num_current_queries = 0; - fptr_ok(fptr_whitelist_modenv_detach_subs( - qstate->env->detach_subs)); - (*qstate->env->detach_subs)(qstate); - iq->num_target_queries = 0; - return processDSNSFind(qstate, iq, id); - } - /* Process the CNAME response. */ - if(!handle_cname_response(qstate, iq, iq->response, - &sname, &snamelen)) - return error_response(qstate, id, LDNS_RCODE_SERVFAIL); - /* cache the CNAME response under the current query */ - /* NOTE : set referral=1, so that rrsets get stored but not - * the partial query answer (CNAME only). */ - /* prefetchleeway applied because this updates answer parts */ - if(!qstate->no_cache_store) - iter_dns_store(qstate->env, &iq->response->qinfo, - iq->response->rep, 1, qstate->prefetch_leeway, - iq->dp&&iq->dp->has_parent_side_NS, NULL, - qstate->query_flags); - /* set the current request's qname to the new value. */ - iq->qchase.qname = sname; - iq->qchase.qname_len = snamelen; - if (qstate->env->cfg->qname_minimisation) - iq->minimisation_state = INIT_MINIMISE_STATE; - /* Clear the query state, since this is a query restart. */ - iq->deleg_msg = NULL; - iq->dp = NULL; - iq->dsns_point = NULL; - /* Note the query restart. */ - iq->query_restart_count++; - iq->sent_count = 0; - - /* stop current outstanding queries. - * FIXME: should the outstanding queries be waited for and - * handled? Say by a subquery that inherits the outbound_entry. - */ - outbound_list_clear(&iq->outlist); - iq->num_current_queries = 0; - fptr_ok(fptr_whitelist_modenv_detach_subs( - qstate->env->detach_subs)); - (*qstate->env->detach_subs)(qstate); - iq->num_target_queries = 0; - if(qstate->reply) - sock_list_insert(&qstate->reply_origin, - &qstate->reply->addr, qstate->reply->addrlen, - qstate->region); - verbose(VERB_ALGO, "cleared outbound list for query restart"); - /* go to INIT_REQUEST_STATE for new qname. */ - return next_state(iq, INIT_REQUEST_STATE); - } else if(type == RESPONSE_TYPE_LAME) { - /* Cache the LAMEness. */ - verbose(VERB_DETAIL, "query response was %sLAME", - dnsseclame?"DNSSEC ":""); - if(!dname_subdomain_c(iq->qchase.qname, iq->dp->name)) { - log_err("mark lame: mismatch in qname and dpname"); - /* throwaway this reply below */ - } else if(qstate->reply) { - /* need addr for lameness cache, but we may have - * gotten this from cache, so test to be sure */ - if(!infra_set_lame(qstate->env->infra_cache, - &qstate->reply->addr, qstate->reply->addrlen, - iq->dp->name, iq->dp->namelen, - *qstate->env->now, dnsseclame, 0, - iq->qchase.qtype)) - log_err("mark host lame: out of memory"); - } - } else if(type == RESPONSE_TYPE_REC_LAME) { - /* Cache the LAMEness. */ - verbose(VERB_DETAIL, "query response REC_LAME: " - "recursive but not authoritative server"); - if(!dname_subdomain_c(iq->qchase.qname, iq->dp->name)) { - log_err("mark rec_lame: mismatch in qname and dpname"); - /* throwaway this reply below */ - } else if(qstate->reply) { - /* need addr for lameness cache, but we may have - * gotten this from cache, so test to be sure */ - verbose(VERB_DETAIL, "mark as REC_LAME"); - if(!infra_set_lame(qstate->env->infra_cache, - &qstate->reply->addr, qstate->reply->addrlen, - iq->dp->name, iq->dp->namelen, - *qstate->env->now, 0, 1, iq->qchase.qtype)) - log_err("mark host lame: out of memory"); - } - } else if(type == RESPONSE_TYPE_THROWAWAY) { - /* LAME and THROWAWAY responses are handled the same way. - * In this case, the event is just sent directly back to - * the QUERYTARGETS_STATE without resetting anything, - * because, clearly, the next target must be tried. */ - verbose(VERB_DETAIL, "query response was THROWAWAY"); - } else { - log_warn("A query response came back with an unknown type: %d", - (int)type); - } - - /* LAME, THROWAWAY and "unknown" all end up here. - * Recycle to the QUERYTARGETS state to hopefully try a - * different target. */ - if (qstate->env->cfg->qname_minimisation && - !qstate->env->cfg->qname_minimisation_strict) - iq->minimisation_state = DONOT_MINIMISE_STATE; - return next_state(iq, QUERYTARGETS_STATE); -} - -/** - * Return priming query results to interested super querystates. - * - * Sets the delegation point and delegation message (not nonRD queries). - * This is a callback from walk_supers. - * - * @param qstate: priming query state that finished. - * @param id: module id. - * @param forq: the qstate for which priming has been done. - */ -static void -prime_supers(struct module_qstate* qstate, int id, struct module_qstate* forq) -{ - struct iter_qstate* foriq = (struct iter_qstate*)forq->minfo[id]; - struct delegpt* dp = NULL; - - log_assert(qstate->is_priming || foriq->wait_priming_stub); - log_assert(qstate->return_rcode == LDNS_RCODE_NOERROR); - /* Convert our response to a delegation point */ - dp = delegpt_from_message(qstate->return_msg, forq->region); - if(!dp) { - /* if there is no convertable delegation point, then - * the ANSWER type was (presumably) a negative answer. */ - verbose(VERB_ALGO, "prime response was not a positive " - "ANSWER; failing"); - foriq->dp = NULL; - foriq->state = QUERYTARGETS_STATE; - return; - } - - log_query_info(VERB_DETAIL, "priming successful for", &qstate->qinfo); - delegpt_log(VERB_ALGO, dp); - foriq->dp = dp; - foriq->deleg_msg = dns_copy_msg(qstate->return_msg, forq->region); - if(!foriq->deleg_msg) { - log_err("copy prime response: out of memory"); - foriq->dp = NULL; - foriq->state = QUERYTARGETS_STATE; - return; - } - - /* root priming responses go to init stage 2, priming stub - * responses to to stage 3. */ - if(foriq->wait_priming_stub) { - foriq->state = INIT_REQUEST_3_STATE; - foriq->wait_priming_stub = 0; - } else foriq->state = INIT_REQUEST_2_STATE; - /* because we are finished, the parent will be reactivated */ -} - -/** - * This handles the response to a priming query. This is used to handle both - * root and stub priming responses. This is basically the equivalent of the - * QUERY_RESP_STATE, but will not handle CNAME responses and will treat - * REFERRALs as ANSWERS. It will also update and reactivate the originating - * event. - * - * @param qstate: query state. - * @param id: module id. - * @return true if the event needs more immediate processing, false if not. - * This state always returns false. - */ -static int -processPrimeResponse(struct module_qstate* qstate, int id) -{ - struct iter_qstate* iq = (struct iter_qstate*)qstate->minfo[id]; - enum response_type type; - iq->response->rep->flags &= ~(BIT_RD|BIT_RA); /* ignore rec-lame */ - type = response_type_from_server( - (int)((iq->chase_flags&BIT_RD) || iq->chase_to_rd), - iq->response, &iq->qchase, iq->dp); - if(type == RESPONSE_TYPE_ANSWER) { - qstate->return_rcode = LDNS_RCODE_NOERROR; - qstate->return_msg = iq->response; - } else { - qstate->return_rcode = LDNS_RCODE_SERVFAIL; - qstate->return_msg = NULL; - } - - /* validate the root or stub after priming (if enabled). - * This is the same query as the prime query, but with validation. - * Now that we are primed, the additional queries that validation - * may need can be resolved, such as DLV. */ - if(qstate->env->cfg->harden_referral_path) { - struct module_qstate* subq = NULL; - log_nametypeclass(VERB_ALGO, "schedule prime validation", - qstate->qinfo.qname, qstate->qinfo.qtype, - qstate->qinfo.qclass); - if(!generate_sub_request(qstate->qinfo.qname, - qstate->qinfo.qname_len, qstate->qinfo.qtype, - qstate->qinfo.qclass, qstate, id, iq, - INIT_REQUEST_STATE, FINISHED_STATE, &subq, 1)) { - verbose(VERB_ALGO, "could not generate prime check"); - } - generate_a_aaaa_check(qstate, iq, id); - } - - /* This event is finished. */ - qstate->ext_state[id] = module_finished; - return 0; -} - -/** - * Do final processing on responses to target queries. Events reach this - * state after the iterative resolution algorithm terminates. This state is - * responsible for reactiving the original event, and housekeeping related - * to received target responses (caching, updating the current delegation - * point, etc). - * Callback from walk_supers for every super state that is interested in - * the results from this query. - * - * @param qstate: query state. - * @param id: module id. - * @param forq: super query state. - */ -static void -processTargetResponse(struct module_qstate* qstate, int id, - struct module_qstate* forq) -{ - struct iter_qstate* iq = (struct iter_qstate*)qstate->minfo[id]; - struct iter_qstate* foriq = (struct iter_qstate*)forq->minfo[id]; - struct ub_packed_rrset_key* rrset; - struct delegpt_ns* dpns; - log_assert(qstate->return_rcode == LDNS_RCODE_NOERROR); - - foriq->state = QUERYTARGETS_STATE; - log_query_info(VERB_ALGO, "processTargetResponse", &qstate->qinfo); - log_query_info(VERB_ALGO, "processTargetResponse super", &forq->qinfo); - - /* Tell the originating event that this target query has finished - * (regardless if it succeeded or not). */ - foriq->num_target_queries--; - - /* check to see if parent event is still interested (in orig name). */ - if(!foriq->dp) { - verbose(VERB_ALGO, "subq: parent not interested, was reset"); - return; /* not interested anymore */ - } - dpns = delegpt_find_ns(foriq->dp, qstate->qinfo.qname, - qstate->qinfo.qname_len); - if(!dpns) { - /* If not interested, just stop processing this event */ - verbose(VERB_ALGO, "subq: parent not interested anymore"); - /* could be because parent was jostled out of the cache, - and a new identical query arrived, that does not want it*/ - return; - } - - /* if iq->query_for_pside_glue then add the pside_glue (marked lame) */ - if(iq->pside_glue) { - /* if the pside_glue is NULL, then it could not be found, - * the done_pside is already set when created and a cache - * entry created in processFinished so nothing to do here */ - log_rrset_key(VERB_ALGO, "add parentside glue to dp", - iq->pside_glue); - if(!delegpt_add_rrset(foriq->dp, forq->region, - iq->pside_glue, 1)) - log_err("out of memory adding pside glue"); - } - - /* This response is relevant to the current query, so we - * add (attempt to add, anyway) this target(s) and reactivate - * the original event. - * NOTE: we could only look for the AnswerRRset if the - * response type was ANSWER. */ - rrset = reply_find_answer_rrset(&iq->qchase, qstate->return_msg->rep); - if(rrset) { - /* if CNAMEs have been followed - add new NS to delegpt. */ - /* BTW. RFC 1918 says NS should not have got CNAMEs. Robust. */ - if(!delegpt_find_ns(foriq->dp, rrset->rk.dname, - rrset->rk.dname_len)) { - /* if dpns->lame then set newcname ns lame too */ - if(!delegpt_add_ns(foriq->dp, forq->region, - rrset->rk.dname, dpns->lame)) - log_err("out of memory adding cnamed-ns"); - } - /* if dpns->lame then set the address(es) lame too */ - if(!delegpt_add_rrset(foriq->dp, forq->region, rrset, - dpns->lame)) - log_err("out of memory adding targets"); - verbose(VERB_ALGO, "added target response"); - delegpt_log(VERB_ALGO, foriq->dp); - } else { - verbose(VERB_ALGO, "iterator TargetResponse failed"); - dpns->resolved = 1; /* fail the target */ - } -} - -/** - * Process response for DS NS Find queries, that attempt to find the delegation - * point where we ask the DS query from. - * - * @param qstate: query state. - * @param id: module id. - * @param forq: super query state. - */ -static void -processDSNSResponse(struct module_qstate* qstate, int id, - struct module_qstate* forq) -{ - struct iter_qstate* foriq = (struct iter_qstate*)forq->minfo[id]; - - /* if the finished (iq->response) query has no NS set: continue - * up to look for the right dp; nothing to change, do DPNSstate */ - if(qstate->return_rcode != LDNS_RCODE_NOERROR) - return; /* seek further */ - /* find the NS RRset (without allowing CNAMEs) */ - if(!reply_find_rrset(qstate->return_msg->rep, qstate->qinfo.qname, - qstate->qinfo.qname_len, LDNS_RR_TYPE_NS, - qstate->qinfo.qclass)){ - return; /* seek further */ - } - - /* else, store as DP and continue at querytargets */ - foriq->state = QUERYTARGETS_STATE; - foriq->dp = delegpt_from_message(qstate->return_msg, forq->region); - if(!foriq->dp) { - log_err("out of memory in dsns dp alloc"); - return; /* dp==NULL in QUERYTARGETS makes SERVFAIL */ - } - /* success, go query the querytargets in the new dp (and go down) */ -} - -/** - * Process response for qclass=ANY queries for a particular class. - * Append to result or error-exit. - * - * @param qstate: query state. - * @param id: module id. - * @param forq: super query state. - */ -static void -processClassResponse(struct module_qstate* qstate, int id, - struct module_qstate* forq) -{ - struct iter_qstate* foriq = (struct iter_qstate*)forq->minfo[id]; - struct dns_msg* from = qstate->return_msg; - log_query_info(VERB_ALGO, "processClassResponse", &qstate->qinfo); - log_query_info(VERB_ALGO, "processClassResponse super", &forq->qinfo); - if(qstate->return_rcode != LDNS_RCODE_NOERROR) { - /* cause servfail for qclass ANY query */ - foriq->response = NULL; - foriq->state = FINISHED_STATE; - return; - } - /* append result */ - if(!foriq->response) { - /* allocate the response: copy RCODE, sec_state */ - foriq->response = dns_copy_msg(from, forq->region); - if(!foriq->response) { - log_err("malloc failed for qclass ANY response"); - foriq->state = FINISHED_STATE; - return; - } - foriq->response->qinfo.qclass = forq->qinfo.qclass; - /* qclass ANY does not receive the AA flag on replies */ - foriq->response->rep->authoritative = 0; - } else { - struct dns_msg* to = foriq->response; - /* add _from_ this response _to_ existing collection */ - /* if there are records, copy RCODE */ - /* lower sec_state if this message is lower */ - if(from->rep->rrset_count != 0) { - size_t n = from->rep->rrset_count+to->rep->rrset_count; - struct ub_packed_rrset_key** dest, **d; - /* copy appropriate rcode */ - to->rep->flags = from->rep->flags; - /* copy rrsets */ - if(from->rep->rrset_count > RR_COUNT_MAX || - to->rep->rrset_count > RR_COUNT_MAX) { - log_err("malloc failed (too many rrsets) in collect ANY"); - foriq->state = FINISHED_STATE; - return; /* integer overflow protection */ - } - dest = regional_alloc(forq->region, sizeof(dest[0])*n); - if(!dest) { - log_err("malloc failed in collect ANY"); - foriq->state = FINISHED_STATE; - return; - } - d = dest; - /* copy AN */ - memcpy(dest, to->rep->rrsets, to->rep->an_numrrsets - * sizeof(dest[0])); - dest += to->rep->an_numrrsets; - memcpy(dest, from->rep->rrsets, from->rep->an_numrrsets - * sizeof(dest[0])); - dest += from->rep->an_numrrsets; - /* copy NS */ - memcpy(dest, to->rep->rrsets+to->rep->an_numrrsets, - to->rep->ns_numrrsets * sizeof(dest[0])); - dest += to->rep->ns_numrrsets; - memcpy(dest, from->rep->rrsets+from->rep->an_numrrsets, - from->rep->ns_numrrsets * sizeof(dest[0])); - dest += from->rep->ns_numrrsets; - /* copy AR */ - memcpy(dest, to->rep->rrsets+to->rep->an_numrrsets+ - to->rep->ns_numrrsets, - to->rep->ar_numrrsets * sizeof(dest[0])); - dest += to->rep->ar_numrrsets; - memcpy(dest, from->rep->rrsets+from->rep->an_numrrsets+ - from->rep->ns_numrrsets, - from->rep->ar_numrrsets * sizeof(dest[0])); - /* update counts */ - to->rep->rrsets = d; - to->rep->an_numrrsets += from->rep->an_numrrsets; - to->rep->ns_numrrsets += from->rep->ns_numrrsets; - to->rep->ar_numrrsets += from->rep->ar_numrrsets; - to->rep->rrset_count = n; - } - if(from->rep->security < to->rep->security) /* lowest sec */ - to->rep->security = from->rep->security; - if(from->rep->qdcount != 0) /* insert qd if appropriate */ - to->rep->qdcount = from->rep->qdcount; - if(from->rep->ttl < to->rep->ttl) /* use smallest TTL */ - to->rep->ttl = from->rep->ttl; - if(from->rep->prefetch_ttl < to->rep->prefetch_ttl) - to->rep->prefetch_ttl = from->rep->prefetch_ttl; - } - /* are we done? */ - foriq->num_current_queries --; - if(foriq->num_current_queries == 0) - foriq->state = FINISHED_STATE; -} - -/** - * Collect class ANY responses and make them into one response. This - * state is started and it creates queries for all classes (that have - * root hints). The answers are then collected. - * - * @param qstate: query state. - * @param id: module id. - * @return true if the event needs more immediate processing, false if not. - */ -static int -processCollectClass(struct module_qstate* qstate, int id) -{ - struct iter_qstate* iq = (struct iter_qstate*)qstate->minfo[id]; - struct module_qstate* subq; - /* If qchase.qclass == 0 then send out queries for all classes. - * Otherwise, do nothing (wait for all answers to arrive and the - * processClassResponse to put them together, and that moves us - * towards the Finished state when done. */ - if(iq->qchase.qclass == 0) { - uint16_t c = 0; - iq->qchase.qclass = LDNS_RR_CLASS_ANY; - while(iter_get_next_root(qstate->env->hints, - qstate->env->fwds, &c)) { - /* generate query for this class */ - log_nametypeclass(VERB_ALGO, "spawn collect query", - qstate->qinfo.qname, qstate->qinfo.qtype, c); - if(!generate_sub_request(qstate->qinfo.qname, - qstate->qinfo.qname_len, qstate->qinfo.qtype, - c, qstate, id, iq, INIT_REQUEST_STATE, - FINISHED_STATE, &subq, - (int)!(qstate->query_flags&BIT_CD))) { - return error_response(qstate, id, - LDNS_RCODE_SERVFAIL); - } - /* ignore subq, no special init required */ - iq->num_current_queries ++; - if(c == 0xffff) - break; - else c++; - } - /* if no roots are configured at all, return */ - if(iq->num_current_queries == 0) { - verbose(VERB_ALGO, "No root hints or fwds, giving up " - "on qclass ANY"); - return error_response(qstate, id, LDNS_RCODE_REFUSED); - } - /* return false, wait for queries to return */ - } - /* if woke up here because of an answer, wait for more answers */ - return 0; -} - -/** - * This handles the final state for first-tier responses (i.e., responses to - * externally generated queries). - * - * @param qstate: query state. - * @param iq: iterator query state. - * @param id: module id. - * @return true if the event needs more processing, false if not. Since this - * is the final state for an event, it always returns false. - */ -static int -processFinished(struct module_qstate* qstate, struct iter_qstate* iq, - int id) -{ - log_query_info(VERB_QUERY, "finishing processing for", - &qstate->qinfo); - - /* store negative cache element for parent side glue. */ - if(!qstate->no_cache_store && iq->query_for_pside_glue - && !iq->pside_glue) - iter_store_parentside_neg(qstate->env, &qstate->qinfo, - iq->deleg_msg?iq->deleg_msg->rep: - (iq->response?iq->response->rep:NULL)); - if(!iq->response) { - verbose(VERB_ALGO, "No response is set, servfail"); - return error_response(qstate, id, LDNS_RCODE_SERVFAIL); - } - - /* Make sure that the RA flag is set (since the presence of - * this module means that recursion is available) */ - iq->response->rep->flags |= BIT_RA; - - /* Clear the AA flag */ - /* FIXME: does this action go here or in some other module? */ - iq->response->rep->flags &= ~BIT_AA; - - /* make sure QR flag is on */ - iq->response->rep->flags |= BIT_QR; - - /* we have finished processing this query */ - qstate->ext_state[id] = module_finished; - - /* TODO: we are using a private TTL, trim the response. */ - /* if (mPrivateTTL > 0){IterUtils.setPrivateTTL(resp, mPrivateTTL); } */ - - /* prepend any items we have accumulated */ - if(iq->an_prepend_list || iq->ns_prepend_list) { - if(!iter_prepend(iq, iq->response, qstate->region)) { - log_err("prepend rrsets: out of memory"); - return error_response(qstate, id, LDNS_RCODE_SERVFAIL); - } - /* reset the query name back */ - iq->response->qinfo = qstate->qinfo; - /* the security state depends on the combination */ - iq->response->rep->security = sec_status_unchecked; - /* store message with the finished prepended items, - * but only if we did recursion. The nonrecursion referral - * from cache does not need to be stored in the msg cache. */ - if(!qstate->no_cache_store && qstate->query_flags&BIT_RD) { - iter_dns_store(qstate->env, &qstate->qinfo, - iq->response->rep, 0, qstate->prefetch_leeway, - iq->dp&&iq->dp->has_parent_side_NS, - qstate->region, qstate->query_flags); - } - } - qstate->return_rcode = LDNS_RCODE_NOERROR; - qstate->return_msg = iq->response; - return 0; -} - -/* - * Return priming query results to interestes super querystates. - * - * Sets the delegation point and delegation message (not nonRD queries). - * This is a callback from walk_supers. - * - * @param qstate: query state that finished. - * @param id: module id. - * @param super: the qstate to inform. - */ -void -iter_inform_super(struct module_qstate* qstate, int id, - struct module_qstate* super) -{ - if(!qstate->is_priming && super->qinfo.qclass == LDNS_RR_CLASS_ANY) - processClassResponse(qstate, id, super); - else if(super->qinfo.qtype == LDNS_RR_TYPE_DS && ((struct iter_qstate*) - super->minfo[id])->state == DSNS_FIND_STATE) - processDSNSResponse(qstate, id, super); - else if(qstate->return_rcode != LDNS_RCODE_NOERROR) - error_supers(qstate, id, super); - else if(qstate->is_priming) - prime_supers(qstate, id, super); - else processTargetResponse(qstate, id, super); -} - -/** - * Handle iterator state. - * Handle events. This is the real processing loop for events, responsible - * for moving events through the various states. If a processing method - * returns true, then it will be advanced to the next state. If false, then - * processing will stop. - * - * @param qstate: query state. - * @param ie: iterator shared global environment. - * @param iq: iterator query state. - * @param id: module id. - */ -static void -iter_handle(struct module_qstate* qstate, struct iter_qstate* iq, - struct iter_env* ie, int id) -{ - int cont = 1; - while(cont) { - verbose(VERB_ALGO, "iter_handle processing q with state %s", - iter_state_to_string(iq->state)); - switch(iq->state) { - case INIT_REQUEST_STATE: - cont = processInitRequest(qstate, iq, ie, id); - break; - case INIT_REQUEST_2_STATE: - cont = processInitRequest2(qstate, iq, id); - break; - case INIT_REQUEST_3_STATE: - cont = processInitRequest3(qstate, iq, id); - break; - case QUERYTARGETS_STATE: - cont = processQueryTargets(qstate, iq, ie, id); - break; - case QUERY_RESP_STATE: - cont = processQueryResponse(qstate, iq, id); - break; - case PRIME_RESP_STATE: - cont = processPrimeResponse(qstate, id); - break; - case COLLECT_CLASS_STATE: - cont = processCollectClass(qstate, id); - break; - case DSNS_FIND_STATE: - cont = processDSNSFind(qstate, iq, id); - break; - case FINISHED_STATE: - cont = processFinished(qstate, iq, id); - break; - default: - log_warn("iterator: invalid state: %d", - iq->state); - cont = 0; - break; - } - } -} - -/** - * This is the primary entry point for processing request events. Note that - * this method should only be used by external modules. - * @param qstate: query state. - * @param ie: iterator shared global environment. - * @param iq: iterator query state. - * @param id: module id. - */ -static void -process_request(struct module_qstate* qstate, struct iter_qstate* iq, - struct iter_env* ie, int id) -{ - /* external requests start in the INIT state, and finish using the - * FINISHED state. */ - iq->state = INIT_REQUEST_STATE; - iq->final_state = FINISHED_STATE; - verbose(VERB_ALGO, "process_request: new external request event"); - iter_handle(qstate, iq, ie, id); -} - -/** process authoritative server reply */ -static void -process_response(struct module_qstate* qstate, struct iter_qstate* iq, - struct iter_env* ie, int id, struct outbound_entry* outbound, - enum module_ev event) -{ - struct msg_parse* prs; - struct edns_data edns; - sldns_buffer* pkt; - - verbose(VERB_ALGO, "process_response: new external response event"); - iq->response = NULL; - iq->state = QUERY_RESP_STATE; - if(event == module_event_noreply || event == module_event_error) { - if(event == module_event_noreply && iq->sent_count >= 3 && - qstate->env->cfg->use_caps_bits_for_id && - !iq->caps_fallback) { - /* start fallback */ - iq->caps_fallback = 1; - iq->caps_server = 0; - iq->caps_reply = NULL; - iq->caps_response = NULL; - iq->state = QUERYTARGETS_STATE; - iq->num_current_queries--; - /* need fresh attempts for the 0x20 fallback, if - * that was the cause for the failure */ - iter_dec_attempts(iq->dp, 3); - verbose(VERB_DETAIL, "Capsforid: timeouts, starting fallback"); - goto handle_it; - } - goto handle_it; - } - if( (event != module_event_reply && event != module_event_capsfail) - || !qstate->reply) { - log_err("Bad event combined with response"); - outbound_list_remove(&iq->outlist, outbound); - (void)error_response(qstate, id, LDNS_RCODE_SERVFAIL); - return; - } - - /* parse message */ - prs = (struct msg_parse*)regional_alloc(qstate->env->scratch, - sizeof(struct msg_parse)); - if(!prs) { - log_err("out of memory on incoming message"); - /* like packet got dropped */ - goto handle_it; - } - memset(prs, 0, sizeof(*prs)); - memset(&edns, 0, sizeof(edns)); - pkt = qstate->reply->c->buffer; - sldns_buffer_set_position(pkt, 0); - if(parse_packet(pkt, prs, qstate->env->scratch) != LDNS_RCODE_NOERROR) { - verbose(VERB_ALGO, "parse error on reply packet"); - goto handle_it; - } - /* edns is not examined, but removed from message to help cache */ - if(parse_extract_edns(prs, &edns, qstate->env->scratch) != - LDNS_RCODE_NOERROR) - goto handle_it; - - /* Copy the edns options we may got from the back end */ - if(edns.opt_list) { - qstate->edns_opts_back_in = edns_opt_copy_region(edns.opt_list, - qstate->region); - if(!qstate->edns_opts_back_in) { - log_err("out of memory on incoming message"); - /* like packet got dropped */ - goto handle_it; - } - if(!inplace_cb_edns_back_parsed_call(qstate->env, qstate)) { - log_err("unable to call edns_back_parsed callback"); - goto handle_it; - } - } - - /* remove CD-bit, we asked for in case we handle validation ourself */ - prs->flags &= ~BIT_CD; - - /* normalize and sanitize: easy to delete items from linked lists */ - if(!scrub_message(pkt, prs, &iq->qinfo_out, iq->dp->name, - qstate->env->scratch, qstate->env, ie)) { - /* if 0x20 enabled, start fallback, but we have no message */ - if(event == module_event_capsfail && !iq->caps_fallback) { - iq->caps_fallback = 1; - iq->caps_server = 0; - iq->caps_reply = NULL; - iq->caps_response = NULL; - iq->state = QUERYTARGETS_STATE; - iq->num_current_queries--; - verbose(VERB_DETAIL, "Capsforid: scrub failed, starting fallback with no response"); - } - goto handle_it; - } - - /* allocate response dns_msg in region */ - iq->response = dns_alloc_msg(pkt, prs, qstate->region); - if(!iq->response) - goto handle_it; - log_query_info(VERB_DETAIL, "response for", &qstate->qinfo); - log_name_addr(VERB_DETAIL, "reply from", iq->dp->name, - &qstate->reply->addr, qstate->reply->addrlen); - if(verbosity >= VERB_ALGO) - log_dns_msg("incoming scrubbed packet:", &iq->response->qinfo, - iq->response->rep); - - if(event == module_event_capsfail || iq->caps_fallback) { - /* for fallback we care about main answer, not additionals */ - /* removing that makes comparison more likely to succeed */ - caps_strip_reply(iq->response->rep); - if(!iq->caps_fallback) { - /* start fallback */ - iq->caps_fallback = 1; - iq->caps_server = 0; - iq->caps_reply = iq->response->rep; - iq->caps_response = iq->response; - iq->state = QUERYTARGETS_STATE; - iq->num_current_queries--; - verbose(VERB_DETAIL, "Capsforid: starting fallback"); - goto handle_it; - } else { - /* check if reply is the same, otherwise, fail */ - if(!iq->caps_reply) { - iq->caps_reply = iq->response->rep; - iq->caps_response = iq->response; - iq->caps_server = -1; /*become zero at ++, - so that we start the full set of trials */ - } else if(caps_failed_rcode(iq->caps_reply) && - !caps_failed_rcode(iq->response->rep)) { - /* prefer to upgrade to non-SERVFAIL */ - iq->caps_reply = iq->response->rep; - iq->caps_response = iq->response; - } else if(!caps_failed_rcode(iq->caps_reply) && - caps_failed_rcode(iq->response->rep)) { - /* if we have non-SERVFAIL as answer then - * we can ignore SERVFAILs for the equality - * comparison */ - /* no instructions here, skip other else */ - } else if(caps_failed_rcode(iq->caps_reply) && - caps_failed_rcode(iq->response->rep)) { - /* failure is same as other failure in fallbk*/ - /* no instructions here, skip other else */ - } else if(!reply_equal(iq->response->rep, iq->caps_reply, - qstate->env->scratch)) { - verbose(VERB_DETAIL, "Capsforid fallback: " - "getting different replies, failed"); - outbound_list_remove(&iq->outlist, outbound); - (void)error_response(qstate, id, - LDNS_RCODE_SERVFAIL); - return; - } - /* continue the fallback procedure at next server */ - iq->caps_server++; - iq->state = QUERYTARGETS_STATE; - iq->num_current_queries--; - verbose(VERB_DETAIL, "Capsforid: reply is equal. " - "go to next fallback"); - goto handle_it; - } - } - iq->caps_fallback = 0; /* if we were in fallback, 0x20 is OK now */ - -handle_it: - outbound_list_remove(&iq->outlist, outbound); - iter_handle(qstate, iq, ie, id); -} - -void -iter_operate(struct module_qstate* qstate, enum module_ev event, int id, - struct outbound_entry* outbound) -{ - struct iter_env* ie = (struct iter_env*)qstate->env->modinfo[id]; - struct iter_qstate* iq = (struct iter_qstate*)qstate->minfo[id]; - verbose(VERB_QUERY, "iterator[module %d] operate: extstate:%s event:%s", - id, strextstate(qstate->ext_state[id]), strmodulevent(event)); - if(iq) log_query_info(VERB_QUERY, "iterator operate: query", - &qstate->qinfo); - if(iq && qstate->qinfo.qname != iq->qchase.qname) - log_query_info(VERB_QUERY, "iterator operate: chased to", - &iq->qchase); - - /* perform iterator state machine */ - if((event == module_event_new || event == module_event_pass) && - iq == NULL) { - if(!iter_new(qstate, id)) { - (void)error_response(qstate, id, LDNS_RCODE_SERVFAIL); - return; - } - iq = (struct iter_qstate*)qstate->minfo[id]; - process_request(qstate, iq, ie, id); - return; - } - if(iq && event == module_event_pass) { - iter_handle(qstate, iq, ie, id); - return; - } - if(iq && outbound) { - process_response(qstate, iq, ie, id, outbound, event); - return; - } - if(event == module_event_error) { - verbose(VERB_ALGO, "got called with event error, giving up"); - (void)error_response(qstate, id, LDNS_RCODE_SERVFAIL); - return; - } - - log_err("bad event for iterator"); - (void)error_response(qstate, id, LDNS_RCODE_SERVFAIL); -} - -void -iter_clear(struct module_qstate* qstate, int id) -{ - struct iter_qstate* iq; - if(!qstate) - return; - iq = (struct iter_qstate*)qstate->minfo[id]; - if(iq) { - outbound_list_clear(&iq->outlist); - if(iq->target_count && --iq->target_count[0] == 0) - free(iq->target_count); - iq->num_current_queries = 0; - } - qstate->minfo[id] = NULL; -} - -size_t -iter_get_mem(struct module_env* env, int id) -{ - struct iter_env* ie = (struct iter_env*)env->modinfo[id]; - if(!ie) - return 0; - return sizeof(*ie) + sizeof(int)*((size_t)ie->max_dependency_depth+1) - + donotq_get_mem(ie->donotq) + priv_get_mem(ie->priv); -} - -/** - * The iterator function block - */ -static struct module_func_block iter_block = { - "iterator", - &iter_init, &iter_deinit, &iter_operate, &iter_inform_super, - &iter_clear, &iter_get_mem -}; - -struct module_func_block* -iter_get_funcblock(void) -{ - return &iter_block; -} - -const char* -iter_state_to_string(enum iter_state state) -{ - switch (state) - { - case INIT_REQUEST_STATE : - return "INIT REQUEST STATE"; - case INIT_REQUEST_2_STATE : - return "INIT REQUEST STATE (stage 2)"; - case INIT_REQUEST_3_STATE: - return "INIT REQUEST STATE (stage 3)"; - case QUERYTARGETS_STATE : - return "QUERY TARGETS STATE"; - case PRIME_RESP_STATE : - return "PRIME RESPONSE STATE"; - case COLLECT_CLASS_STATE : - return "COLLECT CLASS STATE"; - case DSNS_FIND_STATE : - return "DSNS FIND STATE"; - case QUERY_RESP_STATE : - return "QUERY RESPONSE STATE"; - case FINISHED_STATE : - return "FINISHED RESPONSE STATE"; - default : - return "UNKNOWN ITER STATE"; - } -} - -int -iter_state_is_responsestate(enum iter_state s) -{ - switch(s) { - case INIT_REQUEST_STATE : - case INIT_REQUEST_2_STATE : - case INIT_REQUEST_3_STATE : - case QUERYTARGETS_STATE : - case COLLECT_CLASS_STATE : - return 0; - default: - break; - } - return 1; -} diff --git a/external/unbound/iterator/iterator.h b/external/unbound/iterator/iterator.h deleted file mode 100644 index 37b0ab0dc..000000000 --- a/external/unbound/iterator/iterator.h +++ /dev/null @@ -1,449 +0,0 @@ -/* - * iterator/iterator.h - iterative resolver DNS query response module - * - * Copyright (c) 2007, NLnet Labs. All rights reserved. - * - * This software is open source. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * Redistributions of source code must retain the above copyright notice, - * this list of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, - * this list of conditions and the following disclaimer in the documentation - * and/or other materials provided with the distribution. - * - * Neither the name of the NLNET LABS nor the names of its contributors may - * be used to endorse or promote products derived from this software without - * specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR - * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT - * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED - * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR - * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF - * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING - * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -/** - * \file - * - * This file contains a module that performs recusive iterative DNS query - * processing. - */ - -#ifndef ITERATOR_ITERATOR_H -#define ITERATOR_ITERATOR_H -#include "services/outbound_list.h" -#include "util/data/msgreply.h" -#include "util/module.h" -struct delegpt; -struct iter_hints; -struct iter_forwards; -struct iter_donotq; -struct iter_prep_list; -struct iter_priv; -struct rbtree_type; - -/** max number of targets spawned for a query and its subqueries */ -#define MAX_TARGET_COUNT 64 -/** max number of query restarts. Determines max number of CNAME chain. */ -#define MAX_RESTART_COUNT 8 -/** max number of referrals. Makes sure resolver does not run away */ -#define MAX_REFERRAL_COUNT 130 -/** max number of queries-sent-out. Make sure large NS set does not loop */ -#define MAX_SENT_COUNT 32 -/** max number of queries for which to perform dnsseclameness detection, - * (rrsigs misssing detection) after that, just pick up that response */ -#define DNSSEC_LAME_DETECT_COUNT 4 -/** - * max number of QNAME minimisation iterations. Limits number of queries for - * QNAMEs with a lot of labels. -*/ -#define MAX_MINIMISE_COUNT 10 -/* max number of time-outs for minimised query. Prevents resolving failures - * when the QNAME minimisation QTYPE is blocked. */ -#define MAX_MINIMISE_TIMEOUT_COUNT 3 -/** - * number of labels from QNAME that are always send individually when using - * QNAME minimisation, even when the number of labels of the QNAME is bigger - * tham MAX_MINIMISE_COUNT */ -#define MINIMISE_ONE_LAB 4 -#define MINIMISE_MULTIPLE_LABS (MAX_MINIMISE_COUNT - MINIMISE_ONE_LAB) -/** at what query-sent-count to stop target fetch policy */ -#define TARGET_FETCH_STOP 3 -/** how nice is a server without further information, in msec - * Equals rtt initial timeout value. - */ -#define UNKNOWN_SERVER_NICENESS 376 -/** maximum timeout before a host is deemed unsuitable, in msec. - * After host_ttl this will be timed out and the host will be tried again. - * Equals RTT_MAX_TIMEOUT - */ -#define USEFUL_SERVER_TOP_TIMEOUT 120000 -/** number of retries on outgoing queries */ -#define OUTBOUND_MSG_RETRY 5 -/** RTT band, within this amount from the best, servers are chosen randomly. - * Chosen so that the UNKNOWN_SERVER_NICENESS falls within the band of a - * fast server, this causes server exploration as a side benefit. msec. */ -#define RTT_BAND 400 -/** Start value for blacklisting a host, 2*USEFUL_SERVER_TOP_TIMEOUT in sec */ -#define INFRA_BACKOFF_INITIAL 240 - -/** - * Global state for the iterator. - */ -struct iter_env { - /** A flag to indicate whether or not we have an IPv6 route */ - int supports_ipv6; - - /** A flag to indicate whether or not we have an IPv4 route */ - int supports_ipv4; - - /** A set of inetaddrs that should never be queried. */ - struct iter_donotq* donotq; - - /** private address space and private domains */ - struct iter_priv* priv; - - /** whitelist for capsforid names */ - struct rbtree_type* caps_white; - - /** The maximum dependency depth that this resolver will pursue. */ - int max_dependency_depth; - - /** - * The target fetch policy for each dependency level. This is - * described as a simple number (per dependency level): - * negative numbers (usually just -1) mean fetch-all, - * 0 means only fetch on demand, and - * positive numbers mean to fetch at most that many targets. - * array of max_dependency_depth+1 size. - */ - int* target_fetch_policy; - - /** ip6.arpa dname in wireformat, used for qname-minimisation */ - uint8_t* ip6arpa_dname; -}; - -/** - * QNAME minimisation state - */ -enum minimisation_state { - /** - * (Re)start minimisation. Outgoing QNAME should be set to dp->name. - * State entered on new query or after following refferal or CNAME. - */ - INIT_MINIMISE_STATE = 0, - /** - * QNAME minimisataion ongoing. Increase QNAME on every iteration. - */ - MINIMISE_STATE, - /** - * Don't increment QNAME this iteration - */ - SKIP_MINIMISE_STATE, - /** - * Send out full QNAME + original QTYPE - */ - DONOT_MINIMISE_STATE, -}; - -/** - * State of the iterator for a query. - */ -enum iter_state { - /** - * Externally generated queries start at this state. Query restarts are - * reset to this state. - */ - INIT_REQUEST_STATE = 0, - - /** - * Root priming events reactivate here, most other events pass - * through this naturally as the 2nd part of the INIT_REQUEST_STATE. - */ - INIT_REQUEST_2_STATE, - - /** - * Stub priming events reactivate here, most other events pass - * through this naturally as the 3rd part of the INIT_REQUEST_STATE. - */ - INIT_REQUEST_3_STATE, - - /** - * Each time a delegation point changes for a given query or a - * query times out and/or wakes up, this state is (re)visited. - * This state is reponsible for iterating through a list of - * nameserver targets. - */ - QUERYTARGETS_STATE, - - /** - * Responses to queries start at this state. This state handles - * the decision tree associated with handling responses. - */ - QUERY_RESP_STATE, - - /** Responses to priming queries finish at this state. */ - PRIME_RESP_STATE, - - /** Collecting query class information, for qclass=ANY, when - * it spawns off queries for every class, it returns here. */ - COLLECT_CLASS_STATE, - - /** Find NS record to resolve DS record from, walking to the right - * NS spot until we find it */ - DSNS_FIND_STATE, - - /** Responses that are to be returned upstream end at this state. - * As well as responses to target queries. */ - FINISHED_STATE -}; - -/** - * Per query state for the iterator module. - */ -struct iter_qstate { - /** - * State of the iterator module. - * This is the state that event is in or should sent to -- all - * requests should start with the INIT_REQUEST_STATE. All - * responses should start with QUERY_RESP_STATE. Subsequent - * processing of the event will change this state. - */ - enum iter_state state; - - /** - * Final state for the iterator module. - * This is the state that responses should be routed to once the - * response is final. For externally initiated queries, this - * will be FINISHED_STATE, locally initiated queries will have - * different final states. - */ - enum iter_state final_state; - - /** - * The depth of this query, this means the depth of recursion. - * This address is needed for another query, which is an address - * needed for another query, etc. Original client query has depth 0. - */ - int depth; - - /** - * The response - */ - struct dns_msg* response; - - /** - * This is a list of RRsets that must be prepended to the - * ANSWER section of a response before being sent upstream. - */ - struct iter_prep_list* an_prepend_list; - /** Last element of the prepend list */ - struct iter_prep_list* an_prepend_last; - - /** - * This is the list of RRsets that must be prepended to the - * AUTHORITY section of the response before being sent upstream. - */ - struct iter_prep_list* ns_prepend_list; - /** Last element of the authority prepend list */ - struct iter_prep_list* ns_prepend_last; - - /** query name used for chasing the results. Initially the same as - * the state qinfo, but after CNAMEs this will be different. - * The query info used to elicit the results needed. */ - struct query_info qchase; - /** query flags to use when chasing the answer (i.e. RD flag) */ - uint16_t chase_flags; - /** true if we set RD bit because of last resort recursion lame query*/ - int chase_to_rd; - - /** - * This is the current delegation point for an in-progress query. This - * object retains state as to which delegation targets need to be - * (sub)queried for vs which ones have already been visited. - */ - struct delegpt* dp; - - /** state for 0x20 fallback when capsfail happens, 0 not a fallback */ - int caps_fallback; - /** state for capsfail: current server number to try */ - size_t caps_server; - /** state for capsfail: stored query for comparisons. Can be NULL if - * no response had been seen prior to starting the fallback. */ - struct reply_info* caps_reply; - struct dns_msg* caps_response; - - /** Current delegation message - returned for non-RD queries */ - struct dns_msg* deleg_msg; - - /** number of outstanding target sub queries */ - int num_target_queries; - - /** outstanding direct queries */ - int num_current_queries; - - /** the number of times this query has been restarted. */ - int query_restart_count; - - /** the number of times this query as followed a referral. */ - int referral_count; - - /** number of queries fired off */ - int sent_count; - - /** number of target queries spawned in [1], for this query and its - * subqueries, the malloced-array is shared, [0] refcount. */ - int* target_count; - - /** if true, already tested for ratelimiting and passed the test */ - int ratelimit_ok; - - /** - * The query must store NS records from referrals as parentside RRs - * Enabled once it hits resolution problems, to throttle retries. - * If enabled it is the pointer to the old delegation point with - * the old retry counts for bad-nameserver-addresses. - */ - struct delegpt* store_parent_NS; - - /** - * The query is for parent-side glue(A or AAAA) for a nameserver. - * If the item is seen as glue in a referral, and pside_glue is NULL, - * then it is stored in pside_glue for later. - * If it was never seen, at the end, then a negative caching element - * must be created. - * The (data or negative) RR cache element then throttles retries. - */ - int query_for_pside_glue; - /** the parent-side-glue element (NULL if none, its first match) */ - struct ub_packed_rrset_key* pside_glue; - - /** If nonNULL we are walking upwards from DS query to find NS */ - uint8_t* dsns_point; - /** length of the dname in dsns_point */ - size_t dsns_point_len; - - /** - * expected dnssec information for this iteration step. - * If dnssec rrsigs are expected and not given, the server is marked - * lame (dnssec-lame). - */ - int dnssec_expected; - - /** - * We are expecting dnssec information, but we also know the server - * is DNSSEC lame. The response need not be marked dnssec-lame again. - */ - int dnssec_lame_query; - - /** - * This is flag that, if true, means that this event is - * waiting for a stub priming query. - */ - int wait_priming_stub; - - /** - * This is a flag that, if true, means that this query is - * for (re)fetching glue from a zone. Since the address should - * have been glue, query again to the servers that should have - * been returning it as glue. - * The delegation point must be set to the one that should *not* - * be used when creating the state. A higher one will be attempted. - */ - int refetch_glue; - - /** list of pending queries to authoritative servers. */ - struct outbound_list outlist; - - /** QNAME minimisation state, RFC7816 */ - enum minimisation_state minimisation_state; - - /** - * The query info that is sent upstream. Will be a subset of qchase - * when qname minimisation is enabled. - */ - struct query_info qinfo_out; - - /** - * Count number of QNAME minisation iterations. Used to limit number of - * outgoing queries when QNAME minimisation is enabled. - */ - int minimise_count; - - /** - * Count number of time-outs. Used to prevent resolving failures when - * the QNAME minimisation QTYPE is blocked. */ - int minimise_timeout_count; -}; - -/** - * List of prepend items - */ -struct iter_prep_list { - /** next in list */ - struct iter_prep_list* next; - /** rrset */ - struct ub_packed_rrset_key* rrset; -}; - -/** - * Get the iterator function block. - * @return: function block with function pointers to iterator methods. - */ -struct module_func_block* iter_get_funcblock(void); - -/** - * Get iterator state as a string - * @param state: to convert - * @return constant string that is printable. - */ -const char* iter_state_to_string(enum iter_state state); - -/** - * See if iterator state is a response state - * @param s: to inspect - * @return true if response state. - */ -int iter_state_is_responsestate(enum iter_state s); - -/** iterator init */ -int iter_init(struct module_env* env, int id); - -/** iterator deinit */ -void iter_deinit(struct module_env* env, int id); - -/** iterator operate on a query */ -void iter_operate(struct module_qstate* qstate, enum module_ev event, int id, - struct outbound_entry* outbound); - -/** - * Return priming query results to interestes super querystates. - * - * Sets the delegation point and delegation message (not nonRD queries). - * This is a callback from walk_supers. - * - * @param qstate: query state that finished. - * @param id: module id. - * @param super: the qstate to inform. - */ -void iter_inform_super(struct module_qstate* qstate, int id, - struct module_qstate* super); - -/** iterator cleanup query state */ -void iter_clear(struct module_qstate* qstate, int id); - -/** iterator alloc size routine */ -size_t iter_get_mem(struct module_env* env, int id); - -#endif /* ITERATOR_ITERATOR_H */ diff --git a/external/unbound/libunbound/context.c b/external/unbound/libunbound/context.c deleted file mode 100644 index e203111b7..000000000 --- a/external/unbound/libunbound/context.c +++ /dev/null @@ -1,402 +0,0 @@ -/* - * libunbound/context.c - validating context for unbound internal use - * - * Copyright (c) 2007, NLnet Labs. All rights reserved. - * - * This software is open source. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * Redistributions of source code must retain the above copyright notice, - * this list of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, - * this list of conditions and the following disclaimer in the documentation - * and/or other materials provided with the distribution. - * - * Neither the name of the NLNET LABS nor the names of its contributors may - * be used to endorse or promote products derived from this software without - * specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR - * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT - * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED - * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR - * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF - * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING - * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -/** - * \file - * - * This file contains the validator context structure. - */ -#include "config.h" -#include "libunbound/context.h" -#include "util/module.h" -#include "util/config_file.h" -#include "util/net_help.h" -#include "services/modstack.h" -#include "services/localzone.h" -#include "services/cache/rrset.h" -#include "services/cache/infra.h" -#include "util/data/msgreply.h" -#include "util/storage/slabhash.h" -#include "sldns/sbuffer.h" - -int -context_finalize(struct ub_ctx* ctx) -{ - struct config_file* cfg = ctx->env->cfg; - verbosity = cfg->verbosity; - if(ctx->logfile_override) - log_file(ctx->log_out); - else log_init(cfg->logfile, cfg->use_syslog, NULL); - config_apply(cfg); - if(!modstack_setup(&ctx->mods, cfg->module_conf, ctx->env)) - return UB_INITFAIL; - log_edns_known_options(VERB_ALGO, ctx->env); - ctx->local_zones = local_zones_create(); - if(!ctx->local_zones) - return UB_NOMEM; - if(!local_zones_apply_cfg(ctx->local_zones, cfg)) - return UB_INITFAIL; - if(!ctx->env->msg_cache || - cfg->msg_cache_size != slabhash_get_size(ctx->env->msg_cache) || - cfg->msg_cache_slabs != ctx->env->msg_cache->size) { - slabhash_delete(ctx->env->msg_cache); - ctx->env->msg_cache = slabhash_create(cfg->msg_cache_slabs, - HASH_DEFAULT_STARTARRAY, cfg->msg_cache_size, - msgreply_sizefunc, query_info_compare, - query_entry_delete, reply_info_delete, NULL); - if(!ctx->env->msg_cache) - return UB_NOMEM; - } - ctx->env->rrset_cache = rrset_cache_adjust(ctx->env->rrset_cache, - ctx->env->cfg, ctx->env->alloc); - if(!ctx->env->rrset_cache) - return UB_NOMEM; - ctx->env->infra_cache = infra_adjust(ctx->env->infra_cache, cfg); - if(!ctx->env->infra_cache) - return UB_NOMEM; - ctx->finalized = 1; - return UB_NOERROR; -} - -int context_query_cmp(const void* a, const void* b) -{ - if( *(int*)a < *(int*)b ) - return -1; - if( *(int*)a > *(int*)b ) - return 1; - return 0; -} - -void -context_query_delete(struct ctx_query* q) -{ - if(!q) return; - ub_resolve_free(q->res); - free(q->msg); - free(q); -} - -/** How many times to try to find an unused query-id-number for async */ -#define NUM_ID_TRIES 100000 -/** find next useful id number of 0 on error */ -static int -find_id(struct ub_ctx* ctx, int* id) -{ - size_t tries = 0; - ctx->next_querynum++; - while(rbtree_search(&ctx->queries, &ctx->next_querynum)) { - ctx->next_querynum++; /* numerical wraparound is fine */ - if(tries++ > NUM_ID_TRIES) - return 0; - } - *id = ctx->next_querynum; - return 1; -} - -struct ctx_query* -context_new(struct ub_ctx* ctx, const char* name, int rrtype, int rrclass, - ub_callback_type cb, void* cbarg) -{ - struct ctx_query* q = (struct ctx_query*)calloc(1, sizeof(*q)); - if(!q) return NULL; - lock_basic_lock(&ctx->cfglock); - if(!find_id(ctx, &q->querynum)) { - lock_basic_unlock(&ctx->cfglock); - free(q); - return NULL; - } - lock_basic_unlock(&ctx->cfglock); - q->node.key = &q->querynum; - q->async = (cb != NULL); - q->cb = cb; - q->cb_arg = cbarg; - q->res = (struct ub_result*)calloc(1, sizeof(*q->res)); - if(!q->res) { - free(q); - return NULL; - } - q->res->qname = strdup(name); - if(!q->res->qname) { - free(q->res); - free(q); - return NULL; - } - q->res->qtype = rrtype; - q->res->qclass = rrclass; - - /* add to query list */ - lock_basic_lock(&ctx->cfglock); - if(q->async) - ctx->num_async ++; - (void)rbtree_insert(&ctx->queries, &q->node); - lock_basic_unlock(&ctx->cfglock); - return q; -} - -struct alloc_cache* -context_obtain_alloc(struct ub_ctx* ctx, int locking) -{ - struct alloc_cache* a; - int tnum = 0; - if(locking) { - lock_basic_lock(&ctx->cfglock); - } - a = ctx->alloc_list; - if(a) - ctx->alloc_list = a->super; /* snip off list */ - else tnum = ctx->thr_next_num++; - if(locking) { - lock_basic_unlock(&ctx->cfglock); - } - if(a) { - a->super = &ctx->superalloc; - return a; - } - a = (struct alloc_cache*)calloc(1, sizeof(*a)); - if(!a) - return NULL; - alloc_init(a, &ctx->superalloc, tnum); - return a; -} - -void -context_release_alloc(struct ub_ctx* ctx, struct alloc_cache* alloc, - int locking) -{ - if(!ctx || !alloc) - return; - if(locking) { - lock_basic_lock(&ctx->cfglock); - } - alloc->super = ctx->alloc_list; - ctx->alloc_list = alloc; - if(locking) { - lock_basic_unlock(&ctx->cfglock); - } -} - -uint8_t* -context_serialize_new_query(struct ctx_query* q, uint32_t* len) -{ - /* format for new query is - * o uint32 cmd - * o uint32 id - * o uint32 type - * o uint32 class - * o rest queryname (string) - */ - uint8_t* p; - size_t slen = strlen(q->res->qname) + 1/*end of string*/; - *len = sizeof(uint32_t)*4 + slen; - p = (uint8_t*)malloc(*len); - if(!p) return NULL; - sldns_write_uint32(p, UB_LIBCMD_NEWQUERY); - sldns_write_uint32(p+sizeof(uint32_t), (uint32_t)q->querynum); - sldns_write_uint32(p+2*sizeof(uint32_t), (uint32_t)q->res->qtype); - sldns_write_uint32(p+3*sizeof(uint32_t), (uint32_t)q->res->qclass); - memmove(p+4*sizeof(uint32_t), q->res->qname, slen); - return p; -} - -struct ctx_query* -context_deserialize_new_query(struct ub_ctx* ctx, uint8_t* p, uint32_t len) -{ - struct ctx_query* q = (struct ctx_query*)calloc(1, sizeof(*q)); - if(!q) return NULL; - if(len < 4*sizeof(uint32_t)+1) { - free(q); - return NULL; - } - log_assert( sldns_read_uint32(p) == UB_LIBCMD_NEWQUERY); - q->querynum = (int)sldns_read_uint32(p+sizeof(uint32_t)); - q->node.key = &q->querynum; - q->async = 1; - q->res = (struct ub_result*)calloc(1, sizeof(*q->res)); - if(!q->res) { - free(q); - return NULL; - } - q->res->qtype = (int)sldns_read_uint32(p+2*sizeof(uint32_t)); - q->res->qclass = (int)sldns_read_uint32(p+3*sizeof(uint32_t)); - q->res->qname = strdup((char*)(p+4*sizeof(uint32_t))); - if(!q->res->qname) { - free(q->res); - free(q); - return NULL; - } - - /** add to query list */ - ctx->num_async++; - (void)rbtree_insert(&ctx->queries, &q->node); - return q; -} - -struct ctx_query* -context_lookup_new_query(struct ub_ctx* ctx, uint8_t* p, uint32_t len) -{ - struct ctx_query* q; - int querynum; - if(len < 4*sizeof(uint32_t)+1) { - return NULL; - } - log_assert( sldns_read_uint32(p) == UB_LIBCMD_NEWQUERY); - querynum = (int)sldns_read_uint32(p+sizeof(uint32_t)); - q = (struct ctx_query*)rbtree_search(&ctx->queries, &querynum); - if(!q) { - return NULL; - } - log_assert(q->async); - return q; -} - -uint8_t* -context_serialize_answer(struct ctx_query* q, int err, sldns_buffer* pkt, - uint32_t* len) -{ - /* answer format - * o uint32 cmd - * o uint32 id - * o uint32 error_code - * o uint32 msg_security - * o uint32 length of why_bogus string (+1 for eos); 0 absent. - * o why_bogus_string - * o the remainder is the answer msg from resolver lookup. - * remainder can be length 0. - */ - size_t pkt_len = pkt?sldns_buffer_remaining(pkt):0; - size_t wlen = (pkt&&q->res->why_bogus)?strlen(q->res->why_bogus)+1:0; - uint8_t* p; - *len = sizeof(uint32_t)*5 + pkt_len + wlen; - p = (uint8_t*)malloc(*len); - if(!p) return NULL; - sldns_write_uint32(p, UB_LIBCMD_ANSWER); - sldns_write_uint32(p+sizeof(uint32_t), (uint32_t)q->querynum); - sldns_write_uint32(p+2*sizeof(uint32_t), (uint32_t)err); - sldns_write_uint32(p+3*sizeof(uint32_t), (uint32_t)q->msg_security); - sldns_write_uint32(p+4*sizeof(uint32_t), (uint32_t)wlen); - if(wlen > 0) - memmove(p+5*sizeof(uint32_t), q->res->why_bogus, wlen); - if(pkt_len > 0) - memmove(p+5*sizeof(uint32_t)+wlen, - sldns_buffer_begin(pkt), pkt_len); - return p; -} - -struct ctx_query* -context_deserialize_answer(struct ub_ctx* ctx, - uint8_t* p, uint32_t len, int* err) -{ - struct ctx_query* q = NULL ; - int id; - size_t wlen; - if(len < 5*sizeof(uint32_t)) return NULL; - log_assert( sldns_read_uint32(p) == UB_LIBCMD_ANSWER); - id = (int)sldns_read_uint32(p+sizeof(uint32_t)); - q = (struct ctx_query*)rbtree_search(&ctx->queries, &id); - if(!q) return NULL; - *err = (int)sldns_read_uint32(p+2*sizeof(uint32_t)); - q->msg_security = sldns_read_uint32(p+3*sizeof(uint32_t)); - wlen = (size_t)sldns_read_uint32(p+4*sizeof(uint32_t)); - if(len > 5*sizeof(uint32_t) && wlen > 0) { - if(len >= 5*sizeof(uint32_t)+wlen) - q->res->why_bogus = (char*)memdup( - p+5*sizeof(uint32_t), wlen); - if(!q->res->why_bogus) { - /* pass malloc failure to the user callback */ - q->msg_len = 0; - *err = UB_NOMEM; - return q; - } - q->res->why_bogus[wlen-1] = 0; /* zero terminated for sure */ - } - if(len > 5*sizeof(uint32_t)+wlen) { - q->msg_len = len - 5*sizeof(uint32_t) - wlen; - q->msg = (uint8_t*)memdup(p+5*sizeof(uint32_t)+wlen, - q->msg_len); - if(!q->msg) { - /* pass malloc failure to the user callback */ - q->msg_len = 0; - *err = UB_NOMEM; - return q; - } - } - return q; -} - -uint8_t* -context_serialize_cancel(struct ctx_query* q, uint32_t* len) -{ - /* format of cancel: - * o uint32 cmd - * o uint32 async-id */ - uint8_t* p = (uint8_t*)reallocarray(NULL, sizeof(uint32_t), 2); - if(!p) return NULL; - *len = 2*sizeof(uint32_t); - sldns_write_uint32(p, UB_LIBCMD_CANCEL); - sldns_write_uint32(p+sizeof(uint32_t), (uint32_t)q->querynum); - return p; -} - -struct ctx_query* context_deserialize_cancel(struct ub_ctx* ctx, - uint8_t* p, uint32_t len) -{ - struct ctx_query* q; - int id; - if(len != 2*sizeof(uint32_t)) return NULL; - log_assert( sldns_read_uint32(p) == UB_LIBCMD_CANCEL); - id = (int)sldns_read_uint32(p+sizeof(uint32_t)); - q = (struct ctx_query*)rbtree_search(&ctx->queries, &id); - return q; -} - -uint8_t* -context_serialize_quit(uint32_t* len) -{ - uint8_t* p = (uint8_t*)malloc(sizeof(uint32_t)); - if(!p) - return NULL; - *len = sizeof(uint32_t); - sldns_write_uint32(p, UB_LIBCMD_QUIT); - return p; -} - -enum ub_ctx_cmd context_serial_getcmd(uint8_t* p, uint32_t len) -{ - uint32_t v; - if((size_t)len < sizeof(v)) - return UB_LIBCMD_QUIT; - v = sldns_read_uint32(p); - return v; -} diff --git a/external/unbound/libunbound/context.h b/external/unbound/libunbound/context.h deleted file mode 100644 index 1761c4d87..000000000 --- a/external/unbound/libunbound/context.h +++ /dev/null @@ -1,352 +0,0 @@ -/* - * libunbound/context.h - validating context for unbound internal use - * - * Copyright (c) 2007, NLnet Labs. All rights reserved. - * - * This software is open source. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * Redistributions of source code must retain the above copyright notice, - * this list of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, - * this list of conditions and the following disclaimer in the documentation - * and/or other materials provided with the distribution. - * - * Neither the name of the NLNET LABS nor the names of its contributors may - * be used to endorse or promote products derived from this software without - * specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR - * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT - * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED - * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR - * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF - * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING - * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -/** - * \file - * - * This file contains the validator context structure. - */ -#ifndef LIBUNBOUND_CONTEXT_H -#define LIBUNBOUND_CONTEXT_H -#include "util/locks.h" -#include "util/alloc.h" -#include "util/rbtree.h" -#include "services/modstack.h" -#include "libunbound/unbound.h" -#include "util/data/packed_rrset.h" -struct libworker; -struct tube; -struct sldns_buffer; -struct ub_event_base; - -/** - * The context structure - * - * Contains two pipes for async service - * qq : write queries to the async service pid/tid. - * rr : read results from the async service pid/tid. - */ -struct ub_ctx { - /* --- pipes --- */ - /** mutex on query write pipe */ - lock_basic_type qqpipe_lock; - /** the query write pipe */ - struct tube* qq_pipe; - /** mutex on result read pipe */ - lock_basic_type rrpipe_lock; - /** the result read pipe */ - struct tube* rr_pipe; - - /* --- shared data --- */ - /** mutex for access to env.cfg, finalized and dothread */ - lock_basic_type cfglock; - /** - * The context has been finalized - * This is after config when the first resolve is done. - * The modules are inited (module-init()) and shared caches created. - */ - int finalized; - - /** is bg worker created yet ? */ - int created_bg; - /** pid of bg worker process */ - pid_t bg_pid; - /** tid of bg worker thread */ - ub_thread_type bg_tid; - - /** do threading (instead of forking) for async resolution */ - int dothread; - /** next thread number for new threads */ - int thr_next_num; - /** if logfile is overriden */ - int logfile_override; - /** what logfile to use instead */ - FILE* log_out; - /** - * List of alloc-cache-id points per threadnum for notinuse threads. - * Simply the entire struct alloc_cache with the 'super' member used - * to link a simply linked list. Reset super member to the superalloc - * before use. - */ - struct alloc_cache* alloc_list; - - /** shared caches, and so on */ - struct alloc_cache superalloc; - /** module env master value */ - struct module_env* env; - /** module stack */ - struct module_stack mods; - /** local authority zones */ - struct local_zones* local_zones; - /** random state used to seed new random state structures */ - struct ub_randstate* seed_rnd; - - /** event base for event oriented interface */ - struct ub_event_base* event_base; - /** libworker for event based interface */ - struct libworker* event_worker; - - /** next query number (to try) to use */ - int next_querynum; - /** number of async queries outstanding */ - size_t num_async; - /** - * Tree of outstanding queries. Indexed by querynum - * Used when results come in for async to lookup. - * Used when cancel is done for lookup (and delete). - * Used to see if querynum is free for use. - * Content of type ctx_query. - */ - rbtree_type queries; -}; - -/** - * The queries outstanding for the libunbound resolver. - * These are outstanding for async resolution. - * But also, outstanding for sync resolution by one of the threads that - * has joined the threadpool. - */ -struct ctx_query { - /** node in rbtree, must be first entry, key is ptr to the querynum */ - struct rbnode_type node; - /** query id number, key for node */ - int querynum; - /** was this an async query? */ - int async; - /** was this query cancelled (for bg worker) */ - int cancelled; - - /** for async query, the callback function */ - ub_callback_type cb; - /** for async query, the callback user arg */ - void* cb_arg; - - /** answer message, result from resolver lookup. */ - uint8_t* msg; - /** resulting message length. */ - size_t msg_len; - /** validation status on security */ - enum sec_status msg_security; - /** store libworker that is handling this query */ - struct libworker* w; - - /** result structure, also contains original query, type, class. - * malloced ptr ready to hand to the client. */ - struct ub_result* res; -}; - -/** - * The error constants - */ -enum ub_ctx_err { - /** no error */ - UB_NOERROR = 0, - /** socket operation. Set to -1, so that if an error from _fd() is - * passed (-1) it gives a socket error. */ - UB_SOCKET = -1, - /** alloc failure */ - UB_NOMEM = -2, - /** syntax error */ - UB_SYNTAX = -3, - /** DNS service failed */ - UB_SERVFAIL = -4, - /** fork() failed */ - UB_FORKFAIL = -5, - /** cfg change after finalize() */ - UB_AFTERFINAL = -6, - /** initialization failed (bad settings) */ - UB_INITFAIL = -7, - /** error in pipe communication with async bg worker */ - UB_PIPE = -8, - /** error reading from file (resolv.conf) */ - UB_READFILE = -9, - /** error async_id does not exist or result already been delivered */ - UB_NOID = -10 -}; - -/** - * Command codes for libunbound pipe. - * - * Serialization looks like this: - * o length (of remainder) uint32. - * o uint32 command code. - * o per command format. - */ -enum ub_ctx_cmd { - /** QUIT */ - UB_LIBCMD_QUIT = 0, - /** New query, sent to bg worker */ - UB_LIBCMD_NEWQUERY, - /** Cancel query, sent to bg worker */ - UB_LIBCMD_CANCEL, - /** Query result, originates from bg worker */ - UB_LIBCMD_ANSWER -}; - -/** - * finalize a context. - * @param ctx: context to finalize. creates shared data. - * @return 0 if OK, or errcode. - */ -int context_finalize(struct ub_ctx* ctx); - -/** compare two ctx_query elements */ -int context_query_cmp(const void* a, const void* b); - -/** - * delete context query - * @param q: query to delete, including message packet and prealloc result - */ -void context_query_delete(struct ctx_query* q); - -/** - * Create new query in context, add to querynum list. - * @param ctx: context - * @param name: query name - * @param rrtype: type - * @param rrclass: class - * @param cb: callback for async, or NULL for sync. - * @param cbarg: user arg for async queries. - * @return new ctx_query or NULL for malloc failure. - */ -struct ctx_query* context_new(struct ub_ctx* ctx, const char* name, int rrtype, - int rrclass, ub_callback_type cb, void* cbarg); - -/** - * Get a new alloc. Creates a new one or uses a cached one. - * @param ctx: context - * @param locking: if true, cfglock is locked while getting alloc. - * @return an alloc, or NULL on mem error. - */ -struct alloc_cache* context_obtain_alloc(struct ub_ctx* ctx, int locking); - -/** - * Release an alloc. Puts it into the cache. - * @param ctx: context - * @param locking: if true, cfglock is locked while releasing alloc. - * @param alloc: alloc to relinquish. - */ -void context_release_alloc(struct ub_ctx* ctx, struct alloc_cache* alloc, - int locking); - -/** - * Serialize a context query that questions data. - * This serializes the query name, type, ... - * As well as command code 'new_query'. - * @param q: context query - * @param len: the length of the allocation is returned. - * @return: an alloc, or NULL on mem error. - */ -uint8_t* context_serialize_new_query(struct ctx_query* q, uint32_t* len); - -/** - * Serialize a context_query result to hand back to user. - * This serializes the query name, type, ..., and result. - * As well as command code 'answer'. - * @param q: context query - * @param err: error code to pass to client. - * @param pkt: the packet to add, can be NULL. - * @param len: the length of the allocation is returned. - * @return: an alloc, or NULL on mem error. - */ -uint8_t* context_serialize_answer(struct ctx_query* q, int err, - struct sldns_buffer* pkt, uint32_t* len); - -/** - * Serialize a query cancellation. Serializes query async id - * as well as command code 'cancel' - * @param q: context query - * @param len: the length of the allocation is returned. - * @return: an alloc, or NULL on mem error. - */ -uint8_t* context_serialize_cancel(struct ctx_query* q, uint32_t* len); - -/** - * Serialize a 'quit' command. - * @param len: the length of the allocation is returned. - * @return: an alloc, or NULL on mem error. - */ -uint8_t* context_serialize_quit(uint32_t* len); - -/** - * Obtain command code from serialized buffer - * @param p: buffer serialized. - * @param len: length of buffer. - * @return command code or QUIT on error. - */ -enum ub_ctx_cmd context_serial_getcmd(uint8_t* p, uint32_t len); - -/** - * Lookup query from new_query buffer. - * @param ctx: context - * @param p: buffer serialized. - * @param len: length of buffer. - * @return looked up ctx_query or NULL for malloc failure. - */ -struct ctx_query* context_lookup_new_query(struct ub_ctx* ctx, - uint8_t* p, uint32_t len); - -/** - * Deserialize a new_query buffer. - * @param ctx: context - * @param p: buffer serialized. - * @param len: length of buffer. - * @return new ctx_query or NULL for malloc failure. - */ -struct ctx_query* context_deserialize_new_query(struct ub_ctx* ctx, - uint8_t* p, uint32_t len); - -/** - * Deserialize an answer buffer. - * @param ctx: context - * @param p: buffer serialized. - * @param len: length of buffer. - * @param err: error code to be returned to client is passed. - * @return ctx_query with answer added or NULL for malloc failure. - */ -struct ctx_query* context_deserialize_answer(struct ub_ctx* ctx, - uint8_t* p, uint32_t len, int* err); - -/** - * Deserialize a cancel buffer. - * @param ctx: context - * @param p: buffer serialized. - * @param len: length of buffer. - * @return ctx_query to cancel or NULL for failure. - */ -struct ctx_query* context_deserialize_cancel(struct ub_ctx* ctx, - uint8_t* p, uint32_t len); - -#endif /* LIBUNBOUND_CONTEXT_H */ diff --git a/external/unbound/libunbound/libunbound.c b/external/unbound/libunbound/libunbound.c deleted file mode 100644 index eaa31c71c..000000000 --- a/external/unbound/libunbound/libunbound.c +++ /dev/null @@ -1,1382 +0,0 @@ -/* - * unbound.c - unbound validating resolver public API implementation - * - * Copyright (c) 2007, NLnet Labs. All rights reserved. - * - * This software is open source. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * Redistributions of source code must retain the above copyright notice, - * this list of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, - * this list of conditions and the following disclaimer in the documentation - * and/or other materials provided with the distribution. - * - * Neither the name of the NLNET LABS nor the names of its contributors may - * be used to endorse or promote products derived from this software without - * specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR - * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT - * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED - * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR - * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF - * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING - * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -/** - * \file - * - * This file contains functions to resolve DNS queries and - * validate the answers. Synchonously and asynchronously. - * - */ - -/* include the public api first, it should be able to stand alone */ -#include "libunbound/unbound.h" -#include "libunbound/unbound-event.h" -#include "config.h" -#include -#include "libunbound/context.h" -#include "libunbound/libworker.h" -#include "util/locks.h" -#include "util/config_file.h" -#include "util/alloc.h" -#include "util/module.h" -#include "util/regional.h" -#include "util/log.h" -#include "util/random.h" -#include "util/net_help.h" -#include "util/tube.h" -#include "util/ub_event.h" -#include "services/modstack.h" -#include "services/localzone.h" -#include "services/cache/infra.h" -#include "services/cache/rrset.h" -#include "sldns/sbuffer.h" -#ifdef HAVE_PTHREAD -#include -#endif -#ifdef HAVE_SYS_WAIT_H -#include -#endif -#ifdef HAVE_TIME_H -#include -#endif - -#if defined(UB_ON_WINDOWS) && defined (HAVE_WINDOWS_H) -#include -#include -#endif /* UB_ON_WINDOWS */ - -/** create context functionality, but no pipes */ -static struct ub_ctx* ub_ctx_create_nopipe(void) -{ - struct ub_ctx* ctx; - unsigned int seed; -#ifdef USE_WINSOCK - int r; - WSADATA wsa_data; -#endif - - log_init(NULL, 0, NULL); /* logs to stderr */ - log_ident_set("libunbound"); -#ifdef USE_WINSOCK - if((r = WSAStartup(MAKEWORD(2,2), &wsa_data)) != 0) { - log_err("could not init winsock. WSAStartup: %s", - wsa_strerror(r)); - return NULL; - } -#endif - verbosity = 0; /* errors only */ - checklock_start(); - ctx = (struct ub_ctx*)calloc(1, sizeof(*ctx)); - if(!ctx) { - errno = ENOMEM; - return NULL; - } - alloc_init(&ctx->superalloc, NULL, 0); - seed = (unsigned int)time(NULL) ^ (unsigned int)getpid(); - if(!(ctx->seed_rnd = ub_initstate(seed, NULL))) { - seed = 0; - ub_randfree(ctx->seed_rnd); - free(ctx); - errno = ENOMEM; - return NULL; - } - seed = 0; - lock_basic_init(&ctx->qqpipe_lock); - lock_basic_init(&ctx->rrpipe_lock); - lock_basic_init(&ctx->cfglock); - ctx->env = (struct module_env*)calloc(1, sizeof(*ctx->env)); - if(!ctx->env) { - ub_randfree(ctx->seed_rnd); - free(ctx); - errno = ENOMEM; - return NULL; - } - ctx->env->cfg = config_create_forlib(); - if(!ctx->env->cfg) { - free(ctx->env); - ub_randfree(ctx->seed_rnd); - free(ctx); - errno = ENOMEM; - return NULL; - } - /* init edns_known_options */ - if(!edns_known_options_init(ctx->env)) { - config_delete(ctx->env->cfg); - free(ctx->env); - ub_randfree(ctx->seed_rnd); - free(ctx); - errno = ENOMEM; - return NULL; - } - ctx->env->alloc = &ctx->superalloc; - ctx->env->worker = NULL; - ctx->env->need_to_validate = 0; - modstack_init(&ctx->mods); - rbtree_init(&ctx->queries, &context_query_cmp); - return ctx; -} - -struct ub_ctx* -ub_ctx_create(void) -{ - struct ub_ctx* ctx = ub_ctx_create_nopipe(); - if(!ctx) - return NULL; - if((ctx->qq_pipe = tube_create()) == NULL) { - int e = errno; - ub_randfree(ctx->seed_rnd); - config_delete(ctx->env->cfg); - modstack_desetup(&ctx->mods, ctx->env); - edns_known_options_delete(ctx->env); - free(ctx->env); - free(ctx); - errno = e; - return NULL; - } - if((ctx->rr_pipe = tube_create()) == NULL) { - int e = errno; - tube_delete(ctx->qq_pipe); - ub_randfree(ctx->seed_rnd); - config_delete(ctx->env->cfg); - modstack_desetup(&ctx->mods, ctx->env); - edns_known_options_delete(ctx->env); - free(ctx->env); - free(ctx); - errno = e; - return NULL; - } - return ctx; -} - -struct ub_ctx* -ub_ctx_create_ub_event(struct ub_event_base* ueb) -{ - struct ub_ctx* ctx = ub_ctx_create_nopipe(); - if(!ctx) - return NULL; - /* no pipes, but we have the locks to make sure everything works */ - ctx->created_bg = 0; - ctx->dothread = 1; /* the processing is in the same process, - makes ub_cancel and ub_ctx_delete do the right thing */ - ctx->event_base = ueb; - return ctx; -} - -struct ub_ctx* -ub_ctx_create_event(struct event_base* eb) -{ - struct ub_ctx* ctx = ub_ctx_create_nopipe(); - if(!ctx) - return NULL; - /* no pipes, but we have the locks to make sure everything works */ - ctx->created_bg = 0; - ctx->dothread = 1; /* the processing is in the same process, - makes ub_cancel and ub_ctx_delete do the right thing */ - ctx->event_base = ub_libevent_event_base(eb); - if (!ctx->event_base) { - ub_ctx_delete(ctx); - return NULL; - } - return ctx; -} - -/** delete q */ -static void -delq(rbnode_type* n, void* ATTR_UNUSED(arg)) -{ - struct ctx_query* q = (struct ctx_query*)n; - context_query_delete(q); -} - -/** stop the bg thread */ -static void ub_stop_bg(struct ub_ctx* ctx) -{ - /* stop the bg thread */ - lock_basic_lock(&ctx->cfglock); - if(ctx->created_bg) { - uint8_t* msg; - uint32_t len; - uint32_t cmd = UB_LIBCMD_QUIT; - lock_basic_unlock(&ctx->cfglock); - lock_basic_lock(&ctx->qqpipe_lock); - (void)tube_write_msg(ctx->qq_pipe, (uint8_t*)&cmd, - (uint32_t)sizeof(cmd), 0); - lock_basic_unlock(&ctx->qqpipe_lock); - lock_basic_lock(&ctx->rrpipe_lock); - while(tube_read_msg(ctx->rr_pipe, &msg, &len, 0)) { - /* discard all results except a quit confirm */ - if(context_serial_getcmd(msg, len) == UB_LIBCMD_QUIT) { - free(msg); - break; - } - free(msg); - } - lock_basic_unlock(&ctx->rrpipe_lock); - - /* if bg worker is a thread, wait for it to exit, so that all - * resources are really gone. */ - lock_basic_lock(&ctx->cfglock); - if(ctx->dothread) { - lock_basic_unlock(&ctx->cfglock); - ub_thread_join(ctx->bg_tid); - } else { - lock_basic_unlock(&ctx->cfglock); -#ifndef UB_ON_WINDOWS - if(waitpid(ctx->bg_pid, NULL, 0) == -1) { - if(verbosity > 2) - log_err("waitpid: %s", strerror(errno)); - } -#endif - } - } - else { - lock_basic_unlock(&ctx->cfglock); - } -} - -void -ub_ctx_delete(struct ub_ctx* ctx) -{ - struct alloc_cache* a, *na; - int do_stop = 1; - if(!ctx) return; - - /* see if bg thread is created and if threads have been killed */ - /* no locks, because those may be held by terminated threads */ - /* for processes the read pipe is closed and we see that on read */ -#ifdef HAVE_PTHREAD - if(ctx->created_bg && ctx->dothread) { - if(pthread_kill(ctx->bg_tid, 0) == ESRCH) { - /* thread has been killed */ - do_stop = 0; - } - } -#endif /* HAVE_PTHREAD */ - if(do_stop) - ub_stop_bg(ctx); - libworker_delete_event(ctx->event_worker); - - modstack_desetup(&ctx->mods, ctx->env); - a = ctx->alloc_list; - while(a) { - na = a->super; - a->super = &ctx->superalloc; - alloc_clear(a); - free(a); - a = na; - } - local_zones_delete(ctx->local_zones); - lock_basic_destroy(&ctx->qqpipe_lock); - lock_basic_destroy(&ctx->rrpipe_lock); - lock_basic_destroy(&ctx->cfglock); - tube_delete(ctx->qq_pipe); - tube_delete(ctx->rr_pipe); - if(ctx->env) { - slabhash_delete(ctx->env->msg_cache); - rrset_cache_delete(ctx->env->rrset_cache); - infra_delete(ctx->env->infra_cache); - config_delete(ctx->env->cfg); - edns_known_options_delete(ctx->env); - free(ctx->env); - } - ub_randfree(ctx->seed_rnd); - alloc_clear(&ctx->superalloc); - traverse_postorder(&ctx->queries, delq, NULL); - free(ctx); -#ifdef USE_WINSOCK - WSACleanup(); -#endif -} - -int -ub_ctx_set_option(struct ub_ctx* ctx, const char* opt, const char* val) -{ - lock_basic_lock(&ctx->cfglock); - if(ctx->finalized) { - lock_basic_unlock(&ctx->cfglock); - return UB_AFTERFINAL; - } - if(!config_set_option(ctx->env->cfg, opt, val)) { - lock_basic_unlock(&ctx->cfglock); - return UB_SYNTAX; - } - lock_basic_unlock(&ctx->cfglock); - return UB_NOERROR; -} - -int -ub_ctx_get_option(struct ub_ctx* ctx, const char* opt, char** str) -{ - int r; - lock_basic_lock(&ctx->cfglock); - r = config_get_option_collate(ctx->env->cfg, opt, str); - lock_basic_unlock(&ctx->cfglock); - if(r == 0) r = UB_NOERROR; - else if(r == 1) r = UB_SYNTAX; - else if(r == 2) r = UB_NOMEM; - return r; -} - -int -ub_ctx_config(struct ub_ctx* ctx, const char* fname) -{ - lock_basic_lock(&ctx->cfglock); - if(ctx->finalized) { - lock_basic_unlock(&ctx->cfglock); - return UB_AFTERFINAL; - } - if(!config_read(ctx->env->cfg, fname, NULL)) { - lock_basic_unlock(&ctx->cfglock); - return UB_SYNTAX; - } - lock_basic_unlock(&ctx->cfglock); - return UB_NOERROR; -} - -int -ub_ctx_add_ta(struct ub_ctx* ctx, const char* ta) -{ - char* dup = strdup(ta); - if(!dup) return UB_NOMEM; - lock_basic_lock(&ctx->cfglock); - if(ctx->finalized) { - lock_basic_unlock(&ctx->cfglock); - free(dup); - return UB_AFTERFINAL; - } - if(!cfg_strlist_insert(&ctx->env->cfg->trust_anchor_list, dup)) { - lock_basic_unlock(&ctx->cfglock); - free(dup); - return UB_NOMEM; - } - lock_basic_unlock(&ctx->cfglock); - return UB_NOERROR; -} - -int -ub_ctx_add_ta_file(struct ub_ctx* ctx, const char* fname) -{ - char* dup = strdup(fname); - if(!dup) return UB_NOMEM; - lock_basic_lock(&ctx->cfglock); - if(ctx->finalized) { - lock_basic_unlock(&ctx->cfglock); - free(dup); - return UB_AFTERFINAL; - } - if(!cfg_strlist_insert(&ctx->env->cfg->trust_anchor_file_list, dup)) { - lock_basic_unlock(&ctx->cfglock); - free(dup); - return UB_NOMEM; - } - lock_basic_unlock(&ctx->cfglock); - return UB_NOERROR; -} - -int ub_ctx_add_ta_autr(struct ub_ctx* ctx, const char* fname) -{ - char* dup = strdup(fname); - if(!dup) return UB_NOMEM; - lock_basic_lock(&ctx->cfglock); - if(ctx->finalized) { - lock_basic_unlock(&ctx->cfglock); - free(dup); - return UB_AFTERFINAL; - } - if(!cfg_strlist_insert(&ctx->env->cfg->auto_trust_anchor_file_list, - dup)) { - lock_basic_unlock(&ctx->cfglock); - free(dup); - return UB_NOMEM; - } - lock_basic_unlock(&ctx->cfglock); - return UB_NOERROR; -} - -int -ub_ctx_trustedkeys(struct ub_ctx* ctx, const char* fname) -{ - char* dup = strdup(fname); - if(!dup) return UB_NOMEM; - lock_basic_lock(&ctx->cfglock); - if(ctx->finalized) { - lock_basic_unlock(&ctx->cfglock); - free(dup); - return UB_AFTERFINAL; - } - if(!cfg_strlist_insert(&ctx->env->cfg->trusted_keys_file_list, dup)) { - lock_basic_unlock(&ctx->cfglock); - free(dup); - return UB_NOMEM; - } - lock_basic_unlock(&ctx->cfglock); - return UB_NOERROR; -} - -int -ub_ctx_debuglevel(struct ub_ctx* ctx, int d) -{ - lock_basic_lock(&ctx->cfglock); - verbosity = d; - ctx->env->cfg->verbosity = d; - lock_basic_unlock(&ctx->cfglock); - return UB_NOERROR; -} - -int ub_ctx_debugout(struct ub_ctx* ctx, void* out) -{ - lock_basic_lock(&ctx->cfglock); - log_file((FILE*)out); - ctx->logfile_override = 1; - ctx->log_out = out; - lock_basic_unlock(&ctx->cfglock); - return UB_NOERROR; -} - -int -ub_ctx_async(struct ub_ctx* ctx, int dothread) -{ -#ifdef THREADS_DISABLED - if(dothread) /* cannot do threading */ - return UB_NOERROR; -#endif - lock_basic_lock(&ctx->cfglock); - if(ctx->finalized) { - lock_basic_unlock(&ctx->cfglock); - return UB_AFTERFINAL; - } - ctx->dothread = dothread; - lock_basic_unlock(&ctx->cfglock); - return UB_NOERROR; -} - -int -ub_poll(struct ub_ctx* ctx) -{ - /* no need to hold lock while testing for readability. */ - return tube_poll(ctx->rr_pipe); -} - -int -ub_fd(struct ub_ctx* ctx) -{ - return tube_read_fd(ctx->rr_pipe); -} - -/** process answer from bg worker */ -static int -process_answer_detail(struct ub_ctx* ctx, uint8_t* msg, uint32_t len, - ub_callback_type* cb, void** cbarg, int* err, - struct ub_result** res) -{ - struct ctx_query* q; - if(context_serial_getcmd(msg, len) != UB_LIBCMD_ANSWER) { - log_err("error: bad data from bg worker %d", - (int)context_serial_getcmd(msg, len)); - return 0; - } - - lock_basic_lock(&ctx->cfglock); - q = context_deserialize_answer(ctx, msg, len, err); - if(!q) { - lock_basic_unlock(&ctx->cfglock); - /* probably simply the lookup that failed, i.e. - * response returned before cancel was sent out, so noerror */ - return 1; - } - log_assert(q->async); - - /* grab cb while locked */ - if(q->cancelled) { - *cb = NULL; - *cbarg = NULL; - } else { - *cb = q->cb; - *cbarg = q->cb_arg; - } - if(*err) { - *res = NULL; - ub_resolve_free(q->res); - } else { - /* parse the message, extract rcode, fill result */ - sldns_buffer* buf = sldns_buffer_new(q->msg_len); - struct regional* region = regional_create(); - *res = q->res; - (*res)->rcode = LDNS_RCODE_SERVFAIL; - if(region && buf) { - sldns_buffer_clear(buf); - sldns_buffer_write(buf, q->msg, q->msg_len); - sldns_buffer_flip(buf); - libworker_enter_result(*res, buf, region, - q->msg_security); - } - (*res)->answer_packet = q->msg; - (*res)->answer_len = (int)q->msg_len; - q->msg = NULL; - sldns_buffer_free(buf); - regional_destroy(region); - } - q->res = NULL; - /* delete the q from list */ - (void)rbtree_delete(&ctx->queries, q->node.key); - ctx->num_async--; - context_query_delete(q); - lock_basic_unlock(&ctx->cfglock); - - if(*cb) return 2; - ub_resolve_free(*res); - return 1; -} - -/** process answer from bg worker */ -static int -process_answer(struct ub_ctx* ctx, uint8_t* msg, uint32_t len) -{ - int err; - ub_callback_type cb; - void* cbarg; - struct ub_result* res; - int r; - - r = process_answer_detail(ctx, msg, len, &cb, &cbarg, &err, &res); - - /* no locks held while calling callback, so that library is - * re-entrant. */ - if(r == 2) - (*cb)(cbarg, err, res); - - return r; -} - -int -ub_process(struct ub_ctx* ctx) -{ - int r; - uint8_t* msg; - uint32_t len; - while(1) { - msg = NULL; - lock_basic_lock(&ctx->rrpipe_lock); - r = tube_read_msg(ctx->rr_pipe, &msg, &len, 1); - lock_basic_unlock(&ctx->rrpipe_lock); - if(r == 0) - return UB_PIPE; - else if(r == -1) - break; - if(!process_answer(ctx, msg, len)) { - free(msg); - return UB_PIPE; - } - free(msg); - } - return UB_NOERROR; -} - -int -ub_wait(struct ub_ctx* ctx) -{ - int err; - ub_callback_type cb; - void* cbarg; - struct ub_result* res; - int r; - uint8_t* msg; - uint32_t len; - /* this is basically the same loop as _process(), but with changes. - * holds the rrpipe lock and waits with tube_wait */ - while(1) { - lock_basic_lock(&ctx->rrpipe_lock); - lock_basic_lock(&ctx->cfglock); - if(ctx->num_async == 0) { - lock_basic_unlock(&ctx->cfglock); - lock_basic_unlock(&ctx->rrpipe_lock); - break; - } - lock_basic_unlock(&ctx->cfglock); - - /* keep rrpipe locked, while - * o waiting for pipe readable - * o parsing message - * o possibly decrementing num_async - * do callback without lock - */ - r = tube_wait(ctx->rr_pipe); - if(r) { - r = tube_read_msg(ctx->rr_pipe, &msg, &len, 1); - if(r == 0) { - lock_basic_unlock(&ctx->rrpipe_lock); - return UB_PIPE; - } - if(r == -1) { - lock_basic_unlock(&ctx->rrpipe_lock); - continue; - } - r = process_answer_detail(ctx, msg, len, - &cb, &cbarg, &err, &res); - lock_basic_unlock(&ctx->rrpipe_lock); - free(msg); - if(r == 0) - return UB_PIPE; - if(r == 2) - (*cb)(cbarg, err, res); - } else { - lock_basic_unlock(&ctx->rrpipe_lock); - } - } - return UB_NOERROR; -} - -int -ub_resolve(struct ub_ctx* ctx, const char* name, int rrtype, - int rrclass, struct ub_result** result) -{ - struct ctx_query* q; - int r; - *result = NULL; - - lock_basic_lock(&ctx->cfglock); - if(!ctx->finalized) { - r = context_finalize(ctx); - if(r) { - lock_basic_unlock(&ctx->cfglock); - return r; - } - } - /* create new ctx_query and attempt to add to the list */ - lock_basic_unlock(&ctx->cfglock); - q = context_new(ctx, name, rrtype, rrclass, NULL, NULL); - if(!q) - return UB_NOMEM; - /* become a resolver thread for a bit */ - - r = libworker_fg(ctx, q); - if(r) { - lock_basic_lock(&ctx->cfglock); - (void)rbtree_delete(&ctx->queries, q->node.key); - context_query_delete(q); - lock_basic_unlock(&ctx->cfglock); - return r; - } - q->res->answer_packet = q->msg; - q->res->answer_len = (int)q->msg_len; - q->msg = NULL; - *result = q->res; - q->res = NULL; - - lock_basic_lock(&ctx->cfglock); - (void)rbtree_delete(&ctx->queries, q->node.key); - context_query_delete(q); - lock_basic_unlock(&ctx->cfglock); - return UB_NOERROR; -} - -int -ub_resolve_event(struct ub_ctx* ctx, const char* name, int rrtype, - int rrclass, void* mydata, ub_event_callback_type callback, - int* async_id) -{ - struct ctx_query* q; - int r; - - if(async_id) - *async_id = 0; - lock_basic_lock(&ctx->cfglock); - if(!ctx->finalized) { - int r = context_finalize(ctx); - if(r) { - lock_basic_unlock(&ctx->cfglock); - return r; - } - } - lock_basic_unlock(&ctx->cfglock); - if(!ctx->event_worker) { - ctx->event_worker = libworker_create_event(ctx, - ctx->event_base); - if(!ctx->event_worker) { - return UB_INITFAIL; - } - } - - /* set time in case answer comes from cache */ - ub_comm_base_now(ctx->event_worker->base); - - /* create new ctx_query and attempt to add to the list */ - q = context_new(ctx, name, rrtype, rrclass, (ub_callback_type)callback, - mydata); - if(!q) - return UB_NOMEM; - - /* attach to mesh */ - if((r=libworker_attach_mesh(ctx, q, async_id)) != 0) - return r; - return UB_NOERROR; -} - - -int -ub_resolve_async(struct ub_ctx* ctx, const char* name, int rrtype, - int rrclass, void* mydata, ub_callback_type callback, int* async_id) -{ - struct ctx_query* q; - uint8_t* msg = NULL; - uint32_t len = 0; - - if(async_id) - *async_id = 0; - lock_basic_lock(&ctx->cfglock); - if(!ctx->finalized) { - int r = context_finalize(ctx); - if(r) { - lock_basic_unlock(&ctx->cfglock); - return r; - } - } - if(!ctx->created_bg) { - int r; - ctx->created_bg = 1; - lock_basic_unlock(&ctx->cfglock); - r = libworker_bg(ctx); - if(r) { - lock_basic_lock(&ctx->cfglock); - ctx->created_bg = 0; - lock_basic_unlock(&ctx->cfglock); - return r; - } - } else { - lock_basic_unlock(&ctx->cfglock); - } - - /* create new ctx_query and attempt to add to the list */ - q = context_new(ctx, name, rrtype, rrclass, callback, mydata); - if(!q) - return UB_NOMEM; - - /* write over pipe to background worker */ - lock_basic_lock(&ctx->cfglock); - msg = context_serialize_new_query(q, &len); - if(!msg) { - (void)rbtree_delete(&ctx->queries, q->node.key); - ctx->num_async--; - context_query_delete(q); - lock_basic_unlock(&ctx->cfglock); - return UB_NOMEM; - } - if(async_id) - *async_id = q->querynum; - lock_basic_unlock(&ctx->cfglock); - - lock_basic_lock(&ctx->qqpipe_lock); - if(!tube_write_msg(ctx->qq_pipe, msg, len, 0)) { - lock_basic_unlock(&ctx->qqpipe_lock); - free(msg); - return UB_PIPE; - } - lock_basic_unlock(&ctx->qqpipe_lock); - free(msg); - return UB_NOERROR; -} - -int -ub_cancel(struct ub_ctx* ctx, int async_id) -{ - struct ctx_query* q; - uint8_t* msg = NULL; - uint32_t len = 0; - lock_basic_lock(&ctx->cfglock); - q = (struct ctx_query*)rbtree_search(&ctx->queries, &async_id); - if(!q || !q->async) { - /* it is not there, so nothing to do */ - lock_basic_unlock(&ctx->cfglock); - return UB_NOID; - } - log_assert(q->async); - q->cancelled = 1; - - /* delete it */ - if(!ctx->dothread) { /* if forked */ - (void)rbtree_delete(&ctx->queries, q->node.key); - ctx->num_async--; - msg = context_serialize_cancel(q, &len); - context_query_delete(q); - lock_basic_unlock(&ctx->cfglock); - if(!msg) { - return UB_NOMEM; - } - /* send cancel to background worker */ - lock_basic_lock(&ctx->qqpipe_lock); - if(!tube_write_msg(ctx->qq_pipe, msg, len, 0)) { - lock_basic_unlock(&ctx->qqpipe_lock); - free(msg); - return UB_PIPE; - } - lock_basic_unlock(&ctx->qqpipe_lock); - free(msg); - } else { - lock_basic_unlock(&ctx->cfglock); - } - return UB_NOERROR; -} - -void -ub_resolve_free(struct ub_result* result) -{ - char** p; - if(!result) return; - free(result->qname); - if(result->canonname != result->qname) - free(result->canonname); - if(result->data) - for(p = result->data; *p; p++) - free(*p); - free(result->data); - free(result->len); - free(result->answer_packet); - free(result->why_bogus); - free(result); -} - -const char* -ub_strerror(int err) -{ - switch(err) { - case UB_NOERROR: return "no error"; - case UB_SOCKET: return "socket io error"; - case UB_NOMEM: return "out of memory"; - case UB_SYNTAX: return "syntax error"; - case UB_SERVFAIL: return "server failure"; - case UB_FORKFAIL: return "could not fork"; - case UB_INITFAIL: return "initialization failure"; - case UB_AFTERFINAL: return "setting change after finalize"; - case UB_PIPE: return "error in pipe communication with async"; - case UB_READFILE: return "error reading file"; - case UB_NOID: return "error async_id does not exist"; - default: return "unknown error"; - } -} - -int -ub_ctx_set_fwd(struct ub_ctx* ctx, const char* addr) -{ - struct sockaddr_storage storage; - socklen_t stlen; - struct config_stub* s; - char* dupl; - lock_basic_lock(&ctx->cfglock); - if(ctx->finalized) { - lock_basic_unlock(&ctx->cfglock); - errno=EINVAL; - return UB_AFTERFINAL; - } - if(!addr) { - /* disable fwd mode - the root stub should be first. */ - if(ctx->env->cfg->forwards && - strcmp(ctx->env->cfg->forwards->name, ".") == 0) { - s = ctx->env->cfg->forwards; - ctx->env->cfg->forwards = s->next; - s->next = NULL; - config_delstubs(s); - } - lock_basic_unlock(&ctx->cfglock); - return UB_NOERROR; - } - lock_basic_unlock(&ctx->cfglock); - - /* check syntax for addr */ - if(!extstrtoaddr(addr, &storage, &stlen)) { - errno=EINVAL; - return UB_SYNTAX; - } - - /* it parses, add root stub in front of list */ - lock_basic_lock(&ctx->cfglock); - if(!ctx->env->cfg->forwards || - strcmp(ctx->env->cfg->forwards->name, ".") != 0) { - s = calloc(1, sizeof(*s)); - if(!s) { - lock_basic_unlock(&ctx->cfglock); - errno=ENOMEM; - return UB_NOMEM; - } - s->name = strdup("."); - if(!s->name) { - free(s); - lock_basic_unlock(&ctx->cfglock); - errno=ENOMEM; - return UB_NOMEM; - } - s->next = ctx->env->cfg->forwards; - ctx->env->cfg->forwards = s; - } else { - log_assert(ctx->env->cfg->forwards); - s = ctx->env->cfg->forwards; - } - dupl = strdup(addr); - if(!dupl) { - lock_basic_unlock(&ctx->cfglock); - errno=ENOMEM; - return UB_NOMEM; - } - if(!cfg_strlist_insert(&s->addrs, dupl)) { - free(dupl); - lock_basic_unlock(&ctx->cfglock); - errno=ENOMEM; - return UB_NOMEM; - } - lock_basic_unlock(&ctx->cfglock); - return UB_NOERROR; -} - -int ub_ctx_set_stub(struct ub_ctx* ctx, const char* zone, const char* addr, - int isprime) -{ - char* a; - struct config_stub **prev, *elem; - - /* check syntax for zone name */ - if(zone) { - uint8_t* nm; - int nmlabs; - size_t nmlen; - if(!parse_dname(zone, &nm, &nmlen, &nmlabs)) { - errno=EINVAL; - return UB_SYNTAX; - } - free(nm); - } else { - zone = "."; - } - - /* check syntax for addr (if not NULL) */ - if(addr) { - struct sockaddr_storage storage; - socklen_t stlen; - if(!extstrtoaddr(addr, &storage, &stlen)) { - errno=EINVAL; - return UB_SYNTAX; - } - } - - lock_basic_lock(&ctx->cfglock); - if(ctx->finalized) { - lock_basic_unlock(&ctx->cfglock); - errno=EINVAL; - return UB_AFTERFINAL; - } - - /* arguments all right, now find or add the stub */ - prev = &ctx->env->cfg->stubs; - elem = cfg_stub_find(&prev, zone); - if(!elem && !addr) { - /* not found and we want to delete, nothing to do */ - lock_basic_unlock(&ctx->cfglock); - return UB_NOERROR; - } else if(elem && !addr) { - /* found, and we want to delete */ - *prev = elem->next; - config_delstub(elem); - lock_basic_unlock(&ctx->cfglock); - return UB_NOERROR; - } else if(!elem) { - /* not found, create the stub entry */ - elem=(struct config_stub*)calloc(1, sizeof(struct config_stub)); - if(elem) elem->name = strdup(zone); - if(!elem || !elem->name) { - free(elem); - lock_basic_unlock(&ctx->cfglock); - errno = ENOMEM; - return UB_NOMEM; - } - elem->next = ctx->env->cfg->stubs; - ctx->env->cfg->stubs = elem; - } - - /* add the address to the list and set settings */ - elem->isprime = isprime; - a = strdup(addr); - if(!a) { - lock_basic_unlock(&ctx->cfglock); - errno = ENOMEM; - return UB_NOMEM; - } - if(!cfg_strlist_insert(&elem->addrs, a)) { - lock_basic_unlock(&ctx->cfglock); - free(a); - errno = ENOMEM; - return UB_NOMEM; - } - lock_basic_unlock(&ctx->cfglock); - return UB_NOERROR; -} - -int -ub_ctx_resolvconf(struct ub_ctx* ctx, const char* fname) -{ - FILE* in; - int numserv = 0; - char buf[1024]; - char* parse, *addr; - int r; - - if(fname == NULL) { -#if !defined(UB_ON_WINDOWS) || !defined(HAVE_WINDOWS_H) - fname = "/etc/resolv.conf"; -#else - FIXED_INFO *info; - ULONG buflen = sizeof(*info); - IP_ADDR_STRING *ptr; - - info = (FIXED_INFO *) malloc(sizeof (FIXED_INFO)); - if (info == NULL) - return UB_READFILE; - - if (GetNetworkParams(info, &buflen) == ERROR_BUFFER_OVERFLOW) { - free(info); - info = (FIXED_INFO *) malloc(buflen); - if (info == NULL) - return UB_READFILE; - } - - if (GetNetworkParams(info, &buflen) == NO_ERROR) { - int retval=0; - ptr = &(info->DnsServerList); - while (ptr) { - numserv++; - if((retval=ub_ctx_set_fwd(ctx, - ptr->IpAddress.String))!=0) { - free(info); - return retval; - } - ptr = ptr->Next; - } - free(info); - if (numserv==0) - return UB_READFILE; - return UB_NOERROR; - } - free(info); - return UB_READFILE; -#endif /* WINDOWS */ - } - in = fopen(fname, "r"); - if(!in) { - /* error in errno! perror(fname) */ - return UB_READFILE; - } - while(fgets(buf, (int)sizeof(buf), in)) { - buf[sizeof(buf)-1] = 0; - parse=buf; - while(*parse == ' ' || *parse == '\t') - parse++; - if(strncmp(parse, "nameserver", 10) == 0) { - numserv++; - parse += 10; /* skip 'nameserver' */ - /* skip whitespace */ - while(*parse == ' ' || *parse == '\t') - parse++; - addr = parse; - /* skip [0-9a-fA-F.:]*, i.e. IP4 and IP6 address */ - while(isxdigit((unsigned char)*parse) || *parse=='.' || *parse==':') - parse++; - /* terminate after the address, remove newline */ - *parse = 0; - - if((r = ub_ctx_set_fwd(ctx, addr)) != UB_NOERROR) { - fclose(in); - return r; - } - } - } - fclose(in); - if(numserv == 0) { - /* from resolv.conf(5) if none given, use localhost */ - return ub_ctx_set_fwd(ctx, "127.0.0.1"); - } - return UB_NOERROR; -} - -int -ub_ctx_hosts(struct ub_ctx* ctx, const char* fname) -{ - FILE* in; - char buf[1024], ldata[1024]; - char* parse, *addr, *name, *ins; - lock_basic_lock(&ctx->cfglock); - if(ctx->finalized) { - lock_basic_unlock(&ctx->cfglock); - errno=EINVAL; - return UB_AFTERFINAL; - } - lock_basic_unlock(&ctx->cfglock); - if(fname == NULL) { -#if defined(UB_ON_WINDOWS) && defined(HAVE_WINDOWS_H) - /* - * If this is Windows NT/XP/2K it's in - * %WINDIR%\system32\drivers\etc\hosts. - * If this is Windows 95/98/Me it's in %WINDIR%\hosts. - */ - name = getenv("WINDIR"); - if (name != NULL) { - int retval=0; - snprintf(buf, sizeof(buf), "%s%s", name, - "\\system32\\drivers\\etc\\hosts"); - if((retval=ub_ctx_hosts(ctx, buf)) !=0 ) { - snprintf(buf, sizeof(buf), "%s%s", name, - "\\hosts"); - retval=ub_ctx_hosts(ctx, buf); - } - return retval; - } - return UB_READFILE; -#else - fname = "/etc/hosts"; -#endif /* WIN32 */ - } - in = fopen(fname, "r"); - if(!in) { - /* error in errno! perror(fname) */ - return UB_READFILE; - } - while(fgets(buf, (int)sizeof(buf), in)) { - buf[sizeof(buf)-1] = 0; - parse=buf; - while(*parse == ' ' || *parse == '\t') - parse++; - if(*parse == '#') - continue; /* skip comment */ - /* format: spaces spaces ... */ - addr = parse; - /* skip addr */ - while(isxdigit((unsigned char)*parse) || *parse == '.' || *parse == ':') - parse++; - if(*parse == '\r') - parse++; - if(*parse == '\n' || *parse == 0) - continue; - if(*parse == '%') - continue; /* ignore macOSX fe80::1%lo0 localhost */ - if(*parse != ' ' && *parse != '\t') { - /* must have whitespace after address */ - fclose(in); - errno=EINVAL; - return UB_SYNTAX; - } - *parse++ = 0; /* end delimiter for addr ... */ - /* go to names and add them */ - while(*parse) { - while(*parse == ' ' || *parse == '\t' || *parse=='\n' - || *parse=='\r') - parse++; - if(*parse == 0 || *parse == '#') - break; - /* skip name, allows (too) many printable characters */ - name = parse; - while('!' <= *parse && *parse <= '~') - parse++; - if(*parse) - *parse++ = 0; /* end delimiter for name */ - snprintf(ldata, sizeof(ldata), "%s %s %s", - name, str_is_ip6(addr)?"AAAA":"A", addr); - ins = strdup(ldata); - if(!ins) { - /* out of memory */ - fclose(in); - errno=ENOMEM; - return UB_NOMEM; - } - lock_basic_lock(&ctx->cfglock); - if(!cfg_strlist_insert(&ctx->env->cfg->local_data, - ins)) { - lock_basic_unlock(&ctx->cfglock); - fclose(in); - free(ins); - errno=ENOMEM; - return UB_NOMEM; - } - lock_basic_unlock(&ctx->cfglock); - } - } - fclose(in); - return UB_NOERROR; -} - -/** finalize the context, if not already finalized */ -static int ub_ctx_finalize(struct ub_ctx* ctx) -{ - int res = 0; - lock_basic_lock(&ctx->cfglock); - if (!ctx->finalized) { - res = context_finalize(ctx); - } - lock_basic_unlock(&ctx->cfglock); - return res; -} - -/* Print local zones and RR data */ -int ub_ctx_print_local_zones(struct ub_ctx* ctx) -{ - int res = ub_ctx_finalize(ctx); - if (res) return res; - - local_zones_print(ctx->local_zones); - - return UB_NOERROR; -} - -/* Add a new zone */ -int ub_ctx_zone_add(struct ub_ctx* ctx, const char *zone_name, - const char *zone_type) -{ - enum localzone_type t; - struct local_zone* z; - uint8_t* nm; - int nmlabs; - size_t nmlen; - - int res = ub_ctx_finalize(ctx); - if (res) return res; - - if(!local_zone_str2type(zone_type, &t)) { - return UB_SYNTAX; - } - - if(!parse_dname(zone_name, &nm, &nmlen, &nmlabs)) { - return UB_SYNTAX; - } - - lock_rw_wrlock(&ctx->local_zones->lock); - if((z=local_zones_find(ctx->local_zones, nm, nmlen, nmlabs, - LDNS_RR_CLASS_IN))) { - /* already present in tree */ - lock_rw_wrlock(&z->lock); - z->type = t; /* update type anyway */ - lock_rw_unlock(&z->lock); - lock_rw_unlock(&ctx->local_zones->lock); - free(nm); - return UB_NOERROR; - } - if(!local_zones_add_zone(ctx->local_zones, nm, nmlen, nmlabs, - LDNS_RR_CLASS_IN, t)) { - lock_rw_unlock(&ctx->local_zones->lock); - return UB_NOMEM; - } - lock_rw_unlock(&ctx->local_zones->lock); - return UB_NOERROR; -} - -/* Remove zone */ -int ub_ctx_zone_remove(struct ub_ctx* ctx, const char *zone_name) -{ - struct local_zone* z; - uint8_t* nm; - int nmlabs; - size_t nmlen; - - int res = ub_ctx_finalize(ctx); - if (res) return res; - - if(!parse_dname(zone_name, &nm, &nmlen, &nmlabs)) { - return UB_SYNTAX; - } - - lock_rw_wrlock(&ctx->local_zones->lock); - if((z=local_zones_find(ctx->local_zones, nm, nmlen, nmlabs, - LDNS_RR_CLASS_IN))) { - /* present in tree */ - local_zones_del_zone(ctx->local_zones, z); - } - lock_rw_unlock(&ctx->local_zones->lock); - free(nm); - return UB_NOERROR; -} - -/* Add new RR data */ -int ub_ctx_data_add(struct ub_ctx* ctx, const char *data) -{ - int res = ub_ctx_finalize(ctx); - if (res) return res; - - res = local_zones_add_RR(ctx->local_zones, data); - return (!res) ? UB_NOMEM : UB_NOERROR; -} - -/* Remove RR data */ -int ub_ctx_data_remove(struct ub_ctx* ctx, const char *data) -{ - uint8_t* nm; - int nmlabs; - size_t nmlen; - int res = ub_ctx_finalize(ctx); - if (res) return res; - - if(!parse_dname(data, &nm, &nmlen, &nmlabs)) - return UB_SYNTAX; - - local_zones_del_data(ctx->local_zones, nm, nmlen, nmlabs, - LDNS_RR_CLASS_IN); - - free(nm); - return UB_NOERROR; -} - -const char* ub_version(void) -{ - return PACKAGE_VERSION; -} - -int -ub_ctx_set_event(struct ub_ctx* ctx, struct event_base* base) { - struct ub_event_base* new_base; - - if (!ctx || !ctx->event_base || !base) { - return UB_INITFAIL; - } - if (ub_libevent_get_event_base(ctx->event_base) == base) { - /* already set */ - return UB_NOERROR; - } - - lock_basic_lock(&ctx->cfglock); - /* destroy the current worker - safe to pass in NULL */ - libworker_delete_event(ctx->event_worker); - ctx->event_worker = NULL; - new_base = ub_libevent_event_base(base); - if (new_base) - ctx->event_base = new_base; - ctx->created_bg = 0; - ctx->dothread = 1; - lock_basic_unlock(&ctx->cfglock); - return new_base ? UB_NOERROR : UB_INITFAIL; -} diff --git a/external/unbound/libunbound/libworker.c b/external/unbound/libunbound/libworker.c deleted file mode 100644 index b42ba0bd8..000000000 --- a/external/unbound/libunbound/libworker.c +++ /dev/null @@ -1,1031 +0,0 @@ -/* - * libunbound/worker.c - worker thread or process that resolves - * - * Copyright (c) 2007, NLnet Labs. All rights reserved. - * - * This software is open source. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * Redistributions of source code must retain the above copyright notice, - * this list of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, - * this list of conditions and the following disclaimer in the documentation - * and/or other materials provided with the distribution. - * - * Neither the name of the NLNET LABS nor the names of its contributors may - * be used to endorse or promote products derived from this software without - * specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR - * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT - * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED - * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR - * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF - * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING - * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -/** - * \file - * - * This file contains the worker process or thread that performs - * the DNS resolving and validation. The worker is called by a procedure - * and if in the background continues until exit, if in the foreground - * returns from the procedure when done. - */ -#include "config.h" -#ifdef HAVE_SSL -#include -#endif -#include "libunbound/libworker.h" -#include "libunbound/context.h" -#include "libunbound/unbound.h" -#include "libunbound/worker.h" -#include "libunbound/unbound-event.h" -#include "services/outside_network.h" -#include "services/mesh.h" -#include "services/localzone.h" -#include "services/cache/rrset.h" -#include "services/outbound_list.h" -#include "util/fptr_wlist.h" -#include "util/module.h" -#include "util/regional.h" -#include "util/random.h" -#include "util/config_file.h" -#include "util/netevent.h" -#include "util/storage/lookup3.h" -#include "util/storage/slabhash.h" -#include "util/net_help.h" -#include "util/data/dname.h" -#include "util/data/msgreply.h" -#include "util/data/msgencode.h" -#include "util/tube.h" -#include "iterator/iter_fwd.h" -#include "iterator/iter_hints.h" -#include "sldns/sbuffer.h" -#include "sldns/str2wire.h" - -/** handle new query command for bg worker */ -static void handle_newq(struct libworker* w, uint8_t* buf, uint32_t len); - -/** delete libworker env */ -static void -libworker_delete_env(struct libworker* w) -{ - if(w->env) { - outside_network_quit_prepare(w->back); - mesh_delete(w->env->mesh); - context_release_alloc(w->ctx, w->env->alloc, - !w->is_bg || w->is_bg_thread); - sldns_buffer_free(w->env->scratch_buffer); - regional_destroy(w->env->scratch); - forwards_delete(w->env->fwds); - hints_delete(w->env->hints); - ub_randfree(w->env->rnd); - free(w->env); - } -#ifdef HAVE_SSL - SSL_CTX_free(w->sslctx); -#endif - outside_network_delete(w->back); -} - -/** delete libworker struct */ -static void -libworker_delete(struct libworker* w) -{ - if(!w) return; - libworker_delete_env(w); - comm_base_delete(w->base); - free(w); -} - -void -libworker_delete_event(struct libworker* w) -{ - if(!w) return; - libworker_delete_env(w); - comm_base_delete_no_base(w->base); - free(w); -} - -/** setup fresh libworker struct */ -static struct libworker* -libworker_setup(struct ub_ctx* ctx, int is_bg, struct ub_event_base* eb) -{ - unsigned int seed; - struct libworker* w = (struct libworker*)calloc(1, sizeof(*w)); - struct config_file* cfg = ctx->env->cfg; - int* ports; - int numports; - if(!w) return NULL; - w->is_bg = is_bg; - w->ctx = ctx; - w->env = (struct module_env*)malloc(sizeof(*w->env)); - if(!w->env) { - free(w); - return NULL; - } - *w->env = *ctx->env; - w->env->alloc = context_obtain_alloc(ctx, !w->is_bg || w->is_bg_thread); - if(!w->env->alloc) { - libworker_delete(w); - return NULL; - } - w->thread_num = w->env->alloc->thread_num; - alloc_set_id_cleanup(w->env->alloc, &libworker_alloc_cleanup, w); - if(!w->is_bg || w->is_bg_thread) { - lock_basic_lock(&ctx->cfglock); - } - w->env->scratch = regional_create_custom(cfg->msg_buffer_size); - w->env->scratch_buffer = sldns_buffer_new(cfg->msg_buffer_size); - w->env->fwds = forwards_create(); - if(w->env->fwds && !forwards_apply_cfg(w->env->fwds, cfg)) { - forwards_delete(w->env->fwds); - w->env->fwds = NULL; - } - w->env->hints = hints_create(); - if(w->env->hints && !hints_apply_cfg(w->env->hints, cfg)) { - hints_delete(w->env->hints); - w->env->hints = NULL; - } - if(cfg->ssl_upstream) { - w->sslctx = connect_sslctx_create(NULL, NULL, NULL); - if(!w->sslctx) { - /* to make the setup fail after unlock */ - hints_delete(w->env->hints); - w->env->hints = NULL; - } - } - if(!w->is_bg || w->is_bg_thread) { - lock_basic_unlock(&ctx->cfglock); - } - if(!w->env->scratch || !w->env->scratch_buffer || !w->env->fwds || - !w->env->hints) { - libworker_delete(w); - return NULL; - } - w->env->worker = (struct worker*)w; - w->env->probe_timer = NULL; - seed = (unsigned int)time(NULL) ^ (unsigned int)getpid() ^ - (((unsigned int)w->thread_num)<<17); - seed ^= (unsigned int)w->env->alloc->next_id; - if(!w->is_bg || w->is_bg_thread) { - lock_basic_lock(&ctx->cfglock); - } - if(!(w->env->rnd = ub_initstate(seed, ctx->seed_rnd))) { - if(!w->is_bg || w->is_bg_thread) { - lock_basic_unlock(&ctx->cfglock); - } - seed = 0; - libworker_delete(w); - return NULL; - } - if(!w->is_bg || w->is_bg_thread) { - lock_basic_unlock(&ctx->cfglock); - } - if(1) { - /* primitive lockout for threading: if it overwrites another - * thread it is like wiping the cache (which is likely empty - * at the start) */ - /* note we are holding the ctx lock in normal threaded - * cases so that is solved properly, it is only for many ctx - * in different threads that this may clash */ - static int done_raninit = 0; - if(!done_raninit) { - done_raninit = 1; - hash_set_raninit((uint32_t)ub_random(w->env->rnd)); - } - } - seed = 0; - - if(eb) - w->base = comm_base_create_event(eb); - else w->base = comm_base_create(0); - if(!w->base) { - libworker_delete(w); - return NULL; - } - if(!w->is_bg || w->is_bg_thread) { - lock_basic_lock(&ctx->cfglock); - } - numports = cfg_condense_ports(cfg, &ports); - if(numports == 0) { - int locked = !w->is_bg || w->is_bg_thread; - libworker_delete(w); - if(locked) { - lock_basic_unlock(&ctx->cfglock); - } - return NULL; - } - w->back = outside_network_create(w->base, cfg->msg_buffer_size, - (size_t)cfg->outgoing_num_ports, cfg->out_ifs, - cfg->num_out_ifs, cfg->do_ip4, cfg->do_ip6, - cfg->do_tcp?cfg->outgoing_num_tcp:0, - w->env->infra_cache, w->env->rnd, cfg->use_caps_bits_for_id, - ports, numports, cfg->unwanted_threshold, - cfg->outgoing_tcp_mss, - &libworker_alloc_cleanup, w, cfg->do_udp, w->sslctx, - cfg->delay_close, NULL); - if(!w->is_bg || w->is_bg_thread) { - lock_basic_unlock(&ctx->cfglock); - } - free(ports); - if(!w->back) { - libworker_delete(w); - return NULL; - } - w->env->mesh = mesh_create(&ctx->mods, w->env); - if(!w->env->mesh) { - libworker_delete(w); - return NULL; - } - w->env->send_query = &libworker_send_query; - w->env->detach_subs = &mesh_detach_subs; - w->env->attach_sub = &mesh_attach_sub; - w->env->kill_sub = &mesh_state_delete; - w->env->detect_cycle = &mesh_detect_cycle; - comm_base_timept(w->base, &w->env->now, &w->env->now_tv); - return w; -} - -struct libworker* libworker_create_event(struct ub_ctx* ctx, - struct ub_event_base* eb) -{ - return libworker_setup(ctx, 0, eb); -} - -/** handle cancel command for bg worker */ -static void -handle_cancel(struct libworker* w, uint8_t* buf, uint32_t len) -{ - struct ctx_query* q; - if(w->is_bg_thread) { - lock_basic_lock(&w->ctx->cfglock); - q = context_deserialize_cancel(w->ctx, buf, len); - lock_basic_unlock(&w->ctx->cfglock); - } else { - q = context_deserialize_cancel(w->ctx, buf, len); - } - if(!q) { - /* probably simply lookup failed, i.e. the message had been - * processed and answered before the cancel arrived */ - return; - } - q->cancelled = 1; - free(buf); -} - -/** do control command coming into bg server */ -static void -libworker_do_cmd(struct libworker* w, uint8_t* msg, uint32_t len) -{ - switch(context_serial_getcmd(msg, len)) { - default: - case UB_LIBCMD_ANSWER: - log_err("unknown command for bg worker %d", - (int)context_serial_getcmd(msg, len)); - /* and fall through to quit */ - case UB_LIBCMD_QUIT: - free(msg); - comm_base_exit(w->base); - break; - case UB_LIBCMD_NEWQUERY: - handle_newq(w, msg, len); - break; - case UB_LIBCMD_CANCEL: - handle_cancel(w, msg, len); - break; - } -} - -/** handle control command coming into server */ -void -libworker_handle_control_cmd(struct tube* ATTR_UNUSED(tube), - uint8_t* msg, size_t len, int err, void* arg) -{ - struct libworker* w = (struct libworker*)arg; - - if(err != 0) { - free(msg); - /* it is of no use to go on, exit */ - comm_base_exit(w->base); - return; - } - libworker_do_cmd(w, msg, len); /* also frees the buf */ -} - -/** the background thread func */ -static void* -libworker_dobg(void* arg) -{ - /* setup */ - uint32_t m; - struct libworker* w = (struct libworker*)arg; - struct ub_ctx* ctx; - if(!w) { - log_err("libunbound bg worker init failed, nomem"); - return NULL; - } - ctx = w->ctx; - log_thread_set(&w->thread_num); -#ifdef THREADS_DISABLED - /* we are forked */ - w->is_bg_thread = 0; - /* close non-used parts of the pipes */ - tube_close_write(ctx->qq_pipe); - tube_close_read(ctx->rr_pipe); -#endif - if(!tube_setup_bg_listen(ctx->qq_pipe, w->base, - libworker_handle_control_cmd, w)) { - log_err("libunbound bg worker init failed, no bglisten"); - return NULL; - } - if(!tube_setup_bg_write(ctx->rr_pipe, w->base)) { - log_err("libunbound bg worker init failed, no bgwrite"); - return NULL; - } - - /* do the work */ - comm_base_dispatch(w->base); - - /* cleanup */ - m = UB_LIBCMD_QUIT; - tube_remove_bg_listen(w->ctx->qq_pipe); - tube_remove_bg_write(w->ctx->rr_pipe); - libworker_delete(w); - (void)tube_write_msg(ctx->rr_pipe, (uint8_t*)&m, - (uint32_t)sizeof(m), 0); -#ifdef THREADS_DISABLED - /* close pipes from forked process before exit */ - tube_close_read(ctx->qq_pipe); - tube_close_write(ctx->rr_pipe); -#endif - return NULL; -} - -int libworker_bg(struct ub_ctx* ctx) -{ - struct libworker* w; - /* fork or threadcreate */ - lock_basic_lock(&ctx->cfglock); - if(ctx->dothread) { - lock_basic_unlock(&ctx->cfglock); - w = libworker_setup(ctx, 1, NULL); - if(!w) return UB_NOMEM; - w->is_bg_thread = 1; -#ifdef ENABLE_LOCK_CHECKS - w->thread_num = 1; /* for nicer DEBUG checklocks */ -#endif - ub_thread_create(&ctx->bg_tid, libworker_dobg, w); - } else { - lock_basic_unlock(&ctx->cfglock); -#ifndef HAVE_FORK - /* no fork on windows */ - return UB_FORKFAIL; -#else /* HAVE_FORK */ - switch((ctx->bg_pid=fork())) { - case 0: - w = libworker_setup(ctx, 1, NULL); - if(!w) fatal_exit("out of memory"); - /* close non-used parts of the pipes */ - tube_close_write(ctx->qq_pipe); - tube_close_read(ctx->rr_pipe); - (void)libworker_dobg(w); - exit(0); - break; - case -1: - return UB_FORKFAIL; - default: - /* close non-used parts, so that the worker - * bgprocess gets 'pipe closed' when the - * main process exits */ - tube_close_read(ctx->qq_pipe); - tube_close_write(ctx->rr_pipe); - break; - } -#endif /* HAVE_FORK */ - } - return UB_NOERROR; -} - -/** get msg reply struct (in temp region) */ -static struct reply_info* -parse_reply(sldns_buffer* pkt, struct regional* region, struct query_info* qi) -{ - struct reply_info* rep; - struct msg_parse* msg; - if(!(msg = regional_alloc(region, sizeof(*msg)))) { - return NULL; - } - memset(msg, 0, sizeof(*msg)); - sldns_buffer_set_position(pkt, 0); - if(parse_packet(pkt, msg, region) != 0) - return 0; - if(!parse_create_msg(pkt, msg, NULL, qi, &rep, region)) { - return 0; - } - return rep; -} - -/** insert canonname */ -static int -fill_canon(struct ub_result* res, uint8_t* s) -{ - char buf[255+2]; - dname_str(s, buf); - res->canonname = strdup(buf); - return res->canonname != 0; -} - -/** fill data into result */ -static int -fill_res(struct ub_result* res, struct ub_packed_rrset_key* answer, - uint8_t* finalcname, struct query_info* rq, struct reply_info* rep) -{ - size_t i; - struct packed_rrset_data* data; - res->ttl = 0; - if(!answer) { - if(finalcname) { - if(!fill_canon(res, finalcname)) - return 0; /* out of memory */ - } - if(rep->rrset_count != 0) - res->ttl = (int)rep->ttl; - res->data = (char**)calloc(1, sizeof(char*)); - res->len = (int*)calloc(1, sizeof(int)); - return (res->data && res->len); - } - data = (struct packed_rrset_data*)answer->entry.data; - if(query_dname_compare(rq->qname, answer->rk.dname) != 0) { - if(!fill_canon(res, answer->rk.dname)) - return 0; /* out of memory */ - } else res->canonname = NULL; - res->data = (char**)calloc(data->count+1, sizeof(char*)); - res->len = (int*)calloc(data->count+1, sizeof(int)); - if(!res->data || !res->len) - return 0; /* out of memory */ - for(i=0; icount; i++) { - /* remove rdlength from rdata */ - res->len[i] = (int)(data->rr_len[i] - 2); - res->data[i] = memdup(data->rr_data[i]+2, (size_t)res->len[i]); - if(!res->data[i]) - return 0; /* out of memory */ - } - /* ttl for positive answers, from CNAME and answer RRs */ - if(data->count != 0) { - size_t j; - res->ttl = (int)data->ttl; - for(j=0; jan_numrrsets; j++) { - struct packed_rrset_data* d = - (struct packed_rrset_data*)rep->rrsets[j]-> - entry.data; - if((int)d->ttl < res->ttl) - res->ttl = (int)d->ttl; - } - } - /* ttl for negative answers */ - if(data->count == 0 && rep->rrset_count != 0) - res->ttl = (int)rep->ttl; - res->data[data->count] = NULL; - res->len[data->count] = 0; - return 1; -} - -/** fill result from parsed message, on error fills servfail */ -void -libworker_enter_result(struct ub_result* res, sldns_buffer* buf, - struct regional* temp, enum sec_status msg_security) -{ - struct query_info rq; - struct reply_info* rep; - res->rcode = LDNS_RCODE_SERVFAIL; - rep = parse_reply(buf, temp, &rq); - if(!rep) { - log_err("cannot parse buf"); - return; /* error parsing buf, or out of memory */ - } - if(!fill_res(res, reply_find_answer_rrset(&rq, rep), - reply_find_final_cname_target(&rq, rep), &rq, rep)) - return; /* out of memory */ - /* rcode, havedata, nxdomain, secure, bogus */ - res->rcode = (int)FLAGS_GET_RCODE(rep->flags); - if(res->data && res->data[0]) - res->havedata = 1; - if(res->rcode == LDNS_RCODE_NXDOMAIN) - res->nxdomain = 1; - if(msg_security == sec_status_secure) - res->secure = 1; - if(msg_security == sec_status_bogus) - res->bogus = 1; -} - -/** fillup fg results */ -static void -libworker_fillup_fg(struct ctx_query* q, int rcode, sldns_buffer* buf, - enum sec_status s, char* why_bogus) -{ - if(why_bogus) - q->res->why_bogus = strdup(why_bogus); - if(rcode != 0) { - q->res->rcode = rcode; - q->msg_security = s; - return; - } - - q->res->rcode = LDNS_RCODE_SERVFAIL; - q->msg_security = 0; - q->msg = memdup(sldns_buffer_begin(buf), sldns_buffer_limit(buf)); - q->msg_len = sldns_buffer_limit(buf); - if(!q->msg) { - return; /* the error is in the rcode */ - } - - /* canonname and results */ - q->msg_security = s; - libworker_enter_result(q->res, buf, q->w->env->scratch, s); -} - -void -libworker_fg_done_cb(void* arg, int rcode, sldns_buffer* buf, enum sec_status s, - char* why_bogus) -{ - struct ctx_query* q = (struct ctx_query*)arg; - /* fg query is done; exit comm base */ - comm_base_exit(q->w->base); - - libworker_fillup_fg(q, rcode, buf, s, why_bogus); -} - -/** setup qinfo and edns */ -static int -setup_qinfo_edns(struct libworker* w, struct ctx_query* q, - struct query_info* qinfo, struct edns_data* edns) -{ - qinfo->qtype = (uint16_t)q->res->qtype; - qinfo->qclass = (uint16_t)q->res->qclass; - qinfo->local_alias = NULL; - qinfo->qname = sldns_str2wire_dname(q->res->qname, &qinfo->qname_len); - if(!qinfo->qname) { - return 0; - } - qinfo->local_alias = NULL; - edns->edns_present = 1; - edns->ext_rcode = 0; - edns->edns_version = 0; - edns->bits = EDNS_DO; - edns->opt_list = NULL; - if(sldns_buffer_capacity(w->back->udp_buff) < 65535) - edns->udp_size = (uint16_t)sldns_buffer_capacity( - w->back->udp_buff); - else edns->udp_size = 65535; - return 1; -} - -int libworker_fg(struct ub_ctx* ctx, struct ctx_query* q) -{ - struct libworker* w = libworker_setup(ctx, 0, NULL); - uint16_t qflags, qid; - struct query_info qinfo; - struct edns_data edns; - if(!w) - return UB_INITFAIL; - if(!setup_qinfo_edns(w, q, &qinfo, &edns)) { - libworker_delete(w); - return UB_SYNTAX; - } - qid = 0; - qflags = BIT_RD; - q->w = w; - /* see if there is a fixed answer */ - sldns_buffer_write_u16_at(w->back->udp_buff, 0, qid); - sldns_buffer_write_u16_at(w->back->udp_buff, 2, qflags); - if(local_zones_answer(ctx->local_zones, w->env, &qinfo, &edns, - w->back->udp_buff, w->env->scratch, NULL, NULL, 0, NULL, 0, - NULL, 0, NULL, 0, NULL)) { - regional_free_all(w->env->scratch); - libworker_fillup_fg(q, LDNS_RCODE_NOERROR, - w->back->udp_buff, sec_status_insecure, NULL); - libworker_delete(w); - free(qinfo.qname); - return UB_NOERROR; - } - /* process new query */ - if(!mesh_new_callback(w->env->mesh, &qinfo, qflags, &edns, - w->back->udp_buff, qid, libworker_fg_done_cb, q)) { - free(qinfo.qname); - return UB_NOMEM; - } - free(qinfo.qname); - - /* wait for reply */ - comm_base_dispatch(w->base); - - libworker_delete(w); - return UB_NOERROR; -} - -void -libworker_event_done_cb(void* arg, int rcode, sldns_buffer* buf, - enum sec_status s, char* why_bogus) -{ - struct ctx_query* q = (struct ctx_query*)arg; - ub_event_callback_type cb = (ub_event_callback_type)q->cb; - void* cb_arg = q->cb_arg; - int cancelled = q->cancelled; - - /* delete it now */ - struct ub_ctx* ctx = q->w->ctx; - lock_basic_lock(&ctx->cfglock); - (void)rbtree_delete(&ctx->queries, q->node.key); - ctx->num_async--; - context_query_delete(q); - lock_basic_unlock(&ctx->cfglock); - - if(!cancelled) { - /* call callback */ - int sec = 0; - if(s == sec_status_bogus) - sec = 1; - else if(s == sec_status_secure) - sec = 2; - (*cb)(cb_arg, rcode, (void*)sldns_buffer_begin(buf), - (int)sldns_buffer_limit(buf), sec, why_bogus); - } -} - -int libworker_attach_mesh(struct ub_ctx* ctx, struct ctx_query* q, - int* async_id) -{ - struct libworker* w = ctx->event_worker; - uint16_t qflags, qid; - struct query_info qinfo; - struct edns_data edns; - if(!w) - return UB_INITFAIL; - if(!setup_qinfo_edns(w, q, &qinfo, &edns)) - return UB_SYNTAX; - qid = 0; - qflags = BIT_RD; - q->w = w; - /* see if there is a fixed answer */ - sldns_buffer_write_u16_at(w->back->udp_buff, 0, qid); - sldns_buffer_write_u16_at(w->back->udp_buff, 2, qflags); - if(local_zones_answer(ctx->local_zones, w->env, &qinfo, &edns, - w->back->udp_buff, w->env->scratch, NULL, NULL, 0, NULL, 0, - NULL, 0, NULL, 0, NULL)) { - regional_free_all(w->env->scratch); - free(qinfo.qname); - libworker_event_done_cb(q, LDNS_RCODE_NOERROR, - w->back->udp_buff, sec_status_insecure, NULL); - return UB_NOERROR; - } - /* process new query */ - if(async_id) - *async_id = q->querynum; - if(!mesh_new_callback(w->env->mesh, &qinfo, qflags, &edns, - w->back->udp_buff, qid, libworker_event_done_cb, q)) { - free(qinfo.qname); - return UB_NOMEM; - } - free(qinfo.qname); - return UB_NOERROR; -} - -/** add result to the bg worker result queue */ -static void -add_bg_result(struct libworker* w, struct ctx_query* q, sldns_buffer* pkt, - int err, char* reason) -{ - uint8_t* msg = NULL; - uint32_t len = 0; - - /* serialize and delete unneeded q */ - if(w->is_bg_thread) { - lock_basic_lock(&w->ctx->cfglock); - if(reason) - q->res->why_bogus = strdup(reason); - if(pkt) { - q->msg_len = sldns_buffer_remaining(pkt); - q->msg = memdup(sldns_buffer_begin(pkt), q->msg_len); - if(!q->msg) - msg = context_serialize_answer(q, UB_NOMEM, - NULL, &len); - else msg = context_serialize_answer(q, err, - NULL, &len); - } else msg = context_serialize_answer(q, err, NULL, &len); - lock_basic_unlock(&w->ctx->cfglock); - } else { - if(reason) - q->res->why_bogus = strdup(reason); - msg = context_serialize_answer(q, err, pkt, &len); - (void)rbtree_delete(&w->ctx->queries, q->node.key); - w->ctx->num_async--; - context_query_delete(q); - } - - if(!msg) { - log_err("out of memory for async answer"); - return; - } - if(!tube_queue_item(w->ctx->rr_pipe, msg, len)) { - log_err("out of memory for async answer"); - return; - } -} - -void -libworker_bg_done_cb(void* arg, int rcode, sldns_buffer* buf, enum sec_status s, - char* why_bogus) -{ - struct ctx_query* q = (struct ctx_query*)arg; - - if(q->cancelled) { - if(q->w->is_bg_thread) { - /* delete it now */ - struct ub_ctx* ctx = q->w->ctx; - lock_basic_lock(&ctx->cfglock); - (void)rbtree_delete(&ctx->queries, q->node.key); - ctx->num_async--; - context_query_delete(q); - lock_basic_unlock(&ctx->cfglock); - } - /* cancelled, do not give answer */ - return; - } - q->msg_security = s; - if(!buf) - buf = q->w->env->scratch_buffer; - if(rcode != 0) { - error_encode(buf, rcode, NULL, 0, BIT_RD, NULL); - } - add_bg_result(q->w, q, buf, UB_NOERROR, why_bogus); -} - - -/** handle new query command for bg worker */ -static void -handle_newq(struct libworker* w, uint8_t* buf, uint32_t len) -{ - uint16_t qflags, qid; - struct query_info qinfo; - struct edns_data edns; - struct ctx_query* q; - if(w->is_bg_thread) { - lock_basic_lock(&w->ctx->cfglock); - q = context_lookup_new_query(w->ctx, buf, len); - lock_basic_unlock(&w->ctx->cfglock); - } else { - q = context_deserialize_new_query(w->ctx, buf, len); - } - free(buf); - if(!q) { - log_err("failed to deserialize newq"); - return; - } - if(!setup_qinfo_edns(w, q, &qinfo, &edns)) { - add_bg_result(w, q, NULL, UB_SYNTAX, NULL); - return; - } - qid = 0; - qflags = BIT_RD; - /* see if there is a fixed answer */ - sldns_buffer_write_u16_at(w->back->udp_buff, 0, qid); - sldns_buffer_write_u16_at(w->back->udp_buff, 2, qflags); - if(local_zones_answer(w->ctx->local_zones, w->env, &qinfo, &edns, - w->back->udp_buff, w->env->scratch, NULL, NULL, 0, NULL, 0, - NULL, 0, NULL, 0, NULL)) { - regional_free_all(w->env->scratch); - q->msg_security = sec_status_insecure; - add_bg_result(w, q, w->back->udp_buff, UB_NOERROR, NULL); - free(qinfo.qname); - return; - } - q->w = w; - /* process new query */ - if(!mesh_new_callback(w->env->mesh, &qinfo, qflags, &edns, - w->back->udp_buff, qid, libworker_bg_done_cb, q)) { - add_bg_result(w, q, NULL, UB_NOMEM, NULL); - } - free(qinfo.qname); -} - -void libworker_alloc_cleanup(void* arg) -{ - struct libworker* w = (struct libworker*)arg; - slabhash_clear(&w->env->rrset_cache->table); - slabhash_clear(w->env->msg_cache); -} - -struct outbound_entry* libworker_send_query(struct query_info* qinfo, - uint16_t flags, int dnssec, int want_dnssec, int nocaps, - struct sockaddr_storage* addr, socklen_t addrlen, uint8_t* zone, - size_t zonelen, int ssl_upstream, struct module_qstate* q) -{ - struct libworker* w = (struct libworker*)q->env->worker; - struct outbound_entry* e = (struct outbound_entry*)regional_alloc( - q->region, sizeof(*e)); - if(!e) - return NULL; - e->qstate = q; - e->qsent = outnet_serviced_query(w->back, qinfo, flags, dnssec, - want_dnssec, nocaps, q->env->cfg->tcp_upstream, ssl_upstream, - addr, addrlen, zone, zonelen, q, libworker_handle_service_reply, - e, w->back->udp_buff, q->env); - if(!e->qsent) { - return NULL; - } - return e; -} - -int -libworker_handle_reply(struct comm_point* c, void* arg, int error, - struct comm_reply* reply_info) -{ - struct module_qstate* q = (struct module_qstate*)arg; - struct libworker* lw = (struct libworker*)q->env->worker; - struct outbound_entry e; - e.qstate = q; - e.qsent = NULL; - - if(error != 0) { - mesh_report_reply(lw->env->mesh, &e, reply_info, error); - return 0; - } - /* sanity check. */ - if(!LDNS_QR_WIRE(sldns_buffer_begin(c->buffer)) - || LDNS_OPCODE_WIRE(sldns_buffer_begin(c->buffer)) != - LDNS_PACKET_QUERY - || LDNS_QDCOUNT(sldns_buffer_begin(c->buffer)) > 1) { - /* error becomes timeout for the module as if this reply - * never arrived. */ - mesh_report_reply(lw->env->mesh, &e, reply_info, - NETEVENT_TIMEOUT); - return 0; - } - mesh_report_reply(lw->env->mesh, &e, reply_info, NETEVENT_NOERROR); - return 0; -} - -int -libworker_handle_service_reply(struct comm_point* c, void* arg, int error, - struct comm_reply* reply_info) -{ - struct outbound_entry* e = (struct outbound_entry*)arg; - struct libworker* lw = (struct libworker*)e->qstate->env->worker; - - if(error != 0) { - mesh_report_reply(lw->env->mesh, e, reply_info, error); - return 0; - } - /* sanity check. */ - if(!LDNS_QR_WIRE(sldns_buffer_begin(c->buffer)) - || LDNS_OPCODE_WIRE(sldns_buffer_begin(c->buffer)) != - LDNS_PACKET_QUERY - || LDNS_QDCOUNT(sldns_buffer_begin(c->buffer)) > 1) { - /* error becomes timeout for the module as if this reply - * never arrived. */ - mesh_report_reply(lw->env->mesh, e, reply_info, - NETEVENT_TIMEOUT); - return 0; - } - mesh_report_reply(lw->env->mesh, e, reply_info, NETEVENT_NOERROR); - return 0; -} - -/* --- fake callbacks for fptr_wlist to work --- */ -void worker_handle_control_cmd(struct tube* ATTR_UNUSED(tube), - uint8_t* ATTR_UNUSED(buffer), size_t ATTR_UNUSED(len), - int ATTR_UNUSED(error), void* ATTR_UNUSED(arg)) -{ - log_assert(0); -} - -int worker_handle_request(struct comm_point* ATTR_UNUSED(c), - void* ATTR_UNUSED(arg), int ATTR_UNUSED(error), - struct comm_reply* ATTR_UNUSED(repinfo)) -{ - log_assert(0); - return 0; -} - -int worker_handle_reply(struct comm_point* ATTR_UNUSED(c), - void* ATTR_UNUSED(arg), int ATTR_UNUSED(error), - struct comm_reply* ATTR_UNUSED(reply_info)) -{ - log_assert(0); - return 0; -} - -int worker_handle_service_reply(struct comm_point* ATTR_UNUSED(c), - void* ATTR_UNUSED(arg), int ATTR_UNUSED(error), - struct comm_reply* ATTR_UNUSED(reply_info)) -{ - log_assert(0); - return 0; -} - -int remote_accept_callback(struct comm_point* ATTR_UNUSED(c), - void* ATTR_UNUSED(arg), int ATTR_UNUSED(error), - struct comm_reply* ATTR_UNUSED(repinfo)) -{ - log_assert(0); - return 0; -} - -int remote_control_callback(struct comm_point* ATTR_UNUSED(c), - void* ATTR_UNUSED(arg), int ATTR_UNUSED(error), - struct comm_reply* ATTR_UNUSED(repinfo)) -{ - log_assert(0); - return 0; -} - -void worker_sighandler(int ATTR_UNUSED(sig), void* ATTR_UNUSED(arg)) -{ - log_assert(0); -} - -struct outbound_entry* worker_send_query(struct query_info* ATTR_UNUSED(qinfo), - uint16_t ATTR_UNUSED(flags), int ATTR_UNUSED(dnssec), - int ATTR_UNUSED(want_dnssec), int ATTR_UNUSED(nocaps), - struct sockaddr_storage* ATTR_UNUSED(addr), socklen_t ATTR_UNUSED(addrlen), - uint8_t* ATTR_UNUSED(zone), size_t ATTR_UNUSED(zonelen), - int ATTR_UNUSED(ssl_upstream), struct module_qstate* ATTR_UNUSED(q)) -{ - log_assert(0); - return 0; -} - -void -worker_alloc_cleanup(void* ATTR_UNUSED(arg)) -{ - log_assert(0); -} - -void worker_stat_timer_cb(void* ATTR_UNUSED(arg)) -{ - log_assert(0); -} - -void worker_probe_timer_cb(void* ATTR_UNUSED(arg)) -{ - log_assert(0); -} - -void worker_start_accept(void* ATTR_UNUSED(arg)) -{ - log_assert(0); -} - -void worker_stop_accept(void* ATTR_UNUSED(arg)) -{ - log_assert(0); -} - -int order_lock_cmp(const void* ATTR_UNUSED(e1), const void* ATTR_UNUSED(e2)) -{ - log_assert(0); - return 0; -} - -int -codeline_cmp(const void* ATTR_UNUSED(a), const void* ATTR_UNUSED(b)) -{ - log_assert(0); - return 0; -} - -int replay_var_compare(const void* ATTR_UNUSED(a), const void* ATTR_UNUSED(b)) -{ - log_assert(0); - return 0; -} - -void remote_get_opt_ssl(char* ATTR_UNUSED(str), void* ATTR_UNUSED(arg)) -{ - log_assert(0); -} - -#ifdef UB_ON_WINDOWS -void -worker_win_stop_cb(int ATTR_UNUSED(fd), short ATTR_UNUSED(ev), void* - ATTR_UNUSED(arg)) { - log_assert(0); -} - -void -wsvc_cron_cb(void* ATTR_UNUSED(arg)) -{ - log_assert(0); -} -#endif /* UB_ON_WINDOWS */ diff --git a/external/unbound/libunbound/libworker.h b/external/unbound/libunbound/libworker.h deleted file mode 100644 index b546e89f2..000000000 --- a/external/unbound/libunbound/libworker.h +++ /dev/null @@ -1,152 +0,0 @@ -/* - * libunbound/libworker.h - worker thread or process that resolves - * - * Copyright (c) 2007, NLnet Labs. All rights reserved. - * - * This software is open source. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * Redistributions of source code must retain the above copyright notice, - * this list of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, - * this list of conditions and the following disclaimer in the documentation - * and/or other materials provided with the distribution. - * - * Neither the name of the NLNET LABS nor the names of its contributors may - * be used to endorse or promote products derived from this software without - * specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR - * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT - * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED - * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR - * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF - * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING - * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -/** - * \file - * - * This file contains the worker process or thread that performs - * the DNS resolving and validation. The worker is called by a procedure - * and if in the background continues until exit, if in the foreground - * returns from the procedure when done. - */ -#ifndef LIBUNBOUND_LIBWORKER_H -#define LIBUNBOUND_LIBWORKER_H -#include "util/data/packed_rrset.h" -struct ub_ctx; -struct ub_result; -struct module_env; -struct comm_base; -struct outside_network; -struct ub_randstate; -struct ctx_query; -struct outbound_entry; -struct module_qstate; -struct comm_point; -struct comm_reply; -struct regional; -struct tube; -struct sldns_buffer; -struct ub_event_base; -struct query_info; - -/** - * The library-worker status structure - * Internal to the worker. - */ -struct libworker { - /** every worker has a unique thread_num. (first in struct) */ - int thread_num; - /** context we are operating under */ - struct ub_ctx* ctx; - - /** is this the bg worker? */ - int is_bg; - /** is this a bg worker that is threaded (not forked)? */ - int is_bg_thread; - - /** copy of the module environment with worker local entries. */ - struct module_env* env; - /** the event base this worker works with */ - struct comm_base* base; - /** the backside outside network interface to the auth servers */ - struct outside_network* back; - /** random() table for this worker. */ - struct ub_randstate* rndstate; - /** sslcontext for SSL wrapped DNS over TCP queries */ - void* sslctx; -}; - -/** - * Create a background worker - * @param ctx: is updated with pid/tid of the background worker. - * a new allocation cache is obtained from ctx. It contains the - * threadnumber and unique id for further (shared) cache insertions. - * @return 0 if OK, else error. - * Further communication is done via the pipes in ctx. - */ -int libworker_bg(struct ub_ctx* ctx); - -/** - * Create a foreground worker. - * This worker will join the threadpool of resolver threads. - * It exits when the query answer has been obtained (or error). - * This routine blocks until the worker is finished. - * @param ctx: new allocation cache obtained and returned to it. - * @param q: query (result is stored in here). - * @return 0 if finished OK, else error. - */ -int libworker_fg(struct ub_ctx* ctx, struct ctx_query* q); - -/** - * create worker for event-based interface. - * @param ctx: context with config. - * @param eb: event base. - * @return new worker or NULL. - */ -struct libworker* libworker_create_event(struct ub_ctx* ctx, - struct ub_event_base* eb); - -/** - * Attach context_query to mesh for callback in event-driven setup. - * @param ctx: context - * @param q: context query entry - * @param async_id: store query num if query takes long. - * @return 0 if finished OK, else error. - */ -int libworker_attach_mesh(struct ub_ctx* ctx, struct ctx_query* q, - int* async_id); - -/** - * delete worker for event-based interface. does not free the event_base. - * @param w: event-based worker to delete. - */ -void libworker_delete_event(struct libworker* w); - -/** cleanup the cache to remove all rrset IDs from it, arg is libworker */ -void libworker_alloc_cleanup(void* arg); - -/** - * fill result from parsed message, on error fills servfail - * @param res: is clear at start, filled in at end. - * @param buf: contains DNS message. - * @param temp: temporary buffer for parse. - * @param msg_security: security status of the DNS message. - * On error, the res may contain a different status - * (out of memory is not secure, not bogus). - */ -void libworker_enter_result(struct ub_result* res, struct sldns_buffer* buf, - struct regional* temp, enum sec_status msg_security); - -#endif /* LIBUNBOUND_LIBWORKER_H */ diff --git a/external/unbound/libunbound/python/LICENSE b/external/unbound/libunbound/python/LICENSE deleted file mode 100644 index 7b769d091..000000000 --- a/external/unbound/libunbound/python/LICENSE +++ /dev/null @@ -1,28 +0,0 @@ -Copyright (c) 2009, Zdenek Vasicek (vasicek AT fit.vutbr.cz) - Marek Vavrusa (xvavru00 AT stud.fit.vutbr.cz) - -All rights reserved. - -Redistribution and use in source and binary forms, with or without -modification, are permitted provided that the following conditions are met: - - * Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - * Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - * Neither the name of the organization nor the names of its - contributors may be used to endorse or promote products derived from this - software without specific prior written permission. - -THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" -AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE -LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR -CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF -SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS -INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN -CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE -POSSIBILITY OF SUCH DAMAGE. diff --git a/external/unbound/libunbound/python/Makefile b/external/unbound/libunbound/python/Makefile deleted file mode 100644 index 9a98ef5b5..000000000 --- a/external/unbound/libunbound/python/Makefile +++ /dev/null @@ -1,72 +0,0 @@ -# -# Makefile: compilation of pyUnbound and documentation, testing -# -# Copyright (c) 2009, Zdenek Vasicek (vasicek AT fit.vutbr.cz) -# Marek Vavrusa (xvavru00 AT stud.fit.vutbr.cz) -# -# This software is open source. -# -# Redistribution and use in source and binary forms, with or without -# modification, are permitted provided that the following conditions -# are met: -# -# * Redistributions of source code must retain the above copyright notice, -# this list of conditions and the following disclaimer. -# -# * Redistributions in binary form must reproduce the above copyright notice, -# this list of conditions and the following disclaimer in the documentation -# and/or other materials provided with the distribution. -# -# * Neither the name of the organization nor the names of its -# contributors may be used to endorse or promote products derived from this -# software without specific prior written permission. -# -# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS -# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED -# TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE -# LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR -# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF -# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS -# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN -# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE -# POSSIBILITY OF SUCH DAMAGE. - -help: - @echo "Please use \`make ' where is one of" - @echo " testenv to make test environment and run bash " - @echo " useful in case you don't want to install unbound but want to test examples" - @echo " doc to make documentation" - @echo " clean clean all" - -.PHONY: testenv clean doc swig - -#_unbound.so: ../../Makefile - #$(MAKE) -C ../.. - -#../../.libs/libunbound.so.0: ../../Makefile - #$(MAKE) -C ../.. - -clean: - rm -rdf examples/unbound - rm -f _unbound.so libunbound_wrap.o - $(MAKE) -C ../.. clean - -testenv: ../../.libs/libunbound.so.2 ../../.libs/_unbound.so - rm -rdf examples/unbound - cd examples && mkdir unbound && ln -s ../../unbound.py unbound/__init__.py && ln -s ../../_unbound.so unbound/_unbound.so && ln -s ../../../../.libs/libunbound.so.2 unbound/libunbound.so.2 && ls -la - cd examples && if test -f ../../../.libs/_unbound.so; then cp ../../../.libs/_unbound.so . ; fi - @echo "Run a script by typing ./script_name.py" - cd examples && LD_LIBRARY_PATH=unbound bash - rm -rdf examples/unbound examples/_unbound.so - -doc: ../../.libs/libunbound.so.0 _unbound.so - $(MAKE) -C docs html - -#for development only -swig: libunbound.i - swig -python -o libunbound_wrap.c -I../.. libunbound.i - gcc -c libunbound_wrap.c -O9 -fPIC -I../.. -I/usr/include/python2.5 -I. -o libunbound_wrap.o - gcc -shared libunbound_wrap.o -L../../.libs -lunbound -o _unbound.so - diff --git a/external/unbound/libunbound/python/doc/_static/readme b/external/unbound/libunbound/python/doc/_static/readme deleted file mode 100644 index db676aebb..000000000 --- a/external/unbound/libunbound/python/doc/_static/readme +++ /dev/null @@ -1 +0,0 @@ -this directory exists to pacify sphinx-build. diff --git a/external/unbound/libunbound/python/doc/conf.py b/external/unbound/libunbound/python/doc/conf.py deleted file mode 100644 index 1766036b9..000000000 --- a/external/unbound/libunbound/python/doc/conf.py +++ /dev/null @@ -1,184 +0,0 @@ -# -*- coding: utf-8 -*- -# -# Unbound documentation build configuration file -# -# This file is execfile()d with the current directory set to its containing dir. -# -# The contents of this file are pickled, so don't put values in the namespace -# that aren't pickleable (module imports are okay, they're removed automatically). -# -# All configuration values have a default value; values that are commented out -# serve to show the default value. - -import sys, os - -# If your extensions are in another directory, add it here. If the directory -# is relative to the documentation root, use os.path.abspath to make it -# absolute, like shown here. -sys.path.append(os.path.abspath(os.path.join(os.path.dirname(__file__),'../'))) -sys.path.append(os.path.abspath(os.path.join(os.path.dirname(__file__),'../../../'))) -sys.path.append(os.path.abspath(os.path.join(os.path.dirname(__file__),'../../../.libs/'))) -#print sys.path - -# General configuration -# --------------------- - -# Add any Sphinx extension module names here, as strings. They can be extensions -# coming with Sphinx (named 'sphinx.ext.*') or your custom ones. -extensions = ['sphinx.ext.autodoc', 'sphinx.ext.doctest'] - -# Add any paths that contain templates here, relative to this directory. -templates_path = ['_templates'] - -# The suffix of source filenames. -source_suffix = '.rst' - -# The master toctree document. -master_doc = 'index' - -# General substitutions. -project = 'pyUnbound' -copyright = '2009, Zdenek Vasicek, Marek Vavrusa' - -# The default replacements for |version| and |release|, also used in various -# other places throughout the built documents. -# -# The short X.Y version. -version = '1.0' -# The full version, including alpha/beta/rc tags. -release = '1.0.0' - -# There are two options for replacing |today|: either, you set today to some -# non-false value, then it is used: -#today = '' -# Else, today_fmt is used as the format for a strftime call. -today_fmt = '%B %d, %Y' - -# List of documents that shouldn't be included in the build. -#unused_docs = [] - -# List of directories, relative to source directories, that shouldn't be searched -# for source files. -#exclude_dirs = [] - -# The reST default role (used for this markup: `text`) to use for all documents. -#default_role = None - -# If true, '()' will be appended to :func: etc. cross-reference text. -#add_function_parentheses = True - -# If true, the current module name will be prepended to all description -# unit titles (such as .. function::). -#add_module_names = True - -# If true, sectionauthor and moduleauthor directives will be shown in the -# output. They are ignored by default. -#show_authors = False - -# The name of the Pygments (syntax highlighting) style to use. -pygments_style = 'sphinx' - - -# Options for HTML output -# ----------------------- - -# The theme that the html output should use. -html_theme = "classic" - -# The style sheet to use for HTML and HTML Help pages. A file of that name -# must exist either in Sphinx' static/ path, or in one of the custom paths -# given in html_static_path. -#html_style = 'default.css' - -# The name for this set of Sphinx documents. If None, it defaults to -# " v documentation". -#html_title = None - -# A shorter title for the navigation bar. Default is the same as html_title. -#html_short_title = None - -# The name of an image file (within the static path) to place at the top of -# the sidebar. -#html_logo = None - -# The name of an image file (within the static path) to use as favicon of the -# docs. This file should be a Windows icon file (.ico) being 16x16 or 32x32 -# pixels large. -#html_favicon = None - -# Add any paths that contain custom static files (such as style sheets) here, -# relative to this directory. They are copied after the builtin static files, -# so a file named "default.css" will overwrite the builtin "default.css". -html_static_path = ['_static'] - -# If not '', a 'Last updated on:' timestamp is inserted at every page bottom, -# using the given strftime format. -html_last_updated_fmt = '%b %d, %Y' - -# If true, SmartyPants will be used to convert quotes and dashes to -# typographically correct entities. -#html_use_smartypants = True - -# Custom sidebar templates, maps document names to template names. -#html_sidebars = {} - -# Additional templates that should be rendered to pages, maps page names to -# template names. -#html_additional_pages = {} - -# If false, no module index is generated. -html_use_modindex = False - -# If false, no index is generated. -#html_use_index = True - -# If true, the index is split into individual pages for each letter. -#html_split_index = False - -# If true, the reST sources are included in the HTML build as _sources/. -html_copy_source = False - -# If true, an OpenSearch description file will be output, and all pages will -# contain a tag referring to it. The value of this option must be the -# base URL from which the finished HTML is served. -#html_use_opensearch = '' - -# If nonempty, this is the file name suffix for HTML files (e.g. ".xhtml"). -#html_file_suffix = '' - -# Output file base name for HTML help builder. -htmlhelp_basename = 'Unbounddoc' - - -# Options for LaTeX output -# ------------------------ - -# The paper size ('letter' or 'a4'). -#latex_paper_size = 'letter' - -# The font size ('10pt', '11pt' or '12pt'). -#latex_font_size = '10pt' - -# Grouping the document tree into LaTeX files. List of tuples -# (source start file, target name, title, author, document class [howto/manual]). -latex_documents = [ - ('index', 'Unbound.tex', 'Unbound Documentation', - 'Zdenek Vasicek, Marek Vavrusa', 'manual'), -] - -# The name of an image file (relative to this directory) to place at the top of -# the title page. -#latex_logo = None - -# For "manual" documents, if this is true, then toplevel headings are parts, -# not chapters. -#latex_use_parts = False - -# Additional stuff for the LaTeX preamble. -#latex_preamble = '' - -# Documents to append as an appendix to all manuals. -#latex_appendices = [] - -# If false, no module index is generated. -#latex_use_modindex = True diff --git a/external/unbound/libunbound/python/doc/examples/example1a.rst b/external/unbound/libunbound/python/doc/examples/example1a.rst deleted file mode 100644 index f46cb92f4..000000000 --- a/external/unbound/libunbound/python/doc/examples/example1a.rst +++ /dev/null @@ -1,33 +0,0 @@ -.. _example_resolve_name: - -Resolve a name -============== - -This basic example shows how to create a context and resolve a host address -(DNS record of A type). - -Source code ------------ - -:: - - #!/usr/bin/python - import unbound - - ctx = unbound.ub_ctx() - ctx.resolvconf("/etc/resolv.conf") - - status, result = ctx.resolve("www.google.com") - if status == 0 and result.havedata: - print "Result.data:", result.data.address_list - elif status != 0: - print "Resolve error:", unbound.ub_strerror(status) - -In contrast with the C API, the source code is more compact while the -performance of C implementation is preserved. -The main advantage is that you need not take care about the deallocation and -allocation of context and result structures; pyUnbound module does it -automatically for you. - -If only domain name is given, the :meth:`unbound.ub_ctx.resolve` looks for -A records in IN class. diff --git a/external/unbound/libunbound/python/doc/examples/example1b.rst b/external/unbound/libunbound/python/doc/examples/example1b.rst deleted file mode 100644 index 1adae2cb1..000000000 --- a/external/unbound/libunbound/python/doc/examples/example1b.rst +++ /dev/null @@ -1,37 +0,0 @@ -.. _example_reverse_lookup: - -Reverse DNS lookup -================== - -Reverse DNS lookup involves determining the hostname associated with a given IP -address. -This example shows how reverse lookup can be done using unbound module. - -For the reverse DNS records, the special domain in-addr.arpa is reserved. -For example, a host name for the IP address ``74.125.43.147`` can be obtained -by issuing a DNS query for the PTR record for address -``147.43.125.74.in-addr.arpa.`` - -Source code ------------ - -:: - - #!/usr/bin/python - import unbound - - ctx = unbound.ub_ctx() - ctx.resolvconf("/etc/resolv.conf") - - status, result = ctx.resolve(unbound.reverse("74.125.43.147") + ".in-addr.arpa.", unbound.RR_TYPE_PTR, unbound.RR_CLASS_IN) - if status == 0 and result.havedata: - print "Result.data:", result.data.domain_list - elif status != 0: - print "Resolve error:", unbound.ub_strerror(status) - -In order to simplify the python code, unbound module contains the -:meth:`unbound.reverse` function which reverses the hostname components. -This function is defined as follows:: - - def reverse(domain): - return '.'.join([a for a in domain.split(".")][::-1]) diff --git a/external/unbound/libunbound/python/doc/examples/example2.rst b/external/unbound/libunbound/python/doc/examples/example2.rst deleted file mode 100644 index a2bf2cbf5..000000000 --- a/external/unbound/libunbound/python/doc/examples/example2.rst +++ /dev/null @@ -1,41 +0,0 @@ -.. _example_setup_ctx: - -Lookup from threads -=================== - -This example shows how to use unbound module from a threaded program. -In this example, three lookup threads are created which work in background. -Each thread resolves different DNS record. - -Source code ------------ - -:: - - #!/usr/bin/python - from unbound import ub_ctx, RR_TYPE_A, RR_CLASS_IN - from threading import Thread - - ctx = ub_ctx() - ctx.resolvconf("/etc/resolv.conf") - - class LookupThread(Thread): - def __init__(self,ctx, name): - Thread.__init__(self) - self.ctx = ctx - self.name = name - - def run(self): - print "Thread lookup started:",self.name - status, result = self.ctx.resolve(self.name, RR_TYPE_A, RR_CLASS_IN) - if status == 0 and result.havedata: - print " Result:",self.name,":", result.data.address_list - - threads = [] - for name in ["www.fit.vutbr.cz","www.vutbr.cz","www.google.com"]: - thread = LookupThread(ctx, name) - thread.start() - threads.append(thread) - - for thread in threads: - thread.join() diff --git a/external/unbound/libunbound/python/doc/examples/example3.rst b/external/unbound/libunbound/python/doc/examples/example3.rst deleted file mode 100644 index b0626b55f..000000000 --- a/external/unbound/libunbound/python/doc/examples/example3.rst +++ /dev/null @@ -1,39 +0,0 @@ -.. _example_asynch: - -Asynchronous lookup -=================== - -This example performs the name lookup in the background. -The main program keeps running while the name is resolved. - -Source code ------------ - -:: - - #!/usr/bin/python - import time - import unbound - - ctx = unbound.ub_ctx() - ctx.resolvconf("/etc/resolv.conf") - - def call_back(my_data,status,result): - print "Call_back:", my_data - if status == 0 and result.havedata: - print "Result:", result.data.address_list - my_data['done_flag'] = True - - - my_data = {'done_flag':False,'arbitrary':"object"} - status, async_id = ctx.resolve_async("www.seznam.cz", my_data, call_back, unbound.RR_TYPE_A, unbound.RR_CLASS_IN) - - while (status == 0) and (not my_data['done_flag']): - status = ctx.process() - time.sleep(0.1) - - if (status != 0): - print "Resolve error:", unbound.ub_strerror(status) - -The :meth:`unbound.ub_ctx.resolve_async` method is able to pass on any Python -object. In this example, we used a dictionary object ``my_data``. diff --git a/external/unbound/libunbound/python/doc/examples/example4.rst b/external/unbound/libunbound/python/doc/examples/example4.rst deleted file mode 100644 index 3b43eb85f..000000000 --- a/external/unbound/libunbound/python/doc/examples/example4.rst +++ /dev/null @@ -1,36 +0,0 @@ -.. _example_examine: - -DNSSEC validator -================ - -This example program performs DNSSEC validation of a DNS lookup. - -Source code ------------ - -:: - - #!/usr/bin/python - import os - from unbound import ub_ctx,RR_TYPE_A,RR_CLASS_IN - - ctx = ub_ctx() - ctx.resolvconf("/etc/resolv.conf") - if (os.path.isfile("keys")): - ctx.add_ta_file("keys") #read public keys for DNSSEC verification - - status, result = ctx.resolve("www.nic.cz", RR_TYPE_A, RR_CLASS_IN) - if status == 0 and result.havedata: - - print "Result:", result.data.address_list - - if result.secure: - print "Result is secure" - elif result.bogus: - print "Result is bogus" - else: - print "Result is insecure" - -More detailed informations can be seen in libUnbound DNSSEC tutorial `here`_. - -.. _here: http://www.unbound.net/documentation/libunbound-tutorial-6.html diff --git a/external/unbound/libunbound/python/doc/examples/example5.rst b/external/unbound/libunbound/python/doc/examples/example5.rst deleted file mode 100644 index 9262014bb..000000000 --- a/external/unbound/libunbound/python/doc/examples/example5.rst +++ /dev/null @@ -1,34 +0,0 @@ -.. _example_resolver_only: - -Resolver only -============= - -This example program shows how to perform DNS resolution only. -Unbound contains two basic modules: resolver and validator. -In case, the validator is not necessary, the validator module can be turned off -using "module-config" option. -This option contains a list of module names separated by the space char. This -list determined which modules should be employed and in what order. - -Source code ------------ - -:: - - #!/usr/bin/python - import os - from unbound import ub_ctx,RR_TYPE_A,RR_CLASS_IN - - ctx = ub_ctx() - ctx.set_option("module-config:","iterator") - ctx.resolvconf("/etc/resolv.conf") - - status, result = ctx.resolve("www.google.com", RR_TYPE_A, RR_CLASS_IN) - if status == 0 and result.havedata: - - print "Result:", result.data.address_list - -.. note:: - The :meth:`unbound.ub_ctx.set_option` method must be used before the first - resolution (i.e. before :meth:`unbound.ub_ctx.resolve` or - :meth:`unbound.ub_ctx.resolve_async` call). diff --git a/external/unbound/libunbound/python/doc/examples/example6-1.py b/external/unbound/libunbound/python/doc/examples/example6-1.py deleted file mode 100644 index 0f405448c..000000000 --- a/external/unbound/libunbound/python/doc/examples/example6-1.py +++ /dev/null @@ -1,27 +0,0 @@ -#!/usr/bin/python -from unbound import ub_ctx,ub_strerror,RR_TYPE_A,RR_CLASS_IN - -ctx = ub_ctx() -ctx.resolvconf("/etc/resolv.conf") - -status, result = ctx.resolve("test.record.xxx", RR_TYPE_A, RR_CLASS_IN) -if status == 0 and result.havedata: - print "Result:", result.data.address_list -else: - print "No record found" - -#define new local zone -status = ctx.zone_add("xxx.","static") -if (status != 0): print "Error zone_add:",status, ub_strerror(status) - -#add RR to the zone -status = ctx.data_add("test.record.xxx. IN A 1.2.3.4") -if (status != 0): print "Error data_add:",status, ub_strerror(status) - -#lookup for an A record -status, result = ctx.resolve("test.record.xxx", RR_TYPE_A, RR_CLASS_IN) -if status == 0 and result.havedata: - print "Result:", result.data.as_address_list() -else: - print "No record found" - diff --git a/external/unbound/libunbound/python/doc/examples/example6.rst b/external/unbound/libunbound/python/doc/examples/example6.rst deleted file mode 100644 index 6fde8b25f..000000000 --- a/external/unbound/libunbound/python/doc/examples/example6.rst +++ /dev/null @@ -1,13 +0,0 @@ -.. _example_localzone: - -Local zone manipulation -======================= - -This example program shows how to define local zone containing custom DNS -records. - -Source code ------------ - -.. literalinclude:: example6-1.py - :language: python diff --git a/external/unbound/libunbound/python/doc/examples/example7-1.py b/external/unbound/libunbound/python/doc/examples/example7-1.py deleted file mode 100644 index 802bd1c35..000000000 --- a/external/unbound/libunbound/python/doc/examples/example7-1.py +++ /dev/null @@ -1,17 +0,0 @@ -#!/usr/bin/python -# vim:fileencoding=utf-8 -# -# IDN (Internationalized Domain Name) lookup support -# -import unbound - -ctx = unbound.ub_ctx() -ctx.resolvconf("/etc/resolv.conf") - -status, result = ctx.resolve(u"www.háÄkyÄárky.cz", unbound.RR_TYPE_A, unbound.RR_CLASS_IN) -if status == 0 and result.havedata: - print "Result:" - print " raw data:", result.data - for k in result.data.address_list: - print " address:%s" % k - diff --git a/external/unbound/libunbound/python/doc/examples/example7-2.py b/external/unbound/libunbound/python/doc/examples/example7-2.py deleted file mode 100644 index 5a41f8dc9..000000000 --- a/external/unbound/libunbound/python/doc/examples/example7-2.py +++ /dev/null @@ -1,16 +0,0 @@ -#!/usr/bin/python -# vim:fileencoding=utf-8 -# -# IDN (Internationalized Domain Name) lookup support (lookup for MX) -# -import unbound - -ctx = unbound.ub_ctx() -ctx.resolvconf("/etc/resolv.conf") - -status, result = ctx.resolve(u"háÄkyÄárky.cz", unbound.RR_TYPE_MX, unbound.RR_CLASS_IN) -if status == 0 and result.havedata: - print "Result:" - print " raw data:", result.data - for k in result.data.mx_list_idn: - print " priority:%d address:%s" % k diff --git a/external/unbound/libunbound/python/doc/examples/example7.rst b/external/unbound/libunbound/python/doc/examples/example7.rst deleted file mode 100644 index 2f48c8f0f..000000000 --- a/external/unbound/libunbound/python/doc/examples/example7.rst +++ /dev/null @@ -1,33 +0,0 @@ -.. _example_idna: - -Internationalized domain name support -===================================== - -Unlike the libUnbound, pyUnbound is able to handle IDN queries. - -Automatic IDN DNAME conversion -------------------------------- - -If we use unicode string in :meth:`unbound.ub_ctx.resolve` method, -the IDN DNAME conversion (if it is necessary) is performed on background. - -Source code -........... - -.. literalinclude:: example7-1.py - :language: python - -IDN converted attributes ------------------------- - -The :class:`unbound.ub_data` class contains attributes suffix which converts -the dname to UTF string. These attributes have the ``_idn`` suffix. - -Apart from this aproach, two conversion functions exist -(:func:`unbound.idn2dname` and :func:`unbound.dname2idn`). - -Source code -........... - -.. literalinclude:: example7-2.py - :language: python diff --git a/external/unbound/libunbound/python/doc/examples/example8-1.py b/external/unbound/libunbound/python/doc/examples/example8-1.py deleted file mode 100644 index 79060167d..000000000 --- a/external/unbound/libunbound/python/doc/examples/example8-1.py +++ /dev/null @@ -1,31 +0,0 @@ -#!/usr/bin/python -# vim:fileencoding=utf-8 -# -# Lookup for MX and NS records -# -import unbound - -ctx = unbound.ub_ctx() -ctx.resolvconf("/etc/resolv.conf") - -status, result = ctx.resolve("nic.cz", unbound.RR_TYPE_MX, unbound.RR_CLASS_IN) -if status == 0 and result.havedata: - print "Result:" - print " raw data:", result.data - for k in result.data.mx_list: - print " priority:%d address:%s" % k - -status, result = ctx.resolve("nic.cz", unbound.RR_TYPE_A, unbound.RR_CLASS_IN) -if status == 0 and result.havedata: - print "Result:" - print " raw data:", result.data - for k in result.data.address_list: - print " address:%s" % k - -status, result = ctx.resolve("nic.cz", unbound.RR_TYPE_NS, unbound.RR_CLASS_IN) -if status == 0 and result.havedata: - print "Result:" - print " raw data:", result.data - for k in result.data.domain_list: - print " host: %s" % k - diff --git a/external/unbound/libunbound/python/doc/examples/example8.rst b/external/unbound/libunbound/python/doc/examples/example8.rst deleted file mode 100644 index 16c140475..000000000 --- a/external/unbound/libunbound/python/doc/examples/example8.rst +++ /dev/null @@ -1,34 +0,0 @@ -.. _example_mxlookup: - -Lookup for MX and NS records -============================ - -The pyUnbound extension provides functions which are able to encode RAW RDATA -produces by unbound resolver (see :class:`unbound.ub_data`). - -Source code ------------ - -.. literalinclude:: example8-1.py - :language: python - -Output ------- - -The previous example produces the following output:: - - Result: - raw data: 00 0F 05 6D 61 69 6C 34 03 6E 69 63 02 63 7A 00;00 14 02 6D 78 05 63 7A 6E 69 63 03 6F 72 67 00;00 0A 04 6D 61 69 6C 03 6E 69 63 02 63 7A 00 - priority:15 address: mail4.nic.cz. - priority:20 address: mx.cznic.org. - priority:10 address: mail.nic.cz. - - Result: - raw data: D9 1F CD 32 - address: 217.31.205.50 - - Result: - raw data: 01 61 02 6E 73 03 6E 69 63 02 63 7A 00;01 65 02 6E 73 03 6E 69 63 02 63 7A 00;01 63 02 6E 73 03 6E 69 63 02 63 7A 00 - host: a.ns.nic.cz. - host: e.ns.nic.cz. - host: c.ns.nic.cz. diff --git a/external/unbound/libunbound/python/doc/examples/index.rst b/external/unbound/libunbound/python/doc/examples/index.rst deleted file mode 100644 index 283261652..000000000 --- a/external/unbound/libunbound/python/doc/examples/index.rst +++ /dev/null @@ -1,16 +0,0 @@ -Examples -======== - -Here you can find several examples which utilizes the unbound library in Python -environment. Unbound is a caching validator and resolver and can be linked into -an application, as a library where can answer DNS queries for the application. -This set of examples shows how to use the functions from Python environment. - -Tutorials ---------- - -.. toctree:: - :maxdepth: 1 - :glob: - - example* diff --git a/external/unbound/libunbound/python/doc/index.rst b/external/unbound/libunbound/python/doc/index.rst deleted file mode 100644 index b42e05262..000000000 --- a/external/unbound/libunbound/python/doc/index.rst +++ /dev/null @@ -1,27 +0,0 @@ -PyUnbound documentation -======================================= - -This project contains an Unbound wrapper providing the thinnest layer over the library possible. -Everything you can do from the libUnbound C API, you can do from Python, even more. - -Contents ----------- -.. toctree:: - :maxdepth: 2 - - intro.rst - install.rst - examples/index.rst - modules/unbound - -Module Documentation ------------------------ - -* Module :mod:`unbound` - -Indices and tables -------------------- - -* :ref:`genindex` -* :ref:`search` - diff --git a/external/unbound/libunbound/python/doc/install.rst b/external/unbound/libunbound/python/doc/install.rst deleted file mode 100644 index bb3118984..000000000 --- a/external/unbound/libunbound/python/doc/install.rst +++ /dev/null @@ -1,38 +0,0 @@ -Installation -============ - -Prerequisites -------------- - -Python 2.4 or higher, SWIG 1.3 or higher, GNU make - -Compiling ---------- - -After downloading, you can compile the pyUnbound library by doing:: - - > tar -xzf unbound-x.x.x-py.tar.gz - > cd unbound-x.x.x - > ./configure --with-pyunbound - > make - -You may want to enable ``--with-pythonmodule`` as well if you want to use -python as a module in the resolver. - -You need ``GNU make`` to compile sources; ``SWIG`` and ``Python devel`` -libraries to compile extension module. - - -Testing -------- - -If the compilation is successful, you can test the python LDNS extension module -by:: - - > cd contrib/python - > make testenv - > ./dns-lookup.py - -You may want to ``make install`` in the main directory since ``make testenv`` -is for debugging. In contrib/examples you can find simple applications written -in Python using the Unbound extension. diff --git a/external/unbound/libunbound/python/doc/intro.rst b/external/unbound/libunbound/python/doc/intro.rst deleted file mode 100644 index e490d2c6f..000000000 --- a/external/unbound/libunbound/python/doc/intro.rst +++ /dev/null @@ -1,58 +0,0 @@ -Introduction -============ - -Unbound -------- - -`Unbound`_ is an implementation of a DNS resolver, that performs caching and -DNSSEC validation. -Together with unbound, the libunbound library is provided. -This library can be used to convert hostnames to ip addresses, and back, as -well as obtain other information. -Since the resolver allows to specify the class and type of a query (A record, -NS, MX, ...), this library offers powerful resolving tool. -The library also performs public-key validation of results with DNSSEC. - -.. _Unbound: http://www.unbound.net/documentation - -pyUnbound ---------- - -The pyUnbound is an extension module for Python which provides an -object-oriented interface to libunbound. -It is the first Python module which offers thread-safe caching resolver. - -The interface was designed with the emphasis on the simplicity of use. -There are two main classes :class:`unbound.ub_ctx` (a validation and resolution -context) and :class:`unbound.ub_result` which contains the validation and -resolution results. -The objects are thread-safe, and a context can be used in non-threaded as well -as threaded environment. -Resolution can be performed blocking and non-blocking (i.e. asynchronous). -The asynchronous method returns from the call immediately, so that processing -can go on, while the results become available later. - -Features --------- - -* Customizable caching validation resolver for synchronous and asynchronous - lookups -* Easy to use object interface -* Easy to integrate extension module -* Designed for thread environment (i.e. thread-safe) -* Allows define and customize of local zone and its RR's during the operation - (i.e. without restart) -* Includes encoding functions to simplify the results retrieval -* Internationalized domain name (`IDN`_) support - -.. _IDN: http://en.wikipedia.org/wiki/Internationalized_domain_name - -Application area ----------------- - -* DNS-based applications performing DNS lookups; the caching resolver can - reduce overhead -* Applications where the validation of DNS records is required -* Great solution for customizable and dynamic DNS-based white/blacklists (spam - rejection, connection rejection, ...) using the dynamic local zone - manipulation diff --git a/external/unbound/libunbound/python/doc/modules/unbound.rst b/external/unbound/libunbound/python/doc/modules/unbound.rst deleted file mode 100644 index 77e4cd1a1..000000000 --- a/external/unbound/libunbound/python/doc/modules/unbound.rst +++ /dev/null @@ -1,167 +0,0 @@ -Unbound module documentation -================================ - -.. automodule:: unbound - -Class ub_ctx --------------- -.. autoclass:: ub_ctx - :members: - :undoc-members: - - .. automethod:: __init__ - -Class ub_result ----------------------- -.. autoclass:: ub_result - :members: - - .. attribute:: qname - - The original question, name text string. - - .. attribute:: qtype - - The class asked for. - - .. attribute:: canonname - - Canonical name for the result (the final cname). May be empty if no canonical name exists. - - .. attribute:: answer_packet - - The DNS answer packet. Network formatted. Can contain DNSSEC types. - - .. attribute:: havedata - - If there is any data, this property is true. If false, there was no data (nxdomain may be true, rcode can be set). - - .. attribute:: secure - - True, if the result is validated securely. - False, if validation failed or domain queried has no security info. - - It is possible to get a result with no data (havedata is false), - and secure is true. This means that the non-existence of the data - was cryptographically proven (with signatures). - - .. attribute:: bogus - - If the result was not secure (secure==0), and this result is due to a security failure, bogus is true. - This means the data has been actively tampered with, signatures - failed, expected signatures were not present, timestamps on - signatures were out of date and so on. - - If secure==0 and bogus==0, this can happen if the data is not secure - because security is disabled for that domain name. - This means the data is from a domain where data is not signed. - - .. attribute:: nxdomain - - If there was no data, and the domain did not exist, this is true. - If it is false, and there was no data, then the domain name is purported to exist, but the requested data type is not available. - - .. attribute:: rcode - - DNS RCODE for the result. May contain additional error code if there was no data due to an error. - 0 (RCODE_NOERROR) if okay. See predefined `RCODE_` constants. - - RCODE can be represented in display representation form (string) using :attr:`rcode_str` attribute. - -Class ub_data ----------------------- -.. autoclass:: ub_data - :members: - -Functions ----------------------- -.. autofunction:: reverse -.. autofunction:: idn2dname -.. autofunction:: dname2idn - -Predefined constants ------------------------ - -**RCODE** - * RCODE_FORMERR = 1 - * RCODE_NOERROR = 0 - * RCODE_NOTAUTH = 9 - * RCODE_NOTIMPL = 4 - * RCODE_NOTZONE = 10 - * RCODE_NXDOMAIN = 3 - * RCODE_NXRRSET = 8 - * RCODE_REFUSED = 5 - * RCODE_SERVFAIL = 2 - * RCODE_YXDOMAIN = 6 - * RCODE_YXRRSET = 7 - -**RR_CLASS** - * RR_CLASS_ANY = 255 - * RR_CLASS_CH = 3 - * RR_CLASS_HS = 4 - * RR_CLASS_IN = 1 - * RR_CLASS_NONE = 254 - -**RR_TYPE** - * RR_TYPE_A = 1 - * RR_TYPE_A6 = 38 - * RR_TYPE_AAAA = 28 - * RR_TYPE_AFSDB = 18 - * RR_TYPE_ANY = 255 - * RR_TYPE_APL = 42 - * RR_TYPE_ATMA = 34 - * RR_TYPE_AXFR = 252 - * RR_TYPE_CERT = 37 - * RR_TYPE_CNAME = 5 - * RR_TYPE_DHCID = 49 - * RR_TYPE_DLV = 32769 - * RR_TYPE_DNAME = 39 - * RR_TYPE_DNSKEY = 48 - * RR_TYPE_DS = 43 - * RR_TYPE_EID = 31 - * RR_TYPE_GID = 102 - * RR_TYPE_GPOS = 27 - * RR_TYPE_HINFO = 13 - * RR_TYPE_IPSECKEY = 45 - * RR_TYPE_ISDN = 20 - * RR_TYPE_IXFR = 251 - * RR_TYPE_KEY = 25 - * RR_TYPE_KX = 36 - * RR_TYPE_LOC = 29 - * RR_TYPE_MAILA = 254 - * RR_TYPE_MAILB = 253 - * RR_TYPE_MB = 7 - * RR_TYPE_MD = 3 - * RR_TYPE_MF = 4 - * RR_TYPE_MG = 8 - * RR_TYPE_MINFO = 14 - * RR_TYPE_MR = 9 - * RR_TYPE_MX = 15 - * RR_TYPE_NAPTR = 35 - * RR_TYPE_NIMLOC = 32 - * RR_TYPE_NS = 2 - * RR_TYPE_NSAP = 22 - * RR_TYPE_NSAP_PTR = 23 - * RR_TYPE_NSEC = 47 - * RR_TYPE_NSEC3 = 50 - * RR_TYPE_NSEC3PARAMS = 51 - * RR_TYPE_NULL = 10 - * RR_TYPE_NXT = 30 - * RR_TYPE_OPT = 41 - * RR_TYPE_PTR = 12 - * RR_TYPE_PX = 26 - * RR_TYPE_RP = 17 - * RR_TYPE_RRSIG = 46 - * RR_TYPE_RT = 21 - * RR_TYPE_SIG = 24 - * RR_TYPE_SINK = 40 - * RR_TYPE_SOA = 6 - * RR_TYPE_SRV = 33 - * RR_TYPE_SSHFP = 44 - * RR_TYPE_TSIG = 250 - * RR_TYPE_TXT = 16 - * RR_TYPE_UID = 101 - * RR_TYPE_UINFO = 100 - * RR_TYPE_UNSPEC = 103 - * RR_TYPE_WKS = 11 - * RR_TYPE_X25 = 19 diff --git a/external/unbound/libunbound/python/examples/async-lookup.py b/external/unbound/libunbound/python/examples/async-lookup.py deleted file mode 100644 index 936be3218..000000000 --- a/external/unbound/libunbound/python/examples/async-lookup.py +++ /dev/null @@ -1,57 +0,0 @@ -#!/usr/bin/python -''' - async-lookup.py : This example shows how to use asynchronous lookups - - Authors: Zdenek Vasicek (vasicek AT fit.vutbr.cz) - Marek Vavrusa (xvavru00 AT stud.fit.vutbr.cz) - - Copyright (c) 2008. All rights reserved. - - This software is open source. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions - are met: - - Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - Redistributions in binary form must reproduce the above copyright notice, - this list of conditions and the following disclaimer in the documentation - and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED - TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE - LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR - CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. -''' -from __future__ import print_function -import unbound -import time - -ctx = unbound.ub_ctx() -ctx.resolvconf("/etc/resolv.conf") - -def call_back(my_data,status,result): - print("Call_back:", sorted(my_data)) - if status == 0 and result.havedata: - print("Result:", sorted(result.data.address_list)) - my_data['done_flag'] = True - - -my_data = {'done_flag':False,'arbitrary':"object"} -status, async_id = ctx.resolve_async("www.nic.cz", my_data, call_back, unbound.RR_TYPE_A, unbound.RR_CLASS_IN) - -while (status == 0) and (not my_data['done_flag']): - status = ctx.process() - time.sleep(0.1) - -if (status != 0): - print("Resolve error:", unbound.ub_strerror(status)) diff --git a/external/unbound/libunbound/python/examples/dns-lookup.py b/external/unbound/libunbound/python/examples/dns-lookup.py deleted file mode 100644 index a175dfb0e..000000000 --- a/external/unbound/libunbound/python/examples/dns-lookup.py +++ /dev/null @@ -1,45 +0,0 @@ -#!/usr/bin/python -''' - dns-lookup.py : This example shows how to resolve IP address - - Authors: Zdenek Vasicek (vasicek AT fit.vutbr.cz) - Marek Vavrusa (xvavru00 AT stud.fit.vutbr.cz) - - Copyright (c) 2008. All rights reserved. - - This software is open source. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions - are met: - - Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - Redistributions in binary form must reproduce the above copyright notice, - this list of conditions and the following disclaimer in the documentation - and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED - TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE - LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR - CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. -''' -from __future__ import print_function -import unbound - -ctx = unbound.ub_ctx() -ctx.resolvconf("/etc/resolv.conf") - -status, result = ctx.resolve("www.nic.cz", unbound.RR_TYPE_A, unbound.RR_CLASS_IN) -if status == 0 and result.havedata: - print("Result:", sorted(result.data.address_list)) -elif status != 0: - print("Error:", unbound.ub_strerror(status)) diff --git a/external/unbound/libunbound/python/examples/dnssec-valid.py b/external/unbound/libunbound/python/examples/dnssec-valid.py deleted file mode 100644 index c5517efc6..000000000 --- a/external/unbound/libunbound/python/examples/dnssec-valid.py +++ /dev/null @@ -1,60 +0,0 @@ -#!/usr/bin/python -''' - dnssec-valid.py: DNSSEC validation - - Authors: Zdenek Vasicek (vasicek AT fit.vutbr.cz) - Marek Vavrusa (xvavru00 AT stud.fit.vutbr.cz) - - Copyright (c) 2008. All rights reserved. - - This software is open source. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions - are met: - - Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - Redistributions in binary form must reproduce the above copyright notice, - this list of conditions and the following disclaimer in the documentation - and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED - TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE - LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR - CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. -''' -from __future__ import print_function -import os -from unbound import ub_ctx,RR_TYPE_A,RR_CLASS_IN - -ctx = ub_ctx() -ctx.resolvconf("/etc/resolv.conf") - -fw = open("dnssec-valid.txt","wb") -ctx.debugout(fw) -ctx.debuglevel(2) - -if os.path.isfile("keys"): - ctx.add_ta_file("keys") #read public keys for DNSSEC verification - -status, result = ctx.resolve("www.nic.cz", RR_TYPE_A, RR_CLASS_IN) -if status == 0 and result.havedata: - - print("Result:", sorted(result.data.address_list)) - - if result.secure: - print("Result is secure") - elif result.bogus: - print("Result is bogus") - else: - print("Result is insecure") - diff --git a/external/unbound/libunbound/python/examples/dnssec_test.py b/external/unbound/libunbound/python/examples/dnssec_test.py deleted file mode 100644 index 430e51a80..000000000 --- a/external/unbound/libunbound/python/examples/dnssec_test.py +++ /dev/null @@ -1,36 +0,0 @@ -#!/usr/bin/env python -from __future__ import print_function -from unbound import ub_ctx, RR_TYPE_A, RR_TYPE_RRSIG, RR_TYPE_NSEC, RR_TYPE_NSEC3 -import ldns - -def dnssecParse(domain, rrType=RR_TYPE_A): - print("Resolving domain", domain) - s, r = resolver.resolve(domain) - print("status: %s, secure: %s, rcode: %s, havedata: %s, answer_len; %s" % (s, r.secure, r.rcode_str, r.havedata, r.answer_len)) - - s, pkt = ldns.ldns_wire2pkt(r.packet) - if s != 0: - raise RuntimeError("Error parsing DNS packet") - - rrsigs = pkt.rr_list_by_type(RR_TYPE_RRSIG, ldns.LDNS_SECTION_ANSWER) - print("RRSIGs from answer:", sorted(rrsigs)) - - rrsigs = pkt.rr_list_by_type(RR_TYPE_RRSIG, ldns.LDNS_SECTION_AUTHORITY) - print("RRSIGs from authority:", sorted(rrsigs)) - - nsecs = pkt.rr_list_by_type(RR_TYPE_NSEC, ldns.LDNS_SECTION_AUTHORITY) - print("NSECs:", sorted(nsecs)) - - nsec3s = pkt.rr_list_by_type(RR_TYPE_NSEC3, ldns.LDNS_SECTION_AUTHORITY) - print("NSEC3s:", sorted(nsec3s)) - - print("---") - - -resolver = ub_ctx() -resolver.add_ta(". IN DS 19036 8 2 49AAC11D7B6F6446702E54A1607371607A1A41855200FD2CE1CDDE32F24E8FB5") - -dnssecParse("nic.cz") -dnssecParse("nonexistent-domain-blablabla.cz") -dnssecParse("nonexistent-domain-blablabla.root.cz") - diff --git a/external/unbound/libunbound/python/examples/example8-1.py b/external/unbound/libunbound/python/examples/example8-1.py deleted file mode 100644 index 723c4060e..000000000 --- a/external/unbound/libunbound/python/examples/example8-1.py +++ /dev/null @@ -1,62 +0,0 @@ -#!/usr/bin/python -# vim:fileencoding=utf-8 -''' - example8-1.py: Example shows how to lookup for MX and NS records - - Authors: Zdenek Vasicek (vasicek AT fit.vutbr.cz) - Marek Vavrusa (xvavru00 AT stud.fit.vutbr.cz) - - Copyright (c) 2008. All rights reserved. - - This software is open source. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions - are met: - - Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - Redistributions in binary form must reproduce the above copyright notice, - this list of conditions and the following disclaimer in the documentation - and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED - TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE - LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR - CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. -''' -from __future__ import print_function -import unbound - -ctx = unbound.ub_ctx() -ctx.resolvconf("/etc/resolv.conf") - -status, result = ctx.resolve("nic.cz", unbound.RR_TYPE_MX, unbound.RR_CLASS_IN) -if status == 0 and result.havedata: - print("Result:") - print(" raw data:", result.data) - for k in sorted(result.data.mx_list): - print(" priority:%d address:%s" % k) - -status, result = ctx.resolve("nic.cz", unbound.RR_TYPE_A, unbound.RR_CLASS_IN) -if status == 0 and result.havedata: - print("Result:") - print(" raw data:", result.data) - for k in sorted(result.data.address_list): - print(" address:%s" % k) - -status, result = ctx.resolve("nic.cz", unbound.RR_TYPE_NS, unbound.RR_CLASS_IN) -if status == 0 and result.havedata: - print("Result:") - print(" raw data:", result.data) - for k in sorted(result.data.domain_list): - print(" host: %s" % k) - diff --git a/external/unbound/libunbound/python/examples/idn-lookup.py b/external/unbound/libunbound/python/examples/idn-lookup.py deleted file mode 100644 index f28315067..000000000 --- a/external/unbound/libunbound/python/examples/idn-lookup.py +++ /dev/null @@ -1,63 +0,0 @@ -#!/usr/bin/python -# vim:fileencoding=utf-8 -''' - idn-lookup.py: IDN (Internationalized Domain Name) lookup support - - Authors: Zdenek Vasicek (vasicek AT fit.vutbr.cz) - Marek Vavrusa (xvavru00 AT stud.fit.vutbr.cz) - - Copyright (c) 2008. All rights reserved. - - This software is open source. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions - are met: - - Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - Redistributions in binary form must reproduce the above copyright notice, - this list of conditions and the following disclaimer in the documentation - and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED - TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE - LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR - CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. -''' -from __future__ import print_function -import unbound -import locale - -ctx = unbound.ub_ctx() -ctx.set_option("module-config:","iterator") #We don't need validation -ctx.resolvconf("/etc/resolv.conf") - -#The unicode IDN string is automatically converted (if necessary) -status, result = ctx.resolve(u"www.háÄkyÄárky.cz", unbound.RR_TYPE_A, unbound.RR_CLASS_IN) -if status == 0 and result.havedata: - print("Result:") - print(" raw data:", result.data) - for k in sorted(result.data.address_list): - print(" address:%s" % k) - -status, result = ctx.resolve(u"háÄkyÄárky.cz", unbound.RR_TYPE_MX, unbound.RR_CLASS_IN) -if status == 0 and result.havedata: - print("Result:") - print(" raw data:", result.data) - for k in sorted(result.data.mx_list_idn): - print(" priority:%d address:%s" % k) - -status, result = ctx.resolve(unbound.reverse('217.31.204.66')+'.in-addr.arpa', unbound.RR_TYPE_PTR, unbound.RR_CLASS_IN) -if status == 0 and result.havedata: - print("Result.data:", result.data) - for k in sorted(result.data.domain_list_idn): - print(" dname:%s" % k) diff --git a/external/unbound/libunbound/python/examples/mx-lookup.py b/external/unbound/libunbound/python/examples/mx-lookup.py deleted file mode 100644 index e9394b355..000000000 --- a/external/unbound/libunbound/python/examples/mx-lookup.py +++ /dev/null @@ -1,54 +0,0 @@ -#!/usr/bin/python -# vim:fileencoding=utf-8 -''' - mx-lookup.py: Lookup for MX records - - Authors: Zdenek Vasicek (vasicek AT fit.vutbr.cz) - Marek Vavrusa (xvavru00 AT stud.fit.vutbr.cz) - - Copyright (c) 2008. All rights reserved. - - This software is open source. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions - are met: - - Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - Redistributions in binary form must reproduce the above copyright notice, - this list of conditions and the following disclaimer in the documentation - and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED - TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE - LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR - CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. -''' -from __future__ import print_function -import unbound - -ctx = unbound.ub_ctx() -ctx.resolvconf("/etc/resolv.conf") - -status, result = ctx.resolve("nic.cz", unbound.RR_TYPE_MX, unbound.RR_CLASS_IN) -if status == 0 and result.havedata: - print("Result:") - print(" raw data:", result.data) - for k in sorted(result.data.mx_list): - print(" priority:%d address:%s" % k) - -status, result = ctx.resolve("nic.cz", unbound.RR_TYPE_A, unbound.RR_CLASS_IN) -if status == 0 and result.havedata: - print("Result:") - print(" raw data:", result.data) - for k in sorted(result.data.address_list): - print(" address:%s" % k) diff --git a/external/unbound/libunbound/python/examples/ns-lookup.py b/external/unbound/libunbound/python/examples/ns-lookup.py deleted file mode 100644 index 49f567283..000000000 --- a/external/unbound/libunbound/python/examples/ns-lookup.py +++ /dev/null @@ -1,48 +0,0 @@ -#!/usr/bin/python -# vim:fileencoding=utf-8 -''' - ns-lookup.py: Example shows how to lookup for NS records - - Authors: Zdenek Vasicek (vasicek AT fit.vutbr.cz) - Marek Vavrusa (xvavru00 AT stud.fit.vutbr.cz) - - Copyright (c) 2008. All rights reserved. - - This software is open source. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions - are met: - - Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - Redistributions in binary form must reproduce the above copyright notice, - this list of conditions and the following disclaimer in the documentation - and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED - TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE - LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR - CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. -''' -from __future__ import print_function -import unbound - -ctx = unbound.ub_ctx() -ctx.resolvconf("/etc/resolv.conf") - -status, result = ctx.resolve("vutbr.cz", unbound.RR_TYPE_NS, unbound.RR_CLASS_IN) -if status == 0 and result.havedata: - print("Result:") - print(" raw data:", result.data) - for k in sorted(result.data.domain_list): - print(" host: %s" % k) - diff --git a/external/unbound/libunbound/python/examples/reverse-lookup.py b/external/unbound/libunbound/python/examples/reverse-lookup.py deleted file mode 100644 index c9a13fea6..000000000 --- a/external/unbound/libunbound/python/examples/reverse-lookup.py +++ /dev/null @@ -1,44 +0,0 @@ -#!/usr/bin/python -''' - reverse-lookup.py: Example shows how to resolve reverse record - - Authors: Zdenek Vasicek (vasicek AT fit.vutbr.cz) - Marek Vavrusa (xvavru00 AT stud.fit.vutbr.cz) - - Copyright (c) 2008. All rights reserved. - - This software is open source. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions - are met: - - Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - Redistributions in binary form must reproduce the above copyright notice, - this list of conditions and the following disclaimer in the documentation - and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED - TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE - LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR - CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. -''' -from __future__ import print_function -import unbound - -ctx = unbound.ub_ctx() -ctx.resolvconf("/etc/resolv.conf") - -status, result = ctx.resolve(unbound.reverse("74.125.43.147") + ".in-addr.arpa.", unbound.RR_TYPE_PTR, unbound.RR_CLASS_IN) -if status == 0 and result.havedata: - print("Result.data:", result.data, sorted(result.data.domain_list)) - diff --git a/external/unbound/libunbound/python/file_py3.i b/external/unbound/libunbound/python/file_py3.i deleted file mode 100644 index 5d8b5a271..000000000 --- a/external/unbound/libunbound/python/file_py3.i +++ /dev/null @@ -1,155 +0,0 @@ -/* - * file_py3.i: Typemaps for FILE* for Python 3 - * - * Copyright (c) 2011, Karel Slany (karel.slany AT nic.cz) - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions are met: - * - * * Redistributions of source code must retain the above copyright notice, - * this list of conditions and the following disclaimer. - * * Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * * Neither the name of the organization nor the names of its - * contributors may be used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE - * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR - * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - * POSSIBILITY OF SUCH DAMAGE. - */ - -%{ -#include -#include -%} - -%types(FILE *); - -//#define SWIG_FILE3_DEBUG - -/* converts basic file descriptor flags onto a string */ -%fragment("fdfl_to_str", "header") { -const char * -fdfl_to_str(int fdfl) { - - static const char * const file_mode[] = {"w+", "w", "r"}; - - if (fdfl & O_RDWR) { - return file_mode[0]; - } else if (fdfl & O_WRONLY) { - return file_mode[1]; - } else { - return file_mode[2]; - } -} -} - -%fragment("is_obj_file", "header") { -int -is_obj_file(PyObject *obj) { - int fd, fdfl; - if (!PyLong_Check(obj) && /* is not an integer */ - PyObject_HasAttrString(obj, "fileno") && /* has fileno method */ - (PyObject_CallMethod(obj, "flush", NULL) != NULL) && /* flush() succeeded */ - ((fd = PyObject_AsFileDescriptor(obj)) != -1) && /* got file descriptor */ - ((fdfl = fcntl(fd, F_GETFL)) != -1) /* got descriptor flags */ - ) { - return 1; - } - else { - return 0; - } -} -} - -%fragment("obj_to_file","header", fragment="fdfl_to_str,is_obj_file") { -FILE * -obj_to_file(PyObject *obj) { - int fd, fdfl; - FILE *fp; - if (is_obj_file(obj)) { - fd = PyObject_AsFileDescriptor(obj); - fdfl = fcntl(fd, F_GETFL); - fp = fdopen(dup(fd), fdfl_to_str(fdfl)); /* the FILE* must be flushed - and closed after being used */ -#ifdef SWIG_FILE3_DEBUG - fprintf(stderr, "opening fd %d (fl %d \"%s\") as FILE %p\n", - fd, fdfl, fdfl_to_str(fdfl), (void *)fp); -#endif - return fp; - } - return NULL; -} -} - -/* returns -1 if error occurred */ -/* caused magic SWIG Syntax errors when was commented out */ -#if 0 -%fragment("dispose_file", "header") { -int -dispose_file(FILE **fp) { -#ifdef SWIG_FILE3_DEBUG - fprintf(stderr, "flushing FILE %p\n", (void *)fp); -#endif - if (*fp == NULL) { - return 0; - } - if ((fflush(*fp) == 0) && /* flush file */ - (fclose(*fp) == 0)) { /* close file */ - *fp = NULL; - return 0; - } - return -1; -} -} -#endif - -%typemap(arginit, noblock = 1) FILE* { - $1 = NULL; -} - -/* - * added due to ub_ctx_debugout since since it is overloaded: - * takes void* and FILE*. In reality only FILE* but the wrapper - * and the function is declared in such way. - */ -%typemap(typecheck, noblock = 1, fragment = "is_obj_file", precedence = SWIG_TYPECHECK_POINTER) FILE* { - $1 = is_obj_file($input); -} - -%typemap(check, noblock = 1) FILE* { - if ($1 == NULL) { - /* The generated wrapper function raises TypeError on mismatching types. */ - SWIG_exception_fail(SWIG_TypeError, "in method '" "$symname" "', argument " - "$argnum"" of type '" "$type""'"); - } -} - -%typemap(in, noblock = 1, fragment = "obj_to_file") FILE* { - $1 = obj_to_file($input); -} - -/* - * Commented out due the way how ub_ctx_debugout() uses the parameter. - * This typemap would cause the FILE* to be closed after return from - * the function. This caused Python interpreter to crash, since the - * function just stores the FILE* internally in ctx and use it for - * logging. So we'll leave the closing of the file on the OS. - */ -/*%typemap(freearg, noblock = 1, fragment = "dispose_file") FILE* { - if (dispose_file(&$1) == -1) { - SWIG_exception_fail(SWIG_IOError, "closing file in method '" "$symname" "', argument " - "$argnum"" of type '" "$type""'"); - } -}*/ diff --git a/external/unbound/libunbound/python/libunbound.i b/external/unbound/libunbound/python/libunbound.i deleted file mode 100644 index 84a536929..000000000 --- a/external/unbound/libunbound/python/libunbound.i +++ /dev/null @@ -1,959 +0,0 @@ -/* - * libunbound.i: pyUnbound module (libunbound wrapper for Python) - * - * Copyright (c) 2009, Zdenek Vasicek (vasicek AT fit.vutbr.cz) - * Marek Vavrusa (xvavru00 AT stud.fit.vutbr.cz) - * - * This software is open source. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above copyright notice, - * this list of conditions and the following disclaimer. - * - * * Redistributions in binary form must reproduce the above copyright notice, - * this list of conditions and the following disclaimer in the documentation - * and/or other materials provided with the distribution. - * - * * Neither the name of the organization nor the names of its - * contributors may be used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED - * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE - * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR - * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - * POSSIBILITY OF SUCH DAMAGE. - */ -%module unbound -%{ - #include - #include - #include - #include - #include "libunbound/unbound.h" -%} - -%pythoncode %{ - import encodings.idna - try: - import builtins - except ImportError: - import __builtin__ as builtins - - # Ensure compatibility with older python versions - if 'bytes' not in vars(): - bytes = str - - def ord(s): - if isinstance(s, int): - return s - return builtins.ord(s) -%} - -//%include "doc.i" -#if PY_MAJOR_VERSION >= 3 -%include "file_py3.i" // python 3 FILE * -#else -%include "file.i" -#endif - -%feature("docstring") strerror "Convert error value to a human readable string." - -// ================================================================================ -// ub_resolve - perform resolution and validation -// ================================================================================ -%typemap(in,numinputs=0,noblock=1) (struct ub_result** result) -{ - struct ub_result* newubr; - $1 = &newubr; -} - -/* result generation */ -%typemap(argout,noblock=1) (struct ub_result** result) -{ - if(1) { /* new code block for variable on stack */ - PyObject* tuple; - tuple = PyTuple_New(2); - PyTuple_SetItem(tuple, 0, $result); - if (result == 0) { - PyTuple_SetItem(tuple, 1, SWIG_NewPointerObj(SWIG_as_voidptr(newubr), SWIGTYPE_p_ub_result, SWIG_POINTER_OWN | 0 )); - } else { - PyTuple_SetItem(tuple, 1, Py_None); - } - $result = tuple; - } -} - - -// ================================================================================ -// ub_ctx - validation context -// ================================================================================ -%nodefaultctor ub_ctx; //no default constructor & destructor -%nodefaultdtor ub_ctx; - -%newobject ub_ctx_create; -%delobject ub_ctx_delete; -%rename(_ub_ctx_delete) ub_ctx_delete; - -%newobject ub_resolve; - -%inline %{ - void ub_ctx_free_dbg (struct ub_ctx* c) { - printf("******** UB_CTX free 0x%lX ************\n", (long unsigned int)c); - ub_ctx_delete(c); - } - - //RR types - enum enum_rr_type - { - /** a host address */ - RR_TYPE_A = 1, - /** an authoritative name server */ - RR_TYPE_NS = 2, - /** a mail destination (Obsolete - use MX) */ - RR_TYPE_MD = 3, - /** a mail forwarder (Obsolete - use MX) */ - RR_TYPE_MF = 4, - /** the canonical name for an alias */ - RR_TYPE_CNAME = 5, - /** marks the start of a zone of authority */ - RR_TYPE_SOA = 6, - /** a mailbox domain name (EXPERIMENTAL) */ - RR_TYPE_MB = 7, - /** a mail group member (EXPERIMENTAL) */ - RR_TYPE_MG = 8, - /** a mail rename domain name (EXPERIMENTAL) */ - RR_TYPE_MR = 9, - /** a null RR (EXPERIMENTAL) */ - RR_TYPE_NULL = 10, - /** a well known service description */ - RR_TYPE_WKS = 11, - /** a domain name pointer */ - RR_TYPE_PTR = 12, - /** host information */ - RR_TYPE_HINFO = 13, - /** mailbox or mail list information */ - RR_TYPE_MINFO = 14, - /** mail exchange */ - RR_TYPE_MX = 15, - /** text strings */ - RR_TYPE_TXT = 16, - /** RFC1183 */ - RR_TYPE_RP = 17, - /** RFC1183 */ - RR_TYPE_AFSDB = 18, - /** RFC1183 */ - RR_TYPE_X25 = 19, - /** RFC1183 */ - RR_TYPE_ISDN = 20, - /** RFC1183 */ - RR_TYPE_RT = 21, - /** RFC1706 */ - RR_TYPE_NSAP = 22, - /** RFC1348 */ - RR_TYPE_NSAP_PTR = 23, - /** 2535typecode */ - RR_TYPE_SIG = 24, - /** 2535typecode */ - RR_TYPE_KEY = 25, - /** RFC2163 */ - RR_TYPE_PX = 26, - /** RFC1712 */ - RR_TYPE_GPOS = 27, - /** ipv6 address */ - RR_TYPE_AAAA = 28, - /** LOC record RFC1876 */ - RR_TYPE_LOC = 29, - /** 2535typecode */ - RR_TYPE_NXT = 30, - /** draft-ietf-nimrod-dns-01.txt */ - RR_TYPE_EID = 31, - /** draft-ietf-nimrod-dns-01.txt */ - RR_TYPE_NIMLOC = 32, - /** SRV record RFC2782 */ - RR_TYPE_SRV = 33, - /** http://www.jhsoft.com/rfc/af-saa-0069.000.rtf */ - RR_TYPE_ATMA = 34, - /** RFC2915 */ - RR_TYPE_NAPTR = 35, - /** RFC2230 */ - RR_TYPE_KX = 36, - /** RFC2538 */ - RR_TYPE_CERT = 37, - /** RFC2874 */ - RR_TYPE_A6 = 38, - /** RFC2672 */ - RR_TYPE_DNAME = 39, - /** dnsind-kitchen-sink-02.txt */ - RR_TYPE_SINK = 40, - /** Pseudo OPT record... */ - RR_TYPE_OPT = 41, - /** RFC3123 */ - RR_TYPE_APL = 42, - /** draft-ietf-dnsext-delegation */ - RR_TYPE_DS = 43, - /** SSH Key Fingerprint */ - RR_TYPE_SSHFP = 44, - /** draft-richardson-ipseckey-rr-11.txt */ - RR_TYPE_IPSECKEY = 45, - /** draft-ietf-dnsext-dnssec-25 */ - RR_TYPE_RRSIG = 46, - RR_TYPE_NSEC = 47, - RR_TYPE_DNSKEY = 48, - RR_TYPE_DHCID = 49, - - RR_TYPE_NSEC3 = 50, - RR_TYPE_NSEC3PARAMS = 51, - - RR_TYPE_UINFO = 100, - RR_TYPE_UID = 101, - RR_TYPE_GID = 102, - RR_TYPE_UNSPEC = 103, - - RR_TYPE_TSIG = 250, - RR_TYPE_IXFR = 251, - RR_TYPE_AXFR = 252, - /** A request for mailbox-related records (MB, MG or MR) */ - RR_TYPE_MAILB = 253, - /** A request for mail agent RRs (Obsolete - see MX) */ - RR_TYPE_MAILA = 254, - /** any type (wildcard) */ - RR_TYPE_ANY = 255, - - /* RFC 4431, 5074, DNSSEC Lookaside Validation */ - RR_TYPE_DLV = 32769, - }; - - // RR classes - enum enum_rr_class - { - /** the Internet */ - RR_CLASS_IN = 1, - /** Chaos class */ - RR_CLASS_CH = 3, - /** Hesiod (Dyer 87) */ - RR_CLASS_HS = 4, - /** None class, dynamic update */ - RR_CLASS_NONE = 254, - /** Any class */ - RR_CLASS_ANY = 255, - }; -%} - -%feature("docstring") ub_ctx "Unbound resolving and validation context. - -The validation context is created to hold the resolver status, validation keys and a small cache (containing messages, rrsets, roundtrip times, trusted keys, lameness information). - -**Usage** - ->>> import unbound ->>> ctx = unbound.ub_ctx() ->>> ctx.resolvconf(\"/etc/resolv.conf\") ->>> status, result = ctx.resolve(\"www.google.com\", unbound.RR_TYPE_A, unbound.RR_CLASS_IN) ->>> if status==0 and result.havedata: ->>> print \"Result:\",result.data.address_list -Result: ['74.125.43.147', '74.125.43.99', '74.125.43.103', '74.125.43.104'] -" - -%extend ub_ctx -{ - %pythoncode %{ - def __init__(self): - """Creates a resolving and validation context. - - An exception is invoked if the process of creation an ub_ctx instance fails. - """ - self.this = _unbound.ub_ctx_create() - if not self.this: - raise Exception("Fatal error: unbound context initialization failed") - - #__swig_destroy__ = _unbound.ub_ctx_free_dbg - __swig_destroy__ = _unbound._ub_ctx_delete - - #UB_CTX_METHODS_# - def add_ta(self,ta): - """Add a trust anchor to the given context. - - The trust anchor is a string, on one line, that holds a valid DNSKEY or DS RR. - - :param ta: - string, with zone-format RR on one line. [domainname] [TTL optional] [type] [class optional] [rdata contents] - :returns: (int) 0 if OK, else error. - """ - return _unbound.ub_ctx_add_ta(self,ta) - #parameters: struct ub_ctx *,char *, - #retvals: int - - def add_ta_file(self,fname): - """Add trust anchors to the given context. - - Pass name of a file with DS and DNSKEY records (like from dig or drill). - - :param fname: - filename of file with keyfile with trust anchors. - :returns: (int) 0 if OK, else error. - """ - return _unbound.ub_ctx_add_ta_file(self,fname) - #parameters: struct ub_ctx *,char *, - #retvals: int - - def config(self,fname): - """setup configuration for the given context. - - :param fname: - unbound config file (not all settings applicable). This is a power-users interface that lets you specify all sorts of options. For some specific options, such as adding trust anchors, special routines exist. - :returns: (int) 0 if OK, else error. - """ - return _unbound.ub_ctx_config(self,fname) - #parameters: struct ub_ctx *,char *, - #retvals: int - - def debuglevel(self,d): - """Set debug verbosity for the context Output is directed to stderr. - - :param d: - debug level, 0 is off, 1 is very minimal, 2 is detailed, and 3 is lots. - :returns: (int) 0 if OK, else error. - """ - return _unbound.ub_ctx_debuglevel(self,d) - #parameters: struct ub_ctx *,int, - #retvals: int - - def debugout(self,out): - """Set debug output (and error output) to the specified stream. - - Pass None to disable. Default is stderr. - - :param out: - File stream to log to. - :returns: (int) 0 if OK, else error. - - **Usage:** - - In order to log into file, use - - :: - - ctx = unbound.ub_ctx() - fw = fopen("debug.log") - ctx.debuglevel(3) - ctx.debugout(fw) - - Another option is to print the debug informations to stderr output - - :: - - ctx = unbound.ub_ctx() - ctx.debuglevel(10) - ctx.debugout(sys.stderr) - """ - return _unbound.ub_ctx_debugout(self,out) - #parameters: struct ub_ctx *,void *, - #retvals: int - - def hosts(self,fname="/etc/hosts"): - """Read list of hosts from the filename given. - - Usually "/etc/hosts". These addresses are not flagged as DNSSEC secure when queried for. - - :param fname: - file name string. If None "/etc/hosts" is used. - :returns: (int) 0 if OK, else error. - """ - return _unbound.ub_ctx_hosts(self,fname) - #parameters: struct ub_ctx *,char *, - #retvals: int - - def print_local_zones(self): - """Print the local zones and their content (RR data) to the debug output. - - :returns: (int) 0 if OK, else error. - """ - return _unbound.ub_ctx_print_local_zones(self) - #parameters: struct ub_ctx *, - #retvals: int - - def resolvconf(self,fname="/etc/resolv.conf"): - """Read list of nameservers to use from the filename given. - - Usually "/etc/resolv.conf". Uses those nameservers as caching proxies. If they do not support DNSSEC, validation may fail. - - Only nameservers are picked up, the searchdomain, ndots and other settings from resolv.conf(5) are ignored. - - :param fname: - file name string. If None "/etc/resolv.conf" is used. - :returns: (int) 0 if OK, else error. - """ - return _unbound.ub_ctx_resolvconf(self,fname) - #parameters: struct ub_ctx *,char *, - #retvals: int - - def set_async(self,dothread): - """Set a context behaviour for asynchronous action. - - :param dothread: - if True, enables threading and a call to :meth:`resolve_async` creates a thread to handle work in the background. - If False, a process is forked to handle work in the background. - Changes to this setting after :meth:`async` calls have been made have no effect (delete and re-create the context to change). - :returns: (int) 0 if OK, else error. - """ - return _unbound.ub_ctx_async(self,dothread) - #parameters: struct ub_ctx *,int, - #retvals: int - - def set_fwd(self,addr): - """Set machine to forward DNS queries to, the caching resolver to use. - - IP4 or IP6 address. Forwards all DNS requests to that machine, which is expected to run a recursive resolver. If the is not DNSSEC-capable, validation may fail. Can be called several times, in that case the addresses are used as backup servers. - - To read the list of nameservers from /etc/resolv.conf (from DHCP or so), use the call :meth:`resolvconf`. - - :param addr: - address, IP4 or IP6 in string format. If the addr is None, forwarding is disabled. - :returns: (int) 0 if OK, else error. - """ - return _unbound.ub_ctx_set_fwd(self,addr) - #parameters: struct ub_ctx *,char *, - #retvals: int - - def set_option(self,opt,val): - """Set an option for the context. - - Changes to the options after :meth:`resolve`, :meth:`resolve_async`, :meth:`zone_add`, :meth:`zone_remove`, :meth:`data_add` or :meth:`data_remove` have no effect (you have to delete and re-create the context). - - :param opt: - option name from the unbound.conf config file format. (not all settings applicable). The name includes the trailing ':' for example set_option("logfile:", "mylog.txt"); This is a power-users interface that lets you specify all sorts of options. For some specific options, such as adding trust anchors, special routines exist. - :param val: - value of the option. - :returns: (int) 0 if OK, else error. - """ - return _unbound.ub_ctx_set_option(self,opt,val) - #parameters: struct ub_ctx *,char *,char *, - #retvals: int - - def trustedkeys(self,fname): - """Add trust anchors to the given context. - - Pass the name of a bind-style config file with trusted-keys{}. - - :param fname: - filename of file with bind-style config entries with trust anchors. - :returns: (int) 0 if OK, else error. - """ - return _unbound.ub_ctx_trustedkeys(self,fname) - #parameters: struct ub_ctx *,char *, - #retvals: int - #_UB_CTX_METHODS# - - def zone_print(self): - """Print local zones using debugout""" - _unbound.ub_ctx_print_local_zones(self) - - def zone_add(self,zonename,zonetype): - """Add new local zone - - :param zonename: zone domain name (e.g. myzone.) - :param zonetype: type of the zone ("static",...) - :returns: (int) 0 if OK, else error. - """ - return _unbound.ub_ctx_zone_add(self,zonename, zonetype) - #parameters: struct ub_ctx *,char*, char* - #retvals: int - - def zone_remove(self,zonename): - """Remove local zone - - If exists, removes local zone with all the RRs. - - :param zonename: zone domain name - :returns: (int) 0 if OK, else error. - """ - return _unbound.ub_ctx_zone_remove(self,zonename) - #parameters: struct ub_ctx *,char* - #retvals: int - - def data_add(self,rrdata): - """Add new local RR data - - :param rrdata: string, in zone-format on one line. [domainname] [TTL optional] [type] [class optional] [rdata contents] - :returns: (int) 0 if OK, else error. - - **Usage** - The local data ... - - :: - - >>> ctx = unbound.ub_ctx() - >>> ctx.zone_add("mydomain.net.","static") - 0 - >>> status = ctx.data_add("test.mydomain.net. IN A 192.168.1.1") - 0 - >>> status, result = ctx.resolve("test.mydomain.net") - >>> if status==0 and result.havedata: - >>> print \"Result:\",result.data.address_list - Result: ['192.168.1.1'] - - """ - return _unbound.ub_ctx_data_add(self,rrdata) - #parameters: struct ub_ctx *,char* - #retvals: int - - def data_remove(self,rrdata): - """Remove local RR data - - If exists, remove resource record from local zone - - :param rrdata: string, in zone-format on one line. [domainname] [TTL optional] [type] [class optional] [rdata contents] - :returns: (int) 0 if OK, else error. - """ - return _unbound.ub_ctx_data_remove(self,rrdata) - #parameters: struct ub_ctx *,char* - #retvals: int - - #UB_METHODS_# - def cancel(self,async_id): - """Cancel an async query in progress. - - Its callback will not be called. - - :param async_id: - which query to cancel. - :returns: (int) 0 if OK, else error. - """ - return _unbound.ub_cancel(self,async_id) - #parameters: struct ub_ctx *,int, - #retvals: int - - def get_fd(self): - """Get file descriptor. - - Wait for it to become readable, at this point answers are returned from the asynchronous validating resolver. Then call the ub_process to continue processing. This routine works immediately after context creation, the fd does not change. - - :returns: (int) -1 on error, or file descriptor to use select(2) with. - """ - return _unbound.ub_fd(self) - #parameters: struct ub_ctx *, - #retvals: int - - def poll(self): - """Poll a context to see if it has any new results Do not poll in a loop, instead extract the fd below to poll for readiness, and then check, or wait using the wait routine. - - :returns: (int) 0 if nothing to read, or nonzero if a result is available. If nonzero, call ctx_process() to do callbacks. - """ - return _unbound.ub_poll(self) - #parameters: struct ub_ctx *, - #retvals: int - - def process(self): - """Call this routine to continue processing results from the validating resolver (when the fd becomes readable). - - Will perform necessary callbacks. - - :returns: (int) 0 if OK, else error. - """ - return _unbound.ub_process(self) - #parameters: struct ub_ctx *, - #retvals: int - - def resolve(self,name,rrtype=RR_TYPE_A,rrclass=RR_CLASS_IN): - """Perform resolution and validation of the target name. - - :param name: - domain name in text format (a string or unicode string). IDN domain name have to be passed as a unicode string. - :param rrtype: - type of RR in host order (optional argument). Default value is RR_TYPE_A (A class). - :param rrclass: - class of RR in host order (optional argument). Default value is RR_CLASS_IN (for internet). - :returns: * (int) 0 if OK, else error. - * (:class:`ub_result`) the result data is returned in a newly allocated result structure. May be None on return, return value is set to an error in that case (out of memory). - """ - if isinstance(name, bytes): #probably IDN - return _unbound.ub_resolve(self,name,rrtype,rrclass) - else: - return _unbound.ub_resolve(self,idn2dname(name),rrtype,rrclass) - #parameters: struct ub_ctx *,char *,int,int, - #retvals: int,struct ub_result ** - - def resolve_async(self,name,mydata,callback,rrtype=RR_TYPE_A,rrclass=RR_CLASS_IN): - """Perform resolution and validation of the target name. - - Asynchronous, after a while, the callback will be called with your data and the result. - If an error happens during processing, your callback will be called with error set to a nonzero value (and result==None). - - :param name: - domain name in text format (a string or unicode string). IDN domain name have to be passed as a unicode string. - :param mydata: - this data is your own data (you can pass arbitrary python object or None) which are passed on to the callback function. - :param callback: - call-back function which is called on completion of the resolution. - :param rrtype: - type of RR in host order (optional argument). Default value is RR_TYPE_A (A class). - :param rrclass: - class of RR in host order (optional argument). Default value is RR_CLASS_IN (for internet). - :returns: * (int) 0 if OK, else error. - * (int) async_id, an identifier number is returned for the query as it is in progress. It can be used to cancel the query. - - **Call-back function:** - The call-back function looks as the follows:: - - def call_back(mydata, status, result): - pass - - **Parameters:** - * `mydata` - mydata object - * `status` - 0 when a result has been found - * `result` - the result structure. The result may be None, in that case err is set. - - """ - if isinstance(name, bytes): #probably IDN - return _unbound._ub_resolve_async(self,name,rrtype,rrclass,mydata,callback) - else: - return _unbound._ub_resolve_async(self,idn2dname(name),rrtype,rrclass,mydata,callback) - #parameters: struct ub_ctx *,char *,int,int,void *,ub_callback_t, - #retvals: int, int - - def wait(self): - """Wait for a context to finish with results. - - Calls after the wait for you. After the wait, there are no more outstanding asynchronous queries. - - :returns: (int) 0 if OK, else error. - """ - return _unbound.ub_wait(self) - #parameters: struct ub_ctx *, - #retvals: int - - #_UB_METHODS# - %} -} - - -// ================================================================================ -// ub_result - validation and resolution results -// ================================================================================ -%nodefaultctor ub_result; //no default constructor & destructor -%nodefaultdtor ub_result; - -%delobject ub_resolve_free; -%rename(_ub_resolve_free) ub_resolve_free; - -%inline %{ - void ub_resolve_free_dbg (struct ub_result* r) { - printf("******** UB_RESOLVE free 0x%lX ************\n", (long unsigned int)r); - ub_resolve_free(r); - } -%} - -%feature("docstring") ub_result "The validation and resolution results." - -//ub_result.rcode -%inline %{ - enum result_enum_rcode { - RCODE_NOERROR = 0, - RCODE_FORMERR = 1, - RCODE_SERVFAIL = 2, - RCODE_NXDOMAIN = 3, - RCODE_NOTIMPL = 4, - RCODE_REFUSED = 5, - RCODE_YXDOMAIN = 6, - RCODE_YXRRSET = 7, - RCODE_NXRRSET = 8, - RCODE_NOTAUTH = 9, - RCODE_NOTZONE = 10 - }; -%} - -%pythoncode %{ - class ub_data: - """Class which makes the resolution results accessible""" - def __init__(self, data): - """Creates ub_data class - :param data: a list of the result data in RAW format - """ - if data == None: - raise Exception("ub_data init: No data") - self.data = data - - def __str__(self): - """Represents data as string""" - return ';'.join([' '.join(map(lambda x:"%02X" % ord(x),a)) for a in self.data]) - - @staticmethod - def dname2str(s, ofs=0, maxlen=0): - """Parses DNAME and produces a list of labels - - :param ofs: where the conversion should start to parse data - :param maxlen: maximum length (0 means parse to the end) - :returns: list of labels (string) - """ - if not s: - return [] - - res = [] - slen = len(s) - if maxlen > 0: - slen = min(slen, maxlen) - - idx = ofs - while (idx < slen): - complen = ord(s[idx]) - # In python 3.x `str()` converts the string to unicode which is the expected text string type - res.append(str(s[idx+1:idx+1+complen].decode())) - idx += complen + 1 - - return res - - def as_raw_data(self): - """Returns a list of RAW strings""" - return self.data - - raw = property(as_raw_data, doc="Returns RAW data (a list of binary encoded strings). See :meth:`as_raw_data`") - - def as_mx_list(self): - """Represents data as a list of MX records (query for RR_TYPE_MX) - - :returns: list of tuples (priority, dname) - """ - return [(256*ord(rdf[0])+ord(rdf[1]),'.'.join([a for a in self.dname2str(rdf,2)])) for rdf in self.data] - - mx_list = property(as_mx_list, doc="Returns a list of tuples containing priority and domain names. See :meth:`as_mx_list`") - - def as_idn_mx_list(self): - """Represents data as a list of MX records (query for RR_TYPE_MX) - - :returns: list of tuples (priority, unicode dname) - """ - return [(256*ord(rdf[0])+ord(rdf[1]),'.'.join([encodings.idna.ToUnicode(a) for a in self.dname2str(rdf,2)])) for rdf in self.data] - - mx_list_idn = property(as_idn_mx_list, doc="Returns a list of tuples containing priority and IDN domain names. See :meth:`as_idn_mx_list`") - - def as_address_list(self): - """Represents data as a list of IP addresses (query for RR_TYPE_PTR) - - :returns: list of strings - """ - return ['.'.join(map(lambda x:str(ord(x)),a)) for a in self.data] - - address_list = property(as_address_list, doc="Returns a list of IP addresses. See :meth:`as_address_list`") - - def as_domain_list(self): - """Represents data as a list of domain names (query for RR_TYPE_A) - - :returns: list of strings - """ - return map(lambda x:'.'.join(self.dname2str(x)), self.data) - - domain_list = property(as_domain_list, doc="Returns a list of domain names. See :meth:`as_domain_list`") - - def as_idn_domain_list(self): - """Represents data as a list of unicode domain names (query for RR_TYPE_A) - - :returns: list of strings - """ - return map(lambda x: '.'.join([encodings.idna.ToUnicode(a) for a in self.dname2str(x)]), self.data) - - domain_list_idn = property(as_idn_domain_list, doc="Returns a list of IDN domain names. See :meth:`as_idn_domain_list`") -%} - -%extend ub_result -{ - - %rename(_data) data; - - PyObject* _ub_result_data(struct ub_result* result) { - PyObject *list; - int i,cnt; - (void)self; - if ((result == 0) || (!result->havedata) || (result->data == 0)) - return Py_None; - - for (cnt=0,i=0;;i++,cnt++) - if (result->data[i] == 0) - break; - - list = PyList_New(cnt); - for (i=0;idata[i],result->len[i])); - - return list; - } - - PyObject* _packet() { - return PyBytes_FromStringAndSize($self->answer_packet, $self->answer_len); - } - - %pythoncode %{ - def __init__(self): - raise Exception("This class can't be created directly.") - - #__swig_destroy__ = _unbound.ub_resolve_free_dbg - __swig_destroy__ = _unbound._ub_resolve_free - - #havedata = property(_unbound.ub_result_havedata_get, _unbound.ub_result_havedata_set, "Havedata property") - - rcode2str = {RCODE_NOERROR:'no error', RCODE_FORMERR:'form error', RCODE_SERVFAIL:'serv fail', RCODE_NXDOMAIN:'nx domain', RCODE_NOTIMPL:'not implemented', RCODE_REFUSED:'refused', RCODE_YXDOMAIN:'yxdomain', RCODE_YXRRSET:'yxrrset', RCODE_NXRRSET:'nxrrset', RCODE_NOTAUTH:'not auth', RCODE_NOTZONE:'not zone'} - - def _get_rcode_str(self): - """Returns rcode in display representation form - - :returns: string - """ - return self.rcode2str[self.rcode] - - __swig_getmethods__["rcode_str"] = _get_rcode_str - if _newclass:rcode_str = _swig_property(_get_rcode_str) - - def _get_raw_data(self): - """Result data, a list of network order DNS rdata items. - - Data are represented as a list of strings. To decode RAW data to the list of IP addresses use :attr:`data` attribute which returns an :class:`ub_data` instance containing conversion function. - """ - return self._ub_result_data(self) - - __swig_getmethods__["rawdata"] = _get_raw_data - rawdata = property(_get_raw_data, doc="Returns raw data, a list of rdata items. To decode RAW data use the :attr:`data` attribute which returns an instance of :class:`ub_data` containing the conversion functions.") - - def _get_data(self): - if not self.havedata: return None - return ub_data(self._ub_result_data(self)) - - __swig_getmethods__["data"] = _get_data - __swig_getmethods__["packet"] = _packet - data = property(_get_data, doc="Returns :class:`ub_data` instance containing various decoding functions or None") - -%} - -} - -%exception ub_resolve -%{ - //printf("resolve_start(%lX)\n",(long unsigned int)arg1); - Py_BEGIN_ALLOW_THREADS - $function - Py_END_ALLOW_THREADS - //printf("resolve_stop()\n"); -%} - -%include "libunbound/unbound.h" - -%inline %{ - //SWIG will see the ub_ctx as a class - struct ub_ctx { - }; -%} - -//ub_ctx_debugout void* parameter correction -int ub_ctx_debugout(struct ub_ctx* ctx, FILE* out); - -// ================================================================================ -// ub_resolve_async - perform asynchronous resolution and validation -// ================================================================================ - -%typemap(in,numinputs=0,noblock=1) (int* async_id) -{ - int asyncid = -1; - $1 = &asyncid; -} - -%apply PyObject* {void* mydata} - -/* result generation */ -%typemap(argout,noblock=1) (int* async_id) -{ - if(1) { /* new code block for variable on stack */ - PyObject* tuple; - tuple = PyTuple_New(2); - PyTuple_SetItem(tuple, 0, $result); - PyTuple_SetItem(tuple, 1, SWIG_From_int(asyncid)); - $result = tuple; - } -} - -// Grab a Python function object as a Python object. -%typemap(in) (PyObject *pyfunc) { - if (!PyCallable_Check($input)) - { - PyErr_SetString(PyExc_TypeError, "Need a callable object!"); - return NULL; - } - $1 = $input; -} - -// Python callback workaround -int _ub_resolve_async(struct ub_ctx* ctx, char* name, int rrtype, int rrclass, void* mydata, PyObject *pyfunc, int* async_id); - -%{ - struct cb_data { - PyObject* data; - PyObject* func; - }; - - static void PythonCallBack(void* iddata, int status, struct ub_result* result) - { - PyObject *arglist; - PyObject *fresult; - struct cb_data* id; - id = (struct cb_data*) iddata; - arglist = Py_BuildValue("(OiO)",id->data,status, SWIG_NewPointerObj(SWIG_as_voidptr(result), SWIGTYPE_p_ub_result, 0 | 0 )); // Build argument list - fresult = PyEval_CallObject(id->func,arglist); // Call Python - Py_DECREF(id->func); - Py_DECREF(id->data); - free(id); - ub_resolve_free(result); //free ub_result - //ub_resolve_free_dbg(result); //free ub_result - Py_DECREF(arglist); // Trash arglist - Py_XDECREF(fresult); - } - - int _ub_resolve_async(struct ub_ctx* ctx, char* name, int rrtype, int rrclass, PyObject* mydata, PyObject *pyfunc, int* async_id) { - int r; - struct cb_data* id; - id = (struct cb_data*) malloc(sizeof(struct cb_data)); - id->data = mydata; - id->func = pyfunc; - - r = ub_resolve_async(ctx,name,rrtype,rrclass, (void *) id, PythonCallBack, async_id); - Py_INCREF(mydata); - Py_INCREF(pyfunc); - return r; - } - -%} - -%pythoncode %{ - ub_resolve_async = _unbound._ub_resolve_async - - def reverse(domain): - """Reverse domain name - - Usable for reverse lookups when the IP address should be reversed - """ - return '.'.join([a for a in domain.split(".")][::-1]) - - def idn2dname(idnname): - """Converts domain name in IDN format to canonic domain name - - :param idnname: (unicode string) IDN name - :returns: (string) domain name - """ - return '.'.join([encodings.idna.ToASCII(a) if a else '' for a in idnname.split('.')]) - - def dname2idn(name): - """Converts canonic domain name in IDN format to unicode string - - :param name: (string) domain name - :returns: (unicode string) domain name - """ - return '.'.join([encodings.idna.ToUnicode(a) for a in name.split('.')]) - -%} - diff --git a/external/unbound/libunbound/ubsyms.def b/external/unbound/libunbound/ubsyms.def deleted file mode 100644 index 0d8e6af91..000000000 --- a/external/unbound/libunbound/ubsyms.def +++ /dev/null @@ -1,35 +0,0 @@ -ub_cancel -ub_ctx_add_ta -ub_ctx_add_ta_autr -ub_ctx_add_ta_file -ub_ctx_async -ub_ctx_config -ub_ctx_create -ub_ctx_create_event -ub_ctx_create_ub_event -ub_ctx_data_add -ub_ctx_data_remove -ub_ctx_debuglevel -ub_ctx_debugout -ub_ctx_delete -ub_ctx_get_option -ub_ctx_hosts -ub_ctx_print_local_zones -ub_ctx_resolvconf -ub_ctx_set_event -ub_ctx_set_fwd -ub_ctx_set_option -ub_ctx_set_stub -ub_ctx_trustedkeys -ub_ctx_zone_add -ub_ctx_zone_remove -ub_fd -ub_poll -ub_process -ub_resolve -ub_resolve_async -ub_resolve_event -ub_resolve_free -ub_strerror -ub_version -ub_wait diff --git a/external/unbound/libunbound/unbound-event.h b/external/unbound/libunbound/unbound-event.h deleted file mode 100644 index d5f0b1a36..000000000 --- a/external/unbound/libunbound/unbound-event.h +++ /dev/null @@ -1,264 +0,0 @@ -/* - * unbound-event.h - unbound validating resolver public API with events - * - * Copyright (c) 2007, NLnet Labs. All rights reserved. - * - * This software is open source. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * Redistributions of source code must retain the above copyright notice, - * this list of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, - * this list of conditions and the following disclaimer in the documentation - * and/or other materials provided with the distribution. - * - * Neither the name of the NLNET LABS nor the names of its contributors may - * be used to endorse or promote products derived from this software without - * specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR - * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT - * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED - * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR - * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF - * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING - * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -/** - * \file - * - * This file contains the unbound interface for use with user defined - * pluggable event bases. - * - * Use ub_ctx_create_event_ub_base() to create an unbound context that uses - * the user provided event base API. Then, use the ub_resolve_event call - * to add DNS resolve queries to the context. Those then run whith the - * provided event_base, and when they are done you get a function callback. - * - * This method does not fork another process or create a thread, the effort - * is done by the unbound state machines that are connected to the event base. - * - * It is also possible to provide a libevent based event base by using - * ub_ctx_create_event_base(). But you have to use the same libevent that - * unbound was compiled with, otherwise it wouldn't work, the event and - * event_base structures would be different. - */ -#ifndef _UB_UNBOUND_EVENT_H -#define _UB_UNBOUND_EVENT_H - -#ifdef __cplusplus -extern "C" { -#endif - -struct ub_ctx; -struct ub_result; -struct event_base; - -/** event timeout */ -#define UB_EV_TIMEOUT 0x01 -/** event fd readable */ -#define UB_EV_READ 0x02 -/** event fd writable */ -#define UB_EV_WRITE 0x04 -/** event signal */ -#define UB_EV_SIGNAL 0x08 -/** event must persist */ -#define UB_EV_PERSIST 0x10 - -/** magic number to identify this version of the pluggable event api */ -#define UB_EVENT_MAGIC 0x44d74d78 - -struct ub_event; -struct ub_event_base; -struct timeval; - -/** - * The Virtual Method Table for and ub_event_base "object" - */ -struct ub_event_base_vmt { - /** Destructor for the ub_event_base object, - * (not called by libunbound) */ - void (*free)(struct ub_event_base*); - /** Run the event loop - * (not called by libunbound when using ub_resolve_event) */ - int (*dispatch)(struct ub_event_base*); - /** Exit the given event loop */ - int (*loopexit)(struct ub_event_base*, struct timeval*); - /** Instantiate a new ub_event associated with this event base */ - struct ub_event* (*new_event)(struct ub_event_base*, - int fd, short bits, void (*cb)(int, short, void*), void* arg); - /** Instantiate a new signal associated with this event base, - * (not called by libunbound) */ - struct ub_event* (*new_signal)(struct ub_event_base*, int fd, - void (*cb)(int, short, void*), void* arg); - /** Create a new ub_event associated with the given wsaevent, - * (not called by libunbound) */ - struct ub_event* (*winsock_register_wsaevent)(struct ub_event_base*, - void* wsaevent, void (*cb)(int, short, void*), void* arg); -}; - -/** - * A user defined pluggable event base is registered by providing a - * ub_event_base "object" with the ub_ctx_create_ub_event() function. - * The magic number must be correct and the Virtual Method Table must be - * fully equipped providing the event base API to be used by libunbound. - */ -struct ub_event_base { - /** magic must be UB_EVENT_MAGIC (0x44d74d78) */ - unsigned long magic; - /** Virtual Method Table for ub_event_base */ - struct ub_event_base_vmt* vmt; -}; - -/** - * The Virtual Method Table for and ub_event "object" - */ -struct ub_event_vmt { - /** Add event bits for this event to fire on. - * The event will be deactivated before this function is called. */ - void (*add_bits)(struct ub_event*, short); - /** Configure the event so it will not longer fire on given bits - * The event will be deactivated before this function is called. */ - void (*del_bits)(struct ub_event*, short); - /** Change or set the file descriptor on the event - * The event will be deactivated before this function is called. */ - void (*set_fd)(struct ub_event*, int); - /** Destructor for the ub_event object */ - void (*free)(struct ub_event*); - /** Activate the event. The given timeval is an timeout value. */ - int (*add)(struct ub_event*, struct timeval*); - /** Deactivate the event */ - int (*del)(struct ub_event*); - /** Reconfigure and activate a timeout event */ - int (*add_timer)(struct ub_event*, struct ub_event_base*, - void (*cb)(int, short, void*), void* arg, struct timeval*); - /** Deactivate the timeout event */ - int (*del_timer)(struct ub_event*); - /** Activate a signal event (not called by libunbound). */ - int (*add_signal)(struct ub_event*, struct timeval*); - /** Deactivate a signal event (not called by libunbound). */ - int (*del_signal)(struct ub_event*); - /** Destructor for a ub_event associated with a wsaevent, - * (not called by libunbound) - */ - void (*winsock_unregister_wsaevent)(struct ub_event* ev); - /** Libunbound will signal the eventloop when a TCP windows socket - * will block on next read or write (given by the eventbits), to work - * around edge trigger event behaviour of select on windows with TCP. - */ - void (*winsock_tcp_wouldblock)(struct ub_event*, int eventbit); -}; - -/** - * An "object" comprising a user defined pluggable event. - * The magic number must be correct and the Virtual Method Table must be - * fully equipped providing the ub_event API to be used by libunbound. - */ -struct ub_event { - /** magic must be UB_EVENT_MAGIC (0x44d74d78) */ - unsigned long magic; - /** Virtual Method Table for ub_event */ - struct ub_event_vmt* vmt; -}; - -typedef void (*ub_event_callback_type)(void*, int, void*, int, int, char*); - -/** - * Create a resolving and validation context. - * The information from /etc/resolv.conf and /etc/hosts is not utilised by - * default. Use ub_ctx_resolvconf and ub_ctx_hosts to read them. - * @param base: the pluggable event base that the caller has created. - * The unbound context uses this event base. - * @return a new context. default initialisation. - * returns NULL on error. - * You must use ub_resolve_event with this context. - * Do not call ub_ctx_async, ub_poll, ub_wait, ub_process, this is all done - * with the event_base. Setup the options you like with the other functions. - */ -struct ub_ctx* ub_ctx_create_ub_event(struct ub_event_base* base); - -/** - * Create a resolving and validation context. - * The information from /etc/resolv.conf and /etc/hosts is not utilised by - * default. Use ub_ctx_resolvconf and ub_ctx_hosts to read them. - * You have to use the same libevent that unbound was compiled with, - * otherwise it wouldn't work, the event and event_base structures would - * be different. - * @param base: the event base that the caller has created. The unbound - * context uses this event base. - * @return a new context. default initialisation. - * returns NULL on error. - * You must use ub_resolve_event with this context. - * Do not call ub_ctx_async, ub_poll, ub_wait, ub_process, this is all done - * with the event_base. Setup the options you like with the other functions. - */ -struct ub_ctx* ub_ctx_create_event(struct event_base* base); - -/** - * Set a new libevent event_base on a context created with ub_ctx_create_event. - * You have to use the same libevent that unbound was compiled with, - * otherwise it wouldn't work, the event and event_base structures would - * be different. - * Any outbound queries will be canceled. - * @param ctx the ub_ctx to update. Must have been created with ub_ctx_create_event - * @param base the new event_base to attach to the ctx - * @return 0 if OK, else error - */ -int ub_ctx_set_event(struct ub_ctx* ctx, struct event_base* base); - -/** - * Perform resolution and validation of the target name. - * Asynchronous, after a while, the callback will be called with your - * data and the result. Uses the event_base user installed by creating the - * context with ub_ctx_create_event(). - * @param ctx: context with event_base in it. - * The context is finalized, and can no longer accept all config changes. - * @param name: domain name in text format (a string). - * @param rrtype: type of RR in host order, 1 is A. - * @param rrclass: class of RR in host order, 1 is IN (for internet). - * @param mydata: this data is your own data (you can pass NULL), - * and is passed on to the callback function. - * @param callback: this is called on completion of the resolution. - * It is called as: - * void callback(void* mydata, int rcode, void* packet, int packet_len, - * int sec, char* why_bogus) - * with mydata: the same as passed here, you may pass NULL, - * with rcode: 0 on no error, nonzero for mostly SERVFAIL situations, - * this is a DNS rcode. - * with packet: a buffer with DNS wireformat packet with the answer. - * do not inspect if rcode != 0. - * do not write or free the packet buffer, it is used internally - * in unbound (for other callbacks that want the same data). - * with packet_len: length in bytes of the packet buffer. - * with sec: 0 if insecure, 1 if bogus, 2 if DNSSEC secure. - * with why_bogus: text string explaining why it is bogus (or NULL). - * These point to buffers inside unbound; do not deallocate the packet or - * error string. - * - * If an error happens during processing, your callback will be called - * with error set to a nonzero value (and result==NULL). - * For localdata (etc/hosts) the callback is called immediately, before - * resolve_event returns, async_id=0 is returned. - * @param async_id: if you pass a non-NULL value, an identifier number is - * returned for the query as it is in progress. It can be used to - * cancel the query. - * @return 0 if OK, else error. - */ -int ub_resolve_event(struct ub_ctx* ctx, const char* name, int rrtype, - int rrclass, void* mydata, ub_event_callback_type callback, - int* async_id); - -#ifdef __cplusplus -} -#endif - -#endif /* _UB_UNBOUND_H */ diff --git a/external/unbound/libunbound/unbound.h b/external/unbound/libunbound/unbound.h deleted file mode 100644 index fc744be4c..000000000 --- a/external/unbound/libunbound/unbound.h +++ /dev/null @@ -1,608 +0,0 @@ -/* - * unbound.h - unbound validating resolver public API - * - * Copyright (c) 2007, NLnet Labs. All rights reserved. - * - * This software is open source. