Index: head/contrib/unbound/doc/example.conf.in =================================================================== --- head/contrib/unbound/doc/example.conf.in (revision 268838) +++ head/contrib/unbound/doc/example.conf.in (revision 268839) @@ -1,591 +1,598 @@ # # Example configuration file. # # See unbound.conf(5) man page, version 1.4.22. # # this is a comment. #Use this to include other text into the file. #include: "otherfile.conf" # The server clause sets the main parameters. server: # whitespace is not necessary, but looks cleaner. # verbosity number, 0 is least verbose. 1 is default. verbosity: 1 # print statistics to the log (for every thread) every N seconds. # Set to "" or 0 to disable. Default is disabled. # statistics-interval: 0 # enable cumulative statistics, without clearing them after printing. # statistics-cumulative: no # enable extended statistics (query types, answer codes, status) # printed from unbound-control. default off, because of speed. # extended-statistics: no # number of threads to create. 1 disables threading. # num-threads: 1 # specify the interfaces to answer queries from by ip-address. # The default is to listen to localhost (127.0.0.1 and ::1). # specify 0.0.0.0 and ::0 to bind to all available interfaces. # specify every interface[@port] on a new 'interface:' labelled line. # The listen interfaces are not changed on reload, only on restart. # interface: 192.0.2.153 # interface: 192.0.2.154 # interface: 192.0.2.154@5003 # interface: 2001:DB8::5 # enable this feature to copy the source address of queries to reply. # Socket options are not supported on all platforms. experimental. # interface-automatic: no # port to answer queries from # port: 53 # specify the interfaces to send outgoing queries to authoritative # server from by ip-address. If none, the default (all) interface # is used. Specify every interface on a 'outgoing-interface:' line. # outgoing-interface: 192.0.2.153 # outgoing-interface: 2001:DB8::5 # outgoing-interface: 2001:DB8::6 # number of ports to allocate per thread, determines the size of the # port range that can be open simultaneously. About double the # num-queries-per-thread, or, use as many as the OS will allow you. # outgoing-range: 4096 # permit unbound to use this port number or port range for # making outgoing queries, using an outgoing interface. # outgoing-port-permit: 32768 # deny unbound the use this of port number or port range for # making outgoing queries, using an outgoing interface. # Use this to make sure unbound does not grab a UDP port that some # other server on this computer needs. The default is to avoid # IANA-assigned port numbers. # If multiple outgoing-port-permit and outgoing-port-avoid options # are present, they are processed in order. # outgoing-port-avoid: "3200-3208" # number of outgoing simultaneous tcp buffers to hold per thread. # outgoing-num-tcp: 10 # number of incoming simultaneous tcp buffers to hold per thread. # incoming-num-tcp: 10 # buffer size for UDP port 53 incoming (SO_RCVBUF socket option). # 0 is system default. Use 4m to catch query spikes for busy servers. # so-rcvbuf: 0 # buffer size for UDP port 53 outgoing (SO_SNDBUF socket option). # 0 is system default. Use 4m to handle spikes on very busy servers. # so-sndbuf: 0 # on Linux(3.9+) use SO_REUSEPORT to distribute queries over threads. # so-reuseport: no # EDNS reassembly buffer to advertise to UDP peers (the actual buffer # is set with msg-buffer-size). 1480 can solve fragmentation (timeouts). # edns-buffer-size: 4096 # Maximum UDP response size (not applied to TCP response). # Suggested values are 512 to 4096. Default is 4096. 65536 disables it. # max-udp-size: 4096 # buffer size for handling DNS data. No messages larger than this # size can be sent or received, by UDP or TCP. In bytes. # msg-buffer-size: 65552 # the amount of memory to use for the message cache. # plain value in bytes or you can append k, m or G. default is "4Mb". # msg-cache-size: 4m # the number of slabs to use for the message cache. # the number of slabs must be a power of 2. # more slabs reduce lock contention, but fragment memory usage. # msg-cache-slabs: 4 # the number of queries that a thread gets to service. # num-queries-per-thread: 1024 # if very busy, 50% queries run to completion, 50% get timeout in msec # jostle-timeout: 200 # msec to wait before close of port on timeout UDP. 0 disables. # delay-close: 0 # the amount of memory to use for the RRset cache. # plain value in bytes or you can append k, m or G. default is "4Mb". # rrset-cache-size: 4m # the number of slabs to use for the RRset cache. # the number of slabs must be a power of 2. # more slabs reduce lock contention, but fragment memory usage. # rrset-cache-slabs: 4 # the time to live (TTL) value lower bound, in seconds. Default 0. # If more than an hour could easily give trouble due to stale data. # cache-min-ttl: 0 # the time to live (TTL) value cap for RRsets and messages in the # cache. Items are not cached for longer. In seconds. # cache-max-ttl: 86400 # the time to live (TTL) value for cached roundtrip times, lameness and # EDNS version information for hosts. In seconds. # infra-host-ttl: 900 # the number of slabs to use for the Infrastructure cache. # the number of slabs must be a power of 2. # more slabs reduce lock contention, but fragment memory usage. # infra-cache-slabs: 4 # the maximum number of hosts that are cached (roundtrip, EDNS, lame). # infra-cache-numhosts: 10000 # Enable IPv4, "yes" or "no". # do-ip4: yes # Enable IPv6, "yes" or "no". # do-ip6: yes # Enable UDP, "yes" or "no". # do-udp: yes # Enable TCP, "yes" or "no". # do-tcp: yes # upstream connections use TCP only (and no UDP), "yes" or "no" # useful for tunneling scenarios, default no. # tcp-upstream: no # Detach from the terminal, run in background, "yes" or "no". # do-daemonize: yes # control which clients are allowed to make (recursive) queries # to this server. Specify classless netblocks with /size and action. # By default everything is refused, except for localhost. # Choose deny (drop message), refuse (polite error reply), # allow (recursive ok), allow_snoop (recursive and nonrecursive ok) # deny_non_local (drop queries unless can be answered from local-data) # refuse_non_local (like deny_non_local but polite error reply). # access-control: 0.0.0.0/0 refuse # access-control: 127.0.0.0/8 allow # access-control: ::0/0 refuse # access-control: ::1 allow # access-control: ::ffff:127.0.0.1 allow # if given, a chroot(2) is done to the given directory. # i.e. you can chroot to the working directory, for example, # for extra security, but make sure all files are in that directory. # # If chroot is enabled, you should pass the configfile (from the # commandline) as a full path from the original root. After the # chroot has been performed the now defunct portion of the config # file path is removed to be able to reread the config after a reload. # # All other file paths (working dir, logfile, roothints, and # key files) can be specified in several ways: # o as an absolute path relative to the new root. # o as a relative path to the working directory. # o as an absolute path relative to the original root. # In the last case the path is adjusted to remove the unused portion. # # The pid file can be absolute and outside of the chroot, it is # written just prior to performing the chroot and dropping permissions. # # Additionally, unbound may need to access /dev/random (for entropy). # How to do this is specific to your OS. # # If you give "" no chroot is performed. The path must not end in a /. # chroot: "@UNBOUND_CHROOT_DIR@" # if given, user privileges are dropped (after binding port), # and the given username is assumed. Default is user "unbound". # If you give "" no privileges are dropped. # username: "@UNBOUND_USERNAME@" # the working directory. The relative files in this config are # relative to this directory. If you give "" the working directory # is not changed. # directory: "@UNBOUND_RUN_DIR@" # the log file, "" means log to stderr. # Use of this option sets use-syslog to "no". # logfile: "" # Log to syslog(3) if yes. The log facility LOG_DAEMON is used to # log to, with identity "unbound". If yes, it overrides the logfile. # use-syslog: yes # print UTC timestamp in ascii to logfile, default is epoch in seconds. # log-time-ascii: no # print one line with time, IP, name, type, class for every query. # log-queries: no # the pid file. Can be an absolute path outside of chroot/work dir. # pidfile: "@UNBOUND_PIDFILE@" # file to read root hints from. # get one from ftp://FTP.INTERNIC.NET/domain/named.cache # root-hints: "" # enable to not answer id.server and hostname.bind queries. # hide-identity: no # enable to not answer version.server and version.bind queries. # hide-version: no # the identity to report. Leave "" or default to return hostname. # identity: "" # the version to report. Leave "" or default to return package version. # version: "" # the target fetch policy. # series of integers describing the policy per dependency depth. # The number of values in the list determines the maximum dependency # depth the recursor will pursue before giving up. Each integer means: # -1 : fetch all targets opportunistically, # 0: fetch on demand, # positive value: fetch that many targets opportunistically. # Enclose the list of numbers between quotes (""). # target-fetch-policy: "3 2 1 0 0" # Harden against very small EDNS buffer sizes. # harden-short-bufsize: no # Harden against unseemly large queries. # harden-large-queries: no # Harden against out of zone rrsets, to avoid spoofing attempts. # harden-glue: yes # Harden against receiving dnssec-stripped data. If you turn it # off, failing to validate dnskey data for a trustanchor will # trigger insecure mode for that zone (like without a trustanchor). # Default on, which insists on dnssec data for trust-anchored zones. # harden-dnssec-stripped: yes # Harden against queries that fall under dnssec-signed nxdomain names. # harden-below-nxdomain: no # Harden the referral path by performing additional queries for # infrastructure data. Validates the replies (if possible). # Default off, because the lookups burden the server. Experimental # implementation of draft-wijngaards-dnsext-resolver-side-mitigation. # harden-referral-path: no # Use 0x20-encoded random bits in the query to foil spoof attempts. # This feature is an experimental implementation of draft dns-0x20. # use-caps-for-id: no # Enforce privacy of these addresses. Strips them away from answers. # It may cause DNSSEC validation to additionally mark it as bogus. # Protects against 'DNS Rebinding' (uses browser as network proxy). # Only 'private-domain' and 'local-data' names are allowed to have # these private addresses. No default. # private-address: 10.0.0.0/8 # private-address: 172.16.0.0/12 # private-address: 192.168.0.0/16 # private-address: 169.254.0.0/16 # private-address: fd00::/8 # private-address: fe80::/10 # Allow the domain (and its subdomains) to contain private addresses. # local-data statements are allowed to contain private addresses too. # private-domain: "example.com" # If nonzero, unwanted replies are not only reported in statistics, # but also a running total is kept per thread. If it reaches the # threshold, a warning is printed and a defensive action is taken, # the cache is cleared to flush potential poison out of it. # A suggested value is 10000000, the default is 0 (turned off). # unwanted-reply-threshold: 0 # Do not query the following addresses. No DNS queries are sent there. # List one address per entry. List classless netblocks with /size, # do-not-query-address: 127.0.0.1/8 # do-not-query-address: ::1 # if yes, the above default do-not-query-address entries are present. # if no, localhost can be queried (for testing and debugging). # do-not-query-localhost: yes # if yes, perform prefetching of almost expired message cache entries. # prefetch: no # if yes, perform key lookups adjacent to normal lookups. # prefetch-key: no # if yes, Unbound rotates RRSet order in response. # rrset-roundrobin: no # if yes, Unbound doesn't insert authority/additional sections # into response messages when those sections are not required. # minimal-responses: no # module configuration of the server. A string with identifiers # separated by spaces. "iterator" or "validator iterator" # module-config: "validator iterator" # File with trusted keys, kept uptodate using RFC5011 probes, # initial file like trust-anchor-file, then it stores metadata. # Use several entries, one per domain name, to track multiple zones. # # If you want to perform DNSSEC validation, run unbound-anchor before # you start unbound (i.e. in the system boot scripts). And enable: # Please note usage of unbound-anchor root anchor is at your own risk # and under the terms of our LICENSE (see that file in the source). # auto-trust-anchor-file: "@UNBOUND_ROOTKEY_FILE@" # File with DLV trusted keys. Same format as trust-anchor-file. # There can be only one DLV configured, it is trusted from root down. # Download http://ftp.isc.org/www/dlv/dlv.isc.org.key # dlv-anchor-file: "dlv.isc.org.key" # File with trusted keys for validation. Specify more than one file # with several entries, one file per entry. # Zone file format, with DS and DNSKEY entries. # Note this gets out of date, use auto-trust-anchor-file please. # trust-anchor-file: "" # Trusted key for validation. DS or DNSKEY. specify the RR on a # single line, surrounded by "". TTL is ignored. class is IN default. # Note this gets out of date, use auto-trust-anchor-file please. # (These examples are from August 2007 and may not be valid anymore). # trust-anchor: "nlnetlabs.nl. DNSKEY 257 3 5 AQPzzTWMz8qSWIQlfRnPckx2BiVmkVN6LPupO3mbz7FhLSnm26n6iG9N Lby97Ji453aWZY3M5/xJBSOS2vWtco2t8C0+xeO1bc/d6ZTy32DHchpW 6rDH1vp86Ll+ha0tmwyy9QP7y2bVw5zSbFCrefk8qCUBgfHm9bHzMG1U BYtEIQ==" # trust-anchor: "jelte.nlnetlabs.nl. DS 42860 5 1 14D739EB566D2B1A5E216A0BA4D17FA9B038BE4A" # File with trusted keys for validation. Specify more than one file # with several entries, one file per entry. Like trust-anchor-file # but has a different file format. Format is BIND-9 style format, # the trusted-keys { name flag proto algo "key"; }; clauses are read. # you need external update procedures to track changes in keys. # trusted-keys-file: "" # Ignore chain of trust. Domain is treated as insecure. # domain-insecure: "example.com" # Override the date for validation with a specific fixed date. # Do not set this unless you are debugging signature inception # and expiration. "" or "0" turns the feature off. -1 ignores date. # val-override-date: "" # The time to live for bogus data, rrsets and messages. This avoids # some of the revalidation, until the time interval expires. in secs. # val-bogus-ttl: 60 # The signature inception and expiration dates are allowed to be off # by 10% of the signature lifetime (expir-incep) from our local clock. # This leeway is capped with a minimum and a maximum. In seconds. # val-sig-skew-min: 3600 # val-sig-skew-max: 86400 # Should additional section of secure message also be kept clean of # unsecure data. Useful to shield the users of this validator from # potential bogus data in the additional section. All unsigned data # in the additional section is removed from secure messages. # val-clean-additional: yes # Turn permissive mode on to permit bogus messages. Thus, messages # for which security checks failed will be returned to clients, # instead of SERVFAIL. It still performs the security checks, which # result in interesting log files and possibly the AD bit in # replies if the message is found secure. The default is off. # val-permissive-mode: no # Ignore the CD flag in incoming queries and refuse them bogus data. # Enable it if the only clients of unbound are legacy servers (w2008) # that set CD but cannot validate themselves. # ignore-cd-flag: no # Have the validator log failed validations for your diagnosis. # 0: off. 1: A line per failed user query. 2: With reason and bad IP. # val-log-level: 0 # It is possible to configure NSEC3 maximum iteration counts per # keysize. Keep this table very short, as linear search is done. # A message with an NSEC3 with larger count is marked insecure. # List in ascending order the keysize and count values. # val-nsec3-keysize-iterations: "1024 150 2048 500 4096 2500" # instruct the auto-trust-anchor-file probing to add anchors after ttl. # add-holddown: 2592000 # 30 days # instruct the auto-trust-anchor-file probing to del anchors after ttl. # del-holddown: 2592000 # 30 days # auto-trust-anchor-file probing removes missing anchors after ttl. # If the value 0 is given, missing anchors are not removed. # keep-missing: 31622400 # 366 days # the amount of memory to use for the key cache. # plain value in bytes or you can append k, m or G. default is "4Mb". # key-cache-size: 4m # the number of slabs to use for the key cache. # the number of slabs must be a power of 2. # more slabs reduce lock contention, but fragment memory usage. # key-cache-slabs: 4 # the amount of memory to use for the negative cache (used for DLV). # plain value in bytes or you can append k, m or G. default is "1Mb". # neg-cache-size: 1m - + + # if unbound is running service for the local host then it is useful + # to perform lan-wide lookups to the upstream, and unblock the + # long list of local-zones above. If this unbound is a dns server + # for a network of computers, disabled is better and stops information + # leakage of local lan information. + # unblock-lan-zones: no + # By default, for a number of zones a small default 'nothing here' # reply is built-in. Query traffic is thus blocked. If you # wish to serve such zone you can unblock them by uncommenting one # of the nodefault statements below. # You may also have to use domain-insecure: zone to make DNSSEC work, # unless you have your own trust anchors for this zone. # local-zone: "localhost." nodefault # local-zone: "127.in-addr.arpa." nodefault # local-zone: "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa." nodefault # local-zone: "10.in-addr.arpa." nodefault # local-zone: "16.172.in-addr.arpa." nodefault # local-zone: "17.172.in-addr.arpa." nodefault # local-zone: "18.172.in-addr.arpa." nodefault # local-zone: "19.172.in-addr.arpa." nodefault # local-zone: "20.172.in-addr.arpa." nodefault # local-zone: "21.172.in-addr.arpa." nodefault # local-zone: "22.172.in-addr.arpa." nodefault # local-zone: "23.172.in-addr.arpa." nodefault # local-zone: "24.172.in-addr.arpa." nodefault # local-zone: "25.172.in-addr.arpa." nodefault # local-zone: "26.172.in-addr.arpa." nodefault # local-zone: "27.172.in-addr.arpa." nodefault # local-zone: "28.172.in-addr.arpa." nodefault # local-zone: "29.172.in-addr.arpa." nodefault # local-zone: "30.172.in-addr.arpa." nodefault # local-zone: "31.172.in-addr.arpa." nodefault # local-zone: "168.192.in-addr.arpa." nodefault # local-zone: "0.in-addr.arpa." nodefault # local-zone: "254.169.in-addr.arpa." nodefault # local-zone: "2.0.192.in-addr.arpa." nodefault # local-zone: "100.51.198.in-addr.arpa." nodefault # local-zone: "113.0.203.in-addr.arpa." nodefault # local-zone: "255.255.255.255.in-addr.arpa." nodefault # local-zone: "0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa." nodefault # local-zone: "d.f.ip6.arpa." nodefault # local-zone: "8.e.f.ip6.arpa." nodefault # local-zone: "9.e.f.ip6.arpa." nodefault # local-zone: "a.e.f.ip6.arpa." nodefault # local-zone: "b.e.f.ip6.arpa." nodefault # local-zone: "8.b.d.0.1.0.0.2.ip6.arpa." nodefault # a number of locally served zones can be configured. # local-zone: # local-data: "" # o deny serves local data (if any), else, drops queries. # o refuse serves local data (if any), else, replies with error. # o static serves local data, else, nxdomain or nodata answer. # o transparent gives local data, but resolves normally for other names # o redirect serves the zone data for any subdomain in the zone. # o nodefault can be used to normally resolve AS112 zones. # o typetransparent resolves normally for other types and other names # # defaults are localhost address, reverse for 127.0.0.1 and ::1 # and nxdomain for AS112 zones. If you configure one of these zones # the default content is omitted, or you can omit it with 'nodefault'. # # If you configure local-data without specifying local-zone, by # default a transparent local-zone is created for the data. # # You can add locally served data with # local-zone: "local." static # local-data: "mycomputer.local. IN A 192.0.2.51" # local-data: 'mytext.local TXT "content of text record"' # # You can override certain queries with # local-data: "adserver.example.com A 127.0.0.1" # # You can redirect a domain to a fixed address with # (this makes example.com, www.example.com, etc, all go to 192.0.2.3) # local-zone: "example.com" redirect # local-data: "example.com A 192.0.2.3" # # Shorthand to make PTR records, "IPv4 name" or "IPv6 name". # You can also add PTR records using local-data directly, but then # you need to do the reverse notation yourself. # local-data-ptr: "192.0.2.3 www.example.com" # service clients over SSL (on the TCP sockets), with plain DNS inside # the SSL stream. Give the certificate to use and private key. # default is "" (disabled). requires restart to take effect. # ssl-service-key: "path/to/privatekeyfile.key" # ssl-service-pem: "path/to/publiccertfile.pem" # ssl-port: 443 # request upstream over SSL (with plain DNS inside the SSL stream). # Default is no. Can be turned on and off with unbound-control. # ssl-upstream: no # Python config section. To enable: # o use --with-pythonmodule to configure before compiling. # o list python in the module-config string (above) to enable. # o and give a python-script to run. python: # Script file to load # python-script: "@UNBOUND_SHARE_DIR@/ubmodule-tst.py" # Remote control config section. remote-control: # Enable remote control with unbound-control(8) here. # set up the keys and certificates with unbound-control-setup. # control-enable: no # what interfaces are listened to for remote control. # give 0.0.0.0 and ::0 to listen to all interfaces. # control-interface: 127.0.0.1 # control-interface: ::1 # port number for remote control operations. # control-port: 8953 # unbound server key file. # server-key-file: "@UNBOUND_RUN_DIR@/unbound_server.key" # unbound server certificate file. # server-cert-file: "@UNBOUND_RUN_DIR@/unbound_server.pem" # unbound-control key file. # control-key-file: "@UNBOUND_RUN_DIR@/unbound_control.key" # unbound-control certificate file. # control-cert-file: "@UNBOUND_RUN_DIR@/unbound_control.pem" # Stub zones. # Create entries like below, to make all queries for 'example.com' and # 'example.org' go to the given list of nameservers. list zero or more # nameservers by hostname or by ipaddress. If you set stub-prime to yes, # the list is treated as priming hints (default is no). # With stub-first yes, it attempts without the stub if it fails. # stub-zone: # name: "example.com" # stub-addr: 192.0.2.68 # stub-prime: no # stub-first: no # stub-zone: # name: "example.org" # stub-host: ns.example.com. # Forward zones # Create entries like below, to make all queries for 'example.com' and # 'example.org' go to the given list of servers. These servers have to handle # recursion to other nameservers. List zero or more nameservers by hostname # or by ipaddress. Use an entry with name "." to forward all queries. # If you enable forward-first, it attempts without the forward if it fails. # forward-zone: # name: "example.com" # forward-addr: 192.0.2.68 # forward-addr: 192.0.2.73@5355 # forward to port 5355. # forward-first: no # forward-zone: # name: "example.org" # forward-host: fwd.example.com Index: head/contrib/unbound/doc/unbound.conf.5 =================================================================== --- head/contrib/unbound/doc/unbound.conf.5 (revision 268838) +++ head/contrib/unbound/doc/unbound.conf.5 (revision 268839) @@ -1,1130 +1,1141 @@ .TH "unbound.conf" "5" "Mar 12, 2014" "NLnet Labs" "unbound 1.4.22" .\" .\" unbound.conf.5 -- unbound.conf manual .\" .\" Copyright (c) 2007, NLnet Labs. All rights reserved. .\" .\" See LICENSE for the license. .\" .\" .SH "NAME" .LP .B unbound.conf \- Unbound configuration file. .SH "SYNOPSIS" .LP .B unbound.conf .SH "DESCRIPTION" .LP .B unbound.conf is used to configure \fIunbound\fR(8). The file format has attributes and values. Some attributes have attributes inside them. The notation is: attribute: value. .P Comments start with # and last to the end of line. Empty lines are ignored as is whitespace at the beginning of a line. .P The utility \fIunbound\-checkconf\fR(8) can be used to check unbound.conf prior to usage. .SH "EXAMPLE" An example config file is shown below. Copy this to /etc/unbound/unbound.conf and start the server with: .P .nf $ unbound \-c /etc/unbound/unbound.conf .fi .P Most settings are the defaults. Stop the server with: .P .nf $ kill `cat /etc/unbound/unbound.pid` .fi .P Below is a minimal config file. The source distribution contains an extensive example.conf file with all the options. .P .nf # unbound.conf(5) config file for unbound(8). server: directory: "/etc/unbound" username: unbound # make sure unbound can access entropy from inside the chroot. # e.g. on linux the use these commands (on BSD, devfs(8) is used): # mount \-\-bind \-n /dev/random /etc/unbound/dev/random # and mount \-\-bind \-n /dev/log /etc/unbound/dev/log chroot: "/etc/unbound" # logfile: "/etc/unbound/unbound.log" #uncomment to use logfile. pidfile: "/etc/unbound/unbound.pid" # verbosity: 1 # uncomment and increase to get more logging. # listen on all interfaces, answer queries from the local subnet. interface: 0.0.0.0 interface: ::0 access\-control: 10.0.0.0/8 allow access\-control: 2001:DB8::/64 allow .fi .SH "FILE FORMAT" .LP There must be whitespace between keywords. Attribute keywords end with a colon ':'. An attribute is followed by its containing attributes, or a value. .P Files can be included using the .B include: directive. It can appear anywhere, it accepts a single file name as argument. Processing continues as if the text from the included file was copied into the config file at that point. If also using chroot, using full path names for the included files works, relative pathnames for the included names work if the directory where the daemon is started equals its chroot/working directory. Wildcards can be used to include multiple files, see \fIglob\fR(7). .SS "Server Options" These options are part of the .B server: clause. .TP .B verbosity: \fI The verbosity number, level 0 means no verbosity, only errors. Level 1 gives operational information. Level 2 gives detailed operational information. Level 3 gives query level information, output per query. Level 4 gives algorithm level information. Level 5 logs client identification for cache misses. Default is level 1. The verbosity can also be increased from the commandline, see \fIunbound\fR(8). .TP .B statistics\-interval: \fI The number of seconds between printing statistics to the log for every thread. Disable with value 0 or "". Default is disabled. The histogram statistics are only printed if replies were sent during the statistics interval, requestlist statistics are printed for every interval (but can be 0). This is because the median calculation requires data to be present. .TP .B statistics\-cumulative: \fI If enabled, statistics are cumulative since starting unbound, without clearing the statistics counters after logging the statistics. Default is no. .TP .B extended\-statistics: \fI If enabled, extended statistics are printed from \fIunbound\-control\fR(8). Default is off, because keeping track of more statistics takes time. The counters are listed in \fIunbound\-control\fR(8). .TP .B num\-threads: \fI The number of threads to create to serve clients. Use 1 for no threading. .TP .B port: \fI The port number, default 53, on which the server responds to queries. .TP .B interface: \fI Interface to use to connect to the network. This interface is listened to for queries from clients, and answers to clients are given from it. Can be given multiple times to work on several interfaces. If none are given the default is to listen to localhost. The interfaces are not changed on a reload (kill \-HUP) but only on restart. A port number can be specified with @port (without spaces between interface and port number), if not specified the default port (from \fBport\fR) is used. .TP .B ip\-address: \fI Same as interface: (for easy of compatibility with nsd.conf). .TP .B interface\-automatic: \fI Detect source interface on UDP queries and copy them to replies. This feature is experimental, and needs support in your OS for particular socket options. Default value is no. .TP .B outgoing\-interface: \fI Interface to use to connect to the network. This interface is used to send queries to authoritative servers and receive their replies. Can be given multiple times to work on several interfaces. If none are given the default (all) is used. You can specify the same interfaces in .B interface: and .B outgoing\-interface: lines, the interfaces are then used for both purposes. Outgoing queries are sent via a random outgoing interface to counter spoofing. .TP .B outgoing\-range: \fI Number of ports to open. This number of file descriptors can be opened per thread. Must be at least 1. Default depends on compile options. Larger numbers need extra resources from the operating system. For performance a a very large value is best, use libevent to make this possible. .TP .B outgoing\-port\-permit: \fI Permit unbound to open this port or range of ports for use to send queries. A larger number of permitted outgoing ports increases resilience against spoofing attempts. Make sure these ports are not needed by other daemons. By default only ports above 1024 that have not been assigned by IANA are used. Give a port number or a range of the form "low\-high", without spaces. .IP The \fBoutgoing\-port\-permit\fR and \fBoutgoing\-port\-avoid\fR statements are processed in the line order of the config file, adding the permitted ports and subtracting the avoided ports from the set of allowed ports. The processing starts with the non IANA allocated ports above 1024 in the set of allowed ports. .TP .B outgoing\-port\-avoid: \fI Do not permit unbound to open this port or range of ports for use to send queries. Use this to make sure unbound does not grab a port that another daemon needs. The port is avoided on all outgoing interfaces, both IP4 and IP6. By default only ports above 1024 that have not been assigned by IANA are used. Give a port number or a range of the form "low\-high", without spaces. .TP .B outgoing\-num\-tcp: \fI Number of outgoing TCP buffers to allocate per thread. Default is 10. If set to 0, or if do_tcp is "no", no TCP queries to authoritative servers are done. .TP .B incoming\-num\-tcp: \fI Number of incoming TCP buffers to allocate per thread. Default is 10. If set to 0, or if do_tcp is "no", no TCP queries from clients are accepted. .TP .B edns\-buffer\-size: \fI Number of bytes size to advertise as the EDNS reassembly buffer size. This is the value put into datagrams over UDP towards peers. The actual buffer size is determined by msg\-buffer\-size (both for TCP and UDP). Do not set higher than that value. Default is 4096 which is RFC recommended. If you have fragmentation reassembly problems, usually seen as timeouts, then a value of 1480 can fix it. Setting to 512 bypasses even the most stringent path MTU problems, but is seen as extreme, since the amount of TCP fallback generated is excessive (probably also for this resolver, consider tuning the outgoing tcp number). .TP .B max\-udp\-size: \fI Maximum UDP response size (not applied to TCP response). 65536 disables the udp response size maximum, and uses the choice from the client, always. Suggested values are 512 to 4096. Default is 4096. .TP .B msg\-buffer\-size: \fI Number of bytes size of the message buffers. Default is 65552 bytes, enough for 64 Kb packets, the maximum DNS message size. No message larger than this can be sent or received. Can be reduced to use less memory, but some requests for DNS data, such as for huge resource records, will result in a SERVFAIL reply to the client. .TP .B msg\-cache\-size: \fI Number of bytes size of the message cache. Default is 4 megabytes. A plain number is in bytes, append 'k', 'm' or 'g' for kilobytes, megabytes or gigabytes (1024*1024 bytes in a megabyte). .TP .B msg\-cache\-slabs: \fI Number of slabs in the message cache. Slabs reduce lock contention by threads. Must be set to a power of 2. Setting (close) to the number of cpus is a reasonable guess. .TP .B num\-queries\-per\-thread: \fI The number of queries that every thread will service simultaneously. If more queries arrive that need servicing, and no queries can be jostled out (see \fIjostle\-timeout\fR), then the queries are dropped. This forces the client to resend after a timeout; allowing the server time to work on the existing queries. Default depends on compile options, 512 or 1024. .TP .B jostle\-timeout: \fI Timeout used when the server is very busy. Set to a value that usually results in one roundtrip to the authority servers. If too many queries arrive, then 50% of the queries are allowed to run to completion, and the other 50% are replaced with the new incoming query if they have already spent more than their allowed time. This protects against denial of service by slow queries or high query rates. Default 200 milliseconds. The effect is that the qps for long-lasting queries is about (numqueriesperthread / 2) / (average time for such long queries) qps. The qps for short queries can be about (numqueriesperthread / 2) / (jostletimeout in whole seconds) qps per thread, about (1024/2)*5 = 2560 qps by default. .TP .B delay\-close: \fI Extra delay for timeouted UDP ports before they are closed, in msec. Default is 0, and that disables it. This prevents very delayed answer packets from the upstream (recursive) servers from bouncing against closed ports and setting off all sort of close-port counters, with eg. 1500 msec. When timeouts happen you need extra sockets, it checks the ID and remote IP of packets, and unwanted packets are added to the unwanted packet counter. .TP .B so\-rcvbuf: \fI If not 0, then set the SO_RCVBUF socket option to get more buffer space on UDP port 53 incoming queries. So that short spikes on busy servers do not drop packets (see counter in netstat \-su). Default is 0 (use system value). Otherwise, the number of bytes to ask for, try "4m" on a busy server. The OS caps it at a maximum, on linux unbound needs root permission to bypass the limit, or the admin can use sysctl net.core.rmem_max. On BSD change kern.ipc.maxsockbuf in /etc/sysctl.conf. On OpenBSD change header and recompile kernel. On Solaris ndd \-set /dev/udp udp_max_buf 8388608. .TP .B so\-sndbuf: \fI If not 0, then set the SO_SNDBUF socket option to get more buffer space on UDP port 53 outgoing queries. This for very busy servers handles spikes in answer traffic, otherwise 'send: resource temporarily unavailable' can get logged, the buffer overrun is also visible by netstat \-su. Default is 0 (use system value). Specify the number of bytes to ask for, try "4m" on a very busy server. The OS caps it at a maximum, on linux unbound needs root permission to bypass the limit, or the admin can use sysctl net.core.wmem_max. On BSD, Solaris changes are similar to so\-rcvbuf. .TP .B so\-reuseport: \fI If yes, then open dedicated listening sockets for incoming queries for each thread and try to set the SO_REUSEPORT socket option on each socket. May distribute incoming queries to threads more evenly. Default is no. Only supported on Linux >= 3.9. You can enable it (on any platform and kernel), it then attempts to open the port and passes the option if it was available at compile time, if that works it is used, if it fails, it continues silently (unless verbosity 3) without the option. .TP .B rrset\-cache\-size: \fI Number of bytes size of the RRset cache. Default is 4 megabytes. A plain number is in bytes, append 'k', 'm' or 'g' for kilobytes, megabytes or gigabytes (1024*1024 bytes in a megabyte). .TP .B rrset\-cache\-slabs: \fI Number of slabs in the RRset cache. Slabs reduce lock contention by threads. Must be set to a power of 2. .TP .B cache\-max\-ttl: \fI Time to live maximum for RRsets and messages in the cache. Default is 86400 seconds (1 day). If the maximum kicks in, responses to clients still get decrementing TTLs based on the original (larger) values. When the internal TTL expires, the cache item has expired. Can be set lower to force the resolver to query for data often, and not trust (very large) TTL values. .TP .B cache\-min\-ttl: \fI Time to live minimum for RRsets and messages in the cache. Default is 0. If the the minimum kicks in, the data is cached for longer than the domain owner intended, and thus less queries are made to look up the data. Zero makes sure the data in the cache is as the domain owner intended, higher values, especially more than an hour or so, can lead to trouble as the data in the cache does not match up with the actual data any more. .TP .B infra\-host\-ttl: \fI Time to live for entries in the host cache. The host cache contains roundtrip timing, lameness and EDNS support information. Default is 900. .TP .B infra\-cache\-slabs: \fI Number of slabs in the infrastructure cache. Slabs reduce lock contention by threads. Must be set to a power of 2. .TP .B infra\-cache\-numhosts: \fI Number of hosts for which information is cached. Default is 10000. .TP .B do\-ip4: \fI Enable or disable whether ip4 queries are answered or issued. Default is yes. .TP .B do\-ip6: \fI Enable or disable whether ip6 queries are answered or issued. Default is yes. If disabled, queries are not answered on IPv6, and queries are not sent on IPv6 to the internet nameservers. .TP .B do\-udp: \fI Enable or disable whether UDP queries are answered or issued. Default is yes. .TP .B do\-tcp: \fI Enable or disable whether TCP queries are answered or issued. Default is yes. .TP .B tcp\-upstream: \fI Enable or disable whether the upstream queries use TCP only for transport. Default is no. Useful in tunneling scenarios. .TP .B ssl\-upstream: \fI Enabled or disable whether the upstream queries use SSL only for transport. Default is no. Useful in tunneling scenarios. The SSL contains plain DNS in TCP wireformat. The other server must support this (see \fBssl\-service\-key\fR). .TP .B ssl\-service-key: \fI If enabled, the server provider SSL service on its TCP sockets. The clients have to use ssl\-upstream: yes. The file is the private key for the TLS session. The public certificate is in the ssl\-service\-pem file. Default is "", turned off. Requires a restart (a reload is not enough) if changed, because the private key is read while root permissions are held and before chroot (if any). Normal DNS TCP service is not provided and gives errors, this service is best run with a different \fBport:\fR config or \fI@port\fR suffixes in the \fBinterface\fR config. .TP .B ssl\-service\-pem: \fI The public key certificate pem file for the ssl service. Default is "", turned off. .TP .B ssl\-port: \fI The port number on which to provide TCP SSL service, default 443, only interfaces configured with that port number as @number get the SSL service. .TP .B do\-daemonize: \fI Enable or disable whether the unbound server forks into the background as a daemon. Default is yes. .TP .B access\-control: \fI The netblock is given as an IP4 or IP6 address with /size appended for a classless network block. The action can be \fIdeny\fR, \fIrefuse\fR, \fIallow\fR, \fIallow_snoop\fR, \fIdeny_non_local\fR or \fIrefuse_non_local\fR. .IP The action \fIdeny\fR stops queries from hosts from that netblock. .IP The action \fIrefuse\fR stops queries too, but sends a DNS rcode REFUSED error message back. .IP The action \fIallow\fR gives access to clients from that netblock. It gives only access for recursion clients (which is what almost all clients need). Nonrecursive queries are refused. .IP The \fIallow\fR action does allow nonrecursive queries to access the local\-data that is configured. The reason is that this does not involve the unbound server recursive lookup algorithm, and static data is served in the reply. This supports normal operations where nonrecursive queries are made for the authoritative data. For nonrecursive queries any replies from the dynamic cache are refused. .IP The action \fIallow_snoop\fR gives nonrecursive access too. This give both recursive and non recursive access. The name \fIallow_snoop\fR refers to cache snooping, a technique to use nonrecursive queries to examine the cache contents (for malicious acts). However, nonrecursive queries can also be a valuable debugging tool (when you want to examine the cache contents). In that case use \fIallow_snoop\fR for your administration host. .IP By default only localhost is \fIallow\fRed, the rest is \fIrefuse\fRd. The default is \fIrefuse\fRd, because that is protocol\-friendly. The DNS protocol is not designed to handle dropped packets due to policy, and dropping may result in (possibly excessive) retried queries. .IP The deny_non_local and refuse_non_local settings are for hosts that are only allowed to query for the authoritative local\-data, they are not allowed full recursion but only the static data. With deny_non_local, messages that are disallowed are dropped, with refuse_non_local they receive error code REFUSED. .TP .B chroot: \fI If chroot is enabled, you should pass the configfile (from the commandline) as a full path from the original root. After the chroot has been performed the now defunct portion of the config file path is removed to be able to reread the config after a reload. .IP All other file paths (working dir, logfile, roothints, and key files) can be specified in several ways: as an absolute path relative to the new root, as a relative path to the working directory, or as an absolute path relative to the original root. In the last case the path is adjusted to remove the unused portion. .IP The pidfile can be either a relative path to the working directory, or an absolute path relative to the original root. It is written just prior to chroot and dropping permissions. This allows the pidfile to be /var/run/unbound.pid and the chroot to be /var/unbound, for example. .IP Additionally, unbound may need to access /dev/random (for entropy) from inside the chroot. .IP If given a chroot is done to the given directory. The default is "/var/unbound". If you give "" no chroot is performed. .TP .B username: \fI If given, after binding the port the user privileges are dropped. Default is "unbound". If you give username: "" no user change is performed. .IP If this user is not capable of binding the port, reloads (by signal HUP) will still retain the opened ports. If you change the port number in the config file, and that new port number requires privileges, then a reload will fail; a restart is needed. .TP .B directory: \fI Sets the working directory for the program. Default is "/var/unbound". .TP .B logfile: \fI If "" is given, logging goes to stderr, or nowhere once daemonized. The logfile is appended to, in the following format: .nf [seconds since 1970] unbound[pid:tid]: type: message. .fi If this option is given, the use\-syslog is option is set to "no". The logfile is reopened (for append) when the config file is reread, on SIGHUP. .TP .B use\-syslog: \fI Sets unbound to send log messages to the syslogd, using \fIsyslog\fR(3). The log facility LOG_DAEMON is used, with identity "unbound". The logfile setting is overridden when use\-syslog is turned on. The default is to log to syslog. .TP .B log\-time\-ascii: \fI Sets logfile lines to use a timestamp in UTC ascii. Default is no, which prints the seconds since 1970 in brackets. No effect if using syslog, in that case syslog formats the timestamp printed into the log files. .TP .B log\-queries: \fI Prints one line per query to the log, with the log timestamp and IP address, name, type and class. Default is no. Note that it takes time to print these lines which makes the server (significantly) slower. Odd (nonprintable) characters in names are printed as '?'. .TP .B pidfile: \fI The process id is written to the file. Default is "/var/unbound/unbound.pid". So, .nf kill \-HUP `cat /var/unbound/unbound.pid` .fi triggers a reload, .nf kill \-QUIT `cat /var/unbound/unbound.pid` .fi gracefully terminates. .TP .B root\-hints: \fI Read the root hints from this file. Default is nothing, using builtin hints for the IN class. The file has the format of zone files, with root nameserver names and addresses only. The default may become outdated, when servers change, therefore it is good practice to use a root\-hints file. .TP .B hide\-identity: \fI If enabled id.server and hostname.bind queries are refused. .TP .B identity: \fI Set the identity to report. If set to "", the default, then the hostname of the server is returned. .TP .B hide\-version: \fI If enabled version.server and version.bind queries are refused. .TP .B version: \fI Set the version to report. If set to "", the default, then the package version is returned. .TP .B target\-fetch\-policy: \fI<"list of numbers"> Set the target fetch policy used by unbound to determine if it should fetch nameserver target addresses opportunistically. The policy is described per dependency depth. .IP The number of values determines the maximum dependency depth that unbound will pursue in answering a query. A value of \-1 means to fetch all targets opportunistically for that dependency depth. A value of 0 means to fetch on demand only. A positive value fetches that many targets opportunistically. .IP Enclose the list between quotes ("") and put spaces between numbers. The default is "3 2 1 0 0". Setting all zeroes, "0 0 0 0 0" gives behaviour closer to that of BIND 9, while setting "\-1 \-1 \-1 \-1 \-1" gives behaviour rumoured to be closer to that of BIND 8. .TP .B harden\-short\-bufsize: \fI Very small EDNS buffer sizes from queries are ignored. Default is off, since it is legal protocol wise to send these, and unbound tries to give very small answers to these queries, where possible. .TP .B harden\-large\-queries: \fI Very large queries are ignored. Default is off, since it is legal protocol wise to send these, and could be necessary for operation if TSIG or EDNS payload is very large. .TP .B harden\-glue: \fI Will trust glue only if it is within the servers authority. Default is on. .TP .B harden\-dnssec\-stripped: \fI Require DNSSEC data for trust\-anchored zones, if such data is absent, the zone becomes bogus. If turned off, and no DNSSEC data is received (or the DNSKEY data fails to validate), then the zone is made insecure, this behaves like there is no trust anchor. You could turn this off if you are sometimes behind an intrusive firewall (of some sort) that removes DNSSEC data from packets, or a zone changes from signed to unsigned to badly signed often. If turned off you run the risk of a downgrade attack that disables security for a zone. Default is on. .TP .B harden\-below\-nxdomain: \fI From draft\-vixie\-dnsext\-resimprove, returns nxdomain to queries for a name below another name that is already known to be nxdomain. DNSSEC mandates noerror for empty nonterminals, hence this is possible. Very old software might return nxdomain for empty nonterminals (that usually happen for reverse IP address lookups), and thus may be incompatible with this. To try to avoid this only DNSSEC-secure nxdomains are used, because the old software does not have DNSSEC. Default is off. .TP .B harden\-referral\-path: \fI Harden the referral path by performing additional queries for infrastructure data. Validates the replies if trust anchors are configured and the zones are signed. This enforces DNSSEC validation on nameserver NS sets and the nameserver addresses that are encountered on the referral path to the answer. Default off, because it burdens the authority servers, and it is not RFC standard, and could lead to performance problems because of the extra query load that is generated. Experimental option. If you enable it consider adding more numbers after the target\-fetch\-policy to increase the max depth that is checked to. .TP .B use\-caps\-for\-id: \fI Use 0x20\-encoded random bits in the query to foil spoof attempts. This perturbs the lowercase and uppercase of query names sent to authority servers and checks if the reply still has the correct casing. Disabled by default. This feature is an experimental implementation of draft dns\-0x20. .TP .B private\-address: \fI Give IPv4 of IPv6 addresses or classless subnets. These are addresses on your private network, and are not allowed to be returned for public internet names. Any occurence of such addresses are removed from DNS answers. Additionally, the DNSSEC validator may mark the answers bogus. This protects against so\-called DNS Rebinding, where a user browser is turned into a network proxy, allowing remote access through the browser to other parts of your private network. Some names can be allowed to contain your private addresses, by default all the \fBlocal\-data\fR that you configured is allowed to, and you can specify additional names using \fBprivate\-domain\fR. No private addresses are enabled by default. We consider to enable this for the RFC1918 private IP address space by default in later releases. That would enable private addresses for 10.0.0.0/8 172.16.0.0/12 192.168.0.0/16 169.254.0.0/16 fd00::/8 and fe80::/10, since the RFC standards say these addresses should not be visible on the public internet. Turning on 127.0.0.0/8 would hinder many spamblocklists as they use that. .TP .B private\-domain: \fI Allow this domain, and all its subdomains to contain private addresses. Give multiple times to allow multiple domain names to contain private addresses. Default is none. .TP .B unwanted\-reply\-threshold: \fI If set, a total number of unwanted replies is kept track of in every thread. When it reaches the threshold, a defensive action is taken and a warning is printed to the log. The defensive action is to clear the rrset and message caches, hopefully flushing away any poison. A value of 10 million is suggested. Default is 0 (turned off). .TP .B do\-not\-query\-address: \fI Do not query the given IP address. Can be IP4 or IP6. Append /num to indicate a classless delegation netblock, for example like 10.2.3.4/24 or 2001::11/64. .TP .B do\-not\-query\-localhost: \fI If yes, localhost is added to the do\-not\-query\-address entries, both IP6 ::1 and IP4 127.0.0.1/8. If no, then localhost can be used to send queries to. Default is yes. .TP .B prefetch: \fI If yes, message cache elements are prefetched before they expire to keep the cache up to date. Default is no. Turning it on gives about 10 percent more traffic and load on the machine, but popular items do not expire from the cache. .TP .B prefetch-key: \fI If yes, fetch the DNSKEYs earlier in the validation process, when a DS record is encountered. This lowers the latency of requests. It does use a little more CPU. Also if the cache is set to 0, it is no use. Default is no. .TP .B rrset-roundrobin: \fI If yes, Unbound rotates RRSet order in response (the random number is taken from the query ID, for speed and thread safety). Default is no. .TP .B minimal-responses: \fI If yes, Unbound doesn't insert authority/additional sections into response messages when those sections are not required. This reduces response size significantly, and may avoid TCP fallback for some responses. This may cause a slight speedup. The default is no, because the DNS protocol RFCs mandate these sections, and the additional content could be of use and save roundtrips for clients. .TP .B module\-config: \fI<"module names"> Module configuration, a list of module names separated by spaces, surround the string with quotes (""). The modules can be validator, iterator. Setting this to "iterator" will result in a non\-validating server. Setting this to "validator iterator" will turn on DNSSEC validation. The ordering of the modules is important. You must also set trust\-anchors for validation to be useful. .TP .B trust\-anchor\-file: \fI File with trusted keys for validation. Both DS and DNSKEY entries can appear in the file. The format of the file is the standard DNS Zone file format. Default is "", or no trust anchor file. .TP .B auto\-trust\-anchor\-file: \fI File with trust anchor for one zone, which is tracked with RFC5011 probes. The probes are several times per month, thus the machine must be online frequently. The initial file can be one with contents as described in \fBtrust\-anchor\-file\fR. The file is written to when the anchor is updated, so the unbound user must have write permission. .TP .B trust\-anchor: \fI<"Resource Record"> A DS or DNSKEY RR for a key to use for validation. Multiple entries can be given to specify multiple trusted keys, in addition to the trust\-anchor\-files. The resource record is entered in the same format as 'dig' or 'drill' prints them, the same format as in the zone file. Has to be on a single line, with "" around it. A TTL can be specified for ease of cut and paste, but is ignored. A class can be specified, but class IN is default. .TP .B trusted\-keys\-file: \fI File with trusted keys for validation. Specify more than one file with several entries, one file per entry. Like \fBtrust\-anchor\-file\fR but has a different file format. Format is BIND\-9 style format, the trusted\-keys { name flag proto algo "key"; }; clauses are read. It is possible to use wildcards with this statement, the wildcard is expanded on start and on reload. .TP .B dlv\-anchor\-file: \fI File with trusted keys for DLV (DNSSEC Lookaside Validation). Both DS and DNSKEY entries can be used in the file, in the same format as for \fItrust\-anchor\-file:\fR statements. Only one DLV can be configured, more would be slow. The DLV configured is used as a root trusted DLV, this means that it is a lookaside for the root. Default is "", or no dlv anchor file. .TP .B dlv\-anchor: \fI<"Resource Record"> Much like trust\-anchor, this is a DLV anchor with the DS or DNSKEY inline. .TP .B domain\-insecure: \fI Sets domain name to be insecure, DNSSEC chain of trust is ignored towards the domain name. So a trust anchor above the domain name can not make the domain secure with a DS record, such a DS record is then ignored. Also keys from DLV are ignored for the domain. Can be given multiple times to specify multiple domains that are treated as if unsigned. If you set trust anchors for the domain they override this setting (and the domain is secured). .IP This can be useful if you want to make sure a trust anchor for external lookups does not affect an (unsigned) internal domain. A DS record externally can create validation failures for that internal domain. .TP .B val\-override\-date: \fI Default is "" or "0", which disables this debugging feature. If enabled by giving a RRSIG style date, that date is used for verifying RRSIG inception and expiration dates, instead of the current date. Do not set this unless you are debugging signature inception and expiration. The value \-1 ignores the date altogether, useful for some special applications. .TP .B val\-sig\-skew\-min: \fI Minimum number of seconds of clock skew to apply to validated signatures. A value of 10% of the signature lifetime (expiration \- inception) is used, capped by this setting. Default is 3600 (1 hour) which allows for daylight savings differences. Lower this value for more strict checking of short lived signatures. .TP .B val\-sig\-skew\-max: \fI Maximum number of seconds of clock skew to apply to validated signatures. A value of 10% of the signature lifetime (expiration \- inception) is used, capped by this setting. Default is 86400 (24 hours) which allows for timezone setting problems in stable domains. Setting both min and max very low disables the clock skew allowances. Setting both min and max very high makes the validator check the signature timestamps less strictly. .TP .B val\-bogus\-ttl: \fI The time to live for bogus data. This is data that has failed validation; due to invalid signatures or other checks. The TTL from that data cannot be trusted, and this value is used instead. The value is in seconds, default 60. The time interval prevents repeated revalidation of bogus data. .TP .B val\-clean\-additional: \fI Instruct the validator to remove data from the additional section of secure messages that are not signed properly. Messages that are insecure, bogus, indeterminate or unchecked are not affected. Default is yes. Use this setting to protect the users that rely on this validator for authentication from protentially bad data in the additional section. .TP .B val\-log\-level: \fI Have the validator print validation failures to the log. Regardless of the verbosity setting. Default is 0, off. At 1, for every user query that fails a line is printed to the logs. This way you can monitor what happens with validation. Use a diagnosis tool, such as dig or drill, to find out why validation is failing for these queries. At 2, not only the query that failed is printed but also the reason why unbound thought it was wrong and which server sent the faulty data. .TP .B val\-permissive\-mode: \fI Instruct the validator to mark bogus messages as indeterminate. The security checks are performed, but if the result is bogus (failed security), the reply is not withheld from the client with SERVFAIL as usual. The client receives the bogus data. For messages that are found to be secure the AD bit is set in replies. Also logging is performed as for full validation. The default value is "no". .TP .B ignore\-cd\-flag: \fI Instruct unbound to ignore the CD flag from clients and refuse to return bogus answers to them. Thus, the CD (Checking Disabled) flag does not disable checking any more. This is useful if legacy (w2008) servers that set the CD flag but cannot validate DNSSEC themselves are the clients, and then unbound provides them with DNSSEC protection. The default value is "no". .TP .B val\-nsec3\-keysize\-iterations: \fI<"list of values"> List of keysize and iteration count values, separated by spaces, surrounded by quotes. Default is "1024 150 2048 500 4096 2500". This determines the maximum allowed NSEC3 iteration count before a message is simply marked insecure instead of performing the many hashing iterations. The list must be in ascending order and have at least one entry. If you set it to "1024 65535" there is no restriction to NSEC3 iteration values. This table must be kept short; a very long list could cause slower operation. .TP .B add\-holddown: \fI Instruct the \fBauto\-trust\-anchor\-file\fR probe mechanism for RFC5011 autotrust updates to add new trust anchors only after they have been visible for this time. Default is 30 days as per the RFC. .TP .B del\-holddown: \fI Instruct the \fBauto\-trust\-anchor\-file\fR probe mechanism for RFC5011 autotrust updates to remove revoked trust anchors after they have been kept in the revoked list for this long. Default is 30 days as per the RFC. .TP .B keep\-missing: \fI Instruct the \fBauto\-trust\-anchor\-file\fR probe mechanism for RFC5011 autotrust updates to remove missing trust anchors after they have been unseen for this long. This cleans up the state file if the target zone does not perform trust anchor revocation, so this makes the auto probe mechanism work with zones that perform regular (non\-5011) rollovers. The default is 366 days. The value 0 does not remove missing anchors, as per the RFC. .TP .B key\-cache\-size: \fI Number of bytes size of the key cache. Default is 4 megabytes. A plain number is in bytes, append 'k', 'm' or 'g' for kilobytes, megabytes or gigabytes (1024*1024 bytes in a megabyte). .TP .B key\-cache\-slabs: \fI Number of slabs in the key cache. Slabs reduce lock contention by threads. Must be set to a power of 2. Setting (close) to the number of cpus is a reasonable guess. .TP .B neg\-cache\-size: \fI Number of bytes size of the aggressive negative cache. Default is 1 megabyte. A plain number is in bytes, append 'k', 'm' or 'g' for kilobytes, megabytes or gigabytes (1024*1024 bytes in a megabyte). .TP +.B unblock\-lan\-zones: \fI +Default is disabled. If enabled, then for private address space, +the reverse lookups are no longer filtered. This allows unbound when +running as dns service on a host where it provides service for that host, +to put out all of the queries for the 'lan' upstream. When enabled, +only localhost, 127.0.0.1 reverse and ::1 reverse zones are configured +with default local zones. Disable the option when unbound is running +as a (DHCP-) DNS network resolver for a group of machines, where such +lookups should be filtered (RFC compliance), this also stops potential +data leakage about the local network to the upstream DNS servers. +.TP .B local\-zone: \fI Configure a local zone. The type determines the answer to give if there is no match from local\-data. The types are deny, refuse, static, transparent, redirect, nodefault, typetransparent, and are explained below. After that the default settings are listed. Use local\-data: to enter data into the local zone. Answers for local zones are authoritative DNS answers. By default the zones are class IN. .IP If you need more complicated authoritative data, with referrals, wildcards, CNAME/DNAME support, or DNSSEC authoritative service, setup a stub\-zone for it as detailed in the stub zone section below. .TP 10 \h'5'\fIdeny\fR Do not send an answer, drop the query. If there is a match from local data, the query is answered. .TP 10 \h'5'\fIrefuse\fR Send an error message reply, with rcode REFUSED. If there is a match from local data, the query is answered. .TP 10 \h'5'\fIstatic\fR If there is a match from local data, the query is answered. Otherwise, the query is answered with nodata or nxdomain. For a negative answer a SOA is included in the answer if present as local\-data for the zone apex domain. .TP 10 \h'5'\fItransparent\fR If there is a match from local data, the query is answered. Otherwise if the query has a different name, the query is resolved normally. If the query is for a name given in localdata but no such type of data is given in localdata, then a noerror nodata answer is returned. If no local\-zone is given local\-data causes a transparent zone to be created by default. .TP 10 \h'5'\fItypetransparent\fR If there is a match from local data, the query is answered. If the query is for a different name, or for the same name but for a different type, the query is resolved normally. So, similar to transparent but types that are not listed in local data are resolved normally, so if an A record is in the local data that does not cause a nodata reply for AAAA queries. .TP 10 \h'5'\fIredirect\fR The query is answered from the local data for the zone name. There may be no local data beneath the zone name. This answers queries for the zone, and all subdomains of the zone with the local data for the zone. It can be used to redirect a domain to return a different address record to the end user, with local\-zone: "example.com." redirect and local\-data: "example.com. A 127.0.0.1" queries for www.example.com and www.foo.example.com are redirected, so that users with web browsers cannot access sites with suffix example.com. .TP 10 \h'5'\fInodefault\fR Used to turn off default contents for AS112 zones. The other types also turn off default contents for the zone. The 'nodefault' option has no other effect than turning off default contents for the given zone. .P The default zones are localhost, reverse 127.0.0.1 and ::1, and the AS112 zones. The AS112 zones are reverse DNS zones for private use and reserved IP addresses for which the servers on the internet cannot provide correct answers. They are configured by default to give nxdomain (no reverse information) answers. The defaults can be turned off by specifying your own local\-zone of that name, or using the 'nodefault' type. Below is a list of the default zone contents. .TP 10 \h'5'\fIlocalhost\fR The IP4 and IP6 localhost information is given. NS and SOA records are provided for completeness and to satisfy some DNS update tools. Default content: .nf local\-zone: "localhost." static local\-data: "localhost. 10800 IN NS localhost." local\-data: "localhost. 10800 IN SOA localhost. nobody.invalid. 1 3600 1200 604800 10800" local\-data: "localhost. 10800 IN A 127.0.0.1" local\-data: "localhost. 10800 IN AAAA ::1" .fi .TP 10 \h'5'\fIreverse IPv4 loopback\fR Default content: .nf local\-zone: "127.in\-addr.arpa." static local\-data: "127.in\-addr.arpa. 10800 IN NS localhost." local\-data: "127.in\-addr.arpa. 10800 IN SOA localhost. nobody.invalid. 1 3600 1200 604800 10800" local\-data: "1.0.0.127.in\-addr.arpa. 10800 IN PTR localhost." .fi .TP 10 \h'5'\fIreverse IPv6 loopback\fR Default content: .nf local\-zone: "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0. 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa." static local\-data: "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0. 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa. 10800 IN NS localhost." local\-data: "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0. 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa. 10800 IN SOA localhost. nobody.invalid. 1 3600 1200 604800 10800" local\-data: "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0. 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa. 10800 IN PTR localhost." .fi .TP 10 \h'5'\fIreverse RFC1918 local use zones\fR Reverse data for zones 10.in\-addr.arpa, 16.172.in\-addr.arpa to 31.172.in\-addr.arpa, 168.192.in\-addr.arpa. The \fBlocal\-zone:\fR is set static and as \fBlocal\-data:\fR SOA and NS records are provided. .TP 10 \h'5'\fIreverse RFC3330 IP4 this, link\-local, testnet and broadcast\fR Reverse data for zones 0.in\-addr.arpa, 254.169.in\-addr.arpa, 2.0.192.in\-addr.arpa (TEST NET 1), 100.51.198.in\-addr.arpa (TEST NET 2), 113.0.203.in\-addr.arpa (TEST NET 3), 255.255.255.255.in\-addr.arpa. .TP 10 \h'5'\fIreverse RFC4291 IP6 unspecified\fR Reverse data for zone .nf 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0. 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa. .fi .TP 10 \h'5'\fIreverse RFC4193 IPv6 Locally Assigned Local Addresses\fR Reverse data for zone D.F.ip6.arpa. .TP 10 \h'5'\fIreverse RFC4291 IPv6 Link Local Addresses\fR Reverse data for zones 8.E.F.ip6.arpa to B.E.F.ip6.arpa. .TP 10 \h'5'\fIreverse IPv6 Example Prefix\fR Reverse data for zone 8.B.D.0.1.0.0.2.ip6.arpa. This zone is used for tutorials and examples. You can remove the block on this zone with: .nf local\-zone: 8.B.D.0.1.0.0.2.ip6.arpa. nodefault .fi You can also selectively unblock a part of the zone by making that part transparent with a local\-zone statement. This also works with the other default zones. .\" End of local-zone listing. .TP 5 .B local\-data: \fI"" Configure local data, which is served in reply to queries for it. The query has to match exactly unless you configure the local\-zone as redirect. If not matched exactly, the local\-zone type determines further processing. If local\-data is configured that is not a subdomain of a local\-zone, a transparent local\-zone is configured. For record types such as TXT, use single quotes, as in local\-data: 'example. TXT "text"'. .IP If you need more complicated authoritative data, with referrals, wildcards, CNAME/DNAME support, or DNSSEC authoritative service, setup a stub\-zone for it as detailed in the stub zone section below. .TP 5 .B local\-data\-ptr: \fI"IPaddr name" Configure local data shorthand for a PTR record with the reversed IPv4 or IPv6 address and the host name. For example "192.0.2.4 www.example.com". TTL can be inserted like this: "2001:DB8::4 7200 www.example.com" .SS "Remote Control Options" In the .B remote\-control: clause are the declarations for the remote control facility. If this is enabled, the \fIunbound\-control\fR(8) utility can be used to send commands to the running unbound server. The server uses these clauses to setup SSLv3 / TLSv1 security for the connection. The \fIunbound\-control\fR(8) utility also reads the \fBremote\-control\fR section for options. To setup the correct self\-signed certificates use the \fIunbound\-control\-setup\fR(8) utility. .TP 5 .B control\-enable: \fI The option is used to enable remote control, default is "no". If turned off, the server does not listen for control commands. .TP 5 .B control\-interface: Give IPv4 or IPv6 addresses to listen on for control commands. By default localhost (127.0.0.1 and ::1) is listened to. Use 0.0.0.0 and ::0 to listen to all interfaces. .TP 5 .B control\-port: The port number to listen on for control commands, default is 8953. If you change this port number, and permissions have been dropped, a reload is not sufficient to open the port again, you must then restart. .TP 5 .B server\-key\-file: "" Path to the server private key, by default unbound_server.key. This file is generated by the \fIunbound\-control\-setup\fR utility. This file is used by the unbound server, but not by \fIunbound\-control\fR. .TP 5 .B server\-cert\-file: "" Path to the server self signed certificate, by default unbound_server.pem. This file is generated by the \fIunbound\-control\-setup\fR utility. This file is used by the unbound server, and also by \fIunbound\-control\fR. .TP 5 .B control\-key\-file: "" Path to the control client private key, by default unbound_control.key. This file is generated by the \fIunbound\-control\-setup\fR utility. This file is used by \fIunbound\-control\fR. .TP 5 .B control\-cert\-file: "" Path to the control client certificate, by default unbound_control.pem. This certificate has to be signed with the server certificate. This file is generated by the \fIunbound\-control\-setup\fR utility. This file is used by \fIunbound\-control\fR. .SS "Stub Zone Options" .LP There may be multiple .B stub\-zone: clauses. Each with a name: and zero or more hostnames or IP addresses. For the stub zone this list of nameservers is used. Class IN is assumed. The servers should be authority servers, not recursors; unbound performs the recursive processing itself for stub zones. .P The stub zone can be used to configure authoritative data to be used by the resolver that cannot be accessed using the public internet servers. This is useful for company\-local data or private zones. Setup an authoritative server on a different host (or different port). Enter a config entry for unbound with .B stub\-addr: . The unbound resolver can then access the data, without referring to the public internet for it. .P This setup allows DNSSEC signed zones to be served by that authoritative server, in which case a trusted key entry with the public key can be put in config, so that unbound can validate the data and set the AD bit on replies for the private zone (authoritative servers do not set the AD bit). This setup makes unbound capable of answering queries for the private zone, and can even set the AD bit ('authentic'), but the AA ('authoritative') bit is not set on these replies. .TP .B name: \fI Name of the stub zone. .TP .B stub\-host: \fI Name of stub zone nameserver. Is itself resolved before it is used. .TP .B stub\-addr: \fI IP address of stub zone nameserver. Can be IP 4 or IP 6. To use a nondefault port for DNS communication append '@' with the port number. .TP .B stub\-prime: \fI This option is by default off. If enabled it performs NS set priming, which is similar to root hints, where it starts using the list of nameservers currently published by the zone. Thus, if the hint list is slightly outdated, the resolver picks up a correct list online. .TP .B stub\-first: \fI If enabled, a query is attempted without the stub clause if it fails. The data could not be retrieved and would have caused SERVFAIL because the servers are unreachable, instead it is tried without this clause. The default is no. .SS "Forward Zone Options" .LP There may be multiple .B forward\-zone: clauses. Each with a \fBname:\fR and zero or more hostnames or IP addresses. For the forward zone this list of nameservers is used to forward the queries to. The servers listed as \fBforward\-host:\fR and \fBforward\-addr:\fR have to handle further recursion for the query. Thus, those servers are not authority servers, but are (just like unbound is) recursive servers too; unbound does not perform recursion itself for the forward zone, it lets the remote server do it. Class IN is assumed. A forward\-zone entry with name "." and a forward\-addr target will forward all queries to that other server (unless it can answer from the cache). .TP .B name: \fI Name of the forward zone. .TP .B forward\-host: \fI Name of server to forward to. Is itself resolved before it is used. .TP .B forward\-addr: \fI IP address of server to forward to. Can be IP 4 or IP 6. To use a nondefault port for DNS communication append '@' with the port number. .TP .B forward\-first: \fI If enabled, a query is attempted without the forward clause if it fails. The data could not be retrieved and would have caused SERVFAIL because the servers are unreachable, instead it is tried without this clause. The default is no. .SS "Python Module Options" .LP The .B python: clause gives the settings for the \fIpython\fR(1) script module. This module acts like the iterator and validator modules do, on queries and answers. To enable the script module it has to be compiled into the daemon, and the word "python" has to be put in the \fBmodule\-config:\fR option (usually first, or between the validator and iterator). .TP .B python\-script: \fI\fR The script file to load. .SH "MEMORY CONTROL EXAMPLE" In the example config settings below memory usage is reduced. Some service levels are lower, notable very large data and a high TCP load are no longer supported. Very large data and high TCP loads are exceptional for the DNS. DNSSEC validation is enabled, just add trust anchors. If you do not have to worry about programs using more than 3 Mb of memory, the below example is not for you. Use the defaults to receive full service, which on BSD\-32bit tops out at 30\-40 Mb after heavy usage. .P .nf # example settings that reduce memory usage server: num\-threads: 1 outgoing\-num\-tcp: 1 # this limits TCP service, uses less buffers. incoming\-num\-tcp: 1 outgoing\-range: 60 # uses less memory, but less performance. msg\-buffer\-size: 8192 # note this limits service, 'no huge stuff'. msg\-cache\-size: 100k msg\-cache\-slabs: 1 rrset\-cache\-size: 100k rrset\-cache\-slabs: 1 infra\-cache\-numhosts: 200 infra\-cache\-slabs: 1 key\-cache\-size: 100k key\-cache\-slabs: 1 neg\-cache\-size: 10k num\-queries\-per\-thread: 30 target\-fetch\-policy: "2 1 0 0 0 0" harden\-large\-queries: "yes" harden\-short\-bufsize: "yes" .fi .SH "FILES" .TP .I /var/unbound default unbound working directory. .TP .I /var/unbound default \fIchroot\fR(2) location. .TP .I /var/unbound/unbound.conf unbound configuration file. .TP .I /var/unbound/unbound.pid default unbound pidfile with process ID of the running daemon. .TP .I unbound.log unbound log file. default is to log to \fIsyslog\fR(3). .SH "SEE ALSO" \fIunbound\fR(8), \fIunbound\-checkconf\fR(8). .SH "AUTHORS" .B Unbound was written by NLnet Labs. Please see CREDITS file in the distribution for further details. Index: head/contrib/unbound/doc/unbound.conf.5.in =================================================================== --- head/contrib/unbound/doc/unbound.conf.5.in (revision 268838) +++ head/contrib/unbound/doc/unbound.conf.5.in (revision 268839) @@ -1,1130 +1,1141 @@ .TH "unbound.conf" "5" "Mar 12, 2014" "NLnet Labs" "unbound 1.4.22" .\" .\" unbound.conf.5 -- unbound.conf manual .\" .\" Copyright (c) 2007, NLnet Labs. All rights reserved. .\" .\" See LICENSE for the license. .\" .\" .SH "NAME" .LP .B unbound.conf \- Unbound configuration file. .SH "SYNOPSIS" .LP .B unbound.conf .SH "DESCRIPTION" .LP .B unbound.conf is used to configure \fIunbound\fR(8). The file format has attributes and values. Some attributes have attributes inside them. The notation is: attribute: value. .P Comments start with # and last to the end of line. Empty lines are ignored as is whitespace at the beginning of a line. .P The utility \fIunbound\-checkconf\fR(8) can be used to check unbound.conf prior to usage. .SH "EXAMPLE" An example config file is shown below. Copy this to /etc/unbound/unbound.conf and start the server with: .P .nf $ unbound \-c /etc/unbound/unbound.conf .fi .P Most settings are the defaults. Stop the server with: .P .nf $ kill `cat /etc/unbound/unbound.pid` .fi .P Below is a minimal config file. The source distribution contains an extensive example.conf file with all the options. .P .nf # unbound.conf(5) config file for unbound(8). server: directory: "/etc/unbound" username: unbound # make sure unbound can access entropy from inside the chroot. # e.g. on linux the use these commands (on BSD, devfs(8) is used): # mount \-\-bind \-n /dev/random /etc/unbound/dev/random # and mount \-\-bind \-n /dev/log /etc/unbound/dev/log chroot: "/etc/unbound" # logfile: "/etc/unbound/unbound.log" #uncomment to use logfile. pidfile: "/etc/unbound/unbound.pid" # verbosity: 1 # uncomment and increase to get more logging. # listen on all interfaces, answer queries from the local subnet. interface: 0.0.0.0 interface: ::0 access\-control: 10.0.0.0/8 allow access\-control: 2001:DB8::/64 allow .fi .SH "FILE FORMAT" .LP There must be whitespace between keywords. Attribute keywords end with a colon ':'. An attribute is followed by its containing attributes, or a value. .P Files can be included using the .B include: directive. It can appear anywhere, it accepts a single file name as argument. Processing continues as if the text from the included file was copied into the config file at that point. If also using chroot, using full path names for the included files works, relative pathnames for the included names work if the directory where the daemon is started equals its chroot/working directory. Wildcards can be used to include multiple files, see \fIglob\fR(7). .SS "Server Options" These options are part of the .B server: clause. .TP .B verbosity: \fI The verbosity number, level 0 means no verbosity, only errors. Level 1 gives operational information. Level 2 gives detailed operational information. Level 3 gives query level information, output per query. Level 4 gives algorithm level information. Level 5 logs client identification for cache misses. Default is level 1. The verbosity can also be increased from the commandline, see \fIunbound\fR(8). .TP .B statistics\-interval: \fI The number of seconds between printing statistics to the log for every thread. Disable with value 0 or "". Default is disabled. The histogram statistics are only printed if replies were sent during the statistics interval, requestlist statistics are printed for every interval (but can be 0). This is because the median calculation requires data to be present. .TP .B statistics\-cumulative: \fI If enabled, statistics are cumulative since starting unbound, without clearing the statistics counters after logging the statistics. Default is no. .TP .B extended\-statistics: \fI If enabled, extended statistics are printed from \fIunbound\-control\fR(8). Default is off, because keeping track of more statistics takes time. The counters are listed in \fIunbound\-control\fR(8). .TP .B num\-threads: \fI The number of threads to create to serve clients. Use 1 for no threading. .TP .B port: \fI The port number, default 53, on which the server responds to queries. .TP .B interface: \fI Interface to use to connect to the network. This interface is listened to for queries from clients, and answers to clients are given from it. Can be given multiple times to work on several interfaces. If none are given the default is to listen to localhost. The interfaces are not changed on a reload (kill \-HUP) but only on restart. A port number can be specified with @port (without spaces between interface and port number), if not specified the default port (from \fBport\fR) is used. .TP .B ip\-address: \fI Same as interface: (for easy of compatibility with nsd.conf). .TP .B interface\-automatic: \fI Detect source interface on UDP queries and copy them to replies. This feature is experimental, and needs support in your OS for particular socket options. Default value is no. .TP .B outgoing\-interface: \fI Interface to use to connect to the network. This interface is used to send queries to authoritative servers and receive their replies. Can be given multiple times to work on several interfaces. If none are given the default (all) is used. You can specify the same interfaces in .B interface: and .B outgoing\-interface: lines, the interfaces are then used for both purposes. Outgoing queries are sent via a random outgoing interface to counter spoofing. .TP .B outgoing\-range: \fI Number of ports to open. This number of file descriptors can be opened per thread. Must be at least 1. Default depends on compile options. Larger numbers need extra resources from the operating system. For performance a a very large value is best, use libevent to make this possible. .TP .B outgoing\-port\-permit: \fI Permit unbound to open this port or range of ports for use to send queries. A larger number of permitted outgoing ports increases resilience against spoofing attempts. Make sure these ports are not needed by other daemons. By default only ports above 1024 that have not been assigned by IANA are used. Give a port number or a range of the form "low\-high", without spaces. .IP The \fBoutgoing\-port\-permit\fR and \fBoutgoing\-port\-avoid\fR statements are processed in the line order of the config file, adding the permitted ports and subtracting the avoided ports from the set of allowed ports. The processing starts with the non IANA allocated ports above 1024 in the set of allowed ports. .TP .B outgoing\-port\-avoid: \fI Do not permit unbound to open this port or range of ports for use to send queries. Use this to make sure unbound does not grab a port that another daemon needs. The port is avoided on all outgoing interfaces, both IP4 and IP6. By default only ports above 1024 that have not been assigned by IANA are used. Give a port number or a range of the form "low\-high", without spaces. .TP .B outgoing\-num\-tcp: \fI Number of outgoing TCP buffers to allocate per thread. Default is 10. If set to 0, or if do_tcp is "no", no TCP queries to authoritative servers are done. .TP .B incoming\-num\-tcp: \fI Number of incoming TCP buffers to allocate per thread. Default is 10. If set to 0, or if do_tcp is "no", no TCP queries from clients are accepted. .TP .B edns\-buffer\-size: \fI Number of bytes size to advertise as the EDNS reassembly buffer size. This is the value put into datagrams over UDP towards peers. The actual buffer size is determined by msg\-buffer\-size (both for TCP and UDP). Do not set higher than that value. Default is 4096 which is RFC recommended. If you have fragmentation reassembly problems, usually seen as timeouts, then a value of 1480 can fix it. Setting to 512 bypasses even the most stringent path MTU problems, but is seen as extreme, since the amount of TCP fallback generated is excessive (probably also for this resolver, consider tuning the outgoing tcp number). .TP .B max\-udp\-size: \fI Maximum UDP response size (not applied to TCP response). 65536 disables the udp response size maximum, and uses the choice from the client, always. Suggested values are 512 to 4096. Default is 4096. .TP .B msg\-buffer\-size: \fI Number of bytes size of the message buffers. Default is 65552 bytes, enough for 64 Kb packets, the maximum DNS message size. No message larger than this can be sent or received. Can be reduced to use less memory, but some requests for DNS data, such as for huge resource records, will result in a SERVFAIL reply to the client. .TP .B msg\-cache\-size: \fI Number of bytes size of the message cache. Default is 4 megabytes. A plain number is in bytes, append 'k', 'm' or 'g' for kilobytes, megabytes or gigabytes (1024*1024 bytes in a megabyte). .TP .B msg\-cache\-slabs: \fI Number of slabs in the message cache. Slabs reduce lock contention by threads. Must be set to a power of 2. Setting (close) to the number of cpus is a reasonable guess. .TP .B num\-queries\-per\-thread: \fI The number of queries that every thread will service simultaneously. If more queries arrive that need servicing, and no queries can be jostled out (see \fIjostle\-timeout\fR), then the queries are dropped. This forces the client to resend after a timeout; allowing the server time to work on the existing queries. Default depends on compile options, 512 or 1024. .TP .B jostle\-timeout: \fI Timeout used when the server is very busy. Set to a value that usually results in one roundtrip to the authority servers. If too many queries arrive, then 50% of the queries are allowed to run to completion, and the other 50% are replaced with the new incoming query if they have already spent more than their allowed time. This protects against denial of service by slow queries or high query rates. Default 200 milliseconds. The effect is that the qps for long-lasting queries is about (numqueriesperthread / 2) / (average time for such long queries) qps. The qps for short queries can be about (numqueriesperthread / 2) / (jostletimeout in whole seconds) qps per thread, about (1024/2)*5 = 2560 qps by default. .TP .B delay\-close: \fI Extra delay for timeouted UDP ports before they are closed, in msec. Default is 0, and that disables it. This prevents very delayed answer packets from the upstream (recursive) servers from bouncing against closed ports and setting off all sort of close-port counters, with eg. 1500 msec. When timeouts happen you need extra sockets, it checks the ID and remote IP of packets, and unwanted packets are added to the unwanted packet counter. .TP .B so\-rcvbuf: \fI If not 0, then set the SO_RCVBUF socket option to get more buffer space on UDP port 53 incoming queries. So that short spikes on busy servers do not drop packets (see counter in netstat \-su). Default is 0 (use system value). Otherwise, the number of bytes to ask for, try "4m" on a busy server. The OS caps it at a maximum, on linux unbound needs root permission to bypass the limit, or the admin can use sysctl net.core.rmem_max. On BSD change kern.ipc.maxsockbuf in /etc/sysctl.conf. On OpenBSD change header and recompile kernel. On Solaris ndd \-set /dev/udp udp_max_buf 8388608. .TP .B so\-sndbuf: \fI If not 0, then set the SO_SNDBUF socket option to get more buffer space on UDP port 53 outgoing queries. This for very busy servers handles spikes in answer traffic, otherwise 'send: resource temporarily unavailable' can get logged, the buffer overrun is also visible by netstat \-su. Default is 0 (use system value). Specify the number of bytes to ask for, try "4m" on a very busy server. The OS caps it at a maximum, on linux unbound needs root permission to bypass the limit, or the admin can use sysctl net.core.wmem_max. On BSD, Solaris changes are similar to so\-rcvbuf. .TP .B so\-reuseport: \fI If yes, then open dedicated listening sockets for incoming queries for each thread and try to set the SO_REUSEPORT socket option on each socket. May distribute incoming queries to threads more evenly. Default is no. Only supported on Linux >= 3.9. You can enable it (on any platform and kernel), it then attempts to open the port and passes the option if it was available at compile time, if that works it is used, if it fails, it continues silently (unless verbosity 3) without the option. .TP .B rrset\-cache\-size: \fI Number of bytes size of the RRset cache. Default is 4 megabytes. A plain number is in bytes, append 'k', 'm' or 'g' for kilobytes, megabytes or gigabytes (1024*1024 bytes in a megabyte). .TP .B rrset\-cache\-slabs: \fI Number of slabs in the RRset cache. Slabs reduce lock contention by threads. Must be set to a power of 2. .TP .B cache\-max\-ttl: \fI Time to live maximum for RRsets and messages in the cache. Default is 86400 seconds (1 day). If the maximum kicks in, responses to clients still get decrementing TTLs based on the original (larger) values. When the internal TTL expires, the cache item has expired. Can be set lower to force the resolver to query for data often, and not trust (very large) TTL values. .TP .B cache\-min\-ttl: \fI Time to live minimum for RRsets and messages in the cache. Default is 0. If the the minimum kicks in, the data is cached for longer than the domain owner intended, and thus less queries are made to look up the data. Zero makes sure the data in the cache is as the domain owner intended, higher values, especially more than an hour or so, can lead to trouble as the data in the cache does not match up with the actual data any more. .TP .B infra\-host\-ttl: \fI Time to live for entries in the host cache. The host cache contains roundtrip timing, lameness and EDNS support information. Default is 900. .TP .B infra\-cache\-slabs: \fI Number of slabs in the infrastructure cache. Slabs reduce lock contention by threads. Must be set to a power of 2. .TP .B infra\-cache\-numhosts: \fI Number of hosts for which information is cached. Default is 10000. .TP .B do\-ip4: \fI Enable or disable whether ip4 queries are answered or issued. Default is yes. .TP .B do\-ip6: \fI Enable or disable whether ip6 queries are answered or issued. Default is yes. If disabled, queries are not answered on IPv6, and queries are not sent on IPv6 to the internet nameservers. .TP .B do\-udp: \fI Enable or disable whether UDP queries are answered or issued. Default is yes. .TP .B do\-tcp: \fI Enable or disable whether TCP queries are answered or issued. Default is yes. .TP .B tcp\-upstream: \fI Enable or disable whether the upstream queries use TCP only for transport. Default is no. Useful in tunneling scenarios. .TP .B ssl\-upstream: \fI Enabled or disable whether the upstream queries use SSL only for transport. Default is no. Useful in tunneling scenarios. The SSL contains plain DNS in TCP wireformat. The other server must support this (see \fBssl\-service\-key\fR). .TP .B ssl\-service-key: \fI If enabled, the server provider SSL service on its TCP sockets. The clients have to use ssl\-upstream: yes. The file is the private key for the TLS session. The public certificate is in the ssl\-service\-pem file. Default is "", turned off. Requires a restart (a reload is not enough) if changed, because the private key is read while root permissions are held and before chroot (if any). Normal DNS TCP service is not provided and gives errors, this service is best run with a different \fBport:\fR config or \fI@port\fR suffixes in the \fBinterface\fR config. .TP .B ssl\-service\-pem: \fI The public key certificate pem file for the ssl service. Default is "", turned off. .TP .B ssl\-port: \fI The port number on which to provide TCP SSL service, default 443, only interfaces configured with that port number as @number get the SSL service. .TP .B do\-daemonize: \fI Enable or disable whether the unbound server forks into the background as a daemon. Default is yes. .TP .B access\-control: \fI The netblock is given as an IP4 or IP6 address with /size appended for a classless network block. The action can be \fIdeny\fR, \fIrefuse\fR, \fIallow\fR, \fIallow_snoop\fR, \fIdeny_non_local\fR or \fIrefuse_non_local\fR. .IP The action \fIdeny\fR stops queries from hosts from that netblock. .IP The action \fIrefuse\fR stops queries too, but sends a DNS rcode REFUSED error message back. .IP The action \fIallow\fR gives access to clients from that netblock. It gives only access for recursion clients (which is what almost all clients need). Nonrecursive queries are refused. .IP The \fIallow\fR action does allow nonrecursive queries to access the local\-data that is configured. The reason is that this does not involve the unbound server recursive lookup algorithm, and static data is served in the reply. This supports normal operations where nonrecursive queries are made for the authoritative data. For nonrecursive queries any replies from the dynamic cache are refused. .IP The action \fIallow_snoop\fR gives nonrecursive access too. This give both recursive and non recursive access. The name \fIallow_snoop\fR refers to cache snooping, a technique to use nonrecursive queries to examine the cache contents (for malicious acts). However, nonrecursive queries can also be a valuable debugging tool (when you want to examine the cache contents). In that case use \fIallow_snoop\fR for your administration host. .IP By default only localhost is \fIallow\fRed, the rest is \fIrefuse\fRd. The default is \fIrefuse\fRd, because that is protocol\-friendly. The DNS protocol is not designed to handle dropped packets due to policy, and dropping may result in (possibly excessive) retried queries. .IP The deny_non_local and refuse_non_local settings are for hosts that are only allowed to query for the authoritative local\-data, they are not allowed full recursion but only the static data. With deny_non_local, messages that are disallowed are dropped, with refuse_non_local they receive error code REFUSED. .TP .B chroot: \fI If chroot is enabled, you should pass the configfile (from the commandline) as a full path from the original root. After the chroot has been performed the now defunct portion of the config file path is removed to be able to reread the config after a reload. .IP All other file paths (working dir, logfile, roothints, and key files) can be specified in several ways: as an absolute path relative to the new root, as a relative path to the working directory, or as an absolute path relative to the original root. In the last case the path is adjusted to remove the unused portion. .IP The pidfile can be either a relative path to the working directory, or an absolute path relative to the original root. It is written just prior to chroot and dropping permissions. This allows the pidfile to be /var/run/unbound.pid and the chroot to be /var/unbound, for example. .IP Additionally, unbound may need to access /dev/random (for entropy) from inside the chroot. .IP If given a chroot is done to the given directory. The default is "@UNBOUND_CHROOT_DIR@". If you give "" no chroot is performed. .TP .B username: \fI If given, after binding the port the user privileges are dropped. Default is "@UNBOUND_USERNAME@". If you give username: "" no user change is performed. .IP If this user is not capable of binding the port, reloads (by signal HUP) will still retain the opened ports. If you change the port number in the config file, and that new port number requires privileges, then a reload will fail; a restart is needed. .TP .B directory: \fI Sets the working directory for the program. Default is "@UNBOUND_RUN_DIR@". .TP .B logfile: \fI If "" is given, logging goes to stderr, or nowhere once daemonized. The logfile is appended to, in the following format: .nf [seconds since 1970] unbound[pid:tid]: type: message. .fi If this option is given, the use\-syslog is option is set to "no". The logfile is reopened (for append) when the config file is reread, on SIGHUP. .TP .B use\-syslog: \fI Sets unbound to send log messages to the syslogd, using \fIsyslog\fR(3). The log facility LOG_DAEMON is used, with identity "unbound". The logfile setting is overridden when use\-syslog is turned on. The default is to log to syslog. .TP .B log\-time\-ascii: \fI Sets logfile lines to use a timestamp in UTC ascii. Default is no, which prints the seconds since 1970 in brackets. No effect if using syslog, in that case syslog formats the timestamp printed into the log files. .TP .B log\-queries: \fI Prints one line per query to the log, with the log timestamp and IP address, name, type and class. Default is no. Note that it takes time to print these lines which makes the server (significantly) slower. Odd (nonprintable) characters in names are printed as '?'. .TP .B pidfile: \fI The process id is written to the file. Default is "@UNBOUND_PIDFILE@". So, .nf kill \-HUP `cat @UNBOUND_PIDFILE@` .fi triggers a reload, .nf kill \-QUIT `cat @UNBOUND_PIDFILE@` .fi gracefully terminates. .TP .B root\-hints: \fI Read the root hints from this file. Default is nothing, using builtin hints for the IN class. The file has the format of zone files, with root nameserver names and addresses only. The default may become outdated, when servers change, therefore it is good practice to use a root\-hints file. .TP .B hide\-identity: \fI If enabled id.server and hostname.bind queries are refused. .TP .B identity: \fI Set the identity to report. If set to "", the default, then the hostname of the server is returned. .TP .B hide\-version: \fI If enabled version.server and version.bind queries are refused. .TP .B version: \fI Set the version to report. If set to "", the default, then the package version is returned. .TP .B target\-fetch\-policy: \fI<"list of numbers"> Set the target fetch policy used by unbound to determine if it should fetch nameserver target addresses opportunistically. The policy is described per dependency depth. .IP The number of values determines the maximum dependency depth that unbound will pursue in answering a query. A value of \-1 means to fetch all targets opportunistically for that dependency depth. A value of 0 means to fetch on demand only. A positive value fetches that many targets opportunistically. .IP Enclose the list between quotes ("") and put spaces between numbers. The default is "3 2 1 0 0". Setting all zeroes, "0 0 0 0 0" gives behaviour closer to that of BIND 9, while setting "\-1 \-1 \-1 \-1 \-1" gives behaviour rumoured to be closer to that of BIND 8. .TP .B harden\-short\-bufsize: \fI Very small EDNS buffer sizes from queries are ignored. Default is off, since it is legal protocol wise to send these, and unbound tries to give very small answers to these queries, where possible. .TP .B harden\-large\-queries: \fI Very large queries are ignored. Default is off, since it is legal protocol wise to send these, and could be necessary for operation if TSIG or EDNS payload is very large. .TP .B harden\-glue: \fI Will trust glue only if it is within the servers authority. Default is on. .TP .B harden\-dnssec\-stripped: \fI Require DNSSEC data for trust\-anchored zones, if such data is absent, the zone becomes bogus. If turned off, and no DNSSEC data is received (or the DNSKEY data fails to validate), then the zone is made insecure, this behaves like there is no trust anchor. You could turn this off if you are sometimes behind an intrusive firewall (of some sort) that removes DNSSEC data from packets, or a zone changes from signed to unsigned to badly signed often. If turned off you run the risk of a downgrade attack that disables security for a zone. Default is on. .TP .B harden\-below\-nxdomain: \fI From draft\-vixie\-dnsext\-resimprove, returns nxdomain to queries for a name below another name that is already known to be nxdomain. DNSSEC mandates noerror for empty nonterminals, hence this is possible. Very old software might return nxdomain for empty nonterminals (that usually happen for reverse IP address lookups), and thus may be incompatible with this. To try to avoid this only DNSSEC-secure nxdomains are used, because the old software does not have DNSSEC. Default is off. .TP .B harden\-referral\-path: \fI Harden the referral path by performing additional queries for infrastructure data. Validates the replies if trust anchors are configured and the zones are signed. This enforces DNSSEC validation on nameserver NS sets and the nameserver addresses that are encountered on the referral path to the answer. Default off, because it burdens the authority servers, and it is not RFC standard, and could lead to performance problems because of the extra query load that is generated. Experimental option. If you enable it consider adding more numbers after the target\-fetch\-policy to increase the max depth that is checked to. .TP .B use\-caps\-for\-id: \fI Use 0x20\-encoded random bits in the query to foil spoof attempts. This perturbs the lowercase and uppercase of query names sent to authority servers and checks if the reply still has the correct casing. Disabled by default. This feature is an experimental implementation of draft dns\-0x20. .TP .B private\-address: \fI Give IPv4 of IPv6 addresses or classless subnets. These are addresses on your private network, and are not allowed to be returned for public internet names. Any occurence of such addresses are removed from DNS answers. Additionally, the DNSSEC validator may mark the answers bogus. This protects against so\-called DNS Rebinding, where a user browser is turned into a network proxy, allowing remote access through the browser to other parts of your private network. Some names can be allowed to contain your private addresses, by default all the \fBlocal\-data\fR that you configured is allowed to, and you can specify additional names using \fBprivate\-domain\fR. No private addresses are enabled by default. We consider to enable this for the RFC1918 private IP address space by default in later releases. That would enable private addresses for 10.0.0.0/8 172.16.0.0/12 192.168.0.0/16 169.254.0.0/16 fd00::/8 and fe80::/10, since the RFC standards say these addresses should not be visible on the public internet. Turning on 127.0.0.0/8 would hinder many spamblocklists as they use that. .TP .B private\-domain: \fI Allow this domain, and all its subdomains to contain private addresses. Give multiple times to allow multiple domain names to contain private addresses. Default is none. .TP .B unwanted\-reply\-threshold: \fI If set, a total number of unwanted replies is kept track of in every thread. When it reaches the threshold, a defensive action is taken and a warning is printed to the log. The defensive action is to clear the rrset and message caches, hopefully flushing away any poison. A value of 10 million is suggested. Default is 0 (turned off). .TP .B do\-not\-query\-address: \fI Do not query the given IP address. Can be IP4 or IP6. Append /num to indicate a classless delegation netblock, for example like 10.2.3.4/24 or 2001::11/64. .TP .B do\-not\-query\-localhost: \fI If yes, localhost is added to the do\-not\-query\-address entries, both IP6 ::1 and IP4 127.0.0.1/8. If no, then localhost can be used to send queries to. Default is yes. .TP .B prefetch: \fI If yes, message cache elements are prefetched before they expire to keep the cache up to date. Default is no. Turning it on gives about 10 percent more traffic and load on the machine, but popular items do not expire from the cache. .TP .B prefetch-key: \fI If yes, fetch the DNSKEYs earlier in the validation process, when a DS record is encountered. This lowers the latency of requests. It does use a little more CPU. Also if the cache is set to 0, it is no use. Default is no. .TP .B rrset-roundrobin: \fI If yes, Unbound rotates RRSet order in response (the random number is taken from the query ID, for speed and thread safety). Default is no. .TP .B minimal-responses: \fI If yes, Unbound doesn't insert authority/additional sections into response messages when those sections are not required. This reduces response size significantly, and may avoid TCP fallback for some responses. This may cause a slight speedup. The default is no, because the DNS protocol RFCs mandate these sections, and the additional content could be of use and save roundtrips for clients. .TP .B module\-config: \fI<"module names"> Module configuration, a list of module names separated by spaces, surround the string with quotes (""). The modules can be validator, iterator. Setting this to "iterator" will result in a non\-validating server. Setting this to "validator iterator" will turn on DNSSEC validation. The ordering of the modules is important. You must also set trust\-anchors for validation to be useful. .TP .B trust\-anchor\-file: \fI File with trusted keys for validation. Both DS and DNSKEY entries can appear in the file. The format of the file is the standard DNS Zone file format. Default is "", or no trust anchor file. .TP .B auto\-trust\-anchor\-file: \fI File with trust anchor for one zone, which is tracked with RFC5011 probes. The probes are several times per month, thus the machine must be online frequently. The initial file can be one with contents as described in \fBtrust\-anchor\-file\fR. The file is written to when the anchor is updated, so the unbound user must have write permission. .TP .B trust\-anchor: \fI<"Resource Record"> A DS or DNSKEY RR for a key to use for validation. Multiple entries can be given to specify multiple trusted keys, in addition to the trust\-anchor\-files. The resource record is entered in the same format as 'dig' or 'drill' prints them, the same format as in the zone file. Has to be on a single line, with "" around it. A TTL can be specified for ease of cut and paste, but is ignored. A class can be specified, but class IN is default. .TP .B trusted\-keys\-file: \fI File with trusted keys for validation. Specify more than one file with several entries, one file per entry. Like \fBtrust\-anchor\-file\fR but has a different file format. Format is BIND\-9 style format, the trusted\-keys { name flag proto algo "key"; }; clauses are read. It is possible to use wildcards with this statement, the wildcard is expanded on start and on reload. .TP .B dlv\-anchor\-file: \fI File with trusted keys for DLV (DNSSEC Lookaside Validation). Both DS and DNSKEY entries can be used in the file, in the same format as for \fItrust\-anchor\-file:\fR statements. Only one DLV can be configured, more would be slow. The DLV configured is used as a root trusted DLV, this means that it is a lookaside for the root. Default is "", or no dlv anchor file. .TP .B dlv\-anchor: \fI<"Resource Record"> Much like trust\-anchor, this is a DLV anchor with the DS or DNSKEY inline. .TP .B domain\-insecure: \fI Sets domain name to be insecure, DNSSEC chain of trust is ignored towards the domain name. So a trust anchor above the domain name can not make the domain secure with a DS record, such a DS record is then ignored. Also keys from DLV are ignored for the domain. Can be given multiple times to specify multiple domains that are treated as if unsigned. If you set trust anchors for the domain they override this setting (and the domain is secured). .IP This can be useful if you want to make sure a trust anchor for external lookups does not affect an (unsigned) internal domain. A DS record externally can create validation failures for that internal domain. .TP .B val\-override\-date: \fI Default is "" or "0", which disables this debugging feature. If enabled by giving a RRSIG style date, that date is used for verifying RRSIG inception and expiration dates, instead of the current date. Do not set this unless you are debugging signature inception and expiration. The value \-1 ignores the date altogether, useful for some special applications. .TP .B val\-sig\-skew\-min: \fI Minimum number of seconds of clock skew to apply to validated signatures. A value of 10% of the signature lifetime (expiration \- inception) is used, capped by this setting. Default is 3600 (1 hour) which allows for daylight savings differences. Lower this value for more strict checking of short lived signatures. .TP .B val\-sig\-skew\-max: \fI Maximum number of seconds of clock skew to apply to validated signatures. A value of 10% of the signature lifetime (expiration \- inception) is used, capped by this setting. Default is 86400 (24 hours) which allows for timezone setting problems in stable domains. Setting both min and max very low disables the clock skew allowances. Setting both min and max very high makes the validator check the signature timestamps less strictly. .TP .B val\-bogus\-ttl: \fI The time to live for bogus data. This is data that has failed validation; due to invalid signatures or other checks. The TTL from that data cannot be trusted, and this value is used instead. The value is in seconds, default 60. The time interval prevents repeated revalidation of bogus data. .TP .B val\-clean\-additional: \fI Instruct the validator to remove data from the additional section of secure messages that are not signed properly. Messages that are insecure, bogus, indeterminate or unchecked are not affected. Default is yes. Use this setting to protect the users that rely on this validator for authentication from protentially bad data in the additional section. .TP .B val\-log\-level: \fI Have the validator print validation failures to the log. Regardless of the verbosity setting. Default is 0, off. At 1, for every user query that fails a line is printed to the logs. This way you can monitor what happens with validation. Use a diagnosis tool, such as dig or drill, to find out why validation is failing for these queries. At 2, not only the query that failed is printed but also the reason why unbound thought it was wrong and which server sent the faulty data. .TP .B val\-permissive\-mode: \fI Instruct the validator to mark bogus messages as indeterminate. The security checks are performed, but if the result is bogus (failed security), the reply is not withheld from the client with SERVFAIL as usual. The client receives the bogus data. For messages that are found to be secure the AD bit is set in replies. Also logging is performed as for full validation. The default value is "no". .TP .B ignore\-cd\-flag: \fI Instruct unbound to ignore the CD flag from clients and refuse to return bogus answers to them. Thus, the CD (Checking Disabled) flag does not disable checking any more. This is useful if legacy (w2008) servers that set the CD flag but cannot validate DNSSEC themselves are the clients, and then unbound provides them with DNSSEC protection. The default value is "no". .TP .B val\-nsec3\-keysize\-iterations: \fI<"list of values"> List of keysize and iteration count values, separated by spaces, surrounded by quotes. Default is "1024 150 2048 500 4096 2500". This determines the maximum allowed NSEC3 iteration count before a message is simply marked insecure instead of performing the many hashing iterations. The list must be in ascending order and have at least one entry. If you set it to "1024 65535" there is no restriction to NSEC3 iteration values. This table must be kept short; a very long list could cause slower operation. .TP .B add\-holddown: \fI Instruct the \fBauto\-trust\-anchor\-file\fR probe mechanism for RFC5011 autotrust updates to add new trust anchors only after they have been visible for this time. Default is 30 days as per the RFC. .TP .B del\-holddown: \fI Instruct the \fBauto\-trust\-anchor\-file\fR probe mechanism for RFC5011 autotrust updates to remove revoked trust anchors after they have been kept in the revoked list for this long. Default is 30 days as per the RFC. .TP .B keep\-missing: \fI Instruct the \fBauto\-trust\-anchor\-file\fR probe mechanism for RFC5011 autotrust updates to remove missing trust anchors after they have been unseen for this long. This cleans up the state file if the target zone does not perform trust anchor revocation, so this makes the auto probe mechanism work with zones that perform regular (non\-5011) rollovers. The default is 366 days. The value 0 does not remove missing anchors, as per the RFC. .TP .B key\-cache\-size: \fI Number of bytes size of the key cache. Default is 4 megabytes. A plain number is in bytes, append 'k', 'm' or 'g' for kilobytes, megabytes or gigabytes (1024*1024 bytes in a megabyte). .TP .B key\-cache\-slabs: \fI Number of slabs in the key cache. Slabs reduce lock contention by threads. Must be set to a power of 2. Setting (close) to the number of cpus is a reasonable guess. .TP .B neg\-cache\-size: \fI Number of bytes size of the aggressive negative cache. Default is 1 megabyte. A plain number is in bytes, append 'k', 'm' or 'g' for kilobytes, megabytes or gigabytes (1024*1024 bytes in a megabyte). .TP +.B unblock\-lan\-zones: \fI +Default is disabled. If enabled, then for private address space, +the reverse lookups are no longer filtered. This allows unbound when +running as dns service on a host where it provides service for that host, +to put out all of the queries for the 'lan' upstream. When enabled, +only localhost, 127.0.0.1 reverse and ::1 reverse zones are configured +with default local zones. Disable the option when unbound is running +as a (DHCP-) DNS network resolver for a group of machines, where such +lookups should be filtered (RFC compliance), this also stops potential +data leakage about the local network to the upstream DNS servers. +.TP .B local\-zone: \fI Configure a local zone. The type determines the answer to give if there is no match from local\-data. The types are deny, refuse, static, transparent, redirect, nodefault, typetransparent, and are explained below. After that the default settings are listed. Use local\-data: to enter data into the local zone. Answers for local zones are authoritative DNS answers. By default the zones are class IN. .IP If you need more complicated authoritative data, with referrals, wildcards, CNAME/DNAME support, or DNSSEC authoritative service, setup a stub\-zone for it as detailed in the stub zone section below. .TP 10 \h'5'\fIdeny\fR Do not send an answer, drop the query. If there is a match from local data, the query is answered. .TP 10 \h'5'\fIrefuse\fR Send an error message reply, with rcode REFUSED. If there is a match from local data, the query is answered. .TP 10 \h'5'\fIstatic\fR If there is a match from local data, the query is answered. Otherwise, the query is answered with nodata or nxdomain. For a negative answer a SOA is included in the answer if present as local\-data for the zone apex domain. .TP 10 \h'5'\fItransparent\fR If there is a match from local data, the query is answered. Otherwise if the query has a different name, the query is resolved normally. If the query is for a name given in localdata but no such type of data is given in localdata, then a noerror nodata answer is returned. If no local\-zone is given local\-data causes a transparent zone to be created by default. .TP 10 \h'5'\fItypetransparent\fR If there is a match from local data, the query is answered. If the query is for a different name, or for the same name but for a different type, the query is resolved normally. So, similar to transparent but types that are not listed in local data are resolved normally, so if an A record is in the local data that does not cause a nodata reply for AAAA queries. .TP 10 \h'5'\fIredirect\fR The query is answered from the local data for the zone name. There may be no local data beneath the zone name. This answers queries for the zone, and all subdomains of the zone with the local data for the zone. It can be used to redirect a domain to return a different address record to the end user, with local\-zone: "example.com." redirect and local\-data: "example.com. A 127.0.0.1" queries for www.example.com and www.foo.example.com are redirected, so that users with web browsers cannot access sites with suffix example.com. .TP 10 \h'5'\fInodefault\fR Used to turn off default contents for AS112 zones. The other types also turn off default contents for the zone. The 'nodefault' option has no other effect than turning off default contents for the given zone. .P The default zones are localhost, reverse 127.0.0.1 and ::1, and the AS112 zones. The AS112 zones are reverse DNS zones for private use and reserved IP addresses for which the servers on the internet cannot provide correct answers. They are configured by default to give nxdomain (no reverse information) answers. The defaults can be turned off by specifying your own local\-zone of that name, or using the 'nodefault' type. Below is a list of the default zone contents. .TP 10 \h'5'\fIlocalhost\fR The IP4 and IP6 localhost information is given. NS and SOA records are provided for completeness and to satisfy some DNS update tools. Default content: .nf local\-zone: "localhost." static local\-data: "localhost. 10800 IN NS localhost." local\-data: "localhost. 10800 IN SOA localhost. nobody.invalid. 1 3600 1200 604800 10800" local\-data: "localhost. 10800 IN A 127.0.0.1" local\-data: "localhost. 10800 IN AAAA ::1" .fi .TP 10 \h'5'\fIreverse IPv4 loopback\fR Default content: .nf local\-zone: "127.in\-addr.arpa." static local\-data: "127.in\-addr.arpa. 10800 IN NS localhost." local\-data: "127.in\-addr.arpa. 10800 IN SOA localhost. nobody.invalid. 1 3600 1200 604800 10800" local\-data: "1.0.0.127.in\-addr.arpa. 10800 IN PTR localhost." .fi .TP 10 \h'5'\fIreverse IPv6 loopback\fR Default content: .nf local\-zone: "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0. 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa." static local\-data: "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0. 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa. 10800 IN NS localhost." local\-data: "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0. 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa. 10800 IN SOA localhost. nobody.invalid. 1 3600 1200 604800 10800" local\-data: "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0. 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa. 10800 IN PTR localhost." .fi .TP 10 \h'5'\fIreverse RFC1918 local use zones\fR Reverse data for zones 10.in\-addr.arpa, 16.172.in\-addr.arpa to 31.172.in\-addr.arpa, 168.192.in\-addr.arpa. The \fBlocal\-zone:\fR is set static and as \fBlocal\-data:\fR SOA and NS records are provided. .TP 10 \h'5'\fIreverse RFC3330 IP4 this, link\-local, testnet and broadcast\fR Reverse data for zones 0.in\-addr.arpa, 254.169.in\-addr.arpa, 2.0.192.in\-addr.arpa (TEST NET 1), 100.51.198.in\-addr.arpa (TEST NET 2), 113.0.203.in\-addr.arpa (TEST NET 3), 255.255.255.255.in\-addr.arpa. .TP 10 \h'5'\fIreverse RFC4291 IP6 unspecified\fR Reverse data for zone .nf 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0. 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa. .fi .TP 10 \h'5'\fIreverse RFC4193 IPv6 Locally Assigned Local Addresses\fR Reverse data for zone D.F.ip6.arpa. .TP 10 \h'5'\fIreverse RFC4291 IPv6 Link Local Addresses\fR Reverse data for zones 8.E.F.ip6.arpa to B.E.F.ip6.arpa. .TP 10 \h'5'\fIreverse IPv6 Example Prefix\fR Reverse data for zone 8.B.D.0.1.0.0.2.ip6.arpa. This zone is used for tutorials and examples. You can remove the block on this zone with: .nf local\-zone: 8.B.D.0.1.0.0.2.ip6.arpa. nodefault .fi You can also selectively unblock a part of the zone by making that part transparent with a local\-zone statement. This also works with the other default zones. .\" End of local-zone listing. .TP 5 .B local\-data: \fI"" Configure local data, which is served in reply to queries for it. The query has to match exactly unless you configure the local\-zone as redirect. If not matched exactly, the local\-zone type determines further processing. If local\-data is configured that is not a subdomain of a local\-zone, a transparent local\-zone is configured. For record types such as TXT, use single quotes, as in local\-data: 'example. TXT "text"'. .IP If you need more complicated authoritative data, with referrals, wildcards, CNAME/DNAME support, or DNSSEC authoritative service, setup a stub\-zone for it as detailed in the stub zone section below. .TP 5 .B local\-data\-ptr: \fI"IPaddr name" Configure local data shorthand for a PTR record with the reversed IPv4 or IPv6 address and the host name. For example "192.0.2.4 www.example.com". TTL can be inserted like this: "2001:DB8::4 7200 www.example.com" .SS "Remote Control Options" In the .B remote\-control: clause are the declarations for the remote control facility. If this is enabled, the \fIunbound\-control\fR(8) utility can be used to send commands to the running unbound server. The server uses these clauses to setup SSLv3 / TLSv1 security for the connection. The \fIunbound\-control\fR(8) utility also reads the \fBremote\-control\fR section for options. To setup the correct self\-signed certificates use the \fIunbound\-control\-setup\fR(8) utility. .TP 5 .B control\-enable: \fI The option is used to enable remote control, default is "no". If turned off, the server does not listen for control commands. .TP 5 .B control\-interface: Give IPv4 or IPv6 addresses to listen on for control commands. By default localhost (127.0.0.1 and ::1) is listened to. Use 0.0.0.0 and ::0 to listen to all interfaces. .TP 5 .B control\-port: The port number to listen on for control commands, default is 8953. If you change this port number, and permissions have been dropped, a reload is not sufficient to open the port again, you must then restart. .TP 5 .B server\-key\-file: "" Path to the server private key, by default unbound_server.key. This file is generated by the \fIunbound\-control\-setup\fR utility. This file is used by the unbound server, but not by \fIunbound\-control\fR. .TP 5 .B server\-cert\-file: "" Path to the server self signed certificate, by default unbound_server.pem. This file is generated by the \fIunbound\-control\-setup\fR utility. This file is used by the unbound server, and also by \fIunbound\-control\fR. .TP 5 .B control\-key\-file: "" Path to the control client private key, by default unbound_control.key. This file is generated by the \fIunbound\-control\-setup\fR utility. This file is used by \fIunbound\-control\fR. .TP 5 .B control\-cert\-file: "" Path to the control client certificate, by default unbound_control.pem. This certificate has to be signed with the server certificate. This file is generated by the \fIunbound\-control\-setup\fR utility. This file is used by \fIunbound\-control\fR. .SS "Stub Zone Options" .LP There may be multiple .B stub\-zone: clauses. Each with a name: and zero or more hostnames or IP addresses. For the stub zone this list of nameservers is used. Class IN is assumed. The servers should be authority servers, not recursors; unbound performs the recursive processing itself for stub zones. .P The stub zone can be used to configure authoritative data to be used by the resolver that cannot be accessed using the public internet servers. This is useful for company\-local data or private zones. Setup an authoritative server on a different host (or different port). Enter a config entry for unbound with .B stub\-addr: . The unbound resolver can then access the data, without referring to the public internet for it. .P This setup allows DNSSEC signed zones to be served by that authoritative server, in which case a trusted key entry with the public key can be put in config, so that unbound can validate the data and set the AD bit on replies for the private zone (authoritative servers do not set the AD bit). This setup makes unbound capable of answering queries for the private zone, and can even set the AD bit ('authentic'), but the AA ('authoritative') bit is not set on these replies. .TP .B name: \fI Name of the stub zone. .TP .B stub\-host: \fI Name of stub zone nameserver. Is itself resolved before it is used. .TP .B stub\-addr: \fI IP address of stub zone nameserver. Can be IP 4 or IP 6. To use a nondefault port for DNS communication append '@' with the port number. .TP .B stub\-prime: \fI This option is by default off. If enabled it performs NS set priming, which is similar to root hints, where it starts using the list of nameservers currently published by the zone. Thus, if the hint list is slightly outdated, the resolver picks up a correct list online. .TP .B stub\-first: \fI If enabled, a query is attempted without the stub clause if it fails. The data could not be retrieved and would have caused SERVFAIL because the servers are unreachable, instead it is tried without this clause. The default is no. .SS "Forward Zone Options" .LP There may be multiple .B forward\-zone: clauses. Each with a \fBname:\fR and zero or more hostnames or IP addresses. For the forward zone this list of nameservers is used to forward the queries to. The servers listed as \fBforward\-host:\fR and \fBforward\-addr:\fR have to handle further recursion for the query. Thus, those servers are not authority servers, but are (just like unbound is) recursive servers too; unbound does not perform recursion itself for the forward zone, it lets the remote server do it. Class IN is assumed. A forward\-zone entry with name "." and a forward\-addr target will forward all queries to that other server (unless it can answer from the cache). .TP .B name: \fI Name of the forward zone. .TP .B forward\-host: \fI Name of server to forward to. Is itself resolved before it is used. .TP .B forward\-addr: \fI IP address of server to forward to. Can be IP 4 or IP 6. To use a nondefault port for DNS communication append '@' with the port number. .TP .B forward\-first: \fI If enabled, a query is attempted without the forward clause if it fails. The data could not be retrieved and would have caused SERVFAIL because the servers are unreachable, instead it is tried without this clause. The default is no. .SS "Python Module Options" .LP The .B python: clause gives the settings for the \fIpython\fR(1) script module. This module acts like the iterator and validator modules do, on queries and answers. To enable the script module it has to be compiled into the daemon, and the word "python" has to be put in the \fBmodule\-config:\fR option (usually first, or between the validator and iterator). .TP .B python\-script: \fI\fR The script file to load. .SH "MEMORY CONTROL EXAMPLE" In the example config settings below memory usage is reduced. Some service levels are lower, notable very large data and a high TCP load are no longer supported. Very large data and high TCP loads are exceptional for the DNS. DNSSEC validation is enabled, just add trust anchors. If you do not have to worry about programs using more than 3 Mb of memory, the below example is not for you. Use the defaults to receive full service, which on BSD\-32bit tops out at 30\-40 Mb after heavy usage. .P .nf # example settings that reduce memory usage server: num\-threads: 1 outgoing\-num\-tcp: 1 # this limits TCP service, uses less buffers. incoming\-num\-tcp: 1 outgoing\-range: 60 # uses less memory, but less performance. msg\-buffer\-size: 8192 # note this limits service, 'no huge stuff'. msg\-cache\-size: 100k msg\-cache\-slabs: 1 rrset\-cache\-size: 100k rrset\-cache\-slabs: 1 infra\-cache\-numhosts: 200 infra\-cache\-slabs: 1 key\-cache\-size: 100k key\-cache\-slabs: 1 neg\-cache\-size: 10k num\-queries\-per\-thread: 30 target\-fetch\-policy: "2 1 0 0 0 0" harden\-large\-queries: "yes" harden\-short\-bufsize: "yes" .fi .SH "FILES" .TP .I @UNBOUND_RUN_DIR@ default unbound working directory. .TP .I @UNBOUND_CHROOT_DIR@ default \fIchroot\fR(2) location. .TP .I @ub_conf_file@ unbound configuration file. .TP .I @UNBOUND_PIDFILE@ default unbound pidfile with process ID of the running daemon. .TP .I unbound.log unbound log file. default is to log to \fIsyslog\fR(3). .SH "SEE ALSO" \fIunbound\fR(8), \fIunbound\-checkconf\fR(8). .SH "AUTHORS" .B Unbound was written by NLnet Labs. Please see CREDITS file in the distribution for further details. Index: head/contrib/unbound/services/localzone.c =================================================================== --- head/contrib/unbound/services/localzone.c (revision 268838) +++ head/contrib/unbound/services/localzone.c (revision 268839) @@ -1,1326 +1,1336 @@ /* * services/localzone.c - local zones authority service. * * Copyright (c) 2007, NLnet Labs. All rights reserved. * * This software is open source. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * Redistributions of source code must retain the above copyright notice, * this list of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, * this list of conditions and the following disclaimer in the documentation * and/or other materials provided with the distribution. * * Neither the name of the NLNET LABS nor the names of its contributors may * be used to endorse or promote products derived from this software without * specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /** * \file * * This file contains functions to enable local zone authority service. */ #include "config.h" #include "services/localzone.h" #include "ldns/str2wire.h" #include "ldns/sbuffer.h" #include "util/regional.h" #include "util/config_file.h" #include "util/data/dname.h" #include "util/data/packed_rrset.h" #include "util/data/msgencode.h" #include "util/net_help.h" #include "util/data/msgreply.h" #include "util/data/msgparse.h" struct local_zones* local_zones_create(void) { struct local_zones* zones = (struct local_zones*)calloc(1, sizeof(*zones)); if(!zones) return NULL; rbtree_init(&zones->ztree, &local_zone_cmp); lock_rw_init(&zones->lock); lock_protect(&zones->lock, &zones->ztree, sizeof(zones->ztree)); /* also lock protects the rbnode's in struct local_zone */ return zones; } /** helper traverse to delete zones */ static void lzdel(rbnode_t* n, void* ATTR_UNUSED(arg)) { struct local_zone* z = (struct local_zone*)n->key; local_zone_delete(z); } void local_zones_delete(struct local_zones* zones) { if(!zones) return; lock_rw_destroy(&zones->lock); /* walk through zones and delete them all */ traverse_postorder(&zones->ztree, lzdel, NULL); free(zones); } void local_zone_delete(struct local_zone* z) { if(!z) return; lock_rw_destroy(&z->lock); regional_destroy(z->region); free(z->name); free(z); } int local_zone_cmp(const void* z1, const void* z2) { /* first sort on class, so that hierarchy can be maintained within * a class */ struct local_zone* a = (struct local_zone*)z1; struct local_zone* b = (struct local_zone*)z2; int m; if(a->dclass != b->dclass) { if(a->dclass < b->dclass) return -1; return 1; } return dname_lab_cmp(a->name, a->namelabs, b->name, b->namelabs, &m); } int local_data_cmp(const void* d1, const void* d2) { struct local_data* a = (struct local_data*)d1; struct local_data* b = (struct local_data*)d2; int m; return dname_canon_lab_cmp(a->name, a->namelabs, b->name, b->namelabs, &m); } /* form wireformat from text format domain name */ int parse_dname(const char* str, uint8_t** res, size_t* len, int* labs) { *res = sldns_str2wire_dname(str, len); *labs = 0; if(!