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * Redistributions of source code must retain the above copyright notice, - * this list of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, - * this list of conditions and the following disclaimer in the documentation - * and/or other materials provided with the distribution. - * - * Neither the name of the NLNET LABS nor the names of its contributors may - * be used to endorse or promote products derived from this software without - * specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR - * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT - * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED - * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR - * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF - * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING - * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -/** - * \file - * - * This file contains functions to resolve DNS queries and - * validate the answers. Synchonously and asynchronously. - * - * Several ways to use this interface from an application wishing - * to perform (validated) DNS lookups. - * - * All start with - * ctx = ub_ctx_create(); - * err = ub_ctx_add_ta(ctx, "..."); - * err = ub_ctx_add_ta(ctx, "..."); - * ... some lookups - * ... call ub_ctx_delete(ctx); when you want to stop. - * - * Application not threaded. Blocking. - * int err = ub_resolve(ctx, "www.example.com", ... - * if(err) fprintf(stderr, "lookup error: %s\n", ub_strerror(err)); - * ... use the answer - * - * Application not threaded. Non-blocking ('asynchronous'). - * err = ub_resolve_async(ctx, "www.example.com", ... my_callback); - * ... application resumes processing ... - * ... and when either ub_poll(ctx) is true - * ... or when the file descriptor ub_fd(ctx) is readable, - * ... or whenever, the app calls ... - * ub_process(ctx); - * ... if no result is ready, the app resumes processing above, - * ... or process() calls my_callback() with results. - * - * ... if the application has nothing more to do, wait for answer - * ub_wait(ctx); - * - * Application threaded. Blocking. - * Blocking, same as above. The current thread does the work. - * Multiple threads can use the *same context*, each does work and uses - * shared cache data from the context. - * - * Application threaded. Non-blocking ('asynchronous'). - * ... setup threaded-asynchronous config option - * err = ub_ctx_async(ctx, 1); - * ... same as async for non-threaded - * ... the callbacks are called in the thread that calls process(ctx) - * - * Openssl needs to have locking in place, and the application must set - * it up, because a mere library cannot do this, use the calls - * CRYPTO_set_id_callback and CRYPTO_set_locking_callback. - * - * If no threading is compiled in, the above async example uses fork(2) to - * create a process to perform the work. The forked process exits when the - * calling process exits, or ctx_delete() is called. - * Otherwise, for asynchronous with threading, a worker thread is created. - * - * The blocking calls use shared ctx-cache when threaded. Thus - * ub_resolve() and ub_resolve_async() && ub_wait() are - * not the same. The first makes the current thread do the work, setting - * up buffers, etc, to perform the work (but using shared cache data). - * The second calls another worker thread (or process) to perform the work. - * And no buffers need to be set up, but a context-switch happens. - */ -#ifndef _UB_UNBOUND_H -#define _UB_UNBOUND_H - -#ifdef __cplusplus -extern "C" { -#endif - -/** the version of this header file */ -#define UNBOUND_VERSION_MAJOR 1 -#define UNBOUND_VERSION_MINOR 6 -#define UNBOUND_VERSION_MICRO 3 - -/** - * The validation context is created to hold the resolver status, - * validation keys and a small cache (containing messages, rrsets, - * roundtrip times, trusted keys, lameness information). - * - * Its contents are internally defined. - */ -struct ub_ctx; - -/** - * The validation and resolution results. - * Allocated by the resolver, and need to be freed by the application - * with ub_resolve_free(). - */ -struct ub_result { - /** The original question, name text string. */ - char* qname; - /** the type asked for */ - int qtype; - /** the class asked for */ - int qclass; - - /** - * a list of network order DNS rdata items, terminated with a - * NULL pointer, so that data[0] is the first result entry, - * data[1] the second, and the last entry is NULL. - * If there was no data, data[0] is NULL. - */ - char** data; - - /** the length in bytes of the data items, len[i] for data[i] */ - int* len; - - /** - * canonical name for the result (the final cname). - * zero terminated string. - * May be NULL if no canonical name exists. - */ - char* canonname; - - /** - * DNS RCODE for the result. May contain additional error code if - * there was no data due to an error. 0 (NOERROR) if okay. - */ - int rcode; - - /** - * The DNS answer packet. Network formatted. Can contain DNSSEC types. - */ - void* answer_packet; - /** length of the answer packet in octets. */ - int answer_len; - - /** - * If there is any data, this is true. - * If false, there was no data (nxdomain may be true, rcode can be set). - */ - int havedata; - - /** - * If there was no data, and the domain did not exist, this is true. - * If it is false, and there was no data, then the domain name - * is purported to exist, but the requested data type is not available. - */ - int nxdomain; - - /** - * True, if the result is validated securely. - * False, if validation failed or domain queried has no security info. - * - * It is possible to get a result with no data (havedata is false), - * and secure is true. This means that the non-existance of the data - * was cryptographically proven (with signatures). - */ - int secure; - - /** - * If the result was not secure (secure==0), and this result is due - * to a security failure, bogus is true. - * This means the data has been actively tampered with, signatures - * failed, expected signatures were not present, timestamps on - * signatures were out of date and so on. - * - * If !secure and !bogus, this can happen if the data is not secure - * because security is disabled for that domain name. - * This means the data is from a domain where data is not signed. - */ - int bogus; - - /** - * If the result is bogus this contains a string (zero terminated) - * that describes the failure. There may be other errors as well - * as the one described, the description may not be perfectly accurate. - * Is NULL if the result is not bogus. - */ - char* why_bogus; - - /** - * TTL for the result, in seconds. If the security is bogus, then - * you also cannot trust this value. - */ - int ttl; -}; - -/** - * Callback for results of async queries. - * The readable function definition looks like: - * void my_callback(void* my_arg, int err, struct ub_result* result); - * It is called with - * void* my_arg: your pointer to a (struct of) data of your choice, - * or NULL. - * int err: if 0 all is OK, otherwise an error occured and no results - * are forthcoming. - * struct result: pointer to more detailed result structure. - * This structure is allocated on the heap and needs to be - * freed with ub_resolve_free(result); - */ -typedef void (*ub_callback_type)(void*, int, struct ub_result*); - -/** - * Create a resolving and validation context. - * The information from /etc/resolv.conf and /etc/hosts is not utilised by - * default. Use ub_ctx_resolvconf and ub_ctx_hosts to read them. - * @return a new context. default initialisation. - * returns NULL on error. - */ -struct ub_ctx* ub_ctx_create(void); - -/** - * Destroy a validation context and free all its resources. - * Outstanding async queries are killed and callbacks are not called for them. - * @param ctx: context to delete. - */ -void ub_ctx_delete(struct ub_ctx* ctx); - -/** - * Set an option for the context. - * @param ctx: context. - * @param opt: option name from the unbound.conf config file format. - * (not all settings applicable). The name includes the trailing ':' - * for example ub_ctx_set_option(ctx, "logfile:", "mylog.txt"); - * This is a power-users interface that lets you specify all sorts - * of options. - * For some specific options, such as adding trust anchors, special - * routines exist. - * @param val: value of the option. - * @return: 0 if OK, else error. - */ -int ub_ctx_set_option(struct ub_ctx* ctx, const char* opt, const char* val); - -/** - * Get an option from the context. - * @param ctx: context. - * @param opt: option name from the unbound.conf config file format. - * (not all settings applicable). The name excludes the trailing ':' - * for example ub_ctx_get_option(ctx, "logfile", &result); - * This is a power-users interface that lets you specify all sorts - * of options. - * @param str: the string is malloced and returned here. NULL on error. - * The caller must free() the string. In cases with multiple - * entries (auto-trust-anchor-file), a newline delimited list is - * returned in the string. - * @return 0 if OK else an error code (malloc failure, syntax error). - */ -int ub_ctx_get_option(struct ub_ctx* ctx, const char* opt, char** str); - -/** - * setup configuration for the given context. - * @param ctx: context. - * @param fname: unbound config file (not all settings applicable). - * This is a power-users interface that lets you specify all sorts - * of options. - * For some specific options, such as adding trust anchors, special - * routines exist. - * @return: 0 if OK, else error. - */ -int ub_ctx_config(struct ub_ctx* ctx, const char* fname); - -/** - * Set machine to forward DNS queries to, the caching resolver to use. - * IP4 or IP6 address. Forwards all DNS requests to that machine, which - * is expected to run a recursive resolver. If the proxy is not - * DNSSEC-capable, validation may fail. Can be called several times, in - * that case the addresses are used as backup servers. - * - * To read the list of nameservers from /etc/resolv.conf (from DHCP or so), - * use the call ub_ctx_resolvconf. - * - * @param ctx: context. - * At this time it is only possible to set configuration before the - * first resolve is done. - * @param addr: address, IP4 or IP6 in string format. - * If the addr is NULL, forwarding is disabled. - * @return 0 if OK, else error. - */ -int ub_ctx_set_fwd(struct ub_ctx* ctx, const char* addr); - -/** - * Add a stub zone, with given address to send to. This is for custom - * root hints or pointing to a local authoritative dns server. - * For dns resolvers and the 'DHCP DNS' ip address, use ub_ctx_set_fwd. - * This is similar to a stub-zone entry in unbound.conf. - * - * @param ctx: context. - * It is only possible to set configuration before the - * first resolve is done. - * @param zone: name of the zone, string. - * @param addr: address, IP4 or IP6 in string format. - * The addr is added to the list of stub-addresses if the entry exists. - * If the addr is NULL the stub entry is removed. - * @param isprime: set to true to set stub-prime to yes for the stub. - * For local authoritative servers, people usually set it to false, - * For root hints it should be set to true. - * @return 0 if OK, else error. - */ -int ub_ctx_set_stub(struct ub_ctx* ctx, const char* zone, const char* addr, - int isprime); - -/** - * Read list of nameservers to use from the filename given. - * Usually "/etc/resolv.conf". Uses those nameservers as caching proxies. - * If they do not support DNSSEC, validation may fail. - * - * Only nameservers are picked up, the searchdomain, ndots and other - * settings from resolv.conf(5) are ignored. - * - * @param ctx: context. - * At this time it is only possible to set configuration before the - * first resolve is done. - * @param fname: file name string. If NULL "/etc/resolv.conf" is used. - * @return 0 if OK, else error. - */ -int ub_ctx_resolvconf(struct ub_ctx* ctx, const char* fname); - -/** - * Read list of hosts from the filename given. - * Usually "/etc/hosts". - * These addresses are not flagged as DNSSEC secure when queried for. - * - * @param ctx: context. - * At this time it is only possible to set configuration before the - * first resolve is done. - * @param fname: file name string. If NULL "/etc/hosts" is used. - * @return 0 if OK, else error. - */ -int ub_ctx_hosts(struct ub_ctx* ctx, const char* fname); - -/** - * Add a trust anchor to the given context. - * The trust anchor is a string, on one line, that holds a valid DNSKEY or - * DS RR. - * @param ctx: context. - * At this time it is only possible to add trusted keys before the - * first resolve is done. - * @param ta: string, with zone-format RR on one line. - * [domainname] [TTL optional] [type] [class optional] [rdata contents] - * @return 0 if OK, else error. - */ -int ub_ctx_add_ta(struct ub_ctx* ctx, const char* ta); - -/** - * Add trust anchors to the given context. - * Pass name of a file with DS and DNSKEY records (like from dig or drill). - * @param ctx: context. - * At this time it is only possible to add trusted keys before the - * first resolve is done. - * @param fname: filename of file with keyfile with trust anchors. - * @return 0 if OK, else error. - */ -int ub_ctx_add_ta_file(struct ub_ctx* ctx, const char* fname); - -/** - * Add trust anchor to the given context that is tracked with RFC5011 - * automated trust anchor maintenance. The file is written to when the - * trust anchor is changed. - * Pass the name of a file that was output from eg. unbound-anchor, - * or you can start it by providing a trusted DNSKEY or DS record on one - * line in the file. - * @param ctx: context. - * At this time it is only possible to add trusted keys before the - * first resolve is done. - * @param fname: filename of file with trust anchor. - * @return 0 if OK, else error. - */ -int ub_ctx_add_ta_autr(struct ub_ctx* ctx, const char* fname); - -/** - * Add trust anchors to the given context. - * Pass the name of a bind-style config file with trusted-keys{}. - * @param ctx: context. - * At this time it is only possible to add trusted keys before the - * first resolve is done. - * @param fname: filename of file with bind-style config entries with trust - * anchors. - * @return 0 if OK, else error. - */ -int ub_ctx_trustedkeys(struct ub_ctx* ctx, const char* fname); - -/** - * Set debug output (and error output) to the specified stream. - * Pass NULL to disable. Default is stderr. - * @param ctx: context. - * @param out: FILE* out file stream to log to. - * Type void* to avoid stdio dependency of this header file. - * @return 0 if OK, else error. - */ -int ub_ctx_debugout(struct ub_ctx* ctx, void* out); - -/** - * Set debug verbosity for the context - * Output is directed to stderr. - * @param ctx: context. - * @param d: debug level, 0 is off, 1 is very minimal, 2 is detailed, - * and 3 is lots. - * @return 0 if OK, else error. - */ -int ub_ctx_debuglevel(struct ub_ctx* ctx, int d); - -/** - * Set a context behaviour for asynchronous action. - * @param ctx: context. - * @param dothread: if true, enables threading and a call to resolve_async() - * creates a thread to handle work in the background. - * If false, a process is forked to handle work in the background. - * Changes to this setting after async() calls have been made have - * no effect (delete and re-create the context to change). - * @return 0 if OK, else error. - */ -int ub_ctx_async(struct ub_ctx* ctx, int dothread); - -/** - * Poll a context to see if it has any new results - * Do not poll in a loop, instead extract the fd below to poll for readiness, - * and then check, or wait using the wait routine. - * @param ctx: context. - * @return: 0 if nothing to read, or nonzero if a result is available. - * If nonzero, call ctx_process() to do callbacks. - */ -int ub_poll(struct ub_ctx* ctx); - -/** - * Wait for a context to finish with results. Calls ub_process() after - * the wait for you. After the wait, there are no more outstanding - * asynchronous queries. - * @param ctx: context. - * @return: 0 if OK, else error. - */ -int ub_wait(struct ub_ctx* ctx); - -/** - * Get file descriptor. Wait for it to become readable, at this point - * answers are returned from the asynchronous validating resolver. - * Then call the ub_process to continue processing. - * This routine works immediately after context creation, the fd - * does not change. - * @param ctx: context. - * @return: -1 on error, or file descriptor to use select(2) with. - */ -int ub_fd(struct ub_ctx* ctx); - -/** - * Call this routine to continue processing results from the validating - * resolver (when the fd becomes readable). - * Will perform necessary callbacks. - * @param ctx: context - * @return: 0 if OK, else error. - */ -int ub_process(struct ub_ctx* ctx); - -/** - * Perform resolution and validation of the target name. - * @param ctx: context. - * The context is finalized, and can no longer accept config changes. - * @param name: domain name in text format (a zero terminated text string). - * @param rrtype: type of RR in host order, 1 is A (address). - * @param rrclass: class of RR in host order, 1 is IN (for internet). - * @param result: the result data is returned in a newly allocated result - * structure. May be NULL on return, return value is set to an error - * in that case (out of memory). - * @return 0 if OK, else error. - */ -int ub_resolve(struct ub_ctx* ctx, const char* name, int rrtype, - int rrclass, struct ub_result** result); - -/** - * Perform resolution and validation of the target name. - * Asynchronous, after a while, the callback will be called with your - * data and the result. - * @param ctx: context. - * If no thread or process has been created yet to perform the - * work in the background, it is created now. - * The context is finalized, and can no longer accept config changes. - * @param name: domain name in text format (a string). - * @param rrtype: type of RR in host order, 1 is A. - * @param rrclass: class of RR in host order, 1 is IN (for internet). - * @param mydata: this data is your own data (you can pass NULL), - * and is passed on to the callback function. - * @param callback: this is called on completion of the resolution. - * It is called as: - * void callback(void* mydata, int err, struct ub_result* result) - * with mydata: the same as passed here, you may pass NULL, - * with err: is 0 when a result has been found. - * with result: a newly allocated result structure. - * The result may be NULL, in that case err is set. - * - * If an error happens during processing, your callback will be called - * with error set to a nonzero value (and result==NULL). - * @param async_id: if you pass a non-NULL value, an identifier number is - * returned for the query as it is in progress. It can be used to - * cancel the query. - * @return 0 if OK, else error. - */ -int ub_resolve_async(struct ub_ctx* ctx, const char* name, int rrtype, - int rrclass, void* mydata, ub_callback_type callback, int* async_id); - -/** - * Cancel an async query in progress. - * Its callback will not be called. - * - * @param ctx: context. - * @param async_id: which query to cancel. - * @return 0 if OK, else error. - * This routine can return an error if the async_id passed does not exist - * or has already been delivered. If another thread is processing results - * at the same time, the result may be delivered at the same time and the - * cancel fails with an error. Also the cancel can fail due to a system - * error, no memory or socket failures. - */ -int ub_cancel(struct ub_ctx* ctx, int async_id); - -/** - * Free storage associated with a result structure. - * @param result: to free - */ -void ub_resolve_free(struct ub_result* result); - -/** - * Convert error value to a human readable string. - * @param err: error code from one of the libunbound functions. - * @return pointer to constant text string, zero terminated. - */ -const char* ub_strerror(int err); - -/** - * Debug routine. Print the local zone information to debug output. - * @param ctx: context. Is finalized by the routine. - * @return 0 if OK, else error. - */ -int ub_ctx_print_local_zones(struct ub_ctx* ctx); - -/** - * Add a new zone with the zonetype to the local authority info of the - * library. - * @param ctx: context. Is finalized by the routine. - * @param zone_name: name of the zone in text, "example.com" - * If it already exists, the type is updated. - * @param zone_type: type of the zone (like for unbound.conf) in text. - * @return 0 if OK, else error. - */ -int ub_ctx_zone_add(struct ub_ctx* ctx, const char *zone_name, - const char *zone_type); - -/** - * Remove zone from local authority info of the library. - * @param ctx: context. Is finalized by the routine. - * @param zone_name: name of the zone in text, "example.com" - * If it does not exist, nothing happens. - * @return 0 if OK, else error. - */ -int ub_ctx_zone_remove(struct ub_ctx* ctx, const char *zone_name); - -/** - * Add localdata to the library local authority info. - * Similar to local-data config statement. - * @param ctx: context. Is finalized by the routine. - * @param data: the resource record in text format, for example - * "www.example.com IN A 127.0.0.1" - * @return 0 if OK, else error. - */ -int ub_ctx_data_add(struct ub_ctx* ctx, const char *data); - -/** - * Remove localdata from the library local authority info. - * @param ctx: context. Is finalized by the routine. - * @param data: the name to delete all data from, like "www.example.com". - * @return 0 if OK, else error. - */ -int ub_ctx_data_remove(struct ub_ctx* ctx, const char *data); - -/** - * Get a version string from the libunbound implementation. - * @return a static constant string with the version number. - */ -const char* ub_version(void); - -#ifdef __cplusplus -} -#endif - -#endif /* _UB_UNBOUND_H */ diff --git a/external/unbound/libunbound/worker.h b/external/unbound/libunbound/worker.h deleted file mode 100644 index 88e1cf799..000000000 --- a/external/unbound/libunbound/worker.h +++ /dev/null @@ -1,175 +0,0 @@ -/* - * libunbound/worker.h - prototypes for worker methods. - * - * Copyright (c) 2007, NLnet Labs. All rights reserved. - * - * This software is open source. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * Redistributions of source code must retain the above copyright notice, - * this list of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, - * this list of conditions and the following disclaimer in the documentation - * and/or other materials provided with the distribution. - * - * Neither the name of the NLNET LABS nor the names of its contributors may - * be used to endorse or promote products derived from this software without - * specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED - * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE - * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR - * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - * POSSIBILITY OF SUCH DAMAGE. - */ - -/** - * \file - * - * This file declares the methods any worker has to implement. - */ - -#ifndef LIBUNBOUND_WORKER_H -#define LIBUNBOUND_WORKER_H - -#include "sldns/sbuffer.h" -#include "util/data/packed_rrset.h" /* for enum sec_status */ -struct comm_reply; -struct comm_point; -struct module_qstate; -struct tube; -struct edns_option; -struct query_info; - -/** - * Worker service routine to send serviced queries to authoritative servers. - * @param qinfo: query info. - * @param flags: host order flags word, with opcode and CD bit. - * @param dnssec: if set, EDNS record will have DO bit set. - * @param want_dnssec: signatures needed. - * @param nocaps: ignore capsforid(if in config), do not perturb qname. - * @param addr: where to. - * @param addrlen: length of addr. - * @param zone: delegation point name. - * @param zonelen: length of zone name wireformat dname. - * @param ssl_upstream: use SSL for upstream queries. - * @param q: wich query state to reactivate upon return. - * @return: false on failure (memory or socket related). no query was - * sent. - */ -struct outbound_entry* libworker_send_query(struct query_info* qinfo, - uint16_t flags, int dnssec, int want_dnssec, int nocaps, - struct sockaddr_storage* addr, socklen_t addrlen, uint8_t* zone, - size_t zonelen, int ssl_upstream, struct module_qstate* q); - -/** process incoming replies from the network */ -int libworker_handle_reply(struct comm_point* c, void* arg, int error, - struct comm_reply* reply_info); - -/** process incoming serviced query replies from the network */ -int libworker_handle_service_reply(struct comm_point* c, void* arg, int error, - struct comm_reply* reply_info); - -/** handle control command coming into server */ -void libworker_handle_control_cmd(struct tube* tube, uint8_t* msg, size_t len, - int err, void* arg); - -/** mesh callback with fg results */ -void libworker_fg_done_cb(void* arg, int rcode, sldns_buffer* buf, - enum sec_status s, char* why_bogus); - -/** mesh callback with bg results */ -void libworker_bg_done_cb(void* arg, int rcode, sldns_buffer* buf, - enum sec_status s, char* why_bogus); - -/** mesh callback with event results */ -void libworker_event_done_cb(void* arg, int rcode, struct sldns_buffer* buf, - enum sec_status s, char* why_bogus); - -/** - * Worker signal handler function. User argument is the worker itself. - * @param sig: signal number. - * @param arg: the worker (main worker) that handles signals. - */ -void worker_sighandler(int sig, void* arg); - -/** - * Worker service routine to send serviced queries to authoritative servers. - * @param qinfo: query info. - * @param flags: host order flags word, with opcode and CD bit. - * @param dnssec: if set, EDNS record will have DO bit set. - * @param want_dnssec: signatures needed. - * @param nocaps: ignore capsforid(if in config), do not perturb qname. - * @param addr: where to. - * @param addrlen: length of addr. - * @param zone: wireformat dname of the zone. - * @param zonelen: length of zone name. - * @param ssl_upstream: use SSL for upstream queries. - * @param q: wich query state to reactivate upon return. - * @return: false on failure (memory or socket related). no query was - * sent. - */ -struct outbound_entry* worker_send_query(struct query_info* qinfo, - uint16_t flags, int dnssec, int want_dnssec, int nocaps, - struct sockaddr_storage* addr, socklen_t addrlen, uint8_t* zone, - size_t zonelen, int ssl_upstream, struct module_qstate* q); - -/** - * process control messages from the main thread. Frees the control - * command message. - * @param tube: tube control message came on. - * @param msg: message contents. Is freed. - * @param len: length of message. - * @param error: if error (NETEVENT_*) happened. - * @param arg: user argument - */ -void worker_handle_control_cmd(struct tube* tube, uint8_t* msg, size_t len, - int error, void* arg); - -/** handles callbacks from listening event interface */ -int worker_handle_request(struct comm_point* c, void* arg, int error, - struct comm_reply* repinfo); - -/** process incoming replies from the network */ -int worker_handle_reply(struct comm_point* c, void* arg, int error, - struct comm_reply* reply_info); - -/** process incoming serviced query replies from the network */ -int worker_handle_service_reply(struct comm_point* c, void* arg, int error, - struct comm_reply* reply_info); - -/** cleanup the cache to remove all rrset IDs from it, arg is worker */ -void worker_alloc_cleanup(void* arg); - -/** statistics timer callback handler */ -void worker_stat_timer_cb(void* arg); - -/** probe timer callback handler */ -void worker_probe_timer_cb(void* arg); - -/** start accept callback handler */ -void worker_start_accept(void* arg); - -/** stop accept callback handler */ -void worker_stop_accept(void* arg); - -/** handle remote control accept callbacks */ -int remote_accept_callback(struct comm_point*, void*, int, struct comm_reply*); - -/** handle remote control data callbacks */ -int remote_control_callback(struct comm_point*, void*, int, struct comm_reply*); - -/** routine to printout option values over SSL */ -void remote_get_opt_ssl(char* line, void* arg); - -#endif /* LIBUNBOUND_WORKER_H */ diff --git a/external/unbound/ltmain.sh b/external/unbound/ltmain.sh deleted file mode 100644 index 0f0a2da3f..000000000 --- a/external/unbound/ltmain.sh +++ /dev/null @@ -1,11147 +0,0 @@ -#! /bin/sh -## DO NOT EDIT - This file generated from ./build-aux/ltmain.in -## by inline-source v2014-01-03.01 - -# libtool (GNU libtool) 2.4.6 -# Provide generalized library-building support services. -# Written by Gordon Matzigkeit , 1996 - -# Copyright (C) 1996-2015 Free Software Foundation, Inc. -# This is free software; see the source for copying conditions. There is NO -# warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. - -# GNU Libtool is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; either version 2 of the License, or -# (at your option) any later version. -# -# As a special exception to the GNU General Public License, -# if you distribute this file as part of a program or library that -# is built using GNU Libtool, you may include this file under the -# same distribution terms that you use for the rest of that program. -# -# GNU Libtool is distributed in the hope that it will be useful, but -# WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -# General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - - -PROGRAM=libtool -PACKAGE=libtool -VERSION=2.4.6 -package_revision=2.4.6 - - -## ------ ## -## Usage. ## -## ------ ## - -# Run './libtool --help' for help with using this script from the -# command line. - - -## ------------------------------- ## -## User overridable command paths. ## -## ------------------------------- ## - -# After configure completes, it has a better idea of some of the -# shell tools we need than the defaults used by the functions shared -# with bootstrap, so set those here where they can still be over- -# ridden by the user, but otherwise take precedence. - -: ${AUTOCONF="autoconf"} -: ${AUTOMAKE="automake"} - - -## -------------------------- ## -## Source external libraries. ## -## -------------------------- ## - -# Much of our low-level functionality needs to be sourced from external -# libraries, which are installed to $pkgauxdir. - -# Set a version string for this script. -scriptversion=2015-01-20.17; # UTC - -# General shell script boiler plate, and helper functions. -# Written by Gary V. Vaughan, 2004 - -# Copyright (C) 2004-2015 Free Software Foundation, Inc. -# This is free software; see the source for copying conditions. There is NO -# warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. - -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; either version 3 of the License, or -# (at your option) any later version. - -# As a special exception to the GNU General Public License, if you distribute -# this file as part of a program or library that is built using GNU Libtool, -# you may include this file under the same distribution terms that you use -# for the rest of that program. - -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNES FOR A PARTICULAR PURPOSE. See the GNU -# General Public License for more details. - -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -# Please report bugs or propose patches to gary@gnu.org. - - -## ------ ## -## Usage. ## -## ------ ## - -# Evaluate this file near the top of your script to gain access to -# the functions and variables defined here: -# -# . `echo "$0" | ${SED-sed} 's|[^/]*$||'`/build-aux/funclib.sh -# -# If you need to override any of the default environment variable -# settings, do that before evaluating this file. - - -## -------------------- ## -## Shell normalisation. ## -## -------------------- ## - -# Some shells need a little help to be as Bourne compatible as possible. -# Before doing anything else, make sure all that help has been provided! - -DUALCASE=1; export DUALCASE # for MKS sh -if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then : - emulate sh - NULLCMD=: - # Pre-4.2 versions of Zsh do word splitting on ${1+"$@"}, which - # is contrary to our usage. Disable this feature. - alias -g '${1+"$@"}'='"$@"' - setopt NO_GLOB_SUBST -else - case `(set -o) 2>/dev/null` in *posix*) set -o posix ;; esac -fi - -# NLS nuisances: We save the old values in case they are required later. -_G_user_locale= -_G_safe_locale= -for _G_var in LANG LANGUAGE LC_ALL LC_CTYPE LC_COLLATE LC_MESSAGES -do - eval "if test set = \"\${$_G_var+set}\"; then - save_$_G_var=\$$_G_var - $_G_var=C - export $_G_var - _G_user_locale=\"$_G_var=\\\$save_\$_G_var; \$_G_user_locale\" - _G_safe_locale=\"$_G_var=C; \$_G_safe_locale\" - fi" -done - -# CDPATH. -(unset CDPATH) >/dev/null 2>&1 && unset CDPATH - -# Make sure IFS has a sensible default -sp=' ' -nl=' -' -IFS="$sp $nl" - -# There are apparently some retarded systems that use ';' as a PATH separator! -if test "${PATH_SEPARATOR+set}" != set; then - PATH_SEPARATOR=: - (PATH='/bin;/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 && { - (PATH='/bin:/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 || - PATH_SEPARATOR=';' - } -fi - - - -## ------------------------- ## -## Locate command utilities. ## -## ------------------------- ## - - -# func_executable_p FILE -# ---------------------- -# Check that FILE is an executable regular file. -func_executable_p () -{ - test -f "$1" && test -x "$1" -} - - -# func_path_progs PROGS_LIST CHECK_FUNC [PATH] -# -------------------------------------------- -# Search for either a program that responds to --version with output -# containing "GNU", or else returned by CHECK_FUNC otherwise, by -# trying all the directories in PATH with each of the elements of -# PROGS_LIST. -# -# CHECK_FUNC should accept the path to a candidate program, and -# set $func_check_prog_result if it truncates its output less than -# $_G_path_prog_max characters. -func_path_progs () -{ - _G_progs_list=$1 - _G_check_func=$2 - _G_PATH=${3-"$PATH"} - - _G_path_prog_max=0 - _G_path_prog_found=false - _G_save_IFS=$IFS; IFS=${PATH_SEPARATOR-:} - for _G_dir in $_G_PATH; do - IFS=$_G_save_IFS - test -z "$_G_dir" && _G_dir=. - for _G_prog_name in $_G_progs_list; do - for _exeext in '' .EXE; do - _G_path_prog=$_G_dir/$_G_prog_name$_exeext - func_executable_p "$_G_path_prog" || continue - case `"$_G_path_prog" --version 2>&1` in - *GNU*) func_path_progs_result=$_G_path_prog _G_path_prog_found=: ;; - *) $_G_check_func $_G_path_prog - func_path_progs_result=$func_check_prog_result - ;; - esac - $_G_path_prog_found && break 3 - done - done - done - IFS=$_G_save_IFS - test -z "$func_path_progs_result" && { - echo "no acceptable sed could be found in \$PATH" >&2 - exit 1 - } -} - - -# We want to be able to use the functions in this file before configure -# has figured out where the best binaries are kept, which means we have -# to search for them ourselves - except when the results are already set -# where we skip the searches. - -# Unless the user overrides by setting SED, search the path for either GNU -# sed, or the sed that truncates its output the least. -test -z "$SED" && { - _G_sed_script=s/aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb/ - for _G_i in 1 2 3 4 5 6 7; do - _G_sed_script=$_G_sed_script$nl$_G_sed_script - done - echo "$_G_sed_script" 2>/dev/null | sed 99q >conftest.sed - _G_sed_script= - - func_check_prog_sed () - { - _G_path_prog=$1 - - _G_count=0 - printf 0123456789 >conftest.in - while : - do - cat conftest.in conftest.in >conftest.tmp - mv conftest.tmp conftest.in - cp conftest.in conftest.nl - echo '' >> conftest.nl - "$_G_path_prog" -f conftest.sed conftest.out 2>/dev/null || break - diff conftest.out conftest.nl >/dev/null 2>&1 || break - _G_count=`expr $_G_count + 1` - if test "$_G_count" -gt "$_G_path_prog_max"; then - # Best one so far, save it but keep looking for a better one - func_check_prog_result=$_G_path_prog - _G_path_prog_max=$_G_count - fi - # 10*(2^10) chars as input seems more than enough - test 10 -lt "$_G_count" && break - done - rm -f conftest.in conftest.tmp conftest.nl conftest.out - } - - func_path_progs "sed gsed" func_check_prog_sed $PATH:/usr/xpg4/bin - rm -f conftest.sed - SED=$func_path_progs_result -} - - -# Unless the user overrides by setting GREP, search the path for either GNU -# grep, or the grep that truncates its output the least. -test -z "$GREP" && { - func_check_prog_grep () - { - _G_path_prog=$1 - - _G_count=0 - _G_path_prog_max=0 - printf 0123456789 >conftest.in - while : - do - cat conftest.in conftest.in >conftest.tmp - mv conftest.tmp conftest.in - cp conftest.in conftest.nl - echo 'GREP' >> conftest.nl - "$_G_path_prog" -e 'GREP$' -e '-(cannot match)-' conftest.out 2>/dev/null || break - diff conftest.out conftest.nl >/dev/null 2>&1 || break - _G_count=`expr $_G_count + 1` - if test "$_G_count" -gt "$_G_path_prog_max"; then - # Best one so far, save it but keep looking for a better one - func_check_prog_result=$_G_path_prog - _G_path_prog_max=$_G_count - fi - # 10*(2^10) chars as input seems more than enough - test 10 -lt "$_G_count" && break - done - rm -f conftest.in conftest.tmp conftest.nl conftest.out - } - - func_path_progs "grep ggrep" func_check_prog_grep $PATH:/usr/xpg4/bin - GREP=$func_path_progs_result -} - - -## ------------------------------- ## -## User overridable command paths. ## -## ------------------------------- ## - -# All uppercase variable names are used for environment variables. These -# variables can be overridden by the user before calling a script that -# uses them if a suitable command of that name is not already available -# in the command search PATH. - -: ${CP="cp -f"} -: ${ECHO="printf %s\n"} -: ${EGREP="$GREP -E"} -: ${FGREP="$GREP -F"} -: ${LN_S="ln -s"} -: ${MAKE="make"} -: ${MKDIR="mkdir"} -: ${MV="mv -f"} -: ${RM="rm -f"} -: ${SHELL="${CONFIG_SHELL-/bin/sh}"} - - -## -------------------- ## -## Useful sed snippets. ## -## -------------------- ## - -sed_dirname='s|/[^/]*$||' -sed_basename='s|^.*/||' - -# Sed substitution that helps us do robust quoting. It backslashifies -# metacharacters that are still active within double-quoted strings. -sed_quote_subst='s|\([`"$\\]\)|\\\1|g' - -# Same as above, but do not quote variable references. -sed_double_quote_subst='s/\(["`\\]\)/\\\1/g' - -# Sed substitution that turns a string into a regex matching for the -# string literally. -sed_make_literal_regex='s|[].[^$\\*\/]|\\&|g' - -# Sed substitution that converts a w32 file name or path -# that contains forward slashes, into one that contains -# (escaped) backslashes. A very naive implementation. -sed_naive_backslashify='s|\\\\*|\\|g;s|/|\\|g;s|\\|\\\\|g' - -# Re-'\' parameter expansions in output of sed_double_quote_subst that -# were '\'-ed in input to the same. If an odd number of '\' preceded a -# '$' in input to sed_double_quote_subst, that '$' was protected from -# expansion. Since each input '\' is now two '\'s, look for any number -# of runs of four '\'s followed by two '\'s and then a '$'. '\' that '$'. -_G_bs='\\' -_G_bs2='\\\\' -_G_bs4='\\\\\\\\' -_G_dollar='\$' -sed_double_backslash="\ - s/$_G_bs4/&\\ -/g - s/^$_G_bs2$_G_dollar/$_G_bs&/ - s/\\([^$_G_bs]\\)$_G_bs2$_G_dollar/\\1$_G_bs2$_G_bs$_G_dollar/g - s/\n//g" - - -## ----------------- ## -## Global variables. ## -## ----------------- ## - -# Except for the global variables explicitly listed below, the following -# functions in the '^func_' namespace, and the '^require_' namespace -# variables initialised in the 'Resource management' section, sourcing -# this file will not pollute your global namespace with anything -# else. There's no portable way to scope variables in Bourne shell -# though, so actually running these functions will sometimes place -# results into a variable named after the function, and often use -# temporary variables in the '^_G_' namespace. If you are careful to -# avoid using those namespaces casually in your sourcing script, things -# should continue to work as you expect. And, of course, you can freely -# overwrite any of the functions or variables defined here before -# calling anything to customize them. - -EXIT_SUCCESS=0 -EXIT_FAILURE=1 -EXIT_MISMATCH=63 # $? = 63 is used to indicate version mismatch to missing. -EXIT_SKIP=77 # $? = 77 is used to indicate a skipped test to automake. - -# Allow overriding, eg assuming that you follow the convention of -# putting '$debug_cmd' at the start of all your functions, you can get -# bash to show function call trace with: -# -# debug_cmd='eval echo "${FUNCNAME[0]} $*" >&2' bash your-script-name -debug_cmd=${debug_cmd-":"} -exit_cmd=: - -# By convention, finish your script with: -# -# exit $exit_status -# -# so that you can set exit_status to non-zero if you want to indicate -# something went wrong during execution without actually bailing out at -# the point of failure. -exit_status=$EXIT_SUCCESS - -# Work around backward compatibility issue on IRIX 6.5. On IRIX 6.4+, sh -# is ksh but when the shell is invoked as "sh" and the current value of -# the _XPG environment variable is not equal to 1 (one), the special -# positional parameter $0, within a function call, is the name of the -# function. -progpath=$0 - -# The name of this program. -progname=`$ECHO "$progpath" |$SED "$sed_basename"` - -# Make sure we have an absolute progpath for reexecution: -case $progpath in - [\\/]*|[A-Za-z]:\\*) ;; - *[\\/]*) - progdir=`$ECHO "$progpath" |$SED "$sed_dirname"` - progdir=`cd "$progdir" && pwd` - progpath=$progdir/$progname - ;; - *) - _G_IFS=$IFS - IFS=${PATH_SEPARATOR-:} - for progdir in $PATH; do - IFS=$_G_IFS - test -x "$progdir/$progname" && break - done - IFS=$_G_IFS - test -n "$progdir" || progdir=`pwd` - progpath=$progdir/$progname - ;; -esac - - -## ----------------- ## -## Standard options. ## -## ----------------- ## - -# The following options affect the operation of the functions defined -# below, and should be set appropriately depending on run-time para- -# meters passed on the command line. - -opt_dry_run=false -opt_quiet=false -opt_verbose=false - -# Categories 'all' and 'none' are always available. Append any others -# you will pass as the first argument to func_warning from your own -# code. -warning_categories= - -# By default, display warnings according to 'opt_warning_types'. Set -# 'warning_func' to ':' to elide all warnings, or func_fatal_error to -# treat the next displayed warning as a fatal error. -warning_func=func_warn_and_continue - -# Set to 'all' to display all warnings, 'none' to suppress all -# warnings, or a space delimited list of some subset of -# 'warning_categories' to display only the listed warnings. -opt_warning_types=all - - -## -------------------- ## -## Resource management. ## -## -------------------- ## - -# This section contains definitions for functions that each ensure a -# particular resource (a file, or a non-empty configuration variable for -# example) is available, and if appropriate to extract default values -# from pertinent package files. Call them using their associated -# 'require_*' variable to ensure that they are executed, at most, once. -# -# It's entirely deliberate that calling these functions can set -# variables that don't obey the namespace limitations obeyed by the rest -# of this file, in order that that they be as useful as possible to -# callers. - - -# require_term_colors -# ------------------- -# Allow display of bold text on terminals that support it. -require_term_colors=func_require_term_colors -func_require_term_colors () -{ - $debug_cmd - - test -t 1 && { - # COLORTERM and USE_ANSI_COLORS environment variables take - # precedence, because most terminfo databases neglect to describe - # whether color sequences are supported. - test -n "${COLORTERM+set}" && : ${USE_ANSI_COLORS="1"} - - if test 1 = "$USE_ANSI_COLORS"; then - # Standard ANSI escape sequences - tc_reset='' - tc_bold=''; tc_standout='' - tc_red=''; tc_green='' - tc_blue=''; tc_cyan='' - else - # Otherwise trust the terminfo database after all. - test -n "`tput sgr0 2>/dev/null`" && { - tc_reset=`tput sgr0` - test -n "`tput bold 2>/dev/null`" && tc_bold=`tput bold` - tc_standout=$tc_bold - test -n "`tput smso 2>/dev/null`" && tc_standout=`tput smso` - test -n "`tput setaf 1 2>/dev/null`" && tc_red=`tput setaf 1` - test -n "`tput setaf 2 2>/dev/null`" && tc_green=`tput setaf 2` - test -n "`tput setaf 4 2>/dev/null`" && tc_blue=`tput setaf 4` - test -n "`tput setaf 5 2>/dev/null`" && tc_cyan=`tput setaf 5` - } - fi - } - - require_term_colors=: -} - - -## ----------------- ## -## Function library. ## -## ----------------- ## - -# This section contains a variety of useful functions to call in your -# scripts. Take note of the portable wrappers for features provided by -# some modern shells, which will fall back to slower equivalents on -# less featureful shells. - - -# func_append VAR VALUE -# --------------------- -# Append VALUE onto the existing contents of VAR. - - # We should try to minimise forks, especially on Windows where they are - # unreasonably slow, so skip the feature probes when bash or zsh are - # being used: - if test set = "${BASH_VERSION+set}${ZSH_VERSION+set}"; then - : ${_G_HAVE_ARITH_OP="yes"} - : ${_G_HAVE_XSI_OPS="yes"} - # The += operator was introduced in bash 3.1 - case $BASH_VERSION in - [12].* | 3.0 | 3.0*) ;; - *) - : ${_G_HAVE_PLUSEQ_OP="yes"} - ;; - esac - fi - - # _G_HAVE_PLUSEQ_OP - # Can be empty, in which case the shell is probed, "yes" if += is - # useable or anything else if it does not work. - test -z "$_G_HAVE_PLUSEQ_OP" \ - && (eval 'x=a; x+=" b"; test "a b" = "$x"') 2>/dev/null \ - && _G_HAVE_PLUSEQ_OP=yes - -if test yes = "$_G_HAVE_PLUSEQ_OP" -then - # This is an XSI compatible shell, allowing a faster implementation... - eval 'func_append () - { - $debug_cmd - - eval "$1+=\$2" - }' -else - # ...otherwise fall back to using expr, which is often a shell builtin. - func_append () - { - $debug_cmd - - eval "$1=\$$1\$2" - } -fi - - -# func_append_quoted VAR VALUE -# ---------------------------- -# Quote VALUE and append to the end of shell variable VAR, separated -# by a space. -if test yes = "$_G_HAVE_PLUSEQ_OP"; then - eval 'func_append_quoted () - { - $debug_cmd - - func_quote_for_eval "$2" - eval "$1+=\\ \$func_quote_for_eval_result" - }' -else - func_append_quoted () - { - $debug_cmd - - func_quote_for_eval "$2" - eval "$1=\$$1\\ \$func_quote_for_eval_result" - } -fi - - -# func_append_uniq VAR VALUE -# -------------------------- -# Append unique VALUE onto the existing contents of VAR, assuming -# entries are delimited by the first character of VALUE. For example: -# -# func_append_uniq options " --another-option option-argument" -# -# will only append to $options if " --another-option option-argument " -# is not already present somewhere in $options already (note spaces at -# each end implied by leading space in second argument). -func_append_uniq () -{ - $debug_cmd - - eval _G_current_value='`$ECHO $'$1'`' - _G_delim=`expr "$2" : '\(.\)'` - - case $_G_delim$_G_current_value$_G_delim in - *"$2$_G_delim"*) ;; - *) func_append "$@" ;; - esac -} - - -# func_arith TERM... -# ------------------ -# Set func_arith_result to the result of evaluating TERMs. - test -z "$_G_HAVE_ARITH_OP" \ - && (eval 'test 2 = $(( 1 + 1 ))') 2>/dev/null \ - && _G_HAVE_ARITH_OP=yes - -if test yes = "$_G_HAVE_ARITH_OP"; then - eval 'func_arith () - { - $debug_cmd - - func_arith_result=$(( $* )) - }' -else - func_arith () - { - $debug_cmd - - func_arith_result=`expr "$@"` - } -fi - - -# func_basename FILE -# ------------------ -# Set func_basename_result to FILE with everything up to and including -# the last / stripped. -if test yes = "$_G_HAVE_XSI_OPS"; then - # If this shell supports suffix pattern removal, then use it to avoid - # forking. Hide the definitions single quotes in case the shell chokes - # on unsupported syntax... - _b='func_basename_result=${1##*/}' - _d='case $1 in - */*) func_dirname_result=${1%/*}$2 ;; - * ) func_dirname_result=$3 ;; - esac' - -else - # ...otherwise fall back to using sed. - _b='func_basename_result=`$ECHO "$1" |$SED "$sed_basename"`' - _d='func_dirname_result=`$ECHO "$1" |$SED "$sed_dirname"` - if test "X$func_dirname_result" = "X$1"; then - func_dirname_result=$3 - else - func_append func_dirname_result "$2" - fi' -fi - -eval 'func_basename () -{ - $debug_cmd - - '"$_b"' -}' - - -# func_dirname FILE APPEND NONDIR_REPLACEMENT -# ------------------------------------------- -# Compute the dirname of FILE. If nonempty, add APPEND to the result, -# otherwise set result to NONDIR_REPLACEMENT. -eval 'func_dirname () -{ - $debug_cmd - - '"$_d"' -}' - - -# func_dirname_and_basename FILE APPEND NONDIR_REPLACEMENT -# -------------------------------------------------------- -# Perform func_basename and func_dirname in a single function -# call: -# dirname: Compute the dirname of FILE. If nonempty, -# add APPEND to the result, otherwise set result -# to NONDIR_REPLACEMENT. -# value returned in "$func_dirname_result" -# basename: Compute filename of FILE. -# value retuned in "$func_basename_result" -# For efficiency, we do not delegate to the functions above but instead -# duplicate the functionality here. -eval 'func_dirname_and_basename () -{ - $debug_cmd - - '"$_b"' - '"$_d"' -}' - - -# func_echo ARG... -# ---------------- -# Echo program name prefixed message. -func_echo () -{ - $debug_cmd - - _G_message=$* - - func_echo_IFS=$IFS - IFS=$nl - for _G_line in $_G_message; do - IFS=$func_echo_IFS - $ECHO "$progname: $_G_line" - done - IFS=$func_echo_IFS -} - - -# func_echo_all ARG... -# -------------------- -# Invoke $ECHO with all args, space-separated. -func_echo_all () -{ - $ECHO "$*" -} - - -# func_echo_infix_1 INFIX ARG... -# ------------------------------ -# Echo program name, followed by INFIX on the first line, with any -# additional lines not showing INFIX. -func_echo_infix_1 () -{ - $debug_cmd - - $require_term_colors - - _G_infix=$1; shift - _G_indent=$_G_infix - _G_prefix="$progname: $_G_infix: " - _G_message=$* - - # Strip color escape sequences before counting printable length - for _G_tc in "$tc_reset" "$tc_bold" "$tc_standout" "$tc_red" "$tc_green" "$tc_blue" "$tc_cyan" - do - test -n "$_G_tc" && { - _G_esc_tc=`$ECHO "$_G_tc" | $SED "$sed_make_literal_regex"` - _G_indent=`$ECHO "$_G_indent" | $SED "s|$_G_esc_tc||g"` - } - done - _G_indent="$progname: "`echo "$_G_indent" | $SED 's|.| |g'`" " ## exclude from sc_prohibit_nested_quotes - - func_echo_infix_1_IFS=$IFS - IFS=$nl - for _G_line in $_G_message; do - IFS=$func_echo_infix_1_IFS - $ECHO "$_G_prefix$tc_bold$_G_line$tc_reset" >&2 - _G_prefix=$_G_indent - done - IFS=$func_echo_infix_1_IFS -} - - -# func_error ARG... -# ----------------- -# Echo program name prefixed message to standard error. -func_error () -{ - $debug_cmd - - $require_term_colors - - func_echo_infix_1 " $tc_standout${tc_red}error$tc_reset" "$*" >&2 -} - - -# func_fatal_error ARG... -# ----------------------- -# Echo program name prefixed message to standard error, and exit. -func_fatal_error () -{ - $debug_cmd - - func_error "$*" - exit $EXIT_FAILURE -} - - -# func_grep EXPRESSION FILENAME -# ----------------------------- -# Check whether EXPRESSION matches any line of FILENAME, without output. -func_grep () -{ - $debug_cmd - - $GREP "$1" "$2" >/dev/null 2>&1 -} - - -# func_len STRING -# --------------- -# Set func_len_result to the length of STRING. STRING may not -# start with a hyphen. - test -z "$_G_HAVE_XSI_OPS" \ - && (eval 'x=a/b/c; - test 5aa/bb/cc = "${#x}${x%%/*}${x%/*}${x#*/}${x##*/}"') 2>/dev/null \ - && _G_HAVE_XSI_OPS=yes - -if test yes = "$_G_HAVE_XSI_OPS"; then - eval 'func_len () - { - $debug_cmd - - func_len_result=${#1} - }' -else - func_len () - { - $debug_cmd - - func_len_result=`expr "$1" : ".*" 2>/dev/null || echo $max_cmd_len` - } -fi - - -# func_mkdir_p DIRECTORY-PATH -# --------------------------- -# Make sure the entire path to DIRECTORY-PATH is available. -func_mkdir_p () -{ - $debug_cmd - - _G_directory_path=$1 - _G_dir_list= - - if test -n "$_G_directory_path" && test : != "$opt_dry_run"; then - - # Protect directory names starting with '-' - case $_G_directory_path in - -*) _G_directory_path=./$_G_directory_path ;; - esac - - # While some portion of DIR does not yet exist... - while test ! -d "$_G_directory_path"; do - # ...make a list in topmost first order. Use a colon delimited - # list incase some portion of path contains whitespace. - _G_dir_list=$_G_directory_path:$_G_dir_list - - # If the last portion added has no slash in it, the list is done - case $_G_directory_path in */*) ;; *) break ;; esac - - # ...otherwise throw away the child directory and loop - _G_directory_path=`$ECHO "$_G_directory_path" | $SED -e "$sed_dirname"` - done - _G_dir_list=`$ECHO "$_G_dir_list" | $SED 's|:*$||'` - - func_mkdir_p_IFS=$IFS; IFS=: - for _G_dir in $_G_dir_list; do - IFS=$func_mkdir_p_IFS - # mkdir can fail with a 'File exist' error if two processes - # try to create one of the directories concurrently. Don't - # stop in that case! - $MKDIR "$_G_dir" 2>/dev/null || : - done - IFS=$func_mkdir_p_IFS - - # Bail out if we (or some other process) failed to create a directory. - test -d "$_G_directory_path" || \ - func_fatal_error "Failed to create '$1'" - fi -} - - -# func_mktempdir [BASENAME] -# ------------------------- -# Make a temporary directory that won't clash with other running -# libtool processes, and avoids race conditions if possible. If -# given, BASENAME is the basename for that directory. -func_mktempdir () -{ - $debug_cmd - - _G_template=${TMPDIR-/tmp}/${1-$progname} - - if test : = "$opt_dry_run"; then - # Return a directory name, but don't create it in dry-run mode - _G_tmpdir=$_G_template-$$ - else - - # If mktemp works, use that first and foremost - _G_tmpdir=`mktemp -d "$_G_template-XXXXXXXX" 2>/dev/null` - - if test ! -d "$_G_tmpdir"; then - # Failing that, at least try and use $RANDOM to avoid a race - _G_tmpdir=$_G_template-${RANDOM-0}$$ - - func_mktempdir_umask=`umask` - umask 0077 - $MKDIR "$_G_tmpdir" - umask $func_mktempdir_umask - fi - - # If we're not in dry-run mode, bomb out on failure - test -d "$_G_tmpdir" || \ - func_fatal_error "cannot create temporary directory '$_G_tmpdir'" - fi - - $ECHO "$_G_tmpdir" -} - - -# func_normal_abspath PATH -# ------------------------ -# Remove doubled-up and trailing slashes, "." path components, -# and cancel out any ".." path components in PATH after making -# it an absolute path. -func_normal_abspath () -{ - $debug_cmd - - # These SED scripts presuppose an absolute path with a trailing slash. - _G_pathcar='s|^/\([^/]*\).*$|\1|' - _G_pathcdr='s|^/[^/]*||' - _G_removedotparts=':dotsl - s|/\./|/|g - t dotsl - s|/\.$|/|' - _G_collapseslashes='s|/\{1,\}|/|g' - _G_finalslash='s|/*$|/|' - - # Start from root dir and reassemble the path. - func_normal_abspath_result= - func_normal_abspath_tpath=$1 - func_normal_abspath_altnamespace= - case $func_normal_abspath_tpath in - "") - # Empty path, that just means $cwd. - func_stripname '' '/' "`pwd`" - func_normal_abspath_result=$func_stripname_result - return - ;; - # The next three entries are used to spot a run of precisely - # two leading slashes without using negated character classes; - # we take advantage of case's first-match behaviour. - ///*) - # Unusual form of absolute path, do nothing. - ;; - //*) - # Not necessarily an ordinary path; POSIX reserves leading '//' - # and for example Cygwin uses it to access remote file shares - # over CIFS/SMB, so we conserve a leading double slash if found. - func_normal_abspath_altnamespace=/ - ;; - /*) - # Absolute path, do nothing. - ;; - *) - # Relative path, prepend $cwd. - func_normal_abspath_tpath=`pwd`/$func_normal_abspath_tpath - ;; - esac - - # Cancel out all the simple stuff to save iterations. We also want - # the path to end with a slash for ease of parsing, so make sure - # there is one (and only one) here. - func_normal_abspath_tpath=`$ECHO "$func_normal_abspath_tpath" | $SED \ - -e "$_G_removedotparts" -e "$_G_collapseslashes" -e "$_G_finalslash"` - while :; do - # Processed it all yet? - if test / = "$func_normal_abspath_tpath"; then - # If we ascended to the root using ".." the result may be empty now. - if test -z "$func_normal_abspath_result"; then - func_normal_abspath_result=/ - fi - break - fi - func_normal_abspath_tcomponent=`$ECHO "$func_normal_abspath_tpath" | $SED \ - -e "$_G_pathcar"` - func_normal_abspath_tpath=`$ECHO "$func_normal_abspath_tpath" | $SED \ - -e "$_G_pathcdr"` - # Figure out what to do with it - case $func_normal_abspath_tcomponent in - "") - # Trailing empty path component, ignore it. - ;; - ..) - # Parent dir; strip last assembled component from result. - func_dirname "$func_normal_abspath_result" - func_normal_abspath_result=$func_dirname_result - ;; - *) - # Actual path component, append it. - func_append func_normal_abspath_result "/$func_normal_abspath_tcomponent" - ;; - esac - done - # Restore leading double-slash if one was found on entry. - func_normal_abspath_result=$func_normal_abspath_altnamespace$func_normal_abspath_result -} - - -# func_notquiet ARG... -# -------------------- -# Echo program name prefixed message only when not in quiet mode. -func_notquiet () -{ - $debug_cmd - - $opt_quiet || func_echo ${1+"$@"} - - # A bug in bash halts the script if the last line of a function - # fails when set -e is in force, so we need another command to - # work around that: - : -} - - -# func_relative_path SRCDIR DSTDIR -# -------------------------------- -# Set func_relative_path_result to the relative path from SRCDIR to DSTDIR. -func_relative_path () -{ - $debug_cmd - - func_relative_path_result= - func_normal_abspath "$1" - func_relative_path_tlibdir=$func_normal_abspath_result - func_normal_abspath "$2" - func_relative_path_tbindir=$func_normal_abspath_result - - # Ascend the tree starting from libdir - while :; do - # check if we have found a prefix of bindir - case $func_relative_path_tbindir in - $func_relative_path_tlibdir) - # found an exact match - func_relative_path_tcancelled= - break - ;; - $func_relative_path_tlibdir*) - # found a matching prefix - func_stripname "$func_relative_path_tlibdir" '' "$func_relative_path_tbindir" - func_relative_path_tcancelled=$func_stripname_result - if test -z "$func_relative_path_result"; then - func_relative_path_result=. - fi - break - ;; - *) - func_dirname $func_relative_path_tlibdir - func_relative_path_tlibdir=$func_dirname_result - if test -z "$func_relative_path_tlibdir"; then - # Have to descend all the way to the root! - func_relative_path_result=../$func_relative_path_result - func_relative_path_tcancelled=$func_relative_path_tbindir - break - fi - func_relative_path_result=../$func_relative_path_result - ;; - esac - done - - # Now calculate path; take care to avoid doubling-up slashes. - func_stripname '' '/' "$func_relative_path_result" - func_relative_path_result=$func_stripname_result - func_stripname '/' '/' "$func_relative_path_tcancelled" - if test -n "$func_stripname_result"; then - func_append func_relative_path_result "/$func_stripname_result" - fi - - # Normalisation. If bindir is libdir, return '.' else relative path. - if test -n "$func_relative_path_result"; then - func_stripname './' '' "$func_relative_path_result" - func_relative_path_result=$func_stripname_result - fi - - test -n "$func_relative_path_result" || func_relative_path_result=. - - : -} - - -# func_quote_for_eval ARG... -# -------------------------- -# Aesthetically quote ARGs to be evaled later. -# This function returns two values: -# i) func_quote_for_eval_result -# double-quoted, suitable for a subsequent eval -# ii) func_quote_for_eval_unquoted_result -# has all characters that are still active within double -# quotes backslashified. -func_quote_for_eval () -{ - $debug_cmd - - func_quote_for_eval_unquoted_result= - func_quote_for_eval_result= - while test 0 -lt $#; do - case $1 in - *[\\\`\"\$]*) - _G_unquoted_arg=`printf '%s\n' "$1" |$SED "$sed_quote_subst"` ;; - *) - _G_unquoted_arg=$1 ;; - esac - if test -n "$func_quote_for_eval_unquoted_result"; then - func_append func_quote_for_eval_unquoted_result " $_G_unquoted_arg" - else - func_append func_quote_for_eval_unquoted_result "$_G_unquoted_arg" - fi - - case $_G_unquoted_arg in - # Double-quote args containing shell metacharacters to delay - # word splitting, command substitution and variable expansion - # for a subsequent eval. - # Many Bourne shells cannot handle close brackets correctly - # in scan sets, so we specify it separately. - *[\[\~\#\^\&\*\(\)\{\}\|\;\<\>\?\'\ \ ]*|*]*|"") - _G_quoted_arg=\"$_G_unquoted_arg\" - ;; - *) - _G_quoted_arg=$_G_unquoted_arg - ;; - esac - - if test -n "$func_quote_for_eval_result"; then - func_append func_quote_for_eval_result " $_G_quoted_arg" - else - func_append func_quote_for_eval_result "$_G_quoted_arg" - fi - shift - done -} - - -# func_quote_for_expand ARG -# ------------------------- -# Aesthetically quote ARG to be evaled later; same as above, -# but do not quote variable references. -func_quote_for_expand () -{ - $debug_cmd - - case $1 in - *[\\\`\"]*) - _G_arg=`$ECHO "$1" | $SED \ - -e "$sed_double_quote_subst" -e "$sed_double_backslash"` ;; - *) - _G_arg=$1 ;; - esac - - case $_G_arg in - # Double-quote args containing shell metacharacters to delay - # word splitting and command substitution for a subsequent eval. - # Many Bourne shells cannot handle close brackets correctly - # in scan sets, so we specify it separately. - *[\[\~\#\^\&\*\(\)\{\}\|\;\<\>\?\'\ \ ]*|*]*|"") - _G_arg=\"$_G_arg\" - ;; - esac - - func_quote_for_expand_result=$_G_arg -} - - -# func_stripname PREFIX SUFFIX NAME -# --------------------------------- -# strip PREFIX and SUFFIX from NAME, and store in func_stripname_result. -# PREFIX and SUFFIX must not contain globbing or regex special -# characters, hashes, percent signs, but SUFFIX may contain a leading -# dot (in which case that matches only a dot). -if test yes = "$_G_HAVE_XSI_OPS"; then - eval 'func_stripname () - { - $debug_cmd - - # pdksh 5.2.14 does not do ${X%$Y} correctly if both X and Y are - # positional parameters, so assign one to ordinary variable first. - func_stripname_result=$3 - func_stripname_result=${func_stripname_result#"$1"} - func_stripname_result=${func_stripname_result%"$2"} - }' -else - func_stripname () - { - $debug_cmd - - case $2 in - .*) func_stripname_result=`$ECHO "$3" | $SED -e "s%^$1%%" -e "s%\\\\$2\$%%"`;; - *) func_stripname_result=`$ECHO "$3" | $SED -e "s%^$1%%" -e "s%$2\$%%"`;; - esac - } -fi - - -# func_show_eval CMD [FAIL_EXP] -# ----------------------------- -# Unless opt_quiet is true, then output CMD. Then, if opt_dryrun is -# not true, evaluate CMD. If the evaluation of CMD fails, and FAIL_EXP -# is given, then evaluate it. -func_show_eval () -{ - $debug_cmd - - _G_cmd=$1 - _G_fail_exp=${2-':'} - - func_quote_for_expand "$_G_cmd" - eval "func_notquiet $func_quote_for_expand_result" - - $opt_dry_run || { - eval "$_G_cmd" - _G_status=$? - if test 0 -ne "$_G_status"; then - eval "(exit $_G_status); $_G_fail_exp" - fi - } -} - - -# func_show_eval_locale CMD [FAIL_EXP] -# ------------------------------------ -# Unless opt_quiet is true, then output CMD. Then, if opt_dryrun is -# not true, evaluate CMD. If the evaluation of CMD fails, and FAIL_EXP -# is given, then evaluate it. Use the saved locale for evaluation. -func_show_eval_locale () -{ - $debug_cmd - - _G_cmd=$1 - _G_fail_exp=${2-':'} - - $opt_quiet || { - func_quote_for_expand "$_G_cmd" - eval "func_echo $func_quote_for_expand_result" - } - - $opt_dry_run || { - eval "$_G_user_locale - $_G_cmd" - _G_status=$? - eval "$_G_safe_locale" - if test 0 -ne "$_G_status"; then - eval "(exit $_G_status); $_G_fail_exp" - fi - } -} - - -# func_tr_sh -# ---------- -# Turn $1 into a string suitable for a shell variable name. -# Result is stored in $func_tr_sh_result. All characters -# not in the set a-zA-Z0-9_ are replaced with '_'. Further, -# if $1 begins with a digit, a '_' is prepended as well. -func_tr_sh () -{ - $debug_cmd - - case $1 in - [0-9]* | *[!a-zA-Z0-9_]*) - func_tr_sh_result=`$ECHO "$1" | $SED -e 's/^\([0-9]\)/_\1/' -e 's/[^a-zA-Z0-9_]/_/g'` - ;; - * ) - func_tr_sh_result=$1 - ;; - esac -} - - -# func_verbose ARG... -# ------------------- -# Echo program name prefixed message in verbose mode only. -func_verbose () -{ - $debug_cmd - - $opt_verbose && func_echo "$*" - - : -} - - -# func_warn_and_continue ARG... -# ----------------------------- -# Echo program name prefixed warning message to standard error. -func_warn_and_continue () -{ - $debug_cmd - - $require_term_colors - - func_echo_infix_1 "${tc_red}warning$tc_reset" "$*" >&2 -} - - -# func_warning CATEGORY ARG... -# ---------------------------- -# Echo program name prefixed warning message to standard error. Warning -# messages can be filtered according to CATEGORY, where this function -# elides messages where CATEGORY is not listed in the global variable -# 'opt_warning_types'. -func_warning () -{ - $debug_cmd - - # CATEGORY must be in the warning_categories list! - case " $warning_categories " in - *" $1 "*) ;; - *) func_internal_error "invalid warning category '$1'" ;; - esac - - _G_category=$1 - shift - - case " $opt_warning_types " in - *" $_G_category "*) $warning_func ${1+"$@"} ;; - esac -} - - -# func_sort_ver VER1 VER2 -# ----------------------- -# 'sort -V' is not generally available. -# Note this deviates from the version comparison in automake -# in that it treats 1.5 < 1.5.0, and treats 1.4.4a < 1.4-p3a -# but this should suffice as we won't be specifying old -# version formats or redundant trailing .0 in bootstrap.conf. -# If we did want full compatibility then we should probably -# use m4_version_compare from autoconf. -func_sort_ver () -{ - $debug_cmd - - printf '%s\n%s\n' "$1" "$2" \ - | sort -t. -k 1,1n -k 2,2n -k 3,3n -k 4,4n -k 5,5n -k 6,6n -k 7,7n -k 8,8n -k 9,9n -} - -# func_lt_ver PREV CURR -# --------------------- -# Return true if PREV and CURR are in the correct order according to -# func_sort_ver, otherwise false. Use it like this: -# -# func_lt_ver "$prev_ver" "$proposed_ver" || func_fatal_error "..." -func_lt_ver () -{ - $debug_cmd - - test "x$1" = x`func_sort_ver "$1" "$2" | $SED 1q` -} - - -# Local variables: -# mode: shell-script -# sh-indentation: 2 -# eval: (add-hook 'before-save-hook 'time-stamp) -# time-stamp-pattern: "10/scriptversion=%:y-%02m-%02d.%02H; # UTC" -# time-stamp-time-zone: "UTC" -# End: -#! /bin/sh - -# Set a version string for this script. -scriptversion=2014-01-07.03; # UTC - -# A portable, pluggable option parser for Bourne shell. -# Written by Gary V. Vaughan, 2010 - -# Copyright (C) 2010-2015 Free Software Foundation, Inc. -# This is free software; see the source for copying conditions. There is NO -# warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. - -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. - -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. - -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -# Please report bugs or propose patches to gary@gnu.org. - - -## ------ ## -## Usage. ## -## ------ ## - -# This file is a library for parsing options in your shell scripts along -# with assorted other useful supporting features that you can make use -# of too. -# -# For the simplest scripts you might need only: -# -# #!/bin/sh -# . relative/path/to/funclib.sh -# . relative/path/to/options-parser -# scriptversion=1.0 -# func_options ${1+"$@"} -# eval set dummy "$func_options_result"; shift -# ...rest of your script... -# -# In order for the '--version' option to work, you will need to have a -# suitably formatted comment like the one at the top of this file -# starting with '# Written by ' and ending with '# warranty; '. -# -# For '-h' and '--help' to work, you will also need a one line -# description of your script's purpose in a comment directly above the -# '# Written by ' line, like the one at the top of this file. -# -# The default options also support '--debug', which will turn on shell -# execution tracing (see the comment above debug_cmd below for another -# use), and '--verbose' and the func_verbose function to allow your script -# to display verbose messages only when your user has specified -# '--verbose'. -# -# After sourcing this file, you can plug processing for additional -# options by amending the variables from the 'Configuration' section -# below, and following the instructions in the 'Option parsing' -# section further down. - -## -------------- ## -## Configuration. ## -## -------------- ## - -# You should override these variables in your script after sourcing this -# file so that they reflect the customisations you have added to the -# option parser. - -# The usage line for option parsing errors and the start of '-h' and -# '--help' output messages. You can embed shell variables for delayed -# expansion at the time the message is displayed, but you will need to -# quote other shell meta-characters carefully to prevent them being -# expanded when the contents are evaled. -usage='$progpath [OPTION]...' - -# Short help message in response to '-h' and '--help'. Add to this or -# override it after sourcing this library to reflect the full set of -# options your script accepts. -usage_message="\ - --debug enable verbose shell tracing - -W, --warnings=CATEGORY - report the warnings falling in CATEGORY [all] - -v, --verbose verbosely report processing - --version print version information and exit - -h, --help print short or long help message and exit -" - -# Additional text appended to 'usage_message' in response to '--help'. -long_help_message=" -Warning categories include: - 'all' show all warnings - 'none' turn off all the warnings - 'error' warnings are treated as fatal errors" - -# Help message printed before fatal option parsing errors. -fatal_help="Try '\$progname --help' for more information." - - - -## ------------------------- ## -## Hook function management. ## -## ------------------------- ## - -# This section contains functions for adding, removing, and running hooks -# to the main code. A hook is just a named list of of function, that can -# be run in order later on. - -# func_hookable FUNC_NAME -# ----------------------- -# Declare that FUNC_NAME will run hooks added with -# 'func_add_hook FUNC_NAME ...'. -func_hookable () -{ - $debug_cmd - - func_append hookable_fns " $1" -} - - -# func_add_hook FUNC_NAME HOOK_FUNC -# --------------------------------- -# Request that FUNC_NAME call HOOK_FUNC before it returns. FUNC_NAME must -# first have been declared "hookable" by a call to 'func_hookable'. -func_add_hook () -{ - $debug_cmd - - case " $hookable_fns " in - *" $1 "*) ;; - *) func_fatal_error "'$1' does not accept hook functions." ;; - esac - - eval func_append ${1}_hooks '" $2"' -} - - -# func_remove_hook FUNC_NAME HOOK_FUNC -# ------------------------------------ -# Remove HOOK_FUNC from the list of functions called by FUNC_NAME. -func_remove_hook () -{ - $debug_cmd - - eval ${1}_hooks='`$ECHO "\$'$1'_hooks" |$SED "s| '$2'||"`' -} - - -# func_run_hooks FUNC_NAME [ARG]... -# --------------------------------- -# Run all hook functions registered to FUNC_NAME. -# It is assumed that the list of hook functions contains nothing more -# than a whitespace-delimited list of legal shell function names, and -# no effort is wasted trying to catch shell meta-characters or preserve -# whitespace. -func_run_hooks () -{ - $debug_cmd - - case " $hookable_fns " in - *" $1 "*) ;; - *) func_fatal_error "'$1' does not support hook funcions.n" ;; - esac - - eval _G_hook_fns=\$$1_hooks; shift - - for _G_hook in $_G_hook_fns; do - eval $_G_hook '"$@"' - - # store returned options list back into positional - # parameters for next 'cmd' execution. - eval _G_hook_result=\$${_G_hook}_result - eval set dummy "$_G_hook_result"; shift - done - - func_quote_for_eval ${1+"$@"} - func_run_hooks_result=$func_quote_for_eval_result -} - - - -## --------------- ## -## Option parsing. ## -## --------------- ## - -# In order to add your own option parsing hooks, you must accept the -# full positional parameter list in your hook function, remove any -# options that you action, and then pass back the remaining unprocessed -# options in '_result', escaped suitably for -# 'eval'. Like this: -# -# my_options_prep () -# { -# $debug_cmd -# -# # Extend the existing usage message. -# usage_message=$usage_message' -# -s, --silent don'\''t print informational messages -# ' -# -# func_quote_for_eval ${1+"$@"} -# my_options_prep_result=$func_quote_for_eval_result -# } -# func_add_hook func_options_prep my_options_prep -# -# -# my_silent_option () -# { -# $debug_cmd -# -# # Note that for efficiency, we parse as many options as we can -# # recognise in a loop before passing the remainder back to the -# # caller on the first unrecognised argument we encounter. -# while test $# -gt 0; do -# opt=$1; shift -# case $opt in -# --silent|-s) opt_silent=: ;; -# # Separate non-argument short options: -# -s*) func_split_short_opt "$_G_opt" -# set dummy "$func_split_short_opt_name" \ -# "-$func_split_short_opt_arg" ${1+"$@"} -# shift -# ;; -# *) set dummy "$_G_opt" "$*"; shift; break ;; -# esac -# done -# -# func_quote_for_eval ${1+"$@"} -# my_silent_option_result=$func_quote_for_eval_result -# } -# func_add_hook func_parse_options my_silent_option -# -# -# my_option_validation () -# { -# $debug_cmd -# -# $opt_silent && $opt_verbose && func_fatal_help "\ -# '--silent' and '--verbose' options are mutually exclusive." -# -# func_quote_for_eval ${1+"$@"} -# my_option_validation_result=$func_quote_for_eval_result -# } -# func_add_hook func_validate_options my_option_validation -# -# You'll alse need to manually amend $usage_message to reflect the extra -# options you parse. It's preferable to append if you can, so that -# multiple option parsing hooks can be added safely. - - -# func_options [ARG]... -# --------------------- -# All the functions called inside func_options are hookable. See the -# individual implementations for details. -func_hookable func_options -func_options () -{ - $debug_cmd - - func_options_prep ${1+"$@"} - eval func_parse_options \ - ${func_options_prep_result+"$func_options_prep_result"} - eval func_validate_options \ - ${func_parse_options_result+"$func_parse_options_result"} - - eval func_run_hooks func_options \ - ${func_validate_options_result+"$func_validate_options_result"} - - # save modified positional parameters for caller - func_options_result=$func_run_hooks_result -} - - -# func_options_prep [ARG]... -# -------------------------- -# All initialisations required before starting the option parse loop. -# Note that when calling hook functions, we pass through the list of -# positional parameters. If a hook function modifies that list, and -# needs to propogate that back to rest of this script, then the complete -# modified list must be put in 'func_run_hooks_result' before -# returning. -func_hookable func_options_prep -func_options_prep () -{ - $debug_cmd - - # Option defaults: - opt_verbose=false - opt_warning_types= - - func_run_hooks func_options_prep ${1+"$@"} - - # save modified positional parameters for caller - func_options_prep_result=$func_run_hooks_result -} - - -# func_parse_options [ARG]... -# --------------------------- -# The main option parsing loop. -func_hookable func_parse_options -func_parse_options () -{ - $debug_cmd - - func_parse_options_result= - - # this just eases exit handling - while test $# -gt 0; do - # Defer to hook functions for initial option parsing, so they - # get priority in the event of reusing an option name. - func_run_hooks func_parse_options ${1+"$@"} - - # Adjust func_parse_options positional parameters to match - eval set dummy "$func_run_hooks_result"; shift - - # Break out of the loop if we already parsed every option. - test $# -gt 0 || break - - _G_opt=$1 - shift - case $_G_opt in - --debug|-x) debug_cmd='set -x' - func_echo "enabling shell trace mode" - $debug_cmd - ;; - - --no-warnings|--no-warning|--no-warn) - set dummy --warnings none ${1+"$@"} - shift - ;; - - --warnings|--warning|-W) - test $# = 0 && func_missing_arg $_G_opt && break - case " $warning_categories $1" in - *" $1 "*) - # trailing space prevents matching last $1 above - func_append_uniq opt_warning_types " $1" - ;; - *all) - opt_warning_types=$warning_categories - ;; - *none) - opt_warning_types=none - warning_func=: - ;; - *error) - opt_warning_types=$warning_categories - warning_func=func_fatal_error - ;; - *) - func_fatal_error \ - "unsupported warning category: '$1'" - ;; - esac - shift - ;; - - --verbose|-v) opt_verbose=: ;; - --version) func_version ;; - -\?|-h) func_usage ;; - --help) func_help ;; - - # Separate optargs to long options (plugins may need this): - --*=*) func_split_equals "$_G_opt" - set dummy "$func_split_equals_lhs" \ - "$func_split_equals_rhs" ${1+"$@"} - shift - ;; - - # Separate optargs to short options: - -W*) - func_split_short_opt "$_G_opt" - set dummy "$func_split_short_opt_name" \ - "$func_split_short_opt_arg" ${1+"$@"} - shift - ;; - - # Separate non-argument short options: - -\?*|-h*|-v*|-x*) - func_split_short_opt "$_G_opt" - set dummy "$func_split_short_opt_name" \ - "-$func_split_short_opt_arg" ${1+"$@"} - shift - ;; - - --) break ;; - -*) func_fatal_help "unrecognised option: '$_G_opt'" ;; - *) set dummy "$_G_opt" ${1+"$@"}; shift; break ;; - esac - done - - # save modified positional parameters for caller - func_quote_for_eval ${1+"$@"} - func_parse_options_result=$func_quote_for_eval_result -} - - -# func_validate_options [ARG]... -# ------------------------------ -# Perform any sanity checks on option settings and/or unconsumed -# arguments. -func_hookable func_validate_options -func_validate_options () -{ - $debug_cmd - - # Display all warnings if -W was not given. - test -n "$opt_warning_types" || opt_warning_types=" $warning_categories" - - func_run_hooks func_validate_options ${1+"$@"} - - # Bail if the options were screwed! - $exit_cmd $EXIT_FAILURE - - # save modified positional parameters for caller - func_validate_options_result=$func_run_hooks_result -} - - - -## ----------------- ## -## Helper functions. ## -## ----------------- ## - -# This section contains the helper functions used by the rest of the -# hookable option parser framework in ascii-betical order. - - -# func_fatal_help ARG... -# ---------------------- -# Echo program name prefixed message to standard error, followed by -# a help hint, and exit. -func_fatal_help () -{ - $debug_cmd - - eval \$ECHO \""Usage: $usage"\" - eval \$ECHO \""$fatal_help"\" - func_error ${1+"$@"} - exit $EXIT_FAILURE -} - - -# func_help -# --------- -# Echo long help message to standard output and exit. -func_help () -{ - $debug_cmd - - func_usage_message - $ECHO "$long_help_message" - exit 0 -} - - -# func_missing_arg ARGNAME -# ------------------------ -# Echo program name prefixed message to standard error and set global -# exit_cmd. -func_missing_arg () -{ - $debug_cmd - - func_error "Missing argument for '$1'." - exit_cmd=exit -} - - -# func_split_equals STRING -# ------------------------ -# Set func_split_equals_lhs and func_split_equals_rhs shell variables after -# splitting STRING at the '=' sign. -test -z "$_G_HAVE_XSI_OPS" \ - && (eval 'x=a/b/c; - test 5aa/bb/cc = "${#x}${x%%/*}${x%/*}${x#*/}${x##*/}"') 2>/dev/null \ - && _G_HAVE_XSI_OPS=yes - -if test yes = "$_G_HAVE_XSI_OPS" -then - # This is an XSI compatible shell, allowing a faster implementation... - eval 'func_split_equals () - { - $debug_cmd - - func_split_equals_lhs=${1%%=*} - func_split_equals_rhs=${1#*=} - test "x$func_split_equals_lhs" = "x$1" \ - && func_split_equals_rhs= - }' -else - # ...otherwise fall back to using expr, which is often a shell builtin. - func_split_equals () - { - $debug_cmd - - func_split_equals_lhs=`expr "x$1" : 'x\([^=]*\)'` - func_split_equals_rhs= - test "x$func_split_equals_lhs" = "x$1" \ - || func_split_equals_rhs=`expr "x$1" : 'x[^=]*=\(.*\)$'` - } -fi #func_split_equals - - -# func_split_short_opt SHORTOPT -# ----------------------------- -# Set func_split_short_opt_name and func_split_short_opt_arg shell -# variables after splitting SHORTOPT after the 2nd character. -if test yes = "$_G_HAVE_XSI_OPS" -then - # This is an XSI compatible shell, allowing a faster implementation... - eval 'func_split_short_opt () - { - $debug_cmd - - func_split_short_opt_arg=${1#??} - func_split_short_opt_name=${1%"$func_split_short_opt_arg"} - }' -else - # ...otherwise fall back to using expr, which is often a shell builtin. - func_split_short_opt () - { - $debug_cmd - - func_split_short_opt_name=`expr "x$1" : 'x-\(.\)'` - func_split_short_opt_arg=`expr "x$1" : 'x-.\(.*\)$'` - } -fi #func_split_short_opt - - -# func_usage -# ---------- -# Echo short help message to standard output and exit. -func_usage () -{ - $debug_cmd - - func_usage_message - $ECHO "Run '$progname --help |${PAGER-more}' for full usage" - exit 0 -} - - -# func_usage_message -# ------------------ -# Echo short help message to standard output. -func_usage_message () -{ - $debug_cmd - - eval \$ECHO \""Usage: $usage"\" - echo - $SED -n 's|^# || - /^Written by/{ - x;p;x - } - h - /^Written by/q' < "$progpath" - echo - eval \$ECHO \""$usage_message"\" -} - - -# func_version -# ------------ -# Echo version message to standard output and exit. -func_version () -{ - $debug_cmd - - printf '%s\n' "$progname $scriptversion" - $SED -n ' - /(C)/!b go - :more - /\./!{ - N - s|\n# | | - b more - } - :go - /^# Written by /,/# warranty; / { - s|^# || - s|^# *$|| - s|\((C)\)[ 0-9,-]*[ ,-]\([1-9][0-9]* \)|\1 \2| - p - } - /^# Written by / { - s|^# || - p - } - /^warranty; /q' < "$progpath" - - exit $? -} - - -# Local variables: -# mode: shell-script -# sh-indentation: 2 -# eval: (add-hook 'before-save-hook 'time-stamp) -# time-stamp-pattern: "10/scriptversion=%:y-%02m-%02d.%02H; # UTC" -# time-stamp-time-zone: "UTC" -# End: - -# Set a version string. -scriptversion='(GNU libtool) 2.4.6' - - -# func_echo ARG... -# ---------------- -# Libtool also displays the current mode in messages, so override -# funclib.sh func_echo with this custom definition. -func_echo () -{ - $debug_cmd - - _G_message=$* - - func_echo_IFS=$IFS - IFS=$nl - for _G_line in $_G_message; do - IFS=$func_echo_IFS - $ECHO "$progname${opt_mode+: $opt_mode}: $_G_line" - done - IFS=$func_echo_IFS -} - - -# func_warning ARG... -# ------------------- -# Libtool warnings are not categorized, so override funclib.sh -# func_warning with this simpler definition. -func_warning () -{ - $debug_cmd - - $warning_func ${1+"$@"} -} - - -## ---------------- ## -## Options parsing. ## -## ---------------- ## - -# Hook in the functions to make sure our own options are parsed during -# the option parsing loop. - -usage='$progpath [OPTION]... [MODE-ARG]...' - -# Short help message in response to '-h'. -usage_message="Options: - --config show all configuration variables - --debug enable verbose shell tracing - -n, --dry-run display commands without modifying any files - --features display basic configuration information and exit - --mode=MODE use operation mode MODE - --no-warnings equivalent to '-Wnone' - --preserve-dup-deps don't remove duplicate dependency libraries - --quiet, --silent don't print informational messages - --tag=TAG use configuration variables from tag TAG - -v, --verbose print more informational messages than default - --version print version information - -W, --warnings=CATEGORY report the warnings falling in CATEGORY [all] - -h, --help, --help-all print short, long, or detailed help message -" - -# Additional text appended to 'usage_message' in response to '--help'. -func_help () -{ - $debug_cmd - - func_usage_message - $ECHO "$long_help_message - -MODE must be one of the following: - - clean remove files from the build directory - compile compile a source file into a libtool object - execute automatically set library path, then run a program - finish complete the installation of libtool libraries - install install libraries or executables - link create a library or an executable - uninstall remove libraries from an installed directory - -MODE-ARGS vary depending on the MODE. When passed as first option, -'--mode=MODE' may be abbreviated as 'MODE' or a unique abbreviation of that. -Try '$progname --help --mode=MODE' for a more detailed description of MODE. - -When reporting a bug, please describe a test case to reproduce it and -include the following information: - - host-triplet: $host - shell: $SHELL - compiler: $LTCC - compiler flags: $LTCFLAGS - linker: $LD (gnu? $with_gnu_ld) - version: $progname (GNU libtool) 2.4.6 - automake: `($AUTOMAKE --version) 2>/dev/null |$SED 1q` - autoconf: `($AUTOCONF --version) 2>/dev/null |$SED 1q` - -Report bugs to . -GNU libtool home page: . -General help using GNU software: ." - exit 0 -} - - -# func_lo2o OBJECT-NAME -# --------------------- -# Transform OBJECT-NAME from a '.lo' suffix to the platform specific -# object suffix. - -lo2o=s/\\.lo\$/.$objext/ -o2lo=s/\\.$objext\$/.lo/ - -if test yes = "$_G_HAVE_XSI_OPS"; then - eval 'func_lo2o () - { - case $1 in - *.lo) func_lo2o_result=${1%.lo}.$objext ;; - * ) func_lo2o_result=$1 ;; - esac - }' - - # func_xform LIBOBJ-OR-SOURCE - # --------------------------- - # Transform LIBOBJ-OR-SOURCE from a '.o' or '.c' (or otherwise) - # suffix to a '.lo' libtool-object suffix. - eval 'func_xform () - { - func_xform_result=${1%.*}.lo - }' -else - # ...otherwise fall back to using sed. - func_lo2o () - { - func_lo2o_result=`$ECHO "$1" | $SED "$lo2o"` - } - - func_xform () - { - func_xform_result=`$ECHO "$1" | $SED 's|\.[^.]*$|.lo|'` - } -fi - - -# func_fatal_configuration ARG... -# ------------------------------- -# Echo program name prefixed message to standard error, followed by -# a configuration failure hint, and exit. -func_fatal_configuration () -{ - func__fatal_error ${1+"$@"} \ - "See the $PACKAGE documentation for more information." \ - "Fatal configuration error." -} - - -# func_config -# ----------- -# Display the configuration for all the tags in this script. -func_config () -{ - re_begincf='^# ### BEGIN LIBTOOL' - re_endcf='^# ### END LIBTOOL' - - # Default configuration. - $SED "1,/$re_begincf CONFIG/d;/$re_endcf CONFIG/,\$d" < "$progpath" - - # Now print the configurations for the tags. - for tagname in $taglist; do - $SED -n "/$re_begincf TAG CONFIG: $tagname\$/,/$re_endcf TAG CONFIG: $tagname\$/p" < "$progpath" - done - - exit $? -} - - -# func_features -# ------------- -# Display the features supported by this script. -func_features () -{ - echo "host: $host" - if test yes = "$build_libtool_libs"; then - echo "enable shared libraries" - else - echo "disable shared libraries" - fi - if test yes = "$build_old_libs"; then - echo "enable static libraries" - else - echo "disable static libraries" - fi - - exit $? -} - - -# func_enable_tag TAGNAME -# ----------------------- -# Verify that TAGNAME is valid, and either flag an error and exit, or -# enable the TAGNAME tag. We also add TAGNAME to the global $taglist -# variable here. -func_enable_tag () -{ - # Global variable: - tagname=$1 - - re_begincf="^# ### BEGIN LIBTOOL TAG CONFIG: $tagname\$" - re_endcf="^# ### END LIBTOOL TAG CONFIG: $tagname\$" - sed_extractcf=/$re_begincf/,/$re_endcf/p - - # Validate tagname. - case $tagname in - *[!-_A-Za-z0-9,/]*) - func_fatal_error "invalid tag name: $tagname" - ;; - esac - - # Don't test for the "default" C tag, as we know it's - # there but not specially marked. - case $tagname in - CC) ;; - *) - if $GREP "$re_begincf" "$progpath" >/dev/null 2>&1; then - taglist="$taglist $tagname" - - # Evaluate the configuration. Be careful to quote the path - # and the sed script, to avoid splitting on whitespace, but - # also don't use non-portable quotes within backquotes within - # quotes we have to do it in 2 steps: - extractedcf=`$SED -n -e "$sed_extractcf" < "$progpath"` - eval "$extractedcf" - else - func_error "ignoring unknown tag $tagname" - fi - ;; - esac -} - - -# func_check_version_match -# ------------------------ -# Ensure that we are using m4 macros, and libtool script from the same -# release of libtool. -func_check_version_match () -{ - if test "$package_revision" != "$macro_revision"; then - if test "$VERSION" != "$macro_version"; then - if test -z "$macro_version"; then - cat >&2 <<_LT_EOF -$progname: Version mismatch error. This is $PACKAGE $VERSION, but the -$progname: definition of this LT_INIT comes from an older release. -$progname: You should recreate aclocal.m4 with macros from $PACKAGE $VERSION -$progname: and run autoconf again. -_LT_EOF - else - cat >&2 <<_LT_EOF -$progname: Version mismatch error. This is $PACKAGE $VERSION, but the -$progname: definition of this LT_INIT comes from $PACKAGE $macro_version. -$progname: You should recreate aclocal.m4 with macros from $PACKAGE $VERSION -$progname: and run autoconf again. -_LT_EOF - fi - else - cat >&2 <<_LT_EOF -$progname: Version mismatch error. This is $PACKAGE $VERSION, revision $package_revision, -$progname: but the definition of this LT_INIT comes from revision $macro_revision. -$progname: You should recreate aclocal.m4 with macros from revision $package_revision -$progname: of $PACKAGE $VERSION and run autoconf again. -_LT_EOF - fi - - exit $EXIT_MISMATCH - fi -} - - -# libtool_options_prep [ARG]... -# ----------------------------- -# Preparation for options parsed by libtool. -libtool_options_prep () -{ - $debug_mode - - # Option defaults: - opt_config=false - opt_dlopen= - opt_dry_run=false - opt_help=false - opt_mode= - opt_preserve_dup_deps=false - opt_quiet=false - - nonopt= - preserve_args= - - # Shorthand for --mode=foo, only valid as the first argument - case $1 in - clean|clea|cle|cl) - shift; set dummy --mode clean ${1+"$@"}; shift - ;; - compile|compil|compi|comp|com|co|c) - shift; set dummy --mode compile ${1+"$@"}; shift - ;; - execute|execut|execu|exec|exe|ex|e) - shift; set dummy --mode execute ${1+"$@"}; shift - ;; - finish|finis|fini|fin|fi|f) - shift; set dummy --mode finish ${1+"$@"}; shift - ;; - install|instal|insta|inst|ins|in|i) - shift; set dummy --mode install ${1+"$@"}; shift - ;; - link|lin|li|l) - shift; set dummy --mode link ${1+"$@"}; shift - ;; - uninstall|uninstal|uninsta|uninst|unins|unin|uni|un|u) - shift; set dummy --mode uninstall ${1+"$@"}; shift - ;; - esac - - # Pass back the list of options. - func_quote_for_eval ${1+"$@"} - libtool_options_prep_result=$func_quote_for_eval_result -} -func_add_hook func_options_prep libtool_options_prep - - -# libtool_parse_options [ARG]... -# --------------------------------- -# Provide handling for libtool specific options. -libtool_parse_options () -{ - $debug_cmd - - # Perform our own loop to consume as many options as possible in - # each iteration. - while test $# -gt 0; do - _G_opt=$1 - shift - case $_G_opt in - --dry-run|--dryrun|-n) - opt_dry_run=: - ;; - - --config) func_config ;; - - --dlopen|-dlopen) - opt_dlopen="${opt_dlopen+$opt_dlopen -}$1" - shift - ;; - - --preserve-dup-deps) - opt_preserve_dup_deps=: ;; - - --features) func_features ;; - - --finish) set dummy --mode finish ${1+"$@"}; shift ;; - - --help) opt_help=: ;; - - --help-all) opt_help=': help-all' ;; - - --mode) test $# = 0 && func_missing_arg $_G_opt && break - opt_mode=$1 - case $1 in - # Valid mode arguments: - clean|compile|execute|finish|install|link|relink|uninstall) ;; - - # Catch anything else as an error - *) func_error "invalid argument for $_G_opt" - exit_cmd=exit - break - ;; - esac - shift - ;; - - --no-silent|--no-quiet) - opt_quiet=false - func_append preserve_args " $_G_opt" - ;; - - --no-warnings|--no-warning|--no-warn) - opt_warning=false - func_append preserve_args " $_G_opt" - ;; - - --no-verbose) - opt_verbose=false - func_append preserve_args " $_G_opt" - ;; - - --silent|--quiet) - opt_quiet=: - opt_verbose=false - func_append preserve_args " $_G_opt" - ;; - - --tag) test $# = 0 && func_missing_arg $_G_opt && break - opt_tag=$1 - func_append preserve_args " $_G_opt $1" - func_enable_tag "$1" - shift - ;; - - --verbose|-v) opt_quiet=false - opt_verbose=: - func_append preserve_args " $_G_opt" - ;; - - # An option not handled by this hook function: - *) set dummy "$_G_opt" ${1+"$@"}; shift; break ;; - esac - done - - - # save modified positional parameters for caller - func_quote_for_eval ${1+"$@"} - libtool_parse_options_result=$func_quote_for_eval_result -} -func_add_hook func_parse_options libtool_parse_options - - - -# libtool_validate_options [ARG]... -# --------------------------------- -# Perform any sanity checks on option settings and/or unconsumed -# arguments. -libtool_validate_options () -{ - # save first non-option argument - if test 0 -lt $#; then - nonopt=$1 - shift - fi - - # preserve --debug - test : = "$debug_cmd" || func_append preserve_args " --debug" - - case $host in - # Solaris2 added to fix http://debbugs.gnu.org/cgi/bugreport.cgi?bug=16452 - # see also: http://gcc.gnu.org/bugzilla/show_bug.cgi?id=59788 - *cygwin* | *mingw* | *pw32* | *cegcc* | *solaris2* | *os2*) - # don't eliminate duplications in $postdeps and $predeps - opt_duplicate_compiler_generated_deps=: - ;; - *) - opt_duplicate_compiler_generated_deps=$opt_preserve_dup_deps - ;; - esac - - $opt_help || { - # Sanity checks first: - func_check_version_match - - test yes != "$build_libtool_libs" \ - && test yes != "$build_old_libs" \ - && func_fatal_configuration "not configured to build any kind of library" - - # Darwin sucks - eval std_shrext=\"$shrext_cmds\" - - # Only execute mode is allowed to have -dlopen flags. - if test -n "$opt_dlopen" && test execute != "$opt_mode"; then - func_error "unrecognized option '-dlopen'" - $ECHO "$help" 1>&2 - exit $EXIT_FAILURE - fi - - # Change the help message to a mode-specific one. - generic_help=$help - help="Try '$progname --help --mode=$opt_mode' for more information." - } - - # Pass back the unparsed argument list - func_quote_for_eval ${1+"$@"} - libtool_validate_options_result=$func_quote_for_eval_result -} -func_add_hook func_validate_options libtool_validate_options - - -# Process options as early as possible so that --help and --version -# can return quickly. -func_options ${1+"$@"} -eval set dummy "$func_options_result"; shift - - - -## ----------- ## -## Main. ## -## ----------- ## - -magic='%%%MAGIC variable%%%' -magic_exe='%%%MAGIC EXE variable%%%' - -# Global variables. -extracted_archives= -extracted_serial=0 - -# If this variable is set in any of the actions, the command in it -# will be execed at the end. This prevents here-documents from being -# left over by shells. -exec_cmd= - - -# A function that is used when there is no print builtin or printf. -func_fallback_echo () -{ - eval 'cat <<_LTECHO_EOF -$1 -_LTECHO_EOF' -} - -# func_generated_by_libtool -# True iff stdin has been generated by Libtool. This function is only -# a basic sanity check; it will hardly flush out determined imposters. -func_generated_by_libtool_p () -{ - $GREP "^# Generated by .*$PACKAGE" > /dev/null 2>&1 -} - -# func_lalib_p file -# True iff FILE is a libtool '.la' library or '.lo' object file. -# This function is only a basic sanity check; it will hardly flush out -# determined imposters. -func_lalib_p () -{ - test -f "$1" && - $SED -e 4q "$1" 2>/dev/null | func_generated_by_libtool_p -} - -# func_lalib_unsafe_p file -# True iff FILE is a libtool '.la' library or '.lo' object file. -# This function implements the same check as func_lalib_p without -# resorting to external programs. To this end, it redirects stdin and -# closes it afterwards, without saving the original file descriptor. -# As a safety measure, use it only where a negative result would be -# fatal anyway. Works if 'file' does not exist. -func_lalib_unsafe_p () -{ - lalib_p=no - if test -f "$1" && test -r "$1" && exec 5<&0 <"$1"; then - for lalib_p_l in 1 2 3 4 - do - read lalib_p_line - case $lalib_p_line in - \#\ Generated\ by\ *$PACKAGE* ) lalib_p=yes; break;; - esac - done - exec 0<&5 5<&- - fi - test yes = "$lalib_p" -} - -# func_ltwrapper_script_p file -# True iff FILE is a libtool wrapper script -# This function is only a basic sanity check; it will hardly flush out -# determined imposters. -func_ltwrapper_script_p () -{ - test -f "$1" && - $lt_truncate_bin < "$1" 2>/dev/null | func_generated_by_libtool_p -} - -# func_ltwrapper_executable_p file -# True iff FILE is a libtool wrapper executable -# This function is only a basic sanity check; it will hardly flush out -# determined imposters. -func_ltwrapper_executable_p () -{ - func_ltwrapper_exec_suffix= - case $1 in - *.exe) ;; - *) func_ltwrapper_exec_suffix=.exe ;; - esac - $GREP "$magic_exe" "$1$func_ltwrapper_exec_suffix" >/dev/null 2>&1 -} - -# func_ltwrapper_scriptname file -# Assumes file is an ltwrapper_executable -# uses $file to determine the appropriate filename for a -# temporary ltwrapper_script. -func_ltwrapper_scriptname () -{ - func_dirname_and_basename "$1" "" "." - func_stripname '' '.exe' "$func_basename_result" - func_ltwrapper_scriptname_result=$func_dirname_result/$objdir/${func_stripname_result}_ltshwrapper -} - -# func_ltwrapper_p file -# True iff FILE is a libtool wrapper script or wrapper executable -# This function is only a basic sanity check; it will hardly flush out -# determined imposters. -func_ltwrapper_p () -{ - func_ltwrapper_script_p "$1" || func_ltwrapper_executable_p "$1" -} - - -# func_execute_cmds commands fail_cmd -# Execute tilde-delimited COMMANDS. -# If FAIL_CMD is given, eval that upon failure. -# FAIL_CMD may read-access the current command in variable CMD! -func_execute_cmds () -{ - $debug_cmd - - save_ifs=$IFS; IFS='~' - for cmd in $1; do - IFS=$sp$nl - eval cmd=\"$cmd\" - IFS=$save_ifs - func_show_eval "$cmd" "${2-:}" - done - IFS=$save_ifs -} - - -# func_source file -# Source FILE, adding directory component if necessary. -# Note that it is not necessary on cygwin/mingw to append a dot to -# FILE even if both FILE and FILE.exe exist: automatic-append-.exe -# behavior happens only for exec(3), not for open(2)! Also, sourcing -# 'FILE.' does not work on cygwin managed mounts. -func_source () -{ - $debug_cmd - - case $1 in - */* | *\\*) . "$1" ;; - *) . "./$1" ;; - esac -} - - -# func_resolve_sysroot PATH -# Replace a leading = in PATH with a sysroot. Store the result into -# func_resolve_sysroot_result -func_resolve_sysroot () -{ - func_resolve_sysroot_result=$1 - case $func_resolve_sysroot_result in - =*) - func_stripname '=' '' "$func_resolve_sysroot_result" - func_resolve_sysroot_result=$lt_sysroot$func_stripname_result - ;; - esac -} - -# func_replace_sysroot PATH -# If PATH begins with the sysroot, replace it with = and -# store the result into func_replace_sysroot_result. -func_replace_sysroot () -{ - case $lt_sysroot:$1 in - ?*:"$lt_sysroot"*) - func_stripname "$lt_sysroot" '' "$1" - func_replace_sysroot_result='='$func_stripname_result - ;; - *) - # Including no sysroot. - func_replace_sysroot_result=$1 - ;; - esac -} - -# func_infer_tag arg -# Infer tagged configuration to use if any are available and -# if one wasn't chosen via the "--tag" command line option. -# Only attempt this if the compiler in the base compile -# command doesn't match the default compiler. -# arg is usually of the form 'gcc ...' -func_infer_tag () -{ - $debug_cmd - - if test -n "$available_tags" && test -z "$tagname"; then - CC_quoted= - for arg in $CC; do - func_append_quoted CC_quoted "$arg" - done - CC_expanded=`func_echo_all $CC` - CC_quoted_expanded=`func_echo_all $CC_quoted` - case $@ in - # Blanks in the command may have been stripped by the calling shell, - # but not from the CC environment variable when configure was run. - " $CC "* | "$CC "* | " $CC_expanded "* | "$CC_expanded "* | \ - " $CC_quoted"* | "$CC_quoted "* | " $CC_quoted_expanded "* | "$CC_quoted_expanded "*) ;; - # Blanks at the start of $base_compile will cause this to fail - # if we don't check for them as well. - *) - for z in $available_tags; do - if $GREP "^# ### BEGIN LIBTOOL TAG CONFIG: $z$" < "$progpath" > /dev/null; then - # Evaluate the configuration. - eval "`$SED -n -e '/^# ### BEGIN LIBTOOL TAG CONFIG: '$z'$/,/^# ### END LIBTOOL TAG CONFIG: '$z'$/p' < $progpath`" - CC_quoted= - for arg in $CC; do - # Double-quote args containing other shell metacharacters. - func_append_quoted CC_quoted "$arg" - done - CC_expanded=`func_echo_all $CC` - CC_quoted_expanded=`func_echo_all $CC_quoted` - case "$@ " in - " $CC "* | "$CC "* | " $CC_expanded "* | "$CC_expanded "* | \ - " $CC_quoted"* | "$CC_quoted "* | " $CC_quoted_expanded "* | "$CC_quoted_expanded "*) - # The compiler in the base compile command matches - # the one in the tagged configuration. - # Assume this is the tagged configuration we want. - tagname=$z - break - ;; - esac - fi - done - # If $tagname still isn't set, then no tagged configuration - # was found and let the user know that the "--tag" command - # line option must be used. - if test -z "$tagname"; then - func_echo "unable to infer tagged configuration" - func_fatal_error "specify a tag with '--tag'" -# else -# func_verbose "using $tagname tagged configuration" - fi - ;; - esac - fi -} - - - -# func_write_libtool_object output_name pic_name nonpic_name -# Create a libtool object file (analogous to a ".la" file), -# but don't create it if we're doing a dry run. -func_write_libtool_object () -{ - write_libobj=$1 - if test yes = "$build_libtool_libs"; then - write_lobj=\'$2\' - else - write_lobj=none - fi - - if test yes = "$build_old_libs"; then - write_oldobj=\'$3\' - else - write_oldobj=none - fi - - $opt_dry_run || { - cat >${write_libobj}T </dev/null` - if test "$?" -eq 0 && test -n "$func_convert_core_file_wine_to_w32_tmp"; then - func_convert_core_file_wine_to_w32_result=`$ECHO "$func_convert_core_file_wine_to_w32_tmp" | - $SED -e "$sed_naive_backslashify"` - else - func_convert_core_file_wine_to_w32_result= - fi - fi -} -# end: func_convert_core_file_wine_to_w32 - - -# func_convert_core_path_wine_to_w32 ARG -# Helper function used by path conversion functions when $build is *nix, and -# $host is mingw, cygwin, or some other w32 environment. Relies on a correctly -# configured wine environment available, with the winepath program in $build's -# $PATH. Assumes ARG has no leading or trailing path separator characters. -# -# ARG is path to be converted from $build format to win32. -# Result is available in $func_convert_core_path_wine_to_w32_result. -# Unconvertible file (directory) names in ARG are skipped; if no directory names -# are convertible, then the result may be empty. -func_convert_core_path_wine_to_w32 () -{ - $debug_cmd - - # unfortunately, winepath doesn't convert paths, only file names - func_convert_core_path_wine_to_w32_result= - if test -n "$1"; then - oldIFS=$IFS - IFS=: - for func_convert_core_path_wine_to_w32_f in $1; do - IFS=$oldIFS - func_convert_core_file_wine_to_w32 "$func_convert_core_path_wine_to_w32_f" - if test -n "$func_convert_core_file_wine_to_w32_result"; then - if test -z "$func_convert_core_path_wine_to_w32_result"; then - func_convert_core_path_wine_to_w32_result=$func_convert_core_file_wine_to_w32_result - else - func_append func_convert_core_path_wine_to_w32_result ";$func_convert_core_file_wine_to_w32_result" - fi - fi - done - IFS=$oldIFS - fi -} -# end: func_convert_core_path_wine_to_w32 - - -# func_cygpath ARGS... -# Wrapper around calling the cygpath program via LT_CYGPATH. This is used when -# when (1) $build is *nix and Cygwin is hosted via a wine environment; or (2) -# $build is MSYS and $host is Cygwin, or (3) $build is Cygwin. In case (1) or -# (2), returns the Cygwin file name or path in func_cygpath_result (input -# file name or path is assumed to be in w32 format, as previously converted -# from $build's *nix or MSYS format). In case (3), returns the w32 file name -# or path in func_cygpath_result (input file name or path is assumed to be in -# Cygwin format). Returns an empty string on error. -# -# ARGS are passed to cygpath, with the last one being the file name or path to -# be converted. -# -# Specify the absolute *nix (or w32) name to cygpath in the LT_CYGPATH -# environment variable; do not put it in $PATH. -func_cygpath () -{ - $debug_cmd - - if test -n "$LT_CYGPATH" && test -f "$LT_CYGPATH"; then - func_cygpath_result=`$LT_CYGPATH "$@" 2>/dev/null` - if test "$?" -ne 0; then - # on failure, ensure result is empty - func_cygpath_result= - fi - else - func_cygpath_result= - func_error "LT_CYGPATH is empty or specifies non-existent file: '$LT_CYGPATH'" - fi -} -#end: func_cygpath - - -# func_convert_core_msys_to_w32 ARG -# Convert file name or path ARG from MSYS format to w32 format. Return -# result in func_convert_core_msys_to_w32_result. -func_convert_core_msys_to_w32 () -{ - $debug_cmd - - # awkward: cmd appends spaces to result - func_convert_core_msys_to_w32_result=`( cmd //c echo "$1" ) 2>/dev/null | - $SED -e 's/[ ]*$//' -e "$sed_naive_backslashify"` -} -#end: func_convert_core_msys_to_w32 - - -# func_convert_file_check ARG1 ARG2 -# Verify that ARG1 (a file name in $build format) was converted to $host -# format in ARG2. Otherwise, emit an error message, but continue (resetting -# func_to_host_file_result to ARG1). -func_convert_file_check () -{ - $debug_cmd - - if test -z "$2" && test -n "$1"; then - func_error "Could not determine host file name corresponding to" - func_error " '$1'" - func_error "Continuing, but uninstalled executables may not work." - # Fallback: - func_to_host_file_result=$1 - fi -} -# end func_convert_file_check - - -# func_convert_path_check FROM_PATHSEP TO_PATHSEP FROM_PATH TO_PATH -# Verify that FROM_PATH (a path in $build format) was converted to $host -# format in TO_PATH. Otherwise, emit an error message, but continue, resetting -# func_to_host_file_result to a simplistic fallback value (see below). -func_convert_path_check () -{ - $debug_cmd - - if test -z "$4" && test -n "$3"; then - func_error "Could not determine the host path corresponding to" - func_error " '$3'" - func_error "Continuing, but uninstalled executables may not work." - # Fallback. This is a deliberately simplistic "conversion" and - # should not be "improved". See libtool.info. - if test "x$1" != "x$2"; then - lt_replace_pathsep_chars="s|$1|$2|g" - func_to_host_path_result=`echo "$3" | - $SED -e "$lt_replace_pathsep_chars"` - else - func_to_host_path_result=$3 - fi - fi -} -# end func_convert_path_check - - -# func_convert_path_front_back_pathsep FRONTPAT BACKPAT REPL ORIG -# Modifies func_to_host_path_result by prepending REPL if ORIG matches FRONTPAT -# and appending REPL if ORIG matches BACKPAT. -func_convert_path_front_back_pathsep () -{ - $debug_cmd - - case $4 in - $1 ) func_to_host_path_result=$3$func_to_host_path_result - ;; - esac - case $4 in - $2 ) func_append func_to_host_path_result "$3" - ;; - esac -} -# end func_convert_path_front_back_pathsep - - -################################################## -# $build to $host FILE NAME CONVERSION FUNCTIONS # -################################################## -# invoked via '$to_host_file_cmd ARG' -# -# In each case, ARG is the path to be converted from $build to $host format. -# Result will be available in $func_to_host_file_result. - - -# func_to_host_file ARG -# Converts the file name ARG from $build format to $host format. Return result -# in func_to_host_file_result. -func_to_host_file () -{ - $debug_cmd - - $to_host_file_cmd "$1" -} -# end func_to_host_file - - -# func_to_tool_file ARG LAZY -# converts the file name ARG from $build format to toolchain format. Return -# result in func_to_tool_file_result. If the conversion in use is listed -# in (the comma separated) LAZY, no conversion takes place. -func_to_tool_file () -{ - $debug_cmd - - case ,$2, in - *,"$to_tool_file_cmd",*) - func_to_tool_file_result=$1 - ;; - *) - $to_tool_file_cmd "$1" - func_to_tool_file_result=$func_to_host_file_result - ;; - esac -} -# end func_to_tool_file - - -# func_convert_file_noop ARG -# Copy ARG to func_to_host_file_result. -func_convert_file_noop () -{ - func_to_host_file_result=$1 -} -# end func_convert_file_noop - - -# func_convert_file_msys_to_w32 ARG -# Convert file name ARG from (mingw) MSYS to (mingw) w32 format; automatic -# conversion to w32 is not available inside the cwrapper. Returns result in -# func_to_host_file_result. -func_convert_file_msys_to_w32 () -{ - $debug_cmd - - func_to_host_file_result=$1 - if test -n "$1"; then - func_convert_core_msys_to_w32 "$1" - func_to_host_file_result=$func_convert_core_msys_to_w32_result - fi - func_convert_file_check "$1" "$func_to_host_file_result" -} -# end func_convert_file_msys_to_w32 - - -# func_convert_file_cygwin_to_w32 ARG -# Convert file name ARG from Cygwin to w32 format. Returns result in -# func_to_host_file_result. -func_convert_file_cygwin_to_w32 () -{ - $debug_cmd - - func_to_host_file_result=$1 - if test -n "$1"; then - # because $build is cygwin, we call "the" cygpath in $PATH; no need to use - # LT_CYGPATH in this case. - func_to_host_file_result=`cygpath -m "$1"` - fi - func_convert_file_check "$1" "$func_to_host_file_result" -} -# end func_convert_file_cygwin_to_w32 - - -# func_convert_file_nix_to_w32 ARG -# Convert file name ARG from *nix to w32 format. Requires a wine environment -# and a working winepath. Returns result in func_to_host_file_result. -func_convert_file_nix_to_w32 () -{ - $debug_cmd - - func_to_host_file_result=$1 - if test -n "$1"; then - func_convert_core_file_wine_to_w32 "$1" - func_to_host_file_result=$func_convert_core_file_wine_to_w32_result - fi - func_convert_file_check "$1" "$func_to_host_file_result" -} -# end func_convert_file_nix_to_w32 - - -# func_convert_file_msys_to_cygwin ARG -# Convert file name ARG from MSYS to Cygwin format. Requires LT_CYGPATH set. -# Returns result in func_to_host_file_result. -func_convert_file_msys_to_cygwin () -{ - $debug_cmd - - func_to_host_file_result=$1 - if test -n "$1"; then - func_convert_core_msys_to_w32 "$1" - func_cygpath -u "$func_convert_core_msys_to_w32_result" - func_to_host_file_result=$func_cygpath_result - fi - func_convert_file_check "$1" "$func_to_host_file_result" -} -# end func_convert_file_msys_to_cygwin - - -# func_convert_file_nix_to_cygwin ARG -# Convert file name ARG from *nix to Cygwin format. Requires Cygwin installed -# in a wine environment, working winepath, and LT_CYGPATH set. Returns result -# in func_to_host_file_result. -func_convert_file_nix_to_cygwin () -{ - $debug_cmd - - func_to_host_file_result=$1 - if test -n "$1"; then - # convert from *nix to w32, then use cygpath to convert from w32 to cygwin. - func_convert_core_file_wine_to_w32 "$1" - func_cygpath -u "$func_convert_core_file_wine_to_w32_result" - func_to_host_file_result=$func_cygpath_result - fi - func_convert_file_check "$1" "$func_to_host_file_result" -} -# end func_convert_file_nix_to_cygwin - - -############################################# -# $build to $host PATH CONVERSION FUNCTIONS # -############################################# -# invoked via '$to_host_path_cmd ARG' -# -# In each case, ARG is the path to be converted from $build to $host format. -# The result will be available in $func_to_host_path_result. -# -# Path separators are also converted from $build format to $host format. If -# ARG begins or ends with a path separator character, it is preserved (but -# converted to $host format) on output. -# -# All path conversion functions are named using the following convention: -# file name conversion function : func_convert_file_X_to_Y () -# path conversion function : func_convert_path_X_to_Y () -# where, for any given $build/$host combination the 'X_to_Y' value is the -# same. If conversion functions are added for new $build/$host combinations, -# the two new functions must follow this pattern, or func_init_to_host_path_cmd -# will break. - - -# func_init_to_host_path_cmd -# Ensures that function "pointer" variable $to_host_path_cmd is set to the -# appropriate value, based on the value of $to_host_file_cmd. -to_host_path_cmd= -func_init_to_host_path_cmd () -{ - $debug_cmd - - if test -z "$to_host_path_cmd"; then - func_stripname 'func_convert_file_' '' "$to_host_file_cmd" - to_host_path_cmd=func_convert_path_$func_stripname_result - fi -} - - -# func_to_host_path ARG -# Converts the path ARG from $build format to $host format. Return result -# in func_to_host_path_result. -func_to_host_path () -{ - $debug_cmd - - func_init_to_host_path_cmd - $to_host_path_cmd "$1" -} -# end func_to_host_path - - -# func_convert_path_noop ARG -# Copy ARG to func_to_host_path_result. -func_convert_path_noop () -{ - func_to_host_path_result=$1 -} -# end func_convert_path_noop - - -# func_convert_path_msys_to_w32 ARG -# Convert path ARG from (mingw) MSYS to (mingw) w32 format; automatic -# conversion to w32 is not available inside the cwrapper. Returns result in -# func_to_host_path_result. -func_convert_path_msys_to_w32 () -{ - $debug_cmd - - func_to_host_path_result=$1 - if test -n "$1"; then - # Remove leading and trailing path separator characters from ARG. MSYS - # behavior is inconsistent here; cygpath turns them into '.;' and ';.'; - # and winepath ignores them completely. - func_stripname : : "$1" - func_to_host_path_tmp1=$func_stripname_result - func_convert_core_msys_to_w32 "$func_to_host_path_tmp1" - func_to_host_path_result=$func_convert_core_msys_to_w32_result - func_convert_path_check : ";" \ - "$func_to_host_path_tmp1" "$func_to_host_path_result" - func_convert_path_front_back_pathsep ":*" "*:" ";" "$1" - fi -} -# end func_convert_path_msys_to_w32 - - -# func_convert_path_cygwin_to_w32 ARG -# Convert path ARG from Cygwin to w32 format. Returns result in -# func_to_host_file_result. -func_convert_path_cygwin_to_w32 () -{ - $debug_cmd - - func_to_host_path_result=$1 - if test -n "$1"; then - # See func_convert_path_msys_to_w32: - func_stripname : : "$1" - func_to_host_path_tmp1=$func_stripname_result - func_to_host_path_result=`cygpath -m -p "$func_to_host_path_tmp1"` - func_convert_path_check : ";" \ - "$func_to_host_path_tmp1" "$func_to_host_path_result" - func_convert_path_front_back_pathsep ":*" "*:" ";" "$1" - fi -} -# end func_convert_path_cygwin_to_w32 - - -# func_convert_path_nix_to_w32 ARG -# Convert path ARG from *nix to w32 format. Requires a wine environment and -# a working winepath. Returns result in func_to_host_file_result. -func_convert_path_nix_to_w32 () -{ - $debug_cmd - - func_to_host_path_result=$1 - if test -n "$1"; then - # See func_convert_path_msys_to_w32: - func_stripname : : "$1" - func_to_host_path_tmp1=$func_stripname_result - func_convert_core_path_wine_to_w32 "$func_to_host_path_tmp1" - func_to_host_path_result=$func_convert_core_path_wine_to_w32_result - func_convert_path_check : ";" \ - "$func_to_host_path_tmp1" "$func_to_host_path_result" - func_convert_path_front_back_pathsep ":*" "*:" ";" "$1" - fi -} -# end func_convert_path_nix_to_w32 - - -# func_convert_path_msys_to_cygwin ARG -# Convert path ARG from MSYS to Cygwin format. Requires LT_CYGPATH set. -# Returns result in func_to_host_file_result. -func_convert_path_msys_to_cygwin () -{ - $debug_cmd - - func_to_host_path_result=$1 - if test -n "$1"; then - # See func_convert_path_msys_to_w32: - func_stripname : : "$1" - func_to_host_path_tmp1=$func_stripname_result - func_convert_core_msys_to_w32 "$func_to_host_path_tmp1" - func_cygpath -u -p "$func_convert_core_msys_to_w32_result" - func_to_host_path_result=$func_cygpath_result - func_convert_path_check : : \ - "$func_to_host_path_tmp1" "$func_to_host_path_result" - func_convert_path_front_back_pathsep ":*" "*:" : "$1" - fi -} -# end func_convert_path_msys_to_cygwin - - -# func_convert_path_nix_to_cygwin ARG -# Convert path ARG from *nix to Cygwin format. Requires Cygwin installed in a -# a wine environment, working winepath, and LT_CYGPATH set. Returns result in -# func_to_host_file_result. -func_convert_path_nix_to_cygwin () -{ - $debug_cmd - - func_to_host_path_result=$1 - if test -n "$1"; then - # Remove leading and trailing path separator characters from - # ARG. msys behavior is inconsistent here, cygpath turns them - # into '.;' and ';.', and winepath ignores them completely. - func_stripname : : "$1" - func_to_host_path_tmp1=$func_stripname_result - func_convert_core_path_wine_to_w32 "$func_to_host_path_tmp1" - func_cygpath -u -p "$func_convert_core_path_wine_to_w32_result" - func_to_host_path_result=$func_cygpath_result - func_convert_path_check : : \ - "$func_to_host_path_tmp1" "$func_to_host_path_result" - func_convert_path_front_back_pathsep ":*" "*:" : "$1" - fi -} -# end func_convert_path_nix_to_cygwin - - -# func_dll_def_p FILE -# True iff FILE is a Windows DLL '.def' file. -# Keep in sync with _LT_DLL_DEF_P in libtool.m4 -func_dll_def_p () -{ - $debug_cmd - - func_dll_def_p_tmp=`$SED -n \ - -e 's/^[ ]*//' \ - -e '/^\(;.*\)*$/d' \ - -e 's/^\(EXPORTS\|LIBRARY\)\([ ].*\)*$/DEF/p' \ - -e q \ - "$1"` - test DEF = "$func_dll_def_p_tmp" -} - - -# func_mode_compile arg... -func_mode_compile () -{ - $debug_cmd - - # Get the compilation command and the source file. - base_compile= - srcfile=$nonopt # always keep a non-empty value in "srcfile" - suppress_opt=yes - suppress_output= - arg_mode=normal - libobj= - later= - pie_flag= - - for arg - do - case $arg_mode in - arg ) - # do not "continue". Instead, add this to base_compile - lastarg=$arg - arg_mode=normal - ;; - - target ) - libobj=$arg - arg_mode=normal - continue - ;; - - normal ) - # Accept any command-line options. - case $arg in - -o) - test -n "$libobj" && \ - func_fatal_error "you cannot specify '-o' more than once" - arg_mode=target - continue - ;; - - -pie | -fpie | -fPIE) - func_append pie_flag " $arg" - continue - ;; - - -shared | -static | -prefer-pic | -prefer-non-pic) - func_append later " $arg" - continue - ;; - - -no-suppress) - suppress_opt=no - continue - ;; - - -Xcompiler) - arg_mode=arg # the next one goes into the "base_compile" arg list - continue # The current "srcfile" will either be retained or - ;; # replaced later. I would guess that would be a bug. - - -Wc,*) - func_stripname '-Wc,' '' "$arg" - args=$func_stripname_result - lastarg= - save_ifs=$IFS; IFS=, - for arg in $args; do - IFS=$save_ifs - func_append_quoted lastarg "$arg" - done - IFS=$save_ifs - func_stripname ' ' '' "$lastarg" - lastarg=$func_stripname_result - - # Add the arguments to base_compile. - func_append base_compile " $lastarg" - continue - ;; - - *) - # Accept the current argument as the source file. - # The previous "srcfile" becomes the current argument. - # - lastarg=$srcfile - srcfile=$arg - ;; - esac # case $arg - ;; - esac # case $arg_mode - - # Aesthetically quote the previous argument. - func_append_quoted base_compile "$lastarg" - done # for arg - - case $arg_mode in - arg) - func_fatal_error "you must specify an argument for -Xcompile" - ;; - target) - func_fatal_error "you must specify a target with '-o'" - ;; - *) - # Get the name of the library object. - test -z "$libobj" && { - func_basename "$srcfile" - libobj=$func_basename_result - } - ;; - esac - - # Recognize several different file suffixes. - # If the user specifies -o file.o, it is replaced with file.lo - case $libobj in - *.[cCFSifmso] | \ - *.ada | *.adb | *.ads | *.asm | \ - *.c++ | *.cc | *.ii | *.class | *.cpp | *.cxx | \ - *.[fF][09]? | *.for | *.java | *.go | *.obj | *.sx | *.cu | *.cup) - func_xform "$libobj" - libobj=$func_xform_result - ;; - esac - - case $libobj in - *.lo) func_lo2o "$libobj"; obj=$func_lo2o_result ;; - *) - func_fatal_error "cannot determine name of library object from '$libobj'" - ;; - esac - - func_infer_tag $base_compile - - for arg in $later; do - case $arg in - -shared) - test yes = "$build_libtool_libs" \ - || func_fatal_configuration "cannot build a shared library" - build_old_libs=no - continue - ;; - - -static) - build_libtool_libs=no - build_old_libs=yes - continue - ;; - - -prefer-pic) - pic_mode=yes - continue - ;; - - -prefer-non-pic) - pic_mode=no - continue - ;; - esac - done - - func_quote_for_eval "$libobj" - test "X$libobj" != "X$func_quote_for_eval_result" \ - && $ECHO "X$libobj" | $GREP '[]~#^*{};<>?"'"'"' &()|`$[]' \ - && func_warning "libobj name '$libobj' may not contain shell special characters." - func_dirname_and_basename "$obj" "/" "" - objname=$func_basename_result - xdir=$func_dirname_result - lobj=$xdir$objdir/$objname - - test -z "$base_compile" && \ - func_fatal_help "you must specify a compilation command" - - # Delete any leftover library objects. - if test yes = "$build_old_libs"; then - removelist="$obj $lobj $libobj ${libobj}T" - else - removelist="$lobj $libobj ${libobj}T" - fi - - # On Cygwin there's no "real" PIC flag so we must build both object types - case $host_os in - cygwin* | mingw* | pw32* | os2* | cegcc*) - pic_mode=default - ;; - esac - if test no = "$pic_mode" && test pass_all != "$deplibs_check_method"; then - # non-PIC code in shared libraries is not supported - pic_mode=default - fi - - # Calculate the filename of the output object if compiler does - # not support -o with -c - if test no = "$compiler_c_o"; then - output_obj=`$ECHO "$srcfile" | $SED 's%^.*/%%; s%\.[^.]*$%%'`.$objext - lockfile=$output_obj.lock - else - output_obj= - need_locks=no - lockfile= - fi - - # Lock this critical section if it is needed - # We use this script file to make the link, it avoids creating a new file - if test yes = "$need_locks"; then - until $opt_dry_run || ln "$progpath" "$lockfile" 2>/dev/null; do - func_echo "Waiting for $lockfile to be removed" - sleep 2 - done - elif test warn = "$need_locks"; then - if test -f "$lockfile"; then - $ECHO "\ -*** ERROR, $lockfile exists and contains: -`cat $lockfile 2>/dev/null` - -This indicates that another process is trying to use the same -temporary object file, and libtool could not work around it because -your compiler does not support '-c' and '-o' together. If you -repeat this compilation, it may succeed, by chance, but you had better -avoid parallel builds (make -j) in this platform, or get a better -compiler." - - $opt_dry_run || $RM $removelist - exit $EXIT_FAILURE - fi - func_append removelist " $output_obj" - $ECHO "$srcfile" > "$lockfile" - fi - - $opt_dry_run || $RM $removelist - func_append removelist " $lockfile" - trap '$opt_dry_run || $RM $removelist; exit $EXIT_FAILURE' 1 2 15 - - func_to_tool_file "$srcfile" func_convert_file_msys_to_w32 - srcfile=$func_to_tool_file_result - func_quote_for_eval "$srcfile" - qsrcfile=$func_quote_for_eval_result - - # Only build a PIC object if we are building libtool libraries. - if test yes = "$build_libtool_libs"; then - # Without this assignment, base_compile gets emptied. - fbsd_hideous_sh_bug=$base_compile - - if test no != "$pic_mode"; then - command="$base_compile $qsrcfile $pic_flag" - else - # Don't build PIC code - command="$base_compile $qsrcfile" - fi - - func_mkdir_p "$xdir$objdir" - - if test -z "$output_obj"; then - # Place PIC objects in $objdir - func_append command " -o $lobj" - fi - - func_show_eval_locale "$command" \ - 'test -n "$output_obj" && $RM $removelist; exit $EXIT_FAILURE' - - if test warn = "$need_locks" && - test "X`cat $lockfile 2>/dev/null`" != "X$srcfile"; then - $ECHO "\ -*** ERROR, $lockfile contains: -`cat $lockfile 2>/dev/null` - -but it should contain: -$srcfile - -This indicates that another process is trying to use the same -temporary object file, and libtool could not work around it because -your compiler does not support '-c' and '-o' together. If you -repeat this compilation, it may succeed, by chance, but you had better -avoid parallel builds (make -j) in this platform, or get a better -compiler." - - $opt_dry_run || $RM $removelist - exit $EXIT_FAILURE - fi - - # Just move the object if needed, then go on to compile the next one - if test -n "$output_obj" && test "X$output_obj" != "X$lobj"; then - func_show_eval '$MV "$output_obj" "$lobj"' \ - 'error=$?; $opt_dry_run || $RM $removelist; exit $error' - fi - - # Allow error messages only from the first compilation. - if test yes = "$suppress_opt"; then - suppress_output=' >/dev/null 2>&1' - fi - fi - - # Only build a position-dependent object if we build old libraries. - if test yes = "$build_old_libs"; then - if test yes != "$pic_mode"; then - # Don't build PIC code - command="$base_compile $qsrcfile$pie_flag" - else - command="$base_compile $qsrcfile $pic_flag" - fi - if test yes = "$compiler_c_o"; then - func_append command " -o $obj" - fi - - # Suppress compiler output if we already did a PIC compilation. - func_append command "$suppress_output" - func_show_eval_locale "$command" \ - '$opt_dry_run || $RM $removelist; exit $EXIT_FAILURE' - - if test warn = "$need_locks" && - test "X`cat $lockfile 2>/dev/null`" != "X$srcfile"; then - $ECHO "\ -*** ERROR, $lockfile contains: -`cat $lockfile 2>/dev/null` - -but it should contain: -$srcfile - -This indicates that another process is trying to use the same -temporary object file, and libtool could not work around it because -your compiler does not support '-c' and '-o' together. If you -repeat this compilation, it may succeed, by chance, but you had better -avoid parallel builds (make -j) in this platform, or get a better -compiler." - - $opt_dry_run || $RM $removelist - exit $EXIT_FAILURE - fi - - # Just move the object if needed - if test -n "$output_obj" && test "X$output_obj" != "X$obj"; then - func_show_eval '$MV "$output_obj" "$obj"' \ - 'error=$?; $opt_dry_run || $RM $removelist; exit $error' - fi - fi - - $opt_dry_run || { - func_write_libtool_object "$libobj" "$objdir/$objname" "$objname" - - # Unlock the critical section if it was locked - if test no != "$need_locks"; then - removelist=$lockfile - $RM "$lockfile" - fi - } - - exit $EXIT_SUCCESS -} - -$opt_help || { - test compile = "$opt_mode" && func_mode_compile ${1+"$@"} -} - -func_mode_help () -{ - # We need to display help for each of the modes. - case $opt_mode in - "") - # Generic help is extracted from the usage comments - # at the start of this file. - func_help - ;; - - clean) - $ECHO \ -"Usage: $progname [OPTION]... --mode=clean RM [RM-OPTION]... FILE... - -Remove files from the build directory. - -RM is the name of the program to use to delete files associated with each FILE -(typically '/bin/rm'). RM-OPTIONS are options (such as '-f') to be passed -to RM. - -If FILE is a libtool library, object or program, all the files associated -with it are deleted. Otherwise, only FILE itself is deleted using RM." - ;; - - compile) - $ECHO \ -"Usage: $progname [OPTION]... --mode=compile COMPILE-COMMAND... SOURCEFILE - -Compile a source file into a libtool library object. - -This mode accepts the following additional options: - - -o OUTPUT-FILE set the output file name to OUTPUT-FILE - -no-suppress do not suppress compiler output for multiple passes - -prefer-pic try to build PIC objects only - -prefer-non-pic try to build non-PIC objects only - -shared do not build a '.o' file suitable for static linking - -static only build a '.o' file suitable for static linking - -Wc,FLAG pass FLAG directly to the compiler - -COMPILE-COMMAND is a command to be used in creating a 'standard' object file -from the given SOURCEFILE. - -The output file name is determined by removing the directory component from -SOURCEFILE, then substituting the C source code suffix '.c' with the -library object suffix, '.lo'." - ;; - - execute) - $ECHO \ -"Usage: $progname [OPTION]... --mode=execute COMMAND [ARGS]... - -Automatically set library path, then run a program. - -This mode accepts the following additional options: - - -dlopen FILE add the directory containing FILE to the library path - -This mode sets the library path environment variable according to '-dlopen' -flags. - -If any of the ARGS are libtool executable wrappers, then they are translated -into their corresponding uninstalled binary, and any of their required library -directories are added to the library path. - -Then, COMMAND is executed, with ARGS as arguments." - ;; - - finish) - $ECHO \ -"Usage: $progname [OPTION]... --mode=finish [LIBDIR]... - -Complete the installation of libtool libraries. - -Each LIBDIR is a directory that contains libtool libraries. - -The commands that this mode executes may require superuser privileges. Use -the '--dry-run' option if you just want to see what would be executed." - ;; - - install) - $ECHO \ -"Usage: $progname [OPTION]... --mode=install INSTALL-COMMAND... - -Install executables or libraries. - -INSTALL-COMMAND is the installation command. The first component should be -either the 'install' or 'cp' program. - -The following components of INSTALL-COMMAND are treated specially: - - -inst-prefix-dir PREFIX-DIR Use PREFIX-DIR as a staging area for installation - -The rest of the components are interpreted as arguments to that command (only -BSD-compatible install options are recognized)." - ;; - - link) - $ECHO \ -"Usage: $progname [OPTION]... --mode=link LINK-COMMAND... - -Link object files or libraries together to form another library, or to -create an executable program. - -LINK-COMMAND is a command using the C compiler that you would use to create -a program from several object files. - -The following components of LINK-COMMAND are treated specially: - - -all-static do not do any dynamic linking at all - -avoid-version do not add a version suffix if possible - -bindir BINDIR specify path to binaries directory (for systems where - libraries must be found in the PATH setting at runtime) - -dlopen FILE '-dlpreopen' FILE if it cannot be dlopened at runtime - -dlpreopen FILE link in FILE and add its symbols to lt_preloaded_symbols - -export-dynamic allow symbols from OUTPUT-FILE to be resolved with dlsym(3) - -export-symbols SYMFILE - try to export only the symbols listed in SYMFILE - -export-symbols-regex REGEX - try to export only the symbols matching REGEX - -LLIBDIR search LIBDIR for required installed libraries - -lNAME OUTPUT-FILE requires the installed library libNAME - -module build a library that can dlopened - -no-fast-install disable the fast-install mode - -no-install link a not-installable executable - -no-undefined declare that a library does not refer to external symbols - -o OUTPUT-FILE create OUTPUT-FILE from the specified objects - -objectlist FILE use a list of object files found in FILE to specify objects - -os2dllname NAME force a short DLL name on OS/2 (no effect on other OSes) - -precious-files-regex REGEX - don't remove output files matching REGEX - -release RELEASE specify package release information - -rpath LIBDIR the created library will eventually be installed in LIBDIR - -R[ ]LIBDIR add LIBDIR to the runtime path of programs and libraries - -shared only do dynamic linking of libtool libraries - -shrext SUFFIX override the standard shared library file extension - -static do not do any dynamic linking of uninstalled libtool libraries - -static-libtool-libs - do not do any dynamic linking of libtool libraries - -version-info CURRENT[:REVISION[:AGE]] - specify library version info [each variable defaults to 0] - -weak LIBNAME declare that the target provides the LIBNAME interface - -Wc,FLAG - -Xcompiler FLAG pass linker-specific FLAG directly to the compiler - -Wl,FLAG - -Xlinker FLAG pass linker-specific FLAG directly to the linker - -XCClinker FLAG pass link-specific FLAG to the compiler driver (CC) - -All other options (arguments beginning with '-') are ignored. - -Every other argument is treated as a filename. Files ending in '.la' are -treated as uninstalled libtool libraries, other files are standard or library -object files. - -If the OUTPUT-FILE ends in '.la', then a libtool library is created, -only library objects ('.lo' files) may be specified, and '-rpath' is -required, except when creating a convenience library. - -If OUTPUT-FILE ends in '.a' or '.lib', then a standard library is created -using 'ar' and 'ranlib', or on Windows using 'lib'. - -If OUTPUT-FILE ends in '.lo' or '.$objext', then a reloadable object file -is created, otherwise an executable program is created." - ;; - - uninstall) - $ECHO \ -"Usage: $progname [OPTION]... --mode=uninstall RM [RM-OPTION]... FILE... - -Remove libraries from an installation directory. - -RM is the name of the program to use to delete files associated with each FILE -(typically '/bin/rm'). RM-OPTIONS are options (such as '-f') to be passed -to RM. - -If FILE is a libtool library, all the files associated with it are deleted. -Otherwise, only FILE itself is deleted using RM." - ;; - - *) - func_fatal_help "invalid operation mode '$opt_mode'" - ;; - esac - - echo - $ECHO "Try '$progname --help' for more information about other modes." -} - -# Now that we've collected a possible --mode arg, show help if necessary -if $opt_help; then - if test : = "$opt_help"; then - func_mode_help - else - { - func_help noexit - for opt_mode in compile link execute install finish uninstall clean; do - func_mode_help - done - } | $SED -n '1p; 2,$s/^Usage:/ or: /p' - { - func_help noexit - for opt_mode in compile link execute install finish uninstall clean; do - echo - func_mode_help - done - } | - $SED '1d - /^When reporting/,/^Report/{ - H - d - } - $x - /information about other modes/d - /more detailed .*MODE/d - s/^Usage:.*--mode=\([^ ]*\) .*/Description of \1 mode:/' - fi - exit $? -fi - - -# func_mode_execute arg... -func_mode_execute () -{ - $debug_cmd - - # The first argument is the command name. - cmd=$nonopt - test -z "$cmd" && \ - func_fatal_help "you must specify a COMMAND" - - # Handle -dlopen flags immediately. - for file in $opt_dlopen; do - test -f "$file" \ - || func_fatal_help "'$file' is not a file" - - dir= - case $file in - *.la) - func_resolve_sysroot "$file" - file=$func_resolve_sysroot_result - - # Check to see that this really is a libtool archive. - func_lalib_unsafe_p "$file" \ - || func_fatal_help "'$lib' is not a valid libtool archive" - - # Read the libtool library. - dlname= - library_names= - func_source "$file" - - # Skip this library if it cannot be dlopened. - if test -z "$dlname"; then - # Warn if it was a shared library. - test -n "$library_names" && \ - func_warning "'$file' was not linked with '-export-dynamic'" - continue - fi - - func_dirname "$file" "" "." - dir=$func_dirname_result - - if test -f "$dir/$objdir/$dlname"; then - func_append dir "/$objdir" - else - if test ! -f "$dir/$dlname"; then - func_fatal_error "cannot find '$dlname' in '$dir' or '$dir/$objdir'" - fi - fi - ;; - - *.lo) - # Just add the directory containing the .lo file. - func_dirname "$file" "" "." - dir=$func_dirname_result - ;; - - *) - func_warning "'-dlopen' is ignored for non-libtool libraries and objects" - continue - ;; - esac - - # Get the absolute pathname. - absdir=`cd "$dir" && pwd` - test -n "$absdir" && dir=$absdir - - # Now add the directory to shlibpath_var. - if eval "test -z \"\$$shlibpath_var\""; then - eval "$shlibpath_var=\"\$dir\"" - else - eval "$shlibpath_var=\"\$dir:\$$shlibpath_var\"" - fi - done - - # This variable tells wrapper scripts just to set shlibpath_var - # rather than running their programs. - libtool_execute_magic=$magic - - # Check if any of the arguments is a wrapper script. - args= - for file - do - case $file in - -* | *.la | *.lo ) ;; - *) - # Do a test to see if this is really a libtool program. - if func_ltwrapper_script_p "$file"; then - func_source "$file" - # Transform arg to wrapped name. - file=$progdir/$program - elif func_ltwrapper_executable_p "$file"; then - func_ltwrapper_scriptname "$file" - func_source "$func_ltwrapper_scriptname_result" - # Transform arg to wrapped name. - file=$progdir/$program - fi - ;; - esac - # Quote arguments (to preserve shell metacharacters). - func_append_quoted args "$file" - done - - if $opt_dry_run; then - # Display what would be done. - if test -n "$shlibpath_var"; then - eval "\$ECHO \"\$shlibpath_var=\$$shlibpath_var\"" - echo "export $shlibpath_var" - fi - $ECHO "$cmd$args" - exit $EXIT_SUCCESS - else - if test -n "$shlibpath_var"; then - # Export the shlibpath_var. - eval "export $shlibpath_var" - fi - - # Restore saved environment variables - for lt_var in LANG LANGUAGE LC_ALL LC_CTYPE LC_COLLATE LC_MESSAGES - do - eval "if test \"\${save_$lt_var+set}\" = set; then - $lt_var=\$save_$lt_var; export $lt_var - else - $lt_unset $lt_var - fi" - done - - # Now prepare to actually exec the command. - exec_cmd=\$cmd$args - fi -} - -test execute = "$opt_mode" && func_mode_execute ${1+"$@"} - - -# func_mode_finish arg... -func_mode_finish () -{ - $debug_cmd - - libs= - libdirs= - admincmds= - - for opt in "$nonopt" ${1+"$@"} - do - if test -d "$opt"; then - func_append libdirs " $opt" - - elif test -f "$opt"; then - if func_lalib_unsafe_p "$opt"; then - func_append libs " $opt" - else - func_warning "'$opt' is not a valid libtool archive" - fi - - else - func_fatal_error "invalid argument '$opt'" - fi - done - - if test -n "$libs"; then - if test -n "$lt_sysroot"; then - sysroot_regex=`$ECHO "$lt_sysroot" | $SED "$sed_make_literal_regex"` - sysroot_cmd="s/\([ ']\)$sysroot_regex/\1/g;" - else - sysroot_cmd= - fi - - # Remove sysroot references - if $opt_dry_run; then - for lib in $libs; do - echo "removing references to $lt_sysroot and '=' prefixes from $lib" - done - else - tmpdir=`func_mktempdir` - for lib in $libs; do - $SED -e "$sysroot_cmd s/\([ ']-[LR]\)=/\1/g; s/\([ ']\)=/\1/g" $lib \ - > $tmpdir/tmp-la - mv -f $tmpdir/tmp-la $lib - done - ${RM}r "$tmpdir" - fi - fi - - if test -n "$finish_cmds$finish_eval" && test -n "$libdirs"; then - for libdir in $libdirs; do - if test -n "$finish_cmds"; then - # Do each command in the finish commands. - func_execute_cmds "$finish_cmds" 'admincmds="$admincmds -'"$cmd"'"' - fi - if test -n "$finish_eval"; then - # Do the single finish_eval. - eval cmds=\"$finish_eval\" - $opt_dry_run || eval "$cmds" || func_append admincmds " - $cmds" - fi - done - fi - - # Exit here if they wanted silent mode. - $opt_quiet && exit $EXIT_SUCCESS - - if test -n "$finish_cmds$finish_eval" && test -n "$libdirs"; then - echo "----------------------------------------------------------------------" - echo "Libraries have been installed in:" - for libdir in $libdirs; do - $ECHO " $libdir" - done - echo - echo "If you ever happen to want to link against installed libraries" - echo "in a given directory, LIBDIR, you must either use libtool, and" - echo "specify the full pathname of the library, or use the '-LLIBDIR'" - echo "flag during linking and do at least one of the following:" - if test -n "$shlibpath_var"; then - echo " - add LIBDIR to the '$shlibpath_var' environment variable" - echo " during execution" - fi - if test -n "$runpath_var"; then - echo " - add LIBDIR to the '$runpath_var' environment variable" - echo " during linking" - fi - if test -n "$hardcode_libdir_flag_spec"; then - libdir=LIBDIR - eval flag=\"$hardcode_libdir_flag_spec\" - - $ECHO " - use the '$flag' linker flag" - fi - if test -n "$admincmds"; then - $ECHO " - have your system administrator run these commands:$admincmds" - fi - if test -f /etc/ld.so.conf; then - echo " - have your system administrator add LIBDIR to '/etc/ld.so.conf'" - fi - echo - - echo "See any operating system documentation about shared libraries for" - case $host in - solaris2.[6789]|solaris2.1[0-9]) - echo "more information, such as the ld(1), crle(1) and ld.so(8) manual" - echo "pages." - ;; - *) - echo "more information, such as the ld(1) and ld.so(8) manual pages." - ;; - esac - echo "----------------------------------------------------------------------" - fi - exit $EXIT_SUCCESS -} - -test finish = "$opt_mode" && func_mode_finish ${1+"$@"} - - -# func_mode_install arg... -func_mode_install () -{ - $debug_cmd - - # There may be an optional sh(1) argument at the beginning of - # install_prog (especially on Windows NT). - if test "$SHELL" = "$nonopt" || test /bin/sh = "$nonopt" || - # Allow the use of GNU shtool's install command. - case $nonopt in *shtool*) :;; *) false;; esac - then - # Aesthetically quote it. - func_quote_for_eval "$nonopt" - install_prog="$func_quote_for_eval_result " - arg=$1 - shift - else - install_prog= - arg=$nonopt - fi - - # The real first argument should be the name of the installation program. - # Aesthetically quote it. - func_quote_for_eval "$arg" - func_append install_prog "$func_quote_for_eval_result" - install_shared_prog=$install_prog - case " $install_prog " in - *[\\\ /]cp\ *) install_cp=: ;; - *) install_cp=false ;; - esac - - # We need to accept at least all the BSD install flags. - dest= - files= - opts= - prev= - install_type= - isdir=false - stripme= - no_mode=: - for arg - do - arg2= - if test -n "$dest"; then - func_append files " $dest" - dest=$arg - continue - fi - - case $arg in - -d) isdir=: ;; - -f) - if $install_cp; then :; else - prev=$arg - fi - ;; - -g | -m | -o) - prev=$arg - ;; - -s) - stripme=" -s" - continue - ;; - -*) - ;; - *) - # If the previous option needed an argument, then skip it. - if test -n "$prev"; then - if test X-m = "X$prev" && test -n "$install_override_mode"; then - arg2=$install_override_mode - no_mode=false - fi - prev= - else - dest=$arg - continue - fi - ;; - esac - - # Aesthetically quote the argument. - func_quote_for_eval "$arg" - func_append install_prog " $func_quote_for_eval_result" - if test -n "$arg2"; then - func_quote_for_eval "$arg2" - fi - func_append install_shared_prog " $func_quote_for_eval_result" - done - - test -z "$install_prog" && \ - func_fatal_help "you must specify an install program" - - test -n "$prev" && \ - func_fatal_help "the '$prev' option requires an argument" - - if test -n "$install_override_mode" && $no_mode; then - if $install_cp; then :; else - func_quote_for_eval "$install_override_mode" - func_append install_shared_prog " -m $func_quote_for_eval_result" - fi - fi - - if test -z "$files"; then - if test -z "$dest"; then - func_fatal_help "no file or destination specified" - else - func_fatal_help "you must specify a destination" - fi - fi - - # Strip any trailing slash from the destination. - func_stripname '' '/' "$dest" - dest=$func_stripname_result - - # Check to see that the destination is a directory. - test -d "$dest" && isdir=: - if $isdir; then - destdir=$dest - destname= - else - func_dirname_and_basename "$dest" "" "." - destdir=$func_dirname_result - destname=$func_basename_result - - # Not a directory, so check to see that there is only one file specified. - set dummy $files; shift - test "$#" -gt 1 && \ - func_fatal_help "'$dest' is not a directory" - fi - case $destdir in - [\\/]* | [A-Za-z]:[\\/]*) ;; - *) - for file in $files; do - case $file in - *.lo) ;; - *) - func_fatal_help "'$destdir' must be an absolute directory name" - ;; - esac - done - ;; - esac - - # This variable tells wrapper scripts just to set variables rather - # than running their programs. - libtool_install_magic=$magic - - staticlibs= - future_libdirs= - current_libdirs= - for file in $files; do - - # Do each installation. - case $file in - *.$libext) - # Do the static libraries later. - func_append staticlibs " $file" - ;; - - *.la) - func_resolve_sysroot "$file" - file=$func_resolve_sysroot_result - - # Check to see that this really is a libtool archive. - func_lalib_unsafe_p "$file" \ - || func_fatal_help "'$file' is not a valid libtool archive" - - library_names= - old_library= - relink_command= - func_source "$file" - - # Add the libdir to current_libdirs if it is the destination. - if test "X$destdir" = "X$libdir"; then - case "$current_libdirs " in - *" $libdir "*) ;; - *) func_append current_libdirs " $libdir" ;; - esac - else - # Note the libdir as a future libdir. - case "$future_libdirs " in - *" $libdir "*) ;; - *) func_append future_libdirs " $libdir" ;; - esac - fi - - func_dirname "$file" "/" "" - dir=$func_dirname_result - func_append dir "$objdir" - - if test -n "$relink_command"; then - # Determine the prefix the user has applied to our future dir. - inst_prefix_dir=`$ECHO "$destdir" | $SED -e "s%$libdir\$%%"` - - # Don't allow the user to place us outside of our expected - # location b/c this prevents finding dependent libraries that - # are installed to the same prefix. - # At present, this check doesn't affect windows .dll's that - # are installed into $libdir/../bin (currently, that works fine) - # but it's something to keep an eye on. - test "$inst_prefix_dir" = "$destdir" && \ - func_fatal_error "error: cannot install '$file' to a directory not ending in $libdir" - - if test -n "$inst_prefix_dir"; then - # Stick the inst_prefix_dir data into the link command. - relink_command=`$ECHO "$relink_command" | $SED "s%@inst_prefix_dir@%-inst-prefix-dir $inst_prefix_dir%"` - else - relink_command=`$ECHO "$relink_command" | $SED "s%@inst_prefix_dir@%%"` - fi - - func_warning "relinking '$file'" - func_show_eval "$relink_command" \ - 'func_fatal_error "error: relink '\''$file'\'' with the above command before installing it"' - fi - - # See the names of the shared library. - set dummy $library_names; shift - if test -n "$1"; then - realname=$1 - shift - - srcname=$realname - test -n "$relink_command" && srcname=${realname}T - - # Install the shared library and build the symlinks. - func_show_eval "$install_shared_prog $dir/$srcname $destdir/$realname" \ - 'exit $?' - tstripme=$stripme - case $host_os in - cygwin* | mingw* | pw32* | cegcc*) - case $realname in - *.dll.a) - tstripme= - ;; - esac - ;; - os2*) - case $realname in - *_dll.a) - tstripme= - ;; - esac - ;; - esac - if test -n "$tstripme" && test -n "$striplib"; then - func_show_eval "$striplib $destdir/$realname" 'exit $?' - fi - - if test "$#" -gt 0; then - # Delete the old symlinks, and create new ones. - # Try 'ln -sf' first, because the 'ln' binary might depend on - # the symlink we replace! Solaris /bin/ln does not understand -f, - # so we also need to try rm && ln -s. - for linkname - do - test "$linkname" != "$realname" \ - && func_show_eval "(cd $destdir && { $LN_S -f $realname $linkname || { $RM $linkname && $LN_S $realname $linkname; }; })" - done - fi - - # Do each command in the postinstall commands. - lib=$destdir/$realname - func_execute_cmds "$postinstall_cmds" 'exit $?' - fi - - # Install the pseudo-library for information purposes. - func_basename "$file" - name=$func_basename_result - instname=$dir/${name}i - func_show_eval "$install_prog $instname $destdir/$name" 'exit $?' - - # Maybe install the static library, too. - test -n "$old_library" && func_append staticlibs " $dir/$old_library" - ;; - - *.lo) - # Install (i.e. copy) a libtool object. - - # Figure out destination file name, if it wasn't already specified. - if test -n "$destname"; then - destfile=$destdir/$destname - else - func_basename "$file" - destfile=$func_basename_result - destfile=$destdir/$destfile - fi - - # Deduce the name of the destination old-style object file. - case $destfile in - *.lo) - func_lo2o "$destfile" - staticdest=$func_lo2o_result - ;; - *.$objext) - staticdest=$destfile - destfile= - ;; - *) - func_fatal_help "cannot copy a libtool object to '$destfile'" - ;; - esac - - # Install the libtool object if requested. - test -n "$destfile" && \ - func_show_eval "$install_prog $file $destfile" 'exit $?' - - # Install the old object if enabled. - if test yes = "$build_old_libs"; then - # Deduce the name of the old-style object file. - func_lo2o "$file" - staticobj=$func_lo2o_result - func_show_eval "$install_prog \$staticobj \$staticdest" 'exit $?' - fi - exit $EXIT_SUCCESS - ;; - - *) - # Figure out destination file name, if it wasn't already specified. - if test -n "$destname"; then - destfile=$destdir/$destname - else - func_basename "$file" - destfile=$func_basename_result - destfile=$destdir/$destfile - fi - - # If the file is missing, and there is a .exe on the end, strip it - # because it is most likely a libtool script we actually want to - # install - stripped_ext= - case $file in - *.exe) - if test ! -f "$file"; then - func_stripname '' '.exe' "$file" - file=$func_stripname_result - stripped_ext=.exe - fi - ;; - esac - - # Do a test to see if this is really a libtool program. - case $host in - *cygwin* | *mingw*) - if func_ltwrapper_executable_p "$file"; then - func_ltwrapper_scriptname "$file" - wrapper=$func_ltwrapper_scriptname_result - else - func_stripname '' '.exe' "$file" - wrapper=$func_stripname_result - fi - ;; - *) - wrapper=$file - ;; - esac - if func_ltwrapper_script_p "$wrapper"; then - notinst_deplibs= - relink_command= - - func_source "$wrapper" - - # Check the variables that should have been set. - test -z "$generated_by_libtool_version" && \ - func_fatal_error "invalid libtool wrapper script '$wrapper'" - - finalize=: - for lib in $notinst_deplibs; do - # Check to see that each library is installed. - libdir= - if test -f "$lib"; then - func_source "$lib" - fi - libfile=$libdir/`$ECHO "$lib" | $SED 's%^.*/%%g'` - if test -n "$libdir" && test ! -f "$libfile"; then - func_warning "'$lib' has not been installed in '$libdir'" - finalize=false - fi - done - - relink_command= - func_source "$wrapper" - - outputname= - if test no = "$fast_install" && test -n "$relink_command"; then - $opt_dry_run || { - if $finalize; then - tmpdir=`func_mktempdir` - func_basename "$file$stripped_ext" - file=$func_basename_result - outputname=$tmpdir/$file - # Replace the output file specification. - relink_command=`$ECHO "$relink_command" | $SED 's%@OUTPUT@%'"$outputname"'%g'` - - $opt_quiet || { - func_quote_for_expand "$relink_command" - eval "func_echo $func_quote_for_expand_result" - } - if eval "$relink_command"; then : - else - func_error "error: relink '$file' with the above command before installing it" - $opt_dry_run || ${RM}r "$tmpdir" - continue - fi - file=$outputname - else - func_warning "cannot relink '$file'" - fi - } - else - # Install the binary that we compiled earlier. - file=`$ECHO "$file$stripped_ext" | $SED "s%\([^/]*\)$%$objdir/\1%"` - fi - fi - - # remove .exe since cygwin /usr/bin/install will append another - # one anyway - case $install_prog,$host in - */usr/bin/install*,*cygwin*) - case $file:$destfile in - *.exe:*.exe) - # this is ok - ;; - *.exe:*) - destfile=$destfile.exe - ;; - *:*.exe) - func_stripname '' '.exe' "$destfile" - destfile=$func_stripname_result - ;; - esac - ;; - esac - func_show_eval "$install_prog\$stripme \$file \$destfile" 'exit $?' - $opt_dry_run || if test -n "$outputname"; then - ${RM}r "$tmpdir" - fi - ;; - esac - done - - for file in $staticlibs; do - func_basename "$file" - name=$func_basename_result - - # Set up the ranlib parameters. - oldlib=$destdir/$name - func_to_tool_file "$oldlib" func_convert_file_msys_to_w32 - tool_oldlib=$func_to_tool_file_result - - func_show_eval "$install_prog \$file \$oldlib" 'exit $?' - - if test -n "$stripme" && test -n "$old_striplib"; then - func_show_eval "$old_striplib $tool_oldlib" 'exit $?' - fi - - # Do each command in the postinstall commands. - func_execute_cmds "$old_postinstall_cmds" 'exit $?' - done - - test -n "$future_libdirs" && \ - func_warning "remember to run '$progname --finish$future_libdirs'" - - if test -n "$current_libdirs"; then - # Maybe just do a dry run. - $opt_dry_run && current_libdirs=" -n$current_libdirs" - exec_cmd='$SHELL "$progpath" $preserve_args --finish$current_libdirs' - else - exit $EXIT_SUCCESS - fi -} - -test install = "$opt_mode" && func_mode_install ${1+"$@"} - - -# func_generate_dlsyms outputname originator pic_p -# Extract symbols from dlprefiles and create ${outputname}S.o with -# a dlpreopen symbol table. -func_generate_dlsyms () -{ - $debug_cmd - - my_outputname=$1 - my_originator=$2 - my_pic_p=${3-false} - my_prefix=`$ECHO "$my_originator" | $SED 's%[^a-zA-Z0-9]%_%g'` - my_dlsyms= - - if test -n "$dlfiles$dlprefiles" || test no != "$dlself"; then - if test -n "$NM" && test -n "$global_symbol_pipe"; then - my_dlsyms=${my_outputname}S.c - else - func_error "not configured to extract global symbols from dlpreopened files" - fi - fi - - if test -n "$my_dlsyms"; then - case $my_dlsyms in - "") ;; - *.c) - # Discover the nlist of each of the dlfiles. - nlist=$output_objdir/$my_outputname.nm - - func_show_eval "$RM $nlist ${nlist}S ${nlist}T" - - # Parse the name list into a source file. - func_verbose "creating $output_objdir/$my_dlsyms" - - $opt_dry_run || $ECHO > "$output_objdir/$my_dlsyms" "\ -/* $my_dlsyms - symbol resolution table for '$my_outputname' dlsym emulation. */ -/* Generated by $PROGRAM (GNU $PACKAGE) $VERSION */ - -#ifdef __cplusplus -extern \"C\" { -#endif - -#if defined __GNUC__ && (((__GNUC__ == 4) && (__GNUC_MINOR__ >= 4)) || (__GNUC__ > 4)) -#pragma GCC diagnostic ignored \"-Wstrict-prototypes\" -#endif - -/* Keep this code in sync between libtool.m4, ltmain, lt_system.h, and tests. */ -#if defined _WIN32 || defined __CYGWIN__ || defined _WIN32_WCE -/* DATA imports from DLLs on WIN32 can't be const, because runtime - relocations are performed -- see ld's documentation on pseudo-relocs. */ -# define LT_DLSYM_CONST -#elif defined __osf__ -/* This system does not cope well with relocations in const data. */ -# define LT_DLSYM_CONST -#else -# define LT_DLSYM_CONST const -#endif - -#define STREQ(s1, s2) (strcmp ((s1), (s2)) == 0) - -/* External symbol declarations for the compiler. */\ -" - - if test yes = "$dlself"; then - func_verbose "generating symbol list for '$output'" - - $opt_dry_run || echo ': @PROGRAM@ ' > "$nlist" - - # Add our own program objects to the symbol list. - progfiles=`$ECHO "$objs$old_deplibs" | $SP2NL | $SED "$lo2o" | $NL2SP` - for progfile in $progfiles; do - func_to_tool_file "$progfile" func_convert_file_msys_to_w32 - func_verbose "extracting global C symbols from '$func_to_tool_file_result'" - $opt_dry_run || eval "$NM $func_to_tool_file_result | $global_symbol_pipe >> '$nlist'" - done - - if test -n "$exclude_expsyms"; then - $opt_dry_run || { - eval '$EGREP -v " ($exclude_expsyms)$" "$nlist" > "$nlist"T' - eval '$MV "$nlist"T "$nlist"' - } - fi - - if test -n "$export_symbols_regex"; then - $opt_dry_run || { - eval '$EGREP -e "$export_symbols_regex" "$nlist" > "$nlist"T' - eval '$MV "$nlist"T "$nlist"' - } - fi - - # Prepare the list of exported symbols - if test -z "$export_symbols"; then - export_symbols=$output_objdir/$outputname.exp - $opt_dry_run || { - $RM $export_symbols - eval "$SED -n -e '/^: @PROGRAM@ $/d' -e 's/^.* \(.*\)$/\1/p' "'< "$nlist" > "$export_symbols"' - case $host in - *cygwin* | *mingw* | *cegcc* ) - eval "echo EXPORTS "'> "$output_objdir/$outputname.def"' - eval 'cat "$export_symbols" >> "$output_objdir/$outputname.def"' - ;; - esac - } - else - $opt_dry_run || { - eval "$SED -e 's/\([].[*^$]\)/\\\\\1/g' -e 's/^/ /' -e 's/$/$/'"' < "$export_symbols" > "$output_objdir/$outputname.exp"' - eval '$GREP -f "$output_objdir/$outputname.exp" < "$nlist" > "$nlist"T' - eval '$MV "$nlist"T "$nlist"' - case $host in - *cygwin* | *mingw* | *cegcc* ) - eval "echo EXPORTS "'> "$output_objdir/$outputname.def"' - eval 'cat "$nlist" >> "$output_objdir/$outputname.def"' - ;; - esac - } - fi - fi - - for dlprefile in $dlprefiles; do - func_verbose "extracting global C symbols from '$dlprefile'" - func_basename "$dlprefile" - name=$func_basename_result - case $host in - *cygwin* | *mingw* | *cegcc* ) - # if an import library, we need to obtain dlname - if func_win32_import_lib_p "$dlprefile"; then - func_tr_sh "$dlprefile" - eval "curr_lafile=\$libfile_$func_tr_sh_result" - dlprefile_dlbasename= - if test -n "$curr_lafile" && func_lalib_p "$curr_lafile"; then - # Use subshell, to avoid clobbering current variable values - dlprefile_dlname=`source "$curr_lafile" && echo "$dlname"` - if test -n "$dlprefile_dlname"; then - func_basename "$dlprefile_dlname" - dlprefile_dlbasename=$func_basename_result - else - # no lafile. user explicitly requested -dlpreopen . - $sharedlib_from_linklib_cmd "$dlprefile" - dlprefile_dlbasename=$sharedlib_from_linklib_result - fi - fi - $opt_dry_run || { - if test -n "$dlprefile_dlbasename"; then - eval '$ECHO ": $dlprefile_dlbasename" >> "$nlist"' - else - func_warning "Could not compute DLL name from $name" - eval '$ECHO ": $name " >> "$nlist"' - fi - func_to_tool_file "$dlprefile" func_convert_file_msys_to_w32 - eval "$NM \"$func_to_tool_file_result\" 2>/dev/null | $global_symbol_pipe | - $SED -e '/I __imp/d' -e 's/I __nm_/D /;s/_nm__//' >> '$nlist'" - } - else # not an import lib - $opt_dry_run || { - eval '$ECHO ": $name " >> "$nlist"' - func_to_tool_file "$dlprefile" func_convert_file_msys_to_w32 - eval "$NM \"$func_to_tool_file_result\" 2>/dev/null | $global_symbol_pipe >> '$nlist'" - } - fi - ;; - *) - $opt_dry_run || { - eval '$ECHO ": $name " >> "$nlist"' - func_to_tool_file "$dlprefile" func_convert_file_msys_to_w32 - eval "$NM \"$func_to_tool_file_result\" 2>/dev/null | $global_symbol_pipe >> '$nlist'" - } - ;; - esac - done - - $opt_dry_run || { - # Make sure we have at least an empty file. - test -f "$nlist" || : > "$nlist" - - if test -n "$exclude_expsyms"; then - $EGREP -v " ($exclude_expsyms)$" "$nlist" > "$nlist"T - $MV "$nlist"T "$nlist" - fi - - # Try sorting and uniquifying the output. - if $GREP -v "^: " < "$nlist" | - if sort -k 3 /dev/null 2>&1; then - sort -k 3 - else - sort +2 - fi | - uniq > "$nlist"S; then - : - else - $GREP -v "^: " < "$nlist" > "$nlist"S - fi - - if test -f "$nlist"S; then - eval "$global_symbol_to_cdecl"' < "$nlist"S >> "$output_objdir/$my_dlsyms"' - else - echo '/* NONE */' >> "$output_objdir/$my_dlsyms" - fi - - func_show_eval '$RM "${nlist}I"' - if test -n "$global_symbol_to_import"; then - eval "$global_symbol_to_import"' < "$nlist"S > "$nlist"I' - fi - - echo >> "$output_objdir/$my_dlsyms" "\ - -/* The mapping between symbol names and symbols. */ -typedef struct { - const char *name; - void *address; -} lt_dlsymlist; -extern LT_DLSYM_CONST lt_dlsymlist -lt_${my_prefix}_LTX_preloaded_symbols[];\ -" - - if test -s "$nlist"I; then - echo >> "$output_objdir/$my_dlsyms" "\ -static void lt_syminit(void) -{ - LT_DLSYM_CONST lt_dlsymlist *symbol = lt_${my_prefix}_LTX_preloaded_symbols; - for (; symbol->name; ++symbol) - {" - $SED 's/.*/ if (STREQ (symbol->name, \"&\")) symbol->address = (void *) \&&;/' < "$nlist"I >> "$output_objdir/$my_dlsyms" - echo >> "$output_objdir/$my_dlsyms" "\ - } -}" - fi - echo >> "$output_objdir/$my_dlsyms" "\ -LT_DLSYM_CONST lt_dlsymlist -lt_${my_prefix}_LTX_preloaded_symbols[] = -{ {\"$my_originator\", (void *) 0}," - - if test -s "$nlist"I; then - echo >> "$output_objdir/$my_dlsyms" "\ - {\"@INIT@\", (void *) <_syminit}," - fi - - case $need_lib_prefix in - no) - eval "$global_symbol_to_c_name_address" < "$nlist" >> "$output_objdir/$my_dlsyms" - ;; - *) - eval "$global_symbol_to_c_name_address_lib_prefix" < "$nlist" >> "$output_objdir/$my_dlsyms" - ;; - esac - echo >> "$output_objdir/$my_dlsyms" "\ - {0, (void *) 0} -}; - -/* This works around a problem in FreeBSD linker */ -#ifdef FREEBSD_WORKAROUND -static const void *lt_preloaded_setup() { - return lt_${my_prefix}_LTX_preloaded_symbols; -} -#endif - -#ifdef __cplusplus -} -#endif\ -" - } # !$opt_dry_run - - pic_flag_for_symtable= - case "$compile_command " in - *" -static "*) ;; - *) - case $host in - # compiling the symbol table file with pic_flag works around - # a FreeBSD bug that causes programs to crash when -lm is - # linked before any other PIC object. But we must not use - # pic_flag when linking with -static. The problem exists in - # FreeBSD 2.2.6 and is fixed in FreeBSD 3.1. - *-*-freebsd2.*|*-*-freebsd3.0*|*-*-freebsdelf3.0*) - pic_flag_for_symtable=" $pic_flag -DFREEBSD_WORKAROUND" ;; - *-*-hpux*) - pic_flag_for_symtable=" $pic_flag" ;; - *) - $my_pic_p && pic_flag_for_symtable=" $pic_flag" - ;; - esac - ;; - esac - symtab_cflags= - for arg in $LTCFLAGS; do - case $arg in - -pie | -fpie | -fPIE) ;; - *) func_append symtab_cflags " $arg" ;; - esac - done - - # Now compile the dynamic symbol file. - func_show_eval '(cd $output_objdir && $LTCC$symtab_cflags -c$no_builtin_flag$pic_flag_for_symtable "$my_dlsyms")' 'exit $?' - - # Clean up the generated files. - func_show_eval '$RM "$output_objdir/$my_dlsyms" "$nlist" "${nlist}S" "${nlist}T" "${nlist}I"' - - # Transform the symbol file into the correct name. - symfileobj=$output_objdir/${my_outputname}S.$objext - case $host in - *cygwin* | *mingw* | *cegcc* ) - if test -f "$output_objdir/$my_outputname.def"; then - compile_command=`$ECHO "$compile_command" | $SED "s%@SYMFILE@%$output_objdir/$my_outputname.def $symfileobj%"` - finalize_command=`$ECHO "$finalize_command" | $SED "s%@SYMFILE@%$output_objdir/$my_outputname.def $symfileobj%"` - else - compile_command=`$ECHO "$compile_command" | $SED "s%@SYMFILE@%$symfileobj%"` - finalize_command=`$ECHO "$finalize_command" | $SED "s%@SYMFILE@%$symfileobj%"` - fi - ;; - *) - compile_command=`$ECHO "$compile_command" | $SED "s%@SYMFILE@%$symfileobj%"` - finalize_command=`$ECHO "$finalize_command" | $SED "s%@SYMFILE@%$symfileobj%"` - ;; - esac - ;; - *) - func_fatal_error "unknown suffix for '$my_dlsyms'" - ;; - esac - else - # We keep going just in case the user didn't refer to - # lt_preloaded_symbols. The linker will fail if global_symbol_pipe - # really was required. - - # Nullify the symbol file. - compile_command=`$ECHO "$compile_command" | $SED "s% @SYMFILE@%%"` - finalize_command=`$ECHO "$finalize_command" | $SED "s% @SYMFILE@%%"` - fi -} - -# func_cygming_gnu_implib_p ARG -# This predicate returns with zero status (TRUE) if -# ARG is a GNU/binutils-style import library. Returns -# with nonzero status (FALSE) otherwise. -func_cygming_gnu_implib_p () -{ - $debug_cmd - - func_to_tool_file "$1" func_convert_file_msys_to_w32 - func_cygming_gnu_implib_tmp=`$NM "$func_to_tool_file_result" | eval "$global_symbol_pipe" | $EGREP ' (_head_[A-Za-z0-9_]+_[ad]l*|[A-Za-z0-9_]+_[ad]l*_iname)$'` - test -n "$func_cygming_gnu_implib_tmp" -} - -# func_cygming_ms_implib_p ARG -# This predicate returns with zero status (TRUE) if -# ARG is an MS-style import library. Returns -# with nonzero status (FALSE) otherwise. -func_cygming_ms_implib_p () -{ - $debug_cmd - - func_to_tool_file "$1" func_convert_file_msys_to_w32 - func_cygming_ms_implib_tmp=`$NM "$func_to_tool_file_result" | eval "$global_symbol_pipe" | $GREP '_NULL_IMPORT_DESCRIPTOR'` - test -n "$func_cygming_ms_implib_tmp" -} - -# func_win32_libid arg -# return the library type of file 'arg' -# -# Need a lot of goo to handle *both* DLLs and import libs -# Has to be a shell function in order to 'eat' the argument -# that is supplied when $file_magic_command is called. -# Despite the name, also deal with 64 bit binaries. -func_win32_libid () -{ - $debug_cmd - - win32_libid_type=unknown - win32_fileres=`file -L $1 2>/dev/null` - case $win32_fileres in - *ar\ archive\ import\ library*) # definitely import - win32_libid_type="x86 archive import" - ;; - *ar\ archive*) # could be an import, or static - # Keep the egrep pattern in sync with the one in _LT_CHECK_MAGIC_METHOD. - if eval $OBJDUMP -f $1 | $SED -e '10q' 2>/dev/null | - $EGREP 'file format (pei*-i386(.*architecture: i386)?|pe-arm-wince|pe-x86-64)' >/dev/null; then - case $nm_interface in - "MS dumpbin") - if func_cygming_ms_implib_p "$1" || - func_cygming_gnu_implib_p "$1" - then - win32_nmres=import - else - win32_nmres= - fi - ;; - *) - func_to_tool_file "$1" func_convert_file_msys_to_w32 - win32_nmres=`eval $NM -f posix -A \"$func_to_tool_file_result\" | - $SED -n -e ' - 1,100{ - / I /{ - s|.*|import| - p - q - } - }'` - ;; - esac - case $win32_nmres in - import*) win32_libid_type="x86 archive import";; - *) win32_libid_type="x86 archive static";; - esac - fi - ;; - *DLL*) - win32_libid_type="x86 DLL" - ;; - *executable*) # but shell scripts are "executable" too... - case $win32_fileres in - *MS\ Windows\ PE\ Intel*) - win32_libid_type="x86 DLL" - ;; - esac - ;; - esac - $ECHO "$win32_libid_type" -} - -# func_cygming_dll_for_implib ARG -# -# Platform-specific function to extract the -# name of the DLL associated with the specified -# import library ARG. -# Invoked by eval'ing the libtool variable -# $sharedlib_from_linklib_cmd -# Result is available in the variable -# $sharedlib_from_linklib_result -func_cygming_dll_for_implib () -{ - $debug_cmd - - sharedlib_from_linklib_result=`$DLLTOOL --identify-strict --identify "$1"` -} - -# func_cygming_dll_for_implib_fallback_core SECTION_NAME LIBNAMEs -# -# The is the core of a fallback implementation of a -# platform-specific function to extract the name of the -# DLL associated with the specified import library LIBNAME. -# -# SECTION_NAME is either .idata$6 or .idata$7, depending -# on the platform and compiler that created the implib. -# -# Echos the name of the DLL associated with the -# specified import library. -func_cygming_dll_for_implib_fallback_core () -{ - $debug_cmd - - match_literal=`$ECHO "$1" | $SED "$sed_make_literal_regex"` - $OBJDUMP -s --section "$1" "$2" 2>/dev/null | - $SED '/^Contents of section '"$match_literal"':/{ - # Place marker at beginning of archive member dllname section - s/.*/====MARK====/ - p - d - } - # These lines can sometimes be longer than 43 characters, but - # are always uninteresting - /:[ ]*file format pe[i]\{,1\}-/d - /^In archive [^:]*:/d - # Ensure marker is printed - /^====MARK====/p - # Remove all lines with less than 43 characters - /^.\{43\}/!d - # From remaining lines, remove first 43 characters - s/^.\{43\}//' | - $SED -n ' - # Join marker and all lines until next marker into a single line - /^====MARK====/ b para - H - $ b para - b - :para - x - s/\n//g - # Remove the marker - s/^====MARK====// - # Remove trailing dots and whitespace - s/[\. \t]*$// - # Print - /./p' | - # we now have a list, one entry per line, of the stringified - # contents of the appropriate section of all members of the - # archive that possess that section. Heuristic: eliminate - # all those that have a first or second character that is - # a '.' (that is, objdump's representation of an unprintable - # character.) This should work for all archives with less than - # 0x302f exports -- but will fail for DLLs whose name actually - # begins with a literal '.' or a single character followed by - # a '.'. - # - # Of those that remain, print the first one. - $SED -e '/^\./d;/^.\./d;q' -} - -# func_cygming_dll_for_implib_fallback ARG -# Platform-specific function to extract the -# name of the DLL associated with the specified -# import library ARG. -# -# This fallback implementation is for use when $DLLTOOL -# does not support the --identify-strict option. -# Invoked by eval'ing the libtool variable -# $sharedlib_from_linklib_cmd -# Result is available in the variable -# $sharedlib_from_linklib_result -func_cygming_dll_for_implib_fallback () -{ - $debug_cmd - - if func_cygming_gnu_implib_p "$1"; then - # binutils import library - sharedlib_from_linklib_result=`func_cygming_dll_for_implib_fallback_core '.idata$7' "$1"` - elif func_cygming_ms_implib_p "$1"; then - # ms-generated import library - sharedlib_from_linklib_result=`func_cygming_dll_for_implib_fallback_core '.idata$6' "$1"` - else - # unknown - sharedlib_from_linklib_result= - fi -} - - -# func_extract_an_archive dir oldlib -func_extract_an_archive () -{ - $debug_cmd - - f_ex_an_ar_dir=$1; shift - f_ex_an_ar_oldlib=$1 - if test yes = "$lock_old_archive_extraction"; then - lockfile=$f_ex_an_ar_oldlib.lock - until $opt_dry_run || ln "$progpath" "$lockfile" 2>/dev/null; do - func_echo "Waiting for $lockfile to be removed" - sleep 2 - done - fi - func_show_eval "(cd \$f_ex_an_ar_dir && $AR x \"\$f_ex_an_ar_oldlib\")" \ - 'stat=$?; rm -f "$lockfile"; exit $stat' - if test yes = "$lock_old_archive_extraction"; then - $opt_dry_run || rm -f "$lockfile" - fi - if ($AR t "$f_ex_an_ar_oldlib" | sort | sort -uc >/dev/null 2>&1); then - : - else - func_fatal_error "object name conflicts in archive: $f_ex_an_ar_dir/$f_ex_an_ar_oldlib" - fi -} - - -# func_extract_archives gentop oldlib ... -func_extract_archives () -{ - $debug_cmd - - my_gentop=$1; shift - my_oldlibs=${1+"$@"} - my_oldobjs= - my_xlib= - my_xabs= - my_xdir= - - for my_xlib in $my_oldlibs; do - # Extract the objects. - case $my_xlib in - [\\/]* | [A-Za-z]:[\\/]*) my_xabs=$my_xlib ;; - *) my_xabs=`pwd`"/$my_xlib" ;; - esac - func_basename "$my_xlib" - my_xlib=$func_basename_result - my_xlib_u=$my_xlib - while :; do - case " $extracted_archives " in - *" $my_xlib_u "*) - func_arith $extracted_serial + 1 - extracted_serial=$func_arith_result - my_xlib_u=lt$extracted_serial-$my_xlib ;; - *) break ;; - esac - done - extracted_archives="$extracted_archives $my_xlib_u" - my_xdir=$my_gentop/$my_xlib_u - - func_mkdir_p "$my_xdir" - - case $host in - *-darwin*) - func_verbose "Extracting $my_xabs" - # Do not bother doing anything if just a dry run - $opt_dry_run || { - darwin_orig_dir=`pwd` - cd $my_xdir || exit $? - darwin_archive=$my_xabs - darwin_curdir=`pwd` - func_basename "$darwin_archive" - darwin_base_archive=$func_basename_result - darwin_arches=`$LIPO -info "$darwin_archive" 2>/dev/null | $GREP Architectures 2>/dev/null || true` - if test -n "$darwin_arches"; then - darwin_arches=`$ECHO "$darwin_arches" | $SED -e 's/.*are://'` - darwin_arch= - func_verbose "$darwin_base_archive has multiple architectures $darwin_arches" - for darwin_arch in $darwin_arches; do - func_mkdir_p "unfat-$$/$darwin_base_archive-$darwin_arch" - $LIPO -thin $darwin_arch -output "unfat-$$/$darwin_base_archive-$darwin_arch/$darwin_base_archive" "$darwin_archive" - cd "unfat-$$/$darwin_base_archive-$darwin_arch" - func_extract_an_archive "`pwd`" "$darwin_base_archive" - cd "$darwin_curdir" - $RM "unfat-$$/$darwin_base_archive-$darwin_arch/$darwin_base_archive" - done # $darwin_arches - ## Okay now we've a bunch of thin objects, gotta fatten them up :) - darwin_filelist=`find unfat-$$ -type f -name \*.o -print -o -name \*.lo -print | $SED -e "$sed_basename" | sort -u` - darwin_file= - darwin_files= - for darwin_file in $darwin_filelist; do - darwin_files=`find unfat-$$ -name $darwin_file -print | sort | $NL2SP` - $LIPO -create -output "$darwin_file" $darwin_files - done # $darwin_filelist - $RM -rf unfat-$$ - cd "$darwin_orig_dir" - else - cd $darwin_orig_dir - func_extract_an_archive "$my_xdir" "$my_xabs" - fi # $darwin_arches - } # !$opt_dry_run - ;; - *) - func_extract_an_archive "$my_xdir" "$my_xabs" - ;; - esac - my_oldobjs="$my_oldobjs "`find $my_xdir -name \*.$objext -print -o -name \*.lo -print | sort | $NL2SP` - done - - func_extract_archives_result=$my_oldobjs -} - - -# func_emit_wrapper [arg=no] -# -# Emit a libtool wrapper script on stdout. -# Don't directly open a file because we may want to -# incorporate the script contents within a cygwin/mingw -# wrapper executable. Must ONLY be called from within -# func_mode_link because it depends on a number of variables -# set therein. -# -# ARG is the value that the WRAPPER_SCRIPT_BELONGS_IN_OBJDIR -# variable will take. If 'yes', then the emitted script -# will assume that the directory where it is stored is -# the $objdir directory. This is a cygwin/mingw-specific -# behavior. -func_emit_wrapper () -{ - func_emit_wrapper_arg1=${1-no} - - $ECHO "\ -#! $SHELL - -# $output - temporary wrapper script for $objdir/$outputname -# Generated by $PROGRAM (GNU $PACKAGE) $VERSION -# -# The $output program cannot be directly executed until all the libtool -# libraries that it depends on are installed. -# -# This wrapper script should never be moved out of the build directory. -# If it is, it will not operate correctly. - -# Sed substitution that helps us do robust quoting. It backslashifies -# metacharacters that are still active within double-quoted strings. -sed_quote_subst='$sed_quote_subst' - -# Be Bourne compatible -if test -n \"\${ZSH_VERSION+set}\" && (emulate sh) >/dev/null 2>&1; then - emulate sh - NULLCMD=: - # Zsh 3.x and 4.x performs word splitting on \${1+\"\$@\"}, which - # is contrary to our usage. Disable this feature. - alias -g '\${1+\"\$@\"}'='\"\$@\"' - setopt NO_GLOB_SUBST -else - case \`(set -o) 2>/dev/null\` in *posix*) set -o posix;; esac -fi -BIN_SH=xpg4; export BIN_SH # for Tru64 -DUALCASE=1; export DUALCASE # for MKS sh - -# The HP-UX ksh and POSIX shell print the target directory to stdout -# if CDPATH is set. -(unset CDPATH) >/dev/null 2>&1 && unset CDPATH - -relink_command=\"$relink_command\" - -# This environment variable determines our operation mode. -if test \"\$libtool_install_magic\" = \"$magic\"; then - # install mode needs the following variables: - generated_by_libtool_version='$macro_version' - notinst_deplibs='$notinst_deplibs' -else - # When we are sourced in execute mode, \$file and \$ECHO are already set. - if test \"\$libtool_execute_magic\" != \"$magic\"; then - file=\"\$0\"" - - qECHO=`$ECHO "$ECHO" | $SED "$sed_quote_subst"` - $ECHO "\ - -# A function that is used when there is no print builtin or printf. -func_fallback_echo () -{ - eval 'cat <<_LTECHO_EOF -\$1 -_LTECHO_EOF' -} - ECHO=\"$qECHO\" - fi - -# Very basic option parsing. These options are (a) specific to -# the libtool wrapper, (b) are identical between the wrapper -# /script/ and the wrapper /executable/ that is used only on -# windows platforms, and (c) all begin with the string "--lt-" -# (application programs are unlikely to have options that match -# this pattern). -# -# There are only two supported options: --lt-debug and -# --lt-dump-script. There is, deliberately, no --lt-help. -# -# The first argument to this parsing function should be the -# script's $0 value, followed by "$@". -lt_option_debug= -func_parse_lt_options () -{ - lt_script_arg0=\$0 - shift - for lt_opt - do - case \"\$lt_opt\" in - --lt-debug) lt_option_debug=1 ;; - --lt-dump-script) - lt_dump_D=\`\$ECHO \"X\$lt_script_arg0\" | $SED -e 's/^X//' -e 's%/[^/]*$%%'\` - test \"X\$lt_dump_D\" = \"X\$lt_script_arg0\" && lt_dump_D=. - lt_dump_F=\`\$ECHO \"X\$lt_script_arg0\" | $SED -e 's/^X//' -e 's%^.*/%%'\` - cat \"\$lt_dump_D/\$lt_dump_F\" - exit 0 - ;; - --lt-*) - \$ECHO \"Unrecognized --lt- option: '\$lt_opt'\" 1>&2 - exit 1 - ;; - esac - done - - # Print the debug banner immediately: - if test -n \"\$lt_option_debug\"; then - echo \"$outputname:$output:\$LINENO: libtool wrapper (GNU $PACKAGE) $VERSION\" 1>&2 - fi -} - -# Used when --lt-debug. Prints its arguments to stdout -# (redirection is the responsibility of the caller) -func_lt_dump_args () -{ - lt_dump_args_N=1; - for lt_arg - do - \$ECHO \"$outputname:$output:\$LINENO: newargv[\$lt_dump_args_N]: \$lt_arg\" - lt_dump_args_N=\`expr \$lt_dump_args_N + 1\` - done -} - -# Core function for launching the target application -func_exec_program_core () -{ -" - case $host in - # Backslashes separate directories on plain windows - *-*-mingw | *-*-os2* | *-cegcc*) - $ECHO "\ - if test -n \"\$lt_option_debug\"; then - \$ECHO \"$outputname:$output:\$LINENO: newargv[0]: \$progdir\\\\\$program\" 1>&2 - func_lt_dump_args \${1+\"\$@\"} 1>&2 - fi - exec \"\$progdir\\\\\$program\" \${1+\"\$@\"} -" - ;; - - *) - $ECHO "\ - if test -n \"\$lt_option_debug\"; then - \$ECHO \"$outputname:$output:\$LINENO: newargv[0]: \$progdir/\$program\" 1>&2 - func_lt_dump_args \${1+\"\$@\"} 1>&2 - fi - exec \"\$progdir/\$program\" \${1+\"\$@\"} -" - ;; - esac - $ECHO "\ - \$ECHO \"\$0: cannot exec \$program \$*\" 1>&2 - exit 1 -} - -# A function to encapsulate launching the target application -# Strips options in the --lt-* namespace from \$@ and -# launches target application with the remaining arguments. -func_exec_program () -{ - case \" \$* \" in - *\\ --lt-*) - for lt_wr_arg - do - case \$lt_wr_arg in - --lt-*) ;; - *) set x \"\$@\" \"\$lt_wr_arg\"; shift;; - esac - shift - done ;; - esac - func_exec_program_core \${1+\"\$@\"} -} - - # Parse options - func_parse_lt_options \"\$0\" \${1+\"\$@\"} - - # Find the directory that this script lives in. - thisdir=\`\$ECHO \"\$file\" | $SED 's%/[^/]*$%%'\` - test \"x\$thisdir\" = \"x\$file\" && thisdir=. - - # Follow symbolic links until we get to the real thisdir. - file=\`ls -ld \"\$file\" | $SED -n 's/.*-> //p'\` - while test -n \"\$file\"; do - destdir=\`\$ECHO \"\$file\" | $SED 's%/[^/]*\$%%'\` - - # If there was a directory component, then change thisdir. - if test \"x\$destdir\" != \"x\$file\"; then - case \"\$destdir\" in - [\\\\/]* | [A-Za-z]:[\\\\/]*) thisdir=\"\$destdir\" ;; - *) thisdir=\"\$thisdir/\$destdir\" ;; - esac - fi - - file=\`\$ECHO \"\$file\" | $SED 's%^.*/%%'\` - file=\`ls -ld \"\$thisdir/\$file\" | $SED -n 's/.*-> //p'\` - done - - # Usually 'no', except on cygwin/mingw when embedded into - # the cwrapper. - WRAPPER_SCRIPT_BELONGS_IN_OBJDIR=$func_emit_wrapper_arg1 - if test \"\$WRAPPER_SCRIPT_BELONGS_IN_OBJDIR\" = \"yes\"; then - # special case for '.' - if test \"\$thisdir\" = \".\"; then - thisdir=\`pwd\` - fi - # remove .libs from thisdir - case \"\$thisdir\" in - *[\\\\/]$objdir ) thisdir=\`\$ECHO \"\$thisdir\" | $SED 's%[\\\\/][^\\\\/]*$%%'\` ;; - $objdir ) thisdir=. ;; - esac - fi - - # Try to get the absolute directory name. - absdir=\`cd \"\$thisdir\" && pwd\` - test -n \"\$absdir\" && thisdir=\"\$absdir\" -" - - if test yes = "$fast_install"; then - $ECHO "\ - program=lt-'$outputname'$exeext - progdir=\"\$thisdir/$objdir\" - - if test ! -f \"\$progdir/\$program\" || - { file=\`ls -1dt \"\$progdir/\$program\" \"\$progdir/../\$program\" 2>/dev/null | $SED 1q\`; \\ - test \"X\$file\" != \"X\$progdir/\$program\"; }; then - - file=\"\$\$-\$program\" - - if test ! -d \"\$progdir\"; then - $MKDIR \"\$progdir\" - else - $RM \"\$progdir/\$file\" - fi" - - $ECHO "\ - - # relink executable if necessary - if test -n \"\$relink_command\"; then - if relink_command_output=\`eval \$relink_command 2>&1\`; then : - else - \$ECHO \"\$relink_command_output\" >&2 - $RM \"\$progdir/\$file\" - exit 1 - fi - fi - - $MV \"\$progdir/\$file\" \"\$progdir/\$program\" 2>/dev/null || - { $RM \"\$progdir/\$program\"; - $MV \"\$progdir/\$file\" \"\$progdir/\$program\"; } - $RM \"\$progdir/\$file\" - fi" - else - $ECHO "\ - program='$outputname' - progdir=\"\$thisdir/$objdir\" -" - fi - - $ECHO "\ - - if test -f \"\$progdir/\$program\"; then" - - # fixup the dll searchpath if we need to. - # - # Fix the DLL searchpath if we need to. Do this before prepending - # to shlibpath, because on Windows, both are PATH and uninstalled - # libraries must come first. - if test -n "$dllsearchpath"; then - $ECHO "\ - # Add the dll search path components to the executable PATH - PATH=$dllsearchpath:\$PATH -" - fi - - # Export our shlibpath_var if we have one. - if test yes = "$shlibpath_overrides_runpath" && test -n "$shlibpath_var" && test -n "$temp_rpath"; then - $ECHO "\ - # Add our own library path to $shlibpath_var - $shlibpath_var=\"$temp_rpath\$$shlibpath_var\" - - # Some systems cannot cope with colon-terminated $shlibpath_var - # The second colon is a workaround for a bug in BeOS R4 sed - $shlibpath_var=\`\$ECHO \"\$$shlibpath_var\" | $SED 's/::*\$//'\` - - export $shlibpath_var -" - fi - - $ECHO "\ - if test \"\$libtool_execute_magic\" != \"$magic\"; then - # Run the actual program with our arguments. - func_exec_program \${1+\"\$@\"} - fi - else - # The program doesn't exist. - \$ECHO \"\$0: error: '\$progdir/\$program' does not exist\" 1>&2 - \$ECHO \"This script is just a wrapper for \$program.\" 1>&2 - \$ECHO \"See the $PACKAGE documentation for more information.\" 1>&2 - exit 1 - fi -fi\ -" -} - - -# func_emit_cwrapperexe_src -# emit the source code for a wrapper executable on stdout -# Must ONLY be called from within func_mode_link because -# it depends on a number of variable set therein. -func_emit_cwrapperexe_src () -{ - cat < -#include -#ifdef _MSC_VER -# include -# include -# include -#else -# include -# include -# ifdef __CYGWIN__ -# include -# endif -#endif -#include -#include -#include -#include -#include -#include -#include -#include - -#define STREQ(s1, s2) (strcmp ((s1), (s2)) == 0) - -/* declarations of non-ANSI functions */ -#if defined __MINGW32__ -# ifdef __STRICT_ANSI__ -int _putenv (const char *); -# endif -#elif defined __CYGWIN__ -# ifdef __STRICT_ANSI__ -char *realpath (const char *, char *); -int putenv (char *); -int setenv (const char *, const char *, int); -# endif -/* #elif defined other_platform || defined ... */ -#endif - -/* portability defines, excluding path handling macros */ -#if defined _MSC_VER -# define setmode _setmode -# define stat _stat -# define chmod _chmod -# define getcwd _getcwd -# define putenv _putenv -# define S_IXUSR _S_IEXEC -#elif defined __MINGW32__ -# define setmode _setmode -# define stat _stat -# define chmod _chmod -# define getcwd _getcwd -# define putenv _putenv -#elif defined __CYGWIN__ -# define HAVE_SETENV -# define FOPEN_WB "wb" -/* #elif defined other platforms ... */ -#endif - -#if defined PATH_MAX -# define LT_PATHMAX PATH_MAX -#elif defined MAXPATHLEN -# define LT_PATHMAX MAXPATHLEN -#else -# define LT_PATHMAX 1024 -#endif - -#ifndef S_IXOTH -# define S_IXOTH 0 -#endif -#ifndef S_IXGRP -# define S_IXGRP 0 -#endif - -/* path handling portability macros */ -#ifndef DIR_SEPARATOR -# define DIR_SEPARATOR '/' -# define PATH_SEPARATOR ':' -#endif - -#if defined _WIN32 || defined __MSDOS__ || defined __DJGPP__ || \ - defined __OS2__ -# define HAVE_DOS_BASED_FILE_SYSTEM -# define FOPEN_WB "wb" -# ifndef DIR_SEPARATOR_2 -# define DIR_SEPARATOR_2 '\\' -# endif -# ifndef PATH_SEPARATOR_2 -# define PATH_SEPARATOR_2 ';' -# endif -#endif - -#ifndef DIR_SEPARATOR_2 -# define IS_DIR_SEPARATOR(ch) ((ch) == DIR_SEPARATOR) -#else /* DIR_SEPARATOR_2 */ -# define IS_DIR_SEPARATOR(ch) \ - (((ch) == DIR_SEPARATOR) || ((ch) == DIR_SEPARATOR_2)) -#endif /* DIR_SEPARATOR_2 */ - -#ifndef PATH_SEPARATOR_2 -# define IS_PATH_SEPARATOR(ch) ((ch) == PATH_SEPARATOR) -#else /* PATH_SEPARATOR_2 */ -# define IS_PATH_SEPARATOR(ch) ((ch) == PATH_SEPARATOR_2) -#endif /* PATH_SEPARATOR_2 */ - -#ifndef FOPEN_WB -# define FOPEN_WB "w" -#endif -#ifndef _O_BINARY -# define _O_BINARY 0 -#endif - -#define XMALLOC(type, num) ((type *) xmalloc ((num) * sizeof(type))) -#define XFREE(stale) do { \ - if (stale) { free (stale); stale = 0; } \ -} while (0) - -#if defined LT_DEBUGWRAPPER -static int lt_debug = 1; -#else -static int lt_debug = 0; -#endif - -const char *program_name = "libtool-wrapper"; /* in case xstrdup fails */ - -void *xmalloc (size_t num); -char *xstrdup (const char *string); -const char *base_name (const char *name); -char *find_executable (const char *wrapper); -char *chase_symlinks (const char *pathspec); -int make_executable (const char *path); -int check_executable (const char *path); -char *strendzap (char *str, const char *pat); -void lt_debugprintf (const char *file, int line, const char *fmt, ...); -void lt_fatal (const char *file, int line, const char *message, ...); -static const char *nonnull (const char *s); -static const char *nonempty (const char *s); -void lt_setenv (const char *name, const char *value); -char *lt_extend_str (const char *orig_value, const char *add, int to_end); -void lt_update_exe_path (const char *name, const char *value); -void lt_update_lib_path (const char *name, const char *value); -char **prepare_spawn (char **argv); -void lt_dump_script (FILE *f); -EOF - - cat <= 0) - && (st.st_mode & (S_IXUSR | S_IXGRP | S_IXOTH))) - return 1; - else - return 0; -} - -int -make_executable (const char *path) -{ - int rval = 0; - struct stat st; - - lt_debugprintf (__FILE__, __LINE__, "(make_executable): %s\n", - nonempty (path)); - if ((!path) || (!*path)) - return 0; - - if (stat (path, &st) >= 0) - { - rval = chmod (path, st.st_mode | S_IXOTH | S_IXGRP | S_IXUSR); - } - return rval; -} - -/* Searches for the full path of the wrapper. Returns - newly allocated full path name if found, NULL otherwise - Does not chase symlinks, even on platforms that support them. -*/ -char * -find_executable (const char *wrapper) -{ - int has_slash = 0; - const char *p; - const char *p_next; - /* static buffer for getcwd */ - char tmp[LT_PATHMAX + 1]; - size_t tmp_len; - char *concat_name; - - lt_debugprintf (__FILE__, __LINE__, "(find_executable): %s\n", - nonempty (wrapper)); - - if ((wrapper == NULL) || (*wrapper == '\0')) - return NULL; - - /* Absolute path? */ -#if defined HAVE_DOS_BASED_FILE_SYSTEM - if (isalpha ((unsigned char) wrapper[0]) && wrapper[1] == ':') - { - concat_name = xstrdup (wrapper); - if (check_executable (concat_name)) - return concat_name; - XFREE (concat_name); - } - else - { -#endif - if (IS_DIR_SEPARATOR (wrapper[0])) - { - concat_name = xstrdup (wrapper); - if (check_executable (concat_name)) - return concat_name; - XFREE (concat_name); - } -#if defined HAVE_DOS_BASED_FILE_SYSTEM - } -#endif - - for (p = wrapper; *p; p++) - if (*p == '/') - { - has_slash = 1; - break; - } - if (!has_slash) - { - /* no slashes; search PATH */ - const char *path = getenv ("PATH"); - if (path != NULL) - { - for (p = path; *p; p = p_next) - { - const char *q; - size_t p_len; - for (q = p; *q; q++) - if (IS_PATH_SEPARATOR (*q)) - break; - p_len = (size_t) (q - p); - p_next = (*q == '\0' ? q : q + 1); - if (p_len == 0) - { - /* empty path: current directory */ - if (getcwd (tmp, LT_PATHMAX) == NULL) - lt_fatal (__FILE__, __LINE__, "getcwd failed: %s", - nonnull (strerror (errno))); - tmp_len = strlen (tmp); - concat_name = - XMALLOC (char, tmp_len + 1 + strlen (wrapper) + 1); - memcpy (concat_name, tmp, tmp_len); - concat_name[tmp_len] = '/'; - strcpy (concat_name + tmp_len + 1, wrapper); - } - else - { - concat_name = - XMALLOC (char, p_len + 1 + strlen (wrapper) + 1); - memcpy (concat_name, p, p_len); - concat_name[p_len] = '/'; - strcpy (concat_name + p_len + 1, wrapper); - } - if (check_executable (concat_name)) - return concat_name; - XFREE (concat_name); - } - } - /* not found in PATH; assume curdir */ - } - /* Relative path | not found in path: prepend cwd */ - if (getcwd (tmp, LT_PATHMAX) == NULL) - lt_fatal (__FILE__, __LINE__, "getcwd failed: %s", - nonnull (strerror (errno))); - tmp_len = strlen (tmp); - concat_name = XMALLOC (char, tmp_len + 1 + strlen (wrapper) + 1); - memcpy (concat_name, tmp, tmp_len); - concat_name[tmp_len] = '/'; - strcpy (concat_name + tmp_len + 1, wrapper); - - if (check_executable (concat_name)) - return concat_name; - XFREE (concat_name); - return NULL; -} - -char * -chase_symlinks (const char *pathspec) -{ -#ifndef S_ISLNK - return xstrdup (pathspec); -#else - char buf[LT_PATHMAX]; - struct stat s; - char *tmp_pathspec = xstrdup (pathspec); - char *p; - int has_symlinks = 0; - while (strlen (tmp_pathspec) && !has_symlinks) - { - lt_debugprintf (__FILE__, __LINE__, - "checking path component for symlinks: %s\n", - tmp_pathspec); - if (lstat (tmp_pathspec, &s) == 0) - { - if (S_ISLNK (s.st_mode) != 0) - { - has_symlinks = 1; - break; - } - - /* search backwards for last DIR_SEPARATOR */ - p = tmp_pathspec + strlen (tmp_pathspec) - 1; - while ((p > tmp_pathspec) && (!IS_DIR_SEPARATOR (*p))) - p--; - if ((p == tmp_pathspec) && (!IS_DIR_SEPARATOR (*p))) - { - /* no more DIR_SEPARATORS left */ - break; - } - *p = '\0'; - } - else - { - lt_fatal (__FILE__, __LINE__, - "error accessing file \"%s\": %s", - tmp_pathspec, nonnull (strerror (errno))); - } - } - XFREE (tmp_pathspec); - - if (!has_symlinks) - { - return xstrdup (pathspec); - } - - tmp_pathspec = realpath (pathspec, buf); - if (tmp_pathspec == 0) - { - lt_fatal (__FILE__, __LINE__, - "could not follow symlinks for %s", pathspec); - } - return xstrdup (tmp_pathspec); -#endif -} - -char * -strendzap (char *str, const char *pat) -{ - size_t len, patlen; - - assert (str != NULL); - assert (pat != NULL); - - len = strlen (str); - patlen = strlen (pat); - - if (patlen <= len) - { - str += len - patlen; - if (STREQ (str, pat)) - *str = '\0'; - } - return str; -} - -void -lt_debugprintf (const char *file, int line, const char *fmt, ...) -{ - va_list args; - if (lt_debug) - { - (void) fprintf (stderr, "%s:%s:%d: ", program_name, file, line); - va_start (args, fmt); - (void) vfprintf (stderr, fmt, args); - va_end (args); - } -} - -static void -lt_error_core (int exit_status, const char *file, - int line, const char *mode, - const char *message, va_list ap) -{ - fprintf (stderr, "%s:%s:%d: %s: ", program_name, file, line, mode); - vfprintf (stderr, message, ap); - fprintf (stderr, ".\n"); - - if (exit_status >= 0) - exit (exit_status); -} - -void -lt_fatal (const char *file, int line, const char *message, ...) -{ - va_list ap; - va_start (ap, message); - lt_error_core (EXIT_FAILURE, file, line, "FATAL", message, ap); - va_end (ap); -} - -static const char * -nonnull (const char *s) -{ - return s ? s : "(null)"; -} - -static const char * -nonempty (const char *s) -{ - return (s && !*s) ? "(empty)" : nonnull (s); -} - -void -lt_setenv (const char *name, const char *value) -{ - lt_debugprintf (__FILE__, __LINE__, - "(lt_setenv) setting '%s' to '%s'\n", - nonnull (name), nonnull (value)); - { -#ifdef HAVE_SETENV - /* always make a copy, for consistency with !HAVE_SETENV */ - char *str = xstrdup (value); - setenv (name, str, 1); -#else - size_t len = strlen (name) + 1 + strlen (value) + 1; - char *str = XMALLOC (char, len); - sprintf (str, "%s=%s", name, value); - if (putenv (str) != EXIT_SUCCESS) - { - XFREE (str); - } -#endif - } -} - -char * -lt_extend_str (const char *orig_value, const char *add, int to_end) -{ - char *new_value; - if (orig_value && *orig_value) - { - size_t orig_value_len = strlen (orig_value); - size_t add_len = strlen (add); - new_value = XMALLOC (char, add_len + orig_value_len + 1); - if (to_end) - { - strcpy (new_value, orig_value); - strcpy (new_value + orig_value_len, add); - } - else - { - strcpy (new_value, add); - strcpy (new_value + add_len, orig_value); - } - } - else - { - new_value = xstrdup (add); - } - return new_value; -} - -void -lt_update_exe_path (const char *name, const char *value) -{ - lt_debugprintf (__FILE__, __LINE__, - "(lt_update_exe_path) modifying '%s' by prepending '%s'\n", - nonnull (name), nonnull (value)); - - if (name && *name && value && *value) - { - char *new_value = lt_extend_str (getenv (name), value, 0); - /* some systems can't cope with a ':'-terminated path #' */ - size_t len = strlen (new_value); - while ((len > 0) && IS_PATH_SEPARATOR (new_value[len-1])) - { - new_value[--len] = '\0'; - } - lt_setenv (name, new_value); - XFREE (new_value); - } -} - -void -lt_update_lib_path (const char *name, const char *value) -{ - lt_debugprintf (__FILE__, __LINE__, - "(lt_update_lib_path) modifying '%s' by prepending '%s'\n", - nonnull (name), nonnull (value)); - - if (name && *name && value && *value) - { - char *new_value = lt_extend_str (getenv (name), value, 0); - lt_setenv (name, new_value); - XFREE (new_value); - } -} - -EOF - case $host_os in - mingw*) - cat <<"EOF" - -/* Prepares an argument vector before calling spawn(). - Note that spawn() does not by itself call the command interpreter - (getenv ("COMSPEC") != NULL ? getenv ("COMSPEC") : - ({ OSVERSIONINFO v; v.dwOSVersionInfoSize = sizeof(OSVERSIONINFO); - GetVersionEx(&v); - v.dwPlatformId == VER_PLATFORM_WIN32_NT; - }) ? "cmd.exe" : "command.com"). - Instead it simply concatenates the arguments, separated by ' ', and calls - CreateProcess(). We must quote the arguments since Win32 CreateProcess() - interprets characters like ' ', '\t', '\\', '"' (but not '<' and '>') in a - special way: - - Space and tab are interpreted as delimiters. They are not treated as - delimiters if they are surrounded by double quotes: "...". - - Unescaped double quotes are removed from the input. Their only effect is - that within double quotes, space and tab are treated like normal - characters. - - Backslashes not followed by double quotes are not special. - - But 2*n+1 backslashes followed by a double quote become - n backslashes followed by a double quote (n >= 0): - \" -> " - \\\" -> \" - \\\\\" -> \\" - */ -#define SHELL_SPECIAL_CHARS "\"\\ \001\002\003\004\005\006\007\010\011\012\013\014\015\016\017\020\021\022\023\024\025\026\027\030\031\032\033\034\035\036\037" -#define SHELL_SPACE_CHARS " \001\002\003\004\005\006\007\010\011\012\013\014\015\016\017\020\021\022\023\024\025\026\027\030\031\032\033\034\035\036\037" -char ** -prepare_spawn (char **argv) -{ - size_t argc; - char **new_argv; - size_t i; - - /* Count number of arguments. */ - for (argc = 0; argv[argc] != NULL; argc++) - ; - - /* Allocate new argument vector. */ - new_argv = XMALLOC (char *, argc + 1); - - /* Put quoted arguments into the new argument vector. */ - for (i = 0; i < argc; i++) - { - const char *string = argv[i]; - - if (string[0] == '\0') - new_argv[i] = xstrdup ("\"\""); - else if (strpbrk (string, SHELL_SPECIAL_CHARS) != NULL) - { - int quote_around = (strpbrk (string, SHELL_SPACE_CHARS) != NULL); - size_t length; - unsigned int backslashes; - const char *s; - char *quoted_string; - char *p; - - length = 0; - backslashes = 0; - if (quote_around) - length++; - for (s = string; *s != '\0'; s++) - { - char c = *s; - if (c == '"') - length += backslashes + 1; - length++; - if (c == '\\') - backslashes++; - else - backslashes = 0; - } - if (quote_around) - length += backslashes + 1; - - quoted_string = XMALLOC (char, length + 1); - - p = quoted_string; - backslashes = 0; - if (quote_around) - *p++ = '"'; - for (s = string; *s != '\0'; s++) - { - char c = *s; - if (c == '"') - { - unsigned int j; - for (j = backslashes + 1; j > 0; j--) - *p++ = '\\'; - } - *p++ = c; - if (c == '\\') - backslashes++; - else - backslashes = 0; - } - if (quote_around) - { - unsigned int j; - for (j = backslashes; j > 0; j--) - *p++ = '\\'; - *p++ = '"'; - } - *p = '\0'; - - new_argv[i] = quoted_string; - } - else - new_argv[i] = (char *) string; - } - new_argv[argc] = NULL; - - return new_argv; -} -EOF - ;; - esac - - cat <<"EOF" -void lt_dump_script (FILE* f) -{ -EOF - func_emit_wrapper yes | - $SED -n -e ' -s/^\(.\{79\}\)\(..*\)/\1\ -\2/ -h -s/\([\\"]\)/\\\1/g -s/$/\\n/ -s/\([^\n]*\).*/ fputs ("\1", f);/p -g -D' - cat <<"EOF" -} -EOF -} -# end: func_emit_cwrapperexe_src - -# func_win32_import_lib_p ARG -# True if ARG is an import lib, as indicated by $file_magic_cmd -func_win32_import_lib_p () -{ - $debug_cmd - - case `eval $file_magic_cmd \"\$1\" 2>/dev/null | $SED -e 10q` in - *import*) : ;; - *) false ;; - esac -} - -# func_suncc_cstd_abi -# !!ONLY CALL THIS FOR SUN CC AFTER $compile_command IS FULLY EXPANDED!! -# Several compiler flags select an ABI that is incompatible with the -# Cstd library. Avoid specifying it if any are in CXXFLAGS. -func_suncc_cstd_abi () -{ - $debug_cmd - - case " $compile_command " in - *" -compat=g "*|*\ -std=c++[0-9][0-9]\ *|*" -library=stdcxx4 "*|*" -library=stlport4 "*) - suncc_use_cstd_abi=no - ;; - *) - suncc_use_cstd_abi=yes - ;; - esac -} - -# func_mode_link arg... -func_mode_link () -{ - $debug_cmd - - case $host in - *-*-cygwin* | *-*-mingw* | *-*-pw32* | *-*-os2* | *-cegcc*) - # It is impossible to link a dll without this setting, and - # we shouldn't force the makefile maintainer to figure out - # what system we are compiling for in order to pass an extra - # flag for every libtool invocation. - # allow_undefined=no - - # FIXME: Unfortunately, there are problems with the above when trying - # to make a dll that has undefined symbols, in which case not - # even a static library is built. For now, we need to specify - # -no-undefined on the libtool link line when we can be certain - # that all symbols are satisfied, otherwise we get a static library. - allow_undefined=yes - ;; - *) - allow_undefined=yes - ;; - esac - libtool_args=$nonopt - base_compile="$nonopt $@" - compile_command=$nonopt - finalize_command=$nonopt - - compile_rpath= - finalize_rpath= - compile_shlibpath= - finalize_shlibpath= - convenience= - old_convenience= - deplibs= - old_deplibs= - compiler_flags= - linker_flags= - dllsearchpath= - lib_search_path=`pwd` - inst_prefix_dir= - new_inherited_linker_flags= - - avoid_version=no - bindir= - dlfiles= - dlprefiles= - dlself=no - export_dynamic=no - export_symbols= - export_symbols_regex= - generated= - libobjs= - ltlibs= - module=no - no_install=no - objs= - os2dllname= - non_pic_objects= - precious_files_regex= - prefer_static_libs=no - preload=false - prev= - prevarg= - release= - rpath= - xrpath= - perm_rpath= - temp_rpath= - thread_safe=no - vinfo= - vinfo_number=no - weak_libs= - single_module=$wl-single_module - func_infer_tag $base_compile - - # We need to know -static, to get the right output filenames. - for arg - do - case $arg in - -shared) - test yes != "$build_libtool_libs" \ - && func_fatal_configuration "cannot build a shared library" - build_old_libs=no - break - ;; - -all-static | -static | -static-libtool-libs) - case $arg in - -all-static) - if test yes = "$build_libtool_libs" && test -z "$link_static_flag"; then - func_warning "complete static linking is impossible in this configuration" - fi - if test -n "$link_static_flag"; then - dlopen_self=$dlopen_self_static - fi - prefer_static_libs=yes - ;; - -static) - if test -z "$pic_flag" && test -n "$link_static_flag"; then - dlopen_self=$dlopen_self_static - fi - prefer_static_libs=built - ;; - -static-libtool-libs) - if test -z "$pic_flag" && test -n "$link_static_flag"; then - dlopen_self=$dlopen_self_static - fi - prefer_static_libs=yes - ;; - esac - build_libtool_libs=no - build_old_libs=yes - break - ;; - esac - done - - # See if our shared archives depend on static archives. - test -n "$old_archive_from_new_cmds" && build_old_libs=yes - - # Go through the arguments, transforming them on the way. - while test "$#" -gt 0; do - arg=$1 - shift - func_quote_for_eval "$arg" - qarg=$func_quote_for_eval_unquoted_result - func_append libtool_args " $func_quote_for_eval_result" - - # If the previous option needs an argument, assign it. - if test -n "$prev"; then - case $prev in - output) - func_append compile_command " @OUTPUT@" - func_append finalize_command " @OUTPUT@" - ;; - esac - - case $prev in - bindir) - bindir=$arg - prev= - continue - ;; - dlfiles|dlprefiles) - $preload || { - # Add the symbol object into the linking commands. - func_append compile_command " @SYMFILE@" - func_append finalize_command " @SYMFILE@" - preload=: - } - case $arg in - *.la | *.lo) ;; # We handle these cases below. - force) - if test no = "$dlself"; then - dlself=needless - export_dynamic=yes - fi - prev= - continue - ;; - self) - if test dlprefiles = "$prev"; then - dlself=yes - elif test dlfiles = "$prev" && test yes != "$dlopen_self"; then - dlself=yes - else - dlself=needless - export_dynamic=yes - fi - prev= - continue - ;; - *) - if test dlfiles = "$prev"; then - func_append dlfiles " $arg" - else - func_append dlprefiles " $arg" - fi - prev= - continue - ;; - esac - ;; - expsyms) - export_symbols=$arg - test -f "$arg" \ - || func_fatal_error "symbol file '$arg' does not exist" - prev= - continue - ;; - expsyms_regex) - export_symbols_regex=$arg - prev= - continue - ;; - framework) - case $host in - *-*-darwin*) - case "$deplibs " in - *" $qarg.ltframework "*) ;; - *) func_append deplibs " $qarg.ltframework" # this is fixed later - ;; - esac - ;; - esac - prev= - continue - ;; - inst_prefix) - inst_prefix_dir=$arg - prev= - continue - ;; - mllvm) - # Clang does not use LLVM to link, so we can simply discard any - # '-mllvm $arg' options when doing the link step. - prev= - continue - ;; - objectlist) - if test -f "$arg"; then - save_arg=$arg - moreargs= - for fil in `cat "$save_arg"` - do -# func_append moreargs " $fil" - arg=$fil - # A libtool-controlled object. - - # Check to see that this really is a libtool object. - if func_lalib_unsafe_p "$arg"; then - pic_object= - non_pic_object= - - # Read the .lo file - func_source "$arg" - - if test -z "$pic_object" || - test -z "$non_pic_object" || - test none = "$pic_object" && - test none = "$non_pic_object"; then - func_fatal_error "cannot find name of object for '$arg'" - fi - - # Extract subdirectory from the argument. - func_dirname "$arg" "/" "" - xdir=$func_dirname_result - - if test none != "$pic_object"; then - # Prepend the subdirectory the object is found in. - pic_object=$xdir$pic_object - - if test dlfiles = "$prev"; then - if test yes = "$build_libtool_libs" && test yes = "$dlopen_support"; then - func_append dlfiles " $pic_object" - prev= - continue - else - # If libtool objects are unsupported, then we need to preload. - prev=dlprefiles - fi - fi - - # CHECK ME: I think I busted this. -Ossama - if test dlprefiles = "$prev"; then - # Preload the old-style object. - func_append dlprefiles " $pic_object" - prev= - fi - - # A PIC object. - func_append libobjs " $pic_object" - arg=$pic_object - fi - - # Non-PIC object. - if test none != "$non_pic_object"; then - # Prepend the subdirectory the object is found in. - non_pic_object=$xdir$non_pic_object - - # A standard non-PIC object - func_append non_pic_objects " $non_pic_object" - if test -z "$pic_object" || test none = "$pic_object"; then - arg=$non_pic_object - fi - else - # If the PIC object exists, use it instead. - # $xdir was prepended to $pic_object above. - non_pic_object=$pic_object - func_append non_pic_objects " $non_pic_object" - fi - else - # Only an error if not doing a dry-run. - if $opt_dry_run; then - # Extract subdirectory from the argument. - func_dirname "$arg" "/" "" - xdir=$func_dirname_result - - func_lo2o "$arg" - pic_object=$xdir$objdir/$func_lo2o_result - non_pic_object=$xdir$func_lo2o_result - func_append libobjs " $pic_object" - func_append non_pic_objects " $non_pic_object" - else - func_fatal_error "'$arg' is not a valid libtool object" - fi - fi - done - else - func_fatal_error "link input file '$arg' does not exist" - fi - arg=$save_arg - prev= - continue - ;; - os2dllname) - os2dllname=$arg - prev= - continue - ;; - precious_regex) - precious_files_regex=$arg - prev= - continue - ;; - release) - release=-$arg - prev= - continue - ;; - rpath | xrpath) - # We need an absolute path. - case $arg in - [\\/]* | [A-Za-z]:[\\/]*) ;; - *) - func_fatal_error "only absolute run-paths are allowed" - ;; - esac - if test rpath = "$prev"; then - case "$rpath " in - *" $arg "*) ;; - *) func_append rpath " $arg" ;; - esac - else - case "$xrpath " in - *" $arg "*) ;; - *) func_append xrpath " $arg" ;; - esac - fi - prev= - continue - ;; - shrext) - shrext_cmds=$arg - prev= - continue - ;; - weak) - func_append weak_libs " $arg" - prev= - continue - ;; - xcclinker) - func_append linker_flags " $qarg" - func_append compiler_flags " $qarg" - prev= - func_append compile_command " $qarg" - func_append finalize_command " $qarg" - continue - ;; - xcompiler) - func_append compiler_flags " $qarg" - prev= - func_append compile_command " $qarg" - func_append finalize_command " $qarg" - continue - ;; - xlinker) - func_append linker_flags " $qarg" - func_append compiler_flags " $wl$qarg" - prev= - func_append compile_command " $wl$qarg" - func_append finalize_command " $wl$qarg" - continue - ;; - *) - eval "$prev=\"\$arg\"" - prev= - continue - ;; - esac - fi # test -n "$prev" - - prevarg=$arg - - case $arg in - -all-static) - if test -n "$link_static_flag"; then - # See comment for -static flag below, for more details. - func_append compile_command " $link_static_flag" - func_append finalize_command " $link_static_flag" - fi - continue - ;; - - -allow-undefined) - # FIXME: remove this flag sometime in the future. - func_fatal_error "'-allow-undefined' must not be used because it is the default" - ;; - - -avoid-version) - avoid_version=yes - continue - ;; - - -bindir) - prev=bindir - continue - ;; - - -dlopen) - prev=dlfiles - continue - ;; - - -dlpreopen) - prev=dlprefiles - continue - ;; - - -export-dynamic) - export_dynamic=yes - continue - ;; - - -export-symbols | -export-symbols-regex) - if test -n "$export_symbols" || test -n "$export_symbols_regex"; then - func_fatal_error "more than one -exported-symbols argument is not allowed" - fi - if test X-export-symbols = "X$arg"; then - prev=expsyms - else - prev=expsyms_regex - fi - continue - ;; - - -framework) - prev=framework - continue - ;; - - -inst-prefix-dir) - prev=inst_prefix - continue - ;; - - # The native IRIX linker understands -LANG:*, -LIST:* and -LNO:* - # so, if we see these flags be careful not to treat them like -L - -L[A-Z][A-Z]*:*) - case $with_gcc/$host in - no/*-*-irix* | /*-*-irix*) - func_append compile_command " $arg" - func_append finalize_command " $arg" - ;; - esac - continue - ;; - - -L*) - func_stripname "-L" '' "$arg" - if test -z "$func_stripname_result"; then - if test "$#" -gt 0; then - func_fatal_error "require no space between '-L' and '$1'" - else - func_fatal_error "need path for '-L' option" - fi - fi - func_resolve_sysroot "$func_stripname_result" - dir=$func_resolve_sysroot_result - # We need an absolute path. - case $dir in - [\\/]* | [A-Za-z]:[\\/]*) ;; - *) - absdir=`cd "$dir" && pwd` - test -z "$absdir" && \ - func_fatal_error "cannot determine absolute directory name of '$dir'" - dir=$absdir - ;; - esac - case "$deplibs " in - *" -L$dir "* | *" $arg "*) - # Will only happen for absolute or sysroot arguments - ;; - *) - # Preserve sysroot, but never include relative directories - case $dir in - [\\/]* | [A-Za-z]:[\\/]* | =*) func_append deplibs " $arg" ;; - *) func_append deplibs " -L$dir" ;; - esac - func_append lib_search_path " $dir" - ;; - esac - case $host in - *-*-cygwin* | *-*-mingw* | *-*-pw32* | *-*-os2* | *-cegcc*) - testbindir=`$ECHO "$dir" | $SED 's*/lib$*/bin*'` - case :$dllsearchpath: in - *":$dir:"*) ;; - ::) dllsearchpath=$dir;; - *) func_append dllsearchpath ":$dir";; - esac - case :$dllsearchpath: in - *":$testbindir:"*) ;; - ::) dllsearchpath=$testbindir;; - *) func_append dllsearchpath ":$testbindir";; - esac - ;; - esac - continue - ;; - - -l*) - if test X-lc = "X$arg" || test X-lm = "X$arg"; then - case $host in - *-*-cygwin* | *-*-mingw* | *-*-pw32* | *-*-beos* | *-cegcc* | *-*-haiku*) - # These systems don't actually have a C or math library (as such) - continue - ;; - *-*-os2*) - # These systems don't actually have a C library (as such) - test X-lc = "X$arg" && continue - ;; - *-*-openbsd* | *-*-freebsd* | *-*-dragonfly* | *-*-bitrig*) - # Do not include libc due to us having libc/libc_r. - test X-lc = "X$arg" && continue - ;; - *-*-rhapsody* | *-*-darwin1.[012]) - # Rhapsody C and math libraries are in the System framework - func_append deplibs " System.ltframework" - continue - ;; - *-*-sco3.2v5* | *-*-sco5v6*) - # Causes problems with __ctype - test X-lc = "X$arg" && continue - ;; - *-*-sysv4.2uw2* | *-*-sysv5* | *-*-unixware* | *-*-OpenUNIX*) - # Compiler inserts libc in the correct place for threads to work - test X-lc = "X$arg" && continue - ;; - esac - elif test X-lc_r = "X$arg"; then - case $host in - *-*-openbsd* | *-*-freebsd* | *-*-dragonfly* | *-*-bitrig*) - # Do not include libc_r directly, use -pthread flag. - continue - ;; - esac - fi - func_append deplibs " $arg" - continue - ;; - - -mllvm) - prev=mllvm - continue - ;; - - -module) - module=yes - continue - ;; - - # Tru64 UNIX uses -model [arg] to determine the layout of C++ - # classes, name mangling, and exception handling. - # Darwin uses the -arch flag to determine output architecture. - -model|-arch|-isysroot|--sysroot) - func_append compiler_flags " $arg" - func_append compile_command " $arg" - func_append finalize_command " $arg" - prev=xcompiler - continue - ;; - - -mt|-mthreads|-kthread|-Kthread|-pthread|-pthreads|--thread-safe \ - |-threads|-fopenmp|-openmp|-mp|-xopenmp|-omp|-qsmp=*) - func_append compiler_flags " $arg" - func_append compile_command " $arg" - func_append finalize_command " $arg" - case "$new_inherited_linker_flags " in - *" $arg "*) ;; - * ) func_append new_inherited_linker_flags " $arg" ;; - esac - continue - ;; - - -multi_module) - single_module=$wl-multi_module - continue - ;; - - -no-fast-install) - fast_install=no - continue - ;; - - -no-install) - case $host in - *-*-cygwin* | *-*-mingw* | *-*-pw32* | *-*-os2* | *-*-darwin* | *-cegcc*) - # The PATH hackery in wrapper scripts is required on Windows - # and Darwin in order for the loader to find any dlls it needs. - func_warning "'-no-install' is ignored for $host" - func_warning "assuming '-no-fast-install' instead" - fast_install=no - ;; - *) no_install=yes ;; - esac - continue - ;; - - -no-undefined) - allow_undefined=no - continue - ;; - - -objectlist) - prev=objectlist - continue - ;; - - -os2dllname) - prev=os2dllname - continue - ;; - - -o) prev=output ;; - - -precious-files-regex) - prev=precious_regex - continue - ;; - - -release) - prev=release - continue - ;; - - -rpath) - prev=rpath - continue - ;; - - -R) - prev=xrpath - continue - ;; - - -R*) - func_stripname '-R' '' "$arg" - dir=$func_stripname_result - # We need an absolute path. - case $dir in - [\\/]* | [A-Za-z]:[\\/]*) ;; - =*) - func_stripname '=' '' "$dir" - dir=$lt_sysroot$func_stripname_result - ;; - *) - func_fatal_error "only absolute run-paths are allowed" - ;; - esac - case "$xrpath " in - *" $dir "*) ;; - *) func_append xrpath " $dir" ;; - esac - continue - ;; - - -shared) - # The effects of -shared are defined in a previous loop. - continue - ;; - - -shrext) - prev=shrext - continue - ;; - - -static | -static-libtool-libs) - # The effects of -static are defined in a previous loop. - # We used to do the same as -all-static on platforms that - # didn't have a PIC flag, but the assumption that the effects - # would be equivalent was wrong. It would break on at least - # Digital Unix and AIX. - continue - ;; - - -thread-safe) - thread_safe=yes - continue - ;; - - -version-info) - prev=vinfo - continue - ;; - - -version-number) - prev=vinfo - vinfo_number=yes - continue - ;; - - -weak) - prev=weak - continue - ;; - - -Wc,*) - func_stripname '-Wc,' '' "$arg" - args=$func_stripname_result - arg= - save_ifs=$IFS; IFS=, - for flag in $args; do - IFS=$save_ifs - func_quote_for_eval "$flag" - func_append arg " $func_quote_for_eval_result" - func_append compiler_flags " $func_quote_for_eval_result" - done - IFS=$save_ifs - func_stripname ' ' '' "$arg" - arg=$func_stripname_result - ;; - - -Wl,*) - func_stripname '-Wl,' '' "$arg" - args=$func_stripname_result - arg= - save_ifs=$IFS; IFS=, - for flag in $args; do - IFS=$save_ifs - func_quote_for_eval "$flag" - func_append arg " $wl$func_quote_for_eval_result" - func_append compiler_flags " $wl$func_quote_for_eval_result" - func_append linker_flags " $func_quote_for_eval_result" - done - IFS=$save_ifs - func_stripname ' ' '' "$arg" - arg=$func_stripname_result - ;; - - -Xcompiler) - prev=xcompiler - continue - ;; - - -Xlinker) - prev=xlinker - continue - ;; - - -XCClinker) - prev=xcclinker - continue - ;; - - # -msg_* for osf cc - -msg_*) - func_quote_for_eval "$arg" - arg=$func_quote_for_eval_result - ;; - - # Flags to be passed through unchanged, with rationale: - # -64, -mips[0-9] enable 64-bit mode for the SGI compiler - # -r[0-9][0-9]* specify processor for the SGI compiler - # -xarch=*, -xtarget=* enable 64-bit mode for the Sun compiler - # +DA*, +DD* enable 64-bit mode for the HP compiler - # -q* compiler args for the IBM compiler - # -m*, -t[45]*, -txscale* architecture-specific flags for GCC - # -F/path path to uninstalled frameworks, gcc on darwin - # -p, -pg, --coverage, -fprofile-* profiling flags for GCC - # -fstack-protector* stack protector flags for GCC - # @file GCC response files - # -tp=* Portland pgcc target processor selection - # --sysroot=* for sysroot support - # -O*, -g*, -flto*, -fwhopr*, -fuse-linker-plugin GCC link-time optimization - # -stdlib=* select c++ std lib with clang - -64|-mips[0-9]|-r[0-9][0-9]*|-xarch=*|-xtarget=*|+DA*|+DD*|-q*|-m*| \ - -t[45]*|-txscale*|-p|-pg|--coverage|-fprofile-*|-F*|@*|-tp=*|--sysroot=*| \ - -O*|-g*|-flto*|-fwhopr*|-fuse-linker-plugin|-fstack-protector*|-stdlib=*) - func_quote_for_eval "$arg" - arg=$func_quote_for_eval_result - func_append compile_command " $arg" - func_append finalize_command " $arg" - func_append compiler_flags " $arg" - continue - ;; - - -Z*) - if test os2 = "`expr $host : '.*\(os2\)'`"; then - # OS/2 uses -Zxxx to specify OS/2-specific options - compiler_flags="$compiler_flags $arg" - func_append compile_command " $arg" - func_append finalize_command " $arg" - case $arg in - -Zlinker | -Zstack) - prev=xcompiler - ;; - esac - continue - else - # Otherwise treat like 'Some other compiler flag' below - func_quote_for_eval "$arg" - arg=$func_quote_for_eval_result - fi - ;; - - # Some other compiler flag. - -* | +*) - func_quote_for_eval "$arg" - arg=$func_quote_for_eval_result - ;; - - *.$objext) - # A standard object. - func_append objs " $arg" - ;; - - *.lo) - # A libtool-controlled object. - - # Check to see that this really is a libtool object. - if func_lalib_unsafe_p "$arg"; then - pic_object= - non_pic_object= - - # Read the .lo file - func_source "$arg" - - if test -z "$pic_object" || - test -z "$non_pic_object" || - test none = "$pic_object" && - test none = "$non_pic_object"; then - func_fatal_error "cannot find name of object for '$arg'" - fi - - # Extract subdirectory from the argument. - func_dirname "$arg" "/" "" - xdir=$func_dirname_result - - test none = "$pic_object" || { - # Prepend the subdirectory the object is found in. - pic_object=$xdir$pic_object - - if test dlfiles = "$prev"; then - if test yes = "$build_libtool_libs" && test yes = "$dlopen_support"; then - func_append dlfiles " $pic_object" - prev= - continue - else - # If libtool objects are unsupported, then we need to preload. - prev=dlprefiles - fi - fi - - # CHECK ME: I think I busted this. -Ossama - if test dlprefiles = "$prev"; then - # Preload the old-style object. - func_append dlprefiles " $pic_object" - prev= - fi - - # A PIC object. - func_append libobjs " $pic_object" - arg=$pic_object - } - - # Non-PIC object. - if test none != "$non_pic_object"; then - # Prepend the subdirectory the object is found in. - non_pic_object=$xdir$non_pic_object - - # A standard non-PIC object - func_append non_pic_objects " $non_pic_object" - if test -z "$pic_object" || test none = "$pic_object"; then - arg=$non_pic_object - fi - else - # If the PIC object exists, use it instead. - # $xdir was prepended to $pic_object above. - non_pic_object=$pic_object - func_append non_pic_objects " $non_pic_object" - fi - else - # Only an error if not doing a dry-run. - if $opt_dry_run; then - # Extract subdirectory from the argument. - func_dirname "$arg" "/" "" - xdir=$func_dirname_result - - func_lo2o "$arg" - pic_object=$xdir$objdir/$func_lo2o_result - non_pic_object=$xdir$func_lo2o_result - func_append libobjs " $pic_object" - func_append non_pic_objects " $non_pic_object" - else - func_fatal_error "'$arg' is not a valid libtool object" - fi - fi - ;; - - *.$libext) - # An archive. - func_append deplibs " $arg" - func_append old_deplibs " $arg" - continue - ;; - - *.la) - # A libtool-controlled library. - - func_resolve_sysroot "$arg" - if test dlfiles = "$prev"; then - # This library was specified with -dlopen. - func_append dlfiles " $func_resolve_sysroot_result" - prev= - elif test dlprefiles = "$prev"; then - # The library was specified with -dlpreopen. - func_append dlprefiles " $func_resolve_sysroot_result" - prev= - else - func_append deplibs " $func_resolve_sysroot_result" - fi - continue - ;; - - # Some other compiler argument. - *) - # Unknown arguments in both finalize_command and compile_command need - # to be aesthetically quoted because they are evaled later. - func_quote_for_eval "$arg" - arg=$func_quote_for_eval_result - ;; - esac # arg - - # Now actually substitute the argument into the commands. - if test -n "$arg"; then - func_append compile_command " $arg" - func_append finalize_command " $arg" - fi - done # argument parsing loop - - test -n "$prev" && \ - func_fatal_help "the '$prevarg' option requires an argument" - - if test yes = "$export_dynamic" && test -n "$export_dynamic_flag_spec"; then - eval arg=\"$export_dynamic_flag_spec\" - func_append compile_command " $arg" - func_append finalize_command " $arg" - fi - - oldlibs= - # calculate the name of the file, without its directory - func_basename "$output" - outputname=$func_basename_result - libobjs_save=$libobjs - - if test -n "$shlibpath_var"; then - # get the directories listed in $shlibpath_var - eval shlib_search_path=\`\$ECHO \"\$$shlibpath_var\" \| \$SED \'s/:/ /g\'\` - else - shlib_search_path= - fi - eval sys_lib_search_path=\"$sys_lib_search_path_spec\" - eval sys_lib_dlsearch_path=\"$sys_lib_dlsearch_path_spec\" - - # Definition is injected by LT_CONFIG during libtool generation. - func_munge_path_list sys_lib_dlsearch_path "$LT_SYS_LIBRARY_PATH" - - func_dirname "$output" "/" "" - output_objdir=$func_dirname_result$objdir - func_to_tool_file "$output_objdir/" - tool_output_objdir=$func_to_tool_file_result - # Create the object directory. - func_mkdir_p "$output_objdir" - - # Determine the type of output - case $output in - "") - func_fatal_help "you must specify an output file" - ;; - *.$libext) linkmode=oldlib ;; - *.lo | *.$objext) linkmode=obj ;; - *.la) linkmode=lib ;; - *) linkmode=prog ;; # Anything else should be a program. - esac - - specialdeplibs= - - libs= - # Find all interdependent deplibs by searching for libraries - # that are linked more than once (e.g. -la -lb -la) - for deplib in $deplibs; do - if $opt_preserve_dup_deps; then - case "$libs " in - *" $deplib "*) func_append specialdeplibs " $deplib" ;; - esac - fi - func_append libs " $deplib" - done - - if test lib = "$linkmode"; then - libs="$predeps $libs $compiler_lib_search_path $postdeps" - - # Compute libraries that are listed more than once in $predeps - # $postdeps and mark them as special (i.e., whose duplicates are - # not to be eliminated). - pre_post_deps= - if $opt_duplicate_compiler_generated_deps; then - for pre_post_dep in $predeps $postdeps; do - case "$pre_post_deps " in - *" $pre_post_dep "*) func_append specialdeplibs " $pre_post_deps" ;; - esac - func_append pre_post_deps " $pre_post_dep" - done - fi - pre_post_deps= - fi - - deplibs= - newdependency_libs= - newlib_search_path= - need_relink=no # whether we're linking any uninstalled libtool libraries - notinst_deplibs= # not-installed libtool libraries - notinst_path= # paths that contain not-installed libtool libraries - - case $linkmode in - lib) - passes="conv dlpreopen link" - for file in $dlfiles $dlprefiles; do - case $file in - *.la) ;; - *) - func_fatal_help "libraries can '-dlopen' only libtool libraries: $file" - ;; - esac - done - ;; - prog) - compile_deplibs= - finalize_deplibs= - alldeplibs=false - newdlfiles= - newdlprefiles= - passes="conv scan dlopen dlpreopen link" - ;; - *) passes="conv" - ;; - esac - - for pass in $passes; do - # The preopen pass in lib mode reverses $deplibs; put it back here - # so that -L comes before libs that need it for instance... - if test lib,link = "$linkmode,$pass"; then - ## FIXME: Find the place where the list is rebuilt in the wrong - ## order, and fix it there properly - tmp_deplibs= - for deplib in $deplibs; do - tmp_deplibs="$deplib $tmp_deplibs" - done - deplibs=$tmp_deplibs - fi - - if test lib,link = "$linkmode,$pass" || - test prog,scan = "$linkmode,$pass"; then - libs=$deplibs - deplibs= - fi - if test prog = "$linkmode"; then - case $pass in - dlopen) libs=$dlfiles ;; - dlpreopen) libs=$dlprefiles ;; - link) libs="$deplibs %DEPLIBS% $dependency_libs" ;; - esac - fi - if test lib,dlpreopen = "$linkmode,$pass"; then - # Collect and forward deplibs of preopened libtool libs - for lib in $dlprefiles; do - # Ignore non-libtool-libs - dependency_libs= - func_resolve_sysroot "$lib" - case $lib in - *.la) func_source "$func_resolve_sysroot_result" ;; - esac - - # Collect preopened libtool deplibs, except any this library - # has declared as weak libs - for deplib in $dependency_libs; do - func_basename "$deplib" - deplib_base=$func_basename_result - case " $weak_libs " in - *" $deplib_base "*) ;; - *) func_append deplibs " $deplib" ;; - esac - done - done - libs=$dlprefiles - fi - if test dlopen = "$pass"; then - # Collect dlpreopened libraries - save_deplibs=$deplibs - deplibs= - fi - - for deplib in $libs; do - lib= - found=false - case $deplib in - -mt|-mthreads|-kthread|-Kthread|-pthread|-pthreads|--thread-safe \ - |-threads|-fopenmp|-openmp|-mp|-xopenmp|-omp|-qsmp=*) - if test prog,link = "$linkmode,$pass"; then - compile_deplibs="$deplib $compile_deplibs" - finalize_deplibs="$deplib $finalize_deplibs" - else - func_append compiler_flags " $deplib" - if test lib = "$linkmode"; then - case "$new_inherited_linker_flags " in - *" $deplib "*) ;; - * ) func_append new_inherited_linker_flags " $deplib" ;; - esac - fi - fi - continue - ;; - -l*) - if test lib != "$linkmode" && test prog != "$linkmode"; then - func_warning "'-l' is ignored for archives/objects" - continue - fi - func_stripname '-l' '' "$deplib" - name=$func_stripname_result - if test lib = "$linkmode"; then - searchdirs="$newlib_search_path $lib_search_path $compiler_lib_search_dirs $sys_lib_search_path $shlib_search_path" - else - searchdirs="$newlib_search_path $lib_search_path $sys_lib_search_path $shlib_search_path" - fi - for searchdir in $searchdirs; do - for search_ext in .la $std_shrext .so .a; do - # Search the libtool library - lib=$searchdir/lib$name$search_ext - if test -f "$lib"; then - if test .la = "$search_ext"; then - found=: - else - found=false - fi - break 2 - fi - done - done - if $found; then - # deplib is a libtool library - # If $allow_libtool_libs_with_static_runtimes && $deplib is a stdlib, - # We need to do some special things here, and not later. - if test yes = "$allow_libtool_libs_with_static_runtimes"; then - case " $predeps $postdeps " in - *" $deplib "*) - if func_lalib_p "$lib"; then - library_names= - old_library= - func_source "$lib" - for l in $old_library $library_names; do - ll=$l - done - if test "X$ll" = "X$old_library"; then # only static version available - found=false - func_dirname "$lib" "" "." - ladir=$func_dirname_result - lib=$ladir/$old_library - if test prog,link = "$linkmode,$pass"; then - compile_deplibs="$deplib $compile_deplibs" - finalize_deplibs="$deplib $finalize_deplibs" - else - deplibs="$deplib $deplibs" - test lib = "$linkmode" && newdependency_libs="$deplib $newdependency_libs" - fi - continue - fi - fi - ;; - *) ;; - esac - fi - else - # deplib doesn't seem to be a libtool library - if test prog,link = "$linkmode,$pass"; then - compile_deplibs="$deplib $compile_deplibs" - finalize_deplibs="$deplib $finalize_deplibs" - else - deplibs="$deplib $deplibs" - test lib = "$linkmode" && newdependency_libs="$deplib $newdependency_libs" - fi - continue - fi - ;; # -l - *.ltframework) - if test prog,link = "$linkmode,$pass"; then - compile_deplibs="$deplib $compile_deplibs" - finalize_deplibs="$deplib $finalize_deplibs" - else - deplibs="$deplib $deplibs" - if test lib = "$linkmode"; then - case "$new_inherited_linker_flags " in - *" $deplib "*) ;; - * ) func_append new_inherited_linker_flags " $deplib" ;; - esac - fi - fi - continue - ;; - -L*) - case $linkmode in - lib) - deplibs="$deplib $deplibs" - test conv = "$pass" && continue - newdependency_libs="$deplib $newdependency_libs" - func_stripname '-L' '' "$deplib" - func_resolve_sysroot "$func_stripname_result" - func_append newlib_search_path " $func_resolve_sysroot_result" - ;; - prog) - if test conv = "$pass"; then - deplibs="$deplib $deplibs" - continue - fi - if test scan = "$pass"; then - deplibs="$deplib $deplibs" - else - compile_deplibs="$deplib $compile_deplibs" - finalize_deplibs="$deplib $finalize_deplibs" - fi - func_stripname '-L' '' "$deplib" - func_resolve_sysroot "$func_stripname_result" - func_append newlib_search_path " $func_resolve_sysroot_result" - ;; - *) - func_warning "'-L' is ignored for archives/objects" - ;; - esac # linkmode - continue - ;; # -L - -R*) - if test link = "$pass"; then - func_stripname '-R' '' "$deplib" - func_resolve_sysroot "$func_stripname_result" - dir=$func_resolve_sysroot_result - # Make sure the xrpath contains only unique directories. - case "$xrpath " in - *" $dir "*) ;; - *) func_append xrpath " $dir" ;; - esac - fi - deplibs="$deplib $deplibs" - continue - ;; - *.la) - func_resolve_sysroot "$deplib" - lib=$func_resolve_sysroot_result - ;; - *.