*res) { log_err("cannot parse name %s", str); return 0; } *labs = dname_count_size_labels(*res, len); return 1; } /** create a new localzone */ static struct local_zone* local_zone_create(uint8_t* nm, size_t len, int labs, enum localzone_type t, uint16_t dclass) { struct local_zone* z = (struct local_zone*)calloc(1, sizeof(*z)); if(!z) { return NULL; } z->node.key = z; z->dclass = dclass; z->type = t; z->name = nm; z->namelen = len; z->namelabs = labs; lock_rw_init(&z->lock); z->region = regional_create(); if(!z->region) { free(z); return NULL; } rbtree_init(&z->data, &local_data_cmp); lock_protect(&z->lock, &z->parent, sizeof(*z)-sizeof(rbnode_t)); /* also the zones->lock protects node, parent, name*, class */ return z; } /** enter a new zone with allocated dname returns with WRlock */ static struct local_zone* lz_enter_zone_dname(struct local_zones* zones, uint8_t* nm, size_t len, int labs, enum localzone_type t, uint16_t c) { struct local_zone* z = local_zone_create(nm, len, labs, t, c); if(!z) { log_err("out of memory"); return NULL; } /* add to rbtree */ lock_rw_wrlock(&zones->lock); lock_rw_wrlock(&z->lock); if(!rbtree_insert(&zones->ztree, &z->node)) { log_warn("duplicate local-zone"); lock_rw_unlock(&z->lock); local_zone_delete(z); lock_rw_unlock(&zones->lock); return NULL; } lock_rw_unlock(&zones->lock); return z; } /** enter a new zone */ static struct local_zone* lz_enter_zone(struct local_zones* zones, const char* name, const char* type, uint16_t dclass) { struct local_zone* z; enum localzone_type t; uint8_t* nm; size_t len; int labs; if(!parse_dname(name, &nm, &len, &labs)) { log_err("bad zone name %s %s", name, type); return NULL; } if(!local_zone_str2type(type, &t)) { log_err("bad lz_enter_zone type %s %s", name, type); free(nm); return NULL; } if(!(z=lz_enter_zone_dname(zones, nm, len, labs, t, dclass))) { log_err("could not enter zone %s %s", name, type); return NULL; } return z; } /** return name and class and rdata of rr; parses string */ static int get_rr_content(const char* str, uint8_t** nm, uint16_t* type, uint16_t* dclass, time_t* ttl, uint8_t* rr, size_t len, uint8_t** rdata, size_t* rdata_len) { size_t dname_len = 0; int e = sldns_str2wire_rr_buf(str, rr, &len, &dname_len, 3600, NULL, 0, NULL, 0); if(e) { log_err("error parsing local-data at %d: '%s': %s", LDNS_WIREPARSE_OFFSET(e), str, sldns_get_errorstr_parse(e)); return 0; } *nm = memdup(rr, dname_len); if(!*nm) { log_err("out of memory"); return 0; } *dclass = sldns_wirerr_get_class(rr, len, dname_len); *type = sldns_wirerr_get_type(rr, len, dname_len); *ttl = (time_t)sldns_wirerr_get_ttl(rr, len, dname_len); *rdata = sldns_wirerr_get_rdatawl(rr, len, dname_len); *rdata_len = sldns_wirerr_get_rdatalen(rr, len, dname_len)+2; return 1; } /** return name and class of rr; parses string */ static int get_rr_nameclass(const char* str, uint8_t** nm, uint16_t* dclass) { uint8_t rr[LDNS_RR_BUF_SIZE]; size_t len = sizeof(rr), dname_len = 0; int s = sldns_str2wire_rr_buf(str, rr, &len, &dname_len, 3600, NULL, 0, NULL, 0); if(s != 0) { log_err("error parsing local-data at %d '%s': %s", LDNS_WIREPARSE_OFFSET(s), str, sldns_get_errorstr_parse(s)); return 0; } *nm = memdup(rr, dname_len); *dclass = sldns_wirerr_get_class(rr, len, dname_len); if(!*nm) { log_err("out of memory"); return 0; } return 1; } /** * Find an rrset in local data structure. * @param data: local data domain name structure. * @param type: type to look for (host order). * @return rrset pointer or NULL if not found. */ static struct local_rrset* local_data_find_type(struct local_data* data, uint16_t type) { struct local_rrset* p; type = htons(type); for(p = data->rrsets; p; p = p->next) { if(p->rrset->rk.type == type) return p; } return NULL; } /** check for RR duplicates */ static int rr_is_duplicate(struct packed_rrset_data* pd, uint8_t* rdata, size_t rdata_len) { size_t i; for(i=0; icount; i++) { if(pd->rr_len[i] == rdata_len && memcmp(pd->rr_data[i], rdata, rdata_len) == 0) return 1; } return 0; } /** new local_rrset */ static struct local_rrset* new_local_rrset(struct regional* region, struct local_data* node, uint16_t rrtype, uint16_t rrclass) { struct packed_rrset_data* pd; struct local_rrset* rrset = (struct local_rrset*) regional_alloc_zero(region, sizeof(*rrset)); if(!rrset) { log_err("out of memory"); return NULL; } rrset->next = node->rrsets; node->rrsets = rrset; rrset->rrset = (struct ub_packed_rrset_key*) regional_alloc_zero(region, sizeof(*rrset->rrset)); if(!rrset->rrset) { log_err("out of memory"); return NULL; } rrset->rrset->entry.key = rrset->rrset; pd = (struct packed_rrset_data*)regional_alloc_zero(region, sizeof(*pd)); if(!pd) { log_err("out of memory"); return NULL; } pd->trust = rrset_trust_prim_noglue; pd->security = sec_status_insecure; rrset->rrset->entry.data = pd; rrset->rrset->rk.dname = node->name; rrset->rrset->rk.dname_len = node->namelen; rrset->rrset->rk.type = htons(rrtype); rrset->rrset->rk.rrset_class = htons(rrclass); return rrset; } /** insert RR into RRset data structure; Wastes a couple of bytes */ static int insert_rr(struct regional* region, struct packed_rrset_data* pd, uint8_t* rdata, size_t rdata_len, time_t ttl) { size_t* oldlen = pd->rr_len; time_t* oldttl = pd->rr_ttl; uint8_t** olddata = pd->rr_data; /* add RR to rrset */ pd->count++; pd->rr_len = regional_alloc(region, sizeof(*pd->rr_len)*pd->count); pd->rr_ttl = regional_alloc(region, sizeof(*pd->rr_ttl)*pd->count); pd->rr_data = regional_alloc(region, sizeof(*pd->rr_data)*pd->count); if(!pd->rr_len || !pd->rr_ttl || !pd->rr_data) { log_err("out of memory"); return 0; } if(pd->count > 1) { memcpy(pd->rr_len+1, oldlen, sizeof(*pd->rr_len)*(pd->count-1)); memcpy(pd->rr_ttl+1, oldttl, sizeof(*pd->rr_ttl)*(pd->count-1)); memcpy(pd->rr_data+1, olddata, sizeof(*pd->rr_data)*(pd->count-1)); } pd->rr_len[0] = rdata_len; pd->rr_ttl[0] = ttl; pd->rr_data[0] = regional_alloc_init(region, rdata, rdata_len); if(!pd->rr_data[0]) { log_err("out of memory"); return 0; } return 1; } /** find a data node by exact name */ static struct local_data* lz_find_node(struct local_zone* z, uint8_t* nm, size_t nmlen, int nmlabs) { struct local_data key; key.node.key = &key; key.name = nm; key.namelen = nmlen; key.namelabs = nmlabs; return (struct local_data*)rbtree_search(&z->data, &key.node); } /** find a node, create it if not and all its empty nonterminal parents */ static int lz_find_create_node(struct local_zone* z, uint8_t* nm, size_t nmlen, int nmlabs, struct local_data** res) { struct local_data* ld = lz_find_node(z, nm, nmlen, nmlabs); if(!ld) { /* create a domain name to store rr. */ ld = (struct local_data*)regional_alloc_zero(z->region, sizeof(*ld)); if(!ld) { log_err("out of memory adding local data"); return 0; } ld->node.key = ld; ld->name = regional_alloc_init(z->region, nm, nmlen); if(!ld->name) { log_err("out of memory"); return 0; } ld->namelen = nmlen; ld->namelabs = nmlabs; if(!rbtree_insert(&z->data, &ld->node)) { log_assert(0); /* duplicate name */ } /* see if empty nonterminals need to be created */ if(nmlabs > z->namelabs) { dname_remove_label(&nm, &nmlen); if(!lz_find_create_node(z, nm, nmlen, nmlabs-1, res)) return 0; } } *res = ld; return 1; } /** enter data RR into auth zone */ static int lz_enter_rr_into_zone(struct local_zone* z, const char* rrstr) { uint8_t* nm; size_t nmlen; int nmlabs; struct local_data* node; struct local_rrset* rrset; struct packed_rrset_data* pd; uint16_t rrtype = 0, rrclass = 0; time_t ttl = 0; uint8_t rr[LDNS_RR_BUF_SIZE]; uint8_t* rdata; size_t rdata_len; if(!get_rr_content(rrstr, &nm, &rrtype, &rrclass, &ttl, rr, sizeof(rr), &rdata, &rdata_len)) { log_err("bad local-data: %s", rrstr); return 0; } log_assert(z->dclass == rrclass); if(z->type == local_zone_redirect && query_dname_compare(z->name, nm) != 0) { log_err("local-data in redirect zone must reside at top of zone" ", not at %s", rrstr); free(nm); return 0; } nmlabs = dname_count_size_labels(nm, &nmlen); if(!lz_find_create_node(z, nm, nmlen, nmlabs, &node)) { free(nm); return 0; } log_assert(node); free(nm); rrset = local_data_find_type(node, rrtype); if(!rrset) { rrset = new_local_rrset(z->region, node, rrtype, rrclass); if(!rrset) return 0; if(query_dname_compare(node->name, z->name) == 0) { if(rrtype == LDNS_RR_TYPE_NSEC) rrset->rrset->rk.flags = PACKED_RRSET_NSEC_AT_APEX; if(rrtype == LDNS_RR_TYPE_SOA) z->soa = rrset->rrset; } } pd = (struct packed_rrset_data*)rrset->rrset->entry.data; log_assert(rrset && pd); /* check for duplicate RR */ if(rr_is_duplicate(pd, rdata, rdata_len)) { verbose(VERB_ALGO, "ignoring duplicate RR: %s", rrstr); return 1; } return insert_rr(z->region, pd, rdata, rdata_len, ttl); } /** enter a data RR into auth data; a zone for it must exist */ static int lz_enter_rr_str(struct local_zones* zones, const char* rr) { uint8_t* rr_name; uint16_t rr_class; size_t len; int labs; struct local_zone* z; int r; if(!get_rr_nameclass(rr, &rr_name, &rr_class)) { log_err("bad rr %s", rr); return 0; } labs = dname_count_size_labels(rr_name, &len); lock_rw_rdlock(&zones->lock); z = local_zones_lookup(zones, rr_name, len, labs, rr_class); if(!z) { lock_rw_unlock(&zones->lock); fatal_exit("internal error: no zone for rr %s", rr); } lock_rw_wrlock(&z->lock); lock_rw_unlock(&zones->lock); free(rr_name); r = lz_enter_rr_into_zone(z, rr); lock_rw_unlock(&z->lock); return r; } /** parse local-zone: statements */ static int lz_enter_zones(struct local_zones* zones, struct config_file* cfg) { struct config_str2list* p; struct local_zone* z; for(p = cfg->local_zones; p; p = p->next) { if(!(z=lz_enter_zone(zones, p->str, p->str2, LDNS_RR_CLASS_IN))) return 0; lock_rw_unlock(&z->lock); } return 1; } /** lookup a zone in rbtree; exact match only; SLOW due to parse */ static int lz_exists(struct local_zones* zones, const char* name) { struct local_zone z; z.node.key = &z; z.dclass = LDNS_RR_CLASS_IN; if(!parse_dname(name, &z.name, &z.namelen, &z.namelabs)) { log_err("bad name %s", name); return 0; } lock_rw_rdlock(&zones->lock); if(rbtree_search(&zones->ztree, &z.node)) { lock_rw_unlock(&zones->lock); free(z.name); return 1; } lock_rw_unlock(&zones->lock); free(z.name); return 0; } /** lookup a zone in cfg->nodefault list */ static int lz_nodefault(struct config_file* cfg, const char* name) { struct config_strlist* p; size_t len = strlen(name); if(len == 0) return 0; if(name[len-1] == '.') len--; for(p = cfg->local_zones_nodefault; p; p = p->next) { /* compare zone name, lowercase, compare without ending . */ if(strncasecmp(p->str, name, len) == 0 && (strlen(p->str) == len || (strlen(p->str)==len+1 && p->str[len] == '.'))) return 1; } return 0; } /** enter AS112 default zone */ static int add_as112_default(struct local_zones* zones, struct config_file* cfg, const char* name) { struct local_zone* z; char str[1024]; /* known long enough */ if(lz_exists(zones, name) || lz_nodefault(cfg, name)) return 1; /* do not enter default content */ if(!(z=lz_enter_zone(zones, name, "static", LDNS_RR_CLASS_IN))) return 0; snprintf(str, sizeof(str), "%s 10800 IN SOA localhost. " "nobody.invalid. 1 3600 1200 604800 10800", name); if(!lz_enter_rr_into_zone(z, str)) { lock_rw_unlock(&z->lock); return 0; } snprintf(str, sizeof(str), "%s 10800 IN NS localhost. ", name); if(!lz_enter_rr_into_zone(z, str)) { lock_rw_unlock(&z->lock); return 0; } lock_rw_unlock(&z->lock); return 1; } /** enter default zones */ static int lz_enter_defaults(struct local_zones* zones, struct config_file* cfg) { struct local_zone* z; /* this list of zones is from RFC 6303 */ + /* block localhost level zones, first, later the LAN zones */ + /* localhost. zone */ if(!lz_exists(zones, "localhost.") && !lz_nodefault(cfg, "localhost.")) { if(!(z=lz_enter_zone(zones, "localhost.", "static", LDNS_RR_CLASS_IN)) || !lz_enter_rr_into_zone(z, "localhost. 10800 IN NS localhost.") || !lz_enter_rr_into_zone(z, "localhost. 10800 IN SOA localhost. nobody.invalid. " "1 3600 1200 604800 10800") || !lz_enter_rr_into_zone(z, "localhost. 10800 IN A 127.0.0.1") || !lz_enter_rr_into_zone(z, "localhost. 10800 IN AAAA ::1")) { log_err("out of memory adding default zone"); if(z) { lock_rw_unlock(&z->lock); } return 0; } lock_rw_unlock(&z->lock); } /* reverse ip4 zone */ if(!lz_exists(zones, "127.in-addr.arpa.") && !lz_nodefault(cfg, "127.in-addr.arpa.")) { if(!(z=lz_enter_zone(zones, "127.in-addr.arpa.", "static", LDNS_RR_CLASS_IN)) || !lz_enter_rr_into_zone(z, "127.in-addr.arpa. 10800 IN NS localhost.") || !lz_enter_rr_into_zone(z, "127.in-addr.arpa. 10800 IN SOA localhost. " "nobody.invalid. 1 3600 1200 604800 10800") || !lz_enter_rr_into_zone(z, "1.0.0.127.in-addr.arpa. 10800 IN PTR localhost.")) { log_err("out of memory adding default zone"); if(z) { lock_rw_unlock(&z->lock); } return 0; } lock_rw_unlock(&z->lock); } /* reverse ip6 zone */ if(!lz_exists(zones, "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa.") && !lz_nodefault(cfg, "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa.")) { if(!(z=lz_enter_zone(zones, "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa.", "static", LDNS_RR_CLASS_IN)) || !lz_enter_rr_into_zone(z, "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa. 10800 IN NS localhost.") || !lz_enter_rr_into_zone(z, "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa. 10800 IN SOA localhost. " "nobody.invalid. 1 3600 1200 604800 10800") || !lz_enter_rr_into_zone(z, "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa. 10800 IN PTR localhost.")) { log_err("out of memory adding default zone"); if(z) { lock_rw_unlock(&z->lock); } return 0; } lock_rw_unlock(&z->lock); } + + /* if unblock lan-zones, then do not add the zones below. + * we do add the zones above, about 127.0.0.1, because localhost is + * not on the lan. */ + if(cfg->unblock_lan_zones) + return 1; + + /* block LAN level zones */ if ( !add_as112_default(zones, cfg, "10.in-addr.arpa.") || !add_as112_default(zones, cfg, "16.172.in-addr.arpa.") || !add_as112_default(zones, cfg, "17.172.in-addr.arpa.") || !add_as112_default(zones, cfg, "18.172.in-addr.arpa.") || !add_as112_default(zones, cfg, "19.172.in-addr.arpa.") || !add_as112_default(zones, cfg, "20.172.in-addr.arpa.") || !add_as112_default(zones, cfg, "21.172.in-addr.arpa.") || !add_as112_default(zones, cfg, "22.172.in-addr.arpa.") || !add_as112_default(zones, cfg, "23.172.in-addr.arpa.") || !add_as112_default(zones, cfg, "24.172.in-addr.arpa.") || !add_as112_default(zones, cfg, "25.172.in-addr.arpa.") || !add_as112_default(zones, cfg, "26.172.in-addr.arpa.") || !add_as112_default(zones, cfg, "27.172.in-addr.arpa.") || !add_as112_default(zones, cfg, "28.172.in-addr.arpa.") || !add_as112_default(zones, cfg, "29.172.in-addr.arpa.") || !add_as112_default(zones, cfg, "30.172.in-addr.arpa.") || !add_as112_default(zones, cfg, "31.172.in-addr.arpa.") || !add_as112_default(zones, cfg, "168.192.in-addr.arpa.") || !add_as112_default(zones, cfg, "0.in-addr.arpa.") || !add_as112_default(zones, cfg, "254.169.in-addr.arpa.") || !add_as112_default(zones, cfg, "2.0.192.in-addr.arpa.") || !add_as112_default(zones, cfg, "100.51.198.in-addr.arpa.") || !add_as112_default(zones, cfg, "113.0.203.in-addr.arpa.") || !add_as112_default(zones, cfg, "255.255.255.255.in-addr.arpa.") || !add_as112_default(zones, cfg, "0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa.") || !add_as112_default(zones, cfg, "d.f.ip6.arpa.") || !add_as112_default(zones, cfg, "8.e.f.ip6.arpa.") || !add_as112_default(zones, cfg, "9.e.f.ip6.arpa.") || !add_as112_default(zones, cfg, "a.e.f.ip6.arpa.") || !add_as112_default(zones, cfg, "b.e.f.ip6.arpa.") || !add_as112_default(zones, cfg, "8.b.d.0.1.0.0.2.ip6.arpa.")) { log_err("out of memory adding default zone"); return 0; } return 1; } /** setup parent pointers, so that a lookup can be done for closest match */ static void init_parents(struct local_zones* zones) { struct local_zone* node, *prev = NULL, *p; int m; lock_rw_wrlock(&zones->lock); RBTREE_FOR(node, struct local_zone*, &zones->ztree) { lock_rw_wrlock(&node->lock); node->parent = NULL; if(!prev || prev->dclass != node->dclass) { prev = node; lock_rw_unlock(&node->lock); continue; } (void)dname_lab_cmp(prev->name, prev->namelabs, node->name, node->namelabs, &m); /* we know prev is smaller */ /* sort order like: . com. bla.com. zwb.com. net. */ /* find the previous, or parent-parent-parent */ for(p = prev; p; p = p->parent) /* looking for name with few labels, a parent */ if(p->namelabs <= m) { /* ==: since prev matched m, this is closest*/ /* <: prev matches more, but is not a parent, * this one is a (grand)parent */ node->parent = p; break; } prev = node; lock_rw_unlock(&node->lock); } lock_rw_unlock(&zones->lock); } /** enter implicit transparent zone for local-data: without local-zone: */ static int lz_setup_implicit(struct local_zones* zones, struct config_file* cfg) { /* walk over all items that have no parent zone and find * the name that covers them all (could be the root) and * add that as a transparent zone */ struct config_strlist* p; int have_name = 0; int have_other_classes = 0; uint16_t dclass = 0; uint8_t* nm = 0; size_t nmlen = 0; int nmlabs = 0; int match = 0; /* number of labels match count */ init_parents(zones); /* to enable local_zones_lookup() */ for(p = cfg->local_data; p; p = p->next) { uint8_t* rr_name; uint16_t rr_class; size_t len; int labs; if(!get_rr_nameclass(p->str, &rr_name, &rr_class)) { log_err("Bad local-data RR %s", p->str); return 0; } labs = dname_count_size_labels(rr_name, &len); lock_rw_rdlock(&zones->lock); if(!local_zones_lookup(zones, rr_name, len, labs, rr_class)) { if(!have_name) { dclass = rr_class; nm = rr_name; nmlen = len; nmlabs = labs; match = labs; have_name = 1; } else { int m; if(rr_class != dclass) { /* process other classes later */ free(rr_name); have_other_classes = 1; lock_rw_unlock(&zones->lock); continue; } /* find smallest shared topdomain */ (void)dname_lab_cmp(nm, nmlabs, rr_name, labs, &m); free(rr_name); if(m < match) match = m; } } else free(rr_name); lock_rw_unlock(&zones->lock); } if(have_name) { uint8_t* n2; struct local_zone* z; /* allocate zone of smallest shared topdomain to contain em */ n2 = nm; dname_remove_labels(&n2, &nmlen, nmlabs - match); n2 = memdup(n2, nmlen); free(nm); if(!n2) { log_err("out of memory"); return 0; } log_nametypeclass(VERB_ALGO, "implicit transparent local-zone", n2, 0, dclass); if(!(z=lz_enter_zone_dname(zones, n2, nmlen, match, local_zone_transparent, dclass))) { return 0; } lock_rw_unlock(&z->lock); } if(have_other_classes) { /* restart to setup other class */ return lz_setup_implicit(zones, cfg); } return 1; } /** enter auth data */ static int lz_enter_data(struct local_zones* zones, struct config_file* cfg) { struct config_strlist* p; for(p = cfg->local_data; p; p = p->next) { if(!lz_enter_rr_str(zones, p->str)) return 0; } return 1; } /** free memory from config */ static void lz_freeup_cfg(struct config_file* cfg) { config_deldblstrlist(cfg->local_zones); cfg->local_zones = NULL; config_delstrlist(cfg->local_zones_nodefault); cfg->local_zones_nodefault = NULL; config_delstrlist(cfg->local_data); cfg->local_data = NULL; } int local_zones_apply_cfg(struct local_zones* zones, struct config_file* cfg) { /* create zones from zone statements. */ if(!lz_enter_zones(zones, cfg)) { return 0; } /* apply default zones+content (unless disabled, or overridden) */ if(!lz_enter_defaults(zones, cfg)) { return 0; } /* create implicit transparent zone from data. */ if(!lz_setup_implicit(zones, cfg)) { return 0; } /* setup parent ptrs for lookup during data entry */ init_parents(zones); /* insert local data */ if(!lz_enter_data(zones, cfg)) { return 0; } /* freeup memory from cfg struct. */ lz_freeup_cfg(cfg); return 1; } struct local_zone* local_zones_lookup(struct local_zones* zones, uint8_t* name, size_t len, int labs, uint16_t dclass) { rbnode_t* res = NULL; struct local_zone *result; struct local_zone key; key.node.key = &key; key.dclass = dclass; key.name = name; key.namelen = len; key.namelabs = labs; if(rbtree_find_less_equal(&zones->ztree, &key, &res)) { /* exact */ return (struct local_zone*)res; } else { /* smaller element (or no element) */ int m; result = (struct local_zone*)res; if(!result || result->dclass != dclass) return NULL; /* count number of labels matched */ (void)dname_lab_cmp(result->name, result->namelabs, key.name, key.namelabs, &m); while(result) { /* go up until qname is subdomain of zone */ if(result->namelabs <= m) break; result = result->parent; } return result; } } struct local_zone* local_zones_find(struct local_zones* zones, uint8_t* name, size_t len, int labs, uint16_t dclass) { struct local_zone key; key.node.key = &key; key.dclass = dclass; key.name = name; key.namelen = len; key.namelabs = labs; /* exact */ return (struct local_zone*)rbtree_search(&zones->ztree, &key); } /** print all RRsets in local zone */ static void local_zone_out(struct local_zone* z) { struct local_data* d; struct local_rrset* p; RBTREE_FOR(d, struct local_data*, &z->data) { for(p = d->rrsets; p; p = p->next) { log_nametypeclass(0, "rrset", d->name, ntohs(p->rrset->rk.type), ntohs(p->rrset->rk.rrset_class)); } } } void local_zones_print(struct local_zones* zones) { struct local_zone* z; lock_rw_rdlock(&zones->lock); log_info("number of auth zones %u", (unsigned)zones->ztree.count); RBTREE_FOR(z, struct local_zone*, &zones->ztree) { lock_rw_rdlock(&z->lock); switch(z->type) { case local_zone_deny: log_nametypeclass(0, "deny zone", z->name, 0, z->dclass); break; case local_zone_refuse: log_nametypeclass(0, "refuse zone", z->name, 0, z->dclass); break; case local_zone_redirect: log_nametypeclass(0, "redirect zone", z->name, 0, z->dclass); break; case local_zone_transparent: log_nametypeclass(0, "transparent zone", z->name, 0, z->dclass); break; case local_zone_typetransparent: log_nametypeclass(0, "typetransparent zone", z->name, 0, z->dclass); break; case local_zone_static: log_nametypeclass(0, "static zone", z->name, 0, z->dclass); break; default: log_nametypeclass(0, "badtyped zone", z->name, 0, z->dclass); break; } local_zone_out(z); lock_rw_unlock(&z->lock); } lock_rw_unlock(&zones->lock); } /** encode answer consisting of 1 rrset */ static int local_encode(struct query_info* qinfo, struct edns_data* edns, sldns_buffer* buf, struct regional* temp, struct ub_packed_rrset_key* rrset, int ansec, int rcode) { struct reply_info rep; uint16_t udpsize; /* make answer with time=0 for fixed TTL values */ memset(&rep, 0, sizeof(rep)); rep.flags = (uint16_t)((BIT_QR | BIT_AA | BIT_RA) | rcode); rep.qdcount = 1; if(ansec) rep.an_numrrsets = 1; else rep.ns_numrrsets = 1; rep.rrset_count = 1; rep.rrsets = &rrset; udpsize = edns->udp_size; edns->edns_version = EDNS_ADVERTISED_VERSION; edns->udp_size = EDNS_ADVERTISED_SIZE; edns->ext_rcode = 0; edns->bits &= EDNS_DO; if(!reply_info_answer_encode(qinfo, &rep, *(uint16_t*)sldns_buffer_begin(buf), sldns_buffer_read_u16_at(buf, 2), buf, 0, 0, temp, udpsize, edns, (int)(edns->bits&EDNS_DO), 0)) error_encode(buf, (LDNS_RCODE_SERVFAIL|BIT_AA), qinfo, *(uint16_t*)sldns_buffer_begin(buf), sldns_buffer_read_u16_at(buf, 2), edns); return 1; } /** answer local data match */ static int local_data_answer(struct local_zone* z, struct query_info* qinfo, struct edns_data* edns, sldns_buffer* buf, struct regional* temp, int labs, struct local_data** ldp) { struct local_data key; struct local_data* ld; struct local_rrset* lr; key.node.key = &key; key.name = qinfo->qname; key.namelen = qinfo->qname_len; key.namelabs = labs; if(z->type == local_zone_redirect) { key.name = z->name; key.namelen = z->namelen; key.namelabs = z->namelabs; } ld = (struct local_data*)rbtree_search(&z->data, &key.node); *ldp = ld; if(!ld) { return 0; } lr = local_data_find_type(ld, qinfo->qtype); if(!lr) return 0; if(z->type == local_zone_redirect) { /* convert rrset name to query name; like a wildcard */ struct ub_packed_rrset_key r = *lr->rrset; r.rk.dname = qinfo->qname; r.rk.dname_len = qinfo->qname_len; return local_encode(qinfo, edns, buf, temp, &r, 1, LDNS_RCODE_NOERROR); } return local_encode(qinfo, edns, buf, temp, lr->rrset, 1, LDNS_RCODE_NOERROR); } /** * answer in case where no exact match is found * @param z: zone for query * @param qinfo: query * @param edns: edns from query * @param buf: buffer for answer. * @param temp: temp region for encoding * @param ld: local data, if NULL, no such name exists in localdata. * @return 1 if a reply is to be sent, 0 if not. */ static int lz_zone_answer(struct local_zone* z, struct query_info* qinfo, struct edns_data* edns, sldns_buffer* buf, struct regional* temp, struct local_data* ld) { if(z->type == local_zone_deny) { /** no reply at all, signal caller by clearing buffer. */ sldns_buffer_clear(buf); sldns_buffer_flip(buf); return 1; } else if(z->type == local_zone_refuse) { error_encode(buf, (LDNS_RCODE_REFUSED|BIT_AA), qinfo, *(uint16_t*)sldns_buffer_begin(buf), sldns_buffer_read_u16_at(buf, 2), edns); return 1; } else if(z->type == local_zone_static || z->type == local_zone_redirect) { /* for static, reply nodata or nxdomain * for redirect, reply nodata */ /* no additional section processing, * cname, dname or wildcard processing, * or using closest match for NSEC. * or using closest match for returning delegation downwards */ int rcode = ld?LDNS_RCODE_NOERROR:LDNS_RCODE_NXDOMAIN; if(z->soa) return local_encode(qinfo, edns, buf, temp, z->soa, 0, rcode); error_encode(buf, (rcode|BIT_AA), qinfo, *(uint16_t*)sldns_buffer_begin(buf), sldns_buffer_read_u16_at(buf, 2), edns); return 1; } else if(z->type == local_zone_typetransparent) { /* no NODATA or NXDOMAINS for this zone type */ return 0; } /* else z->type == local_zone_transparent */ /* if the zone is transparent and the name exists, but the type * does not, then we should make this noerror/nodata */ if(ld && ld->rrsets) { int rcode = LDNS_RCODE_NOERROR; if(z->soa) return local_encode(qinfo, edns, buf, temp, z->soa, 0, rcode); error_encode(buf, (rcode|BIT_AA), qinfo, *(uint16_t*)sldns_buffer_begin(buf), sldns_buffer_read_u16_at(buf, 2), edns); return 1; } /* stop here, and resolve further on */ return 0; } int local_zones_answer(struct local_zones* zones, struct query_info* qinfo, struct edns_data* edns, sldns_buffer* buf, struct regional* temp) { /* see if query is covered by a zone, * if so: - try to match (exact) local data * - look at zone type for negative response. */ int labs = dname_count_labels(qinfo->qname); struct local_data* ld; struct local_zone* z; int r; lock_rw_rdlock(&zones->lock); z = local_zones_lookup(zones, qinfo->qname, qinfo->qname_len, labs, qinfo->qclass); if(!z) { lock_rw_unlock(&zones->lock); return 0; } lock_rw_rdlock(&z->lock); lock_rw_unlock(&zones->lock); if(local_data_answer(z, qinfo, edns, buf, temp, labs, &ld)) { lock_rw_unlock(&z->lock); return 1; } r = lz_zone_answer(z, qinfo, edns, buf, temp, ld); lock_rw_unlock(&z->lock); return r; } const char* local_zone_type2str(enum localzone_type t) { switch(t) { case local_zone_deny: return "deny"; case local_zone_refuse: return "refuse"; case local_zone_redirect: return "redirect"; case local_zone_transparent: return "transparent"; case local_zone_typetransparent: return "typetransparent"; case local_zone_static: return "static"; case local_zone_nodefault: return "nodefault"; } return "badtyped"; } int local_zone_str2type(const char* type, enum localzone_type* t) { if(strcmp(type, "deny") == 0) *t = local_zone_deny; else if(strcmp(type, "refuse") == 0) *t = local_zone_refuse; else if(strcmp(type, "static") == 0) *t = local_zone_static; else if(strcmp(type, "transparent") == 0) *t = local_zone_transparent; else if(strcmp(type, "typetransparent") == 0) *t = local_zone_typetransparent; else if(strcmp(type, "redirect") == 0) *t = local_zone_redirect; else return 0; return 1; } /** iterate over the kiddies of the given name and set their parent ptr */ static void set_kiddo_parents(struct local_zone* z, struct local_zone* match, struct local_zone* newp) { /* both zones and z are locked already */ /* in the sorted rbtree, the kiddies of z are located after z */ /* z must be present in the tree */ struct local_zone* p = z; p = (struct local_zone*)rbtree_next(&p->node); while(p!=(struct local_zone*)RBTREE_NULL && p->dclass == z->dclass && dname_strict_subdomain(p->name, p->namelabs, z->name, z->namelabs)) { /* update parent ptr */ /* only when matches with existing parent pointer, so that * deeper child structures are not touched, i.e. * update of x, and a.x, b.x, f.b.x, g.b.x, c.x, y * gets to update a.x, b.x and c.x */ lock_rw_wrlock(&p->lock); if(p->parent == match) p->parent = newp; lock_rw_unlock(&p->lock); p = (struct local_zone*)rbtree_next(&p->node); } } struct local_zone* local_zones_add_zone(struct local_zones* zones, uint8_t* name, size_t len, int labs, uint16_t dclass, enum localzone_type tp) { /* create */ struct local_zone* z = local_zone_create(name, len, labs, tp, dclass); if(!z) return NULL; lock_rw_wrlock(&z->lock); /* find the closest parent */ z->parent = local_zones_find(zones, name, len, labs, dclass); /* insert into the tree */ if(!rbtree_insert(&zones->ztree, &z->node)) { /* duplicate entry! */ lock_rw_unlock(&z->lock); local_zone_delete(z); log_err("internal: duplicate entry in local_zones_add_zone"); return NULL; } /* set parent pointers right */ set_kiddo_parents(z, z->parent, z); lock_rw_unlock(&z->lock); return z; } void local_zones_del_zone(struct local_zones* zones, struct local_zone* z) { /* fix up parents in tree */ lock_rw_wrlock(&z->lock); set_kiddo_parents(z, z, z->parent); /* remove from tree */ (void)rbtree_delete(&zones->ztree, z); /* delete the zone */ lock_rw_unlock(&z->lock); local_zone_delete(z); } int local_zones_add_RR(struct local_zones* zones, const char* rr) { uint8_t* rr_name; uint16_t rr_class; size_t len; int labs; struct local_zone* z; int r; if(!get_rr_nameclass(rr, &rr_name, &rr_class)) { return 0; } labs = dname_count_size_labels(rr_name, &len); /* could first try readlock then get writelock if zone does not exist, * but we do not add enough RRs (from multiple threads) to optimize */ lock_rw_wrlock(&zones->lock); z = local_zones_lookup(zones, rr_name, len, labs, rr_class); if(!z) { z = local_zones_add_zone(zones, rr_name, len, labs, rr_class, local_zone_transparent); if(!z) { lock_rw_unlock(&zones->lock); return 0; } } else { free(rr_name); } lock_rw_wrlock(&z->lock); lock_rw_unlock(&zones->lock); r = lz_enter_rr_into_zone(z, rr); lock_rw_unlock(&z->lock); return r; } /** returns true if the node is terminal so no deeper domain names exist */ static int is_terminal(struct local_data* d) { /* for empty nonterminals, the deeper domain names are sorted * right after them, so simply check the next name in the tree */ struct local_data* n = (struct local_data*)rbtree_next(&d->node); if(n == (struct local_data*)RBTREE_NULL) return 1; /* last in tree, no deeper node */ if(dname_strict_subdomain(n->name, n->namelabs, d->name, d->namelabs)) return 0; /* there is a deeper node */ return 1; } /** delete empty terminals from tree when final data is deleted */ static void del_empty_term(struct local_zone* z, struct local_data* d, uint8_t* name, size_t len, int labs) { while(d && d->rrsets == NULL && is_terminal(d)) { /* is this empty nonterminal? delete */ /* note, no memory recycling in zone region */ (void)rbtree_delete(&z->data, d); /* go up and to the next label */ if(dname_is_root(name)) return; dname_remove_label(&name, &len); labs--; d = lz_find_node(z, name, len, labs); } } void local_zones_del_data(struct local_zones* zones, uint8_t* name, size_t len, int labs, uint16_t dclass) { /* find zone */ struct local_zone* z; struct local_data* d; lock_rw_rdlock(&zones->lock); z = local_zones_lookup(zones, name, len, labs, dclass); if(!z) { /* no such zone, we're done */ lock_rw_unlock(&zones->lock); return; } lock_rw_wrlock(&z->lock); lock_rw_unlock(&zones->lock); /* find the domain */ d = lz_find_node(z, name, len, labs); if(d) { /* no memory recycling for zone deletions ... */ d->rrsets = NULL; /* did we delete the soa record ? */ if(query_dname_compare(d->name, z->name) == 0) z->soa = NULL; /* cleanup the empty nonterminals for this name */ del_empty_term(z, d, name, len, labs); } lock_rw_unlock(&z->lock); } Index: head/contrib/unbound/util/config_file.c =================================================================== --- head/contrib/unbound/util/config_file.c (revision 268838) +++ head/contrib/unbound/util/config_file.c (revision 268839) @@ -1,1561 +1,1564 @@ /* * util/config_file.c - reads and stores the config file for unbound. * * Copyright (c) 2007, NLnet Labs. All rights reserved. * * This software is open source. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * Redistributions of source code must retain the above copyright notice, * this list of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, * this list of conditions and the following disclaimer in the documentation * and/or other materials provided with the distribution. * * Neither the name of the NLNET LABS nor the names of its contributors may * be used to endorse or promote products derived from this software without * specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /** * \file * * This file contains functions for the config file. */ #include "config.h" #include #include #ifdef HAVE_TIME_H #include #endif #include "util/log.h" #include "util/configyyrename.h" #include "util/config_file.h" #include "util/configparser.h" #include "util/net_help.h" #include "util/data/msgparse.h" #include "util/module.h" #include "util/regional.h" #include "util/fptr_wlist.h" #include "util/data/dname.h" #include "ldns/wire2str.h" #include "ldns/parseutil.h" #ifdef HAVE_GLOB_H # include #endif /** global config during parsing */ struct config_parser_state* cfg_parser = 0; /** init ports possible for use */ static void init_outgoing_availports(int* array, int num); struct config_file* config_create(void) { struct config_file* cfg; cfg = (struct config_file*)calloc(1, sizeof(struct config_file)); if(!cfg) return NULL; /* the defaults if no config is present */ cfg->verbosity = 1; cfg->stat_interval = 0; cfg->stat_cumulative = 0; cfg->stat_extended = 0; cfg->num_threads = 1; cfg->port = UNBOUND_DNS_PORT; cfg->do_ip4 = 1; cfg->do_ip6 = 1; cfg->do_udp = 1; cfg->do_tcp = 1; cfg->tcp_upstream = 0; cfg->ssl_service_key = NULL; cfg->ssl_service_pem = NULL; cfg->ssl_port = 443; cfg->ssl_upstream = 0; cfg->use_syslog = 1; cfg->log_time_ascii = 0; cfg->log_queries = 0; #ifndef USE_WINSOCK # ifdef USE_MINI_EVENT /* select max 1024 sockets */ cfg->outgoing_num_ports = 960; cfg->num_queries_per_thread = 512; # else /* libevent can use many sockets */ cfg->outgoing_num_ports = 4096; cfg->num_queries_per_thread = 1024; # endif cfg->outgoing_num_tcp = 10; cfg->incoming_num_tcp = 10; #else cfg->outgoing_num_ports = 48; /* windows is limited in num fds */ cfg->num_queries_per_thread = 24; cfg->outgoing_num_tcp = 2; /* leaves 64-52=12 for: 4if,1stop,thread4 */ cfg->incoming_num_tcp = 2; #endif cfg->edns_buffer_size = 4096; /* 4k from rfc recommendation */ cfg->msg_buffer_size = 65552; /* 64 k + a small margin */ cfg->msg_cache_size = 4 * 1024 * 1024; cfg->msg_cache_slabs = 4; cfg->jostle_time = 200; cfg->rrset_cache_size = 4 * 1024 * 1024; cfg->rrset_cache_slabs = 4; cfg->host_ttl = 900; cfg->bogus_ttl = 60; cfg->min_ttl = 0; cfg->max_ttl = 3600 * 24; cfg->prefetch = 0; cfg->prefetch_key = 0; cfg->infra_cache_slabs = 4; cfg->infra_cache_numhosts = 10000; cfg->delay_close = 0; if(!(cfg->outgoing_avail_ports = (int*)calloc(65536, sizeof(int)))) goto error_exit; init_outgoing_availports(cfg->outgoing_avail_ports, 65536); if(!(cfg->username = strdup(UB_USERNAME))) goto error_exit; #ifdef HAVE_CHROOT if(!(cfg->chrootdir = strdup(CHROOT_DIR))) goto error_exit; #endif if(!(cfg->directory = strdup(RUN_DIR))) goto error_exit; if(!(cfg->logfile = strdup(""))) goto error_exit; if(!(cfg->pidfile = strdup(PIDFILE))) goto error_exit; if(!(cfg->target_fetch_policy = strdup("3 2 1 0 0"))) goto error_exit; cfg->donotqueryaddrs = NULL; cfg->donotquery_localhost = 1; cfg->root_hints = NULL; cfg->do_daemonize = 1; cfg->if_automatic = 0; cfg->so_rcvbuf = 0; cfg->so_sndbuf = 0; cfg->so_reuseport = 0; cfg->num_ifs = 0; cfg->ifs = NULL; cfg->num_out_ifs = 0; cfg->out_ifs = NULL; cfg->stubs = NULL; cfg->forwards = NULL; cfg->acls = NULL; cfg->harden_short_bufsize = 0; cfg->harden_large_queries = 0; cfg->harden_glue = 1; cfg->harden_dnssec_stripped = 1; cfg->harden_below_nxdomain = 0; cfg->harden_referral_path = 0; cfg->use_caps_bits_for_id = 0; cfg->private_address = NULL; cfg->private_domain = NULL; cfg->unwanted_threshold = 0; cfg->hide_identity = 0; cfg->hide_version = 0; cfg->identity = NULL; cfg->version = NULL; cfg->auto_trust_anchor_file_list = NULL; cfg->trust_anchor_file_list = NULL; cfg->trust_anchor_list = NULL; cfg->trusted_keys_file_list = NULL; cfg->dlv_anchor_file = NULL; cfg->dlv_anchor_list = NULL; cfg->domain_insecure = NULL; cfg->val_date_override = 0; cfg->val_sig_skew_min = 3600; /* at least daylight savings trouble */ cfg->val_sig_skew_max = 86400; /* at most timezone settings trouble */ cfg->val_clean_additional = 1; cfg->val_log_level = 0; cfg->val_log_squelch = 0; cfg->val_permissive_mode = 0; cfg->ignore_cd = 0; cfg->add_holddown = 30*24*3600; cfg->del_holddown = 30*24*3600; cfg->keep_missing = 366*24*3600; /* one year plus a little leeway */ cfg->key_cache_size = 4 * 1024 * 1024; cfg->key_cache_slabs = 4; cfg->neg_cache_size = 1 * 1024 * 1024; cfg->local_zones = NULL; cfg->local_zones_nodefault = NULL; cfg->local_data = NULL; + cfg->unblock_lan_zones = 0; cfg->python_script = NULL; cfg->remote_control_enable = 0; cfg->control_ifs = NULL; cfg->control_port = UNBOUND_CONTROL_PORT; cfg->minimal_responses = 0; cfg->rrset_roundrobin = 0; cfg->max_udp_size = 4096; if(!(cfg->server_key_file = strdup(RUN_DIR"/unbound_server.key"))) goto error_exit; if(!(cfg->server_cert_file = strdup(RUN_DIR"/unbound_server.pem"))) goto error_exit; if(!(cfg->control_key_file = strdup(RUN_DIR"/unbound_control.key"))) goto error_exit; if(!(cfg->control_cert_file = strdup(RUN_DIR"/unbound_control.pem"))) goto error_exit; if(!(cfg->module_conf = strdup("validator iterator"))) goto error_exit; if(!(cfg->val_nsec3_key_iterations = strdup("1024 150 2048 500 4096 2500"))) goto error_exit; return cfg; error_exit: config_delete(cfg); return NULL; } struct config_file* config_create_forlib(void) { struct config_file* cfg = config_create(); if(!cfg) return NULL; /* modifications for library use, less verbose, less memory */ free(cfg->chrootdir); cfg->chrootdir = NULL; cfg->verbosity = 0; cfg->outgoing_num_ports = 16; /* in library use, this is 'reasonable' and probably within the ulimit(maxfds) of the user */ cfg->outgoing_num_tcp = 2; cfg->msg_cache_size = 1024*1024; cfg->msg_cache_slabs = 1; cfg->rrset_cache_size = 1024*1024; cfg->rrset_cache_slabs = 1; cfg->infra_cache_slabs = 1; cfg->use_syslog = 0; cfg->key_cache_size = 1024*1024; cfg->key_cache_slabs = 1; cfg->neg_cache_size = 100 * 1024; cfg->donotquery_localhost = 0; /* allow, so that you can ask a forward nameserver running on localhost */ cfg->val_log_level = 2; /* to fill why_bogus with */ cfg->val_log_squelch = 1; return cfg; } /** check that the value passed is >= 0 */ #define IS_NUMBER_OR_ZERO \ if(atoi(val) == 0 && strcmp(val, "0") != 0) return 0 /** check that the value passed is > 0 */ #define IS_NONZERO_NUMBER \ if(atoi(val) == 0) return 0 /** check that the value passed is not 0 and a power of 2 */ #define IS_POW2_NUMBER \ if(atoi(val) == 0 || !is_pow2((size_t)atoi(val))) return 0 /** check that the value passed is yes or no */ #define IS_YES_OR_NO \ if(strcmp(val, "yes") != 0 && strcmp(val, "no") != 0) return 0 /** put integer_or_zero into variable */ #define S_NUMBER_OR_ZERO(str, var) if(strcmp(opt, str) == 0) \ { IS_NUMBER_OR_ZERO; cfg->var = atoi(val); } /** put integer_nonzero into variable */ #define S_NUMBER_NONZERO(str, var) if(strcmp(opt, str) == 0) \ { IS_NONZERO_NUMBER; cfg->var = atoi(val); } /** put integer_or_zero into unsigned */ #define S_UNSIGNED_OR_ZERO(str, var) if(strcmp(opt, str) == 0) \ { IS_NUMBER_OR_ZERO; cfg->var = (unsigned)atoi(val); } /** put integer_or_zero into size_t */ #define S_SIZET_OR_ZERO(str, var) if(strcmp(opt, str) == 0) \ { IS_NUMBER_OR_ZERO; cfg->var = (size_t)atoi(val); } /** put integer_nonzero into size_t */ #define S_SIZET_NONZERO(str, var) if(strcmp(opt, str) == 0) \ { IS_NONZERO_NUMBER; cfg->var = (size_t)atoi(val); } /** put yesno into variable */ #define S_YNO(str, var) if(strcmp(opt, str) == 0) \ { IS_YES_OR_NO; cfg->var = (strcmp(val, "yes") == 0); } /** put memsize into variable */ #define S_MEMSIZE(str, var) if(strcmp(opt, str)==0) \ { return cfg_parse_memsize(val, &cfg->var); } /** put pow2 number into variable */ #define S_POW2(str, var) if(strcmp(opt, str)==0) \ { IS_POW2_NUMBER; cfg->var = (size_t)atoi(val); } /** put string into variable */ #define S_STR(str, var) if(strcmp(opt, str)==0) \ { free(cfg->var); return (cfg->var = strdup(val)) != NULL; } /** put string into strlist */ #define S_STRLIST(str, var) if(strcmp(opt, str)==0) \ { return cfg_strlist_insert(&cfg->var, strdup(val)); } int config_set_option(struct config_file* cfg, const char* opt, const char* val) { S_NUMBER_OR_ZERO("verbosity:", verbosity) else if(strcmp(opt, "statistics-interval:") == 0) { if(strcmp(val, "0") == 0 || strcmp(val, "") == 0) cfg->stat_interval = 0; else if(atoi(val) == 0) return 0; else cfg->stat_interval = atoi(val); } else if(strcmp(opt, "num_threads:") == 0) { /* not supported, library must have 1 thread in bgworker */ return 0; } else if(strcmp(opt, "outgoing-port-permit:") == 0) { return cfg_mark_ports(val, 1, cfg->outgoing_avail_ports, 65536); } else if(strcmp(opt, "outgoing-port-avoid:") == 0) { return cfg_mark_ports(val, 0, cfg->outgoing_avail_ports, 65536); } else if(strcmp(opt, "local-zone:") == 0) { return cfg_parse_local_zone(cfg, val); } else if(strcmp(opt, "val-override-date:") == 0) { if(strcmp(val, "") == 0 || strcmp(val, "0") == 0) { cfg->val_date_override = 0; } else if(strlen(val) == 14) { cfg->val_date_override = cfg_convert_timeval(val); return cfg->val_date_override != 0; } else { if(atoi(val) == 0) return 0; cfg->val_date_override = (uint32_t)atoi(val); } } else if(strcmp(opt, "local-data-ptr:") == 0) { char* ptr = cfg_ptr_reverse((char*)opt); return cfg_strlist_insert(&cfg->local_data, ptr); } else if(strcmp(opt, "logfile:") == 0) { cfg->use_syslog = 0; free(cfg->logfile); return (cfg->logfile = strdup(val)) != NULL; } else if(strcmp(opt, "log-time-ascii:") == 0) { IS_YES_OR_NO; cfg->log_time_ascii = (strcmp(val, "yes") == 0); log_set_time_asc(cfg->log_time_ascii); } else S_SIZET_NONZERO("max-udp-size:", max_udp_size) else S_YNO("use-syslog:", use_syslog) else S_YNO("extended-statistics:", stat_extended) else S_YNO("statistics-cumulative:", stat_cumulative) else S_YNO("do-ip4:", do_ip4) else S_YNO("do-ip6:", do_ip6) else S_YNO("do-udp:", do_udp) else S_YNO("do-tcp:", do_tcp) else S_YNO("tcp-upstream:", tcp_upstream) else S_YNO("ssl-upstream:", ssl_upstream) else S_STR("ssl-service-key:", ssl_service_key) else S_STR("ssl-service-pem:", ssl_service_pem) else S_NUMBER_NONZERO("ssl-port:", ssl_port) else S_YNO("interface-automatic:", if_automatic) else S_YNO("do-daemonize:", do_daemonize) else S_NUMBER_NONZERO("port:", port) else S_NUMBER_NONZERO("outgoing-range:", outgoing_num_ports) else S_SIZET_OR_ZERO("outgoing-num-tcp:", outgoing_num_tcp) else S_SIZET_OR_ZERO("incoming-num-tcp:", incoming_num_tcp) else S_SIZET_NONZERO("edns-buffer-size:", edns_buffer_size) else S_SIZET_NONZERO("msg-buffer-size:", msg_buffer_size) else S_MEMSIZE("msg-cache-size:", msg_cache_size) else S_POW2("msg-cache-slabs:", msg_cache_slabs) else S_SIZET_NONZERO("num-queries-per-thread:",num_queries_per_thread) else S_SIZET_OR_ZERO("jostle-timeout:", jostle_time) else S_MEMSIZE("so-rcvbuf:", so_rcvbuf) else S_MEMSIZE("so-sndbuf:", so_sndbuf) else S_YNO("so-reuseport:", so_reuseport) else S_MEMSIZE("rrset-cache-size:", rrset_cache_size) else S_POW2("rrset-cache-slabs:", rrset_cache_slabs) else S_YNO("prefetch:", prefetch) else S_YNO("prefetch-key:", prefetch_key) else if(strcmp(opt, "cache-max-ttl:") == 0) { IS_NUMBER_OR_ZERO; cfg->max_ttl = atoi(val); MAX_TTL=(time_t)cfg->max_ttl;} else if(strcmp(opt, "cache-min-ttl:") == 0) { IS_NUMBER_OR_ZERO; cfg->min_ttl = atoi(val); MIN_TTL=(time_t)cfg->min_ttl;} else S_NUMBER_OR_ZERO("infra-host-ttl:", host_ttl) else S_POW2("infra-cache-slabs:", infra_cache_slabs) else S_SIZET_NONZERO("infra-cache-numhosts:", infra_cache_numhosts) else S_NUMBER_OR_ZERO("delay-close:", delay_close) else S_STR("chroot:", chrootdir) else S_STR("username:", username) else S_STR("directory:", directory) else S_STR("pidfile:", pidfile) else S_YNO("hide-identity:", hide_identity) else S_YNO("hide-version:", hide_version) else S_STR("identity:", identity) else S_STR("version:", version) else S_STRLIST("root-hints:", root_hints) else S_STR("target-fetch-policy:", target_fetch_policy) else S_YNO("harden-glue:", harden_glue) else S_YNO("harden-short-bufsize:", harden_short_bufsize) else S_YNO("harden-large-queries:", harden_large_queries) else S_YNO("harden-dnssec-stripped:", harden_dnssec_stripped) else S_YNO("harden-below-nxdomain:", harden_below_nxdomain) else S_YNO("harden-referral-path:", harden_referral_path) else S_YNO("use-caps-for-id", use_caps_bits_for_id) else S_SIZET_OR_ZERO("unwanted-reply-threshold:", unwanted_threshold) else S_STRLIST("private-address:", private_address) else S_STRLIST("private-domain:", private_domain) else S_YNO("do-not-query-localhost:", donotquery_localhost) else S_STRLIST("do-not-query-address:", donotqueryaddrs) else S_STRLIST("auto-trust-anchor-file:", auto_trust_anchor_file_list) else S_STRLIST("trust-anchor-file:", trust_anchor_file_list) else S_STRLIST("trust-anchor:", trust_anchor_list) else S_STRLIST("trusted-keys-file:", trusted_keys_file_list) else S_STR("dlv-anchor-file:", dlv_anchor_file) else S_STRLIST("dlv-anchor:", dlv_anchor_list) else S_STRLIST("domain-insecure:", domain_insecure) else S_NUMBER_OR_ZERO("val-bogus-ttl:", bogus_ttl) else S_YNO("val-clean-additional:", val_clean_additional) else S_NUMBER_OR_ZERO("val-log-level:", val_log_level) else S_YNO("val-log-squelch:", val_log_squelch) else S_YNO("log-queries:", log_queries) else S_YNO("val-permissive-mode:", val_permissive_mode) else S_YNO("ignore-cd-flag:", ignore_cd) else S_STR("val-nsec3-keysize-iterations:", val_nsec3_key_iterations) else S_UNSIGNED_OR_ZERO("add-holddown:", add_holddown) else S_UNSIGNED_OR_ZERO("del-holddown:", del_holddown) else S_UNSIGNED_OR_ZERO("keep-missing:", keep_missing) else S_MEMSIZE("key-cache-size:", key_cache_size) else S_POW2("key-cache-slabs:", key_cache_slabs) else S_MEMSIZE("neg-cache-size:", neg_cache_size) else S_YNO("minimal-responses:", minimal_responses) else S_YNO("rrset-roundrobin:", rrset_roundrobin) else S_STRLIST("local-data:", local_data) + else S_YNO("unblock-lan-zones:", unblock_lan_zones) else S_YNO("control-enable:", remote_control_enable) else S_STRLIST("control-interface:", control_ifs) else S_NUMBER_NONZERO("control-port:", control_port) else S_STR("server-key-file:", server_key_file) else S_STR("server-cert-file:", server_cert_file) else S_STR("control-key-file:", control_key_file) else S_STR("control-cert-file:", control_cert_file) else S_STR("module-config:", module_conf) else S_STR("python-script:", python_script) /* val_sig_skew_min and max are copied into val_env during init, * so this does not update val_env with set_option */ else if(strcmp(opt, "val-sig-skew-min:") == 0) { IS_NUMBER_OR_ZERO; cfg->val_sig_skew_min = (int32_t)atoi(val); } else if(strcmp(opt, "val-sig-skew-max:") == 0) { IS_NUMBER_OR_ZERO; cfg->val_sig_skew_max = (int32_t)atoi(val); } else if (strcmp(opt, "outgoing-interface:") == 0) { char* d = strdup(val); char** oi = (char**)malloc((cfg->num_out_ifs+1)*sizeof(char*)); if(!d || !oi) { free(d); free(oi); return -1; } if(cfg->out_ifs && cfg->num_out_ifs) { memmove(oi, cfg->out_ifs, cfg->num_out_ifs*sizeof(char*)); free(cfg->out_ifs); } oi[cfg->num_out_ifs++] = d; cfg->out_ifs = oi; } else { /* unknown or unsupported (from the set_option interface): * interface, outgoing-interface, access-control, * stub-zone, name, stub-addr, stub-host, stub-prime * forward-first, stub-first, * forward-zone, name, forward-addr, forward-host */ return 0; } return 1; } void config_print_func(char* line, void* arg) { FILE* f = (FILE*)arg; (void)fprintf(f, "%s\n", line); } /** collate func arg */ struct config_collate_arg { /** list of result items */ struct config_strlist_head list; /** if a malloc error occurred, 0 is OK */ int status; }; void config_collate_func(char* line, void* arg) { struct config_collate_arg* m = (struct config_collate_arg*)arg; if(m->status) return; if(!cfg_strlist_append(&m->list, strdup(line))) m->status = 1; } int config_get_option_list(struct config_file* cfg, const char* opt, struct config_strlist** list) { struct config_collate_arg m; memset(&m, 0, sizeof(m)); *list = NULL; if(!config_get_option(cfg, opt, config_collate_func, &m)) return 1; if(m.status) { config_delstrlist(m.list.first); return 2; } *list = m.list.first; return 0; } int config_get_option_collate(struct config_file* cfg, const char* opt, char** str) { struct config_strlist* list = NULL; int r; *str = NULL; if((r = config_get_option_list(cfg, opt, &list)) != 0) return r; *str = config_collate_cat(list); config_delstrlist(list); if(!*str) return 2; return 0; } char* config_collate_cat(struct config_strlist* list) { size_t total = 0, left; struct config_strlist* s; char *r, *w; if(!list) /* no elements */ return strdup(""); if(list->next == NULL) /* one element , no newline at end. */ return strdup(list->str); /* count total length */ for(s=list; s; s=s->next) total += strlen(s->str) + 1; /* len + newline */ left = total+1; /* one extra for nul at end */ r = malloc(left); if(!r) return NULL; w = r; for(s=list; s; s=s->next) { size_t this = strlen(s->str); if(this+2 > left) { /* sanity check */ free(r); return NULL; } snprintf(w, left, "%s\n", s->str); this = strlen(w); w += this; left -= this; } return r; } /** compare and print decimal option */ #define O_DEC(opt, str, var) if(strcmp(opt, str)==0) \ {snprintf(buf, len, "%d", (int)cfg->var); \ func(buf, arg);} /** compare and print unsigned option */ #define O_UNS(opt, str, var) if(strcmp(opt, str)==0) \ {snprintf(buf, len, "%u", (unsigned)cfg->var); \ func(buf, arg);} /** compare and print yesno option */ #define O_YNO(opt, str, var) if(strcmp(opt, str)==0) \ {func(cfg->var?"yes":"no", arg);} /** compare and print string option */ #define O_STR(opt, str, var) if(strcmp(opt, str)==0) \ {func(cfg->var?cfg->var:"", arg);} /** compare and print array option */ #define O_IFC(opt, str, num, arr) if(strcmp(opt, str)==0) \ {int i; for(i=0; inum; i++) func(cfg->arr[i], arg);} /** compare and print memorysize option */ #define O_MEM(opt, str, var) if(strcmp(opt, str)==0) { \ if(cfg->var > 1024*1024*1024) { \ size_t f=cfg->var/(size_t)1000000, b=cfg->var%(size_t)1000000; \ snprintf(buf, len, "%u%6.6u\n", (unsigned)f, (unsigned)b); \ } else snprintf(buf, len, "%u\n", (unsigned)cfg->var); \ func(buf, arg);} /** compare and print list option */ #define O_LST(opt, name, lst) if(strcmp(opt, name)==0) { \ struct config_strlist* p = cfg->lst; \ for(p = cfg->lst; p; p = p->next) \ func(p->str, arg); \ } /** compare and print list option */ #define O_LS2(opt, name, lst) if(strcmp(opt, name)==0) { \ struct config_str2list* p = cfg->lst; \ for(p = cfg->lst; p; p = p->next) \ snprintf(buf, len, "%s %s\n", p->str, p->str2); \ func(buf, arg); \ } int config_get_option(struct config_file* cfg, const char* opt, void (*func)(char*,void*), void* arg) { char buf[1024]; size_t len = sizeof(buf); fptr_ok(fptr_whitelist_print_func(func)); O_DEC(opt, "verbosity", verbosity) else O_DEC(opt, "statistics-interval", stat_interval) else O_YNO(opt, "statistics-cumulative", stat_cumulative) else O_YNO(opt, "extended-statistics", stat_extended) else O_YNO(opt, "use-syslog", use_syslog) else O_YNO(opt, "log-time-ascii", log_time_ascii) else O_DEC(opt, "num-threads", num_threads) else O_IFC(opt, "interface", num_ifs, ifs) else O_IFC(opt, "outgoing-interface", num_out_ifs, out_ifs) else O_YNO(opt, "interface-automatic", if_automatic) else O_DEC(opt, "port", port) else O_DEC(opt, "outgoing-range", outgoing_num_ports) else O_DEC(opt, "outgoing-num-tcp", outgoing_num_tcp) else O_DEC(opt, "incoming-num-tcp", incoming_num_tcp) else O_DEC(opt, "edns-buffer-size", edns_buffer_size) else O_DEC(opt, "msg-buffer-size", msg_buffer_size) else O_MEM(opt, "msg-cache-size", msg_cache_size) else O_DEC(opt, "msg-cache-slabs", msg_cache_slabs) else O_DEC(opt, "num-queries-per-thread", num_queries_per_thread) else O_UNS(opt, "jostle-timeout", jostle_time) else O_MEM(opt, "so-rcvbuf", so_rcvbuf) else O_MEM(opt, "so-sndbuf", so_sndbuf) else O_YNO(opt, "so-reuseport", so_reuseport) else O_MEM(opt, "rrset-cache-size", rrset_cache_size) else O_DEC(opt, "rrset-cache-slabs", rrset_cache_slabs) else O_YNO(opt, "prefetch-key", prefetch_key) else O_YNO(opt, "prefetch", prefetch) else O_DEC(opt, "cache-max-ttl", max_ttl) else O_DEC(opt, "cache-min-ttl", min_ttl) else O_DEC(opt, "infra-host-ttl", host_ttl) else O_DEC(opt, "infra-cache-slabs", infra_cache_slabs) else O_MEM(opt, "infra-cache-numhosts", infra_cache_numhosts) else O_UNS(opt, "delay-close", delay_close) else O_YNO(opt, "do-ip4", do_ip4) else O_YNO(opt, "do-ip6", do_ip6) else O_YNO(opt, "do-udp", do_udp) else O_YNO(opt, "do-tcp", do_tcp) else O_YNO(opt, "tcp-upstream", tcp_upstream) else O_YNO(opt, "ssl-upstream", ssl_upstream) else O_STR(opt, "ssl-service-key", ssl_service_key) else O_STR(opt, "ssl-service-pem", ssl_service_pem) else O_DEC(opt, "ssl-port", ssl_port) else O_YNO(opt, "do-daemonize", do_daemonize) else O_STR(opt, "chroot", chrootdir) else O_STR(opt, "username", username) else O_STR(opt, "directory", directory) else O_STR(opt, "logfile", logfile) else O_YNO(opt, "log-queries", log_queries) else O_STR(opt, "pidfile", pidfile) else O_YNO(opt, "hide-identity", hide_identity) else O_YNO(opt, "hide-version", hide_version) else O_STR(opt, "identity", identity) else O_STR(opt, "version", version) else O_STR(opt, "target-fetch-policy", target_fetch_policy) else O_YNO(opt, "harden-short-bufsize", harden_short_bufsize) else O_YNO(opt, "harden-large-queries", harden_large_queries) else O_YNO(opt, "harden-glue", harden_glue) else O_YNO(opt, "harden-dnssec-stripped", harden_dnssec_stripped) else O_YNO(opt, "harden-below-nxdomain", harden_below_nxdomain) else O_YNO(opt, "harden-referral-path", harden_referral_path) else O_YNO(opt, "use-caps-for-id", use_caps_bits_for_id) else O_DEC(opt, "unwanted-reply-threshold", unwanted_threshold) else O_YNO(opt, "do-not-query-localhost", donotquery_localhost) else O_STR(opt, "module-config", module_conf) else O_STR(opt, "dlv-anchor-file", dlv_anchor_file) else O_DEC(opt, "val-bogus-ttl", bogus_ttl) else O_YNO(opt, "val-clean-additional", val_clean_additional) else O_DEC(opt, "val-log-level", val_log_level) else O_YNO(opt, "val-permissive-mode", val_permissive_mode) else O_YNO(opt, "ignore-cd-flag", ignore_cd) else O_STR(opt, "val-nsec3-keysize-iterations",val_nsec3_key_iterations) else O_UNS(opt, "add-holddown", add_holddown) else O_UNS(opt, "del-holddown", del_holddown) else O_UNS(opt, "keep-missing", keep_missing) else O_MEM(opt, "key-cache-size", key_cache_size) else O_DEC(opt, "key-cache-slabs", key_cache_slabs) else O_MEM(opt, "neg-cache-size", neg_cache_size) else O_YNO(opt, "control-enable", remote_control_enable) else O_DEC(opt, "control-port", control_port) else O_STR(opt, "server-key-file", server_key_file) else O_STR(opt, "server-cert-file", server_cert_file) else O_STR(opt, "control-key-file", control_key_file) else O_STR(opt, "control-cert-file", control_cert_file) else O_LST(opt, "root-hints", root_hints) else O_LS2(opt, "access-control", acls) else O_LST(opt, "do-not-query-address", donotqueryaddrs) else O_LST(opt, "private-address", private_address) else O_LST(opt, "private-domain", private_domain) else O_LST(opt, "auto-trust-anchor-file", auto_trust_anchor_file_list) else O_LST(opt, "trust-anchor-file", trust_anchor_file_list) else O_LST(opt, "trust-anchor", trust_anchor_list) else O_LST(opt, "trusted-keys-file", trusted_keys_file_list) else O_LST(opt, "dlv-anchor", dlv_anchor_list) else O_LST(opt, "control-interface", control_ifs) else O_LST(opt, "domain-insecure", domain_insecure) else O_UNS(opt, "val-override-date", val_date_override) else O_YNO(opt, "minimal-responses", minimal_responses) else O_YNO(opt, "rrset-roundrobin", rrset_roundrobin) + else O_YNO(opt, "unblock-lan-zones", unblock_lan_zones) else O_DEC(opt, "max-udp-size", max_udp_size) else O_STR(opt, "python-script", python_script) else O_DEC(opt, "val-sig-skew-min", val_sig_skew_min) else O_DEC(opt, "val-sig-skew-max", val_sig_skew_max) /* not here: * outgoing-permit, outgoing-avoid - have list of ports * local-zone - zones and nodefault variables * local-data - see below * local-data-ptr - converted to local-data entries * stub-zone, name, stub-addr, stub-host, stub-prime * forward-zone, name, forward-addr, forward-host */ else return 0; return 1; } /** initialize the global cfg_parser object */ static void create_cfg_parser(struct config_file* cfg, char* filename, const char* chroot) { static struct config_parser_state st; cfg_parser = &st; cfg_parser->filename = filename; cfg_parser->line = 1; cfg_parser->errors = 0; cfg_parser->cfg = cfg; cfg_parser->chroot = chroot; init_cfg_parse(); } int config_read(struct config_file* cfg, const char* filename, const char* chroot) { FILE *in; char *fname = (char*)filename; #ifdef HAVE_GLOB glob_t g; size_t i; int r, flags; #endif if(!fname) return 1; /* check for wildcards */ #ifdef HAVE_GLOB if(!(!strchr(fname, '*') && !strchr(fname, '?') && !strchr(fname, '[') && !strchr(fname, '{') && !strchr(fname, '~'))) { verbose(VERB_QUERY, "wildcard found, processing %s", fname); flags = 0 #ifdef GLOB_ERR | GLOB_ERR #endif #ifdef GLOB_NOSORT | GLOB_NOSORT #endif #ifdef GLOB_BRACE | GLOB_BRACE #endif #ifdef GLOB_TILDE | GLOB_TILDE #endif ; memset(&g, 0, sizeof(g)); r = glob(fname, flags, NULL, &g); if(r) { /* some error */ globfree(&g); if(r == GLOB_NOMATCH) { verbose(VERB_QUERY, "include: " "no matches for %s", fname); return 1; } else if(r == GLOB_NOSPACE) { log_err("include: %s: " "fnametern out of memory", fname); } else if(r == GLOB_ABORTED) { log_err("wildcard include: %s: expansion " "aborted (%s)", fname, strerror(errno)); } else { log_err("wildcard include: %s: expansion " "failed (%s)", fname, strerror(errno)); } /* ignore globs that yield no files */ return 1; } /* process files found, if any */ for(i=0; i<(size_t)g.gl_pathc; i++) { if(!config_read(cfg, g.gl_pathv[i], chroot)) { log_err("error reading wildcard " "include: %s", g.gl_pathv[i]); globfree(&g); return 0; } } globfree(&g); return 1; } #endif /* HAVE_GLOB */ in = fopen(fname, "r"); if(!in) { log_err("Could not open %s: %s", fname, strerror(errno)); return 0; } create_cfg_parser(cfg, fname, chroot); ub_c_in = in; ub_c_parse(); fclose(in); if(cfg_parser->errors != 0) { fprintf(stderr, "read %s failed: %d errors in configuration file\n", cfg_parser->filename, cfg_parser->errors); errno=EINVAL; return 0; } return 1; } void config_delstrlist(struct config_strlist* p) { struct config_strlist *np; while(p) { np = p->next; free(p->str); free(p); p = np; } } void config_deldblstrlist(struct config_str2list* p) { struct config_str2list *np; while(p) { np = p->next; free(p->str); free(p->str2); free(p); p = np; } } void config_delstubs(struct config_stub* p) { struct config_stub* np; while(p) { np = p->next; free(p->name); config_delstrlist(p->hosts); config_delstrlist(p->addrs); free(p); p = np; } } void config_delete(struct config_file* cfg) { if(!cfg) return; free(cfg->username); free(cfg->chrootdir); free(cfg->directory); free(cfg->logfile); free(cfg->pidfile); free(cfg->target_fetch_policy); free(cfg->ssl_service_key); free(cfg->ssl_service_pem); if(cfg->ifs) { int i; for(i=0; inum_ifs; i++) free(cfg->ifs[i]); free(cfg->ifs); } if(cfg->out_ifs) { int i; for(i=0; inum_out_ifs; i++) free(cfg->out_ifs[i]); free(cfg->out_ifs); } config_delstubs(cfg->stubs); config_delstubs(cfg->forwards); config_delstrlist(cfg->donotqueryaddrs); config_delstrlist(cfg->root_hints); free(cfg->identity); free(cfg->version); free(cfg->module_conf); free(cfg->outgoing_avail_ports); config_delstrlist(cfg->private_address); config_delstrlist(cfg->private_domain); config_delstrlist(cfg->auto_trust_anchor_file_list); config_delstrlist(cfg->trust_anchor_file_list); config_delstrlist(cfg->trusted_keys_file_list); config_delstrlist(cfg->trust_anchor_list); config_delstrlist(cfg->domain_insecure); free(cfg->dlv_anchor_file); config_delstrlist(cfg->dlv_anchor_list); config_deldblstrlist(cfg->acls); free(cfg->val_nsec3_key_iterations); config_deldblstrlist(cfg->local_zones); config_delstrlist(cfg->local_zones_nodefault); config_delstrlist(cfg->local_data); config_delstrlist(cfg->control_ifs); free(cfg->server_key_file); free(cfg->server_cert_file); free(cfg->control_key_file); free(cfg->control_cert_file); free(cfg); } static void init_outgoing_availports(int* a, int num) { /* generated with make iana_update */ const int iana_assigned[] = { #include "util/iana_ports.inc" -1 }; /* end marker to put behind trailing comma */ int i; /* do not use <1024, that could be trouble with the system, privs */ for(i=1024; i= (int)sizeof(buf) ) { log_err("cannot parse port number '%s'", str); return 0; } if(mid > str) memcpy(buf, str, (size_t)(mid-str)); buf[mid-str] = 0; low = atoi(buf); if(low == 0 && strcmp(buf, "0") != 0) { log_err("cannot parse port number '%s'", buf); return 0; } for(i=low; i<=high; i++) { if(i < num) avail[i] = (allow?i:0); } return 1; } return 1; } int cfg_scan_ports(int* avail, int num) { int i; int count = 0; for(i=0; ioutgoing_avail_ports, 65536); int i, at = 0; *avail = NULL; if(num == 0) return 0; *avail = (int*)malloc(sizeof(int)*num); if(!*avail) return 0; for(i=0; i<65536; i++) { if(cfg->outgoing_avail_ports[i]) (*avail)[at++] = cfg->outgoing_avail_ports[i]; } log_assert(at == num); return num; } /** print error with file and line number */ static void ub_c_error_va_list(const char *fmt, va_list args) { cfg_parser->errors++; fprintf(stderr, "%s:%d: error: ", cfg_parser->filename, cfg_parser->line); vfprintf(stderr, fmt, args); fprintf(stderr, "\n"); } /** print error with file and line number */ void ub_c_error_msg(const char* fmt, ...) { va_list args; va_start(args, fmt); ub_c_error_va_list(fmt, args); va_end(args); } void ub_c_error(const char *str) { cfg_parser->errors++; fprintf(stderr, "%s:%d: error: %s\n", cfg_parser->filename, cfg_parser->line, str); } int ub_c_wrap(void) { return 1; } int cfg_strlist_append(struct config_strlist_head* list, char* item) { struct config_strlist *s; if(!item || !list) return 0; s = (struct config_strlist*)calloc(1, sizeof(struct config_strlist)); if(!s) return 0; s->str = item; s->next = NULL; if(list->last) list->last->next = s; else list->first = s; list->last = s; return 1; } int cfg_strlist_insert(struct config_strlist** head, char* item) { struct config_strlist *s; if(!item || !head) return 0; s = (struct config_strlist*)calloc(1, sizeof(struct config_strlist)); if(!s) return 0; s->str = item; s->next = *head; *head = s; return 1; } int cfg_str2list_insert(struct config_str2list** head, char* item, char* i2) { struct config_str2list *s; if(!item || !i2 || !head) return 0; s = (struct config_str2list*)calloc(1, sizeof(struct config_str2list)); if(!s) return 0; s->str = item; s->str2 = i2; s->next = *head; *head = s; return 1; } time_t cfg_convert_timeval(const char* str) { time_t t; struct tm tm; memset(&tm, 0, sizeof(tm)); if(strlen(str) < 14) return 0; if(sscanf(str, "%4d%2d%2d%2d%2d%2d", &tm.tm_year, &tm.tm_mon, &tm.tm_mday, &tm.tm_hour, &tm.tm_min, &tm.tm_sec) != 6) return 0; tm.tm_year -= 1900; tm.tm_mon--; /* Check values */ if (tm.tm_year < 70) return 0; if (tm.tm_mon < 0 || tm.tm_mon > 11) return 0; if (tm.tm_mday < 1 || tm.tm_mday > 31) return 0; if (tm.tm_hour < 0 || tm.tm_hour > 23) return 0; if (tm.tm_min < 0 || tm.tm_min > 59) return 0; if (tm.tm_sec < 0 || tm.tm_sec > 59) return 0; /* call ldns conversion function */ t = sldns_mktime_from_utc(&tm); return t; } int cfg_count_numbers(const char* s) { /* format ::= (sp num)+ sp */ /* num ::= [-](0-9)+ */ /* sp ::= (space|tab)* */ int num = 0; while(*s) { while(*s && isspace((int)*s)) s++; if(!*s) /* end of string */ break; if(*s == '-') s++; if(!*s) /* only - not allowed */ return 0; if(!isdigit((int)*s)) /* bad character */ return 0; while(*s && isdigit((int)*s)) s++; num++; } return num; } /** all digit number */ static int isalldigit(const char* str, size_t l) { size_t i; for(i=0; i0 && str[len-1]==' ') len--; if(len > 1 && str[len-1] == 'b') len--; else if(len > 1 && str[len-1] == 'B') len--; if(len > 1 && tolower(str[len-1]) == 'g') mult = 1024*1024*1024; else if(len > 1 && tolower(str[len-1]) == 'm') mult = 1024*1024; else if(len > 1 && tolower(str[len-1]) == 'k') mult = 1024; else if(len > 0 && isdigit(str[len-1])) mult = 1; else { log_err("unknown size specifier: '%s'", str); return 0; } while(len>1 && str[len-2]==' ') len--; if(!isalldigit(str, len-1)) { log_err("unknown size specifier: '%s'", str); return 0; } *res = ((size_t)atol(str)) * mult; return 1; } void config_apply(struct config_file* config) { MAX_TTL = (time_t)config->max_ttl; MIN_TTL = (time_t)config->min_ttl; EDNS_ADVERTISED_SIZE = (uint16_t)config->edns_buffer_size; MINIMAL_RESPONSES = config->minimal_responses; RRSET_ROUNDROBIN = config->rrset_roundrobin; log_set_time_asc(config->log_time_ascii); } /** * Calculate string length of full pathname in original filesys * @param fname: the path name to convert. * Must not be null or empty. * @param cfg: config struct for chroot and chdir (if set). * @param use_chdir: if false, only chroot is applied. * @return length of string. * remember to allocate one more for 0 at end in mallocs. */ static size_t strlen_after_chroot(const char* fname, struct config_file* cfg, int use_chdir) { size_t len = 0; int slashit = 0; if(cfg->chrootdir && cfg->chrootdir[0] && strncmp(cfg->chrootdir, fname, strlen(cfg->chrootdir)) == 0) { /* already full pathname, return it */ return strlen(fname); } /* chroot */ if(cfg->chrootdir && cfg->chrootdir[0]) { /* start with chrootdir */ len += strlen(cfg->chrootdir); slashit = 1; } /* chdir */ #ifdef UB_ON_WINDOWS if(fname[0] != 0 && fname[1] == ':') { /* full path, no chdir */ } else #endif if(fname[0] == '/' || !use_chdir) { /* full path, no chdir */ } else if(cfg->directory && cfg->directory[0]) { /* prepend chdir */ if(slashit && cfg->directory[0] != '/') len++; if(cfg->chrootdir && cfg->chrootdir[0] && strncmp(cfg->chrootdir, cfg->directory, strlen(cfg->chrootdir)) == 0) len += strlen(cfg->directory)-strlen(cfg->chrootdir); else len += strlen(cfg->directory); slashit = 1; } /* fname */ if(slashit && fname[0] != '/') len++; len += strlen(fname); return len; } char* fname_after_chroot(const char* fname, struct config_file* cfg, int use_chdir) { size_t len = strlen_after_chroot(fname, cfg, use_chdir)+1; int slashit = 0; char* buf = (char*)malloc(len); if(!buf) return NULL; buf[0] = 0; /* is fname already in chroot ? */ if(cfg->chrootdir && cfg->chrootdir[0] && strncmp(cfg->chrootdir, fname, strlen(cfg->chrootdir)) == 0) { /* already full pathname, return it */ (void)strlcpy(buf, fname, len); buf[len-1] = 0; return buf; } /* chroot */ if(cfg->chrootdir && cfg->chrootdir[0]) { /* start with chrootdir */ (void)strlcpy(buf, cfg->chrootdir, len); slashit = 1; } #ifdef UB_ON_WINDOWS if(fname[0] != 0 && fname[1] == ':') { /* full path, no chdir */ } else #endif /* chdir */ if(fname[0] == '/' || !use_chdir) { /* full path, no chdir */ } else if(cfg->directory && cfg->directory[0]) { /* prepend chdir */ if(slashit && cfg->directory[0] != '/') (void)strlcat(buf, "/", len); /* is the directory already in the chroot? */ if(cfg->chrootdir && cfg->chrootdir[0] && strncmp(cfg->chrootdir, cfg->directory, strlen(cfg->chrootdir)) == 0) (void)strlcat(buf, cfg->directory+strlen(cfg->chrootdir), len); else (void)strlcat(buf, cfg->directory, len); slashit = 1; } /* fname */ if(slashit && fname[0] != '/') (void)strlcat(buf, "/", len); (void)strlcat(buf, fname, len); buf[len-1] = 0; return buf; } /** return next space character in string */ static char* next_space_pos(const char* str) { char* sp = strchr(str, ' '); char* tab = strchr(str, '\t'); if(!tab && !sp) return NULL; if(!sp) return tab; if(!tab) return sp; return (sptab)?sp:tab; } int cfg_parse_local_zone(struct config_file* cfg, const char* val) { const char *type, *name_end, *name; char buf[256]; /* parse it as: [zone_name] [between stuff] [zone_type] */ name = val; while(*name && isspace(*name)) name++; if(!*name) { log_err("syntax error: too short: %s", val); return 0; } name_end = next_space_pos(name); if(!name_end || !*name_end) { log_err("syntax error: expected zone type: %s", val); return 0; } if (name_end - name > 255) { log_err("syntax error: bad zone name: %s", val); return 0; } (void)strlcpy(buf, name, sizeof(buf)); buf[name_end-name] = '\0'; type = last_space_pos(name_end); while(type && *type && isspace(*type)) type++; if(!type || !*type) { log_err("syntax error: expected zone type: %s", val); return 0; } if(strcmp(type, "nodefault")==0) { return cfg_strlist_insert(&cfg->local_zones_nodefault, strdup(name)); } else { return cfg_str2list_insert(&cfg->local_zones, strdup(buf), strdup(type)); } } char* cfg_ptr_reverse(char* str) { char* ip, *ip_end; char* name; char* result; char buf[1024]; struct sockaddr_storage addr; socklen_t addrlen; /* parse it as: [IP] [between stuff] [name] */ ip = str; while(*ip && isspace(*ip)) ip++; if(!*ip) { log_err("syntax error: too short: %s", str); return NULL; } ip_end = next_space_pos(ip); if(!ip_end || !*ip_end) { log_err("syntax error: expected name: %s", str); return NULL; } name = last_space_pos(ip_end); if(!name || !*name) { log_err("syntax error: expected name: %s", str); return NULL; } sscanf(ip, "%100s", buf); buf[sizeof(buf)-1]=0; if(!ipstrtoaddr(buf, UNBOUND_DNS_PORT, &addr, &addrlen)) { log_err("syntax error: cannot parse address: %s", str); return NULL; } /* reverse IPv4: * ddd.ddd.ddd.ddd.in-addr-arpa. * IPv6: (h.){32}.ip6.arpa. */ if(addr_is_ip6(&addr, addrlen)) { uint8_t ad[16]; const char* hex = "0123456789abcdef"; char *p = buf; int i; memmove(ad, &((struct sockaddr_in6*)&addr)->sin6_addr, sizeof(ad)); for(i=15; i>=0; i--) { uint8_t b = ad[i]; *p++ = hex[ (b&0x0f) ]; *p++ = '.'; *p++ = hex[ (b&0xf0) >> 4 ]; *p++ = '.'; } snprintf(buf+16*4, sizeof(buf)-16*4, "ip6.arpa. "); } else { uint8_t ad[4]; memmove(ad, &((struct sockaddr_in*)&addr)->sin_addr, sizeof(ad)); snprintf(buf, sizeof(buf), "%u.%u.%u.%u.in-addr.arpa. ", (unsigned)ad[3], (unsigned)ad[2], (unsigned)ad[1], (unsigned)ad[0]); } /* printed the reverse address, now the between goop and name on end */ while(*ip_end && isspace(*ip_end)) ip_end++; if(name>ip_end) { snprintf(buf+strlen(buf), sizeof(buf)-strlen(buf), "%.*s", (int)(name-ip_end), ip_end); } snprintf(buf+strlen(buf), sizeof(buf)-strlen(buf), " PTR %s", name); result = strdup(buf); if(!result) { log_err("out of memory parsing %s", str); return NULL; } return result; } #ifdef UB_ON_WINDOWS char* w_lookup_reg_str(const char* key, const char* name) { HKEY hk = NULL; DWORD type = 0; BYTE buf[1024]; DWORD len = (DWORD)sizeof(buf); LONG ret; char* result = NULL; ret = RegOpenKeyEx(HKEY_LOCAL_MACHINE, key, 0, KEY_READ, &hk); if(ret == ERROR_FILE_NOT_FOUND) return NULL; /* key does not exist */ else if(ret != ERROR_SUCCESS) { log_err("RegOpenKeyEx failed"); return NULL; } ret = RegQueryValueEx(hk, (LPCTSTR)name, 0, &type, buf, &len); if(RegCloseKey(hk)) log_err("RegCloseKey"); if(ret == ERROR_FILE_NOT_FOUND) return NULL; /* name does not exist */ else if(ret != ERROR_SUCCESS) { log_err("RegQueryValueEx failed"); return NULL; } if(type == REG_SZ || type == REG_MULTI_SZ || type == REG_EXPAND_SZ) { buf[sizeof(buf)-1] = 0; buf[sizeof(buf)-2] = 0; /* for multi_sz */ result = strdup((char*)buf); if(!result) log_err("out of memory"); } return result; } #endif /* UB_ON_WINDOWS */ void errinf(struct module_qstate* qstate, const char* str) { struct config_strlist* p; if(qstate->env->cfg->val_log_level < 2 || !str) return; p = (struct config_strlist*)regional_alloc(qstate->region, sizeof(*p)); if(!p) { log_err("malloc failure in validator-error-info string"); return; } p->next = NULL; p->str = regional_strdup(qstate->region, str); if(!p->str) { log_err("malloc failure in validator-error-info string"); return; } /* add at end */ if(qstate->errinf) { struct config_strlist* q = qstate->errinf; while(q->next) q = q->next; q->next = p; } else qstate->errinf = p; } void errinf_origin(struct module_qstate* qstate, struct sock_list *origin) { struct sock_list* p; if(qstate->env->cfg->val_log_level < 2) return; for(p=origin; p; p=p->next) { char buf[256]; if(p == origin) snprintf(buf, sizeof(buf), "from "); else snprintf(buf, sizeof(buf), "and "); if(p->len == 0) snprintf(buf+strlen(buf), sizeof(buf)-strlen(buf), "cache"); else addr_to_str(&p->addr, p->len, buf+strlen(buf), sizeof(buf)-strlen(buf)); errinf(qstate, buf); } } char* errinf_to_str(struct module_qstate* qstate) { char buf[20480]; char* p = buf; size_t left = sizeof(buf); struct config_strlist* s; char dname[LDNS_MAX_DOMAINLEN+1]; char t[16], c[16]; sldns_wire2str_type_buf(qstate->qinfo.qtype, t, sizeof(t)); sldns_wire2str_class_buf(qstate->qinfo.qclass, c, sizeof(c)); dname_str(qstate->qinfo.qname, dname); snprintf(p, left, "validation failure <%s %s %s>:", dname, t, c); left -= strlen(p); p += strlen(p); if(!qstate->errinf) snprintf(p, left, " misc failure"); else for(s=qstate->errinf; s; s=s->next) { snprintf(p, left, " %s", s->str); left -= strlen(p); p += strlen(p); } p = strdup(buf); if(!p) log_err("malloc failure in errinf_to_str"); return p; } void errinf_rrset(struct module_qstate* qstate, struct ub_packed_rrset_key *rr) { char buf[1024]; char dname[LDNS_MAX_DOMAINLEN+1]; char t[16], c[16]; if(qstate->env->cfg->val_log_level < 2 || !rr) return; sldns_wire2str_type_buf(ntohs(rr->rk.type), t, sizeof(t)); sldns_wire2str_class_buf(ntohs(rr->rk.rrset_class), c, sizeof(c)); dname_str(rr->rk.dname, dname); snprintf(buf, sizeof(buf), "for <%s %s %s>", dname, t, c); errinf(qstate, buf); } void errinf_dname(struct module_qstate* qstate, const char* str, uint8_t* dname) { char b[1024]; char buf[LDNS_MAX_DOMAINLEN+1]; if(qstate->env->cfg->val_log_level < 2 || !str || !dname) return; dname_str(dname, buf); snprintf(b, sizeof(b), "%s %s", str, buf); errinf(qstate, b); } Index: head/contrib/unbound/util/config_file.h =================================================================== --- head/contrib/unbound/util/config_file.h (revision 268838) +++ head/contrib/unbound/util/config_file.h (revision 268839) @@ -1,670 +1,672 @@ /* * util/config_file.h - reads and stores the config file for unbound. * * Copyright (c) 2007, NLnet Labs. All rights reserved. * * This software is open source. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * Redistributions of source code must retain the above copyright notice, * this list of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, * this list of conditions and the following disclaimer in the documentation * and/or other materials provided with the distribution. * * Neither the name of the NLNET LABS nor the names of its contributors may * be used to endorse or promote products derived from this software without * specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /** * \file * * This file contains functions for the config file. */ #ifndef UTIL_CONFIG_FILE_H #define UTIL_CONFIG_FILE_H struct config_stub; struct config_strlist; struct config_str2list; struct module_qstate; struct sock_list; struct ub_packed_rrset_key; /** * The configuration options. * Strings are malloced. */ struct config_file { /** verbosity level as specified in the config file */ int verbosity; /** statistics interval (in seconds) */ int stat_interval; /** if false, statistics values are reset after printing them */ int stat_cumulative; /** if true, the statistics are kept in greater detail */ int stat_extended; /** number of threads to create */ int num_threads; /** port on which queries are answered. */ int port; /** do ip4 query support. */ int do_ip4; /** do ip6 query support. */ int do_ip6; /** do udp query support. */ int do_udp; /** do tcp query support. */ int do_tcp; /** tcp upstream queries (no UDP upstream queries) */ int tcp_upstream; /** private key file for dnstcp-ssl service (enabled if not NULL) */ char* ssl_service_key; /** public key file for dnstcp-ssl service */ char* ssl_service_pem; /** port on which to provide ssl service */ int ssl_port; /** if outgoing tcp connections use SSL */ int ssl_upstream; /** outgoing port range number of ports (per thread) */ int outgoing_num_ports; /** number of outgoing tcp buffers per (per thread) */ size_t outgoing_num_tcp; /** number of incoming tcp buffers per (per thread) */ size_t incoming_num_tcp; /** allowed udp port numbers, array with 0 if not allowed */ int* outgoing_avail_ports; /** EDNS buffer size to use */ size_t edns_buffer_size; /** number of bytes buffer size for DNS messages */ size_t msg_buffer_size; /** size of the message cache */ size_t msg_cache_size; /** slabs in the message cache. */ size_t msg_cache_slabs; /** number of queries every thread can service */ size_t num_queries_per_thread; /** number of msec to wait before items can be jostled out */ size_t jostle_time; /** size of the rrset cache */ size_t rrset_cache_size; /** slabs in the rrset cache */ size_t rrset_cache_slabs; /** host cache ttl in seconds */ int host_ttl; /** number of slabs in the infra host cache */ size_t infra_cache_slabs; /** max number of hosts in the infra cache */ size_t infra_cache_numhosts; /** delay close of udp-timeouted ports, if 0 no delayclose. in msec */ int delay_close; /** the target fetch policy for the iterator */ char* target_fetch_policy; /** automatic interface for incoming messages. Uses ipv6 remapping, * and recvmsg/sendmsg ancillary data to detect interfaces, boolean */ int if_automatic; /** SO_RCVBUF size to set on port 53 UDP socket */ size_t so_rcvbuf; /** SO_SNDBUF size to set on port 53 UDP socket */ size_t so_sndbuf; /** SO_REUSEPORT requested on port 53 sockets */ int so_reuseport; /** number of interfaces to open. If 0 default all interfaces. */ int num_ifs; /** interface description strings (IP addresses) */ char **ifs; /** number of outgoing interfaces to open. * If 0 default all interfaces. */ int num_out_ifs; /** outgoing interface description strings (IP addresses) */ char **out_ifs; /** the root hints */ struct config_strlist* root_hints; /** the stub definitions, linked list */ struct config_stub* stubs; /** the forward zone definitions, linked list */ struct config_stub* forwards; /** list of donotquery addresses, linked list */ struct config_strlist* donotqueryaddrs; /** list of access control entries, linked list */ struct config_str2list* acls; /** use default localhost donotqueryaddr entries */ int donotquery_localhost; /** harden against very small edns buffer sizes */ int harden_short_bufsize; /** harden against very large query sizes */ int harden_large_queries; /** harden against spoofed glue (out of zone data) */ int harden_glue; /** harden against receiving no DNSSEC data for trust anchor */ int harden_dnssec_stripped; /** harden against queries that fall under known nxdomain names */ int harden_below_nxdomain; /** harden the referral path, query for NS,A,AAAA and validate */ int harden_referral_path; /** use 0x20 bits in query as random ID bits */ int use_caps_bits_for_id; /** strip away these private addrs from answers, no DNS Rebinding */ struct config_strlist* private_address; /** allow domain (and subdomains) to use private address space */ struct config_strlist* private_domain; /** what threshold for unwanted action. */ size_t unwanted_threshold; /** the number of seconds maximal TTL used for RRsets and messages */ int max_ttl; /** the number of seconds minimum TTL used for RRsets and messages */ int min_ttl; /** if prefetching of messages should be performed. */ int prefetch; /** if prefetching of DNSKEYs should be performed. */ int prefetch_key; /** chrootdir, if not "" or chroot will be done */ char* chrootdir; /** username to change to, if not "". */ char* username; /** working directory */ char* directory; /** filename to log to. */ char* logfile; /** pidfile to write pid to. */ char* pidfile; /** should log messages be sent to syslogd */ int use_syslog; /** log timestamp in ascii UTC */ int log_time_ascii; /** log queries with one line per query */ int log_queries; /** do not report identity (id.server, hostname.bind) */ int hide_identity; /** do not report version (version.server, version.bind) */ int hide_version; /** identity, hostname is returned if "". */ char* identity; /** version, package version returned if "". */ char* version; /** the module configuration string */ char* module_conf; /** files with trusted DS and DNSKEYs in zonefile format, list */ struct config_strlist* trust_anchor_file_list; /** list of trustanchor keys, linked list */ struct config_strlist* trust_anchor_list; /** files with 5011 autotrust tracked keys */ struct config_strlist* auto_trust_anchor_file_list; /** files with trusted DNSKEYs in named.conf format, list */ struct config_strlist* trusted_keys_file_list; /** DLV anchor file */ char* dlv_anchor_file; /** DLV anchor inline */ struct config_strlist* dlv_anchor_list; /** insecure domain list */ struct config_strlist* domain_insecure; /** if not 0, this value is the validation date for RRSIGs */ int32_t val_date_override; /** the minimum for signature clock skew */ int32_t val_sig_skew_min; /** the maximum for signature clock skew */ int32_t val_sig_skew_max; /** this value sets the number of seconds before revalidating bogus */ int bogus_ttl; /** should validator clean additional section for secure msgs */ int val_clean_additional; /** log bogus messages by the validator */ int val_log_level; /** squelch val_log_level to log - this is library goes to callback */ int val_log_squelch; /** should validator allow bogus messages to go through */ int val_permissive_mode; /** ignore the CD flag in incoming queries and refuse them bogus data */ int ignore_cd; /** nsec3 maximum iterations per key size, string */ char* val_nsec3_key_iterations; /** autotrust add holddown time, in seconds */ unsigned int add_holddown; /** autotrust del holddown time, in seconds */ unsigned int del_holddown; /** autotrust keep_missing time, in seconds. 0 is forever. */ unsigned int keep_missing; /** size of the key cache */ size_t key_cache_size; /** slabs in the key cache. */ size_t key_cache_slabs; /** size of the neg cache */ size_t neg_cache_size; /** local zones config */ struct config_str2list* local_zones; /** local zones nodefault list */ struct config_strlist* local_zones_nodefault; /** local data RRs configged */ struct config_strlist* local_data; + /** unblock lan zones (reverse lookups for 10/8 and so on) */ + int unblock_lan_zones; /** remote control section. enable toggle. */ int remote_control_enable; /** the interfaces the remote control should listen on */ struct config_strlist* control_ifs; /** port number for the control port */ int control_port; /** private key file for server */ char* server_key_file; /** certificate file for server */ char* server_cert_file; /** private key file for unbound-control */ char* control_key_file; /** certificate file for unbound-control */ char* control_cert_file; /** Python script file */ char* python_script; /** daemonize, i.e. fork into the background. */ int do_daemonize; /* minimal response when positive answer */ int minimal_responses; /* RRSet roundrobin */ int rrset_roundrobin; /* maximum UDP response size */ size_t max_udp_size; }; /** * Stub config options */ struct config_stub { /** next in list */ struct config_stub* next; /** domain name (in text) of the stub apex domain */ char* name; /** list of stub nameserver hosts (domain name) */ struct config_strlist* hosts; /** list of stub nameserver addresses (IP address) */ struct config_strlist* addrs; /** if stub-prime is set */ int isprime; /** if forward-first is set (failover to without if fails) */ int isfirst; }; /** * List of strings for config options */ struct config_strlist { /** next item in list */ struct config_strlist* next; /** config option string */ char* str; }; /** * List of two strings for config options */ struct config_str2list { /** next item in list */ struct config_str2list* next; /** first string */ char* str; /** second string */ char* str2; }; /** List head for strlist processing, used for append operation. */ struct config_strlist_head { /** first in list of text items */ struct config_strlist* first; /** last in list of text items */ struct config_strlist* last; }; /** * Create config file structure. Filled with default values. * @return: the new structure or NULL on memory error. */ struct config_file* config_create(void); /** * Create config file structure for library use. Filled with default values. * @return: the new structure or NULL on memory error. */ struct config_file* config_create_forlib(void); /** * Read the config file from the specified filename. * @param config: where options are stored into, must be freshly created. * @param filename: name of configfile. If NULL nothing is done. * @param chroot: if not NULL, the chroot dir currently in use (for include). * @return: false on error. In that case errno is set, ENOENT means * file not found. */ int config_read(struct config_file* config, const char* filename, const char* chroot); /** * Destroy the config file structure. * @param config: to delete. */ void config_delete(struct config_file* config); /** * Apply config to global constants; this routine is called in single thread. * @param config: to apply. Side effect: global constants change. */ void config_apply(struct config_file* config); /** * Set the given keyword to the given value. * @param config: where to store config * @param option: option name, including the ':' character. * @param value: value, this string is copied if needed, or parsed. * The caller owns the value string. * @return 0 on error (malloc or syntax error). */ int config_set_option(struct config_file* config, const char* option, const char* value); /** * Call print routine for the given option. * @param cfg: config. * @param opt: option name without trailing :. * This is different from config_set_option. * @param func: print func, called as (str, arg) for every data element. * @param arg: user argument for print func. * @return false if the option name is not supported (syntax error). */ int config_get_option(struct config_file* cfg, const char* opt, void (*func)(char*,void*), void* arg); /** * Get an option and return strlist * @param cfg: config file * @param opt: option name. * @param list: list is returned here. malloced, caller must free it. * @return 0=OK, 1=syntax error, 2=malloc failed. */ int config_get_option_list(struct config_file* cfg, const char* opt, struct config_strlist** list); /** * Get an option and collate results into string * @param cfg: config file * @param opt: option name. * @param str: string. malloced, caller must free it. * @return 0=OK, 1=syntax error, 2=malloc failed. */ int config_get_option_collate(struct config_file* cfg, const char* opt, char** str); /** * function to print to a file, use as func with config_get_option. * @param line: text to print. \n appended. * @param arg: pass a FILE*, like stdout. */ void config_print_func(char* line, void* arg); /** * function to collate the text strings into a strlist_head. * @param line: text to append. * @param arg: pass a strlist_head structure. zeroed on start. */ void config_collate_func(char* line, void* arg); /** * take a strlist_head list and return a malloc string. separated with newline. * @param list: strlist first to collate. zeroes return "". * @return NULL on malloc failure. Or if malloc failure happened in strlist. */ char* config_collate_cat(struct config_strlist* list); /** * Append text at end of list. * @param list: list head. zeroed at start. * @param item: new item. malloced by caller. if NULL the insertion fails. * @return true on success. */ int cfg_strlist_append(struct config_strlist_head* list, char* item); /** * Insert string into strlist. * @param head: pointer to strlist head variable. * @param item: new item. malloced by caller. If NULL the insertion fails. * @return: true on success. */ int cfg_strlist_insert(struct config_strlist** head, char* item); /** * Insert string into str2list. * @param head: pointer to str2list head variable. * @param item: new item. malloced by caller. If NULL the insertion fails. * @param i2: 2nd string, malloced by caller. If NULL the insertion fails. * @return: true on success. */ int cfg_str2list_insert(struct config_str2list** head, char* item, char* i2); /** * Delete items in config string list. * @param list: list. */ void config_delstrlist(struct config_strlist* list); /** * Delete items in config double string list. * @param list: list. */ void config_deldblstrlist(struct config_str2list* list); /** * Delete items in config stub list. * @param list: list. */ void config_delstubs(struct config_stub* list); /** * Convert 14digit to time value * @param str: string of 14 digits * @return time value or 0 for error. */ time_t cfg_convert_timeval(const char* str); /** * Count number of values in the string. * format ::= (sp num)+ sp * num ::= [-](0-9)+ * sp ::= (space|tab)* * * @param str: string * @return: 0 on parse error, or empty string, else * number of integer values in the string. */ int cfg_count_numbers(const char* str); /** * Convert a 'nice' memory or file size into a bytecount * From '100k' to 102400. and so on. Understands kKmMgG. * k=1024, m=1024*1024, g=1024*1024*1024. * @param str: string * @param res: result is stored here, size in bytes. * @return: true if parsed correctly, or 0 on a parse error (and an error * is logged). */ int cfg_parse_memsize(const char* str, size_t* res); /** * Parse local-zone directive into two strings and register it in the config. * @param cfg: to put it in. * @param val: argument strings to local-zone, "example.com nodefault". * @return: false on failure */ int cfg_parse_local_zone(struct config_file* cfg, const char* val); /** * Mark "number" or "low-high" as available or not in ports array. * @param str: string in input * @param allow: give true if this range is permitted. * @param avail: the array from cfg. * @param num: size of the array (65536). * @return: true if parsed correctly, or 0 on a parse error (and an error * is logged). */ int cfg_mark_ports(const char* str, int allow, int* avail, int num); /** * Get a condensed list of ports returned. allocated. * @param cfg: config file. * @param avail: the available ports array is returned here. * @return: number of ports in array or 0 on error. */ int cfg_condense_ports(struct config_file* cfg, int** avail); /** * Scan ports available * @param avail: the array from cfg. * @param num: size of the array (65536). * @return the number of ports available for use. */ int cfg_scan_ports(int* avail, int num); /** * Convert a filename to full pathname in original filesys * @param fname: the path name to convert. * Must not be null or empty. * @param cfg: config struct for chroot and chdir (if set). * @param use_chdir: if false, only chroot is applied. * @return pointer to malloced buffer which is: [chroot][chdir]fname * or NULL on malloc failure. */ char* fname_after_chroot(const char* fname, struct config_file* cfg, int use_chdir); /** * Convert a ptr shorthand into a full reverse-notation PTR record. * @param str: input string, "IP name" * @return: malloced string "reversed-ip-name PTR name" */ char* cfg_ptr_reverse(char* str); /** * Append text to the error info for validation. * @param qstate: query state. * @param str: copied into query region and appended. * Failures to allocate are logged. */ void errinf(struct module_qstate* qstate, const char* str); /** * Append text to error info: from 1.2.3.4 * @param qstate: query state. * @param origin: sock list with origin of trouble. * Every element added. * If NULL: nothing is added. * if 0len element: 'from cache' is added. */ void errinf_origin(struct module_qstate* qstate, struct sock_list *origin); /** * Append text to error info: for RRset name type class * @param qstate: query state. * @param rr: rrset_key. */ void errinf_rrset(struct module_qstate* qstate, struct ub_packed_rrset_key *rr); /** * Append text to error info: str dname * @param qstate: query state. * @param str: explanation string * @param dname: the dname. */ void errinf_dname(struct module_qstate* qstate, const char* str, uint8_t* dname); /** * Create error info in string * @param qstate: query state. * @return string or NULL on malloc failure (already logged). * This string is malloced and has to be freed by caller. */ char* errinf_to_str(struct module_qstate* qstate); /** * Used during options parsing */ struct config_parser_state { /** name of file being parser */ char* filename; /** line number in the file, starts at 1 */ int line; /** number of errors encountered */ int errors; /** the result of parsing is stored here. */ struct config_file* cfg; /** the current chroot dir (or NULL if none) */ const char* chroot; }; /** global config parser object used during config parsing */ extern struct config_parser_state* cfg_parser; /** init lex state */ void init_cfg_parse(void); /** lex in file */ extern FILE* ub_c_in; /** lex out file */ extern FILE* ub_c_out; /** the yacc lex generated parse function */ int ub_c_parse(void); /** the lexer function */ int ub_c_lex(void); /** wrap function */ int ub_c_wrap(void); /** parsing helpers: print error with file and line numbers */ void ub_c_error(const char* msg); /** parsing helpers: print error with file and line numbers */ void ub_c_error_msg(const char* fmt, ...) ATTR_FORMAT(printf, 1, 2); #ifdef UB_ON_WINDOWS /** * Obtain registry string (if it exists). * @param key: key string * @param name: name of value to fetch. * @return malloced string with the result or NULL if it did not * exist on an error (logged with log_err) was encountered. */ char* w_lookup_reg_str(const char* key, const char* name); #endif /* UB_ON_WINDOWS */ #endif /* UTIL_CONFIG_FILE_H */ Index: head/contrib/unbound/util/configlexer.c =================================================================== --- head/contrib/unbound/util/configlexer.c (revision 268838) +++ head/contrib/unbound/util/configlexer.c (revision 268839) @@ -1,3614 +1,3632 @@ #include "config.h" #include "util/configyyrename.h" #line 3 "" #define YY_INT_ALIGNED short int /* A lexical scanner generated by flex */ #define FLEX_SCANNER #define YY_FLEX_MAJOR_VERSION 2 #define YY_FLEX_MINOR_VERSION 5 #define YY_FLEX_SUBMINOR_VERSION 37 #if YY_FLEX_SUBMINOR_VERSION > 0 #define FLEX_BETA #endif /* First, we deal with platform-specific or compiler-specific issues. */ #if defined(__FreeBSD__) #ifndef __STDC_LIMIT_MACROS #define __STDC_LIMIT_MACROS #endif #include #include #else #define __dead2 #endif /* begin standard C headers. */ #include #include #include #include /* end standard C headers. */ /* flex integer type definitions */ #ifndef FLEXINT_H #define FLEXINT_H /* C99 systems have . Non-C99 systems may or may not. */ #if defined(__FreeBSD__) || \ (defined (__STDC_VERSION__) && __STDC_VERSION__ >= 199901L) /* C99 says to define __STDC_LIMIT_MACROS before including stdint.h, * if you want the limit (max/min) macros for int types. */ #ifndef __STDC_LIMIT_MACROS #define __STDC_LIMIT_MACROS 1 #endif #include typedef int8_t flex_int8_t; typedef uint8_t flex_uint8_t; typedef int16_t flex_int16_t; typedef uint16_t flex_uint16_t; typedef int32_t flex_int32_t; typedef uint32_t flex_uint32_t; #else typedef signed char flex_int8_t; typedef short int flex_int16_t; typedef int flex_int32_t; typedef unsigned char flex_uint8_t; typedef unsigned short int flex_uint16_t; typedef unsigned int flex_uint32_t; /* Limits of integral types. */ #ifndef INT8_MIN #define INT8_MIN (-128) #endif #ifndef INT16_MIN #define INT16_MIN (-32767-1) #endif #ifndef INT32_MIN #define INT32_MIN (-2147483647-1) #endif #ifndef INT8_MAX #define INT8_MAX (127) #endif #ifndef INT16_MAX #define INT16_MAX (32767) #endif #ifndef INT32_MAX #define INT32_MAX (2147483647) #endif #ifndef UINT8_MAX #define UINT8_MAX (255U) #endif #ifndef UINT16_MAX #define UINT16_MAX (65535U) #endif #ifndef UINT32_MAX #define UINT32_MAX (4294967295U) #endif #endif /* ! C99 */ #endif /* ! FLEXINT_H */ #ifdef __cplusplus /* The "const" storage-class-modifier is valid. */ #define YY_USE_CONST #else /* ! __cplusplus */ /* C99 requires __STDC__ to be defined as 1. */ #if defined (__STDC__) #define YY_USE_CONST #endif /* defined (__STDC__) */ #endif /* ! __cplusplus */ #ifdef YY_USE_CONST #define yyconst const #else #define yyconst #endif /* Returned upon end-of-file. */ #define YY_NULL 0 /* Promotes a possibly negative, possibly signed char to an unsigned * integer for use as an array index. If the signed char is negative, * we want to instead treat it as an 8-bit unsigned char, hence the * double cast. */ #define YY_SC_TO_UI(c) ((unsigned int) (unsigned char) c) /* Enter a start condition. This macro really ought to take a parameter, * but we do it the disgusting crufty way forced on us by the ()-less * definition of BEGIN. */ #define BEGIN (yy_start) = 1 + 2 * /* Translate the current start state into a value that can be later handed * to BEGIN to return to the state. The YYSTATE alias is for lex * compatibility. */ #define YY_START (((yy_start) - 1) / 2) #define YYSTATE YY_START /* Action number for EOF rule of a given start state. */ #define YY_STATE_EOF(state) (YY_END_OF_BUFFER + state + 1) /* Special action meaning "start processing a new file". */ #define YY_NEW_FILE yyrestart(yyin ) #define YY_END_OF_BUFFER_CHAR 0 /* Size of default input buffer. */ #ifndef YY_BUF_SIZE #define YY_BUF_SIZE 16384 #endif /* The state buf must be large enough to hold one state per character in the main buffer. */ #define YY_STATE_BUF_SIZE ((YY_BUF_SIZE + 2) * sizeof(yy_state_type)) #ifndef YY_TYPEDEF_YY_BUFFER_STATE #define YY_TYPEDEF_YY_BUFFER_STATE typedef struct yy_buffer_state *YY_BUFFER_STATE; #endif #ifndef YY_TYPEDEF_YY_SIZE_T #define YY_TYPEDEF_YY_SIZE_T typedef size_t yy_size_t; #endif extern yy_size_t yyleng; extern FILE *yyin, *yyout; #define EOB_ACT_CONTINUE_SCAN 0 #define EOB_ACT_END_OF_FILE 1 #define EOB_ACT_LAST_MATCH 2 #define YY_LESS_LINENO(n) /* Return all but the first "n" matched characters back to the input stream. */ #define yyless(n) \ do \ { \ /* Undo effects of setting up yytext. */ \ int yyless_macro_arg = (n); \ YY_LESS_LINENO(yyless_macro_arg);\ *yy_cp = (yy_hold_char); \ YY_RESTORE_YY_MORE_OFFSET \ (yy_c_buf_p) = yy_cp = yy_bp + yyless_macro_arg - YY_MORE_ADJ; \ YY_DO_BEFORE_ACTION; /* set up yytext again */ \ } \ while ( 0 ) #define unput(c) yyunput( c, (yytext_ptr) ) #ifndef YY_STRUCT_YY_BUFFER_STATE #define YY_STRUCT_YY_BUFFER_STATE struct yy_buffer_state { FILE *yy_input_file; char *yy_ch_buf; /* input buffer */ char *yy_buf_pos; /* current position in input buffer */ /* Size of input buffer in bytes, not including room for EOB * characters. */ yy_size_t yy_buf_size; /* Number of characters read into yy_ch_buf, not including EOB * characters. */ yy_size_t yy_n_chars; /* Whether we "own" the buffer - i.e., we know we created it, * and can realloc() it to grow it, and should free() it to * delete it. */ int yy_is_our_buffer; /* Whether this is an "interactive" input source; if so, and * if we're using stdio for input, then we want to use getc() * instead of fread(), to make sure we stop fetching input after * each newline. */ int yy_is_interactive; /* Whether we're considered to be at the beginning of a line. * If so, '^' rules will be active on the next match, otherwise * not. */ int yy_at_bol; int yy_bs_lineno; /**< The line count. */ int yy_bs_column; /**< The column count. */ /* Whether to try to fill the input buffer when we reach the * end of it. */ int yy_fill_buffer; int yy_buffer_status; #define YY_BUFFER_NEW 0 #define YY_BUFFER_NORMAL 1 /* When an EOF's been seen but there's still some text to process * then we mark the buffer as YY_EOF_PENDING, to indicate that we * shouldn't try reading from the input source any more. We might * still have a bunch of tokens to match, though, because of * possible backing-up. * * When we actually see the EOF, we change the status to "new" * (via yyrestart()), so that the user can continue scanning by * just pointing yyin at a new input file. */ #define YY_BUFFER_EOF_PENDING 2 }; #endif /* !YY_STRUCT_YY_BUFFER_STATE */ /* Stack of input buffers. */ static size_t yy_buffer_stack_top = 0; /**< index of top of stack. */ static size_t yy_buffer_stack_max = 0; /**< capacity of stack. */ static YY_BUFFER_STATE * yy_buffer_stack = 0; /**< Stack as an array. */ /* We provide macros for accessing buffer states in case in the * future we want to put the buffer states in a more general * "scanner state". * * Returns the top of the stack, or NULL. */ #define YY_CURRENT_BUFFER ( (yy_buffer_stack) \ ? (yy_buffer_stack)[(yy_buffer_stack_top)] \ : NULL) #define yy_current_buffer YY_CURRENT_BUFFER /* Same as previous macro, but useful when we know that the buffer stack is not * NULL or when we need an lvalue. For internal use only. */ #define YY_CURRENT_BUFFER_LVALUE (yy_buffer_stack)[(yy_buffer_stack_top)] /* yy_hold_char holds the character lost when yytext is formed. */ static char yy_hold_char; static yy_size_t yy_n_chars; /* number of characters read into yy_ch_buf */ yy_size_t yyleng; /* Points to current character in buffer. */ static char *yy_c_buf_p = (char *) 0; static int yy_init = 0; /* whether we need to initialize */ static int yy_start = 0; /* start state number */ /* Flag which is used to allow yywrap()'s to do buffer switches * instead of setting up a fresh yyin. A bit of a hack ... */ static int yy_did_buffer_switch_on_eof; void yyrestart (FILE *input_file ); void yy_switch_to_buffer (YY_BUFFER_STATE new_buffer ); YY_BUFFER_STATE yy_create_buffer (FILE *file,int size ); void yy_delete_buffer (YY_BUFFER_STATE b ); void yy_flush_buffer (YY_BUFFER_STATE b ); void yypush_buffer_state (YY_BUFFER_STATE new_buffer ); void yypop_buffer_state (void ); static void yyensure_buffer_stack (void ); static void yy_load_buffer_state (void ); static void yy_init_buffer (YY_BUFFER_STATE b,FILE *file ); #define YY_FLUSH_BUFFER yy_flush_buffer(YY_CURRENT_BUFFER ) YY_BUFFER_STATE yy_scan_buffer (char *base,yy_size_t size ); YY_BUFFER_STATE yy_scan_string (yyconst char *yy_str ); YY_BUFFER_STATE yy_scan_bytes (yyconst char *bytes,yy_size_t len ); void *yyalloc (yy_size_t ); void *yyrealloc (void *,yy_size_t ); void yyfree (void * ); #define yy_new_buffer yy_create_buffer #define yy_set_interactive(is_interactive) \ { \ if ( ! YY_CURRENT_BUFFER ){ \ yyensure_buffer_stack (); \ YY_CURRENT_BUFFER_LVALUE = \ yy_create_buffer(yyin,YY_BUF_SIZE ); \ } \ YY_CURRENT_BUFFER_LVALUE->yy_is_interactive = is_interactive; \ } #define yy_set_bol(at_bol) \ { \ if ( ! YY_CURRENT_BUFFER ){\ yyensure_buffer_stack (); \ YY_CURRENT_BUFFER_LVALUE = \ yy_create_buffer(yyin,YY_BUF_SIZE ); \ } \ YY_CURRENT_BUFFER_LVALUE->yy_at_bol = at_bol; \ } #define YY_AT_BOL() (YY_CURRENT_BUFFER_LVALUE->yy_at_bol) /* Begin user sect3 */ typedef unsigned char YY_CHAR; FILE *yyin = (FILE *) 0, *yyout = (FILE *) 0; typedef int yy_state_type; extern int yylineno; int yylineno = 1; extern char *yytext; #define yytext_ptr yytext static yy_state_type yy_get_previous_state (void ); static yy_state_type yy_try_NUL_trans (yy_state_type current_state ); static int yy_get_next_buffer (void ); static void yy_fatal_error (yyconst char msg[] ) __dead2; /* Done after the current pattern has been matched and before the * corresponding action - sets up yytext. */ #define YY_DO_BEFORE_ACTION \ (yytext_ptr) = yy_bp; \ (yytext_ptr) -= (yy_more_len); \ yyleng = (size_t) (yy_cp - (yytext_ptr)); \ (yy_hold_char) = *yy_cp; \ *yy_cp = '\0'; \ (yy_c_buf_p) = yy_cp; -#define YY_NUM_RULES 146 -#define YY_END_OF_BUFFER 147 +#define YY_NUM_RULES 147 +#define YY_END_OF_BUFFER 148 /* This struct is not used in this scanner, but its presence is necessary. */ struct yy_trans_info { flex_int32_t yy_verify; flex_int32_t yy_nxt; }; -static yyconst flex_int16_t yy_accept[1383] = +static yyconst flex_int16_t yy_accept[1399] = { 0, - 1, 1, 128, 128, 132, 132, 136, 136, 140, 140, - 1, 1, 147, 144, 1, 126, 126, 145, 2, 145, - 144, 144, 144, 144, 144, 144, 144, 144, 144, 144, - 144, 144, 144, 144, 144, 144, 144, 144, 144, 128, - 129, 129, 130, 145, 132, 133, 133, 134, 145, 139, - 136, 137, 137, 138, 145, 140, 141, 141, 142, 145, - 143, 127, 2, 131, 145, 143, 144, 0, 1, 2, - 2, 2, 2, 144, 144, 144, 144, 144, 144, 144, - 144, 144, 144, 144, 144, 144, 144, 144, 144, 144, - 144, 144, 144, 144, 144, 144, 144, 144, 144, 144, + 1, 1, 129, 129, 133, 133, 137, 137, 141, 141, + 1, 1, 148, 145, 1, 127, 127, 146, 2, 146, + 145, 145, 145, 145, 145, 145, 145, 145, 145, 145, + 145, 145, 145, 145, 145, 145, 145, 145, 145, 129, + 130, 130, 131, 146, 133, 134, 134, 135, 146, 140, + 137, 138, 138, 139, 146, 141, 142, 142, 143, 146, + 144, 128, 2, 132, 146, 144, 145, 0, 1, 2, + 2, 2, 2, 145, 145, 145, 145, 145, 145, 145, + 145, 145, 145, 145, 145, 145, 145, 145, 145, 145, + 145, 145, 145, 145, 145, 145, 145, 145, 145, 145, - 144, 144, 144, 144, 144, 144, 144, 144, 144, 144, - 144, 144, 144, 144, 144, 144, 144, 144, 144, 144, - 144, 128, 0, 132, 0, 139, 0, 136, 140, 0, - 143, 0, 2, 2, 143, 144, 144, 144, 144, 144, - 144, 144, 144, 144, 144, 144, 144, 144, 144, 144, - 144, 144, 144, 144, 144, 144, 144, 144, 144, 144, - 144, 144, 144, 144, 144, 144, 144, 144, 144, 144, - 144, 144, 144, 144, 144, 144, 144, 144, 144, 144, - 144, 144, 144, 144, 144, 144, 144, 144, 144, 144, - 143, 144, 144, 144, 144, 144, 144, 144, 144, 144, + 145, 145, 145, 145, 145, 145, 145, 145, 145, 145, + 145, 145, 145, 145, 145, 145, 145, 145, 145, 145, + 145, 129, 0, 133, 0, 140, 0, 137, 141, 0, + 144, 0, 2, 2, 144, 145, 145, 145, 145, 145, + 145, 145, 145, 145, 145, 145, 145, 145, 145, 145, + 145, 145, 145, 145, 145, 145, 145, 145, 145, 145, + 145, 145, 145, 145, 145, 145, 145, 145, 145, 145, + 145, 145, 145, 145, 145, 145, 145, 145, 145, 145, + 145, 145, 145, 145, 145, 145, 145, 145, 145, 145, + 145, 144, 145, 145, 145, 145, 145, 145, 145, 145, - 144, 144, 144, 144, 144, 144, 144, 144, 144, 144, - 144, 144, 144, 144, 144, 144, 144, 144, 144, 144, - 144, 144, 144, 144, 144, 144, 144, 144, 144, 144, - 144, 144, 144, 144, 144, 144, 144, 144, 144, 144, - 144, 144, 144, 144, 144, 144, 144, 144, 144, 144, - 144, 144, 144, 144, 144, 144, 143, 144, 144, 144, - 144, 144, 144, 144, 144, 144, 144, 144, 144, 144, - 144, 144, 144, 144, 144, 144, 144, 144, 144, 144, - 144, 144, 144, 144, 144, 144, 144, 144, 144, 144, - 144, 144, 144, 144, 144, 144, 144, 65, 144, 144, + 145, 145, 145, 145, 145, 145, 145, 145, 145, 145, + 145, 145, 145, 145, 145, 145, 145, 145, 145, 145, + 145, 145, 145, 145, 145, 145, 145, 145, 145, 145, + 145, 145, 145, 145, 145, 145, 145, 145, 145, 145, + 145, 145, 145, 145, 145, 145, 145, 145, 145, 145, + 145, 145, 145, 145, 145, 145, 145, 145, 144, 145, + 145, 145, 145, 145, 145, 145, 145, 145, 145, 145, + 145, 145, 145, 145, 145, 145, 145, 145, 145, 145, + 145, 145, 145, 145, 145, 145, 145, 145, 145, 145, + 145, 145, 145, 145, 145, 145, 145, 145, 145, 65, - 144, 144, 144, 6, 144, 144, 144, 144, 144, 144, - 144, 144, 144, 144, 144, 144, 144, 144, 144, 144, - 144, 144, 144, 144, 144, 144, 144, 144, 144, 144, - 144, 144, 144, 144, 144, 143, 144, 144, 144, 144, - 144, 144, 144, 144, 144, 144, 144, 144, 144, 144, - 144, 144, 144, 144, 144, 144, 144, 144, 144, 144, - 144, 144, 144, 144, 144, 144, 144, 144, 144, 144, - 144, 144, 144, 144, 144, 144, 144, 144, 144, 144, - 144, 144, 144, 144, 144, 144, 144, 144, 144, 144, - 144, 144, 144, 144, 144, 144, 144, 144, 144, 144, + 145, 145, 145, 145, 145, 6, 145, 145, 145, 145, + 145, 145, 145, 145, 145, 145, 145, 145, 145, 145, + 145, 145, 145, 145, 145, 145, 145, 145, 145, 145, + 145, 145, 145, 145, 145, 145, 145, 145, 144, 145, + 145, 145, 145, 145, 145, 145, 145, 145, 145, 145, + 145, 145, 145, 145, 145, 145, 145, 145, 145, 145, + 145, 145, 145, 145, 145, 145, 145, 145, 145, 145, + 145, 145, 145, 145, 145, 145, 145, 145, 145, 145, + 145, 145, 145, 145, 145, 145, 145, 145, 145, 145, + 145, 145, 145, 145, 145, 145, 145, 145, 145, 145, - 144, 144, 144, 144, 144, 144, 144, 144, 144, 144, - 144, 144, 144, 144, 144, 144, 144, 144, 144, 143, - 144, 144, 144, 144, 29, 144, 144, 144, 144, 144, - 144, 12, 13, 144, 15, 14, 144, 144, 144, 144, - 144, 144, 144, 144, 144, 144, 144, 144, 144, 144, - 144, 144, 144, 144, 144, 144, 144, 144, 144, 144, - 144, 144, 144, 144, 144, 144, 144, 144, 144, 144, - 144, 144, 144, 121, 144, 144, 144, 144, 144, 3, - 144, 144, 144, 144, 144, 144, 144, 144, 144, 144, - 144, 144, 144, 144, 144, 144, 144, 144, 144, 144, + 145, 145, 145, 145, 145, 145, 145, 145, 145, 145, + 145, 145, 145, 145, 145, 145, 145, 145, 145, 145, + 145, 145, 145, 144, 145, 145, 145, 145, 29, 145, + 145, 145, 145, 145, 145, 12, 13, 145, 15, 14, + 145, 145, 145, 145, 145, 145, 145, 145, 145, 145, + 145, 145, 145, 145, 145, 145, 145, 145, 145, 145, + 145, 145, 145, 145, 145, 145, 145, 145, 145, 145, + 145, 145, 145, 145, 145, 145, 145, 122, 145, 145, + 145, 145, 145, 3, 145, 145, 145, 145, 145, 145, + 145, 145, 145, 145, 145, 145, 145, 145, 145, 145, - 144, 144, 144, 144, 144, 144, 144, 144, 144, 143, - 144, 144, 144, 144, 144, 144, 144, 144, 144, 144, - 144, 144, 144, 144, 144, 144, 144, 144, 144, 144, - 144, 144, 144, 144, 144, 144, 135, 144, 144, 144, - 144, 144, 144, 144, 144, 144, 144, 144, 144, 144, - 32, 144, 144, 144, 144, 144, 144, 144, 144, 144, - 33, 144, 144, 144, 144, 144, 144, 144, 144, 144, - 144, 144, 144, 144, 144, 144, 144, 144, 144, 144, - 144, 144, 144, 144, 144, 144, 144, 144, 144, 144, - 144, 144, 144, 144, 144, 144, 144, 144, 80, 135, + 145, 145, 145, 145, 145, 145, 145, 145, 145, 145, + 145, 145, 145, 145, 144, 145, 145, 145, 145, 145, + 145, 145, 145, 145, 145, 145, 145, 145, 145, 145, + 145, 145, 145, 145, 145, 145, 145, 145, 145, 145, + 145, 136, 145, 145, 145, 145, 145, 145, 145, 145, + 145, 145, 145, 145, 145, 32, 145, 145, 145, 145, + 145, 145, 145, 145, 145, 33, 145, 145, 145, 145, + 145, 145, 145, 145, 145, 145, 145, 145, 145, 145, + 145, 145, 145, 145, 145, 145, 145, 145, 145, 145, + 145, 145, 145, 145, 145, 145, 145, 145, 145, 145, - 144, 144, 144, 144, 144, 144, 144, 144, 144, 144, - 144, 144, 144, 144, 144, 144, 144, 144, 144, 144, - 144, 144, 144, 144, 144, 144, 144, 144, 144, 144, - 144, 79, 144, 144, 144, 144, 144, 144, 144, 144, - 144, 144, 144, 144, 144, 144, 144, 144, 144, 144, - 144, 144, 144, 144, 144, 144, 63, 144, 144, 144, - 144, 144, 144, 144, 144, 144, 144, 144, 144, 20, - 144, 144, 144, 144, 144, 144, 144, 144, 144, 144, - 144, 144, 144, 144, 144, 30, 144, 144, 144, 144, - 144, 144, 144, 144, 144, 144, 144, 144, 144, 144, + 145, 145, 145, 145, 80, 136, 145, 145, 145, 145, + 145, 145, 145, 145, 145, 145, 145, 145, 145, 145, + 145, 145, 145, 145, 145, 145, 145, 145, 145, 145, + 145, 145, 145, 145, 145, 145, 145, 79, 145, 145, + 145, 145, 145, 145, 145, 145, 145, 145, 145, 145, + 145, 145, 145, 145, 145, 145, 145, 145, 145, 145, + 145, 145, 63, 145, 145, 145, 145, 145, 145, 145, + 145, 145, 145, 145, 145, 20, 145, 145, 145, 145, + 145, 145, 145, 145, 145, 145, 145, 145, 145, 145, + 145, 145, 30, 145, 145, 145, 145, 145, 145, 145, - 144, 144, 144, 144, 144, 144, 31, 144, 144, 144, - 144, 144, 144, 144, 144, 144, 144, 144, 144, 144, - 144, 144, 144, 144, 144, 144, 144, 144, 144, 144, - 144, 22, 144, 144, 144, 144, 144, 144, 144, 144, - 144, 144, 144, 144, 144, 144, 144, 144, 144, 144, - 144, 144, 144, 144, 144, 144, 144, 144, 144, 144, - 144, 144, 26, 144, 27, 144, 144, 144, 66, 144, - 67, 144, 64, 144, 144, 144, 144, 144, 144, 144, - 144, 144, 144, 144, 144, 144, 144, 5, 144, 144, - 144, 144, 144, 144, 144, 144, 144, 144, 144, 144, + 145, 145, 145, 145, 145, 145, 145, 145, 145, 145, + 145, 145, 145, 31, 145, 145, 145, 145, 145, 145, + 145, 145, 145, 145, 145, 145, 145, 145, 145, 145, + 145, 145, 145, 145, 145, 145, 145, 145, 22, 145, + 145, 145, 145, 145, 145, 145, 145, 145, 145, 145, + 145, 145, 145, 145, 145, 145, 145, 145, 145, 145, + 145, 145, 145, 145, 145, 145, 145, 145, 145, 26, + 145, 27, 145, 145, 145, 66, 145, 67, 145, 64, + 145, 145, 145, 145, 145, 145, 145, 145, 145, 145, + 145, 145, 145, 145, 145, 5, 145, 145, 145, 145, - 144, 82, 144, 144, 144, 144, 144, 144, 144, 144, - 144, 144, 144, 144, 144, 144, 144, 144, 144, 144, - 144, 144, 144, 144, 144, 23, 144, 144, 144, 144, - 107, 106, 144, 144, 144, 144, 144, 144, 144, 144, - 144, 144, 144, 144, 144, 144, 144, 144, 144, 144, - 144, 34, 144, 144, 144, 144, 144, 144, 144, 144, - 69, 68, 144, 144, 144, 144, 144, 144, 103, 144, - 144, 144, 144, 144, 144, 144, 144, 144, 144, 144, - 144, 144, 144, 144, 144, 144, 144, 50, 144, 144, - 144, 144, 144, 144, 144, 144, 144, 144, 144, 144, + 145, 145, 145, 145, 145, 145, 145, 145, 145, 82, + 145, 145, 145, 145, 145, 145, 145, 145, 145, 145, + 145, 145, 145, 145, 145, 145, 145, 145, 145, 145, + 145, 145, 145, 23, 145, 145, 145, 145, 107, 106, + 145, 145, 145, 145, 145, 145, 145, 145, 145, 145, + 145, 145, 145, 145, 145, 145, 145, 145, 145, 34, + 145, 145, 145, 145, 145, 145, 145, 145, 69, 68, + 145, 145, 145, 145, 145, 145, 145, 103, 145, 145, + 145, 145, 145, 145, 145, 145, 145, 145, 145, 145, + 145, 145, 145, 145, 145, 145, 50, 145, 145, 145, - 54, 144, 144, 144, 144, 144, 144, 144, 144, 144, - 144, 144, 144, 144, 144, 144, 144, 105, 144, 144, - 144, 144, 144, 144, 144, 144, 144, 4, 144, 144, - 144, 144, 144, 144, 144, 144, 144, 144, 144, 144, - 144, 144, 144, 144, 144, 144, 144, 144, 144, 144, - 144, 144, 144, 144, 144, 144, 144, 144, 144, 144, - 100, 144, 144, 144, 144, 144, 144, 144, 115, 101, - 144, 21, 144, 144, 144, 144, 71, 144, 72, 70, - 144, 144, 144, 144, 144, 144, 78, 144, 144, 144, - 144, 144, 144, 144, 144, 144, 102, 144, 144, 144, + 145, 145, 145, 145, 145, 145, 145, 145, 145, 54, + 145, 145, 145, 145, 145, 145, 145, 145, 145, 145, + 145, 145, 145, 145, 145, 145, 105, 145, 145, 145, + 145, 145, 145, 145, 145, 145, 4, 145, 145, 145, + 145, 145, 145, 145, 145, 145, 145, 145, 145, 145, + 145, 145, 145, 145, 145, 145, 145, 145, 145, 145, + 145, 145, 145, 145, 145, 145, 145, 145, 145, 145, + 100, 145, 145, 145, 145, 145, 145, 145, 116, 101, + 145, 21, 145, 145, 145, 145, 71, 145, 72, 70, + 145, 145, 145, 145, 145, 145, 78, 145, 145, 145, - 144, 125, 144, 144, 144, 144, 144, 144, 144, 144, - 144, 144, 144, 62, 144, 144, 144, 144, 144, 144, - 144, 144, 28, 144, 144, 17, 144, 144, 144, 16, - 144, 87, 144, 144, 144, 144, 144, 144, 144, 144, - 144, 144, 144, 144, 41, 42, 144, 144, 144, 144, - 144, 144, 144, 144, 144, 144, 73, 144, 144, 144, - 144, 144, 77, 144, 144, 144, 144, 144, 144, 144, - 144, 144, 144, 144, 144, 144, 144, 81, 144, 144, - 144, 144, 144, 144, 144, 144, 144, 144, 144, 120, - 144, 144, 144, 144, 144, 144, 144, 144, 144, 144, + 145, 145, 145, 145, 145, 145, 102, 145, 145, 145, + 145, 126, 145, 145, 145, 145, 145, 145, 145, 145, + 145, 145, 145, 62, 145, 145, 145, 145, 145, 145, + 145, 145, 28, 145, 145, 17, 145, 145, 145, 16, + 145, 87, 145, 145, 145, 145, 145, 145, 145, 145, + 145, 145, 145, 145, 145, 41, 42, 145, 145, 145, + 145, 145, 145, 145, 145, 145, 145, 73, 145, 145, + 145, 145, 145, 77, 145, 145, 145, 145, 145, 145, + 145, 145, 145, 145, 145, 145, 145, 145, 81, 145, + 145, 145, 145, 145, 145, 145, 145, 145, 145, 145, - 144, 144, 144, 144, 144, 91, 144, 95, 144, 144, - 144, 144, 76, 144, 144, 113, 144, 144, 144, 144, - 144, 144, 144, 144, 144, 144, 144, 144, 144, 94, - 144, 144, 144, 144, 43, 44, 144, 49, 96, 144, - 108, 104, 144, 144, 37, 144, 98, 144, 144, 144, - 144, 144, 7, 144, 61, 112, 144, 144, 144, 144, - 144, 144, 144, 144, 144, 144, 144, 144, 144, 144, - 144, 144, 144, 144, 144, 144, 144, 144, 144, 144, - 83, 144, 144, 122, 144, 144, 144, 144, 144, 144, - 144, 144, 144, 144, 144, 144, 97, 144, 36, 38, + 121, 145, 145, 145, 145, 145, 145, 145, 145, 145, + 145, 145, 145, 145, 145, 145, 145, 91, 145, 95, + 145, 145, 145, 145, 76, 145, 145, 114, 145, 145, + 145, 145, 145, 145, 145, 145, 145, 145, 145, 145, + 145, 94, 145, 145, 145, 145, 43, 44, 145, 49, + 96, 145, 108, 104, 145, 145, 37, 145, 98, 145, + 145, 145, 145, 145, 7, 145, 61, 113, 145, 145, + 145, 145, 145, 145, 145, 145, 145, 145, 145, 145, + 145, 145, 145, 145, 145, 145, 145, 145, 145, 145, + 145, 145, 145, 83, 145, 145, 123, 145, 145, 145, - 144, 144, 144, 144, 144, 60, 144, 144, 144, 144, - 116, 18, 19, 144, 144, 144, 144, 144, 144, 58, - 144, 144, 144, 144, 144, 144, 144, 144, 144, 118, - 144, 144, 35, 144, 144, 144, 144, 144, 144, 11, - 144, 144, 144, 144, 144, 144, 144, 10, 144, 144, - 39, 144, 124, 117, 144, 144, 144, 144, 144, 144, - 144, 144, 144, 144, 90, 89, 144, 119, 114, 144, - 144, 144, 144, 144, 144, 144, 144, 144, 144, 45, - 144, 123, 144, 144, 144, 144, 40, 144, 144, 144, - 84, 86, 144, 144, 144, 88, 144, 144, 144, 144, + 145, 145, 145, 145, 145, 145, 145, 145, 145, 97, + 145, 36, 38, 145, 145, 145, 145, 145, 60, 145, + 145, 145, 145, 117, 18, 19, 145, 145, 145, 145, + 145, 145, 145, 58, 145, 145, 145, 145, 145, 145, + 145, 145, 145, 119, 145, 145, 35, 145, 145, 145, + 145, 145, 145, 11, 145, 145, 145, 145, 145, 145, + 145, 10, 145, 145, 39, 145, 125, 118, 145, 145, + 145, 145, 145, 145, 145, 145, 145, 145, 145, 90, + 89, 145, 120, 115, 145, 145, 145, 145, 145, 145, + 145, 145, 145, 145, 45, 145, 124, 145, 145, 145, - 144, 144, 144, 144, 144, 144, 144, 144, 144, 144, - 24, 144, 144, 144, 144, 144, 144, 144, 144, 144, - 144, 144, 144, 111, 144, 144, 144, 144, 144, 144, - 144, 25, 144, 9, 144, 144, 109, 51, 144, 144, - 144, 93, 144, 74, 144, 144, 144, 53, 57, 52, - 144, 46, 144, 8, 144, 144, 92, 144, 144, 144, - 56, 144, 47, 144, 110, 144, 144, 85, 75, 55, - 48, 144, 144, 144, 144, 59, 144, 144, 144, 144, - 99, 0 + 145, 40, 145, 145, 145, 84, 86, 109, 145, 145, + 145, 88, 145, 145, 145, 145, 145, 145, 145, 145, + 145, 145, 145, 145, 145, 145, 24, 145, 145, 145, + 145, 145, 145, 145, 145, 145, 145, 145, 145, 112, + 145, 145, 145, 145, 145, 145, 145, 25, 145, 9, + 145, 145, 110, 51, 145, 145, 145, 93, 145, 74, + 145, 145, 145, 53, 57, 52, 145, 46, 145, 8, + 145, 145, 92, 145, 145, 145, 56, 145, 47, 145, + 111, 145, 145, 85, 75, 55, 48, 145, 145, 145, + 145, 59, 145, 145, 145, 145, 99, 0 + } ; static yyconst flex_int32_t yy_ec[256] = { 0, 1, 1, 1, 1, 1, 1, 1, 1, 2, 3, 1, 1, 4, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 2, 1, 5, 6, 1, 1, 1, 7, 1, 1, 1, 1, 1, 8, 1, 1, 1, 1, 1, 9, 10, 1, 11, 1, 1, 1, 12, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 13, 1, 1, 1, 1, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1 } ; static yyconst flex_int32_t yy_meta[40] = { 0, 1, 2, 3, 4, 5, 1, 6, 1, 1, 1, 1, 7, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1 } ; -static yyconst flex_int16_t yy_base[1397] = +static yyconst flex_int16_t yy_base[1413] = { 0, 0, 0, 37, 40, 44, 51, 63, 75, 56, 68, - 87, 108, 2653, 2569, 50, 2760, 2760, 2760, 129, 94, + 87, 108, 2067, 1442, 50, 2793, 2793, 2793, 129, 94, 70, 104, 122, 90, 92, 115, 126, 95, 84, 132, - 135, 138, 50, 146, 148, 157, 167, 160, 151, 2566, - 2760, 2760, 2760, 70, 2404, 2760, 2760, 2760, 42, 2139, - 1931, 2760, 2760, 2760, 189, 1601, 2760, 2760, 2760, 195, - 1479, 2760, 199, 2760, 203, 111, 635, 209, 120, 0, + 135, 138, 50, 146, 148, 157, 167, 160, 151, 1368, + 2793, 2793, 2793, 70, 1259, 2793, 2793, 2793, 42, 1197, + 1142, 2793, 2793, 2793, 189, 824, 2793, 2793, 2793, 195, + 789, 2793, 199, 2793, 203, 111, 761, 209, 120, 0, 220, 0, 0, 103, 141, 149, 202, 189, 182, 204, 206, 210, 218, 215, 217, 221, 222, 223, 225, 228, 235, 248, 165, 244, 247, 233, 245, 252, 246, 251, 258, 260, 261, 262, 267, 263, 270, 271, 158, 274, - 276, 280, 277, 278, 282, 286, 283, 49, 287, 291, - 288, 588, 304, 558, 307, 386, 316, 354, 297, 320, - 236, 324, 328, 0, 321, 309, 330, 323, 226, 326, - 327, 334, 331, 337, 348, 339, 342, 344, 333, 346, - 353, 345, 351, 355, 354, 360, 363, 371, 373, 379, - 375, 382, 383, 381, 380, 392, 393, 399, 400, 396, - 402, 384, 405, 385, 406, 397, 409, 410, 413, 418, - 421, 419, 420, 417, 428, 425, 426, 438, 445, 430, - 431, 434, 442, 446, 447, 448, 451, 454, 455, 457, + 276, 280, 277, 278, 282, 286, 283, 295, 287, 291, + 288, 653, 316, 558, 307, 417, 320, 388, 347, 324, + 236, 328, 332, 0, 310, 325, 333, 327, 226, 329, + 331, 339, 336, 343, 352, 345, 335, 348, 49, 355, + 357, 349, 350, 364, 360, 369, 367, 370, 371, 380, + 381, 388, 389, 296, 337, 391, 392, 398, 400, 396, + 399, 401, 402, 385, 404, 409, 406, 410, 411, 413, + 419, 416, 418, 422, 428, 425, 427, 434, 442, 443, + 445, 440, 430, 446, 453, 450, 441, 451, 457, 458, - 458, 464, 461, 466, 467, 468, 473, 476, 474, 478, - 484, 490, 475, 483, 486, 487, 491, 493, 494, 496, - 502, 503, 504, 505, 509, 499, 510, 512, 526, 514, - 527, 515, 519, 531, 537, 533, 541, 539, 543, 549, - 545, 546, 547, 548, 553, 555, 561, 566, 557, 559, - 567, 570, 568, 590, 560, 576, 577, 580, 586, 583, - 596, 587, 595, 597, 613, 594, 611, 615, 619, 618, - 584, 621, 622, 624, 517, 623, 628, 630, 631, 627, - 629, 634, 649, 645, 646, 648, 647, 654, 661, 657, - 658, 659, 662, 663, 665, 668, 672, 2760, 674, 669, + 459, 466, 470, 461, 463, 472, 476, 473, 479, 481, + 484, 486, 492, 468, 489, 490, 493, 496, 494, 498, + 501, 504, 500, 505, 508, 509, 510, 514, 520, 519, + 516, 523, 524, 530, 529, 534, 535, 536, 539, 542, + 548, 546, 547, 550, 549, 551, 556, 564, 568, 557, + 560, 561, 569, 571, 575, 591, 577, 579, 581, 582, + 584, 595, 609, 596, 585, 597, 613, 598, 611, 614, + 623, 617, 622, 624, 627, 626, 629, 630, 631, 634, + 635, 642, 632, 646, 654, 651, 658, 659, 639, 586, + 665, 650, 661, 663, 668, 666, 669, 673, 676, 2793, - 676, 677, 679, 2760, 680, 681, 682, 683, 685, 692, - 694, 695, 697, 698, 699, 703, 704, 705, 725, 707, - 706, 716, 709, 734, 713, 736, 715, 728, 732, 723, - 739, 743, 710, 744, 745, 746, 754, 752, 753, 755, - 757, 758, 762, 766, 765, 772, 773, 777, 779, 787, - 784, 789, 790, 781, 791, 793, 799, 800, 798, 792, - 806, 805, 795, 808, 813, 807, 822, 815, 818, 819, - 826, 827, 828, 830, 829, 837, 836, 835, 844, 834, - 843, 848, 849, 850, 851, 860, 857, 858, 863, 869, - 870, 865, 871, 874, 875, 876, 877, 878, 879, 883, + 678, 680, 681, 682, 683, 2793, 684, 685, 686, 687, + 688, 698, 690, 697, 699, 702, 703, 707, 709, 710, + 730, 713, 711, 721, 714, 715, 722, 724, 739, 728, + 732, 737, 734, 741, 742, 745, 748, 750, 751, 762, + 758, 759, 760, 769, 764, 766, 771, 772, 779, 775, + 781, 784, 790, 792, 794, 800, 786, 796, 798, 804, + 805, 803, 797, 811, 810, 812, 813, 818, 814, 827, + 820, 828, 830, 833, 823, 835, 837, 839, 846, 842, + 844, 849, 845, 843, 854, 855, 859, 858, 870, 871, + 864, 872, 879, 880, 857, 881, 867, 877, 884, 886, - 885, 886, 894, 880, 890, 896, 902, 904, 887, 905, - 908, 909, 910, 911, 919, 912, 921, 913, 923, 926, - 929, 934, 925, 935, 2760, 945, 939, 941, 933, 759, - 927, 2760, 2760, 947, 2760, 2760, 948, 949, 950, 961, - 965, 958, 952, 960, 959, 974, 968, 978, 966, 986, - 988, 971, 980, 982, 989, 992, 990, 994, 998, 996, - 1004, 1007, 1006, 1008, 1010, 1011, 1013, 1015, 1016, 1022, - 1017, 1029, 1026, 2760, 1027, 1028, 1032, 1034, 1035, 2760, - 1036, 1039, 1037, 1040, 1041, 1047, 1043, 1050, 1048, 1051, - 1053, 1055, 1059, 1056, 1061, 1073, 1074, 1064, 1072, 1077, + 887, 888, 889, 892, 893, 899, 896, 900, 898, 905, + 907, 909, 911, 913, 914, 917, 920, 918, 919, 928, + 929, 931, 933, 932, 935, 939, 934, 941, 2793, 949, + 948, 945, 951, 953, 956, 2793, 2793, 958, 2793, 2793, + 954, 959, 960, 967, 976, 968, 966, 972, 974, 982, + 979, 989, 970, 991, 993, 998, 987, 999, 1000, 1001, + 1004, 1005, 1006, 1010, 1017, 1020, 1013, 1021, 1014, 1024, + 1025, 1026, 1028, 1030, 1033, 1039, 1036, 2793, 1037, 1038, + 1044, 1042, 1047, 2793, 1046, 1048, 1049, 1051, 1054, 1059, + 1056, 1060, 1062, 1063, 1066, 1069, 1068, 1061, 1072, 1078, - 1071, 1079, 1086, 1085, 1087, 1089, 1095, 1091, 1094, 1097, - 1098, 1099, 1100, 1101, 1104, 1126, 1106, 1107, 1108, 1109, - 1114, 1115, 1116, 1117, 1132, 1138, 1140, 1120, 1141, 1147, - 1149, 1143, 1152, 1150, 1156, 1157, 2760, 1163, 1159, 1160, - 1165, 1167, 1168, 1112, 1170, 1171, 1173, 1174, 1175, 1182, - 2760, 1180, 1183, 1181, 1185, 1186, 1192, 1194, 1204, 1200, - 2760, 1207, 1208, 1210, 1211, 1198, 1214, 1215, 1216, 1219, - 1222, 1223, 1225, 1230, 1232, 1220, 1234, 1227, 1233, 1235, - 1240, 1242, 1243, 1244, 1246, 1250, 1256, 1259, 1257, 1264, - 1258, 1260, 1266, 1269, 1267, 1270, 1268, 1271, 2760, 175, + 1089, 1087, 1077, 1085, 1088, 1090, 1094, 1103, 1099, 1092, + 1100, 1106, 1104, 1108, 1115, 1105, 1112, 1109, 1117, 1118, + 1142, 1119, 1121, 1125, 1122, 1126, 1127, 1129, 1133, 1135, + 1154, 1144, 1138, 1134, 1156, 1159, 1161, 1163, 1165, 1167, + 1168, 2793, 1175, 1171, 1173, 1176, 1178, 1179, 1181, 1182, + 1186, 1185, 1188, 1187, 1199, 2793, 1193, 1195, 1200, 1203, + 1204, 1206, 1207, 1217, 1219, 2793, 1225, 1222, 1227, 1221, + 1228, 1229, 1210, 1233, 1234, 1235, 1237, 1240, 1243, 1245, + 1244, 1247, 1249, 1251, 1252, 1255, 1256, 1258, 1257, 1266, + 1260, 1264, 1278, 1279, 1265, 1282, 1277, 1283, 1286, 1288, - 1275, 1273, 1280, 1281, 1291, 1290, 1283, 1284, 1294, 1292, - 1293, 1282, 1303, 1304, 1305, 1306, 1309, 1310, 1312, 1313, - 1316, 1318, 1319, 1320, 1321, 1323, 1324, 1329, 1326, 1327, - 1330, 2760, 1343, 1336, 1337, 1346, 1348, 1356, 1349, 1352, - 1354, 1362, 1358, 1364, 1367, 1360, 1370, 1371, 1373, 1374, - 1380, 1382, 1378, 1381, 1384, 1386, 2760, 1390, 1388, 1389, - 1391, 1395, 1396, 1399, 1401, 1406, 1409, 1410, 1412, 2760, - 1415, 1416, 1417, 1423, 1420, 1427, 1424, 1433, 1428, 1430, - 1434, 1438, 1437, 1439, 1444, 2760, 1446, 1452, 1449, 1458, - 1450, 1456, 1457, 1461, 1462, 1463, 1469, 1465, 1467, 1466, + 1285, 1290, 1287, 1289, 2793, 175, 1291, 1292, 1293, 1300, + 1309, 1310, 1294, 1302, 1312, 1311, 1318, 1301, 1322, 1319, + 1323, 1324, 1325, 1330, 1327, 1334, 1331, 1328, 1336, 1341, + 1339, 1342, 1347, 1348, 1345, 1349, 1350, 2793, 1357, 1356, + 1364, 1355, 1361, 1378, 1362, 1367, 1374, 1376, 1384, 1382, + 1386, 1388, 1390, 1392, 1379, 1394, 1400, 1401, 1398, 1402, + 1404, 1405, 2793, 1407, 1408, 1409, 1410, 1414, 1417, 1415, + 1419, 1421, 1431, 1426, 1435, 2793, 1436, 1438, 1428, 1445, + 1432, 1449, 1450, 1454, 1440, 1451, 1457, 1458, 1461, 1459, + 1464, 1466, 2793, 1472, 1474, 1471, 1480, 1478, 1479, 1481, - 1470, 1472, 1473, 1476, 1474, 1478, 2760, 1496, 1477, 1481, - 1488, 1489, 1480, 1501, 1490, 1502, 1504, 1509, 1506, 1510, - 1512, 1511, 1513, 1514, 1517, 1520, 1522, 1528, 1534, 1535, - 1536, 2760, 1539, 1540, 1527, 1542, 1549, 1547, 1550, 1551, - 1552, 1553, 1554, 1562, 1555, 1556, 1558, 1563, 1559, 1564, - 1565, 1566, 1571, 1579, 1568, 1584, 1586, 1588, 1589, 1591, - 1590, 1597, 2760, 1596, 2760, 1598, 1599, 1607, 2760, 1605, - 2760, 1609, 2760, 1612, 1616, 1611, 1613, 1618, 1619, 1621, - 1622, 1624, 1627, 1628, 1629, 1631, 1630, 2760, 1636, 1632, - 1640, 1637, 1643, 1644, 1645, 1648, 1656, 1652, 1655, 1659, + 1483, 1468, 1484, 1490, 1486, 1489, 1493, 1494, 1496, 1497, + 1499, 1491, 1500, 2793, 1513, 1501, 1502, 1510, 1503, 1504, + 1519, 1518, 1525, 1526, 1528, 1529, 1530, 1531, 1532, 1533, + 1541, 1534, 1539, 1542, 1547, 1558, 1559, 1555, 2793, 1561, + 1557, 1564, 1546, 1571, 1568, 1569, 1572, 1573, 1574, 1575, + 1582, 1576, 1579, 1583, 1584, 1580, 1585, 1586, 1589, 1587, + 1596, 1597, 1604, 1605, 1608, 1609, 1611, 1612, 1621, 2793, + 1617, 2793, 1618, 1619, 1627, 2793, 1629, 2793, 1631, 2793, + 1633, 1637, 1624, 1626, 1634, 1640, 1641, 1643, 1644, 1646, + 1649, 1650, 1653, 1654, 1655, 2793, 1652, 1658, 1662, 1659, - 1660, 2760, 1662, 1661, 1665, 1675, 1673, 1671, 1676, 1677, - 1678, 1679, 1680, 1682, 1687, 1688, 1684, 1690, 1691, 1696, - 1694, 1698, 1699, 1700, 1701, 2760, 1703, 1709, 1712, 1711, - 2760, 2760, 1714, 1723, 1725, 1715, 1728, 1717, 1729, 1733, - 1739, 1744, 1732, 1735, 1740, 1745, 1746, 1747, 1749, 1751, - 1754, 2760, 1760, 1756, 1762, 1763, 1753, 1766, 1764, 1775, - 2760, 2760, 1768, 1770, 1779, 1780, 1782, 1785, 2760, 1781, - 1786, 1787, 1788, 1789, 1791, 1795, 1796, 1805, 1802, 1807, - 1808, 1814, 1810, 1806, 1815, 1813, 1826, 2760, 1823, 1828, - 1834, 1817, 1830, 1831, 1836, 1833, 1840, 1842, 1848, 1844, + 1665, 1666, 1667, 1675, 1681, 1668, 1677, 1683, 1678, 2793, + 1687, 1674, 1690, 1694, 1695, 1697, 1698, 1700, 1701, 1702, + 1703, 1705, 1707, 1709, 1710, 1711, 1714, 1721, 1713, 1723, + 1716, 1719, 1722, 2793, 1729, 1734, 1737, 1724, 2793, 2793, + 1748, 1732, 1745, 1738, 1742, 1752, 1753, 1755, 1761, 1758, + 1759, 1760, 1763, 1766, 1767, 1768, 1769, 1772, 1775, 2793, + 1782, 1776, 1783, 1784, 1785, 1796, 1774, 1795, 2793, 2793, + 1789, 1799, 1800, 1801, 1807, 1803, 1806, 2793, 1808, 1809, + 1810, 1811, 1817, 1814, 1821, 1825, 1827, 1829, 1830, 1833, + 1836, 1834, 1832, 1835, 1838, 1848, 2793, 1849, 1852, 1859, - 2760, 1850, 1837, 1857, 1846, 1859, 1860, 1867, 1854, 1856, - 1863, 1864, 1865, 1870, 1872, 1874, 1877, 2760, 1878, 1880, - 1881, 1882, 1885, 1888, 1890, 1892, 1893, 2760, 1895, 1904, - 1901, 1903, 1906, 1902, 1908, 1911, 1912, 1913, 1915, 1916, - 1919, 1924, 1925, 1934, 1926, 1929, 1940, 1938, 1949, 1950, - 1939, 1957, 1942, 1955, 1946, 1953, 1961, 1960, 1967, 1963, - 2760, 1965, 1970, 1972, 1973, 1976, 1974, 1977, 2760, 2760, - 1983, 2760, 1984, 1987, 1988, 1989, 2760, 1991, 2760, 2760, - 1992, 1999, 1993, 2000, 1964, 2003, 2760, 2004, 2007, 2008, - 2012, 2013, 2014, 2016, 2015, 2017, 2760, 2018, 2019, 2020, + 1839, 1853, 1855, 1857, 1861, 1863, 1865, 1871, 1867, 2793, + 1873, 1869, 1879, 1876, 1878, 1882, 1885, 1884, 1886, 1888, + 1889, 1890, 1892, 1893, 1894, 1897, 2793, 1904, 1900, 1905, + 1907, 1912, 1902, 1915, 1910, 1918, 2793, 1922, 1929, 1923, + 1925, 1931, 1933, 1926, 1937, 1939, 1940, 1941, 1942, 1944, + 1946, 1947, 1950, 1951, 1952, 1960, 1962, 1969, 1970, 1967, + 1971, 1978, 1974, 1975, 1976, 1977, 1985, 1981, 1987, 1984, + 2793, 1989, 1991, 1995, 1998, 2000, 2001, 1997, 2793, 