$libext) - if test conv = "$pass"; then - deplibs="$deplib $deplibs" - continue - fi - case $linkmode in - lib) - # Linking convenience modules into shared libraries is allowed, - # but linking other static libraries is non-portable. - case " $dlpreconveniencelibs " in - *" $deplib "*) ;; - *) - valid_a_lib=false - case $deplibs_check_method in - match_pattern*) - set dummy $deplibs_check_method; shift - match_pattern_regex=`expr "$deplibs_check_method" : "$1 \(.*\)"` - if eval "\$ECHO \"$deplib\"" 2>/dev/null | $SED 10q \ - | $EGREP "$match_pattern_regex" > /dev/null; then - valid_a_lib=: - fi - ;; - pass_all) - valid_a_lib=: - ;; - esac - if $valid_a_lib; then - echo - $ECHO "*** Warning: Linking the shared library $output against the" - $ECHO "*** static library $deplib is not portable!" - deplibs="$deplib $deplibs" - else - echo - $ECHO "*** Warning: Trying to link with static lib archive $deplib." - echo "*** I have the capability to make that library automatically link in when" - echo "*** you link to this library. But I can only do this if you have a" - echo "*** shared version of the library, which you do not appear to have" - echo "*** because the file extensions .$libext of this argument makes me believe" - echo "*** that it is just a static archive that I should not use here." - fi - ;; - esac - continue - ;; - prog) - if test link != "$pass"; then - deplibs="$deplib $deplibs" - else - compile_deplibs="$deplib $compile_deplibs" - finalize_deplibs="$deplib $finalize_deplibs" - fi - continue - ;; - esac # linkmode - ;; # *.$libext - *.lo | *.$objext) - if test conv = "$pass"; then - deplibs="$deplib $deplibs" - elif test prog = "$linkmode"; then - if test dlpreopen = "$pass" || test yes != "$dlopen_support" || test no = "$build_libtool_libs"; then - # If there is no dlopen support or we're linking statically, - # we need to preload. - func_append newdlprefiles " $deplib" - compile_deplibs="$deplib $compile_deplibs" - finalize_deplibs="$deplib $finalize_deplibs" - else - func_append newdlfiles " $deplib" - fi - fi - continue - ;; - %DEPLIBS%) - alldeplibs=: - continue - ;; - esac # case $deplib - - $found || test -f "$lib" \ - || func_fatal_error "cannot find the library '$lib' or unhandled argument '$deplib'" - - # Check to see that this really is a libtool archive. - func_lalib_unsafe_p "$lib" \ - || func_fatal_error "'$lib' is not a valid libtool archive" - - func_dirname "$lib" "" "." - ladir=$func_dirname_result - - dlname= - dlopen= - dlpreopen= - libdir= - library_names= - old_library= - inherited_linker_flags= - # If the library was installed with an old release of libtool, - # it will not redefine variables installed, or shouldnotlink - installed=yes - shouldnotlink=no - avoidtemprpath= - - - # Read the .la file - func_source "$lib" - - # Convert "-framework foo" to "foo.ltframework" - if test -n "$inherited_linker_flags"; then - tmp_inherited_linker_flags=`$ECHO "$inherited_linker_flags" | $SED 's/-framework \([^ $]*\)/\1.ltframework/g'` - for tmp_inherited_linker_flag in $tmp_inherited_linker_flags; do - case " $new_inherited_linker_flags " in - *" $tmp_inherited_linker_flag "*) ;; - *) func_append new_inherited_linker_flags " $tmp_inherited_linker_flag";; - esac - done - fi - dependency_libs=`$ECHO " $dependency_libs" | $SED 's% \([^ $]*\).ltframework% -framework \1%g'` - if test lib,link = "$linkmode,$pass" || - test prog,scan = "$linkmode,$pass" || - { test prog != "$linkmode" && test lib != "$linkmode"; }; then - test -n "$dlopen" && func_append dlfiles " $dlopen" - test -n "$dlpreopen" && func_append dlprefiles " $dlpreopen" - fi - - if test conv = "$pass"; then - # Only check for convenience libraries - deplibs="$lib $deplibs" - if test -z "$libdir"; then - if test -z "$old_library"; then - func_fatal_error "cannot find name of link library for '$lib'" - fi - # It is a libtool convenience library, so add in its objects. - func_append convenience " $ladir/$objdir/$old_library" - func_append old_convenience " $ladir/$objdir/$old_library" - elif test prog != "$linkmode" && test lib != "$linkmode"; then - func_fatal_error "'$lib' is not a convenience library" - fi - tmp_libs= - for deplib in $dependency_libs; do - deplibs="$deplib $deplibs" - if $opt_preserve_dup_deps; then - case "$tmp_libs " in - *" $deplib "*) func_append specialdeplibs " $deplib" ;; - esac - fi - func_append tmp_libs " $deplib" - done - continue - fi # $pass = conv - - - # Get the name of the library we link against. - linklib= - if test -n "$old_library" && - { test yes = "$prefer_static_libs" || - test built,no = "$prefer_static_libs,$installed"; }; then - linklib=$old_library - else - for l in $old_library $library_names; do - linklib=$l - done - fi - if test -z "$linklib"; then - func_fatal_error "cannot find name of link library for '$lib'" - fi - - # This library was specified with -dlopen. - if test dlopen = "$pass"; then - test -z "$libdir" \ - && func_fatal_error "cannot -dlopen a convenience library: '$lib'" - if test -z "$dlname" || - test yes != "$dlopen_support" || - test no = "$build_libtool_libs" - then - # If there is no dlname, no dlopen support or we're linking - # statically, we need to preload. We also need to preload any - # dependent libraries so libltdl's deplib preloader doesn't - # bomb out in the load deplibs phase. - func_append dlprefiles " $lib $dependency_libs" - else - func_append newdlfiles " $lib" - fi - continue - fi # $pass = dlopen - - # We need an absolute path. - case $ladir in - [\\/]* | [A-Za-z]:[\\/]*) abs_ladir=$ladir ;; - *) - abs_ladir=`cd "$ladir" && pwd` - if test -z "$abs_ladir"; then - func_warning "cannot determine absolute directory name of '$ladir'" - func_warning "passing it literally to the linker, although it might fail" - abs_ladir=$ladir - fi - ;; - esac - func_basename "$lib" - laname=$func_basename_result - - # Find the relevant object directory and library name. - if test yes = "$installed"; then - if test ! -f "$lt_sysroot$libdir/$linklib" && test -f "$abs_ladir/$linklib"; then - func_warning "library '$lib' was moved." - dir=$ladir - absdir=$abs_ladir - libdir=$abs_ladir - else - dir=$lt_sysroot$libdir - absdir=$lt_sysroot$libdir - fi - test yes = "$hardcode_automatic" && avoidtemprpath=yes - else - if test ! -f "$ladir/$objdir/$linklib" && test -f "$abs_ladir/$linklib"; then - dir=$ladir - absdir=$abs_ladir - # Remove this search path later - func_append notinst_path " $abs_ladir" - else - dir=$ladir/$objdir - absdir=$abs_ladir/$objdir - # Remove this search path later - func_append notinst_path " $abs_ladir" - fi - fi # $installed = yes - func_stripname 'lib' '.la' "$laname" - name=$func_stripname_result - - # This library was specified with -dlpreopen. - if test dlpreopen = "$pass"; then - if test -z "$libdir" && test prog = "$linkmode"; then - func_fatal_error "only libraries may -dlpreopen a convenience library: '$lib'" - fi - case $host in - # special handling for platforms with PE-DLLs. - *cygwin* | *mingw* | *cegcc* ) - # Linker will automatically link against shared library if both - # static and shared are present. Therefore, ensure we extract - # symbols from the import library if a shared library is present - # (otherwise, the dlopen module name will be incorrect). We do - # this by putting the import library name into $newdlprefiles. - # We recover the dlopen module name by 'saving' the la file - # name in a special purpose variable, and (later) extracting the - # dlname from the la file. - if test -n "$dlname"; then - func_tr_sh "$dir/$linklib" - eval "libfile_$func_tr_sh_result=\$abs_ladir/\$laname" - func_append newdlprefiles " $dir/$linklib" - else - func_append newdlprefiles " $dir/$old_library" - # Keep a list of preopened convenience libraries to check - # that they are being used correctly in the link pass. - test -z "$libdir" && \ - func_append dlpreconveniencelibs " $dir/$old_library" - fi - ;; - * ) - # Prefer using a static library (so that no silly _DYNAMIC symbols - # are required to link). - if test -n "$old_library"; then - func_append newdlprefiles " $dir/$old_library" - # Keep a list of preopened convenience libraries to check - # that they are being used correctly in the link pass. - test -z "$libdir" && \ - func_append dlpreconveniencelibs " $dir/$old_library" - # Otherwise, use the dlname, so that lt_dlopen finds it. - elif test -n "$dlname"; then - func_append newdlprefiles " $dir/$dlname" - else - func_append newdlprefiles " $dir/$linklib" - fi - ;; - esac - fi # $pass = dlpreopen - - if test -z "$libdir"; then - # Link the convenience library - if test lib = "$linkmode"; then - deplibs="$dir/$old_library $deplibs" - elif test prog,link = "$linkmode,$pass"; then - compile_deplibs="$dir/$old_library $compile_deplibs" - finalize_deplibs="$dir/$old_library $finalize_deplibs" - else - deplibs="$lib $deplibs" # used for prog,scan pass - fi - continue - fi - - - if test prog = "$linkmode" && test link != "$pass"; then - func_append newlib_search_path " $ladir" - deplibs="$lib $deplibs" - - linkalldeplibs=false - if test no != "$link_all_deplibs" || test -z "$library_names" || - test no = "$build_libtool_libs"; then - linkalldeplibs=: - fi - - tmp_libs= - for deplib in $dependency_libs; do - case $deplib in - -L*) func_stripname '-L' '' "$deplib" - func_resolve_sysroot "$func_stripname_result" - func_append newlib_search_path " $func_resolve_sysroot_result" - ;; - esac - # Need to link against all dependency_libs? - if $linkalldeplibs; then - deplibs="$deplib $deplibs" - else - # Need to hardcode shared library paths - # or/and link against static libraries - newdependency_libs="$deplib $newdependency_libs" - fi - if $opt_preserve_dup_deps; then - case "$tmp_libs " in - *" $deplib "*) func_append specialdeplibs " $deplib" ;; - esac - fi - func_append tmp_libs " $deplib" - done # for deplib - continue - fi # $linkmode = prog... - - if test prog,link = "$linkmode,$pass"; then - if test -n "$library_names" && - { { test no = "$prefer_static_libs" || - test built,yes = "$prefer_static_libs,$installed"; } || - test -z "$old_library"; }; then - # We need to hardcode the library path - if test -n "$shlibpath_var" && test -z "$avoidtemprpath"; then - # Make sure the rpath contains only unique directories. - case $temp_rpath: in - *"$absdir:"*) ;; - *) func_append temp_rpath "$absdir:" ;; - esac - fi - - # Hardcode the library path. - # Skip directories that are in the system default run-time - # search path. - case " $sys_lib_dlsearch_path " in - *" $absdir "*) ;; - *) - case "$compile_rpath " in - *" $absdir "*) ;; - *) func_append compile_rpath " $absdir" ;; - esac - ;; - esac - case " $sys_lib_dlsearch_path " in - *" $libdir "*) ;; - *) - case "$finalize_rpath " in - *" $libdir "*) ;; - *) func_append finalize_rpath " $libdir" ;; - esac - ;; - esac - fi # $linkmode,$pass = prog,link... - - if $alldeplibs && - { test pass_all = "$deplibs_check_method" || - { test yes = "$build_libtool_libs" && - test -n "$library_names"; }; }; then - # We only need to search for static libraries - continue - fi - fi - - link_static=no # Whether the deplib will be linked statically - use_static_libs=$prefer_static_libs - if test built = "$use_static_libs" && test yes = "$installed"; then - use_static_libs=no - fi - if test -n "$library_names" && - { test no = "$use_static_libs" || test -z "$old_library"; }; then - case $host in - *cygwin* | *mingw* | *cegcc* | *os2*) - # No point in relinking DLLs because paths are not encoded - func_append notinst_deplibs " $lib" - need_relink=no - ;; - *) - if test no = "$installed"; then - func_append notinst_deplibs " $lib" - need_relink=yes - fi - ;; - esac - # This is a shared library - - # Warn about portability, can't link against -module's on some - # systems (darwin). Don't bleat about dlopened modules though! - dlopenmodule= - for dlpremoduletest in $dlprefiles; do - if test "X$dlpremoduletest" = "X$lib"; then - dlopenmodule=$dlpremoduletest - break - fi - done - if test -z "$dlopenmodule" && test yes = "$shouldnotlink" && test link = "$pass"; then - echo - if test prog = "$linkmode"; then - $ECHO "*** Warning: Linking the executable $output against the loadable module" - else - $ECHO "*** Warning: Linking the shared library $output against the loadable module" - fi - $ECHO "*** $linklib is not portable!" - fi - if test lib = "$linkmode" && - test yes = "$hardcode_into_libs"; then - # Hardcode the library path. - # Skip directories that are in the system default run-time - # search path. - case " $sys_lib_dlsearch_path " in - *" $absdir "*) ;; - *) - case "$compile_rpath " in - *" $absdir "*) ;; - *) func_append compile_rpath " $absdir" ;; - esac - ;; - esac - case " $sys_lib_dlsearch_path " in - *" $libdir "*) ;; - *) - case "$finalize_rpath " in - *" $libdir "*) ;; - *) func_append finalize_rpath " $libdir" ;; - esac - ;; - esac - fi - - if test -n "$old_archive_from_expsyms_cmds"; then - # figure out the soname - set dummy $library_names - shift - realname=$1 - shift - libname=`eval "\\$ECHO \"$libname_spec\""` - # use dlname if we got it. it's perfectly good, no? - if test -n "$dlname"; then - soname=$dlname - elif test -n "$soname_spec"; then - # bleh windows - case $host in - *cygwin* | mingw* | *cegcc* | *os2*) - func_arith $current - $age - major=$func_arith_result - versuffix=-$major - ;; - esac - eval soname=\"$soname_spec\" - else - soname=$realname - fi - - # Make a new name for the extract_expsyms_cmds to use - soroot=$soname - func_basename "$soroot" - soname=$func_basename_result - func_stripname 'lib' '.dll' "$soname" - newlib=libimp-$func_stripname_result.a - - # If the library has no export list, then create one now - if test -f "$output_objdir/$soname-def"; then : - else - func_verbose "extracting exported symbol list from '$soname'" - func_execute_cmds "$extract_expsyms_cmds" 'exit $?' - fi - - # Create $newlib - if test -f "$output_objdir/$newlib"; then :; else - func_verbose "generating import library for '$soname'" - func_execute_cmds "$old_archive_from_expsyms_cmds" 'exit $?' - fi - # make sure the library variables are pointing to the new library - dir=$output_objdir - linklib=$newlib - fi # test -n "$old_archive_from_expsyms_cmds" - - if test prog = "$linkmode" || test relink != "$opt_mode"; then - add_shlibpath= - add_dir= - add= - lib_linked=yes - case $hardcode_action in - immediate | unsupported) - if test no = "$hardcode_direct"; then - add=$dir/$linklib - case $host in - *-*-sco3.2v5.0.[024]*) add_dir=-L$dir ;; - *-*-sysv4*uw2*) add_dir=-L$dir ;; - *-*-sysv5OpenUNIX* | *-*-sysv5UnixWare7.[01].[10]* | \ - *-*-unixware7*) add_dir=-L$dir ;; - *-*-darwin* ) - # if the lib is a (non-dlopened) module then we cannot - # link against it, someone is ignoring the earlier warnings - if /usr/bin/file -L $add 2> /dev/null | - $GREP ": [^:]* bundle" >/dev/null; then - if test "X$dlopenmodule" != "X$lib"; then - $ECHO "*** Warning: lib $linklib is a module, not a shared library" - if test -z "$old_library"; then - echo - echo "*** And there doesn't seem to be a static archive available" - echo "*** The link will probably fail, sorry" - else - add=$dir/$old_library - fi - elif test -n "$old_library"; then - add=$dir/$old_library - fi - fi - esac - elif test no = "$hardcode_minus_L"; then - case $host in - *-*-sunos*) add_shlibpath=$dir ;; - esac - add_dir=-L$dir - add=-l$name - elif test no = "$hardcode_shlibpath_var"; then - add_shlibpath=$dir - add=-l$name - else - lib_linked=no - fi - ;; - relink) - if test yes = "$hardcode_direct" && - test no = "$hardcode_direct_absolute"; then - add=$dir/$linklib - elif test yes = "$hardcode_minus_L"; then - add_dir=-L$absdir - # Try looking first in the location we're being installed to. - if test -n "$inst_prefix_dir"; then - case $libdir in - [\\/]*) - func_append add_dir " -L$inst_prefix_dir$libdir" - ;; - esac - fi - add=-l$name - elif test yes = "$hardcode_shlibpath_var"; then - add_shlibpath=$dir - add=-l$name - else - lib_linked=no - fi - ;; - *) lib_linked=no ;; - esac - - if test yes != "$lib_linked"; then - func_fatal_configuration "unsupported hardcode properties" - fi - - if test -n "$add_shlibpath"; then - case :$compile_shlibpath: in - *":$add_shlibpath:"*) ;; - *) func_append compile_shlibpath "$add_shlibpath:" ;; - esac - fi - if test prog = "$linkmode"; then - test -n "$add_dir" && compile_deplibs="$add_dir $compile_deplibs" - test -n "$add" && compile_deplibs="$add $compile_deplibs" - else - test -n "$add_dir" && deplibs="$add_dir $deplibs" - test -n "$add" && deplibs="$add $deplibs" - if test yes != "$hardcode_direct" && - test yes != "$hardcode_minus_L" && - test yes = "$hardcode_shlibpath_var"; then - case :$finalize_shlibpath: in - *":$libdir:"*) ;; - *) func_append finalize_shlibpath "$libdir:" ;; - esac - fi - fi - fi - - if test prog = "$linkmode" || test relink = "$opt_mode"; then - add_shlibpath= - add_dir= - add= - # Finalize command for both is simple: just hardcode it. - if test yes = "$hardcode_direct" && - test no = "$hardcode_direct_absolute"; then - add=$libdir/$linklib - elif test yes = "$hardcode_minus_L"; then - add_dir=-L$libdir - add=-l$name - elif test yes = "$hardcode_shlibpath_var"; then - case :$finalize_shlibpath: in - *":$libdir:"*) ;; - *) func_append finalize_shlibpath "$libdir:" ;; - esac - add=-l$name - elif test yes = "$hardcode_automatic"; then - if test -n "$inst_prefix_dir" && - test -f "$inst_prefix_dir$libdir/$linklib"; then - add=$inst_prefix_dir$libdir/$linklib - else - add=$libdir/$linklib - fi - else - # We cannot seem to hardcode it, guess we'll fake it. - add_dir=-L$libdir - # Try looking first in the location we're being installed to. - if test -n "$inst_prefix_dir"; then - case $libdir in - [\\/]*) - func_append add_dir " -L$inst_prefix_dir$libdir" - ;; - esac - fi - add=-l$name - fi - - if test prog = "$linkmode"; then - test -n "$add_dir" && finalize_deplibs="$add_dir $finalize_deplibs" - test -n "$add" && finalize_deplibs="$add $finalize_deplibs" - else - test -n "$add_dir" && deplibs="$add_dir $deplibs" - test -n "$add" && deplibs="$add $deplibs" - fi - fi - elif test prog = "$linkmode"; then - # Here we assume that one of hardcode_direct or hardcode_minus_L - # is not unsupported. This is valid on all known static and - # shared platforms. - if test unsupported != "$hardcode_direct"; then - test -n "$old_library" && linklib=$old_library - compile_deplibs="$dir/$linklib $compile_deplibs" - finalize_deplibs="$dir/$linklib $finalize_deplibs" - else - compile_deplibs="-l$name -L$dir $compile_deplibs" - finalize_deplibs="-l$name -L$dir $finalize_deplibs" - fi - elif test yes = "$build_libtool_libs"; then - # Not a shared library - if test pass_all != "$deplibs_check_method"; then - # We're trying link a shared library against a static one - # but the system doesn't support it. - - # Just print a warning and add the library to dependency_libs so - # that the program can be linked against the static library. - echo - $ECHO "*** Warning: This system cannot link to static lib archive $lib." - echo "*** I have the capability to make that library automatically link in when" - echo "*** you link to this library. But I can only do this if you have a" - echo "*** shared version of the library, which you do not appear to have." - if test yes = "$module"; then - echo "*** But as you try to build a module library, libtool will still create " - echo "*** a static module, that should work as long as the dlopening application" - echo "*** is linked with the -dlopen flag to resolve symbols at runtime." - if test -z "$global_symbol_pipe"; then - echo - echo "*** However, this would only work if libtool was able to extract symbol" - echo "*** lists from a program, using 'nm' or equivalent, but libtool could" - echo "*** not find such a program. So, this module is probably useless." - echo "*** 'nm' from GNU binutils and a full rebuild may help." - fi - if test no = "$build_old_libs"; then - build_libtool_libs=module - build_old_libs=yes - else - build_libtool_libs=no - fi - fi - else - deplibs="$dir/$old_library $deplibs" - link_static=yes - fi - fi # link shared/static library? - - if test lib = "$linkmode"; then - if test -n "$dependency_libs" && - { test yes != "$hardcode_into_libs" || - test yes = "$build_old_libs" || - test yes = "$link_static"; }; then - # Extract -R from dependency_libs - temp_deplibs= - for libdir in $dependency_libs; do - case $libdir in - -R*) func_stripname '-R' '' "$libdir" - temp_xrpath=$func_stripname_result - case " $xrpath " in - *" $temp_xrpath "*) ;; - *) func_append xrpath " $temp_xrpath";; - esac;; - *) func_append temp_deplibs " $libdir";; - esac - done - dependency_libs=$temp_deplibs - fi - - func_append newlib_search_path " $absdir" - # Link against this library - test no = "$link_static" && newdependency_libs="$abs_ladir/$laname $newdependency_libs" - # ... and its dependency_libs - tmp_libs= - for deplib in $dependency_libs; do - newdependency_libs="$deplib $newdependency_libs" - case $deplib in - -L*) func_stripname '-L' '' "$deplib" - func_resolve_sysroot "$func_stripname_result";; - *) func_resolve_sysroot "$deplib" ;; - esac - if $opt_preserve_dup_deps; then - case "$tmp_libs " in - *" $func_resolve_sysroot_result "*) - func_append specialdeplibs " $func_resolve_sysroot_result" ;; - esac - fi - func_append tmp_libs " $func_resolve_sysroot_result" - done - - if test no != "$link_all_deplibs"; then - # Add the search paths of all dependency libraries - for deplib in $dependency_libs; do - path= - case $deplib in - -L*) path=$deplib ;; - *.la) - func_resolve_sysroot "$deplib" - deplib=$func_resolve_sysroot_result - func_dirname "$deplib" "" "." - dir=$func_dirname_result - # We need an absolute path. - case $dir in - [\\/]* | [A-Za-z]:[\\/]*) absdir=$dir ;; - *) - absdir=`cd "$dir" && pwd` - if test -z "$absdir"; then - func_warning "cannot determine absolute directory name of '$dir'" - absdir=$dir - fi - ;; - esac - if $GREP "^installed=no" $deplib > /dev/null; then - case $host in - *-*-darwin*) - depdepl= - eval deplibrary_names=`$SED -n -e 's/^library_names=\(.*\)$/\1/p' $deplib` - if test -n "$deplibrary_names"; then - for tmp in $deplibrary_names; do - depdepl=$tmp - done - if test -f "$absdir/$objdir/$depdepl"; then - depdepl=$absdir/$objdir/$depdepl - darwin_install_name=`$OTOOL -L $depdepl | awk '{if (NR == 2) {print $1;exit}}'` - if test -z "$darwin_install_name"; then - darwin_install_name=`$OTOOL64 -L $depdepl | awk '{if (NR == 2) {print $1;exit}}'` - fi - func_append compiler_flags " $wl-dylib_file $wl$darwin_install_name:$depdepl" - func_append linker_flags " -dylib_file $darwin_install_name:$depdepl" - path= - fi - fi - ;; - *) - path=-L$absdir/$objdir - ;; - esac - else - eval libdir=`$SED -n -e 's/^libdir=\(.*\)$/\1/p' $deplib` - test -z "$libdir" && \ - func_fatal_error "'$deplib' is not a valid libtool archive" - test "$absdir" != "$libdir" && \ - func_warning "'$deplib' seems to be moved" - - path=-L$absdir - fi - ;; - esac - case " $deplibs " in - *" $path "*) ;; - *) deplibs="$path $deplibs" ;; - esac - done - fi # link_all_deplibs != no - fi # linkmode = lib - done # for deplib in $libs - if test link = "$pass"; then - if test prog = "$linkmode"; then - compile_deplibs="$new_inherited_linker_flags $compile_deplibs" - finalize_deplibs="$new_inherited_linker_flags $finalize_deplibs" - else - compiler_flags="$compiler_flags "`$ECHO " $new_inherited_linker_flags" | $SED 's% \([^ $]*\).ltframework% -framework \1%g'` - fi - fi - dependency_libs=$newdependency_libs - if test dlpreopen = "$pass"; then - # Link the dlpreopened libraries before other libraries - for deplib in $save_deplibs; do - deplibs="$deplib $deplibs" - done - fi - if test dlopen != "$pass"; then - test conv = "$pass" || { - # Make sure lib_search_path contains only unique directories. - lib_search_path= - for dir in $newlib_search_path; do - case "$lib_search_path " in - *" $dir "*) ;; - *) func_append lib_search_path " $dir" ;; - esac - done - newlib_search_path= - } - - if test prog,link = "$linkmode,$pass"; then - vars="compile_deplibs finalize_deplibs" - else - vars=deplibs - fi - for var in $vars dependency_libs; do - # Add libraries to $var in reverse order - eval tmp_libs=\"\$$var\" - new_libs= - for deplib in $tmp_libs; do - # FIXME: Pedantically, this is the right thing to do, so - # that some nasty dependency loop isn't accidentally - # broken: - #new_libs="$deplib $new_libs" - # Pragmatically, this seems to cause very few problems in - # practice: - case $deplib in - -L*) new_libs="$deplib $new_libs" ;; - -R*) ;; - *) - # And here is the reason: when a library appears more - # than once as an explicit dependence of a library, or - # is implicitly linked in more than once by the - # compiler, it is considered special, and multiple - # occurrences thereof are not removed. Compare this - # with having the same library being listed as a - # dependency of multiple other libraries: in this case, - # we know (pedantically, we assume) the library does not - # need to be listed more than once, so we keep only the - # last copy. This is not always right, but it is rare - # enough that we require users that really mean to play - # such unportable linking tricks to link the library - # using -Wl,-lname, so that libtool does not consider it - # for duplicate removal. - case " $specialdeplibs " in - *" $deplib "*) new_libs="$deplib $new_libs" ;; - *) - case " $new_libs " in - *" $deplib "*) ;; - *) new_libs="$deplib $new_libs" ;; - esac - ;; - esac - ;; - esac - done - tmp_libs= - for deplib in $new_libs; do - case $deplib in - -L*) - case " $tmp_libs " in - *" $deplib "*) ;; - *) func_append tmp_libs " $deplib" ;; - esac - ;; - *) func_append tmp_libs " $deplib" ;; - esac - done - eval $var=\"$tmp_libs\" - done # for var - fi - - # Add Sun CC postdeps if required: - test CXX = "$tagname" && { - case $host_os in - linux*) - case `$CC -V 2>&1 | sed 5q` in - *Sun\ C*) # Sun C++ 5.9 - func_suncc_cstd_abi - - if test no != "$suncc_use_cstd_abi"; then - func_append postdeps ' -library=Cstd -library=Crun' - fi - ;; - esac - ;; - - solaris*) - func_cc_basename "$CC" - case $func_cc_basename_result in - CC* | sunCC*) - func_suncc_cstd_abi - - if test no != "$suncc_use_cstd_abi"; then - func_append postdeps ' -library=Cstd -library=Crun' - fi - ;; - esac - ;; - esac - } - - # Last step: remove runtime libs from dependency_libs - # (they stay in deplibs) - tmp_libs= - for i in $dependency_libs; do - case " $predeps $postdeps $compiler_lib_search_path " in - *" $i "*) - i= - ;; - esac - if test -n "$i"; then - func_append tmp_libs " $i" - fi - done - dependency_libs=$tmp_libs - done # for pass - if test prog = "$linkmode"; then - dlfiles=$newdlfiles - fi - if test prog = "$linkmode" || test lib = "$linkmode"; then - dlprefiles=$newdlprefiles - fi - - case $linkmode in - oldlib) - if test -n "$dlfiles$dlprefiles" || test no != "$dlself"; then - func_warning "'-dlopen' is ignored for archives" - fi - - case " $deplibs" in - *\ -l* | *\ -L*) - func_warning "'-l' and '-L' are ignored for archives" ;; - esac - - test -n "$rpath" && \ - func_warning "'-rpath' is ignored for archives" - - test -n "$xrpath" && \ - func_warning "'-R' is ignored for archives" - - test -n "$vinfo" && \ - func_warning "'-version-info/-version-number' is ignored for archives" - - test -n "$release" && \ - func_warning "'-release' is ignored for archives" - - test -n "$export_symbols$export_symbols_regex" && \ - func_warning "'-export-symbols' is ignored for archives" - - # Now set the variables for building old libraries. - build_libtool_libs=no - oldlibs=$output - func_append objs "$old_deplibs" - ;; - - lib) - # Make sure we only generate libraries of the form 'libNAME.la'. - case $outputname in - lib*) - func_stripname 'lib' '.la' "$outputname" - name=$func_stripname_result - eval shared_ext=\"$shrext_cmds\" - eval libname=\"$libname_spec\" - ;; - *) - test no = "$module" \ - && func_fatal_help "libtool library '$output' must begin with 'lib'" - - if test no != "$need_lib_prefix"; then - # Add the "lib" prefix for modules if required - func_stripname '' '.la' "$outputname" - name=$func_stripname_result - eval shared_ext=\"$shrext_cmds\" - eval libname=\"$libname_spec\" - else - func_stripname '' '.la' "$outputname" - libname=$func_stripname_result - fi - ;; - esac - - if test -n "$objs"; then - if test pass_all != "$deplibs_check_method"; then - func_fatal_error "cannot build libtool library '$output' from non-libtool objects on this host:$objs" - else - echo - $ECHO "*** Warning: Linking the shared library $output against the non-libtool" - $ECHO "*** objects $objs is not portable!" - func_append libobjs " $objs" - fi - fi - - test no = "$dlself" \ - || func_warning "'-dlopen self' is ignored for libtool libraries" - - set dummy $rpath - shift - test 1 -lt "$#" \ - && func_warning "ignoring multiple '-rpath's for a libtool library" - - install_libdir=$1 - - oldlibs= - if test -z "$rpath"; then - if test yes = "$build_libtool_libs"; then - # Building a libtool convenience library. - # Some compilers have problems with a '.al' extension so - # convenience libraries should have the same extension an - # archive normally would. - oldlibs="$output_objdir/$libname.$libext $oldlibs" - build_libtool_libs=convenience - build_old_libs=yes - fi - - test -n "$vinfo" && \ - func_warning "'-version-info/-version-number' is ignored for convenience libraries" - - test -n "$release" && \ - func_warning "'-release' is ignored for convenience libraries" - else - - # Parse the version information argument. - save_ifs=$IFS; IFS=: - set dummy $vinfo 0 0 0 - shift - IFS=$save_ifs - - test -n "$7" && \ - func_fatal_help "too many parameters to '-version-info'" - - # convert absolute version numbers to libtool ages - # this retains compatibility with .la files and attempts - # to make the code below a bit more comprehensible - - case $vinfo_number in - yes) - number_major=$1 - number_minor=$2 - number_revision=$3 - # - # There are really only two kinds -- those that - # use the current revision as the major version - # and those that subtract age and use age as - # a minor version. But, then there is irix - # that has an extra 1 added just for fun - # - case $version_type in - # correct linux to gnu/linux during the next big refactor - darwin|freebsd-elf|linux|osf|windows|none) - func_arith $number_major + $number_minor - current=$func_arith_result - age=$number_minor - revision=$number_revision - ;; - freebsd-aout|qnx|sunos) - current=$number_major - revision=$number_minor - age=0 - ;; - irix|nonstopux) - func_arith $number_major + $number_minor - current=$func_arith_result - age=$number_minor - revision=$number_minor - lt_irix_increment=no - ;; - esac - ;; - no) - current=$1 - revision=$2 - age=$3 - ;; - esac - - # Check that each of the things are valid numbers. - case $current in - 0|[1-9]|[1-9][0-9]|[1-9][0-9][0-9]|[1-9][0-9][0-9][0-9]|[1-9][0-9][0-9][0-9][0-9]) ;; - *) - func_error "CURRENT '$current' must be a nonnegative integer" - func_fatal_error "'$vinfo' is not valid version information" - ;; - esac - - case $revision in - 0|[1-9]|[1-9][0-9]|[1-9][0-9][0-9]|[1-9][0-9][0-9][0-9]|[1-9][0-9][0-9][0-9][0-9]) ;; - *) - func_error "REVISION '$revision' must be a nonnegative integer" - func_fatal_error "'$vinfo' is not valid version information" - ;; - esac - - case $age in - 0|[1-9]|[1-9][0-9]|[1-9][0-9][0-9]|[1-9][0-9][0-9][0-9]|[1-9][0-9][0-9][0-9][0-9]) ;; - *) - func_error "AGE '$age' must be a nonnegative integer" - func_fatal_error "'$vinfo' is not valid version information" - ;; - esac - - if test "$age" -gt "$current"; then - func_error "AGE '$age' is greater than the current interface number '$current'" - func_fatal_error "'$vinfo' is not valid version information" - fi - - # Calculate the version variables. - major= - versuffix= - verstring= - case $version_type in - none) ;; - - darwin) - # Like Linux, but with the current version available in - # verstring for coding it into the library header - func_arith $current - $age - major=.$func_arith_result - versuffix=$major.$age.$revision - # Darwin ld doesn't like 0 for these options... - func_arith $current + 1 - minor_current=$func_arith_result - xlcverstring="$wl-compatibility_version $wl$minor_current $wl-current_version $wl$minor_current.$revision" - verstring="-compatibility_version $minor_current -current_version $minor_current.$revision" - # On Darwin other compilers - case $CC in - nagfor*) - verstring="$wl-compatibility_version $wl$minor_current $wl-current_version $wl$minor_current.$revision" - ;; - *) - verstring="-compatibility_version $minor_current -current_version $minor_current.$revision" - ;; - esac - ;; - - freebsd-aout) - major=.$current - versuffix=.$current.$revision - ;; - - freebsd-elf) - func_arith $current - $age - major=.$func_arith_result - versuffix=$major.$age.$revision - ;; - - irix | nonstopux) - if test no = "$lt_irix_increment"; then - func_arith $current - $age - else - func_arith $current - $age + 1 - fi - major=$func_arith_result - - case $version_type in - nonstopux) verstring_prefix=nonstopux ;; - *) verstring_prefix=sgi ;; - esac - verstring=$verstring_prefix$major.$revision - - # Add in all the interfaces that we are compatible with. - loop=$revision - while test 0 -ne "$loop"; do - func_arith $revision - $loop - iface=$func_arith_result - func_arith $loop - 1 - loop=$func_arith_result - verstring=$verstring_prefix$major.$iface:$verstring - done - - # Before this point, $major must not contain '.'. - major=.$major - versuffix=$major.$revision - ;; - - linux) # correct to gnu/linux during the next big refactor - func_arith $current - $age - major=.$func_arith_result - versuffix=$major.$age.$revision - ;; - - osf) - func_arith $current - $age - major=.$func_arith_result - versuffix=.$current.$age.$revision - verstring=$current.$age.$revision - - # Add in all the interfaces that we are compatible with. - loop=$age - while test 0 -ne "$loop"; do - func_arith $current - $loop - iface=$func_arith_result - func_arith $loop - 1 - loop=$func_arith_result - verstring=$verstring:$iface.0 - done - - # Make executables depend on our current version. - func_append verstring ":$current.0" - ;; - - qnx) - major=.$current - versuffix=.$current - ;; - - sco) - major=.$current - versuffix=.$current - ;; - - sunos) - major=.$current - versuffix=.$current.$revision - ;; - - windows) - # Use '-' rather than '.', since we only want one - # extension on DOS 8.3 file systems. - func_arith $current - $age - major=$func_arith_result - versuffix=-$major - ;; - - *) - func_fatal_configuration "unknown library version type '$version_type'" - ;; - esac - - # Clear the version info if we defaulted, and they specified a release. - if test -z "$vinfo" && test -n "$release"; then - major= - case $version_type in - darwin) - # we can't check for "0.0" in archive_cmds due to quoting - # problems, so we reset it completely - verstring= - ;; - *) - verstring=0.0 - ;; - esac - if test no = "$need_version"; then - versuffix= - else - versuffix=.0.0 - fi - fi - - # Remove version info from name if versioning should be avoided - if test yes,no = "$avoid_version,$need_version"; then - major= - versuffix= - verstring= - fi - - # Check to see if the archive will have undefined symbols. - if test yes = "$allow_undefined"; then - if test unsupported = "$allow_undefined_flag"; then - if test yes = "$build_old_libs"; then - func_warning "undefined symbols not allowed in $host shared libraries; building static only" - build_libtool_libs=no - else - func_fatal_error "can't build $host shared library unless -no-undefined is specified" - fi - fi - else - # Don't allow undefined symbols. - allow_undefined_flag=$no_undefined_flag - fi - - fi - - func_generate_dlsyms "$libname" "$libname" : - func_append libobjs " $symfileobj" - test " " = "$libobjs" && libobjs= - - if test relink != "$opt_mode"; then - # Remove our outputs, but don't remove object files since they - # may have been created when compiling PIC objects. - removelist= - tempremovelist=`$ECHO "$output_objdir/*"` - for p in $tempremovelist; do - case $p in - *.$objext | *.gcno) - ;; - $output_objdir/$outputname | $output_objdir/$libname.* | $output_objdir/$libname$release.*) - if test -n "$precious_files_regex"; then - if $ECHO "$p" | $EGREP -e "$precious_files_regex" >/dev/null 2>&1 - then - continue - fi - fi - func_append removelist " $p" - ;; - *) ;; - esac - done - test -n "$removelist" && \ - func_show_eval "${RM}r \$removelist" - fi - - # Now set the variables for building old libraries. - if test yes = "$build_old_libs" && test convenience != "$build_libtool_libs"; then - func_append oldlibs " $output_objdir/$libname.$libext" - - # Transform .lo files to .o files. - oldobjs="$objs "`$ECHO "$libobjs" | $SP2NL | $SED "/\.$libext$/d; $lo2o" | $NL2SP` - fi - - # Eliminate all temporary directories. - #for path in $notinst_path; do - # lib_search_path=`$ECHO "$lib_search_path " | $SED "s% $path % %g"` - # deplibs=`$ECHO "$deplibs " | $SED "s% -L$path % %g"` - # dependency_libs=`$ECHO "$dependency_libs " | $SED "s% -L$path % %g"` - #done - - if test -n "$xrpath"; then - # If the user specified any rpath flags, then add them. - temp_xrpath= - for libdir in $xrpath; do - func_replace_sysroot "$libdir" - func_append temp_xrpath " -R$func_replace_sysroot_result" - case "$finalize_rpath " in - *" $libdir "*) ;; - *) func_append finalize_rpath " $libdir" ;; - esac - done - if test yes != "$hardcode_into_libs" || test yes = "$build_old_libs"; then - dependency_libs="$temp_xrpath $dependency_libs" - fi - fi - - # Make sure dlfiles contains only unique files that won't be dlpreopened - old_dlfiles=$dlfiles - dlfiles= - for lib in $old_dlfiles; do - case " $dlprefiles $dlfiles " in - *" $lib "*) ;; - *) func_append dlfiles " $lib" ;; - esac - done - - # Make sure dlprefiles contains only unique files - old_dlprefiles=$dlprefiles - dlprefiles= - for lib in $old_dlprefiles; do - case "$dlprefiles " in - *" $lib "*) ;; - *) func_append dlprefiles " $lib" ;; - esac - done - - if test yes = "$build_libtool_libs"; then - if test -n "$rpath"; then - case $host in - *-*-cygwin* | *-*-mingw* | *-*-pw32* | *-*-os2* | *-*-beos* | *-cegcc* | *-*-haiku*) - # these systems don't actually have a c library (as such)! - ;; - *-*-rhapsody* | *-*-darwin1.[012]) - # Rhapsody C library is in the System framework - func_append deplibs " System.ltframework" - ;; - *-*-netbsd*) - # Don't link with libc until the a.out ld.so is fixed. - ;; - *-*-openbsd* | *-*-freebsd* | *-*-dragonfly*) - # Do not include libc due to us having libc/libc_r. - ;; - *-*-sco3.2v5* | *-*-sco5v6*) - # Causes problems with __ctype - ;; - *-*-sysv4.2uw2* | *-*-sysv5* | *-*-unixware* | *-*-OpenUNIX*) - # Compiler inserts libc in the correct place for threads to work - ;; - *) - # Add libc to deplibs on all other systems if necessary. - if test yes = "$build_libtool_need_lc"; then - func_append deplibs " -lc" - fi - ;; - esac - fi - - # Transform deplibs into only deplibs that can be linked in shared. - name_save=$name - libname_save=$libname - release_save=$release - versuffix_save=$versuffix - major_save=$major - # I'm not sure if I'm treating the release correctly. I think - # release should show up in the -l (ie -lgmp5) so we don't want to - # add it in twice. Is that correct? - release= - versuffix= - major= - newdeplibs= - droppeddeps=no - case $deplibs_check_method in - pass_all) - # Don't check for shared/static. Everything works. - # This might be a little naive. We might want to check - # whether the library exists or not. But this is on - # osf3 & osf4 and I'm not really sure... Just - # implementing what was already the behavior. - newdeplibs=$deplibs - ;; - test_compile) - # This code stresses the "libraries are programs" paradigm to its - # limits. Maybe even breaks it. We compile a program, linking it - # against the deplibs as a proxy for the library. Then we can check - # whether they linked in statically or dynamically with ldd. - $opt_dry_run || $RM conftest.c - cat > conftest.c </dev/null` - $nocaseglob - else - potential_libs=`ls $i/$libnameglob[.-]* 2>/dev/null` - fi - for potent_lib in $potential_libs; do - # Follow soft links. - if ls -lLd "$potent_lib" 2>/dev/null | - $GREP " -> " >/dev/null; then - continue - fi - # The statement above tries to avoid entering an - # endless loop below, in case of cyclic links. - # We might still enter an endless loop, since a link - # loop can be closed while we follow links, - # but so what? - potlib=$potent_lib - while test -h "$potlib" 2>/dev/null; do - potliblink=`ls -ld $potlib | $SED 's/.* -> //'` - case $potliblink in - [\\/]* | [A-Za-z]:[\\/]*) potlib=$potliblink;; - *) potlib=`$ECHO "$potlib" | $SED 's|[^/]*$||'`"$potliblink";; - esac - done - if eval $file_magic_cmd \"\$potlib\" 2>/dev/null | - $SED -e 10q | - $EGREP "$file_magic_regex" > /dev/null; then - func_append newdeplibs " $a_deplib" - a_deplib= - break 2 - fi - done - done - fi - if test -n "$a_deplib"; then - droppeddeps=yes - echo - $ECHO "*** Warning: linker path does not have real file for library $a_deplib." - echo "*** I have the capability to make that library automatically link in when" - echo "*** you link to this library. But I can only do this if you have a" - echo "*** shared version of the library, which you do not appear to have" - echo "*** because I did check the linker path looking for a file starting" - if test -z "$potlib"; then - $ECHO "*** with $libname but no candidates were found. (...for file magic test)" - else - $ECHO "*** with $libname and none of the candidates passed a file format test" - $ECHO "*** using a file magic. Last file checked: $potlib" - fi - fi - ;; - *) - # Add a -L argument. - func_append newdeplibs " $a_deplib" - ;; - esac - done # Gone through all deplibs. - ;; - match_pattern*) - set dummy $deplibs_check_method; shift - match_pattern_regex=`expr "$deplibs_check_method" : "$1 \(.*\)"` - for a_deplib in $deplibs; do - case $a_deplib in - -l*) - func_stripname -l '' "$a_deplib" - name=$func_stripname_result - if test yes = "$allow_libtool_libs_with_static_runtimes"; then - case " $predeps $postdeps " in - *" $a_deplib "*) - func_append newdeplibs " $a_deplib" - a_deplib= - ;; - esac - fi - if test -n "$a_deplib"; then - libname=`eval "\\$ECHO \"$libname_spec\""` - for i in $lib_search_path $sys_lib_search_path $shlib_search_path; do - potential_libs=`ls $i/$libname[.-]* 2>/dev/null` - for potent_lib in $potential_libs; do - potlib=$potent_lib # see symlink-check above in file_magic test - if eval "\$ECHO \"$potent_lib\"" 2>/dev/null | $SED 10q | \ - $EGREP "$match_pattern_regex" > /dev/null; then - func_append newdeplibs " $a_deplib" - a_deplib= - break 2 - fi - done - done - fi - if test -n "$a_deplib"; then - droppeddeps=yes - echo - $ECHO "*** Warning: linker path does not have real file for library $a_deplib." - echo "*** I have the capability to make that library automatically link in when" - echo "*** you link to this library. But I can only do this if you have a" - echo "*** shared version of the library, which you do not appear to have" - echo "*** because I did check the linker path looking for a file starting" - if test -z "$potlib"; then - $ECHO "*** with $libname but no candidates were found. (...for regex pattern test)" - else - $ECHO "*** with $libname and none of the candidates passed a file format test" - $ECHO "*** using a regex pattern. Last file checked: $potlib" - fi - fi - ;; - *) - # Add a -L argument. - func_append newdeplibs " $a_deplib" - ;; - esac - done # Gone through all deplibs. - ;; - none | unknown | *) - newdeplibs= - tmp_deplibs=`$ECHO " $deplibs" | $SED 's/ -lc$//; s/ -[LR][^ ]*//g'` - if test yes = "$allow_libtool_libs_with_static_runtimes"; then - for i in $predeps $postdeps; do - # can't use Xsed below, because $i might contain '/' - tmp_deplibs=`$ECHO " $tmp_deplibs" | $SED "s|$i||"` - done - fi - case $tmp_deplibs in - *[!\ \ ]*) - echo - if test none = "$deplibs_check_method"; then - echo "*** Warning: inter-library dependencies are not supported in this platform." - else - echo "*** Warning: inter-library dependencies are not known to be supported." - fi - echo "*** All declared inter-library dependencies are being dropped." - droppeddeps=yes - ;; - esac - ;; - esac - versuffix=$versuffix_save - major=$major_save - release=$release_save - libname=$libname_save - name=$name_save - - case $host in - *-*-rhapsody* | *-*-darwin1.[012]) - # On Rhapsody replace the C library with the System framework - newdeplibs=`$ECHO " $newdeplibs" | $SED 's/ -lc / System.ltframework /'` - ;; - esac - - if test yes = "$droppeddeps"; then - if test yes = "$module"; then - echo - echo "*** Warning: libtool could not satisfy all declared inter-library" - $ECHO "*** dependencies of module $libname. Therefore, libtool will create" - echo "*** a static module, that should work as long as the dlopening" - echo "*** application is linked with the -dlopen flag." - if test -z "$global_symbol_pipe"; then - echo - echo "*** However, this would only work if libtool was able to extract symbol" - echo "*** lists from a program, using 'nm' or equivalent, but libtool could" - echo "*** not find such a program. So, this module is probably useless." - echo "*** 'nm' from GNU binutils and a full rebuild may help." - fi - if test no = "$build_old_libs"; then - oldlibs=$output_objdir/$libname.$libext - build_libtool_libs=module - build_old_libs=yes - else - build_libtool_libs=no - fi - else - echo "*** The inter-library dependencies that have been dropped here will be" - echo "*** automatically added whenever a program is linked with this library" - echo "*** or is declared to -dlopen it." - - if test no = "$allow_undefined"; then - echo - echo "*** Since this library must not contain undefined symbols," - echo "*** because either the platform does not support them or" - echo "*** it was explicitly requested with -no-undefined," - echo "*** libtool will only create a static version of it." - if test no = "$build_old_libs"; then - oldlibs=$output_objdir/$libname.$libext - build_libtool_libs=module - build_old_libs=yes - else - build_libtool_libs=no - fi - fi - fi - fi - # Done checking deplibs! - deplibs=$newdeplibs - fi - # Time to change all our "foo.ltframework" stuff back to "-framework foo" - case $host in - *-*-darwin*) - newdeplibs=`$ECHO " $newdeplibs" | $SED 's% \([^ $]*\).ltframework% -framework \1%g'` - new_inherited_linker_flags=`$ECHO " $new_inherited_linker_flags" | $SED 's% \([^ $]*\).ltframework% -framework \1%g'` - deplibs=`$ECHO " $deplibs" | $SED 's% \([^ $]*\).ltframework% -framework \1%g'` - ;; - esac - - # move library search paths that coincide with paths to not yet - # installed libraries to the beginning of the library search list - new_libs= - for path in $notinst_path; do - case " $new_libs " in - *" -L$path/$objdir "*) ;; - *) - case " $deplibs " in - *" -L$path/$objdir "*) - func_append new_libs " -L$path/$objdir" ;; - esac - ;; - esac - done - for deplib in $deplibs; do - case $deplib in - -L*) - case " $new_libs " in - *" $deplib "*) ;; - *) func_append new_libs " $deplib" ;; - esac - ;; - *) func_append new_libs " $deplib" ;; - esac - done - deplibs=$new_libs - - # All the library-specific variables (install_libdir is set above). - library_names= - old_library= - dlname= - - # Test again, we may have decided not to build it any more - if test yes = "$build_libtool_libs"; then - # Remove $wl instances when linking with ld. - # FIXME: should test the right _cmds variable. - case $archive_cmds in - *\$LD\ *) wl= ;; - esac - if test yes = "$hardcode_into_libs"; then - # Hardcode the library paths - hardcode_libdirs= - dep_rpath= - rpath=$finalize_rpath - test relink = "$opt_mode" || rpath=$compile_rpath$rpath - for libdir in $rpath; do - if test -n "$hardcode_libdir_flag_spec"; then - if test -n "$hardcode_libdir_separator"; then - func_replace_sysroot "$libdir" - libdir=$func_replace_sysroot_result - if test -z "$hardcode_libdirs"; then - hardcode_libdirs=$libdir - else - # Just accumulate the unique libdirs. - case $hardcode_libdir_separator$hardcode_libdirs$hardcode_libdir_separator in - *"$hardcode_libdir_separator$libdir$hardcode_libdir_separator"*) - ;; - *) - func_append hardcode_libdirs "$hardcode_libdir_separator$libdir" - ;; - esac - fi - else - eval flag=\"$hardcode_libdir_flag_spec\" - func_append dep_rpath " $flag" - fi - elif test -n "$runpath_var"; then - case "$perm_rpath " in - *" $libdir "*) ;; - *) func_append perm_rpath " $libdir" ;; - esac - fi - done - # Substitute the hardcoded libdirs into the rpath. - if test -n "$hardcode_libdir_separator" && - test -n "$hardcode_libdirs"; then - libdir=$hardcode_libdirs - eval "dep_rpath=\"$hardcode_libdir_flag_spec\"" - fi - if test -n "$runpath_var" && test -n "$perm_rpath"; then - # We should set the runpath_var. - rpath= - for dir in $perm_rpath; do - func_append rpath "$dir:" - done - eval "$runpath_var='$rpath\$$runpath_var'; export $runpath_var" - fi - test -n "$dep_rpath" && deplibs="$dep_rpath $deplibs" - fi - - shlibpath=$finalize_shlibpath - test relink = "$opt_mode" || shlibpath=$compile_shlibpath$shlibpath - if test -n "$shlibpath"; then - eval "$shlibpath_var='$shlibpath\$$shlibpath_var'; export $shlibpath_var" - fi - - # Get the real and link names of the library. - eval shared_ext=\"$shrext_cmds\" - eval library_names=\"$library_names_spec\" - set dummy $library_names - shift - realname=$1 - shift - - if test -n "$soname_spec"; then - eval soname=\"$soname_spec\" - else - soname=$realname - fi - if test -z "$dlname"; then - dlname=$soname - fi - - lib=$output_objdir/$realname - linknames= - for link - do - func_append linknames " $link" - done - - # Use standard objects if they are pic - test -z "$pic_flag" && libobjs=`$ECHO "$libobjs" | $SP2NL | $SED "$lo2o" | $NL2SP` - test "X$libobjs" = "X " && libobjs= - - delfiles= - if test -n "$export_symbols" && test -n "$include_expsyms"; then - $opt_dry_run || cp "$export_symbols" "$output_objdir/$libname.uexp" - export_symbols=$output_objdir/$libname.uexp - func_append delfiles " $export_symbols" - fi - - orig_export_symbols= - case $host_os in - cygwin* | mingw* | cegcc*) - if test -n "$export_symbols" && test -z "$export_symbols_regex"; then - # exporting using user supplied symfile - func_dll_def_p "$export_symbols" || { - # and it's NOT already a .def file. Must figure out - # which of the given symbols are data symbols and tag - # them as such. So, trigger use of export_symbols_cmds. - # export_symbols gets reassigned inside the "prepare - # the list of exported symbols" if statement, so the - # include_expsyms logic still works. - orig_export_symbols=$export_symbols - export_symbols= - always_export_symbols=yes - } - fi - ;; - esac - - # Prepare the list of exported symbols - if test -z "$export_symbols"; then - if test yes = "$always_export_symbols" || test -n "$export_symbols_regex"; then - func_verbose "generating symbol list for '$libname.la'" - export_symbols=$output_objdir/$libname.exp - $opt_dry_run || $RM $export_symbols - cmds=$export_symbols_cmds - save_ifs=$IFS; IFS='~' - for cmd1 in $cmds; do - IFS=$save_ifs - # Take the normal branch if the nm_file_list_spec branch - # doesn't work or if tool conversion is not needed. - case $nm_file_list_spec~$to_tool_file_cmd in - *~func_convert_file_noop | *~func_convert_file_msys_to_w32 | ~*) - try_normal_branch=yes - eval cmd=\"$cmd1\" - func_len " $cmd" - len=$func_len_result - ;; - *) - try_normal_branch=no - ;; - esac - if test yes = "$try_normal_branch" \ - && { test "$len" -lt "$max_cmd_len" \ - || test "$max_cmd_len" -le -1; } - then - func_show_eval "$cmd" 'exit $?' - skipped_export=false - elif test -n "$nm_file_list_spec"; then - func_basename "$output" - output_la=$func_basename_result - save_libobjs=$libobjs - save_output=$output - output=$output_objdir/$output_la.nm - func_to_tool_file "$output" - libobjs=$nm_file_list_spec$func_to_tool_file_result - func_append delfiles " $output" - func_verbose "creating $NM input file list: $output" - for obj in $save_libobjs; do - func_to_tool_file "$obj" - $ECHO "$func_to_tool_file_result" - done > "$output" - eval cmd=\"$cmd1\" - func_show_eval "$cmd" 'exit $?' - output=$save_output - libobjs=$save_libobjs - skipped_export=false - else - # The command line is too long to execute in one step. - func_verbose "using reloadable object file for export list..." - skipped_export=: - # Break out early, otherwise skipped_export may be - # set to false by a later but shorter cmd. - break - fi - done - IFS=$save_ifs - if test -n "$export_symbols_regex" && test : != "$skipped_export"; then - func_show_eval '$EGREP -e "$export_symbols_regex" "$export_symbols" > "${export_symbols}T"' - func_show_eval '$MV "${export_symbols}T" "$export_symbols"' - fi - fi - fi - - if test -n "$export_symbols" && test -n "$include_expsyms"; then - tmp_export_symbols=$export_symbols - test -n "$orig_export_symbols" && tmp_export_symbols=$orig_export_symbols - $opt_dry_run || eval '$ECHO "$include_expsyms" | $SP2NL >> "$tmp_export_symbols"' - fi - - if test : != "$skipped_export" && test -n "$orig_export_symbols"; then - # The given exports_symbols file has to be filtered, so filter it. - func_verbose "filter symbol list for '$libname.la' to tag DATA exports" - # FIXME: $output_objdir/$libname.filter potentially contains lots of - # 's' commands, which not all seds can handle. GNU sed should be fine - # though. Also, the filter scales superlinearly with the number of - # global variables. join(1) would be nice here, but unfortunately - # isn't a blessed tool. - $opt_dry_run || $SED -e '/[ ,]DATA/!d;s,\(.*\)\([ \,].*\),s|^\1$|\1\2|,' < $export_symbols > $output_objdir/$libname.filter - func_append delfiles " $export_symbols $output_objdir/$libname.filter" - export_symbols=$output_objdir/$libname.def - $opt_dry_run || $SED -f $output_objdir/$libname.filter < $orig_export_symbols > $export_symbols - fi - - tmp_deplibs= - for test_deplib in $deplibs; do - case " $convenience " in - *" $test_deplib "*) ;; - *) - func_append tmp_deplibs " $test_deplib" - ;; - esac - done - deplibs=$tmp_deplibs - - if test -n "$convenience"; then - if test -n "$whole_archive_flag_spec" && - test yes = "$compiler_needs_object" && - test -z "$libobjs"; then - # extract the archives, so we have objects to list. - # TODO: could optimize this to just extract one archive. - whole_archive_flag_spec= - fi - if test -n "$whole_archive_flag_spec"; then - save_libobjs=$libobjs - eval libobjs=\"\$libobjs $whole_archive_flag_spec\" - test "X$libobjs" = "X " && libobjs= - else - gentop=$output_objdir/${outputname}x - func_append generated " $gentop" - - func_extract_archives $gentop $convenience - func_append libobjs " $func_extract_archives_result" - test "X$libobjs" = "X " && libobjs= - fi - fi - - if test yes = "$thread_safe" && test -n "$thread_safe_flag_spec"; then - eval flag=\"$thread_safe_flag_spec\" - func_append linker_flags " $flag" - fi - - # Make a backup of the uninstalled library when relinking - if test relink = "$opt_mode"; then - $opt_dry_run || eval '(cd $output_objdir && $RM ${realname}U && $MV $realname ${realname}U)' || exit $? - fi - - # Do each of the archive commands. - if test yes = "$module" && test -n "$module_cmds"; then - if test -n "$export_symbols" && test -n "$module_expsym_cmds"; then - eval test_cmds=\"$module_expsym_cmds\" - cmds=$module_expsym_cmds - else - eval test_cmds=\"$module_cmds\" - cmds=$module_cmds - fi - else - if test -n "$export_symbols" && test -n "$archive_expsym_cmds"; then - eval test_cmds=\"$archive_expsym_cmds\" - cmds=$archive_expsym_cmds - else - eval test_cmds=\"$archive_cmds\" - cmds=$archive_cmds - fi - fi - - if test : != "$skipped_export" && - func_len " $test_cmds" && - len=$func_len_result && - test "$len" -lt "$max_cmd_len" || test "$max_cmd_len" -le -1; then - : - else - # The command line is too long to link in one step, link piecewise - # or, if using GNU ld and skipped_export is not :, use a linker - # script. - - # Save the value of $output and $libobjs because we want to - # use them later. If we have whole_archive_flag_spec, we - # want to use save_libobjs as it was before - # whole_archive_flag_spec was expanded, because we can't - # assume the linker understands whole_archive_flag_spec. - # This may have to be revisited, in case too many - # convenience libraries get linked in and end up exceeding - # the spec. - if test -z "$convenience" || test -z "$whole_archive_flag_spec"; then - save_libobjs=$libobjs - fi - save_output=$output - func_basename "$output" - output_la=$func_basename_result - - # Clear the reloadable object creation command queue and - # initialize k to one. - test_cmds= - concat_cmds= - objlist= - last_robj= - k=1 - - if test -n "$save_libobjs" && test : != "$skipped_export" && test yes = "$with_gnu_ld"; then - output=$output_objdir/$output_la.lnkscript - func_verbose "creating GNU ld script: $output" - echo 'INPUT (' > $output - for obj in $save_libobjs - do - func_to_tool_file "$obj" - $ECHO "$func_to_tool_file_result" >> $output - done - echo ')' >> $output - func_append delfiles " $output" - func_to_tool_file "$output" - output=$func_to_tool_file_result - elif test -n "$save_libobjs" && test : != "$skipped_export" && test -n "$file_list_spec"; then - output=$output_objdir/$output_la.lnk - func_verbose "creating linker input file list: $output" - : > $output - set x $save_libobjs - shift - firstobj= - if test yes = "$compiler_needs_object"; then - firstobj="$1 " - shift - fi - for obj - do - func_to_tool_file "$obj" - $ECHO "$func_to_tool_file_result" >> $output - done - func_append delfiles " $output" - func_to_tool_file "$output" - output=$firstobj\"$file_list_spec$func_to_tool_file_result\" - else - if test -n "$save_libobjs"; then - func_verbose "creating reloadable object files..." - output=$output_objdir/$output_la-$k.$objext - eval test_cmds=\"$reload_cmds\" - func_len " $test_cmds" - len0=$func_len_result - len=$len0 - - # Loop over the list of objects to be linked. - for obj in $save_libobjs - do - func_len " $obj" - func_arith $len + $func_len_result - len=$func_arith_result - if test -z "$objlist" || - test "$len" -lt "$max_cmd_len"; then - func_append objlist " $obj" - else - # The command $test_cmds is almost too long, add a - # command to the queue. - if test 1 -eq "$k"; then - # The first file doesn't have a previous command to add. - reload_objs=$objlist - eval concat_cmds=\"$reload_cmds\" - else - # All subsequent reloadable object files will link in - # the last one created. - reload_objs="$objlist $last_robj" - eval concat_cmds=\"\$concat_cmds~$reload_cmds~\$RM $last_robj\" - fi - last_robj=$output_objdir/$output_la-$k.$objext - func_arith $k + 1 - k=$func_arith_result - output=$output_objdir/$output_la-$k.$objext - objlist=" $obj" - func_len " $last_robj" - func_arith $len0 + $func_len_result - len=$func_arith_result - fi - done - # Handle the remaining objects by creating one last - # reloadable object file. All subsequent reloadable object - # files will link in the last one created. - test -z "$concat_cmds" || concat_cmds=$concat_cmds~ - reload_objs="$objlist $last_robj" - eval concat_cmds=\"\$concat_cmds$reload_cmds\" - if test -n "$last_robj"; then - eval concat_cmds=\"\$concat_cmds~\$RM $last_robj\" - fi - func_append delfiles " $output" - - else - output= - fi - - ${skipped_export-false} && { - func_verbose "generating symbol list for '$libname.la'" - export_symbols=$output_objdir/$libname.exp - $opt_dry_run || $RM $export_symbols - libobjs=$output - # Append the command to create the export file. - test -z "$concat_cmds" || concat_cmds=$concat_cmds~ - eval concat_cmds=\"\$concat_cmds$export_symbols_cmds\" - if test -n "$last_robj"; then - eval concat_cmds=\"\$concat_cmds~\$RM $last_robj\" - fi - } - - test -n "$save_libobjs" && - func_verbose "creating a temporary reloadable object file: $output" - - # Loop through the commands generated above and execute them. - save_ifs=$IFS; IFS='~' - for cmd in $concat_cmds; do - IFS=$save_ifs - $opt_quiet || { - func_quote_for_expand "$cmd" - eval "func_echo $func_quote_for_expand_result" - } - $opt_dry_run || eval "$cmd" || { - lt_exit=$? - - # Restore the uninstalled library and exit - if test relink = "$opt_mode"; then - ( cd "$output_objdir" && \ - $RM "${realname}T" && \ - $MV "${realname}U" "$realname" ) - fi - - exit $lt_exit - } - done - IFS=$save_ifs - - if test -n "$export_symbols_regex" && ${skipped_export-false}; then - func_show_eval '$EGREP -e "$export_symbols_regex" "$export_symbols" > "${export_symbols}T"' - func_show_eval '$MV "${export_symbols}T" "$export_symbols"' - fi - fi - - ${skipped_export-false} && { - if test -n "$export_symbols" && test -n "$include_expsyms"; then - tmp_export_symbols=$export_symbols - test -n "$orig_export_symbols" && tmp_export_symbols=$orig_export_symbols - $opt_dry_run || eval '$ECHO "$include_expsyms" | $SP2NL >> "$tmp_export_symbols"' - fi - - if test -n "$orig_export_symbols"; then - # The given exports_symbols file has to be filtered, so filter it. - func_verbose "filter symbol list for '$libname.la' to tag DATA exports" - # FIXME: $output_objdir/$libname.filter potentially contains lots of - # 's' commands, which not all seds can handle. GNU sed should be fine - # though. Also, the filter scales superlinearly with the number of - # global variables. join(1) would be nice here, but unfortunately - # isn't a blessed tool. - $opt_dry_run || $SED -e '/[ ,]DATA/!d;s,\(.*\)\([ \,].*\),s|^\1$|\1\2|,' < $export_symbols > $output_objdir/$libname.filter - func_append delfiles " $export_symbols $output_objdir/$libname.filter" - export_symbols=$output_objdir/$libname.def - $opt_dry_run || $SED -f $output_objdir/$libname.filter < $orig_export_symbols > $export_symbols - fi - } - - libobjs=$output - # Restore the value of output. - output=$save_output - - if test -n "$convenience" && test -n "$whole_archive_flag_spec"; then - eval libobjs=\"\$libobjs $whole_archive_flag_spec\" - test "X$libobjs" = "X " && libobjs= - fi - # Expand the library linking commands again to reset the - # value of $libobjs for piecewise linking. - - # Do each of the archive commands. - if test yes = "$module" && test -n "$module_cmds"; then - if test -n "$export_symbols" && test -n "$module_expsym_cmds"; then - cmds=$module_expsym_cmds - else - cmds=$module_cmds - fi - else - if test -n "$export_symbols" && test -n "$archive_expsym_cmds"; then - cmds=$archive_expsym_cmds - else - cmds=$archive_cmds - fi - fi - fi - - if test -n "$delfiles"; then - # Append the command to remove temporary files to $cmds. - eval cmds=\"\$cmds~\$RM $delfiles\" - fi - - # Add any objects from preloaded convenience libraries - if test -n "$dlprefiles"; then - gentop=$output_objdir/${outputname}x - func_append generated " $gentop" - - func_extract_archives $gentop $dlprefiles - func_append libobjs " $func_extract_archives_result" - test "X$libobjs" = "X " && libobjs= - fi - - save_ifs=$IFS; IFS='~' - for cmd in $cmds; do - IFS=$sp$nl - eval cmd=\"$cmd\" - IFS=$save_ifs - $opt_quiet || { - func_quote_for_expand "$cmd" - eval "func_echo $func_quote_for_expand_result" - } - $opt_dry_run || eval "$cmd" || { - lt_exit=$? - - # Restore the uninstalled library and exit - if test relink = "$opt_mode"; then - ( cd "$output_objdir" && \ - $RM "${realname}T" && \ - $MV "${realname}U" "$realname" ) - fi - - exit $lt_exit - } - done - IFS=$save_ifs - - # Restore the uninstalled library and exit - if test relink = "$opt_mode"; then - $opt_dry_run || eval '(cd $output_objdir && $RM ${realname}T && $MV $realname ${realname}T && $MV ${realname}U $realname)' || exit $? - - if test -n "$convenience"; then - if test -z "$whole_archive_flag_spec"; then - func_show_eval '${RM}r "$gentop"' - fi - fi - - exit $EXIT_SUCCESS - fi - - # Create links to the real library. - for linkname in $linknames; do - if test "$realname" != "$linkname"; then - func_show_eval '(cd "$output_objdir" && $RM "$linkname" && $LN_S "$realname" "$linkname")' 'exit $?' - fi - done - - # If -module or -export-dynamic was specified, set the dlname. - if test yes = "$module" || test yes = "$export_dynamic"; then - # On all known operating systems, these are identical. - dlname=$soname - fi - fi - ;; - - obj) - if test -n "$dlfiles$dlprefiles" || test no != "$dlself"; then - func_warning "'-dlopen' is ignored for objects" - fi - - case " $deplibs" in - *\ -l* | *\ -L*) - func_warning "'-l' and '-L' are ignored for objects" ;; - esac - - test -n "$rpath" && \ - func_warning "'-rpath' is ignored for objects" - - test -n "$xrpath" && \ - func_warning "'-R' is ignored for objects" - - test -n "$vinfo" && \ - func_warning "'-version-info' is ignored for objects" - - test -n "$release" && \ - func_warning "'-release' is ignored for objects" - - case $output in - *.lo) - test -n "$objs$old_deplibs" && \ - func_fatal_error "cannot build library object '$output' from non-libtool objects" - - libobj=$output - func_lo2o "$libobj" - obj=$func_lo2o_result - ;; - *) - libobj= - obj=$output - ;; - esac - - # Delete the old objects. - $opt_dry_run || $RM $obj $libobj - - # Objects from convenience libraries. This assumes - # single-version convenience libraries. Whenever we create - # different ones for PIC/non-PIC, this we'll have to duplicate - # the extraction. - reload_conv_objs= - gentop= - # if reload_cmds runs $LD directly, get rid of -Wl from - # whole_archive_flag_spec and hope we can get by with turning comma - # into space. - case $reload_cmds in - *\$LD[\ \$]*) wl= ;; - esac - if test -n "$convenience"; then - if test -n "$whole_archive_flag_spec"; then - eval tmp_whole_archive_flags=\"$whole_archive_flag_spec\" - test -n "$wl" || tmp_whole_archive_flags=`$ECHO "$tmp_whole_archive_flags" | $SED 's|,| |g'` - reload_conv_objs=$reload_objs\ $tmp_whole_archive_flags - else - gentop=$output_objdir/${obj}x - func_append generated " $gentop" - - func_extract_archives $gentop $convenience - reload_conv_objs="$reload_objs $func_extract_archives_result" - fi - fi - - # If we're not building shared, we need to use non_pic_objs - test yes = "$build_libtool_libs" || libobjs=$non_pic_objects - - # Create the old-style object. - reload_objs=$objs$old_deplibs' '`$ECHO "$libobjs" | $SP2NL | $SED "/\.$libext$/d; /\.lib$/d; $lo2o" | $NL2SP`' '$reload_conv_objs - - output=$obj - func_execute_cmds "$reload_cmds" 'exit $?' - - # Exit if we aren't doing a library object file. - if test -z "$libobj"; then - if test -n "$gentop"; then - func_show_eval '${RM}r "$gentop"' - fi - - exit $EXIT_SUCCESS - fi - - test yes = "$build_libtool_libs" || { - if test -n "$gentop"; then - func_show_eval '${RM}r "$gentop"' - fi - - # Create an invalid libtool object if no PIC, so that we don't - # accidentally link it into a program. - # $show "echo timestamp > $libobj" - # $opt_dry_run || eval "echo timestamp > $libobj" || exit $? - exit $EXIT_SUCCESS - } - - if test -n "$pic_flag" || test default != "$pic_mode"; then - # Only do commands if we really have different PIC objects. - reload_objs="$libobjs $reload_conv_objs" - output=$libobj - func_execute_cmds "$reload_cmds" 'exit $?' - fi - - if test -n "$gentop"; then - func_show_eval '${RM}r "$gentop"' - fi - - exit $EXIT_SUCCESS - ;; - - prog) - case $host in - *cygwin*) func_stripname '' '.exe' "$output" - output=$func_stripname_result.exe;; - esac - test -n "$vinfo" && \ - func_warning "'-version-info' is ignored for programs" - - test -n "$release" && \ - func_warning "'-release' is ignored for programs" - - $preload \ - && test unknown,unknown,unknown = "$dlopen_support,$dlopen_self,$dlopen_self_static" \ - && func_warning "'LT_INIT([dlopen])' not used. Assuming no dlopen support." - - case $host in - *-*-rhapsody* | *-*-darwin1.[012]) - # On Rhapsody replace the C library is the System framework - compile_deplibs=`$ECHO " $compile_deplibs" | $SED 's/ -lc / System.ltframework /'` - finalize_deplibs=`$ECHO " $finalize_deplibs" | $SED 's/ -lc / System.ltframework /'` - ;; - esac - - case $host in - *-*-darwin*) - # Don't allow lazy linking, it breaks C++ global constructors - # But is supposedly fixed on 10.4 or later (yay!). - if test CXX = "$tagname"; then - case ${MACOSX_DEPLOYMENT_TARGET-10.0} in - 10.[0123]) - func_append compile_command " $wl-bind_at_load" - func_append finalize_command " $wl-bind_at_load" - ;; - esac - fi - # Time to change all our "foo.ltframework" stuff back to "-framework foo" - compile_deplibs=`$ECHO " $compile_deplibs" | $SED 's% \([^ $]*\).ltframework% -framework \1%g'` - finalize_deplibs=`$ECHO " $finalize_deplibs" | $SED 's% \([^ $]*\).ltframework% -framework \1%g'` - ;; - esac - - - # move library search paths that coincide with paths to not yet - # installed libraries to the beginning of the library search list - new_libs= - for path in $notinst_path; do - case " $new_libs " in - *" -L$path/$objdir "*) ;; - *) - case " $compile_deplibs " in - *" -L$path/$objdir "*) - func_append new_libs " -L$path/$objdir" ;; - esac - ;; - esac - done - for deplib in $compile_deplibs; do - case $deplib in - -L*) - case " $new_libs " in - *" $deplib "*) ;; - *) func_append new_libs " $deplib" ;; - esac - ;; - *) func_append new_libs " $deplib" ;; - esac - done - compile_deplibs=$new_libs - - - func_append compile_command " $compile_deplibs" - func_append finalize_command " $finalize_deplibs" - - if test -n "$rpath$xrpath"; then - # If the user specified any rpath flags, then add them. - for libdir in $rpath $xrpath; do - # This is the magic to use -rpath. - case "$finalize_rpath " in - *" $libdir "*) ;; - *) func_append finalize_rpath " $libdir" ;; - esac - done - fi - - # Now hardcode the library paths - rpath= - hardcode_libdirs= - for libdir in $compile_rpath $finalize_rpath; do - if test -n "$hardcode_libdir_flag_spec"; then - if test -n "$hardcode_libdir_separator"; then - if test -z "$hardcode_libdirs"; then - hardcode_libdirs=$libdir - else - # Just accumulate the unique libdirs. - case $hardcode_libdir_separator$hardcode_libdirs$hardcode_libdir_separator in - *"$hardcode_libdir_separator$libdir$hardcode_libdir_separator"*) - ;; - *) - func_append hardcode_libdirs "$hardcode_libdir_separator$libdir" - ;; - esac - fi - else - eval flag=\"$hardcode_libdir_flag_spec\" - func_append rpath " $flag" - fi - elif test -n "$runpath_var"; then - case "$perm_rpath " in - *" $libdir "*) ;; - *) func_append perm_rpath " $libdir" ;; - esac - fi - case $host in - *-*-cygwin* | *-*-mingw* | *-*-pw32* | *-*-os2* | *-cegcc*) - testbindir=`$ECHO "$libdir" | $SED -e 's*/lib$*/bin*'` - case :$dllsearchpath: in - *":$libdir:"*) ;; - ::) dllsearchpath=$libdir;; - *) func_append dllsearchpath ":$libdir";; - esac - case :$dllsearchpath: in - *":$testbindir:"*) ;; - ::) dllsearchpath=$testbindir;; - *) func_append dllsearchpath ":$testbindir";; - esac - ;; - esac - done - # Substitute the hardcoded libdirs into the rpath. - if test -n "$hardcode_libdir_separator" && - test -n "$hardcode_libdirs"; then - libdir=$hardcode_libdirs - eval rpath=\" $hardcode_libdir_flag_spec\" - fi - compile_rpath=$rpath - - rpath= - hardcode_libdirs= - for libdir in $finalize_rpath; do - if test -n "$hardcode_libdir_flag_spec"; then - if test -n "$hardcode_libdir_separator"; then - if test -z "$hardcode_libdirs"; then - hardcode_libdirs=$libdir - else - # Just accumulate the unique libdirs. - case $hardcode_libdir_separator$hardcode_libdirs$hardcode_libdir_separator in - *"$hardcode_libdir_separator$libdir$hardcode_libdir_separator"*) - ;; - *) - func_append hardcode_libdirs "$hardcode_libdir_separator$libdir" - ;; - esac - fi - else - eval flag=\"$hardcode_libdir_flag_spec\" - func_append rpath " $flag" - fi - elif test -n "$runpath_var"; then - case "$finalize_perm_rpath " in - *" $libdir "*) ;; - *) func_append finalize_perm_rpath " $libdir" ;; - esac - fi - done - # Substitute the hardcoded libdirs into the rpath. - if test -n "$hardcode_libdir_separator" && - test -n "$hardcode_libdirs"; then - libdir=$hardcode_libdirs - eval rpath=\" $hardcode_libdir_flag_spec\" - fi - finalize_rpath=$rpath - - if test -n "$libobjs" && test yes = "$build_old_libs"; then - # Transform all the library objects into standard objects. - compile_command=`$ECHO "$compile_command" | $SP2NL | $SED "$lo2o" | $NL2SP` - finalize_command=`$ECHO "$finalize_command" | $SP2NL | $SED "$lo2o" | $NL2SP` - fi - - func_generate_dlsyms "$outputname" "@PROGRAM@" false - - # template prelinking step - if test -n "$prelink_cmds"; then - func_execute_cmds "$prelink_cmds" 'exit $?' - fi - - wrappers_required=: - case $host in - *cegcc* | *mingw32ce*) - # Disable wrappers for cegcc and mingw32ce hosts, we are cross compiling anyway. - wrappers_required=false - ;; - *cygwin* | *mingw* ) - test yes = "$build_libtool_libs" || wrappers_required=false - ;; - *) - if test no = "$need_relink" || test yes != "$build_libtool_libs"; then - wrappers_required=false - fi - ;; - esac - $wrappers_required || { - # Replace the output file specification. - compile_command=`$ECHO "$compile_command" | $SED 's%@OUTPUT@%'"$output"'%g'` - link_command=$compile_command$compile_rpath - - # We have no uninstalled library dependencies, so finalize right now. - exit_status=0 - func_show_eval "$link_command" 'exit_status=$?' - - if test -n "$postlink_cmds"; then - func_to_tool_file "$output" - postlink_cmds=`func_echo_all "$postlink_cmds" | $SED -e 's%@OUTPUT@%'"$output"'%g' -e 's%@TOOL_OUTPUT@%'"$func_to_tool_file_result"'%g'` - func_execute_cmds "$postlink_cmds" 'exit $?' - fi - - # Delete the generated files. - if test -f "$output_objdir/${outputname}S.$objext"; then - func_show_eval '$RM "$output_objdir/${outputname}S.$objext"' - fi - - exit $exit_status - } - - if test -n "$compile_shlibpath$finalize_shlibpath"; then - compile_command="$shlibpath_var=\"$compile_shlibpath$finalize_shlibpath\$$shlibpath_var\" $compile_command" - fi - if test -n "$finalize_shlibpath"; then - finalize_command="$shlibpath_var=\"$finalize_shlibpath\$$shlibpath_var\" $finalize_command" - fi - - compile_var= - finalize_var= - if test -n "$runpath_var"; then - if test -n "$perm_rpath"; then - # We should set the runpath_var. - rpath= - for dir in $perm_rpath; do - func_append rpath "$dir:" - done - compile_var="$runpath_var=\"$rpath\$$runpath_var\" " - fi - if test -n "$finalize_perm_rpath"; then - # We should set the runpath_var. - rpath= - for dir in $finalize_perm_rpath; do - func_append rpath "$dir:" - done - finalize_var="$runpath_var=\"$rpath\$$runpath_var\" " - fi - fi - - if test yes = "$no_install"; then - # We don't need to create a wrapper script. - link_command=$compile_var$compile_command$compile_rpath - # Replace the output file specification. - link_command=`$ECHO "$link_command" | $SED 's%@OUTPUT@%'"$output"'%g'` - # Delete the old output file. - $opt_dry_run || $RM $output - # Link the executable and exit - func_show_eval "$link_command" 'exit $?' - - if test -n "$postlink_cmds"; then - func_to_tool_file "$output" - postlink_cmds=`func_echo_all "$postlink_cmds" | $SED -e 's%@OUTPUT@%'"$output"'%g' -e 's%@TOOL_OUTPUT@%'"$func_to_tool_file_result"'%g'` - func_execute_cmds "$postlink_cmds" 'exit $?' - fi - - exit $EXIT_SUCCESS - fi - - case $hardcode_action,$fast_install in - relink,*) - # Fast installation is not supported - link_command=$compile_var$compile_command$compile_rpath - relink_command=$finalize_var$finalize_command$finalize_rpath - - func_warning "this platform does not like uninstalled shared libraries" - func_warning "'$output' will be relinked during installation" - ;; - *,yes) - link_command=$finalize_var$compile_command$finalize_rpath - relink_command=`$ECHO "$compile_var$compile_command$compile_rpath" | $SED 's%@OUTPUT@%\$progdir/\$file%g'` - ;; - *,no) - link_command=$compile_var$compile_command$compile_rpath - relink_command=$finalize_var$finalize_command$finalize_rpath - ;; - *,needless) - link_command=$finalize_var$compile_command$finalize_rpath - relink_command= - ;; - esac - - # Replace the output file specification. - link_command=`$ECHO "$link_command" | $SED 's%@OUTPUT@%'"$output_objdir/$outputname"'%g'` - - # Delete the old output files. - $opt_dry_run || $RM $output $output_objdir/$outputname $output_objdir/lt-$outputname - - func_show_eval "$link_command" 'exit $?' - - if test -n "$postlink_cmds"; then - func_to_tool_file "$output_objdir/$outputname" - postlink_cmds=`func_echo_all "$postlink_cmds" | $SED -e 's%@OUTPUT@%'"$output_objdir/$outputname"'%g' -e 's%@TOOL_OUTPUT@%'"$func_to_tool_file_result"'%g'` - func_execute_cmds "$postlink_cmds" 'exit $?' - fi - - # Now create the wrapper script. - func_verbose "creating $output" - - # Quote the relink command for shipping. - if test -n "$relink_command"; then - # Preserve any variables that may affect compiler behavior - for var in $variables_saved_for_relink; do - if eval test -z \"\${$var+set}\"; then - relink_command="{ test -z \"\${$var+set}\" || $lt_unset $var || { $var=; export $var; }; }; $relink_command" - elif eval var_value=\$$var; test -z "$var_value"; then - relink_command="$var=; export $var; $relink_command" - else - func_quote_for_eval "$var_value" - relink_command="$var=$func_quote_for_eval_result; export $var; $relink_command" - fi - done - relink_command="(cd `pwd`; $relink_command)" - relink_command=`$ECHO "$relink_command" | $SED "$sed_quote_subst"` - fi - - # Only actually do things if not in dry run mode. - $opt_dry_run || { - # win32 will think the script is a binary if it has - # a .exe suffix, so we strip it off here. - case $output in - *.exe) func_stripname '' '.exe' "$output" - output=$func_stripname_result ;; - esac - # test for cygwin because mv fails w/o .exe extensions - case $host in - *cygwin*) - exeext=.exe - func_stripname '' '.exe' "$outputname" - outputname=$func_stripname_result ;; - *) exeext= ;; - esac - case $host in - *cygwin* | *mingw* ) - func_dirname_and_basename "$output" "" "." - output_name=$func_basename_result - output_path=$func_dirname_result - cwrappersource=$output_path/$objdir/lt-$output_name.c - cwrapper=$output_path/$output_name.exe - $RM $cwrappersource $cwrapper - trap "$RM $cwrappersource $cwrapper; exit $EXIT_FAILURE" 1 2 15 - - func_emit_cwrapperexe_src > $cwrappersource - - # The wrapper executable is built using the $host compiler, - # because it contains $host paths and files. If cross- - # compiling, it, like the target executable, must be - # executed on the $host or under an emulation environment. - $opt_dry_run || { - $LTCC $LTCFLAGS -o $cwrapper $cwrappersource - $STRIP $cwrapper - } - - # Now, create the wrapper script for func_source use: - func_ltwrapper_scriptname $cwrapper - $RM $func_ltwrapper_scriptname_result - trap "$RM $func_ltwrapper_scriptname_result; exit $EXIT_FAILURE" 1 2 15 - $opt_dry_run || { - # note: this script will not be executed, so do not chmod. - if test "x$build" = "x$host"; then - $cwrapper --lt-dump-script > $func_ltwrapper_scriptname_result - else - func_emit_wrapper no > $func_ltwrapper_scriptname_result - fi - } - ;; - * ) - $RM $output - trap "$RM $output; exit $EXIT_FAILURE" 1 2 15 - - func_emit_wrapper no > $output - chmod +x $output - ;; - esac - } - exit $EXIT_SUCCESS - ;; - esac - - # See if we need to build an old-fashioned archive. - for oldlib in $oldlibs; do - - case $build_libtool_libs in - convenience) - oldobjs="$libobjs_save $symfileobj" - addlibs=$convenience - build_libtool_libs=no - ;; - module) - oldobjs=$libobjs_save - addlibs=$old_convenience - build_libtool_libs=no - ;; - *) - oldobjs="$old_deplibs $non_pic_objects" - $preload && test -f "$symfileobj" \ - && func_append oldobjs " $symfileobj" - addlibs=$old_convenience - ;; - esac - - if test -n "$addlibs"; then - gentop=$output_objdir/${outputname}x - func_append generated " $gentop" - - func_extract_archives $gentop $addlibs - func_append oldobjs " $func_extract_archives_result" - fi - - # Do each command in the archive commands. - if test -n "$old_archive_from_new_cmds" && test yes = "$build_libtool_libs"; then - cmds=$old_archive_from_new_cmds - else - - # Add any objects from preloaded convenience libraries - if test -n "$dlprefiles"; then - gentop=$output_objdir/${outputname}x - func_append generated " $gentop" - - func_extract_archives $gentop $dlprefiles - func_append oldobjs " $func_extract_archives_result" - fi - - # POSIX demands no paths to be encoded in archives. We have - # to avoid creating archives with duplicate basenames if we - # might have to extract them afterwards, e.g., when creating a - # static archive out of a convenience library, or when linking - # the entirety of a libtool archive into another (currently - # not supported by libtool). - if (for obj in $oldobjs - do - func_basename "$obj" - $ECHO "$func_basename_result" - done | sort | sort -uc >/dev/null 2>&1); then - : - else - echo "copying selected object files to avoid basename conflicts..." - gentop=$output_objdir/${outputname}x - func_append generated " $gentop" - func_mkdir_p "$gentop" - save_oldobjs=$oldobjs - oldobjs= - counter=1 - for obj in $save_oldobjs - do - func_basename "$obj" - objbase=$func_basename_result - case " $oldobjs " in - " ") oldobjs=$obj ;; - *[\ /]"$objbase "*) - while :; do - # Make sure we don't pick an alternate name that also - # overlaps. - newobj=lt$counter-$objbase - func_arith $counter + 1 - counter=$func_arith_result - case " $oldobjs " in - *[\ /]"$newobj "*) ;; - *) if test ! -f "$gentop/$newobj"; then break; fi ;; - esac - done - func_show_eval "ln $obj $gentop/$newobj || cp $obj $gentop/$newobj" - func_append oldobjs " $gentop/$newobj" - ;; - *) func_append oldobjs " $obj" ;; - esac - done - fi - func_to_tool_file "$oldlib" func_convert_file_msys_to_w32 - tool_oldlib=$func_to_tool_file_result - eval cmds=\"$old_archive_cmds\" - - func_len " $cmds" - len=$func_len_result - if test "$len" -lt "$max_cmd_len" || test "$max_cmd_len" -le -1; then - cmds=$old_archive_cmds - elif test -n "$archiver_list_spec"; then - func_verbose "using command file archive linking..." - for obj in $oldobjs - do - func_to_tool_file "$obj" - $ECHO "$func_to_tool_file_result" - done > $output_objdir/$libname.libcmd - func_to_tool_file "$output_objdir/$libname.libcmd" - oldobjs=" $archiver_list_spec$func_to_tool_file_result" - cmds=$old_archive_cmds - else - # the command line is too long to link in one step, link in parts - func_verbose "using piecewise archive linking..." - save_RANLIB=$RANLIB - RANLIB=: - objlist= - concat_cmds= - save_oldobjs=$oldobjs - oldobjs= - # Is there a better way of finding the last object in the list? - for obj in $save_oldobjs - do - last_oldobj=$obj - done - eval test_cmds=\"$old_archive_cmds\" - func_len " $test_cmds" - len0=$func_len_result - len=$len0 - for obj in $save_oldobjs - do - func_len " $obj" - func_arith $len + $func_len_result - len=$func_arith_result - func_append objlist " $obj" - if test "$len" -lt "$max_cmd_len"; then - : - else - # the above command should be used before it gets too long - oldobjs=$objlist - if test "$obj" = "$last_oldobj"; then - RANLIB=$save_RANLIB - fi - test -z "$concat_cmds" || concat_cmds=$concat_cmds~ - eval concat_cmds=\"\$concat_cmds$old_archive_cmds\" - objlist= - len=$len0 - fi - done - RANLIB=$save_RANLIB - oldobjs=$objlist - if test -z "$oldobjs"; then - eval cmds=\"\$concat_cmds\" - else - eval cmds=\"\$concat_cmds~\$old_archive_cmds\" - fi - fi - fi - func_execute_cmds "$cmds" 'exit $?' - done - - test -n "$generated" && \ - func_show_eval "${RM}r$generated" - - # Now create the libtool archive. - case $output in - *.la) - old_library= - test yes = "$build_old_libs" && old_library=$libname.$libext - func_verbose "creating $output" - - # Preserve any variables that may affect compiler behavior - for var in $variables_saved_for_relink; do - if eval test -z \"\${$var+set}\"; then - relink_command="{ test -z \"\${$var+set}\" || $lt_unset $var || { $var=; export $var; }; }; $relink_command" - elif eval var_value=\$$var; test -z "$var_value"; then - relink_command="$var=; export $var; $relink_command" - else - func_quote_for_eval "$var_value" - relink_command="$var=$func_quote_for_eval_result; export $var; $relink_command" - fi - done - # Quote the link command for shipping. - relink_command="(cd `pwd`; $SHELL \"$progpath\" $preserve_args --mode=relink $libtool_args @inst_prefix_dir@)" - relink_command=`$ECHO "$relink_command" | $SED "$sed_quote_subst"` - if test yes = "$hardcode_automatic"; then - relink_command= - fi - - # Only create the output if not a dry run. - $opt_dry_run || { - for installed in no yes; do - if test yes = "$installed"; then - if test -z "$install_libdir"; then - break - fi - output=$output_objdir/${outputname}i - # Replace all uninstalled libtool libraries with the installed ones - newdependency_libs= - for deplib in $dependency_libs; do - case $deplib in - *.la) - func_basename "$deplib" - name=$func_basename_result - func_resolve_sysroot "$deplib" - eval libdir=`$SED -n -e 's/^libdir=\(.*\)$/\1/p' $func_resolve_sysroot_result` - test -z "$libdir" && \ - func_fatal_error "'$deplib' is not a valid libtool archive" - func_append newdependency_libs " ${lt_sysroot:+=}$libdir/$name" - ;; - -L*) - func_stripname -L '' "$deplib" - func_replace_sysroot "$func_stripname_result" - func_append newdependency_libs " -L$func_replace_sysroot_result" - ;; - -R*) - func_stripname -R '' "$deplib" - func_replace_sysroot "$func_stripname_result" - func_append newdependency_libs " -R$func_replace_sysroot_result" - ;; - *) func_append newdependency_libs " $deplib" ;; - esac - done - dependency_libs=$newdependency_libs - newdlfiles= - - for lib in $dlfiles; do - case $lib in - *.la) - func_basename "$lib" - name=$func_basename_result - eval libdir=`$SED -n -e 's/^libdir=\(.*\)$/\1/p' $lib` - test -z "$libdir" && \ - func_fatal_error "'$lib' is not a valid libtool archive" - func_append newdlfiles " ${lt_sysroot:+=}$libdir/$name" - ;; - *) func_append newdlfiles " $lib" ;; - esac - done - dlfiles=$newdlfiles - newdlprefiles= - for lib in $dlprefiles; do - case $lib in - *.la) - # Only pass preopened files to the pseudo-archive (for - # eventual linking with the app. that links it) if we - # didn't already link the preopened objects directly into - # the library: - func_basename "$lib" - name=$func_basename_result - eval libdir=`$SED -n -e 's/^libdir=\(.*\)$/\1/p' $lib` - test -z "$libdir" && \ - func_fatal_error "'$lib' is not a valid libtool archive" - func_append newdlprefiles " ${lt_sysroot:+=}$libdir/$name" - ;; - esac - done - dlprefiles=$newdlprefiles - else - newdlfiles= - for lib in $dlfiles; do - case $lib in - [\\/]* | [A-Za-z]:[\\/]*) abs=$lib ;; - *) abs=`pwd`"/$lib" ;; - esac - func_append newdlfiles " $abs" - done - dlfiles=$newdlfiles - newdlprefiles= - for lib in $dlprefiles; do - case $lib in - [\\/]* | [A-Za-z]:[\\/]*) abs=$lib ;; - *) abs=`pwd`"/$lib" ;; - esac - func_append newdlprefiles " $abs" - done - dlprefiles=$newdlprefiles - fi - $RM $output - # place dlname in correct position for cygwin - # In fact, it would be nice if we could use this code for all target - # systems that can't hard-code library paths into their executables - # and that have no shared library path variable independent of PATH, - # but it turns out we can't easily determine that from inspecting - # libtool variables, so we have to hard-code the OSs to which it - # applies here; at the moment, that means platforms that use the PE - # object format with DLL files. See the long comment at the top of - # tests/bindir.at for full details. - tdlname=$dlname - case $host,$output,$installed,$module,$dlname in - *cygwin*,*lai,yes,no,*.dll | *mingw*,*lai,yes,no,*.dll | *cegcc*,*lai,yes,no,*.dll) - # If a -bindir argument was supplied, place the dll there. - if test -n "$bindir"; then - func_relative_path "$install_libdir" "$bindir" - tdlname=$func_relative_path_result/$dlname - else - # Otherwise fall back on heuristic. - tdlname=../bin/$dlname - fi - ;; - esac - $ECHO > $output "\ -# $outputname - a libtool library file -# Generated by $PROGRAM (GNU $PACKAGE) $VERSION -# -# Please DO NOT delete this file! -# It is necessary for linking the library. - -# The name that we can dlopen(3). -dlname='$tdlname' - -# Names of this library. -library_names='$library_names' - -# The name of the static archive. -old_library='$old_library' - -# Linker flags that cannot go in dependency_libs. -inherited_linker_flags='$new_inherited_linker_flags' - -# Libraries that this one depends upon. -dependency_libs='$dependency_libs' - -# Names of additional weak libraries provided by this library -weak_library_names='$weak_libs' - -# Version information for $libname. -current=$current -age=$age -revision=$revision - -# Is this an already installed library? -installed=$installed - -# Should we warn about portability when linking against -modules? -shouldnotlink=$module - -# Files to dlopen/dlpreopen -dlopen='$dlfiles' -dlpreopen='$dlprefiles' - -# Directory that this library needs to be installed in: -libdir='$install_libdir'" - if test no,yes = "$installed,$need_relink"; then - $ECHO >> $output "\ -relink_command=\"$relink_command\"" - fi - done - } - - # Do a symbolic link so that the libtool archive can be found in - # LD_LIBRARY_PATH before the program is installed. - func_show_eval '( cd "$output_objdir" && $RM "$outputname" && $LN_S "../$outputname" "$outputname" )' 'exit $?' - ;; - esac - exit $EXIT_SUCCESS -} - -if test link = "$opt_mode" || test relink = "$opt_mode"; then - func_mode_link ${1+"$@"} -fi - - -# func_mode_uninstall arg... -func_mode_uninstall () -{ - $debug_cmd - - RM=$nonopt - files= - rmforce=false - exit_status=0 - - # This variable tells wrapper scripts just to set variables rather - # than running their programs. - libtool_install_magic=$magic - - for arg - do - case $arg in - -f) func_append RM " $arg"; rmforce=: ;; - -*) func_append RM " $arg" ;; - *) func_append files " $arg" ;; - esac - done - - test -z "$RM" && \ - func_fatal_help "you must specify an RM program" - - rmdirs= - - for file in $files; do - func_dirname "$file" "" "." - dir=$func_dirname_result - if test . = "$dir"; then - odir=$objdir - else - odir=$dir/$objdir - fi - func_basename "$file" - name=$func_basename_result - test uninstall = "$opt_mode" && odir=$dir - - # Remember odir for removal later, being careful to avoid duplicates - if test clean = "$opt_mode"; then - case " $rmdirs " in - *" $odir "*) ;; - *) func_append rmdirs " $odir" ;; - esac - fi - - # Don't error if the file doesn't exist and rm -f was used. - if { test -L "$file"; } >/dev/null 2>&1 || - { test -h "$file"; } >/dev/null 2>&1 || - test -f "$file"; then - : - elif test -d "$file"; then - exit_status=1 - continue - elif $rmforce; then - continue - fi - - rmfiles=$file - - case $name in - *.la) - # Possibly a libtool archive, so verify it. - if func_lalib_p "$file"; then - func_source $dir/$name - - # Delete the libtool libraries and symlinks. - for n in $library_names; do - func_append rmfiles " $odir/$n" - done - test -n "$old_library" && func_append rmfiles " $odir/$old_library" - - case $opt_mode in - clean) - case " $library_names " in - *" $dlname "*) ;; - *) test -n "$dlname" && func_append rmfiles " $odir/$dlname" ;; - esac - test -n "$libdir" && func_append rmfiles " $odir/$name $odir/${name}i" - ;; - uninstall) - if test -n "$library_names"; then - # Do each command in the postuninstall commands. - func_execute_cmds "$postuninstall_cmds" '$rmforce || exit_status=1' - fi - - if test -n "$old_library"; then - # Do each command in the old_postuninstall commands. - func_execute_cmds "$old_postuninstall_cmds" '$rmforce || exit_status=1' - fi - # FIXME: should reinstall the best remaining shared library. - ;; - esac - fi - ;; - - *.lo) - # Possibly a libtool object, so verify it. - if func_lalib_p "$file"; then - - # Read the .lo file - func_source $dir/$name - - # Add PIC object to the list of files to remove. - if test -n "$pic_object" && test none != "$pic_object"; then - func_append rmfiles " $dir/$pic_object" - fi - - # Add non-PIC object to the list of files to remove. - if test -n "$non_pic_object" && test none != "$non_pic_object"; then - func_append rmfiles " $dir/$non_pic_object" - fi - fi - ;; - - *) - if test clean = "$opt_mode"; then - noexename=$name - case $file in - *.exe) - func_stripname '' '.exe' "$file" - file=$func_stripname_result - func_stripname '' '.exe' "$name" - noexename=$func_stripname_result - # $file with .exe has already been added to rmfiles, - # add $file without .exe - func_append rmfiles " $file" - ;; - esac - # Do a test to see if this is a libtool program. - if func_ltwrapper_p "$file"; then - if func_ltwrapper_executable_p "$file"; then - func_ltwrapper_scriptname "$file" - relink_command= - func_source $func_ltwrapper_scriptname_result - func_append rmfiles " $func_ltwrapper_scriptname_result" - else - relink_command= - func_source $dir/$noexename - fi - - # note $name still contains .exe if it was in $file originally - # as does the version of $file that was added into $rmfiles - func_append rmfiles " $odir/$name $odir/${name}S.$objext" - if test yes = "$fast_install" && test -n "$relink_command"; then - func_append rmfiles " $odir/lt-$name" - fi - if test "X$noexename" != "X$name"; then - func_append rmfiles " $odir/lt-$noexename.c" - fi - fi - fi - ;; - esac - func_show_eval "$RM $rmfiles" 'exit_status=1' - done - - # Try to remove the $objdir's in the directories where we deleted files - for dir in $rmdirs; do - if test -d "$dir"; then - func_show_eval "rmdir $dir >/dev/null 2>&1" - fi - done - - exit $exit_status -} - -if test uninstall = "$opt_mode" || test clean = "$opt_mode"; then - func_mode_uninstall ${1+"$@"} -fi - -test -z "$opt_mode" && { - help=$generic_help - func_fatal_help "you must specify a MODE" -} - -test -z "$exec_cmd" && \ - func_fatal_help "invalid operation mode '$opt_mode'" - -if test -n "$exec_cmd"; then - eval exec "$exec_cmd" - exit $EXIT_FAILURE -fi - -exit $exit_status - - -# The TAGs below are defined such that we never get into a situation -# where we disable both kinds of libraries. Given conflicting -# choices, we go for a static library, that is the most portable, -# since we can't tell whether shared libraries were disabled because -# the user asked for that or because the platform doesn't support -# them. This is particularly important on AIX, because we don't -# support having both static and shared libraries enabled at the same -# time on that platform, so we default to a shared-only configuration. -# If a disable-shared tag is given, we'll fallback to a static-only -# configuration. But we'll never go from static-only to shared-only. - -# ### BEGIN LIBTOOL TAG CONFIG: disable-shared -build_libtool_libs=no -build_old_libs=yes -# ### END LIBTOOL TAG CONFIG: disable-shared - -# ### BEGIN LIBTOOL TAG CONFIG: disable-static -build_old_libs=`case $build_libtool_libs in yes) echo no;; *) echo yes;; esac` -# ### END LIBTOOL TAG CONFIG: disable-static - -# Local Variables: -# mode:shell-script -# sh-indentation:2 -# End: diff --git a/external/unbound/makedist.sh b/external/unbound/makedist.sh deleted file mode 100755 index 5f19dfb68..000000000 --- a/external/unbound/makedist.sh +++ /dev/null @@ -1,460 +0,0 @@ -#!/bin/sh - -# Build unbound distribution tar from the SVN repository. -# -# Copyright (c) 2007, NLnet Labs. All rights reserved. -# -# This software is open source. -# -# Redistribution and use in source and binary forms, with or without -# modification, are permitted provided that the following conditions -# are met: -# -# Redistributions of source code must retain the above copyright notice, -# this list of conditions and the following disclaimer. -# -# Redistributions in binary form must reproduce the above copyright notice, -# this list of conditions and the following disclaimer in the documentation -# and/or other materials provided with the distribution. -# -# Neither the name of the NLNET LABS nor the names of its contributors may -# be used to endorse or promote products derived from this software without -# specific prior written permission. -# -# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS -# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT -# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR -# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT -# HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED -# TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR -# PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF -# LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING -# NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS -# SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - -# Abort script on unexpected errors. -set -e - -# Remember the current working directory. -cwd=`pwd` - -# Utility functions. -usage () { - cat >&2 < Build a release candidate, the given string will be added - to the version number - (which will then be unbound-rc) - -d SVN_root Retrieve the unbound source from the specified repository. - Detected from svn working copy if not specified. - -wssl openssl.xx.tar.gz Also build openssl from tarball for windows dist. - -wxp expat.xx.tar.gz Also build expat from tarball for windows dist. - -w ... Build windows binary dist. last args passed to configure. -EOF - exit 1 -} - -info () { - echo "$0: info: $1" -} - -error () { - echo "$0: error: $1" >&2 - exit 1 -} - -question () { - printf "%s (y/n) " "$*" - read answer - case "$answer" in - [Yy]|[Yy][Ee][Ss]) - return 0 - ;; - *) - return 1 - ;; - esac -} - -# Only use cleanup and error_cleanup after generating the temporary -# working directory. -cleanup () { - info "Deleting temporary working directory." - cd $cwd && rm -rf $temp_dir -} - -error_cleanup () { - echo "$0: error: $1" >&2 - cleanup - exit 1 -} - -replace_text () { - (cp "$1" "$1".orig && \ - sed -e "s/$2/$3/g" < "$1".orig > "$1" && \ - rm "$1".orig) || error_cleanup "Replacement for $1 failed." -} - -replace_all () { - info "Updating '$1' with the version number." - replace_text "$1" "@version@" "$version" - info "Updating '$1' with today's date." - replace_text "$1" "@date@" "`date +'%b %e, %Y'`" -} - -replace_version () { - local v1=`echo $2 | sed -e 's/^.*\..*\.//'` - local v2=`echo $3 | sed -e 's/^.*\..*\.//'` - replace_text "$1" "VERSION_MICRO\],\[$v1" "VERSION_MICRO\],\[$v2" -} - -check_svn_root () { - # Check if SVNROOT is specified. - if [ -z "$SVNROOT" ]; then - if svn info 2>&1 | grep "not a working copy" >/dev/null; then - if test -z "$SVNROOT"; then - error "SVNROOT must be specified (using -d)" - fi - else - eval `svn info | grep 'URL:' | sed -e 's/URL: /url=/' | head -1` - SVNROOT="$url" - fi - fi -} - -create_temp_dir () { - # Creating temp directory - info "Creating temporary working directory" - temp_dir=`mktemp -d unbound-dist-XXXXXX` - info "Directory '$temp_dir' created." - cd $temp_dir -} - -# pass filename as $1 arg. -# creates file.sha1 and file.sha256 -storehash () { - case $OSTYPE in - linux*) - sha=`sha1sum $1 | awk '{ print $1 }'` - sha256=`sha256sum $1 | awk '{ print $1 }'` - ;; - freebsd*) - sha=`sha1 $1 | awk '{ print $5 }'` - sha256=`sha256 $1 | awk '{ print $5 }'` - ;; - *) - # in case $OSTYPE is gone. - case `uname` in - Linux*) - sha=`sha1sum $1 | awk '{ print $1 }'` - sha256=`sha256sum $1 | awk '{ print $1 }'` - ;; - FreeBSD*) - sha=`sha1 $1 | awk '{ print $5 }'` - sha256=`sha256 $1 | awk '{ print $5 }'` - ;; - *) - sha=`sha1sum $1 | awk '{ print $1 }'` - sha256=`sha256sum $1 | awk '{ print $1 }'` - ;; - esac - ;; - esac - echo $sha > $1.sha1 - echo $sha256 > $1.sha256 - echo "hash of $1.{sha1,sha256}" - echo "sha1 $sha" - echo "sha256 $sha256" -} - - -SNAPSHOT="no" -RC="no" -DOWIN="no" -WINSSL="" -WINEXPAT="" - -# Parse the command line arguments. -while [ "$1" ]; do - case "$1" in - "-h") - usage - ;; - "-d") - SVNROOT="$2" - shift - ;; - "-s") - SNAPSHOT="yes" - ;; - "-wssl") - WINSSL="$2" - shift - ;; - "-wxp") - WINEXPAT="$2" - shift - ;; - "-w") - DOWIN="yes" - shift - break - ;; - "-rc") - RC="$2" - shift - ;; - *) - error "Unrecognized argument -- $1" - ;; - esac - shift -done - -if [ "$DOWIN" = "yes" ]; then - # detect crosscompile, from Fedora13 at this point. - if test "`uname`" = "Linux"; then - info "Crosscompile windows dist" - cross="yes" - configure="mingw32-configure" - strip="i686-w64-mingw32-strip" - makensis="makensis" # from mingw32-nsis package - # flags for crosscompiled dependency libraries - cross_flag="" - - check_svn_root - create_temp_dir - - # crosscompile openssl for windows. - if test -n "$WINSSL"; then - info "Cross compile $WINSSL" - info "winssl tar unpack" - (cd ..; gzip -cd $WINSSL) | tar xf - || error_cleanup "tar unpack of $WINSSL failed" - sslinstall="`pwd`/sslinstall" - cd openssl-* || error_cleanup "no openssl-X dir in tarball" - # configure for crosscompile, without CAPI because it fails - # cross-compilation and it is not used anyway - # before 1.0.1i need --cross-compile-prefix=i686-w64-mingw32- - sslflags="no-asm -DOPENSSL_NO_CAPIENG mingw" - info "winssl: Configure $sslflags" - CC=i686-w64-mingw32-gcc AR=i686-w64-mingw32-ar RANLIB=i686-w64-mingw32-ranlib ./Configure --prefix="$sslinstall" $sslflags || error_cleanup "OpenSSL Configure failed" - info "winssl: make" - make || error_cleanup "OpenSSL crosscompile failed" - # only install sw not docs, which take a long time. - info "winssl: make install_sw" - make install_sw || error_cleanup "OpenSSL install failed" - cross_flag="$cross_flag --with-ssl=$sslinstall" - cd .. - fi - - if test -n "$WINEXPAT"; then - info "Cross compile $WINEXPAT" - info "wxp: tar unpack" - (cd ..; gzip -cd $WINEXPAT) | tar xf - || error_cleanup "tar unpack of $WINEXPAT failed" - wxpinstall="`pwd`/wxpinstall" - cd expat-* || error_cleanup "no expat-X dir in tarball" - info "wxp: configure" - mingw32-configure --prefix="$wxpinstall" --exec-prefix="$wxpinstall" --bindir="$wxpinstall/bin" --includedir="$wxpinstall/include" --mandir="$wxpinstall/man" --libdir="$wxpinstall/lib" || error_cleanup "libexpat configure failed" - #info "wxp: make" - #make || error_cleanup "libexpat crosscompile failed" - info "wxp: make installlib" - make installlib || error_cleanup "libexpat install failed" - cross_flag="$cross_flag --with-libexpat=$wxpinstall" - cd .. - fi - - info "SVNROOT is $SVNROOT" - info "Exporting source from SVN." - svn export "$SVNROOT" unbound || error_cleanup "SVN command failed" - cd unbound || error_cleanup "Unbound not exported correctly from SVN" - - # on a re-configure the cache may no longer be valid... - if test -f mingw32-config.cache; then rm mingw32-config.cache; fi - else - cross="no" # mingw and msys - cross_flag="" - configure="./configure" - strip="strip" - makensis="c:/Program Files/NSIS/makensis.exe" # http://nsis.sf.net - fi - - # version gets compiled into source, edit the configure to set it - version=`./configure --version | head -1 | awk '{ print $3 }'` \ - || error_cleanup "Cannot determine version number." - if [ "$RC" != "no" -o "$SNAPSHOT" != "no" ]; then - if [ "$RC" != "no" ]; then - version2=`echo $version | sed -e 's/rc.*$//' -e 's/_20.*$//'` - version2=`echo $version2 | sed -e 's/rc.*//'`"rc$RC" - fi - if [ "$SNAPSHOT" != "no" ]; then - version2=`echo $version | sed -e 's/rc.*$//' -e 's/_20.*$//'` - version2="${version2}_`date +%Y%m%d`" - fi - replace_version "configure.ac" "$version" "$version2" - version="$version2" - info "Rebuilding configure script (autoconf) snapshot." - autoconf || error_cleanup "Autoconf failed." - autoheader || error_cleanup "Autoheader failed." - rm -r autom4te* || echo "ignored" - fi - - # procedure for making unbound installer on mingw. - info "Creating windows dist unbound $version" - info "Calling configure" - echo "$configure"' --enable-debug --enable-static-exe '"$* $cross_flag" - $configure --enable-debug --enable-static-exe $* $cross_flag \ - || error_cleanup "Could not configure" - info "Calling make" - make || error_cleanup "Could not make" - info "Make complete" - - info "Unbound version: $version" - file="unbound-$version.zip" - rm -f $file - info "Creating $file" - mkdir tmp.$$ - $strip unbound.exe - $strip anchor-update.exe - $strip unbound-control.exe - $strip unbound-host.exe - $strip unbound-anchor.exe - $strip unbound-checkconf.exe - $strip unbound-service-install.exe - $strip unbound-service-remove.exe - cd tmp.$$ - cp ../doc/example.conf ../doc/Changelog . - cp ../unbound.exe ../unbound-anchor.exe ../unbound-host.exe ../unbound-control.exe ../unbound-checkconf.exe ../unbound-service-install.exe ../unbound-service-remove.exe ../LICENSE ../winrc/unbound-control-setup.cmd ../winrc/unbound-website.url ../winrc/service.conf ../winrc/README.txt ../contrib/create_unbound_ad_servers.cmd ../contrib/warmup.cmd ../contrib/unbound_cache.cmd . - # zipfile - zip ../$file LICENSE README.txt unbound.exe unbound-anchor.exe unbound-host.exe unbound-control.exe unbound-checkconf.exe unbound-service-install.exe unbound-service-remove.exe unbound-control-setup.cmd example.conf service.conf unbound-website.url create_unbound_ad_servers.cmd warmup.cmd unbound_cache.cmd Changelog - info "Testing $file" - (cd .. ; zip -T $file ) - # installer - info "Creating installer" - quadversion=`cat ../config.h | grep RSRC_PACKAGE_VERSION | sed -e 's/#define RSRC_PACKAGE_VERSION //' -e 's/,/\\./g'` - cat ../winrc/setup.nsi | sed -e 's/define VERSION.*$/define VERSION "'$version'"/' -e 's/define QUADVERSION.*$/define QUADVERSION "'$quadversion'"/' > ../winrc/setup_ed.nsi - "$makensis" ../winrc/setup_ed.nsi - info "Created installer" - cd .. - rm -rf tmp.$$ - mv winrc/unbound_setup_$version.exe . - if test "$cross" = "yes"; then - mv unbound_setup_$version.exe $cwd/. - mv unbound-$version.zip $cwd/. - cleanup - fi - storehash unbound_setup_$version.exe - storehash unbound-$version.zip - ls -lG unbound_setup_$version.exe - ls -lG unbound-$version.zip - info "Done" - exit 0 -fi - -check_svn_root - -# Start the packaging process. -info "SVNROOT is $SVNROOT" -info "SNAPSHOT is $SNAPSHOT" - -#question "Do you wish to continue with these settings?" || error "User abort." - -create_temp_dir - -info "Exporting source from SVN." -svn export "$SVNROOT" unbound || error_cleanup "SVN command failed" - -cd unbound || error_cleanup "Unbound not exported correctly from SVN" - -info "Adding libtool utils (libtoolize)." -libtoolize -c --install || libtoolize -c || error_cleanup "Libtoolize failed." - -info "Building configure script (autoreconf)." -autoreconf || error_cleanup "Autoconf failed." - -rm -r autom4te* || error_cleanup "Failed to remove autoconf cache directory." - -info "Building lexer and parser." -echo "#include \"config.h\"" > util/configlexer.c || error_cleanup "Failed to create configlexer" -echo "#include \"util/configyyrename.h\"" >> util/configlexer.c || error_cleanup "Failed to create configlexer" -flex -i -t util/configlexer.lex >> util/configlexer.c || error_cleanup "Failed to create configlexer" -if test -x `which bison` 2>&1; then YACC=bison; else YACC=yacc; fi -$YACC -y -d -o util/configparser.c util/configparser.y || error_cleanup "Failed to create configparser" - -find . -name .c-mode-rc.el -exec rm {} \; -find . -name .cvsignore -exec rm {} \; -rm makedist.sh || error_cleanup "Failed to remove makedist.sh." - -info "Determining Unbound version." -version=`./configure --version | head -1 | awk '{ print $3 }'` || \ - error_cleanup "Cannot determine version number." - -info "Unbound version: $version" - -RECONFIGURE="no" - -if [ "$RC" != "no" ]; then - info "Building Unbound release candidate $RC." - version2="${version}rc$RC" - info "Version number: $version2" - - replace_version "configure.ac" "$version" "$version2" - version="$version2" - RECONFIGURE="yes" -fi - -if [ "$SNAPSHOT" = "yes" ]; then - info "Building Unbound snapshot." - version2="${version}_`date +%Y%m%d`" - info "Snapshot version number: $version2" - - replace_version "configure.ac" "$version" "$version2" - version="$version2" - RECONFIGURE="yes" -fi - -if [ "$RECONFIGURE" = "yes" ]; then - info "Rebuilding configure script (autoconf) snapshot." - autoreconf || error_cleanup "Autoconf failed." - rm -r autom4te* || error_cleanup "Failed to remove autoconf cache directory." -fi - -replace_all doc/README -replace_all doc/unbound.8.in -replace_all doc/unbound.conf.5.in -replace_all doc/unbound-checkconf.8.in -replace_all doc/unbound-control.8.in -replace_all doc/unbound-anchor.8.in -replace_all doc/unbound-host.1.in -replace_all doc/example.conf.in -replace_all doc/libunbound.3.in - -info "Renaming Unbound directory to unbound-$version." -cd .. -mv unbound unbound-$version || error_cleanup "Failed to rename unbound directory." - -tarfile="../unbound-$version.tar.gz" - -if [ -f $tarfile ]; then - (question "The file $tarfile already exists. Overwrite?" \ - && rm -f $tarfile) || error_cleanup "User abort." -fi - -info "Creating tar unbound-$version.tar.gz" -tar czf ../unbound-$version.tar.gz unbound-$version || error_cleanup "Failed to create tar file." - -cleanup - -storehash unbound-$version.tar.gz -echo "create unbound-$version.tar.gz.asc with:" -echo " gpg --armor --detach-sign unbound-$version.tar.gz" -echo " gpg --armor --detach-sign unbound-$version.zip" -echo " gpg --armor --detach-sign unbound_setup_$version.exe" - -info "Unbound distribution created successfully." - diff --git a/external/unbound/pythonmod/LICENSE b/external/unbound/pythonmod/LICENSE deleted file mode 100644 index 7b769d091..000000000 --- a/external/unbound/pythonmod/LICENSE +++ /dev/null @@ -1,28 +0,0 @@ -Copyright (c) 2009, Zdenek Vasicek (vasicek AT fit.vutbr.cz) - Marek Vavrusa (xvavru00 AT stud.fit.vutbr.cz) - -All rights reserved. - -Redistribution and use in source and binary forms, with or without -modification, are permitted provided that the following conditions are met: - - * Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - * Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - * Neither the name of the organization nor the names of its - contributors may be used to endorse or promote products derived from this - software without specific prior written permission. - -THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" -AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE -LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR -CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF -SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS -INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN -CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE -POSSIBILITY OF SUCH DAMAGE. diff --git a/external/unbound/pythonmod/Makefile b/external/unbound/pythonmod/Makefile deleted file mode 100644 index 2a0015241..000000000 --- a/external/unbound/pythonmod/Makefile +++ /dev/null @@ -1,58 +0,0 @@ -# Makefile: tests unbound python module (please edit SCRIPT variable) -# -# Copyright (c) 2009, Zdenek Vasicek (vasicek AT fit.vutbr.cz) -# Marek Vavrusa (xvavru00 AT stud.fit.vutbr.cz) -# -# This software is open source. -# -# Redistribution and use in source and binary forms, with or without -# modification, are permitted provided that the following conditions -# are met: -# -# * Redistributions of source code must retain the above copyright notice, -# this list of conditions and the following disclaimer. -# -# * Redistributions in binary form must reproduce the above copyright notice, -# this list of conditions and the following disclaimer in the documentation -# and/or other materials provided with the distribution. -# -# * Neither the name of the organization nor the names of its -# contributors may be used to endorse or promote products derived from this -# software without specific prior written permission. -# -# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS -# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED -# TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE -# LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR -# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF -# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS -# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN -# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE -# POSSIBILITY OF SUCH DAMAGE. - -SUEXEC = sudo -UNBOUND = ../unbound -SCRIPT = ./test-resip.conf - -UNBOUND_OPTS = -dv -c $(SCRIPT) - -.PHONY: test sudo suexec doc - -all: test - -$(UNBOUND): - make -C .. - -test: $(UNBOUND) - $(UNBOUND) $(UNBOUND_OPTS) - -sudo: $(UNBOUND) - sudo $(UNBOUND) $(UNBOUND_OPTS) - -suexec: $(UNBOUND) - su -c "$(UNBOUND) $(UNBOUND_OPTS)" - -doc: - $(MAKE) -C doc html diff --git a/external/unbound/pythonmod/doc/_static/readme b/external/unbound/pythonmod/doc/_static/readme deleted file mode 100644 index db676aebb..000000000 --- a/external/unbound/pythonmod/doc/_static/readme +++ /dev/null @@ -1 +0,0 @@ -this directory exists to pacify sphinx-build. diff --git a/external/unbound/pythonmod/doc/conf.py b/external/unbound/pythonmod/doc/conf.py deleted file mode 100644 index 7fcfe2d05..000000000 --- a/external/unbound/pythonmod/doc/conf.py +++ /dev/null @@ -1,182 +0,0 @@ -# -*- coding: utf-8 -*- -# -# Unbound scripting interface documentation build configuration file -# -# This file is execfile()d with the current directory set to its containing dir. -# -# The contents of this file are pickled, so don't put values in the namespace -# that aren't pickleable (module imports are okay, they're removed automatically). -# -# All configuration values have a default value; values that are commented out -# serve to show the default value. - -import sys, os - -# If your extensions are in another directory, add it here. If the directory -# is relative to the documentation root, use os.path.abspath to make it -# absolute, like shown here. -sys.path.append(os.path.abspath(os.path.join(os.path.dirname(__file__),'../..'))) -#print sys.path - -# General configuration -# --------------------- - -# Add any Sphinx extension module names here, as strings. They can be extensions -# coming with Sphinx (named 'sphinx.ext.*') or your custom ones. -extensions = ['sphinx.ext.autodoc', 'sphinx.ext.doctest'] - -# Add any paths that contain templates here, relative to this directory. -templates_path = ['_templates'] - -# The suffix of source filenames. -source_suffix = '.rst' - -# The master toctree document. -master_doc = 'index' - -# General substitutions. -project = 'Unbound scriptable interface' -copyright = '2009, Zdenek Vasicek, Marek Vavrusa' - -# The default replacements for |version| and |release|, also used in various -# other places throughout the built documents. -# -# The short X.Y version. -version = '1.0' -# The full version, including alpha/beta/rc tags. -release = '1.0.0' - -# There are two options for replacing |today|: either, you set today to some -# non-false value, then it is used: -#today = '' -# Else, today_fmt is used as the format for a strftime call. -today_fmt = '%B %d, %Y' - -# List of documents that shouldn't be included in the build. -#unused_docs = [] - -# List of directories, relative to source directories, that shouldn't be searched -# for source files. -#exclude_dirs = [] - -# The reST default role (used for this markup: `text`) to use for all documents. -#default_role = None - -# If true, '()' will be appended to :func: etc. cross-reference text. -#add_function_parentheses = True - -# If true, the current module name will be prepended to all description -# unit titles (such as .. function::). -#add_module_names = True - -# If true, sectionauthor and moduleauthor directives will be shown in the -# output. They are ignored by default. -#show_authors = False - -# The name of the Pygments (syntax highlighting) style to use. -pygments_style = 'sphinx' - - -# Options for HTML output -# ----------------------- - -# The theme that the html output should use. -html_theme = "classic" - -# The style sheet to use for HTML and HTML Help pages. A file of that name -# must exist either in Sphinx' static/ path, or in one of the custom paths -# given in html_static_path. -#html_style = 'default.css' - -# The name for this set of Sphinx documents. If None, it defaults to -# " v documentation". -#html_title = None - -# A shorter title for the navigation bar. Default is the same as html_title. -#html_short_title = None - -# The name of an image file (within the static path) to place at the top of -# the sidebar. -#html_logo = None - -# The name of an image file (within the static path) to use as favicon of the -# docs. This file should be a Windows icon file (.ico) being 16x16 or 32x32 -# pixels large. -#html_favicon = None - -# Add any paths that contain custom static files (such as style sheets) here, -# relative to this directory. They are copied after the builtin static files, -# so a file named "default.css" will overwrite the builtin "default.css". -html_static_path = ['_static'] - -# If not '', a 'Last updated on:' timestamp is inserted at every page bottom, -# using the given strftime format. -html_last_updated_fmt = '%b %d, %Y' - -# If true, SmartyPants will be used to convert quotes and dashes to -# typographically correct entities. -#html_use_smartypants = True - -# Custom sidebar templates, maps document names to template names. -#html_sidebars = {} - -# Additional templates that should be rendered to pages, maps page names to -# template names. -#html_additional_pages = {} - -# If false, no module index is generated. -html_use_modindex = False - -# If false, no index is generated. -html_use_index = True - -# If true, the index is split into individual pages for each letter. -#html_split_index = False - -# If true, the reST sources are included in the HTML build as _sources/. -html_copy_source = False - -# If true, an OpenSearch description file will be output, and all pages will -# contain a tag referring to it. The value of this option must be the -# base URL from which the finished HTML is served. -#html_use_opensearch = '' - -# If nonempty, this is the file name suffix for HTML files (e.g. ".xhtml"). -#html_file_suffix = '' - -# Output file base name for HTML help builder. -htmlhelp_basename = 'unbound_interface' - - -# Options for LaTeX output -# ------------------------ - -# The paper size ('letter' or 'a4'). -#latex_paper_size = 'letter' - -# The font size ('10pt', '11pt' or '12pt'). -#latex_font_size = '10pt' - -# Grouping the document tree into LaTeX files. List of tuples -# (source start file, target name, title, author, document class [howto/manual]). -latex_documents = [ - ('index', 'Unbound_interface.tex', 'Unbound scriptable interface', - 'Zdenek Vasicek, Marek Vavrusa', 'manual'), -] - -# The name of an image file (relative to this directory) to place at the top of -# the title page. -#latex_logo = None - -# For "manual" documents, if this is true, then toplevel headings are parts, -# not chapters. -#latex_use_parts = False - -# Additional stuff for the LaTeX preamble. -#latex_preamble = '' - -# Documents to append as an appendix to all manuals. -#latex_appendices = [] - -# If false, no module index is generated. -#latex_use_modindex = True diff --git a/external/unbound/pythonmod/doc/examples/example0-1.py b/external/unbound/pythonmod/doc/examples/example0-1.py deleted file mode 100644 index 3b234f1e0..000000000 --- a/external/unbound/pythonmod/doc/examples/example0-1.py +++ /dev/null @@ -1,34 +0,0 @@ - -def init(id, cfg): - log_info("pythonmod: init called, module id is %d port: %d script: %s" % (id, cfg.port, cfg.python_script)) - return True - -def deinit(id): - log_info("pythonmod: deinit called, module id is %d" % id) - return True - -def inform_super(id, qstate, superqstate, qdata): - return True - -def operate(id, event, qstate, qdata): - log_info("pythonmod: operate called, id: %d, event:%s" % (id, strmodulevent(event))) - - if event == MODULE_EVENT_NEW: - qstate.ext_state[id] = MODULE_WAIT_MODULE - return True - - if event == MODULE_EVENT_MODDONE: - log_info("pythonmod: module we are waiting for is done") - qstate.ext_state[id] = MODULE_FINISHED - return True - - if event == MODULE_EVENT_PASS: - log_info("pythonmod: event_pass") - qstate.ext_state[id] = MODULE_ERROR - return True - - log_err("pythonmod: BAD event") - qstate.ext_state[id] = MODULE_ERROR - return True - -log_info("pythonmod: script loaded.") diff --git a/external/unbound/pythonmod/doc/examples/example0.rst b/external/unbound/pythonmod/doc/examples/example0.rst deleted file mode 100644 index 80eca5ea6..000000000 --- a/external/unbound/pythonmod/doc/examples/example0.rst +++ /dev/null @@ -1,129 +0,0 @@ -.. _example_handler: - -Fundamentals -================ - -This basic example shows how to create simple python module which will pass on the requests to the iterator. - -How to enable python module ----------------------------- -If you look into unbound configuration file, you can find the option `module-config` which specifies the names and the order of modules to be used. -Example configuration:: - - module-config: "validator python iterator" - -As soon as the DNS query arrives, Unbound calls modules starting from leftmost - the validator *(it is the first module on the list)*. -The validator does not know the answer *(it can only validate)*, thus it will pass on the event to the next module. -Next module is python which can - - a) generate answer *(response)* - When python module generates the response unbound calls validator. Validator grabs the answer and determines the security flag. - - b) pass on the event to the iterator. - When iterator resolves the query, Unbound informs python module (event :data:`module_event_moddone`). In the end, when the python module is done, validator is called. - -Note that the python module is called with :data:`module_event_pass` event, because new DNS event was already handled by validator. - -Another situation occurs when we use the following configuration:: - - module-config: "python validator iterator" - -Python module is the first module here, so it's invoked with :data:`module_event_new` event *(new query)*. - -On Python module initialization, module loads script from `python-script` option:: - - python-script: "/unbound/test/ubmodule.py" - -Simple python module step by step ---------------------------------- - -Script file must contain four compulsory functions: - -.. function:: init(id, cfg) - - Initialize module internals, like database etc. - Called just once on module load. - - :param id: module identifier (integer) - :param cfg: :class:`config_file` configuration structure - -:: - - def init(id, cfg): - log_info("pythonmod: init called, module id is %d port: %d script: %s" % (id, cfg.port, cfg.python_script)) - return True - - -.. function:: deinit(id) - - Deinitialize module internals. - Called just once on module unload. - - :param id: module identifier (integer) - -:: - - def deinit(id): - log_info("pythonmod: deinit called, module id is %d" % id) - return True - - -.. function:: inform_super(id, qstate, superqstate, qdata) - - Inform super querystate about the results from this subquerystate. - Is called when the querystate is finished. - - :param id: module identifier (integer) - :param qstate: :class:`module_qstate` Query state - :param superqstate: :class:`pythonmod_qstate` Mesh state - :param qdata: :class:`query_info` Query data - -:: - - def inform_super(id, qstate, superqstate, qdata): - return True - - - -.. function:: operate(id, event, qstate, qdata) - - Perform action on pending query. Accepts a new query, or work on pending query. - - You have to set qstate.ext_state on exit. - The state informs unbound about result and controls the following states. - - :param id: module identifier (integer) - :param qstate: :class:`module_qstate` query state structure - :param qdata: :class:`query_info` per query data, here you can store your own data - -:: - - def operate(id, event, qstate, qdata): - log_info("pythonmod: operate called, id: %d, event:%s" % (id, strmodulevent(event))) - if event == MODULE_EVENT_NEW: - qstate.ext_state[id] = MODULE_WAIT_MODULE - return True - - if event == MODULE_EVENT_MODDONE: - qstate.ext_state[id] = MODULE_FINISHED - return True - - if event == MODULE_EVENT_PASS: - qstate.ext_state[id] = MODULE_ERROR - return True - - log_err("pythonmod: BAD event") - qstate.ext_state[id] = MODULE_ERROR - return True - - -Complete source code --------------------- - -.. literalinclude:: example0-1.py - :language: python - -As you can see, the source code is much more flexible in contrast to C modules. -Moreover, compulsory functions called on appropriate module events allows to handle almost -anything from web control to query analysis. - diff --git a/external/unbound/pythonmod/doc/examples/example1.rst b/external/unbound/pythonmod/doc/examples/example1.rst deleted file mode 100644 index ccd76da5a..000000000 --- a/external/unbound/pythonmod/doc/examples/example1.rst +++ /dev/null @@ -1,46 +0,0 @@ -.. _log_handler: - -Packet logger -============= - -This example shows how to log and print details about query and response. -As soon as the ``iterator`` has finished (event is -:data:`module_event_moddone`), ``qstate.return_msg`` contains response packet -or ``None``. -This packet will be send to a client that asked for it. - -Complete source code --------------------- - -.. literalinclude:: ../../examples/log.py - :language: python - -Testing -------- -Run the unbound server: - -``root@localhost>unbound -dv -c ./test-log.conf`` - -In case you use own configuration file, don't forget to enable python module: -``module-config: "validator python iterator"`` and use valid script path: -``python-script: "./examples/log.py"``. - -Example of output:: - - [1231790168] unbound[7941:0] info: response for - [1231790168] unbound[7941:0] info: reply from 192.5.6.31#53 - [1231790168] unbound[7941:0] info: query response was ANSWER - [1231790168] unbound[7941:0] info: pythonmod: operate called, id: 1, event:module_event_moddone - ---------------------------------------------------------------------------------------------------- - Query: f.gtld-servers.NET., type: AAAA (28), class: IN (1) - ---------------------------------------------------------------------------------------------------- - Return reply :: flags: 8080, QDcount: 1, Security:0, TTL=86400 - qinfo :: qname: ['f', 'gtld-servers', 'NET', ''] f.gtld-servers.NET., qtype: AAAA, qclass: IN - Reply: - 0 : ['gtld-servers', 'NET', ''] gtld-servers.NET. flags: 0000 type: SOA (6) class: IN (1) - 0 : TTL= 86400 - 0x00 | 00 3A 02 41 32 05 4E 53 54 4C 44 03 43 4F 4D 00 05 | . : . A 2 . N S T L D . C O M . . - 0x10 | 05 6E 73 74 6C 64 0C 76 65 72 69 73 69 67 6E 2D 67 | . n s t l d . v e r i s i g n - g - 0x20 | 67 72 73 03 43 4F 4D 00 77 74 2D 64 00 00 0E 10 00 | g r s . C O M . w t - d . . . . . - 0x30 | 00 00 03 84 00 12 75 00 00 01 51 80 | . . . . . . u . . . Q . - diff --git a/external/unbound/pythonmod/doc/examples/example2.rst b/external/unbound/pythonmod/doc/examples/example2.rst deleted file mode 100644 index 4ba9239a0..000000000 --- a/external/unbound/pythonmod/doc/examples/example2.rst +++ /dev/null @@ -1,49 +0,0 @@ -Response generation -=================== - -This example shows how to handle queries and generate response packet. - -.. note:: - If the python module is the first module and validator module is enabled - (``module-config: "python validator iterator"``), a return_msg security flag - has to be set at least to 2. Leaving security flag untouched causes that the - response will be refused by unbound worker as unbound will consider it as - non-valid response. - -Complete source code --------------------- - -.. literalinclude:: ../../examples/resgen.py - :language: python - -Testing -------- - -Run the unbound server: - -``root@localhost>unbound -dv -c ./test-resgen.conf`` - -Query for a A record ending with .localdomain - -``dig A test.xxx.localdomain @127.0.0.1`` - -Dig produces the following output:: - - ;; global options: printcmd - ;; Got answer: - ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 48426 - ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 - - ;; QUESTION SECTION: - ;test.xxx.localdomain. IN A - - ;; ANSWER SECTION: - test.xxx.localdomain. 10 IN A 127.0.0.1 - - ;; Query time: 2 msec - ;; SERVER: 127.0.0.1#53(127.0.0.1) - ;; WHEN: Mon Jan 01 12:46:02 2009 - ;; MSG SIZE rcvd: 54 - -As we handle (override) in the python module only queries ending with -``localdomain.``, unboud can still resolve host names. diff --git a/external/unbound/pythonmod/doc/examples/example3.rst b/external/unbound/pythonmod/doc/examples/example3.rst deleted file mode 100644 index 6213dc188..000000000 --- a/external/unbound/pythonmod/doc/examples/example3.rst +++ /dev/null @@ -1,63 +0,0 @@ -Response modification -===================== - -This example shows how to modify the response produced by the ``iterator`` module. - -As soon as the iterator module returns the response, we : - -1. invalidate the data in cache -2. modify the response *TTL* -3. rewrite the data in cache -4. return modified packet - -Note that the steps 1 and 3 are neccessary only in case, the python module is the first module in the processing chain. -In other cases, the validator module guarantees updating data which are produced by iterator module. - -Complete source code --------------------- - -.. literalinclude:: ../../examples/resmod.py - :language: python - -Testing -------- - -Run Unbound server: - -``root@localhost>unbound -dv -c ./test-resmod.conf`` - -Issue a query for name ending with "nic.cz." - -``>>>dig A @127.0.0.1 www.nic.cz`` - -:: - - ;; global options: printcmd - ;; Got answer: - ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 48831 - ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 3, ADDITIONAL: 5 - - ;; QUESTION SECTION: - ;www.nic.cz. IN A - - ;; ANSWER SECTION: - www.nic.cz. 10 IN A 217.31.205.50 - - ;; AUTHORITY SECTION: - nic.cz. 10 IN NS e.ns.nic.cz. - nic.cz. 10 IN NS a.ns.nic.cz. - nic.cz. 10 IN NS c.ns.nic.cz. - - ;; ADDITIONAL SECTION: - a.ns.nic.cz. 10 IN A 217.31.205.180 - a.ns.nic.cz. 10 IN AAAA 2001:1488:dada:176::180 - c.ns.nic.cz. 10 IN A 195.66.241.202 - c.ns.nic.cz. 10 IN AAAA 2a01:40:1000::2 - e.ns.nic.cz. 10 IN A 194.146.105.38 - - ;; Query time: 166 msec - ;; SERVER: 127.0.0.1#53(127.0.0.1) - ;; WHEN: Mon Jan 02 13:39:43 2009 - ;; MSG SIZE rcvd: 199 - -As you can see, TTL of all the records is set to 10. diff --git a/external/unbound/pythonmod/doc/examples/example4.rst b/external/unbound/pythonmod/doc/examples/example4.rst deleted file mode 100644 index 338210990..000000000 --- a/external/unbound/pythonmod/doc/examples/example4.rst +++ /dev/null @@ -1,178 +0,0 @@ -DNS-based language dictionary -============================= - -This example shows how to create a simple language dictionary based on **DNS** -service within 15 minutes. The translation will be performed using TXT resource -records. - -Key parts ---------- - -Initialization -~~~~~~~~~~~~~~ - -On **init()** module loads dictionary from a text file containing records in -``word [tab] translation`` format. - -:: - - def init(id, cfg): - log_info("pythonmod: dict init") - f = open("examples/dict_data.txt", "r") - ... - -The suitable file can be found at http://slovnik.zcu.cz - -DNS query and word lookup -~~~~~~~~~~~~~~~~~~~~~~~~~ - -Let's define the following format od DNS queries: -``word1[.]word2[.] ... wordN[.]{en,cs}[._dict_.cz.]``. -Word lookup is done by simple ``dict`` lookup from broken DNS request. -Query name is divided into a list of labels. This list is accessible as -``qname_list`` attribute. - -:: - - aword = ' '.join(qstate.qinfo.qname_list[0:-4]) #skip last four labels - adict = qstate.qinfo.qname_list[-4] #get 4th label from the end - - words = [] #list of words - if (adict == "en") and (aword in en_dict): - words = en_dict[aword] - - if (adict == "cs") and (aword in cz_dict): - words = cz_dict[aword] # CS -> EN - -In the first step, we get a string in the form: -``word1[space]word2[space]...word[space]``. -In the second assignment, fourth label from the end is obtained. This label -should contains *"cs"* or *"en"*. This label determines the direction of -translation. - -Forming of a DNS reply -~~~~~~~~~~~~~~~~~~~~~~ - -DNS reply is formed only on valid match and added as TXT answer. - -:: - - msg = DNSMessage(qstate.qinfo.qname_str, RR_TYPE_TXT, RR_CLASS_IN, PKT_AA) - - for w in words: - msg.answer.append("%s 300 IN TXT \"%s\"" % (qstate.qinfo.qname_str, w.replace("\"", "\\\""))) - - if not msg.set_return_msg(qstate): - qstate.ext_state[id] = MODULE_ERROR - return True - - qstate.return_rcode = RCODE_NOERROR - qstate.ext_state[id] = MODULE_FINISHED - return True - -In the first step, a :class:`DNSMessage` instance is created for a given query -*(type TXT)*. -The fourth argument specifies the flags *(authoritative answer)*. -In the second step, we append TXT records containing the translation *(on the -right side of RR)*. -Then, the response is finished and ``qstate.return_msg`` contains new response. -If no error, the module sets :attr:`module_qstate.return_rcode` and -:attr:`module_qstate.ext_state`. - -**Steps:** - -1. create :class:`DNSMessage` instance -2. append TXT records containing the translation -3. set response to ``qstate.return_msg`` - -Testing -------- - -Run the Unbound server: - -``root@localhost>unbound -dv -c ./test-dict.conf`` - -In case you use own configuration file, don't forget to enable Python module:: - - module-config: "validator python iterator" - -and use valid script path:: - - python-script: "./examples/dict.py" - -The translation from english word *"a bar fly"* to Czech can be done by doing: - -``>>>dig TXT @127.0.0.1 a.bar.fly.en._dict_.cz`` - -:: - - ; (1 server found) - ;; global options: printcmd - ;; Got answer: - ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 48691 - ;; flags: aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 - - ;; QUESTION SECTION: - ;a.bar.fly.en._dict_.cz. IN TXT - - ;; ANSWER SECTION: - a.bar.fly.en._dict_.cz. 300 IN TXT "barov\253 povale\232" - - ;; Query time: 5 msec - ;; SERVER: 127.0.0.1#53(127.0.0.1) - ;; WHEN: Mon Jan 01 17:44:18 2009 - ;; MSG SIZE rcvd: 67 - -``>>>dig TXT @127.0.0.1 nic.cs._dict_.cz`` - -:: - - ; <<>> DiG 9.5.0-P2 <<>> TXT @127.0.0.1 nic.cs._dict_.cz - ; (1 server found) - ;; global options: printcmd - ;; Got answer: - ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 58710 - ;; flags: aa rd ra; QUERY: 1, ANSWER: 6, AUTHORITY: 0, ADDITIONAL: 0 - - ;; QUESTION SECTION: - ;nic.cs._dict_.cz. IN TXT - - ;; ANSWER SECTION: - nic.cs._dict_.cz. 300 IN TXT "aught" - nic.cs._dict_.cz. 300 IN TXT "naught" - nic.cs._dict_.cz. 300 IN TXT "nihil" - nic.cs._dict_.cz. 300 IN TXT "nix" - nic.cs._dict_.cz. 300 IN TXT "nothing" - nic.cs._dict_.cz. 300 IN TXT "zilch" - - ;; Query time: 0 msec - ;; SERVER: 127.0.0.1#53(127.0.0.1) - ;; WHEN: Mon Jan 01 17:45:39 2009 - ;; MSG SIZE rcvd: 143 - - Proof that the unbound still works as resolver. - -``>>>dig A @127.0.0.1 www.nic.cz`` - -:: - - ; (1 server found) - ;; global options: printcmd - ;; Got answer: - ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 19996 - ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 3, ADDITIONAL: 5 - - ;; QUESTION SECTION: - ;www.nic.cz. IN A - - ;; ANSWER SECTION: - www.nic.cz. 1662 IN A 217.31.205.50 - - ;; AUTHORITY SECTION: - ... - -Complete source code --------------------- - -.. literalinclude:: ../../examples/dict.py - :language: python diff --git a/external/unbound/pythonmod/doc/examples/example5.rst b/external/unbound/pythonmod/doc/examples/example5.rst deleted file mode 100644 index 058fc331e..000000000 --- a/external/unbound/pythonmod/doc/examples/example5.rst +++ /dev/null @@ -1,191 +0,0 @@ -EDNS options -============ - -This example shows how to interact with EDNS options. - -When quering unbound with the EDNS option ``65001`` and data ``0xc001`` we -expect an answer with the same EDNS option code and data ``0xdeadbeef``. - - -Key parts -~~~~~~~~~ - -This example relies on the following functionalities: - - -Registering EDNS options ------------------------- - -By registering EDNS options we can tune unbound's behavior when encountering a -query with a known EDNS option. The two available options are: - -- ``bypass_cache_stage``: If set to ``True`` unbound will not try to answer - from cache. Instead execution is passed to the modules -- ``no_aggregation``: If set to ``True`` unbound will consider this query - unique and will not aggregate it with similar queries - -Both values default to ``False``. - -.. code-block:: python - - if not register_edns_option(env, 65001, bypass_cache_stage=True, - no_aggregation=True): - log_info("python: Could not register EDNS option {}".format(65001)) - - -EDNS option lists ------------------ - -EDNS option lists can be found in the :class:`module_qstate` class. There are -four available lists in total: - -- :class:`module_qstate.edns_opts_front_in`: options that came from the client - side. **Should not** be changed -- :class:`module_qstate.edns_opts_back_out`: options that will be sent to the - server side. Can be populated by edns literate modules -- :class:`module_qstate.edns_opts_back_in`: options that came from the server - side. **Should not** be changed -- :class:`module_qstate.edns_opts_front_out`: options that will be sent to the - client side. Can be populated by edns literate modules - -Each list element has the following members: - -- ``code``: the EDNS option code; -- ``data``: the EDNS option data. - - -Reading an EDNS option list -........................... - -The lists' contents can be accessed in python by their ``_iter`` counterpart as -an iterator: - -.. code-block:: python - - if not edns_opt_list_is_empty(qstate.edns_opts_front_in): - for o in qstate.edns_opts_front_in_iter: - log_info("python: Code: {}, Data: '{}'".format(o.code, - "".join('{:02x}'.format(x) for x in o.data))) - - -Writing to an EDNS option list -.............................. - -By appending to an EDNS option list we can add new EDNS options. The new -element is going to be allocated in :class:`module_qstate.region`. The data -**must** be represented with a python ``bytearray``: - -.. code-block:: python - - b = bytearray.fromhex("deadbeef") - if not edns_opt_list_append(qstate.edns_opts_front_out, - o.code, b, qstate.region): - log_info("python: Could not append EDNS option {}".format(o.code)) - -We can also remove an EDNS option code from an EDNS option list. - -.. code-block:: python - - if not edns_opt_list_remove(edns_opt_list, code): - log_info("python: Option code {} was not found in the " - "list.".format(code)) - -.. note:: All occurences of the EDNS option code will be removed from the list: - - -Controlling other modules' cache behavior ------------------------------------------ - -During the modules' operation, some modules may interact with the cache -(e.g., iterator). This behavior can be controlled by using the following -:class:`module_qstate` flags: - -- :class:`module_qstate.no_cache_lookup`: Modules *operating after* this module - will not lookup the cache for an answer -- :class:`module_qstate.no_cache_store`: Modules *operating after* this module - will not store the response in the cache - -Both values default to ``0``. - -.. code-block:: python - - def operate(id, event, qstate, qdata): - if (event == MODULE_EVENT_NEW) or (event == MODULE_EVENT_PASS): - # Detect if edns option code 56001 is present from the client side. If - # so turn on the flags for cache management. - if not edns_opt_list_is_empty(qstate.edns_opts_front_in): - log_info("python: searching for edns option code 65001 during NEW " - "or PASS event ") - for o in qstate.edns_opts_front_in_iter: - if o.code == 65001: - log_info("python: found edns option code 65001") - # Instruct other modules to not lookup for an - # answer in the cache. - qstate.no_cache_lookup = 1 - log_info("python: enabled no_cache_lookup") - - # Instruct other modules to not store the answer in - # the cache. - qstate.no_cache_store = 1 - log_info("python: enabled no_cache_store") - - -Testing -~~~~~~~ - -Run the Unbound server: :: - - root@localhost$ unbound -dv -c ./test-edns.conf - -In case you use your own configuration file, don't forget to enable the Python -module:: - - module-config: "validator python iterator" - -and use a valid script path:: - - python-script: "./examples/edns.py" - -Quering with EDNS option ``65001:0xc001``: - -:: - - root@localhost$ dig @localhost nlnetlabs.nl +ednsopt=65001:c001 - - ; <<>> DiG 9.10.3-P4-Ubuntu <<>> @localhost nlnetlabs.nl +ednsopt=65001:c001 - ; (1 server found) - ;; global options: +cmd - ;; Got answer: - ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 33450 - ;; flags: qr rd ra ad; QUERY: 1, ANSWER: 1, AUTHORITY: 4, ADDITIONAL: 3 - - ;; OPT PSEUDOSECTION: - ; EDNS: version: 0, flags:; udp: 4096 - ; OPT=65001: de ad be ef ("....") - ;; QUESTION SECTION: - ;nlnetlabs.nl. IN A - - ;; ANSWER SECTION: - nlnetlabs.nl. 10200 IN A 185.49.140.10 - - ;; AUTHORITY SECTION: - nlnetlabs.nl. 10200 IN NS anyns.pch.net. - nlnetlabs.nl. 10200 IN NS ns.nlnetlabs.nl. - nlnetlabs.nl. 10200 IN NS ns-ext1.sidn.nl. - nlnetlabs.nl. 10200 IN NS sec2.authdns.ripe.net. - - ;; ADDITIONAL SECTION: - ns.nlnetlabs.nl. 10200 IN AAAA 2a04:b900::8:0:0:60 - ns.nlnetlabs.nl. 10200 IN A 185.49.140.60 - - ;; Query time: 10 msec - ;; SERVER: 127.0.0.1#53(127.0.0.1) - ;; WHEN: Mon Dec 05 14:50:56 CET 2016 - ;; MSG SIZE rcvd: 212 - - -Complete source code -~~~~~~~~~~~~~~~~~~~~ - -.. literalinclude:: ../../examples/edns.py - :language: python diff --git a/external/unbound/pythonmod/doc/examples/example6.rst b/external/unbound/pythonmod/doc/examples/example6.rst deleted file mode 100644 index 07117cd55..000000000 --- a/external/unbound/pythonmod/doc/examples/example6.rst +++ /dev/null @@ -1,299 +0,0 @@ -Inplace callbacks -================= - -This example shows how to register and use inplace callback functions. These -functions are going to be called just before unbound replies back to a client. -They can perform certain actions without interrupting unbound's execution flow -(e.g. add/remove EDNS options, manipulate the reply). - -Two different scenarios will be shown: - -- If answering from cache and the client used EDNS option code ``65002`` we - will answer with the same code but with data ``0xdeadbeef``; -- When answering with a SERVFAIL we also add an empty EDNS option code - ``65003``. - - -Key parts -~~~~~~~~~ - -This example relies on the following functionalities: - - -Registering inplace callback functions --------------------------------------- - -There are four types of inplace callback functions: - -- `inplace callback reply functions`_ -- `inplace callback reply_cache functions`_ -- `inplace callback reply_local functions`_ -- `inplace callback reply_servfail functions`_ - - -Inplace callback reply functions -................................ - -Called when answering with a *resolved* query. - -The callback function's prototype is the following: - -.. code-block:: python - - def inplace_reply_callback(qinfo, qstate, rep, rcode, edns, opt_list_out, region): - """Function that will be registered as an inplace callback function. - It will be called when answering with a resolved query. - :param qinfo: query_info struct; - :param qstate: module qstate. It contains the available opt_lists; It - SHOULD NOT be altered; - :param rep: reply_info struct; - :param rcode: return code for the query; - :param edns: edns_data to be sent to the client side. It SHOULD NOT be - altered; - :param opt_list_out: the list with the EDNS options that will be sent as a - reply. It can be populated with EDNS options; - :param region: region to allocate temporary data. Needs to be used when we - want to append a new option to opt_list_out. - :return: True on success, False on failure. - """ - -.. note:: The function's name is irrelevant. - -We can register such function as: - -.. code-block:: python - - if not register_inplace_cb_reply(inplace_reply_callback, env, id): - log_info("python: Could not register inplace callback function.") - - -Inplace callback reply_cache functions -...................................... - -Called when answering *from cache*. - -The callback function's prototype is the following: - -.. code-block:: python - - def inplace_cache_callback(qinfo, qstate, rep, rcode, edns, opt_list_out, region): - """Function that will be registered as an inplace callback function. - It will be called when answering from the cache. - :param qinfo: query_info struct; - :param qstate: module qstate. None; - :param rep: reply_info struct; - :param rcode: return code for the query; - :param edns: edns_data sent from the client side. The list with the EDNS - options is accesible through edns.opt_list. It SHOULD NOT be - altered; - :param opt_list_out: the list with the EDNS options that will be sent as a - reply. It can be populated with EDNS options; - :param region: region to allocate temporary data. Needs to be used when we - want to append a new option to opt_list_out. - :return: True on success, False on failure. - """ - -.. note:: The function's name is irrelevant. - -We can register such function as: - -.. code-block:: python - - if not register_inplace_cb_reply_cache(inplace_cache_callback, env, id): - log_info("python: Could not register inplace callback function.") - - -Inplace callback reply_local functions -...................................... - -Called when answering with *local data* or a *Chaos(CH) reply*. - -The callback function's prototype is the following: - -.. code-block:: python - - def inplace_local_callback(qinfo, qstate, rep, rcode, edns, opt_list_out, region): - """Function that will be registered as an inplace callback function. - It will be called when answering from local data. - :param qinfo: query_info struct; - :param qstate: module qstate. None; - :param rep: reply_info struct; - :param rcode: return code for the query; - :param edns: edns_data sent from the client side. The list with the - EDNS options is accesible through edns.opt_list. It - SHOULD NOT be altered; - :param opt_list_out: the list with the EDNS options that will be sent as a - reply. It can be populated with EDNS options; - :param region: region to allocate temporary data. Needs to be used when we - want to append a new option to opt_list_out. - :return: True on success, False on failure. - """ - -.. note:: The function's name is irrelevant. - -We can register such function as: - -.. code-block:: python - - if not register_inplace_cb_reply_local(inplace_local_callback, env, id): - log_info("python: Could not register inplace callback function.") - - -Inplace callback reply_servfail functions -......................................... - -Called when answering with *SERVFAIL*. - -The callback function's prototype is the following: - -.. code-block:: python - - def inplace_servfail_callback(qinfo, qstate, rep, rcode, edns, opt_list_out, region): - """Function that will be registered as an inplace callback function. - It will be called when answering with SERVFAIL. - :param qinfo: query_info struct; - :param qstate: module qstate. If not None the relevant opt_lists are - available here; - :param rep: reply_info struct. None; - :param rcode: return code for the query. LDNS_RCODE_SERVFAIL; - :param edns: edns_data to be sent to the client side. If qstate is None - edns.opt_list contains the EDNS options sent from the client - side. It SHOULD NOT be altered; - :param opt_list_out: the list with the EDNS options that will be sent as a - reply. It can be populated with EDNS options; - :param region: region to allocate temporary data. Needs to be used when we - want to append a new option to opt_list_out. - :return: True on success, False on failure. - """ - -.. note:: The function's name is irrelevant. - -We can register such function as: - -.. code-block:: python - - if not register_inplace_cb_reply_servfail(inplace_servfail_callback, env, id): - log_info("python: Could not register inplace callback function.") - - -Testing -~~~~~~~ - -Run the Unbound server: :: - - root@localhost$ unbound -dv -c ./test-inplace_callbacks.conf - -In case you use your own configuration file, don't forget to enable the Python -module:: - - module-config: "validator python iterator" - -and use a valid script path :: - - python-script: "./examples/inplace_callbacks.py" - -On the first query for the nlnetlabs.nl A record we get no EDNS option back: - -:: - - root@localhost$ dig @localhost nlnetlabs.nl +ednsopt=65002 - - ; <<>> DiG 9.10.3-P4-Ubuntu <<>> @localhost nlnetlabs.nl +ednsopt=65002 - ; (1 server found) - ;; global options: +cmd - ;; Got answer: - ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 48057 - ;; flags: qr rd ra ad; QUERY: 1, ANSWER: 1, AUTHORITY: 4, ADDITIONAL: 3 - - ;; OPT PSEUDOSECTION: - ; EDNS: version: 0, flags:; udp: 4096 - ;; QUESTION SECTION: - ;nlnetlabs.nl. IN A - - ;; ANSWER SECTION: - nlnetlabs.nl. 10200 IN A 185.49.140.10 - - ;; AUTHORITY SECTION: - nlnetlabs.nl. 10200 IN NS ns.nlnetlabs.nl. - nlnetlabs.nl. 10200 IN NS sec2.authdns.ripe.net. - nlnetlabs.nl. 10200 IN NS anyns.pch.net. - nlnetlabs.nl. 10200 IN NS ns-ext1.sidn.nl. - - ;; ADDITIONAL SECTION: - ns.nlnetlabs.nl. 10200 IN A 185.49.140.60 - ns.nlnetlabs.nl. 10200 IN AAAA 2a04:b900::8:0:0:60 - - ;; Query time: 813 msec - ;; SERVER: 127.0.0.1#53(127.0.0.1) - ;; WHEN: Mon Dec 05 16:15:32 CET 2016 - ;; MSG SIZE rcvd: 204 - -When we issue the same query again we get a cached response and the expected -``65002: 0xdeadbeef`` EDNS option: - -:: - - root@localhost$ dig @localhost nlnetlabs.nl +ednsopt=65002 - - ; <<>> DiG 9.10.3-P4-Ubuntu <<>> @localhost nlnetlabs.nl +ednsopt=65002 - ; (1 server found) - ;; global options: +cmd - ;; Got answer: - ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 26489 - ;; flags: qr rd ra ad; QUERY: 1, ANSWER: 1, AUTHORITY: 4, ADDITIONAL: 3 - - ;; OPT PSEUDOSECTION: - ; EDNS: version: 0, flags:; udp: 4096 - ; OPT=65002: de ad be ef ("....") - ;; QUESTION SECTION: - ;nlnetlabs.nl. IN A - - ;; ANSWER SECTION: - nlnetlabs.nl. 10197 IN A 185.49.140.10 - - ;; AUTHORITY SECTION: - nlnetlabs.nl. 10197 IN NS ns.nlnetlabs.nl. - nlnetlabs.nl. 10197 IN NS sec2.authdns.ripe.net. - nlnetlabs.nl. 10197 IN NS anyns.pch.net. - nlnetlabs.nl. 10197 IN NS ns-ext1.sidn.nl. - - ;; ADDITIONAL SECTION: - ns.nlnetlabs.nl. 10197 IN AAAA 2a04:b900::8:0:0:60 - ns.nlnetlabs.nl. 10197 IN A 185.49.140.60 - - ;; Query time: 0 msec - ;; SERVER: 127.0.0.1#53(127.0.0.1) - ;; WHEN: Mon Dec 05 16:50:04 CET 2016 - ;; MSG SIZE rcvd: 212 - -By issuing a query for a bogus domain unbound replies with SERVFAIL and an -empty EDNS option code ``65003``. *For this example to work unbound needs to be -validating*: - -:: - - root@localhost$ dig @localhost bogus.nlnetlabs.nl txt - - ; <<>> DiG 9.10.3-P4-Ubuntu <<>> @localhost bogus.nlnetlabs.nl txt - ; (1 server found) - ;; global options: +cmd - ;; Got answer: - ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 19865 - ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1 - - ;; OPT PSEUDOSECTION: - ; EDNS: version: 0, flags:; udp: 4096 - ; OPT=65003 - ;; QUESTION SECTION: - ;bogus.nlnetlabs.nl. IN TXT - - ;; Query time: 11 msec - ;; SERVER: 127.0.0.1#53(127.0.0.1) - ;; WHEN: Mon Dec 05 17:06:01 CET 2016 - ;; MSG SIZE rcvd: 51 - - -Complete source code -~~~~~~~~~~~~~~~~~~~~ -.. literalinclude:: ../../examples/inplace_callbacks.py - :language: python diff --git a/external/unbound/pythonmod/doc/examples/index.rst b/external/unbound/pythonmod/doc/examples/index.rst deleted file mode 100644 index 93d9b8e1e..000000000 --- a/external/unbound/pythonmod/doc/examples/index.rst +++ /dev/null @@ -1,16 +0,0 @@ -.. _Tutorials: - -Examples -======== - -Here you can find several tutorials which clarify the usage and capabilities of -the Unbound scriptable interface. - -Tutorials ---------- - -.. toctree:: - :maxdepth: 2 - :glob: - - example* diff --git a/external/unbound/pythonmod/doc/index.rst b/external/unbound/pythonmod/doc/index.rst deleted file mode 100644 index fe9bcf42b..000000000 --- a/external/unbound/pythonmod/doc/index.rst +++ /dev/null @@ -1,34 +0,0 @@ -Unbound scriptable interface -======================================= - -Python module for **Unbound** provides easy-to-use flexible solution, -for scripting query events and much more! - -Along with extensible **SWIG** interface, it turns **Unbound** into dynamic *DNS* service -designed for rapid development of *DNS* based applications, like detailed *(per query/domain)* statistics, -monitoring with anything Python can offer *(database backend, http server)*. - -**Key features** - * Rapid dynamic DNS-based application development in **Python** - * Extensible interface with **SWIG** - * Easy to use debugging and analysis tool - * Capable to produce authoritative answers - * Support for logging or doing detailed statistics - * Allows to manipulate with content of cache memory - -Contents --------- -.. toctree:: - :maxdepth: 2 - - install - examples/index - usecase - modules/index - -Indices and tables -------------------- - -* :ref:`genindex` -* :ref:`search` - diff --git a/external/unbound/pythonmod/doc/install.rst b/external/unbound/pythonmod/doc/install.rst deleted file mode 100644 index b8d0b9fa6..000000000 --- a/external/unbound/pythonmod/doc/install.rst +++ /dev/null @@ -1,65 +0,0 @@ -Installation -============ - -Prerequisites -------------- - -Python 2.4 or higher, SWIG 1.3 or higher, GNU make - -Download --------- - -You can download the source codes `here`_. -The latest release is 1.1.1, Jan 15, 2009. - -.. _here: unbound-1.1.1-py.tar.gz - -Compiling ---------- - -After downloading, you can compile the Unbound library by doing:: - - > tar -xzf unbound-1.1.1-py.tar.gz - > cd unbound-1.1.1 - > ./configure --with-pythonmodule - > make - -You need GNU make to compile sources. -SWIG and Python devel libraries to compile extension module. - -Testing -------- - -If the compilation is successful, you can test the extension module by:: - - > cd pythonmod - > make sudo # or "make test" or "make suexec" - -This will start unbound server with language dictionary service -(see :ref:`Tutorials`). -In order to test this service, type:: - - > dig TXT @127.0.0.1 aught.en._dict_.cz - -Dig should print this message (czech equivalent of aught):: - - ; <<>> DiG 9.5.0-P2 <<>> TXT @127.0.0.1 aught.en._dict_.cz - ; (1 server found) - ;; global options: printcmd - ;; Got answer: - ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 30085 - ;; flags: aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 - - ;; QUESTION SECTION: - ;aught.en._dict_.cz. IN TXT - - ;; ANSWER SECTION: - aught.en._dict_.cz. 300 IN TXT "nic" - - ;; Query time: 11 msec - ;; SERVER: 127.0.0.1#53(127.0.0.1) - ;; WHEN: Thu Jan 10 16:45:58 2009 - ;; MSG SIZE rcvd: 52 - -The ``pythonmod/examples`` directory contains simple applications written in -Python. diff --git a/external/unbound/pythonmod/doc/modules/config.rst b/external/unbound/pythonmod/doc/modules/config.rst deleted file mode 100644 index 43333bdae..000000000 --- a/external/unbound/pythonmod/doc/modules/config.rst +++ /dev/null @@ -1,350 +0,0 @@ -Configuration interface -======================= - -Currently passed to Python module in init(module_id, cfg). - -config_file --------------------- - -.. class:: config_file - - This class provides these data attributes: - - .. attribute:: verbosity - - Verbosity level as specified in the config file. - - .. attribute:: stat_interval - - Statistics interval (in seconds). - - .. attribute:: stat_cumulative - - If false, statistics values are reset after printing them. - - .. attribute:: stat_extended - - If true, the statistics are kept in greater detail. - - .. attribute:: num_threads - - Number of threads to create. - - .. attribute:: port - - Port on which queries are answered. - - .. attribute:: do_ip4 - - Do ip4 query support. - - .. attribute:: do_ip6 - - Do ip6 query support. - - .. attribute:: do_udp - - Do udp query support. - - .. attribute:: do_tcp - - Do tcp query support. - - .. attribute:: outgoing_num_ports - - Outgoing port range number of ports (per thread). - - .. attribute:: outgoing_num_tcp - - Number of outgoing tcp buffers per (per thread). - - .. attribute:: incoming_num_tcp - - Number of incoming tcp buffers per (per thread). - - .. attribute:: outgoing_avail_ports - - Allowed udp port numbers, array with 0 if not allowed. - - .. attribute:: msg_buffer_size - - Number of bytes buffer size for DNS messages. - - .. attribute:: msg_cache_size - - Size of the message cache. - - .. attribute:: msg_cache_slabs - - Slabs in the message cache. - - .. attribute:: num_queries_per_thread - - Number of queries every thread can service. - - .. attribute:: jostle_time - - Number of msec to wait before items can be jostled out. - - .. attribute:: rrset_cache_size - - Size of the rrset cache. - - .. attribute:: rrset_cache_slabs - - Slabs in the rrset cache. - - .. attribute:: host_ttl - - Host cache ttl in seconds. - - .. attribute:: lame_ttl - - Host is lame for a zone ttl, in seconds. - - .. attribute:: infra_cache_slabs - - Number of slabs in the infra host cache. - - .. attribute:: infra_cache_numhosts - - Max number of hosts in the infra cache. - - .. attribute:: infra_cache_lame_size - - Max size of lame zones per host in the infra cache. - - .. attribute:: target_fetch_policy - - The target fetch policy for the iterator. - - .. attribute:: if_automatic - - Automatic interface for incoming messages. Uses ipv6 remapping, - and recvmsg/sendmsg ancillary data to detect interfaces, boolean. - - .. attribute:: num_ifs - - Number of interfaces to open. If 0 default all interfaces. - - .. attribute:: ifs - - Interface description strings (IP addresses). - - .. attribute:: num_out_ifs - - Number of outgoing interfaces to open. - If 0 default all interfaces. - - .. attribute:: out_ifs - - Outgoing interface description strings (IP addresses). - - .. attribute:: root_hints - - The root hints. - - .. attribute:: stubs - - The stub definitions, linked list. - - .. attribute:: forwards - - The forward zone definitions, linked list. - - .. attribute:: donotqueryaddrs - - List of donotquery addresses, linked list. - - .. attribute:: acls - - List of access control entries, linked list. - - .. attribute:: donotquery_localhost - - Use default localhost donotqueryaddr entries. - - .. attribute:: harden_short_bufsize - - Harden against very small edns buffer sizes. - - .. attribute:: harden_large_queries - - Harden against very large query sizes. - - .. attribute:: harden_glue - - Harden against spoofed glue (out of zone data). - - .. attribute:: harden_dnssec_stripped - - Harden against receiving no DNSSEC data for trust anchor. - - .. attribute:: harden_referral_path - - Harden the referral path, query for NS,A,AAAA and validate. - - .. attribute:: use_caps_bits_for_id - - Use 0x20 bits in query as random ID bits. - - .. attribute:: private_address - - Strip away these private addrs from answers, no DNS Rebinding. - - .. attribute:: private_domain - - Allow domain (and subdomains) to use private address space. - - .. attribute:: unwanted_threshold - - What threshold for unwanted action. - - .. attribute:: chrootdir - - Chrootdir, if not "" or chroot will be done. - - .. attribute:: username - - Username to change to, if not "". - - .. attribute:: directory - - Working directory. - - .. attribute:: logfile - - Filename to log to. - - .. attribute:: pidfile - - Pidfile to write pid to. - - .. attribute:: use_syslog - - Should log messages be sent to syslogd. - - .. attribute:: hide_identity - - Do not report identity (id.server, hostname.bind). - - .. attribute:: hide_version - - Do not report version (version.server, version.bind). - - .. attribute:: identity - - Identity, hostname is returned if "". - - .. attribute:: version - - Version, package version returned if "". - - .. attribute:: module_conf - - The module configuration string. - - .. attribute:: trust_anchor_file_list - - Files with trusted DS and DNSKEYs in zonefile format, list. - - .. attribute:: trust_anchor_list - - List of trustanchor keys, linked list. - - .. attribute:: trusted_keys_file_list - - Files with trusted DNSKEYs in named.conf format, list. - - .. attribute:: dlv_anchor_file - - DLV anchor file. - - .. attribute:: dlv_anchor_list - - DLV anchor inline. - - .. attribute:: max_ttl - - The number of seconds maximal TTL used for RRsets and messages. - - .. attribute:: val_date_override - - If not 0, this value is the validation date for RRSIGs. - - .. attribute:: bogus_ttl - - This value sets the number of seconds before revalidating bogus. - - .. attribute:: val_clean_additional - - Should validator clean additional section for secure msgs. - - .. attribute:: val_permissive_mode - - Should validator allow bogus messages to go through. - - .. attribute:: val_nsec3_key_iterations - - Nsec3 maximum iterations per key size, string. - - .. attribute:: key_cache_size - - Size of the key cache. - - .. attribute:: key_cache_slabs - - Slabs in the key cache. - - .. attribute:: neg_cache_size - - Size of the neg cache. - - - .. attribute:: local_zones - - Local zones config. - - .. attribute:: local_zones_nodefault - - Local zones nodefault list. - - .. attribute:: local_data - - Local data RRs configured. - - .. attribute:: remote_control_enable - - Remote control section. enable toggle. - - .. attribute:: control_ifs - - The interfaces the remote control should listen on. - - .. attribute:: control_port - - Port number for the control port. - - .. attribute:: server_key_file - - Private key file for server. - - .. attribute:: server_cert_file - - Certificate file for server. - - .. attribute:: control_key_file - - Private key file for unbound-control. - - .. attribute:: control_cert_file - - Certificate file for unbound-control. - - .. attribute:: do_daemonize - - Daemonize, i.e. fork into the background. - - .. attribute:: python_script - - Python script file. diff --git a/external/unbound/pythonmod/doc/modules/env.rst b/external/unbound/pythonmod/doc/modules/env.rst deleted file mode 100644 index eae4c73c7..000000000 --- a/external/unbound/pythonmod/doc/modules/env.rst +++ /dev/null @@ -1,412 +0,0 @@ -Global environment -================== - -Global variables ----------------- - -.. envvar:: mod_env - - Module environment, contains data pointer for module-specific data. - See :class:`pythonmod_env`. - - -Predefined constants ------------------------ - -Module extended state -~~~~~~~~~~~~~~~~~~~~~~~ - -.. data:: module_state_initial - - Initial state - new DNS query. - -.. data:: module_wait_reply - - Waiting for reply to outgoing network query. - -.. data:: module_wait_module - - Module is waiting for another module. - -.. data:: module_wait_subquery - - Module is waiting for sub-query. - -.. data:: module_error - - Module could not finish the query. - -.. data:: module_finished - - Module is finished with query. - -Module event -~~~~~~~~~~~~~ -.. data:: module_event_new - - New DNS query. - -.. data:: module_event_pass - - Query passed by other module. - -.. data:: module_event_reply - - Reply inbound from server. - -.. data:: module_event_noreply - - No reply, timeout or other error. - -.. data:: module_event_capsfail - - Reply is there, but capitalisation check failed. - -.. data:: module_event_moddone - - Next module is done, and its reply is awaiting you. - -.. data:: module_event_error - - Error occurred. - -Security status -~~~~~~~~~~~~~~~~ - -.. data:: sec_status_unchecked - - Means that object has yet to be validated. - -.. data:: sec_status_bogus - - Means that the object *(RRset or message)* failed to validate - *(according to local policy)*, but should have validated. - -.. data:: sec_status_indeterminate - - Means that the object is insecure, but not - authoritatively so. Generally this means that the RRset is not - below a configured trust anchor. - -.. data:: sec_status_insecure - - Means that the object is authoritatively known to be - insecure. Generally this means that this RRset is below a trust - anchor, but also below a verified, insecure delegation. - -.. data:: sec_status_secure - - Means that the object (RRset or message) validated according to local policy. - -Resource records (RR sets) -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - -The different RR classes. - - .. data:: RR_CLASS_IN - - Internet. - - .. data:: RR_CLASS_CH - - Chaos. - - .. data:: RR_CLASS_HS - - Hesiod (Dyer 87) - - .. data:: RR_CLASS_NONE - - None class, dynamic update. - - .. data:: RR_CLASS_ANY - - Any class. - - -The different RR types. - - - .. data:: RR_TYPE_A - - A host address. - - .. data:: RR_TYPE_NS - - An authoritative name server. - - .. data:: RR_TYPE_MD - - A mail destination (Obsolete - use MX). - - .. data:: RR_TYPE_MF - - A mail forwarder (Obsolete - use MX). - - .. data:: RR_TYPE_CNAME - - The canonical name for an alias. - - .. data:: RR_TYPE_SOA - - Marks the start of a zone of authority. - - .. data:: RR_TYPE_MB - - A mailbox domain name (EXPERIMENTAL). - - .. data:: RR_TYPE_MG - - A mail group member (EXPERIMENTAL). - - .. data:: RR_TYPE_MR - - A mail rename domain name (EXPERIMENTAL). - - .. data:: RR_TYPE_NULL - - A null RR (EXPERIMENTAL). - - .. data:: RR_TYPE_WKS - - A well known service description. - - .. data:: RR_TYPE_PTR - - A domain name pointer. - - .. data:: RR_TYPE_HINFO - - Host information. - - .. data:: RR_TYPE_MINFO - - Mailbox or mail list information. - - .. data:: RR_TYPE_MX - - Mail exchange. - - .. data:: RR_TYPE_TXT - - Text strings. - - .. data:: RR_TYPE_RP - - RFC1183. - - .. data:: RR_TYPE_AFSDB - - RFC1183. - - .. data:: RR_TYPE_X25 - - RFC1183. - - .. data:: RR_TYPE_ISDN - - RFC1183. - - .. data:: RR_TYPE_RT - - RFC1183. - - .. data:: RR_TYPE_NSAP - - RFC1706. - - .. data:: RR_TYPE_NSAP_PTR - - RFC1348. - - .. data:: RR_TYPE_SIG - - 2535typecode. - - .. data:: RR_TYPE_KEY - - 2535typecode. - - .. data:: RR_TYPE_PX - - RFC2163. - - .. data:: RR_TYPE_GPOS - - RFC1712. - - .. data:: RR_TYPE_AAAA - - IPv6 address. - - .. data:: RR_TYPE_LOC - - LOC record RFC1876. - - .. data:: RR_TYPE_NXT - - 2535typecode. - - .. data:: RR_TYPE_EID - - draft-ietf-nimrod-dns-01.txt. - - .. data:: RR_TYPE_NIMLOC - - draft-ietf-nimrod-dns-01.txt. - - .. data:: RR_TYPE_SRV - - SRV record RFC2782. - - .. data:: RR_TYPE_ATMA - - http://www.jhsoft.com/rfc/af-saa-0069.000.rtf. - - .. data:: RR_TYPE_NAPTR - - RFC2915. - - .. data:: RR_TYPE_KX - - RFC2230. - - .. data:: RR_TYPE_CERT - - RFC2538. - - .. data:: RR_TYPE_A6 - - RFC2874. - - .. data:: RR_TYPE_DNAME - - RFC2672. - - .. data:: RR_TYPE_SINK - - dnsind-kitchen-sink-02.txt. - - .. data:: RR_TYPE_OPT - - Pseudo OPT record. - - .. data:: RR_TYPE_APL - - RFC3123. - - .. data:: RR_TYPE_DS - - draft-ietf-dnsext-delegation. - - .. data:: RR_TYPE_SSHFP - - SSH Key Fingerprint. - - .. data:: RR_TYPE_IPSECKEY - - draft-richardson-ipseckey-rr-11.txt. - - .. data:: RR_TYPE_RRSIG - - draft-ietf-dnsext-dnssec-25. - - .. data:: RR_TYPE_NSEC - .. data:: RR_TYPE_DNSKEY - .. data:: RR_TYPE_DHCID - .. data:: RR_TYPE_NSEC3 - .. data:: RR_TYPE_NSEC3PARAMS - .. data:: RR_TYPE_UINFO - .. data:: RR_TYPE_UID - .. data:: RR_TYPE_GID - .. data:: RR_TYPE_UNSPEC - .. data:: RR_TYPE_TSIG - .. data:: RR_TYPE_IXFR - .. data:: RR_TYPE_AXFR - .. data:: RR_TYPE_MAILB - - A request for mailbox-related records (MB, MG or MR). - - .. data:: RR_TYPE_MAILA - - A request for mail agent RRs (Obsolete - see MX). - - .. data:: RR_TYPE_ANY - - Any type *(wildcard)*. - - .. data:: RR_TYPE_DLV - - RFC 4431, 5074, DNSSEC Lookaside Validation. - -Return codes -~~~~~~~~~~~~ - -Return codes for packets. - -.. data:: RCODE_NOERROR -.. data:: RCODE_FORMERR -.. data:: RCODE_SERVFAIL -.. data:: RCODE_NXDOMAIN -.. data:: RCODE_NOTIMPL -.. data:: RCODE_REFUSED -.. data:: RCODE_YXDOMAIN -.. data:: RCODE_YXRRSET -.. data:: RCODE_NXRRSET -.. data:: RCODE_NOTAUTH -.. data:: RCODE_NOTZONE - -Packet data -~~~~~~~~~~~~ - -.. data:: PKT_QR - - Query - query flag. - -.. data:: PKT_AA - - Authoritative Answer - server flag. - -.. data:: PKT_TC - - Truncated - server flag. - -.. data:: PKT_RD - - Recursion desired - query flag. - -.. data:: PKT_CD - - Checking disabled - query flag. - -.. data:: PKT_RA - - Recursion available - server flag. - -.. data:: PKT_AD - - Authenticated data - server flag. - - -Verbosity value -~~~~~~~~~~~~~~~~ - -.. data:: NO_VERBOSE - - No verbose messages. - -.. data:: VERB_OPS - - Operational information. - -.. data:: VERB_DETAIL - - Detailed information. - -.. data:: VERB_QUERY - - Query level information. - -.. data:: VERB_ALGO - - Algorithm level information. diff --git a/external/unbound/pythonmod/doc/modules/functions.rst b/external/unbound/pythonmod/doc/modules/functions.rst deleted file mode 100644 index 627d44922..000000000 --- a/external/unbound/pythonmod/doc/modules/functions.rst +++ /dev/null @@ -1,227 +0,0 @@ -Scriptable functions -==================== - -Network -------- - -.. function:: ntohs(netshort) - - This subroutine converts values between the host and network byte order. - Specifically, **ntohs()** converts 16-bit quantities from network byte order - to host byte order. - - :param netshort: 16-bit short addr - :rtype: converted addr - - -Cache ------ - -.. function:: storeQueryInCache(qstate, qinfo, msgrep, is_referral) - - Store pending query in local cache. - - :param qstate: :class:`module_qstate` - :param qinfo: :class:`query_info` - :param msgrep: :class:`reply_info` - :param is_referal: integer - :rtype: boolean - -.. function:: invalidateQueryInCache(qstate, qinfo) - - Invalidate record in local cache. - - :param qstate: :class:`module_qstate` - :param qinfo: :class:`query_info` - - -EDNS options ------------- - -.. function:: register_edns_option(env, code, bypass_cache_stage=False, no_aggregation=False) - - Register EDNS option code. - - :param env: :class:`module_env` - :param code: option code(integer) - :param bypass_cache_stage: whether to bypass the cache response stage - :param no_aggregation: whether this query should be unique - :return: ``1`` if successful, ``0`` otherwise - :rtype: integer - -.. function:: edns_opt_list_find(list, code) - - Find the EDNS option code in the EDNS option list. - - :param list: linked list of :class:`edns_option` - :param code: option code (integer) - :return: the edns option if found or None - :rtype: :class:`edns_option` or None - -.. function:: edns_opt_list_remove(list, code); - - Remove an ENDS option code from the list. - .. note:: All :class:`edns_option` with the code will be removed - - :param list: linked list of :class:`edns_option` - :param code: option code (integer) - :return: ``1`` if at least one :class:`edns_option` was removed, ``0`` otherwise - :rtype: integer - -.. function:: edns_opt_list_append(list, code, data, region) - - Append given EDNS option code with data to the list. - - :param list: linked list of :class:`edns_option` - :param code: option code (integer) - :param data: EDNS data. **Must** be a :class:`bytearray` - :param region: :class:`regional` - -.. function:: edns_opt_list_is_empty(list) - - Check if an EDNS option list is empty. - - :param list: linked list of :class:`edns_option` - :return: ``1`` if list is empty, ``0`` otherwise - :rtype: integer - - -Inplace callbacks ------------------ - -.. function:: inplace_cb_reply(qinfo, qstate, rep, rcode, edns, opt_list_out, region) - - Function prototype for callback functions used in - `register_inplace_cb_reply`_, `register_inplace_cb_reply_cache`_, - `register_inplace_cb_reply_local` and `register_inplace_cb_reply_servfail`. - - :param qinfo: :class:`query_info` - :param qstate: :class:`module_qstate` - :param rep: :class:`reply_info` - :param rcode: return code (integer), check ``RCODE_`` constants. - :param edns: :class:`edns_data` - :param opt_list_out: :class:`edns_option`. EDNS option list to append options to. - :param region: :class:`regional` - -.. function:: register_inplace_cb_reply(py_cb, env) - - Register py_cb as an inplace reply callback function. - - :param py_cb: Python function that follows `inplace_cb_reply`_'s prototype. **Must** be callable. - :param env: :class:`module_env` - :return: True on success, False otherwise - :rtype: boolean - -.. function:: register_inplace_cb_reply_cache(py_cb, env) - - Register py_cb as an inplace reply_cache callback function. - - :param py_cb: Python function that follows `inplace_cb_reply`_'s prototype. **Must** be callable. - :param env: :class:`module_env` - :return: True on success, False otherwise - :rtype: boolean - -.. function:: register_inplace_cb_reply_local(py_cb, env) - - Register py_cb as an inplace reply_local callback function. - - :param py_cb: Python function that follows `inplace_cb_reply`_'s prototype. **Must** be callable. - :param env: :class:`module_env` - :return: True on success, False otherwise - :rtype: boolean - -.. function:: register_inplace_cb_reply_servfail(py_cb, env) - - Register py_cb as an inplace reply_servfail callback function. - - :param py_cb: Python function that follows `inplace_cb_reply`_'s prototype. **Must** be callable. - :param env: :class:`module_env` - :return: True on success, False otherwise - :rtype: boolean - - -Logging -------- - -.. function:: verbose(level, msg) - - Log a verbose message, pass the level for this message. - No trailing newline is needed. - - :param level: verbosity level for this message, compared to global verbosity setting. - :param msg: string message - -.. function:: log_info(msg) - - Log informational message. No trailing newline is needed. - - :param msg: string message - -.. function:: log_err(msg) - - Log error message. No trailing newline is needed. - - :param msg: string message - -.. function:: log_warn(msg) - - Log warning message. No trailing newline is needed. - - :param msg: string message - -.. function:: log_hex(msg, data, length) - - Log a hex-string to the log. Can be any length. - performs mallocs to do so, slow. But debug useful. - - :param msg: string desc to accompany the hexdump. - :param data: data to dump in hex format. - :param length: length of data. - -.. function:: log_dns_msg(str, qinfo, reply) - - Log DNS message. - - :param str: string message - :param qinfo: :class:`query_info` - :param reply: :class:`reply_info` - -.. function:: log_query_info(verbosity_value, str, qinf) - - Log query information. - - :param verbosity_value: see constants - :param str: string message - :param qinf: :class:`query_info` - -.. function:: regional_log_stats(r) - - Log regional statistics. - - :param r: :class:`regional` - - -Debugging ---------- - -.. function:: strextstate(module_ext_state) - - Debug utility, module external qstate to string. - - :param module_ext_state: the state value. - :rtype: descriptive string. - -.. function:: strmodulevent(module_event) - - Debug utility, module event to string. - - :param module_event: the module event value. - :rtype: descriptive string. - -.. function:: ldns_rr_type2str(atype) - - Convert RR type to string. - -.. function:: ldns_rr_class2str(aclass) - - Convert RR class to string. diff --git a/external/unbound/pythonmod/doc/modules/index.rst b/external/unbound/pythonmod/doc/modules/index.rst deleted file mode 100644 index ff0b95695..000000000 --- a/external/unbound/pythonmod/doc/modules/index.rst +++ /dev/null @@ -1,11 +0,0 @@ -Unbound module documentation -======================================= - -.. toctree:: - :maxdepth: 2 - - env - struct - functions - config - diff --git a/external/unbound/pythonmod/doc/modules/struct.rst b/external/unbound/pythonmod/doc/modules/struct.rst deleted file mode 100644 index 3af5d8a48..000000000 --- a/external/unbound/pythonmod/doc/modules/struct.rst +++ /dev/null @@ -1,516 +0,0 @@ -Scriptable structures -===================== - -module_qstate ------------------------ - -.. class:: module_qstate - - Module state, per query. - - This class provides these data attributes: - - .. attribute:: qinfo - - (:class:`query_info`) Informations about query being answered. Name, RR type, RR class. - - .. attribute:: query_flags - - (uint16) Flags for query. See QF_BIT\_ predefined constants. - - .. attribute:: is_priming - - If this is a (stub or root) priming query (with hints). - - .. attribute:: reply - - comm_reply contains server replies. - - .. attribute:: return_msg - - (:class:`dns_msg`) The reply message, with message for client and calling module (read-only attribute). - Note that if you want to create of modify return_msg you should use :class:`DNSMessage`. - - .. attribute:: return_rcode - - The rcode, in case of error, instead of a reply message. Determines whether the return_msg contains reply. - - .. attribute:: region - - Region for this query. Cleared when query process finishes. - - .. attribute:: curmod - - Which module is executing. - - .. attribute:: ext_state[] - - Module states. - - .. attribute:: env - - Environment for this query. - - .. attribute:: mesh_info - - Mesh related information for this query. - - .. attribute:: edns_opts_front_in - - Incoming EDNS options from the front end. - - .. attribute:: edns_opts_front_in_iter - - Iterator for `edns_opts_front_in`. - - .. attribute:: edns_opts_back_out - - Outgoing EDNS options to the back end. - - .. attribute:: edns_opts_back_out_iter - - Iterator for `edns_opts_back_out`. - - .. attribute:: edns_opts_back_in - - Incoming EDNS options from the back end. - - .. attribute:: edns_opts_back_in_iter - - Iterator for `ends_opts_back_in`. - - .. attribute:: edns_opts_front_out - - Outgoing EDNS options to the front end. - - .. attribute:: edns_opts_front_out_iter - - Iterator for `edns_opts_front_out`. - - .. attribute:: no_cache_lookup - - Flag to indicate whether modules should answer from the cache. - - .. attribute:: no_cache_store - - Flag to indicate whether modules should store answer in the cache. - -query_info ----------------- - -.. class:: query_info - - This class provides these data attributes: - - .. attribute:: qname - - The original question in the wireformat format (e.g. \\x03www\\x03nic\\x02cz\\x00 for www.nic.cz) - - .. attribute:: qname_len - - Lenght of question name (number of bytes). - - .. attribute:: qname_list[] - - The question ``qname`` converted into list of labels (e.g. ['www','nic','cz',''] for www.nic.cz) - - .. attribute:: qname_str - - The question ``qname`` converted into string (e.g. www.nic.cz. for www.nic.cz) - - .. attribute:: qtype - - The class type asked for. See RR_TYPE\_ predefined constants. - - .. attribute:: qtype_str - - The ``qtype`` in display presentation format (string) (e.g 'A' for RR_TYPE_A) - - .. attribute:: qclass - - The question class. See RR_CLASS\_ predefined constants. - - .. attribute:: qclass_str - - The ``qclass`` in display presentation format (string). - -edns_data ---------- - -.. class:: edns_data - - This class represents the EDNS information parsed/encoded from/to a packet. It provides these data attributes: - - .. attribute:: edns_present - - If EDNS OPT record is present. - - .. attribute:: ext_rcode - - Extended RCODE. - - .. attribute:: edns_version - - The EDNS version number. - - .. attribute:: bits - - The EDNS bits field from ttl (host order): Z. - - .. attribute:: udp_size - - UDP reassembly size. - - .. attribute:: opt_list - - The EDNS option list. - - .. attribute:: opt_list_iter - - Iterator for `opt_list`. - -edns_option ------------ - -.. class:: edns_option - - This class represents an EDNS option (code, data) found in EDNS option lists. It provides these data attributes: - - .. attribute:: code - - The EDNS option code. - - .. attribute:: data - - The EDNS option data. - -reply_info --------------------- - -.. class:: reply_info - - This class provides these data attributes: - - .. attribute:: flags - - The flags for the answer, host byte order. - - .. attribute:: qdcount - - Number of RRs in the query section. - If qdcount is not 0, then it is 1, and the data that appears - in the reply is the same as the query_info. - Host byte order. - - .. attribute:: ttl - - TTL of the entire reply (for negative caching). - only for use when there are 0 RRsets in this message. - if there are RRsets, check those instead. - - .. attribute:: security - - The security status from DNSSEC validation of this message. See sec_status\_ predefined constants. - - .. attribute:: an_numrrsets - - Number of RRsets in each section. - The answer section. Add up the RRs in every RRset to calculate - the number of RRs, and the count for the dns packet. - The number of RRs in RRsets can change due to RRset updates. - - .. attribute:: ns_numrrsets - - Count of authority section RRsets - - .. attribute:: ar_numrrsets - - Count of additional section RRsets - - .. attribute:: rrset_count - - Number of RRsets: an_numrrsets + ns_numrrsets + ar_numrrsets - - .. attribute:: rrsets[] - - (:class:`ub_packed_rrset_key`) List of RR sets in the order in which they appear in the reply message. - Number of elements is ancount + nscount + arcount RRsets. - - .. attribute:: ref[] - - (:class:`rrset_ref`) Packed array of ids (see counts) and pointers to packed_rrset_key. - The number equals ancount + nscount + arcount RRsets. - These are sorted in ascending pointer, the locking order. So - this list can be locked (and id, ttl checked), to see if - all the data is available and recent enough. - - -dns_msg --------------- - -.. class:: dns_msg - - Region allocated message reply - - This class provides these data attributes: - - .. attribute:: qinfo - - (:class:`query_info`) Informations about query. - - .. attribute:: rep - - (:class:`reply_info`) This attribute points to the packed reply structure. - - -packed_rrset_key ----------------------- - -.. class:: packed_rrset_key - - The identifying information for an RRset. - - This class provides these data attributes: - - .. attribute:: dname - - The domain name. If not empty (for ``id = None``) it is allocated, and - contains the wireformat domain name. This dname is not canonicalized. - E.g., the dname contains \\x03www\\x03nic\\x02cz\\x00 for www.nic.cz. - - .. attribute:: dname_len - - Length of the domain name, including last 0 root octet. - - .. attribute:: dname_list[] - - The domain name ``dname`` converted into list of labels (see :attr:`query_info.qname_list`). - - .. attribute:: dname_str - - The domain name ``dname`` converted into string (see :attr:`query_info.qname_str`). - - .. attribute:: flags - - Flags. - - .. attribute:: type - - The rrset type in network format. - - .. attribute:: type_str - - The rrset type in display presentation format. - - .. attribute:: rrset_class - - The rrset class in network format. - - .. attribute:: rrset_class_str - - The rrset class in display presentation format. - -ub_packed_rrset_key -------------------------- - -.. class:: ub_packed_rrset_key - - This structure contains an RRset. A set of resource records that - share the same domain name, type and class. - Due to memory management and threading, the key structure cannot be - deleted, although the data can be. The id can be set to 0 to store and the - structure can be recycled with a new id. - - The :class:`ub_packed_rrset_key` provides these data attributes: - - .. attribute:: entry - - (:class:`lruhash_entry`) Entry into hashtable. Note the lock is never destroyed, - even when this key is retired to the cache. - the data pointer (if not None) points to a :class:`packed_rrset`. - - .. attribute:: id - - The ID of this rrset. unique, based on threadid + sequenceno. - ids are not reused, except after flushing the cache. - zero is an unused entry, and never a valid id. - Check this value after getting entry.lock. - The other values in this struct may only be altered after changing - the id (which needs a writelock on entry.lock). - - .. attribute:: rk - - (:class:`packed_rrset_key`) RR set data. - - -lruhash_entry -------------------------- - -.. class:: lruhash_entry - - The :class:`ub_packed_rrset_key` provides these data attributes: - - .. attribute:: lock - - rwlock for access to the contents of the entry. Note that you cannot change hash and key, if so, you have to delete it to change hash or key. - - .. attribute:: data - - (:class:`packed_rrset_data`) entry data stored in wireformat (RRs and RRsigs). - -packed_rrset_data ------------------------ - -.. class:: packed_rrset_data - - Rdata is stored in wireformat. The dname is stored in wireformat. - - TTLs are stored as absolute values (and could be expired). - - RRSIGs are stored in the arrays after the regular rrs. - - You need the packed_rrset_key to know dname, type, class of the - resource records in this RRset. (if signed the rrsig gives the type too). - - The :class:`packed_rrset_data` provides these data attributes: - - .. attribute:: ttl - - TTL (in seconds like time()) of the RRset. - Same for all RRs see rfc2181(5.2). - - .. attribute:: count - - Number of RRs. - - .. attribute:: rrsig_count - - Number of rrsigs, if 0 no rrsigs. - - .. attribute:: trust - - The trustworthiness of the RRset data. - - .. attribute:: security - - Security status of the RRset data. See sec_status\_ predefined constants. - - .. attribute:: rr_len[] - - Length of every RR's rdata, rr_len[i] is size of rr_data[i]. - - .. attribute:: rr_ttl[] - - TTL of every rr. rr_ttl[i] ttl of rr i. - - .. attribute:: rr_data[] - - Array of RR's rdata (list of strings). The rdata is stored in uncompressed wireformat. - The first 16B of rr_data[i] is rdlength in network format. - - -DNSMessage ----------------- - -.. class:: DNSMessage - - Abstract representation of DNS message. - - **Usage** - - This example shows how to create an authoritative answer response - - :: - - msg = DNSMessage(qstate.qinfo.qname_str, RR_TYPE_A, RR_CLASS_IN, PKT_AA) - - #append RR - if (qstate.qinfo.qtype == RR_TYPE_A) or (qstate.qinfo.qtype == RR_TYPE_ANY): - msg.answer.append("%s 10 IN A 127.0.0.1" % qstate.qinfo.qname_str) - - #set qstate.return_msg - if not msg.set_return_msg(qstate): - raise Exception("Can't create response") - - The :class:`DNSMessage` provides these methods and data attributes: - - .. method:: __init__(self, rr_name, rr_type, rr_class = RR_CLASS_IN, query_flags = 0, default_ttl = 0) - - Prepares an answer (DNS packet) from given information. Query flags are combination of PKT_xx constants. - - .. method:: set_return_msg(self, qstate) - - This method fills qstate return message according to the given informations. - It takes lists of RRs in each section of answer, created necessary RRsets in wire format and store the result in :attr:`qstate.return_msg`. - Returns 1 if OK. - - .. attribute:: rr_name - - RR name of question. - - .. attribute:: rr_type - - RR type of question. - - .. attribute:: rr_class - - RR class of question. - - .. attribute:: default_ttl - - Default time-to-live. - - .. attribute:: query_flags - - Query flags. See PKT\_ predefined constants. - - .. attribute:: question[] - - List of resource records that should appear (in the same order) in question section of answer. - - .. attribute:: answer[] - - List of resource records that should appear (in the same order) in answer section of answer. - - .. attribute:: authority[] - - List of resource records that should appear (in the same order) in authority section of answer. - - .. attribute:: additional[] - - List of resource records that should appear (in the same order) in additional section of answer. - -pythonmod_env ------------------------ - -.. class:: pythonmod_env - - Global state for the module. - - This class provides these data attributes: - - .. attribute:: data - - Here you can keep your own data shared across each thread. - - .. attribute:: fname - - Python script filename. - - .. attribute:: qstate - - Module query state. - -pythonmod_qstate ------------------------ - -.. class:: pythonmod_qstate - - Per query state for the iterator module. - - This class provides these data attributes: - - .. attribute:: data - - Here you can keep your own private data (each thread has own data object). - diff --git a/external/unbound/pythonmod/doc/usecase.rst b/external/unbound/pythonmod/doc/usecase.rst deleted file mode 100644 index 2975740bb..000000000 --- a/external/unbound/pythonmod/doc/usecase.rst +++ /dev/null @@ -1,38 +0,0 @@ -Use cases (examples) -==================== - -Dynamic DNS Service discovery (DNS-SD_) -------------------------------------------- -Synchronized with database engine, for example *MySQL*. - -.. _DNS-SD: http://www.dns-sd.org/ - -Firewall control ----------------- -Control firewall (e.g. enable incoming SSH connection) with DNS query signed with private key. -So firewall can blocks every service during normal operation. - -Scriptable DNS-based blacklist (DNS-BL_) -------------------------------------------- -Scripted in Python with already provided features, takes advantage of DNS reply, because -almost every mail server supports DNS based blacklisting. - -.. _DNS-BL: http://www.dnsbl.org - -DNS based Wake-On-Lan ---------------------- -Controled by secured queries secured with private key. - -Dynamic translation service ---------------------------- -DNS request can be translated to virtualy any answer, that's easy to implement in client side -because of many DNS libraries available. - -Examples : - * **Dictionary** - using *IDN* for non-ascii strings transfer, ``dig TXT slovo.en._dict_.nic.cz`` returns translation of "slovo" to EN. - * **Translation** - Extends *DNS-SD*, for example DNS to Jabber to find out people logged in. - * **Exchange rate calculator** - ``dig TXT 1000.99.czk.eur._rates_.nic.cz`` returns the given sum (1000.99 CZK) in EURs. - -Dynamic ENUM service --------------------- -Support for redirection, synchronization, etc. diff --git a/external/unbound/pythonmod/examples/calc.py b/external/unbound/pythonmod/examples/calc.py deleted file mode 100644 index 3230e37e3..000000000 --- a/external/unbound/pythonmod/examples/calc.py +++ /dev/null @@ -1,77 +0,0 @@ -# -*- coding: utf-8 -*- -''' - calc.py: DNS-based calculator - - Copyright (c) 2009, Zdenek Vasicek (vasicek AT fit.vutbr.cz) - Marek Vavrusa (xvavru00 AT stud.fit.vutbr.cz) - - This software is open source. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions - are met: - - * Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - * Redistributions in binary form must reproduce the above copyright notice, - this list of conditions and the following disclaimer in the documentation - and/or other materials provided with the distribution. - - * Neither the name of the organization nor the names of its - contributors may be used to endorse or promote products derived from this - software without specific prior written permission. - - THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED - TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE - LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR - CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. -''' - -#Try: dig @localhost 1*25._calc_.cz. - -def init(id, cfg): return True -def deinit(id): return True -def inform_super(id, qstate, superqstate, qdata): return True - -def operate(id, event, qstate, qdata): - - if (event == MODULE_EVENT_NEW) or (event == MODULE_EVENT_PASS): - - if qstate.qinfo.qname_str.endswith("._calc_.cz."): - try: - res = eval(''.join(qstate.qinfo.qname_list[0:-3])) - except: - res = "exception" - - msg = DNSMessage(qstate.qinfo.qname_str, RR_TYPE_TXT, RR_CLASS_IN, PKT_QR | PKT_RA | PKT_AA) #, 300) - msg.answer.append("%s 300 IN TXT \"%s\"" % (qstate.qinfo.qname_str,res)) - if not msg.set_return_msg(qstate): - qstate.ext_state[id] = MODULE_ERROR - return True - - qstate.return_rcode = RCODE_NOERROR - qstate.ext_state[id] = MODULE_FINISHED - return True - - else: - #Pass on the unknown query to the iterator - qstate.ext_state[id] = MODULE_WAIT_MODULE - return True - - elif event == MODULE_EVENT_MODDONE: - #the iterator has finished - qstate.ext_state[id] = MODULE_FINISHED - return True - - log_err("pythonmod: Unknown event") - qstate.ext_state[id] = MODULE_ERROR - return True - diff --git a/external/unbound/pythonmod/examples/dict.py b/external/unbound/pythonmod/examples/dict.py deleted file mode 100644 index c8088a89c..000000000 --- a/external/unbound/pythonmod/examples/dict.py +++ /dev/null @@ -1,121 +0,0 @@ -# -*- coding: utf-8 -*- -''' - calc.py: DNS-based czech-english dictionary - - Copyright (c) 2009, Zdenek Vasicek (vasicek AT fit.vutbr.cz) - Marek Vavrusa (xvavru00 AT stud.fit.vutbr.cz) - - This software is open source. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions - are met: - - * Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - * Redistributions in binary form must reproduce the above copyright notice, - this list of conditions and the following disclaimer in the documentation - and/or other materials provided with the distribution. - - * Neither the name of the organization nor the names of its - contributors may be used to endorse or promote products derived from this - software without specific prior written permission. - - THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED - TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE - LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR - CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. -''' -import os -cz_dict = {} -en_dict = {} - -def init(id, cfg): - log_info("pythonmod: dict init") - f = open("examples/dict_data.txt", "r") - try: - for line in f: - if line.startswith('#'): - continue - itm = line.split("\t", 3) - if len(itm) < 2: - continue - en,cs = itm[0:2] - - if not (cs in cz_dict): - cz_dict[cs] = [en] # [cs] = en - else: - cz_dict[cs].append(en) # [cs] = en - - if not (en in en_dict): - en_dict[en] = [cs] # [en] = cs - else: - en_dict[en].append(cs) # [en] = cs - - finally: - f.close() - return True - -def deinit(id): - log_info("pythonmod: dict deinit") - return True - -def operate(id, event, qstate, qdata): - if (event == MODULE_EVENT_NEW) or (event == MODULE_EVENT_PASS): - - if qstate.qinfo.qname_str.endswith("._dict_.cz."): - - aword = ' '.join(qstate.qinfo.qname_list[0:-4]) - adict = qstate.qinfo.qname_list[-4] - - log_info("pythonmod: dictionary look up; word:%s dict:%s" % (aword,adict)) - - words = [] - if (adict == "en") and (aword in en_dict): - words = en_dict[aword] # EN -> CS - if (adict == "cs") and (aword in cz_dict): - words = cz_dict[aword] # CS -> EN - - if len(words) and ((qstate.qinfo.qtype == RR_TYPE_TXT) or (qstate.qinfo.qtype == RR_TYPE_ANY)): - - msg = DNSMessage(qstate.qinfo.qname_str, RR_TYPE_TXT, RR_CLASS_IN, PKT_RD | PKT_RA | PKT_AA) - for w in words: - msg.answer.append("%s 300 IN TXT \"%s\"" % (qstate.qinfo.qname_str,w.replace("\"","\\\""))) - - if not msg.set_return_msg(qstate): - qstate.ext_state[id] = MODULE_ERROR - return True - - qstate.return_rcode = RCODE_NOERROR - qstate.ext_state[id] = MODULE_FINISHED - return True - - else: - qstate.return_rcode = RCODE_SERVFAIL - qstate.ext_state[id] = MODULE_FINISHED - return True - - else: #Pass on the unknown query to the iterator - qstate.ext_state[id] = MODULE_WAIT_MODULE - return True - - elif event == MODULE_EVENT_MODDONE: #the iterator has finished - #we don't need modify result - qstate.ext_state[id] = MODULE_FINISHED - return True - - log_err("pythonmod: Unknown event") - qstate.ext_state[id] = MODULE_ERROR - return True - -def inform_super(id, qstate, superqstate, qdata): - return True - diff --git a/external/unbound/pythonmod/examples/dict_data.txt b/external/unbound/pythonmod/examples/dict_data.txt deleted file mode 100644 index 04cd3badf..000000000 --- a/external/unbound/pythonmod/examples/dict_data.txt +++ /dev/null @@ -1,6 +0,0 @@ -* * web -computer poèítaèový adj: Zdenìk Bro¾ -computer poèítaè n: -domain doména n: Zdenìk Bro¾ -query otazník n: Zdenìk Bro¾ -network sí» n: [it.] poèítaèová diff --git a/external/unbound/pythonmod/examples/log.py b/external/unbound/pythonmod/examples/log.py deleted file mode 100644 index c17106b0f..000000000 --- a/external/unbound/pythonmod/examples/log.py +++ /dev/null @@ -1,119 +0,0 @@ -import os -''' - calc.py: Response packet logger - - Copyright (c) 2009, Zdenek Vasicek (vasicek AT fit.vutbr.cz) - Marek Vavrusa (xvavru00 AT stud.fit.vutbr.cz) - - This software is open source. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions - are met: - - * Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - * Redistributions in binary form must reproduce the above copyright notice, - this list of conditions and the following disclaimer in the documentation - and/or other materials provided with the distribution. - - * Neither the name of the organization nor the names of its - contributors may be used to endorse or promote products derived from this - software without specific prior written permission. - - THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED - TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE - LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR - CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. -''' - -def dataHex(data, prefix=""): - """Converts binary string data to display representation form""" - res = "" - for i in range(0, (len(data)+15)/16): - res += "%s0x%02X | " % (prefix, i*16) - d = map(lambda x:ord(x), data[i*16:i*16+17]) - for ch in d: - res += "%02X " % ch - for i in range(0,17-len(d)): - res += " " - res += "| " - for ch in d: - if (ch < 32) or (ch > 127): - res += ". " - else: - res += "%c " % ch - res += "\n" - return res - -def logDnsMsg(qstate): - """Logs response""" - - r = qstate.return_msg.rep - q = qstate.return_msg.qinfo - - print "-"*100 - print("Query: %s, type: %s (%d), class: %s (%d) " % ( - qstate.qinfo.qname_str, qstate.qinfo.qtype_str, qstate.qinfo.qtype, - qstate.qinfo.qclass_str, qstate.qinfo.qclass)) - print "-"*100 - print "Return reply :: flags: %04X, QDcount: %d, Security:%d, TTL=%d" % (r.flags, r.qdcount, r.security, r.ttl) - print " qinfo :: qname: %s %s, qtype: %s, qclass: %s" % (str(q.qname_list), q.qname_str, q.qtype_str, q.qclass_str) - - if (r): - print "Reply:" - for i in range(0, r.rrset_count): - rr = r.rrsets[i] - - rk = rr.rk - print i,":",rk.dname_list, rk.dname_str, "flags: %04X" % rk.flags, - print "type:",rk.type_str,"(%d)" % ntohs(rk.type), "class:",rk.rrset_class_str,"(%d)" % ntohs(rk.rrset_class) - - d = rr.entry.data - for j in range(0,d.count+d.rrsig_count): - print " ",j,":","TTL=",d.rr_ttl[j], - if (j >= d.count): print "rrsig", - print - print dataHex(d.rr_data[j]," ") - - print "-"*100 - -def init(id, cfg): - log_info("pythonmod: init called, module id is %d port: %d script: %s" % (id, cfg.port, cfg.python_script)) - return True - -def deinit(id): - log_info("pythonmod: deinit called, module id is %d" % id) - return True - -def inform_super(id, qstate, superqstate, qdata): - return True - -def operate(id, event, qstate, qdata): - log_info("pythonmod: operate called, id: %d, event:%s" % (id, strmodulevent(event))) - - if (event == MODULE_EVENT_NEW) or (event == MODULE_EVENT_PASS): - #Pass on the new event to the iterator - qstate.ext_state[id] = MODULE_WAIT_MODULE - return True - - if event == MODULE_EVENT_MODDONE: - #Iterator finished, show response (if any) - - if (qstate.return_msg): - logDnsMsg(qstate) - - qstate.ext_state[id] = MODULE_FINISHED - return True - - qstate.ext_state[id] = MODULE_ERROR - return True - diff --git a/external/unbound/pythonmod/examples/resgen.py b/external/unbound/pythonmod/examples/resgen.py deleted file mode 100644 index 804c0bd1d..000000000 --- a/external/unbound/pythonmod/examples/resgen.py +++ /dev/null @@ -1,73 +0,0 @@ -''' - resgen.py: This example shows how to generate authoritative response - - Copyright (c) 2009, Zdenek Vasicek (vasicek AT fit.vutbr.cz) - Marek Vavrusa (xvavru00 AT stud.fit.vutbr.cz) - - This software is open source. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions - are met: - - * Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - * Redistributions in binary form must reproduce the above copyright notice, - this list of conditions and the following disclaimer in the documentation - and/or other materials provided with the distribution. - - * Neither the name of the organization nor the names of its - contributors may be used to endorse or promote products derived from this - software without specific prior written permission. - - THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED - TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE - LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR - CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. -''' -def init(id, cfg): return True - -def deinit(id): return True - -def inform_super(id, qstate, superqstate, qdata): return True - -def operate(id, event, qstate, qdata): - if (event == MODULE_EVENT_NEW) or (event == MODULE_EVENT_PASS): - if (qstate.qinfo.qname_str.endswith(".localdomain.")): #query name ends with localdomain - #create instance of DNS message (packet) with given parameters - msg = DNSMessage(qstate.qinfo.qname_str, RR_TYPE_A, RR_CLASS_IN, PKT_QR | PKT_RA | PKT_AA) - #append RR - if (qstate.qinfo.qtype == RR_TYPE_A) or (qstate.qinfo.qtype == RR_TYPE_ANY): - msg.answer.append("%s 10 IN A 127.0.0.1" % qstate.qinfo.qname_str) - #set qstate.return_msg - if not msg.set_return_msg(qstate): - qstate.ext_state[id] = MODULE_ERROR - return True - - #we don't need validation, result is valid - qstate.return_msg.rep.security = 2 - - qstate.return_rcode = RCODE_NOERROR - qstate.ext_state[id] = MODULE_FINISHED - return True - else: - #pass the query to validator - qstate.ext_state[id] = MODULE_WAIT_MODULE - return True - - if event == MODULE_EVENT_MODDONE: - log_info("pythonmod: iterator module done") - qstate.ext_state[id] = MODULE_FINISHED - return True - - log_err("pythonmod: bad event") - qstate.ext_state[id] = MODULE_ERROR - return True diff --git a/external/unbound/pythonmod/examples/resip.py b/external/unbound/pythonmod/examples/resip.py deleted file mode 100644 index 6bcac7252..000000000 --- a/external/unbound/pythonmod/examples/resip.py +++ /dev/null @@ -1,96 +0,0 @@ -''' - resip.py: This example shows how to generate authoritative response - and how to find out the IP address of a client - - Copyright (c) 2009, Zdenek Vasicek (vasicek AT fit.vutbr.cz) - Marek Vavrusa (xvavru00 AT stud.fit.vutbr.cz) - - This software is open source. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions - are met: - - * Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - * Redistributions in binary form must reproduce the above copyright notice, - this list of conditions and the following disclaimer in the documentation - and/or other materials provided with the distribution. - - * Neither the name of the organization nor the names of its - contributors may be used to endorse or promote products derived from this - software without specific prior written permission. - - THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED - TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE - LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR - CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. - - - Usage: - - dig @127.0.0.1 -t TXT what.is.my.ip. -''' - -def init(id, cfg): return True - -def deinit(id): return True - -def inform_super(id, qstate, superqstate, qdata): return True - -def operate(id, event, qstate, qdata): - print "Operate", event,"state:",qstate - - # Please note that if this module blocks, by moving to the validator - # to validate or iterator to lookup or spawn a subquery to look up, - # then, other incoming queries are queued up onto this module and - # all of them receive the same reply. - # You can inspect the cache. - - if (event == MODULE_EVENT_NEW) or (event == MODULE_EVENT_PASS): - if (qstate.qinfo.qname_str.endswith("what.is.my.ip.")): #query name ends with localdomain - #create instance of DNS message (packet) with given parameters - msg = DNSMessage(qstate.qinfo.qname_str, RR_TYPE_TXT, RR_CLASS_IN, PKT_QR | PKT_RA | PKT_AA) - #append RR - if (qstate.qinfo.qtype == RR_TYPE_TXT) or (qstate.qinfo.qtype == RR_TYPE_ANY): - rl = qstate.mesh_info.reply_list - while (rl): - if rl.query_reply: - q = rl.query_reply - # The TTL of 0 is mandatory, otherwise it ends up in - # the cache, and is returned to other IP addresses. - msg.answer.append("%s 0 IN TXT \"%s %d (%s)\"" % (qstate.qinfo.qname_str, q.addr,q.port,q.family)) - rl = rl.next - - #set qstate.return_msg - if not msg.set_return_msg(qstate): - qstate.ext_state[id] = MODULE_ERROR - return True - - #we don't need validation, result is valid - qstate.return_msg.rep.security = 2 - - qstate.return_rcode = RCODE_NOERROR - qstate.ext_state[id] = MODULE_FINISHED - return True - else: - #pass the query to validator - qstate.ext_state[id] = MODULE_WAIT_MODULE - return True - - if event == MODULE_EVENT_MODDONE: - log_info("pythonmod: iterator module done") - qstate.ext_state[id] = MODULE_FINISHED - return True - - log_err("pythonmod: bad event") - qstate.ext_state[id] = MODULE_ERROR - return True diff --git a/external/unbound/pythonmod/examples/resmod.py b/external/unbound/pythonmod/examples/resmod.py deleted file mode 100644 index cf392e4da..000000000 --- a/external/unbound/pythonmod/examples/resmod.py +++ /dev/null @@ -1,88 +0,0 @@ -''' - resmod.py: This example shows how to modify the response from iterator - - Copyright (c) 2009, Zdenek Vasicek (vasicek AT fit.vutbr.cz) - Marek Vavrusa (xvavru00 AT stud.fit.vutbr.cz) - - This software is open source. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions - are met: - - * Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - * Redistributions in binary form must reproduce the above copyright notice, - this list of conditions and the following disclaimer in the documentation - and/or other materials provided with the distribution. - - * Neither the name of the organization nor the names of its - contributors may be used to endorse or promote products derived from this - software without specific prior written permission. - - THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED - TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE - LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR - CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. -''' - -def init(id, cfg): return True - -def deinit(id): return True - -def inform_super(id, qstate, superqstate, qdata): return True - -def setTTL(qstate, ttl): - """Updates return_msg TTL and the TTL of all the RRs""" - if qstate.return_msg: - qstate.return_msg.rep.ttl = ttl - if (qstate.return_msg.rep): - for i in range(0,qstate.return_msg.rep.rrset_count): - d = qstate.return_msg.rep.rrsets[i].entry.data - for j in range(0,d.count+d.rrsig_count): - d.rr_ttl[j] = ttl - -def operate(id, event, qstate, qdata): - if (event == MODULE_EVENT_NEW) or (event == MODULE_EVENT_PASS): - #pass the query to validator - qstate.ext_state[id] = MODULE_WAIT_MODULE - return True - - if event == MODULE_EVENT_MODDONE: - log_info("pythonmod: iterator module done") - - if not qstate.return_msg: - qstate.ext_state[id] = MODULE_FINISHED - return True - - #modify the response - - qdn = qstate.qinfo.qname_str - if qdn.endswith(".nic.cz."): - #invalidate response in cache added by iterator - #invalidateQueryInCache(qstate, qstate.return_msg.qinfo) - - #modify TTL to 10 secs and store response in cache - #setTTL(qstate, 5) - #if not storeQueryInCache(qstate, qstate.return_msg.qinfo, qstate.return_msg.rep, 0): - # qstate.ext_state[id] = MODULE_ERROR - # return False - - #modify TTL of response, which will be send to a) validator and then b) client - setTTL(qstate, 10) - qstate.return_rcode = RCODE_NOERROR - - qstate.ext_state[id] = MODULE_FINISHED - return True - - log_err("pythonmod: bad event") - qstate.ext_state[id] = MODULE_ERROR - return True diff --git a/external/unbound/pythonmod/interface.i b/external/unbound/pythonmod/interface.i deleted file mode 100644 index 09d726f2c..000000000 --- a/external/unbound/pythonmod/interface.i +++ /dev/null @@ -1,1446 +0,0 @@ -/* - * interface.i: unbound python module - */ -%module unboundmodule -%{ -/** - * \file - * This is the interface between the unbound server and a python module - * called to perform operations on queries. - */ - #include - #include - #include - #include - #include - #include "config.h" - #include "util/log.h" - #include "util/module.h" - #include "util/netevent.h" - #include "util/regional.h" - #include "util/config_file.h" - #include "util/data/msgreply.h" - #include "util/data/packed_rrset.h" - #include "util/data/dname.h" - #include "util/storage/lruhash.h" - #include "services/cache/dns.h" - #include "services/mesh.h" - #include "iterator/iter_delegpt.h" - #include "iterator/iter_hints.h" - #include "iterator/iter_utils.h" - #include "sldns/wire2str.h" - #include "sldns/str2wire.h" - #include "sldns/pkthdr.h" -%} - -%include "stdint.i" /* uint_16_t can be known type now */ - -%inline %{ - /* converts [len][data][len][data][0] string to a List of labels (PyBytes) */ - PyObject* GetNameAsLabelList(const char* name, int len) { - PyObject* list; - int cnt=0, i; - - i = 0; - while (i < len) { - i += name[i] + 1; - cnt++; - } - - list = PyList_New(cnt); - i = 0; cnt = 0; - while (i < len) { - PyList_SetItem(list, cnt, PyBytes_FromStringAndSize(name + i + 1, name[i])); - i += name[i] + 1; - cnt++; - } - return list; - } -%} - -/* ************************************************************************************ * - Structure query_info - * ************************************************************************************ */ -/* Query info */ -%ignore query_info::qname; -%ignore query_info::qname_len; - - -struct query_info { - %immutable; - char* qname; - size_t qname_len; - uint16_t qtype; - uint16_t qclass; - %mutable; -}; - -%inline %{ - enum enum_rr_class { - RR_CLASS_IN = 1, - RR_CLASS_CH = 3, - RR_CLASS_HS = 4, - RR_CLASS_NONE = 254, - RR_CLASS_ANY = 255, - }; - - enum enum_rr_type { - RR_TYPE_A = 1, - RR_TYPE_NS = 2, - RR_TYPE_MD = 3, - RR_TYPE_MF = 4, - RR_TYPE_CNAME = 5, - RR_TYPE_SOA = 6, - RR_TYPE_MB = 7, - RR_TYPE_MG = 8, - RR_TYPE_MR = 9, - RR_TYPE_NULL = 10, - RR_TYPE_WKS = 11, - RR_TYPE_PTR = 12, - RR_TYPE_HINFO = 13, - RR_TYPE_MINFO = 14, - RR_TYPE_MX = 15, - RR_TYPE_TXT = 16, - RR_TYPE_RP = 17, - RR_TYPE_AFSDB = 18, - RR_TYPE_X25 = 19, - RR_TYPE_ISDN = 20, - RR_TYPE_RT = 21, - RR_TYPE_NSAP = 22, - RR_TYPE_NSAP_PTR = 23, - RR_TYPE_SIG = 24, - RR_TYPE_KEY = 25, - RR_TYPE_PX = 26, - RR_TYPE_GPOS = 27, - RR_TYPE_AAAA = 28, - RR_TYPE_LOC = 29, - RR_TYPE_NXT = 30, - RR_TYPE_EID = 31, - RR_TYPE_NIMLOC = 32, - RR_TYPE_SRV = 33, - RR_TYPE_ATMA = 34, - RR_TYPE_NAPTR = 35, - RR_TYPE_KX = 36, - RR_TYPE_CERT = 37, - RR_TYPE_A6 = 38, - RR_TYPE_DNAME = 39, - RR_TYPE_SINK = 40, - RR_TYPE_OPT = 41, - RR_TYPE_APL = 42, - RR_TYPE_DS = 43, - RR_TYPE_SSHFP = 44, - RR_TYPE_IPSECKEY = 45, - RR_TYPE_RRSIG = 46, - RR_TYPE_NSEC = 47, - RR_TYPE_DNSKEY = 48, - RR_TYPE_DHCID = 49, - RR_TYPE_NSEC3 = 50, - RR_TYPE_NSEC3PARAMS = 51, - RR_TYPE_UINFO = 100, - RR_TYPE_UID = 101, - RR_TYPE_GID = 102, - RR_TYPE_UNSPEC = 103, - RR_TYPE_TSIG = 250, - RR_TYPE_IXFR = 251, - RR_TYPE_AXFR = 252, - RR_TYPE_MAILB = 253, - RR_TYPE_MAILA = 254, - RR_TYPE_ANY = 255, - RR_TYPE_DLV = 32769, - }; - - PyObject* _get_qname(struct query_info* q) { - return PyBytes_FromStringAndSize((char*)q->qname, q->qname_len); - } - - PyObject* _get_qname_components(struct query_info* q) { - return GetNameAsLabelList((const char*)q->qname, q->qname_len); - } -%} - -%inline %{ - PyObject* dnameAsStr(const char* dname) { - char buf[LDNS_MAX_DOMAINLEN+1]; - buf[0] = '\0'; - dname_str((uint8_t*)dname, buf); - return PyBytes_FromString(buf); - } -%} - -%extend query_info { - %pythoncode %{ - def _get_qtype_str(self): return sldns_wire2str_type(self.qtype) - __swig_getmethods__["qtype_str"] = _get_qtype_str - if _newclass:qtype_str = _swig_property(_get_qtype_str) - - def _get_qclass_str(self): return sldns_wire2str_class(self.qclass) - __swig_getmethods__["qclass_str"] = _get_qclass_str - if _newclass:qclass_str = _swig_property(_get_qclass_str) - - __swig_getmethods__["qname"] = _unboundmodule._get_qname - if _newclass:qname = _swig_property(_unboundmodule._get_qname) - - __swig_getmethods__["qname_list"] = _unboundmodule._get_qname_components - if _newclass:qname_list = _swig_property(_unboundmodule._get_qname_components) - - def _get_qname_str(self): return dnameAsStr(self.qname) - __swig_getmethods__["qname_str"] = _get_qname_str - if _newclass:qname_str = _swig_property(_get_qname_str) - %} -} - -/* ************************************************************************************ * - Structure packed_rrset_key - * ************************************************************************************ */ -%ignore packed_rrset_key::dname; -%ignore packed_rrset_key::dname_len; - -/* RRsets */ -struct packed_rrset_key { - %immutable; - char* dname; - size_t dname_len; - uint32_t flags; - uint16_t type; /* rrset type in network format */ - uint16_t rrset_class; /* rrset class in network format */ - %mutable; -}; - -/** - * This subroutine converts values between the host and network byte order. - * Specifically, ntohs() converts 16-bit quantities from network byte order to - * host byte order. - */ -uint16_t ntohs(uint16_t netshort); - -%inline %{ - PyObject* _get_dname(struct packed_rrset_key* k) { - return PyBytes_FromStringAndSize((char*)k->dname, k->dname_len); - } - PyObject* _get_dname_components(struct packed_rrset_key* k) { - return GetNameAsLabelList((char*)k->dname, k->dname_len); - } -%} - -%extend packed_rrset_key { - %pythoncode %{ - def _get_type_str(self): return sldns_wire2str_type(_unboundmodule.ntohs(self.type)) - __swig_getmethods__["type_str"] = _get_type_str - if _newclass:type_str = _swig_property(_get_type_str) - - def _get_class_str(self): return sldns_wire2str_class(_unboundmodule.ntohs(self.rrset_class)) - __swig_getmethods__["rrset_class_str"] = _get_class_str - if _newclass:rrset_class_str = _swig_property(_get_class_str) - - __swig_getmethods__["dname"] = _unboundmodule._get_dname - if _newclass:dname = _swig_property(_unboundmodule._get_dname) - - __swig_getmethods__["dname_list"] = _unboundmodule._get_dname_components - if _newclass:dname_list = _swig_property(_unboundmodule._get_dname_components) - - def _get_dname_str(self): return dnameAsStr(self.dname) - __swig_getmethods__["dname_str"] = _get_dname_str - if _newclass:dname_str = _swig_property(_get_dname_str) - %} -} - -#if defined(SWIGWORDSIZE64) -typedef long int rrset_id_type; -#else -typedef long long int rrset_id_type; -#endif - -struct ub_packed_rrset_key { - struct lruhash_entry entry; - rrset_id_type id; - struct packed_rrset_key rk; -}; - -struct lruhash_entry { - lock_rw_type lock; - struct lruhash_entry* overflow_next; - struct lruhash_entry* lru_next; - struct lruhash_entry* lru_prev; - hashvalue_type hash; - void* key; - struct packed_rrset_data* data; -}; - -%ignore packed_rrset_data::rr_len; -%ignore packed_rrset_data::rr_ttl; -%ignore packed_rrset_data::rr_data; - -struct packed_rrset_data { - /* TTL (in seconds like time()) */ - uint32_t ttl; - - /* number of rrs */ - size_t count; - /* number of rrsigs */ - size_t rrsig_count; - - enum rrset_trust trust; - enum sec_status security; - - /* length of every rr's rdata */ - size_t* rr_len; - /* ttl of every rr */ - uint32_t *rr_ttl; - /* array of pointers to every rr's rdata. The rr_data[i] rdata is stored in - * uncompressed wireformat. */ - uint8_t** rr_data; -}; - -%pythoncode %{ - class RRSetData_RRLen: - def __init__(self, obj): self.obj = obj - def __getitem__(self, index): return _unboundmodule._get_data_rr_len(self.obj, index) - def __len__(self): return obj.count + obj.rrsig_count - class RRSetData_RRTTL: - def __init__(self, obj): self.obj = obj - def __getitem__(self, index): return _unboundmodule._get_data_rr_ttl(self.obj, index) - def __setitem__(self, index, value): _unboundmodule._set_data_rr_ttl(self.obj, index, value) - def __len__(self): return obj.count + obj.rrsig_count - class RRSetData_RRData: - def __init__(self, obj): self.obj = obj - def __getitem__(self, index): return _unboundmodule._get_data_rr_data(self.obj, index) - def __len__(self): return obj.count + obj.rrsig_count -%} - -%inline %{ - PyObject* _get_data_rr_len(struct packed_rrset_data* d, int idx) { - if ((d != NULL) && (idx >= 0) && - ((size_t)idx < (d->count+d->rrsig_count))) - return PyInt_FromLong(d->rr_len[idx]); - return Py_None; - } - void _set_data_rr_ttl(struct packed_rrset_data* d, int idx, uint32_t ttl) - { - if ((d != NULL) && (idx >= 0) && - ((size_t)idx < (d->count+d->rrsig_count))) - d->rr_ttl[idx] = ttl; - } - PyObject* _get_data_rr_ttl(struct packed_rrset_data* d, int idx) { - if ((d != NULL) && (idx >= 0) && - ((size_t)idx < (d->count+d->rrsig_count))) - return PyInt_FromLong(d->rr_ttl[idx]); - return Py_None; - } - PyObject* _get_data_rr_data(struct packed_rrset_data* d, int idx) { - if ((d != NULL) && (idx >= 0) && - ((size_t)idx < (d->count+d->rrsig_count))) - return PyBytes_FromStringAndSize((char*)d->rr_data[idx], - d->rr_len[idx]); - return Py_None; - } -%} - -%extend packed_rrset_data { - %pythoncode %{ - def _get_data_rr_len(self): return RRSetData_RRLen(self) - __swig_getmethods__["rr_len"] = _get_data_rr_len - if _newclass:rr_len = _swig_property(_get_data_rr_len) - def _get_data_rr_ttl(self): return RRSetData_RRTTL(self) - __swig_getmethods__["rr_ttl"] =_get_data_rr_ttl - if _newclass:rr_len = _swig_property(_get_data_rr_ttl) - def _get_data_rr_data(self): return RRSetData_RRData(self) - __swig_getmethods__["rr_data"] = _get_data_rr_data - if _newclass:rr_len = _swig_property(_get_data_rr_data) - %} -} - -/* ************************************************************************************ * - Structure reply_info - * ************************************************************************************ */ -/* Messages */ -%ignore reply_info::rrsets; -%ignore reply_info::ref; - -struct reply_info { - uint16_t flags; - uint16_t qdcount; - uint32_t ttl; - uint32_t prefetch_ttl; - - uint16_t authoritative; - enum sec_status security; - - size_t an_numrrsets; - size_t ns_numrrsets; - size_t ar_numrrsets; - size_t rrset_count; /* an_numrrsets + ns_numrrsets + ar_numrrsets */ - - struct ub_packed_rrset_key** rrsets; - struct rrset_ref ref[1]; /* ? */ -}; - -struct rrset_ref { - struct ub_packed_rrset_key* key; - rrset_id_type id; -}; - -struct dns_msg { - struct query_info qinfo; - struct reply_info *rep; -}; - -%pythoncode %{ - class ReplyInfo_RRSet: - def __init__(self, obj): self.obj = obj - def __getitem__(self, index): return _unboundmodule._rrset_rrsets_get(self.obj, index) - def __len__(self): return obj.rrset_count - - class ReplyInfo_Ref: - def __init__(self, obj): self.obj = obj - def __getitem__(self, index): return _unboundmodule._rrset_ref_get(self.obj, index) - def __len__(self): return obj.rrset_count -%} - -%inline %{ - struct ub_packed_rrset_key* _rrset_rrsets_get(struct reply_info* r, int idx) { - if ((r != NULL) && (idx >= 0) && ((size_t)idx < r->rrset_count)) - return r->rrsets[idx]; - return NULL; - } - - struct rrset_ref* _rrset_ref_get(struct reply_info* r, int idx) { - if ((r != NULL) && (idx >= 0) && ((size_t)idx < r->rrset_count)) { -/* printf("_rrset_ref_get: %lX key:%lX\n", r->ref + idx, r->ref[idx].key); */ - return &(r->ref[idx]); -/* return &(r->ref[idx]); */ - } -/* printf("_rrset_ref_get: NULL\n"); */ - return NULL; - } -%} - -%extend reply_info { - %pythoncode %{ - def _rrset_ref_get(self): return ReplyInfo_Ref(self) - __swig_getmethods__["ref"] = _rrset_ref_get - if _newclass:ref = _swig_property(_rrset_ref_get) - - def _rrset_rrsets_get(self): return ReplyInfo_RRSet(self) - __swig_getmethods__["rrsets"] = _rrset_rrsets_get - if _newclass:rrsets = _swig_property(_rrset_rrsets_get) - %} -} - -/* ************************************************************************************ * - Structure mesh_state - * ************************************************************************************ */ -struct mesh_state { - struct mesh_reply* reply_list; -}; - -struct mesh_reply { - struct mesh_reply* next; - struct comm_reply query_reply; -}; - -struct comm_reply { - -}; - -%inline %{ - - PyObject* _comm_reply_addr_get(struct comm_reply* reply) { - char dest[64]; - reply_addr2str(reply, dest, 64); - if (dest[0] == 0) - return Py_None; - return PyBytes_FromString(dest); - } - - PyObject* _comm_reply_family_get(struct comm_reply* reply) { - - int af = (int)((struct sockaddr_in*) &(reply->addr))->sin_family; - - switch(af) { - case AF_INET: return PyBytes_FromString("ip4"); - case AF_INET6: return PyBytes_FromString("ip6"); - case AF_UNIX: return PyBytes_FromString("unix"); - } - - return Py_None; - } - - PyObject* _comm_reply_port_get(struct comm_reply* reply) { - uint16_t port; - port = ntohs(((struct sockaddr_in*)&(reply->addr))->sin_port); - return PyInt_FromLong(port); - } - -%} - -%extend comm_reply { - %pythoncode %{ - def _addr_get(self): return _comm_reply_addr_get(self) - __swig_getmethods__["addr"] = _addr_get - if _newclass:addr = _swig_property(_addr_get) - - def _port_get(self): return _comm_reply_port_get(self) - __swig_getmethods__["port"] = _port_get - if _newclass:port = _swig_property(_port_get) - - def _family_get(self): return _comm_reply_family_get(self) - __swig_getmethods__["family"] = _family_get - if _newclass:family = _swig_property(_family_get) - %} -} - -/* ************************************************************************************ * - Structure edns_option - * ************************************************************************************ */ -/* Rename the members to follow the python convention of marking them as - * private. Access to the opt_code and opt_data members is given by the later - * python defined code and data members respectively. */ -%rename(_next) edns_option::next; -%rename(_opt_code) edns_option::opt_code; -%rename(_opt_len) edns_option::opt_len; -%rename(_opt_data) edns_option::opt_data; -struct edns_option { - struct edns_option* next; - uint16_t opt_code; - size_t opt_len; - uint8_t* opt_data; -}; - -%inline %{ - PyObject* _edns_option_opt_code_get(struct edns_option* option) { - uint16_t opt_code = option->opt_code; - return PyInt_FromLong(opt_code); - } - - PyObject* _edns_option_opt_data_get(struct edns_option* option) { - return PyByteArray_FromStringAndSize((void*)option->opt_data, - option->opt_len); - } -%} -%extend edns_option { - %pythoncode %{ - def _opt_code_get(self): return _edns_option_opt_code_get(self) - __swig_getmethods__["code"] = _opt_code_get - if _newclass: opt_code = _swig_property(_opt_code_get) - - def _opt_data_get(self): return _edns_option_opt_data_get(self) - __swig_getmethods__["data"] = _opt_data_get - if _newclass: opt_data = _swig_property(_opt_data_get) - %} -} - -/* ************************************************************************************ * - Structure edns_data - * ************************************************************************************ */ -/* This is ignored because we will pass a double pointer of this to Python - * with custom getmethods. This is done to bypass Swig's behavior to pass NULL - * pointers as None. */ -%ignore edns_data::opt_list; -struct edns_data { - int edns_present; - uint8_t ext_rcode; - uint8_t edns_version; - uint16_t bits; - uint16_t udp_size; - struct edns_option* opt_list; -}; -%inline %{ - struct edns_option** _edns_data_opt_list_get(struct edns_data* edns) { - return &edns->opt_list; - } -%} -%extend edns_data { - %pythoncode %{ - def _opt_list_iter(self): return EdnsOptsListIter(self.opt_list) - __swig_getmethods__["opt_list_iter"] = _opt_list_iter - if _newclass:opt_list_iter = _swig_property(_opt_list_iter) - def _opt_list(self): return _edns_data_opt_list_get(self) - __swig_getmethods__["opt_list"] = _opt_list - if _newclass:opt_list = _swig_property(_opt_list) - %} -} - -/* ************************************************************************************ * - Structure module_env - * ************************************************************************************ */ -struct module_env { - struct config_file* cfg; - struct slabhash* msg_cache; - struct rrset_cache* rrset_cache; - struct infra_cache* infra_cache; - struct key_cache* key_cache; - - /* --- services --- */ - struct outbound_entry* (*send_query)(struct query_info* qinfo, - uint16_t flags, int dnssec, int want_dnssec, int nocaps, - struct sockaddr_storage* addr, socklen_t addrlen, - uint8_t* zone, size_t zonelen, int ssl_upstream, - struct module_qstate* q); - void (*detach_subs)(struct module_qstate* qstate); - int (*attach_sub)(struct module_qstate* qstate, - struct query_info* qinfo, uint16_t qflags, int prime, - int valrec, struct module_qstate** newq); - void (*kill_sub)(struct module_qstate* newq); - int (*detect_cycle)(struct module_qstate* qstate, - struct query_info* qinfo, uint16_t flags, int prime, - int valrec); - - struct regional* scratch; - struct sldns_buffer* scratch_buffer; - struct worker* worker; - struct mesh_area* mesh; - struct alloc_cache* alloc; - struct ub_randstate* rnd; - time_t* now; - struct timeval* now_tv; - int need_to_validate; - struct val_anchors* anchors; - struct val_neg_cache* neg_cache; - struct comm_timer* probe_timer; - struct iter_forwards* fwds; - struct iter_hints* hints; - void* modinfo[MAX_MODULE]; - - void* inplace_cb_lists[inplace_cb_types_total]; - struct edns_known_option* edns_known_options; - size_t edns_known_options_num; -}; - -/* ************************************************************************************ * - Structure module_qstate - * ************************************************************************************ */ -%ignore module_qstate::ext_state; -%ignore module_qstate::minfo; - -/* These are ignored because we will pass a double pointer of them to Python - * with custom getmethods. This is done to bypass Swig's behavior to pass NULL - * pointers as None. */ -%ignore module_qstate::edns_opts_front_in; -%ignore module_qstate::edns_opts_back_out; -%ignore module_qstate::edns_opts_back_in; -%ignore module_qstate::edns_opts_front_out; - -/* Query state */ -struct module_qstate { - struct query_info qinfo; - uint16_t query_flags; /* See QF_BIT_xx constants */ - int is_priming; - int is_valrec; - - struct comm_reply* reply; - struct dns_msg* return_msg; - int return_rcode; - struct regional* region; /* unwrapped */ - - int curmod; - - enum module_ext_state ext_state[MAX_MODULE]; - void* minfo[MAX_MODULE]; - time_t prefetch_leeway; - - struct module_env* env; /* unwrapped */ - struct mesh_state* mesh_info; - - struct edns_option* edns_opts_front_in; - struct edns_option* edns_opts_back_out; - struct edns_option* edns_opts_back_in; - struct edns_option* edns_opts_front_out; - int no_cache_lookup; - int no_cache_store; -}; - -%constant int MODULE_COUNT = MAX_MODULE; - -%constant int QF_BIT_CD = 0x0010; -%constant int QF_BIT_AD = 0x0020; -%constant int QF_BIT_Z = 0x0040; -%constant int QF_BIT_RA = 0x0080; -%constant int QF_BIT_RD = 0x0100; -%constant int QF_BIT_TC = 0x0200; -%constant int QF_BIT_AA = 0x0400; -%constant int QF_BIT_QR = 0x8000; - -%inline %{ - enum enum_return_rcode { - RCODE_NOERROR = 0, - RCODE_FORMERR = 1, - RCODE_SERVFAIL = 2, - RCODE_NXDOMAIN = 3, - RCODE_NOTIMPL = 4, - RCODE_REFUSED = 5, - RCODE_YXDOMAIN = 6, - RCODE_YXRRSET = 7, - RCODE_NXRRSET = 8, - RCODE_NOTAUTH = 9, - RCODE_NOTZONE = 10 - }; -%} - -%pythoncode %{ - class ExtState: - def __init__(self, obj): self.obj = obj - def __str__(self): - return ", ".join([_unboundmodule.strextstate(_unboundmodule._ext_state_get(self.obj,a)) for a in range(0, _unboundmodule.MODULE_COUNT)]) - def __getitem__(self, index): return _unboundmodule._ext_state_get(self.obj, index) - def __setitem__(self, index, value): _unboundmodule._ext_state_set(self.obj, index, value) - def __len__(self): return _unboundmodule.MODULE_COUNT - - class EdnsOptsListIter: - def __init__(self, obj): - self._current = obj - self._temp = None - def __iter__(self): return self - def __next__(self): - """Python 3 compatibility""" - return self._get_next() - def next(self): - """Python 2 compatibility""" - return self._get_next() - def _get_next(self): - if not edns_opt_list_is_empty(self._current): - self._temp = self._current - self._current = _p_p_edns_option_get_next(self._current) - return _dereference_edns_option(self._temp) - else: - raise StopIteration -%} - -%inline %{ - enum module_ext_state _ext_state_get(struct module_qstate* q, int idx) { - if ((q != NULL) && (idx >= 0) && (idx < MAX_MODULE)) { - return q->ext_state[idx]; - } - return 0; - } - - void _ext_state_set(struct module_qstate* q, int idx, enum module_ext_state state) { - if ((q != NULL) && (idx >= 0) && (idx < MAX_MODULE)) { - q->ext_state[idx] = state; - } - } - - int edns_opt_list_is_empty(struct edns_option** opt) { - if (!opt || !