2793, + 1999, 2793, 2008, 2010, 2012, 2013, 2793, 2015, 2793, 2793, + 2016, 2023, 2017, 2024, 2027, 2032, 2793, 2019, 2033, 2035, - 2022, 2760, 2029, 2035, 2024, 2036, 2040, 2039, 2046, 2045, - 2032, 2053, 2049, 2760, 2047, 2055, 2057, 2058, 2059, 2060, - 2064, 2065, 2760, 2067, 2074, 2760, 2075, 2061, 2076, 2760, - 2078, 2760, 2080, 2082, 2085, 2090, 2087, 2098, 2083, 2091, - 2099, 2093, 2101, 2103, 2760, 2760, 2105, 2109, 2112, 2110, - 2115, 2117, 2116, 2118, 2119, 2124, 2760, 2125, 2127, 2126, - 2128, 2129, 2760, 2133, 2134, 2135, 2138, 2141, 2153, 2155, - 2144, 2159, 2161, 2156, 2163, 2165, 2166, 2760, 2167, 2169, - 2170, 2174, 2176, 2130, 2177, 2181, 2179, 2171, 2184, 2760, - 2187, 2188, 2191, 2193, 2195, 2196, 2198, 2199, 2200, 2203, + 2037, 2038, 2039, 2040, 2041, 2042, 2793, 2043, 2044, 2045, + 2055, 2793, 2047, 2060, 2049, 2065, 2066, 2067, 2069, 2071, + 2057, 2078, 2076, 2793, 2079, 2080, 2083, 2084, 2088, 2085, + 2086, 2090, 2793, 2099, 2101, 2793, 2092, 2091, 2093, 2793, + 2107, 2793, 2108, 2103, 2110, 2112, 2116, 2117, 2120, 2122, + 2123, 2124, 2125, 2131, 2128, 2793, 2793, 2133, 2140, 2143, + 2134, 2132, 2145, 2147, 2148, 2150, 2151, 2793, 2154, 2152, + 2156, 2155, 2158, 2793, 2160, 2161, 2168, 2169, 2165, 2173, + 2175, 2180, 2184, 2186, 2187, 2189, 2191, 2192, 2793, 2194, + 2196, 2197, 2201, 2202, 2157, 2204, 2208, 2213, 2198, 2215, - 2204, 2206, 2209, 2210, 2213, 2760, 2211, 2760, 2216, 2226, - 2229, 2232, 2760, 2220, 2222, 2760, 2236, 2237, 2244, 2245, - 2247, 2252, 2248, 2238, 2255, 2240, 2256, 2262, 2263, 2760, - 2230, 2265, 2264, 2266, 2760, 2760, 2273, 2760, 2760, 2276, - 2760, 2760, 2277, 2279, 2760, 2281, 2760, 2288, 2284, 2271, - 2267, 2286, 2760, 2293, 2760, 2760, 2290, 2294, 2297, 2298, - 2300, 2302, 2305, 2306, 2307, 2308, 2309, 2310, 2312, 2314, - 2315, 2228, 2316, 2317, 2319, 2323, 2326, 2328, 2329, 2339, - 2760, 2327, 2340, 2760, 2347, 2342, 2335, 2331, 2348, 2352, - 2353, 2355, 2361, 2358, 2357, 2359, 2760, 2362, 2760, 2760, + 2793, 2219, 2203, 2221, 2223, 2225, 2205, 2226, 2227, 2228, + 2230, 2231, 2233, 2234, 2236, 2244, 2241, 2793, 2238, 2793, + 2247, 2252, 2259, 2260, 2793, 2248, 2255, 2793, 2262, 2266, + 2273, 2264, 2274, 2276, 2278, 2270, 2280, 2279, 2281, 2287, + 2285, 2793, 2288, 2289, 2292, 2293, 2793, 2793, 2296, 2793, + 2793, 2302, 2793, 2793, 2298, 2306, 2793, 2308, 2793, 2314, + 2310, 2312, 2313, 2315, 2793, 2317, 2793, 2793, 2318, 2319, + 2322, 2324, 2326, 2331, 2333, 2327, 2334, 2337, 2338, 2341, + 2340, 2342, 2344, 2346, 2347, 2348, 2351, 2354, 2356, 2357, + 2358, 2360, 2367, 2793, 2359, 2371, 2793, 2380, 2374, 2361, - 2360, 2364, 2370, 2363, 2365, 2760, 2375, 2371, 2385, 2387, - 2760, 2760, 2760, 2388, 2377, 2382, 2392, 2393, 2394, 2760, - 2395, 2396, 2400, 2403, 2407, 2409, 2416, 2413, 2415, 2760, - 2417, 2419, 2760, 2420, 2421, 2424, 2426, 2427, 2429, 2760, - 2425, 2430, 2437, 2432, 2440, 2442, 2443, 2760, 2445, 2446, - 2760, 2452, 2760, 2760, 2447, 2455, 2457, 2462, 2464, 2453, - 2458, 2470, 2469, 2473, 2760, 2760, 2474, 2760, 2760, 2466, - 2475, 2476, 2478, 2481, 2482, 2484, 2486, 2489, 2488, 2760, - 2490, 2760, 2491, 2500, 2492, 2494, 2760, 2501, 2502, 2505, - 2760, 2760, 2506, 2515, 2513, 2760, 2518, 2517, 2519, 2520, + 2369, 2381, 2382, 2384, 2386, 2393, 2389, 2390, 2391, 2793, + 2394, 2793, 2793, 2392, 2397, 2396, 2401, 2402, 2793, 2406, + 2407, 2415, 2418, 2793, 2793, 2793, 2421, 2408, 2410, 2423, + 2424, 2425, 2427, 2793, 2431, 2432, 2433, 2434, 2440, 2442, + 2448, 2451, 2453, 2793, 2454, 2445, 2793, 2455, 2447, 2456, + 2461, 2462, 2464, 2793, 2466, 2467, 2469, 2471, 2475, 2476, + 2472, 2793, 2478, 2479, 2793, 2482, 2793, 2793, 2483, 2488, + 2490, 2495, 2497, 2499, 2491, 2500, 2506, 2505, 2507, 2793, + 2793, 2502, 2793, 2793, 2510, 2512, 2513, 2515, 2517, 2518, + 2519, 2521, 2522, 2524, 2793, 2525, 2793, 2527, 2535, 2526, - 2525, 2527, 2521, 2528, 2531, 2529, 2507, 2532, 2541, 2543, - 2760, 2545, 2542, 2546, 2550, 2553, 2554, 2555, 2556, 2558, - 2559, 2561, 2563, 2760, 2564, 2565, 2575, 2580, 2584, 2572, - 2586, 2760, 2587, 2760, 2590, 2591, 2760, 2760, 2592, 2594, - 2597, 2760, 2598, 2760, 2581, 2605, 2595, 2760, 2760, 2760, - 2607, 2760, 2608, 2760, 2610, 2611, 2760, 2613, 2615, 2617, - 2760, 2619, 2760, 2621, 2760, 2622, 2623, 2760, 2760, 2760, - 2760, 2625, 2627, 2633, 2628, 2760, 2630, 2635, 2636, 2639, - 2760, 2760, 2668, 2675, 2682, 2689, 2696, 94, 2703, 2710, - 2717, 2724, 2731, 2738, 2745, 2752 + 2537, 2793, 2540, 2536, 2538, 2793, 2793, 2793, 2550, 2541, + 2543, 2793, 2551, 2553, 2554, 2557, 2559, 2560, 2561, 2564, + 2566, 2565, 2567, 2568, 2576, 2579, 2793, 2581, 2571, 2578, + 2586, 2589, 2582, 2590, 2592, 2595, 2596, 2598, 2599, 2793, + 2603, 2604, 2606, 2611, 2614, 2615, 2622, 2793, 2623, 2793, + 2626, 2627, 2793, 2793, 2628, 2630, 2633, 2793, 2634, 2793, + 2631, 2641, 2642, 2793, 2793, 2793, 2644, 2793, 2645, 2793, + 2648, 2635, 2793, 2619, 2653, 2655, 2793, 2657, 2793, 2659, + 2793, 2660, 2661, 2793, 2793, 2793, 2793, 2663, 2664, 2666, + 2607, 2793, 2668, 2671, 2669, 2674, 2793, 2793, 2701, 2708, + 2715, 2722, 2729, 94, 2736, 2743, 2750, 2757, 2764, 2771, + 2778, 2785 } ; -static yyconst flex_int16_t yy_def[1397] = +static yyconst flex_int16_t yy_def[1413] = { 0, - 1382, 1, 1383, 1383, 1384, 1384, 1385, 1385, 1386, 1386, - 1387, 1387, 1382, 1388, 1382, 1382, 1382, 1382, 1389, 1388, - 1388, 1388, 1388, 1388, 1388, 1388, 1388, 1388, 1388, 1388, - 1388, 1388, 1388, 1388, 1388, 1388, 1388, 1388, 1388, 1390, - 1382, 1382, 1382, 1390, 1391, 1382, 1382, 1382, 1391, 1392, - 1382, 1382, 1382, 1382, 1392, 1393, 1382, 1382, 1382, 1393, - 1394, 1382, 1395, 1382, 1394, 1394, 1388, 1388, 1382, 1396, - 1389, 1396, 1389, 1388, 1388, 1388, 1388, 1388, 1388, 1388, - 1388, 1388, 1388, 1388, 1388, 1388, 1388, 1388, 1388, 1388, - 1388, 1388, 1388, 1388, 1388, 1388, 1388, 1388, 1388, 1388, + 1398, 1, 1399, 1399, 1400, 1400, 1401, 1401, 1402, 1402, + 1403, 1403, 1398, 1404, 1398, 1398, 1398, 1398, 1405, 1404, + 1404, 1404, 1404, 1404, 1404, 1404, 1404, 1404, 1404, 1404, + 1404, 1404, 1404, 1404, 1404, 1404, 1404, 1404, 1404, 1406, + 1398, 1398, 1398, 1406, 1407, 1398, 1398, 1398, 1407, 1408, + 1398, 1398, 1398, 1398, 1408, 1409, 1398, 1398, 1398, 1409, + 1410, 1398, 1411, 1398, 1410, 1410, 1404, 1404, 1398, 1412, + 1405, 1412, 1405, 1404, 1404, 1404, 1404, 1404, 1404, 1404, + 1404, 1404, 1404, 1404, 1404, 1404, 1404, 1404, 1404, 1404, + 1404, 1404, 1404, 1404, 1404, 1404, 1404, 1404, 1404, 1404, - 1388, 1388, 1388, 1388, 1388, 1388, 1388, 1388, 1388, 1388, - 1388, 1388, 1388, 1388, 1388, 1388, 1388, 1388, 1388, 1388, - 1388, 1390, 1390, 1391, 1391, 1392, 1392, 1382, 1393, 1393, - 1394, 1394, 1395, 1395, 1394, 1388, 1388, 1388, 1388, 1388, - 1388, 1388, 1388, 1388, 1388, 1388, 1388, 1388, 1388, 1388, - 1388, 1388, 1388, 1388, 1388, 1388, 1388, 1388, 1388, 1388, - 1388, 1388, 1388, 1388, 1388, 1388, 1388, 1388, 1388, 1388, - 1388, 1388, 1388, 1388, 1388, 1388, 1388, 1388, 1388, 1388, - 1388, 1388, 1388, 1388, 1388, 1388, 1388, 1388, 1388, 1388, - 1394, 1388, 1388, 1388, 1388, 1388, 1388, 1388, 1388, 1388, + 1404, 1404, 1404, 1404, 1404, 1404, 1404, 1404, 1404, 1404, + 1404, 1404, 1404, 1404, 1404, 1404, 1404, 1404, 1404, 1404, + 1404, 1406, 1406, 1407, 1407, 1408, 1408, 1398, 1409, 1409, + 1410, 1410, 1411, 1411, 1410, 1404, 1404, 1404, 1404, 1404, + 1404, 1404, 1404, 1404, 1404, 1404, 1404, 1404, 1404, 1404, + 1404, 1404, 1404, 1404, 1404, 1404, 1404, 1404, 1404, 1404, + 1404, 1404, 1404, 1404, 1404, 1404, 1404, 1404, 1404, 1404, + 1404, 1404, 1404, 1404, 1404, 1404, 1404, 1404, 1404, 1404, + 1404, 1404, 1404, 1404, 1404, 1404, 1404, 1404, 1404, 1404, + 1404, 1410, 1404, 1404, 1404, 1404, 1404, 1404, 1404, 1404, - 1388, 1388, 1388, 1388, 1388, 1388, 1388, 1388, 1388, 1388, - 1388, 1388, 1388, 1388, 1388, 1388, 1388, 1388, 1388, 1388, - 1388, 1388, 1388, 1388, 1388, 1388, 1388, 1388, 1388, 1388, - 1388, 1388, 1388, 1388, 1388, 1388, 1388, 1388, 1388, 1388, - 1388, 1388, 1388, 1388, 1388, 1388, 1388, 1388, 1388, 1388, - 1388, 1388, 1388, 1388, 1388, 1388, 1394, 1388, 1388, 1388, - 1388, 1388, 1388, 1388, 1388, 1388, 1388, 1388, 1388, 1388, - 1388, 1388, 1388, 1388, 1388, 1388, 1388, 1388, 1388, 1388, - 1388, 1388, 1388, 1388, 1388, 1388, 1388, 1388, 1388, 1388, - 1388, 1388, 1388, 1388, 1388, 1388, 1388, 1382, 1388, 1388, + 1404, 1404, 1404, 1404, 1404, 1404, 1404, 1404, 1404, 1404, + 1404, 1404, 1404, 1404, 1404, 1404, 1404, 1404, 1404, 1404, + 1404, 1404, 1404, 1404, 1404, 1404, 1404, 1404, 1404, 1404, + 1404, 1404, 1404, 1404, 1404, 1404, 1404, 1404, 1404, 1404, + 1404, 1404, 1404, 1404, 1404, 1404, 1404, 1404, 1404, 1404, + 1404, 1404, 1404, 1404, 1404, 1404, 1404, 1404, 1410, 1404, + 1404, 1404, 1404, 1404, 1404, 1404, 1404, 1404, 1404, 1404, + 1404, 1404, 1404, 1404, 1404, 1404, 1404, 1404, 1404, 1404, + 1404, 1404, 1404, 1404, 1404, 1404, 1404, 1404, 1404, 1404, + 1404, 1404, 1404, 1404, 1404, 1404, 1404, 1404, 1404, 1398, - 1388, 1388, 1388, 1382, 1388, 1388, 1388, 1388, 1388, 1388, - 1388, 1388, 1388, 1388, 1388, 1388, 1388, 1388, 1388, 1388, - 1388, 1388, 1388, 1388, 1388, 1388, 1388, 1388, 1388, 1388, - 1388, 1388, 1388, 1388, 1388, 1394, 1388, 1388, 1388, 1388, - 1388, 1388, 1388, 1388, 1388, 1388, 1388, 1388, 1388, 1388, - 1388, 1388, 1388, 1388, 1388, 1388, 1388, 1388, 1388, 1388, - 1388, 1388, 1388, 1388, 1388, 1388, 1388, 1388, 1388, 1388, - 1388, 1388, 1388, 1388, 1388, 1388, 1388, 1388, 1388, 1388, - 1388, 1388, 1388, 1388, 1388, 1388, 1388, 1388, 1388, 1388, - 1388, 1388, 1388, 1388, 1388, 1388, 1388, 1388, 1388, 1388, + 1404, 1404, 1404, 1404, 1404, 1398, 1404, 1404, 1404, 1404, + 1404, 1404, 1404, 1404, 1404, 1404, 1404, 1404, 1404, 1404, + 1404, 1404, 1404, 1404, 1404, 1404, 1404, 1404, 1404, 1404, + 1404, 1404, 1404, 1404, 1404, 1404, 1404, 1404, 1410, 1404, + 1404, 1404, 1404, 1404, 1404, 1404, 1404, 1404, 1404, 1404, + 1404, 1404, 1404, 1404, 1404, 1404, 1404, 1404, 1404, 1404, + 1404, 1404, 1404, 1404, 1404, 1404, 1404, 1404, 1404, 1404, + 1404, 1404, 1404, 1404, 1404, 1404, 1404, 1404, 1404, 1404, + 1404, 1404, 1404, 1404, 1404, 1404, 1404, 1404, 1404, 1404, + 1404, 1404, 1404, 1404, 1404, 1404, 1404, 1404, 1404, 1404, - 1388, 1388, 1388, 1388, 1388, 1388, 1388, 1388, 1388, 1388, - 1388, 1388, 1388, 1388, 1388, 1388, 1388, 1388, 1388, 1394, - 1388, 1388, 1388, 1388, 1382, 1388, 1388, 1388, 1388, 1388, - 1388, 1382, 1382, 1388, 1382, 1382, 1388, 1388, 1388, 1388, - 1388, 1388, 1388, 1388, 1388, 1388, 1388, 1388, 1388, 1388, - 1388, 1388, 1388, 1388, 1388, 1388, 1388, 1388, 1388, 1388, - 1388, 1388, 1388, 1388, 1388, 1388, 1388, 1388, 1388, 1388, - 1388, 1388, 1388, 1382, 1388, 1388, 1388, 1388, 1388, 1382, - 1388, 1388, 1388, 1388, 1388, 1388, 1388, 1388, 1388, 1388, - 1388, 1388, 1388, 1388, 1388, 1388, 1388, 1388, 1388, 1388, + 1404, 1404, 1404, 1404, 1404, 1404, 1404, 1404, 1404, 1404, + 1404, 1404, 1404, 1404, 1404, 1404, 1404, 1404, 1404, 1404, + 1404, 1404, 1404, 1410, 1404, 1404, 1404, 1404, 1398, 1404, + 1404, 1404, 1404, 1404, 1404, 1398, 1398, 1404, 1398, 1398, + 1404, 1404, 1404, 1404, 1404, 1404, 1404, 1404, 1404, 1404, + 1404, 1404, 1404, 1404, 1404, 1404, 1404, 1404, 1404, 1404, + 1404, 1404, 1404, 1404, 1404, 1404, 1404, 1404, 1404, 1404, + 1404, 1404, 1404, 1404, 1404, 1404, 1404, 1398, 1404, 1404, + 1404, 1404, 1404, 1398, 1404, 1404, 1404, 1404, 1404, 1404, + 1404, 1404, 1404, 1404, 1404, 1404, 1404, 1404, 1404, 1404, - 1388, 1388, 1388, 1388, 1388, 1388, 1388, 1388, 1388, 1394, - 1388, 1388, 1388, 1388, 1388, 1388, 1388, 1388, 1388, 1388, - 1388, 1388, 1388, 1388, 1388, 1388, 1388, 1388, 1388, 1388, - 1388, 1388, 1388, 1388, 1388, 1388, 1382, 1388, 1388, 1388, - 1388, 1388, 1388, 1388, 1388, 1388, 1388, 1388, 1388, 1388, - 1382, 1388, 1388, 1388, 1388, 1388, 1388, 1388, 1388, 1388, - 1382, 1388, 1388, 1388, 1388, 1388, 1388, 1388, 1388, 1388, - 1388, 1388, 1388, 1388, 1388, 1388, 1388, 1388, 1388, 1388, - 1388, 1388, 1388, 1388, 1388, 1388, 1388, 1388, 1388, 1388, - 1388, 1388, 1388, 1388, 1388, 1388, 1388, 1388, 1382, 1394, + 1404, 1404, 1404, 1404, 1404, 1404, 1404, 1404, 1404, 1404, + 1404, 1404, 1404, 1404, 1410, 1404, 1404, 1404, 1404, 1404, + 1404, 1404, 1404, 1404, 1404, 1404, 1404, 1404, 1404, 1404, + 1404, 1404, 1404, 1404, 1404, 1404, 1404, 1404, 1404, 1404, + 1404, 1398, 1404, 1404, 1404, 1404, 1404, 1404, 1404, 1404, + 1404, 1404, 1404, 1404, 1404, 1398, 1404, 1404, 1404, 1404, + 1404, 1404, 1404, 1404, 1404, 1398, 1404, 1404, 1404, 1404, + 1404, 1404, 1404, 1404, 1404, 1404, 1404, 1404, 1404, 1404, + 1404, 1404, 1404, 1404, 1404, 1404, 1404, 1404, 1404, 1404, + 1404, 1404, 1404, 1404, 1404, 1404, 1404, 1404, 1404, 1404, - 1388, 1388, 1388, 1388, 1388, 1388, 1388, 1388, 1388, 1388, - 1388, 1388, 1388, 1388, 1388, 1388, 1388, 1388, 1388, 1388, - 1388, 1388, 1388, 1388, 1388, 1388, 1388, 1388, 1388, 1388, - 1388, 1382, 1388, 1388, 1388, 1388, 1388, 1388, 1388, 1388, - 1388, 1388, 1388, 1388, 1388, 1388, 1388, 1388, 1388, 1388, - 1388, 1388, 1388, 1388, 1388, 1388, 1382, 1388, 1388, 1388, - 1388, 1388, 1388, 1388, 1388, 1388, 1388, 1388, 1388, 1382, - 1388, 1388, 1388, 1388, 1388, 1388, 1388, 1388, 1388, 1388, - 1388, 1388, 1388, 1388, 1388, 1382, 1388, 1388, 1388, 1388, - 1388, 1388, 1388, 1388, 1388, 1388, 1388, 1388, 1388, 1388, + 1404, 1404, 1404, 1404, 1398, 1410, 1404, 1404, 1404, 1404, + 1404, 1404, 1404, 1404, 1404, 1404, 1404, 1404, 1404, 1404, + 1404, 1404, 1404, 1404, 1404, 1404, 1404, 1404, 1404, 1404, + 1404, 1404, 1404, 1404, 1404, 1404, 1404, 1398, 1404, 1404, + 1404, 1404, 1404, 1404, 1404, 1404, 1404, 1404, 1404, 1404, + 1404, 1404, 1404, 1404, 1404, 1404, 1404, 1404, 1404, 1404, + 1404, 1404, 1398, 1404, 1404, 1404, 1404, 1404, 1404, 1404, + 1404, 1404, 1404, 1404, 1404, 1398, 1404, 1404, 1404, 1404, + 1404, 1404, 1404, 1404, 1404, 1404, 1404, 1404, 1404, 1404, + 1404, 1404, 1398, 1404, 1404, 1404, 1404, 1404, 1404, 1404, - 1388, 1388, 1388, 1388, 1388, 1388, 1382, 1388, 1388, 1388, - 1388, 1388, 1388, 1388, 1388, 1388, 1388, 1388, 1388, 1388, - 1388, 1388, 1388, 1388, 1388, 1388, 1388, 1388, 1388, 1388, - 1388, 1382, 1388, 1388, 1388, 1388, 1388, 1388, 1388, 1388, - 1388, 1388, 1388, 1388, 1388, 1388, 1388, 1388, 1388, 1388, - 1388, 1388, 1388, 1388, 1388, 1388, 1388, 1388, 1388, 1388, - 1388, 1388, 1382, 1388, 1382, 1388, 1388, 1388, 1382, 1388, - 1382, 1388, 1382, 1388, 1388, 1388, 1388, 1388, 1388, 1388, - 1388, 1388, 1388, 1388, 1388, 1388, 1388, 1382, 1388, 1388, - 1388, 1388, 1388, 1388, 1388, 1388, 1388, 1388, 1388, 1388, + 1404, 1404, 1404, 1404, 1404, 1404, 1404, 1404, 1404, 1404, + 1404, 1404, 1404, 1398, 1404, 1404, 1404, 1404, 1404, 1404, + 1404, 1404, 1404, 1404, 1404, 1404, 1404, 1404, 1404, 1404, + 1404, 1404, 1404, 1404, 1404, 1404, 1404, 1404, 1398, 1404, + 1404, 1404, 1404, 1404, 1404, 1404, 1404, 1404, 1404, 1404, + 1404, 1404, 1404, 1404, 1404, 1404, 1404, 1404, 1404, 1404, + 1404, 1404, 1404, 1404, 1404, 1404, 1404, 1404, 1404, 1398, + 1404, 1398, 1404, 1404, 1404, 1398, 1404, 1398, 1404, 1398, + 1404, 1404, 1404, 1404, 1404, 1404, 1404, 1404, 1404, 1404, + 1404, 1404, 1404, 1404, 1404, 1398, 1404, 1404, 1404, 1404, - 1388, 1382, 1388, 1388, 1388, 1388, 1388, 1388, 1388, 1388, - 1388, 1388, 1388, 1388, 1388, 1388, 1388, 1388, 1388, 1388, - 1388, 1388, 1388, 1388, 1388, 1382, 1388, 1388, 1388, 1388, - 1382, 1382, 1388, 1388, 1388, 1388, 1388, 1388, 1388, 1388, - 1388, 1388, 1388, 1388, 1388, 1388, 1388, 1388, 1388, 1388, - 1388, 1382, 1388, 1388, 1388, 1388, 1388, 1388, 1388, 1388, - 1382, 1382, 1388, 1388, 1388, 1388, 1388, 1388, 1382, 1388, - 1388, 1388, 1388, 1388, 1388, 1388, 1388, 1388, 1388, 1388, - 1388, 1388, 1388, 1388, 1388, 1388, 1388, 1382, 1388, 1388, - 1388, 1388, 1388, 1388, 1388, 1388, 1388, 1388, 1388, 1388, + 1404, 1404, 1404, 1404, 1404, 1404, 1404, 1404, 1404, 1398, + 1404, 1404, 1404, 1404, 1404, 1404, 1404, 1404, 1404, 1404, + 1404, 1404, 1404, 1404, 1404, 1404, 1404, 1404, 1404, 1404, + 1404, 1404, 1404, 1398, 1404, 1404, 1404, 1404, 1398, 1398, + 1404, 1404, 1404, 1404, 1404, 1404, 1404, 1404, 1404, 1404, + 1404, 1404, 1404, 1404, 1404, 1404, 1404, 1404, 1404, 1398, + 1404, 1404, 1404, 1404, 1404, 1404, 1404, 1404, 1398, 1398, + 1404, 1404, 1404, 1404, 1404, 1404, 1404, 1398, 1404, 1404, + 1404, 1404, 1404, 1404, 1404, 1404, 1404, 1404, 1404, 1404, + 1404, 1404, 1404, 1404, 1404, 1404, 1398, 1404, 1404, 1404, - 1382, 1388, 1388, 1388, 1388, 1388, 1388, 1388, 1388, 1388, - 1388, 1388, 1388, 1388, 1388, 1388, 1388, 1382, 1388, 1388, - 1388, 1388, 1388, 1388, 1388, 1388, 1388, 1382, 1388, 1388, - 1388, 1388, 1388, 1388, 1388, 1388, 1388, 1388, 1388, 1388, - 1388, 1388, 1388, 1388, 1388, 1388, 1388, 1388, 1388, 1388, - 1388, 1388, 1388, 1388, 1388, 1388, 1388, 1388, 1388, 1388, - 1382, 1388, 1388, 1388, 1388, 1388, 1388, 1388, 1382, 1382, - 1388, 1382, 1388, 1388, 1388, 1388, 1382, 1388, 1382, 1382, - 1388, 1388, 1388, 1388, 1388, 1388, 1382, 1388, 1388, 1388, - 1388, 1388, 1388, 1388, 1388, 1388, 1382, 1388, 1388, 1388, + 1404, 1404, 1404, 1404, 1404, 1404, 1404, 1404, 1404, 1398, + 1404, 1404, 1404, 1404, 1404, 1404, 1404, 1404, 1404, 1404, + 1404, 1404, 1404, 1404, 1404, 1404, 1398, 1404, 1404, 1404, + 1404, 1404, 1404, 1404, 1404, 1404, 1398, 1404, 1404, 1404, + 1404, 1404, 1404, 1404, 1404, 1404, 1404, 1404, 1404, 1404, + 1404, 1404, 1404, 1404, 1404, 1404, 1404, 1404, 1404, 1404, + 1404, 1404, 1404, 1404, 1404, 1404, 1404, 1404, 1404, 1404, + 1398, 1404, 1404, 1404, 1404, 1404, 1404, 1404, 1398, 1398, + 1404, 1398, 1404, 1404, 1404, 1404, 1398, 1404, 1398, 1398, + 1404, 1404, 1404, 1404, 1404, 1404, 1398, 1404, 1404, 1404, - 1388, 1382, 1388, 1388, 1388, 1388, 1388, 1388, 1388, 1388, - 1388, 1388, 1388, 1382, 1388, 1388, 1388, 1388, 1388, 1388, - 1388, 1388, 1382, 1388, 1388, 1382, 1388, 1388, 1388, 1382, - 1388, 1382, 1388, 1388, 1388, 1388, 1388, 1388, 1388, 1388, - 1388, 1388, 1388, 1388, 1382, 1382, 1388, 1388, 1388, 1388, - 1388, 1388, 1388, 1388, 1388, 1388, 1382, 1388, 1388, 1388, - 1388, 1388, 1382, 1388, 1388, 1388, 1388, 1388, 1388, 1388, - 1388, 1388, 1388, 1388, 1388, 1388, 1388, 1382, 1388, 1388, - 1388, 1388, 1388, 1388, 1388, 1388, 1388, 1388, 1388, 1382, - 1388, 1388, 1388, 1388, 1388, 1388, 1388, 1388, 1388, 1388, + 1404, 1404, 1404, 1404, 1404, 1404, 1398, 1404, 1404, 1404, + 1404, 1398, 1404, 1404, 1404, 1404, 1404, 1404, 1404, 1404, + 1404, 1404, 1404, 1398, 1404, 1404, 1404, 1404, 1404, 1404, + 1404, 1404, 1398, 1404, 1404, 1398, 1404, 1404, 1404, 1398, + 1404, 1398, 1404, 1404, 1404, 1404, 1404, 1404, 1404, 1404, + 1404, 1404, 1404, 1404, 1404, 1398, 1398, 1404, 1404, 1404, + 1404, 1404, 1404, 1404, 1404, 1404, 1404, 1398, 1404, 1404, + 1404, 1404, 1404, 1398, 1404, 1404, 1404, 1404, 1404, 1404, + 1404, 1404, 1404, 1404, 1404, 1404, 1404, 1404, 1398, 1404, + 1404, 1404, 1404, 1404, 1404, 1404, 1404, 1404, 1404, 1404, - 1388, 1388, 1388, 1388, 1388, 1382, 1388, 1382, 1388, 1388, - 1388, 1388, 1382, 1388, 1388, 1382, 1388, 1388, 1388, 1388, - 1388, 1388, 1388, 1388, 1388, 1388, 1388, 1388, 1388, 1382, - 1388, 1388, 1388, 1388, 1382, 1382, 1388, 1382, 1382, 1388, - 1382, 1382, 1388, 1388, 1382, 1388, 1382, 1388, 1388, 1388, - 1388, 1388, 1382, 1388, 1382, 1382, 1388, 1388, 1388, 1388, - 1388, 1388, 1388, 1388, 1388, 1388, 1388, 1388, 1388, 1388, - 1388, 1388, 1388, 1388, 1388, 1388, 1388, 1388, 1388, 1388, - 1382, 1388, 1388, 1382, 1388, 1388, 1388, 1388, 1388, 1388, - 1388, 1388, 1388, 1388, 1388, 1388, 1382, 1388, 1382, 1382, + 1398, 1404, 1404, 1404, 1404, 1404, 1404, 1404, 1404, 1404, + 1404, 1404, 1404, 1404, 1404, 1404, 1404, 1398, 1404, 1398, + 1404, 1404, 1404, 1404, 1398, 1404, 1404, 1398, 1404, 1404, + 1404, 1404, 1404, 1404, 1404, 1404, 1404, 1404, 1404, 1404, + 1404, 1398, 1404, 1404, 1404, 1404, 1398, 1398, 1404, 1398, + 1398, 1404, 1398, 1398, 1404, 1404, 1398, 1404, 1398, 1404, + 1404, 1404, 1404, 1404, 1398, 1404, 1398, 1398, 1404, 1404, + 1404, 1404, 1404, 1404, 1404, 1404, 1404, 1404, 1404, 1404, + 1404, 1404, 1404, 1404, 1404, 1404, 1404, 1404, 1404, 1404, + 1404, 1404, 1404, 1398, 1404, 1404, 1398, 1404, 1404, 1404, - 1388, 1388, 1388, 1388, 1388, 1382, 1388, 1388, 1388, 1388, - 1382, 1382, 1382, 1388, 1388, 1388, 1388, 1388, 1388, 1382, - 1388, 1388, 1388, 1388, 1388, 1388, 1388, 1388, 1388, 1382, - 1388, 1388, 1382, 1388, 1388, 1388, 1388, 1388, 1388, 1382, - 1388, 1388, 1388, 1388, 1388, 1388, 1388, 1382, 1388, 1388, - 1382, 1388, 1382, 1382, 1388, 1388, 1388, 1388, 1388, 1388, - 1388, 1388, 1388, 1388, 1382, 1382, 1388, 1382, 1382, 1388, - 1388, 1388, 1388, 1388, 1388, 1388, 1388, 1388, 1388, 1382, - 1388, 1382, 1388, 1388, 1388, 1388, 1382, 1388, 1388, 1388, - 1382, 1382, 1388, 1388, 1388, 1382, 1388, 1388, 1388, 1388, + 1404, 1404, 1404, 1404, 1404, 1404, 1404, 1404, 1404, 1398, + 1404, 1398, 1398, 1404, 1404, 1404, 1404, 1404, 1398, 1404, + 1404, 1404, 1404, 1398, 1398, 1398, 1404, 1404, 1404, 1404, + 1404, 1404, 1404, 1398, 1404, 1404, 1404, 1404, 1404, 1404, + 1404, 1404, 1404, 1398, 1404, 1404, 1398, 1404, 1404, 1404, + 1404, 1404, 1404, 1398, 1404, 1404, 1404, 1404, 1404, 1404, + 1404, 1398, 1404, 1404, 1398, 1404, 1398, 1398, 1404, 1404, + 1404, 1404, 1404, 1404, 1404, 1404, 1404, 1404, 1404, 1398, + 1398, 1404, 1398, 1398, 1404, 1404, 1404, 1404, 1404, 1404, + 1404, 1404, 1404, 1404, 1398, 1404, 1398, 1404, 1404, 1404, - 1388, 1388, 1388, 1388, 1388, 1388, 1388, 1388, 1388, 1388, - 1382, 1388, 1388, 1388, 1388, 1388, 1388, 1388, 1388, 1388, - 1388, 1388, 1388, 1382, 1388, 1388, 1388, 1388, 1388, 1388, - 1388, 1382, 1388, 1382, 1388, 1388, 1382, 1382, 1388, 1388, - 1388, 1382, 1388, 1382, 1388, 1388, 1388, 1382, 1382, 1382, - 1388, 1382, 1388, 1382, 1388, 1388, 1382, 1388, 1388, 1388, - 1382, 1388, 1382, 1388, 1382, 1388, 1388, 1382, 1382, 1382, - 1382, 1388, 1388, 1388, 1388, 1382, 1388, 1388, 1388, 1388, - 1382, 0, 1382, 1382, 1382, 1382, 1382, 1382, 1382, 1382, - 1382, 1382, 1382, 1382, 1382, 1382 + 1404, 1398, 1404, 1404, 1404, 1398, 1398, 1398, 1404, 1404, + 1404, 1398, 1404, 1404, 1404, 1404, 1404, 1404, 1404, 1404, + 1404, 1404, 1404, 1404, 1404, 1404, 1398, 1404, 1404, 1404, + 1404, 1404, 1404, 1404, 1404, 1404, 1404, 1404, 1404, 1398, + 1404, 1404, 1404, 1404, 1404, 1404, 1404, 1398, 1404, 1398, + 1404, 1404, 1398, 1398, 1404, 1404, 1404, 1398, 1404, 1398, + 1404, 1404, 1404, 1398, 1398, 1398, 1404, 1398, 1404, 1398, + 1404, 1404, 1398, 1404, 1404, 1404, 1398, 1404, 1398, 1404, + 1398, 1404, 1404, 1398, 1398, 1398, 1398, 1404, 1404, 1404, + 1404, 1398, 1404, 1404, 1404, 1404, 1398, 0, 1398, 1398, + 1398, 1398, 1398, 1398, 1398, 1398, 1398, 1398, 1398, 1398, + 1398, 1398 } ; -static yyconst flex_int16_t yy_nxt[2800] = +static yyconst flex_int16_t yy_nxt[2833] = { 0, 14, 15, 16, 17, 18, 19, 18, 14, 14, 14, 14, 18, 20, 21, 14, 22, 23, 24, 25, 14, 26, 27, 28, 29, 30, 31, 32, 33, 34, 14, 35, 36, 37, 38, 39, 14, 14, 14, 14, 41, 42, 43, 41, 42, 43, 124, 46, 47, 124, 44, 48, 69, 44, 46, 47, 70, 49, 48, 57, 58, 59, 68, 68, 49, 51, 52, 53, 54, 60, 18, 57, 58, 59, 122, 122, 55, 51, 52, 53, 54, - 60, 18, 68, 103, 187, 74, 75, 55, 15, 16, + 60, 18, 68, 103, 211, 74, 75, 55, 15, 16, 17, 62, 63, 64, 67, 67, 68, 67, 67, 65, 67, 94, 68, 76, 68, 67, 84, 68, 66, 15, 16, 17, 62, 63, 64, 68, 68, 77, 136, 86, 65, 69, 93, 132, 78, 70, 85, 68, 87, 66, 72, 79, 72, 72, 68, 72, 88, 135, 68, 80, 72, 73, 89, 81, 68, 90, 82, 68, 96, 83, 68, 100, 91, 68, 92, 101, 97, 137, 68, 95, 68, 68, 98, 68, 120, 108, 99, 104, 121, 68, 68, 102, 68, 105, 111, 109, 106, 68, 110, 68, 115, 138, 116, 107, 112, 177, 118, 132, 113, 114, 126, 119, 126, 126, 68, 126, 158, 117, 129, 129, 72, 68, 72, 72, 131, 72, 131, 131, 141, 131, 67, 134, 67, 67, 68, 67, 68, 139, 68, 140, 67, 72, 68, 72, 72, 145, 72, 68, 142, 68, 68, 72, 73, 68, 68, 68, 143, 68, 68, 151, - 68, 147, 152, 146, 144, 68, 195, 68, 132, 148, + 68, 147, 152, 146, 144, 68, 196, 68, 132, 148, 154, 149, 150, 155, 153, 157, 68, 68, 68, 68, 68, 159, 161, 68, 68, 166, 162, 156, 165, 163, 68, 164, 68, 68, 68, 68, 167, 168, 171, 68, 173, 160, 68, 68, 174, 169, 68, 180, 68, 68, 68, 182, 68, 170, 68, 68, 176, 172, 68, 68, - 68, 181, 175, 68, 188, 178, 179, 122, 122, 130, - 124, 183, 184, 124, 185, 189, 186, 126, 190, 126, - 126, 68, 126, 129, 129, 131, 192, 131, 131, 72, - 131, 72, 72, 132, 72, 68, 191, 193, 68, 68, - 134, 198, 68, 68, 201, 68, 68, 199, 200, 68, - 194, 68, 207, 196, 68, 128, 68, 68, 68, 197, - 68, 209, 211, 68, 202, 68, 68, 68, 210, 203, - 212, 213, 68, 208, 204, 68, 219, 218, 214, 215, - 205, 206, 216, 68, 217, 68, 222, 68, 223, 224, - 226, 68, 68, 68, 68, 68, 68, 68, 127, 229, + 68, 181, 175, 68, 189, 178, 179, 68, 68, 187, + 124, 183, 184, 124, 185, 190, 186, 228, 191, 122, + 122, 126, 132, 126, 126, 192, 126, 129, 129, 131, + 188, 131, 131, 72, 131, 72, 72, 68, 72, 68, + 194, 68, 193, 68, 134, 68, 199, 68, 68, 68, + 202, 68, 200, 201, 195, 68, 197, 68, 208, 130, + 68, 68, 68, 198, 68, 210, 209, 68, 203, 68, + 229, 212, 68, 204, 213, 214, 68, 215, 205, 68, + 220, 68, 68, 68, 206, 207, 219, 223, 216, 128, + 218, 217, 68, 68, 224, 225, 227, 68, 230, 222, - 225, 221, 227, 220, 68, 68, 231, 232, 68, 68, - 230, 68, 68, 228, 68, 233, 235, 68, 68, 237, - 234, 68, 68, 236, 239, 68, 238, 241, 245, 68, - 68, 68, 68, 68, 247, 249, 248, 68, 68, 251, - 68, 240, 68, 132, 255, 252, 68, 242, 243, 244, - 68, 246, 254, 260, 68, 257, 250, 68, 68, 68, - 68, 256, 259, 68, 261, 258, 68, 68, 253, 68, - 68, 267, 266, 68, 264, 262, 68, 268, 68, 68, - 68, 263, 271, 274, 272, 68, 68, 68, 68, 269, - 68, 276, 265, 270, 273, 68, 68, 278, 68, 68, + 68, 68, 221, 68, 68, 232, 226, 233, 68, 231, + 68, 68, 68, 68, 68, 234, 68, 235, 68, 238, + 237, 68, 68, 68, 239, 68, 246, 242, 68, 127, + 68, 68, 248, 236, 68, 250, 240, 68, 241, 68, + 68, 249, 68, 244, 245, 243, 68, 253, 247, 254, + 256, 252, 132, 68, 68, 68, 251, 68, 68, 257, + 262, 260, 68, 68, 259, 68, 261, 263, 264, 68, + 68, 68, 255, 68, 268, 68, 258, 266, 68, 269, + 68, 265, 68, 270, 68, 68, 276, 273, 68, 271, + 272, 68, 274, 68, 275, 267, 68, 278, 68, 280, - 275, 277, 68, 68, 283, 68, 68, 279, 68, 287, - 285, 68, 282, 280, 68, 68, 68, 68, 288, 281, - 286, 68, 68, 284, 68, 298, 68, 68, 289, 68, - 292, 68, 293, 355, 290, 294, 295, 291, 68, 68, - 296, 297, 299, 68, 300, 68, 302, 301, 304, 68, - 305, 68, 303, 68, 306, 68, 309, 68, 68, 68, - 68, 68, 312, 311, 313, 68, 307, 68, 319, 68, - 125, 68, 68, 68, 314, 308, 318, 310, 68, 68, - 68, 315, 68, 320, 316, 324, 317, 334, 68, 132, - 321, 322, 68, 323, 326, 68, 68, 335, 68, 68, + 281, 68, 68, 279, 68, 68, 68, 277, 68, 285, + 68, 289, 68, 68, 287, 290, 68, 68, 284, 282, + 68, 68, 68, 283, 286, 288, 68, 300, 68, 291, + 294, 68, 68, 298, 299, 68, 68, 292, 301, 296, + 293, 68, 68, 295, 297, 306, 68, 68, 68, 308, + 305, 68, 307, 302, 68, 311, 303, 304, 68, 68, + 68, 68, 68, 68, 313, 314, 309, 315, 68, 68, + 125, 321, 68, 68, 310, 316, 68, 320, 312, 317, + 68, 68, 318, 68, 319, 322, 327, 68, 325, 68, + 323, 68, 324, 132, 68, 326, 68, 68, 68, 372, - 123, 325, 68, 340, 327, 328, 68, 68, 68, 68, - 336, 337, 351, 338, 329, 339, 330, 331, 332, 341, - 344, 333, 342, 68, 343, 68, 345, 68, 348, 349, - 68, 68, 347, 68, 68, 68, 68, 346, 354, 68, - 68, 68, 68, 68, 361, 362, 68, 68, 353, 352, - 350, 358, 360, 356, 357, 363, 364, 68, 68, 68, - 68, 68, 366, 365, 359, 367, 68, 369, 370, 68, - 68, 68, 368, 68, 68, 68, 375, 68, 374, 372, - 68, 68, 376, 373, 68, 378, 68, 379, 68, 68, - 371, 68, 68, 68, 68, 68, 381, 68, 382, 389, + 338, 329, 328, 68, 337, 330, 331, 68, 68, 68, + 68, 341, 345, 340, 339, 332, 343, 333, 334, 335, + 347, 68, 336, 68, 346, 68, 68, 342, 344, 68, + 348, 350, 351, 352, 68, 68, 68, 349, 68, 68, + 357, 68, 68, 68, 68, 358, 68, 68, 365, 353, + 354, 68, 355, 356, 68, 361, 363, 360, 68, 364, + 359, 367, 68, 68, 371, 123, 68, 366, 362, 368, + 68, 68, 373, 68, 369, 68, 370, 68, 68, 378, + 68, 68, 375, 374, 377, 68, 379, 376, 68, 381, + 68, 382, 68, 68, 68, 68, 68, 68, 68, 68, - 387, 377, 380, 383, 68, 388, 68, 68, 386, 68, - 68, 68, 384, 385, 393, 68, 68, 68, 68, 68, - 395, 68, 68, 405, 390, 68, 394, 68, 68, 391, - 392, 417, 396, 406, 404, 68, 397, 68, 398, 403, - 68, 407, 411, 399, 68, 400, 68, 408, 68, 410, - 409, 68, 412, 401, 414, 68, 68, 68, 132, 413, - 416, 421, 420, 402, 68, 68, 68, 68, 425, 68, - 68, 68, 419, 415, 68, 418, 422, 68, 68, 520, - 424, 428, 426, 423, 68, 68, 427, 430, 432, 68, - 433, 68, 429, 68, 434, 435, 68, 437, 431, 68, + 68, 384, 68, 385, 390, 392, 380, 386, 391, 68, + 68, 68, 389, 383, 68, 68, 387, 388, 396, 68, + 393, 68, 68, 68, 398, 68, 68, 68, 408, 410, + 397, 394, 395, 68, 68, 412, 68, 399, 409, 407, + 68, 400, 68, 401, 68, 406, 68, 411, 402, 68, + 403, 68, 414, 68, 68, 415, 416, 68, 404, 420, + 68, 413, 68, 132, 417, 418, 421, 424, 405, 425, + 68, 68, 68, 68, 68, 419, 68, 423, 68, 422, + 429, 68, 426, 68, 68, 428, 432, 68, 430, 427, + 431, 68, 436, 68, 434, 437, 68, 438, 68, 433, - 436, 68, 68, 68, 68, 68, 441, 68, 439, 440, - 68, 68, 68, 445, 438, 443, 442, 68, 68, 68, - 68, 447, 446, 448, 444, 68, 451, 68, 449, 453, - 68, 68, 450, 455, 68, 456, 454, 452, 68, 68, - 68, 68, 68, 458, 463, 460, 68, 68, 68, 68, - 465, 467, 459, 462, 464, 68, 68, 457, 461, 466, - 68, 68, 68, 68, 475, 471, 470, 473, 472, 68, - 68, 474, 68, 468, 469, 68, 479, 68, 477, 476, - 480, 68, 68, 68, 481, 483, 68, 68, 68, 68, - 68, 68, 68, 478, 488, 68, 482, 68, 68, 68, + 435, 132, 68, 439, 68, 440, 68, 441, 68, 68, + 68, 445, 68, 443, 444, 68, 68, 68, 449, 442, + 447, 446, 68, 68, 68, 68, 68, 450, 452, 448, + 68, 455, 68, 453, 457, 68, 130, 454, 451, 68, + 68, 458, 68, 459, 456, 68, 460, 68, 463, 68, + 462, 68, 464, 467, 68, 68, 68, 68, 68, 469, + 468, 68, 471, 466, 470, 465, 68, 68, 461, 68, + 68, 68, 474, 472, 475, 476, 68, 477, 479, 68, + 473, 478, 68, 68, 68, 480, 483, 481, 486, 68, + 484, 68, 68, 68, 485, 487, 68, 488, 68, 68, - 489, 493, 68, 495, 484, 485, 68, 486, 68, 487, - 490, 494, 496, 492, 68, 491, 68, 68, 499, 497, - 68, 68, 68, 68, 68, 68, 502, 501, 504, 503, - 500, 68, 498, 68, 508, 68, 505, 68, 132, 68, - 507, 68, 506, 510, 511, 68, 68, 68, 514, 509, - 512, 68, 516, 68, 521, 517, 515, 68, 513, 68, - 68, 68, 68, 519, 68, 518, 525, 524, 526, 523, - 68, 68, 68, 68, 536, 533, 522, 68, 68, 527, - 68, 528, 534, 68, 529, 537, 68, 538, 543, 530, - 68, 539, 68, 540, 68, 531, 532, 535, 68, 541, + 68, 68, 482, 492, 68, 68, 497, 489, 68, 493, + 68, 68, 68, 499, 500, 490, 494, 68, 491, 68, + 496, 68, 495, 68, 502, 68, 68, 498, 501, 68, + 68, 68, 68, 506, 507, 509, 510, 503, 505, 508, + 68, 68, 504, 68, 132, 68, 68, 68, 512, 515, + 516, 68, 513, 68, 519, 517, 521, 68, 511, 514, + 68, 68, 520, 68, 522, 68, 68, 518, 68, 523, + 68, 68, 68, 525, 531, 528, 530, 529, 68, 68, + 68, 524, 68, 526, 68, 538, 68, 527, 68, 541, + 532, 68, 533, 542, 68, 534, 539, 545, 543, 68, - 68, 68, 68, 542, 68, 547, 68, 551, 68, 546, - 68, 552, 544, 545, 553, 550, 68, 548, 68, 68, - 68, 554, 68, 68, 549, 68, 555, 68, 68, 68, - 556, 557, 559, 561, 68, 560, 563, 562, 68, 68, - 68, 68, 565, 558, 68, 567, 68, 68, 68, 68, - 569, 68, 68, 68, 566, 68, 572, 564, 570, 68, - 68, 568, 68, 68, 577, 68, 578, 68, 68, 571, - 573, 68, 574, 68, 581, 575, 68, 583, 579, 576, - 586, 582, 580, 68, 68, 68, 68, 585, 584, 68, - 587, 68, 592, 593, 590, 588, 589, 68, 68, 68, + 535, 68, 544, 68, 546, 68, 536, 537, 547, 540, + 68, 68, 68, 68, 552, 548, 68, 68, 68, 549, + 551, 556, 68, 555, 557, 68, 68, 558, 559, 68, + 550, 553, 68, 68, 561, 554, 68, 68, 68, 560, + 68, 566, 68, 564, 562, 68, 568, 565, 68, 68, + 68, 68, 570, 567, 68, 563, 68, 572, 68, 68, + 68, 68, 574, 68, 571, 577, 68, 569, 68, 573, + 575, 68, 68, 68, 68, 68, 583, 582, 68, 576, + 68, 68, 578, 579, 68, 591, 588, 586, 580, 68, + 68, 581, 584, 589, 585, 587, 592, 68, 590, 68, - 594, 68, 597, 68, 591, 599, 68, 68, 600, 132, - 68, 68, 68, 68, 596, 602, 68, 595, 68, 68, - 68, 68, 611, 598, 68, 601, 68, 68, 68, 68, - 605, 603, 68, 640, 612, 618, 614, 604, 68, 619, - 615, 606, 617, 607, 68, 613, 625, 608, 616, 609, - 68, 620, 68, 68, 610, 68, 621, 624, 622, 68, - 627, 68, 68, 629, 68, 626, 628, 632, 68, 68, - 634, 68, 68, 633, 635, 68, 623, 68, 630, 68, - 68, 631, 68, 68, 638, 68, 68, 68, 642, 646, - 637, 636, 68, 68, 68, 68, 645, 68, 68, 639, + 68, 68, 68, 593, 68, 596, 68, 598, 594, 595, + 599, 68, 68, 603, 600, 68, 68, 68, 68, 605, + 68, 68, 601, 597, 68, 602, 606, 132, 608, 68, + 68, 68, 607, 68, 68, 617, 604, 68, 68, 68, + 609, 68, 625, 128, 611, 68, 68, 68, 618, 620, + 68, 624, 621, 610, 68, 623, 68, 612, 632, 613, + 622, 630, 619, 614, 631, 615, 68, 626, 68, 633, + 616, 68, 627, 68, 628, 68, 634, 68, 638, 68, + 68, 635, 640, 68, 639, 68, 641, 68, 68, 636, + 68, 68, 629, 68, 68, 644, 637, 68, 68, 68, - 644, 641, 650, 651, 68, 643, 68, 655, 649, 652, - 68, 647, 68, 648, 656, 653, 68, 654, 657, 68, - 68, 658, 68, 68, 659, 660, 68, 68, 68, 663, - 662, 68, 68, 665, 68, 68, 666, 68, 661, 68, - 667, 670, 68, 669, 68, 68, 68, 68, 664, 673, - 672, 668, 68, 671, 68, 68, 68, 674, 68, 678, - 679, 681, 68, 683, 675, 677, 684, 676, 68, 68, - 68, 68, 68, 682, 680, 686, 68, 690, 68, 68, - 68, 68, 68, 68, 685, 68, 688, 68, 698, 687, - 689, 692, 68, 68, 68, 68, 68, 691, 699, 693, + 68, 643, 646, 648, 642, 68, 652, 68, 651, 127, + 645, 68, 68, 647, 650, 68, 68, 649, 68, 68, + 656, 657, 68, 658, 653, 654, 661, 655, 659, 68, + 660, 68, 662, 68, 68, 664, 663, 68, 665, 68, + 68, 68, 666, 670, 669, 68, 68, 68, 667, 68, + 671, 672, 68, 673, 676, 68, 68, 68, 675, 68, + 668, 68, 679, 68, 68, 674, 677, 68, 68, 68, + 68, 125, 68, 684, 678, 685, 68, 68, 68, 680, + 683, 687, 681, 688, 682, 690, 691, 686, 689, 68, + 68, 68, 692, 693, 68, 68, 697, 68, 68, 68, - 696, 695, 68, 68, 68, 68, 68, 700, 694, 701, - 702, 703, 697, 706, 707, 68, 68, 68, 68, 704, - 705, 68, 68, 710, 68, 68, 709, 712, 68, 714, - 68, 68, 68, 68, 708, 68, 68, 715, 68, 68, - 711, 68, 68, 713, 718, 716, 717, 722, 68, 68, - 726, 725, 719, 723, 721, 68, 720, 728, 68, 724, - 68, 68, 727, 731, 68, 730, 68, 732, 68, 736, - 68, 737, 68, 740, 68, 735, 68, 734, 729, 68, - 733, 738, 68, 68, 739, 68, 68, 745, 742, 746, - 68, 741, 68, 68, 68, 747, 68, 748, 68, 743, + 68, 68, 68, 68, 68, 68, 68, 705, 694, 695, + 696, 699, 68, 68, 68, 698, 706, 702, 700, 703, + 708, 68, 68, 68, 68, 704, 701, 707, 709, 710, + 68, 68, 713, 714, 68, 68, 68, 68, 711, 68, + 68, 717, 68, 68, 716, 712, 68, 719, 68, 715, + 721, 68, 722, 68, 68, 723, 718, 68, 720, 68, + 68, 68, 68, 724, 733, 725, 729, 68, 68, 68, + 726, 732, 730, 68, 68, 727, 68, 728, 737, 68, + 123, 731, 734, 743, 735, 738, 68, 736, 68, 739, + 68, 68, 741, 740, 68, 742, 68, 744, 68, 745, - 68, 68, 68, 68, 744, 749, 754, 68, 68, 753, - 750, 68, 751, 68, 752, 755, 759, 757, 68, 756, - 763, 68, 68, 765, 68, 760, 758, 68, 68, 68, - 766, 761, 68, 767, 769, 68, 68, 764, 771, 68, - 68, 772, 68, 762, 773, 68, 68, 775, 768, 68, - 68, 68, 770, 781, 776, 777, 68, 779, 68, 782, - 774, 68, 68, 780, 68, 784, 783, 778, 68, 68, - 68, 785, 788, 68, 68, 68, 791, 68, 68, 68, - 787, 68, 68, 795, 68, 68, 68, 786, 68, 68, - 68, 132, 68, 68, 789, 800, 794, 792, 790, 793, + 68, 747, 68, 746, 68, 750, 68, 752, 753, 749, + 68, 748, 68, 68, 68, 754, 68, 68, 755, 68, + 68, 68, 68, 761, 751, 756, 68, 68, 760, 68, + 757, 68, 758, 68, 759, 762, 764, 766, 68, 763, + 68, 767, 770, 68, 68, 765, 772, 68, 68, 768, + 68, 773, 68, 771, 68, 774, 776, 68, 769, 775, + 778, 68, 68, 68, 777, 780, 68, 779, 782, 68, + 68, 68, 781, 68, 785, 784, 68, 783, 68, 789, + 68, 790, 787, 68, 68, 788, 68, 792, 791, 786, + 68, 68, 68, 68, 796, 68, 68, 799, 68, 793, - 68, 68, 68, 801, 796, 805, 798, 802, 68, 799, - 797, 804, 807, 68, 68, 803, 68, 808, 68, 806, - 809, 68, 68, 68, 68, 68, 68, 814, 816, 68, - 811, 815, 68, 810, 68, 818, 812, 813, 820, 68, - 68, 823, 824, 817, 819, 822, 68, 68, 68, 825, - 826, 68, 68, 828, 68, 821, 830, 827, 832, 68, - 831, 68, 68, 68, 68, 68, 68, 68, 68, 838, - 68, 68, 837, 829, 68, 68, 68, 68, 68, 846, - 68, 833, 834, 68, 836, 843, 839, 840, 847, 841, - 835, 68, 845, 849, 842, 848, 68, 844, 68, 852, + 797, 68, 68, 68, 795, 68, 68, 803, 68, 68, + 794, 68, 68, 68, 68, 68, 68, 808, 800, 798, + 809, 801, 68, 802, 810, 68, 807, 813, 804, 806, + 68, 68, 812, 814, 805, 816, 815, 68, 68, 811, + 68, 68, 68, 68, 68, 68, 68, 822, 817, 824, + 823, 68, 819, 68, 68, 820, 818, 828, 68, 68, + 821, 827, 826, 825, 830, 831, 832, 68, 833, 68, + 68, 68, 834, 68, 835, 829, 68, 837, 838, 840, + 68, 68, 839, 68, 68, 68, 68, 68, 68, 846, + 836, 68, 68, 845, 68, 68, 68, 68, 68, 68, - 68, 68, 68, 68, 856, 850, 853, 854, 68, 68, - 68, 68, 859, 130, 860, 858, 861, 68, 851, 68, - 862, 68, 855, 68, 68, 68, 857, 863, 68, 864, - 68, 68, 869, 68, 68, 867, 68, 871, 865, 68, - 68, 68, 68, 68, 68, 874, 868, 876, 68, 68, - 866, 873, 68, 879, 870, 68, 68, 68, 878, 883, - 68, 872, 875, 885, 68, 884, 877, 68, 68, 880, - 888, 68, 68, 68, 68, 881, 882, 68, 889, 890, - 892, 887, 893, 68, 886, 68, 894, 68, 68, 68, - 68, 68, 68, 901, 68, 898, 68, 900, 891, 68, + 841, 68, 854, 842, 855, 844, 851, 847, 68, 68, + 848, 843, 856, 853, 849, 850, 68, 68, 852, 860, + 68, 68, 857, 68, 68, 858, 861, 862, 864, 68, + 68, 68, 867, 68, 868, 866, 68, 859, 68, 68, + 869, 68, 870, 68, 863, 68, 68, 865, 871, 68, + 872, 873, 68, 68, 878, 68, 68, 876, 68, 880, + 875, 68, 68, 874, 68, 68, 68, 68, 877, 883, + 68, 68, 885, 882, 68, 888, 879, 68, 68, 68, + 68, 892, 886, 881, 887, 884, 68, 68, 894, 68, + 68, 889, 893, 68, 897, 68, 898, 890, 891, 68, - 68, 895, 68, 68, 902, 909, 68, 896, 68, 897, - 68, 68, 68, 68, 899, 68, 904, 906, 903, 908, - 907, 68, 905, 68, 68, 918, 68, 68, 914, 68, - 913, 910, 911, 915, 912, 68, 916, 68, 919, 917, - 68, 68, 920, 921, 68, 68, 927, 68, 923, 922, - 924, 68, 68, 925, 926, 928, 68, 68, 68, 68, - 930, 68, 935, 68, 929, 68, 68, 938, 68, 940, - 931, 932, 68, 943, 68, 68, 68, 934, 68, 936, - 68, 941, 68, 933, 937, 942, 939, 68, 947, 944, - 945, 68, 68, 68, 68, 948, 946, 68, 68, 68, + 895, 902, 68, 896, 899, 901, 68, 68, 903, 68, + 68, 900, 68, 68, 68, 68, 910, 68, 907, 68, + 909, 68, 68, 68, 911, 68, 68, 904, 68, 905, + 918, 68, 906, 68, 68, 68, 68, 908, 917, 912, + 915, 68, 913, 914, 68, 916, 68, 928, 919, 68, + 68, 920, 926, 923, 68, 921, 922, 68, 924, 927, + 68, 925, 929, 931, 68, 68, 930, 68, 936, 937, + 68, 68, 68, 68, 933, 68, 935, 934, 68, 68, + 68, 68, 944, 932, 68, 939, 68, 68, 68, 947, + 949, 938, 941, 940, 68, 68, 68, 68, 943, 953, - 68, 68, 954, 68, 955, 956, 957, 68, 68, 949, - 951, 950, 958, 953, 68, 952, 961, 68, 68, 68, - 68, 965, 68, 960, 969, 68, 68, 68, 962, 68, - 959, 963, 964, 968, 966, 68, 967, 970, 68, 972, - 68, 973, 68, 68, 971, 68, 68, 977, 68, 68, - 974, 979, 68, 980, 68, 981, 68, 983, 68, 982, - 68, 975, 68, 976, 985, 978, 68, 984, 68, 68, - 987, 68, 68, 988, 989, 68, 68, 68, 990, 68, - 991, 997, 68, 986, 68, 992, 68, 999, 993, 68, - 68, 1002, 68, 68, 68, 994, 995, 68, 996, 1001, + 945, 68, 950, 952, 942, 946, 948, 68, 68, 956, + 954, 68, 68, 68, 960, 68, 955, 951, 68, 68, + 68, 68, 68, 68, 957, 964, 68, 965, 966, 68, + 958, 961, 959, 68, 967, 968, 962, 68, 971, 68, + 963, 68, 68, 975, 68, 68, 68, 68, 68, 979, + 68, 68, 970, 978, 973, 972, 969, 974, 976, 980, + 68, 68, 977, 982, 68, 68, 983, 68, 987, 68, + 981, 68, 984, 68, 989, 68, 990, 68, 991, 68, + 993, 68, 992, 68, 985, 68, 995, 986, 68, 997, + 68, 68, 999, 988, 68, 998, 68, 68, 68, 994, - 68, 1004, 68, 1007, 68, 68, 1005, 68, 1003, 1000, - 998, 1011, 1010, 68, 68, 68, 68, 1014, 68, 1015, - 68, 1009, 1013, 68, 68, 68, 1006, 68, 68, 1016, - 1008, 68, 128, 1012, 1021, 1023, 68, 68, 68, 1018, - 1022, 68, 1020, 1017, 1019, 1026, 68, 1029, 1024, 1030, - 68, 68, 68, 1025, 68, 1028, 1031, 1033, 68, 1027, - 1032, 68, 68, 1034, 1035, 68, 1036, 68, 1040, 68, - 1038, 1037, 68, 68, 1042, 68, 68, 68, 1062, 68, - 1044, 1045, 68, 1046, 68, 68, 68, 1043, 68, 68, - 1039, 1047, 1049, 1048, 1041, 68, 68, 1052, 1050, 68, + 68, 68, 68, 1007, 68, 68, 68, 1009, 1000, 68, + 1001, 1012, 68, 996, 68, 1002, 68, 68, 1003, 68, + 1004, 1005, 68, 1006, 68, 1011, 1014, 68, 1017, 1010, + 68, 1008, 1013, 1015, 68, 68, 1021, 68, 68, 1020, + 1016, 68, 1024, 68, 1023, 68, 1019, 1026, 1018, 68, + 1025, 68, 68, 68, 68, 1022, 68, 1033, 68, 68, + 1031, 1036, 68, 68, 68, 1032, 1028, 1039, 1030, 1027, + 1034, 1029, 68, 1040, 68, 1035, 1041, 1043, 1038, 68, + 1042, 68, 68, 68, 1037, 1046, 68, 68, 68, 68, + 68, 1048, 1051, 68, 1053, 1045, 68, 68, 1047, 68, - 68, 68, 1057, 68, 68, 68, 1059, 1051, 1053, 1055, - 1056, 68, 68, 1061, 1063, 68, 68, 1054, 1058, 68, - 68, 1066, 1060, 1064, 68, 68, 68, 68, 68, 68, - 68, 68, 68, 1074, 68, 1073, 68, 1068, 1069, 1065, - 1070, 68, 1071, 1076, 68, 1067, 1078, 68, 68, 1072, - 1075, 68, 68, 1080, 1081, 1077, 1082, 68, 68, 68, - 1086, 68, 1079, 1083, 1085, 68, 1087, 68, 1090, 68, - 68, 68, 68, 68, 1094, 1084, 68, 68, 1088, 68, - 1092, 1089, 1091, 1093, 1097, 1095, 68, 68, 68, 1096, - 68, 1098, 68, 1100, 68, 68, 1102, 68, 1103, 68, + 1049, 68, 1056, 68, 1055, 1044, 1057, 68, 1054, 68, + 68, 68, 68, 68, 1050, 1052, 1058, 1059, 1061, 1060, + 68, 1063, 68, 1062, 68, 68, 1068, 68, 68, 68, + 1070, 68, 1064, 1066, 1067, 68, 68, 1072, 1075, 68, + 1065, 1073, 1069, 1074, 68, 68, 1071, 68, 1077, 68, + 68, 68, 68, 68, 68, 68, 68, 68, 1085, 68, + 1084, 68, 1079, 1080, 1081, 1076, 1398, 68, 1082, 68, + 1078, 1089, 68, 1088, 1083, 1086, 1087, 68, 68, 68, + 1092, 68, 1091, 68, 1093, 1097, 1094, 1090, 68, 1096, + 68, 68, 68, 1098, 1101, 68, 68, 68, 68, 1105, - 1099, 1106, 68, 68, 1101, 68, 1105, 1110, 1107, 1108, - 68, 68, 1113, 68, 1109, 68, 1111, 68, 1112, 1104, - 1116, 68, 68, 1114, 68, 1117, 1115, 68, 68, 68, - 68, 68, 1119, 1120, 1118, 1122, 68, 68, 68, 68, - 68, 68, 68, 1121, 1130, 68, 68, 68, 1149, 1131, - 68, 127, 1128, 68, 1134, 1124, 68, 1123, 1126, 1127, - 1132, 1125, 1129, 1133, 1135, 68, 1136, 68, 68, 1137, - 1138, 68, 1139, 68, 1141, 68, 1142, 68, 68, 68, - 1145, 68, 68, 68, 1144, 1147, 68, 1140, 68, 68, - 1153, 68, 1150, 68, 1151, 1155, 68, 1143, 1156, 68, + 68, 1095, 68, 68, 68, 68, 1100, 1106, 1102, 1103, + 1099, 68, 1104, 68, 1107, 68, 1108, 1110, 1109, 68, + 68, 1112, 68, 1111, 68, 1113, 1114, 1118, 68, 68, + 1115, 1120, 68, 1117, 68, 68, 68, 68, 1119, 1122, + 68, 1123, 1125, 68, 68, 68, 68, 1116, 1126, 1131, + 1124, 1128, 68, 1121, 1127, 68, 1129, 68, 1130, 68, + 68, 1132, 68, 68, 68, 1134, 68, 68, 68, 68, + 68, 1142, 68, 68, 1133, 1161, 1143, 68, 1146, 1140, + 68, 68, 1136, 1138, 1147, 68, 1148, 68, 1135, 1139, + 1137, 1141, 68, 1144, 1145, 1150, 68, 1151, 68, 68, - 68, 1146, 1154, 68, 1158, 68, 1148, 68, 68, 1152, - 68, 68, 68, 1161, 1159, 68, 68, 1169, 68, 1160, - 1165, 68, 68, 68, 1163, 68, 1157, 1167, 68, 1170, - 1168, 1166, 68, 1164, 68, 1162, 1174, 1172, 68, 1173, - 68, 68, 68, 1171, 68, 1175, 1178, 1177, 68, 68, - 68, 1179, 68, 1176, 1180, 1181, 68, 68, 1192, 68, - 68, 1182, 1183, 1184, 68, 1185, 1222, 68, 68, 1190, - 1186, 1187, 1188, 1189, 68, 68, 68, 68, 68, 68, - 1195, 1191, 1193, 68, 1194, 68, 1196, 1197, 68, 68, - 1199, 68, 1200, 68, 1198, 1201, 68, 1202, 68, 1203, + 1153, 68, 1154, 68, 68, 1149, 68, 1157, 68, 68, + 68, 1156, 1159, 68, 68, 68, 68, 68, 1152, 1162, + 68, 1163, 1173, 1155, 1165, 68, 1167, 68, 1158, 1166, + 1168, 68, 1160, 68, 1170, 68, 1164, 68, 68, 68, + 68, 1169, 68, 68, 1171, 68, 68, 1177, 68, 1172, + 68, 1182, 1175, 68, 1179, 1180, 68, 1183, 1178, 68, + 68, 1176, 1181, 1174, 68, 1186, 1187, 68, 1185, 1398, + 1184, 68, 68, 1188, 68, 1190, 68, 1192, 68, 1191, + 1195, 1189, 68, 1193, 1194, 68, 68, 1197, 68, 1196, + 68, 68, 68, 68, 1203, 1198, 1200, 68, 1202, 68, - 68, 1204, 68, 1205, 1206, 68, 68, 1207, 1208, 68, - 68, 1211, 68, 1212, 68, 1210, 1213, 68, 68, 68, - 68, 68, 68, 1209, 68, 1220, 68, 68, 68, 68, - 1214, 68, 1216, 1217, 1218, 68, 1221, 1215, 68, 68, - 68, 68, 1224, 68, 1219, 1228, 1229, 68, 1223, 1226, - 1230, 68, 68, 1232, 68, 1225, 1227, 1231, 1233, 68, - 68, 1236, 1235, 1234, 68, 68, 1240, 68, 1241, 68, - 68, 68, 68, 68, 68, 68, 68, 68, 1237, 1247, - 1238, 1248, 68, 68, 1239, 1242, 1251, 68, 1243, 68, - 1249, 1244, 1246, 1245, 68, 1250, 1253, 68, 1254, 68, + 68, 68, 1199, 1204, 68, 68, 1206, 1208, 68, 1209, + 68, 1201, 1207, 1210, 68, 1211, 1205, 1212, 68, 1213, + 68, 1214, 68, 1215, 68, 68, 68, 68, 1219, 68, + 68, 68, 1218, 1221, 68, 1220, 68, 1224, 68, 68, + 1216, 1223, 1225, 68, 1226, 68, 68, 1217, 1222, 68, + 68, 1227, 68, 68, 68, 1234, 68, 1232, 68, 68, + 68, 1229, 1230, 68, 1228, 1231, 68, 1235, 68, 68, + 68, 68, 68, 68, 1233, 1242, 1238, 1243, 1244, 68, + 1237, 68, 1240, 68, 1246, 1236, 68, 1241, 1249, 1245, + 1239, 1247, 68, 68, 68, 1248, 68, 1254, 68, 1250, - 68, 1255, 1252, 1257, 68, 68, 68, 68, 68, 1258, - 1259, 1256, 68, 1262, 1260, 68, 125, 1263, 1265, 68, - 1266, 68, 1261, 1267, 1268, 68, 1269, 68, 68, 68, - 1264, 68, 68, 68, 1270, 1272, 68, 68, 68, 68, - 1276, 68, 68, 1271, 68, 1274, 1273, 1275, 1280, 68, - 1277, 1282, 68, 1281, 68, 68, 1278, 68, 68, 68, - 1284, 1279, 1283, 1287, 68, 68, 1285, 68, 1289, 68, - 68, 1286, 1290, 1291, 68, 1292, 68, 1295, 68, 1288, - 1296, 68, 68, 1293, 1294, 68, 68, 68, 68, 1297, - 68, 1302, 1298, 68, 68, 1300, 68, 1299, 68, 1304, + 1255, 68, 68, 68, 68, 68, 68, 1262, 68, 68, + 1252, 1251, 1261, 68, 68, 1253, 1256, 1265, 68, 68, + 68, 1257, 68, 1258, 1260, 1259, 1267, 68, 1263, 1268, + 68, 1271, 1264, 68, 1269, 68, 68, 68, 1266, 68, + 1272, 1273, 1270, 68, 68, 68, 68, 1275, 1398, 1277, + 1278, 1280, 68, 1281, 68, 1282, 1274, 68, 1276, 68, + 68, 1279, 1283, 68, 1284, 68, 68, 68, 68, 1286, + 1287, 1285, 1288, 68, 68, 1291, 68, 1289, 68, 68, + 1295, 68, 1290, 68, 68, 1292, 1297, 68, 68, 1299, + 68, 68, 1296, 1302, 68, 68, 1298, 1293, 1294, 1300, - 68, 68, 68, 68, 68, 1309, 68, 1301, 1312, 1303, - 1307, 1311, 68, 68, 68, 1313, 1305, 68, 68, 68, - 1308, 1310, 1314, 1317, 1306, 68, 1315, 68, 1318, 68, - 68, 68, 68, 68, 1319, 1320, 1324, 68, 1321, 68, - 68, 68, 1316, 68, 68, 1330, 1329, 1323, 1325, 1326, - 1322, 1328, 1332, 68, 68, 68, 1334, 68, 68, 1327, - 1333, 1337, 68, 1331, 1338, 68, 68, 68, 68, 1342, - 68, 68, 1344, 68, 1335, 68, 68, 68, 123, 1340, - 1336, 68, 1347, 1343, 68, 1339, 1348, 68, 1341, 1351, - 1346, 1349, 68, 68, 1345, 1350, 68, 1352, 68, 68, + 68, 1304, 68, 68, 1301, 1305, 1306, 68, 1307, 68, + 1308, 68, 68, 1311, 68, 1303, 1312, 68, 68, 68, + 1314, 1309, 68, 1313, 68, 68, 1310, 68, 1318, 68, + 68, 68, 1316, 68, 68, 1320, 68, 68, 68, 68, + 1325, 1315, 1328, 1323, 1317, 1319, 1327, 68, 68, 68, + 68, 1321, 68, 68, 1334, 68, 1324, 1326, 1329, 1322, + 1331, 1330, 68, 68, 1335, 68, 68, 1333, 1336, 68, + 1340, 68, 68, 68, 1337, 1332, 68, 68, 68, 68, + 68, 1341, 1345, 68, 1339, 1338, 1344, 1348, 68, 1342, + 68, 68, 1350, 68, 68, 1343, 1349, 1353, 68, 1347, - 1353, 1354, 68, 68, 68, 1357, 68, 68, 1355, 68, - 68, 1362, 1356, 1360, 1358, 1359, 1361, 68, 1363, 68, - 68, 1365, 68, 68, 1364, 68, 1368, 68, 1369, 68, - 1370, 68, 1371, 68, 68, 68, 1373, 68, 1366, 68, - 68, 1374, 68, 1367, 1376, 68, 1372, 68, 68, 1377, - 1381, 68, 1382, 1382, 1382, 1382, 1382, 1378, 1382, 1375, - 1382, 1379, 1382, 1382, 1382, 1382, 1382, 1380, 40, 40, - 40, 40, 40, 40, 40, 45, 45, 45, 45, 45, - 45, 45, 50, 50, 50, 50, 50, 50, 50, 56, - 56, 56, 56, 56, 56, 56, 61, 61, 61, 61, + 1354, 68, 68, 1351, 68, 1346, 1358, 68, 68, 1360, + 68, 68, 1352, 1355, 1356, 68, 68, 1364, 68, 68, + 1359, 1363, 1365, 68, 1357, 1366, 68, 68, 1393, 1362, + 1361, 68, 1367, 1368, 68, 68, 1369, 1370, 68, 68, + 68, 1373, 68, 68, 1371, 68, 68, 68, 1372, 1383, + 1374, 1375, 1377, 68, 68, 1379, 68, 68, 1378, 1381, + 68, 1380, 1382, 1376, 1384, 68, 1385, 68, 1386, 68, + 1387, 68, 68, 68, 1389, 68, 68, 1392, 68, 1390, + 68, 68, 1398, 68, 1388, 1397, 68, 1398, 1398, 1398, + 1398, 1398, 1398, 1398, 1398, 1394, 1391, 1395, 1398, 1398, - 61, 61, 61, 71, 71, 1382, 71, 71, 71, 71, - 122, 122, 1382, 1382, 1382, 122, 122, 124, 124, 1382, - 1382, 124, 1382, 124, 126, 1382, 1382, 1382, 1382, 1382, - 126, 129, 129, 1382, 1382, 1382, 129, 129, 131, 1382, - 1382, 1382, 1382, 1382, 131, 133, 133, 1382, 133, 133, - 133, 133, 72, 72, 1382, 72, 72, 72, 72, 13, - 1382, 1382, 1382, 1382, 1382, 1382, 1382, 1382, 1382, 1382, - 1382, 1382, 1382, 1382, 1382, 1382, 1382, 1382, 1382, 1382, - 1382, 1382, 1382, 1382, 1382, 1382, 1382, 1382, 1382, 1382, - 1382, 1382, 1382, 1382, 1382, 1382, 1382, 1382, 1382 + 1396, 40, 40, 40, 40, 40, 40, 40, 45, 45, + 45, 45, 45, 45, 45, 50, 50, 50, 50, 50, + 50, 50, 56, 56, 56, 56, 56, 56, 56, 61, + 61, 61, 61, 61, 61, 61, 71, 71, 1398, 71, + 71, 71, 71, 122, 122, 1398, 1398, 1398, 122, 122, + 124, 124, 1398, 1398, 124, 1398, 124, 126, 1398, 1398, + 1398, 1398, 1398, 126, 129, 129, 1398, 1398, 1398, 129, + 129, 131, 1398, 1398, 1398, 1398, 1398, 131, 133, 133, + 1398, 133, 133, 133, 133, 72, 72, 1398, 72, 72, + 72, 72, 13, 1398, 1398, 1398, 1398, 1398, 1398, 1398, + 1398, 1398, 1398, 1398, 1398, 1398, 1398, 1398, 1398, 1398, + 1398, 1398, 1398, 1398, 1398, 1398, 1398, 1398, 1398, 1398, + 1398, 1398, 1398, 1398, 1398, 1398, 1398, 1398, 1398, 1398, + 1398, 1398 } ; -static yyconst flex_int16_t yy_chk[2800] = +static yyconst flex_int16_t yy_chk[2833] = { 0, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 3, 3, 3, 4, 4, 4, 49, 5, 5, 49, 3, 5, 15, 4, 6, 6, 15, 5, 6, 9, 9, - 9, 118, 33, 6, 7, 7, 7, 7, 9, 7, + 9, 149, 33, 6, 7, 7, 7, 7, 9, 7, 10, 10, 10, 44, 44, 7, 8, 8, 8, 8, - 10, 8, 21, 33, 118, 21, 21, 8, 11, 11, - 11, 11, 11, 11, 1388, 20, 29, 20, 20, 11, + 10, 8, 21, 33, 149, 21, 21, 8, 11, 11, + 11, 11, 11, 11, 1404, 20, 29, 20, 20, 11, 20, 29, 24, 21, 25, 20, 24, 28, 11, 12, 12, 12, 12, 12, 12, 74, 22, 22, 74, 25, 12, 69, 28, 66, 22, 69, 24, 26, 26, 12, 19, 22, 19, 19, 23, 19, 26, 66, 27, 23, 19, 19, 27, 23, 30, 27, 23, 31, 31, 23, 32, 32, 27, 75, 27, 32, 31, 75, 34, 30, 35, 76, 31, 39, 39, 35, 31, 34, 39, 36, 109, 32, 38, 34, 36, 35, 34, 93, 35, 37, - 37, 76, 37, 34, 36, 109, 38, 600, 36, 36, + 37, 76, 37, 34, 36, 109, 38, 606, 36, 36, 55, 38, 55, 55, 79, 55, 93, 37, 60, 60, 63, 78, 63, 63, 65, 63, 65, 65, 79, 65, 68, 63, 68, 68, 77, 68, 80, 77, 81, 78, 68, 71, 82, 71, 71, 83, 71, 84, 80, 85, 83, 71, 71, 86, 87, 88, 81, 89, 139, 88, 90, 84, 89, 83, 82, 96, 139, 91, 131, 85, 91, 86, 87, 91, 90, 92, 94, 97, 99, 95, 92, 94, 95, 100, 98, 99, 95, 91, 98, 96, 101, 97, 102, 103, 104, 106, 100, 101, 104, 105, 106, 94, 107, 108, 106, 102, 110, 112, 111, 113, 114, 114, 112, 103, 115, 117, 108, 105, 116, 119, - 121, 113, 107, 120, 119, 110, 111, 123, 123, 129, - 125, 114, 115, 125, 116, 120, 117, 127, 121, 127, - 127, 136, 127, 130, 130, 132, 136, 132, 132, 133, - 132, 133, 133, 135, 133, 138, 135, 137, 140, 141, - 133, 142, 137, 143, 144, 149, 142, 142, 143, 144, - 138, 146, 146, 140, 147, 128, 148, 152, 150, 141, - 145, 148, 150, 153, 145, 151, 155, 154, 149, 145, - 151, 152, 156, 147, 145, 157, 157, 156, 153, 154, - 145, 145, 154, 158, 155, 159, 160, 161, 161, 162, - 163, 160, 165, 164, 162, 163, 172, 174, 126, 166, + 121, 113, 107, 120, 119, 110, 111, 118, 164, 118, + 125, 114, 115, 125, 116, 120, 117, 164, 121, 123, + 123, 127, 135, 127, 127, 135, 127, 130, 130, 132, + 118, 132, 132, 133, 132, 133, 133, 136, 133, 138, + 137, 140, 136, 141, 133, 137, 142, 147, 143, 165, + 144, 142, 142, 143, 138, 144, 140, 146, 146, 129, + 148, 152, 153, 141, 145, 148, 147, 150, 145, 151, + 165, 150, 155, 145, 151, 152, 154, 153, 145, 157, + 157, 156, 158, 159, 145, 145, 156, 160, 154, 128, + 155, 154, 160, 161, 161, 162, 163, 174, 166, 159, - 162, 159, 164, 158, 166, 167, 168, 169, 170, 176, - 167, 168, 169, 165, 171, 170, 172, 173, 175, 174, - 171, 177, 178, 173, 176, 179, 175, 178, 181, 184, - 180, 182, 183, 181, 183, 185, 184, 186, 187, 187, - 185, 177, 190, 191, 190, 188, 192, 179, 180, 180, - 188, 182, 189, 194, 193, 191, 186, 189, 194, 195, - 196, 190, 193, 197, 195, 192, 198, 199, 188, 200, - 201, 201, 200, 203, 198, 196, 202, 202, 204, 205, - 206, 197, 205, 208, 206, 207, 209, 213, 208, 203, - 210, 210, 199, 204, 207, 214, 211, 212, 215, 216, + 162, 163, 158, 166, 167, 168, 162, 169, 170, 167, + 168, 171, 169, 172, 173, 170, 175, 171, 177, 174, + 173, 176, 178, 179, 175, 180, 181, 178, 182, 126, + 183, 181, 183, 172, 184, 185, 176, 186, 177, 187, + 185, 184, 193, 180, 180, 179, 188, 188, 182, 189, + 190, 187, 192, 197, 189, 190, 186, 191, 194, 191, + 195, 193, 196, 198, 192, 195, 194, 196, 197, 199, + 200, 201, 189, 204, 201, 205, 191, 199, 202, 202, + 214, 198, 203, 203, 206, 208, 209, 206, 207, 204, + 205, 209, 207, 210, 208, 200, 211, 211, 212, 213, - 209, 211, 212, 217, 217, 218, 219, 213, 220, 221, - 219, 226, 216, 214, 221, 222, 223, 224, 222, 215, - 220, 225, 227, 218, 228, 230, 230, 232, 223, 275, - 225, 233, 226, 275, 224, 227, 228, 224, 229, 231, - 229, 229, 231, 234, 232, 236, 233, 232, 235, 235, - 236, 238, 234, 237, 237, 239, 240, 241, 242, 243, - 244, 240, 243, 242, 243, 245, 238, 246, 247, 249, - 124, 250, 255, 247, 244, 239, 246, 241, 248, 251, - 253, 245, 252, 248, 245, 252, 245, 255, 256, 257, - 249, 250, 258, 251, 253, 260, 271, 256, 259, 262, + 214, 215, 216, 212, 213, 217, 219, 210, 218, 218, + 220, 222, 223, 221, 220, 223, 222, 224, 217, 215, + 225, 226, 227, 216, 219, 221, 228, 231, 231, 224, + 226, 230, 229, 230, 230, 232, 233, 225, 232, 228, + 225, 235, 234, 227, 229, 236, 236, 237, 238, 238, + 235, 239, 237, 233, 240, 241, 233, 234, 242, 243, + 241, 245, 244, 246, 243, 244, 239, 244, 247, 250, + 124, 248, 251, 252, 240, 245, 248, 247, 242, 246, + 249, 253, 246, 254, 246, 249, 254, 255, 252, 257, + 250, 258, 251, 259, 260, 253, 261, 265, 290, 290, - 122, 252, 254, 261, 254, 254, 266, 263, 261, 264, - 257, 258, 271, 259, 254, 260, 254, 254, 254, 262, - 265, 254, 263, 267, 264, 265, 266, 268, 269, 269, - 270, 269, 268, 272, 273, 276, 274, 267, 274, 280, - 277, 281, 278, 279, 280, 281, 282, 67, 273, 272, - 270, 278, 279, 276, 277, 282, 283, 284, 285, 287, - 286, 283, 285, 284, 278, 286, 288, 288, 289, 290, - 291, 292, 287, 289, 293, 294, 294, 295, 293, 291, - 296, 300, 295, 292, 297, 297, 299, 299, 301, 302, - 290, 303, 305, 306, 307, 308, 301, 309, 302, 310, + 258, 255, 254, 256, 257, 256, 256, 262, 264, 266, + 268, 261, 265, 260, 259, 256, 263, 256, 256, 256, + 267, 263, 256, 269, 266, 267, 270, 262, 264, 272, + 268, 270, 271, 271, 273, 271, 274, 269, 276, 275, + 276, 277, 278, 279, 283, 277, 280, 281, 283, 272, + 273, 289, 274, 275, 282, 280, 281, 279, 284, 282, + 278, 285, 292, 286, 289, 122, 285, 284, 280, 286, + 287, 288, 291, 293, 287, 294, 288, 291, 296, 296, + 295, 297, 293, 292, 295, 298, 297, 294, 299, 299, + 301, 301, 302, 303, 304, 305, 307, 308, 309, 310, - 308, 296, 300, 303, 310, 309, 311, 312, 307, 313, - 314, 315, 305, 306, 314, 316, 317, 318, 321, 320, - 316, 323, 333, 322, 311, 325, 315, 327, 322, 312, - 313, 333, 317, 322, 321, 330, 318, 319, 319, 320, - 328, 323, 327, 319, 329, 319, 324, 324, 326, 326, - 325, 331, 328, 319, 330, 332, 334, 335, 336, 329, - 332, 337, 336, 319, 338, 339, 337, 340, 341, 341, - 342, 430, 335, 331, 343, 334, 338, 345, 344, 430, - 340, 344, 342, 339, 346, 347, 343, 346, 348, 348, - 349, 349, 345, 354, 350, 351, 351, 353, 347, 350, + 311, 303, 313, 304, 310, 312, 298, 305, 311, 314, + 312, 315, 309, 302, 316, 317, 307, 308, 316, 318, + 313, 319, 320, 323, 318, 322, 325, 326, 324, 325, + 317, 314, 315, 324, 327, 327, 328, 319, 324, 323, + 330, 320, 321, 321, 331, 322, 333, 326, 321, 332, + 321, 329, 329, 334, 335, 330, 331, 336, 321, 335, + 337, 328, 338, 339, 332, 333, 336, 339, 321, 340, + 341, 342, 343, 67, 340, 334, 345, 338, 346, 337, + 344, 344, 341, 347, 348, 343, 347, 350, 345, 342, + 346, 349, 351, 351, 349, 352, 352, 353, 357, 348, - 352, 352, 353, 355, 360, 356, 357, 363, 355, 356, - 359, 357, 358, 361, 354, 359, 358, 362, 361, 366, - 364, 363, 362, 364, 360, 365, 365, 368, 364, 367, - 369, 370, 364, 369, 367, 370, 368, 366, 371, 372, - 373, 375, 374, 371, 376, 373, 380, 378, 377, 376, - 378, 380, 372, 375, 377, 381, 379, 370, 374, 379, - 382, 383, 384, 385, 387, 384, 383, 386, 385, 387, - 388, 386, 386, 381, 382, 389, 390, 392, 389, 388, - 390, 390, 391, 393, 391, 393, 394, 395, 396, 397, - 398, 399, 404, 389, 398, 400, 392, 401, 402, 409, + 350, 61, 353, 354, 354, 355, 355, 356, 358, 363, + 359, 360, 356, 358, 359, 362, 360, 361, 364, 357, + 362, 361, 365, 364, 366, 367, 369, 365, 367, 363, + 368, 368, 371, 367, 370, 375, 56, 367, 366, 370, + 372, 371, 373, 372, 369, 374, 373, 376, 375, 377, + 374, 378, 376, 379, 380, 384, 381, 383, 379, 381, + 380, 382, 383, 378, 382, 377, 385, 386, 373, 395, + 388, 387, 386, 384, 387, 388, 391, 389, 390, 397, + 385, 389, 389, 390, 392, 391, 393, 392, 395, 398, + 393, 393, 394, 396, 394, 396, 399, 397, 400, 401, - 399, 403, 405, 405, 394, 395, 403, 396, 406, 397, - 400, 404, 406, 402, 407, 401, 408, 410, 409, 407, - 411, 412, 413, 414, 416, 418, 412, 411, 414, 413, - 410, 415, 408, 417, 418, 419, 415, 423, 420, 431, - 417, 421, 416, 420, 421, 429, 422, 424, 424, 419, - 422, 427, 426, 428, 431, 427, 424, 426, 423, 434, - 437, 438, 439, 429, 443, 428, 439, 438, 440, 437, - 442, 445, 444, 440, 445, 442, 434, 441, 449, 441, - 447, 441, 443, 452, 441, 446, 446, 447, 452, 441, - 448, 448, 453, 449, 454, 441, 441, 444, 450, 450, + 402, 403, 392, 401, 404, 405, 406, 398, 407, 402, + 409, 406, 408, 408, 409, 399, 403, 410, 400, 411, + 405, 412, 404, 413, 411, 414, 415, 407, 410, 416, + 418, 419, 417, 415, 416, 418, 419, 412, 414, 417, + 420, 421, 413, 422, 424, 423, 427, 425, 421, 424, + 425, 426, 422, 428, 428, 426, 430, 432, 420, 423, + 431, 430, 428, 433, 431, 434, 441, 427, 435, 432, + 438, 442, 443, 434, 444, 441, 443, 442, 447, 444, + 446, 433, 453, 435, 448, 446, 449, 438, 445, 449, + 445, 451, 445, 450, 450, 445, 447, 453, 451, 457, - 451, 455, 457, 451, 456, 456, 458, 460, 460, 455, - 459, 461, 453, 454, 462, 459, 461, 457, 463, 462, - 464, 463, 465, 466, 458, 467, 464, 468, 469, 471, - 465, 466, 468, 470, 470, 469, 472, 471, 473, 475, - 476, 472, 475, 467, 477, 477, 478, 479, 481, 483, - 479, 482, 484, 485, 476, 487, 482, 473, 479, 486, - 489, 478, 488, 490, 487, 491, 488, 492, 494, 481, - 483, 493, 484, 495, 491, 485, 498, 493, 489, 486, - 496, 492, 490, 501, 499, 496, 497, 495, 494, 500, - 497, 502, 502, 503, 500, 498, 499, 504, 503, 505, + 445, 452, 452, 454, 454, 455, 445, 445, 455, 448, + 456, 458, 459, 460, 460, 456, 461, 462, 463, 457, + 459, 464, 464, 463, 465, 467, 469, 466, 467, 465, + 458, 461, 466, 468, 469, 462, 470, 471, 472, 468, + 473, 474, 474, 472, 470, 475, 476, 473, 477, 479, + 480, 476, 479, 475, 482, 471, 481, 481, 485, 483, + 486, 487, 483, 488, 480, 486, 489, 477, 491, 482, + 483, 490, 492, 498, 493, 494, 492, 491, 495, 485, + 497, 496, 487, 488, 499, 500, 497, 495, 489, 503, + 500, 490, 493, 498, 494, 496, 501, 504, 499, 502, - 504, 506, 507, 508, 501, 509, 509, 507, 510, 510, - 511, 512, 513, 514, 506, 512, 515, 505, 517, 518, - 519, 520, 517, 508, 544, 511, 521, 522, 523, 524, - 515, 513, 528, 544, 518, 524, 520, 514, 516, 525, - 521, 516, 523, 516, 525, 519, 528, 516, 522, 516, - 526, 526, 527, 529, 516, 532, 526, 527, 526, 530, - 530, 531, 534, 532, 533, 529, 531, 535, 535, 536, - 538, 539, 540, 536, 539, 538, 526, 541, 533, 542, - 543, 534, 545, 546, 542, 547, 548, 549, 546, 550, - 541, 540, 552, 554, 550, 553, 549, 555, 556, 543, + 505, 501, 506, 502, 510, 505, 507, 507, 503, 504, + 508, 509, 511, 512, 509, 508, 513, 516, 512, 514, + 514, 518, 510, 506, 517, 511, 515, 515, 517, 519, + 520, 522, 516, 523, 525, 522, 513, 524, 526, 527, + 518, 528, 530, 51, 520, 529, 534, 530, 523, 525, + 533, 529, 526, 519, 521, 528, 532, 521, 534, 521, + 527, 532, 524, 521, 533, 521, 531, 531, 535, 535, + 521, 536, 531, 537, 531, 538, 536, 539, 540, 540, + 541, 537, 543, 544, 541, 545, 544, 543, 546, 538, + 547, 548, 531, 549, 550, 547, 539, 552, 551, 554, - 548, 545, 555, 556, 557, 547, 558, 560, 554, 557, - 566, 552, 560, 553, 562, 558, 559, 559, 562, 562, - 563, 563, 564, 565, 563, 564, 567, 568, 569, 567, - 566, 570, 576, 569, 571, 572, 570, 573, 565, 578, - 571, 574, 574, 573, 575, 579, 577, 580, 568, 577, - 576, 572, 581, 575, 582, 583, 584, 578, 585, 582, - 583, 585, 586, 587, 579, 581, 588, 580, 587, 589, - 591, 588, 592, 586, 584, 590, 590, 594, 593, 595, - 597, 594, 596, 598, 589, 602, 592, 601, 604, 591, - 593, 596, 603, 604, 612, 607, 608, 595, 605, 597, + 553, 546, 549, 551, 545, 557, 555, 558, 554, 50, + 548, 555, 559, 550, 553, 560, 561, 552, 562, 563, + 560, 561, 573, 562, 557, 558, 565, 559, 563, 564, + 564, 565, 567, 570, 568, 568, 567, 567, 568, 569, + 571, 572, 569, 573, 572, 574, 575, 576, 570, 577, + 574, 575, 578, 576, 579, 579, 581, 580, 578, 582, + 571, 583, 582, 584, 585, 577, 580, 586, 587, 589, + 588, 45, 591, 587, 581, 588, 592, 595, 590, 583, + 586, 590, 584, 591, 585, 593, 594, 589, 592, 597, + 593, 594, 595, 596, 596, 598, 600, 601, 599, 603, - 602, 601, 606, 605, 610, 611, 609, 606, 598, 607, - 608, 609, 603, 612, 613, 613, 614, 615, 616, 610, - 611, 617, 618, 616, 619, 620, 615, 618, 621, 620, - 622, 623, 624, 625, 614, 626, 627, 621, 629, 630, - 617, 628, 631, 619, 624, 622, 623, 628, 634, 635, - 633, 631, 625, 629, 627, 633, 626, 635, 636, 630, - 637, 639, 634, 638, 640, 637, 641, 638, 638, 642, - 643, 643, 646, 646, 642, 641, 644, 640, 636, 645, - 639, 644, 647, 648, 645, 649, 650, 651, 648, 652, - 653, 647, 651, 654, 652, 653, 655, 654, 656, 649, + 600, 604, 602, 607, 608, 609, 613, 610, 597, 598, + 599, 602, 610, 618, 614, 601, 611, 607, 603, 608, + 613, 611, 612, 616, 615, 609, 604, 612, 614, 615, + 617, 620, 618, 619, 619, 621, 622, 623, 616, 625, + 628, 622, 624, 627, 621, 617, 626, 624, 629, 620, + 626, 631, 627, 630, 632, 628, 623, 635, 625, 633, + 634, 636, 637, 629, 639, 630, 634, 642, 640, 639, + 631, 637, 635, 643, 645, 632, 641, 633, 643, 646, + 40, 636, 640, 648, 641, 644, 647, 642, 648, 644, + 644, 655, 646, 645, 650, 647, 649, 649, 651, 650, - 659, 660, 658, 661, 650, 655, 658, 662, 663, 656, - 655, 664, 655, 665, 655, 659, 663, 661, 666, 660, - 667, 667, 668, 669, 669, 664, 662, 671, 672, 673, - 671, 665, 675, 672, 674, 674, 677, 668, 676, 676, - 679, 677, 680, 666, 678, 678, 681, 680, 673, 683, - 682, 684, 675, 687, 681, 682, 685, 684, 687, 688, - 679, 689, 691, 685, 688, 690, 689, 683, 692, 693, - 690, 691, 694, 694, 695, 696, 697, 698, 700, 699, - 693, 697, 701, 701, 702, 703, 705, 692, 704, 709, - 706, 61, 713, 710, 695, 706, 700, 698, 696, 699, + 652, 652, 653, 651, 654, 655, 656, 657, 658, 654, + 659, 653, 657, 658, 660, 659, 661, 662, 660, 664, + 665, 666, 667, 664, 656, 661, 668, 670, 662, 669, + 661, 671, 661, 672, 661, 665, 667, 669, 674, 666, + 679, 670, 673, 673, 681, 668, 675, 675, 677, 671, + 678, 677, 685, 674, 14, 678, 680, 680, 672, 679, + 682, 682, 683, 686, 681, 684, 684, 683, 686, 687, + 688, 690, 685, 689, 689, 688, 691, 687, 692, 694, + 702, 695, 691, 696, 694, 692, 695, 697, 696, 690, + 698, 699, 697, 700, 701, 701, 703, 704, 705, 698, - 711, 712, 715, 708, 702, 711, 704, 708, 708, 705, - 703, 710, 713, 714, 716, 709, 717, 714, 719, 712, - 715, 718, 720, 722, 721, 723, 724, 720, 722, 725, - 717, 721, 726, 716, 727, 724, 718, 719, 726, 735, - 728, 729, 730, 723, 725, 728, 729, 730, 731, 731, - 733, 733, 734, 735, 736, 727, 737, 734, 738, 738, - 737, 737, 739, 740, 741, 742, 743, 745, 746, 744, - 747, 749, 743, 736, 744, 748, 750, 751, 752, 752, - 755, 739, 740, 753, 742, 749, 745, 746, 753, 747, - 741, 754, 751, 755, 748, 754, 756, 750, 757, 758, + 702, 706, 704, 712, 700, 707, 708, 708, 709, 710, + 699, 711, 713, 716, 717, 719, 720, 713, 705, 703, + 715, 706, 718, 707, 715, 715, 712, 718, 709, 711, + 722, 721, 717, 719, 710, 721, 720, 723, 724, 716, + 725, 726, 727, 728, 729, 730, 732, 727, 722, 729, + 728, 733, 724, 731, 734, 725, 723, 733, 743, 735, + 726, 732, 731, 730, 735, 736, 737, 738, 738, 741, + 736, 737, 740, 740, 741, 734, 742, 743, 744, 745, + 745, 746, 744, 744, 747, 748, 749, 750, 752, 751, + 742, 753, 756, 750, 751, 754, 755, 757, 758, 760, - 758, 759, 761, 760, 762, 756, 759, 760, 764, 762, - 766, 767, 767, 56, 768, 766, 770, 770, 757, 768, - 772, 772, 761, 776, 774, 777, 764, 774, 775, 775, - 778, 779, 780, 780, 781, 778, 782, 782, 776, 783, - 784, 785, 787, 786, 790, 785, 779, 787, 789, 792, - 777, 784, 791, 791, 781, 793, 794, 795, 790, 795, - 796, 783, 786, 797, 798, 796, 789, 799, 797, 792, - 800, 800, 801, 804, 803, 793, 794, 805, 801, 803, - 805, 799, 806, 808, 798, 807, 807, 806, 809, 810, - 811, 812, 813, 814, 814, 811, 817, 813, 804, 815, + 746, 759, 759, 747, 760, 749, 756, 752, 761, 762, + 753, 748, 761, 758, 754, 755, 763, 764, 757, 765, + 765, 766, 762, 767, 768, 763, 766, 767, 769, 771, + 773, 774, 774, 769, 775, 773, 783, 764, 784, 775, + 777, 777, 779, 779, 768, 781, 785, 771, 781, 782, + 782, 783, 786, 787, 788, 788, 789, 786, 790, 790, + 785, 791, 792, 784, 797, 793, 794, 795, 787, 793, + 798, 800, 795, 792, 799, 799, 789, 801, 802, 803, + 806, 803, 797, 791, 798, 794, 812, 804, 805, 807, + 809, 800, 804, 805, 808, 808, 809, 801, 802, 811, - 816, 808, 818, 819, 815, 822, 821, 809, 820, 810, - 822, 823, 824, 825, 812, 827, 817, 819, 816, 821, - 820, 828, 818, 830, 829, 833, 833, 836, 828, 838, - 827, 823, 824, 829, 825, 834, 829, 835, 834, 830, - 837, 839, 835, 836, 843, 840, 841, 844, 838, 837, - 839, 841, 845, 839, 840, 842, 842, 846, 847, 848, - 844, 849, 849, 850, 843, 857, 851, 853, 854, 855, - 845, 846, 853, 858, 855, 856, 859, 848, 858, 850, - 863, 856, 864, 847, 851, 857, 854, 860, 863, 859, - 860, 865, 866, 870, 867, 864, 860, 868, 871, 872, + 806, 814, 813, 807, 811, 813, 814, 815, 815, 816, + 817, 812, 818, 819, 820, 821, 822, 822, 819, 823, + 821, 824, 825, 826, 823, 829, 827, 816, 831, 817, + 830, 832, 818, 828, 833, 830, 838, 820, 829, 824, + 827, 835, 825, 826, 842, 828, 836, 842, 831, 837, + 844, 832, 838, 836, 845, 833, 835, 843, 837, 841, + 841, 837, 843, 845, 846, 847, 844, 848, 849, 850, + 850, 851, 852, 849, 847, 853, 848, 847, 854, 855, + 856, 857, 857, 846, 858, 852, 867, 859, 862, 861, + 863, 851, 854, 853, 861, 863, 864, 865, 856, 867, - 873, 874, 871, 875, 872, 873, 874, 876, 877, 865, - 867, 866, 875, 870, 879, 868, 878, 878, 884, 880, - 881, 882, 883, 877, 886, 886, 882, 885, 879, 892, - 876, 880, 881, 885, 883, 889, 884, 887, 887, 890, - 890, 891, 893, 894, 889, 896, 891, 895, 895, 903, - 892, 897, 897, 898, 898, 899, 900, 902, 905, 900, - 899, 893, 902, 894, 904, 896, 909, 903, 910, 904, - 906, 906, 907, 907, 908, 911, 912, 913, 909, 908, - 909, 914, 914, 905, 915, 909, 916, 916, 910, 917, - 919, 920, 920, 921, 922, 911, 912, 923, 913, 919, + 858, 871, 864, 866, 855, 859, 862, 868, 866, 871, + 868, 872, 873, 874, 875, 876, 868, 865, 877, 875, + 879, 880, 881, 882, 872, 880, 884, 881, 882, 883, + 873, 876, 874, 885, 883, 884, 877, 886, 887, 887, + 879, 888, 889, 891, 893, 890, 892, 894, 891, 895, + 895, 901, 886, 894, 889, 888, 885, 890, 892, 896, + 896, 898, 893, 899, 899, 902, 900, 903, 904, 904, + 898, 900, 901, 905, 906, 906, 907, 907, 908, 909, + 911, 912, 909, 908, 902, 911, 913, 903, 914, 915, + 915, 913, 917, 905, 916, 916, 918, 917, 919, 912, - 924, 922, 925, 925, 926, 927, 923, 929, 921, 917, - 915, 930, 929, 931, 934, 932, 930, 933, 933, 934, - 935, 927, 932, 936, 937, 938, 924, 939, 940, 935, - 926, 941, 51, 931, 940, 942, 942, 943, 945, 937, - 941, 946, 939, 936, 938, 944, 944, 947, 943, 948, - 948, 951, 947, 943, 953, 946, 949, 950, 955, 945, - 949, 949, 950, 951, 952, 956, 953, 954, 957, 952, - 955, 954, 958, 957, 959, 960, 985, 962, 985, 959, - 962, 963, 963, 964, 964, 965, 967, 960, 966, 968, - 956, 965, 967, 966, 958, 971, 973, 973, 968, 974, + 920, 921, 922, 923, 923, 924, 925, 925, 918, 926, + 918, 929, 929, 914, 933, 918, 928, 930, 919, 931, + 920, 921, 935, 922, 932, 928, 931, 934, 934, 926, + 936, 924, 930, 932, 938, 940, 939, 941, 944, 938, + 933, 939, 942, 942, 941, 943, 936, 944, 935, 945, + 943, 946, 947, 948, 949, 940, 950, 951, 951, 952, + 949, 953, 953, 954, 955, 950, 946, 956, 948, 945, + 952, 947, 956, 957, 957, 952, 958, 959, 955, 960, + 958, 958, 959, 961, 954, 962, 963, 964, 965, 966, + 962, 964, 967, 968, 969, 961, 970, 967, 963, 969, - 975, 976, 978, 978, 981, 983, 982, 971, 973, 975, - 976, 982, 984, 984, 986, 986, 988, 974, 981, 989, - 990, 990, 983, 988, 991, 992, 993, 995, 994, 996, - 998, 999, 1000, 999, 1001, 998, 1005, 992, 993, 989, - 994, 1003, 995, 1001, 1011, 991, 1004, 1004, 1006, 996, - 1000, 1008, 1007, 1006, 1007, 1003, 1008, 1010, 1009, 1015, - 1012, 1013, 1005, 1009, 1011, 1012, 1013, 1016, 1017, 1017, - 1018, 1019, 1020, 1028, 1020, 1010, 1021, 1022, 1015, 1024, - 1019, 1016, 1018, 1019, 1024, 1021, 1025, 1027, 1029, 1022, - 1031, 1025, 1033, 1028, 1034, 1039, 1031, 1035, 1033, 1037, + 965, 972, 973, 973, 972, 960, 974, 974, 970, 978, + 975, 981, 976, 977, 966, 968, 975, 976, 978, 977, + 983, 983, 984, 981, 985, 986, 988, 988, 991, 993, + 992, 998, 983, 985, 986, 992, 994, 994, 998, 995, + 984, 995, 991, 996, 996, 999, 993, 1000, 1000, 1001, + 1002, 1003, 1004, 1005, 1006, 1008, 1009, 1010, 1009, 1013, + 1008, 1015, 1002, 1003, 1004, 999, 13, 1011, 1005, 1021, + 1001, 1014, 1014, 1013, 1006, 1010, 1011, 1016, 1017, 1018, + 1017, 1019, 1016, 1020, 1018, 1022, 1019, 1015, 1023, 1021, + 1022, 1025, 1026, 1023, 1027, 1027, 1028, 1030, 1031, 1030, - 1027, 1036, 1036, 1040, 1029, 1042, 1035, 1040, 1037, 1038, - 1038, 1041, 1043, 1043, 1039, 1044, 1041, 1047, 1042, 1034, - 1048, 1048, 1050, 1044, 1049, 1049, 1047, 1051, 1053, 1052, - 1054, 1055, 1051, 1052, 1050, 1054, 1056, 1058, 1060, 1059, - 1061, 1062, 1084, 1053, 1064, 1064, 1065, 1066, 1084, 1065, - 1067, 50, 1061, 1068, 1068, 1056, 1071, 1055, 1059, 1060, - 1066, 1058, 1062, 1067, 1069, 1069, 1070, 1070, 1074, 1071, - 1072, 1072, 1073, 1073, 1075, 1075, 1076, 1076, 1077, 1079, - 1080, 1080, 1081, 1088, 1079, 1082, 1082, 1074, 1083, 1085, - 1087, 1087, 1085, 1086, 1086, 1089, 1089, 1077, 1091, 1091, + 1029, 1020, 1032, 1038, 1037, 1039, 1026, 1031, 1028, 1029, + 1025, 1034, 1029, 1035, 1032, 1044, 1034, 1037, 1035, 1041, + 1043, 1039, 1045, 1038, 1046, 1041, 1043, 1047, 1047, 1048, + 1044, 1049, 1049, 1046, 1050, 1051, 1052, 1053, 1048, 1051, + 1055, 1052, 1054, 1054, 1062, 1058, 1061, 1045, 1055, 1062, + 1053, 1059, 1059, 1050, 1058, 1060, 1060, 1063, 1061, 1064, + 1065, 1063, 1066, 1067, 1070, 1065, 1069, 1072, 1071, 1095, + 1073, 1075, 1075, 1076, 1064, 1095, 1076, 1079, 1079, 1072, + 1077, 1078, 1067, 1070, 1080, 1080, 1081, 1081, 1066, 1071, + 1069, 1073, 1082, 1077, 1078, 1083, 1083, 1084, 1084, 1085, - 1092, 1081, 1088, 1093, 1093, 1094, 1083, 1095, 1096, 1086, - 1097, 1098, 1099, 1096, 1094, 1100, 1101, 1104, 1102, 1095, - 1100, 1103, 1104, 1107, 1098, 1105, 1092, 1102, 1109, 1105, - 1103, 1101, 1114, 1099, 1115, 1097, 1111, 1109, 1110, 1110, - 1172, 1111, 1131, 1107, 1112, 1112, 1115, 1114, 1117, 1118, - 1124, 1117, 1126, 1112, 1118, 1119, 1119, 1120, 1131, 1121, - 1123, 1120, 1121, 1122, 1122, 1123, 1172, 1125, 1127, 1128, - 1124, 1125, 1126, 1127, 1128, 1129, 1133, 1132, 1134, 1151, - 1134, 1129, 1132, 1150, 1133, 1137, 1137, 1140, 1140, 1143, - 1144, 1144, 1146, 1146, 1143, 1148, 1149, 1149, 1152, 1150, + 1086, 1086, 1087, 1087, 1088, 1082, 1090, 1091, 1091, 1092, + 1099, 1090, 1093, 1093, 1094, 1103, 1096, 1107, 1085, 1096, + 1097, 1097, 1107, 1088, 1098, 1098, 1100, 1100, 1092, 1099, + 1102, 1102, 1094, 1104, 1104, 1105, 1097, 1106, 1108, 1109, + 1110, 1103, 1111, 1112, 1105, 1113, 1114, 1111, 1115, 1106, + 1119, 1116, 1109, 1117, 1113, 1114, 1116, 1117, 1112, 1121, + 1126, 1110, 1115, 1108, 1122, 1122, 1123, 1127, 1121, 0, + 1119, 1123, 1124, 1124, 1129, 1126, 1132, 1129, 1130, 1127, + 1132, 1124, 1136, 1130, 1131, 1131, 1133, 1134, 1134, 1133, + 1135, 1138, 1137, 1139, 1140, 1135, 1137, 1141, 1139, 1140, - 1148, 1151, 1157, 1152, 1154, 1154, 1158, 1157, 1158, 1159, - 1160, 1161, 1161, 1162, 1162, 1160, 1163, 1163, 1164, 1165, - 1166, 1167, 1168, 1159, 1169, 1170, 1170, 1171, 1173, 1174, - 1164, 1175, 1166, 1167, 1168, 1176, 1171, 1165, 1177, 1182, - 1178, 1179, 1174, 1188, 1169, 1178, 1179, 1187, 1173, 1176, - 1180, 1180, 1183, 1183, 1186, 1175, 1177, 1182, 1185, 1185, - 1189, 1188, 1187, 1186, 1190, 1191, 1192, 1192, 1193, 1195, - 1194, 1196, 1201, 1193, 1198, 1204, 1202, 1205, 1189, 1202, - 1190, 1203, 1203, 1208, 1191, 1194, 1207, 1207, 1195, 1215, - 1204, 1196, 1201, 1198, 1216, 1205, 1209, 1209, 1210, 1210, + 1143, 1144, 1136, 1141, 1145, 1146, 1144, 1146, 1149, 1149, + 1155, 1138, 1145, 1152, 1152, 1155, 1143, 1156, 1156, 1158, + 1158, 1160, 1161, 1161, 1162, 1163, 1160, 1164, 1166, 1166, + 1169, 1170, 1164, 1170, 1171, 1169, 1172, 1173, 1173, 1176, + 1162, 1172, 1174, 1174, 1175, 1175, 1177, 1163, 1171, 1178, + 1179, 1176, 1181, 1180, 1182, 1183, 1183, 1181, 1184, 1185, + 1186, 1178, 1179, 1187, 1177, 1180, 1188, 1184, 1189, 1190, + 1191, 1195, 1192, 1200, 1182, 1191, 1187, 1192, 1193, 1193, + 1186, 1201, 1189, 1196, 1196, 1185, 1199, 1190, 1200, 1195, + 1188, 1198, 1198, 1202, 1203, 1199, 1204, 1205, 1205, 1201, - 1214, 1214, 1208, 1216, 1217, 1218, 1219, 1221, 1222, 1217, - 1218, 1215, 1223, 1222, 1219, 1224, 45, 1223, 1225, 1225, - 1226, 1226, 1221, 1227, 1228, 1228, 1229, 1229, 1227, 1231, - 1224, 1232, 1234, 1235, 1231, 1234, 1236, 1241, 1237, 1238, - 1238, 1239, 1242, 1232, 1244, 1236, 1235, 1237, 1243, 1243, - 1239, 1245, 1245, 1244, 1246, 1247, 1241, 1249, 1250, 1255, - 1247, 1242, 1246, 1252, 1252, 1260, 1249, 1256, 1256, 1257, - 1261, 1250, 1257, 1258, 1258, 1259, 1259, 1262, 1270, 1255, - 1263, 1263, 1262, 1260, 1261, 1264, 1267, 1271, 1272, 1264, - 1273, 1273, 1267, 1274, 1275, 1271, 1276, 1270, 1277, 1275, + 1206, 1207, 1208, 1209, 1214, 1206, 1211, 1216, 1216, 1215, + 1203, 1202, 1215, 1217, 1218, 1204, 1207, 1220, 1220, 1221, + 1228, 1208, 1229, 1209, 1214, 1211, 1222, 1222, 1217, 1223, + 1223, 1229, 1218, 1227, 1227, 1230, 1231, 1232, 1221, 1233, + 1230, 1231, 1228, 1235, 1236, 1237, 1238, 1233, 0, 1236, + 1237, 1239, 1239, 1240, 1240, 1241, 1232, 1246, 1235, 1249, + 1241, 1238, 1242, 1242, 1243, 1243, 1245, 1248, 1250, 1246, + 1248, 1245, 1249, 1251, 1252, 1252, 1253, 1250, 1255, 1256, + 1257, 1257, 1251, 1258, 1261, 1253, 1259, 1259, 1260, 1261, + 1263, 1264, 1258, 1266, 1266, 1269, 1260, 1255, 1256, 1263, - 1279, 1278, 1281, 1283, 1285, 1281, 1286, 1272, 1285, 1274, - 1278, 1284, 1284, 1288, 1289, 1286, 1276, 1290, 1293, 1307, - 1279, 1283, 1288, 1293, 1277, 1295, 1289, 1294, 1294, 1298, - 1297, 1299, 1300, 1303, 1295, 1297, 1301, 1301, 1298, 1302, - 1304, 1306, 1290, 1305, 1308, 1307, 1306, 1300, 1302, 1303, - 1299, 1305, 1309, 1309, 1313, 1310, 1312, 1312, 1314, 1304, - 1310, 1315, 1315, 1308, 1316, 1316, 1317, 1318, 1319, 1320, - 1320, 1321, 1322, 1322, 1313, 1323, 1325, 1326, 40, 1318, - 1314, 14, 1326, 1321, 1330, 1317, 1327, 1327, 1319, 1330, - 1325, 1328, 1328, 1345, 1323, 1329, 1329, 1331, 1331, 1333, + 1270, 1270, 1271, 1275, 1264, 1271, 1272, 1272, 1273, 1273, + 1274, 1274, 1276, 1277, 1282, 1269, 1278, 1278, 1277, 1279, + 1282, 1275, 1285, 1279, 1286, 1287, 1276, 1288, 1288, 1289, + 1290, 1291, 1286, 1292, 1293, 1290, 1294, 1296, 1300, 1298, + 1296, 1285, 1300, 1293, 1287, 1289, 1299, 1299, 1304, 1301, + 1305, 1291, 1303, 1310, 1310, 1311, 1294, 1298, 1301, 1292, + 1304, 1303, 1309, 1313, 1311, 1314, 1315, 1309, 1313, 1316, + 1317, 1317, 1318, 1319, 1314, 1305, 1320, 1322, 1321, 1323, + 1324, 1318, 1322, 1329, 1316, 1315, 1321, 1325, 1325, 1319, + 1330, 1326, 1328, 1328, 1333, 1320, 1326, 1331, 1331, 1324, - 1333, 1335, 1335, 1336, 1339, 1340, 1340, 1347, 1336, 1341, - 1343, 1347, 1339, 1345, 1341, 1343, 1346, 1346, 1351, 1351, - 1353, 1355, 1355, 1356, 1353, 1358, 1359, 1359, 1360, 1360, - 1362, 1362, 1364, 1364, 1366, 1367, 1367, 1372, 1356, 1373, - 1375, 1372, 1377, 1358, 1374, 1374, 1366, 1378, 1379, 1375, - 1380, 1380, 13, 0, 0, 0, 0, 1377, 0, 1373, - 0, 1378, 0, 0, 0, 0, 0, 1379, 1383, 1383, - 1383, 1383, 1383, 1383, 1383, 1384, 1384, 1384, 1384, 1384, - 1384, 1384, 1385, 1385, 1385, 1385, 1385, 1385, 1385, 1386, - 1386, 1386, 1386, 1386, 1386, 1386, 1387, 1387, 1387, 1387, + 1332, 1332, 1334, 1329, 1335, 1323, 1336, 1336, 1337, 1338, + 1338, 1339, 1330, 1333, 1334, 1341, 1342, 1343, 1343, 1391, + 1337, 1342, 1344, 1344, 1335, 1345, 1345, 1346, 1391, 1341, + 1339, 1374, 1346, 1347, 1347, 1349, 1349, 1351, 1351, 1352, + 1355, 1356, 1356, 1361, 1352, 1357, 1359, 1372, 1355, 1374, + 1357, 1359, 1362, 1362, 1363, 1367, 1367, 1369, 1363, 1371, + 1371, 1369, 1372, 1361, 1375, 1375, 1376, 1376, 1378, 1378, + 1380, 1380, 1382, 1383, 1383, 1388, 1389, 1390, 1390, 1388, + 1393, 1395, 0, 1394, 1382, 1396, 1396, 0, 0, 0, + 0, 0, 0, 0, 0, 1393, 1389, 1394, 0, 0, - 1387, 1387, 1387, 1389, 1389, 0, 1389, 1389, 1389, 1389, - 1390, 1390, 0, 0, 0, 1390, 1390, 1391, 1391, 0, - 0, 1391, 0, 1391, 1392, 0, 0, 0, 0, 0, - 1392, 1393, 1393, 0, 0, 0, 1393, 1393, 1394, 0, - 0, 0, 0, 0, 1394, 1395, 1395, 0, 1395, 1395, - 1395, 1395, 1396, 1396, 0, 1396, 1396, 1396, 1396, 1382, - 1382, 1382, 1382, 1382, 1382, 1382, 1382, 1382, 1382, 1382, - 1382, 1382, 1382, 1382, 1382, 1382, 1382, 1382, 1382, 1382, - 1382, 1382, 1382, 1382, 1382, 1382, 1382, 1382, 1382, 1382, - 1382, 1382, 1382, 1382, 1382, 1382, 1382, 1382, 1382 + 1395, 1399, 1399, 1399, 1399, 1399, 1399, 1399, 1400, 1400, + 1400, 1400, 1400, 1400, 1400, 1401, 1401, 1401, 1401, 1401, + 1401, 1401, 1402, 1402, 1402, 1402, 1402, 1402, 1402, 1403, + 1403, 1403, 1403, 1403, 1403, 1403, 1405, 1405, 0, 1405, + 1405, 1405, 1405, 1406, 1406, 0, 0, 0, 1406, 1406, + 1407, 1407, 0, 0, 1407, 0, 1407, 1408, 0, 0, + 0, 0, 0, 1408, 1409, 1409, 0, 0, 0, 1409, + 1409, 1410, 0, 0, 0, 0, 0, 1410, 1411, 1411, + 0, 1411, 1411, 1411, 1411, 1412, 1412, 0, 1412, 1412, + 1412, 1412, 1398, 1398, 1398, 1398, 1398, 1398, 1398, 1398, + 1398, 1398, 1398, 1398, 1398, 1398, 1398, 1398, 1398, 1398, + 1398, 1398, 1398, 1398, 1398, 1398, 1398, 1398, 1398, 1398, + 1398, 1398, 1398, 1398, 1398, 1398, 1398, 1398, 1398, 1398, + 1398, 1398 } ; static yy_state_type yy_last_accepting_state; static char *yy_last_accepting_cpos; extern int yy_flex_debug; int yy_flex_debug = 0; /* The intent behind this definition is that it'll catch * any uses of REJECT which flex missed. */ #define REJECT reject_used_but_not_detected static int yy_more_flag = 0; static int yy_more_len = 0; #define yymore() ((yy_more_flag) = 1) #define YY_MORE_ADJ (yy_more_len) #define YY_RESTORE_YY_MORE_OFFSET char *yytext; /* * configlexer.lex - lexical analyzer for unbound config file * * Copyright (c) 2001-2006, NLnet Labs. All rights reserved * * See LICENSE for the license. * */ #include #include #include #ifdef HAVE_GLOB_H # include #endif #include "util/config_file.h" #include "util/configparser.h" void ub_c_error(const char *message); #if 0 #define LEXOUT(s) printf s /* used ONLY when debugging */ #else #define LEXOUT(s) #endif /** avoid warning in about fwrite return value */ #define ECHO ub_c_error_msg("syntax error at text: %s", yytext) /** A parser variable, this is a statement in the config file which is * of the form variable: value1 value2 ... nargs is the number of values. */ #define YDVAR(nargs, var) \ num_args=(nargs); \ LEXOUT(("v(%s%d) ", yytext, num_args)); \ if(num_args > 0) { BEGIN(val); } \ return (var); struct inc_state { char* filename; int line; YY_BUFFER_STATE buffer; struct inc_state* next; }; static struct inc_state* config_include_stack = NULL; static int inc_depth = 0; static int inc_prev = 0; static int num_args = 0; void init_cfg_parse(void) { config_include_stack = NULL; inc_depth = 0; inc_prev = 0; num_args = 0; } static void config_start_include(const char* filename) { FILE *input; struct inc_state* s; char* nm; if(inc_depth++ > 100000) { ub_c_error_msg("too many include files"); return; } if(strlen(filename) == 0) { ub_c_error_msg("empty include file name"); return; } s = (struct inc_state*)malloc(sizeof(*s)); if(!s) { ub_c_error_msg("include %s: malloc failure", filename); return; } if(cfg_parser->chroot && strncmp(filename, cfg_parser->chroot, strlen(cfg_parser->chroot)) == 0) { filename += strlen(cfg_parser->chroot); } nm = strdup(filename); if(!nm) { ub_c_error_msg("include %s: strdup failure", filename); free(s); return; } input = fopen(filename, "r"); if(!input) { ub_c_error_msg("cannot open include file '%s': %s", filename, strerror(errno)); free(s); free(nm); return; } LEXOUT(("switch_to_include_file(%s)\n", filename)); s->filename = cfg_parser->filename; s->line = cfg_parser->line; s->buffer = YY_CURRENT_BUFFER; s->next = config_include_stack; config_include_stack = s; cfg_parser->filename = nm; cfg_parser->line = 1; yy_switch_to_buffer(yy_create_buffer(input,YY_BUF_SIZE)); } static void config_start_include_glob(const char* filename) { /* check for wildcards */ #ifdef HAVE_GLOB glob_t g; size_t i; int r, flags; if(!(!strchr(filename, '*') && !strchr(filename, '?') && !strchr(filename, '[') && !strchr(filename, '{') && !strchr(filename, '~'))) { flags = 0 #ifdef GLOB_ERR | GLOB_ERR #endif #ifdef GLOB_NOSORT | GLOB_NOSORT #endif #ifdef GLOB_BRACE | GLOB_BRACE #endif #ifdef GLOB_TILDE | GLOB_TILDE #endif ; memset(&g, 0, sizeof(g)); r = glob(filename, flags, NULL, &g); if(r) { /* some error */ globfree(&g); if(r == GLOB_NOMATCH) return; /* no matches for pattern */ config_start_include(filename); /* let original deal with it */ return; } /* process files found, if any */ for(i=0; i<(size_t)g.gl_pathc; i++) { config_start_include(g.gl_pathv[i]); } globfree(&g); return; } #endif /* HAVE_GLOB */ config_start_include(filename); } static void config_end_include(void) { struct inc_state* s = config_include_stack; --inc_depth; if(!s) return; free(cfg_parser->filename); cfg_parser->filename = s->filename; cfg_parser->line = s->line; yy_delete_buffer(YY_CURRENT_BUFFER); yy_switch_to_buffer(s->buffer); config_include_stack = s->next; free(s); } #ifndef yy_set_bol /* compat definition, for flex 2.4.6 */ #define yy_set_bol(at_bol) \ { \ if ( ! yy_current_buffer ) \ yy_current_buffer = yy_create_buffer(yyin,YY_BUF_SIZE ); \ yy_current_buffer->yy_ch_buf[0] = ((at_bol)?'\n':' '); \ } #endif #define YY_NO_INPUT 1 #ifndef YY_NO_UNPUT #define YY_NO_UNPUT 1 #endif #ifndef YY_NO_INPUT #define YY_NO_INPUT 1 #endif #define INITIAL 0 #define quotedstring 1 #define singlequotedstr 2 #define include 3 #define include_quoted 4 #define val 5 #ifndef YY_NO_UNISTD_H /* Special case for "unistd.h", since it is non-ANSI. We include it way * down here because we want the user's section 1 to have been scanned first. * The user has a chance to override it with an option. */ #include #endif #ifndef YY_EXTRA_TYPE #define YY_EXTRA_TYPE void * #endif static int yy_init_globals (void ); /* Accessor methods to globals. These are made visible to non-reentrant scanners for convenience. */ int yylex_destroy (void ); int yyget_debug (void ); void yyset_debug (int debug_flag ); YY_EXTRA_TYPE yyget_extra (void ); void yyset_extra (YY_EXTRA_TYPE user_defined ); FILE *yyget_in (void ); void yyset_in (FILE * in_str ); FILE *yyget_out (void ); void yyset_out (FILE * out_str ); yy_size_t yyget_leng (void ); char *yyget_text (void ); int yyget_lineno (void ); void yyset_lineno (int line_number ); /* Macros after this point can all be overridden by user definitions in * section 1. */ #ifndef YY_SKIP_YYWRAP #ifdef __cplusplus extern "C" int yywrap (void ); #else extern int yywrap (void ); #endif #endif #ifndef yytext_ptr static void yy_flex_strncpy (char *,yyconst char *,int ); #endif #ifdef YY_NEED_STRLEN static int yy_flex_strlen (yyconst char * ); #endif #ifndef YY_NO_INPUT #ifdef __cplusplus static int yyinput (void ); #else static int input (void ); #endif #endif /* Amount of stuff to slurp up with each read. */ #ifndef YY_READ_BUF_SIZE #define YY_READ_BUF_SIZE 8192 #endif /* Copy whatever the last rule matched to the standard output. */ #ifndef ECHO /* This used to be an fputs(), but since the string might contain NUL's, * we now use fwrite(). */ #define ECHO do { if (fwrite( yytext, yyleng, 1, yyout )) {} } while (0) #endif /* Gets input and stuffs it into "buf". number of characters read, or YY_NULL, * is returned in "result". */ #ifndef YY_INPUT #define YY_INPUT(buf,result,max_size) \ if ( YY_CURRENT_BUFFER_LVALUE->yy_is_interactive ) \ { \ int c = '*'; \ size_t n; \ for ( n = 0; n < max_size && \ (c = getc( yyin )) != EOF && c != '\n'; ++n ) \ buf[n] = (char) c; \ if ( c == '\n' ) \ buf[n++] = (char) c; \ if ( c == EOF && ferror( yyin ) ) \ YY_FATAL_ERROR( "input in flex scanner failed" ); \ result = n; \ } \ else \ { \ errno=0; \ while ( (result = fread(buf, 1, max_size, yyin))==0 && ferror(yyin)) \ { \ if( errno != EINTR) \ { \ YY_FATAL_ERROR( "input in flex scanner failed" ); \ break; \ } \ errno=0; \ clearerr(yyin); \ } \ }\ \ #endif /* No semi-colon after return; correct usage is to write "yyterminate();" - * we don't want an extra ';' after the "return" because that will cause * some compilers to complain about unreachable statements. */ #ifndef yyterminate #define yyterminate() return YY_NULL #endif /* Number of entries by which start-condition stack grows. */ #ifndef YY_START_STACK_INCR #define YY_START_STACK_INCR 25 #endif /* Report a fatal error. */ #ifndef YY_FATAL_ERROR #define YY_FATAL_ERROR(msg) yy_fatal_error( msg ) #endif /* end tables serialization structures and prototypes */ /* Default declaration of generated scanner - a define so the user can * easily add parameters. */ #ifndef YY_DECL #define YY_DECL_IS_OURS 1 extern int yylex (void); #define YY_DECL int yylex (void) #endif /* !YY_DECL */ /* Code executed at the beginning of each rule, after yytext and yyleng * have been set up. */ #ifndef YY_USER_ACTION #define YY_USER_ACTION #endif /* Code executed at the end of each rule. */ #ifndef YY_BREAK #define YY_BREAK break; #endif #define YY_RULE_SETUP \ YY_USER_ACTION /** The main scanner function which does all the work. */ YY_DECL { yy_state_type yy_current_state; char *yy_cp, *yy_bp; int yy_act; if ( !(yy_init) ) { (yy_init) = 1; #ifdef YY_USER_INIT YY_USER_INIT; #endif if ( ! (yy_start) ) (yy_start) = 1; /* first start state */ if ( ! yyin ) yyin = stdin; if ( ! yyout ) yyout = stdout; if ( ! YY_CURRENT_BUFFER ) { yyensure_buffer_stack (); YY_CURRENT_BUFFER_LVALUE = yy_create_buffer(yyin,YY_BUF_SIZE ); } yy_load_buffer_state( ); } while ( 1 ) /* loops until end-of-file is reached */ { (yy_more_len) = 0; if ( (yy_more_flag) ) { (yy_more_len) = (yy_c_buf_p) - (yytext_ptr); (yy_more_flag) = 0; } yy_cp = (yy_c_buf_p); /* Support of yytext. */ *yy_cp = (yy_hold_char); /* yy_bp points to the position in yy_ch_buf of the start of * the current run. */ yy_bp = yy_cp; yy_current_state = (yy_start); yy_match: do { YY_CHAR yy_c = yy_ec[YY_SC_TO_UI(*yy_cp)] ; if ( yy_accept[yy_current_state] ) { (yy_last_accepting_state) = yy_current_state; (yy_last_accepting_cpos) = yy_cp; } while ( yy_chk[yy_base[yy_current_state] + yy_c] != yy_current_state ) { yy_current_state = (int) yy_def[yy_current_state]; - if ( yy_current_state >= 1383 ) + if ( yy_current_state >= 1399 ) yy_c = yy_meta[(unsigned int) yy_c]; } yy_current_state = yy_nxt[yy_base[yy_current_state] + (unsigned int) yy_c]; ++yy_cp; } - while ( yy_base[yy_current_state] != 2760 ); + while ( yy_base[yy_current_state] != 2793 ); yy_find_action: yy_act = yy_accept[yy_current_state]; if ( yy_act == 0 ) { /* have to back up */ yy_cp = (yy_last_accepting_cpos); yy_current_state = (yy_last_accepting_state); yy_act = yy_accept[yy_current_state]; } YY_DO_BEFORE_ACTION; do_action: /* This label is used only to access EOF actions. */ switch ( yy_act ) { /* beginning of action switch */ case 0: /* must back up */ /* undo the effects of YY_DO_BEFORE_ACTION */ *yy_cp = (yy_hold_char); yy_cp = (yy_last_accepting_cpos); yy_current_state = (yy_last_accepting_state); goto yy_find_action; case 1: YY_RULE_SETUP { LEXOUT(("SP ")); /* ignore */ } YY_BREAK case 2: YY_RULE_SETUP { /* note that flex makes the longest match and '.' is any but not nl */ LEXOUT(("comment(%s) ", yytext)); /* ignore */ } YY_BREAK case 3: YY_RULE_SETUP { YDVAR(0, VAR_SERVER) } YY_BREAK case 4: YY_RULE_SETUP { YDVAR(1, VAR_NUM_THREADS) } YY_BREAK case 5: YY_RULE_SETUP { YDVAR(1, VAR_VERBOSITY) } YY_BREAK case 6: YY_RULE_SETUP { YDVAR(1, VAR_PORT) } YY_BREAK case 7: YY_RULE_SETUP { YDVAR(1, VAR_OUTGOING_RANGE) } YY_BREAK case 8: YY_RULE_SETUP { YDVAR(1, VAR_OUTGOING_PORT_PERMIT) } YY_BREAK case 9: YY_RULE_SETUP { YDVAR(1, VAR_OUTGOING_PORT_AVOID) } YY_BREAK case 10: YY_RULE_SETUP { YDVAR(1, VAR_OUTGOING_NUM_TCP) } YY_BREAK case 11: YY_RULE_SETUP { YDVAR(1, VAR_INCOMING_NUM_TCP) } YY_BREAK case 12: YY_RULE_SETUP { YDVAR(1, VAR_DO_IP4) } YY_BREAK case 13: YY_RULE_SETUP { YDVAR(1, VAR_DO_IP6) } YY_BREAK case 14: YY_RULE_SETUP { YDVAR(1, VAR_DO_UDP) } YY_BREAK case 15: YY_RULE_SETUP { YDVAR(1, VAR_DO_TCP) } YY_BREAK case 16: YY_RULE_SETUP { YDVAR(1, VAR_TCP_UPSTREAM) } YY_BREAK case 17: YY_RULE_SETUP { YDVAR(1, VAR_SSL_UPSTREAM) } YY_BREAK case 18: YY_RULE_SETUP { YDVAR(1, VAR_SSL_SERVICE_KEY) } YY_BREAK case 19: YY_RULE_SETUP { YDVAR(1, VAR_SSL_SERVICE_PEM) } YY_BREAK case 20: YY_RULE_SETUP { YDVAR(1, VAR_SSL_PORT) } YY_BREAK case 21: YY_RULE_SETUP { YDVAR(1, VAR_DO_DAEMONIZE) } YY_BREAK case 22: YY_RULE_SETUP { YDVAR(1, VAR_INTERFACE) } YY_BREAK case 23: YY_RULE_SETUP { YDVAR(1, VAR_INTERFACE) } YY_BREAK case 24: YY_RULE_SETUP { YDVAR(1, VAR_OUTGOING_INTERFACE) } YY_BREAK case 25: YY_RULE_SETUP { YDVAR(1, VAR_INTERFACE_AUTOMATIC) } YY_BREAK case 26: YY_RULE_SETUP { YDVAR(1, VAR_SO_RCVBUF) } YY_BREAK case 27: YY_RULE_SETUP { YDVAR(1, VAR_SO_SNDBUF) } YY_BREAK case 28: YY_RULE_SETUP { YDVAR(1, VAR_SO_REUSEPORT) } YY_BREAK case 29: YY_RULE_SETUP { YDVAR(1, VAR_CHROOT) } YY_BREAK case 30: YY_RULE_SETUP { YDVAR(1, VAR_USERNAME) } YY_BREAK case 31: YY_RULE_SETUP { YDVAR(1, VAR_DIRECTORY) } YY_BREAK case 32: YY_RULE_SETUP { YDVAR(1, VAR_LOGFILE) } YY_BREAK case 33: YY_RULE_SETUP { YDVAR(1, VAR_PIDFILE) } YY_BREAK case 34: YY_RULE_SETUP { YDVAR(1, VAR_ROOT_HINTS) } YY_BREAK case 35: YY_RULE_SETUP { YDVAR(1, VAR_EDNS_BUFFER_SIZE) } YY_BREAK case 36: YY_RULE_SETUP { YDVAR(1, VAR_MSG_BUFFER_SIZE) } YY_BREAK case 37: YY_RULE_SETUP { YDVAR(1, VAR_MSG_CACHE_SIZE) } YY_BREAK case 38: YY_RULE_SETUP { YDVAR(1, VAR_MSG_CACHE_SLABS) } YY_BREAK case 39: YY_RULE_SETUP { YDVAR(1, VAR_RRSET_CACHE_SIZE) } YY_BREAK case 40: YY_RULE_SETUP { YDVAR(1, VAR_RRSET_CACHE_SLABS) } YY_BREAK case 41: YY_RULE_SETUP { YDVAR(1, VAR_CACHE_MAX_TTL) } YY_BREAK case 42: YY_RULE_SETUP { YDVAR(1, VAR_CACHE_MIN_TTL) } YY_BREAK case 43: YY_RULE_SETUP { YDVAR(1, VAR_INFRA_HOST_TTL) } YY_BREAK case 44: YY_RULE_SETUP { YDVAR(1, VAR_INFRA_LAME_TTL) } YY_BREAK case 45: YY_RULE_SETUP { YDVAR(1, VAR_INFRA_CACHE_SLABS) } YY_BREAK case 46: YY_RULE_SETUP { YDVAR(1, VAR_INFRA_CACHE_NUMHOSTS) } YY_BREAK case 47: YY_RULE_SETUP { YDVAR(1, VAR_INFRA_CACHE_LAME_SIZE) } YY_BREAK case 48: YY_RULE_SETUP { YDVAR(1, VAR_NUM_QUERIES_PER_THREAD) } YY_BREAK case 49: YY_RULE_SETUP { YDVAR(1, VAR_JOSTLE_TIMEOUT) } YY_BREAK case 50: YY_RULE_SETUP { YDVAR(1, VAR_DELAY_CLOSE) } YY_BREAK case 51: YY_RULE_SETUP { YDVAR(1, VAR_TARGET_FETCH_POLICY) } YY_BREAK case 52: YY_RULE_SETUP { YDVAR(1, VAR_HARDEN_SHORT_BUFSIZE) } YY_BREAK case 53: YY_RULE_SETUP { YDVAR(1, VAR_HARDEN_LARGE_QUERIES) } YY_BREAK case 54: YY_RULE_SETUP { YDVAR(1, VAR_HARDEN_GLUE) } YY_BREAK case 55: YY_RULE_SETUP { YDVAR(1, VAR_HARDEN_DNSSEC_STRIPPED) } YY_BREAK case 56: YY_RULE_SETUP { YDVAR(1, VAR_HARDEN_BELOW_NXDOMAIN) } YY_BREAK case 57: YY_RULE_SETUP { YDVAR(1, VAR_HARDEN_REFERRAL_PATH) } YY_BREAK case 58: YY_RULE_SETUP { YDVAR(1, VAR_USE_CAPS_FOR_ID) } YY_BREAK case 59: YY_RULE_SETUP { YDVAR(1, VAR_UNWANTED_REPLY_THRESHOLD) } YY_BREAK case 60: YY_RULE_SETUP { YDVAR(1, VAR_PRIVATE_ADDRESS) } YY_BREAK case 61: YY_RULE_SETUP { YDVAR(1, VAR_PRIVATE_DOMAIN) } YY_BREAK case 62: YY_RULE_SETUP { YDVAR(1, VAR_PREFETCH_KEY) } YY_BREAK case 63: YY_RULE_SETUP { YDVAR(1, VAR_PREFETCH) } YY_BREAK case 64: YY_RULE_SETUP { YDVAR(0, VAR_STUB_ZONE) } YY_BREAK case 65: YY_RULE_SETUP { YDVAR(1, VAR_NAME) } YY_BREAK case 66: YY_RULE_SETUP { YDVAR(1, VAR_STUB_ADDR) } YY_BREAK case 67: YY_RULE_SETUP { YDVAR(1, VAR_STUB_HOST) } YY_BREAK case 68: YY_RULE_SETUP { YDVAR(1, VAR_STUB_PRIME) } YY_BREAK case 69: YY_RULE_SETUP { YDVAR(1, VAR_STUB_FIRST) } YY_BREAK case 70: YY_RULE_SETUP { YDVAR(0, VAR_FORWARD_ZONE) } YY_BREAK case 71: YY_RULE_SETUP { YDVAR(1, VAR_FORWARD_ADDR) } YY_BREAK case 72: YY_RULE_SETUP { YDVAR(1, VAR_FORWARD_HOST) } YY_BREAK case 73: YY_RULE_SETUP { YDVAR(1, VAR_FORWARD_FIRST) } YY_BREAK case 74: YY_RULE_SETUP { YDVAR(1, VAR_DO_NOT_QUERY_ADDRESS) } YY_BREAK case 75: YY_RULE_SETUP { YDVAR(1, VAR_DO_NOT_QUERY_LOCALHOST) } YY_BREAK case 76: YY_RULE_SETUP { YDVAR(2, VAR_ACCESS_CONTROL) } YY_BREAK case 77: YY_RULE_SETUP { YDVAR(1, VAR_HIDE_IDENTITY) } YY_BREAK case 78: YY_RULE_SETUP { YDVAR(1, VAR_HIDE_VERSION) } YY_BREAK case 79: YY_RULE_SETUP { YDVAR(1, VAR_IDENTITY) } YY_BREAK case 80: YY_RULE_SETUP { YDVAR(1, VAR_VERSION) } YY_BREAK case 81: YY_RULE_SETUP { YDVAR(1, VAR_MODULE_CONF) } YY_BREAK case 82: YY_RULE_SETUP { YDVAR(1, VAR_DLV_ANCHOR) } YY_BREAK case 83: YY_RULE_SETUP { YDVAR(1, VAR_DLV_ANCHOR_FILE) } YY_BREAK case 84: YY_RULE_SETUP { YDVAR(1, VAR_TRUST_ANCHOR_FILE) } YY_BREAK case 85: YY_RULE_SETUP { YDVAR(1, VAR_AUTO_TRUST_ANCHOR_FILE) } YY_BREAK case 86: YY_RULE_SETUP { YDVAR(1, VAR_TRUSTED_KEYS_FILE) } YY_BREAK case 87: YY_RULE_SETUP { YDVAR(1, VAR_TRUST_ANCHOR) } YY_BREAK case 88: YY_RULE_SETUP { YDVAR(1, VAR_VAL_OVERRIDE_DATE) } YY_BREAK case 89: YY_RULE_SETUP { YDVAR(1, VAR_VAL_SIG_SKEW_MIN) } YY_BREAK case 90: YY_RULE_SETUP { YDVAR(1, VAR_VAL_SIG_SKEW_MAX) } YY_BREAK case 91: YY_RULE_SETUP { YDVAR(1, VAR_BOGUS_TTL) } YY_BREAK case 92: YY_RULE_SETUP { YDVAR(1, VAR_VAL_CLEAN_ADDITIONAL) } YY_BREAK case 93: YY_RULE_SETUP { YDVAR(1, VAR_VAL_PERMISSIVE_MODE) } YY_BREAK case 94: YY_RULE_SETUP { YDVAR(1, VAR_IGNORE_CD_FLAG) } YY_BREAK case 95: YY_RULE_SETUP { YDVAR(1, VAR_VAL_LOG_LEVEL) } YY_BREAK case 96: YY_RULE_SETUP { YDVAR(1, VAR_KEY_CACHE_SIZE) } YY_BREAK case 97: YY_RULE_SETUP { YDVAR(1, VAR_KEY_CACHE_SLABS) } YY_BREAK case 98: YY_RULE_SETUP { YDVAR(1, VAR_NEG_CACHE_SIZE) } YY_BREAK case 99: YY_RULE_SETUP { YDVAR(1, VAR_VAL_NSEC3_KEYSIZE_ITERATIONS) } YY_BREAK case 100: YY_RULE_SETUP { YDVAR(1, VAR_ADD_HOLDDOWN) } YY_BREAK case 101: YY_RULE_SETUP { YDVAR(1, VAR_DEL_HOLDDOWN) } YY_BREAK case 102: YY_RULE_SETUP { YDVAR(1, VAR_KEEP_MISSING) } YY_BREAK case 103: YY_RULE_SETUP { YDVAR(1, VAR_USE_SYSLOG) } YY_BREAK case 104: YY_RULE_SETUP { YDVAR(1, VAR_LOG_TIME_ASCII) } YY_BREAK case 105: YY_RULE_SETUP { YDVAR(1, VAR_LOG_QUERIES) } YY_BREAK case 106: YY_RULE_SETUP { YDVAR(2, VAR_LOCAL_ZONE) } YY_BREAK case 107: YY_RULE_SETUP { YDVAR(1, VAR_LOCAL_DATA) } YY_BREAK case 108: YY_RULE_SETUP { YDVAR(1, VAR_LOCAL_DATA_PTR) } YY_BREAK case 109: YY_RULE_SETUP -{ YDVAR(1, VAR_STATISTICS_INTERVAL) } +{ YDVAR(1, VAR_UNBLOCK_LAN_ZONES) } YY_BREAK case 110: YY_RULE_SETUP -{ YDVAR(1, VAR_STATISTICS_CUMULATIVE) } +{ YDVAR(1, VAR_STATISTICS_INTERVAL) } YY_BREAK case 111: YY_RULE_SETUP -{ YDVAR(1, VAR_EXTENDED_STATISTICS) } +{ YDVAR(1, VAR_STATISTICS_CUMULATIVE) } YY_BREAK case 112: YY_RULE_SETUP -{ YDVAR(0, VAR_REMOTE_CONTROL) } +{ YDVAR(1, VAR_EXTENDED_STATISTICS) } YY_BREAK case 113: YY_RULE_SETUP -{ YDVAR(1, VAR_CONTROL_ENABLE) } +{ YDVAR(0, VAR_REMOTE_CONTROL) } YY_BREAK case 114: YY_RULE_SETUP -{ YDVAR(1, VAR_CONTROL_INTERFACE) } +{ YDVAR(1, VAR_CONTROL_ENABLE) } YY_BREAK case 115: YY_RULE_SETUP -{ YDVAR(1, VAR_CONTROL_PORT) } +{ YDVAR(1, VAR_CONTROL_INTERFACE) } YY_BREAK case 116: YY_RULE_SETUP -{ YDVAR(1, VAR_SERVER_KEY_FILE) } +{ YDVAR(1, VAR_CONTROL_PORT) } YY_BREAK case 117: YY_RULE_SETUP -{ YDVAR(1, VAR_SERVER_CERT_FILE) } +{ YDVAR(1, VAR_SERVER_KEY_FILE) } YY_BREAK case 118: YY_RULE_SETUP -{ YDVAR(1, VAR_CONTROL_KEY_FILE) } +{ YDVAR(1, VAR_SERVER_CERT_FILE) } YY_BREAK case 119: YY_RULE_SETUP -{ YDVAR(1, VAR_CONTROL_CERT_FILE) } +{ YDVAR(1, VAR_CONTROL_KEY_FILE) } YY_BREAK case 120: YY_RULE_SETUP -{ YDVAR(1, VAR_PYTHON_SCRIPT) } +{ YDVAR(1, VAR_CONTROL_CERT_FILE) } YY_BREAK case 121: YY_RULE_SETUP -{ YDVAR(0, VAR_PYTHON) } +{ YDVAR(1, VAR_PYTHON_SCRIPT) } YY_BREAK case 122: YY_RULE_SETUP -{ YDVAR(1, VAR_DOMAIN_INSECURE) } +{ YDVAR(0, VAR_PYTHON) } YY_BREAK case 123: YY_RULE_SETUP -{ YDVAR(1, VAR_MINIMAL_RESPONSES) } +{ YDVAR(1, VAR_DOMAIN_INSECURE) } YY_BREAK case 124: YY_RULE_SETUP -{ YDVAR(1, VAR_RRSET_ROUNDROBIN) } +{ YDVAR(1, VAR_MINIMAL_RESPONSES) } YY_BREAK case 125: YY_RULE_SETUP -{ YDVAR(1, VAR_MAX_UDP_SIZE) } +{ YDVAR(1, VAR_RRSET_ROUNDROBIN) } YY_BREAK case 126: -/* rule 126 can match eol */ YY_RULE_SETUP +{ YDVAR(1, VAR_MAX_UDP_SIZE) } + YY_BREAK +case 127: +/* rule 127 can match eol */ +YY_RULE_SETUP { LEXOUT(("NL\n")); cfg_parser->line++; } YY_BREAK /* Quoted strings. Strip leading and ending quotes */ -case 127: +case 128: YY_RULE_SETUP { BEGIN(quotedstring); LEXOUT(("QS ")); } YY_BREAK case YY_STATE_EOF(quotedstring): { yyerror("EOF inside quoted string"); if(--num_args == 0) { BEGIN(INITIAL); } else { BEGIN(val); } } YY_BREAK -case 128: +case 129: YY_RULE_SETUP { LEXOUT(("STR(%s) ", yytext)); yymore(); } YY_BREAK -case 129: -/* rule 129 can match eol */ +case 130: +/* rule 130 can match eol */ YY_RULE_SETUP { yyerror("newline inside quoted string, no end \""); cfg_parser->line++; BEGIN(INITIAL); } YY_BREAK -case 130: +case 131: YY_RULE_SETUP { LEXOUT(("QE ")); if(--num_args == 0) { BEGIN(INITIAL); } else { BEGIN(val); } yytext[yyleng - 1] = '\0'; yylval.str = strdup(yytext); if(!yylval.str) yyerror("out of memory"); return STRING_ARG; } YY_BREAK /* Single Quoted strings. Strip leading and ending quotes */ -case 131: +case 132: YY_RULE_SETUP { BEGIN(singlequotedstr); LEXOUT(("SQS ")); } YY_BREAK case YY_STATE_EOF(singlequotedstr): { yyerror("EOF inside quoted string"); if(--num_args == 0) { BEGIN(INITIAL); } else { BEGIN(val); } } YY_BREAK -case 132: +case 133: YY_RULE_SETUP { LEXOUT(("STR(%s) ", yytext)); yymore(); } YY_BREAK -case 133: -/* rule 133 can match eol */ +case 134: +/* rule 134 can match eol */ YY_RULE_SETUP { yyerror("newline inside quoted string, no end '"); cfg_parser->line++; BEGIN(INITIAL); } YY_BREAK -case 134: +case 135: YY_RULE_SETUP { LEXOUT(("SQE ")); if(--num_args == 0) { BEGIN(INITIAL); } else { BEGIN(val); } yytext[yyleng - 1] = '\0'; yylval.str = strdup(yytext); if(!yylval.str) yyerror("out of memory"); return STRING_ARG; } YY_BREAK /* include: directive */ -case 135: +case 136: YY_RULE_SETUP { LEXOUT(("v(%s) ", yytext)); inc_prev = YYSTATE; BEGIN(include); } YY_BREAK case YY_STATE_EOF(include): { yyerror("EOF inside include directive"); BEGIN(inc_prev); } YY_BREAK -case 136: +case 137: YY_RULE_SETUP { LEXOUT(("ISP ")); /* ignore */ } YY_BREAK -case 137: -/* rule 137 can match eol */ +case 138: +/* rule 138 can match eol */ YY_RULE_SETUP { LEXOUT(("NL\n")); cfg_parser->line++;} YY_BREAK -case 138: +case 139: YY_RULE_SETUP { LEXOUT(("IQS ")); BEGIN(include_quoted); } YY_BREAK -case 139: +case 140: YY_RULE_SETUP { LEXOUT(("Iunquotedstr(%s) ", yytext)); config_start_include_glob(yytext); BEGIN(inc_prev); } YY_BREAK case YY_STATE_EOF(include_quoted): { yyerror("EOF inside quoted string"); BEGIN(inc_prev); } YY_BREAK -case 140: +case 141: YY_RULE_SETUP { LEXOUT(("ISTR(%s) ", yytext)); yymore(); } YY_BREAK -case 141: -/* rule 141 can match eol */ +case 142: +/* rule 142 can match eol */ YY_RULE_SETUP { yyerror("newline before \" in include name"); cfg_parser->line++; BEGIN(inc_prev); } YY_BREAK -case 142: +case 143: YY_RULE_SETUP { LEXOUT(("IQE ")); yytext[yyleng - 1] = '\0'; config_start_include_glob(yytext); BEGIN(inc_prev); } YY_BREAK case YY_STATE_EOF(INITIAL): case YY_STATE_EOF(val): { LEXOUT(("LEXEOF ")); yy_set_bol(1); /* Set beginning of line, so "^" rules match. */ if (!config_include_stack) { yyterminate(); } else { fclose(yyin); config_end_include(); } } YY_BREAK -case 143: +case 144: YY_RULE_SETUP { LEXOUT(("unquotedstr(%s) ", yytext)); if(--num_args == 0) { BEGIN(INITIAL); } yylval.str = strdup(yytext); return STRING_ARG; } YY_BREAK -case 144: +case 145: YY_RULE_SETUP { ub_c_error_msg("unknown keyword '%s'", yytext); } YY_BREAK -case 145: +case 146: YY_RULE_SETUP { ub_c_error_msg("stray '%s'", yytext); } YY_BREAK -case 146: +case 147: YY_RULE_SETUP ECHO; YY_BREAK case YY_END_OF_BUFFER: { /* Amount of text matched not including the EOB char. */ int yy_amount_of_matched_text = (int) (yy_cp - (yytext_ptr)) - 1; /* Undo the effects of YY_DO_BEFORE_ACTION. */ *yy_cp = (yy_hold_char); YY_RESTORE_YY_MORE_OFFSET if ( YY_CURRENT_BUFFER_LVALUE->yy_buffer_status == YY_BUFFER_NEW ) { /* We're scanning a new file or input source. It's * possible that this happened because the user * just pointed yyin at a new source and called * yylex(). If so, then we have to assure * consistency between YY_CURRENT_BUFFER and our * globals. Here is the right place to do so, because * this is the first action (other than possibly a * back-up) that will match for the new input source. */ (yy_n_chars) = YY_CURRENT_BUFFER_LVALUE->yy_n_chars; YY_CURRENT_BUFFER_LVALUE->yy_input_file = yyin; YY_CURRENT_BUFFER_LVALUE->yy_buffer_status = YY_BUFFER_NORMAL; } /* Note that here we test for yy_c_buf_p "<=" to the position * of the first EOB in the buffer, since yy_c_buf_p will * already have been incremented past the NUL character * (since all states make transitions on EOB to the * end-of-buffer state). Contrast this with the test * in input(). */ if ( (yy_c_buf_p) <= &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars)] ) { /* This was really a NUL. */ yy_state_type yy_next_state; (yy_c_buf_p) = (yytext_ptr) + yy_amount_of_matched_text; yy_current_state = yy_get_previous_state( ); /* Okay, we're now positioned to make the NUL * transition. We couldn't have * yy_get_previous_state() go ahead and do it * for us because it doesn't know how to deal * with the possibility of jamming (and we don't * want to build jamming into it because then it * will run more slowly). */ yy_next_state = yy_try_NUL_trans( yy_current_state ); yy_bp = (yytext_ptr) + YY_MORE_ADJ; if ( yy_next_state ) { /* Consume the NUL. */ yy_cp = ++(yy_c_buf_p); yy_current_state = yy_next_state; goto yy_match; } else { yy_cp = (yy_c_buf_p); goto yy_find_action; } } else switch ( yy_get_next_buffer( ) ) { case EOB_ACT_END_OF_FILE: { (yy_did_buffer_switch_on_eof) = 0; if ( yywrap( ) ) { /* Note: because we've taken care in * yy_get_next_buffer() to have set up * yytext, we can now set up * yy_c_buf_p so that if some total * hoser (like flex itself) wants to * call the scanner after we return the * YY_NULL, it'll still work - another * YY_NULL will get returned. */ (yy_c_buf_p) = (yytext_ptr) + YY_MORE_ADJ; yy_act = YY_STATE_EOF(YY_START); goto do_action; } else { if ( ! (yy_did_buffer_switch_on_eof) ) YY_NEW_FILE; } break; } case EOB_ACT_CONTINUE_SCAN: (yy_c_buf_p) = (yytext_ptr) + yy_amount_of_matched_text; yy_current_state = yy_get_previous_state( ); yy_cp = (yy_c_buf_p); yy_bp = (yytext_ptr) + YY_MORE_ADJ; goto yy_match; case EOB_ACT_LAST_MATCH: (yy_c_buf_p) = &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars)]; yy_current_state = yy_get_previous_state( ); yy_cp = (yy_c_buf_p); yy_bp = (yytext_ptr) + YY_MORE_ADJ; goto yy_find_action; } break; } default: YY_FATAL_ERROR( "fatal flex scanner internal error--no action found" ); } /* end of action switch */ } /* end of scanning one token */ } /* end of yylex */ /* yy_get_next_buffer - try to read in a new buffer * * Returns a code representing an action: * EOB_ACT_LAST_MATCH - * EOB_ACT_CONTINUE_SCAN - continue scanning from current position * EOB_ACT_END_OF_FILE - end of file */ static int yy_get_next_buffer (void) { char *dest = YY_CURRENT_BUFFER_LVALUE->yy_ch_buf; char *source = (yytext_ptr); int number_to_move, i; int ret_val; if ( (yy_c_buf_p) > &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars) + 1] ) YY_FATAL_ERROR( "fatal flex scanner internal error--end of buffer missed" ); if ( YY_CURRENT_BUFFER_LVALUE->yy_fill_buffer == 0 ) { /* Don't try to fill the buffer, so this is an EOF. */ if ( (yy_c_buf_p) - (yytext_ptr) - YY_MORE_ADJ == 1 ) { /* We matched a single character, the EOB, so * treat this as a final EOF. */ return EOB_ACT_END_OF_FILE; } else { /* We matched some text prior to the EOB, first * process it. */ return EOB_ACT_LAST_MATCH; } } /* Try to read more data. */ /* First move last chars to start of buffer. */ number_to_move = (int) ((yy_c_buf_p) - (yytext_ptr)) - 1; for ( i = 0; i < number_to_move; ++i ) *(dest++) = *(source++); if ( YY_CURRENT_BUFFER_LVALUE->yy_buffer_status == YY_BUFFER_EOF_PENDING ) /* don't do the read, it's not guaranteed to return an EOF, * just force an EOF */ YY_CURRENT_BUFFER_LVALUE->yy_n_chars = (yy_n_chars) = 0; else { yy_size_t num_to_read = YY_CURRENT_BUFFER_LVALUE->yy_buf_size - number_to_move - 1; while ( num_to_read <= 0 ) { /* Not enough room in the buffer - grow it. */ /* just a shorter name for the current buffer */ YY_BUFFER_STATE b = YY_CURRENT_BUFFER_LVALUE; int yy_c_buf_p_offset = (int) ((yy_c_buf_p) - b->yy_ch_buf); if ( b->yy_is_our_buffer ) { yy_size_t new_size = b->yy_buf_size * 2; if ( new_size <= 0 ) b->yy_buf_size += b->yy_buf_size / 8; else b->yy_buf_size *= 2; b->yy_ch_buf = (char *) /* Include room in for 2 EOB chars. */ yyrealloc((void *) b->yy_ch_buf,b->yy_buf_size + 2 ); } else /* Can't grow it, we don't own it. */ b->yy_ch_buf = 0; if ( ! b->yy_ch_buf ) YY_FATAL_ERROR( "fatal error - scanner input buffer overflow" ); (yy_c_buf_p) = &b->yy_ch_buf[yy_c_buf_p_offset]; num_to_read = YY_CURRENT_BUFFER_LVALUE->yy_buf_size - number_to_move - 1; } if ( num_to_read > YY_READ_BUF_SIZE ) num_to_read = YY_READ_BUF_SIZE; /* Read in more data. */ YY_INPUT( (&YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[number_to_move]), (yy_n_chars), num_to_read ); YY_CURRENT_BUFFER_LVALUE->yy_n_chars = (yy_n_chars); } if ( (yy_n_chars) == 0 ) { if ( number_to_move == YY_MORE_ADJ ) { ret_val = EOB_ACT_END_OF_FILE; yyrestart(yyin ); } else { ret_val = EOB_ACT_LAST_MATCH; YY_CURRENT_BUFFER_LVALUE->yy_buffer_status = YY_BUFFER_EOF_PENDING; } } else ret_val = EOB_ACT_CONTINUE_SCAN; if ((yy_size_t) ((yy_n_chars) + number_to_move) > YY_CURRENT_BUFFER_LVALUE->yy_buf_size) { /* Extend the array by 50%, plus the number we really need. */ yy_size_t new_size = (yy_n_chars) + number_to_move + ((yy_n_chars) >> 1); YY_CURRENT_BUFFER_LVALUE->yy_ch_buf = (char *) yyrealloc((void *) YY_CURRENT_BUFFER_LVALUE->yy_ch_buf,new_size ); if ( ! YY_CURRENT_BUFFER_LVALUE->yy_ch_buf ) YY_FATAL_ERROR( "out of dynamic memory in yy_get_next_buffer()" ); } (yy_n_chars) += number_to_move; YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars)] = YY_END_OF_BUFFER_CHAR; YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars) + 1] = YY_END_OF_BUFFER_CHAR; (yytext_ptr) = &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[0]; return ret_val; } /* yy_get_previous_state - get the state just before the EOB char was reached */ static yy_state_type yy_get_previous_state (void) { yy_state_type yy_current_state; char *yy_cp; yy_current_state = (yy_start); for ( yy_cp = (yytext_ptr) + YY_MORE_ADJ; yy_cp < (yy_c_buf_p); ++yy_cp ) { YY_CHAR yy_c = (*yy_cp ? yy_ec[YY_SC_TO_UI(*yy_cp)] : 1); if ( yy_accept[yy_current_state] ) { (yy_last_accepting_state) = yy_current_state; (yy_last_accepting_cpos) = yy_cp; } while ( yy_chk[yy_base[yy_current_state] + yy_c] != yy_current_state ) { yy_current_state = (int) yy_def[yy_current_state]; - if ( yy_current_state >= 1383 ) + if ( yy_current_state >= 1399 ) yy_c = yy_meta[(unsigned int) yy_c]; } yy_current_state = yy_nxt[yy_base[yy_current_state] + (unsigned int) yy_c]; } return yy_current_state; } /* yy_try_NUL_trans - try to make a transition on the NUL character * * synopsis * next_state = yy_try_NUL_trans( current_state ); */ static yy_state_type yy_try_NUL_trans (yy_state_type yy_current_state ) { int yy_is_jam; char *yy_cp = (yy_c_buf_p); YY_CHAR yy_c = 1; if ( yy_accept[yy_current_state] ) { (yy_last_accepting_state) = yy_current_state; (yy_last_accepting_cpos) = yy_cp; } while ( yy_chk[yy_base[yy_current_state] + yy_c] != yy_current_state ) { yy_current_state = (int) yy_def[yy_current_state]; - if ( yy_current_state >= 1383 ) + if ( yy_current_state >= 1399 ) yy_c = yy_meta[(unsigned int) yy_c]; } yy_current_state = yy_nxt[yy_base[yy_current_state] + (unsigned int) yy_c]; - yy_is_jam = (yy_current_state == 1382); + yy_is_jam = (yy_current_state == 1398); return yy_is_jam ? 0 : yy_current_state; } #ifndef YY_NO_INPUT #ifdef __cplusplus static int yyinput (void) #else static int input (void) #endif { int c; *(yy_c_buf_p) = (yy_hold_char); if ( *(yy_c_buf_p) == YY_END_OF_BUFFER_CHAR ) { /* yy_c_buf_p now points to the character we want to return. * If this occurs *before* the EOB characters, then it's a * valid NUL; if not, then we've hit the end of the buffer. */ if ( (yy_c_buf_p) < &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars)] ) /* This was really a NUL. */ *(yy_c_buf_p) = '\0'; else { /* need more input */ yy_size_t offset = (yy_c_buf_p) - (yytext_ptr); ++(yy_c_buf_p); switch ( yy_get_next_buffer( ) ) { case EOB_ACT_LAST_MATCH: /* This happens because yy_g_n_b() * sees that we've accumulated a * token and flags that we need to * try matching the token before * proceeding. But for input(), * there's no matching to consider. * So convert the EOB_ACT_LAST_MATCH * to EOB_ACT_END_OF_FILE. */ /* Reset buffer status. */ yyrestart(yyin ); /*FALLTHROUGH*/ case EOB_ACT_END_OF_FILE: { if ( yywrap( ) ) return EOF; if ( ! (yy_did_buffer_switch_on_eof) ) YY_NEW_FILE; #ifdef __cplusplus return yyinput(); #else return input(); #endif } case EOB_ACT_CONTINUE_SCAN: (yy_c_buf_p) = (yytext_ptr) + offset; break; } } } c = *(unsigned char *) (yy_c_buf_p); /* cast for 8-bit char's */ *(yy_c_buf_p) = '\0'; /* preserve yytext */ (yy_hold_char) = *++(yy_c_buf_p); return c; } #endif /* ifndef YY_NO_INPUT */ /** Immediately switch to a different input stream. * @param input_file A readable stream. * * @note This function does not reset the start condition to @c INITIAL . */ void yyrestart (FILE * input_file ) { if ( ! YY_CURRENT_BUFFER ){ yyensure_buffer_stack (); YY_CURRENT_BUFFER_LVALUE = yy_create_buffer(yyin,YY_BUF_SIZE ); } yy_init_buffer(YY_CURRENT_BUFFER,input_file ); yy_load_buffer_state( ); } /** Switch to a different input buffer. * @param new_buffer The new input buffer. * */ void yy_switch_to_buffer (YY_BUFFER_STATE new_buffer ) { /* TODO. We should be able to replace this entire function body * with * yypop_buffer_state(); * yypush_buffer_state(new_buffer); */ yyensure_buffer_stack (); if ( YY_CURRENT_BUFFER == new_buffer ) return; if ( YY_CURRENT_BUFFER ) { /* Flush out information for old buffer. */ *(yy_c_buf_p) = (yy_hold_char); YY_CURRENT_BUFFER_LVALUE->yy_buf_pos = (yy_c_buf_p); YY_CURRENT_BUFFER_LVALUE->yy_n_chars = (yy_n_chars); } YY_CURRENT_BUFFER_LVALUE = new_buffer; yy_load_buffer_state( ); /* We don't actually know whether we did this switch during * EOF (yywrap()) processing, but the only time this flag * is looked at is after yywrap() is called, so it's safe * to go ahead and always set it. */ (yy_did_buffer_switch_on_eof) = 1; } static void yy_load_buffer_state (void) { (yy_n_chars) = YY_CURRENT_BUFFER_LVALUE->yy_n_chars; (yytext_ptr) = (yy_c_buf_p) = YY_CURRENT_BUFFER_LVALUE->yy_buf_pos; yyin = YY_CURRENT_BUFFER_LVALUE->yy_input_file; (yy_hold_char) = *(yy_c_buf_p); } /** Allocate and initialize an input buffer state. * @param file A readable stream. * @param size The character buffer size in bytes. When in doubt, use @c YY_BUF_SIZE. * * @return the allocated buffer state. */ YY_BUFFER_STATE yy_create_buffer (FILE * file, int size ) { YY_BUFFER_STATE b; b = (YY_BUFFER_STATE) yyalloc(sizeof( struct yy_buffer_state ) ); if ( ! b ) YY_FATAL_ERROR( "out of dynamic memory in yy_create_buffer()" ); b->yy_buf_size = size; /* yy_ch_buf has to be 2 characters longer than the size given because * we need to put in 2 end-of-buffer characters. */ b->yy_ch_buf = (char *) yyalloc(b->yy_buf_size + 2 ); if ( ! b->yy_ch_buf ) YY_FATAL_ERROR( "out of dynamic memory in yy_create_buffer()" ); b->yy_is_our_buffer = 1; yy_init_buffer(b,file ); return b; } /** Destroy the buffer. * @param b a buffer created with yy_create_buffer() * */ void yy_delete_buffer (YY_BUFFER_STATE b ) { if ( ! b ) return; if ( b == YY_CURRENT_BUFFER ) /* Not sure if we should pop here. */ YY_CURRENT_BUFFER_LVALUE = (YY_BUFFER_STATE) 0; if ( b->yy_is_our_buffer ) yyfree((void *) b->yy_ch_buf ); yyfree((void *) b ); } /* Initializes or reinitializes a buffer. * This function is sometimes called more than once on the same buffer, * such as during a yyrestart() or at EOF. */ static void yy_init_buffer (YY_BUFFER_STATE b, FILE * file ) { int oerrno = errno; yy_flush_buffer(b ); b->yy_input_file = file; b->yy_fill_buffer = 1; /* If b is the current buffer, then yy_init_buffer was _probably_ * called from yyrestart() or through yy_get_next_buffer. * In that case, we don't want to reset the lineno or column. */ if (b != YY_CURRENT_BUFFER){ b->yy_bs_lineno = 1; b->yy_bs_column = 0; } b->yy_is_interactive = file ? (isatty( fileno(file) ) > 0) : 0; errno = oerrno; } /** Discard all buffered characters. On the next scan, YY_INPUT will be called. * @param b the buffer state to be flushed, usually @c YY_CURRENT_BUFFER. * */ void yy_flush_buffer (YY_BUFFER_STATE b ) { if ( ! b ) return; b->yy_n_chars = 0; /* We always need two end-of-buffer characters. The first causes * a transition to the end-of-buffer state. The second causes * a jam in that state. */ b->yy_ch_buf[0] = YY_END_OF_BUFFER_CHAR; b->yy_ch_buf[1] = YY_END_OF_BUFFER_CHAR; b->yy_buf_pos = &b->yy_ch_buf[0]; b->yy_at_bol = 1; b->yy_buffer_status = YY_BUFFER_NEW; if ( b == YY_CURRENT_BUFFER ) yy_load_buffer_state( ); } /** Pushes the new state onto the stack. The new state becomes * the current state. This function will allocate the stack * if necessary. * @param new_buffer The new state. * */ void yypush_buffer_state (YY_BUFFER_STATE new_buffer ) { if (new_buffer == NULL) return; yyensure_buffer_stack(); /* This block is copied from yy_switch_to_buffer. */ if ( YY_CURRENT_BUFFER ) { /* Flush out information for old buffer. */ *(yy_c_buf_p) = (yy_hold_char); YY_CURRENT_BUFFER_LVALUE->yy_buf_pos = (yy_c_buf_p); YY_CURRENT_BUFFER_LVALUE->yy_n_chars = (yy_n_chars); } /* Only push if top exists. Otherwise, replace top. */ if (YY_CURRENT_BUFFER) (yy_buffer_stack_top)++; YY_CURRENT_BUFFER_LVALUE = new_buffer; /* copied from yy_switch_to_buffer. */ yy_load_buffer_state( ); (yy_did_buffer_switch_on_eof) = 1; } /** Removes and deletes the top of the stack, if present. * The next element becomes the new top. * */ void yypop_buffer_state (void) { if (!YY_CURRENT_BUFFER) return; yy_delete_buffer(YY_CURRENT_BUFFER ); YY_CURRENT_BUFFER_LVALUE = NULL; if ((yy_buffer_stack_top) > 0) --(yy_buffer_stack_top); if (YY_CURRENT_BUFFER) { yy_load_buffer_state( ); (yy_did_buffer_switch_on_eof) = 1; } } /* Allocates the stack if it does not exist. * Guarantees space for at least one push. */ static void yyensure_buffer_stack (void) { yy_size_t num_to_alloc; if (!(yy_buffer_stack)) { /* First allocation is just for 2 elements, since we don't know if this * scanner will even need a stack. We use 2 instead of 1 to avoid an * immediate realloc on the next call. */ num_to_alloc = 1; (yy_buffer_stack) = (struct yy_buffer_state**)yyalloc (num_to_alloc * sizeof(struct yy_buffer_state*) ); if ( ! (yy_buffer_stack) ) YY_FATAL_ERROR( "out of dynamic memory in yyensure_buffer_stack()" ); memset((yy_buffer_stack), 0, num_to_alloc * sizeof(struct yy_buffer_state*)); (yy_buffer_stack_max) = num_to_alloc; (yy_buffer_stack_top) = 0; return; } if ((yy_buffer_stack_top) >= ((yy_buffer_stack_max)) - 1){ /* Increase the buffer to prepare for a possible push. */ int grow_size = 8 /* arbitrary grow size */; num_to_alloc = (yy_buffer_stack_max) + grow_size; (yy_buffer_stack) = (struct yy_buffer_state**)yyrealloc ((yy_buffer_stack), num_to_alloc * sizeof(struct yy_buffer_state*) ); if ( ! (yy_buffer_stack) ) YY_FATAL_ERROR( "out of dynamic memory in yyensure_buffer_stack()" ); /* zero only the new slots.*/ memset((yy_buffer_stack) + (yy_buffer_stack_max), 0, grow_size * sizeof(struct yy_buffer_state*)); (yy_buffer_stack_max) = num_to_alloc; } } /** Setup the input buffer state to scan directly from a user-specified character buffer. * @param base the character buffer * @param size the size in bytes of the character buffer * * @return the newly allocated buffer state object. */ YY_BUFFER_STATE yy_scan_buffer (char * base, yy_size_t size ) { YY_BUFFER_STATE b; if ( size < 2 || base[size-2] != YY_END_OF_BUFFER_CHAR || base[size-1] != YY_END_OF_BUFFER_CHAR ) /* They forgot to leave room for the EOB's. */ return 0; b = (YY_BUFFER_STATE) yyalloc(sizeof( struct yy_buffer_state ) ); if ( ! b ) YY_FATAL_ERROR( "out of dynamic memory in yy_scan_buffer()" ); b->yy_buf_size = size - 2; /* "- 2" to take care of EOB's */ b->yy_buf_pos = b->yy_ch_buf = base; b->yy_is_our_buffer = 0; b->yy_input_file = 0; b->yy_n_chars = b->yy_buf_size; b->yy_is_interactive = 0; b->yy_at_bol = 1; b->yy_fill_buffer = 0; b->yy_buffer_status = YY_BUFFER_NEW; yy_switch_to_buffer(b ); return b; } /** Setup the input buffer state to scan a string. The next call to yylex() will * scan from a @e copy of @a str. * @param yystr a NUL-terminated string to scan * * @return the newly allocated buffer state object. * @note If you want to scan bytes that may contain NUL values, then use * yy_scan_bytes() instead. */ YY_BUFFER_STATE yy_scan_string (yyconst char * yystr ) { return yy_scan_bytes(yystr,strlen(yystr) ); } /** Setup the input buffer state to scan the given bytes. The next call to yylex() will * scan from a @e copy of @a bytes. * @param yybytes the byte buffer to scan * @param _yybytes_len the number of bytes in the buffer pointed to by @a bytes. * * @return the newly allocated buffer state object. */ YY_BUFFER_STATE yy_scan_bytes (yyconst char * yybytes, yy_size_t _yybytes_len ) { YY_BUFFER_STATE b; char *buf; yy_size_t n; yy_size_t i; /* Get memory for full buffer, including space for trailing EOB's. */ n = _yybytes_len + 2; buf = (char *) yyalloc(n ); if ( ! buf ) YY_FATAL_ERROR( "out of dynamic memory in yy_scan_bytes()" ); for ( i = 0; i < _yybytes_len; ++i ) buf[i] = yybytes[i]; buf[_yybytes_len] = buf[_yybytes_len+1] = YY_END_OF_BUFFER_CHAR; b = yy_scan_buffer(buf,n ); if ( ! b ) YY_FATAL_ERROR( "bad buffer in yy_scan_bytes()" ); /* It's okay to grow etc. this buffer, and we should throw it * away when we're done. */ b->yy_is_our_buffer = 1; return b; } #ifndef YY_EXIT_FAILURE #define YY_EXIT_FAILURE 2 #endif static void yy_fatal_error (yyconst char* msg ) { (void) fprintf( stderr, "%s\n", msg ); exit( YY_EXIT_FAILURE ); } /* Redefine yyless() so it works in section 3 code. */ #undef yyless #define yyless(n) \ do \ { \ /* Undo effects of setting up yytext. */ \ int yyless_macro_arg = (n); \ YY_LESS_LINENO(yyless_macro_arg);\ yytext[yyleng] = (yy_hold_char); \ (yy_c_buf_p) = yytext + yyless_macro_arg; \ (yy_hold_char) = *(yy_c_buf_p); \ *(yy_c_buf_p) = '\0'; \ yyleng = yyless_macro_arg; \ } \ while ( 0 ) /* Accessor methods (get/set functions) to struct members. */ /** Get the current line number. * */ int yyget_lineno (void) { return yylineno; } /** Get the input stream. * */ FILE *yyget_in (void) { return yyin; } /** Get the output stream. * */ FILE *yyget_out (void) { return yyout; } /** Get the length of the current token. * */ yy_size_t yyget_leng (void) { return yyleng; } /** Get the current token. * */ char *yyget_text (void) { return yytext; } /** Set the current line number. * @param line_number * */ void yyset_lineno (int line_number ) { yylineno = line_number; } /** Set the input stream. This does not discard the current * input buffer. * @param in_str A readable stream. * * @see yy_switch_to_buffer */ void yyset_in (FILE * in_str ) { yyin = in_str ; } void yyset_out (FILE * out_str ) { yyout = out_str ; } int yyget_debug (void) { return yy_flex_debug; } void yyset_debug (int bdebug ) { yy_flex_debug = bdebug ; } static int yy_init_globals (void) { /* Initialization is the same as for the non-reentrant scanner. * This function is called from yylex_destroy(), so don't allocate here. */ (yy_buffer_stack) = 0; (yy_buffer_stack_top) = 0; (yy_buffer_stack_max) = 0; (yy_c_buf_p) = (char *) 0; (yy_init) = 0; (yy_start) = 0; /* Defined in main.c */ #ifdef YY_STDINIT yyin = stdin; yyout = stdout; #else yyin = (FILE *) 0; yyout = (FILE *) 0; #endif /* For future reference: Set errno on error, since we are called by * yylex_init() */ return 0; } /* yylex_destroy is for both reentrant and non-reentrant scanners. */ int yylex_destroy (void) { /* Pop the buffer stack, destroying each element. */ while(YY_CURRENT_BUFFER){ yy_delete_buffer(YY_CURRENT_BUFFER ); YY_CURRENT_BUFFER_LVALUE = NULL; yypop_buffer_state(); } /* Destroy the stack itself. */ yyfree((yy_buffer_stack) ); (yy_buffer_stack) = NULL; /* Reset the globals. This is important in a non-reentrant scanner so the next time * yylex() is called, initialization will occur. */ yy_init_globals( ); return 0; } /* * Internal utility routines. */ #ifndef yytext_ptr static void yy_flex_strncpy (char* s1, yyconst char * s2, int n ) { int i; for ( i = 0; i < n; ++i ) s1[i] = s2[i]; } #endif #ifdef YY_NEED_STRLEN static int yy_flex_strlen (yyconst char * s ) { int n; for ( n = 0; s[n]; ++n ) ; return n; } #endif void *yyalloc (yy_size_t size ) { return (void *) malloc( size ); } void *yyrealloc (void * ptr, yy_size_t size ) { /* The cast to (char *) in the following accommodates both * implementations that use char* generic pointers, and those * that use void* generic pointers. It works with the latter * because both ANSI C and C++ allow castless assignment from * any pointer type to void*, and deal with argument conversions * as though doing an assignment. */ return (void *) realloc( (char *) ptr, size ); } void yyfree (void * ptr ) { free( (char *) ptr ); /* see yyrealloc() for (char *) cast */ } #define YYTABLES_NAME "yytables" Index: head/contrib/unbound/util/configlexer.lex =================================================================== --- head/contrib/unbound/util/configlexer.lex (revision 268838) +++ head/contrib/unbound/util/configlexer.lex (revision 268839) @@ -1,423 +1,424 @@ %{ /* * configlexer.lex - lexical analyzer for unbound config file * * Copyright (c) 2001-2006, NLnet Labs. All rights reserved * * See LICENSE for the license. * */ #include #include #include #ifdef HAVE_GLOB_H # include #endif #include "util/config_file.h" #include "util/configparser.h" void ub_c_error(const char *message); #if 0 #define LEXOUT(s) printf s /* used ONLY when debugging */ #else #define LEXOUT(s) #endif /** avoid warning in about fwrite return value */ #define ECHO ub_c_error_msg("syntax error at text: %s", yytext) /** A parser variable, this is a statement in the config file which is * of the form variable: value1 value2 ... nargs is the number of values. */ #define YDVAR(nargs, var) \ num_args=(nargs); \ LEXOUT(("v(%s%d) ", yytext, num_args)); \ if(num_args > 0) { BEGIN(val); } \ return (var); struct inc_state { char* filename; int line; YY_BUFFER_STATE buffer; struct inc_state* next; }; static struct inc_state* config_include_stack = NULL; static int inc_depth = 0; static int inc_prev = 0; static int num_args = 0; void init_cfg_parse(void) { config_include_stack = NULL; inc_depth = 0; inc_prev = 0; num_args = 0; } static void config_start_include(const char* filename) { FILE *input; struct inc_state* s; char* nm; if(inc_depth++ > 100000) { ub_c_error_msg("too many include files"); return; } if(strlen(filename) == 0) { ub_c_error_msg("empty include file name"); return; } s = (struct inc_state*)malloc(sizeof(*s)); if(!s) { ub_c_error_msg("include %s: malloc failure", filename); return; } if(cfg_parser->chroot && strncmp(filename, cfg_parser->chroot, strlen(cfg_parser->chroot)) == 0) { filename += strlen(cfg_parser->chroot); } nm = strdup(filename); if(!nm) { ub_c_error_msg("include %s: strdup failure", filename); free(s); return; } input = fopen(filename, "r"); if(!input) { ub_c_error_msg("cannot open include file '%s': %s", filename, strerror(errno)); free(s); free(nm); return; } LEXOUT(("switch_to_include_file(%s)\n", filename)); s->filename = cfg_parser->filename; s->line = cfg_parser->line; s->buffer = YY_CURRENT_BUFFER; s->next = config_include_stack; config_include_stack = s; cfg_parser->filename = nm; cfg_parser->line = 1; yy_switch_to_buffer(yy_create_buffer(input, YY_BUF_SIZE)); } static void config_start_include_glob(const char* filename) { /* check for wildcards */ #ifdef HAVE_GLOB glob_t g; size_t i; int r, flags; if(!(!strchr(filename, '*') && !strchr(filename, '?') && !strchr(filename, '[') && !strchr(filename, '{') && !strchr(filename, '~'))) { flags = 0 #ifdef GLOB_ERR | GLOB_ERR #endif #ifdef GLOB_NOSORT | GLOB_NOSORT #endif #ifdef GLOB_BRACE | GLOB_BRACE #endif #ifdef GLOB_TILDE | GLOB_TILDE #endif ; memset(&g, 0, sizeof(g)); r = glob(filename, flags, NULL, &g); if(r) { /* some error */ globfree(&g); if(r == GLOB_NOMATCH) return; /* no matches for pattern */ config_start_include(filename); /* let original deal with it */ return; } /* process files found, if any */ for(i=0; i<(size_t)g.gl_pathc; i++) { config_start_include(g.gl_pathv[i]); } globfree(&g); return; } #endif /* HAVE_GLOB */ config_start_include(filename); } static void config_end_include(void) { struct inc_state* s = config_include_stack; --inc_depth; if(!s) return; free(cfg_parser->filename); cfg_parser->filename = s->filename; cfg_parser->line = s->line; yy_delete_buffer(YY_CURRENT_BUFFER); yy_switch_to_buffer(s->buffer); config_include_stack = s->next; free(s); } #ifndef yy_set_bol /* compat definition, for flex 2.4.6 */ #define yy_set_bol(at_bol) \ { \ if ( ! yy_current_buffer ) \ yy_current_buffer = yy_create_buffer( yyin, YY_BUF_SIZE ); \ yy_current_buffer->yy_ch_buf[0] = ((at_bol)?'\n':' '); \ } #endif %} %option noinput %option nounput %{ #ifndef YY_NO_UNPUT #define YY_NO_UNPUT 1 #endif #ifndef YY_NO_INPUT #define YY_NO_INPUT 1 #endif %} SPACE [ \t] LETTER [a-zA-Z] UNQUOTEDLETTER [^\'\"\n\r \t\\]|\\. UNQUOTEDLETTER_NOCOLON [^\:\'\"\n\r \t\\]|\\. NEWLINE [\r\n] COMMENT \# COLON \: DQANY [^\"\n\r\\]|\\. SQANY [^\'\n\r\\]|\\. %x quotedstring singlequotedstr include include_quoted val %% {SPACE}* { LEXOUT(("SP ")); /* ignore */ } {SPACE}*{COMMENT}.