(*opt)) return 1; - return 0; - } - - struct edns_option* _dereference_edns_option(struct edns_option** opt) { - if (!opt) return NULL; - return *opt; - } - - struct edns_option** _p_p_edns_option_get_next(struct edns_option** opt) { - return &(*opt)->next; - } - - struct edns_option** _edns_opts_front_in_get(struct module_qstate* q) { - return &q->edns_opts_front_in; - } - - struct edns_option** _edns_opts_back_out_get(struct module_qstate* q) { - return &q->edns_opts_back_out; - } - - struct edns_option** _edns_opts_back_in_get(struct module_qstate* q) { - return &q->edns_opts_back_in; - } - - struct edns_option** _edns_opts_front_out_get(struct module_qstate* q) { - return &q->edns_opts_front_out; - } -%} - -%extend module_qstate { - %pythoncode %{ - def set_ext_state(self, id, state): - """Sets the ext state""" - _unboundmodule._ext_state_set(self, id, state) - - def __ext_state_get(self): return ExtState(self) - __swig_getmethods__["ext_state"] = __ext_state_get - if _newclass:ext_state = _swig_property(__ext_state_get)#, __ext_state_set) - - def _edns_opts_front_in_iter(self): return EdnsOptsListIter(self.edns_opts_front_in) - __swig_getmethods__["edns_opts_front_in_iter"] = _edns_opts_front_in_iter - if _newclass:edns_opts_front_in_iter = _swig_property(_edns_opts_front_in_iter) - def _edns_opts_back_out_iter(self): return EdnsOptsListIter(self.edns_opts_back_out) - __swig_getmethods__["edns_opts_back_out_iter"] = _edns_opts_back_out_iter - if _newclass:edns_opts_back_out_iter = _swig_property(_edns_opts_back_out_iter) - def _edns_opts_back_in_iter(self): return EdnsOptsListIter(self.edns_opts_back_in) - __swig_getmethods__["edns_opts_back_in_iter"] = _edns_opts_back_in_iter - if _newclass:edns_opts_back_in_iter = _swig_property(_edns_opts_back_in_iter) - def _edns_opts_front_out_iter(self): return EdnsOptsListIter(self.edns_opts_front_out) - __swig_getmethods__["edns_opts_front_out_iter"] = _edns_opts_front_out_iter - if _newclass:edns_opts_front_out_iter = _swig_property(_edns_opts_front_out_iter) - - def _edns_opts_front_in(self): return _edns_opts_front_in_get(self) - __swig_getmethods__["edns_opts_front_in"] = _edns_opts_front_in - if _newclass:edns_opts_front_in = _swig_property(_edns_opts_front_in) - def _edns_opts_back_out(self): return _edns_opts_back_out_get(self) - __swig_getmethods__["edns_opts_back_out"] = _edns_opts_back_out - if _newclass:edns_opts_back_out = _swig_property(_edns_opts_back_out) - def _edns_opts_back_in(self): return _edns_opts_back_in_get(self) - __swig_getmethods__["edns_opts_back_in"] = _edns_opts_back_in - if _newclass:edns_opts_back_in = _swig_property(_edns_opts_back_in) - def _edns_opts_front_out(self): return _edns_opts_front_out_get(self) - __swig_getmethods__["edns_opts_front_out"] = _edns_opts_front_out - if _newclass:edns_opts_front_out = _swig_property(_edns_opts_front_out) - %} -} - -/* ************************************************************************************ * - Structure config_strlist - * ************************************************************************************ */ -struct config_strlist { - struct config_strlist* next; - char* str; -}; - -/* ************************************************************************************ * - Structure config_str2list - * ************************************************************************************ */ -struct config_str2list { - struct config_str2list* next; - char* str; - char* str2; -}; - -/* ************************************************************************************ * - Structure config_file - * ************************************************************************************ */ -struct config_file { - int verbosity; - int stat_interval; - int stat_cumulative; - int stat_extended; - int num_threads; - int port; - int do_ip4; - int do_ip6; - int do_udp; - int do_tcp; - int outgoing_num_ports; - size_t outgoing_num_tcp; - size_t incoming_num_tcp; - int* outgoing_avail_ports; - size_t msg_buffer_size; - size_t msg_cache_size; - size_t msg_cache_slabs; - size_t num_queries_per_thread; - size_t jostle_time; - size_t rrset_cache_size; - size_t rrset_cache_slabs; - int host_ttl; - size_t infra_cache_slabs; - size_t infra_cache_numhosts; - char* target_fetch_policy; - int if_automatic; - int num_ifs; - char **ifs; - int num_out_ifs; - char **out_ifs; - struct config_strlist* root_hints; - struct config_stub* stubs; - struct config_stub* forwards; - struct config_strlist* donotqueryaddrs; - struct config_str2list* acls; - int donotquery_localhost; - int harden_short_bufsize; - int harden_large_queries; - int harden_glue; - int harden_dnssec_stripped; - int harden_referral_path; - int use_caps_bits_for_id; - struct config_strlist* private_address; - struct config_strlist* private_domain; - size_t unwanted_threshold; - char* chrootdir; - char* username; - char* directory; - char* logfile; - char* pidfile; - int use_syslog; - int hide_identity; - int hide_version; - char* identity; - char* version; - char* module_conf; - struct config_strlist* trust_anchor_file_list; - struct config_strlist* trust_anchor_list; - struct config_strlist* trusted_keys_file_list; - char* dlv_anchor_file; - struct config_strlist* dlv_anchor_list; - int max_ttl; - int32_t val_date_override; - int bogus_ttl; - int val_clean_additional; - int val_permissive_mode; - char* val_nsec3_key_iterations; - size_t key_cache_size; - size_t key_cache_slabs; - size_t neg_cache_size; - struct config_str2list* local_zones; - struct config_strlist* local_zones_nodefault; - struct config_strlist* local_data; - int remote_control_enable; - struct config_strlist* control_ifs; - int control_port; - char* server_key_file; - char* server_cert_file; - char* control_key_file; - char* control_cert_file; - int do_daemonize; - char* python_script; -}; - -/* ************************************************************************************ * - ASN: Adding structures related to forwards_lookup and dns_cache_find_delegation - * ************************************************************************************ */ -struct delegpt_ns { - struct delegpt_ns* next; - int resolved; - uint8_t got4; - uint8_t got6; - uint8_t lame; - uint8_t done_pside4; - uint8_t done_pside6; -}; - -struct delegpt_addr { - struct delegpt_addr* next_result; - struct delegpt_addr* next_usable; - struct delegpt_addr* next_target; - int attempts; - int sel_rtt; - int bogus; - int lame; -}; - -struct delegpt { - int namelabs; - struct delegpt_ns* nslist; - struct delegpt_addr* target_list; - struct delegpt_addr* usable_list; - struct delegpt_addr* result_list; - int bogus; - uint8_t has_parent_side_NS; - uint8_t dp_type_mlc; -}; - - -%inline %{ - PyObject* _get_dp_dname(struct delegpt* dp) { - return PyBytes_FromStringAndSize((char*)dp->name, dp->namelen); - } - PyObject* _get_dp_dname_components(struct delegpt* dp) { - return GetNameAsLabelList((char*)dp->name, dp->namelen); - } - PyObject* _get_dpns_dname(struct delegpt_ns* dpns) { - return PyBytes_FromStringAndSize((char*)dpns->name, dpns->namelen); - } - PyObject* _get_dpns_dname_components(struct delegpt_ns* dpns) { - return GetNameAsLabelList((char*)dpns->name, dpns->namelen); - } - - PyObject* _delegpt_addr_addr_get(struct delegpt_addr* target) { - char dest[64]; - delegpt_addr_addr2str(target, dest, 64); - if (dest[0] == 0) - return Py_None; - return PyBytes_FromString(dest); - } - -%} - -%extend delegpt { - %pythoncode %{ - __swig_getmethods__["dname"] = _unboundmodule._get_dp_dname - if _newclass:dname = _swig_property(_unboundmodule._get_dp_dname) - - __swig_getmethods__["dname_list"] = _unboundmodule._get_dp_dname_components - if _newclass:dname_list = _swig_property(_unboundmodule._get_dp_dname_components) - - def _get_dname_str(self): return dnameAsStr(self.dname) - __swig_getmethods__["dname_str"] = _get_dname_str - if _newclass:dname_str = _swig_property(_get_dname_str) - %} -} -%extend delegpt_ns { - %pythoncode %{ - __swig_getmethods__["dname"] = _unboundmodule._get_dpns_dname - if _newclass:dname = _swig_property(_unboundmodule._get_dpns_dname) - - __swig_getmethods__["dname_list"] = _unboundmodule._get_dpns_dname_components - if _newclass:dname_list = _swig_property(_unboundmodule._get_dpns_dname_components) - - def _get_dname_str(self): return dnameAsStr(self.dname) - __swig_getmethods__["dname_str"] = _get_dname_str - if _newclass:dname_str = _swig_property(_get_dname_str) - %} -} -%extend delegpt_addr { - %pythoncode %{ - def _addr_get(self): return _delegpt_addr_addr_get(self) - __swig_getmethods__["addr"] = _addr_get - if _newclass:addr = _swig_property(_addr_get) - %} -} - -/* ************************************************************************************ * - Enums - * ************************************************************************************ */ -%rename ("MODULE_STATE_INITIAL") "module_state_initial"; -%rename ("MODULE_WAIT_REPLY") "module_wait_reply"; -%rename ("MODULE_WAIT_MODULE") "module_wait_module"; -%rename ("MODULE_WAIT_SUBQUERY") "module_wait_subquery"; -%rename ("MODULE_ERROR") "module_error"; -%rename ("MODULE_FINISHED") "module_finished"; - -enum module_ext_state { - module_state_initial = 0, - module_wait_reply, - module_wait_module, - module_wait_subquery, - module_error, - module_finished -}; - -%rename ("MODULE_EVENT_NEW") "module_event_new"; -%rename ("MODULE_EVENT_PASS") "module_event_pass"; -%rename ("MODULE_EVENT_REPLY") "module_event_reply"; -%rename ("MODULE_EVENT_NOREPLY") "module_event_noreply"; -%rename ("MODULE_EVENT_CAPSFAIL") "module_event_capsfail"; -%rename ("MODULE_EVENT_MODDONE") "module_event_moddone"; -%rename ("MODULE_EVENT_ERROR") "module_event_error"; - -enum module_ev { - module_event_new = 0, - module_event_pass, - module_event_reply, - module_event_noreply, - module_event_capsfail, - module_event_moddone, - module_event_error -}; - -enum sec_status { - sec_status_unchecked = 0, - sec_status_bogus, - sec_status_indeterminate, - sec_status_insecure, - sec_status_secure -}; - -enum verbosity_value { - NO_VERBOSE = 0, - VERB_OPS, - VERB_DETAIL, - VERB_QUERY, - VERB_ALGO -}; - -enum inplace_cb_list_type { - /* Inplace callbacks for when a resolved reply is ready to be sent to the - * front.*/ - inplace_cb_reply = 0, - /* Inplace callbacks for when a reply is given from the cache. */ - inplace_cb_reply_cache, - /* Inplace callbacks for when a reply is given with local data - * (or Chaos reply). */ - inplace_cb_reply_local, - /* Inplace callbacks for when the reply is servfail. */ - inplace_cb_reply_servfail, - /* Inplace callbacks for when a query is ready to be sent to the back.*/ - inplace_cb_query, - /* Inplace callback for when a reply is received from the back. */ - inplace_cb_edns_back_parsed, - /* Total number of types. Used for array initialization. - * Should always be last. */ - inplace_cb_types_total -}; - -%constant uint16_t PKT_QR = 1; /* QueRy - query flag */ -%constant uint16_t PKT_AA = 2; /* Authoritative Answer - server flag */ -%constant uint16_t PKT_TC = 4; /* TrunCated - server flag */ -%constant uint16_t PKT_RD = 8; /* Recursion Desired - query flag */ -%constant uint16_t PKT_CD = 16; /* Checking Disabled - query flag */ -%constant uint16_t PKT_RA = 32; /* Recursion Available - server flag */ -%constant uint16_t PKT_AD = 64; /* Authenticated Data - server flag */ - -%{ -int checkList(PyObject *l) -{ - PyObject* item; - int i; - - if (l == Py_None) - return 1; - - if (PyList_Check(l)) - { - for (i=0; i < PyList_Size(l); i++) - { - item = PyList_GetItem(l, i); - if (!PyBytes_Check(item)) - return 0; - } - return 1; - } - - return 0; -} - -int pushRRList(sldns_buffer* qb, PyObject *l, uint32_t default_ttl, int qsec, - size_t count_offset) -{ - PyObject* item; - int i; - size_t len; - - for (i=0; i < PyList_Size(l); i++) - { - item = PyList_GetItem(l, i); - - len = sldns_buffer_remaining(qb); - if(qsec) { - if(sldns_str2wire_rr_question_buf(PyBytes_AsString(item), - sldns_buffer_current(qb), &len, NULL, NULL, 0, NULL, 0) - != 0) - return 0; - } else { - if(sldns_str2wire_rr_buf(PyBytes_AsString(item), - sldns_buffer_current(qb), &len, NULL, default_ttl, - NULL, 0, NULL, 0) != 0) - return 0; - } - sldns_buffer_skip(qb, len); - - sldns_buffer_write_u16_at(qb, count_offset, - sldns_buffer_read_u16_at(qb, count_offset)+1); - } - return 1; -} - -int set_return_msg(struct module_qstate* qstate, - const char* rr_name, sldns_rr_type rr_type, sldns_rr_class rr_class , uint16_t flags, uint32_t default_ttl, - PyObject* question, PyObject* answer, PyObject* authority, PyObject* additional) -{ - sldns_buffer *qb = 0; - int res = 1; - size_t l; - uint16_t PKT_QR = 1; - uint16_t PKT_AA = 2; - uint16_t PKT_TC = 4; - uint16_t PKT_RD = 8; - uint16_t PKT_CD = 16; - uint16_t PKT_RA = 32; - uint16_t PKT_AD = 64; - - if ((!checkList(question)) || (!checkList(answer)) || (!checkList(authority)) || (!checkList(additional))) - return 0; - if ((qb = sldns_buffer_new(LDNS_RR_BUF_SIZE)) == 0) return 0; - - /* write header */ - sldns_buffer_write_u16(qb, 0); /* ID */ - sldns_buffer_write_u16(qb, 0); /* flags */ - sldns_buffer_write_u16(qb, 1); /* qdcount */ - sldns_buffer_write_u16(qb, 0); /* ancount */ - sldns_buffer_write_u16(qb, 0); /* nscount */ - sldns_buffer_write_u16(qb, 0); /* arcount */ - if ((flags&PKT_QR)) LDNS_QR_SET(sldns_buffer_begin(qb)); - if ((flags&PKT_AA)) LDNS_AA_SET(sldns_buffer_begin(qb)); - if ((flags&PKT_TC)) LDNS_TC_SET(sldns_buffer_begin(qb)); - if ((flags&PKT_RD)) LDNS_RD_SET(sldns_buffer_begin(qb)); - if ((flags&PKT_CD)) LDNS_CD_SET(sldns_buffer_begin(qb)); - if ((flags&PKT_RA)) LDNS_RA_SET(sldns_buffer_begin(qb)); - if ((flags&PKT_AD)) LDNS_AD_SET(sldns_buffer_begin(qb)); - - /* write the query */ - l = sldns_buffer_remaining(qb); - if(sldns_str2wire_dname_buf(rr_name, sldns_buffer_current(qb), &l) != 0) { - sldns_buffer_free(qb); - return 0; - } - sldns_buffer_skip(qb, l); - if (rr_type == 0) { rr_type = LDNS_RR_TYPE_A; } - if (rr_class == 0) { rr_class = LDNS_RR_CLASS_IN; } - sldns_buffer_write_u16(qb, rr_type); - sldns_buffer_write_u16(qb, rr_class); - - /* write RR sections */ - if(res && !pushRRList(qb, question, default_ttl, 1, LDNS_QDCOUNT_OFF)) - res = 0; - if(res && !pushRRList(qb, answer, default_ttl, 0, LDNS_ANCOUNT_OFF)) - res = 0; - if(res && !pushRRList(qb, authority, default_ttl, 0, LDNS_NSCOUNT_OFF)) - res = 0; - if(res && !pushRRList(qb, additional, default_ttl, 0, LDNS_ARCOUNT_OFF)) - res = 0; - - if (res) res = createResponse(qstate, qb); - - if (qb) sldns_buffer_free(qb); - return res; -} -%} - -int set_return_msg(struct module_qstate* qstate, - const char* rr_name, int rr_type, int rr_class , uint16_t flags, uint32_t default_ttl, - PyObject* question, PyObject* answer, PyObject* authority, PyObject* additional); - -%pythoncode %{ - class DNSMessage: - def __init__(self, rr_name, rr_type, rr_class = RR_CLASS_IN, query_flags = 0, default_ttl = 0): - """Query flags is a combination of PKT_xx contants""" - self.rr_name = rr_name - self.rr_type = rr_type - self.rr_class = rr_class - self.default_ttl = default_ttl - self.query_flags = query_flags - self.question = [] - self.answer = [] - self.authority = [] - self.additional = [] - - def set_return_msg(self, qstate): - """Returns 1 if OK""" - status = _unboundmodule.set_return_msg(qstate, self.rr_name, self.rr_type, self.rr_class, - self.query_flags, self.default_ttl, - self.question, self.answer, self.authority, self.additional) - - if (status) and (PKT_AA & self.query_flags): - qstate.return_msg.rep.authoritative = 1 - - return status - -%} -/* ************************************************************************************ * - ASN: Delegation pointer related functions - * ************************************************************************************ */ - -/* Functions which we will need to lookup delegations */ -struct delegpt* dns_cache_find_delegation(struct module_env* env, - uint8_t* qname, size_t qnamelen, uint16_t qtype, uint16_t qclass, - struct regional* region, struct dns_msg** msg, uint32_t timenow); -int iter_dp_is_useless(struct query_info* qinfo, uint16_t qflags, - struct delegpt* dp); -struct iter_hints_stub* hints_lookup_stub(struct iter_hints* hints, - uint8_t* qname, uint16_t qclass, struct delegpt* dp); - -/* Custom function to perform logic similar to the one in daemon/cachedump.c */ -struct delegpt* find_delegation(struct module_qstate* qstate, char *nm, size_t nmlen); - -%{ -#define BIT_RD 0x100 - -struct delegpt* find_delegation(struct module_qstate* qstate, char *nm, size_t nmlen) -{ - struct delegpt *dp; - struct dns_msg *msg = NULL; - struct regional* region = qstate->env->scratch; - char b[260]; - struct query_info qinfo; - struct iter_hints_stub* stub; - uint32_t timenow = *qstate->env->now; - - regional_free_all(region); - qinfo.qname = (uint8_t*)nm; - qinfo.qname_len = nmlen; - qinfo.qtype = LDNS_RR_TYPE_A; - qinfo.qclass = LDNS_RR_CLASS_IN; - - while(1) { - dp = dns_cache_find_delegation(qstate->env, (uint8_t*)nm, nmlen, qinfo.qtype, qinfo.qclass, region, &msg, timenow); - if(!dp) - return NULL; - if(iter_dp_is_useless(&qinfo, BIT_RD, dp)) { - if (dname_is_root((uint8_t*)nm)) - return NULL; - nm = (char*)dp->name; - nmlen = dp->namelen; - dname_remove_label((uint8_t**)&nm, &nmlen); - dname_str((uint8_t*)nm, b); - continue; - } - stub = hints_lookup_stub(qstate->env->hints, qinfo.qname, qinfo.qclass, dp); - if (stub) { - return stub->dp; - } else { - return dp; - } - } - return NULL; -} -%} - -/* ************************************************************************************ * - Functions - * ************************************************************************************ */ -/****************************** - * Various debuging functions * - ******************************/ -void verbose(enum verbosity_value level, const char* format, ...); -void log_info(const char* format, ...); -void log_err(const char* format, ...); -void log_warn(const char* format, ...); -void log_hex(const char* msg, void* data, size_t length); -void log_dns_msg(const char* str, struct query_info* qinfo, struct reply_info* rep); -void log_query_info(enum verbosity_value v, const char* str, struct query_info* qinf); -void regional_log_stats(struct regional *r); - -/*************************************************************************** - * Free allocated memory from marked sources returning corresponding types * - ***************************************************************************/ -%typemap(newfree, noblock = 1) char * { - free($1); -} - -/*************************************************** - * Mark as source returning newly allocated memory * - ***************************************************/ -%newobject sldns_wire2str_type; -%newobject sldns_wire2str_class; - -/****************** - * LDNS functions * - ******************/ -char *sldns_wire2str_type(const uint16_t atype); -char *sldns_wire2str_class(const uint16_t aclass); - -/********************************** - * Functions from pythonmod_utils * - **********************************/ -int storeQueryInCache(struct module_qstate* qstate, struct query_info* qinfo, struct reply_info* msgrep, int is_referral); -void invalidateQueryInCache(struct module_qstate* qstate, struct query_info* qinfo); - -/******************************* - * Module conversion functions * - *******************************/ -const char* strextstate(enum module_ext_state s); -const char* strmodulevent(enum module_ev e); - -/************************** - * Edns related functions * - **************************/ -struct edns_option* edns_opt_list_find(struct edns_option* list, uint16_t code); -int edns_register_option(uint16_t opt_code, int bypass_cache_stage, - int no_aggregation, struct module_env* env); - -%pythoncode %{ - def register_edns_option(env, code, bypass_cache_stage=False, - no_aggregation=False): - """Wrapper function to provide keyword attributes.""" - return edns_register_option(code, bypass_cache_stage, - no_aggregation, env) -%} - -/****************************** - * Callback related functions * - ******************************/ -/* typemap to check if argument is callable */ -%typemap(in) PyObject *py_cb { - if (!PyCallable_Check($input)) { - SWIG_exception_fail(SWIG_TypeError, "Need a callable object!"); - return NULL; - } - $1 = $input; -} -/* typemap to get content/size from a bytearray */ -%typemap(in) (size_t len, uint8_t* py_bytearray_data) { - if (!PyByteArray_CheckExact($input)) { - SWIG_exception_fail(SWIG_TypeError, "Expected bytearray!"); - return NULL; - } - $2 = (void*)PyByteArray_AsString($input); - $1 = PyByteArray_Size($input); -} - -int edns_opt_list_remove(struct edns_option** list, uint16_t code); -int edns_opt_list_append(struct edns_option** list, uint16_t code, size_t len, - uint8_t* py_bytearray_data, struct regional* region); - -%{ - /* This function is called by unbound in order to call the python - * callback function. */ - int python_inplace_cb_reply_generic(struct query_info* qinfo, - struct module_qstate* qstate, struct reply_info* rep, int rcode, - struct edns_data* edns, struct edns_option** opt_list_out, - struct regional* region, int id, void* python_callback) - { - PyObject *func, *py_edns, *py_qstate, *py_opt_list_out, *py_qinfo; - PyObject *py_rep, *py_region; - PyObject *result; - int res = 0; - - PyGILState_STATE gstate = PyGILState_Ensure(); - func = (PyObject *) python_callback; - py_edns = SWIG_NewPointerObj((void*) edns, SWIGTYPE_p_edns_data, 0); - py_qstate = SWIG_NewPointerObj((void*) qstate, - SWIGTYPE_p_module_qstate, 0); - py_opt_list_out = SWIG_NewPointerObj((void*) opt_list_out, - SWIGTYPE_p_p_edns_option, 0); - py_qinfo = SWIG_NewPointerObj((void*) qinfo, SWIGTYPE_p_query_info, 0); - py_rep = SWIG_NewPointerObj((void*) rep, SWIGTYPE_p_reply_info, 0); - py_region = SWIG_NewPointerObj((void*) region, SWIGTYPE_p_regional, 0); - result = PyObject_CallFunction(func, "OOOiOOO", py_qinfo, py_qstate, - py_rep, rcode, py_edns, py_opt_list_out, py_region); - Py_XDECREF(py_edns); - Py_XDECREF(py_qstate); - Py_XDECREF(py_opt_list_out); - Py_XDECREF(py_qinfo); - Py_XDECREF(py_rep); - Py_XDECREF(py_region); - if (result) { - res = PyInt_AsLong(result); - } - Py_XDECREF(result); - PyGILState_Release(gstate); - return res; - } - - /* register a callback */ - static int python_inplace_cb_register(enum inplace_cb_list_type type, - PyObject* py_cb, struct module_env* env, int id) - { - int ret = inplace_cb_register(python_inplace_cb_reply_generic, - type, (void*) py_cb, env, id); - if (ret) Py_INCREF(py_cb); - return ret; - } - - /* Swig implementations for Python */ - static int register_inplace_cb_reply(PyObject* py_cb, - struct module_env* env, int id) - { - return python_inplace_cb_register(inplace_cb_reply, py_cb, env, id); - } - static int register_inplace_cb_reply_cache(PyObject* py_cb, - struct module_env* env, int id) - { - return python_inplace_cb_register(inplace_cb_reply_cache, py_cb, env, id); - } - static int register_inplace_cb_reply_local(PyObject* py_cb, - struct module_env* env, int id) - { - return python_inplace_cb_register(inplace_cb_reply_local, py_cb, env, id); - } - static int register_inplace_cb_reply_servfail(PyObject* py_cb, - struct module_env* env, int id) - { - return python_inplace_cb_register(inplace_cb_reply_servfail, - py_cb, env, id); - } -%} -/* C declarations */ -int inplace_cb_register(void* cb, enum inplace_cb_list_type type, void* cbarg, - struct module_env* env, int id); - -/* Swig declarations */ -static int register_inplace_cb_reply(PyObject* py_cb, - struct module_env* env, int id); -static int register_inplace_cb_reply_cache(PyObject* py_cb, - struct module_env* env, int id); -static int register_inplace_cb_reply_local(PyObject* py_cb, - struct module_env* env, int id); -static int register_inplace_cb_reply_servfail(PyObject* py_cb, - struct module_env* env, int id); diff --git a/external/unbound/pythonmod/pythonmod.c b/external/unbound/pythonmod/pythonmod.c deleted file mode 100644 index dde7e54b2..000000000 --- a/external/unbound/pythonmod/pythonmod.c +++ /dev/null @@ -1,411 +0,0 @@ -/* - * pythonmod.c: unbound module C wrapper - * - * Copyright (c) 2009, Zdenek Vasicek (vasicek AT fit.vutbr.cz) - * Marek Vavrusa (xvavru00 AT stud.fit.vutbr.cz) - * - * This software is open source. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above copyright notice, - * this list of conditions and the following disclaimer. - * - * * Redistributions in binary form must reproduce the above copyright notice, - * this list of conditions and the following disclaimer in the documentation - * and/or other materials provided with the distribution. - * - * * Neither the name of the organization nor the names of its - * contributors may be used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED - * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE - * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR - * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - * POSSIBILITY OF SUCH DAMAGE. - */ -/** - * \file - * Python module for unbound. Calls python script. - */ - -/* ignore the varargs unused warning from SWIGs internal vararg support */ -#ifdef __GNUC__ -#pragma GCC diagnostic ignored "-Wunused-parameter" -#pragma GCC diagnostic ignored "-Wunused-but-set-variable" -#endif - -#include "config.h" -#include "sldns/sbuffer.h" - -#undef _POSIX_C_SOURCE -#undef _XOPEN_SOURCE -#include - -#include "pythonmod/pythonmod.h" -#include "util/module.h" -#include "util/config_file.h" -#include "pythonmod_utils.h" - -#ifdef S_SPLINT_S -typedef struct PyObject PyObject; -typedef struct PyThreadState PyThreadState; -typedef void* PyGILState_STATE; -#endif - -/** - * Global state for the module. - */ -struct pythonmod_env { - - /** Python script filename. */ - const char* fname; - - /** Python main thread */ - PyThreadState* mainthr; - /** Python module. */ - PyObject* module; - - /** Module init function */ - PyObject* func_init; - /** Module deinit function */ - PyObject* func_deinit; - /** Module operate function */ - PyObject* func_operate; - /** Module super_inform function */ - PyObject* func_inform; - - /** Python dictionary. */ - PyObject* dict; - - /** Module data. */ - PyObject* data; - - /** Module qstate. */ - struct module_qstate* qstate; -}; - -/** - * Per query state for the iterator module. - */ -struct pythonmod_qstate { - - /** Module per query data. */ - PyObject* data; -}; - -/* Generated */ -#ifndef S_SPLINT_S -#include "pythonmod/interface.h" -#endif - -int pythonmod_init(struct module_env* env, int id) -{ - /* Initialize module */ - FILE* script_py = NULL; - PyObject* py_init_arg, *res; - PyGILState_STATE gil; - int init_standard = 1; - - struct pythonmod_env* pe = (struct pythonmod_env*)calloc(1, sizeof(struct pythonmod_env)); - if (!pe) - { - log_err("pythonmod: malloc failure"); - return 0; - } - - env->modinfo[id] = (void*) pe; - - /* Initialize module */ - pe->fname = env->cfg->python_script; - if(pe->fname==NULL || pe->fname[0]==0) { - log_err("pythonmod: no script given."); - return 0; - } - - /* Initialize Python libraries */ - if (!Py_IsInitialized()) - { -#if PY_MAJOR_VERSION >= 3 - wchar_t progname[8]; - mbstowcs(progname, "unbound", 8); -#else - char *progname = "unbound"; -#endif - Py_SetProgramName(progname); - Py_NoSiteFlag = 1; -#if PY_MAJOR_VERSION >= 3 - PyImport_AppendInittab(SWIG_name, (void*)SWIG_init); -#endif - Py_Initialize(); - PyEval_InitThreads(); - SWIG_init(); - pe->mainthr = PyEval_SaveThread(); - } - - gil = PyGILState_Ensure(); - - /* Initialize Python */ - PyRun_SimpleString("import sys \n"); - PyRun_SimpleString("sys.path.append('.') \n"); - if(env->cfg->directory && env->cfg->directory[0]) { - char wdir[1524]; - snprintf(wdir, sizeof(wdir), "sys.path.append('%s') \n", - env->cfg->directory); - PyRun_SimpleString(wdir); - } - PyRun_SimpleString("sys.path.append('"RUN_DIR"') \n"); - PyRun_SimpleString("sys.path.append('"SHARE_DIR"') \n"); - PyRun_SimpleString("import distutils.sysconfig \n"); - PyRun_SimpleString("sys.path.append(distutils.sysconfig.get_python_lib(1,0)) \n"); - if (PyRun_SimpleString("from unboundmodule import *\n") < 0) - { - log_err("pythonmod: cannot initialize core module: unboundmodule.py"); - PyGILState_Release(gil); - return 0; - } - - /* Check Python file load */ - if ((script_py = fopen(pe->fname, "r")) == NULL) - { - log_err("pythonmod: can't open file %s for reading", pe->fname); - PyGILState_Release(gil); - return 0; - } - - /* Load file */ - pe->module = PyImport_AddModule("__main__"); - pe->dict = PyModule_GetDict(pe->module); - pe->data = Py_None; - Py_INCREF(pe->data); - PyModule_AddObject(pe->module, "mod_env", pe->data); - - /* TODO: deallocation of pe->... if an error occurs */ - - if (PyRun_SimpleFile(script_py, pe->fname) < 0) - { - log_err("pythonmod: can't parse Python script %s", pe->fname); - PyGILState_Release(gil); - return 0; - } - - fclose(script_py); - - if ((pe->func_init = PyDict_GetItemString(pe->dict, "init_standard")) == NULL) - { - init_standard = 0; - if ((pe->func_init = PyDict_GetItemString(pe->dict, "init")) == NULL) - { - log_err("pythonmod: function init is missing in %s", pe->fname); - PyGILState_Release(gil); - return 0; - } - } - if ((pe->func_deinit = PyDict_GetItemString(pe->dict, "deinit")) == NULL) - { - log_err("pythonmod: function deinit is missing in %s", pe->fname); - PyGILState_Release(gil); - return 0; - } - if ((pe->func_operate = PyDict_GetItemString(pe->dict, "operate")) == NULL) - { - log_err("pythonmod: function operate is missing in %s", pe->fname); - PyGILState_Release(gil); - return 0; - } - if ((pe->func_inform = PyDict_GetItemString(pe->dict, "inform_super")) == NULL) - { - log_err("pythonmod: function inform_super is missing in %s", pe->fname); - PyGILState_Release(gil); - return 0; - } - - if (init_standard) - { - py_init_arg = SWIG_NewPointerObj((void*) env, SWIGTYPE_p_module_env, 0); - } - else - { - py_init_arg = SWIG_NewPointerObj((void*) env->cfg, - SWIGTYPE_p_config_file, 0); - } - res = PyObject_CallFunction(pe->func_init, "iO", id, py_init_arg); - if (PyErr_Occurred()) - { - log_err("pythonmod: Exception occurred in function init"); - PyErr_Print(); - Py_XDECREF(res); - Py_XDECREF(py_init_arg); - PyGILState_Release(gil); - return 0; - } - - Py_XDECREF(res); - Py_XDECREF(py_init_arg); - PyGILState_Release(gil); - - return 1; -} - -void pythonmod_deinit(struct module_env* env, int id) -{ - struct pythonmod_env* pe = env->modinfo[id]; - if(pe == NULL) - return; - - /* Free Python resources */ - if(pe->module != NULL) - { - PyObject* res; - PyGILState_STATE gil = PyGILState_Ensure(); - - /* Deinit module */ - res = PyObject_CallFunction(pe->func_deinit, "i", id); - if (PyErr_Occurred()) { - log_err("pythonmod: Exception occurred in function deinit"); - PyErr_Print(); - } - /* Free result if any */ - Py_XDECREF(res); - /* Free shared data if any */ - Py_XDECREF(pe->data); - PyGILState_Release(gil); - - PyEval_RestoreThread(pe->mainthr); - Py_Finalize(); - pe->mainthr = NULL; - } - pe->fname = NULL; - free(pe); - - /* Module is deallocated in Python */ - env->modinfo[id] = NULL; -} - -void pythonmod_inform_super(struct module_qstate* qstate, int id, struct module_qstate* super) -{ - struct pythonmod_env* pe = (struct pythonmod_env*)qstate->env->modinfo[id]; - struct pythonmod_qstate* pq = (struct pythonmod_qstate*)qstate->minfo[id]; - PyObject* py_qstate, *py_sqstate, *res; - PyGILState_STATE gil = PyGILState_Ensure(); - - log_query_info(VERB_ALGO, "pythonmod: inform_super, sub is", &qstate->qinfo); - log_query_info(VERB_ALGO, "super is", &super->qinfo); - - py_qstate = SWIG_NewPointerObj((void*) qstate, SWIGTYPE_p_module_qstate, 0); - py_sqstate = SWIG_NewPointerObj((void*) super, SWIGTYPE_p_module_qstate, 0); - - res = PyObject_CallFunction(pe->func_inform, "iOOO", id, py_qstate, - py_sqstate, pq->data); - - if (PyErr_Occurred()) - { - log_err("pythonmod: Exception occurred in function inform_super"); - PyErr_Print(); - qstate->ext_state[id] = module_error; - } - else if ((res == NULL) || (!PyObject_IsTrue(res))) - { - log_err("pythonmod: python returned bad code in inform_super"); - qstate->ext_state[id] = module_error; - } - - Py_XDECREF(res); - Py_XDECREF(py_sqstate); - Py_XDECREF(py_qstate); - - PyGILState_Release(gil); -} - -void pythonmod_operate(struct module_qstate* qstate, enum module_ev event, - int id, struct outbound_entry* ATTR_UNUSED(outbound)) -{ - struct pythonmod_env* pe = (struct pythonmod_env*)qstate->env->modinfo[id]; - struct pythonmod_qstate* pq = (struct pythonmod_qstate*)qstate->minfo[id]; - PyObject* py_qstate, *res; - PyGILState_STATE gil = PyGILState_Ensure(); - - if ( pq == NULL) - { - /* create qstate */ - pq = qstate->minfo[id] = malloc(sizeof(struct pythonmod_qstate)); - - /* Initialize per query data */ - pq->data = Py_None; - Py_INCREF(pq->data); - } - - /* Call operate */ - py_qstate = SWIG_NewPointerObj((void*) qstate, SWIGTYPE_p_module_qstate, 0); - res = PyObject_CallFunction(pe->func_operate, "iiOO", id, (int) event, - py_qstate, pq->data); - if (PyErr_Occurred()) - { - log_err("pythonmod: Exception occurred in function operate, event: %s", strmodulevent(event)); - PyErr_Print(); - qstate->ext_state[id] = module_error; - } - else if ((res == NULL) || (!PyObject_IsTrue(res))) - { - log_err("pythonmod: python returned bad code, event: %s", strmodulevent(event)); - qstate->ext_state[id] = module_error; - } - Py_XDECREF(res); - Py_XDECREF(py_qstate); - - PyGILState_Release(gil); -} - -void pythonmod_clear(struct module_qstate* qstate, int id) -{ - struct pythonmod_qstate* pq; - if (qstate == NULL) - return; - - pq = (struct pythonmod_qstate*)qstate->minfo[id]; - verbose(VERB_ALGO, "pythonmod: clear, id: %d, pq:%lX", id, - (unsigned long int)pq); - if(pq != NULL) - { - PyGILState_STATE gil = PyGILState_Ensure(); - Py_DECREF(pq->data); - PyGILState_Release(gil); - /* Free qstate */ - free(pq); - } - - qstate->minfo[id] = NULL; -} - -size_t pythonmod_get_mem(struct module_env* env, int id) -{ - struct pythonmod_env* pe = (struct pythonmod_env*)env->modinfo[id]; - verbose(VERB_ALGO, "pythonmod: get_mem, id: %d, pe:%lX", id, - (unsigned long int)pe); - if(!pe) - return 0; - return sizeof(*pe); -} - -/** - * The module function block - */ -static struct module_func_block pythonmod_block = { - "python", - &pythonmod_init, &pythonmod_deinit, &pythonmod_operate, &pythonmod_inform_super, - &pythonmod_clear, &pythonmod_get_mem -}; - -struct module_func_block* pythonmod_get_funcblock(void) -{ - return &pythonmod_block; -} diff --git a/external/unbound/pythonmod/pythonmod.h b/external/unbound/pythonmod/pythonmod.h deleted file mode 100644 index 7c7c0e751..000000000 --- a/external/unbound/pythonmod/pythonmod.h +++ /dev/null @@ -1,76 +0,0 @@ -/* - * pythonmod.h: module header file - * - * Copyright (c) 2009, Zdenek Vasicek (vasicek AT fit.vutbr.cz) - * Marek Vavrusa (xvavru00 AT stud.fit.vutbr.cz) - * - * This software is open source. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above copyright notice, - * this list of conditions and the following disclaimer. - * - * * Redistributions in binary form must reproduce the above copyright notice, - * this list of conditions and the following disclaimer in the documentation - * and/or other materials provided with the distribution. - * - * * Neither the name of the organization nor the names of its - * contributors may be used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED - * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE - * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR - * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - * POSSIBILITY OF SUCH DAMAGE. - */ -/** - * \file - * Python module for unbound. Calls python script. - */ -#ifndef PYTHONMOD_H -#define PYTHONMOD_H -#include "util/module.h" -#include "services/outbound_list.h" - -/** - * Get the module function block. - * @return: function block with function pointers to module methods. - */ -struct module_func_block* pythonmod_get_funcblock(void); - -/** python module init */ -int pythonmod_init(struct module_env* env, int id); - -/** python module deinit */ -void pythonmod_deinit(struct module_env* env, int id); - -/** python module operate on a query */ -void pythonmod_operate(struct module_qstate* qstate, enum module_ev event, - int id, struct outbound_entry* outbound); - -/** python module */ -void pythonmod_inform_super(struct module_qstate* qstate, int id, - struct module_qstate* super); - -/** python module cleanup query state */ -void pythonmod_clear(struct module_qstate* qstate, int id); - -/** python module alloc size routine */ -size_t pythonmod_get_mem(struct module_env* env, int id); - -/** Declared here for fptr_wlist access. The definition is in interface.i. */ -int python_inplace_cb_reply_generic(struct query_info* qinfo, - struct module_qstate* qstate, struct reply_info* rep, int rcode, - struct edns_data* edns, struct edns_option** opt_list_out, - struct regional* region, int id, void* python_callback); -#endif /* PYTHONMOD_H */ diff --git a/external/unbound/pythonmod/pythonmod_utils.c b/external/unbound/pythonmod/pythonmod_utils.c deleted file mode 100644 index 5d70f2b4b..000000000 --- a/external/unbound/pythonmod/pythonmod_utils.c +++ /dev/null @@ -1,194 +0,0 @@ -/* - * pythonmod_utils.c: utilities used by wrapper - * - * Copyright (c) 2009, Zdenek Vasicek (vasicek AT fit.vutbr.cz) - * Marek Vavrusa (xvavru00 AT stud.fit.vutbr.cz) - * - * This software is open source. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above copyright notice, - * this list of conditions and the following disclaimer. - * - * * Redistributions in binary form must reproduce the above copyright notice, - * this list of conditions and the following disclaimer in the documentation - * and/or other materials provided with the distribution. - * - * * Neither the name of the organization nor the names of its - * contributors may be used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED - * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE - * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR - * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - * POSSIBILITY OF SUCH DAMAGE. - */ -/** - * \file - * Utility functions for the python module that perform stores and loads and - * conversions. - */ -#include "config.h" -#include "util/module.h" -#include "util/netevent.h" -#include "util/net_help.h" -#include "services/cache/dns.h" -#include "services/cache/rrset.h" -#include "util/data/msgparse.h" -#include "util/data/msgreply.h" -#include "util/storage/slabhash.h" -#include "util/regional.h" -#include "iterator/iter_delegpt.h" -#include "sldns/sbuffer.h" - -#undef _POSIX_C_SOURCE -#undef _XOPEN_SOURCE -#include - -/* Store the reply_info and query_info pair in message cache (qstate->msg_cache) */ -int storeQueryInCache(struct module_qstate* qstate, struct query_info* qinfo, struct reply_info* msgrep, int is_referral) -{ - if (!msgrep) - return 0; - - if (msgrep->authoritative) /*authoritative answer can't be stored in cache*/ - { - PyErr_SetString(PyExc_ValueError, "Authoritative answer can't be stored"); - return 0; - } - - return dns_cache_store(qstate->env, qinfo, msgrep, is_referral, - qstate->prefetch_leeway, 0, NULL, qstate->query_flags); -} - -/* Invalidate the message associated with query_info stored in message cache */ -void invalidateQueryInCache(struct module_qstate* qstate, struct query_info* qinfo) -{ - hashvalue_type h; - struct lruhash_entry* e; - struct reply_info *r; - size_t i, j; - - h = query_info_hash(qinfo, qstate->query_flags); - if ((e=slabhash_lookup(qstate->env->msg_cache, h, qinfo, 0))) - { - r = (struct reply_info*)(e->data); - if (r) - { - r->ttl = 0; - if(rrset_array_lock(r->ref, r->rrset_count, *qstate->env->now)) { - for(i=0; i< r->rrset_count; i++) - { - struct packed_rrset_data* data = - (struct packed_rrset_data*) r->ref[i].key->entry.data; - if(i>0 && r->ref[i].key == r->ref[i-1].key) - continue; - - data->ttl = r->ttl; - for(j=0; jcount + data->rrsig_count; j++) - data->rr_ttl[j] = r->ttl; - } - rrset_array_unlock(r->ref, r->rrset_count); - } - } - lock_rw_unlock(&e->lock); - } else { - log_info("invalidateQueryInCache: qinfo is not in cache"); - } -} - -/* Create response according to the ldns packet content */ -int createResponse(struct module_qstate* qstate, sldns_buffer* pkt) -{ - struct msg_parse* prs; - struct edns_data edns; - - /* parse message */ - prs = (struct msg_parse*) regional_alloc(qstate->env->scratch, sizeof(struct msg_parse)); - if (!prs) { - log_err("storeResponse: out of memory on incoming message"); - return 0; - } - - memset(prs, 0, sizeof(*prs)); - memset(&edns, 0, sizeof(edns)); - - sldns_buffer_set_position(pkt, 0); - if (parse_packet(pkt, prs, qstate->env->scratch) != LDNS_RCODE_NOERROR) { - verbose(VERB_ALGO, "storeResponse: parse error on reply packet"); - return 0; - } - /* edns is not examined, but removed from message to help cache */ - if(parse_extract_edns(prs, &edns, qstate->env->scratch) != - LDNS_RCODE_NOERROR) - return 0; - - /* remove CD-bit, we asked for in case we handle validation ourself */ - prs->flags &= ~BIT_CD; - - /* allocate response dns_msg in region */ - qstate->return_msg = (struct dns_msg*)regional_alloc(qstate->region, sizeof(struct dns_msg)); - if (!qstate->return_msg) - return 0; - - memset(qstate->return_msg, 0, sizeof(*qstate->return_msg)); - if(!parse_create_msg(pkt, prs, NULL, &(qstate->return_msg)->qinfo, &(qstate->return_msg)->rep, qstate->region)) { - log_err("storeResponse: malloc failure: allocating incoming dns_msg"); - return 0; - } - - /* Make sure that the RA flag is set (since the presence of - * this module means that recursion is available) */ - /* qstate->return_msg->rep->flags |= BIT_RA; */ - - /* Clear the AA flag */ - /* FIXME: does this action go here or in some other module? */ - /*qstate->return_msg->rep->flags &= ~BIT_AA; */ - - /* make sure QR flag is on */ - /*qstate->return_msg->rep->flags |= BIT_QR; */ - - if(verbosity >= VERB_ALGO) - log_dns_msg("storeResponse: packet:", &qstate->return_msg->qinfo, qstate->return_msg->rep); - - return 1; -} - - -/* Convert reply->addr to string */ -void reply_addr2str(struct comm_reply* reply, char* dest, int maxlen) -{ - int af = (int)((struct sockaddr_in*) &(reply->addr))->sin_family; - void* sinaddr = &((struct sockaddr_in*) &(reply->addr))->sin_addr; - - if(af == AF_INET6) - sinaddr = &((struct sockaddr_in6*)&(reply->addr))->sin6_addr; - dest[0] = 0; - if (inet_ntop(af, sinaddr, dest, (socklen_t)maxlen) == 0) - return; - dest[maxlen-1] = 0; -} - -/* Convert target->addr to string */ -void delegpt_addr_addr2str(struct delegpt_addr* target, char *dest, int maxlen) -{ - int af = (int)((struct sockaddr_in*) &(target->addr))->sin_family; - void* sinaddr = &((struct sockaddr_in*) &(target->addr))->sin_addr; - - if(af == AF_INET6) - sinaddr = &((struct sockaddr_in6*)&(target->addr))->sin6_addr; - dest[0] = 0; - if (inet_ntop(af, sinaddr, dest, (socklen_t)maxlen) == 0) - return; - dest[maxlen-1] = 0; -} diff --git a/external/unbound/pythonmod/pythonmod_utils.h b/external/unbound/pythonmod/pythonmod_utils.h deleted file mode 100644 index 768eb46de..000000000 --- a/external/unbound/pythonmod/pythonmod_utils.h +++ /dev/null @@ -1,93 +0,0 @@ -/* - * pythonmod_utils.h: utils header file - * - * Copyright (c) 2009, Zdenek Vasicek (vasicek AT fit.vutbr.cz) - * Marek Vavrusa (xvavru00 AT stud.fit.vutbr.cz) - * - * This software is open source. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above copyright notice, - * this list of conditions and the following disclaimer. - * - * * Redistributions in binary form must reproduce the above copyright notice, - * this list of conditions and the following disclaimer in the documentation - * and/or other materials provided with the distribution. - * - * * Neither the name of the organization nor the names of its - * contributors may be used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED - * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE - * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR - * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - * POSSIBILITY OF SUCH DAMAGE. - */ -/** - * \file - * Utility functions for the python module that perform stores and loads and - * conversions. - */ -#ifndef PYTHONMOD_UTILS_H -#define PYTHONMOD_UTILS_H - -#include "util/module.h" -struct delegpt_addr; - -/** - * Store the reply_info and query_info pair in message cache (qstate->msg_cache) - * - * @param qstate: module environment - * @param qinfo: query info, the query for which answer is stored. - * @param msgrep: reply in dns_msg - * @param is_referral: If true, then the given message to be stored is a - * referral. The cache implementation may use this as a hint. - * It will store only the RRsets, not the message. - * @return 0 on alloc error (out of memory). - */ -int storeQueryInCache(struct module_qstate* qstate, struct query_info* qinfo, struct reply_info* msgrep, int is_referral); - - -/** - * Invalidate the message associated with query_info stored in message cache. - * - * This function invalidates the record in message cache associated with the given query only if such a record exists. - * - * @param qstate: module environment - * @param qinfo: query info, the query for which answer is stored. - */ -void invalidateQueryInCache(struct module_qstate* qstate, struct query_info* qinfo); - -/** - * Create response according to the ldns packet content - * - * This function fills qstate.return_msg up with data of a given packet - * - * @param qstate: module environment - * @param pkt: a sldns_buffer which contains sldns_packet data - * @return 0 on failure, out of memory or parse error. - */ -int createResponse(struct module_qstate* qstate, sldns_buffer* pkt); - -/** - * Convert reply->addr to string - * @param reply: comm reply with address in it. - * @param dest: destination string. - * @param maxlen: length of string buffer. - */ -void reply_addr2str(struct comm_reply* reply, char* dest, int maxlen); - -/* Convert target->addr to string */ -void delegpt_addr_addr2str(struct delegpt_addr* target, char *dest, int maxlen); - -#endif /* PYTHONMOD_UTILS_H */ diff --git a/external/unbound/pythonmod/test-calc.conf b/external/unbound/pythonmod/test-calc.conf deleted file mode 100644 index ef854ce1b..000000000 --- a/external/unbound/pythonmod/test-calc.conf +++ /dev/null @@ -1,18 +0,0 @@ -# Example configuration file for calc.py -server: - verbosity: 1 - interface: 0.0.0.0 - do-daemonize: no - access-control: 0.0.0.0/0 allow - chroot: "" - username: "" - directory: "" - logfile: "" - pidfile: "unbound.pid" - module-config: "validator python iterator" - -# Python config section -python: - # Script file to load - python-script: "./examples/calc.py" - diff --git a/external/unbound/pythonmod/test-dict.conf b/external/unbound/pythonmod/test-dict.conf deleted file mode 100644 index daab7250e..000000000 --- a/external/unbound/pythonmod/test-dict.conf +++ /dev/null @@ -1,18 +0,0 @@ -# Example configuration file for dict.py -server: - verbosity: 1 - interface: 0.0.0.0 - do-daemonize: no - access-control: 0.0.0.0/0 allow - chroot: "" - username: "" - directory: "" - logfile: "" - pidfile: "unbound.pid" - module-config: "validator python iterator" - -# Python config section -python: - # Script file to load - python-script: "./examples/dict.py" - diff --git a/external/unbound/pythonmod/test-edns.conf b/external/unbound/pythonmod/test-edns.conf deleted file mode 100644 index 440947f01..000000000 --- a/external/unbound/pythonmod/test-edns.conf +++ /dev/null @@ -1,17 +0,0 @@ -# Example configuration file for edns.py -server: - verbosity: 1 - interface: 0.0.0.0 - do-daemonize: no - access-control: 0.0.0.0/0 allow - chroot: "" - username: "" - directory: "" - logfile: "" - pidfile: "unbound.pid" - module-config: "validator python iterator" - -# Python config section -python: - # Script file to load - python-script: "./examples/edns.py" diff --git a/external/unbound/pythonmod/test-inplace_callbacks.conf b/external/unbound/pythonmod/test-inplace_callbacks.conf deleted file mode 100644 index d7081faa6..000000000 --- a/external/unbound/pythonmod/test-inplace_callbacks.conf +++ /dev/null @@ -1,17 +0,0 @@ -# Example configuration file for edns.py -server: - verbosity: 1 - interface: 0.0.0.0 - do-daemonize: no - access-control: 0.0.0.0/0 allow - chroot: "" - username: "" - directory: "" - logfile: "" - pidfile: "unbound.pid" - module-config: "validator python iterator" - -# Python config section -python: - # Script file to load - python-script: "./examples/inplace_callbacks.py" diff --git a/external/unbound/pythonmod/test-log.conf b/external/unbound/pythonmod/test-log.conf deleted file mode 100644 index 02214ba1d..000000000 --- a/external/unbound/pythonmod/test-log.conf +++ /dev/null @@ -1,17 +0,0 @@ -# Example configuration file for log.py -server: - verbosity: 1 - interface: 0.0.0.0 - do-daemonize: no - access-control: 0.0.0.0/0 allow - chroot: "" - username: "" - directory: "" - logfile: "" - pidfile: "unbound.pid" - module-config: "validator python iterator" - -# Python config section -python: - # Script file to load - python-script: "./examples/log.py" diff --git a/external/unbound/pythonmod/test-resgen.conf b/external/unbound/pythonmod/test-resgen.conf deleted file mode 100644 index a0a79e42d..000000000 --- a/external/unbound/pythonmod/test-resgen.conf +++ /dev/null @@ -1,18 +0,0 @@ -# Example configuration file for resgen.py -server: - verbosity: 1 - interface: 0.0.0.0 - do-daemonize: no - access-control: 0.0.0.0/0 allow - chroot: "" - username: "" - directory: "" - logfile: "" - pidfile: "unbound.pid" - module-config: "validator python iterator" - -# Python config section -python: - # Script file to load - python-script: "./examples/resgen.py" - diff --git a/external/unbound/pythonmod/test-resip.conf b/external/unbound/pythonmod/test-resip.conf deleted file mode 100644 index 7620f736f..000000000 --- a/external/unbound/pythonmod/test-resip.conf +++ /dev/null @@ -1,18 +0,0 @@ -# Example configuration file for resip.py -server: - verbosity: 1 - #interface: 0.0.0.0 - do-daemonize: no - #access-control: 0.0.0.0/0 allow - chroot: "" - username: "" - directory: "" - logfile: "" - pidfile: "unbound.pid" - module-config: "validator python iterator" - -# Python config section -python: - # Script file to load - python-script: "./examples/resip.py" - diff --git a/external/unbound/pythonmod/test-resmod.conf b/external/unbound/pythonmod/test-resmod.conf deleted file mode 100644 index 8de5fd257..000000000 --- a/external/unbound/pythonmod/test-resmod.conf +++ /dev/null @@ -1,19 +0,0 @@ -# Example configuration file for resmod.py -server: - verbosity: 1 - interface: 0.0.0.0 - do-daemonize: no - access-control: 0.0.0.0/0 allow - chroot: "" - username: "" - directory: "" - logfile: "" - pidfile: "unbound.pid" - #module-config: "python iterator" - module-config: "validator python iterator" - -# Python config section -python: - # Script file to load - python-script: "./examples/resmod.py" - diff --git a/external/unbound/pythonmod/ubmodule-msg.py b/external/unbound/pythonmod/ubmodule-msg.py deleted file mode 100644 index 648368080..000000000 --- a/external/unbound/pythonmod/ubmodule-msg.py +++ /dev/null @@ -1,156 +0,0 @@ -# -*- coding: utf-8 -*- -''' - ubmodule-msg.py: simple response packet logger - - Authors: Zdenek Vasicek (vasicek AT fit.vutbr.cz) - Marek Vavrusa (xvavru00 AT stud.fit.vutbr.cz) - - Copyright (c) 2008. All rights reserved. - - This software is open source. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions - are met: - - Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - Redistributions in binary form must reproduce the above copyright notice, - this list of conditions and the following disclaimer in the documentation - and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED - TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE - LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR - CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. -''' -import os - -def init(id, cfg): - log_info("pythonmod: init called, module id is %d port: %d script: %s" % (id, cfg.port, cfg.python_script)) - return True - -def deinit(id): - log_info("pythonmod: deinit called, module id is %d" % id) - return True - -def inform_super(id, qstate, superqstate, qdata): - return True - -def setTTL(qstate, ttl): - """Sets return_msg TTL and all the RRs TTL""" - if qstate.return_msg: - qstate.return_msg.rep.ttl = ttl - if (qstate.return_msg.rep): - for i in range(0,qstate.return_msg.rep.rrset_count): - d = qstate.return_msg.rep.rrsets[i].entry.data - for j in range(0,d.count+d.rrsig_count): - d.rr_ttl[j] = ttl - -def dataHex(data, prefix=""): - res = "" - for i in range(0, (len(data)+15)/16): - res += "%s0x%02X | " % (prefix, i*16) - d = map(lambda x:ord(x), data[i*16:i*16+17]) - for ch in d: - res += "%02X " % ch - for i in range(0,17-len(d)): - res += " " - res += "| " - for ch in d: - if (ch < 32) or (ch > 127): - res += ". " - else: - res += "%c " % ch - res += "\n" - return res - -def printReturnMsg(qstate): - print "Return MSG rep :: flags: %04X, QDcount: %d, Security:%d, TTL=%d" % (qstate.return_msg.rep.flags, qstate.return_msg.rep.qdcount,qstate.return_msg.rep.security, qstate.return_msg.rep.ttl) - print " qinfo :: qname:",qstate.return_msg.qinfo.qname_list, qstate.return_msg.qinfo.qname_str, "type:",qstate.return_msg.qinfo.qtype_str, "class:",qstate.return_msg.qinfo.qclass_str - if (qstate.return_msg.rep): - print "RRSets:",qstate.return_msg.rep.rrset_count - prevkey = None - for i in range(0,qstate.return_msg.rep.rrset_count): - r = qstate.return_msg.rep.rrsets[i] - rk = r.rk - print i,":",rk.dname_list, rk.dname_str, "flags: %04X" % rk.flags, - print "type:",rk.type_str,"(%d)" % ntohs(rk.type), "class:",rk.rrset_class_str,"(%d)" % ntohs(rk.rrset_class) - - d = r.entry.data - print " RRDatas:",d.count+d.rrsig_count - for j in range(0,d.count+d.rrsig_count): - print " ",j,":","TTL=",d.rr_ttl[j],"RR data:" - print dataHex(d.rr_data[j]," ") - - -def operate(id, event, qstate, qdata): - log_info("pythonmod: operate called, id: %d, event:%s" % (id, strmodulevent(event))) - #print "pythonmod: per query data", qdata - - print "Query:", ''.join(map(lambda x:chr(max(32,ord(x))),qstate.qinfo.qname)), qstate.qinfo.qname_list, qstate.qinfo.qname_str, - print "Type:",qstate.qinfo.qtype_str,"(%d)" % qstate.qinfo.qtype, - print "Class:",qstate.qinfo.qclass_str,"(%d)" % qstate.qinfo.qclass - print - - #if event == MODULE_EVENT_PASS: #pokud mame "validator python iterator" - if (event == MODULE_EVENT_NEW) and (qstate.qinfo.qname_str.endswith(".seznam.cz.")): #pokud mame "python validator iterator" - print qstate.qinfo.qname_str - - qstate.ext_state[id] = MODULE_FINISHED - - msg = DNSMessage(qstate.qinfo.qname_str, RR_TYPE_A, RR_CLASS_IN, PKT_QR | PKT_RA | PKT_AA) #, 300) - #msg.authority.append("xxx.seznam.cz. 10 IN A 192.168.1.1") - #msg.additional.append("yyy.seznam.cz. 10 IN A 1.1.1.2.") - - if qstate.qinfo.qtype == RR_TYPE_A: - msg.answer.append("%s 10 IN A 192.168.1.1" % qstate.qinfo.qname_str) - if (qstate.qinfo.qtype == RR_TYPE_SRV) or (qstate.qinfo.qtype == RR_TYPE_ANY): - msg.answer.append("%s 10 IN SRV 0 0 80 neinfo.example.com." % qstate.qinfo.qname_str) - if (qstate.qinfo.qtype == RR_TYPE_TXT) or (qstate.qinfo.qtype == RR_TYPE_ANY): - msg.answer.append("%s 10 IN TXT path=/" % qstate.qinfo.qname_str) - - if not msg.set_return_msg(qstate): - qstate.ext_state[id] = MODULE_ERROR - return True - - #qstate.return_msg.rep.security = 2 #pokud nebude nasledovat validator, je zapotrebi nastavit security, aby nebyl paket zahozen v mesh_send_reply - printReturnMsg(qstate) - - #Authoritative result can't be stored in cache - #if (not storeQueryInCache(qstate, qstate.return_msg.qinfo, qstate.return_msg.rep, 0)): - # print "Can't store in cache" - # qstate.ext_state[id] = MODULE_ERROR - # return False - #print "Store OK" - - qstate.return_rcode = RCODE_NOERROR - return True - - if event == MODULE_EVENT_NEW: - qstate.ext_state[id] = MODULE_WAIT_MODULE - return True - - if event == MODULE_EVENT_MODDONE: - log_info("pythonmod: previous module done") - qstate.ext_state[id] = MODULE_FINISHED - return True - - if event == MODULE_EVENT_PASS: - log_info("pythonmod: event_pass") - qstate.ext_state[id] = MODULE_WAIT_MODULE - return True - - log_err("pythonmod: BAD event") - qstate.ext_state[id] = MODULE_ERROR - return True - -log_info("pythonmod: script loaded.") diff --git a/external/unbound/pythonmod/ubmodule-tst.py b/external/unbound/pythonmod/ubmodule-tst.py deleted file mode 100644 index 0b9b5a9d2..000000000 --- a/external/unbound/pythonmod/ubmodule-tst.py +++ /dev/null @@ -1,149 +0,0 @@ -# -*- coding: utf-8 -*- -''' - ubmodule-tst.py: - - Authors: Zdenek Vasicek (vasicek AT fit.vutbr.cz) - Marek Vavrusa (xvavru00 AT stud.fit.vutbr.cz) - - Copyright (c) 2008. All rights reserved. - - This software is open source. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions - are met: - - Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - Redistributions in binary form must reproduce the above copyright notice, - this list of conditions and the following disclaimer in the documentation - and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED - TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE - LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR - CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. -''' -def init(id, cfg): - log_info("pythonmod: init called, module id is %d port: %d script: %s" % (id, cfg.port, cfg.python_script)) - return True - -def deinit(id): - log_info("pythonmod: deinit called, module id is %d" % id) - return True - -def inform_super(id, qstate, superqstate, qdata): - return True - -def setTTL(qstate, ttl): - """Sets return_msg TTL and all the RRs TTL""" - if qstate.return_msg: - qstate.return_msg.rep.ttl = ttl - if (qstate.return_msg.rep): - for i in range(0,qstate.return_msg.rep.rrset_count): - d = qstate.return_msg.rep.rrsets[i].entry.data - for j in range(0,d.count+d.rrsig_count): - d.rr_ttl[j] = ttl - -def dataHex(data, prefix=""): - res = "" - for i in range(0, (len(data)+15)/16): - res += "%s0x%02X | " % (prefix, i*16) - d = map(lambda x:ord(x), data[i*16:i*16+17]) - for ch in d: - res += "%02X " % ch - for i in range(0,17-len(d)): - res += " " - res += "| " - for ch in d: - if (ch < 32) or (ch > 127): - res += ". " - else: - res += "%c " % ch - res += "\n" - return res - -def printReturnMsg(qstate): - print "Return MSG rep :: flags: %04X, QDcount: %d, Security:%d, TTL=%d" % (qstate.return_msg.rep.flags, qstate.return_msg.rep.qdcount,qstate.return_msg.rep.security, qstate.return_msg.rep.ttl) - print " qinfo :: qname:",qstate.return_msg.qinfo.qname_list, qstate.return_msg.qinfo.qname_str, "type:",qstate.return_msg.qinfo.qtype_str, "class:",qstate.return_msg.qinfo.qclass_str - if (qstate.return_msg.rep): - print "RRSets:",qstate.return_msg.rep.rrset_count - prevkey = None - for i in range(0,qstate.return_msg.rep.rrset_count): - r = qstate.return_msg.rep.rrsets[i] - rk = r.rk - print i,":",rk.dname_list, rk.dname_str, "flags: %04X" % rk.flags, - print "type:",rk.type_str,"(%d)" % ntohs(rk.type), "class:",rk.rrset_class_str,"(%d)" % ntohs(rk.rrset_class) - - d = r.entry.data - print " RRDatas:",d.count+d.rrsig_count - for j in range(0,d.count+d.rrsig_count): - print " ",j,":","TTL=",d.rr_ttl[j],"RR data:" - print dataHex(d.rr_data[j]," ") - -def operate(id, event, qstate, qdata): - log_info("pythonmod: operate called, id: %d, event:%s" % (id, strmodulevent(event))) - #print "pythonmod: per query data", qdata - - print "Query:", ''.join(map(lambda x:chr(max(32,ord(x))),qstate.qinfo.qname)), qstate.qinfo.qname_list, - print "Type:",qstate.qinfo.qtype_str,"(%d)" % qstate.qinfo.qtype, - print "Class:",qstate.qinfo.qclass_str,"(%d)" % qstate.qinfo.qclass - print - - # TEST: - # > dig @127.0.0.1 www.seznam.cz A - # > dig @127.0.0.1 3.76.75.77.in-addr.arpa. PTR - # prvni dva dotazy vrati TTL 100 - # > dig @127.0.0.1 www.seznam.cz A - # > dig @127.0.0.1 3.76.75.77.in-addr.arpa. PTR - # dalsi dva dotazy vrati TTL 10, ktere se bude s dalsimi dotazy snizovat, nez vyprsi a znovu se zaktivuje mesh - - if qstate.return_msg: - printReturnMsg(qstate) - - #qdn = '.'.join(qstate.qinfo.qname_list) - qdn = qstate.qinfo.qname_str - - #Pokud dotaz konci na nasledujici, pozmenime TTL zpravy, ktera se posle klientovi (return_msg) i zpravy v CACHE - if qdn.endswith(".seznam.cz.") or qdn.endswith('.in-addr.arpa.'): - #pokud je v cache odpoved z iteratoru, pak ji zneplatnime, jinak se moduly nazavolaji do te doby, nez vyprsi TTL - invalidateQueryInCache(qstate, qstate.return_msg.qinfo) - - if (qstate.return_msg.rep.authoritative): - print "X"*300 - - setTTL(qstate, 10) #do cache nastavime TTL na 10 - if not storeQueryInCache(qstate, qstate.return_msg.qinfo, qstate.return_msg.rep, 0): - qstate.ext_state[id] = MODULE_ERROR - return False - - setTTL(qstate, 100) #odpoved klientovi prijde s TTL 100 - qstate.return_rcode = RCODE_NOERROR - - if event == MODULE_EVENT_NEW: - qstate.ext_state[id] = MODULE_WAIT_MODULE - return True - - if event == MODULE_EVENT_MODDONE: - log_info("pythonmod: previous module done") - qstate.ext_state[id] = MODULE_FINISHED - return True - - if event == MODULE_EVENT_PASS: - log_info("pythonmod: event_pass") - qstate.ext_state[id] = MODULE_WAIT_MODULE - return True - - log_err("pythonmod: BAD event") - qstate.ext_state[id] = MODULE_ERROR - return True - -log_info("pythonmod: script loaded.") diff --git a/external/unbound/respip/respip.c b/external/unbound/respip/respip.c deleted file mode 100644 index d71325111..000000000 --- a/external/unbound/respip/respip.c +++ /dev/null @@ -1,1179 +0,0 @@ -/* - * respip/respip.c - filtering response IP module - */ - -/** - * \file - * - * This file contains a module that inspects a result of recursive resolution - * to see if any IP address record should trigger a special action. - * If applicable these actions can modify the original response. - */ -#include "config.h" - -#include "services/localzone.h" -#include "services/cache/dns.h" -#include "sldns/str2wire.h" -#include "util/config_file.h" -#include "util/fptr_wlist.h" -#include "util/module.h" -#include "util/net_help.h" -#include "util/regional.h" -#include "util/data/msgreply.h" -#include "util/storage/dnstree.h" -#include "respip/respip.h" -#include "services/view.h" -#include "sldns/rrdef.h" - -/** - * Conceptual set of IP addresses for response AAAA or A records that should - * trigger special actions. - */ -struct respip_set { - struct regional* region; - struct rbtree_type ip_tree; - char* const* tagname; /* shallow copy of tag names, for logging */ - int num_tags; /* number of tagname entries */ -}; - -/** An address span with response control information */ -struct resp_addr { - /** node in address tree */ - struct addr_tree_node node; - /** tag bitlist */ - uint8_t* taglist; - /** length of the taglist (in bytes) */ - size_t taglen; - /** action for this address span */ - enum respip_action action; - /** "local data" for this node */ - struct ub_packed_rrset_key* data; -}; - -/** Subset of resp_addr.node, used for inform-variant logging */ -struct respip_addr_info { - struct sockaddr_storage addr; - socklen_t addrlen; - int net; -}; - -/** Query state regarding the response-ip module. */ -enum respip_state { - /** - * The general state. Unless CNAME chasing takes place, all processing - * is completed in this state without any other asynchronous event. - */ - RESPIP_INIT = 0, - - /** - * A subquery for CNAME chasing is completed. - */ - RESPIP_SUBQUERY_FINISHED -}; - -/** Per query state for the response-ip module. */ -struct respip_qstate { - enum respip_state state; -}; - -struct respip_set* -respip_set_create(void) -{ - struct respip_set* set = calloc(1, sizeof(*set)); - if(!set) - return NULL; - set->region = regional_create(); - if(!set->region) { - free(set); - return NULL; - } - addr_tree_init(&set->ip_tree); - return set; -} - -void -respip_set_delete(struct respip_set* set) -{ - if(!set) - return; - regional_destroy(set->region); - free(set); -} - -struct rbtree_type* -respip_set_get_tree(struct respip_set* set) -{ - if(!set) - return NULL; - return &set->ip_tree; -} - -/** returns the node in the address tree for the specified netblock string; - * non-existent node will be created if 'create' is true */ -static struct resp_addr* -respip_find_or_create(struct respip_set* set, const char* ipstr, int create) -{ - struct resp_addr* node; - struct sockaddr_storage addr; - int net; - socklen_t addrlen; - - if(!netblockstrtoaddr(ipstr, 0, &addr, &addrlen, &net)) { - log_err("cannot parse netblock: '%s'", ipstr); - return NULL; - } - node = (struct resp_addr*)addr_tree_find(&set->ip_tree, &addr, addrlen, net); - if(!node && create) { - node = regional_alloc_zero(set->region, sizeof(*node)); - if(!node) { - log_err("out of memory"); - return NULL; - } - node->action = respip_none; - if(!addr_tree_insert(&set->ip_tree, &node->node, &addr, - addrlen, net)) { - /* We know we didn't find it, so this should be - * impossible. */ - log_warn("unexpected: duplicate address: %s", ipstr); - } - } - return node; -} - -static int -respip_tag_cfg(struct respip_set* set, const char* ipstr, - const uint8_t* taglist, size_t taglen) -{ - struct resp_addr* node; - - if(!(node=respip_find_or_create(set, ipstr, 1))) - return 0; - if(node->taglist) { - log_warn("duplicate response-address-tag for '%s', overridden.", - ipstr); - } - node->taglist = regional_alloc_init(set->region, taglist, taglen); - if(!node->taglist) { - log_err("out of memory"); - return 0; - } - node->taglen = taglen; - return 1; -} - -/** set action for the node specified by the netblock string */ -static int -respip_action_cfg(struct respip_set* set, const char* ipstr, - const char* actnstr) -{ - struct resp_addr* node; - enum respip_action action; - - if(!(node=respip_find_or_create(set, ipstr, 1))) - return 0; - if(node->action != respip_none) { - log_warn("duplicate response-ip action for '%s', overridden.", - ipstr); - } - if(strcmp(actnstr, "deny") == 0) - action = respip_deny; - else if(strcmp(actnstr, "redirect") == 0) - action = respip_redirect; - else if(strcmp(actnstr, "inform") == 0) - action = respip_inform; - else if(strcmp(actnstr, "inform_deny") == 0) - action = respip_inform_deny; - else if(strcmp(actnstr, "always_transparent") == 0) - action = respip_always_transparent; - else if(strcmp(actnstr, "always_refuse") == 0) - action = respip_always_refuse; - else if(strcmp(actnstr, "always_nxdomain") == 0) - action = respip_always_nxdomain; - else { - log_err("unknown response-ip action %s", actnstr); - return 0; - } - node->action = action; - return 1; -} - -/** allocate and initialize an rrset structure; this function is based - * on new_local_rrset() from the localzone.c module */ -static struct ub_packed_rrset_key* -new_rrset(struct regional* region, uint16_t rrtype, uint16_t rrclass) -{ - struct packed_rrset_data* pd; - struct ub_packed_rrset_key* rrset = regional_alloc_zero( - region, sizeof(*rrset)); - if(!rrset) { - log_err("out of memory"); - return NULL; - } - rrset->entry.key = rrset; - pd = regional_alloc_zero(region, sizeof(*pd)); - if(!pd) { - log_err("out of memory"); - return NULL; - } - pd->trust = rrset_trust_prim_noglue; - pd->security = sec_status_insecure; - rrset->entry.data = pd; - rrset->rk.dname = regional_alloc_zero(region, 1); - if(!rrset->rk.dname) { - log_err("out of memory"); - return NULL; - } - rrset->rk.dname_len = 1; - rrset->rk.type = htons(rrtype); - rrset->rk.rrset_class = htons(rrclass); - return rrset; -} - -/** enter local data as resource records into a response-ip node */ -static int -respip_enter_rr(struct regional* region, struct resp_addr* raddr, - const char* rrstr, const char* netblock) -{ - uint8_t* nm; - uint16_t rrtype = 0, rrclass = 0; - time_t ttl = 0; - uint8_t rr[LDNS_RR_BUF_SIZE]; - uint8_t* rdata = NULL; - size_t rdata_len = 0; - char buf[65536]; - char bufshort[64]; - struct packed_rrset_data* pd; - struct sockaddr* sa; - int ret; - if(raddr->action != respip_redirect) { - log_err("cannot parse response-ip-data %s: response-ip " - "action for %s is not redirect", rrstr, netblock); - return 0; - } - ret = snprintf(buf, sizeof(buf), ". %s", rrstr); - if(ret < 0 || ret >= (int)sizeof(buf)) { - strlcpy(bufshort, rrstr, sizeof(bufshort)); - log_err("bad response-ip-data: %s...", bufshort); - return 0; - } - if(!rrstr_get_rr_content(buf, &nm, &rrtype, &rrclass, &ttl, rr, sizeof(rr), - &rdata, &rdata_len)) { - log_err("bad response-ip-data: %s", rrstr); - return 0; - } - sa = (struct sockaddr*)&raddr->node.addr; - if (rrtype == LDNS_RR_TYPE_CNAME && raddr->data) { - log_err("CNAME response-ip data (%s) can not co-exist with other " - "response-ip data for netblock %s", rrstr, netblock); - return 0; - } else if (raddr->data && - raddr->data->rk.type == htons(LDNS_RR_TYPE_CNAME)) { - log_err("response-ip data (%s) can not be added; CNAME response-ip " - "data already in place for netblock %s", rrstr, netblock); - return 0; - } else if((rrtype != LDNS_RR_TYPE_CNAME) && - ((sa->sa_family == AF_INET && rrtype != LDNS_RR_TYPE_A) || - (sa->sa_family == AF_INET6 && rrtype != LDNS_RR_TYPE_AAAA))) { - log_err("response-ip data %s record type does not correspond " - "to netblock %s address family", rrstr, netblock); - return 0; - } - - if(!raddr->data) { - raddr->data = new_rrset(region, rrtype, rrclass); - if(!raddr->data) - return 0; - } - pd = raddr->data->entry.data; - return rrset_insert_rr(region, pd, rdata, rdata_len, ttl, rrstr); -} - -static int -respip_data_cfg(struct respip_set* set, const char* ipstr, const char* rrstr) -{ - struct resp_addr* node; - - node=respip_find_or_create(set, ipstr, 0); - if(!node || node->action == respip_none) { - log_err("cannot parse response-ip-data %s: " - "response-ip node for %s not found", rrstr, ipstr); - return 0; - } - return respip_enter_rr(set->region, node, rrstr, ipstr); -} - -static int -respip_set_apply_cfg(struct respip_set* set, char* const* tagname, int num_tags, - struct config_strbytelist* respip_tags, - struct config_str2list* respip_actions, - struct config_str2list* respip_data) -{ - struct config_strbytelist* p; - struct config_str2list* pa; - struct config_str2list* pd; - - set->tagname = tagname; - set->num_tags = num_tags; - - p = respip_tags; - while(p) { - struct config_strbytelist* np = p->next; - - log_assert(p->str && p->str2); - if(!respip_tag_cfg(set, p->str, p->str2, p->str2len)) { - config_del_strbytelist(p); - return 0; - } - free(p->str); - free(p->str2); - free(p); - p = np; - } - - pa = respip_actions; - while(pa) { - struct config_str2list* np = pa->next; - log_assert(pa->str && pa->str2); - if(!respip_action_cfg(set, pa->str, pa->str2)) { - config_deldblstrlist(pa); - return 0; - } - free(pa->str); - free(pa->str2); - free(pa); - pa = np; - } - - pd = respip_data; - while(pd) { - struct config_str2list* np = pd->next; - log_assert(pd->str && pd->str2); - if(!respip_data_cfg(set, pd->str, pd->str2)) { - config_deldblstrlist(pd); - return 0; - } - free(pd->str); - free(pd->str2); - free(pd); - pd = np; - } - - return 1; -} - -int -respip_global_apply_cfg(struct respip_set* set, struct config_file* cfg) -{ - int ret = respip_set_apply_cfg(set, cfg->tagname, cfg->num_tags, - cfg->respip_tags, cfg->respip_actions, cfg->respip_data); - cfg->respip_data = NULL; - cfg->respip_actions = NULL; - cfg->respip_tags = NULL; - return ret; -} - -/** Iterate through raw view data and apply the view-specific respip - * configuration; at this point we should have already seen all the views, - * so if any of the views that respip data refer to does not exist, that's - * an error. This additional iteration through view configuration data - * is expected to not have significant performance impact (or rather, its - * performance impact is not expected to be prohibitive in the configuration - * processing phase). - */ -int -respip_views_apply_cfg(struct views* vs, struct config_file* cfg, - int* have_view_respip_cfg) -{ - struct config_view* cv; - struct view* v; - int ret; - - for(cv = cfg->views; cv; cv = cv->next) { - - /** if no respip config for this view then there's - * nothing to do; note that even though respip data must go - * with respip action, we're checking for both here because - * we want to catch the case where the respip action is missing - * while the data is present */ - if(!cv->respip_actions && !cv->respip_data) - continue; - - if(!(v = views_find_view(vs, cv->name, 1))) { - log_err("view '%s' unexpectedly missing", cv->name); - return 0; - } - if(!v->respip_set) { - v->respip_set = respip_set_create(); - if(!v->respip_set) { - log_err("out of memory"); - lock_rw_unlock(&v->lock); - return 0; - } - } - ret = respip_set_apply_cfg(v->respip_set, NULL, 0, NULL, - cv->respip_actions, cv->respip_data); - lock_rw_unlock(&v->lock); - if(!ret) { - log_err("Error while applying respip configuration " - "for view '%s'", cv->name); - return 0; - } - *have_view_respip_cfg = (*have_view_respip_cfg || - v->respip_set->ip_tree.count); - cv->respip_actions = NULL; - cv->respip_data = NULL; - } - return 1; -} - -/** - * make a deep copy of 'key' in 'region'. - * This is largely derived from packed_rrset_copy_region() and - * packed_rrset_ptr_fixup(), but differs in the following points: - * - * - It doesn't assume all data in 'key' are in a contiguous memory region. - * Although that would be the case in most cases, 'key' can be passed from - * a lower-level module and it might not build the rrset to meet the - * assumption. In fact, an rrset specified as response-ip-data or generated - * in local_data_find_tag_datas() breaks the assumption. So it would be - * safer not to naively rely on the assumption. On the other hand, this - * function ensures the copied rrset data are in a contiguous region so - * that it won't cause a disruption even if an upper layer module naively - * assumes the memory layout. - * - It doesn't copy RRSIGs (if any) in 'key'. The rrset will be used in - * a reply that was already faked, so it doesn't make much sense to provide - * partial sigs even if they are valid themselves. - * - It doesn't adjust TTLs as it basically has to be a verbatim copy of 'key' - * just allocated in 'region' (the assumption is necessary TTL adjustment - * has been already done in 'key'). - * - * This function returns the copied rrset key on success, and NULL on memory - * allocation failure. - */ -struct ub_packed_rrset_key* -copy_rrset(const struct ub_packed_rrset_key* key, struct regional* region) -{ - struct ub_packed_rrset_key* ck = regional_alloc(region, - sizeof(struct ub_packed_rrset_key)); - struct packed_rrset_data* d; - struct packed_rrset_data* data = key->entry.data; - size_t dsize, i; - uint8_t* nextrdata; - - /* derived from packed_rrset_copy_region(), but don't use - * packed_rrset_sizeof() and do exclude RRSIGs */ - if(!ck) - return NULL; - ck->id = key->id; - memset(&ck->entry, 0, sizeof(ck->entry)); - ck->entry.hash = key->entry.hash; - ck->entry.key = ck; - ck->rk = key->rk; - ck->rk.dname = regional_alloc_init(region, key->rk.dname, - key->rk.dname_len); - if(!ck->rk.dname) - return NULL; - - dsize = sizeof(struct packed_rrset_data) + data->count * - (sizeof(size_t)+sizeof(uint8_t*)+sizeof(time_t)); - for(i=0; icount; i++) - dsize += data->rr_len[i]; - d = regional_alloc(region, dsize); - if(!d) - return NULL; - *d = *data; - d->rrsig_count = 0; - ck->entry.data = d; - - /* derived from packed_rrset_ptr_fixup() with copying the data */ - d->rr_len = (size_t*)((uint8_t*)d + sizeof(struct packed_rrset_data)); - d->rr_data = (uint8_t**)&(d->rr_len[d->count]); - d->rr_ttl = (time_t*)&(d->rr_data[d->count]); - nextrdata = (uint8_t*)&(d->rr_ttl[d->count]); - for(i=0; icount; i++) { - d->rr_len[i] = data->rr_len[i]; - d->rr_ttl[i] = data->rr_ttl[i]; - d->rr_data[i] = nextrdata; - memcpy(d->rr_data[i], data->rr_data[i], data->rr_len[i]); - nextrdata += d->rr_len[i]; - } - - return ck; -} - -int -respip_init(struct module_env* env, int id) -{ - (void)env; - (void)id; - return 1; -} - -void -respip_deinit(struct module_env* env, int id) -{ - (void)env; - (void)id; -} - -/** Convert a packed AAAA or A RRset to sockaddr. */ -static int -rdata2sockaddr(const struct packed_rrset_data* rd, uint16_t rtype, size_t i, - struct sockaddr_storage* ss, socklen_t* addrlenp) -{ - /* unbound can accept and cache odd-length AAAA/A records, so we have - * to validate the length. */ - if(rtype == LDNS_RR_TYPE_A && rd->rr_len[i] == 6) { - struct sockaddr_in* sa4 = (struct sockaddr_in*)ss; - - memset(sa4, 0, sizeof(*sa4)); - sa4->sin_family = AF_INET; - memcpy(&sa4->sin_addr, rd->rr_data[i] + 2, - sizeof(sa4->sin_addr)); - *addrlenp = sizeof(*sa4); - return 1; - } else if(rtype == LDNS_RR_TYPE_AAAA && rd->rr_len[i] == 18) { - struct sockaddr_in6* sa6 = (struct sockaddr_in6*)ss; - - memset(sa6, 0, sizeof(*sa6)); - sa6->sin6_family = AF_INET6; - memcpy(&sa6->sin6_addr, rd->rr_data[i] + 2, - sizeof(sa6->sin6_addr)); - *addrlenp = sizeof(*sa6); - return 1; - } - return 0; -} - -/** - * Search the given 'iptree' for response address information that matches - * any of the IP addresses in an AAAA or A in the answer section of the - * response (stored in 'rep'). If found, a pointer to the matched resp_addr - * structure will be returned, and '*rrset_id' is set to the index in - * rep->rrsets for the RRset that contains the matching IP address record - * (the index is normally 0, but can be larger than that if this is a CNAME - * chain or type-ANY response). - */ -static const struct resp_addr* -respip_addr_lookup(const struct reply_info *rep, struct rbtree_type* iptree, - size_t* rrset_id) -{ - size_t i; - struct resp_addr* ra; - struct sockaddr_storage ss; - socklen_t addrlen; - - for(i=0; ian_numrrsets; i++) { - size_t j; - const struct packed_rrset_data* rd; - uint16_t rtype = ntohs(rep->rrsets[i]->rk.type); - - if(rtype != LDNS_RR_TYPE_A && rtype != LDNS_RR_TYPE_AAAA) - continue; - rd = rep->rrsets[i]->entry.data; - for(j = 0; j < rd->count; j++) { - if(!rdata2sockaddr(rd, rtype, j, &ss, &addrlen)) - continue; - ra = (struct resp_addr*)addr_tree_lookup(iptree, &ss, - addrlen); - if(ra) { - *rrset_id = i; - return ra; - } - } - } - - return NULL; -} - -/* - * Create a new reply_info based on 'rep'. The new info is based on - * the passed 'rep', but ignores any rrsets except for the first 'an_numrrsets' - * RRsets in the answer section. These answer rrsets are copied to the - * new info, up to 'copy_rrsets' rrsets (which must not be larger than - * 'an_numrrsets'). If an_numrrsets > copy_rrsets, the remaining rrsets array - * entries will be kept empty so the caller can fill them later. When rrsets - * are copied, they are shallow copied. The caller must ensure that the - * copied rrsets are valid throughout its lifetime and must provide appropriate - * mutex if it can be shared by multiple threads. - */ -static struct reply_info * -make_new_reply_info(const struct reply_info* rep, struct regional* region, - size_t an_numrrsets, size_t copy_rrsets) -{ - struct reply_info* new_rep; - size_t i; - - /* create a base struct. we specify 'insecure' security status as - * the modified response won't be DNSSEC-valid. In our faked response - * the authority and additional sections will be empty (except possible - * EDNS0 OPT RR in the additional section appended on sending it out), - * so the total number of RRsets is an_numrrsets. */ - new_rep = construct_reply_info_base(region, rep->flags, - rep->qdcount, rep->ttl, rep->prefetch_ttl, an_numrrsets, - 0, 0, an_numrrsets, sec_status_insecure); - if(!new_rep) - return NULL; - if(!reply_info_alloc_rrset_keys(new_rep, NULL, region)) - return NULL; - for(i=0; irrsets[i] = rep->rrsets[i]; - - return new_rep; -} - -/** - * See if response-ip or tag data should override the original answer rrset - * (which is rep->rrsets[rrset_id]) and if so override it. - * This is (mostly) equivalent to localzone.c:local_data_answer() but for - * response-ip actions. - * Note that this function distinguishes error conditions from "success but - * not overridden". This is because we want to avoid accidentally applying - * the "no data" action in case of error. - * @param raddr: address span that requires an action - * @param action: action to apply - * @param qtype: original query type - * @param rep: original reply message - * @param rrset_id: the rrset ID in 'rep' to which the action should apply - * @param new_repp: see respip_rewrite_reply - * @param tag: if >= 0 the tag ID used to determine the action and data - * @param tag_datas: data corresponding to 'tag'. - * @param tag_datas_size: size of 'tag_datas' - * @param tagname: array of tag names, used for logging - * @param num_tags: size of 'tagname', used for logging - * @param redirect_rrsetp: ptr to redirect record - * @param region: region for building new reply - * @return 1 if overridden, 0 if not overridden, -1 on error. - */ -static int -respip_data_answer(const struct resp_addr* raddr, enum respip_action action, - uint16_t qtype, const struct reply_info* rep, - size_t rrset_id, struct reply_info** new_repp, int tag, - struct config_strlist** tag_datas, size_t tag_datas_size, - char* const* tagname, int num_tags, - struct ub_packed_rrset_key** redirect_rrsetp, struct regional* region) -{ - struct ub_packed_rrset_key* rp = raddr->data; - struct reply_info* new_rep; - *redirect_rrsetp = NULL; - - if(action == respip_redirect && tag != -1 && - (size_t)tagrrsets[rrset_id]->rk.dname; - dataqinfo.qname_len = rep->rrsets[rrset_id]->rk.dname_len; - dataqinfo.qtype = ntohs(rep->rrsets[rrset_id]->rk.type); - dataqinfo.qclass = ntohs(rep->rrsets[rrset_id]->rk.rrset_class); - - memset(&r, 0, sizeof(r)); - if(local_data_find_tag_datas(&dataqinfo, tag_datas[tag], &r, - region)) { - verbose(VERB_ALGO, - "response-ip redirect with tag data [%d] %s", - tag, (tagdata) { - rp = copy_rrset(rp, region); - if(!rp) - return -1; - rp->rk.dname = rep->rrsets[rrset_id]->rk.dname; - rp->rk.dname_len = rep->rrsets[rrset_id]->rk.dname_len; - } - - /* Build a new reply with redirect rrset. We keep any preceding CNAMEs - * and replace the address rrset that triggers the action. If it's - * type ANY query, however, no other answer records should be kept - * (note that it can't be a CNAME chain in this case due to - * sanitizing). */ - if(qtype == LDNS_RR_TYPE_ANY) - rrset_id = 0; - new_rep = make_new_reply_info(rep, region, rrset_id + 1, rrset_id); - if(!new_rep) - return -1; - rp->rk.flags |= PACKED_RRSET_FIXEDTTL; /* avoid adjusting TTL */ - new_rep->rrsets[rrset_id] = rp; - - *redirect_rrsetp = rp; - *new_repp = new_rep; - return 1; -} - -/** - * apply response ip action in case where no action data is provided. - * this is similar to localzone.c:lz_zone_answer() but simplified due to - * the characteristics of response ip: - * - 'deny' variants will be handled at the caller side - * - no specific processing for 'transparent' variants: unlike local zones, - * there is no such a case of 'no data but name existing'. so all variants - * just mean 'transparent if no data'. - * @param qtype: query type - * @param action: found action - * @param rep: - * @param new_repp - * @param rrset_id - * @param region: region for building new reply - * @return 1 on success, 0 on error. - */ -static int -respip_nodata_answer(uint16_t qtype, enum respip_action action, - const struct reply_info *rep, size_t rrset_id, - struct reply_info** new_repp, struct regional* region) -{ - struct reply_info* new_rep; - - if(action == respip_refuse || action == respip_always_refuse) { - new_rep = make_new_reply_info(rep, region, 0, 0); - if(!new_rep) - return 0; - FLAGS_SET_RCODE(new_rep->flags, LDNS_RCODE_REFUSED); - *new_repp = new_rep; - return 1; - } else if(action == respip_static || action == respip_redirect || - action == respip_always_nxdomain) { - /* Since we don't know about other types of the owner name, - * we generally return NOERROR/NODATA unless an NXDOMAIN action - * is explicitly specified. */ - int rcode = (action == respip_always_nxdomain)? - LDNS_RCODE_NXDOMAIN:LDNS_RCODE_NOERROR; - - /* We should empty the answer section except for any preceding - * CNAMEs (in that case rrset_id > 0). Type-ANY case is - * special as noted in respip_data_answer(). */ - if(qtype == LDNS_RR_TYPE_ANY) - rrset_id = 0; - new_rep = make_new_reply_info(rep, region, rrset_id, rrset_id); - if(!new_rep) - return 0; - FLAGS_SET_RCODE(new_rep->flags, rcode); - *new_repp = new_rep; - return 1; - } - - return 1; -} - -/** Populate action info structure with the results of response-ip action - * processing, iff as the result of response-ip processing we are actually - * taking some action. Only action is set if action_only is true. - * Returns true on success, false on failure. - */ -static int -populate_action_info(struct respip_action_info* actinfo, - enum respip_action action, const struct resp_addr* raddr, - const struct ub_packed_rrset_key* ATTR_UNUSED(rrset), - int ATTR_UNUSED(tag), const struct respip_set* ATTR_UNUSED(ipset), - int ATTR_UNUSED(action_only), struct regional* region) -{ - if(action == respip_none || !raddr) - return 1; - actinfo->action = action; - - /* for inform variants, make a copy of the matched address block for - * later logging. We make a copy to proactively avoid disruption if - * and when we allow a dynamic update to the respip tree. */ - if(action == respip_inform || action == respip_inform_deny) { - struct respip_addr_info* a = - regional_alloc_zero(region, sizeof(*a)); - if(!a) { - log_err("out of memory"); - return 0; - } - a->addr = raddr->node.addr; - a->addrlen = raddr->node.addrlen; - a->net = raddr->node.net; - actinfo->addrinfo = a; - } - - return 1; -} - -int -respip_rewrite_reply(const struct query_info* qinfo, - const struct respip_client_info* cinfo, const struct reply_info* rep, - struct reply_info** new_repp, struct respip_action_info* actinfo, - struct ub_packed_rrset_key** alias_rrset, int search_only, - struct regional* region) -{ - const uint8_t* ctaglist; - size_t ctaglen; - const uint8_t* tag_actions; - size_t tag_actions_size; - struct config_strlist** tag_datas; - size_t tag_datas_size; - struct view* view = NULL; - struct respip_set* ipset = NULL; - size_t rrset_id = 0; - enum respip_action action = respip_none; - int tag = -1; - const struct resp_addr* raddr = NULL; - int ret = 1; - struct ub_packed_rrset_key* redirect_rrset = NULL; - - if(!cinfo) - goto done; - ctaglist = cinfo->taglist; - ctaglen = cinfo->taglen; - tag_actions = cinfo->tag_actions; - tag_actions_size = cinfo->tag_actions_size; - tag_datas = cinfo->tag_datas; - tag_datas_size = cinfo->tag_datas_size; - view = cinfo->view; - ipset = cinfo->respip_set; - - /** Try to use response-ip config from the view first; use - * global response-ip config if we don't have the view or we don't - * have the matching per-view config (and the view allows the use - * of global data in this case). - * Note that we lock the view even if we only use view members that - * currently don't change after creation. This is for safety for - * future possible changes as the view documentation seems to expect - * any of its member can change in the view's lifetime. - * Note also that we assume 'view' is valid in this function, which - * should be safe (see unbound bug #1191) */ - if(view) { - lock_rw_rdlock(&view->lock); - if(view->respip_set) { - if((raddr = respip_addr_lookup(rep, - &view->respip_set->ip_tree, &rrset_id))) { - /** for per-view respip directives the action - * can only be direct (i.e. not tag-based) */ - action = raddr->action; - } - } - if(!raddr && !view->isfirst) - goto done; - } - if(!raddr && ipset && (raddr = respip_addr_lookup(rep, &ipset->ip_tree, - &rrset_id))) { - action = (enum respip_action)local_data_find_tag_action( - raddr->taglist, raddr->taglen, ctaglist, ctaglen, - tag_actions, tag_actions_size, - (enum localzone_type)raddr->action, &tag, - ipset->tagname, ipset->num_tags); - } - if(raddr && !search_only) { - int result = 0; - - /* first, see if we have response-ip or tag action for the - * action except for 'always' variants. */ - if(action != respip_always_refuse - && action != respip_always_transparent - && action != respip_always_nxdomain - && (result = respip_data_answer(raddr, action, - qinfo->qtype, rep, rrset_id, new_repp, tag, tag_datas, - tag_datas_size, ipset->tagname, ipset->num_tags, - &redirect_rrset, region)) < 0) { - ret = 0; - goto done; - } - - /* if no action data applied, take action specific to the - * action without data. */ - if(!result && !respip_nodata_answer(qinfo->qtype, action, rep, - rrset_id, new_repp, region)) { - ret = 0; - goto done; - } - } - done: - if(view) { - lock_rw_unlock(&view->lock); - } - if(ret) { - /* If we're redirecting the original answer to a - * CNAME, record the CNAME rrset so the caller can take - * the appropriate action. Note that we don't check the - * action type; it should normally be 'redirect', but it - * can be of other type when a data-dependent tag action - * uses redirect response-ip data. - */ - if(redirect_rrset && - redirect_rrset->rk.type == ntohs(LDNS_RR_TYPE_CNAME) && - qinfo->qtype != LDNS_RR_TYPE_ANY) - *alias_rrset = redirect_rrset; - /* on success, populate respip result structure */ - ret = populate_action_info(actinfo, action, raddr, - redirect_rrset, tag, ipset, search_only, region); - } - return ret; -} - -static int -generate_cname_request(struct module_qstate* qstate, - struct ub_packed_rrset_key* alias_rrset) -{ - struct module_qstate* subq = NULL; - struct query_info subqi; - - memset(&subqi, 0, sizeof(subqi)); - get_cname_target(alias_rrset, &subqi.qname, &subqi.qname_len); - if(!subqi.qname) - return 0; /* unexpected: not a valid CNAME RDATA */ - subqi.qtype = qstate->qinfo.qtype; - subqi.qclass = qstate->qinfo.qclass; - fptr_ok(fptr_whitelist_modenv_attach_sub(qstate->env->attach_sub)); - return (*qstate->env->attach_sub)(qstate, &subqi, BIT_RD, 0, 0, &subq); -} - -void -respip_operate(struct module_qstate* qstate, enum module_ev event, int id, - struct outbound_entry* outbound) -{ - struct respip_qstate* rq = (struct respip_qstate*)qstate->minfo[id]; - - log_query_info(VERB_QUERY, "respip operate: query", &qstate->qinfo); - (void)outbound; - - if(event == module_event_new || event == module_event_pass) { - if(!rq) { - rq = regional_alloc_zero(qstate->region, sizeof(*rq)); - if(!rq) - goto servfail; - rq->state = RESPIP_INIT; - qstate->minfo[id] = rq; - } - if(rq->state == RESPIP_SUBQUERY_FINISHED) { - qstate->ext_state[id] = module_finished; - return; - } - verbose(VERB_ALGO, "respip: pass to next module"); - qstate->ext_state[id] = module_wait_module; - } else if(event == module_event_moddone) { - /* If the reply may be subject to response-ip rewriting - * according to the query type, check the actions. If a - * rewrite is necessary, we'll replace the reply in qstate - * with the new one. */ - enum module_ext_state next_state = module_finished; - - if((qstate->qinfo.qtype == LDNS_RR_TYPE_A || - qstate->qinfo.qtype == LDNS_RR_TYPE_AAAA || - qstate->qinfo.qtype == LDNS_RR_TYPE_ANY) && - qstate->return_msg && qstate->return_msg->rep) { - struct respip_action_info actinfo = {respip_none, NULL}; - struct reply_info* new_rep = qstate->return_msg->rep; - struct ub_packed_rrset_key* alias_rrset = NULL; - - if(!respip_rewrite_reply(&qstate->qinfo, - qstate->client_info, qstate->return_msg->rep, - &new_rep, &actinfo, &alias_rrset, 0, - qstate->region)) { - goto servfail; - } - if(actinfo.action != respip_none) { - /* save action info for logging on a - * per-front-end-query basis */ - if(!(qstate->respip_action_info = - regional_alloc_init(qstate->region, - &actinfo, sizeof(actinfo)))) - { - log_err("out of memory"); - goto servfail; - } - } else { - qstate->respip_action_info = NULL; - } - if (new_rep == qstate->return_msg->rep && - (actinfo.action == respip_deny || - actinfo.action == respip_inform_deny)) { - /* for deny-variant actions (unless response-ip - * data is applied), mark the query state so - * the response will be dropped for all - * clients. */ - qstate->is_drop = 1; - } else if(alias_rrset) { - if(!generate_cname_request(qstate, alias_rrset)) - goto servfail; - next_state = module_wait_subquery; - } - qstate->return_msg->rep = new_rep; - } - qstate->ext_state[id] = next_state; - } else - qstate->ext_state[id] = module_finished; - - return; - - servfail: - qstate->return_rcode = LDNS_RCODE_SERVFAIL; - qstate->return_msg = NULL; -} - -int -respip_merge_cname(struct reply_info* base_rep, - const struct query_info* qinfo, const struct reply_info* tgt_rep, - const struct respip_client_info* cinfo, int must_validate, - struct reply_info** new_repp, struct regional* region) -{ - struct reply_info* new_rep; - struct reply_info* tmp_rep = NULL; /* just a placeholder */ - struct ub_packed_rrset_key* alias_rrset = NULL; /* ditto */ - uint16_t tgt_rcode; - size_t i, j; - struct respip_action_info actinfo = {respip_none, NULL}; - - /* If the query for the CNAME target would result in an unusual rcode, - * we generally translate it as a failure for the base query - * (which would then be translated into SERVFAIL). The only exception - * is NXDOMAIN and YXDOMAIN, which are passed to the end client(s). - * The YXDOMAIN case would be rare but still possible (when - * DNSSEC-validated DNAME has been cached but synthesizing CNAME - * can't be generated due to length limitation) */ - tgt_rcode = FLAGS_GET_RCODE(tgt_rep->flags); - if((tgt_rcode != LDNS_RCODE_NOERROR && - tgt_rcode != LDNS_RCODE_NXDOMAIN && - tgt_rcode != LDNS_RCODE_YXDOMAIN) || - (must_validate && tgt_rep->security <= sec_status_bogus)) { - return 0; - } - - /* see if the target reply would be subject to a response-ip action. */ - if(!respip_rewrite_reply(qinfo, cinfo, tgt_rep, &tmp_rep, &actinfo, - &alias_rrset, 1, region)) - return 0; - if(actinfo.action != respip_none) { - log_info("CNAME target of redirect response-ip action would " - "be subject to response-ip action, too; stripped"); - *new_repp = base_rep; - return 1; - } - - /* Append target reply to the base. Since we cannot assume - * tgt_rep->rrsets is valid throughout the lifetime of new_rep - * or it can be safely shared by multiple threads, we need to make a - * deep copy. */ - new_rep = make_new_reply_info(base_rep, region, - base_rep->an_numrrsets + tgt_rep->an_numrrsets, - base_rep->an_numrrsets); - if(!new_rep) - return 0; - for(i=0,j=base_rep->an_numrrsets; ian_numrrsets; i++,j++) { - new_rep->rrsets[j] = copy_rrset(tgt_rep->rrsets[i], region); - if(!new_rep->rrsets[j]) - return 0; - } - - FLAGS_SET_RCODE(new_rep->flags, tgt_rcode); - *new_repp = new_rep; - return 1; -} - -void -respip_inform_super(struct module_qstate* qstate, int id, - struct module_qstate* super) -{ - struct respip_qstate* rq = (struct respip_qstate*)super->minfo[id]; - struct reply_info* new_rep = NULL; - - rq->state = RESPIP_SUBQUERY_FINISHED; - - /* respip subquery should have always been created with a valid reply - * in super. */ - log_assert(super->return_msg && super->return_msg->rep); - - /* return_msg can be NULL when, e.g., the sub query resulted in - * SERVFAIL, in which case we regard it as a failure of the original - * query. Other checks are probably redundant, but we check them - * for safety. */ - if(!qstate->return_msg || !qstate->return_msg->rep || - qstate->return_rcode != LDNS_RCODE_NOERROR) - goto fail; - - if(!respip_merge_cname(super->return_msg->rep, &qstate->qinfo, - qstate->return_msg->rep, super->client_info, - super->env->need_to_validate, &new_rep, super->region)) - goto fail; - super->return_msg->rep = new_rep; - return; - - fail: - super->return_rcode = LDNS_RCODE_SERVFAIL; - super->return_msg = NULL; - return; -} - -void -respip_clear(struct module_qstate* qstate, int id) -{ - qstate->minfo[id] = NULL; -} - -size_t -respip_get_mem(struct module_env* env, int id) -{ - (void)env; - (void)id; - return 0; -} - -/** - * The response-ip function block - */ -static struct module_func_block respip_block = { - "respip", - &respip_init, &respip_deinit, &respip_operate, &respip_inform_super, - &respip_clear, &respip_get_mem -}; - -struct module_func_block* -respip_get_funcblock(void) -{ - return &respip_block; -} - -enum respip_action -resp_addr_get_action(const struct resp_addr* addr) -{ - return addr ? addr->action : respip_none; -} - -struct ub_packed_rrset_key* -resp_addr_get_rrset(struct resp_addr* addr) -{ - return addr ? addr->data : NULL; -} - -int -respip_set_is_empty(const struct respip_set* set) -{ - return set ? set->ip_tree.count == 0 : 1; -} - -void -respip_inform_print(struct respip_addr_info* respip_addr, uint8_t* qname, - uint16_t qtype, uint16_t qclass, struct local_rrset* local_alias, - struct comm_reply* repinfo) -{ - char srcip[128], respip[128], txt[512]; - unsigned port; - - if(local_alias) - qname = local_alias->rrset->rk.dname; - port = (unsigned)((repinfo->addr.ss_family == AF_INET) ? - ntohs(((struct sockaddr_in*)&repinfo->addr)->sin_port) : - ntohs(((struct sockaddr_in6*)&repinfo->addr)->sin6_port)); - addr_to_str(&repinfo->addr, repinfo->addrlen, srcip, sizeof(srcip)); - addr_to_str(&respip_addr->addr, respip_addr->addrlen, - respip, sizeof(respip)); - snprintf(txt, sizeof(txt), "%s/%d inform %s@%u", respip, - respip_addr->net, srcip, port); - log_nametypeclass(0, txt, qname, qtype, qclass); -} diff --git a/external/unbound/respip/respip.h b/external/unbound/respip/respip.h deleted file mode 100644 index 01309caec..000000000 --- a/external/unbound/respip/respip.h +++ /dev/null @@ -1,230 +0,0 @@ -/* - * respip/respip.h - IP-based response modification module - */ - -/** - * \file - * - * This file contains a module that selectively modifies query responses - * based on their AAAA/A IP addresses. - */ - -#ifndef RESPIP_RESPIP_H -#define RESPIP_RESPIP_H - -#include "util/module.h" -#include "services/localzone.h" - -/** - * Set of response IP addresses with associated actions and tags. - * Forward declaration only here. Actual definition is hidden within the - * module. - */ -struct respip_set; - -/** - * Forward declaration for the structure that represents a node in the - * respip_set address tree - */ -struct resp_addr; - -/** - * Forward declaration for the structure that represents a tree of view data. - */ -struct views; - -struct respip_addr_info; - -/** - * Client-specific attributes that can affect IP-based actions. - * This is essentially a subset of acl_addr (except for respip_set) but - * defined as a separate structure to avoid dependency on the daemon-specific - * structure. - * respip_set is supposed to refer to the response-ip set for the global view. - */ -struct respip_client_info { - uint8_t* taglist; - size_t taglen; - uint8_t* tag_actions; - size_t tag_actions_size; - struct config_strlist** tag_datas; - size_t tag_datas_size; - struct view* view; - struct respip_set* respip_set; -}; - -/** - * Data items representing the result of response-ip processing. - * Note: this structure currently only define a few members, but exists - * as a separate struct mainly for the convenience of custom extensions. - */ -struct respip_action_info { - enum respip_action action; - struct respip_addr_info* addrinfo; /* set only for inform variants */ -}; - -/** - * Forward declaration for the structure that represents a node in the - * respip_set address tree - */ -struct resp_addr; - -/** - * Create response IP set. - * @return new struct or NULL on error. - */ -struct respip_set* respip_set_create(void); - -/** - * Delete response IP set. - * @param set: to delete. - */ -void respip_set_delete(struct respip_set* set); - -/** - * Apply response-ip config settings to the global (default) view. - * It assumes exclusive access to set (no internal locks). - * @param set: processed global respip config data - * @param cfg: config data. - * @return 1 on success, 0 on error. - */ -int respip_global_apply_cfg(struct respip_set* set, struct config_file* cfg); - -/** - * Apply response-ip config settings in named views. - * @param vs: view structures with processed config data - * @param cfg: config data. - * @param have_view_respip_cfg: set to true if any named view has respip - * configuration; otherwise set to false - * @return 1 on success, 0 on error. - */ -int respip_views_apply_cfg(struct views* vs, struct config_file* cfg, - int* have_view_respip_cfg); - -/** - * Merge two replies to build a complete CNAME chain. - * It appends the content of 'tgt_rep' to 'base_rep', assuming (but not - * checking) the former ends with a CNAME and the latter resolves its target. - * A merged new reply will be built using 'region' and *new_repp will point - * to the new one on success. - * If the target reply would also be subject to a response-ip action for - * 'cinfo', this function uses 'base_rep' as the merged reply, ignoring - * 'tgt_rep'. This is for avoiding cases like a CNAME loop or failure of - * applying an action to an address. - * RRSIGs in 'tgt_rep' will be excluded in the merged reply, as the resulting - * reply is assumed to be faked due to a response-ip action and can't be - * considered secure in terms of DNSSEC. - * The caller must ensure that neither 'base_rep' nor 'tgt_rep' can be modified - * until this function returns. - * @param base_rep: the reply info containing an incomplete CNAME. - * @param qinfo: query info corresponding to 'base_rep'. - * @param tgt_rep: the reply info that completes the CNAME chain. - * @param cinfo: client info corresponding to 'base_rep'. - * @param must_validate: whether 'tgt_rep' must be DNSSEC-validated. - * @param new_repp: pointer placeholder for the merged reply. will be intact - * on error. - * @param region: allocator to build *new_repp. - * @return 1 on success, 0 on error. - */ -int respip_merge_cname(struct reply_info* base_rep, - const struct query_info* qinfo, const struct reply_info* tgt_rep, - const struct respip_client_info* cinfo, int must_validate, - struct reply_info** new_repp, struct regional* region); - -/** - * See if any IP-based action should apply to any IP address of AAAA/A answer - * record in the reply. If so, apply the action. In some cases it rewrites - * the reply rrsets, in which case *new_repp will point to the updated reply - * info. Depending on the action, some of the rrsets in 'rep' will be - * shallow-copied into '*new_repp'; the caller must ensure that the rrsets - * in 'rep' are valid throughout the lifetime of *new_repp, and it must - * provide appropriate mutex if the rrsets can be shared by multiple threads. - * @param qinfo: query info corresponding to the reply. - * @param cinfo: client-specific info to identify the best matching action. - * can be NULL. - * @param rep: original reply info. must not be NULL. - * @param new_repp: can be set to the rewritten reply info (intact on failure). - * @param actinfo: result of response-ip processing - * @param alias_rrset: must not be NULL. - * @param search_only: if true, only check if an action would apply. actionp - * will be set (or intact) accordingly but the modified reply won't be built. - * @param region: allocator to build *new_repp. - * @return 1 on success, 0 on error. - */ -int respip_rewrite_reply(const struct query_info* qinfo, - const struct respip_client_info* cinfo, - const struct reply_info *rep, struct reply_info** new_repp, - struct respip_action_info* actinfo, - struct ub_packed_rrset_key** alias_rrset, - int search_only, struct regional* region); - -/** - * Get the response-ip function block. - * @return: function block with function pointers to response-ip methods. - */ -struct module_func_block* respip_get_funcblock(void); - -/** response-ip init */ -int respip_init(struct module_env* env, int id); - -/** response-ip deinit */ -void respip_deinit(struct module_env* env, int id); - -/** response-ip operate on a query */ -void respip_operate(struct module_qstate* qstate, enum module_ev event, int id, - struct outbound_entry* outbound); - -/** inform response-ip super */ -void respip_inform_super(struct module_qstate* qstate, int id, - struct module_qstate* super); - -/** response-ip cleanup query state */ -void respip_clear(struct module_qstate* qstate, int id); - -/** - * returns address of the IP address tree of the specified respip set; - * returns NULL for NULL input; exists for test purposes only - */ -struct rbtree_type* respip_set_get_tree(struct respip_set* set); - -/** - * returns respip action for the specified node in the respip address - * returns respip_none for NULL input; exists for test purposes only - */ -enum respip_action resp_addr_get_action(const struct resp_addr* addr); - -/** - * returns rrset portion of the specified node in the respip address - * tree; returns NULL for NULL input; exists for test purposes only - */ -struct ub_packed_rrset_key* resp_addr_get_rrset(struct resp_addr* addr); - -/** response-ip alloc size routine */ -size_t respip_get_mem(struct module_env* env, int id); - -/** - * respip set emptiness test - * @param set respip set to test - * @return 0 if the specified set exists (non-NULL) and is non-empty; - * otherwise returns 1 - */ -int respip_set_is_empty(const struct respip_set* set); - -/** - * print log information for a query subject to an inform or inform-deny - * response-ip action. - * @param respip_addr: response-ip information that causes the action - * @param qname: query name in the context, will be ignored if local_alias is - * non-NULL. - * @param qtype: query type, in host byte order. - * @param qclass: query class, in host byte order. - * @param local_alias: set to a local alias if the query matches an alias in - * a local zone. In this case its owner name will be considered the actual - * query name. - * @param repinfo: reply info containing the client's source address and port. - */ -void respip_inform_print(struct respip_addr_info* respip_addr, uint8_t* qname, - uint16_t qtype, uint16_t qclass, struct local_rrset* local_alias, - struct comm_reply* repinfo); - -#endif /* RESPIP_RESPIP_H */ diff --git a/external/unbound/services/cache/dns.c b/external/unbound/services/cache/dns.c deleted file mode 100644 index a8fde9f28..000000000 --- a/external/unbound/services/cache/dns.c +++ /dev/null @@ -1,910 +0,0 @@ -/* - * services/cache/dns.c - Cache services for DNS using msg and rrset caches. - * - * Copyright (c) 2007, NLnet Labs. All rights reserved. - * - * This software is open source. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * Redistributions of source code must retain the above copyright notice, - * this list of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, - * this list of conditions and the following disclaimer in the documentation - * and/or other materials provided with the distribution. - * - * Neither the name of the NLNET LABS nor the names of its contributors may - * be used to endorse or promote products derived from this software without - * specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR - * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT - * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED - * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR - * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF - * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING - * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -/** - * \file - * - * This file contains the DNS cache. - */ -#include "config.h" -#include "iterator/iter_delegpt.h" -#include "validator/val_nsec.h" -#include "services/cache/dns.h" -#include "services/cache/rrset.h" -#include "util/data/msgreply.h" -#include "util/data/packed_rrset.h" -#include "util/data/dname.h" -#include "util/module.h" -#include "util/net_help.h" -#include "util/regional.h" -#include "util/config_file.h" -#include "sldns/sbuffer.h" - -/** store rrsets in the rrset cache. - * @param env: module environment with caches. - * @param rep: contains list of rrsets to store. - * @param now: current time. - * @param leeway: during prefetch how much leeway to update TTLs. - * This makes rrsets (other than type NS) timeout sooner so they get - * updated with a new full TTL. - * Type NS does not get this, because it must not be refreshed from the - * child domain, but keep counting down properly. - * @param pside: if from parentside discovered NS, so that its NS is okay - * in a prefetch situation to be updated (without becoming sticky). - * @param qrep: update rrsets here if cache is better - * @param region: for qrep allocs. - */ -static void -store_rrsets(struct module_env* env, struct reply_info* rep, time_t now, - time_t leeway, int pside, struct reply_info* qrep, - struct regional* region) -{ - size_t i; - /* see if rrset already exists in cache, if not insert it. */ - for(i=0; irrset_count; i++) { - rep->ref[i].key = rep->rrsets[i]; - rep->ref[i].id = rep->rrsets[i]->id; - /* update ref if it was in the cache */ - switch(rrset_cache_update(env->rrset_cache, &rep->ref[i], - env->alloc, now + ((ntohs(rep->ref[i].key->rk.type)== - LDNS_RR_TYPE_NS && !pside)?0:leeway))) { - case 0: /* ref unchanged, item inserted */ - break; - case 2: /* ref updated, cache is superior */ - if(region) { - struct ub_packed_rrset_key* ck; - lock_rw_rdlock(&rep->ref[i].key->entry.lock); - /* if deleted rrset, do not copy it */ - if(rep->ref[i].key->id == 0) - ck = NULL; - else ck = packed_rrset_copy_region( - rep->ref[i].key, region, now); - lock_rw_unlock(&rep->ref[i].key->entry.lock); - if(ck) { - /* use cached copy if memory allows */ - qrep->rrsets[i] = ck; - } - } - /* no break: also copy key item */ - case 1: /* ref updated, item inserted */ - rep->rrsets[i] = rep->ref[i].key; - } - } -} - -void -dns_cache_store_msg(struct module_env* env, struct query_info* qinfo, - hashvalue_type hash, struct reply_info* rep, time_t leeway, int pside, - struct reply_info* qrep, struct regional* region) -{ - struct msgreply_entry* e; - time_t ttl = rep->ttl; - size_t i; - - /* store RRsets */ - for(i=0; irrset_count; i++) { - rep->ref[i].key = rep->rrsets[i]; - rep->ref[i].id = rep->rrsets[i]->id; - } - - /* there was a reply_info_sortref(rep) here but it seems to be - * unnecessary, because the cache gets locked per rrset. */ - reply_info_set_ttls(rep, *env->now); - store_rrsets(env, rep, *env->now, leeway, pside, qrep, region); - if(ttl == 0) { - /* we do not store the message, but we did store the RRs, - * which could be useful for delegation information */ - verbose(VERB_ALGO, "TTL 0: dropped msg from cache"); - free(rep); - return; - } - - /* store msg in the cache */ - reply_info_sortref(rep); - if(!(e = query_info_entrysetup(qinfo, rep, hash))) { - log_err("store_msg: malloc failed"); - return; - } - slabhash_insert(env->msg_cache, hash, &e->entry, rep, env->alloc); -} - -/** find closest NS or DNAME and returns the rrset (locked) */ -static struct ub_packed_rrset_key* -find_closest_of_type(struct module_env* env, uint8_t* qname, size_t qnamelen, - uint16_t qclass, time_t now, uint16_t searchtype, int stripfront) -{ - struct ub_packed_rrset_key *rrset; - uint8_t lablen; - - if(stripfront) { - /* strip off so that DNAMEs have strict subdomain match */ - lablen = *qname; - qname += lablen + 1; - qnamelen -= lablen + 1; - } - - /* snip off front part of qname until the type is found */ - while(qnamelen > 0) { - if((rrset = rrset_cache_lookup(env->rrset_cache, qname, - qnamelen, searchtype, qclass, 0, now, 0))) - return rrset; - - /* snip off front label */ - lablen = *qname; - qname += lablen + 1; - qnamelen -= lablen + 1; - } - return NULL; -} - -/** add addr to additional section */ -static void -addr_to_additional(struct ub_packed_rrset_key* rrset, struct regional* region, - struct dns_msg* msg, time_t now) -{ - if((msg->rep->rrsets[msg->rep->rrset_count] = - packed_rrset_copy_region(rrset, region, now))) { - msg->rep->ar_numrrsets++; - msg->rep->rrset_count++; - } -} - -/** lookup message in message cache */ -static struct msgreply_entry* -msg_cache_lookup(struct module_env* env, uint8_t* qname, size_t qnamelen, - uint16_t qtype, uint16_t qclass, uint16_t flags, time_t now, int wr) -{ - struct lruhash_entry* e; - struct query_info k; - hashvalue_type h; - - k.qname = qname; - k.qname_len = qnamelen; - k.qtype = qtype; - k.qclass = qclass; - k.local_alias = NULL; - h = query_info_hash(&k, flags); - e = slabhash_lookup(env->msg_cache, h, &k, wr); - - if(!e) return NULL; - if( now > ((struct reply_info*)e->data)->ttl ) { - lock_rw_unlock(&e->lock); - return NULL; - } - return (struct msgreply_entry*)e->key; -} - -/** find and add A and AAAA records for nameservers in delegpt */ -static int -find_add_addrs(struct module_env* env, uint16_t qclass, - struct regional* region, struct delegpt* dp, time_t now, - struct dns_msg** msg) -{ - struct delegpt_ns* ns; - struct msgreply_entry* neg; - struct ub_packed_rrset_key* akey; - for(ns = dp->nslist; ns; ns = ns->next) { - akey = rrset_cache_lookup(env->rrset_cache, ns->name, - ns->namelen, LDNS_RR_TYPE_A, qclass, 0, now, 0); - if(akey) { - if(!delegpt_add_rrset_A(dp, region, akey, 0)) { - lock_rw_unlock(&akey->entry.lock); - return 0; - } - if(msg) - addr_to_additional(akey, region, *msg, now); - lock_rw_unlock(&akey->entry.lock); - } else { - /* BIT_CD on false because delegpt lookup does - * not use dns64 translation */ - neg = msg_cache_lookup(env, ns->name, ns->namelen, - LDNS_RR_TYPE_A, qclass, 0, now, 0); - if(neg) { - delegpt_add_neg_msg(dp, neg); - lock_rw_unlock(&neg->entry.lock); - } - } - akey = rrset_cache_lookup(env->rrset_cache, ns->name, - ns->namelen, LDNS_RR_TYPE_AAAA, qclass, 0, now, 0); - if(akey) { - if(!delegpt_add_rrset_AAAA(dp, region, akey, 0)) { - lock_rw_unlock(&akey->entry.lock); - return 0; - } - if(msg) - addr_to_additional(akey, region, *msg, now); - lock_rw_unlock(&akey->entry.lock); - } else { - /* BIT_CD on false because delegpt lookup does - * not use dns64 translation */ - neg = msg_cache_lookup(env, ns->name, ns->namelen, - LDNS_RR_TYPE_AAAA, qclass, 0, now, 0); - if(neg) { - delegpt_add_neg_msg(dp, neg); - lock_rw_unlock(&neg->entry.lock); - } - } - } - return 1; -} - -/** find and add A and AAAA records for missing nameservers in delegpt */ -int -cache_fill_missing(struct module_env* env, uint16_t qclass, - struct regional* region, struct delegpt* dp) -{ - struct delegpt_ns* ns; - struct msgreply_entry* neg; - struct ub_packed_rrset_key* akey; - time_t now = *env->now; - for(ns = dp->nslist; ns; ns = ns->next) { - akey = rrset_cache_lookup(env->rrset_cache, ns->name, - ns->namelen, LDNS_RR_TYPE_A, qclass, 0, now, 0); - if(akey) { - if(!delegpt_add_rrset_A(dp, region, akey, ns->lame)) { - lock_rw_unlock(&akey->entry.lock); - return 0; - } - log_nametypeclass(VERB_ALGO, "found in cache", - ns->name, LDNS_RR_TYPE_A, qclass); - lock_rw_unlock(&akey->entry.lock); - } else { - /* BIT_CD on false because delegpt lookup does - * not use dns64 translation */ - neg = msg_cache_lookup(env, ns->name, ns->namelen, - LDNS_RR_TYPE_A, qclass, 0, now, 0); - if(neg) { - delegpt_add_neg_msg(dp, neg); - lock_rw_unlock(&neg->entry.lock); - } - } - akey = rrset_cache_lookup(env->rrset_cache, ns->name, - ns->namelen, LDNS_RR_TYPE_AAAA, qclass, 0, now, 0); - if(akey) { - if(!delegpt_add_rrset_AAAA(dp, region, akey, ns->lame)) { - lock_rw_unlock(&akey->entry.lock); - return 0; - } - log_nametypeclass(VERB_ALGO, "found in cache", - ns->name, LDNS_RR_TYPE_AAAA, qclass); - lock_rw_unlock(&akey->entry.lock); - } else { - /* BIT_CD on false because delegpt lookup does - * not use dns64 translation */ - neg = msg_cache_lookup(env, ns->name, ns->namelen, - LDNS_RR_TYPE_AAAA, qclass, 0, now, 0); - if(neg) { - delegpt_add_neg_msg(dp, neg); - lock_rw_unlock(&neg->entry.lock); - } - } - } - return 1; -} - -/** find and add DS or NSEC to delegation msg */ -static void -find_add_ds(struct module_env* env, struct regional* region, - struct dns_msg* msg, struct delegpt* dp, time_t now) -{ - /* Lookup the DS or NSEC at the delegation point. */ - struct ub_packed_rrset_key* rrset = rrset_cache_lookup( - env->rrset_cache, dp->name, dp->namelen, LDNS_RR_TYPE_DS, - msg->qinfo.qclass, 0, now, 0); - if(!rrset) { - /* NOTE: this won't work for alternate NSEC schemes - * (opt-in, NSEC3) */ - rrset = rrset_cache_lookup(env->rrset_cache, dp->name, - dp->namelen, LDNS_RR_TYPE_NSEC, msg->qinfo.qclass, - 0, now, 0); - /* Note: the PACKED_RRSET_NSEC_AT_APEX flag is not used. - * since this is a referral, we need the NSEC at the parent - * side of the zone cut, not the NSEC at apex side. */ - if(rrset && nsec_has_type(rrset, LDNS_RR_TYPE_DS)) { - lock_rw_unlock(&rrset->entry.lock); - rrset = NULL; /* discard wrong NSEC */ - } - } - if(rrset) { - /* add it to auth section. This is the second rrset. */ - if((msg->rep->rrsets[msg->rep->rrset_count] = - packed_rrset_copy_region(rrset, region, now))) { - msg->rep->ns_numrrsets++; - msg->rep->rrset_count++; - } - lock_rw_unlock(&rrset->entry.lock); - } -} - -struct dns_msg* -dns_msg_create(uint8_t* qname, size_t qnamelen, uint16_t qtype, - uint16_t qclass, struct regional* region, size_t capacity) -{ - struct dns_msg* msg = (struct dns_msg*)regional_alloc(region, - sizeof(struct dns_msg)); - if(!msg) - return NULL; - msg->qinfo.qname = regional_alloc_init(region, qname, qnamelen); - if(!msg->qinfo.qname) - return NULL; - msg->qinfo.qname_len = qnamelen; - msg->qinfo.qtype = qtype; - msg->qinfo.qclass = qclass; - msg->qinfo.local_alias = NULL; - /* non-packed reply_info, because it needs to grow the array */ - msg->rep = (struct reply_info*)regional_alloc_zero(region, - sizeof(struct reply_info)-sizeof(struct rrset_ref)); - if(!msg->rep) - return NULL; - if(capacity > RR_COUNT_MAX) - return NULL; /* integer overflow protection */ - msg->rep->flags = BIT_QR; /* with QR, no AA */ - msg->rep->qdcount = 1; - msg->rep->rrsets = (struct ub_packed_rrset_key**) - regional_alloc(region, - capacity*sizeof(struct ub_packed_rrset_key*)); - if(!msg->rep->rrsets) - return NULL; - return msg; -} - -int -dns_msg_authadd(struct dns_msg* msg, struct regional* region, - struct ub_packed_rrset_key* rrset, time_t now) -{ - if(!(msg->rep->rrsets[msg->rep->rrset_count++] = - packed_rrset_copy_region(rrset, region, now))) - return 0; - msg->rep->ns_numrrsets++; - return 1; -} - -/** add rrset to answer section */ -static int -dns_msg_ansadd(struct dns_msg* msg, struct regional* region, - struct ub_packed_rrset_key* rrset, time_t now) -{ - if(!(msg->rep->rrsets[msg->rep->rrset_count++] = - packed_rrset_copy_region(rrset, region, now))) - return 0; - msg->rep->an_numrrsets++; - return 1; -} - -struct delegpt* -dns_cache_find_delegation(struct module_env* env, uint8_t* qname, - size_t qnamelen, uint16_t qtype, uint16_t qclass, - struct regional* region, struct dns_msg** msg, time_t now) -{ - /* try to find closest NS rrset */ - struct ub_packed_rrset_key* nskey; - struct packed_rrset_data* nsdata; - struct delegpt* dp; - - nskey = find_closest_of_type(env, qname, qnamelen, qclass, now, - LDNS_RR_TYPE_NS, 0); - if(!nskey) /* hope the caller has hints to prime or something */ - return NULL; - nsdata = (struct packed_rrset_data*)nskey->entry.data; - /* got the NS key, create delegation point */ - dp = delegpt_create(region); - if(!dp || !delegpt_set_name(dp, region, nskey->rk.dname)) { - lock_rw_unlock(&nskey->entry.lock); - log_err("find_delegation: out of memory"); - return NULL; - } - /* create referral message */ - if(msg) { - /* allocate the array to as much as we could need: - * NS rrset + DS/NSEC rrset + - * A rrset for every NS RR - * AAAA rrset for every NS RR - */ - *msg = dns_msg_create(qname, qnamelen, qtype, qclass, region, - 2 + nsdata->count*2); - if(!*msg || !dns_msg_authadd(*msg, region, nskey, now)) { - lock_rw_unlock(&nskey->entry.lock); - log_err("find_delegation: out of memory"); - return NULL; - } - } - if(!delegpt_rrset_add_ns(dp, region, nskey, 0)) - log_err("find_delegation: addns out of memory"); - lock_rw_unlock(&nskey->entry.lock); /* first unlock before next lookup*/ - /* find and add DS/NSEC (if any) */ - if(msg) - find_add_ds(env, region, *msg, dp, now); - /* find and add A entries */ - if(!find_add_addrs(env, qclass, region, dp, now, msg)) - log_err("find_delegation: addrs out of memory"); - return dp; -} - -/** allocate dns_msg from query_info and reply_info */ -static struct dns_msg* -gen_dns_msg(struct regional* region, struct query_info* q, size_t num) -{ - struct dns_msg* msg = (struct dns_msg*)regional_alloc(region, - sizeof(struct dns_msg)); - if(!msg) - return NULL; - memcpy(&msg->qinfo, q, sizeof(struct query_info)); - msg->qinfo.qname = regional_alloc_init(region, q->qname, q->qname_len); - if(!msg->qinfo.qname) - return NULL; - /* allocate replyinfo struct and rrset key array separately */ - msg->rep = (struct reply_info*)regional_alloc(region, - sizeof(struct reply_info) - sizeof(struct rrset_ref)); - if(!msg->rep) - return NULL; - if(num > RR_COUNT_MAX) - return NULL; /* integer overflow protection */ - msg->rep->rrsets = (struct ub_packed_rrset_key**) - regional_alloc(region, - num * sizeof(struct ub_packed_rrset_key*)); - if(!msg->rep->rrsets) - return NULL; - return msg; -} - -struct dns_msg* -tomsg(struct module_env* env, struct query_info* q, struct reply_info* r, - struct regional* region, time_t now, struct regional* scratch) -{ - struct dns_msg* msg; - size_t i; - if(now > r->ttl) - return NULL; - msg = gen_dns_msg(region, q, r->rrset_count); - if(!msg) - return NULL; - msg->rep->flags = r->flags; - msg->rep->qdcount = r->qdcount; - msg->rep->ttl = r->ttl - now; - if(r->prefetch_ttl > now) - msg->rep->prefetch_ttl = r->prefetch_ttl - now; - else msg->rep->prefetch_ttl = PREFETCH_TTL_CALC(msg->rep->ttl); - msg->rep->security = r->security; - msg->rep->an_numrrsets = r->an_numrrsets; - msg->rep->ns_numrrsets = r->ns_numrrsets; - msg->rep->ar_numrrsets = r->ar_numrrsets; - msg->rep->rrset_count = r->rrset_count; - msg->rep->authoritative = r->authoritative; - if(!rrset_array_lock(r->ref, r->rrset_count, now)) - return NULL; - if(r->an_numrrsets > 0 && (r->rrsets[0]->rk.type == htons( - LDNS_RR_TYPE_CNAME) || r->rrsets[0]->rk.type == htons( - LDNS_RR_TYPE_DNAME)) && !reply_check_cname_chain(q, r)) { - /* cname chain is now invalid, reconstruct msg */ - rrset_array_unlock(r->ref, r->rrset_count); - return NULL; - } - if(r->security == sec_status_secure && !reply_all_rrsets_secure(r)) { - /* message rrsets have changed status, revalidate */ - rrset_array_unlock(r->ref, r->rrset_count); - return NULL; - } - for(i=0; irep->rrset_count; i++) { - msg->rep->rrsets[i] = packed_rrset_copy_region(r->rrsets[i], - region, now); - if(!msg->rep->rrsets[i]) { - rrset_array_unlock(r->ref, r->rrset_count); - return NULL; - } - } - if(env) - rrset_array_unlock_touch(env->rrset_cache, scratch, r->ref, - r->rrset_count); - else - rrset_array_unlock(r->ref, r->rrset_count); - return msg; -} - -/** synthesize RRset-only response from cached RRset item */ -static struct dns_msg* -rrset_msg(struct ub_packed_rrset_key* rrset, struct regional* region, - time_t now, struct query_info* q) -{ - struct dns_msg* msg; - struct packed_rrset_data* d = (struct packed_rrset_data*) - rrset->entry.data; - if(now > d->ttl) - return NULL; - msg = gen_dns_msg(region, q, 1); /* only the CNAME (or other) RRset */ - if(!msg) - return NULL; - msg->rep->flags = BIT_QR; /* reply, no AA, no error */ - msg->rep->authoritative = 0; /* reply stored in cache can't be authoritative */ - msg->rep->qdcount = 1; - msg->rep->ttl = d->ttl - now; - msg->rep->prefetch_ttl = PREFETCH_TTL_CALC(msg->rep->ttl); - msg->rep->security = sec_status_unchecked; - msg->rep->an_numrrsets = 1; - msg->rep->ns_numrrsets = 0; - msg->rep->ar_numrrsets = 0; - msg->rep->rrset_count = 1; - msg->rep->rrsets[0] = packed_rrset_copy_region(rrset, region, now); - if(!msg->rep->rrsets[0]) /* copy CNAME */ - return NULL; - return msg; -} - -/** synthesize DNAME+CNAME response from cached DNAME item */ -static struct dns_msg* -synth_dname_msg(struct ub_packed_rrset_key* rrset, struct regional* region, - time_t now, struct query_info* q) -{ - struct dns_msg* msg; - struct ub_packed_rrset_key* ck; - struct packed_rrset_data* newd, *d = (struct packed_rrset_data*) - rrset->entry.data; - uint8_t* newname, *dtarg = NULL; - size_t newlen, dtarglen; - if(now > d->ttl) - return NULL; - /* only allow validated (with DNSSEC) DNAMEs used from cache - * for insecure DNAMEs, query again. */ - if(d->security != sec_status_secure) - return NULL; - msg = gen_dns_msg(region, q, 2); /* DNAME + CNAME RRset */ - if(!msg) - return NULL; - msg->rep->flags = BIT_QR; /* reply, no AA, no error */ - msg->rep->authoritative = 0; /* reply stored in cache can't be authoritative */ - msg->rep->qdcount = 1; - msg->rep->ttl = d->ttl - now; - msg->rep->prefetch_ttl = PREFETCH_TTL_CALC(msg->rep->ttl); - msg->rep->security = sec_status_unchecked; - msg->rep->an_numrrsets = 1; - msg->rep->ns_numrrsets = 0; - msg->rep->ar_numrrsets = 0; - msg->rep->rrset_count = 1; - msg->rep->rrsets[0] = packed_rrset_copy_region(rrset, region, now); - if(!msg->rep->rrsets[0]) /* copy DNAME */ - return NULL; - /* synth CNAME rrset */ - get_cname_target(rrset, &dtarg, &dtarglen); - if(!dtarg) - return NULL; - newlen = q->qname_len + dtarglen - rrset->rk.dname_len; - if(newlen > LDNS_MAX_DOMAINLEN) { - msg->rep->flags |= LDNS_RCODE_YXDOMAIN; - return msg; - } - newname = (uint8_t*)regional_alloc(region, newlen); - if(!newname) - return NULL; - /* new name is concatenation of qname front (without DNAME owner) - * and DNAME target name */ - memcpy(newname, q->qname, q->qname_len-rrset->rk.dname_len); - memmove(newname+(q->qname_len-rrset->rk.dname_len), dtarg, dtarglen); - /* create rest of CNAME rrset */ - ck = (struct ub_packed_rrset_key*)regional_alloc(region, - sizeof(struct ub_packed_rrset_key)); - if(!ck) - return NULL; - memset(&ck->entry, 0, sizeof(ck->entry)); - msg->rep->rrsets[1] = ck; - ck->entry.key = ck; - ck->rk.type = htons(LDNS_RR_TYPE_CNAME); - ck->rk.rrset_class = rrset->rk.rrset_class; - ck->rk.flags = 0; - ck->rk.dname = regional_alloc_init(region, q->qname, q->qname_len); - if(!ck->rk.dname) - return NULL; - ck->rk.dname_len = q->qname_len; - ck->entry.hash = rrset_key_hash(&ck->rk); - newd = (struct packed_rrset_data*)regional_alloc_zero(region, - sizeof(struct packed_rrset_data) + sizeof(size_t) + - sizeof(uint8_t*) + sizeof(time_t) + sizeof(uint16_t) - + newlen); - if(!newd) - return NULL; - ck->entry.data = newd; - newd->ttl = 0; /* 0 for synthesized CNAME TTL */ - newd->count = 1; - newd->rrsig_count = 0; - newd->trust = rrset_trust_ans_noAA; - newd->rr_len = (size_t*)((uint8_t*)newd + - sizeof(struct packed_rrset_data)); - newd->rr_len[0] = newlen + sizeof(uint16_t); - packed_rrset_ptr_fixup(newd); - newd->rr_ttl[0] = newd->ttl; - msg->rep->ttl = newd->ttl; - msg->rep->prefetch_ttl = PREFETCH_TTL_CALC(newd->ttl); - sldns_write_uint16(newd->rr_data[0], newlen); - memmove(newd->rr_data[0] + sizeof(uint16_t), newname, newlen); - msg->rep->an_numrrsets ++; - msg->rep->rrset_count ++; - return msg; -} - -/** Fill TYPE_ANY response with some data from cache */ -static struct dns_msg* -fill_any(struct module_env* env, - uint8_t* qname, size_t qnamelen, uint16_t qtype, uint16_t qclass, - struct regional* region) -{ - time_t now = *env->now; - struct dns_msg* msg = NULL; - uint16_t lookup[] = {LDNS_RR_TYPE_A, LDNS_RR_TYPE_AAAA, - LDNS_RR_TYPE_MX, LDNS_RR_TYPE_SOA, LDNS_RR_TYPE_NS, - LDNS_RR_TYPE_DNAME, 0}; - int i, num=6; /* number of RR types to look up */ - log_assert(lookup[num] == 0); - - for(i=0; irrset_cache, qname, qnamelen, lookup[i], - qclass, 0, now, 0); - struct packed_rrset_data *d; - if(!rrset) - continue; - - /* only if rrset from answer section */ - d = (struct packed_rrset_data*)rrset->entry.data; - if(d->trust == rrset_trust_add_noAA || - d->trust == rrset_trust_auth_noAA || - d->trust == rrset_trust_add_AA || - d->trust == rrset_trust_auth_AA) { - lock_rw_unlock(&rrset->entry.lock); - continue; - } - - /* create msg if none */ - if(!msg) { - msg = dns_msg_create(qname, qnamelen, qtype, qclass, - region, (size_t)(num-i)); - if(!msg) { - lock_rw_unlock(&rrset->entry.lock); - return NULL; - } - } - - /* add RRset to response */ - if(!dns_msg_ansadd(msg, region, rrset, now)) { - lock_rw_unlock(&rrset->entry.lock); - return NULL; - } - lock_rw_unlock(&rrset->entry.lock); - } - return msg; -} - -struct dns_msg* -dns_cache_lookup(struct module_env* env, - uint8_t* qname, size_t qnamelen, uint16_t qtype, uint16_t qclass, - uint16_t flags, struct regional* region, struct regional* scratch) -{ - struct lruhash_entry* e; - struct query_info k; - hashvalue_type h; - time_t now = *env->now; - struct ub_packed_rrset_key* rrset; - - /* lookup first, this has both NXdomains and ANSWER responses */ - k.qname = qname; - k.qname_len = qnamelen; - k.qtype = qtype; - k.qclass = qclass; - k.local_alias = NULL; - h = query_info_hash(&k, flags); - e = slabhash_lookup(env->msg_cache, h, &k, 0); - if(e) { - struct msgreply_entry* key = (struct msgreply_entry*)e->key; - struct reply_info* data = (struct reply_info*)e->data; - struct dns_msg* msg = tomsg(env, &key->key, data, region, now, - scratch); - if(msg) { - lock_rw_unlock(&e->lock); - return msg; - } - /* could be msg==NULL; due to TTL or not all rrsets available */ - lock_rw_unlock(&e->lock); - } - - /* see if a DNAME exists. Checked for first, to enforce that DNAMEs - * are more important, the CNAME is resynthesized and thus - * consistent with the DNAME */ - if( (rrset=find_closest_of_type(env, qname, qnamelen, qclass, now, - LDNS_RR_TYPE_DNAME, 1))) { - /* synthesize a DNAME+CNAME message based on this */ - struct dns_msg* msg = synth_dname_msg(rrset, region, now, &k); - if(msg) { - lock_rw_unlock(&rrset->entry.lock); - return msg; - } - lock_rw_unlock(&rrset->entry.lock); - } - - /* see if we have CNAME for this domain, - * but not for DS records (which are part of the parent) */ - if( qtype != LDNS_RR_TYPE_DS && - (rrset=rrset_cache_lookup(env->rrset_cache, qname, qnamelen, - LDNS_RR_TYPE_CNAME, qclass, 0, now, 0))) { - struct dns_msg* msg = rrset_msg(rrset, region, now, &k); - if(msg) { - lock_rw_unlock(&rrset->entry.lock); - return msg; - } - lock_rw_unlock(&rrset->entry.lock); - } - - /* construct DS, DNSKEY, DLV messages from rrset cache. */ - if((qtype == LDNS_RR_TYPE_DS || qtype == LDNS_RR_TYPE_DNSKEY || - qtype == LDNS_RR_TYPE_DLV) && - (rrset=rrset_cache_lookup(env->rrset_cache, qname, qnamelen, - qtype, qclass, 0, now, 0))) { - /* if the rrset is from the additional section, and the - * signatures have fallen off, then do not synthesize a msg - * instead, allow a full query for signed results to happen. - * Forego all rrset data from additional section, because - * some signatures may not be present and cause validation - * failure. - */ - struct packed_rrset_data *d = (struct packed_rrset_data*) - rrset->entry.data; - if(d->trust != rrset_trust_add_noAA && - d->trust != rrset_trust_add_AA && - (qtype == LDNS_RR_TYPE_DS || - (d->trust != rrset_trust_auth_noAA - && d->trust != rrset_trust_auth_AA) )) { - struct dns_msg* msg = rrset_msg(rrset, region, now, &k); - if(msg) { - lock_rw_unlock(&rrset->entry.lock); - return msg; - } - } - lock_rw_unlock(&rrset->entry.lock); - } - - /* stop downwards cache search on NXDOMAIN. - * Empty nonterminals are NOERROR, so an NXDOMAIN for foo - * means bla.foo also does not exist. The DNSSEC proofs are - * the same. We search upwards for NXDOMAINs. */ - if(env->cfg->harden_below_nxdomain) - while(!dname_is_root(k.qname)) { - dname_remove_label(&k.qname, &k.qname_len); - h = query_info_hash(&k, flags); - e = slabhash_lookup(env->msg_cache, h, &k, 0); - if(!e && k.qtype != LDNS_RR_TYPE_A && - env->cfg->qname_minimisation) { - k.qtype = LDNS_RR_TYPE_A; - h = query_info_hash(&k, flags); - e = slabhash_lookup(env->msg_cache, h, &k, 0); - } - if(e) { - struct reply_info* data = (struct reply_info*)e->data; - struct dns_msg* msg; - if(FLAGS_GET_RCODE(data->flags) == LDNS_RCODE_NXDOMAIN - && data->security == sec_status_secure - && (msg=tomsg(env, &k, data, region, now, scratch))){ - lock_rw_unlock(&e->lock); - msg->qinfo.qname=qname; - msg->qinfo.qname_len=qnamelen; - /* check that DNSSEC really works out */ - msg->rep->security = sec_status_unchecked; - return msg; - } - lock_rw_unlock(&e->lock); - } - k.qtype = qtype; - } - - /* fill common RR types for ANY response to avoid requery */ - if(qtype == LDNS_RR_TYPE_ANY) { - return fill_any(env, qname, qnamelen, qtype, qclass, region); - } - - return NULL; -} - -int -dns_cache_store(struct module_env* env, struct query_info* msgqinf, - struct reply_info* msgrep, int is_referral, time_t leeway, int pside, - struct regional* region, uint16_t flags) -{ - struct reply_info* rep = NULL; - /* alloc, malloc properly (not in region, like msg is) */ - rep = reply_info_copy(msgrep, env->alloc, NULL); - if(!rep) - return 0; - /* ttl must be relative ;i.e. 0..86400 not time(0)+86400. - * the env->now is added to message and RRsets in this routine. */ - /* the leeway is used to invalidate other rrsets earlier */ - - if(is_referral) { - /* store rrsets */ - struct rrset_ref ref; - size_t i; - for(i=0; irrset_count; i++) { - packed_rrset_ttl_add((struct packed_rrset_data*) - rep->rrsets[i]->entry.data, *env->now); - ref.key = rep->rrsets[i]; - ref.id = rep->rrsets[i]->id; - /*ignore ret: it was in the cache, ref updated */ - /* no leeway for typeNS */ - (void)rrset_cache_update(env->rrset_cache, &ref, - env->alloc, *env->now + - ((ntohs(ref.key->rk.type)==LDNS_RR_TYPE_NS - && !pside) ? 0:leeway)); - } - free(rep); - return 1; - } else { - /* store msg, and rrsets */ - struct query_info qinf; - hashvalue_type h; - - qinf = *msgqinf; - qinf.qname = memdup(msgqinf->qname, msgqinf->qname_len); - if(!qinf.qname) { - reply_info_parsedelete(rep, env->alloc); - return 0; - } - /* fixup flags to be sensible for a reply based on the cache */ - /* this module means that RA is available. It is an answer QR. - * Not AA from cache. Not CD in cache (depends on client bit). */ - rep->flags |= (BIT_RA | BIT_QR); - rep->flags &= ~(BIT_AA | BIT_CD); - h = query_info_hash(&qinf, flags); - dns_cache_store_msg(env, &qinf, h, rep, leeway, pside, msgrep, - region); - /* qname is used inside query_info_entrysetup, and set to - * NULL. If it has not been used, free it. free(0) is safe. */ - free(qinf.qname); - } - return 1; -} - -int -dns_cache_prefetch_adjust(struct module_env* env, struct query_info* qinfo, - time_t adjust, uint16_t flags) -{ - struct msgreply_entry* msg; - msg = msg_cache_lookup(env, qinfo->qname, qinfo->qname_len, - qinfo->qtype, qinfo->qclass, flags, *env->now, 1); - if(msg) { - struct reply_info* rep = (struct reply_info*)msg->entry.data; - if(rep) { - rep->prefetch_ttl += adjust; - lock_rw_unlock(&msg->entry.lock); - return 1; - } - lock_rw_unlock(&msg->entry.lock); - } - return 0; -} diff --git a/external/unbound/services/cache/dns.h b/external/unbound/services/cache/dns.h deleted file mode 100644 index 0dfb68874..000000000 --- a/external/unbound/services/cache/dns.h +++ /dev/null @@ -1,211 +0,0 @@ -/* - * services/cache/dns.h - Cache services for DNS using msg and rrset caches. - * - * Copyright (c) 2007, NLnet Labs. All rights reserved. - * - * This software is open source. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * Redistributions of source code must retain the above copyright notice, - * this list of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, - * this list of conditions and the following disclaimer in the documentation - * and/or other materials provided with the distribution. - * - * Neither the name of the NLNET LABS nor the names of its contributors may - * be used to endorse or promote products derived from this software without - * specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR - * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT - * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED - * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR - * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF - * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING - * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -/** - * \file - * - * This file contains the DNS cache. - */ - -#ifndef SERVICES_CACHE_DNS_H -#define SERVICES_CACHE_DNS_H -#include "util/storage/lruhash.h" -#include "util/data/msgreply.h" -struct module_env; -struct query_info; -struct reply_info; -struct regional; -struct delegpt; - -/** - * Region allocated message reply - */ -struct dns_msg { - /** query info */ - struct query_info qinfo; - /** reply info - ptr to packed repinfo structure */ - struct reply_info *rep; -}; - -/** - * Allocate a dns_msg with malloc/alloc structure and store in dns cache. - * - * @param env: environment, with alloc structure and dns cache. - * @param qinf: query info, the query for which answer is stored. - * this is allocated in a region, and will be copied to malloc area - * before insertion. - * @param rep: reply in dns_msg from dns_alloc_msg for example. - * this is allocated in a region, and will be copied to malloc area - * before insertion. - * @param is_referral: If true, then the given message to be stored is a - * referral. The cache implementation may use this as a hint. - * It will store only the RRsets, not the message. - * @param leeway: TTL value, if not 0, other rrsets are considered expired - * that many seconds before actual TTL expiry. - * @param pside: if true, information came from a server which was fetched - * from the parentside of the zonecut. This means that the type NS - * can be updated to full TTL even in prefetch situations. - * @param region: region to allocate better entries from cache into. - * (used when is_referral is false). - * @param flags: flags with BIT_CD for AAAA queries in dns64 translation. - * @return 0 on alloc error (out of memory). - */ -int dns_cache_store(struct module_env* env, struct query_info* qinf, - struct reply_info* rep, int is_referral, time_t leeway, int pside, - struct regional* region, uint16_t flags); - -/** - * Store message in the cache. Stores in message cache and rrset cache. - * Both qinfo and rep should be malloced and are put in the cache. - * They should not be used after this call, as they are then in shared cache. - * Does not return errors, they are logged and only lead to less cache. - * - * @param env: module environment with the DNS cache. - * @param qinfo: query info - * @param hash: hash over qinfo. - * @param rep: reply info, together with qinfo makes up the message. - * Adjusts the reply info TTLs to absolute time. - * @param leeway: TTL value, if not 0, other rrsets are considered expired - * that many seconds before actual TTL expiry. - * @param pside: if true, information came from a server which was fetched - * from the parentside of the zonecut. This means that the type NS - * can be updated to full TTL even in prefetch situations. - * @param qrep: message that can be altered with better rrs from cache. - * @param region: to allocate into for qmsg. - */ -void dns_cache_store_msg(struct module_env* env, struct query_info* qinfo, - hashvalue_type hash, struct reply_info* rep, time_t leeway, int pside, - struct reply_info* qrep, struct regional* region); - -/** - * Find a delegation from the cache. - * @param env: module environment with the DNS cache. - * @param qname: query name. - * @param qnamelen: length of qname. - * @param qtype: query type. - * @param qclass: query class. - * @param region: where to allocate result delegation. - * @param msg: if not NULL, delegation message is returned here, synthesized - * from the cache. - * @param timenow: the time now, for checking if TTL on cache entries is OK. - * @return new delegation or NULL on error or if not found in cache. - */ -struct delegpt* dns_cache_find_delegation(struct module_env* env, - uint8_t* qname, size_t qnamelen, uint16_t qtype, uint16_t qclass, - struct regional* region, struct dns_msg** msg, time_t timenow); - -/** - * generate dns_msg from cached message - * @param env: module environment with the DNS cache. NULL if the LRU from cache - * does not need to be touched. - * @param q: query info, contains qname that will make up the dns message. - * @param r: reply info that, together with qname, will make up the dns message. - * @param region: where to allocate dns message. - * @param now: the time now, for check if TTL on cache entry is ok. - * @param scratch: where to allocate temporary data. - * */ -struct dns_msg* tomsg(struct module_env* env, struct query_info* q, - struct reply_info* r, struct regional* region, time_t now, - struct regional* scratch); - -/** - * Find cached message - * @param env: module environment with the DNS cache. - * @param qname: query name. - * @param qnamelen: length of qname. - * @param qtype: query type. - * @param qclass: query class. - * @param flags: flags with BIT_CD for AAAA queries in dns64 translation. - * @param region: where to allocate result. - * @param scratch: where to allocate temporary data. - * @return new response message (alloced in region, rrsets do not have IDs). - * or NULL on error or if not found in cache. - * TTLs are made relative to the current time. - */ -struct dns_msg* dns_cache_lookup(struct module_env* env, - uint8_t* qname, size_t qnamelen, uint16_t qtype, uint16_t qclass, - uint16_t flags, struct regional* region, struct regional* scratch); - -/** - * find and add A and AAAA records for missing nameservers in delegpt - * @param env: module environment with rrset cache - * @param qclass: which class to look in. - * @param region: where to store new dp info. - * @param dp: delegation point to fill missing entries. - * @return false on alloc failure. - */ -int cache_fill_missing(struct module_env* env, uint16_t qclass, - struct regional* region, struct delegpt* dp); - -/** - * Utility, create new, unpacked data structure for cache response. - * QR bit set, no AA. Query set as indicated. Space for number of rrsets. - * @param qname: query section name - * @param qnamelen: len of qname - * @param qtype: query section type - * @param qclass: query section class - * @param region: where to alloc. - * @param capacity: number of rrsets space to create in the array. - * @return new dns_msg struct or NULL on mem fail. - */ -struct dns_msg* dns_msg_create(uint8_t* qname, size_t qnamelen, uint16_t qtype, - uint16_t qclass, struct regional* region, size_t capacity); - -/** - * Add rrset to authority section in unpacked dns_msg message. Must have enough - * space left, does not grow the array. - * @param msg: msg to put it in. - * @param region: region to alloc in - * @param rrset: to add in authority section - * @param now: now. - * @return true if worked, false on fail - */ -int dns_msg_authadd(struct dns_msg* msg, struct regional* region, - struct ub_packed_rrset_key* rrset, time_t now); - -/** - * Adjust the prefetch_ttl for a cached message. This adds a value to the - * prefetch ttl - postponing the time when it will be prefetched for future - * incoming queries. - * @param env: module environment with caches and time. - * @param qinfo: query info for the query that needs adjustment. - * @param adjust: time in seconds to add to the prefetch_leeway. - * @param flags: flags with BIT_CD for AAAA queries in dns64 translation. - * @return false if not in cache. true if added. - */ -int dns_cache_prefetch_adjust(struct module_env* env, struct query_info* qinfo, - time_t adjust, uint16_t flags); - -#endif /* SERVICES_CACHE_DNS_H */ diff --git a/external/unbound/services/cache/infra.c b/external/unbound/services/cache/infra.c deleted file mode 100644 index 314c85ef5..000000000 --- a/external/unbound/services/cache/infra.c +++ /dev/null @@ -1,997 +0,0 @@ -/* - * services/cache/infra.c - infrastructure cache, server rtt and capabilities - * - * Copyright (c) 2007, NLnet Labs. All rights reserved. - * - * This software is open source. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * Redistributions of source code must retain the above copyright notice, - * this list of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, - * this list of conditions and the following disclaimer in the documentation - * and/or other materials provided with the distribution. - * - * Neither the name of the NLNET LABS nor the names of its contributors may - * be used to endorse or promote products derived from this software without - * specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR - * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT - * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED - * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR - * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF - * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING - * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -/** - * \file - * - * This file contains the infrastructure cache. - */ -#include "config.h" -#include "sldns/rrdef.h" -#include "sldns/str2wire.h" -#include "services/cache/infra.h" -#include "util/storage/slabhash.h" -#include "util/storage/lookup3.h" -#include "util/data/dname.h" -#include "util/log.h" -#include "util/net_help.h" -#include "util/config_file.h" -#include "iterator/iterator.h" - -/** Timeout when only a single probe query per IP is allowed. */ -#define PROBE_MAXRTO 12000 /* in msec */ - -/** number of timeouts for a type when the domain can be blocked ; - * even if another type has completely rtt maxed it, the different type - * can do this number of packets (until those all timeout too) */ -#define TIMEOUT_COUNT_MAX 3 - -/** ratelimit value for delegation point */ -int infra_dp_ratelimit = 0; - -/** ratelimit value for client ip addresses, - * in queries per second. */ -int infra_ip_ratelimit = 0; - -size_t -infra_sizefunc(void* k, void* ATTR_UNUSED(d)) -{ - struct infra_key* key = (struct infra_key*)k; - return sizeof(*key) + sizeof(struct infra_data) + key->namelen - + lock_get_mem(&key->entry.lock); -} - -int -infra_compfunc(void* key1, void* key2) -{ - struct infra_key* k1 = (struct infra_key*)key1; - struct infra_key* k2 = (struct infra_key*)key2; - int r = sockaddr_cmp(&k1->addr, k1->addrlen, &k2->addr, k2->addrlen); - if(r != 0) - return r; - if(k1->namelen != k2->namelen) { - if(k1->namelen < k2->namelen) - return -1; - return 1; - } - return query_dname_compare(k1->zonename, k2->zonename); -} - -void -infra_delkeyfunc(void* k, void* ATTR_UNUSED(arg)) -{ - struct infra_key* key = (struct infra_key*)k; - if(!key) - return; - lock_rw_destroy(&key->entry.lock); - free(key->zonename); - free(key); -} - -void -infra_deldatafunc(void* d, void* ATTR_UNUSED(arg)) -{ - struct infra_data* data = (struct infra_data*)d; - free(data); -} - -size_t -rate_sizefunc(void* k, void* ATTR_UNUSED(d)) -{ - struct rate_key* key = (struct rate_key*)k; - return sizeof(*key) + sizeof(struct rate_data) + key->namelen - + lock_get_mem(&key->entry.lock); -} - -int -rate_compfunc(void* key1, void* key2) -{ - struct rate_key* k1 = (struct rate_key*)key1; - struct rate_key* k2 = (struct rate_key*)key2; - if(k1->namelen != k2->namelen) { - if(k1->namelen < k2->namelen) - return -1; - return 1; - } - return query_dname_compare(k1->name, k2->name); -} - -void -rate_delkeyfunc(void* k, void* ATTR_UNUSED(arg)) -{ - struct rate_key* key = (struct rate_key*)k; - if(!key) - return; - lock_rw_destroy(&key->entry.lock); - free(key->name); - free(key); -} - -void -rate_deldatafunc(void* d, void* ATTR_UNUSED(arg)) -{ - struct rate_data* data = (struct rate_data*)d; - free(data); -} - -/** find or create element in domainlimit tree */ -static struct domain_limit_data* domain_limit_findcreate( - struct infra_cache* infra, char* name) -{ - uint8_t* nm; - int labs; - size_t nmlen; - struct domain_limit_data* d; - - /* parse name */ - nm = sldns_str2wire_dname(name, &nmlen); - if(!nm) { - log_err("could not parse %s", name); - return NULL; - } - labs = dname_count_labels(nm); - - /* can we find it? */ - d = (struct domain_limit_data*)name_tree_find(&infra->domain_limits, - nm, nmlen, labs, LDNS_RR_CLASS_IN); - if(d) { - free(nm); - return d; - } - - /* create it */ - d = (struct domain_limit_data*)calloc(1, sizeof(*d)); - if(!d) { - free(nm); - return NULL; - } - d->node.node.key = &d->node; - d->node.name = nm; - d->node.len = nmlen; - d->node.labs = labs; - d->node.dclass = LDNS_RR_CLASS_IN; - d->lim = -1; - d->below = -1; - if(!name_tree_insert(&infra->domain_limits, &d->node, nm, nmlen, - labs, LDNS_RR_CLASS_IN)) { - log_err("duplicate element in domainlimit tree"); - free(nm); - free(d); - return NULL; - } - return d; -} - -/** insert rate limit configuration into lookup tree */ -static int infra_ratelimit_cfg_insert(struct infra_cache* infra, - struct config_file* cfg) -{ - struct config_str2list* p; - struct domain_limit_data* d; - for(p = cfg->ratelimit_for_domain; p; p = p->next) { - d = domain_limit_findcreate(infra, p->str); - if(!d) - return 0; - d->lim = atoi(p->str2); - } - for(p = cfg->ratelimit_below_domain; p; p = p->next) { - d = domain_limit_findcreate(infra, p->str); - if(!d) - return 0; - d->below = atoi(p->str2); - } - return 1; -} - -struct infra_cache* -infra_create(struct config_file* cfg) -{ - struct infra_cache* infra = (struct infra_cache*)calloc(1, - sizeof(struct infra_cache)); - size_t maxmem = cfg->infra_cache_numhosts * (sizeof(struct infra_key)+ - sizeof(struct infra_data)+INFRA_BYTES_NAME); - infra->hosts = slabhash_create(cfg->infra_cache_slabs, - INFRA_HOST_STARTSIZE, maxmem, &infra_sizefunc, &infra_compfunc, - &infra_delkeyfunc, &infra_deldatafunc, NULL); - if(!infra->hosts) { - free(infra); - return NULL; - } - infra->host_ttl = cfg->host_ttl; - name_tree_init(&infra->domain_limits); - infra_dp_ratelimit = cfg->ratelimit; - if(cfg->ratelimit != 0) { - infra->domain_rates = slabhash_create(cfg->ratelimit_slabs, - INFRA_HOST_STARTSIZE, cfg->ratelimit_size, - &rate_sizefunc, &rate_compfunc, &rate_delkeyfunc, - &rate_deldatafunc, NULL); - if(!infra->domain_rates) { - infra_delete(infra); - return NULL; - } - /* insert config data into ratelimits */ - if(!infra_ratelimit_cfg_insert(infra, cfg)) { - infra_delete(infra); - return NULL; - } - name_tree_init_parents(&infra->domain_limits); - } - infra_ip_ratelimit = cfg->ip_ratelimit; - infra->client_ip_rates = slabhash_create(cfg->ratelimit_slabs, - INFRA_HOST_STARTSIZE, cfg->ip_ratelimit_size, &ip_rate_sizefunc, - &ip_rate_compfunc, &ip_rate_delkeyfunc, &ip_rate_deldatafunc, NULL); - if(!infra->client_ip_rates) { - infra_delete(infra); - return NULL; - } - return infra; -} - -/** delete domain_limit entries */ -static void domain_limit_free(rbnode_type* n, void* ATTR_UNUSED(arg)) -{ - if(n) { - free(((struct domain_limit_data*)n)->node.name); - free(n); - } -} - -void -infra_delete(struct infra_cache* infra) -{ - if(!infra) - return; - slabhash_delete(infra->hosts); - slabhash_delete(infra->domain_rates); - traverse_postorder(&infra->domain_limits, domain_limit_free, NULL); - slabhash_delete(infra->client_ip_rates); - free(infra); -} - -struct infra_cache* -infra_adjust(struct infra_cache* infra, struct config_file* cfg) -{ - size_t maxmem; - if(!infra) - return infra_create(cfg); - infra->host_ttl = cfg->host_ttl; - maxmem = cfg->infra_cache_numhosts * (sizeof(struct infra_key)+ - sizeof(struct infra_data)+INFRA_BYTES_NAME); - if(maxmem != slabhash_get_size(infra->hosts) || - cfg->infra_cache_slabs != infra->hosts->size) { - infra_delete(infra); - infra = infra_create(cfg); - } - return infra; -} - -/** calculate the hash value for a host key - * set use_port to a non-0 number to use the port in - * the hash calculation; 0 to ignore the port.*/ -static hashvalue_type -hash_addr(struct sockaddr_storage* addr, socklen_t addrlen, - int use_port) -{ - hashvalue_type h = 0xab; - /* select the pieces to hash, some OS have changing data inside */ - if(addr_is_ip6(addr, addrlen)) { - struct sockaddr_in6* in6 = (struct sockaddr_in6*)addr; - h = hashlittle(&in6->sin6_family, sizeof(in6->sin6_family), h); - if(use_port){ - h = hashlittle(&in6->sin6_port, sizeof(in6->sin6_port), h); - } - h = hashlittle(&in6->sin6_addr, INET6_SIZE, h); - } else { - struct sockaddr_in* in = (struct sockaddr_in*)addr; - h = hashlittle(&in->sin_family, sizeof(in->sin_family), h); - if(use_port){ - h = hashlittle(&in->sin_port, sizeof(in->sin_port), h); - } - h = hashlittle(&in->sin_addr, INET_SIZE, h); - } - return h; -} - -/** calculate infra hash for a key */ -static hashvalue_type -hash_infra(struct sockaddr_storage* addr, socklen_t addrlen, uint8_t* name) -{ - return dname_query_hash(name, hash_addr(addr, addrlen, 1)); -} - -/** lookup version that does not check host ttl (you check it) */ -struct lruhash_entry* -infra_lookup_nottl(struct infra_cache* infra, struct sockaddr_storage* addr, - socklen_t addrlen, uint8_t* name, size_t namelen, int wr) -{ - struct infra_key k; - k.addrlen = addrlen; - memcpy(&k.addr, addr, addrlen); - k.namelen = namelen; - k.zonename = name; - k.entry.hash = hash_infra(addr, addrlen, name); - k.entry.key = (void*)&k; - k.entry.data = NULL; - return slabhash_lookup(infra->hosts, k.entry.hash, &k, wr); -} - -/** init the data elements */ -static void -data_entry_init(struct infra_cache* infra, struct lruhash_entry* e, - time_t timenow) -{ - struct infra_data* data = (struct infra_data*)e->data; - data->ttl = timenow + infra->host_ttl; - rtt_init(&data->rtt); - data->edns_version = 0; - data->edns_lame_known = 0; - data->probedelay = 0; - data->isdnsseclame = 0; - data->rec_lame = 0; - data->lame_type_A = 0; - data->lame_other = 0; - data->timeout_A = 0; - data->timeout_AAAA = 0; - data->timeout_other = 0; -} - -/** - * Create and init a new entry for a host - * @param infra: infra structure with config parameters. - * @param addr: host address. - * @param addrlen: length of addr. - * @param name: name of zone - * @param namelen: length of name. - * @param tm: time now. - * @return: the new entry or NULL on malloc failure. - */ -static struct lruhash_entry* -new_entry(struct infra_cache* infra, struct sockaddr_storage* addr, - socklen_t addrlen, uint8_t* name, size_t namelen, time_t tm) -{ - struct infra_data* data; - struct infra_key* key = (struct infra_key*)malloc(sizeof(*key)); - if(!key) - return NULL; - data = (struct infra_data*)malloc(sizeof(struct infra_data)); - if(!data) { - free(key); - return NULL; - } - key->zonename = memdup(name, namelen); - if(!key->zonename) { - free(key); - free(data); - return NULL; - } - key->namelen = namelen; - lock_rw_init(&key->entry.lock); - key->entry.hash = hash_infra(addr, addrlen, name); - key->entry.key = (void*)key; - key->entry.data = (void*)data; - key->addrlen = addrlen; - memcpy(&key->addr, addr, addrlen); - data_entry_init(infra, &key->entry, tm); - return &key->entry; -} - -int -infra_host(struct infra_cache* infra, struct sockaddr_storage* addr, - socklen_t addrlen, uint8_t* nm, size_t nmlen, time_t timenow, - int* edns_vs, uint8_t* edns_lame_known, int* to) -{ - struct lruhash_entry* e = infra_lookup_nottl(infra, addr, addrlen, - nm, nmlen, 0); - struct infra_data* data; - int wr = 0; - if(e && ((struct infra_data*)e->data)->ttl < timenow) { - /* it expired, try to reuse existing entry */ - int old = ((struct infra_data*)e->data)->rtt.rto; - uint8_t tA = ((struct infra_data*)e->data)->timeout_A; - uint8_t tAAAA = ((struct infra_data*)e->data)->timeout_AAAA; - uint8_t tother = ((struct infra_data*)e->data)->timeout_other; - lock_rw_unlock(&e->lock); - e = infra_lookup_nottl(infra, addr, addrlen, nm, nmlen, 1); - if(e) { - /* if its still there we have a writelock, init */ - /* re-initialise */ - /* do not touch lameness, it may be valid still */ - data_entry_init(infra, e, timenow); - wr = 1; - /* TOP_TIMEOUT remains on reuse */ - if(old >= USEFUL_SERVER_TOP_TIMEOUT) { - ((struct infra_data*)e->data)->rtt.rto - = USEFUL_SERVER_TOP_TIMEOUT; - ((struct infra_data*)e->data)->timeout_A = tA; - ((struct infra_data*)e->data)->timeout_AAAA = tAAAA; - ((struct infra_data*)e->data)->timeout_other = tother; - } - } - } - if(!e) { - /* insert new entry */ - if(!(e = new_entry(infra, addr, addrlen, nm, nmlen, timenow))) - return 0; - data = (struct infra_data*)e->data; - *edns_vs = data->edns_version; - *edns_lame_known = data->edns_lame_known; - *to = rtt_timeout(&data->rtt); - slabhash_insert(infra->hosts, e->hash, e, data, NULL); - return 1; - } - /* use existing entry */ - data = (struct infra_data*)e->data; - *edns_vs = data->edns_version; - *edns_lame_known = data->edns_lame_known; - *to = rtt_timeout(&data->rtt); - if(*to >= PROBE_MAXRTO && rtt_notimeout(&data->rtt)*4 <= *to) { - /* delay other queries, this is the probe query */ - if(!wr) { - lock_rw_unlock(&e->lock); - e = infra_lookup_nottl(infra, addr,addrlen,nm,nmlen, 1); - if(!e) { /* flushed from cache real fast, no use to - allocate just for the probedelay */ - return 1; - } - data = (struct infra_data*)e->data; - } - /* add 999 to round up the timeout value from msec to sec, - * then add a whole second so it is certain that this probe - * has timed out before the next is allowed */ - data->probedelay = timenow + ((*to)+1999)/1000; - } - lock_rw_unlock(&e->lock); - return 1; -} - -int -infra_set_lame(struct infra_cache* infra, struct sockaddr_storage* addr, - socklen_t addrlen, uint8_t* nm, size_t nmlen, time_t timenow, - int dnsseclame, int reclame, uint16_t qtype) -{ - struct infra_data* data; - struct lruhash_entry* e; - int needtoinsert = 0; - e = infra_lookup_nottl(infra, addr, addrlen, nm, nmlen, 1); - if(!e) { - /* insert it */ - if(!(e = new_entry(infra, addr, addrlen, nm, nmlen, timenow))) { - log_err("set_lame: malloc failure"); - return 0; - } - needtoinsert = 1; - } else if( ((struct infra_data*)e->data)->ttl < timenow) { - /* expired, reuse existing entry */ - data_entry_init(infra, e, timenow); - } - /* got an entry, now set the zone lame */ - data = (struct infra_data*)e->data; - /* merge data (if any) */ - if(dnsseclame) - data->isdnsseclame = 1; - if(reclame) - data->rec_lame = 1; - if(!dnsseclame && !reclame && qtype == LDNS_RR_TYPE_A) - data->lame_type_A = 1; - if(!dnsseclame && !reclame && qtype != LDNS_RR_TYPE_A) - data->lame_other = 1; - /* done */ - if(needtoinsert) - slabhash_insert(infra->hosts, e->hash, e, e->data, NULL); - else { lock_rw_unlock(&e->lock); } - return 1; -} - -void -infra_update_tcp_works(struct infra_cache* infra, - struct sockaddr_storage* addr, socklen_t addrlen, uint8_t* nm, - size_t nmlen) -{ - struct lruhash_entry* e = infra_lookup_nottl(infra, addr, addrlen, - nm, nmlen, 1); - struct infra_data* data; - if(!e) - return; /* doesn't exist */ - data = (struct infra_data*)e->data; - if(data->rtt.rto >= RTT_MAX_TIMEOUT) - /* do not disqualify this server altogether, it is better - * than nothing */ - data->rtt.rto = RTT_MAX_TIMEOUT-1000; - lock_rw_unlock(&e->lock); -} - -int -infra_rtt_update(struct infra_cache* infra, struct sockaddr_storage* addr, - socklen_t addrlen, uint8_t* nm, size_t nmlen, int qtype, - int roundtrip, int orig_rtt, time_t timenow) -{ - struct lruhash_entry* e = infra_lookup_nottl(infra, addr, addrlen, - nm, nmlen, 1); - struct infra_data* data; - int needtoinsert = 0; - int rto = 1; - if(!e) { - if(!(e = new_entry(infra, addr, addrlen, nm, nmlen, timenow))) - return 0; - needtoinsert = 1; - } else if(((struct infra_data*)e->data)->ttl < timenow) { - data_entry_init(infra, e, timenow); - } - /* have an entry, update the rtt */ - data = (struct infra_data*)e->data; - if(roundtrip == -1) { - rtt_lost(&data->rtt, orig_rtt); - if(qtype == LDNS_RR_TYPE_A) { - if(data->timeout_A < TIMEOUT_COUNT_MAX) - data->timeout_A++; - } else if(qtype == LDNS_RR_TYPE_AAAA) { - if(data->timeout_AAAA < TIMEOUT_COUNT_MAX) - data->timeout_AAAA++; - } else { - if(data->timeout_other < TIMEOUT_COUNT_MAX) - data->timeout_other++; - } - } else { - /* if we got a reply, but the old timeout was above server - * selection height, delete the timeout so the server is - * fully available again */ - if(rtt_unclamped(&data->rtt) >= USEFUL_SERVER_TOP_TIMEOUT) - rtt_init(&data->rtt); - rtt_update(&data->rtt, roundtrip); - data->probedelay = 0; - if(qtype == LDNS_RR_TYPE_A) - data->timeout_A = 0; - else if(qtype == LDNS_RR_TYPE_AAAA) - data->timeout_AAAA = 0; - else data->timeout_other = 0; - } - if(data->rtt.rto > 0) - rto = data->rtt.rto; - - if(needtoinsert) - slabhash_insert(infra->hosts, e->hash, e, e->data, NULL); - else { lock_rw_unlock(&e->lock); } - return rto; -} - -long long infra_get_host_rto(struct infra_cache* infra, - struct sockaddr_storage* addr, socklen_t addrlen, uint8_t* nm, - size_t nmlen, struct rtt_info* rtt, int* delay, time_t timenow, - int* tA, int* tAAAA, int* tother) -{ - struct lruhash_entry* e = infra_lookup_nottl(infra, addr, addrlen, - nm, nmlen, 0); - struct infra_data* data; - long long ttl = -2; - if(!e) return -1; - data = (struct infra_data*)e->data; - if(data->ttl >= timenow) { - ttl = (long long)(data->ttl - timenow); - memmove(rtt, &data->rtt, sizeof(*rtt)); - if(timenow < data->probedelay) - *delay = (int)(data->probedelay - timenow); - else *delay = 0; - } - *tA = (int)data->timeout_A; - *tAAAA = (int)data->timeout_AAAA; - *tother = (int)data->timeout_other; - lock_rw_unlock(&e->lock); - return ttl; -} - -int -infra_edns_update(struct infra_cache* infra, struct sockaddr_storage* addr, - socklen_t addrlen, uint8_t* nm, size_t nmlen, int edns_version, - time_t timenow) -{ - struct lruhash_entry* e = infra_lookup_nottl(infra, addr, addrlen, - nm, nmlen, 1); - struct infra_data* data; - int needtoinsert = 0; - if(!e) { - if(!(e = new_entry(infra, addr, addrlen, nm, nmlen, timenow))) - return 0; - needtoinsert = 1; - } else if(((struct infra_data*)e->data)->ttl < timenow) { - data_entry_init(infra, e, timenow); - } - /* have an entry, update the rtt, and the ttl */ - data = (struct infra_data*)e->data; - /* do not update if noEDNS and stored is yesEDNS */ - if(!(edns_version == -1 && (data->edns_version != -1 && - data->edns_lame_known))) { - data->edns_version = edns_version; - data->edns_lame_known = 1; - } - - if(needtoinsert) - slabhash_insert(infra->hosts, e->hash, e, e->data, NULL); - else { lock_rw_unlock(&e->lock); } - return 1; -} - -int -infra_get_lame_rtt(struct infra_cache* infra, - struct sockaddr_storage* addr, socklen_t addrlen, - uint8_t* name, size_t namelen, uint16_t qtype, - int* lame, int* dnsseclame, int* reclame, int* rtt, time_t timenow) -{ - struct infra_data* host; - struct lruhash_entry* e = infra_lookup_nottl(infra, addr, addrlen, - name, namelen, 0); - if(!e) - return 0; - host = (struct infra_data*)e->data; - *rtt = rtt_unclamped(&host->rtt); - if(host->rtt.rto >= PROBE_MAXRTO && timenow < host->probedelay - && rtt_notimeout(&host->rtt)*4 <= host->rtt.rto) { - /* single probe for this domain, and we are not probing */ - /* unless the query type allows a probe to happen */ - if(qtype == LDNS_RR_TYPE_A) { - if(host->timeout_A >= TIMEOUT_COUNT_MAX) - *rtt = USEFUL_SERVER_TOP_TIMEOUT; - else *rtt = USEFUL_SERVER_TOP_TIMEOUT-1000; - } else if(qtype == LDNS_RR_TYPE_AAAA) { - if(host->timeout_AAAA >= TIMEOUT_COUNT_MAX) - *rtt = USEFUL_SERVER_TOP_TIMEOUT; - else *rtt = USEFUL_SERVER_TOP_TIMEOUT-1000; - } else { - if(host->timeout_other >= TIMEOUT_COUNT_MAX) - *rtt = USEFUL_SERVER_TOP_TIMEOUT; - else *rtt = USEFUL_SERVER_TOP_TIMEOUT-1000; - } - } - if(timenow > host->ttl) { - /* expired entry */ - /* see if this can be a re-probe of an unresponsive server */ - /* minus 1000 because that is outside of the RTTBAND, so - * blacklisted servers stay blacklisted if this is chosen */ - if(host->rtt.rto >= USEFUL_SERVER_TOP_TIMEOUT) { - lock_rw_unlock(&e->lock); - *rtt = USEFUL_SERVER_TOP_TIMEOUT-1000; - *lame = 0; - *dnsseclame = 0; - *reclame = 0; - return 1; - } - lock_rw_unlock(&e->lock); - return 0; - } - /* check lameness first */ - if(host->lame_type_A && qtype == LDNS_RR_TYPE_A) { - lock_rw_unlock(&e->lock); - *lame = 1; - *dnsseclame = 0; - *reclame = 0; - return 1; - } else if(host->lame_other && qtype != LDNS_RR_TYPE_A) { - lock_rw_unlock(&e->lock); - *lame = 1; - *dnsseclame = 0; - *reclame = 0; - return 1; - } else if(host->isdnsseclame) { - lock_rw_unlock(&e->lock); - *lame = 0; - *dnsseclame = 1; - *reclame = 0; - return 1; - } else if(host->rec_lame) { - lock_rw_unlock(&e->lock); - *lame = 0; - *dnsseclame = 0; - *reclame = 1; - return 1; - } - /* no lameness for this type of query */ - lock_rw_unlock(&e->lock); - *lame = 0; - *dnsseclame = 0; - *reclame = 0; - return 1; -} - -int infra_find_ratelimit(struct infra_cache* infra, uint8_t* name, - size_t namelen) -{ - int labs = dname_count_labels(name); - struct domain_limit_data* d = (struct domain_limit_data*) - name_tree_lookup(&infra->domain_limits, name, namelen, labs, - LDNS_RR_CLASS_IN); - if(!d) return infra_dp_ratelimit; - - if(d->node.labs == labs && d->lim != -1) - return d->lim; /* exact match */ - - /* find 'below match' */ - if(d->node.labs == labs) - d = (struct domain_limit_data*)d->node.parent; - while(d) { - if(d->below != -1) - return d->below; - d = (struct domain_limit_data*)d->node.parent; - } - return infra_dp_ratelimit; -} - -size_t ip_rate_sizefunc(void* k, void* ATTR_UNUSED(d)) -{ - struct ip_rate_key* key = (struct ip_rate_key*)k; - return sizeof(*key) + sizeof(struct ip_rate_data) - + lock_get_mem(&key->entry.lock); -} - -int ip_rate_compfunc(void* key1, void* key2) -{ - struct ip_rate_key* k1 = (struct ip_rate_key*)key1; - struct ip_rate_key* k2 = (struct ip_rate_key*)key2; - return sockaddr_cmp_addr(&k1->addr, k1->addrlen, - &k2->addr, k2->addrlen); -} - -void ip_rate_delkeyfunc(void* k, void* ATTR_UNUSED(arg)) -{ - struct ip_rate_key* key = (struct ip_rate_key*)k; - if(!key) - return; - lock_rw_destroy(&key->entry.lock); - free(key); -} - -/** find data item in array, for write access, caller unlocks */ -static struct lruhash_entry* infra_find_ratedata(struct infra_cache* infra, - uint8_t* name, size_t namelen, int wr) -{ - struct rate_key key; - hashvalue_type h = dname_query_hash(name, 0xab); - memset(&key, 0, sizeof(key)); - key.name = name; - key.namelen = namelen; - key.entry.hash = h; - return slabhash_lookup(infra->domain_rates, h, &key, wr); -} - -/** find data item in array for ip addresses */ -struct lruhash_entry* infra_find_ip_ratedata(struct infra_cache* infra, - struct comm_reply* repinfo, int wr) -{ - struct ip_rate_key key; - hashvalue_type h = hash_addr(&(repinfo->addr), - repinfo->addrlen, 0); - memset(&key, 0, sizeof(key)); - key.addr = repinfo->addr; - key.addrlen = repinfo->addrlen; - key.entry.hash = h; - return slabhash_lookup(infra->client_ip_rates, h, &key, wr); -} - -/** create rate data item for name, number 1 in now */ -static void infra_create_ratedata(struct infra_cache* infra, - uint8_t* name, size_t namelen, time_t timenow) -{ - hashvalue_type h = dname_query_hash(name, 0xab); - struct rate_key* k = (struct rate_key*)calloc(1, sizeof(*k)); - struct rate_data* d = (struct rate_data*)calloc(1, sizeof(*d)); - if(!k || !d) { - free(k); - free(d); - return; /* alloc failure */ - } - k->namelen = namelen; - k->name = memdup(name, namelen); - if(!k->name) { - free(k); - free(d); - return; /* alloc failure */ - } - lock_rw_init(&k->entry.lock); - k->entry.hash = h; - k->entry.key = k; - k->entry.data = d; - d->qps[0] = 1; - d->timestamp[0] = timenow; - slabhash_insert(infra->domain_rates, h, &k->entry, d, NULL); -} - -/** create rate data item for ip address */ -static void infra_ip_create_ratedata(struct infra_cache* infra, - struct comm_reply* repinfo, time_t timenow) -{ - hashvalue_type h = hash_addr(&(repinfo->addr), - repinfo->addrlen, 0); - struct ip_rate_key* k = (struct ip_rate_key*)calloc(1, sizeof(*k)); - struct ip_rate_data* d = (struct ip_rate_data*)calloc(1, sizeof(*d)); - if(!k || !d) { - free(k); - free(d); - return; /* alloc failure */ - } - k->addr = repinfo->addr; - k->addrlen = repinfo->addrlen; - lock_rw_init(&k->entry.lock); - k->entry.hash = h; - k->entry.key = k; - k->entry.data = d; - d->qps[0] = 1; - d->timestamp[0] = timenow; - slabhash_insert(infra->client_ip_rates, h, &k->entry, d, NULL); -} - -/** find the second and return its rate counter, if none, remove oldest */ -static int* infra_rate_find_second(void* data, time_t t) -{ - struct rate_data* d = (struct rate_data*)data; - int i, oldest; - for(i=0; itimestamp[i] == t) - return &(d->qps[i]); - } - /* remove oldest timestamp, and insert it at t with 0 qps */ - oldest = 0; - for(i=0; itimestamp[i] < d->timestamp[oldest]) - oldest = i; - } - d->timestamp[oldest] = t; - d->qps[oldest] = 0; - return &(d->qps[oldest]); -} - -int infra_rate_max(void* data, time_t now) -{ - struct rate_data* d = (struct rate_data*)data; - int i, max = 0; - for(i=0; itimestamp[i] <= RATE_WINDOW) { - if(d->qps[i] > max) - max = d->qps[i]; - } - } - return max; -} - -int infra_ratelimit_inc(struct infra_cache* infra, uint8_t* name, - size_t namelen, time_t timenow) -{ - int lim, max; - struct lruhash_entry* entry; - - if(!infra_dp_ratelimit) - return 1; /* not enabled */ - - /* find ratelimit */ - lim = infra_find_ratelimit(infra, name, namelen); - - /* find or insert ratedata */ - entry = infra_find_ratedata(infra, name, namelen, 1); - if(entry) { - int premax = infra_rate_max(entry->data, timenow); - int* cur = infra_rate_find_second(entry->data, timenow); - (*cur)++; - max = infra_rate_max(entry->data, timenow); - lock_rw_unlock(&entry->lock); - - if(premax < lim && max >= lim) { - char buf[257]; - dname_str(name, buf); - verbose(VERB_OPS, "ratelimit exceeded %s %d", buf, lim); - } - return (max < lim); - } - - /* create */ - infra_create_ratedata(infra, name, namelen, timenow); - return (1 < lim); -} - -void infra_ratelimit_dec(struct infra_cache* infra, uint8_t* name, - size_t namelen, time_t timenow) -{ - struct lruhash_entry* entry; - int* cur; - if(!infra_dp_ratelimit) - return; /* not enabled */ - entry = infra_find_ratedata(infra, name, namelen, 1); - if(!entry) return; /* not cached */ - cur = infra_rate_find_second(entry->data, timenow); - if((*cur) > 0) - (*cur)--; - lock_rw_unlock(&entry->lock); -} - -int infra_ratelimit_exceeded(struct infra_cache* infra, uint8_t* name, - size_t namelen, time_t timenow) -{ - struct lruhash_entry* entry; - int lim, max; - if(!infra_dp_ratelimit) - return 0; /* not enabled */ - - /* find ratelimit */ - lim = infra_find_ratelimit(infra, name, namelen); - - /* find current rate */ - entry = infra_find_ratedata(infra, name, namelen, 0); - if(!entry) - return 0; /* not cached */ - max = infra_rate_max(entry->data, timenow); - lock_rw_unlock(&entry->lock); - - return (max >= lim); -} - -size_t -infra_get_mem(struct infra_cache* infra) -{ - size_t s = sizeof(*infra) + slabhash_get_mem(infra->hosts); - if(infra->domain_rates) s += slabhash_get_mem(infra->domain_rates); - if(infra->client_ip_rates) s += slabhash_get_mem(infra->client_ip_rates); - /* ignore domain_limits because walk through tree is big */ - return s; -} - -int infra_ip_ratelimit_inc(struct infra_cache* infra, - struct comm_reply* repinfo, time_t timenow) -{ - int max; - struct lruhash_entry* entry; - - /* not enabled */ - if(!infra_ip_ratelimit) { - return 1; - } - /* find or insert ratedata */ - entry = infra_find_ip_ratedata(infra, repinfo, 1); - if(entry) { - int premax = infra_rate_max(entry->data, timenow); - int* cur = infra_rate_find_second(entry->data, timenow); - (*cur)++; - max = infra_rate_max(entry->data, timenow); - lock_rw_unlock(&entry->lock); - - if(premax < infra_ip_ratelimit && max >= infra_ip_ratelimit) { - char client_ip[128]; - addr_to_str((struct sockaddr_storage *)&repinfo->addr, - repinfo->addrlen, client_ip, sizeof(client_ip)); - verbose(VERB_OPS, "ratelimit exceeded %s %d", client_ip, - infra_ip_ratelimit); - } - return (max <= infra_ip_ratelimit); - } - - /* create */ - infra_ip_create_ratedata(infra, repinfo, timenow); - return 1; -} diff --git a/external/unbound/services/cache/infra.h b/external/unbound/services/cache/infra.h deleted file mode 100644 index 6f9471a39..000000000 --- a/external/unbound/services/cache/infra.h +++ /dev/null @@ -1,462 +0,0 @@ -/* - * services/cache/infra.h - infrastructure cache, server rtt and capabilities - * - * Copyright (c) 2007, NLnet Labs. All rights reserved. - * - * This software is open source. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * Redistributions of source code must retain the above copyright notice, - * this list of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, - * this list of conditions and the following disclaimer in the documentation - * and/or other materials provided with the distribution. - * - * Neither the name of the NLNET LABS nor the names of its contributors may - * be used to endorse or promote products derived from this software without - * specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR - * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT - * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED - * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR - * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF - * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING - * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -/** - * \file - * - * This file contains the infrastructure cache, as well as rate limiting. - * Note that there are two sorts of rate-limiting here: - * - Pre-cache, per-query rate limiting (query ratelimits) - * - Post-cache, per-domain name rate limiting (infra-ratelimits) - */ - -#ifndef SERVICES_CACHE_INFRA_H -#define SERVICES_CACHE_INFRA_H -#include "util/storage/lruhash.h" -#include "util/storage/dnstree.h" -#include "util/rtt.h" -#include "util/netevent.h" -#include "util/data/msgreply.h" -struct slabhash; -struct config_file; - -/** - * Host information kept for every server, per zone. - */ -struct infra_key { - /** the host address. */ - struct sockaddr_storage addr; - /** length of addr. */ - socklen_t addrlen; - /** zone name in wireformat */ - uint8_t* zonename; - /** length of zonename */ - size_t namelen; - /** hash table entry, data of type infra_data. */ - struct lruhash_entry entry; -}; - -/** - * Host information encompasses host capabilities and retransmission timeouts. - * And lameness information (notAuthoritative, noEDNS, Recursive) - */ -struct infra_data { - /** TTL value for this entry. absolute time. */ - time_t ttl; - - /** time in seconds (absolute) when probing re-commences, 0 disabled */ - time_t probedelay; - /** round trip times for timeout calculation */ - struct rtt_info rtt; - - /** edns version that the host supports, -1 means no EDNS */ - int edns_version; - /** if the EDNS lameness is already known or not. - * EDNS lame is when EDNS queries or replies are dropped, - * and cause a timeout */ - uint8_t edns_lame_known; - - /** is the host lame (does not serve the zone authoritatively), - * or is the host dnssec lame (does not serve DNSSEC data) */ - uint8_t isdnsseclame; - /** is the host recursion lame (not AA, but RA) */ - uint8_t rec_lame; - /** the host is lame (not authoritative) for A records */ - uint8_t lame_type_A; - /** the host is lame (not authoritative) for other query types */ - uint8_t lame_other; - - /** timeouts counter for type A */ - uint8_t timeout_A; - /** timeouts counter for type AAAA */ - uint8_t timeout_AAAA; - /** timeouts counter for others */ - uint8_t timeout_other; -}; - -/** - * Infra cache - */ -struct infra_cache { - /** The hash table with hosts */ - struct slabhash* hosts; - /** TTL value for host information, in seconds */ - int host_ttl; - /** hash table with query rates per name: rate_key, rate_data */ - struct slabhash* domain_rates; - /** ratelimit settings for domains, struct domain_limit_data */ - rbtree_type domain_limits; - /** hash table with query rates per client ip: ip_rate_key, ip_rate_data */ - struct slabhash* client_ip_rates; -}; - -/** ratelimit, unless overridden by domain_limits, 0 is off */ -extern int infra_dp_ratelimit; - -/** - * ratelimit settings for domains - */ -struct domain_limit_data { - /** key for rbtree, must be first in struct, name of domain */ - struct name_tree_node node; - /** ratelimit for exact match with this name, -1 if not set */ - int lim; - /** ratelimit for names below this name, -1 if not set */ - int below; -}; - -/** - * key for ratelimit lookups, a domain name - */ -struct rate_key { - /** lruhash key entry */ - struct lruhash_entry entry; - /** domain name in uncompressed wireformat */ - uint8_t* name; - /** length of name */ - size_t namelen; -}; - -/** ip ratelimit, 0 is off */ -extern int infra_ip_ratelimit; - -/** - * key for ip_ratelimit lookups, a source IP. - */ -struct ip_rate_key { - /** lruhash key entry */ - struct lruhash_entry entry; - /** client ip information */ - struct sockaddr_storage addr; - /** length of address */ - socklen_t addrlen; -}; - -/** number of seconds to track qps rate */ -#define RATE_WINDOW 2 - -/** - * Data for ratelimits per domain name - * It is incremented when a non-cache-lookup happens for that domain name. - * The name is the delegation point we have for the name. - * If a new delegation point is found (a referral reply), the previous - * delegation point is decremented, and the new one is charged with the query. - */ -struct rate_data { - /** queries counted, for that second. 0 if not in use. */ - int qps[RATE_WINDOW]; - /** what the timestamp is of the qps array members, counter is - * valid for that timestamp. Usually now and now-1. */ - time_t timestamp[RATE_WINDOW]; -}; - -#define ip_rate_data rate_data - -/** infra host cache default hash lookup size */ -#define INFRA_HOST_STARTSIZE 32 -/** bytes per zonename reserved in the hostcache, dnamelen(zonename.com.) */ -#define INFRA_BYTES_NAME 14 - -/** - * Create infra cache. - * @param cfg: config parameters or NULL for defaults. - * @return: new infra cache, or NULL. - */ -struct infra_cache* infra_create(struct config_file* cfg); - -/** - * Delete infra cache. - * @param infra: infrastructure cache to delete. - */ -void infra_delete(struct infra_cache* infra); - -/** - * Adjust infra cache to use updated configuration settings. - * This may clean the cache. Operates a bit like realloc. - * There may be no threading or use by other threads. - * @param infra: existing cache. If NULL a new infra cache is returned. - * @param cfg: config options. - * @return the new infra cache pointer or NULL on error. - */ -struct infra_cache* infra_adjust(struct infra_cache* infra, - struct config_file* cfg); - -/** - * Plain find infra data function (used by the the other functions) - * @param infra: infrastructure cache. - * @param addr: host address. - * @param addrlen: length of addr. - * @param name: domain name of zone. - * @param namelen: length of domain name. - * @param wr: if true, writelock, else readlock. - * @return the entry, could be expired (this is not checked) or NULL. - */ -struct lruhash_entry* infra_lookup_nottl(struct infra_cache* infra, - struct sockaddr_storage* addr, socklen_t addrlen, uint8_t* name, - size_t namelen, int wr); - -/** - * Find host information to send a packet. Creates new entry if not found. - * Lameness is empty. EDNS is 0 (try with first), and rtt is returned for - * the first message to it. - * Use this to send a packet only, because it also locks out others when - * probing is restricted. - * @param infra: infrastructure cache. - * @param addr: host address. - * @param addrlen: length of addr. - * @param name: domain name of zone. - * @param namelen: length of domain name. - * @param timenow: what time it is now. - * @param edns_vs: edns version it supports, is returned. - * @param edns_lame_known: if EDNS lame (EDNS is dropped in transit) has - * already been probed, is returned. - * @param to: timeout to use, is returned. - * @return: 0 on error. - */ -int infra_host(struct infra_cache* infra, struct sockaddr_storage* addr, - socklen_t addrlen, uint8_t* name, size_t namelen, - time_t timenow, int* edns_vs, uint8_t* edns_lame_known, int* to); - -/** - * Set a host to be lame for the given zone. - * @param infra: infrastructure cache. - * @param addr: host address. - * @param addrlen: length of addr. - * @param name: domain name of zone apex. - * @param namelen: length of domain name. - * @param timenow: what time it is now. - * @param dnsseclame: if true the host is set dnssec lame. - * if false, the host is marked lame (not serving the zone). - * @param reclame: if true host is a recursor not AA server. - * if false, dnsseclame or marked lame. - * @param qtype: the query type for which it is lame. - * @return: 0 on error. - */ -int infra_set_lame(struct infra_cache* infra, - struct sockaddr_storage* addr, socklen_t addrlen, - uint8_t* name, size_t namelen, time_t timenow, int dnsseclame, - int reclame, uint16_t qtype); - -/** - * Update rtt information for the host. - * @param infra: infrastructure cache. - * @param addr: host address. - * @param addrlen: length of addr. - * @param name: zone name - * @param namelen: zone name length - * @param qtype: query type. - * @param roundtrip: estimate of roundtrip time in milliseconds or -1 for - * timeout. - * @param orig_rtt: original rtt for the query that timed out (roundtrip==-1). - * ignored if roundtrip != -1. - * @param timenow: what time it is now. - * @return: 0 on error. new rto otherwise. - */ -int infra_rtt_update(struct infra_cache* infra, struct sockaddr_storage* addr, - socklen_t addrlen, uint8_t* name, size_t namelen, int qtype, - int roundtrip, int orig_rtt, time_t timenow); - -/** - * Update information for the host, store that a TCP transaction works. - * @param infra: infrastructure cache. - * @param addr: host address. - * @param addrlen: length of addr. - * @param name: name of zone - * @param namelen: length of name - */ -void infra_update_tcp_works(struct infra_cache* infra, - struct sockaddr_storage* addr, socklen_t addrlen, - uint8_t* name, size_t namelen); - -/** - * Update edns information for the host. - * @param infra: infrastructure cache. - * @param addr: host address. - * @param addrlen: length of addr. - * @param name: name of zone - * @param namelen: length of name - * @param edns_version: the version that it publishes. - * If it is known to support EDNS then no-EDNS is not stored over it. - * @param timenow: what time it is now. - * @return: 0 on error. - */ -int infra_edns_update(struct infra_cache* infra, - struct sockaddr_storage* addr, socklen_t addrlen, - uint8_t* name, size_t namelen, int edns_version, time_t timenow); - -/** - * Get Lameness information and average RTT if host is in the cache. - * This information is to be used for server selection. - * @param infra: infrastructure cache. - * @param addr: host address. - * @param addrlen: length of addr. - * @param name: zone name. - * @param namelen: zone name length. - * @param qtype: the query to be made. - * @param lame: if function returns true, this returns lameness of the zone. - * @param dnsseclame: if function returns true, this returns if the zone - * is dnssec-lame. - * @param reclame: if function returns true, this is if it is recursion lame. - * @param rtt: if function returns true, this returns avg rtt of the server. - * The rtt value is unclamped and reflects recent timeouts. - * @param timenow: what time it is now. - * @return if found in cache, or false if not (or TTL bad). - */ -int infra_get_lame_rtt(struct infra_cache* infra, - struct sockaddr_storage* addr, socklen_t addrlen, - uint8_t* name, size_t namelen, uint16_t qtype, - int* lame, int* dnsseclame, int* reclame, int* rtt, time_t timenow); - -/** - * Get additional (debug) info on timing. - * @param infra: infra cache. - * @param addr: host address. - * @param addrlen: length of addr. - * @param name: zone name - * @param namelen: zone name length - * @param rtt: the rtt_info is copied into here (caller alloced return struct). - * @param delay: probe delay (if any). - * @param timenow: what time it is now. - * @param tA: timeout counter on type A. - * @param tAAAA: timeout counter on type AAAA. - * @param tother: timeout counter on type other. - * @return TTL the infra host element is valid for. If -1: not found in cache. - * TTL -2: found but expired. - */ -long long infra_get_host_rto(struct infra_cache* infra, - struct sockaddr_storage* addr, socklen_t addrlen, uint8_t* name, - size_t namelen, struct rtt_info* rtt, int* delay, time_t timenow, - int* tA, int* tAAAA, int* tother); - -/** - * Increment the query rate counter for a delegation point. - * @param infra: infra cache. - * @param name: zone name - * @param namelen: zone name length - * @param timenow: what time it is now. - * @return 1 if it could be incremented. 0 if the increment overshot the - * ratelimit or if in the previous second the ratelimit was exceeded. - * Failures like alloc failures are not returned (probably as 1). - */ -int infra_ratelimit_inc(struct infra_cache* infra, uint8_t* name, - size_t namelen, time_t timenow); - -/** - * Decrement the query rate counter for a delegation point. - * Because the reply received for the delegation point was pleasant, - * we do not charge this delegation point with it (i.e. it was a referral). - * Should call it with same second as when inc() was called. - * @param infra: infra cache. - * @param name: zone name - * @param namelen: zone name length - * @param timenow: what time it is now. - */ -void infra_ratelimit_dec(struct infra_cache* infra, uint8_t* name, - size_t namelen, time_t timenow); - -/** - * See if the query rate counter for a delegation point is exceeded. - * So, no queries are going to be allowed. - * @param infra: infra cache. - * @param name: zone name - * @param namelen: zone name length - * @param timenow: what time it is now. - * @return true if exceeded. - */ -int infra_ratelimit_exceeded(struct infra_cache* infra, uint8_t* name, - size_t namelen, time_t timenow); - -/** find the maximum rate stored, not too old. 0 if no information. */ -int infra_rate_max(void* data, time_t now); - -/** find the ratelimit in qps for a domain */ -int infra_find_ratelimit(struct infra_cache* infra, uint8_t* name, - size_t namelen); - -/** Update query ratelimit hash and decide - * whether or not a query should be dropped. - * @param infra: infra cache - * @param repinfo: information about client - * @param timenow: what time it is now. - * @return 1 if it could be incremented. 0 if the increment overshot the - * ratelimit and the query should be dropped. */ -int infra_ip_ratelimit_inc(struct infra_cache* infra, - struct comm_reply* repinfo, time_t timenow); - -/** - * Get memory used by the infra cache. - * @param infra: infrastructure cache. - * @return memory in use in bytes. - */ -size_t infra_get_mem(struct infra_cache* infra); - -/** calculate size for the hashtable, does not count size of lameness, - * so the hashtable is a fixed number of items */ -size_t infra_sizefunc(void* k, void* d); - -/** compare two addresses, returns -1, 0, or +1 */ -int infra_compfunc(void* key1, void* key2); - -/** delete key, and destroy the lock */ -void infra_delkeyfunc(void* k, void* arg); - -/** delete data and destroy the lameness hashtable */ -void infra_deldatafunc(void* d, void* arg); - -/** calculate size for the hashtable */ -size_t rate_sizefunc(void* k, void* d); - -/** compare two names, returns -1, 0, or +1 */ -int rate_compfunc(void* key1, void* key2); - -/** delete key, and destroy the lock */ -void rate_delkeyfunc(void* k, void* arg); - -/** delete data */ -void rate_deldatafunc(void* d, void* arg); - -/* calculate size for the client ip hashtable */ -size_t ip_rate_sizefunc(void* k, void* d); - -/* compare two addresses */ -int ip_rate_compfunc(void* key1, void* key2); - -/* delete key, and destroy the lock */ -void ip_rate_delkeyfunc(void* d, void* arg); - -/* delete data */ -#define ip_rate_deldatafunc rate_deldatafunc - -#endif /* SERVICES_CACHE_INFRA_H */ diff --git a/external/unbound/services/cache/rrset.c b/external/unbound/services/cache/rrset.c deleted file mode 100644 index 7e5732b76..000000000 --- a/external/unbound/services/cache/rrset.c +++ /dev/null @@ -1,419 +0,0 @@ -/* - * services/cache/rrset.c - Resource record set cache. - * - * Copyright (c) 2007, NLnet Labs. All rights reserved. - * - * This software is open source. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * Redistributions of source code must retain the above copyright notice, - * this list of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, - * this list of conditions and the following disclaimer in the documentation - * and/or other materials provided with the distribution. - * - * Neither the name of the NLNET LABS nor the names of its contributors may - * be used to endorse or promote products derived from this software without - * specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR - * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT - * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED - * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR - * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF - * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING - * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -/** - * \file - * - * This file contains the rrset cache. - */ -#include "config.h" -#include "services/cache/rrset.h" -#include "sldns/rrdef.h" -#include "util/storage/slabhash.h" -#include "util/config_file.h" -#include "util/data/packed_rrset.h" -#include "util/data/msgreply.h" -#include "util/regional.h" -#include "util/alloc.h" - -void -rrset_markdel(void* key) -{ - struct ub_packed_rrset_key* r = (struct ub_packed_rrset_key*)key; - r->id = 0; -} - -struct rrset_cache* rrset_cache_create(struct config_file* cfg, - struct alloc_cache* alloc) -{ - size_t slabs = (cfg?cfg->rrset_cache_slabs:HASH_DEFAULT_SLABS); - size_t startarray = HASH_DEFAULT_STARTARRAY; - size_t maxmem = (cfg?cfg->rrset_cache_size:HASH_DEFAULT_MAXMEM); - - struct rrset_cache *r = (struct rrset_cache*)slabhash_create(slabs, - startarray, maxmem, ub_rrset_sizefunc, ub_rrset_compare, - ub_rrset_key_delete, rrset_data_delete, alloc); - slabhash_setmarkdel(&r->table, &rrset_markdel); - return r; -} - -void rrset_cache_delete(struct rrset_cache* r) -{ - if(!r) - return; - slabhash_delete(&r->table); - /* slabhash delete also does free(r), since table is first in struct*/ -} - -struct rrset_cache* rrset_cache_adjust(struct rrset_cache *r, - struct config_file* cfg, struct alloc_cache* alloc) -{ - if(!r || !cfg || cfg->rrset_cache_slabs != r->table.size || - cfg->rrset_cache_size != slabhash_get_size(&r->table)) - { - rrset_cache_delete(r); - r = rrset_cache_create(cfg, alloc); - } - return r; -} - -void -rrset_cache_touch(struct rrset_cache* r, struct ub_packed_rrset_key* key, - hashvalue_type hash, rrset_id_type id) -{ - struct lruhash* table = slabhash_gettable(&r->table, hash); - /* - * This leads to locking problems, deadlocks, if the caller is - * holding any other rrset lock. - * Because a lookup through the hashtable does: - * tablelock -> entrylock (for that entry caller holds) - * And this would do - * entrylock(already held) -> tablelock - * And if two threads do this, it results in deadlock. - * So, the caller must not hold entrylock. - */ - lock_quick_lock(&table->lock); - /* we have locked the hash table, the item can still be deleted. - * because it could already have been reclaimed, but not yet set id=0. - * This is because some lruhash routines have lazy deletion. - * so, we must acquire a lock on the item to verify the id != 0. - * also, with hash not changed, we are using the right slab. - */ - lock_rw_rdlock(&key->entry.lock); - if(key->id == id && key->entry.hash == hash) { - lru_touch(table, &key->entry); - } - lock_rw_unlock(&key->entry.lock); - lock_quick_unlock(&table->lock); -} - -/** see if rrset needs to be updated in the cache */ -static int -need_to_update_rrset(void* nd, void* cd, time_t timenow, int equal, int ns) -{ - struct packed_rrset_data* newd = (struct packed_rrset_data*)nd; - struct packed_rrset_data* cached = (struct packed_rrset_data*)cd; - /* o store if rrset has been validated - * everything better than bogus data - * secure is preferred */ - if( newd->security == sec_status_secure && - cached->security != sec_status_secure) - return 1; - if( cached->security == sec_status_bogus && - newd->security != sec_status_bogus && !equal) - return 1; - /* o if current RRset is more trustworthy - insert it */ - if( newd->trust > cached->trust ) { - /* if the cached rrset is bogus, and this one equal, - * do not update the TTL - let it expire. */ - if(equal && cached->ttl >= timenow && - cached->security == sec_status_bogus) - return 0; - return 1; - } - /* o item in cache has expired */ - if( cached->ttl < timenow ) - return 1; - /* o same trust, but different in data - insert it */ - if( newd->trust == cached->trust && !equal ) { - /* if this is type NS, do not 'stick' to owner that changes - * the NS RRset, but use the old TTL for the new data, and - * update to fetch the latest data. ttl is not expired, because - * that check was before this one. */ - if(ns) { - size_t i; - newd->ttl = cached->ttl; - for(i=0; i<(newd->count+newd->rrsig_count); i++) - if(newd->rr_ttl[i] > newd->ttl) - newd->rr_ttl[i] = newd->ttl; - } - return 1; - } - return 0; -} - -/** Update RRSet special key ID */ -static void -rrset_update_id(struct rrset_ref* ref, struct alloc_cache* alloc) -{ - /* this may clear the cache and invalidate lock below */ - uint64_t newid = alloc_get_id(alloc); - /* obtain writelock */ - lock_rw_wrlock(&ref->key->entry.lock); - /* check if it was deleted in the meantime, if so, skip update */ - if(ref->key->id == ref->id) { - ref->key->id = newid; - ref->id = newid; - } - lock_rw_unlock(&ref->key->entry.lock); -} - -int -rrset_cache_update(struct rrset_cache* r, struct rrset_ref* ref, - struct alloc_cache* alloc, time_t timenow) -{ - struct lruhash_entry* e; - struct ub_packed_rrset_key* k = ref->key; - hashvalue_type h = k->entry.hash; - uint16_t rrset_type = ntohs(k->rk.type); - int equal = 0; - log_assert(ref->id != 0 && k->id != 0); - log_assert(k->rk.dname != NULL); - /* looks up item with a readlock - no editing! */ - if((e=slabhash_lookup(&r->table, h, k, 0)) != 0) { - /* return id and key as they will be used in the cache - * since the lruhash_insert, if item already exists, deallocs - * the passed key in favor of the already stored key. - * because of the small gap (see below) this key ptr and id - * may prove later to be already deleted, which is no problem - * as it only makes a cache miss. - */ - ref->key = (struct ub_packed_rrset_key*)e->key; - ref->id = ref->key->id; - equal = rrsetdata_equal((struct packed_rrset_data*)k->entry. - data, (struct packed_rrset_data*)e->data); - if(!need_to_update_rrset(k->entry.data, e->data, timenow, - equal, (rrset_type==LDNS_RR_TYPE_NS))) { - /* cache is superior, return that value */ - lock_rw_unlock(&e->lock); - ub_packed_rrset_parsedelete(k, alloc); - if(equal) return 2; - return 1; - } - lock_rw_unlock(&e->lock); - /* Go on and insert the passed item. - * small gap here, where entry is not locked. - * possibly entry is updated with something else. - * we then overwrite that with our data. - * this is just too bad, its cache anyway. */ - /* use insert to update entry to manage lruhash - * cache size values nicely. */ - } - log_assert(ref->key->id != 0); - slabhash_insert(&r->table, h, &k->entry, k->entry.data, alloc); - if(e) { - /* For NSEC, NSEC3, DNAME, when rdata is updated, update - * the ID number so that proofs in message cache are - * invalidated */ - if((rrset_type == LDNS_RR_TYPE_NSEC - || rrset_type == LDNS_RR_TYPE_NSEC3 - || rrset_type == LDNS_RR_TYPE_DNAME) && !equal) { - rrset_update_id(ref, alloc); - } - return 1; - } - return 0; -} - -struct ub_packed_rrset_key* -rrset_cache_lookup(struct rrset_cache* r, uint8_t* qname, size_t qnamelen, - uint16_t qtype, uint16_t qclass, uint32_t flags, time_t timenow, - int wr) -{ - struct lruhash_entry* e; - struct ub_packed_rrset_key key; - - key.entry.key = &key; - key.entry.data = NULL; - key.rk.dname = qname; - key.rk.dname_len = qnamelen; - key.rk.type = htons(qtype); - key.rk.rrset_class = htons(qclass); - key.rk.flags = flags; - - key.entry.hash = rrset_key_hash(&key.rk); - - if((e = slabhash_lookup(&r->table, key.entry.hash, &key, wr))) { - /* check TTL */ - struct packed_rrset_data* data = - (struct packed_rrset_data*)e->data; - if(timenow > data->ttl) { - lock_rw_unlock(&e->lock); - return NULL; - } - /* we're done */ - return (struct ub_packed_rrset_key*)e->key; - } - return NULL; -} - -int -rrset_array_lock(struct rrset_ref* ref, size_t count, time_t timenow) -{ - size_t i; - for(i=0; i0 && ref[i].key == ref[i-1].key) - continue; /* only lock items once */ - lock_rw_rdlock(&ref[i].key->entry.lock); - if(ref[i].id != ref[i].key->id || timenow > - ((struct packed_rrset_data*)(ref[i].key->entry.data)) - ->ttl) { - /* failure! rollback our readlocks */ - rrset_array_unlock(ref, i+1); - return 0; - } - } - return 1; -} - -void -rrset_array_unlock(struct rrset_ref* ref, size_t count) -{ - size_t i; - for(i=0; i0 && ref[i].key == ref[i-1].key) - continue; /* only unlock items once */ - lock_rw_unlock(&ref[i].key->entry.lock); - } -} - -void -rrset_array_unlock_touch(struct rrset_cache* r, struct regional* scratch, - struct rrset_ref* ref, size_t count) -{ - hashvalue_type* h; - size_t i; - if(count > RR_COUNT_MAX || !(h = (hashvalue_type*)regional_alloc( - scratch, sizeof(hashvalue_type)*count))) { - log_warn("rrset LRU: memory allocation failed"); - h = NULL; - } else /* store hash values */ - for(i=0; ientry.hash; - /* unlock */ - for(i=0; i0 && ref[i].key == ref[i-1].key) - continue; /* only unlock items once */ - lock_rw_unlock(&ref[i].key->entry.lock); - } - if(h) { - /* LRU touch, with no rrset locks held */ - for(i=0; i0 && ref[i].key == ref[i-1].key) - continue; /* only touch items once */ - rrset_cache_touch(r, ref[i].key, h[i], ref[i].id); - } - } -} - -void -rrset_update_sec_status(struct rrset_cache* r, - struct ub_packed_rrset_key* rrset, time_t now) -{ - struct packed_rrset_data* updata = - (struct packed_rrset_data*)rrset->entry.data; - struct lruhash_entry* e; - struct packed_rrset_data* cachedata; - - /* hash it again to make sure it has a hash */ - rrset->entry.hash = rrset_key_hash(&rrset->rk); - - e = slabhash_lookup(&r->table, rrset->entry.hash, rrset, 1); - if(!e) - return; /* not in the cache anymore */ - cachedata = (struct packed_rrset_data*)e->data; - if(!rrsetdata_equal(updata, cachedata)) { - lock_rw_unlock(&e->lock); - return; /* rrset has changed in the meantime */ - } - /* update the cached rrset */ - if(updata->security > cachedata->security) { - size_t i; - if(updata->trust > cachedata->trust) - cachedata->trust = updata->trust; - cachedata->security = updata->security; - /* for NS records only shorter TTLs, other types: update it */ - if(ntohs(rrset->rk.type) != LDNS_RR_TYPE_NS || - updata->ttl+now < cachedata->ttl || - cachedata->ttl < now || - updata->security == sec_status_bogus) { - cachedata->ttl = updata->ttl + now; - for(i=0; icount+cachedata->rrsig_count; i++) - cachedata->rr_ttl[i] = updata->rr_ttl[i]+now; - } - } - lock_rw_unlock(&e->lock); -} - -void -rrset_check_sec_status(struct rrset_cache* r, - struct ub_packed_rrset_key* rrset, time_t now) -{ - struct packed_rrset_data* updata = - (struct packed_rrset_data*)rrset->entry.data; - struct lruhash_entry* e; - struct packed_rrset_data* cachedata; - - /* hash it again to make sure it has a hash */ - rrset->entry.hash = rrset_key_hash(&rrset->rk); - - e = slabhash_lookup(&r->table, rrset->entry.hash, rrset, 0); - if(!e) - return; /* not in the cache anymore */ - cachedata = (struct packed_rrset_data*)e->data; - if(now > cachedata->ttl || !rrsetdata_equal(updata, cachedata)) { - lock_rw_unlock(&e->lock); - return; /* expired, or rrset has changed in the meantime */ - } - if(cachedata->security > updata->security) { - updata->security = cachedata->security; - if(cachedata->security == sec_status_bogus) { - size_t i; - updata->ttl = cachedata->ttl - now; - for(i=0; icount+cachedata->rrsig_count; i++) - if(cachedata->rr_ttl[i] < now) - updata->rr_ttl[i] = 0; - else updata->rr_ttl[i] = - cachedata->rr_ttl[i]-now; - } - if(cachedata->trust > updata->trust) - updata->trust = cachedata->trust; - } - lock_rw_unlock(&e->lock); -} - -void rrset_cache_remove(struct rrset_cache* r, uint8_t* nm, size_t nmlen, - uint16_t type, uint16_t dclass, uint32_t flags) -{ - struct ub_packed_rrset_key key; - key.entry.key = &key; - key.rk.dname = nm; - key.rk.dname_len = nmlen; - key.rk.rrset_class = htons(dclass); - key.rk.type = htons(type); - key.rk.flags = flags; - key.entry.hash = rrset_key_hash(&key.rk); - slabhash_remove(&r->table, key.entry.hash, &key); -} diff --git a/external/unbound/services/cache/rrset.h b/external/unbound/services/cache/rrset.h deleted file mode 100644 index d5439ef08..000000000 --- a/external/unbound/services/cache/rrset.h +++ /dev/null @@ -1,231 +0,0 @@ -/* - * services/cache/rrset.h - Resource record set cache. - * - * Copyright (c) 2007, NLnet Labs. All rights reserved. - * - * This software is open source. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * Redistributions of source code must retain the above copyright notice, - * this list of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, - * this list of conditions and the following disclaimer in the documentation - * and/or other materials provided with the distribution. - * - * Neither the name of the NLNET LABS nor the names of its contributors may - * be used to endorse or promote products derived from this software without - * specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR - * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT - * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED - * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR - * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF - * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING - * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -/** - * \file - * - * This file contains the rrset cache. - */ - -#ifndef SERVICES_CACHE_RRSET_H -#define SERVICES_CACHE_RRSET_H -#include "util/storage/lruhash.h" -#include "util/storage/slabhash.h" -#include "util/data/packed_rrset.h" -struct config_file; -struct alloc_cache; -struct rrset_ref; -struct regional; - -/** - * The rrset cache - * Thin wrapper around hashtable, like a typedef. - */ -struct rrset_cache { - /** uses partitioned hash table */ - struct slabhash table; -}; - -/** - * Create rrset cache - * @param cfg: config settings or NULL for defaults. - * @param alloc: initial default rrset key allocation. - * @return: NULL on error. - */ -struct rrset_cache* rrset_cache_create(struct config_file* cfg, - struct alloc_cache* alloc); - -/** - * Delete rrset cache - * @param r: rrset cache to delete. - */ -void rrset_cache_delete(struct rrset_cache* r); - -/** - * Adjust settings of the cache to settings from the config file. - * May purge the cache. May recreate the cache. - * There may be no threading or use by other threads. - * @param r: rrset cache to adjust (like realloc). - * @param cfg: config settings or NULL for defaults. - * @param alloc: initial default rrset key allocation. - * @return 0 on error, or new rrset cache pointer on success. - */ -struct rrset_cache* rrset_cache_adjust(struct rrset_cache* r, - struct config_file* cfg, struct alloc_cache* alloc); - -/** - * Touch rrset, with given pointer and id. - * Caller may not hold a lock on ANY rrset, this could give deadlock. - * - * This routine is faster than a hashtable lookup: - * o no bin_lock is acquired. - * o no walk through the bin-overflow-list. - * o no comparison of the entry key to find it. - * - * @param r: rrset cache. - * @param key: rrset key. Marked recently used (if it was not deleted - * before the lock is acquired, in that case nothing happens). - * @param hash: hash value of the item. Please read it from the key when - * you have it locked. Used to find slab from slabhash. - * @param id: used to check that the item is unchanged and not deleted. - */ -void rrset_cache_touch(struct rrset_cache* r, struct ub_packed_rrset_key* key, - hashvalue_type hash, rrset_id_type id); - -/** - * Update an rrset in the rrset cache. Stores the information for later use. - * Will lookup if the rrset is in the cache and perform an update if necessary. - * If the item was present, and superior, references are returned to that. - * The passed item is then deallocated with rrset_parsedelete. - * - * A superior rrset is: - * o rrset with better trust value. - * o same trust value, different rdata, newly passed rrset is inserted. - * If rdata is the same, TTL in the cache is updated. - * - * @param r: the rrset cache. - * @param ref: reference (ptr and id) to the rrset. Pass reference setup for - * the new rrset. The reference may be changed if the cached rrset is - * superior. - * Before calling the rrset is presumed newly allocated and changeable. - * Afer calling you do not hold a lock, and the rrset is inserted in - * the hashtable so you need a lock to change it. - * @param alloc: how to allocate (and deallocate) the special rrset key. - * @param timenow: current time (to see if ttl in cache is expired). - * @return: true if the passed reference is updated, false if it is unchanged. - * 0: reference unchanged, inserted in cache. - * 1: reference updated, item is inserted in cache. - * 2: reference updated, item in cache is considered superior. - * also the rdata is equal (but other parameters in cache are superior). - */ -int rrset_cache_update(struct rrset_cache* r, struct rrset_ref* ref, - struct alloc_cache* alloc, time_t timenow); - -/** - * Lookup rrset. You obtain read/write lock. You must unlock before lookup - * anything of else. - * @param r: the rrset cache. - * @param qname: name of rrset to lookup. - * @param qnamelen: length of name of rrset to lookup. - * @param qtype: type of rrset to lookup (host order). - * @param qclass: class of rrset to lookup (host order). - * @param flags: rrset flags, or 0. - * @param timenow: used to compare with TTL. - * @param wr: set true to get writelock. - * @return packed rrset key pointer. Remember to unlock the key.entry.lock. - * or NULL if could not be found or it was timed out. - */ -struct ub_packed_rrset_key* rrset_cache_lookup(struct rrset_cache* r, - uint8_t* qname, size_t qnamelen, uint16_t qtype, uint16_t qclass, - uint32_t flags, time_t timenow, int wr); - -/** - * Obtain readlock on a (sorted) list of rrset references. - * Checks TTLs and IDs of the rrsets and rollbacks locking if not Ok. - * @param ref: array of rrset references (key pointer and ID value). - * duplicate references are allowed and handled. - * @param count: size of array. - * @param timenow: used to compare with TTL. - * @return true on success, false on a failure, which can be that some - * RRsets have timed out, or that they do not exist any more, the - * RRsets have been purged from the cache. - * If true, you hold readlocks on all the ref items. - */ -int rrset_array_lock(struct rrset_ref* ref, size_t count, time_t timenow); - -/** - * Unlock array (sorted) of rrset references. - * @param ref: array of rrset references (key pointer and ID value). - * duplicate references are allowed and handled. - * @param count: size of array. - */ -void rrset_array_unlock(struct rrset_ref* ref, size_t count); - -/** - * Unlock array (sorted) of rrset references and at the same time - * touch LRU on the rrsets. It needs the scratch region for temporary - * storage as it uses the initial locks to obtain hash values. - * @param r: the rrset cache. In this cache LRU is updated. - * @param scratch: region for temporary storage of hash values. - * if memory allocation fails, the lru touch fails silently, - * but locks are released. memory errors are logged. - * @param ref: array of rrset references (key pointer and ID value). - * duplicate references are allowed and handled. - * @param count: size of array. - */ -void rrset_array_unlock_touch(struct rrset_cache* r, struct regional* scratch, - struct rrset_ref* ref, size_t count); - -/** - * Update security status of an rrset. Looks up the rrset. - * If found, checks if rdata is equal. - * If so, it will update the security, trust and rrset-ttl values. - * The values are only updated if security is increased (towards secure). - * @param r: the rrset cache. - * @param rrset: which rrset to attempt to update. This rrset is left - * untouched. The rrset in the cache is updated in-place. - * @param now: current time. - */ -void rrset_update_sec_status(struct rrset_cache* r, - struct ub_packed_rrset_key* rrset, time_t now); - -/** - * Looks up security status of an rrset. Looks up the rrset. - * If found, checks if rdata is equal, and entry did not expire. - * If so, it will update the security, trust and rrset-ttl values. - * @param r: the rrset cache. - * @param rrset: This rrset may change security status due to the cache. - * But its status will only improve, towards secure. - * @param now: current time. - */ -void rrset_check_sec_status(struct rrset_cache* r, - struct ub_packed_rrset_key* rrset, time_t now); - -/** - * Remove an rrset from the cache, by name and type and flags - * @param r: rrset cache - * @param nm: name of rrset - * @param nmlen: length of name - * @param type: type of rrset - * @param dclass: class of rrset, host order - * @param flags: flags of rrset, host order - */ -void rrset_cache_remove(struct rrset_cache* r, uint8_t* nm, size_t nmlen, - uint16_t type, uint16_t dclass, uint32_t flags); - -/** mark rrset to be deleted, set id=0 */ -void rrset_markdel(void* key); - -#endif /* SERVICES_CACHE_RRSET_H */ diff --git a/external/unbound/services/listen_dnsport.c b/external/unbound/services/listen_dnsport.c deleted file mode 100644 index 37ee9a6b9..000000000 --- a/external/unbound/services/listen_dnsport.c +++ /dev/null @@ -1,1435 +0,0 @@ -/* - * services/listen_dnsport.c - listen on port 53 for incoming DNS queries. - * - * Copyright (c) 2007, NLnet Labs. All rights reserved. - * - * This software is open source. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * Redistributions of source code must retain the above copyright notice, - * this list of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, - * this list of conditions and the following disclaimer in the documentation - * and/or other materials provided with the distribution. - * - * Neither the name of the NLNET LABS nor the names of its contributors may - * be used to endorse or promote products derived from this software without - * specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR - * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT - * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED - * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR - * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF - * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING - * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -/** - * \file - * - * This file has functions to get queries from clients. - */ -#include "config.h" -#ifdef HAVE_SYS_TYPES_H -# include -#endif -#include -#ifdef USE_TCP_FASTOPEN -#include -#endif -#include "services/listen_dnsport.h" -#include "services/outside_network.h" -#include "util/netevent.h" -#include "util/log.h" -#include "util/config_file.h" -#include "util/net_help.h" -#include "sldns/sbuffer.h" - -#ifdef HAVE_NETDB_H -#include -#endif -#include - -#ifdef HAVE_SYS_UN_H -#include -#endif - -#ifdef HAVE_SYSTEMD -#include -#endif - -/** number of queued TCP connections for listen() */ -#define TCP_BACKLOG 256 - -/** - * Debug print of the getaddrinfo returned address. - * @param addr: the address returned. - */ -static void -verbose_print_addr(struct addrinfo *addr) -{ - if(verbosity >= VERB_ALGO) { - char buf[100]; - void* sinaddr = &((struct sockaddr_in*)addr->ai_addr)->sin_addr; -#ifdef INET6 - if(addr->ai_family == AF_INET6) - sinaddr = &((struct sockaddr_in6*)addr->ai_addr)-> - sin6_addr; -#endif /* INET6 */ - if(inet_ntop(addr->ai_family, sinaddr, buf, - (socklen_t)sizeof(buf)) == 0) { - (void)strlcpy(buf, "(null)", sizeof(buf)); - } - buf[sizeof(buf)-1] = 0; - verbose(VERB_ALGO, "creating %s%s socket %s %d", - addr->ai_socktype==SOCK_DGRAM?"udp": - addr->ai_socktype==SOCK_STREAM?"tcp":"otherproto", - addr->ai_family==AF_INET?"4": - addr->ai_family==AF_INET6?"6": - "_otherfam", buf, - ntohs(((struct sockaddr_in*)addr->ai_addr)->sin_port)); - } -} - -#ifdef HAVE_SYSTEMD -static int -systemd_get_activated(int family, int socktype, int listen, - struct sockaddr *addr, socklen_t addrlen, - const char *path) -{ - int i = 0; - int r = 0; - int s = -1; - const char* listen_pid, *listen_fds; - - /* We should use "listen" option only for stream protocols. For UDP it should be -1 */ - - if((r = sd_booted()) < 1) { - if(r == 0) - log_warn("systemd is not running"); - else - log_err("systemd sd_booted(): %s", strerror(-r)); - return -1; - } - - listen_pid = getenv("LISTEN_PID"); - listen_fds = getenv("LISTEN_FDS"); - - if (!listen_pid) { - log_warn("Systemd mandatory ENV variable is not defined: LISTEN_PID"); - return -1; - } - - if (!listen_fds) { - log_warn("Systemd mandatory ENV variable is not defined: LISTEN_FDS"); - return -1; - } - - if((r = sd_listen_fds(0)) < 1) { - if(r == 0) - log_warn("systemd: did not return socket, check unit configuration"); - else - log_err("systemd sd_listen_fds(): %s", strerror(-r)); - return -1; - } - - for(i = 0; i < r; i++) { - if(sd_is_socket(SD_LISTEN_FDS_START + i, family, socktype, listen)) { - s = SD_LISTEN_FDS_START + i; - break; - } - } - if (s == -1) { - if (addr) - log_err_addr("systemd sd_listen_fds()", - "no such socket", - (struct sockaddr_storage *)addr, addrlen); - else - log_err("systemd sd_listen_fds(): %s", path); - } - return s; -} -#endif - -int -create_udp_sock(int family, int socktype, struct sockaddr* addr, - socklen_t addrlen, int v6only, int* inuse, int* noproto, - int rcv, int snd, int listen, int* reuseport, int transparent, - int freebind, int use_systemd) -{ - int s; -#if defined(SO_REUSEADDR) || defined(SO_REUSEPORT) || defined(IPV6_USE_MIN_MTU) || defined(IP_TRANSPARENT) || defined(IP_BINDANY) || defined(IP_FREEBIND) - int on=1; -#endif -#ifdef IPV6_MTU - int mtu = IPV6_MIN_MTU; -#endif -#if !defined(SO_RCVBUFFORCE) && !defined(SO_RCVBUF) - (void)rcv; -#endif -#if !defined(SO_SNDBUFFORCE) && !defined(SO_SNDBUF) - (void)snd; -#endif -#ifndef IPV6_V6ONLY - (void)v6only; -#endif -#if !defined(IP_TRANSPARENT) && !defined(IP_BINDANY) - (void)transparent; -#endif -#if !defined(IP_FREEBIND) - (void)freebind; -#endif -#ifdef HAVE_SYSTEMD - int got_fd_from_systemd = 0; - - if (!use_systemd - || (use_systemd - && (s = systemd_get_activated(family, socktype, -1, addr, - addrlen, NULL)) == -1)) { -#else - (void)use_systemd; -#endif - if((s = socket(family, socktype, 0)) == -1) { - *inuse = 0; -#ifndef USE_WINSOCK - if(errno == EAFNOSUPPORT || errno == EPROTONOSUPPORT) { - *noproto = 1; - return -1; - } - log_err("can't create socket: %s", strerror(errno)); -#else - if(WSAGetLastError() == WSAEAFNOSUPPORT || - WSAGetLastError() == WSAEPROTONOSUPPORT) { - *noproto = 1; - return -1; - } - log_err("can't create socket: %s", - wsa_strerror(WSAGetLastError())); -#endif - *noproto = 0; - return -1; - } -#ifdef HAVE_SYSTEMD - } else { - got_fd_from_systemd = 1; - } -#endif - if(listen) { -#ifdef SO_REUSEADDR - if(setsockopt(s, SOL_SOCKET, SO_REUSEADDR, (void*)&on, - (socklen_t)sizeof(on)) < 0) { -#ifndef USE_WINSOCK - log_err("setsockopt(.. SO_REUSEADDR ..) failed: %s", - strerror(errno)); - if(errno != ENOSYS) { - close(s); - *noproto = 0; - *inuse = 0; - return -1; - } -#else - log_err("setsockopt(.. SO_REUSEADDR ..) failed: %s", - wsa_strerror(WSAGetLastError())); - closesocket(s); - *noproto = 0; - *inuse = 0; - return -1; -#endif - } -#endif /* SO_REUSEADDR */ -#ifdef SO_REUSEPORT - /* try to set SO_REUSEPORT so that incoming - * queries are distributed evenly among the receiving threads. - * Each thread must have its own socket bound to the same port, - * with SO_REUSEPORT set on each socket. - */ - if (reuseport && *reuseport && - setsockopt(s, SOL_SOCKET, SO_REUSEPORT, (void*)&on, - (socklen_t)sizeof(on)) < 0) { -#ifdef ENOPROTOOPT - if(errno != ENOPROTOOPT || verbosity >= 3) - log_warn("setsockopt(.. SO_REUSEPORT ..) failed: %s", - strerror(errno)); -#endif - /* this option is not essential, we can continue */ - *reuseport = 0; - } -#else - (void)reuseport; -#endif /* defined(SO_REUSEPORT) */ -#ifdef IP_TRANSPARENT - if (transparent && - setsockopt(s, IPPROTO_IP, IP_TRANSPARENT, (void*)&on, - (socklen_t)sizeof(on)) < 0) { - log_warn("setsockopt(.. IP_TRANSPARENT ..) failed: %s", - strerror(errno)); - } -#elif defined(IP_BINDANY) - if (transparent && - setsockopt(s, (family==AF_INET6? IPPROTO_IPV6:IPPROTO_IP), - (family == AF_INET6? IPV6_BINDANY:IP_BINDANY), - (void*)&on, (socklen_t)sizeof(on)) < 0) { - log_warn("setsockopt(.. IP%s_BINDANY ..) failed: %s", - (family==AF_INET6?"V6":""), strerror(errno)); - } -#endif /* IP_TRANSPARENT || IP_BINDANY */ - } -#ifdef IP_FREEBIND - if(freebind && - setsockopt(s, IPPROTO_IP, IP_FREEBIND, (void*)&on, - (socklen_t)sizeof(on)) < 0) { - log_warn("setsockopt(.. IP_FREEBIND ..) failed: %s", - strerror(errno)); - } -#endif /* IP_FREEBIND */ - if(rcv) { -#ifdef SO_RCVBUF - int got; - socklen_t slen = (socklen_t)sizeof(got); -# ifdef SO_RCVBUFFORCE - /* Linux specific: try to use root permission to override - * system limits on rcvbuf. The limit is stored in - * /proc/sys/net/core/rmem_max or sysctl net.core.rmem_max */ - if(setsockopt(s, SOL_SOCKET, SO_RCVBUFFORCE, (void*)&rcv, - (socklen_t)sizeof(rcv)) < 0) { - if(errno != EPERM) { -# ifndef USE_WINSOCK - log_err("setsockopt(..., SO_RCVBUFFORCE, " - "...) failed: %s", strerror(errno)); - close(s); -# else - log_err("setsockopt(..., SO_RCVBUFFORCE, " - "...) failed: %s", - wsa_strerror(WSAGetLastError())); - closesocket(s); -# endif - *noproto = 0; - *inuse = 0; - return -1; - } -# endif /* SO_RCVBUFFORCE */ - if(setsockopt(s, SOL_SOCKET, SO_RCVBUF, (void*)&rcv, - (socklen_t)sizeof(rcv)) < 0) { -# ifndef USE_WINSOCK - log_err("setsockopt(..., SO_RCVBUF, " - "...) failed: %s", strerror(errno)); - close(s); -# else - log_err("setsockopt(..., SO_RCVBUF, " - "...) failed: %s", - wsa_strerror(WSAGetLastError())); - closesocket(s); -# endif - *noproto = 0; - *inuse = 0; - return -1; - } - /* check if we got the right thing or if system - * reduced to some system max. Warn if so */ - if(getsockopt(s, SOL_SOCKET, SO_RCVBUF, (void*)&got, - &slen) >= 0 && got < rcv/2) { - log_warn("so-rcvbuf %u was not granted. " - "Got %u. To fix: start with " - "root permissions(linux) or sysctl " - "bigger net.core.rmem_max(linux) or " - "kern.ipc.maxsockbuf(bsd) values.", - (unsigned)rcv, (unsigned)got); - } -# ifdef SO_RCVBUFFORCE - } -# endif -#endif /* SO_RCVBUF */ - } - /* first do RCVBUF as the receive buffer is more important */ - if(snd) { -#ifdef SO_SNDBUF - int got; - socklen_t slen = (socklen_t)sizeof(got); -# ifdef SO_SNDBUFFORCE - /* Linux specific: try to use root permission to override - * system limits on sndbuf. The limit is stored in - * /proc/sys/net/core/wmem_max or sysctl net.core.wmem_max */ - if(setsockopt(s, SOL_SOCKET, SO_SNDBUFFORCE, (void*)&snd, - (socklen_t)sizeof(snd)) < 0) { - if(errno != EPERM) { -# ifndef USE_WINSOCK - log_err("setsockopt(..., SO_SNDBUFFORCE, " - "...) failed: %s", strerror(errno)); - close(s); -# else - log_err("setsockopt(..., SO_SNDBUFFORCE, " - "...) failed: %s", - wsa_strerror(WSAGetLastError())); - closesocket(s); -# endif - *noproto = 0; - *inuse = 0; - return -1; - } -# endif /* SO_SNDBUFFORCE */ - if(setsockopt(s, SOL_SOCKET, SO_SNDBUF, (void*)&snd, - (socklen_t)sizeof(snd)) < 0) { -# ifndef USE_WINSOCK - log_err("setsockopt(..., SO_SNDBUF, " - "...) failed: %s", strerror(errno)); - close(s); -# else - log_err("setsockopt(..., SO_SNDBUF, " - "...) failed: %s", - wsa_strerror(WSAGetLastError())); - closesocket(s); -# endif - *noproto = 0; - *inuse = 0; - return -1; - } - /* check if we got the right thing or if system - * reduced to some system max. Warn if so */ - if(getsockopt(s, SOL_SOCKET, SO_SNDBUF, (void*)&got, - &slen) >= 0 && got < snd/2) { - log_warn("so-sndbuf %u was not granted. " - "Got %u. To fix: start with " - "root permissions(linux) or sysctl " - "bigger net.core.wmem_max(linux) or " - "kern.ipc.maxsockbuf(bsd) values.", - (unsigned)snd, (unsigned)got); - } -# ifdef SO_SNDBUFFORCE - } -# endif -#endif /* SO_SNDBUF */ - } - if(family == AF_INET6) { -# if defined(IPV6_V6ONLY) - if(v6only) { - int val=(v6only==2)?0:1; - if (setsockopt(s, IPPROTO_IPV6, IPV6_V6ONLY, - (void*)&val, (socklen_t)sizeof(val)) < 0) { -#ifndef USE_WINSOCK - log_err("setsockopt(..., IPV6_V6ONLY" - ", ...) failed: %s", strerror(errno)); - close(s); -#else - log_err("setsockopt(..., IPV6_V6ONLY" - ", ...) failed: %s", - wsa_strerror(WSAGetLastError())); - closesocket(s); -#endif - *noproto = 0; - *inuse = 0; - return -1; - } - } -# endif -# if defined(IPV6_USE_MIN_MTU) - /* - * There is no fragmentation of IPv6 datagrams - * during forwarding in the network. Therefore - * we do not send UDP datagrams larger than - * the minimum IPv6 MTU of 1280 octets. The - * EDNS0 message length can be larger if the - * network stack supports IPV6_USE_MIN_MTU. - */ - if (setsockopt(s, IPPROTO_IPV6, IPV6_USE_MIN_MTU, - (void*)&on, (socklen_t)sizeof(on)) < 0) { -# ifndef USE_WINSOCK - log_err("setsockopt(..., IPV6_USE_MIN_MTU, " - "...) failed: %s", strerror(errno)); - close(s); -# else - log_err("setsockopt(..., IPV6_USE_MIN_MTU, " - "...) failed: %s", - wsa_strerror(WSAGetLastError())); - closesocket(s); -# endif - *noproto = 0; - *inuse = 0; - return -1; - } -# elif defined(IPV6_MTU) - /* - * On Linux, to send no larger than 1280, the PMTUD is - * disabled by default for datagrams anyway, so we set - * the MTU to use. - */ - if (setsockopt(s, IPPROTO_IPV6, IPV6_MTU, - (void*)&mtu, (socklen_t)sizeof(mtu)) < 0) { -# ifndef USE_WINSOCK - log_err("setsockopt(..., IPV6_MTU, ...) failed: %s", - strerror(errno)); - close(s); -# else - log_err("setsockopt(..., IPV6_MTU, ...) failed: %s", - wsa_strerror(WSAGetLastError())); - closesocket(s); -# endif - *noproto = 0; - *inuse = 0; - return -1; - } -# endif /* IPv6 MTU */ - } else if(family == AF_INET) { -# if defined(IP_MTU_DISCOVER) && defined(IP_PMTUDISC_DONT) -/* linux 3.15 has IP_PMTUDISC_OMIT, Hannes Frederic Sowa made it so that - * PMTU information is not accepted, but fragmentation is allowed - * if and only if the packet size exceeds the outgoing interface MTU - * (and also uses the interface mtu to determine the size of the packets). - * So there won't be any EMSGSIZE error. Against DNS fragmentation attacks. - * FreeBSD already has same semantics without setting the option. */ - int omit_set = 0; - int action; -# if defined(IP_PMTUDISC_OMIT) - action = IP_PMTUDISC_OMIT; - if (setsockopt(s, IPPROTO_IP, IP_MTU_DISCOVER, - &action, (socklen_t)sizeof(action)) < 0) { - - if (errno != EINVAL) { - log_err("setsockopt(..., IP_MTU_DISCOVER, IP_PMTUDISC_OMIT...) failed: %s", - strerror(errno)); - -# ifndef USE_WINSOCK - close(s); -# else - closesocket(s); -# endif - *noproto = 0; - *inuse = 0; - return -1; - } - } - else - { - omit_set = 1; - } -# endif - if (omit_set == 0) { - action = IP_PMTUDISC_DONT; - if (setsockopt(s, IPPROTO_IP, IP_MTU_DISCOVER, - &action, (socklen_t)sizeof(action)) < 0) { - log_err("setsockopt(..., IP_MTU_DISCOVER, IP_PMTUDISC_DONT...) failed: %s", - strerror(errno)); -# ifndef USE_WINSOCK - close(s); -# else - closesocket(s); -# endif - *noproto = 0; - *inuse = 0; - return -1; - } - } -# elif defined(IP_DONTFRAG) - int off = 0; - if (setsockopt(s, IPPROTO_IP, IP_DONTFRAG, - &off, (socklen_t)sizeof(off)) < 0) { - log_err("setsockopt(..., IP_DONTFRAG, ...) failed: %s", - strerror(errno)); -# ifndef USE_WINSOCK - close(s); -# else - closesocket(s); -# endif - *noproto = 0; - *inuse = 0; - return -1; - } -# endif /* IPv4 MTU */ - } - if( -#ifdef HAVE_SYSTEMD - !got_fd_from_systemd && -#endif - bind(s, (struct sockaddr*)addr, addrlen) != 0) { - *noproto = 0; - *inuse = 0; -#ifndef USE_WINSOCK -#ifdef EADDRINUSE - *inuse = (errno == EADDRINUSE); - /* detect freebsd jail with no ipv6 permission */ - if(family==AF_INET6 && errno==EINVAL) - *noproto = 1; - else if(errno != EADDRINUSE) { - log_err_addr("can't bind socket", strerror(errno), - (struct sockaddr_storage*)addr, addrlen); - } -#endif /* EADDRINUSE */ - close(s); -#else /* USE_WINSOCK */ - if(WSAGetLastError() != WSAEADDRINUSE && - WSAGetLastError() != WSAEADDRNOTAVAIL) { - log_err_addr("can't bind socket", - wsa_strerror(WSAGetLastError()), - (struct sockaddr_storage*)addr, addrlen); - } - closesocket(s); -#endif /* USE_WINSOCK */ - return -1; - } - if(!fd_set_nonblock(s)) { - *noproto = 0; - *inuse = 0; -#ifndef USE_WINSOCK - close(s); -#else - closesocket(s); -#endif - return -1; - } - return s; -} - -int -create_tcp_accept_sock(struct addrinfo *addr, int v6only, int* noproto, - int* reuseport, int transparent, int mss, int freebind, int use_systemd) -{ - int s; -#if defined(SO_REUSEADDR) || defined(SO_REUSEPORT) || defined(IPV6_V6ONLY) || defined(IP_TRANSPARENT) || defined(IP_BINDANY) || defined(IP_FREEBIND) - int on = 1; -#endif -#ifdef HAVE_SYSTEMD - int got_fd_from_systemd = 0; -#endif -#ifdef USE_TCP_FASTOPEN - int qlen; -#endif -#if !defined(IP_TRANSPARENT) && !defined(IP_BINDANY) - (void)transparent; -#endif -#if !defined(IP_FREEBIND) - (void)freebind; -#endif - verbose_print_addr(addr); - *noproto = 0; -#ifdef HAVE_SYSTEMD - if (!use_systemd || - (use_systemd - && (s = systemd_get_activated(addr->ai_family, addr->ai_socktype, 1, - addr->ai_addr, addr->ai_addrlen, - NULL)) == -1)) { -#else - (void)use_systemd; -#endif - if((s = socket(addr->ai_family, addr->ai_socktype, 0)) == -1) { -#ifndef USE_WINSOCK - if(errno == EAFNOSUPPORT || errno == EPROTONOSUPPORT) { - *noproto = 1; - return -1; - } - log_err("can't create socket: %s", strerror(errno)); -#else - if(WSAGetLastError() == WSAEAFNOSUPPORT || - WSAGetLastError() == WSAEPROTONOSUPPORT) { - *noproto = 1; - return -1; - } - log_err("can't create socket: %s", - wsa_strerror(WSAGetLastError())); -#endif - return -1; - } - if (mss > 0) { -#if defined(IPPROTO_TCP) && defined(TCP_MAXSEG) - if(setsockopt(s, IPPROTO_TCP, TCP_MAXSEG, (void*)&mss, - (socklen_t)sizeof(mss)) < 0) { - #ifndef USE_WINSOCK - log_err(" setsockopt(.. TCP_MAXSEG ..) failed: %s", - strerror(errno)); - #else - log_err(" setsockopt(.. TCP_MAXSEG ..) failed: %s", - wsa_strerror(WSAGetLastError())); - #endif - } else { - verbose(VERB_ALGO, - " tcp socket mss set to %d", mss); - } -#else - log_warn(" setsockopt(TCP_MAXSEG) unsupported"); -#endif /* defined(IPPROTO_TCP) && defined(TCP_MAXSEG) */ - } -#ifdef HAVE_SYSTEMD - } else { - got_fd_from_systemd = 1; - } -#endif -#ifdef SO_REUSEADDR - if(setsockopt(s, SOL_SOCKET, SO_REUSEADDR, (void*)&on, - (socklen_t)sizeof(on)) < 0) { -#ifndef USE_WINSOCK - log_err("setsockopt(.. SO_REUSEADDR ..) failed: %s", - strerror(errno)); - close(s); -#else - log_err("setsockopt(.. SO_REUSEADDR ..) failed: %s", - wsa_strerror(WSAGetLastError())); - closesocket(s); -#endif - return -1; - } -#endif /* SO_REUSEADDR */ -#ifdef IP_FREEBIND - if (freebind && setsockopt(s, IPPROTO_IP, IP_FREEBIND, (void*)&on, - (socklen_t)sizeof(on)) < 0) { - log_warn("setsockopt(.. IP_FREEBIND ..) failed: %s", - strerror(errno)); - } -#endif /* IP_FREEBIND */ -#ifdef SO_REUSEPORT - /* try to set SO_REUSEPORT so that incoming - * connections are distributed evenly among the receiving threads. - * Each thread must have its own socket bound to the same port, - * with SO_REUSEPORT set on each socket. - */ - if (reuseport && *reuseport && - setsockopt(s, SOL_SOCKET, SO_REUSEPORT, (void*)&on, - (socklen_t)sizeof(on)) < 0) { -#ifdef ENOPROTOOPT - if(errno != ENOPROTOOPT || verbosity >= 3) - log_warn("setsockopt(.. SO_REUSEPORT ..) failed: %s", - strerror(errno)); -#endif - /* this option is not essential, we can continue */ - *reuseport = 0; - } -#else - (void)reuseport; -#endif /* defined(SO_REUSEPORT) */ -#if defined(IPV6_V6ONLY) - if(addr->ai_family == AF_INET6 && v6only) { - if(setsockopt(s, IPPROTO_IPV6, IPV6_V6ONLY, - (void*)&on, (socklen_t)sizeof(on)) < 0) { -#ifndef USE_WINSOCK - log_err("setsockopt(..., IPV6_V6ONLY, ...) failed: %s", - strerror(errno)); - close(s); -#else - log_err("setsockopt(..., IPV6_V6ONLY, ...) failed: %s", - wsa_strerror(WSAGetLastError())); - closesocket(s); -#endif - return -1; - } - } -#else - (void)v6only; -#endif /* IPV6_V6ONLY */ -#ifdef IP_TRANSPARENT - if (transparent && - setsockopt(s, IPPROTO_IP, IP_TRANSPARENT, (void*)&on, - (socklen_t)sizeof(on)) < 0) { - log_warn("setsockopt(.. IP_TRANSPARENT ..) failed: %s", - strerror(errno)); - } -#elif defined(IP_BINDANY) - if (transparent && - setsockopt(s, (addr->ai_family==AF_INET6? IPPROTO_IPV6:IPPROTO_IP), - (addr->ai_family == AF_INET6? IPV6_BINDANY:IP_BINDANY), - (void*)&on, (socklen_t)sizeof(on)) < 0) { - log_warn("setsockopt(.. IP%s_BINDANY ..) failed: %s", - (addr->ai_family==AF_INET6?"V6":""), strerror(errno)); - } -#endif /* IP_TRANSPARENT || IP_BINDANY */ - if( -#ifdef HAVE_SYSTEMD - !got_fd_from_systemd && -#endif - bind(s, addr->ai_addr, addr->ai_addrlen) != 0) { -#ifndef USE_WINSOCK - /* detect freebsd jail with no ipv6 permission */ - if(addr->ai_family==AF_INET6 && errno==EINVAL) - *noproto = 1; - else { - log_err_addr("can't bind socket", strerror(errno), - (struct sockaddr_storage*)addr->ai_addr, - addr->ai_addrlen); - } - close(s); -#else - log_err_addr("can't bind socket", - wsa_strerror(WSAGetLastError()), - (struct sockaddr_storage*)addr->ai_addr, - addr->ai_addrlen); - closesocket(s); -#endif - return -1; - } - if(!fd_set_nonblock(s)) { -#ifndef USE_WINSOCK - close(s); -#else - closesocket(s); -#endif - return -1; - } - if(listen(s, TCP_BACKLOG) == -1) { -#ifndef USE_WINSOCK - log_err("can't listen: %s", strerror(errno)); - close(s); -#else - log_err("can't listen: %s", wsa_strerror(WSAGetLastError())); - closesocket(s); -#endif - return -1; - } -#ifdef USE_TCP_FASTOPEN - /* qlen specifies how many outstanding TFO requests to allow. Limit is a defense - against IP spoofing attacks as suggested in RFC7413 */ -#ifdef __APPLE__ - /* OS X implementation only supports qlen of 1 via this call. Actual - value is configured by the net.inet.tcp.fastopen_backlog kernel parm. */ - qlen = 1; -#else - /* 5 is recommended on linux */ - qlen = 5; -#endif - if ((setsockopt(s, IPPROTO_TCP, TCP_FASTOPEN, &qlen, - sizeof(qlen))) == -1 ) { - log_err("Setting TCP Fast Open as server failed: %s", strerror(errno)); - } -#endif - return s; -} - -int -create_local_accept_sock(const char *path, int* noproto, int use_systemd) -{ -#ifdef HAVE_SYSTEMD - int ret; - - if (use_systemd && (ret = systemd_get_activated(AF_LOCAL, SOCK_STREAM, 1, NULL, 0, path)) != -1) - return ret; - else { -#endif -#ifdef HAVE_SYS_UN_H - int s; - struct sockaddr_un usock; -#ifndef HAVE_SYSTEMD - (void)use_systemd; -#endif - - verbose(VERB_ALGO, "creating unix socket %s", path); -#ifdef HAVE_STRUCT_SOCKADDR_UN_SUN_LEN - /* this member exists on BSDs, not Linux */ - usock.sun_len = (unsigned)sizeof(usock); -#endif - usock.sun_family = AF_LOCAL; - /* length is 92-108, 104 on FreeBSD */ - (void)strlcpy(usock.sun_path, path, sizeof(usock.sun_path)); - - if ((s = socket(AF_LOCAL, SOCK_STREAM, 0)) == -1) { - log_err("Cannot create local socket %s (%s)", - path, strerror(errno)); - return -1; - } - - if (unlink(path) && errno != ENOENT) { - /* The socket already exists and cannot be removed */ - log_err("Cannot remove old local socket %s (%s)", - path, strerror(errno)); - goto err; - } - - if (bind(s, (struct sockaddr *)&usock, - (socklen_t)sizeof(struct sockaddr_un)) == -1) { - log_err("Cannot bind local socket %s (%s)", - path, strerror(errno)); - goto err; - } - - if (!fd_set_nonblock(s)) { - log_err("Cannot set non-blocking mode"); - goto err; - } - - if (listen(s, TCP_BACKLOG) == -1) { - log_err("can't listen: %s", strerror(errno)); - goto err; - } - - (void)noproto; /*unused*/ - return s; - -err: -#ifndef USE_WINSOCK - close(s); -#else - closesocket(s); -#endif - return -1; - -#ifdef HAVE_SYSTEMD - } -#endif -#else - (void)use_systemd; - (void)path; - log_err("Local sockets are not supported"); - *noproto = 1; - return -1; -#endif -} - - -/** - * Create socket from getaddrinfo results - */ -static int -make_sock(int stype, const char* ifname, const char* port, - struct addrinfo *hints, int v6only, int* noip6, size_t rcv, size_t snd, - int* reuseport, int transparent, int tcp_mss, int freebind, int use_systemd) -{ - struct addrinfo *res = NULL; - int r, s, inuse, noproto; - hints->ai_socktype = stype; - *noip6 = 0; - if((r=getaddrinfo(ifname, port, hints, &res)) != 0 || !res) { -#ifdef USE_WINSOCK - if(r == EAI_NONAME && hints->ai_family == AF_INET6){ - *noip6 = 1; /* 'Host not found' for IP6 on winXP */ - return -1; - } -#endif - log_err("node %s:%s getaddrinfo: %s %s", - ifname?ifname:"default", port, gai_strerror(r), -#ifdef EAI_SYSTEM - r==EAI_SYSTEM?