* { /* note that flex makes the longest match and '.' is any but not nl */ LEXOUT(("comment(%s) ", yytext)); /* ignore */ } server{COLON} { YDVAR(0, VAR_SERVER) } num-threads{COLON} { YDVAR(1, VAR_NUM_THREADS) } verbosity{COLON} { YDVAR(1, VAR_VERBOSITY) } port{COLON} { YDVAR(1, VAR_PORT) } outgoing-range{COLON} { YDVAR(1, VAR_OUTGOING_RANGE) } outgoing-port-permit{COLON} { YDVAR(1, VAR_OUTGOING_PORT_PERMIT) } outgoing-port-avoid{COLON} { YDVAR(1, VAR_OUTGOING_PORT_AVOID) } outgoing-num-tcp{COLON} { YDVAR(1, VAR_OUTGOING_NUM_TCP) } incoming-num-tcp{COLON} { YDVAR(1, VAR_INCOMING_NUM_TCP) } do-ip4{COLON} { YDVAR(1, VAR_DO_IP4) } do-ip6{COLON} { YDVAR(1, VAR_DO_IP6) } do-udp{COLON} { YDVAR(1, VAR_DO_UDP) } do-tcp{COLON} { YDVAR(1, VAR_DO_TCP) } tcp-upstream{COLON} { YDVAR(1, VAR_TCP_UPSTREAM) } ssl-upstream{COLON} { YDVAR(1, VAR_SSL_UPSTREAM) } ssl-service-key{COLON} { YDVAR(1, VAR_SSL_SERVICE_KEY) } ssl-service-pem{COLON} { YDVAR(1, VAR_SSL_SERVICE_PEM) } ssl-port{COLON} { YDVAR(1, VAR_SSL_PORT) } do-daemonize{COLON} { YDVAR(1, VAR_DO_DAEMONIZE) } interface{COLON} { YDVAR(1, VAR_INTERFACE) } ip-address{COLON} { YDVAR(1, VAR_INTERFACE) } outgoing-interface{COLON} { YDVAR(1, VAR_OUTGOING_INTERFACE) } interface-automatic{COLON} { YDVAR(1, VAR_INTERFACE_AUTOMATIC) } so-rcvbuf{COLON} { YDVAR(1, VAR_SO_RCVBUF) } so-sndbuf{COLON} { YDVAR(1, VAR_SO_SNDBUF) } so-reuseport{COLON} { YDVAR(1, VAR_SO_REUSEPORT) } chroot{COLON} { YDVAR(1, VAR_CHROOT) } username{COLON} { YDVAR(1, VAR_USERNAME) } directory{COLON} { YDVAR(1, VAR_DIRECTORY) } logfile{COLON} { YDVAR(1, VAR_LOGFILE) } pidfile{COLON} { YDVAR(1, VAR_PIDFILE) } root-hints{COLON} { YDVAR(1, VAR_ROOT_HINTS) } edns-buffer-size{COLON} { YDVAR(1, VAR_EDNS_BUFFER_SIZE) } msg-buffer-size{COLON} { YDVAR(1, VAR_MSG_BUFFER_SIZE) } msg-cache-size{COLON} { YDVAR(1, VAR_MSG_CACHE_SIZE) } msg-cache-slabs{COLON} { YDVAR(1, VAR_MSG_CACHE_SLABS) } rrset-cache-size{COLON} { YDVAR(1, VAR_RRSET_CACHE_SIZE) } rrset-cache-slabs{COLON} { YDVAR(1, VAR_RRSET_CACHE_SLABS) } cache-max-ttl{COLON} { YDVAR(1, VAR_CACHE_MAX_TTL) } cache-min-ttl{COLON} { YDVAR(1, VAR_CACHE_MIN_TTL) } infra-host-ttl{COLON} { YDVAR(1, VAR_INFRA_HOST_TTL) } infra-lame-ttl{COLON} { YDVAR(1, VAR_INFRA_LAME_TTL) } infra-cache-slabs{COLON} { YDVAR(1, VAR_INFRA_CACHE_SLABS) } infra-cache-numhosts{COLON} { YDVAR(1, VAR_INFRA_CACHE_NUMHOSTS) } infra-cache-lame-size{COLON} { YDVAR(1, VAR_INFRA_CACHE_LAME_SIZE) } num-queries-per-thread{COLON} { YDVAR(1, VAR_NUM_QUERIES_PER_THREAD) } jostle-timeout{COLON} { YDVAR(1, VAR_JOSTLE_TIMEOUT) } delay-close{COLON} { YDVAR(1, VAR_DELAY_CLOSE) } target-fetch-policy{COLON} { YDVAR(1, VAR_TARGET_FETCH_POLICY) } harden-short-bufsize{COLON} { YDVAR(1, VAR_HARDEN_SHORT_BUFSIZE) } harden-large-queries{COLON} { YDVAR(1, VAR_HARDEN_LARGE_QUERIES) } harden-glue{COLON} { YDVAR(1, VAR_HARDEN_GLUE) } harden-dnssec-stripped{COLON} { YDVAR(1, VAR_HARDEN_DNSSEC_STRIPPED) } harden-below-nxdomain{COLON} { YDVAR(1, VAR_HARDEN_BELOW_NXDOMAIN) } harden-referral-path{COLON} { YDVAR(1, VAR_HARDEN_REFERRAL_PATH) } use-caps-for-id{COLON} { YDVAR(1, VAR_USE_CAPS_FOR_ID) } unwanted-reply-threshold{COLON} { YDVAR(1, VAR_UNWANTED_REPLY_THRESHOLD) } private-address{COLON} { YDVAR(1, VAR_PRIVATE_ADDRESS) } private-domain{COLON} { YDVAR(1, VAR_PRIVATE_DOMAIN) } prefetch-key{COLON} { YDVAR(1, VAR_PREFETCH_KEY) } prefetch{COLON} { YDVAR(1, VAR_PREFETCH) } stub-zone{COLON} { YDVAR(0, VAR_STUB_ZONE) } name{COLON} { YDVAR(1, VAR_NAME) } stub-addr{COLON} { YDVAR(1, VAR_STUB_ADDR) } stub-host{COLON} { YDVAR(1, VAR_STUB_HOST) } stub-prime{COLON} { YDVAR(1, VAR_STUB_PRIME) } stub-first{COLON} { YDVAR(1, VAR_STUB_FIRST) } forward-zone{COLON} { YDVAR(0, VAR_FORWARD_ZONE) } forward-addr{COLON} { YDVAR(1, VAR_FORWARD_ADDR) } forward-host{COLON} { YDVAR(1, VAR_FORWARD_HOST) } forward-first{COLON} { YDVAR(1, VAR_FORWARD_FIRST) } do-not-query-address{COLON} { YDVAR(1, VAR_DO_NOT_QUERY_ADDRESS) } do-not-query-localhost{COLON} { YDVAR(1, VAR_DO_NOT_QUERY_LOCALHOST) } access-control{COLON} { YDVAR(2, VAR_ACCESS_CONTROL) } hide-identity{COLON} { YDVAR(1, VAR_HIDE_IDENTITY) } hide-version{COLON} { YDVAR(1, VAR_HIDE_VERSION) } identity{COLON} { YDVAR(1, VAR_IDENTITY) } version{COLON} { YDVAR(1, VAR_VERSION) } module-config{COLON} { YDVAR(1, VAR_MODULE_CONF) } dlv-anchor{COLON} { YDVAR(1, VAR_DLV_ANCHOR) } dlv-anchor-file{COLON} { YDVAR(1, VAR_DLV_ANCHOR_FILE) } trust-anchor-file{COLON} { YDVAR(1, VAR_TRUST_ANCHOR_FILE) } auto-trust-anchor-file{COLON} { YDVAR(1, VAR_AUTO_TRUST_ANCHOR_FILE) } trusted-keys-file{COLON} { YDVAR(1, VAR_TRUSTED_KEYS_FILE) } trust-anchor{COLON} { YDVAR(1, VAR_TRUST_ANCHOR) } val-override-date{COLON} { YDVAR(1, VAR_VAL_OVERRIDE_DATE) } val-sig-skew-min{COLON} { YDVAR(1, VAR_VAL_SIG_SKEW_MIN) } val-sig-skew-max{COLON} { YDVAR(1, VAR_VAL_SIG_SKEW_MAX) } val-bogus-ttl{COLON} { YDVAR(1, VAR_BOGUS_TTL) } val-clean-additional{COLON} { YDVAR(1, VAR_VAL_CLEAN_ADDITIONAL) } val-permissive-mode{COLON} { YDVAR(1, VAR_VAL_PERMISSIVE_MODE) } ignore-cd-flag{COLON} { YDVAR(1, VAR_IGNORE_CD_FLAG) } val-log-level{COLON} { YDVAR(1, VAR_VAL_LOG_LEVEL) } key-cache-size{COLON} { YDVAR(1, VAR_KEY_CACHE_SIZE) } key-cache-slabs{COLON} { YDVAR(1, VAR_KEY_CACHE_SLABS) } neg-cache-size{COLON} { YDVAR(1, VAR_NEG_CACHE_SIZE) } val-nsec3-keysize-iterations{COLON} { YDVAR(1, VAR_VAL_NSEC3_KEYSIZE_ITERATIONS) } add-holddown{COLON} { YDVAR(1, VAR_ADD_HOLDDOWN) } del-holddown{COLON} { YDVAR(1, VAR_DEL_HOLDDOWN) } keep-missing{COLON} { YDVAR(1, VAR_KEEP_MISSING) } use-syslog{COLON} { YDVAR(1, VAR_USE_SYSLOG) } log-time-ascii{COLON} { YDVAR(1, VAR_LOG_TIME_ASCII) } log-queries{COLON} { YDVAR(1, VAR_LOG_QUERIES) } local-zone{COLON} { YDVAR(2, VAR_LOCAL_ZONE) } local-data{COLON} { YDVAR(1, VAR_LOCAL_DATA) } local-data-ptr{COLON} { YDVAR(1, VAR_LOCAL_DATA_PTR) } +unblock-lan-zones{COLON} { YDVAR(1, VAR_UNBLOCK_LAN_ZONES) } statistics-interval{COLON} { YDVAR(1, VAR_STATISTICS_INTERVAL) } statistics-cumulative{COLON} { YDVAR(1, VAR_STATISTICS_CUMULATIVE) } extended-statistics{COLON} { YDVAR(1, VAR_EXTENDED_STATISTICS) } remote-control{COLON} { YDVAR(0, VAR_REMOTE_CONTROL) } control-enable{COLON} { YDVAR(1, VAR_CONTROL_ENABLE) } control-interface{COLON} { YDVAR(1, VAR_CONTROL_INTERFACE) } control-port{COLON} { YDVAR(1, VAR_CONTROL_PORT) } server-key-file{COLON} { YDVAR(1, VAR_SERVER_KEY_FILE) } server-cert-file{COLON} { YDVAR(1, VAR_SERVER_CERT_FILE) } control-key-file{COLON} { YDVAR(1, VAR_CONTROL_KEY_FILE) } control-cert-file{COLON} { YDVAR(1, VAR_CONTROL_CERT_FILE) } python-script{COLON} { YDVAR(1, VAR_PYTHON_SCRIPT) } python{COLON} { YDVAR(0, VAR_PYTHON) } domain-insecure{COLON} { YDVAR(1, VAR_DOMAIN_INSECURE) } minimal-responses{COLON} { YDVAR(1, VAR_MINIMAL_RESPONSES) } rrset-roundrobin{COLON} { YDVAR(1, VAR_RRSET_ROUNDROBIN) } max-udp-size{COLON} { YDVAR(1, VAR_MAX_UDP_SIZE) } {NEWLINE} { LEXOUT(("NL\n")); cfg_parser->line++; } /* Quoted strings. Strip leading and ending quotes */ \" { BEGIN(quotedstring); LEXOUT(("QS ")); } <> { yyerror("EOF inside quoted string"); if(--num_args == 0) { BEGIN(INITIAL); } else { BEGIN(val); } } {DQANY}* { LEXOUT(("STR(%s) ", yytext)); yymore(); } {NEWLINE} { yyerror("newline inside quoted string, no end \""); cfg_parser->line++; BEGIN(INITIAL); } \" { LEXOUT(("QE ")); if(--num_args == 0) { BEGIN(INITIAL); } else { BEGIN(val); } yytext[yyleng - 1] = '\0'; yylval.str = strdup(yytext); if(!yylval.str) yyerror("out of memory"); return STRING_ARG; } /* Single Quoted strings. Strip leading and ending quotes */ \' { BEGIN(singlequotedstr); LEXOUT(("SQS ")); } <> { yyerror("EOF inside quoted string"); if(--num_args == 0) { BEGIN(INITIAL); } else { BEGIN(val); } } {SQANY}* { LEXOUT(("STR(%s) ", yytext)); yymore(); } {NEWLINE} { yyerror("newline inside quoted string, no end '"); cfg_parser->line++; BEGIN(INITIAL); } \' { LEXOUT(("SQE ")); if(--num_args == 0) { BEGIN(INITIAL); } else { BEGIN(val); } yytext[yyleng - 1] = '\0'; yylval.str = strdup(yytext); if(!yylval.str) yyerror("out of memory"); return STRING_ARG; } /* include: directive */ include{COLON} { LEXOUT(("v(%s) ", yytext)); inc_prev = YYSTATE; BEGIN(include); } <> { yyerror("EOF inside include directive"); BEGIN(inc_prev); } {SPACE}* { LEXOUT(("ISP ")); /* ignore */ } {NEWLINE} { LEXOUT(("NL\n")); cfg_parser->line++;} \" { LEXOUT(("IQS ")); BEGIN(include_quoted); } {UNQUOTEDLETTER}* { LEXOUT(("Iunquotedstr(%s) ", yytext)); config_start_include_glob(yytext); BEGIN(inc_prev); } <> { yyerror("EOF inside quoted string"); BEGIN(inc_prev); } {DQANY}* { LEXOUT(("ISTR(%s) ", yytext)); yymore(); } {NEWLINE} { yyerror("newline before \" in include name"); cfg_parser->line++; BEGIN(inc_prev); } \" { LEXOUT(("IQE ")); yytext[yyleng - 1] = '\0'; config_start_include_glob(yytext); BEGIN(inc_prev); } <> { LEXOUT(("LEXEOF ")); yy_set_bol(1); /* Set beginning of line, so "^" rules match. */ if (!config_include_stack) { yyterminate(); } else { fclose(yyin); config_end_include(); } } {UNQUOTEDLETTER}* { LEXOUT(("unquotedstr(%s) ", yytext)); if(--num_args == 0) { BEGIN(INITIAL); } yylval.str = strdup(yytext); return STRING_ARG; } {UNQUOTEDLETTER_NOCOLON}* { ub_c_error_msg("unknown keyword '%s'", yytext); } <*>. { ub_c_error_msg("stray '%s'", yytext); } %% Index: head/contrib/unbound/util/configparser.c =================================================================== --- head/contrib/unbound/util/configparser.c (revision 268838) +++ head/contrib/unbound/util/configparser.c (revision 268839) @@ -1,2376 +1,2396 @@ -#ifndef lint -static const char yysccsid[] = "@(#)yaccpar 1.9 (Berkeley) 02/21/93"; -#endif +/* original parser id follows */ +/* yysccsid[] = "@(#)yaccpar 1.9 (Berkeley) 02/21/93" */ +/* (use YYMAJOR/YYMINOR for ifdefs dependent on parser version) */ #define YYBYACC 1 #define YYMAJOR 1 #define YYMINOR 9 +#define YYPATCH 20140409 #define YYEMPTY (-1) #define yyclearin (yychar = YYEMPTY) #define yyerrok (yyerrflag = 0) #define YYRECOVERING() (yyerrflag != 0) - +#define YYENOMEM (-2) +#define YYEOF 0 #define YYPREFIX "yy" #define YYPURE 0 #line 39 "util/configparser.y" #include "config.h" #include #include #include #include #include #include "util/configyyrename.h" #include "util/config_file.h" #include "util/net_help.h" int ub_c_lex(void); void ub_c_error(const char *message); /* these need to be global, otherwise they cannot be used inside yacc */ extern struct config_parser_state* cfg_parser; #if 0 #define OUTYY(s) printf s /* used ONLY when debugging */ #else #define OUTYY(s) #endif #line 64 "util/configparser.y" #ifdef YYSTYPE #undef YYSTYPE_IS_DECLARED #define YYSTYPE_IS_DECLARED 1 #endif #ifndef YYSTYPE_IS_DECLARED #define YYSTYPE_IS_DECLARED 1 typedef union { char* str; } YYSTYPE; #endif /* !YYSTYPE_IS_DECLARED */ -#line 54 "util/configparser.c" +#line 57 "util/configparser.c" /* compatibility with bison */ #ifdef YYPARSE_PARAM /* compatibility with FreeBSD */ # ifdef YYPARSE_PARAM_TYPE # define YYPARSE_DECL() yyparse(YYPARSE_PARAM_TYPE YYPARSE_PARAM) # else # define YYPARSE_DECL() yyparse(void *YYPARSE_PARAM) # endif #else # define YYPARSE_DECL() yyparse(void) #endif /* Parameters sent to lex. */ #ifdef YYLEX_PARAM # define YYLEX_DECL() yylex(void *YYLEX_PARAM) # define YYLEX yylex(YYLEX_PARAM) #else # define YYLEX_DECL() yylex(void) # define YYLEX yylex() #endif /* Parameters sent to yyerror. */ #ifndef YYERROR_DECL #define YYERROR_DECL() yyerror(const char *s) #endif #ifndef YYERROR_CALL #define YYERROR_CALL(msg) yyerror(msg) #endif extern int YYPARSE_DECL(); #define SPACE 257 #define LETTER 258 #define NEWLINE 259 #define COMMENT 260 #define COLON 261 #define ANY 262 #define ZONESTR 263 #define STRING_ARG 264 #define VAR_SERVER 265 #define VAR_VERBOSITY 266 #define VAR_NUM_THREADS 267 #define VAR_PORT 268 #define VAR_OUTGOING_RANGE 269 #define VAR_INTERFACE 270 #define VAR_DO_IP4 271 #define VAR_DO_IP6 272 #define VAR_DO_UDP 273 #define VAR_DO_TCP 274 #define VAR_CHROOT 275 #define VAR_USERNAME 276 #define VAR_DIRECTORY 277 #define VAR_LOGFILE 278 #define VAR_PIDFILE 279 #define VAR_MSG_CACHE_SIZE 280 #define VAR_MSG_CACHE_SLABS 281 #define VAR_NUM_QUERIES_PER_THREAD 282 #define VAR_RRSET_CACHE_SIZE 283 #define VAR_RRSET_CACHE_SLABS 284 #define VAR_OUTGOING_NUM_TCP 285 #define VAR_INFRA_HOST_TTL 286 #define VAR_INFRA_LAME_TTL 287 #define VAR_INFRA_CACHE_SLABS 288 #define VAR_INFRA_CACHE_NUMHOSTS 289 #define VAR_INFRA_CACHE_LAME_SIZE 290 #define VAR_NAME 291 #define VAR_STUB_ZONE 292 #define VAR_STUB_HOST 293 #define VAR_STUB_ADDR 294 #define VAR_TARGET_FETCH_POLICY 295 #define VAR_HARDEN_SHORT_BUFSIZE 296 #define VAR_HARDEN_LARGE_QUERIES 297 #define VAR_FORWARD_ZONE 298 #define VAR_FORWARD_HOST 299 #define VAR_FORWARD_ADDR 300 #define VAR_DO_NOT_QUERY_ADDRESS 301 #define VAR_HIDE_IDENTITY 302 #define VAR_HIDE_VERSION 303 #define VAR_IDENTITY 304 #define VAR_VERSION 305 #define VAR_HARDEN_GLUE 306 #define VAR_MODULE_CONF 307 #define VAR_TRUST_ANCHOR_FILE 308 #define VAR_TRUST_ANCHOR 309 #define VAR_VAL_OVERRIDE_DATE 310 #define VAR_BOGUS_TTL 311 #define VAR_VAL_CLEAN_ADDITIONAL 312 #define VAR_VAL_PERMISSIVE_MODE 313 #define VAR_INCOMING_NUM_TCP 314 #define VAR_MSG_BUFFER_SIZE 315 #define VAR_KEY_CACHE_SIZE 316 #define VAR_KEY_CACHE_SLABS 317 #define VAR_TRUSTED_KEYS_FILE 318 #define VAR_VAL_NSEC3_KEYSIZE_ITERATIONS 319 #define VAR_USE_SYSLOG 320 #define VAR_OUTGOING_INTERFACE 321 #define VAR_ROOT_HINTS 322 #define VAR_DO_NOT_QUERY_LOCALHOST 323 #define VAR_CACHE_MAX_TTL 324 #define VAR_HARDEN_DNSSEC_STRIPPED 325 #define VAR_ACCESS_CONTROL 326 #define VAR_LOCAL_ZONE 327 #define VAR_LOCAL_DATA 328 #define VAR_INTERFACE_AUTOMATIC 329 #define VAR_STATISTICS_INTERVAL 330 #define VAR_DO_DAEMONIZE 331 #define VAR_USE_CAPS_FOR_ID 332 #define VAR_STATISTICS_CUMULATIVE 333 #define VAR_OUTGOING_PORT_PERMIT 334 #define VAR_OUTGOING_PORT_AVOID 335 #define VAR_DLV_ANCHOR_FILE 336 #define VAR_DLV_ANCHOR 337 #define VAR_NEG_CACHE_SIZE 338 #define VAR_HARDEN_REFERRAL_PATH 339 #define VAR_PRIVATE_ADDRESS 340 #define VAR_PRIVATE_DOMAIN 341 #define VAR_REMOTE_CONTROL 342 #define VAR_CONTROL_ENABLE 343 #define VAR_CONTROL_INTERFACE 344 #define VAR_CONTROL_PORT 345 #define VAR_SERVER_KEY_FILE 346 #define VAR_SERVER_CERT_FILE 347 #define VAR_CONTROL_KEY_FILE 348 #define VAR_CONTROL_CERT_FILE 349 #define VAR_EXTENDED_STATISTICS 350 #define VAR_LOCAL_DATA_PTR 351 #define VAR_JOSTLE_TIMEOUT 352 #define VAR_STUB_PRIME 353 #define VAR_UNWANTED_REPLY_THRESHOLD 354 #define VAR_LOG_TIME_ASCII 355 #define VAR_DOMAIN_INSECURE 356 #define VAR_PYTHON 357 #define VAR_PYTHON_SCRIPT 358 #define VAR_VAL_SIG_SKEW_MIN 359 #define VAR_VAL_SIG_SKEW_MAX 360 #define VAR_CACHE_MIN_TTL 361 #define VAR_VAL_LOG_LEVEL 362 #define VAR_AUTO_TRUST_ANCHOR_FILE 363 #define VAR_KEEP_MISSING 364 #define VAR_ADD_HOLDDOWN 365 #define VAR_DEL_HOLDDOWN 366 #define VAR_SO_RCVBUF 367 #define VAR_EDNS_BUFFER_SIZE 368 #define VAR_PREFETCH 369 #define VAR_PREFETCH_KEY 370 #define VAR_SO_SNDBUF 371 #define VAR_SO_REUSEPORT 372 #define VAR_HARDEN_BELOW_NXDOMAIN 373 #define VAR_IGNORE_CD_FLAG 374 #define VAR_LOG_QUERIES 375 #define VAR_TCP_UPSTREAM 376 #define VAR_SSL_UPSTREAM 377 #define VAR_SSL_SERVICE_KEY 378 #define VAR_SSL_SERVICE_PEM 379 #define VAR_SSL_PORT 380 #define VAR_FORWARD_FIRST 381 #define VAR_STUB_FIRST 382 #define VAR_MINIMAL_RESPONSES 383 #define VAR_RRSET_ROUNDROBIN 384 #define VAR_MAX_UDP_SIZE 385 #define VAR_DELAY_CLOSE 386 +#define VAR_UNBLOCK_LAN_ZONES 387 #define YYERRCODE 256 -static const short yylhs[] = { -1, +typedef short YYINT; +static const YYINT yylhs[] = { -1, 0, 0, 1, 1, 1, 1, 1, 2, 3, 3, 12, 12, 12, 12, 12, 12, 12, 12, 12, 12, 12, 12, 12, 12, 12, 12, 12, 12, 12, 12, 12, 12, 12, 12, 12, 12, 12, 12, 12, 12, 12, 12, 12, 12, 12, 12, 12, 12, 12, 12, 12, 12, 12, 12, 12, 12, 12, 12, 12, 12, 12, 12, 12, 12, 12, 12, 12, 12, 12, 12, 12, 12, 12, 12, 12, 12, 12, 12, 12, 12, 12, 12, 12, 12, 12, 12, 12, 12, 12, 12, 12, 12, 12, 12, 12, 12, 12, 12, 12, 12, 12, 12, 12, 12, 12, 12, 12, 12, 12, 12, - 12, 4, 5, 5, 114, 114, 114, 114, 114, 6, - 7, 7, 120, 120, 120, 120, 13, 14, 70, 73, - 82, 15, 21, 61, 16, 74, 75, 32, 54, 69, - 17, 18, 19, 20, 104, 105, 106, 107, 108, 71, - 60, 86, 103, 22, 23, 24, 25, 26, 62, 76, - 77, 92, 48, 58, 49, 87, 42, 43, 44, 45, - 96, 100, 112, 97, 55, 27, 28, 29, 84, 113, - 30, 31, 33, 34, 36, 37, 35, 38, 39, 40, - 46, 65, 101, 79, 72, 80, 81, 98, 99, 85, - 41, 63, 66, 47, 50, 88, 89, 64, 90, 51, - 52, 53, 102, 91, 59, 93, 94, 95, 56, 57, - 78, 67, 68, 83, 109, 110, 111, 115, 116, 117, - 119, 118, 121, 122, 123, 124, 10, 11, 11, 125, - 125, 125, 125, 125, 125, 125, 126, 128, 127, 129, - 130, 131, 132, 8, 9, 9, 133, 134, + 12, 12, 4, 5, 5, 115, 115, 115, 115, 115, + 6, 7, 7, 121, 121, 121, 121, 13, 14, 70, + 73, 82, 15, 21, 61, 16, 74, 75, 32, 54, + 69, 17, 18, 19, 20, 104, 105, 106, 107, 108, + 71, 60, 86, 103, 22, 23, 24, 25, 26, 62, + 76, 77, 92, 48, 58, 49, 87, 42, 43, 44, + 45, 96, 100, 112, 97, 55, 27, 28, 29, 84, + 113, 114, 30, 31, 33, 34, 36, 37, 35, 38, + 39, 40, 46, 65, 101, 79, 72, 80, 81, 98, + 99, 85, 41, 63, 66, 47, 50, 88, 89, 64, + 90, 51, 52, 53, 102, 91, 59, 93, 94, 95, + 56, 57, 78, 67, 68, 83, 109, 110, 111, 116, + 117, 118, 120, 119, 122, 123, 124, 125, 10, 11, + 11, 126, 126, 126, 126, 126, 126, 126, 127, 129, + 128, 130, 131, 132, 133, 8, 9, 9, 134, 135, }; -static const short yylen[] = { 2, +static const YYINT yylen[] = { 2, 0, 2, 2, 2, 2, 2, 2, 1, 2, 0, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - 1, 1, 2, 0, 1, 1, 1, 1, 1, 1, - 2, 0, 1, 1, 1, 1, 2, 2, 2, 2, + 1, 1, 1, 2, 0, 1, 1, 1, 1, 1, + 1, 2, 0, 1, 1, 1, 1, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, - 2, 2, 3, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 3, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, - 2, 3, 2, 2, 2, 2, 2, 2, 2, 2, - 2, 2, 2, 2, 2, 2, 1, 2, 0, 1, - 1, 1, 1, 1, 1, 1, 2, 2, 2, 2, - 2, 2, 2, 1, 2, 0, 1, 2, + 2, 2, 2, 3, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 1, 2, + 0, 1, 1, 1, 1, 1, 1, 1, 2, 2, + 2, 2, 2, 2, 2, 1, 2, 0, 1, 2, }; -static const short yydefred[] = { 1, - 0, 8, 112, 120, 237, 254, 2, 10, 114, 122, - 256, 239, 0, 0, 0, 0, 0, 0, 0, 0, +static const YYINT yydefred[] = { 1, + 0, 8, 113, 121, 239, 256, 2, 10, 115, 123, + 258, 241, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 9, 11, - 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, - 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, - 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, - 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, - 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, - 62, 63, 64, 65, 66, 67, 68, 69, 70, 71, - 72, 73, 74, 75, 76, 77, 78, 79, 80, 81, - 82, 83, 84, 85, 86, 87, 88, 89, 90, 91, - 92, 93, 94, 95, 96, 97, 98, 99, 100, 101, - 102, 103, 104, 105, 106, 107, 108, 109, 110, 111, - 0, 0, 0, 0, 0, 113, 115, 116, 117, 118, - 119, 0, 0, 0, 0, 121, 123, 124, 125, 126, - 0, 255, 257, 0, 0, 0, 0, 0, 0, 0, - 238, 240, 241, 242, 243, 244, 245, 246, 128, 127, - 132, 135, 133, 141, 142, 143, 144, 154, 155, 156, - 157, 158, 176, 177, 178, 181, 182, 138, 183, 184, - 187, 185, 186, 188, 189, 190, 201, 167, 168, 169, - 170, 191, 204, 163, 165, 205, 210, 211, 212, 139, - 175, 219, 220, 164, 215, 151, 134, 159, 202, 208, - 192, 0, 0, 223, 140, 129, 150, 195, 130, 136, - 137, 160, 161, 221, 194, 196, 197, 131, 224, 179, - 200, 152, 166, 206, 207, 209, 214, 162, 218, 216, - 217, 171, 174, 198, 199, 172, 173, 193, 213, 153, - 145, 146, 147, 148, 149, 225, 226, 227, 180, 228, - 229, 230, 232, 231, 233, 234, 235, 236, 258, 247, - 249, 248, 250, 251, 252, 253, 203, 222, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 9, + 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, + 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, + 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, + 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, + 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, + 61, 62, 63, 64, 65, 66, 67, 68, 69, 70, + 71, 72, 73, 74, 75, 76, 77, 78, 79, 80, + 81, 82, 83, 84, 85, 86, 87, 88, 89, 90, + 91, 92, 93, 94, 95, 96, 97, 98, 99, 100, + 101, 102, 103, 104, 105, 106, 107, 108, 109, 110, + 111, 112, 0, 0, 0, 0, 0, 114, 116, 117, + 118, 119, 120, 0, 0, 0, 0, 122, 124, 125, + 126, 127, 0, 257, 259, 0, 0, 0, 0, 0, + 0, 0, 240, 242, 243, 244, 245, 246, 247, 248, + 129, 128, 133, 136, 134, 142, 143, 144, 145, 155, + 156, 157, 158, 159, 177, 178, 179, 183, 184, 139, + 185, 186, 189, 187, 188, 190, 191, 192, 203, 168, + 169, 170, 171, 193, 206, 164, 166, 207, 212, 213, + 214, 140, 176, 221, 222, 165, 217, 152, 135, 160, + 204, 210, 194, 0, 0, 225, 141, 130, 151, 197, + 131, 137, 138, 161, 162, 223, 196, 198, 199, 132, + 226, 180, 202, 153, 167, 208, 209, 211, 216, 163, + 220, 218, 219, 172, 175, 200, 201, 173, 174, 195, + 215, 154, 146, 147, 148, 149, 150, 227, 228, 229, + 181, 182, 230, 231, 232, 234, 233, 235, 236, 237, + 238, 260, 249, 251, 250, 252, 253, 254, 255, 205, + 224, }; -static const short yydgoto[] = { 1, +static const YYINT yydgoto[] = { 1, 7, 8, 13, 9, 14, 10, 15, 11, 16, 12, - 17, 119, 120, 121, 122, 123, 124, 125, 126, 127, - 128, 129, 130, 131, 132, 133, 134, 135, 136, 137, - 138, 139, 140, 141, 142, 143, 144, 145, 146, 147, - 148, 149, 150, 151, 152, 153, 154, 155, 156, 157, - 158, 159, 160, 161, 162, 163, 164, 165, 166, 167, - 168, 169, 170, 171, 172, 173, 174, 175, 176, 177, - 178, 179, 180, 181, 182, 183, 184, 185, 186, 187, - 188, 189, 190, 191, 192, 193, 194, 195, 196, 197, - 198, 199, 200, 201, 202, 203, 204, 205, 206, 207, - 208, 209, 210, 211, 212, 213, 214, 215, 216, 217, - 218, 219, 220, 226, 227, 228, 229, 230, 231, 236, - 237, 238, 239, 240, 251, 252, 253, 254, 255, 256, - 257, 258, 242, 243, + 17, 120, 121, 122, 123, 124, 125, 126, 127, 128, + 129, 130, 131, 132, 133, 134, 135, 136, 137, 138, + 139, 140, 141, 142, 143, 144, 145, 146, 147, 148, + 149, 150, 151, 152, 153, 154, 155, 156, 157, 158, + 159, 160, 161, 162, 163, 164, 165, 166, 167, 168, + 169, 170, 171, 172, 173, 174, 175, 176, 177, 178, + 179, 180, 181, 182, 183, 184, 185, 186, 187, 188, + 189, 190, 191, 192, 193, 194, 195, 196, 197, 198, + 199, 200, 201, 202, 203, 204, 205, 206, 207, 208, + 209, 210, 211, 212, 213, 214, 215, 216, 217, 218, + 219, 220, 221, 222, 228, 229, 230, 231, 232, 233, + 238, 239, 240, 241, 242, 253, 254, 255, 256, 257, + 258, 259, 260, 244, 245, }; -static const short yysindex[] = { 0, +static const YYINT yysindex[] = { 0, -144, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, -260, -209, -202, -358, -216, -233, -232, -231, + 0, 0, -260, -209, -202, -358, -215, -233, -232, -231, -230, -226, -225, -224, -181, -178, -177, -176, -171, -142, - -130, -129, -128, -127, -126, -125, -124, -123, -122, -121, - -119, -118, -117, -115, -114, -113, -112, -111, -109, -108, - -107, -106, -105, -104, -103, -102, -101, -100, -99, -98, - -97, -96, -95, -94, -93, -92, -90, -89, -88, -87, - -86, -84, -83, -82, -81, -80, -79, -78, -77, -76, - -75, -74, -73, -72, -71, -70, -69, -68, -67, -65, - -64, -63, -62, -61, -60, -59, -58, -57, -56, -55, - -54, -53, -52, -50, -49, -48, -47, -46, -45, -44, - -43, -42, -41, -40, -39, -38, -37, -36, 0, 0, + -129, -128, -127, -126, -125, -124, -123, -122, -121, -119, + -118, -117, -115, -114, -113, -112, -111, -109, -108, -107, + -106, -105, -104, -103, -102, -101, -100, -99, -98, -97, + -96, -95, -94, -93, -92, -90, -89, -88, -87, -86, + -84, -83, -82, -81, -80, -79, -78, -77, -76, -75, + -74, -73, -72, -71, -70, -69, -68, -67, -65, -64, + -63, -62, -61, -60, -59, -58, -57, -56, -55, -54, + -53, -52, -50, -49, -48, -47, -46, -45, -44, -43, + -42, -41, -40, -39, -38, -37, -36, -35, -34, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - -35, -34, -33, -32, -31, 0, 0, 0, 0, 0, - 0, -30, -29, -28, -27, 0, 0, 0, 0, 0, - -26, 0, 0, -25, -24, -23, -22, -21, -20, -19, + 0, 0, -33, -32, -31, -30, -29, 0, 0, 0, + 0, 0, 0, -28, -27, -26, -25, 0, 0, 0, + 0, 0, -24, 0, 0, -23, -22, -21, -20, -19, + -18, -17, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, -16, -15, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, -18, -17, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, + 0, }; -static const short yyrindex[] = { 0, +static const YYINT yyrindex[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 2, 3, 4, 5, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, }; -static const short yygindex[] = { 0, +static const YYINT yygindex[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, + 0, 0, 0, 0, 0, }; #define YYTABLESIZE 362 -static const short yytable[] = { 241, +static const YYINT yytable[] = { 243, 3, 4, 5, 6, 7, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, - 259, 260, 261, 262, 43, 44, 45, 263, 264, 265, + 261, 262, 263, 264, 43, 44, 45, 265, 266, 267, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77, 78, 79, 80, 81, 82, 83, 84, 85, - 86, 221, 266, 222, 223, 267, 268, 269, 232, 87, - 88, 89, 270, 90, 91, 92, 233, 234, 93, 94, + 86, 223, 268, 224, 225, 269, 270, 271, 234, 87, + 88, 89, 272, 90, 91, 92, 235, 236, 93, 94, 95, 96, 97, 98, 99, 100, 101, 102, 103, 104, 105, 106, 107, 108, 109, 110, 111, 112, 113, 114, - 2, 271, 115, 116, 117, 118, 244, 245, 246, 247, - 248, 249, 250, 272, 273, 274, 275, 276, 277, 278, - 279, 280, 281, 224, 282, 283, 284, 3, 285, 286, - 287, 288, 289, 4, 290, 291, 292, 293, 294, 295, - 296, 297, 298, 299, 300, 301, 302, 303, 304, 305, - 306, 307, 225, 308, 309, 310, 311, 312, 235, 313, - 314, 315, 316, 317, 318, 319, 320, 321, 322, 323, - 324, 325, 326, 327, 328, 329, 330, 5, 331, 332, - 333, 334, 335, 336, 337, 338, 339, 340, 341, 342, - 343, 344, 6, 345, 346, 347, 348, 349, 350, 351, - 352, 353, 354, 355, 356, 357, 358, 359, 360, 361, - 362, 363, 364, 365, 366, 367, 368, 369, 370, 371, - 372, 373, 374, 375, 376, 377, 378, 0, 0, 0, + 2, 273, 115, 116, 117, 118, 119, 246, 247, 248, + 249, 250, 251, 252, 274, 275, 276, 277, 278, 279, + 280, 281, 282, 226, 283, 284, 285, 3, 286, 287, + 288, 289, 290, 4, 291, 292, 293, 294, 295, 296, + 297, 298, 299, 300, 301, 302, 303, 304, 305, 306, + 307, 308, 227, 309, 310, 311, 312, 313, 237, 314, + 315, 316, 317, 318, 319, 320, 321, 322, 323, 324, + 325, 326, 327, 328, 329, 330, 331, 5, 332, 333, + 334, 335, 336, 337, 338, 339, 340, 341, 342, 343, + 344, 345, 6, 346, 347, 348, 349, 350, 351, 352, + 353, 354, 355, 356, 357, 358, 359, 360, 361, 362, + 363, 364, 365, 366, 367, 368, 369, 370, 371, 372, + 373, 374, 375, 376, 377, 378, 379, 380, 381, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 3, 4, 5, 6, 7, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 3, 4, 5, 6, 7, 0, 3, 4, 5, 6, 7, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 3, 4, 5, 6, 7, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 3, 4, 5, 6, 7, }; -static const short yycheck[] = { 358, +static const YYINT yycheck[] = { 358, 0, 0, 0, 0, 0, 266, 267, 268, 269, 270, 271, 272, 273, 274, 275, 276, 277, 278, 279, 280, 281, 282, 283, 284, 285, 286, 287, 288, 289, 290, 264, 264, 264, 264, 295, 296, 297, 264, 264, 264, 301, 302, 303, 304, 305, 306, 307, 308, 309, 310, 311, 312, 313, 314, 315, 316, 317, 318, 319, 320, 321, 322, 323, 324, 325, 326, 327, 328, 329, 330, 331, 332, 333, 334, 335, 336, 337, 338, 339, 340, 341, 291, 264, 293, 294, 264, 264, 264, 291, 350, 351, 352, 264, 354, 355, 356, 299, 300, 359, 360, 361, 362, 363, 364, 365, 366, 367, 368, 369, 370, 371, 372, 373, 374, 375, 376, 377, 378, 379, 380, - 265, 264, 383, 384, 385, 386, 343, 344, 345, 346, - 347, 348, 349, 264, 264, 264, 264, 264, 264, 264, + 265, 264, 383, 384, 385, 386, 387, 343, 344, 345, + 346, 347, 348, 349, 264, 264, 264, 264, 264, 264, 264, 264, 264, 353, 264, 264, 264, 292, 264, 264, 264, 264, 264, 298, 264, 264, 264, 264, 264, 264, 264, 264, 264, 264, 264, 264, 264, 264, 264, 264, 264, 264, 382, 264, 264, 264, 264, 264, 381, 264, 264, 264, 264, 264, 264, 264, 264, 264, 264, 264, 264, 264, 264, 264, 264, 264, 264, 342, 264, 264, 264, 264, 264, 264, 264, 264, 264, 264, 264, 264, 264, 264, 357, 264, 264, 264, 264, 264, 264, 264, 264, 264, 264, 264, 264, 264, 264, 264, 264, 264, 264, 264, 264, 264, 264, 264, 264, 264, 264, 264, - 264, 264, 264, 264, 264, 264, 264, -1, -1, -1, + 264, 264, 264, 264, 264, 264, 264, 264, 264, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 265, 265, 265, 265, 265, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 292, 292, 292, 292, 292, -1, 298, 298, 298, 298, 298, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 342, 342, 342, 342, 342, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 357, 357, 357, 357, 357, }; #define YYFINAL 1 #ifndef YYDEBUG #define YYDEBUG 0 #endif -#define YYMAXTOKEN 386 +#define YYMAXTOKEN 387 +#define YYUNDFTOKEN 525 +#define YYTRANSLATE(a) ((a) > YYMAXTOKEN ? YYUNDFTOKEN : (a)) #if YYDEBUG -static const char *yyname[] = { +static const char *const yyname[] = { "end-of-file",0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0, 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0, 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0, 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0, 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0, 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0, 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,"SPACE","LETTER","NEWLINE", "COMMENT","COLON","ANY","ZONESTR","STRING_ARG","VAR_SERVER","VAR_VERBOSITY", "VAR_NUM_THREADS","VAR_PORT","VAR_OUTGOING_RANGE","VAR_INTERFACE","VAR_DO_IP4", "VAR_DO_IP6","VAR_DO_UDP","VAR_DO_TCP","VAR_CHROOT","VAR_USERNAME", "VAR_DIRECTORY","VAR_LOGFILE","VAR_PIDFILE","VAR_MSG_CACHE_SIZE", "VAR_MSG_CACHE_SLABS","VAR_NUM_QUERIES_PER_THREAD","VAR_RRSET_CACHE_SIZE", "VAR_RRSET_CACHE_SLABS","VAR_OUTGOING_NUM_TCP","VAR_INFRA_HOST_TTL", "VAR_INFRA_LAME_TTL","VAR_INFRA_CACHE_SLABS","VAR_INFRA_CACHE_NUMHOSTS", "VAR_INFRA_CACHE_LAME_SIZE","VAR_NAME","VAR_STUB_ZONE","VAR_STUB_HOST", "VAR_STUB_ADDR","VAR_TARGET_FETCH_POLICY","VAR_HARDEN_SHORT_BUFSIZE", "VAR_HARDEN_LARGE_QUERIES","VAR_FORWARD_ZONE","VAR_FORWARD_HOST", "VAR_FORWARD_ADDR","VAR_DO_NOT_QUERY_ADDRESS","VAR_HIDE_IDENTITY", "VAR_HIDE_VERSION","VAR_IDENTITY","VAR_VERSION","VAR_HARDEN_GLUE", "VAR_MODULE_CONF","VAR_TRUST_ANCHOR_FILE","VAR_TRUST_ANCHOR", "VAR_VAL_OVERRIDE_DATE","VAR_BOGUS_TTL","VAR_VAL_CLEAN_ADDITIONAL", "VAR_VAL_PERMISSIVE_MODE","VAR_INCOMING_NUM_TCP","VAR_MSG_BUFFER_SIZE", "VAR_KEY_CACHE_SIZE","VAR_KEY_CACHE_SLABS","VAR_TRUSTED_KEYS_FILE", "VAR_VAL_NSEC3_KEYSIZE_ITERATIONS","VAR_USE_SYSLOG","VAR_OUTGOING_INTERFACE", "VAR_ROOT_HINTS","VAR_DO_NOT_QUERY_LOCALHOST","VAR_CACHE_MAX_TTL", "VAR_HARDEN_DNSSEC_STRIPPED","VAR_ACCESS_CONTROL","VAR_LOCAL_ZONE", "VAR_LOCAL_DATA","VAR_INTERFACE_AUTOMATIC","VAR_STATISTICS_INTERVAL", "VAR_DO_DAEMONIZE","VAR_USE_CAPS_FOR_ID","VAR_STATISTICS_CUMULATIVE", "VAR_OUTGOING_PORT_PERMIT","VAR_OUTGOING_PORT_AVOID","VAR_DLV_ANCHOR_FILE", "VAR_DLV_ANCHOR","VAR_NEG_CACHE_SIZE","VAR_HARDEN_REFERRAL_PATH", "VAR_PRIVATE_ADDRESS","VAR_PRIVATE_DOMAIN","VAR_REMOTE_CONTROL", "VAR_CONTROL_ENABLE","VAR_CONTROL_INTERFACE","VAR_CONTROL_PORT", "VAR_SERVER_KEY_FILE","VAR_SERVER_CERT_FILE","VAR_CONTROL_KEY_FILE", "VAR_CONTROL_CERT_FILE","VAR_EXTENDED_STATISTICS","VAR_LOCAL_DATA_PTR", "VAR_JOSTLE_TIMEOUT","VAR_STUB_PRIME","VAR_UNWANTED_REPLY_THRESHOLD", "VAR_LOG_TIME_ASCII","VAR_DOMAIN_INSECURE","VAR_PYTHON","VAR_PYTHON_SCRIPT", "VAR_VAL_SIG_SKEW_MIN","VAR_VAL_SIG_SKEW_MAX","VAR_CACHE_MIN_TTL", "VAR_VAL_LOG_LEVEL","VAR_AUTO_TRUST_ANCHOR_FILE","VAR_KEEP_MISSING", "VAR_ADD_HOLDDOWN","VAR_DEL_HOLDDOWN","VAR_SO_RCVBUF","VAR_EDNS_BUFFER_SIZE", "VAR_PREFETCH","VAR_PREFETCH_KEY","VAR_SO_SNDBUF","VAR_SO_REUSEPORT", "VAR_HARDEN_BELOW_NXDOMAIN","VAR_IGNORE_CD_FLAG","VAR_LOG_QUERIES", "VAR_TCP_UPSTREAM","VAR_SSL_UPSTREAM","VAR_SSL_SERVICE_KEY", "VAR_SSL_SERVICE_PEM","VAR_SSL_PORT","VAR_FORWARD_FIRST","VAR_STUB_FIRST", "VAR_MINIMAL_RESPONSES","VAR_RRSET_ROUNDROBIN","VAR_MAX_UDP_SIZE", -"VAR_DELAY_CLOSE", +"VAR_DELAY_CLOSE","VAR_UNBLOCK_LAN_ZONES",0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0, +0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0, +0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0, +0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0, +"illegal-symbol", }; -static const char *yyrule[] = { +static const char *const yyrule[] = { "$accept : toplevelvars", "toplevelvars :", "toplevelvars : toplevelvars toplevelvar", "toplevelvar : serverstart contents_server", "toplevelvar : stubstart contents_stub", "toplevelvar : forwardstart contents_forward", "toplevelvar : pythonstart contents_py", "toplevelvar : rcstart contents_rc", "serverstart : VAR_SERVER", "contents_server : contents_server content_server", "contents_server :", "content_server : server_num_threads", "content_server : server_verbosity", "content_server : server_port", "content_server : server_outgoing_range", "content_server : server_do_ip4", "content_server : server_do_ip6", "content_server : server_do_udp", "content_server : server_do_tcp", "content_server : server_interface", "content_server : server_chroot", "content_server : server_username", "content_server : server_directory", "content_server : server_logfile", "content_server : server_pidfile", "content_server : server_msg_cache_size", "content_server : server_msg_cache_slabs", "content_server : server_num_queries_per_thread", "content_server : server_rrset_cache_size", "content_server : server_rrset_cache_slabs", "content_server : server_outgoing_num_tcp", "content_server : server_infra_host_ttl", "content_server : server_infra_lame_ttl", "content_server : server_infra_cache_slabs", "content_server : server_infra_cache_numhosts", "content_server : server_infra_cache_lame_size", "content_server : server_target_fetch_policy", "content_server : server_harden_short_bufsize", "content_server : server_harden_large_queries", "content_server : server_do_not_query_address", "content_server : server_hide_identity", "content_server : server_hide_version", "content_server : server_identity", "content_server : server_version", "content_server : server_harden_glue", "content_server : server_module_conf", "content_server : server_trust_anchor_file", "content_server : server_trust_anchor", "content_server : server_val_override_date", "content_server : server_bogus_ttl", "content_server : server_val_clean_additional", "content_server : server_val_permissive_mode", "content_server : server_incoming_num_tcp", "content_server : server_msg_buffer_size", "content_server : server_key_cache_size", "content_server : server_key_cache_slabs", "content_server : server_trusted_keys_file", "content_server : server_val_nsec3_keysize_iterations", "content_server : server_use_syslog", "content_server : server_outgoing_interface", "content_server : server_root_hints", "content_server : server_do_not_query_localhost", "content_server : server_cache_max_ttl", "content_server : server_harden_dnssec_stripped", "content_server : server_access_control", "content_server : server_local_zone", "content_server : server_local_data", "content_server : server_interface_automatic", "content_server : server_statistics_interval", "content_server : server_do_daemonize", "content_server : server_use_caps_for_id", "content_server : server_statistics_cumulative", "content_server : server_outgoing_port_permit", "content_server : server_outgoing_port_avoid", "content_server : server_dlv_anchor_file", "content_server : server_dlv_anchor", "content_server : server_neg_cache_size", "content_server : server_harden_referral_path", "content_server : server_private_address", "content_server : server_private_domain", "content_server : server_extended_statistics", "content_server : server_local_data_ptr", "content_server : server_jostle_timeout", "content_server : server_unwanted_reply_threshold", "content_server : server_log_time_ascii", "content_server : server_domain_insecure", "content_server : server_val_sig_skew_min", "content_server : server_val_sig_skew_max", "content_server : server_cache_min_ttl", "content_server : server_val_log_level", "content_server : server_auto_trust_anchor_file", "content_server : server_add_holddown", "content_server : server_del_holddown", "content_server : server_keep_missing", "content_server : server_so_rcvbuf", "content_server : server_edns_buffer_size", "content_server : server_prefetch", "content_server : server_prefetch_key", "content_server : server_so_sndbuf", "content_server : server_harden_below_nxdomain", "content_server : server_ignore_cd_flag", "content_server : server_log_queries", "content_server : server_tcp_upstream", "content_server : server_ssl_upstream", "content_server : server_ssl_service_key", "content_server : server_ssl_service_pem", "content_server : server_ssl_port", "content_server : server_minimal_responses", "content_server : server_rrset_roundrobin", "content_server : server_max_udp_size", "content_server : server_so_reuseport", "content_server : server_delay_close", +"content_server : server_unblock_lan_zones", "stubstart : VAR_STUB_ZONE", "contents_stub : contents_stub content_stub", "contents_stub :", "content_stub : stub_name", "content_stub : stub_host", "content_stub : stub_addr", "content_stub : stub_prime", "content_stub : stub_first", "forwardstart : VAR_FORWARD_ZONE", "contents_forward : contents_forward content_forward", "contents_forward :", "content_forward : forward_name", "content_forward : forward_host", "content_forward : forward_addr", "content_forward : forward_first", "server_num_threads : VAR_NUM_THREADS STRING_ARG", "server_verbosity : VAR_VERBOSITY STRING_ARG", "server_statistics_interval : VAR_STATISTICS_INTERVAL STRING_ARG", "server_statistics_cumulative : VAR_STATISTICS_CUMULATIVE STRING_ARG", "server_extended_statistics : VAR_EXTENDED_STATISTICS STRING_ARG", "server_port : VAR_PORT STRING_ARG", "server_interface : VAR_INTERFACE STRING_ARG", "server_outgoing_interface : VAR_OUTGOING_INTERFACE STRING_ARG", "server_outgoing_range : VAR_OUTGOING_RANGE STRING_ARG", "server_outgoing_port_permit : VAR_OUTGOING_PORT_PERMIT STRING_ARG", "server_outgoing_port_avoid : VAR_OUTGOING_PORT_AVOID STRING_ARG", "server_outgoing_num_tcp : VAR_OUTGOING_NUM_TCP STRING_ARG", "server_incoming_num_tcp : VAR_INCOMING_NUM_TCP STRING_ARG", "server_interface_automatic : VAR_INTERFACE_AUTOMATIC STRING_ARG", "server_do_ip4 : VAR_DO_IP4 STRING_ARG", "server_do_ip6 : VAR_DO_IP6 STRING_ARG", "server_do_udp : VAR_DO_UDP STRING_ARG", "server_do_tcp : VAR_DO_TCP STRING_ARG", "server_tcp_upstream : VAR_TCP_UPSTREAM STRING_ARG", "server_ssl_upstream : VAR_SSL_UPSTREAM STRING_ARG", "server_ssl_service_key : VAR_SSL_SERVICE_KEY STRING_ARG", "server_ssl_service_pem : VAR_SSL_SERVICE_PEM STRING_ARG", "server_ssl_port : VAR_SSL_PORT STRING_ARG", "server_do_daemonize : VAR_DO_DAEMONIZE STRING_ARG", "server_use_syslog : VAR_USE_SYSLOG STRING_ARG", "server_log_time_ascii : VAR_LOG_TIME_ASCII STRING_ARG", "server_log_queries : VAR_LOG_QUERIES STRING_ARG", "server_chroot : VAR_CHROOT STRING_ARG", "server_username : VAR_USERNAME STRING_ARG", "server_directory : VAR_DIRECTORY STRING_ARG", "server_logfile : VAR_LOGFILE STRING_ARG", "server_pidfile : VAR_PIDFILE STRING_ARG", "server_root_hints : VAR_ROOT_HINTS STRING_ARG", "server_dlv_anchor_file : VAR_DLV_ANCHOR_FILE STRING_ARG", "server_dlv_anchor : VAR_DLV_ANCHOR STRING_ARG", "server_auto_trust_anchor_file : VAR_AUTO_TRUST_ANCHOR_FILE STRING_ARG", "server_trust_anchor_file : VAR_TRUST_ANCHOR_FILE STRING_ARG", "server_trusted_keys_file : VAR_TRUSTED_KEYS_FILE STRING_ARG", "server_trust_anchor : VAR_TRUST_ANCHOR STRING_ARG", "server_domain_insecure : VAR_DOMAIN_INSECURE STRING_ARG", "server_hide_identity : VAR_HIDE_IDENTITY STRING_ARG", "server_hide_version : VAR_HIDE_VERSION STRING_ARG", "server_identity : VAR_IDENTITY STRING_ARG", "server_version : VAR_VERSION STRING_ARG", "server_so_rcvbuf : VAR_SO_RCVBUF STRING_ARG", "server_so_sndbuf : VAR_SO_SNDBUF STRING_ARG", "server_so_reuseport : VAR_SO_REUSEPORT STRING_ARG", "server_edns_buffer_size : VAR_EDNS_BUFFER_SIZE STRING_ARG", "server_msg_buffer_size : VAR_MSG_BUFFER_SIZE STRING_ARG", "server_msg_cache_size : VAR_MSG_CACHE_SIZE STRING_ARG", "server_msg_cache_slabs : VAR_MSG_CACHE_SLABS STRING_ARG", "server_num_queries_per_thread : VAR_NUM_QUERIES_PER_THREAD STRING_ARG", "server_jostle_timeout : VAR_JOSTLE_TIMEOUT STRING_ARG", "server_delay_close : VAR_DELAY_CLOSE STRING_ARG", +"server_unblock_lan_zones : VAR_UNBLOCK_LAN_ZONES STRING_ARG", "server_rrset_cache_size : VAR_RRSET_CACHE_SIZE STRING_ARG", "server_rrset_cache_slabs : VAR_RRSET_CACHE_SLABS STRING_ARG", "server_infra_host_ttl : VAR_INFRA_HOST_TTL STRING_ARG", "server_infra_lame_ttl : VAR_INFRA_LAME_TTL STRING_ARG", "server_infra_cache_numhosts : VAR_INFRA_CACHE_NUMHOSTS STRING_ARG", "server_infra_cache_lame_size : VAR_INFRA_CACHE_LAME_SIZE STRING_ARG", "server_infra_cache_slabs : VAR_INFRA_CACHE_SLABS STRING_ARG", "server_target_fetch_policy : VAR_TARGET_FETCH_POLICY STRING_ARG", "server_harden_short_bufsize : VAR_HARDEN_SHORT_BUFSIZE STRING_ARG", "server_harden_large_queries : VAR_HARDEN_LARGE_QUERIES STRING_ARG", "server_harden_glue : VAR_HARDEN_GLUE STRING_ARG", "server_harden_dnssec_stripped : VAR_HARDEN_DNSSEC_STRIPPED STRING_ARG", "server_harden_below_nxdomain : VAR_HARDEN_BELOW_NXDOMAIN STRING_ARG", "server_harden_referral_path : VAR_HARDEN_REFERRAL_PATH STRING_ARG", "server_use_caps_for_id : VAR_USE_CAPS_FOR_ID STRING_ARG", "server_private_address : VAR_PRIVATE_ADDRESS STRING_ARG", "server_private_domain : VAR_PRIVATE_DOMAIN STRING_ARG", "server_prefetch : VAR_PREFETCH STRING_ARG", "server_prefetch_key : VAR_PREFETCH_KEY STRING_ARG", "server_unwanted_reply_threshold : VAR_UNWANTED_REPLY_THRESHOLD STRING_ARG", "server_do_not_query_address : VAR_DO_NOT_QUERY_ADDRESS STRING_ARG", "server_do_not_query_localhost : VAR_DO_NOT_QUERY_LOCALHOST STRING_ARG", "server_access_control : VAR_ACCESS_CONTROL STRING_ARG STRING_ARG", "server_module_conf : VAR_MODULE_CONF STRING_ARG", "server_val_override_date : VAR_VAL_OVERRIDE_DATE STRING_ARG", "server_val_sig_skew_min : VAR_VAL_SIG_SKEW_MIN STRING_ARG", "server_val_sig_skew_max : VAR_VAL_SIG_SKEW_MAX STRING_ARG", "server_cache_max_ttl : VAR_CACHE_MAX_TTL STRING_ARG", "server_cache_min_ttl : VAR_CACHE_MIN_TTL STRING_ARG", "server_bogus_ttl : VAR_BOGUS_TTL STRING_ARG", "server_val_clean_additional : VAR_VAL_CLEAN_ADDITIONAL STRING_ARG", "server_val_permissive_mode : VAR_VAL_PERMISSIVE_MODE STRING_ARG", "server_ignore_cd_flag : VAR_IGNORE_CD_FLAG STRING_ARG", "server_val_log_level : VAR_VAL_LOG_LEVEL STRING_ARG", "server_val_nsec3_keysize_iterations : VAR_VAL_NSEC3_KEYSIZE_ITERATIONS STRING_ARG", "server_add_holddown : VAR_ADD_HOLDDOWN STRING_ARG", "server_del_holddown : VAR_DEL_HOLDDOWN STRING_ARG", "server_keep_missing : VAR_KEEP_MISSING STRING_ARG", "server_key_cache_size : VAR_KEY_CACHE_SIZE STRING_ARG", "server_key_cache_slabs : VAR_KEY_CACHE_SLABS STRING_ARG", "server_neg_cache_size : VAR_NEG_CACHE_SIZE STRING_ARG", "server_local_zone : VAR_LOCAL_ZONE STRING_ARG STRING_ARG", "server_local_data : VAR_LOCAL_DATA STRING_ARG", "server_local_data_ptr : VAR_LOCAL_DATA_PTR STRING_ARG", "server_minimal_responses : VAR_MINIMAL_RESPONSES STRING_ARG", "server_rrset_roundrobin : VAR_RRSET_ROUNDROBIN STRING_ARG", "server_max_udp_size : VAR_MAX_UDP_SIZE STRING_ARG", "stub_name : VAR_NAME STRING_ARG", "stub_host : VAR_STUB_HOST STRING_ARG", "stub_addr : VAR_STUB_ADDR STRING_ARG", "stub_first : VAR_STUB_FIRST STRING_ARG", "stub_prime : VAR_STUB_PRIME STRING_ARG", "forward_name : VAR_NAME STRING_ARG", "forward_host : VAR_FORWARD_HOST STRING_ARG", "forward_addr : VAR_FORWARD_ADDR STRING_ARG", "forward_first : VAR_FORWARD_FIRST STRING_ARG", "rcstart : VAR_REMOTE_CONTROL", "contents_rc : contents_rc content_rc", "contents_rc :", "content_rc : rc_control_enable", "content_rc : rc_control_interface", "content_rc : rc_control_port", "content_rc : rc_server_key_file", "content_rc : rc_server_cert_file", "content_rc : rc_control_key_file", "content_rc : rc_control_cert_file", "rc_control_enable : VAR_CONTROL_ENABLE STRING_ARG", "rc_control_port : VAR_CONTROL_PORT STRING_ARG", "rc_control_interface : VAR_CONTROL_INTERFACE STRING_ARG", "rc_server_key_file : VAR_SERVER_KEY_FILE STRING_ARG", "rc_server_cert_file : VAR_SERVER_CERT_FILE STRING_ARG", "rc_control_key_file : VAR_CONTROL_KEY_FILE STRING_ARG", "rc_control_cert_file : VAR_CONTROL_CERT_FILE STRING_ARG", "pythonstart : VAR_PYTHON", "contents_py : contents_py content_py", "contents_py :", "content_py : py_script", "py_script : VAR_PYTHON_SCRIPT STRING_ARG", }; #endif int yydebug; int yynerrs; int yyerrflag; int yychar; YYSTYPE yyval; YYSTYPE yylval; /* define the initial stack-sizes */ #ifdef YYSTACKSIZE #undef YYMAXDEPTH #define YYMAXDEPTH YYSTACKSIZE #else #ifdef YYMAXDEPTH #define YYSTACKSIZE YYMAXDEPTH #else -#define YYSTACKSIZE 500 -#define YYMAXDEPTH 500 +#define YYSTACKSIZE 10000 +#define YYMAXDEPTH 10000 #endif #endif -#define YYINITSTACKSIZE 500 +#define YYINITSTACKSIZE 200 typedef struct { unsigned stacksize; - short *s_base; - short *s_mark; - short *s_last; + YYINT *s_base; + YYINT *s_mark; + YYINT *s_last; YYSTYPE *l_base; YYSTYPE *l_mark; } YYSTACKDATA; /* variables for the parser stack */ static YYSTACKDATA yystack; -#line 1308 "util/configparser.y" +#line 1318 "util/configparser.y" /* parse helper routines could be here */ -#line 859 "util/configparser.c" +#line 875 "util/configparser.c" #if YYDEBUG #include /* needed for printf */ #endif #include /* needed for malloc, etc */ #include /* needed for memset */ /* allocate initial stack or double stack size, up to YYMAXDEPTH */ static int yygrowstack(YYSTACKDATA *data) { int i; unsigned newsize; - short *newss; + YYINT *newss; YYSTYPE *newvs; if ((newsize = data->stacksize) == 0) newsize = YYINITSTACKSIZE; else if (newsize >= YYMAXDEPTH) - return -1; + return YYENOMEM; else if ((newsize *= 2) > YYMAXDEPTH) newsize = YYMAXDEPTH; i = (int) (data->s_mark - data->s_base); - newss = (short *)realloc(data->s_base, newsize * sizeof(*newss)); + newss = (YYINT *)realloc(data->s_base, newsize * sizeof(*newss)); if (newss == 0) - return -1; + return YYENOMEM; data->s_base = newss; data->s_mark = newss + i; newvs = (YYSTYPE *)realloc(data->l_base, newsize * sizeof(*newvs)); if (newvs == 0) - return -1; + return YYENOMEM; data->l_base = newvs; data->l_mark = newvs + i; data->stacksize = newsize; data->s_last = data->s_base + newsize - 1; return 0; } #if YYPURE || defined(YY_NO_LEAKS) static void yyfreestack(YYSTACKDATA *data) { free(data->s_base); free(data->l_base); memset(data, 0, sizeof(*data)); } #else #define yyfreestack(data) /* nothing */ #endif #define YYABORT goto yyabort #define YYREJECT goto yyabort #define YYACCEPT goto yyaccept #define YYERROR goto yyerrlab int YYPARSE_DECL() { int yym, yyn, yystate; #if YYDEBUG const char *yys; if ((yys = getenv("YYDEBUG")) != 0) { yyn = *yys; if (yyn >= '0' && yyn <= '9') yydebug = yyn - '0'; } #endif yynerrs = 0; yyerrflag = 0; yychar = YYEMPTY; yystate = 0; #if YYPURE memset(&yystack, 0, sizeof(yystack)); #endif - if (yystack.s_base == NULL && yygrowstack(&yystack)) goto yyoverflow; + if (yystack.s_base == NULL && yygrowstack(&yystack) == YYENOMEM) goto yyoverflow; yystack.s_mark = yystack.s_base; yystack.l_mark = yystack.l_base; yystate = 0; *yystack.s_mark = 0; yyloop: if ((yyn = yydefred[yystate]) != 0) goto yyreduce; if (yychar < 0) { - if ((yychar = YYLEX) < 0) yychar = 0; + if ((yychar = YYLEX) < 0) yychar = YYEOF; #if YYDEBUG if (yydebug) { - yys = 0; - if (yychar <= YYMAXTOKEN) yys = yyname[yychar]; - if (!yys) yys = "illegal-symbol"; + yys = yyname[YYTRANSLATE(yychar)]; printf("%sdebug: state %d, reading %d (%s)\n", YYPREFIX, yystate, yychar, yys); } #endif } if ((yyn = yysindex[yystate]) && (yyn += yychar) >= 0 && yyn <= YYTABLESIZE && yycheck[yyn] == yychar) { #if YYDEBUG if (yydebug) printf("%sdebug: state %d, shifting to state %d\n", YYPREFIX, yystate, yytable[yyn]); #endif - if (yystack.s_mark >= yystack.s_last && yygrowstack(&yystack)) + if (yystack.s_mark >= yystack.s_last && yygrowstack(&yystack) == YYENOMEM) { goto yyoverflow; } yystate = yytable[yyn]; *++yystack.s_mark = yytable[yyn]; *++yystack.l_mark = yylval; yychar = YYEMPTY; if (yyerrflag > 0) --yyerrflag; goto yyloop; } if ((yyn = yyrindex[yystate]) && (yyn += yychar) >= 0 && yyn <= YYTABLESIZE && yycheck[yyn] == yychar) { yyn = yytable[yyn]; goto yyreduce; } if (yyerrflag) goto yyinrecovery; - yyerror("syntax error"); + YYERROR_CALL("syntax error"); goto yyerrlab; yyerrlab: ++yynerrs; yyinrecovery: if (yyerrflag < 3) { yyerrflag = 3; for (;;) { if ((yyn = yysindex[*yystack.s_mark]) && (yyn += YYERRCODE) >= 0 && yyn <= YYTABLESIZE && yycheck[yyn] == YYERRCODE) { #if YYDEBUG if (yydebug) printf("%sdebug: state %d, error recovery shifting\ to state %d\n", YYPREFIX, *yystack.s_mark, yytable[yyn]); #endif - if (yystack.s_mark >= yystack.s_last && yygrowstack(&yystack)) + if (yystack.s_mark >= yystack.s_last && yygrowstack(&yystack) == YYENOMEM) { goto yyoverflow; } yystate = yytable[yyn]; *++yystack.s_mark = yytable[yyn]; *++yystack.l_mark = yylval; goto yyloop; } else { #if YYDEBUG if (yydebug) printf("%sdebug: error recovery discarding state %d\n", YYPREFIX, *yystack.s_mark); #endif if (yystack.s_mark <= yystack.s_base) goto yyabort; --yystack.s_mark; --yystack.l_mark; } } } else { - if (yychar == 0) goto yyabort; + if (yychar == YYEOF) goto yyabort; #if YYDEBUG if (yydebug) { - yys = 0; - if (yychar <= YYMAXTOKEN) yys = yyname[yychar]; - if (!yys) yys = "illegal-symbol"; + yys = yyname[YYTRANSLATE(yychar)]; printf("%sdebug: state %d, error recovery discards token %d (%s)\n", YYPREFIX, yystate, yychar, yys); } #endif yychar = YYEMPTY; goto yyloop; } yyreduce: #if YYDEBUG if (yydebug) printf("%sdebug: state %d, reducing by rule %d (%s)\n", YYPREFIX, yystate, yyn, yyrule[yyn]); #endif yym = yylen[yyn]; if (yym) yyval = yystack.l_mark[1-yym]; else memset(&yyval, 0, sizeof yyval); switch (yyn) { case 8: #line 119 "util/configparser.y" { OUTYY(("\nP(server:)\n")); } break; -case 112: +case 113: #line 169 "util/configparser.y" { struct config_stub* s; OUTYY(("\nP(stub_zone:)\n")); s = (struct config_stub*)calloc(1, sizeof(struct config_stub)); if(s) { s->next = cfg_parser->cfg->stubs; cfg_parser->cfg->stubs = s; } else yyerror("out of memory"); } break; -case 120: +case 121: #line 185 "util/configparser.y" { struct config_stub* s; OUTYY(("\nP(forward_zone:)\n")); s = (struct config_stub*)calloc(1, sizeof(struct config_stub)); if(s) { s->next = cfg_parser->cfg->forwards; cfg_parser->cfg->forwards = s; } else yyerror("out of memory"); } break; -case 127: +case 128: #line 201 "util/configparser.y" { OUTYY(("P(server_num_threads:%s)\n", yystack.l_mark[0].str)); if(atoi(yystack.l_mark[0].str) == 0 && strcmp(yystack.l_mark[0].str, "0") != 0) yyerror("number expected"); else cfg_parser->cfg->num_threads = atoi(yystack.l_mark[0].str); free(yystack.l_mark[0].str); } break; -case 128: +case 129: #line 210 "util/configparser.y" { OUTYY(("P(server_verbosity:%s)\n", yystack.l_mark[0].str)); if(atoi(yystack.l_mark[0].str) == 0 && strcmp(yystack.l_mark[0].str, "0") != 0) yyerror("number expected"); else cfg_parser->cfg->verbosity = atoi(yystack.l_mark[0].str); free(yystack.l_mark[0].str); } break; -case 129: +case 130: #line 219 "util/configparser.y" { OUTYY(("P(server_statistics_interval:%s)\n", yystack.l_mark[0].str)); if(strcmp(yystack.l_mark[0].str, "") == 0 || strcmp(yystack.l_mark[0].str, "0") == 0) cfg_parser->cfg->stat_interval = 0; else if(atoi(yystack.l_mark[0].str) == 0) yyerror("number expected"); else cfg_parser->cfg->stat_interval = atoi(yystack.l_mark[0].str); free(yystack.l_mark[0].str); } break; -case 130: +case 131: #line 230 "util/configparser.y" { OUTYY(("P(server_statistics_cumulative:%s)\n", yystack.l_mark[0].str)); if(strcmp(yystack.l_mark[0].str, "yes") != 0 && strcmp(yystack.l_mark[0].str, "no") != 0) yyerror("expected yes or no."); else cfg_parser->cfg->stat_cumulative = (strcmp(yystack.l_mark[0].str, "yes")==0); free(yystack.l_mark[0].str); } break; -case 131: +case 132: #line 239 "util/configparser.y" { OUTYY(("P(server_extended_statistics:%s)\n", yystack.l_mark[0].str)); if(strcmp(yystack.l_mark[0].str, "yes") != 0 && strcmp(yystack.l_mark[0].str, "no") != 0) yyerror("expected yes or no."); else cfg_parser->cfg->stat_extended = (strcmp(yystack.l_mark[0].str, "yes")==0); free(yystack.l_mark[0].str); } break; -case 132: +case 133: #line 248 "util/configparser.y" { OUTYY(("P(server_port:%s)\n", yystack.l_mark[0].str)); if(atoi(yystack.l_mark[0].str) == 0) yyerror("port number expected"); else cfg_parser->cfg->port = atoi(yystack.l_mark[0].str); free(yystack.l_mark[0].str); } break; -case 133: +case 134: #line 257 "util/configparser.y" { OUTYY(("P(server_interface:%s)\n", yystack.l_mark[0].str)); if(cfg_parser->cfg->num_ifs == 0) cfg_parser->cfg->ifs = calloc(1, sizeof(char*)); else cfg_parser->cfg->ifs = realloc(cfg_parser->cfg->ifs, (cfg_parser->cfg->num_ifs+1)*sizeof(char*)); if(!cfg_parser->cfg->ifs) yyerror("out of memory"); else cfg_parser->cfg->ifs[cfg_parser->cfg->num_ifs++] = yystack.l_mark[0].str; } break; -case 134: +case 135: #line 270 "util/configparser.y" { OUTYY(("P(server_outgoing_interface:%s)\n", yystack.l_mark[0].str)); if(cfg_parser->cfg->num_out_ifs == 0) cfg_parser->cfg->out_ifs = calloc(1, sizeof(char*)); else cfg_parser->cfg->out_ifs = realloc( cfg_parser->cfg->out_ifs, (cfg_parser->cfg->num_out_ifs+1)*sizeof(char*)); if(!cfg_parser->cfg->out_ifs) yyerror("out of memory"); else cfg_parser->cfg->out_ifs[ cfg_parser->cfg->num_out_ifs++] = yystack.l_mark[0].str; } break; -case 135: +case 136: #line 285 "util/configparser.y" { OUTYY(("P(server_outgoing_range:%s)\n", yystack.l_mark[0].str)); if(atoi(yystack.l_mark[0].str) == 0) yyerror("number expected"); else cfg_parser->cfg->outgoing_num_ports = atoi(yystack.l_mark[0].str); free(yystack.l_mark[0].str); } break; -case 136: +case 137: #line 294 "util/configparser.y" { OUTYY(("P(server_outgoing_port_permit:%s)\n", yystack.l_mark[0].str)); if(!cfg_mark_ports(yystack.l_mark[0].str, 1, cfg_parser->cfg->outgoing_avail_ports, 65536)) yyerror("port number or range (\"low-high\") expected"); free(yystack.l_mark[0].str); } break; -case 137: +case 138: #line 303 "util/configparser.y" { OUTYY(("P(server_outgoing_port_avoid:%s)\n", yystack.l_mark[0].str)); if(!cfg_mark_ports(yystack.l_mark[0].str, 0, cfg_parser->cfg->outgoing_avail_ports, 65536)) yyerror("port number or range (\"low-high\") expected"); free(yystack.l_mark[0].str); } break; -case 138: +case 139: #line 312 "util/configparser.y" { OUTYY(("P(server_outgoing_num_tcp:%s)\n", yystack.l_mark[0].str)); if(atoi(yystack.l_mark[0].str) == 0 && strcmp(yystack.l_mark[0].str, "0") != 0) yyerror("number expected"); else cfg_parser->cfg->outgoing_num_tcp = atoi(yystack.l_mark[0].str); free(yystack.l_mark[0].str); } break; -case 139: +case 140: #line 321 "util/configparser.y" { OUTYY(("P(server_incoming_num_tcp:%s)\n", yystack.l_mark[0].str)); if(atoi(yystack.l_mark[0].str) == 0 && strcmp(yystack.l_mark[0].str, "0") != 0) yyerror("number expected"); else cfg_parser->cfg->incoming_num_tcp = atoi(yystack.l_mark[0].str); free(yystack.l_mark[0].str); } break; -case 140: +case 141: #line 330 "util/configparser.y" { OUTYY(("P(server_interface_automatic:%s)\n", yystack.l_mark[0].str)); if(strcmp(yystack.l_mark[0].str, "yes") != 0 && strcmp(yystack.l_mark[0].str, "no") != 0) yyerror("expected yes or no."); else cfg_parser->cfg->if_automatic = (strcmp(yystack.l_mark[0].str, "yes")==0); free(yystack.l_mark[0].str); } break; -case 141: +case 142: #line 339 "util/configparser.y" { OUTYY(("P(server_do_ip4:%s)\n", yystack.l_mark[0].str)); if(strcmp(yystack.l_mark[0].str, "yes") != 0 && strcmp(yystack.l_mark[0].str, "no") != 0) yyerror("expected yes or no."); else cfg_parser->cfg->do_ip4 = (strcmp(yystack.l_mark[0].str, "yes")==0); free(yystack.l_mark[0].str); } break; -case 142: +case 143: #line 348 "util/configparser.y" { OUTYY(("P(server_do_ip6:%s)\n", yystack.l_mark[0].str)); if(strcmp(yystack.l_mark[0].str, "yes") != 0 && strcmp(yystack.l_mark[0].str, "no") != 0) yyerror("expected yes or no."); else cfg_parser->cfg->do_ip6 = (strcmp(yystack.l_mark[0].str, "yes")==0); free(yystack.l_mark[0].str); } break; -case 143: +case 144: #line 357 "util/configparser.y" { OUTYY(("P(server_do_udp:%s)\n", yystack.l_mark[0].str)); if(strcmp(yystack.l_mark[0].str, "yes") != 0 && strcmp(yystack.l_mark[0].str, "no") != 0) yyerror("expected yes or no."); else cfg_parser->cfg->do_udp = (strcmp(yystack.l_mark[0].str, "yes")==0); free(yystack.l_mark[0].str); } break; -case 144: +case 145: #line 366 "util/configparser.y" { OUTYY(("P(server_do_tcp:%s)\n", yystack.l_mark[0].str)); if(strcmp(yystack.l_mark[0].str, "yes") != 0 && strcmp(yystack.l_mark[0].str, "no") != 0) yyerror("expected yes or no."); else cfg_parser->cfg->do_tcp = (strcmp(yystack.l_mark[0].str, "yes")==0); free(yystack.l_mark[0].str); } break; -case 145: +case 146: #line 375 "util/configparser.y" { OUTYY(("P(server_tcp_upstream:%s)\n", yystack.l_mark[0].str)); if(strcmp(yystack.l_mark[0].str, "yes") != 0 && strcmp(yystack.l_mark[0].str, "no") != 0) yyerror("expected yes or no."); else cfg_parser->cfg->tcp_upstream = (strcmp(yystack.l_mark[0].str, "yes")==0); free(yystack.l_mark[0].str); } break; -case 146: +case 147: #line 384 "util/configparser.y" { OUTYY(("P(server_ssl_upstream:%s)\n", yystack.l_mark[0].str)); if(strcmp(yystack.l_mark[0].str, "yes") != 0 && strcmp(yystack.l_mark[0].str, "no") != 0) yyerror("expected yes or no."); else cfg_parser->cfg->ssl_upstream = (strcmp(yystack.l_mark[0].str, "yes")==0); free(yystack.l_mark[0].str); } break; -case 147: +case 148: #line 393 "util/configparser.y" { OUTYY(("P(server_ssl_service_key:%s)\n", yystack.l_mark[0].str)); free(cfg_parser->cfg->ssl_service_key); cfg_parser->cfg->ssl_service_key = yystack.l_mark[0].str; } break; -case 148: +case 149: #line 400 "util/configparser.y" { OUTYY(("P(server_ssl_service_pem:%s)\n", yystack.l_mark[0].str)); free(cfg_parser->cfg->ssl_service_pem); cfg_parser->cfg->ssl_service_pem = yystack.l_mark[0].str; } break; -case 149: +case 150: #line 407 "util/configparser.y" { OUTYY(("P(server_ssl_port:%s)\n", yystack.l_mark[0].str)); if(atoi(yystack.l_mark[0].str) == 0) yyerror("port number expected"); else cfg_parser->cfg->ssl_port = atoi(yystack.l_mark[0].str); free(yystack.l_mark[0].str); } break; -case 150: +case 151: #line 416 "util/configparser.y" { OUTYY(("P(server_do_daemonize:%s)\n", yystack.l_mark[0].str)); if(strcmp(yystack.l_mark[0].str, "yes") != 0 && strcmp(yystack.l_mark[0].str, "no") != 0) yyerror("expected yes or no."); else cfg_parser->cfg->do_daemonize = (strcmp(yystack.l_mark[0].str, "yes")==0); free(yystack.l_mark[0].str); } break; -case 151: +case 152: #line 425 "util/configparser.y" { OUTYY(("P(server_use_syslog:%s)\n", yystack.l_mark[0].str)); if(strcmp(yystack.l_mark[0].str, "yes") != 0 && strcmp(yystack.l_mark[0].str, "no") != 0) yyerror("expected yes or no."); else cfg_parser->cfg->use_syslog = (strcmp(yystack.l_mark[0].str, "yes")==0); #if !defined(HAVE_SYSLOG_H) && !defined(UB_ON_WINDOWS) if(strcmp(yystack.l_mark[0].str, "yes") == 0) yyerror("no syslog services are available. " "(reconfigure and compile to add)"); #endif free(yystack.l_mark[0].str); } break; -case 152: +case 153: #line 439 "util/configparser.y" { OUTYY(("P(server_log_time_ascii:%s)\n", yystack.l_mark[0].str)); if(strcmp(yystack.l_mark[0].str, "yes") != 0 && strcmp(yystack.l_mark[0].str, "no") != 0) yyerror("expected yes or no."); else cfg_parser->cfg->log_time_ascii = (strcmp(yystack.l_mark[0].str, "yes")==0); free(yystack.l_mark[0].str); } break; -case 153: +case 154: #line 448 "util/configparser.y" { OUTYY(("P(server_log_queries:%s)\n", yystack.l_mark[0].str)); if(strcmp(yystack.l_mark[0].str, "yes") != 0 && strcmp(yystack.l_mark[0].str, "no") != 0) yyerror("expected yes or no."); else cfg_parser->cfg->log_queries = (strcmp(yystack.l_mark[0].str, "yes")==0); free(yystack.l_mark[0].str); } break; -case 154: +case 155: #line 457 "util/configparser.y" { OUTYY(("P(server_chroot:%s)\n", yystack.l_mark[0].str)); free(cfg_parser->cfg->chrootdir); cfg_parser->cfg->chrootdir = yystack.l_mark[0].str; } break; -case 155: +case 156: #line 464 "util/configparser.y" { OUTYY(("P(server_username:%s)\n", yystack.l_mark[0].str)); free(cfg_parser->cfg->username); cfg_parser->cfg->username = yystack.l_mark[0].str; } break; -case 156: +case 157: #line 471 "util/configparser.y" { OUTYY(("P(server_directory:%s)\n", yystack.l_mark[0].str)); free(cfg_parser->cfg->directory); cfg_parser->cfg->directory = yystack.l_mark[0].str; } break; -case 157: +case 158: #line 478 "util/configparser.y" { OUTYY(("P(server_logfile:%s)\n", yystack.l_mark[0].str)); free(cfg_parser->cfg->logfile); cfg_parser->cfg->logfile = yystack.l_mark[0].str; cfg_parser->cfg->use_syslog = 0; } break; -case 158: +case 159: #line 486 "util/configparser.y" { OUTYY(("P(server_pidfile:%s)\n", yystack.l_mark[0].str)); free(cfg_parser->cfg->pidfile); cfg_parser->cfg->pidfile = yystack.l_mark[0].str; } break; -case 159: +case 160: #line 493 "util/configparser.y" { OUTYY(("P(server_root_hints:%s)\n", yystack.l_mark[0].str)); if(!cfg_strlist_insert(&cfg_parser->cfg->root_hints, yystack.l_mark[0].str)) yyerror("out of memory"); } break; -case 160: +case 161: #line 500 "util/configparser.y" { OUTYY(("P(server_dlv_anchor_file:%s)\n", yystack.l_mark[0].str)); free(cfg_parser->cfg->dlv_anchor_file); cfg_parser->cfg->dlv_anchor_file = yystack.l_mark[0].str; } break; -case 161: +case 162: #line 507 "util/configparser.y" { OUTYY(("P(server_dlv_anchor:%s)\n", yystack.l_mark[0].str)); if(!cfg_strlist_insert(&cfg_parser->cfg->dlv_anchor_list, yystack.l_mark[0].str)) yyerror("out of memory"); } break; -case 162: +case 163: #line 514 "util/configparser.y" { OUTYY(("P(server_auto_trust_anchor_file:%s)\n", yystack.l_mark[0].str)); if(!cfg_strlist_insert(&cfg_parser->cfg-> auto_trust_anchor_file_list, yystack.l_mark[0].str)) yyerror("out of memory"); } break; -case 163: +case 164: #line 522 "util/configparser.y" { OUTYY(("P(server_trust_anchor_file:%s)\n", yystack.l_mark[0].str)); if(!cfg_strlist_insert(&cfg_parser->cfg-> trust_anchor_file_list, yystack.l_mark[0].str)) yyerror("out of memory"); } break; -case 164: +case 165: #line 530 "util/configparser.y" { OUTYY(("P(server_trusted_keys_file:%s)\n", yystack.l_mark[0].str)); if(!cfg_strlist_insert(&cfg_parser->cfg-> trusted_keys_file_list, yystack.l_mark[0].str)) yyerror("out of memory"); } break; -case 165: +case 166: #line 538 "util/configparser.y" { OUTYY(("P(server_trust_anchor:%s)\n", yystack.l_mark[0].str)); if(!cfg_strlist_insert(&cfg_parser->cfg->trust_anchor_list, yystack.l_mark[0].str)) yyerror("out of memory"); } break; -case 166: +case 167: #line 545 "util/configparser.y" { OUTYY(("P(server_domain_insecure:%s)\n", yystack.l_mark[0].str)); if(!cfg_strlist_insert(&cfg_parser->cfg->domain_insecure, yystack.l_mark[0].str)) yyerror("out of memory"); } break; -case 167: +case 168: #line 552 "util/configparser.y" { OUTYY(("P(server_hide_identity:%s)\n", yystack.l_mark[0].str)); if(strcmp(yystack.l_mark[0].str, "yes") != 0 && strcmp(yystack.l_mark[0].str, "no") != 0) yyerror("expected yes or no."); else cfg_parser->cfg->hide_identity = (strcmp(yystack.l_mark[0].str, "yes")==0); free(yystack.l_mark[0].str); } break; -case 168: +case 169: #line 561 "util/configparser.y" { OUTYY(("P(server_hide_version:%s)\n", yystack.l_mark[0].str)); if(strcmp(yystack.l_mark[0].str, "yes") != 0 && strcmp(yystack.l_mark[0].str, "no") != 0) yyerror("expected yes or no."); else cfg_parser->cfg->hide_version = (strcmp(yystack.l_mark[0].str, "yes")==0); free(yystack.l_mark[0].str); } break; -case 169: +case 170: #line 570 "util/configparser.y" { OUTYY(("P(server_identity:%s)\n", yystack.l_mark[0].str)); free(cfg_parser->cfg->identity); cfg_parser->cfg->identity = yystack.l_mark[0].str; } break; -case 170: +case 171: #line 577 "util/configparser.y" { OUTYY(("P(server_version:%s)\n", yystack.l_mark[0].str)); free(cfg_parser->cfg->version); cfg_parser->cfg->version = yystack.l_mark[0].str; } break; -case 171: +case 172: #line 584 "util/configparser.y" { OUTYY(("P(server_so_rcvbuf:%s)\n", yystack.l_mark[0].str)); if(!cfg_parse_memsize(yystack.l_mark[0].str, &cfg_parser->cfg->so_rcvbuf)) yyerror("buffer size expected"); free(yystack.l_mark[0].str); } break; -case 172: +case 173: #line 592 "util/configparser.y" { OUTYY(("P(server_so_sndbuf:%s)\n", yystack.l_mark[0].str)); if(!cfg_parse_memsize(yystack.l_mark[0].str, &cfg_parser->cfg->so_sndbuf)) yyerror("buffer size expected"); free(yystack.l_mark[0].str); } break; -case 173: +case 174: #line 600 "util/configparser.y" { OUTYY(("P(server_so_reuseport:%s)\n", yystack.l_mark[0].str)); if(strcmp(yystack.l_mark[0].str, "yes") != 0 && strcmp(yystack.l_mark[0].str, "no") != 0) yyerror("expected yes or no."); else cfg_parser->cfg->so_reuseport = (strcmp(yystack.l_mark[0].str, "yes")==0); free(yystack.l_mark[0].str); } break; -case 174: +case 175: #line 610 "util/configparser.y" { OUTYY(("P(server_edns_buffer_size:%s)\n", yystack.l_mark[0].str)); if(atoi(yystack.l_mark[0].str) == 0) yyerror("number expected"); else if (atoi(yystack.l_mark[0].str) < 12) yyerror("edns buffer size too small"); else if (atoi(yystack.l_mark[0].str) > 65535) cfg_parser->cfg->edns_buffer_size = 65535; else cfg_parser->cfg->edns_buffer_size = atoi(yystack.l_mark[0].str); free(yystack.l_mark[0].str); } break; -case 175: +case 176: #line 623 "util/configparser.y" { OUTYY(("P(server_msg_buffer_size:%s)\n", yystack.l_mark[0].str)); if(atoi(yystack.l_mark[0].str) == 0) yyerror("number expected"); else if (atoi(yystack.l_mark[0].str) < 4096) yyerror("message buffer size too small (use 4096)"); else cfg_parser->cfg->msg_buffer_size = atoi(yystack.l_mark[0].str); free(yystack.l_mark[0].str); } break; -case 176: +case 177: #line 634 "util/configparser.y" { OUTYY(("P(server_msg_cache_size:%s)\n", yystack.l_mark[0].str)); if(!cfg_parse_memsize(yystack.l_mark[0].str, &cfg_parser->cfg->msg_cache_size)) yyerror("memory size expected"); free(yystack.l_mark[0].str); } break; -case 177: +case 178: #line 642 "util/configparser.y" { OUTYY(("P(server_msg_cache_slabs:%s)\n", yystack.l_mark[0].str)); if(atoi(yystack.l_mark[0].str) == 0) yyerror("number expected"); else { cfg_parser->cfg->msg_cache_slabs = atoi(yystack.l_mark[0].str); if(!is_pow2(cfg_parser->cfg->msg_cache_slabs)) yyerror("must be a power of 2"); } free(yystack.l_mark[0].str); } break; -case 178: +case 179: #line 655 "util/configparser.y" { OUTYY(("P(server_num_queries_per_thread:%s)\n", yystack.l_mark[0].str)); if(atoi(yystack.l_mark[0].str) == 0) yyerror("number expected"); else cfg_parser->cfg->num_queries_per_thread = atoi(yystack.l_mark[0].str); free(yystack.l_mark[0].str); } break; -case 179: +case 180: #line 664 "util/configparser.y" { OUTYY(("P(server_jostle_timeout:%s)\n", yystack.l_mark[0].str)); if(atoi(yystack.l_mark[0].str) == 0 && strcmp(yystack.l_mark[0].str, "0") != 0) yyerror("number expected"); else cfg_parser->cfg->jostle_time = atoi(yystack.l_mark[0].str); free(yystack.l_mark[0].str); } break; -case 180: +case 181: #line 673 "util/configparser.y" { OUTYY(("P(server_delay_close:%s)\n", yystack.l_mark[0].str)); if(atoi(yystack.l_mark[0].str) == 0 && strcmp(yystack.l_mark[0].str, "0") != 0) yyerror("number expected"); else cfg_parser->cfg->delay_close = atoi(yystack.l_mark[0].str); free(yystack.l_mark[0].str); } break; -case 181: +case 182: #line 682 "util/configparser.y" { + OUTYY(("P(server_unblock_lan_zones:%s)\n", yystack.l_mark[0].str)); + if(strcmp(yystack.l_mark[0].str, "yes") != 0 && strcmp(yystack.l_mark[0].str, "no") != 0) + yyerror("expected yes or no."); + else cfg_parser->cfg->unblock_lan_zones = + (strcmp(yystack.l_mark[0].str, "yes")==0); + free(yystack.l_mark[0].str); + } +break; +case 183: +#line 692 "util/configparser.y" + { OUTYY(("P(server_rrset_cache_size:%s)\n", yystack.l_mark[0].str)); if(!cfg_parse_memsize(yystack.l_mark[0].str, &cfg_parser->cfg->rrset_cache_size)) yyerror("memory size expected"); free(yystack.l_mark[0].str); } break; -case 182: -#line 690 "util/configparser.y" +case 184: +#line 700 "util/configparser.y" { OUTYY(("P(server_rrset_cache_slabs:%s)\n", yystack.l_mark[0].str)); if(atoi(yystack.l_mark[0].str) == 0) yyerror("number expected"); else { cfg_parser->cfg->rrset_cache_slabs = atoi(yystack.l_mark[0].str); if(!is_pow2(cfg_parser->cfg->rrset_cache_slabs)) yyerror("must be a power of 2"); } free(yystack.l_mark[0].str); } break; -case 183: -#line 703 "util/configparser.y" +case 185: +#line 713 "util/configparser.y" { OUTYY(("P(server_infra_host_ttl:%s)\n", yystack.l_mark[0].str)); if(atoi(yystack.l_mark[0].str) == 0 && strcmp(yystack.l_mark[0].str, "0") != 0) yyerror("number expected"); else cfg_parser->cfg->host_ttl = atoi(yystack.l_mark[0].str); free(yystack.l_mark[0].str); } break; -case 184: -#line 712 "util/configparser.y" +case 186: +#line 722 "util/configparser.y" { OUTYY(("P(server_infra_lame_ttl:%s)\n", yystack.l_mark[0].str)); verbose(VERB_DETAIL, "ignored infra-lame-ttl: %s (option " "removed, use infra-host-ttl)", yystack.l_mark[0].str); free(yystack.l_mark[0].str); } break; -case 185: -#line 720 "util/configparser.y" +case 187: +#line 730 "util/configparser.y" { OUTYY(("P(server_infra_cache_numhosts:%s)\n", yystack.l_mark[0].str)); if(atoi(yystack.l_mark[0].str) == 0) yyerror("number expected"); else cfg_parser->cfg->infra_cache_numhosts = atoi(yystack.l_mark[0].str); free(yystack.l_mark[0].str); } break; -case 186: -#line 729 "util/configparser.y" +case 188: +#line 739 "util/configparser.y" { OUTYY(("P(server_infra_cache_lame_size:%s)\n", yystack.l_mark[0].str)); verbose(VERB_DETAIL, "ignored infra-cache-lame-size: %s " "(option removed, use infra-cache-numhosts)", yystack.l_mark[0].str); free(yystack.l_mark[0].str); } break; -case 187: -#line 737 "util/configparser.y" +case 189: +#line 747 "util/configparser.y" { OUTYY(("P(server_infra_cache_slabs:%s)\n", yystack.l_mark[0].str)); if(atoi(yystack.l_mark[0].str) == 0) yyerror("number expected"); else { cfg_parser->cfg->infra_cache_slabs = atoi(yystack.l_mark[0].str); if(!is_pow2(cfg_parser->cfg->infra_cache_slabs)) yyerror("must be a power of 2"); } free(yystack.l_mark[0].str); } break; -case 188: -#line 750 "util/configparser.y" +case 190: +#line 760 "util/configparser.y" { OUTYY(("P(server_target_fetch_policy:%s)\n", yystack.l_mark[0].str)); free(cfg_parser->cfg->target_fetch_policy); cfg_parser->cfg->target_fetch_policy = yystack.l_mark[0].str; } break; -case 189: -#line 757 "util/configparser.y" +case 191: +#line 767 "util/configparser.y" { OUTYY(("P(server_harden_short_bufsize:%s)\n", yystack.l_mark[0].str)); if(strcmp(yystack.l_mark[0].str, "yes") != 0 && strcmp(yystack.l_mark[0].str, "no") != 0) yyerror("expected yes or no."); else cfg_parser->cfg->harden_short_bufsize = (strcmp(yystack.l_mark[0].str, "yes")==0); free(yystack.l_mark[0].str); } break; -case 190: -#line 767 "util/configparser.y" +case 192: +#line 777 "util/configparser.y" { OUTYY(("P(server_harden_large_queries:%s)\n", yystack.l_mark[0].str)); if(strcmp(yystack.l_mark[0].str, "yes") != 0 && strcmp(yystack.l_mark[0].str, "no") != 0) yyerror("expected yes or no."); else cfg_parser->cfg->harden_large_queries = (strcmp(yystack.l_mark[0].str, "yes")==0); free(yystack.l_mark[0].str); } break; -case 191: -#line 777 "util/configparser.y" +case 193: +#line 787 "util/configparser.y" { OUTYY(("P(server_harden_glue:%s)\n", yystack.l_mark[0].str)); if(strcmp(yystack.l_mark[0].str, "yes") != 0 && strcmp(yystack.l_mark[0].str, "no") != 0) yyerror("expected yes or no."); else cfg_parser->cfg->harden_glue = (strcmp(yystack.l_mark[0].str, "yes")==0); free(yystack.l_mark[0].str); } break; -case 192: -#line 787 "util/configparser.y" +case 194: +#line 797 "util/configparser.y" { OUTYY(("P(server_harden_dnssec_stripped:%s)\n", yystack.l_mark[0].str)); if(strcmp(yystack.l_mark[0].str, "yes") != 0 && strcmp(yystack.l_mark[0].str, "no") != 0) yyerror("expected yes or no."); else cfg_parser->cfg->harden_dnssec_stripped = (strcmp(yystack.l_mark[0].str, "yes")==0); free(yystack.l_mark[0].str); } break; -case 193: -#line 797 "util/configparser.y" +case 195: +#line 807 "util/configparser.y" { OUTYY(("P(server_harden_below_nxdomain:%s)\n", yystack.l_mark[0].str)); if(strcmp(yystack.l_mark[0].str, "yes") != 0 && strcmp(yystack.l_mark[0].str, "no") != 0) yyerror("expected yes or no."); else cfg_parser->cfg->harden_below_nxdomain = (strcmp(yystack.l_mark[0].str, "yes")==0); free(yystack.l_mark[0].str); } break; -case 194: -#line 807 "util/configparser.y" +case 196: +#line 817 "util/configparser.y" { OUTYY(("P(server_harden_referral_path:%s)\n", yystack.l_mark[0].str)); if(strcmp(yystack.l_mark[0].str, "yes") != 0 && strcmp(yystack.l_mark[0].str, "no") != 0) yyerror("expected yes or no."); else cfg_parser->cfg->harden_referral_path = (strcmp(yystack.l_mark[0].str, "yes")==0); free(yystack.l_mark[0].str); } break; -case 195: -#line 817 "util/configparser.y" +case 197: +#line 827 "util/configparser.y" { OUTYY(("P(server_use_caps_for_id:%s)\n", yystack.l_mark[0].str)); if(strcmp(yystack.l_mark[0].str, "yes") != 0 && strcmp(yystack.l_mark[0].str, "no") != 0) yyerror("expected yes or no."); else cfg_parser->cfg->use_caps_bits_for_id = (strcmp(yystack.l_mark[0].str, "yes")==0); free(yystack.l_mark[0].str); } break; -case 196: -#line 827 "util/configparser.y" +case 198: +#line 837 "util/configparser.y" { OUTYY(("P(server_private_address:%s)\n", yystack.l_mark[0].str)); if(!cfg_strlist_insert(&cfg_parser->cfg->private_address, yystack.l_mark[0].str)) yyerror("out of memory"); } break; -case 197: -#line 834 "util/configparser.y" +case 199: +#line 844 "util/configparser.y" { OUTYY(("P(server_private_domain:%s)\n", yystack.l_mark[0].str)); if(!cfg_strlist_insert(&cfg_parser->cfg->private_domain, yystack.l_mark[0].str)) yyerror("out of memory"); } break; -case 198: -#line 841 "util/configparser.y" +case 200: +#line 851 "util/configparser.y" { OUTYY(("P(server_prefetch:%s)\n", yystack.l_mark[0].str)); if(strcmp(yystack.l_mark[0].str, "yes") != 0 && strcmp(yystack.l_mark[0].str, "no") != 0) yyerror("expected yes or no."); else cfg_parser->cfg->prefetch = (strcmp(yystack.l_mark[0].str, "yes")==0); free(yystack.l_mark[0].str); } break; -case 199: -#line 850 "util/configparser.y" +case 201: +#line 860 "util/configparser.y" { OUTYY(("P(server_prefetch_key:%s)\n", yystack.l_mark[0].str)); if(strcmp(yystack.l_mark[0].str, "yes") != 0 && strcmp(yystack.l_mark[0].str, "no") != 0) yyerror("expected yes or no."); else cfg_parser->cfg->prefetch_key = (strcmp(yystack.l_mark[0].str, "yes")==0); free(yystack.l_mark[0].str); } break; -case 200: -#line 859 "util/configparser.y" +case 202: +#line 869 "util/configparser.y" { OUTYY(("P(server_unwanted_reply_threshold:%s)\n", yystack.l_mark[0].str)); if(atoi(yystack.l_mark[0].str) == 0 && strcmp(yystack.l_mark[0].str, "0") != 0) yyerror("number expected"); else cfg_parser->cfg->unwanted_threshold = atoi(yystack.l_mark[0].str); free(yystack.l_mark[0].str); } break; -case 201: -#line 868 "util/configparser.y" +case 203: +#line 878 "util/configparser.y" { OUTYY(("P(server_do_not_query_address:%s)\n", yystack.l_mark[0].str)); if(!cfg_strlist_insert(&cfg_parser->cfg->donotqueryaddrs, yystack.l_mark[0].str)) yyerror("out of memory"); } break; -case 202: -#line 875 "util/configparser.y" +case 204: +#line 885 "util/configparser.y" { OUTYY(("P(server_do_not_query_localhost:%s)\n", yystack.l_mark[0].str)); if(strcmp(yystack.l_mark[0].str, "yes") != 0 && strcmp(yystack.l_mark[0].str, "no") != 0) yyerror("expected yes or no."); else cfg_parser->cfg->donotquery_localhost = (strcmp(yystack.l_mark[0].str, "yes")==0); free(yystack.l_mark[0].str); } break; -case 203: -#line 885 "util/configparser.y" +case 205: +#line 895 "util/configparser.y" { OUTYY(("P(server_access_control:%s %s)\n", yystack.l_mark[-1].str, yystack.l_mark[0].str)); if(strcmp(yystack.l_mark[0].str, "deny")!