(char*)strerror(errno):"" -#else - "" -#endif - ); - return -1; - } - if(stype == SOCK_DGRAM) { - verbose_print_addr(res); - s = create_udp_sock(res->ai_family, res->ai_socktype, - (struct sockaddr*)res->ai_addr, res->ai_addrlen, - v6only, &inuse, &noproto, (int)rcv, (int)snd, 1, - reuseport, transparent, freebind, use_systemd); - if(s == -1 && inuse) { - log_err("bind: address already in use"); - } else if(s == -1 && noproto && hints->ai_family == AF_INET6){ - *noip6 = 1; - } - } else { - s = create_tcp_accept_sock(res, v6only, &noproto, reuseport, - transparent, tcp_mss, freebind, use_systemd); - if(s == -1 && noproto && hints->ai_family == AF_INET6){ - *noip6 = 1; - } - } - freeaddrinfo(res); - return s; -} - -/** make socket and first see if ifname contains port override info */ -static int -make_sock_port(int stype, const char* ifname, const char* port, - struct addrinfo *hints, int v6only, int* noip6, size_t rcv, size_t snd, - int* reuseport, int transparent, int tcp_mss, int freebind, int use_systemd) -{ - char* s = strchr(ifname, '@'); - if(s) { - /* override port with ifspec@port */ - char p[16]; - char newif[128]; - if((size_t)(s-ifname) >= sizeof(newif)) { - log_err("ifname too long: %s", ifname); - *noip6 = 0; - return -1; - } - if(strlen(s+1) >= sizeof(p)) { - log_err("portnumber too long: %s", ifname); - *noip6 = 0; - return -1; - } - (void)strlcpy(newif, ifname, sizeof(newif)); - newif[s-ifname] = 0; - (void)strlcpy(p, s+1, sizeof(p)); - p[strlen(s+1)]=0; - return make_sock(stype, newif, p, hints, v6only, noip6, - rcv, snd, reuseport, transparent, tcp_mss, freebind, use_systemd); - } - return make_sock(stype, ifname, port, hints, v6only, noip6, rcv, snd, - reuseport, transparent, tcp_mss, freebind, use_systemd); -} - -/** - * Add port to open ports list. - * @param list: list head. changed. - * @param s: fd. - * @param ftype: if fd is UDP. - * @return false on failure. list in unchanged then. - */ -static int -port_insert(struct listen_port** list, int s, enum listen_type ftype) -{ - struct listen_port* item = (struct listen_port*)malloc( - sizeof(struct listen_port)); - if(!item) - return 0; - item->next = *list; - item->fd = s; - item->ftype = ftype; - *list = item; - return 1; -} - -/** set fd to receive source address packet info */ -static int -set_recvpktinfo(int s, int family) -{ -#if defined(IPV6_RECVPKTINFO) || defined(IPV6_PKTINFO) || (defined(IP_RECVDSTADDR) && defined(IP_SENDSRCADDR)) || defined(IP_PKTINFO) - int on = 1; -#else - (void)s; -#endif - if(family == AF_INET6) { -# ifdef IPV6_RECVPKTINFO - if(setsockopt(s, IPPROTO_IPV6, IPV6_RECVPKTINFO, - (void*)&on, (socklen_t)sizeof(on)) < 0) { - log_err("setsockopt(..., IPV6_RECVPKTINFO, ...) failed: %s", - strerror(errno)); - return 0; - } -# elif defined(IPV6_PKTINFO) - if(setsockopt(s, IPPROTO_IPV6, IPV6_PKTINFO, - (void*)&on, (socklen_t)sizeof(on)) < 0) { - log_err("setsockopt(..., IPV6_PKTINFO, ...) failed: %s", - strerror(errno)); - return 0; - } -# else - log_err("no IPV6_RECVPKTINFO and no IPV6_PKTINFO option, please " - "disable interface-automatic or do-ip6 in config"); - return 0; -# endif /* defined IPV6_RECVPKTINFO */ - - } else if(family == AF_INET) { -# ifdef IP_PKTINFO - if(setsockopt(s, IPPROTO_IP, IP_PKTINFO, - (void*)&on, (socklen_t)sizeof(on)) < 0) { - log_err("setsockopt(..., IP_PKTINFO, ...) failed: %s", - strerror(errno)); - return 0; - } -# elif defined(IP_RECVDSTADDR) && defined(IP_SENDSRCADDR) - if(setsockopt(s, IPPROTO_IP, IP_RECVDSTADDR, - (void*)&on, (socklen_t)sizeof(on)) < 0) { - log_err("setsockopt(..., IP_RECVDSTADDR, ...) failed: %s", - strerror(errno)); - return 0; - } -# else - log_err("no IP_SENDSRCADDR or IP_PKTINFO option, please disable " - "interface-automatic or do-ip4 in config"); - return 0; -# endif /* IP_PKTINFO */ - - } - return 1; -} - -/** - * Helper for ports_open. Creates one interface (or NULL for default). - * @param ifname: The interface ip address. - * @param do_auto: use automatic interface detection. - * If enabled, then ifname must be the wildcard name. - * @param do_udp: if udp should be used. - * @param do_tcp: if udp should be used. - * @param hints: for getaddrinfo. family and flags have to be set by caller. - * @param port: Port number to use (as string). - * @param list: list of open ports, appended to, changed to point to list head. - * @param rcv: receive buffer size for UDP - * @param snd: send buffer size for UDP - * @param ssl_port: ssl service port number - * @param reuseport: try to set SO_REUSEPORT if nonNULL and true. - * set to false on exit if reuseport failed due to no kernel support. - * @param transparent: set IP_TRANSPARENT socket option. - * @param tcp_mss: maximum segment size of tcp socket. default if zero. - * @param freebind: set IP_FREEBIND socket option. - * @param use_systemd: if true, fetch sockets from systemd. - * @param dnscrypt_port: dnscrypt service port number - * @return: returns false on error. - */ -static int -ports_create_if(const char* ifname, int do_auto, int do_udp, int do_tcp, - struct addrinfo *hints, const char* port, struct listen_port** list, - size_t rcv, size_t snd, int ssl_port, int* reuseport, int transparent, - int tcp_mss, int freebind, int use_systemd, int dnscrypt_port) -{ - int s, noip6=0; -#ifdef USE_DNSCRYPT - int is_dnscrypt = ((strchr(ifname, '@') && - atoi(strchr(ifname, '@')+1) == dnscrypt_port) || - (!strchr(ifname, '@') && atoi(port) == dnscrypt_port)); -#else - int is_dnscrypt = 0; - (void)dnscrypt_port; -#endif - - if(!do_udp && !do_tcp) - return 0; - if(do_auto) { - if((s = make_sock_port(SOCK_DGRAM, ifname, port, hints, 1, - &noip6, rcv, snd, reuseport, transparent, - tcp_mss, freebind, use_systemd)) == -1) { - if(noip6) { - log_warn("IPv6 protocol not available"); - return 1; - } - return 0; - } - /* getting source addr packet info is highly non-portable */ - if(!set_recvpktinfo(s, hints->ai_family)) { -#ifndef USE_WINSOCK - close(s); -#else - closesocket(s); -#endif - return 0; - } - if(!port_insert(list, s, - is_dnscrypt?listen_type_udpancil_dnscrypt:listen_type_udpancil)) { -#ifndef USE_WINSOCK - close(s); -#else - closesocket(s); -#endif - return 0; - } - } else if(do_udp) { - /* regular udp socket */ - if((s = make_sock_port(SOCK_DGRAM, ifname, port, hints, 1, - &noip6, rcv, snd, reuseport, transparent, - tcp_mss, freebind, use_systemd)) == -1) { - if(noip6) { - log_warn("IPv6 protocol not available"); - return 1; - } - return 0; - } - if(!port_insert(list, s, - is_dnscrypt?listen_type_udp_dnscrypt:listen_type_udp)) { -#ifndef USE_WINSOCK - close(s); -#else - closesocket(s); -#endif - return 0; - } - } - if(do_tcp) { - int is_ssl = ((strchr(ifname, '@') && - atoi(strchr(ifname, '@')+1) == ssl_port) || - (!strchr(ifname, '@') && atoi(port) == ssl_port)); - if((s = make_sock_port(SOCK_STREAM, ifname, port, hints, 1, - &noip6, 0, 0, reuseport, transparent, tcp_mss, - freebind, use_systemd)) == -1) { - if(noip6) { - /*log_warn("IPv6 protocol not available");*/ - return 1; - } - return 0; - } - if(is_ssl) - verbose(VERB_ALGO, "setup TCP for SSL service"); - if(!port_insert(list, s, is_ssl?listen_type_ssl: - (is_dnscrypt?listen_type_tcp_dnscrypt:listen_type_tcp))) { -#ifndef USE_WINSOCK - close(s); -#else - closesocket(s); -#endif - return 0; - } - } - return 1; -} - -/** - * Add items to commpoint list in front. - * @param c: commpoint to add. - * @param front: listen struct. - * @return: false on failure. - */ -static int -listen_cp_insert(struct comm_point* c, struct listen_dnsport* front) -{ - struct listen_list* item = (struct listen_list*)malloc( - sizeof(struct listen_list)); - if(!item) - return 0; - item->com = c; - item->next = front->cps; - front->cps = item; - return 1; -} - -struct listen_dnsport* -listen_create(struct comm_base* base, struct listen_port* ports, - size_t bufsize, int tcp_accept_count, void* sslctx, - struct dt_env* dtenv, comm_point_callback_type* cb, void *cb_arg) -{ - struct listen_dnsport* front = (struct listen_dnsport*) - malloc(sizeof(struct listen_dnsport)); - if(!front) - return NULL; - front->cps = NULL; - front->udp_buff = sldns_buffer_new(bufsize); -#ifdef USE_DNSCRYPT - front->dnscrypt_udp_buff = NULL; -#endif - if(!front->udp_buff) { - free(front); - return NULL; - } - - /* create comm points as needed */ - while(ports) { - struct comm_point* cp = NULL; - if(ports->ftype == listen_type_udp || - ports->ftype == listen_type_udp_dnscrypt) - cp = comm_point_create_udp(base, ports->fd, - front->udp_buff, cb, cb_arg); - else if(ports->ftype == listen_type_tcp || - ports->ftype == listen_type_tcp_dnscrypt) - cp = comm_point_create_tcp(base, ports->fd, - tcp_accept_count, bufsize, cb, cb_arg); - else if(ports->ftype == listen_type_ssl) { - cp = comm_point_create_tcp(base, ports->fd, - tcp_accept_count, bufsize, cb, cb_arg); - cp->ssl = sslctx; - } else if(ports->ftype == listen_type_udpancil || - ports->ftype == listen_type_udpancil_dnscrypt) - cp = comm_point_create_udp_ancil(base, ports->fd, - front->udp_buff, cb, cb_arg); - if(!cp) { - log_err("can't create commpoint"); - listen_delete(front); - return NULL; - } - cp->dtenv = dtenv; - cp->do_not_close = 1; -#ifdef USE_DNSCRYPT - if (ports->ftype == listen_type_udp_dnscrypt || - ports->ftype == listen_type_tcp_dnscrypt || - ports->ftype == listen_type_udpancil_dnscrypt) { - cp->dnscrypt = 1; - cp->dnscrypt_buffer = sldns_buffer_new(bufsize); - if(!cp->dnscrypt_buffer) { - log_err("can't alloc dnscrypt_buffer"); - comm_point_delete(cp); - listen_delete(front); - return NULL; - } - front->dnscrypt_udp_buff = cp->dnscrypt_buffer; - } -#endif - if(!listen_cp_insert(cp, front)) { - log_err("malloc failed"); - comm_point_delete(cp); - listen_delete(front); - return NULL; - } - ports = ports->next; - } - if(!front->cps) { - log_err("Could not open sockets to accept queries."); - listen_delete(front); - return NULL; - } - - return front; -} - -void -listen_list_delete(struct listen_list* list) -{ - struct listen_list *p = list, *pn; - while(p) { - pn = p->next; - comm_point_delete(p->com); - free(p); - p = pn; - } -} - -void -listen_delete(struct listen_dnsport* front) -{ - if(!front) - return; - listen_list_delete(front->cps); -#ifdef USE_DNSCRYPT - if(front->dnscrypt_udp_buff && - front->udp_buff != front->dnscrypt_udp_buff) { - sldns_buffer_free(front->dnscrypt_udp_buff); - } -#endif - sldns_buffer_free(front->udp_buff); - free(front); -} - -struct listen_port* -listening_ports_open(struct config_file* cfg, int* reuseport) -{ - struct listen_port* list = NULL; - struct addrinfo hints; - int i, do_ip4, do_ip6; - int do_tcp, do_auto; - char portbuf[32]; - snprintf(portbuf, sizeof(portbuf), "%d", cfg->port); - do_ip4 = cfg->do_ip4; - do_ip6 = cfg->do_ip6; - do_tcp = cfg->do_tcp; - do_auto = cfg->if_automatic && cfg->do_udp; - if(cfg->incoming_num_tcp == 0) - do_tcp = 0; - - /* getaddrinfo */ - memset(&hints, 0, sizeof(hints)); - hints.ai_flags = AI_PASSIVE; - /* no name lookups on our listening ports */ - if(cfg->num_ifs > 0) - hints.ai_flags |= AI_NUMERICHOST; - hints.ai_family = AF_UNSPEC; -#ifndef INET6 - do_ip6 = 0; -#endif - if(!do_ip4 && !do_ip6) { - return NULL; - } - /* create ip4 and ip6 ports so that return addresses are nice. */ - if(do_auto || cfg->num_ifs == 0) { - if(do_ip6) { - hints.ai_family = AF_INET6; - if(!ports_create_if(do_auto?"::0":"::1", - do_auto, cfg->do_udp, do_tcp, - &hints, portbuf, &list, - cfg->so_rcvbuf, cfg->so_sndbuf, - cfg->ssl_port, reuseport, - cfg->ip_transparent, - cfg->tcp_mss, cfg->ip_freebind, cfg->use_systemd, - cfg->dnscrypt_port)) { - listening_ports_free(list); - return NULL; - } - } - if(do_ip4) { - hints.ai_family = AF_INET; - if(!ports_create_if(do_auto?"0.0.0.0":"127.0.0.1", - do_auto, cfg->do_udp, do_tcp, - &hints, portbuf, &list, - cfg->so_rcvbuf, cfg->so_sndbuf, - cfg->ssl_port, reuseport, - cfg->ip_transparent, - cfg->tcp_mss, cfg->ip_freebind, cfg->use_systemd, - cfg->dnscrypt_port)) { - listening_ports_free(list); - return NULL; - } - } - } else for(i = 0; inum_ifs; i++) { - if(str_is_ip6(cfg->ifs[i])) { - if(!do_ip6) - continue; - hints.ai_family = AF_INET6; - if(!ports_create_if(cfg->ifs[i], 0, cfg->do_udp, - do_tcp, &hints, portbuf, &list, - cfg->so_rcvbuf, cfg->so_sndbuf, - cfg->ssl_port, reuseport, - cfg->ip_transparent, - cfg->tcp_mss, cfg->ip_freebind, cfg->use_systemd, - cfg->dnscrypt_port)) { - listening_ports_free(list); - return NULL; - } - } else { - if(!do_ip4) - continue; - hints.ai_family = AF_INET; - if(!ports_create_if(cfg->ifs[i], 0, cfg->do_udp, - do_tcp, &hints, portbuf, &list, - cfg->so_rcvbuf, cfg->so_sndbuf, - cfg->ssl_port, reuseport, - cfg->ip_transparent, - cfg->tcp_mss, cfg->ip_freebind, cfg->use_systemd, - cfg->dnscrypt_port)) { - listening_ports_free(list); - return NULL; - } - } - } - return list; -} - -void listening_ports_free(struct listen_port* list) -{ - struct listen_port* nx; - while(list) { - nx = list->next; - if(list->fd != -1) { -#ifndef USE_WINSOCK - close(list->fd); -#else - closesocket(list->fd); -#endif - } - free(list); - list = nx; - } -} - -size_t listen_get_mem(struct listen_dnsport* listen) -{ - struct listen_list* p; - size_t s = sizeof(*listen) + sizeof(*listen->base) + - sizeof(*listen->udp_buff) + - sldns_buffer_capacity(listen->udp_buff); -#ifdef USE_DNSCRYPT - s += sizeof(*listen->dnscrypt_udp_buff); - if(listen->udp_buff != listen->dnscrypt_udp_buff){ - s += sldns_buffer_capacity(listen->dnscrypt_udp_buff); - } -#endif - for(p = listen->cps; p; p = p->next) { - s += sizeof(*p); - s += comm_point_get_mem(p->com); - } - return s; -} - -void listen_stop_accept(struct listen_dnsport* listen) -{ - /* do not stop the ones that have no tcp_free list - * (they have already stopped listening) */ - struct listen_list* p; - for(p=listen->cps; p; p=p->next) { - if(p->com->type == comm_tcp_accept && - p->com->tcp_free != NULL) { - comm_point_stop_listening(p->com); - } - } -} - -void listen_start_accept(struct listen_dnsport* listen) -{ - /* do not start the ones that have no tcp_free list, it is no - * use to listen to them because they have no free tcp handlers */ - struct listen_list* p; - for(p=listen->cps; p; p=p->next) { - if(p->com->type == comm_tcp_accept && - p->com->tcp_free != NULL) { - comm_point_start_listening(p->com, -1, -1); - } - } -} - diff --git a/external/unbound/services/listen_dnsport.h b/external/unbound/services/listen_dnsport.h deleted file mode 100644 index fac0f7970..000000000 --- a/external/unbound/services/listen_dnsport.h +++ /dev/null @@ -1,236 +0,0 @@ -/* - * services/listen_dnsport.h - listen on port 53 for incoming DNS queries. - * - * Copyright (c) 2007, NLnet Labs. All rights reserved. - * - * This software is open source. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * Redistributions of source code must retain the above copyright notice, - * this list of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, - * this list of conditions and the following disclaimer in the documentation - * and/or other materials provided with the distribution. - * - * Neither the name of the NLNET LABS nor the names of its contributors may - * be used to endorse or promote products derived from this software without - * specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR - * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT - * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED - * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR - * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF - * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING - * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -/** - * \file - * - * This file has functions to get queries from clients. - */ - -#ifndef LISTEN_DNSPORT_H -#define LISTEN_DNSPORT_H - -#include "util/netevent.h" -struct listen_list; -struct config_file; -struct addrinfo; -struct sldns_buffer; - -/** - * Listening for queries structure. - * Contains list of query-listen sockets. - */ -struct listen_dnsport { - /** Base for select calls */ - struct comm_base* base; - - /** buffer shared by UDP connections, since there is only one - datagram at any time. */ - struct sldns_buffer* udp_buff; -#ifdef USE_DNSCRYPT - struct sldns_buffer* dnscrypt_udp_buff; -#endif - /** list of comm points used to get incoming events */ - struct listen_list* cps; -}; - -/** - * Single linked list to store event points. - */ -struct listen_list { - /** next in list */ - struct listen_list* next; - /** event info */ - struct comm_point* com; -}; - -/** - * type of ports - */ -enum listen_type { - /** udp type */ - listen_type_udp, - /** tcp type */ - listen_type_tcp, - /** udp ipv6 (v4mapped) for use with ancillary data */ - listen_type_udpancil, - /** ssl over tcp type */ - listen_type_ssl, - /** udp type + dnscrypt*/ - listen_type_udp_dnscrypt, - /** tcp type + dnscrypt */ - listen_type_tcp_dnscrypt, - /** udp ipv6 (v4mapped) for use with ancillary data + dnscrypt*/ - listen_type_udpancil_dnscrypt - -}; - -/** - * Single linked list to store shared ports that have been - * opened for use by all threads. - */ -struct listen_port { - /** next in list */ - struct listen_port* next; - /** file descriptor, open and ready for use */ - int fd; - /** type of file descriptor, udp or tcp */ - enum listen_type ftype; -}; - -/** - * Create shared listening ports - * Getaddrinfo, create socket, bind and listen to zero or more - * interfaces for IP4 and/or IP6, for UDP and/or TCP. - * On the given port number. It creates the sockets. - * @param cfg: settings on what ports to open. - * @param reuseport: set to true if you want reuseport, or NULL to not have it, - * set to false on exit if reuseport failed to apply (because of no - * kernel support). - * @return: linked list of ports or NULL on error. - */ -struct listen_port* listening_ports_open(struct config_file* cfg, - int* reuseport); - -/** - * Close and delete the (list of) listening ports. - */ -void listening_ports_free(struct listen_port* list); - -/** - * Create commpoints with for this thread for the shared ports. - * @param base: the comm_base that provides event functionality. - * for default all ifs. - * @param ports: the list of shared ports. - * @param bufsize: size of datagram buffer. - * @param tcp_accept_count: max number of simultaneous TCP connections - * from clients. - * @param sslctx: nonNULL if ssl context. - * @param dtenv: nonNULL if dnstap enabled. - * @param cb: callback function when a request arrives. It is passed - * the packet and user argument. Return true to send a reply. - * @param cb_arg: user data argument for callback function. - * @return: the malloced listening structure, ready for use. NULL on error. - */ -struct listen_dnsport* listen_create(struct comm_base* base, - struct listen_port* ports, size_t bufsize, int tcp_accept_count, - void* sslctx, struct dt_env *dtenv, comm_point_callback_type* cb, - void* cb_arg); - -/** - * delete the listening structure - * @param listen: listening structure. - */ -void listen_delete(struct listen_dnsport* listen); - -/** - * delete listen_list of commpoints. Calls commpointdelete() on items. - * This may close the fds or not depending on flags. - * @param list: to delete. - */ -void listen_list_delete(struct listen_list* list); - -/** - * get memory size used by the listening structs - * @param listen: listening structure. - * @return: size in bytes. - */ -size_t listen_get_mem(struct listen_dnsport* listen); - -/** - * stop accept handlers for TCP (until enabled again) - * @param listen: listening structure. - */ -void listen_stop_accept(struct listen_dnsport* listen); - -/** - * start accept handlers for TCP (was stopped before) - * @param listen: listening structure. - */ -void listen_start_accept(struct listen_dnsport* listen); - -/** - * Create and bind nonblocking UDP socket - * @param family: for socket call. - * @param socktype: for socket call. - * @param addr: for bind call. - * @param addrlen: for bind call. - * @param v6only: if enabled, IP6 sockets get IP6ONLY option set. - * if enabled with value 2 IP6ONLY option is disabled. - * @param inuse: on error, this is set true if the port was in use. - * @param noproto: on error, this is set true if cause is that the - IPv6 proto (family) is not available. - * @param rcv: set size on rcvbuf with socket option, if 0 it is not set. - * @param snd: set size on sndbuf with socket option, if 0 it is not set. - * @param listen: if true, this is a listening UDP port, eg port 53, and - * set SO_REUSEADDR on it. - * @param reuseport: if nonNULL and true, try to set SO_REUSEPORT on - * listening UDP port. Set to false on return if it failed to do so. - * @param transparent: set IP_TRANSPARENT socket option. - * @param freebind: set IP_FREEBIND socket option. - * @param use_systemd: if true, fetch sockets from systemd. - * @return: the socket. -1 on error. - */ -int create_udp_sock(int family, int socktype, struct sockaddr* addr, - socklen_t addrlen, int v6only, int* inuse, int* noproto, int rcv, - int snd, int listen, int* reuseport, int transparent, int freebind, int use_systemd); - -/** - * Create and bind TCP listening socket - * @param addr: address info ready to make socket. - * @param v6only: enable ip6 only flag on ip6 sockets. - * @param noproto: if error caused by lack of protocol support. - * @param reuseport: if nonNULL and true, try to set SO_REUSEPORT on - * listening UDP port. Set to false on return if it failed to do so. - * @param transparent: set IP_TRANSPARENT socket option. - * @param mss: maximum segment size of the socket. if zero, leaves the default. - * @param freebind: set IP_FREEBIND socket option. - * @param use_systemd: if true, fetch sockets from systemd. - * @return: the socket. -1 on error. - */ -int create_tcp_accept_sock(struct addrinfo *addr, int v6only, int* noproto, - int* reuseport, int transparent, int mss, int freebind, int use_systemd); - -/** - * Create and bind local listening socket - * @param path: path to the socket. - * @param noproto: on error, this is set true if cause is that local sockets - * are not supported. - * @param use_systemd: if true, fetch sockets from systemd. - * @return: the socket. -1 on error. - */ -int create_local_accept_sock(const char* path, int* noproto, int use_systemd); - -#endif /* LISTEN_DNSPORT_H */ diff --git a/external/unbound/services/localzone.c b/external/unbound/services/localzone.c deleted file mode 100644 index dcce46e86..000000000 --- a/external/unbound/services/localzone.c +++ /dev/null @@ -1,1846 +0,0 @@ -/* - * services/localzone.c - local zones authority service. - * - * Copyright (c) 2007, NLnet Labs. All rights reserved. - * - * This software is open source. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * Redistributions of source code must retain the above copyright notice, - * this list of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, - * this list of conditions and the following disclaimer in the documentation - * and/or other materials provided with the distribution. - * - * Neither the name of the NLNET LABS nor the names of its contributors may - * be used to endorse or promote products derived from this software without - * specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR - * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT - * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED - * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR - * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF - * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING - * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -/** - * \file - * - * This file contains functions to enable local zone authority service. - */ -#include "config.h" -#include "services/localzone.h" -#include "sldns/str2wire.h" -#include "sldns/sbuffer.h" -#include "util/regional.h" -#include "util/config_file.h" -#include "util/data/dname.h" -#include "util/data/packed_rrset.h" -#include "util/data/msgencode.h" -#include "util/net_help.h" -#include "util/netevent.h" -#include "util/data/msgreply.h" -#include "util/data/msgparse.h" -#include "util/as112.h" -#include "util/config_file.h" - -/* maximum RRs in an RRset, to cap possible 'endless' list RRs. - * with 16 bytes for an A record, a 64K packet has about 4000 max */ -#define LOCALZONE_RRSET_COUNT_MAX 4096 - -struct local_zones* -local_zones_create(void) -{ - struct local_zones* zones = (struct local_zones*)calloc(1, - sizeof(*zones)); - if(!zones) - return NULL; - rbtree_init(&zones->ztree, &local_zone_cmp); - lock_rw_init(&zones->lock); - lock_protect(&zones->lock, &zones->ztree, sizeof(zones->ztree)); - /* also lock protects the rbnode's in struct local_zone */ - return zones; -} - -/** helper traverse to delete zones */ -static void -lzdel(rbnode_type* n, void* ATTR_UNUSED(arg)) -{ - struct local_zone* z = (struct local_zone*)n->key; - local_zone_delete(z); -} - -void -local_zones_delete(struct local_zones* zones) -{ - if(!zones) - return; - lock_rw_destroy(&zones->lock); - /* walk through zones and delete them all */ - traverse_postorder(&zones->ztree, lzdel, NULL); - free(zones); -} - -void -local_zone_delete(struct local_zone* z) -{ - if(!z) - return; - lock_rw_destroy(&z->lock); - regional_destroy(z->region); - free(z->name); - free(z->taglist); - free(z); -} - -int -local_zone_cmp(const void* z1, const void* z2) -{ - /* first sort on class, so that hierarchy can be maintained within - * a class */ - struct local_zone* a = (struct local_zone*)z1; - struct local_zone* b = (struct local_zone*)z2; - int m; - if(a->dclass != b->dclass) { - if(a->dclass < b->dclass) - return -1; - return 1; - } - return dname_lab_cmp(a->name, a->namelabs, b->name, b->namelabs, &m); -} - -int -local_data_cmp(const void* d1, const void* d2) -{ - struct local_data* a = (struct local_data*)d1; - struct local_data* b = (struct local_data*)d2; - int m; - return dname_canon_lab_cmp(a->name, a->namelabs, b->name, - b->namelabs, &m); -} - -/* form wireformat from text format domain name */ -int -parse_dname(const char* str, uint8_t** res, size_t* len, int* labs) -{ - *res = sldns_str2wire_dname(str, len); - *labs = 0; - if(!*res) { - log_err("cannot parse name %s", str); - return 0; - } - *labs = dname_count_size_labels(*res, len); - return 1; -} - -/** create a new localzone */ -static struct local_zone* -local_zone_create(uint8_t* nm, size_t len, int labs, - enum localzone_type t, uint16_t dclass) -{ - struct local_zone* z = (struct local_zone*)calloc(1, sizeof(*z)); - if(!z) { - return NULL; - } - z->node.key = z; - z->dclass = dclass; - z->type = t; - z->name = nm; - z->namelen = len; - z->namelabs = labs; - lock_rw_init(&z->lock); - z->region = regional_create_custom(sizeof(struct regional)); - if(!z->region) { - free(z); - return NULL; - } - rbtree_init(&z->data, &local_data_cmp); - lock_protect(&z->lock, &z->parent, sizeof(*z)-sizeof(rbnode_type)); - /* also the zones->lock protects node, parent, name*, class */ - return z; -} - -/** enter a new zone with allocated dname returns with WRlock */ -static struct local_zone* -lz_enter_zone_dname(struct local_zones* zones, uint8_t* nm, size_t len, - int labs, enum localzone_type t, uint16_t c) -{ - struct local_zone* z = local_zone_create(nm, len, labs, t, c); - if(!z) { - free(nm); - log_err("out of memory"); - return NULL; - } - - /* add to rbtree */ - lock_rw_wrlock(&zones->lock); - lock_rw_wrlock(&z->lock); - if(!rbtree_insert(&zones->ztree, &z->node)) { - struct local_zone* oldz; - log_warn("duplicate local-zone"); - lock_rw_unlock(&z->lock); - /* save zone name locally before deallocation, - * otherwise, nm is gone if we zone_delete now. */ - oldz = z; - /* find the correct zone, so not an error for duplicate */ - z = local_zones_find(zones, nm, len, labs, c); - lock_rw_wrlock(&z->lock); - lock_rw_unlock(&zones->lock); - local_zone_delete(oldz); - return z; - } - lock_rw_unlock(&zones->lock); - return z; -} - -/** enter a new zone */ -static struct local_zone* -lz_enter_zone(struct local_zones* zones, const char* name, const char* type, - uint16_t dclass) -{ - struct local_zone* z; - enum localzone_type t; - uint8_t* nm; - size_t len; - int labs; - if(!parse_dname(name, &nm, &len, &labs)) { - log_err("bad zone name %s %s", name, type); - return NULL; - } - if(!local_zone_str2type(type, &t)) { - log_err("bad lz_enter_zone type %s %s", name, type); - free(nm); - return NULL; - } - if(!(z=lz_enter_zone_dname(zones, nm, len, labs, t, dclass))) { - log_err("could not enter zone %s %s", name, type); - return NULL; - } - return z; -} - -int -rrstr_get_rr_content(const char* str, uint8_t** nm, uint16_t* type, - uint16_t* dclass, time_t* ttl, uint8_t* rr, size_t len, - uint8_t** rdata, size_t* rdata_len) -{ - size_t dname_len = 0; - int e = sldns_str2wire_rr_buf(str, rr, &len, &dname_len, 3600, - NULL, 0, NULL, 0); - if(e) { - log_err("error parsing local-data at %d: '%s': %s", - LDNS_WIREPARSE_OFFSET(e), str, - sldns_get_errorstr_parse(e)); - return 0; - } - *nm = memdup(rr, dname_len); - if(!*nm) { - log_err("out of memory"); - return 0; - } - *dclass = sldns_wirerr_get_class(rr, len, dname_len); - *type = sldns_wirerr_get_type(rr, len, dname_len); - *ttl = (time_t)sldns_wirerr_get_ttl(rr, len, dname_len); - *rdata = sldns_wirerr_get_rdatawl(rr, len, dname_len); - *rdata_len = sldns_wirerr_get_rdatalen(rr, len, dname_len)+2; - return 1; -} - -/** return name and class of rr; parses string */ -static int -get_rr_nameclass(const char* str, uint8_t** nm, uint16_t* dclass) -{ - uint8_t rr[LDNS_RR_BUF_SIZE]; - size_t len = sizeof(rr), dname_len = 0; - int s = sldns_str2wire_rr_buf(str, rr, &len, &dname_len, 3600, - NULL, 0, NULL, 0); - if(s != 0) { - log_err("error parsing local-data at %d '%s': %s", - LDNS_WIREPARSE_OFFSET(s), str, - sldns_get_errorstr_parse(s)); - return 0; - } - *nm = memdup(rr, dname_len); - *dclass = sldns_wirerr_get_class(rr, len, dname_len); - if(!*nm) { - log_err("out of memory"); - return 0; - } - return 1; -} - -/** - * Find an rrset in local data structure. - * @param data: local data domain name structure. - * @param type: type to look for (host order). - * @param alias_ok: 1 if matching a non-exact, alias type such as CNAME is - * allowed. otherwise 0. - * @return rrset pointer or NULL if not found. - */ -static struct local_rrset* -local_data_find_type(struct local_data* data, uint16_t type, int alias_ok) -{ - struct local_rrset* p; - type = htons(type); - for(p = data->rrsets; p; p = p->next) { - if(p->rrset->rk.type == type) - return p; - if(alias_ok && p->rrset->rk.type == htons(LDNS_RR_TYPE_CNAME)) - return p; - } - return NULL; -} - -/** check for RR duplicates */ -static int -rr_is_duplicate(struct packed_rrset_data* pd, uint8_t* rdata, size_t rdata_len) -{ - size_t i; - for(i=0; icount; i++) { - if(pd->rr_len[i] == rdata_len && - memcmp(pd->rr_data[i], rdata, rdata_len) == 0) - return 1; - } - return 0; -} - -/** new local_rrset */ -static struct local_rrset* -new_local_rrset(struct regional* region, struct local_data* node, - uint16_t rrtype, uint16_t rrclass) -{ - struct packed_rrset_data* pd; - struct local_rrset* rrset = (struct local_rrset*) - regional_alloc_zero(region, sizeof(*rrset)); - if(!rrset) { - log_err("out of memory"); - return NULL; - } - rrset->next = node->rrsets; - node->rrsets = rrset; - rrset->rrset = (struct ub_packed_rrset_key*) - regional_alloc_zero(region, sizeof(*rrset->rrset)); - if(!rrset->rrset) { - log_err("out of memory"); - return NULL; - } - rrset->rrset->entry.key = rrset->rrset; - pd = (struct packed_rrset_data*)regional_alloc_zero(region, - sizeof(*pd)); - if(!pd) { - log_err("out of memory"); - return NULL; - } - pd->trust = rrset_trust_prim_noglue; - pd->security = sec_status_insecure; - rrset->rrset->entry.data = pd; - rrset->rrset->rk.dname = node->name; - rrset->rrset->rk.dname_len = node->namelen; - rrset->rrset->rk.type = htons(rrtype); - rrset->rrset->rk.rrset_class = htons(rrclass); - return rrset; -} - -/** insert RR into RRset data structure; Wastes a couple of bytes */ -int -rrset_insert_rr(struct regional* region, struct packed_rrset_data* pd, - uint8_t* rdata, size_t rdata_len, time_t ttl, const char* rrstr) -{ - size_t* oldlen = pd->rr_len; - time_t* oldttl = pd->rr_ttl; - uint8_t** olddata = pd->rr_data; - - /* add RR to rrset */ - if(pd->count > LOCALZONE_RRSET_COUNT_MAX) { - log_warn("RRset '%s' has more than %d records, record ignored", - rrstr, LOCALZONE_RRSET_COUNT_MAX); - return 1; - } - pd->count++; - pd->rr_len = regional_alloc(region, sizeof(*pd->rr_len)*pd->count); - pd->rr_ttl = regional_alloc(region, sizeof(*pd->rr_ttl)*pd->count); - pd->rr_data = regional_alloc(region, sizeof(*pd->rr_data)*pd->count); - if(!pd->rr_len || !pd->rr_ttl || !pd->rr_data) { - log_err("out of memory"); - return 0; - } - if(pd->count > 1) { - memcpy(pd->rr_len+1, oldlen, - sizeof(*pd->rr_len)*(pd->count-1)); - memcpy(pd->rr_ttl+1, oldttl, - sizeof(*pd->rr_ttl)*(pd->count-1)); - memcpy(pd->rr_data+1, olddata, - sizeof(*pd->rr_data)*(pd->count-1)); - } - pd->rr_len[0] = rdata_len; - pd->rr_ttl[0] = ttl; - pd->rr_data[0] = regional_alloc_init(region, rdata, rdata_len); - if(!pd->rr_data[0]) { - log_err("out of memory"); - return 0; - } - return 1; -} - -/** find a data node by exact name */ -static struct local_data* -lz_find_node(struct local_zone* z, uint8_t* nm, size_t nmlen, int nmlabs) -{ - struct local_data key; - key.node.key = &key; - key.name = nm; - key.namelen = nmlen; - key.namelabs = nmlabs; - return (struct local_data*)rbtree_search(&z->data, &key.node); -} - -/** find a node, create it if not and all its empty nonterminal parents */ -static int -lz_find_create_node(struct local_zone* z, uint8_t* nm, size_t nmlen, - int nmlabs, struct local_data** res) -{ - struct local_data* ld = lz_find_node(z, nm, nmlen, nmlabs); - if(!ld) { - /* create a domain name to store rr. */ - ld = (struct local_data*)regional_alloc_zero(z->region, - sizeof(*ld)); - if(!ld) { - log_err("out of memory adding local data"); - return 0; - } - ld->node.key = ld; - ld->name = regional_alloc_init(z->region, nm, nmlen); - if(!ld->name) { - log_err("out of memory"); - return 0; - } - ld->namelen = nmlen; - ld->namelabs = nmlabs; - if(!rbtree_insert(&z->data, &ld->node)) { - log_assert(0); /* duplicate name */ - } - /* see if empty nonterminals need to be created */ - if(nmlabs > z->namelabs) { - dname_remove_label(&nm, &nmlen); - if(!lz_find_create_node(z, nm, nmlen, nmlabs-1, res)) - return 0; - } - } - *res = ld; - return 1; -} - -/** enter data RR into auth zone */ -static int -lz_enter_rr_into_zone(struct local_zone* z, const char* rrstr) -{ - uint8_t* nm; - size_t nmlen; - int nmlabs; - struct local_data* node; - struct local_rrset* rrset; - struct packed_rrset_data* pd; - uint16_t rrtype = 0, rrclass = 0; - time_t ttl = 0; - uint8_t rr[LDNS_RR_BUF_SIZE]; - uint8_t* rdata; - size_t rdata_len; - if(!rrstr_get_rr_content(rrstr, &nm, &rrtype, &rrclass, &ttl, rr, - sizeof(rr), &rdata, &rdata_len)) { - log_err("bad local-data: %s", rrstr); - return 0; - } - log_assert(z->dclass == rrclass); - if(z->type == local_zone_redirect && - query_dname_compare(z->name, nm) != 0) { - log_err("local-data in redirect zone must reside at top of zone" - ", not at %s", rrstr); - free(nm); - return 0; - } - nmlabs = dname_count_size_labels(nm, &nmlen); - if(!lz_find_create_node(z, nm, nmlen, nmlabs, &node)) { - free(nm); - return 0; - } - log_assert(node); - free(nm); - - /* Reject it if we would end up having CNAME and other data (including - * another CNAME) for a redirect zone. */ - if(z->type == local_zone_redirect && node->rrsets) { - const char* othertype = NULL; - if (rrtype == LDNS_RR_TYPE_CNAME) - othertype = "other"; - else if (node->rrsets->rrset->rk.type == - htons(LDNS_RR_TYPE_CNAME)) { - othertype = "CNAME"; - } - if(othertype) { - log_err("local-data '%s' in redirect zone must not " - "coexist with %s local-data", rrstr, othertype); - return 0; - } - } - rrset = local_data_find_type(node, rrtype, 0); - if(!rrset) { - rrset = new_local_rrset(z->region, node, rrtype, rrclass); - if(!rrset) - return 0; - if(query_dname_compare(node->name, z->name) == 0) { - if(rrtype == LDNS_RR_TYPE_NSEC) - rrset->rrset->rk.flags = PACKED_RRSET_NSEC_AT_APEX; - if(rrtype == LDNS_RR_TYPE_SOA) - z->soa = rrset->rrset; - } - } - pd = (struct packed_rrset_data*)rrset->rrset->entry.data; - log_assert(rrset && pd); - - /* check for duplicate RR */ - if(rr_is_duplicate(pd, rdata, rdata_len)) { - verbose(VERB_ALGO, "ignoring duplicate RR: %s", rrstr); - return 1; - } - return rrset_insert_rr(z->region, pd, rdata, rdata_len, ttl, rrstr); -} - -/** enter a data RR into auth data; a zone for it must exist */ -static int -lz_enter_rr_str(struct local_zones* zones, const char* rr) -{ - uint8_t* rr_name; - uint16_t rr_class; - size_t len; - int labs; - struct local_zone* z; - int r; - if(!get_rr_nameclass(rr, &rr_name, &rr_class)) { - log_err("bad rr %s", rr); - return 0; - } - labs = dname_count_size_labels(rr_name, &len); - lock_rw_rdlock(&zones->lock); - z = local_zones_lookup(zones, rr_name, len, labs, rr_class); - if(!z) { - lock_rw_unlock(&zones->lock); - fatal_exit("internal error: no zone for rr %s", rr); - } - lock_rw_wrlock(&z->lock); - lock_rw_unlock(&zones->lock); - free(rr_name); - r = lz_enter_rr_into_zone(z, rr); - lock_rw_unlock(&z->lock); - return r; -} - -/** enter tagstring into zone */ -static int -lz_enter_zone_tag(struct local_zones* zones, char* zname, uint8_t* list, - size_t len, uint16_t rr_class) -{ - uint8_t dname[LDNS_MAX_DOMAINLEN+1]; - size_t dname_len = sizeof(dname); - int dname_labs, r = 0; - struct local_zone* z; - - if(sldns_str2wire_dname_buf(zname, dname, &dname_len) != 0) { - log_err("cannot parse zone name in local-zone-tag: %s", zname); - return 0; - } - dname_labs = dname_count_labels(dname); - - lock_rw_rdlock(&zones->lock); - z = local_zones_find(zones, dname, dname_len, dname_labs, rr_class); - if(!z) { - lock_rw_unlock(&zones->lock); - log_err("no local-zone for tag %s", zname); - return 0; - } - lock_rw_wrlock(&z->lock); - lock_rw_unlock(&zones->lock); - free(z->taglist); - z->taglist = memdup(list, len); - z->taglen = len; - if(z->taglist) - r = 1; - lock_rw_unlock(&z->lock); - return r; -} - -/** enter override into zone */ -static int -lz_enter_override(struct local_zones* zones, char* zname, char* netblock, - char* type, uint16_t rr_class) -{ - uint8_t dname[LDNS_MAX_DOMAINLEN+1]; - size_t dname_len = sizeof(dname); - int dname_labs; - struct sockaddr_storage addr; - int net; - socklen_t addrlen; - struct local_zone* z; - enum localzone_type t; - - /* parse zone name */ - if(sldns_str2wire_dname_buf(zname, dname, &dname_len) != 0) { - log_err("cannot parse zone name in local-zone-override: %s %s", - zname, netblock); - return 0; - } - dname_labs = dname_count_labels(dname); - - /* parse netblock */ - if(!netblockstrtoaddr(netblock, UNBOUND_DNS_PORT, &addr, &addrlen, - &net)) { - log_err("cannot parse netblock in local-zone-override: %s %s", - zname, netblock); - return 0; - } - - /* parse zone type */ - if(!local_zone_str2type(type, &t)) { - log_err("cannot parse type in local-zone-override: %s %s %s", - zname, netblock, type); - return 0; - } - - /* find localzone entry */ - lock_rw_rdlock(&zones->lock); - z = local_zones_find(zones, dname, dname_len, dname_labs, rr_class); - if(!z) { - lock_rw_unlock(&zones->lock); - log_err("no local-zone for local-zone-override %s", zname); - return 0; - } - lock_rw_wrlock(&z->lock); - lock_rw_unlock(&zones->lock); - - /* create netblock addr_tree if not present yet */ - if(!z->override_tree) { - z->override_tree = (struct rbtree_type*)regional_alloc_zero( - z->region, sizeof(*z->override_tree)); - if(!z->override_tree) { - lock_rw_unlock(&z->lock); - log_err("out of memory"); - return 0; - } - addr_tree_init(z->override_tree); - } - /* add new elem to tree */ - if(z->override_tree) { - struct local_zone_override* n; - n = (struct local_zone_override*)regional_alloc_zero( - z->region, sizeof(*n)); - if(!n) { - lock_rw_unlock(&z->lock); - log_err("out of memory"); - return 0; - } - n->type = t; - if(!addr_tree_insert(z->override_tree, - (struct addr_tree_node*)n, &addr, addrlen, net)) { - lock_rw_unlock(&z->lock); - log_err("duplicate local-zone-override %s %s", - zname, netblock); - return 1; - } - } - - lock_rw_unlock(&z->lock); - return 1; -} - -/** parse local-zone: statements */ -static int -lz_enter_zones(struct local_zones* zones, struct config_file* cfg) -{ - struct config_str2list* p; - struct local_zone* z; - for(p = cfg->local_zones; p; p = p->next) { - if(!(z=lz_enter_zone(zones, p->str, p->str2, - LDNS_RR_CLASS_IN))) - return 0; - lock_rw_unlock(&z->lock); - } - return 1; -} - -/** lookup a zone in rbtree; exact match only; SLOW due to parse */ -static int -lz_exists(struct local_zones* zones, const char* name) -{ - struct local_zone z; - z.node.key = &z; - z.dclass = LDNS_RR_CLASS_IN; - if(!parse_dname(name, &z.name, &z.namelen, &z.namelabs)) { - log_err("bad name %s", name); - return 0; - } - lock_rw_rdlock(&zones->lock); - if(rbtree_search(&zones->ztree, &z.node)) { - lock_rw_unlock(&zones->lock); - free(z.name); - return 1; - } - lock_rw_unlock(&zones->lock); - free(z.name); - return 0; -} - -/** lookup a zone in cfg->nodefault list */ -static int -lz_nodefault(struct config_file* cfg, const char* name) -{ - struct config_strlist* p; - size_t len = strlen(name); - if(len == 0) return 0; - if(name[len-1] == '.') len--; - - for(p = cfg->local_zones_nodefault; p; p = p->next) { - /* compare zone name, lowercase, compare without ending . */ - if(strncasecmp(p->str, name, len) == 0 && - (strlen(p->str) == len || (strlen(p->str)==len+1 && - p->str[len] == '.'))) - return 1; - } - return 0; -} - -/** enter AS112 default zone */ -static int -add_as112_default(struct local_zones* zones, struct config_file* cfg, - const char* name) -{ - struct local_zone* z; - char str[1024]; /* known long enough */ - if(lz_exists(zones, name) || lz_nodefault(cfg, name)) - return 1; /* do not enter default content */ - if(!(z=lz_enter_zone(zones, name, "static", LDNS_RR_CLASS_IN))) - return 0; - snprintf(str, sizeof(str), "%s 10800 IN SOA localhost. " - "nobody.invalid. 1 3600 1200 604800 10800", name); - if(!lz_enter_rr_into_zone(z, str)) { - lock_rw_unlock(&z->lock); - return 0; - } - snprintf(str, sizeof(str), "%s 10800 IN NS localhost. ", name); - if(!lz_enter_rr_into_zone(z, str)) { - lock_rw_unlock(&z->lock); - return 0; - } - lock_rw_unlock(&z->lock); - return 1; -} - -/** enter default zones */ -static int -lz_enter_defaults(struct local_zones* zones, struct config_file* cfg) -{ - struct local_zone* z; - const char** zstr; - - /* this list of zones is from RFC 6303 and RFC 7686 */ - - /* block localhost level zones first, then onion and later the LAN zones */ - - /* localhost. zone */ - if(!lz_exists(zones, "localhost.") && - !lz_nodefault(cfg, "localhost.")) { - if(!(z=lz_enter_zone(zones, "localhost.", "static", - LDNS_RR_CLASS_IN)) || - !lz_enter_rr_into_zone(z, - "localhost. 10800 IN NS localhost.") || - !lz_enter_rr_into_zone(z, - "localhost. 10800 IN SOA localhost. nobody.invalid. " - "1 3600 1200 604800 10800") || - !lz_enter_rr_into_zone(z, - "localhost. 10800 IN A 127.0.0.1") || - !lz_enter_rr_into_zone(z, - "localhost. 10800 IN AAAA ::1")) { - log_err("out of memory adding default zone"); - if(z) { lock_rw_unlock(&z->lock); } - return 0; - } - lock_rw_unlock(&z->lock); - } - /* reverse ip4 zone */ - if(!lz_exists(zones, "127.in-addr.arpa.") && - !lz_nodefault(cfg, "127.in-addr.arpa.")) { - if(!(z=lz_enter_zone(zones, "127.in-addr.arpa.", "static", - LDNS_RR_CLASS_IN)) || - !lz_enter_rr_into_zone(z, - "127.in-addr.arpa. 10800 IN NS localhost.") || - !lz_enter_rr_into_zone(z, - "127.in-addr.arpa. 10800 IN SOA localhost. " - "nobody.invalid. 1 3600 1200 604800 10800") || - !lz_enter_rr_into_zone(z, - "1.0.0.127.in-addr.arpa. 10800 IN PTR localhost.")) { - log_err("out of memory adding default zone"); - if(z) { lock_rw_unlock(&z->lock); } - return 0; - } - lock_rw_unlock(&z->lock); - } - /* reverse ip6 zone */ - if(!lz_exists(zones, "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa.") && - !lz_nodefault(cfg, "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa.")) { - if(!(z=lz_enter_zone(zones, "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa.", "static", - LDNS_RR_CLASS_IN)) || - !lz_enter_rr_into_zone(z, - "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa. 10800 IN NS localhost.") || - !lz_enter_rr_into_zone(z, - "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa. 10800 IN SOA localhost. " - "nobody.invalid. 1 3600 1200 604800 10800") || - !lz_enter_rr_into_zone(z, - "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa. 10800 IN PTR localhost.")) { - log_err("out of memory adding default zone"); - if(z) { lock_rw_unlock(&z->lock); } - return 0; - } - lock_rw_unlock(&z->lock); - } - /* onion. zone (RFC 7686) */ - if(!lz_exists(zones, "onion.") && - !lz_nodefault(cfg, "onion.")) { - if(!(z=lz_enter_zone(zones, "onion.", "static", - LDNS_RR_CLASS_IN)) || - !lz_enter_rr_into_zone(z, - "onion. 10800 IN NS localhost.") || - !lz_enter_rr_into_zone(z, - "onion. 10800 IN SOA localhost. nobody.invalid. " - "1 3600 1200 604800 10800")) { - log_err("out of memory adding default zone"); - if(z) { lock_rw_unlock(&z->lock); } - return 0; - } - lock_rw_unlock(&z->lock); - } - - /* block AS112 zones, unless asked not to */ - if(!cfg->unblock_lan_zones) { - for(zstr = as112_zones; *zstr; zstr++) { - if(!add_as112_default(zones, cfg, *zstr)) { - log_err("out of memory adding default zone"); - return 0; - } - } - } - return 1; -} - -/** parse local-zone-override: statements */ -static int -lz_enter_overrides(struct local_zones* zones, struct config_file* cfg) -{ - struct config_str3list* p; - for(p = cfg->local_zone_overrides; p; p = p->next) { - if(!lz_enter_override(zones, p->str, p->str2, p->str3, - LDNS_RR_CLASS_IN)) - return 0; - } - return 1; -} - -/** setup parent pointers, so that a lookup can be done for closest match */ -static void -init_parents(struct local_zones* zones) -{ - struct local_zone* node, *prev = NULL, *p; - int m; - lock_rw_wrlock(&zones->lock); - RBTREE_FOR(node, struct local_zone*, &zones->ztree) { - lock_rw_wrlock(&node->lock); - node->parent = NULL; - if(!prev || prev->dclass != node->dclass) { - prev = node; - lock_rw_unlock(&node->lock); - continue; - } - (void)dname_lab_cmp(prev->name, prev->namelabs, node->name, - node->namelabs, &m); /* we know prev is smaller */ - /* sort order like: . com. bla.com. zwb.com. net. */ - /* find the previous, or parent-parent-parent */ - for(p = prev; p; p = p->parent) - /* looking for name with few labels, a parent */ - if(p->namelabs <= m) { - /* ==: since prev matched m, this is closest*/ - /* <: prev matches more, but is not a parent, - * this one is a (grand)parent */ - node->parent = p; - break; - } - prev = node; - - if(node->override_tree) - addr_tree_init_parents(node->override_tree); - lock_rw_unlock(&node->lock); - } - lock_rw_unlock(&zones->lock); -} - -/** enter implicit transparent zone for local-data: without local-zone: */ -static int -lz_setup_implicit(struct local_zones* zones, struct config_file* cfg) -{ - /* walk over all items that have no parent zone and find - * the name that covers them all (could be the root) and - * add that as a transparent zone */ - struct config_strlist* p; - int have_name = 0; - int have_other_classes = 0; - uint16_t dclass = 0; - uint8_t* nm = 0; - size_t nmlen = 0; - int nmlabs = 0; - int match = 0; /* number of labels match count */ - - init_parents(zones); /* to enable local_zones_lookup() */ - for(p = cfg->local_data; p; p = p->next) { - uint8_t* rr_name; - uint16_t rr_class; - size_t len; - int labs; - if(!get_rr_nameclass(p->str, &rr_name, &rr_class)) { - log_err("Bad local-data RR %s", p->str); - return 0; - } - labs = dname_count_size_labels(rr_name, &len); - lock_rw_rdlock(&zones->lock); - if(!local_zones_lookup(zones, rr_name, len, labs, rr_class)) { - if(!have_name) { - dclass = rr_class; - nm = rr_name; - nmlen = len; - nmlabs = labs; - match = labs; - have_name = 1; - } else { - int m; - if(rr_class != dclass) { - /* process other classes later */ - free(rr_name); - have_other_classes = 1; - lock_rw_unlock(&zones->lock); - continue; - } - /* find smallest shared topdomain */ - (void)dname_lab_cmp(nm, nmlabs, - rr_name, labs, &m); - free(rr_name); - if(m < match) - match = m; - } - } else free(rr_name); - lock_rw_unlock(&zones->lock); - } - if(have_name) { - uint8_t* n2; - struct local_zone* z; - /* allocate zone of smallest shared topdomain to contain em */ - n2 = nm; - dname_remove_labels(&n2, &nmlen, nmlabs - match); - n2 = memdup(n2, nmlen); - free(nm); - if(!n2) { - log_err("out of memory"); - return 0; - } - log_nametypeclass(VERB_ALGO, "implicit transparent local-zone", - n2, 0, dclass); - if(!(z=lz_enter_zone_dname(zones, n2, nmlen, match, - local_zone_transparent, dclass))) { - return 0; - } - lock_rw_unlock(&z->lock); - } - if(have_other_classes) { - /* restart to setup other class */ - return lz_setup_implicit(zones, cfg); - } - return 1; -} - -/** enter local-zone-tag info */ -static int -lz_enter_zone_tags(struct local_zones* zones, struct config_file* cfg) -{ - struct config_strbytelist* p; - int c = 0; - for(p = cfg->local_zone_tags; p; p = p->next) { - if(!lz_enter_zone_tag(zones, p->str, p->str2, p->str2len, - LDNS_RR_CLASS_IN)) - return 0; - c++; - } - if(c) verbose(VERB_ALGO, "applied tags to %d local zones", c); - return 1; -} - -/** enter auth data */ -static int -lz_enter_data(struct local_zones* zones, struct config_file* cfg) -{ - struct config_strlist* p; - for(p = cfg->local_data; p; p = p->next) { - if(!lz_enter_rr_str(zones, p->str)) - return 0; - } - return 1; -} - -/** free memory from config */ -static void -lz_freeup_cfg(struct config_file* cfg) -{ - config_deldblstrlist(cfg->local_zones); - cfg->local_zones = NULL; - config_delstrlist(cfg->local_zones_nodefault); - cfg->local_zones_nodefault = NULL; - config_delstrlist(cfg->local_data); - cfg->local_data = NULL; -} - -int -local_zones_apply_cfg(struct local_zones* zones, struct config_file* cfg) -{ - /* create zones from zone statements. */ - if(!lz_enter_zones(zones, cfg)) { - return 0; - } - /* apply default zones+content (unless disabled, or overridden) */ - if(!lz_enter_defaults(zones, cfg)) { - return 0; - } - /* enter local zone overrides */ - if(!lz_enter_overrides(zones, cfg)) { - return 0; - } - /* create implicit transparent zone from data. */ - if(!lz_setup_implicit(zones, cfg)) { - return 0; - } - - /* setup parent ptrs for lookup during data entry */ - init_parents(zones); - /* insert local zone tags */ - if(!lz_enter_zone_tags(zones, cfg)) { - return 0; - } - /* insert local data */ - if(!lz_enter_data(zones, cfg)) { - return 0; - } - /* freeup memory from cfg struct. */ - lz_freeup_cfg(cfg); - return 1; -} - -struct local_zone* -local_zones_lookup(struct local_zones* zones, - uint8_t* name, size_t len, int labs, uint16_t dclass) -{ - return local_zones_tags_lookup(zones, name, len, labs, - dclass, NULL, 0, 1); -} - -struct local_zone* -local_zones_tags_lookup(struct local_zones* zones, - uint8_t* name, size_t len, int labs, uint16_t dclass, - uint8_t* taglist, size_t taglen, int ignoretags) -{ - rbnode_type* res = NULL; - struct local_zone *result; - struct local_zone key; - int m; - key.node.key = &key; - key.dclass = dclass; - key.name = name; - key.namelen = len; - key.namelabs = labs; - rbtree_find_less_equal(&zones->ztree, &key, &res); - result = (struct local_zone*)res; - /* exact or smaller element (or no element) */ - if(!result || result->dclass != dclass) - return NULL; - /* count number of labels matched */ - (void)dname_lab_cmp(result->name, result->namelabs, key.name, - key.namelabs, &m); - while(result) { /* go up until qname is zone or subdomain of zone */ - if(result->namelabs <= m) - if(ignoretags || !result->taglist || - taglist_intersect(result->taglist, - result->taglen, taglist, taglen)) - break; - result = result->parent; - } - return result; -} - -struct local_zone* -local_zones_find(struct local_zones* zones, - uint8_t* name, size_t len, int labs, uint16_t dclass) -{ - struct local_zone key; - key.node.key = &key; - key.dclass = dclass; - key.name = name; - key.namelen = len; - key.namelabs = labs; - /* exact */ - return (struct local_zone*)rbtree_search(&zones->ztree, &key); -} - -/** print all RRsets in local zone */ -static void -local_zone_out(struct local_zone* z) -{ - struct local_data* d; - struct local_rrset* p; - RBTREE_FOR(d, struct local_data*, &z->data) { - for(p = d->rrsets; p; p = p->next) { - log_nametypeclass(0, "rrset", d->name, - ntohs(p->rrset->rk.type), - ntohs(p->rrset->rk.rrset_class)); - } - } -} - -void local_zones_print(struct local_zones* zones) -{ - struct local_zone* z; - lock_rw_rdlock(&zones->lock); - log_info("number of auth zones %u", (unsigned)zones->ztree.count); - RBTREE_FOR(z, struct local_zone*, &zones->ztree) { - lock_rw_rdlock(&z->lock); - switch(z->type) { - case local_zone_deny: - log_nametypeclass(0, "deny zone", - z->name, 0, z->dclass); - break; - case local_zone_refuse: - log_nametypeclass(0, "refuse zone", - z->name, 0, z->dclass); - break; - case local_zone_redirect: - log_nametypeclass(0, "redirect zone", - z->name, 0, z->dclass); - break; - case local_zone_transparent: - log_nametypeclass(0, "transparent zone", - z->name, 0, z->dclass); - break; - case local_zone_typetransparent: - log_nametypeclass(0, "typetransparent zone", - z->name, 0, z->dclass); - break; - case local_zone_static: - log_nametypeclass(0, "static zone", - z->name, 0, z->dclass); - break; - case local_zone_inform: - log_nametypeclass(0, "inform zone", - z->name, 0, z->dclass); - break; - case local_zone_inform_deny: - log_nametypeclass(0, "inform_deny zone", - z->name, 0, z->dclass); - break; - case local_zone_always_transparent: - log_nametypeclass(0, "always_transparent zone", - z->name, 0, z->dclass); - break; - case local_zone_always_refuse: - log_nametypeclass(0, "always_refuse zone", - z->name, 0, z->dclass); - break; - case local_zone_always_nxdomain: - log_nametypeclass(0, "always_nxdomain zone", - z->name, 0, z->dclass); - break; - default: - log_nametypeclass(0, "badtyped zone", - z->name, 0, z->dclass); - break; - } - local_zone_out(z); - lock_rw_unlock(&z->lock); - } - lock_rw_unlock(&zones->lock); -} - -/** encode answer consisting of 1 rrset */ -static int -local_encode(struct query_info* qinfo, struct module_env* env, - struct edns_data* edns, sldns_buffer* buf, struct regional* temp, - struct ub_packed_rrset_key* rrset, int ansec, int rcode) -{ - struct reply_info rep; - uint16_t udpsize; - /* make answer with time=0 for fixed TTL values */ - memset(&rep, 0, sizeof(rep)); - rep.flags = (uint16_t)((BIT_QR | BIT_AA | BIT_RA) | rcode); - rep.qdcount = 1; - if(ansec) - rep.an_numrrsets = 1; - else rep.ns_numrrsets = 1; - rep.rrset_count = 1; - rep.rrsets = &rrset; - udpsize = edns->udp_size; - edns->edns_version = EDNS_ADVERTISED_VERSION; - edns->udp_size = EDNS_ADVERTISED_SIZE; - edns->ext_rcode = 0; - edns->bits &= EDNS_DO; - if(!inplace_cb_reply_local_call(env, qinfo, NULL, &rep, rcode, edns, temp) - || !reply_info_answer_encode(qinfo, &rep, - *(uint16_t*)sldns_buffer_begin(buf), - sldns_buffer_read_u16_at(buf, 2), - buf, 0, 0, temp, udpsize, edns, - (int)(edns->bits&EDNS_DO), 0)) - error_encode(buf, (LDNS_RCODE_SERVFAIL|BIT_AA), qinfo, - *(uint16_t*)sldns_buffer_begin(buf), - sldns_buffer_read_u16_at(buf, 2), edns); - return 1; -} - -/** encode local error answer */ -static void -local_error_encode(struct query_info* qinfo, struct module_env* env, - struct edns_data* edns, sldns_buffer* buf, struct regional* temp, - int rcode, int r) -{ - edns->edns_version = EDNS_ADVERTISED_VERSION; - edns->udp_size = EDNS_ADVERTISED_SIZE; - edns->ext_rcode = 0; - edns->bits &= EDNS_DO; - - if(!inplace_cb_reply_local_call(env, qinfo, NULL, NULL, - rcode, edns, temp)) - edns->opt_list = NULL; - error_encode(buf, r, qinfo, *(uint16_t*)sldns_buffer_begin(buf), - sldns_buffer_read_u16_at(buf, 2), edns); -} - -/** find local data tag string match for the given type in the list */ -int -local_data_find_tag_datas(const struct query_info* qinfo, - struct config_strlist* list, struct ub_packed_rrset_key* r, - struct regional* temp) -{ - struct config_strlist* p; - char buf[65536]; - uint8_t rr[LDNS_RR_BUF_SIZE]; - size_t len; - int res; - struct packed_rrset_data* d; - for(p=list; p; p=p->next) { - uint16_t rdr_type; - - len = sizeof(rr); - /* does this element match the type? */ - snprintf(buf, sizeof(buf), ". %s", p->str); - res = sldns_str2wire_rr_buf(buf, rr, &len, NULL, 3600, - NULL, 0, NULL, 0); - if(res != 0) - /* parse errors are already checked before, in - * acllist check_data, skip this for robustness */ - continue; - if(len < 1 /* . */ + 8 /* typeclassttl*/ + 2 /*rdatalen*/) - continue; - rdr_type = sldns_wirerr_get_type(rr, len, 1); - if(rdr_type != qinfo->qtype && rdr_type != LDNS_RR_TYPE_CNAME) - continue; - - /* do we have entries already? if not setup key */ - if(r->rk.dname == NULL) { - r->entry.key = r; - r->rk.dname = qinfo->qname; - r->rk.dname_len = qinfo->qname_len; - r->rk.type = htons(rdr_type); - r->rk.rrset_class = htons(qinfo->qclass); - r->rk.flags = 0; - d = (struct packed_rrset_data*)regional_alloc_zero( - temp, sizeof(struct packed_rrset_data) - + sizeof(size_t) + sizeof(uint8_t*) + - sizeof(time_t)); - if(!d) return 0; /* out of memory */ - r->entry.data = d; - d->ttl = sldns_wirerr_get_ttl(rr, len, 1); - d->rr_len = (size_t*)((uint8_t*)d + - sizeof(struct packed_rrset_data)); - d->rr_data = (uint8_t**)&(d->rr_len[1]); - d->rr_ttl = (time_t*)&(d->rr_data[1]); - } - d = (struct packed_rrset_data*)r->entry.data; - /* add entry to the data */ - if(d->count != 0) { - size_t* oldlen = d->rr_len; - uint8_t** olddata = d->rr_data; - time_t* oldttl = d->rr_ttl; - /* increase arrays for lookup */ - /* this is of course slow for very many records, - * but most redirects are expected with few records */ - d->rr_len = (size_t*)regional_alloc_zero(temp, - (d->count+1)*sizeof(size_t)); - d->rr_data = (uint8_t**)regional_alloc_zero(temp, - (d->count+1)*sizeof(uint8_t*)); - d->rr_ttl = (time_t*)regional_alloc_zero(temp, - (d->count+1)*sizeof(time_t)); - if(!d->rr_len || !d->rr_data || !d->rr_ttl) - return 0; /* out of memory */ - /* first one was allocated after struct d, but new - * ones get their own array increment alloc, so - * copy old content */ - memmove(d->rr_len, oldlen, d->count*sizeof(size_t)); - memmove(d->rr_data, olddata, d->count*sizeof(uint8_t*)); - memmove(d->rr_ttl, oldttl, d->count*sizeof(time_t)); - } - - d->rr_len[d->count] = sldns_wirerr_get_rdatalen(rr, len, 1)+2; - d->rr_ttl[d->count] = sldns_wirerr_get_ttl(rr, len, 1); - d->rr_data[d->count] = regional_alloc_init(temp, - sldns_wirerr_get_rdatawl(rr, len, 1), - d->rr_len[d->count]); - if(!d->rr_data[d->count]) - return 0; /* out of memory */ - d->count++; - } - if(r->rk.dname) - return 1; - return 0; -} - -static int -find_tag_datas(struct query_info* qinfo, struct config_strlist* list, - struct ub_packed_rrset_key* r, struct regional* temp) -{ - int result = local_data_find_tag_datas(qinfo, list, r, temp); - - /* If we've found a non-exact alias type of local data, make a shallow - * copy of the RRset and remember it in qinfo to complete the alias - * chain later. */ - if(result && qinfo->qtype != LDNS_RR_TYPE_CNAME && - r->rk.type == htons(LDNS_RR_TYPE_CNAME)) { - qinfo->local_alias = - regional_alloc_zero(temp, sizeof(struct local_rrset)); - if(!qinfo->local_alias) - return 0; /* out of memory */ - qinfo->local_alias->rrset = - regional_alloc_init(temp, r, sizeof(*r)); - if(!qinfo->local_alias->rrset) - return 0; /* out of memory */ - } - return result; -} - -/** answer local data match */ -static int -local_data_answer(struct local_zone* z, struct module_env* env, - struct query_info* qinfo, struct edns_data* edns, sldns_buffer* buf, - struct regional* temp, int labs, struct local_data** ldp, - enum localzone_type lz_type, int tag, struct config_strlist** tag_datas, - size_t tag_datas_size, char** tagname, int num_tags) -{ - struct local_data key; - struct local_data* ld; - struct local_rrset* lr; - key.node.key = &key; - key.name = qinfo->qname; - key.namelen = qinfo->qname_len; - key.namelabs = labs; - if(lz_type == local_zone_redirect) { - key.name = z->name; - key.namelen = z->namelen; - key.namelabs = z->namelabs; - if(tag != -1 && (size_t)taglocal_alias) - return 1; - return local_encode(qinfo, env, edns, buf, temp, - &r, 1, LDNS_RCODE_NOERROR); - } - } - } - ld = (struct local_data*)rbtree_search(&z->data, &key.node); - *ldp = ld; - if(!ld) { - return 0; - } - lr = local_data_find_type(ld, qinfo->qtype, 1); - if(!lr) - return 0; - - /* Special case for alias matching. See local_data_answer(). */ - if(lz_type == local_zone_redirect && - qinfo->qtype != LDNS_RR_TYPE_CNAME && - lr->rrset->rk.type == htons(LDNS_RR_TYPE_CNAME)) { - qinfo->local_alias = - regional_alloc_zero(temp, sizeof(struct local_rrset)); - if(!qinfo->local_alias) - return 0; /* out of memory */ - qinfo->local_alias->rrset = - regional_alloc_init(temp, lr->rrset, sizeof(*lr->rrset)); - if(!qinfo->local_alias->rrset) - return 0; /* out of memory */ - qinfo->local_alias->rrset->rk.dname = qinfo->qname; - qinfo->local_alias->rrset->rk.dname_len = qinfo->qname_len; - return 1; - } - if(lz_type == local_zone_redirect) { - /* convert rrset name to query name; like a wildcard */ - struct ub_packed_rrset_key r = *lr->rrset; - r.rk.dname = qinfo->qname; - r.rk.dname_len = qinfo->qname_len; - return local_encode(qinfo, env, edns, buf, temp, &r, 1, - LDNS_RCODE_NOERROR); - } - return local_encode(qinfo, env, edns, buf, temp, lr->rrset, 1, - LDNS_RCODE_NOERROR); -} - -/** - * answer in case where no exact match is found - * @param z: zone for query - * @param env: module environment - * @param qinfo: query - * @param edns: edns from query - * @param buf: buffer for answer. - * @param temp: temp region for encoding - * @param ld: local data, if NULL, no such name exists in localdata. - * @param lz_type: type of the local zone - * @return 1 if a reply is to be sent, 0 if not. - */ -static int -lz_zone_answer(struct local_zone* z, struct module_env* env, - struct query_info* qinfo, struct edns_data* edns, sldns_buffer* buf, - struct regional* temp, struct local_data* ld, enum localzone_type lz_type) -{ - if(lz_type == local_zone_deny || lz_type == local_zone_inform_deny) { - /** no reply at all, signal caller by clearing buffer. */ - sldns_buffer_clear(buf); - sldns_buffer_flip(buf); - return 1; - } else if(lz_type == local_zone_refuse - || lz_type == local_zone_always_refuse) { - local_error_encode(qinfo, env, edns, buf, temp, - LDNS_RCODE_REFUSED, (LDNS_RCODE_REFUSED|BIT_AA)); - return 1; - } else if(lz_type == local_zone_static || - lz_type == local_zone_redirect || - lz_type == local_zone_always_nxdomain) { - /* for static, reply nodata or nxdomain - * for redirect, reply nodata */ - /* no additional section processing, - * cname, dname or wildcard processing, - * or using closest match for NSEC. - * or using closest match for returning delegation downwards - */ - int rcode = (ld || lz_type == local_zone_redirect)? - LDNS_RCODE_NOERROR:LDNS_RCODE_NXDOMAIN; - if(z->soa) - return local_encode(qinfo, env, edns, buf, temp, - z->soa, 0, rcode); - local_error_encode(qinfo, env, edns, buf, temp, rcode, - (rcode|BIT_AA)); - return 1; - } else if(lz_type == local_zone_typetransparent - || lz_type == local_zone_always_transparent) { - /* no NODATA or NXDOMAINS for this zone type */ - return 0; - } - /* else lz_type == local_zone_transparent */ - - /* if the zone is transparent and the name exists, but the type - * does not, then we should make this noerror/nodata */ - if(ld && ld->rrsets) { - int rcode = LDNS_RCODE_NOERROR; - if(z->soa) - return local_encode(qinfo, env, edns, buf, temp, - z->soa, 0, rcode); - local_error_encode(qinfo, env, edns, buf, temp, rcode, - (rcode|BIT_AA)); - return 1; - } - - /* stop here, and resolve further on */ - return 0; -} - -/** print log information for an inform zone query */ -static void -lz_inform_print(struct local_zone* z, struct query_info* qinfo, - struct comm_reply* repinfo) -{ - char ip[128], txt[512]; - char zname[LDNS_MAX_DOMAINLEN+1]; - uint16_t port = ntohs(((struct sockaddr_in*)&repinfo->addr)->sin_port); - dname_str(z->name, zname); - addr_to_str(&repinfo->addr, repinfo->addrlen, ip, sizeof(ip)); - snprintf(txt, sizeof(txt), "%s inform %s@%u", zname, ip, - (unsigned)port); - log_nametypeclass(0, txt, qinfo->qname, qinfo->qtype, qinfo->qclass); -} - -static enum localzone_type -lz_type(uint8_t *taglist, size_t taglen, uint8_t *taglist2, size_t taglen2, - uint8_t *tagactions, size_t tagactionssize, enum localzone_type lzt, - struct comm_reply* repinfo, struct rbtree_type* override_tree, - int* tag, char** tagname, int num_tags) -{ - struct local_zone_override* lzo; - if(repinfo && override_tree) { - lzo = (struct local_zone_override*)addr_tree_lookup( - override_tree, &repinfo->addr, repinfo->addrlen); - if(lzo && lzo->type) { - verbose(VERB_ALGO, "local zone override to type %s", - local_zone_type2str(lzo->type)); - return lzo->type; - } - } - if(!taglist || !taglist2) - return lzt; - return local_data_find_tag_action(taglist, taglen, taglist2, taglen2, - tagactions, tagactionssize, lzt, tag, tagname, num_tags); -} - -enum localzone_type -local_data_find_tag_action(const uint8_t* taglist, size_t taglen, - const uint8_t* taglist2, size_t taglen2, const uint8_t* tagactions, - size_t tagactionssize, enum localzone_type lzt, int* tag, - char* const* tagname, int num_tags) -{ - size_t i, j; - uint8_t tagmatch; - - for(i=0; i0; j++) { - if((tagmatch & 0x1)) { - *tag = (int)(i*8+j); - verbose(VERB_ALGO, "matched tag [%d] %s", - *tag, (*tag>= 1; - } - } - return lzt; -} - -int -local_zones_answer(struct local_zones* zones, struct module_env* env, - struct query_info* qinfo, struct edns_data* edns, sldns_buffer* buf, - struct regional* temp, struct comm_reply* repinfo, uint8_t* taglist, - size_t taglen, uint8_t* tagactions, size_t tagactionssize, - struct config_strlist** tag_datas, size_t tag_datas_size, - char** tagname, int num_tags, struct view* view) -{ - /* see if query is covered by a zone, - * if so: - try to match (exact) local data - * - look at zone type for negative response. */ - int labs = dname_count_labels(qinfo->qname); - struct local_data* ld = NULL; - struct local_zone* z = NULL; - enum localzone_type lzt = local_zone_transparent; - int r, tag = -1; - - if(view) { - lock_rw_rdlock(&view->lock); - if(view->local_zones && - (z = local_zones_lookup(view->local_zones, - qinfo->qname, qinfo->qname_len, labs, - qinfo->qclass))) { - verbose(VERB_ALGO, - "using localzone from view: %s", - view->name); - lock_rw_rdlock(&z->lock); - lzt = z->type; - } - if(!z && !view->isfirst){ - lock_rw_unlock(&view->lock); - return 0; - } - lock_rw_unlock(&view->lock); - } - if(!z) { - /* try global local_zones tree */ - lock_rw_rdlock(&zones->lock); - if(!(z = local_zones_tags_lookup(zones, qinfo->qname, - qinfo->qname_len, labs, qinfo->qclass, taglist, - taglen, 0))) { - lock_rw_unlock(&zones->lock); - return 0; - } - lock_rw_rdlock(&z->lock); - - lzt = lz_type(taglist, taglen, z->taglist, z->taglen, - tagactions, tagactionssize, z->type, repinfo, - z->override_tree, &tag, tagname, num_tags); - lock_rw_unlock(&zones->lock); - } - if((lzt == local_zone_inform || lzt == local_zone_inform_deny) - && repinfo) - lz_inform_print(z, qinfo, repinfo); - - if(lzt != local_zone_always_refuse - && lzt != local_zone_always_transparent - && lzt != local_zone_always_nxdomain - && local_data_answer(z, env, qinfo, edns, buf, temp, labs, &ld, lzt, - tag, tag_datas, tag_datas_size, tagname, num_tags)) { - lock_rw_unlock(&z->lock); - /* We should tell the caller that encode is deferred if we found - * a local alias. */ - return !qinfo->local_alias; - } - r = lz_zone_answer(z, env, qinfo, edns, buf, temp, ld, lzt); - lock_rw_unlock(&z->lock); - return r && !qinfo->local_alias; /* see above */ -} - -const char* local_zone_type2str(enum localzone_type t) -{ - switch(t) { - case local_zone_unset: return "unset"; - case local_zone_deny: return "deny"; - case local_zone_refuse: return "refuse"; - case local_zone_redirect: return "redirect"; - case local_zone_transparent: return "transparent"; - case local_zone_typetransparent: return "typetransparent"; - case local_zone_static: return "static"; - case local_zone_nodefault: return "nodefault"; - case local_zone_inform: return "inform"; - case local_zone_inform_deny: return "inform_deny"; - case local_zone_always_transparent: return "always_transparent"; - case local_zone_always_refuse: return "always_refuse"; - case local_zone_always_nxdomain: return "always_nxdomain"; - } - return "badtyped"; -} - -int local_zone_str2type(const char* type, enum localzone_type* t) -{ - if(strcmp(type, "deny") == 0) - *t = local_zone_deny; - else if(strcmp(type, "refuse") == 0) - *t = local_zone_refuse; - else if(strcmp(type, "static") == 0) - *t = local_zone_static; - else if(strcmp(type, "transparent") == 0) - *t = local_zone_transparent; - else if(strcmp(type, "typetransparent") == 0) - *t = local_zone_typetransparent; - else if(strcmp(type, "redirect") == 0) - *t = local_zone_redirect; - else if(strcmp(type, "inform") == 0) - *t = local_zone_inform; - else if(strcmp(type, "inform_deny") == 0) - *t = local_zone_inform_deny; - else if(strcmp(type, "always_transparent") == 0) - *t = local_zone_always_transparent; - else if(strcmp(type, "always_refuse") == 0) - *t = local_zone_always_refuse; - else if(strcmp(type, "always_nxdomain") == 0) - *t = local_zone_always_nxdomain; - else return 0; - return 1; -} - -/** iterate over the kiddies of the given name and set their parent ptr */ -static void -set_kiddo_parents(struct local_zone* z, struct local_zone* match, - struct local_zone* newp) -{ - /* both zones and z are locked already */ - /* in the sorted rbtree, the kiddies of z are located after z */ - /* z must be present in the tree */ - struct local_zone* p = z; - p = (struct local_zone*)rbtree_next(&p->node); - while(p!=(struct local_zone*)RBTREE_NULL && - p->dclass == z->dclass && dname_strict_subdomain(p->name, - p->namelabs, z->name, z->namelabs)) { - /* update parent ptr */ - /* only when matches with existing parent pointer, so that - * deeper child structures are not touched, i.e. - * update of x, and a.x, b.x, f.b.x, g.b.x, c.x, y - * gets to update a.x, b.x and c.x */ - lock_rw_wrlock(&p->lock); - if(p->parent == match) - p->parent = newp; - lock_rw_unlock(&p->lock); - p = (struct local_zone*)rbtree_next(&p->node); - } -} - -struct local_zone* local_zones_add_zone(struct local_zones* zones, - uint8_t* name, size_t len, int labs, uint16_t dclass, - enum localzone_type tp) -{ - /* create */ - struct local_zone* z = local_zone_create(name, len, labs, tp, dclass); - if(!z) { - free(name); - return NULL; - } - lock_rw_wrlock(&z->lock); - - /* find the closest parent */ - z->parent = local_zones_find(zones, name, len, labs, dclass); - - /* insert into the tree */ - if(!rbtree_insert(&zones->ztree, &z->node)) { - /* duplicate entry! */ - lock_rw_unlock(&z->lock); - local_zone_delete(z); - log_err("internal: duplicate entry in local_zones_add_zone"); - return NULL; - } - - /* set parent pointers right */ - set_kiddo_parents(z, z->parent, z); - - lock_rw_unlock(&z->lock); - return z; -} - -void local_zones_del_zone(struct local_zones* zones, struct local_zone* z) -{ - /* fix up parents in tree */ - lock_rw_wrlock(&z->lock); - set_kiddo_parents(z, z, z->parent); - - /* remove from tree */ - (void)rbtree_delete(&zones->ztree, z); - - /* delete the zone */ - lock_rw_unlock(&z->lock); - local_zone_delete(z); -} - -int -local_zones_add_RR(struct local_zones* zones, const char* rr) -{ - uint8_t* rr_name; - uint16_t rr_class; - size_t len; - int labs; - struct local_zone* z; - int r; - if(!get_rr_nameclass(rr, &rr_name, &rr_class)) { - return 0; - } - labs = dname_count_size_labels(rr_name, &len); - /* could first try readlock then get writelock if zone does not exist, - * but we do not add enough RRs (from multiple threads) to optimize */ - lock_rw_wrlock(&zones->lock); - z = local_zones_lookup(zones, rr_name, len, labs, rr_class); - if(!z) { - z = local_zones_add_zone(zones, rr_name, len, labs, rr_class, - local_zone_transparent); - if(!z) { - lock_rw_unlock(&zones->lock); - return 0; - } - } else { - free(rr_name); - } - lock_rw_wrlock(&z->lock); - lock_rw_unlock(&zones->lock); - r = lz_enter_rr_into_zone(z, rr); - lock_rw_unlock(&z->lock); - return r; -} - -/** returns true if the node is terminal so no deeper domain names exist */ -static int -is_terminal(struct local_data* d) -{ - /* for empty nonterminals, the deeper domain names are sorted - * right after them, so simply check the next name in the tree - */ - struct local_data* n = (struct local_data*)rbtree_next(&d->node); - if(n == (struct local_data*)RBTREE_NULL) - return 1; /* last in tree, no deeper node */ - if(dname_strict_subdomain(n->name, n->namelabs, d->name, d->namelabs)) - return 0; /* there is a deeper node */ - return 1; -} - -/** delete empty terminals from tree when final data is deleted */ -static void -del_empty_term(struct local_zone* z, struct local_data* d, - uint8_t* name, size_t len, int labs) -{ - while(d && d->rrsets == NULL && is_terminal(d)) { - /* is this empty nonterminal? delete */ - /* note, no memory recycling in zone region */ - (void)rbtree_delete(&z->data, d); - - /* go up and to the next label */ - if(dname_is_root(name)) - return; - dname_remove_label(&name, &len); - labs--; - d = lz_find_node(z, name, len, labs); - } -} - -void local_zones_del_data(struct local_zones* zones, - uint8_t* name, size_t len, int labs, uint16_t dclass) -{ - /* find zone */ - struct local_zone* z; - struct local_data* d; - lock_rw_rdlock(&zones->lock); - z = local_zones_lookup(zones, name, len, labs, dclass); - if(!z) { - /* no such zone, we're done */ - lock_rw_unlock(&zones->lock); - return; - } - lock_rw_wrlock(&z->lock); - lock_rw_unlock(&zones->lock); - - /* find the domain */ - d = lz_find_node(z, name, len, labs); - if(d) { - /* no memory recycling for zone deletions ... */ - d->rrsets = NULL; - /* did we delete the soa record ? */ - if(query_dname_compare(d->name, z->name) == 0) - z->soa = NULL; - - /* cleanup the empty nonterminals for this name */ - del_empty_term(z, d, name, len, labs); - } - - lock_rw_unlock(&z->lock); -} diff --git a/external/unbound/services/localzone.h b/external/unbound/services/localzone.h deleted file mode 100644 index 658f28024..000000000 --- a/external/unbound/services/localzone.h +++ /dev/null @@ -1,500 +0,0 @@ -/* - * services/localzone.h - local zones authority service. - * - * Copyright (c) 2007, NLnet Labs. All rights reserved. - * - * This software is open source. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * Redistributions of source code must retain the above copyright notice, - * this list of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, - * this list of conditions and the following disclaimer in the documentation - * and/or other materials provided with the distribution. - * - * Neither the name of the NLNET LABS nor the names of its contributors may - * be used to endorse or promote products derived from this software without - * specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR - * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT - * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED - * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR - * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF - * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING - * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -/** - * \file - * - * This file contains functions to enable local zone authority service. - */ - -#ifndef SERVICES_LOCALZONE_H -#define SERVICES_LOCALZONE_H -#include "util/rbtree.h" -#include "util/locks.h" -#include "util/storage/dnstree.h" -#include "util/module.h" -#include "services/view.h" -struct packed_rrset_data; -struct ub_packed_rrset_key; -struct regional; -struct config_file; -struct edns_data; -struct query_info; -struct sldns_buffer; -struct comm_reply; -struct config_strlist; - -/** - * Local zone type - * This type determines processing for queries that did not match - * local-data directly. - */ -enum localzone_type { - /** unset type, used for unset tag_action elements */ - local_zone_unset = 0, - /** drop query */ - local_zone_deny, - /** answer with error */ - local_zone_refuse, - /** answer nxdomain or nodata */ - local_zone_static, - /** resolve normally */ - local_zone_transparent, - /** do not block types at localdata names */ - local_zone_typetransparent, - /** answer with data at zone apex */ - local_zone_redirect, - /** remove default AS112 blocking contents for zone - * nodefault is used in config not during service. */ - local_zone_nodefault, - /** log client address, but no block (transparent) */ - local_zone_inform, - /** log client address, and block (drop) */ - local_zone_inform_deny, - /** resolve normally, even when there is local data */ - local_zone_always_transparent, - /** answer with error, even when there is local data */ - local_zone_always_refuse, - /** answer with nxdomain, even when there is local data */ - local_zone_always_nxdomain -}; - -/** - * Authoritative local zones storage, shared. - */ -struct local_zones { - /** lock on the localzone tree */ - lock_rw_type lock; - /** rbtree of struct local_zone */ - rbtree_type ztree; -}; - -/** - * Local zone. A locally served authoritative zone. - */ -struct local_zone { - /** rbtree node, key is name and class */ - rbnode_type node; - /** parent zone, if any. */ - struct local_zone* parent; - - /** zone name, in uncompressed wireformat */ - uint8_t* name; - /** length of zone name */ - size_t namelen; - /** number of labels in zone name */ - int namelabs; - /** the class of this zone. - * uses 'dclass' to not conflict with c++ keyword class. */ - uint16_t dclass; - - /** lock on the data in the structure - * For the node, parent, name, namelen, namelabs, dclass, you - * need to also hold the zones_tree lock to change them (or to - * delete this zone) */ - lock_rw_type lock; - - /** how to process zone */ - enum localzone_type type; - /** tag bitlist */ - uint8_t* taglist; - /** length of the taglist (in bytes) */ - size_t taglen; - /** netblock addr_tree with struct local_zone_override information - * or NULL if there are no override elements */ - struct rbtree_type* override_tree; - - /** in this region the zone's data is allocated. - * the struct local_zone itself is malloced. */ - struct regional* region; - /** local data for this zone - * rbtree of struct local_data */ - rbtree_type data; - /** if data contains zone apex SOA data, this is a ptr to it. */ - struct ub_packed_rrset_key* soa; -}; - -/** - * Local data. One domain name, and the RRs to go with it. - */ -struct local_data { - /** rbtree node, key is name only */ - rbnode_type node; - /** domain name */ - uint8_t* name; - /** length of name */ - size_t namelen; - /** number of labels in name */ - int namelabs; - /** the data rrsets, with different types, linked list. - * If this list is NULL, the node is an empty non-terminal. */ - struct local_rrset* rrsets; -}; - -/** - * A local data RRset - */ -struct local_rrset { - /** next in list */ - struct local_rrset* next; - /** RRset data item */ - struct ub_packed_rrset_key* rrset; -}; - -/** - * Local zone override information - */ -struct local_zone_override { - /** node in addrtree */ - struct addr_tree_node node; - /** override for local zone type */ - enum localzone_type type; -}; - -/** - * Create local zones storage - * @return new struct or NULL on error. - */ -struct local_zones* local_zones_create(void); - -/** - * Delete local zones storage - * @param zones: to delete. - */ -void local_zones_delete(struct local_zones* zones); - -/** - * Apply config settings; setup the local authoritative data. - * Takes care of locking. - * @param zones: is set up. - * @param cfg: config data. - * @return false on error. - */ -int local_zones_apply_cfg(struct local_zones* zones, struct config_file* cfg); - -/** - * Compare two local_zone entries in rbtree. Sort hierarchical but not - * canonical - * @param z1: zone 1 - * @param z2: zone 2 - * @return: -1, 0, +1 comparison value. - */ -int local_zone_cmp(const void* z1, const void* z2); - -/** - * Compare two local_data entries in rbtree. Sort canonical. - * @param d1: data 1 - * @param d2: data 2 - * @return: -1, 0, +1 comparison value. - */ -int local_data_cmp(const void* d1, const void* d2); - -/** - * Delete one zone - * @param z: to delete. - */ -void local_zone_delete(struct local_zone* z); - -/** - * Lookup zone that contains the given name, class and taglist. - * User must lock the tree or result zone. - * @param zones: the zones tree - * @param name: dname to lookup - * @param len: length of name. - * @param labs: labelcount of name. - * @param dclass: class to lookup. - * @param taglist: taglist to lookup. - * @param taglen: lenth of taglist. - * @param ignoretags: lookup zone by name and class, regardless the - * local-zone's tags. - * @return closest local_zone or NULL if no covering zone is found. - */ -struct local_zone* local_zones_tags_lookup(struct local_zones* zones, - uint8_t* name, size_t len, int labs, uint16_t dclass, - uint8_t* taglist, size_t taglen, int ignoretags); - -/** - * Lookup zone that contains the given name, class. - * User must lock the tree or result zone. - * @param zones: the zones tree - * @param name: dname to lookup - * @param len: length of name. - * @param labs: labelcount of name. - * @param dclass: class to lookup. - * @return closest local_zone or NULL if no covering zone is found. - */ -struct local_zone* local_zones_lookup(struct local_zones* zones, - uint8_t* name, size_t len, int labs, uint16_t dclass); - -/** - * Debug helper. Print all zones - * Takes care of locking. - * @param zones: the zones tree - */ -void local_zones_print(struct local_zones* zones); - -/** - * Answer authoritatively for local zones. - * Takes care of locking. - * @param zones: the stored zones (shared, read only). - * @param env: the module environment. - * @param qinfo: query info (parsed). - * @param edns: edns info (parsed). - * @param buf: buffer with query ID and flags, also for reply. - * @param temp: temporary storage region. - * @param repinfo: source address for checks. may be NULL. - * @param taglist: taglist for checks. May be NULL. - * @param taglen: length of the taglist. - * @param tagactions: local zone actions for tags. May be NULL. - * @param tagactionssize: length of the tagactions. - * @param tag_datas: array per tag of strlist with rdata strings. or NULL. - * @param tag_datas_size: size of tag_datas array. - * @param tagname: array of tag name strings (for debug output). - * @param num_tags: number of items in tagname array. - * @param view: answer using this view. May be NULL. - * @return true if answer is in buffer. false if query is not answered - * by authority data. If the reply should be dropped altogether, the return - * value is true, but the buffer is cleared (empty). - * It can also return true if a non-exact alias answer is found. In this - * case qinfo->local_alias points to the corresponding alias RRset but the - * answer is NOT encoded in buffer. It's the caller's responsibility to - * complete the alias chain (if needed) and encode the final set of answer. - * Data pointed to by qinfo->local_alias is allocated in 'temp' or refers to - * configuration data. So the caller will need to make a deep copy of it - * if it needs to keep it beyond the lifetime of 'temp' or a dynamic update - * to local zone data. - */ -int local_zones_answer(struct local_zones* zones, struct module_env* env, - struct query_info* qinfo, struct edns_data* edns, struct sldns_buffer* buf, - struct regional* temp, struct comm_reply* repinfo, uint8_t* taglist, - size_t taglen, uint8_t* tagactions, size_t tagactionssize, - struct config_strlist** tag_datas, size_t tag_datas_size, - char** tagname, int num_tags, struct view* view); - -/** - * Parse the string into localzone type. - * - * @param str: string to parse - * @param t: local zone type returned here. - * @return 0 on parse error. - */ -int local_zone_str2type(const char* str, enum localzone_type* t); - -/** - * Print localzone type to a string. Pointer to a constant string. - * - * @param t: local zone type. - * @return constant string that describes type. - */ -const char* local_zone_type2str(enum localzone_type t); - -/** - * Find zone that with exactly given name, class. - * User must lock the tree or result zone. - * @param zones: the zones tree - * @param name: dname to lookup - * @param len: length of name. - * @param labs: labelcount of name. - * @param dclass: class to lookup. - * @return the exact local_zone or NULL. - */ -struct local_zone* local_zones_find(struct local_zones* zones, - uint8_t* name, size_t len, int labs, uint16_t dclass); - -/** - * Add a new zone. Caller must hold the zones lock. - * Adjusts the other zones as well (parent pointers) after insertion. - * The zone must NOT exist (returns NULL and logs error). - * @param zones: the zones tree - * @param name: dname to add - * @param len: length of name. - * @param labs: labelcount of name. - * @param dclass: class to add. - * @param tp: type. - * @return local_zone or NULL on error, caller must printout memory error. - */ -struct local_zone* local_zones_add_zone(struct local_zones* zones, - uint8_t* name, size_t len, int labs, uint16_t dclass, - enum localzone_type tp); - -/** - * Delete a zone. Caller must hold the zones lock. - * Adjusts the other zones as well (parent pointers) after insertion. - * @param zones: the zones tree - * @param zone: the zone to delete from tree. Also deletes zone from memory. - */ -void local_zones_del_zone(struct local_zones* zones, struct local_zone* zone); - -/** - * Add RR data into the localzone data. - * Looks up the zone, if no covering zone, a transparent zone with the - * name of the RR is created. - * @param zones: the zones tree. Not locked by caller. - * @param rr: string with on RR. - * @return false on failure. - */ -int local_zones_add_RR(struct local_zones* zones, const char* rr); - -/** - * Remove data from domain name in the tree. - * All types are removed. No effect if zone or name does not exist. - * @param zones: zones tree. - * @param name: dname to remove - * @param len: length of name. - * @param labs: labelcount of name. - * @param dclass: class to remove. - */ -void local_zones_del_data(struct local_zones* zones, - uint8_t* name, size_t len, int labs, uint16_t dclass); - - -/** - * Form wireformat from text format domain name. - * @param str: the domain name in text "www.example.com" - * @param res: resulting wireformat is stored here with malloc. - * @param len: length of resulting wireformat. - * @param labs: number of labels in resulting wireformat. - * @return false on error, syntax or memory. Also logged. - */ -int parse_dname(const char* str, uint8_t** res, size_t* len, int* labs); - -/** - * Find local data tag string match for the given type (in qinfo) in the list. - * If found, 'r' will be filled with corresponding rrset information. - * @param qinfo: contains name, type, and class for the data - * @param list: stores local tag data to be searched - * @param r: rrset key to be filled for matched data - * @param temp: region to allocate rrset in 'r' - * @return 1 if a match is found and rrset is built; otherwise 0 including - * errors. - */ -int local_data_find_tag_datas(const struct query_info* qinfo, - struct config_strlist* list, struct ub_packed_rrset_key* r, - struct regional* temp); - -/** - * See if two sets of tag lists (in the form of bitmap) have the same tag that - * has an action. If so, '*tag' will be set to the found tag index, and the - * corresponding action will be returned in the form of local zone type. - * Otherwise the passed type (lzt) will be returned as the default action. - * Pointers except tagactions must not be NULL. - * @param taglist: 1st list of tags - * @param taglen: size of taglist in bytes - * @param taglist2: 2nd list of tags - * @param taglen2: size of taglist2 in bytes - * @param tagactions: local data actions for tags. May be NULL. - * @param tagactionssize: length of the tagactions. - * @param lzt: default action (local zone type) if no tag action is found. - * @param tag: see above. - * @param tagname: array of tag name strings (for debug output). - * @param num_tags: number of items in tagname array. - * @return found tag action or the default action. - */ -enum localzone_type local_data_find_tag_action(const uint8_t* taglist, - size_t taglen, const uint8_t* taglist2, size_t taglen2, - const uint8_t* tagactions, size_t tagactionssize, - enum localzone_type lzt, int* tag, char* const* tagname, int num_tags); - -/** - * Parses resource record string into wire format, also returning its field values. - * @param str: input resource record - * @param nm: domain name field - * @param type: record type field - * @param dclass: record class field - * @param ttl: ttl field - * @param rr: buffer for the parsed rr in wire format - * @param len: buffer length - * @param rdata: rdata field - * @param rdata_len: rdata field length - * @return 1 on success; 0 otherwise. - */ -int rrstr_get_rr_content(const char* str, uint8_t** nm, uint16_t* type, - uint16_t* dclass, time_t* ttl, uint8_t* rr, size_t len, - uint8_t** rdata, size_t* rdata_len); - -/** - * Insert specified rdata into the specified resource record. - * @param region: allocator - * @param pd: data portion of the destination resource record - * @param rdata: source rdata - * @param rdata_len: source rdata length - * @param ttl: time to live - * @param rrstr: resource record in text form (for logging) - * @return 1 on success; 0 otherwise. - */ -int rrset_insert_rr(struct regional* region, struct packed_rrset_data* pd, - uint8_t* rdata, size_t rdata_len, time_t ttl, const char* rrstr); - -/** - * Valid response ip actions for the IP-response-driven-action feature; - * defined here instead of in the respip module to enable sharing of enum - * values with the localzone_type enum. - * Note that these values except 'none' are the same as localzone types of - * the 'same semantics'. It's intentional as we use these values via - * access-control-tags, which can be shared for both response ip actions and - * local zones. - */ -enum respip_action { - /** no respip action */ - respip_none = local_zone_unset, - /** don't answer */ - respip_deny = local_zone_deny, - /** redirect as per provided data */ - respip_redirect = local_zone_redirect, - /** log query source and answer query */ - respip_inform = local_zone_inform, - /** log query source and don't answer query */ - respip_inform_deny = local_zone_inform_deny, - /** resolve normally, even when there is response-ip data */ - respip_always_transparent = local_zone_always_transparent, - /** answer with 'refused' response */ - respip_always_refuse = local_zone_always_refuse, - /** answer with 'no such domain' response */ - respip_always_nxdomain = local_zone_always_nxdomain, - - /* The rest of the values are only possible as - * access-control-tag-action */ - - /** serves response data (if any), else, drops queries. */ - respip_refuse = local_zone_refuse, - /** serves response data, else, nodata answer. */ - respip_static = local_zone_static, - /** gives response data (if any), else nodata answer. */ - respip_transparent = local_zone_transparent, - /** gives response data (if any), else nodata answer. */ - respip_typetransparent = local_zone_typetransparent, -}; - -#endif /* SERVICES_LOCALZONE_H */ diff --git a/external/unbound/services/mesh.c b/external/unbound/services/mesh.c deleted file mode 100644 index 0cb134ade..000000000 --- a/external/unbound/services/mesh.c +++ /dev/null @@ -1,1502 +0,0 @@ -/* - * services/mesh.c - deal with mesh of query states and handle events for that. - * - * Copyright (c) 2007, NLnet Labs. All rights reserved. - * - * This software is open source. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * Redistributions of source code must retain the above copyright notice, - * this list of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, - * this list of conditions and the following disclaimer in the documentation - * and/or other materials provided with the distribution. - * - * Neither the name of the NLNET LABS nor the names of its contributors may - * be used to endorse or promote products derived from this software without - * specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR - * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT - * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED - * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR - * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF - * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING - * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -/** - * \file - * - * This file contains functions to assist in dealing with a mesh of - * query states. This mesh is supposed to be thread-specific. - * It consists of query states (per qname, qtype, qclass) and connections - * between query states and the super and subquery states, and replies to - * send back to clients. - */ -#include "config.h" -#include "services/mesh.h" -#include "services/outbound_list.h" -#include "services/cache/dns.h" -#include "util/log.h" -#include "util/net_help.h" -#include "util/module.h" -#include "util/regional.h" -#include "util/data/msgencode.h" -#include "util/timehist.h" -#include "util/fptr_wlist.h" -#include "util/alloc.h" -#include "util/config_file.h" -#include "sldns/sbuffer.h" -#include "sldns/wire2str.h" -#include "services/localzone.h" -#include "util/data/dname.h" -#include "respip/respip.h" - -/** subtract timers and the values do not overflow or become negative */ -static void -timeval_subtract(struct timeval* d, const struct timeval* end, const struct timeval* start) -{ -#ifndef S_SPLINT_S - time_t end_usec = end->tv_usec; - d->tv_sec = end->tv_sec - start->tv_sec; - if(end_usec < start->tv_usec) { - end_usec += 1000000; - d->tv_sec--; - } - d->tv_usec = end_usec - start->tv_usec; -#endif -} - -/** add timers and the values do not overflow or become negative */ -static void -timeval_add(struct timeval* d, const struct timeval* add) -{ -#ifndef S_SPLINT_S - d->tv_sec += add->tv_sec; - d->tv_usec += add->tv_usec; - if(d->tv_usec > 1000000 ) { - d->tv_usec -= 1000000; - d->tv_sec++; - } -#endif -} - -/** divide sum of timers to get average */ -static void -timeval_divide(struct timeval* avg, const struct timeval* sum, size_t d) -{ -#ifndef S_SPLINT_S - size_t leftover; - if(d == 0) { - avg->tv_sec = 0; - avg->tv_usec = 0; - return; - } - avg->tv_sec = sum->tv_sec / d; - avg->tv_usec = sum->tv_usec / d; - /* handle fraction from seconds divide */ - leftover = sum->tv_sec - avg->tv_sec*d; - avg->tv_usec += (leftover*1000000)/d; -#endif -} - -/** histogram compare of time values */ -static int -timeval_smaller(const struct timeval* x, const struct timeval* y) -{ -#ifndef S_SPLINT_S - if(x->tv_sec < y->tv_sec) - return 1; - else if(x->tv_sec == y->tv_sec) { - if(x->tv_usec <= y->tv_usec) - return 1; - else return 0; - } - else return 0; -#endif -} - -/* - * Compare two response-ip client info entries for the purpose of mesh state - * compare. It returns 0 if ci_a and ci_b are considered equal; otherwise - * 1 or -1 (they mean 'ci_a is larger/smaller than ci_b', respectively, but - * in practice it should be only used to mean they are different). - * We cannot share the mesh state for two queries if different response-ip - * actions can apply in the end, even if those queries are otherwise identical. - * For this purpose we compare tag lists and tag action lists; they should be - * identical to share the same state. - * For tag data, we don't look into the data content, as it can be - * expensive; unless tag data are not defined for both or they point to the - * exact same data in memory (i.e., they come from the same ACL entry), we - * consider these data different. - * Likewise, if the client info is associated with views, we don't look into - * the views. They are considered different unless they are exactly the same - * even if the views only differ in the names. - */ -static int -client_info_compare(const struct respip_client_info* ci_a, - const struct respip_client_info* ci_b) -{ - int cmp; - - if(!ci_a && !ci_b) - return 0; - if(ci_a && !ci_b) - return -1; - if(!ci_a && ci_b) - return 1; - if(ci_a->taglen != ci_b->taglen) - return (ci_a->taglen < ci_b->taglen) ? -1 : 1; - cmp = memcmp(ci_a->taglist, ci_b->taglist, ci_a->taglen); - if(cmp != 0) - return cmp; - if(ci_a->tag_actions_size != ci_b->tag_actions_size) - return (ci_a->tag_actions_size < ci_b->tag_actions_size) ? - -1 : 1; - cmp = memcmp(ci_a->tag_actions, ci_b->tag_actions, - ci_a->tag_actions_size); - if(cmp != 0) - return cmp; - if(ci_a->tag_datas != ci_b->tag_datas) - return ci_a->tag_datas < ci_b->tag_datas ? -1 : 1; - if(ci_a->view != ci_b->view) - return ci_a->view < ci_b->view ? -1 : 1; - /* For the unbound daemon these should be non-NULL and identical, - * but we check that just in case. */ - if(ci_a->respip_set != ci_b->respip_set) - return ci_a->respip_set < ci_b->respip_set ? -1 : 1; - return 0; -} - -int -mesh_state_compare(const void* ap, const void* bp) -{ - struct mesh_state* a = (struct mesh_state*)ap; - struct mesh_state* b = (struct mesh_state*)bp; - int cmp; - - if(a->unique < b->unique) - return -1; - if(a->unique > b->unique) - return 1; - - if(a->s.is_priming && !b->s.is_priming) - return -1; - if(!a->s.is_priming && b->s.is_priming) - return 1; - - if(a->s.is_valrec && !b->s.is_valrec) - return -1; - if(!a->s.is_valrec && b->s.is_valrec) - return 1; - - if((a->s.query_flags&BIT_RD) && !(b->s.query_flags&BIT_RD)) - return -1; - if(!(a->s.query_flags&BIT_RD) && (b->s.query_flags&BIT_RD)) - return 1; - - if((a->s.query_flags&BIT_CD) && !(b->s.query_flags&BIT_CD)) - return -1; - if(!(a->s.query_flags&BIT_CD) && (b->s.query_flags&BIT_CD)) - return 1; - - cmp = query_info_compare(&a->s.qinfo, &b->s.qinfo); - if(cmp != 0) - return cmp; - return client_info_compare(a->s.client_info, b->s.client_info); -} - -int -mesh_state_ref_compare(const void* ap, const void* bp) -{ - struct mesh_state_ref* a = (struct mesh_state_ref*)ap; - struct mesh_state_ref* b = (struct mesh_state_ref*)bp; - return mesh_state_compare(a->s, b->s); -} - -struct mesh_area* -mesh_create(struct module_stack* stack, struct module_env* env) -{ - struct mesh_area* mesh = calloc(1, sizeof(struct mesh_area)); - if(!mesh) { - log_err("mesh area alloc: out of memory"); - return NULL; - } - mesh->histogram = timehist_setup(); - mesh->qbuf_bak = sldns_buffer_new(env->cfg->msg_buffer_size); - if(!mesh->histogram || !mesh->qbuf_bak) { - free(mesh); - log_err("mesh area alloc: out of memory"); - return NULL; - } - mesh->mods = *stack; - mesh->env = env; - rbtree_init(&mesh->run, &mesh_state_compare); - rbtree_init(&mesh->all, &mesh_state_compare); - mesh->num_reply_addrs = 0; - mesh->num_reply_states = 0; - mesh->num_detached_states = 0; - mesh->num_forever_states = 0; - mesh->stats_jostled = 0; - mesh->stats_dropped = 0; - mesh->max_reply_states = env->cfg->num_queries_per_thread; - mesh->max_forever_states = (mesh->max_reply_states+1)/2; -#ifndef S_SPLINT_S - mesh->jostle_max.tv_sec = (time_t)(env->cfg->jostle_time / 1000); - mesh->jostle_max.tv_usec = (time_t)((env->cfg->jostle_time % 1000) - *1000); -#endif - return mesh; -} - -/** help mesh delete delete mesh states */ -static void -mesh_delete_helper(rbnode_type* n) -{ - struct mesh_state* mstate = (struct mesh_state*)n->key; - /* perform a full delete, not only 'cleanup' routine, - * because other callbacks expect a clean state in the mesh. - * For 're-entrant' calls */ - mesh_state_delete(&mstate->s); - /* but because these delete the items from the tree, postorder - * traversal and rbtree rebalancing do not work together */ -} - -void -mesh_delete(struct mesh_area* mesh) -{ - if(!mesh) - return; - /* free all query states */ - while(mesh->all.count) - mesh_delete_helper(mesh->all.root); - timehist_delete(mesh->histogram); - sldns_buffer_free(mesh->qbuf_bak); - free(mesh); -} - -void -mesh_delete_all(struct mesh_area* mesh) -{ - /* free all query states */ - while(mesh->all.count) - mesh_delete_helper(mesh->all.root); - mesh->stats_dropped += mesh->num_reply_addrs; - /* clear mesh area references */ - rbtree_init(&mesh->run, &mesh_state_compare); - rbtree_init(&mesh->all, &mesh_state_compare); - mesh->num_reply_addrs = 0; - mesh->num_reply_states = 0; - mesh->num_detached_states = 0; - mesh->num_forever_states = 0; - mesh->forever_first = NULL; - mesh->forever_last = NULL; - mesh->jostle_first = NULL; - mesh->jostle_last = NULL; -} - -int mesh_make_new_space(struct mesh_area* mesh, sldns_buffer* qbuf) -{ - struct mesh_state* m = mesh->jostle_first; - /* free space is available */ - if(mesh->num_reply_states < mesh->max_reply_states) - return 1; - /* try to kick out a jostle-list item */ - if(m && m->reply_list && m->list_select == mesh_jostle_list) { - /* how old is it? */ - struct timeval age; - timeval_subtract(&age, mesh->env->now_tv, - &m->reply_list->start_time); - if(timeval_smaller(&mesh->jostle_max, &age)) { - /* its a goner */ - log_nametypeclass(VERB_ALGO, "query jostled out to " - "make space for a new one", - m->s.qinfo.qname, m->s.qinfo.qtype, - m->s.qinfo.qclass); - /* backup the query */ - if(qbuf) sldns_buffer_copy(mesh->qbuf_bak, qbuf); - /* notify supers */ - if(m->super_set.count > 0) { - verbose(VERB_ALGO, "notify supers of failure"); - m->s.return_msg = NULL; - m->s.return_rcode = LDNS_RCODE_SERVFAIL; - mesh_walk_supers(mesh, m); - } - mesh->stats_jostled ++; - mesh_state_delete(&m->s); - /* restore the query - note that the qinfo ptr to - * the querybuffer is then correct again. */ - if(qbuf) sldns_buffer_copy(qbuf, mesh->qbuf_bak); - return 1; - } - } - /* no space for new item */ - return 0; -} - -void mesh_new_client(struct mesh_area* mesh, struct query_info* qinfo, - struct respip_client_info* cinfo, uint16_t qflags, - struct edns_data* edns, struct comm_reply* rep, uint16_t qid) -{ - struct mesh_state* s = NULL; - int unique = unique_mesh_state(edns->opt_list, mesh->env); - int was_detached = 0; - int was_noreply = 0; - int added = 0; - if(!unique) - s = mesh_area_find(mesh, cinfo, qinfo, qflags&(BIT_RD|BIT_CD), 0, 0); - /* does this create a new reply state? */ - if(!s || s->list_select == mesh_no_list) { - if(!mesh_make_new_space(mesh, rep->c->buffer)) { - verbose(VERB_ALGO, "Too many queries. dropping " - "incoming query."); - comm_point_drop_reply(rep); - mesh->stats_dropped ++; - return; - } - /* for this new reply state, the reply address is free, - * so the limit of reply addresses does not stop reply states*/ - } else { - /* protect our memory usage from storing reply addresses */ - if(mesh->num_reply_addrs > mesh->max_reply_states*16) { - verbose(VERB_ALGO, "Too many requests queued. " - "dropping incoming query."); - mesh->stats_dropped++; - comm_point_drop_reply(rep); - return; - } - } - /* see if it already exists, if not, create one */ - if(!s) { -#ifdef UNBOUND_DEBUG - struct rbnode_type* n; -#endif - s = mesh_state_create(mesh->env, qinfo, cinfo, - qflags&(BIT_RD|BIT_CD), 0, 0); - if(!s) { - log_err("mesh_state_create: out of memory; SERVFAIL"); - if(!inplace_cb_reply_servfail_call(mesh->env, qinfo, NULL, NULL, - LDNS_RCODE_SERVFAIL, edns, mesh->env->scratch)) - edns->opt_list = NULL; - error_encode(rep->c->buffer, LDNS_RCODE_SERVFAIL, - qinfo, qid, qflags, edns); - comm_point_send_reply(rep); - return; - } - if(unique) - mesh_state_make_unique(s); - /* copy the edns options we got from the front */ - if(edns->opt_list) { - s->s.edns_opts_front_in = edns_opt_copy_region(edns->opt_list, - s->s.region); - if(!s->s.edns_opts_front_in) { - log_err("mesh_state_create: out of memory; SERVFAIL"); - if(!inplace_cb_reply_servfail_call(mesh->env, qinfo, NULL, - NULL, LDNS_RCODE_SERVFAIL, edns, mesh->env->scratch)) - edns->opt_list = NULL; - error_encode(rep->c->buffer, LDNS_RCODE_SERVFAIL, - qinfo, qid, qflags, edns); - comm_point_send_reply(rep); - return; - } - } - -#ifdef UNBOUND_DEBUG - n = -#else - (void) -#endif - rbtree_insert(&mesh->all, &s->node); - log_assert(n != NULL); - /* set detached (it is now) */ - mesh->num_detached_states++; - added = 1; - } - if(!s->reply_list && !s->cb_list && s->super_set.count == 0) - was_detached = 1; - if(!s->reply_list && !s->cb_list) - was_noreply = 1; - /* add reply to s */ - if(!mesh_state_add_reply(s, edns, rep, qid, qflags, qinfo)) { - log_err("mesh_new_client: out of memory; SERVFAIL"); - if(!inplace_cb_reply_servfail_call(mesh->env, qinfo, &s->s, - NULL, LDNS_RCODE_SERVFAIL, edns, mesh->env->scratch)) - edns->opt_list = NULL; - error_encode(rep->c->buffer, LDNS_RCODE_SERVFAIL, - qinfo, qid, qflags, edns); - comm_point_send_reply(rep); - if(added) - mesh_state_delete(&s->s); - return; - } - /* update statistics */ - if(was_detached) { - log_assert(mesh->num_detached_states > 0); - mesh->num_detached_states--; - } - if(was_noreply) { - mesh->num_reply_states ++; - } - mesh->num_reply_addrs++; - if(s->list_select == mesh_no_list) { - /* move to either the forever or the jostle_list */ - if(mesh->num_forever_states < mesh->max_forever_states) { - mesh->num_forever_states ++; - mesh_list_insert(s, &mesh->forever_first, - &mesh->forever_last); - s->list_select = mesh_forever_list; - } else { - mesh_list_insert(s, &mesh->jostle_first, - &mesh->jostle_last); - s->list_select = mesh_jostle_list; - } - } - if(added) - mesh_run(mesh, s, module_event_new, NULL); -} - -int -mesh_new_callback(struct mesh_area* mesh, struct query_info* qinfo, - uint16_t qflags, struct edns_data* edns, sldns_buffer* buf, - uint16_t qid, mesh_cb_func_type cb, void* cb_arg) -{ - struct mesh_state* s = NULL; - int unique = unique_mesh_state(edns->opt_list, mesh->env); - int was_detached = 0; - int was_noreply = 0; - int added = 0; - if(!unique) - s = mesh_area_find(mesh, NULL, qinfo, qflags&(BIT_RD|BIT_CD), 0, 0); - - /* there are no limits on the number of callbacks */ - - /* see if it already exists, if not, create one */ - if(!s) { -#ifdef UNBOUND_DEBUG - struct rbnode_type* n; -#endif - s = mesh_state_create(mesh->env, qinfo, NULL, - qflags&(BIT_RD|BIT_CD), 0, 0); - if(!s) { - return 0; - } - if(unique) - mesh_state_make_unique(s); - if(edns->opt_list) { - s->s.edns_opts_front_in = edns_opt_copy_region(edns->opt_list, - s->s.region); - if(!s->s.edns_opts_front_in) { - return 0; - } - } -#ifdef UNBOUND_DEBUG - n = -#else - (void) -#endif - rbtree_insert(&mesh->all, &s->node); - log_assert(n != NULL); - /* set detached (it is now) */ - mesh->num_detached_states++; - added = 1; - } - if(!s->reply_list && !s->cb_list && s->super_set.count == 0) - was_detached = 1; - if(!s->reply_list && !s->cb_list) - was_noreply = 1; - /* add reply to s */ - if(!mesh_state_add_cb(s, edns, buf, cb, cb_arg, qid, qflags)) { - if(added) - mesh_state_delete(&s->s); - return 0; - } - /* update statistics */ - if(was_detached) { - log_assert(mesh->num_detached_states > 0); - mesh->num_detached_states--; - } - if(was_noreply) { - mesh->num_reply_states ++; - } - mesh->num_reply_addrs++; - if(added) - mesh_run(mesh, s, module_event_new, NULL); - return 1; -} - -void mesh_new_prefetch(struct mesh_area* mesh, struct query_info* qinfo, - uint16_t qflags, time_t leeway) -{ - struct mesh_state* s = mesh_area_find(mesh, NULL, qinfo, - qflags&(BIT_RD|BIT_CD), 0, 0); -#ifdef UNBOUND_DEBUG - struct rbnode_type* n; -#endif - /* already exists, and for a different purpose perhaps. - * if mesh_no_list, keep it that way. */ - if(s) { - /* make it ignore the cache from now on */ - if(!s->s.blacklist) - sock_list_insert(&s->s.blacklist, NULL, 0, s->s.region); - if(s->s.prefetch_leeway < leeway) - s->s.prefetch_leeway = leeway; - return; - } - if(!mesh_make_new_space(mesh, NULL)) { - verbose(VERB_ALGO, "Too many queries. dropped prefetch."); - mesh->stats_dropped ++; - return; - } - - s = mesh_state_create(mesh->env, qinfo, NULL, - qflags&(BIT_RD|BIT_CD), 0, 0); - if(!s) { - log_err("prefetch mesh_state_create: out of memory"); - return; - } -#ifdef UNBOUND_DEBUG - n = -#else - (void) -#endif - rbtree_insert(&mesh->all, &s->node); - log_assert(n != NULL); - /* set detached (it is now) */ - mesh->num_detached_states++; - /* make it ignore the cache */ - sock_list_insert(&s->s.blacklist, NULL, 0, s->s.region); - s->s.prefetch_leeway = leeway; - - if(s->list_select == mesh_no_list) { - /* move to either the forever or the jostle_list */ - if(mesh->num_forever_states < mesh->max_forever_states) { - mesh->num_forever_states ++; - mesh_list_insert(s, &mesh->forever_first, - &mesh->forever_last); - s->list_select = mesh_forever_list; - } else { - mesh_list_insert(s, &mesh->jostle_first, - &mesh->jostle_last); - s->list_select = mesh_jostle_list; - } - } - mesh_run(mesh, s, module_event_new, NULL); -} - -void mesh_report_reply(struct mesh_area* mesh, struct outbound_entry* e, - struct comm_reply* reply, int what) -{ - enum module_ev event = module_event_reply; - e->qstate->reply = reply; - if(what != NETEVENT_NOERROR) { - event = module_event_noreply; - if(what == NETEVENT_CAPSFAIL) - event = module_event_capsfail; - } - mesh_run(mesh, e->qstate->mesh_info, event, e); -} - -struct mesh_state* -mesh_state_create(struct module_env* env, struct query_info* qinfo, - struct respip_client_info* cinfo, uint16_t qflags, int prime, - int valrec) -{ - struct regional* region = alloc_reg_obtain(env->alloc); - struct mesh_state* mstate; - int i; - if(!region) - return NULL; - mstate = (struct mesh_state*)regional_alloc(region, - sizeof(struct mesh_state)); - if(!mstate) { - alloc_reg_release(env->alloc, region); - return NULL; - } - memset(mstate, 0, sizeof(*mstate)); - mstate->node = *RBTREE_NULL; - mstate->run_node = *RBTREE_NULL; - mstate->node.key = mstate; - mstate->run_node.key = mstate; - mstate->reply_list = NULL; - mstate->list_select = mesh_no_list; - mstate->replies_sent = 0; - rbtree_init(&mstate->super_set, &mesh_state_ref_compare); - rbtree_init(&mstate->sub_set, &mesh_state_ref_compare); - mstate->num_activated = 0; - mstate->unique = NULL; - /* init module qstate */ - mstate->s.qinfo.qtype = qinfo->qtype; - mstate->s.qinfo.qclass = qinfo->qclass; - mstate->s.qinfo.local_alias = NULL; - mstate->s.qinfo.qname_len = qinfo->qname_len; - mstate->s.qinfo.qname = regional_alloc_init(region, qinfo->qname, - qinfo->qname_len); - if(!mstate->s.qinfo.qname) { - alloc_reg_release(env->alloc, region); - return NULL; - } - if(cinfo) { - mstate->s.client_info = regional_alloc_init(region, cinfo, - sizeof(*cinfo)); - if(!mstate->s.client_info) { - alloc_reg_release(env->alloc, region); - return NULL; - } - } - /* remove all weird bits from qflags */ - mstate->s.query_flags = (qflags & (BIT_RD|BIT_CD)); - mstate->s.is_priming = prime; - mstate->s.is_valrec = valrec; - mstate->s.reply = NULL; - mstate->s.region = region; - mstate->s.curmod = 0; - mstate->s.return_msg = 0; - mstate->s.return_rcode = LDNS_RCODE_NOERROR; - mstate->s.env = env; - mstate->s.mesh_info = mstate; - mstate->s.prefetch_leeway = 0; - mstate->s.no_cache_lookup = 0; - mstate->s.no_cache_store = 0; - /* init modules */ - for(i=0; imesh->mods.num; i++) { - mstate->s.minfo[i] = NULL; - mstate->s.ext_state[i] = module_state_initial; - } - /* init edns option lists */ - mstate->s.edns_opts_front_in = NULL; - mstate->s.edns_opts_back_out = NULL; - mstate->s.edns_opts_back_in = NULL; - mstate->s.edns_opts_front_out = NULL; - - return mstate; -} - -int -mesh_state_is_unique(struct mesh_state* mstate) -{ - return mstate->unique != NULL; -} - -void -mesh_state_make_unique(struct mesh_state* mstate) -{ - mstate->unique = mstate; -} - -void -mesh_state_cleanup(struct mesh_state* mstate) -{ - struct mesh_area* mesh; - int i; - if(!mstate) - return; - mesh = mstate->s.env->mesh; - /* drop unsent replies */ - if(!mstate->replies_sent) { - struct mesh_reply* rep; - struct mesh_cb* cb; - for(rep=mstate->reply_list; rep; rep=rep->next) { - comm_point_drop_reply(&rep->query_reply); - mesh->num_reply_addrs--; - } - for(cb=mstate->cb_list; cb; cb=cb->next) { - fptr_ok(fptr_whitelist_mesh_cb(cb->cb)); - (*cb->cb)(cb->cb_arg, LDNS_RCODE_SERVFAIL, NULL, - sec_status_unchecked, NULL); - mesh->num_reply_addrs--; - } - } - - /* de-init modules */ - for(i=0; imods.num; i++) { - fptr_ok(fptr_whitelist_mod_clear(mesh->mods.mod[i]->clear)); - (*mesh->mods.mod[i]->clear)(&mstate->s, i); - mstate->s.minfo[i] = NULL; - mstate->s.ext_state[i] = module_finished; - } - alloc_reg_release(mstate->s.env->alloc, mstate->s.region); -} - -void -mesh_state_delete(struct module_qstate* qstate) -{ - struct mesh_area* mesh; - struct mesh_state_ref* super, ref; - struct mesh_state* mstate; - if(!qstate) - return; - mstate = qstate->mesh_info; - mesh = mstate->s.env->mesh; - mesh_detach_subs(&mstate->s); - if(mstate->list_select == mesh_forever_list) { - mesh->num_forever_states --; - mesh_list_remove(mstate, &mesh->forever_first, - &mesh->forever_last); - } else if(mstate->list_select == mesh_jostle_list) { - mesh_list_remove(mstate, &mesh->jostle_first, - &mesh->jostle_last); - } - if(!mstate->reply_list && !mstate->cb_list - && mstate->super_set.count == 0) { - log_assert(mesh->num_detached_states > 0); - mesh->num_detached_states--; - } - if(mstate->reply_list || mstate->cb_list) { - log_assert(mesh->num_reply_states > 0); - mesh->num_reply_states--; - } - ref.node.key = &ref; - ref.s = mstate; - RBTREE_FOR(super, struct mesh_state_ref*, &mstate->super_set) { - (void)rbtree_delete(&super->s->sub_set, &ref); - } - (void)rbtree_delete(&mesh->run, mstate); - (void)rbtree_delete(&mesh->all, mstate); - mesh_state_cleanup(mstate); -} - -/** helper recursive rbtree find routine */ -static int -find_in_subsub(struct mesh_state* m, struct mesh_state* tofind, size_t *c) -{ - struct mesh_state_ref* r; - if((*c)++ > MESH_MAX_SUBSUB) - return 1; - RBTREE_FOR(r, struct mesh_state_ref*, &m->sub_set) { - if(r->s == tofind || find_in_subsub(r->s, tofind, c)) - return 1; - } - return 0; -} - -/** find cycle for already looked up mesh_state */ -static int -mesh_detect_cycle_found(struct module_qstate* qstate, struct mesh_state* dep_m) -{ - struct mesh_state* cyc_m = qstate->mesh_info; - size_t counter = 0; - if(!dep_m) - return 0; - if(dep_m == cyc_m || find_in_subsub(dep_m, cyc_m, &counter)) { - if(counter > MESH_MAX_SUBSUB) - return 2; - return 1; - } - return 0; -} - -void mesh_detach_subs(struct module_qstate* qstate) -{ - struct mesh_area* mesh = qstate->env->mesh; - struct mesh_state_ref* ref, lookup; -#ifdef UNBOUND_DEBUG - struct rbnode_type* n; -#endif - lookup.node.key = &lookup; - lookup.s = qstate->mesh_info; - RBTREE_FOR(ref, struct mesh_state_ref*, &qstate->mesh_info->sub_set) { -#ifdef UNBOUND_DEBUG - n = -#else - (void) -#endif - rbtree_delete(&ref->s->super_set, &lookup); - log_assert(n != NULL); /* must have been present */ - if(!ref->s->reply_list && !ref->s->cb_list - && ref->s->super_set.count == 0) { - mesh->num_detached_states++; - log_assert(mesh->num_detached_states + - mesh->num_reply_states <= mesh->all.count); - } - } - rbtree_init(&qstate->mesh_info->sub_set, &mesh_state_ref_compare); -} - -int mesh_attach_sub(struct module_qstate* qstate, struct query_info* qinfo, - uint16_t qflags, int prime, int valrec, struct module_qstate** newq) -{ - /* find it, if not, create it */ - struct mesh_area* mesh = qstate->env->mesh; - struct mesh_state* sub = mesh_area_find(mesh, NULL, qinfo, qflags, - prime, valrec); - int was_detached; - if(mesh_detect_cycle_found(qstate, sub)) { - verbose(VERB_ALGO, "attach failed, cycle detected"); - return 0; - } - if(!sub) { -#ifdef UNBOUND_DEBUG - struct rbnode_type* n; -#endif - /* create a new one */ - sub = mesh_state_create(qstate->env, qinfo, NULL, qflags, prime, - valrec); - if(!sub) { - log_err("mesh_attach_sub: out of memory"); - return 0; - } -#ifdef UNBOUND_DEBUG - n = -#else - (void) -#endif - rbtree_insert(&mesh->all, &sub->node); - log_assert(n != NULL); - /* set detached (it is now) */ - mesh->num_detached_states++; - /* set new query state to run */ -#ifdef UNBOUND_DEBUG - n = -#else - (void) -#endif - rbtree_insert(&mesh->run, &sub->run_node); - log_assert(n != NULL); - *newq = &sub->s; - } else - *newq = NULL; - was_detached = (sub->super_set.count == 0); - if(!mesh_state_attachment(qstate->mesh_info, sub)) - return 0; - /* if it was a duplicate attachment, the count was not zero before */ - if(!sub->reply_list && !sub->cb_list && was_detached && - sub->super_set.count == 1) { - /* it used to be detached, before this one got added */ - log_assert(mesh->num_detached_states > 0); - mesh->num_detached_states--; - } - /* *newq will be run when inited after the current module stops */ - return 1; -} - -int mesh_state_attachment(struct mesh_state* super, struct mesh_state* sub) -{ -#ifdef UNBOUND_DEBUG - struct rbnode_type* n; -#endif - struct mesh_state_ref* subref; /* points to sub, inserted in super */ - struct mesh_state_ref* superref; /* points to super, inserted in sub */ - if( !(subref = regional_alloc(super->s.region, - sizeof(struct mesh_state_ref))) || - !(superref = regional_alloc(sub->s.region, - sizeof(struct mesh_state_ref))) ) { - log_err("mesh_state_attachment: out of memory"); - return 0; - } - superref->node.key = superref; - superref->s = super; - subref->node.key = subref; - subref->s = sub; - if(!rbtree_insert(&sub->super_set, &superref->node)) { - /* this should not happen, iterator and validator do not - * attach subqueries that are identical. */ - /* already attached, we are done, nothing todo. - * since superref and subref already allocated in region, - * we cannot free them */ - return 1; - } -#ifdef UNBOUND_DEBUG - n = -#else - (void) -#endif - rbtree_insert(&super->sub_set, &subref->node); - log_assert(n != NULL); /* we checked above if statement, the reverse - administration should not fail now, unless they are out of sync */ - return 1; -} - -/** - * callback results to mesh cb entry - * @param m: mesh state to send it for. - * @param rcode: if not 0, error code. - * @param rep: reply to send (or NULL if rcode is set). - * @param r: callback entry - */ -static void -mesh_do_callback(struct mesh_state* m, int rcode, struct reply_info* rep, - struct mesh_cb* r) -{ - int secure; - char* reason = NULL; - /* bogus messages are not made into servfail, sec_status passed - * to the callback function */ - if(rep && rep->security == sec_status_secure) - secure = 1; - else secure = 0; - if(!rep && rcode == LDNS_RCODE_NOERROR) - rcode = LDNS_RCODE_SERVFAIL; - if(!rcode && rep->security == sec_status_bogus) { - if(!(reason = errinf_to_str(&m->s))) - rcode = LDNS_RCODE_SERVFAIL; - } - /* send the reply */ - if(rcode) { - if(rcode == LDNS_RCODE_SERVFAIL) { - if(!inplace_cb_reply_servfail_call(m->s.env, &m->s.qinfo, &m->s, - rep, rcode, &r->edns, m->s.region)) - r->edns.opt_list = NULL; - } else { - if(!inplace_cb_reply_call(m->s.env, &m->s.qinfo, &m->s, rep, rcode, - &r->edns, m->s.region)) - r->edns.opt_list = NULL; - } - fptr_ok(fptr_whitelist_mesh_cb(r->cb)); - (*r->cb)(r->cb_arg, rcode, r->buf, sec_status_unchecked, NULL); - } else { - size_t udp_size = r->edns.udp_size; - sldns_buffer_clear(r->buf); - r->edns.edns_version = EDNS_ADVERTISED_VERSION; - r->edns.udp_size = EDNS_ADVERTISED_SIZE; - r->edns.ext_rcode = 0; - r->edns.bits &= EDNS_DO; - - if(!inplace_cb_reply_call(m->s.env, &m->s.qinfo, &m->s, rep, - LDNS_RCODE_NOERROR, &r->edns, m->s.region) || - !reply_info_answer_encode(&m->s.qinfo, rep, r->qid, - r->qflags, r->buf, 0, 1, - m->s.env->scratch, udp_size, &r->edns, - (int)(r->edns.bits & EDNS_DO), secure)) - { - fptr_ok(fptr_whitelist_mesh_cb(r->cb)); - (*r->cb)(r->cb_arg, LDNS_RCODE_SERVFAIL, r->buf, - sec_status_unchecked, NULL); - } else { - fptr_ok(fptr_whitelist_mesh_cb(r->cb)); - (*r->cb)(r->cb_arg, LDNS_RCODE_NOERROR, r->buf, - rep->security, reason); - } - } - free(reason); - m->s.env->mesh->num_reply_addrs--; -} - -/** - * Send reply to mesh reply entry - * @param m: mesh state to send it for. - * @param rcode: if not 0, error code. - * @param rep: reply to send (or NULL if rcode is set). - * @param r: reply entry - * @param prev: previous reply, already has its answer encoded in buffer. - */ -static void -mesh_send_reply(struct mesh_state* m, int rcode, struct reply_info* rep, - struct mesh_reply* r, struct mesh_reply* prev) -{ - struct timeval end_time; - struct timeval duration; - int secure; - /* Copy the client's EDNS for later restore, to make sure the edns - * compare is with the correct edns options. */ - struct edns_data edns_bak = r->edns; - /* examine security status */ - if(m->s.env->need_to_validate && (!(r->qflags&BIT_CD) || - m->s.env->cfg->ignore_cd) && rep && - rep->security <= sec_status_bogus) { - rcode = LDNS_RCODE_SERVFAIL; - if(m->s.env->cfg->stat_extended) - m->s.env->mesh->ans_bogus++; - } - if(rep && rep->security == sec_status_secure) - secure = 1; - else secure = 0; - if(!rep && rcode == LDNS_RCODE_NOERROR) - rcode = LDNS_RCODE_SERVFAIL; - /* send the reply */ - /* We don't reuse the encoded answer if either the previous or current - * response has a local alias. We could compare the alias records - * and still reuse the previous answer if they are the same, but that - * would be complicated and error prone for the relatively minor case. - * So we err on the side of safety. */ - if(prev && prev->qflags == r->qflags && - !prev->local_alias && !r->local_alias && - prev->edns.edns_present == r->edns.edns_present && - prev->edns.bits == r->edns.bits && - prev->edns.udp_size == r->edns.udp_size && - edns_opt_list_compare(prev->edns.opt_list, r->edns.opt_list) - == 0) { - /* if the previous reply is identical to this one, fix ID */ - if(prev->query_reply.c->buffer != r->query_reply.c->buffer) - sldns_buffer_copy(r->query_reply.c->buffer, - prev->query_reply.c->buffer); - sldns_buffer_write_at(r->query_reply.c->buffer, 0, - &r->qid, sizeof(uint16_t)); - sldns_buffer_write_at(r->query_reply.c->buffer, 12, - r->qname, m->s.qinfo.qname_len); - comm_point_send_reply(&r->query_reply); - } else if(rcode) { - m->s.qinfo.qname = r->qname; - m->s.qinfo.local_alias = r->local_alias; - if(rcode == LDNS_RCODE_SERVFAIL) { - if(!inplace_cb_reply_servfail_call(m->s.env, &m->s.qinfo, &m->s, - rep, rcode, &r->edns, m->s.region)) - r->edns.opt_list = NULL; - } else { - if(!inplace_cb_reply_call(m->s.env, &m->s.qinfo, &m->s, rep, rcode, - &r->edns, m->s.region)) - r->edns.opt_list = NULL; - } - error_encode(r->query_reply.c->buffer, rcode, &m->s.qinfo, - r->qid, r->qflags, &r->edns); - comm_point_send_reply(&r->query_reply); - } else { - size_t udp_size = r->edns.udp_size; - r->edns.edns_version = EDNS_ADVERTISED_VERSION; - r->edns.udp_size = EDNS_ADVERTISED_SIZE; - r->edns.ext_rcode = 0; - r->edns.bits &= EDNS_DO; - m->s.qinfo.qname = r->qname; - m->s.qinfo.local_alias = r->local_alias; - if(!inplace_cb_reply_call(m->s.env, &m->s.qinfo, &m->s, rep, - LDNS_RCODE_NOERROR, &r->edns, m->s.region) || - !reply_info_answer_encode(&m->s.qinfo, rep, r->qid, - r->qflags, r->query_reply.c->buffer, 0, 1, - m->s.env->scratch, udp_size, &r->edns, - (int)(r->edns.bits & EDNS_DO), secure)) - { - if(!inplace_cb_reply_servfail_call(m->s.env, &m->s.qinfo, &m->s, - rep, LDNS_RCODE_SERVFAIL, &r->edns, m->s.region)) - r->edns.opt_list = NULL; - error_encode(r->query_reply.c->buffer, - LDNS_RCODE_SERVFAIL, &m->s.qinfo, r->qid, - r->qflags, &r->edns); - } - r->edns = edns_bak; - comm_point_send_reply(&r->query_reply); - } - /* account */ - m->s.env->mesh->num_reply_addrs--; - end_time = *m->s.env->now_tv; - timeval_subtract(&duration, &end_time, &r->start_time); - verbose(VERB_ALGO, "query took " ARG_LL "d.%6.6d sec", - (long long)duration.tv_sec, (int)duration.tv_usec); - m->s.env->mesh->replies_sent++; - timeval_add(&m->s.env->mesh->replies_sum_wait, &duration); - timehist_insert(m->s.env->mesh->histogram, &duration); - if(m->s.env->cfg->stat_extended) { - uint16_t rc = FLAGS_GET_RCODE(sldns_buffer_read_u16_at(r-> - query_reply.c->buffer, 2)); - if(secure) m->s.env->mesh->ans_secure++; - m->s.env->mesh->ans_rcode[ rc ] ++; - if(rc == 0 && LDNS_ANCOUNT(sldns_buffer_begin(r-> - query_reply.c->buffer)) == 0) - m->s.env->mesh->ans_nodata++; - } - /* Log reply sent */ - if(m->s.env->cfg->log_replies) { - log_reply_info(0, &m->s.qinfo, &r->query_reply.addr, - r->query_reply.addrlen, duration, 0, - r->query_reply.c->buffer); - } -} - -void mesh_query_done(struct mesh_state* mstate) -{ - struct mesh_reply* r; - struct mesh_reply* prev = NULL; - struct mesh_cb* c; - struct reply_info* rep = (mstate->s.return_msg? - mstate->s.return_msg->rep:NULL); - for(r = mstate->reply_list; r; r = r->next) { - /* if a response-ip address block has been stored the - * information should be logged for each client. */ - if(mstate->s.respip_action_info && - mstate->s.respip_action_info->addrinfo) { - respip_inform_print(mstate->s.respip_action_info->addrinfo, - r->qname, mstate->s.qinfo.qtype, - mstate->s.qinfo.qclass, r->local_alias, - &r->query_reply); - } - - /* if this query is determined to be dropped during the - * mesh processing, this is the point to take that action. */ - if(mstate->s.is_drop) - comm_point_drop_reply(&r->query_reply); - else { - mesh_send_reply(mstate, mstate->s.return_rcode, rep, - r, prev); - prev = r; - } - } - mstate->replies_sent = 1; - for(c = mstate->cb_list; c; c = c->next) { - mesh_do_callback(mstate, mstate->s.return_rcode, rep, c); - } -} - -void mesh_walk_supers(struct mesh_area* mesh, struct mesh_state* mstate) -{ - struct mesh_state_ref* ref; - RBTREE_FOR(ref, struct mesh_state_ref*, &mstate->super_set) - { - /* make super runnable */ - (void)rbtree_insert(&mesh->run, &ref->s->run_node); - /* callback the function to inform super of result */ - fptr_ok(fptr_whitelist_mod_inform_super( - mesh->mods.mod[ref->s->s.curmod]->inform_super)); - (*mesh->mods.mod[ref->s->s.curmod]->inform_super)(&mstate->s, - ref->s->s.curmod, &ref->s->s); - } -} - -struct mesh_state* mesh_area_find(struct mesh_area* mesh, - struct respip_client_info* cinfo, struct query_info* qinfo, - uint16_t qflags, int prime, int valrec) -{ - struct mesh_state key; - struct mesh_state* result; - - key.node.key = &key; - key.s.is_priming = prime; - key.s.is_valrec = valrec; - key.s.qinfo = *qinfo; - key.s.query_flags = qflags; - /* We are searching for a similar mesh state when we DO want to - * aggregate the state. Thus unique is set to NULL. (default when we - * desire aggregation).*/ - key.unique = NULL; - key.s.client_info = cinfo; - - result = (struct mesh_state*)rbtree_search(&mesh->all, &key); - return result; -} - -int mesh_state_add_cb(struct mesh_state* s, struct edns_data* edns, - sldns_buffer* buf, mesh_cb_func_type cb, void* cb_arg, - uint16_t qid, uint16_t qflags) -{ - struct mesh_cb* r = regional_alloc(s->s.region, - sizeof(struct mesh_cb)); - if(!r) - return 0; - r->buf = buf; - log_assert(fptr_whitelist_mesh_cb(cb)); /* early failure ifmissing*/ - r->cb = cb; - r->cb_arg = cb_arg; - r->edns = *edns; - if(edns->opt_list) { - r->edns.opt_list = edns_opt_copy_region(edns->opt_list, - s->s.region); - if(!r->edns.opt_list) - return 0; - } - r->qid = qid; - r->qflags = qflags; - r->next = s->cb_list; - s->cb_list = r; - return 1; - -} - -int mesh_state_add_reply(struct mesh_state* s, struct edns_data* edns, - struct comm_reply* rep, uint16_t qid, uint16_t qflags, - const struct query_info* qinfo) -{ - struct mesh_reply* r = regional_alloc(s->s.region, - sizeof(struct mesh_reply)); - if(!r) - return 0; - r->query_reply = *rep; - r->edns = *edns; - if(edns->opt_list) { - r->edns.opt_list = edns_opt_copy_region(edns->opt_list, - s->s.region); - if(!r->edns.opt_list) - return 0; - } - r->qid = qid; - r->qflags = qflags; - r->start_time = *s->s.env->now_tv; - r->next = s->reply_list; - r->qname = regional_alloc_init(s->s.region, qinfo->qname, - s->s.qinfo.qname_len); - if(!r->qname) - return 0; - - /* Data related to local alias stored in 'qinfo' (if any) is ephemeral - * and can be different for different original queries (even if the - * replaced query name is the same). So we need to make a deep copy - * and store the copy for each reply info. */ - if(qinfo->local_alias) { - struct packed_rrset_data* d; - struct packed_rrset_data* dsrc; - r->local_alias = regional_alloc_zero(s->s.region, - sizeof(*qinfo->local_alias)); - if(!r->local_alias) - return 0; - r->local_alias->rrset = regional_alloc_init(s->s.region, - qinfo->local_alias->rrset, - sizeof(*qinfo->local_alias->rrset)); - if(!r->local_alias->rrset) - return 0; - dsrc = qinfo->local_alias->rrset->entry.data; - - /* In the current implementation, a local alias must be - * a single CNAME RR (see worker_handle_request()). */ - log_assert(!qinfo->local_alias->next && dsrc->count == 1 && - qinfo->local_alias->rrset->rk.type == - htons(LDNS_RR_TYPE_CNAME)); - /* Technically, we should make a local copy for the owner - * name of the RRset, but in the case of the first (and - * currently only) local alias RRset, the owner name should - * point to the qname of the corresponding query, which should - * be valid throughout the lifetime of this mesh_reply. So - * we can skip copying. */ - log_assert(qinfo->local_alias->rrset->rk.dname == - sldns_buffer_at(rep->c->buffer, LDNS_HEADER_SIZE)); - - d = regional_alloc_init(s->s.region, dsrc, - sizeof(struct packed_rrset_data) - + sizeof(size_t) + sizeof(uint8_t*) + sizeof(time_t)); - if(!d) - return 0; - r->local_alias->rrset->entry.data = d; - d->rr_len = (size_t*)((uint8_t*)d + - sizeof(struct packed_rrset_data)); - d->rr_data = (uint8_t**)&(d->rr_len[1]); - d->rr_ttl = (time_t*)&(d->rr_data[1]); - d->rr_len[0] = dsrc->rr_len[0]; - d->rr_ttl[0] = dsrc->rr_ttl[0]; - d->rr_data[0] = regional_alloc_init(s->s.region, - dsrc->rr_data[0], d->rr_len[0]); - if(!d->rr_data[0]) - return 0; - } else - r->local_alias = NULL; - - s->reply_list = r; - return 1; -} - -/** - * Continue processing the mesh state at another module. - * Handles module to modules tranfer of control. - * Handles module finished. - * @param mesh: the mesh area. - * @param mstate: currently active mesh state. - * Deleted if finished, calls _done and _supers to - * send replies to clients and inform other mesh states. - * This in turn may create additional runnable mesh states. - * @param s: state at which the current module exited. - * @param ev: the event sent to the module. - * returned is the event to send to the next module. - * @return true if continue processing at the new module. - * false if not continued processing is needed. - */ -static int -mesh_continue(struct mesh_area* mesh, struct mesh_state* mstate, - enum module_ext_state s, enum module_ev* ev) -{ - mstate->num_activated++; - if(mstate->num_activated > MESH_MAX_ACTIVATION) { - /* module is looping. Stop it. */ - log_err("internal error: looping module stopped"); - log_query_info(VERB_QUERY, "pass error for qstate", - &mstate->s.qinfo); - s = module_error; - } - if(s == module_wait_module || s == module_restart_next) { - /* start next module */ - mstate->s.curmod++; - if(mesh->mods.num == mstate->s.curmod) { - log_err("Cannot pass to next module; at last module"); - log_query_info(VERB_QUERY, "pass error for qstate", - &mstate->s.qinfo); - mstate->s.curmod--; - return mesh_continue(mesh, mstate, module_error, ev); - } - if(s == module_restart_next) { - int curmod = mstate->s.curmod; - for(; mstate->s.curmod < mesh->mods.num; - mstate->s.curmod++) { - fptr_ok(fptr_whitelist_mod_clear( - mesh->mods.mod[mstate->s.curmod]->clear)); - (*mesh->mods.mod[mstate->s.curmod]->clear) - (&mstate->s, mstate->s.curmod); - mstate->s.minfo[mstate->s.curmod] = NULL; - } - mstate->s.curmod = curmod; - } - *ev = module_event_pass; - return 1; - } - if(s == module_wait_subquery && mstate->sub_set.count == 0) { - log_err("module cannot wait for subquery, subquery list empty"); - log_query_info(VERB_QUERY, "pass error for qstate", - &mstate->s.qinfo); - s = module_error; - } - if(s == module_error && mstate->s.return_rcode == LDNS_RCODE_NOERROR) { - /* error is bad, handle pass back up below */ - mstate->s.return_rcode = LDNS_RCODE_SERVFAIL; - } - if(s == module_error || s == module_finished) { - if(mstate->s.curmod == 0) { - mesh_query_done(mstate); - mesh_walk_supers(mesh, mstate); - mesh_state_delete(&mstate->s); - return 0; - } - /* pass along the locus of control */ - mstate->s.curmod --; - *ev = module_event_moddone; - return 1; - } - return 0; -} - -void mesh_run(struct mesh_area* mesh, struct mesh_state* mstate, - enum module_ev ev, struct outbound_entry* e) -{ - enum module_ext_state s; - verbose(VERB_ALGO, "mesh_run: start"); - while(mstate) { - /* run the module */ - fptr_ok(fptr_whitelist_mod_operate( - mesh->mods.mod[mstate->s.curmod]->operate)); - (*mesh->mods.mod[mstate->s.curmod]->operate) - (&mstate->s, ev, mstate->s.curmod, e); - - /* examine results */ - mstate->s.reply = NULL; - regional_free_all(mstate->s.env->scratch); - s = mstate->s.ext_state[mstate->s.curmod]; - verbose(VERB_ALGO, "mesh_run: %s module exit state is %s", - mesh->mods.mod[mstate->s.curmod]->name, strextstate(s)); - e = NULL; - if(mesh_continue(mesh, mstate, s, &ev)) - continue; - - /* run more modules */ - ev = module_event_pass; - if(mesh->run.count > 0) { - /* pop random element off the runnable tree */ - mstate = (struct mesh_state*)mesh->run.root->key; - (void)rbtree_delete(&mesh->run, mstate); - } else mstate = NULL; - } - if(verbosity >= VERB_ALGO) { - mesh_stats(mesh, "mesh_run: end"); - mesh_log_list(mesh); - } -} - -void -mesh_log_list(struct mesh_area* mesh) -{ - char buf[30]; - struct mesh_state* m; - int num = 0; - RBTREE_FOR(m, struct mesh_state*, &mesh->all) { - snprintf(buf, sizeof(buf), "%d%s%s%s%s%s%s mod%d %s%s", - num++, (m->s.is_priming)?"p":"", /* prime */ - (m->s.is_valrec)?"v":"", /* prime */ - (m->s.query_flags&BIT_RD)?"RD":"", - (m->s.query_flags&BIT_CD)?"CD":"", - (m->super_set.count==0)?"d":"", /* detached */ - (m->sub_set.count!=0)?"c":"", /* children */ - m->s.curmod, (m->reply_list)?"rep":"", /*hasreply*/ - (m->cb_list)?"cb":"" /* callbacks */ - ); - log_query_info(VERB_ALGO, buf, &m->s.qinfo); - } -} - -void -mesh_stats(struct mesh_area* mesh, const char* str) -{ - verbose(VERB_DETAIL, "%s %u recursion states (%u with reply, " - "%u detached), %u waiting replies, %u recursion replies " - "sent, %d replies dropped, %d states jostled out", - str, (unsigned)mesh->all.count, - (unsigned)mesh->num_reply_states, - (unsigned)mesh->num_detached_states, - (unsigned)mesh->num_reply_addrs, - (unsigned)mesh->replies_sent, - (unsigned)mesh->stats_dropped, - (unsigned)mesh->stats_jostled); - if(mesh->replies_sent > 0) { - struct timeval avg; - timeval_divide(&avg, &mesh->replies_sum_wait, - mesh->replies_sent); - log_info("average recursion processing time " - ARG_LL "d.%6.6d sec", - (long long)avg.tv_sec, (int)avg.tv_usec); - log_info("histogram of recursion processing times"); - timehist_log(mesh->histogram, "recursions"); - } -} - -void -mesh_stats_clear(struct mesh_area* mesh) -{ - if(!mesh) - return; - mesh->replies_sent = 0; - mesh->replies_sum_wait.tv_sec = 0; - mesh->replies_sum_wait.tv_usec = 0; - mesh->stats_jostled = 0; - mesh->stats_dropped = 0; - timehist_clear(mesh->histogram); - mesh->ans_secure = 0; - mesh->ans_bogus = 0; - memset(&mesh->ans_rcode[0], 0, sizeof(size_t)*16); - mesh->ans_nodata = 0; -} - -size_t -mesh_get_mem(struct mesh_area* mesh) -{ - struct mesh_state* m; - size_t s = sizeof(*mesh) + sizeof(struct timehist) + - sizeof(struct th_buck)*mesh->histogram->num + - sizeof(sldns_buffer) + sldns_buffer_capacity(mesh->qbuf_bak); - RBTREE_FOR(m, struct mesh_state*, &mesh->all) { - /* all, including m itself allocated in qstate region */ - s += regional_get_mem(m->s.region); - } - return s; -} - -int -mesh_detect_cycle(struct module_qstate* qstate, struct query_info* qinfo, - uint16_t flags, int prime, int valrec) -{ - struct mesh_area* mesh = qstate->env->mesh; - struct mesh_state* dep_m = NULL; - if(!mesh_state_is_unique(qstate->mesh_info)) - dep_m = mesh_area_find(mesh, NULL, qinfo, flags, prime, valrec); - return mesh_detect_cycle_found(qstate, dep_m); -} - -void mesh_list_insert(struct mesh_state* m, struct mesh_state** fp, - struct mesh_state** lp) -{ - /* insert as last element */ - m->prev = *lp; - m->next = NULL; - if(*lp) - (*lp)->next = m; - else *fp = m; - *lp = m; -} - -void mesh_list_remove(struct mesh_state* m, struct mesh_state** fp, - struct mesh_state** lp) -{ - if(m->next) - m->next->prev = m->prev; - else *lp = m->prev; - if(m->prev) - m->prev->next = m->next; - else *fp = m->next; -} diff --git a/external/unbound/services/mesh.h b/external/unbound/services/mesh.h deleted file mode 100644 index 1c7794532..000000000 --- a/external/unbound/services/mesh.h +++ /dev/null @@ -1,607 +0,0 @@ -/* - * services/mesh.h - deal with mesh of query states and handle events for that. - * - * Copyright (c) 2007, NLnet Labs. All rights reserved. - * - * This software is open source. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * Redistributions of source code must retain the above copyright notice, - * this list of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, - * this list of conditions and the following disclaimer in the documentation - * and/or other materials provided with the distribution. - * - * Neither the name of the NLNET LABS nor the names of its contributors may - * be used to endorse or promote products derived from this software without - * specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR - * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT - * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED - * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR - * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF - * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING - * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -/** - * \file - * - * This file contains functions to assist in dealing with a mesh of - * query states. This mesh is supposed to be thread-specific. - * It consists of query states (per qname, qtype, qclass) and connections - * between query states and the super and subquery states, and replies to - * send back to clients. - */ - -#ifndef SERVICES_MESH_H -#define SERVICES_MESH_H - -#include "util/rbtree.h" -#include "util/netevent.h" -#include "util/data/msgparse.h" -#include "util/module.h" -#include "services/modstack.h" -struct sldns_buffer; -struct mesh_state; -struct mesh_reply; -struct mesh_cb; -struct query_info; -struct reply_info; -struct outbound_entry; -struct timehist; -struct respip_client_info; - -/** - * Maximum number of mesh state activations. Any more is likely an - * infinite loop in the module. It is then terminated. - */ -#define MESH_MAX_ACTIVATION 3000 - -/** - * Max number of references-to-references-to-references.. search size. - * Any more is treated like 'too large', and the creation of a new - * dependency is failed (so that no loops can be created). - */ -#define MESH_MAX_SUBSUB 1024 - -/** - * Mesh of query states - */ -struct mesh_area { - /** active module stack */ - struct module_stack mods; - /** environment for new states */ - struct module_env* env; - - /** set of runnable queries (mesh_state.run_node) */ - rbtree_type run; - /** rbtree of all current queries (mesh_state.node)*/ - rbtree_type all; - - /** count of the total number of mesh_reply entries */ - size_t num_reply_addrs; - /** count of the number of mesh_states that have mesh_replies - * Because a state can send results to multiple reply addresses, - * this number must be equal or lower than num_reply_addrs. */ - size_t num_reply_states; - /** number of mesh_states that have no mesh_replies, and also - * an empty set of super-states, thus are 'toplevel' or detached - * internal opportunistic queries */ - size_t num_detached_states; - /** number of reply states in the forever list */ - size_t num_forever_states; - - /** max total number of reply states to have */ - size_t max_reply_states; - /** max forever number of reply states to have */ - size_t max_forever_states; - - /** stats, cumulative number of reply states jostled out */ - size_t stats_jostled; - /** stats, cumulative number of incoming client msgs dropped */ - size_t stats_dropped; - /** number of replies sent */ - size_t replies_sent; - /** sum of waiting times for the replies */ - struct timeval replies_sum_wait; - /** histogram of time values */ - struct timehist* histogram; - /** (extended stats) secure replies */ - size_t ans_secure; - /** (extended stats) bogus replies */ - size_t ans_bogus; - /** (extended stats) rcodes in replies */ - size_t ans_rcode[16]; - /** (extended stats) rcode nodata in replies */ - size_t ans_nodata; - - /** backup of query if other operations recurse and need the - * network buffers */ - struct sldns_buffer* qbuf_bak; - - /** double linked list of the run-to-completion query states. - * These are query states with a reply */ - struct mesh_state* forever_first; - /** last entry in run forever list */ - struct mesh_state* forever_last; - - /** double linked list of the query states that can be jostled out - * by new queries if too old. These are query states with a reply */ - struct mesh_state* jostle_first; - /** last entry in jostle list - this is the entry that is newest */ - struct mesh_state* jostle_last; - /** timeout for jostling. if age is lower, it does not get jostled. */ - struct timeval jostle_max; -}; - -/** - * A mesh query state - * Unique per qname, qtype, qclass (from the qstate). - * And RD / CD flag; in case a client turns it off. - * And priming queries are different from ordinary queries (because of hints). - * - * The entire structure is allocated in a region, this region is the qstate - * region. All parts (rbtree nodes etc) are also allocated in the region. - */ -struct mesh_state { - /** node in mesh_area all tree, key is this struct. Must be first. */ - rbnode_type node; - /** node in mesh_area runnable tree, key is this struct */ - rbnode_type run_node; - /** the query state. Note that the qinfo and query_flags - * may not change. */ - struct module_qstate s; - /** the list of replies to clients for the results */ - struct mesh_reply* reply_list; - /** the list of callbacks for the results */ - struct mesh_cb* cb_list; - /** set of superstates (that want this state's result) - * contains struct mesh_state_ref* */ - rbtree_type super_set; - /** set of substates (that this state needs to continue) - * contains struct mesh_state_ref* */ - rbtree_type sub_set; - /** number of activations for the mesh state */ - size_t num_activated; - - /** previous in linked list for reply states */ - struct mesh_state* prev; - /** next in linked list for reply states */ - struct mesh_state* next; - /** if this state is in the forever list, jostle list, or neither */ - enum mesh_list_select { mesh_no_list, mesh_forever_list, - mesh_jostle_list } list_select; - /** pointer to this state for uniqueness or NULL */ - struct mesh_state* unique; - - /** true if replies have been sent out (at end for alignment) */ - uint8_t replies_sent; -}; - -/** - * Rbtree reference to a mesh_state. - * Used in super_set and sub_set. - */ -struct mesh_state_ref { - /** node in rbtree for set, key is this structure */ - rbnode_type node; - /** the mesh state */ - struct mesh_state* s; -}; - -/** - * Reply to a client - */ -struct mesh_reply { - /** next in reply list */ - struct mesh_reply* next; - /** the query reply destination, packet buffer and where to send. */ - struct comm_reply query_reply; - /** edns data from query */ - struct edns_data edns; - /** the time when request was entered */ - struct timeval start_time; - /** id of query, in network byteorder. */ - uint16_t qid; - /** flags of query, for reply flags */ - uint16_t qflags; - /** qname from this query. len same as mesh qinfo. */ - uint8_t* qname; - /** same as that in query_info. */ - struct local_rrset* local_alias; -}; - -/** - * Mesh result callback func. - * called as func(cb_arg, rcode, buffer_with_reply, security, why_bogus); - */ -typedef void (*mesh_cb_func_type)(void*, int, struct sldns_buffer*, enum sec_status, - char*); - -/** - * Callback to result routine - */ -struct mesh_cb { - /** next in list */ - struct mesh_cb* next; - /** edns data from query */ - struct edns_data edns; - /** id of query, in network byteorder. */ - uint16_t qid; - /** flags of query, for reply flags */ - uint16_t qflags; - /** buffer for reply */ - struct sldns_buffer* buf; - - /** callback routine for results. if rcode != 0 buf has message. - * called as cb(cb_arg, rcode, buf, sec_state); - */ - mesh_cb_func_type cb; - /** user arg for callback */ - void* cb_arg; -}; - -/* ------------------- Functions for worker -------------------- */ - -/** - * Allocate mesh, to empty. - * @param stack: module stack to activate, copied (as readonly reference). - * @param env: environment for new queries. - * @return mesh: the new mesh or NULL on error. - */ -struct mesh_area* mesh_create(struct module_stack* stack, - struct module_env* env); - -/** - * Delete mesh, and all query states and replies in it. - * @param mesh: the mesh to delete. - */ -void mesh_delete(struct mesh_area* mesh); - -/** - * New query incoming from clients. Create new query state if needed, and - * add mesh_reply to it. Returns error to client on malloc failures. - * Will run the mesh area queries to process if a new query state is created. - * - * @param mesh: the mesh. - * @param qinfo: query from client. - * @param cinfo: additional information associated with the query client. - * 'cinfo' itself is ephemeral but data pointed to by its members - * can be assumed to be valid and unchanged until the query processing is - * completed. - * @param qflags: flags from client query. - * @param edns: edns data from client query. - * @param rep: where to reply to. - * @param qid: query id to reply with. - */ -void mesh_new_client(struct mesh_area* mesh, struct query_info* qinfo, - struct respip_client_info* cinfo, uint16_t qflags, - struct edns_data* edns, struct comm_reply* rep, uint16_t qid); - -/** - * New query with callback. Create new query state if needed, and - * add mesh_cb to it. - * Will run the mesh area queries to process if a new query state is created. - * - * @param mesh: the mesh. - * @param qinfo: query from client. - * @param qflags: flags from client query. - * @param edns: edns data from client query. - * @param buf: buffer for reply contents. - * @param qid: query id to reply with. - * @param cb: callback function. - * @param cb_arg: callback user arg. - * @return 0 on error. - */ -int mesh_new_callback(struct mesh_area* mesh, struct query_info* qinfo, - uint16_t qflags, struct edns_data* edns, struct sldns_buffer* buf, - uint16_t qid, mesh_cb_func_type cb, void* cb_arg); - -/** - * New prefetch message. Create new query state if needed. - * Will run the mesh area queries to process if a new query state is created. - * - * @param mesh: the mesh. - * @param qinfo: query from client. - * @param qflags: flags from client query. - * @param leeway: TTL leeway what to expire earlier for this update. - */ -void mesh_new_prefetch(struct mesh_area* mesh, struct query_info* qinfo, - uint16_t qflags, time_t leeway); - -/** - * Handle new event from the wire. A serviced query has returned. - * The query state will be made runnable, and the mesh_area will process - * query states until processing is complete. - * - * @param mesh: the query mesh. - * @param e: outbound entry, with query state to run and reply pointer. - * @param reply: the comm point reply info. - * @param what: NETEVENT_* error code (if not 0, what is wrong, TIMEOUT). - */ -void mesh_report_reply(struct mesh_area* mesh, struct outbound_entry* e, - struct comm_reply* reply, int what); - -/* ------------------- Functions for module environment --------------- */ - -/** - * Detach-subqueries. - * Remove all sub-query references from this query state. - * Keeps super-references of those sub-queries correct. - * Updates stat items in mesh_area structure. - * @param qstate: used to find mesh state. - */ -void mesh_detach_subs(struct module_qstate* qstate); - -/** - * Attach subquery. - * Creates it if it does not exist already. - * Keeps sub and super references correct. - * Performs a cycle detection - for double check - and fails if there is one. - * Also fails if the sub-sub-references become too large. - * Updates stat items in mesh_area structure. - * Pass if it is priming query or not. - * return: - * o if error (malloc) happened. - * o need to initialise the new state (module init; it is a new state). - * so that the next run of the query with this module is successful. - * o no init needed, attachment successful. - * - * @param qstate: the state to find mesh state, and that wants to receive - * the results from the new subquery. - * @param qinfo: what to query for (copied). - * @param qflags: what flags to use (RD / CD flag or not). - * @param prime: if it is a (stub) priming query. - * @param valrec: if it is a validation recursion query (lookup of key, DS). - * @param newq: If the new subquery needs initialisation, it is returned, - * otherwise NULL is returned. - * @return: false on error, true if success (and init may be needed). - */ -int mesh_attach_sub(struct module_qstate* qstate, struct query_info* qinfo, - uint16_t qflags, int prime, int valrec, struct module_qstate** newq); - -/** - * Query state is done, send messages to reply entries. - * Encode messages using reply entry values and the querystate (with original - * qinfo), using given reply_info. - * Pass errcode != 0 if an error reply is needed. - * If no reply entries, nothing is done. - * Must be called before a module can module_finished or return module_error. - * The module must handle the super query states itself as well. - * - * @param mstate: mesh state that is done. return_rcode and return_msg - * are used for replies. - * return_rcode: if not 0 (NOERROR) an error is sent back (and - * return_msg is ignored). - * return_msg: reply to encode and send back to clients. - */ -void mesh_query_done(struct mesh_state* mstate); - -/** - * Call inform_super for the super query states that are interested in the - * results from this query state. These can then be changed for error - * or results. - * Called when a module is module_finished or returns module_error. - * The super query states become runnable with event module_event_pass, - * it calls the current module for the super with the inform_super event. - * - * @param mesh: mesh area to add newly runnable modules to. - * @param mstate: the state that has results, used to find mesh state. - */ -void mesh_walk_supers(struct mesh_area* mesh, struct mesh_state* mstate); - -/** - * Delete mesh state, cleanup and also rbtrees and so on. - * Will detach from all super/subnodes. - * @param qstate: to remove. - */ -void mesh_state_delete(struct module_qstate* qstate); - -/* ------------------- Functions for mesh -------------------- */ - -/** - * Create and initialize a new mesh state and its query state - * Does not put the mesh state into rbtrees and so on. - * @param env: module environment to set. - * @param qinfo: query info that the mesh is for. - * @param cinfo: control info for the query client (can be NULL). - * @param qflags: flags for query (RD / CD flag). - * @param prime: if true, it is a priming query, set is_priming on mesh state. - * @param valrec: if true, it is a validation recursion query, and sets - * is_valrec on the mesh state. - * @return: new mesh state or NULL on allocation error. - */ -struct mesh_state* mesh_state_create(struct module_env* env, - struct query_info* qinfo, struct respip_client_info* cinfo, - uint16_t qflags, int prime, int valrec); - -/** - * Check if the mesh state is unique. - * A unique mesh state uses it's unique member to point to itself, else NULL. - * @param mstate: mesh state to check. - * @return true if the mesh state is unique, false otherwise. - */ -int mesh_state_is_unique(struct mesh_state* mstate); - -/** - * Make a mesh state unique. - * A unique mesh state uses it's unique member to point to itself. - * @param mstate: mesh state to check. - */ -void mesh_state_make_unique(struct mesh_state* mstate); - -/** - * Cleanup a mesh state and its query state. Does not do rbtree or - * reference cleanup. - * @param mstate: mesh state to cleanup. Its pointer may no longer be used - * afterwards. Cleanup rbtrees before calling this function. - */ -void mesh_state_cleanup(struct mesh_state* mstate); - -/** - * Delete all mesh states from the mesh. - * @param mesh: the mesh area to clear - */ -void mesh_delete_all(struct mesh_area* mesh); - -/** - * Find a mesh state in the mesh area. Pass relevant flags. - * - * @param mesh: the mesh area to look in. - * @param cinfo: if non-NULL client specific info that may affect IP-based - * actions that apply to the query result. - * @param qinfo: what query - * @param qflags: if RD / CD bit is set or not. - * @param prime: if it is a priming query. - * @param valrec: if it is a validation-recursion query. - * @return: mesh state or NULL if not found. - */ -struct mesh_state* mesh_area_find(struct mesh_area* mesh, - struct respip_client_info* cinfo, struct query_info* qinfo, - uint16_t qflags, int prime, int valrec); - -/** - * Setup attachment super/sub relation between super and sub mesh state. - * The relation must not be present when calling the function. - * Does not update stat items in mesh_area. - * @param super: super state. - * @param sub: sub state. - * @return: 0 on alloc error. - */ -int mesh_state_attachment(struct mesh_state* super, struct mesh_state* sub); - -/** - * Create new reply structure and attach it to a mesh state. - * Does not update stat items in mesh area. - * @param s: the mesh state. - * @param edns: edns data for reply (bufsize). - * @param rep: comm point reply info. - * @param qid: ID of reply. - * @param qflags: original query flags. - * @param qinfo: original query info. - * @return: 0 on alloc error. - */ -int mesh_state_add_reply(struct mesh_state* s, struct edns_data* edns, - struct comm_reply* rep, uint16_t qid, uint16_t qflags, - const struct query_info* qinfo); - -/** - * Create new callback structure and attach it to a mesh state. - * Does not update stat items in mesh area. - * @param s: the mesh state. - * @param edns: edns data for reply (bufsize). - * @param buf: buffer for reply - * @param cb: callback to call with results. - * @param cb_arg: callback user arg. - * @param qid: ID of reply. - * @param qflags: original query flags. - * @return: 0 on alloc error. - */ -int mesh_state_add_cb(struct mesh_state* s, struct edns_data* edns, - struct sldns_buffer* buf, mesh_cb_func_type cb, void* cb_arg, - uint16_t qid, uint16_t qflags); - -/** - * Run the mesh. Run all runnable mesh states. Which can create new - * runnable mesh states. Until completion. Automatically called by - * mesh_report_reply and mesh_new_client as needed. - * @param mesh: mesh area. - * @param mstate: first mesh state to run. - * @param ev: event the mstate. Others get event_pass. - * @param e: if a reply, its outbound entry. - */ -void mesh_run(struct mesh_area* mesh, struct mesh_state* mstate, - enum module_ev ev, struct outbound_entry* e); - -/** - * Print some stats about the mesh to the log. - * @param mesh: the mesh to print it for. - * @param str: descriptive string to go with it. - */ -void mesh_stats(struct mesh_area* mesh, const char* str); - -/** - * Clear the stats that the mesh keeps (number of queries serviced) - * @param mesh: the mesh - */ -void mesh_stats_clear(struct mesh_area* mesh); - -/** - * Print all the states in the mesh to the log. - * @param mesh: the mesh to print all states of. - */ -void mesh_log_list(struct mesh_area* mesh); - -/** - * Calculate memory size in use by mesh and all queries inside it. - * @param mesh: the mesh to examine. - * @return size in bytes. - */ -size_t mesh_get_mem(struct mesh_area* mesh); - -/** - * Find cycle; see if the given mesh is in the targets sub, or sub-sub, ... - * trees. - * If the sub-sub structure is too large, it returns 'a cycle'=2. - * @param qstate: given mesh querystate. - * @param qinfo: query info for dependency. - * @param flags: query flags of dependency. - * @param prime: if dependency is a priming query or not. - * @param valrec: if it is a validation recursion query (lookup of key, DS). - * @return true if the name,type,class exists and the given qstate mesh exists - * as a dependency of that name. Thus if qstate becomes dependent on - * name,type,class then a cycle is created, this is return value 1. - * Too large to search is value 2 (also true). - */ -int mesh_detect_cycle(struct module_qstate* qstate, struct query_info* qinfo, - uint16_t flags, int prime, int valrec); - -/** compare two mesh_states */ -int mesh_state_compare(const void* ap, const void* bp); - -/** compare two mesh references */ -int mesh_state_ref_compare(const void* ap, const void* bp); - -/** - * Make space for another recursion state for a reply in the mesh - * @param mesh: mesh area - * @param qbuf: query buffer to save if recursion is invoked to make space. - * This buffer is necessary, because the following sequence in calls - * can result in an overwrite of the incoming query: - * delete_other_mesh_query - iter_clean - serviced_delete - waiting - * udp query is sent - on error callback - callback sends SERVFAIL reply - * over the same network channel, and shared UDP buffer is overwritten. - * You can pass NULL if there is no buffer that must be backed up. - * @return false if no space is available. - */ -int mesh_make_new_space(struct mesh_area* mesh, struct sldns_buffer* qbuf); - -/** - * Insert mesh state into a double linked list. Inserted at end. - * @param m: mesh state. - * @param fp: pointer to the first-elem-pointer of the list. - * @param lp: pointer to the last-elem-pointer of the list. - */ -void mesh_list_insert(struct mesh_state* m, struct mesh_state** fp, - struct mesh_state** lp); - -/** - * Remove mesh state from a double linked list. Remove from any position. - * @param m: mesh state. - * @param fp: pointer to the first-elem-pointer of the list. - * @param lp: pointer to the last-elem-pointer of the list. - */ -void mesh_list_remove(struct mesh_state* m, struct mesh_state** fp, - struct mesh_state** lp); - -#endif /* SERVICES_MESH_H */ diff --git a/external/unbound/services/modstack.c b/external/unbound/services/modstack.c deleted file mode 100644 index 9bebd3a56..000000000 --- a/external/unbound/services/modstack.c +++ /dev/null @@ -1,236 +0,0 @@ -/* - * services/modstack.c - stack of modules - * - * Copyright (c) 2007, NLnet Labs. All rights reserved. - * - * This software is open source. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * Redistributions of source code must retain the above copyright notice, - * this list of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, - * this list of conditions and the following disclaimer in the documentation - * and/or other materials provided with the distribution. - * - * Neither the name of the NLNET LABS nor the names of its contributors may - * be used to endorse or promote products derived from this software without - * specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR - * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT - * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED - * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR - * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF - * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING - * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -/** - * \file - * - * This file contains functions to help maintain a stack of modules. - */ -#include "config.h" -#include -#include "services/modstack.h" -#include "util/module.h" -#include "util/fptr_wlist.h" -#include "dns64/dns64.h" -#include "iterator/iterator.h" -#include "validator/validator.h" -#include "respip/respip.h" - -#ifdef WITH_PYTHONMODULE -#include "pythonmod/pythonmod.h" -#endif -#ifdef USE_CACHEDB -#include "cachedb/cachedb.h" -#endif -#ifdef CLIENT_SUBNET -#include "edns-subnet/subnetmod.h" -#endif - -/** count number of modules (words) in the string */ -static int -count_modules(const char* s) -{ - int num = 0; - if(!s) - return 0; - while(*s) { - /* skip whitespace */ - while(*s && isspace((unsigned char)*s)) - s++; - if(*s && !isspace((unsigned char)*s)) { - /* skip identifier */ - num++; - while(*s && !isspace((unsigned char)*s)) - s++; - } - } - return num; -} - -void -modstack_init(struct module_stack* stack) -{ - stack->num = 0; - stack->mod = NULL; -} - -int -modstack_config(struct module_stack* stack, const char* module_conf) -{ - int i; - verbose(VERB_QUERY, "module config: \"%s\"", module_conf); - stack->num = count_modules(module_conf); - if(stack->num == 0) { - log_err("error: no modules specified"); - return 0; - } - if(stack->num > MAX_MODULE) { - log_err("error: too many modules (%d max %d)", - stack->num, MAX_MODULE); - return 0; - } - stack->mod = (struct module_func_block**)calloc((size_t) - stack->num, sizeof(struct module_func_block*)); - if(!stack->mod) { - log_err("out of memory"); - return 0; - } - for(i=0; inum; i++) { - stack->mod[i] = module_factory(&module_conf); - if(!stack->mod[i]) { - log_err("Unknown value for next module: '%s'", - module_conf); - return 0; - } - } - return 1; -} - -/** The list of module names */ -const char** -module_list_avail(void) -{ - /* these are the modules available */ - static const char* names[] = { - "dns64", -#ifdef WITH_PYTHONMODULE - "python", -#endif -#ifdef USE_CACHEDB - "cachedb", -#endif -#ifdef CLIENT_SUBNET - "subnetcache", -#endif - "respip", - "validator", - "iterator", - NULL}; - return names; -} - -/** func block get function type */ -typedef struct module_func_block* (*fbgetfunctype)(void); - -/** The list of module func blocks */ -static fbgetfunctype* -module_funcs_avail(void) -{ - static struct module_func_block* (*fb[])(void) = { - &dns64_get_funcblock, -#ifdef WITH_PYTHONMODULE - &pythonmod_get_funcblock, -#endif -#ifdef USE_CACHEDB - &cachedb_get_funcblock, -#endif -#ifdef CLIENT_SUBNET - &subnetmod_get_funcblock, -#endif - &respip_get_funcblock, - &val_get_funcblock, - &iter_get_funcblock, - NULL}; - return fb; -} - -struct -module_func_block* module_factory(const char** str) -{ - int i = 0; - const char* s = *str; - const char** names = module_list_avail(); - fbgetfunctype* fb = module_funcs_avail(); - while(*s && isspace((unsigned char)*s)) - s++; - while(names[i]) { - if(strncmp(names[i], s, strlen(names[i])) == 0) { - s += strlen(names[i]); - *str = s; - return (*fb[i])(); - } - i++; - } - return NULL; -} - -int -modstack_setup(struct module_stack* stack, const char* module_conf, - struct module_env* env) -{ - int i; - if(stack->num != 0) - modstack_desetup(stack, env); - /* fixed setup of the modules */ - if(!modstack_config(stack, module_conf)) { - return 0; - } - env->need_to_validate = 0; /* set by module init below */ - for(i=0; inum; i++) { - verbose(VERB_OPS, "init module %d: %s", - i, stack->mod[i]->name); - fptr_ok(fptr_whitelist_mod_init(stack->mod[i]->init)); - if(!(*stack->mod[i]->init)(env, i)) { - log_err("module init for module %s failed", - stack->mod[i]->name); - return 0; - } - } - return 1; -} - -void -modstack_desetup(struct module_stack* stack, struct module_env* env) -{ - int i; - for(i=0; inum; i++) { - fptr_ok(fptr_whitelist_mod_deinit(stack->mod[i]->deinit)); - (*stack->mod[i]->deinit)(env, i); - } - stack->num = 0; - free(stack->mod); - stack->mod = NULL; -} - -int -modstack_find(struct module_stack* stack, const char* name) -{ - int i; - for(i=0; inum; i++) { - if(strcmp(stack->mod[i]->name, name) == 0) - return i; - } - return -1; -} diff --git a/external/unbound/services/modstack.h b/external/unbound/services/modstack.h deleted file mode 100644 index cb8613299..000000000 --- a/external/unbound/services/modstack.h +++ /dev/null @@ -1,113 +0,0 @@ -/* - * services/modstack.h - stack of modules - * - * Copyright (c) 2007, NLnet Labs. All rights reserved. - * - * This software is open source. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * Redistributions of source code must retain the above copyright notice, - * this list of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, - * this list of conditions and the following disclaimer in the documentation - * and/or other materials provided with the distribution. - * - * Neither the name of the NLNET LABS nor the names of its contributors may - * be used to endorse or promote products derived from this software without - * specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR - * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT - * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED - * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR - * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF - * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING - * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -/** - * \file - * - * This file contains functions to help maintain a stack of modules. - */ - -#ifndef SERVICES_MODSTACK_H -#define SERVICES_MODSTACK_H -struct module_func_block; -struct module_env; - -/** - * Stack of modules. - */ -struct module_stack { - /** the number of modules */ - int num; - /** the module callbacks, array of num_modules length (ref only) */ - struct module_func_block** mod; -}; - -/** - * Init a stack of modules - * @param stack: initialised as empty. - */ -void modstack_init(struct module_stack* stack); - -/** - * Read config file module settings and set up the modfunc block - * @param stack: the stack of modules (empty before call). - * @param module_conf: string what modules to insert. - * @return false on error - */ -int modstack_config(struct module_stack* stack, const char* module_conf); - -/** - * Get funcblock for module name - * @param str: string with module name. Advanced to next value on success. - * The string is assumed whitespace separated list of module names. - * @return funcblock or NULL on error. - */ -struct module_func_block* module_factory(const char** str); - -/** - * Get list of modules available. - * @return list of modules available. Static strings, ends with NULL. - */ -const char** module_list_avail(void); - -/** - * Setup modules. Assigns ids and calls module_init. - * @param stack: if not empty beforehand, it will be desetup()ed. - * It is then modstack_configged(). - * @param module_conf: string what modules to insert. - * @param env: module environment which is inited by the modules. - * environment should have a superalloc, cfg, - * env.need_to_validate is set by the modules. - * @return on false a module init failed. - */ -int modstack_setup(struct module_stack* stack, const char* module_conf, - struct module_env* env); - -/** - * Desetup the modules, deinit, delete. - * @param stack: made empty. - * @param env: module env for module deinit() calls. - */ -void modstack_desetup(struct module_stack* stack, struct module_env* env); - -/** - * Find index of module by name. - * @param stack: to look in - * @param name: the name to look for - * @return -1 on failure, otherwise index number. - */ -int modstack_find(struct module_stack* stack, const char* name); - -#endif /* SERVICES_MODSTACK_H */ diff --git a/external/unbound/services/outbound_list.c b/external/unbound/services/outbound_list.c deleted file mode 100644 index ad73380bc..000000000 --- a/external/unbound/services/outbound_list.c +++ /dev/null @@ -1,89 +0,0 @@ -/* - * services/outbound_list.c - keep list of outbound serviced queries. - * - * Copyright (c) 2007, NLnet Labs. All rights reserved. - * - * This software is open source. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * Redistributions of source code must retain the above copyright notice, - * this list of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, - * this list of conditions and the following disclaimer in the documentation - * and/or other materials provided with the distribution. - * - * Neither the name of the NLNET LABS nor the names of its contributors may - * be used to endorse or promote products derived from this software without - * specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR - * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT - * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED - * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR - * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF - * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING - * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -/** - * \file - * - * This file contains functions to help a module keep track of the - * queries it has outstanding to authoritative servers. - */ -#include "config.h" -#include -#include "services/outbound_list.h" -#include "services/outside_network.h" - -void -outbound_list_init(struct outbound_list* list) -{ - list->first = NULL; -} - -void -outbound_list_clear(struct outbound_list* list) -{ - struct outbound_entry *p, *np; - p = list->first; - while(p) { - np = p->next; - outnet_serviced_query_stop(p->qsent, p); - /* in region, no free needed */ - p = np; - } - outbound_list_init(list); -} - -void -outbound_list_insert(struct outbound_list* list, struct outbound_entry* e) -{ - if(list->first) - list->first->prev = e; - e->next = list->first; - e->prev = NULL; - list->first = e; -} - -void -outbound_list_remove(struct outbound_list* list, struct outbound_entry* e) -{ - if(!e) - return; - outnet_serviced_query_stop(e->qsent, e); - if(e->next) - e->next->prev = e->prev; - if(e->prev) - e->prev->next = e->next; - else list->first = e->next; - /* in region, no free needed */ -} diff --git a/external/unbound/services/outbound_list.h b/external/unbound/services/outbound_list.h deleted file mode 100644 index ad59e42d1..000000000 --- a/external/unbound/services/outbound_list.h +++ /dev/null @@ -1,105 +0,0 @@ -/* - * services/outbound_list.h - keep list of outbound serviced queries. - * - * Copyright (c) 2007, NLnet Labs. All rights reserved. - * - * This software is open source. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * Redistributions of source code must retain the above copyright notice, - * this list of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, - * this list of conditions and the following disclaimer in the documentation - * and/or other materials provided with the distribution. - * - * Neither the name of the NLNET LABS nor the names of its contributors may - * be used to endorse or promote products derived from this software without - * specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR - * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT - * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED - * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR - * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF - * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING - * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -/** - * \file - * - * This file contains functions to help a module keep track of the - * queries it has outstanding to authoritative servers. - */ -#ifndef SERVICES_OUTBOUND_LIST_H -#define SERVICES_OUTBOUND_LIST_H -struct outbound_entry; -struct serviced_query; -struct module_qstate; - -/** - * The outbound list. This structure is part of the module specific query - * state. - */ -struct outbound_list { - /** The linked list of outbound query entries. */ - struct outbound_entry* first; -}; - -/** - * Outbound list entry. A serviced query sent by a module processing the - * query from the qstate. Double linked list to aid removal. - */ -struct outbound_entry { - /** next in list */ - struct outbound_entry* next; - /** prev in list */ - struct outbound_entry* prev; - /** The query that was sent out */ - struct serviced_query* qsent; - /** the module query state that sent it */ - struct module_qstate* qstate; -}; - -/** - * Init the user allocated outbound list structure - * @param list: the list structure. - */ -void outbound_list_init(struct outbound_list* list); - -/** - * Clear the user owner outbound list structure. - * Deletes serviced queries. - * @param list: the list structure. It is cleared, but the list struct itself - * is callers responsability to delete. - */ -void outbound_list_clear(struct outbound_list* list); - -/** - * Insert new entry into the list. Caller must allocate the entry with malloc. - * qstate and qsent are set by caller. - * @param list: the list to add to. - * @param e: entry to add, it is only half initialised at call start, fully - * initialised at call end. - */ -void outbound_list_insert(struct outbound_list* list, - struct outbound_entry* e); - -/** - * Remove an entry from the list, and deletes it. - * Deletes serviced query in the entry. - * @param list: the list to remove from. - * @param e: the entry to remove. - */ -void outbound_list_remove(struct outbound_list* list, - struct outbound_entry* e); - -#endif /* SERVICES_OUTBOUND_LIST_H */ diff --git a/external/unbound/services/outside_network.c b/external/unbound/services/outside_network.c deleted file mode 100644 index 426e87b3e..000000000 --- a/external/unbound/services/outside_network.c +++ /dev/null @@ -1,2183 +0,0 @@ -/* - * services/outside_network.c - implement sending of queries and wait answer. - * - * Copyright (c) 2007, NLnet Labs. All rights reserved. - * - * This software is open source. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * Redistributions of source code must retain the above copyright notice, - * this list of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, - * this list of conditions and the following disclaimer in the documentation - * and/or other materials provided with the distribution. - * - * Neither the name of the NLNET LABS nor the names of its contributors may - * be used to endorse or promote products derived from this software without - * specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR - * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT - * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED - * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR - * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF - * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING - * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -/** - * \file - * - * This file has functions to send queries to authoritative servers and - * wait for the pending answer events. - */ -#include "config.h" -#include -#ifdef HAVE_SYS_TYPES_H -# include -#endif -#include -#include "services/outside_network.h" -#include "services/listen_dnsport.h" -#include "services/cache/infra.h" -#include "util/data/msgparse.h" -#include "util/data/msgreply.h" -#include "util/data/msgencode.h" -#include "util/data/dname.h" -#include "util/netevent.h" -#include "util/log.h" -#include "util/net_help.h" -#include "util/random.h" -#include "util/fptr_wlist.h" -#include "sldns/sbuffer.h" -#include "dnstap/dnstap.h" -#ifdef HAVE_OPENSSL_SSL_H -#include -#endif - -#ifdef HAVE_NETDB_H -#include -#endif -#include - -/** number of times to retry making a random ID that is unique. */ -#define MAX_ID_RETRY 1000 -/** number of times to retry finding interface, port that can be opened. */ -#define MAX_PORT_RETRY 10000 -/** number of retries on outgoing UDP queries */ -#define OUTBOUND_UDP_RETRY 1 - -/** initiate TCP transaction for serviced query */ -static void serviced_tcp_initiate(struct serviced_query* sq, sldns_buffer* buff); -/** with a fd available, randomize and send UDP */ -static int randomize_and_send_udp(struct pending* pend, sldns_buffer* packet, - int timeout); - -/** remove waiting tcp from the outnet waiting list */ -static void waiting_list_remove(struct outside_network* outnet, - struct waiting_tcp* w); - -int -pending_cmp(const void* key1, const void* key2) -{ - struct pending *p1 = (struct pending*)key1; - struct pending *p2 = (struct pending*)key2; - if(p1->id < p2->id) - return -1; - if(p1->id > p2->id) - return 1; - log_assert(p1->id == p2->id); - return sockaddr_cmp(&p1->addr, p1->addrlen, &p2->addr, p2->addrlen); -} - -int -serviced_cmp(const void* key1, const void* key2) -{ - struct serviced_query* q1 = (struct serviced_query*)key1; - struct serviced_query* q2 = (struct serviced_query*)key2; - int r; - if(q1->qbuflen < q2->qbuflen) - return -1; - if(q1->qbuflen > q2->qbuflen) - return 1; - log_assert(q1->qbuflen == q2->qbuflen); - log_assert(q1->qbuflen >= 15 /* 10 header, root, type, class */); - /* alternate casing of qname is still the same query */ - if((r = memcmp(q1->qbuf, q2->qbuf, 10)) != 0) - return r; - if((r = memcmp(q1->qbuf+q1->qbuflen-4, q2->qbuf+q2->qbuflen-4, 4)) != 0) - return r; - if(q1->dnssec != q2->dnssec) { - if(q1->dnssec < q2->dnssec) - return -1; - return 1; - } - if((r = query_dname_compare(q1->qbuf+10, q2->qbuf+10)) != 0) - return r; - if((r = edns_opt_list_compare(q1->opt_list, q2->opt_list)) != 0) - return r; - return sockaddr_cmp(&q1->addr, q1->addrlen, &q2->addr, q2->addrlen); -} - -/** delete waiting_tcp entry. Does not unlink from waiting list. - * @param w: to delete. - */ -static void -waiting_tcp_delete(struct waiting_tcp* w) -{ - if(!w) return; - if(w->timer) - comm_timer_delete(w->timer); - free(w); -} - -/** - * Pick random outgoing-interface of that family, and bind it. - * port set to 0 so OS picks a port number for us. - * if it is the ANY address, do not bind. - * @param w: tcp structure with destination address. - * @param s: socket fd. - * @return false on error, socket closed. - */ -static int -pick_outgoing_tcp(struct waiting_tcp* w, int s) -{ - struct port_if* pi = NULL; - int num; -#ifdef INET6 - if(addr_is_ip6(&w->addr, w->addrlen)) - num = w->outnet->num_ip6; - else -#endif - num = w->outnet->num_ip4; - if(num == 0) { - log_err("no TCP outgoing interfaces of family"); - log_addr(VERB_OPS, "for addr", &w->addr, w->addrlen); -#ifndef USE_WINSOCK - close(s); -#else - closesocket(s); -#endif - return 0; - } -#ifdef INET6 - if(addr_is_ip6(&w->addr, w->addrlen)) - pi = &w->outnet->ip6_ifs[ub_random_max(w->outnet->rnd, num)]; - else -#endif - pi = &w->outnet->ip4_ifs[ub_random_max(w->outnet->rnd, num)]; - log_assert(pi); - if(addr_is_any(&pi->addr, pi->addrlen)) { - /* binding to the ANY interface is for listening sockets */ - return 1; - } - /* set port to 0 */ - if(addr_is_ip6(&pi->addr, pi->addrlen)) - ((struct sockaddr_in6*)&pi->addr)->sin6_port = 0; - else ((struct sockaddr_in*)&pi->addr)->sin_port = 0; - if(bind(s, (struct sockaddr*)&pi->addr, pi->addrlen) != 0) { -#ifndef USE_WINSOCK - log_err("outgoing tcp: bind: %s", strerror(errno)); - close(s); -#else - log_err("outgoing tcp: bind: %s", - wsa_strerror(WSAGetLastError())); - closesocket(s); -#endif - return 0; - } - log_addr(VERB_ALGO, "tcp bound to src", &pi->addr, pi->addrlen); - return 1; -} - -/** use next free buffer to service a tcp query */ -static int -outnet_tcp_take_into_use(struct waiting_tcp* w, uint8_t* pkt, size_t pkt_len) -{ - struct pending_tcp* pend = w->outnet->tcp_free; - int s; - log_assert(pend); - log_assert(pkt); - log_assert(w->addrlen > 0); - /* open socket */ -#ifdef INET6 - if(addr_is_ip6(&w->addr, w->addrlen)) - s = socket(PF_INET6, SOCK_STREAM, IPPROTO_TCP); - else -#endif - s = socket(PF_INET, SOCK_STREAM, IPPROTO_TCP); - if(s == -1) { -#ifndef USE_WINSOCK - log_err_addr("outgoing tcp: socket", strerror(errno), - &w->addr, w->addrlen); -#else - log_err_addr("outgoing tcp: socket", - wsa_strerror(WSAGetLastError()), &w->addr, w->addrlen); -#endif - return 0; - } - - if (w->outnet->tcp_mss > 0) { -#if defined(IPPROTO_TCP) && defined(TCP_MAXSEG) - if(setsockopt(s, IPPROTO_TCP, TCP_MAXSEG, - (void*)&w->outnet->tcp_mss, - (socklen_t)sizeof(w->outnet->tcp_mss)) < 0) { - verbose(VERB_ALGO, "outgoing tcp:" - " setsockopt(.. SO_REUSEADDR ..) failed"); - } -#else - verbose(VERB_ALGO, "outgoing tcp:" - " setsockopt(TCP_MAXSEG) unsupported"); -#endif /* defined(IPPROTO_TCP) && defined(TCP_MAXSEG) */ - } - - if(!pick_outgoing_tcp(w, s)) - return 0; - - fd_set_nonblock(s); -#ifdef USE_OSX_MSG_FASTOPEN - /* API for fast open is different here. We use a connectx() function and - then writes can happen as normal even using SSL.*/ - /* connectx requires that the len be set in the sockaddr struct*/ - struct sockaddr_in *addr_in = (struct sockaddr_in *)&w->addr; - addr_in->sin_len = w->addrlen; - sa_endpoints_t endpoints; - endpoints.sae_srcif = 0; - endpoints.sae_srcaddr = NULL; - endpoints.sae_srcaddrlen = 0; - endpoints.sae_dstaddr = (struct sockaddr *)&w->addr; - endpoints.sae_dstaddrlen = w->addrlen; - if (connectx(s, &endpoints, SAE_ASSOCID_ANY, - CONNECT_DATA_IDEMPOTENT | CONNECT_RESUME_ON_READ_WRITE, - NULL, 0, NULL, NULL) == -1) { -#else /* USE_OSX_MSG_FASTOPEN*/ -#ifdef USE_MSG_FASTOPEN - pend->c->tcp_do_fastopen = 1; - /* Only do TFO for TCP in which case no connect() is required here. - Don't combine client TFO with SSL, since OpenSSL can't - currently support doing a handshake on fd that already isn't connected*/ - if (w->outnet->sslctx && w->ssl_upstream) { - if(connect(s, (struct sockaddr*)&w->addr, w->addrlen) == -1) { -#else /* USE_MSG_FASTOPEN*/ - if(connect(s, (struct sockaddr*)&w->addr, w->addrlen) == -1) { -#endif /* USE_MSG_FASTOPEN*/ -#endif /* USE_OSX_MSG_FASTOPEN*/ -#ifndef USE_WINSOCK -#ifdef EINPROGRESS - if(errno != EINPROGRESS) { -#else - if(1) { -#endif - if(tcp_connect_errno_needs_log( - (struct sockaddr*)&w->addr, w->addrlen)) - log_err_addr("outgoing tcp: connect", - strerror(errno), &w->addr, w->addrlen); - close(s); -#else /* USE_WINSOCK */ - if(WSAGetLastError() != WSAEINPROGRESS && - WSAGetLastError() != WSAEWOULDBLOCK) { - closesocket(s); -#endif - return 0; - } - } -#ifdef USE_MSG_FASTOPEN - } -#endif /* USE_MSG_FASTOPEN */ - if(w->outnet->sslctx && w->ssl_upstream) { - pend->c->ssl = outgoing_ssl_fd(w->outnet->sslctx, s); - if(!pend->c->ssl) { - pend->c->fd = s; - comm_point_close(pend->c); - return 0; - } -#ifdef USE_WINSOCK - comm_point_tcp_win_bio_cb(pend->c, pend->c->ssl); -#endif - pend->c->ssl_shake_state = comm_ssl_shake_write; - } - w->pkt = NULL; - w->next_waiting = (void*)pend; - pend->id = LDNS_ID_WIRE(pkt); - w->outnet->num_tcp_outgoing++; - w->outnet->tcp_free = pend->next_free; - pend->next_free = NULL; - pend->query = w; - pend->c->repinfo.addrlen = w->addrlen; - memcpy(&pend->c->repinfo.addr, &w->addr, w->addrlen); - sldns_buffer_clear(pend->c->buffer); - sldns_buffer_write(pend->c->buffer, pkt, pkt_len); - sldns_buffer_flip(pend->c->buffer); - pend->c->tcp_is_reading = 0; - pend->c->tcp_byte_count = 0; - comm_point_start_listening(pend->c, s, -1); - return 1; -} - -/** see if buffers can be used to service TCP queries */ -static void -use_free_buffer(struct outside_network* outnet) -{ - struct waiting_tcp* w; - while(outnet->tcp_free && outnet->tcp_wait_first - && !outnet->want_to_quit) { - w = outnet->tcp_wait_first; - outnet->tcp_wait_first = w->next_waiting; - if(outnet->tcp_wait_last == w) - outnet->tcp_wait_last = NULL; - if(!outnet_tcp_take_into_use(w, w->pkt, w->pkt_len)) { - comm_point_callback_type* cb = w->cb; - void* cb_arg = w->cb_arg; - waiting_tcp_delete(w); - fptr_ok(fptr_whitelist_pending_tcp(cb)); - (void)(*cb)(NULL, cb_arg, NETEVENT_CLOSED, NULL); - } - } -} - -/** decomission a tcp buffer, closes commpoint and frees waiting_tcp entry */ -static void -decomission_pending_tcp(struct outside_network* outnet, - struct pending_tcp* pend) -{ - if(pend->c->ssl) { -#ifdef HAVE_SSL - SSL_shutdown(pend->c->ssl); - SSL_free(pend->c->ssl); - pend->c->ssl = NULL; -#endif - } - comm_point_close(pend->c); - pend->next_free = outnet->tcp_free; - outnet->tcp_free = pend; - waiting_tcp_delete(pend->query); - pend->query = NULL; - use_free_buffer(outnet); -} - -int -outnet_tcp_cb(struct comm_point* c, void* arg, int error, - struct comm_reply *reply_info) -{ - struct pending_tcp* pend = (struct pending_tcp*)arg; - struct outside_network* outnet = pend->query->outnet; - verbose(VERB_ALGO, "outnettcp cb"); - if(error != NETEVENT_NOERROR) { - verbose(VERB_QUERY, "outnettcp got tcp error %d", error); - /* pass error below and exit */ - } else { - /* check ID */ - if(sldns_buffer_limit(c->buffer) < sizeof(uint16_t) || - LDNS_ID_WIRE(sldns_buffer_begin(c->buffer))!=pend->id) { - log_addr(VERB_QUERY, - "outnettcp: bad ID in reply, from:", - &pend->query->addr, pend->query->addrlen); - error = NETEVENT_CLOSED; - } - } - fptr_ok(fptr_whitelist_pending_tcp(pend->query->cb)); - (void)(*pend->query->cb)(c, pend->query->cb_arg, error, reply_info); - decomission_pending_tcp(outnet, pend); - return 0; -} - -/** lower use count on pc, see if it can be closed */ -static void -portcomm_loweruse(struct outside_network* outnet, struct port_comm* pc) -{ - struct port_if* pif; - pc->num_outstanding--; - if(pc->num_outstanding > 0) { - return; - } - /* close it and replace in unused list */ - verbose(VERB_ALGO, "close of port %d", pc->number); - comm_point_close(pc->cp); - pif = pc->pif; - log_assert(pif->inuse > 0); - pif->avail_ports[pif->avail_total - pif->inuse] = pc->number; - pif->inuse--; - pif->out[pc->index] = pif->out[pif->inuse]; - pif->out[pc->index]->index = pc->index; - pc->next = outnet->unused_fds; - outnet->unused_fds = pc; -} - -/** try to send waiting UDP queries */ -static void -outnet_send_wait_udp(struct outside_network* outnet) -{ - struct pending* pend; - /* process waiting queries */ - while(outnet->udp_wait_first && outnet->unused_fds - && !outnet->want_to_quit) { - pend = outnet->udp_wait_first; - outnet->udp_wait_first = pend->next_waiting; - if(!pend->next_waiting) outnet->udp_wait_last = NULL; - sldns_buffer_clear(outnet->udp_buff); - sldns_buffer_write(outnet->udp_buff, pend->pkt, pend->pkt_len); - sldns_buffer_flip(outnet->udp_buff); - free(pend->pkt); /* freeing now makes get_mem correct */ - pend->pkt = NULL; - pend->pkt_len = 0; - if(!randomize_and_send_udp(pend, outnet->udp_buff, - pend->timeout)) { - /* callback error on pending */ - if(pend->cb) { - fptr_ok(fptr_whitelist_pending_udp(pend->cb)); - (void)(*pend->cb)(outnet->unused_fds->cp, pend->cb_arg, - NETEVENT_CLOSED, NULL); - } - pending_delete(outnet, pend); - } - } -} - -int -outnet_udp_cb(struct comm_point* c, void* arg, int error, - struct comm_reply *reply_info) -{ - struct outside_network* outnet = (struct outside_network*)arg; - struct pending key; - struct pending* p; - verbose(VERB_ALGO, "answer cb"); - - if(error != NETEVENT_NOERROR) { - verbose(VERB_QUERY, "outnetudp got udp error %d", error); - return 0; - } - if(sldns_buffer_limit(c->buffer) < LDNS_HEADER_SIZE) { - verbose(VERB_QUERY, "outnetudp udp too short"); - return 0; - } - log_assert(reply_info); - - /* setup lookup key */ - key.id = (unsigned)LDNS_ID_WIRE(sldns_buffer_begin(c->buffer)); - memcpy(&key.addr, &reply_info->addr, reply_info->addrlen); - key.addrlen = reply_info->addrlen; - verbose(VERB_ALGO, "Incoming reply id = %4.4x", key.id); - log_addr(VERB_ALGO, "Incoming reply addr =", - &reply_info->addr, reply_info->addrlen); - - /* find it, see if this thing is a valid query response */ - verbose(VERB_ALGO, "lookup size is %d entries", (int)outnet->pending->count); - p = (struct pending*)rbtree_search(outnet->pending, &key); - if(!p) { - verbose(VERB_QUERY, "received unwanted or unsolicited udp reply dropped."); - log_buf(VERB_ALGO, "dropped message", c->buffer); - outnet->unwanted_replies++; - if(outnet->unwanted_threshold && ++outnet->unwanted_total - >= outnet->unwanted_threshold) { - log_warn("unwanted reply total reached threshold (%u)" - " you may be under attack." - " defensive action: clearing the cache", - (unsigned)outnet->unwanted_threshold); - fptr_ok(fptr_whitelist_alloc_cleanup( - outnet->unwanted_action)); - (*outnet->unwanted_action)(outnet->unwanted_param); - outnet->unwanted_total = 0; - } - return 0; - } - - verbose(VERB_ALGO, "received udp reply."); - log_buf(VERB_ALGO, "udp message", c->buffer); - if(p->pc->cp != c) { - verbose(VERB_QUERY, "received reply id,addr on wrong port. " - "dropped."); - outnet->unwanted_replies++; - if(outnet->unwanted_threshold && ++outnet->unwanted_total - >= outnet->unwanted_threshold) { - log_warn("unwanted reply total reached threshold (%u)" - " you may be under attack." - " defensive action: clearing the cache", - (unsigned)outnet->unwanted_threshold); - fptr_ok(fptr_whitelist_alloc_cleanup( - outnet->unwanted_action)); - (*outnet->unwanted_action)(outnet->unwanted_param); - outnet->unwanted_total = 0; - } - return 0; - } - comm_timer_disable(p->timer); - verbose(VERB_ALGO, "outnet handle udp reply"); - /* delete from tree first in case callback creates a retry */ - (void)rbtree_delete(outnet->pending, p->node.key); - if(p->cb) { - fptr_ok(fptr_whitelist_pending_udp(p->cb)); - (void)(*p->cb)(p->pc->cp, p->cb_arg, NETEVENT_NOERROR, reply_info); - } - portcomm_loweruse(outnet, p->pc); - pending_delete(NULL, p); - outnet_send_wait_udp(outnet); - return 0; -} - -/** calculate number of ip4 and ip6 interfaces*/ -static void -calc_num46(char** ifs, int num_ifs, int do_ip4, int do_ip6, - int* num_ip4, int* num_ip6) -{ - int i; - *num_ip4 = 0; - *num_ip6 = 0; - if(num_ifs <= 0) { - if(do_ip4) - *num_ip4 = 1; - if(do_ip6) - *num_ip6 = 1; - return; - } - for(i=0; ioutnet; - verbose(VERB_ALGO, "timeout udp with delay"); - portcomm_loweruse(outnet, p->pc); - pending_delete(outnet, p); - outnet_send_wait_udp(outnet); -} - -void -pending_udp_timer_cb(void *arg) -{ - struct pending* p = (struct pending*)arg; - struct outside_network* outnet = p->outnet; - /* it timed out */ - verbose(VERB_ALGO, "timeout udp"); - if(p->cb) { - fptr_ok(fptr_whitelist_pending_udp(p->cb)); - (void)(*p->cb)(p->pc->cp, p->cb_arg, NETEVENT_TIMEOUT, NULL); - } - /* if delayclose, keep port open for a longer time. - * But if the udpwaitlist exists, then we are struggling to - * keep up with demand for sockets, so do not wait, but service - * the customer (customer service more important than portICMPs) */ - if(outnet->delayclose && !outnet->udp_wait_first) { - p->cb = NULL; - p->timer->callback = &pending_udp_timer_delay_cb; - comm_timer_set(p->timer, &outnet->delay_tv); - return; - } - portcomm_loweruse(outnet, p->pc); - pending_delete(outnet, p); - outnet_send_wait_udp(outnet); -} - -/** create pending_tcp buffers */ -static int -create_pending_tcp(struct outside_network* outnet, size_t bufsize) -{ - size_t i; - if(outnet->num_tcp == 0) - return 1; /* no tcp needed, nothing to do */ - if(!(outnet->tcp_conns = (struct pending_tcp **)calloc( - outnet->num_tcp, sizeof(struct pending_tcp*)))) - return 0; - for(i=0; inum_tcp; i++) { - if(!(outnet->tcp_conns[i] = (struct pending_tcp*)calloc(1, - sizeof(struct pending_tcp)))) - return 0; - outnet->tcp_conns[i]->next_free = outnet->tcp_free; - outnet->tcp_free = outnet->tcp_conns[i]; - outnet->tcp_conns[i]->c = comm_point_create_tcp_out( - outnet->base, bufsize, outnet_tcp_cb, - outnet->tcp_conns[i]); - if(!outnet->tcp_conns[i]->c) - return 0; - } - return 1; -} - -/** setup an outgoing interface, ready address */ -static int setup_if(struct port_if* pif, const char* addrstr, - int* avail, int numavail, size_t numfd) -{ - pif->avail_total = numavail; - pif->avail_ports = (int*)memdup(avail, (size_t)numavail*sizeof(int)); - if(!pif->avail_ports) - return 0; - if(!ipstrtoaddr(addrstr, UNBOUND_DNS_PORT, &pif->addr, &pif->addrlen) && - !netblockstrtoaddr(addrstr, UNBOUND_DNS_PORT, - &pif->addr, &pif->addrlen, &pif->pfxlen)) - return 0; - pif->maxout = (int)numfd; - pif->inuse = 0; - pif->out = (struct port_comm**)calloc(numfd, - sizeof(struct port_comm*)); - if(!pif->out) - return 0; - return 1; -} - -struct outside_network* -outside_network_create(struct comm_base *base, size_t bufsize, - size_t num_ports, char** ifs, int num_ifs, int do_ip4, - int do_ip6, size_t num_tcp, struct infra_cache* infra, - struct ub_randstate* rnd, int use_caps_for_id, int* availports, - int numavailports, size_t unwanted_threshold, int tcp_mss, - void (*unwanted_action)(void*), void* unwanted_param, int do_udp, - void* sslctx, int delayclose, struct dt_env* dtenv) -{ - struct outside_network* outnet = (struct outside_network*) - calloc(1, sizeof(struct outside_network)); - size_t k; - if(!outnet) { - log_err("malloc failed"); - return NULL; - } - comm_base_timept(base, &outnet->now_secs, &outnet->now_tv); - outnet->base = base; - outnet->num_tcp = num_tcp; - outnet->num_tcp_outgoing = 0; - outnet->infra = infra; - outnet->rnd = rnd; - outnet->sslctx = sslctx; -#ifdef USE_DNSTAP - outnet->dtenv = dtenv; -#else - (void)dtenv; -#endif - outnet->svcd_overhead = 0; - outnet->want_to_quit = 0; - outnet->unwanted_threshold = unwanted_threshold; - outnet->unwanted_action = unwanted_action; - outnet->unwanted_param = unwanted_param; - outnet->use_caps_for_id = use_caps_for_id; - outnet->do_udp = do_udp; - outnet->tcp_mss = tcp_mss; -#ifndef S_SPLINT_S - if(delayclose) { - outnet->delayclose = 1; - outnet->delay_tv.tv_sec = delayclose/1000; - outnet->delay_tv.tv_usec = (delayclose%1000)*1000; - } -#endif - if(numavailports == 0) { - log_err("no outgoing ports available"); - outside_network_delete(outnet); - return NULL; - } -#ifndef INET6 - do_ip6 = 0; -#endif - calc_num46(ifs, num_ifs, do_ip4, do_ip6, - &outnet->num_ip4, &outnet->num_ip6); - if(outnet->num_ip4 != 0) { - if(!(outnet->ip4_ifs = (struct port_if*)calloc( - (size_t)outnet->num_ip4, sizeof(struct port_if)))) { - log_err("malloc failed"); - outside_network_delete(outnet); - return NULL; - } - } - if(outnet->num_ip6 != 0) { - if(!(outnet->ip6_ifs = (struct port_if*)calloc( - (size_t)outnet->num_ip6, sizeof(struct port_if)))) { - log_err("malloc failed"); - outside_network_delete(outnet); - return NULL; - } - } - if( !(outnet->udp_buff = sldns_buffer_new(bufsize)) || - !(outnet->pending = rbtree_create(pending_cmp)) || - !(outnet->serviced = rbtree_create(serviced_cmp)) || - !create_pending_tcp(outnet, bufsize)) { - log_err("malloc failed"); - outside_network_delete(outnet); - return NULL; - } - - /* allocate commpoints */ - for(k=0; kcp = comm_point_create_udp(outnet->base, -1, - outnet->udp_buff, outnet_udp_cb, outnet); - if(!pc->cp) { - log_err("malloc failed"); - free(pc); - outside_network_delete(outnet); - return NULL; - } - pc->next = outnet->unused_fds; - outnet->unused_fds = pc; - } - - /* allocate interfaces */ - if(num_ifs == 0) { - if(do_ip4 && !setup_if(&outnet->ip4_ifs[0], "0.0.0.0", - availports, numavailports, num_ports)) { - log_err("malloc failed"); - outside_network_delete(outnet); - return NULL; - } - if(do_ip6 && !setup_if(&outnet->ip6_ifs[0], "::", - availports, numavailports, num_ports)) { - log_err("malloc failed"); - outside_network_delete(outnet); - return NULL; - } - } else { - size_t done_4 = 0, done_6 = 0; - int i; - for(i=0; iip6_ifs[done_6], ifs[i], - availports, numavailports, num_ports)){ - log_err("malloc failed"); - outside_network_delete(outnet); - return NULL; - } - done_6++; - } - if(!str_is_ip6(ifs[i]) && do_ip4) { - if(!setup_if(&outnet->ip4_ifs[done_4], ifs[i], - availports, numavailports, num_ports)){ - log_err("malloc failed"); - outside_network_delete(outnet); - return NULL; - } - done_4++; - } - } - } - return outnet; -} - -/** helper pending delete */ -static void -pending_node_del(rbnode_type* node, void* arg) -{ - struct pending* pend = (struct pending*)node; - struct outside_network* outnet = (struct outside_network*)arg; - pending_delete(outnet, pend); -} - -/** helper serviced delete */ -static void -serviced_node_del(rbnode_type* node, void* ATTR_UNUSED(arg)) -{ - struct serviced_query* sq = (struct serviced_query*)node; - struct service_callback* p = sq->cblist, *np; - free(sq->qbuf); - free(sq->zone); - edns_opt_list_free(sq->opt_list); - while(p) { - np = p->next; - free(p); - p = np; - } - free(sq); -} - -void -outside_network_quit_prepare(struct outside_network* outnet) -{ - if(!outnet) - return; - /* prevent queued items from being sent */ - outnet->want_to_quit = 1; -} - -void -outside_network_delete(struct outside_network* outnet) -{ - if(!outnet) - return; - outnet->want_to_quit = 1; - /* check every element, since we can be called on malloc error */ - if(outnet->pending) { - /* free pending elements, but do no unlink from tree. */ - traverse_postorder(outnet->pending, pending_node_del, NULL); - free(outnet->pending); - } - if(outnet->serviced) { - traverse_postorder(outnet->serviced, serviced_node_del, NULL); - free(outnet->serviced); - } - if(outnet->udp_buff) - sldns_buffer_free(outnet->udp_buff); - if(outnet->unused_fds) { - struct port_comm* p = outnet->unused_fds, *np; - while(p) { - np = p->next; - comm_point_delete(p->cp); - free(p); - p = np; - } - outnet->unused_fds = NULL; - } - if(outnet->ip4_ifs) { - int i, k; - for(i=0; inum_ip4; i++) { - for(k=0; kip4_ifs[i].inuse; k++) { - struct port_comm* pc = outnet->ip4_ifs[i]. - out[k]; - comm_point_delete(pc->cp); - free(pc); - } - free(outnet->ip4_ifs[i].avail_ports); - free(outnet->ip4_ifs[i].out); - } - free(outnet->ip4_ifs); - } - if(outnet->ip6_ifs) { - int i, k; - for(i=0; inum_ip6; i++) { - for(k=0; kip6_ifs[i].inuse; k++) { - struct port_comm* pc = outnet->ip6_ifs[i]. - out[k]; - comm_point_delete(pc->cp); - free(pc); - } - free(outnet->ip6_ifs[i].avail_ports); - free(outnet->ip6_ifs[i].out); - } - free(outnet->ip6_ifs); - } - if(outnet->tcp_conns) { - size_t i; - for(i=0; inum_tcp; i++) - if(outnet->tcp_conns[i]) { - comm_point_delete(outnet->tcp_conns[i]->c); - waiting_tcp_delete(outnet->tcp_conns[i]->query); - free(outnet->tcp_conns[i]); - } - free(outnet->tcp_conns); - } - if(outnet->tcp_wait_first) { - struct waiting_tcp* p = outnet->tcp_wait_first, *np; - while(p) { - np = p->next_waiting; - waiting_tcp_delete(p); - p = np; - } - } - if(outnet->udp_wait_first) { - struct pending* p = outnet->udp_wait_first, *np; - while(p) { - np = p->next_waiting; - pending_delete(NULL, p); - p = np; - } - } - free(outnet); -} - -void -pending_delete(struct outside_network* outnet, struct pending* p) -{ - if(!p) - return; - if(outnet && outnet->udp_wait_first && - (p->next_waiting || p == outnet->udp_wait_last) ) { - /* delete from waiting list, if it is in the waiting list */ - struct pending* prev = NULL, *x = outnet->udp_wait_first; - while(x && x != p) { - prev = x; - x = x->next_waiting; - } - if(x) { - log_assert(x == p); - if(prev) - prev->next_waiting = p->next_waiting; - else outnet->udp_wait_first = p->next_waiting; - if(outnet->udp_wait_last == p) - outnet->udp_wait_last = prev; - } - } - if(outnet) { - (void)rbtree_delete(outnet->pending, p->node.key); - } - if(p->timer) - comm_timer_delete(p->timer); - free(p->pkt); - free(p); -} - -static void -sai6_putrandom(struct sockaddr_in6 *sa, int pfxlen, struct ub_randstate *rnd) -{ - int i, last; - if(!(pfxlen > 0 && pfxlen < 128)) - return; - for(i = 0; i < (128 - pfxlen) / 8; i++) { - sa->sin6_addr.s6_addr[15-i] = (uint8_t)ub_random_max(rnd, 256); - } - last = pfxlen & 7; - if(last != 0) { - sa->sin6_addr.s6_addr[15-i] |= - ((0xFF >> last) & ub_random_max(rnd, 256)); - } -} - -/** - * Try to open a UDP socket for outgoing communication. - * Sets sockets options as needed. - * @param addr: socket address. - * @param addrlen: length of address. - * @param pfxlen: length of network prefix (for address randomisation). - * @param port: port override for addr. - * @param inuse: if -1 is returned, this bool means the port was in use. - * @param rnd: random state (for address randomisation). - * @return fd or -1 - */ -static int -udp_sockport(struct sockaddr_storage* addr, socklen_t addrlen, int pfxlen, - int port, int* inuse, struct ub_randstate* rnd) -{ - int fd, noproto; - if(addr_is_ip6(addr, addrlen)) { - int freebind = 0; - struct sockaddr_in6 sa = *(struct sockaddr_in6*)addr; - sa.sin6_port = (in_port_t)htons((uint16_t)port); - if(pfxlen != 0) { - freebind = 1; - sai6_putrandom(&sa, pfxlen, rnd); - } - fd = create_udp_sock(AF_INET6, SOCK_DGRAM, - (struct sockaddr*)&sa, addrlen, 1, inuse, &noproto, - 0, 0, 0, NULL, 0, freebind, 0); - } else { - struct sockaddr_in* sa = (struct sockaddr_in*)addr; - sa->sin_port = (in_port_t)htons((uint16_t)port); - fd = create_udp_sock(AF_INET, SOCK_DGRAM, - (struct sockaddr*)addr, addrlen, 1, inuse, &noproto, - 0, 0, 0, NULL, 0, 0, 0); - } - return fd; -} - -/** Select random ID */ -static int -select_id(struct outside_network* outnet, struct pending* pend, - sldns_buffer* packet) -{ - int id_tries = 0; - pend->id = ((unsigned)ub_random(outnet->rnd)>>8) & 0xffff; - LDNS_ID_SET(sldns_buffer_begin(packet), pend->id); - - /* insert in tree */ - pend->node.key = pend; - while(!rbtree_insert(outnet->pending, &pend->node)) { - /* change ID to avoid collision */ - pend->id = ((unsigned)ub_random(outnet->rnd)>>8) & 0xffff; - LDNS_ID_SET(sldns_buffer_begin(packet), pend->id); - id_tries++; - if(id_tries == MAX_ID_RETRY) { - pend->id=99999; /* non existant ID */ - log_err("failed to generate unique ID, drop msg"); - return 0; - } - } - verbose(VERB_ALGO, "inserted new pending reply id=%4.4x", pend->id); - return 1; -} - -/** Select random interface and port */ -static int -select_ifport(struct outside_network* outnet, struct pending* pend, - int num_if, struct port_if* ifs) -{ - int my_if, my_port, fd, portno, inuse, tries=0; - struct port_if* pif; - /* randomly select interface and port */ - if(num_if == 0) { - verbose(VERB_QUERY, "Need to send query but have no " - "outgoing interfaces of that family"); - return 0; - } - log_assert(outnet->unused_fds); - tries = 0; - while(1) { - my_if = ub_random_max(outnet->rnd, num_if); - pif = &ifs[my_if]; - my_port = ub_random_max(outnet->rnd, pif->avail_total); - if(my_port < pif->inuse) { - /* port already open */ - pend->pc = pif->out[my_port]; - verbose(VERB_ALGO, "using UDP if=%d port=%d", - my_if, pend->pc->number); - break; - } - /* try to open new port, if fails, loop to try again */ - log_assert(pif->inuse < pif->maxout); - portno = pif->avail_ports[my_port - pif->inuse]; - fd = udp_sockport(&pif->addr, pif->addrlen, pif->pfxlen, - portno, &inuse, outnet->rnd); - if(fd == -1 && !inuse) { - /* nonrecoverable error making socket */ - return 0; - } - if(fd != -1) { - verbose(VERB_ALGO, "opened UDP if=%d port=%d", - my_if, portno); - /* grab fd */ - pend->pc = outnet->unused_fds; - outnet->unused_fds = pend->pc->next; - - /* setup portcomm */ - pend->pc->next = NULL; - pend->pc->number = portno; - pend->pc->pif = pif; - pend->pc->index = pif->inuse; - pend->pc->num_outstanding = 0; - comm_point_start_listening(pend->pc->cp, fd, -1); - - /* grab port in interface */ - pif->out[pif->inuse] = pend->pc; - pif->avail_ports[my_port - pif->inuse] = - pif->avail_ports[pif->avail_total-pif->inuse-1]; - pif->inuse++; - break; - } - /* failed, already in use */ - verbose(VERB_QUERY, "port %d in use, trying another", portno); - tries++; - if(tries == MAX_PORT_RETRY) { - log_err("failed to find an open port, drop msg"); - return 0; - } - } - log_assert(pend->pc); - pend->pc->num_outstanding++; - - return 1; -} - -static int -randomize_and_send_udp(struct pending* pend, sldns_buffer* packet, int timeout) -{ - struct timeval tv; - struct outside_network* outnet = pend->sq->outnet; - - /* select id */ - if(!select_id(outnet, pend, packet)) { - return 0; - } - - /* select src_if, port */ - if(addr_is_ip6(&pend->addr, pend->addrlen)) { - if(!select_ifport(outnet, pend, - outnet->num_ip6, outnet->ip6_ifs)) - return 0; - } else { - if(!select_ifport(outnet, pend, - outnet->num_ip4, outnet->ip4_ifs)) - return 0; - } - log_assert(pend->pc && pend->pc->cp); - - /* send it over the commlink */ - if(!comm_point_send_udp_msg(pend->pc->cp, packet, - (struct sockaddr*)&pend->addr, pend->addrlen)) { - portcomm_loweruse(outnet, pend->pc); - return 0; - } - - /* system calls to set timeout after sending UDP to make roundtrip - smaller. */ -#ifndef S_SPLINT_S - tv.tv_sec = timeout/1000; - tv.tv_usec = (timeout%1000)*1000; -#endif - comm_timer_set(pend->timer, &tv); - -#ifdef USE_DNSTAP - if(outnet->dtenv && - (outnet->dtenv->log_resolver_query_messages || - outnet->dtenv->log_forwarder_query_messages)) - dt_msg_send_outside_query(outnet->dtenv, &pend->addr, comm_udp, - pend->sq->zone, pend->sq->zonelen, packet); -#endif - return 1; -} - -struct pending* -pending_udp_query(struct serviced_query* sq, struct sldns_buffer* packet, - int timeout, comm_point_callback_type* cb, void* cb_arg) -{ - struct pending* pend = (struct pending*)calloc(1, sizeof(*pend)); - if(!pend) return NULL; - pend->outnet = sq->outnet; - pend->sq = sq; - pend->addrlen = sq->addrlen; - memmove(&pend->addr, &sq->addr, sq->addrlen); - pend->cb = cb; - pend->cb_arg = cb_arg; - pend->node.key = pend; - pend->timer = comm_timer_create(sq->outnet->base, pending_udp_timer_cb, - pend); - if(!pend->timer) { - free(pend); - return NULL; - } - - if(sq->outnet->unused_fds == NULL) { - /* no unused fd, cannot create a new port (randomly) */ - verbose(VERB_ALGO, "no fds available, udp query waiting"); - pend->timeout = timeout; - pend->pkt_len = sldns_buffer_limit(packet); - pend->pkt = (uint8_t*)memdup(sldns_buffer_begin(packet), - pend->pkt_len); - if(!pend->pkt) { - comm_timer_delete(pend->timer); - free(pend); - return NULL; - } - /* put at end of waiting list */ - if(sq->outnet->udp_wait_last) - sq->outnet->udp_wait_last->next_waiting = pend; - else - sq->outnet->udp_wait_first = pend; - sq->outnet->udp_wait_last = pend; - return pend; - } - if(!randomize_and_send_udp(pend, packet, timeout)) { - pending_delete(sq->outnet, pend); - return NULL; - } - return pend; -} - -void -outnet_tcptimer(void* arg) -{ - struct waiting_tcp* w = (struct waiting_tcp*)arg; - struct outside_network* outnet = w->outnet; - comm_point_callback_type* cb; - void* cb_arg; - if(w->pkt) { - /* it is on the waiting list */ - waiting_list_remove(outnet, w); - } else { - /* it was in use */ - struct pending_tcp* pend=(struct pending_tcp*)w->next_waiting; - comm_point_close(pend->c); - pend->query = NULL; - pend->next_free = outnet->tcp_free; - outnet->tcp_free = pend; - } - cb = w->cb; - cb_arg = w->cb_arg; - waiting_tcp_delete(w); - fptr_ok(fptr_whitelist_pending_tcp(cb)); - (void)(*cb)(NULL, cb_arg, NETEVENT_TIMEOUT, NULL); - use_free_buffer(outnet); -} - -struct waiting_tcp* -pending_tcp_query(struct serviced_query* sq, sldns_buffer* packet, - int timeout, comm_point_callback_type* callback, void* callback_arg) -{ - struct pending_tcp* pend = sq->outnet->tcp_free; - struct waiting_tcp* w; - struct timeval tv; - uint16_t id; - /* if no buffer is free allocate space to store query */ - w = (struct waiting_tcp*)malloc(sizeof(struct waiting_tcp) - + (pend?0:sldns_buffer_limit(packet))); - if(!w) { - return NULL; - } - if(!(w->timer = comm_timer_create(sq->outnet->base, outnet_tcptimer, w))) { - free(w); - return NULL; - } - w->pkt = NULL; - w->pkt_len = 0; - id = ((unsigned)ub_random(sq->outnet->rnd)>>8) & 0xffff; - LDNS_ID_SET(sldns_buffer_begin(packet), id); - memcpy(&w->addr, &sq->addr, sq->addrlen); - w->addrlen = sq->addrlen; - w->outnet = sq->outnet; - w->cb = callback; - w->cb_arg = callback_arg; - w->ssl_upstream = sq->ssl_upstream; -#ifndef S_SPLINT_S - tv.tv_sec = timeout; - tv.tv_usec = 0; -#endif - comm_timer_set(w->timer, &tv); - if(pend) { - /* we have a buffer available right now */ - if(!outnet_tcp_take_into_use(w, sldns_buffer_begin(packet), - sldns_buffer_limit(packet))) { - waiting_tcp_delete(w); - return NULL; - } -#ifdef USE_DNSTAP - if(sq->outnet->dtenv && - (sq->outnet->dtenv->log_resolver_query_messages || - sq->outnet->dtenv->log_forwarder_query_messages)) - dt_msg_send_outside_query(sq->outnet->dtenv, &sq->addr, - comm_tcp, sq->zone, sq->zonelen, packet); -#endif - } else { - /* queue up */ - w->pkt = (uint8_t*)w + sizeof(struct waiting_tcp); - w->pkt_len = sldns_buffer_limit(packet); - memmove(w->pkt, sldns_buffer_begin(packet), w->pkt_len); - w->next_waiting = NULL; - if(sq->outnet->tcp_wait_last) - sq->outnet->tcp_wait_last->next_waiting = w; - else sq->outnet->tcp_wait_first = w; - sq->outnet->tcp_wait_last = w; - } - return w; -} - -/** create query for serviced queries */ -static void -serviced_gen_query(sldns_buffer* buff, uint8_t* qname, size_t qnamelen, - uint16_t qtype, uint16_t qclass, uint16_t flags) -{ - sldns_buffer_clear(buff); - /* skip id */ - sldns_buffer_write_u16(buff, flags); - sldns_buffer_write_u16(buff, 1); /* qdcount */ - sldns_buffer_write_u16(buff, 0); /* ancount */ - sldns_buffer_write_u16(buff, 0); /* nscount */ - sldns_buffer_write_u16(buff, 0); /* arcount */ - sldns_buffer_write(buff, qname, qnamelen); - sldns_buffer_write_u16(buff, qtype); - sldns_buffer_write_u16(buff, qclass); - sldns_buffer_flip(buff); -} - -/** lookup serviced query in serviced query rbtree */ -static struct serviced_query* -lookup_serviced(struct outside_network* outnet, sldns_buffer* buff, int dnssec, - struct sockaddr_storage* addr, socklen_t addrlen, - struct edns_option* opt_list) -{ - struct serviced_query key; - key.node.key = &key; - key.qbuf = sldns_buffer_begin(buff); - key.qbuflen = sldns_buffer_limit(buff); - key.dnssec = dnssec; - memcpy(&key.addr, addr, addrlen); - key.addrlen = addrlen; - key.outnet = outnet; - key.opt_list = opt_list; - return (struct serviced_query*)rbtree_search(outnet->serviced, &key); -} - -/** Create new serviced entry */ -static struct serviced_query* -serviced_create(struct outside_network* outnet, sldns_buffer* buff, int dnssec, - int want_dnssec, int nocaps, int tcp_upstream, int ssl_upstream, - struct sockaddr_storage* addr, socklen_t addrlen, uint8_t* zone, - size_t zonelen, int qtype, struct edns_option* opt_list) -{ - struct serviced_query* sq = (struct serviced_query*)malloc(sizeof(*sq)); -#ifdef UNBOUND_DEBUG - rbnode_type* ins; -#endif - if(!sq) - return NULL; - sq->node.key = sq; - sq->qbuf = memdup(sldns_buffer_begin(buff), sldns_buffer_limit(buff)); - if(!sq->qbuf) { - free(sq); - return NULL; - } - sq->qbuflen = sldns_buffer_limit(buff); - sq->zone = memdup(zone, zonelen); - if(!sq->zone) { - free(sq->qbuf); - free(sq); - return NULL; - } - sq->zonelen = zonelen; - sq->qtype = qtype; - sq->dnssec = dnssec; - sq->want_dnssec = want_dnssec; - sq->nocaps = nocaps; - sq->tcp_upstream = tcp_upstream; - sq->ssl_upstream = ssl_upstream; - memcpy(&sq->addr, addr, addrlen); - sq->addrlen = addrlen; - sq->opt_list = NULL; - if(opt_list) { - sq->opt_list = edns_opt_copy_alloc(opt_list); - if(!sq->opt_list) { - free(sq->zone); - free(sq->qbuf); - free(sq); - return NULL; - } - } - sq->outnet = outnet; - sq->cblist = NULL; - sq->pending = NULL; - sq->status = serviced_initial; - sq->retry = 0; - sq->to_be_deleted = 0; -#ifdef UNBOUND_DEBUG - ins = -#else - (void) -#endif - rbtree_insert(outnet->serviced, &sq->node); - log_assert(ins != NULL); /* must not be already present */ - return sq; -} - -/** remove waiting tcp from the outnet waiting list */ -static void -waiting_list_remove(struct outside_network* outnet, struct waiting_tcp* w) -{ - struct waiting_tcp* p = outnet->tcp_wait_first, *prev = NULL; - while(p) { - if(p == w) { - /* remove w */ - if(prev) - prev->next_waiting = w->next_waiting; - else outnet->tcp_wait_first = w->next_waiting; - if(outnet->tcp_wait_last == w) - outnet->tcp_wait_last = prev; - return; - } - prev = p; - p = p->next_waiting; - } -} - -/** cleanup serviced query entry */ -static void -serviced_delete(struct serviced_query* sq) -{ - if(sq->pending) { - /* clear up the pending query */ - if(sq->status == serviced_query_UDP_EDNS || - sq->status == serviced_query_UDP || - sq->status == serviced_query_PROBE_EDNS || - sq->status == serviced_query_UDP_EDNS_FRAG || - sq->status == serviced_query_UDP_EDNS_fallback) { - struct pending* p = (struct pending*)sq->pending; - if(p->pc) - portcomm_loweruse(sq->outnet, p->pc); - pending_delete(sq->outnet, p); - /* this call can cause reentrant calls back into the - * mesh */ - outnet_send_wait_udp(sq->outnet); - } else { - struct waiting_tcp* p = (struct waiting_tcp*) - sq->pending; - if(p->pkt == NULL) { - decomission_pending_tcp(sq->outnet, - (struct pending_tcp*)p->next_waiting); - } else { - waiting_list_remove(sq->outnet, p); - waiting_tcp_delete(p); - } - } - } - /* does not delete from tree, caller has to do that */ - serviced_node_del(&sq->node, NULL); -} - -/** perturb a dname capitalization randomly */ -static void -serviced_perturb_qname(struct ub_randstate* rnd, uint8_t* qbuf, size_t len) -{ - uint8_t lablen; - uint8_t* d = qbuf + 10; - long int random = 0; - int bits = 0; - log_assert(len >= 10 + 5 /* offset qname, root, qtype, qclass */); - (void)len; - lablen = *d++; - while(lablen) { - while(lablen--) { - /* only perturb A-Z, a-z */ - if(isalpha((unsigned char)*d)) { - /* get a random bit */ - if(bits == 0) { - random = ub_random(rnd); - bits = 30; - } - if(random & 0x1) { - *d = (uint8_t)toupper((unsigned char)*d); - } else { - *d = (uint8_t)tolower((unsigned char)*d); - } - random >>= 1; - bits--; - } - d++; - } - lablen = *d++; - } - if(verbosity >= VERB_ALGO) { - char buf[LDNS_MAX_DOMAINLEN+1]; - dname_str(qbuf+10, buf); - verbose(VERB_ALGO, "qname perturbed to %s", buf); - } -} - -/** put serviced query into a buffer */ -static void -serviced_encode(struct serviced_query* sq, sldns_buffer* buff, int with_edns) -{ - /* if we are using 0x20 bits for ID randomness, perturb them */ - if(sq->outnet->use_caps_for_id && !sq->nocaps) { - serviced_perturb_qname(sq->outnet->rnd, sq->qbuf, sq->qbuflen); - } - /* generate query */ - sldns_buffer_clear(buff); - sldns_buffer_write_u16(buff, 0); /* id placeholder */ - sldns_buffer_write(buff, sq->qbuf, sq->qbuflen); - sldns_buffer_flip(buff); - if(with_edns) { - /* add edns section */ - struct edns_data edns; - edns.edns_present = 1; - edns.ext_rcode = 0; - edns.edns_version = EDNS_ADVERTISED_VERSION; - edns.opt_list = sq->opt_list; - if(sq->status == serviced_query_UDP_EDNS_FRAG) { - if(addr_is_ip6(&sq->addr, sq->addrlen)) { - if(EDNS_FRAG_SIZE_IP6 < EDNS_ADVERTISED_SIZE) - edns.udp_size = EDNS_FRAG_SIZE_IP6; - else edns.udp_size = EDNS_ADVERTISED_SIZE; - } else { - if(EDNS_FRAG_SIZE_IP4 < EDNS_ADVERTISED_SIZE) - edns.udp_size = EDNS_FRAG_SIZE_IP4; - else edns.udp_size = EDNS_ADVERTISED_SIZE; - } - } else { - edns.udp_size = EDNS_ADVERTISED_SIZE; - } - edns.bits = 0; - if(sq->dnssec & EDNS_DO) - edns.bits = EDNS_DO; - if(sq->dnssec & BIT_CD) - LDNS_CD_SET(sldns_buffer_begin(buff)); - attach_edns_record(buff, &edns); - } -} - -/** - * Perform serviced query UDP sending operation. - * Sends UDP with EDNS, unless infra host marked non EDNS. - * @param sq: query to send. - * @param buff: buffer scratch space. - * @return 0 on error. - */ -static int -serviced_udp_send(struct serviced_query* sq, sldns_buffer* buff) -{ - int rtt, vs; - uint8_t edns_lame_known; - time_t now = *sq->outnet->now_secs; - - if(!infra_host(sq->outnet->infra, &sq->addr, sq->addrlen, sq->zone, - sq->zonelen, now, &vs, &edns_lame_known, &rtt)) - return 0; - sq->last_rtt = rtt; - verbose(VERB_ALGO, "EDNS lookup known=%d vs=%d", edns_lame_known, vs); - if(sq->status == serviced_initial) { - if(edns_lame_known == 0 && rtt > 5000 && rtt < 10001) { - /* perform EDNS lame probe - check if server is - * EDNS lame (EDNS queries to it are dropped) */ - verbose(VERB_ALGO, "serviced query: send probe to see " - " if use of EDNS causes timeouts"); - /* even 700 msec may be too small */ - rtt = 1000; - sq->status = serviced_query_PROBE_EDNS; - } else if(vs != -1) { - sq->status = serviced_query_UDP_EDNS; - } else { - sq->status = serviced_query_UDP; - } - } - serviced_encode(sq, buff, (sq->status == serviced_query_UDP_EDNS) || - (sq->status == serviced_query_UDP_EDNS_FRAG)); - sq->last_sent_time = *sq->outnet->now_tv; - sq->edns_lame_known = (int)edns_lame_known; - verbose(VERB_ALGO, "serviced query UDP timeout=%d msec", rtt); - sq->pending = pending_udp_query(sq, buff, rtt, - serviced_udp_callback, sq); - if(!sq->pending) - return 0; - return 1; -} - -/** check that perturbed qname is identical */ -static int -serviced_check_qname(sldns_buffer* pkt, uint8_t* qbuf, size_t qbuflen) -{ - uint8_t* d1 = sldns_buffer_at(pkt, 12); - uint8_t* d2 = qbuf+10; - uint8_t len1, len2; - int count = 0; - log_assert(qbuflen >= 15 /* 10 header, root, type, class */); - len1 = *d1++; - len2 = *d2++; - if(sldns_buffer_limit(pkt) < 12+1+4) /* packet too small for qname */ - return 0; - while(len1 != 0 || len2 != 0) { - if(LABEL_IS_PTR(len1)) { - d1 = sldns_buffer_begin(pkt)+PTR_OFFSET(len1, *d1); - if(d1 >= sldns_buffer_at(pkt, sldns_buffer_limit(pkt))) - return 0; - len1 = *d1++; - if(count++ > MAX_COMPRESS_PTRS) - return 0; - continue; - } - if(d2 > qbuf+qbuflen) - return 0; - if(len1 != len2) - return 0; - if(len1 > LDNS_MAX_LABELLEN) - return 0; - log_assert(len1 <= LDNS_MAX_LABELLEN); - log_assert(len2 <= LDNS_MAX_LABELLEN); - log_assert(len1 == len2 && len1 != 0); - /* compare the labels - bitwise identical */ - if(memcmp(d1, d2, len1) != 0) - return 0; - d1 += len1; - d2 += len2; - len1 = *d1++; - len2 = *d2++; - } - return 1; -} - -/** call the callbacks for a serviced query */ -static void -serviced_callbacks(struct serviced_query* sq, int error, struct comm_point* c, - struct comm_reply* rep) -{ - struct service_callback* p; - int dobackup = (sq->cblist && sq->cblist->next); /* >1 cb*/ - uint8_t *backup_p = NULL; - size_t backlen = 0; -#ifdef UNBOUND_DEBUG - rbnode_type* rem = -#else - (void) -#endif - /* remove from tree, and schedule for deletion, so that callbacks - * can safely deregister themselves and even create new serviced - * queries that are identical to this one. */ - rbtree_delete(sq->outnet->serviced, sq); - log_assert(rem); /* should have been present */ - sq->to_be_deleted = 1; - verbose(VERB_ALGO, "svcd callbacks start"); - if(sq->outnet->use_caps_for_id && error == NETEVENT_NOERROR && c && - !sq->nocaps && sq->qtype != LDNS_RR_TYPE_PTR) { - /* for type PTR do not check perturbed name in answer, - * compatibility with cisco dns guard boxes that mess up - * reverse queries 0x20 contents */ - /* noerror and nxdomain must have a qname in reply */ - if(sldns_buffer_read_u16_at(c->buffer, 4) == 0 && - (LDNS_RCODE_WIRE(sldns_buffer_begin(c->buffer)) - == LDNS_RCODE_NOERROR || - LDNS_RCODE_WIRE(sldns_buffer_begin(c->buffer)) - == LDNS_RCODE_NXDOMAIN)) { - verbose(VERB_DETAIL, "no qname in reply to check 0x20ID"); - log_addr(VERB_DETAIL, "from server", - &sq->addr, sq->addrlen); - log_buf(VERB_DETAIL, "for packet", c->buffer); - error = NETEVENT_CLOSED; - c = NULL; - } else if(sldns_buffer_read_u16_at(c->buffer, 4) > 0 && - !serviced_check_qname(c->buffer, sq->qbuf, - sq->qbuflen)) { - verbose(VERB_DETAIL, "wrong 0x20-ID in reply qname"); - log_addr(VERB_DETAIL, "from server", - &sq->addr, sq->addrlen); - log_buf(VERB_DETAIL, "for packet", c->buffer); - error = NETEVENT_CAPSFAIL; - /* and cleanup too */ - pkt_dname_tolower(c->buffer, - sldns_buffer_at(c->buffer, 12)); - } else { - verbose(VERB_ALGO, "good 0x20-ID in reply qname"); - /* cleanup caps, prettier cache contents. */ - pkt_dname_tolower(c->buffer, - sldns_buffer_at(c->buffer, 12)); - } - } - if(dobackup && c) { - /* make a backup of the query, since the querystate processing - * may send outgoing queries that overwrite the buffer. - * use secondary buffer to store the query. - * This is a data copy, but faster than packet to server */ - backlen = sldns_buffer_limit(c->buffer); - backup_p = memdup(sldns_buffer_begin(c->buffer), backlen); - if(!backup_p) { - log_err("malloc failure in serviced query callbacks"); - error = NETEVENT_CLOSED; - c = NULL; - } - sq->outnet->svcd_overhead = backlen; - } - /* test the actual sq->cblist, because the next elem could be deleted*/ - while((p=sq->cblist) != NULL) { - sq->cblist = p->next; /* remove this element */ - if(dobackup && c) { - sldns_buffer_clear(c->buffer); - sldns_buffer_write(c->buffer, backup_p, backlen); - sldns_buffer_flip(c->buffer); - } - fptr_ok(fptr_whitelist_serviced_query(p->cb)); - (void)(*p->cb)(c, p->cb_arg, error, rep); - free(p); - } - if(backup_p) { - free(backup_p); - sq->outnet->svcd_overhead = 0; - } - verbose(VERB_ALGO, "svcd callbacks end"); - log_assert(sq->cblist == NULL); - serviced_delete(sq); -} - -int -serviced_tcp_callback(struct comm_point* c, void* arg, int error, - struct comm_reply* rep) -{ - struct serviced_query* sq = (struct serviced_query*)arg; - struct comm_reply r2; - sq->pending = NULL; /* removed after this callback */ - if(error != NETEVENT_NOERROR) - log_addr(VERB_QUERY, "tcp error for address", - &sq->addr, sq->addrlen); - if(error==NETEVENT_NOERROR) - infra_update_tcp_works(sq->outnet->infra, &sq->addr, - sq->addrlen, sq->zone, sq->zonelen); -#ifdef USE_DNSTAP - if(error==NETEVENT_NOERROR && sq->outnet->dtenv && - (sq->outnet->dtenv->log_resolver_response_messages || - sq->outnet->dtenv->log_forwarder_response_messages)) - dt_msg_send_outside_response(sq->outnet->dtenv, &sq->addr, - c->type, sq->zone, sq->zonelen, sq->qbuf, sq->qbuflen, - &sq->last_sent_time, sq->outnet->now_tv, c->buffer); -#endif - if(error==NETEVENT_NOERROR && sq->status == serviced_query_TCP_EDNS && - (LDNS_RCODE_WIRE(sldns_buffer_begin(c->buffer)) == - LDNS_RCODE_FORMERR || LDNS_RCODE_WIRE(sldns_buffer_begin( - c->buffer)) == LDNS_RCODE_NOTIMPL) ) { - /* attempt to fallback to nonEDNS */ - sq->status = serviced_query_TCP_EDNS_fallback; - serviced_tcp_initiate(sq, c->buffer); - return 0; - } else if(error==NETEVENT_NOERROR && - sq->status == serviced_query_TCP_EDNS_fallback && - (LDNS_RCODE_WIRE(sldns_buffer_begin(c->buffer)) == - LDNS_RCODE_NOERROR || LDNS_RCODE_WIRE( - sldns_buffer_begin(c->buffer)) == LDNS_RCODE_NXDOMAIN - || LDNS_RCODE_WIRE(sldns_buffer_begin(c->buffer)) - == LDNS_RCODE_YXDOMAIN)) { - /* the fallback produced a result that looks promising, note - * that this server should be approached without EDNS */ - /* only store noEDNS in cache if domain is noDNSSEC */ - if(!sq->want_dnssec) - if(!infra_edns_update(sq->outnet->infra, &sq->addr, - sq->addrlen, sq->zone, sq->zonelen, -1, - *sq->outnet->now_secs)) - log_err("Out of memory caching no edns for host"); - sq->status = serviced_query_TCP; - } - if(sq->tcp_upstream || sq->ssl_upstream) { - struct timeval now = *sq->outnet->now_tv; - if(now.tv_sec > sq->last_sent_time.tv_sec || - (now.tv_sec == sq->last_sent_time.tv_sec && - now.tv_usec > sq->last_sent_time.tv_usec)) { - /* convert from microseconds to milliseconds */ - int roundtime = ((int)(now.tv_sec - sq->last_sent_time.tv_sec))*1000 - + ((int)now.tv_usec - (int)sq->last_sent_time.tv_usec)/1000; - verbose(VERB_ALGO, "measured TCP-time at %d msec", roundtime); - log_assert(roundtime >= 0); - /* only store if less then AUTH_TIMEOUT seconds, it could be - * huge due to system-hibernated and we woke up */ - if(roundtime < TCP_AUTH_QUERY_TIMEOUT*1000) { - if(!infra_rtt_update(sq->outnet->infra, &sq->addr, - sq->addrlen, sq->zone, sq->zonelen, sq->qtype, - roundtime, sq->last_rtt, (time_t)now.tv_sec)) - log_err("out of memory noting rtt."); - } - } - } - /* insert address into reply info */ - if(!rep) { - /* create one if there isn't (on errors) */ - rep = &r2; - r2.c = c; - } - memcpy(&rep->addr, &sq->addr, sq->addrlen); - rep->addrlen = sq->addrlen; - serviced_callbacks(sq, error, c, rep); - return 0; -} - -static void -serviced_tcp_initiate(struct serviced_query* sq, sldns_buffer* buff) -{ - verbose(VERB_ALGO, "initiate TCP query %s", - sq->status==serviced_query_TCP_EDNS?"EDNS":""); - serviced_encode(sq, buff, sq->status == serviced_query_TCP_EDNS); - sq->last_sent_time = *sq->outnet->now_tv; - sq->pending = pending_tcp_query(sq, buff, TCP_AUTH_QUERY_TIMEOUT, - serviced_tcp_callback, sq); - if(!sq->pending) { - /* delete from tree so that a retry by above layer does not - * clash with this entry */ - log_err("serviced_tcp_initiate: failed to send tcp query"); - serviced_callbacks(sq, NETEVENT_CLOSED, NULL, NULL); - } -} - -/** Send serviced query over TCP return false on initial failure */ -static int -serviced_tcp_send(struct serviced_query* sq, sldns_buffer* buff) -{ - int vs, rtt; - uint8_t edns_lame_known; - if(!infra_host(sq->outnet->infra, &sq->addr, sq->addrlen, sq->zone, - sq->zonelen, *sq->outnet->now_secs, &vs, &edns_lame_known, - &rtt)) - return 0; - if(vs != -1) - sq->status = serviced_query_TCP_EDNS; - else sq->status = serviced_query_TCP; - serviced_encode(sq, buff, sq->status == serviced_query_TCP_EDNS); - sq->last_sent_time = *sq->outnet->now_tv; - sq->pending = pending_tcp_query(sq, buff, TCP_AUTH_QUERY_TIMEOUT, - serviced_tcp_callback, sq); - return sq->pending != NULL; -} - -/* see if packet is edns malformed; got zeroes at start. - * This is from servers that return malformed packets to EDNS0 queries, - * but they return good packets for nonEDNS0 queries. - * We try to detect their output; without resorting to a full parse or - * check for too many bytes after the end of the packet. */ -static int -packet_edns_malformed(struct sldns_buffer* buf, int qtype) -{ - size_t len; - if(sldns_buffer_limit(buf) < LDNS_HEADER_SIZE) - return 1; /* malformed */ - /* they have NOERROR rcode, 1 answer. */ - if(LDNS_RCODE_WIRE(sldns_buffer_begin(buf)) != LDNS_RCODE_NOERROR) - return 0; - /* one query (to skip) and answer records */ - if(LDNS_QDCOUNT(sldns_buffer_begin(buf)) != 1 || - LDNS_ANCOUNT(sldns_buffer_begin(buf)) == 0) - return 0; - /* skip qname */ - len = dname_valid(sldns_buffer_at(buf, LDNS_HEADER_SIZE), - sldns_buffer_limit(buf)-LDNS_HEADER_SIZE); - if(len == 0) - return 0; - if(len == 1 && qtype == 0) - return 0; /* we asked for '.' and type 0 */ - /* and then 4 bytes (type and class of query) */ - if(sldns_buffer_limit(buf) < LDNS_HEADER_SIZE + len + 4 + 3) - return 0; - - /* and start with 11 zeroes as the answer RR */ - /* so check the qtype of the answer record, qname=0, type=0 */ - if(sldns_buffer_at(buf, LDNS_HEADER_SIZE+len+4)[0] == 0 && - sldns_buffer_at(buf, LDNS_HEADER_SIZE+len+4)[1] == 0 && - sldns_buffer_at(buf, LDNS_HEADER_SIZE+len+4)[2] == 0) - return 1; - return 0; -} - -int -serviced_udp_callback(struct comm_point* c, void* arg, int error, - struct comm_reply* rep) -{ - struct serviced_query* sq = (struct serviced_query*)arg; - struct outside_network* outnet = sq->outnet; - struct timeval now = *sq->outnet->now_tv; - int fallback_tcp = 0; - - sq->pending = NULL; /* removed after callback */ - if(error == NETEVENT_TIMEOUT) { - int rto = 0; - if(sq->status == serviced_query_PROBE_EDNS) { - /* non-EDNS probe failed; we do not know its status, - * keep trying with EDNS, timeout may not be caused - * by EDNS. */ - sq->status = serviced_query_UDP_EDNS; - } - if(sq->status == serviced_query_UDP_EDNS && sq->last_rtt < 5000) { - /* fallback to 1480/1280 */ - sq->status = serviced_query_UDP_EDNS_FRAG; - log_name_addr(VERB_ALGO, "try edns1xx0", sq->qbuf+10, - &sq->addr, sq->addrlen); - if(!serviced_udp_send(sq, c->buffer)) { - serviced_callbacks(sq, NETEVENT_CLOSED, c, rep); - } - return 0; - } - if(sq->status == serviced_query_UDP_EDNS_FRAG) { - /* fragmentation size did not fix it */ - sq->status = serviced_query_UDP_EDNS; - } - sq->retry++; - if(!(rto=infra_rtt_update(outnet->infra, &sq->addr, sq->addrlen, - sq->zone, sq->zonelen, sq->qtype, -1, sq->last_rtt, - (time_t)now.tv_sec))) - log_err("out of memory in UDP exponential backoff"); - if(sq->retry < OUTBOUND_UDP_RETRY) { - log_name_addr(VERB_ALGO, "retry query", sq->qbuf+10, - &sq->addr, sq->addrlen); - if(!serviced_udp_send(sq, c->buffer)) { - serviced_callbacks(sq, NETEVENT_CLOSED, c, rep); - } - return 0; - } - if(rto >= RTT_MAX_TIMEOUT) { - fallback_tcp = 1; - /* UDP does not work, fallback to TCP below */ - } else { - serviced_callbacks(sq, NETEVENT_TIMEOUT, c, rep); - return 0; - } - } else if(error != NETEVENT_NOERROR) { - /* udp returns error (due to no ID or interface available) */ - serviced_callbacks(sq, error, c, rep); - return 0; - } -#ifdef USE_DNSTAP - if(error == NETEVENT_NOERROR && outnet->dtenv && - (outnet->dtenv->log_resolver_response_messages || - outnet->dtenv->log_forwarder_response_messages)) - dt_msg_send_outside_response(outnet->dtenv, &sq->addr, c->type, - sq->zone, sq->zonelen, sq->qbuf, sq->qbuflen, - &sq->last_sent_time, sq->outnet->now_tv, c->buffer); -#endif - if(!fallback_tcp) { - if( (sq->status == serviced_query_UDP_EDNS - ||sq->status == serviced_query_UDP_EDNS_FRAG) - && (LDNS_RCODE_WIRE(sldns_buffer_begin(c->buffer)) - == LDNS_RCODE_FORMERR || LDNS_RCODE_WIRE( - sldns_buffer_begin(c->buffer)) == LDNS_RCODE_NOTIMPL - || packet_edns_malformed(c->buffer, sq->qtype) - )) { - /* try to get an answer by falling back without EDNS */ - verbose(VERB_ALGO, "serviced query: attempt without EDNS"); - sq->status = serviced_query_UDP_EDNS_fallback; - sq->retry = 0; - if(!serviced_udp_send(sq, c->buffer)) { - serviced_callbacks(sq, NETEVENT_CLOSED, c, rep); - } - return 0; - } else if(sq->status == serviced_query_PROBE_EDNS) { - /* probe without EDNS succeeds, so we conclude that this - * host likely has EDNS packets dropped */ - log_addr(VERB_DETAIL, "timeouts, concluded that connection to " - "host drops EDNS packets", &sq->addr, sq->addrlen); - /* only store noEDNS in cache if domain is noDNSSEC */ - if(!sq->want_dnssec) - if(!infra_edns_update(outnet->infra, &sq->addr, sq->addrlen, - sq->zone, sq->zonelen, -1, (time_t)now.tv_sec)) { - log_err("Out of memory caching no edns for host"); - } - sq->status = serviced_query_UDP; - } else if(sq->status == serviced_query_UDP_EDNS && - !sq->edns_lame_known) { - /* now we know that edns queries received answers store that */ - log_addr(VERB_ALGO, "serviced query: EDNS works for", - &sq->addr, sq->addrlen); - if(!infra_edns_update(outnet->infra, &sq->addr, sq->addrlen, - sq->zone, sq->zonelen, 0, (time_t)now.tv_sec)) { - log_err("Out of memory caching edns works"); - } - sq->edns_lame_known = 1; - } else if(sq->status == serviced_query_UDP_EDNS_fallback && - !sq->edns_lame_known && (LDNS_RCODE_WIRE( - sldns_buffer_begin(c->buffer)) == LDNS_RCODE_NOERROR || - LDNS_RCODE_WIRE(sldns_buffer_begin(c->buffer)) == - LDNS_RCODE_NXDOMAIN || LDNS_RCODE_WIRE(sldns_buffer_begin( - c->buffer)) == LDNS_RCODE_YXDOMAIN)) { - /* the fallback produced a result that looks promising, note - * that this server should be approached without EDNS */ - /* only store noEDNS in cache if domain is noDNSSEC */ - if(!sq->want_dnssec) { - log_addr(VERB_ALGO, "serviced query: EDNS fails for", - &sq->addr, sq->addrlen); - if(!infra_edns_update(outnet->infra, &sq->addr, sq->addrlen, - sq->zone, sq->zonelen, -1, (time_t)now.tv_sec)) { - log_err("Out of memory caching no edns for host"); - } - } else { - log_addr(VERB_ALGO, "serviced query: EDNS fails, but " - "not stored because need DNSSEC for", &sq->addr, - sq->addrlen); - } - sq->status = serviced_query_UDP; - } - if(now.tv_sec > sq->last_sent_time.tv_sec || - (now.tv_sec == sq->last_sent_time.tv_sec && - now.tv_usec > sq->last_sent_time.tv_usec)) { - /* convert from microseconds to milliseconds */ - int roundtime = ((int)(now.tv_sec - sq->last_sent_time.tv_sec))*1000 - + ((int)now.tv_usec - (int)sq->last_sent_time.tv_usec)/1000; - verbose(VERB_ALGO, "measured roundtrip at %d msec", roundtime); - log_assert(roundtime >= 0); - /* in case the system hibernated, do not enter a huge value, - * above this value gives trouble with server selection */ - if(roundtime < 60000) { - if(!infra_rtt_update(outnet->infra, &sq->addr, sq->addrlen, - sq->zone, sq->zonelen, sq->qtype, roundtime, - sq->last_rtt, (time_t)now.tv_sec)) - log_err("out of memory noting rtt."); - } - } - } /* end of if_!fallback_tcp */ - /* perform TC flag check and TCP fallback after updating our - * cache entries for EDNS status and RTT times */ - if(LDNS_TC_WIRE(sldns_buffer_begin(c->buffer)) || fallback_tcp) { - /* fallback to TCP */ - /* this discards partial UDP contents */ - if(sq->status == serviced_query_UDP_EDNS || - sq->status == serviced_query_UDP_EDNS_FRAG || - sq->status == serviced_query_UDP_EDNS_fallback) - /* if we have unfinished EDNS_fallback, start again */ - sq->status = serviced_query_TCP_EDNS; - else sq->status = serviced_query_TCP; - serviced_tcp_initiate(sq, c->buffer); - return 0; - } - /* yay! an answer */ - serviced_callbacks(sq, error, c, rep); - return 0; -} - -struct serviced_query* -outnet_serviced_query(struct outside_network* outnet, - struct query_info* qinfo, uint16_t flags, int dnssec, int want_dnssec, - int nocaps, int tcp_upstream, int ssl_upstream, - struct sockaddr_storage* addr, socklen_t addrlen, uint8_t* zone, - size_t zonelen, struct module_qstate* qstate, - comm_point_callback_type* callback, void* callback_arg, sldns_buffer* buff, - struct module_env* env) -{ - struct serviced_query* sq; - struct service_callback* cb; - if(!inplace_cb_query_call(env, qinfo, flags, addr, addrlen, zone, zonelen, - qstate, qstate->region)) - return NULL; - serviced_gen_query(buff, qinfo->qname, qinfo->qname_len, qinfo->qtype, - qinfo->qclass, flags); - sq = lookup_serviced(outnet, buff, dnssec, addr, addrlen, - qstate->edns_opts_back_out); - /* duplicate entries are included in the callback list, because - * there is a counterpart registration by our caller that needs to - * be doubly-removed (with callbacks perhaps). */ - if(!(cb = (struct service_callback*)malloc(sizeof(*cb)))) - return NULL; - if(!sq) { - /* make new serviced query entry */ - sq = serviced_create(outnet, buff, dnssec, want_dnssec, nocaps, - tcp_upstream, ssl_upstream, addr, addrlen, zone, - zonelen, (int)qinfo->qtype, qstate->edns_opts_back_out); - if(!sq) { - free(cb); - return NULL; - } - /* perform first network action */ - if(outnet->do_udp && !(tcp_upstream || ssl_upstream)) { - if(!serviced_udp_send(sq, buff)) { - (void)rbtree_delete(outnet->serviced, sq); - free(sq->qbuf); - free(sq->zone); - free(sq); - free(cb); - return NULL; - } - } else { - if(!serviced_tcp_send(sq, buff)) { - (void)rbtree_delete(outnet->serviced, sq); - free(sq->qbuf); - free(sq->zone); - free(sq); - free(cb); - return NULL; - } - } - } - /* add callback to list of callbacks */ - cb->cb = callback; - cb->cb_arg = callback_arg; - cb->next = sq->cblist; - sq->cblist = cb; - return sq; -} - -/** remove callback from list */ -static void -callback_list_remove(struct serviced_query* sq, void* cb_arg) -{ - struct service_callback** pp = &sq->cblist; - while(*pp) { - if((*pp)->cb_arg == cb_arg) { - struct service_callback* del = *pp; - *pp = del->next; - free(del); - return; - } - pp = &(*pp)->next; - } -} - -void outnet_serviced_query_stop(struct serviced_query* sq, void* cb_arg) -{ - if(!sq) - return; - callback_list_remove(sq, cb_arg); - /* if callbacks() routine scheduled deletion, let it do that */ - if(!sq->cblist && !sq->to_be_deleted) { - (void)rbtree_delete(sq->outnet->serviced, sq); - serviced_delete(sq); - } -} - -/** get memory used by waiting tcp entry (in use or not) */ -static size_t -waiting_tcp_get_mem(struct waiting_tcp* w) -{ - size_t s; - if(!w) return 0; - s = sizeof(*w) + w->pkt_len; - if(w->timer) - s += comm_timer_get_mem(w->timer); - return s; -} - -/** get memory used by port if */ -static size_t -if_get_mem(struct port_if* pif) -{ - size_t s; - int i; - s = sizeof(*pif) + sizeof(int)*pif->avail_total + - sizeof(struct port_comm*)*pif->maxout; - for(i=0; iinuse; i++) - s += sizeof(*pif->out[i]) + - comm_point_get_mem(pif->out[i]->cp); - return s; -} - -/** get memory used by waiting udp */ -static size_t -waiting_udp_get_mem(struct pending* w) -{ - size_t s; - s = sizeof(*w) + comm_timer_get_mem(w->timer) + w->pkt_len; - return s; -} - -size_t outnet_get_mem(struct outside_network* outnet) -{ - size_t i; - int k; - struct waiting_tcp* w; - struct pending* u; - struct serviced_query* sq; - struct service_callback* sb; - struct port_comm* pc; - size_t s = sizeof(*outnet) + sizeof(*outnet->base) + - sizeof(*outnet->udp_buff) + - sldns_buffer_capacity(outnet->udp_buff); - /* second buffer is not ours */ - for(pc = outnet->unused_fds; pc; pc = pc->next) { - s += sizeof(*pc) + comm_point_get_mem(pc->cp); - } - for(k=0; knum_ip4; k++) - s += if_get_mem(&outnet->ip4_ifs[k]); - for(k=0; knum_ip6; k++) - s += if_get_mem(&outnet->ip6_ifs[k]); - for(u=outnet->udp_wait_first; u; u=u->next_waiting) - s += waiting_udp_get_mem(u); - - s += sizeof(struct pending_tcp*)*outnet->num_tcp; - for(i=0; inum_tcp; i++) { - s += sizeof(struct pending_tcp); - s += comm_point_get_mem(outnet->tcp_conns[i]->c); - if(outnet->tcp_conns[i]->query) - s += waiting_tcp_get_mem(outnet->tcp_conns[i]->query); - } - for(w=outnet->tcp_wait_first; w; w = w->next_waiting) - s += waiting_tcp_get_mem(w); - s += sizeof(*outnet->pending); - s += (sizeof(struct pending) + comm_timer_get_mem(NULL)) * - outnet->pending->count; - s += sizeof(*outnet->serviced); - s += outnet->svcd_overhead; - RBTREE_FOR(sq, struct serviced_query*, outnet->serviced) { - s += sizeof(*sq) + sq->qbuflen; - for(sb = sq->cblist; sb; sb = sb->next) - s += sizeof(*sb); - } - return s; -} - -size_t -serviced_get_mem(struct serviced_query* sq) -{ - struct service_callback* sb; - size_t s; - s = sizeof(*sq) + sq->qbuflen; - for(sb = sq->cblist; sb; sb = sb->next) - s += sizeof(*sb); - if(sq->status == serviced_query_UDP_EDNS || - sq->status == serviced_query_UDP || - sq->status == serviced_query_PROBE_EDNS || - sq->status == serviced_query_UDP_EDNS_FRAG || - sq->status == serviced_query_UDP_EDNS_fallback) { - s += sizeof(struct pending); - s += comm_timer_get_mem(NULL); - } else { - /* does not have size of the pkt pointer */ - /* always has a timer except on malloc failures */ - - /* these sizes are part of the main outside network mem */ - /* - s += sizeof(struct waiting_tcp); - s += comm_timer_get_mem(NULL); - */ - } - return s; -} - diff --git a/external/unbound/services/outside_network.h b/external/unbound/services/outside_network.h deleted file mode 100644 index befd512f0..000000000 --- a/external/unbound/services/outside_network.h +++ /dev/null @@ -1,567 +0,0 @@ -/* - * services/outside_network.h - listen to answers from the network - * - * Copyright (c) 2007, NLnet Labs. All rights reserved. - * - * This software is open source. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * Redistributions of source code must retain the above copyright notice, - * this list of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, - * this list of conditions and the following disclaimer in the documentation - * and/or other materials provided with the distribution. - * - * Neither the name of the NLNET LABS nor the names of its contributors may - * be used to endorse or promote products derived from this software without - * specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR - * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT - * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED - * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR - * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF - * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING - * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -/** - * \file - * - * This file has functions to send queries to authoritative servers, - * and wait for the pending answer, with timeouts. - */ - -#ifndef OUTSIDE_NETWORK_H -#define OUTSIDE_NETWORK_H - -#include "util/rbtree.h" -#include "util/netevent.h" -#include "dnstap/dnstap_config.h" -struct pending; -struct pending_timeout; -struct ub_randstate; -struct pending_tcp; -struct waiting_tcp; -struct waiting_udp; -struct infra_cache; -struct port_comm; -struct port_if; -struct sldns_buffer; -struct serviced_query; -struct dt_env; -struct edns_option; -struct module_env; -struct module_qstate; -struct query_info; - -/** - * Send queries to outside servers and wait for answers from servers. - * Contains answer-listen sockets. - */ -struct outside_network { - /** Base for select calls */ - struct comm_base* base; - /** pointer to time in seconds */ - time_t* now_secs; - /** pointer to time in microseconds */ - struct timeval* now_tv; - - /** buffer shared by UDP connections, since there is only one - datagram at any time. */ - struct sldns_buffer* udp_buff; - /** serviced_callbacks malloc overhead when processing multiple - * identical serviced queries to the same server. */ - size_t svcd_overhead; - /** use x20 bits to encode additional ID random bits */ - int use_caps_for_id; - /** outside network wants to quit. Stop queued msgs from sent. */ - int want_to_quit; - - /** number of unwanted replies received (for statistics) */ - size_t unwanted_replies; - /** cumulative total of unwanted replies (for defense) */ - size_t unwanted_total; - /** threshold when to take defensive action. If 0 then never. */ - size_t unwanted_threshold; - /** what action to take, called when defensive action is needed */ - void (*unwanted_action)(void*); - /** user param for action */ - void* unwanted_param; - - /** linked list of available commpoints, unused file descriptors, - * for use as outgoing UDP ports. cp.fd=-1 in them. */ - struct port_comm* unused_fds; - /** if udp is done */ - int do_udp; - /** if udp is delay-closed (delayed answers do not meet closed port)*/ - int delayclose; - /** timeout for delayclose */ - struct timeval delay_tv; - - /** array of outgoing IP4 interfaces */ - struct port_if* ip4_ifs; - /** number of outgoing IP4 interfaces */ - int num_ip4; - - /** array of outgoing IP6 interfaces */ - struct port_if* ip6_ifs; - /** number of outgoing IP6 interfaces */ - int num_ip6; - - /** pending udp queries waiting to be sent out, waiting for fd */ - struct pending* udp_wait_first; - /** last pending udp query in list */ - struct pending* udp_wait_last; - - /** pending udp answers. sorted by id, addr */ - rbtree_type* pending; - /** serviced queries, sorted by qbuf, addr, dnssec */ - rbtree_type* serviced; - /** host cache, pointer but not owned by outnet. */ - struct infra_cache* infra; - /** where to get random numbers */ - struct ub_randstate* rnd; - /** ssl context to create ssl wrapped TCP with DNS connections */ - void* sslctx; -#ifdef USE_DNSTAP - /** dnstap environment */ - struct dt_env* dtenv; -#endif - /** maximum segment size of tcp socket */ - int tcp_mss; - - /** - * Array of tcp pending used for outgoing TCP connections. - * Each can be used to establish a TCP connection with a server. - * The file descriptors are -1 if they are free, and need to be - * opened for the tcp connection. Can be used for ip4 and ip6. - */ - struct pending_tcp **tcp_conns; - /** number of tcp communication points. */ - size_t num_tcp; - /** number of tcp communication points in use. */ - size_t num_tcp_outgoing; - /** list of tcp comm points that are free for use */ - struct pending_tcp* tcp_free; - /** list of tcp queries waiting for a buffer */ - struct waiting_tcp* tcp_wait_first; - /** last of waiting query list */ - struct waiting_tcp* tcp_wait_last; -}; - -/** - * Outgoing interface. Ports available and currently used are tracked - * per interface - */ -struct port_if { - /** address ready to allocate new socket (except port no). */ - struct sockaddr_storage addr; - /** length of addr field */ - socklen_t addrlen; - - /** prefix length of network address (in bits), for randomisation. - * if 0, no randomisation. */ - int pfxlen; - - /** the available ports array. These are unused. - * Only the first total-inuse part is filled. */ - int* avail_ports; - /** the total number of available ports (size of the array) */ - int avail_total; - - /** array of the commpoints currently in use. - * allocated for max number of fds, first part in use. */ - struct port_comm** out; - /** max number of fds, size of out array */ - int maxout; - /** number of commpoints (and thus also ports) in use */ - int inuse; -}; - -/** - * Outgoing commpoint for UDP port. - */ -struct port_comm { - /** next in free list */ - struct port_comm* next; - /** which port number (when in use) */ - int number; - /** interface it is used in */ - struct port_if* pif; - /** index in the out array of the interface */ - int index; - /** number of outstanding queries on this port */ - int num_outstanding; - /** UDP commpoint, fd=-1 if not in use */ - struct comm_point* cp; -}; - -/** - * A query that has an answer pending for it. - */ -struct pending { - /** redblacktree entry, key is the pending struct(id, addr). */ - rbnode_type node; - /** the ID for the query. int so that a value out of range can - * be used to signify a pending that is for certain not present in - * the rbtree. (and for which deletion is safe). */ - unsigned int id; - /** remote address. */ - struct sockaddr_storage addr; - /** length of addr field in use. */ - socklen_t addrlen; - /** comm point it was sent on (and reply must come back on). */ - struct port_comm* pc; - /** timeout event */ - struct comm_timer* timer; - /** callback for the timeout, error or reply to the message */ - comm_point_callback_type* cb; - /** callback user argument */ - void* cb_arg; - /** the outside network it is part of */ - struct outside_network* outnet; - /** the corresponding serviced_query */ - struct serviced_query* sq; - - /*---- filled if udp pending is waiting -----*/ - /** next in waiting list. */ - struct pending* next_waiting; - /** timeout in msec */ - int timeout; - /** The query itself, the query packet to send. */ - uint8_t* pkt; - /** length of query packet. */ - size_t pkt_len; -}; - -/** - * Pending TCP query to server. - */ -struct pending_tcp { - /** next in list of free tcp comm points, or NULL. */ - struct pending_tcp* next_free; - /** the ID for the query; checked in reply */ - uint16_t id; - /** tcp comm point it was sent on (and reply must come back on). */ - struct comm_point* c; - /** the query being serviced, NULL if the pending_tcp is unused. */ - struct waiting_tcp* query; -}; - -/** - * Query waiting for TCP buffer. - */ -struct waiting_tcp { - /** - * next in waiting list. - * if pkt==0, this points to the pending_tcp structure. - */ - struct waiting_tcp* next_waiting; - /** timeout event; timer keeps running whether the query is - * waiting for a buffer or the tcp reply is pending */ - struct comm_timer* timer; - /** the outside network it is part of */ - struct outside_network* outnet; - /** remote address. */ - struct sockaddr_storage addr; - /** length of addr field in use. */ - socklen_t addrlen; - /** - * The query itself, the query packet to send. - * allocated after the waiting_tcp structure. - * set to NULL when the query is serviced and it part of pending_tcp. - * if this is NULL, the next_waiting points to the pending_tcp. - */ - uint8_t* pkt; - /** length of query packet. */ - size_t pkt_len; - /** callback for the timeout, error or reply to the message */ - comm_point_callback_type* cb; - /** callback user argument */ - void* cb_arg; - /** if it uses ssl upstream */ - int ssl_upstream; -}; - -/** - * Callback to party interested in serviced query results. - */ -struct service_callback { - /** next in callback list */ - struct service_callback* next; - /** callback function */ - comm_point_callback_type* cb; - /** user argument for callback function */ - void* cb_arg; -}; - -/** fallback size for fragmentation for EDNS in IPv4 */ -#define EDNS_FRAG_SIZE_IP4 1472 -/** fallback size for EDNS in IPv6, fits one fragment with ip6-tunnel-ids */ -#define EDNS_FRAG_SIZE_IP6 1232 - -/** - * Query service record. - * Contains query and destination. UDP, TCP, EDNS are all tried. - * complete with retries and timeouts. A number of interested parties can - * receive a callback. - */ -struct serviced_query { - /** The rbtree node, key is this record */ - rbnode_type node; - /** The query that needs to be answered. Starts with flags u16, - * then qdcount, ..., including qname, qtype, qclass. Does not include - * EDNS record. */ - uint8_t* qbuf; - /** length of qbuf. */ - size_t qbuflen; - /** If an EDNS section is included, the DO/CD bit will be turned on. */ - int dnssec; - /** We want signatures, or else the answer is likely useless */ - int want_dnssec; - /** ignore capsforid */ - int nocaps; - /** tcp upstream used, use tcp, or ssl_upstream for SSL */ - int tcp_upstream, ssl_upstream; - /** where to send it */ - struct sockaddr_storage addr; - /** length of addr field in use. */ - socklen_t addrlen; - /** zone name, uncompressed domain name in wireformat */ - uint8_t* zone; - /** length of zone name */ - size_t zonelen; - /** qtype */ - int qtype; - /** current status */ - enum serviced_query_status { - /** initial status */ - serviced_initial, - /** UDP with EDNS sent */ - serviced_query_UDP_EDNS, - /** UDP without EDNS sent */ - serviced_query_UDP, - /** TCP with EDNS sent */ - serviced_query_TCP_EDNS, - /** TCP without EDNS sent */ - serviced_query_TCP, - /** probe to test EDNS lameness (EDNS is dropped) */ - serviced_query_PROBE_EDNS, - /** probe to test noEDNS0 (EDNS gives FORMERRorNOTIMP) */ - serviced_query_UDP_EDNS_fallback, - /** probe to test TCP noEDNS0 (EDNS gives FORMERRorNOTIMP) */ - serviced_query_TCP_EDNS_fallback, - /** send UDP query with EDNS1480 (or 1280) */ - serviced_query_UDP_EDNS_FRAG - } - /** variable with current status */ - status; - /** true if serviced_query is scheduled for deletion already */ - int to_be_deleted; - /** number of UDP retries */ - int retry; - /** time last UDP was sent */ - struct timeval last_sent_time; - /** rtt of last (UDP) message */ - int last_rtt; - /** do we know edns probe status already, for UDP_EDNS queries */ - int edns_lame_known; - /** edns options to use for sending upstream packet */ - struct edns_option* opt_list; - /** outside network this is part of */ - struct outside_network* outnet; - /** list of interested parties that need callback on results. */ - struct service_callback* cblist; - /** the UDP or TCP query that is pending, see status which */ - void* pending; -}; - -/** - * Create outside_network structure with N udp ports. - * @param base: the communication base to use for event handling. - * @param bufsize: size for network buffers. - * @param num_ports: number of udp ports to open per interface. - * @param ifs: interface names (or NULL for default interface). - * These interfaces must be able to access all authoritative servers. - * @param num_ifs: number of names in array ifs. - * @param do_ip4: service IP4. - * @param do_ip6: service IP6. - * @param num_tcp: number of outgoing tcp buffers to preallocate. - * @param infra: pointer to infra cached used for serviced queries. - * @param rnd: stored to create random numbers for serviced queries. - * @param use_caps_for_id: enable to use 0x20 bits to encode id randomness. - * @param availports: array of available ports. - * @param numavailports: number of available ports in array. - * @param unwanted_threshold: when to take defensive action. - * @param unwanted_action: the action to take. - * @param unwanted_param: user parameter to action. - * @param tcp_mss: maximum segment size of tcp socket. - * @param do_udp: if udp is done. - * @param sslctx: context to create outgoing connections with (if enabled). - * @param delayclose: if not 0, udp sockets are delayed before timeout closure. - * msec to wait on timeouted udp sockets. - * @param dtenv: environment to send dnstap events with (if enabled). - * @return: the new structure (with no pending answers) or NULL on error. - */ -struct outside_network* outside_network_create(struct comm_base* base, - size_t bufsize, size_t num_ports, char** ifs, int num_ifs, - int do_ip4, int do_ip6, size_t num_tcp, struct infra_cache* infra, - struct ub_randstate* rnd, int use_caps_for_id, int* availports, - int numavailports, size_t unwanted_threshold, int tcp_mss, - void (*unwanted_action)(void*), void* unwanted_param, int do_udp, - void* sslctx, int delayclose, struct dt_env *dtenv); - -/** - * Delete outside_network structure. - * @param outnet: object to delete. - */ -void outside_network_delete(struct outside_network* outnet); - -/** - * Prepare for quit. Sends no more queries, even if queued up. - * @param outnet: object to prepare for removal - */ -void outside_network_quit_prepare(struct outside_network* outnet); - -/** - * Send UDP query, create pending answer. - * Changes the ID for the query to be random and unique for that destination. - * @param sq: serviced query. - * @param packet: wireformat query to send to destination. - * @param timeout: in milliseconds from now. - * @param callback: function to call on error, timeout or reply. - * @param callback_arg: user argument for callback function. - * @return: NULL on error for malloc or socket. Else the pending query object. - */ -struct pending* pending_udp_query(struct serviced_query* sq, - struct sldns_buffer* packet, int timeout, comm_point_callback_type* callback, - void* callback_arg); - -/** - * Send TCP query. May wait for TCP buffer. Selects ID to be random, and - * checks id. - * @param sq: serviced query. - * @param packet: wireformat query to send to destination. copied from. - * @param timeout: in seconds from now. - * Timer starts running now. Timer may expire if all buffers are used, - * without any query been sent to the server yet. - * @param callback: function to call on error, timeout or reply. - * @param callback_arg: user argument for callback function. - * @return: false on error for malloc or socket. Else the pending TCP object. - */ -struct waiting_tcp* pending_tcp_query(struct serviced_query* sq, - struct sldns_buffer* packet, int timeout, comm_point_callback_type* callback, - void* callback_arg); - -/** - * Delete pending answer. - * @param outnet: outside network the pending query is part of. - * Internal feature: if outnet is NULL, p is not unlinked from rbtree. - * @param p: deleted - */ -void pending_delete(struct outside_network* outnet, struct pending* p); - -/** - * Perform a serviced query to the authoritative servers. - * Duplicate efforts are detected, and EDNS, TCP and UDP retry is performed. - * @param outnet: outside network, with rbtree of serviced queries. - * @param qinfo: query info. - * @param flags: flags u16 (host format), includes opcode, CD bit. - * @param dnssec: if set, DO bit is set in EDNS queries. - * If the value includes BIT_CD, CD bit is set when in EDNS queries. - * If the value includes BIT_DO, DO bit is set when in EDNS queries. - * @param want_dnssec: signatures are needed, without EDNS the answer is - * likely to be useless. - * @param nocaps: ignore use_caps_for_id and use unperturbed qname. - * @param tcp_upstream: use TCP for upstream queries. - * @param ssl_upstream: use SSL for upstream queries. - * @param addr: to which server to send the query. - * @param addrlen: length of addr. - * @param zone: name of the zone of the delegation point. wireformat dname. - This is the delegation point name for which the server is deemed - authoritative. - * @param zonelen: length of zone. - * @param qstate: module qstate. Mainly for inspecting the available - * edns_opts_lists. - * @param callback: callback function. - * @param callback_arg: user argument to callback function. - * @param buff: scratch buffer to create query contents in. Empty on exit. - * @param env: the module environment. - * @return 0 on error, or pointer to serviced query that is used to answer - * this serviced query may be shared with other callbacks as well. - */ -struct serviced_query* outnet_serviced_query(struct outside_network* outnet, - struct query_info* qinfo, uint16_t flags, int dnssec, int want_dnssec, - int nocaps, int tcp_upstream, int ssl_upstream, - struct sockaddr_storage* addr, socklen_t addrlen, uint8_t* zone, - size_t zonelen, struct module_qstate* qstate, - comm_point_callback_type* callback, void* callback_arg, - struct sldns_buffer* buff, struct module_env* env); - -/** - * Remove service query callback. - * If that leads to zero callbacks, the query is completely cancelled. - * @param sq: serviced query to adjust. - * @param cb_arg: callback argument of callback that needs removal. - * same as the callback_arg to outnet_serviced_query(). - */ -void outnet_serviced_query_stop(struct serviced_query* sq, void* cb_arg); - -/** - * Get memory size in use by outside network. - * Counts buffers and outstanding query (serviced queries) malloced data. - * @param outnet: outside network structure. - * @return size in bytes. - */ -size_t outnet_get_mem(struct outside_network* outnet); - -/** - * Get memory size in use by serviced query while it is servicing callbacks. - * This takes into account the pre-deleted status of it; it will be deleted - * when the callbacks are done. - * @param sq: serviced query. - * @return size in bytes. - */ -size_t serviced_get_mem(struct serviced_query* sq); - -/** callback for incoming udp answers from the network */ -int outnet_udp_cb(struct comm_point* c, void* arg, int error, - struct comm_reply *reply_info); - -/** callback for pending tcp connections */ -int outnet_tcp_cb(struct comm_point* c, void* arg, int error, - struct comm_reply *reply_info); - -/** callback for udp timeout */ -void pending_udp_timer_cb(void *arg); - -/** callback for udp delay for timeout */ -void pending_udp_timer_delay_cb(void *arg); - -/** callback for outgoing TCP timer event */ -void outnet_tcptimer(void* arg); - -/** callback for serviced query UDP answers */ -int serviced_udp_callback(struct comm_point* c, void* arg, int error, - struct comm_reply* rep); - -/** TCP reply or error callback for serviced queries */ -int serviced_tcp_callback(struct comm_point* c, void* arg, int error, - struct comm_reply* rep); - -/** compare function of pending rbtree */ -int pending_cmp(const void* key1, const void* key2); - -/** compare function of serviced query rbtree */ -int serviced_cmp(const void* key1, const void* key2); - -#endif /* OUTSIDE_NETWORK_H */ diff --git a/external/unbound/services/view.c b/external/unbound/services/view.c deleted file mode 100644 index 33f4f4986..000000000 --- a/external/unbound/services/view.c +++ /dev/null @@ -1,212 +0,0 @@ -/* - * services/view.c - named views containing local zones authority service. - * - * Copyright (c) 2016, NLnet Labs. All rights reserved. - * - * This software is open source. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * Redistributions of source code must retain the above copyright notice, - * this list of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, - * this list of conditions and the following disclaimer in the documentation - * and/or other materials provided with the distribution. - * - * Neither the name of the NLNET LABS nor the names of its contributors may - * be used to endorse or promote products derived from this software without - * specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR - * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT - * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED - * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR - * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF - * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING - * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -/** - * \file - * - * This file contains functions to enable named views that can hold local zone - * authority service. - */ -#include "config.h" -#include "services/view.h" -#include "services/localzone.h" -#include "util/config_file.h" - -int -view_cmp(const void* v1, const void* v2) -{ - struct view* a = (struct view*)v1; - struct view* b = (struct view*)v2; - - return strcmp(a->name, b->name); -} - -struct views* -views_create(void) -{ - struct views* v = (struct views*)calloc(1, - sizeof(*v)); - if(!v) - return NULL; - rbtree_init(&v->vtree, &view_cmp); - lock_rw_init(&v->lock); - lock_protect(&v->lock, &v->vtree, sizeof(v->vtree)); - return v; -} - -/** This prototype is defined in in respip.h, but we want to avoid - * unnecessary dependencies */ -void respip_set_delete(struct respip_set *set); - -void -view_delete(struct view* v) -{ - if(!v) - return; - lock_rw_destroy(&v->lock); - local_zones_delete(v->local_zones); - respip_set_delete(v->respip_set); - free(v->name); - free(v); -} - -static void -delviewnode(rbnode_type* n, void* ATTR_UNUSED(arg)) -{ - struct view* v = (struct view*)n; - view_delete(v); -} - -void -views_delete(struct views* v) -{ - if(!v) - return; - lock_rw_destroy(&v->lock); - traverse_postorder(&v->vtree, delviewnode, NULL); - free(v); -} - -/** create a new view */ -static struct view* -view_create(char* name) -{ - struct view* v = (struct view*)calloc(1, sizeof(*v)); - if(!v) - return NULL; - v->node.key = v; - if(!(v->name = strdup(name))) { - free(v); - return NULL; - } - lock_rw_init(&v->lock); - lock_protect(&v->lock, &v->name, sizeof(*v)-sizeof(rbnode_type)); - return v; -} - -/** enter a new view returns with WRlock */ -static struct view* -views_enter_view_name(struct views* vs, char* name) -{ - struct view* v = view_create(name); - if(!v) { - log_err("out of memory"); - return NULL; - } - - /* add to rbtree */ - lock_rw_wrlock(&vs->lock); - lock_rw_wrlock(&v->lock); - if(!rbtree_insert(&vs->vtree, &v->node)) { - log_warn("duplicate view: %s", name); - lock_rw_unlock(&v->lock); - view_delete(v); - lock_rw_unlock(&vs->lock); - return NULL; - } - lock_rw_unlock(&vs->lock); - return v; -} - -int -views_apply_cfg(struct views* vs, struct config_file* cfg) -{ - struct config_view* cv; - struct view* v; - struct config_file lz_cfg; - /* Check existence of name in first view (last in config). Rest of - * views are already checked when parsing config. */ - if(cfg->views && !cfg->views->name) { - log_err("view without a name"); - return 0; - } - for(cv = cfg->views; cv; cv = cv->next) { - /* create and enter view */ - if(!(v = views_enter_view_name(vs, cv->name))) - return 0; - v->isfirst = cv->isfirst; - if(cv->local_zones || cv->local_data) { - if(!(v->local_zones = local_zones_create())){ - lock_rw_unlock(&v->lock); - return 0; - } - memset(&lz_cfg, 0, sizeof(lz_cfg)); - lz_cfg.local_zones = cv->local_zones; - lz_cfg.local_data = cv->local_data; - lz_cfg.local_zones_nodefault = - cv->local_zones_nodefault; - if(!local_zones_apply_cfg(v->local_zones, &lz_cfg)){ - lock_rw_unlock(&v->lock); - return 0; - } - /* local_zones, local_zones_nodefault and local_data - * are free'd from config_view by local_zones_apply_cfg. - * Set pointers to NULL. */ - cv->local_zones = NULL; - cv->local_data = NULL; - cv->local_zones_nodefault = NULL; - } - lock_rw_unlock(&v->lock); - } - return 1; -} - -/** find a view by name */ -struct view* -views_find_view(struct views* vs, const char* name, int write) -{ - struct view* v; - struct view key; - key.node.key = &v; - key.name = (char *)name; - lock_rw_rdlock(&vs->lock); - if(!(v = (struct view*)rbtree_search(&vs->vtree, &key.node))) { - lock_rw_unlock(&vs->lock); - return 0; - } - if(write) { - lock_rw_wrlock(&v->lock); - } else { - lock_rw_rdlock(&v->lock); - } - lock_rw_unlock(&vs->lock); - return v; -} - -void views_print(struct views* v) -{ - /* TODO implement print */ - (void)v; -} diff --git a/external/unbound/services/view.h b/external/unbound/services/view.h deleted file mode 100644 index e0b346419..000000000 --- a/external/unbound/services/view.h +++ /dev/null @@ -1,137 +0,0 @@ -/* - * services/view.h - named views containing local zones authority service. - * - * Copyright (c) 2016, NLnet Labs. All rights reserved. - * - * This software is open source. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * Redistributions of source code must retain the above copyright notice, - * this list of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, - * this list of conditions and the following disclaimer in the documentation - * and/or other materials provided with the distribution. - * - * Neither the name of the NLNET LABS nor the names of its contributors may - * be used to endorse or promote products derived from this software without - * specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR - * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT - * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED - * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR - * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF - * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING - * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -/** - * \file - * - * This file contains functions to enable named views that can hold local zone - * authority service. - */ - -#ifndef SERVICES_VIEW_H -#define SERVICES_VIEW_H -#include "util/rbtree.h" -#include "util/locks.h" -struct regional; -struct config_file; -struct config_view; -struct respip_set; - - -/** - * Views storage, shared. - */ -struct views { - /** lock on the view tree */ - lock_rw_type lock; - /** rbtree of struct view */ - rbtree_type vtree; -}; - -/** - * View. Named structure holding local authority zones. - */ -struct view { - /** rbtree node, key is name */ - rbnode_type node; - /** view name. - * Has to be right after rbnode_t due to pointer arithmatic in - * view_create's lock protect */ - char* name; - /** view specific local authority zones */ - struct local_zones* local_zones; - /** response-ip configuration data for this view */ - struct respip_set* respip_set; - /** Fallback to global local_zones when there is no match in the view - * specific tree. 1 for yes, 0 for no */ - int isfirst; - /** lock on the data in the structure - * For the node and name you need to also hold the views_tree lock to - * change them. */ - lock_rw_type lock; -}; - - -/** - * Create views storage - * @return new struct or NULL on error. - */ -struct views* views_create(void); - -/** - * Delete views storage - * @param v: views to delete. - */ -void views_delete(struct views* v); - -/** - * Apply config settings; - * Takes care of locking. - * @param v: view is set up. - * @param cfg: config data. - * @return false on error. - */ -int views_apply_cfg(struct views* v, struct config_file* cfg); - -/** - * Compare two view entries in rbtree. Sort canonical. - * @param v1: view 1 - * @param v2: view 2 - * @return: negative, positive or 0 comparison value. - */ -int view_cmp(const void* v1, const void* v2); - -/** - * Delete one view - * @param v: view to delete. - */ -void view_delete(struct view* v); - -/** - * Debug helper. Print all views - * Takes care of locking. - * @param v: the views tree - */ -void views_print(struct views* v); - -/* Find a view by name. - * @param vs: views - * @param name: name of the view we are looking for - * @param write: 1 for obtaining write lock on found view, 0 for read lock - * @return: locked view or NULL. - */ -struct view* views_find_view(struct views* vs, const char* name, int write); - -#endif /* SERVICES_VIEW_H */ diff --git a/external/unbound/sldns/keyraw.c b/external/unbound/sldns/keyraw.c deleted file mode 100644 index e8f2da089..000000000 --- a/external/unbound/sldns/keyraw.c +++ /dev/null @@ -1,408 +0,0 @@ -/* - * keyraw.c - raw key operations and conversions - * - * (c) NLnet Labs, 2004-2008 - * - * See the file LICENSE for the license - */ -/** - * \file - * Implementation of raw DNSKEY functions (work on wire rdata). - */ - -#include "config.h" -#include "sldns/keyraw.h" -#include "sldns/rrdef.h" - -#ifdef HAVE_SSL -#include -#include -#include -#include -#include -#ifdef HAVE_OPENSSL_ENGINE_H -# include -#endif -#ifdef HAVE_OPENSSL_BN_H -#include -#endif -#ifdef HAVE_OPENSSL_RSA_H -#include -#endif -#ifdef HAVE_OPENSSL_DSA_H -#include -#endif -#endif /* HAVE_SSL */ - -size_t -sldns_rr_dnskey_key_size_raw(const unsigned char* keydata, - const size_t len, int alg) -{ - /* for DSA keys */ - uint8_t t; - - /* for RSA keys */ - uint16_t exp; - uint16_t int16; - - switch ((sldns_algorithm)alg) { - case LDNS_DSA: - case LDNS_DSA_NSEC3: - if (len > 0) { - t = keydata[0]; - return (64 + t*8)*8; - } else { - return 0; - } - break; - case LDNS_RSAMD5: - case LDNS_RSASHA1: - case LDNS_RSASHA1_NSEC3: -#ifdef USE_SHA2 - case LDNS_RSASHA256: - case LDNS_RSASHA512: -#endif - if (len > 0) { - if (keydata[0] == 0) { - /* big exponent */ - if (len > 3) { - memmove(&int16, keydata + 1, 2); - exp = ntohs(int16); - return (len - exp - 3)*8; - } else { - return 0; - } - } else { - exp = keydata[0]; - return (len-exp-1)*8; - } - } else { - return 0; - } - break; -#ifdef USE_GOST - case LDNS_ECC_GOST: - return 512; -#endif -#ifdef USE_ECDSA - case LDNS_ECDSAP256SHA256: - return 256; - case LDNS_ECDSAP384SHA384: - return 384; -#endif - default: - return 0; - } -} - -uint16_t sldns_calc_keytag_raw(uint8_t* key, size_t keysize) -{ - if(keysize < 4) { - return 0; - } - /* look at the algorithm field, copied from 2535bis */ - if (key[3] == LDNS_RSAMD5) { - uint16_t ac16 = 0; - if (keysize > 4) { - memmove(&ac16, key + keysize - 3, 2); - } - ac16 = ntohs(ac16); - return (uint16_t) ac16; - } else { - size_t i; - uint32_t ac32 = 0; - for (i = 0; i < keysize; ++i) { - ac32 += (i & 1) ? key[i] : key[i] << 8; - } - ac32 += (ac32 >> 16) & 0xFFFF; - return (uint16_t) (ac32 & 0xFFFF); - } -} - -#ifdef HAVE_SSL -#ifdef USE_GOST -/** store GOST engine reference loaded into OpenSSL library */ -ENGINE* sldns_gost_engine = NULL; - -int -sldns_key_EVP_load_gost_id(void) -{ - static int gost_id = 0; - const EVP_PKEY_ASN1_METHOD* meth; - ENGINE* e; - - if(gost_id) return gost_id; - - /* see if configuration loaded gost implementation from other engine*/ - meth = EVP_PKEY_asn1_find_str(NULL, "gost2001", -1); - if(meth) { - EVP_PKEY_asn1_get0_info(&gost_id, NULL, NULL, NULL, NULL, meth); - return gost_id; - } - - /* see if engine can be loaded already */ - e = ENGINE_by_id("gost"); - if(!e) { - /* load it ourself, in case statically linked */ - ENGINE_load_builtin_engines(); - ENGINE_load_dynamic(); - e = ENGINE_by_id("gost"); - } - if(!e) { - /* no gost engine in openssl */ - return 0; - } - if(!ENGINE_set_default(e, ENGINE_METHOD_ALL)) { - ENGINE_finish(e); - ENGINE_free(e); - return 0; - } - - meth = EVP_PKEY_asn1_find_str(&e, "gost2001", -1); - if(!meth) { - /* algo not found */ - ENGINE_finish(e); - ENGINE_free(e); - return 0; - } - /* Note: do not ENGINE_finish and ENGINE_free the acquired engine - * on some platforms this frees up the meth and unloads gost stuff */ - sldns_gost_engine = e; - - EVP_PKEY_asn1_get0_info(&gost_id, NULL, NULL, NULL, NULL, meth); - return gost_id; -} - -void sldns_key_EVP_unload_gost(void) -{ - if(sldns_gost_engine) { - ENGINE_finish(sldns_gost_engine); - ENGINE_free(sldns_gost_engine); - sldns_gost_engine = NULL; - } -} -#endif /* USE_GOST */ - -DSA * -sldns_key_buf2dsa_raw(unsigned char* key, size_t len) -{ - uint8_t T; - uint16_t length; - uint16_t offset; - DSA *dsa; - BIGNUM *Q; BIGNUM *P; - BIGNUM *G; BIGNUM *Y; - - if(len == 0) - return NULL; - T = (uint8_t)key[0]; - length = (64 + T * 8); - offset = 1; - - if (T > 8) { - return NULL; - } - if(len < (size_t)1 + SHA_DIGEST_LENGTH + 3*length) - return NULL; - - Q = BN_bin2bn(key+offset, SHA_DIGEST_LENGTH, NULL); - offset += SHA_DIGEST_LENGTH; - - P = BN_bin2bn(key+offset, (int)length, NULL); - offset += length; - - G = BN_bin2bn(key+offset, (int)length, NULL); - offset += length; - - Y = BN_bin2bn(key+offset, (int)length, NULL); - - /* create the key and set its properties */ - if(!Q || !P || !G || !Y || !(dsa = DSA_new())) { - BN_free(Q); - BN_free(P); - BN_free(G); - BN_free(Y); - return NULL; - } -#if OPENSSL_VERSION_NUMBER < 0x10100000 || defined(HAVE_LIBRESSL) -#ifndef S_SPLINT_S - dsa->p = P; - dsa->q = Q; - dsa->g = G; - dsa->pub_key = Y; -#endif /* splint */ - -#else /* OPENSSL_VERSION_NUMBER */ - if (!DSA_set0_pqg(dsa, P, Q, G)) { - /* QPG not yet attached, need to free */ - BN_free(Q); - BN_free(P); - BN_free(G); - - DSA_free(dsa); - BN_free(Y); - return NULL; - } - if (!DSA_set0_key(dsa, Y, NULL)) { - /* QPG attached, cleaned up by DSA_fre() */ - DSA_free(dsa); - BN_free(Y); - return NULL; - } -#endif - - return dsa; -} - -RSA * -sldns_key_buf2rsa_raw(unsigned char* key, size_t len) -{ - uint16_t offset; - uint16_t exp; - uint16_t int16; - RSA *rsa; - BIGNUM *modulus; - BIGNUM *exponent; - - if (len == 0) - return NULL; - if (key[0] == 0) { - if(len < 3) - return NULL; - memmove(&int16, key+1, 2); - exp = ntohs(int16); - offset = 3; - } else { - exp = key[0]; - offset = 1; - } - - /* key length at least one */ - if(len < (size_t)offset + exp + 1) - return NULL; - - /* Exponent */ - exponent = BN_new(); - if(!exponent) return NULL; - (void) BN_bin2bn(key+offset, (int)exp, exponent); - offset += exp; - - /* Modulus */ - modulus = BN_new(); - if(!modulus) { - BN_free(exponent); - return NULL; - } - /* length of the buffer must match the key length! */ - (void) BN_bin2bn(key+offset, (int)(len - offset), modulus); - - rsa = RSA_new(); - if(!rsa) { - BN_free(exponent); - BN_free(modulus); - return NULL; - } -#if OPENSSL_VERSION_NUMBER < 0x10100000 || defined(HAVE_LIBRESSL) -#ifndef S_SPLINT_S - rsa->n = modulus; - rsa->e = exponent; -#endif /* splint */ - -#else /* OPENSSL_VERSION_NUMBER */ - if (!RSA_set0_key(rsa, modulus, exponent, NULL)) { - BN_free(exponent); - BN_free(modulus); - RSA_free(rsa); - return NULL; - } -#endif - - return rsa; -} - -#ifdef USE_GOST -EVP_PKEY* -sldns_gost2pkey_raw(unsigned char* key, size_t keylen) -{ - /* prefix header for X509 encoding */ - uint8_t asn[37] = { 0x30, 0x63, 0x30, 0x1c, 0x06, 0x06, 0x2a, 0x85, - 0x03, 0x02, 0x02, 0x13, 0x30, 0x12, 0x06, 0x07, 0x2a, 0x85, - 0x03, 0x02, 0x02, 0x23, 0x01, 0x06, 0x07, 0x2a, 0x85, 0x03, - 0x02, 0x02, 0x1e, 0x01, 0x03, 0x43, 0x00, 0x04, 0x40}; - unsigned char encoded[37+64]; - const unsigned char* pp; - if(keylen != 64) { - /* key wrong size */ - return NULL; - } - - /* create evp_key */ - memmove(encoded, asn, 37); - memmove(encoded+37, key, 64); - pp = (unsigned char*)&encoded[0]; - - return d2i_PUBKEY(NULL, &pp, (int)sizeof(encoded)); -} -#endif /* USE_GOST */ - -#ifdef USE_ECDSA -EVP_PKEY* -sldns_ecdsa2pkey_raw(unsigned char* key, size_t keylen, uint8_t algo) -{ - unsigned char buf[256+2]; /* sufficient for 2*384/8+1 */ - const unsigned char* pp = buf; - EVP_PKEY *evp_key; - EC_KEY *ec; - /* check length, which uncompressed must be 2 bignums */ - if(algo == LDNS_ECDSAP256SHA256) { - if(keylen != 2*256/8) return NULL; - ec = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1); - } else if(algo == LDNS_ECDSAP384SHA384) { - if(keylen != 2*384/8) return NULL; - ec = EC_KEY_new_by_curve_name(NID_secp384r1); - } else ec = NULL; - if(!ec) return NULL; - if(keylen+1 > sizeof(buf)) { /* sanity check */ - EC_KEY_free(ec); - return NULL; - } - /* prepend the 0x02 (from docs) (or actually 0x04 from implementation - * of openssl) for uncompressed data */ - buf[0] = POINT_CONVERSION_UNCOMPRESSED; - memmove(buf+1, key, keylen); - if(!o2i_ECPublicKey(&ec, &pp, (int)keylen+1)) { - EC_KEY_free(ec); - return NULL; - } - evp_key = EVP_PKEY_new(); - if(!evp_key) { - EC_KEY_free(ec); - return NULL; - } - if (!EVP_PKEY_assign_EC_KEY(evp_key, ec)) { - EVP_PKEY_free(evp_key); - EC_KEY_free(ec); - return NULL; - } - return evp_key; -} -#endif /* USE_ECDSA */ - -int -sldns_digest_evp(unsigned char* data, unsigned int len, unsigned char* dest, - const EVP_MD* md) -{ - EVP_MD_CTX* ctx; - ctx = EVP_MD_CTX_create(); - if(!ctx) - return 0; - if(!EVP_DigestInit_ex(ctx, md, NULL) || - !EVP_DigestUpdate(ctx, data, len) || - !EVP_DigestFinal_ex(ctx, dest, NULL)) { - EVP_MD_CTX_destroy(ctx); - return 0; - } - EVP_MD_CTX_destroy(ctx); - return 1; -} -#endif /* HAVE_SSL */ diff --git a/external/unbound/sldns/keyraw.h b/external/unbound/sldns/keyraw.h deleted file mode 100644 index 8abe23509..000000000 --- a/external/unbound/sldns/keyraw.h +++ /dev/null @@ -1,112 +0,0 @@ -/* - * keyraw.h -- raw key and signature access and conversion - * - * Copyright (c) 2005-2008, NLnet Labs. All rights reserved. - * - * See LICENSE for the license. - * - */ - -/** - * \file - * - * raw key and signature access and conversion - * - * Since those functions heavily rely op cryptographic operations, - * this module is dependent on openssl. - * - */ - -#ifndef LDNS_KEYRAW_H -#define LDNS_KEYRAW_H - -#ifdef __cplusplus -extern "C" { -#endif -#if LDNS_BUILD_CONFIG_HAVE_SSL -# include -# include -#endif /* LDNS_BUILD_CONFIG_HAVE_SSL */ - -/** - * get the length of the keydata in bits - * \param[in] keydata the raw key data - * \param[in] len the length of the keydata - * \param[in] alg the cryptographic algorithm this is a key for - * \return the keysize in bits, or 0 on error - */ -size_t sldns_rr_dnskey_key_size_raw(const unsigned char *keydata, - const size_t len, int alg); - -/** - * Calculates keytag of DNSSEC key, operates on wireformat rdata. - * \param[in] key the key as uncompressed wireformat rdata. - * \param[in] keysize length of key data. - * \return the keytag - */ -uint16_t sldns_calc_keytag_raw(uint8_t* key, size_t keysize); - -#if LDNS_BUILD_CONFIG_HAVE_SSL -/** - * Get the PKEY id for GOST, loads GOST into openssl as a side effect. - * Only available if GOST is compiled into the library and openssl. - * \return the gost id for EVP_CTX creation. - */ -int sldns_key_EVP_load_gost_id(void); - -/** Release the engine reference held for the GOST engine. */ -void sldns_key_EVP_unload_gost(void); - -/** - * Like sldns_key_buf2dsa, but uses raw buffer. - * \param[in] key the uncompressed wireformat of the key. - * \param[in] len length of key data - * \return a DSA * structure with the key material - */ -DSA *sldns_key_buf2dsa_raw(unsigned char* key, size_t len); - -/** - * Converts a holding buffer with key material to EVP PKEY in openssl. - * Only available if ldns was compiled with GOST. - * \param[in] key data to convert - * \param[in] keylen length of the key data - * \return the key or NULL on error. - */ -EVP_PKEY* sldns_gost2pkey_raw(unsigned char* key, size_t keylen); - -/** - * Converts a holding buffer with key material to EVP PKEY in openssl. - * Only available if ldns was compiled with ECDSA. - * \param[in] key data to convert - * \param[in] keylen length of the key data - * \param[in] algo precise algorithm to initialize ECC group values. - * \return the key or NULL on error. - */ -EVP_PKEY* sldns_ecdsa2pkey_raw(unsigned char* key, size_t keylen, uint8_t algo); - -/** - * Like sldns_key_buf2rsa, but uses raw buffer. - * \param[in] key the uncompressed wireformat of the key. - * \param[in] len length of key data - * \return a RSA * structure with the key material - */ -RSA *sldns_key_buf2rsa_raw(unsigned char* key, size_t len); - -/** - * Utility function to calculate hash using generic EVP_MD pointer. - * \param[in] data the data to hash. - * \param[in] len length of data. - * \param[out] dest the destination of the hash, must be large enough. - * \param[in] md the message digest to use. - * \return true if worked, false on failure. - */ -int sldns_digest_evp(unsigned char* data, unsigned int len, - unsigned char* dest, const EVP_MD* md); - -#endif /* LDNS_BUILD_CONFIG_HAVE_SSL */ - -#ifdef __cplusplus -} -#endif - -#endif /* LDNS_KEYRAW_H */ diff --git a/external/unbound/sldns/parse.c b/external/unbound/sldns/parse.c deleted file mode 100644 index 35dee7196..000000000 --- a/external/unbound/sldns/parse.c +++ /dev/null @@ -1,470 +0,0 @@ -/* - * a generic (simple) parser. Use to parse rr's, private key - * information and /etc/resolv.conf files - * - * a Net::DNS like library for C - * LibDNS Team @ NLnet Labs - * (c) NLnet Labs, 2005-2006 - * See the file LICENSE for the license - */ -#include "config.h" -#include "sldns/parse.h" -#include "sldns/parseutil.h" -#include "sldns/sbuffer.h" - -#include -#include - -sldns_lookup_table sldns_directive_types[] = { - { LDNS_DIR_TTL, "$TTL" }, - { LDNS_DIR_ORIGIN, "$ORIGIN" }, - { LDNS_DIR_INCLUDE, "$INCLUDE" }, - { 0, NULL } -}; - -/* add max_limit here? */ -ssize_t -sldns_fget_token(FILE *f, char *token, const char *delim, size_t limit) -{ - return sldns_fget_token_l(f, token, delim, limit, NULL); -} - -ssize_t -sldns_fget_token_l(FILE *f, char *token, const char *delim, size_t limit, int *line_nr) -{ - int c, prev_c; - int p; /* 0 -> no parenthese seen, >0 nr of ( seen */ - int com, quoted; - char *t; - size_t i; - const char *d; - const char *del; - - /* standard delimeters */ - if (!delim) { - /* from isspace(3) */ - del = LDNS_PARSE_NORMAL; - } else { - del = delim; - } - - p = 0; - i = 0; - com = 0; - quoted = 0; - prev_c = 0; - t = token; - if (del[0] == '"') { - quoted = 1; - } - while ((c = getc(f)) != EOF) { - if (c == '\r') /* carriage return */ - c = ' '; - if (c == '(' && prev_c != '\\' && !quoted) { - /* this only counts for non-comments */ - if (com == 0) { - p++; - } - prev_c = c; - continue; - } - - if (c == ')' && prev_c != '\\' && !quoted) { - /* this only counts for non-comments */ - if (com == 0) { - p--; - } - prev_c = c; - continue; - } - - if (p < 0) { - /* more ) then ( - close off the string */ - *t = '\0'; - return 0; - } - - /* do something with comments ; */ - if (c == ';' && quoted == 0) { - if (prev_c != '\\') { - com = 1; - } - } - if (c == '\"' && com == 0 && prev_c != '\\') { - quoted = 1 - quoted; - } - - if (c == '\n' && com != 0) { - /* comments */ - com = 0; - *t = ' '; - if (line_nr) { - *line_nr = *line_nr + 1; - } - if (p == 0 && i > 0) { - goto tokenread; - } else { - prev_c = c; - continue; - } - } - - if (com == 1) { - *t = ' '; - prev_c = c; - continue; - } - - if (c == '\n' && p != 0 && t > token) { - /* in parentheses */ - if (line_nr) { - *line_nr = *line_nr + 1; - } - *t++ = ' '; - prev_c = c; - continue; - } - - /* check if we hit the delim */ - for (d = del; *d; d++) { - if (c == *d && i > 0 && prev_c != '\\' && p == 0) { - if (c == '\n' && line_nr) { - *line_nr = *line_nr + 1; - } - goto tokenread; - } - } - if (c != '\0' && c != '\n') { - i++; - } - if (limit > 0 && (i >= limit || (size_t)(t-token) >= limit)) { - *t = '\0'; - return -1; - } - if (c != '\0' && c != '\n') { - *t++ = c; - } - if (c == '\\' && prev_c == '\\') - prev_c = 0; - else prev_c = c; - } - *t = '\0'; - if (c == EOF) { - return (ssize_t)i; - } - - if (i == 0) { - /* nothing read */ - return -1; - } - if (p != 0) { - return -1; - } - return (ssize_t)i; - -tokenread: - if(*del == '"') - /* do not skip over quotes after the string, they are part - * of the next string. But skip over whitespace (if needed)*/ - sldns_fskipcs_l(f, del+1, line_nr); - else sldns_fskipcs_l(f, del, line_nr); - *t = '\0'; - if (p != 0) { - return -1; - } - - return (ssize_t)i; -} - -ssize_t -sldns_fget_keyword_data(FILE *f, const char *keyword, const char *k_del, char *data, - const char *d_del, size_t data_limit) -{ - return sldns_fget_keyword_data_l(f, keyword, k_del, data, d_del, - data_limit, NULL); -} - -ssize_t -sldns_fget_keyword_data_l(FILE *f, const char *keyword, const char *k_del, char *data, - const char *d_del, size_t data_limit, int *line_nr) -{ - /* we assume: keyword|sep|data */ - char *fkeyword; - ssize_t i; - - if(strlen(keyword) >= LDNS_MAX_KEYWORDLEN) - return -1; - fkeyword = (char*)malloc(LDNS_MAX_KEYWORDLEN); - if(!fkeyword) - return -1; - - i = sldns_fget_token(f, fkeyword, k_del, LDNS_MAX_KEYWORDLEN); - if(i==0 || i==-1) { - free(fkeyword); - return -1; - } - - /* case??? i instead of strlen? */ - if (strncmp(fkeyword, keyword, LDNS_MAX_KEYWORDLEN - 1) == 0) { - /* whee! */ - /* printf("%s\n%s\n", "Matching keyword", fkeyword); */ - i = sldns_fget_token_l(f, data, d_del, data_limit, line_nr); - free(fkeyword); - return i; - } else { - /*printf("no match for %s (read: %s)\n", keyword, fkeyword);*/ - free(fkeyword); - return -1; - } -} - -int -sldns_bgetc(sldns_buffer *buffer) -{ - if (!sldns_buffer_available_at(buffer, buffer->_position, sizeof(uint8_t))) { - sldns_buffer_set_position(buffer, sldns_buffer_limit(buffer)); - /* sldns_buffer_rewind(buffer);*/ - return EOF; - } - return (int)sldns_buffer_read_u8(buffer); -} - -ssize_t -sldns_bget_token(sldns_buffer *b, char *token, const char *delim, size_t limit) -{ - return sldns_bget_token_par(b, token, delim, limit, NULL, NULL); -} - -ssize_t -sldns_bget_token_par(sldns_buffer *b, char *token, const char *delim, - size_t limit, int* par, const char* skipw) -{ - int c, lc; - int p; /* 0 -> no parenthese seen, >0 nr of ( seen */ - int com, quoted; - char *t; - size_t i; - const char *d; - const char *del; - - /* standard delimiters */ - if (!delim) { - /* from isspace(3) */ - del = LDNS_PARSE_NORMAL; - } else { - del = delim; - } - - p = (par?*par:0); - i = 0; - com = 0; - quoted = 0; - t = token; - lc = 0; - if (del[0] == '"') { - quoted = 1; - } - - while ((c = sldns_bgetc(b)) != EOF) { - if (c == '\r') /* carriage return */ - c = ' '; - if (c == '(' && lc != '\\' && !quoted) { - /* this only counts for non-comments */ - if (com == 0) { - if(par) (*par)++; - p++; - } - lc = c; - continue; - } - - if (c == ')' && lc != '\\' && !quoted) { - /* this only counts for non-comments */ - if (com == 0) { - if(par) (*par)--; - p--; - } - lc = c; - continue; - } - - if (p < 0) { - /* more ) then ( */ - *t = '\0'; - return 0; - } - - /* do something with comments ; */ - if (c == ';' && quoted == 0) { - if (lc != '\\') { - com = 1; - } - } - if (c == '"' && com == 0 && lc != '\\') { - quoted = 1 - quoted; - } - - if (c == '\n' && com != 0) { - /* comments */ - com = 0; - *t = ' '; - lc = c; - continue; - } - - if (com == 1) { - *t = ' '; - lc = c; - continue; - } - - if (c == '\n' && p != 0) { - /* in parentheses */ - /* do not write ' ' if we want to skip spaces */ - if(!(skipw && (strchr(skipw, c)||strchr(skipw, ' ')))) - *t++ = ' '; - lc = c; - continue; - } - - /* check to skip whitespace at start, but also after ( */ - if(skipw && i==0 && !com && !quoted && lc != '\\') { - if(strchr(skipw, c)) { - lc = c; - continue; - } - } - - /* check if we hit the delim */ - for (d = del; *d; d++) { - /* we can only exit if no parens or user tracks them */ - if (c == *d && lc != '\\' && (p == 0 || par)) { - goto tokenread; - } - } - - i++; - if (limit > 0 && (i >= limit || (size_t)(t-token) >= limit)) { - *t = '\0'; - return -1; - } - *t++ = c; - - if (c == '\\' && lc == '\\') { - lc = 0; - } else { - lc = c; - } - } - *t = '\0'; - if (i == 0) { - /* nothing read */ - return -1; - } - if (!par && p != 0) { - return -1; - } - return (ssize_t)i; - -tokenread: - if(*del == '"') - /* do not skip over quotes after the string, they are part - * of the next string. But skip over whitespace (if needed)*/ - sldns_bskipcs(b, del+1); - else sldns_bskipcs(b, del); - *t = '\0'; - - if (!par && p != 0) { - return -1; - } - return (ssize_t)i; -} - - -void -sldns_bskipcs(sldns_buffer *buffer, const char *s) -{ - int found; - char c; - const char *d; - - while(sldns_buffer_available_at(buffer, buffer->_position, sizeof(char))) { - c = (char) sldns_buffer_read_u8_at(buffer, buffer->_position); - found = 0; - for (d = s; *d; d++) { - if (*d == c) { - found = 1; - } - } - if (found && buffer->_limit > buffer->_position) { - buffer->_position += sizeof(char); - } else { - return; - } - } -} - -void -sldns_fskipcs(FILE *fp, const char *s) -{ - sldns_fskipcs_l(fp, s, NULL); -} - -void -sldns_fskipcs_l(FILE *fp, const char *s, int *line_nr) -{ - int found; - int c; - const char *d; - - while ((c = fgetc(fp)) != EOF) { - if (line_nr && c == '\n') { - *line_nr = *line_nr + 1; - } - found = 0; - for (d = s; *d; d++) { - if (*d == c) { - found = 1; - } - } - if (!found) { - /* with getc, we've read too far */ - ungetc(c, fp); - return; - } - } -} - -ssize_t -sldns_bget_keyword_data(sldns_buffer *b, const char *keyword, const char *k_del, char -*data, const char *d_del, size_t data_limit) -{ - /* we assume: keyword|sep|data */ - char *fkeyword; - ssize_t i; - - if(strlen(keyword) >= LDNS_MAX_KEYWORDLEN) - return -1; - fkeyword = (char*)malloc(LDNS_MAX_KEYWORDLEN); - if(!fkeyword) - return -1; /* out of memory */ - - i = sldns_bget_token(b, fkeyword, k_del, data_limit); - if(i==0 || i==-1) { - free(fkeyword); - return -1; /* nothing read */ - } - - /* case??? */ - if (strncmp(fkeyword, keyword, strlen(keyword)) == 0) { - free(fkeyword); - /* whee, the match! */ - /* retrieve it's data */ - i = sldns_bget_token(b, data, d_del, 0); - return i; - } else { - free(fkeyword); - return -1; - } -} - diff --git a/external/unbound/sldns/parse.h b/external/unbound/sldns/parse.h deleted file mode 100644 index 7b7456dd2..000000000 --- a/external/unbound/sldns/parse.h +++ /dev/null @@ -1,184 +0,0 @@ -/* - * parse.h - * - * a Net::DNS like library for C - * LibDNS Team @ NLnet Labs - * (c) NLnet Labs, 2005-2006 - * See the file LICENSE for the license - */ - -#ifndef LDNS_PARSE_H -#define LDNS_PARSE_H - -struct sldns_buffer; - -#ifdef __cplusplus -extern "C" { -#endif - -#define LDNS_PARSE_SKIP_SPACE "\f\n\r\v" -#define LDNS_PARSE_NORMAL " \f\n\r\t\v" -#define LDNS_PARSE_NO_NL " \t" -#define LDNS_MAX_LINELEN 10230 -#define LDNS_MAX_KEYWORDLEN 32 - - -/** - * \file - * - * Contains some low-level parsing functions, mostly used in the _frm_str - * family of functions. - */ - -/** - * different type of directives in zone files - * We now deal with $TTL, $ORIGIN and $INCLUDE. - * The latter is not implemented in ldns (yet) - */ -enum sldns_enum_directive -{ - LDNS_DIR_TTL, - LDNS_DIR_ORIGIN, - LDNS_DIR_INCLUDE -}; -typedef enum sldns_enum_directive sldns_directive; - -/** - * returns a token/char from the stream F. - * This function deals with ( and ) in the stream, - * and ignores them when encountered - * \param[in] *f the file to read from - * \param[out] *token the read token is put here - * \param[in] *delim chars at which the parsing should stop - * \param[in] *limit how much to read. If 0 the builtin maximum is used - * \return 0 on error of EOF of the stream F. Otherwise return the length of what is read - */ -ssize_t sldns_fget_token(FILE *f, char *token, const char *delim, size_t limit); - -/** - * returns a token/char from the stream F. - * This function deals with ( and ) in the stream, - * and ignores when it finds them. - * \param[in] *f the file to read from - * \param[out] *token the token is put here - * \param[in] *delim chars at which the parsing should stop - * \param[in] *limit how much to read. If 0 use builtin maximum - * \param[in] line_nr pointer to an integer containing the current line number (for debugging purposes) - * \return 0 on error of EOF of F otherwise return the length of what is read - */ -ssize_t sldns_fget_token_l(FILE *f, char *token, const char *delim, size_t limit, int *line_nr); - -/** - * returns a token/char from the buffer b. - * This function deals with ( and ) in the buffer, - * and ignores when it finds them. - * \param[in] *b the buffer to read from - * \param[out] *token the token is put here - * \param[in] *delim chars at which the parsing should stop - * \param[in] *limit how much to read. If 0 the builtin maximum is used - * \param[in] *par if you pass nonNULL, set to 0 on first call, the parenthesis - * state is stored in it, for use on next call. User must check it is back - * to zero after last bget in string (for parse error). If you pass NULL, - * the entire parenthesized string is read in. - * \param[in] skipw string with whitespace to skip before the start of the - * token, like " ", or " \t", or NULL for none. - * \returns 0 on error of EOF of b. Otherwise return the length of what is read - */ -ssize_t sldns_bget_token_par(struct sldns_buffer *b, char *token, const char *delim, size_t limit, int* par, const char* skipw); - -/** - * returns a token/char from the buffer b. - * This function deals with ( and ) in the buffer, - * and ignores when it finds them. - * \param[in] *b the buffer to read from - * \param[out] *token the token is put here - * \param[in] *delim chars at which the parsing should stop - * \param[in] *limit how much to read. If 0 the builtin maximum is used - * \returns 0 on error of EOF of b. Otherwise return the length of what is read - */ -ssize_t sldns_bget_token(struct sldns_buffer *b, char *token, const char *delim, size_t limit); - -/* - * searches for keyword and delim in a file. Gives everything back - * after the keyword + k_del until we hit d_del - * \param[in] f file pointer to read from - * \param[in] keyword keyword to look for - * \param[in] k_del keyword delimeter - * \param[out] data the data found - * \param[in] d_del the data delimeter - * \param[in] data_limit maximum size the the data buffer - * \return the number of character read - */ -ssize_t sldns_fget_keyword_data(FILE *f, const char *keyword, const char *k_del, char *data, const char *d_del, size_t data_limit); - -/* - * searches for keyword and delim. Gives everything back - * after the keyword + k_del until we hit d_del - * \param[in] f file pointer to read from - * \param[in] keyword keyword to look for - * \param[in] k_del keyword delimeter - * \param[out] data the data found - * \param[in] d_del the data delimeter - * \param[in] data_limit maximum size the the data buffer - * \param[in] line_nr pointer to an integer containing the current line number (for -debugging purposes) - * \return the number of character read - */ -ssize_t sldns_fget_keyword_data_l(FILE *f, const char *keyword, const char *k_del, char *data, const char *d_del, size_t data_limit, int *line_nr); - -/* - * searches for keyword and delim in a buffer. Gives everything back - * after the keyword + k_del until we hit d_del - * \param[in] b buffer pointer to read from - * \param[in] keyword keyword to look for - * \param[in] k_del keyword delimeter - * \param[out] data the data found - * \param[in] d_del the data delimeter - * \param[in] data_limit maximum size the the data buffer - * \return the number of character read - */ -ssize_t sldns_bget_keyword_data(struct sldns_buffer *b, const char *keyword, const char *k_del, char *data, const char *d_del, size_t data_limit); - -/** - * returns the next character from a buffer. Advances the position pointer with 1. - * When end of buffer is reached returns EOF. This is the buffer's equivalent - * for getc(). - * \param[in] *buffer buffer to read from - * \return EOF on failure otherwise return the character - */ -int sldns_bgetc(struct sldns_buffer *buffer); - -/** - * skips all of the characters in the given string in the buffer, moving - * the position to the first character that is not in *s. - * \param[in] *buffer buffer to use - * \param[in] *s characters to skip - * \return void - */ -void sldns_bskipcs(struct sldns_buffer *buffer, const char *s); - -/** - * skips all of the characters in the given string in the fp, moving - * the position to the first character that is not in *s. - * \param[in] *fp file to use - * \param[in] *s characters to skip - * \return void - */ -void sldns_fskipcs(FILE *fp, const char *s); - - -/** - * skips all of the characters in the given string in the fp, moving - * the position to the first character that is not in *s. - * \param[in] *fp file to use - * \param[in] *s characters to skip - * \param[in] line_nr pointer to an integer containing the current line number (for debugging purposes) - * \return void - */ -void sldns_fskipcs_l(FILE *fp, const char *s, int *line_nr); - -#ifdef __cplusplus -} -#endif - -#endif /* LDNS_PARSE_H */ diff --git a/external/unbound/sldns/parseutil.c b/external/unbound/sldns/parseutil.c deleted file mode 100644 index 32717616a..000000000 --- a/external/unbound/sldns/parseutil.c +++ /dev/null @@ -1,726 +0,0 @@ -/* - * parseutil.c - parse utilities for string and wire conversion - * - * (c) NLnet Labs, 2004-2006 - * - * See the file LICENSE for the license - */ -/** - * \file - * - * Utility functions for parsing, base32(DNS variant) and base64 encoding - * and decoding, Hex, Time units, Escape codes. - */ - -#include "config.h" -#include "sldns/parseutil.h" -#include -#include -#include - -sldns_lookup_table * -sldns_lookup_by_name(sldns_lookup_table *table, const char *name) -{ - while (table->name != NULL) { - if (strcasecmp(name, table->name) == 0) - return table; - table++; - } - return NULL; -} - -sldns_lookup_table * -sldns_lookup_by_id(sldns_lookup_table *table, int id) -{ - while (table->name != NULL) { - if (table->id == id) - return table; - table++; - } - return NULL; -} - -/* Number of days per month (except for February in leap years). */ -static const int mdays[] = { - 31, 28, 31, 30, 31, 30, 31, 31, 30, 31, 30, 31 -}; - -#define LDNS_MOD(x,y) (((x) % (y) < 0) ? ((x) % (y) + (y)) : ((x) % (y))) -#define LDNS_DIV(x,y) (((x) % (y) < 0) ? ((x) / (y) - 1 ) : ((x) / (y))) - -static int -is_leap_year(int year) -{ - return LDNS_MOD(year, 4) == 0 && (LDNS_MOD(year, 100) != 0 - || LDNS_MOD(year, 400) == 0); -} - -static int -leap_days(int y1, int y2) -{ - --y1; - --y2; - return (LDNS_DIV(y2, 4) - LDNS_DIV(y1, 4)) - - (LDNS_DIV(y2, 100) - LDNS_DIV(y1, 100)) + - (LDNS_DIV(y2, 400) - LDNS_DIV(y1, 400)); -} - -/* - * Code adapted from Python 2.4.1 sources (Lib/calendar.py). - */ -time_t -sldns_mktime_from_utc(const struct tm *tm) -{ - int year = 1900 + tm->tm_year; - time_t days = 365 * ((time_t) year - 1970) + leap_days(1970, year); - time_t hours; - time_t minutes; - time_t seconds; - int i; - - for (i = 0; i < tm->tm_mon; ++i) { - days += mdays[i]; - } - if (tm->tm_mon > 1 && is_leap_year(year)) { - ++days; - } - days += tm->tm_mday - 1; - - hours = days * 24 + tm->tm_hour; - minutes = hours * 60 + tm->tm_min; - seconds = minutes * 60 + tm->tm_sec; - - return seconds; -} - -#if SIZEOF_TIME_T <= 4 - -static void -sldns_year_and_yday_from_days_since_epoch(int64_t days, struct tm *result) -{ - int year = 1970; - int new_year; - - while (days < 0 || days >= (int64_t) (is_leap_year(year) ? 366 : 365)) { - new_year = year + (int) LDNS_DIV(days, 365); - days -= (new_year - year) * 365; - days -= leap_days(year, new_year); - year = new_year; - } - result->tm_year = year; - result->tm_yday = (int) days; -} - -/* Number of days per month in a leap year. */ -static const int leap_year_mdays[] = { - 31, 29, 31, 30, 31, 30, 31, 31, 30, 31, 30, 31 -}; - -static void -sldns_mon_and_mday_from_year_and_yday(struct tm *result) -{ - int idays = result->tm_yday; - const int *mon_lengths = is_leap_year(result->tm_year) ? - leap_year_mdays : mdays; - - result->tm_mon = 0; - while (idays >= mon_lengths[result->tm_mon]) { - idays -= mon_lengths[result->tm_mon++]; - } - result->tm_mday = idays + 1; -} - -static void -sldns_wday_from_year_and_yday(struct tm *result) -{ - result->tm_wday = 4 /* 1-1-1970 was a thursday */ - + LDNS_MOD((result->tm_year - 1970), 7) * LDNS_MOD(365, 7) - + leap_days(1970, result->tm_year) - + result->tm_yday; - result->tm_wday = LDNS_MOD(result->tm_wday, 7); - if (result->tm_wday < 0) { - result->tm_wday += 7; - } -} - -static struct tm * -sldns_gmtime64_r(int64_t clock, struct tm *result) -{ - result->tm_isdst = 0; - result->tm_sec = (int) LDNS_MOD(clock, 60); - clock = LDNS_DIV(clock, 60); - result->tm_min = (int) LDNS_MOD(clock, 60); - clock = LDNS_DIV(clock, 60); - result->tm_hour = (int) LDNS_MOD(clock, 24); - clock = LDNS_DIV(clock, 24); - - sldns_year_and_yday_from_days_since_epoch(clock, result); - sldns_mon_and_mday_from_year_and_yday(result); - sldns_wday_from_year_and_yday(result); - result->tm_year -= 1900; - - return result; -} - -#endif /* SIZEOF_TIME_T <= 4 */ - -static int64_t -sldns_serial_arithmitics_time(int32_t time, time_t now) -{ - int32_t offset = time - (int32_t) now; - return (int64_t) now + offset; -} - -struct tm * -sldns_serial_arithmitics_gmtime_r(int32_t time, time_t now, struct tm *result) -{ -#if SIZEOF_TIME_T <= 4 - int64_t secs_since_epoch = sldns_serial_arithmitics_time(time, now); - return sldns_gmtime64_r(secs_since_epoch, result); -#else - time_t secs_since_epoch = sldns_serial_arithmitics_time(time, now); - return gmtime_r(&secs_since_epoch, result); -#endif -} - -int -sldns_hexdigit_to_int(char ch) -{ - switch (ch) { - case '0': return 0; - case '1': return 1; - case '2': return 2; - case '3': return 3; - case '4': return 4; - case '5': return 5; - case '6': return 6; - case '7': return 7; - case '8': return 8; - case '9': return 9; - case 'a': case 'A': return 10; - case 'b': case 'B': return 11; - case 'c': case 'C': return 12; - case 'd': case 'D': return 13; - case 'e': case 'E': return 14; - case 'f': case 'F': return 15; - default: - return -1; - } -} - -uint32_t -sldns_str2period(const char *nptr, const char **endptr) -{ - int sign = 0; - uint32_t i = 0; - uint32_t seconds = 0; - - for(*endptr = nptr; **endptr; (*endptr)++) { - switch (**endptr) { - case ' ': - case '\t': - break; - case '-': - if(sign == 0) { - sign = -1; - } else { - return seconds; - } - break; - case '+': - if(sign == 0) { - sign = 1; - } else { - return seconds; - } - break; - case 's': - case 'S': - seconds += i; - i = 0; - break; - case 'm': - case 'M': - seconds += i * 60; - i = 0; - break; - case 'h': - case 'H': - seconds += i * 60 * 60; - i = 0; - break; - case 'd': - case 'D': - seconds += i * 60 * 60 * 24; - i = 0; - break; - case 'w': - case 'W': - seconds += i * 60 * 60 * 24 * 7; - i = 0; - break; - case '0': - case '1': - case '2': - case '3': - case '4': - case '5': - case '6': - case '7': - case '8': - case '9': - i *= 10; - i += (**endptr - '0'); - break; - default: - seconds += i; - /* disregard signedness */ - return seconds; - } - } - seconds += i; - /* disregard signedness */ - return seconds; -} - -int -sldns_parse_escape(uint8_t *ch_p, const char** str_p) -{ - uint16_t val; - - if ((*str_p)[0] && isdigit((unsigned char)(*str_p)[0]) && - (*str_p)[1] && isdigit((unsigned char)(*str_p)[1]) && - (*str_p)[2] && isdigit((unsigned char)(*str_p)[2])) { - - val = (uint16_t)(((*str_p)[0] - '0') * 100 + - ((*str_p)[1] - '0') * 10 + - ((*str_p)[2] - '0')); - - if (val > 255) { - goto error; - } - *ch_p = (uint8_t)val; - *str_p += 3; - return 1; - - } else if ((*str_p)[0] && !isdigit((unsigned char)(*str_p)[0])) { - - *ch_p = (uint8_t)*(*str_p)++; - return 1; - } -error: - *str_p = NULL; - return 0; /* LDNS_WIREPARSE_ERR_SYNTAX_BAD_ESCAPE */ -} - -/** parse one character, with escape codes */ -int -sldns_parse_char(uint8_t *ch_p, const char** str_p) -{ - switch (**str_p) { - - case '\0': return 0; - - case '\\': *str_p += 1; - return sldns_parse_escape(ch_p, str_p); - - default: *ch_p = (uint8_t)*(*str_p)++; - return 1; - } -} - -size_t sldns_b32_ntop_calculate_size(size_t src_data_length) -{ - return src_data_length == 0 ? 0 : ((src_data_length - 1) / 5 + 1) * 8; -} - -size_t sldns_b32_ntop_calculate_size_no_padding(size_t src_data_length) -{ - return ((src_data_length + 3) * 8 / 5) - 4; -} - -static int -sldns_b32_ntop_base(const uint8_t* src, size_t src_sz, char* dst, size_t dst_sz, - int extended_hex, int add_padding) -{ - size_t ret_sz; - const char* b32 = extended_hex ? "0123456789abcdefghijklmnopqrstuv" - : "abcdefghijklmnopqrstuvwxyz234567"; - - size_t c = 0; /* c is used to carry partial base32 character over - * byte boundaries for sizes with a remainder. - * (i.e. src_sz % 5 != 0) - */ - - ret_sz = add_padding ? sldns_b32_ntop_calculate_size(src_sz) - : sldns_b32_ntop_calculate_size_no_padding(src_sz); - - /* Do we have enough space? */ - if (dst_sz < ret_sz + 1) - return -1; - - /* We know the size; terminate the string */ - dst[ret_sz] = '\0'; - - /* First process all chunks of five */ - while (src_sz >= 5) { - /* 00000... ........ ........ ........ ........ */ - dst[0] = b32[(src[0] ) >> 3]; - - /* .....111 11...... ........ ........ ........ */ - dst[1] = b32[(src[0] & 0x07) << 2 | src[1] >> 6]; - - /* ........ ..22222. ........ ........ ........ */ - dst[2] = b32[(src[1] & 0x3e) >> 1]; - - /* ........ .......3 3333.... ........ ........ */ - dst[3] = b32[(src[1] & 0x01) << 4 | src[2] >> 4]; - - /* ........ ........ ....4444 4....... ........ */ - dst[4] = b32[(src[2] & 0x0f) << 1 | src[3] >> 7]; - - /* ........ ........ ........ .55555.. ........ */ - dst[5] = b32[(src[3] & 0x7c) >> 2]; - - /* ........ ........ ........ ......66 666..... */ - dst[6] = b32[(src[3] & 0x03) << 3 | src[4] >> 5]; - - /* ........ ........ ........ ........ ...77777 */ - dst[7] = b32[(src[4] & 0x1f) ]; - - src_sz -= 5; - src += 5; - dst += 8; - } - /* Process what remains */ - switch (src_sz) { - case 4: /* ........ ........ ........ ......66 666..... */ - dst[6] = b32[(src[3] & 0x03) << 3]; - - /* ........ ........ ........ .55555.. ........ */ - dst[5] = b32[(src[3] & 0x7c) >> 2]; - - /* ........ ........ ....4444 4....... ........ */ - c = src[3] >> 7 ; - case 3: dst[4] = b32[(src[2] & 0x0f) << 1 | c]; - - /* ........ .......3 3333.... ........ ........ */ - c = src[2] >> 4 ; - case 2: dst[3] = b32[(src[1] & 0x01) << 4 | c]; - - /* ........ ..22222. ........ ........ ........ */ - dst[2] = b32[(src[1] & 0x3e) >> 1]; - - /* .....111 11...... ........ ........ ........ */ - c = src[1] >> 6 ; - case 1: dst[1] = b32[(src[0] & 0x07) << 2 | c]; - - /* 00000... ........ ........ ........ ........ */ - dst[0] = b32[ src[0] >> 3]; - } - /* Add padding */ - if (add_padding) { - switch (src_sz) { - case 1: dst[2] = '='; - dst[3] = '='; - case 2: dst[4] = '='; - case 3: dst[5] = '='; - dst[6] = '='; - case 4: dst[7] = '='; - } - } - return (int)ret_sz; -} - -int -sldns_b32_ntop(const uint8_t* src, size_t src_sz, char* dst, size_t dst_sz) -{ - return sldns_b32_ntop_base(src, src_sz, dst, dst_sz, 0, 1); -} - -int -sldns_b32_ntop_extended_hex(const uint8_t* src, size_t src_sz, - char* dst, size_t dst_sz) -{ - return sldns_b32_ntop_base(src, src_sz, dst, dst_sz, 1, 1); -} - -size_t sldns_b32_pton_calculate_size(size_t src_text_length) -{ - return src_text_length * 5 / 8; -} - -static int -sldns_b32_pton_base(const char* src, size_t src_sz, uint8_t* dst, size_t dst_sz, - int extended_hex, int check_padding) -{ - size_t i = 0; - char ch = '\0'; - uint8_t buf[8]; - uint8_t* start = dst; - - while (src_sz) { - /* Collect 8 characters in buf (if possible) */ - for (i = 0; i < 8; i++) { - - do { - ch = *src++; - --src_sz; - - } while (isspace((unsigned char)ch) && src_sz > 0); - - if (ch == '=' || ch == '\0') - break; - - else if (extended_hex) - - if (ch >= '0' && ch <= '9') - buf[i] = (uint8_t)ch - '0'; - else if (ch >= 'a' && ch <= 'v') - buf[i] = (uint8_t)ch - 'a' + 10; - else if (ch >= 'A' && ch <= 'V') - buf[i] = (uint8_t)ch - 'A' + 10; - else - return -1; - - else if (ch >= 'a' && ch <= 'z') - buf[i] = (uint8_t)ch - 'a'; - else if (ch >= 'A' && ch <= 'Z') - buf[i] = (uint8_t)ch - 'A'; - else if (ch >= '2' && ch <= '7') - buf[i] = (uint8_t)ch - '2' + 26; - else - return -1; - } - /* Less that 8 characters. We're done. */ - if (i < 8) - break; - - /* Enough space available at the destination? */ - if (dst_sz < 5) - return -1; - - /* 00000... ........ ........ ........ ........ */ - /* .....111 11...... ........ ........ ........ */ - dst[0] = buf[0] << 3 | buf[1] >> 2; - - /* .....111 11...... ........ ........ ........ */ - /* ........ ..22222. ........ ........ ........ */ - /* ........ .......3 3333.... ........ ........ */ - dst[1] = buf[1] << 6 | buf[2] << 1 | buf[3] >> 4; - - /* ........ .......3 3333.... ........ ........ */ - /* ........ ........ ....4444 4....... ........ */ - dst[2] = buf[3] << 4 | buf[4] >> 1; - - /* ........ ........ ....4444 4....... ........ */ - /* ........ ........ ........ .55555.. ........ */ - /* ........ ........ ........ ......66 666..... */ - dst[3] = buf[4] << 7 | buf[5] << 2 | buf[6] >> 3; - - /* ........ ........ ........ ......66 666..... */ - /* ........ ........ ........ ........ ...77777 */ - dst[4] = buf[6] << 5 | buf[7]; - - dst += 5; - dst_sz -= 5; - } - /* Not ending on a eight byte boundary? */ - if (i > 0 && i < 8) { - - /* Enough space available at the destination? */ - if (dst_sz < (i + 1) / 2) - return -1; - - switch (i) { - case 7: /* ........ ........ ........ ......66 666..... */ - /* ........ ........ ........ .55555.. ........ */ - /* ........ ........ ....4444 4....... ........ */ - dst[3] = buf[4] << 7 | buf[5] << 2 | buf[6] >> 3; - - case 5: /* ........ ........ ....4444 4....... ........ */ - /* ........ .......3 3333.... ........ ........ */ - dst[2] = buf[3] << 4 | buf[4] >> 1; - - case 4: /* ........ .......3 3333.... ........ ........ */ - /* ........ ..22222. ........ ........ ........ */ - /* .....111 11...... ........ ........ ........ */ - dst[1] = buf[1] << 6 | buf[2] << 1 | buf[3] >> 4; - - case 2: /* .....111 11...... ........ ........ ........ */ - /* 00000... ........ ........ ........ ........ */ - dst[0] = buf[0] << 3 | buf[1] >> 2; - - break; - - default: - return -1; - } - dst += (i + 1) / 2; - - if (check_padding) { - /* Check remaining padding characters */ - if (ch != '=') - return -1; - - /* One down, 8 - i - 1 more to come... */ - for (i = 8 - i - 1; i > 0; i--) { - - do { - if (src_sz == 0) - return -1; - ch = *src++; - src_sz--; - - } while (isspace((unsigned char)ch)); - - if (ch != '=') - return -1; - } - } - } - return dst - start; -} - -int -sldns_b32_pton(const char* src, size_t src_sz, uint8_t* dst, size_t dst_sz) -{ - return sldns_b32_pton_base(src, src_sz, dst, dst_sz, 0, 1); -} - -int -sldns_b32_pton_extended_hex(const char* src, size_t src_sz, - uint8_t* dst, size_t dst_sz) -{ - return sldns_b32_pton_base(src, src_sz, dst, dst_sz, 1, 1); -} - -size_t sldns_b64_ntop_calculate_size(size_t srcsize) -{ - return ((((srcsize + 2) / 3) * 4) + 1); -} - -/* RFC 1521, section 5.2. - * - * The encoding process represents 24-bit groups of input bits as output - * strings of 4 encoded characters. Proceeding from left to right, a - * 24-bit input group is formed by concatenating 3 8-bit input groups. - * These 24 bits are then treated as 4 concatenated 6-bit groups, each - * of which is translated into a single digit in the base64 alphabet. - * - * This routine does not insert spaces or linebreaks after 76 characters. - */ -int sldns_b64_ntop(uint8_t const *src, size_t srclength, - char *target, size_t targsize) -{ - const char* b64 = - "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"; - const char pad64 = '='; - size_t i = 0, o = 0; - if(targsize < sldns_b64_ntop_calculate_size(srclength)) - return -1; - /* whole chunks: xxxxxxyy yyyyzzzz zzwwwwww */ - while(i+3 <= srclength) { - if(o+4 > targsize) return -1; - target[o] = b64[src[i] >> 2]; - target[o+1] = b64[ ((src[i]&0x03)<<4) | (src[i+1]>>4) ]; - target[o+2] = b64[ ((src[i+1]&0x0f)<<2) | (src[i+2]>>6) ]; - target[o+3] = b64[ (src[i+2]&0x3f) ]; - i += 3; - o += 4; - } - /* remainder */ - switch(srclength - i) { - case 2: - /* two at end, converted into A B C = */ - target[o] = b64[src[i] >> 2]; - target[o+1] = b64[ ((src[i]&0x03)<<4) | (src[i+1]>>4) ]; - target[o+2] = b64[ ((src[i+1]&0x0f)<<2) ]; - target[o+3] = pad64; - /* i += 2; */ - o += 4; - break; - case 1: - /* one at end, converted into A B = = */ - target[o] = b64[src[i] >> 2]; - target[o+1] = b64[ ((src[i]&0x03)<<4) ]; - target[o+2] = pad64; - target[o+3] = pad64; - /* i += 1; */ - o += 4; - break; - case 0: - default: - /* nothing */ - break; - } - /* assert: i == srclength */ - if(o+1 > targsize) return -1; - target[o] = 0; - return (int)o; -} - -size_t sldns_b64_pton_calculate_size(size_t srcsize) -{ - return (((((srcsize + 3) / 4) * 3)) + 1); -} - -int sldns_b64_pton(char const *src, uint8_t *target, size_t targsize) -{ - const uint8_t pad64 = 64; /* is 64th in the b64 array */ - const char* s = src; - uint8_t in[4]; - size_t o = 0, incount = 0; - - while(*s) { - /* skip any character that is not base64 */ - /* conceptually we do: - const char* b64 = pad'=' is appended to array - "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/="; - const char* d = strchr(b64, *s++); - and use d-b64; - */ - char d = *s++; - if(d <= 'Z' && d >= 'A') - d -= 'A'; - else if(d <= 'z' && d >= 'a') - d = d - 'a' + 26; - else if(d <= '9' && d >= '0') - d = d - '0' + 52; - else if(d == '+') - d = 62; - else if(d == '/') - d = 63; - else if(d == '=') - d = 64; - else continue; - in[incount++] = (uint8_t)d; - if(incount != 4) - continue; - /* process whole block of 4 characters into 3 output bytes */ - if(in[3] == pad64 && in[2] == pad64) { /* A B = = */ - if(o+1 > targsize) - return -1; - target[o] = (in[0]<<2) | ((in[1]&0x30)>>4); - o += 1; - break; /* we are done */ - } else if(in[3] == pad64) { /* A B C = */ - if(o+2 > targsize) - return -1; - target[o] = (in[0]<<2) | ((in[1]&0x30)>>4); - target[o+1]= ((in[1]&0x0f)<<4) | ((in[2]&0x3c)>>2); - o += 2; - break; /* we are done */ - } else { - if(o+3 > targsize) - return -1; - /* write xxxxxxyy yyyyzzzz zzwwwwww */ - target[o] = (in[0]<<2) | ((in[1]&0x30)>>4); - target[o+1]= ((in[1]&0x0f)<<4) | ((in[2]&0x3c)>>2); - target[o+2]= ((in[2]&0x03)<<6) | in[3]; - o += 3; - } - incount = 0; - } - return (int)o; -} diff --git a/external/unbound/sldns/parseutil.h b/external/unbound/sldns/parseutil.h deleted file mode 100644 index c5238bc10..000000000 --- a/external/unbound/sldns/parseutil.h +++ /dev/null @@ -1,148 +0,0 @@ -/* - * parseutil.h - parse utilities for string and wire conversion - * - * (c) NLnet Labs, 2004 - * - * See the file LICENSE for the license - */ -/** - * \file - * - * Utility functions for parsing, base32(DNS variant) and base64 encoding - * and decoding, Hex, Time units, Escape codes. - */ - -#ifndef LDNS_PARSEUTIL_H -#define LDNS_PARSEUTIL_H -struct tm; - -/** - * A general purpose lookup table - * - * Lookup tables are arrays of (id, name) pairs, - * So you can for instance lookup the RCODE 3, which is "NXDOMAIN", - * and vice versa. The lookup tables themselves are defined wherever needed, - * for instance in host2str.c - */ -struct sldns_struct_lookup_table { - int id; - const char *name; -}; -typedef struct sldns_struct_lookup_table sldns_lookup_table; - -/** - * Looks up the table entry by name, returns NULL if not found. - * \param[in] table the lookup table to search in - * \param[in] name what to search for - * \return the item found - */ -sldns_lookup_table *sldns_lookup_by_name(sldns_lookup_table table[], - const char *name); -/** - * Looks up the table entry by id, returns NULL if not found. - * \param[in] table the lookup table to search in - * \param[in] id what to search for - * \return the item found - */ -sldns_lookup_table *sldns_lookup_by_id(sldns_lookup_table table[], int id); - -/** - * Convert TM to seconds since epoch (midnight, January 1st, 1970). - * Like timegm(3), which is not always available. - * \param[in] tm a struct tm* with the date - * \return the seconds since epoch - */ -time_t sldns_mktime_from_utc(const struct tm *tm); - -/** - * The function interprets time as the number of seconds since epoch - * with respect to now using serial arithmetics (rfc1982). - * That number of seconds is then converted to broken-out time information. - * This is especially usefull when converting the inception and expiration - * fields of RRSIG records. - * - * \param[in] time number of seconds since epoch (midnight, January 1st, 1970) - * to be intepreted as a serial arithmetics number relative to now. - * \param[in] now number of seconds since epoch (midnight, January 1st, 1970) - * to which the time value is compared to determine the final value. - * \param[out] result the struct with the broken-out time information - * \return result on success or NULL on error - */ -struct tm * sldns_serial_arithmitics_gmtime_r(int32_t time, time_t now, struct tm *result); - -/** - * converts a ttl value (like 5d2h) to a long. - * \param[in] nptr the start of the string - * \param[out] endptr points to the last char in case of error - * \return the convert duration value - */ -uint32_t sldns_str2period(const char *nptr, const char **endptr); - -/** - * Returns the int value of the given (hex) digit - * \param[in] ch the hex char to convert - * \return the converted decimal value - */ -int sldns_hexdigit_to_int(char ch); - -/** - * calculates the size needed to store the result of b64_ntop - */ -size_t sldns_b64_ntop_calculate_size(size_t srcsize); - -int sldns_b64_ntop(uint8_t const *src, size_t srclength, - char *target, size_t targsize); - -/** - * calculates the size needed to store the result of sldns_b64_pton - */ -size_t sldns_b64_pton_calculate_size(size_t srcsize); - -int sldns_b64_pton(char const *src, uint8_t *target, size_t targsize); - -/** - * calculates the size needed to store the result of b32_ntop - */ -size_t sldns_b32_ntop_calculate_size(size_t src_data_length); - -size_t sldns_b32_ntop_calculate_size_no_padding(size_t src_data_length); - -int sldns_b32_ntop(const uint8_t* src_data, size_t src_data_length, - char* target_text_buffer, size_t target_text_buffer_size); - -int sldns_b32_ntop_extended_hex(const uint8_t* src_data, size_t src_data_length, - char* target_text_buffer, size_t target_text_buffer_size); - -/** - * calculates the size needed to store the result of b32_pton - */ -size_t sldns_b32_pton_calculate_size(size_t src_text_length); - -int sldns_b32_pton(const char* src_text, size_t src_text_length, - uint8_t* target_data_buffer, size_t target_data_buffer_size); - -int sldns_b32_pton_extended_hex(const char* src_text, size_t src_text_length, - uint8_t* target_data_buffer, size_t target_data_buffer_size); - -/* - * Checks whether the escaped value at **s is an octal value or - * a 'normally' escaped character (and not eos) - * - * @param ch_p: the parsed character - * @param str_p: the string. moved along for characters read. - * The string pointer at *s is increased by either 0 (on error), 1 (on - * normal escapes), or 3 (on octals) - * - * @return 0 on error - */ -int sldns_parse_escape(uint8_t *ch_p, const char** str_p); - -/** - * Parse one character, with escape codes, - * @param ch_p: the parsed character - * @param str_p: the string. moved along for characters read. - * @return 0 on error - */ -int sldns_parse_char(uint8_t *ch_p, const char** str_p); - -#endif /* LDNS_PARSEUTIL_H */ diff --git a/external/unbound/sldns/pkthdr.h b/external/unbound/sldns/pkthdr.h deleted file mode 100644 index de9952ea7..000000000 --- a/external/unbound/sldns/pkthdr.h +++ /dev/null @@ -1,158 +0,0 @@ -/* - * pkthdr.h - packet header from wire conversion routines - * - * a Net::DNS like library for C - * - * (c) NLnet Labs, 2005-2006 - * - * See the file LICENSE for the license - */ - -/** - * \file - * - * Contains functions that translate dns data from the wire format (as sent - * by servers and clients) to the internal structures for the packet header. - */ - -#ifndef LDNS_PKTHDR_H -#define LDNS_PKTHDR_H - -#ifdef __cplusplus -extern "C" { -#endif - -/* The length of the header */ -#define LDNS_HEADER_SIZE 12 - -/* First octet of flags */ -#define LDNS_RD_MASK 0x01U -#define LDNS_RD_SHIFT 0 -#define LDNS_RD_WIRE(wirebuf) (*(wirebuf+2) & LDNS_RD_MASK) -#define LDNS_RD_SET(wirebuf) (*(wirebuf+2) |= LDNS_RD_MASK) -#define LDNS_RD_CLR(wirebuf) (*(wirebuf+2) &= ~LDNS_RD_MASK) - -#define LDNS_TC_MASK 0x02U -#define LDNS_TC_SHIFT 1 -#define LDNS_TC_WIRE(wirebuf) (*(wirebuf+2) & LDNS_TC_MASK) -#define LDNS_TC_SET(wirebuf) (*(wirebuf+2) |= LDNS_TC_MASK) -#define LDNS_TC_CLR(wirebuf) (*(wirebuf+2) &= ~LDNS_TC_MASK) - -#define LDNS_AA_MASK 0x04U -#define LDNS_AA_SHIFT 2 -#define LDNS_AA_WIRE(wirebuf) (*(wirebuf+2) & LDNS_AA_MASK) -#define LDNS_AA_SET(wirebuf) (*(wirebuf+2) |= LDNS_AA_MASK) -#define LDNS_AA_CLR(wirebuf) (*(wirebuf+2) &= ~LDNS_AA_MASK) - -#define LDNS_OPCODE_MASK 0x78U -#define LDNS_OPCODE_SHIFT 3 -#define LDNS_OPCODE_WIRE(wirebuf) ((*(wirebuf+2) & LDNS_OPCODE_MASK) >> LDNS_OPCODE_SHIFT) -#define LDNS_OPCODE_SET(wirebuf, opcode) \ - (*(wirebuf+2) = ((*(wirebuf+2)) & ~LDNS_OPCODE_MASK) | ((opcode) << LDNS_OPCODE_SHIFT)) - -#define LDNS_QR_MASK 0x80U -#define LDNS_QR_SHIFT 7 -#define LDNS_QR_WIRE(wirebuf) (*(wirebuf+2) & LDNS_QR_MASK) -#define LDNS_QR_SET(wirebuf) (*(wirebuf+2) |= LDNS_QR_MASK) -#define LDNS_QR_CLR(wirebuf) (*(wirebuf+2) &= ~LDNS_QR_MASK) - -/* Second octet of flags */ -#define LDNS_RCODE_MASK 0x0fU -#define LDNS_RCODE_SHIFT 0 -#define LDNS_RCODE_WIRE(wirebuf) (*(wirebuf+3) & LDNS_RCODE_MASK) -#define LDNS_RCODE_SET(wirebuf, rcode) \ - (*(wirebuf+3) = ((*(wirebuf+3)) & ~LDNS_RCODE_MASK) | (rcode)) - -#define LDNS_CD_MASK 0x10U -#define LDNS_CD_SHIFT 4 -#define LDNS_CD_WIRE(wirebuf) (*(wirebuf+3) & LDNS_CD_MASK) -#define LDNS_CD_SET(wirebuf) (*(wirebuf+3) |= LDNS_CD_MASK) -#define LDNS_CD_CLR(wirebuf) (*(wirebuf+3) &= ~LDNS_CD_MASK) - -#define LDNS_AD_MASK 0x20U -#define LDNS_AD_SHIFT 5 -#define LDNS_AD_WIRE(wirebuf) (*(wirebuf+3) & LDNS_AD_MASK) -#define LDNS_AD_SET(wirebuf) (*(wirebuf+3) |= LDNS_AD_MASK) -#define LDNS_AD_CLR(wirebuf) (*(wirebuf+3) &= ~LDNS_AD_MASK) - -#define LDNS_Z_MASK 0x40U -#define LDNS_Z_SHIFT 6 -#define LDNS_Z_WIRE(wirebuf) (*(wirebuf+3) & LDNS_Z_MASK) -#define LDNS_Z_SET(wirebuf) (*(wirebuf+3) |= LDNS_Z_MASK) -#define LDNS_Z_CLR(wirebuf) (*(wirebuf+3) &= ~LDNS_Z_MASK) - -#define LDNS_RA_MASK 0x80U -#define LDNS_RA_SHIFT 7 -#define LDNS_RA_WIRE(wirebuf) (*(wirebuf+3) & LDNS_RA_MASK) -#define LDNS_RA_SET(wirebuf) (*(wirebuf+3) |= LDNS_RA_MASK) -#define LDNS_RA_CLR(wirebuf) (*(wirebuf+3) &= ~LDNS_RA_MASK) - -/* Query ID */ -#define LDNS_ID_WIRE(wirebuf) (sldns_read_uint16(wirebuf)) -#define LDNS_ID_SET(wirebuf, id) (sldns_write_uint16(wirebuf, id)) - -/* Counter of the question section */ -#define LDNS_QDCOUNT_OFF 4 -/* -#define QDCOUNT(wirebuf) (ntohs(*(uint16_t *)(wirebuf+QDCOUNT_OFF))) -*/ -#define LDNS_QDCOUNT(wirebuf) (sldns_read_uint16(wirebuf+LDNS_QDCOUNT_OFF)) - -/* Counter of the answer section */ -#define LDNS_ANCOUNT_OFF 6 -#define LDNS_ANCOUNT(wirebuf) (sldns_read_uint16(wirebuf+LDNS_ANCOUNT_OFF)) - -/* Counter of the authority section */ -#define LDNS_NSCOUNT_OFF 8 -#define LDNS_NSCOUNT(wirebuf) (sldns_read_uint16(wirebuf+LDNS_NSCOUNT_OFF)) - -/* Counter of the additional section */ -#define LDNS_ARCOUNT_OFF 10 -#define LDNS_ARCOUNT(wirebuf) (sldns_read_uint16(wirebuf+LDNS_ARCOUNT_OFF)) - -/** - * The sections of a packet - */ -enum sldns_enum_pkt_section { - LDNS_SECTION_QUESTION = 0, - LDNS_SECTION_ANSWER = 1, - LDNS_SECTION_AUTHORITY = 2, - LDNS_SECTION_ADDITIONAL = 3, - /** bogus section, if not interested */ - LDNS_SECTION_ANY = 4, - /** used to get all non-question rrs from a packet */ - LDNS_SECTION_ANY_NOQUESTION = 5 -}; -typedef enum sldns_enum_pkt_section sldns_pkt_section; - -/* opcodes for pkt's */ -enum sldns_enum_pkt_opcode { - LDNS_PACKET_QUERY = 0, - LDNS_PACKET_IQUERY = 1, - LDNS_PACKET_STATUS = 2, /* there is no 3?? DNS is weird */ - LDNS_PACKET_NOTIFY = 4, - LDNS_PACKET_UPDATE = 5 -}; -typedef enum sldns_enum_pkt_opcode sldns_pkt_opcode; - -/* rcodes for pkts */ -enum sldns_enum_pkt_rcode { - LDNS_RCODE_NOERROR = 0, - LDNS_RCODE_FORMERR = 1, - LDNS_RCODE_SERVFAIL = 2, - LDNS_RCODE_NXDOMAIN = 3, - LDNS_RCODE_NOTIMPL = 4, - LDNS_RCODE_REFUSED = 5, - LDNS_RCODE_YXDOMAIN = 6, - LDNS_RCODE_YXRRSET = 7, - LDNS_RCODE_NXRRSET = 8, - LDNS_RCODE_NOTAUTH = 9, - LDNS_RCODE_NOTZONE = 10 -}; -typedef enum sldns_enum_pkt_rcode sldns_pkt_rcode; - -#ifdef __cplusplus -} -#endif - -#endif /* LDNS_PKTHDR_H */ diff --git a/external/unbound/sldns/rrdef.c b/external/unbound/sldns/rrdef.c deleted file mode 100644 index 80b47da16..000000000 --- a/external/unbound/sldns/rrdef.c +++ /dev/null @@ -1,736 +0,0 @@ -/* rrdef.c - * - * access functions to rr definitions list. - * a Net::DNS like library for C - * LibDNS Team @ NLnet Labs - * - * (c) NLnet Labs, 2004-2006 - * See the file LICENSE for the license - */ -/** - * \file - * - * Defines resource record types and constants. - */ -#include "config.h" -#include "sldns/rrdef.h" -#include "sldns/parseutil.h" - -/* classes */ -static sldns_lookup_table sldns_rr_classes_data[] = { - { LDNS_RR_CLASS_IN, "IN" }, - { LDNS_RR_CLASS_CH, "CH" }, - { LDNS_RR_CLASS_HS, "HS" }, - { LDNS_RR_CLASS_NONE, "NONE" }, - { LDNS_RR_CLASS_ANY, "ANY" }, - { 0, NULL } -}; -sldns_lookup_table* sldns_rr_classes = sldns_rr_classes_data; - -/* types */ -static const sldns_rdf_type type_0_wireformat[] = { LDNS_RDF_TYPE_UNKNOWN }; -static const sldns_rdf_type type_a_wireformat[] = { LDNS_RDF_TYPE_A }; -static const sldns_rdf_type type_ns_wireformat[] = { LDNS_RDF_TYPE_DNAME }; -static const sldns_rdf_type type_md_wireformat[] = { LDNS_RDF_TYPE_DNAME }; -static const sldns_rdf_type type_mf_wireformat[] = { LDNS_RDF_TYPE_DNAME }; -static const sldns_rdf_type type_cname_wireformat[] = { LDNS_RDF_TYPE_DNAME }; -static const sldns_rdf_type type_soa_wireformat[] = { - LDNS_RDF_TYPE_DNAME, LDNS_RDF_TYPE_DNAME, LDNS_RDF_TYPE_INT32, - LDNS_RDF_TYPE_PERIOD, LDNS_RDF_TYPE_PERIOD, LDNS_RDF_TYPE_PERIOD, - LDNS_RDF_TYPE_PERIOD -}; -static const sldns_rdf_type type_mb_wireformat[] = { LDNS_RDF_TYPE_DNAME }; -static const sldns_rdf_type type_mg_wireformat[] = { LDNS_RDF_TYPE_DNAME }; -static const sldns_rdf_type type_mr_wireformat[] = { LDNS_RDF_TYPE_DNAME }; -static const sldns_rdf_type type_wks_wireformat[] = { - LDNS_RDF_TYPE_A, LDNS_RDF_TYPE_WKS -}; -static const sldns_rdf_type type_ptr_wireformat[] = { LDNS_RDF_TYPE_DNAME }; -static const sldns_rdf_type type_hinfo_wireformat[] = { - LDNS_RDF_TYPE_STR, LDNS_RDF_TYPE_STR -}; -static const sldns_rdf_type type_minfo_wireformat[] = { - LDNS_RDF_TYPE_DNAME, LDNS_RDF_TYPE_DNAME -}; -static const sldns_rdf_type type_mx_wireformat[] = { - LDNS_RDF_TYPE_INT16, LDNS_RDF_TYPE_DNAME -}; -static const sldns_rdf_type type_rp_wireformat[] = { - LDNS_RDF_TYPE_DNAME, LDNS_RDF_TYPE_DNAME -}; -static const sldns_rdf_type type_afsdb_wireformat[] = { - LDNS_RDF_TYPE_INT16, LDNS_RDF_TYPE_DNAME -}; -static const sldns_rdf_type type_x25_wireformat[] = { LDNS_RDF_TYPE_STR }; -static const sldns_rdf_type type_isdn_wireformat[] = { - LDNS_RDF_TYPE_STR, LDNS_RDF_TYPE_STR -}; -static const sldns_rdf_type type_rt_wireformat[] = { - LDNS_RDF_TYPE_INT16, LDNS_RDF_TYPE_DNAME -}; -static const sldns_rdf_type type_nsap_wireformat[] = { - LDNS_RDF_TYPE_NSAP -}; -static const sldns_rdf_type type_nsap_ptr_wireformat[] = { - LDNS_RDF_TYPE_STR -}; -static const sldns_rdf_type type_sig_wireformat[] = { - LDNS_RDF_TYPE_TYPE, LDNS_RDF_TYPE_ALG, LDNS_RDF_TYPE_INT8, LDNS_RDF_TYPE_INT32, - LDNS_RDF_TYPE_TIME, LDNS_RDF_TYPE_TIME, LDNS_RDF_TYPE_INT16, - LDNS_RDF_TYPE_DNAME, LDNS_RDF_TYPE_B64 -}; -static const sldns_rdf_type type_key_wireformat[] = { - LDNS_RDF_TYPE_INT16, LDNS_RDF_TYPE_INT8, LDNS_RDF_TYPE_INT8, LDNS_RDF_TYPE_B64 -}; -static const sldns_rdf_type type_px_wireformat[] = { - LDNS_RDF_TYPE_INT16, LDNS_RDF_TYPE_DNAME, LDNS_RDF_TYPE_DNAME -}; -static const sldns_rdf_type type_gpos_wireformat[] = { - LDNS_RDF_TYPE_STR, LDNS_RDF_TYPE_STR, LDNS_RDF_TYPE_STR -}; -static const sldns_rdf_type type_aaaa_wireformat[] = { LDNS_RDF_TYPE_AAAA }; -static const sldns_rdf_type type_loc_wireformat[] = { LDNS_RDF_TYPE_LOC }; -static const sldns_rdf_type type_nxt_wireformat[] = { - LDNS_RDF_TYPE_DNAME, LDNS_RDF_TYPE_UNKNOWN -}; -static const sldns_rdf_type type_eid_wireformat[] = { - LDNS_RDF_TYPE_HEX -}; -static const sldns_rdf_type type_nimloc_wireformat[] = { - LDNS_RDF_TYPE_HEX -}; -static const sldns_rdf_type type_srv_wireformat[] = { - LDNS_RDF_TYPE_INT16, LDNS_RDF_TYPE_INT16, LDNS_RDF_TYPE_INT16, LDNS_RDF_TYPE_DNAME -}; -static const sldns_rdf_type type_atma_wireformat[] = { - LDNS_RDF_TYPE_ATMA -}; -static const sldns_rdf_type type_naptr_wireformat[] = { - LDNS_RDF_TYPE_INT16, LDNS_RDF_TYPE_INT16, LDNS_RDF_TYPE_STR, LDNS_RDF_TYPE_STR, LDNS_RDF_TYPE_STR, LDNS_RDF_TYPE_DNAME -}; -static const sldns_rdf_type type_kx_wireformat[] = { - LDNS_RDF_TYPE_INT16, LDNS_RDF_TYPE_DNAME -}; -static const sldns_rdf_type type_cert_wireformat[] = { - LDNS_RDF_TYPE_CERT_ALG, LDNS_RDF_TYPE_INT16, LDNS_RDF_TYPE_ALG, LDNS_RDF_TYPE_B64 -}; -static const sldns_rdf_type type_a6_wireformat[] = { LDNS_RDF_TYPE_UNKNOWN }; -static const sldns_rdf_type type_dname_wireformat[] = { LDNS_RDF_TYPE_DNAME }; -static const sldns_rdf_type type_sink_wireformat[] = { LDNS_RDF_TYPE_INT8, - LDNS_RDF_TYPE_INT8, LDNS_RDF_TYPE_INT8, LDNS_RDF_TYPE_B64 -}; -static const sldns_rdf_type type_apl_wireformat[] = { - LDNS_RDF_TYPE_APL -}; -static const sldns_rdf_type type_ds_wireformat[] = { - LDNS_RDF_TYPE_INT16, LDNS_RDF_TYPE_ALG, LDNS_RDF_TYPE_INT8, LDNS_RDF_TYPE_HEX -}; -static const sldns_rdf_type type_sshfp_wireformat[] = { - LDNS_RDF_TYPE_INT8, LDNS_RDF_TYPE_INT8, LDNS_RDF_TYPE_HEX -}; -static const sldns_rdf_type type_ipseckey_wireformat[] = { - LDNS_RDF_TYPE_IPSECKEY -}; -static const sldns_rdf_type type_rrsig_wireformat[] = { - LDNS_RDF_TYPE_TYPE, LDNS_RDF_TYPE_ALG, LDNS_RDF_TYPE_INT8, LDNS_RDF_TYPE_INT32, - LDNS_RDF_TYPE_TIME, LDNS_RDF_TYPE_TIME, LDNS_RDF_TYPE_INT16, LDNS_RDF_TYPE_DNAME, LDNS_RDF_TYPE_B64 -}; -static const sldns_rdf_type type_nsec_wireformat[] = { - LDNS_RDF_TYPE_DNAME, LDNS_RDF_TYPE_NSEC -}; -static const sldns_rdf_type type_dhcid_wireformat[] = { - LDNS_RDF_TYPE_B64 -}; -static const sldns_rdf_type type_talink_wireformat[] = { - LDNS_RDF_TYPE_DNAME, LDNS_RDF_TYPE_DNAME -}; -static const sldns_rdf_type type_openpgpkey_wireformat[] = { - LDNS_RDF_TYPE_B64 -}; -static const sldns_rdf_type type_csync_wireformat[] = { - LDNS_RDF_TYPE_INT32, LDNS_RDF_TYPE_INT16, LDNS_RDF_TYPE_NSEC -}; -/* nsec3 is some vars, followed by same type of data of nsec */ -static const sldns_rdf_type type_nsec3_wireformat[] = { -/* LDNS_RDF_TYPE_NSEC3_VARS, LDNS_RDF_TYPE_NSEC3_NEXT_OWNER, LDNS_RDF_TYPE_NSEC*/ - LDNS_RDF_TYPE_INT8, LDNS_RDF_TYPE_INT8, LDNS_RDF_TYPE_INT16, LDNS_RDF_TYPE_NSEC3_SALT, LDNS_RDF_TYPE_NSEC3_NEXT_OWNER, LDNS_RDF_TYPE_NSEC -}; - -static const sldns_rdf_type type_nsec3param_wireformat[] = { -/* LDNS_RDF_TYPE_NSEC3_PARAMS_VARS*/ - LDNS_RDF_TYPE_INT8, - LDNS_RDF_TYPE_INT8, - LDNS_RDF_TYPE_INT16, - LDNS_RDF_TYPE_NSEC3_SALT -}; - -static const sldns_rdf_type type_dnskey_wireformat[] = { - LDNS_RDF_TYPE_INT16, - LDNS_RDF_TYPE_INT8, - LDNS_RDF_TYPE_ALG, - LDNS_RDF_TYPE_B64 -}; -static const sldns_rdf_type type_tkey_wireformat[] = { - LDNS_RDF_TYPE_DNAME, - LDNS_RDF_TYPE_TIME, - LDNS_RDF_TYPE_TIME, - LDNS_RDF_TYPE_INT16, - LDNS_RDF_TYPE_INT16, - LDNS_RDF_TYPE_INT16_DATA, - LDNS_RDF_TYPE_INT16_DATA, -}; -static const sldns_rdf_type type_tsig_wireformat[] = { - LDNS_RDF_TYPE_DNAME, - LDNS_RDF_TYPE_TSIGTIME, - LDNS_RDF_TYPE_INT16, - LDNS_RDF_TYPE_INT16_DATA, - LDNS_RDF_TYPE_INT16, - LDNS_RDF_TYPE_INT16, - LDNS_RDF_TYPE_INT16_DATA -}; -static const sldns_rdf_type type_tlsa_wireformat[] = { - LDNS_RDF_TYPE_INT8, - LDNS_RDF_TYPE_INT8, - LDNS_RDF_TYPE_INT8, - LDNS_RDF_TYPE_HEX -}; -static const sldns_rdf_type type_hip_wireformat[] = { - LDNS_RDF_TYPE_HIP -}; -static const sldns_rdf_type type_nid_wireformat[] = { - LDNS_RDF_TYPE_INT16, - LDNS_RDF_TYPE_ILNP64 -}; -static const sldns_rdf_type type_l32_wireformat[] = { - LDNS_RDF_TYPE_INT16, - LDNS_RDF_TYPE_A -}; -static const sldns_rdf_type type_l64_wireformat[] = { - LDNS_RDF_TYPE_INT16, - LDNS_RDF_TYPE_ILNP64 -}; -static const sldns_rdf_type type_lp_wireformat[] = { - LDNS_RDF_TYPE_INT16, - LDNS_RDF_TYPE_DNAME -}; -static const sldns_rdf_type type_eui48_wireformat[] = { - LDNS_RDF_TYPE_EUI48 -}; -static const sldns_rdf_type type_eui64_wireformat[] = { - LDNS_RDF_TYPE_EUI64 -}; -static const sldns_rdf_type type_uri_wireformat[] = { - LDNS_RDF_TYPE_INT16, - LDNS_RDF_TYPE_INT16, - LDNS_RDF_TYPE_LONG_STR -}; -static const sldns_rdf_type type_caa_wireformat[] = { - LDNS_RDF_TYPE_INT8, - LDNS_RDF_TYPE_TAG, - LDNS_RDF_TYPE_LONG_STR -}; - -/* All RR's defined in 1035 are well known and can thus - * be compressed. See RFC3597. These RR's are: - * CNAME HINFO MB MD MF MG MINFO MR MX NULL NS PTR SOA TXT - */ -static sldns_rr_descriptor rdata_field_descriptors[] = { - /* 0 */ - { 0, NULL, 0, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, - /* 1 */ - {LDNS_RR_TYPE_A, "A", 1, 1, type_a_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, - /* 2 */ - {LDNS_RR_TYPE_NS, "NS", 1, 1, type_ns_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_COMPRESS, 1 }, - /* 3 */ - {LDNS_RR_TYPE_MD, "MD", 1, 1, type_md_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_COMPRESS, 1 }, - /* 4 */ - {LDNS_RR_TYPE_MF, "MF", 1, 1, type_mf_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_COMPRESS, 1 }, - /* 5 */ - {LDNS_RR_TYPE_CNAME, "CNAME", 1, 1, type_cname_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_COMPRESS, 1 }, - /* 6 */ - {LDNS_RR_TYPE_SOA, "SOA", 7, 7, type_soa_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_COMPRESS, 2 }, - /* 7 */ - {LDNS_RR_TYPE_MB, "MB", 1, 1, type_mb_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_COMPRESS, 1 }, - /* 8 */ - {LDNS_RR_TYPE_MG, "MG", 1, 1, type_mg_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_COMPRESS, 1 }, - /* 9 */ - {LDNS_RR_TYPE_MR, "MR", 1, 1, type_mr_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_COMPRESS, 1 }, - /* 10 */ - {LDNS_RR_TYPE_NULL, "NULL", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, - /* 11 */ - {LDNS_RR_TYPE_WKS, "WKS", 2, 2, type_wks_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, - /* 12 */ - {LDNS_RR_TYPE_PTR, "PTR", 1, 1, type_ptr_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_COMPRESS, 1 }, - /* 13 */ - {LDNS_RR_TYPE_HINFO, "HINFO", 2, 2, type_hinfo_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, - /* 14 */ - {LDNS_RR_TYPE_MINFO, "MINFO", 2, 2, type_minfo_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_COMPRESS, 2 }, - /* 15 */ - {LDNS_RR_TYPE_MX, "MX", 2, 2, type_mx_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_COMPRESS, 1 }, - /* 16 */ - {LDNS_RR_TYPE_TXT, "TXT", 1, 0, NULL, LDNS_RDF_TYPE_STR, LDNS_RR_NO_COMPRESS, 0 }, - /* 17 */ - {LDNS_RR_TYPE_RP, "RP", 2, 2, type_rp_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 2 }, - /* 18 */ - {LDNS_RR_TYPE_AFSDB, "AFSDB", 2, 2, type_afsdb_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 1 }, - /* 19 */ - {LDNS_RR_TYPE_X25, "X25", 1, 1, type_x25_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, - /* 20 */ - {LDNS_RR_TYPE_ISDN, "ISDN", 1, 2, type_isdn_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, - /* 21 */ - {LDNS_RR_TYPE_RT, "RT", 2, 2, type_rt_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 1 }, - /* 22 */ - {LDNS_RR_TYPE_NSAP, "NSAP", 1, 1, type_nsap_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, - /* 23 */ - {LDNS_RR_TYPE_NSAP_PTR, "NSAP-PTR", 1, 1, type_nsap_ptr_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, - /* 24 */ - {LDNS_RR_TYPE_SIG, "SIG", 9, 9, type_sig_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 1 }, - /* 25 */ - {LDNS_RR_TYPE_KEY, "KEY", 4, 4, type_key_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, - /* 26 */ - {LDNS_RR_TYPE_PX, "PX", 3, 3, type_px_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 2 }, - /* 27 */ - {LDNS_RR_TYPE_GPOS, "GPOS", 3, 3, type_gpos_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, - /* 28 */ - {LDNS_RR_TYPE_AAAA, "AAAA", 1, 1, type_aaaa_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, - /* 29 */ - {LDNS_RR_TYPE_LOC, "LOC", 1, 1, type_loc_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, - /* 30 */ - {LDNS_RR_TYPE_NXT, "NXT", 2, 2, type_nxt_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 1 }, - /* 31 */ - {LDNS_RR_TYPE_EID, "EID", 1, 1, type_eid_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, - /* 32 */ - {LDNS_RR_TYPE_NIMLOC, "NIMLOC", 1, 1, type_nimloc_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, - /* 33 */ - {LDNS_RR_TYPE_SRV, "SRV", 4, 4, type_srv_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 1 }, - /* 34 */ - {LDNS_RR_TYPE_ATMA, "ATMA", 1, 1, type_atma_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, - /* 35 */ - {LDNS_RR_TYPE_NAPTR, "NAPTR", 6, 6, type_naptr_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 1 }, - /* 36 */ - {LDNS_RR_TYPE_KX, "KX", 2, 2, type_kx_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 1 }, - /* 37 */ - {LDNS_RR_TYPE_CERT, "CERT", 4, 4, type_cert_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, - /* 38 */ - {LDNS_RR_TYPE_A6, "A6", 1, 1, type_a6_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, - /* 39 */ - {LDNS_RR_TYPE_DNAME, "DNAME", 1, 1, type_dname_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 1 }, - /* 40 */ - {LDNS_RR_TYPE_SINK, "SINK", 1, 1, type_sink_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, - /* 41 */ - {LDNS_RR_TYPE_OPT, "OPT", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, - /* 42 */ - {LDNS_RR_TYPE_APL, "APL", 0, 0, type_apl_wireformat, LDNS_RDF_TYPE_APL, LDNS_RR_NO_COMPRESS, 0 }, - /* 43 */ - {LDNS_RR_TYPE_DS, "DS", 4, 4, type_ds_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, - /* 44 */ - {LDNS_RR_TYPE_SSHFP, "SSHFP", 3, 3, type_sshfp_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, - /* 45 */ - {LDNS_RR_TYPE_IPSECKEY, "IPSECKEY", 1, 1, type_ipseckey_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, - /* 46 */ - {LDNS_RR_TYPE_RRSIG, "RRSIG", 9, 9, type_rrsig_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 1 }, - /* 47 */ - {LDNS_RR_TYPE_NSEC, "NSEC", 1, 2, type_nsec_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 1 }, - /* 48 */ - {LDNS_RR_TYPE_DNSKEY, "DNSKEY", 4, 4, type_dnskey_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, - /* 49 */ - {LDNS_RR_TYPE_DHCID, "DHCID", 1, 1, type_dhcid_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, - /* 50 */ - {LDNS_RR_TYPE_NSEC3, "NSEC3", 5, 6, type_nsec3_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, - /* 51 */ - {LDNS_RR_TYPE_NSEC3PARAM, "NSEC3PARAM", 4, 4, type_nsec3param_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, - /* 52 */ - {LDNS_RR_TYPE_TLSA, "TLSA", 4, 4, type_tlsa_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, - -{LDNS_RR_TYPE_NULL, "TYPE53", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE54", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, - /* 55 - * Hip ends with 0 or more Rendezvous Servers represented as dname's. - * Hence the LDNS_RDF_TYPE_DNAME _variable field and the _maximum field - * set to 0. - */ - {LDNS_RR_TYPE_HIP, "HIP", 1, 1, type_hip_wireformat, LDNS_RDF_TYPE_DNAME, LDNS_RR_NO_COMPRESS, 0 }, - -#ifdef DRAFT_RRTYPES - /* 56 */ - {LDNS_RR_TYPE_NINFO, "NINFO", 1, 0, NULL, LDNS_RDF_TYPE_STR, LDNS_RR_NO_COMPRESS, 0 }, - /* 57 */ - {LDNS_RR_TYPE_RKEY, "RKEY", 4, 4, type_key_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -#else -{LDNS_RR_TYPE_NULL, "TYPE56", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE57", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -#endif - /* 58 */ - {LDNS_RR_TYPE_TALINK, "TALINK", 2, 2, type_talink_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 2 }, - - /* 59 */ - {LDNS_RR_TYPE_CDS, "CDS", 4, 4, type_ds_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, - /* 60 */ - {LDNS_RR_TYPE_CDNSKEY, "CDNSKEY", 4, 4, type_dnskey_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, - /* 61 */ -{LDNS_RR_TYPE_OPENPGPKEY, "OPENPGPKEY", 1, 1, type_openpgpkey_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, - /* 62 */ - {LDNS_RR_TYPE_CSYNC, "CSYNC", 3, 3, type_csync_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE63", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE64", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE65", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE66", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE67", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE68", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE69", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE70", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE71", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE72", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE73", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE74", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE75", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE76", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE77", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE78", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE79", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE80", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE81", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE82", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE83", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE84", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE85", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE86", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE87", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE88", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE89", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE90", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE91", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE92", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE93", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE94", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE95", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE96", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE97", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE98", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, - - /* 99 */ - {LDNS_RR_TYPE_SPF, "SPF", 1, 0, NULL, LDNS_RDF_TYPE_STR, LDNS_RR_NO_COMPRESS, 0 }, - - /* UINFO [IANA-Reserved] */ -{LDNS_RR_TYPE_NULL, "TYPE100", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, - /* UID [IANA-Reserved] */ -{LDNS_RR_TYPE_NULL, "TYPE101", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, - /* GID [IANA-Reserved] */ -{LDNS_RR_TYPE_NULL, "TYPE102", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, - /* UNSPEC [IANA-Reserved] */ -{LDNS_RR_TYPE_NULL, "TYPE103", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, - - /* 104 */ - {LDNS_RR_TYPE_NID, "NID", 2, 2, type_nid_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, - /* 105 */ - {LDNS_RR_TYPE_L32, "L32", 2, 2, type_l32_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, - /* 106 */ - {LDNS_RR_TYPE_L64, "L64", 2, 2, type_l64_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, - /* 107 */ - {LDNS_RR_TYPE_LP, "LP", 2, 2, type_lp_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 1 }, - - /* 108 */ - {LDNS_RR_TYPE_EUI48, "EUI48", 1, 1, type_eui48_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, - /* 109 */ - {LDNS_RR_TYPE_EUI64, "EUI64", 1, 1, type_eui64_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, - -{LDNS_RR_TYPE_NULL, "TYPE110", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE111", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE112", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE113", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE114", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE115", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE116", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE117", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE118", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE119", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE120", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE121", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE122", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE123", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE124", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE125", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE126", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE127", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE128", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE129", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE130", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE131", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE132", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE133", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE134", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE135", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE136", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE137", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE138", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE139", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE140", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE141", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE142", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE143", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE144", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE145", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE146", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE147", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE148", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE149", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE150", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE151", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE152", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE153", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE154", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE155", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE156", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE157", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE158", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE159", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE160", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE161", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE162", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE163", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE164", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE165", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE166", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE167", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE168", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE169", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE170", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE171", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE172", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE173", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE174", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE175", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE176", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE177", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE178", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE179", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE180", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE181", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE182", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE183", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE184", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE185", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE186", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE187", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE188", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE189", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE190", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE191", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE192", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE193", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE194", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE195", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE196", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE197", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE198", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE199", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE200", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE201", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE202", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE203", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE204", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE205", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE206", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE207", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE208", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE209", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE210", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE211", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE212", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE213", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE214", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE215", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE216", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE217", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE218", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE219", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE220", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE221", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE222", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE223", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE224", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE225", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE226", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE227", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE228", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE229", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE230", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE231", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE232", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE233", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE234", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE235", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE236", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE237", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE238", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE239", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE240", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE241", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE242", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE243", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE244", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE245", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE246", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE247", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE248", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, - - /* LDNS_RDF_TYPE_INT16_DATA takes two fields (length and data) as one. - * So, unlike RFC 2930 spec, we have 7 min/max rdf's i.s.o. 8/9. - */ - /* 249 */ - {LDNS_RR_TYPE_TKEY, "TKEY", 7, 7, type_tkey_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 1 }, - /* LDNS_RDF_TYPE_INT16_DATA takes two fields (length and data) as one. - * So, unlike RFC 2930 spec, we have 7 min/max rdf's i.s.o. 8/9. - */ - /* 250 */ - {LDNS_RR_TYPE_TSIG, "TSIG", 7, 7, type_tsig_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 1 }, - - /* IXFR: A request for a transfer of an incremental zone transfer */ -{LDNS_RR_TYPE_IXFR, "IXFR", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, - /* AXFR: A request for a transfer of an entire zone */ -{LDNS_RR_TYPE_AXFR, "AXFR", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, - /* MAILB: A request for mailbox-related records (MB, MG or MR) */ -{LDNS_RR_TYPE_MAILB, "MAILB", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, - /* MAILA: A request for mail agent RRs (Obsolete - see MX) */ -{LDNS_RR_TYPE_MAILA, "MAILA", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, - /* ANY: A request for all (available) records */ -{LDNS_RR_TYPE_ANY, "ANY", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, - - /* 256 */ - {LDNS_RR_TYPE_URI, "URI", 3, 3, type_uri_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, - /* 257 */ - {LDNS_RR_TYPE_CAA, "CAA", 3, 3, type_caa_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, - -/* split in array, no longer contiguous */ - -#ifdef DRAFT_RRTYPES - /* 32768 */ - {LDNS_RR_TYPE_TA, "TA", 4, 4, type_ds_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -#else -{LDNS_RR_TYPE_NULL, "TYPE32768", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -#endif - /* 32769 */ - {LDNS_RR_TYPE_DLV, "DLV", 4, 4, type_ds_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 } -}; - -/** - * \def LDNS_RDATA_FIELD_DESCRIPTORS_COUNT - * computes the number of rdata fields - */ -#define LDNS_RDATA_FIELD_DESCRIPTORS_COUNT \ - (sizeof(rdata_field_descriptors)/sizeof(rdata_field_descriptors[0])) - -const sldns_rr_descriptor * -sldns_rr_descript(uint16_t type) -{ - size_t i; - if (type < LDNS_RDATA_FIELD_DESCRIPTORS_COMMON) { - return &rdata_field_descriptors[type]; - } else { - /* because not all array index equals type code */ - for (i = LDNS_RDATA_FIELD_DESCRIPTORS_COMMON; - i < LDNS_RDATA_FIELD_DESCRIPTORS_COUNT; - i++) { - if (rdata_field_descriptors[i]._type == type) { - return &rdata_field_descriptors[i]; - } - } - return &rdata_field_descriptors[0]; - } -} - -size_t -sldns_rr_descriptor_minimum(const sldns_rr_descriptor *descriptor) -{ - if (descriptor) { - return descriptor->_minimum; - } else { - return 0; - } -} - -size_t -sldns_rr_descriptor_maximum(const sldns_rr_descriptor *descriptor) -{ - if (descriptor) { - if (descriptor->_variable != LDNS_RDF_TYPE_NONE) { - return 65535; /* cannot be more than 64k */ - } else { - return descriptor->_maximum; - } - } else { - return 0; - } -} - -sldns_rdf_type -sldns_rr_descriptor_field_type(const sldns_rr_descriptor *descriptor, - size_t index) -{ - assert(descriptor != NULL); - assert(index < descriptor->_maximum - || descriptor->_variable != LDNS_RDF_TYPE_NONE); - if (index < descriptor->_maximum) { - return descriptor->_wireformat[index]; - } else { - return descriptor->_variable; - } -} - -sldns_rr_type -sldns_get_rr_type_by_name(const char *name) -{ - unsigned int i; - const char *desc_name; - const sldns_rr_descriptor *desc; - - /* TYPEXX representation */ - if (strlen(name) > 4 && strncasecmp(name, "TYPE", 4) == 0) { - return atoi(name + 4); - } - - /* Normal types */ - for (i = 0; i < (unsigned int) LDNS_RDATA_FIELD_DESCRIPTORS_COUNT; i++) { - desc = &rdata_field_descriptors[i]; - desc_name = desc->_name; - if(desc_name && - strlen(name) == strlen(desc_name) && - strncasecmp(name, desc_name, strlen(desc_name)) == 0) { - /* because not all array index equals type code */ - return desc->_type; - } - } - - /* special cases for query types */ - if (strlen(name) == 4 && strncasecmp(name, "IXFR", 4) == 0) { - return 251; - } else if (strlen(name) == 4 && strncasecmp(name, "AXFR", 4) == 0) { - return 252; - } else if (strlen(name) == 5 && strncasecmp(name, "MAILB", 5) == 0) { - return 253; - } else if (strlen(name) == 5 && strncasecmp(name, "MAILA", 5) == 0) { - return 254; - } else if (strlen(name) == 3 && strncasecmp(name, "ANY", 3) == 0) { - return 255; - } - - return 0; -} - -sldns_rr_class -sldns_get_rr_class_by_name(const char *name) -{ - sldns_lookup_table *lt; - - /* CLASSXX representation */ - if (strlen(name) > 5 && strncasecmp(name, "CLASS", 5) == 0) { - return atoi(name + 5); - } - - /* Normal types */ - lt = sldns_lookup_by_name(sldns_rr_classes, name); - if (lt) { - return lt->id; - } - return 0; -} diff --git a/external/unbound/sldns/rrdef.h b/external/unbound/sldns/rrdef.h deleted file mode 100644 index af7bca1d2..000000000 --- a/external/unbound/sldns/rrdef.h +++ /dev/null @@ -1,510 +0,0 @@ -/* - * rrdef.h - * - * RR definitions - * - * a Net::DNS like library for C - * - * (c) NLnet Labs, 2005-2006 - * - * See the file LICENSE for the license - */ - -/** - * \file - * - * Defines resource record types and constants. - */ - -#ifndef LDNS_RRDEF_H -#define LDNS_RRDEF_H - -#ifdef __cplusplus -extern "C" { -#endif - -/** Maximum length of a dname label */ -#define LDNS_MAX_LABELLEN 63 -/** Maximum length of a complete dname */ -#define LDNS_MAX_DOMAINLEN 255 -/** Maximum number of pointers in 1 dname */ -#define LDNS_MAX_POINTERS 65535 -/** The bytes TTL, CLASS and length use up in an rr */ -#define LDNS_RR_OVERHEAD 10 - -#define LDNS_DNSSEC_KEYPROTO 3 -#define LDNS_KEY_ZONE_KEY 0x0100 /* set for ZSK&KSK, rfc 4034 */ -#define LDNS_KEY_SEP_KEY 0x0001 /* set for KSK, rfc 4034 */ -#define LDNS_KEY_REVOKE_KEY 0x0080 /* used to revoke KSK, rfc 5011 */ - -/* The first fields are contiguous and can be referenced instantly */ -#define LDNS_RDATA_FIELD_DESCRIPTORS_COMMON 258 - -/** lookuptable for rr classes */ -extern struct sldns_struct_lookup_table* sldns_rr_classes; - -/** - * The different RR classes. - */ -enum sldns_enum_rr_class -{ - /** the Internet */ - LDNS_RR_CLASS_IN = 1, - /** Chaos class */ - LDNS_RR_CLASS_CH = 3, - /** Hesiod (Dyer 87) */ - LDNS_RR_CLASS_HS = 4, - /** None class, dynamic update */ - LDNS_RR_CLASS_NONE = 254, - /** Any class */ - LDNS_RR_CLASS_ANY = 255, - - LDNS_RR_CLASS_FIRST = 0, - LDNS_RR_CLASS_LAST = 65535, - LDNS_RR_CLASS_COUNT = LDNS_RR_CLASS_LAST - LDNS_RR_CLASS_FIRST + 1 -}; -typedef enum sldns_enum_rr_class sldns_rr_class; - -/** - * Used to specify whether compression is allowed. - */ -enum sldns_enum_rr_compress -{ - /** compression is allowed */ - LDNS_RR_COMPRESS, - LDNS_RR_NO_COMPRESS -}; -typedef enum sldns_enum_rr_compress sldns_rr_compress; - -/** - * The different RR types. - */ -enum sldns_enum_rr_type -{ - /** a host address */ - LDNS_RR_TYPE_A = 1, - /** an authoritative name server */ - LDNS_RR_TYPE_NS = 2, - /** a mail destination (Obsolete - use MX) */ - LDNS_RR_TYPE_MD = 3, - /** a mail forwarder (Obsolete - use MX) */ - LDNS_RR_TYPE_MF = 4, - /** the canonical name for an alias */ - LDNS_RR_TYPE_CNAME = 5, - /** marks the start of a zone of authority */ - LDNS_RR_TYPE_SOA = 6, - /** a mailbox domain name (EXPERIMENTAL) */ - LDNS_RR_TYPE_MB = 7, - /** a mail group member (EXPERIMENTAL) */ - LDNS_RR_TYPE_MG = 8, - /** a mail rename domain name (EXPERIMENTAL) */ - LDNS_RR_TYPE_MR = 9, - /** a null RR (EXPERIMENTAL) */ - LDNS_RR_TYPE_NULL = 10, - /** a well known service description */ - LDNS_RR_TYPE_WKS = 11, - /** a domain name pointer */ - LDNS_RR_TYPE_PTR = 12, - /** host information */ - LDNS_RR_TYPE_HINFO = 13, - /** mailbox or mail list information */ - LDNS_RR_TYPE_MINFO = 14, - /** mail exchange */ - LDNS_RR_TYPE_MX = 15, - /** text strings */ - LDNS_RR_TYPE_TXT = 16, - /** RFC1183 */ - LDNS_RR_TYPE_RP = 17, - /** RFC1183 */ - LDNS_RR_TYPE_AFSDB = 18, - /** RFC1183 */ - LDNS_RR_TYPE_X25 = 19, - /** RFC1183 */ - LDNS_RR_TYPE_ISDN = 20, - /** RFC1183 */ - LDNS_RR_TYPE_RT = 21, - /** RFC1706 */ - LDNS_RR_TYPE_NSAP = 22, - /** RFC1348 */ - LDNS_RR_TYPE_NSAP_PTR = 23, - /** 2535typecode */ - LDNS_RR_TYPE_SIG = 24, - /** 2535typecode */ - LDNS_RR_TYPE_KEY = 25, - /** RFC2163 */ - LDNS_RR_TYPE_PX = 26, - /** RFC1712 */ - LDNS_RR_TYPE_GPOS = 27, - /** ipv6 address */ - LDNS_RR_TYPE_AAAA = 28, - /** LOC record RFC1876 */ - LDNS_RR_TYPE_LOC = 29, - /** 2535typecode */ - LDNS_RR_TYPE_NXT = 30, - /** draft-ietf-nimrod-dns-01.txt */ - LDNS_RR_TYPE_EID = 31, - /** draft-ietf-nimrod-dns-01.txt */ - LDNS_RR_TYPE_NIMLOC = 32, - /** SRV record RFC2782 */ - LDNS_RR_TYPE_SRV = 33, - /** http://www.jhsoft.com/rfc/af-saa-0069.000.rtf */ - LDNS_RR_TYPE_ATMA = 34, - /** RFC2915 */ - LDNS_RR_TYPE_NAPTR = 35, - /** RFC2230 */ - LDNS_RR_TYPE_KX = 36, - /** RFC2538 */ - LDNS_RR_TYPE_CERT = 37, - /** RFC2874 */ - LDNS_RR_TYPE_A6 = 38, - /** RFC2672 */ - LDNS_RR_TYPE_DNAME = 39, - /** dnsind-kitchen-sink-02.txt */ - LDNS_RR_TYPE_SINK = 40, - /** Pseudo OPT record... */ - LDNS_RR_TYPE_OPT = 41, - /** RFC3123 */ - LDNS_RR_TYPE_APL = 42, - /** RFC4034, RFC3658 */ - LDNS_RR_TYPE_DS = 43, - /** SSH Key Fingerprint */ - LDNS_RR_TYPE_SSHFP = 44, /* RFC 4255 */ - /** IPsec Key */ - LDNS_RR_TYPE_IPSECKEY = 45, /* RFC 4025 */ - /** DNSSEC */ - LDNS_RR_TYPE_RRSIG = 46, /* RFC 4034 */ - LDNS_RR_TYPE_NSEC = 47, /* RFC 4034 */ - LDNS_RR_TYPE_DNSKEY = 48, /* RFC 4034 */ - - LDNS_RR_TYPE_DHCID = 49, /* RFC 4701 */ - /* NSEC3 */ - LDNS_RR_TYPE_NSEC3 = 50, /* RFC 5155 */ - LDNS_RR_TYPE_NSEC3PARAM = 51, /* RFC 5155 */ - LDNS_RR_TYPE_NSEC3PARAMS = 51, - LDNS_RR_TYPE_TLSA = 52, /* RFC 6698 */ - LDNS_RR_TYPE_SMIMEA = 53, /* draft-ietf-dane-smime, TLSA-like but may - be extended */ - - LDNS_RR_TYPE_HIP = 55, /* RFC 5205 */ - - /** draft-reid-dnsext-zs */ - LDNS_RR_TYPE_NINFO = 56, - /** draft-reid-dnsext-rkey */ - LDNS_RR_TYPE_RKEY = 57, - /** draft-ietf-dnsop-trust-history */ - LDNS_RR_TYPE_TALINK = 58, - LDNS_RR_TYPE_CDS = 59, /** RFC 7344 */ - LDNS_RR_TYPE_CDNSKEY = 60, /** RFC 7344 */ - LDNS_RR_TYPE_OPENPGPKEY = 61, /* RFC 7929 */ - LDNS_RR_TYPE_CSYNC = 62, /* RFC 7477 */ - - LDNS_RR_TYPE_SPF = 99, /* RFC 4408 */ - - LDNS_RR_TYPE_UINFO = 100, - LDNS_RR_TYPE_UID = 101, - LDNS_RR_TYPE_GID = 102, - LDNS_RR_TYPE_UNSPEC = 103, - - LDNS_RR_TYPE_NID = 104, /* RFC 6742 */ - LDNS_RR_TYPE_L32 = 105, /* RFC 6742 */ - LDNS_RR_TYPE_L64 = 106, /* RFC 6742 */ - LDNS_RR_TYPE_LP = 107, /* RFC 6742 */ - - /** draft-jabley-dnsext-eui48-eui64-rrtypes */ - LDNS_RR_TYPE_EUI48 = 108, - LDNS_RR_TYPE_EUI64 = 109, - - LDNS_RR_TYPE_TKEY = 249, /* RFC 2930 */ - LDNS_RR_TYPE_TSIG = 250, - LDNS_RR_TYPE_IXFR = 251, - LDNS_RR_TYPE_AXFR = 252, - /** A request for mailbox-related records (MB, MG or MR) */ - LDNS_RR_TYPE_MAILB = 253, - /** A request for mail agent RRs (Obsolete - see MX) */ - LDNS_RR_TYPE_MAILA = 254, - /** any type (wildcard) */ - LDNS_RR_TYPE_ANY = 255, - LDNS_RR_TYPE_URI = 256, /* RFC 7553 */ - LDNS_RR_TYPE_CAA = 257, /* RFC 6844 */ - - /** DNSSEC Trust Authorities */ - LDNS_RR_TYPE_TA = 32768, - /* RFC 4431, 5074, DNSSEC Lookaside Validation */ - LDNS_RR_TYPE_DLV = 32769, - - /* type codes from nsec3 experimental phase - LDNS_RR_TYPE_NSEC3 = 65324, - LDNS_RR_TYPE_NSEC3PARAMS = 65325, */ - LDNS_RR_TYPE_FIRST = 0, - LDNS_RR_TYPE_LAST = 65535, - LDNS_RR_TYPE_COUNT = LDNS_RR_TYPE_LAST - LDNS_RR_TYPE_FIRST + 1 -}; -typedef enum sldns_enum_rr_type sldns_rr_type; - -/* RDATA */ -#define LDNS_MAX_RDFLEN 65535 - -#define LDNS_RDF_SIZE_BYTE 1 -#define LDNS_RDF_SIZE_WORD 2 -#define LDNS_RDF_SIZE_DOUBLEWORD 4 -#define LDNS_RDF_SIZE_6BYTES 6 -#define LDNS_RDF_SIZE_8BYTES 8 -#define LDNS_RDF_SIZE_16BYTES 16 - -#define LDNS_NSEC3_VARS_OPTOUT_MASK 0x01 - -#define LDNS_APL_IP4 1 -#define LDNS_APL_IP6 2 -#define LDNS_APL_MASK 0x7f -#define LDNS_APL_NEGATION 0x80 - -/** - * The different types of RDATA fields. - */ -enum sldns_enum_rdf_type -{ - /** none */ - LDNS_RDF_TYPE_NONE, - /** domain name */ - LDNS_RDF_TYPE_DNAME, - /** 8 bits */ - LDNS_RDF_TYPE_INT8, - /** 16 bits */ - LDNS_RDF_TYPE_INT16, - /** 32 bits */ - LDNS_RDF_TYPE_INT32, - /** A record */ - LDNS_RDF_TYPE_A, - /** AAAA record */ - LDNS_RDF_TYPE_AAAA, - /** txt string */ - LDNS_RDF_TYPE_STR, - /** apl data */ - LDNS_RDF_TYPE_APL, - /** b32 string */ - LDNS_RDF_TYPE_B32_EXT, - /** b64 string */ - LDNS_RDF_TYPE_B64, - /** hex string */ - LDNS_RDF_TYPE_HEX, - /** nsec type codes */ - LDNS_RDF_TYPE_NSEC, - /** a RR type */ - LDNS_RDF_TYPE_TYPE, - /** a class */ - LDNS_RDF_TYPE_CLASS, - /** certificate algorithm */ - LDNS_RDF_TYPE_CERT_ALG, - /** a key algorithm */ - LDNS_RDF_TYPE_ALG, - /** unknown types */ - LDNS_RDF_TYPE_UNKNOWN, - /** time (32 bits) */ - LDNS_RDF_TYPE_TIME, - /** period */ - LDNS_RDF_TYPE_PERIOD, - /** tsig time 48 bits */ - LDNS_RDF_TYPE_TSIGTIME, - /** Represents the Public Key Algorithm, HIT and Public Key fields - for the HIP RR types. A HIP specific rdf type is used because of - the unusual layout in wireformat (see RFC 5205 Section 5) */ - LDNS_RDF_TYPE_HIP, - /** variable length any type rdata where the length - is specified by the first 2 bytes */ - LDNS_RDF_TYPE_INT16_DATA, - /** protocol and port bitmaps */ - LDNS_RDF_TYPE_SERVICE, - /** location data */ - LDNS_RDF_TYPE_LOC, - /** well known services */ - LDNS_RDF_TYPE_WKS, - /** NSAP */ - LDNS_RDF_TYPE_NSAP, - /** ATMA */ - LDNS_RDF_TYPE_ATMA, - /** IPSECKEY */ - LDNS_RDF_TYPE_IPSECKEY, - /** nsec3 hash salt */ - LDNS_RDF_TYPE_NSEC3_SALT, - /** nsec3 base32 string (with length byte on wire */ - LDNS_RDF_TYPE_NSEC3_NEXT_OWNER, - - /** 4 shorts represented as 4 * 16 bit hex numbers - * seperated by colons. For NID and L64. - */ - LDNS_RDF_TYPE_ILNP64, - - /** 6 * 8 bit hex numbers seperated by dashes. For EUI48. */ - LDNS_RDF_TYPE_EUI48, - /** 8 * 8 bit hex numbers seperated by dashes. For EUI64. */ - LDNS_RDF_TYPE_EUI64, - - /** A non-zero sequence of US-ASCII letters and numbers in lower case. - * For CAA. - */ - LDNS_RDF_TYPE_TAG, - - /** A encoding of the value field as specified - * [RFC1035], Section 5.1., encoded as remaining rdata. - * For CAA, URI. - */ - LDNS_RDF_TYPE_LONG_STR, - - /* Aliases */ - LDNS_RDF_TYPE_BITMAP = LDNS_RDF_TYPE_NSEC -}; -typedef enum sldns_enum_rdf_type sldns_rdf_type; - -/** - * Algorithms used in dns - */ -enum sldns_enum_algorithm -{ - LDNS_RSAMD5 = 1, /* RFC 4034,4035 */ - LDNS_DH = 2, - LDNS_DSA = 3, - LDNS_ECC = 4, - LDNS_RSASHA1 = 5, - LDNS_DSA_NSEC3 = 6, - LDNS_RSASHA1_NSEC3 = 7, - LDNS_RSASHA256 = 8, /* RFC 5702 */ - LDNS_RSASHA512 = 10, /* RFC 5702 */ - LDNS_ECC_GOST = 12, /* RFC 5933 */ - LDNS_ECDSAP256SHA256 = 13, /* RFC 6605 */ - LDNS_ECDSAP384SHA384 = 14, /* RFC 6605 */ - LDNS_ED25519 = 15, /* RFC 8080 */ - LDNS_ED448 = 16, /* RFC 8080 */ - LDNS_INDIRECT = 252, - LDNS_PRIVATEDNS = 253, - LDNS_PRIVATEOID = 254 -}; -typedef enum sldns_enum_algorithm sldns_algorithm; - -/** - * Hashing algorithms used in the DS record - */ -enum sldns_enum_hash -{ - LDNS_SHA1 = 1, /* RFC 4034 */ - LDNS_SHA256 = 2, /* RFC 4509 */ - LDNS_HASH_GOST = 3, /* RFC 5933 */ - LDNS_SHA384 = 4 /* RFC 6605 */ -}; -typedef enum sldns_enum_hash sldns_hash; - -/** - * algorithms used in CERT rrs - */ -enum sldns_enum_cert_algorithm -{ - LDNS_CERT_PKIX = 1, - LDNS_CERT_SPKI = 2, - LDNS_CERT_PGP = 3, - LDNS_CERT_IPKIX = 4, - LDNS_CERT_ISPKI = 5, - LDNS_CERT_IPGP = 6, - LDNS_CERT_ACPKIX = 7, - LDNS_CERT_IACPKIX = 8, - LDNS_CERT_URI = 253, - LDNS_CERT_OID = 254 -}; -typedef enum sldns_enum_cert_algorithm sldns_cert_algorithm; - -/** - * EDNS option codes - */ -enum sldns_enum_edns_option -{ - LDNS_EDNS_LLQ = 1, /* http://files.dns-sd.org/draft-sekar-dns-llq.txt */ - LDNS_EDNS_UL = 2, /* http://files.dns-sd.org/draft-sekar-dns-ul.txt */ - LDNS_EDNS_NSID = 3, /* RFC5001 */ - /* 4 draft-cheshire-edns0-owner-option */ - LDNS_EDNS_DAU = 5, /* RFC6975 */ - LDNS_EDNS_DHU = 6, /* RFC6975 */ - LDNS_EDNS_N3U = 7, /* RFC6975 */ - LDNS_EDNS_CLIENT_SUBNET = 8, /* RFC7871 */ - LDNS_EDNS_KEEPALIVE = 11, /* draft-ietf-dnsop-edns-tcp-keepalive*/ - LDNS_EDNS_PADDING = 12 /* RFC7830 */ -}; -typedef enum sldns_enum_edns_option sldns_edns_option; - -#define LDNS_EDNS_MASK_DO_BIT 0x8000 - -/** - * Contains all information about resource record types. - * - * This structure contains, for all rr types, the rdata fields that are defined. - */ -struct sldns_struct_rr_descriptor -{ - /** Type of the RR that is described here */ - sldns_rr_type _type; - /** Textual name of the RR type. */ - const char *_name; - /** Minimum number of rdata fields in the RRs of this type. */ - uint8_t _minimum; - /** Maximum number of rdata fields in the RRs of this type. */ - uint8_t _maximum; - /** Wireformat specification for the rr, i.e. the types of rdata fields in their respective order. */ - const sldns_rdf_type *_wireformat; - /** Special rdf types */ - sldns_rdf_type _variable; - /** Specifies whether compression can be used for dnames in this RR type. */ - sldns_rr_compress _compress; - /** The number of DNAMEs in the _wireformat string, for parsing. */ - uint8_t _dname_count; -}; -typedef struct sldns_struct_rr_descriptor sldns_rr_descriptor; - -/** - * returns the resource record descriptor for the given rr type. - * - * \param[in] type the type value of the rr type - *\return the sldns_rr_descriptor for this type - */ -const sldns_rr_descriptor *sldns_rr_descript(uint16_t type); - -/** - * returns the minimum number of rdata fields of the rr type this descriptor describes. - * - * \param[in] descriptor for an rr type - * \return the minimum number of rdata fields - */ -size_t sldns_rr_descriptor_minimum(const sldns_rr_descriptor *descriptor); - -/** - * returns the maximum number of rdata fields of the rr type this descriptor describes. - * - * \param[in] descriptor for an rr type - * \return the maximum number of rdata fields - */ -size_t sldns_rr_descriptor_maximum(const sldns_rr_descriptor *descriptor); - -/** - * returns the rdf type for the given rdata field number of the rr type for the given descriptor. - * - * \param[in] descriptor for an rr type - * \param[in] field the field number - * \return the rdf type for the field - */ -sldns_rdf_type sldns_rr_descriptor_field_type(const sldns_rr_descriptor *descriptor, size_t field); - -/** - * retrieves a rrtype by looking up its name. - * \param[in] name a string with the name - * \return the type which corresponds with the name - */ -sldns_rr_type sldns_get_rr_type_by_name(const char *name); - -/** - * retrieves a class by looking up its name. - * \param[in] name string with the name - * \return the cass which corresponds with the name - */ -sldns_rr_class sldns_get_rr_class_by_name(const char *name); - -#ifdef __cplusplus -} -#endif - -#endif /* LDNS_RRDEF_H */ diff --git a/external/unbound/sldns/sbuffer.c b/external/unbound/sldns/sbuffer.c deleted file mode 100644 index a04b9b655..000000000 --- a/external/unbound/sldns/sbuffer.c +++ /dev/null @@ -1,191 +0,0 @@ -/* - * buffer.c -- generic memory buffer . - * - * Copyright (c) 2001-2008, NLnet Labs. All rights reserved. - * - * See LICENSE for the license. - * - */ -/** - * \file - * - * This file contains the definition of sldns_buffer, and functions to manipulate those. - */ -#include "config.h" -#include "sldns/sbuffer.h" -#include - -sldns_buffer * -sldns_buffer_new(size_t capacity) -{ - sldns_buffer *buffer = (sldns_buffer*)malloc(sizeof(sldns_buffer)); - - if (!buffer) { - return NULL; - } - - buffer->_data = (uint8_t *) malloc(capacity); - if (!buffer->_data) { - free(buffer); - return NULL; - } - - buffer->_position = 0; - buffer->_limit = buffer->_capacity = capacity; - buffer->_fixed = 0; - buffer->_vfixed = 0; - buffer->_status_err = 0; - - sldns_buffer_invariant(buffer); - - return buffer; -} - -void -sldns_buffer_new_frm_data(sldns_buffer *buffer, void *data, size_t size) -{ - assert(data != NULL); - - buffer->_position = 0; - buffer->_limit = buffer->_capacity = size; - buffer->_fixed = 0; - buffer->_vfixed = 0; - buffer->_data = malloc(size); - if(!buffer->_data) { - buffer->_status_err = 1; - return; - } - memcpy(buffer->_data, data, size); - buffer->_status_err = 0; - - sldns_buffer_invariant(buffer); -} - -void -sldns_buffer_init_frm_data(sldns_buffer *buffer, void *data, size_t size) -{ - memset(buffer, 0, sizeof(*buffer)); - buffer->_data = data; - buffer->_capacity = buffer->_limit = size; - buffer->_fixed = 1; - buffer->_vfixed = 0; -} - -void -sldns_buffer_init_vfixed_frm_data(sldns_buffer *buffer, void *data, size_t size) -{ - memset(buffer, 0, sizeof(*buffer)); - buffer->_data = data; - buffer->_capacity = buffer->_limit = size; - buffer->_fixed = 1; - buffer->_vfixed = 1; -} - -int -sldns_buffer_set_capacity(sldns_buffer *buffer, size_t capacity) -{ - void *data; - - sldns_buffer_invariant(buffer); - assert(buffer->_position <= capacity && !buffer->_fixed); - - data = (uint8_t *) realloc(buffer->_data, capacity); - if (!data) { - buffer->_status_err = 1; - return 0; - } else { - buffer->_data = data; - buffer->_limit = buffer->_capacity = capacity; - return 1; - } -} - -int -sldns_buffer_reserve(sldns_buffer *buffer, size_t amount) -{ - sldns_buffer_invariant(buffer); - assert(!buffer->_fixed); - if (buffer->_capacity < buffer->_position + amount) { - size_t new_capacity = buffer->_capacity * 3 / 2; - - if (new_capacity < buffer->_position + amount) { - new_capacity = buffer->_position + amount; - } - if (!sldns_buffer_set_capacity(buffer, new_capacity)) { - buffer->_status_err = 1; - return 0; - } - } - buffer->_limit = buffer->_capacity; - return 1; -} - -int -sldns_buffer_printf(sldns_buffer *buffer, const char *format, ...) -{ - va_list args; - int written = 0; - size_t remaining; - - if (sldns_buffer_status_ok(buffer)) { - sldns_buffer_invariant(buffer); - assert(buffer->_limit == buffer->_capacity); - - remaining = sldns_buffer_remaining(buffer); - va_start(args, format); - written = vsnprintf((char *) sldns_buffer_current(buffer), remaining, - format, args); - va_end(args); - if (written == -1) { - buffer->_status_err = 1; - return -1; - } else if (!buffer->_vfixed && (size_t) written >= remaining) { - if (!sldns_buffer_reserve(buffer, (size_t) written + 1)) { - buffer->_status_err = 1; - return -1; - } - va_start(args, format); - written = vsnprintf((char *) sldns_buffer_current(buffer), - sldns_buffer_remaining(buffer), format, args); - va_end(args); - if (written == -1) { - buffer->_status_err = 1; - return -1; - } - } - buffer->_position += written; - } - return written; -} - -void -sldns_buffer_free(sldns_buffer *buffer) -{ - if (!buffer) { - return; - } - - if (!buffer->_fixed) - free(buffer->_data); - - free(buffer); -} - -void * -sldns_buffer_export(sldns_buffer *buffer) -{ - buffer->_fixed = 1; - return buffer->_data; -} - -void -sldns_buffer_copy(sldns_buffer* result, sldns_buffer* from) -{ - size_t tocopy = sldns_buffer_limit(from); - - if(tocopy > sldns_buffer_capacity(result)) - tocopy = sldns_buffer_capacity(result); - sldns_buffer_clear(result); - sldns_buffer_write(result, sldns_buffer_begin(from), tocopy); - sldns_buffer_flip(result); -} diff --git a/external/unbound/sldns/sbuffer.h b/external/unbound/sldns/sbuffer.h deleted file mode 100644 index d1aadf8a1..000000000 --- a/external/unbound/sldns/sbuffer.h +++ /dev/null @@ -1,804 +0,0 @@ -/* - * buffer.h -- generic memory buffer. - * - * Copyright (c) 2005-2008, NLnet Labs. All rights reserved. - * - * See LICENSE for the license. - * - * - * The buffer module implements a generic buffer. The API is based on - * the java.nio.Buffer interface. - */ - -#ifndef LDNS_SBUFFER_H -#define LDNS_SBUFFER_H - -#ifdef __cplusplus -extern "C" { -#endif - -#ifdef S_SPLINT_S -# define INLINE -#else -# ifdef SWIG -# define INLINE static -# else -# define INLINE static inline -# endif -#endif - -/* - * Copy data allowing for unaligned accesses in network byte order - * (big endian). - */ -INLINE uint16_t -sldns_read_uint16(const void *src) -{ -#ifdef ALLOW_UNALIGNED_ACCESSES - return ntohs(*(const uint16_t *) src); -#else - const uint8_t *p = (const uint8_t *) src; - return ((uint16_t) p[0] << 8) | (uint16_t) p[1]; -#endif -} - -INLINE uint32_t -sldns_read_uint32(const void *src) -{ -#ifdef ALLOW_UNALIGNED_ACCESSES - return ntohl(*(const uint32_t *) src); -#else - const uint8_t *p = (const uint8_t *) src; - return ( ((uint32_t) p[0] << 24) - | ((uint32_t) p[1] << 16) - | ((uint32_t) p[2] << 8) - | (uint32_t) p[3]); -#endif -} - -/* - * Copy data allowing for unaligned accesses in network byte order - * (big endian). - */ -INLINE void -sldns_write_uint16(void *dst, uint16_t data) -{ -#ifdef ALLOW_UNALIGNED_ACCESSES - * (uint16_t *) dst = htons(data); -#else - uint8_t *p = (uint8_t *) dst; - p[0] = (uint8_t) ((data >> 8) & 0xff); - p[1] = (uint8_t) (data & 0xff); -#endif -} - -INLINE void -sldns_write_uint32(void *dst, uint32_t data) -{ -#ifdef ALLOW_UNALIGNED_ACCESSES - * (uint32_t *) dst = htonl(data); -#else - uint8_t *p = (uint8_t *) dst; - p[0] = (uint8_t) ((data >> 24) & 0xff); - p[1] = (uint8_t) ((data >> 16) & 0xff); - p[2] = (uint8_t) ((data >> 8) & 0xff); - p[3] = (uint8_t) (data & 0xff); -#endif -} - - -INLINE void -sldns_write_uint48(void *dst, uint64_t data) -{ - uint8_t *p = (uint8_t *) dst; - p[0] = (uint8_t) ((data >> 40) & 0xff); - p[1] = (uint8_t) ((data >> 32) & 0xff); - p[2] = (uint8_t) ((data >> 24) & 0xff); - p[3] = (uint8_t) ((data >> 16) & 0xff); - p[4] = (uint8_t) ((data >> 8) & 0xff); - p[5] = (uint8_t) (data & 0xff); -} - - -/** - * \file sbuffer.h - * - * This file contains the definition of sldns_buffer, and functions to manipulate those. - */ - -/** - * implementation of buffers to ease operations - * - * sldns_buffers can contain arbitrary information, per octet. You can write - * to the current end of a buffer, read from the current position, and - * access any data within it. - */ -struct sldns_buffer -{ - /** The current position used for reading/writing */ - size_t _position; - - /** The read/write limit */ - size_t _limit; - - /** The amount of data the buffer can contain */ - size_t _capacity; - - /** The data contained in the buffer */ - uint8_t *_data; - - /** If the buffer is fixed it cannot be resized */ - unsigned _fixed : 1; - - /** If the buffer is vfixed, no more than capacity bytes willl be - * written to _data, however the _position counter will be updated - * with the amount that would have been written in consecutive - * writes. This allows for a modus operandi in which a sequence is - * written on a fixed capacity buffer (perhaps with _data on stack). - * When everything could be written, then the _data is immediately - * usable, if not, then a buffer could be allocated sized precisely - * to fit the data for a second attempt. - */ - unsigned _vfixed : 1; - - /** The current state of the buffer. If writing to the buffer fails - * for any reason, this value is changed. This way, you can perform - * multiple writes in sequence and check for success afterwards. */ - unsigned _status_err : 1; -}; -typedef struct sldns_buffer sldns_buffer; - -#ifdef NDEBUG -INLINE void -sldns_buffer_invariant(sldns_buffer *ATTR_UNUSED(buffer)) -{ -} -#else -INLINE void -sldns_buffer_invariant(sldns_buffer *buffer) -{ - assert(buffer != NULL); - assert(buffer->_position <= buffer->_limit || buffer->_vfixed); - assert(buffer->_limit <= buffer->_capacity); - assert(buffer->_data != NULL || (buffer->_vfixed && buffer->_capacity == 0)); -} -#endif - -/** - * creates a new buffer with the specified capacity. - * - * \param[in] capacity the size (in bytes) to allocate for the buffer - * \return the created buffer - */ -sldns_buffer *sldns_buffer_new(size_t capacity); - -/** - * creates a buffer with the specified data. The data IS copied - * and MEMORY allocations are done. The buffer is not fixed and can - * be resized using buffer_reserve(). - * - * \param[in] buffer pointer to the buffer to put the data in - * \param[in] data the data to encapsulate in the buffer - * \param[in] size the size of the data - */ -void sldns_buffer_new_frm_data(sldns_buffer *buffer, void *data, size_t size); - -/** - * Setup a buffer with the data pointed to. No data copied, no memory allocs. - * The buffer is fixed. - * \param[in] buffer pointer to the buffer to put the data in - * \param[in] data the data to encapsulate in the buffer - * \param[in] size the size of the data - */ -void sldns_buffer_init_frm_data(sldns_buffer *buffer, void *data, size_t size); - -/** - * Setup a buffer with the data pointed to. No data copied, no memory allocs. - * The buffer is "virtually" fixed. Writes beyond size (the capacity) will - * only update position, but no data will be written beyond capacity. This - * allows to determine how big the buffer should have been to contain all the - * written data, by looking at the position with sldns_buffer_position(), - * similarly to the return value of POSIX's snprintf. - * \param[in] buffer pointer to the buffer to put the data in - * \param[in] data the data to encapsulate in the buffer - * \param[in] size the size of the data - */ -void sldns_buffer_init_vfixed_frm_data(sldns_buffer *buffer, void *data, size_t size); - -/** - * clears the buffer and make it ready for writing. The buffer's limit - * is set to the capacity and the position is set to 0. - * \param[in] buffer the buffer to clear - */ -INLINE void sldns_buffer_clear(sldns_buffer *buffer) -{ - sldns_buffer_invariant(buffer); - - /* reset status here? */ - - buffer->_position = 0; - buffer->_limit = buffer->_capacity; -} - -/** - * makes the buffer ready for reading the data that has been written to - * the buffer. The buffer's limit is set to the current position and - * the position is set to 0. - * - * \param[in] buffer the buffer to flip - * \return void - */ -INLINE void sldns_buffer_flip(sldns_buffer *buffer) -{ - sldns_buffer_invariant(buffer); - - buffer->_limit = buffer->_position; - buffer->_position = 0; -} - -/** - * make the buffer ready for re-reading the data. The buffer's - * position is reset to 0. - * \param[in] buffer the buffer to rewind - */ -INLINE void sldns_buffer_rewind(sldns_buffer *buffer) -{ - sldns_buffer_invariant(buffer); - - buffer->_position = 0; -} - -/** - * returns the current position in the buffer (as a number of bytes) - * \param[in] buffer the buffer - * \return the current position - */ -INLINE size_t -sldns_buffer_position(sldns_buffer *buffer) -{ - return buffer->_position; -} - -/** - * sets the buffer's position to MARK. The position must be less than - * or equal to the buffer's limit. - * \param[in] buffer the buffer - * \param[in] mark the mark to use - */ -INLINE void -sldns_buffer_set_position(sldns_buffer *buffer, size_t mark) -{ - assert(mark <= buffer->_limit || buffer->_vfixed); - buffer->_position = mark; -} - -/** - * changes the buffer's position by COUNT bytes. The position must not - * be moved behind the buffer's limit or before the beginning of the - * buffer. - * \param[in] buffer the buffer - * \param[in] count the count to use - */ -INLINE void -sldns_buffer_skip(sldns_buffer *buffer, ssize_t count) -{ - assert(buffer->_position + count <= buffer->_limit || buffer->_vfixed); - buffer->_position += count; -} - -/** - * returns the maximum size of the buffer - * \param[in] buffer - * \return the size - */ -INLINE size_t -sldns_buffer_limit(sldns_buffer *buffer) -{ - return buffer->_limit; -} - -/** - * changes the buffer's limit. If the buffer's position is greater - * than the new limit the position is set to the limit. - * \param[in] buffer the buffer - * \param[in] limit the new limit - */ -INLINE void -sldns_buffer_set_limit(sldns_buffer *buffer, size_t limit) -{ - assert(limit <= buffer->_capacity); - buffer->_limit = limit; - if (buffer->_position > buffer->_limit) - buffer->_position = buffer->_limit; -} - -/** - * returns the number of bytes the buffer can hold. - * \param[in] buffer the buffer - * \return the number of bytes - */ -INLINE size_t -sldns_buffer_capacity(sldns_buffer *buffer) -{ - return buffer->_capacity; -} - -/** - * changes the buffer's capacity. The data is reallocated so any - * pointers to the data may become invalid. The buffer's limit is set - * to the buffer's new capacity. - * \param[in] buffer the buffer - * \param[in] capacity the capacity to use - * \return whether this failed or succeeded - */ -int sldns_buffer_set_capacity(sldns_buffer *buffer, size_t capacity); - -/** - * ensures BUFFER can contain at least AMOUNT more bytes. The buffer's - * capacity is increased if necessary using buffer_set_capacity(). - * - * The buffer's limit is always set to the (possibly increased) - * capacity. - * \param[in] buffer the buffer - * \param[in] amount amount to use - * \return whether this failed or succeeded - */ -int sldns_buffer_reserve(sldns_buffer *buffer, size_t amount); - -/** - * returns a pointer to the data at the indicated position. - * \param[in] buffer the buffer - * \param[in] at position - * \return the pointer to the data - */ -INLINE uint8_t * -sldns_buffer_at(const sldns_buffer *buffer, size_t at) -{ - assert(at <= buffer->_limit || buffer->_vfixed); - return buffer->_data + at; -} - -/** - * returns a pointer to the beginning of the buffer (the data at - * position 0). - * \param[in] buffer the buffer - * \return the pointer - */ -INLINE uint8_t * -sldns_buffer_begin(const sldns_buffer *buffer) -{ - return sldns_buffer_at(buffer, 0); -} - -/** - * returns a pointer to the end of the buffer (the data at the buffer's - * limit). - * \param[in] buffer the buffer - * \return the pointer - */ -INLINE uint8_t * -sldns_buffer_end(sldns_buffer *buffer) -{ - return sldns_buffer_at(buffer, buffer->_limit); -} - -/** - * returns a pointer to the data at the buffer's current position. - * \param[in] buffer the buffer - * \return the pointer - */ -INLINE uint8_t * -sldns_buffer_current(sldns_buffer *buffer) -{ - return sldns_buffer_at(buffer, buffer->_position); -} - -/** - * returns the number of bytes remaining between the indicated position and - * the limit. - * \param[in] buffer the buffer - * \param[in] at indicated position - * \return number of bytes - */ -INLINE size_t -sldns_buffer_remaining_at(sldns_buffer *buffer, size_t at) -{ - sldns_buffer_invariant(buffer); - assert(at <= buffer->_limit || buffer->_vfixed); - return at < buffer->_limit ? buffer->_limit - at : 0; -} - -/** - * returns the number of bytes remaining between the buffer's position and - * limit. - * \param[in] buffer the buffer - * \return the number of bytes - */ -INLINE size_t -sldns_buffer_remaining(sldns_buffer *buffer) -{ - return sldns_buffer_remaining_at(buffer, buffer->_position); -} - -/** - * checks if the buffer has at least COUNT more bytes available. - * Before reading or writing the caller needs to ensure enough space - * is available! - * \param[in] buffer the buffer - * \param[in] at indicated position - * \param[in] count how much is available - * \return true or false (as int?) - */ -INLINE int -sldns_buffer_available_at(sldns_buffer *buffer, size_t at, size_t count) -{ - return count <= sldns_buffer_remaining_at(buffer, at); -} - -/** - * checks if the buffer has count bytes available at the current position - * \param[in] buffer the buffer - * \param[in] count how much is available - * \return true or false (as int?) - */ -INLINE int -sldns_buffer_available(sldns_buffer *buffer, size_t count) -{ - return sldns_buffer_available_at(buffer, buffer->_position, count); -} - -/** - * writes the given data to the buffer at the specified position - * \param[in] buffer the buffer - * \param[in] at the position (in number of bytes) to write the data at - * \param[in] data pointer to the data to write to the buffer - * \param[in] count the number of bytes of data to write - */ -INLINE void -sldns_buffer_write_at(sldns_buffer *buffer, size_t at, const void *data, size_t count) -{ - if (!buffer->_vfixed) - assert(sldns_buffer_available_at(buffer, at, count)); - else if (sldns_buffer_remaining_at(buffer, at) == 0) - return; - else if (count > sldns_buffer_remaining_at(buffer, at)) { - memcpy(buffer->_data + at, data, - sldns_buffer_remaining_at(buffer, at)); - return; - } - memcpy(buffer->_data + at, data, count); -} - -/** - * set the given byte to the buffer at the specified position - * \param[in] buffer the buffer - * \param[in] at the position (in number of bytes) to write the data at - * \param[in] c the byte to set to the buffer - * \param[in] count the number of bytes of bytes to write - */ - -INLINE void -sldns_buffer_set_at(sldns_buffer *buffer, size_t at, int c, size_t count) -{ - if (!buffer->_vfixed) - assert(sldns_buffer_available_at(buffer, at, count)); - else if (sldns_buffer_remaining_at(buffer, at) == 0) - return; - else if (count > sldns_buffer_remaining_at(buffer, at)) { - memset(buffer->_data + at, c, - sldns_buffer_remaining_at(buffer, at)); - return; - } - memset(buffer->_data + at, c, count); -} - - -/** - * writes count bytes of data to the current position of the buffer - * \param[in] buffer the buffer - * \param[in] data the data to write - * \param[in] count the lenght of the data to write - */ -INLINE void -sldns_buffer_write(sldns_buffer *buffer, const void *data, size_t count) -{ - sldns_buffer_write_at(buffer, buffer->_position, data, count); - buffer->_position += count; -} - -/** - * copies the given (null-delimited) string to the specified position at the buffer - * \param[in] buffer the buffer - * \param[in] at the position in the buffer - * \param[in] str the string to write - */ -INLINE void -sldns_buffer_write_string_at(sldns_buffer *buffer, size_t at, const char *str) -{ - sldns_buffer_write_at(buffer, at, str, strlen(str)); -} - -/** - * copies the given (null-delimited) string to the current position at the buffer - * \param[in] buffer the buffer - * \param[in] str the string to write - */ -INLINE void -sldns_buffer_write_string(sldns_buffer *buffer, const char *str) -{ - sldns_buffer_write(buffer, str, strlen(str)); -} - -/** - * writes the given byte of data at the given position in the buffer - * \param[in] buffer the buffer - * \param[in] at the position in the buffer - * \param[in] data the 8 bits to write - */ -INLINE void -sldns_buffer_write_u8_at(sldns_buffer *buffer, size_t at, uint8_t data) -{ - if (buffer->_vfixed && at + sizeof(data) > buffer->_limit) return; - assert(sldns_buffer_available_at(buffer, at, sizeof(data))); - buffer->_data[at] = data; -} - -/** - * writes the given byte of data at the current position in the buffer - * \param[in] buffer the buffer - * \param[in] data the 8 bits to write - */ -INLINE void -sldns_buffer_write_u8(sldns_buffer *buffer, uint8_t data) -{ - sldns_buffer_write_u8_at(buffer, buffer->_position, data); - buffer->_position += sizeof(data); -} - -/** - * writes the given 2 byte integer at the given position in the buffer - * \param[in] buffer the buffer - * \param[in] at the position in the buffer - * \param[in] data the 16 bits to write - */ -INLINE void -sldns_buffer_write_u16_at(sldns_buffer *buffer, size_t at, uint16_t data) -{ - if (buffer->_vfixed && at + sizeof(data) > buffer->_limit) return; - assert(sldns_buffer_available_at(buffer, at, sizeof(data))); - sldns_write_uint16(buffer->_data + at, data); -} - -/** - * writes the given 2 byte integer at the current position in the buffer - * \param[in] buffer the buffer - * \param[in] data the 16 bits to write - */ -INLINE void -sldns_buffer_write_u16(sldns_buffer *buffer, uint16_t data) -{ - sldns_buffer_write_u16_at(buffer, buffer->_position, data); - buffer->_position += sizeof(data); -} - -/** - * writes the given 4 byte integer at the given position in the buffer - * \param[in] buffer the buffer - * \param[in] at the position in the buffer - * \param[in] data the 32 bits to write - */ -INLINE void -sldns_buffer_write_u32_at(sldns_buffer *buffer, size_t at, uint32_t data) -{ - if (buffer->_vfixed && at + sizeof(data) > buffer->_limit) return; - assert(sldns_buffer_available_at(buffer, at, sizeof(data))); - sldns_write_uint32(buffer->_data + at, data); -} - -/** - * writes the given 6 byte integer at the given position in the buffer - * \param[in] buffer the buffer - * \param[in] at the position in the buffer - * \param[in] data the (lower) 48 bits to write - */ -INLINE void -sldns_buffer_write_u48_at(sldns_buffer *buffer, size_t at, uint64_t data) -{ - if (buffer->_vfixed && at + 6 > buffer->_limit) return; - assert(sldns_buffer_available_at(buffer, at, 6)); - sldns_write_uint48(buffer->_data + at, data); -} - -/** - * writes the given 4 byte integer at the current position in the buffer - * \param[in] buffer the buffer - * \param[in] data the 32 bits to write - */ -INLINE void -sldns_buffer_write_u32(sldns_buffer *buffer, uint32_t data) -{ - sldns_buffer_write_u32_at(buffer, buffer->_position, data); - buffer->_position += sizeof(data); -} - -/** - * writes the given 6 byte integer at the current position in the buffer - * \param[in] buffer the buffer - * \param[in] data the 48 bits to write - */ -INLINE void -sldns_buffer_write_u48(sldns_buffer *buffer, uint64_t data) -{ - sldns_buffer_write_u48_at(buffer, buffer->_position, data); - buffer->_position += 6; -} - -/** - * copies count bytes of data at the given position to the given data-array - * \param[in] buffer the buffer - * \param[in] at the position in the buffer to start - * \param[out] data buffer to copy to - * \param[in] count the length of the data to copy - */ -INLINE void -sldns_buffer_read_at(sldns_buffer *buffer, size_t at, void *data, size_t count) -{ - assert(sldns_buffer_available_at(buffer, at, count)); - memcpy(data, buffer->_data + at, count); -} - -/** - * copies count bytes of data at the current position to the given data-array - * \param[in] buffer the buffer - * \param[out] data buffer to copy to - * \param[in] count the length of the data to copy - */ -INLINE void -sldns_buffer_read(sldns_buffer *buffer, void *data, size_t count) -{ - sldns_buffer_read_at(buffer, buffer->_position, data, count); - buffer->_position += count; -} - -/** - * returns the byte value at the given position in the buffer - * \param[in] buffer the buffer - * \param[in] at the position in the buffer - * \return 1 byte integer - */ -INLINE uint8_t -sldns_buffer_read_u8_at(sldns_buffer *buffer, size_t at) -{ - assert(sldns_buffer_available_at(buffer, at, sizeof(uint8_t))); - return buffer->_data[at]; -} - -/** - * returns the byte value at the current position in the buffer - * \param[in] buffer the buffer - * \return 1 byte integer - */ -INLINE uint8_t -sldns_buffer_read_u8(sldns_buffer *buffer) -{ - uint8_t result = sldns_buffer_read_u8_at(buffer, buffer->_position); - buffer->_position += sizeof(uint8_t); - return result; -} - -/** - * returns the 2-byte integer value at the given position in the buffer - * \param[in] buffer the buffer - * \param[in] at position in the buffer - * \return 2 byte integer - */ -INLINE uint16_t -sldns_buffer_read_u16_at(sldns_buffer *buffer, size_t at) -{ - assert(sldns_buffer_available_at(buffer, at, sizeof(uint16_t))); - return sldns_read_uint16(buffer->_data + at); -} - -/** - * returns the 2-byte integer value at the current position in the buffer - * \param[in] buffer the buffer - * \return 2 byte integer - */ -INLINE uint16_t -sldns_buffer_read_u16(sldns_buffer *buffer) -{ - uint16_t result = sldns_buffer_read_u16_at(buffer, buffer->_position); - buffer->_position += sizeof(uint16_t); - return result; -} - -/** - * returns the 4-byte integer value at the given position in the buffer - * \param[in] buffer the buffer - * \param[in] at position in the buffer - * \return 4 byte integer - */ -INLINE uint32_t -sldns_buffer_read_u32_at(sldns_buffer *buffer, size_t at) -{ - assert(sldns_buffer_available_at(buffer, at, sizeof(uint32_t))); - return sldns_read_uint32(buffer->_data + at); -} - -/** - * returns the 4-byte integer value at the current position in the buffer - * \param[in] buffer the buffer - * \return 4 byte integer - */ -INLINE uint32_t -sldns_buffer_read_u32(sldns_buffer *buffer) -{ - uint32_t result = sldns_buffer_read_u32_at(buffer, buffer->_position); - buffer->_position += sizeof(uint32_t); - return result; -} - -/** - * returns the status of the buffer - * \param[in] buffer - * \return the status - */ -INLINE int -sldns_buffer_status(sldns_buffer *buffer) -{ - return (int)buffer->_status_err; -} - -/** - * returns true if the status of the buffer is LDNS_STATUS_OK, false otherwise - * \param[in] buffer the buffer - * \return true or false - */ -INLINE int -sldns_buffer_status_ok(sldns_buffer *buffer) -{ - if (buffer) { - return sldns_buffer_status(buffer) == 0; - } else { - return 0; - } -} - -/** - * prints to the buffer, increasing the capacity if required using - * buffer_reserve(). The buffer's position is set to the terminating '\\0' - * Returns the number of characters written (not including the - * terminating '\\0') or -1 on failure. - */ -int sldns_buffer_printf(sldns_buffer *buffer, const char *format, ...) - ATTR_FORMAT(printf, 2, 3); - -/** - * frees the buffer. - * \param[in] *buffer the buffer to be freed - * \return void - */ -void sldns_buffer_free(sldns_buffer *buffer); - -/** - * Makes the buffer fixed and returns a pointer to the data. The - * caller is responsible for free'ing the result. - * \param[in] *buffer the buffer to be exported - * \return void - */ -void *sldns_buffer_export(sldns_buffer *buffer); - -/** - * Copy contents of the from buffer to the result buffer and then flips - * the result buffer. Data will be silently truncated if the result buffer is - * too small. - * \param[out] *result resulting buffer which is copied to. - * \param[in] *from what to copy to result. - */ -void sldns_buffer_copy(sldns_buffer* result, sldns_buffer* from); - -#ifdef __cplusplus -} -#endif - -#endif /* LDNS_SBUFFER_H */ diff --git a/external/unbound/sldns/str2wire.c b/external/unbound/sldns/str2wire.c deleted file mode 100644 index 75c5d71b1..000000000 --- a/external/unbound/sldns/str2wire.c +++ /dev/null @@ -1,2023 +0,0 @@ -/** - * str2wire.c - read txt presentation of RRs - * - * (c) NLnet Labs, 2005-2006 - * - * See the file LICENSE for the license - */ - -/** - * \file - * - * Parses text to wireformat. - */ -#include "config.h" -#include "sldns/str2wire.h" -#include "sldns/wire2str.h" -#include "sldns/sbuffer.h" -#include "sldns/parse.h" -#include "sldns/parseutil.h" -#include -#ifdef HAVE_TIME_H -#include -#endif -#ifdef HAVE_NETDB_H -#include -#endif - -/** return an error */ -#define RET_ERR(e, off) ((int)((e)|((off)< LDNS_MAX_DOMAINLEN * 4) { - return RET_ERR(LDNS_WIREPARSE_ERR_DOMAINNAME_OVERFLOW, 0); - } - if (0 == len) { - return RET_ERR(LDNS_WIREPARSE_ERR_DOMAINNAME_UNDERFLOW, 0); - } - - /* root label */ - if (1 == len && *str == '.') { - if(*olen < 1) - return RET_ERR(LDNS_WIREPARSE_ERR_BUFFER_TOO_SMALL, 0); - buf[0] = 0; - *olen = 1; - return LDNS_WIREPARSE_ERR_OK; - } - - /* get on with the rest */ - - /* s is on the current character in the string - * pq points to where the labellength is going to go - * label_len keeps track of the current label's length - * q builds the dname inside the buf array - */ - len = 0; - if(*olen < 1) - return RET_ERR(LDNS_WIREPARSE_ERR_BUFFER_TOO_SMALL, 0); - q = buf+1; - pq = buf; - label_len = 0; - for (s = str; *s; s++, q++) { - if (q >= buf + *olen) - return RET_ERR(LDNS_WIREPARSE_ERR_BUFFER_TOO_SMALL, q-buf); - if (q > buf + LDNS_MAX_DOMAINLEN) - return RET_ERR(LDNS_WIREPARSE_ERR_DOMAINNAME_OVERFLOW, q-buf); - switch (*s) { - case '.': - if (label_len > LDNS_MAX_LABELLEN) { - return RET_ERR(LDNS_WIREPARSE_ERR_LABEL_OVERFLOW, q-buf); - } - if (label_len == 0) { - return RET_ERR(LDNS_WIREPARSE_ERR_EMPTY_LABEL, q-buf); - } - len += label_len + 1; - *q = 0; - *pq = label_len; - label_len = 0; - pq = q; - break; - case '\\': - /* octet value or literal char */ - s += 1; - if (!sldns_parse_escape(q, &s)) { - *q = 0; - return RET_ERR(LDNS_WIREPARSE_ERR_SYNTAX_BAD_ESCAPE, q-buf); - } - s -= 1; - label_len++; - break; - default: - *q = (uint8_t)*s; - label_len++; - } - } - - /* add root label if last char was not '.' */ - if(label_len != 0) { - if(rel) *rel = 1; - if (q >= buf + *olen) - return RET_ERR(LDNS_WIREPARSE_ERR_BUFFER_TOO_SMALL, q-buf); - if (q > buf + LDNS_MAX_DOMAINLEN) { - return RET_ERR(LDNS_WIREPARSE_ERR_DOMAINNAME_OVERFLOW, q-buf); - } - if (label_len > LDNS_MAX_LABELLEN) { - return RET_ERR(LDNS_WIREPARSE_ERR_LABEL_OVERFLOW, q-buf); - } - if (label_len == 0) { /* label_len 0 but not . at end? */ - return RET_ERR(LDNS_WIREPARSE_ERR_EMPTY_LABEL, q-buf); - } - len += label_len + 1; - *pq = label_len; - *q = 0; - } - len++; - *olen = len; - - return LDNS_WIREPARSE_ERR_OK; -} - -int sldns_str2wire_dname_buf(const char* str, uint8_t* buf, size_t* len) -{ - return sldns_str2wire_dname_buf_rel(str, buf, len, NULL); -} - -int sldns_str2wire_dname_buf_origin(const char* str, uint8_t* buf, size_t* len, - uint8_t* origin, size_t origin_len) -{ - size_t dlen = *len; - int rel = 0; - int s = sldns_str2wire_dname_buf_rel(str, buf, &dlen, &rel); - if(s) return s; - - if(rel && origin && dlen > 0) { - if(dlen + origin_len - 1 > LDNS_MAX_DOMAINLEN) - return RET_ERR(LDNS_WIREPARSE_ERR_DOMAINNAME_OVERFLOW, - LDNS_MAX_DOMAINLEN); - if(dlen + origin_len - 1 > *len) - return RET_ERR(LDNS_WIREPARSE_ERR_BUFFER_TOO_SMALL, - *len); - memmove(buf+dlen-1, origin, origin_len); - *len = dlen + origin_len - 1; - } else - *len = dlen; - return LDNS_WIREPARSE_ERR_OK; -} - -uint8_t* sldns_str2wire_dname(const char* str, size_t* len) -{ - uint8_t dname[LDNS_MAX_DOMAINLEN+1]; - *len = sizeof(dname); - if(sldns_str2wire_dname_buf(str, dname, len) == 0) { - uint8_t* r = (uint8_t*)malloc(*len); - if(r) return memcpy(r, dname, *len); - } - *len = 0; - return NULL; -} - -/** read owner name */ -static int -rrinternal_get_owner(sldns_buffer* strbuf, uint8_t* rr, size_t* len, - size_t* dname_len, uint8_t* origin, size_t origin_len, uint8_t* prev, - size_t prev_len, char* token, size_t token_len) -{ - /* split the rr in its parts -1 signals trouble */ - if(sldns_bget_token(strbuf, token, "\t\n ", token_len) == -1) { - return RET_ERR(LDNS_WIREPARSE_ERR_SYNTAX, - sldns_buffer_position(strbuf)); - } - - if(strcmp(token, "@") == 0) { - uint8_t* tocopy; - if (origin) { - *dname_len = origin_len; - tocopy = origin; - } else if (prev) { - *dname_len = prev_len; - tocopy = prev; - } else { - /* default to root */ - *dname_len = 1; - tocopy = (uint8_t*)"\0"; - } - if(*len < *dname_len) - return RET_ERR(LDNS_WIREPARSE_ERR_BUFFER_TOO_SMALL, - sldns_buffer_position(strbuf)); - memmove(rr, tocopy, *dname_len); - } else if(*token == '\0') { - /* no ownername was given, try prev, if that fails - * origin, else default to root */ - uint8_t* tocopy; - if(prev) { - *dname_len = prev_len; - tocopy = prev; - } else if(origin) { - *dname_len = origin_len; - tocopy = origin; - } else { - *dname_len = 1; - tocopy = (uint8_t*)"\0"; - } - if(*len < *dname_len) - return RET_ERR(LDNS_WIREPARSE_ERR_BUFFER_TOO_SMALL, - sldns_buffer_position(strbuf)); - memmove(rr, tocopy, *dname_len); - } else { - size_t dlen = *len; - int s = sldns_str2wire_dname_buf_origin(token, rr, &dlen, - origin, origin_len); - if(s) return RET_ERR_SHIFT(s, - sldns_buffer_position(strbuf)-strlen(token)); - *dname_len = dlen; - } - return LDNS_WIREPARSE_ERR_OK; -} - -/** read ttl */ -static int -rrinternal_get_ttl(sldns_buffer* strbuf, char* token, size_t token_len, - int* not_there, uint32_t* ttl, uint32_t default_ttl) -{ - const char* endptr; - if(sldns_bget_token(strbuf, token, "\t\n ", token_len) == -1) { - return RET_ERR(LDNS_WIREPARSE_ERR_SYNTAX_TTL, - sldns_buffer_position(strbuf)); - } - *ttl = (uint32_t) sldns_str2period(token, &endptr); - - if (strlen(token) > 0 && !isdigit((unsigned char)token[0])) { - *not_there = 1; - /* ah, it's not there or something */ - if (default_ttl == 0) { - *ttl = LDNS_DEFAULT_TTL; - } else { - *ttl = default_ttl; - } - } - return LDNS_WIREPARSE_ERR_OK; -} - -/** read class */ -static int -rrinternal_get_class(sldns_buffer* strbuf, char* token, size_t token_len, - int* not_there, uint16_t* cl) -{ - /* if 'not_there' then we got token from previous parse routine */ - if(!*not_there) { - /* parse new token for class */ - if(sldns_bget_token(strbuf, token, "\t\n ", token_len) == -1) { - return RET_ERR(LDNS_WIREPARSE_ERR_SYNTAX_CLASS, - sldns_buffer_position(strbuf)); - } - } else *not_there = 0; - *cl = sldns_get_rr_class_by_name(token); - /* class can be left out too, assume IN, current token must be type */ - if(*cl == 0 && strcmp(token, "CLASS0") != 0) { - *not_there = 1; - *cl = LDNS_RR_CLASS_IN; - } - return LDNS_WIREPARSE_ERR_OK; -} - -/** read type */ -static int -rrinternal_get_type(sldns_buffer* strbuf, char* token, size_t token_len, - int* not_there, uint16_t* tp) -{ - /* if 'not_there' then we got token from previous parse routine */ - if(!*not_there) { - /* parse new token for type */ - if(sldns_bget_token(strbuf, token, "\t\n ", token_len) == -1) { - return RET_ERR(LDNS_WIREPARSE_ERR_SYNTAX_TYPE, - sldns_buffer_position(strbuf)); - } - } - *tp = sldns_get_rr_type_by_name(token); - if(*tp == 0 && strcmp(token, "TYPE0") != 0) { - return RET_ERR(LDNS_WIREPARSE_ERR_SYNTAX_TYPE, - sldns_buffer_position(strbuf)); - } - return LDNS_WIREPARSE_ERR_OK; -} - -/** put type, class, ttl into rr buffer */ -static int -rrinternal_write_typeclassttl(sldns_buffer* strbuf, uint8_t* rr, size_t len, - size_t dname_len, uint16_t tp, uint16_t cl, uint32_t ttl, int question) -{ - if(question) { - /* question is : name, type, class */ - if(dname_len + 4 > len) - return RET_ERR(LDNS_WIREPARSE_ERR_BUFFER_TOO_SMALL, - sldns_buffer_position(strbuf)); - sldns_write_uint16(rr+dname_len, tp); - sldns_write_uint16(rr+dname_len+2, cl); - return LDNS_WIREPARSE_ERR_OK; - } - - /* type(2), class(2), ttl(4), rdatalen(2 (later)) = 10 */ - if(dname_len + 10 > len) - return RET_ERR(LDNS_WIREPARSE_ERR_BUFFER_TOO_SMALL, - sldns_buffer_position(strbuf)); - sldns_write_uint16(rr+dname_len, tp); - sldns_write_uint16(rr+dname_len+2, cl); - sldns_write_uint32(rr+dname_len+4, ttl); - sldns_write_uint16(rr+dname_len+8, 0); /* rdatalen placeholder */ - return LDNS_WIREPARSE_ERR_OK; -} - -/** find delimiters for type */ -static const char* -rrinternal_get_delims(sldns_rdf_type rdftype, size_t r_cnt, size_t r_max) -{ - switch(rdftype) { - case LDNS_RDF_TYPE_B64 : - case LDNS_RDF_TYPE_HEX : /* These rdf types may con- */ - case LDNS_RDF_TYPE_LOC : /* tain whitespace, only if */ - case LDNS_RDF_TYPE_WKS : /* it is the last rd field. */ - case LDNS_RDF_TYPE_IPSECKEY : - case LDNS_RDF_TYPE_NSEC : if (r_cnt == r_max - 1) { - return "\n"; - } - break; - default : break; - } - return "\n\t "; -} - -/* Syntactic sugar for sldns_rr_new_frm_str_internal */ -static int -sldns_rdf_type_maybe_quoted(sldns_rdf_type rdf_type) -{ - return rdf_type == LDNS_RDF_TYPE_STR || - rdf_type == LDNS_RDF_TYPE_LONG_STR; -} - -/** see if rdata is quoted */ -static int -rrinternal_get_quoted(sldns_buffer* strbuf, const char** delimiters, - sldns_rdf_type rdftype) -{ - if(sldns_rdf_type_maybe_quoted(rdftype) && - sldns_buffer_remaining(strbuf) > 0) { - - /* skip spaces */ - while(sldns_buffer_remaining(strbuf) > 0 && - *(sldns_buffer_current(strbuf)) == ' ') { - sldns_buffer_skip(strbuf, 1); - } - - if(sldns_buffer_remaining(strbuf) > 0 && - *(sldns_buffer_current(strbuf)) == '\"') { - *delimiters = "\"\0"; - sldns_buffer_skip(strbuf, 1); - return 1; - } - } - return 0; -} - -/** spool hex data into rdata */ -static int -rrinternal_spool_hex(char* token, uint8_t* rr, size_t rr_len, - size_t rr_cur_len, size_t* cur_hex_data_size, size_t hex_data_size) -{ - char* p = token; - while(*p) { - if(isspace((unsigned char)*p)) { - p++; - continue; - } - if(!isxdigit((unsigned char)*p)) - return RET_ERR(LDNS_WIREPARSE_ERR_SYNTAX_RDATA, - p-token); - if(*cur_hex_data_size >= hex_data_size) - return RET_ERR(LDNS_WIREPARSE_ERR_SYNTAX_RDATA, - p-token); - /* extra robust check */ - if(rr_cur_len+(*cur_hex_data_size)/2 >= rr_len) - return RET_ERR(LDNS_WIREPARSE_ERR_BUFFER_TOO_SMALL, - p-token); - /* see if 16s or 1s */ - if( ((*cur_hex_data_size)&1) == 0) { - rr[rr_cur_len+(*cur_hex_data_size)/2] = - (uint8_t)sldns_hexdigit_to_int(*p)*16; - } else { - rr[rr_cur_len+(*cur_hex_data_size)/2] += - (uint8_t)sldns_hexdigit_to_int(*p); - } - p++; - (*cur_hex_data_size)++; - } - return LDNS_WIREPARSE_ERR_OK; -} - -/** read unknown rr type format */ -static int -rrinternal_parse_unknown(sldns_buffer* strbuf, char* token, size_t token_len, - uint8_t* rr, size_t* rr_len, size_t* rr_cur_len, size_t pre_data_pos) -{ - const char* delim = "\n\t "; - size_t hex_data_size, cur_hex_data_size; - /* go back to before \# - * and skip it while setting delimiters better - */ - sldns_buffer_set_position(strbuf, pre_data_pos); - if(sldns_bget_token(strbuf, token, delim, token_len) == -1) - return LDNS_WIREPARSE_ERR_GENERAL; /* should not fail */ - /* read rdata octet length */ - if(sldns_bget_token(strbuf, token, delim, token_len) == -1) { - /* something goes very wrong here */ - return RET_ERR(LDNS_WIREPARSE_ERR_SYNTAX_RDATA, - sldns_buffer_position(strbuf)); - } - hex_data_size = (size_t)atoi(token); - if(hex_data_size > LDNS_MAX_RDFLEN || - *rr_cur_len + hex_data_size > *rr_len) { - return RET_ERR(LDNS_WIREPARSE_ERR_BUFFER_TOO_SMALL, - sldns_buffer_position(strbuf)); - } - /* copy hex chars into hex str (2 chars per byte) */ - hex_data_size *= 2; - cur_hex_data_size = 0; - while(cur_hex_data_size < hex_data_size) { - int status; - ssize_t c = sldns_bget_token(strbuf, token, delim, token_len); - if((status = rrinternal_spool_hex(token, rr, *rr_len, - *rr_cur_len, &cur_hex_data_size, hex_data_size)) != 0) - return RET_ERR_SHIFT(status, - sldns_buffer_position(strbuf)-strlen(token)); - if(c == -1) { - if(cur_hex_data_size != hex_data_size) - return RET_ERR( - LDNS_WIREPARSE_ERR_SYNTAX_RDATA, - sldns_buffer_position(strbuf)); - break; - } - } - *rr_cur_len += hex_data_size/2; - return LDNS_WIREPARSE_ERR_OK; -} - -/** parse normal RR rdata element */ -static int -rrinternal_parse_rdf(sldns_buffer* strbuf, char* token, size_t token_len, - uint8_t* rr, size_t rr_len, size_t* rr_cur_len, sldns_rdf_type rdftype, - uint16_t rr_type, size_t r_cnt, size_t r_max, size_t dname_len, - uint8_t* origin, size_t origin_len) -{ - size_t len; - int status; - - switch(rdftype) { - case LDNS_RDF_TYPE_DNAME: - /* check if the origin should be used or concatenated */ - if(strcmp(token, "@") == 0) { - uint8_t* tocopy; - size_t copylen; - if(origin) { - copylen = origin_len; - tocopy = origin; - } else if(rr_type == LDNS_RR_TYPE_SOA) { - copylen = dname_len; - tocopy = rr; /* copy rr owner name */ - } else { - copylen = 1; - tocopy = (uint8_t*)"\0"; - } - if((*rr_cur_len) + copylen > rr_len) - return RET_ERR( - LDNS_WIREPARSE_ERR_BUFFER_TOO_SMALL, - sldns_buffer_position(strbuf)); - memmove(rr+*rr_cur_len, tocopy, copylen); - (*rr_cur_len) += copylen; - } else { - size_t dlen = rr_len - (*rr_cur_len); - int s = sldns_str2wire_dname_buf_origin(token, - rr+*rr_cur_len, &dlen, origin, origin_len); - if(s) return RET_ERR_SHIFT(s, - sldns_buffer_position(strbuf)-strlen(token)); - (*rr_cur_len) += dlen; - } - return LDNS_WIREPARSE_ERR_OK; - - case LDNS_RDF_TYPE_HEX: - case LDNS_RDF_TYPE_B64: - /* When this is the last rdata field, then the - * rest should be read in (cause then these - * rdf types may contain spaces). */ - if(r_cnt == r_max - 1) { - size_t tlen = strlen(token); - (void)sldns_bget_token(strbuf, token+tlen, "\n", - token_len - tlen); - } - break; - default: - break; - } - - len = rr_len - (*rr_cur_len); - if((status=sldns_str2wire_rdf_buf(token, rr+(*rr_cur_len), &len, - rdftype)) != 0) - return RET_ERR_SHIFT(status, - sldns_buffer_position(strbuf)-strlen(token)); - *rr_cur_len += len; - return LDNS_WIREPARSE_ERR_OK; -} - -/** - * Parse one rdf token. Takes care of quotes and parenthesis. - */ -static int -sldns_parse_rdf_token(sldns_buffer* strbuf, char* token, size_t token_len, - int* quoted, int* parens, size_t* pre_data_pos, - const char* delimiters, sldns_rdf_type rdftype, size_t* token_strlen) -{ - size_t slen; - - /* skip spaces */ - while(sldns_buffer_remaining(strbuf) > 0 && !*quoted && - *(sldns_buffer_current(strbuf)) == ' ') { - sldns_buffer_skip(strbuf, 1); - } - - *pre_data_pos = sldns_buffer_position(strbuf); - if(sldns_bget_token_par(strbuf, token, (*quoted)?"\"":delimiters, - token_len, parens, (*quoted)?NULL:" \t") == -1) { - return 0; - } - slen = strlen(token); - /* check if not quoted yet, and we have encountered quotes */ - if(!*quoted && sldns_rdf_type_maybe_quoted(rdftype) && - slen >= 2 && - (token[0] == '"' || token[0] == '\'') && - (token[slen-1] == '"' || token[slen-1] == '\'')) { - /* move token two smaller (quotes) with endnull */ - memmove(token, token+1, slen-2); - token[slen-2] = 0; - slen -= 2; - *quoted = 1; - } else if(!*quoted && sldns_rdf_type_maybe_quoted(rdftype) && - slen >= 2 && - (token[0] == '"' || token[0] == '\'')) { - /* got the start quote (remove it) but read remainder - * of quoted string as well into remainder of token */ - memmove(token, token+1, slen-1); - token[slen-1] = 0; - slen -= 1; - *quoted = 1; - /* rewind buffer over skipped whitespace */ - while(sldns_buffer_position(strbuf) > 0 && - (sldns_buffer_current(strbuf)[-1] == ' ' || - sldns_buffer_current(strbuf)[-1] == '\t')) { - sldns_buffer_skip(strbuf, -1); - } - if(sldns_bget_token_par(strbuf, token+slen, - "\"", token_len-slen, - parens, NULL) == -1) { - return 0; - } - slen = strlen(token); - } - *token_strlen = slen; - return 1; -} - -/** Add space and one more rdf token onto the existing token string. */ -static int -sldns_affix_token(sldns_buffer* strbuf, char* token, size_t* token_len, - int* quoted, int* parens, size_t* pre_data_pos, - const char* delimiters, sldns_rdf_type rdftype, size_t* token_strlen) -{ - size_t addlen = *token_len - *token_strlen; - size_t addstrlen = 0; - - /* add space */ - if(addlen < 1) return 0; - token[*token_strlen] = ' '; - token[++(*token_strlen)] = 0; - - /* read another token */ - addlen = *token_len - *token_strlen; - if(!sldns_parse_rdf_token(strbuf, token+*token_strlen, addlen, quoted, - parens, pre_data_pos, delimiters, rdftype, &addstrlen)) - return 0; - (*token_strlen) += addstrlen; - return 1; -} - -/** parse rdata from string into rr buffer(-remainder after dname). */ -static int -rrinternal_parse_rdata(sldns_buffer* strbuf, char* token, size_t token_len, - uint8_t* rr, size_t* rr_len, size_t dname_len, uint16_t rr_type, - uint8_t* origin, size_t origin_len) -{ - const sldns_rr_descriptor *desc = sldns_rr_descript((uint16_t)rr_type); - size_t r_cnt, r_min, r_max; - size_t rr_cur_len = dname_len + 10, pre_data_pos, token_strlen; - int was_unknown_rr_format = 0, parens = 0, status, quoted; - const char* delimiters; - sldns_rdf_type rdftype; - /* a desc is always returned */ - if(!desc) return LDNS_WIREPARSE_ERR_GENERAL; - r_max = sldns_rr_descriptor_maximum(desc); - r_min = sldns_rr_descriptor_minimum(desc); - /* robust check */ - if(rr_cur_len > *rr_len) - return RET_ERR(LDNS_WIREPARSE_ERR_BUFFER_TOO_SMALL, - sldns_buffer_position(strbuf)); - - /* because number of fields can be variable, we can't rely on - * _maximum() only */ - for(r_cnt=0; r_cnt < r_max; r_cnt++) { - rdftype = sldns_rr_descriptor_field_type(desc, r_cnt); - delimiters = rrinternal_get_delims(rdftype, r_cnt, r_max); - quoted = rrinternal_get_quoted(strbuf, &delimiters, rdftype); - - if(!sldns_parse_rdf_token(strbuf, token, token_len, "ed, - &parens, &pre_data_pos, delimiters, rdftype, - &token_strlen)) - break; - - /* rfc3597 specifies that any type can be represented - * with \# method, which can contain spaces... - * it does specify size though... */ - - /* unknown RR data */ - if(token_strlen>=2 && strncmp(token, "\\#", 2) == 0 && - !quoted && (token_strlen == 2 || token[2]==' ')) { - was_unknown_rr_format = 1; - if((status=rrinternal_parse_unknown(strbuf, token, - token_len, rr, rr_len, &rr_cur_len, - pre_data_pos)) != 0) - return status; - } else if(token_strlen > 0 || quoted) { - if(rdftype == LDNS_RDF_TYPE_HIP) { - /* affix the HIT and PK fields, with a space */ - if(!sldns_affix_token(strbuf, token, - &token_len, "ed, &parens, - &pre_data_pos, delimiters, - rdftype, &token_strlen)) - break; - if(!sldns_affix_token(strbuf, token, - &token_len, "ed, &parens, - &pre_data_pos, delimiters, - rdftype, &token_strlen)) - break; - } - - /* normal RR */ - if((status=rrinternal_parse_rdf(strbuf, token, - token_len, rr, *rr_len, &rr_cur_len, rdftype, - rr_type, r_cnt, r_max, dname_len, origin, - origin_len)) != 0) { - return status; - } - } - } - if(!was_unknown_rr_format && r_cnt+1 < r_min) { - return RET_ERR(LDNS_WIREPARSE_ERR_SYNTAX_MISSING_VALUE, - sldns_buffer_position(strbuf)); - } - while(parens != 0) { - /* read remainder, must be "" */ - if(sldns_bget_token_par(strbuf, token, "\n", token_len, - &parens, " \t") == -1) { - if(parens != 0) - return RET_ERR(LDNS_WIREPARSE_ERR_PARENTHESIS, - sldns_buffer_position(strbuf)); - break; - } - if(strcmp(token, "") != 0) - return RET_ERR(LDNS_WIREPARSE_ERR_PARENTHESIS, - sldns_buffer_position(strbuf)); - } - /* write rdata length */ - sldns_write_uint16(rr+dname_len+8, (uint16_t)(rr_cur_len-dname_len-10)); - *rr_len = rr_cur_len; - return LDNS_WIREPARSE_ERR_OK; -} - -/* - * trailing spaces are allowed - * leading spaces are not allowed - * allow ttl to be optional - * class is optional too - * if ttl is missing, and default_ttl is 0, use DEF_TTL - * allow ttl to be written as 1d3h - * So the RR should look like. e.g. - * miek.nl. 3600 IN MX 10 elektron.atoom.net - * or - * miek.nl. 1h IN MX 10 elektron.atoom.net - * or - * miek.nl. IN MX 10 elektron.atoom.net - */ -static int -sldns_str2wire_rr_buf_internal(const char* str, uint8_t* rr, size_t* len, - size_t* dname_len, uint32_t default_ttl, uint8_t* origin, - size_t origin_len, uint8_t* prev, size_t prev_len, int question) -{ - int status; - int not_there = 0; - char token[LDNS_MAX_RDFLEN+1]; - uint32_t ttl = 0; - uint16_t tp = 0, cl = 0; - size_t ddlen = 0; - - /* string in buffer */ - sldns_buffer strbuf; - sldns_buffer_init_frm_data(&strbuf, (uint8_t*)str, strlen(str)); - if(!dname_len) dname_len = &ddlen; - - /* parse the owner */ - if((status=rrinternal_get_owner(&strbuf, rr, len, dname_len, origin, - origin_len, prev, prev_len, token, sizeof(token))) != 0) - return status; - - /* parse the [ttl] [class] */ - if((status=rrinternal_get_ttl(&strbuf, token, sizeof(token), - ¬_there, &ttl, default_ttl)) != 0) - return status; - if((status=rrinternal_get_class(&strbuf, token, sizeof(token), - ¬_there, &cl)) != 0) - return status; - if((status=rrinternal_get_type(&strbuf, token, sizeof(token), - ¬_there, &tp)) != 0) - return status; - /* put ttl, class, type into the rr result */ - if((status=rrinternal_write_typeclassttl(&strbuf, rr, *len, *dname_len, tp, cl, - ttl, question)) != 0) - return status; - /* for a question-RR we are done, no rdata */ - if(question) { - *len = *dname_len + 4; - return LDNS_WIREPARSE_ERR_OK; - } - - /* rdata */ - if((status=rrinternal_parse_rdata(&strbuf, token, sizeof(token), - rr, len, *dname_len, tp, origin, origin_len)) != 0) - return status; - - return LDNS_WIREPARSE_ERR_OK; -} - -int sldns_str2wire_rr_buf(const char* str, uint8_t* rr, size_t* len, - size_t* dname_len, uint32_t default_ttl, uint8_t* origin, - size_t origin_len, uint8_t* prev, size_t prev_len) -{ - return sldns_str2wire_rr_buf_internal(str, rr, len, dname_len, - default_ttl, origin, origin_len, prev, prev_len, 0); -} - -int sldns_str2wire_rr_question_buf(const char* str, uint8_t* rr, size_t* len, - size_t* dname_len, uint8_t* origin, size_t origin_len, uint8_t* prev, - size_t prev_len) -{ - return sldns_str2wire_rr_buf_internal(str, rr, len, dname_len, - 0, origin, origin_len, prev, prev_len, 1); -} - -uint16_t sldns_wirerr_get_type(uint8_t* rr, size_t len, size_t dname_len) -{ - if(len < dname_len+2) - return 0; - return sldns_read_uint16(rr+dname_len); -} - -uint16_t sldns_wirerr_get_class(uint8_t* rr, size_t len, size_t dname_len) -{ - if(len < dname_len+4) - return 0; - return sldns_read_uint16(rr+dname_len+2); -} - -uint32_t sldns_wirerr_get_ttl(uint8_t* rr, size_t len, size_t dname_len) -{ - if(len < dname_len+8) - return 0; - return sldns_read_uint32(rr+dname_len+4); -} - -uint16_t sldns_wirerr_get_rdatalen(uint8_t* rr, size_t len, size_t dname_len) -{ - if(len < dname_len+10) - return 0; - return sldns_read_uint16(rr+dname_len+8); -} - -uint8_t* sldns_wirerr_get_rdata(uint8_t* rr, size_t len, size_t dname_len) -{ - if(len < dname_len+10) - return NULL; - return rr+dname_len+10; -} - -uint8_t* sldns_wirerr_get_rdatawl(uint8_t* rr, size_t len, size_t dname_len) -{ - if(len < dname_len+10) - return NULL; - return rr+dname_len+8; -} - -const char* sldns_get_errorstr_parse(int e) -{ - sldns_lookup_table *lt; - lt = sldns_lookup_by_id(sldns_wireparse_errors, LDNS_WIREPARSE_ERROR(e)); - return lt?lt->name:"unknown error"; -} - -/* Strip whitespace from the start and the end of . */ -static char * -sldns_strip_ws(char *line) -{ - char *s = line, *e; - - for (s = line; *s && isspace((unsigned char)*s); s++) - ; - for (e = strchr(s, 0); e > s+2 && isspace((unsigned char)e[-1]) && e[-2] != '\\'; e--) - ; - *e = 0; - return s; -} - -int sldns_fp2wire_rr_buf(FILE* in, uint8_t* rr, size_t* len, size_t* dname_len, - struct sldns_file_parse_state* parse_state) -{ - char line[LDNS_RR_BUF_SIZE+1]; - ssize_t size; - - /* read an entire line in from the file */ - if((size = sldns_fget_token_l(in, line, LDNS_PARSE_SKIP_SPACE, - LDNS_RR_BUF_SIZE, parse_state?&parse_state->lineno:NULL)) - == -1) { - /* if last line was empty, we are now at feof, which is not - * always a parse error (happens when for instance last line - * was a comment) - */ - return LDNS_WIREPARSE_ERR_SYNTAX; - } - - /* we can have the situation, where we've read ok, but still got - * no bytes to play with, in this case size is 0 */ - if(size == 0) { - *len = 0; - *dname_len = 0; - return LDNS_WIREPARSE_ERR_OK; - } - - if(strncmp(line, "$ORIGIN", 7) == 0 && isspace((unsigned char)line[7])) { - int s; - *len = 0; - *dname_len = 0; - if(!parse_state) return LDNS_WIREPARSE_ERR_OK; - parse_state->origin_len = sizeof(parse_state->origin); - s = sldns_str2wire_dname_buf(sldns_strip_ws(line+8), - parse_state->origin, &parse_state->origin_len); - if(s) parse_state->origin_len = 0; - return s; - } else if(strncmp(line, "$TTL", 4) == 0 && isspace((unsigned char)line[4])) { - const char* end = NULL; - *len = 0; - *dname_len = 0; - if(!parse_state) return LDNS_WIREPARSE_ERR_OK; - parse_state->default_ttl = sldns_str2period( - sldns_strip_ws(line+5), &end); - } else if (strncmp(line, "$INCLUDE", 8) == 0) { - *len = 0; - *dname_len = 0; - return LDNS_WIREPARSE_ERR_INCLUDE; - } else { - return sldns_str2wire_rr_buf(line, rr, len, dname_len, - parse_state?parse_state->default_ttl:0, - (parse_state&&parse_state->origin_len)? - parse_state->origin:NULL, - parse_state?parse_state->origin_len:0, - (parse_state&&parse_state->prev_rr_len)? - parse_state->prev_rr:NULL, - parse_state?parse_state->prev_rr_len:0); - } - return LDNS_WIREPARSE_ERR_OK; -} - -int sldns_str2wire_rdf_buf(const char* str, uint8_t* rd, size_t* len, - sldns_rdf_type rdftype) -{ - switch (rdftype) { - case LDNS_RDF_TYPE_DNAME: - return sldns_str2wire_dname_buf(str, rd, len); - case LDNS_RDF_TYPE_INT8: - return sldns_str2wire_int8_buf(str, rd, len); - case LDNS_RDF_TYPE_INT16: - return sldns_str2wire_int16_buf(str, rd, len); - case LDNS_RDF_TYPE_INT32: - return sldns_str2wire_int32_buf(str, rd, len); - case LDNS_RDF_TYPE_A: - return sldns_str2wire_a_buf(str, rd, len); - case LDNS_RDF_TYPE_AAAA: - return sldns_str2wire_aaaa_buf(str, rd, len); - case LDNS_RDF_TYPE_STR: - return sldns_str2wire_str_buf(str, rd, len); - case LDNS_RDF_TYPE_APL: - return sldns_str2wire_apl_buf(str, rd, len); - case LDNS_RDF_TYPE_B64: - return sldns_str2wire_b64_buf(str, rd, len); - case LDNS_RDF_TYPE_B32_EXT: - return sldns_str2wire_b32_ext_buf(str, rd, len); - case LDNS_RDF_TYPE_HEX: - return sldns_str2wire_hex_buf(str, rd, len); - case LDNS_RDF_TYPE_NSEC: - return sldns_str2wire_nsec_buf(str, rd, len); - case LDNS_RDF_TYPE_TYPE: - return sldns_str2wire_type_buf(str, rd, len); - case LDNS_RDF_TYPE_CLASS: - return sldns_str2wire_class_buf(str, rd, len); - case LDNS_RDF_TYPE_CERT_ALG: - return sldns_str2wire_cert_alg_buf(str, rd, len); - case LDNS_RDF_TYPE_ALG: - return sldns_str2wire_alg_buf(str, rd, len); - case LDNS_RDF_TYPE_TIME: - return sldns_str2wire_time_buf(str, rd, len); - case LDNS_RDF_TYPE_PERIOD: - return sldns_str2wire_period_buf(str, rd, len); - case LDNS_RDF_TYPE_LOC: - return sldns_str2wire_loc_buf(str, rd, len); - case LDNS_RDF_TYPE_WKS: - return sldns_str2wire_wks_buf(str, rd, len); - case LDNS_RDF_TYPE_NSAP: - return sldns_str2wire_nsap_buf(str, rd, len); - case LDNS_RDF_TYPE_ATMA: - return sldns_str2wire_atma_buf(str, rd, len); - case LDNS_RDF_TYPE_IPSECKEY: - return sldns_str2wire_ipseckey_buf(str, rd, len); - case LDNS_RDF_TYPE_NSEC3_SALT: - return sldns_str2wire_nsec3_salt_buf(str, rd, len); - case LDNS_RDF_TYPE_NSEC3_NEXT_OWNER: - return sldns_str2wire_b32_ext_buf(str, rd, len); - case LDNS_RDF_TYPE_ILNP64: - return sldns_str2wire_ilnp64_buf(str, rd, len); - case LDNS_RDF_TYPE_EUI48: - return sldns_str2wire_eui48_buf(str, rd, len); - case LDNS_RDF_TYPE_EUI64: - return sldns_str2wire_eui64_buf(str, rd, len); - case LDNS_RDF_TYPE_TAG: - return sldns_str2wire_tag_buf(str, rd, len); - case LDNS_RDF_TYPE_LONG_STR: - return sldns_str2wire_long_str_buf(str, rd, len); - case LDNS_RDF_TYPE_HIP: - return sldns_str2wire_hip_buf(str, rd, len); - case LDNS_RDF_TYPE_INT16_DATA: - return sldns_str2wire_int16_data_buf(str, rd, len); - case LDNS_RDF_TYPE_UNKNOWN: - case LDNS_RDF_TYPE_SERVICE: - return LDNS_WIREPARSE_ERR_NOT_IMPL; - case LDNS_RDF_TYPE_NONE: - default: - break; - } - return LDNS_WIREPARSE_ERR_GENERAL; -} - -int sldns_str2wire_int8_buf(const char* str, uint8_t* rd, size_t* len) -{ - char* end; - uint8_t r = (uint8_t)strtol((char*)str, &end, 10); - if(*end != 0) - return RET_ERR(LDNS_WIREPARSE_ERR_SYNTAX_INT, end-(char*)str); - if(*len < 1) - return LDNS_WIREPARSE_ERR_BUFFER_TOO_SMALL; - rd[0] = r; - *len = 1; - return LDNS_WIREPARSE_ERR_OK; -} - -int sldns_str2wire_int16_buf(const char* str, uint8_t* rd, size_t* len) -{ - char* end; - uint16_t r = (uint16_t)strtol((char*)str, &end, 10); - if(*end != 0) - return RET_ERR(LDNS_WIREPARSE_ERR_SYNTAX_INT, end-(char*)str); - if(*len < 2) - return LDNS_WIREPARSE_ERR_BUFFER_TOO_SMALL; - sldns_write_uint16(rd, r); - *len = 2; - return LDNS_WIREPARSE_ERR_OK; -} - -int sldns_str2wire_int32_buf(const char* str, uint8_t* rd, size_t* len) -{ - char* end; - uint32_t r; - errno = 0; /* must set to zero before call, - note race condition on errno */ - if(*str == '-') - r = (uint32_t)strtol((char*)str, &end, 10); - else r = (uint32_t)strtoul((char*)str, &end, 10); - if(*end != 0) - return RET_ERR(LDNS_WIREPARSE_ERR_SYNTAX_INT, end-(char*)str); - if(errno == ERANGE) - return LDNS_WIREPARSE_ERR_SYNTAX_INTEGER_OVERFLOW; - if(*len < 4) - return LDNS_WIREPARSE_ERR_BUFFER_TOO_SMALL; - sldns_write_uint32(rd, r); - *len = 4; - return LDNS_WIREPARSE_ERR_OK; -} - -int sldns_str2wire_a_buf(const char* str, uint8_t* rd, size_t* len) -{ - struct in_addr address; - if(inet_pton(AF_INET, (char*)str, &address) != 1) - return LDNS_WIREPARSE_ERR_SYNTAX_IP4; - if(*len < sizeof(address)) - return LDNS_WIREPARSE_ERR_BUFFER_TOO_SMALL; - memmove(rd, &address, sizeof(address)); - *len = sizeof(address); - return LDNS_WIREPARSE_ERR_OK; -} - -int sldns_str2wire_aaaa_buf(const char* str, uint8_t* rd, size_t* len) -{ -#ifdef AF_INET6 - uint8_t address[LDNS_IP6ADDRLEN + 1]; - if(inet_pton(AF_INET6, (char*)str, address) != 1) - return LDNS_WIREPARSE_ERR_SYNTAX_IP6; - if(*len < LDNS_IP6ADDRLEN) - return LDNS_WIREPARSE_ERR_BUFFER_TOO_SMALL; - memmove(rd, address, LDNS_IP6ADDRLEN); - *len = LDNS_IP6ADDRLEN; - return LDNS_WIREPARSE_ERR_OK; -#else - return LDNS_WIREPARSE_ERR_NOT_IMPL; -#endif -} - -int sldns_str2wire_str_buf(const char* str, uint8_t* rd, size_t* len) -{ - uint8_t ch = 0; - size_t sl = 0; - const char* s = str; - /* skip length byte */ - if(*len < 1) - return LDNS_WIREPARSE_ERR_BUFFER_TOO_SMALL; - - /* read characters */ - while(sldns_parse_char(&ch, &s)) { - if(sl >= 255) - return RET_ERR(LDNS_WIREPARSE_ERR_INVALID_STR, s-str); - if(*len < sl+1) - return RET_ERR(LDNS_WIREPARSE_ERR_BUFFER_TOO_SMALL, - s-str); - rd[++sl] = ch; - } - if(!s) - return LDNS_WIREPARSE_ERR_SYNTAX_BAD_ESCAPE; - rd[0] = (uint8_t)sl; - *len = sl+1; - return LDNS_WIREPARSE_ERR_OK; -} - -int sldns_str2wire_apl_buf(const char* str, uint8_t* rd, size_t* len) -{ - const char *my_str = str; - - char my_ip_str[64]; - size_t ip_str_len; - - uint16_t family; - int negation; - size_t adflength = 0; - uint8_t data[16+4]; - uint8_t prefix; - size_t i; - - if(*my_str == '\0') { - /* empty APL element, no data, no string */ - *len = 0; - return LDNS_WIREPARSE_ERR_OK; - } - - /* [!]afi:address/prefix */ - if (strlen(my_str) < 2 - || strchr(my_str, ':') == NULL - || strchr(my_str, '/') == NULL - || strchr(my_str, ':') > strchr(my_str, '/')) { - return LDNS_WIREPARSE_ERR_INVALID_STR; - } - - if (my_str[0] == '!') { - negation = 1; - my_str += 1; - } else { - negation = 0; - } - - family = (uint16_t) atoi(my_str); - - my_str = strchr(my_str, ':') + 1; - - /* need ip addr and only ip addr for inet_pton */ - ip_str_len = (size_t) (strchr(my_str, '/') - my_str); - if(ip_str_len+1 > sizeof(my_ip_str)) - return LDNS_WIREPARSE_ERR_INVALID_STR; - (void)strlcpy(my_ip_str, my_str, sizeof(my_ip_str)); - my_ip_str[ip_str_len] = 0; - - if (family == 1) { - /* ipv4 */ - if(inet_pton(AF_INET, my_ip_str, data+4) == 0) - return LDNS_WIREPARSE_ERR_INVALID_STR; - for (i = 0; i < 4; i++) { - if (data[i+4] != 0) { - adflength = i + 1; - } - } - } else if (family == 2) { - /* ipv6 */ - if (inet_pton(AF_INET6, my_ip_str, data+4) == 0) - return LDNS_WIREPARSE_ERR_INVALID_STR; - for (i = 0; i < 16; i++) { - if (data[i+4] != 0) { - adflength = i + 1; - } - } - } else { - /* unknown family */ - return LDNS_WIREPARSE_ERR_INVALID_STR; - } - - my_str = strchr(my_str, '/') + 1; - prefix = (uint8_t) atoi(my_str); - - sldns_write_uint16(data, family); - data[2] = prefix; - data[3] = (uint8_t)adflength; - if (negation) { - /* set bit 1 of byte 3 */ - data[3] = data[3] | 0x80; - } - - if(*len < 4+adflength) - return LDNS_WIREPARSE_ERR_BUFFER_TOO_SMALL; - memmove(rd, data, 4+adflength); - *len = 4+adflength; - return LDNS_WIREPARSE_ERR_OK; -} - -int sldns_str2wire_b64_buf(const char* str, uint8_t* rd, size_t* len) -{ - size_t sz = sldns_b64_pton_calculate_size(strlen(str)); - int n; - if(*len < sz) - return LDNS_WIREPARSE_ERR_BUFFER_TOO_SMALL; - n = sldns_b64_pton(str, rd, *len); - if(n < 0) - return LDNS_WIREPARSE_ERR_SYNTAX_B64; - *len = (size_t)n; - return LDNS_WIREPARSE_ERR_OK; -} - -int sldns_str2wire_b32_ext_buf(const char* str, uint8_t* rd, size_t* len) -{ - size_t slen = strlen(str); - size_t sz = sldns_b32_pton_calculate_size(slen); - int n; - if(*len < 1+sz) - return LDNS_WIREPARSE_ERR_BUFFER_TOO_SMALL; - rd[0] = (uint8_t)sz; - n = sldns_b32_pton_extended_hex(str, slen, rd+1, *len-1); - if(n < 0) - return LDNS_WIREPARSE_ERR_SYNTAX_B32_EXT; - *len = (size_t)n+1; - return LDNS_WIREPARSE_ERR_OK; -} - -int sldns_str2wire_hex_buf(const char* str, uint8_t* rd, size_t* len) -{ - const char* s = str; - size_t dlen = 0; /* number of hexdigits parsed */ - while(*s) { - if(isspace((unsigned char)*s)) { - s++; - continue; - } - if(!isxdigit((unsigned char)*s)) - return RET_ERR(LDNS_WIREPARSE_ERR_SYNTAX_HEX, s-str); - if(*len < dlen/2 + 1) - return RET_ERR(LDNS_WIREPARSE_ERR_BUFFER_TOO_SMALL, - s-str); - if((dlen&1)==0) - rd[dlen/2] = (uint8_t)sldns_hexdigit_to_int(*s++) * 16; - else rd[dlen/2] += (uint8_t)sldns_hexdigit_to_int(*s++); - dlen++; - } - if((dlen&1)!=0) - return RET_ERR(LDNS_WIREPARSE_ERR_SYNTAX_HEX, s-str); - *len = dlen/2; - return LDNS_WIREPARSE_ERR_OK; -} - -int sldns_str2wire_nsec_buf(const char* str, uint8_t* rd, size_t* len) -{ - const char *delim = "\n\t "; - char token[64]; /* for a type name */ - size_t type_count = 0; - int block; - size_t used = 0; - uint16_t maxtype = 0; - uint8_t typebits[8192]; /* 65536 bits */ - uint8_t window_in_use[256]; - - /* string in buffer */ - sldns_buffer strbuf; - sldns_buffer_init_frm_data(&strbuf, (uint8_t*)str, strlen(str)); - - /* parse the types */ - memset(typebits, 0, sizeof(typebits)); - memset(window_in_use, 0, sizeof(window_in_use)); - while(sldns_buffer_remaining(&strbuf) > 0 && - sldns_bget_token(&strbuf, token, delim, sizeof(token)) != -1) { - uint16_t t = sldns_get_rr_type_by_name(token); - if(token[0] == 0) - continue; - if(t == 0 && strcmp(token, "TYPE0") != 0) - return RET_ERR(LDNS_WIREPARSE_ERR_SYNTAX_TYPE, - sldns_buffer_position(&strbuf)); - typebits[t/8] |= (0x80>>(t%8)); - window_in_use[t/256] = 1; - type_count++; - if(t > maxtype) maxtype = t; - } - - /* empty NSEC bitmap */ - if(type_count == 0) { - *len = 0; - return LDNS_WIREPARSE_ERR_OK; - } - - /* encode windows {u8 windowblock, u8 bitmaplength, 0-32u8 bitmap}, - * block is 0-255 upper octet of types, length if 0-32. */ - for(block = 0; block <= (int)maxtype/256; block++) { - int i, blocklen = 0; - if(!window_in_use[block]) - continue; - for(i=0; i<32; i++) { - if(typebits[block*32+i] != 0) - blocklen = i+1; - } - if(blocklen == 0) - continue; /* empty window should have been !in_use */ - if(used+blocklen+2 > *len) - return LDNS_WIREPARSE_ERR_BUFFER_TOO_SMALL; - rd[used+0] = (uint8_t)block; - rd[used+1] = (uint8_t)blocklen; - for(i=0; iid); - } else { - int s = sldns_str2wire_int16_buf(str, rd, len); - if(s) return s; - if(sldns_read_uint16(rd) == 0) - return LDNS_WIREPARSE_ERR_CERT_BAD_ALGORITHM; - } - *len = 2; - return LDNS_WIREPARSE_ERR_OK; -} - -/* An alg field can either be specified as a 8 bits number - * or by its symbolic name. Handle both */ -int sldns_str2wire_alg_buf(const char* str, uint8_t* rd, size_t* len) -{ - sldns_lookup_table *lt = sldns_lookup_by_name(sldns_algorithms, str); - if(*len < 1) - return LDNS_WIREPARSE_ERR_BUFFER_TOO_SMALL; - if(lt) { - rd[0] = (uint8_t)lt->id; - *len = 1; - } else { - /* try as-is (a number) */ - return sldns_str2wire_int8_buf(str, rd, len); - } - return LDNS_WIREPARSE_ERR_OK; -} - -int sldns_str2wire_time_buf(const char* str, uint8_t* rd, size_t* len) -{ - /* convert a time YYYYDDMMHHMMSS to wireformat */ - struct tm tm; - if(*len < 4) - return LDNS_WIREPARSE_ERR_BUFFER_TOO_SMALL; - - /* Try to scan the time... */ - memset(&tm, 0, sizeof(tm)); - if (strlen(str) == 14 && sscanf(str, "%4d%2d%2d%2d%2d%2d", - &tm.tm_year, &tm.tm_mon, &tm.tm_mday, &tm.tm_hour, - &tm.tm_min, &tm.tm_sec) == 6) { - tm.tm_year -= 1900; - tm.tm_mon--; - /* Check values */ - if (tm.tm_year < 70) - return LDNS_WIREPARSE_ERR_SYNTAX_TIME; - if (tm.tm_mon < 0 || tm.tm_mon > 11) - return LDNS_WIREPARSE_ERR_SYNTAX_TIME; - if (tm.tm_mday < 1 || tm.tm_mday > 31) - return LDNS_WIREPARSE_ERR_SYNTAX_TIME; - if (tm.tm_hour < 0 || tm.tm_hour > 23) - return LDNS_WIREPARSE_ERR_SYNTAX_TIME; - if (tm.tm_min < 0 || tm.tm_min > 59) - return LDNS_WIREPARSE_ERR_SYNTAX_TIME; - if (tm.tm_sec < 0 || tm.tm_sec > 59) - return LDNS_WIREPARSE_ERR_SYNTAX_TIME; - - sldns_write_uint32(rd, (uint32_t)sldns_mktime_from_utc(&tm)); - } else { - /* handle it as 32 bits timestamp */ - char *end; - uint32_t l = (uint32_t)strtol((char*)str, &end, 10); - if(*end != 0) - return RET_ERR(LDNS_WIREPARSE_ERR_SYNTAX_TIME, - end-(char*)str); - sldns_write_uint32(rd, l); - } - *len = 4; - return LDNS_WIREPARSE_ERR_OK; -} - -int sldns_str2wire_period_buf(const char* str, uint8_t* rd, size_t* len) -{ - const char* end; - uint32_t p = sldns_str2period(str, &end); - if(*end != 0) - return RET_ERR(LDNS_WIREPARSE_ERR_SYNTAX_PERIOD, end-str); - if(*len < 4) - return LDNS_WIREPARSE_ERR_BUFFER_TOO_SMALL; - sldns_write_uint32(rd, p); - *len = 4; - return LDNS_WIREPARSE_ERR_OK; -} - -/** read "[.][mM]" into mantissa exponent format for LOC type */ -static int -loc_parse_cm(char* my_str, char** endstr, uint8_t* m, uint8_t* e) -{ - uint32_t meters = 0, cm = 0, val; - while (isblank((unsigned char)*my_str)) { - my_str++; - } - meters = (uint32_t)strtol(my_str, &my_str, 10); - if (*my_str == '.') { - my_str++; - cm = (uint32_t)strtol(my_str, &my_str, 10); - } - if (meters >= 1) { - *e = 2; - val = meters; - } else { - *e = 0; - val = cm; - } - while(val >= 10) { - (*e)++; - val /= 10; - } - *m = (uint8_t)val; - - if (*e > 9) - return 0; - if (*my_str == 'm' || *my_str == 'M') { - my_str++; - } - *endstr = my_str; - return 1; -} - -int sldns_str2wire_loc_buf(const char* str, uint8_t* rd, size_t* len) -{ - uint32_t latitude = 0; - uint32_t longitude = 0; - uint32_t altitude = 0; - - uint32_t equator = (uint32_t)1<<31; /* 2**31 */ - - /* only support version 0 */ - uint32_t h = 0; - uint32_t m = 0; - uint8_t size_b = 1, size_e = 2; - uint8_t horiz_pre_b = 1, horiz_pre_e = 6; - uint8_t vert_pre_b = 1, vert_pre_e = 3; - - double s = 0.0; - int northerness; - int easterness; - - char *my_str = (char *) str; - - if (isdigit((unsigned char) *my_str)) { - h = (uint32_t) strtol(my_str, &my_str, 10); - } else { - return LDNS_WIREPARSE_ERR_INVALID_STR; - } - - while (isblank((unsigned char) *my_str)) { - my_str++; - } - - if (isdigit((unsigned char) *my_str)) { - m = (uint32_t) strtol(my_str, &my_str, 10); - } else if (*my_str == 'N' || *my_str == 'S') { - goto north; - } else { - return LDNS_WIREPARSE_ERR_INVALID_STR; - } - - while (isblank((unsigned char) *my_str)) { - my_str++; - } - - if (isdigit((unsigned char) *my_str)) { - s = strtod(my_str, &my_str); - } - - /* skip blanks before norterness */ - while (isblank((unsigned char) *my_str)) { - my_str++; - } - -north: - if (*my_str == 'N') { - northerness = 1; - } else if (*my_str == 'S') { - northerness = 0; - } else { - return LDNS_WIREPARSE_ERR_INVALID_STR; - } - - my_str++; - - /* store number */ - s = 1000.0 * s; - /* add a little to make floor in conversion a round */ - s += 0.0005; - latitude = (uint32_t) s; - latitude += 1000 * 60 * m; - latitude += 1000 * 60 * 60 * h; - if (northerness) { - latitude = equator + latitude; - } else { - latitude = equator - latitude; - } - while (isblank((unsigned char)*my_str)) { - my_str++; - } - - if (isdigit((unsigned char) *my_str)) { - h = (uint32_t) strtol(my_str, &my_str, 10); - } else { - return LDNS_WIREPARSE_ERR_INVALID_STR; - } - - while (isblank((unsigned char) *my_str)) { - my_str++; - } - - if (isdigit((unsigned char) *my_str)) { - m = (uint32_t) strtol(my_str, &my_str, 10); - } else if (*my_str == 'E' || *my_str == 'W') { - goto east; - } else { - return LDNS_WIREPARSE_ERR_INVALID_STR; - } - - while (isblank((unsigned char)*my_str)) { - my_str++; - } - - if (isdigit((unsigned char) *my_str)) { - s = strtod(my_str, &my_str); - } - - /* skip blanks before easterness */ - while (isblank((unsigned char)*my_str)) { - my_str++; - } - -east: - if (*my_str == 'E') { - easterness = 1; - } else if (*my_str == 'W') { - easterness = 0; - } else { - return LDNS_WIREPARSE_ERR_INVALID_STR; - } - - my_str++; - - /* store number */ - s *= 1000.0; - /* add a little to make floor in conversion a round */ - s += 0.0005; - longitude = (uint32_t) s; - longitude += 1000 * 60 * m; - longitude += 1000 * 60 * 60 * h; - - if (easterness) { - longitude += equator; - } else { - longitude = equator - longitude; - } - - altitude = (uint32_t)(strtod(my_str, &my_str)*100.0 + - 10000000.0 + 0.5); - if (*my_str == 'm' || *my_str == 'M') { - my_str++; - } - - if (strlen(my_str) > 0) { - if(!loc_parse_cm(my_str, &my_str, &size_b, &size_e)) - return LDNS_WIREPARSE_ERR_INVALID_STR; - } - - if (strlen(my_str) > 0) { - if(!loc_parse_cm(my_str, &my_str, &horiz_pre_b, &horiz_pre_e)) - return LDNS_WIREPARSE_ERR_INVALID_STR; - } - - if (strlen(my_str) > 0) { - if(!loc_parse_cm(my_str, &my_str, &vert_pre_b, &vert_pre_e)) - return LDNS_WIREPARSE_ERR_INVALID_STR; - } - - if(*len < 16) - return LDNS_WIREPARSE_ERR_BUFFER_TOO_SMALL; - rd[0] = 0; - rd[1] = ((size_b << 4) & 0xf0) | (size_e & 0x0f); - rd[2] = ((horiz_pre_b << 4) & 0xf0) | (horiz_pre_e & 0x0f); - rd[3] = ((vert_pre_b << 4) & 0xf0) | (vert_pre_e & 0x0f); - sldns_write_uint32(rd + 4, latitude); - sldns_write_uint32(rd + 8, longitude); - sldns_write_uint32(rd + 12, altitude); - *len = 16; - return LDNS_WIREPARSE_ERR_OK; -} - -static void -ldns_tolower_str(char* s) -{ - if(s) { - while(*s) { - *s = (char)tolower((unsigned char)*s); - s++; - } - } -} - -int sldns_str2wire_wks_buf(const char* str, uint8_t* rd, size_t* len) -{ - int rd_len = 1; - int have_proto = 0; - char token[50], proto_str[50]; - sldns_buffer strbuf; - sldns_buffer_init_frm_data(&strbuf, (uint8_t*)str, strlen(str)); - proto_str[0]=0; - - /* check we have one byte for proto */ - if(*len < 1) - return LDNS_WIREPARSE_ERR_BUFFER_TOO_SMALL; - - while(sldns_bget_token(&strbuf, token, "\t\n ", sizeof(token)) > 0) { - ldns_tolower_str(token); - if(!have_proto) { - struct protoent *p = getprotobyname(token); - have_proto = 1; - if(p) rd[0] = (uint8_t)p->p_proto; - else rd[0] = (uint8_t)atoi(token); - (void)strlcpy(proto_str, token, sizeof(proto_str)); - } else { - int serv_port; - struct servent *serv = getservbyname(token, proto_str); - if(serv) serv_port=(int)ntohs((uint16_t)serv->s_port); - else { - serv_port = atoi(token); - if(serv_port == 0 && strcmp(token, "0") != 0) { -#ifdef HAVE_ENDSERVENT - endservent(); -#endif -#ifdef HAVE_ENDPROTOENT - endprotoent(); -#endif - return RET_ERR(LDNS_WIREPARSE_ERR_SYNTAX, - sldns_buffer_position(&strbuf)); - } - if(serv_port < 0 || serv_port > 65535) { -#ifdef HAVE_ENDSERVENT - endservent(); -#endif -#ifdef HAVE_ENDPROTOENT - endprotoent(); -#endif - return RET_ERR(LDNS_WIREPARSE_ERR_SYNTAX, - sldns_buffer_position(&strbuf)); - } - } - if(rd_len < 1+serv_port/8+1) { - /* bitmap is larger, init new bytes at 0 */ - if(*len < 1+(size_t)serv_port/8+1) { -#ifdef HAVE_ENDSERVENT - endservent(); -#endif -#ifdef HAVE_ENDPROTOENT - endprotoent(); -#endif - return RET_ERR( - LDNS_WIREPARSE_ERR_BUFFER_TOO_SMALL, - sldns_buffer_position(&strbuf)); - } - memset(rd+rd_len, 0, 1+(size_t)serv_port/8+1-rd_len); - rd_len = 1+serv_port/8+1; - } - rd[1+ serv_port/8] |= (1 << (7 - serv_port % 8)); - } - } - *len = (size_t)rd_len; - -#ifdef HAVE_ENDSERVENT - endservent(); -#endif -#ifdef HAVE_ENDPROTOENT - endprotoent(); -#endif - return LDNS_WIREPARSE_ERR_OK; -} - -int sldns_str2wire_nsap_buf(const char* str, uint8_t* rd, size_t* len) -{ - const char* s = str; - size_t slen; - size_t dlen = 0; /* number of hexdigits parsed */ - - /* just a hex string with optional dots? */ - if (s[0] != '0' || s[1] != 'x') - return LDNS_WIREPARSE_ERR_INVALID_STR; - s += 2; - slen = strlen(s); - if(slen > LDNS_MAX_RDFLEN*2) - return LDNS_WIREPARSE_ERR_LABEL_OVERFLOW; - while(*s) { - if(isspace((unsigned char)*s) || *s == '.') { - s++; - continue; - } - if(!isxdigit((unsigned char)*s)) - return RET_ERR(LDNS_WIREPARSE_ERR_SYNTAX_HEX, s-str); - if(*len < dlen/2 + 1) - return RET_ERR(LDNS_WIREPARSE_ERR_BUFFER_TOO_SMALL, - s-str); - if((dlen&1)==0) - rd[dlen/2] = (uint8_t)sldns_hexdigit_to_int(*s++) * 16; - else rd[dlen/2] += sldns_hexdigit_to_int(*s++); - dlen++; - } - if((dlen&1)!