=0 && strcmp(yystack.l_mark[0].str, "refuse")!=0 && strcmp(yystack.l_mark[0].str, "deny_non_local")!=0 && strcmp(yystack.l_mark[0].str, "refuse_non_local")!=0 && strcmp(yystack.l_mark[0].str, "allow")!=0 && strcmp(yystack.l_mark[0].str, "allow_snoop")!=0) { yyerror("expected deny, refuse, deny_non_local, " "refuse_non_local, allow or allow_snoop " "in access control action"); } else { if(!cfg_str2list_insert(&cfg_parser->cfg->acls, yystack.l_mark[-1].str, yystack.l_mark[0].str)) fatal_exit("out of memory adding acl"); } } break; -case 204: -#line 902 "util/configparser.y" +case 206: +#line 912 "util/configparser.y" { OUTYY(("P(server_module_conf:%s)\n", yystack.l_mark[0].str)); free(cfg_parser->cfg->module_conf); cfg_parser->cfg->module_conf = yystack.l_mark[0].str; } break; -case 205: -#line 909 "util/configparser.y" +case 207: +#line 919 "util/configparser.y" { OUTYY(("P(server_val_override_date:%s)\n", yystack.l_mark[0].str)); if(strlen(yystack.l_mark[0].str) == 0 || strcmp(yystack.l_mark[0].str, "0") == 0) { cfg_parser->cfg->val_date_override = 0; } else if(strlen(yystack.l_mark[0].str) == 14) { cfg_parser->cfg->val_date_override = cfg_convert_timeval(yystack.l_mark[0].str); if(!cfg_parser->cfg->val_date_override) yyerror("bad date/time specification"); } else { if(atoi(yystack.l_mark[0].str) == 0) yyerror("number expected"); cfg_parser->cfg->val_date_override = atoi(yystack.l_mark[0].str); } free(yystack.l_mark[0].str); } break; -case 206: -#line 927 "util/configparser.y" +case 208: +#line 937 "util/configparser.y" { OUTYY(("P(server_val_sig_skew_min:%s)\n", yystack.l_mark[0].str)); if(strlen(yystack.l_mark[0].str) == 0 || strcmp(yystack.l_mark[0].str, "0") == 0) { cfg_parser->cfg->val_sig_skew_min = 0; } else { cfg_parser->cfg->val_sig_skew_min = atoi(yystack.l_mark[0].str); if(!cfg_parser->cfg->val_sig_skew_min) yyerror("number expected"); } free(yystack.l_mark[0].str); } break; -case 207: -#line 940 "util/configparser.y" +case 209: +#line 950 "util/configparser.y" { OUTYY(("P(server_val_sig_skew_max:%s)\n", yystack.l_mark[0].str)); if(strlen(yystack.l_mark[0].str) == 0 || strcmp(yystack.l_mark[0].str, "0") == 0) { cfg_parser->cfg->val_sig_skew_max = 0; } else { cfg_parser->cfg->val_sig_skew_max = atoi(yystack.l_mark[0].str); if(!cfg_parser->cfg->val_sig_skew_max) yyerror("number expected"); } free(yystack.l_mark[0].str); } break; -case 208: -#line 953 "util/configparser.y" +case 210: +#line 963 "util/configparser.y" { OUTYY(("P(server_cache_max_ttl:%s)\n", yystack.l_mark[0].str)); if(atoi(yystack.l_mark[0].str) == 0 && strcmp(yystack.l_mark[0].str, "0") != 0) yyerror("number expected"); else cfg_parser->cfg->max_ttl = atoi(yystack.l_mark[0].str); free(yystack.l_mark[0].str); } break; -case 209: -#line 962 "util/configparser.y" +case 211: +#line 972 "util/configparser.y" { OUTYY(("P(server_cache_min_ttl:%s)\n", yystack.l_mark[0].str)); if(atoi(yystack.l_mark[0].str) == 0 && strcmp(yystack.l_mark[0].str, "0") != 0) yyerror("number expected"); else cfg_parser->cfg->min_ttl = atoi(yystack.l_mark[0].str); free(yystack.l_mark[0].str); } break; -case 210: -#line 971 "util/configparser.y" +case 212: +#line 981 "util/configparser.y" { OUTYY(("P(server_bogus_ttl:%s)\n", yystack.l_mark[0].str)); if(atoi(yystack.l_mark[0].str) == 0 && strcmp(yystack.l_mark[0].str, "0") != 0) yyerror("number expected"); else cfg_parser->cfg->bogus_ttl = atoi(yystack.l_mark[0].str); free(yystack.l_mark[0].str); } break; -case 211: -#line 980 "util/configparser.y" +case 213: +#line 990 "util/configparser.y" { OUTYY(("P(server_val_clean_additional:%s)\n", yystack.l_mark[0].str)); if(strcmp(yystack.l_mark[0].str, "yes") != 0 && strcmp(yystack.l_mark[0].str, "no") != 0) yyerror("expected yes or no."); else cfg_parser->cfg->val_clean_additional = (strcmp(yystack.l_mark[0].str, "yes")==0); free(yystack.l_mark[0].str); } break; -case 212: -#line 990 "util/configparser.y" +case 214: +#line 1000 "util/configparser.y" { OUTYY(("P(server_val_permissive_mode:%s)\n", yystack.l_mark[0].str)); if(strcmp(yystack.l_mark[0].str, "yes") != 0 && strcmp(yystack.l_mark[0].str, "no") != 0) yyerror("expected yes or no."); else cfg_parser->cfg->val_permissive_mode = (strcmp(yystack.l_mark[0].str, "yes")==0); free(yystack.l_mark[0].str); } break; -case 213: -#line 1000 "util/configparser.y" +case 215: +#line 1010 "util/configparser.y" { OUTYY(("P(server_ignore_cd_flag:%s)\n", yystack.l_mark[0].str)); if(strcmp(yystack.l_mark[0].str, "yes") != 0 && strcmp(yystack.l_mark[0].str, "no") != 0) yyerror("expected yes or no."); else cfg_parser->cfg->ignore_cd = (strcmp(yystack.l_mark[0].str, "yes")==0); free(yystack.l_mark[0].str); } break; -case 214: -#line 1009 "util/configparser.y" +case 216: +#line 1019 "util/configparser.y" { OUTYY(("P(server_val_log_level:%s)\n", yystack.l_mark[0].str)); if(atoi(yystack.l_mark[0].str) == 0 && strcmp(yystack.l_mark[0].str, "0") != 0) yyerror("number expected"); else cfg_parser->cfg->val_log_level = atoi(yystack.l_mark[0].str); free(yystack.l_mark[0].str); } break; -case 215: -#line 1018 "util/configparser.y" +case 217: +#line 1028 "util/configparser.y" { OUTYY(("P(server_val_nsec3_keysize_iterations:%s)\n", yystack.l_mark[0].str)); free(cfg_parser->cfg->val_nsec3_key_iterations); cfg_parser->cfg->val_nsec3_key_iterations = yystack.l_mark[0].str; } break; -case 216: -#line 1025 "util/configparser.y" +case 218: +#line 1035 "util/configparser.y" { OUTYY(("P(server_add_holddown:%s)\n", yystack.l_mark[0].str)); if(atoi(yystack.l_mark[0].str) == 0 && strcmp(yystack.l_mark[0].str, "0") != 0) yyerror("number expected"); else cfg_parser->cfg->add_holddown = atoi(yystack.l_mark[0].str); free(yystack.l_mark[0].str); } break; -case 217: -#line 1034 "util/configparser.y" +case 219: +#line 1044 "util/configparser.y" { OUTYY(("P(server_del_holddown:%s)\n", yystack.l_mark[0].str)); if(atoi(yystack.l_mark[0].str) == 0 && strcmp(yystack.l_mark[0].str, "0") != 0) yyerror("number expected"); else cfg_parser->cfg->del_holddown = atoi(yystack.l_mark[0].str); free(yystack.l_mark[0].str); } break; -case 218: -#line 1043 "util/configparser.y" +case 220: +#line 1053 "util/configparser.y" { OUTYY(("P(server_keep_missing:%s)\n", yystack.l_mark[0].str)); if(atoi(yystack.l_mark[0].str) == 0 && strcmp(yystack.l_mark[0].str, "0") != 0) yyerror("number expected"); else cfg_parser->cfg->keep_missing = atoi(yystack.l_mark[0].str); free(yystack.l_mark[0].str); } break; -case 219: -#line 1052 "util/configparser.y" +case 221: +#line 1062 "util/configparser.y" { OUTYY(("P(server_key_cache_size:%s)\n", yystack.l_mark[0].str)); if(!cfg_parse_memsize(yystack.l_mark[0].str, &cfg_parser->cfg->key_cache_size)) yyerror("memory size expected"); free(yystack.l_mark[0].str); } break; -case 220: -#line 1060 "util/configparser.y" +case 222: +#line 1070 "util/configparser.y" { OUTYY(("P(server_key_cache_slabs:%s)\n", yystack.l_mark[0].str)); if(atoi(yystack.l_mark[0].str) == 0) yyerror("number expected"); else { cfg_parser->cfg->key_cache_slabs = atoi(yystack.l_mark[0].str); if(!is_pow2(cfg_parser->cfg->key_cache_slabs)) yyerror("must be a power of 2"); } free(yystack.l_mark[0].str); } break; -case 221: -#line 1073 "util/configparser.y" +case 223: +#line 1083 "util/configparser.y" { OUTYY(("P(server_neg_cache_size:%s)\n", yystack.l_mark[0].str)); if(!cfg_parse_memsize(yystack.l_mark[0].str, &cfg_parser->cfg->neg_cache_size)) yyerror("memory size expected"); free(yystack.l_mark[0].str); } break; -case 222: -#line 1081 "util/configparser.y" +case 224: +#line 1091 "util/configparser.y" { OUTYY(("P(server_local_zone:%s %s)\n", yystack.l_mark[-1].str, yystack.l_mark[0].str)); if(strcmp(yystack.l_mark[0].str, "static")!=0 && strcmp(yystack.l_mark[0].str, "deny")!=0 && strcmp(yystack.l_mark[0].str, "refuse")!=0 && strcmp(yystack.l_mark[0].str, "redirect")!=0 && strcmp(yystack.l_mark[0].str, "transparent")!=0 && strcmp(yystack.l_mark[0].str, "nodefault")!=0 && strcmp(yystack.l_mark[0].str, "typetransparent")!=0) yyerror("local-zone type: expected static, deny, " "refuse, redirect, transparent, " "typetransparent or nodefault"); else if(strcmp(yystack.l_mark[0].str, "nodefault")==0) { if(!cfg_strlist_insert(&cfg_parser->cfg-> local_zones_nodefault, yystack.l_mark[-1].str)) fatal_exit("out of memory adding local-zone"); free(yystack.l_mark[0].str); } else { if(!cfg_str2list_insert(&cfg_parser->cfg->local_zones, yystack.l_mark[-1].str, yystack.l_mark[0].str)) fatal_exit("out of memory adding local-zone"); } } break; -case 223: -#line 1103 "util/configparser.y" +case 225: +#line 1113 "util/configparser.y" { OUTYY(("P(server_local_data:%s)\n", yystack.l_mark[0].str)); if(!cfg_strlist_insert(&cfg_parser->cfg->local_data, yystack.l_mark[0].str)) fatal_exit("out of memory adding local-data"); } break; -case 224: -#line 1110 "util/configparser.y" +case 226: +#line 1120 "util/configparser.y" { char* ptr; OUTYY(("P(server_local_data_ptr:%s)\n", yystack.l_mark[0].str)); ptr = cfg_ptr_reverse(yystack.l_mark[0].str); free(yystack.l_mark[0].str); if(ptr) { if(!cfg_strlist_insert(&cfg_parser->cfg-> local_data, ptr)) fatal_exit("out of memory adding local-data"); } else { yyerror("local-data-ptr could not be reversed"); } } break; -case 225: -#line 1125 "util/configparser.y" +case 227: +#line 1135 "util/configparser.y" { OUTYY(("P(server_minimal_responses:%s)\n", yystack.l_mark[0].str)); if(strcmp(yystack.l_mark[0].str, "yes") != 0 && strcmp(yystack.l_mark[0].str, "no") != 0) yyerror("expected yes or no."); else cfg_parser->cfg->minimal_responses = (strcmp(yystack.l_mark[0].str, "yes")==0); free(yystack.l_mark[0].str); } break; -case 226: -#line 1135 "util/configparser.y" +case 228: +#line 1145 "util/configparser.y" { OUTYY(("P(server_rrset_roundrobin:%s)\n", yystack.l_mark[0].str)); if(strcmp(yystack.l_mark[0].str, "yes") != 0 && strcmp(yystack.l_mark[0].str, "no") != 0) yyerror("expected yes or no."); else cfg_parser->cfg->rrset_roundrobin = (strcmp(yystack.l_mark[0].str, "yes")==0); free(yystack.l_mark[0].str); } break; -case 227: -#line 1145 "util/configparser.y" +case 229: +#line 1155 "util/configparser.y" { OUTYY(("P(server_max_udp_size:%s)\n", yystack.l_mark[0].str)); cfg_parser->cfg->max_udp_size = atoi(yystack.l_mark[0].str); free(yystack.l_mark[0].str); } break; -case 228: -#line 1152 "util/configparser.y" +case 230: +#line 1162 "util/configparser.y" { OUTYY(("P(name:%s)\n", yystack.l_mark[0].str)); if(cfg_parser->cfg->stubs->name) yyerror("stub name override, there must be one name " "for one stub-zone"); free(cfg_parser->cfg->stubs->name); cfg_parser->cfg->stubs->name = yystack.l_mark[0].str; } break; -case 229: -#line 1162 "util/configparser.y" +case 231: +#line 1172 "util/configparser.y" { OUTYY(("P(stub-host:%s)\n", yystack.l_mark[0].str)); if(!cfg_strlist_insert(&cfg_parser->cfg->stubs->hosts, yystack.l_mark[0].str)) yyerror("out of memory"); } break; -case 230: -#line 1169 "util/configparser.y" +case 232: +#line 1179 "util/configparser.y" { OUTYY(("P(stub-addr:%s)\n", yystack.l_mark[0].str)); if(!cfg_strlist_insert(&cfg_parser->cfg->stubs->addrs, yystack.l_mark[0].str)) yyerror("out of memory"); } break; -case 231: -#line 1176 "util/configparser.y" +case 233: +#line 1186 "util/configparser.y" { OUTYY(("P(stub-first:%s)\n", yystack.l_mark[0].str)); if(strcmp(yystack.l_mark[0].str, "yes") != 0 && strcmp(yystack.l_mark[0].str, "no") != 0) yyerror("expected yes or no."); else cfg_parser->cfg->stubs->isfirst=(strcmp(yystack.l_mark[0].str, "yes")==0); free(yystack.l_mark[0].str); } break; -case 232: -#line 1185 "util/configparser.y" +case 234: +#line 1195 "util/configparser.y" { OUTYY(("P(stub-prime:%s)\n", yystack.l_mark[0].str)); if(strcmp(yystack.l_mark[0].str, "yes") != 0 && strcmp(yystack.l_mark[0].str, "no") != 0) yyerror("expected yes or no."); else cfg_parser->cfg->stubs->isprime = (strcmp(yystack.l_mark[0].str, "yes")==0); free(yystack.l_mark[0].str); } break; -case 233: -#line 1195 "util/configparser.y" +case 235: +#line 1205 "util/configparser.y" { OUTYY(("P(name:%s)\n", yystack.l_mark[0].str)); if(cfg_parser->cfg->forwards->name) yyerror("forward name override, there must be one " "name for one forward-zone"); free(cfg_parser->cfg->forwards->name); cfg_parser->cfg->forwards->name = yystack.l_mark[0].str; } break; -case 234: -#line 1205 "util/configparser.y" +case 236: +#line 1215 "util/configparser.y" { OUTYY(("P(forward-host:%s)\n", yystack.l_mark[0].str)); if(!cfg_strlist_insert(&cfg_parser->cfg->forwards->hosts, yystack.l_mark[0].str)) yyerror("out of memory"); } break; -case 235: -#line 1212 "util/configparser.y" +case 237: +#line 1222 "util/configparser.y" { OUTYY(("P(forward-addr:%s)\n", yystack.l_mark[0].str)); if(!cfg_strlist_insert(&cfg_parser->cfg->forwards->addrs, yystack.l_mark[0].str)) yyerror("out of memory"); } break; -case 236: -#line 1219 "util/configparser.y" +case 238: +#line 1229 "util/configparser.y" { OUTYY(("P(forward-first:%s)\n", yystack.l_mark[0].str)); if(strcmp(yystack.l_mark[0].str, "yes") != 0 && strcmp(yystack.l_mark[0].str, "no") != 0) yyerror("expected yes or no."); else cfg_parser->cfg->forwards->isfirst=(strcmp(yystack.l_mark[0].str, "yes")==0); free(yystack.l_mark[0].str); } break; -case 237: -#line 1228 "util/configparser.y" +case 239: +#line 1238 "util/configparser.y" { OUTYY(("\nP(remote-control:)\n")); } break; -case 247: -#line 1239 "util/configparser.y" +case 249: +#line 1249 "util/configparser.y" { OUTYY(("P(control_enable:%s)\n", yystack.l_mark[0].str)); if(strcmp(yystack.l_mark[0].str, "yes") != 0 && strcmp(yystack.l_mark[0].str, "no") != 0) yyerror("expected yes or no."); else cfg_parser->cfg->remote_control_enable = (strcmp(yystack.l_mark[0].str, "yes")==0); free(yystack.l_mark[0].str); } break; -case 248: -#line 1249 "util/configparser.y" +case 250: +#line 1259 "util/configparser.y" { OUTYY(("P(control_port:%s)\n", yystack.l_mark[0].str)); if(atoi(yystack.l_mark[0].str) == 0) yyerror("control port number expected"); else cfg_parser->cfg->control_port = atoi(yystack.l_mark[0].str); free(yystack.l_mark[0].str); } break; -case 249: -#line 1258 "util/configparser.y" +case 251: +#line 1268 "util/configparser.y" { OUTYY(("P(control_interface:%s)\n", yystack.l_mark[0].str)); if(!cfg_strlist_insert(&cfg_parser->cfg->control_ifs, yystack.l_mark[0].str)) yyerror("out of memory"); } break; -case 250: -#line 1265 "util/configparser.y" +case 252: +#line 1275 "util/configparser.y" { OUTYY(("P(rc_server_key_file:%s)\n", yystack.l_mark[0].str)); free(cfg_parser->cfg->server_key_file); cfg_parser->cfg->server_key_file = yystack.l_mark[0].str; } break; -case 251: -#line 1272 "util/configparser.y" +case 253: +#line 1282 "util/configparser.y" { OUTYY(("P(rc_server_cert_file:%s)\n", yystack.l_mark[0].str)); free(cfg_parser->cfg->server_cert_file); cfg_parser->cfg->server_cert_file = yystack.l_mark[0].str; } break; -case 252: -#line 1279 "util/configparser.y" +case 254: +#line 1289 "util/configparser.y" { OUTYY(("P(rc_control_key_file:%s)\n", yystack.l_mark[0].str)); free(cfg_parser->cfg->control_key_file); cfg_parser->cfg->control_key_file = yystack.l_mark[0].str; } break; -case 253: -#line 1286 "util/configparser.y" +case 255: +#line 1296 "util/configparser.y" { OUTYY(("P(rc_control_cert_file:%s)\n", yystack.l_mark[0].str)); free(cfg_parser->cfg->control_cert_file); cfg_parser->cfg->control_cert_file = yystack.l_mark[0].str; } break; -case 254: -#line 1293 "util/configparser.y" +case 256: +#line 1303 "util/configparser.y" { OUTYY(("\nP(python:)\n")); } break; -case 258: -#line 1302 "util/configparser.y" +case 260: +#line 1312 "util/configparser.y" { OUTYY(("P(python-script:%s)\n", yystack.l_mark[0].str)); free(cfg_parser->cfg->python_script); cfg_parser->cfg->python_script = yystack.l_mark[0].str; } break; -#line 2315 "util/configparser.c" +#line 2338 "util/configparser.c" } yystack.s_mark -= yym; yystate = *yystack.s_mark; yystack.l_mark -= yym; yym = yylhs[yyn]; if (yystate == 0 && yym == 0) { #if YYDEBUG if (yydebug) printf("%sdebug: after reduction, shifting from state 0 to\ state %d\n", YYPREFIX, YYFINAL); #endif yystate = YYFINAL; *++yystack.s_mark = YYFINAL; *++yystack.l_mark = yyval; if (yychar < 0) { - if ((yychar = YYLEX) < 0) yychar = 0; + if ((yychar = YYLEX) < 0) yychar = YYEOF; #if YYDEBUG if (yydebug) { - yys = 0; - if (yychar <= YYMAXTOKEN) yys = yyname[yychar]; - if (!yys) yys = "illegal-symbol"; + yys = yyname[YYTRANSLATE(yychar)]; printf("%sdebug: state %d, reading %d (%s)\n", YYPREFIX, YYFINAL, yychar, yys); } #endif } - if (yychar == 0) goto yyaccept; + if (yychar == YYEOF) goto yyaccept; goto yyloop; } if ((yyn = yygindex[yym]) && (yyn += yystate) >= 0 && yyn <= YYTABLESIZE && yycheck[yyn] == yystate) yystate = yytable[yyn]; else yystate = yydgoto[yym]; #if YYDEBUG if (yydebug) printf("%sdebug: after reduction, shifting from state %d \ to state %d\n", YYPREFIX, *yystack.s_mark, yystate); #endif - if (yystack.s_mark >= yystack.s_last && yygrowstack(&yystack)) + if (yystack.s_mark >= yystack.s_last && yygrowstack(&yystack) == YYENOMEM) { goto yyoverflow; } - *++yystack.s_mark = (short) yystate; + *++yystack.s_mark = (YYINT) yystate; *++yystack.l_mark = yyval; goto yyloop; yyoverflow: - yyerror("yacc stack overflow"); + YYERROR_CALL("yacc stack overflow"); yyabort: yyfreestack(&yystack); return (1); yyaccept: yyfreestack(&yystack); return (0); } Index: head/contrib/unbound/util/configparser.h =================================================================== --- head/contrib/unbound/util/configparser.h (revision 268838) +++ head/contrib/unbound/util/configparser.h (revision 268839) @@ -1,141 +1,142 @@ #define SPACE 257 #define LETTER 258 #define NEWLINE 259 #define COMMENT 260 #define COLON 261 #define ANY 262 #define ZONESTR 263 #define STRING_ARG 264 #define VAR_SERVER 265 #define VAR_VERBOSITY 266 #define VAR_NUM_THREADS 267 #define VAR_PORT 268 #define VAR_OUTGOING_RANGE 269 #define VAR_INTERFACE 270 #define VAR_DO_IP4 271 #define VAR_DO_IP6 272 #define VAR_DO_UDP 273 #define VAR_DO_TCP 274 #define VAR_CHROOT 275 #define VAR_USERNAME 276 #define VAR_DIRECTORY 277 #define VAR_LOGFILE 278 #define VAR_PIDFILE 279 #define VAR_MSG_CACHE_SIZE 280 #define VAR_MSG_CACHE_SLABS 281 #define VAR_NUM_QUERIES_PER_THREAD 282 #define VAR_RRSET_CACHE_SIZE 283 #define VAR_RRSET_CACHE_SLABS 284 #define VAR_OUTGOING_NUM_TCP 285 #define VAR_INFRA_HOST_TTL 286 #define VAR_INFRA_LAME_TTL 287 #define VAR_INFRA_CACHE_SLABS 288 #define VAR_INFRA_CACHE_NUMHOSTS 289 #define VAR_INFRA_CACHE_LAME_SIZE 290 #define VAR_NAME 291 #define VAR_STUB_ZONE 292 #define VAR_STUB_HOST 293 #define VAR_STUB_ADDR 294 #define VAR_TARGET_FETCH_POLICY 295 #define VAR_HARDEN_SHORT_BUFSIZE 296 #define VAR_HARDEN_LARGE_QUERIES 297 #define VAR_FORWARD_ZONE 298 #define VAR_FORWARD_HOST 299 #define VAR_FORWARD_ADDR 300 #define VAR_DO_NOT_QUERY_ADDRESS 301 #define VAR_HIDE_IDENTITY 302 #define VAR_HIDE_VERSION 303 #define VAR_IDENTITY 304 #define VAR_VERSION 305 #define VAR_HARDEN_GLUE 306 #define VAR_MODULE_CONF 307 #define VAR_TRUST_ANCHOR_FILE 308 #define VAR_TRUST_ANCHOR 309 #define VAR_VAL_OVERRIDE_DATE 310 #define VAR_BOGUS_TTL 311 #define VAR_VAL_CLEAN_ADDITIONAL 312 #define VAR_VAL_PERMISSIVE_MODE 313 #define VAR_INCOMING_NUM_TCP 314 #define VAR_MSG_BUFFER_SIZE 315 #define VAR_KEY_CACHE_SIZE 316 #define VAR_KEY_CACHE_SLABS 317 #define VAR_TRUSTED_KEYS_FILE 318 #define VAR_VAL_NSEC3_KEYSIZE_ITERATIONS 319 #define VAR_USE_SYSLOG 320 #define VAR_OUTGOING_INTERFACE 321 #define VAR_ROOT_HINTS 322 #define VAR_DO_NOT_QUERY_LOCALHOST 323 #define VAR_CACHE_MAX_TTL 324 #define VAR_HARDEN_DNSSEC_STRIPPED 325 #define VAR_ACCESS_CONTROL 326 #define VAR_LOCAL_ZONE 327 #define VAR_LOCAL_DATA 328 #define VAR_INTERFACE_AUTOMATIC 329 #define VAR_STATISTICS_INTERVAL 330 #define VAR_DO_DAEMONIZE 331 #define VAR_USE_CAPS_FOR_ID 332 #define VAR_STATISTICS_CUMULATIVE 333 #define VAR_OUTGOING_PORT_PERMIT 334 #define VAR_OUTGOING_PORT_AVOID 335 #define VAR_DLV_ANCHOR_FILE 336 #define VAR_DLV_ANCHOR 337 #define VAR_NEG_CACHE_SIZE 338 #define VAR_HARDEN_REFERRAL_PATH 339 #define VAR_PRIVATE_ADDRESS 340 #define VAR_PRIVATE_DOMAIN 341 #define VAR_REMOTE_CONTROL 342 #define VAR_CONTROL_ENABLE 343 #define VAR_CONTROL_INTERFACE 344 #define VAR_CONTROL_PORT 345 #define VAR_SERVER_KEY_FILE 346 #define VAR_SERVER_CERT_FILE 347 #define VAR_CONTROL_KEY_FILE 348 #define VAR_CONTROL_CERT_FILE 349 #define VAR_EXTENDED_STATISTICS 350 #define VAR_LOCAL_DATA_PTR 351 #define VAR_JOSTLE_TIMEOUT 352 #define VAR_STUB_PRIME 353 #define VAR_UNWANTED_REPLY_THRESHOLD 354 #define VAR_LOG_TIME_ASCII 355 #define VAR_DOMAIN_INSECURE 356 #define VAR_PYTHON 357 #define VAR_PYTHON_SCRIPT 358 #define VAR_VAL_SIG_SKEW_MIN 359 #define VAR_VAL_SIG_SKEW_MAX 360 #define VAR_CACHE_MIN_TTL 361 #define VAR_VAL_LOG_LEVEL 362 #define VAR_AUTO_TRUST_ANCHOR_FILE 363 #define VAR_KEEP_MISSING 364 #define VAR_ADD_HOLDDOWN 365 #define VAR_DEL_HOLDDOWN 366 #define VAR_SO_RCVBUF 367 #define VAR_EDNS_BUFFER_SIZE 368 #define VAR_PREFETCH 369 #define VAR_PREFETCH_KEY 370 #define VAR_SO_SNDBUF 371 #define VAR_SO_REUSEPORT 372 #define VAR_HARDEN_BELOW_NXDOMAIN 373 #define VAR_IGNORE_CD_FLAG 374 #define VAR_LOG_QUERIES 375 #define VAR_TCP_UPSTREAM 376 #define VAR_SSL_UPSTREAM 377 #define VAR_SSL_SERVICE_KEY 378 #define VAR_SSL_SERVICE_PEM 379 #define VAR_SSL_PORT 380 #define VAR_FORWARD_FIRST 381 #define VAR_STUB_FIRST 382 #define VAR_MINIMAL_RESPONSES 383 #define VAR_RRSET_ROUNDROBIN 384 #define VAR_MAX_UDP_SIZE 385 #define VAR_DELAY_CLOSE 386 +#define VAR_UNBLOCK_LAN_ZONES 387 #ifdef YYSTYPE #undef YYSTYPE_IS_DECLARED #define YYSTYPE_IS_DECLARED 1 #endif #ifndef YYSTYPE_IS_DECLARED #define YYSTYPE_IS_DECLARED 1 typedef union { char* str; } YYSTYPE; #endif /* !YYSTYPE_IS_DECLARED */ extern YYSTYPE yylval; Index: head/contrib/unbound/util/configparser.y =================================================================== --- head/contrib/unbound/util/configparser.y (revision 268838) +++ head/contrib/unbound/util/configparser.y (revision 268839) @@ -1,1309 +1,1319 @@ /* * configparser.y -- yacc grammar for unbound configuration files * * Copyright (c) 2001-2006, NLnet Labs. All rights reserved. * * Copyright (c) 2007, NLnet Labs. All rights reserved. * * This software is open source. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * Redistributions of source code must retain the above copyright notice, * this list of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, * this list of conditions and the following disclaimer in the documentation * and/or other materials provided with the distribution. * * Neither the name of the NLNET LABS nor the names of its contributors may * be used to endorse or promote products derived from this software without * specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ %{ #include "config.h" #include #include #include #include #include #include "util/configyyrename.h" #include "util/config_file.h" #include "util/net_help.h" int ub_c_lex(void); void ub_c_error(const char *message); /* these need to be global, otherwise they cannot be used inside yacc */ extern struct config_parser_state* cfg_parser; #if 0 #define OUTYY(s) printf s /* used ONLY when debugging */ #else #define OUTYY(s) #endif %} %union { char* str; }; %token SPACE LETTER NEWLINE COMMENT COLON ANY ZONESTR %token STRING_ARG %token VAR_SERVER VAR_VERBOSITY VAR_NUM_THREADS VAR_PORT %token VAR_OUTGOING_RANGE VAR_INTERFACE %token VAR_DO_IP4 VAR_DO_IP6 VAR_DO_UDP VAR_DO_TCP %token VAR_CHROOT VAR_USERNAME VAR_DIRECTORY VAR_LOGFILE VAR_PIDFILE %token VAR_MSG_CACHE_SIZE VAR_MSG_CACHE_SLABS VAR_NUM_QUERIES_PER_THREAD %token VAR_RRSET_CACHE_SIZE VAR_RRSET_CACHE_SLABS VAR_OUTGOING_NUM_TCP %token VAR_INFRA_HOST_TTL VAR_INFRA_LAME_TTL VAR_INFRA_CACHE_SLABS %token VAR_INFRA_CACHE_NUMHOSTS VAR_INFRA_CACHE_LAME_SIZE VAR_NAME %token VAR_STUB_ZONE VAR_STUB_HOST VAR_STUB_ADDR VAR_TARGET_FETCH_POLICY %token VAR_HARDEN_SHORT_BUFSIZE VAR_HARDEN_LARGE_QUERIES %token VAR_FORWARD_ZONE VAR_FORWARD_HOST VAR_FORWARD_ADDR %token VAR_DO_NOT_QUERY_ADDRESS VAR_HIDE_IDENTITY VAR_HIDE_VERSION %token VAR_IDENTITY VAR_VERSION VAR_HARDEN_GLUE VAR_MODULE_CONF %token VAR_TRUST_ANCHOR_FILE VAR_TRUST_ANCHOR VAR_VAL_OVERRIDE_DATE %token VAR_BOGUS_TTL VAR_VAL_CLEAN_ADDITIONAL VAR_VAL_PERMISSIVE_MODE %token VAR_INCOMING_NUM_TCP VAR_MSG_BUFFER_SIZE VAR_KEY_CACHE_SIZE %token VAR_KEY_CACHE_SLABS VAR_TRUSTED_KEYS_FILE %token VAR_VAL_NSEC3_KEYSIZE_ITERATIONS VAR_USE_SYSLOG %token VAR_OUTGOING_INTERFACE VAR_ROOT_HINTS VAR_DO_NOT_QUERY_LOCALHOST %token VAR_CACHE_MAX_TTL VAR_HARDEN_DNSSEC_STRIPPED VAR_ACCESS_CONTROL %token VAR_LOCAL_ZONE VAR_LOCAL_DATA VAR_INTERFACE_AUTOMATIC %token VAR_STATISTICS_INTERVAL VAR_DO_DAEMONIZE VAR_USE_CAPS_FOR_ID %token VAR_STATISTICS_CUMULATIVE VAR_OUTGOING_PORT_PERMIT %token VAR_OUTGOING_PORT_AVOID VAR_DLV_ANCHOR_FILE VAR_DLV_ANCHOR %token VAR_NEG_CACHE_SIZE VAR_HARDEN_REFERRAL_PATH VAR_PRIVATE_ADDRESS %token VAR_PRIVATE_DOMAIN VAR_REMOTE_CONTROL VAR_CONTROL_ENABLE %token VAR_CONTROL_INTERFACE VAR_CONTROL_PORT VAR_SERVER_KEY_FILE %token VAR_SERVER_CERT_FILE VAR_CONTROL_KEY_FILE VAR_CONTROL_CERT_FILE %token VAR_EXTENDED_STATISTICS VAR_LOCAL_DATA_PTR VAR_JOSTLE_TIMEOUT %token VAR_STUB_PRIME VAR_UNWANTED_REPLY_THRESHOLD VAR_LOG_TIME_ASCII %token VAR_DOMAIN_INSECURE VAR_PYTHON VAR_PYTHON_SCRIPT VAR_VAL_SIG_SKEW_MIN %token VAR_VAL_SIG_SKEW_MAX VAR_CACHE_MIN_TTL VAR_VAL_LOG_LEVEL %token VAR_AUTO_TRUST_ANCHOR_FILE VAR_KEEP_MISSING VAR_ADD_HOLDDOWN %token VAR_DEL_HOLDDOWN VAR_SO_RCVBUF VAR_EDNS_BUFFER_SIZE VAR_PREFETCH %token VAR_PREFETCH_KEY VAR_SO_SNDBUF VAR_SO_REUSEPORT VAR_HARDEN_BELOW_NXDOMAIN %token VAR_IGNORE_CD_FLAG VAR_LOG_QUERIES VAR_TCP_UPSTREAM VAR_SSL_UPSTREAM %token VAR_SSL_SERVICE_KEY VAR_SSL_SERVICE_PEM VAR_SSL_PORT VAR_FORWARD_FIRST %token VAR_STUB_FIRST VAR_MINIMAL_RESPONSES VAR_RRSET_ROUNDROBIN -%token VAR_MAX_UDP_SIZE VAR_DELAY_CLOSE +%token VAR_MAX_UDP_SIZE VAR_DELAY_CLOSE VAR_UNBLOCK_LAN_ZONES %% toplevelvars: /* empty */ | toplevelvars toplevelvar ; toplevelvar: serverstart contents_server | stubstart contents_stub | forwardstart contents_forward | pythonstart contents_py | rcstart contents_rc ; /* server: declaration */ serverstart: VAR_SERVER { OUTYY(("\nP(server:)\n")); } ; contents_server: contents_server content_server | ; content_server: server_num_threads | server_verbosity | server_port | server_outgoing_range | server_do_ip4 | server_do_ip6 | server_do_udp | server_do_tcp | server_interface | server_chroot | server_username | server_directory | server_logfile | server_pidfile | server_msg_cache_size | server_msg_cache_slabs | server_num_queries_per_thread | server_rrset_cache_size | server_rrset_cache_slabs | server_outgoing_num_tcp | server_infra_host_ttl | server_infra_lame_ttl | server_infra_cache_slabs | server_infra_cache_numhosts | server_infra_cache_lame_size | server_target_fetch_policy | server_harden_short_bufsize | server_harden_large_queries | server_do_not_query_address | server_hide_identity | server_hide_version | server_identity | server_version | server_harden_glue | server_module_conf | server_trust_anchor_file | server_trust_anchor | server_val_override_date | server_bogus_ttl | server_val_clean_additional | server_val_permissive_mode | server_incoming_num_tcp | server_msg_buffer_size | server_key_cache_size | server_key_cache_slabs | server_trusted_keys_file | server_val_nsec3_keysize_iterations | server_use_syslog | server_outgoing_interface | server_root_hints | server_do_not_query_localhost | server_cache_max_ttl | server_harden_dnssec_stripped | server_access_control | server_local_zone | server_local_data | server_interface_automatic | server_statistics_interval | server_do_daemonize | server_use_caps_for_id | server_statistics_cumulative | server_outgoing_port_permit | server_outgoing_port_avoid | server_dlv_anchor_file | server_dlv_anchor | server_neg_cache_size | server_harden_referral_path | server_private_address | server_private_domain | server_extended_statistics | server_local_data_ptr | server_jostle_timeout | server_unwanted_reply_threshold | server_log_time_ascii | server_domain_insecure | server_val_sig_skew_min | server_val_sig_skew_max | server_cache_min_ttl | server_val_log_level | server_auto_trust_anchor_file | server_add_holddown | server_del_holddown | server_keep_missing | server_so_rcvbuf | server_edns_buffer_size | server_prefetch | server_prefetch_key | server_so_sndbuf | server_harden_below_nxdomain | server_ignore_cd_flag | server_log_queries | server_tcp_upstream | server_ssl_upstream | server_ssl_service_key | server_ssl_service_pem | server_ssl_port | server_minimal_responses | server_rrset_roundrobin | server_max_udp_size | - server_so_reuseport | server_delay_close + server_so_reuseport | server_delay_close | server_unblock_lan_zones ; stubstart: VAR_STUB_ZONE { struct config_stub* s; OUTYY(("\nP(stub_zone:)\n")); s = (struct config_stub*)calloc(1, sizeof(struct config_stub)); if(s) { s->next = cfg_parser->cfg->stubs; cfg_parser->cfg->stubs = s; } else yyerror("out of memory"); } ; contents_stub: contents_stub content_stub | ; content_stub: stub_name | stub_host | stub_addr | stub_prime | stub_first ; forwardstart: VAR_FORWARD_ZONE { struct config_stub* s; OUTYY(("\nP(forward_zone:)\n")); s = (struct config_stub*)calloc(1, sizeof(struct config_stub)); if(s) { s->next = cfg_parser->cfg->forwards; cfg_parser->cfg->forwards = s; } else yyerror("out of memory"); } ; contents_forward: contents_forward content_forward | ; content_forward: forward_name | forward_host | forward_addr | forward_first ; server_num_threads: VAR_NUM_THREADS STRING_ARG { OUTYY(("P(server_num_threads:%s)\n", $2)); if(atoi($2) == 0 && strcmp($2, "0") != 0) yyerror("number expected"); else cfg_parser->cfg->num_threads = atoi($2); free($2); } ; server_verbosity: VAR_VERBOSITY STRING_ARG { OUTYY(("P(server_verbosity:%s)\n", $2)); if(atoi($2) == 0 && strcmp($2, "0") != 0) yyerror("number expected"); else cfg_parser->cfg->verbosity = atoi($2); free($2); } ; server_statistics_interval: VAR_STATISTICS_INTERVAL STRING_ARG { OUTYY(("P(server_statistics_interval:%s)\n", $2)); if(strcmp($2, "") == 0 || strcmp($2, "0") == 0) cfg_parser->cfg->stat_interval = 0; else if(atoi($2) == 0) yyerror("number expected"); else cfg_parser->cfg->stat_interval = atoi($2); free($2); } ; server_statistics_cumulative: VAR_STATISTICS_CUMULATIVE STRING_ARG { OUTYY(("P(server_statistics_cumulative:%s)\n", $2)); if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0) yyerror("expected yes or no."); else cfg_parser->cfg->stat_cumulative = (strcmp($2, "yes")==0); free($2); } ; server_extended_statistics: VAR_EXTENDED_STATISTICS STRING_ARG { OUTYY(("P(server_extended_statistics:%s)\n", $2)); if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0) yyerror("expected yes or no."); else cfg_parser->cfg->stat_extended = (strcmp($2, "yes")==0); free($2); } ; server_port: VAR_PORT STRING_ARG { OUTYY(("P(server_port:%s)\n", $2)); if(atoi($2) == 0) yyerror("port number expected"); else cfg_parser->cfg->port = atoi($2); free($2); } ; server_interface: VAR_INTERFACE STRING_ARG { OUTYY(("P(server_interface:%s)\n", $2)); if(cfg_parser->cfg->num_ifs == 0) cfg_parser->cfg->ifs = calloc(1, sizeof(char*)); else cfg_parser->cfg->ifs = realloc(cfg_parser->cfg->ifs, (cfg_parser->cfg->num_ifs+1)*sizeof(char*)); if(!cfg_parser->cfg->ifs) yyerror("out of memory"); else cfg_parser->cfg->ifs[cfg_parser->cfg->num_ifs++] = $2; } ; server_outgoing_interface: VAR_OUTGOING_INTERFACE STRING_ARG { OUTYY(("P(server_outgoing_interface:%s)\n", $2)); if(cfg_parser->cfg->num_out_ifs == 0) cfg_parser->cfg->out_ifs = calloc(1, sizeof(char*)); else cfg_parser->cfg->out_ifs = realloc( cfg_parser->cfg->out_ifs, (cfg_parser->cfg->num_out_ifs+1)*sizeof(char*)); if(!cfg_parser->cfg->out_ifs) yyerror("out of memory"); else cfg_parser->cfg->out_ifs[ cfg_parser->cfg->num_out_ifs++] = $2; } ; server_outgoing_range: VAR_OUTGOING_RANGE STRING_ARG { OUTYY(("P(server_outgoing_range:%s)\n", $2)); if(atoi($2) == 0) yyerror("number expected"); else cfg_parser->cfg->outgoing_num_ports = atoi($2); free($2); } ; server_outgoing_port_permit: VAR_OUTGOING_PORT_PERMIT STRING_ARG { OUTYY(("P(server_outgoing_port_permit:%s)\n", $2)); if(!cfg_mark_ports($2, 1, cfg_parser->cfg->outgoing_avail_ports, 65536)) yyerror("port number or range (\"low-high\") expected"); free($2); } ; server_outgoing_port_avoid: VAR_OUTGOING_PORT_AVOID STRING_ARG { OUTYY(("P(server_outgoing_port_avoid:%s)\n", $2)); if(!cfg_mark_ports($2, 0, cfg_parser->cfg->outgoing_avail_ports, 65536)) yyerror("port number or range (\"low-high\") expected"); free($2); } ; server_outgoing_num_tcp: VAR_OUTGOING_NUM_TCP STRING_ARG { OUTYY(("P(server_outgoing_num_tcp:%s)\n", $2)); if(atoi($2) == 0 && strcmp($2, "0") != 0) yyerror("number expected"); else cfg_parser->cfg->outgoing_num_tcp = atoi($2); free($2); } ; server_incoming_num_tcp: VAR_INCOMING_NUM_TCP STRING_ARG { OUTYY(("P(server_incoming_num_tcp:%s)\n", $2)); if(atoi($2) == 0 && strcmp($2, "0") != 0) yyerror("number expected"); else cfg_parser->cfg->incoming_num_tcp = atoi($2); free($2); } ; server_interface_automatic: VAR_INTERFACE_AUTOMATIC STRING_ARG { OUTYY(("P(server_interface_automatic:%s)\n", $2)); if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0) yyerror("expected yes or no."); else cfg_parser->cfg->if_automatic = (strcmp($2, "yes")==0); free($2); } ; server_do_ip4: VAR_DO_IP4 STRING_ARG { OUTYY(("P(server_do_ip4:%s)\n", $2)); if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0) yyerror("expected yes or no."); else cfg_parser->cfg->do_ip4 = (strcmp($2, "yes")==0); free($2); } ; server_do_ip6: VAR_DO_IP6 STRING_ARG { OUTYY(("P(server_do_ip6:%s)\n", $2)); if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0) yyerror("expected yes or no."); else cfg_parser->cfg->do_ip6 = (strcmp($2, "yes")==0); free($2); } ; server_do_udp: VAR_DO_UDP STRING_ARG { OUTYY(("P(server_do_udp:%s)\n", $2)); if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0) yyerror("expected yes or no."); else cfg_parser->cfg->do_udp = (strcmp($2, "yes")==0); free($2); } ; server_do_tcp: VAR_DO_TCP STRING_ARG { OUTYY(("P(server_do_tcp:%s)\n", $2)); if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0) yyerror("expected yes or no."); else cfg_parser->cfg->do_tcp = (strcmp($2, "yes")==0); free($2); } ; server_tcp_upstream: VAR_TCP_UPSTREAM STRING_ARG { OUTYY(("P(server_tcp_upstream:%s)\n", $2)); if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0) yyerror("expected yes or no."); else cfg_parser->cfg->tcp_upstream = (strcmp($2, "yes")==0); free($2); } ; server_ssl_upstream: VAR_SSL_UPSTREAM STRING_ARG { OUTYY(("P(server_ssl_upstream:%s)\n", $2)); if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0) yyerror("expected yes or no."); else cfg_parser->cfg->ssl_upstream = (strcmp($2, "yes")==0); free($2); } ; server_ssl_service_key: VAR_SSL_SERVICE_KEY STRING_ARG { OUTYY(("P(server_ssl_service_key:%s)\n", $2)); free(cfg_parser->cfg->ssl_service_key); cfg_parser->cfg->ssl_service_key = $2; } ; server_ssl_service_pem: VAR_SSL_SERVICE_PEM STRING_ARG { OUTYY(("P(server_ssl_service_pem:%s)\n", $2)); free(cfg_parser->cfg->ssl_service_pem); cfg_parser->cfg->ssl_service_pem = $2; } ; server_ssl_port: VAR_SSL_PORT STRING_ARG { OUTYY(("P(server_ssl_port:%s)\n", $2)); if(atoi($2) == 0) yyerror("port number expected"); else cfg_parser->cfg->ssl_port = atoi($2); free($2); } ; server_do_daemonize: VAR_DO_DAEMONIZE STRING_ARG { OUTYY(("P(server_do_daemonize:%s)\n", $2)); if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0) yyerror("expected yes or no."); else cfg_parser->cfg->do_daemonize = (strcmp($2, "yes")==0); free($2); } ; server_use_syslog: VAR_USE_SYSLOG STRING_ARG { OUTYY(("P(server_use_syslog:%s)\n", $2)); if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0) yyerror("expected yes or no."); else cfg_parser->cfg->use_syslog = (strcmp($2, "yes")==0); #if !defined(HAVE_SYSLOG_H) && !defined(UB_ON_WINDOWS) if(strcmp($2, "yes") == 0) yyerror("no syslog services are available. " "(reconfigure and compile to add)"); #endif free($2); } ; server_log_time_ascii: VAR_LOG_TIME_ASCII STRING_ARG { OUTYY(("P(server_log_time_ascii:%s)\n", $2)); if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0) yyerror("expected yes or no."); else cfg_parser->cfg->log_time_ascii = (strcmp($2, "yes")==0); free($2); } ; server_log_queries: VAR_LOG_QUERIES STRING_ARG { OUTYY(("P(server_log_queries:%s)\n", $2)); if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0) yyerror("expected yes or no."); else cfg_parser->cfg->log_queries = (strcmp($2, "yes")==0); free($2); } ; server_chroot: VAR_CHROOT STRING_ARG { OUTYY(("P(server_chroot:%s)\n", $2)); free(cfg_parser->cfg->chrootdir); cfg_parser->cfg->chrootdir = $2; } ; server_username: VAR_USERNAME STRING_ARG { OUTYY(("P(server_username:%s)\n", $2)); free(cfg_parser->cfg->username); cfg_parser->cfg->username = $2; } ; server_directory: VAR_DIRECTORY STRING_ARG { OUTYY(("P(server_directory:%s)\n", $2)); free(cfg_parser->cfg->directory); cfg_parser->cfg->directory = $2; } ; server_logfile: VAR_LOGFILE STRING_ARG { OUTYY(("P(server_logfile:%s)\n", $2)); free(cfg_parser->cfg->logfile); cfg_parser->cfg->logfile = $2; cfg_parser->cfg->use_syslog = 0; } ; server_pidfile: VAR_PIDFILE STRING_ARG { OUTYY(("P(server_pidfile:%s)\n", $2)); free(cfg_parser->cfg->pidfile); cfg_parser->cfg->pidfile = $2; } ; server_root_hints: VAR_ROOT_HINTS STRING_ARG { OUTYY(("P(server_root_hints:%s)\n", $2)); if(!cfg_strlist_insert(&cfg_parser->cfg->root_hints, $2)) yyerror("out of memory"); } ; server_dlv_anchor_file: VAR_DLV_ANCHOR_FILE STRING_ARG { OUTYY(("P(server_dlv_anchor_file:%s)\n", $2)); free(cfg_parser->cfg->dlv_anchor_file); cfg_parser->cfg->dlv_anchor_file = $2; } ; server_dlv_anchor: VAR_DLV_ANCHOR STRING_ARG { OUTYY(("P(server_dlv_anchor:%s)\n", $2)); if(!cfg_strlist_insert(&cfg_parser->cfg->dlv_anchor_list, $2)) yyerror("out of memory"); } ; server_auto_trust_anchor_file: VAR_AUTO_TRUST_ANCHOR_FILE STRING_ARG { OUTYY(("P(server_auto_trust_anchor_file:%s)\n", $2)); if(!cfg_strlist_insert(&cfg_parser->cfg-> auto_trust_anchor_file_list, $2)) yyerror("out of memory"); } ; server_trust_anchor_file: VAR_TRUST_ANCHOR_FILE STRING_ARG { OUTYY(("P(server_trust_anchor_file:%s)\n", $2)); if(!cfg_strlist_insert(&cfg_parser->cfg-> trust_anchor_file_list, $2)) yyerror("out of memory"); } ; server_trusted_keys_file: VAR_TRUSTED_KEYS_FILE STRING_ARG { OUTYY(("P(server_trusted_keys_file:%s)\n", $2)); if(!cfg_strlist_insert(&cfg_parser->cfg-> trusted_keys_file_list, $2)) yyerror("out of memory"); } ; server_trust_anchor: VAR_TRUST_ANCHOR STRING_ARG { OUTYY(("P(server_trust_anchor:%s)\n", $2)); if(!cfg_strlist_insert(&cfg_parser->cfg->trust_anchor_list, $2)) yyerror("out of memory"); } ; server_domain_insecure: VAR_DOMAIN_INSECURE STRING_ARG { OUTYY(("P(server_domain_insecure:%s)\n", $2)); if(!cfg_strlist_insert(&cfg_parser->cfg->domain_insecure, $2)) yyerror("out of memory"); } ; server_hide_identity: VAR_HIDE_IDENTITY STRING_ARG { OUTYY(("P(server_hide_identity:%s)\n", $2)); if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0) yyerror("expected yes or no."); else cfg_parser->cfg->hide_identity = (strcmp($2, "yes")==0); free($2); } ; server_hide_version: VAR_HIDE_VERSION STRING_ARG { OUTYY(("P(server_hide_version:%s)\n", $2)); if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0) yyerror("expected yes or no."); else cfg_parser->cfg->hide_version = (strcmp($2, "yes")==0); free($2); } ; server_identity: VAR_IDENTITY STRING_ARG { OUTYY(("P(server_identity:%s)\n", $2)); free(cfg_parser->cfg->identity); cfg_parser->cfg->identity = $2; } ; server_version: VAR_VERSION STRING_ARG { OUTYY(("P(server_version:%s)\n", $2)); free(cfg_parser->cfg->version); cfg_parser->cfg->version = $2; } ; server_so_rcvbuf: VAR_SO_RCVBUF STRING_ARG { OUTYY(("P(server_so_rcvbuf:%s)\n", $2)); if(!cfg_parse_memsize($2, &cfg_parser->cfg->so_rcvbuf)) yyerror("buffer size expected"); free($2); } ; server_so_sndbuf: VAR_SO_SNDBUF STRING_ARG { OUTYY(("P(server_so_sndbuf:%s)\n", $2)); if(!cfg_parse_memsize($2, &cfg_parser->cfg->so_sndbuf)) yyerror("buffer size expected"); free($2); } ; server_so_reuseport: VAR_SO_REUSEPORT STRING_ARG { OUTYY(("P(server_so_reuseport:%s)\n", $2)); if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0) yyerror("expected yes or no."); else cfg_parser->cfg->so_reuseport = (strcmp($2, "yes")==0); free($2); } ; server_edns_buffer_size: VAR_EDNS_BUFFER_SIZE STRING_ARG { OUTYY(("P(server_edns_buffer_size:%s)\n", $2)); if(atoi($2) == 0) yyerror("number expected"); else if (atoi($2) < 12) yyerror("edns buffer size too small"); else if (atoi($2) > 65535) cfg_parser->cfg->edns_buffer_size = 65535; else cfg_parser->cfg->edns_buffer_size = atoi($2); free($2); } ; server_msg_buffer_size: VAR_MSG_BUFFER_SIZE STRING_ARG { OUTYY(("P(server_msg_buffer_size:%s)\n", $2)); if(atoi($2) == 0) yyerror("number expected"); else if (atoi($2) < 4096) yyerror("message buffer size too small (use 4096)"); else cfg_parser->cfg->msg_buffer_size = atoi($2); free($2); } ; server_msg_cache_size: VAR_MSG_CACHE_SIZE STRING_ARG { OUTYY(("P(server_msg_cache_size:%s)\n", $2)); if(!cfg_parse_memsize($2, &cfg_parser->cfg->msg_cache_size)) yyerror("memory size expected"); free($2); } ; server_msg_cache_slabs: VAR_MSG_CACHE_SLABS STRING_ARG { OUTYY(("P(server_msg_cache_slabs:%s)\n", $2)); if(atoi($2) == 0) yyerror("number expected"); else { cfg_parser->cfg->msg_cache_slabs = atoi($2); if(!is_pow2(cfg_parser->cfg->msg_cache_slabs)) yyerror("must be a power of 2"); } free($2); } ; server_num_queries_per_thread: VAR_NUM_QUERIES_PER_THREAD STRING_ARG { OUTYY(("P(server_num_queries_per_thread:%s)\n", $2)); if(atoi($2) == 0) yyerror("number expected"); else cfg_parser->cfg->num_queries_per_thread = atoi($2); free($2); } ; server_jostle_timeout: VAR_JOSTLE_TIMEOUT STRING_ARG { OUTYY(("P(server_jostle_timeout:%s)\n", $2)); if(atoi($2) == 0 && strcmp($2, "0") != 0) yyerror("number expected"); else cfg_parser->cfg->jostle_time = atoi($2); free($2); } ; server_delay_close: VAR_DELAY_CLOSE STRING_ARG { OUTYY(("P(server_delay_close:%s)\n", $2)); if(atoi($2) == 0 && strcmp($2, "0") != 0) yyerror("number expected"); else cfg_parser->cfg->delay_close = atoi($2); + free($2); + } + ; +server_unblock_lan_zones: VAR_UNBLOCK_LAN_ZONES STRING_ARG + { + OUTYY(("P(server_unblock_lan_zones:%s)\n", $2)); + if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0) + yyerror("expected yes or no."); + else cfg_parser->cfg->unblock_lan_zones = + (strcmp($2, "yes")==0); free($2); } ; server_rrset_cache_size: VAR_RRSET_CACHE_SIZE STRING_ARG { OUTYY(("P(server_rrset_cache_size:%s)\n", $2)); if(!cfg_parse_memsize($2, &cfg_parser->cfg->rrset_cache_size)) yyerror("memory size expected"); free($2); } ; server_rrset_cache_slabs: VAR_RRSET_CACHE_SLABS STRING_ARG { OUTYY(("P(server_rrset_cache_slabs:%s)\n", $2)); if(atoi($2) == 0) yyerror("number expected"); else { cfg_parser->cfg->rrset_cache_slabs = atoi($2); if(!is_pow2(cfg_parser->cfg->rrset_cache_slabs)) yyerror("must be a power of 2"); } free($2); } ; server_infra_host_ttl: VAR_INFRA_HOST_TTL STRING_ARG { OUTYY(("P(server_infra_host_ttl:%s)\n", $2)); if(atoi($2) == 0 && strcmp($2, "0") != 0) yyerror("number expected"); else cfg_parser->cfg->host_ttl = atoi($2); free($2); } ; server_infra_lame_ttl: VAR_INFRA_LAME_TTL STRING_ARG { OUTYY(("P(server_infra_lame_ttl:%s)\n", $2)); verbose(VERB_DETAIL, "ignored infra-lame-ttl: %s (option " "removed, use infra-host-ttl)", $2); free($2); } ; server_infra_cache_numhosts: VAR_INFRA_CACHE_NUMHOSTS STRING_ARG { OUTYY(("P(server_infra_cache_numhosts:%s)\n", $2)); if(atoi($2) == 0) yyerror("number expected"); else cfg_parser->cfg->infra_cache_numhosts = atoi($2); free($2); } ; server_infra_cache_lame_size: VAR_INFRA_CACHE_LAME_SIZE STRING_ARG { OUTYY(("P(server_infra_cache_lame_size:%s)\n", $2)); verbose(VERB_DETAIL, "ignored infra-cache-lame-size: %s " "(option removed, use infra-cache-numhosts)", $2); free($2); } ; server_infra_cache_slabs: VAR_INFRA_CACHE_SLABS STRING_ARG { OUTYY(("P(server_infra_cache_slabs:%s)\n", $2)); if(atoi($2) == 0) yyerror("number expected"); else { cfg_parser->cfg->infra_cache_slabs = atoi($2); if(!is_pow2(cfg_parser->cfg->infra_cache_slabs)) yyerror("must be a power of 2"); } free($2); } ; server_target_fetch_policy: VAR_TARGET_FETCH_POLICY STRING_ARG { OUTYY(("P(server_target_fetch_policy:%s)\n", $2)); free(cfg_parser->cfg->target_fetch_policy); cfg_parser->cfg->target_fetch_policy = $2; } ; server_harden_short_bufsize: VAR_HARDEN_SHORT_BUFSIZE STRING_ARG { OUTYY(("P(server_harden_short_bufsize:%s)\n", $2)); if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0) yyerror("expected yes or no."); else cfg_parser->cfg->harden_short_bufsize = (strcmp($2, "yes")==0); free($2); } ; server_harden_large_queries: VAR_HARDEN_LARGE_QUERIES STRING_ARG { OUTYY(("P(server_harden_large_queries:%s)\n", $2)); if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0) yyerror("expected yes or no."); else cfg_parser->cfg->harden_large_queries = (strcmp($2, "yes")==0); free($2); } ; server_harden_glue: VAR_HARDEN_GLUE STRING_ARG { OUTYY(("P(server_harden_glue:%s)\n", $2)); if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0) yyerror("expected yes or no."); else cfg_parser->cfg->harden_glue = (strcmp($2, "yes")==0); free($2); } ; server_harden_dnssec_stripped: VAR_HARDEN_DNSSEC_STRIPPED STRING_ARG { OUTYY(("P(server_harden_dnssec_stripped:%s)\n", $2)); if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0) yyerror("expected yes or no."); else cfg_parser->cfg->harden_dnssec_stripped = (strcmp($2, "yes")==0); free($2); } ; server_harden_below_nxdomain: VAR_HARDEN_BELOW_NXDOMAIN STRING_ARG { OUTYY(("P(server_harden_below_nxdomain:%s)\n", $2)); if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0) yyerror("expected yes or no."); else cfg_parser->cfg->harden_below_nxdomain = (strcmp($2, "yes")==0); free($2); } ; server_harden_referral_path: VAR_HARDEN_REFERRAL_PATH STRING_ARG { OUTYY(("P(server_harden_referral_path:%s)\n", $2)); if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0) yyerror("expected yes or no."); else cfg_parser->cfg->harden_referral_path = (strcmp($2, "yes")==0); free($2); } ; server_use_caps_for_id: VAR_USE_CAPS_FOR_ID STRING_ARG { OUTYY(("P(server_use_caps_for_id:%s)\n", $2)); if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0) yyerror("expected yes or no."); else cfg_parser->cfg->use_caps_bits_for_id = (strcmp($2, "yes")==0); free($2); } ; server_private_address: VAR_PRIVATE_ADDRESS STRING_ARG { OUTYY(("P(server_private_address:%s)\n", $2)); if(!cfg_strlist_insert(&cfg_parser->cfg->private_address, $2)) yyerror("out of memory"); } ; server_private_domain: VAR_PRIVATE_DOMAIN STRING_ARG { OUTYY(("P(server_private_domain:%s)\n", $2)); if(!cfg_strlist_insert(&cfg_parser->cfg->private_domain, $2)) yyerror("out of memory"); } ; server_prefetch: VAR_PREFETCH STRING_ARG { OUTYY(("P(server_prefetch:%s)\n", $2)); if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0) yyerror("expected yes or no."); else cfg_parser->cfg->prefetch = (strcmp($2, "yes")==0); free($2); } ; server_prefetch_key: VAR_PREFETCH_KEY STRING_ARG { OUTYY(("P(server_prefetch_key:%s)\n", $2)); if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0) yyerror("expected yes or no."); else cfg_parser->cfg->prefetch_key = (strcmp($2, "yes")==0); free($2); } ; server_unwanted_reply_threshold: VAR_UNWANTED_REPLY_THRESHOLD STRING_ARG { OUTYY(("P(server_unwanted_reply_threshold:%s)\n", $2)); if(atoi($2) == 0 && strcmp($2, "0") != 0) yyerror("number expected"); else cfg_parser->cfg->unwanted_threshold = atoi($2); free($2); } ; server_do_not_query_address: VAR_DO_NOT_QUERY_ADDRESS STRING_ARG { OUTYY(("P(server_do_not_query_address:%s)\n", $2)); if(!cfg_strlist_insert(&cfg_parser->cfg->donotqueryaddrs, $2)) yyerror("out of memory"); } ; server_do_not_query_localhost: VAR_DO_NOT_QUERY_LOCALHOST STRING_ARG { OUTYY(("P(server_do_not_query_localhost:%s)\n", $2)); if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0) yyerror("expected yes or no."); else cfg_parser->cfg->donotquery_localhost = (strcmp($2, "yes")==0); free($2); } ; server_access_control: VAR_ACCESS_CONTROL STRING_ARG STRING_ARG { OUTYY(("P(server_access_control:%s %s)\n", $2, $3)); if(strcmp($3, "deny")!=0 && strcmp($3, "refuse")!=0 && strcmp($3, "deny_non_local")!=0 && strcmp($3, "refuse_non_local")!=0 && strcmp($3, "allow")!=0 && strcmp($3, "allow_snoop")!=0) { yyerror("expected deny, refuse, deny_non_local, " "refuse_non_local, allow or allow_snoop " "in access control action"); } else { if(!cfg_str2list_insert(&cfg_parser->cfg->acls, $2, $3)) fatal_exit("out of memory adding acl"); } } ; server_module_conf: VAR_MODULE_CONF STRING_ARG { OUTYY(("P(server_module_conf:%s)\n", $2)); free(cfg_parser->cfg->module_conf); cfg_parser->cfg->module_conf = $2; } ; server_val_override_date: VAR_VAL_OVERRIDE_DATE STRING_ARG { OUTYY(("P(server_val_override_date:%s)\n", $2)); if(strlen($2) == 0 || strcmp($2, "0") == 0) { cfg_parser->cfg->val_date_override = 0; } else if(strlen($2) == 14) { cfg_parser->cfg->val_date_override = cfg_convert_timeval($2); if(!cfg_parser->cfg->val_date_override) yyerror("bad date/time specification"); } else { if(atoi($2) == 0) yyerror("number expected"); cfg_parser->cfg->val_date_override = atoi($2); } free($2); } ; server_val_sig_skew_min: VAR_VAL_SIG_SKEW_MIN STRING_ARG { OUTYY(("P(server_val_sig_skew_min:%s)\n", $2)); if(strlen($2) == 0 || strcmp($2, "0") == 0) { cfg_parser->cfg->val_sig_skew_min = 0; } else { cfg_parser->cfg->val_sig_skew_min = atoi($2); if(!cfg_parser->cfg->val_sig_skew_min) yyerror("number expected"); } free($2); } ; server_val_sig_skew_max: VAR_VAL_SIG_SKEW_MAX STRING_ARG { OUTYY(("P(server_val_sig_skew_max:%s)\n", $2)); if(strlen($2) == 0 || strcmp($2, "0") == 0) { cfg_parser->cfg->val_sig_skew_max = 0; } else { cfg_parser->cfg->val_sig_skew_max = atoi($2); if(!cfg_parser->cfg->val_sig_skew_max) yyerror("number expected"); } free($2); } ; server_cache_max_ttl: VAR_CACHE_MAX_TTL STRING_ARG { OUTYY(("P(server_cache_max_ttl:%s)\n", $2)); if(atoi($2) == 0 && strcmp($2, "0") != 0) yyerror("number expected"); else cfg_parser->cfg->max_ttl = atoi($2); free($2); } ; server_cache_min_ttl: VAR_CACHE_MIN_TTL STRING_ARG { OUTYY(("P(server_cache_min_ttl:%s)\n", $2)); if(atoi($2) == 0 && strcmp($2, "0") != 0) yyerror("number expected"); else cfg_parser->cfg->min_ttl = atoi($2); free($2); } ; server_bogus_ttl: VAR_BOGUS_TTL STRING_ARG { OUTYY(("P(server_bogus_ttl:%s)\n", $2)); if(atoi($2) == 0 && strcmp($2, "0") != 0) yyerror("number expected"); else cfg_parser->cfg->bogus_ttl = atoi($2); free($2); } ; server_val_clean_additional: VAR_VAL_CLEAN_ADDITIONAL STRING_ARG { OUTYY(("P(server_val_clean_additional:%s)\n", $2)); if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0) yyerror("expected yes or no."); else cfg_parser->cfg->val_clean_additional = (strcmp($2, "yes")==0); free($2); } ; server_val_permissive_mode: VAR_VAL_PERMISSIVE_MODE STRING_ARG { OUTYY(("P(server_val_permissive_mode:%s)\n", $2)); if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0) yyerror("expected yes or no."); else cfg_parser->cfg->val_permissive_mode = (strcmp($2, "yes")==0); free($2); } ; server_ignore_cd_flag: VAR_IGNORE_CD_FLAG STRING_ARG { OUTYY(("P(server_ignore_cd_flag:%s)\n", $2)); if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0) yyerror("expected yes or no."); else cfg_parser->cfg->ignore_cd = (strcmp($2, "yes")==0); free($2); } ; server_val_log_level: VAR_VAL_LOG_LEVEL STRING_ARG { OUTYY(("P(server_val_log_level:%s)\n", $2)); if(atoi($2) == 0 && strcmp($2, "0") != 0) yyerror("number expected"); else cfg_parser->cfg->val_log_level = atoi($2); free($2); } ; server_val_nsec3_keysize_iterations: VAR_VAL_NSEC3_KEYSIZE_ITERATIONS STRING_ARG { OUTYY(("P(server_val_nsec3_keysize_iterations:%s)\n", $2)); free(cfg_parser->cfg->val_nsec3_key_iterations); cfg_parser->cfg->val_nsec3_key_iterations = $2; } ; server_add_holddown: VAR_ADD_HOLDDOWN STRING_ARG { OUTYY(("P(server_add_holddown:%s)\n", $2)); if(atoi($2) == 0 && strcmp($2, "0") != 0) yyerror("number expected"); else cfg_parser->cfg->add_holddown = atoi($2); free($2); } ; server_del_holddown: VAR_DEL_HOLDDOWN STRING_ARG { OUTYY(("P(server_del_holddown:%s)\n", $2)); if(atoi($2) == 0 && strcmp($2, "0") != 0) yyerror("number expected"); else cfg_parser->cfg->del_holddown = atoi($2); free($2); } ; server_keep_missing: VAR_KEEP_MISSING STRING_ARG { OUTYY(("P(server_keep_missing:%s)\n", $2)); if(atoi($2) == 0 && strcmp($2, "0") != 0) yyerror("number expected"); else cfg_parser->cfg->keep_missing = atoi($2); free($2); } ; server_key_cache_size: VAR_KEY_CACHE_SIZE STRING_ARG { OUTYY(("P(server_key_cache_size:%s)\n", $2)); if(!cfg_parse_memsize($2, &cfg_parser->cfg->key_cache_size)) yyerror("memory size expected"); free($2); } ; server_key_cache_slabs: VAR_KEY_CACHE_SLABS STRING_ARG { OUTYY(("P(server_key_cache_slabs:%s)\n", $2)); if(atoi($2) == 0) yyerror("number expected"); else { cfg_parser->cfg->key_cache_slabs = atoi($2); if(!is_pow2(cfg_parser->cfg->key_cache_slabs)) yyerror("must be a power of 2"); } free($2); } ; server_neg_cache_size: VAR_NEG_CACHE_SIZE STRING_ARG { OUTYY(("P(server_neg_cache_size:%s)\n", $2)); if(!cfg_parse_memsize($2, &cfg_parser->cfg->neg_cache_size)) yyerror("memory size expected"); free($2); } ; server_local_zone: VAR_LOCAL_ZONE STRING_ARG STRING_ARG { OUTYY(("P(server_local_zone:%s %s)\n", $2, $3)); if(strcmp($3, "static")!=0 && strcmp($3, "deny")!=0 && strcmp($3, "refuse")!=0 && strcmp($3, "redirect")!=0 && strcmp($3, "transparent")!=0 && strcmp($3, "nodefault")!=0 && strcmp($3, "typetransparent")!=0) yyerror("local-zone type: expected static, deny, " "refuse, redirect, transparent, " "typetransparent or nodefault"); else if(strcmp($3, "nodefault")==0) { if(!cfg_strlist_insert(&cfg_parser->cfg-> local_zones_nodefault, $2)) fatal_exit("out of memory adding local-zone"); free($3); } else { if(!cfg_str2list_insert(&cfg_parser->cfg->local_zones, $2, $3)) fatal_exit("out of memory adding local-zone"); } } ; server_local_data: VAR_LOCAL_DATA STRING_ARG { OUTYY(("P(server_local_data:%s)\n", $2)); if(!cfg_strlist_insert(&cfg_parser->cfg->local_data, $2)) fatal_exit("out of memory adding local-data"); } ; server_local_data_ptr: VAR_LOCAL_DATA_PTR STRING_ARG { char* ptr; OUTYY(("P(server_local_data_ptr:%s)\n", $2)); ptr = cfg_ptr_reverse($2); free($2); if(ptr) { if(!cfg_strlist_insert(&cfg_parser->cfg-> local_data, ptr)) fatal_exit("out of memory adding local-data"); } else { yyerror("local-data-ptr could not be reversed"); } } ; server_minimal_responses: VAR_MINIMAL_RESPONSES STRING_ARG { OUTYY(("P(server_minimal_responses:%s)\n", $2)); if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0) yyerror("expected yes or no."); else cfg_parser->cfg->minimal_responses = (strcmp($2, "yes")==0); free($2); } ; server_rrset_roundrobin: VAR_RRSET_ROUNDROBIN STRING_ARG { OUTYY(("P(server_rrset_roundrobin:%s)\n", $2)); if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0) yyerror("expected yes or no."); else cfg_parser->cfg->rrset_roundrobin = (strcmp($2, "yes")==0); free($2); } ; server_max_udp_size: VAR_MAX_UDP_SIZE STRING_ARG { OUTYY(("P(server_max_udp_size:%s)\n", $2)); cfg_parser->cfg->max_udp_size = atoi($2); free($2); } ; stub_name: VAR_NAME STRING_ARG { OUTYY(("P(name:%s)\n", $2)); if(cfg_parser->cfg->stubs->name) yyerror("stub name override, there must be one name " "for one stub-zone"); free(cfg_parser->cfg->stubs->name); cfg_parser->cfg->stubs->name = $2; } ; stub_host: VAR_STUB_HOST STRING_ARG { OUTYY(("P(stub-host:%s)\n", $2)); if(!cfg_strlist_insert(&cfg_parser->cfg->stubs->hosts, $2)) yyerror("out of memory"); } ; stub_addr: VAR_STUB_ADDR STRING_ARG { OUTYY(("P(stub-addr:%s)\n", $2)); if(!cfg_strlist_insert(&cfg_parser->cfg->stubs->addrs, $2)) yyerror("out of memory"); } ; stub_first: VAR_STUB_FIRST STRING_ARG { OUTYY(("P(stub-first:%s)\n", $2)); if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0) yyerror("expected yes or no."); else cfg_parser->cfg->stubs->isfirst=(strcmp($2, "yes")==0); free($2); } ; stub_prime: VAR_STUB_PRIME STRING_ARG { OUTYY(("P(stub-prime:%s)\n", $2)); if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0) yyerror("expected yes or no."); else cfg_parser->cfg->stubs->isprime = (strcmp($2, "yes")==0); free($2); } ; forward_name: VAR_NAME STRING_ARG { OUTYY(("P(name:%s)\n", $2)); if(cfg_parser->cfg->forwards->name) yyerror("forward name override, there must be one " "name for one forward-zone"); free(cfg_parser->cfg->forwards->name); cfg_parser->cfg->forwards->name = $2; } ; forward_host: VAR_FORWARD_HOST STRING_ARG { OUTYY(("P(forward-host:%s)\n", $2)); if(!cfg_strlist_insert(&cfg_parser->cfg->forwards->hosts, $2)) yyerror("out of memory"); } ; forward_addr: VAR_FORWARD_ADDR STRING_ARG { OUTYY(("P(forward-addr:%s)\n", $2)); if(!cfg_strlist_insert(&cfg_parser->cfg->forwards->addrs, $2)) yyerror("out of memory"); } ; forward_first: VAR_FORWARD_FIRST STRING_ARG { OUTYY(("P(forward-first:%s)\n", $2)); if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0) yyerror("expected yes or no."); else cfg_parser->cfg->forwards->isfirst=(strcmp($2, "yes")==0); free($2); } ; rcstart: VAR_REMOTE_CONTROL { OUTYY(("\nP(remote-control:)\n")); } ; contents_rc: contents_rc content_rc | ; content_rc: rc_control_enable | rc_control_interface | rc_control_port | rc_server_key_file | rc_server_cert_file | rc_control_key_file | rc_control_cert_file ; rc_control_enable: VAR_CONTROL_ENABLE STRING_ARG { OUTYY(("P(control_enable:%s)\n", $2)); if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0) yyerror("expected yes or no."); else cfg_parser->cfg->remote_control_enable = (strcmp($2, "yes")==0); free($2); } ; rc_control_port: VAR_CONTROL_PORT STRING_ARG { OUTYY(("P(control_port:%s)\n", $2)); if(atoi($2) == 0) yyerror("control port number expected"); else cfg_parser->cfg->control_port = atoi($2); free($2); } ; rc_control_interface: VAR_CONTROL_INTERFACE STRING_ARG { OUTYY(("P(control_interface:%s)\n", $2)); if(!cfg_strlist_insert(&cfg_parser->cfg->control_ifs, $2)) yyerror("out of memory"); } ; rc_server_key_file: VAR_SERVER_KEY_FILE STRING_ARG { OUTYY(("P(rc_server_key_file:%s)\n", $2)); free(cfg_parser->cfg->server_key_file); cfg_parser->cfg->server_key_file = $2; } ; rc_server_cert_file: VAR_SERVER_CERT_FILE STRING_ARG { OUTYY(("P(rc_server_cert_file:%s)\n", $2)); free(cfg_parser->cfg->server_cert_file); cfg_parser->cfg->server_cert_file = $2; } ; rc_control_key_file: VAR_CONTROL_KEY_FILE STRING_ARG { OUTYY(("P(rc_control_key_file:%s)\n", $2)); free(cfg_parser->cfg->control_key_file); cfg_parser->cfg->control_key_file = $2; } ; rc_control_cert_file: VAR_CONTROL_CERT_FILE STRING_ARG { OUTYY(("P(rc_control_cert_file:%s)\n", $2)); free(cfg_parser->cfg->control_cert_file); cfg_parser->cfg->control_cert_file = $2; } ; pythonstart: VAR_PYTHON { OUTYY(("\nP(python:)\n")); } ; contents_py: contents_py content_py | ; content_py: py_script ; py_script: VAR_PYTHON_SCRIPT STRING_ARG { OUTYY(("P(python-script:%s)\n", $2)); free(cfg_parser->cfg->python_script); cfg_parser->cfg->python_script = $2; } %% /* parse helper routines could be here */