=0) - return RET_ERR(LDNS_WIREPARSE_ERR_SYNTAX_HEX, s-str); - *len = dlen/2; - return LDNS_WIREPARSE_ERR_OK; -} - -int sldns_str2wire_atma_buf(const char* str, uint8_t* rd, size_t* len) -{ - const char* s = str; - size_t slen = strlen(str); - size_t dlen = 0; /* number of hexdigits parsed */ - - /* just a hex string with optional dots? */ - /* notimpl e.164 format */ - if(slen > LDNS_MAX_RDFLEN*2) - return LDNS_WIREPARSE_ERR_LABEL_OVERFLOW; - while(*s) { - if(isspace((unsigned char)*s) || *s == '.') { - s++; - continue; - } - if(!isxdigit((unsigned char)*s)) - return RET_ERR(LDNS_WIREPARSE_ERR_SYNTAX_HEX, s-str); - if(*len < dlen/2 + 1) - return RET_ERR(LDNS_WIREPARSE_ERR_BUFFER_TOO_SMALL, - s-str); - if((dlen&1)==0) - rd[dlen/2] = (uint8_t)sldns_hexdigit_to_int(*s++) * 16; - else rd[dlen/2] += sldns_hexdigit_to_int(*s++); - dlen++; - } - if((dlen&1)!=0) - return RET_ERR(LDNS_WIREPARSE_ERR_SYNTAX_HEX, s-str); - *len = dlen/2; - return LDNS_WIREPARSE_ERR_OK; -} - -int sldns_str2wire_ipseckey_buf(const char* str, uint8_t* rd, size_t* len) -{ - size_t gwlen = 0, keylen = 0; - int s; - uint8_t gwtype; - char token[512]; - sldns_buffer strbuf; - sldns_buffer_init_frm_data(&strbuf, (uint8_t*)str, strlen(str)); - - if(*len < 3) - return LDNS_WIREPARSE_ERR_BUFFER_TOO_SMALL; - /* precedence */ - if(sldns_bget_token(&strbuf, token, "\t\n ", sizeof(token)) <= 0) - return RET_ERR(LDNS_WIREPARSE_ERR_INVALID_STR, - sldns_buffer_position(&strbuf)); - rd[0] = (uint8_t)atoi(token); - /* gateway_type */ - if(sldns_bget_token(&strbuf, token, "\t\n ", sizeof(token)) <= 0) - return RET_ERR(LDNS_WIREPARSE_ERR_INVALID_STR, - sldns_buffer_position(&strbuf)); - rd[1] = (uint8_t)atoi(token); - gwtype = rd[1]; - /* algorithm */ - if(sldns_bget_token(&strbuf, token, "\t\n ", sizeof(token)) <= 0) - return RET_ERR(LDNS_WIREPARSE_ERR_INVALID_STR, - sldns_buffer_position(&strbuf)); - rd[2] = (uint8_t)atoi(token); - - /* gateway */ - if(sldns_bget_token(&strbuf, token, "\t\n ", sizeof(token)) <= 0) - return RET_ERR(LDNS_WIREPARSE_ERR_INVALID_STR, - sldns_buffer_position(&strbuf)); - if(gwtype == 0) { - /* NOGATEWAY */ - if(strcmp(token, ".") != 0) - return RET_ERR(LDNS_WIREPARSE_ERR_INVALID_STR, - sldns_buffer_position(&strbuf)); - gwlen = 0; - } else if(gwtype == 1) { - /* IP4 */ - gwlen = *len - 3; - s = sldns_str2wire_a_buf(token, rd+3, &gwlen); - if(s) return RET_ERR_SHIFT(s, sldns_buffer_position(&strbuf)); - } else if(gwtype == 2) { - /* IP6 */ - gwlen = *len - 3; - s = sldns_str2wire_aaaa_buf(token, rd+3, &gwlen); - if(s) return RET_ERR_SHIFT(s, sldns_buffer_position(&strbuf)); - } else if(gwtype == 3) { - /* DNAME */ - gwlen = *len - 3; - s = sldns_str2wire_dname_buf(token, rd+3, &gwlen); - if(s) return RET_ERR_SHIFT(s, sldns_buffer_position(&strbuf)); - } else { - /* unknown gateway type */ - return RET_ERR(LDNS_WIREPARSE_ERR_INVALID_STR, - sldns_buffer_position(&strbuf)); - } - /* double check for size */ - if(*len < 3 + gwlen) - return RET_ERR(LDNS_WIREPARSE_ERR_BUFFER_TOO_SMALL, - sldns_buffer_position(&strbuf)); - - /* publickey in remainder of strbuf */ - keylen = *len - 3 - gwlen; - s = sldns_str2wire_b64_buf((const char*)sldns_buffer_current(&strbuf), - rd+3+gwlen, &keylen); - if(s) return RET_ERR_SHIFT(s, sldns_buffer_position(&strbuf)); - - *len = 3 + gwlen + keylen; - return LDNS_WIREPARSE_ERR_OK; -} - -int sldns_str2wire_nsec3_salt_buf(const char* str, uint8_t* rd, size_t* len) -{ - int i, salt_length_str = (int)strlen(str); - if (salt_length_str == 1 && str[0] == '-') { - salt_length_str = 0; - } else if (salt_length_str % 2 != 0) { - return LDNS_WIREPARSE_ERR_SYNTAX_HEX; - } - if (salt_length_str > 512) - return LDNS_WIREPARSE_ERR_SYNTAX_HEX; - if(*len < 1+(size_t)salt_length_str / 2) - return LDNS_WIREPARSE_ERR_BUFFER_TOO_SMALL; - rd[0] = (uint8_t) (salt_length_str / 2); - for (i = 0; i < salt_length_str; i += 2) { - if (isxdigit((unsigned char)str[i]) && - isxdigit((unsigned char)str[i+1])) { - rd[1+i/2] = (uint8_t)(sldns_hexdigit_to_int(str[i])*16 - + sldns_hexdigit_to_int(str[i+1])); - } else { - return RET_ERR(LDNS_WIREPARSE_ERR_SYNTAX_HEX, i); - } - } - *len = 1 + (size_t)rd[0]; - return LDNS_WIREPARSE_ERR_OK; -} - -int sldns_str2wire_ilnp64_buf(const char* str, uint8_t* rd, size_t* len) -{ - unsigned int a, b, c, d; - uint16_t shorts[4]; - int l; - if(*len < sizeof(shorts)) - return LDNS_WIREPARSE_ERR_BUFFER_TOO_SMALL; - - if (sscanf(str, "%4x:%4x:%4x:%4x%n", &a, &b, &c, &d, &l) != 4 || - l != (int)strlen(str) || /* more data to read */ - strpbrk(str, "+-") /* signed hexes */ - ) - return LDNS_WIREPARSE_ERR_SYNTAX_ILNP64; - shorts[0] = htons(a); - shorts[1] = htons(b); - shorts[2] = htons(c); - shorts[3] = htons(d); - memmove(rd, &shorts, sizeof(shorts)); - *len = sizeof(shorts); - return LDNS_WIREPARSE_ERR_OK; -} - -int sldns_str2wire_eui48_buf(const char* str, uint8_t* rd, size_t* len) -{ - unsigned int a, b, c, d, e, f; - int l; - - if(*len < 6) - return LDNS_WIREPARSE_ERR_BUFFER_TOO_SMALL; - if (sscanf(str, "%2x-%2x-%2x-%2x-%2x-%2x%n", - &a, &b, &c, &d, &e, &f, &l) != 6 || - l != (int)strlen(str)) - return LDNS_WIREPARSE_ERR_SYNTAX_EUI48; - rd[0] = a; - rd[1] = b; - rd[2] = c; - rd[3] = d; - rd[4] = e; - rd[5] = f; - *len = 6; - return LDNS_WIREPARSE_ERR_OK; -} - -int sldns_str2wire_eui64_buf(const char* str, uint8_t* rd, size_t* len) -{ - unsigned int a, b, c, d, e, f, g, h; - int l; - - if(*len < 8) - return LDNS_WIREPARSE_ERR_BUFFER_TOO_SMALL; - if (sscanf(str, "%2x-%2x-%2x-%2x-%2x-%2x-%2x-%2x%n", - &a, &b, &c, &d, &e, &f, &g, &h, &l) != 8 || - l != (int)strlen(str)) - return LDNS_WIREPARSE_ERR_SYNTAX_EUI64; - rd[0] = a; - rd[1] = b; - rd[2] = c; - rd[3] = d; - rd[4] = e; - rd[5] = f; - rd[6] = g; - rd[7] = h; - *len = 8; - return LDNS_WIREPARSE_ERR_OK; -} - -int sldns_str2wire_tag_buf(const char* str, uint8_t* rd, size_t* len) -{ - size_t slen = strlen(str); - const char* ptr; - - if (slen > 255) - return LDNS_WIREPARSE_ERR_SYNTAX_TAG; - if(*len < slen+1) - return LDNS_WIREPARSE_ERR_BUFFER_TOO_SMALL; - for (ptr = str; *ptr; ptr++) { - if(!isalnum((unsigned char)*ptr)) - return RET_ERR(LDNS_WIREPARSE_ERR_SYNTAX_TAG, ptr-str); - } - rd[0] = (uint8_t)slen; - memmove(rd+1, str, slen); - *len = slen+1; - return LDNS_WIREPARSE_ERR_OK; -} - -int sldns_str2wire_long_str_buf(const char* str, uint8_t* rd, size_t* len) -{ - uint8_t ch = 0; - const char* pstr = str; - size_t length = 0; - - /* Fill data with parsed bytes */ - while (sldns_parse_char(&ch, &pstr)) { - if(*len < length+1) - return LDNS_WIREPARSE_ERR_BUFFER_TOO_SMALL; - rd[length++] = ch; - } - if(!pstr) - return LDNS_WIREPARSE_ERR_SYNTAX_BAD_ESCAPE; - *len = length; - return LDNS_WIREPARSE_ERR_OK; -} - -int sldns_str2wire_hip_buf(const char* str, uint8_t* rd, size_t* len) -{ - char* s, *end; - int e; - size_t hitlen, pklen = 0; - /* presentation format: - * pk-algo HIThex pubkeybase64 - * wireformat: - * hitlen[1byte] pkalgo[1byte] pubkeylen[2byte] [hit] [pubkey] */ - if(*len < 4) - return LDNS_WIREPARSE_ERR_BUFFER_TOO_SMALL; - - /* read PK algorithm */ - rd[1] = (uint8_t)strtol((char*)str, &s, 10); - if(*s != ' ') - return RET_ERR(LDNS_WIREPARSE_ERR_SYNTAX_INT, s-(char*)str); - s++; - while(*s == ' ') - s++; - - /* read HIT hex tag */ - /* zero terminate the tag (replace later) */ - end = strchr(s, ' '); - if(!end) return RET_ERR(LDNS_WIREPARSE_ERR_SYNTAX, s-(char*)str); - *end = 0; - hitlen = *len - 4; - if((e = sldns_str2wire_hex_buf(s, rd+4, &hitlen)) != 0) { - *end = ' '; - return RET_ERR_SHIFT(e, s-(char*)str); - } - if(hitlen > 255) { - *end = ' '; - return RET_ERR(LDNS_WIREPARSE_ERR_LABEL_OVERFLOW, s-(char*)str+255*2); - } - rd[0] = (uint8_t)hitlen; - *end = ' '; - s = end+1; - - /* read pubkey base64 sequence */ - pklen = *len - 4 - hitlen; - if((e = sldns_str2wire_b64_buf(s, rd+4+hitlen, &pklen)) != 0) - return RET_ERR_SHIFT(e, s-(char*)str); - if(pklen > 65535) - return RET_ERR(LDNS_WIREPARSE_ERR_LABEL_OVERFLOW, s-(char*)str+65535); - sldns_write_uint16(rd+2, (uint16_t)pklen); - - *len = 4 + hitlen + pklen; - return LDNS_WIREPARSE_ERR_OK; -} - -int sldns_str2wire_int16_data_buf(const char* str, uint8_t* rd, size_t* len) -{ - size_t sz = sldns_b64_pton_calculate_size(strlen(str)); - int n; - if(*len < sz+2) - return LDNS_WIREPARSE_ERR_BUFFER_TOO_SMALL; - if(sz > 65535) - return LDNS_WIREPARSE_ERR_LABEL_OVERFLOW; - n = sldns_b64_pton(str, rd+2, (*len)-2); - if(n < 0) - return LDNS_WIREPARSE_ERR_SYNTAX_B64; - sldns_write_uint16(rd, (uint16_t)n); - *len = (size_t)n; - return LDNS_WIREPARSE_ERR_OK; -} diff --git a/external/unbound/sldns/str2wire.h b/external/unbound/sldns/str2wire.h deleted file mode 100644 index 527074a15..000000000 --- a/external/unbound/sldns/str2wire.h +++ /dev/null @@ -1,541 +0,0 @@ -/** - * str2wire.h - read txt presentation of RRs - * - * (c) NLnet Labs, 2005-2006 - * - * See the file LICENSE for the license - */ - -/** - * \file - * - * Parses text to wireformat. - */ - -#ifndef LDNS_STR2WIRE_H -#define LDNS_STR2WIRE_H - -/* include rrdef for MAX_DOMAINLEN constant */ -#include - -#ifdef __cplusplus -extern "C" { -#endif -struct sldns_struct_lookup_table; - -/** buffer to read an RR, cannot be larger than 64K because of packet size */ -#define LDNS_RR_BUF_SIZE 65535 /* bytes */ -#define LDNS_DEFAULT_TTL 3600 - -/* - * To convert class and type to string see - * sldns_get_rr_class_by_name(str) - * sldns_get_rr_type_by_name(str) - * from rrdef.h - */ - -/** - * Convert text string into dname wireformat, mallocless, with user buffer. - * @param str: the text string with the domain name. - * @param buf: the result buffer, suggested size LDNS_MAX_DOMAINLEN+1 - * @param len: length of the buffer on input, length of the result on output. - * @return 0 on success, otherwise an error. - */ -int sldns_str2wire_dname_buf(const char* str, uint8_t* buf, size_t* len); - -/** - * Same as sldns_str2wire_dname_buf, but concatenates origin if the domain - * name is relative (does not end in '.'). - * @param str: the text string with the domain name. - * @param buf: the result buffer, suggested size LDNS_MAX_DOMAINLEN+1 - * @param len: length of the buffer on input, length of the result on output. - * @param origin: the origin to append or NULL (nothing is appended). - * @param origin_len: length of origin. - * @return 0 on success, otherwise an error. - */ -int sldns_str2wire_dname_buf_origin(const char* str, uint8_t* buf, size_t* len, - uint8_t* origin, size_t origin_len); - -/** - * Convert text string into dname wireformat - * @param str: the text string with the domain name. - * @param len: returned length of wireformat. - * @return wireformat dname (malloced) or NULL on failure. - */ -uint8_t* sldns_str2wire_dname(const char* str, size_t* len); - -/** - * Convert text RR to wireformat, with user buffer. - * @param str: the RR data in text presentation format. - * @param rr: the buffer where the result is stored into. This buffer has - * the wire-dname(uncompressed), type, class, ttl, rdatalen, rdata. - * These values are probably not aligned, and in network format. - * Use the sldns_wirerr_get_xxx functions to access them safely. - * buffer size LDNS_RR_BUF_SIZE is suggested. - * @param len: on input the length of the buffer, on output the amount of - * the buffer used for the rr. - * @param dname_len: if non-NULL, filled with the dname length as result. - * Because after the dname you find the type, class, ttl, rdatalen, rdata. - * @param default_ttl: TTL used if no TTL available. - * @param origin: used for origin dname (if not NULL) - * @param origin_len: length of origin. - * @param prev: used for prev_rr dname (if not NULL) - * @param prev_len: length of prev. - * @return 0 on success, an error on failure. - */ -int sldns_str2wire_rr_buf(const char* str, uint8_t* rr, size_t* len, - size_t* dname_len, uint32_t default_ttl, uint8_t* origin, - size_t origin_len, uint8_t* prev, size_t prev_len); - -/** - * Same as sldns_str2wire_rr_buf, but there is no rdata, it returns an RR - * with zero rdata and no ttl. It has name, type, class. - * You can access those with the sldns_wirerr_get_type and class functions. - * @param str: the RR data in text presentation format. - * @param rr: the buffer where the result is stored into. - * @param len: on input the length of the buffer, on output the amount of - * the buffer used for the rr. - * @param dname_len: if non-NULL, filled with the dname length as result. - * Because after the dname you find the type, class, ttl, rdatalen, rdata. - * @param origin: used for origin dname (if not NULL) - * @param origin_len: length of origin. - * @param prev: used for prev_rr dname (if not NULL) - * @param prev_len: length of prev. - * @return 0 on success, an error on failure. - */ -int sldns_str2wire_rr_question_buf(const char* str, uint8_t* rr, size_t* len, - size_t* dname_len, uint8_t* origin, size_t origin_len, uint8_t* prev, - size_t prev_len); - -/** - * Get the type of the RR. - * @param rr: the RR in wire format. - * @param len: rr length. - * @param dname_len: dname length to skip. - * @return type in host byteorder - */ -uint16_t sldns_wirerr_get_type(uint8_t* rr, size_t len, size_t dname_len); - -/** - * Get the class of the RR. - * @param rr: the RR in wire format. - * @param len: rr length. - * @param dname_len: dname length to skip. - * @return class in host byteorder - */ -uint16_t sldns_wirerr_get_class(uint8_t* rr, size_t len, size_t dname_len); - -/** - * Get the ttl of the RR. - * @param rr: the RR in wire format. - * @param len: rr length. - * @param dname_len: dname length to skip. - * @return ttl in host byteorder - */ -uint32_t sldns_wirerr_get_ttl(uint8_t* rr, size_t len, size_t dname_len); - -/** - * Get the rdata length of the RR. - * @param rr: the RR in wire format. - * @param len: rr length. - * @param dname_len: dname length to skip. - * @return rdata length in host byteorder - * If the rdata length is larger than the rr-len allows, it is truncated. - * So, that it is safe to read the data length returned - * from this function from the rdata pointer of sldns_wirerr_get_rdata. - */ -uint16_t sldns_wirerr_get_rdatalen(uint8_t* rr, size_t len, size_t dname_len); - -/** - * Get the rdata pointer of the RR. - * @param rr: the RR in wire format. - * @param len: rr length. - * @param dname_len: dname length to skip. - * @return rdata pointer - */ -uint8_t* sldns_wirerr_get_rdata(uint8_t* rr, size_t len, size_t dname_len); - -/** - * Get the rdata pointer of the RR. prefixed with rdata length. - * @param rr: the RR in wire format. - * @param len: rr length. - * @param dname_len: dname length to skip. - * @return pointer to rdatalength, followed by the rdata. - */ -uint8_t* sldns_wirerr_get_rdatawl(uint8_t* rr, size_t len, size_t dname_len); - -/** - * Parse result codes - */ -#define LDNS_WIREPARSE_MASK 0x0fff -#define LDNS_WIREPARSE_SHIFT 12 -#define LDNS_WIREPARSE_ERROR(e) ((e)&LDNS_WIREPARSE_MASK) -#define LDNS_WIREPARSE_OFFSET(e) (((e)&~LDNS_WIREPARSE_MASK)>>LDNS_WIREPARSE_SHIFT) -/* use lookuptable to get error string, sldns_wireparse_errors */ -#define LDNS_WIREPARSE_ERR_OK 0 -#define LDNS_WIREPARSE_ERR_GENERAL 342 -#define LDNS_WIREPARSE_ERR_DOMAINNAME_OVERFLOW 343 -#define LDNS_WIREPARSE_ERR_DOMAINNAME_UNDERFLOW 344 -#define LDNS_WIREPARSE_ERR_BUFFER_TOO_SMALL 345 -#define LDNS_WIREPARSE_ERR_LABEL_OVERFLOW 346 -#define LDNS_WIREPARSE_ERR_EMPTY_LABEL 347 -#define LDNS_WIREPARSE_ERR_SYNTAX_BAD_ESCAPE 348 -#define LDNS_WIREPARSE_ERR_SYNTAX 349 -#define LDNS_WIREPARSE_ERR_SYNTAX_TTL 350 -#define LDNS_WIREPARSE_ERR_SYNTAX_TYPE 351 -#define LDNS_WIREPARSE_ERR_SYNTAX_CLASS 352 -#define LDNS_WIREPARSE_ERR_SYNTAX_RDATA 353 -#define LDNS_WIREPARSE_ERR_SYNTAX_MISSING_VALUE 354 -#define LDNS_WIREPARSE_ERR_INVALID_STR 355 -#define LDNS_WIREPARSE_ERR_SYNTAX_B64 356 -#define LDNS_WIREPARSE_ERR_SYNTAX_B32_EXT 357 -#define LDNS_WIREPARSE_ERR_SYNTAX_HEX 358 -#define LDNS_WIREPARSE_ERR_CERT_BAD_ALGORITHM 359 -#define LDNS_WIREPARSE_ERR_SYNTAX_TIME 360 -#define LDNS_WIREPARSE_ERR_SYNTAX_PERIOD 361 -#define LDNS_WIREPARSE_ERR_SYNTAX_ILNP64 362 -#define LDNS_WIREPARSE_ERR_SYNTAX_EUI48 363 -#define LDNS_WIREPARSE_ERR_SYNTAX_EUI64 364 -#define LDNS_WIREPARSE_ERR_SYNTAX_TAG 365 -#define LDNS_WIREPARSE_ERR_NOT_IMPL 366 -#define LDNS_WIREPARSE_ERR_SYNTAX_INT 367 -#define LDNS_WIREPARSE_ERR_SYNTAX_IP4 368 -#define LDNS_WIREPARSE_ERR_SYNTAX_IP6 369 -#define LDNS_WIREPARSE_ERR_SYNTAX_INTEGER_OVERFLOW 370 -#define LDNS_WIREPARSE_ERR_INCLUDE 371 -#define LDNS_WIREPARSE_ERR_PARENTHESIS 372 - -/** - * Get reference to a constant string for the (parse) error. - * @param e: error return value - * @return string. - */ -const char* sldns_get_errorstr_parse(int e); - -/** - * wire parse state for parsing files - */ -struct sldns_file_parse_state { - /** the origin domain name, if len!=0. uncompressed wireformat */ - uint8_t origin[LDNS_MAX_DOMAINLEN+1]; - /** length of origin domain name, in bytes. 0 if not set. */ - size_t origin_len; - /** the previous domain name, if len!=0. uncompressed wireformat*/ - uint8_t prev_rr[LDNS_MAX_DOMAINLEN+1]; - /** length of the previous domain name, in bytes. 0 if not set. */ - size_t prev_rr_len; - /** default TTL, this is used if the text does not specify a TTL, - * host byteorder */ - uint32_t default_ttl; - /** line number information */ - int lineno; -}; - -/** - * Read one RR from zonefile with buffer for the data. - * @param in: file that is read from (one RR, multiple lines if it spans them). - * @param rr: this is malloced by the user and the result is stored here, - * if an RR is read. If no RR is read this is signalled with the - * return len set to 0 (for ORIGIN, TTL directives). - * @param len: on input, the length of the rr buffer. on output the rr len. - * Buffer size of 64k should be enough. - * @param dname_len: returns the length of the dname initial part of the rr. - * @param parse_state: pass a pointer to user-allocated struct. - * Contents are maintained by this function. - * If you pass NULL then ORIGIN and TTL directives are not honored. - * You can start out with a particular origin by pre-filling it. - * otherwise, zero the structure before passing it. - * lineno is incremented when a newline is passed by the parser, - * you should initialize it at 1 at the start of the file. - * @return 0 on success, error on failure. - */ -int sldns_fp2wire_rr_buf(FILE* in, uint8_t* rr, size_t* len, size_t* dname_len, - struct sldns_file_parse_state* parse_state); - -/** - * Convert one rdf in rdata to wireformat and parse from string. - * @param str: the text to convert for this rdata element. - * @param rd: rdata buffer for the wireformat. - * @param len: length of rd buffer on input, used length on output. - * @param rdftype: the type of the rdf. - * @return 0 on success, error on failure. - */ -int sldns_str2wire_rdf_buf(const char* str, uint8_t* rd, size_t* len, - sldns_rdf_type rdftype); - -/** - * Convert rdf of type LDNS_RDF_TYPE_INT8 from string to wireformat. - * @param str: the text to convert for this rdata element. - * @param rd: rdata buffer for the wireformat. - * @param len: length of rd buffer on input, used length on output. - * @return 0 on success, error on failure. - */ -int sldns_str2wire_int8_buf(const char* str, uint8_t* rd, size_t* len); - -/** - * Convert rdf of type LDNS_RDF_TYPE_INT16 from string to wireformat. - * @param str: the text to convert for this rdata element. - * @param rd: rdata buffer for the wireformat. - * @param len: length of rd buffer on input, used length on output. - * @return 0 on success, error on failure. - */ -int sldns_str2wire_int16_buf(const char* str, uint8_t* rd, size_t* len); - -/** - * Convert rdf of type LDNS_RDF_TYPE_INT32 from string to wireformat. - * @param str: the text to convert for this rdata element. - * @param rd: rdata buffer for the wireformat. - * @param len: length of rd buffer on input, used length on output. - * @return 0 on success, error on failure. - */ -int sldns_str2wire_int32_buf(const char* str, uint8_t* rd, size_t* len); - -/** - * Convert rdf of type LDNS_RDF_TYPE_A from string to wireformat. - * @param str: the text to convert for this rdata element. - * @param rd: rdata buffer for the wireformat. - * @param len: length of rd buffer on input, used length on output. - * @return 0 on success, error on failure. - */ -int sldns_str2wire_a_buf(const char* str, uint8_t* rd, size_t* len); - -/** - * Convert rdf of type LDNS_RDF_TYPE_AAAA from string to wireformat. - * @param str: the text to convert for this rdata element. - * @param rd: rdata buffer for the wireformat. - * @param len: length of rd buffer on input, used length on output. - * @return 0 on success, error on failure. - */ -int sldns_str2wire_aaaa_buf(const char* str, uint8_t* rd, size_t* len); - -/** - * Convert rdf of type LDNS_RDF_TYPE_STR from string to wireformat. - * @param str: the text to convert for this rdata element. - * @param rd: rdata buffer for the wireformat. - * @param len: length of rd buffer on input, used length on output. - * @return 0 on success, error on failure. - */ -int sldns_str2wire_str_buf(const char* str, uint8_t* rd, size_t* len); - -/** - * Convert rdf of type LDNS_RDF_TYPE_APL from string to wireformat. - * @param str: the text to convert for this rdata element. - * @param rd: rdata buffer for the wireformat. - * @param len: length of rd buffer on input, used length on output. - * @return 0 on success, error on failure. - */ -int sldns_str2wire_apl_buf(const char* str, uint8_t* rd, size_t* len); - -/** - * Convert rdf of type LDNS_RDF_TYPE_B64 from string to wireformat. - * @param str: the text to convert for this rdata element. - * @param rd: rdata buffer for the wireformat. - * @param len: length of rd buffer on input, used length on output. - * @return 0 on success, error on failure. - */ -int sldns_str2wire_b64_buf(const char* str, uint8_t* rd, size_t* len); - -/** - * Convert rdf of type LDNS_RDF_TYPE_B32_EXT from string to wireformat. - * And also LDNS_RDF_TYPE_NSEC3_NEXT_OWNER. - * @param str: the text to convert for this rdata element. - * @param rd: rdata buffer for the wireformat. - * @param len: length of rd buffer on input, used length on output. - * @return 0 on success, error on failure. - */ -int sldns_str2wire_b32_ext_buf(const char* str, uint8_t* rd, size_t* len); - -/** - * Convert rdf of type LDNS_RDF_TYPE_HEX from string to wireformat. - * @param str: the text to convert for this rdata element. - * @param rd: rdata buffer for the wireformat. - * @param len: length of rd buffer on input, used length on output. - * @return 0 on success, error on failure. - */ -int sldns_str2wire_hex_buf(const char* str, uint8_t* rd, size_t* len); - -/** - * Convert rdf of type LDNS_RDF_TYPE_NSEC from string to wireformat. - * @param str: the text to convert for this rdata element. - * @param rd: rdata buffer for the wireformat. - * @param len: length of rd buffer on input, used length on output. - * @return 0 on success, error on failure. - */ -int sldns_str2wire_nsec_buf(const char* str, uint8_t* rd, size_t* len); - -/** - * Convert rdf of type LDNS_RDF_TYPE_TYPE from string to wireformat. - * @param str: the text to convert for this rdata element. - * @param rd: rdata buffer for the wireformat. - * @param len: length of rd buffer on input, used length on output. - * @return 0 on success, error on failure. - */ -int sldns_str2wire_type_buf(const char* str, uint8_t* rd, size_t* len); - -/** - * Convert rdf of type LDNS_RDF_TYPE_CLASS from string to wireformat. - * @param str: the text to convert for this rdata element. - * @param rd: rdata buffer for the wireformat. - * @param len: length of rd buffer on input, used length on output. - * @return 0 on success, error on failure. - */ -int sldns_str2wire_class_buf(const char* str, uint8_t* rd, size_t* len); - -/** - * Convert rdf of type LDNS_RDF_TYPE_CERT_ALG from string to wireformat. - * @param str: the text to convert for this rdata element. - * @param rd: rdata buffer for the wireformat. - * @param len: length of rd buffer on input, used length on output. - * @return 0 on success, error on failure. - */ -int sldns_str2wire_cert_alg_buf(const char* str, uint8_t* rd, size_t* len); - -/** - * Convert rdf of type LDNS_RDF_TYPE_ALG from string to wireformat. - * @param str: the text to convert for this rdata element. - * @param rd: rdata buffer for the wireformat. - * @param len: length of rd buffer on input, used length on output. - * @return 0 on success, error on failure. - */ -int sldns_str2wire_alg_buf(const char* str, uint8_t* rd, size_t* len); - -/** - * Convert rdf of type LDNS_RDF_TYPE_TIME from string to wireformat. - * @param str: the text to convert for this rdata element. - * @param rd: rdata buffer for the wireformat. - * @param len: length of rd buffer on input, used length on output. - * @return 0 on success, error on failure. - */ -int sldns_str2wire_time_buf(const char* str, uint8_t* rd, size_t* len); - -/** - * Convert rdf of type LDNS_RDF_TYPE_PERIOD from string to wireformat. - * @param str: the text to convert for this rdata element. - * @param rd: rdata buffer for the wireformat. - * @param len: length of rd buffer on input, used length on output. - * @return 0 on success, error on failure. - */ -int sldns_str2wire_period_buf(const char* str, uint8_t* rd, size_t* len); - -/** - * Convert rdf of type LDNS_RDF_TYPE_LOC from string to wireformat. - * @param str: the text to convert for this rdata element. - * @param rd: rdata buffer for the wireformat. - * @param len: length of rd buffer on input, used length on output. - * @return 0 on success, error on failure. - */ -int sldns_str2wire_loc_buf(const char* str, uint8_t* rd, size_t* len); - -/** - * Convert rdf of type LDNS_RDF_TYPE_WKS from string to wireformat. - * @param str: the text to convert for this rdata element. - * @param rd: rdata buffer for the wireformat. - * @param len: length of rd buffer on input, used length on output. - * @return 0 on success, error on failure. - */ -int sldns_str2wire_wks_buf(const char* str, uint8_t* rd, size_t* len); - -/** - * Convert rdf of type LDNS_RDF_TYPE_NSAP from string to wireformat. - * @param str: the text to convert for this rdata element. - * @param rd: rdata buffer for the wireformat. - * @param len: length of rd buffer on input, used length on output. - * @return 0 on success, error on failure. - */ -int sldns_str2wire_nsap_buf(const char* str, uint8_t* rd, size_t* len); - -/** - * Convert rdf of type LDNS_RDF_TYPE_ATMA from string to wireformat. - * @param str: the text to convert for this rdata element. - * @param rd: rdata buffer for the wireformat. - * @param len: length of rd buffer on input, used length on output. - * @return 0 on success, error on failure. - */ -int sldns_str2wire_atma_buf(const char* str, uint8_t* rd, size_t* len); - -/** - * Convert rdf of type LDNS_RDF_TYPE_IPSECKEY from string to wireformat. - * @param str: the text to convert for this rdata element. - * @param rd: rdata buffer for the wireformat. - * @param len: length of rd buffer on input, used length on output. - * @return 0 on success, error on failure. - */ -int sldns_str2wire_ipseckey_buf(const char* str, uint8_t* rd, size_t* len); - -/** - * Convert rdf of type LDNS_RDF_TYPE_NSEC3_SALT from string to wireformat. - * @param str: the text to convert for this rdata element. - * @param rd: rdata buffer for the wireformat. - * @param len: length of rd buffer on input, used length on output. - * @return 0 on success, error on failure. - */ -int sldns_str2wire_nsec3_salt_buf(const char* str, uint8_t* rd, size_t* len); - -/** - * Convert rdf of type LDNS_RDF_TYPE_ILNP64 from string to wireformat. - * @param str: the text to convert for this rdata element. - * @param rd: rdata buffer for the wireformat. - * @param len: length of rd buffer on input, used length on output. - * @return 0 on success, error on failure. - */ -int sldns_str2wire_ilnp64_buf(const char* str, uint8_t* rd, size_t* len); - -/** - * Convert rdf of type LDNS_RDF_TYPE_EUI48 from string to wireformat. - * @param str: the text to convert for this rdata element. - * @param rd: rdata buffer for the wireformat. - * @param len: length of rd buffer on input, used length on output. - * @return 0 on success, error on failure. - */ -int sldns_str2wire_eui48_buf(const char* str, uint8_t* rd, size_t* len); - -/** - * Convert rdf of type LDNS_RDF_TYPE_EUI64 from string to wireformat. - * @param str: the text to convert for this rdata element. - * @param rd: rdata buffer for the wireformat. - * @param len: length of rd buffer on input, used length on output. - * @return 0 on success, error on failure. - */ -int sldns_str2wire_eui64_buf(const char* str, uint8_t* rd, size_t* len); - -/** - * Convert rdf of type LDNS_RDF_TYPE_TAG from string to wireformat. - * @param str: the text to convert for this rdata element. - * @param rd: rdata buffer for the wireformat. - * @param len: length of rd buffer on input, used length on output. - * @return 0 on success, error on failure. - */ -int sldns_str2wire_tag_buf(const char* str, uint8_t* rd, size_t* len); - -/** - * Convert rdf of type LDNS_RDF_TYPE_LONG_STR from string to wireformat. - * @param str: the text to convert for this rdata element. - * @param rd: rdata buffer for the wireformat. - * @param len: length of rd buffer on input, used length on output. - * @return 0 on success, error on failure. - */ -int sldns_str2wire_long_str_buf(const char* str, uint8_t* rd, size_t* len); - -/** - * Convert rdf of type LDNS_RDF_TYPE_HIP from string to wireformat. - * @param str: the text to convert for this rdata element. - * @param rd: rdata buffer for the wireformat. - * @param len: length of rd buffer on input, used length on output. - * @return 0 on success, error on failure. - */ -int sldns_str2wire_hip_buf(const char* str, uint8_t* rd, size_t* len); - -/** - * Convert rdf of type LDNS_RDF_TYPE_INT16_DATA from string to wireformat. - * @param str: the text to convert for this rdata element. - * @param rd: rdata buffer for the wireformat. - * @param len: length of rd buffer on input, used length on output. - * @return 0 on success, error on failure. - */ -int sldns_str2wire_int16_data_buf(const char* str, uint8_t* rd, size_t* len); - -#ifdef __cplusplus -} -#endif - -#endif /* LDNS_STR2WIRE_H */ diff --git a/external/unbound/sldns/wire2str.c b/external/unbound/sldns/wire2str.c deleted file mode 100644 index b2ca6192c..000000000 --- a/external/unbound/sldns/wire2str.c +++ /dev/null @@ -1,2006 +0,0 @@ -/* - * wire2str.c - * - * conversion routines from the wire format - * to the presentation format (strings) - * - * (c) NLnet Labs, 2004-2006 - * - * See the file LICENSE for the license - */ -/** - * \file - * - * Contains functions to translate the wireformat to text - * representation, as well as functions to print them. - */ -#include "config.h" -#include "sldns/wire2str.h" -#include "sldns/str2wire.h" -#include "sldns/rrdef.h" -#include "sldns/pkthdr.h" -#include "sldns/parseutil.h" -#include "sldns/sbuffer.h" -#include "sldns/keyraw.h" -#ifdef HAVE_TIME_H -#include -#endif -#include -#include -#include -#ifdef HAVE_NETDB_H -#include -#endif - -/* lookup tables for standard DNS stuff */ -/* Taken from RFC 2535, section 7. */ -static sldns_lookup_table sldns_algorithms_data[] = { - { LDNS_RSAMD5, "RSAMD5" }, - { LDNS_DH, "DH" }, - { LDNS_DSA, "DSA" }, - { LDNS_ECC, "ECC" }, - { LDNS_RSASHA1, "RSASHA1" }, - { LDNS_DSA_NSEC3, "DSA-NSEC3-SHA1" }, - { LDNS_RSASHA1_NSEC3, "RSASHA1-NSEC3-SHA1" }, - { LDNS_RSASHA256, "RSASHA256"}, - { LDNS_RSASHA512, "RSASHA512"}, - { LDNS_ECC_GOST, "ECC-GOST"}, - { LDNS_ECDSAP256SHA256, "ECDSAP256SHA256"}, - { LDNS_ECDSAP384SHA384, "ECDSAP384SHA384"}, - { LDNS_ED25519, "ED25519"}, - { LDNS_ED448, "ED448"}, - { LDNS_INDIRECT, "INDIRECT" }, - { LDNS_PRIVATEDNS, "PRIVATEDNS" }, - { LDNS_PRIVATEOID, "PRIVATEOID" }, - { 0, NULL } -}; -sldns_lookup_table* sldns_algorithms = sldns_algorithms_data; - -/* hash algorithms in DS record */ -static sldns_lookup_table sldns_hashes_data[] = { - { LDNS_SHA1, "SHA1" }, - { LDNS_SHA256, "SHA256" }, - { LDNS_HASH_GOST, "HASH-GOST" }, - { LDNS_SHA384, "SHA384" }, - { 0, NULL } -}; -sldns_lookup_table* sldns_hashes = sldns_hashes_data; - -/* Taken from RFC 4398 */ -static sldns_lookup_table sldns_cert_algorithms_data[] = { - { LDNS_CERT_PKIX, "PKIX" }, - { LDNS_CERT_SPKI, "SPKI" }, - { LDNS_CERT_PGP, "PGP" }, - { LDNS_CERT_IPKIX, "IPKIX" }, - { LDNS_CERT_ISPKI, "ISPKI" }, - { LDNS_CERT_IPGP, "IPGP" }, - { LDNS_CERT_ACPKIX, "ACPKIX" }, - { LDNS_CERT_IACPKIX, "IACPKIX" }, - { LDNS_CERT_URI, "URI" }, - { LDNS_CERT_OID, "OID" }, - { 0, NULL } -}; -sldns_lookup_table* sldns_cert_algorithms = sldns_cert_algorithms_data; - -/* if these are used elsewhere */ -static sldns_lookup_table sldns_rcodes_data[] = { - { LDNS_RCODE_NOERROR, "NOERROR" }, - { LDNS_RCODE_FORMERR, "FORMERR" }, - { LDNS_RCODE_SERVFAIL, "SERVFAIL" }, - { LDNS_RCODE_NXDOMAIN, "NXDOMAIN" }, - { LDNS_RCODE_NOTIMPL, "NOTIMPL" }, - { LDNS_RCODE_REFUSED, "REFUSED" }, - { LDNS_RCODE_YXDOMAIN, "YXDOMAIN" }, - { LDNS_RCODE_YXRRSET, "YXRRSET" }, - { LDNS_RCODE_NXRRSET, "NXRRSET" }, - { LDNS_RCODE_NOTAUTH, "NOTAUTH" }, - { LDNS_RCODE_NOTZONE, "NOTZONE" }, - { 0, NULL } -}; -sldns_lookup_table* sldns_rcodes = sldns_rcodes_data; - -static sldns_lookup_table sldns_opcodes_data[] = { - { LDNS_PACKET_QUERY, "QUERY" }, - { LDNS_PACKET_IQUERY, "IQUERY" }, - { LDNS_PACKET_STATUS, "STATUS" }, - { LDNS_PACKET_NOTIFY, "NOTIFY" }, - { LDNS_PACKET_UPDATE, "UPDATE" }, - { 0, NULL } -}; -sldns_lookup_table* sldns_opcodes = sldns_opcodes_data; - -static sldns_lookup_table sldns_wireparse_errors_data[] = { - { LDNS_WIREPARSE_ERR_OK, "no parse error" }, - { LDNS_WIREPARSE_ERR_GENERAL, "parse error" }, - { LDNS_WIREPARSE_ERR_DOMAINNAME_OVERFLOW, "Domainname length overflow" }, - { LDNS_WIREPARSE_ERR_DOMAINNAME_UNDERFLOW, "Domainname length underflow (zero length)" }, - { LDNS_WIREPARSE_ERR_BUFFER_TOO_SMALL, "buffer too small" }, - { LDNS_WIREPARSE_ERR_LABEL_OVERFLOW, "Label length overflow" }, - { LDNS_WIREPARSE_ERR_EMPTY_LABEL, "Empty label" }, - { LDNS_WIREPARSE_ERR_SYNTAX_BAD_ESCAPE, "Syntax error, bad escape sequence" }, - { LDNS_WIREPARSE_ERR_SYNTAX, "Syntax error, could not parse the RR" }, - { LDNS_WIREPARSE_ERR_SYNTAX_TTL, "Syntax error, could not parse the RR's TTL" }, - { LDNS_WIREPARSE_ERR_SYNTAX_TYPE, "Syntax error, could not parse the RR's type" }, - { LDNS_WIREPARSE_ERR_SYNTAX_CLASS, "Syntax error, could not parse the RR's class" }, - { LDNS_WIREPARSE_ERR_SYNTAX_RDATA, "Syntax error, could not parse the RR's rdata" }, - { LDNS_WIREPARSE_ERR_SYNTAX_MISSING_VALUE, "Syntax error, value expected" }, - { LDNS_WIREPARSE_ERR_INVALID_STR, "Conversion error, string expected" }, - { LDNS_WIREPARSE_ERR_SYNTAX_B64, "Conversion error, b64 encoding expected" }, - { LDNS_WIREPARSE_ERR_SYNTAX_B32_EXT, "Conversion error, b32 ext encoding expected" }, - { LDNS_WIREPARSE_ERR_SYNTAX_HEX, "Conversion error, hex encoding expected" }, - { LDNS_WIREPARSE_ERR_CERT_BAD_ALGORITHM, "Bad algorithm type for CERT record" }, - { LDNS_WIREPARSE_ERR_SYNTAX_TIME, "Conversion error, time encoding expected" }, - { LDNS_WIREPARSE_ERR_SYNTAX_PERIOD, "Conversion error, time period encoding expected" }, - { LDNS_WIREPARSE_ERR_SYNTAX_ILNP64, "Conversion error, 4 colon separated hex numbers expected" }, - { LDNS_WIREPARSE_ERR_SYNTAX_EUI48, - "Conversion error, 6 two character hex numbers " - "separated by dashes expected (i.e. xx-xx-xx-xx-xx-xx" }, - { LDNS_WIREPARSE_ERR_SYNTAX_EUI64, - "Conversion error, 8 two character hex numbers " - "separated by dashes expected (i.e. xx-xx-xx-xx-xx-xx-xx-xx" }, - { LDNS_WIREPARSE_ERR_SYNTAX_TAG, - "Conversion error, a non-zero sequence of US-ASCII letters " - "and numbers in lower case expected" }, - { LDNS_WIREPARSE_ERR_NOT_IMPL, "not implemented" }, - { LDNS_WIREPARSE_ERR_SYNTAX_INT, "Conversion error, integer expected" }, - { LDNS_WIREPARSE_ERR_SYNTAX_IP4, "Conversion error, ip4 addr expected" }, - { LDNS_WIREPARSE_ERR_SYNTAX_IP6, "Conversion error, ip6 addr expected" }, - { LDNS_WIREPARSE_ERR_SYNTAX_INTEGER_OVERFLOW, "Syntax error, integer overflow" }, - { LDNS_WIREPARSE_ERR_INCLUDE, "$INCLUDE directive was seen in the zone" }, - { LDNS_WIREPARSE_ERR_PARENTHESIS, "Parse error, parenthesis mismatch" }, - { 0, NULL } -}; -sldns_lookup_table* sldns_wireparse_errors = sldns_wireparse_errors_data; - -static sldns_lookup_table sldns_edns_flags_data[] = { - { 3600, "do"}, - { 0, NULL} -}; -sldns_lookup_table* sldns_edns_flags = sldns_edns_flags_data; - -static sldns_lookup_table sldns_edns_options_data[] = { - { 1, "LLQ" }, - { 2, "UL" }, - { 3, "NSID" }, - /* 4 draft-cheshire-edns0-owner-option */ - { 5, "DAU" }, - { 6, "DHU" }, - { 7, "N3U" }, - { 8, "edns-client-subnet" }, - { 11, "edns-tcp-keepalive"}, - { 12, "Padding" }, - { 0, NULL} -}; -sldns_lookup_table* sldns_edns_options = sldns_edns_options_data; - -char* sldns_wire2str_pkt(uint8_t* data, size_t len) -{ - size_t slen = (size_t)sldns_wire2str_pkt_buf(data, len, NULL, 0); - char* result = (char*)malloc(slen+1); - if(!result) return NULL; - sldns_wire2str_pkt_buf(data, len, result, slen+1); - return result; -} - -char* sldns_wire2str_rr(uint8_t* rr, size_t len) -{ - size_t slen = (size_t)sldns_wire2str_rr_buf(rr, len, NULL, 0); - char* result = (char*)malloc(slen+1); - if(!result) return NULL; - sldns_wire2str_rr_buf(rr, len, result, slen+1); - return result; -} - -char* sldns_wire2str_type(uint16_t rrtype) -{ - char buf[16]; - sldns_wire2str_type_buf(rrtype, buf, sizeof(buf)); - return strdup(buf); -} - -char* sldns_wire2str_class(uint16_t rrclass) -{ - char buf[16]; - sldns_wire2str_class_buf(rrclass, buf, sizeof(buf)); - return strdup(buf); -} - -char* sldns_wire2str_dname(uint8_t* dname, size_t dname_len) -{ - size_t slen=(size_t)sldns_wire2str_dname_buf(dname, dname_len, NULL, 0); - char* result = (char*)malloc(slen+1); - if(!result) return NULL; - sldns_wire2str_dname_buf(dname, dname_len, result, slen+1); - return result; -} - -char* sldns_wire2str_rcode(int rcode) -{ - char buf[16]; - sldns_wire2str_rcode_buf(rcode, buf, sizeof(buf)); - return strdup(buf); -} - -int sldns_wire2str_pkt_buf(uint8_t* d, size_t dlen, char* s, size_t slen) -{ - /* use arguments as temporary variables */ - return sldns_wire2str_pkt_scan(&d, &dlen, &s, &slen); -} - -int sldns_wire2str_rr_buf(uint8_t* d, size_t dlen, char* s, size_t slen) -{ - /* use arguments as temporary variables */ - return sldns_wire2str_rr_scan(&d, &dlen, &s, &slen, NULL, 0); -} - -int sldns_wire2str_rdata_buf(uint8_t* rdata, size_t rdata_len, char* str, - size_t str_len, uint16_t rrtype) -{ - /* use arguments as temporary variables */ - return sldns_wire2str_rdata_scan(&rdata, &rdata_len, &str, &str_len, - rrtype, NULL, 0); -} - -int sldns_wire2str_rr_unknown_buf(uint8_t* d, size_t dlen, char* s, size_t slen) -{ - /* use arguments as temporary variables */ - return sldns_wire2str_rr_unknown_scan(&d, &dlen, &s, &slen, NULL, 0); -} - -int sldns_wire2str_rr_comment_buf(uint8_t* rr, size_t rrlen, size_t dname_len, - char* s, size_t slen) -{ - uint16_t rrtype = sldns_wirerr_get_type(rr, rrlen, dname_len); - return sldns_wire2str_rr_comment_print(&s, &slen, rr, rrlen, dname_len, - rrtype); -} - -int sldns_wire2str_type_buf(uint16_t rrtype, char* s, size_t slen) -{ - /* use arguments as temporary variables */ - return sldns_wire2str_type_print(&s, &slen, rrtype); -} - -int sldns_wire2str_class_buf(uint16_t rrclass, char* s, size_t slen) -{ - /* use arguments as temporary variables */ - return sldns_wire2str_class_print(&s, &slen, rrclass); -} - -int sldns_wire2str_rcode_buf(int rcode, char* s, size_t slen) -{ - /* use arguments as temporary variables */ - return sldns_wire2str_rcode_print(&s, &slen, rcode); -} - -int sldns_wire2str_opcode_buf(int opcode, char* s, size_t slen) -{ - /* use arguments as temporary variables */ - return sldns_wire2str_opcode_print(&s, &slen, opcode); -} - -int sldns_wire2str_dname_buf(uint8_t* d, size_t dlen, char* s, size_t slen) -{ - /* use arguments as temporary variables */ - return sldns_wire2str_dname_scan(&d, &dlen, &s, &slen, NULL, 0); -} - -int sldns_str_vprint(char** str, size_t* slen, const char* format, va_list args) -{ - int w = vsnprintf(*str, *slen, format, args); - if(w < 0) { - /* error in printout */ - return 0; - } else if((size_t)w >= *slen) { - *str = NULL; /* we do not want str to point outside of buffer*/ - *slen = 0; - } else { - *str += w; - *slen -= w; - } - return w; -} - -int sldns_str_print(char** str, size_t* slen, const char* format, ...) -{ - int w; - va_list args; - va_start(args, format); - w = sldns_str_vprint(str, slen, format, args); - va_end(args); - return w; -} - -/** print hex format into text buffer for specified length */ -static int print_hex_buf(char** s, size_t* slen, uint8_t* buf, size_t len) -{ - const char* hex = "0123456789ABCDEF"; - size_t i; - for(i=0; i>4], - hex[buf[i]&0x0f]); - } - return (int)len*2; -} - -/** print remainder of buffer in hex format with prefixed text */ -static int print_remainder_hex(const char* pref, uint8_t** d, size_t* dlen, - char** s, size_t* slen) -{ - int w = 0; - w += sldns_str_print(s, slen, "%s", pref); - w += print_hex_buf(s, slen, *d, *dlen); - *d += *dlen; - *dlen = 0; - return w; -} - -int sldns_wire2str_pkt_scan(uint8_t** d, size_t* dlen, char** s, size_t* slen) -{ - int w = 0; - unsigned qdcount, ancount, nscount, arcount, i; - uint8_t* pkt = *d; - size_t pktlen = *dlen; - if(*dlen >= LDNS_HEADER_SIZE) { - qdcount = (unsigned)LDNS_QDCOUNT(*d); - ancount = (unsigned)LDNS_ANCOUNT(*d); - nscount = (unsigned)LDNS_NSCOUNT(*d); - arcount = (unsigned)LDNS_ARCOUNT(*d); - } else { - qdcount = ancount = nscount = arcount = 0; - } - w += sldns_wire2str_header_scan(d, dlen, s, slen); - w += sldns_str_print(s, slen, "\n"); - w += sldns_str_print(s, slen, ";; QUESTION SECTION:\n"); - for(i=0; i 0) { - w += print_remainder_hex(";; trailing garbage 0x", - d, dlen, s, slen); - w += sldns_str_print(s, slen, "\n"); - } - return w; -} - -/** scan type, class and ttl and printout, for rr */ -static int sldns_rr_tcttl_scan(uint8_t** d, size_t* dl, char** s, size_t* sl) -{ - int w = 0; - uint16_t t, c; - uint32_t ttl; - if(*dl < 8) { - if(*dl < 4) - return w + print_remainder_hex("; Error malformed 0x", - d, dl, s, sl); - /* these print values or 0x.. if none left */ - t = sldns_read_uint16(*d); - c = sldns_read_uint16((*d)+2); - (*d)+=4; - (*dl)-=4; - w += sldns_wire2str_class_print(s, sl, c); - w += sldns_str_print(s, sl, "\t"); - w += sldns_wire2str_type_print(s, sl, t); - if(*dl == 0) - return w + sldns_str_print(s, sl, "; Error no ttl"); - return w + print_remainder_hex( - "; Error malformed ttl 0x", d, dl, s, sl); - } - t = sldns_read_uint16(*d); - c = sldns_read_uint16((*d)+2); - ttl = sldns_read_uint32((*d)+4); - (*d)+=8; - (*dl)-=8; - w += sldns_str_print(s, sl, "%lu\t", (unsigned long)ttl); - w += sldns_wire2str_class_print(s, sl, c); - w += sldns_str_print(s, sl, "\t"); - w += sldns_wire2str_type_print(s, sl, t); - return w; -} - -int sldns_wire2str_rr_scan(uint8_t** d, size_t* dlen, char** s, size_t* slen, - uint8_t* pkt, size_t pktlen) -{ - int w = 0; - uint8_t* rr = *d; - size_t rrlen = *dlen, dname_off, rdlen, ordlen; - uint16_t rrtype = 0; - - if(*dlen >= 3 && (*d)[0]==0 && - sldns_read_uint16((*d)+1)==LDNS_RR_TYPE_OPT) { - /* perform EDNS OPT processing */ - return sldns_wire2str_edns_scan(d, dlen, s, slen, pkt, pktlen); - } - - /* try to scan the rdata with pretty-printing, but if that fails, then - * scan the rdata as an unknown RR type */ - w += sldns_wire2str_dname_scan(d, dlen, s, slen, pkt, pktlen); - w += sldns_str_print(s, slen, "\t"); - dname_off = rrlen-(*dlen); - if(*dlen == 4) { - /* like a question-RR */ - uint16_t t = sldns_read_uint16(*d); - uint16_t c = sldns_read_uint16((*d)+2); - (*d)+=4; - (*dlen)-=4; - w += sldns_wire2str_class_print(s, slen, c); - w += sldns_str_print(s, slen, "\t"); - w += sldns_wire2str_type_print(s, slen, t); - w += sldns_str_print(s, slen, " ; Error no ttl,rdata\n"); - return w; - } - if(*dlen < 8) { - if(*dlen == 0) - return w + sldns_str_print(s, slen, ";Error missing RR\n"); - w += print_remainder_hex(";Error partial RR 0x", d, dlen, s, slen); - return w + sldns_str_print(s, slen, "\n"); - } - rrtype = sldns_read_uint16(*d); - w += sldns_rr_tcttl_scan(d, dlen, s, slen); - w += sldns_str_print(s, slen, "\t"); - - /* rdata */ - if(*dlen < 2) { - if(*dlen == 0) - return w + sldns_str_print(s, slen, ";Error missing rdatalen\n"); - w += print_remainder_hex(";Error missing rdatalen 0x", - d, dlen, s, slen); - return w + sldns_str_print(s, slen, "\n"); - } - rdlen = sldns_read_uint16(*d); - ordlen = rdlen; - (*d)+=2; - (*dlen)-=2; - if(*dlen < rdlen) { - w += sldns_str_print(s, slen, "\\# %u ", (unsigned)rdlen); - if(*dlen == 0) - return w + sldns_str_print(s, slen, ";Error missing rdata\n"); - w += print_remainder_hex(";Error partial rdata 0x", d, dlen, s, slen); - return w + sldns_str_print(s, slen, "\n"); - } - w += sldns_wire2str_rdata_scan(d, &rdlen, s, slen, rrtype, pkt, pktlen); - (*dlen) -= (ordlen-rdlen); - - /* default comment */ - w += sldns_wire2str_rr_comment_print(s, slen, rr, rrlen, dname_off, - rrtype); - w += sldns_str_print(s, slen, "\n"); - return w; -} - -int sldns_wire2str_rrquestion_scan(uint8_t** d, size_t* dlen, char** s, - size_t* slen, uint8_t* pkt, size_t pktlen) -{ - int w = 0; - uint16_t t, c; - w += sldns_wire2str_dname_scan(d, dlen, s, slen, pkt, pktlen); - w += sldns_str_print(s, slen, "\t"); - if(*dlen < 4) { - if(*dlen == 0) - return w + sldns_str_print(s, slen, "Error malformed\n"); - w += print_remainder_hex("Error malformed 0x", d, dlen, s, slen); - return w + sldns_str_print(s, slen, "\n"); - } - t = sldns_read_uint16(*d); - c = sldns_read_uint16((*d)+2); - (*d)+=4; - (*dlen)-=4; - w += sldns_wire2str_class_print(s, slen, c); - w += sldns_str_print(s, slen, "\t"); - w += sldns_wire2str_type_print(s, slen, t); - w += sldns_str_print(s, slen, "\n"); - return w; -} - -int sldns_wire2str_rr_unknown_scan(uint8_t** d, size_t* dlen, char** s, - size_t* slen, uint8_t* pkt, size_t pktlen) -{ - size_t rdlen, ordlen; - int w = 0; - w += sldns_wire2str_dname_scan(d, dlen, s, slen, pkt, pktlen); - w += sldns_str_print(s, slen, "\t"); - w += sldns_rr_tcttl_scan(d, dlen, s, slen); - w += sldns_str_print(s, slen, "\t"); - if(*dlen < 2) { - if(*dlen == 0) - return w + sldns_str_print(s, slen, ";Error missing rdatalen\n"); - w += print_remainder_hex(";Error missing rdatalen 0x", - d, dlen, s, slen); - return w + sldns_str_print(s, slen, "\n"); - } - rdlen = sldns_read_uint16(*d); - ordlen = rdlen; - (*d) += 2; - (*dlen) -= 2; - if(*dlen < rdlen) { - w += sldns_str_print(s, slen, "\\# %u ", (unsigned)rdlen); - if(*dlen == 0) - return w + sldns_str_print(s, slen, ";Error missing rdata\n"); - w += print_remainder_hex(";Error partial rdata 0x", d, dlen, s, slen); - return w + sldns_str_print(s, slen, "\n"); - } - w += sldns_wire2str_rdata_unknown_scan(d, &rdlen, s, slen); - (*dlen) -= (ordlen-rdlen); - w += sldns_str_print(s, slen, "\n"); - return w; -} - -/** print rr comment for type DNSKEY */ -static int rr_comment_dnskey(char** s, size_t* slen, uint8_t* rr, - size_t rrlen, size_t dname_off) -{ - size_t rdlen; - uint8_t* rdata; - int flags, w = 0; - if(rrlen < dname_off + 10) return 0; - rdlen = sldns_read_uint16(rr+dname_off+8); - if(rrlen < dname_off + 10 + rdlen) return 0; - rdata = rr + dname_off + 10; - flags = (int)sldns_read_uint16(rdata); - w += sldns_str_print(s, slen, " ;{"); - - /* id */ - w += sldns_str_print(s, slen, "id = %u", - sldns_calc_keytag_raw(rdata, rdlen)); - - /* flags */ - if((flags&LDNS_KEY_ZONE_KEY)) { - if((flags&LDNS_KEY_SEP_KEY)) - w += sldns_str_print(s, slen, " (ksk)"); - else w += sldns_str_print(s, slen, " (zsk)"); - } - - /* keysize */ - if(rdlen > 4) { - w += sldns_str_print(s, slen, ", "); - w += sldns_str_print(s, slen, "size = %db", - (int)sldns_rr_dnskey_key_size_raw( - (unsigned char*)rdata+4, rdlen-4, (int)(rdata[3]))); - } - - w += sldns_str_print(s, slen, "}"); - return w; -} - -/** print rr comment for type RRSIG */ -static int rr_comment_rrsig(char** s, size_t* slen, uint8_t* rr, - size_t rrlen, size_t dname_off) -{ - size_t rdlen; - uint8_t* rdata; - if(rrlen < dname_off + 10) return 0; - rdlen = sldns_read_uint16(rr+dname_off+8); - if(rrlen < dname_off + 10 + rdlen) return 0; - rdata = rr + dname_off + 10; - if(rdlen < 18) return 0; - return sldns_str_print(s, slen, " ;{id = %d}", - (int)sldns_read_uint16(rdata+16)); -} - -/** print rr comment for type NSEC3 */ -static int rr_comment_nsec3(char** s, size_t* slen, uint8_t* rr, - size_t rrlen, size_t dname_off) -{ - size_t rdlen; - uint8_t* rdata; - int w = 0; - if(rrlen < dname_off + 10) return 0; - rdlen = sldns_read_uint16(rr+dname_off+8); - if(rrlen < dname_off + 10 + rdlen) return 0; - rdata = rr + dname_off + 10; - if(rdlen < 2) return 0; - if((rdata[1] & LDNS_NSEC3_VARS_OPTOUT_MASK)) - w += sldns_str_print(s, slen, " ;{flags: optout}"); - return w; -} - -int sldns_wire2str_rr_comment_print(char** s, size_t* slen, uint8_t* rr, - size_t rrlen, size_t dname_off, uint16_t rrtype) -{ - if(rrtype == LDNS_RR_TYPE_DNSKEY) { - return rr_comment_dnskey(s, slen, rr, rrlen, dname_off); - } else if(rrtype == LDNS_RR_TYPE_RRSIG) { - return rr_comment_rrsig(s, slen, rr, rrlen, dname_off); - } else if(rrtype == LDNS_RR_TYPE_NSEC3) { - return rr_comment_nsec3(s, slen, rr, rrlen, dname_off); - } - return 0; -} - -int sldns_wire2str_header_scan(uint8_t** d, size_t* dlen, char** s, - size_t* slen) -{ - int w = 0; - int opcode, rcode; - w += sldns_str_print(s, slen, ";; ->>HEADER<<- "); - if(*dlen == 0) - return w+sldns_str_print(s, slen, "Error empty packet"); - if(*dlen < 4) - return w+print_remainder_hex("Error header too short 0x", d, dlen, s, slen); - opcode = (int)LDNS_OPCODE_WIRE(*d); - rcode = (int)LDNS_RCODE_WIRE(*d); - w += sldns_str_print(s, slen, "opcode: "); - w += sldns_wire2str_opcode_print(s, slen, opcode); - w += sldns_str_print(s, slen, ", "); - w += sldns_str_print(s, slen, "rcode: "); - w += sldns_wire2str_rcode_print(s, slen, rcode); - w += sldns_str_print(s, slen, ", "); - w += sldns_str_print(s, slen, "id: %d\n", (int)LDNS_ID_WIRE(*d)); - w += sldns_str_print(s, slen, ";; flags:"); - if(LDNS_QR_WIRE(*d)) w += sldns_str_print(s, slen, " qr"); - if(LDNS_AA_WIRE(*d)) w += sldns_str_print(s, slen, " aa"); - if(LDNS_TC_WIRE(*d)) w += sldns_str_print(s, slen, " tc"); - if(LDNS_RD_WIRE(*d)) w += sldns_str_print(s, slen, " rd"); - if(LDNS_CD_WIRE(*d)) w += sldns_str_print(s, slen, " cd"); - if(LDNS_RA_WIRE(*d)) w += sldns_str_print(s, slen, " ra"); - if(LDNS_AD_WIRE(*d)) w += sldns_str_print(s, slen, " ad"); - if(LDNS_Z_WIRE(*d)) w += sldns_str_print(s, slen, " z"); - w += sldns_str_print(s, slen, " ; "); - if(*dlen < LDNS_HEADER_SIZE) - return w+print_remainder_hex("Error header too short 0x", d, dlen, s, slen); - w += sldns_str_print(s, slen, "QUERY: %d, ", (int)LDNS_QDCOUNT(*d)); - w += sldns_str_print(s, slen, "ANSWER: %d, ", (int)LDNS_ANCOUNT(*d)); - w += sldns_str_print(s, slen, "AUTHORITY: %d, ", (int)LDNS_NSCOUNT(*d)); - w += sldns_str_print(s, slen, "ADDITIONAL: %d ", (int)LDNS_ARCOUNT(*d)); - *d += LDNS_HEADER_SIZE; - *dlen -= LDNS_HEADER_SIZE; - return w; -} - -int sldns_wire2str_rdata_scan(uint8_t** d, size_t* dlen, char** s, - size_t* slen, uint16_t rrtype, uint8_t* pkt, size_t pktlen) -{ - /* try to prettyprint, but if that fails, use unknown format */ - uint8_t* origd = *d; - char* origs = *s; - size_t origdlen = *dlen, origslen = *slen; - size_t r_cnt, r_max; - sldns_rdf_type rdftype; - int w = 0, n; - - const sldns_rr_descriptor *desc = sldns_rr_descript(rrtype); - if(!desc) /* unknown format */ - return sldns_wire2str_rdata_unknown_scan(d, dlen, s, slen); - /* dlen equals the rdatalen for the rdata */ - - r_max = sldns_rr_descriptor_maximum(desc); - for(r_cnt=0; r_cnt < r_max; r_cnt++) { - if(*dlen == 0) { - if(r_cnt < sldns_rr_descriptor_minimum(desc)) - goto failed; - break; /* nothing more to print */ - } - rdftype = sldns_rr_descriptor_field_type(desc, r_cnt); - if(r_cnt != 0) - w += sldns_str_print(s, slen, " "); - n = sldns_wire2str_rdf_scan(d, dlen, s, slen, rdftype, - pkt, pktlen); - if(n == -1) { - failed: - /* failed, use unknown format */ - *d = origd; *s = origs; - *dlen = origdlen; *slen = origslen; - return sldns_wire2str_rdata_unknown_scan(d, dlen, - s, slen); - } - w += n; - } - if(*dlen != 0) { - goto failed; - } - return w; -} - -int sldns_wire2str_rdata_unknown_scan(uint8_t** d, size_t* dlen, char** s, - size_t* slen) -{ - int w = 0; - - /* print length */ - w += sldns_str_print(s, slen, "\\# %u", (unsigned)*dlen); - - /* print rdlen in hex */ - if(*dlen != 0) - w += sldns_str_print(s, slen, " "); - w += print_hex_buf(s, slen, *d, *dlen); - (*d) += *dlen; - (*dlen) = 0; - return w; -} - -/** print and escape one character for a domain dname */ -static int dname_char_print(char** s, size_t* slen, uint8_t c) -{ - if(c == '.' || c == ';' || c == '(' || c == ')' || c == '\\') - return sldns_str_print(s, slen, "\\%c", c); - else if(!(isascii((unsigned char)c) && isgraph((unsigned char)c))) - return sldns_str_print(s, slen, "\\%03u", (unsigned)c); - /* plain printout */ - if(*slen) { - **s = (char)c; - (*s)++; - (*slen)--; - } - return 1; -} - -int sldns_wire2str_dname_scan(uint8_t** d, size_t* dlen, char** s, size_t* slen, - uint8_t* pkt, size_t pktlen) -{ - int w = 0; - /* spool labels onto the string, use compression if its there */ - uint8_t* pos = *d; - unsigned i, counter=0; - const unsigned maxcompr = 1000; /* loop detection, max compr ptrs */ - int in_buf = 1; - if(*dlen == 0) return sldns_str_print(s, slen, "ErrorMissingDname"); - if(*pos == 0) { - (*d)++; - (*dlen)--; - return sldns_str_print(s, slen, "."); - } - while(*pos) { - /* read label length */ - uint8_t labellen = *pos++; - if(in_buf) { (*d)++; (*dlen)--; } - - /* find out what sort of label we have */ - if((labellen&0xc0) == 0xc0) { - /* compressed */ - uint16_t target = 0; - if(in_buf && *dlen == 0) - return w + sldns_str_print(s, slen, - "ErrorPartialDname"); - else if(!in_buf && pos+1 > pkt+pktlen) - return w + sldns_str_print(s, slen, - "ErrorPartialDname"); - target = ((labellen&0x3f)<<8) | *pos; - if(in_buf) { (*d)++; (*dlen)--; } - /* move to target, if possible */ - if(!pkt || target >= pktlen) - return w + sldns_str_print(s, slen, - "ErrorComprPtrOutOfBounds"); - if(counter++ > maxcompr) - return w + sldns_str_print(s, slen, - "ErrorComprPtrLooped"); - in_buf = 0; - pos = pkt+target; - continue; - } else if((labellen&0xc0)) { - /* notimpl label type */ - w += sldns_str_print(s, slen, - "ErrorLABELTYPE%xIsUnknown", - (int)(labellen&0xc0)); - return w; - } - - /* spool label characters, end with '.' */ - if(in_buf && *dlen < (size_t)labellen) - labellen = (uint8_t)*dlen; - else if(!in_buf && pos+(size_t)labellen > pkt+pktlen) - labellen = (uint8_t)(pkt + pktlen - pos); - for(i=0; i<(unsigned)labellen; i++) { - w += dname_char_print(s, slen, *pos++); - } - if(in_buf) { - (*d) += labellen; - (*dlen) -= labellen; - if(*dlen == 0) break; - } - w += sldns_str_print(s, slen, "."); - } - /* skip over final root label */ - if(in_buf && *dlen > 0) { (*d)++; (*dlen)--; } - /* in case we printed no labels, terminate dname */ - if(w == 0) w += sldns_str_print(s, slen, "."); - return w; -} - -int sldns_wire2str_opcode_print(char** s, size_t* slen, int opcode) -{ - sldns_lookup_table *lt = sldns_lookup_by_id(sldns_opcodes, opcode); - if (lt && lt->name) { - return sldns_str_print(s, slen, "%s", lt->name); - } - return sldns_str_print(s, slen, "OPCODE%u", (unsigned)opcode); -} - -int sldns_wire2str_rcode_print(char** s, size_t* slen, int rcode) -{ - sldns_lookup_table *lt = sldns_lookup_by_id(sldns_rcodes, rcode); - if (lt && lt->name) { - return sldns_str_print(s, slen, "%s", lt->name); - } - return sldns_str_print(s, slen, "RCODE%u", (unsigned)rcode); -} - -int sldns_wire2str_class_print(char** s, size_t* slen, uint16_t rrclass) -{ - sldns_lookup_table *lt = sldns_lookup_by_id(sldns_rr_classes, - (int)rrclass); - if (lt && lt->name) { - return sldns_str_print(s, slen, "%s", lt->name); - } - return sldns_str_print(s, slen, "CLASS%u", (unsigned)rrclass); -} - -int sldns_wire2str_type_print(char** s, size_t* slen, uint16_t rrtype) -{ - const sldns_rr_descriptor *descriptor = sldns_rr_descript(rrtype); - if (descriptor && descriptor->_name) { - return sldns_str_print(s, slen, "%s", descriptor->_name); - } - return sldns_str_print(s, slen, "TYPE%u", (unsigned)rrtype); -} - -int sldns_wire2str_edns_option_code_print(char** s, size_t* slen, - uint16_t opcode) -{ - sldns_lookup_table *lt = sldns_lookup_by_id(sldns_edns_options, - (int)opcode); - if (lt && lt->name) { - return sldns_str_print(s, slen, "%s", lt->name); - } - return sldns_str_print(s, slen, "OPT%u", (unsigned)opcode); -} - -int sldns_wire2str_class_scan(uint8_t** d, size_t* dlen, char** s, size_t* slen) -{ - uint16_t c; - if(*dlen == 0) return 0; - if(*dlen < 2) return print_remainder_hex("Error malformed 0x", d, dlen, s, slen); - c = sldns_read_uint16(*d); - (*d)+=2; - (*dlen)-=2; - return sldns_wire2str_class_print(s, slen, c); -} - -int sldns_wire2str_type_scan(uint8_t** d, size_t* dlen, char** s, size_t* slen) -{ - uint16_t t; - if(*dlen == 0) return 0; - if(*dlen < 2) return print_remainder_hex("Error malformed 0x", d, dlen, s, slen); - t = sldns_read_uint16(*d); - (*d)+=2; - (*dlen)-=2; - return sldns_wire2str_type_print(s, slen, t); -} - -int sldns_wire2str_ttl_scan(uint8_t** d, size_t* dlen, char** s, size_t* slen) -{ - uint32_t ttl; - if(*dlen == 0) return 0; - if(*dlen < 4) return print_remainder_hex("Error malformed 0x", d, dlen, s, slen); - ttl = sldns_read_uint32(*d); - (*d)+=4; - (*dlen)-=4; - return sldns_str_print(s, slen, "%u", (unsigned)ttl); -} - -int sldns_wire2str_rdf_scan(uint8_t** d, size_t* dlen, char** s, size_t* slen, - int rdftype, uint8_t* pkt, size_t pktlen) -{ - if(*dlen == 0) return 0; - switch(rdftype) { - case LDNS_RDF_TYPE_NONE: - return 0; - case LDNS_RDF_TYPE_DNAME: - return sldns_wire2str_dname_scan(d, dlen, s, slen, pkt, pktlen); - case LDNS_RDF_TYPE_INT8: - return sldns_wire2str_int8_scan(d, dlen, s, slen); - case LDNS_RDF_TYPE_INT16: - return sldns_wire2str_int16_scan(d, dlen, s, slen); - case LDNS_RDF_TYPE_INT32: - return sldns_wire2str_int32_scan(d, dlen, s, slen); - case LDNS_RDF_TYPE_PERIOD: - return sldns_wire2str_period_scan(d, dlen, s, slen); - case LDNS_RDF_TYPE_TSIGTIME: - return sldns_wire2str_tsigtime_scan(d, dlen, s, slen); - case LDNS_RDF_TYPE_A: - return sldns_wire2str_a_scan(d, dlen, s, slen); - case LDNS_RDF_TYPE_AAAA: - return sldns_wire2str_aaaa_scan(d, dlen, s, slen); - case LDNS_RDF_TYPE_STR: - return sldns_wire2str_str_scan(d, dlen, s, slen); - case LDNS_RDF_TYPE_APL: - return sldns_wire2str_apl_scan(d, dlen, s, slen); - case LDNS_RDF_TYPE_B32_EXT: - return sldns_wire2str_b32_ext_scan(d, dlen, s, slen); - case LDNS_RDF_TYPE_B64: - return sldns_wire2str_b64_scan(d, dlen, s, slen); - case LDNS_RDF_TYPE_HEX: - return sldns_wire2str_hex_scan(d, dlen, s, slen); - case LDNS_RDF_TYPE_NSEC: - return sldns_wire2str_nsec_scan(d, dlen, s, slen); - case LDNS_RDF_TYPE_NSEC3_SALT: - return sldns_wire2str_nsec3_salt_scan(d, dlen, s, slen); - case LDNS_RDF_TYPE_TYPE: - return sldns_wire2str_type_scan(d, dlen, s, slen); - case LDNS_RDF_TYPE_CLASS: - return sldns_wire2str_class_scan(d, dlen, s, slen); - case LDNS_RDF_TYPE_CERT_ALG: - return sldns_wire2str_cert_alg_scan(d, dlen, s, slen); - case LDNS_RDF_TYPE_ALG: - return sldns_wire2str_alg_scan(d, dlen, s, slen); - case LDNS_RDF_TYPE_UNKNOWN: - return sldns_wire2str_unknown_scan(d, dlen, s, slen); - case LDNS_RDF_TYPE_TIME: - return sldns_wire2str_time_scan(d, dlen, s, slen); - case LDNS_RDF_TYPE_LOC: - return sldns_wire2str_loc_scan(d, dlen, s, slen); - case LDNS_RDF_TYPE_WKS: - case LDNS_RDF_TYPE_SERVICE: - return sldns_wire2str_wks_scan(d, dlen, s, slen); - case LDNS_RDF_TYPE_NSAP: - return sldns_wire2str_nsap_scan(d, dlen, s, slen); - case LDNS_RDF_TYPE_ATMA: - return sldns_wire2str_atma_scan(d, dlen, s, slen); - case LDNS_RDF_TYPE_IPSECKEY: - return sldns_wire2str_ipseckey_scan(d, dlen, s, slen, pkt, - pktlen); - case LDNS_RDF_TYPE_HIP: - return sldns_wire2str_hip_scan(d, dlen, s, slen); - case LDNS_RDF_TYPE_INT16_DATA: - return sldns_wire2str_int16_data_scan(d, dlen, s, slen); - case LDNS_RDF_TYPE_NSEC3_NEXT_OWNER: - return sldns_wire2str_b32_ext_scan(d, dlen, s, slen); - case LDNS_RDF_TYPE_ILNP64: - return sldns_wire2str_ilnp64_scan(d, dlen, s, slen); - case LDNS_RDF_TYPE_EUI48: - return sldns_wire2str_eui48_scan(d, dlen, s, slen); - case LDNS_RDF_TYPE_EUI64: - return sldns_wire2str_eui64_scan(d, dlen, s, slen); - case LDNS_RDF_TYPE_TAG: - return sldns_wire2str_tag_scan(d, dlen, s, slen); - case LDNS_RDF_TYPE_LONG_STR: - return sldns_wire2str_long_str_scan(d, dlen, s, slen); - } - /* unknown rdf type */ - return -1; -} - -int sldns_wire2str_int8_scan(uint8_t** d, size_t* dl, char** s, size_t* sl) -{ - int w; - if(*dl < 1) return -1; - w = sldns_str_print(s, sl, "%u", (unsigned)**d); - (*d)++; - (*dl)--; - return w; -} - -int sldns_wire2str_int16_scan(uint8_t** d, size_t* dl, char** s, size_t* sl) -{ - int w; - if(*dl < 2) return -1; - w = sldns_str_print(s, sl, "%lu", (unsigned long)sldns_read_uint16(*d)); - (*d)+=2; - (*dl)-=2; - return w; -} - -int sldns_wire2str_int32_scan(uint8_t** d, size_t* dl, char** s, size_t* sl) -{ - int w; - if(*dl < 4) return -1; - w = sldns_str_print(s, sl, "%lu", (unsigned long)sldns_read_uint32(*d)); - (*d)+=4; - (*dl)-=4; - return w; -} - -int sldns_wire2str_period_scan(uint8_t** d, size_t* dl, char** s, size_t* sl) -{ - int w; - if(*dl < 4) return -1; - w = sldns_str_print(s, sl, "%u", (unsigned)sldns_read_uint32(*d)); - (*d)+=4; - (*dl)-=4; - return w; -} - -int sldns_wire2str_tsigtime_scan(uint8_t** d, size_t* dl, char** s, size_t* sl) -{ - /* tsigtime is 48 bits network order unsigned integer */ - int w; - uint64_t tsigtime = 0; - uint64_t d0, d1, d2, d3, d4, d5; - if(*dl < 6) return -1; - d0 = (*d)[0]; /* cast to uint64 for shift operations */ - d1 = (*d)[1]; - d2 = (*d)[2]; - d3 = (*d)[3]; - d4 = (*d)[4]; - d5 = (*d)[5]; - tsigtime = (d0<<40) | (d1<<32) | (d2<<24) | (d3<<16) | (d4<<8) | d5; -#ifndef USE_WINSOCK - w = sldns_str_print(s, sl, "%llu", (long long)tsigtime); -#else - w = sldns_str_print(s, sl, "%I64u", (long long)tsigtime); -#endif - (*d)+=6; - (*dl)-=6; - return w; -} - -int sldns_wire2str_a_scan(uint8_t** d, size_t* dl, char** s, size_t* sl) -{ - char buf[32]; - int w; - if(*dl < 4) return -1; - if(!inet_ntop(AF_INET, *d, buf, (socklen_t)sizeof(buf))) - return -1; - w = sldns_str_print(s, sl, "%s", buf); - (*d)+=4; - (*dl)-=4; - return w; -} - -int sldns_wire2str_aaaa_scan(uint8_t** d, size_t* dl, char** s, size_t* sl) -{ -#ifdef AF_INET6 - char buf[64]; - int w; - if(*dl < 16) return -1; - if(!inet_ntop(AF_INET6, *d, buf, (socklen_t)sizeof(buf))) - return -1; - w = sldns_str_print(s, sl, "%s", buf); - (*d)+=16; - (*dl)-=16; - return w; -#else - return -1; -#endif -} - -/** printout escaped TYPE_STR character */ -static int str_char_print(char** s, size_t* sl, uint8_t c) -{ - if(isprint((unsigned char)c) || c == '\t') { - if(c == '\"' || c == '\\') - return sldns_str_print(s, sl, "\\%c", c); - if(*sl) { - **s = (char)c; - (*s)++; - (*sl)--; - } - return 1; - } - return sldns_str_print(s, sl, "\\%03u", (unsigned)c); -} - -int sldns_wire2str_str_scan(uint8_t** d, size_t* dl, char** s, size_t* sl) -{ - int w = 0; - size_t i, len; - if(*dl < 1) return -1; - len = **d; - if(*dl < 1+len) return -1; - (*d)++; - (*dl)--; - w += sldns_str_print(s, sl, "\""); - for(i=0; i 0) - w += sldns_str_print(s, sl, "."); - if(i < (int)adflength) - w += sldns_str_print(s, sl, "%d", (*d)[4+i]); - else w += sldns_str_print(s, sl, "0"); - } - } else if(family == LDNS_APL_IP6) { - /* check if prefix <128 ? */ - /* address is variable length 0 - 16 */ - for(i=0; i<16; i++) { - if(i%2 == 0 && i>0) - w += sldns_str_print(s, sl, ":"); - if(i < (int)adflength) - w += sldns_str_print(s, sl, "%02x", (*d)[4+i]); - else w += sldns_str_print(s, sl, "00"); - } - } - w += sldns_str_print(s, sl, "/%u", (unsigned)prefix); - (*d) += 4+adflength; - (*dl) -= 4+adflength; - return w; -} - -int sldns_wire2str_b32_ext_scan(uint8_t** d, size_t* dl, char** s, size_t* sl) -{ - size_t datalen; - size_t sz; - if(*dl < 1) return -1; - datalen = (*d)[0]; - if(*dl < 1+datalen) return -1; - sz = sldns_b32_ntop_calculate_size(datalen); - if(*sl < sz+1) { - (*d) += datalen+1; - (*dl) -= (datalen+1); - return (int)sz; /* out of space really, but would need buffer - in order to truncate the output */ - } - sldns_b32_ntop_extended_hex((*d)+1, datalen, *s, *sl); - (*d) += datalen+1; - (*dl) -= (datalen+1); - (*s) += sz; - (*sl) -= sz; - return (int)sz; -} - -/** scan number of bytes from wire into b64 presentation format */ -static int sldns_wire2str_b64_scan_num(uint8_t** d, size_t* dl, char** s, - size_t* sl, size_t num) -{ - /* b64_ntop_calculate size includes null at the end */ - size_t sz = sldns_b64_ntop_calculate_size(num)-1; - if(*sl < sz+1) { - (*d) += num; - (*dl) -= num; - return (int)sz; /* out of space really, but would need buffer - in order to truncate the output */ - } - sldns_b64_ntop(*d, num, *s, *sl); - (*d) += num; - (*dl) -= num; - (*s) += sz; - (*sl) -= sz; - return (int)sz; -} - -int sldns_wire2str_b64_scan(uint8_t** d, size_t* dl, char** s, size_t* sl) -{ - return sldns_wire2str_b64_scan_num(d, dl, s, sl, *dl); -} - -int sldns_wire2str_hex_scan(uint8_t** d, size_t* dl, char** s, size_t* sl) -{ - return print_remainder_hex("", d, dl, s, sl); -} - -int sldns_wire2str_nsec_scan(uint8_t** d, size_t* dl, char** s, size_t* sl) -{ - uint8_t* p = *d; - size_t pl = *dl; - unsigned i, bit, window, block_len; - uint16_t t; - int w = 0; - - /* check for errors */ - while(pl) { - if(pl < 2) return -1; - block_len = (unsigned)p[1]; - if(pl < 2+block_len) return -1; - p += block_len+2; - pl -= block_len+2; - } - - /* do it */ - p = *d; - pl = *dl; - while(pl) { - if(pl < 2) return -1; /* cannot happen */ - window = (unsigned)p[0]; - block_len = (unsigned)p[1]; - if(pl < 2+block_len) return -1; /* cannot happen */ - p += 2; - for(i=0; i>bit))) { - if(w) w += sldns_str_print(s, sl, " "); - w += sldns_wire2str_type_print(s, sl, - t+bit); - } - } - } - p += block_len; - pl -= block_len+2; - } - (*d) += *dl; - (*dl) = 0; - return w; -} - -int sldns_wire2str_nsec3_salt_scan(uint8_t** d, size_t* dl, char** s, size_t* sl) -{ - size_t salt_len; - int w; - if(*dl < 1) return -1; - salt_len = (size_t)(*d)[0]; - if(*dl < 1+salt_len) return -1; - (*d)++; - (*dl)--; - if(salt_len == 0) { - return sldns_str_print(s, sl, "-"); - } - w = print_hex_buf(s, sl, *d, salt_len); - (*dl)-=salt_len; - (*d)+=salt_len; - return w; -} - -int sldns_wire2str_cert_alg_scan(uint8_t** d, size_t* dl, char** s, size_t* sl) -{ - sldns_lookup_table *lt; - int data, w; - if(*dl < 2) return -1; - data = (int)sldns_read_uint16(*d); - lt = sldns_lookup_by_id(sldns_cert_algorithms, data); - if(lt && lt->name) - w = sldns_str_print(s, sl, "%s", lt->name); - else w = sldns_str_print(s, sl, "%d", data); - (*dl)-=2; - (*d)+=2; - return w; -} - -int sldns_wire2str_alg_scan(uint8_t** d, size_t* dl, char** s, size_t* sl) -{ - /* don't use algorithm mnemonics in the presentation format - * this kind of got sneaked into the rfc's */ - return sldns_wire2str_int8_scan(d, dl, s, sl); -} - -int sldns_wire2str_unknown_scan(uint8_t** d, size_t* dl, char** s, size_t* sl) -{ - return sldns_wire2str_rdata_unknown_scan(d, dl, s, sl); -} - -int sldns_wire2str_time_scan(uint8_t** d, size_t* dl, char** s, size_t* sl) -{ - /* create a YYYYMMDDHHMMSS string if possible */ - struct tm tm; - char date_buf[16]; - uint32_t t; - memset(&tm, 0, sizeof(tm)); - if(*dl < 4) return -1; - t = sldns_read_uint32(*d); - date_buf[15]=0; - if(sldns_serial_arithmitics_gmtime_r(t, time(NULL), &tm) && - strftime(date_buf, 15, "%Y%m%d%H%M%S", &tm)) { - (*d) += 4; - (*dl) -= 4; - return sldns_str_print(s, sl, "%s", date_buf); - } - return -1; -} - -static int -loc_cm_print(char** str, size_t* sl, uint8_t mantissa, uint8_t exponent) -{ - int w = 0; - uint8_t i; - /* is it 0. ? */ - if(exponent < 2) { - if(exponent == 1) - mantissa *= 10; - return sldns_str_print(str, sl, "0.%02ld", (long)mantissa); - } - /* always */ - w += sldns_str_print(str, sl, "%d", (int)mantissa); - for(i=0; i equator) { - northerness = 'N'; - latitude = latitude - equator; - } else { - northerness = 'S'; - latitude = equator - latitude; - } - h = latitude / (1000 * 60 * 60); - latitude = latitude % (1000 * 60 * 60); - m = latitude / (1000 * 60); - latitude = latitude % (1000 * 60); - s = (double) latitude / 1000.0; - w += sldns_str_print(str, sl, "%02u %02u %06.3f %c ", - h, m, s, northerness); - - if (longitude > equator) { - easterness = 'E'; - longitude = longitude - equator; - } else { - easterness = 'W'; - longitude = equator - longitude; - } - h = longitude / (1000 * 60 * 60); - longitude = longitude % (1000 * 60 * 60); - m = longitude / (1000 * 60); - longitude = longitude % (1000 * 60); - s = (double) longitude / (1000.0); - w += sldns_str_print(str, sl, "%02u %02u %06.3f %c ", - h, m, s, easterness); - - s = ((double) altitude) / 100; - s -= 100000; - - if(altitude%100 != 0) - w += sldns_str_print(str, sl, "%.2f", s); - else - w += sldns_str_print(str, sl, "%.0f", s); - - w += sldns_str_print(str, sl, "m "); - - w += loc_cm_print(str, sl, (size & 0xf0) >> 4, size & 0x0f); - w += sldns_str_print(str, sl, "m "); - - w += loc_cm_print(str, sl, (horizontal_precision & 0xf0) >> 4, - horizontal_precision & 0x0f); - w += sldns_str_print(str, sl, "m "); - - w += loc_cm_print(str, sl, (vertical_precision & 0xf0) >> 4, - vertical_precision & 0x0f); - w += sldns_str_print(str, sl, "m"); - - (*d)+=16; - (*dl)-=16; - return w; -} - -int sldns_wire2str_wks_scan(uint8_t** d, size_t* dl, char** s, size_t* sl) -{ - /* protocol, followed by bitmap of services */ - const char* proto_name = NULL; - struct protoent *protocol; - struct servent *service; - uint8_t protocol_nr; - int bit, port, w = 0; - size_t i; - /* we cannot print with strings because they - * are not portable, the presentation format may - * not be able to be read in on another computer. */ - int print_symbols = 0; - - /* protocol */ - if(*dl < 1) return -1; - protocol_nr = (*d)[0]; - (*d)++; - (*dl)--; - protocol = getprotobynumber((int)protocol_nr); - if(protocol && (protocol->p_name != NULL)) { - w += sldns_str_print(s, sl, "%s", protocol->p_name); - proto_name = protocol->p_name; - } else { - w += sldns_str_print(s, sl, "%u", (unsigned)protocol_nr); - } - - for(i=0; i<*dl; i++) { - if((*d)[i] == 0) - continue; - for(bit=0; bit<8; bit++) { - if(!(((*d)[i])&(0x80>>bit))) - continue; - port = (int)i*8 + bit; - - if(!print_symbols) - service = NULL; - else - service = getservbyport( - (int)htons((uint16_t)port), proto_name); - if(service && service->s_name) - w += sldns_str_print(s, sl, " %s", - service->s_name); - else w += sldns_str_print(s, sl, " %u", - (unsigned)port); - } - } - -#ifdef HAVE_ENDSERVENT - endservent(); -#endif -#ifdef HAVE_ENDPROTOENT - endprotoent(); -#endif - (*d) += *dl; - (*dl) = 0; - return w; -} - -int sldns_wire2str_nsap_scan(uint8_t** d, size_t* dl, char** s, size_t* sl) -{ - return print_remainder_hex("0x", d, dl, s, sl); -} - -int sldns_wire2str_atma_scan(uint8_t** d, size_t* dl, char** s, size_t* sl) -{ - return print_remainder_hex("", d, dl, s, sl); -} - -/* internal scan routine that can modify arguments on failure */ -static int sldns_wire2str_ipseckey_scan_internal(uint8_t** d, size_t* dl, - char** s, size_t* sl, uint8_t* pkt, size_t pktlen) -{ - /* http://www.ietf.org/internet-drafts/draft-ietf-ipseckey-rr-12.txt*/ - uint8_t precedence, gateway_type, algorithm; - int w = 0; - - if(*dl < 3) return -1; - precedence = (*d)[0]; - gateway_type = (*d)[1]; - algorithm = (*d)[2]; - if(gateway_type > 3) - return -1; /* unknown */ - (*d)+=3; - (*dl)-=3; - w += sldns_str_print(s, sl, "%d %d %d ", - (int)precedence, (int)gateway_type, (int)algorithm); - - switch(gateway_type) { - case 0: /* no gateway */ - w += sldns_str_print(s, sl, "."); - break; - case 1: /* ip4 */ - w += sldns_wire2str_a_scan(d, dl, s, sl); - break; - case 2: /* ip6 */ - w += sldns_wire2str_aaaa_scan(d, dl, s, sl); - break; - case 3: /* dname */ - w += sldns_wire2str_dname_scan(d, dl, s, sl, pkt, pktlen); - break; - default: /* unknown */ - return -1; - } - - if(*dl < 1) - return -1; - w += sldns_str_print(s, sl, " "); - w += sldns_wire2str_b64_scan_num(d, dl, s, sl, *dl); - return w; -} - -int sldns_wire2str_ipseckey_scan(uint8_t** d, size_t* dl, char** s, size_t* sl, - uint8_t* pkt, size_t pktlen) -{ - uint8_t* od = *d; - char* os = *s; - size_t odl = *dl, osl = *sl; - int w=sldns_wire2str_ipseckey_scan_internal(d, dl, s, sl, pkt, pktlen); - if(w == -1) { - *d = od; - *s = os; - *dl = odl; - *sl = osl; - return -1; - } - return w; -} - -int sldns_wire2str_hip_scan(uint8_t** d, size_t* dl, char** s, size_t* sl) -{ - int w; - uint8_t algo, hitlen; - uint16_t pklen; - - /* read lengths */ - if(*dl < 4) - return -1; - hitlen = (*d)[0]; - algo = (*d)[1]; - pklen = sldns_read_uint16((*d)+2); - if(*dl < (size_t)4 + (size_t)hitlen + (size_t)pklen) - return -1; - - /* write: algo hit pubkey */ - w = sldns_str_print(s, sl, "%u ", (unsigned)algo); - w += print_hex_buf(s, sl, (*d)+4, hitlen); - w += sldns_str_print(s, sl, " "); - (*d)+=4+hitlen; - (*dl)-= (4+hitlen); - w += sldns_wire2str_b64_scan_num(d, dl, s, sl, pklen); - return w; -} - -int sldns_wire2str_int16_data_scan(uint8_t** d, size_t* dl, char** s, size_t* sl) -{ - uint16_t n; - if(*dl < 2) - return -1; - n = sldns_read_uint16(*d); - if(*dl < 2+(size_t)n) - return -1; - (*d)+=2; - (*dl)-=2; - return sldns_wire2str_b64_scan_num(d, dl, s, sl, n); -} - -int sldns_wire2str_nsec3_next_owner_scan(uint8_t** d, size_t* dl, char** s, - size_t* sl) -{ - return sldns_wire2str_b32_ext_scan(d, dl, s, sl); -} - -int sldns_wire2str_ilnp64_scan(uint8_t** d, size_t* dl, char** s, size_t* sl) -{ - int w; - if(*dl < 8) - return -1; - w = sldns_str_print(s, sl, "%.4x:%.4x:%.4x:%.4x", - sldns_read_uint16(*d), sldns_read_uint16((*d)+2), - sldns_read_uint16((*d)+4), sldns_read_uint16((*d)+6)); - (*d)+=8; - (*dl)-=8; - return w; -} - -int sldns_wire2str_eui48_scan(uint8_t** d, size_t* dl, char** s, size_t* sl) -{ - int w; - if(*dl < 6) - return -1; - w = sldns_str_print(s, sl, "%.2x-%.2x-%.2x-%.2x-%.2x-%.2x", - (*d)[0], (*d)[1], (*d)[2], (*d)[3], (*d)[4], (*d)[5]); - (*d)+=6; - (*dl)-=6; - return w; -} - -int sldns_wire2str_eui64_scan(uint8_t** d, size_t* dl, char** s, size_t* sl) -{ - int w; - if(*dl < 8) - return -1; - w = sldns_str_print(s, sl, "%.2x-%.2x-%.2x-%.2x-%.2x-%.2x-%.2x-%.2x", - (*d)[0], (*d)[1], (*d)[2], (*d)[3], (*d)[4], (*d)[5], - (*d)[6], (*d)[7]); - (*d)+=8; - (*dl)-=8; - return w; -} - -int sldns_wire2str_tag_scan(uint8_t** d, size_t* dl, char** s, size_t* sl) -{ - size_t i, n; - int w = 0; - if(*dl < 1) - return -1; - n = (size_t)((*d)[0]); - if(*dl < 1+n) - return -1; - for(i=0; iname) - w += sldns_str_print(s, sl, " %s", lt->name); - else w += sldns_str_print(s, sl, " %d", (int)data[i]); - } - return w; -} - -int sldns_wire2str_edns_dhu_print(char** s, size_t* sl, uint8_t* data, - size_t len) -{ - sldns_lookup_table *lt; - size_t i; - int w = 0; - for(i=0; iname) - w += sldns_str_print(s, sl, " %s", lt->name); - else w += sldns_str_print(s, sl, " %d", (int)data[i]); - } - return w; -} - -int sldns_wire2str_edns_n3u_print(char** s, size_t* sl, uint8_t* data, - size_t len) -{ - size_t i; - int w = 0; - for(i=0; i 4) { - w += sldns_str_print(s, sl, "trailingdata:"); - w += print_hex_buf(s, sl, data+4+4, len-4-4); - w += sldns_str_print(s, sl, " "); - len = 4+4; - } - memmove(ip4, data+4, len-4); - if(!inet_ntop(AF_INET, ip4, buf, (socklen_t)sizeof(buf))) { - w += sldns_str_print(s, sl, "ip4ntoperror "); - w += print_hex_buf(s, sl, data+4+4, len-4-4); - } else { - w += sldns_str_print(s, sl, "%s", buf); - } - } else if(family == 2) { - /* IP6 */ - char buf[64]; - uint8_t ip6[16]; - memset(ip6, 0, sizeof(ip6)); - if(len-4 > 16) { - w += sldns_str_print(s, sl, "trailingdata:"); - w += print_hex_buf(s, sl, data+4+16, len-4-16); - w += sldns_str_print(s, sl, " "); - len = 4+16; - } - memmove(ip6, data+4, len-4); -#ifdef AF_INET6 - if(!inet_ntop(AF_INET6, ip6, buf, (socklen_t)sizeof(buf))) { - w += sldns_str_print(s, sl, "ip6ntoperror "); - w += print_hex_buf(s, sl, data+4+4, len-4-4); - } else { - w += sldns_str_print(s, sl, "%s", buf); - } -#else - w += print_hex_buf(s, sl, data+4+4, len-4-4); -#endif - } else { - /* unknown */ - w += sldns_str_print(s, sl, "family %d ", - (int)family); - w += print_hex_buf(s, sl, data, len); - } - w += sldns_str_print(s, sl, "/%d scope /%d", (int)source, (int)scope); - return w; -} - -int sldns_wire2str_edns_keepalive_print(char** s, size_t* sl, uint8_t* data, - size_t len) -{ - int w = 0; - uint16_t timeout; - if(!(len == 0 || len == 2)) { - w += sldns_str_print(s, sl, "malformed keepalive "); - w += print_hex_buf(s, sl, data, len); - return w; - } - if(len == 0 ) { - w += sldns_str_print(s, sl, "no timeout value (only valid for client option) "); - } else { - timeout = sldns_read_uint16(data); - w += sldns_str_print(s, sl, "timeout value in units of 100ms %u", (int)timeout); - } - return w; -} - -int sldns_wire2str_edns_option_print(char** s, size_t* sl, - uint16_t option_code, uint8_t* optdata, size_t optlen) -{ - int w = 0; - w += sldns_wire2str_edns_option_code_print(s, sl, option_code); - w += sldns_str_print(s, sl, ": "); - switch(option_code) { - case LDNS_EDNS_LLQ: - w += sldns_wire2str_edns_llq_print(s, sl, optdata, optlen); - break; - case LDNS_EDNS_UL: - w += sldns_wire2str_edns_ul_print(s, sl, optdata, optlen); - break; - case LDNS_EDNS_NSID: - w += sldns_wire2str_edns_nsid_print(s, sl, optdata, optlen); - break; - case LDNS_EDNS_DAU: - w += sldns_wire2str_edns_dau_print(s, sl, optdata, optlen); - break; - case LDNS_EDNS_DHU: - w += sldns_wire2str_edns_dhu_print(s, sl, optdata, optlen); - break; - case LDNS_EDNS_N3U: - w += sldns_wire2str_edns_n3u_print(s, sl, optdata, optlen); - break; - case LDNS_EDNS_CLIENT_SUBNET: - w += sldns_wire2str_edns_subnet_print(s, sl, optdata, optlen); - break; - case LDNS_EDNS_KEEPALIVE: - w += sldns_wire2str_edns_keepalive_print(s, sl, optdata, optlen); - break; - case LDNS_EDNS_PADDING: - w += print_hex_buf(s, sl, optdata, optlen); - break; - default: - /* unknown option code */ - w += print_hex_buf(s, sl, optdata, optlen); - break; - } - return w; -} - -/** print the edns options to string */ -static int -print_edns_opts(char** s, size_t* sl, uint8_t* rdata, size_t rdatalen) -{ - uint16_t option_code, option_len; - int w = 0; - while(rdatalen > 0) { - /* option name */ - if(rdatalen < 4) { - w += sldns_str_print(s, sl, " ; malformed: "); - w += print_hex_buf(s, sl, rdata, rdatalen); - return w; - } - option_code = sldns_read_uint16(rdata); - option_len = sldns_read_uint16(rdata+2); - rdata += 4; - rdatalen -= 4; - - /* option value */ - if(rdatalen < (size_t)option_len) { - w += sldns_str_print(s, sl, " ; malformed "); - w += sldns_wire2str_edns_option_code_print(s, sl, - option_code); - w += sldns_str_print(s, sl, ": "); - w += print_hex_buf(s, sl, rdata, rdatalen); - return w; - } - w += sldns_str_print(s, sl, " ; "); - w += sldns_wire2str_edns_option_print(s, sl, option_code, - rdata, option_len); - rdata += option_len; - rdatalen -= option_len; - } - return w; -} - -int sldns_wire2str_edns_scan(uint8_t** data, size_t* data_len, char** str, - size_t* str_len, uint8_t* pkt, size_t pktlen) -{ - int w = 0; - uint8_t ext_rcode, edns_version; - uint16_t udpsize, edns_bits, rdatalen; - w += sldns_str_print(str, str_len, "; EDNS:"); - - /* some input checks, domain name */ - if(*data_len < 1+10) - return w + print_remainder_hex("Error malformed 0x", - data, data_len, str, str_len); - if(*data[0] != 0) { - return w + print_remainder_hex("Error nonrootdname 0x", - data, data_len, str, str_len); - } - (*data)++; - (*data_len)--; - - /* check type and read fixed contents */ - if(sldns_read_uint16((*data)) != LDNS_RR_TYPE_OPT) { - return w + print_remainder_hex("Error nottypeOPT 0x", - data, data_len, str, str_len); - } - udpsize = sldns_read_uint16((*data)+2); - ext_rcode = (*data)[4]; - edns_version = (*data)[5]; - edns_bits = sldns_read_uint16((*data)+6); - rdatalen = sldns_read_uint16((*data)+8); - (*data)+=10; - (*data_len)-=10; - - w += sldns_str_print(str, str_len, " version: %u;", - (unsigned)edns_version); - w += sldns_str_print(str, str_len, " flags:"); - if((edns_bits & LDNS_EDNS_MASK_DO_BIT)) - w += sldns_str_print(str, str_len, " do"); - /* the extended rcode is the value set, shifted four bits, - * and or'd with the original rcode */ - if(ext_rcode) { - int rc = ((int)ext_rcode)<<4; - if(pkt && pktlen >= LDNS_HEADER_SIZE) - rc |= LDNS_RCODE_WIRE(pkt); - w += sldns_str_print(str, str_len, " ; ext-rcode: %d", rc); - } - w += sldns_str_print(str, str_len, " ; udp: %u", (unsigned)udpsize); - - if(rdatalen) { - if((size_t)*data_len < rdatalen) { - w += sldns_str_print(str, str_len, - " ; Error EDNS rdata too short; "); - rdatalen = (uint16_t)*data_len; - } - w += print_edns_opts(str, str_len, *data, rdatalen); - (*data) += rdatalen; - (*data_len) -= rdatalen; - } - w += sldns_str_print(str, str_len, "\n"); - return w; -} diff --git a/external/unbound/sldns/wire2str.h b/external/unbound/sldns/wire2str.h deleted file mode 100644 index e0fda9233..000000000 --- a/external/unbound/sldns/wire2str.h +++ /dev/null @@ -1,995 +0,0 @@ -/** - * wire2str.h - txt presentation of RRs - * - * (c) NLnet Labs, 2005-2006 - * - * See the file LICENSE for the license - */ - -/** - * \file - * - * Contains functions to translate the wireformat to text - * representation, as well as functions to print them. - */ - -#ifndef LDNS_WIRE2STR_H -#define LDNS_WIRE2STR_H - -#ifdef __cplusplus -extern "C" { -#endif -struct sldns_struct_lookup_table; - -/* lookup tables for standard DNS stuff */ -/** Taken from RFC 2535, section 7. */ -extern struct sldns_struct_lookup_table* sldns_algorithms; -/** DS record hash algorithms */ -extern struct sldns_struct_lookup_table* sldns_hashes; -/** Taken from RFC 2538, section 2.1. */ -extern struct sldns_struct_lookup_table* sldns_cert_algorithms; -/** Response codes */ -extern struct sldns_struct_lookup_table* sldns_rcodes; -/** Operation codes */ -extern struct sldns_struct_lookup_table* sldns_opcodes; -/** EDNS flags */ -extern struct sldns_struct_lookup_table* sldns_edns_flags; -/** EDNS option codes */ -extern struct sldns_struct_lookup_table* sldns_edns_options; -/** error string from wireparse */ -extern struct sldns_struct_lookup_table* sldns_wireparse_errors; - -/** - * Convert wireformat packet to a string representation - * @param data: wireformat packet data (starting at ID bytes). - * @param len: length of packet. - * @return string(malloced) or NULL on failure. - */ -char* sldns_wire2str_pkt(uint8_t* data, size_t len); - -/** - * Convert wireformat RR to a string representation. - * @param rr: the wireformat RR, in uncompressed form. Starts at the domain - * name start, ends with the rdata of the RR. - * @param len: length of the rr wireformat. - * @return string(malloced) or NULL on failure. - */ -char* sldns_wire2str_rr(uint8_t* rr, size_t len); - -/** - * Conver wire dname to a string. - * @param dname: the dname in uncompressed wireformat. - * @param dname_len: length of the dname. - * @return string or NULL on failure. - */ -char* sldns_wire2str_dname(uint8_t* dname, size_t dname_len); - -/** - * Convert wire RR type to a string, 'MX', 'TYPE1234'... - * @param rrtype: the RR type in host order. - * @return malloced string with the RR type or NULL on malloc failure. - */ -char* sldns_wire2str_type(uint16_t rrtype); - -/** - * Convert wire RR class to a string, 'IN', 'CLASS1'. - * @param rrclass: the RR class in host order. - * @return malloced string with the RR class or NULL on malloc failure. - */ -char* sldns_wire2str_class(uint16_t rrclass); - -/** - * Convert wire packet rcode to a string, 'NOERROR', 'NXDOMAIN'... - * @param rcode: as integer, host order - * @return malloced string with the rcode or NULL on malloc failure. - */ -char* sldns_wire2str_rcode(int rcode); - -/** - * Print to string, move string along for next content. With va_list. - * @param str: string buffer. Adjusted at end to after the output. - * @param slen: length of the string buffer. Adjusted at end. - * @param format: printf format string. - * @param args: arguments for printf. - * @return number of characters needed. Can be larger than slen. - */ -int sldns_str_vprint(char** str, size_t* slen, const char* format, va_list args); - -/** - * Print to string, move string along for next content. - * @param str: string buffer. Adjusted at end to after the output. - * @param slen: length of the string buffer. Adjusted at end. - * @param format: printf format string and arguments for it. - * @return number of characters needed. Can be larger than slen. - */ -int sldns_str_print(char** str, size_t* slen, const char* format, ...) - ATTR_FORMAT(printf, 3, 4); - -/** - * Convert wireformat packet to a string representation with user buffer - * It appends every RR with default comments. - * For more formatter options use the function: TBD(TODO) - * @param data: wireformat packet data (starting at ID bytes). - * @param data_len: length of packet. - * @param str: the string buffer for the output. - * If you pass NULL as the str the return value of the function is - * the str_len you need for the entire packet. It does not include - * the 0 byte at the end. - * @param str_len: the size of the string buffer. If more is needed, it'll - * silently truncate the output to fit in the buffer. - * @return the number of characters for this element, excluding zerobyte. - * Is larger or equal than str_len if output was truncated. - */ -int sldns_wire2str_pkt_buf(uint8_t* data, size_t data_len, char* str, - size_t str_len); - -/** - * Scan wireformat packet to a string representation with user buffer - * It appends every RR with default comments. - * For more formatter options use the function: TBD(TODO) - * @param data: wireformat packet data (starting at ID bytes). - * @param data_len: length of packet. - * @param str: the string buffer for the output. - * @param str_len: the size of the string buffer. - * @return number of characters for string. - * returns the number of characters that are needed (except terminating null), - * so it may return a value larger than str_len. - * On error you get less output (i.e. shorter output in str (null terminated)) - * On exit the data, data_len, str and str_len values are adjusted to move them - * from their original position along the input and output for the content - * that has been consumed (and produced) by this function. If the end of the - * output string is reached, *str_len is set to 0. The output string is null - * terminated (shortening the output if necessary). If the end of the input - * is reached *data_len is set to 0. - */ -int sldns_wire2str_pkt_scan(uint8_t** data, size_t* data_len, char** str, - size_t* str_len); - -/** - * Scan wireformat rr to string, with user buffers. It shifts the arguments - * to move along (see sldns_wire2str_pkt_scan). - * @param data: wireformat data. - * @param data_len: length of data buffer. - * @param str: string buffer. - * @param str_len: length of string buffer. - * @param pkt: packet for decompression, if NULL no decompression. - * @param pktlen: length of packet buffer. - * @return number of characters (except null) needed to print. - */ -int sldns_wire2str_rr_scan(uint8_t** data, size_t* data_len, char** str, - size_t* str_len, uint8_t* pkt, size_t pktlen); - -/** - * Scan wireformat question rr to string, with user buffers. - * It shifts the arguments to move along (see sldns_wire2str_pkt_scan). - * @param data: wireformat data. - * @param data_len: length of data buffer. - * @param str: string buffer. - * @param str_len: length of string buffer. - * @param pkt: packet for decompression, if NULL no decompression. - * @param pktlen: length of packet buffer. - * @return number of characters (except null) needed to print. - */ -int sldns_wire2str_rrquestion_scan(uint8_t** data, size_t* data_len, char** str, - size_t* str_len, uint8_t* pkt, size_t pktlen); - -/** - * Scan wireformat RR to string in unknown RR format, with user buffers. - * It shifts the arguments to move along (see sldns_wire2str_pkt_scan). - * @param data: wireformat data. - * @param data_len: length of data buffer. - * @param str: string buffer. - * @param str_len: length of string buffer. - * @param pkt: packet for decompression, if NULL no decompression. - * @param pktlen: length of packet buffer. - * @return number of characters (except null) needed to print. - */ -int sldns_wire2str_rr_unknown_scan(uint8_t** data, size_t* data_len, char** str, - size_t* str_len, uint8_t* pkt, size_t pktlen); - -/** - * Print to string the RR-information comment in default format, - * with user buffers. Moves string along. - * @param str: string buffer. - * @param str_len: length of string buffer. - * @param rr: wireformat data. - * @param rrlen: length of data buffer. - * @param dname_off: offset in buffer behind owner dname, the compressed size - * of the owner name. - * @param rrtype: type of the RR, host format. - * @return number of characters (except null) needed to print. - */ -int sldns_wire2str_rr_comment_print(char** str, size_t* str_len, uint8_t* rr, - size_t rrlen, size_t dname_off, uint16_t rrtype); - -/** - * Scan wireformat packet header to string, with user buffers. - * It shifts the arguments to move along (see sldns_wire2str_pkt_scan). - * @param data: wireformat data. - * @param data_len: length of data buffer. - * @param str: string buffer. - * @param str_len: length of string buffer. - * @return number of characters (except null) needed to print. - */ -int sldns_wire2str_header_scan(uint8_t** data, size_t* data_len, char** str, - size_t* str_len); - -/** - * Scan wireformat rdata to string, with user buffers. - * It shifts the arguments to move along (see sldns_wire2str_pkt_scan). - * @param data: wireformat data. - * @param data_len: length of data buffer. The length of the rdata in the - * buffer. The rdatalen itself has already been scanned, the data - * points to the rdata after the rdatalen. - * @param str: string buffer. - * @param str_len: length of string buffer. - * @param rrtype: RR type of Rdata, host format. - * @param pkt: packet for decompression, if NULL no decompression. - * @param pktlen: length of packet buffer. - * @return number of characters (except null) needed to print. - */ -int sldns_wire2str_rdata_scan(uint8_t** data, size_t* data_len, char** str, - size_t* str_len, uint16_t rrtype, uint8_t* pkt, size_t pktlen); - -/** - * Scan wireformat rdata to string in unknown format, with user buffers. - * It shifts the arguments to move along (see sldns_wire2str_pkt_scan). - * @param data: wireformat data. - * @param data_len: length of data buffer, the length of the rdata in buffer. - * @param str: string buffer. - * @param str_len: length of string buffer. - * @return number of characters (except null) needed to print. - */ -int sldns_wire2str_rdata_unknown_scan(uint8_t** data, size_t* data_len, - char** str, size_t* str_len); - -/** - * Scan wireformat domain name to string, with user buffers. - * It shifts the arguments to move along (see sldns_wire2str_pkt_scan). - * @param data: wireformat data. - * @param data_len: length of data buffer. - * @param str: string buffer. - * @param str_len: length of string buffer. - * @param pkt: packet for decompression, if NULL no decompression. - * @param pktlen: length of packet buffer. - * @return number of characters (except null) needed to print. - */ -int sldns_wire2str_dname_scan(uint8_t** data, size_t* data_len, char** str, - size_t* str_len, uint8_t* pkt, size_t pktlen); - -/** - * Scan wireformat rr type to string, with user buffers. - * It shifts the arguments to move along (see sldns_wire2str_pkt_scan). - * @param data: wireformat data. - * @param data_len: length of data buffer. - * @param str: string buffer. - * @param str_len: length of string buffer. - * @return number of characters (except null) needed to print. - */ -int sldns_wire2str_type_scan(uint8_t** data, size_t* data_len, char** str, - size_t* str_len); - -/** - * Scan wireformat rr class to string, with user buffers. - * It shifts the arguments to move along (see sldns_wire2str_pkt_scan). - * @param data: wireformat data. - * @param data_len: length of data buffer. - * @param str: string buffer. - * @param str_len: length of string buffer. - * @return number of characters (except null) needed to print. - */ -int sldns_wire2str_class_scan(uint8_t** data, size_t* data_len, char** str, - size_t* str_len); - -/** - * Scan wireformat rr ttl to string, with user buffers. - * It shifts the arguments to move along (see sldns_wire2str_pkt_scan). - * @param data: wireformat data. - * @param data_len: length of data buffer. - * @param str: string buffer. - * @param str_len: length of string buffer. - * @return number of characters (except null) needed to print. - */ -int sldns_wire2str_ttl_scan(uint8_t** data, size_t* data_len, char** str, - size_t* str_len); - - -/** - * Print host format rr type to string. Moves string along, user buffers. - * @param str: string buffer. - * @param str_len: length of string buffer. - * @param rrtype: host format rr type. - * @return number of characters (except null) needed to print. - */ -int sldns_wire2str_type_print(char** str, size_t* str_len, uint16_t rrtype); - -/** - * Print host format rr class to string. Moves string along, user buffers. - * @param str: string buffer. - * @param str_len: length of string buffer. - * @param rrclass: host format rr class. - * @return number of characters (except null) needed to print. - */ -int sldns_wire2str_class_print(char** str, size_t* str_len, uint16_t rrclass); - -/** - * Print host format rcode to string. Moves string along, user buffers. - * @param str: string buffer. - * @param str_len: length of string buffer. - * @param rcode: host format rcode number. - * @return number of characters (except null) needed to print. - */ -int sldns_wire2str_rcode_print(char** str, size_t* str_len, int rcode); - -/** - * Print host format opcode to string. Moves string along, user buffers. - * @param str: string buffer. - * @param str_len: length of string buffer. - * @param opcode: host format opcode number. - * @return number of characters (except null) needed to print. - */ -int sldns_wire2str_opcode_print(char** str, size_t* str_len, int opcode); - -/** - * Print host format EDNS0 option to string. Moves string along, user buffers. - * @param str: string buffer. - * @param str_len: length of string buffer. - * @param opcode: host format option number. - * @return number of characters (except null) needed to print. - */ -int sldns_wire2str_edns_option_code_print(char** str, size_t* str_len, - uint16_t opcode); - -/** - * Convert RR to string presentation format, on one line. User buffer. - * @param rr: wireformat RR data - * @param rr_len: length of the rr wire data. - * @param str: the string buffer to write to. - * If you pass NULL as the str, the return value of the function is - * the str_len you need for the entire packet. It does not include - * the 0 byte at the end. - * @param str_len: the size of the string buffer. If more is needed, it'll - * silently truncate the output to fit in the buffer. - * @return the number of characters for this element, excluding zerobyte. - * Is larger or equal than str_len if output was truncated. - */ -int sldns_wire2str_rr_buf(uint8_t* rr, size_t rr_len, char* str, - size_t str_len); - -/** - * 3597 printout of an RR in unknown rr format. - * There are more format and comment options available for printout - * with the function: TBD(TODO) - * @param rr: wireformat RR data - * @param rr_len: length of the rr wire data. - * @param str: the string buffer to write to. - * If you pass NULL as the str, the return value of the function is - * the str_len you need for the entire rr. It does not include - * the 0 byte at the end. - * @param str_len: the size of the string buffer. If more is needed, it'll - * silently truncate the output to fit in the buffer. - * @return the number of characters for this element, excluding zerobyte. - * Is larger or equal than str_len if output was truncated. - */ -int sldns_wire2str_rr_unknown_buf(uint8_t* rr, size_t rr_len, char* str, - size_t str_len); - -/** - * This creates the comment to print after the RR. ; keytag=... , and other - * basic comments for RRs. - * There are more format and comment options available for printout - * with the function: TBD(TODO) - * @param rr: wireformat RR data - * @param rr_len: length of the rr wire data. - * @param dname_len: length of the dname in front of the RR. - * @param str: the string buffer to write to. - * If you pass NULL as the str, the return value of the function is - * the str_len you need for the entire comment. It does not include - * the 0 byte at the end. - * @param str_len: the size of the string buffer. If more is needed, it'll - * silently truncate the output to fit in the buffer. - * @return the number of characters for this element, excluding zerobyte. - * Is larger or equal than str_len if output was truncated. - */ -int sldns_wire2str_rr_comment_buf(uint8_t* rr, size_t rr_len, size_t dname_len, - char* str, size_t str_len); - -/** - * Convert RDATA to string presentation format, on one line. User buffer. - * @param rdata: wireformat rdata part of an RR. - * @param rdata_len: length of the rr wire data. - * @param str: the string buffer to write to. - * If you pass NULL as the str, the return value of the function is - * the str_len you need for the entire packet. It does not include - * the 0 byte at the end. - * @param str_len: the size of the string buffer. If more is needed, it'll - * silently truncate the output to fit in the buffer. - * @param rrtype: rr type of the data - * @return the number of characters for this element, excluding zerobyte. - * Is larger or equal than str_len if output was truncated. - */ -int sldns_wire2str_rdata_buf(uint8_t* rdata, size_t rdata_len, char* str, - size_t str_len, uint16_t rrtype); - -/** - * Convert wire RR type to a string, 'MX', 'TYPE12'. With user buffer. - * @param rrtype: the RR type in host order. - * @param str: the string to write to. - * @param len: length of str. - * @return the number of characters for this element, excluding zerobyte. - * Is larger or equal than str_len if output was truncated. - */ -int sldns_wire2str_type_buf(uint16_t rrtype, char* str, size_t len); - -/** - * Convert wire RR class to a string, 'IN', 'CLASS12'. With user buffer. - * @param rrclass: the RR class in host order. - * @param str: the string to write to. - * @param len: length of str. - * @return the number of characters for this element, excluding zerobyte. - * Is larger or equal than str_len if output was truncated. - */ -int sldns_wire2str_class_buf(uint16_t rrclass, char* str, size_t len); - -/** - * Convert wire RR rcode to a string, 'NOERROR', 'NXDOMAIN'. With user buffer. - * @param rcode: rcode as integer in host order - * @param str: the string to write to. - * @param len: length of str. - * @return the number of characters for this element, excluding zerobyte. - * Is larger or equal than str_len if output was truncated. - */ -int sldns_wire2str_rcode_buf(int rcode, char* str, size_t len); - -/** - * Convert host format opcode to a string. 'QUERY', 'NOTIFY', 'UPDATE'. - * With user buffer. - * @param opcode: opcode as integer in host order - * @param str: the string to write to. - * @param len: length of str. - * @return the number of characters for this element, excluding zerobyte. - * Is larger or equal than str_len if output was truncated. - */ -int sldns_wire2str_opcode_buf(int opcode, char* str, size_t len); - -/** - * Convert wire dname to a string, "example.com.". With user buffer. - * @param dname: the dname in uncompressed wireformat. - * @param dname_len: length of the dname. - * @param str: the string to write to. - * @param len: length of string. - * @return the number of characters for this element, excluding zerobyte. - * Is larger or equal than str_len if output was truncated. - */ -int sldns_wire2str_dname_buf(uint8_t* dname, size_t dname_len, char* str, - size_t len); - -/** - * Scan wireformat rdf field to string, with user buffers. - * It shifts the arguments to move along (see sldns_wire2str_pkt_scan). - * @param data: wireformat data. - * @param data_len: length of data buffer. - * @param str: string buffer. - * @param str_len: length of string buffer. - * @param rdftype: the type of the rdata field, enum sldns_rdf_type. - * @param pkt: packet for decompression, if NULL no decompression. - * @param pktlen: length of packet buffer. - * @return number of characters (except null) needed to print. - * Can return -1 on failure. - */ -int sldns_wire2str_rdf_scan(uint8_t** data, size_t* data_len, char** str, - size_t* str_len, int rdftype, uint8_t* pkt, size_t pktlen); - -/** - * Scan wireformat int8 field to string, with user buffers. - * It shifts the arguments to move along (see sldns_wire2str_pkt_scan). - * @param data: wireformat data. - * @param data_len: length of data buffer. - * @param str: string buffer. - * @param str_len: length of string buffer. - * @return number of characters (except null) needed to print. - * Can return -1 on failure. - */ -int sldns_wire2str_int8_scan(uint8_t** data, size_t* data_len, char** str, - size_t* str_len); - -/** - * Scan wireformat int16 field to string, with user buffers. - * It shifts the arguments to move along (see sldns_wire2str_pkt_scan). - * @param data: wireformat data. - * @param data_len: length of data buffer. - * @param str: string buffer. - * @param str_len: length of string buffer. - * @return number of characters (except null) needed to print. - * Can return -1 on failure. - */ -int sldns_wire2str_int16_scan(uint8_t** data, size_t* data_len, char** str, - size_t* str_len); - -/** - * Scan wireformat int32 field to string, with user buffers. - * It shifts the arguments to move along (see sldns_wire2str_pkt_scan). - * @param data: wireformat data. - * @param data_len: length of data buffer. - * @param str: string buffer. - * @param str_len: length of string buffer. - * @return number of characters (except null) needed to print. - * Can return -1 on failure. - */ -int sldns_wire2str_int32_scan(uint8_t** data, size_t* data_len, char** str, - size_t* str_len); - -/** - * Scan wireformat period field to string, with user buffers. - * It shifts the arguments to move along (see sldns_wire2str_pkt_scan). - * @param data: wireformat data. - * @param data_len: length of data buffer. - * @param str: string buffer. - * @param str_len: length of string buffer. - * @return number of characters (except null) needed to print. - * Can return -1 on failure. - */ -int sldns_wire2str_period_scan(uint8_t** data, size_t* data_len, char** str, - size_t* str_len); - -/** - * Scan wireformat tsigtime field to string, with user buffers. - * It shifts the arguments to move along (see sldns_wire2str_pkt_scan). - * @param data: wireformat data. - * @param data_len: length of data buffer. - * @param str: string buffer. - * @param str_len: length of string buffer. - * @return number of characters (except null) needed to print. - * Can return -1 on failure. - */ -int sldns_wire2str_tsigtime_scan(uint8_t** data, size_t* data_len, char** str, - size_t* str_len); - -/** - * Scan wireformat ip4 A field to string, with user buffers. - * It shifts the arguments to move along (see sldns_wire2str_pkt_scan). - * @param data: wireformat data. - * @param data_len: length of data buffer. - * @param str: string buffer. - * @param str_len: length of string buffer. - * @return number of characters (except null) needed to print. - * Can return -1 on failure. - */ -int sldns_wire2str_a_scan(uint8_t** data, size_t* data_len, char** str, - size_t* str_len); - -/** - * Scan wireformat ip6 AAAA field to string, with user buffers. - * It shifts the arguments to move along (see sldns_wire2str_pkt_scan). - * @param data: wireformat data. - * @param data_len: length of data buffer. - * @param str: string buffer. - * @param str_len: length of string buffer. - * @return number of characters (except null) needed to print. - * Can return -1 on failure. - */ -int sldns_wire2str_aaaa_scan(uint8_t** data, size_t* data_len, char** str, - size_t* str_len); - -/** - * Scan wireformat str field to string, with user buffers. - * It shifts the arguments to move along (see sldns_wire2str_pkt_scan). - * @param data: wireformat data. - * @param data_len: length of data buffer. - * @param str: string buffer. - * @param str_len: length of string buffer. - * @return number of characters (except null) needed to print. - * Can return -1 on failure. - */ -int sldns_wire2str_str_scan(uint8_t** data, size_t* data_len, char** str, - size_t* str_len); - -/** - * Scan wireformat apl field to string, with user buffers. - * It shifts the arguments to move along (see sldns_wire2str_pkt_scan). - * @param data: wireformat data. - * @param data_len: length of data buffer. - * @param str: string buffer. - * @param str_len: length of string buffer. - * @return number of characters (except null) needed to print. - * Can return -1 on failure. - */ -int sldns_wire2str_apl_scan(uint8_t** data, size_t* data_len, char** str, - size_t* str_len); - -/** - * Scan wireformat b32_ext field to string, with user buffers. - * It shifts the arguments to move along (see sldns_wire2str_pkt_scan). - * @param data: wireformat data. - * @param data_len: length of data buffer. - * @param str: string buffer. - * @param str_len: length of string buffer. - * @return number of characters (except null) needed to print. - * Can return -1 on failure. - */ -int sldns_wire2str_b32_ext_scan(uint8_t** data, size_t* data_len, char** str, - size_t* str_len); - -/** - * Scan wireformat b64 field to string, with user buffers. - * It shifts the arguments to move along (see sldns_wire2str_pkt_scan). - * @param data: wireformat data. - * @param data_len: length of data buffer. - * @param str: string buffer. - * @param str_len: length of string buffer. - * @return number of characters (except null) needed to print. - * Can return -1 on failure. - */ -int sldns_wire2str_b64_scan(uint8_t** data, size_t* data_len, char** str, - size_t* str_len); - -/** - * Scan wireformat hex field to string, with user buffers. - * It shifts the arguments to move along (see sldns_wire2str_pkt_scan). - * @param data: wireformat data. - * @param data_len: length of data buffer. - * @param str: string buffer. - * @param str_len: length of string buffer. - * @return number of characters (except null) needed to print. - * Can return -1 on failure. - */ -int sldns_wire2str_hex_scan(uint8_t** data, size_t* data_len, char** str, - size_t* str_len); - -/** - * Scan wireformat nsec bitmap field to string, with user buffers. - * It shifts the arguments to move along (see sldns_wire2str_pkt_scan). - * @param data: wireformat data. - * @param data_len: length of data buffer. - * @param str: string buffer. - * @param str_len: length of string buffer. - * @return number of characters (except null) needed to print. - * Can return -1 on failure. - */ -int sldns_wire2str_nsec_scan(uint8_t** data, size_t* data_len, char** str, - size_t* str_len); - -/** - * Scan wireformat nsec3_salt field to string, with user buffers. - * It shifts the arguments to move along (see sldns_wire2str_pkt_scan). - * @param data: wireformat data. - * @param data_len: length of data buffer. - * @param str: string buffer. - * @param str_len: length of string buffer. - * @return number of characters (except null) needed to print. - * Can return -1 on failure. - */ -int sldns_wire2str_nsec3_salt_scan(uint8_t** data, size_t* data_len, char** str, - size_t* str_len); - -/** - * Scan wireformat cert_alg field to string, with user buffers. - * It shifts the arguments to move along (see sldns_wire2str_pkt_scan). - * @param data: wireformat data. - * @param data_len: length of data buffer. - * @param str: string buffer. - * @param str_len: length of string buffer. - * @return number of characters (except null) needed to print. - * Can return -1 on failure. - */ -int sldns_wire2str_cert_alg_scan(uint8_t** data, size_t* data_len, char** str, - size_t* str_len); - -/** - * Scan wireformat alg field to string, with user buffers. - * It shifts the arguments to move along (see sldns_wire2str_pkt_scan). - * @param data: wireformat data. - * @param data_len: length of data buffer. - * @param str: string buffer. - * @param str_len: length of string buffer. - * @return number of characters (except null) needed to print. - * Can return -1 on failure. - */ -int sldns_wire2str_alg_scan(uint8_t** data, size_t* data_len, char** str, - size_t* str_len); - -/** - * Scan wireformat type unknown field to string, with user buffers. - * It shifts the arguments to move along (see sldns_wire2str_pkt_scan). - * @param data: wireformat data. - * @param data_len: length of data buffer. - * @param str: string buffer. - * @param str_len: length of string buffer. - * @return number of characters (except null) needed to print. - * Can return -1 on failure. - */ -int sldns_wire2str_unknown_scan(uint8_t** data, size_t* data_len, char** str, - size_t* str_len); - -/** - * Scan wireformat time field to string, with user buffers. - * It shifts the arguments to move along (see sldns_wire2str_pkt_scan). - * @param data: wireformat data. - * @param data_len: length of data buffer. - * @param str: string buffer. - * @param str_len: length of string buffer. - * @return number of characters (except null) needed to print. - * Can return -1 on failure. - */ -int sldns_wire2str_time_scan(uint8_t** data, size_t* data_len, char** str, - size_t* str_len); - -/** - * Scan wireformat LOC field to string, with user buffers. - * It shifts the arguments to move along (see sldns_wire2str_pkt_scan). - * @param data: wireformat data. - * @param data_len: length of data buffer. - * @param str: string buffer. - * @param str_len: length of string buffer. - * @return number of characters (except null) needed to print. - * Can return -1 on failure. - */ -int sldns_wire2str_loc_scan(uint8_t** data, size_t* data_len, char** str, - size_t* str_len); - -/** - * Scan wireformat WKS field to string, with user buffers. - * It shifts the arguments to move along (see sldns_wire2str_pkt_scan). - * @param data: wireformat data. - * @param data_len: length of data buffer. - * @param str: string buffer. - * @param str_len: length of string buffer. - * @return number of characters (except null) needed to print. - * Can return -1 on failure. - */ -int sldns_wire2str_wks_scan(uint8_t** data, size_t* data_len, char** str, - size_t* str_len); - -/** - * Scan wireformat NSAP field to string, with user buffers. - * It shifts the arguments to move along (see sldns_wire2str_pkt_scan). - * @param data: wireformat data. - * @param data_len: length of data buffer. - * @param str: string buffer. - * @param str_len: length of string buffer. - * @return number of characters (except null) needed to print. - * Can return -1 on failure. - */ -int sldns_wire2str_nsap_scan(uint8_t** data, size_t* data_len, char** str, - size_t* str_len); - -/** - * Scan wireformat ATMA field to string, with user buffers. - * It shifts the arguments to move along (see sldns_wire2str_pkt_scan). - * @param data: wireformat data. - * @param data_len: length of data buffer. - * @param str: string buffer. - * @param str_len: length of string buffer. - * @return number of characters (except null) needed to print. - * Can return -1 on failure. - */ -int sldns_wire2str_atma_scan(uint8_t** data, size_t* data_len, char** str, - size_t* str_len); - -/** - * Scan wireformat IPSECKEY field to string, with user buffers. - * It shifts the arguments to move along (see sldns_wire2str_pkt_scan). - * @param data: wireformat data. - * @param data_len: length of data buffer. - * @param str: string buffer. - * @param str_len: length of string buffer. - * @param pkt: packet for decompression, if NULL no decompression. - * @param pktlen: length of packet buffer. - * @return number of characters (except null) needed to print. - * Can return -1 on failure. - */ -int sldns_wire2str_ipseckey_scan(uint8_t** data, size_t* data_len, char** str, - size_t* str_len, uint8_t* pkt, size_t pktlen); - -/** - * Scan wireformat HIP (algo, HIT, pubkey) field to string, with user buffers. - * It shifts the arguments to move along (see sldns_wire2str_pkt_scan). - * @param data: wireformat data. - * @param data_len: length of data buffer. - * @param str: string buffer. - * @param str_len: length of string buffer. - * @return number of characters (except null) needed to print. - * Can return -1 on failure. - */ -int sldns_wire2str_hip_scan(uint8_t** data, size_t* data_len, char** str, - size_t* str_len); - -/** - * Scan wireformat int16_data field to string, with user buffers. - * It shifts the arguments to move along (see sldns_wire2str_pkt_scan). - * @param data: wireformat data. - * @param data_len: length of data buffer. - * @param str: string buffer. - * @param str_len: length of string buffer. - * @return number of characters (except null) needed to print. - * Can return -1 on failure. - */ -int sldns_wire2str_int16_data_scan(uint8_t** data, size_t* data_len, char** str, - size_t* str_len); - -/** - * Scan wireformat nsec3_next_owner field to string, with user buffers. - * It shifts the arguments to move along (see sldns_wire2str_pkt_scan). - * @param data: wireformat data. - * @param data_len: length of data buffer. - * @param str: string buffer. - * @param str_len: length of string buffer. - * @return number of characters (except null) needed to print. - * Can return -1 on failure. - */ -int sldns_wire2str_nsec3_next_owner_scan(uint8_t** data, size_t* data_len, - char** str, size_t* str_len); - -/** - * Scan wireformat ILNP64 field to string, with user buffers. - * It shifts the arguments to move along (see sldns_wire2str_pkt_scan). - * @param data: wireformat data. - * @param data_len: length of data buffer. - * @param str: string buffer. - * @param str_len: length of string buffer. - * @return number of characters (except null) needed to print. - * Can return -1 on failure. - */ -int sldns_wire2str_ilnp64_scan(uint8_t** data, size_t* data_len, char** str, - size_t* str_len); - -/** - * Scan wireformat EUI48 field to string, with user buffers. - * It shifts the arguments to move along (see sldns_wire2str_pkt_scan). - * @param data: wireformat data. - * @param data_len: length of data buffer. - * @param str: string buffer. - * @param str_len: length of string buffer. - * @return number of characters (except null) needed to print. - * Can return -1 on failure. - */ -int sldns_wire2str_eui48_scan(uint8_t** data, size_t* data_len, char** str, - size_t* str_len); - -/** - * Scan wireformat EUI64 field to string, with user buffers. - * It shifts the arguments to move along (see sldns_wire2str_pkt_scan). - * @param data: wireformat data. - * @param data_len: length of data buffer. - * @param str: string buffer. - * @param str_len: length of string buffer. - * @return number of characters (except null) needed to print. - * Can return -1 on failure. - */ -int sldns_wire2str_eui64_scan(uint8_t** data, size_t* data_len, char** str, - size_t* str_len); - -/** - * Scan wireformat TAG field to string, with user buffers. - * It shifts the arguments to move along (see sldns_wire2str_pkt_scan). - * @param data: wireformat data. - * @param data_len: length of data buffer. - * @param str: string buffer. - * @param str_len: length of string buffer. - * @return number of characters (except null) needed to print. - * Can return -1 on failure. - */ -int sldns_wire2str_tag_scan(uint8_t** data, size_t* data_len, char** str, - size_t* str_len); - -/** - * Scan wireformat long_str field to string, with user buffers. - * It shifts the arguments to move along (see sldns_wire2str_pkt_scan). - * @param data: wireformat data. - * @param data_len: length of data buffer. - * @param str: string buffer. - * @param str_len: length of string buffer. - * @return number of characters (except null) needed to print. - * Can return -1 on failure. - */ -int sldns_wire2str_long_str_scan(uint8_t** data, size_t* data_len, char** str, - size_t* str_len); - -/** - * Print EDNS LLQ option data to string. User buffers, moves string pointers. - * @param str: string buffer. - * @param str_len: length of string buffer. - * @param option_data: buffer with EDNS option code data. - * @param option_len: length of the data for this option. - * @return number of characters (except null) needed to print. - */ -int sldns_wire2str_edns_llq_print(char** str, size_t* str_len, - uint8_t* option_data, size_t option_len); - -/** - * Print EDNS UL option data to string. User buffers, moves string pointers. - * @param str: string buffer. - * @param str_len: length of string buffer. - * @param option_data: buffer with EDNS option code data. - * @param option_len: length of the data for this option. - * @return number of characters (except null) needed to print. - */ -int sldns_wire2str_edns_ul_print(char** str, size_t* str_len, - uint8_t* option_data, size_t option_len); - -/** - * Print EDNS NSID option data to string. User buffers, moves string pointers. - * @param str: string buffer. - * @param str_len: length of string buffer. - * @param option_data: buffer with EDNS option code data. - * @param option_len: length of the data for this option. - * @return number of characters (except null) needed to print. - */ -int sldns_wire2str_edns_nsid_print(char** str, size_t* str_len, - uint8_t* option_data, size_t option_len); - -/** - * Print EDNS DAU option data to string. User buffers, moves string pointers. - * @param str: string buffer. - * @param str_len: length of string buffer. - * @param option_data: buffer with EDNS option code data. - * @param option_len: length of the data for this option. - * @return number of characters (except null) needed to print. - */ -int sldns_wire2str_edns_dau_print(char** str, size_t* str_len, - uint8_t* option_data, size_t option_len); - -/** - * Print EDNS DHU option data to string. User buffers, moves string pointers. - * @param str: string buffer. - * @param str_len: length of string buffer. - * @param option_data: buffer with EDNS option code data. - * @param option_len: length of the data for this option. - * @return number of characters (except null) needed to print. - */ -int sldns_wire2str_edns_dhu_print(char** str, size_t* str_len, - uint8_t* option_data, size_t option_len); - -/** - * Print EDNS N3U option data to string. User buffers, moves string pointers. - * @param str: string buffer. - * @param str_len: length of string buffer. - * @param option_data: buffer with EDNS option code data. - * @param option_len: length of the data for this option. - * @return number of characters (except null) needed to print. - */ -int sldns_wire2str_edns_n3u_print(char** str, size_t* str_len, - uint8_t* option_data, size_t option_len); - -/** - * Print EDNS SUBNET option data to string. User buffers, moves string pointers. - * @param str: string buffer. - * @param str_len: length of string buffer. - * @param option_data: buffer with EDNS option code data. - * @param option_len: length of the data for this option. - * @return number of characters (except null) needed to print. - */ -int sldns_wire2str_edns_subnet_print(char** str, size_t* str_len, - uint8_t* option_data, size_t option_len); - -/** - * Print an EDNS option as OPT: VALUE. User buffers, moves string pointers. - * @param str: string buffer. - * @param str_len: length of string buffer. - * @param option_code: host format EDNS option code. - * @param option_data: buffer with EDNS option code data. - * @param option_len: length of the data for this option. - * @return number of characters (except null) needed to print. - */ -int sldns_wire2str_edns_option_print(char** str, size_t* str_len, - uint16_t option_code, uint8_t* option_data, size_t option_len); - -/** - * Scan wireformat EDNS OPT to string, with user buffers. - * It shifts the arguments to move along (see sldns_wire2str_pkt_scan). - * @param data: wireformat data. - * @param data_len: length of data buffer. - * @param str: string buffer. - * @param str_len: length of string buffer. - * @param pkt: packet with header and other info (may be NULL) - * @param pktlen: length of packet buffer. - * @return number of characters (except null) needed to print. - */ -int sldns_wire2str_edns_scan(uint8_t** data, size_t* data_len, char** str, - size_t* str_len, uint8_t* pkt, size_t pktlen); - -#ifdef __cplusplus -} -#endif - -#endif /* LDNS_WIRE2STR_H */ diff --git a/external/unbound/smallapp/unbound-anchor.c b/external/unbound/smallapp/unbound-anchor.c deleted file mode 100644 index 2828088d9..000000000 --- a/external/unbound/smallapp/unbound-anchor.c +++ /dev/null @@ -1,2346 +0,0 @@ -/* - * unbound-anchor.c - update the root anchor if necessary. - * - * Copyright (c) 2010, NLnet Labs. All rights reserved. - * - * This software is open source. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * Redistributions of source code must retain the above copyright notice, - * this list of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, - * this list of conditions and the following disclaimer in the documentation - * and/or other materials provided with the distribution. - * - * Neither the name of the NLNET LABS nor the names of its contributors may - * be used to endorse or promote products derived from this software without - * specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR - * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT - * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED - * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR - * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF - * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING - * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -/** - * \file - * - * This file checks to see that the current 5011 keys work to prime the - * current root anchor. If not a certificate is used to update the anchor, - * with RFC7958 https xml fetch. - * - * This is a concept solution for distribution of the DNSSEC root - * trust anchor. It is a small tool, called "unbound-anchor", that - * runs before the main validator starts. I.e. in the init script: - * unbound-anchor; unbound. Thus it is meant to run at system boot time. - * - * Management-Abstract: - * * first run: fill root.key file with hardcoded DS record. - * * mostly: use RFC5011 tracking, quick . DNSKEY UDP query. - * * failover: use RFC7958 builtin certificate, do https and update. - * Special considerations: - * * 30-days RFC5011 timer saves a lot of https traffic. - * * DNSKEY probe must be NOERROR, saves a lot of https traffic. - * * fail if clock before sign date of the root, if cert expired. - * * if the root goes back to unsigned, deals with it. - * - * It has hardcoded the root DS anchors and the ICANN CA root certificate. - * It allows with options to override those. It also takes root-hints (it - * has to do a DNS resolve), and also has hardcoded defaults for those. - * - * Once it starts, just before the validator starts, it quickly checks if - * the root anchor file needs to be updated. First it tries to use - * RFC5011-tracking of the root key. If that fails (and for 30-days since - * last successful probe), then it attempts to update using the - * certificate. So most of the time, the RFC5011 tracking will work fine, - * and within a couple milliseconds, the main daemon can start. It will - * have only probed the . DNSKEY, not done expensive https transfers on the - * root infrastructure. - * - * If there is no root key in the root.key file, it bootstraps the - * RFC5011-tracking with its builtin DS anchors; if that fails it - * bootstraps the RFC5011-tracking using the certificate. (again to avoid - * https, and it is also faster). - * - * It uses the XML file by converting it to DS records and writing that to the - * key file. Unbound can detect that the 'special comments' are gone, and - * the file contains a list of normal DNSKEY/DS records, and uses that to - * bootstrap 5011 (the KSK is made VALID). - * - * The certificate RFC7958 update is done by fetching root-anchors.xml and - * root-anchors.p7s via SSL. The HTTPS certificate can be logged but is - * not validated (https for channel security; the security comes from the - * certificate). The 'data.iana.org' domain name A and AAAA are resolved - * without DNSSEC. It tries a random IP until the transfer succeeds. It - * then checks the p7s signature. - * - * On any failure, it leaves the root key file untouched. The main - * validator has to cope with it, it cannot fix things (So a failure does - * not go 'without DNSSEC', no downgrade). If it used its builtin stuff or - * did the https, it exits with an exit code, so that this can trigger the - * init script to log the event and potentially alert the operator that can - * do a manual check. - * - * The date is also checked. Before 2010-07-15 is a failure (root not - * signed yet; avoids attacks on system clock). The - * last-successful-RFC5011-probe (if available) has to be more than 30 days - * in the past (otherwise, RFC5011 should have worked). This keeps - * unnecessary https traffic down. If the main certificate is expired, it - * fails. - * - * The dates on the keys in the xml are checked (uses the libexpat xml - * parser), only the valid ones are used to re-enstate RFC5011 tracking. - * If 0 keys are valid, the zone has gone to insecure (a special marker is - * written in the keyfile that tells the main validator daemon the zone is - * insecure). - * - * Only the root ICANN CA is shipped, not the intermediate ones. The - * intermediate CAs are included in the p7s file that was downloaded. (the - * root cert is valid to 2028 and the intermediate to 2014, today). - * - * Obviously, the tool also has options so the operator can provide a new - * keyfile, a new certificate and new URLs, and fresh root hints. By - * default it logs nothing on failure and success; it 'just works'. - * - */ - -#include "config.h" -#include "libunbound/unbound.h" -#include "sldns/rrdef.h" -#include "sldns/parseutil.h" -#include -#ifndef HAVE_EXPAT_H -#error "need libexpat to parse root-anchors.xml file." -#endif -#ifdef HAVE_GETOPT_H -#include -#endif -#ifdef HAVE_OPENSSL_SSL_H -#include -#endif -#ifdef HAVE_OPENSSL_ERR_H -#include -#endif -#ifdef HAVE_OPENSSL_RAND_H -#include -#endif -#include -#include -#include - -/** name of server in URL to fetch HTTPS from */ -#define URLNAME "data.iana.org" -/** path on HTTPS server to xml file */ -#define XMLNAME "root-anchors/root-anchors.xml" -/** path on HTTPS server to p7s file */ -#define P7SNAME "root-anchors/root-anchors.p7s" -/** name of the signer of the certificate */ -#define P7SIGNER "dnssec@iana.org" -/** port number for https access */ -#define HTTPS_PORT 443 - -#ifdef USE_WINSOCK -/* sneakily reuse the the wsa_strerror function, on windows */ -char* wsa_strerror(int err); -#endif - -/** verbosity for this application */ -static int verb = 0; - -/** list of IP addresses */ -struct ip_list { - /** next in list */ - struct ip_list* next; - /** length of addr */ - socklen_t len; - /** address ready to connect to */ - struct sockaddr_storage addr; - /** has the address been used */ - int used; -}; - -/** Give unbound-anchor usage, and exit (1). */ -static void -usage(void) -{ - printf("Usage: unbound-anchor [opts]\n"); - printf(" Setup or update root anchor. " - "Most options have defaults.\n"); - printf(" Run this program before you start the validator.\n"); - printf("\n"); - printf(" The anchor and cert have default builtin content\n"); - printf(" if the file does not exist or is empty.\n"); - printf("\n"); - printf("-a file root key file, default %s\n", ROOT_ANCHOR_FILE); - printf(" The key is input and output for this tool.\n"); - printf("-c file cert file, default %s\n", ROOT_CERT_FILE); - printf("-l list builtin key and cert on stdout\n"); - printf("-u name server in https url, default %s\n", URLNAME); - printf("-x path pathname to xml in url, default %s\n", XMLNAME); - printf("-s path pathname to p7s in url, default %s\n", P7SNAME); - printf("-n name signer's subject emailAddress, default %s\n", P7SIGNER); - printf("-4 work using IPv4 only\n"); - printf("-6 work using IPv6 only\n"); - printf("-f resolv.conf use given resolv.conf to resolve -u name\n"); - printf("-r root.hints use given root.hints to resolve -u name\n" - " builtin root hints are used by default\n"); - printf("-v more verbose\n"); - printf("-C conf debug, read config\n"); - printf("-P port use port for https connect, default 443\n"); - printf("-F debug, force update with cert\n"); - printf("-h show this usage help\n"); - printf("Version %s\n", PACKAGE_VERSION); - printf("BSD licensed, see LICENSE in source package for details.\n"); - printf("Report bugs to %s\n", PACKAGE_BUGREPORT); - exit(1); -} - -/** return the built in root update certificate */ -static const char* -get_builtin_cert(void) -{ - return -/* The ICANN CA fetched at 24 Sep 2010. Valid to 2028 */ -"-----BEGIN CERTIFICATE-----\n" -"MIIDdzCCAl+gAwIBAgIBATANBgkqhkiG9w0BAQsFADBdMQ4wDAYDVQQKEwVJQ0FO\n" -"TjEmMCQGA1UECxMdSUNBTk4gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxFjAUBgNV\n" -"BAMTDUlDQU5OIFJvb3QgQ0ExCzAJBgNVBAYTAlVTMB4XDTA5MTIyMzA0MTkxMloX\n" -"DTI5MTIxODA0MTkxMlowXTEOMAwGA1UEChMFSUNBTk4xJjAkBgNVBAsTHUlDQU5O\n" -"IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MRYwFAYDVQQDEw1JQ0FOTiBSb290IENB\n" -"MQswCQYDVQQGEwJVUzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKDb\n" -"cLhPNNqc1NB+u+oVvOnJESofYS9qub0/PXagmgr37pNublVThIzyLPGCJ8gPms9S\n" -"G1TaKNIsMI7d+5IgMy3WyPEOECGIcfqEIktdR1YWfJufXcMReZwU4v/AdKzdOdfg\n" -"ONiwc6r70duEr1IiqPbVm5T05l1e6D+HkAvHGnf1LtOPGs4CHQdpIUcy2kauAEy2\n" -"paKcOcHASvbTHK7TbbvHGPB+7faAztABLoneErruEcumetcNfPMIjXKdv1V1E3C7\n" -"MSJKy+jAqqQJqjZoQGB0necZgUMiUv7JK1IPQRM2CXJllcyJrm9WFxY0c1KjBO29\n" -"iIKK69fcglKcBuFShUECAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8B\n" -"Af8EBAMCAf4wHQYDVR0OBBYEFLpS6UmDJIZSL8eZzfyNa2kITcBQMA0GCSqGSIb3\n" -"DQEBCwUAA4IBAQAP8emCogqHny2UYFqywEuhLys7R9UKmYY4suzGO4nkbgfPFMfH\n" -"6M+Zj6owwxlwueZt1j/IaCayoKU3QsrYYoDRolpILh+FPwx7wseUEV8ZKpWsoDoD\n" -"2JFbLg2cfB8u/OlE4RYmcxxFSmXBg0yQ8/IoQt/bxOcEEhhiQ168H2yE5rxJMt9h\n" -"15nu5JBSewrCkYqYYmaxyOC3WrVGfHZxVI7MpIFcGdvSb2a1uyuua8l0BKgk3ujF\n" -"0/wsHNeP22qNyVO+XVBzrM8fk8BSUFuiT/6tZTYXRtEt5aKQZgXbKU5dUF3jT9qg\n" -"j/Br5BZw3X/zd325TvnswzMC1+ljLzHnQGGk\n" -"-----END CERTIFICATE-----\n" - ; -} - -/** return the built in root DS trust anchor */ -static const char* -get_builtin_ds(void) -{ - return -/* anchor 19036 is from 2010 */ -/* anchor 20326 is from 2017 */ -". IN DS 19036 8 2 49AAC11D7B6F6446702E54A1607371607A1A41855200FD2CE1CDDE32F24E8FB5\n" -". IN DS 20326 8 2 E06D44B80B8F1D39A95C0B0D7C65D08458E880409BBC683457104237C7F8EC8D\n"; -} - -/** print hex data */ -static void -print_data(const char* msg, const char* data, int len) -{ - int i; - printf("%s: ", msg); - for(i=0; iaddr)->sin_addr; - if(ip->len != (socklen_t)sizeof(struct sockaddr_in)) - a = &((struct sockaddr_in6*)&ip->addr)->sin6_addr; - - if(inet_ntop((int)((struct sockaddr_in*)&ip->addr)->sin_family, - a, out, (socklen_t)sizeof(out))==0) - printf("%s (inet_ntop error)\n", msg); - else printf("%s %s\n", msg, out); - } -} - -/** free ip_list */ -static void -ip_list_free(struct ip_list* p) -{ - struct ip_list* np; - while(p) { - np = p->next; - free(p); - p = np; - } -} - -/** create ip_list entry for a RR record */ -static struct ip_list* -RR_to_ip(int tp, char* data, int len, int port) -{ - struct ip_list* ip = (struct ip_list*)calloc(1, sizeof(*ip)); - uint16_t p = (uint16_t)port; - if(tp == LDNS_RR_TYPE_A) { - struct sockaddr_in* sa = (struct sockaddr_in*)&ip->addr; - ip->len = (socklen_t)sizeof(*sa); - sa->sin_family = AF_INET; - sa->sin_port = (in_port_t)htons(p); - if(len != (int)sizeof(sa->sin_addr)) { - if(verb) printf("skipped badly formatted A\n"); - free(ip); - return NULL; - } - memmove(&sa->sin_addr, data, sizeof(sa->sin_addr)); - - } else if(tp == LDNS_RR_TYPE_AAAA) { - struct sockaddr_in6* sa = (struct sockaddr_in6*)&ip->addr; - ip->len = (socklen_t)sizeof(*sa); - sa->sin6_family = AF_INET6; - sa->sin6_port = (in_port_t)htons(p); - if(len != (int)sizeof(sa->sin6_addr)) { - if(verb) printf("skipped badly formatted AAAA\n"); - free(ip); - return NULL; - } - memmove(&sa->sin6_addr, data, sizeof(sa->sin6_addr)); - } else { - if(verb) printf("internal error: bad type in RRtoip\n"); - free(ip); - return NULL; - } - verb_addr("resolved server address", ip); - return ip; -} - -/** Resolve name, type, class and add addresses to iplist */ -static void -resolve_host_ip(struct ub_ctx* ctx, const char* host, int port, int tp, int cl, - struct ip_list** head) -{ - struct ub_result* res = NULL; - int r; - int i; - - r = ub_resolve(ctx, host, tp, cl, &res); - if(r) { - if(verb) printf("error: resolve %s %s: %s\n", host, - (tp==LDNS_RR_TYPE_A)?"A":"AAAA", ub_strerror(r)); - return; - } - if(!res) { - if(verb) printf("out of memory\n"); - ub_ctx_delete(ctx); - exit(0); - } - if(!res->havedata || res->rcode || !res->data) { - if(verb) printf("resolve %s %s: no result\n", host, - (tp==LDNS_RR_TYPE_A)?"A":"AAAA"); - return; - } - for(i = 0; res->data[i]; i++) { - struct ip_list* ip = RR_to_ip(tp, res->data[i], res->len[i], - port); - if(!ip) continue; - ip->next = *head; - *head = ip; - } - ub_resolve_free(res); -} - -/** parse a text IP address into a sockaddr */ -static struct ip_list* -parse_ip_addr(const char* str, int port) -{ - socklen_t len = 0; - union { - struct sockaddr_in6 a6; - struct sockaddr_in a; - } addr; - struct ip_list* ip; - uint16_t p = (uint16_t)port; - memset(&addr, 0, sizeof(addr)); - - if(inet_pton(AF_INET6, str, &addr.a6.sin6_addr) > 0) { - /* it is an IPv6 */ - addr.a6.sin6_family = AF_INET6; - addr.a6.sin6_port = (in_port_t)htons(p); - len = (socklen_t)sizeof(addr.a6); - } - if(inet_pton(AF_INET, str, &addr.a.sin_addr) > 0) { - /* it is an IPv4 */ - addr.a.sin_family = AF_INET; - addr.a.sin_port = (in_port_t)htons(p); - len = (socklen_t)sizeof(struct sockaddr_in); - } - if(!len) return NULL; - ip = (struct ip_list*)calloc(1, sizeof(*ip)); - if(!ip) { - if(verb) printf("out of memory\n"); - exit(0); - } - ip->len = len; - memmove(&ip->addr, &addr, len); - if(verb) printf("server address is %s\n", str); - return ip; -} - -/** - * Resolve a domain name (even though the resolver is down and there is - * no trust anchor). Without DNSSEC validation. - * @param host: the name to resolve. - * If this name is an IP4 or IP6 address this address is returned. - * @param port: the port number used for the returned IP structs. - * @param res_conf: resolv.conf (if any). - * @param root_hints: root hints (if any). - * @param debugconf: unbound.conf for debugging options. - * @param ip4only: use only ip4 for resolve and only lookup A - * @param ip6only: use only ip6 for resolve and only lookup AAAA - * default is to lookup A and AAAA using ip4 and ip6. - * @return list of IP addresses. - */ -static struct ip_list* -resolve_name(const char* host, int port, const char* res_conf, - const char* root_hints, const char* debugconf, int ip4only, int ip6only) -{ - struct ub_ctx* ctx; - struct ip_list* list = NULL; - /* first see if name is an IP address itself */ - if( (list=parse_ip_addr(host, port)) ) { - return list; - } - - /* create resolver context */ - ctx = create_unbound_context(res_conf, root_hints, debugconf, - ip4only, ip6only); - - /* try resolution of A */ - if(!ip6only) { - resolve_host_ip(ctx, host, port, LDNS_RR_TYPE_A, - LDNS_RR_CLASS_IN, &list); - } - - /* try resolution of AAAA */ - if(!ip4only) { - resolve_host_ip(ctx, host, port, LDNS_RR_TYPE_AAAA, - LDNS_RR_CLASS_IN, &list); - } - - ub_ctx_delete(ctx); - if(!list) { - if(verb) printf("%s has no IP addresses I can use\n", host); - exit(0); - } - return list; -} - -/** clear used flags */ -static void -wipe_ip_usage(struct ip_list* p) -{ - while(p) { - p->used = 0; - p = p->next; - } -} - -/** cound unused IPs */ -static int -count_unused(struct ip_list* p) -{ - int num = 0; - while(p) { - if(!p->used) num++; - p = p->next; - } - return num; -} - -/** pick random unused element from IP list */ -static struct ip_list* -pick_random_ip(struct ip_list* list) -{ - struct ip_list* p = list; - int num = count_unused(list); - int sel; - if(num == 0) return NULL; - /* not perfect, but random enough */ - sel = (int)arc4random_uniform((uint32_t)num); - /* skip over unused elements that we did not select */ - while(sel > 0 && p) { - if(!p->used) sel--; - p = p->next; - } - /* find the next unused element */ - while(p && p->used) - p = p->next; - if(!p) return NULL; /* robustness */ - return p; -} - -/** close the fd */ -static void -fd_close(int fd) -{ -#ifndef USE_WINSOCK - close(fd); -#else - closesocket(fd); -#endif -} - -/** printout socket errno */ -static void -print_sock_err(const char* msg) -{ -#ifndef USE_WINSOCK - if(verb) printf("%s: %s\n", msg, strerror(errno)); -#else - if(verb) printf("%s: %s\n", msg, wsa_strerror(WSAGetLastError())); -#endif -} - -/** connect to IP address */ -static int -connect_to_ip(struct ip_list* ip) -{ - int fd; - verb_addr("connect to", ip); - fd = socket(ip->len==(socklen_t)sizeof(struct sockaddr_in)? - AF_INET:AF_INET6, SOCK_STREAM, 0); - if(fd == -1) { - print_sock_err("socket"); - return -1; - } - if(connect(fd, (struct sockaddr*)&ip->addr, ip->len) < 0) { - print_sock_err("connect"); - fd_close(fd); - return -1; - } - return fd; -} - -/** create SSL context */ -static SSL_CTX* -setup_sslctx(void) -{ - SSL_CTX* sslctx = SSL_CTX_new(SSLv23_client_method()); - if(!sslctx) { - if(verb) printf("SSL_CTX_new error\n"); - return NULL; - } - return sslctx; -} - -/** initiate TLS on a connection */ -static SSL* -TLS_initiate(SSL_CTX* sslctx, int fd) -{ - X509* x; - int r; - SSL* ssl = SSL_new(sslctx); - if(!ssl) { - if(verb) printf("SSL_new error\n"); - return NULL; - } - SSL_set_connect_state(ssl); - (void)SSL_set_mode(ssl, SSL_MODE_AUTO_RETRY); - if(!SSL_set_fd(ssl, fd)) { - if(verb) printf("SSL_set_fd error\n"); - SSL_free(ssl); - return NULL; - } - while(1) { - ERR_clear_error(); - if( (r=SSL_do_handshake(ssl)) == 1) - break; - r = SSL_get_error(ssl, r); - if(r != SSL_ERROR_WANT_READ && r != SSL_ERROR_WANT_WRITE) { - if(verb) printf("SSL handshake failed\n"); - SSL_free(ssl); - return NULL; - } - /* wants to be called again */ - } - x = SSL_get_peer_certificate(ssl); - if(!x) { - if(verb) printf("Server presented no peer certificate\n"); - SSL_free(ssl); - return NULL; - } - verb_cert("server SSL certificate", x); - X509_free(x); - return ssl; -} - -/** perform neat TLS shutdown */ -static void -TLS_shutdown(int fd, SSL* ssl, SSL_CTX* sslctx) -{ - /* shutdown the SSL connection nicely */ - if(SSL_shutdown(ssl) == 0) { - SSL_shutdown(ssl); - } - SSL_free(ssl); - SSL_CTX_free(sslctx); - fd_close(fd); -} - -/** write a line over SSL */ -static int -write_ssl_line(SSL* ssl, const char* str, const char* sec) -{ - char buf[1024]; - size_t l; - if(sec) { - snprintf(buf, sizeof(buf), str, sec); - } else { - snprintf(buf, sizeof(buf), "%s", str); - } - l = strlen(buf); - if(l+2 >= sizeof(buf)) { - if(verb) printf("line too long\n"); - return 0; - } - if(verb >= 2) printf("SSL_write: %s\n", buf); - buf[l] = '\r'; - buf[l+1] = '\n'; - buf[l+2] = 0; - /* add \r\n */ - if(SSL_write(ssl, buf, (int)strlen(buf)) <= 0) { - if(verb) printf("could not SSL_write %s", str); - return 0; - } - return 1; -} - -/** process header line, check rcode and keeping track of size */ -static int -process_one_header(char* buf, size_t* clen, int* chunked) -{ - if(verb>=2) printf("header: '%s'\n", buf); - if(strncasecmp(buf, "HTTP/1.1 ", 9) == 0) { - /* check returncode */ - if(buf[9] != '2') { - if(verb) printf("bad status %s\n", buf+9); - return 0; - } - } else if(strncasecmp(buf, "Content-Length: ", 16) == 0) { - if(!*chunked) - *clen = (size_t)atoi(buf+16); - } else if(strncasecmp(buf, "Transfer-Encoding: chunked", 19+7) == 0) { - *clen = 0; - *chunked = 1; - } - return 1; -} - -/** - * Read one line from SSL - * zero terminates. - * skips "\r\n" (but not copied to buf). - * @param ssl: the SSL connection to read from (blocking). - * @param buf: buffer to return line in. - * @param len: size of the buffer. - * @return 0 on error, 1 on success. - */ -static int -read_ssl_line(SSL* ssl, char* buf, size_t len) -{ - size_t n = 0; - int r; - int endnl = 0; - while(1) { - if(n >= len) { - if(verb) printf("line too long\n"); - return 0; - } - if((r = SSL_read(ssl, buf+n, 1)) <= 0) { - if(SSL_get_error(ssl, r) == SSL_ERROR_ZERO_RETURN) { - /* EOF */ - break; - } - if(verb) printf("could not SSL_read\n"); - return 0; - } - if(endnl && buf[n] == '\n') { - break; - } else if(endnl) { - /* bad data */ - if(verb) printf("error: stray linefeeds\n"); - return 0; - } else if(buf[n] == '\r') { - /* skip \r, and also \n on the wire */ - endnl = 1; - continue; - } else if(buf[n] == '\n') { - /* skip the \n, we are done */ - break; - } else n++; - } - buf[n] = 0; - return 1; -} - -/** read http headers and process them */ -static size_t -read_http_headers(SSL* ssl, size_t* clen) -{ - char buf[1024]; - int chunked = 0; - *clen = 0; - while(read_ssl_line(ssl, buf, sizeof(buf))) { - if(buf[0] == 0) - return 1; - if(!process_one_header(buf, clen, &chunked)) - return 0; - } - return 0; -} - -/** read a data chunk */ -static char* -read_data_chunk(SSL* ssl, size_t len) -{ - size_t got = 0; - int r; - char* data; - if(len >= 0xfffffff0) - return NULL; /* to protect against integer overflow in malloc*/ - data = malloc(len+1); - if(!data) { - if(verb) printf("out of memory\n"); - return NULL; - } - while(got < len) { - if((r = SSL_read(ssl, data+got, (int)(len-got))) <= 0) { - if(SSL_get_error(ssl, r) == SSL_ERROR_ZERO_RETURN) { - /* EOF */ - if(verb) printf("could not SSL_read: unexpected EOF\n"); - free(data); - return NULL; - } - if(verb) printf("could not SSL_read\n"); - free(data); - return NULL; - } - if(verb >= 2) printf("at %d/%d\n", (int)got, (int)len); - got += r; - } - if(verb>=2) printf("read %d data\n", (int)len); - data[len] = 0; - return data; -} - -/** parse chunk header */ -static int -parse_chunk_header(char* buf, size_t* result) -{ - char* e = NULL; - size_t v = (size_t)strtol(buf, &e, 16); - if(e == buf) - return 0; - *result = v; - return 1; -} - -/** read chunked data from connection */ -static BIO* -do_chunked_read(SSL* ssl) -{ - char buf[1024]; - size_t len; - char* body; - BIO* mem = BIO_new(BIO_s_mem()); - if(verb>=3) printf("do_chunked_read\n"); - if(!mem) { - if(verb) printf("out of memory\n"); - return NULL; - } - while(read_ssl_line(ssl, buf, sizeof(buf))) { - /* read the chunked start line */ - if(verb>=2) printf("chunk header: %s\n", buf); - if(!parse_chunk_header(buf, &len)) { - BIO_free(mem); - if(verb>=3) printf("could not parse chunk header\n"); - return NULL; - } - if(verb>=2) printf("chunk len: %d\n", (int)len); - /* are we done? */ - if(len == 0) { - char z = 0; - /* skip end-of-chunk-trailer lines, - * until the empty line after that */ - do { - if(!read_ssl_line(ssl, buf, sizeof(buf))) { - BIO_free(mem); - return NULL; - } - } while (strlen(buf) > 0); - /* end of chunks, zero terminate it */ - if(BIO_write(mem, &z, 1) <= 0) { - if(verb) printf("out of memory\n"); - BIO_free(mem); - return NULL; - } - return mem; - } - /* read the chunked body */ - body = read_data_chunk(ssl, len); - if(!body) { - BIO_free(mem); - return NULL; - } - if(BIO_write(mem, body, (int)len) <= 0) { - if(verb) printf("out of memory\n"); - free(body); - BIO_free(mem); - return NULL; - } - free(body); - /* skip empty line after data chunk */ - if(!read_ssl_line(ssl, buf, sizeof(buf))) { - BIO_free(mem); - return NULL; - } - } - BIO_free(mem); - return NULL; -} - -/** start HTTP1.1 transaction on SSL */ -static int -write_http_get(SSL* ssl, const char* pathname, const char* urlname) -{ - if(write_ssl_line(ssl, "GET /%s HTTP/1.1", pathname) && - write_ssl_line(ssl, "Host: %s", urlname) && - write_ssl_line(ssl, "User-Agent: unbound-anchor/%s", - PACKAGE_VERSION) && - /* We do not really do multiple queries per connection, - * but this header setting is also not needed. - * write_ssl_line(ssl, "Connection: close", NULL) &&*/ - write_ssl_line(ssl, "", NULL)) { - return 1; - } - return 0; -} - -/** read chunked data and zero terminate; len is without zero */ -static char* -read_chunked_zero_terminate(SSL* ssl, size_t* len) -{ - /* do the chunked version */ - BIO* tmp = do_chunked_read(ssl); - char* data, *d = NULL; - size_t l; - if(!tmp) { - if(verb) printf("could not read from https\n"); - return NULL; - } - l = (size_t)BIO_get_mem_data(tmp, &d); - if(verb>=2) printf("chunked data is %d\n", (int)l); - if(l == 0 || d == NULL) { - if(verb) printf("out of memory\n"); - return NULL; - } - *len = l-1; - data = (char*)malloc(l); - if(data == NULL) { - if(verb) printf("out of memory\n"); - return NULL; - } - memcpy(data, d, l); - BIO_free(tmp); - return data; -} - -/** read HTTP result from SSL */ -static BIO* -read_http_result(SSL* ssl) -{ - size_t len = 0; - char* data; - BIO* m; - if(!read_http_headers(ssl, &len)) { - return NULL; - } - if(len == 0) { - data = read_chunked_zero_terminate(ssl, &len); - } else { - data = read_data_chunk(ssl, len); - } - if(!data) return NULL; - if(verb >= 4) print_data("read data", data, (int)len); - m = BIO_new_mem_buf(data, (int)len); - if(!m) { - if(verb) printf("out of memory\n"); - exit(0); - } - return m; -} - -/** https to an IP addr, return BIO with pathname or NULL */ -static BIO* -https_to_ip(struct ip_list* ip, const char* pathname, const char* urlname) -{ - int fd; - SSL* ssl; - BIO* bio; - SSL_CTX* sslctx = setup_sslctx(); - if(!sslctx) { - return NULL; - } - fd = connect_to_ip(ip); - if(fd == -1) { - SSL_CTX_free(sslctx); - return NULL; - } - ssl = TLS_initiate(sslctx, fd); - if(!ssl) { - SSL_CTX_free(sslctx); - fd_close(fd); - return NULL; - } - if(!write_http_get(ssl, pathname, urlname)) { - if(verb) printf("could not write to server\n"); - SSL_free(ssl); - SSL_CTX_free(sslctx); - fd_close(fd); - return NULL; - } - bio = read_http_result(ssl); - TLS_shutdown(fd, ssl, sslctx); - return bio; -} - -/** - * Do a HTTPS, HTTP1.1 over TLS, to fetch a file - * @param ip_list: list of IP addresses to use to fetch from. - * @param pathname: pathname of file on server to GET. - * @param urlname: name to pass as the virtual host for this request. - * @return a memory BIO with the file in it. - */ -static BIO* -https(struct ip_list* ip_list, const char* pathname, const char* urlname) -{ - struct ip_list* ip; - BIO* bio = NULL; - /* try random address first, and work through the list */ - wipe_ip_usage(ip_list); - while( (ip = pick_random_ip(ip_list)) ) { - ip->used = 1; - bio = https_to_ip(ip, pathname, urlname); - if(bio) break; - } - if(!bio) { - if(verb) printf("could not fetch %s\n", pathname); - exit(0); - } else { - if(verb) printf("fetched %s (%d bytes)\n", - pathname, (int)BIO_ctrl_pending(bio)); - } - return bio; -} - -/** free up a downloaded file BIO */ -static void -free_file_bio(BIO* bio) -{ - char* pp = NULL; - (void)BIO_reset(bio); - (void)BIO_get_mem_data(bio, &pp); - free(pp); - BIO_free(bio); -} - -/** XML parse private data during the parse */ -struct xml_data { - /** the parser, reference */ - XML_Parser parser; - /** the current tag; malloced; or NULL outside of tags */ - char* tag; - /** current date to use during the parse */ - time_t date; - /** number of keys usefully read in */ - int num_keys; - /** the compiled anchors as DS records */ - BIO* ds; - - /** do we want to use this anchor? */ - int use_key; - /** the current anchor: Zone */ - BIO* czone; - /** the current anchor: KeyTag */ - BIO* ctag; - /** the current anchor: Algorithm */ - BIO* calgo; - /** the current anchor: DigestType */ - BIO* cdigtype; - /** the current anchor: Digest*/ - BIO* cdigest; -}; - -/** The BIO for the tag */ -static BIO* -xml_selectbio(struct xml_data* data, const char* tag) -{ - BIO* b = NULL; - if(strcasecmp(tag, "KeyTag") == 0) - b = data->ctag; - else if(strcasecmp(tag, "Algorithm") == 0) - b = data->calgo; - else if(strcasecmp(tag, "DigestType") == 0) - b = data->cdigtype; - else if(strcasecmp(tag, "Digest") == 0) - b = data->cdigest; - return b; -} - -/** - * XML handle character data, the data inside an element. - * @param userData: xml_data structure - * @param s: the character data. May not all be in one callback. - * NOT zero terminated. - * @param len: length of this part of the data. - */ -static void -xml_charhandle(void *userData, const XML_Char *s, int len) -{ - struct xml_data* data = (struct xml_data*)userData; - BIO* b = NULL; - /* skip characters outside of elements */ - if(!data->tag) - return; - if(verb>=4) { - int i; - printf("%s%s charhandle: '", - data->use_key?"use ":"", - data->tag?data->tag:"none"); - for(i=0; itag, "Zone") == 0) { - if(BIO_write(data->czone, s, len) < 0) { - if(verb) printf("out of memory in BIO_write\n"); - exit(0); - } - return; - } - /* only store if key is used */ - if(!data->use_key) - return; - b = xml_selectbio(data, data->tag); - if(b) { - if(BIO_write(b, s, len) < 0) { - if(verb) printf("out of memory in BIO_write\n"); - exit(0); - } - } -} - -/** - * XML fetch value of particular attribute(by name) or NULL if not present. - * @param atts: attribute array (from xml_startelem). - * @param name: name of attribute to look for. - * @return the value or NULL. (ptr into atts). - */ -static const XML_Char* -find_att(const XML_Char **atts, const XML_Char* name) -{ - int i; - for(i=0; atts[i]; i+=2) { - if(strcasecmp(atts[i], name) == 0) - return atts[i+1]; - } - return NULL; -} - -/** - * XML convert DateTime element to time_t. - * [-]CCYY-MM-DDThh:mm:ss[Z|(+|-)hh:mm] - * (with optional .ssssss fractional seconds) - * @param str: the string - * @return a time_t representation or 0 on failure. - */ -static time_t -xml_convertdate(const char* str) -{ - time_t t = 0; - struct tm tm; - const char* s; - /* for this application, ignore minus in front; - * only positive dates are expected */ - s = str; - if(s[0] == '-') s++; - memset(&tm, 0, sizeof(tm)); - /* parse initial content of the string (lots of whitespace allowed) */ - s = strptime(s, "%t%Y%t-%t%m%t-%t%d%tT%t%H%t:%t%M%t:%t%S%t", &tm); - if(!s) { - if(verb) printf("xml_convertdate parse failure %s\n", str); - return 0; - } - /* parse remainder of date string */ - if(*s == '.') { - /* optional '.' and fractional seconds */ - int frac = 0, n = 0; - if(sscanf(s+1, "%d%n", &frac, &n) < 1) { - if(verb) printf("xml_convertdate f failure %s\n", str); - return 0; - } - /* fraction is not used, time_t has second accuracy */ - s++; - s+=n; - } - if(*s == 'Z' || *s == 'z') { - /* nothing to do for this */ - s++; - } else if(*s == '+' || *s == '-') { - /* optional timezone spec: Z or +hh:mm or -hh:mm */ - int hr = 0, mn = 0, n = 0; - if(sscanf(s+1, "%d:%d%n", &hr, &mn, &n) < 2) { - if(verb) printf("xml_convertdate tz failure %s\n", str); - return 0; - } - if(*s == '+') { - tm.tm_hour += hr; - tm.tm_min += mn; - } else { - tm.tm_hour -= hr; - tm.tm_min -= mn; - } - s++; - s += n; - } - if(*s != 0) { - /* not ended properly */ - /* but ignore, (lenient) */ - } - - t = sldns_mktime_from_utc(&tm); - if(t == (time_t)-1) { - if(verb) printf("xml_convertdate mktime failure\n"); - return 0; - } - return t; -} - -/** - * XML handle the KeyDigest start tag, check validity periods. - */ -static void -handle_keydigest(struct xml_data* data, const XML_Char **atts) -{ - data->use_key = 0; - if(find_att(atts, "validFrom")) { - time_t from = xml_convertdate(find_att(atts, "validFrom")); - if(from == 0) { - if(verb) printf("error: xml cannot be parsed\n"); - exit(0); - } - if(data->date < from) - return; - } - if(find_att(atts, "validUntil")) { - time_t until = xml_convertdate(find_att(atts, "validUntil")); - if(until == 0) { - if(verb) printf("error: xml cannot be parsed\n"); - exit(0); - } - if(data->date > until) - return; - } - /* yes we want to use this key */ - data->use_key = 1; - (void)BIO_reset(data->ctag); - (void)BIO_reset(data->calgo); - (void)BIO_reset(data->cdigtype); - (void)BIO_reset(data->cdigest); -} - -/** See if XML element equals the zone name */ -static int -xml_is_zone_name(BIO* zone, const char* name) -{ - char buf[1024]; - char* z = NULL; - long zlen; - (void)BIO_seek(zone, 0); - zlen = BIO_get_mem_data(zone, &z); - if(!zlen || !z) return 0; - /* zero terminate */ - if(zlen >= (long)sizeof(buf)) return 0; - memmove(buf, z, (size_t)zlen); - buf[zlen] = 0; - /* compare */ - return (strncasecmp(buf, name, strlen(name)) == 0); -} - -/** - * XML start of element. This callback is called whenever an XML tag starts. - * XML_Char is UTF8. - * @param userData: the xml_data structure. - * @param name: the tag that starts. - * @param atts: array of strings, pairs of attr = value, ends with NULL. - * i.e. att[0]="att[1]" att[2]="att[3]" att[4]isNull - */ -static void -xml_startelem(void *userData, const XML_Char *name, const XML_Char **atts) -{ - struct xml_data* data = (struct xml_data*)userData; - BIO* b; - if(verb>=4) printf("xml tag start '%s'\n", name); - free(data->tag); - data->tag = strdup(name); - if(!data->tag) { - if(verb) printf("out of memory\n"); - exit(0); - } - if(verb>=4) { - int i; - for(i=0; atts[i]; i+=2) { - printf(" %s='%s'\n", atts[i], atts[i+1]); - } - } - /* handle attributes to particular types */ - if(strcasecmp(name, "KeyDigest") == 0) { - handle_keydigest(data, atts); - return; - } else if(strcasecmp(name, "Zone") == 0) { - (void)BIO_reset(data->czone); - return; - } - - /* for other types we prepare to pick up the data */ - if(!data->use_key) - return; - b = xml_selectbio(data, data->tag); - if(b) { - /* empty it */ - (void)BIO_reset(b); - } -} - -/** Append str to bio */ -static void -xml_append_str(BIO* b, const char* s) -{ - if(BIO_write(b, s, (int)strlen(s)) < 0) { - if(verb) printf("out of memory in BIO_write\n"); - exit(0); - } -} - -/** Append bio to bio */ -static void -xml_append_bio(BIO* b, BIO* a) -{ - char* z = NULL; - long i, len; - (void)BIO_seek(a, 0); - len = BIO_get_mem_data(a, &z); - if(!len || !z) { - if(verb) printf("out of memory in BIO_write\n"); - exit(0); - } - /* remove newlines in the data here */ - for(i=0; ids, ". IN DS "); - xml_append_bio(data->ds, data->ctag); - xml_append_str(data->ds, " "); - xml_append_bio(data->ds, data->calgo); - xml_append_str(data->ds, " "); - xml_append_bio(data->ds, data->cdigtype); - xml_append_str(data->ds, " "); - xml_append_bio(data->ds, data->cdigest); - xml_append_str(data->ds, "\n"); - data->num_keys++; -} - -/** - * XML end of element. This callback is called whenever an XML tag ends. - * XML_Char is UTF8. - * @param userData: the xml_data structure - * @param name: the tag that ends. - */ -static void -xml_endelem(void *userData, const XML_Char *name) -{ - struct xml_data* data = (struct xml_data*)userData; - if(verb>=4) printf("xml tag end '%s'\n", name); - free(data->tag); - data->tag = NULL; - if(strcasecmp(name, "KeyDigest") == 0) { - if(data->use_key) - xml_append_ds(data); - data->use_key = 0; - } else if(strcasecmp(name, "Zone") == 0) { - if(!xml_is_zone_name(data->czone, ".")) { - if(verb) printf("xml not for the right zone\n"); - exit(0); - } - } -} - -/* Stop the parser when an entity declaration is encountered. For safety. */ -static void -xml_entitydeclhandler(void *userData, - const XML_Char *ATTR_UNUSED(entityName), - int ATTR_UNUSED(is_parameter_entity), - const XML_Char *ATTR_UNUSED(value), int ATTR_UNUSED(value_length), - const XML_Char *ATTR_UNUSED(base), - const XML_Char *ATTR_UNUSED(systemId), - const XML_Char *ATTR_UNUSED(publicId), - const XML_Char *ATTR_UNUSED(notationName)) -{ -#if HAVE_DECL_XML_STOPPARSER - (void)XML_StopParser((XML_Parser)userData, XML_FALSE); -#else - (void)userData; -#endif -} - -/** - * XML parser setup of the callbacks for the tags - */ -static void -xml_parse_setup(XML_Parser parser, struct xml_data* data, time_t now) -{ - char buf[1024]; - memset(data, 0, sizeof(*data)); - XML_SetUserData(parser, data); - data->parser = parser; - data->date = now; - data->ds = BIO_new(BIO_s_mem()); - data->ctag = BIO_new(BIO_s_mem()); - data->czone = BIO_new(BIO_s_mem()); - data->calgo = BIO_new(BIO_s_mem()); - data->cdigtype = BIO_new(BIO_s_mem()); - data->cdigest = BIO_new(BIO_s_mem()); - if(!data->ds || !data->ctag || !data->calgo || !data->czone || - !data->cdigtype || !data->cdigest) { - if(verb) printf("out of memory\n"); - exit(0); - } - snprintf(buf, sizeof(buf), "; created by unbound-anchor on %s", - ctime(&now)); - if(BIO_write(data->ds, buf, (int)strlen(buf)) < 0) { - if(verb) printf("out of memory\n"); - exit(0); - } - XML_SetEntityDeclHandler(parser, xml_entitydeclhandler); - XML_SetElementHandler(parser, xml_startelem, xml_endelem); - XML_SetCharacterDataHandler(parser, xml_charhandle); -} - -/** - * Perform XML parsing of the root-anchors file - * Its format description can be read here - * https://data.iana.org/root-anchors/draft-icann-dnssec-trust-anchor.txt - * It uses libexpat. - * @param xml: BIO with xml data. - * @param now: the current time for checking DS validity periods. - * @return memoryBIO with the DS data in zone format. - * or NULL if the zone is insecure. - * (It exit()s on error) - */ -static BIO* -xml_parse(BIO* xml, time_t now) -{ - char* pp; - int len; - XML_Parser parser; - struct xml_data data; - - parser = XML_ParserCreate(NULL); - if(!parser) { - if(verb) printf("could not XML_ParserCreate\n"); - exit(0); - } - - /* setup callbacks */ - xml_parse_setup(parser, &data, now); - - /* parse it */ - (void)BIO_reset(xml); - len = (int)BIO_get_mem_data(xml, &pp); - if(!len || !pp) { - if(verb) printf("out of memory\n"); - exit(0); - } - if(!XML_Parse(parser, pp, len, 1 /*isfinal*/ )) { - const char *e = XML_ErrorString(XML_GetErrorCode(parser)); - if(verb) printf("XML_Parse failure %s\n", e?e:""); - exit(0); - } - - /* parsed */ - if(verb) printf("XML was parsed successfully, %d keys\n", - data.num_keys); - free(data.tag); - XML_ParserFree(parser); - - if(verb >= 4) { - (void)BIO_seek(data.ds, 0); - len = BIO_get_mem_data(data.ds, &pp); - printf("got DS bio %d: '", len); - if(!fwrite(pp, (size_t)len, 1, stdout)) - /* compilers do not allow us to ignore fwrite .. */ - fprintf(stderr, "error writing to stdout\n"); - printf("'\n"); - } - BIO_free(data.czone); - BIO_free(data.ctag); - BIO_free(data.calgo); - BIO_free(data.cdigtype); - BIO_free(data.cdigest); - - if(data.num_keys == 0) { - /* the root zone seems to have gone insecure */ - BIO_free(data.ds); - return NULL; - } else { - return data.ds; - } -} - -/* get key usage out of its extension, returns 0 if no key_usage extension */ -static unsigned long -get_usage_of_ex(X509* cert) -{ - unsigned long val = 0; - ASN1_BIT_STRING* s; - if((s=X509_get_ext_d2i(cert, NID_key_usage, NULL, NULL))) { - if(s->length > 0) { - val = s->data[0]; - if(s->length > 1) - val |= s->data[1] << 8; - } - ASN1_BIT_STRING_free(s); - } - return val; -} - -/** get valid signers from the list of signers in the signature */ -static STACK_OF(X509)* -get_valid_signers(PKCS7* p7, const char* p7signer) -{ - int i; - STACK_OF(X509)* validsigners = sk_X509_new_null(); - STACK_OF(X509)* signers = PKCS7_get0_signers(p7, NULL, 0); - unsigned long usage = 0; - if(!validsigners) { - if(verb) printf("out of memory\n"); - sk_X509_free(signers); - return NULL; - } - if(!signers) { - if(verb) printf("no signers in pkcs7 signature\n"); - sk_X509_free(validsigners); - return NULL; - } - for(i=0; i= 3 && X509_NAME_get_text_by_NID(nm, - NID_commonName, buf, (int)sizeof(buf))) - printf("commonName: %s\n", buf); - if(verb >= 3 && X509_NAME_get_text_by_NID(nm, - NID_pkcs9_emailAddress, buf, (int)sizeof(buf))) - printf("emailAddress: %s\n", buf); - } - if(verb) { - int ku_loc = X509_get_ext_by_NID( - sk_X509_value(signers, i), NID_key_usage, -1); - if(verb >= 3 && ku_loc >= 0) { - X509_EXTENSION *ex = X509_get_ext( - sk_X509_value(signers, i), ku_loc); - if(ex) { - printf("keyUsage: "); - X509V3_EXT_print_fp(stdout, ex, 0, 0); - printf("\n"); - } - } - } - if(!p7signer || strcmp(p7signer, "")==0) { - /* there is no name to check, return all records */ - if(verb) printf("did not check commonName of signer\n"); - } else { - if(!X509_NAME_get_text_by_NID(nm, - NID_pkcs9_emailAddress, - buf, (int)sizeof(buf))) { - if(verb) printf("removed cert with no name\n"); - continue; /* no name, no use */ - } - if(strcmp(buf, p7signer) != 0) { - if(verb) printf("removed cert with wrong name\n"); - continue; /* wrong name, skip it */ - } - } - - /* check that the key usage allows digital signatures - * (the p7s) */ - usage = get_usage_of_ex(sk_X509_value(signers, i)); - if(!(usage & KU_DIGITAL_SIGNATURE)) { - if(verb) printf("removed cert with no key usage Digital Signature allowed\n"); - continue; - } - - /* we like this cert, add it to our list of valid - * signers certificates */ - sk_X509_push(validsigners, sk_X509_value(signers, i)); - } - sk_X509_free(signers); - return validsigners; -} - -/** verify a PKCS7 signature, false on failure */ -static int -verify_p7sig(BIO* data, BIO* p7s, STACK_OF(X509)* trust, const char* p7signer) -{ - PKCS7* p7; - X509_STORE *store = X509_STORE_new(); - STACK_OF(X509)* validsigners; - int secure = 0; - int i; -#ifdef X509_V_FLAG_CHECK_SS_SIGNATURE - X509_VERIFY_PARAM* param = X509_VERIFY_PARAM_new(); - if(!param) { - if(verb) printf("out of memory\n"); - X509_STORE_free(store); - return 0; - } - /* do the selfcheck on the root certificate; it checks that the - * input is valid */ - X509_VERIFY_PARAM_set_flags(param, X509_V_FLAG_CHECK_SS_SIGNATURE); - if(store) X509_STORE_set1_param(store, param); -#endif - if(!store) { - if(verb) printf("out of memory\n"); -#ifdef X509_V_FLAG_CHECK_SS_SIGNATURE - X509_VERIFY_PARAM_free(param); -#endif - return 0; - } -#ifdef X509_V_FLAG_CHECK_SS_SIGNATURE - X509_VERIFY_PARAM_free(param); -#endif - - (void)BIO_reset(p7s); - (void)BIO_reset(data); - - /* convert p7s to p7 (the signature) */ - p7 = d2i_PKCS7_bio(p7s, NULL); - if(!p7) { - if(verb) printf("could not parse p7s signature file\n"); - X509_STORE_free(store); - return 0; - } - if(verb >= 2) printf("parsed the PKCS7 signature\n"); - - /* convert trust to trusted certificate store */ - for(i=0; i= 2) printf("setup the X509_STORE\n"); - - /* check what is in the Subject name of the certificates, - * and build a stack that contains only the right certificates */ - validsigners = get_valid_signers(p7, p7signer); - if(!validsigners) { - X509_STORE_free(store); - PKCS7_free(p7); - return 0; - } - if(PKCS7_verify(p7, validsigners, store, data, NULL, PKCS7_NOINTERN) == 1) { - secure = 1; - if(verb) printf("the PKCS7 signature verified\n"); - } else { - if(verb) { - ERR_print_errors_fp(stdout); - } - } - - sk_X509_free(validsigners); - X509_STORE_free(store); - PKCS7_free(p7); - return secure; -} - -/** write unsigned root anchor file, a 5011 revoked tp */ -static void -write_unsigned_root(const char* root_anchor_file) -{ - FILE* out; - time_t now = time(NULL); - out = fopen(root_anchor_file, "w"); - if(!out) { - if(verb) printf("%s: %s\n", root_anchor_file, strerror(errno)); - return; - } - if(fprintf(out, "; autotrust trust anchor file\n" - ";;REVOKED\n" - ";;id: . 1\n" - "; This file was written by unbound-anchor on %s" - "; It indicates that the root does not use DNSSEC\n" - "; to restart DNSSEC overwrite this file with a\n" - "; valid trustanchor or (empty-it and run unbound-anchor)\n" - , ctime(&now)) < 0) { - if(verb) printf("failed to write 'unsigned' to %s\n", - root_anchor_file); - if(verb && errno != 0) printf("%s\n", strerror(errno)); - } - fflush(out); -#ifdef HAVE_FSYNC - fsync(fileno(out)); -#else - FlushFileBuffers((HANDLE)_get_osfhandle(_fileno(out))); -#endif - fclose(out); -} - -/** write root anchor file */ -static void -write_root_anchor(const char* root_anchor_file, BIO* ds) -{ - char* pp = NULL; - int len; - FILE* out; - (void)BIO_seek(ds, 0); - len = BIO_get_mem_data(ds, &pp); - if(!len || !pp) { - if(verb) printf("out of memory\n"); - return; - } - out = fopen(root_anchor_file, "w"); - if(!out) { - if(verb) printf("%s: %s\n", root_anchor_file, strerror(errno)); - return; - } - if(fwrite(pp, (size_t)len, 1, out) != 1) { - if(verb) printf("failed to write all data to %s\n", - root_anchor_file); - if(verb && errno != 0) printf("%s\n", strerror(errno)); - } - fflush(out); -#ifdef HAVE_FSYNC - fsync(fileno(out)); -#else - FlushFileBuffers((HANDLE)_get_osfhandle(_fileno(out))); -#endif - fclose(out); -} - -/** Perform the verification and update of the trustanchor file */ -static void -verify_and_update_anchor(const char* root_anchor_file, BIO* xml, BIO* p7s, - STACK_OF(X509)* cert, const char* p7signer) -{ - BIO* ds; - - /* verify xml file */ - if(!verify_p7sig(xml, p7s, cert, p7signer)) { - printf("the PKCS7 signature failed\n"); - exit(0); - } - - /* parse the xml file into DS records */ - ds = xml_parse(xml, time(NULL)); - if(!ds) { - /* the root zone is unsigned now */ - write_unsigned_root(root_anchor_file); - } else { - /* reinstate 5011 tracking */ - write_root_anchor(root_anchor_file, ds); - } - BIO_free(ds); -} - -#ifdef USE_WINSOCK -static void do_wsa_cleanup(void) { WSACleanup(); } -#endif - -/** perform actual certupdate work */ -static int -do_certupdate(const char* root_anchor_file, const char* root_cert_file, - const char* urlname, const char* xmlname, const char* p7sname, - const char* p7signer, const char* res_conf, const char* root_hints, - const char* debugconf, int ip4only, int ip6only, int port, - struct ub_result* dnskey) -{ - STACK_OF(X509)* cert; - BIO *xml, *p7s; - struct ip_list* ip_list = NULL; - - /* read pem file or provide builtin */ - cert = read_cert_or_builtin(root_cert_file); - - /* lookup A, AAAA for the urlname (or parse urlname if IP address) */ - ip_list = resolve_name(urlname, port, res_conf, root_hints, debugconf, - ip4only, ip6only); - -#ifdef USE_WINSOCK - if(1) { /* libunbound finished, startup WSA for the https connection */ - WSADATA wsa_data; - int r; - if((r = WSAStartup(MAKEWORD(2,2), &wsa_data)) != 0) { - if(verb) printf("WSAStartup failed: %s\n", - wsa_strerror(r)); - exit(0); - } - atexit(&do_wsa_cleanup); - } -#endif - - /* fetch the necessary files over HTTPS */ - xml = https(ip_list, xmlname, urlname); - p7s = https(ip_list, p7sname, urlname); - - /* verify and update the root anchor */ - verify_and_update_anchor(root_anchor_file, xml, p7s, cert, p7signer); - if(verb) printf("success: the anchor has been updated " - "using the cert\n"); - - free_file_bio(xml); - free_file_bio(p7s); -#ifndef S_SPLINT_S - sk_X509_pop_free(cert, X509_free); -#endif - ub_resolve_free(dnskey); - ip_list_free(ip_list); - return 1; -} - -/** - * Try to read the root RFC5011 autotrust anchor file, - * @param file: filename. - * @return: - * 0 if does not exist or empty - * 1 if trust-point-revoked-5011 - * 2 if it is OK. - */ -static int -try_read_anchor(const char* file) -{ - int empty = 1; - char line[10240]; - char* p; - FILE* in = fopen(file, "r"); - if(!in) { - /* only if the file does not exist, can we fix it */ - if(errno != ENOENT) { - if(verb) printf("%s: %s\n", file, strerror(errno)); - if(verb) printf("error: cannot access the file\n"); - exit(0); - } - if(verb) printf("%s does not exist\n", file); - return 0; - } - while(fgets(line, (int)sizeof(line), in)) { - line[sizeof(line)-1] = 0; - if(strncmp(line, ";;REVOKED", 9) == 0) { - fclose(in); - if(verb) printf("%s : the trust point is revoked\n" - "and the zone is considered unsigned.\n" - "if you wish to re-enable, delete the file\n", - file); - return 1; - } - p=line; - while(*p == ' ' || *p == '\t') - p++; - if(p[0]==0 || p[0]=='\n' || p[0]==';') continue; - /* this line is a line of content */ - empty = 0; - } - fclose(in); - if(empty) { - if(verb) printf("%s is empty\n", file); - return 0; - } - if(verb) printf("%s has content\n", file); - return 2; -} - -/** Write the builtin root anchor to a file */ -static void -write_builtin_anchor(const char* file) -{ - const char* builtin_root_anchor = get_builtin_ds(); - FILE* out = fopen(file, "w"); - if(!out) { - if(verb) printf("%s: %s\n", file, strerror(errno)); - if(verb) printf(" could not write builtin anchor\n"); - return; - } - if(!fwrite(builtin_root_anchor, strlen(builtin_root_anchor), 1, out)) { - if(verb) printf("%s: %s\n", file, strerror(errno)); - if(verb) printf(" could not complete write builtin anchor\n"); - } - fclose(out); -} - -/** - * Check the root anchor file. - * If does not exist, provide builtin and write file. - * If empty, provide builtin and write file. - * If trust-point-revoked-5011 file: make the program exit. - * @param root_anchor_file: filename of the root anchor. - * @param used_builtin: set to 1 if the builtin is written. - * @return 0 if trustpoint is insecure, 1 on success. Exit on failure. - */ -static int -provide_builtin(const char* root_anchor_file, int* used_builtin) -{ - /* try to read it */ - switch(try_read_anchor(root_anchor_file)) - { - case 0: /* no exist or empty */ - write_builtin_anchor(root_anchor_file); - *used_builtin = 1; - break; - case 1: /* revoked tp */ - return 0; - case 2: /* it is fine */ - default: - break; - } - return 1; -} - -/** - * add an autotrust anchor for the root to the context - */ -static void -add_5011_probe_root(struct ub_ctx* ctx, const char* root_anchor_file) -{ - int r; - r = ub_ctx_set_option(ctx, "auto-trust-anchor-file:", root_anchor_file); - if(r) { - if(verb) printf("add 5011 probe to ctx: %s\n", ub_strerror(r)); - ub_ctx_delete(ctx); - exit(0); - } -} - -/** - * Prime the root key and return the result. Exit on error. - * @param ctx: the unbound context to perform the priming with. - * @return: the result of the prime, on error it exit()s. - */ -static struct ub_result* -prime_root_key(struct ub_ctx* ctx) -{ - struct ub_result* res = NULL; - int r; - r = ub_resolve(ctx, ".", LDNS_RR_TYPE_DNSKEY, LDNS_RR_CLASS_IN, &res); - if(r) { - if(verb) printf("resolve DNSKEY: %s\n", ub_strerror(r)); - ub_ctx_delete(ctx); - exit(0); - } - if(!res) { - if(verb) printf("out of memory\n"); - ub_ctx_delete(ctx); - exit(0); - } - return res; -} - -/** see if ADDPEND keys exist in autotrust file (if possible) */ -static int -read_if_pending_keys(const char* file) -{ - FILE* in = fopen(file, "r"); - char line[8192]; - if(!in) { - if(verb>=2) printf("%s: %s\n", file, strerror(errno)); - return 0; - } - while(fgets(line, (int)sizeof(line), in)) { - if(line[0]==';') continue; - if(strstr(line, "[ ADDPEND ]")) { - fclose(in); - if(verb) printf("RFC5011-state has ADDPEND keys\n"); - return 1; - } - } - fclose(in); - return 0; -} - -/** read last successful probe time from autotrust file (if possible) */ -static int32_t -read_last_success_time(const char* file) -{ - FILE* in = fopen(file, "r"); - char line[1024]; - if(!in) { - if(verb) printf("%s: %s\n", file, strerror(errno)); - return 0; - } - while(fgets(line, (int)sizeof(line), in)) { - if(strncmp(line, ";;last_success: ", 16) == 0) { - char* e; - time_t x = (unsigned int)strtol(line+16, &e, 10); - fclose(in); - if(line+16 == e) { - if(verb) printf("failed to parse " - "last_success probe time\n"); - return 0; - } - if(verb) printf("last successful probe: %s", ctime(&x)); - return (int32_t)x; - } - } - fclose(in); - if(verb) printf("no last_success probe time in anchor file\n"); - return 0; -} - -/** - * Read autotrust 5011 probe file and see if the date - * compared to the current date allows a certupdate. - * If the last successful probe was recent then 5011 cannot be behind, - * and the failure cannot be solved with a certupdate. - * The debugconf is to validation-override the date for testing. - * @param root_anchor_file: filename of root key - * @return true if certupdate is ok. - */ -static int -probe_date_allows_certupdate(const char* root_anchor_file) -{ - int has_pending_keys = read_if_pending_keys(root_anchor_file); - int32_t last_success = read_last_success_time(root_anchor_file); - int32_t now = (int32_t)time(NULL); - int32_t leeway = 30 * 24 * 3600; /* 30 days leeway */ - /* if the date is before 2010-07-15:00.00.00 then the root has not - * been signed yet, and thus we refuse to take action. */ - if(time(NULL) < xml_convertdate("2010-07-15T00:00:00")) { - if(verb) printf("the date is before the root was first signed," - " please correct the clock\n"); - return 0; - } - if(last_success == 0) - return 1; /* no probe time */ - if(has_pending_keys) - return 1; /* key in ADDPEND state, a previous probe has - inserted that, and it was present in all recent probes, - but it has not become active. The 30 day timer may not have - expired, but we know(for sure) there is a rollover going on. - If we only managed to pickup the new key on its last day - of announcement (for example) this can happen. */ - if(now - last_success < 0) { - if(verb) printf("the last successful probe is in the future," - " clock was modified\n"); - return 0; - } - if(now - last_success >= leeway) { - if(verb) printf("the last successful probe was more than 30 " - "days ago\n"); - return 1; - } - if(verb) printf("the last successful probe is recent\n"); - return 0; -} - -/** perform the unbound-anchor work */ -static int -do_root_update_work(const char* root_anchor_file, const char* root_cert_file, - const char* urlname, const char* xmlname, const char* p7sname, - const char* p7signer, const char* res_conf, const char* root_hints, - const char* debugconf, int ip4only, int ip6only, int force, int port) -{ - struct ub_ctx* ctx; - struct ub_result* dnskey; - int used_builtin = 0; - - /* see if builtin rootanchor needs to be provided, or if - * rootanchor is 'revoked-trust-point' */ - if(!provide_builtin(root_anchor_file, &used_builtin)) - return 0; - - /* make unbound context with 5011-probe for root anchor, - * and probe . DNSKEY */ - ctx = create_unbound_context(res_conf, root_hints, debugconf, - ip4only, ip6only); - add_5011_probe_root(ctx, root_anchor_file); - dnskey = prime_root_key(ctx); - ub_ctx_delete(ctx); - - /* if secure: exit */ - if(dnskey->secure && !force) { - if(verb) printf("success: the anchor is ok\n"); - ub_resolve_free(dnskey); - return used_builtin; - } - if(force && verb) printf("debug cert update forced\n"); - - /* if not (and NOERROR): check date and do certupdate */ - if((dnskey->rcode == 0 && - probe_date_allows_certupdate(root_anchor_file)) || force) { - if(do_certupdate(root_anchor_file, root_cert_file, urlname, - xmlname, p7sname, p7signer, res_conf, root_hints, - debugconf, ip4only, ip6only, port, dnskey)) - return 1; - return used_builtin; - } - if(verb) printf("fail: the anchor is NOT ok and could not be fixed\n"); - ub_resolve_free(dnskey); - return used_builtin; -} - -/** getopt global, in case header files fail to declare it. */ -extern int optind; -/** getopt global, in case header files fail to declare it. */ -extern char* optarg; - -/** Main routine for unbound-anchor */ -int main(int argc, char* argv[]) -{ - int c; - const char* root_anchor_file = ROOT_ANCHOR_FILE; - const char* root_cert_file = ROOT_CERT_FILE; - const char* urlname = URLNAME; - const char* xmlname = XMLNAME; - const char* p7sname = P7SNAME; - const char* p7signer = P7SIGNER; - const char* res_conf = NULL; - const char* root_hints = NULL; - const char* debugconf = NULL; - int dolist=0, ip4only=0, ip6only=0, force=0, port = HTTPS_PORT; - /* parse the options */ - while( (c=getopt(argc, argv, "46C:FP:a:c:f:hln:r:s:u:vx:")) != -1) { - switch(c) { - case 'l': - dolist = 1; - break; - case '4': - ip4only = 1; - break; - case '6': - ip6only = 1; - break; - case 'a': - root_anchor_file = optarg; - break; - case 'c': - root_cert_file = optarg; - break; - case 'u': - urlname = optarg; - break; - case 'x': - xmlname = optarg; - break; - case 's': - p7sname = optarg; - break; - case 'n': - p7signer = optarg; - break; - case 'f': - res_conf = optarg; - break; - case 'r': - root_hints = optarg; - break; - case 'C': - debugconf = optarg; - break; - case 'F': - force = 1; - break; - case 'P': - port = atoi(optarg); - break; - case 'v': - verb++; - break; - case '?': - case 'h': - default: - usage(); - } - } - argc -= optind; - argv += optind; - if(argc != 0) - usage(); - -#ifdef HAVE_ERR_LOAD_CRYPTO_STRINGS - ERR_load_crypto_strings(); -#endif - ERR_load_SSL_strings(); -#if OPENSSL_VERSION_NUMBER < 0x10100000 || !defined(HAVE_OPENSSL_INIT_CRYPTO) - OpenSSL_add_all_algorithms(); -#else - OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS - | OPENSSL_INIT_ADD_ALL_DIGESTS - | OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL); -#endif -#if OPENSSL_VERSION_NUMBER < 0x10100000 || !defined(HAVE_OPENSSL_INIT_SSL) - (void)SSL_library_init(); -#else - (void)OPENSSL_init_ssl(0, NULL); -#endif - - if(dolist) do_list_builtin(); - - return do_root_update_work(root_anchor_file, root_cert_file, urlname, - xmlname, p7sname, p7signer, res_conf, root_hints, debugconf, - ip4only, ip6only, force, port); -} diff --git a/external/unbound/smallapp/unbound-checkconf.c b/external/unbound/smallapp/unbound-checkconf.c deleted file mode 100644 index ddf8b3a75..000000000 --- a/external/unbound/smallapp/unbound-checkconf.c +++ /dev/null @@ -1,619 +0,0 @@ -/* - * checkconf/unbound-checkconf.c - config file checker for unbound.conf file. - * - * Copyright (c) 2007, NLnet Labs. All rights reserved. - * - * This software is open source. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * Redistributions of source code must retain the above copyright notice, - * this list of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, - * this list of conditions and the following disclaimer in the documentation - * and/or other materials provided with the distribution. - * - * Neither the name of the NLNET LABS nor the names of its contributors may - * be used to endorse or promote products derived from this software without - * specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR - * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT - * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED - * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR - * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF - * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING - * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -/** - * \file - * - * The config checker checks for syntax and other errors in the unbound.conf - * file, and can be used to check for errors before the server is started - * or sigHUPped. - * Exit status 1 means an error. - */ - -#include "config.h" -#include "util/log.h" -#include "util/config_file.h" -#include "util/module.h" -#include "util/net_help.h" -#include "util/regional.h" -#include "iterator/iterator.h" -#include "iterator/iter_fwd.h" -#include "iterator/iter_hints.h" -#include "validator/validator.h" -#include "services/localzone.h" -#include "services/view.h" -#include "respip/respip.h" -#include "sldns/sbuffer.h" -#ifdef HAVE_GETOPT_H -#include -#endif -#ifdef HAVE_PWD_H -#include -#endif -#ifdef HAVE_SYS_STAT_H -#include -#endif -#ifdef HAVE_GLOB_H -#include -#endif -#ifdef WITH_PYTHONMODULE -#include "pythonmod/pythonmod.h" -#endif - -/** Give checkconf usage, and exit (1). */ -static void -usage(void) -{ - printf("Usage: unbound-checkconf [file]\n"); - printf(" Checks unbound configuration file for errors.\n"); - printf("file if omitted %s is used.\n", CONFIGFILE); - printf("-o option print value of option to stdout.\n"); - printf("-f output full pathname with chroot applied, eg. with -o pidfile.\n"); - printf("-h show this usage help.\n"); - printf("Version %s\n", PACKAGE_VERSION); - printf("BSD licensed, see LICENSE in source package for details.\n"); - printf("Report bugs to %s\n", PACKAGE_BUGREPORT); - exit(1); -} - -/** - * Print given option to stdout - * @param cfg: config - * @param opt: option name without trailing :. - * This is different from config_set_option. - * @param final: if final pathname with chroot applied has to be printed. - */ -static void -print_option(struct config_file* cfg, const char* opt, int final) -{ - if(strcmp(opt, "pidfile") == 0 && final) { - char *p = fname_after_chroot(cfg->pidfile, cfg, 1); - if(!p) fatal_exit("out of memory"); - printf("%s\n", p); - free(p); - return; - } - if(!config_get_option(cfg, opt, config_print_func, stdout)) - fatal_exit("cannot print option '%s'", opt); -} - -/** check if module works with config */ -static void -check_mod(struct config_file* cfg, struct module_func_block* fb) -{ - struct module_env env; - memset(&env, 0, sizeof(env)); - env.cfg = cfg; - env.scratch = regional_create(); - env.scratch_buffer = sldns_buffer_new(BUFSIZ); - if(!env.scratch || !env.scratch_buffer) - fatal_exit("out of memory"); - if(!edns_known_options_init(&env)) - fatal_exit("out of memory"); - if(!(*fb->init)(&env, 0)) { - fatal_exit("bad config for %s module", fb->name); - } - (*fb->deinit)(&env, 0); - sldns_buffer_free(env.scratch_buffer); - regional_destroy(env.scratch); - edns_known_options_delete(&env); -} - -/** check localzones */ -static void -localzonechecks(struct config_file* cfg) -{ - struct local_zones* zs; - if(!(zs = local_zones_create())) - fatal_exit("out of memory"); - if(!local_zones_apply_cfg(zs, cfg)) - fatal_exit("failed local-zone, local-data configuration"); - local_zones_delete(zs); -} - -/** check view and response-ip configuration */ -static void -view_and_respipchecks(struct config_file* cfg) -{ - struct views* views = NULL; - struct respip_set* respip = NULL; - int ignored = 0; - if(!(views = views_create())) - fatal_exit("Could not create views: out of memory"); - if(!(respip = respip_set_create())) - fatal_exit("Could not create respip set: out of memory"); - if(!views_apply_cfg(views, cfg)) - fatal_exit("Could not set up views"); - if(!respip_global_apply_cfg(respip, cfg)) - fatal_exit("Could not setup respip set"); - if(!respip_views_apply_cfg(views, cfg, &ignored)) - fatal_exit("Could not setup per-view respip sets"); - views_delete(views); - respip_set_delete(respip); -} - -/** emit warnings for IP in hosts */ -static void -warn_hosts(const char* typ, struct config_stub* list) -{ - struct sockaddr_storage a; - socklen_t alen; - struct config_stub* s; - struct config_strlist* h; - for(s=list; s; s=s->next) { - for(h=s->hosts; h; h=h->next) { - if(extstrtoaddr(h->str, &a, &alen)) { - fprintf(stderr, "unbound-checkconf: warning:" - " %s %s: \"%s\" is an IP%s address, " - "and when looked up as a host name " - "during use may not resolve.\n", - s->name, typ, h->str, - addr_is_ip6(&a, alen)?"6":"4"); - } - } - } -} - -/** check interface strings */ -static void -interfacechecks(struct config_file* cfg) -{ - int d; - struct sockaddr_storage a; - socklen_t alen; - int i, j; - for(i=0; inum_ifs; i++) { - if(!extstrtoaddr(cfg->ifs[i], &a, &alen)) { - fatal_exit("cannot parse interface specified as '%s'", - cfg->ifs[i]); - } - for(j=0; jnum_ifs; j++) { - if(i!=j && strcmp(cfg->ifs[i], cfg->ifs[j])==0) - fatal_exit("interface: %s present twice, " - "cannot bind same ports twice.", - cfg->ifs[i]); - } - } - for(i=0; inum_out_ifs; i++) { - if(!ipstrtoaddr(cfg->out_ifs[i], UNBOUND_DNS_PORT, &a, &alen) && - !netblockstrtoaddr(cfg->out_ifs[i], UNBOUND_DNS_PORT, &a, &alen, &d)) { - fatal_exit("cannot parse outgoing-interface " - "specified as '%s'", cfg->out_ifs[i]); - } - for(j=0; jnum_out_ifs; j++) { - if(i!=j && strcmp(cfg->out_ifs[i], cfg->out_ifs[j])==0) - fatal_exit("outgoing-interface: %s present " - "twice, cannot bind same ports twice.", - cfg->out_ifs[i]); - } - } -} - -/** check acl ips */ -static void -aclchecks(struct config_file* cfg) -{ - int d; - struct sockaddr_storage a; - socklen_t alen; - struct config_str2list* acl; - for(acl=cfg->acls; acl; acl = acl->next) { - if(!netblockstrtoaddr(acl->str, UNBOUND_DNS_PORT, &a, &alen, - &d)) { - fatal_exit("cannot parse access control address %s %s", - acl->str, acl->str2); - } - } -} - -/** true if fname is a file */ -static int -is_file(const char* fname) -{ - struct stat buf; - if(stat(fname, &buf) < 0) { - if(errno==EACCES) { - printf("warning: no search permission for one of the directories in path: %s\n", fname); - return 1; - } - perror(fname); - return 0; - } - if(S_ISDIR(buf.st_mode)) { - printf("%s is not a file\n", fname); - return 0; - } - return 1; -} - -/** true if fname is a directory */ -static int -is_dir(const char* fname) -{ - struct stat buf; - if(stat(fname, &buf) < 0) { - if(errno==EACCES) { - printf("warning: no search permission for one of the directories in path: %s\n", fname); - return 1; - } - perror(fname); - return 0; - } - if(!(S_ISDIR(buf.st_mode))) { - printf("%s is not a directory\n", fname); - return 0; - } - return 1; -} - -/** get base dir of a fname */ -static char* -basedir(char* fname) -{ - char* rev; - if(!fname) fatal_exit("out of memory"); - rev = strrchr(fname, '/'); - if(!rev) return NULL; - if(fname == rev) return NULL; - rev[0] = 0; - return fname; -} - -/** check chroot for a file string */ -static void -check_chroot_string(const char* desc, char** ss, - const char* chrootdir, struct config_file* cfg) -{ - char* str = *ss; - if(str && str[0]) { - *ss = fname_after_chroot(str, cfg, 1); - if(!*ss) fatal_exit("out of memory"); - if(!is_file(*ss)) { - if(chrootdir && chrootdir[0]) - fatal_exit("%s: \"%s\" does not exist in " - "chrootdir %s", desc, str, chrootdir); - else - fatal_exit("%s: \"%s\" does not exist", - desc, str); - } - /* put in a new full path for continued checking */ - free(str); - } -} - -/** check file list, every file must be inside the chroot location */ -static void -check_chroot_filelist(const char* desc, struct config_strlist* list, - const char* chrootdir, struct config_file* cfg) -{ - struct config_strlist* p; - for(p=list; p; p=p->next) { - check_chroot_string(desc, &p->str, chrootdir, cfg); - } -} - -/** check file list, with wildcard processing */ -static void -check_chroot_filelist_wild(const char* desc, struct config_strlist* list, - const char* chrootdir, struct config_file* cfg) -{ - struct config_strlist* p; - for(p=list; p; p=p->next) { -#ifdef HAVE_GLOB - if(strchr(p->str, '*') || strchr(p->str, '[') || - strchr(p->str, '?') || strchr(p->str, '{') || - strchr(p->str, '~')) { - char* s = p->str; - /* adjust whole pattern for chroot and check later */ - p->str = fname_after_chroot(p->str, cfg, 1); - free(s); - } else -#endif /* HAVE_GLOB */ - check_chroot_string(desc, &p->str, chrootdir, cfg); - } -} - -/** check configuration for errors */ -static void -morechecks(struct config_file* cfg, const char* fname) -{ - warn_hosts("stub-host", cfg->stubs); - warn_hosts("forward-host", cfg->forwards); - interfacechecks(cfg); - aclchecks(cfg); - - if(cfg->verbosity < 0) - fatal_exit("verbosity value < 0"); - if(cfg->num_threads <= 0 || cfg->num_threads > 10000) - fatal_exit("num_threads value weird"); - if(!cfg->do_ip4 && !cfg->do_ip6) - fatal_exit("ip4 and ip6 are both disabled, pointless"); - if(!cfg->do_ip6 && cfg->prefer_ip6) - fatal_exit("cannot prefer and disable ip6, pointless"); - if(!cfg->do_udp && !cfg->do_tcp) - fatal_exit("udp and tcp are both disabled, pointless"); - if(cfg->edns_buffer_size > cfg->msg_buffer_size) - fatal_exit("edns-buffer-size larger than msg-buffer-size, " - "answers will not fit in processing buffer"); -#ifdef UB_ON_WINDOWS - w_config_adjust_directory(cfg); -#endif - if(cfg->chrootdir && cfg->chrootdir[0] && - cfg->chrootdir[strlen(cfg->chrootdir)-1] == '/') - fatal_exit("chootdir %s has trailing slash '/' please remove.", - cfg->chrootdir); - if(cfg->chrootdir && cfg->chrootdir[0] && - !is_dir(cfg->chrootdir)) { - fatal_exit("bad chroot directory"); - } - if(cfg->chrootdir && cfg->chrootdir[0]) { - char buf[10240]; - buf[0] = 0; - if(fname[0] != '/') { - if(getcwd(buf, sizeof(buf)) == NULL) - fatal_exit("getcwd: %s", strerror(errno)); - (void)strlcat(buf, "/", sizeof(buf)); - } - (void)strlcat(buf, fname, sizeof(buf)); - if(strncmp(buf, cfg->chrootdir, strlen(cfg->chrootdir)) != 0) - fatal_exit("config file %s is not inside chroot %s", - buf, cfg->chrootdir); - } - if(cfg->directory && cfg->directory[0]) { - char* ad = fname_after_chroot(cfg->directory, cfg, 0); - if(!ad) fatal_exit("out of memory"); - if(!is_dir(ad)) fatal_exit("bad chdir directory"); - free(ad); - } - if( (cfg->chrootdir && cfg->chrootdir[0]) || - (cfg->directory && cfg->directory[0])) { - if(cfg->pidfile && cfg->pidfile[0]) { - char* ad = (cfg->pidfile[0]=='/')?strdup(cfg->pidfile): - fname_after_chroot(cfg->pidfile, cfg, 1); - char* bd = basedir(ad); - if(bd && !is_dir(bd)) - fatal_exit("pidfile directory does not exist"); - free(ad); - } - if(cfg->logfile && cfg->logfile[0]) { - char* ad = fname_after_chroot(cfg->logfile, cfg, 1); - char* bd = basedir(ad); - if(bd && !is_dir(bd)) - fatal_exit("logfile directory does not exist"); - free(ad); - } - } - - check_chroot_filelist("file with root-hints", - cfg->root_hints, cfg->chrootdir, cfg); - check_chroot_filelist("trust-anchor-file", - cfg->trust_anchor_file_list, cfg->chrootdir, cfg); - check_chroot_filelist("auto-trust-anchor-file", - cfg->auto_trust_anchor_file_list, cfg->chrootdir, cfg); - check_chroot_filelist_wild("trusted-keys-file", - cfg->trusted_keys_file_list, cfg->chrootdir, cfg); - check_chroot_string("dlv-anchor-file", &cfg->dlv_anchor_file, - cfg->chrootdir, cfg); - /* remove chroot setting so that modules are not stripping pathnames*/ - free(cfg->chrootdir); - cfg->chrootdir = NULL; - - /* There should be no reason for 'respip' module not to work with - * dns64, but it's not explicitly confirmed, so the combination is - * excluded below. It's simply unknown yet for the combination of - * respip and other modules. */ - if(strcmp(cfg->module_conf, "iterator") != 0 - && strcmp(cfg->module_conf, "validator iterator") != 0 - && strcmp(cfg->module_conf, "dns64 validator iterator") != 0 - && strcmp(cfg->module_conf, "dns64 iterator") != 0 - && strcmp(cfg->module_conf, "respip iterator") != 0 - && strcmp(cfg->module_conf, "respip validator iterator") != 0 -#ifdef WITH_PYTHONMODULE - && strcmp(cfg->module_conf, "python iterator") != 0 - && strcmp(cfg->module_conf, "python validator iterator") != 0 - && strcmp(cfg->module_conf, "validator python iterator") != 0 - && strcmp(cfg->module_conf, "dns64 python iterator") != 0 - && strcmp(cfg->module_conf, "dns64 python validator iterator") != 0 - && strcmp(cfg->module_conf, "dns64 validator python iterator") != 0 - && strcmp(cfg->module_conf, "python dns64 iterator") != 0 - && strcmp(cfg->module_conf, "python dns64 validator iterator") != 0 -#endif -#ifdef USE_CACHEDB - && strcmp(cfg->module_conf, "validator cachedb iterator") != 0 - && strcmp(cfg->module_conf, "cachedb iterator") != 0 - && strcmp(cfg->module_conf, "dns64 validator cachedb iterator") != 0 - && strcmp(cfg->module_conf, "dns64 cachedb iterator") != 0 -#endif -#if defined(WITH_PYTHONMODULE) && defined(USE_CACHEDB) - && strcmp(cfg->module_conf, "python dns64 cachedb iterator") != 0 - && strcmp(cfg->module_conf, "python dns64 validator cachedb iterator") != 0 - && strcmp(cfg->module_conf, "dns64 python cachedb iterator") != 0 - && strcmp(cfg->module_conf, "dns64 python validator cachedb iterator") != 0 - && strcmp(cfg->module_conf, "python cachedb iterator") != 0 - && strcmp(cfg->module_conf, "python validator cachedb iterator") != 0 - && strcmp(cfg->module_conf, "cachedb python iterator") != 0 - && strcmp(cfg->module_conf, "validator cachedb python iterator") != 0 - && strcmp(cfg->module_conf, "validator python cachedb iterator") != 0 -#endif -#ifdef CLIENT_SUBNET - && strcmp(cfg->module_conf, "subnetcache iterator") != 0 - && strcmp(cfg->module_conf, "subnetcache validator iterator") != 0 -#endif -#if defined(WITH_PYTHONMODULE) && defined(CLIENT_SUBNET) - && strcmp(cfg->module_conf, "python subnetcache iterator") != 0 - && strcmp(cfg->module_conf, "subnetcache python iterator") != 0 - && strcmp(cfg->module_conf, "subnetcache validator iterator") != 0 - && strcmp(cfg->module_conf, "python subnetcache validator iterator") != 0 - && strcmp(cfg->module_conf, "subnetcache python validator iterator") != 0 - && strcmp(cfg->module_conf, "subnetcache validator python iterator") != 0 -#endif - ) { - fatal_exit("module conf '%s' is not known to work", - cfg->module_conf); - } - -#ifdef HAVE_GETPWNAM - if(cfg->username && cfg->username[0]) { - if(getpwnam(cfg->username) == NULL) - fatal_exit("user '%s' does not exist.", cfg->username); -# ifdef HAVE_ENDPWENT - endpwent(); -# endif - } -#endif - if(cfg->remote_control_enable && cfg->remote_control_use_cert) { - check_chroot_string("server-key-file", &cfg->server_key_file, - cfg->chrootdir, cfg); - check_chroot_string("server-cert-file", &cfg->server_cert_file, - cfg->chrootdir, cfg); - if(!is_file(cfg->control_key_file)) - fatal_exit("control-key-file: \"%s\" does not exist", - cfg->control_key_file); - if(!is_file(cfg->control_cert_file)) - fatal_exit("control-cert-file: \"%s\" does not exist", - cfg->control_cert_file); - } - - localzonechecks(cfg); - view_and_respipchecks(cfg); -} - -/** check forwards */ -static void -check_fwd(struct config_file* cfg) -{ - struct iter_forwards* fwd = forwards_create(); - if(!fwd || !forwards_apply_cfg(fwd, cfg)) { - fatal_exit("Could not set forward zones"); - } - forwards_delete(fwd); -} - -/** check hints */ -static void -check_hints(struct config_file* cfg) -{ - struct iter_hints* hints = hints_create(); - if(!hints || !hints_apply_cfg(hints, cfg)) { - fatal_exit("Could not set root or stub hints"); - } - hints_delete(hints); -} - -/** check config file */ -static void -checkconf(const char* cfgfile, const char* opt, int final) -{ - char oldwd[4096]; - struct config_file* cfg = config_create(); - if(!cfg) - fatal_exit("out of memory"); - oldwd[0] = 0; - if(!getcwd(oldwd, sizeof(oldwd))) { - log_err("cannot getcwd: %s", strerror(errno)); - oldwd[0] = 0; - } - if(!config_read(cfg, cfgfile, NULL)) { - /* config_read prints messages to stderr */ - config_delete(cfg); - exit(1); - } - if(oldwd[0] && chdir(oldwd) == -1) - log_err("cannot chdir(%s): %s", oldwd, strerror(errno)); - if(opt) { - print_option(cfg, opt, final); - config_delete(cfg); - return; - } - morechecks(cfg, cfgfile); - check_mod(cfg, iter_get_funcblock()); - check_mod(cfg, val_get_funcblock()); -#ifdef WITH_PYTHONMODULE - if(strstr(cfg->module_conf, "python")) - check_mod(cfg, pythonmod_get_funcblock()); -#endif - check_fwd(cfg); - check_hints(cfg); - printf("unbound-checkconf: no errors in %s\n", cfgfile); - config_delete(cfg); -} - -/** getopt global, in case header files fail to declare it. */ -extern int optind; -/** getopt global, in case header files fail to declare it. */ -extern char* optarg; - -/** Main routine for checkconf */ -int main(int argc, char* argv[]) -{ - int c; - int final = 0; - const char* f; - const char* opt = NULL; - const char* cfgfile = CONFIGFILE; - log_ident_set("unbound-checkconf"); - log_init(NULL, 0, NULL); - checklock_start(); -#ifdef USE_WINSOCK - /* use registry config file in preference to compiletime location */ - if(!(cfgfile=w_lookup_reg_str("Software\\Unbound", "ConfigFile"))) - cfgfile = CONFIGFILE; -#endif /* USE_WINSOCK */ - /* parse the options */ - while( (c=getopt(argc, argv, "fho:")) != -1) { - switch(c) { - case 'f': - final = 1; - break; - case 'o': - opt = optarg; - break; - case '?': - case 'h': - default: - usage(); - } - } - argc -= optind; - argv += optind; - if(argc != 0 && argc != 1) - usage(); - if(argc == 1) - f = argv[0]; - else f = cfgfile; - checkconf(f, opt, final); - checklock_stop(); - return 0; -} diff --git a/external/unbound/smallapp/unbound-control-setup.sh.in b/external/unbound/smallapp/unbound-control-setup.sh.in deleted file mode 100644 index 0d759f441..000000000 --- a/external/unbound/smallapp/unbound-control-setup.sh.in +++ /dev/null @@ -1,160 +0,0 @@ -#!/bin/sh -# -# unbound-control-setup.sh - set up SSL certificates for unbound-control -# -# Copyright (c) 2008, NLnet Labs. All rights reserved. -# -# This software is open source. -# -# Redistribution and use in source and binary forms, with or without -# modification, are permitted provided that the following conditions -# are met: -# -# Redistributions of source code must retain the above copyright notice, -# this list of conditions and the following disclaimer. -# -# Redistributions in binary form must reproduce the above copyright notice, -# this list of conditions and the following disclaimer in the documentation -# and/or other materials provided with the distribution. -# -# Neither the name of the NLNET LABS nor the names of its contributors may -# be used to endorse or promote products derived from this software without -# specific prior written permission. -# -# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS -# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT -# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR -# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT -# HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED -# TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR -# PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF -# LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING -# NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS -# SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - -# settings: - -# directory for files -DESTDIR=@ub_conf_dir@ - -# issuer and subject name for certificates -SERVERNAME=unbound -CLIENTNAME=unbound-control - -# validity period for certificates -DAYS=7200 - -# size of keys in bits -BITS=3072 - -# hash algorithm -HASH=sha256 - -# base name for unbound server keys -SVR_BASE=unbound_server - -# base name for unbound-control keys -CTL_BASE=unbound_control - -# we want -rw-r----- access (say you run this as root: grp=yes (server), all=no). -umask 0027 - -# end of options - -# functions: -error ( ) { - echo "$0 fatal error: $1" - exit 1 -} - -# check arguments: -while test $# -ne 0; do - case $1 in - -d) - if test $# -eq 1; then error "need argument for -d"; fi - DESTDIR="$2" - shift - ;; - *) - echo "unbound-control-setup.sh - setup SSL keys for unbound-control" - echo " -d dir use directory to store keys and certificates." - echo " default: $DESTDIR" - echo "please run this command using the same user id that the " - echo "unbound daemon uses, it needs read privileges." - exit 1 - ;; - esac - shift -done - -# go!: -echo "setup in directory $DESTDIR" -cd "$DESTDIR" || error "could not cd to $DESTDIR" - -# create certificate keys; do not recreate if they already exist. -if test -f $SVR_BASE.key; then - echo "$SVR_BASE.key exists" -else - echo "generating $SVR_BASE.key" - openssl genrsa -out $SVR_BASE.key $BITS || error "could not genrsa" -fi -if test -f $CTL_BASE.key; then - echo "$CTL_BASE.key exists" -else - echo "generating $CTL_BASE.key" - openssl genrsa -out $CTL_BASE.key $BITS || error "could not genrsa" -fi - -# create self-signed cert for server -echo "[req]" > request.cfg -echo "default_bits=$BITS" >> request.cfg -echo "default_md=$HASH" >> request.cfg -echo "prompt=no" >> request.cfg -echo "distinguished_name=req_distinguished_name" >> request.cfg -echo "" >> request.cfg -echo "[req_distinguished_name]" >> request.cfg -echo "commonName=$SERVERNAME" >> request.cfg - -test -f request.cfg || error "could not create request.cfg" - -echo "create $SVR_BASE.pem (self signed certificate)" -openssl req -key $SVR_BASE.key -config request.cfg -new -x509 -days $DAYS -out $SVR_BASE.pem || error "could not create $SVR_BASE.pem" -# create trusted usage pem -openssl x509 -in $SVR_BASE.pem -addtrust serverAuth -out $SVR_BASE"_trust.pem" - -# create client request and sign it, piped -echo "[req]" > request.cfg -echo "default_bits=$BITS" >> request.cfg -echo "default_md=$HASH" >> request.cfg -echo "prompt=no" >> request.cfg -echo "distinguished_name=req_distinguished_name" >> request.cfg -echo "" >> request.cfg -echo "[req_distinguished_name]" >> request.cfg -echo "commonName=$CLIENTNAME" >> request.cfg - -test -f request.cfg || error "could not create request.cfg" - -echo "create $CTL_BASE.pem (signed client certificate)" -openssl req -key $CTL_BASE.key -config request.cfg -new | openssl x509 -req -days $DAYS -CA $SVR_BASE"_trust.pem" -CAkey $SVR_BASE.key -CAcreateserial -$HASH -out $CTL_BASE.pem -test -f $CTL_BASE.pem || error "could not create $CTL_BASE.pem" -# create trusted usage pem -# openssl x509 -in $CTL_BASE.pem -addtrust clientAuth -out $CTL_BASE"_trust.pem" - -# see details with openssl x509 -noout -text < $SVR_BASE.pem -# echo "create $CTL_BASE""_browser.pfx (web client certificate)" -# echo "create webbrowser PKCS#12 .PFX certificate file. In Firefox import in:" -# echo "preferences - advanced - encryption - view certificates - your certs" -# echo "empty password is used, simply click OK on the password dialog box." -# openssl pkcs12 -export -in $CTL_BASE"_trust.pem" -inkey $CTL_BASE.key -name "unbound remote control client cert" -out $CTL_BASE"_browser.pfx" -password "pass:" || error "could not create browser certificate" - -# remove unused permissions -chmod o-rw $SVR_BASE.pem $SVR_BASE.key $CTL_BASE.pem $CTL_BASE.key - -# remove crap -rm -f request.cfg -rm -f $CTL_BASE"_trust.pem" $SVR_BASE"_trust.pem" $SVR_BASE"_trust.srl" - -echo "Setup success. Certificates created. Enable in unbound.conf file to use" - -exit 0 diff --git a/external/unbound/smallapp/unbound-control.c b/external/unbound/smallapp/unbound-control.c deleted file mode 100644 index 6cd4e7086..000000000 --- a/external/unbound/smallapp/unbound-control.c +++ /dev/null @@ -1,791 +0,0 @@ -/* - * checkconf/unbound-control.c - remote control utility for unbound. - * - * Copyright (c) 2008, NLnet Labs. All rights reserved. - * - * This software is open source. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * Redistributions of source code must retain the above copyright notice, - * this list of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, - * this list of conditions and the following disclaimer in the documentation - * and/or other materials provided with the distribution. - * - * Neither the name of the NLNET LABS nor the names of its contributors may - * be used to endorse or promote products derived from this software without - * specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR - * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT - * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED - * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR - * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF - * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING - * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -/** - * \file - * - * The remote control utility contacts the unbound server over ssl and - * sends the command, receives the answer, and displays the result - * from the commandline. - */ - -#include "config.h" -#ifdef HAVE_GETOPT_H -#include -#endif -#ifdef HAVE_OPENSSL_SSL_H -#include -#endif -#ifdef HAVE_OPENSSL_ERR_H -#include -#endif -#ifdef HAVE_OPENSSL_RAND_H -#include -#endif -#include "util/log.h" -#include "util/config_file.h" -#include "util/locks.h" -#include "util/net_help.h" -#include "util/shm_side/shm_main.h" -#include "daemon/stats.h" -#include "sldns/wire2str.h" -#include "sldns/pkthdr.h" - -#ifdef HAVE_SYS_IPC_H -#include "sys/ipc.h" -#endif -#ifdef HAVE_SYS_SHM_H -#include "sys/shm.h" -#endif -#ifdef HAVE_SYS_UN_H -#include -#endif - -/** Give unbound-control usage, and exit (1). */ -static void -usage(void) -{ - printf("Usage: unbound-control [options] command\n"); - printf(" Remote control utility for unbound server.\n"); - printf("Options:\n"); - printf(" -c file config file, default is %s\n", CONFIGFILE); - printf(" -s ip[@port] server address, if omitted config is used.\n"); - printf(" -q quiet (don't print anything if it works ok).\n"); - printf(" -h show this usage help.\n"); - printf("Commands:\n"); - printf(" start start server; runs unbound(8)\n"); - printf(" stop stops the server\n"); - printf(" reload reloads the server\n"); - printf(" (this flushes data, stats, requestlist)\n"); - printf(" stats print statistics\n"); - printf(" stats_noreset peek at statistics\n"); -#ifdef HAVE_SHMGET - printf(" stats_shm print statistics using shm\n"); -#endif - printf(" status display status of server\n"); - printf(" verbosity change logging detail\n"); - printf(" log_reopen close and open the logfile\n"); - printf(" local_zone add new local zone\n"); - printf(" local_zone_remove remove local zone and its contents\n"); - printf(" local_data add local data, for example\n"); - printf(" local_data www.example.com A 192.0.2.1\n"); - printf(" local_data_remove remove local RR data from name\n"); - printf(" local_zones, local_zones_remove, local_datas, local_datas_remove\n"); - printf(" same, but read list from stdin\n"); - printf(" (one entry per line).\n"); - printf(" dump_cache print cache to stdout\n"); - printf(" load_cache load cache from stdin\n"); - printf(" lookup print nameservers for name\n"); - printf(" flush flushes common types for name from cache\n"); - printf(" types: A, AAAA, MX, PTR, NS,\n"); - printf(" SOA, CNAME, DNAME, SRV, NAPTR\n"); - printf(" flush_type flush name, type from cache\n"); - printf(" flush_zone flush everything at or under name\n"); - printf(" from rr and dnssec caches\n"); - printf(" flush_bogus flush all bogus data\n"); - printf(" flush_negative flush all negative data\n"); - printf(" flush_stats flush statistics, make zero\n"); - printf(" flush_requestlist drop queries that are worked on\n"); - printf(" dump_requestlist show what is worked on by first thread\n"); - printf(" flush_infra [all | ip] remove ping, edns for one IP or all\n"); - printf(" dump_infra show ping and edns entries\n"); - printf(" set_option opt: val set option to value, no reload\n"); - printf(" get_option opt get option value\n"); - printf(" list_stubs list stub-zones and root hints in use\n"); - printf(" list_forwards list forward-zones in use\n"); - printf(" list_insecure list domain-insecure zones\n"); - printf(" list_local_zones list local-zones in use\n"); - printf(" list_local_data list local-data RRs in use\n"); - printf(" insecure_add zone add domain-insecure zone\n"); - printf(" insecure_remove zone remove domain-insecure zone\n"); - printf(" forward_add [+i] zone addr.. add forward-zone with servers\n"); - printf(" forward_remove [+i] zone remove forward zone\n"); - printf(" stub_add [+ip] zone addr.. add stub-zone with servers\n"); - printf(" stub_remove [+i] zone remove stub zone\n"); - printf(" +i also do dnssec insecure point\n"); - printf(" +p set stub to use priming\n"); - printf(" forward [off | addr ...] without arg show forward setup\n"); - printf(" or off to turn off root forwarding\n"); - printf(" or give list of ip addresses\n"); - printf(" ratelimit_list [+a] list ratelimited domains\n"); - printf(" ip_ratelimit_list [+a] list ratelimited ip addresses\n"); - printf(" +a list all, also not ratelimited\n"); - printf(" view_list_local_zones view list local-zones in view\n"); - printf(" view_list_local_data view list local-data RRs in view\n"); - printf(" view_local_zone view name type add local-zone in view\n"); - printf(" view_local_zone_remove view name remove local-zone in view\n"); - printf(" view_local_data view RR... add local-data in view\n"); - printf(" view_local_data_remove view name remove local-data in view\n"); - printf("Version %s\n", PACKAGE_VERSION); - printf("BSD licensed, see LICENSE in source package for details.\n"); - printf("Report bugs to %s\n", PACKAGE_BUGREPORT); - exit(1); -} - -#ifdef HAVE_SHMGET -/** what to put on statistics lines between var and value, ": " or "=" */ -#define SQ "=" -/** if true, inhibits a lot of =0 lines from the stats output */ -static const int inhibit_zero = 1; -/** divide sum of timers to get average */ -static void -timeval_divide(struct timeval* avg, const struct timeval* sum, size_t d) -{ -#ifndef S_SPLINT_S - size_t leftover; - if(d == 0) { - avg->tv_sec = 0; - avg->tv_usec = 0; - return; - } - avg->tv_sec = sum->tv_sec / d; - avg->tv_usec = sum->tv_usec / d; - /* handle fraction from seconds divide */ - leftover = sum->tv_sec - avg->tv_sec*d; - avg->tv_usec += (leftover*1000000)/d; -#endif -} - -/** print unsigned long stats value */ -#define PR_UL_NM(str, var) printf("%s."str SQ"%lu\n", nm, (unsigned long)(var)); -#define PR_UL(str, var) printf(str SQ"%lu\n", (unsigned long)(var)); -#define PR_UL_SUB(str, nm, var) printf(str".%s"SQ"%lu\n", nm, (unsigned long)(var)); -#define PR_TIMEVAL(str, var) printf(str SQ ARG_LL "d.%6.6d\n", \ - (long long)var.tv_sec, (int)var.tv_usec); -#define PR_LL(str, var) printf(str SQ ARG_LL"d\n", (long long)(var)); - -/** print stat block */ -static void pr_stats(const char* nm, struct stats_info* s) -{ - struct timeval avg; - PR_UL_NM("num.queries", s->svr.num_queries); - PR_UL_NM("num.queries_ip_ratelimited", - s->svr.num_queries_ip_ratelimited); - PR_UL_NM("num.cachehits", - s->svr.num_queries - s->svr.num_queries_missed_cache); - PR_UL_NM("num.cachemiss", s->svr.num_queries_missed_cache); - PR_UL_NM("num.prefetch", s->svr.num_queries_prefetch); - PR_UL_NM("num.zero_ttl", s->svr.zero_ttl_responses); - PR_UL_NM("num.recursivereplies", s->mesh_replies_sent); -#ifdef USE_DNSCRYPT - PR_UL_NM("num.dnscrypt.crypted", s->svr.num_query_dnscrypt_crypted); - PR_UL_NM("num.dnscrypt.cert", s->svr.num_query_dnscrypt_cert); - PR_UL_NM("num.dnscrypt.cleartext", s->svr.num_query_dnscrypt_cleartext); - PR_UL_NM("num.dnscrypt.malformed", - s->svr.num_query_dnscrypt_crypted_malformed); -#endif - printf("%s.requestlist.avg"SQ"%g\n", nm, - (s->svr.num_queries_missed_cache+s->svr.num_queries_prefetch)? - (double)s->svr.sum_query_list_size/ - (s->svr.num_queries_missed_cache+ - s->svr.num_queries_prefetch) : 0.0); - PR_UL_NM("requestlist.max", s->svr.max_query_list_size); - PR_UL_NM("requestlist.overwritten", s->mesh_jostled); - PR_UL_NM("requestlist.exceeded", s->mesh_dropped); - PR_UL_NM("requestlist.current.all", s->mesh_num_states); - PR_UL_NM("requestlist.current.user", s->mesh_num_reply_states); - timeval_divide(&avg, &s->mesh_replies_sum_wait, s->mesh_replies_sent); - printf("%s.", nm); - PR_TIMEVAL("recursion.time.avg", avg); - printf("%s.recursion.time.median"SQ"%g\n", nm, s->mesh_time_median); - PR_UL_NM("tcpusage", s->svr.tcp_accept_usage); -} - -/** print uptime */ -static void print_uptime(struct shm_stat_info* shm_stat) -{ - PR_TIMEVAL("time.now", shm_stat->time.now); - PR_TIMEVAL("time.up", shm_stat->time.up); - PR_TIMEVAL("time.elapsed", shm_stat->time.elapsed); -} - -/** print memory usage */ -static void print_mem(struct shm_stat_info* shm_stat) -{ - PR_LL("mem.cache.rrset", shm_stat->mem.rrset); - PR_LL("mem.cache.message", shm_stat->mem.msg); - PR_LL("mem.cache.iterator", shm_stat->mem.iter); - PR_LL("mem.cache.validator", shm_stat->mem.val); -#ifdef CLIENT_SUBNET - PR_LL("mem.cache.subnet", shm_stat->mem.subnet); -#endif -} - -/** print histogram */ -static void print_hist(struct stats_info* s) -{ - struct timehist* hist; - size_t i; - hist = timehist_setup(); - if(!hist) - fatal_exit("out of memory"); - timehist_import(hist, s->svr.hist, NUM_BUCKETS_HIST); - for(i=0; inum; i++) { - printf("histogram.%6.6d.%6.6d.to.%6.6d.%6.6d=%lu\n", - (int)hist->buckets[i].lower.tv_sec, - (int)hist->buckets[i].lower.tv_usec, - (int)hist->buckets[i].upper.tv_sec, - (int)hist->buckets[i].upper.tv_usec, - (unsigned long)hist->buckets[i].count); - } - timehist_delete(hist); -} - -/** print extended */ -static void print_extended(struct stats_info* s) -{ - int i; - char nm[16]; - - /* TYPE */ - for(i=0; isvr.qtype[i] == 0) - continue; - sldns_wire2str_type_buf((uint16_t)i, nm, sizeof(nm)); - PR_UL_SUB("num.query.type", nm, s->svr.qtype[i]); - } - if(!inhibit_zero || s->svr.qtype_big) { - PR_UL("num.query.type.other", s->svr.qtype_big); - } - - /* CLASS */ - for(i=0; isvr.qclass[i] == 0) - continue; - sldns_wire2str_class_buf((uint16_t)i, nm, sizeof(nm)); - PR_UL_SUB("num.query.class", nm, s->svr.qclass[i]); - } - if(!inhibit_zero || s->svr.qclass_big) { - PR_UL("num.query.class.other", s->svr.qclass_big); - } - - /* OPCODE */ - for(i=0; isvr.qopcode[i] == 0) - continue; - sldns_wire2str_opcode_buf(i, nm, sizeof(nm)); - PR_UL_SUB("num.query.opcode", nm, s->svr.qopcode[i]); - } - - /* transport */ - PR_UL("num.query.tcp", s->svr.qtcp); - PR_UL("num.query.tcpout", s->svr.qtcp_outgoing); - PR_UL("num.query.ipv6", s->svr.qipv6); - - /* flags */ - PR_UL("num.query.flags.QR", s->svr.qbit_QR); - PR_UL("num.query.flags.AA", s->svr.qbit_AA); - PR_UL("num.query.flags.TC", s->svr.qbit_TC); - PR_UL("num.query.flags.RD", s->svr.qbit_RD); - PR_UL("num.query.flags.RA", s->svr.qbit_RA); - PR_UL("num.query.flags.Z", s->svr.qbit_Z); - PR_UL("num.query.flags.AD", s->svr.qbit_AD); - PR_UL("num.query.flags.CD", s->svr.qbit_CD); - PR_UL("num.query.edns.present", s->svr.qEDNS); - PR_UL("num.query.edns.DO", s->svr.qEDNS_DO); - - /* RCODE */ - for(i=0; i LDNS_RCODE_REFUSED && s->svr.ans_rcode[i] == 0) - continue; - sldns_wire2str_rcode_buf(i, nm, sizeof(nm)); - PR_UL_SUB("num.answer.rcode", nm, s->svr.ans_rcode[i]); - } - if(!inhibit_zero || s->svr.ans_rcode_nodata) { - PR_UL("num.answer.rcode.nodata", s->svr.ans_rcode_nodata); - } - /* validation */ - PR_UL("num.answer.secure", s->svr.ans_secure); - PR_UL("num.answer.bogus", s->svr.ans_bogus); - PR_UL("num.rrset.bogus", s->svr.rrset_bogus); - /* threat detection */ - PR_UL("unwanted.queries", s->svr.unwanted_queries); - PR_UL("unwanted.replies", s->svr.unwanted_replies); - /* cache counts */ - PR_UL("msg.cache.count", s->svr.msg_cache_count); - PR_UL("rrset.cache.count", s->svr.rrset_cache_count); - PR_UL("infra.cache.count", s->svr.infra_cache_count); - PR_UL("key.cache.count", s->svr.key_cache_count); -} - -/** print statistics out of memory structures */ -static void do_stats_shm(struct config_file* cfg, struct stats_info* stats, - struct shm_stat_info* shm_stat) -{ - int i; - char nm[16]; - for(i=0; inum_threads; i++) { - snprintf(nm, sizeof(nm), "thread%d", i); - pr_stats(nm, &stats[i+1]); - } - pr_stats("total", &stats[0]); - print_uptime(shm_stat); - if(cfg->stat_extended) { - print_mem(shm_stat); - print_hist(stats); - print_extended(stats); - } -} -#endif /* HAVE_SHMGET */ - -/** print statistics from shm memory segment */ -static void print_stats_shm(const char* cfgfile) -{ -#ifdef HAVE_SHMGET - struct config_file* cfg; - struct stats_info* stats; - struct shm_stat_info* shm_stat; - int id_ctl, id_arr; - /* read config */ - if(!(cfg = config_create())) - fatal_exit("out of memory"); - if(!config_read(cfg, cfgfile, NULL)) - fatal_exit("could not read config file"); - /* get shm segments */ - id_ctl = shmget(cfg->shm_key, sizeof(int), SHM_R|SHM_W); - if(id_ctl == -1) { - fatal_exit("shmget(%d): %s", cfg->shm_key, strerror(errno)); - } - id_arr = shmget(cfg->shm_key+1, sizeof(int), SHM_R|SHM_W); - if(id_arr == -1) { - fatal_exit("shmget(%d): %s", cfg->shm_key+1, strerror(errno)); - } - shm_stat = (struct shm_stat_info*)shmat(id_ctl, NULL, 0); - if(shm_stat == (void*)-1) { - fatal_exit("shmat(%d): %s", id_ctl, strerror(errno)); - } - stats = (struct stats_info*)shmat(id_arr, NULL, 0); - if(stats == (void*)-1) { - fatal_exit("shmat(%d): %s", id_arr, strerror(errno)); - } - - /* print the stats */ - do_stats_shm(cfg, stats, shm_stat); - - /* shutdown */ - shmdt(shm_stat); - shmdt(stats); - config_delete(cfg); -#else - (void)cfgfile; -#endif /* HAVE_SHMGET */ -} - -/** exit with ssl error */ -static void ssl_err(const char* s) -{ - fprintf(stderr, "error: %s\n", s); - ERR_print_errors_fp(stderr); - exit(1); -} - -/** setup SSL context */ -static SSL_CTX* -setup_ctx(struct config_file* cfg) -{ - char* s_cert=NULL, *c_key=NULL, *c_cert=NULL; - SSL_CTX* ctx; - - if(cfg->remote_control_use_cert) { - s_cert = fname_after_chroot(cfg->server_cert_file, cfg, 1); - c_key = fname_after_chroot(cfg->control_key_file, cfg, 1); - c_cert = fname_after_chroot(cfg->control_cert_file, cfg, 1); - if(!s_cert || !c_key || !c_cert) - fatal_exit("out of memory"); - } - ctx = SSL_CTX_new(SSLv23_client_method()); - if(!ctx) - ssl_err("could not allocate SSL_CTX pointer"); - if((SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2) & SSL_OP_NO_SSLv2) - != SSL_OP_NO_SSLv2) - ssl_err("could not set SSL_OP_NO_SSLv2"); - if(cfg->remote_control_use_cert) { - if((SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv3) & SSL_OP_NO_SSLv3) - != SSL_OP_NO_SSLv3) - ssl_err("could not set SSL_OP_NO_SSLv3"); - if(!SSL_CTX_use_certificate_chain_file(ctx,c_cert) || - !SSL_CTX_use_PrivateKey_file(ctx,c_key,SSL_FILETYPE_PEM) - || !SSL_CTX_check_private_key(ctx)) - ssl_err("Error setting up SSL_CTX client key and cert"); - if (SSL_CTX_load_verify_locations(ctx, s_cert, NULL) != 1) - ssl_err("Error setting up SSL_CTX verify, server cert"); - SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, NULL); - - free(s_cert); - free(c_key); - free(c_cert); - } else { - /* Use ciphers that don't require authentication */ -#ifdef HAVE_SSL_CTX_SET_SECURITY_LEVEL - SSL_CTX_set_security_level(ctx, 0); -#endif - if(!SSL_CTX_set_cipher_list(ctx, "aNULL, eNULL")) - ssl_err("Error setting NULL cipher!"); - } - return ctx; -} - -/** contact the server with TCP connect */ -static int -contact_server(const char* svr, struct config_file* cfg, int statuscmd) -{ - struct sockaddr_storage addr; - socklen_t addrlen; - int addrfamily = 0; - int fd; - /* use svr or the first config entry */ - if(!svr) { - if(cfg->control_ifs) { - svr = cfg->control_ifs->str; - } else if(cfg->do_ip4) { - svr = "127.0.0.1"; - } else { - svr = "::1"; - } - /* config 0 addr (everything), means ask localhost */ - if(strcmp(svr, "0.0.0.0") == 0) - svr = "127.0.0.1"; - else if(strcmp(svr, "::0") == 0 || - strcmp(svr, "0::0") == 0 || - strcmp(svr, "0::") == 0 || - strcmp(svr, "::") == 0) - svr = "::1"; - } - if(strchr(svr, '@')) { - if(!extstrtoaddr(svr, &addr, &addrlen)) - fatal_exit("could not parse IP@port: %s", svr); -#ifdef HAVE_SYS_UN_H - } else if(svr[0] == '/') { - struct sockaddr_un* usock = (struct sockaddr_un *) &addr; - usock->sun_family = AF_LOCAL; -#ifdef HAVE_STRUCT_SOCKADDR_UN_SUN_LEN - usock->sun_len = (unsigned)sizeof(usock); -#endif - (void)strlcpy(usock->sun_path, svr, sizeof(usock->sun_path)); - addrlen = (socklen_t)sizeof(struct sockaddr_un); - addrfamily = AF_LOCAL; -#endif - } else { - if(!ipstrtoaddr(svr, cfg->control_port, &addr, &addrlen)) - fatal_exit("could not parse IP: %s", svr); - } - - if(addrfamily == 0) - addrfamily = addr_is_ip6(&addr, addrlen)?AF_INET6:AF_INET; - fd = socket(addrfamily, SOCK_STREAM, 0); - if(fd == -1) { -#ifndef USE_WINSOCK - fatal_exit("socket: %s", strerror(errno)); -#else - fatal_exit("socket: %s", wsa_strerror(WSAGetLastError())); -#endif - } - if(connect(fd, (struct sockaddr*)&addr, addrlen) < 0) { -#ifndef USE_WINSOCK - log_err_addr("connect", strerror(errno), &addr, addrlen); - if(errno == ECONNREFUSED && statuscmd) { - printf("unbound is stopped\n"); - exit(3); - } -#else - log_err_addr("connect", wsa_strerror(WSAGetLastError()), &addr, addrlen); - if(WSAGetLastError() == WSAECONNREFUSED && statuscmd) { - printf("unbound is stopped\n"); - exit(3); - } -#endif - exit(1); - } - return fd; -} - -/** setup SSL on the connection */ -static SSL* -setup_ssl(SSL_CTX* ctx, int fd, struct config_file* cfg) -{ - SSL* ssl; - X509* x; - int r; - - ssl = SSL_new(ctx); - if(!ssl) - ssl_err("could not SSL_new"); - SSL_set_connect_state(ssl); - (void)SSL_set_mode(ssl, SSL_MODE_AUTO_RETRY); - if(!SSL_set_fd(ssl, fd)) - ssl_err("could not SSL_set_fd"); - while(1) { - ERR_clear_error(); - if( (r=SSL_do_handshake(ssl)) == 1) - break; - r = SSL_get_error(ssl, r); - if(r != SSL_ERROR_WANT_READ && r != SSL_ERROR_WANT_WRITE) - ssl_err("SSL handshake failed"); - /* wants to be called again */ - } - - /* check authenticity of server */ - if(SSL_get_verify_result(ssl) != X509_V_OK) - ssl_err("SSL verification failed"); - if(cfg->remote_control_use_cert) { - x = SSL_get_peer_certificate(ssl); - if(!x) - ssl_err("Server presented no peer certificate"); - X509_free(x); - } - - return ssl; -} - -/** send stdin to server */ -static void -send_file(SSL* ssl, FILE* in, char* buf, size_t sz) -{ - while(fgets(buf, (int)sz, in)) { - if(SSL_write(ssl, buf, (int)strlen(buf)) <= 0) - ssl_err("could not SSL_write contents"); - } -} - -/** send end-of-file marker to server */ -static void -send_eof(SSL* ssl) -{ - char e[] = {0x04, 0x0a}; - if(SSL_write(ssl, e, (int)sizeof(e)) <= 0) - ssl_err("could not SSL_write end-of-file marker"); -} - -/** send command and display result */ -static int -go_cmd(SSL* ssl, int quiet, int argc, char* argv[]) -{ - char pre[10]; - const char* space=" "; - const char* newline="\n"; - int was_error = 0, first_line = 1; - int r, i; - char buf[1024]; - snprintf(pre, sizeof(pre), "UBCT%d ", UNBOUND_CONTROL_VERSION); - if(SSL_write(ssl, pre, (int)strlen(pre)) <= 0) - ssl_err("could not SSL_write"); - for(i=0; iremote_control_enable) - log_warn("control-enable is 'no' in the config file."); -#ifdef UB_ON_WINDOWS - w_config_adjust_directory(cfg); -#endif - ctx = setup_ctx(cfg); - - /* contact server */ - fd = contact_server(svr, cfg, argc>0&&strcmp(argv[0],"status")==0); - ssl = setup_ssl(ctx, fd, cfg); - - /* send command */ - ret = go_cmd(ssl, quiet, argc, argv); - - SSL_free(ssl); -#ifndef USE_WINSOCK - close(fd); -#else - closesocket(fd); -#endif - SSL_CTX_free(ctx); - config_delete(cfg); - return ret; -} - -/** getopt global, in case header files fail to declare it. */ -extern int optind; -/** getopt global, in case header files fail to declare it. */ -extern char* optarg; - -/** Main routine for unbound-control */ -int main(int argc, char* argv[]) -{ - int c, ret; - int quiet = 0; - const char* cfgfile = CONFIGFILE; - char* svr = NULL; -#ifdef USE_WINSOCK - int r; - WSADATA wsa_data; -#endif -#ifdef USE_THREAD_DEBUG - /* stop the file output from unbound-control, overwites the servers */ - extern int check_locking_order; - check_locking_order = 0; -#endif /* USE_THREAD_DEBUG */ - log_ident_set("unbound-control"); - log_init(NULL, 0, NULL); - checklock_start(); -#ifdef USE_WINSOCK - /* use registry config file in preference to compiletime location */ - if(!(cfgfile=w_lookup_reg_str("Software\\Unbound", "ConfigFile"))) - cfgfile = CONFIGFILE; -#endif - /* parse the options */ - while( (c=getopt(argc, argv, "c:s:qh")) != -1) { - switch(c) { - case 'c': - cfgfile = optarg; - break; - case 's': - svr = optarg; - break; - case 'q': - quiet = 1; - break; - case '?': - case 'h': - default: - usage(); - } - } - argc -= optind; - argv += optind; - if(argc == 0) - usage(); - if(argc >= 1 && strcmp(argv[0], "start")==0) { - if(execlp("unbound", "unbound", "-c", cfgfile, - (char*)NULL) < 0) { - fatal_exit("could not exec unbound: %s", - strerror(errno)); - } - } - if(argc >= 1 && strcmp(argv[0], "stats_shm")==0) { - print_stats_shm(cfgfile); - return 0; - } - -#ifdef USE_WINSOCK - if((r = WSAStartup(MAKEWORD(2,2), &wsa_data)) != 0) - fatal_exit("WSAStartup failed: %s", wsa_strerror(r)); -#endif - -#ifdef HAVE_ERR_LOAD_CRYPTO_STRINGS - ERR_load_crypto_strings(); -#endif - ERR_load_SSL_strings(); -#if OPENSSL_VERSION_NUMBER < 0x10100000 || !defined(HAVE_OPENSSL_INIT_CRYPTO) - OpenSSL_add_all_algorithms(); -#else - OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS - | OPENSSL_INIT_ADD_ALL_DIGESTS - | OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL); -#endif -#if OPENSSL_VERSION_NUMBER < 0x10100000 || !defined(HAVE_OPENSSL_INIT_SSL) - (void)SSL_library_init(); -#else - (void)OPENSSL_init_ssl(0, NULL); -#endif - - if(!RAND_status()) { - /* try to seed it */ - unsigned char buf[256]; - unsigned int seed=(unsigned)time(NULL) ^ (unsigned)getpid(); - unsigned int v = seed; - size_t i; - for(i=0; i<256/sizeof(v); i++) { - memmove(buf+i*sizeof(v), &v, sizeof(v)); - v = v*seed + (unsigned int)i; - } - RAND_seed(buf, 256); - log_warn("no entropy, seeding openssl PRNG with time\n"); - } - - ret = go(cfgfile, svr, quiet, argc, argv); - -#ifdef USE_WINSOCK - WSACleanup(); -#endif - checklock_stop(); - return ret; -} diff --git a/external/unbound/smallapp/unbound-host.c b/external/unbound/smallapp/unbound-host.c deleted file mode 100644 index d7a36a231..000000000 --- a/external/unbound/smallapp/unbound-host.c +++ /dev/null @@ -1,497 +0,0 @@ -/* - * checkconf/unbound-host.c - replacement for host that supports validation. - * - * Copyright (c) 2007, NLnet Labs. All rights reserved. - * - * This software is open source. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * Redistributions of source code must retain the above copyright notice, - * this list of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, - * this list of conditions and the following disclaimer in the documentation - * and/or other materials provided with the distribution. - * - * Neither the name of the NLNET LABS nor the names of its contributors may - * be used to endorse or promote products derived from this software without - * specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR - * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT - * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED - * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR - * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF - * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING - * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -/** - * \file - * - * This file performs functionality like 'host', and also supports validation. - * It uses the libunbound library. - */ - -#include "config.h" -#ifdef HAVE_GETOPT_H -#include -#endif -/* remove alloc checks, not in this part of the code */ -#ifdef UNBOUND_ALLOC_STATS -#undef malloc -#undef calloc -#undef free -#undef realloc -#endif -#ifdef UNBOUND_ALLOC_LITE -#undef malloc -#undef calloc -#undef free -#undef realloc -#undef strdup -#define unbound_lite_wrapstr(s) s -#endif -#include "libunbound/unbound.h" -#include "sldns/rrdef.h" -#include "sldns/wire2str.h" -#ifdef HAVE_NSS -/* nss3 */ -#include "nss.h" -#endif - -/** verbosity for unbound-host app */ -static int verb = 0; - -/** Give unbound-host usage, and exit (1). */ -static void -usage(void) -{ - printf("Usage: unbound-host [-vdhr46] [-c class] [-t type] hostname\n"); - printf(" [-y key] [-f keyfile] [-F namedkeyfile]\n"); - printf(" [-C configfile]\n"); - printf(" Queries the DNS for information.\n"); - printf(" The hostname is looked up for IP4, IP6 and mail.\n"); - printf(" If an ip-address is given a reverse lookup is done.\n"); - printf(" Use the -v option to see DNSSEC security information.\n"); - printf(" -t type what type to look for.\n"); - printf(" -c class what class to look for, if not class IN.\n"); - printf(" -y 'keystring' specify trust anchor, DS or DNSKEY, like\n"); - printf(" -y 'example.com DS 31560 5 1 1CFED8478...'\n"); - printf(" -D DNSSEC enable with default root anchor\n"); - printf(" from %s\n", ROOT_ANCHOR_FILE); - printf(" -f keyfile read trust anchors from file, with lines as -y.\n"); - printf(" -F keyfile read named.conf-style trust anchors.\n"); - printf(" -C config use the specified unbound.conf (none read by default)\n"); - printf(" -r read forwarder information from /etc/resolv.conf\n"); - printf(" breaks validation if the forwarder does not do DNSSEC.\n"); - printf(" -v be more verbose, shows nodata and security.\n"); - printf(" -d debug, traces the action, -d -d shows more.\n"); - printf(" -4 use ipv4 network, avoid ipv6.\n"); - printf(" -6 use ipv6 network, avoid ipv4.\n"); - printf(" -h show this usage help.\n"); - printf("Version %s\n", PACKAGE_VERSION); - printf("BSD licensed, see LICENSE in source package for details.\n"); - printf("Report bugs to %s\n", PACKAGE_BUGREPORT); - exit(1); -} - -/** determine if str is ip4 and put into reverse lookup format */ -static int -isip4(const char* nm, char** res) -{ - struct in_addr addr; - /* ddd.ddd.ddd.ddd.in-addr.arpa. is less than 32 */ - char buf[32]; - if(inet_pton(AF_INET, nm, &addr) <= 0) { - return 0; - } - snprintf(buf, sizeof(buf), "%u.%u.%u.%u.in-addr.arpa", - (unsigned)((uint8_t*)&addr)[3], (unsigned)((uint8_t*)&addr)[2], - (unsigned)((uint8_t*)&addr)[1], (unsigned)((uint8_t*)&addr)[0]); - *res = strdup(buf); - return 1; -} - -/** determine if str is ip6 and put into reverse lookup format */ -static int -isip6(const char* nm, char** res) -{ - struct in6_addr addr; - /* [nibble.]{32}.ip6.arpa. is less than 128 */ - const char* hex = "0123456789abcdef"; - char buf[128]; - char *p; - int i; - if(inet_pton(AF_INET6, nm, &addr) <= 0) { - return 0; - } - p = buf; - for(i=15; i>=0; i--) { - uint8_t b = ((uint8_t*)&addr)[i]; - *p++ = hex[ (b&0x0f) ]; - *p++ = '.'; - *p++ = hex[ (b&0xf0) >> 4 ]; - *p++ = '.'; - } - snprintf(buf+16*4, sizeof(buf)-16*4, "ip6.arpa"); - *res = strdup(buf); - if(!*res) { - fprintf(stderr, "error: out of memory\n"); - exit(1); - } - return 1; -} - -/** massage input name */ -static char* -massage_qname(const char* nm, int* reverse) -{ - /* recognise IP4 and IP6, create reverse addresses if needed */ - char* res; - if(isip4(nm, &res)) { - *reverse = 1; - } else if(isip6(nm, &res)) { - *reverse = 1; - } else { - res = strdup(nm); - } - if(!res) { - fprintf(stderr, "error: out of memory\n"); - exit(1); - } - return res; -} - -/** massage input type */ -static int -massage_type(const char* t, int reverse, int* multi) -{ - if(t) { - int r = sldns_get_rr_type_by_name(t); - if(r == 0 && strcasecmp(t, "TYPE0") != 0 && - strcmp(t, "") != 0) { - fprintf(stderr, "error unknown type %s\n", t); - exit(1); - } - return r; - } - if(!t && reverse) - return LDNS_RR_TYPE_PTR; - *multi = 1; - return LDNS_RR_TYPE_A; -} - -/** massage input class */ -static int -massage_class(const char* c) -{ - if(c) { - int r = sldns_get_rr_class_by_name(c); - if(r == 0 && strcasecmp(c, "CLASS0") != 0 && - strcmp(c, "") != 0) { - fprintf(stderr, "error unknown class %s\n", c); - exit(1); - } - return r; - } - return LDNS_RR_CLASS_IN; -} - -/** nice security status string */ -static const char* -secure_str(struct ub_result* result) -{ - if(result->secure) return "(secure)"; - if(result->bogus) return "(BOGUS (security failure))"; - return "(insecure)"; -} - -/** nice string for type */ -static void -pretty_type(char* s, size_t len, int t) -{ - char d[16]; - sldns_wire2str_type_buf((uint16_t)t, d, sizeof(d)); - snprintf(s, len, "%s", d); -} - -/** nice string for class */ -static void -pretty_class(char* s, size_t len, int c) -{ - char d[16]; - sldns_wire2str_class_buf((uint16_t)c, d, sizeof(d)); - snprintf(s, len, "%s", d); -} - -/** nice string for rcode */ -static void -pretty_rcode(char* s, size_t len, int r) -{ - char d[16]; - sldns_wire2str_rcode_buf(r, d, sizeof(d)); - snprintf(s, len, "%s", d); -} - -/** convert and print rdata */ -static void -print_rd(int t, char* data, size_t len) -{ - char s[65535]; - sldns_wire2str_rdata_buf((uint8_t*)data, len, s, sizeof(s), (uint16_t)t); - printf(" %s", s); -} - -/** pretty line of RR data for results */ -static void -pretty_rdata(char* q, char* cstr, char* tstr, int t, const char* sec, - char* data, size_t len) -{ - printf("%s", q); - if(strcmp(cstr, "IN") != 0) - printf(" in class %s", cstr); - if(t == LDNS_RR_TYPE_A) - printf(" has address"); - else if(t == LDNS_RR_TYPE_AAAA) - printf(" has IPv6 address"); - else if(t == LDNS_RR_TYPE_MX) - printf(" mail is handled by"); - else if(t == LDNS_RR_TYPE_PTR) - printf(" domain name pointer"); - else printf(" has %s record", tstr); - print_rd(t, data, len); - if(verb > 0) - printf(" %s", sec); - printf("\n"); -} - -/** pretty line of output for results */ -static void -pretty_output(char* q, int t, int c, struct ub_result* result, int docname) -{ - int i; - const char *secstatus = secure_str(result); - char tstr[16]; - char cstr[16]; - char rcodestr[16]; - pretty_type(tstr, 16, t); - pretty_class(cstr, 16, c); - pretty_rcode(rcodestr, 16, result->rcode); - - if(!result->havedata && result->rcode) { - printf("Host %s not found: %d(%s).", - q, result->rcode, rcodestr); - if(verb > 0) - printf(" %s", secstatus); - printf("\n"); - if(result->bogus && result->why_bogus) - printf("%s\n", result->why_bogus); - return; - } - if(docname && result->canonname && - result->canonname != result->qname) { - printf("%s is an alias for %s", result->qname, - result->canonname); - if(verb > 0) - printf(" %s", secstatus); - printf("\n"); - } - /* remove trailing . from long canonnames for nicer output */ - if(result->canonname && strlen(result->canonname) > 1 && - result->canonname[strlen(result->canonname)-1] == '.') - result->canonname[strlen(result->canonname)-1] = 0; - if(!result->havedata) { - if(verb > 0) { - printf("%s", result->canonname?result->canonname:q); - if(strcmp(cstr, "IN") != 0) - printf(" in class %s", cstr); - if(t == LDNS_RR_TYPE_A) - printf(" has no address"); - else if(t == LDNS_RR_TYPE_AAAA) - printf(" has no IPv6 address"); - else if(t == LDNS_RR_TYPE_PTR) - printf(" has no domain name ptr"); - else if(t == LDNS_RR_TYPE_MX) - printf(" has no mail handler record"); - else if(t == LDNS_RR_TYPE_ANY) { - char* s = sldns_wire2str_pkt( - result->answer_packet, - (size_t)result->answer_len); - if(!s) { - fprintf(stderr, "alloc failure\n"); - exit(1); - } - printf("%s\n", s); - } else printf(" has no %s record", tstr); - printf(" %s\n", secstatus); - } - /* else: emptiness to indicate no data */ - if(result->bogus && result->why_bogus) - printf("%s\n", result->why_bogus); - return; - } - i=0; - while(result->data[i]) - { - pretty_rdata( - result->canonname?result->canonname:q, - cstr, tstr, t, secstatus, result->data[i], - (size_t)result->len[i]); - i++; - } - if(result->bogus && result->why_bogus) - printf("%s\n", result->why_bogus); -} - -/** perform a lookup and printout return if domain existed */ -static int -dnslook(struct ub_ctx* ctx, char* q, int t, int c, int docname) -{ - int ret; - struct ub_result* result; - - ret = ub_resolve(ctx, q, t, c, &result); - if(ret != 0) { - fprintf(stderr, "resolve error: %s\n", ub_strerror(ret)); - exit(1); - } - pretty_output(q, t, c, result, docname); - ret = result->nxdomain; - ub_resolve_free(result); - return ret; -} - -/** perform host lookup */ -static void -lookup(struct ub_ctx* ctx, const char* nm, const char* qt, const char* qc) -{ - /* massage input into a query name, type and class */ - int multi = 0; /* no type, so do A, AAAA, MX */ - int reverse = 0; /* we are doing a reverse lookup */ - char* realq = massage_qname(nm, &reverse); - int t = massage_type(qt, reverse, &multi); - int c = massage_class(qc); - - /* perform the query */ - if(multi) { - if(!dnslook(ctx, realq, LDNS_RR_TYPE_A, c, 1)) { - /* domain exists, lookup more */ - (void)dnslook(ctx, realq, LDNS_RR_TYPE_AAAA, c, 0); - (void)dnslook(ctx, realq, LDNS_RR_TYPE_MX, c, 0); - } - } else { - (void)dnslook(ctx, realq, t, c, 1); - } - ub_ctx_delete(ctx); - free(realq); -} - -/** print error if any */ -static void -check_ub_res(int r) -{ - if(r != 0) { - fprintf(stderr, "error: %s\n", ub_strerror(r)); - exit(1); - } -} - -/** getopt global, in case header files fail to declare it. */ -extern int optind; -/** getopt global, in case header files fail to declare it. */ -extern char* optarg; - -/** Main routine for unbound-host */ -int main(int argc, char* argv[]) -{ - int c; - char* qclass = NULL; - char* qtype = NULL; - struct ub_ctx* ctx = NULL; - int debuglevel = 0; - - ctx = ub_ctx_create(); - if(!ctx) { - fprintf(stderr, "error: out of memory\n"); - exit(1); - } - /* no need to fetch additional targets, we only do few lookups */ - check_ub_res(ub_ctx_set_option(ctx, "target-fetch-policy:", "0 0 0 0 0")); - - /* parse the options */ - while( (c=getopt(argc, argv, "46DF:c:df:hrt:vy:C:")) != -1) { - switch(c) { - case '4': - check_ub_res(ub_ctx_set_option(ctx, "do-ip6:", "no")); - break; - case '6': - check_ub_res(ub_ctx_set_option(ctx, "do-ip4:", "no")); - break; - case 'c': - qclass = optarg; - break; - case 'C': - check_ub_res(ub_ctx_config(ctx, optarg)); - break; - case 'D': - check_ub_res(ub_ctx_add_ta_file(ctx, ROOT_ANCHOR_FILE)); - break; - case 'd': - debuglevel++; - if(debuglevel < 2) - debuglevel = 2; /* at least VERB_DETAIL */ - break; - case 'r': - check_ub_res(ub_ctx_resolvconf(ctx, "/etc/resolv.conf")); - break; - case 't': - qtype = optarg; - break; - case 'v': - verb++; - break; - case 'y': - check_ub_res(ub_ctx_add_ta(ctx, optarg)); - break; - case 'f': - check_ub_res(ub_ctx_add_ta_file(ctx, optarg)); - break; - case 'F': - check_ub_res(ub_ctx_trustedkeys(ctx, optarg)); - break; - case '?': - case 'h': - default: - usage(); - } - } - if(debuglevel != 0) /* set after possible -C options */ - check_ub_res(ub_ctx_debuglevel(ctx, debuglevel)); - if(ub_ctx_get_option(ctx, "use-syslog", &optarg) == 0) { - if(strcmp(optarg, "yes") == 0) /* disable use-syslog */ - check_ub_res(ub_ctx_set_option(ctx, - "use-syslog:", "no")); - free(optarg); - } - argc -= optind; - argv += optind; - if(argc != 1) - usage(); - -#ifdef HAVE_NSS - if(NSS_NoDB_Init(".") != SECSuccess) { - fprintf(stderr, "could not init NSS\n"); - return 1; - } -#endif - lookup(ctx, argv[0], qtype, qclass); - return 0; -} diff --git a/external/unbound/smallapp/worker_cb.c b/external/unbound/smallapp/worker_cb.c deleted file mode 100644 index e88e8c8d7..000000000 --- a/external/unbound/smallapp/worker_cb.c +++ /dev/null @@ -1,250 +0,0 @@ -/* - * checkconf/worker_cb.c - fake callback routines to make fptr_wlist work - * - * Copyright (c) 2007, NLnet Labs. All rights reserved. - * - * This software is open source. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * Redistributions of source code must retain the above copyright notice, - * this list of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, - * this list of conditions and the following disclaimer in the documentation - * and/or other materials provided with the distribution. - * - * Neither the name of the NLNET LABS nor the names of its contributors may - * be used to endorse or promote products derived from this software without - * specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR - * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT - * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED - * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR - * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF - * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING - * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -/** - * \file - * - * This file contains fake callback functions, so that the symbols exist - * and the fptr_wlist continues to work even if the daemon/worker is not - * linked into the resulting program. - */ -#include "config.h" -#include "libunbound/context.h" -#include "libunbound/worker.h" -#include "util/fptr_wlist.h" -#include "util/log.h" -#include "services/mesh.h" - -void worker_handle_control_cmd(struct tube* ATTR_UNUSED(tube), - uint8_t* ATTR_UNUSED(buffer), size_t ATTR_UNUSED(len), - int ATTR_UNUSED(error), void* ATTR_UNUSED(arg)) -{ - log_assert(0); -} - -int worker_handle_request(struct comm_point* ATTR_UNUSED(c), - void* ATTR_UNUSED(arg), int ATTR_UNUSED(error), - struct comm_reply* ATTR_UNUSED(repinfo)) -{ - log_assert(0); - return 0; -} - -int worker_handle_reply(struct comm_point* ATTR_UNUSED(c), - void* ATTR_UNUSED(arg), int ATTR_UNUSED(error), - struct comm_reply* ATTR_UNUSED(reply_info)) -{ - log_assert(0); - return 0; -} - -int worker_handle_service_reply(struct comm_point* ATTR_UNUSED(c), - void* ATTR_UNUSED(arg), int ATTR_UNUSED(error), - struct comm_reply* ATTR_UNUSED(reply_info)) -{ - log_assert(0); - return 0; -} - -int remote_accept_callback(struct comm_point* ATTR_UNUSED(c), - void* ATTR_UNUSED(arg), int ATTR_UNUSED(error), - struct comm_reply* ATTR_UNUSED(repinfo)) -{ - log_assert(0); - return 0; -} - -int remote_control_callback(struct comm_point* ATTR_UNUSED(c), - void* ATTR_UNUSED(arg), int ATTR_UNUSED(error), - struct comm_reply* ATTR_UNUSED(repinfo)) -{ - log_assert(0); - return 0; -} - -void worker_sighandler(int ATTR_UNUSED(sig), void* ATTR_UNUSED(arg)) -{ - log_assert(0); -} - -struct outbound_entry* worker_send_query( - struct query_info* ATTR_UNUSED(qinfo), uint16_t ATTR_UNUSED(flags), - int ATTR_UNUSED(dnssec), int ATTR_UNUSED(want_dnssec), - int ATTR_UNUSED(nocaps), struct sockaddr_storage* ATTR_UNUSED(addr), - socklen_t ATTR_UNUSED(addrlen), uint8_t* ATTR_UNUSED(zone), - size_t ATTR_UNUSED(zonelen), int ATTR_UNUSED(ssl_upstream), - struct module_qstate* ATTR_UNUSED(q)) -{ - log_assert(0); - return 0; -} - -#ifdef UB_ON_WINDOWS -void -worker_win_stop_cb(int ATTR_UNUSED(fd), short ATTR_UNUSED(ev), void* - ATTR_UNUSED(arg)) { - log_assert(0); -} - -void -wsvc_cron_cb(void* ATTR_UNUSED(arg)) -{ - log_assert(0); -} -#endif /* UB_ON_WINDOWS */ - -void -worker_alloc_cleanup(void* ATTR_UNUSED(arg)) -{ - log_assert(0); -} - -struct outbound_entry* libworker_send_query( - struct query_info* ATTR_UNUSED(qinfo), uint16_t ATTR_UNUSED(flags), - int ATTR_UNUSED(dnssec), int ATTR_UNUSED(want_dnssec), - int ATTR_UNUSED(nocaps), struct sockaddr_storage* ATTR_UNUSED(addr), - socklen_t ATTR_UNUSED(addrlen), uint8_t* ATTR_UNUSED(zone), - size_t ATTR_UNUSED(zonelen), int ATTR_UNUSED(ssl_upstream), - struct module_qstate* ATTR_UNUSED(q)) -{ - log_assert(0); - return 0; -} - -int libworker_handle_reply(struct comm_point* ATTR_UNUSED(c), - void* ATTR_UNUSED(arg), int ATTR_UNUSED(error), - struct comm_reply* ATTR_UNUSED(reply_info)) -{ - log_assert(0); - return 0; -} - -int libworker_handle_service_reply(struct comm_point* ATTR_UNUSED(c), - void* ATTR_UNUSED(arg), int ATTR_UNUSED(error), - struct comm_reply* ATTR_UNUSED(reply_info)) -{ - log_assert(0); - return 0; -} - -void libworker_handle_control_cmd(struct tube* ATTR_UNUSED(tube), - uint8_t* ATTR_UNUSED(buffer), size_t ATTR_UNUSED(len), - int ATTR_UNUSED(error), void* ATTR_UNUSED(arg)) -{ - log_assert(0); -} - -void libworker_fg_done_cb(void* ATTR_UNUSED(arg), int ATTR_UNUSED(rcode), - struct sldns_buffer* ATTR_UNUSED(buf), enum sec_status ATTR_UNUSED(s), - char* ATTR_UNUSED(why_bogus)) -{ - log_assert(0); -} - -void libworker_bg_done_cb(void* ATTR_UNUSED(arg), int ATTR_UNUSED(rcode), - struct sldns_buffer* ATTR_UNUSED(buf), enum sec_status ATTR_UNUSED(s), - char* ATTR_UNUSED(why_bogus)) -{ - log_assert(0); -} - -void libworker_event_done_cb(void* ATTR_UNUSED(arg), int ATTR_UNUSED(rcode), - struct sldns_buffer* ATTR_UNUSED(buf), enum sec_status ATTR_UNUSED(s), - char* ATTR_UNUSED(why_bogus)) -{ - log_assert(0); -} - -int context_query_cmp(const void* ATTR_UNUSED(a), const void* ATTR_UNUSED(b)) -{ - log_assert(0); - return 0; -} - -void worker_stat_timer_cb(void* ATTR_UNUSED(arg)) -{ - log_assert(0); -} - -void worker_probe_timer_cb(void* ATTR_UNUSED(arg)) -{ - log_assert(0); -} - -void worker_start_accept(void* ATTR_UNUSED(arg)) -{ - log_assert(0); -} - -void worker_stop_accept(void* ATTR_UNUSED(arg)) -{ - log_assert(0); -} - -/** keep track of lock id in lock-verify application */ -struct order_id { - /** the thread id that created it */ - int thr; - /** the instance number of creation */ - int instance; -}; - -int order_lock_cmp(const void* e1, const void* e2) -{ - const struct order_id* o1 = e1; - const struct order_id* o2 = e2; - if(o1->thr < o2->thr) return -1; - if(o1->thr > o2->thr) return 1; - if(o1->instance < o2->instance) return -1; - if(o1->instance > o2->instance) return 1; - return 0; -} - -int -codeline_cmp(const void* a, const void* b) -{ - return strcmp(a, b); -} - -int replay_var_compare(const void* ATTR_UNUSED(a), const void* ATTR_UNUSED(b)) -{ - log_assert(0); - return 0; -} - -void remote_get_opt_ssl(char* ATTR_UNUSED(str), void* ATTR_UNUSED(arg)) -{ - log_assert(0); -} diff --git a/external/unbound/testcode/asynclook.c b/external/unbound/testcode/asynclook.c deleted file mode 100644 index a2bdb6213..000000000 --- a/external/unbound/testcode/asynclook.c +++ /dev/null @@ -1,528 +0,0 @@ -/* - * testcode/asynclook.c - debug program perform async libunbound queries. - * - * Copyright (c) 2008, NLnet Labs. All rights reserved. - * - * This software is open source. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * Redistributions of source code must retain the above copyright notice, - * this list of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, - * this list of conditions and the following disclaimer in the documentation - * and/or other materials provided with the distribution. - * - * Neither the name of the NLNET LABS nor the names of its contributors may - * be used to endorse or promote products derived from this software without - * specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR - * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT - * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED - * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR - * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF - * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING - * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -/** - * \file - * - * This program shows the results from several background lookups, - * while printing time in the foreground. - */ - -#include "config.h" -#ifdef HAVE_GETOPT_H -#include -#endif -#include "libunbound/unbound.h" -#include "libunbound/context.h" -#include "util/locks.h" -#include "util/log.h" -#include "sldns/rrdef.h" -#ifdef UNBOUND_ALLOC_LITE -#undef malloc -#undef calloc -#undef realloc -#undef free -#undef strdup -#endif - -/** keeping track of the async ids */ -struct track_id { - /** the id to pass to libunbound to cancel */ - int id; - /** true if cancelled */ - int cancel; - /** a lock on this structure for thread safety */ - lock_basic_type lock; -}; - -/** - * result list for the lookups - */ -struct lookinfo { - /** name to look up */ - char* name; - /** tracking number that can be used to cancel the query */ - int async_id; - /** error code from libunbound */ - int err; - /** result from lookup */ - struct ub_result* result; -}; - -/** global variable to see how many queries we have left */ -static int num_wait = 0; - -/** usage information for asynclook */ -static void usage(char* argv[]) -{ - printf("usage: %s [options] name ...\n", argv[0]); - printf("names are looked up at the same time, asynchronously.\n"); - printf(" -b : use blocking requests\n"); - printf(" -c : cancel the requests\n"); - printf(" -d : enable debug output\n"); - printf(" -f addr : use addr, forward to that server\n"); - printf(" -h : this help message\n"); - printf(" -H fname : read hosts from fname\n"); - printf(" -r fname : read resolv.conf from fname\n"); - printf(" -t : use a resolver thread instead of forking a process\n"); - printf(" -x : perform extended threaded test\n"); - exit(1); -} - -/** print result from lookup nicely */ -static void -print_result(struct lookinfo* info) -{ - char buf[100]; - if(info->err) /* error (from libunbound) */ - printf("%s: error %s\n", info->name, - ub_strerror(info->err)); - else if(!info->result) - printf("%s: cancelled\n", info->name); - else if(info->result->havedata) - printf("%s: %s\n", info->name, - inet_ntop(AF_INET, info->result->data[0], - buf, (socklen_t)sizeof(buf))); - else { - /* there is no data, why that? */ - if(info->result->rcode == 0 /*noerror*/ || - info->result->nxdomain) - printf("%s: no data %s\n", info->name, - info->result->nxdomain?"(no such host)": - "(no IP4 address)"); - else /* some error (from the server) */ - printf("%s: DNS error %d\n", info->name, - info->result->rcode); - } -} - -/** this is a function of type ub_callback_t */ -static void -lookup_is_done(void* mydata, int err, struct ub_result* result) -{ - /* cast mydata back to the correct type */ - struct lookinfo* info = (struct lookinfo*)mydata; - fprintf(stderr, "name %s resolved\n", info->name); - info->err = err; - info->result = result; - /* one less to wait for */ - num_wait--; -} - -/** check error, if bad, exit with error message */ -static void -checkerr(const char* desc, int err) -{ - if(err != 0) { - printf("%s error: %s\n", desc, ub_strerror(err)); - exit(1); - } -} - -#ifdef THREADS_DISABLED -/** only one process can communicate with async worker */ -#define NUMTHR 1 -#else /* have threads */ -/** number of threads to make in extended test */ -#define NUMTHR 10 -#endif - -/** struct for extended thread info */ -struct ext_thr_info { - /** thread num for debug */ - int thread_num; - /** thread id */ - ub_thread_type tid; - /** context */ - struct ub_ctx* ctx; - /** size of array to query */ - int argc; - /** array of names to query */ - char** argv; - /** number of queries to do */ - int numq; -}; - -/** if true, we are testing against 'localhost' and extra checking is done */ -static int q_is_localhost = 0; - -/** check result structure for the 'correct' answer */ -static void -ext_check_result(const char* desc, int err, struct ub_result* result) -{ - checkerr(desc, err); - if(result == NULL) { - printf("%s: error result is NULL.\n", desc); - exit(1); - } - if(q_is_localhost) { - if(strcmp(result->qname, "localhost") != 0) { - printf("%s: error result has wrong qname.\n", desc); - exit(1); - } - if(result->qtype != LDNS_RR_TYPE_A) { - printf("%s: error result has wrong qtype.\n", desc); - exit(1); - } - if(result->qclass != LDNS_RR_CLASS_IN) { - printf("%s: error result has wrong qclass.\n", desc); - exit(1); - } - if(result->data == NULL) { - printf("%s: error result->data is NULL.\n", desc); - exit(1); - } - if(result->len == NULL) { - printf("%s: error result->len is NULL.\n", desc); - exit(1); - } - if(result->rcode != 0) { - printf("%s: error result->rcode is set.\n", desc); - exit(1); - } - if(result->havedata == 0) { - printf("%s: error result->havedata is unset.\n", desc); - exit(1); - } - if(result->nxdomain != 0) { - printf("%s: error result->nxdomain is set.\n", desc); - exit(1); - } - if(result->secure || result->bogus) { - printf("%s: error result->secure or bogus is set.\n", - desc); - exit(1); - } - if(result->data[0] == NULL) { - printf("%s: error result->data[0] is NULL.\n", desc); - exit(1); - } - if(result->len[0] != 4) { - printf("%s: error result->len[0] is wrong.\n", desc); - exit(1); - } - if(result->len[1] != 0 || result->data[1] != NULL) { - printf("%s: error result->data[1] or len[1] is " - "wrong.\n", desc); - exit(1); - } - if(result->answer_packet == NULL) { - printf("%s: error result->answer_packet is NULL.\n", - desc); - exit(1); - } - if(result->answer_len != 54) { - printf("%s: error result->answer_len is wrong.\n", - desc); - exit(1); - } - } -} - -/** extended bg result callback, this function is ub_callback_t */ -static void -ext_callback(void* mydata, int err, struct ub_result* result) -{ - struct track_id* my_id = (struct track_id*)mydata; - int doprint = 0; - if(my_id) { - /* I have an id, make sure we are not cancelled */ - lock_basic_lock(&my_id->lock); - if(doprint) - printf("cb %d: ", my_id->id); - if(my_id->cancel) { - printf("error: query id=%d returned, but was cancelled\n", - my_id->id); - abort(); - exit(1); - } - lock_basic_unlock(&my_id->lock); - } - ext_check_result("ext_callback", err, result); - log_assert(result); - if(doprint) { - struct lookinfo pi; - pi.name = result?result->qname:"noname"; - pi.result = result; - pi.err = 0; - print_result(&pi); - } - ub_resolve_free(result); -} - -/** extended thread worker */ -static void* -ext_thread(void* arg) -{ - struct ext_thr_info* inf = (struct ext_thr_info*)arg; - int i, r; - struct ub_result* result; - struct track_id* async_ids = NULL; - log_thread_set(&inf->thread_num); - if(inf->thread_num > NUMTHR*2/3) { - async_ids = (struct track_id*)calloc((size_t)inf->numq, sizeof(struct track_id)); - if(!async_ids) { - printf("out of memory\n"); - exit(1); - } - for(i=0; inumq; i++) { - lock_basic_init(&async_ids[i].lock); - } - } - for(i=0; inumq; i++) { - if(async_ids) { - r = ub_resolve_async(inf->ctx, - inf->argv[i%inf->argc], LDNS_RR_TYPE_A, - LDNS_RR_CLASS_IN, &async_ids[i], ext_callback, - &async_ids[i].id); - checkerr("ub_resolve_async", r); - if(i > 100) { - lock_basic_lock(&async_ids[i-100].lock); - r = ub_cancel(inf->ctx, async_ids[i-100].id); - if(r != UB_NOID) - async_ids[i-100].cancel=1; - lock_basic_unlock(&async_ids[i-100].lock); - if(r != UB_NOID) - checkerr("ub_cancel", r); - } - } else if(inf->thread_num > NUMTHR/2) { - /* async */ - r = ub_resolve_async(inf->ctx, - inf->argv[i%inf->argc], LDNS_RR_TYPE_A, - LDNS_RR_CLASS_IN, NULL, ext_callback, NULL); - checkerr("ub_resolve_async", r); - } else { - /* blocking */ - r = ub_resolve(inf->ctx, inf->argv[i%inf->argc], - LDNS_RR_TYPE_A, LDNS_RR_CLASS_IN, &result); - ext_check_result("ub_resolve", r, result); - ub_resolve_free(result); - } - } - if(inf->thread_num > NUMTHR/2) { - r = ub_wait(inf->ctx); - checkerr("ub_ctx_wait", r); - } - /* if these locks are destroyed, or if the async_ids is freed, then - a use-after-free happens in another thread. - The allocation is only part of this test, though. */ - /* - if(async_ids) { - for(i=0; inumq; i++) { - lock_basic_destroy(&async_ids[i].lock); - } - } - free(async_ids); - */ - - return NULL; -} - -/** perform extended threaded test */ -static int -ext_test(struct ub_ctx* ctx, int argc, char** argv) -{ - struct ext_thr_info inf[NUMTHR]; - int i; - if(argc == 1 && strcmp(argv[0], "localhost") == 0) - q_is_localhost = 1; - printf("extended test start (%d threads)\n", NUMTHR); - for(i=0; i 0) - for(i=0; i<1000; i++) { - usleep(100000); - fprintf(stderr, "%g seconds passed\n", 0.1*(double)i); - r = ub_process(ctx); - checkerr("ub_process", r); - if(num_wait == 0) - break; - } - if(i>=999) { - printf("timed out\n"); - return 0; - } - printf("lookup complete\n"); - - /* print lookup results */ - for(i=0; i -#include "util/locks.h" /* include before checklocks.h */ -#include "testcode/checklocks.h" - -/** - * \file - * Locks that are checked. - * - * Ugly hack: uses the fact that workers start with an int thread_num, and - * are passed to thread_create to make the thread numbers here the same as - * those used for logging which is nice. - * - * Todo: - * - debug status print, of thread lock stacks, and current waiting. - */ -#ifdef USE_THREAD_DEBUG - -/** How long to wait before lock attempt is a failure. */ -#define CHECK_LOCK_TIMEOUT 120 /* seconds */ -/** How long to wait before join attempt is a failure. */ -#define CHECK_JOIN_TIMEOUT 120 /* seconds */ - -/** if key has been created */ -static int key_created = 0; -/** if the key was deleted, i.e. we have quit */ -static int key_deleted = 0; -/** we hide the thread debug info with this key. */ -static ub_thread_key_type thr_debug_key; -/** the list of threads, so all threads can be examined. NULL if unused. */ -static struct thr_check* thread_infos[THRDEBUG_MAX_THREADS]; -/** do we check locking order */ -int check_locking_order = 1; -/** the pid of this runset, reasonably unique. */ -static pid_t check_lock_pid; - -/** print all possible debug info on the state of the system */ -static void total_debug_info(void); - -/** print pretty lock error and exit */ -static void lock_error(struct checked_lock* lock, - const char* func, const char* file, int line, const char* err) -{ - log_err("lock error (description follows)"); - log_err("Created at %s %s:%d", lock->create_func, - lock->create_file, lock->create_line); - if(lock->holder_func && lock->holder_file) - log_err("Previously %s %s:%d", lock->holder_func, - lock->holder_file, lock->holder_line); - log_err("At %s %s:%d", func, file, line); - log_err("Error for %s lock: %s", - (lock->type==check_lock_mutex)?"mutex": ( - (lock->type==check_lock_spinlock)?"spinlock": ( - (lock->type==check_lock_rwlock)?"rwlock": "badtype")), err); - log_err("complete status display:"); - total_debug_info(); - fatal_exit("bailing out"); -} - -/** - * Obtain lock on debug lock structure. This could be a deadlock by the caller. - * The debug code itself does not deadlock. Anyway, check with timeouts. - * @param lock: on what to acquire lock. - * @param func: user level caller identification. - * @param file: user level caller identification. - * @param line: user level caller identification. - */ -static void -acquire_locklock(struct checked_lock* lock, - const char* func, const char* file, int line) -{ - struct timespec to; - int err; - int contend = 0; - /* first try; inc contention counter if not immediately */ - if((err = pthread_mutex_trylock(&lock->lock))) { - if(err==EBUSY) - contend++; - else fatal_exit("error in mutex_trylock: %s", strerror(err)); - } - if(!err) - return; /* immediate success */ - to.tv_sec = time(NULL) + CHECK_LOCK_TIMEOUT; - to.tv_nsec = 0; - err = pthread_mutex_timedlock(&lock->lock, &to); - if(err) { - log_err("in acquiring locklock: %s", strerror(err)); - lock_error(lock, func, file, line, "acquire locklock"); - } - /* since we hold the lock, we can edit the contention_count */ - lock->contention_count += contend; -} - -/** add protected region */ -void -lock_protect(void *p, void* area, size_t size) -{ - struct checked_lock* lock = *(struct checked_lock**)p; - struct protected_area* e = (struct protected_area*)malloc( - sizeof(struct protected_area)); - if(!e) - fatal_exit("lock_protect: out of memory"); - e->region = area; - e->size = size; - e->hold = malloc(size); - if(!e->hold) - fatal_exit("lock_protect: out of memory"); - memcpy(e->hold, e->region, e->size); - - acquire_locklock(lock, __func__, __FILE__, __LINE__); - e->next = lock->prot; - lock->prot = e; - LOCKRET(pthread_mutex_unlock(&lock->lock)); -} - -/** remove protected region */ -void -lock_unprotect(void* mangled, void* area) -{ - struct checked_lock* lock = *(struct checked_lock**)mangled; - struct protected_area* p, **prevp; - if(!lock) - return; - acquire_locklock(lock, __func__, __FILE__, __LINE__); - p = lock->prot; - prevp = &lock->prot; - while(p) { - if(p->region == area) { - *prevp = p->next; - free(p->hold); - free(p); - LOCKRET(pthread_mutex_unlock(&lock->lock)); - return; - } - prevp = &p->next; - p = p->next; - } - LOCKRET(pthread_mutex_unlock(&lock->lock)); -} - -/** - * Check protected memory region. Memory compare. Exit on error. - * @param lock: which lock to check. - * @param func: location we are now (when failure is detected). - * @param file: location we are now (when failure is detected). - * @param line: location we are now (when failure is detected). - */ -static void -prot_check(struct checked_lock* lock, - const char* func, const char* file, int line) -{ - struct protected_area* p = lock->prot; - while(p) { - if(memcmp(p->hold, p->region, p->size) != 0) { - log_hex("memory prev", p->hold, p->size); - log_hex("memory here", p->region, p->size); - lock_error(lock, func, file, line, - "protected area modified"); - } - p = p->next; - } -} - -/** Copy protected memory region */ -static void -prot_store(struct checked_lock* lock) -{ - struct protected_area* p = lock->prot; - while(p) { - memcpy(p->hold, p->region, p->size); - p = p->next; - } -} - -/** get memory held by lock */ -size_t -lock_get_mem(void* pp) -{ - size_t s; - struct checked_lock* lock = *(struct checked_lock**)pp; - struct protected_area* p; - s = sizeof(struct checked_lock); - acquire_locklock(lock, __func__, __FILE__, __LINE__); - for(p = lock->prot; p; p = p->next) { - s += sizeof(struct protected_area); - s += p->size; - } - LOCKRET(pthread_mutex_unlock(&lock->lock)); - return s; -} - -/** write lock trace info to file, while you hold those locks */ -static void -ordercheck_locklock(struct thr_check* thr, struct checked_lock* lock) -{ - int info[4]; - if(!check_locking_order) return; - if(!thr->holding_first) return; /* no older lock, no info */ - /* write: */ - info[0] = thr->holding_first->create_thread; - info[1] = thr->holding_first->create_instance; - info[2] = lock->create_thread; - info[3] = lock->create_instance; - if(fwrite(info, 4*sizeof(int), 1, thr->order_info) != 1 || - fwrite(lock->holder_file, strlen(lock->holder_file)+1, 1, - thr->order_info) != 1 || - fwrite(&lock->holder_line, sizeof(int), 1, - thr->order_info) != 1) - log_err("fwrite: %s", strerror(errno)); -} - -/** write ordercheck lock creation details to file */ -static void -ordercheck_lockcreate(struct thr_check* thr, struct checked_lock* lock) -{ - /* write: */ - int cmd = -1; - if(!check_locking_order) return; - - if( fwrite(&cmd, sizeof(int), 1, thr->order_info) != 1 || - fwrite(&lock->create_thread, sizeof(int), 1, - thr->order_info) != 1 || - fwrite(&lock->create_instance, sizeof(int), 1, - thr->order_info) != 1 || - fwrite(lock->create_file, strlen(lock->create_file)+1, 1, - thr->order_info) != 1 || - fwrite(&lock->create_line, sizeof(int), 1, - thr->order_info) != 1) - log_err("fwrite: %s", strerror(errno)); -} - -/** alloc struct, init lock empty */ -void -checklock_init(enum check_lock_type type, struct checked_lock** lock, - const char* func, const char* file, int line) -{ - struct checked_lock* e = (struct checked_lock*)calloc(1, - sizeof(struct checked_lock)); - struct thr_check *thr = (struct thr_check*)pthread_getspecific( - thr_debug_key); - if(!e) - fatal_exit("%s %s %d: out of memory", func, file, line); - if(!thr) { - /* this is called when log_init() calls lock_init() - * functions, and the test check code has not yet - * been initialised. But luckily, the checklock_start() - * routine can be called multiple times without ill effect. - */ - checklock_start(); - thr = (struct thr_check*)pthread_getspecific(thr_debug_key); - } - if(!thr) - fatal_exit("%s %s %d: lock_init no thread info", func, file, - line); - *lock = e; - e->type = type; - e->create_func = func; - e->create_file = file; - e->create_line = line; - e->create_thread = thr->num; - e->create_instance = thr->locks_created++; - ordercheck_lockcreate(thr, e); - LOCKRET(pthread_mutex_init(&e->lock, NULL)); - switch(e->type) { - case check_lock_mutex: - LOCKRET(pthread_mutex_init(&e->u.mutex, NULL)); - break; - case check_lock_spinlock: - LOCKRET(pthread_spin_init(&e->u.spinlock, PTHREAD_PROCESS_PRIVATE)); - break; - case check_lock_rwlock: - LOCKRET(pthread_rwlock_init(&e->u.rwlock, NULL)); - break; - default: - log_assert(0); - } -} - -/** delete prot items */ -static void -prot_clear(struct checked_lock* lock) -{ - struct protected_area* p=lock->prot, *np; - while(p) { - np = p->next; - free(p->hold); - free(p); - p = np; - } -} - -/** check if type is OK for the lock given */ -static void -checktype(enum check_lock_type type, struct checked_lock* lock, - const char* func, const char* file, int line) -{ - if(!lock) - fatal_exit("use of null/deleted lock at %s %s:%d", - func, file, line); - if(type != lock->type) { - lock_error(lock, func, file, line, "wrong lock type"); - } -} - -/** check if OK, free struct */ -void -checklock_destroy(enum check_lock_type type, struct checked_lock** lock, - const char* func, const char* file, int line) -{ - const size_t contention_interest = 1; /* promille contented locks */ - struct checked_lock* e; - if(!lock) - return; - e = *lock; - if(!e) - return; - checktype(type, e, func, file, line); - - /* check if delete is OK */ - acquire_locklock(e, func, file, line); - if(e->hold_count != 0) - lock_error(e, func, file, line, "delete while locked."); - if(e->wait_count != 0) - lock_error(e, func, file, line, "delete while waited on."); - prot_check(e, func, file, line); - *lock = NULL; /* use after free will fail */ - LOCKRET(pthread_mutex_unlock(&e->lock)); - - /* contention, look at fraction in trouble. */ - if(e->history_count > 1 && - 1000*e->contention_count/e->history_count > contention_interest) { - log_info("lock created %s %s %d has contention %u of %u (%d%%)", - e->create_func, e->create_file, e->create_line, - (unsigned int)e->contention_count, - (unsigned int)e->history_count, - (int)(100*e->contention_count/e->history_count)); - } - - /* delete it */ - LOCKRET(pthread_mutex_destroy(&e->lock)); - prot_clear(e); - /* since nobody holds the lock - see check above, no need to unlink - * from the thread-held locks list. */ - switch(e->type) { - case check_lock_mutex: - LOCKRET(pthread_mutex_destroy(&e->u.mutex)); - break; - case check_lock_spinlock: - LOCKRET(pthread_spin_destroy(&e->u.spinlock)); - break; - case check_lock_rwlock: - LOCKRET(pthread_rwlock_destroy(&e->u.rwlock)); - break; - default: - log_assert(0); - } - memset(e, 0, sizeof(struct checked_lock)); - free(e); -} - -/** finish acquiring lock, shared between _(rd|wr||)lock() routines */ -static void -finish_acquire_lock(struct thr_check* thr, struct checked_lock* lock, - const char* func, const char* file, int line) -{ - thr->waiting = NULL; - lock->wait_count --; - lock->holder = thr; - lock->hold_count ++; - lock->holder_func = func; - lock->holder_file = file; - lock->holder_line = line; - ordercheck_locklock(thr, lock); - - /* insert in thread lock list, as first */ - lock->prev_held_lock[thr->num] = NULL; - lock->next_held_lock[thr->num] = thr->holding_first; - if(thr->holding_first) - /* no need to lock it, since this thread already holds the - * lock (since it is on this list) and we only edit thr->num - * member in array. So it is safe. */ - thr->holding_first->prev_held_lock[thr->num] = lock; - else thr->holding_last = lock; - thr->holding_first = lock; -} - -/** - * Locking routine. - * @param type: as passed by user. - * @param lock: as passed by user. - * @param func: caller location. - * @param file: caller location. - * @param line: caller location. - * @param tryfunc: the pthread_mutex_trylock or similar function. - * @param timedfunc: the pthread_mutex_timedlock or similar function. - * Uses absolute timeout value. - * @param arg: what to pass to tryfunc and timedlock. - * @param exclusive: if lock must be exclusive (only one allowed). - * @param getwr: if attempts to get writelock (or readlock) for rwlocks. - */ -static void -checklock_lockit(enum check_lock_type type, struct checked_lock* lock, - const char* func, const char* file, int line, - int (*tryfunc)(void*), int (*timedfunc)(void*, struct timespec*), - void* arg, int exclusive, int getwr) -{ - int err; - int contend = 0; - struct thr_check *thr = (struct thr_check*)pthread_getspecific( - thr_debug_key); - checktype(type, lock, func, file, line); - if(!thr) lock_error(lock, func, file, line, "no thread info"); - - acquire_locklock(lock, func, file, line); - lock->wait_count ++; - thr->waiting = lock; - if(exclusive && lock->hold_count > 0 && lock->holder == thr) - lock_error(lock, func, file, line, "thread already owns lock"); - if(type==check_lock_rwlock && getwr && lock->writeholder == thr) - lock_error(lock, func, file, line, "thread already has wrlock"); - LOCKRET(pthread_mutex_unlock(&lock->lock)); - - /* first try; if busy increase contention counter */ - if((err=tryfunc(arg))) { - struct timespec to; - if(err != EBUSY) log_err("trylock: %s", strerror(err)); - to.tv_sec = time(NULL) + CHECK_LOCK_TIMEOUT; - to.tv_nsec = 0; - if((err=timedfunc(arg, &to))) { - if(err == ETIMEDOUT) - lock_error(lock, func, file, line, - "timeout possible deadlock"); - log_err("timedlock: %s", strerror(err)); - } - contend ++; - } - /* got the lock */ - - acquire_locklock(lock, func, file, line); - lock->contention_count += contend; - lock->history_count++; - if(exclusive && lock->hold_count > 0) - lock_error(lock, func, file, line, "got nonexclusive lock"); - if(type==check_lock_rwlock && getwr && lock->writeholder) - lock_error(lock, func, file, line, "got nonexclusive wrlock"); - if(type==check_lock_rwlock && getwr) - lock->writeholder = thr; - /* check the memory areas for unauthorized changes, - * between last unlock time and current lock time. - * we check while holding the lock (threadsafe). - */ - if(getwr || exclusive) - prot_check(lock, func, file, line); - finish_acquire_lock(thr, lock, func, file, line); - LOCKRET(pthread_mutex_unlock(&lock->lock)); -} - -/** helper for rdlock: try */ -static int try_rd(void* arg) -{ return pthread_rwlock_tryrdlock((pthread_rwlock_t*)arg); } -/** helper for rdlock: timed */ -static int timed_rd(void* arg, struct timespec* to) -{ return pthread_rwlock_timedrdlock((pthread_rwlock_t*)arg, to); } - -/** check if OK, lock */ -void -checklock_rdlock(enum check_lock_type type, struct checked_lock* lock, - const char* func, const char* file, int line) -{ - if(key_deleted) - return; - - log_assert(type == check_lock_rwlock); - checklock_lockit(type, lock, func, file, line, - try_rd, timed_rd, &lock->u.rwlock, 0, 0); -} - -/** helper for wrlock: try */ -static int try_wr(void* arg) -{ return pthread_rwlock_trywrlock((pthread_rwlock_t*)arg); } -/** helper for wrlock: timed */ -static int timed_wr(void* arg, struct timespec* to) -{ return pthread_rwlock_timedwrlock((pthread_rwlock_t*)arg, to); } - -/** check if OK, lock */ -void -checklock_wrlock(enum check_lock_type type, struct checked_lock* lock, - const char* func, const char* file, int line) -{ - if(key_deleted) - return; - log_assert(type == check_lock_rwlock); - checklock_lockit(type, lock, func, file, line, - try_wr, timed_wr, &lock->u.rwlock, 0, 1); -} - -/** helper for lock mutex: try */ -static int try_mutex(void* arg) -{ return pthread_mutex_trylock((pthread_mutex_t*)arg); } -/** helper for lock mutex: timed */ -static int timed_mutex(void* arg, struct timespec* to) -{ return pthread_mutex_timedlock((pthread_mutex_t*)arg, to); } - -/** helper for lock spinlock: try */ -static int try_spinlock(void* arg) -{ return pthread_spin_trylock((pthread_spinlock_t*)arg); } -/** helper for lock spinlock: timed */ -static int timed_spinlock(void* arg, struct timespec* to) -{ - int err; - /* spin for 5 seconds. (ouch for the CPU, but it beats forever) */ - while( (err=try_spinlock(arg)) == EBUSY) { -#ifndef S_SPLINT_S - if(time(NULL) >= to->tv_sec) - return ETIMEDOUT; - usleep(1000); /* in 1/1000000s of a second */ -#endif - } - return err; -} - -/** check if OK, lock */ -void -checklock_lock(enum check_lock_type type, struct checked_lock* lock, - const char* func, const char* file, int line) -{ - if(key_deleted) - return; - log_assert(type != check_lock_rwlock); - switch(type) { - case check_lock_mutex: - checklock_lockit(type, lock, func, file, line, - try_mutex, timed_mutex, &lock->u.mutex, 1, 0); - break; - case check_lock_spinlock: - /* void* cast needed because 'volatile' on some OS */ - checklock_lockit(type, lock, func, file, line, - try_spinlock, timed_spinlock, - (void*)&lock->u.spinlock, 1, 0); - break; - default: - log_assert(0); - } -} - -/** check if OK, unlock */ -void -checklock_unlock(enum check_lock_type type, struct checked_lock* lock, - const char* func, const char* file, int line) -{ - struct thr_check *thr; - if(key_deleted) - return; - thr = (struct thr_check*)pthread_getspecific(thr_debug_key); - checktype(type, lock, func, file, line); - if(!thr) lock_error(lock, func, file, line, "no thread info"); - - acquire_locklock(lock, func, file, line); - /* was this thread even holding this lock? */ - if(thr->holding_first != lock && - lock->prev_held_lock[thr->num] == NULL) { - lock_error(lock, func, file, line, "unlock nonlocked lock"); - } - if(lock->hold_count <= 0) - lock_error(lock, func, file, line, "too many unlocks"); - - /* store this point as last touched by */ - lock->holder = thr; - lock->hold_count --; - lock->holder_func = func; - lock->holder_file = file; - lock->holder_line = line; - - /* delete from thread holder list */ - /* no need to lock other lockstructs, because they are all on the - * held-locks list, and this thread holds their locks. - * we only touch the thr->num members, so it is safe. */ - if(thr->holding_first == lock) - thr->holding_first = lock->next_held_lock[thr->num]; - if(thr->holding_last == lock) - thr->holding_last = lock->prev_held_lock[thr->num]; - if(lock->next_held_lock[thr->num]) - lock->next_held_lock[thr->num]->prev_held_lock[thr->num] = - lock->prev_held_lock[thr->num]; - if(lock->prev_held_lock[thr->num]) - lock->prev_held_lock[thr->num]->next_held_lock[thr->num] = - lock->next_held_lock[thr->num]; - lock->next_held_lock[thr->num] = NULL; - lock->prev_held_lock[thr->num] = NULL; - - if(type==check_lock_rwlock && lock->writeholder == thr) { - lock->writeholder = NULL; - prot_store(lock); - } else if(type != check_lock_rwlock) { - /* store memory areas that are protected, for later checks */ - prot_store(lock); - } - LOCKRET(pthread_mutex_unlock(&lock->lock)); - - /* unlock it */ - switch(type) { - case check_lock_mutex: - LOCKRET(pthread_mutex_unlock(&lock->u.mutex)); - break; - case check_lock_spinlock: - LOCKRET(pthread_spin_unlock(&lock->u.spinlock)); - break; - case check_lock_rwlock: - LOCKRET(pthread_rwlock_unlock(&lock->u.rwlock)); - break; - default: - log_assert(0); - } -} - -/** open order info debug file, thr->num must be valid */ -static void -open_lockorder(struct thr_check* thr) -{ - char buf[24]; - time_t t; - snprintf(buf, sizeof(buf), "ublocktrace.%d", thr->num); - thr->order_info = fopen(buf, "w"); - if(!thr->order_info) - fatal_exit("could not open %s: %s", buf, strerror(errno)); - thr->locks_created = 0; - t = time(NULL); - /* write: */ - if(fwrite(&t, sizeof(t), 1, thr->order_info) != 1 || - fwrite(&thr->num, sizeof(thr->num), 1, thr->order_info) != 1 || - fwrite(&check_lock_pid, sizeof(check_lock_pid), 1, - thr->order_info) != 1) - log_err("fwrite: %s", strerror(errno)); -} - -/** checklock thread main, Inits thread structure */ -static void* checklock_main(void* arg) -{ - struct thr_check* thr = (struct thr_check*)arg; - void* ret; - thr->id = pthread_self(); - /* Hack to get same numbers as in log file */ - thr->num = *(int*)(thr->arg); - log_assert(thr->num < THRDEBUG_MAX_THREADS); - /* as an aside, due to this, won't work for libunbound bg thread */ - if(thread_infos[thr->num] != NULL) - log_warn("thread warning, thr->num %d not NULL", thr->num); - thread_infos[thr->num] = thr; - LOCKRET(pthread_setspecific(thr_debug_key, thr)); - if(check_locking_order) - open_lockorder(thr); - ret = thr->func(thr->arg); - thread_infos[thr->num] = NULL; - if(check_locking_order) - fclose(thr->order_info); - free(thr); - return ret; -} - -/** init the main thread */ -void checklock_start(void) -{ - if(key_deleted) - return; - if(!key_created) { - struct thr_check* thisthr = (struct thr_check*)calloc(1, - sizeof(struct thr_check)); - if(!thisthr) - fatal_exit("thrcreate: out of memory"); - key_created = 1; - check_lock_pid = getpid(); - LOCKRET(pthread_key_create(&thr_debug_key, NULL)); - LOCKRET(pthread_setspecific(thr_debug_key, thisthr)); - thread_infos[0] = thisthr; - if(check_locking_order) - open_lockorder(thisthr); - } -} - -/** stop checklocks */ -void checklock_stop(void) -{ - if(key_created) { - int i; - key_deleted = 1; - if(check_locking_order) - fclose(thread_infos[0]->order_info); - free(thread_infos[0]); - thread_infos[0] = NULL; - for(i = 0; i < THRDEBUG_MAX_THREADS; i++) - log_assert(thread_infos[i] == NULL); - /* should have been cleaned up. */ - LOCKRET(pthread_key_delete(thr_debug_key)); - key_created = 0; - } -} - -/** allocate debug info and create thread */ -void -checklock_thrcreate(pthread_t* id, void* (*func)(void*), void* arg) -{ - struct thr_check* thr = (struct thr_check*)calloc(1, - sizeof(struct thr_check)); - if(!thr) - fatal_exit("thrcreate: out of memory"); - if(!key_created) { - checklock_start(); - } - thr->func = func; - thr->arg = arg; - LOCKRET(pthread_create(id, NULL, checklock_main, thr)); -} - -/** count number of thread infos */ -static int -count_thread_infos(void) -{ - int cnt = 0; - int i; - for(i=0; icreate_thread, lock->create_instance, - lock->create_func, lock->create_file, lock->create_line); - log_info("lock type: %s", - (lock->type==check_lock_mutex)?"mutex": ( - (lock->type==check_lock_spinlock)?"spinlock": ( - (lock->type==check_lock_rwlock)?"rwlock": "badtype"))); - log_info("lock contention %u, history:%u, hold:%d, wait:%d", - (unsigned)lock->contention_count, (unsigned)lock->history_count, - lock->hold_count, lock->wait_count); - log_info("last touch %s %s %d", lock->holder_func, lock->holder_file, - lock->holder_line); - log_info("holder thread %d, writeholder thread %d", - lock->holder?lock->holder->num:-1, - lock->writeholder?lock->writeholder->num:-1); -} - -/** print debug locks held by a thread */ -static void -held_debug_info(struct thr_check* thr, struct checked_lock* lock) -{ - if(!lock) return; - lock_debug_info(lock); - held_debug_info(thr, lock->next_held_lock[thr->num]); -} - -/** print debug info for a thread */ -static void -thread_debug_info(struct thr_check* thr) -{ - struct checked_lock* w = NULL; - struct checked_lock* f = NULL; - struct checked_lock* l = NULL; - if(!thr) return; - log_info("pthread id is %x", (int)thr->id); - log_info("thread func is %llx", (unsigned long long)(size_t)thr->func); - log_info("thread arg is %llx (%d)", - (unsigned long long)(size_t)thr->arg, - (thr->arg?*(int*)thr->arg:0)); - log_info("thread num is %d", thr->num); - log_info("locks created %d", thr->locks_created); - log_info("open file for lockinfo: %s", - thr->order_info?"yes, flushing":"no"); - fflush(thr->order_info); - w = thr->waiting; - f = thr->holding_first; - l = thr->holding_last; - log_info("thread waiting for a lock: %s %llx", w?"yes":"no", - (unsigned long long)(size_t)w); - lock_debug_info(w); - log_info("thread holding first: %s, last: %s", f?"yes":"no", - l?"yes":"no"); - held_debug_info(thr, f); -} - -static void -total_debug_info(void) -{ - int i; - log_info("checklocks: supervising %d threads.", - count_thread_infos()); - if(!key_created) { - log_info("No thread debug key created yet"); - } - for(i=0; i - -/** How many threads to allocate for */ -#define THRDEBUG_MAX_THREADS 32 /* threads */ -/** do we check locking order */ -extern int check_locking_order; - -/** - * Protection memory area. - * It is copied to a holding buffer to compare against later. - * Note that it may encompass the lock structure. - */ -struct protected_area { - /** where the memory region starts */ - void* region; - /** size of the region */ - size_t size; - /** backbuffer that holds a copy, of same size. */ - void* hold; - /** next protected area in list */ - struct protected_area* next; -}; - -/** - * Per thread information for locking debug wrappers. - */ -struct thr_check { - /** thread id */ - pthread_t id; - /** real thread func */ - void* (*func)(void*); - /** func user arg */ - void* arg; - /** number of thread in list structure */ - int num; - /** instance number - how many locks have been created by thread */ - int locks_created; - /** file to write locking order information to */ - FILE* order_info; - /** - * List of locks that this thread is holding, double - * linked list. The first element is the most recent lock acquired. - * So it represents the stack of locks acquired. (of all types). - */ - struct checked_lock *holding_first, *holding_last; - /** if the thread is currently waiting for a lock, which one */ - struct checked_lock* waiting; -}; - -/** - * One structure for all types of locks. - */ -struct checked_lock { - /** mutex for exclusive access to this structure */ - pthread_mutex_t lock; - /** list of memory regions protected by this checked lock */ - struct protected_area* prot; - /** where was this lock created */ - const char* create_func, *create_file; - /** where was this lock created */ - int create_line; - /** unique instance identifier */ - int create_thread, create_instance; - /** contention count */ - size_t contention_count; - /** number of times locked, ever */ - size_t history_count; - /** hold count (how many threads are holding this lock) */ - int hold_count; - /** how many threads are waiting for this lock */ - int wait_count; - /** who touched it last */ - const char* holder_func, *holder_file; - /** who touched it last */ - int holder_line; - /** who owns the lock now */ - struct thr_check* holder; - /** for rwlocks, the writelock holder */ - struct thr_check* writeholder; - - /** next lock a thread is holding (less recent) */ - struct checked_lock* next_held_lock[THRDEBUG_MAX_THREADS]; - /** prev lock a thread is holding (more recent) */ - struct checked_lock* prev_held_lock[THRDEBUG_MAX_THREADS]; - - /** type of lock */ - enum check_lock_type { - /** basic mutex */ - check_lock_mutex, - /** fast spinlock */ - check_lock_spinlock, - /** rwlock */ - check_lock_rwlock - } type; - /** the lock itself, see type to disambiguate the union */ - union { - /** mutex */ - pthread_mutex_t mutex; - /** spinlock */ - pthread_spinlock_t spinlock; - /** rwlock */ - pthread_rwlock_t rwlock; - } u; -}; - -/** - * Additional call for the user to specify what areas are protected - * @param lock: the lock that protects the area. It can be inside the area. - * The lock must be inited. Call with user lock. (any type). - * It demangles the lock itself (struct checked_lock**). - * @param area: ptr to mem. - * @param size: length of area. - * You can call it multiple times with the same lock to give several areas. - * Call it when you are done initialising the area, since it will be copied - * at this time and protected right away against unauthorised changes until - * the next lock() call is done. - */ -void lock_protect(void* lock, void* area, size_t size); - -/** - * Remove protected area from lock. - * No need to call this when deleting the lock. - * @param lock: the lock, any type, (struct checked_lock**). - * @param area: pointer to memory. - */ -void lock_unprotect(void* lock, void* area); - -/** - * Get memory associated with a checked lock - * @param lock: the checked lock, any type. (struct checked_lock**). - * @return: in bytes, including protected areas. - */ -size_t lock_get_mem(void* lock); - -/** - * Initialise checklock. Sets up internal debug structures. - */ -void checklock_start(void); - -/** - * Cleanup internal debug state. - */ -void checklock_stop(void); - -/** - * Init locks. - * @param type: what type of lock this is. - * @param lock: ptr to user alloced ptr structure. This is inited. - * So an alloc is done and the ptr is stored as result. - * @param func: caller function name. - * @param file: caller file name. - * @param line: caller line number. - */ -void checklock_init(enum check_lock_type type, struct checked_lock** lock, - const char* func, const char* file, int line); - -/** - * Destroy locks. Free the structure. - * @param type: what type of lock this is. - * @param lock: ptr to user alloced structure. This is destroyed. - * @param func: caller function name. - * @param file: caller file name. - * @param line: caller line number. - */ -void checklock_destroy(enum check_lock_type type, struct checked_lock** lock, - const char* func, const char* file, int line); - -/** - * Acquire readlock. - * @param type: what type of lock this is. Had better be a rwlock. - * @param lock: ptr to lock. - * @param func: caller function name. - * @param file: caller file name. - * @param line: caller line number. - */ -void checklock_rdlock(enum check_lock_type type, struct checked_lock* lock, - const char* func, const char* file, int line); - -/** - * Acquire writelock. - * @param type: what type of lock this is. Had better be a rwlock. - * @param lock: ptr to lock. - * @param func: caller function name. - * @param file: caller file name. - * @param line: caller line number. - */ -void checklock_wrlock(enum check_lock_type type, struct checked_lock* lock, - const char* func, const char* file, int line); - -/** - * Locks. - * @param type: what type of lock this is. Had better be mutex or spinlock. - * @param lock: the lock. - * @param func: caller function name. - * @param file: caller file name. - * @param line: caller line number. - */ -void checklock_lock(enum check_lock_type type, struct checked_lock* lock, - const char* func, const char* file, int line); - -/** - * Unlocks. - * @param type: what type of lock this is. - * @param lock: the lock. - * @param func: caller function name. - * @param file: caller file name. - * @param line: caller line number. - */ -void checklock_unlock(enum check_lock_type type, struct checked_lock* lock, - const char* func, const char* file, int line); - -/** - * Create thread. - * @param thr: Thread id, where to store result. - * @param func: thread start function. - * @param arg: user argument. - */ -void checklock_thrcreate(pthread_t* thr, void* (*func)(void*), void* arg); - -/** - * Wait for thread to exit. Returns thread return value. - * @param thread: thread to wait for. - */ -void checklock_thrjoin(pthread_t thread); - -/** structures to enable compiler type checking on the locks. - * Also the pointer makes it so that the lock can be part of the protected - * region without any possible problem (since the ptr will stay the same.) - * i.e. there can be contention and readlocks stored in checked_lock, while - * the protected area stays the same, even though it contains (ptr to) lock. - */ -struct checked_lock_rw { struct checked_lock* c_rw; }; -/** structures to enable compiler type checking on the locks. */ -struct checked_lock_mutex { struct checked_lock* c_m; }; -/** structures to enable compiler type checking on the locks. */ -struct checked_lock_spl { struct checked_lock* c_spl; }; - -/** debugging rwlock */ -typedef struct checked_lock_rw lock_rw_type; -#define lock_rw_init(lock) checklock_init(check_lock_rwlock, &((lock)->c_rw), __func__, __FILE__, __LINE__) -#define lock_rw_destroy(lock) checklock_destroy(check_lock_rwlock, &((lock)->c_rw), __func__, __FILE__, __LINE__) -#define lock_rw_rdlock(lock) checklock_rdlock(check_lock_rwlock, (lock)->c_rw, __func__, __FILE__, __LINE__) -#define lock_rw_wrlock(lock) checklock_wrlock(check_lock_rwlock, (lock)->c_rw, __func__, __FILE__, __LINE__) -#define lock_rw_unlock(lock) checklock_unlock(check_lock_rwlock, (lock)->c_rw, __func__, __FILE__, __LINE__) - -/** debugging mutex */ -typedef struct checked_lock_mutex lock_basic_type; -#define lock_basic_init(lock) checklock_init(check_lock_mutex, &((lock)->c_m), __func__, __FILE__, __LINE__) -#define lock_basic_destroy(lock) checklock_destroy(check_lock_mutex, &((lock)->c_m), __func__, __FILE__, __LINE__) -#define lock_basic_lock(lock) checklock_lock(check_lock_mutex, (lock)->c_m, __func__, __FILE__, __LINE__) -#define lock_basic_unlock(lock) checklock_unlock(check_lock_mutex, (lock)->c_m, __func__, __FILE__, __LINE__) - -/** debugging spinlock */ -typedef struct checked_lock_spl lock_quick_type; -#define lock_quick_init(lock) checklock_init(check_lock_spinlock, &((lock)->c_spl), __func__, __FILE__, __LINE__) -#define lock_quick_destroy(lock) checklock_destroy(check_lock_spinlock, &((lock)->c_spl), __func__, __FILE__, __LINE__) -#define lock_quick_lock(lock) checklock_lock(check_lock_spinlock, (lock)->c_spl, __func__, __FILE__, __LINE__) -#define lock_quick_unlock(lock) checklock_unlock(check_lock_spinlock, (lock)->c_spl, __func__, __FILE__, __LINE__) - -/** we use the pthread id, our thr_check structure is kept behind the scenes */ -typedef pthread_t ub_thread_type; -#define ub_thread_create(thr, func, arg) checklock_thrcreate(thr, func, arg) -#define ub_thread_self() pthread_self() -#define ub_thread_join(thread) checklock_thrjoin(thread) - -typedef pthread_key_t ub_thread_key_type; -#define ub_thread_key_create(key, f) LOCKRET(pthread_key_create(key, f)) -#define ub_thread_key_set(key, v) LOCKRET(pthread_setspecific(key, v)) -#define ub_thread_key_get(key) pthread_getspecific(key) - -#endif /* USE_THREAD_DEBUG */ -#endif /* TESTCODE_CHECK_LOCKS_H */ diff --git a/external/unbound/testcode/delayer.c b/external/unbound/testcode/delayer.c deleted file mode 100644 index 5489b591e..000000000 --- a/external/unbound/testcode/delayer.c +++ /dev/null @@ -1,1185 +0,0 @@ -/* - * testcode/delayer.c - debug program that delays queries to a server. - * - * Copyright (c) 2008, NLnet Labs. All rights reserved. - * - * This software is open source. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * Redistributions of source code must retain the above copyright notice, - * this list of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, - * this list of conditions and the following disclaimer in the documentation - * and/or other materials provided with the distribution. - * - * Neither the name of the NLNET LABS nor the names of its contributors may - * be used to endorse or promote products derived from this software without - * specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR - * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT - * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED - * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR - * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF - * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING - * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -/** - * \file - * - * This program delays queries made. It performs as a proxy to another - * server and delays queries to it. - */ - -#include "config.h" -#ifdef HAVE_GETOPT_H -#include -#endif -#ifdef HAVE_TIME_H -#include -#endif -#include -#include "util/net_help.h" -#include "util/config_file.h" -#include "sldns/sbuffer.h" -#include - -/** number of reads per select for delayer */ -#define TRIES_PER_SELECT 100 - -/** - * The ring buffer - */ -struct ringbuf { - /** base of buffer */ - uint8_t* buf; - /** size of buffer */ - size_t size; - /** low mark, items start here */ - size_t low; - /** high mark, items end here */ - size_t high; -}; - -/** - * List of proxy fds that return replies from the server to our clients. - */ -struct proxy { - /** the fd to listen for replies from server */ - int s; - /** last time this was used */ - struct timeval lastuse; - /** remote address */ - struct sockaddr_storage addr; - /** length of addr */ - socklen_t addr_len; - /** number of queries waiting (in total) */ - size_t numwait; - /** number of queries sent to server (in total) */ - size_t numsent; - /** numberof answers returned to client (in total) */ - size_t numreturn; - /** how many times repurposed */ - size_t numreuse; - /** next in proxylist */ - struct proxy* next; -}; - -/** - * An item that has to be TCP relayed - */ -struct tcp_send_list { - /** the data item */ - uint8_t* item; - /** size of item */ - size_t len; - /** time when the item can be transmitted on */ - struct timeval wait; - /** how much of the item has already been transmitted */ - size_t done; - /** next in list */ - struct tcp_send_list* next; -}; - -/** - * List of TCP proxy fd pairs to TCP connect client to server - */ -struct tcp_proxy { - /** the fd to listen for client query */ - int client_s; - /** the fd to listen for server answer */ - int server_s; - - /** remote client address */ - struct sockaddr_storage addr; - /** length of address */ - socklen_t addr_len; - /** timeout on this entry */ - struct timeval timeout; - - /** list of query items to send to server */ - struct tcp_send_list* querylist; - /** last in query list */ - struct tcp_send_list* querylast; - /** list of answer items to send to client */ - struct tcp_send_list* answerlist; - /** last in answerlist */ - struct tcp_send_list* answerlast; - - /** next in list */ - struct tcp_proxy* next; -}; - -/** usage information for delayer */ -static void usage(char* argv[]) -{ - printf("usage: %s [options]\n", argv[0]); - printf(" -f addr : use addr, forward to that server, @port.\n"); - printf(" -b addr : bind to this address to listen.\n"); - printf(" -p port : bind to this port (use 0 for random).\n"); - printf(" -m mem : use this much memory for waiting queries.\n"); - printf(" -d delay: UDP queries are delayed n milliseconds.\n"); - printf(" TCP is delayed twice (on send, on recv).\n"); - printf(" -h : this help message\n"); - exit(1); -} - -/** timeval compare, t1 < t2 */ -static int -dl_tv_smaller(struct timeval* t1, const struct timeval* t2) -{ -#ifndef S_SPLINT_S - if(t1->tv_sec < t2->tv_sec) - return 1; - if(t1->tv_sec == t2->tv_sec && - t1->tv_usec < t2->tv_usec) - return 1; -#endif - return 0; -} - -/** timeval add, t1 += t2 */ -static void -dl_tv_add(struct timeval* t1, const struct timeval* t2) -{ -#ifndef S_SPLINT_S - t1->tv_sec += t2->tv_sec; - t1->tv_usec += t2->tv_usec; - while(t1->tv_usec > 1000000) { - t1->tv_usec -= 1000000; - t1->tv_sec++; - } -#endif -} - -/** timeval subtract, t1 -= t2 */ -static void -dl_tv_subtract(struct timeval* t1, const struct timeval* t2) -{ -#ifndef S_SPLINT_S - t1->tv_sec -= t2->tv_sec; - if(t1->tv_usec >= t2->tv_usec) { - t1->tv_usec -= t2->tv_usec; - } else { - t1->tv_sec--; - t1->tv_usec = 1000000-(t2->tv_usec-t1->tv_usec); - } -#endif -} - - -/** create new ring buffer */ -static struct ringbuf* -ring_create(size_t sz) -{ - struct ringbuf* r = (struct ringbuf*)calloc(1, sizeof(*r)); - if(!r) fatal_exit("out of memory"); - r->buf = (uint8_t*)malloc(sz); - if(!r->buf) fatal_exit("out of memory"); - r->size = sz; - r->low = 0; - r->high = 0; - return r; -} - -/** delete ring buffer */ -static void -ring_delete(struct ringbuf* r) -{ - if(!r) return; - free(r->buf); - free(r); -} - -/** add entry to ringbuffer */ -static void -ring_add(struct ringbuf* r, sldns_buffer* pkt, struct timeval* now, - struct timeval* delay, struct proxy* p) -{ - /* time -- proxy* -- 16bitlen -- message */ - uint16_t len = (uint16_t)sldns_buffer_limit(pkt); - struct timeval when; - size_t needed; - uint8_t* where = NULL; - log_assert(sldns_buffer_limit(pkt) <= 65535); - needed = sizeof(when) + sizeof(p) + sizeof(len) + len; - /* put item into ringbuffer */ - if(r->low < r->high) { - /* used part is in the middle */ - if(r->size - r->high >= needed) { - where = r->buf + r->high; - r->high += needed; - } else if(r->low > needed) { - /* wrap around ringbuffer */ - /* make sure r->low == r->high means empty */ - /* so r->low == r->high cannot be used to signify - * a completely full ringbuf */ - if(r->size - r->high > sizeof(when)+sizeof(p)) { - /* zero entry at end of buffer */ - memset(r->buf+r->high, 0, - sizeof(when)+sizeof(p)); - } - where = r->buf; - r->high = needed; - } else { - /* drop message */ - log_warn("warning: mem full, dropped message"); - return; - } - } else { - /* empty */ - if(r->high == r->low) { - where = r->buf; - r->low = 0; - r->high = needed; - /* unused part is in the middle */ - /* so ringbuffer has wrapped around */ - } else if(r->low - r->high > needed) { - where = r->buf + r->high; - r->high += needed; - } else { - log_warn("warning: mem full, dropped message"); - return; - } - } - when = *now; - dl_tv_add(&when, delay); - /* copy it at where part */ - log_assert(where != NULL); - memmove(where, &when, sizeof(when)); - memmove(where+sizeof(when), &p, sizeof(p)); - memmove(where+sizeof(when)+sizeof(p), &len, sizeof(len)); - memmove(where+sizeof(when)+sizeof(p)+sizeof(len), - sldns_buffer_begin(pkt), len); -} - -/** see if the ringbuffer is empty */ -static int -ring_empty(struct ringbuf* r) -{ - return (r->low == r->high); -} - -/** peek at timevalue for next item in ring */ -static struct timeval* -ring_peek_time(struct ringbuf* r) -{ - if(ring_empty(r)) - return NULL; - return (struct timeval*)&r->buf[r->low]; -} - -/** get entry from ringbuffer */ -static int -ring_pop(struct ringbuf* r, sldns_buffer* pkt, struct timeval* tv, - struct proxy** p) -{ - /* time -- proxy* -- 16bitlen -- message */ - uint16_t len; - uint8_t* where = NULL; - size_t done; - if(r->low == r->high) - return 0; - where = r->buf + r->low; - memmove(tv, where, sizeof(*tv)); - memmove(p, where+sizeof(*tv), sizeof(*p)); - memmove(&len, where+sizeof(*tv)+sizeof(*p), sizeof(len)); - memmove(sldns_buffer_begin(pkt), - where+sizeof(*tv)+sizeof(*p)+sizeof(len), len); - sldns_buffer_set_limit(pkt, (size_t)len); - done = sizeof(*tv)+sizeof(*p)+sizeof(len)+len; - /* move lowmark */ - if(r->low < r->high) { - /* used part in middle */ - log_assert(r->high - r->low >= done); - r->low += done; - } else { - /* unused part in middle */ - log_assert(r->size - r->low >= done); - r->low += done; - if(r->size - r->low > sizeof(*tv)+sizeof(*p)) { - /* see if it is zeroed; means end of buffer */ - struct proxy* pz; - memmove(&pz, r->buf+r->low+sizeof(*tv), sizeof(pz)); - if(pz == NULL) - r->low = 0; - } else r->low = 0; - } - if(r->low == r->high) { - r->low = 0; /* reset if empty */ - r->high = 0; - } - return 1; -} - -/** signal handler global info */ -static volatile int do_quit = 0; - -/** signal handler for user quit */ -static RETSIGTYPE delayer_sigh(int sig) -{ - printf("exit on signal %d\n", sig); - do_quit = 1; -} - -/** send out waiting packets */ -static void -service_send(struct ringbuf* ring, struct timeval* now, sldns_buffer* pkt, - struct sockaddr_storage* srv_addr, socklen_t srv_len) -{ - struct proxy* p; - struct timeval tv; - ssize_t sent; - while(!ring_empty(ring) && - dl_tv_smaller(ring_peek_time(ring), now)) { - /* this items needs to be sent out */ - if(!ring_pop(ring, pkt, &tv, &p)) - fatal_exit("ringbuf error: pop failed"); - verbose(1, "send out query %d.%6.6d", - (unsigned)tv.tv_sec, (unsigned)tv.tv_usec); - log_addr(1, "from client", &p->addr, p->addr_len); - /* send it */ - sent = sendto(p->s, (void*)sldns_buffer_begin(pkt), - sldns_buffer_limit(pkt), 0, - (struct sockaddr*)srv_addr, srv_len); - if(sent == -1) { -#ifndef USE_WINSOCK - log_err("sendto: %s", strerror(errno)); -#else - log_err("sendto: %s", wsa_strerror(WSAGetLastError())); -#endif - } else if(sent != (ssize_t)sldns_buffer_limit(pkt)) { - log_err("sendto: partial send"); - } - p->lastuse = *now; - p->numsent++; - } -} - -/** do proxy for one readable client */ -static void -do_proxy(struct proxy* p, int retsock, sldns_buffer* pkt) -{ - int i; - ssize_t r; - for(i=0; is, (void*)sldns_buffer_begin(pkt), - sldns_buffer_capacity(pkt), 0); - if(r == -1) { -#ifndef USE_WINSOCK - if(errno == EAGAIN || errno == EINTR) - return; - log_err("recv: %s", strerror(errno)); -#else - if(WSAGetLastError() == WSAEINPROGRESS || - WSAGetLastError() == WSAEWOULDBLOCK) - return; - log_err("recv: %s", wsa_strerror(WSAGetLastError())); -#endif - return; - } - sldns_buffer_set_limit(pkt, (size_t)r); - log_addr(1, "return reply to client", &p->addr, p->addr_len); - /* send reply back to the real client */ - p->numreturn++; - r = sendto(retsock, (void*)sldns_buffer_begin(pkt), (size_t)r, - 0, (struct sockaddr*)&p->addr, p->addr_len); - if(r == -1) { -#ifndef USE_WINSOCK - log_err("sendto: %s", strerror(errno)); -#else - log_err("sendto: %s", wsa_strerror(WSAGetLastError())); -#endif - } - } -} - -/** proxy return replies to clients */ -static void -service_proxy(fd_set* rset, int retsock, struct proxy* proxies, - sldns_buffer* pkt, struct timeval* now) -{ - struct proxy* p; - for(p = proxies; p; p = p->next) { - if(FD_ISSET(p->s, rset)) { - p->lastuse = *now; - do_proxy(p, retsock, pkt); - } - } -} - -/** find or else create proxy for this remote client */ -static struct proxy* -find_create_proxy(struct sockaddr_storage* from, socklen_t from_len, - fd_set* rorig, int* max, struct proxy** proxies, int serv_ip6, - struct timeval* now, struct timeval* reuse_timeout) -{ - struct proxy* p; - struct timeval t; - for(p = *proxies; p; p = p->next) { - if(sockaddr_cmp(from, from_len, &p->addr, p->addr_len)==0) - return p; - } - /* possibly: reuse lapsed entries */ - for(p = *proxies; p; p = p->next) { - if(p->numwait > p->numsent || p->numsent > p->numreturn) - continue; - t = *now; - dl_tv_subtract(&t, &p->lastuse); - if(dl_tv_smaller(&t, reuse_timeout)) - continue; - /* yes! */ - verbose(1, "reuse existing entry"); - memmove(&p->addr, from, from_len); - p->addr_len = from_len; - p->numreuse++; - return p; - } - /* create new */ - p = (struct proxy*)calloc(1, sizeof(*p)); - if(!p) fatal_exit("out of memory"); - p->s = socket(serv_ip6?AF_INET6:AF_INET, SOCK_DGRAM, 0); - if(p->s == -1) { -#ifndef USE_WINSOCK - fatal_exit("socket: %s", strerror(errno)); -#else - fatal_exit("socket: %s", wsa_strerror(WSAGetLastError())); -#endif - } - fd_set_nonblock(p->s); - memmove(&p->addr, from, from_len); - p->addr_len = from_len; - p->next = *proxies; - *proxies = p; - FD_SET(FD_SET_T p->s, rorig); - if(p->s+1 > *max) - *max = p->s+1; - return p; -} - -/** recv new waiting packets */ -static void -service_recv(int s, struct ringbuf* ring, sldns_buffer* pkt, - fd_set* rorig, int* max, struct proxy** proxies, - struct sockaddr_storage* srv_addr, socklen_t srv_len, - struct timeval* now, struct timeval* delay, struct timeval* reuse) -{ - int i; - struct sockaddr_storage from; - socklen_t from_len; - ssize_t len; - struct proxy* p; - for(i=0; ilastuse = *now; - ring_add(ring, pkt, now, delay, p); - p->numwait++; - log_addr(1, "recv from client", &p->addr, p->addr_len); - } -} - -/** delete tcp proxy */ -static void -tcp_proxy_delete(struct tcp_proxy* p) -{ - struct tcp_send_list* s, *sn; - if(!p) - return; - log_addr(1, "delete tcp proxy", &p->addr, p->addr_len); - s = p->querylist; - while(s) { - sn = s->next; - free(s->item); - free(s); - s = sn; - } - s = p->answerlist; - while(s) { - sn = s->next; - free(s->item); - free(s); - s = sn; - } -#ifndef USE_WINSOCK - close(p->client_s); - if(p->server_s != -1) - close(p->server_s); -#else - closesocket(p->client_s); - if(p->server_s != -1) - closesocket(p->server_s); -#endif - free(p); -} - -/** accept new TCP connections, and set them up */ -static void -service_tcp_listen(int s, fd_set* rorig, int* max, struct tcp_proxy** proxies, - struct sockaddr_storage* srv_addr, socklen_t srv_len, - struct timeval* now, struct timeval* tcp_timeout) -{ - int newfd; - struct sockaddr_storage addr; - struct tcp_proxy* p; - socklen_t addr_len; - newfd = accept(s, (struct sockaddr*)&addr, &addr_len); - if(newfd == -1) { -#ifndef USE_WINSOCK - if(errno == EAGAIN || errno == EINTR) - return; - fatal_exit("accept: %s", strerror(errno)); -#else - if(WSAGetLastError() == WSAEWOULDBLOCK || - WSAGetLastError() == WSAEINPROGRESS || - WSAGetLastError() == WSAECONNRESET) - return; - fatal_exit("accept: %s", wsa_strerror(WSAGetLastError())); -#endif - } - p = (struct tcp_proxy*)calloc(1, sizeof(*p)); - if(!p) fatal_exit("out of memory"); - memmove(&p->addr, &addr, addr_len); - p->addr_len = addr_len; - log_addr(1, "new tcp proxy", &p->addr, p->addr_len); - p->client_s = newfd; - p->server_s = socket(addr_is_ip6(srv_addr, srv_len)?AF_INET6:AF_INET, - SOCK_STREAM, 0); - if(p->server_s == -1) { -#ifndef USE_WINSOCK - fatal_exit("tcp socket: %s", strerror(errno)); -#else - fatal_exit("tcp socket: %s", wsa_strerror(WSAGetLastError())); -#endif - } - fd_set_nonblock(p->client_s); - fd_set_nonblock(p->server_s); - if(connect(p->server_s, (struct sockaddr*)srv_addr, srv_len) == -1) { -#ifndef USE_WINSOCK - if(errno != EINPROGRESS) { - log_err("tcp connect: %s", strerror(errno)); - close(p->server_s); - close(p->client_s); -#else - if(WSAGetLastError() != WSAEWOULDBLOCK && - WSAGetLastError() != WSAEINPROGRESS) { - log_err("tcp connect: %s", - wsa_strerror(WSAGetLastError())); - closesocket(p->server_s); - closesocket(p->client_s); -#endif - free(p); - return; - } - } - p->timeout = *now; - dl_tv_add(&p->timeout, tcp_timeout); - - /* listen to client and server */ - FD_SET(FD_SET_T p->client_s, rorig); - FD_SET(FD_SET_T p->server_s, rorig); - if(p->client_s+1 > *max) - *max = p->client_s+1; - if(p->server_s+1 > *max) - *max = p->server_s+1; - - /* add into proxy list */ - p->next = *proxies; - *proxies = p; -} - -/** relay TCP, read a part */ -static int -tcp_relay_read(int s, struct tcp_send_list** first, - struct tcp_send_list** last, struct timeval* now, - struct timeval* delay, sldns_buffer* pkt) -{ - struct tcp_send_list* item; - ssize_t r = recv(s, (void*)sldns_buffer_begin(pkt), - sldns_buffer_capacity(pkt), 0); - if(r == -1) { -#ifndef USE_WINSOCK - if(errno == EINTR || errno == EAGAIN) - return 1; - log_err("tcp read: %s", strerror(errno)); -#else - if(WSAGetLastError() == WSAEINPROGRESS || - WSAGetLastError() == WSAEWOULDBLOCK) - return 1; - log_err("tcp read: %s", wsa_strerror(WSAGetLastError())); -#endif - return 0; - } else if(r == 0) { - /* connection closed */ - return 0; - } - item = (struct tcp_send_list*)malloc(sizeof(*item)); - if(!item) { - log_err("out of memory"); - return 0; - } - verbose(1, "read item len %d", (int)r); - item->len = (size_t)r; - item->item = memdup(sldns_buffer_begin(pkt), item->len); - if(!item->item) { - free(item); - log_err("out of memory"); - return 0; - } - item->done = 0; - item->wait = *now; - dl_tv_add(&item->wait, delay); - item->next = NULL; - - /* link in */ - if(*first) { - (*last)->next = item; - } else { - *first = item; - } - *last = item; - return 1; -} - -/** relay TCP, write a part */ -static int -tcp_relay_write(int s, struct tcp_send_list** first, - struct tcp_send_list** last, struct timeval* now) -{ - ssize_t r; - struct tcp_send_list* p; - while(*first) { - p = *first; - /* is the item ready? */ - if(!dl_tv_smaller(&p->wait, now)) - return 1; - /* write it */ - r = send(s, (void*)(p->item + p->done), p->len - p->done, 0); - if(r == -1) { -#ifndef USE_WINSOCK - if(errno == EAGAIN || errno == EINTR) - return 1; - log_err("tcp write: %s", strerror(errno)); -#else - if(WSAGetLastError() == WSAEWOULDBLOCK || - WSAGetLastError() == WSAEINPROGRESS) - return 1; - log_err("tcp write: %s", - wsa_strerror(WSAGetLastError())); -#endif - return 0; - } else if(r == 0) { - /* closed */ - return 0; - } - /* account it */ - p->done += (size_t)r; - verbose(1, "write item %d of %d", (int)p->done, (int)p->len); - if(p->done >= p->len) { - free(p->item); - *first = p->next; - if(!*first) - *last = NULL; - free(p); - } else { - /* partial write */ - return 1; - } - } - return 1; -} - -/** perform TCP relaying */ -static void -service_tcp_relay(struct tcp_proxy** tcp_proxies, struct timeval* now, - struct timeval* delay, struct timeval* tcp_timeout, sldns_buffer* pkt, - fd_set* rset, fd_set* rorig, fd_set* worig) -{ - struct tcp_proxy* p, **prev; - struct timeval tout; - int delete_it; - p = *tcp_proxies; - prev = tcp_proxies; - tout = *now; - dl_tv_add(&tout, tcp_timeout); - - while(p) { - delete_it = 0; - /* can we receive further queries? */ - if(!delete_it && FD_ISSET(p->client_s, rset)) { - p->timeout = tout; - log_addr(1, "read tcp query", &p->addr, p->addr_len); - if(!tcp_relay_read(p->client_s, &p->querylist, - &p->querylast, now, delay, pkt)) - delete_it = 1; - } - /* can we receive further answers? */ - if(!delete_it && p->server_s != -1 && - FD_ISSET(p->server_s, rset)) { - p->timeout = tout; - log_addr(1, "read tcp answer", &p->addr, p->addr_len); - if(!tcp_relay_read(p->server_s, &p->answerlist, - &p->answerlast, now, delay, pkt)) { -#ifndef USE_WINSOCK - close(p->server_s); -#else - closesocket(p->server_s); -#endif - FD_CLR(FD_SET_T p->server_s, worig); - FD_CLR(FD_SET_T p->server_s, rorig); - p->server_s = -1; - } - } - /* can we send on further queries */ - if(!delete_it && p->querylist && p->server_s != -1) { - p->timeout = tout; - if(dl_tv_smaller(&p->querylist->wait, now)) - log_addr(1, "write tcp query", - &p->addr, p->addr_len); - if(!tcp_relay_write(p->server_s, &p->querylist, - &p->querylast, now)) - delete_it = 1; - if(p->querylist && p->server_s != -1 && - dl_tv_smaller(&p->querylist->wait, now)) - FD_SET(FD_SET_T p->server_s, worig); - else FD_CLR(FD_SET_T p->server_s, worig); - } - - /* can we send on further answers */ - if(!delete_it && p->answerlist) { - p->timeout = tout; - if(dl_tv_smaller(&p->answerlist->wait, now)) - log_addr(1, "write tcp answer", - &p->addr, p->addr_len); - if(!tcp_relay_write(p->client_s, &p->answerlist, - &p->answerlast, now)) - delete_it = 1; - if(p->answerlist && dl_tv_smaller(&p->answerlist->wait, - now)) - FD_SET(FD_SET_T p->client_s, worig); - else FD_CLR(FD_SET_T p->client_s, worig); - if(!p->answerlist && p->server_s == -1) - delete_it = 1; - } - - /* does this entry timeout? (unused too long) */ - if(dl_tv_smaller(&p->timeout, now)) { - delete_it = 1; - } - if(delete_it) { - struct tcp_proxy* np = p->next; - *prev = np; - FD_CLR(FD_SET_T p->client_s, rorig); - FD_CLR(FD_SET_T p->client_s, worig); - if(p->server_s != -1) { - FD_CLR(FD_SET_T p->server_s, rorig); - FD_CLR(FD_SET_T p->server_s, worig); - } - tcp_proxy_delete(p); - p = np; - continue; - } - - prev = &p->next; - p = p->next; - } -} - -/** find waiting time */ -static int -service_findwait(struct timeval* now, struct timeval* wait, - struct ringbuf* ring, struct tcp_proxy* tcplist) -{ - /* first item is the time to wait */ - struct timeval* peek = ring_peek_time(ring); - struct timeval tcv; - int have_tcpval = 0; - struct tcp_proxy* p; - - /* also for TCP list the first in sendlists is the time to wait */ - for(p=tcplist; p; p=p->next) { - if(!have_tcpval) - tcv = p->timeout; - have_tcpval = 1; - if(dl_tv_smaller(&p->timeout, &tcv)) - tcv = p->timeout; - if(p->querylist && dl_tv_smaller(&p->querylist->wait, &tcv)) - tcv = p->querylist->wait; - if(p->answerlist && dl_tv_smaller(&p->answerlist->wait, &tcv)) - tcv = p->answerlist->wait; - } - if(peek) { - /* peek can be unaligned */ - /* use wait as a temp variable */ - memmove(wait, peek, sizeof(*wait)); - if(!have_tcpval) - tcv = *wait; - else if(dl_tv_smaller(wait, &tcv)) - tcv = *wait; - have_tcpval = 1; - } - if(have_tcpval) { - *wait = tcv; - dl_tv_subtract(wait, now); - return 1; - } - /* nothing, block */ - return 0; -} - -/** clear proxy list */ -static void -proxy_list_clear(struct proxy* p) -{ - char from[109]; - struct proxy* np; - int i=0, port; - while(p) { - np = p->next; - port = (int)ntohs(((struct sockaddr_in*)&p->addr)->sin_port); - if(addr_is_ip6(&p->addr, p->addr_len)) { - if(inet_ntop(AF_INET6, - &((struct sockaddr_in6*)&p->addr)->sin6_addr, - from, (socklen_t)sizeof(from)) == 0) - (void)strlcpy(from, "err", sizeof(from)); - } else { - if(inet_ntop(AF_INET, - &((struct sockaddr_in*)&p->addr)->sin_addr, - from, (socklen_t)sizeof(from)) == 0) - (void)strlcpy(from, "err", sizeof(from)); - } - printf("client[%d]: last %s@%d of %d : %u in, %u out, " - "%u returned\n", i++, from, port, (int)p->numreuse+1, - (unsigned)p->numwait, (unsigned)p->numsent, - (unsigned)p->numreturn); -#ifndef USE_WINSOCK - close(p->s); -#else - closesocket(p->s); -#endif - free(p); - p = np; - } -} - -/** clear TCP proxy list */ -static void -tcp_proxy_list_clear(struct tcp_proxy* p) -{ - struct tcp_proxy* np; - while(p) { - np = p->next; - tcp_proxy_delete(p); - p = np; - } -} - -/** delayer service loop */ -static void -service_loop(int udp_s, int listen_s, struct ringbuf* ring, - struct timeval* delay, struct timeval* reuse, - struct sockaddr_storage* srv_addr, socklen_t srv_len, - sldns_buffer* pkt) -{ - fd_set rset, rorig; - fd_set wset, worig; - struct timeval now, wait; - int max, have_wait = 0; - struct proxy* proxies = NULL; - struct tcp_proxy* tcp_proxies = NULL; - struct timeval tcp_timeout; - tcp_timeout.tv_sec = 120; - tcp_timeout.tv_usec = 0; -#ifndef S_SPLINT_S - FD_ZERO(&rorig); - FD_ZERO(&worig); - FD_SET(FD_SET_T udp_s, &rorig); - FD_SET(FD_SET_T listen_s, &rorig); -#endif - max = udp_s + 1; - if(listen_s + 1 > max) max = listen_s + 1; - while(!do_quit) { - /* wait for events */ - rset = rorig; - wset = worig; - if(have_wait) - verbose(1, "wait for %d.%6.6d", - (unsigned)wait.tv_sec, (unsigned)wait.tv_usec); - else verbose(1, "wait"); - if(select(max, &rset, &wset, NULL, have_wait?&wait:NULL) < 0) { - if(errno == EAGAIN || errno == EINTR) - continue; - fatal_exit("select: %s", strerror(errno)); - } - /* get current time */ - if(gettimeofday(&now, NULL) < 0) { - if(errno == EAGAIN || errno == EINTR) - continue; - fatal_exit("gettimeofday: %s", strerror(errno)); - } - verbose(1, "process at %u.%6.6u\n", - (unsigned)now.tv_sec, (unsigned)now.tv_usec); - /* sendout delayed queries to master server (frees up buffer)*/ - service_send(ring, &now, pkt, srv_addr, srv_len); - /* proxy return replies */ - service_proxy(&rset, udp_s, proxies, pkt, &now); - /* see what can be received to start waiting */ - service_recv(udp_s, ring, pkt, &rorig, &max, &proxies, - srv_addr, srv_len, &now, delay, reuse); - /* see if there are new tcp connections */ - service_tcp_listen(listen_s, &rorig, &max, &tcp_proxies, - srv_addr, srv_len, &now, &tcp_timeout); - /* service tcp connections */ - service_tcp_relay(&tcp_proxies, &now, delay, &tcp_timeout, - pkt, &rset, &rorig, &worig); - /* see what next timeout is (if any) */ - have_wait = service_findwait(&now, &wait, ring, tcp_proxies); - } - proxy_list_clear(proxies); - tcp_proxy_list_clear(tcp_proxies); -} - -/** delayer main service routine */ -static void -service(const char* bind_str, int bindport, const char* serv_str, - size_t memsize, int delay_msec) -{ - struct sockaddr_storage bind_addr, srv_addr; - socklen_t bind_len, srv_len; - struct ringbuf* ring = ring_create(memsize); - struct timeval delay, reuse; - sldns_buffer* pkt; - int i, s, listen_s; -#ifndef S_SPLINT_S - delay.tv_sec = delay_msec / 1000; - delay.tv_usec = (delay_msec % 1000)*1000; -#endif - reuse = delay; /* reuse is max(4*delay, 1 second) */ - dl_tv_add(&reuse, &delay); - dl_tv_add(&reuse, &delay); - dl_tv_add(&reuse, &delay); - if(reuse.tv_sec == 0) - reuse.tv_sec = 1; - if(!extstrtoaddr(serv_str, &srv_addr, &srv_len)) { - printf("cannot parse forward address: %s\n", serv_str); - exit(1); - } - pkt = sldns_buffer_new(65535); - if(!pkt) - fatal_exit("out of memory"); - if( signal(SIGINT, delayer_sigh) == SIG_ERR || -#ifdef SIGHUP - signal(SIGHUP, delayer_sigh) == SIG_ERR || -#endif -#ifdef SIGQUIT - signal(SIGQUIT, delayer_sigh) == SIG_ERR || -#endif -#ifdef SIGBREAK - signal(SIGBREAK, delayer_sigh) == SIG_ERR || -#endif -#ifdef SIGALRM - signal(SIGALRM, delayer_sigh) == SIG_ERR || -#endif - signal(SIGTERM, delayer_sigh) == SIG_ERR) - fatal_exit("could not bind to signal"); - /* bind UDP port */ - if((s = socket(str_is_ip6(bind_str)?AF_INET6:AF_INET, - SOCK_DGRAM, 0)) == -1) { -#ifndef USE_WINSOCK - fatal_exit("socket: %s", strerror(errno)); -#else - fatal_exit("socket: %s", wsa_strerror(WSAGetLastError())); -#endif - } - i=0; - if(bindport == 0) { - bindport = 1024 + arc4random()%64000; - i = 100; - } - while(1) { - if(!ipstrtoaddr(bind_str, bindport, &bind_addr, &bind_len)) { - printf("cannot parse listen address: %s\n", bind_str); - exit(1); - } - if(bind(s, (struct sockaddr*)&bind_addr, bind_len) == -1) { -#ifndef USE_WINSOCK - log_err("bind: %s", strerror(errno)); -#else - log_err("bind: %s", wsa_strerror(WSAGetLastError())); -#endif - if(i--==0) - fatal_exit("cannot bind any port"); - bindport = 1024 + arc4random()%64000; - } else break; - } - fd_set_nonblock(s); - /* and TCP port */ - if((listen_s = socket(str_is_ip6(bind_str)?AF_INET6:AF_INET, - SOCK_STREAM, 0)) == -1) { -#ifndef USE_WINSOCK - fatal_exit("tcp socket: %s", strerror(errno)); -#else - fatal_exit("tcp socket: %s", wsa_strerror(WSAGetLastError())); -#endif - } -#ifdef SO_REUSEADDR - if(1) { - int on = 1; - if(setsockopt(listen_s, SOL_SOCKET, SO_REUSEADDR, (void*)&on, - (socklen_t)sizeof(on)) < 0) -#ifndef USE_WINSOCK - fatal_exit("setsockopt(.. SO_REUSEADDR ..) failed: %s", - strerror(errno)); -#else - fatal_exit("setsockopt(.. SO_REUSEADDR ..) failed: %s", - wsa_strerror(WSAGetLastError())); -#endif - } -#endif - if(bind(listen_s, (struct sockaddr*)&bind_addr, bind_len) == -1) { -#ifndef USE_WINSOCK - fatal_exit("tcp bind: %s", strerror(errno)); -#else - fatal_exit("tcp bind: %s", wsa_strerror(WSAGetLastError())); -#endif - } - if(listen(listen_s, 5) == -1) { -#ifndef USE_WINSOCK - fatal_exit("tcp listen: %s", strerror(errno)); -#else - fatal_exit("tcp listen: %s", wsa_strerror(WSAGetLastError())); -#endif - } - fd_set_nonblock(listen_s); - printf("listening on port: %d\n", bindport); - - /* process loop */ - do_quit = 0; - service_loop(s, listen_s, ring, &delay, &reuse, &srv_addr, srv_len, - pkt); - - /* cleanup */ - verbose(1, "cleanup"); -#ifndef USE_WINSOCK - close(s); - close(listen_s); -#else - closesocket(s); - closesocket(listen_s); -#endif - sldns_buffer_free(pkt); - ring_delete(ring); -} - -/** getopt global, in case header files fail to declare it. */ -extern int optind; -/** getopt global, in case header files fail to declare it. */ -extern char* optarg; - -/** main program for delayer */ -int main(int argc, char** argv) -{ - int c; /* defaults */ - const char* server = "127.0.0.1@53"; - const char* bindto = "0.0.0.0"; - int bindport = 0; - size_t memsize = 10*1024*1024; - int delay = 100; - - verbosity = 0; - log_init(0, 0, 0); - log_ident_set("delayer"); - if(argc == 1) usage(argv); - while( (c=getopt(argc, argv, "b:d:f:hm:p:")) != -1) { - switch(c) { - case 'b': - bindto = optarg; - break; - case 'd': - if(atoi(optarg)==0 && strcmp(optarg,"0")!=0) { - printf("bad delay: %s\n", optarg); - return 1; - } - delay = atoi(optarg); - break; - case 'f': - server = optarg; - break; - case 'm': - if(!cfg_parse_memsize(optarg, &memsize)) { - printf("bad memsize: %s\n", optarg); - return 1; - } - break; - case 'p': - if(atoi(optarg)==0 && strcmp(optarg,"0")!=0) { - printf("bad port nr: %s\n", optarg); - return 1; - } - bindport = atoi(optarg); - break; - case 'h': - case '?': - default: - usage(argv); - } - } - argc -= optind; - argv += optind; - if(argc != 0) - usage(argv); - - printf("bind to %s @ %d and forward to %s after %d msec\n", - bindto, bindport, server, delay); - service(bindto, bindport, server, memsize, delay); - return 0; -} diff --git a/external/unbound/testcode/do-tests.sh b/external/unbound/testcode/do-tests.sh deleted file mode 100755 index e356d4fc3..000000000 --- a/external/unbound/testcode/do-tests.sh +++ /dev/null @@ -1,63 +0,0 @@ -#!/usr/bin/env bash -. testdata/common.sh - -NEED_SPLINT='00-lint.tpkg' -NEED_DOXYGEN='01-doc.tpkg' -NEED_XXD='fwd_compress_c00c.tpkg fwd_zero.tpkg' -NEED_NC='fwd_compress_c00c.tpkg fwd_zero.tpkg' -NEED_CURL='06-ianaports.tpkg root_anchor.tpkg' -NEED_WHOAMI='07-confroot.tpkg' -NEED_IPV6='fwd_ancil.tpkg fwd_tcp_tc6.tpkg stub_udp6.tpkg edns_cache.tpkg' -NEED_NOMINGW='tcp_sigpipe.tpkg 07-confroot.tpkg 08-host-lib.tpkg fwd_ancil.tpkg' -NEED_DNSCRYPT_PROXY='dnscrypt_queries.tpkg' - -# test if dig and ldns-testns are available. -test_tool_avail "dig" -test_tool_avail "ldns-testns" - -# test for ipv6, uses streamtcp peculiarity. -if ./streamtcp -f ::1 2>&1 | grep "not supported" >/dev/null 2>&1; then - HAVE_IPV6=no -else - HAVE_IPV6=yes -fi - -# test mingw. no signals and so on. -if uname | grep MINGW >/dev/null; then - HAVE_MINGW=yes -else - HAVE_MINGW=no -fi - -cd testdata; -sh ../testcode/mini_tpkg.sh clean -rm -f .perfstats.txt -for test in `ls *.tpkg`; do - SKIP=0 - skip_if_in_list $test "$NEED_SPLINT" "splint" - skip_if_in_list $test "$NEED_DOXYGEN" "doxygen" - skip_if_in_list $test "$NEED_CURL" "curl" - skip_if_in_list $test "$NEED_XXD" "xxd" - skip_if_in_list $test "$NEED_NC" "nc" - skip_if_in_list $test "$NEED_WHOAMI" "whoami" - skip_if_in_list $test "$NEED_DNSCRYPT_PROXY" "dnscrypt-proxy" - - if echo $NEED_IPV6 | grep $test >/dev/null; then - if test "$HAVE_IPV6" = no; then - SKIP=1; - fi - fi - if echo $NEED_NOMINGW | grep $test >/dev/null; then - if test "$HAVE_MINGW" = yes; then - SKIP=1; - fi - fi - if test $SKIP -eq 0; then - echo $test - sh ../testcode/mini_tpkg.sh -a ../.. exe $test - else - echo "skip $test" - fi -done -sh ../testcode/mini_tpkg.sh report -cat .perfstats.txt diff --git a/external/unbound/testcode/fake_event.c b/external/unbound/testcode/fake_event.c deleted file mode 100644 index 154013a8c..000000000 --- a/external/unbound/testcode/fake_event.c +++ /dev/null @@ -1,1423 +0,0 @@ -/* - * testcode/fake_event.c - fake event handling that replays existing scenario. - * - * Copyright (c) 2007, NLnet Labs. All rights reserved. - * - * This software is open source. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * Redistributions of source code must retain the above copyright notice, - * this list of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, - * this list of conditions and the following disclaimer in the documentation - * and/or other materials provided with the distribution. - * - * Neither the name of the NLNET LABS nor the names of its contributors may - * be used to endorse or promote products derived from this software without - * specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR - * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT - * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED - * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR - * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF - * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING - * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -/** - * \file - * Event service that replays a scenario. - * This implements the same exported symbols as the files: - * util/netevent.c - * services/listen_dnsport.c - * services/outside_network.c - * But these do not actually access the network or events, instead - * the scenario is played. - */ - -#include "config.h" -#include "testcode/fake_event.h" -#include "util/netevent.h" -#include "util/net_help.h" -#include "util/data/msgparse.h" -#include "util/data/msgreply.h" -#include "util/data/msgencode.h" -#include "util/data/dname.h" -#include "util/config_file.h" -#include "services/listen_dnsport.h" -#include "services/outside_network.h" -#include "services/cache/infra.h" -#include "testcode/replay.h" -#include "testcode/testpkts.h" -#include "util/log.h" -#include "util/fptr_wlist.h" -#include "sldns/sbuffer.h" -#include "sldns/wire2str.h" -#include "sldns/str2wire.h" -#include -struct worker; -struct daemon_remote; - -/** Global variable: the scenario. Saved here for when event_init is done. */ -static struct replay_scenario* saved_scenario = NULL; - -/** add timers and the values do not overflow or become negative */ -static void -timeval_add(struct timeval* d, const struct timeval* add) -{ -#ifndef S_SPLINT_S - d->tv_sec += add->tv_sec; - d->tv_usec += add->tv_usec; - if(d->tv_usec > 1000000) { - d->tv_usec -= 1000000; - d->tv_sec++; - } -#endif -} - -void -fake_temp_file(const char* adj, const char* id, char* buf, size_t len) -{ -#ifdef USE_WINSOCK - snprintf(buf, len, "testbound_%u%s%s.tmp", - (unsigned)getpid(), adj, id); -#else - snprintf(buf, len, "/tmp/testbound_%u%s%s.tmp", - (unsigned)getpid(), adj, id); -#endif -} - -void -fake_event_init(struct replay_scenario* scen) -{ - saved_scenario = scen; -} - -void -fake_event_cleanup(void) -{ - replay_scenario_delete(saved_scenario); - saved_scenario = NULL; -} - -/** helper function that logs a sldns_pkt packet to logfile */ -static void -log_pkt(const char* desc, uint8_t* pkt, size_t len) -{ - char* str = sldns_wire2str_pkt(pkt, len); - if(!str) - fatal_exit("%s: (failed out of memory wire2str_pkt)", desc); - else { - log_info("%s%s", desc, str); - free(str); - } -} - -/** - * Returns a string describing the event type. - */ -static const char* -repevt_string(enum replay_event_type t) -{ - switch(t) { - case repevt_nothing: return "NOTHING"; - case repevt_front_query: return "QUERY"; - case repevt_front_reply: return "CHECK_ANSWER"; - case repevt_timeout: return "TIMEOUT"; - case repevt_time_passes: return "TIME_PASSES"; - case repevt_back_reply: return "REPLY"; - case repevt_back_query: return "CHECK_OUT_QUERY"; - case repevt_autotrust_check: return "CHECK_AUTOTRUST"; - case repevt_error: return "ERROR"; - case repevt_assign: return "ASSIGN"; - case repevt_traffic: return "TRAFFIC"; - case repevt_infra_rtt: return "INFRA_RTT"; - default: return "UNKNOWN"; - } -} - -/** delete a fake pending */ -static void -delete_fake_pending(struct fake_pending* pend) -{ - if(!pend) - return; - free(pend->zone); - sldns_buffer_free(pend->buffer); - free(pend->pkt); - free(pend); -} - -/** delete a replay answer */ -static void -delete_replay_answer(struct replay_answer* a) -{ - if(!a) - return; - if(a->repinfo.c) { - sldns_buffer_free(a->repinfo.c->buffer); - free(a->repinfo.c); - } - free(a->pkt); - free(a); -} - -/** - * return: true if pending query matches the now event. - */ -static int -pending_matches_current(struct replay_runtime* runtime, - struct entry** entry, struct fake_pending **pend) -{ - struct fake_pending* p; - struct entry* e; - if(!runtime->now || runtime->now->evt_type != repevt_back_query - || !runtime->pending_list) - return 0; - /* see if any of the pending queries matches */ - for(p = runtime->pending_list; p; p = p->next) { - if(runtime->now->addrlen != 0 && - sockaddr_cmp(&p->addr, p->addrlen, &runtime->now->addr, - runtime->now->addrlen) != 0) - continue; - if((e=find_match(runtime->now->match, p->pkt, p->pkt_len, - p->transport))) { - *entry = e; - *pend = p; - return 1; - } - } - return 0; -} - -/** - * Find the range that matches this pending message. - * @param runtime: runtime with current moment, and range list. - * @param entry: returns the pointer to entry that matches. - * @param pend: the pending that the entry must match. - * @return: true if a match is found. - */ -static int -pending_find_match(struct replay_runtime* runtime, struct entry** entry, - struct fake_pending* pend) -{ - int timenow = runtime->now->time_step; - struct replay_range* p = runtime->scenario->range_list; - while(p) { - if(p->start_step <= timenow && timenow <= p->end_step && - (p->addrlen == 0 || sockaddr_cmp(&p->addr, p->addrlen, - &pend->addr, pend->addrlen) == 0) && - (*entry = find_match(p->match, pend->pkt, pend->pkt_len, - pend->transport))) { - log_info("matched query time %d in range [%d, %d] " - "with entry line %d", timenow, - p->start_step, p->end_step, (*entry)->lineno); - if(p->addrlen != 0) - log_addr(0, "matched ip", &p->addr, p->addrlen); - log_pkt("matched pkt: ", - (*entry)->reply_list->reply_pkt, - (*entry)->reply_list->reply_len); - return 1; - } - p = p->next_range; - } - return 0; -} - -/** - * See if outgoing pending query matches an entry. - * @param runtime: runtime. - * @param entry: if true, the entry that matches is returned. - * @param pend: if true, the outgoing message that matches is returned. - * @return: true if pending query matches the now event. - */ -static int -pending_matches_range(struct replay_runtime* runtime, - struct entry** entry, struct fake_pending** pend) -{ - struct fake_pending* p = runtime->pending_list; - /* slow, O(N*N), but it works as advertised with weird matching */ - while(p) { - log_info("check of pending"); - if(pending_find_match(runtime, entry, p)) { - *pend = p; - return 1; - } - p = p->next; - } - return 0; -} - -/** - * Remove the item from the pending list. - */ -static void -pending_list_delete(struct replay_runtime* runtime, struct fake_pending* pend) -{ - struct fake_pending** prev = &runtime->pending_list; - struct fake_pending* p = runtime->pending_list; - - while(p) { - if(p == pend) { - *prev = p->next; - delete_fake_pending(pend); - return; - } - - prev = &p->next; - p = p->next; - } -} - -/** - * Fill buffer with reply from the entry. - */ -static void -fill_buffer_with_reply(sldns_buffer* buffer, struct entry* entry, uint8_t* q, - size_t qlen) -{ - uint8_t* c; - size_t clen; - log_assert(entry && entry->reply_list); - sldns_buffer_clear(buffer); - if(entry->reply_list->reply_from_hex) { - c = sldns_buffer_begin(entry->reply_list->reply_from_hex); - clen = sldns_buffer_limit(entry->reply_list->reply_from_hex); - if(!c) fatal_exit("out of memory"); - } else { - c = entry->reply_list->reply_pkt; - clen = entry->reply_list->reply_len; - } - if(c) { - if(q) adjust_packet(entry, &c, &clen, q, qlen); - sldns_buffer_write(buffer, c, clen); - if(q) free(c); - } - sldns_buffer_flip(buffer); -} - -/** - * Perform range entry on pending message. - * @param runtime: runtime buffer size preference. - * @param entry: entry that codes for the reply to do. - * @param pend: pending query that is answered, callback called. - */ -static void -answer_callback_from_entry(struct replay_runtime* runtime, - struct entry* entry, struct fake_pending* pend) -{ - struct comm_point c; - struct comm_reply repinfo; - void* cb_arg = pend->cb_arg; - comm_point_callback_type* cb = pend->callback; - - memset(&c, 0, sizeof(c)); - c.fd = -1; - c.buffer = sldns_buffer_new(runtime->bufsize); - c.type = comm_udp; - if(pend->transport == transport_tcp) - c.type = comm_tcp; - fill_buffer_with_reply(c.buffer, entry, pend->pkt, pend->pkt_len); - repinfo.c = &c; - repinfo.addrlen = pend->addrlen; - memcpy(&repinfo.addr, &pend->addr, pend->addrlen); - if(!pend->serviced) - pending_list_delete(runtime, pend); - if((*cb)(&c, cb_arg, NETEVENT_NOERROR, &repinfo)) { - fatal_exit("testbound: unexpected: callback returned 1"); - } - sldns_buffer_free(c.buffer); -} - -/** Check the now moment answer check event */ -static void -answer_check_it(struct replay_runtime* runtime) -{ - struct replay_answer* ans = runtime->answer_list, - *prev = NULL; - log_assert(runtime && runtime->now && - runtime->now->evt_type == repevt_front_reply); - while(ans) { - enum transport_type tr = transport_tcp; - if(ans->repinfo.c->type == comm_udp) - tr = transport_udp; - if((runtime->now->addrlen == 0 || sockaddr_cmp( - &runtime->now->addr, runtime->now->addrlen, - &ans->repinfo.addr, ans->repinfo.addrlen) == 0) && - find_match(runtime->now->match, ans->pkt, - ans->pkt_len, tr)) { - log_info("testbound matched event entry from line %d", - runtime->now->match->lineno); - log_info("testbound: do STEP %d %s", - runtime->now->time_step, - repevt_string(runtime->now->evt_type)); - if(prev) - prev->next = ans->next; - else runtime->answer_list = ans->next; - if(!ans->next) - runtime->answer_last = prev; - delete_replay_answer(ans); - return; - } else { - prev = ans; - ans = ans->next; - } - } - log_info("testbound: do STEP %d %s", runtime->now->time_step, - repevt_string(runtime->now->evt_type)); - fatal_exit("testbound: not matched"); -} - -/** - * Create commpoint (as return address) for a fake incoming query. - */ -static void -fake_front_query(struct replay_runtime* runtime, struct replay_moment *todo) -{ - struct comm_reply repinfo; - memset(&repinfo, 0, sizeof(repinfo)); - repinfo.c = (struct comm_point*)calloc(1, sizeof(struct comm_point)); - repinfo.addrlen = (socklen_t)sizeof(struct sockaddr_in); - if(todo->addrlen != 0) { - repinfo.addrlen = todo->addrlen; - memcpy(&repinfo.addr, &todo->addr, todo->addrlen); - } - repinfo.c->fd = -1; - repinfo.c->ev = (struct internal_event*)runtime; - repinfo.c->buffer = sldns_buffer_new(runtime->bufsize); - if(todo->match->match_transport == transport_tcp) - repinfo.c->type = comm_tcp; - else repinfo.c->type = comm_udp; - fill_buffer_with_reply(repinfo.c->buffer, todo->match, NULL, 0); - log_info("testbound: incoming QUERY"); - log_pkt("query pkt", todo->match->reply_list->reply_pkt, - todo->match->reply_list->reply_len); - /* call the callback for incoming queries */ - if((*runtime->callback_query)(repinfo.c, runtime->cb_arg, - NETEVENT_NOERROR, &repinfo)) { - /* send immediate reply */ - comm_point_send_reply(&repinfo); - } - /* clear it again, in case copy not done properly */ - memset(&repinfo, 0, sizeof(repinfo)); -} - -/** - * Perform callback for fake pending message. - */ -static void -fake_pending_callback(struct replay_runtime* runtime, - struct replay_moment* todo, int error) -{ - struct fake_pending* p = runtime->pending_list; - struct comm_reply repinfo; - struct comm_point c; - void* cb_arg; - comm_point_callback_type* cb; - - memset(&c, 0, sizeof(c)); - if(!p) fatal_exit("No pending queries."); - cb_arg = p->cb_arg; - cb = p->callback; - c.buffer = sldns_buffer_new(runtime->bufsize); - c.type = comm_udp; - if(p->transport == transport_tcp) - c.type = comm_tcp; - if(todo->evt_type == repevt_back_reply && todo->match) { - fill_buffer_with_reply(c.buffer, todo->match, p->pkt, - p->pkt_len); - } - repinfo.c = &c; - repinfo.addrlen = p->addrlen; - memcpy(&repinfo.addr, &p->addr, p->addrlen); - if(!p->serviced) - pending_list_delete(runtime, p); - if((*cb)(&c, cb_arg, error, &repinfo)) { - fatal_exit("unexpected: pending callback returned 1"); - } - /* delete the pending item. */ - sldns_buffer_free(c.buffer); -} - -/** pass time */ -static void -moment_assign(struct replay_runtime* runtime, struct replay_moment* mom) -{ - char* value = macro_process(runtime->vars, runtime, mom->string); - if(!value) - fatal_exit("could not process macro step %d", mom->time_step); - log_info("assign %s = %s", mom->variable, value); - if(!macro_assign(runtime->vars, mom->variable, value)) - fatal_exit("out of memory storing macro"); - free(value); - if(verbosity >= VERB_ALGO) - macro_print_debug(runtime->vars); -} - -/** pass time */ -static void -time_passes(struct replay_runtime* runtime, struct replay_moment* mom) -{ - struct fake_timer *t; - struct timeval tv = mom->elapse; - if(mom->string) { - char* xp = macro_process(runtime->vars, runtime, mom->string); - double sec; - if(!xp) fatal_exit("could not macro expand %s", mom->string); - verbose(VERB_ALGO, "EVAL %s", mom->string); - sec = atof(xp); - free(xp); -#ifndef S_SPLINT_S - tv.tv_sec = sec; - tv.tv_usec = (int)((sec - (double)tv.tv_sec) *1000000. + 0.5); -#endif - } - timeval_add(&runtime->now_tv, &tv); - runtime->now_secs = (time_t)runtime->now_tv.tv_sec; -#ifndef S_SPLINT_S - log_info("elapsed %d.%6.6d now %d.%6.6d", - (int)tv.tv_sec, (int)tv.tv_usec, - (int)runtime->now_tv.tv_sec, (int)runtime->now_tv.tv_usec); -#endif - /* see if any timers have fired; and run them */ - while( (t=replay_get_oldest_timer(runtime)) ) { - t->enabled = 0; - log_info("fake_timer callback"); - fptr_ok(fptr_whitelist_comm_timer(t->cb)); - (*t->cb)(t->cb_arg); - } -} - -/** check autotrust file contents */ -static void -autotrust_check(struct replay_runtime* runtime, struct replay_moment* mom) -{ - char name[1024], line[1024]; - FILE *in; - int lineno = 0, oke=1; - char* expanded; - struct config_strlist* p; - line[sizeof(line)-1] = 0; - log_assert(mom->autotrust_id); - fake_temp_file("_auto_", mom->autotrust_id, name, sizeof(name)); - in = fopen(name, "r"); - if(!in) fatal_exit("could not open %s: %s", name, strerror(errno)); - for(p=mom->file_content; p; p=p->next) { - lineno++; - if(!fgets(line, (int)sizeof(line)-1, in)) { - log_err("autotrust check failed, could not read line"); - log_err("file %s, line %d", name, lineno); - log_err("should be: %s", p->str); - fatal_exit("autotrust_check failed"); - } - if(line[0]) line[strlen(line)-1] = 0; /* remove newline */ - expanded = macro_process(runtime->vars, runtime, p->str); - if(!expanded) - fatal_exit("could not expand macro line %d", lineno); - if(verbosity >= 7 && strcmp(p->str, expanded) != 0) - log_info("expanded '%s' to '%s'", p->str, expanded); - if(strcmp(expanded, line) != 0) { - log_err("mismatch in file %s, line %d", name, lineno); - log_err("file has : %s", line); - log_err("should be: %s", expanded); - free(expanded); - oke = 0; - continue; - } - free(expanded); - fprintf(stderr, "%s:%2d ok : %s\n", name, lineno, line); - } - if(fgets(line, (int)sizeof(line)-1, in)) { - log_err("autotrust check failed, extra lines in %s after %d", - name, lineno); - do { - fprintf(stderr, "file has: %s", line); - } while(fgets(line, (int)sizeof(line)-1, in)); - oke = 0; - } - fclose(in); - if(!oke) - fatal_exit("autotrust_check STEP %d failed", mom->time_step); - log_info("autotrust %s is OK", mom->autotrust_id); -} - -/** Store RTT in infra cache */ -static void -do_infra_rtt(struct replay_runtime* runtime) -{ - struct replay_moment* now = runtime->now; - int rto; - size_t dplen = 0; - uint8_t* dp = sldns_str2wire_dname(now->variable, &dplen); - if(!dp) fatal_exit("cannot parse %s", now->variable); - rto = infra_rtt_update(runtime->infra, &now->addr, now->addrlen, - dp, dplen, LDNS_RR_TYPE_A, atoi(now->string), - -1, runtime->now_secs); - log_addr(0, "INFRA_RTT for", &now->addr, now->addrlen); - log_info("INFRA_RTT(%s roundtrip %d): rto of %d", now->variable, - atoi(now->string), rto); - if(rto == 0) fatal_exit("infra_rtt_update failed"); - free(dp); -} - -/** perform exponential backoff on the timeout */ -static void -expon_timeout_backoff(struct replay_runtime* runtime) -{ - struct fake_pending* p = runtime->pending_list; - int rtt, vs; - uint8_t edns_lame_known; - int last_rtt, rto; - if(!p) return; /* no pending packet to backoff */ - if(!infra_host(runtime->infra, &p->addr, p->addrlen, p->zone, - p->zonelen, runtime->now_secs, &vs, &edns_lame_known, &rtt)) - return; - last_rtt = rtt; - rto = infra_rtt_update(runtime->infra, &p->addr, p->addrlen, p->zone, - p->zonelen, p->qtype, -1, last_rtt, runtime->now_secs); - log_info("infra_rtt_update returned rto %d", rto); -} - -/** - * Advance to the next moment. - */ -static void -advance_moment(struct replay_runtime* runtime) -{ - if(!runtime->now) - runtime->now = runtime->scenario->mom_first; - else runtime->now = runtime->now->mom_next; -} - -/** - * Perform actions or checks determined by the moment. - * Also advances the time by one step. - * @param runtime: scenario runtime information. - */ -static void -do_moment_and_advance(struct replay_runtime* runtime) -{ - struct replay_moment* mom; - if(!runtime->now) { - advance_moment(runtime); - return; - } - log_info("testbound: do STEP %d %s", runtime->now->time_step, - repevt_string(runtime->now->evt_type)); - switch(runtime->now->evt_type) { - case repevt_nothing: - advance_moment(runtime); - break; - case repevt_front_query: - /* advance moment before doing the step, so that the next - moment which may check some result of the mom step - can catch those results. */ - mom = runtime->now; - advance_moment(runtime); - fake_front_query(runtime, mom); - break; - case repevt_front_reply: - if(runtime->answer_list) - log_err("testbound: There are unmatched answers."); - fatal_exit("testbound: query answer not matched"); - break; - case repevt_timeout: - mom = runtime->now; - advance_moment(runtime); - expon_timeout_backoff(runtime); - fake_pending_callback(runtime, mom, NETEVENT_TIMEOUT); - break; - case repevt_back_reply: - mom = runtime->now; - advance_moment(runtime); - fake_pending_callback(runtime, mom, NETEVENT_NOERROR); - break; - case repevt_back_query: - /* Back queries are matched when they are sent out. */ - log_err("No query matching the current moment was sent."); - fatal_exit("testbound: back query not matched"); - break; - case repevt_error: - mom = runtime->now; - advance_moment(runtime); - fake_pending_callback(runtime, mom, NETEVENT_CLOSED); - break; - case repevt_time_passes: - time_passes(runtime, runtime->now); - advance_moment(runtime); - break; - case repevt_autotrust_check: - autotrust_check(runtime, runtime->now); - advance_moment(runtime); - break; - case repevt_assign: - moment_assign(runtime, runtime->now); - advance_moment(runtime); - break; - case repevt_traffic: - advance_moment(runtime); - break; - case repevt_infra_rtt: - do_infra_rtt(runtime); - advance_moment(runtime); - break; - default: - fatal_exit("testbound: unknown event type %d", - runtime->now->evt_type); - } -} - -/** run the scenario in event callbacks */ -static void -run_scenario(struct replay_runtime* runtime) -{ - struct entry* entry = NULL; - struct fake_pending* pending = NULL; - int max_rounds = 5000; - int rounds = 0; - runtime->now = runtime->scenario->mom_first; - log_info("testbound: entering fake runloop"); - do { - /* if moment matches pending query do it. */ - /* else if moment matches given answer, do it */ - /* else if precoded_range matches pending, do it */ - /* else do the current moment */ - if(pending_matches_current(runtime, &entry, &pending)) { - log_info("testbound: do STEP %d CHECK_OUT_QUERY", - runtime->now->time_step); - advance_moment(runtime); - if(entry->copy_id) - answer_callback_from_entry(runtime, entry, - pending); - } else if(runtime->answer_list && runtime->now && - runtime->now->evt_type == repevt_front_reply) { - answer_check_it(runtime); - advance_moment(runtime); - } else if(pending_matches_range(runtime, &entry, &pending)) { - answer_callback_from_entry(runtime, entry, pending); - } else { - do_moment_and_advance(runtime); - } - log_info("testbound: end of event stage"); - rounds++; - if(rounds > max_rounds) - fatal_exit("testbound: too many rounds, it loops."); - } while(runtime->now); - - if(runtime->pending_list) { - struct fake_pending* p; - log_err("testbound: there are still messages pending."); - for(p = runtime->pending_list; p; p=p->next) { - log_pkt("pending msg", p->pkt, p->pkt_len); - log_addr(0, "pending to", &p->addr, p->addrlen); - } - fatal_exit("testbound: there are still messages pending."); - } - if(runtime->answer_list) { - fatal_exit("testbound: there are unmatched answers."); - } - log_info("testbound: exiting fake runloop."); - runtime->exit_cleanly = 1; -} - -/*********** Dummy routines ***********/ - -struct listen_dnsport* -listen_create(struct comm_base* base, struct listen_port* ATTR_UNUSED(ports), - size_t bufsize, int ATTR_UNUSED(tcp_accept_count), - void* ATTR_UNUSED(sslctx), struct dt_env* ATTR_UNUSED(dtenv), - comm_point_callback_type* cb, void* cb_arg) -{ - struct replay_runtime* runtime = (struct replay_runtime*)base; - struct listen_dnsport* l= calloc(1, sizeof(struct listen_dnsport)); - if(!l) - return NULL; - l->base = base; - l->udp_buff = sldns_buffer_new(bufsize); - if(!l->udp_buff) { - free(l); - return NULL; - } - runtime->callback_query = cb; - runtime->cb_arg = cb_arg; - runtime->bufsize = bufsize; - return l; -} - -void -listen_delete(struct listen_dnsport* listen) -{ - if(!listen) - return; - sldns_buffer_free(listen->udp_buff); - free(listen); -} - -struct comm_base* -comm_base_create(int ATTR_UNUSED(sigs)) -{ - /* we return the runtime structure instead. */ - struct replay_runtime* runtime = (struct replay_runtime*) - calloc(1, sizeof(struct replay_runtime)); - runtime->scenario = saved_scenario; - runtime->vars = macro_store_create(); - if(!runtime->vars) fatal_exit("out of memory"); - return (struct comm_base*)runtime; -} - -void -comm_base_delete(struct comm_base* b) -{ - struct replay_runtime* runtime = (struct replay_runtime*)b; - struct fake_pending* p, *np; - struct replay_answer* a, *na; - struct fake_timer* t, *nt; - if(!runtime) - return; - runtime->scenario= NULL; - p = runtime->pending_list; - while(p) { - np = p->next; - delete_fake_pending(p); - p = np; - } - a = runtime->answer_list; - while(a) { - na = a->next; - delete_replay_answer(a); - a = na; - } - t = runtime->timer_list; - while(t) { - nt = t->next; - free(t); - t = nt; - } - macro_store_delete(runtime->vars); - free(runtime); -} - -void -comm_base_timept(struct comm_base* b, time_t** tt, struct timeval** tv) -{ - struct replay_runtime* runtime = (struct replay_runtime*)b; - *tt = &runtime->now_secs; - *tv = &runtime->now_tv; -} - -void -comm_base_dispatch(struct comm_base* b) -{ - struct replay_runtime* runtime = (struct replay_runtime*)b; - run_scenario(runtime); - if(runtime->sig_cb) - (*runtime->sig_cb)(SIGTERM, runtime->sig_cb_arg); - else exit(0); /* OK exit when LIBEVENT_SIGNAL_PROBLEM exists */ -} - -void -comm_base_exit(struct comm_base* b) -{ - struct replay_runtime* runtime = (struct replay_runtime*)b; - if(!runtime->exit_cleanly) { - /* some sort of failure */ - fatal_exit("testbound: comm_base_exit was called."); - } -} - -struct comm_signal* -comm_signal_create(struct comm_base* base, - void (*callback)(int, void*), void* cb_arg) -{ - struct replay_runtime* runtime = (struct replay_runtime*)base; - runtime->sig_cb = callback; - runtime->sig_cb_arg = cb_arg; - return calloc(1, sizeof(struct comm_signal)); -} - -int -comm_signal_bind(struct comm_signal* ATTR_UNUSED(comsig), int - ATTR_UNUSED(sig)) -{ - return 1; -} - -void -comm_signal_delete(struct comm_signal* comsig) -{ - free(comsig); -} - -void -comm_point_send_reply(struct comm_reply* repinfo) -{ - struct replay_answer* ans = (struct replay_answer*)calloc(1, - sizeof(struct replay_answer)); - struct replay_runtime* runtime = (struct replay_runtime*)repinfo->c->ev; - log_info("testbound: comm_point_send_reply fake"); - /* dump it into the todo list */ - log_assert(ans); - memcpy(&ans->repinfo, repinfo, sizeof(struct comm_reply)); - ans->next = NULL; - if(runtime->answer_last) - runtime->answer_last->next = ans; - else runtime->answer_list = ans; - runtime->answer_last = ans; - - /* try to parse packet */ - ans->pkt = memdup(sldns_buffer_begin(ans->repinfo.c->buffer), - sldns_buffer_limit(ans->repinfo.c->buffer)); - ans->pkt_len = sldns_buffer_limit(ans->repinfo.c->buffer); - if(!ans->pkt) fatal_exit("out of memory"); - log_pkt("reply pkt: ", ans->pkt, ans->pkt_len); -} - -void -comm_point_drop_reply(struct comm_reply* repinfo) -{ - log_info("comm_point_drop_reply fake"); - if(repinfo->c) { - sldns_buffer_free(repinfo->c->buffer); - free(repinfo->c); - } -} - -struct outside_network* -outside_network_create(struct comm_base* base, size_t bufsize, - size_t ATTR_UNUSED(num_ports), char** ATTR_UNUSED(ifs), - int ATTR_UNUSED(num_ifs), int ATTR_UNUSED(do_ip4), - int ATTR_UNUSED(do_ip6), size_t ATTR_UNUSED(num_tcp), - struct infra_cache* infra, - struct ub_randstate* ATTR_UNUSED(rnd), - int ATTR_UNUSED(use_caps_for_id), int* ATTR_UNUSED(availports), - int ATTR_UNUSED(numavailports), size_t ATTR_UNUSED(unwanted_threshold), - int ATTR_UNUSED(outgoing_tcp_mss), - void (*unwanted_action)(void*), void* ATTR_UNUSED(unwanted_param), - int ATTR_UNUSED(do_udp), void* ATTR_UNUSED(sslctx), - int ATTR_UNUSED(delayclose), struct dt_env* ATTR_UNUSED(dtenv)) -{ - struct replay_runtime* runtime = (struct replay_runtime*)base; - struct outside_network* outnet = calloc(1, - sizeof(struct outside_network)); - (void)unwanted_action; - if(!outnet) - return NULL; - runtime->infra = infra; - outnet->base = base; - outnet->udp_buff = sldns_buffer_new(bufsize); - if(!outnet->udp_buff) { - free(outnet); - return NULL; - } - return outnet; -} - -void -outside_network_delete(struct outside_network* outnet) -{ - if(!outnet) - return; - sldns_buffer_free(outnet->udp_buff); - free(outnet); -} - -void -outside_network_quit_prepare(struct outside_network* ATTR_UNUSED(outnet)) -{ -} - -struct pending* -pending_udp_query(struct serviced_query* sq, sldns_buffer* packet, - int timeout, comm_point_callback_type* callback, void* callback_arg) -{ - struct replay_runtime* runtime = (struct replay_runtime*) - sq->outnet->base; - struct fake_pending* pend = (struct fake_pending*)calloc(1, - sizeof(struct fake_pending)); - log_assert(pend); - pend->buffer = sldns_buffer_new(sldns_buffer_capacity(packet)); - log_assert(pend->buffer); - sldns_buffer_write(pend->buffer, sldns_buffer_begin(packet), - sldns_buffer_limit(packet)); - sldns_buffer_flip(pend->buffer); - memcpy(&pend->addr, &sq->addr, sq->addrlen); - pend->addrlen = sq->addrlen; - pend->callback = callback; - pend->cb_arg = callback_arg; - pend->timeout = timeout/1000; - pend->transport = transport_udp; - pend->pkt = NULL; - pend->zone = NULL; - pend->serviced = 0; - pend->runtime = runtime; - pend->pkt_len = sldns_buffer_limit(packet); - pend->pkt = memdup(sldns_buffer_begin(packet), pend->pkt_len); - if(!pend->pkt) fatal_exit("out of memory"); - log_pkt("pending udp pkt: ", pend->pkt, pend->pkt_len); - - /* see if it matches the current moment */ - if(runtime->now && runtime->now->evt_type == repevt_back_query && - (runtime->now->addrlen == 0 || sockaddr_cmp( - &runtime->now->addr, runtime->now->addrlen, - &pend->addr, pend->addrlen) == 0) && - find_match(runtime->now->match, pend->pkt, pend->pkt_len, - pend->transport)) { - log_info("testbound: matched pending to event. " - "advance time between events."); - log_info("testbound: do STEP %d %s", runtime->now->time_step, - repevt_string(runtime->now->evt_type)); - advance_moment(runtime); - /* still create the pending, because we need it to callback */ - } - log_info("testbound: created fake pending"); - /* add to list */ - pend->next = runtime->pending_list; - runtime->pending_list = pend; - return (struct pending*)pend; -} - -struct waiting_tcp* -pending_tcp_query(struct serviced_query* sq, sldns_buffer* packet, - int timeout, comm_point_callback_type* callback, void* callback_arg) -{ - struct replay_runtime* runtime = (struct replay_runtime*) - sq->outnet->base; - struct fake_pending* pend = (struct fake_pending*)calloc(1, - sizeof(struct fake_pending)); - log_assert(pend); - pend->buffer = sldns_buffer_new(sldns_buffer_capacity(packet)); - log_assert(pend->buffer); - sldns_buffer_write(pend->buffer, sldns_buffer_begin(packet), - sldns_buffer_limit(packet)); - sldns_buffer_flip(pend->buffer); - memcpy(&pend->addr, &sq->addr, sq->addrlen); - pend->addrlen = sq->addrlen; - pend->callback = callback; - pend->cb_arg = callback_arg; - pend->timeout = timeout; - pend->transport = transport_tcp; - pend->pkt = NULL; - pend->zone = NULL; - pend->runtime = runtime; - pend->serviced = 0; - pend->pkt_len = sldns_buffer_limit(packet); - pend->pkt = memdup(sldns_buffer_begin(packet), pend->pkt_len); - if(!pend->pkt) fatal_exit("out of memory"); - log_pkt("pending tcp pkt: ", pend->pkt, pend->pkt_len); - - /* see if it matches the current moment */ - if(runtime->now && runtime->now->evt_type == repevt_back_query && - (runtime->now->addrlen == 0 || sockaddr_cmp( - &runtime->now->addr, runtime->now->addrlen, - &pend->addr, pend->addrlen) == 0) && - find_match(runtime->now->match, pend->pkt, pend->pkt_len, - pend->transport)) { - log_info("testbound: matched pending to event. " - "advance time between events."); - log_info("testbound: do STEP %d %s", runtime->now->time_step, - repevt_string(runtime->now->evt_type)); - advance_moment(runtime); - /* still create the pending, because we need it to callback */ - } - log_info("testbound: created fake pending"); - /* add to list */ - pend->next = runtime->pending_list; - runtime->pending_list = pend; - return (struct waiting_tcp*)pend; -} - -struct serviced_query* outnet_serviced_query(struct outside_network* outnet, - struct query_info* qinfo, uint16_t flags, int dnssec, - int ATTR_UNUSED(want_dnssec), int ATTR_UNUSED(nocaps), - int ATTR_UNUSED(tcp_upstream), int ATTR_UNUSED(ssl_upstream), - struct sockaddr_storage* addr, socklen_t addrlen, uint8_t* zone, - size_t zonelen, struct module_qstate* qstate, - comm_point_callback_type* callback, void* callback_arg, - sldns_buffer* ATTR_UNUSED(buff), struct module_env* ATTR_UNUSED(env)) -{ - struct replay_runtime* runtime = (struct replay_runtime*)outnet->base; - struct fake_pending* pend = (struct fake_pending*)calloc(1, - sizeof(struct fake_pending)); - char z[256]; - log_assert(pend); - log_nametypeclass(VERB_OPS, "pending serviced query", - qinfo->qname, qinfo->qtype, qinfo->qclass); - dname_str(zone, z); - verbose(VERB_OPS, "pending serviced query zone %s flags%s%s%s%s", - z, (flags&BIT_RD)?" RD":"", (flags&BIT_CD)?" CD":"", - (flags&~(BIT_RD|BIT_CD))?" MORE":"", (dnssec)?" DO":""); - - /* create packet with EDNS */ - pend->buffer = sldns_buffer_new(512); - log_assert(pend->buffer); - sldns_buffer_write_u16(pend->buffer, 0); /* id */ - sldns_buffer_write_u16(pend->buffer, flags); - sldns_buffer_write_u16(pend->buffer, 1); /* qdcount */ - sldns_buffer_write_u16(pend->buffer, 0); /* ancount */ - sldns_buffer_write_u16(pend->buffer, 0); /* nscount */ - sldns_buffer_write_u16(pend->buffer, 0); /* arcount */ - sldns_buffer_write(pend->buffer, qinfo->qname, qinfo->qname_len); - sldns_buffer_write_u16(pend->buffer, qinfo->qtype); - sldns_buffer_write_u16(pend->buffer, qinfo->qclass); - sldns_buffer_flip(pend->buffer); - if(1) { - struct edns_data edns; - if(!inplace_cb_query_call(env, qinfo, flags, addr, addrlen, - zone, zonelen, qstate, qstate->region)) { - free(pend); - return NULL; - } - /* add edns */ - edns.edns_present = 1; - edns.ext_rcode = 0; - edns.edns_version = EDNS_ADVERTISED_VERSION; - edns.udp_size = EDNS_ADVERTISED_SIZE; - edns.bits = 0; - edns.opt_list = qstate->edns_opts_back_out; - if(dnssec) - edns.bits = EDNS_DO; - attach_edns_record(pend->buffer, &edns); - } - memcpy(&pend->addr, addr, addrlen); - pend->addrlen = addrlen; - pend->zone = memdup(zone, zonelen); - pend->zonelen = zonelen; - pend->qtype = (int)qinfo->qtype; - log_assert(pend->zone); - pend->callback = callback; - pend->cb_arg = callback_arg; - pend->timeout = UDP_AUTH_QUERY_TIMEOUT; - pend->transport = transport_udp; /* pretend UDP */ - pend->pkt = NULL; - pend->runtime = runtime; - pend->serviced = 1; - pend->pkt_len = sldns_buffer_limit(pend->buffer); - pend->pkt = memdup(sldns_buffer_begin(pend->buffer), pend->pkt_len); - if(!pend->pkt) fatal_exit("out of memory"); - /*log_pkt("pending serviced query: ", pend->pkt, pend->pkt_len);*/ - - /* see if it matches the current moment */ - if(runtime->now && runtime->now->evt_type == repevt_back_query && - (runtime->now->addrlen == 0 || sockaddr_cmp( - &runtime->now->addr, runtime->now->addrlen, - &pend->addr, pend->addrlen) == 0) && - find_match(runtime->now->match, pend->pkt, pend->pkt_len, - pend->transport)) { - log_info("testbound: matched pending to event. " - "advance time between events."); - log_info("testbound: do STEP %d %s", runtime->now->time_step, - repevt_string(runtime->now->evt_type)); - advance_moment(runtime); - /* still create the pending, because we need it to callback */ - } - log_info("testbound: created fake pending"); - /* add to list */ - pend->next = runtime->pending_list; - runtime->pending_list = pend; - return (struct serviced_query*)pend; -} - -void outnet_serviced_query_stop(struct serviced_query* sq, void* cb_arg) -{ - struct fake_pending* pend = (struct fake_pending*)sq; - struct replay_runtime* runtime = pend->runtime; - /* delete from the list */ - struct fake_pending* p = runtime->pending_list, *prev=NULL; - while(p) { - if(p == pend) { - log_assert(p->cb_arg == cb_arg); - (void)cb_arg; - log_info("serviced pending delete"); - if(prev) - prev->next = p->next; - else runtime->pending_list = p->next; - sldns_buffer_free(p->buffer); - free(p->pkt); - free(p->zone); - free(p); - return; - } - prev = p; - p = p->next; - } - log_info("double delete of pending serviced query"); -} - -struct listen_port* listening_ports_open(struct config_file* ATTR_UNUSED(cfg), - int* ATTR_UNUSED(reuseport)) -{ - return calloc(1, 1); -} - -void listening_ports_free(struct listen_port* list) -{ - free(list); -} - -struct comm_point* comm_point_create_local(struct comm_base* ATTR_UNUSED(base), - int ATTR_UNUSED(fd), size_t ATTR_UNUSED(bufsize), - comm_point_callback_type* ATTR_UNUSED(callback), - void* ATTR_UNUSED(callback_arg)) -{ - return calloc(1, 1); -} - -struct comm_point* comm_point_create_raw(struct comm_base* ATTR_UNUSED(base), - int ATTR_UNUSED(fd), int ATTR_UNUSED(writing), - comm_point_callback_type* ATTR_UNUSED(callback), - void* ATTR_UNUSED(callback_arg)) -{ - /* no pipe comm possible */ - return calloc(1, 1); -} - -void comm_point_start_listening(struct comm_point* ATTR_UNUSED(c), - int ATTR_UNUSED(newfd), int ATTR_UNUSED(sec)) -{ - /* no bg write pipe comm possible */ -} - -void comm_point_stop_listening(struct comm_point* ATTR_UNUSED(c)) -{ - /* no bg write pipe comm possible */ -} - -/* only cmd com _local gets deleted */ -void comm_point_delete(struct comm_point* c) -{ - free(c); -} - -size_t listen_get_mem(struct listen_dnsport* ATTR_UNUSED(listen)) -{ - return 0; -} - -size_t outnet_get_mem(struct outside_network* ATTR_UNUSED(outnet)) -{ - return 0; -} - -size_t comm_point_get_mem(struct comm_point* ATTR_UNUSED(c)) -{ - return 0; -} - -size_t serviced_get_mem(struct serviced_query* ATTR_UNUSED(c)) -{ - return 0; -} - -/* fake for fptr wlist */ -int outnet_udp_cb(struct comm_point* ATTR_UNUSED(c), - void* ATTR_UNUSED(arg), int ATTR_UNUSED(error), - struct comm_reply *ATTR_UNUSED(reply_info)) -{ - log_assert(0); - return 0; -} - -int outnet_tcp_cb(struct comm_point* ATTR_UNUSED(c), - void* ATTR_UNUSED(arg), int ATTR_UNUSED(error), - struct comm_reply *ATTR_UNUSED(reply_info)) -{ - log_assert(0); - return 0; -} - -void pending_udp_timer_cb(void *ATTR_UNUSED(arg)) -{ - log_assert(0); -} - -void pending_udp_timer_delay_cb(void *ATTR_UNUSED(arg)) -{ - log_assert(0); -} - -void outnet_tcptimer(void* ATTR_UNUSED(arg)) -{ - log_assert(0); -} - -void comm_point_udp_callback(int ATTR_UNUSED(fd), short ATTR_UNUSED(event), - void* ATTR_UNUSED(arg)) -{ - log_assert(0); -} - -void comm_point_udp_ancil_callback(int ATTR_UNUSED(fd), - short ATTR_UNUSED(event), void* ATTR_UNUSED(arg)) -{ - log_assert(0); -} - -void comm_point_tcp_accept_callback(int ATTR_UNUSED(fd), - short ATTR_UNUSED(event), void* ATTR_UNUSED(arg)) -{ - log_assert(0); -} - -void comm_point_tcp_handle_callback(int ATTR_UNUSED(fd), - short ATTR_UNUSED(event), void* ATTR_UNUSED(arg)) -{ - log_assert(0); -} - -void comm_timer_callback(int ATTR_UNUSED(fd), - short ATTR_UNUSED(event), void* ATTR_UNUSED(arg)) -{ - log_assert(0); -} - -void comm_signal_callback(int ATTR_UNUSED(fd), - short ATTR_UNUSED(event), void* ATTR_UNUSED(arg)) -{ - log_assert(0); -} - -void comm_point_local_handle_callback(int ATTR_UNUSED(fd), - short ATTR_UNUSED(event), void* ATTR_UNUSED(arg)) -{ - log_assert(0); -} - -void comm_point_raw_handle_callback(int ATTR_UNUSED(fd), - short ATTR_UNUSED(event), void* ATTR_UNUSED(arg)) -{ - log_assert(0); -} - -void comm_base_handle_slow_accept(int ATTR_UNUSED(fd), - short ATTR_UNUSED(event), void* ATTR_UNUSED(arg)) -{ - log_assert(0); -} - -int serviced_udp_callback(struct comm_point* ATTR_UNUSED(c), - void* ATTR_UNUSED(arg), int ATTR_UNUSED(error), - struct comm_reply* ATTR_UNUSED(reply_info)) -{ - log_assert(0); - return 0; -} - -int serviced_tcp_callback(struct comm_point* ATTR_UNUSED(c), - void* ATTR_UNUSED(arg), int ATTR_UNUSED(error), - struct comm_reply* ATTR_UNUSED(reply_info)) -{ - log_assert(0); - return 0; -} - -int pending_cmp(const void* ATTR_UNUSED(a), const void* ATTR_UNUSED(b)) -{ - log_assert(0); - return 0; -} - -int serviced_cmp(const void* ATTR_UNUSED(a), const void* ATTR_UNUSED(b)) -{ - log_assert(0); - return 0; -} - -/* timers in testbound for autotrust. statistics tested in tpkg. */ -struct comm_timer* comm_timer_create(struct comm_base* base, - void (*cb)(void*), void* cb_arg) -{ - struct replay_runtime* runtime = (struct replay_runtime*)base; - struct fake_timer* t = (struct fake_timer*)calloc(1, sizeof(*t)); - t->cb = cb; - t->cb_arg = cb_arg; - fptr_ok(fptr_whitelist_comm_timer(t->cb)); /* check in advance */ - t->runtime = runtime; - t->next = runtime->timer_list; - runtime->timer_list = t; - return (struct comm_timer*)t; -} - -void comm_timer_disable(struct comm_timer* timer) -{ - struct fake_timer* t = (struct fake_timer*)timer; - log_info("fake timer disabled"); - t->enabled = 0; -} - -void comm_timer_set(struct comm_timer* timer, struct timeval* tv) -{ - struct fake_timer* t = (struct fake_timer*)timer; - t->enabled = 1; - t->tv = *tv; - log_info("fake timer set %d.%6.6d", - (int)t->tv.tv_sec, (int)t->tv.tv_usec); - timeval_add(&t->tv, &t->runtime->now_tv); -} - -void comm_timer_delete(struct comm_timer* timer) -{ - struct fake_timer* t = (struct fake_timer*)timer; - struct fake_timer** pp, *p; - if(!t) return; - - /* remove from linked list */ - pp = &t->runtime->timer_list; - p = t->runtime->timer_list; - while(p) { - if(p == t) { - /* snip from list */ - *pp = p->next; - break; - } - pp = &p->next; - p = p->next; - } - - free(timer); -} - -void comm_base_set_slow_accept_handlers(struct comm_base* ATTR_UNUSED(b), - void (*stop_acc)(void*), void (*start_acc)(void*), - void* ATTR_UNUSED(arg)) -{ - /* ignore this */ - (void)stop_acc; - (void)start_acc; -} - -struct ub_event_base* comm_base_internal(struct comm_base* ATTR_UNUSED(b)) -{ - /* no pipe comm possible in testbound */ - return NULL; -} - -void daemon_remote_exec(struct worker* ATTR_UNUSED(worker)) -{ -} - -void listen_start_accept(struct listen_dnsport* ATTR_UNUSED(listen)) -{ -} - -void listen_stop_accept(struct listen_dnsport* ATTR_UNUSED(listen)) -{ -} - -void daemon_remote_start_accept(struct daemon_remote* ATTR_UNUSED(rc)) -{ -} - -void daemon_remote_stop_accept(struct daemon_remote* ATTR_UNUSED(rc)) -{ -} - -/*********** End of Dummy routines ***********/ diff --git a/external/unbound/testcode/fake_event.h b/external/unbound/testcode/fake_event.h deleted file mode 100644 index 97ebb41cb..000000000 --- a/external/unbound/testcode/fake_event.h +++ /dev/null @@ -1,75 +0,0 @@ -/* - * testcode/fake_event.h - fake event handling that replays existing scenario. - * - * Copyright (c) 2007, NLnet Labs. All rights reserved. - * - * This software is open source. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * Redistributions of source code must retain the above copyright notice, - * this list of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, - * this list of conditions and the following disclaimer in the documentation - * and/or other materials provided with the distribution. - * - * Neither the name of the NLNET LABS nor the names of its contributors may - * be used to endorse or promote products derived from this software without - * specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR - * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT - * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED - * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR - * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF - * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING - * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -/** - * \file - * Event service that replays a scenario. - * This implements the same exported symbols as the files: - * util/netevent.c - * services/listen_dnsport.c - * services/outside_network.c - * But these do not actually access the network or events, instead - * the scenario is played. - */ - -#ifndef TESTCODE_FAKE_EVENT_H -#define TESTCODE_FAKE_EVENT_H -struct replay_scenario; - -/** - * Initialise fake event services. - * - * The fake event services will automatically start when the main program - * calls netevent.h functions, such as comm_base_dispatch(). - * - * @param scen: Set the scenario to use for upcoming event handling. - */ -void fake_event_init(struct replay_scenario* scen); - -/** - * Deinit fake event services. - */ -void fake_event_cleanup(void); - -/** - * Get filename to store temporary config stuff. The pid is added. in /tmp. - * @param adj: adjective, like "_cfg_", "_auto_" - * @param id: identifier, like "example.com". - * @param buf: where to store. - * @param len: length of buf. - */ -void fake_temp_file(const char* adj, const char* id, char* buf, size_t len); - -#endif /* TESTCODE_FAKE_EVENT_H */ diff --git a/external/unbound/testcode/lock_verify.c b/external/unbound/testcode/lock_verify.c deleted file mode 100644 index 666a7029d..000000000 --- a/external/unbound/testcode/lock_verify.c +++ /dev/null @@ -1,426 +0,0 @@ -/* - * testcode/lock_verify.c - verifier program for lock traces, checks order. - * - * Copyright (c) 2007, NLnet Labs. All rights reserved. - * - * This software is open source. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * Redistributions of source code must retain the above copyright notice, - * this list of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, - * this list of conditions and the following disclaimer in the documentation - * and/or other materials provided with the distribution. - * - * Neither the name of the NLNET LABS nor the names of its contributors may - * be used to endorse or promote products derived from this software without - * specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR - * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT - * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED - * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR - * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF - * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING - * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -/** - * \file - * - * This file checks the lock traces generated by checklock.c. - * Checks if locks are consistently locked in the same order. - * If not, this can lead to deadlock if threads execute the different - * ordering at the same time. - * - */ - -#include "config.h" -#ifdef HAVE_TIME_H -#include -#endif -#include "util/log.h" -#include "util/rbtree.h" -#include "util/locks.h" -#include "util/fptr_wlist.h" - -/* --- data structures --- */ -struct lock_ref; - -/** keep track of lock id in lock-verify application - * Also defined in smallapp/worker_cb.c for fptr_wlist encapsulation - * breakage (the security tests break encapsulation for this test app) */ -struct order_id { - /** the thread id that created it */ - int thr; - /** the instance number of creation */ - int instance; -}; - -/** a lock */ -struct order_lock { - /** rbnode in all tree */ - rbnode_type node; - /** lock id */ - struct order_id id; - /** the creation file */ - char* create_file; - /** creation line */ - int create_line; - /** set of all locks that are smaller than this one (locked earlier) */ - rbtree_type* smaller; - /** during depthfirstsearch, this is a linked list of the stack - * of locks. points to the next lock bigger than this one. */ - struct lock_ref* dfs_next; - /** if lock has been visited (all smaller locks have been compared to - * this lock), only need to compare this with all unvisited(bigger) - * locks */ - int visited; -}; - -/** reference to a lock in a rbtree set */ -struct lock_ref { - /** rbnode, key is an order_id ptr */ - rbnode_type node; - /** the lock referenced */ - struct order_lock* lock; - /** why is this ref */ - char* file; - /** line number */ - int line; -}; - -/** count of errors detected */ -static int errors_detected = 0; -/** verbose? */ -static int verb = 0; - -/** print program usage help */ -static void -usage(void) -{ - printf("lock_verify \n"); -} - -/** read header entry. - * @param in: file to read header of. - * @return: False if it does not belong to the rest. */ -static int -read_header(FILE* in) -{ - time_t t; - pid_t p; - int thrno; - static int have_values = 0; - static time_t the_time; - static pid_t the_pid; - static int threads[256]; - - if(fread(&t, sizeof(t), 1, in) != 1 || - fread(&thrno, sizeof(thrno), 1, in) != 1 || - fread(&p, sizeof(p), 1, in) != 1) { - fatal_exit("fread failed"); - } - /* check these values are sorta OK */ - if(!have_values) { - the_time = t; - the_pid = p; - memset(threads, 0, 256*sizeof(int)); - if(thrno >= 256) { - fatal_exit("Thread number too big. %d", thrno); - } - threads[thrno] = 1; - have_values = 1; - printf(" trace %d from pid %u on %s", thrno, - (unsigned)p, ctime(&t)); - } else { - if(the_pid != p) { - printf(" has pid %u, not %u. Skipped.\n", - (unsigned)p, (unsigned)the_pid); - return 0; - } - if(threads[thrno]) - fatal_exit("same threadno in two files"); - threads[thrno] = 1; - if( abs((int)(the_time - t)) > 3600) - fatal_exit("input files from different times: %u %u", - (unsigned)the_time, (unsigned)t); - printf(" trace of thread %u:%d\n", (unsigned)p, thrno); - } - return 1; -} - -/** max length of strings: filenames and function names. */ -#define STRMAX 1024 -/** read a string from file, false on error */ -static int readup_str(char** str, FILE* in) -{ - char buf[STRMAX]; - int len = 0; - int c; - /* ends in zero */ - while( (c = fgetc(in)) != 0) { - if(c == EOF) - fatal_exit("eof in readstr, file too short"); - buf[len++] = c; - if(len == STRMAX) { - fatal_exit("string too long, bad file format"); - } - } - buf[len] = 0; - *str = strdup(buf); - return 1; -} - -/** read creation entry */ -static void read_create(rbtree_type* all, FILE* in) -{ - struct order_lock* o = calloc(1, sizeof(struct order_lock)); - if(!o) fatal_exit("malloc failure"); - if(fread(&o->id.thr, sizeof(int), 1, in) != 1 || - fread(&o->id.instance, sizeof(int), 1, in) != 1 || - !readup_str(&o->create_file, in) || - fread(&o->create_line, sizeof(int), 1, in) != 1) - fatal_exit("fread failed"); - o->smaller = rbtree_create(order_lock_cmp); - o->node.key = &o->id; - if(!rbtree_insert(all, &o->node)) { - /* already inserted */ - struct order_lock* a = (struct order_lock*)rbtree_search(all, - &o->id); - log_assert(a); - a->create_file = o->create_file; - a->create_line = o->create_line; - free(o->smaller); - free(o); - o = a; - } - if(verb) printf("read create %u %u %s %d\n", - (unsigned)o->id.thr, (unsigned)o->id.instance, - o->create_file, o->create_line); -} - -/** insert lock entry (empty) into list */ -static struct order_lock* -insert_lock(rbtree_type* all, struct order_id* id) -{ - struct order_lock* o = calloc(1, sizeof(struct order_lock)); - if(!o) fatal_exit("malloc failure"); - o->smaller = rbtree_create(order_lock_cmp); - o->id = *id; - o->node.key = &o->id; - if(!rbtree_insert(all, &o->node)) - fatal_exit("insert fail should not happen"); - return o; -} - -/** read lock entry */ -static void read_lock(rbtree_type* all, FILE* in, int val) -{ - struct order_id prev_id, now_id; - struct lock_ref* ref; - struct order_lock* prev, *now; - ref = (struct lock_ref*)calloc(1, sizeof(struct lock_ref)); - if(!ref) fatal_exit("malloc failure"); - prev_id.thr = val; - if(fread(&prev_id.instance, sizeof(int), 1, in) != 1 || - fread(&now_id.thr, sizeof(int), 1, in) != 1 || - fread(&now_id.instance, sizeof(int), 1, in) != 1 || - !readup_str(&ref->file, in) || - fread(&ref->line, sizeof(int), 1, in) != 1) - fatal_exit("fread failed"); - if(verb) printf("read lock %u %u %u %u %s %d\n", - (unsigned)prev_id.thr, (unsigned)prev_id.instance, - (unsigned)now_id.thr, (unsigned)now_id.instance, - ref->file, ref->line); - /* find the two locks involved */ - prev = (struct order_lock*)rbtree_search(all, &prev_id); - now = (struct order_lock*)rbtree_search(all, &now_id); - /* if not there - insert 'em */ - if(!prev) prev = insert_lock(all, &prev_id); - if(!now) now = insert_lock(all, &now_id); - ref->lock = prev; - ref->node.key = &prev->id; - if(!rbtree_insert(now->smaller, &ref->node)) { - free(ref->file); - free(ref); - } -} - -/** read input file */ -static void readinput(rbtree_type* all, char* file) -{ - FILE *in = fopen(file, "r"); - int fst; - if(!in) { - perror(file); - exit(1); - } - printf("file %s", file); - if(!read_header(in)) { - fclose(in); - return; - } - while(fread(&fst, sizeof(fst), 1, in) == 1) { - if(fst == -1) - read_create(all, in); - else read_lock(all, in, fst); - } - fclose(in); -} - -/** print cycle message */ -static void found_cycle(struct lock_ref* visit, int level) -{ - struct lock_ref* p; - int i = 0; - errors_detected++; - printf("Found inconsistent locking order of length %d\n", level); - printf("for lock %d %d created %s %d\n", - visit->lock->id.thr, visit->lock->id.instance, - visit->lock->create_file, visit->lock->create_line); - printf("sequence is:\n"); - p = visit; - while(p) { - struct order_lock* next = - p->lock->dfs_next?p->lock->dfs_next->lock:visit->lock; - printf("[%d] is locked at line %s %d before lock %d %d\n", - i, p->file, p->line, next->id.thr, next->id.instance); - printf("[%d] lock %d %d is created at %s %d\n", - i, next->id.thr, next->id.instance, - next->create_file, next->create_line); - i++; - p = p->lock->dfs_next; - if(p && p->lock == visit->lock) - break; - } -} - -/** Detect cycle by comparing visited now with all (unvisited) bigger nodes */ -static int detect_cycle(struct lock_ref* visit, struct lock_ref* from) -{ - struct lock_ref* p = from; - while(p) { - if(p->lock == visit->lock) - return 1; - p = p->lock->dfs_next; - } - return 0; -} - -/** recursive function to depth first search for cycles. - * @param visit: the lock visited at this step. - * its dfs_next pointer gives the visited lock up in recursion. - * same as lookfor at level 0. - * @param level: depth of recursion. 0 is start. - * @param from: search for matches from unvisited node upwards. - */ -static void search_cycle(struct lock_ref* visit, int level, - struct lock_ref* from) -{ - struct lock_ref* ref; - /* check for cycle */ - if(detect_cycle(visit, from) && level != 0) { - found_cycle(visit, level); - fatal_exit("found lock order cycle"); - } - /* recurse */ - if(!visit->lock->visited) - from = visit; - if(verb > 1) fprintf(stderr, "[%d] visit lock %u %u %s %d\n", level, - (unsigned)visit->lock->id.thr, - (unsigned)visit->lock->id.instance, - visit->lock->create_file, visit->lock->create_line); - RBTREE_FOR(ref, struct lock_ref*, visit->lock->smaller) { - ref->lock->dfs_next = visit; - search_cycle(ref, level+1, from); - } - visit->lock->visited = 1; -} - -/** Check ordering of one lock */ -static void check_order_lock(struct order_lock* lock) -{ - struct lock_ref start; - if(lock->visited) return; - - start.node.key = &lock->id; - start.lock = lock; - start.file = lock->create_file; - start.line = lock->create_line; - - if(!lock->create_file) - log_err("lock %u %u does not have create info", - (unsigned)lock->id.thr, (unsigned)lock->id.instance); - - /* depth first search to find cycle with this lock at head */ - lock->dfs_next = NULL; - search_cycle(&start, 0, &start); -} - -/** Check ordering of locks */ -static void check_order(rbtree_type* all_locks) -{ - /* check each lock */ - struct order_lock* lock; - int i=0; - RBTREE_FOR(lock, struct order_lock*, all_locks) { - if(verb) - printf("[%d/%d] Checking lock %d %d %s %d\n", - i, (int)all_locks->count, - lock->id.thr, lock->id.instance, - lock->create_file, lock->create_line); - else if (i % ((all_locks->count/75)<1?1:all_locks->count/75) - == 0) - fprintf(stderr, "."); - i++; - check_order_lock(lock); - } - fprintf(stderr, "\n"); -} - -/** main program to verify all traces passed */ -int -main(int argc, char* argv[]) -{ - rbtree_type* all_locks; - int i; - time_t starttime = time(NULL); -#ifdef USE_THREAD_DEBUG - /* do not overwrite the ublocktrace files with the ones generated - * by this program (i.e. when the log code creates a lock) */ - check_locking_order = 0; -#endif - if(argc <= 1) { - usage(); - return 1; - } - log_init(NULL, 0, NULL); - log_ident_set("lock-verify"); - /* init */ - all_locks = rbtree_create(order_lock_cmp); - errors_detected = 0; - - /* read the input files */ - for(i=1; icount, (int)(time(NULL)-starttime), - errors_detected); - if(errors_detected) return 1; - return 0; -} diff --git a/external/unbound/testcode/memstats.c b/external/unbound/testcode/memstats.c deleted file mode 100644 index dc29058ad..000000000 --- a/external/unbound/testcode/memstats.c +++ /dev/null @@ -1,249 +0,0 @@ -/* - * testcode/memstats.c - debug tool to show memory allocation statistics. - * - * Copyright (c) 2007, NLnet Labs. All rights reserved. - * - * This software is open source. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * Redistributions of source code must retain the above copyright notice, - * this list of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, - * this list of conditions and the following disclaimer in the documentation - * and/or other materials provided with the distribution. - * - * Neither the name of the NLNET LABS nor the names of its contributors may - * be used to endorse or promote products derived from this software without - * specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR - * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT - * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED - * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR - * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF - * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING - * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -/** - * \file - * - * This program reads a log file and prints the memory allocation summed - * up. - */ -#include "config.h" -#include "util/log.h" -#include "util/rbtree.h" -#include "util/locks.h" -#include "util/fptr_wlist.h" -#include - -/** - * The allocation statistics block - */ -struct codeline { - /** rbtree node */ - rbnode_type node; - /** the name of the file:linenumber */ - char* codeline; - /** the name of the function */ - char* func; - /** number of bytes allocated */ - uint64_t alloc; - /** number of bytes freed */ - uint64_t free; - /** number allocations and frees */ - uint64_t calls; -}; - -/** print usage and exit */ -static void -usage(void) -{ - printf("usage: memstats \n"); - printf("statistics are printed on stdout.\n"); - exit(1); -} - -/** match logfile line to see if it needs accounting processing */ -static int -match(char* line) -{ - /* f.e.: - * [1187340064] unbound[24604:0] info: ul/rb.c:81 r_create malloc(12) - * 0123456789 123456789 123456789 123456789 - * But now also: - * Sep 16 15:18:20 unbound[1:0] info: ul/nh.c:143 memdup malloc(11) - */ - if(strlen(line) < 32) /* up to 'info: ' */ - return 0; - if(!strstr(line, " info: ")) - return 0; - if(strstr(line, "info: stat ")) - return 0; /* skip the hex dumps */ - if(strstr(line+30, "malloc(")) - return 1; - else if(strstr(line+30, "calloc(")) - return 1; - /* skip reallocs */ - return 0; -} - -/** find or alloc codeline in tree */ -static struct codeline* -get_codeline(rbtree_type* tree, char* key, char* func) -{ - struct codeline* cl = (struct codeline*)rbtree_search(tree, key); - if(!cl) { - cl = calloc(1, sizeof(*cl)); - if(!cl) return 0; - cl->codeline = strdup(key); - if(!cl->codeline) return 0; - cl->func = strdup(func); - if(!cl->func) return 0; - cl->alloc = 0; - cl->node.key = cl->codeline; - (void)rbtree_insert(tree, &cl->node); - } - return cl; -} - -/** read up the malloc stats */ -static void -read_malloc_stat(char* line, rbtree_type* tree) -{ - char codeline[10240]; - char name[10240]; - int skip = 0; - long num = 0; - struct codeline* cl = 0; - line = strstr(line, "info: ")+6; - if(sscanf(line, "%s %s %n", codeline, name, &skip) != 2) { - printf("%s\n", line); - fatal_exit("unhandled malloc"); - } - if(sscanf(line+skip+7, "%ld", &num) != 1) { - printf("%s\n%s\n", line, line+skip+7); - fatal_exit("unhandled malloc"); - } - cl = get_codeline(tree, codeline, name); - if(!cl) - fatal_exit("alloc failure"); - cl->alloc += num; - cl->calls ++; -} - -/** read up the calloc stats */ -static void -read_calloc_stat(char* line, rbtree_type* tree) -{ - char codeline[10240]; - char name[10240]; - int skip = 0; - long num = 0, sz = 0; - struct codeline* cl = 0; - line = strstr(line, "info: ")+6; - if(sscanf(line, "%s %s %n", codeline, name, &skip) != 2) { - printf("%s\n", line); - fatal_exit("unhandled calloc"); - } - if(sscanf(line+skip+7, "%ld, %ld", &num, &sz) != 2) { - printf("%s\n%s\n", line, line+skip+7); - fatal_exit("unhandled calloc"); - } - - cl = get_codeline(tree, codeline, name); - if(!cl) - fatal_exit("alloc failure"); - cl->alloc += num*sz; - cl->calls ++; -} - -/** get size of file */ -static off_t -get_file_size(const char* fname) -{ - struct stat s; - if(stat(fname, &s) < 0) { - fatal_exit("could not stat %s: %s", fname, strerror(errno)); - } - return s.st_size; -} - -/** read the logfile */ -static void -readfile(rbtree_type* tree, const char* fname) -{ - off_t total = get_file_size(fname); - off_t done = (off_t)0; - int report = 0; - FILE* in = fopen(fname, "r"); - char buf[102400]; - if(!in) - fatal_exit("could not open %s: %s", fname, strerror(errno)); - printf("Reading %s of size " ARG_LL "d\n", fname, (long long)total); - while(fgets(buf, 102400, in)) { - buf[102400-1] = 0; - done += (off_t)strlen(buf); - /* progress count */ - if((int)(((double)done / (double)total)*100.) > report) { - report = (int)(((double)done / (double)total)*100.); - fprintf(stderr, " %d%%", report); - } - - if(!match(buf)) - continue; - else if(strstr(buf+30, "malloc(")) - read_malloc_stat(buf, tree); - else if(strstr(buf+30, "calloc(")) - read_calloc_stat(buf, tree); - else { - printf("%s\n", buf); - fatal_exit("unhandled input"); - } - } - fprintf(stderr, " done\n"); - fclose(in); -} - -/** print memory stats */ -static void -printstats(rbtree_type* tree) -{ - struct codeline* cl; - uint64_t total = 0, tcalls = 0; - RBTREE_FOR(cl, struct codeline*, tree) { - printf("%12lld / %8lld in %s %s\n", (long long)cl->alloc, - (long long)cl->calls, cl->codeline, cl->func); - total += cl->alloc; - tcalls += cl->calls; - } - printf("------------\n"); - printf("%12lld / %8lld total in %ld code lines\n", (long long)total, - (long long)tcalls, (long)tree->count); - printf("\n"); -} - -/** main program */ -int main(int argc, const char* argv[]) -{ - rbtree_type* tree = 0; - log_init(NULL, 0, 0); - if(argc != 2) { - usage(); - } - tree = rbtree_create(codeline_cmp); - if(!tree) - fatal_exit("alloc failure"); - readfile(tree, argv[1]); - printstats(tree); - return 0; -} diff --git a/external/unbound/testcode/mini_tpkg.sh b/external/unbound/testcode/mini_tpkg.sh deleted file mode 100755 index ebf27a7d4..000000000 --- a/external/unbound/testcode/mini_tpkg.sh +++ /dev/null @@ -1,128 +0,0 @@ -# tpkg that only exes the files. -args="../.." -if test "$1" = "-a"; then - args=$2 - shift - shift -fi - -if test "$1" = "clean"; then - echo "rm -f result.* .done* .tpkg.var.master .tpkg.var.test" - rm -f result.* .done* .tpkg.var.master .tpkg.var.test - exit 0 -fi -if test "$1" = "fake"; then - echo "minitpkg fake $2" - echo "fake" > .done-`basename $2 .tpkg` - exit 0 -fi -if test "$1" = "report" || test "$2" = "report"; then - echo "Minitpkg Report" - for result in *.tpkg; do - name=`basename $result .tpkg` - if test -f ".done-$name"; then - if test "$1" != "-q"; then - echo "** PASSED ** : $name" - fi - else - if test -f "result.$name"; then - echo "!! FAILED !! : $name" - else - echo ">> SKIPPED<< : $name" - fi - fi - done - exit 0 -fi - -if test "$1" != 'exe'; then - # usage - echo "mini tpkg. Reduced functionality for old shells." - echo " tpkg exe " - echo " tpkg fake " - echo " tpkg clean" - echo " tpkg [-q] report" - exit 1 -fi -shift - -# do not execute if the disk is too full -#DISKLIMIT=100000 -# This check is not portable (to Solaris 10). -#avail=`df . | tail -1 | awk '{print $4}'` -#if test "$avail" -lt "$DISKLIMIT"; then - #echo "minitpkg: The disk is too full! Only $avail." - #exit 1 -#fi - -name=`basename $1 .tpkg` -dir=$name.$$ -result=result.$name -done=.done-$name -success="no" -if test -x "`which bash`"; then - shell="bash" -else - shell="sh" -fi - -# check already done -if test -f .done-$name; then - echo "minitpkg .done-$name exists. skip test." - exit 0 -fi - -# Extract -echo "minitpkg extract $1 to $dir" -mkdir $dir -gzip -cd $name.tpkg | (cd $dir; tar xf -) -cd $dir -mv $name.dir/* . - -# EXE -echo "minitpkg exe $name" > $result -grep "Description:" $name.dsc >> $result 2>&1 -echo "DateRunStart: "`date "+%s" 2>/dev/null` >> $result -if test -f $name.pre; then - echo "minitpkg exe $name.pre" - echo "minitpkg exe $name.pre" >> $result - $shell $name.pre $args >> $result - if test $? -ne 0; then - echo "Warning: $name.pre did not exit successfully" - fi -fi -if test -f $name.test; then - echo "minitpkg exe $name.test" - echo "minitpkg exe $name.test" >> $result - $shell $name.test $args >>$result 2>&1 - if test $? -ne 0; then - echo "$name: FAILED" >> $result - echo "$name: FAILED" - success="no" - else - echo "$name: PASSED" >> $result - echo "$name: PASSED" > ../.done-$name - echo "$name: PASSED" - success="yes" - fi -fi -if test -f $name.post; then - echo "minitpkg exe $name.post" - echo "minitpkg exe $name.post" >> $result - $shell $name.post $args >> $result - if test $? -ne 0; then - echo "Warning: $name.post did not exit successfully" - fi -fi -echo "DateRunEnd: "`date "+%s" 2>/dev/null` >> $result - -mv $result .. -cd .. -rm -rf $dir -# compat for windows where deletion may not succeed initially (files locked -# by processes that still have to exit). -if test $? -eq 1; then - echo "minitpkg waiting for processes to terminate" - sleep 2 # some time to exit, and try again - rm -rf $dir -fi diff --git a/external/unbound/testcode/perf.c b/external/unbound/testcode/perf.c deleted file mode 100644 index d11357c4a..000000000 --- a/external/unbound/testcode/perf.c +++ /dev/null @@ -1,654 +0,0 @@ -/* - * testcode/perf.c - debug program to estimate name server performance. - * - * Copyright (c) 2008, NLnet Labs. All rights reserved. - * - * This software is open source. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * Redistributions of source code must retain the above copyright notice, - * this list of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, - * this list of conditions and the following disclaimer in the documentation - * and/or other materials provided with the distribution. - * - * Neither the name of the NLNET LABS nor the names of its contributors may - * be used to endorse or promote products derived from this software without - * specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR - * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT - * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED - * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR - * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF - * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING - * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -/** - * \file - * - * This program estimates DNS name server performance. - */ - -#include "config.h" -#ifdef HAVE_GETOPT_H -#include -#endif -#include -#include "util/log.h" -#include "util/locks.h" -#include "util/net_help.h" -#include "util/data/msgencode.h" -#include "util/data/msgreply.h" -#include "util/data/msgparse.h" -#include "sldns/sbuffer.h" -#include "sldns/wire2str.h" -#include "sldns/str2wire.h" -#include - -/** usage information for perf */ -static void usage(char* nm) -{ - printf("usage: %s [options] server\n", nm); - printf("server: ip address of server, IP4 or IP6.\n"); - printf(" If not on port %d add @port.\n", UNBOUND_DNS_PORT); - printf("-d sec duration of test in whole seconds (0: wait for ^C)\n"); - printf("-a str query to ask, interpreted as a line from qfile\n"); - printf("-f fnm query list to read from file\n"); - printf(" every line has format: qname qclass qtype [+-]{E}\n"); - printf(" where + means RD set, E means EDNS enabled\n"); - printf("-q quiet mode, print only final qps\n"); - exit(1); -} - -struct perfinfo; -struct perfio; - -/** Global info for perf */ -struct perfinfo { - /** need to exit */ - volatile int exit; - /** all purpose buffer (for UDP send and receive) */ - sldns_buffer* buf; - - /** destination */ - struct sockaddr_storage dest; - /** length of dest socket addr */ - socklen_t destlen; - - /** when did this time slice start */ - struct timeval since; - /** number of queries received in that time */ - size_t numrecv; - /** number of queries sent out in that time */ - size_t numsent; - - /** duration of test in seconds */ - int duration; - /** quiet mode? */ - int quiet; - - /** when did the total test start */ - struct timeval start; - /** total number recvd */ - size_t total_recv; - /** total number sent */ - size_t total_sent; - /** numbers by rcode */ - size_t by_rcode[32]; - - /** number of I/O ports */ - size_t io_num; - /** I/O ports array */ - struct perfio* io; - /** max fd value in io ports */ - int maxfd; - /** readset */ - fd_set rset; - - /** size of querylist */ - size_t qlist_size; - /** allocated size of qlist array */ - size_t qlist_capacity; - /** list of query packets (data) */ - uint8_t** qlist_data; - /** list of query packets (length of a packet) */ - size_t* qlist_len; - /** index into querylist, for walking the list */ - size_t qlist_idx; -}; - -/** I/O port for perf */ -struct perfio { - /** id number */ - size_t id; - /** file descriptor of socket */ - int fd; - /** timeout value */ - struct timeval timeout; - /** ptr back to perfinfo */ - struct perfinfo* info; -}; - -/** number of msec between starting io ports */ -#define START_IO_INTERVAL 10 -/** number of msec timeout on io ports */ -#define IO_TIMEOUT 10 - -/** signal handler global info */ -static struct perfinfo* sig_info; - -/** signal handler for user quit */ -static RETSIGTYPE perf_sigh(int sig) -{ - log_assert(sig_info); - if(!sig_info->quiet) - printf("exit on signal %d\n", sig); - sig_info->exit = 1; -} - -/** timeval compare, t1 < t2 */ -static int -perf_tv_smaller(struct timeval* t1, struct timeval* t2) -{ -#ifndef S_SPLINT_S - if(t1->tv_sec < t2->tv_sec) - return 1; - if(t1->tv_sec == t2->tv_sec && - t1->tv_usec < t2->tv_usec) - return 1; -#endif - return 0; -} - -/** timeval add, t1 += t2 */ -static void -perf_tv_add(struct timeval* t1, struct timeval* t2) -{ -#ifndef S_SPLINT_S - t1->tv_sec += t2->tv_sec; - t1->tv_usec += t2->tv_usec; - while(t1->tv_usec > 1000000) { - t1->tv_usec -= 1000000; - t1->tv_sec++; - } -#endif -} - -/** timeval subtract, t1 -= t2 */ -static void -perf_tv_subtract(struct timeval* t1, struct timeval* t2) -{ -#ifndef S_SPLINT_S - t1->tv_sec -= t2->tv_sec; - if(t1->tv_usec >= t2->tv_usec) { - t1->tv_usec -= t2->tv_usec; - } else { - t1->tv_sec--; - t1->tv_usec = 1000000-(t2->tv_usec-t1->tv_usec); - } -#endif -} - - -/** setup perf test environment */ -static void -perfsetup(struct perfinfo* info) -{ - size_t i; - if(gettimeofday(&info->start, NULL) < 0) - fatal_exit("gettimeofday: %s", strerror(errno)); - sig_info = info; - if( signal(SIGINT, perf_sigh) == SIG_ERR || -#ifdef SIGQUIT - signal(SIGQUIT, perf_sigh) == SIG_ERR || -#endif -#ifdef SIGHUP - signal(SIGHUP, perf_sigh) == SIG_ERR || -#endif -#ifdef SIGBREAK - signal(SIGBREAK, perf_sigh) == SIG_ERR || -#endif - signal(SIGTERM, perf_sigh) == SIG_ERR) - fatal_exit("could not bind to signal"); - info->io = (struct perfio*)calloc(sizeof(struct perfio), info->io_num); - if(!info->io) fatal_exit("out of memory"); -#ifndef S_SPLINT_S - FD_ZERO(&info->rset); -#endif - info->since = info->start; - for(i=0; iio_num; i++) { - info->io[i].id = i; - info->io[i].info = info; - info->io[i].fd = socket( - addr_is_ip6(&info->dest, info->destlen)? - AF_INET6:AF_INET, SOCK_DGRAM, 0); - if(info->io[i].fd == -1) { -#ifndef USE_WINSOCK - fatal_exit("socket: %s", strerror(errno)); -#else - fatal_exit("socket: %s", - wsa_strerror(WSAGetLastError())); -#endif - } - if(info->io[i].fd > info->maxfd) - info->maxfd = info->io[i].fd; -#ifndef S_SPLINT_S - FD_SET(FD_SET_T info->io[i].fd, &info->rset); - info->io[i].timeout.tv_usec = ((START_IO_INTERVAL*i)%1000) - *1000; - info->io[i].timeout.tv_sec = (START_IO_INTERVAL*i)/1000; - perf_tv_add(&info->io[i].timeout, &info->since); -#endif - } -} - -/** cleanup perf test environment */ -static void -perffree(struct perfinfo* info) -{ - size_t i; - if(!info) return; - if(info->io) { - for(i=0; iio_num; i++) { -#ifndef USE_WINSOCK - close(info->io[i].fd); -#else - closesocket(info->io[i].fd); -#endif - } - free(info->io); - } - for(i=0; iqlist_size; i++) - free(info->qlist_data[i]); - free(info->qlist_data); - free(info->qlist_len); -} - -/** send new query for io */ -static void -perfsend(struct perfinfo* info, size_t n, struct timeval* now) -{ - ssize_t r; - r = sendto(info->io[n].fd, (void*)info->qlist_data[info->qlist_idx], - info->qlist_len[info->qlist_idx], 0, - (struct sockaddr*)&info->dest, info->destlen); - /*log_hex("send", info->qlist_data[info->qlist_idx], - info->qlist_len[info->qlist_idx]);*/ - if(r == -1) { -#ifndef USE_WINSOCK - log_err("sendto: %s", strerror(errno)); -#else - log_err("sendto: %s", wsa_strerror(WSAGetLastError())); -#endif - } else if(r != (ssize_t)info->qlist_len[info->qlist_idx]) { - log_err("partial sendto"); - } - info->qlist_idx = (info->qlist_idx+1) % info->qlist_size; - info->numsent++; - - info->io[n].timeout.tv_sec = IO_TIMEOUT/1000; - info->io[n].timeout.tv_usec = (IO_TIMEOUT%1000)*1000; - perf_tv_add(&info->io[n].timeout, now); -} - -/** got reply for io */ -static void -perfreply(struct perfinfo* info, size_t n, struct timeval* now) -{ - ssize_t r; - r = recv(info->io[n].fd, (void*)sldns_buffer_begin(info->buf), - sldns_buffer_capacity(info->buf), 0); - if(r == -1) { -#ifndef USE_WINSOCK - log_err("recv: %s", strerror(errno)); -#else - log_err("recv: %s", wsa_strerror(WSAGetLastError())); -#endif - } else { - info->by_rcode[LDNS_RCODE_WIRE(sldns_buffer_begin( - info->buf))]++; - info->numrecv++; - } - /*sldns_buffer_set_limit(info->buf, r); - log_buf(0, "reply", info->buf);*/ - perfsend(info, n, now); -} - -/** got timeout for io */ -static void -perftimeout(struct perfinfo* info, size_t n, struct timeval* now) -{ - /* may not be a dropped packet, this is also used to start - * up the sending IOs */ - perfsend(info, n, now); -} - -/** print nice stats about qps */ -static void -stat_printout(struct perfinfo* info, struct timeval* now, - struct timeval* elapsed) -{ - /* calculate qps */ - double dt, qps = 0; -#ifndef S_SPLINT_S - dt = (double)(elapsed->tv_sec*1000000 + elapsed->tv_usec) / 1000000; -#endif - if(dt > 0.001) - qps = (double)(info->numrecv) / dt; - if(!info->quiet) - printf("qps: %g\n", qps); - /* setup next slice */ - info->since = *now; - info->total_sent += info->numsent; - info->total_recv += info->numrecv; - info->numrecv = 0; - info->numsent = 0; -} - -/** wait for new events for performance test */ -static void -perfselect(struct perfinfo* info) -{ - fd_set rset = info->rset; - struct timeval timeout, now; - int num; - size_t i; - if(gettimeofday(&now, NULL) < 0) - fatal_exit("gettimeofday: %s", strerror(errno)); - /* time to exit? */ - if(info->duration > 0) { - timeout = now; - perf_tv_subtract(&timeout, &info->start); - if((int)timeout.tv_sec >= info->duration) { - info->exit = 1; - return; - } - } - /* time for stats printout? */ - timeout = now; - perf_tv_subtract(&timeout, &info->since); - if(timeout.tv_sec > 0) { - stat_printout(info, &now, &timeout); - } - /* see what is closest port to timeout; or if there is a timeout */ - timeout = info->io[0].timeout; - for(i=0; iio_num; i++) { - if(perf_tv_smaller(&info->io[i].timeout, &now)) { - perftimeout(info, i, &now); - return; - } - if(perf_tv_smaller(&info->io[i].timeout, &timeout)) { - timeout = info->io[i].timeout; - } - } - perf_tv_subtract(&timeout, &now); - - num = select(info->maxfd+1, &rset, NULL, NULL, &timeout); - if(num == -1) { - if(errno == EAGAIN || errno == EINTR) - return; - log_err("select: %s", strerror(errno)); - } - - /* handle new events */ - for(i=0; num && iio_num; i++) { - if(FD_ISSET(info->io[i].fd, &rset)) { - perfreply(info, i, &now); - num--; - } - } -} - -/** show end stats */ -static void -perfendstats(struct perfinfo* info) -{ - double dt, qps; - struct timeval timeout, now; - int i, lost; - if(gettimeofday(&now, NULL) < 0) - fatal_exit("gettimeofday: %s", strerror(errno)); - timeout = now; - perf_tv_subtract(&timeout, &info->since); - stat_printout(info, &now, &timeout); - - timeout = now; - perf_tv_subtract(&timeout, &info->start); - dt = (double)(timeout.tv_sec*1000000 + timeout.tv_usec) / 1000000.0; - qps = (double)(info->total_recv) / dt; - lost = (int)(info->total_sent - info->total_recv) - (int)info->io_num; - if(!info->quiet) { - printf("overall time: %g sec\n", - (double)timeout.tv_sec + - (double)timeout.tv_usec/1000000.); - if(lost > 0) - printf("Packets lost: %d\n", (int)lost); - - for(i=0; i<(int)(sizeof(info->by_rcode)/sizeof(size_t)); i++) - { - if(info->by_rcode[i] > 0) { - char rc[16]; - sldns_wire2str_rcode_buf(i, rc, sizeof(rc)); - printf("%d(%5s): %u replies\n", - i, rc, (unsigned)info->by_rcode[i]); - } - } - } - printf("average qps: %g\n", qps); -} - -/** perform the performance test */ -static void -perfmain(struct perfinfo* info) -{ - perfsetup(info); - while(!info->exit) { - perfselect(info); - } - perfendstats(info); - perffree(info); -} - -/** parse a query line to a packet into buffer */ -static int -qlist_parse_line(sldns_buffer* buf, char* p) -{ - char nm[1024], cl[1024], tp[1024], fl[1024]; - int r; - int rec = 1, edns = 0; - struct query_info qinfo; - nm[0] = 0; cl[0] = 0; tp[0] = 0; fl[0] = 0; - r = sscanf(p, " %1023s %1023s %1023s %1023s", nm, cl, tp, fl); - if(r != 3 && r != 4) - return 0; - /*printf("nm='%s', cl='%s', tp='%s', fl='%s'\n", nm, cl, tp, fl);*/ - if(strcmp(tp, "IN") == 0 || strcmp(tp, "CH") == 0) { - qinfo.qtype = sldns_get_rr_type_by_name(cl); - qinfo.qclass = sldns_get_rr_class_by_name(tp); - } else { - qinfo.qtype = sldns_get_rr_type_by_name(tp); - qinfo.qclass = sldns_get_rr_class_by_name(cl); - } - if(fl[0] == '+') rec = 1; - else if(fl[0] == '-') rec = 0; - else if(fl[0] == 'E') edns = 1; - if((fl[0] == '+' || fl[0] == '-') && fl[1] == 'E') - edns = 1; - qinfo.qname = sldns_str2wire_dname(nm, &qinfo.qname_len); - if(!qinfo.qname) - return 0; - qinfo.local_alias = NULL; - qinfo_query_encode(buf, &qinfo); - sldns_buffer_write_u16_at(buf, 0, 0); /* zero ID */ - if(rec) LDNS_RD_SET(sldns_buffer_begin(buf)); - if(edns) { - struct edns_data ed; - memset(&ed, 0, sizeof(ed)); - ed.edns_present = 1; - ed.udp_size = EDNS_ADVERTISED_SIZE; - /* Set DO bit in all EDNS datagrams ... */ - ed.bits = EDNS_DO; - attach_edns_record(buf, &ed); - } - free(qinfo.qname); - return 1; -} - -/** grow query list capacity */ -static void -qlist_grow_capacity(struct perfinfo* info) -{ - size_t newcap = (size_t)((info->qlist_capacity==0)?16: - info->qlist_capacity*2); - uint8_t** d = (uint8_t**)calloc(sizeof(uint8_t*), newcap); - size_t* l = (size_t*)calloc(sizeof(size_t), newcap); - if(!d || !l) fatal_exit("out of memory"); - memcpy(d, info->qlist_data, sizeof(uint8_t*)* - info->qlist_capacity); - memcpy(l, info->qlist_len, sizeof(size_t)* - info->qlist_capacity); - free(info->qlist_data); - free(info->qlist_len); - info->qlist_data = d; - info->qlist_len = l; - info->qlist_capacity = newcap; -} - -/** setup query list in info */ -static void -qlist_add_line(struct perfinfo* info, char* line, int no) -{ - if(!qlist_parse_line(info->buf, line)) { - printf("error parsing query %d: %s\n", no, line); - exit(1); - } - sldns_buffer_write_u16_at(info->buf, 0, (uint16_t)info->qlist_size); - if(info->qlist_size + 1 > info->qlist_capacity) { - qlist_grow_capacity(info); - } - info->qlist_len[info->qlist_size] = sldns_buffer_limit(info->buf); - info->qlist_data[info->qlist_size] = memdup( - sldns_buffer_begin(info->buf), sldns_buffer_limit(info->buf)); - if(!info->qlist_data[info->qlist_size]) - fatal_exit("out of memory"); - info->qlist_size ++; -} - -/** setup query list in info */ -static void -qlist_read_file(struct perfinfo* info, char* fname) -{ - char buf[1024]; - char *p; - FILE* in = fopen(fname, "r"); - int lineno = 0; - if(!in) { - perror(fname); - exit(1); - } - while(fgets(buf, (int)sizeof(buf), in)) { - lineno++; - buf[sizeof(buf)-1] = 0; - p = buf; - while(*p == ' ' || *p == '\t') - p++; - if(p[0] == 0 || p[0] == '\n' || p[0] == ';' || p[0] == '#') - continue; - qlist_add_line(info, p, lineno); - } - printf("Read %s, got %u queries\n", fname, (unsigned)info->qlist_size); - fclose(in); -} - -/** getopt global, in case header files fail to declare it. */ -extern int optind; -/** getopt global, in case header files fail to declare it. */ -extern char* optarg; - -/** main program for perf */ -int main(int argc, char* argv[]) -{ - char* nm = argv[0]; - int c; - struct perfinfo info; -#ifdef USE_WINSOCK - int r; - WSADATA wsa_data; -#endif - - /* defaults */ - memset(&info, 0, sizeof(info)); - info.io_num = 16; - - log_init(NULL, 0, NULL); - log_ident_set("perf"); - checklock_start(); -#ifdef USE_WINSOCK - if((r = WSAStartup(MAKEWORD(2,2), &wsa_data)) != 0) - fatal_exit("WSAStartup failed: %s", wsa_strerror(r)); -#endif - - info.buf = sldns_buffer_new(65553); - if(!info.buf) fatal_exit("out of memory"); - - /* parse the options */ - while( (c=getopt(argc, argv, "d:ha:f:q")) != -1) { - switch(c) { - case 'q': - info.quiet = 1; - break; - case 'd': - if(atoi(optarg)==0 && strcmp(optarg, "0")!=0) { - printf("-d not a number %s", optarg); - return 1; - } - info.duration = atoi(optarg); - break; - case 'a': - qlist_add_line(&info, optarg, 0); - break; - case 'f': - qlist_read_file(&info, optarg); - break; - case '?': - case 'h': - default: - usage(nm); - } - } - argc -= optind; - argv += optind; - - if(argc != 1) { - printf("error: pass server IP address on commandline.\n"); - usage(nm); - } - if(!extstrtoaddr(argv[0], &info.dest, &info.destlen)) { - printf("Could not parse ip: %s\n", argv[0]); - return 1; - } - if(info.qlist_size == 0) { - printf("No queries to make, use -f or -a.\n"); - return 1; - } - - /* do the performance test */ - perfmain(&info); - - sldns_buffer_free(info.buf); -#ifdef USE_WINSOCK - WSACleanup(); -#endif - checklock_stop(); - return 0; -} diff --git a/external/unbound/testcode/petal.c b/external/unbound/testcode/petal.c deleted file mode 100644 index b30549365..000000000 --- a/external/unbound/testcode/petal.c +++ /dev/null @@ -1,669 +0,0 @@ -/* - * petal.c - https daemon that is small and beautiful. - * - * Copyright (c) 2010, NLnet Labs. All rights reserved. - * - * This software is open source. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * Redistributions of source code must retain the above copyright notice, - * this list of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, - * this list of conditions and the following disclaimer in the documentation - * and/or other materials provided with the distribution. - * - * Neither the name of the NLNET LABS nor the names of its contributors may - * be used to endorse or promote products derived from this software without - * specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR - * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT - * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED - * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR - * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF - * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING - * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -/** - * \file - * - * HTTP1.1/SSL server. - */ - -#include "config.h" -#ifdef HAVE_GETOPT_H -#include -#endif -#ifdef HAVE_OPENSSL_SSL_H -#include -#endif -#ifdef HAVE_OPENSSL_ERR_H -#include -#endif -#ifdef HAVE_OPENSSL_RAND_H -#include -#endif -#include -#include -#include -#include -#if defined(UNBOUND_ALLOC_LITE) || defined(UNBOUND_ALLOC_STATS) -#ifdef malloc -#undef malloc -#endif -#ifdef free -#undef free -#endif -#endif /* alloc lite or alloc stats */ - -/** verbosity for this application */ -static int verb = 0; - -/** Give petal usage, and exit (1). */ -static void -usage(void) -{ - printf("Usage: petal [opts]\n"); - printf(" https daemon serves files from ./'host'/filename\n"); - printf(" (no hostname: from the 'default' directory)\n"); - printf("-a addr bind to this address, 127.0.0.1\n"); - printf("-p port port number, default 443\n"); - printf("-k keyfile SSL private key file (PEM), petal.key\n"); - printf("-c certfile SSL certificate file (PEM), petal.pem\n"); - printf("-v more verbose\n"); - printf("-h show this usage help\n"); - printf("Version %s\n", PACKAGE_VERSION); - printf("BSD licensed, see LICENSE in source package for details.\n"); - printf("Report bugs to %s\n", PACKAGE_BUGREPORT); - exit(1); -} - -/** fatal exit */ -static void print_exit(const char* str) {printf("error %s\n", str); exit(1);} -/** print errno */ -static void log_errno(const char* str) -{printf("error %s: %s\n", str, strerror(errno));} - -/** parse a text IP address into a sockaddr */ -static int -parse_ip_addr(char* str, int port, struct sockaddr_storage* ret, socklen_t* l) -{ - socklen_t len = 0; - struct sockaddr_storage* addr = NULL; - struct sockaddr_in6 a6; - struct sockaddr_in a; - uint16_t p = (uint16_t)port; - int fam = 0; - memset(&a6, 0, sizeof(a6)); - memset(&a, 0, sizeof(a)); - - if(inet_pton(AF_INET6, str, &a6.sin6_addr) > 0) { - /* it is an IPv6 */ - fam = AF_INET6; - a6.sin6_family = AF_INET6; - a6.sin6_port = (in_port_t)htons(p); - addr = (struct sockaddr_storage*)&a6; - len = (socklen_t)sizeof(struct sockaddr_in6); - } - if(inet_pton(AF_INET, str, &a.sin_addr) > 0) { - /* it is an IPv4 */ - fam = AF_INET; - a.sin_family = AF_INET; - a.sin_port = (in_port_t)htons(p); - addr = (struct sockaddr_storage*)&a; - len = (socklen_t)sizeof(struct sockaddr_in); - } - if(!len) print_exit("cannot parse addr"); - *l = len; - memmove(ret, addr, len); - return fam; -} - -/** close the fd */ -static void -fd_close(int fd) -{ -#ifndef USE_WINSOCK - close(fd); -#else - closesocket(fd); -#endif -} - -/** - * Read one line from SSL - * zero terminates. - * skips "\r\n" (but not copied to buf). - * @param ssl: the SSL connection to read from (blocking). - * @param buf: buffer to return line in. - * @param len: size of the buffer. - * @return 0 on error, 1 on success. - */ -static int -read_ssl_line(SSL* ssl, char* buf, size_t len) -{ - size_t n = 0; - int r; - int endnl = 0; - while(1) { - if(n >= len) { - if(verb) printf("line too long\n"); - return 0; - } - if((r = SSL_read(ssl, buf+n, 1)) <= 0) { - if(SSL_get_error(ssl, r) == SSL_ERROR_ZERO_RETURN) { - /* EOF */ - break; - } - if(verb) printf("could not SSL_read\n"); - return 0; - } - if(endnl && buf[n] == '\n') { - break; - } else if(endnl) { - /* bad data */ - if(verb) printf("error: stray linefeeds\n"); - return 0; - } else if(buf[n] == '\r') { - /* skip \r, and also \n on the wire */ - endnl = 1; - continue; - } else if(buf[n] == '\n') { - /* skip the \n, we are done */ - break; - } else n++; - } - buf[n] = 0; - return 1; -} - -/** process one http header */ -static int -process_one_header(char* buf, char* file, size_t flen, char* host, size_t hlen, - int* vs) -{ - if(strncasecmp(buf, "GET ", 4) == 0) { - char* e = strstr(buf, " HTTP/1.1"); - if(!e) e = strstr(buf, " http/1.1"); - if(!e) { - e = strstr(buf, " HTTP/1.0"); - if(!e) e = strstr(buf, " http/1.0"); - if(!e) e = strrchr(buf, ' '); - if(!e) e = strrchr(buf, '\t'); - if(e) *vs = 10; - } - if(e) *e = 0; - if(strlen(buf) < 4) return 0; - (void)strlcpy(file, buf+4, flen); - } else if(strncasecmp(buf, "Host: ", 6) == 0) { - (void)strlcpy(host, buf+6, hlen); - } - return 1; -} - -/** read http headers and process them */ -static int -read_http_headers(SSL* ssl, char* file, size_t flen, char* host, size_t hlen, - int* vs) -{ - char buf[1024]; - file[0] = 0; - host[0] = 0; - while(read_ssl_line(ssl, buf, sizeof(buf))) { - if(verb>=2) printf("read: %s\n", buf); - if(buf[0] == 0) - return 1; - if(!process_one_header(buf, file, flen, host, hlen, vs)) - return 0; - } - return 0; -} - -/** setup SSL context */ -static SSL_CTX* -setup_ctx(char* key, char* cert) -{ - SSL_CTX* ctx = SSL_CTX_new(SSLv23_server_method()); - if(!ctx) print_exit("out of memory"); - (void)SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2); - (void)SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv3); - if(!SSL_CTX_use_certificate_chain_file(ctx, cert)) - print_exit("cannot read cert"); - if(!SSL_CTX_use_PrivateKey_file(ctx, key, SSL_FILETYPE_PEM)) - print_exit("cannot read key"); - if(!SSL_CTX_check_private_key(ctx)) - print_exit("private key is not correct"); -#if HAVE_DECL_SSL_CTX_SET_ECDH_AUTO - if (!SSL_CTX_set_ecdh_auto(ctx,1)) - if(verb>=1) printf("failed to set_ecdh_auto, not enabling ECDHE\n"); -#elif defined(USE_ECDSA) - if(1) { - EC_KEY *ecdh = EC_KEY_new_by_curve_name (NID_X9_62_prime256v1); - if (!ecdh) { - if(verb>=1) printf("could not find p256, not enabling ECDHE\n"); - } else { - if (1 != SSL_CTX_set_tmp_ecdh (ctx, ecdh)) { - if(verb>=1) printf("Error in SSL_CTX_set_tmp_ecdh, not enabling ECDHE\n"); - } - EC_KEY_free(ecdh); - } - } -#endif - if(!SSL_CTX_load_verify_locations(ctx, cert, NULL)) - print_exit("cannot load cert verify locations"); - return ctx; -} - -/** setup listening TCP */ -static int -setup_fd(char* addr, int port) -{ - struct sockaddr_storage ad; - socklen_t len; - int fd; - int c = 1; - int fam = parse_ip_addr(addr, port, &ad, &len); - fd = socket(fam, SOCK_STREAM, 0); - if(fd == -1) { - log_errno("socket"); - return -1; - } - if(setsockopt(fd, SOL_SOCKET, SO_REUSEADDR, - (void*)&c, (socklen_t) sizeof(int)) < 0) { - log_errno("setsockopt(SOL_SOCKET, SO_REUSEADDR)"); - } - if(bind(fd, (struct sockaddr*)&ad, len) == -1) { - log_errno("bind"); - fd_close(fd); - return -1; - } - if(listen(fd, 5) == -1) { - log_errno("listen"); - fd_close(fd); - return -1; - } - return fd; -} - -/** setup SSL connection to the client */ -static SSL* -setup_ssl(int s, SSL_CTX* ctx) -{ - SSL* ssl = SSL_new(ctx); - if(!ssl) return NULL; - SSL_set_accept_state(ssl); - (void)SSL_set_mode(ssl, SSL_MODE_AUTO_RETRY); - if(!SSL_set_fd(ssl, s)) { - SSL_free(ssl); - return NULL; - } - return ssl; -} - -/** check a file name for safety */ -static int -file_name_is_safe(char* s) -{ - size_t l = strlen(s); - if(s[0] != '/') - return 0; /* must start with / */ - if(strstr(s, "/../")) - return 0; /* no updirs in URL */ - if(l>=3 && s[l-1]=='.' && s[l-2]=='.' && s[l-3]=='/') - return 0; /* ends with /.. */ - return 1; -} - -/** adjust host and filename */ -static void -adjust_host_file(char* host, char* file) -{ - size_t i, len; - /* remove a port number if present */ - if(strrchr(host, ':')) - *strrchr(host, ':') = 0; - /* lowercase */ - len = strlen(host); - for(i=0; i= 3) - {printf("chunk len %x\n", (unsigned)red); fflush(stdout);} - at += r; - avail -= r; - if(red != 0) { - if(red > avail) break; /* robust */ - memmove(at, tmpbuf, red); - at += red; - avail -= red; - snprintf(at, avail, "\r\n"); - r = strlen(at); - at += r; - avail -= r; - } - if(in && feof(in) && red != 0) { - snprintf(at, avail, "0\r\n"); - r = strlen(at); - at += r; - avail -= r; - } - if(!in || feof(in)) { - snprintf(at, avail, "\r\n"); - r = strlen(at); - at += r; - avail -= r; - } - /* send chunk */ - if(SSL_write(ssl, buf, at-buf) <= 0) { - /* SSL error */ - break; - } - - /* setup for next chunk */ - at = buf; - avail = sizeof(buf); - } while(in && !feof(in) && !ferror(in)); - - free(tmpbuf); - if(in) fclose(in); -} - -/** provide service to the ssl descriptor */ -static void -service_ssl(SSL* ssl, struct sockaddr_storage* from, socklen_t falen) -{ - char file[1024]; - char host[1024]; - char combined[2048]; - int vs = 11; - if(!read_http_headers(ssl, file, sizeof(file), host, sizeof(host), - &vs)) - return; - adjust_host_file(host, file); - if(host[0] == 0 || !host_name_is_safe(host)) - (void)strlcpy(host, "default", sizeof(host)); - if(!file_name_is_safe(file)) { - return; - } - snprintf(combined, sizeof(combined), "%s%s", host, file); - if(verb) { - char out[100]; - void* a = &((struct sockaddr_in*)from)->sin_addr; - if(falen != (socklen_t)sizeof(struct sockaddr_in)) - a = &((struct sockaddr_in6*)from)->sin6_addr; - out[0]=0; - (void)inet_ntop((int)((struct sockaddr_in*)from)->sin_family, - a, out, (socklen_t)sizeof(out)); - printf("%s requests %s\n", out, combined); - fflush(stdout); - } - if(vs == 10) - provide_file_10(ssl, combined); - else provide_file_chunked(ssl, combined); -} - -/** provide ssl service */ -static void -do_service(char* addr, int port, char* key, char* cert) -{ - SSL_CTX* sslctx = setup_ctx(key, cert); - int fd = setup_fd(addr, port); - int go = 1; - if(fd == -1) print_exit("could not setup sockets"); - if(verb) {printf("petal start\n"); fflush(stdout);} - while(go) { - struct sockaddr_storage from; - socklen_t flen = (socklen_t)sizeof(from); - int s = accept(fd, (struct sockaddr*)&from, &flen); - if(verb) fflush(stdout); - if(s != -1) { - SSL* ssl = setup_ssl(s, sslctx); - if(verb) fflush(stdout); - if(ssl) { - service_ssl(ssl, &from, flen); - if(verb) fflush(stdout); - SSL_shutdown(ssl); - SSL_free(ssl); - } - fd_close(s); - } else if (verb >=2) log_errno("accept"); - if(verb) fflush(stdout); - } - /* if we get a kill signal, the process dies and the OS reaps us */ - if(verb) printf("petal end\n"); - fd_close(fd); - SSL_CTX_free(sslctx); -} - -/** getopt global, in case header files fail to declare it. */ -extern int optind; -/** getopt global, in case header files fail to declare it. */ -extern char* optarg; - -/** Main routine for petal */ -int main(int argc, char* argv[]) -{ - int c; - int port = 443; - char* addr = "127.0.0.1", *key = "petal.key", *cert = "petal.pem"; -#ifdef USE_WINSOCK - WSADATA wsa_data; - if((c=WSAStartup(MAKEWORD(2,2), &wsa_data)) != 0) - { printf("WSAStartup failed\n"); exit(1); } - atexit((void (*)(void))WSACleanup); -#endif - - /* parse the options */ - while( (c=getopt(argc, argv, "a:c:k:hp:v")) != -1) { - switch(c) { - case 'a': - addr = optarg; - break; - case 'c': - cert = optarg; - break; - case 'k': - key = optarg; - break; - case 'p': - port = atoi(optarg); - break; - case 'v': - verb++; - break; - case '?': - case 'h': - default: - usage(); - } - } - argc -= optind; - argv += optind; - if(argc != 0) - usage(); - -#ifdef SIGPIPE - (void)signal(SIGPIPE, SIG_IGN); -#endif -#ifdef HAVE_ERR_LOAD_CRYPTO_STRINGS - ERR_load_crypto_strings(); -#endif - ERR_load_SSL_strings(); -#if OPENSSL_VERSION_NUMBER < 0x10100000 || !defined(HAVE_OPENSSL_INIT_CRYPTO) - OpenSSL_add_all_algorithms(); -#else - OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS - | OPENSSL_INIT_ADD_ALL_DIGESTS - | OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL); -#endif -#if OPENSSL_VERSION_NUMBER < 0x10100000 || !defined(HAVE_OPENSSL_INIT_SSL) - (void)SSL_library_init(); -#else - (void)OPENSSL_init_ssl(0, NULL); -#endif - - do_service(addr, port, key, cert); - -#ifdef HAVE_CRYPTO_CLEANUP_ALL_EX_DATA - CRYPTO_cleanup_all_ex_data(); -#endif -#ifdef HAVE_ERR_FREE_STRINGS - ERR_free_strings(); -#endif - return 0; -} diff --git a/external/unbound/testcode/pktview.c b/external/unbound/testcode/pktview.c deleted file mode 100644 index 12e0d8edb..000000000 --- a/external/unbound/testcode/pktview.c +++ /dev/null @@ -1,202 +0,0 @@ -/* - * testcode/pktview.c - debug program to disassemble a DNS packet. - * - * Copyright (c) 2007, NLnet Labs. All rights reserved. - * - * This software is open source. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * Redistributions of source code must retain the above copyright notice, - * this list of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, - * this list of conditions and the following disclaimer in the documentation - * and/or other materials provided with the distribution. - * - * Neither the name of the NLNET LABS nor the names of its contributors may - * be used to endorse or promote products derived from this software without - * specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR - * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT - * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED - * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR - * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF - * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING - * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -/** - * \file - * - * This program shows a dns packet wire format. - */ - -#include "config.h" -#include "util/log.h" -#include "util/data/dname.h" -#include "util/data/msgparse.h" -#include "testcode/unitmain.h" -#include "testcode/readhex.h" -#include "sldns/sbuffer.h" -#include "sldns/parseutil.h" - -/** usage information for pktview */ -static void usage(char* argv[]) -{ - printf("usage: %s\n", argv[0]); - printf("present hex packet on stdin.\n"); - exit(1); -} - -/** read hex input */ -static void read_input(sldns_buffer* pkt, FILE* in) -{ - char buf[102400]; - char* np = buf; - while(fgets(np, (int)sizeof(buf) - (np-buf), in)) { - if(buf[0] == ';') /* comment */ - continue; - np = &np[strlen(np)]; - } - hex_to_buf(pkt, buf); -} - -/** analyze domain name in packet, possibly compressed */ -static void analyze_dname(sldns_buffer* pkt) -{ - size_t oldpos = sldns_buffer_position(pkt); - size_t len; - printf("[pos %d] dname: ", (int)oldpos); - dname_print(stdout, pkt, sldns_buffer_current(pkt)); - len = pkt_dname_len(pkt); - printf(" len=%d", (int)len); - if(sldns_buffer_position(pkt)-oldpos != len) - printf(" comprlen=%d\n", - (int)(sldns_buffer_position(pkt)-oldpos)); - else printf("\n"); -} - -/** analyze rdata in packet */ -static void analyze_rdata(sldns_buffer*pkt, const sldns_rr_descriptor* desc, - uint16_t rdlen) -{ - int rdf = 0; - int count = (int)desc->_dname_count; - size_t len, oldpos; - while(rdlen > 0 && count) { - switch(desc->_wireformat[rdf]) { - case LDNS_RDF_TYPE_DNAME: - oldpos = sldns_buffer_position(pkt); - analyze_dname(pkt); - rdlen -= sldns_buffer_position(pkt)-oldpos; - count --; - len = 0; - break; - case LDNS_RDF_TYPE_STR: - len = sldns_buffer_current(pkt)[0] + 1; - break; - default: - len = get_rdf_size(desc->_wireformat[rdf]); - } - if(len) { - printf(" wf[%d]", (int)len); - sldns_buffer_skip(pkt, (ssize_t)len); - rdlen -= len; - } - rdf++; - } - if(rdlen) { - size_t i; - printf(" remain[%d]\n", (int)rdlen); - for(i=0; i_name: "??" , (int)type); - printf(" class %s(%d) ", sldns_lookup_by_id(sldns_rr_classes, - (int)dclass)?sldns_lookup_by_id(sldns_rr_classes, - (int)dclass)->name:"??", (int)dclass); - if(q) { - printf("\n"); - } else { - ttl = sldns_buffer_read_u32(pkt); - printf(" ttl %d (0x%x)", (int)ttl, (unsigned)ttl); - len = sldns_buffer_read_u16(pkt); - printf(" rdata len %d:\n", (int)len); - if(sldns_rr_descript(type)) - analyze_rdata(pkt, sldns_rr_descript(type), len); - else sldns_buffer_skip(pkt, (ssize_t)len); - } -} - -/** analyse pkt */ -static void analyze(sldns_buffer* pkt) -{ - uint16_t i, f, qd, an, ns, ar; - int rrnum = 0; - printf("packet length %d\n", (int)sldns_buffer_limit(pkt)); - if(sldns_buffer_limit(pkt) < 12) return; - - i = sldns_buffer_read_u16(pkt); - printf("id (hostorder): %d (0x%x)\n", (int)i, (unsigned)i); - f = sldns_buffer_read_u16(pkt); - printf("flags: 0x%x\n", (unsigned)f); - qd = sldns_buffer_read_u16(pkt); - printf("qdcount: %d\n", (int)qd); - an = sldns_buffer_read_u16(pkt); - printf("ancount: %d\n", (int)an); - ns = sldns_buffer_read_u16(pkt); - printf("nscount: %d\n", (int)ns); - ar = sldns_buffer_read_u16(pkt); - printf("arcount: %d\n", (int)ar); - - printf(";-- query section\n"); - while(sldns_buffer_remaining(pkt) > 0) { - if(rrnum == (int)qd) - printf(";-- answer section\n"); - if(rrnum == (int)qd+(int)an) - printf(";-- authority section\n"); - if(rrnum == (int)qd+(int)an+(int)ns) - printf(";-- additional section\n"); - printf("rr %d ", rrnum); - analyze_rr(pkt, rrnum < (int)qd); - rrnum++; - } -} - -/** main program for pktview */ -int main(int argc, char* argv[]) -{ - sldns_buffer* pkt = sldns_buffer_new(65553); - if(argc != 1) { - usage(argv); - } - if(!pkt) fatal_exit("out of memory"); - - read_input(pkt, stdin); - analyze(pkt); - - sldns_buffer_free(pkt); - return 0; -} diff --git a/external/unbound/testcode/readhex.c b/external/unbound/testcode/readhex.c deleted file mode 100644 index e871def0e..000000000 --- a/external/unbound/testcode/readhex.c +++ /dev/null @@ -1,85 +0,0 @@ -/* - * testcode/readhex.c - read hex data. - * - * Copyright (c) 2007, NLnet Labs. All rights reserved. - * - * This software is open source. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * Redistributions of source code must retain the above copyright notice, - * this list of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, - * this list of conditions and the following disclaimer in the documentation - * and/or other materials provided with the distribution. - * - * Neither the name of the NLNET LABS nor the names of its contributors may - * be used to endorse or promote products derived from this software without - * specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR - * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT - * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED - * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR - * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF - * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING - * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - * - */ -/** - * \file - * Declarations useful for the unit tests. - */ -#include "config.h" -#include -#include "testcode/readhex.h" -#include "util/log.h" -#include "sldns/sbuffer.h" -#include "sldns/parseutil.h" - -/** skip whitespace */ -static void -skip_whites(const char** p) -{ - while(1) { - while(isspace((unsigned char)**p)) - (*p)++; - if(**p == ';') { - /* comment, skip until newline */ - while(**p && **p != '\n') - (*p)++; - if(**p == '\n') - (*p)++; - } else return; - } -} - -/* takes a hex string and puts into buffer */ -void hex_to_buf(sldns_buffer* pkt, const char* hex) -{ - const char* p = hex; - int val; - sldns_buffer_clear(pkt); - while(*p) { - skip_whites(&p); - if(sldns_buffer_position(pkt) == sldns_buffer_limit(pkt)) - fatal_exit("hex_to_buf: buffer too small"); - if(!isalnum((unsigned char)*p)) - break; - val = sldns_hexdigit_to_int(*p++) << 4; - skip_whites(&p); - log_assert(*p && isalnum((unsigned char)*p)); - val |= sldns_hexdigit_to_int(*p++); - sldns_buffer_write_u8(pkt, (uint8_t)val); - skip_whites(&p); - } - sldns_buffer_flip(pkt); -} - diff --git a/external/unbound/testcode/readhex.h b/external/unbound/testcode/readhex.h deleted file mode 100644 index be6424539..000000000 --- a/external/unbound/testcode/readhex.h +++ /dev/null @@ -1,52 +0,0 @@ -/* - * testcode/readhex.h - read hex data. - * - * Copyright (c) 2007, NLnet Labs. All rights reserved. - * - * This software is open source. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * Redistributions of source code must retain the above copyright notice, - * this list of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, - * this list of conditions and the following disclaimer in the documentation - * and/or other materials provided with the distribution. - * - * Neither the name of the NLNET LABS nor the names of its contributors may - * be used to endorse or promote products derived from this software without - * specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR - * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT - * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED - * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR - * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF - * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING - * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - * - */ -/** - * \file - * Declarations useful for the unit tests. - */ - -#ifndef TESTCODE_READHEX_H -#define TESTCODE_READHEX_H -struct sldns_buffer; - -/** - * Helper to convert hex string to packet buffer. - * @param pkt: buffer to put result in. - * @param hex: string of hex data. Spaces and ';...' comments are skipped. - */ -void hex_to_buf(struct sldns_buffer* pkt, const char* hex); - -#endif /* TESTCODE_READHEX_H */ diff --git a/external/unbound/testcode/replay.c b/external/unbound/testcode/replay.c deleted file mode 100644 index b45bde806..000000000 --- a/external/unbound/testcode/replay.c +++ /dev/null @@ -1,1034 +0,0 @@ -/* - * testcode/replay.c - store and use a replay of events for the DNS resolver. - * - * Copyright (c) 2007, NLnet Labs. All rights reserved. - * - * This software is open source. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * Redistributions of source code must retain the above copyright notice, - * this list of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, - * this list of conditions and the following disclaimer in the documentation - * and/or other materials provided with the distribution. - * - * Neither the name of the NLNET LABS nor the names of its contributors may - * be used to endorse or promote products derived from this software without - * specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR - * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT - * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED - * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR - * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF - * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING - * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -/** - * \file - * Store and use a replay of events for the DNS resolver. - * Used to test known scenarios to get known outcomes. - */ - -#include "config.h" -/* for strtod prototype */ -#include -#include -#include -#include "util/log.h" -#include "util/net_help.h" -#include "util/config_file.h" -#include "testcode/replay.h" -#include "testcode/testpkts.h" -#include "testcode/fake_event.h" -#include "sldns/str2wire.h" - -/** max length of lines in file */ -#define MAX_LINE_LEN 10240 - -/** - * Expand a macro - * @param store: value storage - * @param runtime: replay runtime for other stuff. - * @param text: the macro text, after the ${, Updated to after the } when - * done (successfully). - * @return expanded text, malloced. NULL on failure. - */ -static char* macro_expand(rbtree_type* store, - struct replay_runtime* runtime, char** text); - -/** compare of time values */ -static int -timeval_smaller(const struct timeval* x, const struct timeval* y) -{ -#ifndef S_SPLINT_S - if(x->tv_sec < y->tv_sec) - return 1; - else if(x->tv_sec == y->tv_sec) { - if(x->tv_usec <= y->tv_usec) - return 1; - else return 0; - } - else return 0; -#endif -} - -/** parse keyword in string. - * @param line: if found, the line is advanced to after the keyword. - * @param keyword: string. - * @return: true if found, false if not. - */ -static int -parse_keyword(char** line, const char* keyword) -{ - size_t len = (size_t)strlen(keyword); - if(strncmp(*line, keyword, len) == 0) { - *line += len; - return 1; - } - return 0; -} - -/** delete moment */ -static void -replay_moment_delete(struct replay_moment* mom) -{ - if(!mom) - return; - if(mom->match) { - delete_entry(mom->match); - } - free(mom->autotrust_id); - free(mom->string); - free(mom->variable); - config_delstrlist(mom->file_content); - free(mom); -} - -/** delete range */ -static void -replay_range_delete(struct replay_range* rng) -{ - if(!rng) - return; - delete_entry(rng->match); - free(rng); -} - -/** strip whitespace from end of string */ -static void -strip_end_white(char* p) -{ - size_t i; - for(i = strlen(p); i > 0; i--) { - if(isspace((unsigned char)p[i-1])) - p[i-1] = 0; - else return; - } -} - -/** - * Read a range from file. - * @param remain: Rest of line (after RANGE keyword). - * @param in: file to read from. - * @param name: name to print in errors. - * @param pstate: read state structure with - * with lineno : incremented as lines are read. - * ttl, origin, prev for readentry. - * @param line: line buffer. - * @return: range object to add to list, or NULL on error. - */ -static struct replay_range* -replay_range_read(char* remain, FILE* in, const char* name, - struct sldns_file_parse_state* pstate, char* line) -{ - struct replay_range* rng = (struct replay_range*)malloc( - sizeof(struct replay_range)); - off_t pos; - char *parse; - struct entry* entry, *last = NULL; - if(!rng) - return NULL; - memset(rng, 0, sizeof(*rng)); - /* read time range */ - if(sscanf(remain, " %d %d", &rng->start_step, &rng->end_step)!=2) { - log_err("Could not read time range: %s", line); - free(rng); - return NULL; - } - /* read entries */ - pos = ftello(in); - while(fgets(line, MAX_LINE_LEN-1, in)) { - pstate->lineno++; - parse = line; - while(isspace((unsigned char)*parse)) - parse++; - if(!*parse || *parse == ';') { - pos = ftello(in); - continue; - } - if(parse_keyword(&parse, "ADDRESS")) { - while(isspace((unsigned char)*parse)) - parse++; - strip_end_white(parse); - if(!extstrtoaddr(parse, &rng->addr, &rng->addrlen)) { - log_err("Line %d: could not read ADDRESS: %s", - pstate->lineno, parse); - free(rng); - return NULL; - } - pos = ftello(in); - continue; - } - if(parse_keyword(&parse, "RANGE_END")) { - return rng; - } - /* set position before line; read entry */ - pstate->lineno--; - fseeko(in, pos, SEEK_SET); - entry = read_entry(in, name, pstate, 1); - if(!entry) - fatal_exit("%d: bad entry", pstate->lineno); - entry->next = NULL; - if(last) - last->next = entry; - else rng->match = entry; - last = entry; - - pos = ftello(in); - } - replay_range_delete(rng); - return NULL; -} - -/** Read FILE match content */ -static void -read_file_content(FILE* in, int* lineno, struct replay_moment* mom) -{ - char line[MAX_LINE_LEN]; - char* remain = line; - struct config_strlist** last = &mom->file_content; - line[MAX_LINE_LEN-1]=0; - if(!fgets(line, MAX_LINE_LEN-1, in)) - fatal_exit("FILE_BEGIN expected at line %d", *lineno); - if(!parse_keyword(&remain, "FILE_BEGIN")) - fatal_exit("FILE_BEGIN expected at line %d", *lineno); - while(fgets(line, MAX_LINE_LEN-1, in)) { - (*lineno)++; - if(strncmp(line, "FILE_END", 8) == 0) { - return; - } - if(line[0]) line[strlen(line)-1] = 0; /* remove newline */ - if(!cfg_strlist_insert(last, strdup(line))) - fatal_exit("malloc failure"); - last = &( (*last)->next ); - } - fatal_exit("no FILE_END in input file"); -} - -/** read assign step info */ -static void -read_assign_step(char* remain, struct replay_moment* mom) -{ - char buf[1024]; - char eq; - int skip; - buf[sizeof(buf)-1]=0; - if(sscanf(remain, " %1023s %c %n", buf, &eq, &skip) != 2) - fatal_exit("cannot parse assign: %s", remain); - mom->variable = strdup(buf); - if(eq != '=') - fatal_exit("no '=' in assign: %s", remain); - remain += skip; - if(remain[0]) remain[strlen(remain)-1]=0; /* remove newline */ - mom->string = strdup(remain); - if(!mom->variable || !mom->string) - fatal_exit("out of memory"); -} - -/** - * Read a replay moment 'STEP' from file. - * @param remain: Rest of line (after STEP keyword). - * @param in: file to read from. - * @param name: name to print in errors. - * @param pstate: with lineno, ttl, origin, prev for parse state. - * lineno is incremented. - * @return: range object to add to list, or NULL on error. - */ -static struct replay_moment* -replay_moment_read(char* remain, FILE* in, const char* name, - struct sldns_file_parse_state* pstate) -{ - struct replay_moment* mom = (struct replay_moment*)malloc( - sizeof(struct replay_moment)); - int skip = 0; - int readentry = 0; - if(!mom) - return NULL; - memset(mom, 0, sizeof(*mom)); - if(sscanf(remain, " %d%n", &mom->time_step, &skip) != 1) { - log_err("%d: cannot read number: %s", pstate->lineno, remain); - free(mom); - return NULL; - } - remain += skip; - while(isspace((unsigned char)*remain)) - remain++; - if(parse_keyword(&remain, "NOTHING")) { - mom->evt_type = repevt_nothing; - } else if(parse_keyword(&remain, "QUERY")) { - mom->evt_type = repevt_front_query; - readentry = 1; - if(!extstrtoaddr("127.0.0.1", &mom->addr, &mom->addrlen)) - fatal_exit("internal error"); - } else if(parse_keyword(&remain, "CHECK_ANSWER")) { - mom->evt_type = repevt_front_reply; - readentry = 1; - } else if(parse_keyword(&remain, "CHECK_OUT_QUERY")) { - mom->evt_type = repevt_back_query; - readentry = 1; - } else if(parse_keyword(&remain, "REPLY")) { - mom->evt_type = repevt_back_reply; - readentry = 1; - } else if(parse_keyword(&remain, "TIMEOUT")) { - mom->evt_type = repevt_timeout; - } else if(parse_keyword(&remain, "TIME_PASSES")) { - mom->evt_type = repevt_time_passes; - while(isspace((unsigned char)*remain)) - remain++; - if(parse_keyword(&remain, "EVAL")) { - while(isspace((unsigned char)*remain)) - remain++; - mom->string = strdup(remain); - if(!mom->string) fatal_exit("out of memory"); - if(strlen(mom->string)>0) - mom->string[strlen(mom->string)-1]=0; - remain += strlen(mom->string); - } - } else if(parse_keyword(&remain, "CHECK_AUTOTRUST")) { - mom->evt_type = repevt_autotrust_check; - while(isspace((unsigned char)*remain)) - remain++; - if(strlen(remain)>0 && remain[strlen(remain)-1]=='\n') - remain[strlen(remain)-1] = 0; - mom->autotrust_id = strdup(remain); - if(!mom->autotrust_id) fatal_exit("out of memory"); - read_file_content(in, &pstate->lineno, mom); - } else if(parse_keyword(&remain, "ERROR")) { - mom->evt_type = repevt_error; - } else if(parse_keyword(&remain, "TRAFFIC")) { - mom->evt_type = repevt_traffic; - } else if(parse_keyword(&remain, "ASSIGN")) { - mom->evt_type = repevt_assign; - read_assign_step(remain, mom); - } else if(parse_keyword(&remain, "INFRA_RTT")) { - char *s, *m; - mom->evt_type = repevt_infra_rtt; - while(isspace((unsigned char)*remain)) - remain++; - s = remain; - remain = strchr(s, ' '); - if(!remain) fatal_exit("expected three args for INFRA_RTT"); - remain[0] = 0; - remain++; - while(isspace((unsigned char)*remain)) - remain++; - m = strchr(remain, ' '); - if(!m) fatal_exit("expected three args for INFRA_RTT"); - m[0] = 0; - m++; - while(isspace((unsigned char)*m)) - m++; - if(!extstrtoaddr(s, &mom->addr, &mom->addrlen)) - fatal_exit("bad infra_rtt address %s", s); - if(strlen(m)>0 && m[strlen(m)-1]=='\n') - m[strlen(m)-1] = 0; - mom->variable = strdup(remain); - mom->string = strdup(m); - if(!mom->string) fatal_exit("out of memory"); - if(!mom->variable) fatal_exit("out of memory"); - } else { - log_err("%d: unknown event type %s", pstate->lineno, remain); - free(mom); - return NULL; - } - while(isspace((unsigned char)*remain)) - remain++; - if(parse_keyword(&remain, "ADDRESS")) { - while(isspace((unsigned char)*remain)) - remain++; - if(strlen(remain) > 0) /* remove \n */ - remain[strlen(remain)-1] = 0; - if(!extstrtoaddr(remain, &mom->addr, &mom->addrlen)) { - log_err("line %d: could not parse ADDRESS: %s", - pstate->lineno, remain); - free(mom); - return NULL; - } - } - if(parse_keyword(&remain, "ELAPSE")) { - double sec; - errno = 0; - sec = strtod(remain, &remain); - if(sec == 0. && errno != 0) { - log_err("line %d: could not parse ELAPSE: %s (%s)", - pstate->lineno, remain, strerror(errno)); - free(mom); - return NULL; - } -#ifndef S_SPLINT_S - mom->elapse.tv_sec = (int)sec; - mom->elapse.tv_usec = (int)((sec - (double)mom->elapse.tv_sec) - *1000000. + 0.5); -#endif - } - - if(readentry) { - mom->match = read_entry(in, name, pstate, 1); - if(!mom->match) { - free(mom); - return NULL; - } - } - - return mom; -} - -/** makes scenario with title on rest of line */ -static struct replay_scenario* -make_scenario(char* line) -{ - struct replay_scenario* scen; - while(isspace((unsigned char)*line)) - line++; - if(!*line) { - log_err("scenario: no title given"); - return NULL; - } - scen = (struct replay_scenario*)malloc(sizeof(struct replay_scenario)); - if(!scen) - return NULL; - memset(scen, 0, sizeof(*scen)); - scen->title = strdup(line); - if(!scen->title) { - free(scen); - return NULL; - } - return scen; -} - -struct replay_scenario* -replay_scenario_read(FILE* in, const char* name, int* lineno) -{ - char line[MAX_LINE_LEN]; - char *parse; - struct replay_scenario* scen = NULL; - struct sldns_file_parse_state pstate; - line[MAX_LINE_LEN-1]=0; - memset(&pstate, 0, sizeof(pstate)); - pstate.default_ttl = 3600; - pstate.lineno = *lineno; - - while(fgets(line, MAX_LINE_LEN-1, in)) { - parse=line; - pstate.lineno++; - (*lineno)++; - while(isspace((unsigned char)*parse)) - parse++; - if(!*parse) - continue; /* empty line */ - if(parse_keyword(&parse, ";")) - continue; /* comment */ - if(parse_keyword(&parse, "SCENARIO_BEGIN")) { - scen = make_scenario(parse); - if(!scen) - fatal_exit("%d: could not make scen", *lineno); - continue; - } - if(!scen) - fatal_exit("%d: expected SCENARIO", *lineno); - if(parse_keyword(&parse, "RANGE_BEGIN")) { - struct replay_range* newr = replay_range_read(parse, - in, name, &pstate, line); - if(!newr) - fatal_exit("%d: bad range", pstate.lineno); - *lineno = pstate.lineno; - newr->next_range = scen->range_list; - scen->range_list = newr; - } else if(parse_keyword(&parse, "STEP")) { - struct replay_moment* mom = replay_moment_read(parse, - in, name, &pstate); - if(!mom) - fatal_exit("%d: bad moment", pstate.lineno); - *lineno = pstate.lineno; - if(scen->mom_last && - scen->mom_last->time_step >= mom->time_step) - fatal_exit("%d: time goes backwards", *lineno); - if(scen->mom_last) - scen->mom_last->mom_next = mom; - else scen->mom_first = mom; - scen->mom_last = mom; - } else if(parse_keyword(&parse, "SCENARIO_END")) { - struct replay_moment *p = scen->mom_first; - int num = 0; - while(p) { - num++; - p = p->mom_next; - } - log_info("Scenario has %d steps", num); - return scen; - } - } - replay_scenario_delete(scen); - return NULL; -} - -void -replay_scenario_delete(struct replay_scenario* scen) -{ - struct replay_moment* mom, *momn; - struct replay_range* rng, *rngn; - if(!scen) - return; - free(scen->title); - mom = scen->mom_first; - while(mom) { - momn = mom->mom_next; - replay_moment_delete(mom); - mom = momn; - } - rng = scen->range_list; - while(rng) { - rngn = rng->next_range; - replay_range_delete(rng); - rng = rngn; - } - free(scen); -} - -/** fetch oldest timer in list that is enabled */ -static struct fake_timer* -first_timer(struct replay_runtime* runtime) -{ - struct fake_timer* p, *res = NULL; - for(p=runtime->timer_list; p; p=p->next) { - if(!p->enabled) - continue; - if(!res) - res = p; - else if(timeval_smaller(&p->tv, &res->tv)) - res = p; - } - return res; -} - -struct fake_timer* -replay_get_oldest_timer(struct replay_runtime* runtime) -{ - struct fake_timer* t = first_timer(runtime); - if(t && timeval_smaller(&t->tv, &runtime->now_tv)) - return t; - return NULL; -} - -int -replay_var_compare(const void* a, const void* b) -{ - struct replay_var* x = (struct replay_var*)a; - struct replay_var* y = (struct replay_var*)b; - return strcmp(x->name, y->name); -} - -rbtree_type* -macro_store_create(void) -{ - return rbtree_create(&replay_var_compare); -} - -/** helper function to delete macro values */ -static void -del_macro(rbnode_type* x, void* ATTR_UNUSED(arg)) -{ - struct replay_var* v = (struct replay_var*)x; - free(v->name); - free(v->value); - free(v); -} - -void -macro_store_delete(rbtree_type* store) -{ - if(!store) - return; - traverse_postorder(store, del_macro, NULL); - free(store); -} - -/** return length of macro */ -static size_t -macro_length(char* text) -{ - /* we are after ${, looking for } */ - int depth = 0; - size_t len = 0; - while(*text) { - len++; - if(*text == '}') { - if(depth == 0) - break; - depth--; - } else if(text[0] == '$' && text[1] == '{') { - depth++; - } - text++; - } - return len; -} - -/** insert new stuff at start of buffer */ -static int -do_buf_insert(char* buf, size_t remain, char* after, char* inserted) -{ - char* save = strdup(after); - size_t len; - if(!save) return 0; - if(strlen(inserted) > remain) { - free(save); - return 0; - } - len = strlcpy(buf, inserted, remain); - buf += len; - remain -= len; - (void)strlcpy(buf, save, remain); - free(save); - return 1; -} - -/** do macro recursion */ -static char* -do_macro_recursion(rbtree_type* store, struct replay_runtime* runtime, - char* at, size_t remain) -{ - char* after = at+2; - char* expand = macro_expand(store, runtime, &after); - if(!expand) - return NULL; /* expansion failed */ - if(!do_buf_insert(at, remain, after, expand)) { - free(expand); - return NULL; - } - free(expand); - return at; /* and parse over the expanded text to see if again */ -} - -/** get var from store */ -static struct replay_var* -macro_getvar(rbtree_type* store, char* name) -{ - struct replay_var k; - k.node.key = &k; - k.name = name; - return (struct replay_var*)rbtree_search(store, &k); -} - -/** do macro variable */ -static char* -do_macro_variable(rbtree_type* store, char* buf, size_t remain) -{ - struct replay_var* v; - char* at = buf+1; - char* name = at; - char sv; - if(at[0]==0) - return NULL; /* no variable name after $ */ - while(*at && (isalnum((unsigned char)*at) || *at=='_')) { - at++; - } - /* terminator, we are working in macro_expand() buffer */ - sv = *at; - *at = 0; - v = macro_getvar(store, name); - *at = sv; - - if(!v) { - log_err("variable is not defined: $%s", name); - return NULL; /* variable undefined is error for now */ - } - - /* insert the variable contents */ - if(!do_buf_insert(buf, remain, at, v->value)) - return NULL; - return buf; /* and expand the variable contents */ -} - -/** do ctime macro on argument */ -static char* -do_macro_ctime(char* arg) -{ - char buf[32]; - time_t tt = (time_t)atoi(arg); - if(tt == 0 && strcmp(arg, "0") != 0) { - log_err("macro ctime: expected number, not: %s", arg); - return NULL; - } - ctime_r(&tt, buf); - if(buf[0]) buf[strlen(buf)-1]=0; /* remove trailing newline */ - return strdup(buf); -} - -/** perform arithmetic operator */ -static double -perform_arith(double x, char op, double y, double* res) -{ - switch(op) { - case '+': - *res = x+y; - break; - case '-': - *res = x-y; - break; - case '/': - *res = x/y; - break; - case '*': - *res = x*y; - break; - default: - return 0; - } - - return 1; -} - -/** do macro arithmetic on two numbers and operand */ -static char* -do_macro_arith(char* orig, size_t remain, char** arithstart) -{ - double x, y, result; - char operator; - int skip; - char buf[32]; - char* at; - /* not yet done? we want number operand number expanded first. */ - if(!*arithstart) { - /* remember start pos of expr, skip the first number */ - at = orig; - *arithstart = at; - while(*at && (isdigit((unsigned char)*at) || *at == '.')) - at++; - return at; - } - /* move back to start */ - remain += (size_t)(orig - *arithstart); - at = *arithstart; - - /* parse operands */ - if(sscanf(at, " %lf %c %lf%n", &x, &operator, &y, &skip) != 3) { - *arithstart = NULL; - return do_macro_arith(orig, remain, arithstart); - } - if(isdigit((unsigned char)operator)) { - *arithstart = orig; - return at+skip; /* do nothing, but setup for later number */ - } - - /* calculate result */ - if(!perform_arith(x, operator, y, &result)) { - log_err("unknown operator: %s", at); - return NULL; - } - - /* put result back in buffer */ - snprintf(buf, sizeof(buf), "%.12g", result); - if(!do_buf_insert(at, remain, at+skip, buf)) - return NULL; - - /* the result can be part of another expression, restart that */ - *arithstart = NULL; - return at; -} - -/** Do range macro on expanded buffer */ -static char* -do_macro_range(char* buf) -{ - double x, y, z; - if(sscanf(buf, " %lf %lf %lf", &x, &y, &z) != 3) { - log_err("range func requires 3 args: %s", buf); - return NULL; - } - if(x <= y && y <= z) { - char res[1024]; - snprintf(res, sizeof(res), "%.24g", y); - return strdup(res); - } - fatal_exit("value %.24g not in range [%.24g, %.24g]", y, x, z); - return NULL; -} - -static char* -macro_expand(rbtree_type* store, struct replay_runtime* runtime, char** text) -{ - char buf[10240]; - char* at = *text; - size_t len = macro_length(at); - int dofunc = 0; - char* arithstart = NULL; - if(len >= sizeof(buf)) - return NULL; /* too long */ - buf[0] = 0; - (void)strlcpy(buf, at, len+1-1); /* do not copy last '}' character */ - at = buf; - - /* check for functions */ - if(strcmp(buf, "time") == 0) { - snprintf(buf, sizeof(buf), ARG_LL "d", (long long)runtime->now_secs); - *text += len; - return strdup(buf); - } else if(strcmp(buf, "timeout") == 0) { - time_t res = 0; - struct fake_timer* t = first_timer(runtime); - if(t && (time_t)t->tv.tv_sec >= runtime->now_secs) - res = (time_t)t->tv.tv_sec - runtime->now_secs; - snprintf(buf, sizeof(buf), ARG_LL "d", (long long)res); - *text += len; - return strdup(buf); - } else if(strncmp(buf, "ctime ", 6) == 0 || - strncmp(buf, "ctime\t", 6) == 0) { - at += 6; - dofunc = 1; - } else if(strncmp(buf, "range ", 6) == 0 || - strncmp(buf, "range\t", 6) == 0) { - at += 6; - dofunc = 1; - } - - /* actual macro text expansion */ - while(*at) { - size_t remain = sizeof(buf)-strlen(buf); - if(strncmp(at, "${", 2) == 0) { - at = do_macro_recursion(store, runtime, at, remain); - } else if(*at == '$') { - at = do_macro_variable(store, at, remain); - } else if(isdigit((unsigned char)*at)) { - at = do_macro_arith(at, remain, &arithstart); - } else { - /* copy until whitespace or operator */ - if(*at && (isalnum((unsigned char)*at) || *at=='_')) { - at++; - while(*at && (isalnum((unsigned char)*at) || *at=='_')) - at++; - } else at++; - } - if(!at) return NULL; /* failure */ - } - *text += len; - if(dofunc) { - /* post process functions, buf has the argument(s) */ - if(strncmp(buf, "ctime", 5) == 0) { - return do_macro_ctime(buf+6); - } else if(strncmp(buf, "range", 5) == 0) { - return do_macro_range(buf+6); - } - } - return strdup(buf); -} - -char* -macro_process(rbtree_type* store, struct replay_runtime* runtime, char* text) -{ - char buf[10240]; - char* next, *expand; - char* at = text; - if(!strstr(text, "${")) - return strdup(text); /* no macros */ - buf[0] = 0; - buf[sizeof(buf)-1]=0; - while( (next=strstr(at, "${")) ) { - /* copy text before next macro */ - if((size_t)(next-at) >= sizeof(buf)-strlen(buf)) - return NULL; /* string too long */ - (void)strlcpy(buf+strlen(buf), at, (size_t)(next-at+1)); - /* process the macro itself */ - next += 2; - expand = macro_expand(store, runtime, &next); - if(!expand) return NULL; /* expansion failed */ - (void)strlcpy(buf+strlen(buf), expand, sizeof(buf)-strlen(buf)); - free(expand); - at = next; - } - /* copy remainder fixed text */ - (void)strlcpy(buf+strlen(buf), at, sizeof(buf)-strlen(buf)); - return strdup(buf); -} - -char* -macro_lookup(rbtree_type* store, char* name) -{ - struct replay_var* x = macro_getvar(store, name); - if(!x) return strdup(""); - return strdup(x->value); -} - -void macro_print_debug(rbtree_type* store) -{ - struct replay_var* x; - RBTREE_FOR(x, struct replay_var*, store) { - log_info("%s = %s", x->name, x->value); - } -} - -int -macro_assign(rbtree_type* store, char* name, char* value) -{ - struct replay_var* x = macro_getvar(store, name); - if(x) { - free(x->value); - } else { - x = (struct replay_var*)malloc(sizeof(*x)); - if(!x) return 0; - x->node.key = x; - x->name = strdup(name); - if(!x->name) { - free(x); - return 0; - } - (void)rbtree_insert(store, &x->node); - } - x->value = strdup(value); - return x->value != NULL; -} - -/* testbound assert function for selftest. counts the number of tests */ -#define tb_assert(x) \ - do { if(!(x)) fatal_exit("%s:%d: %s: assertion %s failed", \ - __FILE__, __LINE__, __func__, #x); \ - num_asserts++; \ - } while(0); - -void testbound_selftest(void) -{ - /* test the macro store */ - rbtree_type* store = macro_store_create(); - char* v; - int r; - int num_asserts = 0; - tb_assert(store); - - v = macro_lookup(store, "bla"); - tb_assert(strcmp(v, "") == 0); - free(v); - - v = macro_lookup(store, "vlerk"); - tb_assert(strcmp(v, "") == 0); - free(v); - - r = macro_assign(store, "bla", "waarde1"); - tb_assert(r); - - v = macro_lookup(store, "vlerk"); - tb_assert(strcmp(v, "") == 0); - free(v); - - v = macro_lookup(store, "bla"); - tb_assert(strcmp(v, "waarde1") == 0); - free(v); - - r = macro_assign(store, "vlerk", "kanteel"); - tb_assert(r); - - v = macro_lookup(store, "bla"); - tb_assert(strcmp(v, "waarde1") == 0); - free(v); - - v = macro_lookup(store, "vlerk"); - tb_assert(strcmp(v, "kanteel") == 0); - free(v); - - r = macro_assign(store, "bla", "ww"); - tb_assert(r); - - v = macro_lookup(store, "bla"); - tb_assert(strcmp(v, "ww") == 0); - free(v); - - tb_assert( macro_length("}") == 1); - tb_assert( macro_length("blabla}") == 7); - tb_assert( macro_length("bla${zoink}bla}") == 7+8); - tb_assert( macro_length("bla${zoink}${bla}bla}") == 7+8+6); - - v = macro_process(store, NULL, ""); - tb_assert( v && strcmp(v, "") == 0); - free(v); - - v = macro_process(store, NULL, "${}"); - tb_assert( v && strcmp(v, "") == 0); - free(v); - - v = macro_process(store, NULL, "blabla ${} dinges"); - tb_assert( v && strcmp(v, "blabla dinges") == 0); - free(v); - - v = macro_process(store, NULL, "1${$bla}2${$bla}3"); - tb_assert( v && strcmp(v, "1ww2ww3") == 0); - free(v); - - v = macro_process(store, NULL, "it is ${ctime 123456}"); - tb_assert( v && strcmp(v, "it is Fri Jan 2 10:17:36 1970") == 0); - free(v); - - r = macro_assign(store, "t1", "123456"); - tb_assert(r); - v = macro_process(store, NULL, "it is ${ctime ${$t1}}"); - tb_assert( v && strcmp(v, "it is Fri Jan 2 10:17:36 1970") == 0); - free(v); - - v = macro_process(store, NULL, "it is ${ctime $t1}"); - tb_assert( v && strcmp(v, "it is Fri Jan 2 10:17:36 1970") == 0); - free(v); - - r = macro_assign(store, "x", "1"); - tb_assert(r); - r = macro_assign(store, "y", "2"); - tb_assert(r); - v = macro_process(store, NULL, "${$x + $x}"); - tb_assert( v && strcmp(v, "2") == 0); - free(v); - v = macro_process(store, NULL, "${$x - $x}"); - tb_assert( v && strcmp(v, "0") == 0); - free(v); - v = macro_process(store, NULL, "${$y * $y}"); - tb_assert( v && strcmp(v, "4") == 0); - free(v); - v = macro_process(store, NULL, "${32 / $y + $x + $y}"); - tb_assert( v && strcmp(v, "19") == 0); - free(v); - - v = macro_process(store, NULL, "${32 / ${$y+$y} + ${${100*3}/3}}"); - tb_assert( v && strcmp(v, "108") == 0); - free(v); - - v = macro_process(store, NULL, "${1 2 33 2 1}"); - tb_assert( v && strcmp(v, "1 2 33 2 1") == 0); - free(v); - - v = macro_process(store, NULL, "${123 3 + 5}"); - tb_assert( v && strcmp(v, "123 8") == 0); - free(v); - - v = macro_process(store, NULL, "${123 glug 3 + 5}"); - tb_assert( v && strcmp(v, "123 glug 8") == 0); - free(v); - - macro_store_delete(store); - printf("selftest successful (%d checks).\n", num_asserts); -} diff --git a/external/unbound/testcode/replay.h b/external/unbound/testcode/replay.h deleted file mode 100644 index b33950304..000000000 --- a/external/unbound/testcode/replay.h +++ /dev/null @@ -1,458 +0,0 @@ -/* - * testcode/replay.h - store and use a replay of events for the DNS resolver. - * - * Copyright (c) 2007, NLnet Labs. All rights reserved. - * - * This software is open source. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * Redistributions of source code must retain the above copyright notice, - * this list of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, - * this list of conditions and the following disclaimer in the documentation - * and/or other materials provided with the distribution. - * - * Neither the name of the NLNET LABS nor the names of its contributors may - * be used to endorse or promote products derived from this software without - * specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR - * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT - * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED - * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR - * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF - * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING - * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -/** - * \file - * Store and use a replay of events for the DNS resolver. - * Used to test known scenarios to get known outcomes. - * - *